summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Shumaker <LukeShu@sbcglobal.net>2011-11-27 11:22:36 -0500
committerLuke Shumaker <LukeShu@sbcglobal.net>2011-11-27 11:22:36 -0500
commit3d6790614bb0dc776e02a95835e5c274263d1d1a (patch)
treeaad032777fccb7fbdc80551a6f89f4bb4845a510
parent66c84cedfb411ad6ca0508d9f45d6d33c8ad474d (diff)
This zip file was identified as ltshell-3.zip
-rw-r--r--ltshell.php4
-rw-r--r--shell/AUTHORS40
-rw-r--r--shell/COPYING340
-rw-r--r--shell/ChangeLog225
-rw-r--r--shell/INSTALL110
-rw-r--r--shell/README174
-rw-r--r--shell/SECURITY141
-rw-r--r--shell/bin/cat.php7
-rw-r--r--shell/bin/cd.php5
-rw-r--r--shell/bin/chmod.php13
-rw-r--r--shell/bin/echo.php6
-rw-r--r--shell/bin/editor.php21
-rw-r--r--shell/bin/help.php12
-rw-r--r--shell/bin/ls.php34
-rw-r--r--shell/bin/pwd.php5
-rw-r--r--shell/bin/rm.php8
-rw-r--r--shell/bin/stat.php67
-rw-r--r--shell/bin/whoami.php4
-rw-r--r--shell/config.php71
-rw-r--r--shell/config.php~69
-rw-r--r--shell/exec.php58
-rw-r--r--shell/foobar.txt1
-rw-r--r--shell/index.php31
-rw-r--r--shell/lightopenid.php650
-rw-r--r--shell/login.php59
-rw-r--r--shell/no_magicquotes.php26
-rw-r--r--shell/passwd.php6
-rw-r--r--shell/phpshell.php550
-rw-r--r--shell/pwhash.php107
-rw-r--r--shell/shell.php28
-rw-r--r--shell/style.css111
31 files changed, 1082 insertions, 1901 deletions
diff --git a/ltshell.php b/ltshell.php
index fb1eee7..38c4e3f 100644
--- a/ltshell.php
+++ b/ltshell.php
@@ -2,8 +2,8 @@
/*
Plugin Name: LTS WebShell
Plugin URI: http://lukeshu.ath.cx/1/src/
-Description: A web shell (phpshell-2.2)
-Version: 2.2-1
+Description: An entirely PHP web shell (doesn't require system)
+Version: 3
Author: Luke Shumaker
Author URI: http://lukeshu.ath.cx/1/src/
License: GPL2
diff --git a/shell/AUTHORS b/shell/AUTHORS
deleted file mode 100644
index 4a4aa51..0000000
--- a/shell/AUTHORS
+++ /dev/null
@@ -1,40 +0,0 @@
-AUTHORS file for PHP Shell
-Copyright (C) 2000-2010 the Phpshell-team
-Licensed under the GNU GPL. See the file COPYING for details.
-
-
-Current maintainer: Wolfgang Dautermann <dauti@users.sourceforge.net>
-Original author: Martin Geisler <mgeisler@mgeisler.net>
-
-Thanks goes to all these persons who have helped:
-
-richard@joffray.com
- Fixed a problem the list of directories, if one accessed the
- root-directory.
-
-Robert Niess <sturm@i-st.net>
- Made me aware of a security hole in the handling of stderr-trapping.
-
-Gerry Calderhead <caldergf@everythingsucks.co.uk>
- Patch for PHP 4.2.0 where register_globals are turned off.
-
-Jeremy Miller <JMiller@marketaxess.com>
- Suggested that one could use Sudo from
-
- http://www.courtesan.com/sudo/
-
- to let PHP Shell execute code with different privileges than the
- webserver.
-
-Michael Zech <keldrin@web.de>
- Patch to make the stderr-checkbox remember it's state.
-
-Wolfgang Dautermann <dauti@users.sourceforge.net>
- Multiple patches, including the sorting of directory entries in the
- drop down box.
-
-Natan Bueno Ungethuem
- Patch for PHP 5.X because the function ereg was deprecated
-
-Tobias Unger
- AddOn including an Editor ("vim") for PHP-Shell 2.1.
diff --git a/shell/COPYING b/shell/COPYING
deleted file mode 100644
index f90922e..0000000
--- a/shell/COPYING
+++ /dev/null
@@ -1,340 +0,0 @@
- GNU GENERAL PUBLIC LICENSE
- Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The licenses for most software are designed to take away your
-freedom to share and change it. By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users. This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it. (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.) You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
- To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have. You must make sure that they, too, receive or can get the
-source code. And you must show them these terms so they know their
-rights.
-
- We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
- Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software. If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
- Finally, any free program is threatened constantly by software
-patents. We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary. To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-
- GNU GENERAL PUBLIC LICENSE
- TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
- 0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License. The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language. (Hereinafter, translation is included without limitation in
-the term "modification".) Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope. The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
- 1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
- 2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
- a) You must cause the modified files to carry prominent notices
- stating that you changed the files and the date of any change.
-
- b) You must cause any work that you distribute or publish, that in
- whole or in part contains or is derived from the Program or any
- part thereof, to be licensed as a whole at no charge to all third
- parties under the terms of this License.
-
- c) If the modified program normally reads commands interactively
- when run, you must cause it, when started running for such
- interactive use in the most ordinary way, to print or display an
- announcement including an appropriate copyright notice and a
- notice that there is no warranty (or else, saying that you provide
- a warranty) and that users may redistribute the program under
- these conditions, and telling the user how to view a copy of this
- License. (Exception: if the Program itself is interactive but
- does not normally print such an announcement, your work based on
- the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole. If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works. But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
- 3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
- a) Accompany it with the complete corresponding machine-readable
- source code, which must be distributed under the terms of Sections
- 1 and 2 above on a medium customarily used for software interchange; or,
-
- b) Accompany it with a written offer, valid for at least three
- years, to give any third party, for a charge no more than your
- cost of physically performing source distribution, a complete
- machine-readable copy of the corresponding source code, to be
- distributed under the terms of Sections 1 and 2 above on a medium
- customarily used for software interchange; or,
-
- c) Accompany it with the information you received as to the offer
- to distribute corresponding source code. (This alternative is
- allowed only for noncommercial distribution and only if you
- received the program in object code or executable form with such
- an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it. For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable. However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
- 4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License. Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
- 5. You are not required to accept this License, since you have not
-signed it. However, nothing else grants you permission to modify or
-distribute the Program or its derivative works. These actions are
-prohibited by law if you do not accept this License. Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
- 6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions. You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
- 7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all. For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices. Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
- 8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded. In such case, this License incorporates
-the limitation as if written in the body of this License.
-
- 9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation. If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
- 10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission. For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this. Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
- NO WARRANTY
-
- 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
- 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
- <one line to give the program's name and a brief idea of what it does.>
- Copyright (C) <year> <name of author>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
- Gnomovision version 69, Copyright (C) year name of author
- Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary. Here is a sample; alter the names:
-
- Yoyodyne, Inc., hereby disclaims all copyright interest in the program
- `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
- <signature of Ty Coon>, 1 April 1989
- Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs. If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library. If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
diff --git a/shell/ChangeLog b/shell/ChangeLog
deleted file mode 100644
index 945c737..0000000
--- a/shell/ChangeLog
+++ /dev/null
@@ -1,225 +0,0 @@
-2010-11-29 Wolfgang Dautermann
- * Reimplemented the feature to change to subdirectorys using mouseclicks (was available in older version)
-
-2010-11-21 Wolfgang Dautermann
- * One can navigate to higher level directories using hyperlinks.
-
-2010-11-05 Wolfgang Dautermann
- * Use SHA1 password hashing if possible. Changed project links to http://phpshell.sourceforge.net/
-
-2010-01-30 Natan Bueno <natan.bueno@gmail.com>
- * phpshell.php
- Added AddOn to editor "vim".
-
-2010-01-15 Natan Bueno <natan.bueno@gmail.com>
- * phpshell.php
- Replaced deprecated function ereg by the function preg_match
-
-2005-12-27 Martin Geisler <mgeisler@mgeisler.net>
-
- * phpshell.php:
- Added code to prevent simple replay attacks by only accepting each
- login form once.
-
-2005-12-25 Martin Geisler <mgeisler@mgeisler.net>
-
- * INSTALL: Information about the new internal configuration.
-
- * phpshell.php: Made authentication internal.
-
- * SECURITY: New file.
-
- * config.php: New file.
-
- * style.css: New file. Renamed from phpshell.css.
-
-2004-03-27 Martin Geisler <mgeisler@mgeisler.net>
-
- * phpshell.php 1.29: Removed debug output.
-
- * README 1.11: Updated documentation for new cool shell-like interface.
-
- * INSTALL 1.5:
- Updated documentation about the command substitution using alises.
-
- * phpshell.css 1.2:
- New styles to make the textarea and input box blend together.
-
- * phpshell.php 1.28: A little documentation for the alias feature.
-
- * phpshell.php 1.27:
- The shell now looks and behaves much more like a real shell: the shell
- now has a commandline history just like a real shell.
-
- The parsing of 'cd' commands have been rewritten so that even more
- special cases are taken care of, and simple command substitution using
- aliases have been introduced.
-
-2004-03-24 Martin Geisler <mgeisler@mgeisler.net>
-
- * phpshell.php 1.26:
- Increased year of copyright to 2004. Fixed the references to the PNG
- images, as pointed out by Michael Z. Bell.
-
-2003-11-11 Martin Geisler <mgeisler@mgeisler.net>
-
- * AUTHORS 1.6:
- Added Wolfgang Dautermann <dauti@users.sourceforge.net>.
-
- * phpshell.php 1.25:
- Ups, I commited with $passwd = array('foo' => 'bar').
-
- * phpshell.php 1.24:
- Wolfgang Dautermann <dauti@users.sourceforge.net> suggested
- that the directory list should be sorted.
-
- Also, changing directory through symbolic links now works as expected,
- so that it's possible to go back using 'cd ..'.
-
-2003-04-01 Martin Geisler <mgeisler@mgeisler.net>
-
- * INSTALL 1.4:
- New instructions on how to change the username and password.
-
- * README 1.10:
- Updated to be in sync with new instructions on how the password
- protection works.
-
- * phpshell.css 1.1: New file.
-
- * phpshell.php 1.23:
- Updated to use XHTML 1.0 Strict and the $_* variables in PHP
- 4.1.0. This effectively breaks compatibility with earlier versions of
- PHP. If you cannot upgrade your PHP installation (you really should
- consider upgrading to get hold of the latest security and bug fixes)
- when just use PhpShell version 1.7 --- there's no new functionality in
- this release.
-
- * COPYING 1.1: New file.
-
- * phpshell.php 1.22: Changed PHP Shell into PhpShell.
-
- * phpshell.php 1.21: Added HTTP basic authentication to the script.
-
- * AUTHORS 1.5: Moved Jeremy Miller <JMiller@marketaxess.com>.
-
- * phpshell.php 1.20: Updated version.
-
- * AUTHORS 1.4, phpshell.php 1.19:
- Applied patch from Michael Zech <keldrin@web.de> that made the
- stderr-checkbox remember it's state.
-
-2002-09-18 Martin Geisler <mgeisler@mgeisler.net>
-
- * phpshell.php 1.18:
- Use the directory of phpshell.php as the default working directory.
-
- * AUTHORS 1.3: Added Gerry Calderhead <caldergf@everythingsucks.co.uk>.
-
- * phpshell.php 1.17:
- PHP Shell now works on PHP 4.2.0 with register_globals turned off.
-
-2002-06-10 Martin Geisler <mgeisler@mgeisler.net>
-
- * INSTALL 1.3: Added a section about Safe Mode in PHP.
-
- * README 1.9:
- Added a section about Safe Mode in PHP. Also fixed a lot of spelling
- errors.
-
-2002-03-23 Martin Geisler <mgeisler@mgeisler.net>
-
- * README 1.8: Added a version number to the file.
-
- * AUTHORS 1.2: Added a notice about Robert Niess <sturm@i-st.net>.
-
- * phpshell.php 1.16:
- Added a PHPSHELL_VERSION constant. Also, when using stderr-trapping,
- we now use a unique filename as returned by tempnam() - Robert Niess
- <sturm@i-st.net> made me aware of this, thanks.
