diff options
Diffstat (limited to 'shell')
-rw-r--r-- | shell/AUTHORS | 40 | ||||
-rw-r--r-- | shell/COPYING | 340 | ||||
-rw-r--r-- | shell/ChangeLog | 225 | ||||
-rw-r--r-- | shell/INSTALL | 110 | ||||
-rw-r--r-- | shell/README | 174 | ||||
-rw-r--r-- | shell/SECURITY | 141 | ||||
-rw-r--r-- | shell/bin/cat.php | 7 | ||||
-rw-r--r-- | shell/bin/cd.php | 5 | ||||
-rw-r--r-- | shell/bin/chmod.php | 13 | ||||
-rw-r--r-- | shell/bin/echo.php | 6 | ||||
-rw-r--r-- | shell/bin/editor.php | 21 | ||||
-rw-r--r-- | shell/bin/help.php | 12 | ||||
-rw-r--r-- | shell/bin/ls.php | 34 | ||||
-rw-r--r-- | shell/bin/pwd.php | 5 | ||||
-rw-r--r-- | shell/bin/rm.php | 8 | ||||
-rw-r--r-- | shell/bin/stat.php | 67 | ||||
-rw-r--r-- | shell/bin/whoami.php | 4 | ||||
-rw-r--r-- | shell/config.php | 71 | ||||
-rw-r--r-- | shell/config.php~ | 69 | ||||
-rw-r--r-- | shell/exec.php | 58 | ||||
-rw-r--r-- | shell/foobar.txt | 1 | ||||
-rw-r--r-- | shell/index.php | 31 | ||||
-rw-r--r-- | shell/lightopenid.php | 650 | ||||
-rw-r--r-- | shell/login.php | 59 | ||||
-rw-r--r-- | shell/no_magicquotes.php | 26 | ||||
-rw-r--r-- | shell/passwd.php | 6 | ||||
-rw-r--r-- | shell/phpshell.php | 550 | ||||
-rw-r--r-- | shell/pwhash.php | 107 | ||||
-rw-r--r-- | shell/shell.php | 28 | ||||
-rw-r--r-- | shell/style.css | 111 |
30 files changed, 1080 insertions, 1899 deletions
diff --git a/shell/AUTHORS b/shell/AUTHORS deleted file mode 100644 index 4a4aa51..0000000 --- a/shell/AUTHORS +++ /dev/null @@ -1,40 +0,0 @@ -AUTHORS file for PHP Shell -Copyright (C) 2000-2010 the Phpshell-team -Licensed under the GNU GPL. See the file COPYING for details. - - -Current maintainer: Wolfgang Dautermann <dauti@users.sourceforge.net> -Original author: Martin Geisler <mgeisler@mgeisler.net> - -Thanks goes to all these persons who have helped: - -richard@joffray.com - Fixed a problem the list of directories, if one accessed the - root-directory. - -Robert Niess <sturm@i-st.net> - Made me aware of a security hole in the handling of stderr-trapping. - -Gerry Calderhead <caldergf@everythingsucks.co.uk> - Patch for PHP 4.2.0 where register_globals are turned off. - -Jeremy Miller <JMiller@marketaxess.com> - Suggested that one could use Sudo from - - http://www.courtesan.com/sudo/ - - to let PHP Shell execute code with different privileges than the - webserver. - -Michael Zech <keldrin@web.de> - Patch to make the stderr-checkbox remember it's state. - -Wolfgang Dautermann <dauti@users.sourceforge.net> - Multiple patches, including the sorting of directory entries in the - drop down box. - -Natan Bueno Ungethuem - Patch for PHP 5.X because the function ereg was deprecated - -Tobias Unger - AddOn including an Editor ("vim") for PHP-Shell 2.1. diff --git a/shell/COPYING b/shell/COPYING deleted file mode 100644 index f90922e..0000000 --- a/shell/COPYING +++ /dev/null @@ -1,340 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - <one line to give the program's name and a brief idea of what it does.> - Copyright (C) <year> <name of author> - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - <signature of Ty Coon>, 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/shell/ChangeLog b/shell/ChangeLog deleted file mode 100644 index 945c737..0000000 --- a/shell/ChangeLog +++ /dev/null @@ -1,225 +0,0 @@ -2010-11-29 Wolfgang Dautermann - * Reimplemented the feature to change to subdirectorys using mouseclicks (was available in older version) - -2010-11-21 Wolfgang Dautermann - * One can navigate to higher level directories using hyperlinks. - -2010-11-05 Wolfgang Dautermann - * Use SHA1 password hashing if possible. Changed project links to http://phpshell.sourceforge.net/ - -2010-01-30 Natan Bueno <natan.bueno@gmail.com> - * phpshell.php - Added AddOn to editor "vim". - -2010-01-15 Natan Bueno <natan.bueno@gmail.com> - * phpshell.php - Replaced deprecated function ereg by the function preg_match - -2005-12-27 Martin Geisler <mgeisler@mgeisler.net> - - * phpshell.php: - Added code to prevent simple replay attacks by only accepting each - login form once. - -2005-12-25 Martin Geisler <mgeisler@mgeisler.net> - - * INSTALL: Information about the new internal configuration. - - * phpshell.php: Made authentication internal. - - * SECURITY: New file. - - * config.php: New file. - - * style.css: New file. Renamed from phpshell.css. - -2004-03-27 Martin Geisler <mgeisler@mgeisler.net> - - * phpshell.php 1.29: Removed debug output. - - * README 1.11: Updated documentation for new cool shell-like interface. - - * INSTALL 1.5: - Updated documentation about the command substitution using alises. - - * phpshell.css 1.2: - New styles to make the textarea and input box blend together. - - * phpshell.php 1.28: A little documentation for the alias feature. - - * phpshell.php 1.27: - The shell now looks and behaves much more like a real shell: the shell - now has a commandline history just like a real shell. - - The parsing of 'cd' commands have been rewritten so that even more - special cases are taken care of, and simple command substitution using - aliases have been introduced. - -2004-03-24 Martin Geisler <mgeisler@mgeisler.net> - - * phpshell.php 1.26: - Increased year of copyright to 2004. Fixed the references to the PNG - images, as pointed out by Michael Z. Bell. - -2003-11-11 Martin Geisler <mgeisler@mgeisler.net> - - * AUTHORS 1.6: - Added Wolfgang Dautermann <dauti@users.sourceforge.net>. - - * phpshell.php 1.25: - Ups, I commited with $passwd = array('foo' => 'bar'). - - * phpshell.php 1.24: - Wolfgang Dautermann <dauti@users.sourceforge.net> suggested - that the directory list should be sorted. - - Also, changing directory through symbolic links now works as expected, - so that it's possible to go back using 'cd ..'. - -2003-04-01 Martin Geisler <mgeisler@mgeisler.net> - - * INSTALL 1.4: - New instructions on how to change the username and password. - - * README 1.10: - Updated to be in sync with new instructions on how the password - protection works. - - * phpshell.css 1.1: New file. - - * phpshell.php 1.23: - Updated to use XHTML 1.0 Strict and the $_* variables in PHP - 4.1.0. This effectively breaks compatibility with earlier versions of - PHP. If you cannot upgrade your PHP installation (you really should - consider upgrading to get hold of the latest security and bug fixes) - when just use PhpShell version 1.7 --- there's no new functionality in - this release. - - * COPYING 1.1: New file. - - * phpshell.php 1.22: Changed PHP Shell into PhpShell. - - * phpshell.php 1.21: Added HTTP basic authentication to the script. - - * AUTHORS 1.5: Moved Jeremy Miller <JMiller@marketaxess.com>. - - * phpshell.php 1.20: Updated version. - - * AUTHORS 1.4, phpshell.php 1.19: - Applied patch from Michael Zech <keldrin@web.de> that made the - stderr-checkbox remember it's state. - -2002-09-18 Martin Geisler <mgeisler@mgeisler.net> - - * phpshell.php 1.18: - Use the directory of phpshell.php as the default working directory. - - * AUTHORS 1.3: Added Gerry Calderhead <caldergf@everythingsucks.co.uk>. - - * phpshell.php 1.17: - PHP Shell now works on PHP 4.2.0 with register_globals turned off. - -2002-06-10 Martin Geisler <mgeisler@mgeisler.net> - - * INSTALL 1.3: Added a section about Safe Mode in PHP. - - * README 1.9: - Added a section about Safe Mode in PHP. Also fixed a lot of spelling - errors. - -2002-03-23 Martin Geisler <mgeisler@mgeisler.net> - - * README 1.8: Added a version number to the file. - - * AUTHORS 1.2: Added a notice about Robert Niess <sturm@i-st.net>. - - * phpshell.php 1.16: - Added a PHPSHELL_VERSION constant. Also, when using stderr-trapping, - we now use a unique filename as returned by tempnam() - Robert Niess - <sturm@i-st.net> made me aware of this, thanks. - - * phpshell.php 1.15: Small changes in the layout. - - * phpshell.php 1.14: - Updated copyright statements - they were getting quite old :-) - - * README 1.7: - Added a tip from Jeremy Miller <JMiller@marketaxess.com> about how to - use PHP Shell together with Sudo to execute code as another user. - -2001-12-10 Martin Geisler <mgeisler@mgeisler.net> - - * phpshell.php 1.13: - I found out that 'ls -F' produced better output than 'ls -p'. - - * README 1.6: Told people about the rewriting of 'ls' into 'ls -F' - - * phpshell.php 1.12: - You can now travel through the filesystem by using the normal 'cd' - command. If your command involves 'cd', it will be intercepted and the - current working directory will be changed accordingly. - - * README 1.5: Updated the documentation a bit. - -2001-02-11 Martin Geisler <mgeisler@mgeisler.net> - - * phpshell.php 1.11: - Another suggestion from Thomas Langen <langen@langensoft.de>: some - people can't use the .php extension, so now the script uses $PHP_SELF - instead. - - * phpshell.php 1.10: - Expanded all PHP start-tags (<?) to <?php, as suggested by Thomas - Langen <langen@langensoft.de>. - -2000-11-20 Martin Geisler <mgeisler@mgeisler.net> - - * AUTHORS 1.1: New file. - - * phpshell.php 1.9: - Applied a patch from richard@joffray.com which fixed a problem with - accessing the root-directory. - -2000-09-24 Martin Geisler <mgeisler@mgeisler.net> - - * phpshell.php 1.8: Removed a debug-comment. - -2000-09-09 Martin Geisler <mgeisler@mgeisler.net> - - * README 1.4: Expanded the brief explanation at the top. - - * README 1.3: Ups, I forgot to make a description of sample.htaccess. - - * README 1.2: - Added a description of all the files found in the tarball. - - * INSTALL 1.2: Made BUGS lowercase. - - * INSTALL 1.1, README 1.1: New file. - - * phpshell.php 1.7: - Removed 'Martin Geisler' from the title, putting my name on the bottom - of the page ought to be enough :-) - -2000-08-06 Martin Geisler <mgeisler@mgeisler.net> - - * phpshell.php 1.6: - Added a link to gimpster.com at the bottom of the page - -2000-08-05 Martin Geisler <mgeisler@mgeisler.net> - - * phpshell.php 1.5: - Removed references to php3 - I now use php4 so all my files end with - just a '.php' - -2000-06-21 Martin Geisler <mgeisler@mgeisler.net> - - * phpshell.php 1.4: - Fix - there were still references to the old name: shell.php3. - - * phpshell.php 1.3: Workaround for stderr-trapping. Seams to work... - - * phpshell.php 1.2: Initial commit - - * phpshell.php 1.1: New file. - diff --git a/shell/INSTALL b/shell/INSTALL deleted file mode 100644 index 8d20f4b..0000000 --- a/shell/INSTALL +++ /dev/null @@ -1,110 +0,0 @@ -INSTALL file for PHP Shell -Copyright (C) 2000-2010 the Phpshell-team -Licensed under the GNU GPL. See the file COPYING for details. - - -Downloading PHP Shell -===================== - -You can always get the latest version of PHP Shell from: - - http://phpshell.sourceforge.net/ - - - -Installation -============ - -Installation is easy: first unpack the tarball or zipfile downloaded -from the above website into your webserver. This will create a -subdirectory called phpshell-@VERSION@ for PHP Shell version @VERSION@. - -Try