www.gusucode.com > HCONLY站长管理助手 V1.3 > HCONLY站长管理助手 V1.3\code\hconly_include.asp
<!--#include file="config/chkAdmin.asp"-->
<%
dim act:act=request.querystring("act")
if act="save" then savefile()
fileurl =request("fileurl")
if fileurl="" then fileurl=request.querystring("path")
fileurl=replace(fileurl,"\","/")
dim fso:Set fso = Server.CreateObject("Scripting.FileSystemObject")
%>
<%
Sub EditDb
On error resume next
If fs.FileExists(server.mappath(dbfile)) Then
Response.Redirect dbfile & "?db=" & sFile
Else
Response.Write "No database found" &vbCrLf
End If
End Sub
Sub CreateNewFolder
On error resume next
%>
<br><b>创建文件夹</b><br><br>
新文件夹将被创建在当前所处位置下,请勿与已有文件夹名称重复
<form method="POST" action="<%=scriptname%>?action=newfolder&path=<%=sPath%>">
<input name="folder" type="text" value="" size="30">
<p><input name="image" type="image" value="在当前文件夹创建新文件夹" src="images/chuangjian.gif">
</form>
<br>
<%
End Sub
'以文本模式加载文件,可以自动识别文件编码
Function LoadfromFile(File)
Dim objStream
dim a1,b1,c1,a2,b2,c2,cset
Dim RText
RText = Array(0, "")
Set objStream = Server.CreateObject("ADODB.Stream")
With objStream
.Type = 2
.Mode = 3
.Open
.charset = "unicode"
.Position = objStream.Size
.LoadfromFile File
RTexta = Array(0, .ReadText)
a2=len(RTexta(1))
a1=objStream.Size
.Close
End With
With objStream
.Type = 2
.Mode = 3
.Open
.Position = objStream.Size
.charset = "utf-8"
.LoadfromFile file
RTextb = Array(0, .ReadText)
b2=len(RTextb(1))
b1=objStream.Size
.Close
End With
With objStream
.Type = 2
.Mode = 3
.Open
.Position = objStream.Size
.charset = "gb2312"
.LoadfromFile file
RTextc = Array(0, .ReadText)
c2=len(RTextc(1))
c1=objStream.Size
.Close
End With
if b1<a1 then
if b1<c1 then csettext=RTextb:cset="utf-8"
if b1<=c1 then
if b2<c2 then csettext=RTextb:cset="utf-8"
end if
end if
if a1<b1 then
if a1<c1 then csettext=RTexta:cset="unicode"
if a1<=c1 then
if a2<c2 then csettext=RTexta:cset="unicode"
end if
end if
if c1<a1 then
if c1<b1 then csettext=RTextc:cset="gb2312"
if c1<=b1 then
if c2<b2 then csettext=RTextc:cset="gb2312"
end if
end if
session("cset")=cset
LoadfromFile = csettext(1)
Set objStream = Nothing
End Function
'保存文件,可根据用户自定义编码格式保存文件
Function saveFile()
saveurl=request.form("saveurl")
content=request.form("content")
bianma=request.form("bianma")
call savetofile(content,saveurl,bianma)
Response.Redirect("" & Session("lastpage") & "")
End Function
Function SaveToFile(strBody,File,charset)
Dim objStream
Dim RText
RText = Array(0, "")
Set objStream = Server.CreateObject("ADODB.Stream")
With objStream
.Type = 2
.Open
.Charset = charset
.Position = objStream.Size
.WriteText = strBody
On Error Resume Next
.SaveToFile File, 2
If Err Then
RText = Array(Err.Number, Err.Description)
SaveToFile = RText
Err.Clear
Exit Function
End If
.Close
End With
RText = Array(0, "保存文件成功!")
