summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ltshell.php12
-rw-r--r--shell/AUTHORS40
-rw-r--r--shell/COPYING340
-rw-r--r--shell/ChangeLog225
-rw-r--r--shell/INSTALL110
-rw-r--r--shell/README174
-rw-r--r--shell/SECURITY141
-rw-r--r--shell/config.php71
-rw-r--r--shell/config.php~69
-rw-r--r--shell/phpshell.php550
-rw-r--r--shell/pwhash.php107
-rw-r--r--shell/style.css74
12 files changed, 1913 insertions, 0 deletions
diff --git a/ltshell.php b/ltshell.php
new file mode 100644
index 0000000..fb1eee7
--- /dev/null
+++ b/ltshell.php
@@ -0,0 +1,12 @@
+<?php
+/*
+Plugin Name: LTS WebShell
+Plugin URI: http://lukeshu.ath.cx/1/src/
+Description: A web shell (phpshell-2.2)
+Version: 2.2-1
+Author: Luke Shumaker
+Author URI: http://lukeshu.ath.cx/1/src/
+License: GPL2
+*/
+?>
+
diff --git a/shell/AUTHORS b/shell/AUTHORS
new file mode 100644
index 0000000..4a4aa51
--- /dev/null
+++ b/shell/AUTHORS
@@ -0,0 +1,40 @@
+AUTHORS file for PHP Shell
+Copyright (C) 2000-2010 the Phpshell-team
+Licensed under the GNU GPL. See the file COPYING for details.
+
+
+Current maintainer: Wolfgang Dautermann <dauti@users.sourceforge.net>
+Original author: Martin Geisler <mgeisler@mgeisler.net>
+
+Thanks goes to all these persons who have helped:
+
+richard@joffray.com
+ Fixed a problem the list of directories, if one accessed the
+ root-directory.
+
+Robert Niess <sturm@i-st.net>
+ Made me aware of a security hole in the handling of stderr-trapping.
+
+Gerry Calderhead <caldergf@everythingsucks.co.uk>
+ Patch for PHP 4.2.0 where register_globals are turned off.
+
+Jeremy Miller <JMiller@marketaxess.com>
+ Suggested that one could use Sudo from
+
+ http://www.courtesan.com/sudo/
+
+ to let PHP Shell execute code with different privileges than the
+ webserver.
+
+Michael Zech <keldrin@web.de>
+ Patch to make the stderr-checkbox remember it's state.
+
+Wolfgang Dautermann <dauti@users.sourceforge.net>
+ Multiple patches, including the sorting of directory entries in the
+ drop down box.
+
+Natan Bueno Ungethuem
+ Patch for PHP 5.X because the function ereg was deprecated
+
+Tobias Unger
+ AddOn including an Editor ("vim") for PHP-Shell 2.1.
diff --git a/shell/COPYING b/shell/COPYING
new file mode 100644
index 0000000..f90922e
--- /dev/null
+++ b/shell/COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/shell/ChangeLog b/shell/ChangeLog
new file mode 100644
index 0000000..945c737
--- /dev/null
+++ b/shell/ChangeLog
@@ -0,0 +1,225 @@
+2010-11-29 Wolfgang Dautermann
+ * Reimplemented the feature to change to subdirectorys using mouseclicks (was available in older version)
+
+2010-11-21 Wolfgang Dautermann
+ * One can navigate to higher level directories using hyperlinks.
+
+2010-11-05 Wolfgang Dautermann
+ * Use SHA1 password hashing if possible. Changed project links to http://phpshell.sourceforge.net/
+
+2010-01-30 Natan Bueno <natan.bueno@gmail.com>
+ * phpshell.php
+ Added AddOn to editor "vim".
+
+2010-01-15 Natan Bueno <natan.bueno@gmail.com>
+ * phpshell.php
+ Replaced deprecated function ereg by the function preg_match
+
+2005-12-27 Martin Geisler <mgeisler@mgeisler.net>
+
+ * phpshell.php:
+ Added code to prevent simple replay attacks by only accepting each
+ login form once.
+
+2005-12-25 Martin Geisler <mgeisler@mgeisler.net>
+
+ * INSTALL: Information about the new internal configuration.
+
+ * phpshell.php: Made authentication internal.
+
+ * SECURITY: New file.
+
+ * config.php: New file.
+
+ * style.css: New file. Renamed from phpshell.css.
+
+2004-03-27 Martin Geisler <mgeisler@mgeisler.net>
+
+ * phpshell.php 1.29: Removed debug output.
+
+ * README 1.11: Updated documentation for new cool shell-like interface.
+
+ * INSTALL 1.5:
+ Updated documentation about the command substitution using alises.
+
+ * phpshell.css 1.2:
+ New styles to make the textarea and input box blend together.
+
+ * phpshell.php 1.28: A little documentation for the alias feature.
+
+ * phpshell.php 1.27:
+ The shell now looks and behaves much more like a real shell: the shell
+ now has a commandline history just like a real shell.
+
+ The parsing of 'cd' commands have been rewritten so that even more
+ special cases are taken care of, and simple command substitution using
+ aliases have been introduced.
+
+2004-03-24 Martin Geisler <mgeisler@mgeisler.net>
+
+ * phpshell.php 1.26:
+ Increased year of copyright to 2004. Fixed the references to the PNG
+ images, as pointed out by Michael Z. Bell.
+
+2003-11-11 Martin Geisler <mgeisler@mgeisler.net>
+
+ * AUTHORS 1.6:
+ Added Wolfgang Dautermann <dauti@users.sourceforge.net>.
+
+ * phpshell.php 1.25:
+ Ups, I commited with $passwd = array('foo' => 'bar').
+
+ * phpshell.php 1.24:
+ Wolfgang Dautermann <dauti@users.sourceforge.net> suggested
+ that the directory list should be sorted.
+
+ Also, changing directory through symbolic links now works as expected,
+ so that it's possible to go back using 'cd ..'.
+
+2003-04-01 Martin Geisler <mgeisler@mgeisler.net>
+
+ * INSTALL 1.4:
+ New instructions on how to change the username and password.
+
+ * README 1.10:
+ Updated to be in sync with new instructions on how the password
+ protection works.
+
+ * phpshell.css 1.1: New file.
+
+ * phpshell.php 1.23:
+ Updated to use XHTML 1.0 Strict and the $_* variables in PHP
+ 4.1.0. This effectively breaks compatibility with earlier versions of
+ PHP. If you cannot upgrade your PHP installation (you really should
+ consider upgrading to get hold of the latest security and bug fixes)
+ when just use PhpShell version 1.7 --- there's no new functionality in
+ this release.
+
+ * COPYING 1.1: New file.
+
+ * phpshell.php 1.22: Changed PHP Shell into PhpShell.
+
+ * phpshell.php 1.21: Added HTTP basic authentication to the script.