loading the file ``phpshell.php`` in your browser and check that -you are served a page that asks you to authenticate yourself with a -username and a password. If you do not see such a page, then please -check that you have entered the URL correctly and that PHP is working -on your server. - - - -Configuration -============= - -All configuration happens in the ``config.php`` file. This is an -ini-file despite its name. Ini-files consist of a number of sections, -each containing a number of 'key = "value"' pairs. PHP Shell has tree -sections: '[users]' for configuring usernames and passwords, -'[aliases]' for configuring shell aliases, and '[settings]' for -general settings. - - -Setting usernames and passwords -------------------------------- - -As a security precaution PHP Shell has no default username and -password (people often forget to change them...). To add the user -"alice" with password "secret" you simply add - - [users] - alice = "secret" - -to the file. Note that you can add as many users as you want by -simply adding more lines like this. - -This system works, but there is a better way --- a way so that the -password does not appear in clear text in the file. For that you use -the supplied script ``pwhash.php`` to generate a hashed password. -Please see the instructions given in ``pwhash.php``. - -With the above example the result could look like - - [users] - alice = "sha1:1a4861:a8640981d2a5f9452c75a7bb0491eac3ecd8bdc3" - -You will not get exactly the same line if you try it out, this is a -feature of the system which means that both "alice" and "bob" could -have "secret" as their password, and you would not be able to tell -from just looking at ``config.php``. - - -Shell Aliases -------------- - -As in a normal shell, PHP Shell supports alias expansion, albeit in a -simple form. Aliases are defined by 'key = "value"' pairs in the -'[aliases]' section. The "key" will be matched against the first -token of the command line and substituted with the "value" given. - -Two convenient aliases are already defined: - - [aliases] - ls = "ls -CvhF" - ll = "ls -lvhF" - - -General Settings ----------------- - -PHP has just one other setting right now --- the home directory. -Change this in the '[settings]' section. - - - -Bugs? Comments? -================ - -If you find a bug or miss something in PHP Shell, please take a look -at the Tracker System at SourceForge: - - http://sourceforge.net/tracker/?group_id=156638 - -There you will find trackers for Bugs, Patches, and Feature Requests. -You are invited to add items to these so that they wont get lost. - -You can also email the development list, found at: - - https://lists.sourceforge.net/lists/listinfo/phpshell-devel - -This list is for discussion about all things PHP Shell and it is a -good place to discuss a feature or bug before adding it to one of the -SourceForge trackers. diff --git a/shell/README b/shell/README deleted file mode 100644 index 870d661..0000000 --- a/shell/README +++ /dev/null @@ -1,174 +0,0 @@ -README file for PHP Shell -Copyright (C) 2000-2010 the Phpshell-team -Licensed under the GNU GPL. See the file COPYING for details. - -What is PHP Shell? -================== - -PHP Shell is a shell wrapped in a PHP script. It's a tool you can use -to execute arbitrary shell-commands or browse the filesystem on your -remote webserver. This replaces, to a degree, a normal -telnet-connection. - -You use it for administration and maintenance of your website, which -is often much easier to do if you can work directly on the server. -For example, you could use PHP Shell to unpack and move big files -around. All the normal command line programs like ps, free, du, df, -etc... can be used. - - -Limitations -=========== - -There are some limitations on what kind of programs you can run. It -won't do no good if you start a graphical program like Firefox or even -a console based one like vi. All programs have to be strictly command -line programs, and they will have no chance of getting user input -after they have been lunched. - -They probably also have to terminate within 30 seconds, as this is the -default time-limit imposed unto all PHP scripts, to prevent them from -running in an infinite loop. Your ISP may have set this time-limit to -something else. - -But you can rely on all the normal shell-functionality, like pipes, -output and input redirection, etc... (There is no <tab>-completion, -though :-) - - -Safe Mode -========= - -Safe Mode is the nemisis of PHP Shell. If PHP is running in Safe Mode -then PHP Shell will normally not work --- sorry. Please read the -detailed explanation in the SECURITY file. - - -Who am I? -========= - -You may not be the same user when using PHP Shell, as you are when you -upload your files with FTP. On some systems you will be ``nobody``, -on other systems you will become ``httpd`` or ``www-data``. This is a -rather dangerous "feature" of the way PHP is run by the webserver. A -possible effect of this is that you might end up creating files using -PHP Shell which you cannot delete afterwards using FTP and maybe not -even using PHP Shell. Strange, but true :-) - -If you want to execute code as different user, then it's possible to -do so by using the Sudo program available from this address: - - http://www.courtesan.com/sudo/ - -The trick is to configure Sudo to allow the user running the webserver -to execute certain commands as a more privileged user. This will have -to be done by the administrator of the server. Please refer to the -documentation for Sudo for further information about doing this. - - -How to Use It -============= - -When you point your browser at PHP Shell you will be asked to -authenticate yourself. By default no username/password will work, so -please go read INSTALL for information about adding a user. - -You're back? Good. Enter your username and password and press -the "Login" button. - -You will then be presented with a rather simple page containing -nothing much except a big window with the cursor blinking at the -bottom, signaling that it's ready to obey your commands. - -Write a command and press ENTER --- or alternatively, press the 'Execute -Command' button if you really want. The command will be executed and -the result will be shows in the terminal. You can now enter another -command. - -To be more precise: the terminal is updated with the command line you -have just executed, the output of the command to standard out -(stdout), and following that any error output sent to stderr. - -The commands are executed relative to a current working directory, -which is written at the top. You change this by the normal 'cd' -command (or by selecting a other working directory using the links). - -The commands must also be complete, so you cannot enter a multiline command: -$ for i in a b c ; do -> echo $i -> done -However, in one line it is allowed: for i in a b c ; do echo $i ; done - -Variables are also not preserved between the commands, so -$ A=1 -$ echo $A -will output 0 instead of 1. But in one line it works as expected: -$ A=1 ; echo $A -will give you the expected result: 1 - -Alternatives -============ - -An incomplete list of alternatives to PHP Shell would be: - -* SSH. The Secure Shell is the standard solution to the problem that - PHP Shell tries to solve. SSH lets you login to a remote system in a - secure way where the traffic and password is encrypted at all - times. You can also upload and download files securely and make - encrypted TCP tunnels. - - If your host supports SSH then use it and forget about PHP Shell or - any other solution. - -* Telnet. This is the old way to obtain an interactive login on a - remote system. Unfortunately telnet is insecure since the password - and subsequent traffic are sent in clear text. SSH was developed - precisely to replace telnet. The advantage of telnet over PHP Shell - is that it gives you an interactive session. - -* See more alternatives at the Anyterm homepage: - - http://anyterm.org/compared.html - - -Download -======== - -You can download the newest version of PHP Shell from - - http://phpshell.sourceforge.net/ - -The tarball/zipfile contains these files: - -phpshell.php - This is the script you run when you use PHP Shell. - -pwhash.php - A utility used to generate a hashed password. Please read INSTALL - for more information. This file poses no security risk. - -ChangeLog - This file describe the changes I've made to PHP Shell. By reading - it you'll always know when I've added a new feature or made a - bugfix, and the nature of the feature/bugfix. - -README - This file! :-) - -INSTALL - Tells you how to install PHP Shell. Among other things, it - explains how to change the password protection so that you can use - PHP Shell. - - Remember that it's very important to have PHP Shell password - protected, or else everybody will be able so snoop into your files - and perhaps also be able to delete them! Please take the time to - protect your installation of PHP Shell. - -SECURITY - A separate guide about security with PHP in general and PHP Shell in - particular. Be sure to read this too, especially if you are getting - strange errors back from PHP Shell. - -COPYING - Standard GNU GPL. diff --git a/shell/SECURITY b/shell/SECURITY deleted file mode 100644 index 888c554..0000000 --- a/shell/SECURITY +++ /dev/null @@ -1,141 +0,0 @@ -SECURITY file for PHP Shell -Copyright (C) 2005-2010 the Phpshell-team -Licensed under the GNU GPL. See the file COPYING for details. - - -PHP Security -============ - -Installing PHP on your server is an inherently dangerous thing to do, -somewhat similar to the danger one faces when one buys a car: it might -kill you if you have an accident. On the other hand a car makes so -many things so much more convenient, so most people are willing to -accept the risk of accidents. - -Likewise, PHP is a powerful tool which will let you build your -webpages easier and faster than without. But it is a *very* powerful -tool --- PHP is a full programming language which can be used for -general purpose programming and not just to format HTML for display in -a browser. - -So PHP has support for reading and writing files on the filesystem. -But PHP also has support for *deleting* files. PHP even has support -for executing other programs. In other words, PHP has lots of support -for interacting with the rest of the computer it runs on. This -interaction is potentially much more powerful than you want it to, and -this can be a problem if this power ends up in the wrong hands. - - -What about Safe Mode? ---------------------- - -As they note in the PHP manual, Safe Mode is an inherently wrong way -to secure PHP, but is nevertheless used in many installations. -Turning Safe Mode on in PHP basically tries to restrict the language -and its functions to make it "safe". - -This involves a strict check on file ownership so that PHP wont -operate on files and directories