SaveToFile = RText
Set objStream = Nothing
End Function
'编辑文件,可自动识别文件编码
Function EditFile()
On error resume next
Session("lastpage") = Request.ServerVariables("HTTP_REFERER")
url="hconly_main.asp"
filename=request.querystring("file")
hconlyfileurl=server.mappath(sFile)
source=server.HtmlEncode(LoadFromFile(hconlyfileurl))
cset=session("cset")
response.write ("<br>")
Response.write "正在编辑:"
response.write "<b>"&filename&"</b>"
%>
<form name="frm" method="post" action="<%=url%>?act=save&fileurl=<%=hconlyfileurl%>">
<p>保存位置:<input name=saveurl value='<%=hconlyfileurl%>' type=text size=123>
<p>温馨提示:在上述“保存位置”中直接更改文件名或路径可将此文件另存为其他文件或另存到其他位置。 文件编码:<select name='bianma'><option value='gb2312' <%if cset="gb2312" then response.write"selected"%>>gb2312</option>
<option value='utf-8' <%if cset="utf-8" then response.write"selected"%>>utf-8</option>
<option value='unicode' <%if cset="unicode" then response.write"selected"%>>unicode</option>
</select></p>
<p><textarea name="content" style="width:90%;height:400px;"><%=source%></textarea></p>
<p><input type="image" name="image" value="保存文件" src="images/baocun.jpg"/></p>
</form>
<%
end Function
'文件上传,调用艾恩上传类,您也可以选用其他自己所信任的上传类
Sub UploadFiles
On error resume next
%>
<br>文件将默认上传到<b>uploadfiles</b>文件夹中<br>
<br><font color=#7f7f7f>由于批量上传太占服务器资源 此页改为可同时选定多个文件并依次上传的模式</font>
<form name="upload" method="post" action="?act=submit">
文件信息:<input type="text" name="form2" size=70/> <br />
<p>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
<iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe>
</p>
</form>
<%
End Sub
'调用在线文本字符批量查找替换工具
Sub Wordreplace
On error resume next
%>
<br>这是一个ASP在线文本文件字符批量替换的程序。支持所有可用文本模式编辑的文件,并能自动识别常见文件编码,替换后不会出现乱码<br>
<form name="wordreplace" method="post" action="?act=submit">
<p>
<iframe frameborder="0" src="/tools/wordreplace.asp" width="750" height="450"></iframe>
</p>
</form>
<%
End Sub
'本程序的一个外置功能,用户自行抉择有无必要使用
Sub More
On error resume next
%>
<hr color="#DBE2EA">
<br>因为某些功能,例如整站打包、SQL提权、端口扫描等都属于敏感功能,直接整合在本程序中会引起他人误会,或被有心人直接利用</br>
<p>所以笔者将这些功能另外单独写了一个程序打包给用户下载,并将此程序命名为“<b>HCONLY HELPER SR</b>”,即HCONLY站长助手增强版,用户可自行考量要不要使用
<p><b>HCONLY HELPER SR</b>包含当前最顶级webshell所具有的全部功能,并完美免杀(双重加密技术,大部分杀毒软件都不会报毒)
<p>用户如需使用上述功能,如整站打包(含本地解压脚本)及服务器权限操作就可以使用本程序,但使用之后请尽快删除此程序,以免被他人利用。
<p>请勿用此程序直接编辑网页,因为它没有整合HCONLY站长助手的自动识别编码的功能,另外里面的批量清马的功能也不能自动识别编码,所以建议使用HCONLY站长助手自带的文本批量查找替换工具。
<p>请点击下面的按钮下载“<b>HCONLY HELPER SR</b>”:
<p><p><center><a href="/tools/hconly_helper_sr.zip" target="_blank"><img src="images/sr.gif" border="0" alt="下载 HCONLY HELPER SR"></a></center>
<%
End Sub
'调用管理密码修改页面
Sub pwd
On error resume next
%>
<hr color="#DBE2EA">
<form name="ppwwdd" method="post" action="?act=submit">
<p>
<center><iframe frameborder="0" src="admin/ppwwdd.asp" width="650" height="350"></iframe></center>
</p>
</form>
<%
End Sub
'创建新文件,可自定义编码和文件保存位置
Function CreateFile()
session("fileurl")=fileurl
hconlyfileurl=server.mappath(sFile)
Session("lastpage") = Request.ServerVariables("HTTP_REFERER")
%>
<form name='frm' method='post' action='<%=url%>?act=save&fileurl=<%=hconlyfileurl%>'>
<hr color="#DBE2EA">
保存位置:<input name=saveurl value='<%=hconlyfileurl%>\' type=text size=123>
<p>温馨提示:请直接在以上路径后填写含扩展名的文件名称,但勿与原有文件重复,否则将会被替换