-
- * phpshell.php 1.15: Small changes in the layout.
-
- * phpshell.php 1.14:
- Updated copyright statements - they were getting quite old :-)
-
- * README 1.7:
- Added a tip from Jeremy Miller <JMiller@marketaxess.com> about how to
- use PHP Shell together with Sudo to execute code as another user.
-
-2001-12-10 Martin Geisler <mgeisler@mgeisler.net>
-
- * phpshell.php 1.13:
- I found out that 'ls -F' produced better output than 'ls -p'.
-
- * README 1.6: Told people about the rewriting of 'ls' into 'ls -F'
-
- * phpshell.php 1.12:
- You can now travel through the filesystem by using the normal 'cd'
- command. If your command involves 'cd', it will be intercepted and the
- current working directory will be changed accordingly.
-
- * README 1.5: Updated the documentation a bit.
-
-2001-02-11 Martin Geisler <mgeisler@mgeisler.net>
-
- * phpshell.php 1.11:
- Another suggestion from Thomas Langen <langen@langensoft.de>: some
- people can't use the .php extension, so now the script uses $PHP_SELF
- instead.
-
- * phpshell.php 1.10:
- Expanded all PHP start-tags (<?) to <?php, as suggested by Thomas
- Langen <langen@langensoft.de>.
-
-2000-11-20 Martin Geisler <mgeisler@mgeisler.net>
-
- * AUTHORS 1.1: New file.
-
- * phpshell.php 1.9:
- Applied a patch from richard@joffray.com which fixed a problem with
- accessing the root-directory.
-
-2000-09-24 Martin Geisler <mgeisler@mgeisler.net>
-
- * phpshell.php 1.8: Removed a debug-comment.
-
-2000-09-09 Martin Geisler <mgeisler@mgeisler.net>
-
- * README 1.4: Expanded the brief explanation at the top.
-
- * README 1.3: Ups, I forgot to make a description of sample.htaccess.
-
- * README 1.2:
- Added a description of all the files found in the tarball.
-
- * INSTALL 1.2: Made BUGS lowercase.
-
- * INSTALL 1.1, README 1.1: New file.
-
- * phpshell.php 1.7:
- Removed 'Martin Geisler' from the title, putting my name on the bottom
- of the page ought to be enough :-)
-
-2000-08-06 Martin Geisler <mgeisler@mgeisler.net>
-
- * phpshell.php 1.6:
- Added a link to gimpster.com at the bottom of the page
-
-2000-08-05 Martin Geisler <mgeisler@mgeisler.net>
-
- * phpshell.php 1.5:
- Removed references to php3 - I now use php4 so all my files end with
- just a '.php'
-
-2000-06-21 Martin Geisler <mgeisler@mgeisler.net>
-
- * phpshell.php 1.4:
- Fix - there were still references to the old name: shell.php3.
-
- * phpshell.php 1.3: Workaround for stderr-trapping. Seams to work...
-
- * phpshell.php 1.2: Initial commit
-
- * phpshell.php 1.1: New file.
-
diff --git a/shell/INSTALL b/shell/INSTALL
deleted file mode 100644
index 8d20f4b..0000000
--- a/shell/INSTALL
+++ /dev/null
@@ -1,110 +0,0 @@
-INSTALL file for PHP Shell
-Copyright (C) 2000-2010 the Phpshell-team
-Licensed under the GNU GPL. See the file COPYING for details.
-
-
-Downloading PHP Shell
-=====================
-
-You can always get the latest version of PHP Shell from:
-
- http://phpshell.sourceforge.net/
-
-
-
-Installation
-============
-
-Installation is easy: first unpack the tarball or zipfile downloaded
-from the above website into your webserver. This will create a
-subdirectory called phpshell-@VERSION@ for PHP Shell version @VERSION@.
-
-Try loading the file ``phpshell.php`` in your browser and check that
-you are served a page that asks you to authenticate yourself with a
-username and a password. If you do not see such a page, then please
-check that you have entered the URL correctly and that PHP is working
-on your server.
-
-
-
-Configuration
-=============
-
-All configuration happens in the ``config.php`` file. This is an
-ini-file despite its name. Ini-files consist of a number of sections,
-each containing a number of 'key = "value"' pairs. PHP Shell has tree
-sections: '[users]' for configuring usernames and passwords,
-'[aliases]' for configuring shell aliases, and '[settings]' for
-general settings.
-
-
-Setting usernames and passwords
--------------------------------
-
-As a security precaution PHP Shell has no default username and
-password (people often forget to change them...). To add the user
-"alice" with password "secret" you simply add
-
- [users]
- alice = "secret"
-
-to the file. Note that you can add as many users as you want by
-simply adding more lines like this.
-
-This system works, but there is a better way --- a way so that the
-password does not appear in clear text in the file. For that you use
-the supplied script ``pwhash.php`` to generate a hashed password.
-Please see the instructions given in ``pwhash.php``.
-
-With the above example the result could look like
-
- [users]
- alice = "sha1:1a4861:a8640981d2a5f9452c75a7bb0491eac3ecd8bdc3"
-
-You will not get exactly the same line if you try it out, this is a
-feature of the system which means that both "alice" and "bob" could
-have "secret" as their password, and you would not be able to tell
-from just looking at ``config.php``.
-
-
-Shell Aliases
--------------
-
-As in a normal shell, PHP Shell supports alias expansion, albeit in a
-simple form. Aliases are defined by 'key = "value"' pairs in the
-'[aliases]' section. The "key" will be matched against the first
-token of the command line and substituted with the "value" given.
-
-Two convenient aliases are already defined:
-
- [aliases]
- ls = "ls -CvhF"
- ll = "ls -lvhF"
-
-
-General Settings
-----------------
-
-PHP has just one other setting right now --- the home directory.
-Change this in the '[settings]' section.
-
-
-
-Bugs? Comments?
-================
-
-If you find a bug or miss something in PHP Shell, please take a look
-at the Tracker System at SourceForge:
-
- http://sourceforge.net/tracker/?group_id=156638
-
-There you will find trackers for Bugs, Patches, and Feature Requests.
-You are invited to add items to these so that they wont get lost.
-
-You can also email the development list, found at:
-
- https://lists.sourceforge.net/lists/listinfo/phpshell-devel
-
-This list is for discussion about all things PHP Shell and it is a
-good place to discuss a feature or bug before adding it to one of the
-SourceForge trackers.
diff --git a/shell/README b/shell/README
deleted file mode 100644
index 870d661..0000000
--- a/shell/README
+++ /dev/null
@@ -1,174 +0,0 @@
-README file for PHP Shell
-Copyright (C) 2000-2010 the Phpshell-team
-Licensed under the GNU GPL. See the file COPYING for details.
-
-What is PHP Shell?
-==================
-
-PHP Shell is a shell wrapped in a PHP script. It's a tool you can use
-to execute arbitrary shell-commands or browse the filesystem on your
-remote webserver. This replaces, to a degree, a normal
-telnet-connection.
-
-You use it for administration and maintenance of your website, which
-is often much easier to do if you can work directly on the server.
-For example, you could use PHP Shell to unpack and move big files
-around. All the normal command line programs like ps, free, du, df,
-etc... can be used.
-
-
-Limitations
-===========
-
-There are some limitations on what kind of programs you can run. It
-won't do no good if you start a graphical program like Firefox or even
-a console based one like vi. All programs have to be strictly command
-line programs, and they will have no chance of getting user input
-after they have been lunched.
-
-They probably also have to terminate within 30 seconds, as this is the
-default time-limit imposed unto all PHP scripts, to prevent them from
-running in an infinite loop. Your ISP may have set this time-limit to
-something else.
-
-But you can rely on all the normal shell-functionality, like pipes,
-output and input redirection, etc... (There is no <tab>-completion,
-though :-)
-
-
-Safe Mode
-=========
-
-Safe Mode is the nemisis of PHP Shell. If PHP is running in Safe Mode
-then PHP Shell will normally not work --- sorry. Please read the
-detailed explanation in the SECURITY file.
-
-
-Who am I?
-=========
-
-You may not be the same user when using PHP Shell, as you are when you
-upload your files with FTP. On some systems you will be ``nobody``,
-on other systems you will become ``httpd`` or ``www-data``. This is a
-rather dangerous "feature" of the way PHP is run by the webserver. A
-possible effect of this is that you might end up creating files using
-PHP Shell which you cannot delete afterwards using FTP and maybe not
-even using PHP Shell. Strange, but true :-)
-
-If you want to execute code as different user, then it's possible to
-do so by using the Sudo program available from this address:
-
- http://www.courtesan.com/sudo/
-
-The trick is to configure Sudo to allow the user running the webserver
-to execute certain commands as a more privileged user. This will have
-to be done by the administrator of the server. Please refer to the
-documentation for Sudo for further information about doing this.
-
-
-How to Use It
-=============
-
-When you point your browser at PHP Shell you will be asked to
-authenticate yourself. By default no username/password will work, so
-please go read INSTALL for information about adding a user.
-
-You're back? Good. Enter your username and password and press
-the "Login" button.
-
-You will then be presented with a rather simple page containing
-nothing much except a big window with the cursor blinking at the
-bottom, signaling that it's ready to obey your commands.
-
-Write a command and press ENTER --- or alternatively, press the 'Execute
-Command' button if you really want. The command will be executed and
-the result will be shows in the terminal. You can now enter another
-command.
-
-To be more precise: the terminal is updated with the command line you
-have just executed, the output of the command to standard out
-(stdout), and following that any error output sent to stderr.
-
-The commands are executed relative to a current working directory,
-which is written at the top. You change this by the normal 'cd'
-command (or by selecting a other working directory using the links).
-
-The commands must also be complete, so you cannot enter a multiline command:
-$ for i in a b c ; do
-> echo $i
-> done
-However, in one line it is allowed: for i in a b c ; do echo $i ; done
-
-Variables are also not preserved between the commands, so
-$ A=1
-$ echo $A
-will output 0 instead of 1. But in one line it works as expected:
-$ A=1 ; echo $A
-will give you the expected result: 1
-
-Alternatives
-============
-
-An incomplete list of alternatives to PHP Shell would be:
-
-* SSH. The Secure Shell is the standard solution to the problem that
- PHP Shell tries to solve. SSH lets you login to a remote system in a
- secure way where the traffic and password is encrypted at all
- times. You can also upload and download files securely and make
- encrypted TCP tunnels.
-
- If your host supports SSH then use it and forget about PHP Shell or
- any other solution.
-
-* Telnet. This is the old way to obtain an interactive login on a
- remote system. Unfortunately telnet is insecure since the password
- and subsequent traffic are sent in clear text. SSH was developed
- precisely to replace telnet. The advantage of telnet over PHP Shell
- is that it gives you an interactive session.
-
-* See more alternatives at the Anyterm homepage:
-
- http://anyterm.org/compared.html
-
-
-Download
-========
-
-You can download the newest version of PHP Shell from
-
- http://phpshell.sourceforge.net/
-
-The tarball/zipfile contains these files:
-
-phpshell.php
- This is the script you run when you use PHP Shell.
-
-pwhash.php
- A utility used to generate a hashed password. Please read INSTALL
- for more information. This file poses no security risk.
-
-ChangeLog
- This file describe the changes I've made to PHP Shell. By reading
- it you'll always know when I've added a new feature or made a
- bugfix, and the nature of the feature/bugfix.
-
-README
- This file! :-)
-
-INSTALL
- Tells you how to install PHP Shell. Among other things, it
- explains how to change the password protection so that you can use
- PHP Shell.
-
- Remember that it's very important to have PHP Shell password
- protected, or else everybody will be able so snoop into your files
- and perhaps also be able to delete them! Please take the time to
- protect your installation of PHP Shell.
-
-SECURITY
- A separate guide about security with PHP in general and PHP Shell in
- particular. Be sure to read this too, especially if you are getting
- strange errors back from PHP Shell.
-
-COPYING
- Standard GNU GPL.
diff --git a/shell/SECURITY b/shell/SECURITY
deleted file mode 100644
index 888c554..0000000
--- a/shell/SECURITY
+++ /dev/null
@@ -1,141 +0,0 @@
-SECURITY file for PHP Shell
-Copyright (C) 2005-2010 the Phpshell-team
-Licensed under the GNU GPL. See the file COPYING for details.