which are not owned by the owner of -the current script. Other restrictions in Safe Mode include limits on -which files can be executed and includes (thus making a primitive form -of chroot or jail around the PHP script). - -PHP Shell is made mostly useless with Safe Mode since it restricts the -two commands that PHP Shell uses: ``chdir()`` and ``proc_open()``: - -* With Safe Mode you cannot change to a directory unless you are the - owner of that directory. This means that you cannot change to, say, - ``/etc`` since ``root`` own that directory. - - You'll see this when 'cd /etc' results in this error from PHP Shell: - - chdir(): SAFE MODE Restriction in effect. The script whose uid is - 500 is not allowed to access /etc owned by uid 0 - cd: could not change to: /etc - -* When Safe Mode is active, PHP forces the argument to ``proc_open()`` - to be escaped, which means that you cannot use normal shell - wildcards, pipes or any such stuff. - - So if you enter 'ls *.txt' in a directory where you know for certain - that there is a text file ending in '.txt', you will get the - following error: - - /bin/ls: *.txt: No such file or directory - - This is because PHP has silently changed the command into 'ls - \*.txt' to disable the wildcard. - -* You cannot execute programs unless they are placed in a directory - listed in ``safe_mode_exec_dir``. Say you want to execute the - program ``tr`` (which translates between sets of characters) and you - get this strange messages back: - - sh: line 1: /bin/tr: No such file or directory - - Then you have a problem with the ``safe_mode_exec_dir`` setting. In - this case ``safe_mode_exec_dir`` is set to just ``/bin`` and so PHP - has forced the shell to execute ``/bin/tr`` and since ``tr`` is - installed in ``/usr/bin`` it could not be found. - - If you have write access to a directory listed in - ``safe_mode_exec_dir``, then try copying the wanted program there - first. Executing it should now work. - - -Even without enabling Safe Mode some functions might have been -disabled via the ``disabled_functions`` setting. If the -``proc_open()`` function used by PHP Shell has been disabled, then you -will see an error like this: - - Fatal Error! - - proc_open() has been disabled for security reasons - - in /path/to/your/installation/phpshell.php, line 221. - - - -PHP Shell Security -================== - -As noted above, PHP is a powerful tool --- how does PHP Shell fit into -this? PHP Shell is actually quite simple and does one thing: it uses -the standard PHP function ``proc_open()`` to execute programs. - -Executing other programs is probably the most powerful thing you can -do in PHP, and so PHP Shell gives you a convenient interface to this -the most powerful feature of PHP. Nothing more. - - -Is PHP Shell Dangerous? ------------------------ - -Short answer: *yes*! PHP Shell has been used in the past by people -with not-so-good intentions to destroy valuable content on servers. - -The longer answer is that installing PHP Shell is like building a new -door in your house --- if you leave it unlocked, then people can (and -probably will!) walk into it and steal your possessions. So you want -to lock it, and make sure you use a good lock. - -With PHP Shell that is equivalent of using a secure password. A -secure password is one which is hard to guess (make it long, make it -random, and put both numbers, special characters and normal letters in -it). - - Remember that guessing the password is all that stands between the - crackers and your files! - -If you use a good password, then PHP Shell does not make your system -any more insecure than it already was. Security is always a matter of -finding the weakest link in the chain: if you use FTP with a simple -password for updating your site, then it would be much easier for the -crackers to attack that instead of trying to guess your super-hard PHP -Shell password. So make sure that you tighten security on all fronts -you know of. - - -If you have comments or suggestions for improvements to this little -guide in system security, then please do not hesitate to contact the -author at <mgeisler@mgeisler.net>. diff --git a/shell/bin/cat.php b/shell/bin/cat.php new file mode 100644 index 0000000..fab9883 --- /dev/null +++ b/shell/bin/cat.php @@ -0,0 +1,7 @@ +<?php +function main($args) { + $me = array_shift($args); + foreach ($args as $file) { + echo htmlentities(file_get_contents($file)); + } +} diff --git a/shell/bin/cd.php b/shell/bin/cd.php new file mode 100644 index 0000000..3679e88 --- /dev/null +++ b/shell/bin/cd.php @@ -0,0 +1,5 @@ +<?php +function main($args) { + @$dir = $args[1]; + return php_chdir($dir); +} diff --git a/shell/bin/chmod.php b/shell/bin/chmod.php new file mode 100644 index 0000000..ca66f56 --- /dev/null +++ b/shell/bin/chmod.php @@ -0,0 +1,13 @@ +<?php +function main($args) { + $me = array_shift($args); + if (count($args)<2) { + echo $me.': usage: '.$me.' MODE FILE1 [FILE2 [FILE2]]'."\n"; + return 1; + } else { + $mode = array_shift($args); + foreach ($args as $file) { + chmod($file,octdec($mode)); + } + } +}
\ No newline at end of file diff --git a/shell/bin/echo.php b/shell/bin/echo.php new file mode 100644 index 0000000..82487b0 --- /dev/null +++ b/shell/bin/echo.php @@ -0,0 +1,6 @@ +<?php +function main($args) { + array_shift($args); + echo implode(' ',$args)."\n"; + return 0; +} diff --git a/shell/bin/editor.php b/shell/bin/editor.php new file mode 100644 index 0000000..6eac87e --- /dev/null +++ b/shell/bin/editor.php @@ -0,0 +1,21 @@ +<?php +function main($args) { + if (isset($_POST['stdin'])) { + if (isset($args[1])) { + file_put_contents($args[1],$_POST['stdin']); + } else { + echo $_POST['stdin']; + } + } else { + if (isset($args[1]) && file_exists($args[1])) { + $text = file_get_contents($args[1]); + } else { + $text = ''; + } + echo '<div class="editor">'; + echo '<input type="hidden" name="stddest" value="'.$_POST['c'].'" />'; + echo '<textarea name="stdin">'.$text.'</textarea>'."\n"; + echo '<input type="submit" value="save" />'; + echo '</div>'; + } +} diff --git a/shell/bin/help.php b/shell/bin/help.php new file mode 100644 index 0000000..95d2641 --- /dev/null +++ b/shell/bin/help.php @@ -0,0 +1,12 @@ +<?php +function main($args, $env) { + $commands = array(); + foreach (explode(';',$env['PATH']) as $dir) { + $commands = array_merge($commands,glob($dir.'/*.php')); + } + foreach ($commands as $command) { + echo preg_replace('@.*/([^/]*)\.php$@',"\$1\n",$command); + } + return 0; +} + diff --git a/shell/bin/ls.php b/shell/bin/ls.php new file mode 100644 index 0000000..fa01f2e --- /dev/null +++ b/shell/bin/ls.php @@ -0,0 +1,34 @@ +<?php +function main($args) { + if (count($args)<2) { + $args[]='.'; + } + $ret=0; + $me = array_shift($args); + foreach ($args as $name) { + if (file_exists($name)) { + if (is_dir($name)) { + @$dh = opendir($name); + if ($dh === false) { + echo $me.': can not open directory: `'.$name."'\n"; + $ret++; + } else { + if (count($args)>1) { echo $name.":\n"; } + $files = array(); + while (false !== ($file = readdir($dh))) { + $files[]="$file"; + } + sort($files); + echo implode("\n",$files)."\n"; + closedir($dh); + } + } else { + echo $name."\n"; + } + } else { + echo $me.': file does not exist: `'.$name."'\n"; + $ret++; + } + } + return $ret; +} diff --git a/shell/bin/pwd.php b/shell/bin/pwd.php new file mode 100644 index 0000000..2b43d00 --- /dev/null +++ b/shell/bin/pwd.php @@ -0,0 +1,5 @@ +<?php +function main($args) { + echo getcwd()."\n"; +} + diff --git a/shell/bin/rm.php b/shell/bin/rm.php new file mode 100644 index 0000000..7bb7aef --- /dev/null +++ b/shell/bin/rm.php @@ -0,0 +1,8 @@ +<?php +function main($args) { + $me = array_shift($args); + foreach ($args as $file) { + unlink($file); + } +} + diff --git a/shell/bin/stat.php b/shell/bin/stat.php new file mode 100644 index 0000000..2a13743 --- /dev/null +++ b/shell/bin/stat.php @@ -0,0 +1,67 @@ + <?php + function perms($perms) { + if (($perms & 0xC000) == 0xC000) { + $info = 's'; // Socket + } elseif (($perms & 0xA000) == 0xA000) { + $info = 'l'; // Symbolic Link + } elseif (($perms & 0x8000) == 0x8000) { + $info = '-'; // Regular + } elseif (($perms & 0x6000) == 0x6000) { + $info = 'b'; // Block special + } elseif (($perms & 0x4000) == 0x4000) { + $info = 'd'; // Directory + } elseif (($perms & 0x2000) == 0x2000) { + $info = 'c'; // Character special + } elseif (($perms & 0x1000) == 0x1000) { + $info = 'p'; // FIFO pipe + } else { + $info = 'u'; // Unknown + } + + // Owner + $info .= (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); + + // Group + $info .= (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); + + // World + $info .= (($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); + + return '('.substr(sprintf('%o',$perms),-4).'/'.$info.')'; +} + +function main($args) { + $me = array_shift($args); + $ret = 0; + foreach ($args as $file) { + $data = stat($file); + if ($data === false) { + echo $me.': cannot stat file: `'.$file."'\n"; + $ret++; + } else { + echo ' File: `'.$file."'\n"; + echo ' Size: '.$data['size']."\t"; + echo 'Blocks: '.$data['blocks']."\t"; + //echo 'IO Block: '; + echo $data['rdev']."\n"; + echo 'Device: '.$data['dev']."\t"; + echo 'Inode: '.$data['ino']."\t"; + echo 'Links: '.$data['nlink']."\n"; + echo 'Access: '.perms($data['mode'])."\t"; + echo "\n"; + } + } + return $ret; +}
