HC.php 29 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000
  1. <?php
  2. /**
  3. * Copyright 2021, 2024 5 Mode
  4. *
  5. * This file is part of Http Console.
  6. *
  7. * Http Console is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation, either version 3 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * Http Console is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with Http Console. If not, see <https://www.gnu.org/licenses/>.
  19. *
  20. * HC.php
  21. *
  22. * Http Console home page.
  23. *
  24. * @author Daniele Bonini <my25mb@aol.com>
  25. * @copyrights (c) 2021, 2024, 5 Mode
  26. */
  27. require "HC_init.inc";
  28. $cmdHistory = [];
  29. $cmd = HC_STR;
  30. $opt = HC_STR;
  31. $param1 = HC_STR;
  32. $param2 = HC_STR;
  33. $param3 = HC_STR;
  34. $cmdRecallHistory = [];
  35. function showHistory() {
  36. global $cmdHistory;
  37. $i = 1;
  38. foreach($cmdHistory as $val) {
  39. echo(str_replace("\n", "<br>", $val));
  40. $i++;
  41. }
  42. }
  43. function updateHistory(&$update, $maxItems) {
  44. global $cmdHistory;
  45. // Making enough space in $cmdHistory for the update..
  46. $shift = (count($cmdHistory) + count($update)) - $maxItems;
  47. if ($shift > 0) {
  48. $cmdHistory = array_slice($cmdHistory, $shift, $maxItems);
  49. }
  50. // Adding $cmdHistory update..
  51. if (count($update) > $maxItems) {
  52. $beginUpd = count($update) - ($maxItems-1);
  53. } else {
  54. $beginUpd = 0;
  55. }
  56. $update = array_slice($update, $beginUpd, $maxItems);
  57. foreach($update as $val) {
  58. $cmdHistory[] = $val;
  59. }
  60. // Writing out $cmdHistory on disk..
  61. $filepath = HC_APP_PATH . HC_SLASH . ".HC_history";
  62. file_put_contents($filepath, implode('', $cmdHistory));
  63. }
  64. function loadRecallHistory() {
  65. global $cmdRecallHistory;
  66. $tmpcmdRecallHistory = file(HC_APP_PATH . HC_SLASH . ".HC_Recallhistory");
  67. foreach($tmpcmdRecallHistory as $val) {
  68. $cmdRecallHistory[left($val, strlen($val)-1)]=$val;
  69. }
  70. }
  71. function updateRecallHistory($update, $maxItems) {
  72. global $cmdRecallHistory;
  73. if (!array_key_exists($update, $cmdRecallHistory)) {
  74. // Making enough space in $cmdHistory for the update..
  75. $shift = (count($cmdRecallHistory) + 1) - $maxItems;
  76. if ($shift > 0) {
  77. $cmdRecallHistory = array_slice($cmdRecallHistory, $shift, $maxItems);
  78. }
  79. $cmdRecallHistory[$update] = $update . "\n";
  80. }
  81. // Writing out $cmdRecallHistory on disk..
  82. $filepath = HC_APP_PATH . HC_SLASH . ".HC_Recallhistory";
  83. file_put_contents($filepath, implode('', $cmdRecallHistory));
  84. }
  85. function updateHistoryWithErr(string $err, bool $withCommand = true)
  86. {
  87. global $prompt;
  88. global $command;
  89. $output = [];
  90. if ($withCommand) {
  91. $output[] = $prompt . " " . $command . "\n";
  92. }
  93. $output[] = "$err\n";
  94. updateHistory($output, HC_HISTORY_MAX_ITEMS);
  95. }
  96. function myExecCommand() {
  97. global $prompt;
  98. global $command;
  99. // Exec command..
  100. $output = [];
  101. $output[] = $prompt . " " . $command . "\n";
  102. exec($command, $output);
  103. // Update history..
  104. foreach ($output as &$val) {
  105. if (right($val,1)!="\n") {
  106. $val = $val . "\n";
  107. }
  108. }
  109. updateRecallHistory($command, HC_RECALL_HISTORY_MAX_ITEMS);
  110. updateHistory($output, HC_HISTORY_MAX_ITEMS);
  111. }
  112. function myExecCopy() {
  113. global $prompt;
  114. global $command;
  115. global $param1;
  116. global $param2;
  117. // Exec command..
  118. $output = [];
  119. $output[] = $prompt . " " . $command . "\n";
  120. copy($param1, $param2);
  121. // Update history..