-
-
-PHP Security
-============
-
-Installing PHP on your server is an inherently dangerous thing to do,
-somewhat similar to the danger one faces when one buys a car: it might
-kill you if you have an accident. On the other hand a car makes so
-many things so much more convenient, so most people are willing to
-accept the risk of accidents.
-
-Likewise, PHP is a powerful tool which will let you build your
-webpages easier and faster than without. But it is a *very* powerful
-tool --- PHP is a full programming language which can be used for
-general purpose programming and not just to format HTML for display in
-a browser.
-
-So PHP has support for reading and writing files on the filesystem.
-But PHP also has support for *deleting* files. PHP even has support
-for executing other programs. In other words, PHP has lots of support
-for interacting with the rest of the computer it runs on. This
-interaction is potentially much more powerful than you want it to, and
-this can be a problem if this power ends up in the wrong hands.
-
-
-What about Safe Mode?
----------------------
-
-As they note in the PHP manual, Safe Mode is an inherently wrong way
-to secure PHP, but is nevertheless used in many installations.
-Turning Safe Mode on in PHP basically tries to restrict the language
-and its functions to make it "safe".
-
-This involves a strict check on file ownership so that PHP wont
-operate on files and directories which are not owned by the owner of
-the current script. Other restrictions in Safe Mode include limits on
-which files can be executed and includes (thus making a primitive form
-of chroot or jail around the PHP script).
-
-PHP Shell is made mostly useless with Safe Mode since it restricts the
-two commands that PHP Shell uses: ``chdir()`` and ``proc_open()``:
-
-* With Safe Mode you cannot change to a directory unless you are the
- owner of that directory. This means that you cannot change to, say,
- ``/etc`` since ``root`` own that directory.
-
- You'll see this when 'cd /etc' results in this error from PHP Shell:
-
- chdir(): SAFE MODE Restriction in effect. The script whose uid is
- 500 is not allowed to access /etc owned by uid 0
- cd: could not change to: /etc
-
-* When Safe Mode is active, PHP forces the argument to ``proc_open()``
- to be escaped, which means that you cannot use normal shell
- wildcards, pipes or any such stuff.
-
- So if you enter 'ls *.txt' in a directory where you know for certain
- that there is a text file ending in '.txt', you will get the
- following error:
-
- /bin/ls: *.txt: No such file or directory
-
- This is because PHP has silently changed the command into 'ls
- \*.txt' to disable the wildcard.
-
-* You cannot execute programs unless they are placed in a directory
- listed in ``safe_mode_exec_dir``. Say you want to execute the
- program ``tr`` (which translates between sets of characters) and you
- get this strange messages back:
-
- sh: line 1: /bin/tr: No such file or directory
-
- Then you have a problem with the ``safe_mode_exec_dir`` setting. In
- this case ``safe_mode_exec_dir`` is set to just ``/bin`` and so PHP
- has forced the shell to execute ``/bin/tr`` and since ``tr`` is
- installed in ``/usr/bin`` it could not be found.
-
- If you have write access to a directory listed in
- ``safe_mode_exec_dir``, then try copying the wanted program there
- first. Executing it should now work.
-
-
-Even without enabling Safe Mode some functions might have been
-disabled via the ``disabled_functions`` setting. If the
-``proc_open()`` function used by PHP Shell has been disabled, then you
-will see an error like this:
-
- Fatal Error!
-
- proc_open() has been disabled for security reasons
-
- in /path/to/your/installation/phpshell.php, line 221.
-
-
-
-PHP Shell Security
-==================
-
-As noted above, PHP is a powerful tool --- how does PHP Shell fit into
-this? PHP Shell is actually quite simple and does one thing: it uses
-the standard PHP function ``proc_open()`` to execute programs.
-
-Executing other programs is probably the most powerful thing you can
-do in PHP, and so PHP Shell gives you a convenient interface to this
-the most powerful feature of PHP. Nothing more.
-
-
-Is PHP Shell Dangerous?
------------------------
-
-Short answer: *yes*! PHP Shell has been used in the past by people
-with not-so-good intentions to destroy valuable content on servers.
-
-The longer answer is that installing PHP Shell is like building a new
-door in your house --- if you leave it unlocked, then people can (and
-probably will!) walk into it and steal your possessions. So you want
-to lock it, and make sure you use a good lock.
-
-With PHP Shell that is equivalent of using a secure password. A
-secure password is one which is hard to guess (make it long, make it
-random, and put both numbers, special characters and normal letters in
-it).
-
- Remember that guessing the password is all that stands between the
- crackers and your files!
-
-If you use a good password, then PHP Shell does not make your system
-any more insecure than it already was. Security is always a matter of
-finding the weakest link in the chain: if you use FTP with a simple
-password for updating your site, then it would be much easier for the
-crackers to attack that instead of trying to guess your super-hard PHP
-Shell password. So make sure that you tighten security on all fronts
-you know of.
-
-
-If you have comments or suggestions for improvements to this little
-guide in system security, then please do not hesitate to contact the
-author at <mgeisler@mgeisler.net>.
diff --git a/shell/bin/cat.php b/shell/bin/cat.php
new file mode 100644
index 0000000..fab9883
--- /dev/null
+++ b/shell/bin/cat.php
@@ -0,0 +1,7 @@
+<?php
+function main($args) {
+ $me = array_shift($args);
+ foreach ($args as $file) {
+ echo htmlentities(file_get_contents($file));
+ }
+}
diff --git a/shell/bin/cd.php b/shell/bin/cd.php
new file mode 100644
index 0000000..3679e88
--- /dev/null
+++ b/shell/bin/cd.php
@@ -0,0 +1,5 @@
+<?php
+function main($args) {
+ @$dir = $args[1];
+ return php_chdir($dir);
+}
diff --git a/shell/bin/chmod.php b/shell/bin/chmod.php
new file mode 100644
index 0000000..ca66f56
--- /dev/null
+++ b/shell/bin/chmod.php
@@ -0,0 +1,13 @@
+<?php
+function main($args) {
+ $me = array_shift($args);
+ if (count($args)<2) {
+ echo $me.': usage: '.$me.' MODE FILE1 [FILE2 [FILE2]]'."\n";
+ return 1;
+ } else {
+ $mode = array_shift($args);
+ foreach ($args as $file) {
+ chmod($file,octdec($mode));
+ }
+ }
+} \ No newline at end of file
diff --git a/shell/bin/echo.php b/shell/bin/echo.php
new file mode 100644
index 0000000..82487b0
--- /dev/null
+++ b/shell/bin/echo.php
@@ -0,0 +1,6 @@
+<?php
+function main($args) {
+ array_shift($args);
+ echo implode(' ',$args)."\n";
+ return 0;
+}
diff --git a/shell/bin/editor.php b/shell/bin/editor.php
new file mode 100644
index 0000000..6eac87e
--- /dev/null
+++ b/shell/bin/editor.php
@@ -0,0 +1,21 @@
+<?php
+function main($args) {
+ if (isset($_POST['stdin'])) {
+ if (isset($args[1])) {
+ file_put_contents($args[1],$_POST['stdin']);
+ } else {
+ echo $_POST['stdin'];
+ }
+ } else {
+ if (isset($args[1]) && file_exists($args[1])) {
+ $text = file_get_contents($args[1]);
+ } else {
+ $text = '';
+ }
+ echo '<div class="editor">';
+ echo '<input type="hidden" name="stddest" value="'.$_POST['c'].'" />';
+ echo '<textarea name="stdin">'.$text.'</textarea>'."\n";
+ echo '<input type="submit" value="save" />';
+ echo '</div>';
+ }
+}
diff --git a/shell/bin/help.php b/shell/bin/help.php
new file mode 100644
index 0000000..95d2641
--- /dev/null
+++ b/shell/bin/help.php
@@ -0,0 +1,12 @@
+<?php
+function main($args, $env) {
+ $commands = array();
+ foreach (explode(';',$env['PATH']) as $dir) {
+ $commands = array_merge($commands,glob($dir.'/*.php'));
+ }
+ foreach ($commands as $command) {
+ echo preg_replace('@.*/([^/]*)\.php$@',"\$1\n",$command);
+ }
+ return 0;
+}
+
diff --git a/shell/bin/ls.php b/shell/bin/ls.php
new file mode 100644
index 0000000..fa01f2e
--- /dev/null
+++ b/shell/bin/ls.php
@@ -0,0 +1,34 @@
+<?php
+function main($args) {
+ if (count($args)<2) {
+ $args[]='.';
+ }
+ $ret=0;
+ $me = array_shift($args);
+ foreach ($args as $name) {
+ if (file_exists($name)) {
+ if (is_dir($name)) {
+ @$dh = opendir($name);
+ if ($dh === false) {
+ echo $me.': can not open directory: `'.$name."'\n";
+ $ret++;
+ } else {
+ if (count($args)>1) { echo $name.":\n"; }
+ $files = array();
+ while (false !== ($file = readdir($dh))) {
+ $files[]="$file";
+ }
+ sort($files);
+ echo implode("\n",$files)."\n";
+ closedir($dh);
+ }
+ } else {
+ echo $name."\n";
+ }
+ } else {
+ echo $me.': file does not exist: `'.$name."'\n";
+ $ret++;
+ }
+ }
+ return $ret;
+}
diff --git a/shell/bin/pwd.php b/shell/bin/pwd.php
new file mode 100644
index 0000000..2b43d00
--- /dev/null
+++ b/shell/bin/pwd.php
@@ -0,0 +1,5 @@
+<?php
+function main($args) {
+ echo getcwd()."\n";
+}
+
diff --git a/shell/bin/rm.php b/shell/bin/rm.php
new file mode 100644
index 0000000..7bb7aef
--- /dev/null
+++ b/shell/bin/rm.php
@@ -0,0 +1,8 @@
+<?php
+function main($args) {
+ $me = array_shift($args);
+ foreach ($args as $file) {
+ unlink($file);
+ }
+}
+
diff --git a/shell/bin/stat.php b/shell/bin/stat.php
new file mode 100644
index 0000000..2a13743
--- /dev/null
+++ b/shell/bin/stat.php
@@ -0,0 +1,67 @@
+ <?php
+ function perms($perms) {
+ if (($perms & 0xC000) == 0xC000) {
+ $info = 's'; // Socket
+ } elseif (($perms & 0xA000) == 0xA000) {
+ $info = 'l'; // Symbolic Link
+ } elseif (($perms & 0x8000) == 0x8000) {
+ $info = '-'; // Regular
+ } elseif (($perms & 0x6000) == 0x6000) {
+ $info = 'b'; // Block special
+ } elseif (($perms & 0x4000) == 0x4000) {
+ $info = 'd'; // Directory
+ } elseif (($perms & 0x2000) == 0x2000) {
+ $info = 'c'; // Character special
+ } elseif (($perms & 0x1000) == 0x1000) {
+ $info = 'p'; // FIFO pipe
+ } else {
+ $info = 'u'; // Unknown
+ }
+
+ // Owner
+ $info .= (($perms & 0x0100) ? 'r' : '-');
+ $info .= (($perms & 0x0080) ? 'w' : '-');
+ $info .= (($perms & 0x0040) ?
+ (($perms & 0x0800) ? 's' : 'x' ) :
+ (($perms & 0x0800) ? 'S' : '-'));
+
+ // Group
+ $info .= (($perms & 0x0020) ? 'r' : '-');
+ $info .= (($perms & 0x0010) ? 'w' : '-');
+ $info .= (($perms & 0x0008) ?
+ (($perms & 0x0400) ? 's' : 'x' ) :
+ (($perms & 0x0400) ? 'S' : '-'));
+
+ // World
+ $info .= (($perms & 0x0004) ? 'r' : '-');
+ $info .= (($perms & 0x0002) ? 'w' : '-');
+ $info .= (($perms & 0x0001) ?
