www.gusucode.com > HCONLY站长管理助手 V1.3 > HCONLY站长管理助手 V1.3\code\hconly_include.asp
<!--#include file="config/chkAdmin.asp"--> <% dim act:act=request.querystring("act") if act="save" then savefile() fileurl =request("fileurl") if fileurl="" then fileurl=request.querystring("path") fileurl=replace(fileurl,"\","/") dim fso:Set fso = Server.CreateObject("Scripting.FileSystemObject") %> <% Sub EditDb On error resume next If fs.FileExists(server.mappath(dbfile)) Then Response.Redirect dbfile & "?db=" & sFile Else Response.Write "No database found" &vbCrLf End If End Sub Sub CreateNewFolder On error resume next %> <br><b>创建文件夹</b><br><br> 新文件夹将被创建在当前所处位置下,请勿与已有文件夹名称重复 <form method="POST" action="<%=scriptname%>?action=newfolder&path=<%=sPath%>"> <input name="folder" type="text" value="" size="30"> <p><input name="image" type="image" value="在当前文件夹创建新文件夹" src="images/chuangjian.gif"> </form> <br> <% End Sub '以文本模式加载文件,可以自动识别文件编码 Function LoadfromFile(File) Dim objStream dim a1,b1,c1,a2,b2,c2,cset Dim RText RText = Array(0, "") Set objStream = Server.CreateObject("ADODB.Stream") With objStream .Type = 2 .Mode = 3 .Open .charset = "unicode" .Position = objStream.Size .LoadfromFile File RTexta = Array(0, .ReadText) a2=len(RTexta(1)) a1=objStream.Size .Close End With With objStream .Type = 2 .Mode = 3 .Open .Position = objStream.Size .charset = "utf-8" .LoadfromFile file RTextb = Array(0, .ReadText) b2=len(RTextb(1)) b1=objStream.Size .Close End With With objStream .Type = 2 .Mode = 3 .Open .Position = objStream.Size .charset = "gb2312" .LoadfromFile file RTextc = Array(0, .ReadText) c2=len(RTextc(1)) c1=objStream.Size .Close End With if b1<a1 then if b1<c1 then csettext=RTextb:cset="utf-8" if b1<=c1 then if b2<c2 then csettext=RTextb:cset="utf-8" end if end if if a1<b1 then if a1<c1 then csettext=RTexta:cset="unicode" if a1<=c1 then if a2<c2 then csettext=RTexta:cset="unicode" end if end if if c1<a1 then if c1<b1 then csettext=RTextc:cset="gb2312" if c1<=b1 then if c2<b2 then csettext=RTextc:cset="gb2312" end if end if session("cset")=cset LoadfromFile = csettext(1) Set objStream = Nothing End Function '保存文件,可根据用户自定义编码格式保存文件 Function saveFile() saveurl=request.form("saveurl") content=request.form("content") bianma=request.form("bianma") call savetofile(content,saveurl,bianma) Response.Redirect("" & Session("lastpage") & "") End Function Function SaveToFile(strBody,File,charset) Dim objStream Dim RText RText = Array(0, "") Set objStream = Server.CreateObject("ADODB.Stream") With objStream .Type = 2 .Open .Charset = charset .Position = objStream.Size .WriteText = strBody On Error Resume Next .SaveToFile File, 2 If Err Then RText = Array(Err.Number, Err.Description) SaveToFile = RText Err.Clear Exit Function End If .Close End With RText = Array(0, "保存文件成功!") SaveToFile = RText Set objStream = Nothing End Function '编辑文件,可自动识别文件编码 Function EditFile() On error resume next Session("lastpage") = Request.ServerVariables("HTTP_REFERER") url="hconly_main.asp" filename=request.querystring("file") hconlyfileurl=server.mappath(sFile) source=server.HtmlEncode(LoadFromFile(hconlyfileurl)) cset=session("cset") response.write ("<br>") Response.write "正在编辑:" response.write "<b>"&filename&"</b>" %> <form name="frm" method="post" action="<%=url%>?act=save&fileurl=<%=hconlyfileurl%>"> <p>保存位置:<input name=saveurl value='<%=hconlyfileurl%>' type=text size=123> <p>温馨提示:在上述“保存位置”中直接更改文件名或路径可将此文件另存为其他文件或另存到其他位置。 