if ($_GET['action'] == "uninstall") { // Start creating a new chunk for the plugins settings $settingsNew = '"plugins" => array('; // Set all the old plugins for ($i = 0; $i < count($oldPlugins); $i++) { // As long as it's not the one we want to remove if ($oldPlugins[$i][0] != $pluginsData[$_GET['plugin']]['name']) { $settingsNew .= ' array("' . $oldPlugins[$i][0] . '","' . $oldPlugins[$i][1] . '","' . $oldPlugins[$i][2] . '","' . $oldPlugins[$i][3] . '","' . $oldPlugins[$i][4] . '","' . $oldPlugins[$i][5] . '"),'; } } // Rtrim off the last comma $settingsNew = rtrim($settingsNew, ','); $settingsNew .= ' ),' . PHP_EOL; // Finally, delete the plugin itself $target = '../plugins/'; $dirName = basename($pluginsData[strClean($_GET['plugin'])]['zipURL'], ".zip"); deletePlugin($target . $dirName . "/"); } // ======== // UPDATING // ======== if ($_GET['action'] == "update") { // Start creating a new chunk for the plugins settings $settingsNew = '"plugins" => array('; // Redo the arrays using the form data for ($i = 0; $i < count($oldPlugins); $i++) { $timer = intval($_POST['timer' . $i]); if ($timer == 0) { $timer = ""; } $settingsNew .= ' array("' . $_POST['name' . $i] . '","' . $_POST['icon' . $i] . '","' . $_POST['style' . $i] . '","' . $_POST['URL' . $i] . '","' . $_POST['target' . $i] . '","' . $timer . '"),';
setTimeout(function(){document.getElementById('screenContainer').style.opacity=1},50);if (document.getElementById('trialBarRemaining')) {setTimeout(function(){document.getElementById('trialBarRemaining').style.width = '<?php echo $tRemainingPerc * 170; ?> px';},150)}"> <div class="screenContainer" id="screenContainer" style="background-color: #141414; opacity: 0; transition: opacity 0.1s ease-out"> <div class="screenVCenter"> <div class="screenCenter"> <img src="../images/ice-coder.png" alt="ICEcoder"> <div class="version" style="margin-bottom: 22px">v <?php echo $ICEcoder["versionNo"]; ?> </div> <?php if (generateHash(strClean($ICEcoder['licenseEmail']), $ICEcoder['licenseCode']) != $ICEcoder['licenseCode'] && !isset($_GET['get']) && !isset($_POST['code'])) { ?> <div class="trialBarContainer"><div class="trialBarRemaining" id="trialBarRemaining"></div><br> <div class="trialBarText"><?php echo $tDaysRemaining; ?> days left - <a href="login.php?get=code&csrf=<?php echo $_SESSION["csrf"]; ?> ">Unlock now</a></div> </div> <?php } ?> <form name="settingsUpdate" action="login.php" method="POST">
<?php include "headers.php"; include "settings.php"; // Establish the real absolute path to the file $file = realpath($docRoot . $iceRoot . str_replace("|", "/", strClean($_GET['file']))); // If it doesn't exist, or doesn't start with the $docRoot, stop here if (!file_exists($file) || strpos(str_replace("\\", "/", $file), $docRoot) !== 0) { die("<script>top.ICEcoder.message('Sorry, that file doesn\\'t appear to exist');</script>"); } if (file_exists($file)) { header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header('Content-Description: File Transfer'); header("Content-Type: application/octet-stream"); header('Content-Disposition: attachment; filename=' . basename($file)); // header("Content-Transfer-Encoding: binary"); header('Content-Length: ' . filesize($file)); ob_clean(); flush(); readfile($file); exit; }