+
+ * AUTHORS 1.5: Moved Jeremy Miller <JMiller@marketaxess.com>.
+
+ * phpshell.php 1.20: Updated version.
+
+ * AUTHORS 1.4, phpshell.php 1.19:
+ Applied patch from Michael Zech <keldrin@web.de> that made the
+ stderr-checkbox remember it's state.
+
+2002-09-18 Martin Geisler <mgeisler@mgeisler.net>
+
+ * phpshell.php 1.18:
+ Use the directory of phpshell.php as the default working directory.
+
+ * AUTHORS 1.3: Added Gerry Calderhead <caldergf@everythingsucks.co.uk>.
+
+ * phpshell.php 1.17:
+ PHP Shell now works on PHP 4.2.0 with register_globals turned off.
+
+2002-06-10 Martin Geisler <mgeisler@mgeisler.net>
+
+ * INSTALL 1.3: Added a section about Safe Mode in PHP.
+
+ * README 1.9:
+ Added a section about Safe Mode in PHP. Also fixed a lot of spelling
+ errors.
+
+2002-03-23 Martin Geisler <mgeisler@mgeisler.net>
+
+ * README 1.8: Added a version number to the file.
+
+ * AUTHORS 1.2: Added a notice about Robert Niess <sturm@i-st.net>.
+
+ * phpshell.php 1.16:
+ Added a PHPSHELL_VERSION constant. Also, when using stderr-trapping,
+ we now use a unique filename as returned by tempnam() - Robert Niess
+ <sturm@i-st.net> made me aware of this, thanks.
+
+ * phpshell.php 1.15: Small changes in the layout.
+
+ * phpshell.php 1.14:
+ Updated copyright statements - they were getting quite old :-)
+
+ * README 1.7:
+ Added a tip from Jeremy Miller <JMiller@marketaxess.com> about how to
+ use PHP Shell together with Sudo to execute code as another user.
+
+2001-12-10 Martin Geisler <mgeisler@mgeisler.net>
+
+ * phpshell.php 1.13:
+ I found out that 'ls -F' produced better output than 'ls -p'.
+
+ * README 1.6: Told people about the rewriting of 'ls' into 'ls -F'
+
+ * phpshell.php 1.12:
+ You can now travel through the filesystem by using the normal 'cd'
+ command. If your command involves 'cd', it will be intercepted and the
+ current working directory will be changed accordingly.
+
+ * README 1.5: Updated the documentation a bit.
+
+2001-02-11 Martin Geisler <mgeisler@mgeisler.net>
+
+ * phpshell.php 1.11:
+ Another suggestion from Thomas Langen <langen@langensoft.de>: some
+ people can't use the .php extension, so now the script uses $PHP_SELF
+ instead.
+
+ * phpshell.php 1.10:
+ Expanded all PHP start-tags (<?) to <?php, as suggested by Thomas
+ Langen <langen@langensoft.de>.
+
+2000-11-20 Martin Geisler <mgeisler@mgeisler.net>
+
+ * AUTHORS 1.1: New file.
+
+ * phpshell.php 1.9:
+ Applied a patch from richard@joffray.com which fixed a problem with
+ accessing the root-directory.
+
+2000-09-24 Martin Geisler <mgeisler@mgeisler.net>
+
+ * phpshell.php 1.8: Removed a debug-comment.
+
+2000-09-09 Martin Geisler <mgeisler@mgeisler.net>
+
+ * README 1.4: Expanded the brief explanation at the top.
+
+ * README 1.3: Ups, I forgot to make a description of sample.htaccess.
+
+ * README 1.2:
+ Added a description of all the files found in the tarball.
+
+ * INSTALL 1.2: Made BUGS lowercase.
+
+ * INSTALL 1.1, README 1.1: New file.
+
+ * phpshell.php 1.7:
+ Removed 'Martin Geisler' from the title, putting my name on the bottom
+ of the page ought to be enough :-)
+
+2000-08-06 Martin Geisler <mgeisler@mgeisler.net>
+
+ * phpshell.php 1.6:
+ Added a link to gimpster.com at the bottom of the page
+
+2000-08-05 Martin Geisler <mgeisler@mgeisler.net>
+
+ * phpshell.php 1.5:
+ Removed references to php3 - I now use php4 so all my files end with
+ just a '.php'
+
+2000-06-21 Martin Geisler <mgeisler@mgeisler.net>
+
+ * phpshell.php 1.4:
+ Fix - there were still references to the old name: shell.php3.
+
+ * phpshell.php 1.3: Workaround for stderr-trapping. Seams to work...
+
+ * phpshell.php 1.2: Initial commit
+
+ * phpshell.php 1.1: New file.
+
diff --git a/shell/INSTALL b/shell/INSTALL
new file mode 100644
index 0000000..8d20f4b
--- /dev/null
+++ b/shell/INSTALL
@@ -0,0 +1,110 @@
+INSTALL file for PHP Shell
+Copyright (C) 2000-2010 the Phpshell-team
+Licensed under the GNU GPL. See the file COPYING for details.
+
+
+Downloading PHP Shell
+=====================
+
+You can always get the latest version of PHP Shell from:
+
+ http://phpshell.sourceforge.net/
+
+
+
+Installation
+============
+
+Installation is easy: first unpack the tarball or zipfile downloaded
+from the above website into your webserver. This will create a
+subdirectory called phpshell-@VERSION@ for PHP Shell version @VERSION@.
+
+Try loading the file ``phpshell.php`` in your browser and check that
+you are served a page that asks you to authenticate yourself with a
+username and a password. If you do not see such a page, then please
+check that you have entered the URL correctly and that PHP is working
+on your server.
+
+
+
+Configuration
+=============
+
+All configuration happens in the ``config.php`` file. This is an
+ini-file despite its name. Ini-files consist of a number of sections,
+each containing a number of 'key = "value"' pairs. PHP Shell has tree
+sections: '[users]' for configuring usernames and passwords,
+'[aliases]' for configuring shell aliases, and '[settings]' for
+general settings.
+
+
+Setting usernames and passwords
+-------------------------------
+
+As a security precaution PHP Shell has no default username and
+password (people often forget to change them...). To add the user
+"alice" with password "secret" you simply add
+
+ [users]
+ alice = "secret"
+
+to the file. Note that you can add as many users as you want by
+simply adding more lines like this.
+
+This system works, but there is a better way --- a way so that the
+password does not appear in clear text in the file. For that you use
+the supplied script ``pwhash.php`` to generate a hashed password.
+Please see the instructions given in ``pwhash.php``.
+
+With the above example the result could look like
+
+ [users]
+ alice = "sha1:1a4861:a8640981d2a5f9452c75a7bb0491eac3ecd8bdc3"
+
+You will not get exactly the same line if you try it out, this is a
+feature of the system which means that both "alice" and "bob" could
+have "secret" as their password, and you would not be able to tell
+from just looking at ``config.php``.
