ok

Mini Shell

Direktori : /proc/self/root/proc/self/root/proc/thread-self/root/usr/local/sitepad/lib/panels/plesk/
Upload File :
Current File : //proc/self/root/proc/self/root/proc/thread-self/root/usr/local/sitepad/lib/panels/plesk/index.php

<?php

header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Content-Type: text/html; charset=UTF-8");
if((@$_GET['act'] == 'backups' || @$_GET['act'] == 'import_export') && !empty($_GET['download']) && substr_count($_GET['download'], './') == 0){
	header('Content-Disposition: attachment; filename="'.$_GET['download'].'"');
}

if(!function_exists('shell_exec')){
	die('shell_exec function is required for SitePad to work.');
}

/*echo '<pre>';
print_r($_SERVER);
print_r($GLOBALS);
echo '</pre>';*/

$array = array();
$array['SERVER'] = $_SERVER;
$array['POST'] = $_POST;
$array['GET'] = $_GET;
$array['REQUEST'] = $_REQUEST;
$array['COOKIE'] = $_COOKIE;
if(!empty($GLOBALS["session"]) && !empty($GLOBALS["session"]->_type)){
	$array['usertype'] = (int) $GLOBALS["session"]->_type;
}
if(!empty($GLOBALS["session"]) && !empty($GLOBALS["session"]->_login)){
	$array['login'] = $GLOBALS["session"]->_login;
}

// Get any DOMAIN ID or CLIENT ID
if(!empty($GLOBALS["domainId"])){
	$GLOBALS["domainId"] = (int) $GLOBALS["domainId"];
}elseif(!empty($GLOBALS["dom_id"])){
	$GLOBALS["domainId"] = (int) $GLOBALS["dom_id"];
}

if(!empty($GLOBALS["clientId"])){
	$GLOBALS["clientId"] = (int) $GLOBALS["clientId"];
}elseif(!empty($GLOBALS["cl_id"])){
	$GLOBALS["clientId"] = (int) $GLOBALS["cl_id"];
}

$psa_tmp = file_get_contents('/etc/psa/.psa.shadow');

$plesk_conn = soft_mysql_connect('localhost', 'admin', trim($psa_tmp));

// Deny Access to Additional USER if trying to act smart
if(!empty($_SESSION['auth']['smbUserId'])){
	die('Access Denied to Additional USER');
}

if(!empty($plesk_conn)){
	if(!(@soft_mysql_select_db('psa', $plesk_conn))){
		die('ERROR SELECTING DB');
	}
}else{
	die('ERROR CONNECTING TO MYSQL');
}

$plesk_ver = _plesk_version();

try{
	pm_Context::init('sitepad');
}catch(Exception $e){
	// Do nothing. We will handle it later
}

//Lets make a check if SitePad is installed via extension
try{
	$check_ext = pm_Context::getModuleInfo();
}catch(Exception $e){
	// Do nothing. We will handle it later
}


// In plesk 12 there is little structure change 
if($plesk_ver >= 12){
	
	$array['usertype'] = $_SESSION['auth']['type'];
	
	if(!empty($_SESSION['auth']['sessionClientId'])){
		$GLOBALS["clientId"] = $_SESSION['auth']['sessionClientId'];
	}
	
	if(!empty($_SESSION['auth']['clientId'])){
		$GLOBALS["clientId"] = $_SESSION['auth']['clientId'];
	}
}

// ADD the SESSION ID and the Forgery protection token
foreach($_SESSION as $k => $v){
	
	if($plesk_ver >= 12){
		$array['session_key'] = !empty($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : '';
		$array['forgery_protection_token'] = $_SESSION['panel']['forgeryProtectionToken'];
		
	}else{
		if(strpos($k, 'key_check_wrong') !== false){
			$array['session_key'] = str_replace('___key_check_wrong', '', $k);
		}
		
		if(strpos($k, 'forgery_protection_token') !== false){
			$array['session_key'] = str_replace('_forgery_protection_token', '', $k);
			$array['forgery_protection_token'] = $v;
		}
	}
}

if($array['usertype'] == 1){
	
	// Is there a Softaculous Cookie ?
	if(!empty($_COOKIE['softdomid'])){
		// No need to check for the Admins
		$cookie_domain_id = (int) $_COOKIE['softdomid'];
		