自定义编码:<select name=bianma><option value='gb2312' <%if cset="gb2312" then response.write"selected"%>>gb2312</option>
<option value='utf-8' <%if cset="utf-8" then response.write"selected"%>>utf-8</option>
<option value='unicode' <%if cset="unicode" then response.write"selected"%>>unicode</option>
</select></p>
<p><textarea name="content" style="width:90%;height:400px;"></textarea></p>
<p><input type="image" name="image3" value="保存文件" src="images/chuangjian.gif"/></p>
</form>
<%
End Function
'创建新文件夹,您当前处于哪个文件夹中,那么新建的文件夹就会被新建在此位置
Sub CreateFolder
On error resume next
Session("lastpage") = request.querystring("path")
If fs.FolderExists(server.mappath(sFolder)) Then
response.write "此文件夹已经存在:<b>" & sFolder & "</b> 请勿重复<br>"
Else
fs.CreateFolder(server.mappath(sFolder))
''Response.Redirect("" & Session("lastpage") & "")
response.redirect("hconly_main.asp?action=viewfolder&path="&session("lastpage")&"")
End If
End Sub
'删除文件
Sub DeleteFile
On error resume next
response.write"<br>"
If Request.Querystring("commit") <> "yes" Then
Session("lastpage") = Request.ServerVariables("HTTP_REFERER")
Session("sFile") = sFile
Response.Write "<p>您即将删除的文件是: <b>" & sFile & "</b>"
If sFileType = "jpg" OR sFileType = "gif" Then
Response.Write "<p><img src=""http://" & Request.ServerVariables("HTTP_HOST") & sfile & """></p>"
End If
Response.Write "<p><b>注意:此操作将不可恢复!</b></p>"
Response.Write "<UL>"
Response.Write "<a href=""" & scriptname & "?action=deletefile&path=" & sPath & "&file=" & sFile & "&commit=yes""><img src=""images/queding.jpg"" border=""0"" alt=""确认删除""></a></LI>"
Response.Write " <a href=" & Session("lastpage") & "><img src=""images/quxiao.jpg"" border=""0"" alt=""取消删除""></a></LI>"
Response.Write "</UL>"
Else
fs.DeleteFile(server.mappath(Session("sFile")))
Response.Redirect("" & Session("lastpage") & "")
End If
End Sub
'删除文件夹
Sub DeleteFolder
On error resume next
response.write"<br>"
If Request.Querystring("commit") <> "yes" Then
Session("lastpage") = Request.ServerVariables("HTTP_REFERER")
Session("sFolder") = sFolder
Response.Write "<p>您将删除此文件夹: <b>" & sFolder & "</b>"
Response.Write "<p><b>注意:此操作将不可恢复!</b></p>"
Response.Write "<UL>"
Response.Write "<a href=""" & scriptname & "?action=deletefolder&path=" & sPath & "&folder=" & sFolder & "&commit=yes""><img src=""images/queding.jpg"" border=""0"" alt=""确认删除""></a>"
Response.Write " <a href=" & Session("lastpage") & "><img src=""images/quxiao.jpg"" border=""0"" alt=""取消删除""></a>"
Response.Write "</UL>"
Else
Response.Write sPath & "<br>"
Response.Write sFile & "<br>"
fs.DeleteFolder(server.mappath(Session("sFolder")))
Response.Redirect("" & Session("lastpage") & "")
End If
End Sub
'重命名文件夹
Sub RenameFolder
On error resume next
response.write"<br>"
Response.write "<b>重命名文件夹</b><br>"
If Request.querystring("commit") <> "yes" Then
Session("lastpage") = Request.ServerVariables("HTTP_REFERER")
Response.Write "<p>您将重命名的文件名是: <b>" & request.querystring("folder") & "</b>"
%>
<form name="form1" method="post" action="hconly_main?action=RenameFolder&path=<%=spath%>&folder=<%=request.querystring("folder")%>&commit=yes">
<input name="NewFolderName" type="text" size="30">