echo "<script>window.location='login.php?message=trialDonateThanks&csrf=" . $_SESSION["csrf"] . "';</script>"; } } else { if (file_exists('lib/login.php')) { header('Location: lib/login.php?get=code&success=no&csrf=' . $_SESSION["csrf"]); echo "<script>window.location='lib/login.php?get=code&success=no&csrf=" . $_SESSION["csrf"] . "';</script>"; } else { header('Location: login.php?get=code&success=no&csrf=' . $_SESSION["csrf"]); echo "<script>window.location='login.php?get=code&success=no&csrf=" . $_SESSION["csrf"] . "';</script>"; } } // If we are on the login screen and not logged in } elseif (!$_SESSION['loggedIn']) { // If the password hasn't been set and we're setting it if ($ICEcoder["password"] == "" && isset($_POST['submit']) && strpos($_POST['submit'], "set password") > -1) { $password = generateHash(strClean($_POST['password'])); $settingsContents = file_get_contents($settingsFile, false, $context); // Replace our empty password with the one submitted by user $settingsContents = str_replace('"password" => "",', '"password" => "' . $password . '",', $settingsContents); // Also set the update checker preference $checkUpdates = $_POST['checkUpdates'] == "true" ? "true" : "false"; // once to cover the true setting, once to cover false $settingsContents = str_replace('"checkUpdates" => true,', '"checkUpdates" => ' . $checkUpdates . ',', $settingsContents); $settingsContents = str_replace('"checkUpdates" => false,', '"checkUpdates" => ' . $checkUpdates . ',', $settingsContents); // Now update the config file $fh = fopen($settingsFile, 'w') or die("Can't update config file. Please set public write permissions on " . $settingsFile . " and press refresh"); fwrite($fh, $settingsContents); fclose($fh); // Set the session user level if ($ICEcoder["multiUser"]) { $_SESSION['username'] = $_POST['username'];
} // Work out the theme to use now $ICEcoder["theme"] == "default" ? $themeURL = 'lib/editor.css' : ($themeURL = $ICEcoder["codeMirrorDir"] . '/theme/' . $ICEcoder["theme"] . '.css'); $themeURL .= "?microtime=" . microtime(true); // Do we need a file manager refresh? $refreshFM = $_POST['changedFileSettings'] == "true" ? "true" : "false"; // Change multiUser and enableRegistration in config___settings.php $generalSettingsContents = file_get_contents($configSettings, false, $context); $isMultiUser = isset($_POST['multiUser']) && $_POST['multiUser'] ? "true" : "false"; $generalSettingsContents = str_replace('"multiUser" => true,', '"multiUser" => ' . $isMultiUser . ',', $generalSettingsContents); $generalSettingsContents = str_replace('"multiUser" => false,', '"multiUser" => ' . $isMultiUser . ',', $generalSettingsContents); $isEnableRegistration = isset($_POST['enableRegistration']) && $_POST['enableRegistration'] ? "true" : "false"; $generalSettingsContents = str_replace('"enableRegistration" => true', '"enableRegistration" => ' . $isEnableRegistration, $generalSettingsContents); $generalSettingsContents = str_replace('"enableRegistration" => false', '"enableRegistration" => ' . $isEnableRegistration, $generalSettingsContents); if (is_writeable($configSettings)) { $fConfigSettings = fopen($configSettings, 'w'); fwrite($fConfigSettings, $generalSettingsContents); fclose($fConfigSettings); } else { echo "<script>top.ICEcoder.message('" . $t['Cannot update config'] . " lib/" . $configSettings . " " . $t['and try again'] . "');</script>"; } $githubAuthTokenSet = $ICEcoder["githubAuthToken"] != "" ? "true" : "false"; // If we've changed langugage, reload ICEcoder now if ($languageUserChanged) { echo '<script>top.window.location = "../";</script>'; die('Reloading ICEcoder after language change'); } // With all that worked out, we can now hide the settings screen and apply the new settings $jsBugFilePaths = "['" . str_replace(",", "','", str_replace(" ", "", strClean($_POST['bugFilePaths']))) . "']"; echo "<script>top.ICEcoder.settingsScreen('hide');top.ICEcoder.useNewSettings('" . $themeURL . "'," . $ICEcoder["codeAssist"] . "," . $ICEcoder["lockedNav"] . ",'" . $ICEcoder["tagWrapperCommand"] . "','" . $ICEcoder["autoComplete"] . "'," . $ICEcoder["visibleTabs"] . ",'" . $ICEcoder["fontSize"] . "'," . $ICEcoder["lineWrapping"] . "," . $ICEcoder["indentWithTabs"] . "," . $ICEcoder["indentAuto"] . "," . $ICEcoder["indentSize"] . ",'" . $ICEcoder["pluginPanelAligned"] . "'," . $jsBugFilePaths . "," . $ICEcoder["bugFileCheckTimer"] . "," . $ICEcoder["bugFileMaxLines"] . ",'" . $githubAuthTokenSet . "'," . $ICEcoder["updateDiffOnSave"] . "," . $refreshFM . ");top.iceRoot = '" . $ICEcoder["root"] . "';</script>"; }
