This directory was identified as ltshell-2.2-1. I think it is rebranded phpshell-2.2.

12 files changed, 1913 insertions, 0 deletions

diff --git a/ltshell.php b/ltshell.php
new file mode 100644
index 0000000..fb1eee7
--- /dev/null
+++ b/ltshell.php
@@ -0,0 +1,12 @@
+<?php
+/*
+Plugin Name: LTS WebShell
+Plugin URI: http://lukeshu.ath.cx/1/src/
+Description: A web shell (phpshell-2.2)
+Version: 2.2-1
+Author: Luke Shumaker
+Author URI: http://lukeshu.ath.cx/1/src/
+License: GPL2
+*/
+?>
+
diff --git a/shell/AUTHORS b/shell/AUTHORS
new file mode 100644
index 0000000..4a4aa51
--- /dev/null
+++ b/shell/AUTHORS
@@ -0,0 +1,40 @@
+AUTHORS file for PHP Shell
+Copyright (C) 2000-2010 the Phpshell-team
+Licensed under the GNU GPL.  See the file COPYING for details.
+
+
+Current maintainer: Wolfgang Dautermann <dauti@users.sourceforge.net>
+Original author: Martin Geisler <mgeisler@mgeisler.net>
+
+Thanks goes to all these persons who have helped:
+
+richard@joffray.com
+  Fixed a problem the list of directories, if one accessed the
+  root-directory.
+
+Robert Niess <sturm@i-st.net>
+  Made me aware of a security hole in the handling of stderr-trapping.
+
+Gerry Calderhead <caldergf@everythingsucks.co.uk>
+  Patch for PHP 4.2.0 where register_globals are turned off.
+
+Jeremy Miller <JMiller@marketaxess.com>
+  Suggested that one could use Sudo from
+
+    http://www.courtesan.com/sudo/
+
+  to let PHP Shell execute code with different privileges than the
+  webserver.
+
+Michael Zech <keldrin@web.de>
+  Patch to make the stderr-checkbox remember it's state.
+
+Wolfgang Dautermann <dauti@users.sourceforge.net>
+  Multiple patches, including the sorting of directory entries in the
+  drop down box.
+  
+Natan Bueno Ungethuem
+  Patch for PHP 5.X because the function ereg was deprecated
+  
+Tobias Unger
+  AddOn including an Editor ("vim") for PHP-Shell 2.1.
diff --git a/shell/COPYING b/shell/COPYING
new file mode 100644
index 0000000..f90922e
--- /dev/null
+++ b/shell/COPYING
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/shell/ChangeLog b/shell/ChangeLog
new file mode 100644
index 0000000..945c737
--- /dev/null
+++ b/shell/ChangeLog
@@ -0,0 +1,225 @@
+2010-11-29  Wolfgang Dautermann
+    * Reimplemented the feature to change to subdirectorys using mouseclicks (was available in older version)
+
+2010-11-21  Wolfgang Dautermann
+    * One can navigate to higher level directories using hyperlinks.
+
+2010-11-05  Wolfgang Dautermann
+    * Use SHA1 password hashing if possible. Changed project links to http://phpshell.sourceforge.net/
+
+2010-01-30  Natan Bueno <natan.bueno@gmail.com>
+    * phpshell.php
+	Added AddOn to editor "vim".  
+
+2010-01-15  Natan Bueno <natan.bueno@gmail.com>
+    * phpshell.php
+	Replaced deprecated function ereg by the function preg_match
+
+2005-12-27  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* phpshell.php:
+	Added code to prevent simple replay attacks by only accepting each
+	login form once.
+	
+2005-12-25  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* INSTALL: Information about the new internal configuration.
+	
+	* phpshell.php: Made authentication internal.
+
+	* SECURITY: New file.
+
+	* config.php: New file.
+
+	* style.css: New file.  Renamed from phpshell.css.
+
+2004-03-27  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* phpshell.php 1.29: Removed debug output.
+
+	* README 1.11: Updated documentation for new cool shell-like interface.
+
+	* INSTALL 1.5:
+	Updated documentation about the command substitution using alises.
+
+	* phpshell.css 1.2:
+	New styles to make the textarea and input box blend together.
+
+	* phpshell.php 1.28: A little documentation for the alias feature.
+
+	* phpshell.php 1.27:
+	The shell now looks and behaves much more like a real shell: the shell
+	now has a commandline history just like a real shell.
+
+	The parsing of 'cd' commands have been rewritten so that even more
+	special cases are taken care of, and simple command substitution using
+	aliases have been introduced.
+
+2004-03-24  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* phpshell.php 1.26:
+	Increased year of copyright to 2004.  Fixed the references to the PNG
+	images, as pointed out by Michael Z. Bell.
+
+2003-11-11  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* AUTHORS 1.6:
+	Added Wolfgang Dautermann <dauti@users.sourceforge.net>.
+
+	* phpshell.php 1.25:
+	Ups, I commited with $passwd = array('foo' => 'bar').
+
+	* phpshell.php 1.24:
+	Wolfgang Dautermann <dauti@users.sourceforge.net> suggested
+	that the directory list should be sorted.
+
+	Also, changing directory through symbolic links now works as expected,
+	so that it's possible to go back using 'cd ..'.
+
+2003-04-01  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* INSTALL 1.4:
+	New instructions on how to change the username and password.
+
+	* README 1.10:
+	Updated to be in sync with new instructions on how the password
+	protection works.
+
+	* phpshell.css 1.1: New file.
+
+	* phpshell.php 1.23:
+	Updated to use XHTML 1.0 Strict and the $_* variables in PHP
+	4.1.0. This effectively breaks compatibility with earlier versions of
+	PHP. If you cannot upgrade your PHP installation (you really should
+	consider upgrading to get hold of the latest security and bug fixes)
+	when just use PhpShell version 1.7 --- there's no new functionality in
+	this release.
+
+	* COPYING 1.1: New file.
+
+	* phpshell.php 1.22: Changed PHP Shell into PhpShell.
+
+	* phpshell.php 1.21: Added HTTP basic authentication to the script.
+
+	* AUTHORS 1.5: Moved Jeremy Miller <JMiller@marketaxess.com>.
+
+	* phpshell.php 1.20: Updated version.
+
+	* AUTHORS 1.4, phpshell.php 1.19:
+	Applied patch from Michael Zech <keldrin@web.de> that made the
+	stderr-checkbox remember it's state.
+
+2002-09-18  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* phpshell.php 1.18:
+	Use the directory of phpshell.php as the default working directory.
+
+	* AUTHORS 1.3: Added Gerry Calderhead <caldergf@everythingsucks.co.uk>.
+
+	* phpshell.php 1.17:
+	PHP Shell now works on PHP 4.2.0 with register_globals turned off.
+
+2002-06-10  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* INSTALL 1.3: Added a section about Safe Mode in PHP.
+
+	* README 1.9:
+	Added a section about Safe Mode in PHP. Also fixed a lot of spelling
+	errors.
+
+2002-03-23  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* README 1.8: Added a version number to the file.
+
+	* AUTHORS 1.2: Added a notice about Robert Niess <sturm@i-st.net>.
+
+	* phpshell.php 1.16:
+	Added a PHPSHELL_VERSION constant. Also, when using stderr-trapping,
+	we now use a unique filename as returned by tempnam() - Robert Niess
+	<sturm@i-st.net> made me aware of this, thanks.
+
+	* phpshell.php 1.15: Small changes in the layout.
+
+	* phpshell.php 1.14:
+	Updated copyright statements - they were getting quite old :-)
+
+	* README 1.7:
+	Added a tip from Jeremy Miller <JMiller@marketaxess.com> about how to
+	use PHP Shell together with Sudo to execute code as another user.
+
+2001-12-10  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* phpshell.php 1.13:
+	I found out that 'ls -F' produced better output than 'ls -p'.
+
+	* README 1.6: Told people about the rewriting of 'ls' into 'ls -F'
+
+	* phpshell.php 1.12:
+	You can now travel through the filesystem by using the normal 'cd'
+	command. If your command involves 'cd', it will be intercepted and the
+	current working directory will be changed accordingly.
+
+	* README 1.5: Updated the documentation a bit.