		//Check if the domain ID set in the cookie exists or not
		if($plesk_ver > 12){
			$all_domains = pm_Domain::getAllDomains();
			$domain_ids = array_keys($all_domains);
			
			if(!empty($all_domains) && in_array($cookie_domain_id, $domain_ids)){
				$GLOBALS["domainId"] = $cookie_domain_id;
			}
		}else{
			$result = soft_mysql_query("SELECT * FROM domains WHERE id = ".$cookie_domain_id, $plesk_conn);
			$tmp = soft_mysql_fetch_assoc($result);
			
			if(!empty($tmp)){
				$GLOBALS["domainId"] = $cookie_domain_id;
			}
		}
	}
	
	if(empty($GLOBALS["domainId"])){
		
		if($plesk_ver > 12){
			
			$all_domains = pm_Domain::getAllDomains();
			
			foreach($all_domains as $dom_id => $dom_values){
				$domain_htype = pm_Domain::getByDomainId($dom_id)->getProperty('htype');
				if($domain_htype == 'vrt_hst'){
					$GLOBALS["domainId"] = $dom_id;
					break;
				}
			}
			
		}else{
			$result = soft_mysql_query("SELECT * FROM domains WHERE htype = 'vrt_hst' ORDER BY id ASC", $plesk_conn);
			
			$tmp = soft_mysql_fetch_assoc($result);
			$GLOBALS["domainId"] = $tmp['id'];
		}
		
	}
	
	$array['domainId'] = $GLOBALS["domainId"];
	
	//If not empty $check_ext then SitePad is installed via extension
	if(!empty($check_ext)){
		try{
			if(method_exists('pm_Context', 'getBuyUrl')){
				$array['pricing_url'] = pm_Context::getBuyUrl();
			}
		}catch(Exception $e){
			// Do nothing. We will handle it later
		}
	}
	
	if(empty($array['pricing_url'])){
		try{
			$meta_xml = pm_Context::getPlibDir() . '/meta.xml';
		}catch(Exception $e){
			// Do nothing. We will handle it later
		}
		
		if(!empty($meta_xml) && file_exists($meta_xml)){
			$meta_xml_data = file_get_contents($meta_xml);
			$new_meta_xml_data = new SimpleXMLElement($meta_xml_data);
			$array['pricing_url'] = current($new_meta_xml_data->buy_url);
		}
	}

// If you are a USER or CLIENT
}elseif($array['usertype'] == 4 || $array['usertype'] == 8){
	
	$array["dom_Ids"] = array();
	
	// Is there a Softaculous Cookie ?
	if(!empty($_COOKIE['softdomid'])){
		$cookietmp = (int) $_COOKIE['softdomid'];
		
		if($plesk_ver > 12){
			
			if($array['usertype'] == 8){
				$cl_id = $GLOBALS["clientId"];
				//print_r($cl_id);
				$domains = pm_Domain::getDomainsByClient(pm_Client::getByClientId($cl_id));
				//print_r($domains);
				$domid = array_keys($domains);
				
				foreach($domid as $dk => $dv){
					$res = pm_Session::getClient()->hasAccessToDomain($dv);
					if(!empty($res)){
						$domain_htype = pm_Domain::getByDomainId($dv)->getProperty('htype');
						if($domain_htype == 'vrt_hst'){
							$array["dom_Ids"][] = $dv;
						}
					}
				}
			}
			
			if($array['usertype'] == 2){
				$cl_id = $GLOBALS["clientId"];
				//print_r($cl_id);
				
				// We are not using SDK functions because it returns only domains created under reseller account and not under users owned by the reseller
				$result = soft_mysql_query("SELECT id, name FROM domains WHERE vendor_id=".$cl_id."
								AND htype = 'vrt_hst'
								ORDER BY id ASC", $plesk_conn);
								
				while($tmp = soft_mysql_fetch_assoc($result)){
					$domains[$tmp['id']] = $tmp['name'];
				}
				
