From 66c84cedfb411ad6ca0508d9f45d6d33c8ad474d Mon Sep 17 00:00:00 2001
From: Luke Shumaker ' . $errstr . ' in ' . $errfile . ', line ' . $errline . '. Please consult the README, INSTALL, and SECURITY files for
+ instruction on how to use PHP Shell.Fatal Error!
+
+
+
+
+
+ Copyright © 2000–2010, the Phpshell-team. Get the latest
+ version at http://phpshell.sourceforge.net/.
+
+
+
+');
+ }
+}
+
+/* Installing our error handler makes PHP die on even the slightest problem.
+ * This is what we want in a security critical application like this. */
+set_error_handler('error_handler');
+
+
+function logout() {
+ /* Empty the session data, except for the 'authenticated' entry which the
+ * rest of the code needs to be able to check. */
+ $_SESSION = array('authenticated' => false);
+
+ /* Unset the client's cookie, if it has one. */
+// if (isset($_COOKIE[session_name()]))
+// setcookie(session_name(), '', time()-42000, '/');
+
+ /* Destroy the session data on the server. This prevents the simple
+ * replay attach where one uses the back button to re-authenticate using
+ * the old POST data since the server wont know the session then.*/
+// session_destroy();
+}
+
+/* Clear history */
+function clear()
+{
+ $_SESSION['output'] = '';
+}
+
+function stripslashes_deep($value) {
+ if (is_array($value))
+ return array_map('stripslashes_deep', $value);
+ else
+ return stripslashes($value);
+}
+
+if (get_magic_quotes_gpc())
+ $_POST = stripslashes_deep($_POST);
+
+/* Initialize some variables we need again and again. */
+$username = isset($_POST['username']) ? $_POST['username'] : '';
+$password = isset($_POST['password']) ? $_POST['password'] : '';
+$nounce = isset($_POST['nounce']) ? $_POST['nounce'] : '';
+
+$command = isset($_POST['command']) ? $_POST['command'] : '';
+$rows = isset($_POST['rows']) ? $_POST['rows'] : 24;
+$columns = isset($_POST['columns']) ? $_POST['columns'] : 80;
+
+
+/* Load the configuration. */
+$ini = parse_ini_file('config.php', true);
+
+if (empty($ini['settings']))
+ $ini['settings'] = array();
+
+/* Default settings --- these settings should always be set to something. */
+$default_settings = array('home-directory' => '.');
+$showeditor = false;
+
+/* Merge settings. */
+$ini['settings'] = array_merge($default_settings, $ini['settings']);
+
+session_start();
+
+/* Delete the session data if the user requested a logout. This leaves the
+ * session cookie at the user, but this is not important since we
+ * authenticates on $_SESSION['authenticated']. */
+if (isset($_POST['logout']))
+ logout();
+
+/* Delete history if submitted */
+if (isset($_POST['clear']))
+ clear();
+
+/* Attempt authentication. */
+if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce'] &&
+ isset($ini['users'][$username])) {
+ if (strchr($ini['users'][$username], ':') === false) {
+ // No seperator found, assume this is a password in clear text.
+ $_SESSION['authenticated'] = ($ini['users'][$username] == $password);
+ } else {
+ list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]);
+ $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash);
+ }
+}
+
+
+/* Enforce default non-authenticated state if the above code didn't set it
+ * already. */
+if (!isset($_SESSION['authenticated']))
+ $_SESSION['authenticated'] = false;
+
+
+if ($_SESSION['authenticated']) {
+ /* Initialize the session variables. */
+ if (empty($_SESSION['cwd'])) {
+ $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
+ $_SESSION['history'] = array();
+ $_SESSION['output'] = '';
+ }
+ /* Clicked on one of the directory links in the working directory - ignore the command */
+ if (isset($_POST['levelup'])) {
+ $levelup = $_POST['levelup'] ;
+ while ($levelup > 0) {
+ $command = '' ; /* ignore the command */
+ $_SESSION['cwd'] = dirname($_SESSION['cwd']) ;
+ $levelup -- ;
+ }
+ }
+ /* Selected a new subdirectory as working directory - ignore the command */
+ if (isset($_POST['changedirectory'])) {
+ $changedir= $_POST['changedirectory'];
+ if (strlen($changedir) > 0) {
+ if (@chdir($_SESSION['cwd'] . '/' . $changedir)) {
+ $command = '' ; /* ignore the command */
+ $_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir) ;
+ }
+ }
+ }
+
+ /* Save content from 'editor' */
+ if(isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) {
+ $filetoedit_handle = fopen($_POST["filetoedit"], "w");
+ fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"]));
+ fclose($filetoedit_handle);
+ }
+
+ if (!empty($command)) {