+
+
+Shell Aliases
+-------------
+
+As in a normal shell, PHP Shell supports alias expansion, albeit in a
+simple form. Aliases are defined by 'key = "value"' pairs in the
+'[aliases]' section. The "key" will be matched against the first
+token of the command line and substituted with the "value" given.
+
+Two convenient aliases are already defined:
+
+ [aliases]
+ ls = "ls -CvhF"
+ ll = "ls -lvhF"
+
+
+General Settings
+----------------
+
+PHP has just one other setting right now --- the home directory.
+Change this in the '[settings]' section.
+
+
+
+Bugs? Comments?
+================
+
+If you find a bug or miss something in PHP Shell, please take a look
+at the Tracker System at SourceForge:
+
+ http://sourceforge.net/tracker/?group_id=156638
+
+There you will find trackers for Bugs, Patches, and Feature Requests.
+You are invited to add items to these so that they wont get lost.
+
+You can also email the development list, found at:
+
+ https://lists.sourceforge.net/lists/listinfo/phpshell-devel
+
+This list is for discussion about all things PHP Shell and it is a
+good place to discuss a feature or bug before adding it to one of the
+SourceForge trackers.
diff --git a/shell/README b/shell/README
new file mode 100644
index 0000000..870d661
--- /dev/null
+++ b/shell/README
@@ -0,0 +1,174 @@
+README file for PHP Shell
+Copyright (C) 2000-2010 the Phpshell-team
+Licensed under the GNU GPL. See the file COPYING for details.
+
+What is PHP Shell?
+==================
+
+PHP Shell is a shell wrapped in a PHP script. It's a tool you can use
+to execute arbitrary shell-commands or browse the filesystem on your
+remote webserver. This replaces, to a degree, a normal
+telnet-connection.
+
+You use it for administration and maintenance of your website, which
+is often much easier to do if you can work directly on the server.
+For example, you could use PHP Shell to unpack and move big files
+around. All the normal command line programs like ps, free, du, df,
+etc... can be used.
+
+
+Limitations
+===========
+
+There are some limitations on what kind of programs you can run. It
+won't do no good if you start a graphical program like Firefox or even
+a console based one like vi. All programs have to be strictly command
+line programs, and they will have no chance of getting user input
+after they have been lunched.
+
+They probably also have to terminate within 30 seconds, as this is the
+default time-limit imposed unto all PHP scripts, to prevent them from
+running in an infinite loop. Your ISP may have set this time-limit to
+something else.
+
+But you can rely on all the normal shell-functionality, like pipes,
+output and input redirection, etc... (There is no <tab>-completion,
+though :-)
+
+
+Safe Mode
+=========
+
+Safe Mode is the nemisis of PHP Shell. If PHP is running in Safe Mode
+then PHP Shell will normally not work --- sorry. Please read the
+detailed explanation in the SECURITY file.
+
+
+Who am I?
+=========
+
+You may not be the same user when using PHP Shell, as you are when you
+upload your files with FTP. On some systems you will be ``nobody``,
+on other systems you will become ``httpd`` or ``www-data``. This is a
+rather dangerous "feature" of the way PHP is run by the webserver. A
+possible effect of this is that you might end up creating files using
+PHP Shell which you cannot delete afterwards using FTP and maybe not
+even using PHP Shell. Strange, but true :-)
+
+If you want to execute code as different user, then it's possible to
+do so by using the Sudo program available from this address:
+
+ http://www.courtesan.com/sudo/
+
+The trick is to configure Sudo to allow the user running the webserver
+to execute certain commands as a more privileged user. This will have
+to be done by the administrator of the server. Please refer to the
+documentation for Sudo for further information about doing this.
+
+
+How to Use It
+=============
+
+When you point your browser at PHP Shell you will be asked to
+authenticate yourself. By default no username/password will work, so
+please go read INSTALL for information about adding a user.
+
+You're back? Good. Enter your username and password and press
+the "Login" button.
+
+You will then be presented with a rather simple page containing
+nothing much except a big window with the cursor blinking at the
+bottom, signaling that it's ready to obey your commands.
+
+Write a command and press ENTER --- or alternatively, press the 'Execute
+Command' button if you really want. The command will be executed and
+the result will be shows in the terminal. You can now enter another
+command.
+
+To be more precise: the terminal is updated with the command line you
+have just executed, the output of the command to standard out
+(stdout), and following that any error output sent to stderr.
+
+The commands are executed relative to a current working directory,
+which is written at the top. You change this by the normal 'cd'
+command (or by selecting a other working directory using the links).
+
+The commands must also be complete, so you cannot enter a multiline command:
+$ for i in a b c ; do
+> echo $i
+> done
+However, in one line it is allowed: for i in a b c ; do echo $i ; done
+
+Variables are also not preserved between the commands, so
+$ A=1
+$ echo $A
+will output 0 instead of 1. But in one line it works as expected:
+$ A=1 ; echo $A
+will give you the expected result: 1
+
+Alternatives
+============
+
+An incomplete list of alternatives to PHP Shell would be:
+
+* SSH. The Secure Shell is the standard solution to the problem that
+ PHP Shell tries to solve. SSH lets you login to a remote system in a
+ secure way where the traffic and password is encrypted at all
+ times. You can also upload and download files securely and make
+ encrypted TCP tunnels.
+
+ If your host supports SSH then use it and forget about PHP Shell or
+ any other solution.
+
+* Telnet. This is the old way to obtain an interactive login on a
+ remote system. Unfortunately telnet is insecure since the password
+ and subsequent traffic are sent in clear text. SSH was developed
+ precisely to replace telnet. The advantage of telnet over PHP Shell
+ is that it gives you an interactive session.
+
+* See more alternatives at the Anyterm homepage:
+
+ http://anyterm.org/compared.html
+
+
+Download
+========
+
+You can download the newest version of PHP Shell from
+
+ http://phpshell.sourceforge.net/
+
+The tarball/zipfile contains these files:
+
+phpshell.php
+ This is the script you run when you use PHP Shell.
+
+pwhash.php
+ A utility used to generate a hashed password. Please read INSTALL
+ for more information. This file poses no security risk.
+
+ChangeLog
+ This file describe the changes I've made to PHP Shell. By reading
+ it you'll always know when I've added a new feature or made a
+ bugfix, and the nature of the feature/bugfix.
+
+README
+ This file! :-)
+
+INSTALL
+ Tells you how to install PHP Shell. Among other things, it
+ explains how to change the password protection so that you can use
+ PHP Shell.
+
+ Remember that it's very important to have PHP Shell password
+ protected, or else everybody will be able so snoop into your files
+ and perhaps also be able to delete them! Please take the time to
+ protect your installation of PHP Shell.
+
+SECURITY
+ A separate guide about security with PHP in general and PHP Shell in
+ particular. Be sure to read this too, especially if you are getting
+ strange errors back from PHP Shell.
