ok
Mini Shell
<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Content-Type: text/html; charset=UTF-8");
if((@$_GET['act'] == 'backups' || @$_GET['act'] == 'import_export') && !empty($_GET['download']) && substr_count($_GET['download'], './') == 0){
header('Content-Disposition: attachment; filename="'.$_GET['download'].'"');
}
if(!function_exists('shell_exec')){
die('shell_exec function is required for SitePad to work.');
}
/*echo '<pre>';
print_r($_SERVER);
print_r($GLOBALS);
echo '</pre>';*/
$array = array();
$array['SERVER'] = $_SERVER;
$array['POST'] = $_POST;
$array['GET'] = $_GET;
$array['REQUEST'] = $_REQUEST;
$array['COOKIE'] = $_COOKIE;
if(!empty($GLOBALS["session"]) && !empty($GLOBALS["session"]->_type)){
$array['usertype'] = (int) $GLOBALS["session"]->_type;
}
if(!empty($GLOBALS["session"]) && !empty($GLOBALS["session"]->_login)){
$array['login'] = $GLOBALS["session"]->_login;
}
// Get any DOMAIN ID or CLIENT ID
if(!empty($GLOBALS["domainId"])){
$GLOBALS["domainId"] = (int) $GLOBALS["domainId"];
}elseif(!empty($GLOBALS["dom_id"])){
$GLOBALS["domainId"] = (int) $GLOBALS["dom_id"];
}
if(!empty($GLOBALS["clientId"])){
$GLOBALS["clientId"] = (int) $GLOBALS["clientId"];
}elseif(!empty($GLOBALS["cl_id"])){
$GLOBALS["clientId"] = (int) $GLOBALS["cl_id"];
}
$psa_tmp = file_get_contents('/etc/psa/.psa.shadow');
$plesk_conn = soft_mysql_connect('localhost', 'admin', trim($psa_tmp));
// Deny Access to Additional USER if trying to act smart
if(!empty($_SESSION['auth']['smbUserId'])){
die('Access Denied to Additional USER');
}
if(!empty($plesk_conn)){
if(!(@soft_mysql_select_db('psa', $plesk_conn))){
die('ERROR SELECTING DB');
}
}else{
die('ERROR CONNECTING TO MYSQL');
}
$plesk_ver = _plesk_version();
try{
pm_Context::init('sitepad');
}catch(Exception $e){
// Do nothing. We will handle it later
}
//Lets make a check if SitePad is installed via extension
try{
$check_ext = pm_Context::getModuleInfo();
}catch(Exception $e){
// Do nothing. We will handle it later
}
// In plesk 12 there is little structure change
if($plesk_ver >= 12){
$array['usertype'] = $_SESSION['auth']['type'];
if(!empty($_SESSION['auth']['sessionClientId'])){
$GLOBALS["clientId"] = $_SESSION['auth']['sessionClientId'];
}
if(!empty($_SESSION['auth']['clientId'])){
$GLOBALS["clientId"] = $_SESSION['auth']['clientId'];
}
}
// ADD the SESSION ID and the Forgery protection token
foreach($_SESSION as $k => $v){
if($plesk_ver >= 12){
$array['session_key'] = !empty($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : '';
$array['forgery_protection_token'] = $_SESSION['panel']['forgeryProtectionToken'];
}else{
if(strpos($k, 'key_check_wrong') !== false){
$array['session_key'] = str_replace('___key_check_wrong', '', $k);
}
if(strpos($k, 'forgery_protection_token') !== false){
$array['session_key'] = str_replace('_forgery_protection_token', '', $k);
$array['forgery_protection_token'] = $v;
}
}
}
if($array['usertype'] == 1){
// Is there a Softaculous Cookie ?
if(!empty($_COOKIE['softdomid'])){
// No need to check for the Admins
$cookie_domain_id = (int) $_COOKIE['softdomid'];
//Check if the domain ID set in the cookie exists or not
if($plesk_ver > 12){
$all_domains = pm_Domain::getAllDomains();
$domain_ids = array_keys($all_domains);
if(!empty($all_domains) && in_array($cookie_domain_id, $domain_ids)){
$GLOBALS["domainId"] = $cookie_domain_id;
}
}else{
$result = soft_mysql_query("SELECT * FROM domains WHERE id = ".$cookie_domain_id, $plesk_conn);
$tmp = soft_mysql_fetch_assoc($result);
if(!empty($tmp)){
$GLOBALS["domainId"] = $cookie_domain_id;
}
}
}
if(empty($GLOBALS["domainId"])){
if($plesk_ver > 12){
$all_domains = pm_Domain::getAllDomains();
foreach($all_domains as $dom_id => $dom_values){
$domain_htype = pm_Domain::getByDomainId($dom_id)->getProperty('htype');
if($domain_htype == 'vrt_hst'){
$GLOBALS["domainId"] = $dom_id;
break;
}
}
}else{
$result = soft_mysql_query("SELECT * FROM domains WHERE htype = 'vrt_hst' ORDER BY id ASC", $plesk_conn);
$tmp = soft_mysql_fetch_assoc($result);
$GLOBALS["domainId"] = $tmp['id'];
}
}
$array['domainId'] = $GLOBALS["domainId"];
//If not empty $check_ext then SitePad is installed via extension
if(!empty($check_ext)){
try{
if(method_exists('pm_Context', 'getBuyUrl')){
$array['pricing_url'] = pm_Context::getBuyUrl();
}
}catch(Exception $e){
// Do nothing. We will handle it later
}
}
if(empty($array['pricing_url'])){
try{
$meta_xml = pm_Context::getPlibDir() . '/meta.xml';
}catch(Exception $e){
// Do nothing. We will handle it later
}
if(!empty($meta_xml) && file_exists($meta_xml)){
$meta_xml_data = file_get_contents($meta_xml);
$new_meta_xml_data = new SimpleXMLElement($meta_xml_data);
$array['pricing_url'] = current($new_meta_xml_data->buy_url);
}
}
// If you are a USER or CLIENT
}elseif($array['usertype'] == 4 || $array['usertype'] == 8){
$array["dom_Ids"] = array();
// Is there a Softaculous Cookie ?
