From 3d6790614bb0dc776e02a95835e5c274263d1d1a Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 27 Nov 2011 11:22:36 -0500 Subject: This zip file was identified as ltshell-3.zip --- ltshell.php | 4 +- shell/AUTHORS | 40 --- shell/COPYING | 340 ------------------------- shell/ChangeLog | 225 ---------------- shell/INSTALL | 110 -------- shell/README | 174 ------------- shell/SECURITY | 141 ---------- shell/bin/cat.php | 7 + shell/bin/cd.php | 5 + shell/bin/chmod.php | 13 + shell/bin/echo.php | 6 + shell/bin/editor.php | 21 ++ shell/bin/help.php | 12 + shell/bin/ls.php | 34 +++ shell/bin/pwd.php | 5 + shell/bin/rm.php | 8 + shell/bin/stat.php | 67 +++++ shell/bin/whoami.php | 4 + shell/config.php | 71 ------ shell/config.php~ | 69 ----- shell/exec.php | 58 +++++ shell/foobar.txt | 1 + shell/index.php | 31 +++ shell/lightopenid.php | 650 +++++++++++++++++++++++++++++++++++++++++++++++ shell/login.php | 59 +++++ shell/no_magicquotes.php | 26 ++ shell/passwd.php | 6 + shell/phpshell.php | 550 --------------------------------------- shell/pwhash.php | 107 -------- shell/shell.php | 28 ++ shell/style.css | 111 +++----- 31 files changed, 1082 insertions(+), 1901 deletions(-) delete mode 100644 shell/AUTHORS delete mode 100644 shell/COPYING delete mode 100644 shell/ChangeLog delete mode 100644 shell/INSTALL delete mode 100644 shell/README delete mode 100644 shell/SECURITY create mode 100644 shell/bin/cat.php create mode 100644 shell/bin/cd.php create mode 100644 shell/bin/chmod.php create mode 100644 shell/bin/echo.php create mode 100644 shell/bin/editor.php create mode 100644 shell/bin/help.php create mode 100644 shell/bin/ls.php create mode 100644 shell/bin/pwd.php create mode 100644 shell/bin/rm.php create mode 100644 shell/bin/stat.php create mode 100644 shell/bin/whoami.php delete mode 100644 shell/config.php delete mode 100644 shell/config.php~ create mode 100644 shell/exec.php create mode 100644 shell/foobar.txt create mode 100644 shell/index.php create mode 100644 shell/lightopenid.php create mode 100644 shell/login.php create mode 100644 shell/no_magicquotes.php create mode 100644 shell/passwd.php delete mode 100644 shell/phpshell.php delete mode 100644 shell/pwhash.php create mode 100644 shell/shell.php diff --git a/ltshell.php b/ltshell.php index fb1eee7..38c4e3f 100644 --- a/ltshell.php +++ b/ltshell.php @@ -2,8 +2,8 @@ /* Plugin Name: LTS WebShell Plugin URI: http://lukeshu.ath.cx/1/src/ -Description: A web shell (phpshell-2.2) -Version: 2.2-1 +Description: An entirely PHP web shell (doesn't require system) +Version: 3 Author: Luke Shumaker Author URI: http://lukeshu.ath.cx/1/src/ License: GPL2 diff --git a/shell/AUTHORS b/shell/AUTHORS deleted file mode 100644 index 4a4aa51..0000000 --- a/shell/AUTHORS +++ /dev/null @@ -1,40 +0,0 @@ -AUTHORS file for PHP Shell -Copyright (C) 2000-2010 the Phpshell-team -Licensed under the GNU GPL. See the file COPYING for details. - - -Current maintainer: Wolfgang Dautermann -Original author: Martin Geisler - -Thanks goes to all these persons who have helped: - -richard@joffray.com - Fixed a problem the list of directories, if one accessed the - root-directory. - -Robert Niess - Made me aware of a security hole in the handling of stderr-trapping. - -Gerry Calderhead - Patch for PHP 4.2.0 where register_globals are turned off. - -Jeremy Miller - Suggested that one could use Sudo from - - http://www.courtesan.com/sudo/ - - to let PHP Shell execute code with different privileges than the - webserver. - -Michael Zech - Patch to make the stderr-checkbox remember it's state. - -Wolfgang Dautermann - Multiple patches, including the sorting of directory entries in the - drop down box. - -Natan Bueno Ungethuem - Patch for PHP 5.X because the function ereg was deprecated - -Tobias Unger - AddOn including an Editor ("vim") for PHP-Shell 2.1. diff --git a/shell/COPYING b/shell/COPYING deleted file mode 100644 index f90922e..0000000 --- a/shell/COPYING +++ /dev/null @@ -1,340 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/shell/ChangeLog b/shell/ChangeLog deleted file mode 100644 index 945c737..0000000 --- a/shell/ChangeLog +++ /dev/null @@ -1,225 +0,0 @@ -2010-11-29 Wolfgang Dautermann - * Reimplemented the feature to change to subdirectorys using mouseclicks (was available in older version) - -2010-11-21 Wolfgang Dautermann - * One can navigate to higher level directories using hyperlinks. - -2010-11-05 Wolfgang Dautermann - * Use SHA1 password hashing if possible. Changed project links to http://phpshell.sourceforge.net/ - -2010-01-30 Natan Bueno - * phpshell.php - Added AddOn to editor "vim". - -2010-01-15 Natan Bueno - * phpshell.php - Replaced deprecated function ereg by the function preg_match - -2005-12-27 Martin Geisler - - * phpshell.php: - Added code to prevent simple replay attacks by only accepting each - login form once. - -2005-12-25 Martin Geisler - - * INSTALL: Information about the new internal configuration. - - * phpshell.php: Made authentication internal. - - * SECURITY: New file. - - * config.php: New file. - - * style.css: New file. Renamed from phpshell.css. - -2004-03-27 Martin Geisler - - * phpshell.php 1.29: Removed debug output. - - * README 1.11: Updated documentation for new cool shell-like interface. - - * INSTALL 1.5: - Updated documentation about the command substitution using alises. - - * phpshell.css 1.2: - New styles to make the textarea and input box blend together. - - * phpshell.php 1.28: A little documentation for the alias feature. - - * phpshell.php 1.27: - The shell now looks and behaves much more like a real shell: the shell - now has a commandline history just like a real shell. - - The parsing of 'cd' commands have been rewritten so that even more - special cases are taken care of, and simple command substitution using - aliases have been introduced. - -2004-03-24 Martin Geisler - - * phpshell.php 1.26: - Increased year of copyright to 2004. Fixed the references to the PNG - images, as pointed out by Michael Z. Bell. - -2003-11-11 Martin Geisler - - * AUTHORS 1.6: - Added Wolfgang Dautermann . - - * phpshell.php 1.25: - Ups, I commited with $passwd = array('foo' => 'bar'). - - * phpshell.php 1.24: - Wolfgang Dautermann suggested - that the directory list should be sorted. - - Also, changing directory through symbolic links now works as expected, - so that it's possible to go back using 'cd ..'. - -2003-04-01 Martin Geisler - - * INSTALL 1.4: - New instructions on how to change the username and password. - - * README 1.10: - Updated to be in sync with new instructions on how the password - protection works. - - * phpshell.css 1.1: New file. - - * phpshell.php 1.23: - Updated to use XHTML 1.0 Strict and the $_* variables in PHP - 4.1.0. This effectively breaks compatibility with earlier versions of - PHP. If you cannot upgrade your PHP installation (you really should - consider upgrading to get hold of the latest security and bug fixes) - when just use PhpShell version 1.7 --- there's no new functionality in - this release. - - * COPYING 1.1: New file. - - * phpshell.php 1.22: Changed PHP Shell into PhpShell. - - * phpshell.php 1.21: Added HTTP basic authentication to the script. - - * AUTHORS 1.5: Moved Jeremy Miller . - - * phpshell.php 1.20: Updated version. - - * AUTHORS 1.4, phpshell.php 1.19: - Applied patch from Michael Zech that made the - stderr-checkbox remember it's state. - -2002-09-18 Martin Geisler - - * phpshell.php 1.18: - Use the directory of phpshell.php as the default working directory. - - * AUTHORS 1.3: Added Gerry Calderhead . - - * phpshell.php 1.17: - PHP Shell now works on PHP 4.2.0 with register_globals turned off. - -2002-06-10 Martin Geisler - - * INSTALL 1.3: Added a section about Safe Mode in PHP. - - * README 1.9: - Added a section about Safe Mode in PHP. Also fixed a lot of spelling - errors. - -2002-03-23 Martin Geisler - - * README 1.8: Added a version number to the file. - - * AUTHORS 1.2: Added a notice about Robert Niess . - - * phpshell.php 1.16: - Added a PHPSHELL_VERSION constant. Also, when using stderr-trapping, - we now use a unique filename as returned by tempnam() - Robert Niess - made me aware of this, thanks. - - * phpshell.php 1.15: Small changes in the layout. - - * phpshell.php 1.14: - Updated copyright statements - they were getting quite old :-) - - * README 1.7: - Added a tip from Jeremy Miller about how to - use PHP Shell together with Sudo to execute code as another user. - -2001-12-10 Martin Geisler - - * phpshell.php 1.13: - I found out that 'ls -F' produced better output than 'ls -p'. - - * README 1.6: Told people about the rewriting of 'ls' into 'ls -F' - - * phpshell.php 1.12: - You can now travel through the filesystem by using the normal 'cd' - command. If your command involves 'cd', it will be intercepted and the - current working directory will be changed accordingly. - - * README 1.5: Updated the documentation a bit. - -2001-02-11 Martin Geisler - - * phpshell.php 1.11: - Another