Добавлено: 09/03/04 в 17:59

<?

if (!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"WEBADM\"");
Header("HTTP/1.0 401 Unauthorized");
echo "<h1>Authentication required!<br> Ya in da forbidden zone motherfucker!\n</h1>";
exit;
} else {
if (!( ($PHP_AUTH_USER == "admin") && ($PHP_AUTH_PW == "admin")) ){
Header("WWW-Authenticate: Basic realm=\"WEBADM\"");
Header("HTTP/1.0 401 Unauthorized");
echo "<h1>Authentication required!<br> Ya in da forbidden zone motherfucker!\n</h1>";
exit;

}}
?>
<style>
td {
font-family: sans-serif, verdana, tahoma, arial;
font-size:10px;
}
input,textarea {
border: 0px solid #EFEFEF;
font-family: sans-serif, verdana, tahoma, arial;
font-size:10px;
background-color: #D1D1D1;
height: 18px;
padding-left:5px;
}
.brd {
border: 1px solid #C5C5C5;
background-color: #FFFFFF;
}
textarea {
font-size:11px;
height: 180px;
}
.btn {
padding-left:5px;
padding-right:5px;
text-transform: capitalize;
}
.sm {
font-size:9px;
color: #999999;
}
.bg1 {
background-color: #FFFFFF;
}
.bg2 {
background-color: #EBEEF3;
}
.head td {
background-color: #204E95;
text-align: center;
color:#FFFFFF;
font-weight:bold;
}
.bg3, .bg3 td, .bg3 .sm {
background-color: #FF7300;
color:#FFFFFF;
}
.status {
border: 1px solid #C5C5C5;
font-family: verdana, tahoma, arial;
color: #666666;
}
</style>
<?
/////////////////////////////////////////////////
////////////// FUNCTION DEFINITION //////////////
/////////////////////////////////////////////////
if (!function_exists("file_get_contents")) {
function file_get_contents($filename, $use_include_path = 0) {
$data = ""; // just to be safe. Dunno, if this is really needed
$file = @fopen($filename, "rb", $use_include_path);
if ($file) {
while (!feof($file)) $data .= fread($file, 1024);
fclose($file);
}
return $data;
}
}

function g_time_e($name) {
$t = date("d/m/Y H:i:s",filemtime($root.$name));
//$t = date("d-m-Y",filectime($root.$name));
return $t;
}
function todo($tpl,$action) {
if($action == 'delete') {
$confirm = " onclick=\"javascript:if(confirm('&Ntilde;&ograve;&aring;&eth;&aring;&ograve;&uuml; &oslash;&agrave;&aacute;&euml;&icirc;&iacute; ".$tpl." ?')){this.form.submit()}else{return false;};\"";
}
$todo = "<form method=post action='".$_SERVER["PHP_SELF"]."'>
<td>
<input type=hidden name=tpl value='".$tpl."'>
<input type=hidden name=act value='".$action."'>
<input class='brd btn' type='submit' " . $confirm . " value='".$action."'>
</td>
</form>";
return $todo;
}


/**
* @return bool
* @param $filename string
* @param $relative bool
* @desc Validate filename
*/


function is_filename($filename=' ',$relative=0)
{
$allowed = '[wd]'.preg_quote("./_");

if (eregi('^WIN(.*)',PHP_OS))
$allowed .= preg_quote(':');

if ($relative && preg_match('%(..)|(/./)*%i',$filename))
return FALSE;

if (!eregi('[a-z]://(.*)',$filename))
return(!preg_match('%[^'.$allowed.'-]%i',$filename));

return FALSE;
}

/**
* @return bool
* @param $filename string
* @param $perms int
* @desc Create dummy file with defined permissions
*/

function file_create($filename=' ',$perms=0640)
{
if (is_filename($filename))
{
if (!file_exists($filename))
{
if (touch($filename)) return chmod($filename,$perms);
}
}
return false;
}




$root = $_SERVER["DOCUMENT_ROOT"]."tpl/";

$f_ext = ".php";
$act = $_POST["act"];
$tpl = $_POST["tpl"];
$current = $_POST["current"];
$backup_dir = $root."_backup/";
if(!is_dir($root)) {
echo "Setup Template DIR";
return false;
}