if(!empty($_COOKIE['softdomid'])){
$cookietmp = (int) $_COOKIE['softdomid'];
if($plesk_ver > 12){
if($array['usertype'] == 8){
$cl_id = $GLOBALS["clientId"];
//print_r($cl_id);
$domains = pm_Domain::getDomainsByClient(pm_Client::getByClientId($cl_id));
//print_r($domains);
$domid = array_keys($domains);
foreach($domid as $dk => $dv){
$res = pm_Session::getClient()->hasAccessToDomain($dv);
if(!empty($res)){
$domain_htype = pm_Domain::getByDomainId($dv)->getProperty('htype');
if($domain_htype == 'vrt_hst'){
$array["dom_Ids"][] = $dv;
}
}
}
}
if($array['usertype'] == 2){
$cl_id = $GLOBALS["clientId"];
//print_r($cl_id);
// We are not using SDK functions because it returns only domains created under reseller account and not under users owned by the reseller
$result = soft_mysql_query("SELECT id, name FROM domains WHERE vendor_id=".$cl_id."
AND htype = 'vrt_hst'
ORDER BY id ASC", $plesk_conn);
while($tmp = soft_mysql_fetch_assoc($result)){
$domains[$tmp['id']] = $tmp['name'];
}
//print_r($domains);
$domid = array_keys($domains);
foreach($domid as $dk => $dv){
$res = pm_Session::getClient()->hasAccessToDomain($dv);
if(!empty($res)){
$domain_htype = pm_Domain::getByDomainId($dv)->getProperty('htype');
if($domain_htype == 'vrt_hst'){
$array["dom_Ids"][] = $dv;
}
}
}
}
//pm_Domain was throwing a FATAL error if the domain didn't exist.
try{
$domain = new pm_Domain($cookietmp);
if($domain->getProperty('cl_id') == $GLOBALS["clientId"] && $domain->getProperty('htype') == 'vrt_hst'){
$GLOBALS["domainId"] = $domain->getId();
}
}catch(Exception $e){}
}else{
$result = soft_mysql_query("SELECT * FROM domains
WHERE cl_id = ".$GLOBALS["clientId"]."
AND id= '".$cookietmp."'
AND htype = 'vrt_hst'", $plesk_conn);
if(soft_mysql_num_rows($result) > 0){
$GLOBALS["domainId"] = $cookietmp;
}
}
}
// You will need to choose a domain
if(empty($GLOBALS["domainId"])){
if($plesk_ver > 12){
$cl_id = $GLOBALS["clientId"];
//print_r($cl_id);
$domains = pm_Domain::getDomainsByClient(pm_Client::getByClientId($cl_id));
//print_r($domains);
$domid = array_keys($domains);
foreach($domid as $dk => $dv){
$res = pm_Session::getClient()->hasAccessToDomain($dv);
if(!empty($res)){
$domain_htype = pm_Domain::getByDomainId($dv)->getProperty('htype');
$domain_name = pm_Domain::getByDomainId($dv)->getProperty('name');
if($domain_htype == 'vrt_hst'){
$array["dom_Ids"][] = $dv;
if(!empty($selected_domain) && $domain_name == $selected_domain){
$selected_domid = $dv;
}
}
}
}
try{
$curr_domainId = pm_Session::getCurrentDomain()->getId();
}catch(Exception $e){
// Do nothing. We will handle it later
}
if(!in_array($curr_domainId, $array["dom_Ids"])){
$curr_domainId = $array["dom_Ids"][0];
}
if(!empty($selected_domid)){
$curr_domainId = $selected_domid;
}
$GLOBALS["domainId"] = $curr_domainId;
}else{
$result = soft_mysql_query("SELECT * FROM domains
WHERE cl_id = ".$GLOBALS["clientId"]."