\ No newline at end of file diff --git a/shell/bin/whoami.php b/shell/bin/whoami.php new file mode 100644 index 0000000..84db5a1 --- /dev/null +++ b/shell/bin/whoami.php @@ -0,0 +1,4 @@ +<?php +function main($args) { + echo get_current_user(); +} diff --git a/shell/config.php b/shell/config.php deleted file mode 100644 index 843069b..0000000 --- a/shell/config.php +++ /dev/null @@ -1,71 +0,0 @@ -; <?php die('Forbidden'); ?> -*- conf -*- -; Do not remove the above line, it is all that prevents this file from -; being downloaded. -; -; config.php file for PHP Shell -; Copyright (C) 2005-2010 the Phpshell-team -; Licensed under the GNU GPL. See the file COPYING for details. - -; This ini-file has three parts: -; -; * [users] where you add usernames and passwords to give users access -; to PHP Shell. -; -; * [aliases] where you can configure shell aliases. -; -; * [settings] where general settings are placed. - - -[users] - -luke = "sha1:da6c3f7:1c125210c15b45a083e77674693ceda9dc4750f3" - -; The default configuration has no users defined, you have to add your -; own (choose good passwords!). Add uses as simple -; -; username = "password" -; -; lines. Please quote your password using double-quotes as shown. -; The semi-colon ':' is a reserved character, so do *not* use that in -; your passwords. -; -; For improved security it is *strongly suggested* that you the -; pwhash.php script to generate a hashed password and store that -; instead of the normal clear text password. Keeping your passwords -; in hashed form ensures that they cannot be found, even if this file -; is disclosed. The passwords are still visible in clear text during -; the login, though. Please follow the instructions given in -; pwhash.php. - - - -[aliases] - -; Alias expansion. Change the two examples as needed and add your own -; favorites --- feel free to suggest more defaults! The command line -; you enter will only be expanded on the very first token and only -; once, so having 'ls' expand into 'ls -CvhF' does not cause an -; infinite recursion. - -ls = "ls -CvhF" -ll = "ls -lvhF" - - - -[settings] - -; General settings for PHP Shell. - -; Home directory. PHP Shell will change to this directory upon -; startup and whenever a bare 'cd' command is given. This can be an -; absolute path or a path relative to the PHP Shell installation -; directory. - -home-directory = "." - -; Safe Mode warning. PHP Shell will normally display a big, fat -; warning if it detects that PHP is running in Safe Mode. If you find -; that PHP Shell works anyway, then set this to false to get rid of -; the warning. - -safe-mode-warning = true diff --git a/shell/config.php~ b/shell/config.php~ deleted file mode 100644 index b9b48ca..0000000 --- a/shell/config.php~ +++ /dev/null @@ -1,69 +0,0 @@ -; <?php die('Forbidden'); ?> -*- conf -*- -; Do not remove the above line, it is all that prevents this file from -; being downloaded. -; -; config.php file for PHP Shell -; Copyright (C) 2005-2010 the Phpshell-team -; Licensed under the GNU GPL. See the file COPYING for details. - -; This ini-file has three parts: -; -; * [users] where you add usernames and passwords to give users access -; to PHP Shell. -; -; * [aliases] where you can configure shell aliases. -; -; * [settings] where general settings are placed. - - -[users] - -; The default configuration has no users defined, you have to add your -; own (choose good passwords!). Add uses as simple -; -; username = "password" -; -; lines. Please quote your password using double-quotes as shown. -; The semi-colon ':' is a reserved character, so do *not* use that in -; your passwords. -; -; For improved security it is *strongly suggested* that you the -; pwhash.php script to generate a hashed password and store that -; instead of the normal clear text password. Keeping your passwords -; in hashed form ensures that they cannot be found, even if this file -; is disclosed. The passwords are still visible in clear text during -; the login, though. Please follow the instructions given in -; pwhash.php. - - - -[aliases] - -; Alias expansion. Change the two examples as needed and add your own -; favorites --- feel free to suggest more defaults! The command line -; you enter will only be expanded on the very first token and only -; once, so having 'ls' expand into 'ls -CvhF' does not cause an -; infinite recursion. - -ls = "ls -CvhF" -ll = "ls -lvhF" - - - -[settings] - -; General settings for PHP Shell. - -; Home directory. PHP Shell will change to this directory upon -; startup and whenever a bare 'cd' command is given. This can be an -; absolute path or a path relative to the PHP Shell installation -; directory. - -home-directory = "." - -; Safe Mode warning. PHP Shell will normally display a big, fat -; warning if it detects that PHP is running in Safe Mode. If you find -; that PHP Shell works anyway, then set this to false to get rid of -; the warning. - -safe-mode-warning = true diff --git a/shell/exec.php b/shell/exec.php new file mode 100644 index 0000000..f3dc8d1 --- /dev/null +++ b/shell/exec.php @@ -0,0 +1,58 @@ +<?php + +function php_chdir($dir) { + $ret = chdir($dir); + echo '<input type="hidden" name="d" value="'.getcwd().'" />'; + return $ret; +} + +function php_exec($com, $cwd='') { + if ($cwd != '') { php_chdir($cwd); } + if ($com=='') { return 0; } + + $root = dirname(__FILE__); + + $ifs=' '; + $path = $root.'/bin'; + + $env = array('IFS' => $ifs, 'PATH' => $path); + + $coms = array(); + $a = 0; + $c = 0; + $q = ''; + while ($com != '') { + $char = substr($com,0,1); + $com = substr($com,1); + if (substr_count ('\'',$char)!==0) { + if (substr($q,0,1)===$char) { + $q = substr($q,1); + } else { + $q = $char.$q; + } + } elseif ($q != '') { + $coms[$c][$a].=$char; + } elseif (substr_count ($ifs,$char)!==0) { + if (isset($coms[$c][$a])) { + $a++; + } + } elseif (substr_count (';',$char)!==0) { + $c++; + } else { + $coms[$c][$a].=$char; + } + } + + $ret=0; + foreach ($coms as $args) { + $file=$path.'/'.$args[0].'.php'; + if (file_exists($file)) { + include($file); + $ret = main($args,$env); + } else { + echo 'sh: command not found: `'.$args[0]."'\n"; + $ret = 1; + } + } + return $ret; +} diff --git a/shell/foobar.txt b/shell/foobar.txt new file mode 100644 index 0000000..fd80404 --- /dev/null +++ b/shell/foobar.txt @@ -0,0 +1 @@ +this is foobar.txt
\ No newline at end of file diff --git a/shell/index.php b/shell/index.php new file mode 100644 index 0000000..6d62a65 --- /dev/null +++ b/shell/index.php @@ -0,0 +1,31 @@ +<?php +$LTS = 'set'; +session_start(); +include('no_magicquotes.php'); + +global $auth_html; +include('login.php'); + +echo '<?xml version="1.0" encoding="utf-8"?>'; +?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" + "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us" dir="ltr" > +<head> + <title>ltShell 3</title> + <link rel="stylesheet" href="style.css" media="screen,projection" /> + <script type="text/javascript"> + function formfocus() { + document.getElementById('prompt').focus(); + } + window.onload = formfocus; + </script> +</head> +<body> +<div class="login"><?php echo $auth_html; ?></div> +<?php +if ( isset($_SESSION['user']) && ($_SESSION['user']!='') ) { + include('shell.php'); +} +?> +</body></html> diff --git a/shell/lightopenid.php b/shell/lightopenid.php new file mode 100644 index 0000000..f868273 --- /dev/null +++ b/shell/lightopenid.php @@ -0,0 +1,650 @@ +<?php +/** + * This class provides a simple interface for OpenID (1.1 and 2.0) authentication. + * Supports Yadis discovery. + * The authentication process is stateless/dumb. + * + * Usage: + * Sign-on with OpenID is a two step process: + * Step one is authentication with the provider: + * <code> + * $openid = new LightOpenID; + * $openid->identity = 'ID supplied by user'; + * header('Location: ' . $openid->authUrl()); + * </code> + * The provider then sends various parameters via GET, one of them is openid_mode. + * Step two is verification: + * <code> + * if ($this->data['openid_mode']) { + * $openid = new LightOpenID; + * echo $openid->validate() ? 'Logged in.' : 'Failed'; + * } + * </code> + * + * Optionally, you can set $returnUrl and $realm (or $trustRoot, which is an alias). + * The default values for those are: + * $openid->realm = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST']; + * $openid->returnUrl = $openid->realm . $_SERVER['REQUEST_URI']; # without the query part, if present + * If you don't know their meaning, refer to any openid tutorial, or specification. Or just guess. + * + * AX and SREG extensions are supported. + * To use them, specify $openid->required and/or $openid->optional before calling $openid->authUrl(). + * These are arrays, with values being AX schema paths (the 'path' part of the URL). + * For example: + * $openid->required = array('namePerson/friendly', 'contact/email'); + * $openid->optional = array('namePerson/first'); + * If the server supports only SREG or OpenID 1.1, these are automaticaly + * mapped to SREG names, so that user doesn't have to know anything about the server. + * + * To get the values, use $openid->getAttributes(). + * + * + * The library requires PHP >= 5.1.2 with http/https stream wrappers enabled.. + * @author Mewp + * @copyright Copyright (c) 2010, Mewp + * @license http://www.opensource.org/licenses/mit-license.php MIT + */ +class LightOpenID +{ + public $returnUrl + , $required = array() + , $optional = array(); + private $identity, $claimed_id; + protected $server, $version, $trustRoot, $aliases, $identifier_select = false + , $ax = false, $sreg = false, $data; + static protected $ax_to_sreg = array( + 'namePerson/friendly' => 'nickname', + 'contact/email' => 'email', + 'namePerson' => 'fullname', + 'birthDate' => 'dob', + 'person/gender' => 'gender', + 'contact/postalCode/home' => 'postcode', + 'contact/country/home' => 'country', + 'pref/language' => 'language', + 'pref/timezone' => 'timezone', + ); + + function __construct() + { + $this->trustRoot = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST']; + $uri = $_SERVER['REQUEST_URI']; + $uri = strpos($uri, '?') ? substr($uri, 0, strpos($uri, '?')) : $uri; + $this->returnUrl = $this->trustRoot . $uri; + + $this->data = $_POST + $_GET; # OPs may send data as POST or GET. + } + + function __set($name, $value) + { + switch ($name) { + case 'identity': + if (strlen($value = trim((String) $value))) { + if (preg_match('#^xri:/*#i', $value, $m)) { + $value = substr($value, strlen($m[0])); + } elseif (!preg_match('/^(?:[=@+\$!\(]|https?:)/i', $value)) { + $value = "http://$value"; + } + if (preg_match('#^https?://[^/]+$#i', $value, $m)) { + $value .= '/'; + } + } + $this->$name = $this->claimed_id = $value; + break; + case 'trustRoot': + case 'realm': + $this->trustRoot = trim($value); + } + } + + function __get($name) + { + switch ($name) { + case 'identity': + # We return claimed_id instead of identity, + # because the developer should see the claimed identifier, + # i.e. what he set as identity, not the op-local identifier (which is what we verify) + return $this->claimed_id; + case 'trustRoot': + case 'realm': + return $this->trustRoot; + } + } + + /** + * Checks if the server specified in the url exists. + * + * @param $url url to check + * @return true, if the server exists; false otherwise + */ + function hostExists($url) + { + if (strpos($url, '/') === false) { + $server = $url; + } else { + $server = @parse_url($url, PHP_URL_HOST); + } + + if (!$server) { + return false; + } + + return !!gethostbynamel($server); + } + + + protected function request($url, $method='GET', $params=array()) + { + if(!$this->hostExists($url)) { + throw new ErrorException('Invalid request.'); + } + + $params = http_build_query($params, '', '&'); + switch($method) { + case 'GET': + $opts = array( + 'http' => array( + 'method' => 'GET', + 'header' => 'Accept: application/xrds+xml, */*', + 'ignore_errors' => true, + ) + ); + $url = $url . ($params ? '?' . $params : ''); + break; + case 'POST': + $opts = array( + 'http' => array( + 'method' => 'POST', + 'header' => 'Content-type: application/x-www-form-urlencoded', + 'content' => $params, + 'ignore_errors' => true, + ) + ); + break; + case 'HEAD': + # We want to send a HEAD request, + # but since get_headers doesn't accept $context parameter, + # we have to change the defaults. + $default = stream_context_get_options(stream_context_get_default()); + stream_context_get_default( + array('http' => array( + 'method' => 'HEAD', + 'header' => 'Accept: application/xrds+xml, */*', + 'ignore_errors' => true, + )) + ); + + $url = $url . ($params ? '?' . $params : ''); + $headers_tmp = get_headers ($url); + if(!