From 66c84cedfb411ad6ca0508d9f45d6d33c8ad474d Mon Sep 17 00:00:00 2001
From: Luke Shumaker
Date: Sun, 27 Nov 2011 11:13:51 -0500
Subject: This directory was identified as ltshell-2.2-1. I think it is
rebranded phpshell-2.2.
---
ltshell.php | 12 ++
shell/AUTHORS | 40 ++++
shell/COPYING | 340 +++++++++++++++++++++++++++++++++
shell/ChangeLog | 225 ++++++++++++++++++++++
shell/INSTALL | 110 +++++++++++
shell/README | 174 +++++++++++++++++
shell/SECURITY | 141 ++++++++++++++
shell/config.php | 71 +++++++
shell/config.php~ | 69 +++++++
shell/phpshell.php | 550 +++++++++++++++++++++++++++++++++++++++++++++++++++++
shell/pwhash.php | 107 +++++++++++
shell/style.css | 74 +++++++
12 files changed, 1913 insertions(+)
create mode 100644 ltshell.php
create mode 100644 shell/AUTHORS
create mode 100644 shell/COPYING
create mode 100644 shell/ChangeLog
create mode 100644 shell/INSTALL
create mode 100644 shell/README
create mode 100644 shell/SECURITY
create mode 100644 shell/config.php
create mode 100644 shell/config.php~
create mode 100644 shell/phpshell.php
create mode 100644 shell/pwhash.php
create mode 100644 shell/style.css
diff --git a/ltshell.php b/ltshell.php
new file mode 100644
index 0000000..fb1eee7
--- /dev/null
+++ b/ltshell.php
@@ -0,0 +1,12 @@
+
+
diff --git a/shell/AUTHORS b/shell/AUTHORS
new file mode 100644
index 0000000..4a4aa51
--- /dev/null
+++ b/shell/AUTHORS
@@ -0,0 +1,40 @@
+AUTHORS file for PHP Shell
+Copyright (C) 2000-2010 the Phpshell-team
+Licensed under the GNU GPL. See the file COPYING for details.
+
+
+Current maintainer: Wolfgang Dautermann
+Original author: Martin Geisler
+
+Thanks goes to all these persons who have helped:
+
+richard@joffray.com
+ Fixed a problem the list of directories, if one accessed the
+ root-directory.
+
+Robert Niess
+ Made me aware of a security hole in the handling of stderr-trapping.
+
+Gerry Calderhead
+ Patch for PHP 4.2.0 where register_globals are turned off.
+
+Jeremy Miller
+ Suggested that one could use Sudo from
+
+ http://www.courtesan.com/sudo/
+
+ to let PHP Shell execute code with different privileges than the
+ webserver.
+
+Michael Zech
+ Patch to make the stderr-checkbox remember it's state.
+
+Wolfgang Dautermann
+ Multiple patches, including the sorting of directory entries in the
+ drop down box.
+
+Natan Bueno Ungethuem
+ Patch for PHP 5.X because the function ereg was deprecated
+
+Tobias Unger
+ AddOn including an Editor ("vim") for PHP-Shell 2.1.
diff --git a/shell/COPYING b/shell/COPYING
new file mode 100644
index 0000000..f90922e
--- /dev/null
+++ b/shell/COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ , 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/shell/ChangeLog b/shell/ChangeLog
new file mode 100644
index 0000000..945c737
--- /dev/null
+++ b/shell/ChangeLog
@@ -0,0 +1,225 @@
+2010-11-29 Wolfgang Dautermann
+ * Reimplemented the feature to change to subdirectorys using mouseclicks (was available in older version)
+
+2010-11-21 Wolfgang Dautermann
+ * One can navigate to higher level directories using hyperlinks.
+
+2010-11-05 Wolfgang Dautermann
+ * Use SHA1 password hashing if possible. Changed project links to http://phpshell.sourceforge.net/
+
+2010-01-30 Natan Bueno
+ * phpshell.php
+ Added AddOn to editor "vim".
+
+2010-01-15 Natan Bueno
+ * phpshell.php
+ Replaced deprecated function ereg by the function preg_match
+
+2005-12-27 Martin Geisler
+
+ * phpshell.php:
+ Added code to prevent simple replay attacks by only accepting each
+ login form once.
+
+2005-12-25 Martin Geisler
+
+ * INSTALL: Information about the new internal configuration.
+
+ * phpshell.php: Made authentication internal.
