Linux sagir-us1.hostever.us 5.14.0-570.51.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Oct 8 09:41:34 EDT 2025 x86_64
LiteSpeed
Server IP : 104.247.108.91 & Your IP : 216.73.216.105
Domains : 74 Domain
User : georgeto
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
var /
softaculous /
apps /
webdisk /
Delete
Unzip
Name
Size
Permission
Date
Action
assets
[ DIR ]
drwxr-xr-x
2026-01-20 14:24
includes
[ DIR ]
drwxr-xr-x
2026-01-20 14:24
languages
[ DIR ]
drwxr-xr-x
2026-01-20 14:24
themes
[ DIR ]
drwxr-xr-x
2026-01-20 14:24
hooks.php
46.28
KB
-rw-r--r--
2023-08-18 06:11
index.php
4.98
KB
-rw-r--r--
2022-11-16 06:05
info.xml
1.23
KB
-rw-r--r--
2023-08-18 06:10
install.php
5.28
KB
-rw-r--r--
2023-08-18 06:11
md5
2.95
KB
-rw-r--r--
2023-08-18 06:11
remove.php
4.98
KB
-rw-r--r--
2023-08-18 06:11
rev
4
B
-rw-r--r--
2023-08-18 06:11
Save
Rename
<?php use Sabre\DAV; use Sabre\DAV\Auth; use Sabre\DAV\Server; use Sabre\DAV\Exception\Forbidden; // The autoloader require 'vendor/autoload.php'; $pdo = new \PDO('sqlite:/var/webuzo/db/webdisk.db'); // Throwing exceptions when PDO comes across an error: $pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION); // Creating the backend. $authBackend = new Sabre\DAV\Auth\Backend\BasicCallBack(function($username, $password){ //file_put_contents('/tmp/webdisk', $username.' - '.$password."\n", FILE_APPEND); // check the username and password here, and then just return true or false $pdo = $GLOBALS['pdo']; // Throwing exceptions when PDO comes across an error: $pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION); $res = $pdo->query("SELECT * FROM users WHERE username = :username"); $res->execute(['username' => $username]); $verify = false; if(!empty($res)){ $user = $res->fetch(); $verify = password_verify($password, $user['password']); } // If verification is successful if(!empty($verify) && !empty($_SERVER['PHP_AUTH_USER'])){ $username = $_SERVER['PHP_AUTH_USER']; $res = $pdo->query("SELECT * FROM users WHERE username = :username"); $res->execute(['username' => $username]); if(!empty($res)){ $user = $res->fetch(); $path = $user['homedir']; } $u = posix_getpwnam($user['owner']); posix_setgid($u['gid']); posix_setuid($u['uid']); } //$rootDirectory = new DAV\FS\Directory($path); //$GLOBALS['server']->tree = new Tree($rootDirectory); return $verify; }); class SabreServerPlugin extends \Sabre\DAV\ServerPlugin{ public const BEFORE_CREATE_FILE = 'beforeCreateFile'; public const BEFORE_FILE_UPDATE = 'beforeWriteContent'; public const BEFORE_CREATION_DUE_TO_UPDATE = 'beforeBind'; public const BEFORE_DELETION_DUE_TO_UPDATE = 'beforeUnbind'; public const BEFORE_LOCK = 'beforeLock'; public const BEFORE_UNLOCK = 'beforeUnlock'; public const BEFORE_PROPERTY_REQUEST = 'propFind'; private Server $server; private Security $security; public function __construct(){ // Do nothing } public function initialize(Server $server): void { $this->server = $server; $this->server->on(self::BEFORE_CREATE_FILE, [$this, 'beforeCreateFile']); $this->server->on(self::BEFORE_FILE_UPDATE, [$this, 'beforeFileUpdate']); $this->server->on(self::BEFORE_CREATION_DUE_TO_UPDATE, [$this, 'beforeCreationDueToUpdate']); $this->server->on(self::BEFORE_DELETION_DUE_TO_UPDATE, [$this, 'beforeDeletionDueToUpdate']); $this->server->on(self::BEFORE_LOCK, [$this, 'beforeLock']); $this->server->on(self::BEFORE_UNLOCK, [$this, 'beforeUnlock']); //$this->server->on(self::BEFORE_PROPERTY_REQUEST, [$this, 'beforePropertyRequest']); } public function beforeCreateFile(string $path, &$data, \Sabre\DAV\ICollection $parent, &$modified): void { throw new Forbidden(); } public function beforeFileUpdate($path, \Sabre\DAV\IFile $node, &$data, &$modified): void { throw new Forbidden(); } public function beforeCreationDueToUpdate($path): bool { throw new Forbidden(); return true; } public function beforeDeletionDueToUpdate($path): bool { throw new Forbidden(); return true; } public function beforeLock($path, \Sabre\DAV\Locks\LockInfo $lock): bool { throw new Forbidden(); return true; } public function beforeUnlock($path, \Sabre\DAV\Locks\LockInfo $lock): bool { throw new Forbidden(); return true; } public function beforePropertyRequest(\Sabre\DAV\PropFind $propfind, \Sabre\Dav\INode $node): void { throw new Forbidden(); } } // Creating the plugin $authPlugin = new Auth\Plugin($authBackend); $path = '/var/webuzo-data/webdisk'; if(!empty($_SERVER['PHP_AUTH_USER'])){ $username = $_SERVER['PHP_AUTH_USER']; $res = $pdo->query("SELECT * FROM users WHERE username = :username"); $res->execute(['username' => $username]); if(!empty($res)){ $user = $res->fetch(); $path = $user['homedir']; } $u = posix_getpwnam($user['owner']); posix_setgid($u['gid']); posix_setuid($u['uid']); } // Are we still root ? if(posix_getuid() == 0){ $u = posix_getpwnam('nobody'); posix_setgid($u['gid']); posix_setuid($u['uid']); } $rootDirectory = new DAV\FS\Directory($path); // The server object is responsible for making sense out of the WebDAV protocol $server = new DAV\Server($rootDirectory); // If your server is not on your webroot, make sure the following line has the // correct information $server->setBaseUri('/'); $locksBackend = new Sabre\DAV\Locks\Backend\PDO($pdo); // Add the plugin to the server. $locksPlugin = new Sabre\DAV\Locks\Plugin($locksBackend); $server->addPlugin($locksPlugin); $server->addPlugin($authPlugin); // This ensures that we get a pretty index in the browser, but it is // optional. //$server->addPlugin(new DAV\Browser\Plugin()); // Restrict writes if not allowed ! if(!empty($user) && !empty($user['permissions']) && !preg_match('/w/is', $user['permissions'])){ $server->addPlugin(new SabreServerPlugin()); } // All we need to do now, is to fire up the server $server->exec();