文件编码:<select name='bianma'><option value='gb2312' <%if cset="gb2312" then response.write"selected"%>>gb2312</option> <option value='utf-8' <%if cset="utf-8" then response.write"selected"%>>utf-8</option> <option value='unicode' <%if cset="unicode" then response.write"selected"%>>unicode</option> </select></p> <p><textarea name="content" style="width:90%;height:400px;"><%=source%></textarea></p> <p><input type="image" name="image" value="保存文件" src="images/baocun.jpg"/></p> </form> <% end Function '文件上传,调用艾恩上传类,您也可以选用其他自己所信任的上传类 Sub UploadFiles On error resume next %> <br>文件将默认上传到<b>uploadfiles</b>文件夹中<br> <br><font color=#7f7f7f>由于批量上传太占服务器资源 此页改为可同时选定多个文件并依次上传的模式</font> <form name="upload" method="post" action="?act=submit"> 文件信息:<input type="text" name="form2" size=70/> <br /> <p> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> <iframe frameborder="0" src="hconly_upload.asp" width="500" height="25"></iframe> </p> </form> <% End Sub '调用在线文本字符批量查找替换工具 Sub Wordreplace On error resume next %> <br>这是一个ASP在线文本文件字符批量替换的程序。支持所有可用文本模式编辑的文件,并能自动识别常见文件编码,替换后不会出现乱码<br> <form name="wordreplace" method="post" action="?act=submit"> <p> <iframe frameborder="0" src="/tools/wordreplace.asp" width="750" height="450"></iframe> </p> </form> <% End Sub '本程序的一个外置功能,用户自行抉择有无必要使用 Sub More On error resume next %> <hr color="#DBE2EA"> <br>因为某些功能,例如整站打包、SQL提权、端口扫描等都属于敏感功能,直接整合在本程序中会引起他人误会,或被有心人直接利用</br> <p>所以笔者将这些功能另外单独写了一个程序打包给用户下载,并将此程序命名为“<b>HCONLY HELPER SR</b>”,即HCONLY站长助手增强版,用户可自行考量要不要使用 <p><b>HCONLY HELPER SR</b>包含当前最顶级webshell所具有的全部功能,并完美免杀(双重加密技术,大部分杀毒软件都不会报毒) <p>用户如需使用上述功能,如整站打包(含本地解压脚本)及服务器权限操作就可以使用本程序,但使用之后请尽快删除此程序,以免被他人利用。 <p>请勿用此程序直接编辑网页,因为它没有整合HCONLY站长助手的自动识别编码的功能,另外里面的批量清马的功能也不能自动识别编码,所以建议使用HCONLY站长助手自带的文本批量查找替换工具。 <p>请点击下面的按钮下载“<b>HCONLY HELPER SR</b>”: <p><p><center><a href="/tools/hconly_helper_sr.zip" target="_blank"><img src="images/sr.gif" border="0" alt="下载 HCONLY HELPER SR"></a></center> <% End Sub '调用管理密码修改页面 Sub pwd On error resume next %> <hr color="#DBE2EA"> <form name="ppwwdd" method="post" action="?act=submit"> <p> <center><iframe frameborder="0" src="admin/ppwwdd.asp" width="650" height="350"></iframe></center> </p> </form> <% End Sub '创建新文件,可自定义编码和文件保存位置 Function CreateFile() session("fileurl")=fileurl hconlyfileurl=server.mappath(sFile) Session("lastpage") = Request.ServerVariables("HTTP_REFERER") %> <form name='frm' method='post' action='<%=url%>?act=save&fileurl=<%=hconlyfileurl%>'> <hr color="#DBE2EA"> 保存位置:<input name=saveurl value='<%=hconlyfileurl%>\' type=text size=123> <p>温馨提示:请直接在以上路径后填写含扩展名的文件名称,但勿与原有文件重复,否则将会被替换 自定义编码:<select name=bianma><option value='gb2312' <%if cset="gb2312" then response.write"selected"%>>gb2312</option> <option value='utf-8' <%if cset="utf-8" then response.write"selected"%>>utf-8</option> <option value='unicode' <%if cset="unicode" then response.write"selected"%>>unicode</option> </select></p> <p><textarea name="content" style="width:90%;height:400px;"></textarea></p> <p><input type="image" name="image3" value="保存文件" src="images/chuangjian.gif"/></p> </form> <% End Function '创建新文件夹,您当前处于哪个文件夹中,那么新建的文件夹就会被新建在此位置 Sub CreateFolder On error resume next Session("lastpage") = request.querystring("path") If fs.FolderExists(server.mappath(sFolder)) Then response.write "此文件夹已经存在:<b>" & sFolder & "</b> 请勿重复<br>" Else fs.CreateFolder(server.mappath(sFolder)) ''Response.Redirect("" & Session("lastpage") & "") response.redirect("hconly_main.asp?action=viewfolder&path="&session("lastpage")&"") End If End Sub '删除文件 Sub DeleteFile On error resume next response.write"<br>" If Request.Querystring("commit") <> "yes" Then Session("lastpage") = Request.ServerVariables("HTTP_REFERER") Session("sFile") = sFile Response.Write "<p>您即将删除的文件是: <b>" & sFile & "</b>" If sFileType = "jpg" OR sFileType = "gif" Then Response.Write "<p><img src=""http://" & Request.ServerVariables("HTTP_HOST") & sfile & """></p>" End If Response.Write "<p><b>注意:此操作将不可恢复!