  122. foreach ($output as &$val) {
  123. if (right($val,1)!="\n") {
  124. $val = $val . "\n";
  125. }
  126. }
  127. updateRecallHistory($command, HC_RECALL_HISTORY_MAX_ITEMS);
  128. updateHistory($output, HC_HISTORY_MAX_ITEMS);
  129. }
  130. function myExecCDFolderCommand() {
  131. global $prompt;
  132. global $command;
  133. global $param1;
  134. global $curPath;
  135. // Exec command..
  136. $output = [];
  137. $output[] = $prompt . " " . $command . "\n";
  138. //exec($command, $output);
  139. $newPath = $curPath . HC_SLASH . $param1;
  140. chdir($newPath);
  141. $curPath = $newPath;
  142. $curDir = $param1;
  143. // Creating the Download folder if doesn't exist..
  144. $downloadPath = $curPath . HC_SLASH . ".HCdownloads";
  145. if (!file_exists($downloadPath)) {
  146. //copy(HC_APP_STAGE_PATH . HC_SLASH . ".HCsampledir", $downloadPath);
  147. $mycmd = "cp -Rp " . HC_APP_STAGE_PATH . HC_SLASH . ".HCsampledir" . " " . $downloadPath;
  148. $myret = exec($mycmd);
  149. }
  150. $prompt = str_replace("$1", $curDir, HC_APP_PROMPT);
  151. // Update history..
  152. foreach ($output as &$val) {
  153. if (right($val,1)!="\n") {
  154. $val = $val . "\n";
  155. }
  156. }
  157. updateRecallHistory($command, HC_RECALL_HISTORY_MAX_ITEMS);
  158. updateHistory($output, HC_HISTORY_MAX_ITEMS);
  159. }
  160. function myExecCDBackwCommand() {
  161. global $prompt;
  162. global $command;
  163. global $curPath;
  164. // Exec command..
  165. $output = [];
  166. $output[] = $prompt . " " . $command . "\n";
  167. //exec($command, $output);
  168. $ipos = strripos($curPath, HC_SLASH);
  169. $newPath = substr($curPath, 0, $ipos);
  170. chdir($newPath);
  171. $curPath = getcwd();
  172. $ipos = strripos($curPath, HC_SLASH);
  173. $curDir = substr($curPath, $ipos);
  174. $prompt = str_replace("$1", $curDir, HC_APP_PROMPT);
  175. // Update history..
  176. foreach ($output as &$val) {
  177. if (right($val,1)!="\n") {
  178. $val = $val . "\n";
  179. }
  180. }
  181. updateRecallHistory($command, HC_RECALL_HISTORY_MAX_ITEMS);
  182. updateHistory($output, HC_HISTORY_MAX_ITEMS);
  183. }
  184. function myExecLSCommand() {
  185. global $prompt;
  186. global $command;
  187. global $curPath;
  188. $downloadPath = $curPath . HC_SLASH . ".HCdownloads";
  189. // Exec command..
  190. $output = [];
  191. $output[] = $prompt . " " . $command . "\n";
  192. exec($command, $output);
  193. // Creating the Download path for the current folder..
  194. if (!file_exists($downloadPath)) {
  195. //copy(HC_APP_STAGE_PATH . HC_SLASH . ".HCsampledir", $downloadPath);
  196. $mycmd = "cp -Rp " . HC_APP_STAGE_PATH . HC_SLASH . ".HCsampledir" . " " . $downloadPath;
  197. $myret=exec($mycmd);
  198. }
  199. // Cleaning the Download folder..
  200. if (file_exists($downloadPath)) {
  201. $files1 = scandir($downloadPath);
  202. foreach($files1 as $file) {
  203. if (!is_dir($downloadPath . HC_SLASH . $file) && $file !== "." && $file !== "..") {
  204. unlink($downloadPath . HC_SLASH . $file);
  205. }
  206. }
  207. }
  208. // Update history..
  209. foreach ($output as &$val) {
  210. if ($val === $prompt . " " . $command . "\n") {
  211. } else {
  212. if (right($val,1)==="\n") {
  213. $val = left($val, strlen($val)-1);
  214. }
  215. // Creating the tmp download for the file entry and generating the virtual path..