				//print_r($domains);
				$domid = array_keys($domains);
				
				foreach($domid as $dk => $dv){
					$res = pm_Session::getClient()->hasAccessToDomain($dv);
					if(!empty($res)){
						$domain_htype = pm_Domain::getByDomainId($dv)->getProperty('htype');
						if($domain_htype == 'vrt_hst'){
							$array["dom_Ids"][] = $dv;
						}
					}
				}
			}
			
			//pm_Domain was throwing a FATAL error if the domain didn't exist.
			try{
				$domain = new pm_Domain($cookietmp);
				if($domain->getProperty('cl_id') == $GLOBALS["clientId"] && $domain->getProperty('htype') == 'vrt_hst'){
					$GLOBALS["domainId"] = $domain->getId();
				}
			}catch(Exception $e){}
			
		}else{
			$result = soft_mysql_query("SELECT * FROM domains
						WHERE cl_id = ".$GLOBALS["clientId"]."
						AND id= '".$cookietmp."'
						AND htype = 'vrt_hst'", $plesk_conn);
								
			if(soft_mysql_num_rows($result) > 0){
				$GLOBALS["domainId"] = $cookietmp;
			}
		}
	}
	
	// You will need to choose a domain
	if(empty($GLOBALS["domainId"])){
		
		if($plesk_ver > 12){
			
			$cl_id = $GLOBALS["clientId"];
			//print_r($cl_id);
			$domains = pm_Domain::getDomainsByClient(pm_Client::getByClientId($cl_id));
			//print_r($domains);
			$domid = array_keys($domains);
			
			foreach($domid as $dk => $dv){
				$res = pm_Session::getClient()->hasAccessToDomain($dv);
				if(!empty($res)){
					$domain_htype = pm_Domain::getByDomainId($dv)->getProperty('htype');
					$domain_name = pm_Domain::getByDomainId($dv)->getProperty('name');
					if($domain_htype == 'vrt_hst'){
						$array["dom_Ids"][] = $dv;
						if(!empty($selected_domain) && $domain_name == $selected_domain){
							$selected_domid = $dv;
						}
					}
				}
			}
			
			try{
				$curr_domainId = pm_Session::getCurrentDomain()->getId();
			}catch(Exception $e){
				// Do nothing. We will handle it later
			}
			
			if(!in_array($curr_domainId, $array["dom_Ids"])){
				$curr_domainId = $array["dom_Ids"][0];
			}
			
			if(!empty($selected_domid)){
				$curr_domainId = $selected_domid;
			}
			
			$GLOBALS["domainId"] = $curr_domainId;
		}else{						
			$result = soft_mysql_query("SELECT * FROM domains
								WHERE cl_id = ".$GLOBALS["clientId"]."
								AND htype = 'vrt_hst'
								ORDER BY id ASC", $plesk_conn);
								
			while($tmp = soft_mysql_fetch_assoc($result)){
				$tmp1[$tmp['id']] = $tmp['name'];
				if(!empty($selected_domain) && $tmp['name'] == $selected_domain){
					$selected_domid = $tmp['id'];
				}
			}
			
			$curr_domainId = key($tmp1);			
			if(!empty($selected_domid)){
				$curr_domainId = $selected_domid;
			}
			
			$GLOBALS["domainId"] = $curr_domainId;
		}
		
	}
	
	$array['domainId'] = $GLOBALS["domainId"];
	$array['clientId'] = $GLOBALS["clientId"];
	
}else{

	die('SitePad is not available for the type of account you are logged in with. Please try a domain level.');
	
}

// Load the user language so that we can use it later
if($plesk_ver > 12){
	
	try{
		$array['cp_language'] = pm_Locale::getCode();
	}catch(Exception $e){
		// Do nothing. We will handle it later
	}
	
}

$sess = md5(uniqid(microtime()));
$file = "/var/sitetmp/".$sess;

// Touch the file
touch($file);
chmod($file, 0600);
	
$fp = fopen($file, "a");

if(empty($fp)){
	die('Could not write SESSION DATA.');
}

fwrite($fp, json_encode($array));
fclose($fp);
chmod($file, 0600);

//echo '/usr/local/sitepad/bin/soft '.$sess;die();
echo shell_exec('/usr/local/sitepad/bin/soft '.$sess);
@unlink($file); // load.php will also try to delete it!