$headers_tmp) { + return array(); + } + + # Parsing headers. + $headers = array(); + foreach($headers_tmp as $header) { + $pos = strpos($header,':'); + $name = strtolower(trim(substr($header, 0, $pos))); + $headers[$name] = trim(substr($header, $pos+1)); + + # Following possible redirections. The point is just to have + # claimed_id change with them, because get_headers() will + # follow redirections automatically. + # We ignore redirections with relative paths. + # If any known provider uses them, file a bug report. + if($name == 'location') { + if(strpos($headers[$name], 'http') === 0) { + $this->claimed_id = $headers[$name]; + } elseif($headers[$name][0] == '/') { + $parsed_url = parse_url($this->claimed_id); + $this->claimed_id = $parsed_url['scheme'] . '://' + . $parsed_url['host'] + . $headers[$name]; + } + } + } + + # And restore them. + stream_context_get_default($default); + return $headers; + } + $context = stream_context_create ($opts); + + return file_get_contents($url, false, $context); + } + + protected function build_url($url, $parts) + { + if (isset($url['query'], $parts['query'])) { + $parts['query'] = $url['query'] . '&' . $parts['query']; + } + + $url = $parts + $url; + $url = $url['scheme'] . '://' + . (empty($url['username'])?'' + :(empty($url['password'])? "{$url['username']}@" + :"{$url['username']}:{$url['password']}@")) + . $url['host'] + . (empty($url['port'])?'':":{$url['port']}") + . (empty($url['path'])?'':$url['path']) + . (empty($url['query'])?'':"?{$url['query']}") + . (empty($url['fragment'])?'':":{$url['fragment']}"); + return $url; + } + + /** + * Helper function used to scan for <meta>/<link> tags and extract information + * from them + */ + protected function htmlTag($content, $tag, $attrName, $attrValue, $valueName) + { + preg_match_all("#<{$tag}[^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*$valueName=['\"](.+?)['\"][^>]*/?>#i", $content, $matches1); + preg_match_all("#<{$tag}[^>]*$valueName=['\"](.+?)['\"][^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*/?>#i", $content, $matches2); + + $result = array_merge($matches1[1], $matches2[1]); + return empty($result)?false:$result[0]; + } + + /** + * Performs Yadis and HTML discovery. Normally not used. + * @param $url Identity URL. + * @return String OP Endpoint (i.e. OpenID provider address). + * @throws ErrorException + */ + function discover($url) + { + if (!$url) throw new ErrorException('No identity supplied.'); + # Use xri.net proxy to resolve i-name identities + if (!preg_match('#^https?:#', $url)) { + $url = "https://xri.net/$url"; + } + + # We save the original url in case of Yadis discovery failure. + # It can happen when we'll be lead to an XRDS document + # which does not have any OpenID2 services. + $originalUrl = $url; + + # A flag to disable yadis discovery in case of failure in headers. + $yadis = true; + + # We'll jump a maximum of 5 times, to avoid endless redirections. + for ($i = 0; $i < 5; $i ++) { + if ($yadis) { + $headers = $this->request($url, 'HEAD'); + + $next = false; + if (isset($headers['x-xrds-location'])) { + $url = $this->build_url(parse_url($url), parse_url(trim($headers['x-xrds-location']))); + $next = true; + } + + if (isset($headers['content-type']) + && strpos($headers['content-type'], 'application/xrds+xml') !== false) { + # Found an XRDS document, now let's find the server, and optionally delegate. + $content = $this->request($url, 'GET'); + + # OpenID 2 + $ns = preg_quote('http://specs.openid.net/auth/2.0/'); + if (preg_match('#<Service.*?>(.*)<Type>\s*'.$ns.'(.*?)\s*</Type>(.*)</Service>#s', $content, $m)) { + $content = ' ' . $m[1] . $m[3]; # The space is added, so that strpos doesn't return 0. + if ($m[2] == 'server') $this->identifier_select = true; + + preg_match('#<URI.*?>(.*)</URI>#', $content, $server); + preg_match('#<(Local|Canonical)ID>(.*)</\1ID>#', $content, $delegate); + if (empty($server)) { + return false; + } + # Does the server advertise support for either AX or SREG? + $this->ax = (bool) strpos($content, '<Type>http://openid.net/srv/ax/1.0</Type>'); + $this->sreg = strpos($content, '<Type>http://openid.net/sreg/1.0</Type>') + || strpos($content, '<Type>http://openid.net/extensions/sreg/1.1</Type>'); + + $server = $server[1]; + if (isset($delegate[2])) $this->identity = trim($delegate[2]); + $this->version = 2; + + $this->server = $server; + return $server; + } + + # OpenID 1.1 + $ns = preg_quote('http://openid.net/signon/1.1'); + if (preg_match('#<Service.*?>(.*)<Type>\s*'.$ns.'\s*</Type>(.*)</Service>#s', $content, $m)) { + $content = ' ' . $m[1] . $m[2]; + + preg_match('#<URI.*?>(.*)</URI>#', $content, $server); + preg_match('#<.*?Delegate>(.*)</.*?Delegate>#', $content, $delegate); + if (empty($server)) { + return false; + } + # AX can be used only with OpenID 2.0, so checking only SREG + $this->sreg = strpos($content, '<Type>http://openid.net/sreg/1.0</Type>') + || strpos($content, '<Type>http://openid.net/extensions/sreg/1.1</Type>'); + + $server = $server[1]; + if (isset($delegate[1])) $this->identity = $delegate[1]; + $this->version = 1; + + $this->server = $server; + return $server; + } + + $next = true; + $yadis = false; + $url = $originalUrl; + $content = null; + break; + } + if ($next) continue; + + # There are no relevant information in headers, so we search the body. + $content = $this->request($url, 'GET'); + if ($location = $this->htmlTag($content, 'meta', 'http-equiv', 'X-XRDS-Location', 'value')) { + $url = $this->build_url(parse_url($url), parse_url($location)); + continue; + } + } + + if (!$content) $content = $this->request($url, 'GET'); + + # At this point, the YADIS Discovery has failed, so we'll switch + # to openid2 HTML discovery, then fallback to openid 1.1 discovery. + $server = $this->htmlTag($content, 'link', 'rel', 'openid2.provider', 'href'); + $delegate = $this->htmlTag($content, 'link', 'rel', 'openid2.local_id', 'href'); + $this->version = 2; + + if (!$server) { + # The same with openid 1.1 + $server = $this->htmlTag($content, 'link', 'rel', 'openid.server', 'href'); + $delegate = $this->htmlTag($content, 'link', 'rel', 'openid.delegate', 'href'); + $this->version = 1; + } + + if ($server) { + # We found an OpenID2 OP Endpoint + if ($delegate) { + # We have also found an OP-Local ID. + $this->identity = $delegate; + } + $this->server = $server; + return $server; + } + + throw new ErrorException('No servers found!'); + } + throw new ErrorException('Endless redirection!'); + } + + protected function sregParams() + { + $params = array(); + # We always use SREG 1.1, even if the server is advertising only support for 1.0. + # That's because it's fully backwards compatibile with 1.0, and some providers + # advertise 1.0 even if they accept only 1.1. One such provider is myopenid.com + $params['openid.ns.sreg'] = 'http://openid.net/extensions/sreg/1.1'; + if ($this->required) { + $params['openid.sreg.required'] = array(); + foreach ($this->required as $required) { + if (!isset(self::$ax_to_sreg[$required])) continue; + $params['openid.sreg.required'][] = self::$ax_to_sreg[$required]; + } + $params['openid.sreg.required'] = implode(',', $params['openid.sreg.required']); + } + + if ($this->optional) { + $params['openid.sreg.optional'] = array(); + foreach ($this->optional as $optional) { + if (!isset(self::$ax_to_sreg[$optional])) continue; + $params['openid.sreg.optional'][] = self::$ax_to_sreg[$optional]; + } + $params['openid.sreg.optional'] = implode(',', $params['openid.sreg.optional']); + } + return $params; + } + + protected function axParams() + { + $params = array(); + if ($this->required || $this->optional) { + $params['openid.ns.ax'] = 'http://openid.net/srv/ax/1.0'; + $params['openid.ax.mode'] = 'fetch_request'; + $this->aliases = array(); + $counts = array(); + $required = array(); + $optional = array(); + foreach (array('required','optional') as $type) { + foreach ($this->$type as $alias => $field) { + if (is_int($alias)) $alias = strtr($field, '/', '_'); + $this->aliases[$alias] = 'http://axschema.org/' . $field; + if (empty($counts[$alias])) $counts[$alias] = 0; + $counts[$alias] += 1; + ${$type}[] = $alias; + } + } + foreach ($this->aliases as $alias => $ns) { + $params['openid.ax.type.' . $alias] = $ns; + } + foreach ($counts as $alias => $count) { + if ($count == 1) continue; + $params['openid.ax.count.' . $alias] = $count; + } + + # Don't send empty ax.requied and ax.if_available. + # Google and possibly other providers refuse to support ax when one of these is empty. + if($required) { + $params['openid.ax.required'] = implode(',', $required); + } + if($optional) { + $params['openid.ax.if_available'] = implode(',', $optional); + } + } + return $params; + } + + protected function authUrl_v1() + { + $returnUrl = $this->returnUrl; + # If we have an openid.delegate that is different from our claimed id, + # we need to somehow preserve the claimed id between requests. + # The simplest way is to just send it along with the return_to url. + if($this->identity != $this->claimed_id) { + $returnUrl .= (strpos($returnUrl, '?') ? '&' : '?') . 'openid.claimed_id=' . $this->claimed_id; + } + + $params = array( + 'openid.return_to' => $returnUrl, + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $this->identity, + 'openid.trust_root' => $this->trustRoot, + ) + $this->sregParams(); + + return $this->build_url(parse_url($this->server) + , array('query' => http_build_query($params, '', '&'))); + } + + protected function authUrl_v2($identifier_select) + { + $params = array( + 'openid.ns' => 'http://specs.openid.net/auth/2.0', + 'openid.mode' => 'checkid_setup', + 'openid.return_to' => $this->returnUrl, + 'openid.realm' => $this->trustRoot, + ); + if ($this->ax) { + $params += $this->axParams(); + } + if ($this->sreg) { + $params += $this->sregParams(); + } + if (!$this->ax && !$this->sreg) { + # If OP doesn't advertise either SREG, nor AX, let's send them both + # in worst case we don't get anything in return. + $params += $this->axParams() + $this->sregParams(); + } + + if ($identifier_select) { + $params['openid.identity'] = $params['openid.claimed_id'] + = 'http://specs.openid.net/auth/2.0/identifier_select'; + } else { + $params['openid.identity'] = $this->identity; + $params['openid.claimed_id'] = $this->claimed_id; + } + + return $this->build_url(parse_url($this->server) + , array('query' => http_build_query($params, '', '&'))); + } + + /** + * Returns authentication url. Usually, you want to redirect your user to it. + * @return String The authentication url. + * @param String $select_identifier Whether to request OP to select identity for an user in OpenID 2. Does not affect OpenID 1. + * @throws ErrorException + */ + function authUrl($identifier_select = null) + { + if (!