= 1048576) return round($bytes / 1048576, 2) . ' MB'; if ($bytes >= 1024) return round($bytes / 1024, 2) . ' KB'; return $bytes . ' B'; } function safe_filename($name) { $name = str_replace(['../', '..\\', '/', '\\'], '', $name); return trim($name); } if (isset($_GET['delete']) && !empty($_GET['delete'])) { $p = realpath($_GET['delete']); if ($p && strpos($p, $root) === 0) { $ok = is_file($p) ? @unlink($p) : @rmdir($p); $msg = $ok ? "删除成功" : "删除失败(权限不足或目录非空)"; $msg_type = $ok ? "success" : "error"; } else { $msg = "非法路径"; $msg_type = "error"; } header("Location: ?dir=" . urlencode($dir) . "&msg=" . urlencode($msg) . "&type=" . $msg_type); exit; } if (isset($_POST['single_chmod']) && !empty($_POST['file']) && !empty($_POST['chmod_val'])) { $p = realpath($_POST['file']); $val = $_POST['chmod_val']; if ($p && strpos($p, $root) === 0 && preg_match('/^0?\d{3}$/', $val)) { $ok = @chmod($p, octdec($val)); $msg = $ok ? "权限修改成功" : "权限修改失败"; $msg_type = $ok ? "success" : "error"; } else { $msg = "参数错误"; $msg_type = "error"; } } if (isset($_POST['bulk_delete']) && !empty($_POST['items'])) { $success = $fail = 0; foreach ($_POST['items'] as $item) { $p = realpath($item); if ($p && strpos($p, $root) === 0) { $ok = is_file($p) ? @unlink($p) : @rmdir($p); $ok ? $success++ : $fail++; } } $msg = "批量删除:成功 $success 项,失败 $fail 项"; $msg_type = $fail == 0 ? "success" : "error"; } if (isset($_POST['bulk_chmod']) && !empty($_POST['items']) && !empty($_POST['chmod'])) { $mode = $_POST['chmod']; if (!preg_match('/^0?\d{3}$/', $mode)) { $msg = "权限格式错误(例:0755)"; $msg_type = "error"; } else { $success = $fail = 0; $m = octdec($mode); foreach ($_POST['items'] as $item) { $p = realpath($item); if ($p && strpos($p, $root) === 0) { $ok = @chmod($p, $m); $ok ? $success++ : $fail++; } } $msg = "批量权限:成功 $success 项,失败 $fail 项"; $msg_type = $fail == 0 ? "success" : "error"; } } if (isset($_POST['mkdir']) && !empty($_POST['name'])) { $name = safe_filename($_POST['name']); $np = rtrim($dir, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $name; if (file_exists($np)) { $msg = "文件夹已存在"; $msg_type = "error"; } else { $ok = @mkdir($np, 0755, true); $msg = $ok ? "创建成功" : "创建失败"; $msg_type = $ok ? "success" : "error"; } } if (isset($_POST['mkfile']) && !empty($_POST['name'])) { $name = safe_filename($_POST['name']); $np = rtrim($dir, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $name; if (file_exists($np)) { $msg = "文件已存在"; $msg_type = "error"; } else { $ok = file_put_contents($np, " $orig_name) { if ($_FILES['files']['error'][$i] !== UPLOAD_ERR_OK) { $failed++; continue; } $tmp = $_FILES['files']['tmp_name'][$i]; $name = safe_filename($orig_name); $dest = rtrim($dir, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $name; if (file_exists($dest)) { $exists++; continue; } if (move_uploaded_file($tmp, $dest)) { $uploaded++; } else { $failed++; } } $msg = "上传结果:成功 $uploaded 个,已存在 $exists 个,失败 $failed 个"; $msg_type = ($failed == 0) ? "success" : "error"; } if (isset($_GET['download'])) { $f = realpath($_GET['download']); if ($f && strpos($f, $root) === 0 && is_file($f)) { header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($f) . '"'); header('Content-Length: ' . filesize($f)); readfile($f); exit; } } $edit_content = ''; $edit_file = ''; if (!$save_success && isset($_GET['edit'])) { $edit_file = realpath($_GET['edit']); if ($edit_file && strpos($edit_file, $root) === 0 && is_file($edit_file)) { $edit_content = file_get_contents($edit_file); } } $breadcrumb = []; $path_parts = explode(DIRECTORY_SEPARATOR, $dir); $current = ''; foreach ($path_parts as $part) { if ($part === '') continue; $current .= ($current ? DIRECTORY_SEPARATOR : '') . $part; $breadcrumb[] = [ 'name' => $part, 'path' => $current ]; } $files = array_diff(scandir($dir), ['.', '..']); $dirs = []; $file_list = []; foreach ($files as $f) { $p = $dir . DIRECTORY_SEPARATOR . $f; is_dir($p) ? $dirs[] = $f : $file_list[] = $f; } sort($dirs); sort($file_list); $sorted_files = array_merge($dirs, $file_list); if (isset($_GET['msg'])) { $msg = $_GET['msg']; $msg_type = $_GET['type'] ?? 'success'; } ?> 文件管理器

编辑:

位置: $item): ?> 0) echo '/'; ?>
名称 权限 大小 修改时间 操作
↑ 返回上级 ----
编辑 下载 删除