⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.19
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
Server Software:
Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
local
/
softaculous
/
lib
/
aefer
/
View File Name :
sinstall_wp_themes.php
<?php function r_print($array){ echo '<pre>'; print_r($array); echo '</pre>'; } function can_create_file(){ $file = dirname(__FILE__).'/soft.tmp'; $fp = @fopen($file, 'wb'); if($fp === FALSE){ return false; } if(@fwrite($fp, 'ampps') === FALSE){ return false; } @fclose($fp); // Check if the file exists if(file_exists($file)){ @unlink($file); return true; } return false; } function ampps_ftp($host, $port, $username, $pass, $cd = false, $pri = '', $passphrase = ''){ global $settings; if($settings['protocol'] == 'sftp' && !class_exists('sftp')){ include_once('_'.$settings['protocol'].'.php'); }elseif($settings['protocol'] == 'ftps' && !class_exists('ftps')){ include_once('_'.$settings['protocol'].'.php'); }elseif($settings['protocol'] == 'ftp' && !class_exists('ftp_base')){ include_once('_'.$settings['protocol'].'.php'); }elseif($settings['protocol'] == 'customio' && !class_exists('CustomIO')){ include_once('_'.$settings['protocol'].'.php'); }elseif(!class_exists($settings['protocol'])){ require_once('_'.$settings['protocol'].'.php'); } if($settings['protocol'] == 'ftp'){ $ftp = new ftp(FALSE, FALSE); if(!$ftp->SetServer($host)) { $ftp->quit(); return 0; } if (!$ftp->connect()) { return -1; } if (!$ftp->login($username, $pass)) { $ftp->quit(); return -2; } if(!empty($cd)){ if(!$ftp->chdir($cd)){ if(!$ftp->chdir(trim($cd, '/'))){ return -3; } //return -3; } } if(!$ftp->SetType(FTP_AUTOASCII)){ } if(!$ftp->Passive(TRUE)){ } } if(empty($ftp)){ if($settings['protocol'] == 'customio'){ $ftp = new CustomIO(); }else{ $ftp = new $settings['protocol'](); } if($settings['protocol'] == 'sftp' && !empty($pri)){ $ftp->auth_pass = 0; }else{ $ftp->auth_pass = 1; } $ret = $ftp->connect($host, $port, $username, $pass, $pri, $passphrase); if(!is_object($ftp)){ return -1; } if(!$ret){ return -2; } /* if($settings['protocol'] == 'sftp' && (!$ret)){ return -2; } if(($settings['protocol'] == 'ftps' || $settings['protocol'] == 'customio') && !$ftp->ftp_conn){ return -2; } */ if(!empty($cd)){ if(!$ftp->is_dir($cd)){ return -3; } } } return $ftp; } function filelist($startdir="./", $searchSubdirs=1, $directoriesonly=0, $maxlevel="all", $level=1, $reset = 1) { //list the directory/file names that you want to ignore $ignoredDirectory = array(); $ignoredDirectory[] = "."; $ignoredDirectory[] = ".."; $ignoredDirectory[] = "_vti_cnf"; global $directorylist; //initialize global array if(substr($startdir, -1) != '/'){ $startdir = $startdir.'/'; } if (is_dir($startdir)) { if ($dh = opendir($startdir)) { while (($file = readdir($dh)) !== false) { if (!(array_search($file,$ignoredDirectory) > -1)) { if (@filetype($startdir . $file) == "dir") { //build your directory array however you choose; //add other file details that you want. $directorylist[$startdir . $file]['level'] = $level; $directorylist[$startdir . $file]['dir'] = 1; $directorylist[$startdir . $file]['name'] = $file; $directorylist[$startdir . $file]['path'] = $startdir; if ($searchSubdirs) { if ((($maxlevel) == "all") or ($maxlevel > $level)) { filelist($startdir . $file . "/", $searchSubdirs, $directoriesonly, $maxlevel, ($level + 1), 0); } } } else { if (!