+
+2001-02-11  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* phpshell.php 1.11:
+	Another suggestion from Thomas Langen <langen@langensoft.de>: some
+	people can't use the .php extension, so now the script uses $PHP_SELF
+	instead.
+
+	* phpshell.php 1.10:
+	Expanded all PHP start-tags (<?) to <?php, as suggested by Thomas
+	Langen <langen@langensoft.de>.
+
+2000-11-20  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* AUTHORS 1.1: New file.
+
+	* phpshell.php 1.9:
+	Applied a patch from richard@joffray.com which fixed a problem with
+	accessing the root-directory.
+
+2000-09-24  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* phpshell.php 1.8: Removed a debug-comment.
+
+2000-09-09  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* README 1.4: Expanded the brief explanation at the top.
+
+	* README 1.3: Ups, I forgot to make a description of sample.htaccess.
+
+	* README 1.2:
+	Added a description of all the files found in the tarball.
+
+	* INSTALL 1.2: Made BUGS lowercase.
+
+	* INSTALL 1.1, README 1.1: New file.
+
+	* phpshell.php 1.7:
+	Removed 'Martin Geisler' from the title, putting my name on the bottom
+	of the page ought to be enough :-)
+
+2000-08-06  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* phpshell.php 1.6:
+	Added a link to gimpster.com at the bottom of the page
+
+2000-08-05  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* phpshell.php 1.5:
+	Removed references to php3 - I now use php4 so all my files end with
+	just a '.php'
+
+2000-06-21  Martin Geisler  <mgeisler@mgeisler.net>
+
+	* phpshell.php 1.4:
+	Fix - there were still references to the old name: shell.php3.
+
+	* phpshell.php 1.3: Workaround for stderr-trapping. Seams to work...
+
+	* phpshell.php 1.2: Initial commit
+
+	* phpshell.php 1.1: New file.
+
diff --git a/shell/INSTALL b/shell/INSTALL
new file mode 100644
index 0000000..8d20f4b
--- /dev/null
+++ b/shell/INSTALL
@@ -0,0 +1,110 @@
+INSTALL file for PHP Shell
+Copyright (C) 2000-2010 the Phpshell-team
+Licensed under the GNU GPL.  See the file COPYING for details.
+
+
+Downloading PHP Shell
+=====================
+
+You can always get the latest version of PHP Shell from:
+
+  http://phpshell.sourceforge.net/
+
+
+
+Installation
+============
+
+Installation is easy: first unpack the tarball or zipfile downloaded
+from the above website into your webserver.  This will create a
+subdirectory called phpshell-@VERSION@ for PHP Shell version @VERSION@.
+
+Try loading the file ``phpshell.php`` in your browser and check that
+you are served a page that asks you to authenticate yourself with a
+username and a password.  If you do not see such a page, then please
+check that you have entered the URL correctly and that PHP is working
+on your server.
+
+
+
+Configuration
+=============
+
+All configuration happens in the ``config.php`` file.  This is an
+ini-file despite its name.  Ini-files consist of a number of sections,
+each containing a number of 'key = "value"' pairs.  PHP Shell has tree
+sections: '[users]' for configuring usernames and passwords,
+'[aliases]' for configuring shell aliases, and '[settings]' for
+general settings.
+
+
+Setting usernames and passwords
+-------------------------------
+
+As a security precaution PHP Shell has no default username and
+password (people often forget to change them...).  To add the user
+"alice" with password "secret" you simply add
+
+  [users]
+  alice = "secret"
+
+to the file.  Note that you can add as many users as you want by
+simply adding more lines like this.
+
+This system works, but there is a better way --- a way so that the
+password does not appear in clear text in the file.  For that you use
+the supplied script ``pwhash.php`` to generate a hashed password.
+Please see the instructions given in ``pwhash.php``.
+
+With the above example the result could look like
+
+  [users]
+  alice    = "sha1:1a4861:a8640981d2a5f9452c75a7bb0491eac3ecd8bdc3"
+
+You will not get exactly the same line if you try it out, this is a
+feature of the system which means that both "alice" and "bob" could
+have "secret" as their password, and you would not be able to tell
+from just looking at ``config.php``.
+
+
+Shell Aliases
+-------------
+
+As in a normal shell, PHP Shell supports alias expansion, albeit in a
+simple form.  Aliases are defined by 'key = "value"' pairs in the
+'[aliases]' section.  The "key" will be matched against the first
+token of the command line and substituted with the "value" given.
+
+Two convenient aliases are already defined:
+
+  [aliases]
+  ls = "ls -CvhF"
+  ll = "ls -lvhF"
+
+
+General Settings
+----------------
+
+PHP has just one other setting right now --- the home directory.
+Change this in the '[settings]' section.
+
+
+
+Bugs?  Comments?
+================
+
+If you find a bug or miss something in PHP Shell, please take a look
+at the Tracker System at SourceForge:
+
+  http://sourceforge.net/tracker/?group_id=156638
+
+There you will find trackers for Bugs, Patches, and Feature Requests.
+You are invited to add items to these so that they wont get lost.
+
+You can also email the development list, found at:
+
+  https://lists.sourceforge.net/lists/listinfo/phpshell-devel
+
+This list is for discussion about all things PHP Shell and it is a
+good place to discuss a feature or bug before adding it to one of the
+SourceForge trackers.
diff --git a/shell/README b/shell/README
new file mode 100644
index 0000000..870d661
--- /dev/null
+++ b/shell/README
@@ -0,0 +1,174 @@
+README file for PHP Shell
+Copyright (C) 2000-2010 the Phpshell-team
+Licensed under the GNU GPL.  See the file COPYING for details.
+
+What is PHP Shell?
+==================
+
+PHP Shell is a shell wrapped in a PHP script.  It's a tool you can use
+to execute arbitrary shell-commands or browse the filesystem on your
+remote webserver.  This replaces, to a degree, a normal
+telnet-connection.
+
+You use it for administration and maintenance of your website, which
+is often much easier to do if you can work directly on the server.
+For example, you could use PHP Shell to unpack and move big files
+around.  All the normal command line programs like ps, free, du, df,
+etc... can be used.
+ 
+
+Limitations
+===========
+
+There are some limitations on what kind of programs you can run.  It
+won't do no good if you start a graphical program like Firefox or even
+a console based one like vi.  All programs have to be strictly command
+line programs, and they will have no chance of getting user input
+after they have been lunched.
+
+They probably also have to terminate within 30 seconds, as this is the
+default time-limit imposed unto all PHP scripts, to prevent them from
+running in an infinite loop.  Your ISP may have set this time-limit to
+something else.
+
+But you can rely on all the normal shell-functionality, like pipes,
+output and input redirection, etc...  (There is no <tab>-completion,
+though :-)
+
+
+Safe Mode
+=========
+
+Safe Mode is the nemisis of PHP Shell.  If PHP is running in Safe Mode
+then PHP Shell will normally not work --- sorry.  Please read the
+detailed explanation in the SECURITY file.
+
+
+Who am I?
+=========
+
+You may not be the same user when using PHP Shell, as you are when you
+upload your files with FTP.  On some systems you will be ``nobody``,
+on other systems you will become ``httpd`` or ``www-data``.  This is a
+rather dangerous "feature" of the way PHP is run by the webserver.  A
+possible effect of this is that you might end up creating files using