<input name="image" type="image" value="确定重命名" src="images/chongmingming.jpg">
<input type="hidden"name="folder" value="<%=request.querystring("folder")%>">
</form>
<%
Else
NewFolderName=request.form("NewFolderName")
sFolder=request.form("folder")
if spath="/" then slashvalue="" else slashvalue="/" end if
Set fso = CreateObject("Scripting.FileSystemObject")
Set folderObject = fso.GetFolder(Server.MapPath(spath&slashvalue&sFolder))
FolderObject.Name=NewFolderName
Set folderObject = Nothing
Set fso = Nothing
Response.Redirect("" & Session("lastpage") & "")
End If
End Sub
'重命名文件
Sub RenameFile
On error resume next
response.write"<br>"
Response.write "<b>重命名该文件</b><br>"
If Request("commit") <> "yes" Then
Session("lastpage") = Request.ServerVariables("HTTP_REFERER")
Response.Write "<p>您将重命名的文件名是: <b>" & request.querystring("file") & "</b>"
%>
<form name="form1" method="post" action="hconly_main.asp?action=RenameFile&path=<%=spath%>&folder=<%=request.querystring("folder")%>&commit=yes">
<input name="NewFileName" type="text" size="30">
<input name="image" type="image" value="确定重命名" src="images/chongmingming.jpg">
<input type="hidden" name="filename" value="<%=request.querystring("file") %>">
</form>
<p>
<%
Else
NewFileName=request.form("NewFileName")
Sfile=request.form("filename")
if spath="/" then slashvalue="" else slashvalue="/"
Set fso = CreateObject("Scripting.FileSystemObject")
Set FileObject = fso.GetFile(Server.MapPath(spath&slashvalue&sfile))
FileObject.Name = NewFileName
Set FilObject = Nothing
Set fso = Nothing
Response.Redirect("" & Session("lastpage") & "")
End If
End Sub
'判断文件所属类型
Sub FileTypeUnsupported
On error resume next
Session("lastpage") = Request.ServerVariables("HTTP_REFERER")
filename=request.querystring("file")
response.write ("<br>")
Response.write "文件名: "
response.write "<b>"&filename&"</b>"
response.write "<br>"
If sFileType = "jpg" OR sFileType = "gif" OR sFileType = "JPG" OR sFileType = "GIF" OR sFileType = "PNG" OR sFileType = "png" OR sFileType = "JPG" Then
Response.Write "<p><img src=""http://" & Request.ServerVariables("HTTP_HOST") & sfile & """></p>"
else
Response.Write "<br>此文件不可以文本模式编辑或以默认方式打开,除了您能自行判断的文件格式外它也有可能是已被伪装成其他文件类型的数据库。</br><br>"
End If
Response.Write "<a href=" & Session("lastpage") & "><img src=""images/fanhui.jpg"" border=""0"" alt=""返回上一步操作""></a>"
End Sub
'判断文件大小
Sub Size(itemsize)
Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom"">" &vbCrLf
Select case Len(itemsize)
Case "1", "2", "3"
Response.Write itemsize & " bytes"
Case "4", "5", "6"
Response.Write Round(itemsize/1000) & " Kb"
Case "7", "8", "9"
Response.Write Round(itemsize/1000000) & " Mb"
End Select
Response.Write "</td>" &vbCrLf
End Sub
'以列表形式罗列当前位置所有文件及文件夹
Sub ShowList
Response.Write "<table cellpadding=""0"" cellspacing=""0"" border=""0"" bordercolor=""#cccccc"" width=""100%"">" &vbCrLf
%>
<tr>
<td background="images/header_bg.gif" height="25"> 文件名</td>
<td background="images/header_bg.gif" height="25"><div align="center">文件类型</div></td>
<td background="images/header_bg.gif" height="25"><div align="center">文件大小</div></td>
<td background="images/header_bg.gif" height="25"><div align="center">创建日期</div></td>
