PHP –– Editor
written by: admin
written by: admin
Date Written: 4/14/10 Last Updated: 11/22/14
Why? It can be used in other browsers and is connected to your site, so you can use it when you are away from your computer, but still have access to the internet. It will allow you to view and edit files on your website.
Installation Lines 23 and 24 reference security files that you will need to have in place for security purposes. These you will create yourself to detect if a user is logged in as admin or has the correct session, etc. You need to have some security in place so that only authorized users can access this script. Upload the following image:
. On line 277 of the script below you will see the location of the image. You can change this to where ever you choose to store the image.
Optional Where it says test.php you can rename this to whatever default page you want. This will be the file that loads for editing when you click the Home? link. You can also leave this blank in which case no default page will be loaded, but you will still be redirected to the root directory.
Changelog
demo
<?php session_start();
## Editor ©2009 - 2014 Joe Vander Jagt
## as first seen in www.animeviews.com
## This Notice Must Remain for Legal Use
## Version 1.30
##
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
$root=$_SERVER[DOCUMENT_ROOT];
include $root.'/include/dbconnect.php';
include $root.'/include/loggedincheck.php';
$dir=@$_POST['dir'];
if ($dir=="") $dir=$_GET['dir'];
if ($dir=="") $dir=$_SERVER['DOCUMENT_ROOT'];
$file=$_GET['file'];
$perms= substr(sprintf('%o', fileperms("$dir/$file")), -4);
$imagetypes=array("peg", "jpg","gif","png","pdf","mp3","zip");
$image=substr($file, -3,3);
if (in_array(strtolower($image),$imagetypes)){
$folder=$_SERVER['DOCUMENT_ROOT'];
$folder=str_replace($folder,"",$_GET['dir']);
if (is_null($_GET['dir']) OR $_GET['dir']=="" OR strlen($folder)<1) $folder="/";
echo "<script type=\"text/javascript\">
window.location = \"http://$_SERVER[HTTP_HOST]$folder/$file?folder=$folder\"
</script>";exit();
}
if ($_POST['queryButton']=="create file" and $_POST['newfile'] !=""){
$go="$_SERVER[SCRIPT_URI]"."?file=$_POST[newfile]&dir=$dir";$newfile="$dir"."/$_POST[newfile]";
$fh = fopen("$newfile","x+");
fclose($fh);
?><script type="text/javascript">
window.location = "<?php print $go ;?>"
</script><?php
}
if ($_POST['queryButton']=="create directory" and $_POST['makedir'] !=""){
mkdir("$dir"."/$_POST[makedir]", 0700);
$location="$_SERVER[PHP_SELF]?file=&dir=$dir";
?><script type="text/javascript">
window.location = "<?php print $location ;?>"
</script><?php
}
elseif ($_POST['queryButton']=="delete file" and $_POST['deletefile'] !=""){
unlink("$dir"."/$_POST[deletefile]");
$location="$_SERVER[PHP_SELF]?file=&dir=$dir";
?><script type="text/javascript">
window.location = "<?php print $location ;?>"
</script><?php
$location="";
}
elseif ($_POST['queryButton']=="delete directory" and $_POST['deldir'] !=""){
$deldir=$_POST['deldir'];
$deldir="$dir/$deldir";
$pos = strpos($deldir, '../');
if ($pos !== false) {}
else{
function rrmdir($dir) {
if (is_dir($dir)) {
$objects = scandir($dir);
foreach ($objects as $object) {
if ($object != "." && $object != "..") {
if (filetype($dir."/".$object) == "dir") rrmdir($dir."/".$object); else unlink($dir."/".$object);
}
}
reset($objects);