+PHP Shell which you cannot delete afterwards using FTP and maybe not
+even using PHP Shell.  Strange, but true :-)
+
+If you want to execute code as different user, then it's possible to
+do so by using the Sudo program available from this address:
+
+  http://www.courtesan.com/sudo/
+
+The trick is to configure Sudo to allow the user running the webserver
+to execute certain commands as a more privileged user.  This will have
+to be done by the administrator of the server.  Please refer to the
+documentation for Sudo for further information about doing this.
+
+
+How to Use It
+=============
+
+When you point your browser at PHP Shell you will be asked to
+authenticate yourself.  By default no username/password will work, so
+please go read INSTALL for information about adding a user.
+
+You're back?  Good.  Enter your username and password and press
+the "Login" button.
+
+You will then be presented with a rather simple page containing
+nothing much except a big window with the cursor blinking at the
+bottom, signaling that it's ready to obey your commands.
+
+Write a command and press ENTER --- or alternatively, press the 'Execute
+Command' button if you really want.  The command will be executed and
+the result will be shows in the terminal.  You can now enter another
+command.
+
+To be more precise: the terminal is updated with the command line you
+have just executed, the output of the command to standard out
+(stdout), and following that any error output sent to stderr.
+
+The commands are executed relative to a current working directory,
+which is written at the top.  You change this by the normal 'cd'
+command (or by selecting a other working directory using the links).
+
+The commands must also be complete, so you cannot enter a multiline command:
+$ for i in a b c ; do
+> echo $i
+> done
+However, in one line it is allowed: for i in a b c ; do echo $i ; done
+
+Variables are also not preserved between the commands, so
+$ A=1
+$ echo $A
+will output 0 instead of 1. But in one line it works as expected:
+$ A=1 ; echo $A
+will give you the expected result: 1
+
+Alternatives
+============
+
+An incomplete list of alternatives to PHP Shell would be:
+
+* SSH. The Secure Shell is the standard solution to the problem that
+  PHP Shell tries to solve. SSH lets you login to a remote system in a
+  secure way where the traffic and password is encrypted at all
+  times. You can also upload and download files securely and make
+  encrypted TCP tunnels.
+
+  If your host supports SSH then use it and forget about PHP Shell or
+  any other solution.
+
+* Telnet. This is the old way to obtain an interactive login on a
+  remote system. Unfortunately telnet is insecure since the password
+  and subsequent traffic are sent in clear text. SSH was developed
+  precisely to replace telnet. The advantage of telnet over PHP Shell
+  is that it gives you an interactive session.
+
+* See more alternatives at the Anyterm homepage:
+
+    http://anyterm.org/compared.html
+
+
+Download
+========
+
+You can download the newest version of PHP Shell from
+
+  http://phpshell.sourceforge.net/
+
+The tarball/zipfile contains these files:
+
+phpshell.php
+  This is the script you run when you use PHP Shell.
+
+pwhash.php
+  A utility used to generate a hashed password.  Please read INSTALL
+  for more information.  This file poses no security risk.
+
+ChangeLog
+  This file describe the changes I've made to PHP Shell.  By reading
+  it you'll always know when I've added a new feature or made a
+  bugfix, and the nature of the feature/bugfix.
+
+README
+  This file! :-)
+
+INSTALL
+  Tells you how to install PHP Shell.  Among other things, it
+  explains how to change the password protection so that you can use
+  PHP Shell.
+
+  Remember that it's very important to have PHP Shell password
+  protected, or else everybody will be able so snoop into your files
+  and perhaps also be able to delete them!  Please take the time to
+  protect your installation of PHP Shell.
+
+SECURITY
+  A separate guide about security with PHP in general and PHP Shell in
+  particular.  Be sure to read this too, especially if you are getting
+  strange errors back from PHP Shell.
+
+COPYING
+  Standard GNU GPL.
diff --git a/shell/SECURITY b/shell/SECURITY
new file mode 100644
index 0000000..888c554
--- /dev/null
+++ b/shell/SECURITY
@@ -0,0 +1,141 @@
+SECURITY file for PHP Shell
+Copyright (C) 2005-2010 the Phpshell-team
+Licensed under the GNU GPL.  See the file COPYING for details.
+
+
+PHP Security
+============
+
+Installing PHP on your server is an inherently dangerous thing to do,
+somewhat similar to the danger one faces when one buys a car: it might
+kill you if you have an accident.  On the other hand a car makes so
+many things so much more convenient, so most people are willing to
+accept the risk of accidents.
+
+Likewise, PHP is a powerful tool which will let you build your
+webpages easier and faster than without.  But it is a *very* powerful
+tool --- PHP is a full programming language which can be used for
+general purpose programming and not just to format HTML for display in
+a browser.
+
+So PHP has support for reading and writing files on the filesystem.
+But PHP also has support for *deleting* files.  PHP even has support
+for executing other programs.  In other words, PHP has lots of support
+for interacting with the rest of the computer it runs on.  This
+interaction is potentially much more powerful than you want it to, and
+this can be a problem if this power ends up in the wrong hands.
+
+
+What about Safe Mode?
+---------------------
+
+As they note in the PHP manual, Safe Mode is an inherently wrong way
+to secure PHP, but is nevertheless used in many installations.
+Turning Safe Mode on in PHP basically tries to restrict the language
+and its functions to make it "safe".
+
+This involves a strict check on file ownership so that PHP wont
+operate on files and directories which are not owned by the owner of
+the current script.  Other restrictions in Safe Mode include limits on
+which files can be executed and includes (thus making a primitive form
+of chroot or jail around the PHP script).
+
+PHP Shell is made mostly useless with Safe Mode since it restricts the
+two commands that PHP Shell uses: ``chdir()`` and ``proc_open()``:
+
+* With Safe Mode you cannot change to a directory unless you are the
+  owner of that directory.  This means that you cannot change to, say,
+  ``/etc`` since ``root`` own that directory.
+
+  You'll see this when 'cd /etc' results in this error from PHP Shell:
+
+    chdir(): SAFE MODE Restriction in effect.  The script whose uid is
+    500 is not allowed to access /etc owned by uid 0
+    cd: could not change to: /etc
+
+* When Safe Mode is active, PHP forces the argument to ``proc_open()``
+  to be escaped, which means that you cannot use normal shell
+  wildcards, pipes or any such stuff.
+
+  So if you enter 'ls *.txt' in a directory where you know for certain
+  that there is a text file ending in '.txt', you will get the
+  following error:
+
+    /bin/ls: *.txt: No such file or directory
+
+  This is because PHP has silently changed the command into 'ls
+  \*.txt' to disable the wildcard.
+
+* You cannot execute programs unless they are placed in a directory
+  listed in ``safe_mode_exec_dir``.  Say you want to execute the
+  program ``tr`` (which translates between sets of characters) and you
+  get this strange messages back:
+
+    sh: line 1: /bin/tr: No such file or directory
+