+
+COPYING
+ Standard GNU GPL.
diff --git a/shell/SECURITY b/shell/SECURITY
new file mode 100644
index 0000000..888c554
--- /dev/null
+++ b/shell/SECURITY
@@ -0,0 +1,141 @@
+SECURITY file for PHP Shell
+Copyright (C) 2005-2010 the Phpshell-team
+Licensed under the GNU GPL. See the file COPYING for details.
+
+
+PHP Security
+============
+
+Installing PHP on your server is an inherently dangerous thing to do,
+somewhat similar to the danger one faces when one buys a car: it might
+kill you if you have an accident. On the other hand a car makes so
+many things so much more convenient, so most people are willing to
+accept the risk of accidents.
+
+Likewise, PHP is a powerful tool which will let you build your
+webpages easier and faster than without. But it is a *very* powerful
+tool --- PHP is a full programming language which can be used for
+general purpose programming and not just to format HTML for display in
+a browser.
+
+So PHP has support for reading and writing files on the filesystem.
+But PHP also has support for *deleting* files. PHP even has support
+for executing other programs. In other words, PHP has lots of support
+for interacting with the rest of the computer it runs on. This
+interaction is potentially much more powerful than you want it to, and
+this can be a problem if this power ends up in the wrong hands.
+
+
+What about Safe Mode?
+---------------------
+
+As they note in the PHP manual, Safe Mode is an inherently wrong way
+to secure PHP, but is nevertheless used in many installations.
+Turning Safe Mode on in PHP basically tries to restrict the language
+and its functions to make it "safe".
+
+This involves a strict check on file ownership so that PHP wont
+operate on files and directories which are not owned by the owner of
+the current script. Other restrictions in Safe Mode include limits on
+which files can be executed and includes (thus making a primitive form
+of chroot or jail around the PHP script).
+
+PHP Shell is made mostly useless with Safe Mode since it restricts the
+two commands that PHP Shell uses: ``chdir()`` and ``proc_open()``:
+
+* With Safe Mode you cannot change to a directory unless you are the
+ owner of that directory. This means that you cannot change to, say,
+ ``/etc`` since ``root`` own that directory.
+
+ You'll see this when 'cd /etc' results in this error from PHP Shell:
+
+ chdir(): SAFE MODE Restriction in effect. The script whose uid is
+ 500 is not allowed to access /etc owned by uid 0
+ cd: could not change to: /etc
+
+* When Safe Mode is active, PHP forces the argument to ``proc_open()``
+ to be escaped, which means that you cannot use normal shell
+ wildcards, pipes or any such stuff.
+
+ So if you enter 'ls *.txt' in a directory where you know for certain
+ that there is a text file ending in '.txt', you will get the
+ following error:
+
+ /bin/ls: *.txt: No such file or directory
+
+ This is because PHP has silently changed the command into 'ls
+ \*.txt' to disable the wildcard.
+
+* You cannot execute programs unless they are placed in a directory
+ listed in ``safe_mode_exec_dir``. Say you want to execute the
+ program ``tr`` (which translates between sets of characters) and you
+ get this strange messages back:
+
+ sh: line 1: /bin/tr: No such file or directory
+
+ Then you have a problem with the ``safe_mode_exec_dir`` setting. In
+ this case ``safe_mode_exec_dir`` is set to just ``/bin`` and so PHP
+ has forced the shell to execute ``/bin/tr`` and since ``tr`` is
+ installed in ``/usr/bin`` it could not be found.
+
+ If you have write access to a directory listed in
+ ``safe_mode_exec_dir``, then try copying the wanted program there
+ first. Executing it should now work.
+
+
+Even without enabling Safe Mode some functions might have been
+disabled via the ``disabled_functions`` setting. If the
+``proc_open()`` function used by PHP Shell has been disabled, then you
+will see an error like this:
+
+ Fatal Error!
+
+ proc_open() has been disabled for security reasons
+
+ in /path/to/your/installation/phpshell.php, line 221.
+
+
+
+PHP Shell Security
+==================
+
+As noted above, PHP is a powerful tool --- how does PHP Shell fit into
+this? PHP Shell is actually quite simple and does one thing: it uses
+the standard PHP function ``proc_open()`` to execute programs.
+
+Executing other programs is probably the most powerful thing you can
+do in PHP, and so PHP Shell gives you a convenient interface to this
+the most powerful feature of PHP. Nothing more.
+
+
+Is PHP Shell Dangerous?
+-----------------------
+
+Short answer: *yes*! PHP Shell has been used in the past by people
+with not-so-good intentions to destroy valuable content on servers.
+
+The longer answer is that installing PHP Shell is like building a new
+door in your house --- if you leave it unlocked, then people can (and
+probably will!) walk into it and steal your possessions. So you want
+to lock it, and make sure you use a good lock.
+
+With PHP Shell that is equivalent of using a secure password. A
+secure password is one which is hard to guess (make it long, make it
+random, and put both numbers, special characters and normal letters in
+it).
+
+ Remember that guessing the password is all that stands between the
+ crackers and your files!
+
+If you use a good password, then PHP Shell does not make your system
+any more insecure than it already was. Security is always a matter of
+finding the weakest link in the chain: if you use FTP with a simple
+password for updating your site, then it would be much easier for the
+crackers to attack that instead of trying to guess your super-hard PHP
+Shell password. So make sure that you tighten security on all fronts
+you know of.
+
+
+If you have comments or suggestions for improvements to this little
+guide in system security, then please do not hesitate to contact the
+author at <mgeisler@mgeisler.net>.
diff --git a/shell/config.php b/shell/config.php
new file mode 100644
index 0000000..843069b
--- /dev/null
+++ b/shell/config.php
@@ -0,0 +1,71 @@
+; <?php die('Forbidden'); ?> -*- conf -*-
+; Do not remove the above line, it is all that prevents this file from
+; being downloaded.
+;
+; config.php file for PHP Shell
+; Copyright (C) 2005-2010 the Phpshell-team
+; Licensed under the GNU GPL. See the file COPYING for details.
+
+; This ini-file has three parts:
+;
+; * [users] where you add usernames and passwords to give users access
+; to PHP Shell.
+;
+; * [aliases] where you can configure shell aliases.
+;
+; * [settings] where general settings are placed.
+
+
+[users]
+
+luke = "sha1:da6c3f7:1c125210c15b45a083e77674693ceda9dc4750f3"
+
+; The default configuration has no users defined, you have to add your
+; own (choose good passwords!). Add uses as simple
+;
+; username = "password"
+;
+; lines. Please quote your password using double-quotes as shown.
+; The semi-colon ':' is a reserved character, so do *not* use that in
+; your passwords.