$directoriesonly) { // echo substr(strrchr($file, "."), 1); //if you want to include files; build your file array //however you choose; add other file details that you want. $directorylist[$startdir . $file]['level'] = $level; $directorylist[$startdir . $file]['dir'] = 0; $directorylist[$startdir . $file]['name'] = $file; $directorylist[$startdir . $file]['path'] = $startdir; }}}} closedir($dh); }} if(!empty($reset)){ $r = $directorylist; $directorylist = array(); return($r); } } function soft_memory_limit($mb){ $bytes = ($mb * 1024 * 1024); $mb_str = (string) $mb.'M'; // Some servers might have ini_get disabled if(function_exists('ini_get')){ $memory_limit = @ini_get('memory_limit'); } if(empty($memory_limit)){ return; } $memory_limit_bytes = intval($memory_limit); $ind = array_search(strtolower(substr($memory_limit, -1)), array('b', 'k', 'm', 'g', 't')); if($ind > 0){ $memory_limit_bytes = intval($memory_limit) * pow(1024, $ind); } //$memory_limit_bytes > 0 is for memory limit = -1 if($memory_limit_bytes <= $bytes && $memory_limit_bytes > 0){ // Some servers might have ini_set disabled if(function_exists('ini_set')){ @ini_set('memory_limit', $mb_str); } } } function inputsec($string){ //get_magic_quotes_gpc is depricated in php 7.4 if(version_compare(PHP_VERSION, '7.4', '<')){ if(!get_magic_quotes_gpc()){ $string = addslashes($string); }else{ $string = stripslashes($string); $string = addslashes($string); } }else{ $string = addslashes($string); } // This is to replace ` which can cause the command to be executed in exec() $string = str_replace('`', '\`', $string); return $string; } function GET($name){ global $GET; if(isset($_GET[$name]) && !empty($_GET[$name])){ return inputsec(trim($_GET[$name])); } return $GET[$name]; } function soft_mysql_connect($host, $user, $pass, $newlink = false){ // php 8.1 throws mysqli_sql_exception if the db/dbuser doesn't exists try{ if(extension_loaded('mysqli')){ //echo 'mysqli'; //To handle connection if user passes a custom port along with the host as 127.0.0.1:6446. //For testing, use port 127.0.0.1 instead of localhost as 127.0.0.1:6446 http://php.net/manual/en/mysqli.construct.php#112328 $exh = explode(':', $host); if(!empty($exh[1])){ //In webuzo we connect to MYSQL through mysql.sock e.g localhost:/var/lib/mysql/mysql.sock //In case of socket $exh[1] will have the socket path and socket is the 6th parameter if(!is_numeric($exh[1])){ $sconn = @mysqli_connect($exh[0], $user, $pass, '', 3306, $exh[1]); }else{ $sconn = @mysqli_connect($exh[0], $user, $pass, '', $exh[1]); } }else{ $sconn = @mysqli_connect($host, $user, $pass); } }else{ //echo 'mysql'; $sconn = @mysql_connect($host, $user, $pass, $newlink); } }catch(Exception $e){ return false; } return $sconn; } function soft_mysql_select_db($db, $conn){ if(empty($conn)){ return false; } try{ if(extension_loaded('mysqli')){ $return = @mysqli_select_db($conn, $db); }else{ $return = @mysql_select_db($db, $conn); } }catch(Exception $e){ return false; } return $return; } function soft_mysql_query($query, $conn, $unbuffer_mode = 0){ if(empty($conn) || empty($query)){ return false; } try{ if(extension_loaded('mysqlnd') && !empty($unbuffer_mode)){ $return = @mysqli_query($conn, $query, MYSQLI_USE_RESULT); }elseif(extension_loaded('mysqli')){ $return = @mysqli_query($conn, $query); }else{ $return = @mysql_query($query, $conn); } }catch(Exception $e){ return false; } return $return; } function soft_mysql_error($conn){ if(empty($conn)){ return false; } if(extension_loaded('mysqli')){ $return = @mysqli_error($conn); // In mysqli if connection is not made then we will get connection error using the following function. if(empty($conn)){ $return = @mysqli_connect_error(); } }else{ $return = @mysql_error($conn); } return $return; } function soft_mysql_errno($conn){ if(empty($conn)){ return false; } if(extension_loaded('mysqli')){ $return = @mysqli_errno($conn); }else{ $return = @mysql_errno($conn); } return $return; } function soft_mysql_num_rows($result){ // If $result is not a resource return else it will lead to FATAL error if(empty($result)){ return false; } // $result->type == 1 when mysqlnd and unbuffered queries i.e. with