+  Then you have a problem with the ``safe_mode_exec_dir`` setting.  In
+  this case ``safe_mode_exec_dir`` is set to just ``/bin`` and so PHP
+  has forced the shell to execute ``/bin/tr`` and since ``tr`` is
+  installed in ``/usr/bin`` it could not be found.
+
+  If you have write access to a directory listed in
+  ``safe_mode_exec_dir``, then try copying the wanted program there
+  first.  Executing it should now work.
+
+
+Even without enabling Safe Mode some functions might have been
+disabled via the ``disabled_functions`` setting.  If the
+``proc_open()`` function used by PHP Shell has been disabled, then you
+will see an error like this:
+
+    Fatal Error!
+
+    proc_open() has been disabled for security reasons
+
+    in /path/to/your/installation/phpshell.php, line 221.
+
+
+
+PHP Shell Security
+==================
+
+As noted above, PHP is a powerful tool --- how does PHP Shell fit into
+this?  PHP Shell is actually quite simple and does one thing: it uses
+the standard PHP function ``proc_open()`` to execute programs.
+
+Executing other programs is probably the most powerful thing you can
+do in PHP, and so PHP Shell gives you a convenient interface to this
+the most powerful feature of PHP.  Nothing more.
+
+
+Is PHP Shell Dangerous?
+-----------------------
+
+Short answer: *yes*!  PHP Shell has been used in the past by people
+with not-so-good intentions to destroy valuable content on servers.
+
+The longer answer is that installing PHP Shell is like building a new
+door in your house --- if you leave it unlocked, then people can (and
+probably will!)  walk into it and steal your possessions.  So you want
+to lock it, and make sure you use a good lock.
+
+With PHP Shell that is equivalent of using a secure password.  A
+secure password is one which is hard to guess (make it long, make it
+random, and put both numbers, special characters and normal letters in
+it).
+
+  Remember that guessing the password is all that stands between the
+  crackers and your files!
+
+If you use a good password, then PHP Shell does not make your system
+any more insecure than it already was.  Security is always a matter of
+finding the weakest link in the chain: if you use FTP with a simple
+password for updating your site, then it would be much easier for the
+crackers to attack that instead of trying to guess your super-hard PHP
+Shell password.  So make sure that you tighten security on all fronts
+you know of.
+
+
+If you have comments or suggestions for improvements to this little
+guide in system security, then please do not hesitate to contact the
+author at <mgeisler@mgeisler.net>.
diff --git a/shell/config.php b/shell/config.php
new file mode 100644
index 0000000..843069b
--- /dev/null
+++ b/shell/config.php
@@ -0,0 +1,71 @@
+; <?php die('Forbidden'); ?>  -*- conf -*-
+; Do not remove the above line, it is all that prevents this file from
+; being downloaded.
+;
+; config.php file for PHP Shell
+; Copyright (C) 2005-2010 the Phpshell-team
+; Licensed under the GNU GPL.  See the file COPYING for details.
+
+; This ini-file has three parts:
+;
+; * [users] where you add usernames and passwords to give users access
+;   to PHP Shell.
+;
+; * [aliases] where you can configure shell aliases.
+;
+; * [settings] where general settings are placed.
+
+
+[users]
+
+luke = "sha1:da6c3f7:1c125210c15b45a083e77674693ceda9dc4750f3"
+
+; The default configuration has no users defined, you have to add your
+; own (choose good passwords!).  Add uses as simple
+;
+;   username = "password"
+;
+; lines.  Please quote your password using double-quotes as shown.
+; The semi-colon ':' is a reserved character, so do *not* use that in
+; your passwords.
+;
+; For improved security it is *strongly suggested* that you the
+; pwhash.php script to generate a hashed password and store that
+; instead of the normal clear text password.  Keeping your passwords
+; in hashed form ensures that they cannot be found, even if this file
+; is disclosed.  The passwords are still visible in clear text during
+; the login, though.  Please follow the instructions given in
+; pwhash.php.
+
+
+
+[aliases]
+
+; Alias expansion.  Change the two examples as needed and add your own
+; favorites --- feel free to suggest more defaults!  The command line
+; you enter will only be expanded on the very first token and only
+; once, so having 'ls' expand into 'ls -CvhF' does not cause an
+; infinite recursion.
+
+ls = "ls -CvhF"
+ll = "ls -lvhF"
+
+
+
+[settings]
+
+; General settings for PHP Shell.
+
+; Home directory.  PHP Shell will change to this directory upon
+; startup and whenever a bare 'cd' command is given.  This can be an
+; absolute path or a path relative to the PHP Shell installation
+; directory.
+
+home-directory = "."
+
+; Safe Mode warning.  PHP Shell will normally display a big, fat
+; warning if it detects that PHP is running in Safe Mode.  If you find
+; that PHP Shell works anyway, then set this to false to get rid of
+; the warning.
+
+safe-mode-warning = true
diff --git a/shell/config.php~ b/shell/config.php~
new file mode 100644
index 0000000..b9b48ca
--- /dev/null
+++ b/shell/config.php~
@@ -0,0 +1,69 @@
+; <?php die('Forbidden'); ?>  -*- conf -*-
+; Do not remove the above line, it is all that prevents this file from
+; being downloaded.
+;
+; config.php file for PHP Shell
+; Copyright (C) 2005-2010 the Phpshell-team
+; Licensed under the GNU GPL.  See the file COPYING for details.
+
+; This ini-file has three parts:
+;
+; * [users] where you add usernames and passwords to give users access
+;   to PHP Shell.
+;
+; * [aliases] where you can configure shell aliases.
+;
+; * [settings] where general settings are placed.
+
+
+[users]
+
+; The default configuration has no users defined, you have to add your
+; own (choose good passwords!).  Add uses as simple
+;
+;   username = "password"
+;
+; lines.  Please quote your password using double-quotes as shown.
+; The semi-colon ':' is a reserved character, so do *not* use that in
+; your passwords.
+;
+; For improved security it is *strongly suggested* that you the
+; pwhash.php script to generate a hashed password and store that
+; instead of the normal clear text password.  Keeping your passwords
+; in hashed form ensures that they cannot be found, even if this file
+; is disclosed.  The passwords are still visible in clear text during
+; the login, though.  Please follow the instructions given in
+; pwhash.php.
+
+
+
+[aliases]
+
+; Alias expansion.  Change the two examples as needed and add your own
+; favorites --- feel free to suggest more defaults!  The command line
+; you enter will only be expanded on the very first token and only
+; once, so having 'ls' expand into 'ls -CvhF' does not cause an
+; infinite recursion.
+
+ls = "ls -CvhF"
+ll = "ls -lvhF"
+
+
+
+[settings]
+
+; General settings for PHP Shell.
+
+; Home directory.  PHP Shell will change to this directory upon
+; startup and whenever a bare 'cd' command is given.  This can be an
+; absolute path or a path relative to the PHP Shell installation
+; directory.
+
+home-directory = "."
+
+; Safe Mode warning.  PHP Shell will normally display a big, fat
+; warning if it detects that PHP is running in Safe Mode.  If you find
+; that PHP Shell works anyway, then set this to false to get rid of
+; the warning.
+
+safe-mode-warning = true
diff --git a/shell/phpshell.php b/shell/phpshell.php
new file mode 100644
index 0000000..34a651b
--- /dev/null
+++ b/shell/phpshell.php
@@ -0,0 +1,550 @@
+<?php // -*- coding: utf-8 -*-