?> '); } var replaceInFilesAll = function() { for (var i=0;i<=foundArray.length-1;i++) { replaceInFileSingle(foundArray[i]); } top.ICEcoder.showHide('hide',top.get('blackMask')); } var renameSingle = function(arrayRef) { fileRef = spansArray[arrayRef].id.replace(/\|/g,"/").replace(/_perms/g,""); newName = spansArray[arrayRef].id.replace(/\|/g,"/").replace(/_perms/g,"").replace(find,"<?php if (isset($_GET['replace'])) { echo strClean($_GET['replace']); } ?> "); top.ICEcoder.renameFile(fileRef,newName); } var renameAll = function() { for (var i=0;i<=foundArray.length-1;i++) { renameSingle(foundArray[i]); } top.ICEcoder.showHide('hide',top.get('blackMask')); } var goFindAfterOpen = function(fileName) { if (top.ICEcoder.openFiles[top.ICEcoder.selectedTab-1] == fileName.replace(top.docRoot,"") && !top.ICEcoder.loadingFile) {
public function zipFilesUp($zipDir, $zipFile, $keepLastDays, $docRoot) { $zipName = $zipDir . $zipFile; $zipFiles = array(); $_GET['zip'] == "|" ? $zipTgt = "" : ($zipTgt = str_replace("|", "/", strClean($_GET['zip']))); if (strpos($_GET['zip'], "/") !== 0) { $zipTgt = "/" . trim($zipTgt, "/"); } $addItem = $docRoot . $zipTgt; if (is_dir($addItem)) { $dirStack = array($addItem . '/'); while (!empty($dirStack)) { $currentDir = array_pop($dirStack); $dir = dir($currentDir); while (false !== ($node = $dir->read())) { if ($node == '.' || $node == '..') { continue; } if (is_dir($currentDir . $node) && !strpos($currentDir . $node, "_coder") && !strpos($currentDir . $node, "ICEcoder")) { array_push($dirStack, $currentDir . $node . '/'); } if (is_file($currentDir . $node)) { $zipFiles[] = $currentDir . $node; } } } } else { if (file_exists($addItem)) { $zipFiles[] = $addItem; } } if ($backupsDir = opendir($zipDir)) { $keepTime = $keepLastDays * 60 * 60 * 24; while (false !== ($backup = readdir($backupsDir))) { if ($backup != "." && $backup != "..") { if (time() - filemtime($zipDir . $backup) > $keepTime) { chmod($zipDir . $backup, 0777); unlink($zipDir . $backup) or die("couldn't delete {$zipDir}{$backup}<br>"); } } } closedir($backupsDir); } if (count($zipFiles)) { $zip = new ZipArchive(); if ($zip->open($zipName, ZIPARCHIVE::CREATE) !== true) { return false; } $excludeFilesFolders = isset($_GET['exclude']) ? explode("*", strClean($_GET['exclude'])) : array(); foreach ($zipFiles as $file) { $canAdd = true; for ($i = 0; $i < count($excludeFilesFolders); $i++) { if ($excludeFilesFolders[$i] && strpos($file, $excludeFilesFolders[$i]) !== false) { $canAdd = false; } } if ($canAdd == true) { $zip->addFile($file, str_replace($docRoot . "/", "", $file)); } } $zip->close(); chmod($zipName, 0777); return file_exists($zipName); } else { return false; } }
<?php include "settings.php"; //$repoPath = strClean($_POST['repoPath']); $gitRepo = strClean($_POST['gitRepo']); $path = strClean($_POST['path']); $rowID = strClean($_POST['rowID']); $repo = strClean($_POST['repo']); $dir = strClean($_POST['dir']); $action = str_replace("PULL:", "", str_replace("SAVEPULLS:", "", strClean($_POST['action']))); $rowIDArray = explode(",", $rowID); $repoArray = explode(",", $repo); $dirArray = explode(",", $dir); $actionArray = explode(",", $action); ?> <!DOCTYPE html> <html> <head> <title>ICErepo v<?php echo $version; ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <script src="lib/underscore-min.js"></script> <script src="lib/base64.js"></script> <script src="lib/github.js"></script> <script src="lib/difflib.js"></script> <script src="ice-repo.js"></script> <link rel="stylesheet" type="text/css" href="ice-repo.css"> </head>