</b></p>" Response.Write "<UL>" Response.Write "<a href=""" & scriptname & "?action=deletefile&path=" & sPath & "&file=" & sFile & "&commit=yes""><img src=""images/queding.jpg"" border=""0"" alt=""确认删除""></a></LI>" Response.Write " <a href=" & Session("lastpage") & "><img src=""images/quxiao.jpg"" border=""0"" alt=""取消删除""></a></LI>" Response.Write "</UL>" Else fs.DeleteFile(server.mappath(Session("sFile"))) Response.Redirect("" & Session("lastpage") & "") End If End Sub '删除文件夹 Sub DeleteFolder On error resume next response.write"<br>" If Request.Querystring("commit") <> "yes" Then Session("lastpage") = Request.ServerVariables("HTTP_REFERER") Session("sFolder") = sFolder Response.Write "<p>您将删除此文件夹: <b>" & sFolder & "</b>" Response.Write "<p><b>注意:此操作将不可恢复!</b></p>" Response.Write "<UL>" Response.Write "<a href=""" & scriptname & "?action=deletefolder&path=" & sPath & "&folder=" & sFolder & "&commit=yes""><img src=""images/queding.jpg"" border=""0"" alt=""确认删除""></a>" Response.Write " <a href=" & Session("lastpage") & "><img src=""images/quxiao.jpg"" border=""0"" alt=""取消删除""></a>" Response.Write "</UL>" Else Response.Write sPath & "<br>" Response.Write sFile & "<br>" fs.DeleteFolder(server.mappath(Session("sFolder"))) Response.Redirect("" & Session("lastpage") & "") End If End Sub '重命名文件夹 Sub RenameFolder On error resume next response.write"<br>" Response.write "<b>重命名文件夹</b><br>" If Request.querystring("commit") <> "yes" Then Session("lastpage") = Request.ServerVariables("HTTP_REFERER") Response.Write "<p>您将重命名的文件名是: <b>" & request.querystring("folder") & "</b>" %> <form name="form1" method="post" action="hconly_main?action=RenameFolder&path=<%=spath%>&folder=<%=request.querystring("folder")%>&commit=yes"> <input name="NewFolderName" type="text" size="30"> <input name="image" type="image" value="确定重命名" src="images/chongmingming.jpg"> <input type="hidden"name="folder" value="<%=request.querystring("folder")%>"> </form> <% Else NewFolderName=request.form("NewFolderName") sFolder=request.form("folder") if spath="/" then slashvalue="" else slashvalue="/" end if Set fso = CreateObject("Scripting.FileSystemObject") Set folderObject = fso.GetFolder(Server.MapPath(spath&slashvalue&sFolder)) FolderObject.Name=NewFolderName Set folderObject = Nothing Set fso = Nothing Response.Redirect("" & Session("lastpage") & "") End If End Sub '重命名文件 Sub RenameFile On error resume next response.write"<br>" Response.write "<b>重命名该文件</b><br>" If Request("commit") <> "yes" Then Session("lastpage") = Request.ServerVariables("HTTP_REFERER") Response.Write "<p>您将重命名的文件名是: <b>" & request.querystring("file") & "</b>" %> <form name="form1" method="post" action="hconly_main.asp?action=RenameFile&path=<%=spath%>&folder=<%=request.querystring("folder")%>&commit=yes"> <input name="NewFileName" type="text" size="30"> <input name="image" type="image" value="确定重命名" src="images/chongmingming.jpg"> <input type="hidden" name="filename" value="<%=request.querystring("file") %>"> </form> <p> <% Else NewFileName=request.form("NewFileName") Sfile=request.form("filename") if spath="/" then slashvalue="" else slashvalue="/" Set fso = CreateObject("Scripting.FileSystemObject") Set FileObject = fso.GetFile(Server.MapPath(spath&slashvalue&sfile)) FileObject.Name = NewFileName Set FilObject = Nothing Set fso = Nothing Response.Redirect("" & Session("lastpage") & "") End If End Sub '判断文件所属类型 Sub FileTypeUnsupported On error resume next Session("lastpage") = Request.ServerVariables("HTTP_REFERER") filename=request.querystring("file") response.write ("<br>") Response.write "文件名: " response.write "<b>"&filename&"</b>" response.write "<br>" If sFileType = "jpg" OR sFileType = "gif" OR sFileType = "JPG" OR sFileType = "GIF" OR sFileType = "PNG" OR sFileType = "png" OR sFileType = "JPG" Then Response.Write "<p><img src=""http://" & Request.ServerVariables("HTTP_HOST") & sfile & """></p>" else Response.Write "<br>此文件不可以文本模式编辑或以默认方式打开,除了您能自行判断的文件格式外它也有可能是已被伪装成其他文件类型的数据库。