+
+ * SECURITY: New file.
+
+ * config.php: New file.
+
+ * style.css: New file. Renamed from phpshell.css.
+
+2004-03-27 Martin Geisler
+
+ * phpshell.php 1.29: Removed debug output.
+
+ * README 1.11: Updated documentation for new cool shell-like interface.
+
+ * INSTALL 1.5:
+ Updated documentation about the command substitution using alises.
+
+ * phpshell.css 1.2:
+ New styles to make the textarea and input box blend together.
+
+ * phpshell.php 1.28: A little documentation for the alias feature.
+
+ * phpshell.php 1.27:
+ The shell now looks and behaves much more like a real shell: the shell
+ now has a commandline history just like a real shell.
+
+ The parsing of 'cd' commands have been rewritten so that even more
+ special cases are taken care of, and simple command substitution using
+ aliases have been introduced.
+
+2004-03-24 Martin Geisler
+
+ * phpshell.php 1.26:
+ Increased year of copyright to 2004. Fixed the references to the PNG
+ images, as pointed out by Michael Z. Bell.
+
+2003-11-11 Martin Geisler
+
+ * AUTHORS 1.6:
+ Added Wolfgang Dautermann .
+
+ * phpshell.php 1.25:
+ Ups, I commited with $passwd = array('foo' => 'bar').
+
+ * phpshell.php 1.24:
+ Wolfgang Dautermann suggested
+ that the directory list should be sorted.
+
+ Also, changing directory through symbolic links now works as expected,
+ so that it's possible to go back using 'cd ..'.
+
+2003-04-01 Martin Geisler
+
+ * INSTALL 1.4:
+ New instructions on how to change the username and password.
+
+ * README 1.10:
+ Updated to be in sync with new instructions on how the password
+ protection works.
+
+ * phpshell.css 1.1: New file.
+
+ * phpshell.php 1.23:
+ Updated to use XHTML 1.0 Strict and the $_* variables in PHP
+ 4.1.0. This effectively breaks compatibility with earlier versions of
+ PHP. If you cannot upgrade your PHP installation (you really should
+ consider upgrading to get hold of the latest security and bug fixes)
+ when just use PhpShell version 1.7 --- there's no new functionality in
+ this release.
+
+ * COPYING 1.1: New file.
+
+ * phpshell.php 1.22: Changed PHP Shell into PhpShell.
+
+ * phpshell.php 1.21: Added HTTP basic authentication to the script.
+
+ * AUTHORS 1.5: Moved Jeremy Miller .
+
+ * phpshell.php 1.20: Updated version.
+
+ * AUTHORS 1.4, phpshell.php 1.19:
+ Applied patch from Michael Zech that made the
+ stderr-checkbox remember it's state.
+
+2002-09-18 Martin Geisler
+
+ * phpshell.php 1.18:
+ Use the directory of phpshell.php as the default working directory.
+
+ * AUTHORS 1.3: Added Gerry Calderhead .
+
+ * phpshell.php 1.17:
+ PHP Shell now works on PHP 4.2.0 with register_globals turned off.
+
+2002-06-10 Martin Geisler
+
+ * INSTALL 1.3: Added a section about Safe Mode in PHP.
+
+ * README 1.9:
+ Added a section about Safe Mode in PHP. Also fixed a lot of spelling
+ errors.
+
+2002-03-23 Martin Geisler
+
+ * README 1.8: Added a version number to the file.
+
+ * AUTHORS 1.2: Added a notice about Robert Niess .
+
+ * phpshell.php 1.16:
+ Added a PHPSHELL_VERSION constant. Also, when using stderr-trapping,
+ we now use a unique filename as returned by tempnam() - Robert Niess
+ made me aware of this, thanks.
+
+ * phpshell.php 1.15: Small changes in the layout.
+
+ * phpshell.php 1.14:
+ Updated copyright statements - they were getting quite old :-)
+
+ * README 1.7:
+ Added a tip from Jeremy Miller about how to
+ use PHP Shell together with Sudo to execute code as another user.
+
+2001-12-10 Martin Geisler
+
+ * phpshell.php 1.13:
+ I found out that 'ls -F' produced better output than 'ls -p'.
+
+ * README 1.6: Told people about the rewriting of 'ls' into 'ls -F'
+
+ * phpshell.php 1.12:
+ You can now travel through the filesystem by using the normal 'cd'
+ command. If your command involves 'cd', it will be intercepted and the
+ current working directory will be changed accordingly.