+;
+; For improved security it is *strongly suggested* that you the
+; pwhash.php script to generate a hashed password and store that
+; instead of the normal clear text password. Keeping your passwords
+; in hashed form ensures that they cannot be found, even if this file
+; is disclosed. The passwords are still visible in clear text during
+; the login, though. Please follow the instructions given in
+; pwhash.php.
+
+
+
+[aliases]
+
+; Alias expansion. Change the two examples as needed and add your own
+; favorites --- feel free to suggest more defaults! The command line
+; you enter will only be expanded on the very first token and only
+; once, so having 'ls' expand into 'ls -CvhF' does not cause an
+; infinite recursion.
+
+ls = "ls -CvhF"
+ll = "ls -lvhF"
+
+
+
+[settings]
+
+; General settings for PHP Shell.
+
+; Home directory. PHP Shell will change to this directory upon
+; startup and whenever a bare 'cd' command is given. This can be an
+; absolute path or a path relative to the PHP Shell installation
+; directory.
+
+home-directory = "."
+
+; Safe Mode warning. PHP Shell will normally display a big, fat
+; warning if it detects that PHP is running in Safe Mode. If you find
+; that PHP Shell works anyway, then set this to false to get rid of
+; the warning.
+
+safe-mode-warning = true
diff --git a/shell/config.php~ b/shell/config.php~
new file mode 100644
index 0000000..b9b48ca
--- /dev/null
+++ b/shell/config.php~
@@ -0,0 +1,69 @@
+; <?php die('Forbidden'); ?> -*- conf -*-
+; Do not remove the above line, it is all that prevents this file from
+; being downloaded.
+;
+; config.php file for PHP Shell
+; Copyright (C) 2005-2010 the Phpshell-team
+; Licensed under the GNU GPL. See the file COPYING for details.
+
+; This ini-file has three parts:
+;
+; * [users] where you add usernames and passwords to give users access
+; to PHP Shell.
+;
+; * [aliases] where you can configure shell aliases.
+;
+; * [settings] where general settings are placed.
+
+
+[users]
+
+; The default configuration has no users defined, you have to add your
+; own (choose good passwords!). Add uses as simple
+;
+; username = "password"
+;
+; lines. Please quote your password using double-quotes as shown.
+; The semi-colon ':' is a reserved character, so do *not* use that in
+; your passwords.
+;
+; For improved security it is *strongly suggested* that you the
+; pwhash.php script to generate a hashed password and store that
+; instead of the normal clear text password. Keeping your passwords
+; in hashed form ensures that they cannot be found, even if this file
+; is disclosed. The passwords are still visible in clear text during
+; the login, though. Please follow the instructions given in
+; pwhash.php.
+
+
+
+[aliases]
+
+; Alias expansion. Change the two examples as needed and add your own
+; favorites --- feel free to suggest more defaults! The command line
+; you enter will only be expanded on the very first token and only
+; once, so having 'ls' expand into 'ls -CvhF' does not cause an
+; infinite recursion.
+
+ls = "ls -CvhF"
+ll = "ls -lvhF"
+
+
+
+[settings]
+
+; General settings for PHP Shell.
+
+; Home directory. PHP Shell will change to this directory upon
+; startup and whenever a bare 'cd' command is given. This can be an
+; absolute path or a path relative to the PHP Shell installation
+; directory.
+
+home-directory = "."
+
+; Safe Mode warning. PHP Shell will normally display a big, fat
+; warning if it detects that PHP is running in Safe Mode. If you find
+; that PHP Shell works anyway, then set this to false to get rid of
+; the warning.
+
+safe-mode-warning = true
diff --git a/shell/phpshell.php b/shell/phpshell.php
new file mode 100644
index 0000000..34a651b
--- /dev/null
+++ b/shell/phpshell.php
@@ -0,0 +1,550 @@
+<?php // -*- coding: utf-8 -*-
+
+define('PHPSHELL_VERSION', '2.2');
+/*
+
+ **************************************************************
+ * PHP Shell *
+ **************************************************************
+
+ PHP Shell is an interactive PHP script that will execute any command
+ entered. See the files README, INSTALL, and SECURITY or
+ http://phpshell.sourceforge.net/ for further information.
+
+ Copyright (C) 2000-2010 the Phpshell-team
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You can get a copy of the GNU General Public License from this
+ address: http://www.gnu.org/copyleft/gpl.html#SEC1
+ You can also write to the Free Software Foundation, Inc., 59 Temple
+ Place - Suite 330, Boston, MA 02111-1307, USA.
+
+*/
+
+/* There are no user-configurable settings in this file anymore, please see
+ * config.php instead. */
+
+header("Content-Type: text/html; charset=utf-8");
+
+/* This error handler will turn all notices, warnings, and errors into fatal
+ * errors, unless they have been suppressed with the @-operator. */
+function error_handler($errno, $errstr, $errfile, $errline, $errcontext) {
+ /* The @-operator (used with chdir() below) temporarely makes
+ * error_reporting() return zero, and we don't want to die in that case.
+ * We do note the error in the output, though. */
+ if (error_reporting() == 0) {
+ $_SESSION['output'] .= $errstr . "\n";
+ } else {
+ die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
+ "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>PHP Shell ' . PHPSHELL_VERSION . '</title>
+ <meta http-equiv="Content-Script-Type" content="text/javascript">
+ <meta http-equiv="Content-Style-Type" content="text/css">
+ <meta name="generator" content="phpshell">
+ <link rel="stylesheet" href="style.css" type="text/css">
+</head>
+<body>
+ <h1>Fatal Error!</h1>
+ <p><b>' . $errstr . '</b></p>
+ <p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p>
+
+ <hr>
+
+ <p>Please consult the <a href="README">README</a>, <a
+ href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
+ instruction on how to use PHP Shell.</p>
+
+ <hr>
+
+ <address>
+ Copyright &copy; 2000&ndash;2010, the Phpshell-team. Get the latest
+ version at <a
+ href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
+ </address>
+
+</body>
+</html>');
+ }
+}
+
+/* Installing our error handler makes PHP die on even the slightest problem.