suggestion from Thomas Langen : some - people can't use the .php extension, so now the script uses $PHP_SELF - instead. - - * phpshell.php 1.10: - Expanded all PHP start-tags (. - -2000-11-20 Martin Geisler - - * AUTHORS 1.1: New file. - - * phpshell.php 1.9: - Applied a patch from richard@joffray.com which fixed a problem with - accessing the root-directory. - -2000-09-24 Martin Geisler - - * phpshell.php 1.8: Removed a debug-comment. - -2000-09-09 Martin Geisler - - * README 1.4: Expanded the brief explanation at the top. - - * README 1.3: Ups, I forgot to make a description of sample.htaccess. - - * README 1.2: - Added a description of all the files found in the tarball. - - * INSTALL 1.2: Made BUGS lowercase. - - * INSTALL 1.1, README 1.1: New file. - - * phpshell.php 1.7: - Removed 'Martin Geisler' from the title, putting my name on the bottom - of the page ought to be enough :-) - -2000-08-06 Martin Geisler - - * phpshell.php 1.6: - Added a link to gimpster.com at the bottom of the page - -2000-08-05 Martin Geisler - - * phpshell.php 1.5: - Removed references to php3 - I now use php4 so all my files end with - just a '.php' - -2000-06-21 Martin Geisler - - * phpshell.php 1.4: - Fix - there were still references to the old name: shell.php3. - - * phpshell.php 1.3: Workaround for stderr-trapping. Seams to work... - - * phpshell.php 1.2: Initial commit - - * phpshell.php 1.1: New file. - diff --git a/shell/INSTALL b/shell/INSTALL deleted file mode 100644 index 8d20f4b..0000000 --- a/shell/INSTALL +++ /dev/null @@ -1,110 +0,0 @@ -INSTALL file for PHP Shell -Copyright (C) 2000-2010 the Phpshell-team -Licensed under the GNU GPL. See the file COPYING for details. - - -Downloading PHP Shell -===================== - -You can always get the latest version of PHP Shell from: - - http://phpshell.sourceforge.net/ - - - -Installation -============ - -Installation is easy: first unpack the tarball or zipfile downloaded -from the above website into your webserver. This will create a -subdirectory called phpshell-@VERSION@ for PHP Shell version @VERSION@. - -Try loading the file ``phpshell.php`` in your browser and check that -you are served a page that asks you to authenticate yourself with a -username and a password. If you do not see such a page, then please -check that you have entered the URL correctly and that PHP is working -on your server. - - - -Configuration -============= - -All configuration happens in the ``config.php`` file. This is an -ini-file despite its name. Ini-files consist of a number of sections, -each containing a number of 'key = "value"' pairs. PHP Shell has tree -sections: '[users]' for configuring usernames and passwords, -'[aliases]' for configuring shell aliases, and '[settings]' for -general settings. - - -Setting usernames and passwords -------------------------------- - -As a security precaution PHP Shell has no default username and -password (people often forget to change them...). To add the user -"alice" with password "secret" you simply add - - [users] - alice = "secret" - -to the file. Note that you can add as many users as you want by -simply adding more lines like this. - -This system works, but there is a better way --- a way so that the -password does not appear in clear text in the file. For that you use -the supplied script ``pwhash.php`` to generate a hashed password. -Please see the instructions given in ``pwhash.php``. - -With the above example the result could look like - - [users] - alice = "sha1:1a4861:a8640981d2a5f9452c75a7bb0491eac3ecd8bdc3" - -You will not get exactly the same line if you try it out, this is a -feature of the system which means that both "alice" and "bob" could -have "secret" as their password, and you would not be able to tell -from just looking at ``config.php``. - - -Shell Aliases -------------- - -As in a normal shell, PHP Shell supports alias expansion, albeit in a -simple form. Aliases are defined by 'key = "value"' pairs in the -'[aliases]' section. The "key" will be matched against the first -token of the command line and substituted with the "value" given. - -Two convenient aliases are already defined: - - [aliases] - ls = "ls -CvhF" - ll = "ls -lvhF" - - -General Settings ----------------- - -PHP has just one other setting right now --- the home directory. -Change this in the '[settings]' section. - - - -Bugs? Comments? -================ - -If you find a bug or miss something in PHP Shell, please take a look -at the Tracker System at SourceForge: - - http://sourceforge.net/tracker/?group_id=156638 - -There you will find trackers for Bugs, Patches, and Feature Requests. -You are invited to add items to these so that they wont get lost. - -You can also email the development list, found at: - - https://lists.sourceforge.net/lists/listinfo/phpshell-devel - -This list is for discussion about all things PHP Shell and it is a -good place to discuss a feature or bug before adding it to one of the -SourceForge trackers. diff --git a/shell/README b/shell/README deleted file mode 100644 index 870d661..0000000 --- a/shell/README +++ /dev/null @@ -1,174 +0,0 @@ -README file for PHP Shell -Copyright (C) 2000-2010 the Phpshell-team -Licensed under the GNU GPL. See the file COPYING for details. - -What is PHP Shell? -================== - -PHP Shell is a shell wrapped in a PHP script. It's a tool you can use -to execute arbitrary shell-commands or browse the filesystem on your -remote webserver. This replaces, to a degree, a normal -telnet-connection. - -You use it for administration and maintenance of your website, which -is often much easier to do if you can work directly on the server. -For example, you could use PHP Shell to unpack and move big files -around. All the normal command line programs like ps, free, du, df, -etc... can be used. - - -Limitations -=========== - -There are some limitations on what kind of programs you can run. It -won't do no good if you start a graphical program like Firefox or even -a console based one like vi. All programs have to be strictly command -line programs, and they will have no chance of getting user input -after they have been lunched. - -They probably also have to terminate within 30 seconds, as this is the -default time-limit imposed unto all PHP scripts, to prevent them from -running in an infinite loop. Your ISP may have set this time-limit to -something else. - -But you can rely on all the normal shell-functionality, like pipes, -output and input redirection, etc... (There is no -completion, -though :-) - - -Safe Mode -========= - -Safe Mode is the nemisis of PHP Shell. If PHP is running in Safe Mode -then PHP Shell will normally not work --- sorry. Please read the -detailed explanation in the SECURITY file. - - -Who am I? -========= - -You may not be the same user when using PHP Shell, as you are when you -upload your files with FTP. On some systems you will be ``nobody``, -on other systems you will become ``httpd`` or ``www-data``. This is a -rather dangerous "feature" of the way PHP is run by the webserver. A -possible effect of this is that you might end up creating files using -PHP Shell which you cannot delete afterwards using FTP and maybe not -even using PHP Shell. Strange, but true :-) - -If you want to execute code as different user, then it's possible to -do so by using the Sudo program available from this address: - - http://www.courtesan.com/sudo/ - -The trick is to configure Sudo to allow the user running the webserver -to execute certain commands as a more privileged user. This will have -to be done by the administrator of the server. Please refer to the -documentation for Sudo for further information about doing this. - - -How to Use It -============= - -When you point your browser at PHP Shell you will be asked to -authenticate yourself. By default no username/password will work, so -please go read INSTALL for information about adding a user. - -You're back? Good. Enter your username and password and press -the "Login" button. - -You will then be presented with a rather simple page containing -nothing much except a big window with the cursor blinking at the -bottom, signaling that it's ready to obey your commands. - -Write a command and press ENTER --- or alternatively, press the 'Execute -Command' button if you really want. The command will be executed and -the result will be shows in the terminal. You can now enter another -command. - -To be more precise: the terminal is updated with the command line you -have just executed, the output of the command to standard out -(stdout), and following that any error output sent to stderr. - -The commands are executed relative to a current working directory, -which is written at the top. You change this by the normal 'cd' -command (or by selecting a other working directory using the links). - -The commands must also be complete, so you cannot enter a multiline command: -$ for i in a b c ; do -> echo $i -> done -However, in one line it is allowed: for i in a b c ; do