+ (($perms & 0x0200) ? 't' : 'x' ) :
+ (($perms & 0x0200) ? 'T' : '-'));
+
+ return '('.substr(sprintf('%o',$perms),-4).'/'.$info.')';
+}
+
+function main($args) {
+ $me = array_shift($args);
+ $ret = 0;
+ foreach ($args as $file) {
+ $data = stat($file);
+ if ($data === false) {
+ echo $me.': cannot stat file: `'.$file."'\n";
+ $ret++;
+ } else {
+ echo ' File: `'.$file."'\n";
+ echo ' Size: '.$data['size']."\t";
+ echo 'Blocks: '.$data['blocks']."\t";
+ //echo 'IO Block: ';
+ echo $data['rdev']."\n";
+ echo 'Device: '.$data['dev']."\t";
+ echo 'Inode: '.$data['ino']."\t";
+ echo 'Links: '.$data['nlink']."\n";
+ echo 'Access: '.perms($data['mode'])."\t";
+ echo "\n";
+ }
+ }
+ return $ret;
+} \ No newline at end of file
diff --git a/shell/bin/whoami.php b/shell/bin/whoami.php
new file mode 100644
index 0000000..84db5a1
--- /dev/null
+++ b/shell/bin/whoami.php
@@ -0,0 +1,4 @@
+<?php
+function main($args) {
+ echo get_current_user();
+}
diff --git a/shell/config.php b/shell/config.php
deleted file mode 100644
index 843069b..0000000
--- a/shell/config.php
+++ /dev/null
@@ -1,71 +0,0 @@
-; <?php die('Forbidden'); ?> -*- conf -*-
-; Do not remove the above line, it is all that prevents this file from
-; being downloaded.
-;
-; config.php file for PHP Shell
-; Copyright (C) 2005-2010 the Phpshell-team
-; Licensed under the GNU GPL. See the file COPYING for details.
-
-; This ini-file has three parts:
-;
-; * [users] where you add usernames and passwords to give users access
-; to PHP Shell.
-;
-; * [aliases] where you can configure shell aliases.
-;
-; * [settings] where general settings are placed.
-
-
-[users]
-
-luke = "sha1:da6c3f7:1c125210c15b45a083e77674693ceda9dc4750f3"
-
-; The default configuration has no users defined, you have to add your
-; own (choose good passwords!). Add uses as simple
-;
-; username = "password"
-;
-; lines. Please quote your password using double-quotes as shown.
-; The semi-colon ':' is a reserved character, so do *not* use that in
-; your passwords.
-;
-; For improved security it is *strongly suggested* that you the
-; pwhash.php script to generate a hashed password and store that
-; instead of the normal clear text password. Keeping your passwords
-; in hashed form ensures that they cannot be found, even if this file
-; is disclosed. The passwords are still visible in clear text during
-; the login, though. Please follow the instructions given in
-; pwhash.php.
-
-
-
-[aliases]
-
-; Alias expansion. Change the two examples as needed and add your own
-; favorites --- feel free to suggest more defaults! The command line
-; you enter will only be expanded on the very first token and only
-; once, so having 'ls' expand into 'ls -CvhF' does not cause an
-; infinite recursion.
-
-ls = "ls -CvhF"
-ll = "ls -lvhF"
-
-
-
-[settings]
-
-; General settings for PHP Shell.
-
-; Home directory. PHP Shell will change to this directory upon
-; startup and whenever a bare 'cd' command is given. This can be an
-; absolute path or a path relative to the PHP Shell installation
-; directory.
-
-home-directory = "."
-
-; Safe Mode warning. PHP Shell will normally display a big, fat
-; warning if it detects that PHP is running in Safe Mode. If you find
-; that PHP Shell works anyway, then set this to false to get rid of
-; the warning.
-
-safe-mode-warning = true
diff --git a/shell/config.php~ b/shell/config.php~
deleted file mode 100644
index b9b48ca..0000000
--- a/shell/config.php~
+++ /dev/null
@@ -1,69 +0,0 @@
-; <?php die('Forbidden'); ?> -*- conf -*-
-; Do not remove the above line, it is all that prevents this file from
-; being downloaded.
-;
-; config.php file for PHP Shell
-; Copyright (C) 2005-2010 the Phpshell-team
-; Licensed under the GNU GPL. See the file COPYING for details.
-
-; This ini-file has three parts:
-;
-; * [users] where you add usernames and passwords to give users access
-; to PHP Shell.
-;
-; * [aliases] where you can configure shell aliases.
-;
-; * [settings] where general settings are placed.
-
-
-[users]
-
-; The default configuration has no users defined, you have to add your
-; own (choose good passwords!). Add uses as simple
-;
-; username = "password"
-;
-; lines. Please quote your password using double-quotes as shown.
-; The semi-colon ':' is a reserved character, so do *not* use that in
-; your passwords.
-;
-; For improved security it is *strongly suggested* that you the
-; pwhash.php script to generate a hashed password and store that
-; instead of the normal clear text password. Keeping your passwords
-; in hashed form ensures that they cannot be found, even if this file
-; is disclosed. The passwords are still visible in clear text during
-; the login, though. Please follow the instructions given in
-; pwhash.php.
-
-
-
-[aliases]
-
-; Alias expansion. Change the two examples as needed and add your own
-; favorites --- feel free to suggest more defaults! The command line
-; you enter will only be expanded on the very first token and only
-; once, so having 'ls' expand into 'ls -CvhF' does not cause an
-; infinite recursion.
-
-ls = "ls -CvhF"
-ll = "ls -lvhF"
-
-
-
-[settings]
-
-; General settings for PHP Shell.
-
-; Home directory. PHP Shell will change to this directory upon
-; startup and whenever a bare 'cd' command is given. This can be an
-; absolute path or a path relative to the PHP Shell installation
-; directory.
-
-home-directory = "."
-
-; Safe Mode warning. PHP Shell will normally display a big, fat
-; warning if it detects that PHP is running in Safe Mode. If you find
-; that PHP Shell works anyway, then set this to false to get rid of
-; the warning.
-
-safe-mode-warning = true
diff --git a/shell/exec.php b/shell/exec.php
new file mode 100644
index 0000000..f3dc8d1
--- /dev/null
+++ b/shell/exec.php
@@ -0,0 +1,58 @@
+<?php
+
+function php_chdir($dir) {
+ $ret = chdir($dir);
+ echo '<input type="hidden" name="d" value="'.getcwd().'" />';
+ return $ret;
+}
+
+function php_exec($com, $cwd='') {
+ if ($cwd != '') { php_chdir($cwd); }
+ if ($com=='') { return 0; }
+
+ $root = dirname(__FILE__);
+
+ $ifs=' ';
+ $path = $root.'/bin';
+
+ $env = array('IFS' => $ifs, 'PATH' => $path);
+
+ $coms = array();
+ $a = 0;
+ $c = 0;
+ $q = '';
+ while ($com != '') {
+ $char = substr($com,0,1);
+ $com = substr($com,1);
+ if (substr_count ('\'',$char)!==0) {
+ if (substr($q,0,1)===$char) {
+ $q = substr($q,1);
+ } else {
+ $q = $char.$q;
+ }
+ } elseif ($q != '') {
+ $coms[$c][$a].=$char;
+ } elseif (substr_count ($ifs,$char)!==0) {
+ if (isset($coms[$c][$a])) {
+ $a++;
+ }
+ } elseif (substr_count (';',$char)!==0) {
+ $c++;
+ } else {
+ $coms[$c][$a].=$char;
+ }
+ }
+
+ $ret=0;
+ foreach ($coms as $args) {
+ $file=$path.'/'.$args[0].'.php';
+ if (file_exists($file)) {
+ include($file);
+ $ret = main($args,$env);
+ } else {
+ echo 'sh: command not found: `'.$args[0]."'\n";
+ $ret = 1;
+ }
+ }
+ return $ret;
+}
diff --git a/shell/foobar.txt b/shell/foobar.txt
new file mode 100644
index 0000000..fd80404
--- /dev/null
+++ b/shell/foobar.txt
@@ -0,0 +1 @@
+this is foobar.txt \ No newline at end of file
diff --git a/shell/index.php b/shell/index.php
new file mode 100644
index 0000000..6d62a65
--- /dev/null
+++ b/shell/index.php
@@ -0,0 +1,31 @@
+<?php
+$LTS = 'set';
+session_start();
+include('no_magicquotes.php');
+
+global $auth_html;
+include('login.php');
+
+echo '<?xml version="1.0" encoding="utf-8"?>';
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us" dir="ltr" >
+<head>
+ <title>ltShell 3</title>
+ <link rel="stylesheet" href="style.css" media="screen,projection" />
+ <script type="text/javascript">
+ function formfocus() {
+ document.getElementById('prompt').focus();
+ }
+ window.onload = formfocus;
+ </script>
+</head>
+<body>
+<div class="login"><?php echo $auth_html; ?></div>
+<?php
+if ( isset($_SESSION['user']) && ($_SESSION['user']!='') ) {
+ include('shell.php');
+}
+?>
+</body></html>
diff --git a/shell/lightopenid.php b/shell/lightopenid.php
new file mode 100644
index 0000000..f868273
--- /dev/null
+++ b/shell/lightopenid.php
@@ -0,0 +1,650 @@
+<?php
+/**
+ * This class provides a simple interface for OpenID (1.1 and 2.0) authentication.
+ * Supports Yadis discovery.
+ * The authentication process is stateless/dumb.
+ *
+ * Usage:
+ * Sign-on with OpenID is a two step process:
+ * Step one is authentication with the provider:
+ * <code>
+ * $openid = new LightOpenID;
+ * $openid->identity = 'ID supplied by user';
+ * header('Location: ' . $openid->authUrl());
+ * </code>
+ * The provider then sends various parameters via GET, one of them is openid_mode.
+ * Step two is verification:
+ * <code>
+ * if ($this->data['openid_mode']) {
+ * $openid = new LightOpenID;
+ * echo $openid->validate() ? 'Logged in.' : 'Failed';
+ * }
+ * </code>
+ *
+ * Optionally, you can set $returnUrl and $realm (or $trustRoot, which is an alias).
+ * The default values for those are:
+ * $openid->realm = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'];
+ * $openid->returnUrl = $openid->realm . $_SERVER['REQUEST_URI']; # without the query part, if present
+ * If you don't know their meaning, refer to any openid tutorial, or specification. Or just guess.
+ *
+ * AX and SREG extensions are supported.
+ * To use them, specify $openid->required and/or $openid->optional before calling $openid->authUrl().
+ * These are arrays, with values being AX schema paths (the 'path' part of the URL).
+ * For example:
+ * $openid->required = array('namePerson/friendly', 'contact/email');
+ * $openid->optional = array('namePerson/first');
+ * If the server supports only SREG or OpenID 1.1, these are automaticaly
+ * mapped to SREG names, so that user doesn't have to know anything about the server.
+ *
+ * To get the values, use $openid->getAttributes().
+ *
+ *
+ * The library requires PHP >= 5.1.2 with http/https stream wrappers enabled..
+ * @author Mewp
+ * @copyright Copyright (c) 2010, Mewp
+ * @license http://www.opensource.org/licenses/mit-license.php MIT
+ */
+class LightOpenID
+{
+ public $returnUrl
+ , $required = array()
+ , $optional = array();
+ private $identity, $claimed_id;
+ protected $server, $version, $trustRoot, $aliases, $identifier_select = false
+ , $ax = false, $sreg = false, $data;
+ static protected $ax_to_sreg = array(
+ 'namePerson/friendly' => 'nickname',
+ 'contact/email' => 'email',
+ 'namePerson' => 'fullname',
+ 'birthDate' => 'dob',
+ 'person/gender' => 'gender',
+ 'contact/postalCode/home' => 'postcode',
+ 'contact/country/home' => 'country',
+ 'pref/language' => 'language',
+ 'pref/timezone' => 'timezone',
+ );
+
+ function __construct()
+ {
+ $this->trustRoot = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'];
+ $uri = $_SERVER['REQUEST_URI'];
+ $uri = strpos($uri, '?') ? substr($uri, 0, strpos($uri, '?')) : $uri;
+ $this->returnUrl = $this->trustRoot . $uri;
+
+ $this->data = $_POST + $_GET; # OPs may send data as POST or GET.
+ }
+
+ function __set($name, $value)
+ {
+ switch ($name) {
+ case 'identity':
+ if (strlen($value = trim((String) $value))) {
+ if (preg_match('#^xri:/*#i', $value, $m)) {
+ $value = substr($value, strlen($m[0]));
+ } elseif (!preg_match('/^(?:[=@+\$!\(]|https?:)/i', $value)) {
+ $value = "http://$value";
+ }
+ if (preg_match('#^https?://[^/]+$#i', $value, $m)) {
+ $value .= '/';
+ }
+ }
+ $this->$name = $this->claimed_id = $value;
+ break;
+ case 'trustRoot':
+ case 'realm':
+ $this->trustRoot = trim($value);
+ }
+ }
+
+ function __get($name)
+ {
+ switch ($name) {
+ case 'identity':
+ # We return claimed_id instead of identity,
+ # because the developer should see the claimed identifier,
+ # i.e. what he set as identity, not the op-local identifier (which is what we verify)
+ return $this->claimed_id;
+ case 'trustRoot':
+ case 'realm':
+ return $this->trustRoot;
+ }
+ }
+
+ /**
+ * Checks if the server specified in the url exists.