+
+ * README 1.5: Updated the documentation a bit.
+
+2001-02-11 Martin Geisler
+
+ * phpshell.php 1.11:
+ Another suggestion from Thomas Langen : some
+ people can't use the .php extension, so now the script uses $PHP_SELF
+ instead.
+
+ * phpshell.php 1.10:
+ Expanded all PHP start-tags () to .
+
+2000-11-20 Martin Geisler
+
+ * AUTHORS 1.1: New file.
+
+ * phpshell.php 1.9:
+ Applied a patch from richard@joffray.com which fixed a problem with
+ accessing the root-directory.
+
+2000-09-24 Martin Geisler
+
+ * phpshell.php 1.8: Removed a debug-comment.
+
+2000-09-09 Martin Geisler
+
+ * README 1.4: Expanded the brief explanation at the top.
+
+ * README 1.3: Ups, I forgot to make a description of sample.htaccess.
+
+ * README 1.2:
+ Added a description of all the files found in the tarball.
+
+ * INSTALL 1.2: Made BUGS lowercase.
+
+ * INSTALL 1.1, README 1.1: New file.
+
+ * phpshell.php 1.7:
+ Removed 'Martin Geisler' from the title, putting my name on the bottom
+ of the page ought to be enough :-)
+
+2000-08-06 Martin Geisler
+
+ * phpshell.php 1.6:
+ Added a link to gimpster.com at the bottom of the page
+
+2000-08-05 Martin Geisler
+
+ * phpshell.php 1.5:
+ Removed references to php3 - I now use php4 so all my files end with
+ just a '.php'
+
+2000-06-21 Martin Geisler
+
+ * phpshell.php 1.4:
+ Fix - there were still references to the old name: shell.php3.
+
+ * phpshell.php 1.3: Workaround for stderr-trapping. Seams to work...
+
+ * phpshell.php 1.2: Initial commit
+
+ * phpshell.php 1.1: New file.
+
diff --git a/shell/INSTALL b/shell/INSTALL
new file mode 100644
index 0000000..8d20f4b
--- /dev/null
+++ b/shell/INSTALL
@@ -0,0 +1,110 @@
+INSTALL file for PHP Shell
+Copyright (C) 2000-2010 the Phpshell-team
+Licensed under the GNU GPL. See the file COPYING for details.
+
+
+Downloading PHP Shell
+=====================
+
+You can always get the latest version of PHP Shell from:
+
+ http://phpshell.sourceforge.net/
+
+
+
+Installation
+============
+
+Installation is easy: first unpack the tarball or zipfile downloaded
+from the above website into your webserver. This will create a
+subdirectory called phpshell-@VERSION@ for PHP Shell version @VERSION@.
+
+Try loading the file ``phpshell.php`` in your browser and check that
+you are served a page that asks you to authenticate yourself with a
+username and a password. If you do not see such a page, then please
+check that you have entered the URL correctly and that PHP is working
+on your server.
+
+
+
+Configuration
+=============
+
+All configuration happens in the ``config.php`` file. This is an
+ini-file despite its name. Ini-files consist of a number of sections,
+each containing a number of 'key = "value"' pairs. PHP Shell has tree
+sections: '[users]' for configuring usernames and passwords,
+'[aliases]' for configuring shell aliases, and '[settings]' for
+general settings.
+
+
+Setting usernames and passwords
+-------------------------------
+
+As a security precaution PHP Shell has no default username and
+password (people often forget to change them...). To add the user
+"alice" with password "secret" you simply add
+
+ [users]
+ alice = "secret"
+
+to the file. Note that you can add as many users as you want by
+simply adding more lines like this.
+
+This system works, but there is a better way --- a way so that the
+password does not appear in clear text in the file. For that you use
+the supplied script ``pwhash.php`` to generate a hashed password.
+Please see the instructions given in ``pwhash.php``.
+
+With the above example the result could look like
+
+ [users]
+ alice = "sha1:1a4861:a8640981d2a5f9452c75a7bb0491eac3ecd8bdc3"
+
+You will not get exactly the same line if you try it out, this is a
+feature of the system which means that both "alice" and "bob" could
+have "secret" as their password, and you would not be able to tell
+from just looking at ``config.php``.