echo $i ; done - -Variables are also not preserved between the commands, so -$ A=1 -$ echo $A -will output 0 instead of 1. But in one line it works as expected: -$ A=1 ; echo $A -will give you the expected result: 1 - -Alternatives -============ - -An incomplete list of alternatives to PHP Shell would be: - -* SSH. The Secure Shell is the standard solution to the problem that - PHP Shell tries to solve. SSH lets you login to a remote system in a - secure way where the traffic and password is encrypted at all - times. You can also upload and download files securely and make - encrypted TCP tunnels. - - If your host supports SSH then use it and forget about PHP Shell or - any other solution. - -* Telnet. This is the old way to obtain an interactive login on a - remote system. Unfortunately telnet is insecure since the password - and subsequent traffic are sent in clear text. SSH was developed - precisely to replace telnet. The advantage of telnet over PHP Shell - is that it gives you an interactive session. - -* See more alternatives at the Anyterm homepage: - - http://anyterm.org/compared.html - - -Download -======== - -You can download the newest version of PHP Shell from - - http://phpshell.sourceforge.net/ - -The tarball/zipfile contains these files: - -phpshell.php - This is the script you run when you use PHP Shell. - -pwhash.php - A utility used to generate a hashed password. Please read INSTALL - for more information. This file poses no security risk. - -ChangeLog - This file describe the changes I've made to PHP Shell. By reading - it you'll always know when I've added a new feature or made a - bugfix, and the nature of the feature/bugfix. - -README - This file! :-) - -INSTALL - Tells you how to install PHP Shell. Among other things, it - explains how to change the password protection so that you can use - PHP Shell. - - Remember that it's very important to have PHP Shell password - protected, or else everybody will be able so snoop into your files - and perhaps also be able to delete them! Please take the time to - protect your installation of PHP Shell. - -SECURITY - A separate guide about security with PHP in general and PHP Shell in - particular. Be sure to read this too, especially if you are getting - strange errors back from PHP Shell. - -COPYING - Standard GNU GPL. diff --git a/shell/SECURITY b/shell/SECURITY deleted file mode 100644 index 888c554..0000000 --- a/shell/SECURITY +++ /dev/null @@ -1,141 +0,0 @@ -SECURITY file for PHP Shell -Copyright (C) 2005-2010 the Phpshell-team -Licensed under the GNU GPL. See the file COPYING for details. - - -PHP Security -============ - -Installing PHP on your server is an inherently dangerous thing to do, -somewhat similar to the danger one faces when one buys a car: it might -kill you if you have an accident. On the other hand a car makes so -many things so much more convenient, so most people are willing to -accept the risk of accidents. - -Likewise, PHP is a powerful tool which will let you build your -webpages easier and faster than without. But it is a *very* powerful -tool --- PHP is a full programming language which can be used for -general purpose programming and not just to format HTML for display in -a browser. - -So PHP has support for reading and writing files on the filesystem. -But PHP also has support for *deleting* files. PHP even has support -for executing other programs. In other words, PHP has lots of support -for interacting with the rest of the computer it runs on. This -interaction is potentially much more powerful than you want it to, and -this can be a problem if this power ends up in the wrong hands. - - -What about Safe Mode? ---------------------- - -As they note in the PHP manual, Safe Mode is an inherently wrong way -to secure PHP, but is nevertheless used in many installations. -Turning Safe Mode on in PHP basically tries to restrict the language -and its functions to make it "safe". - -This involves a strict check on file ownership so that PHP wont -operate on files and directories which are not owned by the owner of -the current script. Other restrictions in Safe Mode include limits on -which files can be executed and includes (thus making a primitive form -of chroot or jail around the PHP script). - -PHP Shell is made mostly useless with Safe Mode since it restricts the -two commands that PHP Shell uses: ``chdir()`` and ``proc_open()``: - -* With Safe Mode you cannot change to a directory unless you are the - owner of that directory. This means that you cannot change to, say, - ``/etc`` since ``root`` own that directory. - - You'll see this when 'cd /etc' results in this error from PHP Shell: - - chdir(): SAFE MODE Restriction in effect. The script whose uid is - 500 is not allowed to access /etc owned by uid 0 - cd: could not change to: /etc - -* When Safe Mode is active, PHP forces the argument to ``proc_open()`` - to be escaped, which means that you cannot use normal shell - wildcards, pipes or any such stuff. - - So if you enter 'ls *.txt' in a directory where you know for certain - that there is a text file ending in '.txt', you will get the - following error: - - /bin/ls: *.txt: No such file or directory - - This is because PHP has silently changed the command into 'ls - \*.txt' to disable the wildcard. - -* You cannot execute programs unless they are placed in a directory - listed in ``safe_mode_exec_dir``. Say you want to execute the - program ``tr`` (which translates between sets of characters) and you - get this strange messages back: - - sh: line 1: /bin/tr: No such file or directory - - Then you have a problem with the ``safe_mode_exec_dir`` setting. In - this case ``safe_mode_exec_dir`` is set to just ``/bin`` and so PHP - has forced the shell to execute ``/bin/tr`` and since ``tr`` is - installed in ``/usr/bin`` it could not be found. - - If you have write access to a directory listed in - ``safe_mode_exec_dir``, then try copying the wanted program there - first. Executing it should now work. - - -Even without enabling Safe Mode some functions might have been -disabled via the ``disabled_functions`` setting. If the -``proc_open()`` function used by PHP Shell has been disabled, then you -will see an error like this: - - Fatal Error! - - proc_open() has been disabled for security reasons - - in /path/to/your/installation/phpshell.php, line 221. - - - -PHP Shell Security -================== - -As noted above, PHP is a powerful tool --- how does PHP Shell fit into -this? PHP Shell is actually quite simple and does one thing: it uses -the standard PHP function ``proc_open()`` to execute programs. - -Executing other programs is probably the most powerful thing you can -do in PHP, and so PHP Shell gives you a convenient interface to this -the most powerful feature of PHP. Nothing more. - - -Is PHP Shell Dangerous? ------------------------ - -Short answer: *yes*! PHP Shell has been used in the past by people -with not-so-good intentions to destroy valuable content on servers. - -The longer answer is that installing PHP Shell is like building a new -door in your house --- if you leave it unlocked, then people can (and -probably will!) walk into it and steal your possessions. So you want -to lock it, and make sure you use a good lock. - -With PHP Shell that is equivalent of using a secure password. A -secure password is one which is hard to guess (make it long, make it -random, and put both numbers, special characters and normal letters in -it). - - Remember that guessing the password is all that stands between the - crackers and your files! - -If you use a good password, then PHP Shell does not make your system -any more insecure than it already was. Security is always a matter of -finding the weakest link in the chain: if you use FTP with a simple -password for updating your site, then it would be much easier for the -crackers to attack that instead of trying to guess your super-hard PHP -Shell password. So make sure that you tighten security on all fronts -you know of. - - -If you have comments or suggestions for improvements to this little -guide in system security, then please do not hesitate to contact the -author at . diff --git a/shell/bin/cat.php b/shell/bin/cat.php new file mode 100644 index 0000000..fab9883 --- /dev/null +++ b/shell/bin/cat.php @@ -0,0 +1,7 @@ +'; + echo ''; + echo ''."\n"; + echo ''; + echo ''; + } +} diff --git a/shell/bin/help.php b/shell/bin/help.php new file mode 100644 index 0000000..95d2641 --- /dev/null +++ b/shell/bin/help.php @@ -0,0 +1,12 @@ +1) { echo $name.":\n"; } + $files = array(); + while (false !== ($file = readdir($dh))) { + $files[]="$file"; + } + sort($files); + echo implode("\n",$files)."\n"; + closedir($dh); + } + } else { + echo $name."\n"; + } + } else { + echo $me.': file does not exist: `'.$name."'