+ *
+ * @param $url url to check
+ * @return true, if the server exists; false otherwise
+ */
+ function hostExists($url)
+ {
+ if (strpos($url, '/') === false) {
+ $server = $url;
+ } else {
+ $server = @parse_url($url, PHP_URL_HOST);
+ }
+
+ if (!$server) {
+ return false;
+ }
+
+ return !!gethostbynamel($server);
+ }
+
+
+ protected function request($url, $method='GET', $params=array())
+ {
+ if(!$this->hostExists($url)) {
+ throw new ErrorException('Invalid request.');
+ }
+
+ $params = http_build_query($params, '', '&');
+ switch($method) {
+ case 'GET':
+ $opts = array(
+ 'http' => array(
+ 'method' => 'GET',
+ 'header' => 'Accept: application/xrds+xml, */*',
+ 'ignore_errors' => true,
+ )
+ );
+ $url = $url . ($params ? '?' . $params : '');
+ break;
+ case 'POST':
+ $opts = array(
+ 'http' => array(
+ 'method' => 'POST',
+ 'header' => 'Content-type: application/x-www-form-urlencoded',
+ 'content' => $params,
+ 'ignore_errors' => true,
+ )
+ );
+ break;
+ case 'HEAD':
+ # We want to send a HEAD request,
+ # but since get_headers doesn't accept $context parameter,
+ # we have to change the defaults.
+ $default = stream_context_get_options(stream_context_get_default());
+ stream_context_get_default(
+ array('http' => array(
+ 'method' => 'HEAD',
+ 'header' => 'Accept: application/xrds+xml, */*',
+ 'ignore_errors' => true,
+ ))
+ );
+
+ $url = $url . ($params ? '?' . $params : '');
+ $headers_tmp = get_headers ($url);
+ if(!$headers_tmp) {
+ return array();
+ }
+
+ # Parsing headers.
+ $headers = array();
+ foreach($headers_tmp as $header) {
+ $pos = strpos($header,':');
+ $name = strtolower(trim(substr($header, 0, $pos)));
+ $headers[$name] = trim(substr($header, $pos+1));
+
+ # Following possible redirections. The point is just to have
+ # claimed_id change with them, because get_headers() will
+ # follow redirections automatically.
+ # We ignore redirections with relative paths.
+ # If any known provider uses them, file a bug report.
+ if($name == 'location') {
+ if(strpos($headers[$name], 'http') === 0) {
+ $this->claimed_id = $headers[$name];
+ } elseif($headers[$name][0] == '/') {
+ $parsed_url = parse_url($this->claimed_id);
+ $this->claimed_id = $parsed_url['scheme'] . '://'
+ . $parsed_url['host']
+ . $headers[$name];
+ }
+ }
+ }
+
+ # And restore them.
+ stream_context_get_default($default);
+ return $headers;
+ }
+ $context = stream_context_create ($opts);
+
+ return file_get_contents($url, false, $context);
+ }
+
+ protected function build_url($url, $parts)
+ {
+ if (isset($url['query'], $parts['query'])) {
+ $parts['query'] = $url['query'] . '&' . $parts['query'];
+ }
+
+ $url = $parts + $url;
+ $url = $url['scheme'] . '://'
+ . (empty($url['username'])?''
+ :(empty($url['password'])? "{$url['username']}@"
+ :"{$url['username']}:{$url['password']}@"))
+ . $url['host']
+ . (empty($url['port'])?'':":{$url['port']}")
+ . (empty($url['path'])?'':$url['path'])
+ . (empty($url['query'])?'':"?{$url['query']}")
+ . (empty($url['fragment'])?'':":{$url['fragment']}");
+ return $url;
+ }
+
+ /**
+ * Helper function used to scan for <meta>/<link> tags and extract information
+ * from them
+ */
+ protected function htmlTag($content, $tag, $attrName, $attrValue, $valueName)
+ {
+ preg_match_all("#<{$tag}[^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*$valueName=['\"](.+?)['\"][^>]*/?>#i", $content, $matches1);
+ preg_match_all("#<{$tag}[^>]*$valueName=['\"](.+?)['\"][^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*/?>#i", $content, $matches2);
+
+ $result = array_merge($matches1[1], $matches2[1]);
+ return empty($result)?false:$result[0];
+ }
+
+ /**
+ * Performs Yadis and HTML discovery. Normally not used.
+ * @param $url Identity URL.
+ * @return String OP Endpoint (i.e. OpenID provider address).
+ * @throws ErrorException
+ */
+ function discover($url)
+ {
+ if (!$url) throw new ErrorException('No identity supplied.');
+ # Use xri.net proxy to resolve i-name identities
+ if (!preg_match('#^https?:#', $url)) {
+ $url = "https://xri.net/$url";
+ }
+
+ # We save the original url in case of Yadis discovery failure.
+ # It can happen when we'll be lead to an XRDS document
+ # which does not have any OpenID2 services.
+ $originalUrl = $url;
+
+ # A flag to disable yadis discovery in case of failure in headers.
+ $yadis = true;
+
+ # We'll jump a maximum of 5 times, to avoid endless redirections.
+ for ($i = 0; $i < 5; $i ++) {
+ if ($yadis) {
+ $headers = $this->request($url, 'HEAD');
+
+ $next = false;
+ if (isset($headers['x-xrds-location'])) {
+ $url = $this->build_url(parse_url($url), parse_url(trim($headers['x-xrds-location'])));
+ $next = true;
+ }
+
+ if (isset($headers['content-type'])
+ && strpos($headers['content-type'], 'application/xrds+xml') !== false) {
+ # Found an XRDS document, now let's find the server, and optionally delegate.
+ $content = $this->request($url, 'GET');
+
+ # OpenID 2
+ $ns = preg_quote('http://specs.openid.net/auth/2.0/');
+ if (preg_match('#<Service.*?>(.*)<Type>\s*'.$ns.'(.*?)\s*</Type>(.*)</Service>#s', $content, $m)) {
+ $content = ' ' . $m[1] . $m[3]; # The space is added, so that strpos doesn't return 0.
+ if ($m[2] == 'server') $this->identifier_select = true;
+
+ preg_match('#<URI.*?>(.*)</URI>#', $content, $server);
+ preg_match('#<(Local|Canonical)ID>(.*)</\1ID>#', $content, $delegate);
+ if (empty($server)) {
+ return false;
+ }
+ # Does the server advertise support for either AX or SREG?
+ $this->ax = (bool) strpos($content, '<Type>http://openid.net/srv/ax/1.0</Type>');
+ $this->sreg = strpos($content, '<Type>http://openid.net/sreg/1.0</Type>')
+ || strpos($content, '<Type>http://openid.net/extensions/sreg/1.1</Type>');
+
+ $server = $server[1];
+ if (isset($delegate[2])) $this->identity = trim($delegate[2]);
+ $this->version = 2;
+
+ $this->server = $server;
+ return $server;
+ }
+
+ # OpenID 1.1
+ $ns = preg_quote('http://openid.net/signon/1.1');
+ if (preg_match('#<Service.*?>(.*)<Type>\s*'.$ns.'\s*</Type>(.*)</Service>#s', $content, $m)) {
+ $content = ' ' . $m[1] . $m[2];
+
+ preg_match('#<URI.*?>(.*)</URI>#', $content, $server);
+ preg_match('#<.*?Delegate>(.*)</.*?Delegate>#', $content, $delegate);
+ if (empty($server)) {
+ return false;
+ }
+ # AX can be used only with OpenID 2.0, so checking only SREG
+ $this->sreg = strpos($content, '<Type>http://openid.net/sreg/1.0</Type>')
+ || strpos($content, '<Type>http://openid.net/extensions/sreg/1.1</Type>');
+
+ $server = $server[1];
+ if (isset($delegate[1])) $this->identity = $delegate[1];
+ $this->version = 1;
+
+ $this->server = $server;
+ return $server;
+ }
+
+ $next = true;
+ $yadis = false;
+ $url = $originalUrl;
+ $content = null;
+ break;
+ }
+ if ($next) continue;
+
+ # There are no relevant information in headers, so we search the body.
+ $content = $this->request($url, 'GET');
+ if ($location = $this->htmlTag($content, 'meta', 'http-equiv', 'X-XRDS-Location', 'value')) {
+ $url = $this->build_url(parse_url($url), parse_url($location));
+ continue;
+ }
+ }
+
+ if (!$content) $content = $this->request($url, 'GET');
+
+ # At this point, the YADIS Discovery has failed, so we'll switch
+ # to openid2 HTML discovery, then fallback to openid 1.1 discovery.
+ $server = $this->htmlTag($content, 'link', 'rel', 'openid2.provider', 'href');
+ $delegate = $this->htmlTag($content, 'link', 'rel', 'openid2.local_id', 'href');
+ $this->version = 2;
+
+ if (!$server) {
+ # The same with openid 1.1
+ $server = $this->htmlTag($content, 'link', 'rel', 'openid.server', 'href');
+ $delegate = $this->htmlTag($content, 'link', 'rel', 'openid.delegate', 'href');
+ $this->version = 1;
+ }
+
+ if ($server) {
+ # We found an OpenID2 OP Endpoint
+ if ($delegate) {
+ # We have also found an OP-Local ID.
+ $this->identity = $delegate;
+ }
+ $this->server = $server;
+ return $server;
+ }
+
+ throw new ErrorException('No servers found!');
+ }
+ throw new ErrorException('Endless redirection!');
+ }
+
+ protected function sregParams()
+ {
+ $params = array();
+ # We always use SREG 1.1, even if the server is advertising only support for 1.0.
+ # That's because it's fully backwards compatibile with 1.0, and some providers
+ # advertise 1.0 even if they accept only 1.1. One such provider is myopenid.com
+ $params['openid.ns.sreg'] = 'http://openid.net/extensions/sreg/1.1';
+ if ($this->required) {
+ $params['openid.sreg.required'] = array();
+ foreach ($this->required as $required) {
+ if (!isset(self::$ax_to_sreg[$required])) continue;
+ $params['openid.sreg.required'][] = self::$ax_to_sreg[$required];
+ }
+ $params['openid.sreg.required'] = implode(',', $params['openid.sreg.required']);
+ }
+
+ if ($this->optional) {
+ $params['openid.sreg.optional'] = array();
+ foreach ($this->optional as $optional) {
+ if (!isset(self::$ax_to_sreg[$optional])) continue;
+ $params['openid.sreg.optional'][] = self::$ax_to_sreg[$optional];
+ }
+ $params['openid.sreg.optional'] = implode(',', $params['openid.sreg.optional']);
+ }
+ return $params;
+ }
+
+ protected function axParams()
+ {
+ $params = array();
+ if ($this->required || $this->optional) {
+ $params['openid.ns.ax'] = 'http://openid.net/srv/ax/1.0';
+ $params['openid.ax.mode'] = 'fetch_request';
+ $this->aliases = array();
+ $counts = array();
+ $required = array();
+ $optional = array();
+ foreach (array('required','optional') as $type) {
+ foreach ($this->$type as $alias => $field) {
+ if (is_int($alias)) $alias = strtr($field, '/', '_');
+ $this->aliases[$alias] = 'http://axschema.org/' . $field;
+ if (empty($counts[$alias])) $counts[$alias] = 0;
+ $counts[$alias] += 1;
+ ${$type}[] = $alias;
+ }
+ }
+ foreach ($this->aliases as $alias => $ns) {
+ $params['openid.ax.type.' . $alias] = $ns;
+ }
+ foreach ($counts as $alias => $count) {
+ if ($count == 1) continue;
+ $params['openid.ax.count.' . $alias] = $count;
+ }
+
+ # Don't send empty ax.requied and ax.if_available.
+ # Google and possibly other providers refuse to support ax when one of these is empty.
+ if($required) {
+ $params['openid.ax.required'] = implode(',', $required);
+ }
+ if($optional) {
+ $params['openid.ax.if_available'] = implode(',', $optional);
+ }
+ }
+ return $params;
+ }
+
+ protected function authUrl_v1()
+ {
+ $returnUrl = $this->returnUrl;
+ # If we have an openid.delegate that is different from our claimed id,
+ # we need to somehow preserve the claimed id between requests.