+ * This is what we want in a security critical application like this. */
+set_error_handler('error_handler');
+
+
+function logout() {
+ /* Empty the session data, except for the 'authenticated' entry which the
+ * rest of the code needs to be able to check. */
+ $_SESSION = array('authenticated' => false);
+
+ /* Unset the client's cookie, if it has one. */
+// if (isset($_COOKIE[session_name()]))
+// setcookie(session_name(), '', time()-42000, '/');
+
+ /* Destroy the session data on the server. This prevents the simple
+ * replay attach where one uses the back button to re-authenticate using
+ * the old POST data since the server wont know the session then.*/
+// session_destroy();
+}
+
+/* Clear history */
+function clear()
+{
+ $_SESSION['output'] = '';
+}
+
+function stripslashes_deep($value) {
+ if (is_array($value))
+ return array_map('stripslashes_deep', $value);
+ else
+ return stripslashes($value);
+}
+
+if (get_magic_quotes_gpc())
+ $_POST = stripslashes_deep($_POST);
+
+/* Initialize some variables we need again and again. */
+$username = isset($_POST['username']) ? $_POST['username'] : '';
+$password = isset($_POST['password']) ? $_POST['password'] : '';
+$nounce = isset($_POST['nounce']) ? $_POST['nounce'] : '';
+
+$command = isset($_POST['command']) ? $_POST['command'] : '';
+$rows = isset($_POST['rows']) ? $_POST['rows'] : 24;
+$columns = isset($_POST['columns']) ? $_POST['columns'] : 80;
+
+
+/* Load the configuration. */
+$ini = parse_ini_file('config.php', true);
+
+if (empty($ini['settings']))
+ $ini['settings'] = array();
+
+/* Default settings --- these settings should always be set to something. */
+$default_settings = array('home-directory' => '.');
+$showeditor = false;
+
+/* Merge settings. */
+$ini['settings'] = array_merge($default_settings, $ini['settings']);
+
+session_start();
+
+/* Delete the session data if the user requested a logout. This leaves the
+ * session cookie at the user, but this is not important since we
+ * authenticates on $_SESSION['authenticated']. */
+if (isset($_POST['logout']))
+ logout();
+
+/* Delete history if submitted */
+if (isset($_POST['clear']))
+ clear();
+
+/* Attempt authentication. */
+if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce'] &&
+ isset($ini['users'][$username])) {
+ if (strchr($ini['users'][$username], ':') === false) {
+ // No seperator found, assume this is a password in clear text.
+ $_SESSION['authenticated'] = ($ini['users'][$username] == $password);
+ } else {
+ list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]);
+ $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash);
+ }
+}
+
+
+/* Enforce default non-authenticated state if the above code didn't set it
+ * already. */
+if (!isset($_SESSION['authenticated']))
+ $_SESSION['authenticated'] = false;
+
+
+if ($_SESSION['authenticated']) {
+ /* Initialize the session variables. */
+ if (empty($_SESSION['cwd'])) {
+ $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
+ $_SESSION['history'] = array();
+ $_SESSION['output'] = '';
+ }
+ /* Clicked on one of the directory links in the working directory - ignore the command */
+ if (isset($_POST['levelup'])) {
+ $levelup = $_POST['levelup'] ;
+ while ($levelup > 0) {
+ $command = '' ; /* ignore the command */
+ $_SESSION['cwd'] = dirname($_SESSION['cwd']) ;
+ $levelup -- ;
+ }
+ }
+ /* Selected a new subdirectory as working directory - ignore the command */
+ if (isset($_POST['changedirectory'])) {
+ $changedir= $_POST['changedirectory'];
+ if (strlen($changedir) > 0) {
+ if (@chdir($_SESSION['cwd'] . '/' . $changedir)) {
+ $command = '' ; /* ignore the command */
+ $_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir) ;
+ }
+ }
+ }
+
+ /* Save content from 'editor' */
+ if(isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) {
+ $filetoedit_handle = fopen($_POST["filetoedit"], "w");
+ fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"]));
+ fclose($filetoedit_handle);
+ }
+
+ if (!empty($command)) {
+ /* Save the command for late use in the JavaScript. If the command is
+ * already in the history, then the old entry is removed before the
+ * new entry is put into the list at the front. */
+ if (($i = array_search($command, $_SESSION['history'])) !== false)
+ unset($_SESSION['history'][$i]);
+
+ array_unshift($_SESSION['history'], $command);
+
+ /* Now append the commmand to the output. */
+ $_SESSION['output'] .= '$ ' . $command . "\n";
+
+ /* Initialize the current working directory. */
+ if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {
+ $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
+ } elseif (preg_match('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/', $command, $regs)) {
+ /* The current command is a 'cd' command which we have to handle
+ * as an internal shell command. */
+
+ /* if the directory starts and ends with quotes ("), remove them -
+ allows command like 'cd "abc def"' */
+ if ((substr($regs[1],0,1) == '"') && (substr($regs[1],-1) =='"') ) {
+ $regs[1] = substr($regs[1],1) ;
+ $regs[1] = substr($regs[1],0,-1) ;
+ }
+
+ if ($regs[1]{0} == '/') {
+ /* Absolute path, we use it unchanged. */
+ $new_dir = $regs[1];
+ } else {
+ /* Relative path, we append it to the current working
+ * directory. */
+ $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
+ }
+
+ /* Transform '/./' into '/' */
+ while (strpos($new_dir, '/./') !== false)
+ $new_dir = str_replace('/./', '/', $new_dir);
+
+ /* Transform '//' into '/' */
+ while (strpos($new_dir, '//') !== false)
+ $new_dir = str_replace('//', '/', $new_dir);
+
+ /* Transform 'x/..' into '' */
+ while (preg_match('|/\.\.(?!\.)|', $new_dir))
+ $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
+
+ if ($new_dir == '') $new_dir = '/';
+
+ /* Try to change directory. */
+ if (@chdir($new_dir)) {
+ $_SESSION['cwd'] = $new_dir;
+ } else {
+ $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
+ }
+
+ } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]*$/', $command)) {
+ /* You called 'editor' without a filename so you get an short help
+ * on how to use the internal 'editor' command */
+
+ $_SESSION['output'] .= " Syntax: editor filename\n (you forgot the filename)\n";
+
+ } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]+([^;]+)$/', $command, $regs)) {
+ /* This is a tiny editor which you can start with 'editor filename' */
+ $filetoedit = $regs[1];
+ if ($regs[1]{0} != '/') {
+ /* relative path, add it to the current working directory.*/
+ $filetoedit = $_SESSION['cwd'].'/'.$regs[1];
+ } ;
+ if(is_file(realpath($filetoedit)) || ! file_exists($filetoedit)) {
+ $showeditor = true;
+ if(file_exists(realpath($filetoedit)))
+ $filetoedit = realpath($filetoedit);
+ } else {
+ $_SESSION['output'] .= " Syntax: editor filename\n (just regular or not existing files)\n";
+ }
+
+ } elseif (trim($command) == 'exit') {
+ logout();
+ } elseif (trim($command) == 'logout') {
+ logout();
+ } else {
+
+ /* The command is not an internal command, so we execute it after
+ * changing the directory and save the output. */
+ chdir($_SESSION['cwd']);
+
+ // We canot use putenv() in safe mode.
+ if (!ini_get('safe_mode')) {
+ // Advice programs (ls for example) of the terminal size.