\n"; + $ret++; + } + } + return $ret; +} diff --git a/shell/bin/pwd.php b/shell/bin/pwd.php new file mode 100644 index 0000000..2b43d00 --- /dev/null +++ b/shell/bin/pwd.php @@ -0,0 +1,5 @@ + -*- conf -*- -; Do not remove the above line, it is all that prevents this file from -; being downloaded. -; -; config.php file for PHP Shell -; Copyright (C) 2005-2010 the Phpshell-team -; Licensed under the GNU GPL. See the file COPYING for details. - -; This ini-file has three parts: -; -; * [users] where you add usernames and passwords to give users access -; to PHP Shell. -; -; * [aliases] where you can configure shell aliases. -; -; * [settings] where general settings are placed. - - -[users] - -luke = "sha1:da6c3f7:1c125210c15b45a083e77674693ceda9dc4750f3" - -; The default configuration has no users defined, you have to add your -; own (choose good passwords!). Add uses as simple -; -; username = "password" -; -; lines. Please quote your password using double-quotes as shown. -; The semi-colon ':' is a reserved character, so do *not* use that in -; your passwords. -; -; For improved security it is *strongly suggested* that you the -; pwhash.php script to generate a hashed password and store that -; instead of the normal clear text password. Keeping your passwords -; in hashed form ensures that they cannot be found, even if this file -; is disclosed. The passwords are still visible in clear text during -; the login, though. Please follow the instructions given in -; pwhash.php. - - - -[aliases] - -; Alias expansion. Change the two examples as needed and add your own -; favorites --- feel free to suggest more defaults! The command line -; you enter will only be expanded on the very first token and only -; once, so having 'ls' expand into 'ls -CvhF' does not cause an -; infinite recursion. - -ls = "ls -CvhF" -ll = "ls -lvhF" - - - -[settings] - -; General settings for PHP Shell. - -; Home directory. PHP Shell will change to this directory upon -; startup and whenever a bare 'cd' command is given. This can be an -; absolute path or a path relative to the PHP Shell installation -; directory. - -home-directory = "." - -; Safe Mode warning. PHP Shell will normally display a big, fat -; warning if it detects that PHP is running in Safe Mode. If you find -; that PHP Shell works anyway, then set this to false to get rid of -; the warning. - -safe-mode-warning = true diff --git a/shell/config.php~ b/shell/config.php~ deleted file mode 100644 index b9b48ca..0000000 --- a/shell/config.php~ +++ /dev/null @@ -1,69 +0,0 @@ -; -*- conf -*- -; Do not remove the above line, it is all that prevents this file from -; being downloaded. -; -; config.php file for PHP Shell -; Copyright (C) 2005-2010 the Phpshell-team -; Licensed under the GNU GPL. See the file COPYING for details. - -; This ini-file has three parts: -; -; * [users] where you add usernames and passwords to give users access -; to PHP Shell. -; -; * [aliases] where you can configure shell aliases. -; -; * [settings] where general settings are placed. - - -[users] - -; The default configuration has no users defined, you have to add your -; own (choose good passwords!). Add uses as simple -; -; username = "password" -; -; lines. Please quote your password using double-quotes as shown. -; The semi-colon ':' is a reserved character, so do *not* use that in -; your passwords. -; -; For improved security it is *strongly suggested* that you the -; pwhash.php script to generate a hashed password and store that -; instead of the normal clear text password. Keeping your passwords -; in hashed form ensures that they cannot be found, even if this file -; is disclosed. The passwords are still visible in clear text during -; the login, though. Please follow the instructions given in -; pwhash.php. - - - -[aliases] - -; Alias expansion. Change the two examples as needed and add your own -; favorites --- feel free to suggest more defaults! The command line -; you enter will only be expanded on the very first token and only -; once, so having 'ls' expand into 'ls -CvhF' does not cause an -; infinite recursion. - -ls = "ls -CvhF" -ll = "ls -lvhF" - - - -[settings] - -; General settings for PHP Shell. - -; Home directory. PHP Shell will change to this directory upon -; startup and whenever a bare 'cd' command is given. This can be an -; absolute path or a path relative to the PHP Shell installation -; directory. - -home-directory = "." - -; Safe Mode warning. PHP Shell will normally display a big, fat -; warning if it detects that PHP is running in Safe Mode. If you find -; that PHP Shell works anyway, then set this to false to get rid of -; the warning. - -safe-mode-warning = true diff --git a/shell/exec.php b/shell/exec.php new file mode 100644 index 0000000..f3dc8d1 --- /dev/null +++ b/shell/exec.php @@ -0,0 +1,58 @@ +'; + return $ret; +} + +function php_exec($com, $cwd='') { + if ($cwd != '') { php_chdir($cwd); } + if ($com=='') { return 0; } + + $root = dirname(__FILE__); + + $ifs=' '; + $path = $root.'/bin'; + + $env = array('IFS' => $ifs, 'PATH' => $path); + + $coms = array(); + $a = 0; + $c = 0; + $q = ''; + while ($com != '') { + $char = substr($com,0,1); + $com = substr($com,1); + if (substr_count ('\'',$char)!==0) { + if (substr($q,0,1)===$char) { + $q = substr($q,1); + } else { + $q = $char.$q; + } + } elseif ($q != '') { + $coms[$c][$a].=$char; + } elseif (substr_count ($ifs,$char)!==0) { + if (isset($coms[$c][$a])) { + $a++; + } + } elseif (substr_count (';',$char)!==0) { + $c++; + } else { + $coms[$c][$a].=$char; + } + } + + $ret=0; + foreach ($coms as $args) { + $file=$path.'/'.$args[0].'.php'; + if (file_exists($file)) { + include($file); + $ret = main($args,$env); + } else { + echo 'sh: command not found: `'.$args[0]."'\n"; + $ret = 1; + } + } + return $ret; +} diff --git a/shell/foobar.txt b/shell/foobar.txt new file mode 100644 index 0000000..fd80404 --- /dev/null +++ b/shell/foobar.txt @@ -0,0 +1 @@ +this is foobar.txt \ No newline at end of file diff --git a/shell/index.php b/shell/index.php new file mode 100644 index 0000000..6d62a65 --- /dev/null +++ b/shell/index.php @@ -0,0 +1,31 @@ +'; +?> + + + + ltShell 3 + + + + + + + diff --git a/shell/lightopenid.php b/shell/lightopenid.php new file mode 100644 index 0000000..f868273 --- /dev/null +++ b/shell/lightopenid.php @@ -0,0 +1,650 @@ + + * $openid = new LightOpenID; + * $openid->identity = 'ID supplied by user'; + * header('Location: ' . $openid->authUrl()); + * + * The provider then sends various parameters via GET, one of them is openid_mode. + * Step two is verification: + * + * if ($this->data['openid_mode']) { + * $openid = new LightOpenID; + * echo $openid->validate() ? 'Logged in.' : 'Failed'; + * } + * + * + * Optionally, you can set $returnUrl and $realm (or $trustRoot, which is an alias). + * The default values for those are: + * $openid->realm = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST']; + * $openid->returnUrl = $openid->realm . $_SERVER['REQUEST_URI']; # without the query part, if present + * If you don't know their meaning, refer to any openid tutorial, or specification. Or just guess. + * + * AX and SREG extensions are supported. + * To use them, specify $openid->required and/or $openid->optional before calling $openid->authUrl(). + * These are arrays, with values being AX schema paths (the 'path' part of the URL). + * For example: + * $openid->required = array('namePerson/friendly', 'contact/email'); + * $openid->optional = array('namePerson/first'); + * If the server supports only SREG or OpenID 1.1, these are automaticaly + * mapped to SREG names, so that user doesn't have to know anything about the server. + * + * To get the values, use $openid->getAttributes(). + * + * + * The library requires PHP >= 5.1.2 with http/https stream wrappers enabled.. + * @author Mewp + * @copyright Copyright (c) 2010, Mewp + * @license http://www.opensource.org/licenses/mit-license.php MIT + */ +class LightOpenID +{ + public $returnUrl + , $required = array() + , $optional = array(); + private $identity, $claimed_id; + protected $server, $version, $trustRoot, $aliases, $identifier_select = false + , $ax = false, $sreg = false, $data; + static protected $ax_to_sreg = array( + 'namePerson/friendly' => 'nickname', + 'contact/email' => 'email', + 'namePerson' => 'fullname', + 'birthDate' => 'dob', + 'person/gender' => 'gender', + 'contact/postalCode/home' => 'postcode', + 'contact/country/home' => 'country', + 'pref/language' => 'language', + 'pref/timezone' => 'timezone', + ); + + function __construct() + { + $this->trustRoot = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST']; + $uri = $_SERVER['REQUEST_URI']; + $uri = strpos($uri, '?') ? substr($uri, 0, strpos($uri, '?')) : $uri; + $this->returnUrl = $this->trustRoot . $uri; + + $this->data = $_POST + $_GET; # OPs may send data as POST or GET. + } + + function __set($name, $value) + { + switch ($name) { + case 'identity': + if (strlen($value = trim((String) $value))) { + if (preg_match('#^xri:/*#i', $value, $m)) { + $value = substr($value, strlen($m[0])); + } elseif (!preg_match('/^(?:[=@+\$!