rmdir($dir);
}
}
$deldir=rrmdir($deldir);
}
?><script type="text/javascript">
window.location = "<?php print $location ;?>"
</script><?php
$location="";
}
elseif ($_POST['queryButton']=="rename file" and $_POST['renamefr']!="" and $_POST['renameto']!=""){
rename("$dir"."/$_POST[renamefr]","$dir"."/$_POST[renameto]");
$location="$_SERVER[PHP_SELF]?file=$_POST[renameto]&dir=$dir";
?>
<script type="text/javascript">
window.location = "<?php print $location ;?>"
</script>
<?php
$location="";
}
?>
<!DOCTYPE html>
<HTML>
<head>
<TITLE>
Editor 1.30</TITLE>
<META HTTP-EQUIV="Content-Type"; charset=iso-8859-15">
<style type="text/css">
#editContent{
margin-left:40px;
padding-left:3px;
border:1px solid #666;
}
.textAreaWithLines{
display:block;
margin:0;
border:1px solid #666;
border-right:none;
background:#aaa;
position: absolute;
overflow: hidden;
text-align: center;
width: 30px;
padding-right: 0.2em;
}
textarea{
border:0px;margin:0px;padding:0px;
line-height:16px;
background-color:#FFFFFF;color:black;}
.o {color:orange;
}
a:link {
color:#00FFFF;
text-decoration: none;
}
a:visited {
color:#00FFFF;
text-decoration: none;
}
a:hover {
color: #ffcc33;
text-decoration: none;
}
body{
color:#FFFFFF;
background-color:navy;
line-height:16px;
}
</style>
<script type="text/javascript">
function createTextAreaWithLines(id)
{
var el = document.createElement('TEXTAREA');
var ta = document.getElementById(id);
var string = '';
for(var no=1;no<3000;no++){
if(string.length>0)string += '\n';
string += no;
}
el.className = 'textAreaWithLines';
el.style.height = (ta.offsetHeight-3) + "px";
el.innerHTML = string; //Firefox renders \n linebreak
/*@cc_on @*/
/*@if(@_jscript_version >= 5)
el.innerText = string; //IE6 renders \n line break
@end @*/
el.style.zIndex = 0;
ta.style.zIndex = 1;
ta.style.position = "relative";
ta.parentNode.insertBefore(el, ta.nextSibling);
setLine();
ta.focus();
ta.onmousedown = function() { setLine();}
ta.onmouseup = function() { setLine();}
ta.onscroll = function() { setLine();}
ta.onmousewheel = function() { setLine();}
function setLine(){
el.scrollTop = ta.scrollTop;
el.style.top = (ta.offsetTop) + "px";
el.style.left = (ta.offsetLeft - 37) + "px";
}
setInterval(setLine, 10);
}
</script></head><body>
<?php
if ($_POST['queryButton']=="Save")
{
$data2=@$_POST['data'];
$n=strlen($data2);$data=mysqli_real_escape_string($data);
$handle = fopen("$dir/$file","wb");
fwrite($handle,$data2, strlen($data2));
fclose($handle);
$perms=$_POST[permissions];
if(preg_match('/[0-7]{4}/i',$perms))
{
chmod("$dir/$file", intval($perms, 8));}
}
if ($file!=""){
$dir=str_replace("//","/",$dir);
$handle = @fopen("$dir/$file","r+b") or exit("bad filname $dir/$file<br><a href=\"$_SERVER[PHP_SELF]\">go back $dir $file</a>");
while(@!feof($handle))
{
$data.=@fgets($handle);
}@fclose($handle);
$yn=$_GET['folder'];}
?>
<form action="<?php echo "$_SERVER[PHP_SELF]"."?file=$_GET[file]&dir=$_GET[dir]&folder=$yn"; ?>" method="POST" id="form1">
<div style='width:100%;'><div style="width:75%;float:left;">
<a href="<?php print$_SERVER['PHP_SELF'];?>">Home?</a> Contents of the web file:<?php echo " <b><span class='o'>$file</span></b>";?>
<div style='float:right;'><a href="http://www.animeviews.com/article.php?ID=6">Editor Version 1.30</a></div>
<?php if ($file==""){}
else {?>
