[ CRT: off ]
Visitors: 000003471 | Server: 2026-07-13 23:19:21 UTC | UTC: 2026-07-13 23:19:21 UTC
Best Viewed in Firefox | Powered by PHP 7.4.33 | Connection: HTTPS (secure) | No Cookies · No Tracking
*** Welcome to the last honest website on the internet *** +++ This site stores NOTHING about you -- everything is computed in YOUR browser +++ NEW! Live browser fingerprinting module added +++ NEW! Interactive terminal -- type help to begin +++ Best viewed in Firefox at 1024x768 or higher +++ Remember: if the product is free, usually YOU are the product -- but not here +++ Greetz to everyone still running an old CRT monitor <3

disk Source Code

The entire project, readable in your browser. No hidden JavaScript, no sneaky beacons. If we claimed we don't track you, this is where you check.

disk source.php  (5.7 KB, 140 lines)
   1  <?php
   2  /**
   3   * source.php  --  Source code viewer.
   4   * Lists every file in the project and lets you read it in the browser, so the
   5   * "we store nothing" claim is fully auditable. Uses a strict whitelist so only
   6   * the project's own source is ever served (no path traversal, no secrets).
   7   */
   8  require_once __DIR__ . '/includes/config.php';
   9  require_once __DIR__ . '/includes/functions.php';
  10  
  11  $PAGE_TITLE = 'Source';
  12  $PAGE_ID    = 'source.php';
  13  
  14  // -----------------------------------------------------------------------------
  15  // Whitelist of viewable files (relative to project root). Only these can be
  16  // opened. The data/ files are intentionally excluded (they hold guestbook text
  17  // and the counter, i.e. visitor-supplied content, not source).
  18  // -----------------------------------------------------------------------------
  19  $VIEWABLE = array(
  20      'index.php', 'scan.php', 'browser.php', 'fingerprint.php', 'privacy.php',
  21      'about.php', 'source.php', 'guestbook.php', 'rss.php', 'sitemap.php', 'robots.txt',
  22      'api/scan.php',
  23      'includes/config.php', 'includes/functions.php', 'includes/header.php',
  24      'includes/nav.php', 'includes/footer.php',
  25      'assets/css/style.css',
  26      'assets/js/detect.js', 'assets/js/fingerprint.js', 'assets/js/scan.js',
  27      'assets/js/terminal.js', 'assets/js/export.js',
  28  );
  29  
  30  // Group for display.
  31  $GROUPS = array(
  32      'Pages'      => array('index.php','scan.php','browser.php','fingerprint.php','privacy.php','about.php','source.php','guestbook.php'),
  33      'Feeds'      => array('rss.php','sitemap.php','robots.txt'),
  34      'Backend'    => array('api/scan.php'),
  35      'Includes'   => array('includes/config.php','includes/functions.php','includes/header.php','includes/nav.php','includes/footer.php'),
  36      'Stylesheet' => array('assets/css/style.css'),
  37      'JavaScript' => array('assets/js/detect.js','assets/js/fingerprint.js','assets/js/scan.js','assets/js/terminal.js','assets/js/export.js'),
  38  );
  39  
  40  $requested = isset($_GET['f']) ? (string)$_GET['f'] : '';
  41  $requested = str_replace('\\', '/', $requested);
  42  $valid     = in_array($requested, $VIEWABLE, true);
  43  
  44  // Resolve + double-check the path stays inside the project (defense in depth).
  45  $content = null; $error = null; $size = 0; $lineCount = 0;
  46  if ($requested !== '') {
  47      if (!$valid) {
  48          $error = 'That file is not in the viewable whitelist.';
  49      } else {
  50          $full = realpath(BASE_PATH . DIRECTORY_SEPARATOR . $requested);
  51          $root = realpath(BASE_PATH);
  52          if ($full === false || strpos($full, $root) !== 0 || !is_readable($full)) {
  53              $error = 'File could not be read.';
  54          } else {
