Access denied
A warning message have been sended to the administrator
$MyShellVersion";
if(isset($PHP_AUTH_USER)){
$warnMsg ="
This is $MyShellVersion
installed on: http://".$HTTP_SERVER_VARS["HTTP_HOST"]."$PHP_SELF
just to let you know that somebody tryed to access
the script using wrong username or password:
Date: ".date("Y-m-d H:i:s")."
IP: ".$HTTP_SERVER_VARS["REMOTE_ADDR"]."
User Agent: ".$HTTP_SERVER_VARS["HTTP_USER_AGENT"]."
username used: $PHP_AUTH_USER
password used: $PHP_AUTH_PW
If this is not the first time it happens,
please consider either to remove MyShell
from your system or change it's name or
directory location on your server.
Regards
The MyShell dev team
";
mail($adminEmail,"MyShell Warning - Unauthorized Access",$warnMsg,
"From: $fromEmail\nX-Mailer:$MyShellVersion AutoWarn System");
}
exit;
}
}
//Function that validate directories
function validate_dir($dir){
GLOBAL $dirLimit;
if($dirLimit){
$cdPos = strpos($dir,$dirLimit);
if ((string)$cdPos == "") {
$dir = $dirLimit;
$GLOBALS["shellOutput"] = "You are not allowed change to directories above $dirLimit\n";
}
}
return $dir;
}
// Set working directory.
if (isset($work_dir)) {
//A workdir has been asked for - we chdir to that dir.
$work_dir = validate_dir($work_dir);
@chdir($work_dir) or
($shellOutput = "MyShell: can't change directory. Permission denied\nSwitching back to $DOCUMENT_ROOT\n");
$work_dir = exec("pwd");
}
else{
// No work_dir - we chdir to $DOCUMENT_ROOT
$work_dir = validate_dir($DOCUMENT_ROOT);
chdir($work_dir);
$work_dir = exec("pwd");
}
//Now we handle files if we are in Edit Mode
if($editMode && ($command||$editCancel))$editMode=false;
if($editMode){
if($editSave ||$editSaveExit){
if(function_exists(ini_set))ini_set("track_errors","1");
if($fp=@fopen($file,"w")){
if(get_magic_quotes_gpc())$shellOut=stripslashes($shellOut);
fputs($fp,$shellOut);
fclose($fp);
$command = $TexEd." ".$file;
if($editSaveExit) {
$command="";
$shellOutput="MyShell: $file: saved";
$editMode=false;
}
}
else {
$command="";
$shellOutput="MyShell: Error while saving $file:\n$php_errormsg\nUse back button to recover your changes.";
$errorSave=true;
}
}
}
//Separate command(s) and arguments to analize first command
$input=explode(" ",$command);
while (list ($key, $val) = each ($voidCommands)) {
if($input[0]==$val){
$voidCmd = $input[0];
$input[0]="void";
}
}
switch($input[0]){
case "cd":
$path=$input[1];
if ($path==".."){
$work_dir=strrev(substr(strstr(strrev($work_dir), "/"), 1));
if ($work_dir == "") $work_dir = "/";
}
elseif (substr($path,0,1)=="/")$work_dir=$path;
else $work_dir=$work_dir."/".$path;
$work_dir = validate_dir($work_dir);
@chdir($work_dir) or ($shellOutput = "MyShell: can't change directory.\n$work_dir: does not exist or permission denied");
$work_dir = exec("pwd");
$commandBk = $command;
$command = "";
break;
case "man":
exec($command,$man);
if($man){
$codes = ".".chr(8);
$manual = implode("\n",$man);
$shellOutput = ereg_replace($codes,"",$manual);
$commandBk = $command;
$command = "";
}
else $stderr=1;
break;
case "cat":
exec($command,$cat);
if($cat){
$text = implode("\n",$cat);
$shellOutput = htmlspecialchars($text);
$commandBk = $command;
$command = "";
}
else $stderr=1;
break;
case "more":
exec($command,$cat);
if($cat){
$text = implode("\n",$cat);
$shellOutput = htmlspecialchars($text);
$commandBk = $command;
$command = "";
}
else $stderr=1;
break;
case $TexEd:
if(file_exists($input[1])){
exec("cat ".$input[1],$cat);
$text = implode("\n",$cat);
$shellOutput = htmlspecialchars($text);
$fileOwner = posix_getpwuid(fileowner($input[1]));
$filePerms = sprintf("%o", (fileperms($input[1])) & 0777);
$fileEditInfo = " ::::::: Owner: ".$fileOwner["name"]." Permissions: $filePerms";
}
else $fileEditInfo = " ::::::: NEW FILE";
$currFile = $input[1];
$editMode = true;
$command = "";
break;
case "void":
$shellOutput = "MyShell: $voidCmd: void command for MyShell";
$commandBk = $command;
$command = "";
}
//Now we prepare the webpage
if(!$oCols)$oCols=$termCols;
if(!$oRows)$oRows=$termRows;
if($editMode)$focus="shellOut.focus()";
else $focus="command.select()";
//WhoamI
if(!$whoami)$whoami=exec("whoami");
?>
>