<br><textarea name="data" style="width:98%;scrollbar-base-color:tan;height:722px;" wrap="off" id="editContent"><?php print htmlspecialchars($data, ENT_COMPAT, 'ISO-8859-15');?>
</textarea>
<script type="text/javascript">createTextAreaWithLines('editContent');</script>
<?php
}
echo"<input type='hidden' name='dir' value='$dir'>";?>
<div style='float:left;padding-top:12px;'><input type='submit' name="queryButton" value="Save"></div>
<div style="position:relative;width:25%;float:right;text-align:right;padding-top:12px;right:-20px;">
<input type='submit' name="queryButton" value="create file"> <input type='text' name="newfile"><br>
<input type='submit' name="queryButton" value="create directory"> <input type='text' name="makedir"><br><br>
<input type='text' name="renamefr"><br>
<input type='submit' name="queryButton" value="rename file"> <input type='text' name="renameto"></div>
</div>
<div style="position:relative;float:right;width:23%;">
<?php
if ($dir != "")
{
$handle=@opendir($dir) or exit("bad file name<br> This directory is protected.<a href=\"$_SERVER[HTTP_REFERER]\"> Go back</a>?");
while (false !== ($file = @readdir($handle))) {
$dir1="$dir"."/$file";
if ($dir1=="$dir/." or $dir1=="$dir/..") $dir1="";
if (is_dir($dir1)) {$file.="--DIRECTORY";}
$data1 .= $file ." \r\n";
}@fclose($handle);
}
$string="";
$data1=explode("\r\n",$data1);
$data1 = DIRsort($data1);
function DIRsort($list){
$dirSubList = array();
$subList = array();
foreach($list as $li){
if(strstr($li, '--DIRECTORY')) $dirSubList[] = $li;
else $subList[] = $li;
}
sort($dirSubList);
sort($subList);
$List = array_merge($dirSubList, $subList);
return $List;
}
$data1=implode("\r\n",$data1);$data1="\r\n$data1";
$data1=str_replace("\r\n\r\n","",$data1);
$data1=str_replace('..',"",$data1);
$data1=str_replace(". \r\n","",$data1);
$folder=$_SERVER['DOCUMENT_ROOT'];
$folder=str_replace($folder,"",$_GET['dir']);
if (is_null($_GET['dir']) OR $_GET['dir']=="" OR strlen($folder)<1) $folder="/";
?>
<b>contents of folder: <span style='color:orange;'><?php echo "$folder";?></span></b><br>
<?php
$folder=$_GET['dir'];
if (is_null($_GET['dir']) OR $_GET['dir']=="" OR strlen($folder)<1) {$folder=$_SERVER['DOCUMENT_ROOT'];}
$folder=explode('/',$folder);$folder=array_slice($folder,0,-1);
$folder=implode('/',$folder);
$folder="<a href=\"$_SERVER[PHP_SELF]?file=&dir=$folder&folder=yes\">$folder</a><br><br>";
$data1=preg_replace('/([A-Za-z0-9_\.].*?)(\n|\s\r\n|\s\z)/',"<a href=\"$_SERVER[PHP_SELF]"."?file=$1&dir=$dir\">$1</a><br>",$data1);
$data1=explode("<br>",$data1);
foreach($data1 as &$data2)
{$pos=strpos($data2,"DIRECTORY");
if ($pos>0)
{$data2=preg_replace('/file=.*\&/',"file=$file1&",$data2);
preg_match('/>(.*?)\-\-DIRECTORY(<|\s)/',$data2,$match);
$data2="<img src=\"/images/pops/folder1.png\">".$data2;
$match1=$match[1];
$data2=preg_replace('/(dir=.*?)\"/',"$1/$match1&folder=yes\"",$data2);
$data2=preg_replace('/\-\-DIRECTORY(<|\s)/',"$1",$data2);
$data2=str_replace(".//","./",$data2);
unset($match);
}}
$data1=implode("<br>",$data1);
$data1=str_replace(">\r\n<",'><',$data1);
?><div style='height:725px;overflow:auto;scrollbar-base-color:tan;float:left;width:100%;
background-color:blue;line-height:19px;border:0px;margin:0px;padding:0px;'><?php echo"$folder$data1"; ?></div>
<div style='float:left;padding-top:12px;'> <input type='submit' name="queryButton" value="delete directory"> <input type='text' name="deldir"><br>