<td background="images/header_bg.gif" height="25"><div align="center">管理操作</div></td>
</tr>
<%
Set fileobject = fs.GetFolder(server.mappath(sPath))
Set foldercollection = fileobject.SubFolders
lineid=0
bgcolor = ""
bgcolor_off = "#FFFFFF"
bgcolor_on = "#E1E8EF"
For Each folder in foldercollection
' Apply our alternating line coloring
If lineid = 0 Then
bgcolor = bgcolor_off
lineid = 1
Else
bgcolor = bgcolor_on
lineid = 0
End if
Response.Write "<tr bgcolor=""" & bgcolor & """><font face=""verdana"" size=""1"">" &vbCrLf
If Right(sPath,1)="/" Then
Response.Write "<td bgcolor=""" & bgcolor & """ align=""left"" valign=""bottom""><img src=images/folder.gif > <a href=""" & scriptname & "?action=viewfolder&path=" & sPath & folder.name & """>" & folder.name & "</a></td>" & vbCrLf
Else
Response.Write "<td bgcolor=""" & bgcolor & """ align=""left"" valign=""bottom""><img src=images/folder.gif > <a href=""" & scriptname & "?action=viewfolder&path=" & sPath &"/" &folder.name & """>" & folder.name & "</a></td>" & vbCrLf
End If
'此处定义的是文件夹的自定义操作
Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom"">folder"
Call Size(folder.size)
Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom"">" & folder.datelastmodified & "</td>" &vbCrLf
Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom""><a href=""" & scriptname & "?action=RenameFolder&path=" & sPath & "&folder=" & folder.name & """><img border=0 alt=重命名 src=images/rename2.gif></a> <a href=""" & scriptname & "?action=deletefolder&path=" & sPath & "&folder=" & folder.name & """><img border=0 alt=删除 src=images/del.gif></a></td>" &vbCrLf
Response.Write "</tr>" &vbCrLf
Next
Set foldercollection=nothing
' Use the Files property to get the files contained in the directory specified in sPath
Set filecollection = fileobject.Files
' Loop through the files contained in the filescollection and dislay their information on the page
For Each file in filecollection
' Apply our alternating line coloring
If lineid = 0 Then
bgcolor = bgcolor_off
lineid = 1
Else
bgcolor = bgcolor_on
lineid = 0
End if
Response.Write "<tr>" &vbCrLf
%>
<%
if fs.GetExtensionName(file.name)="gif" then image="<img src=images/gif.gif >"
if fs.GetExtensionName(file.name)="pdf" then image="<img src=images/pdf.gif >"
if fs.GetExtensionName(file.name)="css" then image="<img src=images/css.gif >"
if fs.GetExtensionName(file.name)="doc" then image="<img src=images/word.gif >"
if fs.GetExtensionName(file.name)="xls" then image="<img src=images/xls.gif >"
if fs.GetExtensionName(file.name)="exe" then image="<img src=images/exe.gif >"
if fs.GetExtensionName(file.name)="zip" then image="<img src=images/zip.gif >"
if fs.GetExtensionName(file.name)="jpg" then image="<img src=images/jpg.gif >"
if fs.GetExtensionName(file.name)="jpeg" then image="<img src=images/jpg.gif >"
if fs.GetExtensionName(file.name)="htm" then image="<img src=images/htm.gif >"
if fs.GetExtensionName(file.name)="html" then image="<img src=images/htm.gif >"
if fs.GetExtensionName(file.name)="swf" then image="<img src=images/swf.gif >"
if fs.GetExtensionName(file.name)="asp" then image="<img src=images/file.gif >"
if fs.GetExtensionName(file.name)="txt" then image="<img src=images/file.gif >"