+ # The simplest way is to just send it along with the return_to url.
+ if($this->identity != $this->claimed_id) {
+ $returnUrl .= (strpos($returnUrl, '?') ? '&' : '?') . 'openid.claimed_id=' . $this->claimed_id;
+ }
+
+ $params = array(
+ 'openid.return_to' => $returnUrl,
+ 'openid.mode' => 'checkid_setup',
+ 'openid.identity' => $this->identity,
+ 'openid.trust_root' => $this->trustRoot,
+ ) + $this->sregParams();
+
+ return $this->build_url(parse_url($this->server)
+ , array('query' => http_build_query($params, '', '&')));
+ }
+
+ protected function authUrl_v2($identifier_select)
+ {
+ $params = array(
+ 'openid.ns' => 'http://specs.openid.net/auth/2.0',
+ 'openid.mode' => 'checkid_setup',
+ 'openid.return_to' => $this->returnUrl,
+ 'openid.realm' => $this->trustRoot,
+ );
+ if ($this->ax) {
+ $params += $this->axParams();
+ }
+ if ($this->sreg) {
+ $params += $this->sregParams();
+ }
+ if (!$this->ax && !$this->sreg) {
+ # If OP doesn't advertise either SREG, nor AX, let's send them both
+ # in worst case we don't get anything in return.
+ $params += $this->axParams() + $this->sregParams();
+ }
+
+ if ($identifier_select) {
+ $params['openid.identity'] = $params['openid.claimed_id']
+ = 'http://specs.openid.net/auth/2.0/identifier_select';
+ } else {
+ $params['openid.identity'] = $this->identity;
+ $params['openid.claimed_id'] = $this->claimed_id;
+ }
+
+ return $this->build_url(parse_url($this->server)
+ , array('query' => http_build_query($params, '', '&')));
+ }
+
+ /**
+ * Returns authentication url. Usually, you want to redirect your user to it.
+ * @return String The authentication url.
+ * @param String $select_identifier Whether to request OP to select identity for an user in OpenID 2. Does not affect OpenID 1.
+ * @throws ErrorException
+ */
+ function authUrl($identifier_select = null)
+ {
+ if (!$this->server) $this->discover($this->identity);
+
+ if ($this->version == 2) {
+ if ($identifier_select === null) {
+ return $this->authUrl_v2($this->identifier_select);
+ }
+ return $this->authUrl_v2($identifier_select);
+ }
+ return $this->authUrl_v1();
+ }
+
+ /**
+ * Performs OpenID verification with the OP.
+ * @return Bool Whether the verification was successful.
+ * @throws ErrorException
+ */
+ function validate()
+ {
+ $this->claimed_id = isset($this->data['openid_claimed_id'])?$this->data['openid_claimed_id']:$this->data['openid_identity'];
+ $params = array(
+ 'openid.assoc_handle' => $this->data['openid_assoc_handle'],
+ 'openid.signed' => $this->data['openid_signed'],
+ 'openid.sig' => $this->data['openid_sig'],
+ );
+
+ if (isset($this->data['openid_ns'])) {
+ # We're dealing with an OpenID 2.0 server, so let's set an ns
+ # Even though we should know location of the endpoint,
+ # we still need to verify it by discovery, so $server is not set here
+ $params['openid.ns'] = 'http://specs.openid.net/auth/2.0';
+ } elseif(isset($this->data['openid_claimed_id'])) {
+ # If it's an OpenID 1 provider, and we've got claimed_id,
+ # we have to append it to the returnUrl, like authUrl_v1 does.
+ $this->returnUrl .= (strpos($this->returnUrl, '?') ? '&' : '?')
+ . 'openid.claimed_id=' . $this->claimed_id;
+ }
+
+ if ($this->data['openid_return_to'] != $this->returnUrl) {
+ # The return_to url must match the url of current request.
+ # I'm assuing that noone will set the returnUrl to something that doesn't make sense.
+ return false;
+ }
+
+ $server = $this->discover($this->data['openid_identity']);
+
+ foreach (explode(',', $this->data['openid_signed']) as $item) {
+ # Checking whether magic_quotes_gpc is turned on, because
+ # the function may fail if it is. For example, when fetching
+ # AX namePerson, it might containg an apostrophe, which will be escaped.
+ # In such case, validation would fail, since we'd send different data than OP
+ # wants to verify. stripslashes() should solve that problem, but we can't
+ # use it when magic_quotes is off.
+ $value = $this->data['openid_' . str_replace('.','_',$item)];
+ $params['openid.' . $item] = get_magic_quotes_gpc() ? stripslashes($value) : $value;
+ }
+
+ $params['openid.mode'] = 'check_authentication';
+
+ $response = $this->request($server, 'POST', $params);
+
+ return preg_match('/is_valid\s*:\s*true/i', $response);
+ }
+
+ protected function getAxAttributes()
+ {
+ $alias = null;
+ if (isset($this->data['openid_ns_ax'])
+ && $this->data['openid_ns_ax'] != 'http://openid.net/srv/ax/1.0'
+ ) { # It's the most likely case, so we'll check it before
+ $alias = 'ax';
+ } else {
+ # 'ax' prefix is either undefined, or points to another extension,
+ # so we search for another prefix
+ foreach ($this->data as $key => $val) {
+ if (substr($key, 0, strlen('openid_ns_')) == 'openid_ns_'
+ && $val == 'http://openid.net/srv/ax/1.0'
+ ) {
+ $alias = substr($key, strlen('openid_ns_'));
+ break;
+ }
+ }
+ }
+ if (!$alias) {
+ # An alias for AX schema has not been found,
+ # so there is no AX data in the OP's response
+ return array();
+ }
+
+ $attributes = array();
+ foreach ($this->data as $key => $value) {
+ $keyMatch = 'openid_' . $alias . '_value_';
+ if (substr($key, 0, strlen($keyMatch)) != $keyMatch) {
+ continue;
+ }
+ $key = substr($key, strlen($keyMatch));
+ if (!isset($this->data['openid_' . $alias . '_type_' . $key])) {
+ # OP is breaking the spec by returning a field without
+ # associated ns. This shouldn't happen, but it's better
+ # to check, than cause an E_NOTICE.
+ continue;
+ }
+ $key = substr($this->data['openid_' . $alias . '_type_' . $key],
+ strlen('http://axschema.org/'));
+ $attributes[$key] = $value;
+ }
+ return $attributes;
+ }
+
+ protected function getSregAttributes()
+ {
+ $attributes = array();
+ $sreg_to_ax = array_flip(self::$ax_to_sreg);
+ foreach ($this->data as $key => $value) {
+ $keyMatch = 'openid_sreg_';
+ if (substr($key, 0, strlen($keyMatch)) != $keyMatch) {
+ continue;
+ }
+ $key = substr($key, strlen($keyMatch));
+ if (!isset($sreg_to_ax[$key])) {
+ # The field name isn't part of the SREG spec, so we ignore it.
+ continue;
+ }
+ $attributes[$sreg_to_ax[$key]] = $value;
+ }
+ return $attributes;
+ }
+
+ /**
+ * Gets AX/SREG attributes provided by OP. should be used only after successful validaton.
+ * Note that it does not guarantee that any of the required/optional parameters will be present,
+ * or that there will be no other attributes besides those specified.
+ * In other words. OP may provide whatever information it wants to.
+ * * SREG names will be mapped to AX names.
+ * * @return Array Array of attributes with keys being the AX schema names, e.g. 'contact/email'
+ * @see http://www.axschema.org/types/
+ */
+ function getAttributes()
+ {
+ if (isset($this->data['openid_ns'])
+ && $this->data['openid_ns'] == 'http://specs.openid.net/auth/2.0'
+ ) { # OpenID 2.0
+ # We search for both AX and SREG attributes, with AX taking precedence.
+ return $this->getAxAttributes() + $this->getSregAttributes();
+ }
+ return $this->getSregAttributes();
+ }
+}
diff --git a/shell/login.php b/shell/login.php
new file mode 100644
index 0000000..eff6eca
--- /dev/null
+++ b/shell/login.php
@@ -0,0 +1,59 @@
+<?php if (!isset($LTS)) { die(); }
+
+// BEGIN AUTH CODE /////////////////////////////////////////////////////////////
+global $auth_html;
+include_once('lightopenid.php');
+@session_start();
+if ( isset($_SESSION['user']) && ($_SESSION['user']!='') ) {
+ // someone is already logged in
+ if ( isset($_GET['openid_mode']) && ($_GET['openid_mode']=='logout') ) {
+ // logout
+ $auth_html.='<p>'.$_SESSION['user'].' is now logged out</p>';
+ $_SESSION['user']='';
+ } else {
+ $auth_html.='
+ <p>Currently logged in as '.$_SESSION['user'].'.</p>
+ <form action="" method="get">
+ <input type="hidden" name="openid_mode" value="logout" />
+ <input type="submit" value="Log Out" />
+ </form>
+ ';
+ }
+} else {
+ // not already logged in
+ try {
+ if(!isset($_GET['openid_mode'])) {
+ if(isset($_POST['openid_identifier'])) {
+ $openid = new LightOpenID;
+ $openid->identity = $_POST['openid_identifier'];
+ header('Location: ' . $openid->authUrl());
+ }
+ $auth_html.='
+ <form action="" method="post">
+ OpenID: <input type="text" name="openid_identifier" /> <input type="submit" value="Submit" />
+ </form>
+ ';
+ } elseif($_GET['openid_mode'] == 'cancel') {
+ $auth_html.='<p>User has canceled authentication!</p>';
+ } else {
+ $openid = new LightOpenID;
+ if ($openid->validate()) {
+ // is logged in
+ global $users;
+ include_once('passwd.php');
+ if (in_array($openid->identity,$users)) {
+ $_SESSION['user']=$openid->identity;
+ $auth_html.='<p>Welcome, '.$_SESSION['user'].'!</p>';
+ } else {
+ $auth_html.='<p>Authentication was successful, but '.$openid->identity.' is not an authorized user.</p>';
+ }
+ } else {
+ // is not logged in
+ $auth_html.='<p>User '.$openid->identity.' is not logged in </p>';
+ }
+ }
+ } catch(ErrorException $e) {
+ $auth_html.=$e->getMessage();
+ }
+}
+// END AUTH CODE ///////////////////////////////////////////////////////////////
diff --git a/shell/no_magicquotes.php b/shell/no_magicquotes.php
new file mode 100644
index 0000000..f6718eb
--- /dev/null
+++ b/shell/no_magicquotes.php
@@ -0,0 +1,26 @@
+<?php
+/* This was contributed by an awesome anonymous user in the comments section of
+ * the PHP manual on 17-Dec-2006 08:20
+ */
+if (get_magic_quotes_gpc()) {
+ function undoMagicQuotes($array, $topLevel=true) {
+ $newArray = array();
+ foreach($array as $key => $value) {
+ if (!$topLevel) {
+ $key = stripslashes($key);
+ }
+ if (is_array($value)) {
+ $newArray[$key] = undoMagicQuotes($value, false);
+ }
+ else {
+ $newArray[$key] = stripslashes($value);
+ }
+ }
+ return $newArray;
+ }
+ $_GET = undoMagicQuotes($_GET);
+ $_POST = undoMagicQuotes($_POST);
+ $_COOKIE = undoMagicQuotes($_COOKIE);
+ $_REQUEST = undoMagicQuotes($_REQUEST);
+}
+?>
diff --git a/shell/passwd.php b/shell/passwd.php
new file mode 100644
index 0000000..cf6fdaf
--- /dev/null
+++ b/shell/passwd.php
@@ -0,0 +1,6 @@
+<?php global $users; $users = array (
+
+'http://10.10.24.64/1/', // Luke Shumaker (at home)
+'http://lukeshu.ath.cx/1/' // Luke Shumaker (not at home)
+
+); ?>
diff --git a/shell/phpshell.php b/shell/phpshell.php
deleted file mode 100644
index 34a651b..0000000
--- a/shell/phpshell.php
+++ /dev/null
@@ -1,550 +0,0 @@
-<?php // -*- coding: utf-8 -*-
-
-define('PHPSHELL_VERSION', '2.2');
-/*
-
- **************************************************************
- * PHP Shell *
- **************************************************************
-
- PHP Shell is an interactive PHP script that will execute any command
- entered. See the files README, INSTALL, and SECURITY or
- http://phpshell.sourceforge.net/ for further information.
