/*
Liteserver Manager v1 - single-file PHP mini file manager (UI versi modern)
Fitur: list, edit, upload, delete, rename, chmod, unzip, download, run command (opsional), new file
*/

session_start();

/* ===================== CONFIG ===================== */
$BASE_DIR = realpath(__DIR__);
$ADMIN_USER = 'admin';
$ADMIN_PASS = 'changeme'; // ubah password ini segera
$ENABLE_CMD = true; // eksekusi perintah diaktifkan
$CMD_WHITELIST = ['ls','pwd','df','uptime','whoami','id']; // perintah yang diizinkan
$MAX_UPLOAD_MB = 50;
/* ================================================== */

// fungsi bantu
define('H', ENT_QUOTES);
function h($str){return htmlspecialchars($str,H,'UTF-8');}

function login_form($msg=''){
Login - Liteserver Managerecho '<!DOCTYPE html><meta charset="utf-8"><title>Login - Liteserver Manager</title><script src="https://cdn.tailwindcss.com"></script><body class="bg-gray-900 flex items-center justify-center h-screen">';
echo '
';
echo '<h2 class="text-2xl font-bold mb-4 text-center">🔐 Liteserver Login';
if($msg) echo '<p class="text-red-400 text-center mb-2">'.h($msg).'</p>';
echo '';
echo '<input class="w-full mb-3 p-2 rounded bg-gray-700 border border-gray-600" placeholder="Username" name="user">';
echo '';
echo '<button class="w-full bg-blue-600 hover:bg-blue-700 rounded p-2 font-semibold">Login</button>';
echo '
';
}

function auth_required(){
global $ADMIN_USER,$ADMIN_PASS;
if(!isset($_SESSION['lsm_user'])||$_SESSION['lsm_user']!==$ADMIN_USER){
if(isset($_POST['action']) && $_POST['action']==='login'){
$u=$_POST['user']??''; $p=$_POST['pass']??'';
if($u===$ADMIN_USER && $p===$ADMIN_PASS){
$_SESSION['lsm_user']=$ADMIN_USER;
header('Location: '.strtok($_SERVER['REQUEST_URI'],'?'));
exit;
}
}
login_form();
exit;
}
}

auth_required();

$action=$_GET['action']??'';
$cwd=realpath($_GET['dir']??$BASE_DIR);
if(!$cwd||strpos($cwd,$BASE_DIR)!==0)$cwd=$BASE_DIR;

// aksi buat folder/file
if($action==='newfolder'&&isset($_POST['name'])){
$n=trim($_POST['name']);
if($n){@mkdir("$cwd/$n",0755);}header('Location:?dir='.urlencode($cwd));exit;
}
if($action==='newfile'&&isset($_POST['name'])){
$n=trim($_POST['name']);
if($n){$path="$cwd/$n"; if(!file_exists($path))file_put_contents($path,''); header('Location:?action=edit&file='.urlencode($path));exit;}
}

if($action==='edit'&&isset($_POST['save'])&&isset($_GET['file'])){
$f=$_GET['file']; if(strpos(realpath($f),$BASE_DIR)===0) file_put_contents($f,$_POST['content']); header('Location:?dir='.urlencode(dirname($f))); exit;
}

function list_dir($cwd){
global $ENABLE_CMD;
$items=scandir($cwd);
Liteserver Manager echo '<!DOCTYPE html><meta charset="utf-8"><title>Liteserver Manager</title><script src="https://cdn.tailwindcss.com"></script><body class="bg-gray-100 text-sm">';
echo '<div class="bg-blue-700 text-white p-3 flex justify-between"><div>Liteserver Manager v1</div>
<button class="text-sm bg-red-500 px-2 py-1 rounded">Logout</button>
</div>';
echo '<div class="p-4">';
echo '
<input class="flex-1 p-2 border rounded" name="dir" value="'.h($cwd).'"><button class="bg-blue-600 text-white px-3 py-1 rounded">Go</button>
';
echo '<div class="flex space-x-2 mb-3">
<input class="p-2 border rounded" name="name" placeholder="Nama Folder"><button class="bg-green-600 text-white px-3 py-1 rounded">New Folder</button>
';
echo '
<input class="p-2 border rounded" name="name" placeholder="Nama File"><button class="bg-green-500 text-white px-3 py-1 rounded">New File</button>
</div>';
echo '<table class="w-full border bg-white shadow"><tr class="bg-gray-200"><th class="p-2 text-left">Nama</th><th>CHMOD</th><th>Aksi</th>';
foreach($items as $i){if($i==='.')continue;$path="$cwd/$i";$perm=substr(sprintf('%o',fileperms($path)),-4);$icon=is_dir($path)?'📁':'📄';echo '<tr class="border-b hover:bg-gray-50"><td class="p-2">'.$icon.' '.h($i).'<td class="text-center">'.$perm.'<td class="text-center space-x-1"><a class="text-blue-600" href="?action=edit&file='.urlencode($path).'">Edit</a> <a class="text-yellow-600" href="?action=rename&file='.urlencode($path).'">Rename</a> <a class="text-red-600" href="?action=delete&file='.urlencode($path).'" onclick="return confirm(\'Yakin?\')">Delete</a>';}
echo '';
if($ENABLE_CMD){
echo '<div class="mt-4 p-3 bg-gray-800 text-white rounded">
<input class="flex-1 p-2 text-black rounded" name="cmd" placeholder="Perintah (mis: ls)"><button class="bg-blue-600 px-3 py-1 rounded">Run</button>
';
if(isset($_GET['action'])&&$_GET['action']==='cmd'&&isset($_POST['cmd'])){
$cmd=escapeshellcmd($_POST['cmd']); echo '<pre class="mt-2 bg-black p-2 rounded text-green-400">'.h(shell_exec($cmd)).'</pre>';}
echo '</div>';
} else {
echo '<div class="mt-4 text-center text-red-600 font-semibold">Eksekusi perintah dimatikan di konfigurasi</div>';
}
echo '</div>';
}

if($action==='edit'&&isset($_GET['file'])){
$f=$_GET['file']; $content=''; if(strpos(realpath($f),$BASE_DIR)===0&&file_exists($f))$content=file_get_contents($f);
Edit '.h(basename($f)).' echo '<!DOCTYPE html><meta charset="utf-8"><title>Edit '.h(basename($f)).'</title><script src="https://cdn.tailwindcss.com"></script><body class="bg-gray-900 text-white p-4">';
echo '<h2 class="text-xl mb-3">Editing: '.h($f).'';
echo '
<textarea name="content" class="w-full h-[70vh] text-black p-2 rounded">'.h($content).'</textarea>
<button name="save" class="bg-blue-600 mt-2 px-4 py-2 rounded">Save</button> <a href="?dir='.urlencode(dirname($f)).'" class="ml-2 text-gray-300">Back</a>
';
echo '';
exit;
}

if($action==='logout'){session_destroy();header('Location: '.strtok($_SERVER['REQUEST_URI'],'?'));exit;}

list_dir($cwd);