+

+define('PHPSHELL_VERSION', '2.2');

+/*

+

+  **************************************************************

+  *                     PHP Shell                              *

+  **************************************************************

+

+  PHP Shell is an interactive PHP script that will execute any command

+  entered.  See the files README, INSTALL, and SECURITY or

+  http://phpshell.sourceforge.net/ for further information.

+

+  Copyright (C) 2000-2010 the Phpshell-team

+

+  This program is free software; you can redistribute it and/or

+  modify it under the terms of the GNU General Public License

+  as published by the Free Software Foundation; either version 2

+  of the License, or (at your option) any later version.

+

+  This program is distributed in the hope that it will be useful,

+  but WITHOUT ANY WARRANTY; without even the implied warranty of

+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+  GNU General Public License for more details.

+

+  You can get a copy of the GNU General Public License from this

+  address: http://www.gnu.org/copyleft/gpl.html#SEC1

+  You can also write to the Free Software Foundation, Inc., 59 Temple

+  Place - Suite 330, Boston, MA  02111-1307, USA.

+  

+*/

+

+/* There are no user-configurable settings in this file anymore, please see

+ * config.php instead. */

+

+header("Content-Type: text/html; charset=utf-8");

+

+/* This error handler will turn all notices, warnings, and errors into fatal

+ * errors, unless they have been suppressed with the @-operator. */

+function error_handler($errno, $errstr, $errfile, $errline, $errcontext) {

+    /* The @-operator (used with chdir() below) temporarely makes

+     * error_reporting() return zero, and we don't want to die in that case.

+     * We do note the error in the output, though. */

+    if (error_reporting() == 0) {

+        $_SESSION['output'] .= $errstr . "\n";

+    } else {

+        die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"

+   "http://www.w3.org/TR/html4/strict.dtd">

+<html>

+<head>

+  <title>PHP Shell ' . PHPSHELL_VERSION . '</title>

+  <meta http-equiv="Content-Script-Type" content="text/javascript">

+  <meta http-equiv="Content-Style-Type" content="text/css">

+  <meta name="generator" content="phpshell">

+  <link rel="stylesheet" href="style.css" type="text/css">

+</head>

+<body>

+  <h1>Fatal Error!</h1>

+  <p><b>' . $errstr . '</b></p>

+  <p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p>

+

+  <hr>

+

+  <p>Please consult the <a href="README">README</a>, <a

+  href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for

+  instruction on how to use PHP Shell.</p>

+

+  <hr>

+

+  <address>

+  Copyright &copy; 2000&ndash;2010, the Phpshell-team. Get the latest

+  version at <a

+  href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.

+  </address>

+

+</body>

+</html>');

+    }

+}

+

+/* Installing our error handler makes PHP die on even the slightest problem.

+ * This is what we want in a security critical application like this. */

+set_error_handler('error_handler');

+

+

+function logout() {

+    /* Empty the session data, except for the 'authenticated' entry which the

+     * rest of the code needs to be able to check. */

+    $_SESSION = array('authenticated' => false);

+

+    /* Unset the client's cookie, if it has one. */

+//    if (isset($_COOKIE[session_name()]))

+//        setcookie(session_name(), '', time()-42000, '/');

+

+    /* Destroy the session data on the server.  This prevents the simple

+     * replay attach where one uses the back button to re-authenticate using

+     * the old POST data since the server wont know the session then.*/

+//    session_destroy();

+}

+

+/* Clear history */

+function clear() 

+{

+  $_SESSION['output'] = '';

+}

+

+function stripslashes_deep($value) {

+    if (is_array($value))

+        return array_map('stripslashes_deep', $value);

+    else

+        return stripslashes($value);

+}

+

+if (get_magic_quotes_gpc())

+    $_POST = stripslashes_deep($_POST);

+

+/* Initialize some variables we need again and again. */

+$username = isset($_POST['username']) ? $_POST['username'] : '';

+$password = isset($_POST['password']) ? $_POST['password'] : '';

+$nounce   = isset($_POST['nounce'])   ? $_POST['nounce']   : '';

+

+$command  = isset($_POST['command'])  ? $_POST['command']  : '';

+$rows     = isset($_POST['rows'])     ? $_POST['rows']     : 24;

+$columns  = isset($_POST['columns'])  ? $_POST['columns']  : 80;

+

+

+/* Load the configuration. */

+$ini = parse_ini_file('config.php', true);

+

+if (empty($ini['settings']))

+    $ini['settings'] = array();

+

+/* Default settings --- these settings should always be set to something. */

+$default_settings = array('home-directory'   => '.');

+$showeditor = false;

+

+/* Merge settings. */

+$ini['settings'] = array_merge($default_settings, $ini['settings']);

+

+session_start();

+

+/* Delete the session data if the user requested a logout.  This leaves the

+ * session cookie at the user, but this is not important since we

+ * authenticates on $_SESSION['authenticated']. */

+if (isset($_POST['logout']))

+    logout();

+    

+/* Delete history if submitted */

+if (isset($_POST['clear']))

+    clear();

+

+/* Attempt authentication. */

+if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce'] && 

+    isset($ini['users'][$username])) {

+    if (strchr($ini['users'][$username], ':') === false) {

+        // No seperator found, assume this is a password in clear text.