AND htype = 'vrt_hst'
ORDER BY id ASC", $plesk_conn);
while($tmp = soft_mysql_fetch_assoc($result)){
$tmp1[$tmp['id']] = $tmp['name'];
if(!empty($selected_domain) && $tmp['name'] == $selected_domain){
$selected_domid = $tmp['id'];
}
}
$curr_domainId = key($tmp1);
if(!empty($selected_domid)){
$curr_domainId = $selected_domid;
}
$GLOBALS["domainId"] = $curr_domainId;
}
}
$array['domainId'] = $GLOBALS["domainId"];
$array['clientId'] = $GLOBALS["clientId"];
}else{
die('SitePad is not available for the type of account you are logged in with. Please try a domain level.');
}
// Load the user language so that we can use it later
if($plesk_ver > 12){
try{
$array['cp_language'] = pm_Locale::getCode();
}catch(Exception $e){
// Do nothing. We will handle it later
}
}
$sess = md5(uniqid(microtime()));
$file = "/var/sitetmp/".$sess;
// Touch the file
touch($file);
chmod($file, 0600);
$fp = fopen($file, "a");
if(empty($fp)){
die('Could not write SESSION DATA.');
}
fwrite($fp, json_encode($array));
fclose($fp);
chmod($file, 0600);
//echo '/usr/local/sitepad/bin/soft '.$sess;die();
echo shell_exec('/usr/local/sitepad/bin/soft '.$sess);
@unlink($file); // load.php will also try to delete it!
// Just to ensure that there should not be any files as a security measures.
$d = date('i');
if($d % 2 == 0){
if ($dh = opendir('/var/sitetmp/')) {
while (($dfile = readdir($dh)) !== false) {
if($dfile == '.' || $dfile == '..') continue;
clearstatcache();
$stime = filemtime('/var/sitetmp/'.$dfile);
// Delete the file if its there for more than 10 seconds
if($stime < (time() - 10)){
@unlink('/var/sitetmp/'.$dfile);
}
}
closedir($dh);
}
}
function _plesk_version(){
$plesk_version = @file_get_contents('/usr/local/psa/version');
$version = (int) substr($plesk_version, 0, strpos($plesk_version, '.'));
return $version;
}
function soft_mysql_connect($host, $user, $pass, $newlink = false){
//Error handling for php8.1
try{
if(extension_loaded('mysqli')){
//echo 'mysqli';
$sconn = @mysqli_connect($host, $user, $pass);
}else{
//echo 'mysql';
$sconn = @mysql_connect($host, $user, $pass, $newlink);
}
}catch(Exception $e){
return false;
}
return $sconn;
}
function soft_mysql_select_db($db, $conn){
if(!$conn){
return false;
}
// Error handling for php8.1
try{
if(extension_loaded('mysqli')){
$return = @mysqli_select_db($conn, $db);
}else{
$return = @mysql_select_db($db, $conn);
}
}catch(Exception $e){
return false;
}
return $return;
}
function soft_mysql_query($query, $conn){
if(!$conn){
return false;
}
// Error handling for php8.1
try{
if(extension_loaded('mysqli')){
$return = @mysqli_query($conn, $query);
}else{
$return = @mysql_query($query, $conn);
}
}catch(Exception $e){
return false;
}
return $return;
}
function soft_mysql_fetch_assoc($result){
if(extension_loaded('mysqli')){
$return = @mysqli_fetch_assoc($result);
}else{
$return = @mysql_fetch_assoc($result);
}
return $return;
}
function soft_mysql_num_rows($result){
if(extension_loaded('mysqli')){
$return = @mysqli_num_rows($result);
}else{
$return = @mysql_num_rows($result);
}
return $return;
}
function optGET($name, $default = ''){
global $error;
//Check the GETED NAME was GETed
if(isset($_GET[$name])){
return inputsec(htmlizer(trim($_GET[$name])));
}else{
return $default;
}
}
function inputsec($string){
if(!get_magic_quotes_gpc()){
$string = addslashes($string);
}else{
$string = stripslashes($string);
$string = addslashes($string);
}
// This is to replace ` which can cause the command to be executed in exec()
$string = str_replace('`', '\`', $string);
return $string;
}
function htmlizer($string){
global $globals;
$string = htmlentities($string, ENT_QUOTES, 'UTF-8');
preg_match_all('/(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)/', $string, $matches);//r_print($matches);
foreach($matches[1] as $mk => $mv){
$tmp_m = entity_check($matches[2][$mk]);
$string = str_replace($matches[1][$mk], $tmp_m, $string);
}
return $string;
}
function entity_check($string){
//Convert Hexadecimal to Decimal
$num = ((substr($string, 0, 1) === 'x') ? hexdec(substr($string, 1)) : (int) $string);
//Squares and Spaces - return nothing
$string = (($num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num < 0x20) ? '' : '&#'.$num.';');
return $string;
}
Zerion Mini Shell 1.0