+
+
+Shell Aliases
+-------------
+
+As in a normal shell, PHP Shell supports alias expansion, albeit in a
+simple form. Aliases are defined by 'key = "value"' pairs in the
+'[aliases]' section. The "key" will be matched against the first
+token of the command line and substituted with the "value" given.
+
+Two convenient aliases are already defined:
+
+ [aliases]
+ ls = "ls -CvhF"
+ ll = "ls -lvhF"
+
+
+General Settings
+----------------
+
+PHP has just one other setting right now --- the home directory.
+Change this in the '[settings]' section.
+
+
+
+Bugs? Comments?
+================
+
+If you find a bug or miss something in PHP Shell, please take a look
+at the Tracker System at SourceForge:
+
+ http://sourceforge.net/tracker/?group_id=156638
+
+There you will find trackers for Bugs, Patches, and Feature Requests.
+You are invited to add items to these so that they wont get lost.
+
+You can also email the development list, found at:
+
+ https://lists.sourceforge.net/lists/listinfo/phpshell-devel
+
+This list is for discussion about all things PHP Shell and it is a
+good place to discuss a feature or bug before adding it to one of the
+SourceForge trackers.
diff --git a/shell/README b/shell/README
new file mode 100644
index 0000000..870d661
--- /dev/null
+++ b/shell/README
@@ -0,0 +1,174 @@
+README file for PHP Shell
+Copyright (C) 2000-2010 the Phpshell-team
+Licensed under the GNU GPL. See the file COPYING for details.
+
+What is PHP Shell?
+==================
+
+PHP Shell is a shell wrapped in a PHP script. It's a tool you can use
+to execute arbitrary shell-commands or browse the filesystem on your
+remote webserver. This replaces, to a degree, a normal
+telnet-connection.
+
+You use it for administration and maintenance of your website, which
+is often much easier to do if you can work directly on the server.
+For example, you could use PHP Shell to unpack and move big files
+around. All the normal command line programs like ps, free, du, df,
+etc... can be used.
+
+
+Limitations
+===========
+
+There are some limitations on what kind of programs you can run. It
+won't do no good if you start a graphical program like Firefox or even
+a console based one like vi. All programs have to be strictly command
+line programs, and they will have no chance of getting user input
+after they have been lunched.
+
+They probably also have to terminate within 30 seconds, as this is the
+default time-limit imposed unto all PHP scripts, to prevent them from
+running in an infinite loop. Your ISP may have set this time-limit to
+something else.
+
+But you can rely on all the normal shell-functionality, like pipes,
+output and input redirection, etc... (There is no -completion,
+though :-)
+
+
+Safe Mode
+=========
+
+Safe Mode is the nemisis of PHP Shell. If PHP is running in Safe Mode
+then PHP Shell will normally not work --- sorry. Please read the
+detailed explanation in the SECURITY file.
+
+
+Who am I?
+=========
+
+You may not be the same user when using PHP Shell, as you are when you
+upload your files with FTP. On some systems you will be ``nobody``,
+on other systems you will become ``httpd`` or ``www-data``. This is a
+rather dangerous "feature" of the way PHP is run by the webserver. A
+possible effect of this is that you might end up creating files using
+PHP Shell which you cannot delete afterwards using FTP and maybe not
+even using PHP Shell. Strange, but true :-)
+
+If you want to execute code as different user, then it's possible to
+do so by using the Sudo program available from this address:
+
+ http://www.courtesan.com/sudo/
+
+The trick is to configure Sudo to allow the user running the webserver
+to execute certain commands as a more privileged user. This will have
+to be done by the administrator of the server. Please refer to the
+documentation for Sudo for further information about doing this.
+
+
+How to Use It
+=============
+
+When you point your browser at PHP Shell you will be asked to
+authenticate yourself. By default no username/password will work, so
+please go read INSTALL for information about adding a user.
+
+You're back? Good. Enter your username and password and press
+the "Login" button.
+
+You will then be presented with a rather simple page containing
+nothing much except a big window with the cursor blinking at the
+bottom, signaling that it's ready to obey your commands.
+
+Write a command and press ENTER --- or alternatively, press the 'Execute
+Command' button if you really want. The command will be executed and
+the result will be shows in the terminal. You can now enter another
+command.
+
+To be more precise: the terminal is updated with the command line you
+have just executed, the output of the command to standard out
+(stdout), and following that any error output sent to stderr.
+
+The commands are executed relative to a current working directory,
+which is written at the top. You change this by the normal 'cd'
+command (or by selecting a other working directory using the links).