?> <script src="github.js?microtime=<?php echo microtime(true); ?> "></script> <script src="underscore-min.js?microtime=<?php echo microtime(true); ?> "></script> <?php } ?> <script> <?php // Establish the filename/new filename $file = str_replace("|", "/", strClean(isset($_POST['newFileName']) && $_POST['newFileName'] != "" ? $_POST['newFileName'] : $_REQUEST['file'])); // Establish the actual name as we may have HTML entities in filename $file = html_entity_decode($file); // Put the original $file var aside for use $fileOrig = $file; // Trim any +'s or spaces from the end of file $file = rtrim(rtrim($file, '+'), ' '); // Also remove [NEW] from $file, we can consider $_GET['action'] or $fileOrig to pick that up $file = rtrim($file, '[NEW]'); // Make each path in $file a full path (; seperated list) $allFiles = explode(";", $file); for ($i = 0; $i < count($allFiles); $i++) { if (strpos($allFiles[$i], $docRoot) === false && $_GET['action'] != "getRemoteFile") { $allFiles[$i] = str_replace("|", "/", $docRoot . $iceRoot . $allFiles[$i]); } }
public function __construct($uploads) { global $docRoot, $iceRoot; $uploadDir = $docRoot . $iceRoot . str_replace("..", "", str_replace("|", "/", strClean($_POST['folder']) . "/")); foreach ($uploads as $current) { $this->uploadFile = $uploadDir . $current->name; $fileName = $current->name; if ($this->upload($current, $this->uploadFile)) { echo 'action="upload"; top.ICEcoder.updateFileManagerList(\'add\',top.ICEcoder.selectedFiles[top.ICEcoder.selectedFiles.length-1].replace(/\\|/g,\'/\'),\'' . str_replace("'", "\\'", $fileName) . '\',false,false,true,\'file\'); top.ICEcoder.serverMessage("Uploaded file(s) OK");setTimeout(function(){top.ICEcoder.serverMessage();},2000);'; } else { echo "action='nothing'; top.ICEcoder.message('Sorry, cannot upload \\n" . $fileName . "\\n into \\n'+top.ICEcoder.selectedFiles[top.ICEcoder.selectedFiles.length-1].replace(/\\|/g,'/'));"; } } }
public function __construct($uploads) { global $docRoot, $iceRoot, $ICEcoder, $doNext; $uploadDir = $docRoot . $iceRoot . str_replace("..", "", str_replace("|", "/", strClean($_POST['folder']) . "/")); foreach ($uploads as $current) { $this->uploadFile = $uploadDir . $current->name; $fileName = $current->name; // Get & set existing perms for existing files, or set to newFilePerms setting for new files if (file_exists($this->uploadFile)) { $chmodInfo = substr(sprintf('%o', fileperms($this->uploadFile)), -4); $setPerms = substr($chmodInfo, 1, 3); // reduces 0755 down to 755 } else { $setPerms = $ICEcoder['newFilePerms']; } if ($this->upload($current, $this->uploadFile, $setPerms)) { $doNext .= 'top.ICEcoder.updateFileManagerList(\'add\',top.ICEcoder.selectedFiles[top.ICEcoder.selectedFiles.length-1].replace(/\\|/g,\'/\'),\'' . str_replace("'", "\\'", $fileName) . '\',false,false,true,\'file\'); top.ICEcoder.serverMessage("' . $t['Uploaded file(s) OK'] . '");setTimeout(function(){top.ICEcoder.serverMessage();},2000);'; $finalAction = "upload"; } else { $doNext .= "top.ICEcoder.message('" . $t['Sorry, cannot upload'] . " \\\\n" . $fileName . "\\\\n " . $t['into'] . " \\\\n'+top.ICEcoder.selectedFiles[top.ICEcoder.selectedFiles.length-1].replace(/\\|/g,'/'));"; $finalAction = "nothing"; } } }
