PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]); }catch(PDOException $e){ die('No Connection to MySQL database!'); } session_start(); $user=check_login(); if(!empty($_POST['ftp_pass'])){ $_SESSION['ftp_pass']=$_POST['ftp_pass']; } if(empty($_SESSION['ftp_pass'])){ send_login(); exit; } $ftp=ftp_connect('127.0.0.1') or die ('No Connection to FTP server!'); if(@!ftp_login($ftp, $user[system_account], $_SESSION['ftp_pass'])){ send_login(); exit; } //prepare reusable data const SUFFIX=['B', 'KiB', 'MiB', 'GiB']; const TYPES=[ 'jpg'=>'img', 'psd'=>'img', 'jpeg'=>'img', 'png'=>'img', 'svg'=>'img', 'gif'=>'img', 'bmp'=>'img', 'ico'=>'img', 'm4v'=>'vid', 'webm'=>'vid', 'avi'=>'vid', 'flv'=>'vid', 'mpg'=>'vid', 'mpeg'=>'vid', 'wmv'=>'vid', 'ogm'=>'vid', 'ogv'=>'vid', 'mp4'=>'vid', 'mov'=>'vid', '3gp'=>'vid', 'm4a'=>'snd', 'mp3'=>'snd', 'flac'=>'snd', 'ogg'=>'snd', 'oga'=>'snd', 'wav'=>'snd', 'wma'=>'snd', 'bin'=>'bin', 'exe'=>'bin', 'tgz'=>'zip', 'gz'=>'zip', 'zip'=>'zip', 'bz'=>'zip', 'bz2'=>'zip', 'xz'=>'zip', 'rar'=>'zip', 'tar'=>'zip', '7z'=>'zip', 'xlsx'=>'doc', 'xsl'=>'doc', 'xml'=>'doc', 'doc'=>'doc', 'docx'=>'doc', 'css'=>'doc', 'html'=>'doc', 'htm'=>'doc', 'shtml'=>'doc', 'pdf'=>'doc', 'mobi'=>'doc', 'epub'=>'doc', 'odt'=>'doc', 'ods'=>'doc', 'odp'=>'doc', 'txt'=>'txt', 'csv'=>'txt', 'md'=>'txt', 'sh'=>'sh', 'js'=>'sh', 'pl'=>'sh', 'py'=>'sh', 'php'=>'sh', 'phtml'=>'sh', 'asp'=>'sh', ]; if(!isset($_REQUEST['C']) || !in_array($_REQUEST['C'], array('M', 'N', 'S'))){ $sort='N'; }else{ $sort=$_REQUEST['C']; } if(!isset($_REQUEST['O']) || !in_array($_REQUEST['O'], array('A', 'D'))){ $order='A'; }else{ $order=$_REQUEST['O']; } if(!empty($_REQUEST['path'])){ $dir='/'.trim(rawurldecode($_REQUEST['path']),'/').'/'; $dir=str_replace('..', '\.\.', $dir); $dir=preg_replace('~//+~', '/', $dir); }else{ $dir='/www/'; } if(@!ftp_chdir($ftp, $dir)){ $dir=rtrim($dir, '/'); if(@ftp_fget($ftp, $tmpfile=tmpfile(), $dir, FTP_BINARY)){ //output file header('Content-Type: ' . mime_content_type($tmpfile)); header('Content-Disposition: filename="'.basename($dir).'"'); header('Content-Length: ' . fstat($tmpfile)['size']); header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0, private'); header('Expires: 0'); header('Pragma: no-cache'); rewind($tmpfile); while (($buffer = fgets($tmpfile, 4096)) !== false) { echo $buffer; } }else{ send_not_found(); } fclose($tmpfile); exit; } if(!empty($_POST['mkdir']) && !empty($_POST['name'])){ if($error=check_csrf_error()){ die($error); } ftp_mkdir($ftp, $_POST['name']); } if(!empty($_POST['mkfile']) && !empty($_POST['name'])){ if($error=check_csrf_error()){ die($error); } $tmpfile='/tmp/'.uniqid(); touch($tmpfile); ftp_put($ftp, $_POST['name'], $tmpfile, FTP_BINARY); unlink($tmpfile); } if(!empty($_POST['delete']) && !empty($_POST['files'])){ if($error=check_csrf_error()){ die($error); } foreach($_POST['files'] as $file){ ftp_recursive_delete($ftp, $file); } } if(!empty($_POST['rename_2']) && !empty($_POST['files'])){ if($error=check_csrf_error()){ die($error); } foreach($_POST['files'] as $old=>$new){ ftp_rename($ftp, $old, $new); } } if(!empty($_POST['rename']) && !empty($_POST['files'])){ if($error=check_csrf_error()){ die($error); } send_rename($dir); exit; } if(!empty($_POST['edit_2']) && !empty($_POST['files'])){ if($error=check_csrf_error()){ die($error); } $tmpfile='/tmp/'.uniqid(); foreach($_POST['files'] as $name=>$content){ file_put_contents($tmpfile, $content); ftp_put($ftp, $name, $tmpfile, FTP_BINARY); } unlink($tmpfile); } if(!empty($_POST['edit']) && !empty($_POST['files'])){ if($error=check_csrf_error()){ die($error); } send_edit($ftp, $dir); exit; } if(!empty($_POST['unzip']) && !empty($_POST['files'])){ if($error=check_csrf_error()){ die($error); } $zip = new ZipArchive(); foreach($_POST['files'] as $file){ if(!preg_match('/\.zip$/', $file)){ continue; } $tmpfile='/tmp/'.uniqid().'.zip'; if(!ftp_get($ftp, $tmpfile, $file, FTP_BINARY)){ continue; } //prevent zip-bombs $size=0; $resource=zip_open($tmpfile); if(!is_resource($resource)){ unlink($tmpfile); continue; } while($dir_resource=zip_read($resource)) { $size+=zip_entry_filesize($dir_resource); } zip_close($resource); if($size<=1073741824){ //1GB limit $zip->open($tmpfile); $tmpdir='/tmp/'.uniqid().'/'; mkdir($tmpdir); $zip->extractTo($tmpdir); ftp_recursive_upload($ftp, $tmpdir); rmdir($tmpdir); $zip->close(); } unlink($tmpfile); } } if(!empty($_FILES['files'])){ if($error=check_csrf_error()){ die($error); } $c=count($_FILES['files']['name']); for($i=0; $i<$c; ++$i){ if($_FILES['files']['error'][$i]===UPLOAD_ERR_OK){ ftp_put($ftp, $dir.$_FILES['files']['name'][$i], $_FILES['files']['tmp_name'][$i], FTP_BINARY); unlink($_FILES['files']['tmp_name'][$i]); } } } $files=$dirs=[]; $list=ftp_rawlist($ftp, '.'); foreach($list as $file){ preg_match('/^([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)\s+(.*)$/', $file, $match); if($match[0][0]==='d'){ $dirs[$match[9]]=['name'=>"$match[9]/", 'mtime'=>strtotime("$match[6] $match[7] $match[8]"), 'size'=>'-']; }else{ $files[$match[9]]=['name'=>$match[9], 'mtime'=>ftp_mdtm($ftp, $match[9]), 'size'=>$match[5]]; } } //sort our files if($sort==='M'){ $list=array_merge($dirs, $files); usort($list, function($a, $b) { if ($a['mtime'] === $b['mtime']) { return 0; } return ($a['mtime'] < $b['mtime']) ? -1 : 1; }); }elseif($sort==='S'){ ksort($dirs, SORT_STRING | SORT_FLAG_CASE); usort($files, function($a, $b) { if ($a['size'] === $b['size']) { return 0; } return ($a['size'] < $b['size']) ? -1 : 1; }); $list=array_merge($dirs, $files); }else{ $list=array_merge($dirs, $files); ksort($list, SORT_STRING | SORT_FLAG_CASE); } //order correctly if($order==='D'){ $list=array_reverse($list); } $dir=htmlspecialchars($dir); ?> Daniel's Hosting - FileManager - Index of <?php echo $dir; ?>

