Fatal Error!

' . $errstr . '

in ' . $errfile . ', line ' . $errline . '.

Please consult the README, INSTALL, and SECURITY files for instruction on how to use PHP Shell.

'); } } /* Installing our error handler makes PHP die on even the slightest problem. * This is what we want in a security critical application like this. */ set_error_handler('error_handler'); function logout() { /* Empty the session data, except for the 'authenticated' entry which the * rest of the code needs to be able to check. */ $_SESSION = array('authenticated' => false); /* Unset the client's cookie, if it has one. */ // if (isset($_COOKIE[session_name()])) // setcookie(session_name(), '', time()-42000, '/'); /* Destroy the session data on the server. This prevents the simple * replay attach where one uses the back button to re-authenticate using * the old POST data since the server wont know the session then.*/ // session_destroy(); } /* Clear history */ function clear() { $_SESSION['output'] = ''; } function stripslashes_deep($value) { if (is_array($value)) return array_map('stripslashes_deep', $value); else return stripslashes($value); } if (get_magic_quotes_gpc()) $_POST = stripslashes_deep($_POST); /* Initialize some variables we need again and again. */ $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $nounce = isset($_POST['nounce']) ? $_POST['nounce'] : ''; $command = isset($_POST['command']) ? $_POST['command'] : ''; $rows = isset($_POST['rows']) ? $_POST['rows'] : 24; $columns = isset($_POST['columns']) ? $_POST['columns'] : 80; /* Load the configuration. */ $ini = parse_ini_file('config.php', true); if (empty($ini['settings'])) $ini['settings'] = array(); /* Default settings --- these settings should always be set to something. */ $default_settings = array('home-directory' => '.'); $showeditor = false; /* Merge settings. */ $ini['settings'] = array_merge($default_settings, $ini['settings']); session_start(); /* Delete the session data if the user requested a logout. This leaves the * session cookie at the user, but this is not important since we * authenticates on $_SESSION['authenticated']. */ if (isset($_POST['logout'])) logout(); /* Delete history if submitted */ if (isset($_POST['clear'])) clear(); /* Attempt authentication. */ if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce'] && isset($ini['users'][$username])) { if (strchr($ini['users'][$username], ':') === false) { // No seperator found, assume this is a password in clear text. $_SESSION['authenticated'] = ($ini['users'][$username] == $password); } else { list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]); $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash); } } /* Enforce default non-authenticated state if the above code didn't set it * already. */ if (!isset($_SESSION['authenticated'])) $_SESSION['authenticated'] = false; if ($_SESSION['authenticated']) { /* Initialize the session variables. */ if (empty($_SESSION['cwd'])) { $_SESSION['cwd'] = realpath($ini['settings']['home-directory']); $_SESSION['history'] = array(); $_SESSION['output'] = ''; } /* Clicked on one of the directory links in the working directory - ignore the command */ if (isset($_POST['levelup'])) { $levelup = $_POST['levelup'] ; while ($levelup > 0) { $command = '' ; /* ignore the command */ $_SESSION['cwd'] = dirname($_SESSION['cwd']) ; $levelup -- ; } } /* Selected a new subdirectory as working directory - ignore the command */ if (isset($_POST['changedirectory'])) { $changedir= $_POST['changedirectory']; if (strlen($changedir) > 0) { if (@chdir($_SESSION['cwd'] . '/' . $changedir)) { $command = '' ; /* ignore the command */ $_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir) ; } } } /* Save content from 'editor' */ if(isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) { $filetoedit_handle = fopen($_POST["filetoedit"], "w"); fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"])); fclose($filetoedit_handle); } if (!empty($command)) { /* Save the command for late use in the JavaScript. If the command is * already in the history, then the old entry is removed before the * new entry is put into the list at the front. */ if (($i = array_search($command, $_SESSION['history'])) !== false) unset($_SESSION['history'][$i]); array_unshift($_SESSION['history'], $command); /* Now append the commmand to the output. */ $_SESSION['output'] .