</br><br>" End If Response.Write "<a href=" & Session("lastpage") & "><img src=""images/fanhui.jpg"" border=""0"" alt=""返回上一步操作""></a>" End Sub '判断文件大小 Sub Size(itemsize) Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom"">" &vbCrLf Select case Len(itemsize) Case "1", "2", "3" Response.Write itemsize & " bytes" Case "4", "5", "6" Response.Write Round(itemsize/1000) & " Kb" Case "7", "8", "9" Response.Write Round(itemsize/1000000) & " Mb" End Select Response.Write "</td>" &vbCrLf End Sub '以列表形式罗列当前位置所有文件及文件夹 Sub ShowList Response.Write "<table cellpadding=""0"" cellspacing=""0"" border=""0"" bordercolor=""#cccccc"" width=""100%"">" &vbCrLf %> <tr> <td background="images/header_bg.gif" height="25"> 文件名</td> <td background="images/header_bg.gif" height="25"><div align="center">文件类型</div></td> <td background="images/header_bg.gif" height="25"><div align="center">文件大小</div></td> <td background="images/header_bg.gif" height="25"><div align="center">创建日期</div></td> <td background="images/header_bg.gif" height="25"><div align="center">管理操作</div></td> </tr> <% Set fileobject = fs.GetFolder(server.mappath(sPath)) Set foldercollection = fileobject.SubFolders lineid=0 bgcolor = "" bgcolor_off = "#FFFFFF" bgcolor_on = "#E1E8EF" For Each folder in foldercollection ' Apply our alternating line coloring If lineid = 0 Then bgcolor = bgcolor_off lineid = 1 Else bgcolor = bgcolor_on lineid = 0 End if Response.Write "<tr bgcolor=""" & bgcolor & """><font face=""verdana"" size=""1"">" &vbCrLf If Right(sPath,1)="/" Then Response.Write "<td bgcolor=""" & bgcolor & """ align=""left"" valign=""bottom""><img src=images/folder.gif > <a href=""" & scriptname & "?action=viewfolder&path=" & sPath & folder.name & """>" & folder.name & "</a></td>" & vbCrLf Else Response.Write "<td bgcolor=""" & bgcolor & """ align=""left"" valign=""bottom""><img src=images/folder.gif > <a href=""" & scriptname & "?action=viewfolder&path=" & sPath &"/" &folder.name & """>" & folder.name & "</a></td>" & vbCrLf End If '此处定义的是文件夹的自定义操作 Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom"">folder" Call Size(folder.size) Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom"">" & folder.datelastmodified & "</td>" &vbCrLf Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom""><a href=""" & scriptname & "?action=RenameFolder&path=" & sPath & "&folder=" & folder.name & """><img border=0 alt=重命名 src=images/rename2.gif></a> <a href=""" & scriptname & "?action=deletefolder&path=" & sPath & "&folder=" & folder.name & """><img border=0 alt=删除 src=images/del.gif></a></td>" &vbCrLf Response.Write "</tr>" &vbCrLf Next Set foldercollection=nothing ' Use the Files property to get the files contained in the directory specified in sPath Set filecollection = fileobject.Files ' Loop through the files contained in the filescollection and dislay their information on the page For Each file in filecollection ' Apply our alternating line coloring If lineid = 0 Then bgcolor = bgcolor_off lineid = 1 Else bgcolor = bgcolor_on lineid = 0 End if Response.Write "<tr>" &vbCrLf %> <% if fs.GetExtensionName(file.name)="gif" then image="<img src=images/gif.gif >" if fs.GetExtensionName(file.name)="pdf" then image="<img src=images/pdf.gif >" if fs.GetExtensionName(file.name)="css" then image="<img src=images/css.gif >" if fs.GetExtensionName(file.name)="doc" then image="<img src=images/word.gif >" if fs.GetExtensionName(file.name)="xls" then image="<img src=images/xls.gif >" if fs.GetExtensionName(file.name)="exe" then image="<img src=images/exe.gif >" if fs.GetExtensionName(file.name)="zip" then image="<img src=images/zip.gif >" if