use result // $result->type == 0 when not mysqlnd and buffered queries i.e. without use result if(extension_loaded('mysqlnd') && !empty($result->type)){ $return = (int) (!empty($result)); }elseif(extension_loaded('mysqli')){ $return = @mysqli_num_rows($result); }else{ $return = @mysql_num_rows($result); } return $return; } function soft_mysql_fetch_assoc($result){ // If $result is not a resource return else it will lead to FATAL error if(empty($result)){ return false; } if(extension_loaded('mysqli')){ $return = @mysqli_fetch_assoc($result); }else{ $return = @mysql_fetch_assoc($result); } return $return; } function soft_mysql_insert_id($conn){ if(empty($conn)){ return false; } try{ if(extension_loaded('mysqli')){ $return = @mysqli_insert_id($conn); }else{ $return = @mysql_insert_id($conn); } }catch(Exception $e){ return false; } return $return; } function softdie($txt){ $array = array(); $array['settings'] = $GLOBALS['settings']; $array['result'] = $txt; echo '<aefer>'.base64_encode(serialize($array)).'</aefer>';die(); } function spath($path){ global $settings; // This is for those who have defined override_spath in custom_user_func.php if(function_exists('override_spath')){ return override_spath($path); } return str_replace($settings['diff_path'], '', $path); } function fetch_wp_themes($search_key = '', $search_by = ''){ $search_key = html_entity_decode($search_key); //Fetch all WordPress Plugins/New Plugins to install $theme_apiurl = 'http://api.wordpress.org/themes/info/1.0/'; $browse = (!empty($search_key) ? '' : 'popular'); $post_data = array( 'action' => 'query_themes', 'request' => serialize( (object) array( 'search' => $search_key, 'per_page' => 10, 'page' => 1, 'browse' => $browse, 'slug' => '', 'fields' => array( 'description' => true, 'rating' => false, 'ratings' => true, 'sections' => true, 'downloaded' => true, 'download_link' => true, 'last_updated' => false, 'tags' => false, 'homepage' => true, 'template' => true, 'parent' => true, 'versions' => false, 'screenshot_url' => true, 'active_installs' => true, ) ))); $api_data = curl_call($theme_apiurl, 0, 5, $post_data); $api_data = unserialize($api_data); //echo '<br />Curl URL: '.$theme_apiurl; echo '<br />Curl Unserialized response: ';r_print($api_data); if(!empty($api_data->error)){ $error[] = $api_data->error; return false; } if(empty($api_data->themes)){ $error[] = 'There were some errors fetching Themes List!'; return false; } $all_themes = $api_data->themes; foreach($all_themes as $th_key => $th_val){ //Search is performed using the Plugin/Theme Name by default. In some cases(installation), however, we require the match using slug value. if(!empty($search_key)){ if(!empty($search_by) && html_entity_decode($th_val->$search_by) !== $search_key){ unset($all_themes[$th_key]); continue; } } $post_data = array( 'action' => 'theme_information', 'request' => serialize( (object) array( 'slug' => $th_val->slug ))); $api_data1 = curl_call($theme_apiurl, 0, 5, $post_data); $api_data1 = unserialize($api_data1); $all_themes[$th_key]->download_link = $api_data1->download_link; } return array_values($all_themes); } function curl_call($url, $header = 1, $time = 1, $post = array(), $cookie = '', $nodns = 0){ // Set the curl parameters. $ch = curl_init(); $HTTPHEADER = array(); // Do not load the content from cached URL // Some hosts have cache enabled and we do not want the content to be loaded from cache $HTTPHEADER[] = 'Cache-Control: no-cache'; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, $HTTPHEADER); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $time); // Turn off the server and peer verification (TrustManager Concept). curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); $no_follow_location = 0; if(function_exists('ini_get')){ $open_basedir = ini_get('open_basedir'); // Followlocation does not work if open_basedir is enabled if(!empty($open_basedir)){ $no_follow_location = 1; } } if(empty($no_follow_location)){ // Follow redirects curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); } if(!empty($post)){ curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post)); } // Is there a Cookie if(!empty($cookie)){ curl_setopt($ch, CURLOPT_COOKIESESSION, true); curl_setopt($ch, CURLOPT_COOKIE, $cookie); } curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0'); if($header){ curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_NOBODY, true); } curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Get response from the server. $resp = curl_exec($ch); //echo curl_error($ch); curl_close($ch); return $resp; } function get_web_file($url, $writefilename = ''){ global $globals, $ftp, $settings, $can_write; if(function_exists('curl_exec')){ // Set the curl parameters. $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); // Turn off the server and peer verification (TrustManager Concept). curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); // Follow redirects curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); // UserAgent and Cookies curl_setopt($ch, CURLOPT_USERAGENT, 'Softaculous'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 120); // Max time to connect if(!empty($globals['curl_call_timeout'])){ curl_setopt($ch, CURLOPT_TIMEOUT, $globals['curl_call_timeout']); } // Get response from the server. $file = curl_exec($ch); $meta = curl_getinfo($ch); curl_close($ch); }else{ return false; } //Did we get something if(empty($file)){ return false; } //Are we to store the file if(empty($writefilename)){ return $file; //Store the file }else{ $fp = @fopen($writefilename, "wb"); //This opens the file //If its opened then proceed if($fp){ if(@fwrite($fp, $file) === FALSE){ return false; //Wrote the file }else{ @fclose($fp); return true; } } } return false; } function swrite($file, $data){ global $ftp; $file = spath($file); return $ftp->softput($file, $data); } function unzip($file, $destination, $overwrite = 0, $include = array(), $exclude = array()){ global $globals, $unzip_inc, $unzip_exc; //Are we to include specific only files if(!empty($include)){ foreach($include as $ik => $iv){ //Are there empty expressions if(empty($iv)){ unset($include[$ik]); continue; } $include[$ik] = preg_quote($iv, '/'); $include[$ik] = str_replace('\*', '[^\\\\\/]*', $include[$ik]); //Replace everything except (\,/), some special characters were not replaced that is why we changed pattern. } } //Are we to exclude any files if(!empty($exclude)){ foreach($exclude as $ek => $ev){ //Are there empty expressions if(empty($ev)){ unset($exclude[$ek]); continue; } $exclude[$ek] = preg_quote($ev, '/'); $exclude[$ek] = str_replace('\*', '[^\\\\\/]*', $exclude[$ek]); //Replace everything except (\,/), some special characters were not replaced that is why we changed pattern. } } $unzip_inc = $include; $unzip_exc = $exclude; if(!class_exists('PclZip')){ include_once('_pclzip.php'); } $archive = new PclZip($file); $result = $archive->extract(PCLZIP_OPT_PATH, $destination, PCLZIP_CB_PRE_EXTRACT, 'inc_exc', PCLZIP_OPT_REPLACE_NEWER); if($result == 0){ return false; } return true; } function inc_exc($p_event, &$v){ global $globals, $unzip_inc, $unzip_exc; $include = $unzip_inc; $exclude = $unzip_exc; /*//If folders continue if($v['folder'] == true){ return 1; }*/ if(!empty($include)){ foreach($include as $ik => $iv){ if(!preg_match('/^'.$iv.'$/is', $v['stored_filename'])){ return 0; } } } //Exclude certain files if(!empty($exclude)){ foreach($exclude as $ek => $ev){ if(preg_match('/^'.$ev.'