  216. $virtualPath = HC_STR;
  217. if (file_exists($downloadPath)) {
  218. if (!is_dir($curPath . HC_SLASH . $val) && filesize($curPath . HC_SLASH . $val)<=651000) {
  219. $fileext = strtolower(pathinfo($val, PATHINFO_EXTENSION));
  220. if ($fileext === "php" || $fileext === "inc") {
  221. copy($curPath . HC_SLASH . $val, $downloadPath . HC_SLASH . $val . ".hcd");
  222. $virtualPath = getVirtualPath($downloadPath . HC_SLASH . $val . ".hcd");
  223. } else {
  224. copy($curPath . HC_SLASH . $val, $downloadPath . HC_SLASH . $val);
  225. $virtualPath = getVirtualPath($downloadPath . HC_SLASH . $val);
  226. }
  227. }
  228. } else {
  229. $virtualPath=HC_STR;
  230. }
  231. if ($virtualPath!==HC_STR) {
  232. $val = "<a href='$virtualPath'>" . $val . "</a>\n";
  233. } else {
  234. $val = $val . "\n";
  235. }
  236. }
  237. }
  238. updateRecallHistory($command, HC_RECALL_HISTORY_MAX_ITEMS);
  239. updateHistory($output, HC_HISTORY_MAX_ITEMS);
  240. }
  241. function myExecHelpCommand() {
  242. global $prompt;
  243. global $command;
  244. // Exec command..
  245. $output = [];
  246. $output[] = $prompt . " " . $command . "\n";
  247. //exec($command, $output);
  248. //cd, cd.., cp, cp -p, cp -R, help, ls, ls -lsa, mv, pwd
  249. $output[] = "Copyright 2021, 2024 5 Mode" . "\n";
  250. $output[] = "Http Console is licensed GNUv3" . "\n";
  251. $output[] = "" . "\n";
  252. $output[] = "Supported commands are:" . "\n";
  253. $output[] = "cd" . "\n";
  254. $output[] = "cd .." . "\n";
  255. $output[] = "cp" . "\n";
  256. $output[] = "cp -p" . "\n";
  257. $output[] = "cp -R" . "\n";
  258. $output[] = "help" . "\n";
  259. $output[] = "ls" . "\n";
  260. $output[] = "ls -lsa" . "\n";
  261. $output[] = "mv" . "\n";
  262. $output[] = "pwd" . "\n";
  263. $output[] = "\n";
  264. $output[] = "Thx for using Http Console! :)" . "\n";
  265. $output[] = "\n";
  266. // Update History
  267. updateRecallHistory($command, HC_RECALL_HISTORY_MAX_ITEMS);
  268. updateHistory($output, HC_HISTORY_MAX_ITEMS);
  269. }
  270. function myExecPWDCommand() {
  271. global $prompt;
  272. global $command;
  273. global $curPath;
  274. // Exec command..
  275. $output = [];
  276. $output[] = $prompt . " " . $command . "\n";
  277. exec($command, $output);
  278. // Update history..
  279. foreach ($output as &$val) {
  280. if (mb_stripos("~".$val,HC_APP_STAGE_PATH)) {
  281. $val = str_replace(dirname(HC_APP_STAGE_PATH), "~ ", $val) . "\n";
  282. }
  283. }
  284. updateRecallHistory($command, HC_RECALL_HISTORY_MAX_ITEMS);
  285. updateHistory($output, HC_HISTORY_MAX_ITEMS);
  286. }
  287. function parseCommand() {
  288. global $command;
  289. global $cmd;
  290. global $opt;
  291. global $param1;
  292. global $param2;
  293. global $param3;
  294. $str = trim($command);
  295. $ipos = stripos($str, HC_SPACE);
  296. if ($ipos > 0) {
  297. $cmd = left($str, $ipos);
  298. $str = substr($str, $ipos+1);
  299. } else {
  300. $cmd = $str;
  301. return;
  302. }
  303. if (left($str, 1) === "-") {
  304. $ipos = stripos($str, HC_SPACE);
  305. if ($ipos > 0) {
  306. $opt = left($str, $ipos);
  307. $str = substr($str, $ipos+1);
  308. } else {
  309. $opt = $str;
  310. return;
  311. }
  312. }
  313. $ipos = stripos($str, HC_SPACE);
  314. if ($ipos > 0) {
  315. $param1 = left($str, $ipos);
  316. $str = substr($str, $ipos+1);
  317. } else {
  318. $param1 = $str;
  319. return;
  320. }
  321. $ipos = stripos($str, HC_SPACE);
  322. if ($ipos > 0) {
  323. $param2 = left($str, $ipos);
  324. $str = substr($str, $ipos+1);
  325. } else {
  326. $param2 = $str;
  327. return;
  328. }
  329. $ipos = stripos($str, HC_SPACE);
  330. if ($ipos > 0) {
  331. $param3 = left($str, $ipos);
  332. $str = substr($str, $ipos+1);
  333. } else {
  334. $param3 = $str;
  335. return;
  336. }
  337. }
  338. function cdparamValidation() {
  339. global $curPath;
  340. global $opt;
  341. global $param1;
  342. global $param2;
  343. global $param3;
  344. //opt==""
  345. if ($opt!=HC_STR) {
  346. updateHistoryWithErr("invalid options");
  347. return false;
  348. }
  349. //param1==""
  350. if ($param1===HC_STR) {
  351. updateHistoryWithErr("invalid parameters");
  352. return false;
  353. }
  354. //param1!="" and !isword
  355. if (($param1!==HC_STR) && !is_word($param1)) {
  356. updateHistoryWithErr("invalid dir");
  357. return false;
  358. }
  359. //param2==""
  360. if ($param2!==HC_STR) {
  361. updateHistoryWithErr("invalid parameters");
  362. return false;
  363. }
  364. //param3==""
  365. if ($param3!=HC_STR) {
  366. updateHistoryWithErr("invalid parameters");
  367. return false;
  368. }