+ putenv('ROWS=' . $rows);
+ putenv('COLUMNS=' . $columns);
+ }
+
+ /* Alias expansion. */
+ $length = strcspn($command, " \t");
+ $token = substr($command, 0, $length);
+ if (isset($ini['aliases'][$token]))
+ $command = $ini['aliases'][$token] . substr($command, $length);
+
+ $io = array();
+ $p = proc_open($command,
+ array(1 => array('pipe', 'w'),
+ 2 => array('pipe', 'w')),
+ $io);
+
+ /* Read output sent to stdout. */
+ while (!feof($io[1])) {
+ $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
+ ENT_COMPAT, 'UTF-8');
+ }
+ /* Read output sent to stderr. */
+ while (!feof($io[2])) {
+ $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
+ ENT_COMPAT, 'UTF-8');
+ }
+
+ fclose($io[1]);
+ fclose($io[2]);
+ proc_close($p);
+ }
+ }
+
+ /* Build the command history for use in the JavaScript */
+ if (empty($_SESSION['history'])) {
+ $js_command_hist = '""';
+ } else {
+ $escaped = array_map('addslashes', $_SESSION['history']);
+ $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
+ }
+}
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
+ "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>PHP Shell <?php echo PHPSHELL_VERSION ?></title>
+ <meta http-equiv="Content-Script-Type" content="text/javascript">
+ <meta http-equiv="Content-Style-Type" content="text/css">
+ <meta name="generator" content="phpshell">
+ <link rel="stylesheet" href="style.css" type="text/css">
+
+ <script type="text/javascript">
+ <?php if ($_SESSION['authenticated'] && ! $showeditor) { ?>
+
+ var current_line = 0;
+ var command_hist = new Array(<?php echo $js_command_hist ?>);
+ var last = 0;
+
+ function key(e) {
+ if (!e) var e = window.event;
+
+ if (e.keyCode == 38 && current_line < command_hist.length-1) {
+ command_hist[current_line] = document.shell.command.value;
+ current_line++;
+ document.shell.command.value = command_hist[current_line];
+ }
+
+ if (e.keyCode == 40 && current_line > 0) {
+ command_hist[current_line] = document.shell.command.value;
+ current_line--;
+ document.shell.command.value = command_hist[current_line];
+ }
+
+ }
+
+ function init() {
+ document.shell.setAttribute("autocomplete", "off");
+ document.shell.output.scrollTop = document.shell.output.scrollHeight;
+ document.shell.command.focus()
+ }
+
+ <?php } elseif($_SESSION['authenticated'] && $showeditor) { ?>
+
+ function init() {
+ document.shell.filecontent.focus();
+ }
+
+ <?php } else { ?>
+
+ function init() {
+ document.shell.username.focus();
+ }
+
+ <?php } ?>
+ function levelup(d) {
+ document.shell.levelup.value=d ;
+ document.shell.submit() ;
+ }
+ function changesubdir(d) {
+ document.shell.changedirectory.value=document.shell.dirselected.value ;
+ document.shell.submit() ;
+ }
+ </script>
+</head>
+
+<body onload="init()">
+
+<h1>PHP Shell <?php echo PHPSHELL_VERSION ?></h1>
+
+<form name="shell" action="<?php print($_SERVER['PHP_SELF']) ?>" method="post">
+<div><input name="levelup" id="levelup" type="hidden"></div>
+<div><input name="changedirectory" id="changedirectory" type="hidden"></div>
+<?php
+if (!$_SESSION['authenticated']) {
+ /* Genereate a new nounce every time we preent the login page. This binds
+ * each login to a unique hit on the server and prevents the simple replay
+ * attack where one uses the back button in the browser to replay the POST
+ * data from a login. */
+ $_SESSION['nounce'] = mt_rand();
+
+?>
+
+<fieldset>
+ <legend>Authentication</legend>
+ <?php
+ if (!empty($username))
+ echo " <p class=\"error\">Login failed, please try again:</p>\n";
+ else
+ echo " <p>Please login:</p>\n";
+ ?>
+
+ <label for="username">Username:</label>
+ <input name="username" id="username" type="text" value="<?php echo $username
+ ?>"><br>
+ <label for="password">Password:</label>
+ <input name="password" id="password" type="password">
+ <p><input type="submit" value="Login"></p>
+ <input name="nounce" type="hidden" value="<?php echo $_SESSION['nounce']; ?>">
+
+</fieldset>
+
+<?php } else { /* Authenticated. */ ?>
+<fieldset>
+ <legend><?php echo "Phpshell running on: " . $_SERVER['SERVER_NAME']; ?></legend>
+<p>Current Working Directory:
+<span class="pwd"><?php
+ if( $showeditor ) {
+ echo htmlspecialchars($_SESSION['cwd'], ENT_COMPAT, 'UTF-8') . '</span>';
+ } else { /* normal mode - offer navigation via hyperlinks */
+ $parts = explode('/', $_SESSION['cwd']);
+
+ for($i=1; $i<count($parts); $i=$i+1) {
+ echo '<a class="pwd" title="Change to this directory. Your command will not be executed." href="javascript:levelup(' . (count($parts)-$i) . ')">/</a>' ;
+ echo htmlspecialchars($parts[$i], ENT_COMPAT, 'UTF-8') ;
+ }
+ echo '</span>';
+ /* Now we make a list of the directories. */
+ $dir_handle = opendir($_SESSION['cwd']);
+ /* We store the output so that we can sort it later: */
+ $options = array();
+ /* Run through all the files and directories to find the dirs. */
+ while ($dir = readdir($dir_handle)) {
+ if (($dir != '.') and ($dir != '..') and is_dir($_SESSION['cwd'] . "/" . $dir)) {
+ $options[$dir] = "<option value=\"/$dir\">$dir</option>";
+ }
+ }
+ closedir($dir_handle);
+ if (count($options)>0) {
+ ksort($options);
+ echo '<br><a href="javascript:changesubdir()">Change to subdirectory</a>: <select name="dirselected">';
+ echo implode("\n", $options);
+ echo '</select>';
+ }
+ }
+?>
+<br>
+
+ <?php if(! $showeditor) { /* Outputs the 'terminal' without the editor */ ?>
+
+<div id="terminal">
+<textarea name="output" readonly="readonly" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">
+<?php
+$lines = substr_count($_SESSION['output'], "\n");
+$padding = str_repeat("\n", max(0, $rows+1 - $lines));
+echo rtrim($padding . $_SESSION['output']);
+?>
+</textarea>
+<p id="prompt">
+ $&nbsp;<input name="command" type="text"
+ onkeyup="key(event)" size="<?php echo $columns-2 ?>" tabindex="1">
+</p>
+</div>
+
+ <?php } else { /* Output the 'editor' */ ?>
+ <?php print("You are editing this file: ".$filetoedit); ?>
+
+<div id="terminal">
+<textarea name="filecontent" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">
+<?php
+ if(file_exists($filetoedit)) {
+ print(htmlspecialchars(str_replace("%0D%0D%0A", "%0D%0A", file_get_contents($filetoedit))));
+ }
+?>
+</textarea>
+</div>
+
+<?php } /* End of terminal */ ?>
+
+<p>
+<?php if(! $showeditor) { /* You can not resize the textarea while
+ * the editor is 'running', because if you would
+ * do so you would lose the changes you have
+ * already made in the textarea since last saving */
+?>
+ <span style="float: right">Size: <input type="text" name="rows" size="2"
+ maxlength="3" value="<?php echo $rows ?>"> &times; <input type="text"
+ name="columns" size="2" maxlength="3" value="<?php echo $columns
+ ?>"></span>
+<?php } ?>
+
+
+<?php if(! $showeditor) { /* for normal 'non-editor-mode' */ ?>
+<input type="submit" value="Execute Command">
+<input type="submit" name="clear" value="Clear">
+<?php } else { /* for 'editor-mode' */ ?>
+<input type="hidden" name="filetoedit" id="filetoedit" value="<?php print($filetoedit) ?>">
+<input type="submit" value="Save and Exit">
+<input type="reset" value="Undo all Changes">
+<input type="submit" value="Exit without saving" onclick="javascript:document.getElementById('filetoedit').value='';return true;">
+<?php } ?>
+
+ <input type="submit" name="logout" value="Logout">
+</p>
+</fieldset>
+
+<?php } ?>
+
+</form>
+
+<hr>
+
+<p>Please consult the <a href="README">README</a>, <a
+href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
+instruction on how to use PHP Shell.</p>
+<p>If you have not created accounts for phpshell, please use <a href="pwhash.php">pwhash.php</a> to create secure passwords.</p>
+
+<hr>
+<address>
+Copyright &copy; 2000&ndash;2010, the Phpshell-team. Get the
+latest version at <a
+href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
+</address>
+</body>
+</html>
diff --git a/shell/pwhash.php b/shell/pwhash.php
new file mode 100644
index 0000000..08e8171
--- /dev/null
+++ b/shell/pwhash.php
@@ -0,0 +1,107 @@
+<?php
+/*
+ * pwhash.php file for PHP Shell
+ * Copyright (C) 2005-2010 the Phpshell-team
+ * Licensed under the GNU GPL. See the file COPYING for details.