//print_r ($_REQUEST);

switch ($act) {
case ('save'):
if(!file_exists($backup_dir)) {
mkdir($backup_dir);
}
copy($root.$tpl, $backup_dir."_backup_".date(y.m.d_H.i.s)."__".$tpl);
// file_put_contents($root.$tpl, $current) ;
$fp = fopen( $root.$tpl, "w");
flock($fp, 3);
if (get_magic_quotes_gpc()) {
$current = stripslashes($current);
}
$current = str_replace("\r\n", "\n", $current);
fwrite($fp, $current);
flock($fp, 2);
fclose($fp);
$result = "File $tpl Saved" ;
break;

case ('edit'):

if(preg_match("/\//",$tpl)) {
echo "HACK ATTEMPT";
} else {
$f = file_get_contents($root.$tpl);
$html = "
<form method=post action=$PHP_SELF>
<input type=hidden name=tpl value='$tpl'>
<table border=0><tr><td>
<textarea class=brd name=current rows=15 cols=80>";
// for($i = 0; $i <count($f) ; $i++) {
// echo $f[$i];
// }
$html .= $f;
$html .= "</textarea></td><td>";
$html .= "</td></tr></table>
<input type=hidden name=act value=save><input class='brd btn' type=submit value=save></form>";
$result = "Editing";
};
break;

case ('delete'):
if(file_exists($root.$tpl)) {
if(preg_match("/\//",$tpl)) {
echo "HACK ATTEMPT";
} else {
unlink($root.$tpl);
$result = "File deleted ";
};
} else {
$result = "NO FILES WAS DELETED";
};
break;

case ('create'):

if(!file_create($root.$tpl.$f_ext)) {
$result = "FILE Exists";
} else {
$result = "File created ";
}

break;

case ('rename'):
$html = "<form method=post action=$PHP_SELF>";
$html .= '<input type=hidden name=tpl value="'.$tpl.'">
<input type=hidden name=act value=do_rename>
<input class=brd name="rename_file" type="text" size=40 value='.$tpl.'>
<input type=submit class="brd btn" value=rename>';
$html .= "</form>";
break;

case ('do_rename'):
rename($root.$tpl,$root.$rename_file);
$result = "File renamed ";
$tpl = $rename_file;
break;

default:
// return(null);
}

//echo "</h3>";

$stat_bar = '<table width="100%" border="0" cellspacing="5"
cellpadding="0" class="status"><tr><td> Mode : '.$act.' &nbsp;&nbsp;&nbsp; File : '.$tpl.'</td>
<td align=right> Result : ' . $result . '</td>
</tr></table><br>';

echo $stat_bar;
$d = dir($root);
echo '<table width="100%" border="0" cellspacing="1" cellpadding="3">
<col width="80%" ><col align=center><col align=right><col align=center><col align=center><col align=center><tr class=head>
<td>FileName</td><td nowrap>Last Edit</td><td nowrap>File Size</td>
<td></td><td></td><td></td></tr>';
$cols = 0;
while(($entry=$d->read()) !== false) {
if($entry != '.' and $entry != '..' and $entry != 'webadm.php' and $entry != 'index.php' and $entry != '_backup') {
if($tpl == $entry) {
echo "<tr class=bg3>";
} elseif ($cols == 0) {
echo "<tr class=bg1>";
$cols = 1;
} else {
echo "<tr class=bg2>";
$cols = 0;
}
$f_size = " <small class='sm'>[" . filesize($root.$entry) . " b]</small>";
$t = " <small class='sm'>[" . g_time_e($root.$entry) . "]</small>";
echo "<td>" . $entry . " </td> ";
echo "<td nowrap>" . $t . " </td> ";
echo "<td nowrap>" . $f_size . " </td> ";
echo todo($entry,'edit');
echo todo($entry,'rename');
echo todo($entry,'delete');
echo "</tr>";
};

};
echo '</table>';
echo $html . '<hr>
<form name="form1" method="post" action="'.$PHP_SELF.'">
<input type=hidden name=act value=create>
<input class=brd type="text" name="tpl" value=qwe> '.$f_ext.'
<input type="submit" class="brd btn" name="Submit" value="create">
</form>
';

?>