Просмотр файла upload/admin.php

<?php
//-------------------------------------//
//------Mod by Shur1k------//
//--http://wap.rovno.ua--//
//-------------------------------------//
////////////////////////////////////////////////////////

include("./config.php");
if(isset($_GET['act'])){$act = $_GET['act'];}else{$act = "null";}
session_start();
include("./header.php");
if($act=="login"){
  if($_POST['passwordx']==$adminpass){
    $_SESSION['logged_in'] = md5(md5($adminpass));
  }
}
if($act=="logout"){
  session_unset();
  echo "Logged out.";
}

if(isset($_SESSION['logged_in']) && $_SESSION['logged_in']==md5(md5($adminpass))) {

if(isset($_GET['download'])){

$checkfiles=file("./files.txt");
foreach($checkfiles as $line){
  $thisline = explode('|', $line);
  if($thisline[0]==$_GET['download'])
    $downloadfile=$thisline;
}
echo "<script>window.location='".$scripturl."download2.php?a=".$downloadfile[0]."&b=".md5($downloadfile[2].$_SERVER['REMOTE_ADDR'])."';</script>";
}

if(isset($_GET['delete'])) {

$fc=file("./files.txt");
$f=fopen("./files.txt","w+");
foreach($fc as $line)
{
  $thisline = explode('|', $line);
  if ($thisline[0] != $_GET['delete'])
    fputs($f,$line);
}
fclose($f);
unlink("./storage/".$_GET['delete']);
}

if(isset($_GET['banreport'])) {

$fc=file("./files.txt");
$f=fopen("./files.txt","w+");
foreach($fc as $line)
{
  $thisline = explode('|', $line);
  if ($thisline[0] != $_GET['banreport'])
    fputs($f,$line);
  else
    $deleted=$thisline;
}
fclose($f);
$fc=file("./reports.txt");
$f=fopen("./reports.txt","w+");
foreach($fc as $line)
{
  $thisline = explode('|', $line);
  if ($thisline[0] != $_GET['banreport'])
    fputs($f,$line);
}
fclose($f);
$f=fopen("./bans.txt","a+");
fputs($f,$deleted[3]."\n".$deleted[0]."\n");
unlink("./storage/".$_GET['banreport']);
}

if(isset($_GET['ignore'])) {

$fc=file("./reports.txt");
$f=fopen("./reports.txt","w+");
foreach($fc as $line)
{
  $thisline = explode('|', $line);
  if ($thisline[0] != $_GET['ignore'])
    fputs($f,$line);
}
fclose($f);
}

if(isset($_GET['act']) && $_GET['act']=="bans") {

if(isset($_GET['unban'])) {
$fc=file("./bans.txt");
$f=fopen("./bans.txt","w+");
foreach($fc as $line)
{
  if (md5($line) != $_GET['unban'])
    fputs($f,$line);
}
fclose($f);
}

if(isset($_POST['banthis'])) {
$f=fopen("./bans.txt","a+");
fputs($f,$_POST['banthis']."\n");
}


?>
<h1>Забанить</h1><p> <center><form action="admin.php?act=bans" method="post">Введите IP адресс или файлы чтобы забанить:  
<input type="text" name="banthis"> 
<input type="submit" value="Забанить!">
<br />
</form></center>
<?php

$fc=file("./bans.txt");
foreach($fc as $line)
{
  echo $line . " - <a href=\"admin.php?act=bans&unban=".md5($line)."\">Отменить бан</a><br />";
}

include("./footer.php");
die();
}


?>
<center><a href="admin.php?act=logout">Выход</a> | <a href="admin.php?act=bans">Менеджер банов</a></center><br />

  <h1>Сообщения</h1>
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr><td><b>Имя файла</b></td><td><b>Загрузил</b></td><td><b>Удалить и забанить</b></td><td><b>Игнорировать сообщения</b></td></tr>
<?php

$checkreports=file("./reports.txt");
foreach($checkreports as $line)
{
  $thisreport = explode('|', $line);
  $checkfiles=file("./files.txt");
  foreach($checkfiles as $line)
  {
    $thisline = explode('|', $line);
    if($thisline[0]==$thisreport[0]){
	$foundfile=$thisline;
    }
  }

echo "<tr><td><a href=\"admin.php?download=".$foundfile[0]."\">".$foundfile[1]."</td>";
echo "<td>".$foundfile[3]."</td>";
echo "<td><a href=\"admin.php?banreport=".$foundfile[0]."\">delete&ban</a></td>";
echo "<td><a href=\"admin.php?ignore=".$foundfile[0]."\">ignore report</a></td></tr>";

}

?>
</table>
<br />

  <h1>Файлы</h1>
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr><td><b>имя файла</b></td><td><b>Размер (MB)</b></td><td><b>Загрузил</b></td><td><b>bandwidth(MB)</b></td><td><b>Удалить</b></td></tr>
<?php

$checkfiles=file("./files.txt");
foreach($checkfiles as $line)
{
  $thisline = explode('|', $line);
  $filesize = filesize("./storage/".$thisline[0]);
  $filesize = ($filesize / 1048576);
  echo "<tr><td><a href=\"admin.php?download=".$thisline[0]."\">".$thisline[1]."</td><td>".round($filesize,2)."</td>";
  echo "<td>".$thisline[3]."</td><td>".round($filesize*$thisline[5],2)."</td><td><a href=\"admin.php?delete=".$thisline[0]."\">delete</a></td></tr>";
}
echo "</table>";
} else {
?><center>
<h1>Введите пароль для входа в админпанель</h1><br />
<form action="admin.php?act=login" method="post">Пароль:  
<input type="text" name="passwordx"> 
<input type="submit" value="Вход">
<br /><br />
</form></center>
<?php }
include("./footer.php");
?>