-
- Copyright (C) 2000-2010 the Phpshell-team
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License
- as published by the Free Software Foundation; either version 2
- of the License, or (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You can get a copy of the GNU General Public License from this
- address: http://www.gnu.org/copyleft/gpl.html#SEC1
- You can also write to the Free Software Foundation, Inc., 59 Temple
- Place - Suite 330, Boston, MA 02111-1307, USA.
-
-*/
-
-/* There are no user-configurable settings in this file anymore, please see
- * config.php instead. */
-
-header("Content-Type: text/html; charset=utf-8");
-
-/* This error handler will turn all notices, warnings, and errors into fatal
- * errors, unless they have been suppressed with the @-operator. */
-function error_handler($errno, $errstr, $errfile, $errline, $errcontext) {
- /* The @-operator (used with chdir() below) temporarely makes
- * error_reporting() return zero, and we don't want to die in that case.
- * We do note the error in the output, though. */
- if (error_reporting() == 0) {
- $_SESSION['output'] .= $errstr . "\n";
- } else {
- die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
- "http://www.w3.org/TR/html4/strict.dtd">
-<html>
-<head>
- <title>PHP Shell ' . PHPSHELL_VERSION . '</title>
- <meta http-equiv="Content-Script-Type" content="text/javascript">
- <meta http-equiv="Content-Style-Type" content="text/css">
- <meta name="generator" content="phpshell">
- <link rel="stylesheet" href="style.css" type="text/css">
-</head>
-<body>
- <h1>Fatal Error!</h1>
- <p><b>' . $errstr . '</b></p>
- <p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p>
-
- <hr>
-
- <p>Please consult the <a href="README">README</a>, <a
- href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
- instruction on how to use PHP Shell.</p>
-
- <hr>
-
- <address>
- Copyright &copy; 2000&ndash;2010, the Phpshell-team. Get the latest
- version at <a
- href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
- </address>
-
-</body>
-</html>');
- }
-}
-
-/* Installing our error handler makes PHP die on even the slightest problem.
- * This is what we want in a security critical application like this. */
-set_error_handler('error_handler');
-
-
-function logout() {
- /* Empty the session data, except for the 'authenticated' entry which the
- * rest of the code needs to be able to check. */
- $_SESSION = array('authenticated' => false);
-
- /* Unset the client's cookie, if it has one. */
-// if (isset($_COOKIE[session_name()]))
-// setcookie(session_name(), '', time()-42000, '/');
-
- /* Destroy the session data on the server. This prevents the simple
- * replay attach where one uses the back button to re-authenticate using
- * the old POST data since the server wont know the session then.*/
-// session_destroy();
-}
-
-/* Clear history */
-function clear()
-{
- $_SESSION['output'] = '';
-}
-
-function stripslashes_deep($value) {
- if (is_array($value))
- return array_map('stripslashes_deep', $value);
- else
- return stripslashes($value);
-}
-
-if (get_magic_quotes_gpc())
- $_POST = stripslashes_deep($_POST);
-
-/* Initialize some variables we need again and again. */
-$username = isset($_POST['username']) ? $_POST['username'] : '';
-$password = isset($_POST['password']) ? $_POST['password'] : '';
-$nounce = isset($_POST['nounce']) ? $_POST['nounce'] : '';
-
-$command = isset($_POST['command']) ? $_POST['command'] : '';
-$rows = isset($_POST['rows']) ? $_POST['rows'] : 24;
-$columns = isset($_POST['columns']) ? $_POST['columns'] : 80;
-
-
-/* Load the configuration. */
-$ini = parse_ini_file('config.php', true);
-
-if (empty($ini['settings']))
- $ini['settings'] = array();
-
-/* Default settings --- these settings should always be set to something. */
-$default_settings = array('home-directory' => '.');
-$showeditor = false;
-
-/* Merge settings. */
-$ini['settings'] = array_merge($default_settings, $ini['settings']);
-
-session_start();
-
-/* Delete the session data if the user requested a logout. This leaves the
- * session cookie at the user, but this is not important since we
- * authenticates on $_SESSION['authenticated']. */
-if (isset($_POST['logout']))
- logout();
-
-/* Delete history if submitted */
-if (isset($_POST['clear']))
- clear();
-
-/* Attempt authentication. */
-if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce'] &&
- isset($ini['users'][$username])) {
- if (strchr($ini['users'][$username], ':') === false) {
- // No seperator found, assume this is a password in clear text.
- $_SESSION['authenticated'] = ($ini['users'][$username] == $password);
- } else {
- list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]);
- $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash);
- }
-}
-
-
-/* Enforce default non-authenticated state if the above code didn't set it
- * already. */
-if (!isset($_SESSION['authenticated']))
- $_SESSION['authenticated'] = false;
-
-
-if ($_SESSION['authenticated']) {
- /* Initialize the session variables. */
- if (empty($_SESSION['cwd'])) {
- $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
- $_SESSION['history'] = array();
- $_SESSION['output'] = '';
- }
- /* Clicked on one of the directory links in the working directory - ignore the command */
- if (isset($_POST['levelup'])) {
- $levelup = $_POST['levelup'] ;
- while ($levelup > 0) {
- $command = '' ; /* ignore the command */
- $_SESSION['cwd'] = dirname($_SESSION['cwd']) ;
- $levelup -- ;
- }
- }
- /* Selected a new subdirectory as working directory - ignore the command */
- if (isset($_POST['changedirectory'])) {
- $changedir= $_POST['changedirectory'];
- if (strlen($changedir) > 0) {
- if (@chdir($_SESSION['cwd'] . '/' . $changedir)) {
- $command = '' ; /* ignore the command */
- $_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir) ;
- }
- }
- }
-
- /* Save content from 'editor' */
- if(isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) {
- $filetoedit_handle = fopen($_POST["filetoedit"], "w");
- fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"]));
- fclose($filetoedit_handle);
- }
-
- if (!empty($command)) {
- /* Save the command for late use in the JavaScript. If the command is
- * already in the history, then the old entry is removed before the
- * new entry is put into the list at the front. */
- if (($i = array_search($command, $_SESSION['history'])) !== false)
- unset($_SESSION['history'][$i]);
-
- array_unshift($_SESSION['history'], $command);
-
- /* Now append the commmand to the output. */
- $_SESSION['output'] .= '$ ' . $command . "\n";
-
- /* Initialize the current working directory. */
- if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {
- $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
- } elseif (preg_match('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/', $command, $regs)) {
- /* The current command is a 'cd' command which we have to handle
- * as an internal shell command. */
-
- /* if the directory starts and ends with quotes ("), remove them -
- allows command like 'cd "abc def"' */
- if ((substr($regs[1],0,1) == '"') && (substr($regs[1],-1) =='"') ) {
- $regs[1] = substr($regs[1],1) ;
- $regs[1] = substr($regs[1],0,-1) ;
- }
-
- if ($regs[1]{0} == '/') {
- /* Absolute path, we use it unchanged. */
- $new_dir = $regs[1];
- } else {
- /* Relative path, we append it to the current working
- * directory. */
- $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
- }
-
- /* Transform '/./' into '/' */
- while (strpos($new_dir, '/./') !== false)
- $new_dir = str_replace('/./', '/', $new_dir);
-
- /* Transform '//' into '/' */
- while (strpos($new_dir, '//') !== false)
- $new_dir = str_replace('//', '/', $new_dir);
-
- /* Transform 'x/..' into '' */
- while (preg_match('|/\.\.(?!\.)|', $new_dir))
- $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
-
- if ($new_dir == '') $new_dir = '/';
-
- /* Try to change directory. */
- if (@chdir($new_dir)) {
- $_SESSION['cwd'] = $new_dir;
- } else {
- $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
- }
-
- } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]*$/', $command)) {
- /* You called 'editor' without a filename so you get an short help
- * on how to use the internal 'editor' command */
-
- $_SESSION['output'] .= " Syntax: editor filename\n (you forgot the filename)\n";
-
- } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]+([^;]+)$/', $command, $regs)) {
- /* This is a tiny editor which you can start with 'editor filename' */
- $filetoedit = $regs[1];
- if ($regs[1]{0} != '/') {
- /* relative path, add it to the current working directory.*/
- $filetoedit = $_SESSION['cwd'].'/'.$regs[1];
- } ;
- if(is_file(realpath($filetoedit)) || ! file_exists($filetoedit)) {
- $showeditor = true;
- if(file_exists(realpath($filetoedit)))
- $filetoedit = realpath($filetoedit);
- } else {
- $_SESSION['output'] .= " Syntax: editor filename\n (just regular or not existing files)\n";
- }
-
- } elseif (trim($command) == 'exit') {
- logout();
- } elseif (trim($command) == 'logout') {
- logout();
- } else {
-
- /* The command is not an internal command, so we execute it after
- * changing the directory and save the output. */
- chdir($_SESSION['cwd']);
-
- // We canot use putenv() in safe mode.
- if (!ini_get('safe_mode')) {
- // Advice programs (ls for example) of the terminal size.