= '$ ' . $command . "\n"; /* Initialize the current working directory. */ if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) { $_SESSION['cwd'] = realpath($ini['settings']['home-directory']); } elseif (preg_match('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/', $command, $regs)) { /* The current command is a 'cd' command which we have to handle * as an internal shell command. */ /* if the directory starts and ends with quotes ("), remove them - allows command like 'cd "abc def"' */ if ((substr($regs[1],0,1) == '"') && (substr($regs[1],-1) =='"') ) { $regs[1] = substr($regs[1],1) ; $regs[1] = substr($regs[1],0,-1) ; } if ($regs[1]{0} == '/') { /* Absolute path, we use it unchanged. */ $new_dir = $regs[1]; } else { /* Relative path, we append it to the current working * directory. */ $new_dir = $_SESSION['cwd'] . '/' . $regs[1]; } /* Transform '/./' into '/' */ while (strpos($new_dir, '/./') !== false) $new_dir = str_replace('/./', '/', $new_dir); /* Transform '//' into '/' */ while (strpos($new_dir, '//') !== false) $new_dir = str_replace('//', '/', $new_dir); /* Transform 'x/..' into '' */ while (preg_match('|/\.\.(?!\.)|', $new_dir)) $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir); if ($new_dir == '') $new_dir = '/'; /* Try to change directory. */ if (@chdir($new_dir)) { $_SESSION['cwd'] = $new_dir; } else { $_SESSION['output'] .= "cd: could not change to: $new_dir\n"; } } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]*$/', $command)) { /* You called 'editor' without a filename so you get an short help * on how to use the internal 'editor' command */ $_SESSION['output'] .= " Syntax: editor filename\n (you forgot the filename)\n"; } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]+([^;]+)$/', $command, $regs)) { /* This is a tiny editor which you can start with 'editor filename' */ $filetoedit = $regs[1]; if ($regs[1]{0} != '/') { /* relative path, add it to the current working directory.*/ $filetoedit = $_SESSION['cwd'].'/'.$regs[1]; } ; if(is_file(realpath($filetoedit)) || ! file_exists($filetoedit)) { $showeditor = true; if(file_exists(realpath($filetoedit))) $filetoedit = realpath($filetoedit); } else { $_SESSION['output'] .= " Syntax: editor filename\n (just regular or not existing files)\n"; } } elseif (trim($command) == 'exit') { logout(); } elseif (trim($command) == 'logout') { logout(); } else { /* The command is not an internal command, so we execute it after * changing the directory and save the output. */ chdir($_SESSION['cwd']); // We canot use putenv() in safe mode. if (!ini_get('safe_mode')) { // Advice programs (ls for example) of the terminal size. putenv('ROWS=' . $rows); putenv('COLUMNS=' . $columns); } /* Alias expansion. */ $length = strcspn($command, " \t"); $token = substr($command, 0, $length); if (isset($ini['aliases'][$token])) $command = $ini['aliases'][$token] . substr($command, $length); $io = array(); $p = proc_open($command, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io); /* Read output sent to stdout. */ while (!feof($io[1])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[1]), ENT_COMPAT, 'UTF-8'); } /* Read output sent to stderr. */ while (!feof($io[2])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'UTF-8'); } fclose($io[1]); fclose($io[2]); proc_close($p); } } /* Build the command history for use in the JavaScript */ if (empty($_SESSION['history'])) { $js_command_hist = '""'; } else { $escaped = array_map('addslashes', $_SESSION['history']); $js_command_hist = '"", "' . implode('", "', $escaped) . '"'; } } ?> PHP Shell <?php echo PHPSHELL_VERSION ?>

PHP Shell

Authentication Login failed, please try again:

\n"; else echo "

Please login:

\n"; ?> Username:
Password:

Current Working Directory: '; } else { /* normal mode - offer navigation via hyperlinks */ $parts = explode('/', $_SESSION['cwd']); for($i=1; $i/' ; echo htmlspecialchars($parts[$i], ENT_COMPAT, 'UTF-8') ; } echo ''; /* Now we make a list of the directories. */ $dir_handle = opendir($_SESSION['cwd']); /* We store the output so that we can sort it later: */ $options = array(); /* Run through all the files and directories to find the dirs. */ while ($dir = readdir($dir_handle)) { if (($dir != '.') and ($dir != '..') and is_dir($_SESSION['cwd'] . "/" . $dir)) { $options[$dir] = ""; } } closedir($dir_handle); if (count($options)>0) { ksort($options); echo '
Change to subdirectory: '; } } ?>

<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $rows+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>

Size: ×

Please consult the README, INSTALL, and SECURITY files for instruction on how to use PHP Shell.

If you have not created accounts for phpshell, please use pwhash.php to create secure passwords.