<input type='submit' name="queryButton" value="delete file"> <input type='text' name="deletefile"><br>
Permissions: <input type='text' name="permissions" value='<? print $perms;?>'><br>
</div>
</div></div></form></body></html>
## Editor ©2009 - 2014 Joe Vander Jagt
## as first seen in www.animeviews.com
## This Notice Must Remain for Legal Use
## Version 1.30
##
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
$root=$_SERVER[DOCUMENT_ROOT];
include $root.'/include/dbconnect.php';
include $root.'/include/loggedincheck.php';
$dir=@$_POST['dir'];
if ($dir=="") $dir=$_GET['dir'];
if ($dir=="") $dir=$_SERVER['DOCUMENT_ROOT'];
$file=$_GET['file'];
$perms= substr(sprintf('%o', fileperms("$dir/$file")), -4);
$imagetypes=array("peg", "jpg","gif","png","pdf","mp3","zip");
$image=substr($file, -3,3);
if (in_array(strtolower($image),$imagetypes)){
$folder=$_SERVER['DOCUMENT_ROOT'];
$folder=str_replace($folder,"",$_GET['dir']);
if (is_null($_GET['dir']) OR $_GET['dir']=="" OR strlen($folder)<1) $folder="/";
echo "<script type=\"text/javascript\">
window.location = \"http://$_SERVER[HTTP_HOST]$folder/$file?folder=$folder\"
</script>";exit();
}
if ($_POST['queryButton']=="create file" and $_POST['newfile'] !=""){
$go="$_SERVER[SCRIPT_URI]"."?file=$_POST[newfile]&dir=$dir";$newfile="$dir"."/$_POST[newfile]";
$fh = fopen("$newfile","x+");
fclose($fh);
?><script type="text/javascript">
window.location = "<?php print $go ;?>"
</script><?php
}
if ($_POST['queryButton']=="create directory" and $_POST['makedir'] !=""){
mkdir("$dir"."/$_POST[makedir]", 0700);
$location="$_SERVER[PHP_SELF]?file=&dir=$dir";
?><script type="text/javascript">
window.location = "<?php print $location ;?>"
</script><?php
}
elseif ($_POST['queryButton']=="delete file" and $_POST['deletefile'] !=""){
unlink("$dir"."/$_POST[deletefile]");
$location="$_SERVER[PHP_SELF]?file=&dir=$dir";
?><script type="text/javascript">
window.location = "<?php print $location ;?>"
</script><?php
$location="";
}
elseif ($_POST['queryButton']=="delete directory" and $_POST['deldir'] !=""){
$deldir=$_POST['deldir'];
$deldir="$dir/$deldir";
$pos = strpos($deldir, '../');
if ($pos !== false) {}
else{
function rrmdir($dir) {
if (is_dir($dir)) {
$objects = scandir($dir);
foreach ($objects as $object) {
if ($object != "." && $object != "..") {
if (filetype($dir."/".$object) == "dir") rrmdir($dir."/".$object); else unlink($dir."/".$object);
}
}
reset($objects);
rmdir($dir);
}
}
$deldir=rrmdir($deldir);
}
?><script type="text/javascript">
window.location = "<?php print $location ;?>"
</script><?php
$location="";
}
elseif ($_POST['queryButton']=="rename file" and $_POST['renamefr']!="" and $_POST['renameto']!=""){
rename("$dir"."/$_POST[renamefr]","$dir"."/$_POST[renameto]");
$location="$_SERVER[PHP_SELF]?file=$_POST[renameto]&dir=$dir";
?>
<script type="text/javascript">
window.location = "<?php print $location ;?>"
</script>
<?php
$location="";
}
?>
<!DOCTYPE html>
<HTML>
<head>
<TITLE>
Editor 1.30</TITLE>
<META HTTP-EQUIV="Content-Type"; charset=iso-8859-15">
<style type="text/css">
#editContent{
margin-left:40px;
padding-left:3px;
border:1px solid #666;
}
.textAreaWithLines{
display:block;
margin:0;
border:1px solid #666;
border-right:none;
background:#aaa;
position: absolute;
overflow: hidden;