+
+The commands must also be complete, so you cannot enter a multiline command:
+$ for i in a b c ; do
+> echo $i
+> done
+However, in one line it is allowed: for i in a b c ; do echo $i ; done
+
+Variables are also not preserved between the commands, so
+$ A=1
+$ echo $A
+will output 0 instead of 1. But in one line it works as expected:
+$ A=1 ; echo $A
+will give you the expected result: 1
+
+Alternatives
+============
+
+An incomplete list of alternatives to PHP Shell would be:
+
+* SSH. The Secure Shell is the standard solution to the problem that
+ PHP Shell tries to solve. SSH lets you login to a remote system in a
+ secure way where the traffic and password is encrypted at all
+ times. You can also upload and download files securely and make
+ encrypted TCP tunnels.
+
+ If your host supports SSH then use it and forget about PHP Shell or
+ any other solution.
+
+* Telnet. This is the old way to obtain an interactive login on a
+ remote system. Unfortunately telnet is insecure since the password
+ and subsequent traffic are sent in clear text. SSH was developed
+ precisely to replace telnet. The advantage of telnet over PHP Shell
+ is that it gives you an interactive session.
+
+* See more alternatives at the Anyterm homepage:
+
+ http://anyterm.org/compared.html
+
+
+Download
+========
+
+You can download the newest version of PHP Shell from
+
+ http://phpshell.sourceforge.net/
+
+The tarball/zipfile contains these files:
+
+phpshell.php
+ This is the script you run when you use PHP Shell.
+
+pwhash.php
+ A utility used to generate a hashed password. Please read INSTALL
+ for more information. This file poses no security risk.
+
+ChangeLog
+ This file describe the changes I've made to PHP Shell. By reading
+ it you'll always know when I've added a new feature or made a
+ bugfix, and the nature of the feature/bugfix.
+
+README
+ This file! :-)
+
+INSTALL
+ Tells you how to install PHP Shell. Among other things, it
+ explains how to change the password protection so that you can use
+ PHP Shell.
+
+ Remember that it's very important to have PHP Shell password
+ protected, or else everybody will be able so snoop into your files
+ and perhaps also be able to delete them! Please take the time to
+ protect your installation of PHP Shell.
+
+SECURITY
+ A separate guide about security with PHP in general and PHP Shell in
+ particular. Be sure to read this too, especially if you are getting
+ strange errors back from PHP Shell.
+
+COPYING
+ Standard GNU GPL.
diff --git a/shell/SECURITY b/shell/SECURITY
new file mode 100644
index 0000000..888c554
--- /dev/null
+++ b/shell/SECURITY
@@ -0,0 +1,141 @@
+SECURITY file for PHP Shell
+Copyright (C) 2005-2010 the Phpshell-team
+Licensed under the GNU GPL. See the file COPYING for details.
+
+
+PHP Security
+============
+
+Installing PHP on your server is an inherently dangerous thing to do,
+somewhat similar to the danger one faces when one buys a car: it might
+kill you if you have an accident. On the other hand a car makes so
+many things so much more convenient, so most people are willing to
+accept the risk of accidents.
+
+Likewise, PHP is a powerful tool which will let you build your
+webpages easier and faster than without. But it is a *very* powerful
+tool --- PHP is a full programming language which can be used for
+general purpose programming and not just to format HTML for display in
+a browser.
+
+So PHP has support for reading and writing files on the filesystem.
+But PHP also has support for *deleting* files. PHP even has support
+for executing other programs. In other words, PHP has lots of support
+for interacting with the rest of the computer it runs on. This
+interaction is potentially much more powerful than you want it to, and
+this can be a problem if this power ends up in the wrong hands.
+
+
+What about Safe Mode?
+---------------------
+
+As they note in the PHP manual, Safe Mode is an inherently wrong way
+to secure PHP, but is nevertheless used in many installations.
+Turning Safe Mode on in PHP basically tries to restrict the language
+and its functions to make it "safe".
+
+This involves a strict check on file ownership so that PHP wont
+operate on files and directories which are not owned by the owner of
+the current script. Other restrictions in Safe Mode include limits on
+which files can be executed and includes (thus making a primitive form
+of chroot or jail around the PHP script).