+        $_SESSION['authenticated'] = ($ini['users'][$username] == $password);

+    } else {

+        list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]);

+        $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash);

+    }

+}

+

+

+/* Enforce default non-authenticated state if the above code didn't set it

+ * already. */

+if (!isset($_SESSION['authenticated']))

+    $_SESSION['authenticated'] = false;

+

+

+if ($_SESSION['authenticated']) {  

+    /* Initialize the session variables. */

+    if (empty($_SESSION['cwd'])) {

+        $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);

+        $_SESSION['history'] = array();

+        $_SESSION['output'] = '';

+    }

+    /* Clicked on one of the directory links in the working directory - ignore the command */

+    if (isset($_POST['levelup'])) {

+	$levelup = $_POST['levelup'] ;

+	while ($levelup > 0) {

+	    $command = '' ; /* ignore the command */

+	    $_SESSION['cwd'] = dirname($_SESSION['cwd']) ;

+	    $levelup -- ;

+	}

+    }

+    /* Selected a new subdirectory as working directory - ignore the command */

+    if (isset($_POST['changedirectory'])) {

+	$changedir= $_POST['changedirectory'];

+	if (strlen($changedir) > 0) {

+	    if (@chdir($_SESSION['cwd'] . '/' . $changedir)) {

+		$command = '' ; /* ignore the command */

+		$_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir) ;

+	    }

+	}

+    }

+

+    /* Save content from 'editor' */

+    if(isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) {

+        $filetoedit_handle = fopen($_POST["filetoedit"], "w");

+        fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"]));

+		fclose($filetoedit_handle);

+    }

+

+    if (!empty($command)) {

+        /* Save the command for late use in the JavaScript.  If the command is

+         * already in the history, then the old entry is removed before the

+         * new entry is put into the list at the front. */

+        if (($i = array_search($command, $_SESSION['history'])) !== false)

+            unset($_SESSION['history'][$i]);

+        

+        array_unshift($_SESSION['history'], $command);

+  

+        /* Now append the commmand to the output. */

+        $_SESSION['output'] .= '$ ' . $command . "\n";

+

+        /* Initialize the current working directory. */

+        if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {

+            $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);

+        } elseif (preg_match('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/', $command, $regs)) {

+            /* The current command is a 'cd' command which we have to handle

+             * as an internal shell command. */

+

+	    /* if the directory starts and ends with quotes ("), remove them -

+	       allows command like 'cd "abc def"' */

+	    if ((substr($regs[1],0,1) == '"') && (substr($regs[1],-1) =='"') ) {

+	      $regs[1] = substr($regs[1],1) ;

+	      $regs[1] = substr($regs[1],0,-1) ;

+	    }

+

+            if ($regs[1]{0} == '/') {

+                /* Absolute path, we use it unchanged. */

+                $new_dir = $regs[1];

+            } else {

+                /* Relative path, we append it to the current working

+                 * directory. */

+                $new_dir = $_SESSION['cwd'] . '/' . $regs[1];

+            }

+      

+            /* Transform '/./' into '/' */

+            while (strpos($new_dir, '/./') !== false)

+                $new_dir = str_replace('/./', '/', $new_dir);

+

+            /* Transform '//' into '/' */

+            while (strpos($new_dir, '//') !== false)

+                $new_dir = str_replace('//', '/', $new_dir);

+

+            /* Transform 'x/..' into '' */

+            while (preg_match('|/\.\.(?!\.)|', $new_dir))

+                $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);

+      

+            if ($new_dir == '') $new_dir = '/';

+      

+            /* Try to change directory. */

+            if (@chdir($new_dir)) {

+                $_SESSION['cwd'] = $new_dir;

+            } else {

+                $_SESSION['output'] .= "cd: could not change to: $new_dir\n";

+            }

+

+        } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]*$/', $command)) {

+            /* You called 'editor' without a filename so you get an short help

+             * on how to use the internal 'editor' command */

+

+               $_SESSION['output'] .= " Syntax: editor filename\n (you forgot the filename)\n";

+        

+        } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]+([^;]+)$/', $command, $regs)) {

+            /* This is a tiny editor which you can start with 'editor filename' */

+	    $filetoedit = $regs[1];

+            if ($regs[1]{0} != '/') {

+                /* relative path, add it to the current working directory.*/

+                $filetoedit = $_SESSION['cwd'].'/'.$regs[1];

+            } ;

+            if(is_file(realpath($filetoedit)) || ! file_exists($filetoedit)) {

+                $showeditor = true;

+                if(file_exists(realpath($filetoedit)))

+                    $filetoedit = realpath($filetoedit);

+            } else {

+                $_SESSION['output'] .= " Syntax: editor filename\n (just regular or not existing files)\n";

+            }

+

+        } elseif (trim($command) == 'exit') {

+            logout();

+        } elseif (trim($command) == 'logout') {

+            logout();

+        } else {

+

+            /* The command is not an internal command, so we execute it after

+             * changing the directory and save the output. */

+            chdir($_SESSION['cwd']);

+

+            // We canot use putenv() in safe mode.

+            if (!ini_get('safe_mode')) {

+                // Advice programs (ls for example) of the terminal size.