  369. //param1 exist and is_dir
  370. $path = $curPath . HC_SLASH . $param1;
  371. if (!file_exists($path) || !is_dir($path)) {
  372. updateHistoryWithErr("dir doesn't exist");
  373. return false;
  374. }
  375. return true;
  376. }
  377. function is_subfolderdest(string $path): bool
  378. {
  379. global $curPath;
  380. $ret=false;
  381. if ($path === "../") {
  382. return $ret;
  383. }
  384. if ($path!=HC_STR) {
  385. $folderName = left($path, strlen($path)-1);
  386. if (!is_word($folderName)) {
  387. return $ret;
  388. }
  389. if (is_dir($curPath . HC_SLASH . $folderName) && (right($path,1)==="/")) {
  390. $ret=true;
  391. }
  392. }
  393. return $ret;
  394. }
  395. function cpparamValidation() {
  396. global $curPath;
  397. global $opt;
  398. global $param1;
  399. global $param2;
  400. global $param3;
  401. //opt!="" and opt!="-R" and opt!="-Rp"
  402. if (($opt!==HC_STR) && ($opt!=="-R") && ($opt!=="-Rp") && ($opt!=="-p")) {
  403. updateHistoryWithErr("invalid options");
  404. return false;
  405. }
  406. //param1!="" and isword
  407. if (($param1===HC_STR) || !is_word($param1)) {
  408. updateHistoryWithErr("invalid source path");
  409. return false;
  410. }
  411. //param2!="" and (isword or param2=="../" or is_subfolderdest)
  412. if (($param2===HC_STR) || (!is_word($param2) && ($param2!="../") && !is_subfolderdest($param2))) {
  413. updateHistoryWithErr("invalid destination path");
  414. return false;
  415. }
  416. //param3==""
  417. if ($param3!=HC_STR) {
  418. updateHistoryWithErr("invalid parameters");
  419. return false;
  420. }
  421. //param1 != param2
  422. if ($param1 === $param2) {
  423. updateHistoryWithErr("source same as destination");
  424. return false;
  425. }
  426. //param1 exist
  427. $path = $curPath . HC_SLASH . $param1;
  428. if (!file_exists($path)) {
  429. updateHistoryWithErr("source must exists");
  430. return false;
  431. }
  432. //isword(param2) && doesn't exist
  433. if (is_word($param2)) {
  434. $path = $curPath . HC_SLASH . $param2;
  435. if (file_exists($path)) {
  436. updateHistoryWithErr("destination already exists");
  437. return false;
  438. }
  439. }
  440. // param2=="../" && is_root
  441. // param2=="../" && dest exists
  442. if ($param2==="../") {
  443. if ($curPath === HC_APP_STAGE_PATH) {
  444. updateHistoryWithErr("out of root boundary");
  445. return false;
  446. }
  447. $path = dirname($curPath) . HC_SLASH . $param1;
  448. if (file_exists($path)) {
  449. updateHistoryWithErr("destination already exists");
  450. return false;
  451. }
  452. }
  453. return true;
  454. }
  455. function mvparamValidation() {
  456. global $curPath;
  457. global $opt;
  458. global $param1;
  459. global $param2;
  460. global $param3;
  461. //opt!="" and opt!="-R"
  462. if ($opt!=HC_STR) {
  463. updateHistoryWithErr("invalid options");
  464. return false;
  465. }
  466. //param1!="" and isword
  467. if (($param1===HC_STR) || !is_word($param1)) {
  468. updateHistoryWithErr("invalid source path");
  469. return false;
  470. }
  471. //param2!="" and (isword or param2=="../" or is_subfolderdest)
  472. if (($param2===HC_STR) || (!is_word($param2) && ($param2!="../") && !is_subfolderdest($param2))) {
  473. updateHistoryWithErr("invalid destination path");
  474. return false;
  475. }
  476. //param3!=""
  477. if ($param3!=HC_STR) {
  478. updateHistoryWithErr("invalid parameters");
  479. return false;
  480. }
  481. //param1 != param2
  482. if ($param1 === $param2) {
  483. updateHistoryWithErr("source same as destination");
  484. return false;
  485. }
  486. //param1 exist
  487. $path = $curPath . HC_SLASH . $param1;
  488. if (!file_exists($path)) {
  489. updateHistoryWithErr("source must exists");
  490. return false;
  491. }
  492. //isword(param2) && doesn't exist
  493. if (is_word($param2)) {
  494. $path = $curPath . HC_SLASH . $param2;
  495. if (file_exists($path)) {
  496. updateHistoryWithErr("destination already exists");
  497. return false;
  498. }
  499. }
  500. // param2=="../" && is_root
  501. // param2=="../" && dest exists
  502. if ($param2==="../") {
  503. if ($curPath === HC_APP_STAGE_PATH) {
  504. updateHistoryWithErr("out of root boundary");
  505. return false;
  506. }
  507. $path = dirname($curPath) . HC_SLASH . $param1;
  508. if (file_exists($path)) {
  509. updateHistoryWithErr("destination already exists");
  510. return false;
  511. }
  512. }
  513. return true;
  514. }
  515. function upload() {
  516. global $curPath;
  517. global $prompt;
  518. //if (!empty($_FILES['files'])) {
  519. if (!empty($_FILES['files']['tmp_name'][0])) {
  520. // Updating history..