Index of

Upload up to 1GB and up to 100 files at once





"; } ?>
File Last Modified Size
">Parent Directory
'.htmlspecialchars($element['name']).''.date("Y-m-d H:i", $element['mtime'])."$element[size]


'; echo '404 Not Found'; echo ''; echo ''; echo ''; echo '

The requested file '.htmlspecialchars($_REQUEST['path']).' was not found on your account.

'; echo '

Go back to home directory.

'; echo ''; } function send_login(){ echo ''; echo 'Daniel\'s Hosting - FileManager - Login'; echo ''; echo ''; echo ''; echo '

Please type in your system account password:

'; echo '

Go back to dashboard.

'; echo ''; } function ftp_recursive_upload($ftp, $path){ $dir = dir($path); while(($file = $dir->read()) !== false) { if(is_dir($dir->path.$file)) { if($file === '.' || $file === '..'){ continue; } if(@!ftp_chdir($ftp, $file)){ ftp_mkdir($ftp, $file); ftp_chdir($ftp, $file); } ftp_recursive_upload($ftp, $dir->path.$file.'/'); ftp_chdir($ftp, '..'); rmdir($dir->path.$file); }else{ ftp_put($ftp, $file, $dir->path.$file, FTP_BINARY); unlink($dir->path.$file); } } $dir->close(); } function ftp_recursive_delete($ftp, $file){ if(@ftp_chdir($ftp, $file)){ if($list = ftp_nlist($ftp, '.')){ foreach($list as $tmp){ ftp_recursive_delete($ftp, $tmp); } } ftp_chdir($ftp, '..'); ftp_rmdir($ftp, $file); }else{ ftp_delete($ftp, $file); } } function send_rename($dir){ echo ''; echo 'Daniel\'s Hosting - FileManager - Rename file'; echo ''; echo ''; echo ''; echo '
'; echo ''; echo ''; echo ''; foreach($_POST['files'] as $file){ echo ''; } echo '
'.htmlspecialchars($file).'
'; echo '
'; echo '

Go back.

'; echo ''; } function send_edit($ftp, $dir){ echo ''; echo 'Daniel\'s Hosting - FileManager - Edit file'; echo ''; echo ''; echo ''; echo '
'; echo ''; echo ''; echo ''; $tmpfile='/tmp/'.uniqid(); foreach($_POST['files'] as $file){ echo ''; } if(file_exists($tmpfile)){ unlink($tmpfile); } echo '
'.htmlspecialchars($file).'
'; echo '
'; echo '

Go back.

'; echo ''; }