// Just to ensure that there should not be any files as a security measures.
$d = date('i');
if($d % 2 == 0){
	
	if ($dh = opendir('/var/sitetmp/')) {
		
		while (($dfile = readdir($dh)) !== false) {
			if($dfile == '.' || $dfile == '..') continue;
			
			clearstatcache();
			$stime = filemtime('/var/sitetmp/'.$dfile);

			// Delete the file if its there for more than 10 seconds
			if($stime < (time() - 10)){
				@unlink('/var/sitetmp/'.$dfile);
			}
		}
		
		closedir($dh);
	}
}

function _plesk_version(){

	$plesk_version = @file_get_contents('/usr/local/psa/version');
	$version = (int) substr($plesk_version, 0, strpos($plesk_version, '.'));
	return  $version;
}

function soft_mysql_connect($host, $user, $pass, $newlink = false){

	//Error handling for php8.1
	try{
		if(extension_loaded('mysqli')){
			//echo 'mysqli';
			$sconn = @mysqli_connect($host, $user, $pass);
		}else{
			//echo 'mysql';
			$sconn = @mysql_connect($host, $user, $pass, $newlink);
		}
	}catch(Exception $e){
		return false;
	}
	
	return $sconn;
}

function soft_mysql_select_db($db, $conn){

	if(!$conn){
		return false;
	}
	
	// Error handling for php8.1
	try{
		if(extension_loaded('mysqli')){
			$return = @mysqli_select_db($conn, $db);
		}else{
			$return = @mysql_select_db($db, $conn);
		}
	}catch(Exception $e){
		return false;
	}
	
	return $return;
}

function soft_mysql_query($query, $conn){

	if(!$conn){
		return false;
	}
	
	// Error handling for php8.1
	try{
		if(extension_loaded('mysqli')){
			$return = @mysqli_query($conn, $query);
		}else{
			$return = @mysql_query($query, $conn);
		}	
	}catch(Exception $e){
		return false;
	}
	
	return $return;
}

function soft_mysql_fetch_assoc($result){
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_fetch_assoc($result);
	}else{
		$return = @mysql_fetch_assoc($result);
	}
	
	return $return;
}

function soft_mysql_num_rows($result){
	
	if(extension_loaded('mysqli')){
		$return = @mysqli_num_rows($result);
	}else{
		$return = @mysql_num_rows($result);
	}
	
	return $return;
}

function optGET($name, $default = ''){

global $error;

	//Check the GETED NAME was GETed
	if(isset($_GET[$name])){
	
		return inputsec(htmlizer(trim($_GET[$name])));
		
	}else{
		
		return $default;
	
	}

}

function inputsec($string){

	if(!get_magic_quotes_gpc()){
	
		$string = addslashes($string);
	
	}else{
	
		$string = stripslashes($string);
		$string = addslashes($string);
	
	}
	
	// This is to replace ` which can cause the command to be executed in exec()
	$string = str_replace('`', '\`', $string);
	
	return $string;

}

function htmlizer($string){

global $globals;

	$string = htmlentities($string, ENT_QUOTES, 'UTF-8');
	
	preg_match_all('/(&amp;#(\d{1,7}|x[0-9a-fA-F]{1,6});)/', $string, $matches);//r_print($matches);
	
	foreach($matches[1] as $mk => $mv){		
		$tmp_m = entity_check($matches[2][$mk]);
		$string = str_replace($matches[1][$mk], $tmp_m, $string);
	}
	
	return $string;
	
}

function entity_check($string){
	
	//Convert Hexadecimal to Decimal
	$num = ((substr($string, 0, 1) === 'x') ? hexdec(substr($string, 1)) : (int) $string);
	
	//Squares and Spaces - return nothing 
	$string = (($num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num < 0x20) ? '' : '&#'.$num.';');
	
	return $string;
			
}

Zerion Mini Shell 1.0