  521. $output = [];
  522. $output[] = $prompt . " " . "File upload" . "\n";
  523. updateHistory($output, HC_HISTORY_MAX_ITEMS);
  524. $uploads = (array)fixMultipleFileUpload($_FILES['files']);
  525. //no file uploaded
  526. if ($uploads[0]['error'] === HC_UPLOAD_ERR_NO_FILE) {
  527. updateHistoryWithErr("No file uploaded.", false);
  528. return;
  529. }
  530. foreach($uploads as &$upload) {
  531. switch ($upload['error']) {
  532. case HC_UPLOAD_ERR_OK:
  533. break;
  534. case HC_UPLOAD_ERR_NO_FILE:
  535. updateHistoryWithErr("One or more uploaded files are missing.", false);
  536. return;
  537. case HC_UPLOAD_ERR_INI_SIZE:
  538. updateHistoryWithErr("File exceeded INI size limit.", false);
  539. return;
  540. case HC_UPLOAD_ERR_FORM_SIZE:
  541. updateHistoryWithErr("File exceeded form size limit.", false);
  542. return;
  543. case HC_UPLOAD_ERR_PARTIAL:
  544. updateHistoryWithErr("File only partially uploaded.", false);
  545. return;
  546. case HC_UPLOAD_ERR_NO_TMP_DIR:
  547. updateHistoryWithErr("TMP dir doesn't exist.", false);
  548. return;
  549. case HC_UPLOAD_ERR_CANT_WRITE:
  550. updateHistoryWithErr("Failed to write to the disk.", false);
  551. return;
  552. case HC_UPLOAD_ERR_EXTENSION:
  553. updateHistoryWithErr("A PHP extension stopped the file upload.", false);
  554. return;
  555. default:
  556. updateHistoryWithErr("Unexpected error happened.", false);
  557. return;
  558. }
  559. if (!is_uploaded_file($upload['tmp_name'])) {
  560. updateHistoryWithErr("One or more file have not been uploaded.", false);
  561. return;
  562. }
  563. // name
  564. $name = (string)substr((string)filter_var($upload['name']), 0, 255);
  565. if ($name == HC_STR) {
  566. updateHistoryWithErr("Invalid file name: " . $name, false);
  567. return;
  568. }
  569. $upload['name'] = $name;
  570. // fileType
  571. $fileType = substr((string)filter_var($upload['type']), 0, 30);
  572. $upload['type'] = $fileType;
  573. // tmp_name
  574. $tmp_name = substr((string)filter_var($upload['tmp_name']), 0, 300);
  575. if ($tmp_name == HC_STR || !file_exists($tmp_name)) {
  576. updateHistoryWithErr("Invalid file temp path: " . $tmp_name, false);
  577. return;
  578. }
  579. $upload['tmp_name'] = $tmp_name;
  580. //size
  581. $size = substr((string)filter_var($upload['size'], FILTER_SANITIZE_NUMBER_INT), 0, 12);
  582. if ($size == "") {
  583. updateHistoryWithErr("Invalid file size.", false);
  584. return;
  585. }
  586. $upload["size"] = $size;
  587. $tmpFullPath = $upload["tmp_name"];
  588. $originalFilename = pathinfo($name, PATHINFO_FILENAME);
  589. $originalFileExt = pathinfo($name, PATHINFO_EXTENSION);
  590. $FileExt = strtolower(pathinfo($name, PATHINFO_EXTENSION));
  591. if ($originalFileExt!==HC_STR) {
  592. $destFileName = $originalFilename . "." . $originalFileExt;
  593. } else {
  594. $destFileName = $originalFilename;
  595. }
  596. $destFullPath = $curPath . PHP_SLASH . $destFileName;
  597. if (file_exists($destFullPath)) {
  598. updateHistoryWithErr("destination already exists", false);
  599. return;
  600. }
  601. copy($tmpFullPath, $destFullPath);
  602. // Updating history..