+                putenv('ROWS=' . $rows);

+                putenv('COLUMNS=' . $columns);

+            }

+

+            /* Alias expansion. */

+            $length = strcspn($command, " \t");

+            $token = substr($command, 0, $length);

+            if (isset($ini['aliases'][$token]))

+                $command = $ini['aliases'][$token] . substr($command, $length);

+    

+            $io = array();

+            $p = proc_open($command,

+                           array(1 => array('pipe', 'w'),

+                                 2 => array('pipe', 'w')),

+                           $io);

+

+            /* Read output sent to stdout. */

+            while (!feof($io[1])) {

+                $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),

+                                                        ENT_COMPAT, 'UTF-8');

+            }

+            /* Read output sent to stderr. */

+            while (!feof($io[2])) {

+                $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),

+                                                        ENT_COMPAT, 'UTF-8');

+            }

+            

+            fclose($io[1]);

+            fclose($io[2]);

+            proc_close($p);

+        }

+    }

+

+    /* Build the command history for use in the JavaScript */

+    if (empty($_SESSION['history'])) {

+        $js_command_hist = '""';

+    } else {

+        $escaped = array_map('addslashes', $_SESSION['history']);

+        $js_command_hist = '"", "' . implode('", "', $escaped) . '"';

+    }

+}

+

+?>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"

+   "http://www.w3.org/TR/html4/strict.dtd">

+<html>

+<head>

+  <title>PHP Shell <?php echo PHPSHELL_VERSION ?></title>

+  <meta http-equiv="Content-Script-Type" content="text/javascript">

+  <meta http-equiv="Content-Style-Type" content="text/css">

+  <meta name="generator" content="phpshell">

+  <link rel="stylesheet" href="style.css" type="text/css">

+

+  <script type="text/javascript">

+  <?php if ($_SESSION['authenticated'] && ! $showeditor) { ?>

+

+  var current_line = 0;

+  var command_hist = new Array(<?php echo $js_command_hist ?>);

+  var last = 0;

+

+  function key(e) {

+    if (!e) var e = window.event;

+

+    if (e.keyCode == 38 && current_line < command_hist.length-1) {

+      command_hist[current_line] = document.shell.command.value;

+      current_line++;

+      document.shell.command.value = command_hist[current_line];

+    }

+

+    if (e.keyCode == 40 && current_line > 0) {

+      command_hist[current_line] = document.shell.command.value;

+      current_line--;

+      document.shell.command.value = command_hist[current_line];

+    }

+

+  }

+

+  function init() {

+    document.shell.setAttribute("autocomplete", "off");

+    document.shell.output.scrollTop = document.shell.output.scrollHeight;

+    document.shell.command.focus()

+  }

+

+  <?php } elseif($_SESSION['authenticated'] && $showeditor) { ?>

+

+  function init() {

+    document.shell.filecontent.focus();

+  }

+

+  <?php } else { ?>

+

+  function init() {

+    document.shell.username.focus();

+  }

+

+  <?php } ?>

+  function levelup(d) {

+    document.shell.levelup.value=d ; 

+    document.shell.submit() ;

+  }

+  function changesubdir(d) {

+    document.shell.changedirectory.value=document.shell.dirselected.value ; 

+    document.shell.submit() ;

+  }

+  </script>

+</head>

+

+<body onload="init()">

+

+<h1>PHP Shell <?php echo PHPSHELL_VERSION ?></h1>

+

+<form name="shell" action="<?php print($_SERVER['PHP_SELF']) ?>" method="post">

+<div><input name="levelup" id="levelup" type="hidden"></div>

+<div><input name="changedirectory" id="changedirectory" type="hidden"></div>

+<?php

+if (!$_SESSION['authenticated']) {

+    /* Genereate a new nounce every time we preent the login page.  This binds

+     * each login to a unique hit on the server and prevents the simple replay

+     * attack where one uses the back button in the browser to replay the POST

+     * data from a login. */

+    $_SESSION['nounce'] = mt_rand();

+

+?>

+

+<fieldset>

+  <legend>Authentication</legend>

+  <?php

+  if (!empty($username))

+      echo "  <p class=\"error\">Login failed, please try again:</p>\n";

+  else

+      echo "  <p>Please login:</p>\n";

+  ?>

+

+  <label for="username">Username:</label>

+  <input name="username" id="username" type="text" value="<?php echo $username

+  ?>"><br>

+  <label for="password">Password:</label>

+  <input name="password" id="password" type="password">

+  <p><input type="submit" value="Login"></p>

+  <input name="nounce" type="hidden" value="<?php echo $_SESSION['nounce']; ?>">

+

+</fieldset>

+

+<?php } else { /* Authenticated. */ ?>

+<fieldset>

+  <legend><?php echo "Phpshell running on: " . $_SERVER['SERVER_NAME']; ?></legend>

+<p>Current Working Directory:

+<span class="pwd"><?php

+    if( $showeditor ) {

+	echo htmlspecialchars($_SESSION['cwd'], ENT_COMPAT, 'UTF-8') . '</span>';

+    } else { /* normal mode - offer navigation via hyperlinks */

+      $parts = explode('/', $_SESSION['cwd']);

+     

+      for($i=1; $i<count($parts); $i=$i+1) {

+        echo '<a class="pwd" title="Change to this directory. Your command will not be executed." href="javascript:levelup(' . (count($parts)-$i) . ')">/</a>' ;

+        echo htmlspecialchars($parts[$i], ENT_COMPAT, 'UTF-8') ;

+      }

+      echo '</span>';

+      /* Now we make a list of the directories. */

+      $dir_handle = opendir($_SESSION['cwd']);

+      /* We store the output so that we can sort it later: */

+      $options = array();

+      /* Run through all the files and directories to find the dirs. */

+      while ($dir = readdir($dir_handle)) {

+	if (($dir != '.') and ($dir != '..') and is_dir($_SESSION['cwd'] . "/" . $dir)) {

+	  $options[$dir] = "<option value=\"/$dir\">$dir</option>";

+	}

+      }

+      closedir($dir_handle);

+      if (count($options)>0) {

+	ksort($options);

+	echo '<br><a href="javascript:changesubdir()">Change to subdirectory</a>: <select name="dirselected">';

+	echo implode("\n", $options);

+	echo '</select>';

+      }

+    }

+?>

+<br>

+

+    <?php if(! $showeditor) { /* Outputs the 'terminal' without the editor */ ?>

+

+<div id="terminal">

+<textarea name="output" readonly="readonly" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">

+<?php

+$lines = substr_count($_SESSION['output'], "\n");

+$padding = str_repeat("\n", max(0, $rows+1 - $lines));

+echo rtrim($padding . $_SESSION['output']);

+?>

+</textarea>

+<p id="prompt">

+  $&nbsp;<input name="command" type="text"

+                onkeyup="key(event)" size="<?php echo $columns-2 ?>" tabindex="1">

+</p>

+</div>

+

+    <?php } else { /* Output the 'editor' */ ?>

+    <?php print("You are editing this file: ".$filetoedit); ?>

+

+<div id="terminal">

+<textarea name="filecontent" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">

+<?php

+    if(file_exists($filetoedit)) {

+         print(htmlspecialchars(str_replace("%0D%0D%0A", "%0D%0A", file_get_contents($filetoedit))));		 

+    }

+?>

+</textarea>

+</div>

+

+<?php } /* End of terminal */ ?>

+

+<p>

+<?php if(! $showeditor) { /* You can not resize the textarea while

+                           * the editor is 'running', because if you would

+                           * do so you would lose the changes you have

+                           * already made in the textarea since last saving */

+?>

+  <span style="float: right">Size: <input type="text" name="rows" size="2"