+ *
+ */
+
+define('PHPSHELL_VERSION', '2.2');
+
+function stripslashes_deep($value) {
+ if (is_array($value))
+ return array_map('stripslashes_deep', $value);
+ else
+ return stripslashes($value);
+}
+
+if (get_magic_quotes_gpc())
+ $_POST = stripslashes_deep($_POST);
+
+$username = isset($_POST['username']) ? $_POST['username'] : '';
+$password = isset($_POST['password']) ? $_POST['password'] : '';
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
+ "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></title>
+ <meta http-equiv="Content-Script-Type" content="text/javascript">
+ <meta http-equiv="Content-Style-Type" content="text/css">
+ <meta name="generator" content="phpshell">
+ <link rel="stylesheet" href="style.css" type="text/css">
+</head>
+
+<body>
+
+<h1>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></h1>
+
+<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
+
+<fieldset>
+ <legend>Username</legend>
+ <input name="username" type="text" value="<?php echo $username ?>">
+</fieldset>
+
+<fieldset>
+ <legend>Password</legend>
+ <input name="password" type="text" value="<?php echo $password ?>">
+</fieldset>
+
+<fieldset>
+ <legend>Result</legend>
+
+<?php
+if ($username == '' || $password == '') {
+ echo " <p><i>Enter a username and a password and update.</i></p>\n";
+} else {
+
+ $u = strtolower($username);
+
+ if (preg_match('/[[ |&~!()]/', $u) || $u == 'null' ||
+ $u == 'yes' || $u == 'no' || $u == 'true' || $u == 'false') {
+
+ echo ' <p class="error">Your username cannot contain any of the following reserved
+ word: "<tt>null</tt>", "<tt>yes</tt>", "<tt>no</tt>", "<tt>true</tt>", or
+ "<tt>false</tt>". The following characters are also prohibited:
+ "<tt>&nbsp;</tt>" (space), "<tt>[</tt>" (left bracket), "<tt>|</tt>" (pipe),
+ "<tt>&</tt>" (ampersand), "<tt>~</tt>" (tilde), "<tt>!</tt>" (exclamation
+ mark), "<tt>(</tt>" (left parenthesis), or "<tt>)</tt>" (right
+ parenthesis).</p>' . "\n";
+
+ echo ' <p>Please choose another username and try again.</p>' . "\n";
+
+ } else {
+ echo " <p>Write the following line into <tt>config.php</tt> " .
+ "in the <tt>users</tt> section:</p>\n";
+
+ if ( function_exists('sha1') ) { $fkt = 'sha1' ; } else { $fkt = 'md5' ; } ;
+ $salt = dechex(mt_rand());
+
+ $hash = $fkt . ':' . $salt . ':' . $fkt($salt . $password);
+
+ echo "<pre>\n";
+ echo htmlentities(str_pad($username, 8) . ' = "' . $hash . '"') . "\n";
+ echo "</pre>\n";
+ }
+}
+?>
+
+<p><input type="submit" value="Update"></p>
+
+</fieldset>
+
+</form>
+
+
+<hr>
+
+<address>
+ Copyright &copy; the Phpshell-team, please see <a href="AUTHORS">AUTHORS</a>.
+ This is PHP Shell <?php echo PHPSHELL_VERSION ?>, get the latest version at <a
+ href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
+</address>
+
+</body>
+</html>
diff --git a/shell/style.css b/shell/style.css
new file mode 100644
index 0000000..f84afb4
--- /dev/null
+++ b/shell/style.css
@@ -0,0 +1,74 @@
+/* style.css file for PHP Shell
+ * Copyright (C) 2003-2010 the Phpshell-team
+ * Licensed under the GNU GPL. See the file COPYING for details.
+ *
+ */
+
+body {
+ font-family: sans-serif;
+ color: black;
+ background: white;
+}
+
+h1 {
+ color: red;
+ background: white;
+}
+
+img {
+ border: none;
+}
+
+div#terminal {
+ border: inset 2px red;
+ padding: 2px;
+ margin-top: 0.5em;
+}
+
+div#terminal textarea {
+ font-size: 100%;
+ width: 100%;
+ border: none;
+}
+
+p {
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+
+p#prompt {
+ font-family: monospace;
+ margin: 0px;
+}
+
+p#prompt input {
+ border: none;
+ font-family: monospace;
+}
+
+legend {
+ padding-right: 0.5em;
+}
+
+fieldset {
+ padding: 0.5em;
+}
+
+.error {
+ color: red;
+}
+
+div.warning {
+ background-color: rgb(255, 150, 150);
+ border: medium solid rgb(255, 60, 60);
+ padding: 0.5em;
+ margin: 0.25em;
+}
+.pwd {
+ font-family: monospace;
+ padding: 0.5em;
+ margin: 0.25em;
+}
+a.pwd {
+ font-weight: bold;
+}