text-align: center;
width: 30px;
padding-right: 0.2em;
}
textarea{
border:0px;margin:0px;padding:0px;
line-height:16px;
background-color:#FFFFFF;color:black;}
.o {color:orange;
}
a:link {
color:#00FFFF;
text-decoration: none;
}
a:visited {
color:#00FFFF;
text-decoration: none;
}
a:hover {
color: #ffcc33;
text-decoration: none;
}
body{
color:#FFFFFF;
background-color:navy;
line-height:16px;
}
</style>
<script type="text/javascript">
function createTextAreaWithLines(id)
{
var el = document.createElement('TEXTAREA');
var ta = document.getElementById(id);
var string = '';
for(var no=1;no<3000;no++){
if(string.length>0)string += '\n';
string += no;
}
el.className = 'textAreaWithLines';
el.style.height = (ta.offsetHeight-3) + "px";
el.innerHTML = string; //Firefox renders \n linebreak
/*@cc_on @*/
/*@if(@_jscript_version >= 5)
el.innerText = string; //IE6 renders \n line break
@end @*/
el.style.zIndex = 0;
ta.style.zIndex = 1;
ta.style.position = "relative";
ta.parentNode.insertBefore(el, ta.nextSibling);
setLine();
ta.focus();
ta.onmousedown = function() { setLine();}
ta.onmouseup = function() { setLine();}
ta.onscroll = function() { setLine();}
ta.onmousewheel = function() { setLine();}
function setLine(){
el.scrollTop = ta.scrollTop;
el.style.top = (ta.offsetTop) + "px";
el.style.left = (ta.offsetLeft - 37) + "px";
}
setInterval(setLine, 10);
}
</script></head><body>
<?php
if ($_POST['queryButton']=="Save")
{
$data2=@$_POST['data'];
$n=strlen($data2);$data=mysqli_real_escape_string($data);
$handle = fopen("$dir/$file","wb");
fwrite($handle,$data2, strlen($data2));
fclose($handle);
$perms=$_POST[permissions];
if(preg_match('/[0-7]{4}/i',$perms))
{
chmod("$dir/$file", intval($perms, 8));}
}
if ($file!=""){
$dir=str_replace("//","/",$dir);
$handle = @fopen("$dir/$file","r+b") or exit("bad filname $dir/$file<br><a href=\"$_SERVER[PHP_SELF]\">go back $dir $file</a>");
while(@!feof($handle))
{
$data.=@fgets($handle);
}@fclose($handle);
$yn=$_GET['folder'];}
?>
<form action="<?php echo "$_SERVER[PHP_SELF]"."?file=$_GET[file]&dir=$_GET[dir]&folder=$yn"; ?>" method="POST" id="form1">
<div style='width:100%;'><div style="width:75%;float:left;">
<a href="<?php print$_SERVER['PHP_SELF'];?>">Home?</a> Contents of the web file:<?php echo " <b><span class='o'>$file</span></b>";?>
<div style='float:right;'><a href="http://www.animeviews.com/article.php?ID=6">Editor Version 1.30</a></div>
<?php if ($file==""){}
else {?>
<br><textarea name="data" style="width:98%;scrollbar-base-color:tan;height:722px;" wrap="off" id="editContent"><?php print htmlspecialchars($data, ENT_COMPAT, 'ISO-8859-15');?>
</textarea>
<script type="text/javascript">createTextAreaWithLines('editContent');</script>
<?php
}
echo"<input type='hidden' name='dir' value='$dir'>";?>
<div style='float:left;padding-top:12px;'><input type='submit' name="queryButton" value="Save"></div>
<div style="position:relative;width:25%;float:right;text-align:right;padding-top:12px;right:-20px;">
<input type='submit' name="queryButton" value="create file"> <input type='text' name="newfile"><br>
<input type='submit' name="queryButton" value="create directory"> <input type='text' name="makedir"><br><br>
<input type='text' name="renamefr"><br>
<input type='submit' name="queryButton" value="rename file"> <input type='text' name="renameto"></div>