  603. $output = [];
  604. $output[] = $destFileName . " " . "uploaded" . "\n";
  605. updateHistory($output, HC_HISTORY_MAX_ITEMS);
  606. // Cleaning up..
  607. // Delete the tmp file..
  608. unlink($tmpFullPath);
  609. }
  610. }
  611. }
  612. $password = filter_input(INPUT_POST, "Password")??"";
  613. $password = strip_tags($password);
  614. $command = filter_input(INPUT_POST, "CommandLine")??"";
  615. $command = strip_tags($command);
  616. $pwd = filter_input(INPUT_POST, "pwd")??"";
  617. $pwd = strip_tags($pwd);
  618. $hideSplash = filter_input(INPUT_POST, "hideSplash")??"";
  619. $hideSplash = strip_tags($hideSplash);
  620. $hideHCSplash = filter_input(INPUT_POST, "hideHCSplash")??"";
  621. $hideHCSplash = strip_tags($hideHCSplash);
  622. if ($password !== HC_STR) {
  623. $hash = hash("sha256", $password . HC_APP_SALT, false);
  624. if ($hash !== HC_APP_HASH) {
  625. $password=HC_STR;
  626. }
  627. }
  628. $curPath = HC_APP_STAGE_PATH;
  629. if ($pwd!==HC_STR) {
  630. if (left($pwd, strlen(HC_APP_STAGE_PATH)) === HC_APP_STAGE_PATH) {
  631. $curPath = $pwd;
  632. chdir($curPath);
  633. }
  634. }
  635. $ipos = strripos($curPath, HC_SLASH);
  636. $curDir = substr($curPath, $ipos);
  637. $prompt = str_replace("$1", $curDir, HC_APP_PROMPT);
  638. if ($password !== HC_STR) {
  639. loadRecallHistory();
  640. $cmdHistory = file(HC_APP_PATH . HC_SLASH . ".HC_history");
  641. parseCommand($command);
  642. //echo("cmd=" . $cmd . "<br>");
  643. //echo("opt=" . $opt . "<br>");
  644. //echo("param1=" . $param1 . "<br>");
  645. //echo("param2=" . $param2 . "<br>");
  646. upload();
  647. if (mb_stripos(HC_CMDLINE_VALIDCMDS, "|" . $command . "|")) {
  648. if ($command === "cd ..") {
  649. $ipos = strripos($curPath, HC_SLASH);
  650. $nextPath = substr($curPath, 0, $ipos);
  651. if (strlen(HC_APP_STAGE_PATH) > strlen($nextPath)) {
  652. updateHistoryWithErr("out of root boundary");
  653. } else {
  654. myExecCDBackwCommand();
  655. }
  656. } else if ($command === "help") {
  657. myExecHelpCommand();
  658. } else if ($command === "ls") {
  659. myExecLSCommand();
  660. } else if ($command === "pwd") {
  661. myExecPWDCommand();
  662. } else {
  663. myExecCommand();
  664. }
  665. } else if (mb_stripos(HC_CMDLINE_VALIDCMDS, "|" . $cmd . "|")) {
  666. if ($cmd === "cd") {
  667. if (cdparamValidation()) {
  668. myExecCDFolderCommand();
  669. }
  670. } else if ($cmd === "cp") {
  671. if (cpparamValidation()) {
  672. myExecCommand();
  673. }
  674. } else if ($cmd === "mv") {
  675. if (mvparamValidation()) {
  676. myExecCommand();
  677. }
  678. }
  679. } else {
  680. if (empty($_FILES['files']['tmp_name'][0])) {
  681. updateHistoryWithErr("invalid command");
  682. }
  683. }
  684. } else {
  685. $cmdHistory = [];
  686. }
  687. ?>
  688. <!DOCTYPE html>
  689. <html lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
  690. <head>
  691. <meta charset="UTF-8"/>
  692. <meta name="style" content="day1"/>
  693. <meta name="viewport" content="width=device-width, initial-scale=1"/>
  694. <!--
  695. Copyright 2021, 2024 5 Mode
  696. This file is part of Http Console.
  697. Http Console is free software: you can redistribute it and/or modify
  698. it under the terms of the GNU General Public License as published by
  699. the Free Software Foundation, either version 3 of the License, or
  700. (at your option) any later version.