\(]|https?:)/i', $value)) { + $value = "http://$value"; + } + if (preg_match('#^https?://[^/]+$#i', $value, $m)) { + $value .= '/'; + } + } + $this->$name = $this->claimed_id = $value; + break; + case 'trustRoot': + case 'realm': + $this->trustRoot = trim($value); + } + } + + function __get($name) + { + switch ($name) { + case 'identity': + # We return claimed_id instead of identity, + # because the developer should see the claimed identifier, + # i.e. what he set as identity, not the op-local identifier (which is what we verify) + return $this->claimed_id; + case 'trustRoot': + case 'realm': + return $this->trustRoot; + } + } + + /** + * Checks if the server specified in the url exists. + * + * @param $url url to check + * @return true, if the server exists; false otherwise + */ + function hostExists($url) + { + if (strpos($url, '/') === false) { + $server = $url; + } else { + $server = @parse_url($url, PHP_URL_HOST); + } + + if (!$server) { + return false; + } + + return !!gethostbynamel($server); + } + + + protected function request($url, $method='GET', $params=array()) + { + if(!$this->hostExists($url)) { + throw new ErrorException('Invalid request.'); + } + + $params = http_build_query($params, '', '&'); + switch($method) { + case 'GET': + $opts = array( + 'http' => array( + 'method' => 'GET', + 'header' => 'Accept: application/xrds+xml, */*', + 'ignore_errors' => true, + ) + ); + $url = $url . ($params ? '?' . $params : ''); + break; + case 'POST': + $opts = array( + 'http' => array( + 'method' => 'POST', + 'header' => 'Content-type: application/x-www-form-urlencoded', + 'content' => $params, + 'ignore_errors' => true, + ) + ); + break; + case 'HEAD': + # We want to send a HEAD request, + # but since get_headers doesn't accept $context parameter, + # we have to change the defaults. + $default = stream_context_get_options(stream_context_get_default()); + stream_context_get_default( + array('http' => array( + 'method' => 'HEAD', + 'header' => 'Accept: application/xrds+xml, */*', + 'ignore_errors' => true, + )) + ); + + $url = $url . ($params ? '?' . $params : ''); + $headers_tmp = get_headers ($url); + if(!$headers_tmp) { + return array(); + } + + # Parsing headers. + $headers = array(); + foreach($headers_tmp as $header) { + $pos = strpos($header,':'); + $name = strtolower(trim(substr($header, 0, $pos))); + $headers[$name] = trim(substr($header, $pos+1)); + + # Following possible redirections. The point is just to have + # claimed_id change with them, because get_headers() will + # follow redirections automatically. + # We ignore redirections with relative paths. + # If any known provider uses them, file a bug report. + if($name == 'location') { + if(strpos($headers[$name], 'http') === 0) { + $this->claimed_id = $headers[$name]; + } elseif($headers[$name][0] == '/') { + $parsed_url = parse_url($this->claimed_id); + $this->claimed_id = $parsed_url['scheme'] . '://' + . $parsed_url['host'] + . $headers[$name]; + } + } + } + + # And restore them. + stream_context_get_default($default); + return $headers; + } + $context = stream_context_create ($opts); + + return file_get_contents($url, false, $context); + } + + protected function build_url($url, $parts) + { + if (isset($url['query'], $parts['query'])) { + $parts['query'] = $url['query'] . '&' . $parts['query']; + } + + $url = $parts + $url; + $url = $url['scheme'] . '://' + . (empty($url['username'])?'' + :(empty($url['password'])? "{$url['username']}@" + :"{$url['username']}:{$url['password']}@")) + . $url['host'] + . (empty($url['port'])?'':":{$url['port']}") + . (empty($url['path'])?'':$url['path']) + . (empty($url['query'])?'':"?{$url['query']}") + . (empty($url['fragment'])?'':":{$url['fragment']}"); + return $url; + } + + /** + * Helper function used to scan for / tags and extract information + * from them + */ + protected function htmlTag($content, $tag, $attrName, $attrValue, $valueName) + { + preg_match_all("#<{$tag}[^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*$valueName=['\"](.+?)['\"][^>]*/?>#i", $content, $matches1); + preg_match_all("#<{$tag}[^>]*$valueName=['\"](.+?)['\"][^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*/?>#i", $content, $matches2); + + $result = array_merge($matches1[1], $matches2[1]); + return empty($result)?false:$result[0]; + } + + /** + * Performs Yadis and HTML discovery. Normally not used. + * @param $url Identity URL. + * @return String OP Endpoint (i.e. OpenID provider address). + * @throws ErrorException + */ + function discover($url) + { + if (!$url) throw new ErrorException('No identity supplied.'); + # Use xri.net proxy to resolve i-name identities + if (!preg_match('#^https?:#', $url)) { + $url = "https://xri.net/$url"; + } + + # We save the original url in case of Yadis discovery failure. + # It can happen when we'll be lead to an XRDS document + # which does not have any OpenID2 services. + $originalUrl = $url; + + # A flag to disable yadis discovery in case of failure in headers. + $yadis = true; + + # We'll jump a maximum of 5 times, to avoid endless redirections. + for ($i = 0; $i < 5; $i ++) { + if ($yadis) { + $headers = $this->request($url, 'HEAD'); + + $next = false; + if (isset($headers['x-xrds-location'])) { + $url = $this->build_url(parse_url($url), parse_url(trim($headers['x-xrds-location']))); + $next = true; + } + + if (isset($headers['content-type']) + && strpos($headers['content-type'], 'application/xrds+xml') !== false) { + # Found an XRDS document, now let's find the server, and optionally delegate. + $content = $this->request($url, 'GET'); + + # OpenID 2 + $ns = preg_quote('http://specs.openid.net/auth/2.0/'); + if (preg_match('#(.*)\s*'.$ns.'(.*?)\s*(.*)#s', $content, $m)) { + $content = ' ' . $m[1] . $m[3]; # The space is added, so that strpos doesn't return 0. + if ($m[2] == 'server') $this->identifier_select = true; + + preg_match('#(.*)#', $content, $server); + preg_match('#<(Local|Canonical)ID>(.*)#', $content, $delegate); + if (empty($server)) { + return false; + } + # Does the server advertise support for either AX or SREG? + $this->ax = (bool) strpos($content, 'http://openid.net/srv/ax/1.0'); + $this->sreg = strpos($content, 'http://openid.net/sreg/1.0') + || strpos($content, 'http://openid.net/extensions/sreg/1.1'); + + $server = $server[1]; + if (isset($delegate[2])) $this->identity = trim($delegate[2]); + $this->version = 2; + + $this->server = $server; + return $server; + } + + # OpenID 1.1 + $ns = preg_quote('http://openid.net/signon/1.1'); + if (preg_match('#(.*)\s*'.$ns.'\s*(.*)#s', $content, $m)) { + $content = ' ' . $m[1] . $m[2]; + + preg_match('#(.*)#', $content, $server); + preg_match('#<.*?Delegate>(.*)#', $content, $delegate); + if (empty($server)) { + return false; + } + # AX can be used only with OpenID 2.0, so checking only SREG + $this->sreg = strpos($content, 'http://openid.net/sreg/1.0') + || strpos($content, 'http://openid.net/extensions/sreg/1.1'); + + $server = $server[1]; + if (isset($delegate[1])) $this->identity = $delegate[1]; + $this->version = 1; + + $this->server = $server; + return $server; + } + + $next = true; + $yadis = false; + $url = $originalUrl; + $content = null; + break; + } + if ($next) continue; + + # There are no relevant information in headers, so we search the body. + $content = $this->request($url, 'GET'); + if ($location = $this->htmlTag($content, 'meta', 'http-equiv', 'X-XRDS-Location', 'value')) { + $url = $this->build_url(parse_url($url), parse_url($location)); + continue; + } + } + + if (!$content) $content = $this->request($url, 'GET'); + + # At this point, the YADIS Discovery has failed, so we'll switch + # to openid2 HTML discovery, then fallback to openid 1.1 discovery. + $server = $this->htmlTag($content, 'link', 'rel', 'openid2.provider', 'href'); + $delegate = $this->htmlTag($content, 'link', 'rel', 'openid2.local_id', 'href'); + $this->version = 2; + + if (!