$this->server) $this->discover($this->identity); + + if ($this->version == 2) { + if ($identifier_select === null) { + return $this->authUrl_v2($this->identifier_select); + } + return $this->authUrl_v2($identifier_select); + } + return $this->authUrl_v1(); + } + + /** + * Performs OpenID verification with the OP. + * @return Bool Whether the verification was successful. + * @throws ErrorException + */ + function validate() + { + $this->claimed_id = isset($this->data['openid_claimed_id'])?$this->data['openid_claimed_id']:$this->data['openid_identity']; + $params = array( + 'openid.assoc_handle' => $this->data['openid_assoc_handle'], + 'openid.signed' => $this->data['openid_signed'], + 'openid.sig' => $this->data['openid_sig'], + ); + + if (isset($this->data['openid_ns'])) { + # We're dealing with an OpenID 2.0 server, so let's set an ns + # Even though we should know location of the endpoint, + # we still need to verify it by discovery, so $server is not set here + $params['openid.ns'] = 'http://specs.openid.net/auth/2.0'; + } elseif(isset($this->data['openid_claimed_id'])) { + # If it's an OpenID 1 provider, and we've got claimed_id, + # we have to append it to the returnUrl, like authUrl_v1 does. + $this->returnUrl .= (strpos($this->returnUrl, '?') ? '&' : '?') + . 'openid.claimed_id=' . $this->claimed_id; + } + + if ($this->data['openid_return_to'] != $this->returnUrl) { + # The return_to url must match the url of current request. + # I'm assuing that noone will set the returnUrl to something that doesn't make sense. + return false; + } + + $server = $this->discover($this->data['openid_identity']); + + foreach (explode(',', $this->data['openid_signed']) as $item) { + # Checking whether magic_quotes_gpc is turned on, because + # the function may fail if it is. For example, when fetching + # AX namePerson, it might containg an apostrophe, which will be escaped. + # In such case, validation would fail, since we'd send different data than OP + # wants to verify. stripslashes() should solve that problem, but we can't + # use it when magic_quotes is off. + $value = $this->data['openid_' . str_replace('.','_',$item)]; + $params['openid.' . $item] = get_magic_quotes_gpc() ? stripslashes($value) : $value; + } + + $params['openid.mode'] = 'check_authentication'; + + $response = $this->request($server, 'POST', $params); + + return preg_match('/is_valid\s*:\s*true/i', $response); + } + + protected function getAxAttributes() + { + $alias = null; + if (isset($this->data['openid_ns_ax']) + && $this->data['openid_ns_ax'] != 'http://openid.net/srv/ax/1.0' + ) { # It's the most likely case, so we'll check it before + $alias = 'ax'; + } else { + # 'ax' prefix is either undefined, or points to another extension, + # so we search for another prefix + foreach ($this->data as $key => $val) { + if (substr($key, 0, strlen('openid_ns_')) == 'openid_ns_' + && $val == 'http://openid.net/srv/ax/1.0' + ) { + $alias = substr($key, strlen('openid_ns_')); + break; + } + } + } + if (!$alias) { + # An alias for AX schema has not been found, + # so there is no AX data in the OP's response + return array(); + } + + $attributes = array(); + foreach ($this->data as $key => $value) { + $keyMatch = 'openid_' . $alias . '_value_'; + if (substr($key, 0, strlen($keyMatch)) != $keyMatch) { + continue; + } + $key = substr($key, strlen($keyMatch)); + if (!isset($this->data['openid_' . $alias . '_type_' . $key])) { + # OP is breaking the spec by returning a field without + # associated ns. This shouldn't happen, but it's better + # to check, than cause an E_NOTICE. + continue; + } + $key = substr($this->data['openid_' . $alias . '_type_' . $key], + strlen('http://axschema.org/')); + $attributes[$key] = $value; + } + return $attributes; + } + + protected function getSregAttributes() + { + $attributes = array(); + $sreg_to_ax = array_flip(self::$ax_to_sreg); + foreach ($this->data as $key => $value) { + $keyMatch = 'openid_sreg_'; + if (substr($key, 0, strlen($keyMatch)) != $keyMatch) { + continue; + } + $key = substr($key, strlen($keyMatch)); + if (!isset($sreg_to_ax[$key])) { + # The field name isn't part of the SREG spec, so we ignore it. + continue; + } + $attributes[$sreg_to_ax[$key]] = $value; + } + return $attributes; + } + + /** + * Gets AX/SREG attributes provided by OP. should be used only after successful validaton. + * Note that it does not guarantee that any of the required/optional parameters will be present, + * or that there will be no other attributes besides those specified. + * In other words. OP may provide whatever information it wants to. + * * SREG names will be mapped to AX names. + * * @return Array Array of attributes with keys being the AX schema names, e.g. 'contact/email' + * @see http://www.axschema.org/types/ + */ + function getAttributes() + { + if (isset($this->data['openid_ns']) + && $this->data['openid_ns'] == 'http://specs.openid.net/auth/2.0' + ) { # OpenID 2.0 + # We search for both AX and SREG attributes, with AX taking precedence. + return $this->getAxAttributes() + $this->getSregAttributes(); + } + return $this->getSregAttributes(); + } +} diff --git a/shell/login.php b/shell/login.php new file mode 100644 index 0000000..eff6eca --- /dev/null +++ b/shell/login.php @@ -0,0 +1,59 @@ +<?php if (!isset($LTS)) { die(); } + +// BEGIN AUTH CODE ///////////////////////////////////////////////////////////// +global $auth_html; +include_once('lightopenid.php'); +@session_start(); +if ( isset($_SESSION['user']) && ($_SESSION['user']!='') ) { + // someone is already logged in + if ( isset($_GET['openid_mode']) && ($_GET['openid_mode']=='logout') ) { + // logout + $auth_html.='<p>'.$_SESSION['user'].' is now logged out</p>'; + $_SESSION['user']=''; + } else { + $auth_html.=' + <p>Currently logged in as '.$_SESSION['user'].'.</p> + <form action="" method="get"> + <input type="hidden" name="openid_mode" value="logout" /> + <input type="submit" value="Log Out" /> + </form> + '; + } +} else { + // not already logged in + try { + if(!isset($_GET['openid_mode'])) { + if(isset($_POST['openid_identifier'])) { + $openid = new LightOpenID; + $openid->identity = $_POST['openid_identifier']; + header('Location: ' . $openid->authUrl()); + } + $auth_html.=' + <form action="" method="post"> + OpenID: <input type="text" name="openid_identifier" /> <input type="submit" value="Submit" /> + </form> + '; + } elseif($_GET['openid_mode'] == 'cancel') { + $auth_html.='<p>User has canceled authentication!</p>'; + } else { + $openid = new LightOpenID; + if ($openid->validate()) { + // is logged in + global $users; + include_once('passwd.php'); + if (in_array($openid->identity,$users)) { + $_SESSION['user']=$openid->identity; + $auth_html.='<p>Welcome, '.$_SESSION['user'].'!</p>'; + } else { + $auth_html.='<p>Authentication was successful, but '.$openid->identity.' is not an authorized user.</p>'; + } + } else { + // is not logged in + $auth_html.='<p>User '.$openid->identity.' is not logged in </p>'; + } + } + } catch(ErrorException $e) { + $auth_html.=$e->getMessage(); + } +} +// END AUTH CODE /////////////////////////////////////////////////////////////// diff --git a/shell/no_magicquotes.php b/shell/no_magicquotes.php new file mode 100644 index 0000000..f6718eb --- /dev/null +++ b/shell/no_magicquotes.php @@ -0,0 +1,26 @@ +<?php +/* This was contributed by an awesome anonymous user in the comments section of + * the PHP manual on 17-Dec-2006 08:20 + */ +if (get_magic_quotes_gpc()) { + function undoMagicQuotes($array, $topLevel=true) { + $newArray = array(); + foreach($array as $key => $value) { + if (!$topLevel) { + $key = stripslashes($key); + } + if (is_array($value)) { + $newArray[$key] = undoMagicQuotes($value, false); + } + else { + $newArray[$key] = stripslashes($value); + } + } + return $newArray; + } + $_GET = undoMagicQuotes($_GET); + $_POST = undoMagicQuotes($_POST); + $_COOKIE = undoMagicQuotes($_COOKIE); + $_REQUEST = undoMagicQuotes($_REQUEST); +} +?> diff --git a/shell/passwd.php b/shell/passwd.php new file mode 100644 index 0000000..cf6fdaf --- /dev/null +++ b/shell/passwd.php @@ -0,0 +1,6 @@ +<?php global $users; $users = array ( + +'http://10.10.24.64/1/', // Luke Shumaker (at home) +'http://lukeshu.ath.cx/1/' // Luke Shumaker (not at home) + +); ?> diff --git a/shell/phpshell.php b/shell/phpshell.php deleted file mode 100644 index 34a651b..0000000 --- a/shell/phpshell.php +++ /dev/null @@ -1,550 +0,0 @@ -<?php // -*- coding: utf-8 -*-
-
-define('PHPSHELL_VERSION', '2.2');
-/*
-
- **************************************************************
- * PHP Shell *
- **************************************************************
-
- PHP Shell is an interactive PHP script that will execute any command
- entered. See the files README, INSTALL, and SECURITY or
- http://phpshell.sourceforge.net/ for further information.
-
- Copyright (C) 2000-2010 the Phpshell-team
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License
- as published by the Free Software Foundation; either version 2
- of the License, or (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You can get a copy of the GNU General Public License from this
- address: http://www.gnu.org/copyleft/gpl.html#SEC1
- You can also write to the Free Software Foundation, Inc., 59 Temple
- Place - Suite 330, Boston, MA 02111-1307, USA.
-
-*/
-
-/* There are no user-configurable settings in this file anymore, please see
- * config.php instead. */
-
-header("Content-Type: text/html; charset=utf-8");
-
-/* This error handler will turn all notices, warnings, and errors into fatal
- * errors, unless they have been suppressed with the @-operator. */
-function error_handler($errno, $errstr, $errfile, $errline, $errcontext) {
- /* The @-operator (used with chdir() below) temporarely makes
- * error_reporting() return zero, and we don't want to die in that case.
- * We do note the error in the output, though. */
- if (error_reporting() == 0) {
- $_SESSION['output'] .= $errstr . "\n";
- } else {
- die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
- "http://www.w3.org/TR/html4/strict.dtd">
-<html>
-<head>
- <title>PHP Shell ' . PHPSHELL_VERSION . '</title>
- <meta http-equiv="Content-Script-Type" content="text/javascript">
- <meta http-equiv="Content-Style-Type" content="text/css">
- <meta name="generator" content="phpshell">
- <link rel="stylesheet" href="style.css" type="text/css">
-</head>
-<body>
- <h1>Fatal Error!</h1>
- <p><b>' . $errstr . '</b></p>
- <p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p>
-
- <hr>
-
- <p>Please consult the <a href="README">README</a>, <a
- href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
- instruction on how to use PHP Shell.</p>
-
- <hr>
-
- <address>
- Copyright © 2000–2010, the Phpshell-team. Get the latest
- version at <a
- href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
- </address>
-
-</body>
-</html>');
- }
-}
-
-/* Installing our error handler makes PHP die on even the slightest problem.