+ /* Save the command for late use in the JavaScript. If the command is
+ * already in the history, then the old entry is removed before the
+ * new entry is put into the list at the front. */
+ if (($i = array_search($command, $_SESSION['history'])) !== false)
+ unset($_SESSION['history'][$i]);
+
+ array_unshift($_SESSION['history'], $command);
+
+ /* Now append the commmand to the output. */
+ $_SESSION['output'] .= '$ ' . $command . "\n";
+
+ /* Initialize the current working directory. */
+ if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {
+ $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
+ } elseif (preg_match('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/', $command, $regs)) {
+ /* The current command is a 'cd' command which we have to handle
+ * as an internal shell command. */
+
+ /* if the directory starts and ends with quotes ("), remove them -
+ allows command like 'cd "abc def"' */
+ if ((substr($regs[1],0,1) == '"') && (substr($regs[1],-1) =='"') ) {
+ $regs[1] = substr($regs[1],1) ;
+ $regs[1] = substr($regs[1],0,-1) ;
+ }
+
+ if ($regs[1]{0} == '/') {
+ /* Absolute path, we use it unchanged. */
+ $new_dir = $regs[1];
+ } else {
+ /* Relative path, we append it to the current working
+ * directory. */
+ $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
+ }
+
+ /* Transform '/./' into '/' */
+ while (strpos($new_dir, '/./') !== false)
+ $new_dir = str_replace('/./', '/', $new_dir);
+
+ /* Transform '//' into '/' */
+ while (strpos($new_dir, '//') !== false)
+ $new_dir = str_replace('//', '/', $new_dir);
+
+ /* Transform 'x/..' into '' */
+ while (preg_match('|/\.\.(?!\.)|', $new_dir))
+ $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
+
+ if ($new_dir == '') $new_dir = '/';
+
+ /* Try to change directory. */
+ if (@chdir($new_dir)) {
+ $_SESSION['cwd'] = $new_dir;
+ } else {
+ $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
+ }
+
+ } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]*$/', $command)) {
+ /* You called 'editor' without a filename so you get an short help
+ * on how to use the internal 'editor' command */
+
+ $_SESSION['output'] .= " Syntax: editor filename\n (you forgot the filename)\n";
+
+ } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]+([^;]+)$/', $command, $regs)) {
+ /* This is a tiny editor which you can start with 'editor filename' */
+ $filetoedit = $regs[1];
+ if ($regs[1]{0} != '/') {
+ /* relative path, add it to the current working directory.*/
+ $filetoedit = $_SESSION['cwd'].'/'.$regs[1];
+ } ;
+ if(is_file(realpath($filetoedit)) || ! file_exists($filetoedit)) {
+ $showeditor = true;
+ if(file_exists(realpath($filetoedit)))
+ $filetoedit = realpath($filetoedit);
+ } else {
+ $_SESSION['output'] .= " Syntax: editor filename\n (just regular or not existing files)\n";
+ }
+
+ } elseif (trim($command) == 'exit') {
+ logout();
+ } elseif (trim($command) == 'logout') {
+ logout();
+ } else {
+
+ /* The command is not an internal command, so we execute it after
+ * changing the directory and save the output. */
+ chdir($_SESSION['cwd']);
+
+ // We canot use putenv() in safe mode.
+ if (!ini_get('safe_mode')) {
+ // Advice programs (ls for example) of the terminal size.
+ putenv('ROWS=' . $rows);
+ putenv('COLUMNS=' . $columns);
+ }
+
+ /* Alias expansion. */
+ $length = strcspn($command, " \t");
+ $token = substr($command, 0, $length);
+ if (isset($ini['aliases'][$token]))
+ $command = $ini['aliases'][$token] . substr($command, $length);
+
+ $io = array();
+ $p = proc_open($command,
+ array(1 => array('pipe', 'w'),
+ 2 => array('pipe', 'w')),
+ $io);
+
+ /* Read output sent to stdout. */
+ while (!feof($io[1])) {
+ $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
+ ENT_COMPAT, 'UTF-8');
+ }
+ /* Read output sent to stderr. */
+ while (!feof($io[2])) {
+ $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
+ ENT_COMPAT, 'UTF-8');
+ }
+
+ fclose($io[1]);
+ fclose($io[2]);
+ proc_close($p);
+ }
+ }
+
+ /* Build the command history for use in the JavaScript */
+ if (empty($_SESSION['history'])) {
+ $js_command_hist = '""';
+ } else {
+ $escaped = array_map('addslashes', $_SESSION['history']);
+ $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
+ }
+}
+
+?>
+
+
+
+ PHP Shell
+
+
Please login:
\n"; + ?> + + +Please consult the README, INSTALL, and SECURITY files for +instruction on how to use PHP Shell.
+If you have not created accounts for phpshell, please use pwhash.php to create secure passwords.
+ +