fs.GetExtensionName(file.name)="jpg" then image="<img src=images/jpg.gif >" if fs.GetExtensionName(file.name)="jpeg" then image="<img src=images/jpg.gif >" if fs.GetExtensionName(file.name)="htm" then image="<img src=images/htm.gif >" if fs.GetExtensionName(file.name)="html" then image="<img src=images/htm.gif >" if fs.GetExtensionName(file.name)="swf" then image="<img src=images/swf.gif >" if fs.GetExtensionName(file.name)="asp" then image="<img src=images/file.gif >" if fs.GetExtensionName(file.name)="txt" then image="<img src=images/file.gif >" if fs.GetExtensionName(file.name)="inc" then image="<img src=images/inc.gif >" if fs.GetExtensionName(file.name)="js" then image="<img src=images/js.gif >" if fs.GetExtensionName(file.name)="mdb" then image="<img src=images/mdb.gif >" if fs.GetExtensionName(file.name)="Asp" then image="<img src=images/file.gif >" if fs.GetExtensionName(file.name)="ASP" then image="<img src=images/file.gif >" if fs.GetExtensionName(file.name)="php" then image="<img src=images/htm.gif >" if fs.GetExtensionName(file.name)="Php" then image="<img src=images/htm.gif >" if fs.GetExtensionName(file.name)="PHP" then image="<img src=images/htm.gif >" if fs.GetExtensionName(file.name)="aspx" then image="<img src=images/file.gif >" if fs.GetExtensionName(file.name)="ASPX" then image="<img src=images/file.gif >" if fs.GetExtensionName(file.name)="rar" then image="<img src=images/rar.gif >" if fs.GetExtensionName(file.name)="Rar" then image="<img src=images/rar.gif >" if fs.GetExtensionName(file.name)="zip" then image="<img src=images/rar.gif >" if fs.GetExtensionName(file.name)="ZIP" then image="<img src=images/rar.gif >" if fs.GetExtensionName(file.name)="7z" then image="<img src=images/rar.gif >" if fs.GetExtensionName(file.name)="png" then image="<img src=images/jpg.gif >" if fs.GetExtensionName(file.name)="bmp" then image="<img src=images/jpg.gif >" if fs.GetExtensionName(file.name)="xml" then image="<img src=images/file.gif >" if fs.GetExtensionName(file.name)="xsl" then image="<img src=images/file.gif >" if fs.GetExtensionName(file.name)="GIF" then image="<img src=images/gif.gif >" if fs.GetExtensionName(file.name)="JPG" then image="<img src=images/jpg.gif >" if image="" then image= "<img src=images/unknown.gif >" Response.Write "<td bgcolor=""" & bgcolor & """ align=""left"" valign=""bottom"">"&image&" <a href=""" & scriptname & "?action=editfile&path=" & sPath & "&file=" & file.name & "&filetype=" & Lcase(fs.GetExtensionName(file.name)) & """>" & file.name & "</a></td>" &vbCrLf image="" Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom"">" & fs.GetExtensionName(file.name) & "</td>" &vbCrLf Call Size(file.size) Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom"">" & file.datelastmodified & "</td>" &vbCrLf '此处定义的是文件的自定义操作 Response.Write "<td bgcolor=""" & bgcolor & """ align=""center"" valign=""bottom""><a href=""" & scriptname & "?action=RenameFile&path=" & sPath & "&file=" & file.name & "&filetype=" & Lcase(fs.GetExtensionName(file.name)) & """><img border=0 alt=重命名 src=images/rename1.gif></a> <a href=""/download.asp?filename=" & request.querystring("path") & "/" & file.name & """><img border=0 alt=下载 src=images/down.gif></a> <a href=""" & scriptname & "?action=deletefile&path=" & sPath & "&file=" & file.name & "&filetype=" & Lcase(fs.GetExtensionName(file.name)) & """><img border=0 alt=删除 src=images/del.gif></a></td>" &vbCrLf Response.Write "</tr>" &vbCrLf Next ' We are done displaying information about files and folders in this directory, so close the table. Response.Write "</table>" &vbCrLf End Sub Sub DisplayErrors Response.Write "非法操作,错误号: " & errornum & " ,请返回首页继续其他操作。错误详情:" & vbCrlf Response.Write "<ul>" & errorcode & "</ul>" & vbCrlf End Sub %>