- * This is what we want in a security critical application like this. */
-set_error_handler('error_handler');
-
-
-function logout() {
- /* Empty the session data, except for the 'authenticated' entry which the
- * rest of the code needs to be able to check. */
- $_SESSION = array('authenticated' => false);
-
- /* Unset the client's cookie, if it has one. */
-// if (isset($_COOKIE[session_name()]))
-// setcookie(session_name(), '', time()-42000, '/');
-
- /* Destroy the session data on the server. This prevents the simple
- * replay attach where one uses the back button to re-authenticate using
- * the old POST data since the server wont know the session then.*/
-// session_destroy();
-}
-
-/* Clear history */
-function clear()
-{
- $_SESSION['output'] = '';
-}
-
-function stripslashes_deep($value) {
- if (is_array($value))
- return array_map('stripslashes_deep', $value);
- else
- return stripslashes($value);
-}
-
-if (get_magic_quotes_gpc())
- $_POST = stripslashes_deep($_POST);
-
-/* Initialize some variables we need again and again. */
-$username = isset($_POST['username']) ? $_POST['username'] : '';
-$password = isset($_POST['password']) ? $_POST['password'] : '';
-$nounce = isset($_POST['nounce']) ? $_POST['nounce'] : '';
-
-$command = isset($_POST['command']) ? $_POST['command'] : '';
-$rows = isset($_POST['rows']) ? $_POST['rows'] : 24;
-$columns = isset($_POST['columns']) ? $_POST['columns'] : 80;
-
-
-/* Load the configuration. */
-$ini = parse_ini_file('config.php', true);
-
-if (empty($ini['settings']))
- $ini['settings'] = array();
-
-/* Default settings --- these settings should always be set to something. */
-$default_settings = array('home-directory' => '.');
-$showeditor = false;
-
-/* Merge settings. */
-$ini['settings'] = array_merge($default_settings, $ini['settings']);
-
-session_start();
-
-/* Delete the session data if the user requested a logout. This leaves the
- * session cookie at the user, but this is not important since we
- * authenticates on $_SESSION['authenticated']. */
-if (isset($_POST['logout']))
- logout();
-
-/* Delete history if submitted */
-if (isset($_POST['clear']))
- clear();
-
-/* Attempt authentication. */
-if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce'] &&
- isset($ini['users'][$username])) {
- if (strchr($ini['users'][$username], ':') === false) {
- // No seperator found, assume this is a password in clear text.
- $_SESSION['authenticated'] = ($ini['users'][$username] == $password);
- } else {
- list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]);
- $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash);
- }
-}
-
-
-/* Enforce default non-authenticated state if the above code didn't set it
- * already. */
-if (!isset($_SESSION['authenticated']))
- $_SESSION['authenticated'] = false;
-
-
-if ($_SESSION['authenticated']) {
- /* Initialize the session variables. */
- if (empty($_SESSION['cwd'])) {
- $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
- $_SESSION['history'] = array();
- $_SESSION['output'] = '';
- }
- /* Clicked on one of the directory links in the working directory - ignore the command */
- if (isset($_POST['levelup'])) {
- $levelup = $_POST['levelup'] ;
- while ($levelup > 0) {
- $command = '' ; /* ignore the command */
- $_SESSION['cwd'] = dirname($_SESSION['cwd']) ;
- $levelup -- ;
- }
- }
- /* Selected a new subdirectory as working directory - ignore the command */
- if (isset($_POST['changedirectory'])) {
- $changedir= $_POST['changedirectory'];
- if (strlen($changedir) > 0) {
- if (@chdir($_SESSION['cwd'] . '/' . $changedir)) {
- $command = '' ; /* ignore the command */
- $_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir) ;
- }
- }
- }
-
- /* Save content from 'editor' */
- if(isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) {
- $filetoedit_handle = fopen($_POST["filetoedit"], "w");
- fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"]));
- fclose($filetoedit_handle);
- }
-
- if (!empty($command)) {
- /* Save the command for late use in the JavaScript. If the command is
- * already in the history, then the old entry is removed before the
- * new entry is put into the list at the front. */
- if (($i = array_search($command, $_SESSION['history'])) !== false)
- unset($_SESSION['history'][$i]);
-
- array_unshift($_SESSION['history'], $command);
-
- /* Now append the commmand to the output. */
- $_SESSION['output'] .= '$ ' . $command . "\n";
-
- /* Initialize the current working directory. */
- if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {
- $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
- } elseif (preg_match('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/', $command, $regs)) {
- /* The current command is a 'cd' command which we have to handle
- * as an internal shell command. */
-
- /* if the directory starts and ends with quotes ("), remove them -
- allows command like 'cd "abc def"' */
- if ((substr($regs[1],0,1) == '"') && (substr($regs[1],-1) =='"') ) {
- $regs[1] = substr($regs[1],1) ;
- $regs[1] = substr($regs[1],0,-1) ;
- }
-
- if ($regs[1]{0} == '/') {
- /* Absolute path, we use it unchanged. */
- $new_dir = $regs[1];
- } else {
- /* Relative path, we append it to the current working
- * directory. */
- $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
- }
-
- /* Transform '/./' into '/' */
- while (strpos($new_dir, '/./') !== false)
- $new_dir = str_replace('/./', '/', $new_dir);
-
- /* Transform '//' into '/' */
- while (strpos($new_dir, '//') !== false)
- $new_dir = str_replace('//', '/', $new_dir);
-
- /* Transform 'x/..' into '' */
- while (preg_match('|/\.\.(?!\.)|', $new_dir))
- $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
-
- if ($new_dir == '') $new_dir = '/';
-
- /* Try to change directory. */
- if (@chdir($new_dir)) {
- $_SESSION['cwd'] = $new_dir;
- } else {
- $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
- }
-
- } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]*$/', $command)) {
- /* You called 'editor' without a filename so you get an short help
- * on how to use the internal 'editor' command */
-
- $_SESSION['output'] .= " Syntax: editor filename\n (you forgot the filename)\n";
-
- } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]+([^;]+)$/', $command, $regs)) {
- /* This is a tiny editor which you can start with 'editor filename' */
- $filetoedit = $regs[1];
- if ($regs[1]{0} != '/') {
- /* relative path, add it to the current working directory.*/
- $filetoedit = $_SESSION['cwd'].'/'.$regs[1];
- } ;
- if(is_file(realpath($filetoedit)) || ! file_exists($filetoedit)) {
- $showeditor = true;
- if(file_exists(realpath($filetoedit)))
- $filetoedit = realpath($filetoedit);
- } else {
- $_SESSION['output'] .= " Syntax: editor filename\n (just regular or not existing files)\n";
- }
-
- } elseif (trim($command) == 'exit') {
- logout();
- } elseif (trim($command) == 'logout') {
- logout();
- } else {
-
- /* The command is not an internal command, so we execute it after
- * changing the directory and save the output. */
- chdir($_SESSION['cwd']);
-
- // We canot use putenv() in safe mode.
- if (!ini_get('safe_mode')) {
- // Advice programs (ls for example) of the terminal size.
- putenv('ROWS=' . $rows);
- putenv('COLUMNS=' . $columns);
- }
-
- /* Alias expansion. */
- $length = strcspn($command, " \t");
- $token = substr($command, 0, $length);
- if (isset($ini['aliases'][$token]))
- $command = $ini['aliases'][$token] . substr($command, $length);
-
- $io = array();
- $p = proc_open($command,
- array(1 => array('pipe', 'w'),
- 2 => array('pipe', 'w')),
- $io);
-
- /* Read output sent to stdout. */
- while (!feof($io[1])) {
- $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
- ENT_COMPAT, 'UTF-8');
- }
- /* Read output sent to stderr. */
- while (!feof($io[2])) {
- $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
- ENT_COMPAT, 'UTF-8');
- }
-
- fclose($io[1]);
- fclose($io[2]);
- proc_close($p);
- }
- }
-
- /* Build the command history for use in the JavaScript */
- if (empty($_SESSION['history'])) {
- $js_command_hist = '""';
- } else {
- $escaped = array_map('addslashes', $_SESSION['history']);
- $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
- }
-}
-
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
- "http://www.w3.org/TR/html4/strict.dtd">
-<html>
-<head>
- <title>PHP Shell <?php echo PHPSHELL_VERSION ?></title>
- <meta http-equiv="Content-Script-Type" content="text/javascript">
- <meta http-equiv="Content-Style-Type" content="text/css">
- <meta name="generator" content="phpshell">
- <link rel="stylesheet" href="style.css" type="text/css">
-
- <script type="text/javascript">
- <?php if ($_SESSION['authenticated'] && ! $showeditor) { ?>
-
- var current_line = 0;
- var command_hist = new Array(<?php echo $js_command_hist ?>);
- var last = 0;
-
- function key(e) {
- if (!e) var e = window.event;
-
- if (e.keyCode == 38 && current_line < command_hist.length-1) {
- command_hist[current_line] = document.shell.command.value;
- current_line++;
- document.shell.command.value = command_hist[current_line];
- }
-
- if (e.keyCode == 40 && current_line > 0) {
- command_hist[current_line] = document.shell.command.value;
- current_line--;
- document.shell.command.value = command_hist[current_line];
- }
-
- }
-
- function init() {
- document.shell.setAttribute("autocomplete", "off");
- document.shell.output.scrollTop = document.shell.output.scrollHeight;
- document.shell.command.focus()
- }
-
- <?php } elseif($_SESSION['authenticated'] && $showeditor) { ?>
-
- function init() {
- document.shell.filecontent.focus();
- }
-
- <?php } else { ?>
-
- function init() {
- document.shell.username.focus();
- }
-
- <?php } ?>
- function levelup(d) {
- document.shell.levelup.value=d ;
- document.shell.submit() ;
- }
- function changesubdir(d) {
- document.shell.changedirectory.value=document.shell.dirselected.value ;
- document.shell.submit() ;
- }
- </script>
-</head>
-
-<body onload="init()">
-
-<h1>PHP Shell <?php echo PHPSHELL_VERSION ?></h1>
-
-<form name="shell" action="<?php print($_SERVER['PHP_SELF']) ?>" method="post">
-<div><input name="levelup" id="levelup" type="hidden"></div>
-<div><input name="changedirectory" id="changedirectory" type="hidden"></div>
-<?php
-if (!$_SESSION['authenticated']) {
- /* Genereate a new nounce every time we preent the login page. This binds
- * each login to a unique hit on the server and prevents the simple replay