$server) { + # The same with openid 1.1 + $server = $this->htmlTag($content, 'link', 'rel', 'openid.server', 'href'); + $delegate = $this->htmlTag($content, 'link', 'rel', 'openid.delegate', 'href'); + $this->version = 1; + } + + if ($server) { + # We found an OpenID2 OP Endpoint + if ($delegate) { + # We have also found an OP-Local ID. + $this->identity = $delegate; + } + $this->server = $server; + return $server; + } + + throw new ErrorException('No servers found!'); + } + throw new ErrorException('Endless redirection!'); + } + + protected function sregParams() + { + $params = array(); + # We always use SREG 1.1, even if the server is advertising only support for 1.0. + # That's because it's fully backwards compatibile with 1.0, and some providers + # advertise 1.0 even if they accept only 1.1. One such provider is myopenid.com + $params['openid.ns.sreg'] = 'http://openid.net/extensions/sreg/1.1'; + if ($this->required) { + $params['openid.sreg.required'] = array(); + foreach ($this->required as $required) { + if (!isset(self::$ax_to_sreg[$required])) continue; + $params['openid.sreg.required'][] = self::$ax_to_sreg[$required]; + } + $params['openid.sreg.required'] = implode(',', $params['openid.sreg.required']); + } + + if ($this->optional) { + $params['openid.sreg.optional'] = array(); + foreach ($this->optional as $optional) { + if (!isset(self::$ax_to_sreg[$optional])) continue; + $params['openid.sreg.optional'][] = self::$ax_to_sreg[$optional]; + } + $params['openid.sreg.optional'] = implode(',', $params['openid.sreg.optional']); + } + return $params; + } + + protected function axParams() + { + $params = array(); + if ($this->required || $this->optional) { + $params['openid.ns.ax'] = 'http://openid.net/srv/ax/1.0'; + $params['openid.ax.mode'] = 'fetch_request'; + $this->aliases = array(); + $counts = array(); + $required = array(); + $optional = array(); + foreach (array('required','optional') as $type) { + foreach ($this->$type as $alias => $field) { + if (is_int($alias)) $alias = strtr($field, '/', '_'); + $this->aliases[$alias] = 'http://axschema.org/' . $field; + if (empty($counts[$alias])) $counts[$alias] = 0; + $counts[$alias] += 1; + ${$type}[] = $alias; + } + } + foreach ($this->aliases as $alias => $ns) { + $params['openid.ax.type.' . $alias] = $ns; + } + foreach ($counts as $alias => $count) { + if ($count == 1) continue; + $params['openid.ax.count.' . $alias] = $count; + } + + # Don't send empty ax.requied and ax.if_available. + # Google and possibly other providers refuse to support ax when one of these is empty. + if($required) { + $params['openid.ax.required'] = implode(',', $required); + } + if($optional) { + $params['openid.ax.if_available'] = implode(',', $optional); + } + } + return $params; + } + + protected function authUrl_v1() + { + $returnUrl = $this->returnUrl; + # If we have an openid.delegate that is different from our claimed id, + # we need to somehow preserve the claimed id between requests. + # The simplest way is to just send it along with the return_to url. + if($this->identity != $this->claimed_id) { + $returnUrl .= (strpos($returnUrl, '?') ? '&' : '?') . 'openid.claimed_id=' . $this->claimed_id; + } + + $params = array( + 'openid.return_to' => $returnUrl, + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $this->identity, + 'openid.trust_root' => $this->trustRoot, + ) + $this->sregParams(); + + return $this->build_url(parse_url($this->server) + , array('query' => http_build_query($params, '', '&'))); + } + + protected function authUrl_v2($identifier_select) + { + $params = array( + 'openid.ns' => 'http://specs.openid.net/auth/2.0', + 'openid.mode' => 'checkid_setup', + 'openid.return_to' => $this->returnUrl, + 'openid.realm' => $this->trustRoot, + ); + if ($this->ax) { + $params += $this->axParams(); + } + if ($this->sreg) { + $params += $this->sregParams(); + } + if (!$this->ax && !$this->sreg) { + # If OP doesn't advertise either SREG, nor AX, let's send them both + # in worst case we don't get anything in return. + $params += $this->axParams() + $this->sregParams(); + } + + if ($identifier_select) { + $params['openid.identity'] = $params['openid.claimed_id'] + = 'http://specs.openid.net/auth/2.0/identifier_select'; + } else { + $params['openid.identity'] = $this->identity; + $params['openid.claimed_id'] = $this->claimed_id; + } + + return $this->build_url(parse_url($this->server) + , array('query' => http_build_query($params, '', '&'))); + } + + /** + * Returns authentication url. Usually, you want to redirect your user to it. + * @return String The authentication url. + * @param String $select_identifier Whether to request OP to select identity for an user in OpenID 2. Does not affect OpenID 1. + * @throws ErrorException + */ + function authUrl($identifier_select = null) + { + if (!$this->server) $this->discover($this->identity); + + if ($this->version == 2) { + if ($identifier_select === null) { + return $this->authUrl_v2($this->identifier_select); + } + return $this->authUrl_v2($identifier_select); + } + return $this->authUrl_v1(); + } + + /** + * Performs OpenID verification with the OP. + * @return Bool Whether the verification was successful. + * @throws ErrorException + */ + function validate() + { + $this->claimed_id = isset($this->data['openid_claimed_id'])?$this->data['openid_claimed_id']:$this->data['openid_identity']; + $params = array( + 'openid.assoc_handle' => $this->data['openid_assoc_handle'], + 'openid.signed' => $this->data['openid_signed'], + 'openid.sig' => $this->data['openid_sig'], + ); + + if (isset($this->data['openid_ns'])) { + # We're dealing with an OpenID 2.0 server, so let's set an ns + # Even though we should know location of the endpoint, + # we still need to verify it by discovery, so $server is not set here + $params['openid.ns'] = 'http://specs.openid.net/auth/2.0'; + } elseif(isset($this->data['openid_claimed_id'])) { + # If it's an OpenID 1 provider, and we've got claimed_id, + # we have to append it to the returnUrl, like authUrl_v1 does. + $this->returnUrl .= (strpos($this->returnUrl, '?') ? '&' : '?') + . 'openid.claimed_id=' . $this->claimed_id; + } + + if ($this->data['openid_return_to'] != $this->returnUrl) { + # The return_to url must match the url of current request. + # I'm assuing that noone will set the returnUrl to something that doesn't make sense. + return false; + } + + $server = $this->discover($this->data['openid_identity']); + + foreach (explode(',', $this->data['openid_signed']) as $item) { + # Checking whether magic_quotes_gpc is turned on, because + # the function may fail if it is. For example, when fetching + # AX namePerson, it might containg an apostrophe, which will be escaped. + # In such case, validation would fail, since we'd send different data than OP + # wants to verify. stripslashes() should solve that problem, but we can't + # use it when magic_quotes is off. + $value = $this->data['openid_' . str_replace('.','_',$item)]; + $params['openid.' . $item] = get_magic_quotes_gpc() ? stripslashes($value) : $value; + } + + $params['openid.mode'] = 'check_authentication'; + + $response = $this->request($server, 'POST', $params); + + return preg_match('/is_valid\s*:\s*true/i', $response); + } + + protected function getAxAttributes() + { + $alias = null; + if (isset($this->data['openid_ns_ax']) + && $this->data['openid_ns_ax'] != 'http://openid.net/srv/ax/1.0' + ) { # It's the most likely case, so we'll check it before + $alias = 'ax'; + } else { + # 'ax' prefix is either undefined, or points to another extension, + # so we search for another prefix + foreach ($this->data as $key => $val) { + if (substr($key, 0, strlen('openid_ns_')) == 'openid_ns_' + && $val == 'http://openid.net/srv/ax/1.0' + ) { + $alias = substr($key, strlen('openid_ns_')); + break; + } + } + } + if (!$alias) { + # An alias for AX schema has not been found, + # so there is no AX data in the OP's response + return array(); + } + + $attributes = array(); + foreach ($this->data as $key => $value) { + $keyMatch = 'openid_' . $alias . '_value_'; + if (substr($key, 0, strlen($keyMatch)) != $keyMatch) { + continue; + } + $key = substr($key, strlen($keyMatch)); + if (!isset($this->data['openid_' . $alias . '_type_' . $key])) { + # OP is breaking the spec by returning a field without + # associated ns. This shouldn't happen, but it's better + # to check, than cause an E_NOTICE. + continue; + } + $key = substr($this->data['openid_' . $alias . '_type_' . $key], + strlen('http://axschema.org/')); + $attributes[$key] = $value; + } + return $attributes; + } + + protected function getSregAttributes() + { + $attributes = array(); + $sreg_to_ax = array_flip(self::$ax_to_sreg); + foreach ($this->data as $key => $value) { + $keyMatch = 'openid_sreg_'; + if (substr($key, 0, strlen($keyMatch)) != $keyMatch) { + continue; + } + $key = substr($key, strlen($keyMatch)); + if (!isset($sreg_to_ax[$key])) { + # The field name isn't part of the SREG spec, so we ignore it. + continue; + } + $attributes[$sreg_to_ax[$key]] = $value; + } + return $attributes; + } + + /** + * Gets AX/SREG attributes provided by OP. should be used only after successful validaton. + * Note that it does not guarantee that any of the required/optional parameters will be present, + * or that there will be no other attributes besides those specified. + * In other words. OP may provide whatever information it wants to. + * * SREG names will be mapped to AX names. + * * @return Array Array of attributes with keys being the AX schema names, e.g. 'contact/email' + * @see http://www.axschema.org/types/ + */ + function getAttributes() + { + if (isset($this->data['openid_ns']) + && $this->data['openid_ns'] == 'http://specs.openid.net/auth/2.0' + ) { # OpenID 2.0 + # We search for both AX and SREG attributes, with AX taking precedence. + return $this->getAxAttributes() + $this->getSregAttributes(); + } + return $this->getSregAttributes(); + } +} diff --git a/shell/login.php b/shell/login.php new file mode 100644 index 0000000..eff6eca --- /dev/null +++ b/shell/login.php @@ -0,0 +1,59 @@ +'.$_SESSION['user'].' is now logged out

