基于PHP的Shell 管理Web服务器的源码(执行命令以及浏览文件).zip

<?php // -*- coding: utf-8 -*- define('PHPSHELL_VERSION', '2.4'); /* ************************************************************** * PHP Shell * ************************************************************** PHP Shell is an interactive PHP script that will execute any command entered. See the files README, INSTALL, and SECURITY or http://phpshell.sourceforge.net/ for further information. Copyright (C) 2000-2012 the Phpshell-team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You can get a copy of the GNU General Public License from this address: http://www.gnu.org/copyleft/gpl.html#SEC1 You can also write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* There are no user-configurable settings in this file anymore, please see * config.php instead. */ header("Content-Type: text/html; charset=utf-8"); /* This error handler will turn all notices, warnings, and errors into fatal * errors, unless they have been suppressed with the @-operator. */ function error_handler($errno, $errstr, $errfile, $errline, $errcontext) { /* The @-operator (used with chdir() below) temporarely makes * error_reporting() return zero, and we don't want to die in that case. * We do note the error in the output, though. */ if (error_reporting() == 0) { $_SESSION['output'] .= $errstr . "\n"; } else { die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>PHP Shell ' . PHPSHELL_VERSION . '</title> <meta http-equiv="Content-Script-Type" content="text/javascript"> <meta http-equiv="Content-Style-Type" content="text/css"> <meta name="generator" content="phpshell"> <link rel="shortcut icon" type="image/x-icon" href="phpshell.ico"> <link rel="stylesheet" href="style.css" type="text/css"> </head> <body> <h1>Fatal Error!</h1> <p><b>' . $errstr . '</b></p> <p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p> <hr> <p>Please consult the <a href="README">README</a>, <a href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for instruction on how to use PHP Shell.</p> <hr> <address> Copyright &copy; 2000&ndash;2012, the Phpshell-team. Get the latest version at <a href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>. </address> </body> </html>'); } } /* Installing our error handler makes PHP die on even the slightest problem. * This is what we want in a security critical application like this. */ set_error_handler('error_handler'); function logout() { /* Empty the session data, except for the 'authenticated' entry which the * rest of the code needs to be able to check. */ $_SESSION = array('authenticated' => false); /* Unset the client's cookie, if it has one. */ // if (isset($_COOKIE[session_name()])) // setcookie(session_name(), '', time()-42000, '/'); /* Destroy the session data on the server. This prevents the simple * replay attack where one uses the back button to re-authenticate using * the old POST data since the server wont know the session then. */ // session_destroy(); } /* Clear screen */ function clearscreen() { $_SESSION['output'] = ''; } function stripslashes_deep($value) { if (is_array($value)) { return array_map('stripslashes_deep', $value); } else { return stripslashes($value); } } if (get_magic_quotes_gpc()) { $_POST = stripslashes_deep($_POST); } /* Initialize some variables we need again and again. */ $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $nounce = isset($_POST['nounce']) ? $_POST['nounce'] : ''; $command = isset($_POST['command']) ? $_POST['command'] : ''; $rows = isset($_POST['rows']) ? $_POST['rows'] : 24; $columns = isset($_POST['columns']) ? $_POST['columns'] : 80; if (!preg_match('/^[[:digit:]]+$/', $rows)) { $rows=24 ; } if (!preg_match('/^[[:digit:]]+$/', $columns)) { $columns=80 ; } /* Load the configuration. */ $ini = parse_ini_file('config.php', true); if (empty($ini['settings'])) { $ini['settings'] = array(); } /* Default settings --- these settings should always be set to something. */ $default_settings = array('home-directory' => '.', 'PS1' => '$ '); $showeditor = false; /* Merge settings. */ $ini['settings'] = array_merge($default_settings, $ini['settings']); session_start(); /* Delete the session data if the user requested a logout. This leaves * the session cookie at the user, but this is not important since we * authenticates on $_SESSION['authenticated']. */ if (isset($_POST['logout'])) { logout(); } /* Clear screen if submitted */ if (isset($_POST['clear'])) { clearscreen(); } /* Attempt authentication. */ if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce'] && isset($ini['users'][$username]) ) { if (strchr($ini['users'][$username], ':') === false) { // No seperator found, assume this is a password in clear text. $_SESSION['authenticated'] = ($ini['users'][$username] == $password); } else { list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]); $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash); } } /* Enforce default non-authenticated state if the above code didn't set it * already. */ if (!isset($_SESSION['authenticated'])) { $_SESSION['authenticated'] = false; } if ($_SESSION['authenticated']) { /* Initialize the session variables. */ if (empty($_SESSION['cwd'])) { $_SESSION['cwd'] = realpath($ini['settings']['home-directory']); $_SESSION['history'] = array(); $_SESSION['output'] = ''; } /* Clicked on one of the subdirectory links - ignore the command */ if (isset($_POST['levelup'])) { $levelup = $_POST['levelup'] ; while ($levelup > 0) { $command = '' ; /* ignore the command */ $_SESSION['cwd'] = dirname($_SESSION['cwd']); $levelup -- ; } } /* Selected a new subdirectory as working directory - ignore the command */ if (isset($_POST['changedirectory'])) { $changedir= $_POST['changedirectory']; if (strlen($changedir) > 0) { if (@chdir($_SESSION['cwd'] . '/' . $changedir)) { $command = '' ; /* ignore the command */ $_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir); } } } if (isset($_FILES['uploadfile']['tmp_name'])) { if (is_uploaded_file($_FILES['uploadfile']['tmp_name'])) { if (!move_uploaded_file($_FILES['uploadfile']['tmp_name'], $_SESSION['cwd'] . '/' . $_FILES['uploadfile']['name'])) { echo "CANNOT MOVE {$_FILES['uploadfile']['name']}" ; } } } /* Save content from 'editor' */ if (isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) { $filetoedit_handle = fopen($_POST["filetoedit"], "w"); fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"])); fclose($filetoedit_handle); } if (!empty($command)) { /* Save the command for late use in the JavaScript. If the command is * already in the history, then the old entry is removed before t