if fs.GetExtensionName(file.name)="inc" then image="<img src=images/inc.gif >"
if fs.GetExtensionName(file.name)="js" then image="<img src=images/js.gif >"
if fs.GetExtensionName(file.name)="mdb" then image="<img src=images/mdb.gif >"
if fs.GetExtensionName(file.name)="Asp" then image="<img src=images/file.gif >"
if fs.GetExtensionName(file.name)="ASP" then image="<img src=images/file.gif >"
if fs.GetExtensionName(file.name)="php" then image="<img src=images/htm.gif >"
if fs.GetExtensionName(file.name)="Php" then image="<img src=images/htm.gif >"
if fs.GetExtensionName(file.name)="PHP" then image="<img src=images/htm.gif >"
if fs.GetExtensionName(file.name)="aspx" then image="<img src=images/file.gif >"
if fs.GetExtensionName(file.name)="ASPX" then image="<img src=images/file.gif >"
if fs.GetExtensionName(file.name)="rar" then image="<img src=images/rar.gif >"
if fs.GetExtensionName(file.name)="Rar" then image="<img src=images/rar.gif >"
if fs.GetExtensionName(file.name)="zip" then image="<img src=images/rar.gif >"
if fs.GetExtensionName(file.name)="ZIP" then image="<img src=images/rar.gif >"
if fs.GetExtensionName(file.name)="7z" then image="<img src=images/rar.gif >"
if fs.GetExtensionName(file.name)="png" then image="<img src=images/jpg.gif >"
if fs.GetExtensionName(file.name)="bmp" then image="<img src=images/jpg.gif >"
if fs.GetExtensionName(file.name)="xml" then image="<img src=images/file.gif >"
if fs.GetExtensionName(file.name)="xsl" then image="<img src=images/file.gif >"
if fs.GetExtensionName(file.name)="GIF" then image="<img src=images/gif.gif >"
if fs.GetExtensionName(file.name)="JPG" then image="<img src=images/jpg.gif >"
if image="" then image= "<img src=images/unknown.gif >"
Response.Write "<td bgcolor=""" & bgcolor & """ align=""left"" valign=""bottom"">"&image&" <a href=""" & scriptname & "?action=editfile&path=" & sPath & "&file=" & file.name & "&filetype=" & Lcase(fs.GetExtensionName(file.name)) & """>" & file.name & "</a></td>" &vbCrLf
image=""
Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom"">" & fs.GetExtensionName(file.name) & "</td>" &vbCrLf
Call Size(file.size)
Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom"">" & file.datelastmodified & "</td>" &vbCrLf
'此处定义的是文件的自定义操作
Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom""><a href=""" & scriptname & "?action=RenameFile&path=" & sPath & "&file=" & file.name & "&filetype=" & Lcase(fs.GetExtensionName(file.name)) & """><img border=0 alt=重命名 src=images/rename1.gif></a> <a href=""/download.asp?filename=" & request.querystring("path") & "/" & file.name & """><img border=0 alt=下载 src=images/down.gif></a> <a href=""" & scriptname & "?action=deletefile&path=" & sPath & "&file=" & file.name & "&filetype=" & Lcase(fs.GetExtensionName(file.name)) & """><img border=0 alt=删除 src=images/del.gif></a></td>" &vbCrLf
Response.Write "</tr>" &vbCrLf
Next
' We are done displaying information about files and folders in this directory, so close the table.
Response.Write "</table>" &vbCrLf
End Sub
Sub DisplayErrors
Response.Write "非法操作,错误号: " & errornum & " ,请返回首页继续其他操作。错误详情:" & vbCrlf
Response.Write "<ul>" & errorcode & "</ul>" & vbCrlf
End Sub
%>