$/is', $v['stored_filename'])){ return 0; } } } //Else true return 1; } // Time calculation function microtime_float(){ list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec); } function sunlink($path){ global $ftp, $can_write; if(!$can_write){ $path = spath($path); return $ftp->delete($path); }else{ return @unlink($path); } } function cleanpath($path){ // This was made for Locaweb since they have network paths starting with \\ if(function_exists('override_cleanpath')){ return override_cleanpath($path); } $path = str_replace('\\\\', '/', $path); $path = str_replace('\\', '/', $path); return rtrim($path, '/'); } function _unserialize($str){ $var = @unserialize($str); if(empty($var)){ preg_match_all('!s:(\d+):"(.*?)";!s', $str, $matches); foreach($matches[2] as $mk => $mv){ $tmp_str = 's:'.strlen($mv).':"'.$mv.'";'; $str = str_replace($matches[0][$mk], $tmp_str, $str); } $var = @unserialize($str); } //If it is still empty false if($var === false){ return false; }else{ return $var; } } //[[[functions]]] //500 seconds should be more than enough set_time_limit(500); // Set a Minimum Memory limit of 32 MB soft_memory_limit(32); // Which OS are you ? $globals['os'] = (strtoupper(substr(PHP_OS, 0, 3) == 'WIN') ? 'windows' : 'linux'); // First Delete yourself ! @unlink(__FILE__); // More has to be done here ! // The settings $settings = unserialize(base64_decode('[[[settings]]]')); // Action $action = unserialize(base64_decode('[[[action]]]')); //Themes $themes = unserialize(base64_decode('[[[themes]]]')); $can_write = can_create_file(); // Check if we can write // Can we Create files ? if(!$can_write){ $ftp = ampps_ftp('127.0.0.1', $settings['port'], $settings['ftp_user'], $settings['ftp_pass'], $settings['ftp_softpath'], base64_decode($settings['_public_key']), base64_decode($settings['_private_key']), $settings['passphrase']); if($ftp <= 0){ // Try again with domain - Windows $ftp = ampps_ftp($settings['softdomain'], $settings['port'], $settings['ftp_user'], $settings['ftp_pass'], $settings['ftp_softpath'], base64_decode($settings['_public_key']), base64_decode($settings['_private_key']), $settings['passphrase']); if($ftp <= 0){ softdie('f'.$ftp);// - Error unzipping } } } foreach($themes as $thk => $thv){ if(empty($thv)){ continue; } if(($action == 'install' && !file_exists($settings['softpath'].'/wp-content/themes/'.$thk)) || ($action == 'update' && file_exists($settings['softpath'].'/wp-content/themes/'.$thk))){ // Is it a custom theme ? if(!empty($thv['file']) && substr_count($thv['file'], '/') < 1){ // It should already be there $theme_package = $settings['softpath'].'/wp-content/uploads/'.$thv['file']; }else{ $thdata = fetch_wp_themes($thk, 'slug'); $theme_package = $settings['softpath'].'/wp-content/uploads/'.basename($thdata[0]->download_link); if(!$can_write){ $data = get_web_file($thdata[0]->download_link); if(!empty($data)){ swrite($theme_package, $data); } }else{ get_web_file($thdata[0]->download_link, $theme_package); } } if(file_exists($theme_package)){ unzip($theme_package, $settings['softpath'].'/wp-content/themes/'); $unzipped = 1; } @sunlink($theme_package); } } // If it is only one theme activate it if($action == 'install' && !empty($unzipped) && !empty($themes) && count($themes) == 1){ // Update DB $query = "UPDATE ".$settings['dbprefix']."options SET option_value = '".key($themes)."' WHERE option_name = 'template' OR option_name = 'stylesheet';"; //Make the Connection $__conn = @soft_mysql_connect($settings['softdbhost'], $settings['softdbuser'], $settings['softdbpass'], true); //CHECK Errors and SELECT DATABASE if(!empty($__conn)){ if(!(@soft_mysql_select_db($settings['softdb'], $__conn))){ $error[] = 'Error Selecting the database!'; softdie('seldb'); } }else{ $error[] = 'Error connecting the database!'; softdie('conn'); } $result = soft_mysql_query($query, $__conn); } softdie('DONE');