'; + $_SESSION['user']=''; + } else { + $auth_html.=' +

Currently logged in as '.$_SESSION['user'].'.

+
+ + +
+ '; + } +} else { + // not already logged in + try { + if(!isset($_GET['openid_mode'])) { + if(isset($_POST['openid_identifier'])) { + $openid = new LightOpenID; + $openid->identity = $_POST['openid_identifier']; + header('Location: ' . $openid->authUrl()); + } + $auth_html.=' +
+ OpenID: +
+ '; + } elseif($_GET['openid_mode'] == 'cancel') { + $auth_html.='

User has canceled authentication!

'; + } else { + $openid = new LightOpenID; + if ($openid->validate()) { + // is logged in + global $users; + include_once('passwd.php'); + if (in_array($openid->identity,$users)) { + $_SESSION['user']=$openid->identity; + $auth_html.='

Welcome, '.$_SESSION['user'].'!

'; + } else { + $auth_html.='

Authentication was successful, but '.$openid->identity.' is not an authorized user.

'; + } + } else { + // is not logged in + $auth_html.='

User '.$openid->identity.' is not logged in

'; + } + } + } catch(ErrorException $e) { + $auth_html.=$e->getMessage(); + } +} +// END AUTH CODE /////////////////////////////////////////////////////////////// diff --git a/shell/no_magicquotes.php b/shell/no_magicquotes.php new file mode 100644 index 0000000..f6718eb --- /dev/null +++ b/shell/no_magicquotes.php @@ -0,0 +1,26 @@ + $value) { + if (!$topLevel) { + $key = stripslashes($key); + } + if (is_array($value)) { + $newArray[$key] = undoMagicQuotes($value, false); + } + else { + $newArray[$key] = stripslashes($value); + } + } + return $newArray; + } + $_GET = undoMagicQuotes($_GET); + $_POST = undoMagicQuotes($_POST); + $_COOKIE = undoMagicQuotes($_COOKIE); + $_REQUEST = undoMagicQuotes($_REQUEST); +} +?> diff --git a/shell/passwd.php b/shell/passwd.php new file mode 100644 index 0000000..cf6fdaf --- /dev/null +++ b/shell/passwd.php @@ -0,0 +1,6 @@ + diff --git a/shell/phpshell.php b/shell/phpshell.php deleted file mode 100644 index 34a651b..0000000 --- a/shell/phpshell.php +++ /dev/null @@ -1,550 +0,0 @@ - - - - PHP Shell ' . PHPSHELL_VERSION . ' - - - - - - -

Fatal Error!

-

' . $errstr . '

-

in ' . $errfile . ', line ' . $errline . '.

- -
- -

Please consult the README, INSTALL, and SECURITY files for - instruction on how to use PHP Shell.

- -
- -
- Copyright © 2000–2010, the Phpshell-team. Get the latest - version at http://phpshell.sourceforge.net/. -
- - -'); - } -} - -/* Installing our error handler makes PHP die on even the slightest problem. - * This is what we want in a security critical application like this. */ -set_error_handler('error_handler'); - - -function logout() { - /* Empty the session data, except for the 'authenticated' entry which the - * rest of the code needs to be able to check. */ - $_SESSION = array('authenticated' => false); - - /* Unset the client's cookie, if it has one. */ -// if (isset($_COOKIE[session_name()])) -// setcookie(session_name(), '', time()-42000, '/'); - - /* Destroy the session data on the server. This prevents the simple - * replay attach where one uses the back button to re-authenticate using - * the old POST data since the server wont know the session then.*/ -// session_destroy(); -} - -/* Clear history */ -function clear() -{ - $_SESSION['output'] = ''; -} - -function stripslashes_deep($value) { - if (is_array($value)) - return array_map('stripslashes_deep', $value); - else - return stripslashes($value); -} - -if (get_magic_quotes_gpc()) - $_POST = stripslashes_deep($_POST); - -/* Initialize some variables we need again and again. */ -$username = isset($_POST['username']) ? $_POST['username'] : ''; -$password = isset($_POST['password']) ? $_POST['password'] : ''; -$nounce = isset($_POST['nounce']) ? $_POST['nounce'] : ''; - -$command = isset($_POST['command']) ? $_POST['command'] : ''; -$rows = isset($_POST['rows']) ? $_POST['rows'] : 24; -$columns = isset($_POST['columns']) ? $_POST['columns'] : 80; - - -/* Load the configuration. */ -$ini = parse_ini_file('config.php', true); - -if (empty($ini['settings'])) - $ini['settings'] = array(); - -/* Default settings --- these settings should always be set to something. */ -$default_settings = array('home-directory' => '.'); -$showeditor = false; - -/* Merge settings. */ -$ini['settings'] = array_merge($default_settings, $ini['settings']); - -session_start(); - -/* Delete the session data if the user requested a logout. This leaves the - * session cookie at the user, but this is not important since we - * authenticates on $_SESSION['authenticated']. */ -if (isset($_POST['logout'])) - logout(); - -/* Delete history if submitted */ -if (isset($_POST['clear'])) - clear(); - -/* Attempt authentication. */ -if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce'] && - isset($ini['users'][$username])) { - if (strchr($ini['users'][$username], ':') === false) { - // No seperator found, assume this is a password in clear text. - $_SESSION['authenticated'] = ($ini['users'][$username] == $password); - } else { - list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]); - $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash); - } -} - - -/* Enforce default non-authenticated state if the above code didn't set it - * already. */ -if (!isset($_SESSION['authenticated'])) - $_SESSION['authenticated'] = false; - - -if ($_SESSION['authenticated']) { - /* Initialize the session variables. */ - if (empty($_SESSION['cwd'])) { - $_SESSION['cwd'] = realpath($ini['settings']['home-directory']); - $_SESSION['history'] = array(); - $_SESSION['output'] = ''; - } - /* Clicked on one of the directory links in the working directory - ignore the command */ - if (isset($_POST['levelup'])) { - $levelup = $_POST['levelup'] ; - while ($levelup > 0) { - $command = '' ; /* ignore the command */ - $_SESSION['cwd'] = dirname($_SESSION['cwd']) ; - $levelup -- ; - } - } - /* Selected a new subdirectory as working directory - ignore the command */ - if (isset($_POST['changedirectory'])) { - $changedir= $_POST['changedirectory']; - if (strlen($changedir) > 0) { - if (@chdir($_SESSION['cwd'] . '/' . $changedir)) { - $command = '' ; /* ignore the command */ - $_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir) ; - } - } - } - - /* Save content from 'editor' */ - if(isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) { - $filetoedit_handle = fopen($_POST["filetoedit"], "w"); - fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"])); - fclose($filetoedit_handle); - } - - if (!empty($command)) { - /* Save the command for late use in the JavaScript. If the command is - * already in the history, then the old entry is removed before the - * new entry is put into the list at the front. */ - if (($i = array_search($command, $_SESSION['history'])) !== false) - unset($_SESSION['history'][$i]); - - array_unshift($_SESSION['history'], $command); - - /* Now append the commmand to the output. */ - $_SESSION['output'] .= '$ ' . $command . "\n"; - - /* Initialize the current working directory. */ - if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) { - $_SESSION['cwd'] = realpath($ini['settings']['home-directory']); - } elseif (preg_match('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/', $command, $regs)) { - /* The current command is a 'cd' command which we have to handle - * as an internal shell command. */ - - /* if the directory starts and ends with quotes ("), remove them - - allows command like 'cd "abc def"' */ - if ((substr($regs[1],0,1) == '"') && (substr($regs[1],-1) =='"') ) { - $regs[1] = substr($regs[1],1) ; - $regs[1] = substr($regs[1],0,-1) ; - } - - if ($regs[1]{0} == '/') { - /* Absolute path, we use it unchanged. */ - $new_dir = $regs[1]; - } else { - /* Relative path, we append it to the current working - * directory. */ - $new_dir = $_SESSION['cwd'] . '/' . $regs[1]; - } - - /* Transform '/./' into '/' */ - while (strpos($new_dir, '/./') !== false) - $new_dir = str_replace('/./', '/', $new_dir); - - /* Transform '//' into '/' */ - while (strpos($new_dir, '//') !== false) - $new_dir = str_replace('//', '/', $new_dir); - - /* Transform 'x/..' into '' */ - while (preg_match('|/\.\.(?!\.)|', $new_dir)) - $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir); - - if ($new_dir == '') $new_dir = '/'; - - /* Try to change directory. */ - if (@chdir($new_dir)) { - $_SESSION['cwd'] = $new_dir; - } else { - $_SESSION['output'] .= "cd: could not change to: $new_dir\n"; - } - - } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]*$/', $command)) { - /* You called 'editor' without a filename so you get an short help - * on how to use the internal 'editor' command */ - - $_SESSION['output'] .= " Syntax: editor filename\n (you forgot the filename)\n"; - - } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]+([^;]+)$/', $command, $regs)) { - /* This is a tiny editor which you can start with 'editor filename' */ - $filetoedit = $regs[1]; - if ($regs[1]{0} != '/') { - /* relative path, add it to the current working directory.*/ - $filetoedit = $_SESSION['cwd'].'/'.$regs[1]; - } ; - if(is_file(realpath($filetoedit)) || ! file_exists($filetoedit)) { - $showeditor = true; - if(file_exists(realpath($filetoedit))) - $filetoedit = realpath($filetoedit); - } else { - $_SESSION['output'] .= " Syntax: editor filename\n (just regular or not existing files)\n"; - } - - } elseif (trim($command) == 'exit') { - logout(); - } elseif (trim($command) == 'logout') { - logout(); - } else { - - /* The command is not an internal command, so we execute it after - * changing the directory and save the output. */ - chdir($_SESSION['cwd']); - - // We canot use putenv() in safe mode. - if (!ini_get('safe_mode')) { - // Advice programs (ls for example) of the terminal size. - putenv('ROWS=' . $rows); - putenv('COLUMNS=' . $columns); - } - - /* Alias expansion. */ - $length = strcspn($command, " \t"); - $token = substr($command, 0, $length); - if (isset($ini['aliases'][$token])) - $command = $ini['aliases'][$token] . substr($command, $length); - - $io = array(); - $p = proc_open($command, - array(1 => array('pipe', 'w'), - 2 => array('pipe', 'w')), - $io); - - /* Read output sent to stdout. */ - while (!feof($io[1])) { - $_SESSION['output'] .= htmlspecialchars(fgets($io[1]), - ENT_COMPAT, 'UTF-8'); - } - /* Read output sent to stderr. */ - while (!feof($io[2])) { - $_SESSION['output'] .= htmlspecialchars(fgets($io[2]), - ENT_COMPAT, 'UTF-8'); - } - - fclose($io[1]); - fclose($io[2]); - proc_close($p); - } - } - - /* Build the command history for use in the JavaScript */ - if (empty($_SESSION['history'])) { - $js_command_hist = '""'; - } else { - $escaped = array_map('addslashes', $_SESSION['history']); - $js_command_hist = '"", "' . implode('", "', $escaped) . '"'; - } -} - -?> - - - - PHP Shell <?php echo PHPSHELL_VERSION ?> - - - - - - - - - - -