<?php // Save the currently opened files for next time if ($_SESSION['loggedIn'] && isset($_GET["saveFiles"]) && $_GET['saveFiles']) { $settingsContents = file_get_contents($settingsFile, false, $context); // Replace our previousFiles var with the the current $repPosStart = strpos($settingsContents, 'previousFiles" => "') + 20; $repPosEnd = strpos($settingsContents, '",', $repPosStart) - $repPosStart; if (!$demoMode) { if ($_GET['saveFiles'] != "CLEAR") { $saveFiles = strClean($_GET['saveFiles']); $saveFilesArray = explode(",", $saveFiles); $saveFiles = ""; for ($i = 0; $i < count($saveFilesArray); $i++) { $saveFilesArray[$i] = str_replace("/", "|", $docRoot) . $saveFilesArray[$i]; $saveFiles .= $saveFilesArray[$i] . ","; } $saveFiles = rtrim($saveFiles, ","); } else { $saveFilesArray = array(); $saveFiles = ""; } $settingsContents = substr($settingsContents, 0, $repPosStart) . $saveFiles . substr($settingsContents, $repPosStart + $repPosEnd, strlen($settingsContents)); // Now update the config file if (is_writeable($settingsFile)) { $fh = fopen($settingsFile, 'w'); fwrite($fh, $settingsContents); fclose($fh); } else { echo "<script>top.ICEcoder.message('Cannot update config file. Please set public write permissions on lib/" . $settingsFile . " and try again');</script>"; }
<input type="hidden" name="dir" value=""> <input type="hidden" name="action" value=""> <input type="submit" name="commit" value="Commit changes" onClick="return commitChanges()" style="border: 0; background: #555; color: #fff; cursor: pointer"> </form> </div> <div id="infoPane" class="infoPane"></div> <script> top.fcFormAlias = document.fcForm; var github = new Github(<?php if ($token != "") { echo '{token: "' . $token . '", auth: "oauth"}'; } else { echo '{username: "******", password: "******", auth: "basic"}'; } ?> ); repoListArray = []; repoSHAArray = []; window.onLoad=gitCommand('repo.show','<?php echo strClean($_POST['repo']); ?> '); </script> <iframe name="fileControl" style="display: none"></iframe> </body> </html>
<?php include "../../lib/settings.php"; if ($demoMode || !$_SESSION['loggedIn']) { die("You must be logged in to access Terminal"); } @session_start(); $passwd = array(); if (isset($_SERVER['PHP_AUTH_USER'])) { $_SESSION['user'] = $_SERVER['PHP_AUTH_USER']; $_SESSION['pass'] = generateHash(strClean($_SERVER['PHP_AUTH_PW']), $ICEcoder["password"]); $passwd = array($_SESSION['user'] => $ICEcoder["password"]); } $aliases = array('la' => 'ls -la', 'll' => 'ls -lvhF', 'dir' => 'ls'); class phpTerm { function phpTerm() { } // constructor function formatPrompt() { $user = shell_exec("whoami"); $host = explode(".", shell_exec("uname -n")); $_SESSION['prompt'] = rtrim($user) . "@" . rtrim($host[0]); } function checkPassword($passwd) { if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !isset($passwd[$_SERVER['PHP_AUTH_USER']]) || $passwd[$_SERVER['PHP_AUTH_USER']] != $_SESSION['pass']) { return false; } else {
?> file/folder properties</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="robots" content="noindex, nofollow"> <link rel="stylesheet" type="text/css" href="properties.css"> </head> <body class="properties"> <h1 id="title"><?php echo $t['properties']; ?> </h1> <?php $fileName = $docRoot . $iceRoot . str_replace("|", "/", strClean($_GET['fileName'])); ?> <h2><?php echo basename($fileName); ?> </h2><br> <span class="column" style="width: 180px"><?php echo $t['Size']; ?> : <?php $bytes = filesize($fileName); // If it's a dir, get the dir size if (is_dir($fileName)) { $io = popen('/usr/bin/du -sb ' . $fileName, 'r'); $bytes = intval(fgets($io, 80)); pclose($io);
?> <br><br> <span class="heading"><?php echo $t['Your IP']; ?> </span><br> <?php echo $_SERVER['REMOTE_ADDR']; ?> <br><br> </div> <div style="float: left"> <?php // No valid license code - show the trial remaining bar if (generateHash(strClean($ICEcoder['licenseEmail']), $ICEcoder['licenseCode']) != $ICEcoder['licenseCode']) { ?> <h2><?php echo $t['trial remaining']; ?> </h2> <div class="trialBarContainer"><div class="trialBarRemaining" id="trialBarRemaining"></div><br> <div class="trialBarText"><?php echo $tDaysRemaining; ?> <?php echo $t['days left']; ?> - <a href="lib/login.php?get=code&csrf=<?php echo $_SESSION["csrf"]; ?>