+
+PHP Shell is made mostly useless with Safe Mode since it restricts the
+two commands that PHP Shell uses: ``chdir()`` and ``proc_open()``:
+
+* With Safe Mode you cannot change to a directory unless you are the
+ owner of that directory. This means that you cannot change to, say,
+ ``/etc`` since ``root`` own that directory.
+
+ You'll see this when 'cd /etc' results in this error from PHP Shell:
+
+ chdir(): SAFE MODE Restriction in effect. The script whose uid is
+ 500 is not allowed to access /etc owned by uid 0
+ cd: could not change to: /etc
+
+* When Safe Mode is active, PHP forces the argument to ``proc_open()``
+ to be escaped, which means that you cannot use normal shell
+ wildcards, pipes or any such stuff.
+
+ So if you enter 'ls *.txt' in a directory where you know for certain
+ that there is a text file ending in '.txt', you will get the
+ following error:
+
+ /bin/ls: *.txt: No such file or directory
+
+ This is because PHP has silently changed the command into 'ls
+ \*.txt' to disable the wildcard.
+
+* You cannot execute programs unless they are placed in a directory
+ listed in ``safe_mode_exec_dir``. Say you want to execute the
+ program ``tr`` (which translates between sets of characters) and you
+ get this strange messages back:
+
+ sh: line 1: /bin/tr: No such file or directory
+
+ Then you have a problem with the ``safe_mode_exec_dir`` setting. In
+ this case ``safe_mode_exec_dir`` is set to just ``/bin`` and so PHP
+ has forced the shell to execute ``/bin/tr`` and since ``tr`` is
+ installed in ``/usr/bin`` it could not be found.
+
+ If you have write access to a directory listed in
+ ``safe_mode_exec_dir``, then try copying the wanted program there
+ first. Executing it should now work.
+
+
+Even without enabling Safe Mode some functions might have been
+disabled via the ``disabled_functions`` setting. If the
+``proc_open()`` function used by PHP Shell has been disabled, then you
+will see an error like this:
+
+ Fatal Error!
+
+ proc_open() has been disabled for security reasons
+
+ in /path/to/your/installation/phpshell.php, line 221.
+
+
+
+PHP Shell Security
+==================
+
+As noted above, PHP is a powerful tool --- how does PHP Shell fit into
+this? PHP Shell is actually quite simple and does one thing: it uses
+the standard PHP function ``proc_open()`` to execute programs.
+
+Executing other programs is probably the most powerful thing you can
+do in PHP, and so PHP Shell gives you a convenient interface to this
+the most powerful feature of PHP. Nothing more.
+
+
+Is PHP Shell Dangerous?
+-----------------------
+
+Short answer: *yes*! PHP Shell has been used in the past by people
+with not-so-good intentions to destroy valuable content on servers.
+
+The longer answer is that installing PHP Shell is like building a new
+door in your house --- if you leave it unlocked, then people can (and
+probably will!) walk into it and steal your possessions. So you want
+to lock it, and make sure you use a good lock.
+
+With PHP Shell that is equivalent of using a secure password. A
+secure password is one which is hard to guess (make it long, make it
+random, and put both numbers, special characters and normal letters in
+it).
+
+ Remember that guessing the password is all that stands between the
+ crackers and your files!
+
+If you use a good password, then PHP Shell does not make your system
+any more insecure than it already was. Security is always a matter of
+finding the weakest link in the chain: if you use FTP with a simple
+password for updating your site, then it would be much easier for the
+crackers to attack that instead of trying to guess your super-hard PHP
+Shell password. So make sure that you tighten security on all fronts
+you know of.
+
+
+If you have comments or suggestions for improvements to this little
+guide in system security, then please do not hesitate to contact the
+author at .
diff --git a/shell/config.php b/shell/config.php
new file mode 100644
index 0000000..843069b
--- /dev/null
+++ b/shell/config.php
@@ -0,0 +1,71 @@
+; -*- conf -*-
+; Do not remove the above line, it is all that prevents this file from
+; being downloaded.
+;
+; config.php file for PHP Shell
+; Copyright (C) 2005-2010 the Phpshell-team
+; Licensed under the GNU GPL. See the file COPYING for details.
+
+; This ini-file has three parts:
+;
+; * [users] where you add usernames and passwords to give users access
+; to PHP Shell.
+;
+; * [aliases] where you can configure shell aliases.
+;
+; * [settings] where general settings are placed.