PHP Shell

- -
-
-
- - -
- Authentication - Login failed, please try again:

\n"; - else - echo "

Please login:

\n"; - ?> - - -
- - -

- - -
- - -
- -

Current Working Directory: -'; - } else { /* normal mode - offer navigation via hyperlinks */ - $parts = explode('/', $_SESSION['cwd']); - - for($i=1; $i/' ; - echo htmlspecialchars($parts[$i], ENT_COMPAT, 'UTF-8') ; - } - echo ''; - /* Now we make a list of the directories. */ - $dir_handle = opendir($_SESSION['cwd']); - /* We store the output so that we can sort it later: */ - $options = array(); - /* Run through all the files and directories to find the dirs. */ - while ($dir = readdir($dir_handle)) { - if (($dir != '.') and ($dir != '..') and is_dir($_SESSION['cwd'] . "/" . $dir)) { - $options[$dir] = ""; - } - } - closedir($dir_handle); - if (count($options)>0) { - ksort($options); - echo '
Change to subdirectory: '; - } - } -?> -
- - - -

- -

- $  -

-
- - - - -
- -
- - - -

- - Size: × - - - - - - - - - - - - - - -

-
- - - -
- -
- -

Please consult the README, INSTALL, and SECURITY files for -instruction on how to use PHP Shell.

-

If you have not created accounts for phpshell, please use pwhash.php to create secure passwords.

- -
-
-Copyright © 2000–2010, the Phpshell-team. Get the -latest version at http://phpshell.sourceforge.net/. -
- - diff --git a/shell/pwhash.php b/shell/pwhash.php deleted file mode 100644 index 08e8171..0000000 --- a/shell/pwhash.php +++ /dev/null @@ -1,107 +0,0 @@ - - - - - Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?> - - - - - - - - -

Password Hasher for PHP Shell

- -
- -
- Username - -
- -
- Password - -
- -
- Result - -Enter a username and a password and update.

\n"; -} else { - - $u = strtolower($username); - - if (preg_match('/[[ |&~!()]/', $u) || $u == 'null' || - $u == 'yes' || $u == 'no' || $u == 'true' || $u == 'false') { - - echo '

Your username cannot contain any of the following reserved - word: "null", "yes", "no", "true", or - "false". The following characters are also prohibited: - " " (space), "[" (left bracket), "|" (pipe), - "&" (ampersand), "~" (tilde), "!" (exclamation - mark), "(" (left parenthesis), or ")" (right - parenthesis).

' . "\n"; - - echo '

Please choose another username and try again.

' . "\n"; - - } else { - echo "

Write the following line into config.php " . - "in the users section:

\n"; - - if ( function_exists('sha1') ) { $fkt = 'sha1' ; } else { $fkt = 'md5' ; } ; - $salt = dechex(mt_rand()); - - $hash = $fkt . ':' . $salt . ':' . $fkt($salt . $password); - - echo "
\n";
-    echo htmlentities(str_pad($username, 8) . ' = "' . $hash . '"') . "\n";
-    echo "
\n"; - } -} -?> - -

- -
- -
- - -
- -
- Copyright © the Phpshell-team, please see AUTHORS. - This is PHP Shell , get the latest version at http://phpshell.sourceforge.net/. -
- - - diff --git a/shell/shell.php b/shell/shell.php new file mode 100644 index 0000000..7ad8ae2 --- /dev/null +++ b/shell/shell.php @@ -0,0 +1,28 @@ + +
+ diff --git a/shell/style.css b/shell/style.css index f84afb4..3206cc4 100644 --- a/shell/style.css +++ b/shell/style.css @@ -1,74 +1,41 @@ -/* style.css file for PHP Shell - * Copyright (C) 2003-2010 the Phpshell-team - * Licensed under the GNU GPL. See the file COPYING for details. - * - */ - body { - font-family: sans-serif; - color: black; - background: white; -} - -h1 { - color: red; - background: white; -} - -img { - border: none; -} - -div#terminal { - border: inset 2px red; - padding: 2px; - margin-top: 0.5em; -} - -div#terminal textarea { - font-size: 100%; - width: 100%; - border: none; -} - -p { - margin-top: 0.5em; - margin-bottom: 0.5em; -} - -p#prompt { - font-family: monospace; - margin: 0px; -} - -p#prompt input { - border: none; - font-family: monospace; -} - -legend { - padding-right: 0.5em; -} - -fieldset { - padding: 0.5em; -} - -.error { - color: red; -} - -div.warning { - background-color: rgb(255, 150, 150); - border: medium solid rgb(255, 60, 60); - padding: 0.5em; - margin: 0.25em; -} -.pwd { - font-family: monospace; - padding: 0.5em; - margin: 0.25em; -} -a.pwd { - font-weight: bold; + background-color: black; + color: white; +} +.login { + border: solid 2px white; + background: #555555; + position: fixed; + top: 0; right:0; +} +.term { + display:block; +} +.term, .term * { + background-color: black; + color: white; + white-space: pre-wrap; + font-family: monospace; + border: none; + font-size: 1em; +} +.hidden { + display:none; +} +.term input[type=text], +.term input[type=text]:focus { + height:1em; + width: 78em; + margin:0; padding:0; border:none; +} +.editor { + background: #AAAAAA; + padding:2em 1em; + width: 100%; + color: black; + height: 24em; +} +.editor textarea { width: 90%; height: 22em; } +form { + display: inline; } -- cgit v1.2.3