  701. Http Console is distributed in the hope that it will be useful,
  702. but WITHOUT ANY WARRANTY; without even the implied warranty of
  703. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  704. GNU General Public License for more details.
  705. You should have received a copy of the GNU General Public License
  706. along with Http Console. If not, see <https://www.gnu.org/licenses/>.
  707. -->
  708. <title>Http Console: Ubiquity c'est la vie..</title>
  709. <link rel="shortcut icon" href="./HCres/favicon55.ico?v=<?php echo(time()); ?>" />
  710. <meta name="description" content="Welcome to <?php echo(HC_APP_NAME); ?>"/>
  711. <meta name="author" content="5 Mode"/>
  712. <meta name="robots" content="noindex"/>
  713. <script src="./HCjs/jquery-3.6.0.min.js" type="text/javascript"></script>
  714. <script src="./HCjs/HC_common.js" type="text/javascript"></script>
  715. <script src="./HCjs/bootstrap.min.js" type="text/javascript"></script>
  716. <script src="./HCjs/sha.js" type="text/javascript"></script>
  717. <script src="./HCjs/HC.js" type="text/javascript" defer></script>
  718. <link href="./HCcss/bootstrap.min.css" type="text/css" rel="stylesheet">
  719. <link href="./HCcss/style.css?v=<?php echo(time()); ?>" type="text/css" rel="stylesheet">
  720. <script>
  721. $(document).ready(function() {
  722. $("#CommandLine").on("keydown",function(e){
  723. key = e.which;
  724. //alert(key);
  725. if (key===13) {
  726. e.preventDefault();
  727. frmHC.submit();
  728. } else {
  729. //e.preventDefault();
  730. }
  731. });
  732. });
  733. window.addEventListener("load", function() {
  734. <?php if($password===HC_STR):?>
  735. $("#Password").addClass("emptyfield");
  736. <?php endif; ?>
  737. maxY = document.getElementById("Console").scrollHeight;
  738. //alert(maxY);
  739. document.getElementById("Console").scrollTo(0, maxY);
  740. }, true);
  741. function startApp() {
  742. $("#HCsplash").hide();
  743. $("#frmHC").show();
  744. }
  745. <?php if($hideHCSplash!=="1"): ?>
  746. window.addEventListener("load", function() {
  747. $("#HCsplash").show();
  748. setTimeout("startApp()", 5000);
  749. }, true);
  750. <?php else: ?>
  751. window.addEventListener("load", function() {
  752. startApp();
  753. });
  754. <?php endif; ?>
  755. </script>
  756. </head>
  757. <body>
  758. <div id="HCsplash" style="padding-top: 200px; text-align:center; display:none;">
  759. <img src="HCres/hcsplash.gif" style="width:310px;">
  760. </div>
  761. <form id="frmHC" method="POST" action="/hc" target="_self" enctype="multipart/form-data" style="display:<?php echo(($hideHCSplash==="1"?"inline":"none"));?>;">
  762. <div class="header">
  763. <a href="http://httpconsole.5mode-foss.eu" target="_blank" style="color:white; text-decoration: none;"><img src="HCres/hclogo.png" style="width:48px;">&nbsp;Http Console</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="https://github.com/par7133/HttpConsole" style="color:#ffffff"><span style="color:#119fe2">on</span> github</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="mailto:posta@elettronica.lol" style="color:#ffffff"><span style="color:#119fe2">for</span> feedback</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="tel:+39-331-4029415" style="font-size:13px;background-color:#15c60b;border:2px solid #15c60b;color:white;height:27px;text-decoration:none;">&nbsp;&nbsp;get support&nbsp;&nbsp;</a>
  764. </div>
  765. <div style="clear:both; float:left; padding:8px; width:15%; height:100%; text-align:center;">
  766. <div style="padding-left:12px;text-align: left;">
  767. <!--&nbsp;Upload-->
  768. &nbsp;<a href="#" id="upload" style="<?php echo(($password===HC_STR?'text-decoration:none;color:gray;':'color:#ffffff;')); ?>" onclick="<?php echo(($password!==HC_STR?'upload()':'')); ?>">Upload</a>
  769. <input id="files" name="files[]" type="file" accept=".css, .doc,.docx,.gif,.htm,.html,.ico,.inc,.jpg,.js,.php,.pdf,.png,.txt,.xls,.xlsx" style="visibility: hidden;">
  770. </div>
  771. <br><br>
  772. <img src="HCres/HCgenius.png" alt="HC Genius" title="HC Genius" style="position:relative; left:+6px; width:90%; border: 1px dashed #EEEEEE;">
  773. &nbsp;<br><br><br>