- putenv('ROWS=' . $rows);
- putenv('COLUMNS=' . $columns);
- }
-
- /* Alias expansion. */
- $length = strcspn($command, " \t");
- $token = substr($command, 0, $length);
- if (isset($ini['aliases'][$token]))
- $command = $ini['aliases'][$token] . substr($command, $length);
-
- $io = array();
- $p = proc_open($command,
- array(1 => array('pipe', 'w'),
- 2 => array('pipe', 'w')),
- $io);
-
- /* Read output sent to stdout. */
- while (!feof($io[1])) {
- $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
- ENT_COMPAT, 'UTF-8');
- }
- /* Read output sent to stderr. */
- while (!feof($io[2])) {
- $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
- ENT_COMPAT, 'UTF-8');
- }
-
- fclose($io[1]);
- fclose($io[2]);
- proc_close($p);
- }
- }
-
- /* Build the command history for use in the JavaScript */
- if (empty($_SESSION['history'])) {
- $js_command_hist = '""';
- } else {
- $escaped = array_map('addslashes', $_SESSION['history']);
- $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
- }
-}
-
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
- "http://www.w3.org/TR/html4/strict.dtd">
-<html>
-<head>
- <title>PHP Shell <?php echo PHPSHELL_VERSION ?></title>
- <meta http-equiv="Content-Script-Type" content="text/javascript">
- <meta http-equiv="Content-Style-Type" content="text/css">
- <meta name="generator" content="phpshell">
- <link rel="stylesheet" href="style.css" type="text/css">
-
- <script type="text/javascript">
- <?php if ($_SESSION['authenticated'] && ! $showeditor) { ?>
-
- var current_line = 0;
- var command_hist = new Array(<?php echo $js_command_hist ?>);
- var last = 0;
-
- function key(e) {
- if (!e) var e = window.event;
-
- if (e.keyCode == 38 && current_line < command_hist.length-1) {
- command_hist[current_line] = document.shell.command.value;
- current_line++;
- document.shell.command.value = command_hist[current_line];
- }
-
- if (e.keyCode == 40 && current_line > 0) {
- command_hist[current_line] = document.shell.command.value;
- current_line--;
- document.shell.command.value = command_hist[current_line];
- }
-
- }
-
- function init() {
- document.shell.setAttribute("autocomplete", "off");
- document.shell.output.scrollTop = document.shell.output.scrollHeight;
- document.shell.command.focus()
- }
-
- <?php } elseif($_SESSION['authenticated'] && $showeditor) { ?>
-
- function init() {
- document.shell.filecontent.focus();
- }
-
- <?php } else { ?>
-
- function init() {
- document.shell.username.focus();
- }
-
- <?php } ?>
- function levelup(d) {
- document.shell.levelup.value=d ;
- document.shell.submit() ;
- }
- function changesubdir(d) {
- document.shell.changedirectory.value=document.shell.dirselected.value ;
- document.shell.submit() ;
- }
- </script>
-</head>
-
-<body onload="init()">
-
-<h1>PHP Shell <?php echo PHPSHELL_VERSION ?></h1>
-
-<form name="shell" action="<?php print($_SERVER['PHP_SELF']) ?>" method="post">
-<div><input name="levelup" id="levelup" type="hidden"></div>
-<div><input name="changedirectory" id="changedirectory" type="hidden"></div>
-<?php
-if (!$_SESSION['authenticated']) {
- /* Genereate a new nounce every time we preent the login page. This binds
- * each login to a unique hit on the server and prevents the simple replay
- * attack where one uses the back button in the browser to replay the POST
- * data from a login. */
- $_SESSION['nounce'] = mt_rand();
-
-?>
-
-<fieldset>
- <legend>Authentication</legend>
- <?php
- if (!empty($username))
- echo " <p class=\"error\">Login failed, please try again:</p>\n";
- else
- echo " <p>Please login:</p>\n";
- ?>
-
- <label for="username">Username:</label>
- <input name="username" id="username" type="text" value="<?php echo $username
- ?>"><br>
- <label for="password">Password:</label>
- <input name="password" id="password" type="password">
- <p><input type="submit" value="Login"></p>
- <input name="nounce" type="hidden" value="<?php echo $_SESSION['nounce']; ?>">
-
-</fieldset>
-
-<?php } else { /* Authenticated. */ ?>
-<fieldset>
- <legend><?php echo "Phpshell running on: " . $_SERVER['SERVER_NAME']; ?></legend>
-<p>Current Working Directory:
-<span class="pwd"><?php
- if( $showeditor ) {
- echo htmlspecialchars($_SESSION['cwd'], ENT_COMPAT, 'UTF-8') . '</span>';
- } else { /* normal mode - offer navigation via hyperlinks */
- $parts = explode('/', $_SESSION['cwd']);
-
- for($i=1; $i<count($parts); $i=$i+1) {
- echo '<a class="pwd" title="Change to this directory. Your command will not be executed." href="javascript:levelup(' . (count($parts)-$i) . ')">/</a>' ;
- echo htmlspecialchars($parts[$i], ENT_COMPAT, 'UTF-8') ;
- }
- echo '</span>';
- /* Now we make a list of the directories. */
- $dir_handle = opendir($_SESSION['cwd']);
- /* We store the output so that we can sort it later: */
- $options = array();
- /* Run through all the files and directories to find the dirs. */
- while ($dir = readdir($dir_handle)) {
- if (($dir != '.') and ($dir != '..') and is_dir($_SESSION['cwd'] . "/" . $dir)) {
- $options[$dir] = "<option value=\"/$dir\">$dir</option>";
- }
- }
- closedir($dir_handle);
- if (count($options)>0) {
- ksort($options);
- echo '<br><a href="javascript:changesubdir()">Change to subdirectory</a>: <select name="dirselected">';
- echo implode("\n", $options);
- echo '</select>';
- }
- }
-?>
-<br>
-
- <?php if(! $showeditor) { /* Outputs the 'terminal' without the editor */ ?>
-
-<div id="terminal">
-<textarea name="output" readonly="readonly" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">
-<?php
-$lines = substr_count($_SESSION['output'], "\n");
-$padding = str_repeat("\n", max(0, $rows+1 - $lines));
-echo rtrim($padding . $_SESSION['output']);
-?>
-</textarea>
-<p id="prompt">
- $&nbsp;<input name="command" type="text"
- onkeyup="key(event)" size="<?php echo $columns-2 ?>" tabindex="1">
-</p>
-</div>
-
- <?php } else { /* Output the 'editor' */ ?>
- <?php print("You are editing this file: ".$filetoedit); ?>
-
-<div id="terminal">
-<textarea name="filecontent" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">
-<?php
- if(file_exists($filetoedit)) {
- print(htmlspecialchars(str_replace("%0D%0D%0A", "%0D%0A", file_get_contents($filetoedit))));
- }
-?>
-</textarea>
-</div>
-
-<?php } /* End of terminal */ ?>
-
-<p>
-<?php if(! $showeditor) { /* You can not resize the textarea while
- * the editor is 'running', because if you would
- * do so you would lose the changes you have
- * already made in the textarea since last saving */
-?>
- <span style="float: right">Size: <input type="text" name="rows" size="2"
- maxlength="3" value="<?php echo $rows ?>"> &times; <input type="text"
- name="columns" size="2" maxlength="3" value="<?php echo $columns
- ?>"></span>
-<?php } ?>
-
-
-<?php if(! $showeditor) { /* for normal 'non-editor-mode' */ ?>
-<input type="submit" value="Execute Command">
-<input type="submit" name="clear" value="Clear">
-<?php } else { /* for 'editor-mode' */ ?>
-<input type="hidden" name="filetoedit" id="filetoedit" value="<?php print($filetoedit) ?>">
-<input type="submit" value="Save and Exit">
-<input type="reset" value="Undo all Changes">
-<input type="submit" value="Exit without saving" onclick="javascript:document.getElementById('filetoedit').value='';return true;">
-<?php } ?>
-
- <input type="submit" name="logout" value="Logout">
-</p>
-</fieldset>
-
-<?php } ?>
-
-</form>
-
-<hr>
-
-<p>Please consult the <a href="README">README</a>, <a
-href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
-instruction on how to use PHP Shell.</p>
-<p>If you have not created accounts for phpshell, please use <a href="pwhash.php">pwhash.php</a> to create secure passwords.</p>
-
-<hr>
-<address>
-Copyright &copy; 2000&ndash;2010, the Phpshell-team. Get the
-latest version at <a
-href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
-</address>
-</body>
-</html>
diff --git a/shell/pwhash.php b/shell/pwhash.php
deleted file mode 100644
index 08e8171..0000000
--- a/shell/pwhash.php
+++ /dev/null
@@ -1,107 +0,0 @@
-<?php
-/*
- * pwhash.php file for PHP Shell
- * Copyright (C) 2005-2010 the Phpshell-team
- * Licensed under the GNU GPL. See the file COPYING for details.
- *
- */
-
-define('PHPSHELL_VERSION', '2.2');
-
-function stripslashes_deep($value) {
- if (is_array($value))
- return array_map('stripslashes_deep', $value);
- else
- return stripslashes($value);
-}
-
-if (get_magic_quotes_gpc())
- $_POST = stripslashes_deep($_POST);
-
-$username = isset($_POST['username']) ? $_POST['username'] : '';
-$password = isset($_POST['password']) ? $_POST['password'] : '';
-
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
- "http://www.w3.org/TR/html4/strict.dtd">
-<html>
-<head>
- <title>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></title>
- <meta http-equiv="Content-Script-Type" content="text/javascript">
- <meta http-equiv="Content-Style-Type" content="text/css">
- <meta name="generator" content="phpshell">
- <link rel="stylesheet" href="style.css" type="text/css">
-</head>
-
-<body>
-
-<h1>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></h1>
-
-<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
-
-<fieldset>
- <legend>Username</legend>
- <input name="username" type="text" value="<?php echo $username ?>">
-</fieldset>
-
-<fieldset>
- <legend>Password</legend>
- <input name="password" type="text" value="<?php echo $password ?>">
-</fieldset>
-
-<fieldset>
- <legend>Result</legend>
-
-<?php
-if ($username == '' || $password == '') {
- echo " <p><i>Enter a username and a password and update.</i></p>\n";
-} else {
-
- $u = strtolower($username);
-
- if (preg_match('/[[ |&~!()]/', $u) || $u == 'null' ||
- $u == 'yes' || $u == 'no' || $u == 'true' || $u == 'false') {
-
- echo ' <p class="error">Your username cannot contain any of the following reserved
- word: "<tt>null</tt>", "<tt>yes</tt>", "<tt>no</tt>", "<tt>true</tt>", or
- "<tt>false</tt>". The following characters are also prohibited:
- "<tt>&nbsp;</tt>" (space), "<tt>[</tt>" (left bracket), "<tt>|</tt>" (pipe),
- "<tt>&</tt>" (ampersand), "<tt>~</tt>" (tilde), "<tt>!</tt>" (exclamation
- mark), "<tt>(</tt>" (left parenthesis), or "<tt>)</tt>" (right
- parenthesis).</p>' . "\n";
-
- echo ' <p>Please choose another username and try again.</p>' . "\n";
-
- } else {
- echo " <p>Write the following line into <tt>config.php</tt> " .
- "in the <tt>users</tt> section:</p>\n";
-
- if ( function_exists('sha1') ) { $fkt = 'sha1' ; } else { $fkt = 'md5' ; } ;
- $salt = dechex(mt_rand());
-
- $hash = $fkt . ':' . $salt . ':' . $fkt($salt . $password);
-
- echo "<pre>\n";
- echo htmlentities(str_pad($username, 8) . ' = "' . $hash . '"') . "\n";
- echo "</pre>\n";
- }
-}
-?>
-
-<p><input type="submit" value="Update"></p>
-
-</fieldset>
-
-</form>
-
-
-<hr>
-
-<address>
- Copyright &copy; the Phpshell-team, please see <a href="AUTHORS">AUTHORS</a>.
- This is PHP Shell <?php echo PHPSHELL_VERSION ?>, get the latest version at <a
- href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
-</address>
-
-</body>
-</html>
diff --git a/shell/shell.php b/shell/shell.php
new file mode 100644
index 0000000..7ad8ae2
--- /dev/null
+++ b/shell/shell.php
@@ -0,0 +1,28 @@
+<?php if (!isset($LTS)) { die(); }
+
+ include('exec.php');
+ if (isset($_POST['stddest'])) {
+ $_POST['c'] = $_POST['stddest'];
+ }
+ if ($_POST['c'] == 'clear') {
+ $term = '';
+ } else {
+ ob_start();
+ echo $_POST['t'];
+ echo $_POST['c']."\n";
+ php_exec($_POST['c'],$_POST['d']);
+ echo '$ ';
+ $term = ob_get_contents();
+ ob_end_clean();
+ }
+?>
+<div class="term"><?php
+ ?><form action="<?php echo $_SERVER['PHP_SELF'];?>#prompt" method="post"><?php
+ php_chdir('.');
+ echo $term;
+ echo $sh;
+ ?><input id="prompt" type="text" name="c" /><?php
+ ?><textarea name="t" class="hidden" readonly="readonly"><?php echo preg_replace('/<[^>]*>/','',$term); ?></textarea><?php
+ ?></form><?php
+?></div>
+</form>
diff --git a/shell/style.css b/shell/style.css
index f84afb4..3206cc4 100644
--- a/shell/style.css
+++ b/shell/style.css
@@ -1,74 +1,41 @@
-/* style.css file for PHP Shell
- * Copyright (C) 2003-2010 the Phpshell-team
- * Licensed under the GNU GPL. See the file COPYING for details.
- *
- */
-
body {
- font-family: sans-serif;
- color: black;
- background: white;
-}
-
-h1 {
- color: red;
- background: white;
-}
-
-img {
- border: none;
-}
-
-div#terminal {
- border: inset 2px red;
- padding: 2px;
- margin-top: 0.5em;
-}
-
-div#terminal textarea {
- font-size: 100%;
- width: 100%;
- border: none;
-}
-
-p {
- margin-top: 0.5em;
- margin-bottom: 0.5em;
-}
-
-p#prompt {
- font-family: monospace;
- margin: 0px;
-}
-
-p#prompt input {
- border: none;
- font-family: monospace;
-}
-
-legend {
- padding-right: 0.5em;
-}
-
-fieldset {
- padding: 0.5em;
-}
-
-.error {
- color: red;
-}
-
-div.warning {
- background-color: rgb(255, 150, 150);
- border: medium solid rgb(255, 60, 60);
- padding: 0.5em;
- margin: 0.25em;
-}
-.pwd {
- font-family: monospace;
- padding: 0.5em;
- margin: 0.25em;
-}
-a.pwd {
- font-weight: bold;
+ background-color: black;
+ color: white;
+}
+.login {
+ border: solid 2px white;
+ background: #555555;
+ position: fixed;
+ top: 0; right:0;
+}
+.term {
+ display:block;
+}
+.term, .term * {
+ background-color: black;
+ color: white;
+ white-space: pre-wrap;
+ font-family: monospace;
+ border: none;
+ font-size: 1em;
+}
+.hidden {
+ display:none;
+}
+.term input[type=text],
+.term input[type=text]:focus {
+ height:1em;
+ width: 78em;
+ margin:0; padding:0; border:none;
+}
+.editor {
+ background: #AAAAAA;
+ padding:2em 1em;
+ width: 100%;
+ color: black;
+ height: 24em;
+}
+.editor textarea { width: 90%; height: 22em; }
+form {
+ display: inline;
}