+  maxlength="3" value="<?php echo $rows ?>"> &times; <input type="text"

+  name="columns" size="2" maxlength="3" value="<?php echo $columns

+  ?>"></span>

+<?php } ?>

+

+

+<?php if(! $showeditor) { /* for normal 'non-editor-mode' */ ?>

+<input type="submit" value="Execute Command">

+<input type="submit" name="clear" value="Clear">

+<?php } else { /* for 'editor-mode' */ ?>

+<input type="hidden" name="filetoedit" id="filetoedit" value="<?php print($filetoedit) ?>">

+<input type="submit" value="Save and Exit">

+<input type="reset" value="Undo all Changes">

+<input type="submit" value="Exit without saving" onclick="javascript:document.getElementById('filetoedit').value='';return true;">

+<?php } ?>

+

+  <input type="submit" name="logout" value="Logout">

+</p>

+</fieldset>

+

+<?php } ?>

+

+</form>

+

+<hr>

+

+<p>Please consult the <a href="README">README</a>, <a

+href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for

+instruction on how to use PHP Shell.</p>

+<p>If you have not created accounts for phpshell, please use <a href="pwhash.php">pwhash.php</a> to create secure passwords.</p>

+

+<hr>

+<address>

+Copyright &copy; 2000&ndash;2010, the Phpshell-team. Get the

+latest version at <a

+href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.

+</address>

+</body>

+</html>

diff --git a/shell/pwhash.php b/shell/pwhash.php
new file mode 100644
index 0000000..08e8171
--- /dev/null
+++ b/shell/pwhash.php
@@ -0,0 +1,107 @@
+<?php
+/*
+ * pwhash.php file for PHP Shell
+ * Copyright (C) 2005-2010 the Phpshell-team
+ * Licensed under the GNU GPL. See the file COPYING for details.
+ *
+ */
+
+define('PHPSHELL_VERSION', '2.2');
+
+function stripslashes_deep($value) {
+  if (is_array($value))
+    return array_map('stripslashes_deep', $value);
+  else
+    return stripslashes($value);
+}
+
+if (get_magic_quotes_gpc())
+  $_POST = stripslashes_deep($_POST);
+
+$username = isset($_POST['username']) ? $_POST['username'] : '';
+$password = isset($_POST['password']) ? $_POST['password'] : '';
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
+   "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+  <title>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></title>
+  <meta http-equiv="Content-Script-Type" content="text/javascript">
+  <meta http-equiv="Content-Style-Type" content="text/css">
+  <meta name="generator" content="phpshell">
+  <link rel="stylesheet" href="style.css" type="text/css">
+</head>
+
+<body>
+
+<h1>Password Hasher for PHP Shell  <?php echo PHPSHELL_VERSION ?></h1>
+
+<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
+
+<fieldset>
+  <legend>Username</legend>
+  <input name="username" type="text" value="<?php echo $username ?>">
+</fieldset>
+
+<fieldset>
+  <legend>Password</legend>
+  <input name="password" type="text" value="<?php echo $password ?>">
+</fieldset>
+
+<fieldset>
+  <legend>Result</legend>
+
+<?php
+if ($username == '' || $password == '') {
+  echo "  <p><i>Enter a username and a password and update.</i></p>\n";
+} else {
+
+  $u = strtolower($username);
+
+  if (preg_match('/[[ |&~!()]/', $u) || $u == 'null' ||
+      $u == 'yes' || $u == 'no' || $u == 'true' || $u == 'false') {
+
+    echo '  <p class="error">Your username cannot contain any of the following reserved
+  word: "<tt>null</tt>", "<tt>yes</tt>", "<tt>no</tt>", "<tt>true</tt>", or
+  "<tt>false</tt>".  The following characters are also prohibited:
+  "<tt>&nbsp;</tt>" (space), "<tt>[</tt>" (left bracket), "<tt>|</tt>" (pipe),
+  "<tt>&</tt>" (ampersand), "<tt>~</tt>" (tilde), "<tt>!</tt>" (exclamation
+  mark), "<tt>(</tt>" (left parenthesis), or "<tt>)</tt>" (right
+  parenthesis).</p>' . "\n";
+
+    echo '  <p>Please choose another username and try again.</p>' . "\n";
+
+  } else {
+    echo "  <p>Write the following line into <tt>config.php</tt> " .
+      "in the <tt>users</tt> section:</p>\n";
+
+    if ( function_exists('sha1') ) { $fkt = 'sha1' ; } else { $fkt = 'md5' ; } ;
+    $salt = dechex(mt_rand());
+
+    $hash = $fkt . ':' . $salt . ':' . $fkt($salt . $password);
+
+    echo "<pre>\n";
+    echo htmlentities(str_pad($username, 8) . ' = "' . $hash . '"') . "\n";
+    echo "</pre>\n";
+  }
+}
+?>
+
+<p><input type="submit" value="Update"></p>
+
+</fieldset>
+
+</form>
+
+
+<hr>
+
+<address>
+  Copyright &copy; the Phpshell-team, please see <a href="AUTHORS">AUTHORS</a>.
+  This is PHP Shell <?php echo PHPSHELL_VERSION ?>, get the latest version at <a
+  href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
+</address>
+
+</body>
+</html>
diff --git a/shell/style.css b/shell/style.css
new file mode 100644
index 0000000..f84afb4
--- /dev/null
+++ b/shell/style.css
@@ -0,0 +1,74 @@
+/* style.css file for PHP Shell
+ * Copyright (C) 2003-2010 the Phpshell-team
+ * Licensed under the GNU GPL.  See the file COPYING for details.
+ *
+ */
+
+body {
+  font-family: sans-serif;
+  color: black;
+  background: white;
+}
+
+h1 {
+  color: red;
+  background: white;
+}
+
+img {
+  border: none;
+}
+
+div#terminal {
+  border: inset 2px red;
+  padding: 2px;
+  margin-top: 0.5em;
+}
+
+div#terminal textarea { 
+  font-size: 100%;
+  width: 100%;
+  border: none;
+}
+
+p {
+  margin-top: 0.5em;
+  margin-bottom: 0.5em;
+}
+
+p#prompt {
+  font-family: monospace;
+  margin: 0px;
+}
+
+p#prompt input {
+  border: none;
+  font-family: monospace;
+}
+
+legend {
+  padding-right: 0.5em;
+}
+
+fieldset {
+  padding: 0.5em;
+}
+
+.error {
+  color: red;
+}
+
+div.warning {
+  background-color: rgb(255, 150, 150);
+  border: medium solid rgb(255, 60, 60);
+  padding: 0.5em;
+  margin: 0.25em;
+}
+.pwd {
+  font-family: monospace;
+  padding: 0.5em;
+  margin: 0.25em;
+}
+a.pwd {
+  font-weight: bold;
+}