  55              $content = file_get_contents($full);
  56              $size = strlen($content);
  57              $lineCount = substr_count($content, "\n") + 1;
  58          }
  59      }
  60  }
  61  
  62  include __DIR__ . '/includes/header.php';
  63  ?>
  64  
  65    <h1><?php echo section_icon('disk', '#00FF00', 22); ?> Source Code</h1>
  66  
  67    <p>
  68      The entire project, readable in your browser. No hidden JavaScript, no sneaky
  69      beacons. If we claimed we don't track you, this is where you check.
  70    </p>
  71  
  72    <table class="cols layout"><tr>
  73      <td class="col-side" style="width:280px">
  74        <div class="sidebox">
  75          <div class="sidebox-title"><?php echo section_icon('folder', '#FFFF00'); ?> File Tree</div>
  76  <?php foreach ($GROUPS as $group => $files): ?>
  77          <div class="green" style="margin-top:6px"><?php echo e($group); ?>/</div>
  78          <ul class="retro" style="margin-left:12px;font-size:15px">
  79  <?php foreach ($files as $f):
  80          $isCur = ($f === $requested); ?>
  81            <li><a href="<?php echo eattr(url('source.php') . '?f=' . rawurlencode($f)); ?>"<?php echo $isCur ? ' class="current"' : ''; ?>><?php echo e(basename($f)); ?></a></li>
  82  <?php endforeach; ?>
  83          </ul>
  84  <?php endforeach; ?>
  85          <hr>
  86          <div class="dim" style="font-size:14px">
  87            data/counter.txt and data/guestbook.txt hold visitor-supplied content
  88            (a number and signed messages), so they are not shown here.
  89          </div>
  90        </div>
  91      </td>
  92  
  93      <td>
  94  <?php if ($requested === ''): ?>
  95        <div class="note">
  96          &larr; Pick a file from the tree to read it. Start with
  97          <a href="<?php echo eattr(url('source.php') . '?f=' . rawurlencode('api/scan.php')); ?>">api/scan.php</a>
  98          (the only backend) or
  99          <a href="<?php echo eattr(url('source.php') . '?f=' . rawurlencode('assets/js/fingerprint.js')); ?>">fingerprint.js</a>
 100          (the scary one).
 101        </div>
 102        <pre class="green">
 103     +-------------------------------------------+
 104     |  Nothing selected.                        |
 105     |  Choose a file from the list on the left. |
 106     +-------------------------------------------+</pre>
 107  <?php elseif ($error !== null): ?>
 108        <div class="badbx"><?php echo e($error); ?></div>
 109  <?php else: ?>
 110        <div class="panel">
 111          <div class="panel-title">
 112            <?php echo section_icon('disk'); ?>
 113            <?php echo e($requested); ?>
 114            &nbsp;<span class="dim" style="font-size:15px">(<?php echo e(human_bytes($size)); ?>, <?php echo e(number_format($lineCount)); ?> lines)</span>
 115          </div>
 116          <div class="panel-body">
 117            <div class="screen">
 118  <?php
 119      // Render with line numbers, HTML-escaped. Kept simple and dependency-free.
 120      $lines = explode("\n", $content);
 121      echo '<pre style="font-size:14px;line-height:1.35">';
 122      $num = 1;
 123      foreach ($lines as $ln) {
 124          printf('<span class="dim">%4d</span>  %s' . "\n", $num, e($ln));
 125          $num++;
 126      }
 127      echo '</pre>';
 128  ?>
 129            </div>
 130          </div>
 131        </div>
 132        <p class="center dim">
 133          You are reading the real file being executed on the server. What you see is what runs.
 134        </p>
 135  <?php endif; ?>
 136      </td>
 137    </tr></table>
 138  
 139  <?php include __DIR__ . '/includes/footer.php'; ?>
 140  

You are reading the real file being executed on the server. What you see is what runs.