  774. &nbsp;<input type="text" id="Password" name="Password" placeholder="password" style="font-size:10px; background:#393939; color:#ffffff; width: 90%; border-radius:3px;" value="<?php echo($password);?>" autocomplete="off"><br>
  775. &nbsp;<input type="text" id="Salt" placeholder="salt" style="position:relative; top:+5px; font-size:10px; background:#393939; color:#ffffff; width: 90%; border-radius:3px;" autocomplete="off"><br>
  776. &nbsp;<a href="#" onclick="showEncodedPassword();" style="position:relative; left:-2px; top:+5px; color:#ffffff; font-size:12px;">Hash Me!</a>
  777. </div>
  778. <div style="float:left; width:85%;height:100%; padding:8px; border-left: 1px solid #2c2f34;">
  779. <?php if (HC_APP_SPLASH): ?>
  780. <?php if ($hideSplash !== HC_STR): ?>
  781. <div id="splash" style="border-radius:20px; position:relative; left:+3px; width:98%; background-color: #33aced; padding: 20px; margin-bottom:8px;">
  782. <button type="button" class="close" aria-label="Close" onclick="closeSplash();" style="position:relative; left:-10px;">
  783. <span aria-hidden="true">&times;</span>
  784. </button>
  785. Hello and welcome to Http Console!<br><br>
  786. Http Console is a light and simple web console to manage your website.<br><br>
  787. Http Console is released under GPLv3 license, it is supplied AS-IS and we do not take any responsibility for its misusage.<br><br>
  788. First step, use the left side panel password and salt fields to create the hash to insert in the config file. Remember to manually set there also the salt value.<br><br>
  789. As you are going to run Http Console in the PHP process context, using a limited web server or phpfpm user, you must follow some simple directives for an optimal first setup:<br>
  790. <ol>
  791. <li>Create a "stage" folder in your web app path; give to the stage folder the write permissions; and set the stage path in the config file.</li>
  792. <li>In the stage path create a ".HCsampledir" folder and give to this folder the write permission. This folder will be the sample folder to copy from new folders inside the stage path.</li>
  793. <li>Likewise, in the stage path create an empty ".HCsamplefile" and give to this file the write permission. This file will be the sample file to copy from new files inside the stage path.</li>
  794. <li>Configure the max history items and max recall history items as required (default: 50).</li>
  795. </ol>
  796. <br>
  797. Http Console understands a limited set of commands with a far limited set of parameters:<br>
  798. cd, cd.., cp, cp -p, cp -R, help, ls, ls -lsa, mv, pwd<br><br>
  799. Hope you can enjoy it and let us know about any feedback: <a href="mailto:posta@elettronica.lol" style="color:#e6d236;">posta@elettronica.lol</a>
  800. </div>
  801. <?php endif; ?>
  802. <?php endif; ?>
  803. &nbsp;Console<br>
  804. <div id="Console" style="height:493px; overflow-y:auto; margin-top:10px;">
  805. <pre style="margin-left:5px;padding-left:0px;border:0px;background-color: #000000; color: #ffffff;">
  806. <?php showHistory($cmdHistory); ?>
  807. <div style="position:relative;top:-15px;"><label id="Prompt" for="CommandLine"><?php echo($prompt); ?></label>&nbsp;<input id="CommandLine" name="CommandLine" list="CommandList" type="text" autocomplete="off" style="width:80%; height:22px; background-color: black; color:white; border:0px; border-bottom: 1px dashed #EEEEEE;"></div>
  808. </pre>
  809. </div>
  810. <datalist id="CommandList">
  811. <?php foreach($cmdRecallHistory as &$val): ?>
  812. <?php $val = left($val, strlen($val)-1); ?>
  813. <?php echo("<option value='$val'>\n"); ?>
  814. <?php endforeach; ?>
  815. </datalist>
  816. <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
  817. <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
  818. </div>
  819. <div class="footer">
  820. <div id="footerCont">&nbsp;</div>
  821. <div id="footer"><span style="background:#FFFFFF;opacity:1.0;margin-right:10px;">&nbsp;&nbsp;A <a href="http://5mode.com">5 Mode</a> project and <a href="http://demo.5mode.com">WYSIWYG</a> system. Some rights reserved.</span></div>
  822. </div>
  823. <input type="hidden" name="pwd" value="<?php echo($curPath); ?>" style="color:black">
  824. <input type="hidden" name="hideSplash" value="<?php echo($hideSplash); ?>">
  825. <input type="hidden" name="hideHCSplash" value="1">
  826. </form>
  827. </body>
  828. </html>