- * attack where one uses the back button in the browser to replay the POST
- * data from a login. */
- $_SESSION['nounce'] = mt_rand();
-
-?>
-
-<fieldset>
- <legend>Authentication</legend>
- <?php
- if (!empty($username))
- echo " <p class=\"error\">Login failed, please try again:</p>\n";
- else
- echo " <p>Please login:</p>\n";
- ?>
-
- <label for="username">Username:</label>
- <input name="username" id="username" type="text" value="<?php echo $username
- ?>"><br>
- <label for="password">Password:</label>
- <input name="password" id="password" type="password">
- <p><input type="submit" value="Login"></p>
- <input name="nounce" type="hidden" value="<?php echo $_SESSION['nounce']; ?>">
-
-</fieldset>
-
-<?php } else { /* Authenticated. */ ?>
-<fieldset>
- <legend><?php echo "Phpshell running on: " . $_SERVER['SERVER_NAME']; ?></legend>
-<p>Current Working Directory:
-<span class="pwd"><?php
- if( $showeditor ) {
- echo htmlspecialchars($_SESSION['cwd'], ENT_COMPAT, 'UTF-8') . '</span>';
- } else { /* normal mode - offer navigation via hyperlinks */
- $parts = explode('/', $_SESSION['cwd']);
-
- for($i=1; $i<count($parts); $i=$i+1) {
- echo '<a class="pwd" title="Change to this directory. Your command will not be executed." href="javascript:levelup(' . (count($parts)-$i) . ')">/</a>' ;
- echo htmlspecialchars($parts[$i], ENT_COMPAT, 'UTF-8') ;
- }
- echo '</span>';
- /* Now we make a list of the directories. */
- $dir_handle = opendir($_SESSION['cwd']);
- /* We store the output so that we can sort it later: */
- $options = array();
- /* Run through all the files and directories to find the dirs. */
- while ($dir = readdir($dir_handle)) {
- if (($dir != '.') and ($dir != '..') and is_dir($_SESSION['cwd'] . "/" . $dir)) {
- $options[$dir] = "<option value=\"/$dir\">$dir</option>";
- }
- }
- closedir($dir_handle);
- if (count($options)>0) {
- ksort($options);
- echo '<br><a href="javascript:changesubdir()">Change to subdirectory</a>: <select name="dirselected">';
- echo implode("\n", $options);
- echo '</select>';
- }
- }
-?>
-<br>
-
- <?php if(! $showeditor) { /* Outputs the 'terminal' without the editor */ ?>
-
-<div id="terminal">
-<textarea name="output" readonly="readonly" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">
-<?php
-$lines = substr_count($_SESSION['output'], "\n");
-$padding = str_repeat("\n", max(0, $rows+1 - $lines));
-echo rtrim($padding . $_SESSION['output']);
-?>
-</textarea>
-<p id="prompt">
- $ <input name="command" type="text"
- onkeyup="key(event)" size="<?php echo $columns-2 ?>" tabindex="1">
-</p>
-</div>
-
- <?php } else { /* Output the 'editor' */ ?>
- <?php print("You are editing this file: ".$filetoedit); ?>
-
-<div id="terminal">
-<textarea name="filecontent" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">
-<?php
- if(file_exists($filetoedit)) {
- print(htmlspecialchars(str_replace("%0D%0D%0A", "%0D%0A", file_get_contents($filetoedit))));
- }
-?>
-</textarea>
-</div>
-
-<?php } /* End of terminal */ ?>
-
-<p>
-<?php if(! $showeditor) { /* You can not resize the textarea while
- * the editor is 'running', because if you would
- * do so you would lose the changes you have
- * already made in the textarea since last saving */
-?>
- <span style="float: right">Size: <input type="text" name="rows" size="2"
- maxlength="3" value="<?php echo $rows ?>"> × <input type="text"
- name="columns" size="2" maxlength="3" value="<?php echo $columns
- ?>"></span>
-<?php } ?>
-
-
-<?php if(! $showeditor) { /* for normal 'non-editor-mode' */ ?>
-<input type="submit" value="Execute Command">
-<input type="submit" name="clear" value="Clear">
-<?php } else { /* for 'editor-mode' */ ?>
-<input type="hidden" name="filetoedit" id="filetoedit" value="<?php print($filetoedit) ?>">
-<input type="submit" value="Save and Exit">
-<input type="reset" value="Undo all Changes">
-<input type="submit" value="Exit without saving" onclick="javascript:document.getElementById('filetoedit').value='';return true;">
-<?php } ?>
-
- <input type="submit" name="logout" value="Logout">
-</p>
-</fieldset>
-
-<?php } ?>
-
-</form>
-
-<hr>
-
-<p>Please consult the <a href="README">README</a>, <a
-href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
-instruction on how to use PHP Shell.</p>
-<p>If you have not created accounts for phpshell, please use <a href="pwhash.php">pwhash.php</a> to create secure passwords.</p>
-
-<hr>
-<address>
-Copyright © 2000–2010, the Phpshell-team. Get the
-latest version at <a
-href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
-</address>
-</body>
-</html>
diff --git a/shell/pwhash.php b/shell/pwhash.php deleted file mode 100644 index 08e8171..0000000 --- a/shell/pwhash.php +++ /dev/null @@ -1,107 +0,0 @@ -<?php -/* - * pwhash.php file for PHP Shell - * Copyright (C) 2005-2010 the Phpshell-team - * Licensed under the GNU GPL. See the file COPYING for details. - * - */ - -define('PHPSHELL_VERSION', '2.2'); - -function stripslashes_deep($value) { - if (is_array($value)) - return array_map('stripslashes_deep', $value); - else - return stripslashes($value); -} - -if (get_magic_quotes_gpc()) - $_POST = stripslashes_deep($_POST); - -$username = isset($_POST['username']) ? $_POST['username'] : ''; -$password = isset($_POST['password']) ? $_POST['password'] : ''; - -?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" - "http://www.w3.org/TR/html4/strict.dtd"> -<html> -<head> - <title>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></title> - <meta http-equiv="Content-Script-Type" content="text/javascript"> - <meta http-equiv="Content-Style-Type" content="text/css"> - <meta name="generator" content="phpshell"> - <link rel="stylesheet" href="style.css" type="text/css"> -</head> - -<body> - -<h1>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></h1> - -<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST"> - -<fieldset> - <legend>Username</legend> - <input name="username" type="text" value="<?php echo $username ?>"> -</fieldset> - -<fieldset> - <legend>Password</legend> - <input name="password" type="text" value="<?php echo $password ?>"> -</fieldset> - -<fieldset> - <legend>Result</legend> - -<?php -if ($username == '' || $password == '') { - echo " <p><i>Enter a username and a password and update.</i></p>\n"; -} else { - - $u = strtolower($username); - - if (preg_match('/[[ |&~!()]/', $u) || $u == 'null' || - $u == 'yes' || $u == 'no' || $u == 'true' || $u == 'false') { - - echo ' <p class="error">Your username cannot contain any of the following reserved - word: "<tt>null</tt>", "<tt>yes</tt>", "<tt>no</tt>", "<tt>true</tt>", or - "<tt>false</tt>". The following characters are also prohibited: - "<tt> </tt>" (space), "<tt>[</tt>" (left bracket), "<tt>|</tt>" (pipe), - "<tt>&</tt>" (ampersand), "<tt>~</tt>" (tilde), "<tt>!</tt>" (exclamation - mark), "<tt>(</tt>" (left parenthesis), or "<tt>)</tt>" (right - parenthesis).</p>' . "\n"; - - echo ' <p>Please choose another username and try again.</p>' . "\n"; - - } else { - echo " <p>Write the following line into <tt>config.php</tt> " . - "in the <tt>users</tt> section:</p>\n"; - - if ( function_exists('sha1') ) { $fkt = 'sha1' ; } else { $fkt = 'md5' ; } ; - $salt = dechex(mt_rand()); - - $hash = $fkt . ':' . $salt . ':' . $fkt($salt . $password); - - echo "<pre>\n"; - echo htmlentities(str_pad($username, 8) . ' = "' . $hash . '"') . "\n"; - echo "</pre>\n"; - } -} -?> - -<p><input type="submit" value="Update"></p> - -</fieldset> - -</form> - - -<hr> - -<address> - Copyright © the Phpshell-team, please see <a href="AUTHORS">AUTHORS</a>. - This is PHP Shell <?php echo PHPSHELL_VERSION ?>, get the latest version at <a - href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>. -</address> - -</body> -</html> diff --git a/shell/shell.php b/shell/shell.php new file mode 100644 index 0000000..7ad8ae2 --- /dev/null +++ b/shell/shell.php @@ -0,0 +1,28 @@ +<?php if (!isset($LTS)) { die(); } + + include('exec.php'); + if (isset($_POST['stddest'])) { + $_POST['c'] = $_POST['stddest']; + } + if ($_POST['c'] == 'clear') { + $term = ''; + } else { + ob_start(); + echo $_POST['t']; + echo $_POST['c']."\n"; + php_exec($_POST['c'],$_POST['d']); + echo '$ '; + $term = ob_get_contents(); + ob_end_clean(); + } +?> +<div class="term"><?php + ?><form action="<?php echo $_SERVER['PHP_SELF'];?>#prompt" method="post"><?php + php_chdir('.'); + echo $term; + echo $sh; + ?><input id="prompt" type="text" name="c" /><?php + ?><textarea name="t" class="hidden" readonly="readonly"><?php echo preg_replace('/<[^>]*>/','',$term); ?></textarea><?php + ?></form><?php +?></div> +</form> diff --git a/shell/style.css b/shell/style.css index f84afb4..3206cc4 100644 --- a/shell/style.css +++ b/shell/style.css @@ -1,74 +1,41 @@ -/* style.css file for PHP Shell - * Copyright (C) 2003-2010 the Phpshell-team - * Licensed under the GNU GPL. See the file COPYING for details. - * - */ - body { - font-family: sans-serif; - color: black; - background: white; -} - -h1 { - color: red; - background: white; -} - -img { - border: none; -} - -div#terminal { - border: inset 2px red; - padding: 2px; - margin-top: 0.5em; -} - -div#terminal textarea { - font-size: 100%; - width: 100%; - border: none; -} - -p { - margin-top: 0.5em; - margin-bottom: 0.5em; -} - -p#prompt { - font-family: monospace; - margin: 0px; -} - -p#prompt input { - border: none; - font-family: monospace; -} - -legend { - padding-right: 0.5em; -} - -fieldset { - padding: 0.5em; -} - -.error { - color: red; -} - -div.warning { - background-color: rgb(255, 150, 150); - border: medium solid rgb(255, 60, 60); - padding: 0.5em; - margin: 0.25em; -} -.pwd { - font-family: monospace; - padding: 0.5em; - margin: 0.25em; -} -a.pwd { - font-weight: bold; + background-color: black; + color: white; +} +.login { + border: solid 2px white; + background: #555555; + position: fixed; + top: 0; right:0; +} +.term { + display:block; +} +.term, .term * { + background-color: black; + color: white; + white-space: pre-wrap; + font-family: monospace; + border: none; + font-size: 1em; +} +.hidden { + display:none; +} +.term input[type=text], +.term input[type=text]:focus { + height:1em; + width: 78em; + margin:0; padding:0; border:none; +} +.editor { + background: #AAAAAA; + padding:2em 1em; + width: 100%; + color: black; + height: 24em; +} +.editor textarea { width: 90%; height: 22em; } +form { + display: inline; } |