<?php // -*- coding: utf-8 -*-
define('PHPSHELL_VERSION', '2.4');
/*
**************************************************************
* PHP Shell *
**************************************************************
PHP Shell is an interactive PHP script that will execute any command
entered. See the files README, INSTALL, and SECURITY or
http://phpshell.sourceforge.net/ for further information.
Copyright (C) 2000-2012 the Phpshell-team
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You can get a copy of the GNU General Public License from this
address: http://www.gnu.org/copyleft/gpl.html#SEC1
You can also write to the Free Software Foundation, Inc., 59 Temple
Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* There are no user-configurable settings in this file anymore, please see
* config.php instead. */
header("Content-Type: text/html; charset=utf-8");
/* This error handler will turn all notices, warnings, and errors into fatal
* errors, unless they have been suppressed with the @-operator. */
function error_handler($errno, $errstr, $errfile, $errline, $errcontext)
{
/* The @-operator (used with chdir() below) temporarely makes
* error_reporting() return zero, and we don't want to die in that case.
* We do note the error in the output, though. */
if (error_reporting() == 0) {
$_SESSION['output'] .= $errstr . "\n";
} else {
die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>PHP Shell ' . PHPSHELL_VERSION . '</title>
<meta http-equiv="Content-Script-Type" content="text/javascript">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta name="generator" content="phpshell">
<link rel="shortcut icon" type="image/x-icon" href="phpshell.ico">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<h1>Fatal Error!</h1>
<p><b>' . $errstr . '</b></p>
<p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p>
<hr>
<p>Please consult the <a href="README">README</a>, <a
href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
instruction on how to use PHP Shell.</p>
<hr>
<address>
Copyright © 2000–2012, the Phpshell-team. Get the latest
version at <a
href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
</address>
</body>
</html>');
}
}
/* Installing our error handler makes PHP die on even the slightest problem.
* This is what we want in a security critical application like this. */
set_error_handler('error_handler');
function logout()
{
/* Empty the session data, except for the 'authenticated' entry which the
* rest of the code needs to be able to check. */
$_SESSION = array('authenticated' => false);
/* Unset the client's cookie, if it has one. */
// if (isset($_COOKIE[session_name()]))
// setcookie(session_name(), '', time()-42000, '/');
/* Destroy the session data on the server. This prevents the simple
* replay attack where one uses the back button to re-authenticate using
* the old POST data since the server wont know the session then. */
// session_destroy();
}
/* Clear screen */
function clearscreen()
{
$_SESSION['output'] = '';
}
function stripslashes_deep($value)
{
if (is_array($value)) {
return array_map('stripslashes_deep', $value);
} else {
return stripslashes($value);
}
}
if (get_magic_quotes_gpc()) {
$_POST = stripslashes_deep($_POST);
}
/* Initialize some variables we need again and again. */
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$nounce = isset($_POST['nounce']) ? $_POST['nounce'] : '';
$command = isset($_POST['command']) ? $_POST['command'] : '';
$rows = isset($_POST['rows']) ? $_POST['rows'] : 24;
$columns = isset($_POST['columns']) ? $_POST['columns'] : 80;
if (!preg_match('/^[[:digit:]]+$/', $rows)) {
$rows=24 ;
}
if (!preg_match('/^[[:digit:]]+$/', $columns)) {
$columns=80 ;
}
/* Load the configuration. */
$ini = parse_ini_file('config.php', true);
if (empty($ini['settings'])) {
$ini['settings'] = array();
}
/* Default settings --- these settings should always be set to something. */
$default_settings = array('home-directory' => '.',
'PS1' => '$ ');
$showeditor = false;
/* Merge settings. */
$ini['settings'] = array_merge($default_settings, $ini['settings']);
session_start();
/* Delete the session data if the user requested a logout. This leaves
* the session cookie at the user, but this is not important since we
* authenticates on $_SESSION['authenticated']. */
if (isset($_POST['logout'])) {
logout();
}
/* Clear screen if submitted */
if (isset($_POST['clear'])) {
clearscreen();
}
/* Attempt authentication. */
if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce']
&& isset($ini['users'][$username])
) {
if (strchr($ini['users'][$username], ':') === false) {
// No seperator found, assume this is a password in clear text.
$_SESSION['authenticated'] = ($ini['users'][$username] == $password);
} else {
list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]);
$_SESSION['authenticated'] = ($fkt($salt . $password) == $hash);
}
}
/* Enforce default non-authenticated state if the above code didn't set it
* already. */
if (!isset($_SESSION['authenticated'])) {
$_SESSION['authenticated'] = false;
}
if ($_SESSION['authenticated']) {
/* Initialize the session variables. */
if (empty($_SESSION['cwd'])) {
$_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
/* Clicked on one of the subdirectory links - ignore the command */
if (isset($_POST['levelup'])) {
$levelup = $_POST['levelup'] ;
while ($levelup > 0) {
$command = '' ; /* ignore the command */
$_SESSION['cwd'] = dirname($_SESSION['cwd']);
$levelup -- ;
}
}
/* Selected a new subdirectory as working directory - ignore the command */
if (isset($_POST['changedirectory'])) {
$changedir= $_POST['changedirectory'];
if (strlen($changedir) > 0) {
if (@chdir($_SESSION['cwd'] . '/' . $changedir)) {
$command = '' ; /* ignore the command */
$_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir);
}
}
}
if (isset($_FILES['uploadfile']['tmp_name'])) {
if (is_uploaded_file($_FILES['uploadfile']['tmp_name'])) {
if (!move_uploaded_file($_FILES['uploadfile']['tmp_name'], $_SESSION['cwd'] . '/' . $_FILES['uploadfile']['name'])) {
echo "CANNOT MOVE {$_FILES['uploadfile']['name']}" ;
}
}
}
/* Save content from 'editor' */
if (isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) {
$filetoedit_handle = fopen($_POST["filetoedit"], "w");
fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"]));
fclose($filetoedit_handle);
}
if (!empty($command)) {
/* Save the command for late use in the JavaScript. If the command is
* already in the history, then the old entry is removed before t
没有合适的资源?快使用搜索试试~ 我知道了~
基于PHP的Shell 管理Web服务器的源码(执行命令以及浏览文件).zip
共11个文件
php:3个
security:1个
readme:1个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 143 浏览量
2023-07-22
08:50:03
上传
评论
收藏 30KB ZIP 举报
温馨提示
基于PHP的Shell 管理Web服务器的源码(执行命令以及浏览文件).zip
资源推荐
资源详情
资源评论
收起资源包目录
基于PHP的Shell 管理Web服务器的源码(执行命令以及浏览文件).zip (11个子文件)
132696312286134212
phpshell-2.4
style.css 1KB
ChangeLog 7KB
phpshell.ico 318B
README 6KB
config.php 2KB
AUTHORS 1KB
SECURITY 6KB
INSTALL 4KB
phpshell.php 23KB
COPYING 18KB
pwhash.php 3KB
共 11 条
- 1
资源评论
助力毕业
- 粉丝: 2175
- 资源: 5126
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功