</div>
<div style="position:relative;float:right;width:23%;">
<?php
if ($dir != "")
{
$handle=@opendir($dir) or exit("bad file name<br> This directory is protected.<a href=\"$_SERVER[HTTP_REFERER]\"> Go back</a>?");
while (false !== ($file = @readdir($handle))) {
$dir1="$dir"."/$file";
if ($dir1=="$dir/." or $dir1=="$dir/..") $dir1="";
if (is_dir($dir1)) {$file.="--DIRECTORY";}
$data1 .= $file ." \r\n";
}@fclose($handle);
}
$string="";
$data1=explode("\r\n",$data1);
$data1 = DIRsort($data1);
function DIRsort($list){
$dirSubList = array();
$subList = array();
foreach($list as $li){
if(strstr($li, '--DIRECTORY')) $dirSubList[] = $li;
else $subList[] = $li;
}
sort($dirSubList);
sort($subList);
$List = array_merge($dirSubList, $subList);
return $List;
}
$data1=implode("\r\n",$data1);$data1="\r\n$data1";
$data1=str_replace("\r\n\r\n","",$data1);
$data1=str_replace('..',"",$data1);
$data1=str_replace(". \r\n","",$data1);
$folder=$_SERVER['DOCUMENT_ROOT'];
$folder=str_replace($folder,"",$_GET['dir']);
if (is_null($_GET['dir']) OR $_GET['dir']=="" OR strlen($folder)<1) $folder="/";
?>
<b>contents of folder: <span style='color:orange;'><?php echo "$folder";?></span></b><br>
<?php
$folder=$_GET['dir'];
if (is_null($_GET['dir']) OR $_GET['dir']=="" OR strlen($folder)<1) {$folder=$_SERVER['DOCUMENT_ROOT'];}
$folder=explode('/',$folder);$folder=array_slice($folder,0,-1);
$folder=implode('/',$folder);
$folder="<a href=\"$_SERVER[PHP_SELF]?file=&dir=$folder&folder=yes\">$folder</a><br><br>";
$data1=preg_replace('/([A-Za-z0-9_\.].*?)(\n|\s\r\n|\s\z)/',"<a href=\"$_SERVER[PHP_SELF]"."?file=$1&dir=$dir\">$1</a><br>",$data1);
$data1=explode("<br>",$data1);
foreach($data1 as &$data2)
{$pos=strpos($data2,"DIRECTORY");
if ($pos>0)
{$data2=preg_replace('/file=.*\&/',"file=$file1&",$data2);
preg_match('/>(.*?)\-\-DIRECTORY(<|\s)/',$data2,$match);
$data2="<img src=\"/images/pops/folder1.png\">".$data2;
$match1=$match[1];
$data2=preg_replace('/(dir=.*?)\"/',"$1/$match1&folder=yes\"",$data2);
$data2=preg_replace('/\-\-DIRECTORY(<|\s)/',"$1",$data2);
$data2=str_replace(".//","./",$data2);
unset($match);
}}
$data1=implode("<br>",$data1);
$data1=str_replace(">\r\n<",'><',$data1);
?><div style='height:725px;overflow:auto;scrollbar-base-color:tan;float:left;width:100%;
background-color:blue;line-height:19px;border:0px;margin:0px;padding:0px;'><?php echo"$folder$data1"; ?></div>
<div style='float:left;padding-top:12px;'> <input type='submit' name="queryButton" value="delete directory"> <input type='text' name="deldir"><br>
<input type='submit' name="queryButton" value="delete file"> <input type='text' name="deletefile"><br>
Permissions: <input type='text' name="permissions" value='<? print $perms;?>'><br>
</div>
</div></div></form></body></html>
Note: Scrolling line numbers was added with help from this post.
Note: If your website is stored in a folder alongside other folders where each folder contains the contents of a website as in multiple websites sharing one hosting service you should edit
$root=$_SERVER[DOCUMENT_ROOT];
to
$root=$_SERVER[DOCUMENT_ROOT]."/website1";
and
$folder=str_replace($folder,"",$_GET['dir']);
to
$folder=str_replace($folder,"",$_GET['dir']);$folder=str_replace("/website1","",$folder);
where website1 is the folder where your website resides.
TAGS: editor, website, flatfile, php