+
+
+[users]
+
+luke = "sha1:da6c3f7:1c125210c15b45a083e77674693ceda9dc4750f3"
+
+; The default configuration has no users defined, you have to add your
+; own (choose good passwords!). Add uses as simple
+;
+; username = "password"
+;
+; lines. Please quote your password using double-quotes as shown.
+; The semi-colon ':' is a reserved character, so do *not* use that in
+; your passwords.
+;
+; For improved security it is *strongly suggested* that you the
+; pwhash.php script to generate a hashed password and store that
+; instead of the normal clear text password. Keeping your passwords
+; in hashed form ensures that they cannot be found, even if this file
+; is disclosed. The passwords are still visible in clear text during
+; the login, though. Please follow the instructions given in
+; pwhash.php.
+
+
+
+[aliases]
+
+; Alias expansion. Change the two examples as needed and add your own
+; favorites --- feel free to suggest more defaults! The command line
+; you enter will only be expanded on the very first token and only
+; once, so having 'ls' expand into 'ls -CvhF' does not cause an
+; infinite recursion.
+
+ls = "ls -CvhF"
+ll = "ls -lvhF"
+
+
+
+[settings]
+
+; General settings for PHP Shell.
+
+; Home directory. PHP Shell will change to this directory upon
+; startup and whenever a bare 'cd' command is given. This can be an
+; absolute path or a path relative to the PHP Shell installation
+; directory.
+
+home-directory = "."
+
+; Safe Mode warning. PHP Shell will normally display a big, fat
+; warning if it detects that PHP is running in Safe Mode. If you find
+; that PHP Shell works anyway, then set this to false to get rid of
+; the warning.
+
+safe-mode-warning = true
diff --git a/shell/config.php~ b/shell/config.php~
new file mode 100644
index 0000000..b9b48ca
--- /dev/null
+++ b/shell/config.php~
@@ -0,0 +1,69 @@
+; -*- conf -*-
+; Do not remove the above line, it is all that prevents this file from
+; being downloaded.
+;
+; config.php file for PHP Shell
+; Copyright (C) 2005-2010 the Phpshell-team
+; Licensed under the GNU GPL. See the file COPYING for details.
+
+; This ini-file has three parts:
+;
+; * [users] where you add usernames and passwords to give users access
+; to PHP Shell.
+;
+; * [aliases] where you can configure shell aliases.
+;
+; * [settings] where general settings are placed.
+
+
+[users]
+
+; The default configuration has no users defined, you have to add your
+; own (choose good passwords!). Add uses as simple
+;
+; username = "password"
+;
+; lines. Please quote your password using double-quotes as shown.
+; The semi-colon ':' is a reserved character, so do *not* use that in
+; your passwords.
+;
+; For improved security it is *strongly suggested* that you the
+; pwhash.php script to generate a hashed password and store that
+; instead of the normal clear text password. Keeping your passwords
+; in hashed form ensures that they cannot be found, even if this file
+; is disclosed. The passwords are still visible in clear text during
+; the login, though. Please follow the instructions given in
+; pwhash.php.
+
+
+
+[aliases]
+
+; Alias expansion. Change the two examples as needed and add your own
+; favorites --- feel free to suggest more defaults! The command line
+; you enter will only be expanded on the very first token and only
+; once, so having 'ls' expand into 'ls -CvhF' does not cause an
+; infinite recursion.
+
+ls = "ls -CvhF"
+ll = "ls -lvhF"
+
+
+
+[settings]
+
+; General settings for PHP Shell.
+
+; Home directory. PHP Shell will change to this directory upon
+; startup and whenever a bare 'cd' command is given. This can be an
+; absolute path or a path relative to the PHP Shell installation
+; directory.
+
+home-directory = "."
+
+; Safe Mode warning. PHP Shell will normally display a big, fat
+; warning if it detects that PHP is running in Safe Mode. If you find
+; that PHP Shell works anyway, then set this to false to get rid of
+; the warning.
+
+safe-mode-warning = true
diff --git a/shell/phpshell.php b/shell/phpshell.php
new file mode 100644
index 0000000..34a651b
--- /dev/null
+++ b/shell/phpshell.php
@@ -0,0 +1,550 @@
+
+
+
+ PHP Shell ' . PHPSHELL_VERSION . '
+
+
+
+
+
+
+
Fatal Error!
+
' . $errstr . '
+
in ' . $errfile . ', line ' . $errline . '.
+
+
+
+
Please consult the README, INSTALL, and SECURITY files for
+ instruction on how to use PHP Shell.